From bba25e2ff6c4a193acb54560ea4417537bd2954e Mon Sep 17 00:00:00 2001 From: Yves-Alexis Perez Date: Tue, 30 May 2017 20:59:31 +0200 Subject: New upstream version 5.5.3 --- src/Makefile.in | 2 + src/_copyright/Makefile.in | 2 + src/_updown/Makefile.in | 2 + src/aikgen/Makefile.in | 2 + src/charon-cmd/Makefile.in | 2 + src/charon-nm/Makefile.in | 2 + src/charon-nm/charon-nm.c | 2 +- src/charon-nm/nm/nm_creds.c | 72 +-- src/charon-nm/nm/nm_handler.c | 48 +- src/charon-nm/nm/nm_service.c | 66 ++- src/charon-svc/Makefile.in | 2 + src/charon-systemd/Makefile.in | 2 + src/charon-tkm/Makefile.in | 2 + src/charon-tkm/src/tkm/tkm_kernel_sad.c | 97 ++-- src/charon/Makefile.in | 2 + src/checksum/Makefile.in | 2 + src/conftest/Makefile.in | 2 + src/conftest/config.c | 21 +- src/dumm/Makefile.in | 2 + src/dumm/cowfs.c | 13 +- src/dumm/dumm.c | 9 +- src/include/Makefile.in | 2 + src/include/linux/xfrm.h | 11 +- src/ipsec/Makefile.in | 2 + src/ipsec/_ipsec.8 | 2 +- src/libcharon/Makefile.am | 9 + src/libcharon/Makefile.in | 22 +- src/libcharon/attributes/attribute_manager.c | 25 +- src/libcharon/attributes/mem_pool.c | 12 +- src/libcharon/bus/bus.c | 43 +- src/libcharon/config/backend_manager.c | 30 +- src/libcharon/config/child_cfg.c | 100 +--- src/libcharon/config/child_cfg.h | 82 ++- src/libcharon/config/ike_cfg.c | 2 +- src/libcharon/config/ike_cfg.h | 8 +- src/libcharon/config/peer_cfg.c | 22 +- src/libcharon/config/proposal.c | 40 +- src/libcharon/daemon.c | 24 +- src/libcharon/encoding/message.c | 2 +- src/libcharon/encoding/payloads/certreq_payload.c | 9 +- src/libcharon/encoding/payloads/delete_payload.c | 9 +- src/libcharon/encoding/payloads/eap_payload.c | 9 +- src/libcharon/kernel/kernel_interface.c | 9 +- src/libcharon/kernel/kernel_ipsec.h | 2 + src/libcharon/network/receiver.c | 6 +- src/libcharon/plugins/addrblock/Makefile.in | 2 + .../plugins/addrblock/addrblock_validator.c | 4 +- src/libcharon/plugins/android_dns/Makefile.in | 2 + .../plugins/android_dns/android_dns_handler.c | 12 +- src/libcharon/plugins/android_log/Makefile.am | 1 + src/libcharon/plugins/android_log/Makefile.in | 5 +- src/libcharon/plugins/attr/Makefile.in | 2 + src/libcharon/plugins/attr/attr_provider.c | 26 +- src/libcharon/plugins/attr_sql/Makefile.in | 2 + src/libcharon/plugins/attr_sql/attr_sql_provider.c | 20 +- src/libcharon/plugins/bypass_lan/Makefile.in | 2 + .../plugins/bypass_lan/bypass_lan_listener.c | 7 +- src/libcharon/plugins/certexpire/Makefile.in | 2 + src/libcharon/plugins/connmark/Makefile.in | 2 + src/libcharon/plugins/coupling/Makefile.in | 2 + src/libcharon/plugins/dhcp/Makefile.in | 2 + src/libcharon/plugins/dhcp/dhcp_provider.c | 3 +- src/libcharon/plugins/dhcp/dhcp_socket.c | 3 +- src/libcharon/plugins/dhcp/dhcp_transaction.c | 26 +- src/libcharon/plugins/dnscert/Makefile.in | 2 + src/libcharon/plugins/dnscert/dnscert_cred.c | 8 +- src/libcharon/plugins/duplicheck/Makefile.in | 2 + src/libcharon/plugins/eap_aka/Makefile.in | 2 + src/libcharon/plugins/eap_aka_3gpp2/Makefile.in | 2 + src/libcharon/plugins/eap_dynamic/Makefile.in | 2 + src/libcharon/plugins/eap_dynamic/eap_dynamic.c | 12 +- src/libcharon/plugins/eap_gtc/Makefile.in | 2 + src/libcharon/plugins/eap_identity/Makefile.in | 2 + src/libcharon/plugins/eap_md5/Makefile.in | 2 + src/libcharon/plugins/eap_mschapv2/Makefile.in | 2 + src/libcharon/plugins/eap_peap/Makefile.in | 2 + src/libcharon/plugins/eap_radius/Makefile.in | 2 + .../plugins/eap_radius/eap_radius_provider.c | 11 +- src/libcharon/plugins/eap_sim/Makefile.in | 2 + src/libcharon/plugins/eap_sim_file/Makefile.in | 2 + .../plugins/eap_sim_file/eap_sim_file_triplets.c | 34 +- src/libcharon/plugins/eap_sim_pcsc/Makefile.in | 2 + .../plugins/eap_simaka_pseudonym/Makefile.in | 2 + .../plugins/eap_simaka_reauth/Makefile.in | 2 + src/libcharon/plugins/eap_simaka_sql/Makefile.in | 2 + .../plugins/eap_simaka_sql/eap_simaka_sql_card.c | 11 +- src/libcharon/plugins/eap_tls/Makefile.in | 2 + src/libcharon/plugins/eap_tnc/Makefile.in | 2 + src/libcharon/plugins/eap_ttls/Makefile.in | 2 + src/libcharon/plugins/error_notify/Makefile.in | 2 + src/libcharon/plugins/ext_auth/Makefile.in | 2 + src/libcharon/plugins/farp/Makefile.in | 2 + src/libcharon/plugins/forecast/Makefile.in | 2 + src/libcharon/plugins/forecast/forecast_listener.c | 30 +- src/libcharon/plugins/ha/Makefile.in | 2 + src/libcharon/plugins/ha/ha_dispatcher.c | 16 +- src/libcharon/plugins/ha/ha_message.c | 11 +- src/libcharon/plugins/ha/ha_tunnel.c | 9 +- src/libcharon/plugins/ipseckey/Makefile.in | 2 + src/libcharon/plugins/ipseckey/ipseckey_cred.c | 8 +- src/libcharon/plugins/kernel_iph/Makefile.in | 2 + src/libcharon/plugins/kernel_iph/kernel_iph_net.c | 8 +- src/libcharon/plugins/kernel_libipsec/Makefile.in | 2 + .../kernel_libipsec/kernel_libipsec_ipsec.c | 35 +- src/libcharon/plugins/kernel_netlink/Makefile.in | 2 + .../plugins/kernel_netlink/kernel_netlink_ipsec.c | 136 +++-- .../plugins/kernel_netlink/kernel_netlink_net.c | 169 +++--- .../plugins/kernel_netlink/kernel_netlink_plugin.c | 23 + .../plugins/kernel_netlink/kernel_netlink_shared.c | 3 +- src/libcharon/plugins/kernel_pfkey/Makefile.in | 2 + .../plugins/kernel_pfkey/kernel_pfkey_ipsec.c | 119 ++-- src/libcharon/plugins/kernel_pfroute/Makefile.in | 2 + .../plugins/kernel_pfroute/kernel_pfroute_net.c | 123 ++-- src/libcharon/plugins/kernel_wfp/Makefile.in | 2 + src/libcharon/plugins/led/Makefile.in | 2 + src/libcharon/plugins/load_tester/Makefile.in | 2 + .../plugins/load_tester/load_tester_creds.c | 34 +- src/libcharon/plugins/lookip/Makefile.in | 2 + src/libcharon/plugins/medcli/Makefile.in | 2 + src/libcharon/plugins/medcli/medcli_config.c | 8 +- src/libcharon/plugins/medcli/medcli_creds.c | 16 +- src/libcharon/plugins/medcli/medcli_creds.h | 2 +- src/libcharon/plugins/medcli/medcli_listener.h | 2 +- src/libcharon/plugins/medsrv/Makefile.in | 2 + src/libcharon/plugins/medsrv/medsrv_creds.c | 9 +- src/libcharon/plugins/medsrv/medsrv_creds.h | 2 +- src/libcharon/plugins/osx_attr/Makefile.in | 2 + src/libcharon/plugins/osx_attr/osx_attr_handler.c | 12 +- src/libcharon/plugins/p_cscf/Makefile.in | 2 + src/libcharon/plugins/p_cscf/p_cscf_handler.c | 23 +- src/libcharon/plugins/radattr/Makefile.in | 2 + src/libcharon/plugins/resolve/Makefile.in | 2 + src/libcharon/plugins/resolve/resolve_handler.c | 12 +- src/libcharon/plugins/smp/Makefile.in | 2 + src/libcharon/plugins/socket_default/Makefile.in | 2 + .../plugins/socket_default/socket_default_socket.c | 55 +- src/libcharon/plugins/socket_dynamic/Makefile.in | 2 + src/libcharon/plugins/socket_win/Makefile.in | 2 + src/libcharon/plugins/sql/Makefile.in | 2 + src/libcharon/plugins/sql/sql_config.c | 79 +-- src/libcharon/plugins/sql/sql_cred.c | 35 +- src/libcharon/plugins/stroke/Makefile.in | 2 + src/libcharon/plugins/stroke/stroke_attribute.c | 76 +-- src/libcharon/plugins/stroke/stroke_ca.c | 49 +- src/libcharon/plugins/stroke/stroke_config.c | 30 +- src/libcharon/plugins/stroke/stroke_handler.c | 56 +- src/libcharon/plugins/stroke/stroke_list.c | 5 +- src/libcharon/plugins/stroke/stroke_socket.c | 1 + src/libcharon/plugins/systime_fix/Makefile.in | 2 + src/libcharon/plugins/tnc_ifmap/Makefile.in | 2 + .../plugins/tnc_ifmap/tnc_ifmap_soap_msg.c | 9 +- src/libcharon/plugins/tnc_pdp/Makefile.in | 2 + src/libcharon/plugins/uci/Makefile.in | 2 + src/libcharon/plugins/uci/uci_config.c | 16 +- src/libcharon/plugins/uci/uci_creds.c | 10 +- src/libcharon/plugins/uci/uci_parser.c | 17 +- src/libcharon/plugins/unity/Makefile.in | 2 + src/libcharon/plugins/unity/unity_handler.c | 39 +- src/libcharon/plugins/unity/unity_provider.c | 10 +- src/libcharon/plugins/updown/Makefile.in | 2 + src/libcharon/plugins/updown/updown_listener.c | 2 +- src/libcharon/plugins/vici/Makefile.in | 2 + src/libcharon/plugins/vici/README.md | 3 +- src/libcharon/plugins/vici/perl/Makefile.in | 2 + src/libcharon/plugins/vici/python/Makefile.in | 2 + src/libcharon/plugins/vici/python/vici/protocol.py | 2 +- src/libcharon/plugins/vici/ruby/Makefile.in | 4 +- src/libcharon/plugins/vici/suites/test_message.c | 12 +- src/libcharon/plugins/vici/vici_attribute.c | 26 +- src/libcharon/plugins/vici/vici_config.c | 113 +++- src/libcharon/plugins/vici/vici_cred.c | 14 +- src/libcharon/plugins/vici/vici_message.c | 10 +- src/libcharon/plugins/vici/vici_query.c | 2 +- src/libcharon/plugins/whitelist/Makefile.in | 2 + .../plugins/whitelist/whitelist_listener.c | 21 +- src/libcharon/plugins/xauth_eap/Makefile.in | 2 + src/libcharon/plugins/xauth_generic/Makefile.in | 2 + src/libcharon/plugins/xauth_noauth/Makefile.in | 2 + src/libcharon/plugins/xauth_pam/Makefile.in | 2 + .../processing/jobs/delete_child_sa_job.c | 69 ++- .../processing/jobs/delete_child_sa_job.h | 13 +- src/libcharon/sa/child_sa.c | 560 +++++++++++++++---- src/libcharon/sa/child_sa.h | 120 +++- src/libcharon/sa/eap/eap_manager.c | 53 +- src/libcharon/sa/ike_sa.c | 57 +- src/libcharon/sa/ike_sa_manager.c | 121 ++-- src/libcharon/sa/ikev1/task_manager_v1.c | 31 +- src/libcharon/sa/ikev1/tasks/quick_mode.c | 37 +- src/libcharon/sa/ikev2/connect_manager.c | 164 +++--- src/libcharon/sa/ikev2/task_manager_v2.c | 47 +- src/libcharon/sa/ikev2/tasks/child_create.c | 96 ++-- src/libcharon/sa/ikev2/tasks/child_delete.c | 229 ++++++-- src/libcharon/sa/ikev2/tasks/child_rekey.c | 16 +- src/libcharon/sa/shunt_manager.c | 22 +- src/libcharon/sa/task_manager.c | 32 +- src/libcharon/sa/task_manager.h | 16 + src/libcharon/sa/trap_manager.c | 72 +-- src/libcharon/tests/Makefile.in | 2 + src/libcharon/tests/suites/test_child_rekey.c | 617 ++++++++++++++++----- src/libcharon/tests/utils/exchange_test_asserts.c | 57 +- src/libcharon/tests/utils/exchange_test_asserts.h | 61 +- src/libcharon/tests/utils/mock_ipsec.c | 179 +++++- src/libcharon/tests/utils/mock_ipsec.h | 11 +- src/libcharon/tests/utils/sa_asserts.h | 32 +- src/libfast/Makefile.in | 2 + src/libimcv/Makefile.in | 2 + src/libimcv/ietf/ietf_attr_installed_packages.c | 26 +- src/libimcv/ietf/ietf_attr_op_status.c | 4 +- src/libimcv/ietf/ietf_attr_port_filter.c | 29 +- src/libimcv/imc/imc_os_info.c | 38 +- src/libimcv/imv/imv_agent.c | 32 +- src/libimcv/ita/ita_attr_settings.c | 25 +- src/libimcv/plugins/imc_attestation/Makefile.in | 2 + src/libimcv/plugins/imc_hcd/Makefile.in | 2 + src/libimcv/plugins/imc_os/Makefile.in | 2 + src/libimcv/plugins/imc_scanner/Makefile.in | 2 + src/libimcv/plugins/imc_scanner/imc_scanner.c | 2 +- src/libimcv/plugins/imc_swid/Makefile.in | 2 + src/libimcv/plugins/imc_test/Makefile.in | 2 + src/libimcv/plugins/imc_test/imc_test_state.h | 4 +- src/libimcv/plugins/imv_attestation/Makefile.in | 2 + .../imv_attestation/imv_attestation_state.c | 32 +- src/libimcv/plugins/imv_hcd/Makefile.in | 2 + src/libimcv/plugins/imv_os/Makefile.in | 2 + src/libimcv/plugins/imv_scanner/Makefile.in | 2 + src/libimcv/plugins/imv_swid/Makefile.in | 2 + src/libimcv/plugins/imv_swid/imv_swid_rest.c | 36 +- src/libimcv/plugins/imv_test/Makefile.in | 2 + src/libimcv/plugins/imv_test/imv_test_agent.c | 2 + src/libimcv/pts/pts_file_meas.c | 25 +- src/libimcv/pts/pts_pcr.c | 16 +- .../tcg/pts/tcg_pts_attr_req_func_comp_evid.c | 28 +- .../tcg/pts/tcg_pts_attr_simple_comp_evid.c | 4 +- src/libipsec/Makefile.in | 2 + src/libipsec/ipsec_sa_mgr.c | 91 +-- src/libipsec/tests/Makefile.in | 2 + src/libpttls/Makefile.in | 2 + src/libpttls/sasl/sasl_mechanism.c | 8 +- src/libradius/Makefile.in | 2 + src/libradius/radius_message.c | 20 +- src/libsimaka/Makefile.in | 2 + src/libsimaka/simaka_message.c | 25 +- src/libstrongswan/Makefile.am | 10 + src/libstrongswan/Makefile.in | 450 +++++++-------- src/libstrongswan/asn1/asn1.c | 16 +- src/libstrongswan/asn1/asn1_parser.c | 70 ++- src/libstrongswan/asn1/asn1_parser.h | 27 +- src/libstrongswan/collections/array.c | 9 +- src/libstrongswan/collections/enumerator.c | 368 ++++++------ src/libstrongswan/collections/enumerator.h | 70 ++- src/libstrongswan/collections/hashtable.c | 10 +- src/libstrongswan/collections/linked_list.c | 70 ++- src/libstrongswan/collections/linked_list.h | 56 +- src/libstrongswan/credentials/auth_cfg.c | 21 +- src/libstrongswan/credentials/credential_factory.c | 26 +- src/libstrongswan/credentials/credential_manager.c | 54 +- src/libstrongswan/credentials/keys/public_key.c | 9 +- .../credentials/sets/auth_cfg_wrapper.c | 36 +- src/libstrongswan/credentials/sets/callback_cred.c | 10 +- src/libstrongswan/credentials/sets/cert_cache.c | 38 +- src/libstrongswan/credentials/sets/mem_cred.c | 230 ++++---- src/libstrongswan/credentials/sets/mem_cred.h | 2 +- .../credentials/sets/ocsp_response_wrapper.c | 35 +- src/libstrongswan/crypto/crypto_factory.c | 228 +++++--- .../crypto/hashers/hash_algorithm_set.c | 17 +- src/libstrongswan/library.c | 13 + src/libstrongswan/math/libnttfft/Makefile.in | 2 + src/libstrongswan/math/libnttfft/tests/Makefile.in | 2 + src/libstrongswan/networking/tun_device.c | 32 +- src/libstrongswan/plugins/acert/Makefile.in | 2 + src/libstrongswan/plugins/aes/Makefile.in | 2 + src/libstrongswan/plugins/aesni/Makefile.in | 2 + src/libstrongswan/plugins/af_alg/Makefile.in | 2 + src/libstrongswan/plugins/af_alg/af_alg_ops.c | 4 +- src/libstrongswan/plugins/agent/Makefile.in | 2 + src/libstrongswan/plugins/bliss/Makefile.in | 2 + src/libstrongswan/plugins/bliss/tests/Makefile.in | 2 + src/libstrongswan/plugins/blowfish/Makefile.in | 2 + src/libstrongswan/plugins/ccm/Makefile.in | 2 + src/libstrongswan/plugins/chapoly/Makefile.in | 2 + src/libstrongswan/plugins/cmac/Makefile.in | 2 + src/libstrongswan/plugins/constraints/Makefile.in | 2 + src/libstrongswan/plugins/ctr/Makefile.in | 2 + src/libstrongswan/plugins/curl/Makefile.in | 2 + src/libstrongswan/plugins/curve25519/Makefile.in | 2 + src/libstrongswan/plugins/des/Makefile.in | 2 + src/libstrongswan/plugins/dnskey/Makefile.in | 2 + src/libstrongswan/plugins/files/Makefile.in | 2 + src/libstrongswan/plugins/fips_prf/Makefile.in | 2 + src/libstrongswan/plugins/gcm/Makefile.in | 2 + src/libstrongswan/plugins/gcrypt/Makefile.in | 2 + src/libstrongswan/plugins/gmp/Makefile.in | 2 + src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c | 7 +- src/libstrongswan/plugins/hmac/Makefile.in | 2 + src/libstrongswan/plugins/keychain/Makefile.in | 2 + src/libstrongswan/plugins/ldap/Makefile.in | 2 + src/libstrongswan/plugins/md4/Makefile.in | 2 + src/libstrongswan/plugins/md5/Makefile.in | 2 + src/libstrongswan/plugins/mgf1/Makefile.in | 2 + src/libstrongswan/plugins/mysql/Makefile.in | 2 + src/libstrongswan/plugins/mysql/mysql_database.c | 21 +- src/libstrongswan/plugins/newhope/Makefile.in | 2 + .../plugins/newhope/tests/Makefile.in | 2 + src/libstrongswan/plugins/nonce/Makefile.in | 2 + src/libstrongswan/plugins/ntru/Makefile.in | 2 + src/libstrongswan/plugins/openssl/Makefile.in | 2 + src/libstrongswan/plugins/openssl/openssl_crl.c | 11 +- src/libstrongswan/plugins/openssl/openssl_pkcs7.c | 18 +- src/libstrongswan/plugins/padlock/Makefile.in | 2 + src/libstrongswan/plugins/pem/Makefile.in | 2 + src/libstrongswan/plugins/pem/pem_builder.c | 6 +- src/libstrongswan/plugins/pgp/Makefile.in | 2 + src/libstrongswan/plugins/pkcs1/Makefile.in | 2 + src/libstrongswan/plugins/pkcs11/Makefile.in | 2 + src/libstrongswan/plugins/pkcs11/pkcs11_creds.c | 38 +- src/libstrongswan/plugins/pkcs11/pkcs11_library.c | 22 +- src/libstrongswan/plugins/pkcs11/pkcs11_manager.c | 10 +- src/libstrongswan/plugins/pkcs12/Makefile.in | 2 + src/libstrongswan/plugins/pkcs7/Makefile.in | 2 + .../plugins/pkcs7/pkcs7_signed_data.c | 9 +- src/libstrongswan/plugins/pkcs8/Makefile.in | 2 + src/libstrongswan/plugins/plugin_constructors.py | 60 ++ src/libstrongswan/plugins/plugin_loader.c | 203 +++++-- src/libstrongswan/plugins/plugin_loader.h | 10 + src/libstrongswan/plugins/pubkey/Makefile.in | 2 + src/libstrongswan/plugins/random/Makefile.in | 2 + src/libstrongswan/plugins/rc2/Makefile.in | 2 + src/libstrongswan/plugins/rdrand/Makefile.in | 2 + src/libstrongswan/plugins/revocation/Makefile.in | 2 + src/libstrongswan/plugins/sha1/Makefile.in | 2 + src/libstrongswan/plugins/sha2/Makefile.in | 2 + src/libstrongswan/plugins/sha3/Makefile.in | 2 + src/libstrongswan/plugins/soup/Makefile.in | 2 + src/libstrongswan/plugins/sqlite/Makefile.in | 2 + src/libstrongswan/plugins/sqlite/sqlite_database.c | 33 +- src/libstrongswan/plugins/sshkey/Makefile.in | 2 + src/libstrongswan/plugins/test_vectors/Makefile.in | 2 + src/libstrongswan/plugins/unbound/Makefile.in | 2 + src/libstrongswan/plugins/winhttp/Makefile.in | 2 + src/libstrongswan/plugins/x509/Makefile.in | 2 + src/libstrongswan/plugins/x509/x509_ac.c | 44 +- src/libstrongswan/plugins/x509/x509_cert.c | 309 +++++++---- src/libstrongswan/plugins/x509/x509_crl.c | 54 +- .../plugins/x509/x509_ocsp_response.c | 54 +- src/libstrongswan/plugins/x509/x509_pkcs10.c | 16 +- src/libstrongswan/plugins/xcbc/Makefile.in | 2 + src/libstrongswan/processing/processor.c | 13 +- src/libstrongswan/settings/settings.c | 67 ++- src/libstrongswan/tests/Makefile.in | 2 + src/libstrongswan/tests/suites/test_asn1_parser.c | 106 +++- src/libstrongswan/tests/suites/test_enumerator.c | 50 +- src/libstrongswan/tests/suites/test_linked_list.c | 111 +++- src/libstrongswan/tests/test_suite.h | 2 +- src/libstrongswan/utils/backtrace.c | 9 +- src/libstrongswan/utils/chunk.c | 2 +- src/libstrongswan/utils/identification.c | 20 +- src/libstrongswan/utils/leak_detective.c | 3 + src/libstrongswan/utils/utils.h | 48 +- src/libtls/Makefile.in | 2 + src/libtls/tests/Makefile.in | 2 + src/libtls/tls_crypto.c | 38 +- src/libtnccs/Makefile.am | 9 + src/libtnccs/Makefile.in | 22 +- src/libtnccs/plugins/tnc_imc/Makefile.in | 2 + src/libtnccs/plugins/tnc_imv/Makefile.in | 2 + .../plugins/tnc_imv/tnc_imv_recommendations.c | 34 +- src/libtnccs/plugins/tnc_tnccs/Makefile.in | 2 + src/libtnccs/plugins/tnccs_11/Makefile.in | 2 + src/libtnccs/plugins/tnccs_11/tnccs_11_plugin.c | 5 +- src/libtnccs/plugins/tnccs_20/Makefile.in | 2 + src/libtnccs/plugins/tnccs_dynamic/Makefile.in | 2 + src/libtnccs/tnc/tnc.c | 7 + src/libtncif/Makefile.in | 2 + src/libtpmtss/Makefile.am | 9 + src/libtpmtss/Makefile.in | 22 +- src/libtpmtss/plugins/tpm/Makefile.in | 2 + src/libtpmtss/tpm_tss.c | 7 + src/manager/Makefile.in | 2 + src/manager/xml.c | 10 +- src/medsrv/Makefile.in | 2 + src/pki/Makefile.in | 2 + src/pki/commands/issue.c | 1 + src/pki/commands/signcrl.c | 28 +- src/pki/man/Makefile.in | 2 + src/pool/Makefile.in | 2 + src/pt-tls-client/Makefile.in | 2 + src/scepclient/Makefile.in | 2 + src/starter/Makefile.in | 2 + src/starter/args.c | 2 + src/starter/confread.h | 3 + src/starter/keywords.c | 33 +- src/starter/keywords.h | 1 + src/starter/keywords.txt | 1 + src/starter/parser/conf_parser.c | 55 +- src/starter/starterstroke.c | 1 + src/starter/tests/Makefile.in | 2 + src/stroke/Makefile.in | 2 + src/stroke/stroke_msg.h | 1 + src/swanctl/Makefile.in | 2 + src/swanctl/commands/load_creds.c | 19 +- src/swanctl/swanctl.conf | 9 +- src/swanctl/swanctl.conf.5.main | 38 +- src/swanctl/swanctl.opt | 31 +- 403 files changed, 6592 insertions(+), 3089 deletions(-) create mode 100644 src/libstrongswan/plugins/plugin_constructors.py (limited to 'src') diff --git a/src/Makefile.in b/src/Makefile.in index b10237091..17c4a9ad7 100644 --- a/src/Makefile.in +++ b/src/Makefile.in @@ -371,6 +371,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -393,6 +394,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ diff --git a/src/_copyright/Makefile.in b/src/_copyright/Makefile.in index aa94c55c7..0bea80a10 100644 --- a/src/_copyright/Makefile.in +++ b/src/_copyright/Makefile.in @@ -324,6 +324,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -346,6 +347,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ diff --git a/src/_updown/Makefile.in b/src/_updown/Makefile.in index 46b81cbc1..ba891c139 100644 --- a/src/_updown/Makefile.in +++ b/src/_updown/Makefile.in @@ -302,6 +302,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -324,6 +325,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ diff --git a/src/aikgen/Makefile.in b/src/aikgen/Makefile.in index 6b190419f..7096dd6e4 100644 --- a/src/aikgen/Makefile.in +++ b/src/aikgen/Makefile.in @@ -325,6 +325,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -347,6 +348,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ diff --git a/src/charon-cmd/Makefile.in b/src/charon-cmd/Makefile.in index 3a5f028a8..e4d057fc5 100644 --- a/src/charon-cmd/Makefile.in +++ b/src/charon-cmd/Makefile.in @@ -362,6 +362,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -384,6 +385,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ diff --git a/src/charon-nm/Makefile.in b/src/charon-nm/Makefile.in index 90cdb8cc3..3efcb8f34 100644 --- a/src/charon-nm/Makefile.in +++ b/src/charon-nm/Makefile.in @@ -361,6 +361,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -383,6 +384,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ diff --git a/src/charon-nm/charon-nm.c b/src/charon-nm/charon-nm.c index ca12db866..89aa34d98 100644 --- a/src/charon-nm/charon-nm.c +++ b/src/charon-nm/charon-nm.c @@ -196,7 +196,7 @@ int main(int argc, char *argv[]) /* use random ports to avoid conflicts with regular charon */ lib->settings->set_int(lib->settings, "charon-nm.port", 0); - lib->settings->set_int(lib->settings, "charon-nm.port_natt_t", 0); + lib->settings->set_int(lib->settings, "charon-nm.port_nat_t", 0); DBG1(DBG_DMN, "Starting charon NetworkManager backend (strongSwan "VERSION")"); if (lib->integrity) diff --git a/src/charon-nm/nm/nm_creds.c b/src/charon-nm/nm/nm_creds.c index f8fae9504..e70fd9e89 100644 --- a/src/charon-nm/nm/nm_creds.c +++ b/src/charon-nm/nm/nm_creds.c @@ -120,48 +120,49 @@ typedef struct { identification_t *id; } cert_data_t; -/** - * Destroy CA certificate enumerator data - */ -static void cert_data_destroy(cert_data_t *data) +CALLBACK(cert_data_destroy, void, + cert_data_t *data) { data->this->lock->unlock(data->this->lock); free(data); } -/** - * Filter function for certificates enumerator - */ -static bool cert_filter(cert_data_t *data, certificate_t **in, - certificate_t **out) +CALLBACK(cert_filter, bool, + cert_data_t *data, enumerator_t *orig, va_list args) { - certificate_t *cert = *in; + certificate_t *cert, **out; public_key_t *public; - public = cert->get_public_key(cert); - if (!public) - { - return FALSE; - } - if (data->key != KEY_ANY && public->get_type(public) != data->key) - { - public->destroy(public); - return FALSE; - } - if (data->id && data->id->get_type(data->id) == ID_KEY_ID && - public->has_fingerprint(public, data->id->get_encoding(data->id))) + VA_ARGS_VGET(args, out); + + while (orig->enumerate(orig, &cert)) { + public = cert->get_public_key(cert); + if (!public) + { + continue; + } + if (data->key != KEY_ANY && public->get_type(public) != data->key) + { + public->destroy(public); + continue; + } + if (data->id && data->id->get_type(data->id) == ID_KEY_ID && + public->has_fingerprint(public, data->id->get_encoding(data->id))) + { + public->destroy(public); + *out = cert; + return TRUE; + } public->destroy(public); + if (data->id && !cert->has_subject(cert, data->id)) + { + continue; + } *out = cert; return TRUE; } - public->destroy(public); - if (data->id && !cert->has_subject(cert, data->id)) - { - return FALSE; - } - *out = cert; - return TRUE; + return FALSE; } /** @@ -181,7 +182,7 @@ static enumerator_t *create_trusted_cert_enumerator(private_nm_creds_t *this, this->lock->read_lock(this->lock); return enumerator_create_filter( this->certs->create_enumerator(this->certs), - (void*)cert_filter, data, (void*)cert_data_destroy); + cert_filter, data, cert_data_destroy); } METHOD(credential_set_t, create_cert_enumerator, enumerator_t*, @@ -235,9 +236,13 @@ typedef struct { } shared_enumerator_t; METHOD(enumerator_t, shared_enumerate, bool, - shared_enumerator_t *this, shared_key_t **key, id_match_t *me, - id_match_t *other) + shared_enumerator_t *this, va_list args) { + shared_key_t **key; + id_match_t *me, *other; + + VA_ARGS_VGET(args, key, me, other); + if (this->done) { return FALSE; @@ -307,7 +312,8 @@ METHOD(credential_set_t, create_shared_enumerator, enumerator_t*, INIT(enumerator, .public = { - .enumerate = (void*)_shared_enumerate, + .enumerate = enumerator_enumerate_default, + .venumerate = _shared_enumerate, .destroy = _shared_destroy, }, .this = this, diff --git a/src/charon-nm/nm/nm_handler.c b/src/charon-nm/nm/nm_handler.c index bdc0667cf..3eb2eb13c 100644 --- a/src/charon-nm/nm/nm_handler.c +++ b/src/charon-nm/nm/nm_handler.c @@ -65,29 +65,33 @@ METHOD(attribute_handler_t, handle, bool, return TRUE; } -/** - * Implementation of create_attribute_enumerator().enumerate() for WINS - */ -static bool enumerate_nbns(enumerator_t *this, - configuration_attribute_type_t *type, chunk_t *data) +METHOD(enumerator_t, enumerate_nbns, bool, + enumerator_t *this, va_list args) { + configuration_attribute_type_t *type; + chunk_t *data; + + VA_ARGS_VGET(args, type, data); *type = INTERNAL_IP4_NBNS; *data = chunk_empty; - /* done */ - this->enumerate = (void*)return_false; + this->venumerate = (void*)return_false; return TRUE; } /** * Implementation of create_attribute_enumerator().enumerate() for DNS */ -static bool enumerate_dns(enumerator_t *this, - configuration_attribute_type_t *type, chunk_t *data) +METHOD(enumerator_t, enumerate_dns, bool, + enumerator_t *this, va_list args) { + configuration_attribute_type_t *type; + chunk_t *data; + + VA_ARGS_VGET(args, type, data); *type = INTERNAL_IP4_DNS; *data = chunk_empty; /* enumerate WINS server as next attribute ... */ - this->enumerate = (void*)enumerate_nbns; + this->venumerate = _enumerate_nbns; return TRUE; } @@ -100,7 +104,8 @@ METHOD(attribute_handler_t, create_attribute_enumerator, enumerator_t*, INIT(enumerator, /* enumerate DNS attribute first ... */ - .enumerate = (void*)enumerate_dns, + .enumerate = enumerator_enumerate_default, + .venumerate = _enumerate_dns, .destroy = (void*)free, ); return enumerator; @@ -108,13 +113,20 @@ METHOD(attribute_handler_t, create_attribute_enumerator, enumerator_t*, return enumerator_create_empty(); } -/** - * convert plain byte ptrs to handy chunk during enumeration - */ -static bool filter_chunks(void* null, char **in, chunk_t *out) +CALLBACK(filter_chunks, bool, + void *null, enumerator_t *orig, va_list args) { - *out = chunk_create(*in, 4); - return TRUE; + chunk_t *out; + char *ptr; + + VA_ARGS_VGET(args, out); + + if (orig->enumerate(orig, &ptr)) + { + *out = chunk_create(ptr, 4); + return TRUE; + } + return FALSE; } METHOD(nm_handler_t, create_enumerator, enumerator_t*, @@ -134,7 +146,7 @@ METHOD(nm_handler_t, create_enumerator, enumerator_t*, return enumerator_create_empty(); } return enumerator_create_filter(list->create_enumerator(list), - (void*)filter_chunks, NULL, NULL); + filter_chunks, NULL, NULL); } METHOD(nm_handler_t, reset, void, diff --git a/src/charon-nm/nm/nm_service.c b/src/charon-nm/nm/nm_service.c index 571c0edba..3e8392a57 100644 --- a/src/charon-nm/nm/nm_service.c +++ b/src/charon-nm/nm/nm_service.c @@ -283,9 +283,11 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection, NMStrongswanPluginPrivate *priv; NMSettingConnection *conn; NMSettingVPN *vpn; + enumerator_t *enumerator; identification_t *user = NULL, *gateway = NULL; const char *address, *str; - bool virtual, encap; + bool virtual, encap, proposal; + proposal_t *prop; ike_cfg_t *ike_cfg; peer_cfg_t *peer_cfg; child_cfg_t *child_cfg; @@ -344,7 +346,7 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection, str = nm_setting_vpn_get_data_item(vpn, "encap"); encap = streq(str, "yes"); str = nm_setting_vpn_get_data_item(vpn, "ipcomp"); - child.ipcomp = streq(str, "yes"); + child.options |= streq(str, "yes") ? OPT_IPCOMP : 0; str = nm_setting_vpn_get_data_item(vpn, "method"); if (streq(str, "psk")) { @@ -540,8 +542,36 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection, charon->socket->get_port(charon->socket, FALSE), (char*)address, IKEV2_UDP_PORT, FRAGMENTATION_YES, 0); - ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE)); - ike_cfg->add_proposal(ike_cfg, proposal_create_default_aead(PROTO_IKE)); + + str = nm_setting_vpn_get_data_item(vpn, "proposal"); + proposal = streq(str, "yes"); + str = nm_setting_vpn_get_data_item(vpn, "ike"); + if (proposal && str && strlen(str)) + { + enumerator = enumerator_create_token(str, ";", ""); + while (enumerator->enumerate(enumerator, &str)) + { + prop = proposal_create_from_string(PROTO_IKE, str); + if (!prop) + { + g_set_error(err, NM_VPN_PLUGIN_ERROR, + NM_VPN_PLUGIN_ERROR_LAUNCH_FAILED, + "Invalid IKE proposal."); + enumerator->destroy(enumerator); + ike_cfg->destroy(ike_cfg); + gateway->destroy(gateway); + user->destroy(user); + return FALSE; + } + ike_cfg->add_proposal(ike_cfg, prop); + } + enumerator->destroy(enumerator); + } + else + { + ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE)); + ike_cfg->add_proposal(ike_cfg, proposal_create_default_aead(PROTO_IKE)); + } peer_cfg = peer_cfg_create(priv->name, ike_cfg, &peer); if (virtual) @@ -566,8 +596,32 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection, peer_cfg->add_auth_cfg(peer_cfg, auth, FALSE); child_cfg = child_cfg_create(priv->name, &child); - child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP)); - child_cfg->add_proposal(child_cfg, proposal_create_default_aead(PROTO_ESP)); + str = nm_setting_vpn_get_data_item(vpn, "esp"); + if (proposal && str && strlen(str)) + { + enumerator = enumerator_create_token(str, ";", ""); + while (enumerator->enumerate(enumerator, &str)) + { + prop = proposal_create_from_string(PROTO_ESP, str); + if (!prop) + { + g_set_error(err, NM_VPN_PLUGIN_ERROR, + NM_VPN_PLUGIN_ERROR_LAUNCH_FAILED, + "Invalid ESP proposal."); + enumerator->destroy(enumerator); + child_cfg->destroy(child_cfg); + peer_cfg->destroy(peer_cfg); + return FALSE; + } + child_cfg->add_proposal(child_cfg, prop); + } + enumerator->destroy(enumerator); + } + else + { + child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP)); + child_cfg->add_proposal(child_cfg, proposal_create_default_aead(PROTO_ESP)); + } ts = traffic_selector_create_dynamic(0, 0, 65535); child_cfg->add_traffic_selector(child_cfg, TRUE, ts); ts = traffic_selector_create_from_string(0, TS_IPV4_ADDR_RANGE, diff --git a/src/charon-svc/Makefile.in b/src/charon-svc/Makefile.in index 7dd0fb6fe..9c08e8a01 100644 --- a/src/charon-svc/Makefile.in +++ b/src/charon-svc/Makefile.in @@ -325,6 +325,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -347,6 +348,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ diff --git a/src/charon-systemd/Makefile.in b/src/charon-systemd/Makefile.in index 1959818c4..937753927 100644 --- a/src/charon-systemd/Makefile.in +++ b/src/charon-systemd/Makefile.in @@ -329,6 +329,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -351,6 +352,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ diff --git a/src/charon-tkm/Makefile.in b/src/charon-tkm/Makefile.in index 538335b9f..9987b44b6 100644 --- a/src/charon-tkm/Makefile.in +++ b/src/charon-tkm/Makefile.in @@ -272,6 +272,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -294,6 +295,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ diff --git a/src/charon-tkm/src/tkm/tkm_kernel_sad.c b/src/charon-tkm/src/tkm/tkm_kernel_sad.c index 22d2aac13..97226f1ac 100644 --- a/src/charon-tkm/src/tkm/tkm_kernel_sad.c +++ b/src/charon-tkm/src/tkm/tkm_kernel_sad.c @@ -101,61 +101,63 @@ static void sad_entry_destroy(sad_entry_t *entry) } } -/** - * Find a list entry with given src, dst, (remote) spi and proto values. - */ -static bool sad_entry_match(sad_entry_t * const entry, const host_t * const src, - const host_t * const dst, const uint32_t * const spi, - const uint8_t * const proto) +CALLBACK(sad_entry_match, bool, + sad_entry_t * const entry, va_list args) { + const host_t *src, *dst; + const uint32_t *spi; + const uint8_t *proto; + + VA_ARGS_VGET(args, src, dst, spi, proto); + if (entry->src == NULL || entry->dst == NULL) { return FALSE; } - return src->ip_equals(entry->src, (host_t *)src) && dst->ip_equals(entry->dst, (host_t *)dst) && entry->spi_rem == *spi && entry->proto == *proto; } -/** - * Find a list entry with given reqid, spi and proto values. - */ -static bool sad_entry_match_dst(sad_entry_t * const entry, - const uint32_t * const reqid, - const uint32_t * const spi, - const uint8_t * const proto) +CALLBACK(sad_entry_match_dst, bool, + sad_entry_t * const entry, va_list args) { + const uint32_t *reqid, *spi; + const uint8_t *proto; + + VA_ARGS_VGET(args, reqid, spi, proto); return entry->reqid == *reqid && entry->spi_rem == *spi && entry->proto == *proto; } -/** - * Find a list entry with given esa id. - */ -static bool sad_entry_match_esa_id(sad_entry_t * const entry, - const esa_id_type * const esa_id) +CALLBACK(sad_entry_match_esa_id, bool, + sad_entry_t * const entry, va_list args) { + const esa_id_type *esa_id; + + VA_ARGS_VGET(args, esa_id); return entry->esa_id == *esa_id; } -/** - * Find a list entry with given reqid and different esa id. - */ -static bool sad_entry_match_other_esa(sad_entry_t * const entry, - const esa_id_type * const esa_id, - const uint32_t * const reqid) +CALLBACK(sad_entry_match_other_esa, bool, + sad_entry_t * const entry, va_list args) { + const esa_id_type *esa_id; + const uint32_t *reqid; + + VA_ARGS_VGET(args, esa_id, reqid); return entry->reqid == *reqid && entry->esa_id != *esa_id; } -/** - * Compare two SAD entries for equality. - */ -static bool sad_entry_equal(sad_entry_t * const left, sad_entry_t * const right) +CALLBACK(sad_entry_equal, bool, + sad_entry_t * const left, va_list args) { + sad_entry_t *right; + + VA_ARGS_VGET(args, right); + if (left->src == NULL || left->dst == NULL || right->src == NULL || right->dst == NULL) { @@ -175,8 +177,8 @@ METHOD(tkm_kernel_sad_t, insert, bool, const uint32_t reqid, const host_t * const src, const host_t * const dst, const uint32_t spi_loc, const uint32_t spi_rem, const uint8_t proto) { - status_t result; sad_entry_t *new_entry; + bool found; INIT(new_entry, .esa_id = esa_id, @@ -189,10 +191,9 @@ METHOD(tkm_kernel_sad_t, insert, bool, ); this->mutex->lock(this->mutex); - result = this->data->find_first(this->data, - (linked_list_match_t)sad_entry_equal, NULL, + found = this->data->find_first(this->data, sad_entry_equal, NULL, new_entry); - if (result == NOT_FOUND) + if (!found) { DBG3(DBG_KNL, "inserting SAD entry (esa: %llu, reqid: %u, src: %H, " "dst: %H, spi_loc: %x, spi_rem: %x,proto: %u)", esa_id, reqid, src, @@ -207,7 +208,7 @@ METHOD(tkm_kernel_sad_t, insert, bool, free(new_entry); } this->mutex->unlock(this->mutex); - return result == NOT_FOUND; + return !found; } METHOD(tkm_kernel_sad_t, get_esa_id, esa_id_type, @@ -218,11 +219,10 @@ METHOD(tkm_kernel_sad_t, get_esa_id, esa_id_type, sad_entry_t *entry = NULL; this->mutex->lock(this->mutex); - const status_t res = this->data->find_first(this->data, - (linked_list_match_t)sad_entry_match, - (void**)&entry, src, dst, &spi, - &proto); - if (res == SUCCESS && entry) + const bool res = this->data->find_first(this->data, sad_entry_match, + (void**)&entry, src, dst, &spi, + &proto); + if (res && entry) { id = entry->esa_id; DBG3(DBG_KNL, "returning ESA id %llu of SAD entry (src: %H, dst: %H, " @@ -243,13 +243,12 @@ METHOD(tkm_kernel_sad_t, get_other_esa_id, esa_id_type, esa_id_type id = 0; sad_entry_t *entry = NULL; uint32_t reqid; - status_t res; + bool res; this->mutex->lock(this->mutex); - res = this->data->find_first(this->data, - (linked_list_match_t)sad_entry_match_esa_id, + res = this->data->find_first(this->data, sad_entry_match_esa_id, (void**)&entry, &esa_id); - if (res == SUCCESS && entry) + if (res && entry) { reqid = entry->reqid; } @@ -260,10 +259,9 @@ METHOD(tkm_kernel_sad_t, get_other_esa_id, esa_id_type, return id; } - res = this->data->find_first(this->data, - (linked_list_match_t)sad_entry_match_other_esa, + res = this->data->find_first(this->data, sad_entry_match_other_esa, (void**)&entry, &esa_id, &reqid); - if (res == SUCCESS && entry) + if (res && entry) { id = entry->esa_id; DBG3(DBG_KNL, "returning ESA id %llu of other SAD entry with reqid %u", @@ -281,10 +279,9 @@ METHOD(tkm_kernel_sad_t, get_dst_host, host_t *, sad_entry_t *entry = NULL; this->mutex->lock(this->mutex); - const status_t res = this->data->find_first(this->data, - (linked_list_match_t)sad_entry_match_dst, - (void**)&entry, &reqid, &spi, &proto); - if (res == SUCCESS && entry) + const bool res = this->data->find_first(this->data, sad_entry_match_dst, + (void**)&entry, &reqid, &spi, &proto); + if (res && entry) { dst = entry->dst; DBG3(DBG_KNL, "returning destination host %H of SAD entry (reqid: %u," diff --git a/src/charon/Makefile.in b/src/charon/Makefile.in index 8cf782fa2..d4cec547e 100644 --- a/src/charon/Makefile.in +++ b/src/charon/Makefile.in @@ -328,6 +328,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -350,6 +351,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ diff --git a/src/checksum/Makefile.in b/src/checksum/Makefile.in index 5e7a4ca7f..e4e3a16e6 100644 --- a/src/checksum/Makefile.in +++ b/src/checksum/Makefile.in @@ -397,6 +397,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -419,6 +420,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ diff --git a/src/conftest/Makefile.in b/src/conftest/Makefile.in index 14b8351cd..c7d4c6bbe 100644 --- a/src/conftest/Makefile.in +++ b/src/conftest/Makefile.in @@ -342,6 +342,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -364,6 +365,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ diff --git a/src/conftest/config.c b/src/conftest/config.c index 06a685047..d926dfca2 100644 --- a/src/conftest/config.c +++ b/src/conftest/config.c @@ -36,13 +36,20 @@ struct private_config_t { linked_list_t *configs; }; -/** - * filter function for ike configs - */ -static bool ike_filter(void *data, peer_cfg_t **in, ike_cfg_t **out) +CALLBACK(ike_filter, bool, + void *data, enumerator_t *orig, va_list args) { - *out = (*in)->get_ike_cfg(*in); - return TRUE; + peer_cfg_t *cfg; + ike_cfg_t **out; + + VA_ARGS_VGET(args, out); + + if (orig->enumerate(orig, &cfg)) + { + *out = cfg->get_ike_cfg(cfg); + return TRUE; + } + return FALSE; } METHOD(backend_t, create_ike_cfg_enumerator, enumerator_t*, @@ -51,7 +58,7 @@ METHOD(backend_t, create_ike_cfg_enumerator, enumerator_t*, return enumerator_create_filter( this->configs->create_enumerator(this->configs), - (void*)ike_filter, NULL, NULL); + ike_filter, NULL, NULL); } METHOD(backend_t, create_peer_cfg_enumerator, enumerator_t*, diff --git a/src/dumm/Makefile.in b/src/dumm/Makefile.in index dc1e3dc8f..276ca2ef2 100644 --- a/src/dumm/Makefile.in +++ b/src/dumm/Makefile.in @@ -363,6 +363,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -385,6 +386,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ diff --git a/src/dumm/cowfs.c b/src/dumm/cowfs.c index 28c62c217..5332ba551 100644 --- a/src/dumm/cowfs.c +++ b/src/dumm/cowfs.c @@ -92,11 +92,12 @@ static void overlay_destroy(overlay_t *this) free(this); } -/** - * compare two overlays by path - */ -static bool overlay_equals(overlay_t *this, overlay_t *other) +CALLBACK(overlay_equals, bool, + overlay_t *this, va_list args) { + overlay_t *other; + + VA_ARGS_VGET(args, other); return streq(this->path, other->path); } @@ -108,8 +109,8 @@ static bool overlay_remove(private_cowfs_t *this, char *path) { overlay_t over, *current; over.path = path; - if (this->overlays->find_first(this->overlays, - (linked_list_match_t)overlay_equals, (void**)¤t, &over) != SUCCESS) + if (!this->overlays->find_first(this->overlays, overlay_equals, + (void**)¤t, &over)) { return FALSE; } diff --git a/src/dumm/dumm.c b/src/dumm/dumm.c index cc4f5a16b..d147b2df0 100644 --- a/src/dumm/dumm.c +++ b/src/dumm/dumm.c @@ -267,10 +267,12 @@ typedef struct { } template_enumerator_t; METHOD(enumerator_t, template_enumerate, bool, - template_enumerator_t *this, char **template) + template_enumerator_t *this, va_list args) { struct stat st; - char *rel; + char *rel, **template; + + VA_ARGS_VGET(args, template); while (this->inner->enumerate(this->inner, &rel, NULL, &st)) { @@ -296,7 +298,8 @@ METHOD(dumm_t, create_template_enumerator, enumerator_t*, template_enumerator_t *enumerator; INIT(enumerator, .public = { - .enumerate = (void*)_template_enumerate, + .enumerate = enumerator_enumerate_default, + .venumerate = _template_enumerate, .destroy = (void*)_template_enumerator_destroy, }, .inner = enumerator_create_directory(TEMPLATE_DIR), diff --git a/src/include/Makefile.in b/src/include/Makefile.in index 068cae15d..569574fc9 100644 --- a/src/include/Makefile.in +++ b/src/include/Makefile.in @@ -272,6 +272,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -294,6 +295,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ diff --git a/src/include/linux/xfrm.h b/src/include/linux/xfrm.h index 02d5125a5..dbaa4f128 100644 --- a/src/include/linux/xfrm.h +++ b/src/include/linux/xfrm.h @@ -296,10 +296,12 @@ enum xfrm_attr_type_t { XFRMA_ALG_AUTH_TRUNC, /* struct xfrm_algo_auth */ XFRMA_MARK, /* struct xfrm_mark */ XFRMA_TFCPAD, /* __u32 */ - XFRMA_REPLAY_ESN_VAL, /* struct xfrm_replay_esn */ + XFRMA_REPLAY_ESN_VAL, /* struct xfrm_replay_state_esn */ XFRMA_SA_EXTRA_FLAGS, /* __u32 */ XFRMA_PROTO, /* __u8 */ XFRMA_ADDRESS_FILTER, /* struct xfrm_address_filter */ + XFRMA_PAD, + XFRMA_OFFLOAD_DEV, /* struct xfrm_state_offload */ __XFRMA_MAX #define XFRMA_MAX (__XFRMA_MAX - 1) @@ -491,6 +493,13 @@ struct xfrm_address_filter { __u8 dplen; }; +struct xfrm_user_offload { + int ifindex; + __u8 flags; +}; +#define XFRM_OFFLOAD_IPV6 1 +#define XFRM_OFFLOAD_INBOUND 2 + #ifndef __KERNEL__ /* backwards compatibility for userspace */ #define XFRMGRP_ACQUIRE 1 diff --git a/src/ipsec/Makefile.in b/src/ipsec/Makefile.in index faf7c76fc..1a922427b 100644 --- a/src/ipsec/Makefile.in +++ b/src/ipsec/Makefile.in @@ -305,6 +305,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -327,6 +328,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ diff --git a/src/ipsec/_ipsec.8 b/src/ipsec/_ipsec.8 index 1ae6375c8..3f4316dd6 100644 --- a/src/ipsec/_ipsec.8 +++ b/src/ipsec/_ipsec.8 @@ -1,4 +1,4 @@ -.TH IPSEC 8 "2013-10-29" "5.5.2dr4" "strongSwan" +.TH IPSEC 8 "2013-10-29" "5.5.3dr2" "strongSwan" . .SH NAME . diff --git a/src/libcharon/Makefile.am b/src/libcharon/Makefile.am index 8461d6230..3fcaedc3b 100644 --- a/src/libcharon/Makefile.am +++ b/src/libcharon/Makefile.am @@ -184,6 +184,15 @@ if USE_ME sa/ikev2/tasks/ike_me.c sa/ikev2/tasks/ike_me.h endif +if STATIC_PLUGIN_CONSTRUCTORS +BUILT_SOURCES = $(srcdir)/plugin_constructors.c +CLEANFILES = $(srcdir)/plugin_constructors.c + +$(srcdir)/plugin_constructors.c: $(top_srcdir)/src/libstrongswan/plugins/plugin_constructors.py + $(AM_V_GEN) \ + $(PYTHON) $(top_srcdir)/src/libstrongswan/plugins/plugin_constructors.py ${c_plugins} > $@ +endif + # build optional plugins ######################## diff --git a/src/libcharon/Makefile.in b/src/libcharon/Makefile.in index 8f6dc89a3..ef9ffd39b 100644 --- a/src/libcharon/Makefile.in +++ b/src/libcharon/Makefile.in @@ -934,6 +934,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -956,6 +957,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ @@ -1167,6 +1169,8 @@ libcharon_la_LIBADD = \ $(am__append_141) $(am__append_143) $(am__append_145) \ $(am__append_147) EXTRA_DIST = Android.mk +@STATIC_PLUGIN_CONSTRUCTORS_TRUE@BUILT_SOURCES = $(srcdir)/plugin_constructors.c +@STATIC_PLUGIN_CONSTRUCTORS_TRUE@CLEANFILES = $(srcdir)/plugin_constructors.c @MONOLITHIC_FALSE@SUBDIRS = . $(am__append_6) $(am__append_8) \ @MONOLITHIC_FALSE@ $(am__append_10) $(am__append_12) \ @MONOLITHIC_FALSE@ $(am__append_14) $(am__append_16) \ @@ -1240,7 +1244,8 @@ EXTRA_DIST = Android.mk @MONOLITHIC_TRUE@ $(am__append_138) $(am__append_140) \ @MONOLITHIC_TRUE@ $(am__append_142) $(am__append_144) \ @MONOLITHIC_TRUE@ $(am__append_146) . tests -all: all-recursive +all: $(BUILT_SOURCES) + $(MAKE) $(AM_MAKEFLAGS) all-recursive .SUFFIXES: .SUFFIXES: .c .lo .o .obj @@ -2095,14 +2100,16 @@ distdir: $(DISTFILES) fi; \ done check-am: all-am -check: check-recursive +check: $(BUILT_SOURCES) + $(MAKE) $(AM_MAKEFLAGS) check-recursive all-am: Makefile $(LTLIBRARIES) installdirs: installdirs-recursive installdirs-am: for dir in "$(DESTDIR)$(ipseclibdir)"; do \ test -z "$$dir" || $(MKDIR_P) "$$dir"; \ done -install: install-recursive +install: $(BUILT_SOURCES) + $(MAKE) $(AM_MAKEFLAGS) install-recursive install-exec: install-exec-recursive install-data: install-data-recursive uninstall: uninstall-recursive @@ -2124,6 +2131,7 @@ install-strip: mostlyclean-generic: clean-generic: + -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) @@ -2170,6 +2178,7 @@ distclean-generic: maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." + -test -z "$(BUILT_SOURCES)" || rm -f $(BUILT_SOURCES) clean: clean-recursive clean-am: clean-generic clean-ipseclibLTLIBRARIES clean-libtool \ @@ -2241,7 +2250,8 @@ ps-am: uninstall-am: uninstall-ipseclibLTLIBRARIES -.MAKE: $(am__recursive_targets) install-am install-strip +.MAKE: $(am__recursive_targets) all check install install-am \ + install-strip .PHONY: $(am__recursive_targets) CTAGS GTAGS TAGS all all-am check \ check-am clean clean-generic clean-ipseclibLTLIBRARIES \ @@ -2264,6 +2274,10 @@ uninstall-am: uninstall-ipseclibLTLIBRARIES daemon.lo : $(top_builddir)/config.status +@STATIC_PLUGIN_CONSTRUCTORS_TRUE@$(srcdir)/plugin_constructors.c: $(top_srcdir)/src/libstrongswan/plugins/plugin_constructors.py +@STATIC_PLUGIN_CONSTRUCTORS_TRUE@ $(AM_V_GEN) \ +@STATIC_PLUGIN_CONSTRUCTORS_TRUE@ $(PYTHON) $(top_srcdir)/src/libstrongswan/plugins/plugin_constructors.py ${c_plugins} > $@ + @MONOLITHIC_TRUE@@USE_SIMAKA_TRUE@ # otherwise this library is linked to both the eap_aka and the eap_sim plugin @MONOLITHIC_TRUE@@USE_TLS_TRUE@ # otherwise this library is linked to eap_tls diff --git a/src/libcharon/attributes/attribute_manager.c b/src/libcharon/attributes/attribute_manager.c index 2ab7ed118..3a4a21a02 100644 --- a/src/libcharon/attributes/attribute_manager.c +++ b/src/libcharon/attributes/attribute_manager.c @@ -237,14 +237,14 @@ typedef struct { linked_list_t *vips; } initiator_enumerator_t; -/** - * Enumerator implementation for initiator attributes - */ -static bool initiator_enumerate(initiator_enumerator_t *this, - attribute_handler_t **handler, - configuration_attribute_type_t *type, - chunk_t *value) +METHOD(enumerator_t, initiator_enumerate, bool, + initiator_enumerator_t *this, va_list args) { + configuration_attribute_type_t *type; + attribute_handler_t **handler; + chunk_t *value; + + VA_ARGS_VGET(args, handler, type, value); /* enumerate inner attributes using outer handler enumerator */ while (!this->inner || !this->inner->enumerate(this->inner, type, value)) { @@ -261,10 +261,8 @@ static bool initiator_enumerate(initiator_enumerator_t *this, return TRUE; } -/** - * Cleanup function of initiator attribute enumerator - */ -static void initiator_destroy(initiator_enumerator_t *this) +METHOD(enumerator_t, initiator_destroy, void, + initiator_enumerator_t *this) { this->this->lock->unlock(this->this->lock); this->outer->destroy(this->outer); @@ -281,8 +279,9 @@ METHOD(attribute_manager_t, create_initiator_enumerator, enumerator_t*, INIT(enumerator, .public = { - .enumerate = (void*)initiator_enumerate, - .destroy = (void*)initiator_destroy, + .enumerate = enumerator_enumerate_default, + .venumerate = _initiator_enumerate, + .destroy = _initiator_destroy, }, .this = this, .ike_sa = ike_sa, diff --git a/src/libcharon/attributes/mem_pool.c b/src/libcharon/attributes/mem_pool.c index a2b7c2803..e1a9a6dce 100644 --- a/src/libcharon/attributes/mem_pool.c +++ b/src/libcharon/attributes/mem_pool.c @@ -512,10 +512,15 @@ typedef struct { } lease_enumerator_t; METHOD(enumerator_t, lease_enumerate, bool, - lease_enumerator_t *this, identification_t **id, host_t **addr, bool *online) + lease_enumerator_t *this, va_list args) { - u_int *offset; + identification_t **id; unique_lease_t *lease; + host_t **addr; + u_int *offset; + bool *online; + + VA_ARGS_VGET(args, id, addr, online); DESTROY_IF(this->addr); this->addr = NULL; @@ -570,7 +575,8 @@ METHOD(mem_pool_t, create_lease_enumerator, enumerator_t*, this->mutex->lock(this->mutex); INIT(enumerator, .public = { - .enumerate = (void*)_lease_enumerate, + .enumerate = enumerator_enumerate_default, + .venumerate = _lease_enumerate, .destroy = _lease_enumerator_destroy, }, .pool = this, diff --git a/src/libcharon/bus/bus.c b/src/libcharon/bus/bus.c index f4bba872f..77a910197 100644 --- a/src/libcharon/bus/bus.c +++ b/src/libcharon/bus/bus.c @@ -207,20 +207,20 @@ static inline void register_logger(private_bus_t *this, debug_t group, } } -/** - * Find the log level of the first registered logger that implements log or - * vlog (or both). - */ -static bool find_max_levels(log_entry_t *entry, debug_t *group, level_t *level, - level_t *vlevel) +CALLBACK(find_max_levels, bool, + log_entry_t *entry, va_list args) { + level_t *level, *vlevel; + debug_t group; + + VA_ARGS_VGET(args, group, level, vlevel); if (entry->logger->log && *level == LEVEL_SILENT) { - *level = entry->levels[*group]; + *level = entry->levels[group]; } if (entry->logger->vlog && *vlevel == LEVEL_SILENT) { - *vlevel = entry->levels[*group]; + *vlevel = entry->levels[group]; } return *level > LEVEL_SILENT && *vlevel > LEVEL_SILENT; } @@ -258,8 +258,8 @@ static inline void unregister_logger(private_bus_t *this, logger_t *logger) loggers = this->loggers[group]; loggers->remove(loggers, found, NULL); - loggers->find_first(loggers, (linked_list_match_t)find_max_levels, - NULL, &group, &level, &vlevel); + loggers->find_first(loggers, find_max_levels, NULL, group, + &level, &vlevel); set_level(&this->max_level[group], level); set_level(&this->max_vlevel[group], vlevel); } @@ -330,11 +330,12 @@ typedef struct { va_list args; } log_data_t; -/** - * logger->log() invocation as a invoke_function callback - */ -static void log_cb(log_entry_t *entry, log_data_t *data) +CALLBACK(log_cb, void, + log_entry_t *entry, va_list args) { + log_data_t *data; + + VA_ARGS_VGET(args, data); if (entry->logger->log && entry->levels[data->group] >= data->level) { entry->logger->log(entry->logger, data->group, data->level, @@ -342,11 +343,12 @@ static void log_cb(log_entry_t *entry, log_data_t *data) } } -/** - * logger->vlog() invocation as a invoke_function callback - */ -static void vlog_cb(log_entry_t *entry, log_data_t *data) +CALLBACK(vlog_cb, void, + log_entry_t *entry, va_list args) { + log_data_t *data; + + VA_ARGS_VGET(args, data); if (entry->logger->vlog && entry->levels[data->group] >= data->level) { va_list copy; @@ -405,8 +407,7 @@ METHOD(bus_t, vlog, void, } if (len > 0) { - loggers->invoke_function(loggers, (linked_list_invoke_t)log_cb, - &data); + loggers->invoke_function(loggers, log_cb, &data); } if (data.message != buf) { @@ -422,7 +423,7 @@ METHOD(bus_t, vlog, void, data.message = format; va_copy(data.args, args); - loggers->invoke_function(loggers, (linked_list_invoke_t)vlog_cb, &data); + loggers->invoke_function(loggers, vlog_cb, &data); va_end(data.args); } diff --git a/src/libcharon/config/backend_manager.c b/src/libcharon/config/backend_manager.c index 79f1d9fee..4f154df9b 100644 --- a/src/libcharon/config/backend_manager.c +++ b/src/libcharon/config/backend_manager.c @@ -265,20 +265,24 @@ static void peer_enum_destroy(peer_data_t *data) free(data); } -/** - * convert enumerator value from match_entry to config - */ -static bool peer_enum_filter(linked_list_t *configs, - match_entry_t **in, peer_cfg_t **out) +CALLBACK(peer_enum_filter, bool, + linked_list_t *configs, enumerator_t *orig, va_list args) { - *out = (*in)->cfg; - return TRUE; + match_entry_t *entry; + peer_cfg_t **out; + + VA_ARGS_VGET(args, out); + + if (orig->enumerate(orig, &entry)) + { + *out = entry->cfg; + return TRUE; + } + return FALSE; } -/** - * Clean up temporary config list - */ -static void peer_enum_filter_destroy(linked_list_t *configs) +CALLBACK(peer_enum_filter_destroy, void, + linked_list_t *configs) { match_entry_t *entry; @@ -379,8 +383,8 @@ METHOD(backend_manager_t, create_peer_cfg_enumerator, enumerator_t*, helper->destroy(helper); return enumerator_create_filter(configs->create_enumerator(configs), - (void*)peer_enum_filter, configs, - (void*)peer_enum_filter_destroy); + peer_enum_filter, configs, + peer_enum_filter_destroy); } METHOD(backend_manager_t, get_peer_cfg_by_name, peer_cfg_t*, diff --git a/src/libcharon/config/child_cfg.c b/src/libcharon/config/child_cfg.c index 3c6dd5198..ec2a12431 100644 --- a/src/libcharon/config/child_cfg.c +++ b/src/libcharon/config/child_cfg.c @@ -1,6 +1,6 @@ /* + * Copyright (C) 2008-2017 Tobias Brunner * Copyright (C) 2016 Andreas Steffen - * Copyright (C) 2008-2016 Tobias Brunner * Copyright (C) 2005-2007 Martin Willi * Copyright (C) 2005 Jan Hutter * HSR Hochschule fuer Technik Rapperswil @@ -53,6 +53,11 @@ struct private_child_cfg_t { */ char *name; + /** + * Options + */ + child_cfg_option_t options; + /** * list for all proposals */ @@ -73,11 +78,6 @@ struct private_child_cfg_t { */ char *updown; - /** - * allow host access - */ - bool hostaccess; - /** * Mode to propose for a initiated CHILD: tunnel/transport */ @@ -103,11 +103,6 @@ struct private_child_cfg_t { */ lifetime_cfg_t lifetime; - /** - * enable IPComp - */ - bool use_ipcomp; - /** * Inactivity timeout */ @@ -143,21 +138,6 @@ struct private_child_cfg_t { */ char *interface; - /** - * set up IPsec transport SA in MIPv6 proxy mode - */ - bool proxy_mode; - - /** - * enable installation and removal of kernel IPsec policies - */ - bool install_policy; - - /** - * Install outbound FWD policies - */ - bool fwd_out_policy; - /** * anti-replay window size */ @@ -170,6 +150,12 @@ METHOD(child_cfg_t, get_name, char*, return this->name; } +METHOD(child_cfg_t, has_option, bool, + private_child_cfg_t *this, child_cfg_option_t option) +{ + return this->options & option; +} + METHOD(child_cfg_t, add_proposal, void, private_child_cfg_t *this, proposal_t *proposal) { @@ -179,8 +165,12 @@ METHOD(child_cfg_t, add_proposal, void, } } -static bool match_proposal(proposal_t *item, proposal_t *proposal) +CALLBACK(match_proposal, bool, + proposal_t *item, va_list args) { + proposal_t *proposal; + + VA_ARGS_VGET(args, proposal); return item->equals(item, proposal); } @@ -199,8 +189,7 @@ METHOD(child_cfg_t, get_proposals, linked_list_t*, { current->strip_dh(current, MODP_NONE); } - if (proposals->find_first(proposals, (linked_list_match_t)match_proposal, - NULL, current) == SUCCESS) + if (proposals->find_first(proposals, match_proposal, NULL, current)) { current->destroy(current); continue; @@ -311,8 +300,9 @@ METHOD(child_cfg_t, get_traffic_selectors, linked_list_t*, { if (hosts && hosts->get_count(hosts)) { /* set hosts if TS is dynamic or as initiator in transport mode */ - bool dynamic = ts1->is_dynamic(ts1); - if (dynamic || (this->mode == MODE_TRANSPORT && !this->proxy_mode && + bool dynamic = ts1->is_dynamic(ts1), + proxy_mode = has_option(this, OPT_PROXY_MODE); + if (dynamic || (this->mode == MODE_TRANSPORT && !proxy_mode && !supplied)) { e2 = hosts->create_enumerator(hosts); @@ -428,12 +418,6 @@ METHOD(child_cfg_t, get_updown, char*, return this->updown; } -METHOD(child_cfg_t, get_hostaccess, bool, - private_child_cfg_t *this) -{ - return this->hostaccess; -} - /** * Applies jitter to the rekey value. Returns the new rekey value. * Note: The distribution of random values is not perfect, but it @@ -508,12 +492,6 @@ METHOD(child_cfg_t, get_dh_group, diffie_hellman_group_t, return dh_group; } -METHOD(child_cfg_t, use_ipcomp, bool, - private_child_cfg_t *this) -{ - return this->use_ipcomp; -} - METHOD(child_cfg_t, get_inactivity, uint32_t, private_child_cfg_t *this) { @@ -562,24 +540,6 @@ METHOD(child_cfg_t, set_replay_window, void, this->replay_window = replay_window; } -METHOD(child_cfg_t, use_proxy_mode, bool, - private_child_cfg_t *this) -{ - return this->proxy_mode; -} - -METHOD(child_cfg_t, install_policy, bool, - private_child_cfg_t *this) -{ - return this->install_policy; -} - -METHOD(child_cfg_t, install_fwd_out_policy, bool, - private_child_cfg_t *this) -{ - return this->fwd_out_policy; -} - #define LT_PART_EQUALS(a, b) ({ a.life == b.life && a.rekey == b.rekey && a.jitter == b.jitter; }) #define LIFETIME_EQUALS(a, b) ({ LT_PART_EQUALS(a.time, b.time) && LT_PART_EQUALS(a.bytes, b.bytes) && LT_PART_EQUALS(a.packets, b.packets); }) @@ -611,13 +571,12 @@ METHOD(child_cfg_t, equals, bool, { return FALSE; } - return this->hostaccess == other->hostaccess && + return this->options == other->options && this->mode == other->mode && this->start_action == other->start_action && this->dpd_action == other->dpd_action && this->close_action == other->close_action && LIFETIME_EQUALS(this->lifetime, other->lifetime) && - this->use_ipcomp == other->use_ipcomp && this->inactivity == other->inactivity && this->reqid == other->reqid && this->mark_in.value == other->mark_in.value && @@ -627,9 +586,6 @@ METHOD(child_cfg_t, equals, bool, this->tfc == other->tfc && this->manual_prio == other->manual_prio && this->replay_window == other->replay_window && - this->proxy_mode == other->proxy_mode && - this->install_policy == other->install_policy && - this->fwd_out_policy == other->fwd_out_policy && streq(this->updown, other->updown) && streq(this->interface, other->interface); } @@ -672,14 +628,12 @@ child_cfg_t *child_cfg_create(char *name, child_cfg_create_t *data) .get_proposals = _get_proposals, .select_proposal = _select_proposal, .get_updown = _get_updown, - .get_hostaccess = _get_hostaccess, .get_mode = _get_mode, .get_start_action = _get_start_action, .get_dpd_action = _get_dpd_action, .get_close_action = _get_close_action, .get_lifetime = _get_lifetime, .get_dh_group = _get_dh_group, - .use_ipcomp = _use_ipcomp, .get_inactivity = _get_inactivity, .get_reqid = _get_reqid, .get_mark = _get_mark, @@ -688,19 +642,16 @@ child_cfg_t *child_cfg_create(char *name, child_cfg_create_t *data) .get_interface = _get_interface, .get_replay_window = _get_replay_window, .set_replay_window = _set_replay_window, - .use_proxy_mode = _use_proxy_mode, - .install_policy = _install_policy, - .install_fwd_out_policy = _install_fwd_out_policy, + .has_option = _has_option, .equals = _equals, .get_ref = _get_ref, .destroy = _destroy, }, .name = strdup(name), + .options = data->options, .updown = strdupnull(data->updown), - .hostaccess = data->hostaccess, .reqid = data->reqid, .mode = data->mode, - .proxy_mode = data->proxy_mode, .start_action = data->start_action, .dpd_action = data->dpd_action, .close_action = data->close_action, @@ -708,12 +659,9 @@ child_cfg_t *child_cfg_create(char *name, child_cfg_create_t *data) .mark_out = data->mark_out, .lifetime = data->lifetime, .inactivity = data->inactivity, - .use_ipcomp = data->ipcomp, .tfc = data->tfc, .manual_prio = data->priority, .interface = strdupnull(data->interface), - .install_policy = !data->suppress_policies, - .fwd_out_policy = data->fwd_out_policies, .refcount = 1, .proposals = linked_list_create(), .my_ts = linked_list_create(), diff --git a/src/libcharon/config/child_cfg.h b/src/libcharon/config/child_cfg.h index b85bfd9bc..a102c459c 100644 --- a/src/libcharon/config/child_cfg.h +++ b/src/libcharon/config/child_cfg.h @@ -1,6 +1,6 @@ /* + * Copyright (C) 2008-2017 Tobias Brunner * Copyright (C) 2016 Andreas Steffen - * Copyright (C) 2008-2016 Tobias Brunner * Copyright (C) 2005-2007 Martin Willi * Copyright (C) 2005 Jan Hutter * HSR Hochschule fuer Technik Rapperswil @@ -25,6 +25,7 @@ #define CHILD_CFG_H_ typedef enum action_t action_t; +typedef enum child_cfg_option_t child_cfg_option_t; typedef struct child_cfg_t child_cfg_t; typedef struct child_cfg_create_t child_cfg_create_t; @@ -146,13 +147,6 @@ struct child_cfg_t { */ char* (*get_updown)(child_cfg_t *this); - /** - * Should we allow access to the local host (gateway)? - * - * @return value of hostaccess flag - */ - bool (*get_hostaccess) (child_cfg_t *this); - /** * Get the lifetime configuration of a CHILD_SA. * @@ -202,14 +196,6 @@ struct child_cfg_t { */ diffie_hellman_group_t (*get_dh_group)(child_cfg_t *this); - /** - * Check whether IPComp should be used, if the other peer supports it. - * - * @return TRUE, if IPComp should be used - * FALSE, otherwise - */ - bool (*use_ipcomp)(child_cfg_t *this); - /** * Get the inactivity timeout value. * @@ -263,33 +249,17 @@ struct child_cfg_t { /** * Set anti-replay window size * - * @param window anti-replay window size + * @param window anti-replay window size */ void (*set_replay_window)(child_cfg_t *this, uint32_t window); /** - * Check whether IPsec transport SA should be set up in proxy mode. - * - * @return TRUE, if proxy mode should be used - * FALSE, otherwise - */ - bool (*use_proxy_mode)(child_cfg_t *this); - - /** - * Check whether IPsec policies should be installed in the kernel. - * - * @return TRUE, if IPsec kernel policies should be installed - * FALSE, otherwise - */ - bool (*install_policy)(child_cfg_t *this); - - /** - * Check whether outbound FWD IPsec policies should be installed. + * Check if an option flag is set. * - * @return TRUE, if outbound FWD policies should be installed - * FALSE, otherwise + * @param option option flag to check + * @return TRUE if option flag set, FALSE otherwise */ - bool (*install_fwd_out_policy)(child_cfg_t *this); + bool (*has_option)(child_cfg_t *this, child_cfg_option_t option); /** * Check if two child_cfg objects are equal. @@ -315,11 +285,39 @@ struct child_cfg_t { void (*destroy) (child_cfg_t *this); }; +/** + * Option flags that may be set on a child_cfg_t object + */ +enum child_cfg_option_t { + + /** Use IPsec transport proxy mode */ + OPT_PROXY_MODE = (1<<0), + + /** Use IPComp, if peer supports it */ + OPT_IPCOMP = (1<<1), + + /** Allow access to the local host */ + OPT_HOSTACCESS = (1<<2), + + /** Don't install any IPsec policies */ + OPT_NO_POLICIES = (1<<3), + + /** Install outbound FWD IPsec policies to bypass drop policies */ + OPT_FWD_OUT_POLICIES = (1<<4), + + /** Enable hardware offload, if supported by the IPsec backend */ + OPT_HW_OFFLOAD = (1<<5), + + /** Force 96-bit truncation for SHA-256 */ + OPT_SHA256_96 = (1<<6), +}; /** * Data passed to the constructor of a child_cfg_t object. */ struct child_cfg_create_t { + /** Options set for CHILD_SA */ + child_cfg_option_t options; /** Specific reqid to use for CHILD_SA, 0 for auto assignment */ uint32_t reqid; /** Optional inbound mark */ @@ -328,10 +326,6 @@ struct child_cfg_create_t { mark_t mark_out; /** Mode to propose for CHILD_SA */ ipsec_mode_t mode; - /** Use IPsec transport proxy mode */ - bool proxy_mode; - /** Use IPComp, if peer supports it */ - bool ipcomp; /** TFC padding size, 0 to disable, -1 to pad to PMTU */ uint32_t tfc; /** Optional manually-set IPsec policy priority */ @@ -350,12 +344,6 @@ struct child_cfg_create_t { action_t close_action; /** updown script to execute on up/down event (cloned) */ char *updown; - /** TRUE to allow access to the local host */ - bool hostaccess; - /** Don't install IPsec policies */ - bool suppress_policies; - /** Install outbound FWD IPsec policies to bypass drop policies */ - bool fwd_out_policies; }; /** diff --git a/src/libcharon/config/ike_cfg.c b/src/libcharon/config/ike_cfg.c index 480dd3720..93300781d 100644 --- a/src/libcharon/config/ike_cfg.c +++ b/src/libcharon/config/ike_cfg.c @@ -224,12 +224,12 @@ static u_int match(linked_list_t *hosts, linked_list_t *ranges, host_t *cand) if (ts->to_subnet(ts, &host, &mask)) { quality = max(quality, mask + 1); - host->destroy(host); } else { quality = max(quality, 1); } + host->destroy(host); } } enumerator->destroy(enumerator); diff --git a/src/libcharon/config/ike_cfg.h b/src/libcharon/config/ike_cfg.h index 4d37264f6..034996f60 100644 --- a/src/libcharon/config/ike_cfg.h +++ b/src/libcharon/config/ike_cfg.h @@ -47,14 +47,16 @@ enum ike_version_t { }; /** - * Proprietary IKEv1 fragmentation + * Proprietary IKEv1 fragmentation and IKEv2 fragmentation */ enum fragmentation_t { /** disable fragmentation */ FRAGMENTATION_NO, - /** enable fragmentation if supported by peer */ + /** announce support, but don't send any fragments */ + FRAGMENTATION_ACCEPT, + /** enable fragmentation, if supported by peer */ FRAGMENTATION_YES, - /** force use of fragmentation (even for the first message) */ + /** force use of fragmentation (even for the first message for IKEv1) */ FRAGMENTATION_FORCE, }; diff --git a/src/libcharon/config/peer_cfg.c b/src/libcharon/config/peer_cfg.c index 5d7ab076e..fcdd6fdeb 100644 --- a/src/libcharon/config/peer_cfg.c +++ b/src/libcharon/config/peer_cfg.c @@ -209,9 +209,12 @@ typedef struct { } child_cfgs_replace_enumerator_t; METHOD(enumerator_t, child_cfgs_replace_enumerate, bool, - child_cfgs_replace_enumerator_t *this, child_cfg_t **chd, bool *added) + child_cfgs_replace_enumerator_t *this, va_list args) { - child_cfg_t *child_cfg; + child_cfg_t *child_cfg, **chd; + bool *added; + + VA_ARGS_VGET(args, chd, added); if (!this->wrapped) { @@ -303,8 +306,9 @@ METHOD(peer_cfg_t, replace_child_cfgs, enumerator_t*, INIT(enumerator, .public = { - .enumerate = (void*)_child_cfgs_replace_enumerate, - .destroy = (void*)_child_cfgs_replace_enumerator_destroy, + .enumerate = enumerator_enumerate_default, + .venumerate = _child_cfgs_replace_enumerate, + .destroy = _child_cfgs_replace_enumerator_destroy, }, .removed = removed, .added = added, @@ -336,8 +340,11 @@ METHOD(enumerator_t, child_cfg_enumerator_destroy, void, } METHOD(enumerator_t, child_cfg_enumerate, bool, - child_cfg_enumerator_t *this, child_cfg_t **chd) + child_cfg_enumerator_t *this, va_list args) { + child_cfg_t **chd; + + VA_ARGS_VGET(args, chd); return this->wrapped->enumerate(this->wrapped, chd); } @@ -348,8 +355,9 @@ METHOD(peer_cfg_t, create_child_cfg_enumerator, enumerator_t*, INIT(enumerator, .public = { - .enumerate = (void*)_child_cfg_enumerate, - .destroy = (void*)_child_cfg_enumerator_destroy, + .enumerate = enumerator_enumerate_default, + .venumerate = _child_cfg_enumerate, + .destroy = _child_cfg_enumerator_destroy, }, .mutex = this->mutex, .wrapped = this->child_cfgs->create_enumerator(this->child_cfgs), diff --git a/src/libcharon/config/proposal.c b/src/libcharon/config/proposal.c index a2dc113a5..6c71f78d3 100644 --- a/src/libcharon/config/proposal.c +++ b/src/libcharon/config/proposal.c @@ -94,27 +94,31 @@ METHOD(proposal_t, add_algorithm, void, array_insert(this->transforms, ARRAY_TAIL, &entry); } -/** - * filter function for peer configs - */ -static bool alg_filter(uintptr_t type, entry_t **in, uint16_t *alg, - void **unused, uint16_t *key_size) +CALLBACK(alg_filter, bool, + uintptr_t type, enumerator_t *orig, va_list args) { - entry_t *entry = *in; + entry_t *entry; + uint16_t *alg, *key_size; - if (entry->type != type) - { - return FALSE; - } - if (alg) - { - *alg = entry->alg; - } - if (key_size) + VA_ARGS_VGET(args, alg, key_size); + + while (orig->enumerate(orig, &entry)) { - *key_size = entry->key_size; + if (entry->type != type) + { + continue; + } + if (alg) + { + *alg = entry->alg; + } + if (key_size) + { + *key_size = entry->key_size; + } + return TRUE; } - return TRUE; + return FALSE; } METHOD(proposal_t, create_enumerator, enumerator_t*, @@ -122,7 +126,7 @@ METHOD(proposal_t, create_enumerator, enumerator_t*, { return enumerator_create_filter( array_create_enumerator(this->transforms), - (void*)alg_filter, (void*)(uintptr_t)type, NULL); + alg_filter, (void*)(uintptr_t)type, NULL); } METHOD(proposal_t, get_algorithm, bool, diff --git a/src/libcharon/daemon.c b/src/libcharon/daemon.c index eadc10a6a..7c9f83d12 100644 --- a/src/libcharon/daemon.c +++ b/src/libcharon/daemon.c @@ -117,6 +117,13 @@ struct private_daemon_t { refcount_t ref; }; +/** + * Register plugins if built statically + */ +#ifdef STATIC_PLUGIN_CONSTRUCTORS +#include "plugin_constructors.c" +#endif + /** * One and only instance of the daemon. */ @@ -275,13 +282,14 @@ static void logger_entry_unregister_destroy(logger_entry_t *this) logger_entry_destroy(this); } -/** - * Match a logger entry by target and whether it is a file or syslog logger - */ -static bool logger_entry_match(logger_entry_t *this, char *target, - logger_type_t *type) +CALLBACK(logger_entry_match, bool, + logger_entry_t *this, va_list args) { - return this->type == *type && streq(this->target, target); + logger_type_t type; + char *target; + + VA_ARGS_VGET(args, target, type); + return this->type == type && streq(this->target, target); } /** @@ -343,8 +351,8 @@ static logger_entry_t *get_logger_entry(char *target, logger_type_t type, { logger_entry_t *entry; - if (existing->find_first(existing, (void*)logger_entry_match, - (void**)&entry, target, &type) != SUCCESS) + if (!existing->find_first(existing, logger_entry_match, (void**)&entry, + target, type)) { INIT(entry, .target = strdup(target), diff --git a/src/libcharon/encoding/message.c b/src/libcharon/encoding/message.c index 50dab9e38..6d850aac0 100644 --- a/src/libcharon/encoding/message.c +++ b/src/libcharon/encoding/message.c @@ -554,10 +554,10 @@ static payload_order_t aggressive_i_order[] = { {PLV1_CERTREQ, 0}, {PLV1_NOTIFY, 0}, {PLV1_VENDOR_ID, 0}, + {PLV1_HASH, 0}, {PLV1_NAT_D, 0}, {PLV1_NAT_D_DRAFT_00_03, 0}, {PLV1_SIGNATURE, 0}, - {PLV1_HASH, 0}, {PLV1_FRAGMENT, 0}, }; diff --git a/src/libcharon/encoding/payloads/certreq_payload.c b/src/libcharon/encoding/payloads/certreq_payload.c index 09bfa2458..643fbc42f 100644 --- a/src/libcharon/encoding/payloads/certreq_payload.c +++ b/src/libcharon/encoding/payloads/certreq_payload.c @@ -190,8 +190,12 @@ struct keyid_enumerator_t { }; METHOD(enumerator_t, keyid_enumerate, bool, - keyid_enumerator_t *this, chunk_t *chunk) + keyid_enumerator_t *this, va_list args) { + chunk_t *chunk; + + VA_ARGS_VGET(args, chunk); + if (this->pos == NULL) { this->pos = this->full.ptr; @@ -224,7 +228,8 @@ METHOD(certreq_payload_t, create_keyid_enumerator, enumerator_t*, } INIT(enumerator, .public = { - .enumerate = (void*)_keyid_enumerate, + .enumerate = enumerator_enumerate_default, + .venumerate = _keyid_enumerate, .destroy = (void*)free, }, .full = this->data, diff --git a/src/libcharon/encoding/payloads/delete_payload.c b/src/libcharon/encoding/payloads/delete_payload.c index 584e6f22b..3634cd36c 100644 --- a/src/libcharon/encoding/payloads/delete_payload.c +++ b/src/libcharon/encoding/payloads/delete_payload.c @@ -306,8 +306,12 @@ typedef struct { } spi_enumerator_t; METHOD(enumerator_t, spis_enumerate, bool, - spi_enumerator_t *this, uint32_t *spi) + spi_enumerator_t *this, va_list args) { + uint32_t *spi; + + VA_ARGS_VGET(args, spi); + if (this->spis.len >= sizeof(*spi)) { memcpy(spi, this->spis.ptr, sizeof(*spi)); @@ -328,7 +332,8 @@ METHOD(delete_payload_t, create_spi_enumerator, enumerator_t*, } INIT(e, .public = { - .enumerate = (void*)_spis_enumerate, + .enumerate = enumerator_enumerate_default, + .venumerate = _spis_enumerate, .destroy = (void*)free, }, .spis = this->spis, diff --git a/src/libcharon/encoding/payloads/eap_payload.c b/src/libcharon/encoding/payloads/eap_payload.c index 8c3fc5933..923135da9 100644 --- a/src/libcharon/encoding/payloads/eap_payload.c +++ b/src/libcharon/encoding/payloads/eap_payload.c @@ -270,8 +270,12 @@ typedef struct { } type_enumerator_t; METHOD(enumerator_t, enumerate_types, bool, - type_enumerator_t *this, eap_type_t *type, uint32_t *vendor) + type_enumerator_t *this, va_list args) { + eap_type_t *type; + uint32_t *vendor; + + VA_ARGS_VGET(args, type, vendor); this->offset = extract_type(this->payload, this->offset, type, vendor); return this->offset; } @@ -289,7 +293,8 @@ METHOD(eap_payload_t, get_types, enumerator_t*, { INIT(enumerator, .public = { - .enumerate = (void*)_enumerate_types, + .enumerate = enumerator_enumerate_default, + .venumerate = _enumerate_types, .destroy = (void*)free, }, .payload = this, diff --git a/src/libcharon/kernel/kernel_interface.c b/src/libcharon/kernel/kernel_interface.c index ea5af9eb8..3d736b25b 100644 --- a/src/libcharon/kernel/kernel_interface.c +++ b/src/libcharon/kernel/kernel_interface.c @@ -632,21 +632,18 @@ METHOD(kernel_interface_t, enable_udp_decap, bool, METHOD(kernel_interface_t, is_interface_usable, bool, private_kernel_interface_t *this, const char *iface) { - status_t expected; - if (!this->ifaces_filter) { return TRUE; } - expected = this->ifaces_exclude ? NOT_FOUND : SUCCESS; - return this->ifaces_filter->find_first(this->ifaces_filter, (void*)streq, - NULL, iface) == expected; + return this->ifaces_filter->find_first(this->ifaces_filter, + linked_list_match_str, NULL, iface) != this->ifaces_exclude; } METHOD(kernel_interface_t, all_interfaces_usable, bool, private_kernel_interface_t *this) { - return this->ifaces_filter == NULL; + return !this->ifaces_filter; } METHOD(kernel_interface_t, get_address_by_ts, status_t, diff --git a/src/libcharon/kernel/kernel_ipsec.h b/src/libcharon/kernel/kernel_ipsec.h index 0ad566068..6fafeb760 100644 --- a/src/libcharon/kernel/kernel_ipsec.h +++ b/src/libcharon/kernel/kernel_ipsec.h @@ -91,6 +91,8 @@ struct kernel_ipsec_add_sa_t { uint16_t cpi; /** TRUE to enable UDP encapsulation for NAT traversal */ bool encap; + /** TRUE to enable hardware offloading if available */ + bool hw_offload; /** TRUE to use Extended Sequence Numbers */ bool esn; /** TRUE if initiator of the exchange creating the SA */ diff --git a/src/libcharon/network/receiver.c b/src/libcharon/network/receiver.c index 1bf93ad40..8fb48281f 100644 --- a/src/libcharon/network/receiver.c +++ b/src/libcharon/network/receiver.c @@ -321,18 +321,16 @@ static bool cookie_required(private_receiver_t *this, */ static bool drop_ike_sa_init(private_receiver_t *this, message_t *message) { - u_int half_open, half_open_r; + u_int half_open; uint32_t now; now = time_monotonic(NULL); half_open = charon->ike_sa_manager->get_half_open_count( - charon->ike_sa_manager, NULL, FALSE); - half_open_r = charon->ike_sa_manager->get_half_open_count( charon->ike_sa_manager, NULL, TRUE); /* check for cookies in IKEv2 */ if (message->get_major_version(message) == IKEV2_MAJOR_VERSION && - cookie_required(this, half_open_r, now) && !check_cookie(this, message)) + cookie_required(this, half_open, now) && !check_cookie(this, message)) { chunk_t cookie; diff --git a/src/libcharon/plugins/addrblock/Makefile.in b/src/libcharon/plugins/addrblock/Makefile.in index f5dfc14d7..60fd19bdc 100644 --- a/src/libcharon/plugins/addrblock/Makefile.in +++ b/src/libcharon/plugins/addrblock/Makefile.in @@ -358,6 +358,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -380,6 +381,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ diff --git a/src/libcharon/plugins/addrblock/addrblock_validator.c b/src/libcharon/plugins/addrblock/addrblock_validator.c index d16a1170c..78e377c2a 100644 --- a/src/libcharon/plugins/addrblock/addrblock_validator.c +++ b/src/libcharon/plugins/addrblock/addrblock_validator.c @@ -56,12 +56,12 @@ static bool check_addrblock(private_addrblock_validator_t *this, } if (!subject_const) { - DBG1(DBG_CFG, "subject certficate lacks ipAddrBlocks extension"); + DBG1(DBG_CFG, "subject certificate lacks ipAddrBlocks extension"); return !this->strict; } if (!issuer_const) { - DBG1(DBG_CFG, "issuer certficate lacks ipAddrBlocks extension"); + DBG1(DBG_CFG, "issuer certificate lacks ipAddrBlocks extension"); return FALSE; } subject_enumerator = subject->create_ipAddrBlock_enumerator(subject); diff --git a/src/libcharon/plugins/android_dns/Makefile.in b/src/libcharon/plugins/android_dns/Makefile.in index d79c753f0..0533d81eb 100644 --- a/src/libcharon/plugins/android_dns/Makefile.in +++ b/src/libcharon/plugins/android_dns/Makefile.in @@ -358,6 +358,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -380,6 +381,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ diff --git a/src/libcharon/plugins/android_dns/android_dns_handler.c b/src/libcharon/plugins/android_dns/android_dns_handler.c index 160a145d3..68bbaecb2 100644 --- a/src/libcharon/plugins/android_dns/android_dns_handler.c +++ b/src/libcharon/plugins/android_dns/android_dns_handler.c @@ -182,12 +182,15 @@ METHOD(attribute_handler_t, release, void, } METHOD(enumerator_t, enumerate_dns, bool, - enumerator_t *this, configuration_attribute_type_t *type, chunk_t *data) + enumerator_t *this, va_list args) { + configuration_attribute_type_t *type; + chunk_t *data; + + VA_ARGS_VGET(args, type, data); *type = INTERNAL_IP4_DNS; *data = chunk_empty; - /* stop enumeration */ - this->enumerate = (void*)return_false; + this->venumerate = return_false; return TRUE; } @@ -198,7 +201,8 @@ METHOD(attribute_handler_t, create_attribute_enumerator, enumerator_t *, enumerator_t *enumerator; INIT(enumerator, - .enumerate = (void*)_enumerate_dns, + .enumerate = enumerator_enumerate_default, + .venumerate = _enumerate_dns, .destroy = (void*)free, ); return enumerator; diff --git a/src/libcharon/plugins/android_log/Makefile.am b/src/libcharon/plugins/android_log/Makefile.am index 9f82f6e60..4f062ee65 100644 --- a/src/libcharon/plugins/android_log/Makefile.am +++ b/src/libcharon/plugins/android_log/Makefile.am @@ -16,3 +16,4 @@ libstrongswan_android_log_la_SOURCES = \ android_log_logger.c android_log_logger.h libstrongswan_android_log_la_LDFLAGS = -module -avoid-version +libstrongswan_android_log_la_LIBADD = -llog diff --git a/src/libcharon/plugins/android_log/Makefile.in b/src/libcharon/plugins/android_log/Makefile.in index 65cdcff94..bc402ef69 100644 --- a/src/libcharon/plugins/android_log/Makefile.in +++ b/src/libcharon/plugins/android_log/Makefile.in @@ -136,7 +136,7 @@ am__uninstall_files_from_dir = { \ } am__installdirs = "$(DESTDIR)$(plugindir)" LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES) -libstrongswan_android_log_la_LIBADD = +libstrongswan_android_log_la_DEPENDENCIES = am_libstrongswan_android_log_la_OBJECTS = android_log_plugin.lo \ android_log_logger.lo libstrongswan_android_log_la_OBJECTS = \ @@ -358,6 +358,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -380,6 +381,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ @@ -458,6 +460,7 @@ libstrongswan_android_log_la_SOURCES = \ android_log_logger.c android_log_logger.h libstrongswan_android_log_la_LDFLAGS = -module -avoid-version +libstrongswan_android_log_la_LIBADD = -llog all: all-am .SUFFIXES: diff --git a/src/libcharon/plugins/attr/Makefile.in b/src/libcharon/plugins/attr/Makefile.in index 217a42ae6..9fe4d946f 100644 --- a/src/libcharon/plugins/attr/Makefile.in +++ b/src/libcharon/plugins/attr/Makefile.in @@ -355,6 +355,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -377,6 +378,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ diff --git a/src/libcharon/plugins/attr/attr_provider.c b/src/libcharon/plugins/attr/attr_provider.c index f4c143641..3310f79fd 100644 --- a/src/libcharon/plugins/attr/attr_provider.c +++ b/src/libcharon/plugins/attr/attr_provider.c @@ -75,17 +75,23 @@ typedef struct { ike_version_t ike; } enumerator_data_t; -/** - * convert enumerator value from attribute_entry - */ -static bool attr_enum_filter(enumerator_data_t *data, attribute_entry_t **in, - configuration_attribute_type_t *type, void* none, chunk_t *value) +CALLBACK(attr_enum_filter, bool, + enumerator_data_t *data, enumerator_t *orig, va_list args) { - if ((*in)->ike == IKE_ANY || (*in)->ike == data->ike) + configuration_attribute_type_t *type; + attribute_entry_t *entry; + chunk_t *value; + + VA_ARGS_VGET(args, type, value); + + while (orig->enumerate(orig, &entry)) { - *type = (*in)->type; - *value = (*in)->value; - return TRUE; + if (entry->ike == IKE_ANY || entry->ike == data->ike) + { + *type = entry->type; + *value = entry->value; + return TRUE; + } } return FALSE; } @@ -112,7 +118,7 @@ METHOD(attribute_provider_t, create_attribute_enumerator, enumerator_t*, this->lock->read_lock(this->lock); return enumerator_create_filter( this->attributes->create_enumerator(this->attributes), - (void*)attr_enum_filter, data, attr_enum_destroy); + attr_enum_filter, data, attr_enum_destroy); } return enumerator_create_empty(); } diff --git a/src/libcharon/plugins/attr_sql/Makefile.in b/src/libcharon/plugins/attr_sql/Makefile.in index 668e23f07..b3ddf69b5 100644 --- a/src/libcharon/plugins/attr_sql/Makefile.in +++ b/src/libcharon/plugins/attr_sql/Makefile.in @@ -358,6 +358,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -380,6 +381,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ diff --git a/src/libcharon/plugins/attr_sql/attr_sql_provider.c b/src/libcharon/plugins/attr_sql/attr_sql_provider.c index c2410705d..33d9f99fc 100644 --- a/src/libcharon/plugins/attr_sql/attr_sql_provider.c +++ b/src/libcharon/plugins/attr_sql/attr_sql_provider.c @@ -200,7 +200,6 @@ static host_t* get_lease(private_attr_sql_provider_t *this, char *name, "SELECT id, address FROM addresses " "WHERE pool = ? AND identity = 0 LIMIT 1", DB_UINT, pool, DB_UINT, DB_BLOB); - } if (!e || !e->enumerate(e, &id, &address)) @@ -447,7 +446,6 @@ METHOD(attr_sql_provider_t, destroy, void, attr_sql_provider_t *attr_sql_provider_create(database_t *db) { private_attr_sql_provider_t *this; - time_t now = time(NULL); INIT(this, .public = { @@ -460,19 +458,25 @@ attr_sql_provider_t *attr_sql_provider_create(database_t *db) }, .db = db, .history = lib->settings->get_bool(lib->settings, - "%s.plugins.attr-sql.lease_history", TRUE, lib->ns), + "%s.plugins.attr-sql.lease_history", TRUE, lib->ns), ); - /* close any "online" leases in the case we crashed */ - if (this->history) + if (lib->settings->get_bool(lib->settings, + "%s.plugins.attr-sql.crash_recovery", TRUE, lib->ns)) { - this->db->execute(this->db, NULL, + time_t now = time(NULL); + + /* close any "online" leases in the case we crashed */ + if (this->history) + { + this->db->execute(this->db, NULL, "INSERT INTO leases (address, identity, acquired, released)" " SELECT id, identity, acquired, ? FROM addresses " " WHERE released = 0", DB_UINT, now); - } - this->db->execute(this->db, NULL, + } + this->db->execute(this->db, NULL, "UPDATE addresses SET released = ? WHERE released = 0", DB_UINT, now); + } return &this->public; } diff --git a/src/libcharon/plugins/bypass_lan/Makefile.in b/src/libcharon/plugins/bypass_lan/Makefile.in index 9f1dc71c9..6c079481b 100644 --- a/src/libcharon/plugins/bypass_lan/Makefile.in +++ b/src/libcharon/plugins/bypass_lan/Makefile.in @@ -358,6 +358,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -380,6 +381,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ diff --git a/src/libcharon/plugins/bypass_lan/bypass_lan_listener.c b/src/libcharon/plugins/bypass_lan/bypass_lan_listener.c index e690028f2..644cff029 100644 --- a/src/libcharon/plugins/bypass_lan/bypass_lan_listener.c +++ b/src/libcharon/plugins/bypass_lan/bypass_lan_listener.c @@ -110,15 +110,12 @@ static bool policy_equals(bypass_policy_t *a, bypass_policy_t *b) */ static bool consider_interface(private_bypass_lan_listener_t *this, char *iface) { - status_t expected; - if (!iface || !this->ifaces_filter) { return TRUE; } - expected = this->ifaces_exclude ? NOT_FOUND : SUCCESS; - return this->ifaces_filter->find_first(this->ifaces_filter, (void*)streq, - NULL, iface) == expected; + return this->ifaces_filter->find_first(this->ifaces_filter, + linked_list_match_str, NULL, iface) != this->ifaces_exclude; } /** diff --git a/src/libcharon/plugins/certexpire/Makefile.in b/src/libcharon/plugins/certexpire/Makefile.in index ffde2d7aa..acbd7a858 100644 --- a/src/libcharon/plugins/certexpire/Makefile.in +++ b/src/libcharon/plugins/certexpire/Makefile.in @@ -358,6 +358,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -380,6 +381,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ diff --git a/src/libcharon/plugins/connmark/Makefile.in b/src/libcharon/plugins/connmark/Makefile.in index 140f1b6ad..55bc25a9f 100644 --- a/src/libcharon/plugins/connmark/Makefile.in +++ b/src/libcharon/plugins/connmark/Makefile.in @@ -359,6 +359,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -381,6 +382,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ diff --git a/src/libcharon/plugins/coupling/Makefile.in b/src/libcharon/plugins/coupling/Makefile.in index 3910e4ea4..6d6fe25bb 100644 --- a/src/libcharon/plugins/coupling/Makefile.in +++ b/src/libcharon/plugins/coupling/Makefile.in @@ -358,6 +358,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -380,6 +381,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ diff --git a/src/libcharon/plugins/dhcp/Makefile.in b/src/libcharon/plugins/dhcp/Makefile.in index 6033c6e12..d3f4ec8bc 100644 --- a/src/libcharon/plugins/dhcp/Makefile.in +++ b/src/libcharon/plugins/dhcp/Makefile.in @@ -356,6 +356,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -378,6 +379,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ diff --git a/src/libcharon/plugins/dhcp/dhcp_provider.c b/src/libcharon/plugins/dhcp/dhcp_provider.c index f0681b1da..50ffbab9d 100644 --- a/src/libcharon/plugins/dhcp/dhcp_provider.c +++ b/src/libcharon/plugins/dhcp/dhcp_provider.c @@ -151,8 +151,7 @@ METHOD(attribute_provider_t, create_attribute_enumerator, enumerator_t*, identification_t *id; host_t *vip; - if (pools->find_first(pools, (linked_list_match_t)streq, - NULL, "dhcp") != SUCCESS) + if (!pools->find_first(pools, linked_list_match_str, NULL, "dhcp")) { return NULL; } diff --git a/src/libcharon/plugins/dhcp/dhcp_socket.c b/src/libcharon/plugins/dhcp/dhcp_socket.c index 807c68274..42f8f1ef9 100644 --- a/src/libcharon/plugins/dhcp/dhcp_socket.c +++ b/src/libcharon/plugins/dhcp/dhcp_socket.c @@ -382,8 +382,7 @@ METHOD(dhcp_socket_t, enroll, dhcp_transaction_t*, while (try <= DHCP_TRIES && discover(this, transaction)) { if (!this->condvar->timed_wait(this->condvar, this->mutex, 1000 * try) && - this->request->find_first(this->request, NULL, - (void**)&transaction) == SUCCESS) + this->request->find_first(this->request, NULL, (void**)&transaction)) { break; } diff --git a/src/libcharon/plugins/dhcp/dhcp_transaction.c b/src/libcharon/plugins/dhcp/dhcp_transaction.c index 3ee88a698..87711799c 100644 --- a/src/libcharon/plugins/dhcp/dhcp_transaction.c +++ b/src/libcharon/plugins/dhcp/dhcp_transaction.c @@ -114,16 +114,22 @@ METHOD(dhcp_transaction_t, add_attribute, void, this->attributes->insert_last(this->attributes, entry); } -/** - * Filter function to map entries to type/data - */ -static bool attribute_filter(void *null, attribute_entry_t **entry, - configuration_attribute_type_t *type, - void **dummy, chunk_t *data) +CALLBACK(attribute_filter, bool, + void *null, enumerator_t *orig, va_list args) { - *type = (*entry)->type; - *data = (*entry)->data; - return TRUE; + configuration_attribute_type_t *type; + attribute_entry_t *entry; + chunk_t *data; + + VA_ARGS_VGET(args, type, data); + + if (orig->enumerate(orig, &entry)) + { + *type = entry->type; + *data = entry->data; + return TRUE; + } + return FALSE; } METHOD(dhcp_transaction_t, create_attribute_enumerator, enumerator_t*, @@ -131,7 +137,7 @@ METHOD(dhcp_transaction_t, create_attribute_enumerator, enumerator_t*, { return enumerator_create_filter( this->attributes->create_enumerator(this->attributes), - (void*)attribute_filter, NULL, NULL); + attribute_filter, NULL, NULL); } /** diff --git a/src/libcharon/plugins/dnscert/Makefile.in b/src/libcharon/plugins/dnscert/Makefile.in index cd66af8c8..3687f0cb7 100644 --- a/src/libcharon/plugins/dnscert/Makefile.in +++ b/src/libcharon/plugins/dnscert/Makefile.in @@ -358,6 +358,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -380,6 +381,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ diff --git a/src/libcharon/plugins/dnscert/dnscert_cred.c b/src/libcharon/plugins/dnscert/dnscert_cred.c index d32794c99..533bd5be4 100644 --- a/src/libcharon/plugins/dnscert/dnscert_cred.c +++ b/src/libcharon/plugins/dnscert/dnscert_cred.c @@ -75,12 +75,15 @@ typedef struct { } cert_enumerator_t; METHOD(enumerator_t, cert_enumerator_enumerate, bool, - cert_enumerator_t *this, certificate_t **cert) + cert_enumerator_t *this, va_list args) { + certificate_t **cert; dnscert_t *cur_crt; rr_t *cur_rr; chunk_t certificate; + VA_ARGS_VGET(args, cert); + /* Get the next supported CERT using the inner enumerator. */ while (this->inner->enumerate(this->inner, &cur_rr)) { @@ -175,7 +178,8 @@ METHOD(credential_set_t, create_cert_enumerator, enumerator_t*, INIT(e, .public = { - .enumerate = (void*)_cert_enumerator_enumerate, + .enumerate = enumerator_enumerate_default, + .venumerate = _cert_enumerator_enumerate, .destroy = _cert_enumerator_destroy, }, .inner = response->get_rr_set(response)->create_rr_enumerator( diff --git a/src/libcharon/plugins/duplicheck/Makefile.in b/src/libcharon/plugins/duplicheck/Makefile.in index e4b60e6ad..69959d30f 100644 --- a/src/libcharon/plugins/duplicheck/Makefile.in +++ b/src/libcharon/plugins/duplicheck/Makefile.in @@ -365,6 +365,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -387,6 +388,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ diff --git a/src/libcharon/plugins/eap_aka/Makefile.in b/src/libcharon/plugins/eap_aka/Makefile.in index 20c0ddb8f..5fff12890 100644 --- a/src/libcharon/plugins/eap_aka/Makefile.in +++ b/src/libcharon/plugins/eap_aka/Makefile.in @@ -359,6 +359,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -381,6 +382,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ diff --git a/src/libcharon/plugins/eap_aka_3gpp2/Makefile.in b/src/libcharon/plugins/eap_aka_3gpp2/Makefile.in index f4fb8ec42..478225562 100644 --- a/src/libcharon/plugins/eap_aka_3gpp2/Makefile.in +++ b/src/libcharon/plugins/eap_aka_3gpp2/Makefile.in @@ -360,6 +360,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -382,6 +383,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ diff --git a/src/libcharon/plugins/eap_dynamic/Makefile.in b/src/libcharon/plugins/eap_dynamic/Makefile.in index 2dbc05f02..2591dee55 100644 --- a/src/libcharon/plugins/eap_dynamic/Makefile.in +++ b/src/libcharon/plugins/eap_dynamic/Makefile.in @@ -358,6 +358,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -380,6 +381,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ diff --git a/src/libcharon/plugins/eap_dynamic/eap_dynamic.c b/src/libcharon/plugins/eap_dynamic/eap_dynamic.c index 83ccd3a8a..204fb317d 100644 --- a/src/libcharon/plugins/eap_dynamic/eap_dynamic.c +++ b/src/libcharon/plugins/eap_dynamic/eap_dynamic.c @@ -69,6 +69,15 @@ static bool entry_matches(eap_vendor_type_t *item, eap_vendor_type_t *other) return item->type == other->type && item->vendor == other->vendor; } +CALLBACK(entry_matches_cb, bool, + eap_vendor_type_t *item, va_list args) +{ + eap_vendor_type_t *other; + + VA_ARGS_VGET(args, other); + return entry_matches(item, other); +} + /** * Load the given EAP method */ @@ -121,8 +130,7 @@ static void select_method(private_eap_dynamic_t *this) { if (inner) { - if (inner->find_first(inner, (void*)entry_matches, - NULL, entry) != SUCCESS) + if (!inner->find_first(inner, entry_matches_cb, NULL, entry)) { if (entry->vendor) { diff --git a/src/libcharon/plugins/eap_gtc/Makefile.in b/src/libcharon/plugins/eap_gtc/Makefile.in index 01d509ebd..08d8ef8f6 100644 --- a/src/libcharon/plugins/eap_gtc/Makefile.in +++ b/src/libcharon/plugins/eap_gtc/Makefile.in @@ -357,6 +357,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -379,6 +380,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ diff --git a/src/libcharon/plugins/eap_identity/Makefile.in b/src/libcharon/plugins/eap_identity/Makefile.in index cc1f21eed..4859833ba 100644 --- a/src/libcharon/plugins/eap_identity/Makefile.in +++ b/src/libcharon/plugins/eap_identity/Makefile.in @@ -358,6 +358,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -380,6 +381,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ diff --git a/src/libcharon/plugins/eap_md5/Makefile.in b/src/libcharon/plugins/eap_md5/Makefile.in index 939bbf942..796d42f14 100644 --- a/src/libcharon/plugins/eap_md5/Makefile.in +++ b/src/libcharon/plugins/eap_md5/Makefile.in @@ -357,6 +357,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -379,6 +380,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ diff --git a/src/libcharon/plugins/eap_mschapv2/Makefile.in b/src/libcharon/plugins/eap_mschapv2/Makefile.in index 1e1936c45..00a9f73da 100644 --- a/src/libcharon/plugins/eap_mschapv2/Makefile.in +++ b/src/libcharon/plugins/eap_mschapv2/Makefile.in @@ -358,6 +358,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -380,6 +381,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ diff --git a/src/libcharon/plugins/eap_peap/Makefile.in b/src/libcharon/plugins/eap_peap/Makefile.in index b83a80f73..df3c2eae2 100644 --- a/src/libcharon/plugins/eap_peap/Makefile.in +++ b/src/libcharon/plugins/eap_peap/Makefile.in @@ -359,6 +359,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -381,6 +382,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ diff --git a/src/libcharon/plugins/eap_radius/Makefile.in b/src/libcharon/plugins/eap_radius/Makefile.in index 29a2f3898..d8ebeb8b5 100644 --- a/src/libcharon/plugins/eap_radius/Makefile.in +++ b/src/libcharon/plugins/eap_radius/Makefile.in @@ -360,6 +360,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -382,6 +383,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ diff --git a/src/libcharon/plugins/eap_radius/eap_radius_provider.c b/src/libcharon/plugins/eap_radius/eap_radius_provider.c index 9a87ad38d..58bbc2edd 100644 --- a/src/libcharon/plugins/eap_radius/eap_radius_provider.c +++ b/src/libcharon/plugins/eap_radius/eap_radius_provider.c @@ -404,11 +404,13 @@ typedef struct { attr_t *current; } attribute_enumerator_t; - METHOD(enumerator_t, attribute_enumerate, bool, - attribute_enumerator_t *this, configuration_attribute_type_t *type, - chunk_t *data) + attribute_enumerator_t *this, va_list args) { + configuration_attribute_type_t *type; + chunk_t *data; + + VA_ARGS_VGET(args, type, data); if (this->current) { destroy_attr(this->current); @@ -446,7 +448,8 @@ METHOD(attribute_provider_t, create_attribute_enumerator, enumerator_t*, INIT(enumerator, .public = { - .enumerate = (void*)_attribute_enumerate, + .enumerate = enumerator_enumerate_default, + .venumerate = _attribute_enumerate, .destroy = _attribute_destroy, }, .list = linked_list_create(), diff --git a/src/libcharon/plugins/eap_sim/Makefile.in b/src/libcharon/plugins/eap_sim/Makefile.in index b4abce9b3..6c2584ae4 100644 --- a/src/libcharon/plugins/eap_sim/Makefile.in +++ b/src/libcharon/plugins/eap_sim/Makefile.in @@ -359,6 +359,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -381,6 +382,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ diff --git a/src/libcharon/plugins/eap_sim_file/Makefile.in b/src/libcharon/plugins/eap_sim_file/Makefile.in index 914c8c0be..b2473725a 100644 --- a/src/libcharon/plugins/eap_sim_file/Makefile.in +++ b/src/libcharon/plugins/eap_sim_file/Makefile.in @@ -360,6 +360,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -382,6 +383,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ diff --git a/src/libcharon/plugins/eap_sim_file/eap_sim_file_triplets.c b/src/libcharon/plugins/eap_sim_file/eap_sim_file_triplets.c index ec1686910..03a60cfb1 100644 --- a/src/libcharon/plugins/eap_sim_file/eap_sim_file_triplets.c +++ b/src/libcharon/plugins/eap_sim_file/eap_sim_file_triplets.c @@ -79,10 +79,8 @@ typedef struct { private_eap_sim_file_triplets_t *this; } triplet_enumerator_t; -/** - * destroy a triplet enumerator - */ -static void enumerator_destroy(triplet_enumerator_t *e) +METHOD(enumerator_t, enumerator_destroy, void, + triplet_enumerator_t *e) { if (e->current) { @@ -97,13 +95,14 @@ static void enumerator_destroy(triplet_enumerator_t *e) free(e); } -/** - * enumerate through triplets - */ -static bool enumerator_enumerate(triplet_enumerator_t *e, identification_t **imsi, - char **rand, char **sres, char **kc) +METHOD(enumerator_t, enumerator_enumerate, bool, + triplet_enumerator_t *e, va_list args) { + identification_t **imsi; triplet_t *triplet; + char **rand, **sres, **kc; + + VA_ARGS_VGET(args, imsi, rand, sres, kc); if (e->inner->enumerate(e->inner, &triplet)) { @@ -121,15 +120,18 @@ static bool enumerator_enumerate(triplet_enumerator_t *e, identification_t **ims METHOD(eap_sim_file_triplets_t, create_enumerator, enumerator_t*, private_eap_sim_file_triplets_t *this) { - triplet_enumerator_t *enumerator = malloc_thing(triplet_enumerator_t); + triplet_enumerator_t *enumerator; this->mutex->lock(this->mutex); - enumerator->public.enumerate = (void*)enumerator_enumerate; - enumerator->public.destroy = (void*)enumerator_destroy; - enumerator->inner = this->triplets->create_enumerator(this->triplets); - enumerator->current = NULL; - enumerator->this = this; - + INIT(enumerator, + .public = { + .enumerate = enumerator_enumerate_default, + .venumerate = _enumerator_enumerate, + .destroy = _enumerator_destroy, + }, + .inner = this->triplets->create_enumerator(this->triplets), + .this = this, + ); return &enumerator->public; } diff --git a/src/libcharon/plugins/eap_sim_pcsc/Makefile.in b/src/libcharon/plugins/eap_sim_pcsc/Makefile.in index 48ef92136..88c31a95e 100644 --- a/src/libcharon/plugins/eap_sim_pcsc/Makefile.in +++ b/src/libcharon/plugins/eap_sim_pcsc/Makefile.in @@ -361,6 +361,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -383,6 +384,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ diff --git a/src/libcharon/plugins/eap_simaka_pseudonym/Makefile.in b/src/libcharon/plugins/eap_simaka_pseudonym/Makefile.in index 5f12e2e2e..62c8ca11e 100644 --- a/src/libcharon/plugins/eap_simaka_pseudonym/Makefile.in +++ b/src/libcharon/plugins/eap_simaka_pseudonym/Makefile.in @@ -361,6 +361,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -383,6 +384,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ diff --git a/src/libcharon/plugins/eap_simaka_reauth/Makefile.in b/src/libcharon/plugins/eap_simaka_reauth/Makefile.in index 45e2b7498..ef20102bb 100644 --- a/src/libcharon/plugins/eap_simaka_reauth/Makefile.in +++ b/src/libcharon/plugins/eap_simaka_reauth/Makefile.in @@ -360,6 +360,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -382,6 +383,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ diff --git a/src/libcharon/plugins/eap_simaka_sql/Makefile.in b/src/libcharon/plugins/eap_simaka_sql/Makefile.in index 8c134cff9..c9af52fa9 100644 --- a/src/libcharon/plugins/eap_simaka_sql/Makefile.in +++ b/src/libcharon/plugins/eap_simaka_sql/Makefile.in @@ -359,6 +359,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -381,6 +382,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ diff --git a/src/libcharon/plugins/eap_simaka_sql/eap_simaka_sql_card.c b/src/libcharon/plugins/eap_simaka_sql/eap_simaka_sql_card.c index 90627b52e..0f59c5b78 100644 --- a/src/libcharon/plugins/eap_simaka_sql/eap_simaka_sql_card.c +++ b/src/libcharon/plugins/eap_simaka_sql/eap_simaka_sql_card.c @@ -2,6 +2,9 @@ * Copyright (C) 2010 Martin Willi * Copyright (C) 2010 revosec AG * + * Copyright (C) 2017 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the * Free Software Foundation; either version 2 of the License, or (at your @@ -54,7 +57,7 @@ METHOD(simaka_card_t, get_triplet, bool, snprintf(buf, sizeof(buf), "%Y", id); query = this->db->query(this->db, "select sres, kc from triplets where rand = ? and id = ? " - "order by use limit 1", + "order by used limit 1", DB_BLOB, chunk_create(rand, SIM_RAND_LEN), DB_TEXT, buf, DB_BLOB, DB_BLOB); if (query) @@ -82,7 +85,7 @@ METHOD(simaka_card_t, get_triplet, bool, else { this->db->execute(this->db, NULL, - "update triplets set use = ? where id = ? and rand = ?", + "update triplets set used = ? where id = ? and rand = ?", DB_UINT, time(NULL), DB_TEXT, buf, DB_BLOB, chunk_create(rand, SIM_RAND_LEN)); } @@ -102,7 +105,7 @@ METHOD(simaka_card_t, get_quintuplet, status_t, snprintf(buf, sizeof(buf), "%Y", id); query = this->db->query(this->db, "select ck, ik, res from quintuplets " - "where rand = ? and autn = ? and id = ? order by use limit 1", + "where rand = ? and autn = ? and id = ? order by used limit 1", DB_BLOB, chunk_create(rand, AKA_RAND_LEN), DB_BLOB, chunk_create(autn, AKA_AUTN_LEN), DB_TEXT, buf, DB_BLOB, DB_BLOB, DB_BLOB); @@ -134,7 +137,7 @@ METHOD(simaka_card_t, get_quintuplet, status_t, else { this->db->execute(this->db, NULL, - "update quintuplets set use = ? where id = ? and rand = ?", + "update quintuplets set used = ? where id = ? and rand = ?", DB_UINT, time(NULL), DB_TEXT, buf, DB_BLOB, chunk_create(rand, AKA_RAND_LEN)); } diff --git a/src/libcharon/plugins/eap_tls/Makefile.in b/src/libcharon/plugins/eap_tls/Makefile.in index a9a2dede9..dfe6d8b03 100644 --- a/src/libcharon/plugins/eap_tls/Makefile.in +++ b/src/libcharon/plugins/eap_tls/Makefile.in @@ -358,6 +358,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -380,6 +381,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ diff --git a/src/libcharon/plugins/eap_tnc/Makefile.in b/src/libcharon/plugins/eap_tnc/Makefile.in index cda1728c0..902d79d76 100644 --- a/src/libcharon/plugins/eap_tnc/Makefile.in +++ b/src/libcharon/plugins/eap_tnc/Makefile.in @@ -359,6 +359,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -381,6 +382,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ diff --git a/src/libcharon/plugins/eap_ttls/Makefile.in b/src/libcharon/plugins/eap_ttls/Makefile.in index a72b00576..53fb187fd 100644 --- a/src/libcharon/plugins/eap_ttls/Makefile.in +++ b/src/libcharon/plugins/eap_ttls/Makefile.in @@ -360,6 +360,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -382,6 +383,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ diff --git a/src/libcharon/plugins/error_notify/Makefile.in b/src/libcharon/plugins/error_notify/Makefile.in index 33862f01a..1514f4011 100644 --- a/src/libcharon/plugins/error_notify/Makefile.in +++ b/src/libcharon/plugins/error_notify/Makefile.in @@ -366,6 +366,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -388,6 +389,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ diff --git a/src/libcharon/plugins/ext_auth/Makefile.in b/src/libcharon/plugins/ext_auth/Makefile.in index de83d83d5..c3a18191f 100644 --- a/src/libcharon/plugins/ext_auth/Makefile.in +++ b/src/libcharon/plugins/ext_auth/Makefile.in @@ -358,6 +358,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -380,6 +381,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ diff --git a/src/libcharon/plugins/farp/Makefile.in b/src/libcharon/plugins/farp/Makefile.in index daee657e7..3de99da38 100644 --- a/src/libcharon/plugins/farp/Makefile.in +++ b/src/libcharon/plugins/farp/Makefile.in @@ -356,6 +356,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -378,6 +379,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ diff --git a/src/libcharon/plugins/forecast/Makefile.in b/src/libcharon/plugins/forecast/Makefile.in index 5254bca04..5263ccd43 100644 --- a/src/libcharon/plugins/forecast/Makefile.in +++ b/src/libcharon/plugins/forecast/Makefile.in @@ -359,6 +359,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -381,6 +382,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ diff --git a/src/libcharon/plugins/forecast/forecast_listener.c b/src/libcharon/plugins/forecast/forecast_listener.c index 2024c2682..4585731de 100644 --- a/src/libcharon/plugins/forecast/forecast_listener.c +++ b/src/libcharon/plugins/forecast/forecast_listener.c @@ -613,17 +613,23 @@ METHOD(listener_t, ike_update, bool, return TRUE; } -/** - * Filter to map entries to ts/mark - */ -static bool ts_filter(entry_t *entry, traffic_selector_t **ts, - traffic_selector_t **out, void *dummy, uint32_t *mark, - void *dummy2, bool *reinject) +CALLBACK(ts_filter, bool, + entry_t *entry, enumerator_t *orig, va_list args) { - *out = *ts; - *mark = entry->mark; - *reinject = entry->reinject; - return TRUE; + traffic_selector_t *ts, **out; + uint32_t *mark; + bool *reinject; + + VA_ARGS_VGET(args, out, mark, reinject); + + if (orig->enumerate(orig, &ts)) + { + *out = ts; + *mark = entry->mark; + *reinject = entry->reinject; + return TRUE; + } + return FALSE; } /** @@ -632,7 +638,7 @@ static bool ts_filter(entry_t *entry, traffic_selector_t **ts, static enumerator_t* create_inner_local(entry_t *entry, rwlock_t *lock) { return enumerator_create_filter(array_create_enumerator(entry->lts), - (void*)ts_filter, entry, NULL); + ts_filter, entry, NULL); } /** @@ -641,7 +647,7 @@ static enumerator_t* create_inner_local(entry_t *entry, rwlock_t *lock) static enumerator_t* create_inner_remote(entry_t *entry, rwlock_t *lock) { return enumerator_create_filter(array_create_enumerator(entry->rts), - (void*)ts_filter, entry, NULL); + ts_filter, entry, NULL); } METHOD(forecast_listener_t, create_enumerator, enumerator_t*, diff --git a/src/libcharon/plugins/ha/Makefile.in b/src/libcharon/plugins/ha/Makefile.in index dd2a7a94c..d82bdd28e 100644 --- a/src/libcharon/plugins/ha/Makefile.in +++ b/src/libcharon/plugins/ha/Makefile.in @@ -358,6 +358,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -380,6 +381,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ diff --git a/src/libcharon/plugins/ha/ha_dispatcher.c b/src/libcharon/plugins/ha/ha_dispatcher.c index ee66b8442..7d22257c6 100644 --- a/src/libcharon/plugins/ha/ha_dispatcher.c +++ b/src/libcharon/plugins/ha/ha_dispatcher.c @@ -818,14 +818,14 @@ static void process_child_add(private_ha_dispatcher_t *this, } enumerator->destroy(enumerator); + child_sa->set_policies(child_sa, local_ts, remote_ts); + if (initiator) { if (child_sa->install(child_sa, encr_r, integ_r, inbound_spi, - inbound_cpi, initiator, TRUE, TRUE, - local_ts, remote_ts) != SUCCESS || + inbound_cpi, initiator, TRUE, TRUE) != SUCCESS || child_sa->install(child_sa, encr_i, integ_i, outbound_spi, - outbound_cpi, initiator, FALSE, TRUE, - local_ts, remote_ts) != SUCCESS) + outbound_cpi, initiator, FALSE, TRUE) != SUCCESS) { failed = TRUE; } @@ -833,11 +833,9 @@ static void process_child_add(private_ha_dispatcher_t *this, else { if (child_sa->install(child_sa, encr_i, integ_i, inbound_spi, - inbound_cpi, initiator, TRUE, TRUE, - local_ts, remote_ts) != SUCCESS || + inbound_cpi, initiator, TRUE, TRUE) != SUCCESS || child_sa->install(child_sa, encr_r, integ_r, outbound_spi, - outbound_cpi, initiator, FALSE, TRUE, - local_ts, remote_ts) != SUCCESS) + outbound_cpi, initiator, FALSE, TRUE) != SUCCESS) { failed = TRUE; } @@ -868,7 +866,7 @@ static void process_child_add(private_ha_dispatcher_t *this, child_sa->get_unique_id(child_sa), local_ts, remote_ts, seg_i, this->segments->is_active(this->segments, seg_i) ? "*" : "", seg_o, this->segments->is_active(this->segments, seg_o) ? "*" : ""); - child_sa->add_policies(child_sa, local_ts, remote_ts); + child_sa->install_policies(child_sa); local_ts->destroy_offset(local_ts, offsetof(traffic_selector_t, destroy)); remote_ts->destroy_offset(remote_ts, offsetof(traffic_selector_t, destroy)); diff --git a/src/libcharon/plugins/ha/ha_message.c b/src/libcharon/plugins/ha/ha_message.c index 42dfaf0e2..5f73b7156 100644 --- a/src/libcharon/plugins/ha/ha_message.c +++ b/src/libcharon/plugins/ha/ha_message.c @@ -331,10 +331,12 @@ typedef struct { } attribute_enumerator_t; METHOD(enumerator_t, attribute_enumerate, bool, - attribute_enumerator_t *this, ha_message_attribute_t *attr_out, - ha_message_value_t *value) + attribute_enumerator_t *this, va_list args) { - ha_message_attribute_t attr; + ha_message_attribute_t attr, *attr_out; + ha_message_value_t *value; + + VA_ARGS_VGET(args, attr_out, value); if (this->cleanup) { @@ -602,7 +604,8 @@ METHOD(ha_message_t, create_attribute_enumerator, enumerator_t*, INIT(e, .public = { - .enumerate = (void*)_attribute_enumerate, + .enumerate = enumerator_enumerate_default, + .venumerate = _attribute_enumerate, .destroy = _enum_destroy, }, .buf = chunk_skip(this->buf, 2), diff --git a/src/libcharon/plugins/ha/ha_tunnel.c b/src/libcharon/plugins/ha/ha_tunnel.c index a0e514614..1a6108ed9 100644 --- a/src/libcharon/plugins/ha/ha_tunnel.c +++ b/src/libcharon/plugins/ha/ha_tunnel.c @@ -111,8 +111,12 @@ typedef struct { } shared_enum_t; METHOD(enumerator_t, shared_enumerate, bool, - shared_enum_t *this, shared_key_t **key, id_match_t *me, id_match_t *other) + shared_enum_t *this, va_list args) { + shared_key_t **key; + id_match_t *me, *other; + + VA_ARGS_VGET(args, key, me, other); if (this->key) { if (me) @@ -151,7 +155,8 @@ METHOD(ha_creds_t, create_shared_enumerator, enumerator_t*, INIT(enumerator, .public = { - .enumerate = (void*)_shared_enumerate, + .enumerate = enumerator_enumerate_default, + .venumerate = _shared_enumerate, .destroy = (void*)free, }, .key = this->key, diff --git a/src/libcharon/plugins/ipseckey/Makefile.in b/src/libcharon/plugins/ipseckey/Makefile.in index 025a1a25e..02243e47c 100644 --- a/src/libcharon/plugins/ipseckey/Makefile.in +++ b/src/libcharon/plugins/ipseckey/Makefile.in @@ -358,6 +358,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -380,6 +381,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ diff --git a/src/libcharon/plugins/ipseckey/ipseckey_cred.c b/src/libcharon/plugins/ipseckey/ipseckey_cred.c index ff50d8a17..b3ac2b328 100644 --- a/src/libcharon/plugins/ipseckey/ipseckey_cred.c +++ b/src/libcharon/plugins/ipseckey/ipseckey_cred.c @@ -62,13 +62,16 @@ typedef struct { } cert_enumerator_t; METHOD(enumerator_t, cert_enumerator_enumerate, bool, - cert_enumerator_t *this, certificate_t **cert) + cert_enumerator_t *this, va_list args) { + certificate_t **cert; ipseckey_t *cur_ipseckey; public_key_t *public; rr_t *cur_rr; chunk_t key; + VA_ARGS_VGET(args, cert); + /* Get the next supported IPSECKEY using the inner enumerator. */ while (this->inner->enumerate(this->inner, &cur_rr)) { @@ -211,7 +214,8 @@ METHOD(credential_set_t, create_cert_enumerator, enumerator_t*, INIT(e, .public = { - .enumerate = (void*)_cert_enumerator_enumerate, + .enumerate = enumerator_enumerate_default, + .venumerate = _cert_enumerator_enumerate, .destroy = _cert_enumerator_destroy, }, .inner = rrset->create_rr_enumerator(rrset), diff --git a/src/libcharon/plugins/kernel_iph/Makefile.in b/src/libcharon/plugins/kernel_iph/Makefile.in index fb8e42ee6..d9c172c1d 100644 --- a/src/libcharon/plugins/kernel_iph/Makefile.in +++ b/src/libcharon/plugins/kernel_iph/Makefile.in @@ -358,6 +358,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -380,6 +381,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ diff --git a/src/libcharon/plugins/kernel_iph/kernel_iph_net.c b/src/libcharon/plugins/kernel_iph/kernel_iph_net.c index efeb98045..18a87b707 100644 --- a/src/libcharon/plugins/kernel_iph/kernel_iph_net.c +++ b/src/libcharon/plugins/kernel_iph/kernel_iph_net.c @@ -466,9 +466,12 @@ typedef struct { } addr_enumerator_t; METHOD(enumerator_t, addr_enumerate, bool, - addr_enumerator_t *this, host_t **host) + addr_enumerator_t *this, va_list args) { iface_t *entry; + host_t **host; + + VA_ARGS_VGET(args, host); while (TRUE) { @@ -523,7 +526,8 @@ METHOD(kernel_net_t, create_address_enumerator, enumerator_t*, INIT(enumerator, .public = { - .enumerate = (void*)_addr_enumerate, + .enumerate = enumerator_enumerate_default, + .venumerate = _addr_enumerate, .destroy = _addr_destroy, }, .which = which, diff --git a/src/libcharon/plugins/kernel_libipsec/Makefile.in b/src/libcharon/plugins/kernel_libipsec/Makefile.in index 4d5e46033..9f1a490cf 100644 --- a/src/libcharon/plugins/kernel_libipsec/Makefile.in +++ b/src/libcharon/plugins/kernel_libipsec/Makefile.in @@ -360,6 +360,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -382,6 +383,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ diff --git a/src/libcharon/plugins/kernel_libipsec/kernel_libipsec_ipsec.c b/src/libcharon/plugins/kernel_libipsec/kernel_libipsec_ipsec.c index 77e37e249..d4832e233 100644 --- a/src/libcharon/plugins/kernel_libipsec/kernel_libipsec_ipsec.c +++ b/src/libcharon/plugins/kernel_libipsec/kernel_libipsec_ipsec.c @@ -84,12 +84,12 @@ static void exclude_route_destroy(exclude_route_t *this) free(this); } -/** - * Find an exclude route entry by destination address - */ -static bool exclude_route_match(exclude_route_t *current, - host_t *dst) +CALLBACK(exclude_route_match, bool, + exclude_route_t *current, va_list args) { + host_t *dst; + + VA_ARGS_VGET(args, dst); return dst->ip_equals(dst, current->dst); } @@ -204,12 +204,12 @@ static void policy_entry_destroy(policy_entry_t *this) free(this); } -/** - * Compare two policy_entry_t objects - */ -static inline bool policy_entry_equals(policy_entry_t *a, - policy_entry_t *b) +CALLBACK(policy_entry_equals, bool, + policy_entry_t *a, va_list args) { + policy_entry_t *b; + + VA_ARGS_VGET(args, b); return a->direction == b->direction && a->src.proto == b->src.proto && a->dst.proto == b->dst.proto && @@ -297,9 +297,8 @@ static void add_exclude_route(private_kernel_libipsec_ipsec_t *this, exclude_route_t *exclude; host_t *gtw; - if (this->excludes->find_first(this->excludes, - (linked_list_match_t)exclude_route_match, - (void**)&exclude, dst) == SUCCESS) + if (this->excludes->find_first(this->excludes, exclude_route_match, + (void**)&exclude, dst)) { route->exclude = exclude; exclude->refs++; @@ -524,9 +523,8 @@ METHOD(kernel_ipsec_t, add_policy, status_t, policy = create_policy_entry(id->src_ts, id->dst_ts, id->dir); this->mutex->lock(this->mutex); - if (this->policies->find_first(this->policies, - (linked_list_match_t)policy_entry_equals, - (void**)&found, policy) == SUCCESS) + if (this->policies->find_first(this->policies, policy_entry_equals, + (void**)&found, policy)) { policy_entry_destroy(policy); policy = found; @@ -567,9 +565,8 @@ METHOD(kernel_ipsec_t, del_policy, status_t, policy = create_policy_entry(id->src_ts, id->dst_ts, id->dir); this->mutex->lock(this->mutex); - if (this->policies->find_first(this->policies, - (linked_list_match_t)policy_entry_equals, - (void**)&found, policy) != SUCCESS) + if (!this->policies->find_first(this->policies, policy_entry_equals, + (void**)&found, policy)) { policy_entry_destroy(policy); this->mutex->unlock(this->mutex); diff --git a/src/libcharon/plugins/kernel_netlink/Makefile.in b/src/libcharon/plugins/kernel_netlink/Makefile.in index 26a7090b3..7f25c5202 100644 --- a/src/libcharon/plugins/kernel_netlink/Makefile.in +++ b/src/libcharon/plugins/kernel_netlink/Makefile.in @@ -397,6 +397,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -419,6 +420,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ diff --git a/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c b/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c index becf6b5dc..c411b829d 100644 --- a/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c +++ b/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c @@ -78,9 +78,6 @@ /** Base priority for installed policies */ #define PRIO_BASE 200000 -/** Default lifetime of an acquire XFRM state (in seconds) */ -#define DEFAULT_ACQUIRE_LIFETIME 165 - /** * Map the limit for bytes and packets to XFRM_INF by default */ @@ -545,10 +542,10 @@ static policy_sa_t *policy_sa_create(private_kernel_netlink_ipsec_t *this, /** * Destroy a policy_sa(_in)_t object */ -static void policy_sa_destroy(policy_sa_t *policy, policy_dir_t *dir, +static void policy_sa_destroy(policy_sa_t *policy, policy_dir_t dir, private_kernel_netlink_ipsec_t *this) { - if (*dir == POLICY_OUT) + if (dir == POLICY_OUT) { policy_sa_out_t *out = (policy_sa_out_t*)policy; out->src_ts->destroy(out->src_ts); @@ -558,6 +555,16 @@ static void policy_sa_destroy(policy_sa_t *policy, policy_dir_t *dir, free(policy); } +CALLBACK(policy_sa_destroy_cb, void, + policy_sa_t *policy, va_list args) +{ + private_kernel_netlink_ipsec_t *this; + policy_dir_t dir; + + VA_ARGS_VGET(args, dir, this); + policy_sa_destroy(policy, dir, this); +} + typedef struct policy_entry_t policy_entry_t; /** @@ -602,9 +609,8 @@ static void policy_entry_destroy(private_kernel_netlink_ipsec_t *this, } if (policy->used_by) { - policy->used_by->invoke_function(policy->used_by, - (linked_list_invoke_t)policy_sa_destroy, - &policy->direction, this); + policy->used_by->invoke_function(policy->used_by, policy_sa_destroy_cb, + policy->direction, this); policy->used_by->destroy(policy->used_by); } free(policy); @@ -1639,12 +1645,46 @@ METHOD(kernel_ipsec_t, add_sa, status_t, data->replay_window); sa->replay_window = data->replay_window; } + if (data->hw_offload) + { + host_t *local = data->inbound ? id->dst : id->src; + char *ifname; + + if (charon->kernel->get_interface(charon->kernel, local, &ifname)) + { + struct xfrm_user_offload *offload; + + offload = netlink_reserve(hdr, sizeof(request), + XFRMA_OFFLOAD_DEV, sizeof(*offload)); + if (!offload) + { + free(ifname); + goto failed; + } + offload->ifindex = if_nametoindex(ifname); + if (local->get_family(local) == AF_INET6) + { + offload->flags |= XFRM_OFFLOAD_IPV6; + } + offload->flags |= data->inbound ? XFRM_OFFLOAD_INBOUND : 0; + free(ifname); + } + } } - if (this->socket_xfrm->send_ack(this->socket_xfrm, hdr) != SUCCESS) + status = this->socket_xfrm->send_ack(this->socket_xfrm, hdr); + if (status == NOT_FOUND && data->update) { - DBG1(DBG_KNL, "unable to add SAD entry with SPI %.8x%s", ntohl(id->spi), - markstr); + DBG1(DBG_KNL, "allocated SPI not found anymore, try to add SAD entry"); + hdr->nlmsg_type = XFRM_MSG_NEWSA; + status = this->socket_xfrm->send_ack(this->socket_xfrm, hdr); + } + + if (status != SUCCESS) + { + DBG1(DBG_KNL, "unable to add SAD entry with SPI %.8x%s (%N)", ntohl(id->spi), + markstr, status_names, status); + status = FAILED; goto failed; } @@ -1919,13 +1959,13 @@ METHOD(kernel_ipsec_t, update_sa, status_t, kernel_ipsec_update_sa_t *data) { netlink_buf_t request; - struct nlmsghdr *hdr, *out = NULL; + struct nlmsghdr *hdr, *out_hdr = NULL, *out = NULL; struct xfrm_usersa_id *sa_id; - struct xfrm_usersa_info *out_sa = NULL, *sa; + struct xfrm_usersa_info *sa; size_t len; struct rtattr *rta; size_t rtasize; - struct xfrm_encap_tmpl* tmpl = NULL; + struct xfrm_encap_tmpl* encap = NULL; struct xfrm_replay_state *replay = NULL; struct xfrm_replay_state_esn *replay_esn = NULL; struct xfrm_lifetime_cur *lifetime = NULL; @@ -1983,7 +2023,7 @@ METHOD(kernel_ipsec_t, update_sa, status_t, { case XFRM_MSG_NEWSA: { - out_sa = NLMSG_DATA(hdr); + out_hdr = hdr; break; } case NLMSG_ERROR: @@ -2002,7 +2042,7 @@ METHOD(kernel_ipsec_t, update_sa, status_t, break; } } - if (out_sa == NULL) + if (!out_hdr) { DBG1(DBG_KNL, "unable to update SAD entry with SPI %.8x%s", ntohl(id->spi), markstr); @@ -2029,7 +2069,7 @@ METHOD(kernel_ipsec_t, update_sa, status_t, hdr->nlmsg_type = XFRM_MSG_NEWSA; hdr->nlmsg_len = NLMSG_LENGTH(sizeof(struct xfrm_usersa_info)); sa = NLMSG_DATA(hdr); - memcpy(sa, NLMSG_DATA(out), sizeof(struct xfrm_usersa_info)); + memcpy(sa, NLMSG_DATA(out_hdr), sizeof(struct xfrm_usersa_info)); sa->family = data->new_dst->get_family(data->new_dst); if (!id->src->ip_equals(id->src, data->new_src)) @@ -2041,8 +2081,8 @@ METHOD(kernel_ipsec_t, update_sa, status_t, host2xfrm(data->new_dst, &sa->id.daddr); } - rta = XFRM_RTA(out, struct xfrm_usersa_info); - rtasize = XFRM_PAYLOAD(out, struct xfrm_usersa_info); + rta = XFRM_RTA(out_hdr, struct xfrm_usersa_info); + rtasize = XFRM_PAYLOAD(out_hdr, struct xfrm_usersa_info); while (RTA_OK(rta, rtasize)) { /* copy all attributes, but not XFRMA_ENCAP if we are disabling it */ @@ -2050,9 +2090,34 @@ METHOD(kernel_ipsec_t, update_sa, status_t, { if (rta->rta_type == XFRMA_ENCAP) { /* update encap tmpl */ - tmpl = RTA_DATA(rta); - tmpl->encap_sport = ntohs(data->new_src->get_port(data->new_src)); - tmpl->encap_dport = ntohs(data->new_dst->get_port(data->new_dst)); + encap = RTA_DATA(rta); + encap->encap_sport = ntohs(data->new_src->get_port(data->new_src)); + encap->encap_dport = ntohs(data->new_dst->get_port(data->new_dst)); + } + if (rta->rta_type == XFRMA_OFFLOAD_DEV) + { /* update offload device */ + struct xfrm_user_offload *offload; + host_t *local; + char *ifname; + + offload = RTA_DATA(rta); + local = offload->flags & XFRM_OFFLOAD_INBOUND ? data->new_dst + : data->new_src; + + if (charon->kernel->get_interface(charon->kernel, local, + &ifname)) + { + offload->ifindex = if_nametoindex(ifname); + if (local->get_family(local) == AF_INET6) + { + offload->flags |= XFRM_OFFLOAD_IPV6; + } + else + { + offload->flags &= ~XFRM_OFFLOAD_IPV6; + } + free(ifname); + } } netlink_add_attribute(hdr, rta->rta_type, chunk_create(RTA_DATA(rta), RTA_PAYLOAD(rta)), @@ -2061,17 +2126,18 @@ METHOD(kernel_ipsec_t, update_sa, status_t, rta = RTA_NEXT(rta, rtasize); } - if (tmpl == NULL && data->new_encap) + if (encap == NULL && data->new_encap) { /* add tmpl if we are enabling it */ - tmpl = netlink_reserve(hdr, sizeof(request), XFRMA_ENCAP, sizeof(*tmpl)); - if (!tmpl) + encap = netlink_reserve(hdr, sizeof(request), XFRMA_ENCAP, + sizeof(*encap)); + if (!encap) { goto failed; } - tmpl->encap_type = UDP_ENCAP_ESPINUDP; - tmpl->encap_sport = ntohs(data->new_src->get_port(data->new_src)); - tmpl->encap_dport = ntohs(data->new_dst->get_port(data->new_dst)); - memset(&tmpl->encap_oa, 0, sizeof (xfrm_address_t)); + encap->encap_type = UDP_ENCAP_ESPINUDP; + encap->encap_sport = ntohs(data->new_src->get_port(data->new_src)); + encap->encap_dport = ntohs(data->new_dst->get_port(data->new_dst)); + memset(&encap->encap_oa, 0, sizeof (xfrm_address_t)); } if (replay_esn) @@ -2711,7 +2777,7 @@ METHOD(kernel_ipsec_t, del_policy, status_t, ipsec_sa_equals(mapping->sa, &assigned_sa)) { current->used_by->remove_at(current->used_by, enumerator); - policy_sa_destroy(mapping, &id->dir, this); + policy_sa_destroy(mapping, id->dir, this); break; } if (is_installed) @@ -3171,7 +3237,6 @@ kernel_netlink_ipsec_t *kernel_netlink_ipsec_create() { private_kernel_netlink_ipsec_t *this; bool register_for_events = TRUE; - FILE *f; INIT(this, .public = { @@ -3216,15 +3281,6 @@ kernel_netlink_ipsec_t *kernel_netlink_ipsec_create() register_for_events = FALSE; } - f = fopen("/proc/sys/net/core/xfrm_acq_expires", "w"); - if (f) - { - fprintf(f, "%u", lib->settings->get_int(lib->settings, - "%s.plugins.kernel-netlink.xfrm_acq_expires", - DEFAULT_ACQUIRE_LIFETIME, lib->ns)); - fclose(f); - } - this->socket_xfrm = netlink_socket_create(NETLINK_XFRM, xfrm_msg_names, lib->settings->get_bool(lib->settings, "%s.plugins.kernel-netlink.parallel_xfrm", FALSE, lib->ns)); diff --git a/src/libcharon/plugins/kernel_netlink/kernel_netlink_net.c b/src/libcharon/plugins/kernel_netlink/kernel_netlink_net.c index 2dc76d941..0dd3e30cb 100644 --- a/src/libcharon/plugins/kernel_netlink/kernel_netlink_net.c +++ b/src/libcharon/plugins/kernel_netlink/kernel_netlink_net.c @@ -163,19 +163,21 @@ static void iface_entry_destroy(iface_entry_t *this) free(this); } -/** - * find an interface entry by index - */ -static bool iface_entry_by_index(iface_entry_t *this, int *ifindex) +CALLBACK(iface_entry_by_index, bool, + iface_entry_t *this, va_list args) { - return this->ifindex == *ifindex; + int ifindex; + + VA_ARGS_VGET(args, ifindex); + return this->ifindex == ifindex; } -/** - * find an interface entry by name - */ -static bool iface_entry_by_name(iface_entry_t *this, char *ifname) +CALLBACK(iface_entry_by_name, bool, + iface_entry_t *this, va_list args) { + char *ifname; + + VA_ARGS_VGET(args, ifname); return streq(this->ifname, ifname); } @@ -1112,8 +1114,8 @@ static bool is_interface_up_and_usable(private_kernel_netlink_net_t *this, { iface_entry_t *iface; - if (this->ifaces->find_first(this->ifaces, (void*)iface_entry_by_index, - (void**)&iface, &index) == SUCCESS) + if (this->ifaces->find_first(this->ifaces, iface_entry_by_index, + (void**)&iface, index)) { return iface_entry_up_and_usable(iface); } @@ -1125,9 +1127,13 @@ static bool is_interface_up_and_usable(private_kernel_netlink_net_t *this, * * this->lock must be locked when calling this function */ -static void addr_entry_unregister(addr_entry_t *addr, iface_entry_t *iface, - private_kernel_netlink_net_t *this) +CALLBACK(addr_entry_unregister, void, + addr_entry_t *addr, va_list args) { + private_kernel_netlink_net_t *this; + iface_entry_t *iface; + + VA_ARGS_VGET(args, iface, this); if (addr->refcount) { addr_map_entry_remove(this->vips, addr, iface); @@ -1171,9 +1177,8 @@ static void process_link(private_kernel_netlink_net_t *this, { case RTM_NEWLINK: { - if (this->ifaces->find_first(this->ifaces, - (void*)iface_entry_by_index, (void**)&entry, - &msg->ifi_index) != SUCCESS) + if (!this->ifaces->find_first(this->ifaces, iface_entry_by_index, + (void**)&entry, msg->ifi_index)) { INIT(entry, .ifindex = msg->ifi_index, @@ -1217,7 +1222,7 @@ static void process_link(private_kernel_netlink_net_t *this, * another interface? */ this->ifaces->remove_at(this->ifaces, enumerator); current->addrs->invoke_function(current->addrs, - (void*)addr_entry_unregister, current, this); + addr_entry_unregister, current, this); iface_entry_destroy(current); break; } @@ -1288,8 +1293,8 @@ static void process_addr(private_kernel_netlink_net_t *this, } this->lock->write_lock(this->lock); - if (this->ifaces->find_first(this->ifaces, (void*)iface_entry_by_index, - (void**)&iface, &msg->ifa_index) == SUCCESS) + if (this->ifaces->find_first(this->ifaces, iface_entry_by_index, + (void**)&iface, msg->ifa_index)) { addr_map_entry_t *entry, lookup = { .ip = host, @@ -1518,35 +1523,39 @@ typedef struct { kernel_address_type_t which; } address_enumerator_t; -/** - * cleanup function for address enumerator - */ -static void address_enumerator_destroy(address_enumerator_t *data) +CALLBACK(address_enumerator_destroy, void, + address_enumerator_t *data) { data->this->lock->unlock(data->this->lock); free(data); } -/** - * filter for addresses - */ -static bool filter_addresses(address_enumerator_t *data, - addr_entry_t** in, host_t** out) +CALLBACK(filter_addresses, bool, + address_enumerator_t *data, enumerator_t *orig, va_list args) { - if (!(data->which & ADDR_TYPE_VIRTUAL) && (*in)->refcount) - { /* skip virtual interfaces added by us */ - return FALSE; - } - if (!(data->which & ADDR_TYPE_REGULAR) && !(*in)->refcount) - { /* address is regular, but not requested */ - return FALSE; - } - if ((*in)->scope >= RT_SCOPE_LINK) - { /* skip addresses with a unusable scope */ - return FALSE; + addr_entry_t *addr; + host_t **out; + + VA_ARGS_VGET(args, out); + + while (orig->enumerate(orig, &addr)) + { + if (!(data->which & ADDR_TYPE_VIRTUAL) && addr->refcount) + { /* skip virtual interfaces added by us */ + continue; + } + if (!(data->which & ADDR_TYPE_REGULAR) && !addr->refcount) + { /* address is regular, but not requested */ + continue; + } + if (addr->scope >= RT_SCOPE_LINK) + { /* skip addresses with a unusable scope */ + continue; + } + *out = addr->ip; + return TRUE; } - *out = (*in)->ip; - return TRUE; + return FALSE; } /** @@ -1556,30 +1565,35 @@ static enumerator_t *create_iface_enumerator(iface_entry_t *iface, address_enumerator_t *data) { return enumerator_create_filter( - iface->addrs->create_enumerator(iface->addrs), - (void*)filter_addresses, data, NULL); + iface->addrs->create_enumerator(iface->addrs), + filter_addresses, data, NULL); } -/** - * filter for interfaces - */ -static bool filter_interfaces(address_enumerator_t *data, iface_entry_t** in, - iface_entry_t** out) +CALLBACK(filter_interfaces, bool, + address_enumerator_t *data, enumerator_t *orig, va_list args) { - if (!(data->which & ADDR_TYPE_IGNORED) && !(*in)->usable) - { /* skip interfaces excluded by config */ - return FALSE; - } - if (!(data->which & ADDR_TYPE_LOOPBACK) && ((*in)->flags & IFF_LOOPBACK)) - { /* ignore loopback devices */ - return FALSE; - } - if (!(data->which & ADDR_TYPE_DOWN) && !((*in)->flags & IFF_UP)) - { /* skip interfaces not up */ - return FALSE; + iface_entry_t *iface, **out; + + VA_ARGS_VGET(args, out); + + while (orig->enumerate(orig, &iface)) + { + if (!(data->which & ADDR_TYPE_IGNORED) && !iface->usable) + { /* skip interfaces excluded by config */ + continue; + } + if (!(data->which & ADDR_TYPE_LOOPBACK) && (iface->flags & IFF_LOOPBACK)) + { /* ignore loopback devices */ + continue; + } + if (!(data->which & ADDR_TYPE_DOWN) && !(iface->flags & IFF_UP)) + { /* skip interfaces not up */ + continue; + } + *out = iface; + return TRUE; } - *out = *in; - return TRUE; + return FALSE; } METHOD(kernel_net_t, create_address_enumerator, enumerator_t*, @@ -1596,9 +1610,9 @@ METHOD(kernel_net_t, create_address_enumerator, enumerator_t*, return enumerator_create_nested( enumerator_create_filter( this->ifaces->create_enumerator(this->ifaces), - (void*)filter_interfaces, data, NULL), + filter_interfaces, data, NULL), (void*)create_iface_enumerator, data, - (void*)address_enumerator_destroy); + address_enumerator_destroy); } METHOD(kernel_net_t, get_interface_name, bool, @@ -1661,8 +1675,8 @@ static int get_interface_index(private_kernel_netlink_net_t *this, char* name) DBG2(DBG_KNL, "getting iface index for %s", name); this->lock->read_lock(this->lock); - if (this->ifaces->find_first(this->ifaces, (void*)iface_entry_by_name, - (void**)&iface, name) == SUCCESS) + if (this->ifaces->find_first(this->ifaces, iface_entry_by_name, + (void**)&iface, name)) { ifindex = iface->ifindex; } @@ -1687,8 +1701,8 @@ static char *get_interface_name_by_index(private_kernel_netlink_net_t *this, DBG2(DBG_KNL, "getting iface name for index %d", index); this->lock->read_lock(this->lock); - if (this->ifaces->find_first(this->ifaces, (void*)iface_entry_by_index, - (void**)&iface, &index) == SUCCESS) + if (this->ifaces->find_first(this->ifaces, iface_entry_by_index, + (void**)&iface, index)) { name = strdup(iface->ifname); } @@ -1928,7 +1942,7 @@ static host_t *get_route(private_kernel_netlink_net_t *this, host_t *dest, table = (uintptr_t)route->table; if (this->rt_exclude->find_first(this->rt_exclude, NULL, - (void**)&table) == SUCCESS) + (void**)&table)) { /* route is from an excluded routing table */ continue; } @@ -2165,8 +2179,14 @@ METHOD(enumerator_t, destroy_subnet_enumerator, void, } METHOD(enumerator_t, enumerate_subnets, bool, - subnet_enumerator_t *this, host_t **net, uint8_t *mask, char **ifname) + subnet_enumerator_t *this, va_list args) { + host_t **net; + uint8_t *mask; + char **ifname; + + VA_ARGS_VGET(args, net, mask, ifname); + if (!this->current) { this->current = this->msg; @@ -2270,7 +2290,8 @@ METHOD(kernel_net_t, create_local_subnet_enumerator, enumerator_t*, INIT(enumerator, .public = { - .enumerate = (void*)_enumerate_subnets, + .enumerate = enumerator_enumerate_default, + .venumerate = _enumerate_subnets, .destroy = _destroy_subnet_enumerator, }, .private = this, @@ -2380,11 +2401,11 @@ METHOD(kernel_net_t, add_ip, status_t, } /* try to find the target interface, either by config or via src ip */ if (!this->install_virtual_ip_on || - this->ifaces->find_first(this->ifaces, (void*)iface_entry_by_name, - (void**)&iface, this->install_virtual_ip_on) != SUCCESS) + !this->ifaces->find_first(this->ifaces, iface_entry_by_name, + (void**)&iface, this->install_virtual_ip_on)) { - if (this->ifaces->find_first(this->ifaces, (void*)iface_entry_by_name, - (void**)&iface, iface_name) != SUCCESS) + if (!this->ifaces->find_first(this->ifaces, iface_entry_by_name, + (void**)&iface, iface_name)) { /* if we don't find the requested interface we just use the first */ this->ifaces->get_first(this->ifaces, (void**)&iface); } diff --git a/src/libcharon/plugins/kernel_netlink/kernel_netlink_plugin.c b/src/libcharon/plugins/kernel_netlink/kernel_netlink_plugin.c index 8bafc3c55..58350028f 100644 --- a/src/libcharon/plugins/kernel_netlink/kernel_netlink_plugin.c +++ b/src/libcharon/plugins/kernel_netlink/kernel_netlink_plugin.c @@ -19,6 +19,8 @@ #include "kernel_netlink_ipsec.h" #include "kernel_netlink_net.h" +#include + typedef struct private_kernel_netlink_plugin_t private_kernel_netlink_plugin_t; /** @@ -50,6 +52,24 @@ METHOD(plugin_t, get_features, int, return countof(f); } +METHOD(plugin_t, reload, bool, + private_kernel_netlink_plugin_t *this) +{ + u_int timeout; + FILE *f; + + f = fopen("/proc/sys/net/core/xfrm_acq_expires", "w"); + if (f) + { + timeout = lib->settings->get_int(lib->settings, + "%s.plugins.kernel-netlink.xfrm_acq_expires", + task_manager_total_retransmit_timeout(), lib->ns); + fprintf(f, "%u", timeout); + fclose(f); + } + return TRUE; +} + METHOD(plugin_t, destroy, void, private_kernel_netlink_plugin_t *this) { @@ -76,10 +96,13 @@ plugin_t *kernel_netlink_plugin_create() .plugin = { .get_name = _get_name, .get_features = _get_features, + .reload = _reload, .destroy = _destroy, }, }, ); + reload(this); + return &this->public.plugin; } diff --git a/src/libcharon/plugins/kernel_netlink/kernel_netlink_shared.c b/src/libcharon/plugins/kernel_netlink/kernel_netlink_shared.c index da54031a1..cf85cb0a6 100644 --- a/src/libcharon/plugins/kernel_netlink/kernel_netlink_shared.c +++ b/src/libcharon/plugins/kernel_netlink/kernel_netlink_shared.c @@ -333,7 +333,8 @@ static status_t send_once(private_netlink_socket_t *this, struct nlmsghdr *in, while (!entry->complete) { if (this->parallel && - lib->watcher->get_state(lib->watcher) != WATCHER_STOPPED) + lib->watcher->get_state(lib->watcher) != WATCHER_STOPPED && + lib->processor->get_total_threads(lib->processor)) { if (this->timeout) { diff --git a/src/libcharon/plugins/kernel_pfkey/Makefile.in b/src/libcharon/plugins/kernel_pfkey/Makefile.in index b138a9603..b27408a3f 100644 --- a/src/libcharon/plugins/kernel_pfkey/Makefile.in +++ b/src/libcharon/plugins/kernel_pfkey/Makefile.in @@ -358,6 +358,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -380,6 +381,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ diff --git a/src/libcharon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c b/src/libcharon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c index 17878147b..fd1adb2ae 100644 --- a/src/libcharon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c +++ b/src/libcharon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c @@ -464,10 +464,10 @@ static policy_sa_t *policy_sa_create(private_kernel_pfkey_ipsec_t *this, /** * Destroy a policy_sa(_in)_t object */ -static void policy_sa_destroy(policy_sa_t *policy, policy_dir_t *dir, +static void policy_sa_destroy(policy_sa_t *policy, policy_dir_t dir, private_kernel_pfkey_ipsec_t *this) { - if (*dir == POLICY_OUT) + if (dir == POLICY_OUT) { policy_sa_out_t *out = (policy_sa_out_t*)policy; out->src_ts->destroy(out->src_ts); @@ -477,6 +477,16 @@ static void policy_sa_destroy(policy_sa_t *policy, policy_dir_t *dir, free(policy); } +CALLBACK(policy_sa_destroy_cb, void, + policy_sa_t *policy, va_list args) +{ + private_kernel_pfkey_ipsec_t *this; + policy_dir_t dir; + + VA_ARGS_VGET(args, dir, this); + policy_sa_destroy(policy, dir, this); +} + typedef struct policy_entry_t policy_entry_t; /** @@ -557,9 +567,8 @@ static void policy_entry_destroy(policy_entry_t *policy, } if (policy->used_by) { - policy->used_by->invoke_function(policy->used_by, - (linked_list_invoke_t)policy_sa_destroy, - &policy->direction, this); + policy->used_by->invoke_function(policy->used_by, policy_sa_destroy_cb, + policy->direction, this); policy->used_by->destroy(policy->used_by); } DESTROY_IF(policy->src.net); @@ -567,12 +576,21 @@ static void policy_entry_destroy(policy_entry_t *policy, free(policy); } -/** - * compares two policy_entry_t - */ -static inline bool policy_entry_equals(policy_entry_t *current, - policy_entry_t *policy) +CALLBACK(policy_entry_destroy_cb, void, + policy_entry_t *policy, va_list args) { + private_kernel_pfkey_ipsec_t *this; + + VA_ARGS_VGET(args, this); + policy_entry_destroy(policy, this); +} + +CALLBACK(policy_entry_equals, bool, + policy_entry_t *current, va_list args) +{ + policy_entry_t *policy; + + VA_ARGS_VGET(args, policy); return current->direction == policy->direction && current->src.proto == policy->src.proto && current->dst.proto == policy->dst.proto && @@ -582,13 +600,13 @@ static inline bool policy_entry_equals(policy_entry_t *current, current->dst.net->equals(current->dst.net, policy->dst.net); } -/** - * compare the given kernel index with that of a policy - */ -static inline bool policy_entry_match_byindex(policy_entry_t *current, - uint32_t *index) +CALLBACK(policy_entry_match_byindex, bool, + policy_entry_t *current, va_list args) { - return current->index == *index; + uint32_t index; + + VA_ARGS_VGET(args, index); + return current->index == index; } /** @@ -999,24 +1017,6 @@ static void add_addr_ext(struct sadb_msg *msg, host_t *host, uint16_t type, PFKEY_EXT_ADD(msg, addr); } -/** - * adds an empty address extension to the given sadb_msg - */ -static void add_anyaddr_ext(struct sadb_msg *msg, int family, uint8_t type) -{ - socklen_t len = (family == AF_INET) ? sizeof(struct sockaddr_in) : - sizeof(struct sockaddr_in6); - struct sadb_address *addr = (struct sadb_address*)PFKEY_EXT_ADD_NEXT(msg); - addr->sadb_address_exttype = type; - sockaddr_t *saddr = (sockaddr_t*)(addr + 1); - saddr->sa_family = family; -#ifdef HAVE_STRUCT_SOCKADDR_SA_LEN - saddr->sa_len = len; -#endif - addr->sadb_address_len = PFKEY_LEN(sizeof(*addr) + len); - PFKEY_EXT_ADD(msg, addr); -} - #ifdef HAVE_NATT /** * add udp encap extensions to a sadb_msg @@ -1279,9 +1279,8 @@ static void process_acquire(private_kernel_pfkey_ipsec_t *this, index = response.x_policy->sadb_x_policy_id; this->mutex->lock(this->mutex); - if (this->policies->find_first(this->policies, - (linked_list_match_t)policy_entry_match_byindex, - (void**)&policy, &index) == SUCCESS && + if (this->policies->find_first(this->policies, policy_entry_match_byindex, + (void**)&policy, index) && policy->used_by->get_first(policy->used_by, (void**)&sa) == SUCCESS) { reqid = sa->sa->cfg.reqid; @@ -1854,6 +1853,7 @@ METHOD(kernel_ipsec_t, update_sa, status_t, pfkey_msg_t response; size_t len; +#ifndef SADB_X_EXT_NEW_ADDRESS_SRC /* we can't update the SA if any of the ip addresses have changed. * that's because we can't use SADB_UPDATE and by deleting and readding the * SA the sequence numbers would get lost */ @@ -1864,6 +1864,7 @@ METHOD(kernel_ipsec_t, update_sa, status_t, "changes are not supported", ntohl(id->spi)); return NOT_SUPPORTED; } +#endif /*SADB_X_EXT_NEW_ADDRESS_SRC*/ /* if IPComp is used, we first update the IPComp SA */ if (data->cpi) @@ -1900,9 +1901,7 @@ METHOD(kernel_ipsec_t, update_sa, status_t, sa->sadb_sa_state = SADB_SASTATE_MATURE; PFKEY_EXT_ADD(msg, sa); - /* the kernel wants a SADB_EXT_ADDRESS_SRC to be present even though - * it is not used for anything. */ - add_anyaddr_ext(msg, id->dst->get_family(id->dst), SADB_EXT_ADDRESS_SRC); + add_addr_ext(msg, id->src, SADB_EXT_ADDRESS_SRC, 0, 0, FALSE); add_addr_ext(msg, id->dst, SADB_EXT_ADDRESS_DST, 0, 0, FALSE); if (pfkey_send(this, msg, &out, &len) != SUCCESS) @@ -1944,7 +1943,7 @@ METHOD(kernel_ipsec_t, update_sa, status_t, sa_2 = (struct sadb_sa_2*)PFKEY_EXT_ADD_NEXT(msg); sa_2->sa.sadb_sa_len = PFKEY_LEN(sizeof(struct sadb_sa_2)); memcpy(&sa_2->sa, response.sa, sizeof(struct sadb_sa)); - if (data->encap) + if (data->new_encap) { sa_2->sadb_sa_natt_port = data->new_dst->get_port(data->new_dst); sa_2->sa.sadb_sa_flags |= SADB_X_EXT_NATT; @@ -1978,6 +1977,19 @@ METHOD(kernel_ipsec_t, update_sa, status_t, } #endif /*HAVE_NATT*/ +#ifdef SADB_X_EXT_NEW_ADDRESS_SRC + if (!id->src->ip_equals(id->src, data->new_src)) + { + add_addr_ext(msg, data->new_src, SADB_X_EXT_NEW_ADDRESS_SRC, 0, 0, + FALSE); + } + if (!id->dst->ip_equals(id->dst, data->new_dst)) + { + add_addr_ext(msg, data->new_dst, SADB_X_EXT_NEW_ADDRESS_DST, 0, 0, + FALSE); + } +#endif /*SADB_X_EXT_NEW_ADDRESS_SRC*/ + free(out); if (pfkey_send(this, msg, &out, &len) != SUCCESS) @@ -2559,8 +2571,7 @@ static status_t add_policy_internal(private_kernel_pfkey_ipsec_t *this, /* we try to find the policy again and update the kernel index */ this->mutex->lock(this->mutex); - if (this->policies->find_first(this->policies, NULL, - (void**)&policy) != SUCCESS) + if (!this->policies->find_first(this->policies, NULL, (void**)&policy)) { DBG2(DBG_KNL, "unable to update index, the policy is already gone, " "ignoring"); @@ -2611,9 +2622,8 @@ METHOD(kernel_ipsec_t, add_policy, status_t, /* find a matching policy */ this->mutex->lock(this->mutex); - if (this->policies->find_first(this->policies, - (linked_list_match_t)policy_entry_equals, - (void**)&found, policy) == SUCCESS) + if (this->policies->find_first(this->policies, policy_entry_equals, + (void**)&found, policy)) { /* use existing policy */ DBG2(DBG_KNL, "policy %R === %R %N already exists, increasing " "refcount", id->src_ts, id->dst_ts, policy_dir_names, id->dir); @@ -2706,9 +2716,8 @@ METHOD(kernel_ipsec_t, query_policy, status_t, /* find a matching policy */ this->mutex->lock(this->mutex); - if (this->policies->find_first(this->policies, - (linked_list_match_t)policy_entry_equals, - (void**)&found, policy) != SUCCESS) + if (!this->policies->find_first(this->policies, policy_entry_equals, + (void**)&found, policy)) { DBG1(DBG_KNL, "querying policy %R === %R %N failed, not found", id->src_ts, id->dst_ts, policy_dir_names, id->dir); @@ -2819,9 +2828,8 @@ METHOD(kernel_ipsec_t, del_policy, status_t, /* find a matching policy */ this->mutex->lock(this->mutex); - if (this->policies->find_first(this->policies, - (linked_list_match_t)policy_entry_equals, - (void**)&found, policy) != SUCCESS) + if (!this->policies->find_first(this->policies, policy_entry_equals, + (void**)&found, policy)) { DBG1(DBG_KNL, "deleting policy %R === %R %N failed, not found", id->src_ts, id->dst_ts, policy_dir_names, id->dir); @@ -2865,7 +2873,7 @@ METHOD(kernel_ipsec_t, del_policy, status_t, if (policy->used_by->get_count(policy->used_by) > 0) { /* policy is used by more SAs, keep in kernel */ DBG2(DBG_KNL, "policy still used by another CHILD_SA, not removed"); - policy_sa_destroy(mapping, &id->dir, this); + policy_sa_destroy(mapping, id->dir, this); if (!is_installed) { /* no need to update as the policy was not installed for this SA */ @@ -2920,7 +2928,7 @@ METHOD(kernel_ipsec_t, del_policy, status_t, } this->policies->remove(this->policies, found, NULL); - policy_sa_destroy(mapping, &id->dir, this); + policy_sa_destroy(mapping, id->dir, this); policy_entry_destroy(policy, this); this->mutex->unlock(this->mutex); @@ -3093,8 +3101,7 @@ METHOD(kernel_ipsec_t, destroy, void, lib->watcher->remove(lib->watcher, this->socket_events); close(this->socket_events); } - this->policies->invoke_function(this->policies, - (linked_list_invoke_t)policy_entry_destroy, + this->policies->invoke_function(this->policies, policy_entry_destroy_cb, this); this->policies->destroy(this->policies); this->excludes->destroy(this->excludes); diff --git a/src/libcharon/plugins/kernel_pfroute/Makefile.in b/src/libcharon/plugins/kernel_pfroute/Makefile.in index 1e4b3e207..e7005bbff 100644 --- a/src/libcharon/plugins/kernel_pfroute/Makefile.in +++ b/src/libcharon/plugins/kernel_pfroute/Makefile.in @@ -358,6 +358,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -380,6 +381,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ diff --git a/src/libcharon/plugins/kernel_pfroute/kernel_pfroute_net.c b/src/libcharon/plugins/kernel_pfroute/kernel_pfroute_net.c index efcf1c2a7..6d06ee179 100644 --- a/src/libcharon/plugins/kernel_pfroute/kernel_pfroute_net.c +++ b/src/libcharon/plugins/kernel_pfroute/kernel_pfroute_net.c @@ -601,9 +601,12 @@ typedef struct { } rt_enumerator_t; METHOD(enumerator_t, rt_enumerate, bool, - rt_enumerator_t *this, int *xtype, struct sockaddr **addr) + rt_enumerator_t *this, va_list args) { - int i, type; + struct sockaddr **addr; + int i, type, *xtype; + + VA_ARGS_VGET(args, xtype, addr); if (this->remaining < sizeof(this->addr->sa_len) || this->remaining < this->addr->sa_len) @@ -637,7 +640,8 @@ static enumerator_t *create_rt_enumerator(int types, int remaining, INIT(this, .public = { - .enumerate = (void*)_rt_enumerate, + .enumerate = enumerator_enumerate_default, + .venumerate = _rt_enumerate, .destroy = (void*)free, }, .types = types, @@ -1050,41 +1054,45 @@ typedef struct { kernel_address_type_t which; } address_enumerator_t; -/** - * cleanup function for address enumerator - */ -static void address_enumerator_destroy(address_enumerator_t *data) +CALLBACK(address_enumerator_destroy, void, + address_enumerator_t *data) { data->this->lock->unlock(data->this->lock); free(data); } -/** - * filter for addresses - */ -static bool filter_addresses(address_enumerator_t *data, - addr_entry_t** in, host_t** out) +CALLBACK(filter_addresses, bool, + address_enumerator_t *data, enumerator_t *orig, va_list args) { - host_t *ip; - if (!(data->which & ADDR_TYPE_VIRTUAL) && (*in)->virtual) - { /* skip virtual interfaces added by us */ - return FALSE; - } - if (!(data->which & ADDR_TYPE_REGULAR) && !(*in)->virtual) - { /* address is regular, but not requested */ - return FALSE; - } - ip = (*in)->ip; - if (ip->get_family(ip) == AF_INET6) + addr_entry_t *addr; + host_t *ip, **out; + struct sockaddr_in6 *sin6; + + VA_ARGS_VGET(args, out); + + while (orig->enumerate(orig, &addr)) { - struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)ip->get_sockaddr(ip); - if (IN6_IS_ADDR_LINKLOCAL(&sin6->sin6_addr)) - { /* skip addresses with a unusable scope */ - return FALSE; + if (!(data->which & ADDR_TYPE_VIRTUAL) && addr->virtual) + { /* skip virtual interfaces added by us */ + continue; } + if (!(data->which & ADDR_TYPE_REGULAR) && !addr->virtual) + { /* address is regular, but not requested */ + continue; + } + ip = addr->ip; + if (ip->get_family(ip) == AF_INET6) + { + sin6 = (struct sockaddr_in6 *)ip->get_sockaddr(ip); + if (IN6_IS_ADDR_LINKLOCAL(&sin6->sin6_addr)) + { /* skip addresses with a unusable scope */ + continue; + } + } + *out = ip; + return TRUE; } - *out = ip; - return TRUE; + return FALSE; } /** @@ -1094,29 +1102,34 @@ static enumerator_t *create_iface_enumerator(iface_entry_t *iface, address_enumerator_t *data) { return enumerator_create_filter(iface->addrs->create_enumerator(iface->addrs), - (void*)filter_addresses, data, NULL); + filter_addresses, data, NULL); } -/** - * filter for interfaces - */ -static bool filter_interfaces(address_enumerator_t *data, iface_entry_t** in, - iface_entry_t** out) +CALLBACK(filter_interfaces, bool, + address_enumerator_t *data, enumerator_t *orig, va_list args) { - if (!(data->which & ADDR_TYPE_IGNORED) && !(*in)->usable) - { /* skip interfaces excluded by config */ - return FALSE; - } - if (!(data->which & ADDR_TYPE_LOOPBACK) && ((*in)->flags & IFF_LOOPBACK)) - { /* ignore loopback devices */ - return FALSE; - } - if (!(data->which & ADDR_TYPE_DOWN) && !((*in)->flags & IFF_UP)) - { /* skip interfaces not up */ - return FALSE; + iface_entry_t *iface, **out; + + VA_ARGS_VGET(args, out); + + while (orig->enumerate(orig, &iface)) + { + if (!(data->which & ADDR_TYPE_IGNORED) && !iface->usable) + { /* skip interfaces excluded by config */ + continue; + } + if (!(data->which & ADDR_TYPE_LOOPBACK) && (iface->flags & IFF_LOOPBACK)) + { /* ignore loopback devices */ + continue; + } + if (!(data->which & ADDR_TYPE_DOWN) && !(iface->flags & IFF_UP)) + { /* skip interfaces not up */ + continue; + } + *out = iface; + return TRUE; } - *out = *in; - return TRUE; + return FALSE; } METHOD(kernel_net_t, create_address_enumerator, enumerator_t*, @@ -1133,9 +1146,9 @@ METHOD(kernel_net_t, create_address_enumerator, enumerator_t*, return enumerator_create_nested( enumerator_create_filter( this->ifaces->create_enumerator(this->ifaces), - (void*)filter_interfaces, data, NULL), + filter_interfaces, data, NULL), (void*)create_iface_enumerator, data, - (void*)address_enumerator_destroy); + address_enumerator_destroy); } METHOD(kernel_net_t, get_features, kernel_feature_t, @@ -1789,13 +1802,18 @@ METHOD(enumerator_t, destroy_subnet_enumerator, void, } METHOD(enumerator_t, enumerate_subnets, bool, - subnet_enumerator_t *this, host_t **net, uint8_t *mask, char **ifname) + subnet_enumerator_t *this, va_list args) { enumerator_t *enumerator; + host_t **net; struct rt_msghdr *rtm; struct sockaddr *addr; + uint8_t *mask; + char **ifname; int type; + VA_ARGS_VGET(args, net, mask, ifname); + if (!this->current) { this->current = this->buf; @@ -1888,7 +1906,8 @@ METHOD(kernel_net_t, create_local_subnet_enumerator, enumerator_t*, INIT(enumerator, .public = { - .enumerate = (void*)_enumerate_subnets, + .enumerate = enumerator_enumerate_default, + .venumerate = _enumerate_subnets, .destroy = _destroy_subnet_enumerator, }, .buf = buf, diff --git a/src/libcharon/plugins/kernel_wfp/Makefile.in b/src/libcharon/plugins/kernel_wfp/Makefile.in index a3368d56f..ffdae84c0 100644 --- a/src/libcharon/plugins/kernel_wfp/Makefile.in +++ b/src/libcharon/plugins/kernel_wfp/Makefile.in @@ -366,6 +366,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -388,6 +389,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ diff --git a/src/libcharon/plugins/led/Makefile.in b/src/libcharon/plugins/led/Makefile.in index f16304dbc..7f820292d 100644 --- a/src/libcharon/plugins/led/Makefile.in +++ b/src/libcharon/plugins/led/Makefile.in @@ -355,6 +355,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -377,6 +378,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ diff --git a/src/libcharon/plugins/load_tester/Makefile.in b/src/libcharon/plugins/load_tester/Makefile.in index c6e17fb83..c55e3578c 100644 --- a/src/libcharon/plugins/load_tester/Makefile.in +++ b/src/libcharon/plugins/load_tester/Makefile.in @@ -368,6 +368,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -390,6 +391,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ diff --git a/src/libcharon/plugins/load_tester/load_tester_creds.c b/src/libcharon/plugins/load_tester/load_tester_creds.c index 2f482962a..2cedd130e 100644 --- a/src/libcharon/plugins/load_tester/load_tester_creds.c +++ b/src/libcharon/plugins/load_tester/load_tester_creds.c @@ -395,22 +395,28 @@ METHOD(credential_set_t, create_cert_enumerator, enumerator_t*, return NULL; } -/** - * Filter function for shared keys, returning ID matches - */ -static bool shared_filter(void *null, shared_key_t **in, shared_key_t **out, - void **un1, id_match_t *me, void **un2, id_match_t *other) +CALLBACK(shared_filter, bool, + void *null, enumerator_t *orig, va_list args) { - *out = *in; - if (me) - { - *me = ID_MATCH_ANY; - } - if (other) + shared_key_t *key, **out; + id_match_t *me, *other; + + VA_ARGS_VGET(args, out, me, other); + + if (orig->enumerate(orig, &key)) { - *other = ID_MATCH_ANY; + *out = key; + if (me) + { + *me = ID_MATCH_ANY; + } + if (other) + { + *other = ID_MATCH_ANY; + } + return TRUE; } - return TRUE; + return FALSE; } METHOD(credential_set_t, create_shared_enumerator, enumerator_t*, @@ -431,7 +437,7 @@ METHOD(credential_set_t, create_shared_enumerator, enumerator_t*, return NULL; } return enumerator_create_filter(enumerator_create_single(shared, NULL), - (void*)shared_filter, NULL, NULL); + shared_filter, NULL, NULL); } METHOD(load_tester_creds_t, destroy, void, diff --git a/src/libcharon/plugins/lookip/Makefile.in b/src/libcharon/plugins/lookip/Makefile.in index 919060469..ba86d3788 100644 --- a/src/libcharon/plugins/lookip/Makefile.in +++ b/src/libcharon/plugins/lookip/Makefile.in @@ -364,6 +364,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -386,6 +387,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ diff --git a/src/libcharon/plugins/medcli/Makefile.in b/src/libcharon/plugins/medcli/Makefile.in index 4db68a3fc..e2d63be1c 100644 --- a/src/libcharon/plugins/medcli/Makefile.in +++ b/src/libcharon/plugins/medcli/Makefile.in @@ -358,6 +358,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -380,6 +381,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ diff --git a/src/libcharon/plugins/medcli/medcli_config.c b/src/libcharon/plugins/medcli/medcli_config.c index 78159c845..f34990176 100644 --- a/src/libcharon/plugins/medcli/medcli_config.c +++ b/src/libcharon/plugins/medcli/medcli_config.c @@ -223,10 +223,11 @@ typedef struct { } peer_enumerator_t; METHOD(enumerator_t, peer_enumerator_enumerate, bool, - peer_enumerator_t *this, peer_cfg_t **cfg) + peer_enumerator_t *this, va_list args) { char *name, *local_net, *remote_net; chunk_t me, other; + peer_cfg_t **cfg; child_cfg_t *child_cfg; auth_cfg_t *auth; peer_cfg_create_t peer = { @@ -249,6 +250,8 @@ METHOD(enumerator_t, peer_enumerator_enumerate, bool, .mode = MODE_TUNNEL, }; + VA_ARGS_VGET(args, cfg); + DESTROY_IF(this->current); if (!this->inner->enumerate(this->inner, &name, &me, &other, &local_net, &remote_net)) @@ -295,7 +298,8 @@ METHOD(backend_t, create_peer_cfg_enumerator, enumerator_t*, INIT(e, .public = { - .enumerate = (void*)_peer_enumerator_enumerate, + .enumerate = enumerator_enumerate_default, + .venumerate = _peer_enumerator_enumerate, .destroy = _peer_enumerator_destroy, }, .ike = this->ike, diff --git a/src/libcharon/plugins/medcli/medcli_creds.c b/src/libcharon/plugins/medcli/medcli_creds.c index 677229b9f..528fc004d 100644 --- a/src/libcharon/plugins/medcli/medcli_creds.c +++ b/src/libcharon/plugins/medcli/medcli_creds.c @@ -50,10 +50,13 @@ typedef struct { } private_enumerator_t; METHOD(enumerator_t, private_enumerator_enumerate, bool, - private_enumerator_t *this, private_key_t **key) + private_enumerator_t *this, va_list args) { + private_key_t **key; chunk_t chunk; + VA_ARGS_VGET(args, key); + DESTROY_IF(this->current); while (this->inner->enumerate(this->inner, &chunk)) { @@ -92,7 +95,8 @@ METHOD(credential_set_t, create_private_enumerator, enumerator_t*, INIT(e, .public = { - .enumerate = (void*)_private_enumerator_enumerate, + .enumerate = enumerator_enumerate_default, + .venumerate = _private_enumerator_enumerate, .destroy = _private_enumerator_destroy, }, ); @@ -123,11 +127,14 @@ typedef struct { } cert_enumerator_t; METHOD(enumerator_t, cert_enumerator_enumerate, bool, - cert_enumerator_t *this, certificate_t **cert) + cert_enumerator_t *this, va_list args) { + certificate_t **cert; public_key_t *public; chunk_t chunk; + VA_ARGS_VGET(args, cert); + DESTROY_IF(this->current); while (this->inner->enumerate(this->inner, &chunk)) { @@ -180,7 +187,8 @@ METHOD(credential_set_t, create_cert_enumerator, enumerator_t*, INIT(e, .public = { - .enumerate = (void*)_cert_enumerator_enumerate, + .enumerate = enumerator_enumerate_default, + .venumerate = _cert_enumerator_enumerate, .destroy = _cert_enumerator_destroy, }, .type = key, diff --git a/src/libcharon/plugins/medcli/medcli_creds.h b/src/libcharon/plugins/medcli/medcli_creds.h index 4b5402653..ec17955a2 100644 --- a/src/libcharon/plugins/medcli/medcli_creds.h +++ b/src/libcharon/plugins/medcli/medcli_creds.h @@ -37,7 +37,7 @@ struct medcli_creds_t { credential_set_t set; /** - * Destroy the credentials databse. + * Destroy the credentials database. */ void (*destroy)(medcli_creds_t *this); }; diff --git a/src/libcharon/plugins/medcli/medcli_listener.h b/src/libcharon/plugins/medcli/medcli_listener.h index 4768beccd..860dcdc60 100644 --- a/src/libcharon/plugins/medcli/medcli_listener.h +++ b/src/libcharon/plugins/medcli/medcli_listener.h @@ -37,7 +37,7 @@ struct medcli_listener_t { listener_t listener; /** - * Destroy the credentials databse. + * Destroy the credentials database. */ void (*destroy)(medcli_listener_t *this); }; diff --git a/src/libcharon/plugins/medsrv/Makefile.in b/src/libcharon/plugins/medsrv/Makefile.in index ceb06deb1..10b48daa3 100644 --- a/src/libcharon/plugins/medsrv/Makefile.in +++ b/src/libcharon/plugins/medsrv/Makefile.in @@ -358,6 +358,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -380,6 +381,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ diff --git a/src/libcharon/plugins/medsrv/medsrv_creds.c b/src/libcharon/plugins/medsrv/medsrv_creds.c index 0d99c4f77..16d4bd7f3 100644 --- a/src/libcharon/plugins/medsrv/medsrv_creds.c +++ b/src/libcharon/plugins/medsrv/medsrv_creds.c @@ -52,12 +52,14 @@ typedef struct { } cert_enumerator_t; METHOD(enumerator_t, cert_enumerator_enumerate, bool, - cert_enumerator_t *this, certificate_t **cert) + cert_enumerator_t *this, va_list args) { - certificate_t *trusted; + certificate_t *trusted, **cert; public_key_t *public; chunk_t chunk; + VA_ARGS_VGET(args, cert); + DESTROY_IF(this->current); while (this->inner->enumerate(this->inner, &chunk)) { @@ -110,7 +112,8 @@ METHOD(credential_set_t, create_cert_enumerator, enumerator_t*, INIT(e, .public = { - .enumerate = (void*)_cert_enumerator_enumerate, + .enumerate = enumerator_enumerate_default, + .venumerate = _cert_enumerator_enumerate, .destroy = _cert_enumerator_destroy, }, .type = key, diff --git a/src/libcharon/plugins/medsrv/medsrv_creds.h b/src/libcharon/plugins/medsrv/medsrv_creds.h index 2079601af..08ecaa3f2 100644 --- a/src/libcharon/plugins/medsrv/medsrv_creds.h +++ b/src/libcharon/plugins/medsrv/medsrv_creds.h @@ -37,7 +37,7 @@ struct medsrv_creds_t { credential_set_t set; /** - * Destroy the credentials databse. + * Destroy the credentials database. */ void (*destroy)(medsrv_creds_t *this); }; diff --git a/src/libcharon/plugins/osx_attr/Makefile.in b/src/libcharon/plugins/osx_attr/Makefile.in index ab9ece561..8e0b10eb0 100644 --- a/src/libcharon/plugins/osx_attr/Makefile.in +++ b/src/libcharon/plugins/osx_attr/Makefile.in @@ -358,6 +358,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -380,6 +381,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ diff --git a/src/libcharon/plugins/osx_attr/osx_attr_handler.c b/src/libcharon/plugins/osx_attr/osx_attr_handler.c index 6baf76d35..e7a627b93 100644 --- a/src/libcharon/plugins/osx_attr/osx_attr_handler.c +++ b/src/libcharon/plugins/osx_attr/osx_attr_handler.c @@ -218,12 +218,15 @@ METHOD(attribute_handler_t, release, void, } METHOD(enumerator_t, enumerate_dns, bool, - enumerator_t *this, configuration_attribute_type_t *type, chunk_t *data) + enumerator_t *this, va_list args) { + configuration_attribute_type_t *type; + chunk_t *data; + + VA_ARGS_VGET(args, type, data); *type = INTERNAL_IP4_DNS; *data = chunk_empty; - /* stop enumeration */ - this->enumerate = (void*)return_false; + this->venumerate = (void*)return_false; return TRUE; } @@ -234,7 +237,8 @@ METHOD(attribute_handler_t, create_attribute_enumerator, enumerator_t *, enumerator_t *enumerator; INIT(enumerator, - .enumerate = (void*)_enumerate_dns, + .enumerate = enumerator_enumerate_default, + .venumerate = _enumerate_dns, .destroy = (void*)free, ); return enumerator; diff --git a/src/libcharon/plugins/p_cscf/Makefile.in b/src/libcharon/plugins/p_cscf/Makefile.in index 7b3cb2fa4..954a43dc8 100644 --- a/src/libcharon/plugins/p_cscf/Makefile.in +++ b/src/libcharon/plugins/p_cscf/Makefile.in @@ -358,6 +358,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -380,6 +381,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ diff --git a/src/libcharon/plugins/p_cscf/p_cscf_handler.c b/src/libcharon/plugins/p_cscf/p_cscf_handler.c index 76633845e..cdf266054 100644 --- a/src/libcharon/plugins/p_cscf/p_cscf_handler.c +++ b/src/libcharon/plugins/p_cscf/p_cscf_handler.c @@ -83,9 +83,12 @@ typedef struct { } attr_enumerator_t; METHOD(enumerator_t, enumerate_attrs, bool, - attr_enumerator_t *this, configuration_attribute_type_t *type, - chunk_t *data) + attr_enumerator_t *this, va_list args) { + configuration_attribute_type_t *type; + chunk_t *data; + + VA_ARGS_VGET(args, type, data); if (this->request_ipv4) { *type = P_CSCF_IP4_ADDRESS; @@ -103,12 +106,13 @@ METHOD(enumerator_t, enumerate_attrs, bool, return FALSE; } -/** - * Check if the given host has a matching address family - */ -static bool is_family(host_t *host, int *family) +CALLBACK(is_family, bool, + host_t *host, va_list args) { - return host->get_family(host) == *family; + int family; + + VA_ARGS_VGET(args, family); + return host->get_family(host) == family; } /** @@ -116,7 +120,7 @@ static bool is_family(host_t *host, int *family) */ static bool has_host_family(linked_list_t *list, int family) { - return list->find_first(list, (void*)is_family, NULL, &family) == SUCCESS; + return list->find_first(list, is_family, NULL, family); } METHOD(attribute_handler_t, create_attribute_enumerator, enumerator_t *, @@ -132,7 +136,8 @@ METHOD(attribute_handler_t, create_attribute_enumerator, enumerator_t *, INIT(enumerator, .public = { - .enumerate = (void*)_enumerate_attrs, + .enumerate = enumerator_enumerate_default, + .venumerate = _enumerate_attrs, .destroy = (void*)free, }, ); diff --git a/src/libcharon/plugins/radattr/Makefile.in b/src/libcharon/plugins/radattr/Makefile.in index 1fe3033dc..add1f547f 100644 --- a/src/libcharon/plugins/radattr/Makefile.in +++ b/src/libcharon/plugins/radattr/Makefile.in @@ -359,6 +359,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -381,6 +382,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ diff --git a/src/libcharon/plugins/resolve/Makefile.in b/src/libcharon/plugins/resolve/Makefile.in index f8b62edf2..5e166f28f 100644 --- a/src/libcharon/plugins/resolve/Makefile.in +++ b/src/libcharon/plugins/resolve/Makefile.in @@ -358,6 +358,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -380,6 +381,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ diff --git a/src/libcharon/plugins/resolve/resolve_handler.c b/src/libcharon/plugins/resolve/resolve_handler.c index 9077b51d4..05b865464 100644 --- a/src/libcharon/plugins/resolve/resolve_handler.c +++ b/src/libcharon/plugins/resolve/resolve_handler.c @@ -391,10 +391,13 @@ typedef struct { bool v6; } attribute_enumerator_t; -static bool attribute_enumerate(attribute_enumerator_t *this, - configuration_attribute_type_t *type, - chunk_t *data) +METHOD(enumerator_t, attribute_enumerate, bool, + attribute_enumerator_t *this, va_list args) { + configuration_attribute_type_t *type; + chunk_t *data; + + VA_ARGS_VGET(args, type, data); if (this->v4) { *type = INTERNAL_IP4_DNS; @@ -443,7 +446,8 @@ METHOD(attribute_handler_t, create_attribute_enumerator, enumerator_t*, INIT(enumerator, .public = { - .enumerate = (void*)attribute_enumerate, + .enumerate = enumerator_enumerate_default, + .venumerate = _attribute_enumerate, .destroy = (void*)free, }, .v4 = has_host_family(vips, AF_INET), diff --git a/src/libcharon/plugins/smp/Makefile.in b/src/libcharon/plugins/smp/Makefile.in index bf0791c42..9aac31894 100644 --- a/src/libcharon/plugins/smp/Makefile.in +++ b/src/libcharon/plugins/smp/Makefile.in @@ -356,6 +356,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -378,6 +379,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ diff --git a/src/libcharon/plugins/socket_default/Makefile.in b/src/libcharon/plugins/socket_default/Makefile.in index f66ae1679..b87afa4a6 100644 --- a/src/libcharon/plugins/socket_default/Makefile.in +++ b/src/libcharon/plugins/socket_default/Makefile.in @@ -358,6 +358,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -380,6 +381,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ diff --git a/src/libcharon/plugins/socket_default/socket_default_socket.c b/src/libcharon/plugins/socket_default/socket_default_socket.c index ba22b0c2b..109b3fe9b 100644 --- a/src/libcharon/plugins/socket_default/socket_default_socket.c +++ b/src/libcharon/plugins/socket_default/socket_default_socket.c @@ -141,6 +141,11 @@ struct private_socket_default_socket_t { */ bool set_source; + /** + * TRUE to force sending source interface on outbound packetrs + */ + bool set_sourceif; + /** * A counter to implement round-robin selection of read sockets */ @@ -362,12 +367,33 @@ static ssize_t send_msg_generic(int skt, struct msghdr *msg) return sendmsg(skt, msg, 0); } +#if defined(IP_PKTINFO) || defined(HAVE_IN6_PKTINFO) + +/** + * Find the interface index a source address is installed on + */ +static int find_srcif(host_t *src) +{ + char *ifname; + int idx = 0; + + if (charon->kernel->get_interface(charon->kernel, src, &ifname)) + { + idx = if_nametoindex(ifname); + free(ifname); + } + return idx; +} + +#endif /* IP_PKTINFO || HAVE_IN6_PKTINFO */ + /** * Send a message with the IPv4 source address set, if possible. */ #ifdef IP_PKTINFO -static ssize_t send_msg_v4(int skt, struct msghdr *msg, host_t *src) +static ssize_t send_msg_v4(private_socket_default_socket_t *this, int skt, + struct msghdr *msg, host_t *src) { char buf[CMSG_SPACE(sizeof(struct in_pktinfo))] = {}; struct cmsghdr *cmsg; @@ -383,6 +409,10 @@ static ssize_t send_msg_v4(int skt, struct msghdr *msg, host_t *src) cmsg->cmsg_len = CMSG_LEN(sizeof(struct in_pktinfo)); pktinfo = (struct in_pktinfo*)CMSG_DATA(cmsg); + if (this->set_sourceif) + { + pktinfo->ipi_ifindex = find_srcif(src); + } addr = &pktinfo->ipi_spec_dst; sin = (struct sockaddr_in*)src->get_sockaddr(src); @@ -392,7 +422,8 @@ static ssize_t send_msg_v4(int skt, struct msghdr *msg, host_t *src) #elif defined(IP_SENDSRCADDR) -static ssize_t send_msg_v4(int skt, struct msghdr *msg, host_t *src) +static ssize_t send_msg_v4(private_socket_default_socket_t *this, int skt, + struct msghdr *msg, host_t *src) { char buf[CMSG_SPACE(sizeof(struct in_addr))] = {}; struct cmsghdr *cmsg; @@ -415,7 +446,8 @@ static ssize_t send_msg_v4(int skt, struct msghdr *msg, host_t *src) #else /* IP_PKTINFO || IP_RECVDSTADDR */ -static ssize_t send_msg_v4(int skt, struct msghdr *msg, host_t *src) +static ssize_t send_msg_v4(private_socket_default_socket_t *this, + int skt, struct msghdr *msg, host_t *src) { return send_msg_generic(skt, msg); } @@ -427,7 +459,8 @@ static ssize_t send_msg_v4(int skt, struct msghdr *msg, host_t *src) */ #ifdef HAVE_IN6_PKTINFO -static ssize_t send_msg_v6(int skt, struct msghdr *msg, host_t *src) +static ssize_t send_msg_v6(private_socket_default_socket_t *this, int skt, + struct msghdr *msg, host_t *src) { char buf[CMSG_SPACE(sizeof(struct in6_pktinfo))] = {}; struct cmsghdr *cmsg; @@ -441,6 +474,10 @@ static ssize_t send_msg_v6(int skt, struct msghdr *msg, host_t *src) cmsg->cmsg_type = IPV6_PKTINFO; cmsg->cmsg_len = CMSG_LEN(sizeof(struct in6_pktinfo)); pktinfo = (struct in6_pktinfo*)CMSG_DATA(cmsg); + if (this->set_sourceif) + { + pktinfo->ipi6_ifindex = find_srcif(src); + } sin = (struct sockaddr_in6*)src->get_sockaddr(src); memcpy(&pktinfo->ipi6_addr, &sin->sin6_addr, sizeof(struct in6_addr)); return send_msg_generic(skt, msg); @@ -448,7 +485,8 @@ static ssize_t send_msg_v6(int skt, struct msghdr *msg, host_t *src) #else /* HAVE_IN6_PKTINFO */ -static ssize_t send_msg_v6(int skt, struct msghdr *msg, host_t *src) +static ssize_t send_msg_v6(private_socket_default_socket_t *this, + int skt, struct msghdr *msg, host_t *src) { return send_msg_generic(skt, msg); } @@ -564,11 +602,11 @@ METHOD(socket_t, sender, status_t, { if (family == AF_INET) { - bytes_sent = send_msg_v4(skt, &msg, src); + bytes_sent = send_msg_v4(this, skt, &msg, src); } else { - bytes_sent = send_msg_v6(skt, &msg, src); + bytes_sent = send_msg_v6(this, skt, &msg, src); } } else @@ -831,6 +869,9 @@ socket_default_socket_t *socket_default_socket_create() .set_source = lib->settings->get_bool(lib->settings, "%s.plugins.socket-default.set_source", TRUE, lib->ns), + .set_sourceif = lib->settings->get_bool(lib->settings, + "%s.plugins.socket-default.set_sourceif", FALSE, + lib->ns), ); if (this->port && this->port == this->natt) diff --git a/src/libcharon/plugins/socket_dynamic/Makefile.in b/src/libcharon/plugins/socket_dynamic/Makefile.in index 3d07b5407..595651f21 100644 --- a/src/libcharon/plugins/socket_dynamic/Makefile.in +++ b/src/libcharon/plugins/socket_dynamic/Makefile.in @@ -358,6 +358,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -380,6 +381,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ diff --git a/src/libcharon/plugins/socket_win/Makefile.in b/src/libcharon/plugins/socket_win/Makefile.in index 692489845..8f1e43926 100644 --- a/src/libcharon/plugins/socket_win/Makefile.in +++ b/src/libcharon/plugins/socket_win/Makefile.in @@ -358,6 +358,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -380,6 +381,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ diff --git a/src/libcharon/plugins/sql/Makefile.in b/src/libcharon/plugins/sql/Makefile.in index 581225b55..5c146190d 100644 --- a/src/libcharon/plugins/sql/Makefile.in +++ b/src/libcharon/plugins/sql/Makefile.in @@ -356,6 +356,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -378,6 +379,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ diff --git a/src/libcharon/plugins/sql/sql_config.c b/src/libcharon/plugins/sql/sql_config.c index 88cac7f26..00ed693eb 100644 --- a/src/libcharon/plugins/sql/sql_config.c +++ b/src/libcharon/plugins/sql/sql_config.c @@ -173,7 +173,8 @@ static child_cfg_t *build_child_cfg(private_sql_config_t *this, enumerator_t *e) child_cfg_create_t child = { .mode = mode, .reqid = reqid, - .ipcomp = ipcomp, + .options = (ipcomp ? OPT_IPCOMP : 0) | + (hostaccess ? OPT_HOSTACCESS : 0), .lifetime = { .time = { .life = lifetime, .rekey = rekeytime, .jitter = jitter @@ -183,7 +184,6 @@ static child_cfg_t *build_child_cfg(private_sql_config_t *this, enumerator_t *e) .dpd_action = dpd, .close_action = close, .updown = updown, - .hostaccess = hostaccess, }; child_cfg = child_cfg_create(name, &child); add_esp_proposals(this, child_cfg, id); @@ -504,11 +504,12 @@ typedef struct { ike_cfg_t *current; } ike_enumerator_t; -/** - * Implementation of ike_enumerator_t.public.enumerate - */ -static bool ike_enumerator_enumerate(ike_enumerator_t *this, ike_cfg_t **cfg) +METHOD(enumerator_t, ike_enumerator_enumerate, bool, + ike_enumerator_t *this, va_list args) { + ike_cfg_t **cfg; + + VA_ARGS_VGET(args, cfg); DESTROY_IF(this->current); this->current = build_ike_cfg(this->this, this->inner, this->me, this->other); if (this->current) @@ -519,10 +520,8 @@ static bool ike_enumerator_enumerate(ike_enumerator_t *this, ike_cfg_t **cfg) return FALSE; } -/** - * Implementation of ike_enumerator_t.public.destroy - */ -static void ike_enumerator_destroy(ike_enumerator_t *this) +METHOD(enumerator_t, ike_enumerator_destroy, void, + ike_enumerator_t *this) { DESTROY_IF(this->current); this->inner->destroy(this->inner); @@ -532,19 +531,22 @@ static void ike_enumerator_destroy(ike_enumerator_t *this) METHOD(backend_t, create_ike_cfg_enumerator, enumerator_t*, private_sql_config_t *this, host_t *me, host_t *other) { - ike_enumerator_t *e = malloc_thing(ike_enumerator_t); - - e->this = this; - e->me = me; - e->other = other; - e->current = NULL; - e->public.enumerate = (void*)ike_enumerator_enumerate; - e->public.destroy = (void*)ike_enumerator_destroy; + ike_enumerator_t *e; + INIT(e, + .public = { + .enumerate = enumerator_enumerate_default, + .venumerate = _ike_enumerator_enumerate, + .destroy = _ike_enumerator_destroy, + }, + .this = this, + .me = me, + .other = other, + ); e->inner = this->db->query(this->db, - "SELECT id, certreq, force_encap, local, remote " - "FROM ike_configs", - DB_INT, DB_INT, DB_INT, DB_TEXT, DB_TEXT); + "SELECT id, certreq, force_encap, local, remote " + "FROM ike_configs", + DB_INT, DB_INT, DB_INT, DB_TEXT, DB_TEXT); if (!e->inner) { free(e); @@ -569,11 +571,12 @@ typedef struct { peer_cfg_t *current; } peer_enumerator_t; -/** - * Implementation of peer_enumerator_t.public.enumerate - */ -static bool peer_enumerator_enumerate(peer_enumerator_t *this, peer_cfg_t **cfg) +METHOD(enumerator_t, peer_enumerator_enumerate, bool, + peer_enumerator_t *this, va_list args) { + peer_cfg_t **cfg; + + VA_ARGS_VGET(args, cfg); DESTROY_IF(this->current); this->current = build_peer_cfg(this->this, this->inner, this->me, this->other); if (this->current) @@ -584,10 +587,8 @@ static bool peer_enumerator_enumerate(peer_enumerator_t *this, peer_cfg_t **cfg) return FALSE; } -/** - * Implementation of peer_enumerator_t.public.destroy - */ -static void peer_enumerator_destroy(peer_enumerator_t *this) +METHOD(enumerator_t, peer_enumerator_destroy, void, + peer_enumerator_t *this) { DESTROY_IF(this->current); this->inner->destroy(this->inner); @@ -597,14 +598,18 @@ static void peer_enumerator_destroy(peer_enumerator_t *this) METHOD(backend_t, create_peer_cfg_enumerator, enumerator_t*, private_sql_config_t *this, identification_t *me, identification_t *other) { - peer_enumerator_t *e = malloc_thing(peer_enumerator_t); - - e->this = this; - e->me = me; - e->other = other; - e->current = NULL; - e->public.enumerate = (void*)peer_enumerator_enumerate; - e->public.destroy = (void*)peer_enumerator_destroy; + peer_enumerator_t *e; + + INIT(e, + .public = { + .enumerate = enumerator_enumerate_default, + .venumerate = _peer_enumerator_enumerate, + .destroy = _peer_enumerator_destroy, + }, + .this = this, + .me = me, + .other = other, + ); /* TODO: only get configs whose IDs match exactly or contain wildcards */ e->inner = this->db->query(this->db, diff --git a/src/libcharon/plugins/sql/sql_cred.c b/src/libcharon/plugins/sql/sql_cred.c index 117eec921..3317de6c8 100644 --- a/src/libcharon/plugins/sql/sql_cred.c +++ b/src/libcharon/plugins/sql/sql_cred.c @@ -52,11 +52,14 @@ typedef struct { } private_enumerator_t; METHOD(enumerator_t, private_enumerator_enumerate, bool, - private_enumerator_t *this, private_key_t **key) + private_enumerator_t *this, va_list args) { + private_key_t **key; chunk_t blob; int type; + VA_ARGS_VGET(args, key); + DESTROY_IF(this->current); while (this->inner->enumerate(this->inner, &type, &blob)) { @@ -88,7 +91,8 @@ METHOD(credential_set_t, create_private_enumerator, enumerator_t*, INIT(e, .public = { - .enumerate = (void*)_private_enumerator_enumerate, + .enumerate = enumerator_enumerate_default, + .venumerate = _private_enumerator_enumerate, .destroy = _private_enumerator_destroy, }, ); @@ -132,11 +136,14 @@ typedef struct { } cert_enumerator_t; METHOD(enumerator_t, cert_enumerator_enumerate, bool, - cert_enumerator_t *this, certificate_t **cert) + cert_enumerator_t *this, va_list args) { + certificate_t **cert; chunk_t blob; int type; + VA_ARGS_VGET(args, cert); + DESTROY_IF(this->current); while (this->inner->enumerate(this->inner, &type, &blob)) { @@ -169,7 +176,8 @@ METHOD(credential_set_t, create_cert_enumerator, enumerator_t*, INIT(e, .public = { - .enumerate = (void*)_cert_enumerator_enumerate, + .enumerate = enumerator_enumerate_default, + .venumerate = _cert_enumerator_enumerate, .destroy = _cert_enumerator_destroy, }, ); @@ -221,12 +229,15 @@ typedef struct { } shared_enumerator_t; METHOD(enumerator_t, shared_enumerator_enumerate, bool, - shared_enumerator_t *this, shared_key_t **shared, - id_match_t *me, id_match_t *other) + shared_enumerator_t *this, va_list args) { + shared_key_t **shared; + id_match_t *me, *other; chunk_t blob; int type; + VA_ARGS_VGET(args, shared, me, other); + DESTROY_IF(this->current); while (this->inner->enumerate(this->inner, &type, &blob)) { @@ -265,7 +276,8 @@ METHOD(credential_set_t, create_shared_enumerator, enumerator_t*, INIT(e, .public = { - .enumerate = (void*)_shared_enumerator_enumerate, + .enumerate = enumerator_enumerate_default, + .venumerate = _shared_enumerator_enumerate, .destroy = _shared_enumerator_destroy, }, .me = me, @@ -340,9 +352,11 @@ typedef enum { } cdp_type_t; METHOD(enumerator_t, cdp_enumerator_enumerate, bool, - cdp_enumerator_t *this, char **uri) + cdp_enumerator_t *this, va_list args) { - char *text; + char *text, **uri; + + VA_ARGS_VGET(args, uri); free(this->current); while (this->inner->enumerate(this->inner, &text)) @@ -384,7 +398,8 @@ METHOD(credential_set_t, create_cdp_enumerator, enumerator_t*, } INIT(e, .public = { - .enumerate = (void*)_cdp_enumerator_enumerate, + .enumerate = enumerator_enumerate_default, + .venumerate = _cdp_enumerator_enumerate, .destroy = _cdp_enumerator_destroy, }, ); diff --git a/src/libcharon/plugins/stroke/Makefile.in b/src/libcharon/plugins/stroke/Makefile.in index 50a6d5953..0af607fd7 100644 --- a/src/libcharon/plugins/stroke/Makefile.in +++ b/src/libcharon/plugins/stroke/Makefile.in @@ -360,6 +360,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -382,6 +383,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ diff --git a/src/libcharon/plugins/stroke/stroke_attribute.c b/src/libcharon/plugins/stroke/stroke_attribute.c index cd1b4d093..7835031c2 100644 --- a/src/libcharon/plugins/stroke/stroke_attribute.c +++ b/src/libcharon/plugins/stroke/stroke_attribute.c @@ -178,28 +178,32 @@ METHOD(attribute_provider_t, release_address, bool, return found; } -/** - * Filter function to convert host to DNS configuration attributes - */ -static bool attr_filter(void *lock, host_t **in, - configuration_attribute_type_t *type, - void *dummy, chunk_t *data) +CALLBACK(attr_filter, bool, + void *lock, enumerator_t *orig, va_list args) { - host_t *host = *in; + configuration_attribute_type_t *type; + chunk_t *data; + host_t *host; - switch (host->get_family(host)) + VA_ARGS_VGET(args, type, data); + + while (orig->enumerate(orig, &host)) { - case AF_INET: - *type = INTERNAL_IP4_DNS; - break; - case AF_INET6: - *type = INTERNAL_IP6_DNS; - break; - default: - return FALSE; + switch (host->get_family(host)) + { + case AF_INET: + *type = INTERNAL_IP4_DNS; + break; + case AF_INET6: + *type = INTERNAL_IP6_DNS; + break; + default: + continue; + } + *data = host->get_address(host); + return TRUE; } - *data = host->get_address(host); - return TRUE; + return FALSE; } METHOD(attribute_provider_t, create_attribute_enumerator, enumerator_t*, @@ -223,7 +227,7 @@ METHOD(attribute_provider_t, create_attribute_enumerator, enumerator_t*, enumerator->destroy(enumerator); return enumerator_create_filter( attr->dns->create_enumerator(attr->dns), - (void*)attr_filter, this->lock, + attr_filter, this->lock, (void*)this->lock->unlock); } } @@ -338,24 +342,28 @@ METHOD(stroke_attribute_t, del_dns, void, this->lock->unlock(this->lock); } -/** - * Pool enumerator filter function, converts pool_t to name, size, ... - */ -static bool pool_filter(void *lock, mem_pool_t **poolp, const char **name, - void *d1, u_int *size, void *d2, u_int *online, - void *d3, u_int *offline) +CALLBACK(pool_filter, bool, + void *lock, enumerator_t *orig, va_list args) { - mem_pool_t *pool = *poolp; + mem_pool_t *pool; + const char **name; + u_int *size, *online, *offline; - if (pool->get_size(pool) == 0) + VA_ARGS_VGET(args, name, size, online, offline); + + while (orig->enumerate(orig, &pool)) { - return FALSE; + if (pool->get_size(pool) == 0) + { + continue; + } + *name = pool->get_name(pool); + *size = pool->get_size(pool); + *online = pool->get_online(pool); + *offline = pool->get_offline(pool); + return TRUE; } - *name = pool->get_name(pool); - *size = pool->get_size(pool); - *online = pool->get_online(pool); - *offline = pool->get_offline(pool); - return TRUE; + return FALSE; } METHOD(stroke_attribute_t, create_pool_enumerator, enumerator_t*, @@ -363,7 +371,7 @@ METHOD(stroke_attribute_t, create_pool_enumerator, enumerator_t*, { this->lock->read_lock(this->lock); return enumerator_create_filter(this->pools->create_enumerator(this->pools), - (void*)pool_filter, + pool_filter, this->lock, (void*)this->lock->unlock); } diff --git a/src/libcharon/plugins/stroke/stroke_ca.c b/src/libcharon/plugins/stroke/stroke_ca.c index 13ed41e0e..4593e9bdc 100644 --- a/src/libcharon/plugins/stroke/stroke_ca.c +++ b/src/libcharon/plugins/stroke/stroke_ca.c @@ -171,26 +171,30 @@ typedef struct { identification_t *id; } cert_data_t; -/** - * destroy cert_data - */ -static void cert_data_destroy(cert_data_t *data) +CALLBACK(cert_data_destroy, void, + cert_data_t *data) { data->this->lock->unlock(data->this->lock); free(data); } -/** - * filter function for certs enumerator - */ -static bool certs_filter(cert_data_t *data, ca_cert_t **in, - certificate_t **out) +CALLBACK(certs_filter, bool, + cert_data_t *data, enumerator_t *orig, va_list args) { + ca_cert_t *cacert; public_key_t *public; - certificate_t *cert = (*in)->cert; + certificate_t **out; + + VA_ARGS_VGET(args, out); - if (data->cert == CERT_ANY || data->cert == cert->get_type(cert)) + while (orig->enumerate(orig, &cacert)) { + certificate_t *cert = cacert->cert; + + if (data->cert != CERT_ANY && data->cert != cert->get_type(cert)) + { + continue; + } public = cert->get_public_key(cert); if (public) { @@ -208,9 +212,9 @@ static bool certs_filter(cert_data_t *data, ca_cert_t **in, } else if (data->key != KEY_ANY) { - return FALSE; + continue; } - if (data->id == NULL || cert->has_subject(cert, data->id)) + if (!data->id || cert->has_subject(cert, data->id)) { *out = cert; return TRUE; @@ -235,8 +239,8 @@ METHOD(credential_set_t, create_cert_enumerator, enumerator_t*, this->lock->read_lock(this->lock); enumerator = this->certs->create_enumerator(this->certs); - return enumerator_create_filter(enumerator, (void*)certs_filter, data, - (void*)cert_data_destroy); + return enumerator_create_filter(enumerator, certs_filter, data, + cert_data_destroy); } /** @@ -354,11 +358,12 @@ METHOD(credential_set_t, create_cdp_enumerator, enumerator_t*, data, (void*)cdp_data_destroy); } -/** - * Compare the given certificate to the ca_cert_t items in the list - */ -static bool match_cert(ca_cert_t *item, certificate_t *cert) +CALLBACK(match_cert, bool, + ca_cert_t *item, va_list args) { + certificate_t *cert; + + VA_ARGS_VGET(args, cert); return cert->equals(cert, item->cert); } @@ -405,8 +410,7 @@ static certificate_t *add_cert_internal(private_stroke_ca_t *this, { ca_cert_t *found; - if (this->certs->find_first(this->certs, (linked_list_match_t)match_cert, - (void**)&found, cert) == SUCCESS) + if (this->certs->find_first(this->certs, match_cert, (void**)&found, cert)) { cert->destroy(cert); cert = found->cert->get_ref(found->cert); @@ -511,8 +515,7 @@ METHOD(stroke_ca_t, get_cert_ref, certificate_t*, ca_cert_t *found; this->lock->read_lock(this->lock); - if (this->certs->find_first(this->certs, (linked_list_match_t)match_cert, - (void**)&found, cert) == SUCCESS) + if (this->certs->find_first(this->certs, match_cert, (void**)&found, cert)) { cert->destroy(cert); cert = found->cert->get_ref(found->cert); diff --git a/src/libcharon/plugins/stroke/stroke_config.c b/src/libcharon/plugins/stroke/stroke_config.c index bbdc2116d..00f74831c 100644 --- a/src/libcharon/plugins/stroke/stroke_config.c +++ b/src/libcharon/plugins/stroke/stroke_config.c @@ -68,13 +68,20 @@ METHOD(backend_t, create_peer_cfg_enumerator, enumerator_t*, (void*)this->mutex->unlock, this->mutex); } -/** - * filter function for ike configs - */ -static bool ike_filter(void *data, peer_cfg_t **in, ike_cfg_t **out) +CALLBACK(ike_filter, bool, + void *data, enumerator_t *orig, va_list args) { - *out = (*in)->get_ike_cfg(*in); - return TRUE; + peer_cfg_t *cfg; + ike_cfg_t **out; + + VA_ARGS_VGET(args, out); + + if (orig->enumerate(orig, &cfg)) + { + *out = cfg->get_ike_cfg(cfg); + return TRUE; + } + return FALSE; } METHOD(backend_t, create_ike_cfg_enumerator, enumerator_t*, @@ -82,7 +89,7 @@ METHOD(backend_t, create_ike_cfg_enumerator, enumerator_t*, { this->mutex->lock(this->mutex); return enumerator_create_filter(this->list->create_enumerator(this->list), - (void*)ike_filter, this->mutex, + ike_filter, this->mutex, (void*)this->mutex->unlock); } @@ -1071,15 +1078,16 @@ static child_cfg_t *build_child_cfg(private_stroke_config_t *this, }, .reqid = msg->add_conn.reqid, .mode = msg->add_conn.mode, - .proxy_mode = msg->add_conn.proxy_mode, - .ipcomp = msg->add_conn.ipcomp, + .options = (msg->add_conn.proxy_mode ? OPT_PROXY_MODE : 0) | + (msg->add_conn.ipcomp ? OPT_IPCOMP : 0) | + (msg->add_conn.me.hostaccess ? OPT_HOSTACCESS : 0) | + (msg->add_conn.install_policy ? 0 : OPT_NO_POLICIES) | + (msg->add_conn.sha256_96 ? OPT_SHA256_96 : 0), .tfc = msg->add_conn.tfc, .inactivity = msg->add_conn.inactivity, .dpd_action = map_action(msg->add_conn.dpd.action), .close_action = map_action(msg->add_conn.close_action), .updown = msg->add_conn.me.updown, - .hostaccess = msg->add_conn.me.hostaccess, - .suppress_policies = !msg->add_conn.install_policy, }; child_cfg = child_cfg_create(msg->add_conn.name, &child); diff --git a/src/libcharon/plugins/stroke/stroke_handler.c b/src/libcharon/plugins/stroke/stroke_handler.c index d0cc9afab..19d5a62a1 100644 --- a/src/libcharon/plugins/stroke/stroke_handler.c +++ b/src/libcharon/plugins/stroke/stroke_handler.c @@ -62,35 +62,39 @@ static void attributes_destroy(attributes_t *this) free(this); } -/** - * Filter function to convert host to DNS configuration attributes - */ -static bool attr_filter(void *lock, host_t **in, - configuration_attribute_type_t *type, - void *dummy, chunk_t *data) +CALLBACK(attr_filter, bool, + void *lock, enumerator_t *orig, va_list args) { - host_t *host = *in; + configuration_attribute_type_t *type; + chunk_t *data; + host_t *host; - switch (host->get_family(host)) - { - case AF_INET: - *type = INTERNAL_IP4_DNS; - break; - case AF_INET6: - *type = INTERNAL_IP6_DNS; - break; - default: - return FALSE; - } - if (host->is_anyaddr(host)) - { - *data = chunk_empty; - } - else + VA_ARGS_VGET(args, type, data); + + while (orig->enumerate(orig, &host)) { - *data = host->get_address(host); + switch (host->get_family(host)) + { + case AF_INET: + *type = INTERNAL_IP4_DNS; + break; + case AF_INET6: + *type = INTERNAL_IP6_DNS; + break; + default: + continue; + } + if (host->is_anyaddr(host)) + { + *data = chunk_empty; + } + else + { + *data = host->get_address(host); + } + return TRUE; } - return TRUE; + return FALSE; } METHOD(attribute_handler_t, create_attribute_enumerator, enumerator_t*, @@ -114,7 +118,7 @@ METHOD(attribute_handler_t, create_attribute_enumerator, enumerator_t*, enumerator->destroy(enumerator); return enumerator_create_filter( attr->dns->create_enumerator(attr->dns), - (void*)attr_filter, this->lock, + attr_filter, this->lock, (void*)this->lock->unlock); } } diff --git a/src/libcharon/plugins/stroke/stroke_list.c b/src/libcharon/plugins/stroke/stroke_list.c index 92e368669..22992599d 100644 --- a/src/libcharon/plugins/stroke/stroke_list.c +++ b/src/libcharon/plugins/stroke/stroke_list.c @@ -218,7 +218,7 @@ static void log_child_sa(FILE *out, child_sa_t *child_sa, bool all) child_sa->get_name(child_sa), child_sa->get_unique_id(child_sa), child_sa_state_names, child_sa->get_state(child_sa), ipsec_mode_names, child_sa->get_mode(child_sa), - config->use_proxy_mode(config) ? "_PROXY" : "", + config->has_option(config, OPT_PROXY_MODE) ? "_PROXY" : "", child_sa->get_reqid(child_sa)); if (child_sa->get_state(child_sa) == CHILD_INSTALLED) @@ -958,8 +958,7 @@ static void list_plugins(FILE *out) { case FEATURE_PROVIDE: fp = &features[i]; - loaded = list->find_first(list, NULL, - (void**)&fp) == SUCCESS; + loaded = list->find_first(list, NULL, (void**)&fp); fprintf(out, " %s%s\n", str, loaded ? "" : " (not loaded)"); break; diff --git a/src/libcharon/plugins/stroke/stroke_socket.c b/src/libcharon/plugins/stroke/stroke_socket.c index 46de90ca6..65d345db3 100644 --- a/src/libcharon/plugins/stroke/stroke_socket.c +++ b/src/libcharon/plugins/stroke/stroke_socket.c @@ -216,6 +216,7 @@ static void stroke_add_conn(private_stroke_socket_t *this, stroke_msg_t *msg) DBG_OPT(" dpdtimeout=%d", msg->add_conn.dpd.timeout); DBG_OPT(" dpdaction=%d", msg->add_conn.dpd.action); DBG_OPT(" closeaction=%d", msg->add_conn.close_action); + DBG_OPT(" sha256_96=%s", msg->add_conn.sha256_96 ? "yes" : "no"); DBG_OPT(" mediation=%s", msg->add_conn.ikeme.mediation ? "yes" : "no"); DBG_OPT(" mediated_by=%s", msg->add_conn.ikeme.mediated_by); DBG_OPT(" me_peerid=%s", msg->add_conn.ikeme.peerid); diff --git a/src/libcharon/plugins/systime_fix/Makefile.in b/src/libcharon/plugins/systime_fix/Makefile.in index 78fd6e8d1..327443020 100644 --- a/src/libcharon/plugins/systime_fix/Makefile.in +++ b/src/libcharon/plugins/systime_fix/Makefile.in @@ -358,6 +358,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -380,6 +381,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ diff --git a/src/libcharon/plugins/tnc_ifmap/Makefile.in b/src/libcharon/plugins/tnc_ifmap/Makefile.in index 7ec4eaad1..438001baf 100644 --- a/src/libcharon/plugins/tnc_ifmap/Makefile.in +++ b/src/libcharon/plugins/tnc_ifmap/Makefile.in @@ -361,6 +361,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -383,6 +384,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ diff --git a/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_soap_msg.c b/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_soap_msg.c index b86288683..db19bd575 100644 --- a/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_soap_msg.c +++ b/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_soap_msg.c @@ -55,7 +55,7 @@ struct private_tnc_ifmap_soap_msg_t { static xmlNodePtr find_child(xmlNodePtr parent, const xmlChar* name) { xmlNodePtr child; - + child = parent->xmlChildrenNode; while (child) { @@ -80,7 +80,7 @@ METHOD(tnc_ifmap_soap_msg_t, post, bool, xmlChar *xml_str, *errorCode, *errorString; int xml_len, len, written; chunk_t xml, http; - char buf[4096]; + char buf[4096] = { 0 }; status_t status; DBG2(DBG_TNC, "sending ifmap %s", request->name); @@ -131,7 +131,8 @@ METHOD(tnc_ifmap_soap_msg_t, post, bool, xml = chunk_empty; do { - len = this->tls->read(this->tls, buf, sizeof(buf), TRUE); + /* reduce size so the buffer is null-terminated */ + len = this->tls->read(this->tls, buf, sizeof(buf)-1, TRUE); if (len <= 0) { return FALSE; @@ -150,7 +151,7 @@ METHOD(tnc_ifmap_soap_msg_t, post, bool, DBG3(DBG_TNC, "parsing XML message %B", &xml); this->doc = xmlParseMemory(xml.ptr, xml.len); free(xml.ptr); - + if (!this->doc) { DBG1(DBG_TNC, "failed to parse XML message"); diff --git a/src/libcharon/plugins/tnc_pdp/Makefile.in b/src/libcharon/plugins/tnc_pdp/Makefile.in index 215e3b38e..abc77433a 100644 --- a/src/libcharon/plugins/tnc_pdp/Makefile.in +++ b/src/libcharon/plugins/tnc_pdp/Makefile.in @@ -362,6 +362,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -384,6 +385,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ diff --git a/src/libcharon/plugins/uci/Makefile.in b/src/libcharon/plugins/uci/Makefile.in index 64b4bca24..46f4e4f85 100644 --- a/src/libcharon/plugins/uci/Makefile.in +++ b/src/libcharon/plugins/uci/Makefile.in @@ -356,6 +356,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -378,6 +379,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ diff --git a/src/libcharon/plugins/uci/uci_config.c b/src/libcharon/plugins/uci/uci_config.c index e0578fe9b..dcd4ae348 100644 --- a/src/libcharon/plugins/uci/uci_config.c +++ b/src/libcharon/plugins/uci/uci_config.c @@ -118,11 +118,12 @@ static u_int create_rekey(char *string) } METHOD(enumerator_t, peer_enumerator_enumerate, bool, - peer_enumerator_t *this, peer_cfg_t **cfg) + peer_enumerator_t *this, va_list args) { char *name, *ike_proposal, *esp_proposal, *ike_rekey, *esp_rekey; char *local_id, *local_addr, *local_net; char *remote_id, *remote_addr, *remote_net; + peer_cfg_t **cfg; child_cfg_t *child_cfg; ike_cfg_t *ike_cfg; auth_cfg_t *auth; @@ -145,6 +146,8 @@ METHOD(enumerator_t, peer_enumerator_enumerate, bool, .mode = MODE_TUNNEL, }; + VA_ARGS_VGET(args, cfg); + /* defaults */ name = "unnamed"; local_id = NULL; @@ -212,7 +215,8 @@ METHOD(backend_t, create_peer_cfg_enumerator, enumerator_t*, INIT(e, .public = { - .enumerate = (void*)_peer_enumerator_enumerate, + .enumerate = enumerator_enumerate_default, + .venumerate = _peer_enumerator_enumerate, .destroy = _peer_enumerator_destroy, }, .inner = this->parser->create_section_enumerator(this->parser, @@ -241,10 +245,13 @@ typedef struct { } ike_enumerator_t; METHOD(enumerator_t, ike_enumerator_enumerate, bool, - ike_enumerator_t *this, ike_cfg_t **cfg) + ike_enumerator_t *this, va_list args) { + ike_cfg_t **cfg; char *local_addr, *remote_addr, *ike_proposal; + VA_ARGS_VGET(args, cfg); + /* defaults */ local_addr = "0.0.0.0"; remote_addr = "0.0.0.0"; @@ -282,7 +289,8 @@ METHOD(backend_t, create_ike_cfg_enumerator, enumerator_t*, INIT(e, .public = { - .enumerate = (void*)_ike_enumerator_enumerate, + .enumerate = enumerator_enumerate_default, + .venumerate = _ike_enumerator_enumerate, .destroy = _ike_enumerator_destroy, }, .inner = this->parser->create_section_enumerator(this->parser, diff --git a/src/libcharon/plugins/uci/uci_creds.c b/src/libcharon/plugins/uci/uci_creds.c index f5d5ace70..404a3e39f 100644 --- a/src/libcharon/plugins/uci/uci_creds.c +++ b/src/libcharon/plugins/uci/uci_creds.c @@ -52,12 +52,15 @@ typedef struct { } shared_enumerator_t; METHOD(enumerator_t, shared_enumerator_enumerate, bool, - shared_enumerator_t *this, shared_key_t **key, id_match_t *me, - id_match_t *other) + shared_enumerator_t *this, va_list args) { + shared_key_t **key; + id_match_t *me, *other; char *local_id, *remote_id, *psk; identification_t *local, *remote; + VA_ARGS_VGET(args, key, me, other); + while (TRUE) { /* defaults */ @@ -126,7 +129,8 @@ METHOD(credential_set_t, create_shared_enumerator, enumerator_t*, INIT(e, .public = { - .enumerate = (void*)_shared_enumerator_enumerate, + .enumerate = enumerator_enumerate_default, + .venumerate = _shared_enumerator_enumerate, .destroy = _shared_enumerator_destroy, }, .me = me, diff --git a/src/libcharon/plugins/uci/uci_parser.c b/src/libcharon/plugins/uci/uci_parser.c index 2429e9e44..e847dd393 100644 --- a/src/libcharon/plugins/uci/uci_parser.c +++ b/src/libcharon/plugins/uci/uci_parser.c @@ -58,11 +58,10 @@ typedef struct { } section_enumerator_t; METHOD(enumerator_t, section_enumerator_enumerate, bool, - section_enumerator_t *this, ...) + section_enumerator_t *this, va_list args) { struct uci_element *element; char **value; - va_list args; int i; if (&this->current->list == this->list) @@ -70,8 +69,6 @@ METHOD(enumerator_t, section_enumerator_enumerate, bool, return FALSE; } - va_start(args, this); - value = va_arg(args, char**); if (value) { @@ -96,7 +93,6 @@ METHOD(enumerator_t, section_enumerator_enumerate, bool, *value = uci_to_option(element)->value; } } - va_end(args); this->current = list_to_element(this->current->list.next); return TRUE; @@ -124,7 +120,13 @@ METHOD(uci_parser_t, create_section_enumerator, enumerator_t*, i++; } va_end(args); - e = malloc(sizeof(section_enumerator_t) + sizeof(char*) * i); + INIT_EXTRA(e, sizeof(char*) * i, + .public = { + .enumerate = enumerator_enumerate_default, + .venumerate = _section_enumerator_enumerate, + .destroy = _section_enumerator_destroy, + }, + ); i = 0; va_start(args, this); do @@ -134,9 +136,6 @@ METHOD(uci_parser_t, create_section_enumerator, enumerator_t*, while (e->keywords[i++]); va_end(args); - e->public.enumerate = (void*)_section_enumerator_enumerate; - e->public.destroy = _section_enumerator_destroy; - /* load uci context */ e->ctx = uci_alloc_context(); if (uci_load(e->ctx, this->package, &e->package) != UCI_OK) diff --git a/src/libcharon/plugins/unity/Makefile.in b/src/libcharon/plugins/unity/Makefile.in index 6811eb737..245bbd471 100644 --- a/src/libcharon/plugins/unity/Makefile.in +++ b/src/libcharon/plugins/unity/Makefile.in @@ -357,6 +357,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -379,6 +380,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ diff --git a/src/libcharon/plugins/unity/unity_handler.c b/src/libcharon/plugins/unity/unity_handler.c index 25e0756b7..4a1478c6d 100644 --- a/src/libcharon/plugins/unity/unity_handler.c +++ b/src/libcharon/plugins/unity/unity_handler.c @@ -368,9 +368,12 @@ typedef struct { } attribute_enumerator_t; METHOD(enumerator_t, enumerate_attributes, bool, - attribute_enumerator_t *this, configuration_attribute_type_t *type, - chunk_t *data) + attribute_enumerator_t *this, va_list args) { + configuration_attribute_type_t *type; + chunk_t *data; + + VA_ARGS_VGET(args, type, data); if (this->i < countof(attributes)) { *type = attributes[this->i++]; @@ -393,7 +396,8 @@ METHOD(attribute_handler_t, create_attribute_enumerator, enumerator_t *, } INIT(enumerator, .public = { - .enumerate = (void*)_enumerate_attributes, + .enumerate = enumerator_enumerate_default, + .venumerate = _enumerate_attributes, .destroy = (void*)free, }, ); @@ -407,24 +411,27 @@ typedef struct { ike_sa_id_t *id; } include_filter_t; -/** - * Include enumerator filter function - */ -static bool include_filter(include_filter_t *data, - entry_t **entry, traffic_selector_t **ts) +CALLBACK(include_filter, bool, + include_filter_t *data, enumerator_t *orig, va_list args) { - if (data->id->equals(data->id, (*entry)->id)) + entry_t *entry; + traffic_selector_t **ts; + + VA_ARGS_VGET(args, ts); + + while (orig->enumerate(orig, &entry)) { - *ts = (*entry)->ts; - return TRUE; + if (data->id->equals(data->id, entry->id)) + { + *ts = entry->ts; + return TRUE; + } } return FALSE; } -/** - * Destroy include filter data, unlock mutex - */ -static void destroy_filter(include_filter_t *data) +CALLBACK(destroy_filter, void, + include_filter_t *data) { data->mutex->unlock(data->mutex); free(data); @@ -442,7 +449,7 @@ METHOD(unity_handler_t, create_include_enumerator, enumerator_t*, data->mutex->lock(data->mutex); return enumerator_create_filter( this->include->create_enumerator(this->include), - (void*)include_filter, data, (void*)destroy_filter); + include_filter, data, destroy_filter); } METHOD(unity_handler_t, destroy, void, diff --git a/src/libcharon/plugins/unity/unity_provider.c b/src/libcharon/plugins/unity/unity_provider.c index 07f5f9b61..b6a55648e 100644 --- a/src/libcharon/plugins/unity/unity_provider.c +++ b/src/libcharon/plugins/unity/unity_provider.c @@ -77,12 +77,15 @@ static void append_ts(bio_writer_t *writer, traffic_selector_t *ts) } METHOD(enumerator_t, attribute_enumerate, bool, - attribute_enumerator_t *this, configuration_attribute_type_t *type, - chunk_t *attr) + attribute_enumerator_t *this, va_list args) { + configuration_attribute_type_t *type; + chunk_t *attr; traffic_selector_t *ts; bio_writer_t *writer; + VA_ARGS_VGET(args, type, attr); + if (this->list->get_count(this->list) == 0) { return FALSE; @@ -183,7 +186,8 @@ METHOD(attribute_provider_t, create_attribute_enumerator, enumerator_t*, INIT(attr_enum, .public = { - .enumerate = (void*)_attribute_enumerate, + .enumerate = enumerator_enumerate_default, + .venumerate = _attribute_enumerate, .destroy = _attribute_destroy, }, .list = list, diff --git a/src/libcharon/plugins/updown/Makefile.in b/src/libcharon/plugins/updown/Makefile.in index 1a44e5566..ef0f33ce3 100644 --- a/src/libcharon/plugins/updown/Makefile.in +++ b/src/libcharon/plugins/updown/Makefile.in @@ -358,6 +358,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -380,6 +381,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ diff --git a/src/libcharon/plugins/updown/updown_listener.c b/src/libcharon/plugins/updown/updown_listener.c index 6a1581c85..bbefd6a02 100644 --- a/src/libcharon/plugins/updown/updown_listener.c +++ b/src/libcharon/plugins/updown/updown_listener.c @@ -366,7 +366,7 @@ static void invoke_once(private_updown_listener_t *this, ike_sa_t *ike_sa, push_env(envp, countof(envp), "PLUTO_IPCOMP=1"); } push_dns_env(this, ike_sa, envp, countof(envp)); - if (config->get_hostaccess(config)) + if (config->has_option(config, OPT_HOSTACCESS)) { push_env(envp, countof(envp), "PLUTO_HOST_ACCESS=1"); } diff --git a/src/libcharon/plugins/vici/Makefile.in b/src/libcharon/plugins/vici/Makefile.in index cdefbff79..fd2b89849 100644 --- a/src/libcharon/plugins/vici/Makefile.in +++ b/src/libcharon/plugins/vici/Makefile.in @@ -454,6 +454,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -476,6 +477,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ diff --git a/src/libcharon/plugins/vici/README.md b/src/libcharon/plugins/vici/README.md index 9bda949d0..f47f80cad 100644 --- a/src/libcharon/plugins/vici/README.md +++ b/src/libcharon/plugins/vici/README.md @@ -480,11 +480,12 @@ Load a certificate into the daemon. Load a private key into the daemon. { - type = + type = data = } => { success = errmsg = + id = } ### unload-key() ### diff --git a/src/libcharon/plugins/vici/perl/Makefile.in b/src/libcharon/plugins/vici/perl/Makefile.in index 385aa9775..0e9626aa3 100644 --- a/src/libcharon/plugins/vici/perl/Makefile.in +++ b/src/libcharon/plugins/vici/perl/Makefile.in @@ -272,6 +272,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -294,6 +295,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ diff --git a/src/libcharon/plugins/vici/python/Makefile.in b/src/libcharon/plugins/vici/python/Makefile.in index f783d7068..7d5383290 100644 --- a/src/libcharon/plugins/vici/python/Makefile.in +++ b/src/libcharon/plugins/vici/python/Makefile.in @@ -294,6 +294,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -316,6 +317,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ diff --git a/src/libcharon/plugins/vici/python/vici/protocol.py b/src/libcharon/plugins/vici/python/vici/protocol.py index 919231d43..370229463 100644 --- a/src/libcharon/plugins/vici/python/vici/protocol.py +++ b/src/libcharon/plugins/vici/python/vici/protocol.py @@ -62,7 +62,7 @@ class Packet(object): @classmethod def _named_request(cls, request_type, request, message=None): - requestdata = request.encode("UTF-8") + request = request.encode("UTF-8") payload = struct.pack("!BB", request_type, len(request)) + request if message is not None: return payload + message diff --git a/src/libcharon/plugins/vici/ruby/Makefile.in b/src/libcharon/plugins/vici/ruby/Makefile.in index 125f44ee1..5691a74d1 100644 --- a/src/libcharon/plugins/vici/ruby/Makefile.in +++ b/src/libcharon/plugins/vici/ruby/Makefile.in @@ -272,6 +272,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -294,6 +295,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ @@ -468,8 +470,8 @@ distclean-generic: maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." -@RUBY_GEMS_INSTALL_FALSE@install-data-local: @RUBY_GEMS_INSTALL_FALSE@uninstall-local: +@RUBY_GEMS_INSTALL_FALSE@install-data-local: clean: clean-am clean-am: clean-generic clean-libtool clean-local mostlyclean-am diff --git a/src/libcharon/plugins/vici/suites/test_message.c b/src/libcharon/plugins/vici/suites/test_message.c index 045e34fff..73bba239b 100644 --- a/src/libcharon/plugins/vici/suites/test_message.c +++ b/src/libcharon/plugins/vici/suites/test_message.c @@ -122,9 +122,14 @@ typedef struct { endecode_test_t *next; } endecode_enum_t; -static bool endecode_enumerate(endecode_enum_t *this, vici_type_t *type, - char **name, chunk_t *data) +METHOD(enumerator_t, endecode_enumerate, bool, + endecode_enum_t *this, va_list args) { + vici_type_t *type; + chunk_t *data; + char **name; + + VA_ARGS_VGET(args, type, name, data); if (this->next) { *type = this->next->type; @@ -149,7 +154,8 @@ static enumerator_t *endecode_create_enumerator(endecode_test_t *test) INIT(enumerator, .public = { - .enumerate = (void*)endecode_enumerate, + .enumerate = enumerator_enumerate_default, + .venumerate = _endecode_enumerate, .destroy = (void*)free, }, .next = test, diff --git a/src/libcharon/plugins/vici/vici_attribute.c b/src/libcharon/plugins/vici/vici_attribute.c index 4e1fa9708..ab765fa14 100644 --- a/src/libcharon/plugins/vici/vici_attribute.c +++ b/src/libcharon/plugins/vici/vici_attribute.c @@ -184,16 +184,22 @@ METHOD(attribute_provider_t, release_address, bool, return found; } -/** - * Filter mapping attribute_t to enumerated type/value arguments - */ -static bool attr_filter(void *data, attribute_t **attr, - configuration_attribute_type_t *type, - void *in, chunk_t *value) +CALLBACK(attr_filter, bool, + void *data, enumerator_t *orig, va_list args) { - *type = (*attr)->type; - *value = (*attr)->value; - return TRUE; + attribute_t *attr; + configuration_attribute_type_t *type; + chunk_t *value; + + VA_ARGS_VGET(args, type, value); + + if (orig->enumerate(orig, &attr)) + { + *type = attr->type; + *value = attr->value; + return TRUE; + } + return FALSE; } /** @@ -203,7 +209,7 @@ CALLBACK(create_nested, enumerator_t*, pool_t *pool, void *this) { return enumerator_create_filter(array_create_enumerator(pool->attrs), - (void*)attr_filter, NULL, NULL); + attr_filter, NULL, NULL); } /** diff --git a/src/libcharon/plugins/vici/vici_config.c b/src/libcharon/plugins/vici/vici_config.c index 12497ec5e..0c355e3a0 100644 --- a/src/libcharon/plugins/vici/vici_config.c +++ b/src/libcharon/plugins/vici/vici_config.c @@ -141,13 +141,20 @@ METHOD(backend_t, create_peer_cfg_enumerator, enumerator_t*, (void*)this->lock->unlock, this->lock); } -/** - * Enumerator filter function for ike configs - */ -static bool ike_filter(void *data, peer_cfg_t **in, ike_cfg_t **out) +CALLBACK(ike_filter, bool, + void *data, enumerator_t *orig, va_list args) { - *out = (*in)->get_ike_cfg(*in); - return TRUE; + peer_cfg_t *cfg; + ike_cfg_t **out; + + VA_ARGS_VGET(args, out); + + if (orig->enumerate(orig, &cfg)) + { + *out = cfg->get_ike_cfg(cfg); + return TRUE; + } + return FALSE; } METHOD(backend_t, create_ike_cfg_enumerator, enumerator_t*, @@ -155,7 +162,7 @@ METHOD(backend_t, create_ike_cfg_enumerator, enumerator_t*, { this->lock->read_lock(this->lock); return enumerator_create_filter(this->conns->create_enumerator(this->conns), - (void*)ike_filter, this->lock, + ike_filter, this->lock, (void*)this->lock->unlock); } @@ -478,7 +485,6 @@ typedef struct { linked_list_t *remote_ts; uint32_t replay_window; bool policies; - bool policies_fwd_out; child_cfg_create_t cfg; } child_data_t; @@ -500,12 +506,12 @@ static void log_child_data(child_data_t *data, char *name) DBG2(DBG_CFG, " life_packets = %llu", cfg->lifetime.packets.life); DBG2(DBG_CFG, " rand_packets = %llu", cfg->lifetime.packets.jitter); DBG2(DBG_CFG, " updown = %s", cfg->updown); - DBG2(DBG_CFG, " hostaccess = %u", cfg->hostaccess); - DBG2(DBG_CFG, " ipcomp = %u", cfg->ipcomp); + DBG2(DBG_CFG, " hostaccess = %u", cfg->options & OPT_HOSTACCESS); + DBG2(DBG_CFG, " ipcomp = %u", cfg->options & OPT_IPCOMP); DBG2(DBG_CFG, " mode = %N%s", ipsec_mode_names, cfg->mode, - cfg->proxy_mode ? "_PROXY" : ""); + cfg->options & OPT_PROXY_MODE ? "_PROXY" : ""); DBG2(DBG_CFG, " policies = %u", data->policies); - DBG2(DBG_CFG, " policies_fwd_out = %u", data->policies_fwd_out); + DBG2(DBG_CFG, " policies_fwd_out = %u", cfg->options & OPT_FWD_OUT_POLICIES); if (data->replay_window != REPLAY_UNDEFINED) { DBG2(DBG_CFG, " replay_window = %u", data->replay_window); @@ -525,6 +531,8 @@ static void log_child_data(child_data_t *data, char *name) DBG2(DBG_CFG, " proposals = %#P", data->proposals); DBG2(DBG_CFG, " local_ts = %#R", data->local_ts); DBG2(DBG_CFG, " remote_ts = %#R", data->remote_ts); + DBG2(DBG_CFG, " hw_offload = %u", cfg->options & OPT_HW_OFFLOAD); + DBG2(DBG_CFG, " sha256_96 = %u", cfg->options & OPT_SHA256_96); } /** @@ -827,12 +835,79 @@ CALLBACK(parse_mode, bool, if (parse_map(map, countof(map), &d, v)) { cfg->mode = d; - cfg->proxy_mode = (d == MODE_TRANSPORT) && (v.len > 9); + if ((d == MODE_TRANSPORT) && (v.len > 9)) + { + cfg->options |= OPT_PROXY_MODE; + } return TRUE; } return FALSE; } +/** + * Enable a child_cfg_option_t + */ +static bool parse_option(child_cfg_option_t *out, child_cfg_option_t opt, + chunk_t v) +{ + bool val; + + if (parse_bool(&val, v)) + { + if (val) + { + *out |= opt; + } + return TRUE; + } + return FALSE; +} + +/** + * Parse OPT_HOSTACCESS option + */ +CALLBACK(parse_opt_haccess, bool, + child_cfg_option_t *out, chunk_t v) +{ + return parse_option(out, OPT_HOSTACCESS, v); +} + +/** + * Parse OPT_FWD_OUT_POLICIES option + */ +CALLBACK(parse_opt_fwd_out, bool, + child_cfg_option_t *out, chunk_t v) +{ + return parse_option(out, OPT_FWD_OUT_POLICIES, v); +} + +/** + * Parse OPT_FWD_OUT_POLICIES option + */ +CALLBACK(parse_opt_ipcomp, bool, + child_cfg_option_t *out, chunk_t v) +{ + return parse_option(out, OPT_IPCOMP, v); +} + +/** + * Parse OPT_HW_OFFLOAD option + */ +CALLBACK(parse_opt_hw_offl, bool, + child_cfg_option_t *out, chunk_t v) +{ + return parse_option(out, OPT_HW_OFFLOAD, v); +} + +/** + * Parse OPT_SHA256_96 option + */ +CALLBACK(parse_opt_sha256_96, bool, + child_cfg_option_t *out, chunk_t v) +{ + return parse_option(out, OPT_SHA256_96, v); +} + /** * Parse an action_t */ @@ -1336,6 +1411,7 @@ CALLBACK(parse_frag, bool, { enum_map_t map[] = { { "yes", FRAGMENTATION_YES }, + { "accept", FRAGMENTATION_ACCEPT }, { "no", FRAGMENTATION_NO }, { "force", FRAGMENTATION_FORCE }, }; @@ -1465,10 +1541,10 @@ CALLBACK(child_kv, bool, { parse_rule_t rules[] = { { "updown", parse_string, &child->cfg.updown }, - { "hostaccess", parse_bool, &child->cfg.hostaccess }, + { "hostaccess", parse_opt_haccess, &child->cfg.options }, { "mode", parse_mode, &child->cfg }, { "policies", parse_bool, &child->policies }, - { "policies_fwd_out", parse_bool, &child->policies_fwd_out }, + { "policies_fwd_out", parse_opt_fwd_out, &child->cfg.options }, { "replay_window", parse_uint32, &child->replay_window }, { "rekey_time", parse_time, &child->cfg.lifetime.time.rekey }, { "life_time", parse_time, &child->cfg.lifetime.time.life }, @@ -1482,7 +1558,7 @@ CALLBACK(child_kv, bool, { "dpd_action", parse_action, &child->cfg.dpd_action }, { "start_action", parse_action, &child->cfg.start_action }, { "close_action", parse_action, &child->cfg.close_action }, - { "ipcomp", parse_bool, &child->cfg.ipcomp }, + { "ipcomp", parse_opt_ipcomp, &child->cfg.options }, { "inactivity", parse_time, &child->cfg.inactivity }, { "reqid", parse_uint32, &child->cfg.reqid }, { "mark_in", parse_mark, &child->cfg.mark_in }, @@ -1490,6 +1566,8 @@ CALLBACK(child_kv, bool, { "tfc_padding", parse_tfc, &child->cfg.tfc }, { "priority", parse_uint32, &child->cfg.priority }, { "interface", parse_string, &child->cfg.interface }, + { "hw_offload", parse_opt_hw_offl, &child->cfg.options }, + { "sha256_96", parse_opt_sha256_96,&child->cfg.options }, }; return parse_rules(rules, countof(rules), name, value, @@ -1755,8 +1833,7 @@ CALLBACK(children_sn, bool, child.proposals->insert_last(child.proposals, proposal); } } - child.cfg.suppress_policies = !child.policies; - child.cfg.fwd_out_policies = child.policies_fwd_out; + child.cfg.options |= child.policies ? 0 : OPT_NO_POLICIES; check_lifetimes(&child.cfg.lifetime); diff --git a/src/libcharon/plugins/vici/vici_cred.c b/src/libcharon/plugins/vici/vici_cred.c index 6c7c194c2..5d8bf2f05 100644 --- a/src/libcharon/plugins/vici/vici_cred.c +++ b/src/libcharon/plugins/vici/vici_cred.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2015-2016 Andreas Steffen - * Copyright (C) 2016 Tobias Brunner + * Copyright (C) 2016-2017 Tobias Brunner * HSR Hochschule fuer Technik Rapperswil * * Copyright (C) 2014 Martin Willi @@ -206,9 +206,10 @@ CALLBACK(load_cert, vici_message_t*, CALLBACK(load_key, vici_message_t*, private_vici_cred_t *this, char *name, u_int id, vici_message_t *message) { + vici_builder_t *builder; key_type_t type; private_key_t *key; - chunk_t data; + chunk_t data, fp; char *str; str = message->get_str(message, NULL, "type"); @@ -248,12 +249,19 @@ CALLBACK(load_key, vici_message_t*, return create_reply("parsing %N private key failed", key_type_names, type); } + if (!key->get_fingerprint(key, KEYID_PUBKEY_SHA1, &fp)) + { + return create_reply("failed to get key id"); + } DBG1(DBG_CFG, "loaded %N private key", key_type_names, type); + builder = vici_builder_create(); + builder->add_kv(builder, "success", "yes"); + builder->add_kv(builder, "id", "%+B", &fp); this->creds->add_key(this->creds, key); - return create_reply(NULL); + return builder->finalize(builder); } CALLBACK(unload_key, vici_message_t*, diff --git a/src/libcharon/plugins/vici/vici_message.c b/src/libcharon/plugins/vici/vici_message.c index 58b896773..91d344994 100644 --- a/src/libcharon/plugins/vici/vici_message.c +++ b/src/libcharon/plugins/vici/vici_message.c @@ -135,11 +135,16 @@ typedef struct { } parse_enumerator_t; METHOD(enumerator_t, parse_enumerate, bool, - parse_enumerator_t *this, vici_type_t *out, char **name, chunk_t *value) + parse_enumerator_t *this, va_list args) { + vici_type_t *out; + chunk_t *value; + char **name; uint8_t type; chunk_t data; + VA_ARGS_VGET(args, out, name, value); + if (!this->reader->remaining(this->reader) || !this->reader->read_uint8(this->reader, &type)) { @@ -218,7 +223,8 @@ METHOD(vici_message_t, create_enumerator, enumerator_t*, INIT(enumerator, .public = { - .enumerate = (void*)_parse_enumerate, + .enumerate = enumerator_enumerate_default, + .venumerate = _parse_enumerate, .destroy = _parse_destroy, }, .reader = bio_reader_create(this->encoding), diff --git a/src/libcharon/plugins/vici/vici_query.c b/src/libcharon/plugins/vici/vici_query.c index c0f4e2de9..2cc59591f 100644 --- a/src/libcharon/plugins/vici/vici_query.c +++ b/src/libcharon/plugins/vici/vici_query.c @@ -107,7 +107,7 @@ static void list_mode(vici_builder_t *b, child_sa_t *child, child_cfg_t *cfg) cfg = child->get_config(child); } mode = child ? child->get_mode(child) : cfg->get_mode(cfg); - if (mode == MODE_TRANSPORT && cfg->use_proxy_mode(cfg)) + if (mode == MODE_TRANSPORT && cfg->has_option(cfg, OPT_PROXY_MODE)) { /* only report this if the negotiated mode is actually TRANSPORT */ sub_mode = "_PROXY"; } diff --git a/src/libcharon/plugins/whitelist/Makefile.in b/src/libcharon/plugins/whitelist/Makefile.in index b85961387..0347c5f53 100644 --- a/src/libcharon/plugins/whitelist/Makefile.in +++ b/src/libcharon/plugins/whitelist/Makefile.in @@ -365,6 +365,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -387,6 +388,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ diff --git a/src/libcharon/plugins/whitelist/whitelist_listener.c b/src/libcharon/plugins/whitelist/whitelist_listener.c index 7e5b2f4e0..136554674 100644 --- a/src/libcharon/plugins/whitelist/whitelist_listener.c +++ b/src/libcharon/plugins/whitelist/whitelist_listener.c @@ -119,14 +119,19 @@ METHOD(whitelist_listener_t, remove_, void, DESTROY_IF(id); } -/** - * Enumerator filter, from hashtable (key, value) to single identity - */ -static bool whitelist_filter(rwlock_t *lock, identification_t **key, - identification_t **id, identification_t **value) +CALLBACK(whitelist_filter, bool, + rwlock_t *lock, enumerator_t *orig, va_list args) { - *id = *value; - return TRUE; + identification_t *key, *value, **out; + + VA_ARGS_VGET(args, out); + + if (orig->enumerate(orig, &key, &value)) + { + *out = value; + return TRUE; + } + return FALSE; } METHOD(whitelist_listener_t, create_enumerator, enumerator_t*, @@ -134,7 +139,7 @@ METHOD(whitelist_listener_t, create_enumerator, enumerator_t*, { this->lock->read_lock(this->lock); return enumerator_create_filter(this->ids->create_enumerator(this->ids), - (void*)whitelist_filter, this->lock, + whitelist_filter, this->lock, (void*)this->lock->unlock); } diff --git a/src/libcharon/plugins/xauth_eap/Makefile.in b/src/libcharon/plugins/xauth_eap/Makefile.in index a6554d6a9..28158a373 100644 --- a/src/libcharon/plugins/xauth_eap/Makefile.in +++ b/src/libcharon/plugins/xauth_eap/Makefile.in @@ -358,6 +358,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -380,6 +381,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ diff --git a/src/libcharon/plugins/xauth_generic/Makefile.in b/src/libcharon/plugins/xauth_generic/Makefile.in index 87d627bc3..1dc267545 100644 --- a/src/libcharon/plugins/xauth_generic/Makefile.in +++ b/src/libcharon/plugins/xauth_generic/Makefile.in @@ -358,6 +358,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -380,6 +381,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ diff --git a/src/libcharon/plugins/xauth_noauth/Makefile.in b/src/libcharon/plugins/xauth_noauth/Makefile.in index 13fb71aef..a610bab2a 100644 --- a/src/libcharon/plugins/xauth_noauth/Makefile.in +++ b/src/libcharon/plugins/xauth_noauth/Makefile.in @@ -358,6 +358,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -380,6 +381,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ diff --git a/src/libcharon/plugins/xauth_pam/Makefile.in b/src/libcharon/plugins/xauth_pam/Makefile.in index 821d46e6b..8c31f2472 100644 --- a/src/libcharon/plugins/xauth_pam/Makefile.in +++ b/src/libcharon/plugins/xauth_pam/Makefile.in @@ -358,6 +358,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -380,6 +381,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ diff --git a/src/libcharon/processing/jobs/delete_child_sa_job.c b/src/libcharon/processing/jobs/delete_child_sa_job.c index 70dbc1b4a..048b879f1 100644 --- a/src/libcharon/processing/jobs/delete_child_sa_job.c +++ b/src/libcharon/processing/jobs/delete_child_sa_job.c @@ -1,6 +1,7 @@ /* + * Copyright (C) 2017 Tobias Brunner * Copyright (C) 2006 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -24,19 +25,19 @@ typedef struct private_delete_child_sa_job_t private_delete_child_sa_job_t; * Private data of an delete_child_sa_job_t object. */ struct private_delete_child_sa_job_t { - /** + /** * Public delete_child_sa_job_t interface. */ delete_child_sa_job_t public; /** - * protocol of the CHILD_SA (ESP/AH) + * Protocol of the CHILD_SA (ESP/AH) */ protocol_id_t protocol; /** - * inbound SPI of the CHILD_SA + * Inbound SPI of the CHILD_SA */ uint32_t spi; @@ -49,12 +50,17 @@ struct private_delete_child_sa_job_t { * Delete for an expired CHILD_SA */ bool expired; + + /** + * Unique ID of the CHILD_SA + */ + uint32_t id; }; METHOD(job_t, destroy, void, private_delete_child_sa_job_t *this) { - this->dst->destroy(this->dst); + DESTROY_IF(this->dst); free(this); } @@ -63,17 +69,37 @@ METHOD(job_t, execute, job_requeue_t, { ike_sa_t *ike_sa; - ike_sa = charon->child_sa_manager->checkout(charon->child_sa_manager, - this->protocol, this->spi, this->dst, NULL); - if (ike_sa == NULL) + if (this->id) { - DBG1(DBG_JOB, "CHILD_SA %N/0x%08x/%H not found for delete", - protocol_id_names, this->protocol, htonl(this->spi), this->dst); + child_sa_t *child_sa; + + ike_sa = charon->child_sa_manager->checkout_by_id( + charon->child_sa_manager, this->id, &child_sa); + if (!ike_sa) + { + DBG1(DBG_JOB, "CHILD_SA {%d} not found for delete", this->id); + } + else + { + this->spi = child_sa->get_spi(child_sa, TRUE); + this->protocol = child_sa->get_protocol(child_sa); + } } else { - ike_sa->delete_child_sa(ike_sa, this->protocol, this->spi, this->expired); + ike_sa = charon->child_sa_manager->checkout(charon->child_sa_manager, + this->protocol, this->spi, this->dst, NULL); + if (!ike_sa) + { + DBG1(DBG_JOB, "CHILD_SA %N/0x%08x/%H not found for delete", + protocol_id_names, this->protocol, htonl(this->spi), this->dst); + } + } + if (ike_sa) + { + ike_sa->delete_child_sa(ike_sa, this->protocol, this->spi, + this->expired); charon->ike_sa_manager->checkin(charon->ike_sa_manager, ike_sa); } return JOB_REQUEUE_NONE; @@ -109,3 +135,24 @@ delete_child_sa_job_t *delete_child_sa_job_create(protocol_id_t protocol, return &this->public; } + +/* + * Described in header + */ +delete_child_sa_job_t *delete_child_sa_job_create_id(uint32_t id) +{ + private_delete_child_sa_job_t *this; + + INIT(this, + .public = { + .job_interface = { + .execute = _execute, + .get_priority = _get_priority, + .destroy = _destroy, + }, + }, + .id = id, + ); + + return &this->public; +} diff --git a/src/libcharon/processing/jobs/delete_child_sa_job.h b/src/libcharon/processing/jobs/delete_child_sa_job.h index 349f5debb..b2d5a11f6 100644 --- a/src/libcharon/processing/jobs/delete_child_sa_job.h +++ b/src/libcharon/processing/jobs/delete_child_sa_job.h @@ -1,6 +1,7 @@ /* + * Copyright (C) 2017 Tobias Brunner * Copyright (C) 2006 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -42,7 +43,7 @@ struct delete_child_sa_job_t { }; /** - * Creates a job of type DELETE_CHILD_SA. + * Creates a job that deletes a CHILD_SA. * * @param protocol protocol of the CHILD_SA * @param spi security parameter index of the CHILD_SA @@ -53,4 +54,12 @@ struct delete_child_sa_job_t { delete_child_sa_job_t *delete_child_sa_job_create(protocol_id_t protocol, uint32_t spi, host_t *dst, bool expired); +/** + * Creates a job that deletes a CHILD_SA identified by its unique ID. + * + * @param id unique ID of the CHILD_SA + * @return delete_child_sa_job_t object + */ +delete_child_sa_job_t *delete_child_sa_job_create_id(uint32_t id); + #endif /** DELETE_CHILD_SA_JOB_H_ @}*/ diff --git a/src/libcharon/sa/child_sa.c b/src/libcharon/sa/child_sa.c index b9dd59b07..3d9f6133b 100644 --- a/src/libcharon/sa/child_sa.c +++ b/src/libcharon/sa/child_sa.c @@ -1,6 +1,6 @@ /* + * Copyright (C) 2006-2017 Tobias Brunner * Copyright (C) 2016 Andreas Steffen - * Copyright (C) 2006-2016 Tobias Brunner * Copyright (C) 2005-2008 Martin Willi * Copyright (C) 2006 Daniel Roethlisberger * Copyright (C) 2005 Jan Hutter @@ -40,6 +40,12 @@ ENUM(child_sa_state_names, CHILD_CREATED, CHILD_DESTROYING, "DESTROYING", ); +ENUM(child_sa_outbound_state_names, CHILD_OUTBOUND_NONE, CHILD_OUTBOUND_INSTALLED, + "NONE", + "REGISTERED", + "INSTALLED", +); + typedef struct private_child_sa_t private_child_sa_t; /** @@ -91,6 +97,31 @@ struct private_child_sa_t { */ array_t *other_ts; + /** + * Outbound encryption key cached during a rekeying + */ + chunk_t encr_r; + + /** + * Outbound integrity key cached during a rekeying + */ + chunk_t integ_r; + + /** + * Whether the outbound SA has only been registered yet during a rekeying + */ + child_sa_outbound_state_t outbound_state; + + /** + * Whether the peer supports TFCv3 + */ + bool tfcv3; + + /** + * The outbound SPI of the CHILD_SA that replaced this one during a rekeying + */ + uint32_t rekey_spi; + /** * Protocol used to protect this SA, ESP|AH */ @@ -265,6 +296,10 @@ METHOD(child_sa_t, get_config, child_cfg_t*, METHOD(child_sa_t, set_state, void, private_child_sa_t *this, child_sa_state_t state) { + DBG2(DBG_CHD, "CHILD_SA %s{%d} state change: %N => %N", + get_name(this), this->unique_id, + child_sa_state_names, this->state, + child_sa_state_names, state); charon->bus->child_state_change(charon->bus, &this->public, state); this->state = state; } @@ -275,6 +310,12 @@ METHOD(child_sa_t, get_state, child_sa_state_t, return this->state; } +METHOD(child_sa_t, get_outbound_state, child_sa_outbound_state_t, + private_child_sa_t *this) +{ + return this->outbound_state; +} + METHOD(child_sa_t, get_spi, uint32_t, private_child_sa_t *this, bool inbound) { @@ -394,10 +435,11 @@ struct policy_enumerator_t { }; METHOD(enumerator_t, policy_enumerate, bool, - policy_enumerator_t *this, traffic_selector_t **my_out, - traffic_selector_t **other_out) + policy_enumerator_t *this, va_list args) { - traffic_selector_t *other_ts; + traffic_selector_t *other_ts, **my_out, **other_out; + + VA_ARGS_VGET(args, my_out, other_out); while (this->ts || this->mine->enumerate(this->mine, &this->ts)) { @@ -446,7 +488,8 @@ METHOD(child_sa_t, create_policy_enumerator, enumerator_t*, INIT(e, .public = { - .enumerate = (void*)_policy_enumerate, + .enumerate = enumerator_enumerate_default, + .venumerate = _policy_enumerate, .destroy = _policy_destroy, }, .mine = array_create_enumerator(this->my_ts), @@ -504,7 +547,7 @@ static status_t update_usebytes(private_child_sa_t *this, bool inbound) } else { - if (this->other_spi) + if (this->other_spi && this->outbound_state == CHILD_OUTBOUND_INSTALLED) { kernel_ipsec_sa_id_t id = { .src = this->my_addr, @@ -691,14 +734,16 @@ METHOD(child_sa_t, alloc_cpi, uint16_t, return 0; } -METHOD(child_sa_t, install, status_t, - private_child_sa_t *this, chunk_t encr, chunk_t integ, uint32_t spi, - uint16_t cpi, bool initiator, bool inbound, bool tfcv3, - linked_list_t *my_ts, linked_list_t *other_ts) +/** + * Install the given SA in the kernel + */ +static status_t install_internal(private_child_sa_t *this, chunk_t encr, + chunk_t integ, uint32_t spi, uint16_t cpi, bool initiator, bool inbound, + bool tfcv3) { uint16_t enc_alg = ENCR_UNDEFINED, int_alg = AUTH_UNDEFINED, size; uint16_t esn = NO_EXT_SEQ_NUMBERS; - linked_list_t *src_ts = NULL, *dst_ts = NULL; + linked_list_t *my_ts, *other_ts, *src_ts, *dst_ts; time_t now; kernel_ipsec_sa_id_t id; kernel_ipsec_add_sa_t sa; @@ -708,6 +753,12 @@ METHOD(child_sa_t, install, status_t, status_t status; bool update = FALSE; + /* BEET requires the bound address from the traffic selectors */ + my_ts = linked_list_create_from_enumerator( + array_create_enumerator(this->my_ts)); + other_ts = linked_list_create_from_enumerator( + array_create_enumerator(this->other_ts)); + /* now we have to decide which spi to use. Use self allocated, if "in", * or the one in the proposal, if not "in" (others). Additionally, * source and dest host switch depending on the role */ @@ -721,6 +772,8 @@ METHOD(child_sa_t, install, status_t, } this->my_spi = spi; this->my_cpi = cpi; + dst_ts = my_ts; + src_ts = other_ts; } else { @@ -728,11 +781,14 @@ METHOD(child_sa_t, install, status_t, dst = this->other_addr; this->other_spi = spi; this->other_cpi = cpi; + src_ts = my_ts; + dst_ts = other_ts; if (tfcv3) { tfc = this->config->get_tfc(this->config); } + this->outbound_state = CHILD_OUTBOUND_INSTALLED; } DBG2(DBG_CHD, "adding %s %N SA", inbound ? "inbound" : "outbound", @@ -748,12 +804,22 @@ METHOD(child_sa_t, install, status_t, this->proposal->get_algorithm(this->proposal, EXTENDED_SEQUENCE_NUMBERS, &esn, NULL); + if (int_alg == AUTH_HMAC_SHA2_256_128 && + this->config->has_option(this->config, OPT_SHA256_96)) + { + DBG2(DBG_CHD, " using %N with 96-bit truncation", + integrity_algorithm_names, int_alg); + int_alg = AUTH_HMAC_SHA2_256_96; + } + if (!this->reqid_allocated && !this->static_reqid) { status = charon->kernel->alloc_reqid(charon->kernel, my_ts, other_ts, this->mark_in, this->mark_out, &this->reqid); if (status != SUCCESS) { + my_ts->destroy(my_ts); + other_ts->destroy(other_ts); return status; } this->reqid_allocated = TRUE; @@ -783,18 +849,6 @@ METHOD(child_sa_t, install, status_t, lifetime->time.rekey = 0; } - /* BEET requires the bound address from the traffic selectors */ - if (inbound) - { - dst_ts = my_ts; - src_ts = other_ts; - } - else - { - src_ts = my_ts; - dst_ts = other_ts; - } - id = (kernel_ipsec_sa_id_t){ .src = src, .dst = dst, @@ -818,6 +872,7 @@ METHOD(child_sa_t, install, status_t, .ipcomp = this->ipcomp, .cpi = cpi, .encap = this->encap, + .hw_offload = this->config->has_option(this->config, OPT_HW_OFFLOAD), .esn = esn, .initiator = initiator, .inbound = inbound, @@ -826,11 +881,21 @@ METHOD(child_sa_t, install, status_t, status = charon->kernel->add_sa(charon->kernel, &id, &sa); + my_ts->destroy(my_ts); + other_ts->destroy(other_ts); free(lifetime); return status; } +METHOD(child_sa_t, install, status_t, + private_child_sa_t *this, chunk_t encr, chunk_t integ, uint32_t spi, + uint16_t cpi, bool initiator, bool inbound, bool tfcv3) +{ + return install_internal(this, encr, integ, spi, cpi, initiator, inbound, + tfcv3); +} + /** * Check kernel interface if policy updates are required */ @@ -887,34 +952,21 @@ static void prepare_sa_cfg(private_child_sa_t *this, ipsec_sa_cfg_t *my_sa, } /** - * Install 3 policies: out, in and forward + * Install inbound policie(s): in, fwd */ -static status_t install_policies_internal(private_child_sa_t *this, +static status_t install_policies_inbound(private_child_sa_t *this, host_t *my_addr, host_t *other_addr, traffic_selector_t *my_ts, traffic_selector_t *other_ts, ipsec_sa_cfg_t *my_sa, ipsec_sa_cfg_t *other_sa, policy_type_t type, policy_priority_t priority, uint32_t manual_prio) { - kernel_ipsec_policy_id_t out_id = { - .dir = POLICY_OUT, - .src_ts = my_ts, - .dst_ts = other_ts, - .mark = this->mark_out, - .interface = this->config->get_interface(this->config), - }, in_id = { + kernel_ipsec_policy_id_t in_id = { .dir = POLICY_IN, .src_ts = other_ts, .dst_ts = my_ts, .mark = this->mark_in, }; - kernel_ipsec_manage_policy_t out_policy = { - .type = type, - .prio = priority, - .manual_prio = manual_prio, - .src = my_addr, - .dst = other_addr, - .sa = other_sa, - }, in_policy = { + kernel_ipsec_manage_policy_t in_policy = { .type = type, .prio = priority, .manual_prio = manual_prio, @@ -924,13 +976,45 @@ static status_t install_policies_internal(private_child_sa_t *this, }; status_t status = SUCCESS; - status |= charon->kernel->add_policy(charon->kernel, &out_id, &out_policy); status |= charon->kernel->add_policy(charon->kernel, &in_id, &in_policy); if (this->mode != MODE_TRANSPORT) { in_id.dir = POLICY_FWD; status |= charon->kernel->add_policy(charon->kernel, &in_id, &in_policy); + } + return status; +} +/** + * Install outbound policie(s): out, [fwd] + */ +static status_t install_policies_outbound(private_child_sa_t *this, + host_t *my_addr, host_t *other_addr, traffic_selector_t *my_ts, + traffic_selector_t *other_ts, ipsec_sa_cfg_t *my_sa, + ipsec_sa_cfg_t *other_sa, policy_type_t type, + policy_priority_t priority, uint32_t manual_prio) +{ + kernel_ipsec_policy_id_t out_id = { + .dir = POLICY_OUT, + .src_ts = my_ts, + .dst_ts = other_ts, + .mark = this->mark_out, + .interface = this->config->get_interface(this->config), + }; + kernel_ipsec_manage_policy_t out_policy = { + .type = type, + .prio = priority, + .manual_prio = manual_prio, + .src = my_addr, + .dst = other_addr, + .sa = other_sa, + }; + status_t status = SUCCESS; + + status |= charon->kernel->add_policy(charon->kernel, &out_id, &out_policy); + + if (this->mode != MODE_TRANSPORT && this->policies_fwd_out) + { /* install an "outbound" FWD policy in case there is a drop policy * matching outbound forwarded traffic, to allow another tunnel to use * the reversed subnets and do the same we don't set a reqid (this also @@ -939,52 +1023,56 @@ static status_t install_policies_internal(private_child_sa_t *this, * policies of two SAs we install them with reduced priority. As they * basically act as bypass policies for drop policies we use a higher * priority than is used for them. */ - if (this->policies_fwd_out) + out_id.dir = POLICY_FWD; + other_sa->reqid = 0; + if (priority == POLICY_PRIORITY_DEFAULT) { - out_id.dir = POLICY_FWD; - other_sa->reqid = 0; - if (priority == POLICY_PRIORITY_DEFAULT) - { - out_policy.prio = POLICY_PRIORITY_ROUTED; - } - status |= charon->kernel->add_policy(charon->kernel, &out_id, - &out_policy); - /* reset the reqid for any other further policies */ - other_sa->reqid = this->reqid; + out_policy.prio = POLICY_PRIORITY_ROUTED; } + status |= charon->kernel->add_policy(charon->kernel, &out_id, + &out_policy); + /* reset the reqid for any other further policies */ + other_sa->reqid = this->reqid; } return status; } /** - * Delete 3 policies: out, in and forward + * Install all policies */ -static void del_policies_internal(private_child_sa_t *this, +static status_t install_policies_internal(private_child_sa_t *this, + host_t *my_addr, host_t *other_addr, traffic_selector_t *my_ts, + traffic_selector_t *other_ts, ipsec_sa_cfg_t *my_sa, + ipsec_sa_cfg_t *other_sa, policy_type_t type, + policy_priority_t priority, uint32_t manual_prio) +{ + status_t status = SUCCESS; + + status |= install_policies_inbound(this, my_addr, other_addr, my_ts, + other_ts, my_sa, other_sa, type, + priority, manual_prio); + status |= install_policies_outbound(this, my_addr, other_addr, my_ts, + other_ts, my_sa, other_sa, type, + priority, manual_prio); + return status; +} + +/** + * Delete inbound policies: in, fwd + */ +static void del_policies_inbound(private_child_sa_t *this, host_t *my_addr, host_t *other_addr, traffic_selector_t *my_ts, traffic_selector_t *other_ts, ipsec_sa_cfg_t *my_sa, ipsec_sa_cfg_t *other_sa, policy_type_t type, policy_priority_t priority, uint32_t manual_prio) { - kernel_ipsec_policy_id_t out_id = { - .dir = POLICY_OUT, - .src_ts = my_ts, - .dst_ts = other_ts, - .mark = this->mark_out, - .interface = this->config->get_interface(this->config), - }, in_id = { + kernel_ipsec_policy_id_t in_id = { .dir = POLICY_IN, .src_ts = other_ts, .dst_ts = my_ts, .mark = this->mark_in, }; - kernel_ipsec_manage_policy_t out_policy = { - .type = type, - .prio = priority, - .manual_prio = manual_prio, - .src = my_addr, - .dst = other_addr, - .sa = other_sa, - }, in_policy = { + kernel_ipsec_manage_policy_t in_policy = { .type = type, .prio = priority, .manual_prio = manual_prio, @@ -993,49 +1081,83 @@ static void del_policies_internal(private_child_sa_t *this, .sa = my_sa, }; - charon->kernel->del_policy(charon->kernel, &out_id, &out_policy); charon->kernel->del_policy(charon->kernel, &in_id, &in_policy); + if (this->mode != MODE_TRANSPORT) { in_id.dir = POLICY_FWD; charon->kernel->del_policy(charon->kernel, &in_id, &in_policy); + } +} - if (this->policies_fwd_out) +/** + * Delete outbound policies: out, [fwd] + */ +static void del_policies_outbound(private_child_sa_t *this, + host_t *my_addr, host_t *other_addr, traffic_selector_t *my_ts, + traffic_selector_t *other_ts, ipsec_sa_cfg_t *my_sa, + ipsec_sa_cfg_t *other_sa, policy_type_t type, + policy_priority_t priority, uint32_t manual_prio) +{ + kernel_ipsec_policy_id_t out_id = { + .dir = POLICY_OUT, + .src_ts = my_ts, + .dst_ts = other_ts, + .mark = this->mark_out, + .interface = this->config->get_interface(this->config), + }; + kernel_ipsec_manage_policy_t out_policy = { + .type = type, + .prio = priority, + .manual_prio = manual_prio, + .src = my_addr, + .dst = other_addr, + .sa = other_sa, + }; + + charon->kernel->del_policy(charon->kernel, &out_id, &out_policy); + + if (this->mode != MODE_TRANSPORT && this->policies_fwd_out) + { + out_id.dir = POLICY_FWD; + other_sa->reqid = 0; + if (priority == POLICY_PRIORITY_DEFAULT) { - out_id.dir = POLICY_FWD; - other_sa->reqid = 0; - if (priority == POLICY_PRIORITY_DEFAULT) - { - out_policy.prio = POLICY_PRIORITY_ROUTED; - } - charon->kernel->del_policy(charon->kernel, &out_id, &out_policy); - other_sa->reqid = this->reqid; + out_policy.prio = POLICY_PRIORITY_ROUTED; } + charon->kernel->del_policy(charon->kernel, &out_id, &out_policy); + other_sa->reqid = this->reqid; } } -METHOD(child_sa_t, add_policies, status_t, +/** + * Delete in- and outbound policies + */ +static void del_policies_internal(private_child_sa_t *this, + host_t *my_addr, host_t *other_addr, traffic_selector_t *my_ts, + traffic_selector_t *other_ts, ipsec_sa_cfg_t *my_sa, + ipsec_sa_cfg_t *other_sa, policy_type_t type, + policy_priority_t priority, uint32_t manual_prio) +{ + del_policies_outbound(this, my_addr, other_addr, my_ts, other_ts, my_sa, + other_sa, type, priority, manual_prio); + del_policies_inbound(this, my_addr, other_addr, my_ts, other_ts, my_sa, + other_sa, type, priority, manual_prio); +} + +METHOD(child_sa_t, set_policies, void, private_child_sa_t *this, linked_list_t *my_ts_list, linked_list_t *other_ts_list) { enumerator_t *enumerator; traffic_selector_t *my_ts, *other_ts; - status_t status = SUCCESS; - if (!this->reqid_allocated && !this->static_reqid) + if (array_count(this->my_ts)) { - /* trap policy, get or confirm reqid */ - status = charon->kernel->alloc_reqid( - charon->kernel, my_ts_list, other_ts_list, - this->mark_in, this->mark_out, &this->reqid); - if (status != SUCCESS) - { - return status; - } - this->reqid_allocated = TRUE; + array_destroy_offset(this->my_ts, + offsetof(traffic_selector_t, destroy)); + this->my_ts = array_create(0, 0); } - - /* apply traffic selectors */ enumerator = my_ts_list->create_enumerator(my_ts_list); while (enumerator->enumerate(enumerator, &my_ts)) { @@ -1044,6 +1166,12 @@ METHOD(child_sa_t, add_policies, status_t, enumerator->destroy(enumerator); array_sort(this->my_ts, (void*)traffic_selector_cmp, NULL); + if (array_count(this->other_ts)) + { + array_destroy_offset(this->other_ts, + offsetof(traffic_selector_t, destroy)); + this->other_ts = array_create(0, 0); + } enumerator = other_ts_list->create_enumerator(other_ts_list); while (enumerator->enumerate(enumerator, &other_ts)) { @@ -1051,12 +1179,40 @@ METHOD(child_sa_t, add_policies, status_t, } enumerator->destroy(enumerator); array_sort(this->other_ts, (void*)traffic_selector_cmp, NULL); +} + +METHOD(child_sa_t, install_policies, status_t, + private_child_sa_t *this) +{ + enumerator_t *enumerator; + linked_list_t *my_ts_list, *other_ts_list; + traffic_selector_t *my_ts, *other_ts; + status_t status = SUCCESS; - if (this->config->install_policy(this->config)) + if (!this->reqid_allocated && !this->static_reqid) + { + my_ts_list = linked_list_create_from_enumerator( + array_create_enumerator(this->my_ts)); + other_ts_list = linked_list_create_from_enumerator( + array_create_enumerator(this->other_ts)); + status = charon->kernel->alloc_reqid( + charon->kernel, my_ts_list, other_ts_list, + this->mark_in, this->mark_out, &this->reqid); + my_ts_list->destroy(my_ts_list); + other_ts_list->destroy(other_ts_list); + if (status != SUCCESS) + { + return status; + } + this->reqid_allocated = TRUE; + } + + if (!this->config->has_option(this->config, OPT_NO_POLICIES)) { policy_priority_t priority; ipsec_sa_cfg_t my_sa, other_sa; uint32_t manual_prio; + bool install_outbound; prepare_sa_cfg(this, &my_sa, &other_sa); manual_prio = this->config->get_manual_prio(this->config); @@ -1066,6 +1222,7 @@ METHOD(child_sa_t, add_policies, status_t, this->trap = this->state == CHILD_CREATED; priority = this->trap ? POLICY_PRIORITY_ROUTED : POLICY_PRIORITY_DEFAULT; + install_outbound = this->outbound_state != CHILD_OUTBOUND_REGISTERED; /* enumerate pairs of traffic selectors */ enumerator = create_policy_enumerator(this); @@ -1074,20 +1231,27 @@ METHOD(child_sa_t, add_policies, status_t, /* install outbound drop policy to avoid packets leaving unencrypted * when updating policies */ if (priority == POLICY_PRIORITY_DEFAULT && manual_prio == 0 && - require_policy_update()) + require_policy_update() && install_outbound) { - status |= install_policies_internal(this, this->my_addr, + status |= install_policies_outbound(this, this->my_addr, this->other_addr, my_ts, other_ts, &my_sa, &other_sa, POLICY_DROP, POLICY_PRIORITY_FALLBACK, 0); } - /* install policies */ - status |= install_policies_internal(this, this->my_addr, + status |= install_policies_inbound(this, this->my_addr, this->other_addr, my_ts, other_ts, &my_sa, &other_sa, POLICY_IPSEC, priority, manual_prio); + if (install_outbound) + { + status |= install_policies_outbound(this, this->my_addr, + this->other_addr, my_ts, other_ts, + &my_sa, &other_sa, POLICY_IPSEC, + priority, manual_prio); + + } if (status != SUCCESS) { break; @@ -1103,13 +1267,150 @@ METHOD(child_sa_t, add_policies, status_t, return status; } -/** - * Callback to reinstall a virtual IP - */ -static void reinstall_vip(host_t *vip, host_t *me) +METHOD(child_sa_t, register_outbound, void, + private_child_sa_t *this, chunk_t encr, chunk_t integ, uint32_t spi, + uint16_t cpi, bool tfcv3) +{ + DBG2(DBG_CHD, "registering outbound %N SA", protocol_id_names, + this->protocol); + DBG2(DBG_CHD, " SPI 0x%.8x, src %H dst %H", ntohl(spi), this->my_addr, + this->other_addr); + + this->other_spi = spi; + this->other_cpi = cpi; + this->encr_r = chunk_clone(encr); + this->integ_r = chunk_clone(integ); + this->tfcv3 = tfcv3; + this->outbound_state = CHILD_OUTBOUND_REGISTERED; +} + +METHOD(child_sa_t, install_outbound, status_t, + private_child_sa_t *this) +{ + enumerator_t *enumerator; + traffic_selector_t *my_ts, *other_ts; + status_t status; + + status = install_internal(this, this->encr_r, this->integ_r, + this->other_spi, this->other_cpi, FALSE, FALSE, + this->tfcv3); + chunk_clear(&this->encr_r); + chunk_clear(&this->integ_r); + if (status != SUCCESS) + { + return status; + } + if (!this->config->has_option(this->config, OPT_NO_POLICIES)) + { + ipsec_sa_cfg_t my_sa, other_sa; + uint32_t manual_prio; + + prepare_sa_cfg(this, &my_sa, &other_sa); + manual_prio = this->config->get_manual_prio(this->config); + + enumerator = create_policy_enumerator(this); + while (enumerator->enumerate(enumerator, &my_ts, &other_ts)) + { + /* install outbound drop policy to avoid packets leaving unencrypted + * when updating policies */ + if (manual_prio == 0 && require_policy_update()) + { + status |= install_policies_outbound(this, this->my_addr, + this->other_addr, my_ts, other_ts, + &my_sa, &other_sa, POLICY_DROP, + POLICY_PRIORITY_FALLBACK, 0); + } + status |= install_policies_outbound(this, this->my_addr, + this->other_addr, my_ts, other_ts, + &my_sa, &other_sa, POLICY_IPSEC, + POLICY_PRIORITY_DEFAULT, manual_prio); + if (status != SUCCESS) + { + break; + } + } + enumerator->destroy(enumerator); + } + return status; +} + +METHOD(child_sa_t, remove_outbound, void, + private_child_sa_t *this) +{ + enumerator_t *enumerator; + traffic_selector_t *my_ts, *other_ts; + + switch (this->outbound_state) + { + case CHILD_OUTBOUND_INSTALLED: + break; + case CHILD_OUTBOUND_REGISTERED: + chunk_clear(&this->encr_r); + chunk_clear(&this->integ_r); + this->outbound_state = CHILD_OUTBOUND_NONE; + /* fall-through */ + case CHILD_OUTBOUND_NONE: + return; + } + + if (!this->config->has_option(this->config, OPT_NO_POLICIES)) + { + ipsec_sa_cfg_t my_sa, other_sa; + uint32_t manual_prio; + + prepare_sa_cfg(this, &my_sa, &other_sa); + manual_prio = this->config->get_manual_prio(this->config); + + enumerator = create_policy_enumerator(this); + while (enumerator->enumerate(enumerator, &my_ts, &other_ts)) + { + del_policies_outbound(this, this->my_addr, this->other_addr, + my_ts, other_ts, &my_sa, &other_sa, + POLICY_IPSEC, POLICY_PRIORITY_DEFAULT, + manual_prio); + if (manual_prio == 0 && require_policy_update()) + { + del_policies_outbound(this, this->my_addr, this->other_addr, + my_ts, other_ts, &my_sa, &other_sa, + POLICY_DROP, POLICY_PRIORITY_FALLBACK, 0); + } + } + enumerator->destroy(enumerator); + } + + kernel_ipsec_sa_id_t id = { + .src = this->my_addr, + .dst = this->other_addr, + .spi = this->other_spi, + .proto = proto_ike2ip(this->protocol), + .mark = this->mark_out, + }; + kernel_ipsec_del_sa_t sa = { + .cpi = this->other_cpi, + }; + charon->kernel->del_sa(charon->kernel, &id, &sa); + this->outbound_state = CHILD_OUTBOUND_NONE; +} + +METHOD(child_sa_t, set_rekey_spi, void, + private_child_sa_t *this, uint32_t spi) +{ + this->rekey_spi = spi; +} + +METHOD(child_sa_t, get_rekey_spi, uint32_t, + private_child_sa_t *this) { + return this->rekey_spi; +} + +CALLBACK(reinstall_vip, void, + host_t *vip, va_list args) +{ + host_t *me; char *iface; + VA_ARGS_VGET(args, me); if (charon->kernel->get_interface(charon->kernel, me, &iface)) { charon->kernel->del_ip(charon->kernel, vip, -1, TRUE); @@ -1134,8 +1435,9 @@ METHOD(child_sa_t, update, status_t, old = this->state; set_state(this, CHILD_UPDATING); - transport_proxy_mode = this->config->use_proxy_mode(this->config) && - this->mode == MODE_TRANSPORT; + transport_proxy_mode = this->mode == MODE_TRANSPORT && + this->config->has_option(this->config, + OPT_PROXY_MODE); if (!transport_proxy_mode) { @@ -1189,7 +1491,8 @@ METHOD(child_sa_t, update, status_t, } } - if (this->config->install_policy(this->config) && require_policy_update()) + if (!this->config->has_option(this->config, OPT_NO_POLICIES) && + require_policy_update()) { if (!me->ip_equals(me, this->my_addr) || !other->ip_equals(other, this->other_addr)) @@ -1229,7 +1532,7 @@ METHOD(child_sa_t, update, status_t, /* we reinstall the virtual IP to handle interface roaming * correctly */ - vips->invoke_function(vips, (void*)reinstall_vip, me); + vips->invoke_function(vips, reinstall_vip, me); /* reinstall updated policies */ install_policies_internal(this, me, other, my_ts, other_ts, @@ -1239,12 +1542,12 @@ METHOD(child_sa_t, update, status_t, /* update fallback policies after the new policy is in place */ if (manual_prio == 0) { - del_policies_internal(this, this->my_addr, this->other_addr, + del_policies_outbound(this, this->my_addr, this->other_addr, old_my_ts ?: my_ts, old_other_ts ?: other_ts, &my_sa, &other_sa, POLICY_DROP, POLICY_PRIORITY_FALLBACK, 0); - install_policies_internal(this, me, other, my_ts, other_ts, + install_policies_outbound(this, me, other, my_ts, other_ts, &my_sa, &other_sa, POLICY_DROP, POLICY_PRIORITY_FALLBACK, 0); } @@ -1287,25 +1590,35 @@ METHOD(child_sa_t, destroy, void, set_state(this, CHILD_DESTROYING); - if (this->config->install_policy(this->config)) + if (!this->config->has_option(this->config, OPT_NO_POLICIES)) { ipsec_sa_cfg_t my_sa, other_sa; uint32_t manual_prio; + bool del_outbound; prepare_sa_cfg(this, &my_sa, &other_sa); manual_prio = this->config->get_manual_prio(this->config); + del_outbound = this->trap || + this->outbound_state == CHILD_OUTBOUND_INSTALLED; /* delete all policies in the kernel */ enumerator = create_policy_enumerator(this); while (enumerator->enumerate(enumerator, &my_ts, &other_ts)) { - del_policies_internal(this, this->my_addr, this->other_addr, - my_ts, other_ts, &my_sa, &other_sa, - POLICY_IPSEC, priority, manual_prio); - if (priority == POLICY_PRIORITY_DEFAULT && manual_prio == 0 && - require_policy_update()) + if (del_outbound) { - del_policies_internal(this, this->my_addr, this->other_addr, + del_policies_outbound(this, this->my_addr, + this->other_addr, my_ts, other_ts, + &my_sa, &other_sa, POLICY_IPSEC, + priority, manual_prio); + } + del_policies_inbound(this, this->my_addr, this->other_addr, + my_ts, other_ts, &my_sa, &other_sa, + POLICY_IPSEC, priority, manual_prio); + if (!this->trap && manual_prio == 0 && require_policy_update() && + del_outbound) + { + del_policies_outbound(this, this->my_addr, this->other_addr, my_ts, other_ts, &my_sa, &other_sa, POLICY_DROP, POLICY_PRIORITY_FALLBACK, 0); } @@ -1327,7 +1640,7 @@ METHOD(child_sa_t, destroy, void, }; charon->kernel->del_sa(charon->kernel, &id, &sa); } - if (this->other_spi) + if (this->other_spi && this->outbound_state == CHILD_OUTBOUND_INSTALLED) { kernel_ipsec_sa_id_t id = { .src = this->my_addr, @@ -1357,6 +1670,8 @@ METHOD(child_sa_t, destroy, void, this->other_addr->destroy(this->other_addr); DESTROY_IF(this->proposal); this->config->destroy(this->config); + chunk_clear(&this->encr_r); + chunk_clear(&this->integ_r); free(this); } @@ -1414,6 +1729,7 @@ child_sa_t * child_sa_create(host_t *me, host_t* other, .get_config = _get_config, .get_state = _get_state, .set_state = _set_state, + .get_outbound_state = _get_outbound_state, .get_spi = _get_spi, .get_cpi = _get_cpi, .get_protocol = _get_protocol, @@ -1436,8 +1752,14 @@ child_sa_t * child_sa_create(host_t *me, host_t* other, .alloc_spi = _alloc_spi, .alloc_cpi = _alloc_cpi, .install = _install, + .register_outbound = _register_outbound, + .install_outbound = _install_outbound, + .remove_outbound = _remove_outbound, + .set_rekey_spi = _set_rekey_spi, + .get_rekey_spi = _get_rekey_spi, .update = _update, - .add_policies = _add_policies, + .set_policies = _set_policies, + .install_policies = _install_policies, .create_ts_enumerator = _create_ts_enumerator, .create_policy_enumerator = _create_policy_enumerator, .destroy = _destroy, @@ -1456,7 +1778,7 @@ child_sa_t * child_sa_create(host_t *me, host_t* other, .mark_in = config->get_mark(config, TRUE), .mark_out = config->get_mark(config, FALSE), .install_time = time_monotonic(NULL), - .policies_fwd_out = config->install_fwd_out_policy(config), + .policies_fwd_out = config->has_option(config, OPT_FWD_OUT_POLICIES), ); this->config = config; @@ -1509,7 +1831,7 @@ child_sa_t * child_sa_create(host_t *me, host_t* other, /* MIPv6 proxy transport mode sets SA endpoints to TS hosts */ if (config->get_mode(config) == MODE_TRANSPORT && - config->use_proxy_mode(config)) + config->has_option(config, OPT_PROXY_MODE)) { this->mode = MODE_TRANSPORT; diff --git a/src/libcharon/sa/child_sa.h b/src/libcharon/sa/child_sa.h index bc7df996a..b9a913da1 100644 --- a/src/libcharon/sa/child_sa.h +++ b/src/libcharon/sa/child_sa.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2006-2008 Tobias Brunner + * Copyright (C) 2006-2017 Tobias Brunner * Copyright (C) 2006-2008 Martin Willi * Copyright (C) 2006 Daniel Roethlisberger - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -24,6 +24,7 @@ #define CHILD_SA_H_ typedef enum child_sa_state_t child_sa_state_t; +typedef enum child_sa_outbound_state_t child_sa_outbound_state_t; typedef struct child_sa_t child_sa_t; #include @@ -53,7 +54,7 @@ enum child_sa_state_t { CHILD_INSTALLING, /** - * Installed an in-use CHILD_SA + * Installed both SAs of a CHILD_SA */ CHILD_INSTALLED, @@ -93,6 +94,32 @@ enum child_sa_state_t { */ extern enum_name_t *child_sa_state_names; +/** + * States of the outbound SA of a CHILD_SA + */ +enum child_sa_outbound_state_t { + + /** + * Outbound SA is not installed + */ + CHILD_OUTBOUND_NONE, + + /** + * Data for the outbound SA has been registered, but not installed yet + */ + CHILD_OUTBOUND_REGISTERED, + + /** + * The outbound SA is currently installed + */ + CHILD_OUTBOUND_INSTALLED, +}; + +/** + * enum strings for child_sa_outbound_state_t. + */ +extern enum_name_t *child_sa_outbound_state_names; + /** * Represents an IPsec SAs between two hosts. * @@ -152,7 +179,14 @@ struct child_sa_t { * * @return CHILD_SA state */ - child_sa_state_t (*get_state) (child_sa_t *this); + child_sa_state_t (*get_state)(child_sa_t *this); + + /** + * Get the state of the outbound SA. + * + * @return outbound SA state + */ + child_sa_outbound_state_t (*get_outbound_state)(child_sa_t *this); /** * Set the state of the CHILD_SA. @@ -347,6 +381,8 @@ struct child_sa_t { /** * Install an IPsec SA for one direction. * + * set_policies() should be called before calling this. + * * @param encr encryption key, if any * @param integ integrity key * @param spi SPI to use, allocated for inbound @@ -354,26 +390,84 @@ struct child_sa_t { * @param initiator TRUE if initiator of exchange resulting in this SA * @param inbound TRUE to install an inbound SA, FALSE for outbound * @param tfcv3 TRUE if peer supports ESPv3 TFC - * @param my_ts negotiated local traffic selector list - * @param other_ts negotiated remote traffic selector list * @return SUCCESS or FAILED */ status_t (*install)(child_sa_t *this, chunk_t encr, chunk_t integ, uint32_t spi, uint16_t cpi, - bool initiator, bool inbound, bool tfcv3, - linked_list_t *my_ts, linked_list_t *other_ts); + bool initiator, bool inbound, bool tfcv3); + + /** + * Register data for the installation of an outbound SA as responder during + * a rekeying. + * + * The SA is not installed until install_outbound() is called. + * + * @param encr encryption key, if any (cloned) + * @param integ integrity key (cloned) + * @param spi SPI to use, allocated for inbound + * @param cpi CPI to use, allocated for outbound + * @param tfcv3 TRUE if peer supports ESPv3 TFC + */ + void (*register_outbound)(child_sa_t *this, chunk_t encr, chunk_t integ, + uint32_t spi, uint16_t cpi, bool tfcv3); + + /** + * Install the outbound SA and the outbound policies as responder during a + * rekeying. + * + * @return SUCCESS or FAILED + */ + status_t (*install_outbound)(child_sa_t *this); + + /** + * Remove the outbound SA and the outbound policies after a rekeying. + */ + void (*remove_outbound)(child_sa_t *this); + /** - * Install the policies using some traffic selectors. + * Configure the policies using some traffic selectors. * * Supplied lists of traffic_selector_t's specify the policies * to use for this child sa. * - * @param my_ts traffic selectors for local site - * @param other_ts traffic selectors for remote site + * Install the policies by calling install_policies(). + * + * This should be called before calling install() so the traffic selectors + * may be passed to the kernel interface when installing the SAs. + * + * @param my_ts traffic selectors for local site (cloned) + * @param other_ts traffic selectors for remote site (cloned) + */ + void (*set_policies)(child_sa_t *this, linked_list_t *my_ts_list, + linked_list_t *other_ts_list); + + /** + * Install the configured policies. + * + * If register_outbound() was called previously this only installs the + * inbound and forward policies, the outbound policies are installed when + * install_outbound() is called. + * * @return SUCCESS or FAILED */ - status_t (*add_policies)(child_sa_t *this, linked_list_t *my_ts_list, - linked_list_t *other_ts_list); + status_t (*install_policies)(child_sa_t *this); + + /** + * Set the outbound SPI of the CHILD_SA that replaced this CHILD_SA during + * a rekeying. + * + * @param spi outbound SPI of the CHILD_SA that replaced this CHILD_SA + */ + void (*set_rekey_spi)(child_sa_t *this, uint32_t spi); + + /** + * Get the outbound SPI of the CHILD_SA that replaced this CHILD_SA during + * a rekeying. + * + * @return outbound SPI of the CHILD_SA that replaced this CHILD_SA + */ + uint32_t (*get_rekey_spi)(child_sa_t *this); + /** * Update hosts and ecapulation mode in the kernel SAs and policies. * diff --git a/src/libcharon/sa/eap/eap_manager.c b/src/libcharon/sa/eap/eap_manager.c index e4fcbc8f0..b2a57ccfb 100644 --- a/src/libcharon/sa/eap/eap_manager.c +++ b/src/libcharon/sa/eap/eap_manager.c @@ -105,31 +105,38 @@ METHOD(eap_manager_t, remove_method, void, this->lock->unlock(this->lock); } -/** - * filter the registered methods - */ -static bool filter_methods(uintptr_t role, eap_entry_t **entry, - eap_type_t *type, void *in, uint32_t *vendor) +CALLBACK(filter_methods, bool, + uintptr_t role, enumerator_t *orig, va_list args) { - if ((*entry)->role != (eap_role_t)role) - { - return FALSE; - } - if ((*entry)->vendor == 0 && - ((*entry)->type < 4 || (*entry)->type == EAP_EXPANDED || - (*entry)->type > EAP_EXPERIMENTAL)) - { /* filter invalid types */ - return FALSE; - } - if (type) - { - *type = (*entry)->type; - } - if (vendor) + eap_entry_t *entry; + eap_type_t *type; + uint32_t *vendor; + + VA_ARGS_VGET(args, type, vendor); + + while (orig->enumerate(orig, &entry)) { - *vendor = (*entry)->vendor; + if (entry->role != (eap_role_t)role) + { + continue; + } + if (entry->vendor == 0 && + (entry->type < 4 || entry->type == EAP_EXPANDED || + entry->type > EAP_EXPERIMENTAL)) + { /* filter invalid types */ + continue; + } + if (type) + { + *type = entry->type; + } + if (vendor) + { + *vendor = entry->vendor; + } + return TRUE; } - return TRUE; + return FALSE; } METHOD(eap_manager_t, create_enumerator, enumerator_t*, @@ -139,7 +146,7 @@ METHOD(eap_manager_t, create_enumerator, enumerator_t*, return enumerator_create_cleaner( enumerator_create_filter( this->methods->create_enumerator(this->methods), - (void*)filter_methods, (void*)(uintptr_t)role, NULL), + filter_methods, (void*)(uintptr_t)role, NULL), (void*)this->lock->unlock, this->lock); } diff --git a/src/libcharon/sa/ike_sa.c b/src/libcharon/sa/ike_sa.c index 76e10691f..045858792 100644 --- a/src/libcharon/sa/ike_sa.c +++ b/src/libcharon/sa/ike_sa.c @@ -1200,12 +1200,20 @@ METHOD(ike_sa_t, generate_message, status_t, return status; } -static bool filter_fragments(private_ike_sa_t *this, packet_t **fragment, - packet_t **packet) +CALLBACK(filter_fragments, bool, + private_ike_sa_t *this, enumerator_t *orig, va_list args) { - *packet = (*fragment)->clone(*fragment); - set_dscp(this, *packet); - return TRUE; + packet_t *fragment, **packet; + + VA_ARGS_VGET(args, packet); + + if (orig->enumerate(orig, &fragment)) + { + *packet = fragment->clone(fragment); + set_dscp(this, *packet); + return TRUE; + } + return FALSE; } METHOD(ike_sa_t, generate_message_fragmented, status_t, @@ -1265,7 +1273,7 @@ METHOD(ike_sa_t, generate_message_fragmented, status_t, { charon->bus->message(charon->bus, message, FALSE, FALSE); } - *packets = enumerator_create_filter(fragments, (void*)filter_fragments, + *packets = enumerator_create_filter(fragments, filter_fragments, this, NULL); } return status; @@ -1699,8 +1707,11 @@ typedef struct { } child_enumerator_t; METHOD(enumerator_t, child_enumerate, bool, - child_enumerator_t *this, child_sa_t **child_sa) + child_enumerator_t *this, va_list args) { + child_sa_t **child_sa; + + VA_ARGS_VGET(args, child_sa); if (this->inner->enumerate(this->inner, &this->current)) { *child_sa = this->current; @@ -1723,7 +1734,8 @@ METHOD(ike_sa_t, create_child_sa_enumerator, enumerator_t*, INIT(enumerator, .public = { - .enumerate = (void*)_child_enumerate, + .enumerate = enumerator_enumerate_default, + .venumerate = _child_enumerate, .destroy = _child_enumerator_destroy, }, .inner = array_create_enumerator(this->child_sas), @@ -2619,24 +2631,31 @@ METHOD(ike_sa_t, add_configuration_attribute, void, array_insert(this->attributes, ARRAY_TAIL, &entry); } -/** - * Enumerator filter for attributes - */ -static bool filter_attribute(void *null, attribute_entry_t **in, - configuration_attribute_type_t *type, void *in2, - chunk_t *data, void *in3, bool *handled) +CALLBACK(filter_attribute, bool, + void *null, enumerator_t *orig, va_list args) { - *type = (*in)->type; - *data = (*in)->data; - *handled = (*in)->handler != NULL; - return TRUE; + attribute_entry_t *entry; + configuration_attribute_type_t *type; + chunk_t *data; + bool *handled; + + VA_ARGS_VGET(args, type, data, handled); + + if (orig->enumerate(orig, &entry)) + { + *type = entry->type; + *data = entry->data; + *handled = entry->handler != NULL; + return TRUE; + } + return FALSE; } METHOD(ike_sa_t, create_attribute_enumerator, enumerator_t*, private_ike_sa_t *this) { return enumerator_create_filter(array_create_enumerator(this->attributes), - (void*)filter_attribute, NULL, NULL); + filter_attribute, NULL, NULL); } METHOD(ike_sa_t, create_task_enumerator, enumerator_t*, diff --git a/src/libcharon/sa/ike_sa_manager.c b/src/libcharon/sa/ike_sa_manager.c index 6bd49a086..c0bfebb83 100644 --- a/src/libcharon/sa/ike_sa_manager.c +++ b/src/libcharon/sa/ike_sa_manager.c @@ -151,8 +151,10 @@ static entry_t *entry_create() /** * Function that matches entry_t objects by ike_sa_id_t. */ -static bool entry_match_by_id(entry_t *entry, ike_sa_id_t *id) +static bool entry_match_by_id(entry_t *entry, void *arg) { + ike_sa_id_t *id = arg; + if (id->equals(id, entry->ike_sa_id)) { return TRUE; @@ -172,7 +174,7 @@ static bool entry_match_by_id(entry_t *entry, ike_sa_id_t *id) /** * Function that matches entry_t objects by ike_sa_t pointers. */ -static bool entry_match_by_sa(entry_t *entry, ike_sa_t *ike_sa) +static bool entry_match_by_sa(entry_t *entry, void *ike_sa) { return entry->ike_sa == ike_sa; } @@ -276,9 +278,6 @@ typedef struct segment_t segment_t; struct segment_t { /** mutex to access a segment exclusively */ mutex_t *mutex; - - /** the number of entries in this segment */ - u_int count; }; typedef struct shareable_segment_t shareable_segment_t; @@ -370,6 +369,11 @@ struct private_ike_sa_manager_t { */ refcount_t half_open_count_responder; + /** + * Total number of IKE_SAs registered with IKE_SA manager. + */ + refcount_t total_sa_count; + /** * Hash table with connected_peers_t objects. */ @@ -511,8 +515,13 @@ struct private_enumerator_t { }; METHOD(enumerator_t, enumerate, bool, - private_enumerator_t *this, entry_t **entry, u_int *segment) + private_enumerator_t *this, va_list args) { + entry_t **entry; + u_int *segment; + + VA_ARGS_VGET(args, entry, segment); + if (this->entry) { this->entry->condvar->signal(this->entry->condvar); @@ -570,7 +579,8 @@ static enumerator_t* create_table_enumerator(private_ike_sa_manager_t *this) INIT(enumerator, .enumerator = { - .enumerate = (void*)_enumerate, + .enumerate = enumerator_enumerate_default, + .venumerate = _enumerate, .destroy = _enumerator_destroy, }, .manager = this, @@ -601,7 +611,7 @@ static u_int put_entry(private_ike_sa_manager_t *this, entry_t *entry) item->next = current; } this->ike_sa_table[row] = item; - this->segments[segment].count++; + ref_get(&this->total_sa_count); return segment; } @@ -612,10 +622,9 @@ static u_int put_entry(private_ike_sa_manager_t *this, entry_t *entry) static void remove_entry(private_ike_sa_manager_t *this, entry_t *entry) { table_item_t *item, *prev = NULL; - u_int row, segment; + u_int row; row = ike_sa_id_hash(entry->ike_sa_id) & this->table_mask; - segment = row & this->segment_mask; item = this->ike_sa_table[row]; while (item) { @@ -629,7 +638,7 @@ static void remove_entry(private_ike_sa_manager_t *this, entry_t *entry) { this->ike_sa_table[row] = item->next; } - this->segments[segment].count--; + ignore_result(ref_put(&this->total_sa_count)); free(item); break; } @@ -648,7 +657,7 @@ static void remove_entry_at(private_enumerator_t *this) { table_item_t *current = this->current; - this->manager->segments[this->segment].count--; + ignore_result(ref_put(&this->manager->total_sa_count)); this->current = this->prev; if (this->prev) @@ -670,7 +679,7 @@ static void remove_entry_at(private_enumerator_t *this) */ static status_t get_entry_by_match_function(private_ike_sa_manager_t *this, ike_sa_id_t *ike_sa_id, entry_t **entry, u_int *segment, - linked_list_match_t match, void *param) + bool (*match)(entry_t*,void*), void *param) { table_item_t *item; u_int row, seg; @@ -703,7 +712,7 @@ static status_t get_entry_by_id(private_ike_sa_manager_t *this, ike_sa_id_t *ike_sa_id, entry_t **entry, u_int *segment) { return get_entry_by_match_function(this, ike_sa_id, entry, segment, - (linked_list_match_t)entry_match_by_id, ike_sa_id); + entry_match_by_id, ike_sa_id); } /** @@ -714,7 +723,7 @@ static status_t get_entry_by_sa(private_ike_sa_manager_t *this, ike_sa_id_t *ike_sa_id, ike_sa_t *ike_sa, entry_t **entry, u_int *segment) { return get_entry_by_match_function(this, ike_sa_id, entry, segment, - (linked_list_match_t)entry_match_by_sa, ike_sa); + entry_match_by_sa, ike_sa); } /** @@ -851,6 +860,15 @@ static void remove_half_open(private_ike_sa_manager_t *this, entry_t *entry) lock->unlock(lock); } +CALLBACK(id_matches, bool, + ike_sa_id_t *a, va_list args) +{ + ike_sa_id_t *b; + + VA_ARGS_VGET(args, b); + return a->equals(a, b); +} + /** * Put an SA between two peers into the hash table. */ @@ -879,8 +897,7 @@ static void put_connected_peers(private_ike_sa_manager_t *this, entry_t *entry) entry->other_id, family)) { if (connected_peers->sas->find_first(connected_peers->sas, - (linked_list_match_t)entry->ike_sa_id->equals, - NULL, entry->ike_sa_id) == SUCCESS) + id_matches, NULL, entry->ike_sa_id)) { lock->unlock(lock); return; @@ -1555,42 +1572,52 @@ METHOD(ike_sa_manager_t, checkout_by_name, ike_sa_t*, return ike_sa; } -/** - * enumerator filter function, waiting variant - */ -static bool enumerator_filter_wait(private_ike_sa_manager_t *this, - entry_t **in, ike_sa_t **out, u_int *segment) +CALLBACK(enumerator_filter_wait, bool, + private_ike_sa_manager_t *this, enumerator_t *orig, va_list args) { - if (wait_for_entry(this, *in, *segment)) + entry_t *entry; + u_int segment; + ike_sa_t **out; + + VA_ARGS_VGET(args, out); + + while (orig->enumerate(orig, &entry, &segment)) { - *out = (*in)->ike_sa; - charon->bus->set_sa(charon->bus, *out); - return TRUE; + if (wait_for_entry(this, entry, segment)) + { + *out = entry->ike_sa; + charon->bus->set_sa(charon->bus, *out); + return TRUE; + } } return FALSE; } -/** - * enumerator filter function, skipping variant - */ -static bool enumerator_filter_skip(private_ike_sa_manager_t *this, - entry_t **in, ike_sa_t **out, u_int *segment) +CALLBACK(enumerator_filter_skip, bool, + private_ike_sa_manager_t *this, enumerator_t *orig, va_list args) { - if (!(*in)->driveout_new_threads && - !(*in)->driveout_waiting_threads && - !(*in)->checked_out) + entry_t *entry; + u_int segment; + ike_sa_t **out; + + VA_ARGS_VGET(args, out); + + while (orig->enumerate(orig, &entry, &segment)) { - *out = (*in)->ike_sa; - charon->bus->set_sa(charon->bus, *out); - return TRUE; + if (!entry->driveout_new_threads && + !entry->driveout_waiting_threads && + !entry->checked_out) + { + *out = entry->ike_sa; + charon->bus->set_sa(charon->bus, *out); + return TRUE; + } } return FALSE; } -/** - * Reset threads SA after enumeration - */ -static void reset_sa(void *data) +CALLBACK(reset_sa, void, + void *data) { charon->bus->set_sa(charon->bus, NULL); } @@ -2034,17 +2061,7 @@ METHOD(ike_sa_manager_t, has_contact, bool, METHOD(ike_sa_manager_t, get_count, u_int, private_ike_sa_manager_t *this) { - u_int segment, count = 0; - mutex_t *mutex; - - for (segment = 0; segment < this->segment_count; segment++) - { - mutex = this->segments[segment & this->segment_mask].mutex; - mutex->lock(mutex); - count += this->segments[segment].count; - mutex->unlock(mutex); - } - return count; + return (u_int)ref_cur(&this->total_sa_count); } METHOD(ike_sa_manager_t, get_half_open_count, u_int, diff --git a/src/libcharon/sa/ikev1/task_manager_v1.c b/src/libcharon/sa/ikev1/task_manager_v1.c index 1da17ee50..48ec3e7f5 100644 --- a/src/libcharon/sa/ikev1/task_manager_v1.c +++ b/src/libcharon/sa/ikev1/task_manager_v1.c @@ -209,6 +209,16 @@ struct private_task_manager_t { */ double retransmit_base; + /** + * Jitter to apply to calculated retransmit timeout (in percent) + */ + u_int retransmit_jitter; + + /** + * Limit retransmit timeout to this value + */ + uint32_t retransmit_limit; + /** * Sequence number for sending DPD requests */ @@ -345,7 +355,7 @@ static status_t retransmit_packet(private_task_manager_t *this, uint32_t seqnr, u_int mid, u_int retransmitted, array_t *packets) { packet_t *packet; - uint32_t t; + uint32_t t, max_jitter; array_get(packets, 0, &packet); if (retransmitted > this->retransmit_tries) @@ -356,6 +366,15 @@ static status_t retransmit_packet(private_task_manager_t *this, uint32_t seqnr, } t = (uint32_t)(this->retransmit_timeout * 1000.0 * pow(this->retransmit_base, retransmitted)); + if (this->retransmit_limit) + { + t = min(t, this->retransmit_limit); + } + if (this->retransmit_jitter) + { + max_jitter = (t / 100.0) * this->retransmit_jitter; + t -= max_jitter * (random() / (RAND_MAX + 1.0)); + } if (retransmitted) { DBG1(DBG_IKE, "sending retransmit %u of %s message ID %u, seq %u", @@ -2034,11 +2053,15 @@ task_manager_v1_t *task_manager_v1_create(ike_sa_t *ike_sa) .active_tasks = linked_list_create(), .passive_tasks = linked_list_create(), .retransmit_tries = lib->settings->get_int(lib->settings, - "%s.retransmit_tries", RETRANSMIT_TRIES, lib->ns), + "%s.retransmit_tries", RETRANSMIT_TRIES, lib->ns), .retransmit_timeout = lib->settings->get_double(lib->settings, - "%s.retransmit_timeout", RETRANSMIT_TIMEOUT, lib->ns), + "%s.retransmit_timeout", RETRANSMIT_TIMEOUT, lib->ns), .retransmit_base = lib->settings->get_double(lib->settings, - "%s.retransmit_base", RETRANSMIT_BASE, lib->ns), + "%s.retransmit_base", RETRANSMIT_BASE, lib->ns), + .retransmit_jitter = min(lib->settings->get_int(lib->settings, + "%s.retransmit_jitter", 0, lib->ns), RETRANSMIT_JITTER_MAX), + .retransmit_limit = lib->settings->get_int(lib->settings, + "%s.retransmit_limit", 0, lib->ns) * 1000, ); if (!this->rng) diff --git a/src/libcharon/sa/ikev1/tasks/quick_mode.c b/src/libcharon/sa/ikev1/tasks/quick_mode.c index bbb885850..8be82ebe2 100644 --- a/src/libcharon/sa/ikev1/tasks/quick_mode.c +++ b/src/libcharon/sa/ikev1/tasks/quick_mode.c @@ -325,6 +325,17 @@ static bool install(private_quick_mode_t *this) return FALSE; } + if (this->initiator) + { + this->child_sa->set_policies(this->child_sa, tsi, tsr); + } + else + { + this->child_sa->set_policies(this->child_sa, tsr, tsi); + } + tsi->destroy_offset(tsi, offsetof(traffic_selector_t, destroy)); + tsr->destroy_offset(tsr, offsetof(traffic_selector_t, destroy)); + if (this->keymat->derive_child_keys(this->keymat, this->proposal, this->dh, this->spi_i, this->spi_r, this->nonce_i, this->nonce_r, &encr_i, &integ_i, &encr_r, &integ_r)) @@ -333,19 +344,19 @@ static bool install(private_quick_mode_t *this) { status_i = this->child_sa->install(this->child_sa, encr_r, integ_r, this->spi_i, this->cpi_i, - this->initiator, TRUE, FALSE, tsi, tsr); + this->initiator, TRUE, FALSE); status_o = this->child_sa->install(this->child_sa, encr_i, integ_i, this->spi_r, this->cpi_r, - this->initiator, FALSE, FALSE, tsi, tsr); + this->initiator, FALSE, FALSE); } else { status_i = this->child_sa->install(this->child_sa, encr_i, integ_i, this->spi_r, this->cpi_r, - this->initiator, TRUE, FALSE, tsr, tsi); + this->initiator, TRUE, FALSE); status_o = this->child_sa->install(this->child_sa, encr_r, integ_r, this->spi_i, this->cpi_i, - this->initiator, FALSE, FALSE, tsr, tsi); + this->initiator, FALSE, FALSE); } } @@ -355,22 +366,12 @@ static bool install(private_quick_mode_t *this) (status_i != SUCCESS) ? "inbound " : "", (status_i != SUCCESS && status_o != SUCCESS) ? "and ": "", (status_o != SUCCESS) ? "outbound " : ""); - tsi->destroy_offset(tsi, offsetof(traffic_selector_t, destroy)); - tsr->destroy_offset(tsr, offsetof(traffic_selector_t, destroy)); status = FAILED; } else { - if (this->initiator) - { - status = this->child_sa->add_policies(this->child_sa, tsi, tsr); - } - else - { - status = this->child_sa->add_policies(this->child_sa, tsr, tsi); - } - tsi->destroy_offset(tsi, offsetof(traffic_selector_t, destroy)); - tsr->destroy_offset(tsr, offsetof(traffic_selector_t, destroy)); + status = this->child_sa->install_policies(this->child_sa); + if (status != SUCCESS) { DBG1(DBG_IKE, "unable to install IPsec policies (SPD) in kernel"); @@ -853,7 +854,7 @@ METHOD(task_t, build_i, status_t, add_nat_oa_payloads(this, message); } - if (this->config->use_ipcomp(this->config)) + if (this->config->has_option(this->config, OPT_IPCOMP)) { this->cpi_i = this->child_sa->alloc_cpi(this->child_sa); if (!this->cpi_i) @@ -1108,7 +1109,7 @@ METHOD(task_t, process_r, status_t, return send_notify(this, INVALID_ID_INFORMATION); } - if (this->config->use_ipcomp(this->config)) + if (this->config->has_option(this->config, OPT_IPCOMP)) { list = sa_payload->get_ipcomp_proposals(sa_payload, &this->cpi_i); diff --git a/src/libcharon/sa/ikev2/connect_manager.c b/src/libcharon/sa/ikev2/connect_manager.c index 280796d8c..35856788c 100644 --- a/src/libcharon/sa/ikev2/connect_manager.c +++ b/src/libcharon/sa/ikev2/connect_manager.c @@ -450,22 +450,21 @@ static initiate_data_t *initiate_data_create(check_list_t *checklist, return this; } -/** - * Find an initiated connection by the peers' ids - */ -static bool match_initiated_by_ids(initiated_t *current, identification_t *id, - identification_t *peer_id) +CALLBACK(match_initiated_by_ids, bool, + initiated_t *current, va_list args) { + identification_t *id, *peer_id; + + VA_ARGS_VGET(args, id, peer_id); return id->equals(id, current->id) && peer_id->equals(peer_id, current->peer_id); } -static status_t get_initiated_by_ids(private_connect_manager_t *this, - identification_t *id, - identification_t *peer_id, - initiated_t **initiated) +static bool get_initiated_by_ids(private_connect_manager_t *this, + identification_t *id, + identification_t *peer_id, + initiated_t **initiated) { - return this->initiated->find_first(this->initiated, - (linked_list_match_t)match_initiated_by_ids, + return this->initiated->find_first(this->initiated, match_initiated_by_ids, (void**)initiated, id, peer_id); } @@ -490,21 +489,20 @@ static void remove_initiated(private_connect_manager_t *this, enumerator->destroy(enumerator); } -/** - * Find the checklist with a specific connect ID - */ -static bool match_checklist_by_id(check_list_t *current, chunk_t *connect_id) +CALLBACK(match_checklist_by_id, bool, + check_list_t *current, va_list args) { - return chunk_equals(*connect_id, current->connect_id); + chunk_t connect_id; + + VA_ARGS_VGET(args, connect_id); + return chunk_equals(connect_id, current->connect_id); } -static status_t get_checklist_by_id(private_connect_manager_t *this, - chunk_t connect_id, - check_list_t **check_list) +static bool get_checklist_by_id(private_connect_manager_t *this, + chunk_t connect_id, check_list_t **check_list) { - return this->checklists->find_first(this->checklists, - (linked_list_match_t)match_checklist_by_id, - (void**)check_list, &connect_id); + return this->checklists->find_first(this->checklists, match_checklist_by_id, + (void**)check_list, connect_id); } /** @@ -528,19 +526,19 @@ static void remove_checklist(private_connect_manager_t *this, enumerator->destroy(enumerator); } -/** - * Checks if a list of endpoint_notify_t contains a certain host_t - */ -static bool match_endpoint_by_host(endpoint_notify_t *current, host_t *host) +CALLBACK(match_endpoint_by_host, bool, + endpoint_notify_t *current, va_list args) { + host_t *host; + + VA_ARGS_VGET(args, host); return host->equals(host, current->get_host(current)); } -static status_t endpoints_contain(linked_list_t *endpoints, host_t *host, +static bool endpoints_contain(linked_list_t *endpoints, host_t *host, endpoint_notify_t **endpoint) { - return endpoints->find_first(endpoints, - (linked_list_match_t)match_endpoint_by_host, + return endpoints->find_first(endpoints, match_endpoint_by_host, (void**)endpoint, host); } @@ -560,39 +558,44 @@ static void insert_pair_by_priority(linked_list_t *pairs, endpoint_pair_t *pair) enumerator->destroy(enumerator); } -/** - * Searches a list of endpoint_pair_t for a pair with specific host_ts - */ -static bool match_pair_by_hosts(endpoint_pair_t *current, host_t *local, - host_t *remote) +CALLBACK(match_pair_by_hosts, bool, + endpoint_pair_t *current, va_list args) { - return local->equals(local, current->local) && remote->equals(remote, current->remote); + host_t *local, *remote; + + VA_ARGS_VGET(args, local, remote); + return local->equals(local, current->local) && + remote->equals(remote, current->remote); } -static status_t get_pair_by_hosts(linked_list_t *pairs, host_t *local, - host_t *remote, endpoint_pair_t **pair) +static bool get_pair_by_hosts(linked_list_t *pairs, host_t *local, + host_t *remote, endpoint_pair_t **pair) { - return pairs->find_first(pairs, (linked_list_match_t)match_pair_by_hosts, - (void**)pair, local, remote); + return pairs->find_first(pairs, match_pair_by_hosts, (void**)pair, local, + remote); } -static bool match_pair_by_id(endpoint_pair_t *current, uint32_t *id) +CALLBACK(match_pair_by_id, bool, + endpoint_pair_t *current, va_list args) { - return current->id == *id; + uint32_t id; + + VA_ARGS_VGET(args, id); + return current->id == id; } /** * Searches for a pair with a specific id */ -static status_t get_pair_by_id(check_list_t *checklist, uint32_t id, - endpoint_pair_t **pair) +static bool get_pair_by_id(check_list_t *checklist, uint32_t id, + endpoint_pair_t **pair) { - return checklist->pairs->find_first(checklist->pairs, - (linked_list_match_t)match_pair_by_id, - (void**)pair, &id); + return checklist->pairs->find_first(checklist->pairs, match_pair_by_id, + (void**)pair, id); } -static bool match_succeeded_pair(endpoint_pair_t *current) +CALLBACK(match_succeeded_pair, bool, + endpoint_pair_t *current, va_list args) { return current->state == CHECK_SUCCEEDED; } @@ -600,15 +603,14 @@ static bool match_succeeded_pair(endpoint_pair_t *current) /** * Returns the best pair of state CHECK_SUCCEEDED from a checklist. */ -static status_t get_best_valid_pair(check_list_t *checklist, - endpoint_pair_t **pair) +static bool get_best_valid_pair(check_list_t *checklist, endpoint_pair_t **pair) { - return checklist->pairs->find_first(checklist->pairs, - (linked_list_match_t)match_succeeded_pair, - (void**)pair); + return checklist->pairs->find_first(checklist->pairs, match_succeeded_pair, + (void**)pair); } -static bool match_waiting_pair(endpoint_pair_t *current) +CALLBACK(match_waiting_pair, bool, + endpoint_pair_t *current, va_list args) { return current->state == CHECK_WAITING; } @@ -865,7 +867,7 @@ static job_requeue_t initiator_finish(callback_data_t *data) this->mutex->lock(this->mutex); check_list_t *checklist; - if (get_checklist_by_id(this, data->connect_id, &checklist) != SUCCESS) + if (!get_checklist_by_id(this, data->connect_id, &checklist)) { DBG1(DBG_IKE, "checklist with id '%#B' not found, can't finish " "connectivity checks", &data->connect_id); @@ -953,7 +955,7 @@ static job_requeue_t retransmit(callback_data_t *data) this->mutex->lock(this->mutex); check_list_t *checklist; - if (get_checklist_by_id(this, data->connect_id, &checklist) != SUCCESS) + if (!get_checklist_by_id(this, data->connect_id, &checklist)) { DBG1(DBG_IKE, "checklist with id '%#B' not found, can't retransmit " "connectivity check", &data->connect_id); @@ -962,7 +964,7 @@ static job_requeue_t retransmit(callback_data_t *data) } endpoint_pair_t *pair; - if (get_pair_by_id(checklist, data->mid, &pair) != SUCCESS) + if (!get_pair_by_id(checklist, data->mid, &pair)) { DBG1(DBG_IKE, "pair with id '%d' not found, can't retransmit " "connectivity check", data->mid); @@ -1108,7 +1110,7 @@ static job_requeue_t sender(callback_data_t *data) this->mutex->lock(this->mutex); check_list_t *checklist; - if (get_checklist_by_id(this, data->connect_id, &checklist) != SUCCESS) + if (!get_checklist_by_id(this, data->connect_id, &checklist)) { DBG1(DBG_IKE, "checklist with id '%#B' not found, can't send " "connectivity check", &data->connect_id); @@ -1124,9 +1126,8 @@ static job_requeue_t sender(callback_data_t *data) { DBG1(DBG_IKE, "no triggered check queued, sending an ordinary check"); - if (checklist->pairs->find_first(checklist->pairs, - (linked_list_match_t)match_waiting_pair, - (void**)&pair) != SUCCESS) + if (!checklist->pairs->find_first(checklist->pairs, match_waiting_pair, + (void**)&pair)) { this->mutex->unlock(this->mutex); DBG1(DBG_IKE, "no pairs in waiting state, aborting"); @@ -1182,7 +1183,7 @@ static job_requeue_t initiate_mediated(initiate_data_t *data) initiated_t *initiated = data->initiated; endpoint_pair_t *pair; - if (get_best_valid_pair(checklist, &pair) == SUCCESS) + if (get_best_valid_pair(checklist, &pair)) { ike_sa_id_t *waiting_sa; enumerator_t *enumerator = initiated->mediated->create_enumerator( @@ -1219,7 +1220,7 @@ static void finish_checks(private_connect_manager_t *this, check_list_t *checkli { initiated_t *initiated; if (get_initiated_by_ids(this, checklist->initiator.id, - checklist->responder.id, &initiated) == SUCCESS) + checklist->responder.id, &initiated)) { callback_job_t *job; @@ -1247,7 +1248,7 @@ static void process_response(private_connect_manager_t *this, check_t *check, check_list_t *checklist) { endpoint_pair_t *pair; - if (get_pair_by_id(checklist, check->mid, &pair) == SUCCESS) + if (get_pair_by_id(checklist, check->mid, &pair)) { if (pair->local->equals(pair->local, check->dst) && pair->remote->equals(pair->remote, check->src)) @@ -1261,9 +1262,9 @@ static void process_response(private_connect_manager_t *this, check_t *check, checklist->initiator.endpoints : checklist->responder.endpoints; endpoint_notify_t *local_endpoint; - if (endpoints_contain(local_endpoints, - check->endpoint->get_host(check->endpoint), - &local_endpoint) != SUCCESS) + if (!endpoints_contain(local_endpoints, + check->endpoint->get_host(check->endpoint), + &local_endpoint)) { local_endpoint = endpoint_notify_create_from_host(PEER_REFLEXIVE, check->endpoint->get_host(check->endpoint), pair->local); @@ -1302,15 +1303,14 @@ static void process_request(private_connect_manager_t *this, check_t *check, peer_reflexive->set_priority(peer_reflexive, check->endpoint->get_priority(check->endpoint)); - if (endpoints_contain(remote_endpoints, check->src, &remote_endpoint) != SUCCESS) + if (!endpoints_contain(remote_endpoints, check->src, &remote_endpoint)) { remote_endpoint = peer_reflexive->clone(peer_reflexive); remote_endpoints->insert_last(remote_endpoints, remote_endpoint); } endpoint_pair_t *pair; - if (get_pair_by_hosts(checklist->pairs, check->dst, check->src, - &pair) == SUCCESS) + if (get_pair_by_hosts(checklist->pairs, check->dst, check->src, &pair)) { switch(pair->state) { @@ -1389,7 +1389,7 @@ METHOD(connect_manager_t, process_check, void, this->mutex->lock(this->mutex); check_list_t *checklist; - if (get_checklist_by_id(this, check->connect_id, &checklist) != SUCCESS) + if (!get_checklist_by_id(this, check->connect_id, &checklist)) { DBG1(DBG_IKE, "checklist with id '%#B' not found", &check->connect_id); @@ -1423,6 +1423,15 @@ METHOD(connect_manager_t, process_check, void, check_destroy(check); } +CALLBACK(id_matches, bool, + ike_sa_id_t *a, va_list args) +{ + ike_sa_id_t *b; + + VA_ARGS_VGET(args, b); + return a->equals(a, b); +} + METHOD(connect_manager_t, check_and_register, bool, private_connect_manager_t *this, identification_t *id, identification_t *peer_id, ike_sa_id_t *mediated_sa) @@ -1432,7 +1441,7 @@ METHOD(connect_manager_t, check_and_register, bool, this->mutex->lock(this->mutex); - if (get_initiated_by_ids(this, id, peer_id, &initiated) != SUCCESS) + if (!get_initiated_by_ids(this, id, peer_id, &initiated)) { DBG2(DBG_IKE, "registered waiting mediated connection with '%Y'", peer_id); @@ -1441,9 +1450,8 @@ METHOD(connect_manager_t, check_and_register, bool, already_there = FALSE; } - if (initiated->mediated->find_first(initiated->mediated, - (linked_list_match_t)mediated_sa->equals, - NULL, mediated_sa) != SUCCESS) + if (!initiated->mediated->find_first(initiated->mediated, id_matches, + NULL, mediated_sa)) { initiated->mediated->insert_last(initiated->mediated, mediated_sa->clone(mediated_sa)); @@ -1462,7 +1470,7 @@ METHOD(connect_manager_t, check_and_initiate, void, this->mutex->lock(this->mutex); - if (get_initiated_by_ids(this, id, peer_id, &initiated) != SUCCESS) + if (!get_initiated_by_ids(this, id, peer_id, &initiated)) { DBG2(DBG_IKE, "no waiting mediated connections with '%Y'", peer_id); this->mutex->unlock(this->mutex); @@ -1492,7 +1500,7 @@ METHOD(connect_manager_t, set_initiator_data, status_t, this->mutex->lock(this->mutex); - if (get_checklist_by_id(this, connect_id, NULL) == SUCCESS) + if (get_checklist_by_id(this, connect_id, NULL)) { DBG1(DBG_IKE, "checklist with id '%#B' already exists, aborting", &connect_id); @@ -1517,7 +1525,7 @@ METHOD(connect_manager_t, set_responder_data, status_t, this->mutex->lock(this->mutex); - if (get_checklist_by_id(this, connect_id, &checklist) != SUCCESS) + if (!get_checklist_by_id(this, connect_id, &checklist)) { DBG1(DBG_IKE, "checklist with id '%#B' not found", &connect_id); @@ -1547,7 +1555,7 @@ METHOD(connect_manager_t, stop_checks, status_t, this->mutex->lock(this->mutex); - if (get_checklist_by_id(this, connect_id, &checklist) != SUCCESS) + if (!get_checklist_by_id(this, connect_id, &checklist)) { DBG1(DBG_IKE, "checklist with id '%#B' not found", &connect_id); diff --git a/src/libcharon/sa/ikev2/task_manager_v2.c b/src/libcharon/sa/ikev2/task_manager_v2.c index e4a16faf0..c2ddbc588 100644 --- a/src/libcharon/sa/ikev2/task_manager_v2.c +++ b/src/libcharon/sa/ikev2/task_manager_v2.c @@ -160,6 +160,16 @@ struct private_task_manager_t { */ double retransmit_base; + /** + * Jitter to apply to calculated retransmit timeout (in percent) + */ + u_int retransmit_jitter; + + /** + * Limit retransmit timeout to this value + */ + uint32_t retransmit_limit; + /** * Use make-before-break instead of break-before-make reauth? */ @@ -321,7 +331,7 @@ METHOD(task_manager_t, retransmit, status_t, if (message_id == this->initiating.mid && array_count(this->initiating.packets)) { - uint32_t timeout; + uint32_t timeout, max_jitter; job_t *job; enumerator_t *enumerator; packet_t *packet; @@ -351,6 +361,16 @@ METHOD(task_manager_t, retransmit, status_t, { timeout = (uint32_t)(this->retransmit_timeout * 1000.0 * pow(this->retransmit_base, this->initiating.retransmitted)); + + if (this->retransmit_limit) + { + timeout = min(timeout, this->retransmit_limit); + } + if (this->retransmit_jitter) + { + max_jitter = (timeout / 100.0) * this->retransmit_jitter; + timeout -= max_jitter * (random() / (RAND_MAX + 1.0)); + } } else { @@ -2059,13 +2079,20 @@ METHOD(task_manager_t, reset, void, this->reset = TRUE; } -/** - * Filter queued tasks - */ -static bool filter_queued(void *unused, queued_task_t **queued, task_t **task) +CALLBACK(filter_queued, bool, + void *unused, enumerator_t *orig, va_list args) { - *task = (*queued)->task; - return TRUE; + queued_task_t *queued; + task_t **task; + + VA_ARGS_VGET(args, task); + + if (orig->enumerate(orig, &queued)) + { + *task = queued->task; + return TRUE; + } + return FALSE; } METHOD(task_manager_t, create_task_enumerator, enumerator_t*, @@ -2080,7 +2107,7 @@ METHOD(task_manager_t, create_task_enumerator, enumerator_t*, case TASK_QUEUE_QUEUED: return enumerator_create_filter( array_create_enumerator(this->queued_tasks), - (void*)filter_queued, NULL, NULL); + filter_queued, NULL, NULL); default: return enumerator_create_empty(); } @@ -2151,6 +2178,10 @@ task_manager_v2_t *task_manager_v2_create(ike_sa_t *ike_sa) "%s.retransmit_timeout", RETRANSMIT_TIMEOUT, lib->ns), .retransmit_base = lib->settings->get_double(lib->settings, "%s.retransmit_base", RETRANSMIT_BASE, lib->ns), + .retransmit_jitter = min(lib->settings->get_int(lib->settings, + "%s.retransmit_jitter", 0, lib->ns), RETRANSMIT_JITTER_MAX), + .retransmit_limit = lib->settings->get_int(lib->settings, + "%s.retransmit_limit", 0, lib->ns) * 1000, .make_before_break = lib->settings->get_bool(lib->settings, "%s.make_before_break", FALSE, lib->ns), ); diff --git a/src/libcharon/sa/ikev2/tasks/child_create.c b/src/libcharon/sa/ikev2/tasks/child_create.c index 71cb6b8ea..896cabb2b 100644 --- a/src/libcharon/sa/ikev2/tasks/child_create.c +++ b/src/libcharon/sa/ikev2/tasks/child_create.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2008-2016 Tobias Brunner + * Copyright (C) 2008-2017 Tobias Brunner * Copyright (C) 2005-2008 Martin Willi * Copyright (C) 2005 Jan Hutter * HSR Hochschule fuer Technik Rapperswil @@ -602,7 +602,7 @@ static status_t select_and_install(private_child_create_t *this, switch (this->mode) { case MODE_TRANSPORT: - if (!this->config->use_proxy_mode(this->config) && + if (!this->config->has_option(this->config, OPT_PROXY_MODE) && (!ts_list_is_host(this->tsi, other) || !ts_list_is_host(this->tsr, me)) ) @@ -630,6 +630,32 @@ static status_t select_and_install(private_child_create_t *this, default: break; } + /* use a copy of the traffic selectors, as the POST hook should not + * change payloads */ + my_ts = this->tsr->clone_offset(this->tsr, + offsetof(traffic_selector_t, clone)); + other_ts = this->tsi->clone_offset(this->tsi, + offsetof(traffic_selector_t, clone)); + charon->bus->narrow(charon->bus, this->child_sa, + NARROW_RESPONDER_POST, my_ts, other_ts); + + if (my_ts->get_count(my_ts) == 0 || other_ts->get_count(other_ts) == 0) + { + my_ts->destroy_offset(my_ts, + offsetof(traffic_selector_t, destroy)); + other_ts->destroy_offset(other_ts, + offsetof(traffic_selector_t, destroy)); + return NOT_FOUND; + } + } + + this->child_sa->set_policies(this->child_sa, my_ts, other_ts); + if (!this->initiator) + { + my_ts->destroy_offset(my_ts, + offsetof(traffic_selector_t, destroy)); + other_ts->destroy_offset(other_ts, + offsetof(traffic_selector_t, destroy)); } this->child_sa->set_state(this->child_sa, CHILD_INSTALLING); @@ -651,19 +677,30 @@ static status_t select_and_install(private_child_create_t *this, { status_i = this->child_sa->install(this->child_sa, encr_r, integ_r, this->my_spi, this->my_cpi, this->initiator, - TRUE, this->tfcv3, my_ts, other_ts); + TRUE, this->tfcv3); status_o = this->child_sa->install(this->child_sa, encr_i, integ_i, this->other_spi, this->other_cpi, this->initiator, - FALSE, this->tfcv3, my_ts, other_ts); + FALSE, this->tfcv3); } - else + else if (!this->rekey) { status_i = this->child_sa->install(this->child_sa, encr_i, integ_i, this->my_spi, this->my_cpi, this->initiator, - TRUE, this->tfcv3, my_ts, other_ts); + TRUE, this->tfcv3); status_o = this->child_sa->install(this->child_sa, encr_r, integ_r, this->other_spi, this->other_cpi, this->initiator, - FALSE, this->tfcv3, my_ts, other_ts); + FALSE, this->tfcv3); + } + else + { /* as responder during a rekeying we only install the inbound + * SA now, the outbound SA and policies are installed when we + * receive the delete for the old SA */ + status_i = this->child_sa->install(this->child_sa, encr_i, integ_i, + this->my_spi, this->my_cpi, this->initiator, + TRUE, this->tfcv3); + this->child_sa->register_outbound(this->child_sa, encr_r, integ_r, + this->other_spi, this->other_cpi, this->tfcv3); + status_o = SUCCESS; } } @@ -679,36 +716,8 @@ static status_t select_and_install(private_child_create_t *this, } else { - if (this->initiator) - { - status = this->child_sa->add_policies(this->child_sa, - my_ts, other_ts); - } - else - { - /* use a copy of the traffic selectors, as the POST hook should not - * change payloads */ - my_ts = this->tsr->clone_offset(this->tsr, - offsetof(traffic_selector_t, clone)); - other_ts = this->tsi->clone_offset(this->tsi, - offsetof(traffic_selector_t, clone)); - charon->bus->narrow(charon->bus, this->child_sa, - NARROW_RESPONDER_POST, my_ts, other_ts); - if (my_ts->get_count(my_ts) == 0 || - other_ts->get_count(other_ts) == 0) - { - status = FAILED; - } - else - { - status = this->child_sa->add_policies(this->child_sa, - my_ts, other_ts); - } - my_ts->destroy_offset(my_ts, - offsetof(traffic_selector_t, destroy)); - other_ts->destroy_offset(other_ts, - offsetof(traffic_selector_t, destroy)); - } + status = this->child_sa->install_policies(this->child_sa); + if (status != SUCCESS) { DBG1(DBG_IKE, "unable to install IPsec policies (SPD) in kernel"); @@ -736,7 +745,6 @@ static status_t select_and_install(private_child_create_t *this, charon->bus->child_keys(charon->bus, this->child_sa, this->initiator, this->dh, nonce_i, nonce_r); - /* add to IKE_SA, and remove from task */ this->child_sa->set_state(this->child_sa, CHILD_INSTALLED); this->ike_sa->add_child_sa(this->ike_sa, this->child_sa); this->established = TRUE; @@ -748,16 +756,17 @@ static status_t select_and_install(private_child_create_t *this, other_ts = linked_list_create_from_enumerator( this->child_sa->create_ts_enumerator(this->child_sa, FALSE)); - DBG0(DBG_IKE, "CHILD_SA %s{%d} established " + DBG0(DBG_IKE, "%sCHILD_SA %s{%d} established " "with SPIs %.8x_i %.8x_o and TS %#R === %#R", + this->rekey && !this->initiator ? "inbound " : "", this->child_sa->get_name(this->child_sa), this->child_sa->get_unique_id(this->child_sa), ntohl(this->child_sa->get_spi(this->child_sa, TRUE)), - ntohl(this->child_sa->get_spi(this->child_sa, FALSE)), my_ts, other_ts); + ntohl(this->child_sa->get_spi(this->child_sa, FALSE)), + my_ts, other_ts); my_ts->destroy(my_ts); other_ts->destroy(other_ts); - return SUCCESS; } @@ -1073,7 +1082,7 @@ METHOD(task_t, build_i, status_t, this->dh_group); } - if (this->config->use_ipcomp(this->config)) + if (this->config->has_option(this->config, OPT_IPCOMP)) { /* IPCOMP_DEFLATE is the only transform we support at the moment */ add_ipcomp_notify(this, message, IPCOMP_DEFLATE); @@ -1327,7 +1336,7 @@ METHOD(task_t, build_r, status_t, if (this->ipcomp_received != IPCOMP_NONE) { - if (this->config->use_ipcomp(this->config)) + if (this->config->has_option(this->config, OPT_IPCOMP)) { add_ipcomp_notify(this, message, this->ipcomp_received); } @@ -1690,7 +1699,6 @@ METHOD(task_t, destroy, void, { this->proposals->destroy_offset(this->proposals, offsetof(proposal_t, destroy)); } - DESTROY_IF(this->config); DESTROY_IF(this->nonceg); free(this); diff --git a/src/libcharon/sa/ikev2/tasks/child_delete.c b/src/libcharon/sa/ikev2/tasks/child_delete.c index 6fa8836ac..626796383 100644 --- a/src/libcharon/sa/ikev2/tasks/child_delete.c +++ b/src/libcharon/sa/ikev2/tasks/child_delete.c @@ -18,9 +18,14 @@ #include #include +#include #include #include +#ifndef DELETE_REKEYED_DELAY +#define DELETE_REKEYED_DELAY 5 +#endif + typedef struct private_child_delete_t private_child_delete_t; /** @@ -39,41 +44,52 @@ struct private_child_delete_t { ike_sa_t *ike_sa; /** - * Are we the initiator? + * Whether we are the initiator of the exchange */ bool initiator; /** - * Protocol of CHILD_SA to delete + * Protocol of CHILD_SA to delete (as initiator) */ protocol_id_t protocol; /** - * Inbound SPI of CHILD_SA to delete + * Inbound SPI of CHILD_SA to delete (as initiator) */ uint32_t spi; /** - * whether to enforce delete action policy - */ - bool check_delete_action; - - /** - * is this delete exchange following a rekey? - */ - bool rekeyed; - - /** - * CHILD_SA already expired? + * CHILD_SA already expired (as initiator) */ bool expired; /** - * CHILD_SAs which get deleted + * CHILD_SAs which get deleted, entry_t* */ linked_list_t *child_sas; }; +/** + * Information about a deleted CHILD_SA + */ +typedef struct { + /** Deleted CHILD_SA */ + child_sa_t *child_sa; + /** Whether the CHILD_SA was rekeyed */ + bool rekeyed; + /** Whether to enforce any delete action policy */ + bool check_delete_action; +} entry_t; + +CALLBACK(match_child, bool, + entry_t *entry, va_list args) +{ + child_sa_t *child_sa; + + VA_ARGS_VGET(args, child_sa); + return entry->child_sa == child_sa; +} + /** * build the delete payloads from the listed child_sas */ @@ -81,25 +97,27 @@ static void build_payloads(private_child_delete_t *this, message_t *message) { delete_payload_t *ah = NULL, *esp = NULL; enumerator_t *enumerator; - child_sa_t *child_sa; + entry_t *entry; + protocol_id_t protocol; + uint32_t spi; enumerator = this->child_sas->create_enumerator(this->child_sas); - while (enumerator->enumerate(enumerator, (void**)&child_sa)) + while (enumerator->enumerate(enumerator, (void**)&entry)) { - protocol_id_t protocol = child_sa->get_protocol(child_sa); - uint32_t spi = child_sa->get_spi(child_sa, TRUE); + protocol = entry->child_sa->get_protocol(entry->child_sa); + spi = entry->child_sa->get_spi(entry->child_sa, TRUE); switch (protocol) { case PROTO_ESP: - if (esp == NULL) + if (!esp) { esp = delete_payload_create(PLV2_DELETE, PROTO_ESP); message->add_payload(message, (payload_t*)esp); } esp->add_spi(esp, spi); DBG1(DBG_IKE, "sending DELETE for %N CHILD_SA with SPI %.8x", - protocol_id_names, protocol, ntohl(spi)); + protocol_id_names, protocol, ntohl(spi)); break; case PROTO_AH: if (ah == NULL) @@ -109,12 +127,12 @@ static void build_payloads(private_child_delete_t *this, message_t *message) } ah->add_spi(ah, spi); DBG1(DBG_IKE, "sending DELETE for %N CHILD_SA with SPI %.8x", - protocol_id_names, protocol, ntohl(spi)); + protocol_id_names, protocol, ntohl(spi)); break; default: break; } - child_sa->set_state(child_sa, CHILD_DELETING); + entry->child_sa->set_state(entry->child_sa, CHILD_DELETING); } enumerator->destroy(enumerator); } @@ -146,6 +164,57 @@ static bool is_redundant(private_child_delete_t *this, child_sa_t *child) return FALSE; } +/** + * Install the outbound CHILD_SA with the given SPI + */ +static void install_outbound(private_child_delete_t *this, + protocol_id_t protocol, uint32_t spi) +{ + child_sa_t *child_sa; + linked_list_t *my_ts, *other_ts; + status_t status; + + child_sa = this->ike_sa->get_child_sa(this->ike_sa, protocol, + spi, FALSE); + if (!child_sa) + { + DBG1(DBG_IKE, "CHILD_SA not found after rekeying"); + return; + } + if (this->initiator && is_redundant(this, child_sa)) + { /* if we won the rekey collision we don't want to install the + * redundant SA created by the peer */ + return; + } + + status = child_sa->install_outbound(child_sa); + if (status != SUCCESS) + { + DBG1(DBG_IKE, "unable to install outbound IPsec SA (SAD) in kernel"); + charon->bus->alert(charon->bus, ALERT_INSTALL_CHILD_SA_FAILED, + child_sa); + /* FIXME: delete the new child_sa? */ + return; + } + child_sa->set_state(child_sa, CHILD_INSTALLED); + + my_ts = linked_list_create_from_enumerator( + child_sa->create_ts_enumerator(child_sa, TRUE)); + other_ts = linked_list_create_from_enumerator( + child_sa->create_ts_enumerator(child_sa, FALSE)); + + DBG0(DBG_IKE, "outbound CHILD_SA %s{%d} established " + "with SPIs %.8x_i %.8x_o and TS %#R === %#R", + child_sa->get_name(child_sa), + child_sa->get_unique_id(child_sa), + ntohl(child_sa->get_spi(child_sa, TRUE)), + ntohl(child_sa->get_spi(child_sa, FALSE)), + my_ts, other_ts); + + my_ts->destroy(my_ts); + other_ts->destroy(other_ts); +} + /** * read in payloads and find the children to delete */ @@ -157,6 +226,7 @@ static void process_payloads(private_child_delete_t *this, message_t *message) uint32_t spi; protocol_id_t protocol; child_sa_t *child_sa; + entry_t *entry; payloads = message->create_payload_enumerator(message); while (payloads->enumerate(payloads, &payload)) @@ -174,27 +244,37 @@ static void process_payloads(private_child_delete_t *this, message_t *message) { child_sa = this->ike_sa->get_child_sa(this->ike_sa, protocol, spi, FALSE); - if (child_sa == NULL) + if (!child_sa) { - DBG1(DBG_IKE, "received DELETE for %N CHILD_SA with SPI %.8x, " - "but no such SA", protocol_id_names, protocol, ntohl(spi)); + DBG1(DBG_IKE, "received DELETE for unknown %N CHILD_SA with" + " SPI %.8x", protocol_id_names, protocol, ntohl(spi)); continue; } DBG1(DBG_IKE, "received DELETE for %N CHILD_SA with SPI %.8x", protocol_id_names, protocol, ntohl(spi)); + if (this->child_sas->find_first(this->child_sas, match_child, + NULL, child_sa)) + { + continue; + } + INIT(entry, + .child_sa = child_sa + ); switch (child_sa->get_state(child_sa)) { case CHILD_REKEYED: - this->rekeyed = TRUE; + entry->rekeyed = TRUE; break; case CHILD_DELETING: - /* we don't send back a delete if we initiated ourself */ + /* we don't send back a delete if we already initiated + * a delete ourself */ if (!this->initiator) { + free(entry); continue; } - /* fall through */ + break; case CHILD_REKEYING: /* we reply as usual, rekeying will fail */ case CHILD_INSTALLED: @@ -202,22 +282,18 @@ static void process_payloads(private_child_delete_t *this, message_t *message) { if (is_redundant(this, child_sa)) { - this->rekeyed = TRUE; + entry->rekeyed = TRUE; } else { - this->check_delete_action = TRUE; + entry->check_delete_action = TRUE; } } break; default: break; } - if (this->child_sas->find_first(this->child_sas, NULL, - (void**)&child_sa) != SUCCESS) - { - this->child_sas->insert_last(this->child_sas, child_sa); - } + this->child_sas->insert_last(this->child_sas, entry); } spis->destroy(spis); } @@ -231,29 +307,64 @@ static void process_payloads(private_child_delete_t *this, message_t *message) static status_t destroy_and_reestablish(private_child_delete_t *this) { enumerator_t *enumerator; + entry_t *entry; child_sa_t *child_sa; child_cfg_t *child_cfg; protocol_id_t protocol; - uint32_t spi, reqid; + uint32_t spi, reqid, rekey_spi; action_t action; status_t status = SUCCESS; + time_t now, expire; + u_int delay; + + now = time_monotonic(NULL); + delay = lib->settings->get_int(lib->settings, "%s.delete_rekeyed_delay", + DELETE_REKEYED_DELAY, lib->ns); enumerator = this->child_sas->create_enumerator(this->child_sas); - while (enumerator->enumerate(enumerator, (void**)&child_sa)) + while (enumerator->enumerate(enumerator, (void**)&entry)) { + child_sa = entry->child_sa; /* signal child down event if we weren't rekeying */ - if (!this->rekeyed) + protocol = child_sa->get_protocol(child_sa); + if (!entry->rekeyed) { charon->bus->child_updown(charon->bus, child_sa, FALSE); } + else + { + rekey_spi = child_sa->get_rekey_spi(child_sa); + if (rekey_spi) + { + install_outbound(this, protocol, rekey_spi); + } + /* for rekeyed CHILD_SAs we uninstall the outbound SA but don't + * immediately destroy it, by default, so we can process delayed + * packets */ + child_sa->remove_outbound(child_sa); + expire = child_sa->get_lifetime(child_sa, TRUE); + if (delay && (!expire || ((now + delay) < expire))) + { + lib->scheduler->schedule_job(lib->scheduler, + (job_t*)delete_child_sa_job_create_id( + child_sa->get_unique_id(child_sa)), delay); + continue; + } + else if (expire) + { /* let it expire naturally */ + continue; + } + /* no delay and no lifetime, destroy it immediately */ + } spi = child_sa->get_spi(child_sa, TRUE); reqid = child_sa->get_reqid(child_sa); - protocol = child_sa->get_protocol(child_sa); child_cfg = child_sa->get_config(child_sa); child_cfg->get_ref(child_cfg); action = child_sa->get_close_action(child_sa); + this->ike_sa->destroy_child_sa(this->ike_sa, protocol, spi); - if (this->check_delete_action) + + if (entry->check_delete_action) { /* enforce child_cfg policy if deleted passively */ switch (action) { @@ -288,12 +399,14 @@ static void log_children(private_child_delete_t *this) { linked_list_t *my_ts, *other_ts; enumerator_t *enumerator; + entry_t *entry; child_sa_t *child_sa; uint64_t bytes_in, bytes_out; enumerator = this->child_sas->create_enumerator(this->child_sas); - while (enumerator->enumerate(enumerator, (void**)&child_sa)) + while (enumerator->enumerate(enumerator, (void**)&entry)) { + child_sa = entry->child_sa; my_ts = linked_list_create_from_enumerator( child_sa->create_ts_enumerator(child_sa, TRUE)); other_ts = linked_list_create_from_enumerator( @@ -328,6 +441,7 @@ METHOD(task_t, build_i, status_t, private_child_delete_t *this, message_t *message) { child_sa_t *child_sa; + entry_t *entry; child_sa = this->ike_sa->get_child_sa(this->ike_sa, this->protocol, this->spi, TRUE); @@ -342,15 +456,24 @@ METHOD(task_t, build_i, status_t, /* we work only with the inbound SPI */ this->spi = child_sa->get_spi(child_sa, TRUE); } - this->child_sas->insert_last(this->child_sas, child_sa); - if (child_sa->get_state(child_sa) == CHILD_REKEYED) - { - this->rekeyed = TRUE; + + if (child_sa->get_state(child_sa) == CHILD_DELETING) + { /* DELETEs for this CHILD_SA were already exchanged, but it was not yet + * destroyed to allow delayed packets to get processed */ + this->ike_sa->destroy_child_sa(this->ike_sa, this->protocol, this->spi); + message->set_exchange_type(message, EXCHANGE_TYPE_UNDEFINED); + return SUCCESS; } + + INIT(entry, + .child_sa = child_sa, + .rekeyed = child_sa->get_state(child_sa) == CHILD_REKEYED, + ); + this->child_sas->insert_last(this->child_sas, entry); log_children(this); build_payloads(this, message); - if (!this->rekeyed && this->expired) + if (!entry->rekeyed && this->expired) { child_cfg_t *child_cfg; @@ -397,24 +520,28 @@ METHOD(child_delete_t , get_child, child_sa_t*, private_child_delete_t *this) { child_sa_t *child_sa = NULL; - this->child_sas->get_first(this->child_sas, (void**)&child_sa); + entry_t *entry; + + if (this->child_sas->get_first(this->child_sas, (void**)&entry) == SUCCESS) + { + child_sa = entry->child_sa; + } return child_sa; } METHOD(task_t, migrate, void, private_child_delete_t *this, ike_sa_t *ike_sa) { - this->check_delete_action = FALSE; this->ike_sa = ike_sa; - this->child_sas->destroy(this->child_sas); + this->child_sas->destroy_function(this->child_sas, free); this->child_sas = linked_list_create(); } METHOD(task_t, destroy, void, private_child_delete_t *this) { - this->child_sas->destroy(this->child_sas); + this->child_sas->destroy_function(this->child_sas, free); free(this); } diff --git a/src/libcharon/sa/ikev2/tasks/child_rekey.c b/src/libcharon/sa/ikev2/tasks/child_rekey.c index c04ec141f..761c860e7 100644 --- a/src/libcharon/sa/ikev2/tasks/child_rekey.c +++ b/src/libcharon/sa/ikev2/tasks/child_rekey.c @@ -132,6 +132,7 @@ static void find_child(private_child_rekey_t *this, message_t *message) notify_payload_t *notify; protocol_id_t protocol; uint32_t spi; + child_sa_t *child_sa; notify = message->get_notify(message, REKEY_SA); if (notify) @@ -141,8 +142,15 @@ static void find_child(private_child_rekey_t *this, message_t *message) if (protocol == PROTO_ESP || protocol == PROTO_AH) { - this->child_sa = this->ike_sa->get_child_sa(this->ike_sa, protocol, - spi, FALSE); + child_sa = this->ike_sa->get_child_sa(this->ike_sa, protocol, + spi, FALSE); + if (child_sa && + child_sa->get_state(child_sa) == CHILD_DELETING && + child_sa->get_outbound_state(child_sa) == CHILD_OUTBOUND_NONE) + { /* ignore rekeyed CHILD_SAs we keep around */ + return; + } + this->child_sa = child_sa; } } } @@ -227,6 +235,7 @@ METHOD(task_t, build_r, status_t, child_cfg_t *config; uint32_t reqid; child_sa_state_t state; + child_sa_t *child_sa; if (!this->child_sa) { @@ -260,7 +269,10 @@ METHOD(task_t, build_r, status_t, return SUCCESS; } + child_sa = this->child_create->get_child(this->child_create); this->child_sa->set_state(this->child_sa, CHILD_REKEYED); + this->child_sa->set_rekey_spi(this->child_sa, + child_sa->get_spi(child_sa, FALSE)); /* invoke rekey hook */ charon->bus->child_rekey(charon->bus, this->child_sa, diff --git a/src/libcharon/sa/shunt_manager.c b/src/libcharon/sa/shunt_manager.c index b0162751d..ad12f0579 100644 --- a/src/libcharon/sa/shunt_manager.c +++ b/src/libcharon/sa/shunt_manager.c @@ -381,14 +381,24 @@ METHOD(shunt_manager_t, uninstall, bool, } CALLBACK(filter_entries, bool, - void *unused, entry_t **entry, char **ns, void **in, child_cfg_t **cfg) + void *unused, enumerator_t *orig, va_list args) { - if (ns) + entry_t *entry; + child_cfg_t **cfg; + char **ns; + + VA_ARGS_VGET(args, ns, cfg); + + if (orig->enumerate(orig, &entry)) { - *ns = (*entry)->ns; + if (ns) + { + *ns = entry->ns; + } + *cfg = entry->cfg; + return TRUE; } - *cfg = (*entry)->cfg; - return TRUE; + return FALSE; } METHOD(shunt_manager_t, create_enumerator, enumerator_t*, @@ -397,7 +407,7 @@ METHOD(shunt_manager_t, create_enumerator, enumerator_t*, this->lock->read_lock(this->lock); return enumerator_create_filter( this->shunts->create_enumerator(this->shunts), - (void*)filter_entries, this->lock, + filter_entries, this->lock, (void*)this->lock->unlock); } diff --git a/src/libcharon/sa/task_manager.c b/src/libcharon/sa/task_manager.c index c42008ba9..bd1191406 100644 --- a/src/libcharon/sa/task_manager.c +++ b/src/libcharon/sa/task_manager.c @@ -15,10 +15,40 @@ #include "task_manager.h" +#include #include #include -/** +/* + * See header + */ +u_int task_manager_total_retransmit_timeout() +{ + double timeout, base, limit = 0, total = 0; + int tries, i; + + tries = lib->settings->get_int(lib->settings, "%s.retransmit_tries", + RETRANSMIT_TRIES, lib->ns); + base = lib->settings->get_double(lib->settings, "%s.retransmit_base", + RETRANSMIT_BASE, lib->ns); + timeout = lib->settings->get_double(lib->settings, "%s.retransmit_timeout", + RETRANSMIT_TIMEOUT, lib->ns); + limit = lib->settings->get_double(lib->settings, "%s.retransmit_limit", + 0, lib->ns); + + for (i = 0; i <= tries; i++) + { + double interval = timeout * pow(base, i); + if (limit) + { + interval = min(interval, limit); + } + total += interval; + } + return (u_int)total; +} + +/* * See header */ task_manager_t *task_manager_create(ike_sa_t *ike_sa) diff --git a/src/libcharon/sa/task_manager.h b/src/libcharon/sa/task_manager.h index 7e9262291..e3fddf39b 100644 --- a/src/libcharon/sa/task_manager.h +++ b/src/libcharon/sa/task_manager.h @@ -47,6 +47,11 @@ typedef enum task_queue_t task_queue_t; */ #define RETRANSMIT_TRIES 5 +/** + * Maximum jitter in percent. + */ +#define RETRANSMIT_JITTER_MAX 20 + /** * Interval for mobike routability checks in ms. */ @@ -297,6 +302,17 @@ struct task_manager_t { void (*destroy) (task_manager_t *this); }; +/** + * Calculate total timeout of the retransmission mechanism. + * + * This is affected by modifications of retransmit_base, retransmit_timeout, + * retransmit_limit or retransmit_tries. The resulting value can then be used + * e.g. in kernel plugins to set the system's acquire timeout properly. + * + * @return calculated total retransmission timeout in seconds + */ +u_int task_manager_total_retransmit_timeout(); + /** * Create a task manager instance for the correct IKE version. * diff --git a/src/libcharon/sa/trap_manager.c b/src/libcharon/sa/trap_manager.c index 40a0682f2..f9fee5e7e 100644 --- a/src/libcharon/sa/trap_manager.c +++ b/src/libcharon/sa/trap_manager.c @@ -140,19 +140,21 @@ static void destroy_acquire(acquire_t *this) free(this); } -/** - * match an acquire entry by reqid - */ -static bool acquire_by_reqid(acquire_t *this, uint32_t *reqid) +CALLBACK(acquire_by_reqid, bool, + acquire_t *this, va_list args) { - return this->reqid == *reqid; + uint32_t reqid; + + VA_ARGS_VGET(args, reqid); + return this->reqid == reqid; } -/** - * match an acquire entry by destination address - */ -static bool acquire_by_dst(acquire_t *this, host_t *dst) +CALLBACK(acquire_by_dst, bool, + acquire_t *this, va_list args) { + host_t *dst; + + VA_ARGS_VGET(args, dst); return this->dst && this->dst->ip_equals(this->dst, dst); } @@ -272,7 +274,8 @@ METHOD(trap_manager_t, install, uint32_t, proposals->destroy_offset(proposals, offsetof(proposal_t, destroy)); child_sa->set_protocol(child_sa, proto); child_sa->set_mode(child_sa, child->get_mode(child)); - status = child_sa->add_policies(child_sa, my_ts, other_ts); + child_sa->set_policies(child_sa, my_ts, other_ts); + status = child_sa->install_policies(child_sa); my_ts->destroy_offset(my_ts, offsetof(traffic_selector_t, destroy)); other_ts->destroy_offset(other_ts, offsetof(traffic_selector_t, destroy)); if (status != SUCCESS) @@ -334,25 +337,32 @@ METHOD(trap_manager_t, uninstall, bool, return TRUE; } -/** - * convert enumerated entries to peer_cfg, child_sa - */ -static bool trap_filter(rwlock_t *lock, entry_t **entry, peer_cfg_t **peer_cfg, - void *none, child_sa_t **child_sa) +CALLBACK(trap_filter, bool, + rwlock_t *lock, enumerator_t *orig, va_list args) { - if (!(*entry)->child_sa) - { /* skip entries that are currently being installed */ - return FALSE; - } - if (peer_cfg) - { - *peer_cfg = (*entry)->peer_cfg; - } - if (child_sa) + entry_t *entry; + peer_cfg_t **peer_cfg; + child_sa_t **child_sa; + + VA_ARGS_VGET(args, peer_cfg, child_sa); + + while (orig->enumerate(orig, &entry)) { - *child_sa = (*entry)->child_sa; + if (!entry->child_sa) + { /* skip entries that are currently being installed */ + continue; + } + if (peer_cfg) + { + *peer_cfg = entry->peer_cfg; + } + if (child_sa) + { + *child_sa = entry->child_sa; + } + return TRUE; } - return TRUE; + return FALSE; } METHOD(trap_manager_t, create_enumerator, enumerator_t*, @@ -360,7 +370,7 @@ METHOD(trap_manager_t, create_enumerator, enumerator_t*, { this->lock->read_lock(this->lock); return enumerator_create_filter(this->traps->create_enumerator(this->traps), - (void*)trap_filter, this->lock, + trap_filter, this->lock, (void*)this->lock->unlock); } @@ -431,8 +441,8 @@ METHOD(trap_manager_t, acquire, void, uint8_t mask; dst->to_subnet(dst, &host, &mask); - if (this->acquires->find_first(this->acquires, (void*)acquire_by_dst, - (void**)&acquire, host) == SUCCESS) + if (this->acquires->find_first(this->acquires, acquire_by_dst, + (void**)&acquire, host)) { host->destroy(host); ignore = TRUE; @@ -448,8 +458,8 @@ METHOD(trap_manager_t, acquire, void, } else { - if (this->acquires->find_first(this->acquires, (void*)acquire_by_reqid, - (void**)&acquire, &reqid) == SUCCESS) + if (this->acquires->find_first(this->acquires, acquire_by_reqid, + (void**)&acquire, reqid)) { ignore = TRUE; } diff --git a/src/libcharon/tests/Makefile.in b/src/libcharon/tests/Makefile.in index e922a7171..3070f429b 100644 --- a/src/libcharon/tests/Makefile.in +++ b/src/libcharon/tests/Makefile.in @@ -380,6 +380,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -402,6 +403,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ diff --git a/src/libcharon/tests/suites/test_child_rekey.c b/src/libcharon/tests/suites/test_child_rekey.c index fcac49388..76b23f589 100644 --- a/src/libcharon/tests/suites/test_child_rekey.c +++ b/src/libcharon/tests/suites/test_child_rekey.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2016 Tobias Brunner + * Copyright (C) 2016-2017 Tobias Brunner * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -28,7 +28,23 @@ assert_hook_not_called(child_updown); \ assert_hook_not_called(child_rekey); \ call_ikesa(sa, rekey_child_sa, PROTO_ESP, spi); \ - assert_child_sa_state(sa, spi, CHILD_REKEYING); \ + assert_child_sa_state(sa, spi, CHILD_REKEYING, CHILD_OUTBOUND_INSTALLED); \ + assert_hook(); \ + assert_hook(); \ +}) + +/** + * Destroy a rekeyed CHILD_SA that was kept around to accept inbound traffic. + * Simulates the job that's scheduled to do this. + */ +#define destroy_rekeyed(sa, spi) ({ \ + assert_hook_not_called(child_updown); \ + assert_hook_not_called(child_rekey); \ + assert_no_jobs_scheduled(); \ + assert_child_sa_state(sa, spi, CHILD_DELETING, CHILD_OUTBOUND_NONE); \ + call_ikesa(sa, delete_child_sa, PROTO_ESP, spi, FALSE); \ + assert_child_sa_not_exists(sa, spi); \ + assert_scheduler(); \ assert_hook(); \ assert_hook(); \ }) @@ -53,6 +69,7 @@ START_TEST(test_regular) &a, &b, NULL); } initiate_rekey(a, spi_a); + assert_ipsec_sas_installed(a, spi_a, spi_b); /* this should never get called as this results in a successful rekeying */ assert_hook_not_called(child_updown); @@ -61,33 +78,51 @@ START_TEST(test_regular) assert_hook_called(child_rekey); assert_notify(IN, REKEY_SA); exchange_test_helper->process_message(exchange_test_helper, b, NULL); - assert_child_sa_state(b, spi_b, CHILD_REKEYED); - assert_child_sa_state(b, 4, CHILD_INSTALLED); + assert_child_sa_state(b, spi_b, CHILD_REKEYED, CHILD_OUTBOUND_INSTALLED); + assert_child_sa_state(b, 4, CHILD_INSTALLED, CHILD_OUTBOUND_REGISTERED); + assert_ipsec_sas_installed(b, spi_a, spi_b, 4); assert_hook(); /* <-- CREATE_CHILD_SA { SA, Nr, [KEr,] TSi, TSr } */ assert_hook_called(child_rekey); assert_no_notify(IN, REKEY_SA); exchange_test_helper->process_message(exchange_test_helper, a, NULL); - assert_child_sa_state(a, spi_a, CHILD_DELETING); - assert_child_sa_state(a, 3, CHILD_INSTALLED); + assert_child_sa_state(a, spi_a, CHILD_DELETING, CHILD_OUTBOUND_INSTALLED); + assert_child_sa_state(a, 3, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED); + assert_ipsec_sas_installed(a, spi_a, spi_b, 3, 4); assert_hook(); /* INFORMATIONAL { D } --> */ assert_hook_not_called(child_rekey); + assert_jobs_scheduled(1); assert_single_payload(IN, PLV2_DELETE); exchange_test_helper->process_message(exchange_test_helper, b, NULL); - assert_child_sa_state(b, 4, CHILD_INSTALLED); - assert_child_sa_count(b, 1); + assert_child_sa_state(b, spi_b, CHILD_DELETING, CHILD_OUTBOUND_NONE); + assert_child_sa_state(b, 4, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED); + assert_child_sa_count(b, 2); + assert_ipsec_sas_installed(b, spi_b, 3, 4); + assert_scheduler(); assert_hook(); /* <-- INFORMATIONAL { D } */ assert_hook_not_called(child_rekey); + assert_jobs_scheduled(1); assert_single_payload(IN, PLV2_DELETE); exchange_test_helper->process_message(exchange_test_helper, a, NULL); - assert_child_sa_state(a, 3, CHILD_INSTALLED); - assert_child_sa_count(a, 1); + assert_child_sa_state(a, spi_a, CHILD_DELETING, CHILD_OUTBOUND_NONE); + assert_child_sa_state(a, 3, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED); + assert_child_sa_count(a, 2); + assert_ipsec_sas_installed(a, spi_a, 3, 4); + assert_scheduler(); assert_hook(); + /* simulate the execution of the scheduled jobs */ + destroy_rekeyed(a, spi_a); + assert_child_sa_count(a, 1); + assert_ipsec_sas_installed(a, 3, 4); + destroy_rekeyed(b, spi_b); + assert_child_sa_count(b, 1); + assert_ipsec_sas_installed(a, 3, 4); + /* child_updown */ assert_hook(); @@ -125,6 +160,7 @@ START_TEST(test_regular_ke_invalid) &a, &b, &conf); } initiate_rekey(a, spi_a); + assert_ipsec_sas_installed(a, spi_a, spi_b); /* this should never get called as this results in a successful rekeying */ assert_hook_not_called(child_updown); @@ -135,6 +171,7 @@ START_TEST(test_regular_ke_invalid) exchange_test_helper->process_message(exchange_test_helper, b, NULL); assert_child_sa_state(b, spi_b, CHILD_INSTALLED); assert_child_sa_count(b, 1); + assert_ipsec_sas_installed(b, spi_a, spi_b); assert_hook(); /* <-- CREATE_CHILD_SA { N(INVAL_KE) } */ @@ -143,6 +180,7 @@ START_TEST(test_regular_ke_invalid) exchange_test_helper->process_message(exchange_test_helper, a, NULL); assert_child_sa_state(a, spi_a, CHILD_REKEYING); assert_child_sa_count(a, 1); + assert_ipsec_sas_installed(a, spi_a, spi_b); assert_hook(); /* CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } --> */ @@ -150,7 +188,8 @@ START_TEST(test_regular_ke_invalid) assert_notify(IN, REKEY_SA); exchange_test_helper->process_message(exchange_test_helper, b, NULL); assert_child_sa_state(b, spi_b, CHILD_REKEYED); - assert_child_sa_state(b, 6, CHILD_INSTALLED); + assert_child_sa_state(b, 6, CHILD_INSTALLED, CHILD_OUTBOUND_REGISTERED); + assert_ipsec_sas_installed(b, spi_a, spi_b, 6); assert_hook(); /* <-- CREATE_CHILD_SA { SA, Nr, [KEr,] TSi, TSr } */ @@ -158,24 +197,37 @@ START_TEST(test_regular_ke_invalid) assert_no_notify(IN, REKEY_SA); exchange_test_helper->process_message(exchange_test_helper, a, NULL); assert_child_sa_state(a, spi_a, CHILD_DELETING); - assert_child_sa_state(a, 5, CHILD_INSTALLED); + assert_child_sa_state(a, 5, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED); + assert_ipsec_sas_installed(a, spi_a, spi_b, 5, 6); assert_hook(); /* INFORMATIONAL { D } --> */ assert_hook_not_called(child_rekey); assert_single_payload(IN, PLV2_DELETE); exchange_test_helper->process_message(exchange_test_helper, b, NULL); - assert_child_sa_state(b, 6, CHILD_INSTALLED); - assert_child_sa_count(b, 1); + assert_child_sa_state(b, spi_b, CHILD_DELETING, CHILD_OUTBOUND_NONE); + assert_child_sa_state(b, 6, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED); + assert_child_sa_count(b, 2); + assert_ipsec_sas_installed(b, spi_b, 5, 6); assert_hook(); /* <-- INFORMATIONAL { D } */ assert_hook_not_called(child_rekey); assert_single_payload(IN, PLV2_DELETE); exchange_test_helper->process_message(exchange_test_helper, a, NULL); + assert_child_sa_state(a, spi_a, CHILD_DELETING, CHILD_OUTBOUND_NONE); assert_child_sa_state(a, 5, CHILD_INSTALLED); - assert_child_sa_count(a, 1); + assert_child_sa_count(a, 2); + assert_ipsec_sas_installed(a, spi_a, 5, 6); assert_hook(); + /* simulate the execution of the scheduled jobs */ + destroy_rekeyed(a, spi_a); + assert_child_sa_count(a, 1); + assert_ipsec_sas_installed(a, 5, 6); + destroy_rekeyed(b, spi_b); + assert_child_sa_count(b, 1); + assert_ipsec_sas_installed(b, 5, 6); + /* child_updown */ assert_hook(); @@ -195,6 +247,7 @@ START_TEST(test_regular_responder_ignore_soft_expire) exchange_test_helper->establish_sa(exchange_test_helper, &a, &b, NULL); initiate_rekey(a, 1); + assert_ipsec_sas_installed(a, 1, 2); /* this should never get called as this results in a successful rekeying */ assert_hook_not_called(child_updown); @@ -204,7 +257,8 @@ START_TEST(test_regular_responder_ignore_soft_expire) assert_notify(IN, REKEY_SA); exchange_test_helper->process_message(exchange_test_helper, b, NULL); assert_child_sa_state(b, 2, CHILD_REKEYED); - assert_child_sa_state(b, 4, CHILD_INSTALLED); + assert_child_sa_state(b, 4, CHILD_INSTALLED, CHILD_OUTBOUND_REGISTERED); + assert_ipsec_sas_installed(b, 1, 2, 4); assert_hook(); /* <-- CREATE_CHILD_SA { SA, Nr, [KEr,] TSi, TSr } */ @@ -212,7 +266,8 @@ START_TEST(test_regular_responder_ignore_soft_expire) assert_no_notify(IN, REKEY_SA); exchange_test_helper->process_message(exchange_test_helper, a, NULL); assert_child_sa_state(a, 1, CHILD_DELETING); - assert_child_sa_state(a, 3, CHILD_INSTALLED); + assert_child_sa_state(a, 3, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED); + assert_ipsec_sas_installed(a, 1, 2, 3, 4); assert_hook(); /* we don't expect this to get called anymore */ @@ -223,15 +278,31 @@ START_TEST(test_regular_responder_ignore_soft_expire) assert_child_sa_state(b, 2, CHILD_REKEYED); /* INFORMATIONAL { D } --> */ + assert_jobs_scheduled(1); assert_single_payload(IN, PLV2_DELETE); exchange_test_helper->process_message(exchange_test_helper, b, NULL); - assert_child_sa_state(b, 4, CHILD_INSTALLED); - assert_child_sa_count(b, 1); + assert_child_sa_state(b, 2, CHILD_DELETING, CHILD_OUTBOUND_NONE); + assert_child_sa_state(b, 4, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED); + assert_child_sa_count(b, 2); + assert_ipsec_sas_installed(b, 2, 3, 4); + assert_scheduler(); /* <-- INFORMATIONAL { D } */ + assert_jobs_scheduled(1); assert_single_payload(IN, PLV2_DELETE); exchange_test_helper->process_message(exchange_test_helper, a, NULL); + assert_child_sa_state(a, 1, CHILD_DELETING, CHILD_OUTBOUND_NONE); assert_child_sa_state(a, 3, CHILD_INSTALLED); + assert_child_sa_count(a, 2); + assert_ipsec_sas_installed(a, 1, 3, 4); + assert_scheduler(); + + /* simulate the execution of the scheduled jobs */ + destroy_rekeyed(a, 1); assert_child_sa_count(a, 1); + assert_ipsec_sas_installed(a, 3, 4); + destroy_rekeyed(b, 2); + assert_child_sa_count(b, 1); + assert_ipsec_sas_installed(b, 3, 4); /* child_rekey/child_updown */ assert_hook(); @@ -254,6 +325,7 @@ START_TEST(test_regular_responder_handle_hard_expire) exchange_test_helper->establish_sa(exchange_test_helper, &a, &b, NULL); initiate_rekey(a, 1); + assert_ipsec_sas_installed(a, 1, 2); /* this should never get called as this results in a successful rekeying */ assert_hook_not_called(child_updown); @@ -263,7 +335,8 @@ START_TEST(test_regular_responder_handle_hard_expire) assert_notify(IN, REKEY_SA); exchange_test_helper->process_message(exchange_test_helper, b, NULL); assert_child_sa_state(b, 2, CHILD_REKEYED); - assert_child_sa_state(b, 4, CHILD_INSTALLED); + assert_child_sa_state(b, 4, CHILD_INSTALLED, CHILD_OUTBOUND_REGISTERED); + assert_ipsec_sas_installed(b, 1, 2, 4); assert_hook(); /* <-- CREATE_CHILD_SA { SA, Nr, [KEr,] TSi, TSr } */ @@ -271,7 +344,8 @@ START_TEST(test_regular_responder_handle_hard_expire) assert_no_notify(IN, REKEY_SA); exchange_test_helper->process_message(exchange_test_helper, a, NULL); assert_child_sa_state(a, 1, CHILD_DELETING); - assert_child_sa_state(a, 3, CHILD_INSTALLED); + assert_child_sa_state(a, 3, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED); + assert_ipsec_sas_installed(a, 1, 2, 3, 4); assert_hook(); /* we don't expect this to get called anymore */ @@ -279,28 +353,51 @@ START_TEST(test_regular_responder_handle_hard_expire) /* this is similar to a regular delete collision */ assert_single_payload(OUT, PLV2_DELETE); call_ikesa(b, delete_child_sa, PROTO_ESP, 2, TRUE); - assert_child_sa_state(b, 2, CHILD_DELETING); + assert_child_sa_state(b, 2, CHILD_DELETING, CHILD_OUTBOUND_INSTALLED); + assert_child_sa_state(b, 4, CHILD_INSTALLED, CHILD_OUTBOUND_REGISTERED); + /* since the SAs expired they would not actually be installed in the kernel + * anymore and since we have not yet installed a new outbound SA this + * will result in dropped packets and possibly acquires */ + assert_ipsec_sas_installed(b, 1, 2, 4); /* INFORMATIONAL { D } --> */ assert_single_payload(IN, PLV2_DELETE); exchange_test_helper->process_message(exchange_test_helper, b, NULL); - assert_child_sa_state(b, 4, CHILD_INSTALLED); - assert_child_sa_state(a, 2, CHILD_DELETING); + assert_child_sa_state(b, 2, CHILD_DELETING, CHILD_OUTBOUND_INSTALLED); + assert_child_sa_state(b, 4, CHILD_INSTALLED, CHILD_OUTBOUND_REGISTERED); + assert_ipsec_sas_installed(b, 1, 2, 4); /* <-- INFORMATIONAL { D } */ assert_single_payload(IN, PLV2_DELETE); exchange_test_helper->process_message(exchange_test_helper, a, NULL); - assert_child_sa_state(a, 3, CHILD_INSTALLED); - assert_child_sa_state(a, 1, CHILD_DELETING); + assert_child_sa_state(a, 1, CHILD_DELETING, CHILD_OUTBOUND_INSTALLED); + assert_child_sa_state(a, 3, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED); + assert_ipsec_sas_installed(a, 1, 2, 3, 4); /* <-- INFORMATIONAL { } */ + assert_jobs_scheduled(1); assert_message_empty(IN); exchange_test_helper->process_message(exchange_test_helper, a, NULL); - assert_child_sa_state(a, 3, CHILD_INSTALLED); - assert_child_sa_count(a, 1); + assert_child_sa_state(a, 1, CHILD_DELETING, CHILD_OUTBOUND_NONE); + assert_child_sa_state(a, 3, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED); + assert_child_sa_count(a, 2); + assert_ipsec_sas_installed(a, 1, 3, 4); + assert_scheduler(); /* INFORMATIONAL { } --> */ + assert_jobs_scheduled(1); assert_message_empty(IN); exchange_test_helper->process_message(exchange_test_helper, b, NULL); - assert_child_sa_state(b, 4, CHILD_INSTALLED); + assert_child_sa_state(b, 2, CHILD_DELETING, CHILD_OUTBOUND_NONE); + assert_child_sa_state(b, 4, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED); + assert_child_sa_count(b, 2); + assert_ipsec_sas_installed(b, 2, 3, 4); + assert_scheduler(); + + /* simulate the execution of the scheduled jobs */ + destroy_rekeyed(a, 1); + assert_child_sa_count(a, 1); + assert_ipsec_sas_installed(a, 3, 4); + destroy_rekeyed(b, 2); assert_child_sa_count(b, 1); + assert_ipsec_sas_installed(b, 3, 4); /* child_rekey/child_updown */ assert_hook(); @@ -350,8 +447,10 @@ START_TEST(test_collision) exchange_test_helper->nonce_first_byte = data[_i].nonces[0]; initiate_rekey(a, 1); + assert_ipsec_sas_installed(a, 1, 2); exchange_test_helper->nonce_first_byte = data[_i].nonces[1]; initiate_rekey(b, 2); + assert_ipsec_sas_installed(b, 1, 2); /* this should never get called as this results in a successful rekeying */ assert_hook_not_called(child_updown); @@ -360,15 +459,17 @@ START_TEST(test_collision) exchange_test_helper->nonce_first_byte = data[_i].nonces[2]; assert_hook_rekey(child_rekey, 2, 5); exchange_test_helper->process_message(exchange_test_helper, b, NULL); - assert_child_sa_state(b, 2, CHILD_REKEYED); - assert_child_sa_state(b, 5, CHILD_INSTALLED); + assert_child_sa_state(b, 2, CHILD_REKEYED, CHILD_OUTBOUND_INSTALLED); + assert_child_sa_state(b, 5, CHILD_INSTALLED, CHILD_OUTBOUND_REGISTERED); + assert_ipsec_sas_installed(b, 1, 2, 5); assert_hook(); /* <-- CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } */ exchange_test_helper->nonce_first_byte = data[_i].nonces[3]; assert_hook_rekey(child_rekey, 1, 6); exchange_test_helper->process_message(exchange_test_helper, a, NULL); - assert_child_sa_state(a, 1, CHILD_REKEYED); - assert_child_sa_state(a, 6, CHILD_INSTALLED); + assert_child_sa_state(a, 1, CHILD_REKEYED, CHILD_OUTBOUND_INSTALLED); + assert_child_sa_state(a, 6, CHILD_INSTALLED, CHILD_OUTBOUND_REGISTERED); + assert_ipsec_sas_installed(a, 1, 2, 6); assert_hook(); /* <-- CREATE_CHILD_SA { SA, Nr, [KEr,] TSi, TSr } */ @@ -378,53 +479,113 @@ START_TEST(test_collision) assert_hook_rekey(child_rekey, 1, data[_i].spi_a); exchange_test_helper->process_message(exchange_test_helper, a, NULL); assert_hook(); + assert_child_sa_state(a, data[_i].spi_del_b, CHILD_REKEYED, + CHILD_OUTBOUND_REGISTERED); + assert_child_sa_state(a, data[_i].spi_a, CHILD_INSTALLED, + CHILD_OUTBOUND_INSTALLED); } else { assert_hook_not_called(child_rekey); exchange_test_helper->process_message(exchange_test_helper, a, NULL); assert_hook(); + assert_child_sa_state(a, data[_i].spi_del_b, CHILD_REKEYED, + CHILD_OUTBOUND_INSTALLED); + assert_child_sa_state(a, data[_i].spi_a, CHILD_INSTALLED, + CHILD_OUTBOUND_REGISTERED); } - assert_child_sa_state(a, data[_i].spi_del_a, CHILD_DELETING); - assert_child_sa_state(a, data[_i].spi_del_b, CHILD_REKEYED); - assert_child_sa_state(a, data[_i].spi_a, CHILD_INSTALLED); + assert_child_sa_state(a, data[_i].spi_del_a, CHILD_DELETING, + CHILD_OUTBOUND_INSTALLED); + assert_ipsec_sas_installed(a, 1, 2, 3, 5, 6); /* CREATE_CHILD_SA { SA, Nr, [KEr,] TSi, TSr } --> */ if (data[_i].spi_del_b == 2) { assert_hook_rekey(child_rekey, 2, data[_i].spi_b); exchange_test_helper->process_message(exchange_test_helper, b, NULL); assert_hook(); + assert_child_sa_state(b, data[_i].spi_del_a, CHILD_REKEYED, + CHILD_OUTBOUND_REGISTERED); + assert_child_sa_state(b, data[_i].spi_b, CHILD_INSTALLED, + CHILD_OUTBOUND_INSTALLED); } else { assert_hook_not_called(child_rekey); exchange_test_helper->process_message(exchange_test_helper, b, NULL); assert_hook(); + assert_child_sa_state(b, data[_i].spi_del_a, CHILD_REKEYED, + CHILD_OUTBOUND_INSTALLED); + assert_child_sa_state(b, data[_i].spi_b, CHILD_INSTALLED, + CHILD_OUTBOUND_REGISTERED); } - assert_child_sa_state(b, data[_i].spi_del_b, CHILD_DELETING); - assert_child_sa_state(b, data[_i].spi_del_a, CHILD_REKEYED); - assert_child_sa_state(b, data[_i].spi_b, CHILD_INSTALLED); + assert_child_sa_state(b, data[_i].spi_del_b, CHILD_DELETING, + CHILD_OUTBOUND_INSTALLED); + assert_ipsec_sas_installed(b, 1, 2, 4, 5, 6); /* we don't expect this hook to get called anymore */ assert_hook_not_called(child_rekey); /* INFORMATIONAL { D } --> */ + assert_jobs_scheduled(1); exchange_test_helper->process_message(exchange_test_helper, b, NULL); - assert_child_sa_state(b, data[_i].spi_del_b, CHILD_DELETING); - assert_child_sa_state(b, data[_i].spi_b, CHILD_INSTALLED); - assert_child_sa_count(b, 2); + assert_child_sa_state(b, data[_i].spi_del_b, CHILD_DELETING, + CHILD_OUTBOUND_INSTALLED); + assert_child_sa_state(b, data[_i].spi_del_a, CHILD_DELETING, + CHILD_OUTBOUND_NONE); + assert_child_sa_state(b, data[_i].spi_b, CHILD_INSTALLED, + CHILD_OUTBOUND_INSTALLED); + assert_child_sa_count(b, 3); + assert_ipsec_sas_installed(b, 2, 4, 5, 6, + data[_i].spi_del_b == 2 ? 1 : 3); + assert_scheduler(); /* <-- INFORMATIONAL { D } */ + assert_jobs_scheduled(1); exchange_test_helper->process_message(exchange_test_helper, a, NULL); - assert_child_sa_state(a, data[_i].spi_del_a, CHILD_DELETING); - assert_child_sa_state(a, data[_i].spi_a, CHILD_INSTALLED); - assert_child_sa_count(a, 2); + assert_child_sa_state(a, data[_i].spi_del_a, CHILD_DELETING, + CHILD_OUTBOUND_INSTALLED); + assert_child_sa_state(a, data[_i].spi_del_b, CHILD_DELETING, + CHILD_OUTBOUND_NONE); + assert_child_sa_state(a, data[_i].spi_a, CHILD_INSTALLED, + CHILD_OUTBOUND_INSTALLED); + assert_child_sa_count(a, 3); + assert_ipsec_sas_installed(a, 1, 3, 5, 6, + data[_i].spi_del_a == 1 ? 2 : 4); + assert_scheduler(); /* <-- INFORMATIONAL { D } */ + assert_jobs_scheduled(1); exchange_test_helper->process_message(exchange_test_helper, a, NULL); - assert_child_sa_state(a, data[_i].spi_a, CHILD_INSTALLED); - assert_child_sa_count(a, 1); + assert_child_sa_state(a, data[_i].spi_del_a, CHILD_DELETING, + CHILD_OUTBOUND_NONE); + assert_child_sa_state(a, data[_i].spi_del_b, CHILD_DELETING, + CHILD_OUTBOUND_NONE); + assert_child_sa_state(a, data[_i].spi_a, CHILD_INSTALLED, + CHILD_OUTBOUND_INSTALLED); + assert_child_sa_count(a, 3); + assert_ipsec_sas_installed(a, 1, 3, 6, + data[_i].spi_del_a == 1 ? 5 : 4); + assert_scheduler(); /* INFORMATIONAL { D } --> */ + assert_jobs_scheduled(1); exchange_test_helper->process_message(exchange_test_helper, b, NULL); - assert_child_sa_state(b, data[_i].spi_b, CHILD_INSTALLED); + assert_child_sa_state(b, data[_i].spi_del_b, CHILD_DELETING, + CHILD_OUTBOUND_NONE); + assert_child_sa_state(b, data[_i].spi_del_a, CHILD_DELETING, + CHILD_OUTBOUND_NONE); + assert_child_sa_state(b, data[_i].spi_b, CHILD_INSTALLED, + CHILD_OUTBOUND_INSTALLED); + assert_child_sa_count(b, 3); + assert_ipsec_sas_installed(b, 2, 4, 5, + data[_i].spi_del_b == 2 ? 6 : 3); + assert_scheduler(); + + /* simulate the execution of the scheduled jobs */ + destroy_rekeyed(a, data[_i].spi_del_a); + destroy_rekeyed(a, data[_i].spi_del_b); + assert_child_sa_count(a, 1); + assert_ipsec_sas_installed(a, data[_i].spi_a, data[_i].spi_b); + destroy_rekeyed(b, data[_i].spi_del_a); + destroy_rekeyed(b, data[_i].spi_del_b); assert_child_sa_count(b, 1); + assert_ipsec_sas_installed(b, data[_i].spi_a, data[_i].spi_b); /* child_rekey/child_updown */ assert_hook(); @@ -483,8 +644,10 @@ START_TEST(test_collision_delayed_response) exchange_test_helper->nonce_first_byte = data[_i].nonces[0]; initiate_rekey(a, 1); + assert_ipsec_sas_installed(a, 1, 2); exchange_test_helper->nonce_first_byte = data[_i].nonces[1]; initiate_rekey(b, 2); + assert_ipsec_sas_installed(b, 1, 2); /* this should never get called as this results in a successful rekeying */ assert_hook_not_called(child_updown); @@ -493,15 +656,17 @@ START_TEST(test_collision_delayed_response) exchange_test_helper->nonce_first_byte = data[_i].nonces[2]; assert_hook_rekey(child_rekey, 2, 5); exchange_test_helper->process_message(exchange_test_helper, b, NULL); - assert_child_sa_state(b, 2, CHILD_REKEYED); - assert_child_sa_state(b, 5, CHILD_INSTALLED); + assert_child_sa_state(b, 2, CHILD_REKEYED, CHILD_OUTBOUND_INSTALLED); + assert_child_sa_state(b, 5, CHILD_INSTALLED, CHILD_OUTBOUND_REGISTERED); + assert_ipsec_sas_installed(b, 1, 2, 5); assert_hook(); /* <-- CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } */ exchange_test_helper->nonce_first_byte = data[_i].nonces[3]; assert_hook_rekey(child_rekey, 1, 6); exchange_test_helper->process_message(exchange_test_helper, a, NULL); - assert_child_sa_state(a, 1, CHILD_REKEYED); - assert_child_sa_state(a, 6, CHILD_INSTALLED); + assert_child_sa_state(a, 1, CHILD_REKEYED, CHILD_OUTBOUND_INSTALLED); + assert_child_sa_state(a, 6, CHILD_INSTALLED, CHILD_OUTBOUND_REGISTERED); + assert_ipsec_sas_installed(a, 1, 2, 6); assert_hook(); /* delay the CREATE_CHILD_SA response from b to a */ @@ -513,35 +678,68 @@ START_TEST(test_collision_delayed_response) assert_hook_rekey(child_rekey, 2, data[_i].spi_b); exchange_test_helper->process_message(exchange_test_helper, b, NULL); assert_hook(); + assert_child_sa_state(b, data[_i].spi_del_a, CHILD_REKEYED, + CHILD_OUTBOUND_REGISTERED); + assert_child_sa_state(b, data[_i].spi_b, CHILD_INSTALLED, + CHILD_OUTBOUND_INSTALLED); } else { assert_hook_not_called(child_rekey); exchange_test_helper->process_message(exchange_test_helper, b, NULL); assert_hook(); + assert_child_sa_state(b, data[_i].spi_del_a, CHILD_REKEYED, + CHILD_OUTBOUND_INSTALLED); + assert_child_sa_state(b, data[_i].spi_b, CHILD_INSTALLED, + CHILD_OUTBOUND_REGISTERED); } - assert_child_sa_state(b, data[_i].spi_del_b, CHILD_DELETING); - assert_child_sa_state(b, data[_i].spi_del_a, CHILD_REKEYED); - assert_child_sa_state(b, data[_i].spi_b, CHILD_INSTALLED); + assert_child_sa_state(b, data[_i].spi_del_b, CHILD_DELETING, + CHILD_OUTBOUND_INSTALLED); + assert_ipsec_sas_installed(b, 1, 2, 4, 5, 6); /* <-- INFORMATIONAL { D } */ assert_hook_not_called(child_rekey); + assert_jobs_scheduled(1); exchange_test_helper->process_message(exchange_test_helper, a, NULL); if (data[_i].spi_del_b == 2) { - assert_child_sa_state(a, data[_i].spi_a, CHILD_INSTALLED); - assert_child_sa_count(a, 1); + assert_child_sa_state(a, 1, CHILD_DELETING, CHILD_OUTBOUND_NONE); + assert_child_sa_state(a, data[_i].spi_a, CHILD_INSTALLED, + CHILD_OUTBOUND_INSTALLED); + assert_ipsec_sas_installed(a, 1, 4, 6); } else { - assert_child_sa_state(a, 1, CHILD_REKEYED); - assert_child_sa_count(a, 1); + assert_child_sa_state(a, 1, CHILD_REKEYED, CHILD_OUTBOUND_INSTALLED); + assert_child_sa_state(a, data[_i].spi_del_b, CHILD_DELETING, + CHILD_OUTBOUND_NONE); + assert_ipsec_sas_installed(a, 1, 2, 6); } + assert_child_sa_count(a, 2); + assert_scheduler(); /* INFORMATIONAL { D } --> */ + assert_jobs_scheduled(1); exchange_test_helper->process_message(exchange_test_helper, b, NULL); - assert_child_sa_state(b, data[_i].spi_del_a, CHILD_REKEYED); - assert_child_sa_state(b, data[_i].spi_b, CHILD_INSTALLED); - assert_child_sa_count(b, 2); + if (data[_i].spi_del_b == 2) + { + assert_child_sa_state(b, data[_i].spi_del_a, CHILD_REKEYED, + CHILD_OUTBOUND_REGISTERED); + assert_child_sa_state(b, data[_i].spi_b, CHILD_INSTALLED, + CHILD_OUTBOUND_INSTALLED); + assert_ipsec_sas_installed(b, 2, 4, 5, 6); + } + else + { + assert_child_sa_state(b, data[_i].spi_del_a, CHILD_REKEYED, + CHILD_OUTBOUND_INSTALLED); + assert_child_sa_state(b, data[_i].spi_b, CHILD_INSTALLED, + CHILD_OUTBOUND_REGISTERED); + assert_ipsec_sas_installed(b, 1, 2, 4, 5); + } + assert_child_sa_state(b, data[_i].spi_del_b, CHILD_DELETING, + CHILD_OUTBOUND_NONE); + assert_child_sa_count(b, 3); + assert_scheduler(); assert_hook(); /* <-- CREATE_CHILD_SA { SA, Nr, [KEr,] TSi, TSr } (delayed) */ @@ -557,20 +755,54 @@ START_TEST(test_collision_delayed_response) exchange_test_helper->process_message(exchange_test_helper, a, msg); assert_hook(); } - assert_child_sa_state(a, data[_i].spi_del_a, CHILD_DELETING); - assert_child_sa_state(a, data[_i].spi_a, CHILD_INSTALLED); - assert_child_sa_count(a, 2); + assert_child_sa_state(a, data[_i].spi_del_a, CHILD_DELETING, + CHILD_OUTBOUND_INSTALLED); + assert_child_sa_state(a, data[_i].spi_del_b, CHILD_DELETING, + CHILD_OUTBOUND_NONE); + assert_child_sa_state(a, data[_i].spi_a, CHILD_INSTALLED, + CHILD_OUTBOUND_INSTALLED); + assert_ipsec_sas_installed(a, 1, 3, 5, 6, + data[_i].spi_del_a == 1 ? 2 : 4); + assert_child_sa_count(a, 3); /* we don't expect this hook to get called anymore */ assert_hook_not_called(child_rekey); /* INFORMATIONAL { D } --> */ + assert_jobs_scheduled(1); exchange_test_helper->process_message(exchange_test_helper, b, NULL); - assert_child_sa_state(b, data[_i].spi_b, CHILD_INSTALLED); - assert_child_sa_count(b, 1); + assert_child_sa_state(b, data[_i].spi_del_a, CHILD_DELETING, + CHILD_OUTBOUND_NONE); + assert_child_sa_state(b, data[_i].spi_del_b, CHILD_DELETING, + CHILD_OUTBOUND_NONE); + assert_child_sa_state(b, data[_i].spi_b, CHILD_INSTALLED, + CHILD_OUTBOUND_INSTALLED); + assert_ipsec_sas_installed(b, 2, 4, 5, + data[_i].spi_del_b == 2 ? 6 : 3); + assert_child_sa_count(b, 3); + assert_scheduler(); /* <-- INFORMATIONAL { D } */ + assert_jobs_scheduled(1); exchange_test_helper->process_message(exchange_test_helper, a, NULL); - assert_child_sa_state(a, data[_i].spi_a, CHILD_INSTALLED); + assert_child_sa_state(a, data[_i].spi_del_a, CHILD_DELETING, + CHILD_OUTBOUND_NONE); + assert_child_sa_state(a, data[_i].spi_del_b, CHILD_DELETING, + CHILD_OUTBOUND_NONE); + assert_child_sa_state(a, data[_i].spi_a, CHILD_INSTALLED, + CHILD_OUTBOUND_INSTALLED); + assert_child_sa_count(a, 3); + assert_ipsec_sas_installed(a, 1, 3, 6, + data[_i].spi_del_a == 1 ? 5 : 4); + assert_scheduler(); + + /* simulate the execution of the scheduled jobs */ + destroy_rekeyed(a, data[_i].spi_del_a); + destroy_rekeyed(a, data[_i].spi_del_b); assert_child_sa_count(a, 1); + assert_ipsec_sas_installed(a, data[_i].spi_a, data[_i].spi_b); + destroy_rekeyed(b, data[_i].spi_del_a); + destroy_rekeyed(b, data[_i].spi_del_b); + assert_child_sa_count(b, 1); + assert_ipsec_sas_installed(b, data[_i].spi_a, data[_i].spi_b); /* child_rekey/child_updown */ assert_hook(); @@ -621,8 +853,10 @@ START_TEST(test_collision_delayed_request) exchange_test_helper->nonce_first_byte = data[_i].nonces[0]; initiate_rekey(a, 1); + assert_ipsec_sas_installed(a, 1, 2); exchange_test_helper->nonce_first_byte = data[_i].nonces[1]; initiate_rekey(b, 2); + assert_ipsec_sas_installed(b, 1, 2); /* delay the CREATE_CHILD_SA request from a to b */ msg = exchange_test_helper->sender->dequeue(exchange_test_helper->sender); @@ -634,14 +868,16 @@ START_TEST(test_collision_delayed_request) exchange_test_helper->nonce_first_byte = data[_i].nonces[2]; assert_hook_rekey(child_rekey, 1, 5); exchange_test_helper->process_message(exchange_test_helper, a, NULL); - assert_child_sa_state(a, 1, CHILD_REKEYED); - assert_child_sa_state(a, 5, CHILD_INSTALLED); + assert_child_sa_state(a, 1, CHILD_REKEYED, CHILD_OUTBOUND_INSTALLED); + assert_child_sa_state(a, 5, CHILD_INSTALLED, CHILD_OUTBOUND_REGISTERED); + assert_ipsec_sas_installed(a, 1, 2, 5); assert_hook(); /* CREATE_CHILD_SA { SA, Nr, [KEr,] TSi, TSr } --> */ assert_hook_rekey(child_rekey, 2, 4); exchange_test_helper->process_message(exchange_test_helper, b, NULL); - assert_child_sa_state(b, 2, CHILD_DELETING); - assert_child_sa_state(b, 4, CHILD_INSTALLED); + assert_child_sa_state(b, 2, CHILD_DELETING, CHILD_OUTBOUND_INSTALLED); + assert_child_sa_state(b, 4, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED); + assert_ipsec_sas_installed(b, 1, 2, 4, 5); assert_hook(); /* we don't expect this hook to get called anymore */ @@ -650,25 +886,43 @@ START_TEST(test_collision_delayed_request) /* CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } --> (delayed) */ assert_single_notify(OUT, TEMPORARY_FAILURE); exchange_test_helper->process_message(exchange_test_helper, b, msg); - assert_child_sa_state(b, 2, CHILD_DELETING); - assert_child_sa_state(b, 4, CHILD_INSTALLED); + assert_child_sa_state(b, 2, CHILD_DELETING, CHILD_OUTBOUND_INSTALLED); + assert_child_sa_state(b, 4, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED); /* <-- INFORMATIONAL { D } */ + assert_jobs_scheduled(1); exchange_test_helper->process_message(exchange_test_helper, a, NULL); - assert_child_sa_state(a, 5, CHILD_INSTALLED); - assert_child_sa_count(a, 1); + assert_child_sa_state(a, 1, CHILD_DELETING, CHILD_OUTBOUND_NONE); + assert_child_sa_state(a, 5, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED); + assert_child_sa_count(a, 2); + assert_ipsec_sas_installed(a, 1, 4, 5); + assert_scheduler(); /* <-- CREATE_CHILD_SA { N(TEMP_FAIL) } */ assert_no_jobs_scheduled(); exchange_test_helper->process_message(exchange_test_helper, a, NULL); - assert_child_sa_state(a, 5, CHILD_INSTALLED); - assert_child_sa_count(a, 1); + assert_child_sa_state(a, 1, CHILD_DELETING, CHILD_OUTBOUND_NONE); + assert_child_sa_state(a, 5, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED); + assert_child_sa_count(a, 2); + assert_ipsec_sas_installed(a, 1, 4, 5); assert_scheduler(); /* INFORMATIONAL { D } --> */ + assert_jobs_scheduled(1); exchange_test_helper->process_message(exchange_test_helper, b, NULL); - assert_child_sa_state(b, 4, CHILD_INSTALLED); + assert_child_sa_state(b, 2, CHILD_DELETING, CHILD_OUTBOUND_NONE); + assert_child_sa_state(b, 4, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED); + assert_child_sa_count(b, 2); + assert_ipsec_sas_installed(b, 2, 4, 5); + assert_scheduler(); + + /* simulate the execution of the scheduled jobs */ + destroy_rekeyed(a, 1); + assert_child_sa_count(a, 1); + assert_ipsec_sas_installed(a, 4, 5); + destroy_rekeyed(b, 2); assert_child_sa_count(b, 1); + assert_ipsec_sas_installed(b, 4, 5); /* child_rekey/child_updown */ assert_hook(); @@ -722,8 +976,10 @@ START_TEST(test_collision_delayed_request_more) exchange_test_helper->nonce_first_byte = data[_i].nonces[0]; initiate_rekey(a, 1); + assert_ipsec_sas_installed(a, 1, 2); exchange_test_helper->nonce_first_byte = data[_i].nonces[1]; initiate_rekey(b, 2); + assert_ipsec_sas_installed(b, 1, 2); /* delay the CREATE_CHILD_SA request from a to b */ msg = exchange_test_helper->sender->dequeue(exchange_test_helper->sender); @@ -735,40 +991,62 @@ START_TEST(test_collision_delayed_request_more) exchange_test_helper->nonce_first_byte = data[_i].nonces[2]; assert_hook_rekey(child_rekey, 1, 5); exchange_test_helper->process_message(exchange_test_helper, a, NULL); - assert_child_sa_state(a, 1, CHILD_REKEYED); - assert_child_sa_state(a, 5, CHILD_INSTALLED); + assert_child_sa_state(a, 1, CHILD_REKEYED, CHILD_OUTBOUND_INSTALLED); + assert_child_sa_state(a, 5, CHILD_INSTALLED, CHILD_OUTBOUND_REGISTERED); + assert_ipsec_sas_installed(a, 1, 2, 5); assert_hook(); /* CREATE_CHILD_SA { SA, Nr, [KEr,] TSi, TSr } --> */ assert_hook_rekey(child_rekey, 2, 4); exchange_test_helper->process_message(exchange_test_helper, b, NULL); - assert_child_sa_state(b, 2, CHILD_DELETING); - assert_child_sa_state(b, 4, CHILD_INSTALLED); + assert_child_sa_state(b, 2, CHILD_DELETING, CHILD_OUTBOUND_INSTALLED); + assert_child_sa_state(b, 4, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED); + assert_ipsec_sas_installed(b, 1, 2, 4, 5); assert_hook(); /* we don't expect this hook to get called anymore */ assert_hook_not_called(child_rekey); /* <-- INFORMATIONAL { D } */ + assert_jobs_scheduled(1); exchange_test_helper->process_message(exchange_test_helper, a, NULL); - assert_child_sa_state(a, 5, CHILD_INSTALLED); - assert_child_sa_count(a, 1); + assert_child_sa_state(a, 1, CHILD_DELETING, CHILD_OUTBOUND_NONE); + assert_child_sa_state(a, 5, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED); + assert_child_sa_count(a, 2); + assert_ipsec_sas_installed(a, 1, 4, 5); + assert_scheduler(); /* INFORMATIONAL { D } --> */ + assert_jobs_scheduled(1); exchange_test_helper->process_message(exchange_test_helper, b, NULL); - assert_child_sa_state(b, 4, CHILD_INSTALLED); - assert_child_sa_count(b, 1); + assert_child_sa_state(b, 2, CHILD_DELETING, CHILD_OUTBOUND_NONE); + assert_child_sa_state(b, 4, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED); + assert_child_sa_count(b, 2); + assert_ipsec_sas_installed(b, 2, 4, 5); + assert_scheduler(); /* CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } --> */ assert_single_notify(OUT, CHILD_SA_NOT_FOUND); exchange_test_helper->process_message(exchange_test_helper, b, msg); - assert_child_sa_state(b, 4, CHILD_INSTALLED); - assert_child_sa_count(b, 1); + assert_child_sa_state(b, 2, CHILD_DELETING, CHILD_OUTBOUND_NONE); + assert_child_sa_state(b, 4, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED); + assert_child_sa_count(b, 2); + assert_ipsec_sas_installed(b, 2, 4, 5); /* <-- CREATE_CHILD_SA { N(NO_CHILD_SA) } */ assert_no_jobs_scheduled(); exchange_test_helper->process_message(exchange_test_helper, a, NULL); - assert_child_sa_state(a, 5, CHILD_INSTALLED); - assert_child_sa_count(a, 1); + assert_child_sa_state(a, 1, CHILD_DELETING, CHILD_OUTBOUND_NONE); + assert_child_sa_state(a, 5, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED); + assert_child_sa_count(a, 2); + assert_ipsec_sas_installed(a, 1, 4, 5); assert_scheduler(); + /* simulate the execution of the scheduled jobs */ + destroy_rekeyed(a, 1); + assert_child_sa_count(a, 1); + assert_ipsec_sas_installed(a, 4, 5); + destroy_rekeyed(b, 2); + assert_child_sa_count(b, 1); + assert_ipsec_sas_installed(b, 4, 5); + /* child_rekey/child_updown */ assert_hook(); assert_hook(); @@ -842,13 +1120,13 @@ START_TEST(test_collision_ke_invalid) /* CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } --> */ assert_hook_not_called(child_rekey); exchange_test_helper->process_message(exchange_test_helper, b, NULL); - assert_child_sa_state(b, 2, CHILD_REKEYING); + assert_child_sa_state(b, 2, CHILD_REKEYING, CHILD_OUTBOUND_INSTALLED); assert_child_sa_count(b, 1); assert_hook(); /* <-- CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } */ assert_hook_not_called(child_rekey); exchange_test_helper->process_message(exchange_test_helper, a, NULL); - assert_child_sa_state(a, 1, CHILD_REKEYING); + assert_child_sa_state(a, 1, CHILD_REKEYING, CHILD_OUTBOUND_INSTALLED); assert_child_sa_count(a, 1); assert_hook(); @@ -857,7 +1135,7 @@ START_TEST(test_collision_ke_invalid) assert_hook_not_called(child_rekey); assert_single_notify(IN, INVALID_KE_PAYLOAD); exchange_test_helper->process_message(exchange_test_helper, a, NULL); - assert_child_sa_state(a, 1, CHILD_REKEYING); + assert_child_sa_state(a, 1, CHILD_REKEYING, CHILD_OUTBOUND_INSTALLED); assert_child_sa_count(a, 1); assert_hook(); /* CREATE_CHILD_SA { N(INVAL_KE) } --> */ @@ -865,7 +1143,7 @@ START_TEST(test_collision_ke_invalid) assert_hook_not_called(child_rekey); assert_single_notify(IN, INVALID_KE_PAYLOAD); exchange_test_helper->process_message(exchange_test_helper, b, NULL); - assert_child_sa_state(b, 2, CHILD_REKEYING); + assert_child_sa_state(b, 2, CHILD_REKEYING, CHILD_OUTBOUND_INSTALLED); assert_child_sa_count(b, 1); assert_hook(); @@ -873,15 +1151,15 @@ START_TEST(test_collision_ke_invalid) exchange_test_helper->nonce_first_byte = data[_i].nonces[2]; assert_hook_rekey(child_rekey, 2, 9); exchange_test_helper->process_message(exchange_test_helper, b, NULL); - assert_child_sa_state(b, 2, CHILD_REKEYED); - assert_child_sa_state(b, 9, CHILD_INSTALLED); + assert_child_sa_state(b, 2, CHILD_REKEYED, CHILD_OUTBOUND_INSTALLED); + assert_child_sa_state(b, 9, CHILD_INSTALLED, CHILD_OUTBOUND_REGISTERED); assert_hook(); /* <-- CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } */ exchange_test_helper->nonce_first_byte = data[_i].nonces[3]; assert_hook_rekey(child_rekey, 1, 10); exchange_test_helper->process_message(exchange_test_helper, a, NULL); - assert_child_sa_state(a, 1, CHILD_REKEYED); - assert_child_sa_state(a,10, CHILD_INSTALLED); + assert_child_sa_state(a, 1, CHILD_REKEYED, CHILD_OUTBOUND_INSTALLED); + assert_child_sa_state(a,10, CHILD_INSTALLED, CHILD_OUTBOUND_REGISTERED); assert_hook(); /* <-- CREATE_CHILD_SA { SA, Nr, [KEr,] TSi, TSr } */ @@ -891,49 +1169,99 @@ START_TEST(test_collision_ke_invalid) assert_hook_rekey(child_rekey, 1, data[_i].spi_a); exchange_test_helper->process_message(exchange_test_helper, a, NULL); assert_hook(); + assert_child_sa_state(a, data[_i].spi_del_b, CHILD_REKEYED, + CHILD_OUTBOUND_REGISTERED); + assert_child_sa_state(a, data[_i].spi_a, CHILD_INSTALLED, + CHILD_OUTBOUND_INSTALLED); } else { exchange_test_helper->process_message(exchange_test_helper, a, NULL); + assert_child_sa_state(a, data[_i].spi_del_b, CHILD_REKEYED, + CHILD_OUTBOUND_INSTALLED); + assert_child_sa_state(a, data[_i].spi_a, CHILD_INSTALLED, + CHILD_OUTBOUND_REGISTERED); } - assert_child_sa_state(a, data[_i].spi_del_a, CHILD_DELETING); - assert_child_sa_state(a, data[_i].spi_del_b, CHILD_REKEYED); - assert_child_sa_state(a, data[_i].spi_a, CHILD_INSTALLED); + assert_child_sa_state(a, data[_i].spi_del_a, CHILD_DELETING, + CHILD_OUTBOUND_INSTALLED); /* CREATE_CHILD_SA { SA, Nr, [KEr,] TSi, TSr } --> */ if (data[_i].spi_del_b == 2) { assert_hook_rekey(child_rekey, 2, data[_i].spi_b); exchange_test_helper->process_message(exchange_test_helper, b, NULL); assert_hook(); + assert_child_sa_state(b, data[_i].spi_del_a, CHILD_REKEYED, + CHILD_OUTBOUND_REGISTERED); + assert_child_sa_state(b, data[_i].spi_b, CHILD_INSTALLED, + CHILD_OUTBOUND_INSTALLED); } else { exchange_test_helper->process_message(exchange_test_helper, b, NULL); + assert_child_sa_state(b, data[_i].spi_del_a, CHILD_REKEYED, + CHILD_OUTBOUND_INSTALLED); + assert_child_sa_state(b, data[_i].spi_b, CHILD_INSTALLED, + CHILD_OUTBOUND_REGISTERED); } - assert_child_sa_state(b, data[_i].spi_del_b, CHILD_DELETING); - assert_child_sa_state(b, data[_i].spi_del_a, CHILD_REKEYED); - assert_child_sa_state(b, data[_i].spi_b, CHILD_INSTALLED); + assert_child_sa_state(b, data[_i].spi_del_b, CHILD_DELETING, + CHILD_OUTBOUND_INSTALLED); /* we don't expect this hook to get called anymore */ assert_hook_not_called(child_rekey); /* INFORMATIONAL { D } --> */ + assert_jobs_scheduled(1); exchange_test_helper->process_message(exchange_test_helper, b, NULL); - assert_child_sa_state(b, data[_i].spi_del_b, CHILD_DELETING); - assert_child_sa_state(b, data[_i].spi_b, CHILD_INSTALLED); - assert_child_sa_count(b, 2); + assert_child_sa_state(b, data[_i].spi_del_b, CHILD_DELETING, + CHILD_OUTBOUND_INSTALLED); + assert_child_sa_state(b, data[_i].spi_del_a, CHILD_DELETING, + CHILD_OUTBOUND_NONE); + assert_child_sa_state(b, data[_i].spi_b, CHILD_INSTALLED, + CHILD_OUTBOUND_INSTALLED); + assert_child_sa_count(b, 3); + assert_scheduler(); /* <-- INFORMATIONAL { D } */ + assert_jobs_scheduled(1); exchange_test_helper->process_message(exchange_test_helper, a, NULL); - assert_child_sa_state(a, data[_i].spi_del_a, CHILD_DELETING); - assert_child_sa_state(a, data[_i].spi_a, CHILD_INSTALLED); - assert_child_sa_count(a, 2); + assert_child_sa_state(a, data[_i].spi_del_a, CHILD_DELETING, + CHILD_OUTBOUND_INSTALLED); + assert_child_sa_state(a, data[_i].spi_del_b, CHILD_DELETING, + CHILD_OUTBOUND_NONE); + assert_child_sa_state(a, data[_i].spi_a, CHILD_INSTALLED, + CHILD_OUTBOUND_INSTALLED); + assert_child_sa_count(a, 3); + assert_scheduler(); /* <-- INFORMATIONAL { D } */ + assert_jobs_scheduled(1); exchange_test_helper->process_message(exchange_test_helper, a, NULL); - assert_child_sa_state(a, data[_i].spi_a, CHILD_INSTALLED); - assert_child_sa_count(a, 1); + assert_child_sa_state(a, data[_i].spi_del_a, CHILD_DELETING, + CHILD_OUTBOUND_NONE); + assert_child_sa_state(a, data[_i].spi_del_b, CHILD_DELETING, + CHILD_OUTBOUND_NONE); + assert_child_sa_state(a, data[_i].spi_a, CHILD_INSTALLED, + CHILD_OUTBOUND_INSTALLED); + assert_child_sa_count(a, 3); + assert_scheduler(); /* INFORMATIONAL { D } --> */ + assert_jobs_scheduled(1); exchange_test_helper->process_message(exchange_test_helper, b, NULL); - assert_child_sa_state(b, data[_i].spi_b, CHILD_INSTALLED); + assert_child_sa_state(b, data[_i].spi_del_b, CHILD_DELETING, + CHILD_OUTBOUND_NONE); + assert_child_sa_state(b, data[_i].spi_del_a, CHILD_DELETING, + CHILD_OUTBOUND_NONE); + assert_child_sa_state(b, data[_i].spi_b, CHILD_INSTALLED, + CHILD_OUTBOUND_INSTALLED); + assert_child_sa_count(b, 3); + assert_scheduler(); + + /* simulate the execution of the scheduled jobs */ + destroy_rekeyed(a, data[_i].spi_del_a); + destroy_rekeyed(a, data[_i].spi_del_b); + assert_child_sa_count(a, 1); + assert_ipsec_sas_installed(a, data[_i].spi_a, data[_i].spi_b); + destroy_rekeyed(b, data[_i].spi_del_a); + destroy_rekeyed(b, data[_i].spi_del_b); assert_child_sa_count(b, 1); + assert_ipsec_sas_installed(b, data[_i].spi_a, data[_i].spi_b); /* child_rekey/child_updown */ assert_hook(); @@ -1004,13 +1332,13 @@ START_TEST(test_collision_ke_invalid_delayed_retry) /* CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } --> */ assert_hook_not_called(child_rekey); exchange_test_helper->process_message(exchange_test_helper, b, NULL); - assert_child_sa_state(b, 2, CHILD_REKEYING); + assert_child_sa_state(b, 2, CHILD_REKEYING, CHILD_OUTBOUND_INSTALLED); assert_child_sa_count(b, 1); assert_hook(); /* <-- CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } */ assert_hook_not_called(child_rekey); exchange_test_helper->process_message(exchange_test_helper, a, NULL); - assert_child_sa_state(a, 1, CHILD_REKEYING); + assert_child_sa_state(a, 1, CHILD_REKEYING, CHILD_OUTBOUND_INSTALLED); assert_child_sa_count(a, 1); assert_hook(); @@ -1019,7 +1347,7 @@ START_TEST(test_collision_ke_invalid_delayed_retry) assert_hook_not_called(child_rekey); assert_single_notify(IN, INVALID_KE_PAYLOAD); exchange_test_helper->process_message(exchange_test_helper, a, NULL); - assert_child_sa_state(a, 1, CHILD_REKEYING); + assert_child_sa_state(a, 1, CHILD_REKEYING, CHILD_OUTBOUND_INSTALLED); assert_child_sa_count(a, 1); assert_hook(); /* CREATE_CHILD_SA { N(INVAL_KE) } --> */ @@ -1027,7 +1355,7 @@ START_TEST(test_collision_ke_invalid_delayed_retry) assert_hook_not_called(child_rekey); assert_single_notify(IN, INVALID_KE_PAYLOAD); exchange_test_helper->process_message(exchange_test_helper, b, NULL); - assert_child_sa_state(b, 2, CHILD_REKEYING); + assert_child_sa_state(b, 2, CHILD_REKEYING, CHILD_OUTBOUND_INSTALLED); assert_child_sa_count(b, 1); assert_hook(); @@ -1038,14 +1366,14 @@ START_TEST(test_collision_ke_invalid_delayed_retry) exchange_test_helper->nonce_first_byte = data[_i].nonces[2]; assert_hook_rekey(child_rekey, 1, 9); exchange_test_helper->process_message(exchange_test_helper, a, NULL); - assert_child_sa_state(a, 1, CHILD_REKEYED); - assert_child_sa_state(a, 9, CHILD_INSTALLED); + assert_child_sa_state(a, 1, CHILD_REKEYED, CHILD_OUTBOUND_INSTALLED); + assert_child_sa_state(a, 9, CHILD_INSTALLED, CHILD_OUTBOUND_REGISTERED); assert_hook(); /* CREATE_CHILD_SA { SA, Nr, [KEr,] TSi, TSr } --> */ assert_hook_rekey(child_rekey, 2, 8); exchange_test_helper->process_message(exchange_test_helper, b, NULL); - assert_child_sa_state(b, 2, CHILD_DELETING); - assert_child_sa_state(b, 8, CHILD_INSTALLED); + assert_child_sa_state(b, 2, CHILD_DELETING, CHILD_OUTBOUND_INSTALLED); + assert_child_sa_state(b, 8, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED); assert_hook(); /* we don't expect this hook to get called anymore */ @@ -1054,25 +1382,40 @@ START_TEST(test_collision_ke_invalid_delayed_retry) /* CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } --> (delayed) */ assert_single_notify(OUT, TEMPORARY_FAILURE); exchange_test_helper->process_message(exchange_test_helper, b, msg); - assert_child_sa_state(b, 2, CHILD_DELETING); - assert_child_sa_state(b, 8, CHILD_INSTALLED); + assert_child_sa_state(b, 2, CHILD_DELETING, CHILD_OUTBOUND_INSTALLED); + assert_child_sa_state(b, 8, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED); /* <-- INFORMATIONAL { D } */ + assert_jobs_scheduled(1); exchange_test_helper->process_message(exchange_test_helper, a, NULL); - assert_child_sa_state(a, 9, CHILD_INSTALLED); - assert_child_sa_count(a, 1); + assert_child_sa_state(a, 1, CHILD_DELETING, CHILD_OUTBOUND_NONE); + assert_child_sa_state(a, 9, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED); + assert_child_sa_count(a, 2); + assert_scheduler(); /* <-- CREATE_CHILD_SA { N(TEMP_FAIL) } */ assert_no_jobs_scheduled(); exchange_test_helper->process_message(exchange_test_helper, a, NULL); - assert_child_sa_state(a, 9, CHILD_INSTALLED); - assert_child_sa_count(a, 1); + assert_child_sa_state(a, 1, CHILD_DELETING, CHILD_OUTBOUND_NONE); + assert_child_sa_state(a, 9, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED); + assert_child_sa_count(a, 2); assert_scheduler(); /* INFORMATIONAL { D } --> */ + assert_jobs_scheduled(1); exchange_test_helper->process_message(exchange_test_helper, b, NULL); - assert_child_sa_state(b, 8, CHILD_INSTALLED); + assert_child_sa_state(b, 2, CHILD_DELETING, CHILD_OUTBOUND_NONE); + assert_child_sa_state(b, 8, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED); + assert_child_sa_count(b, 2); + assert_scheduler(); + + /* simulate the execution of the scheduled jobs */ + destroy_rekeyed(a, 1); + assert_child_sa_count(a, 1); + assert_ipsec_sas_installed(a, 8, 9); + destroy_rekeyed(b, 2); assert_child_sa_count(b, 1); + assert_ipsec_sas_installed(b, 8, 9); /* child_rekey/child_updown */ assert_hook(); @@ -1114,7 +1457,7 @@ START_TEST(test_collision_delete) } initiate_rekey(a, spi_a); call_ikesa(b, delete_child_sa, PROTO_ESP, spi_b, FALSE); - assert_child_sa_state(b, spi_b, CHILD_DELETING); + assert_child_sa_state(b, spi_b, CHILD_DELETING, CHILD_OUTBOUND_INSTALLED); /* this should never get called as there is no successful rekeying on * either side */ @@ -1129,7 +1472,7 @@ START_TEST(test_collision_delete) assert_notify(IN, REKEY_SA); assert_single_notify(OUT, TEMPORARY_FAILURE); exchange_test_helper->process_message(exchange_test_helper, b, NULL); - assert_child_sa_state(b, spi_b, CHILD_DELETING); + assert_child_sa_state(b, spi_b, CHILD_DELETING, CHILD_OUTBOUND_INSTALLED); assert_hook(); /* RFC 7296, 2.25.1: If a peer receives a request to delete a CHILD_SA that @@ -1201,7 +1544,7 @@ START_TEST(test_collision_delete_drop_delete) } initiate_rekey(a, spi_a); call_ikesa(b, delete_child_sa, PROTO_ESP, spi_b, FALSE); - assert_child_sa_state(b, spi_b, CHILD_DELETING); + assert_child_sa_state(b, spi_b, CHILD_DELETING, CHILD_OUTBOUND_INSTALLED); /* this should never get called as there is no successful rekeying on * either side */ @@ -1216,7 +1559,7 @@ START_TEST(test_collision_delete_drop_delete) assert_notify(IN, REKEY_SA); assert_single_notify(OUT, TEMPORARY_FAILURE); exchange_test_helper->process_message(exchange_test_helper, b, NULL); - assert_child_sa_state(b, spi_b, CHILD_DELETING); + assert_child_sa_state(b, spi_b, CHILD_DELETING, CHILD_OUTBOUND_INSTALLED); assert_hook(); /* delay the DELETE request */ @@ -1227,7 +1570,7 @@ START_TEST(test_collision_delete_drop_delete) /* we expect a job to retry the rekeying is scheduled */ assert_jobs_scheduled(1); exchange_test_helper->process_message(exchange_test_helper, a, NULL); - assert_child_sa_state(a, spi_a, CHILD_INSTALLED); + assert_child_sa_state(a, spi_a, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED); assert_scheduler(); assert_hook(); @@ -1286,7 +1629,7 @@ END_TEST } initiate_rekey(a, spi_a); call_ikesa(b, delete_child_sa, PROTO_ESP, spi_b, FALSE); - assert_child_sa_state(b, spi_b, CHILD_DELETING); + assert_child_sa_state(b, spi_b, CHILD_DELETING, CHILD_OUTBOUND_INSTALLED); /* this should never get called as there is no successful rekeying on * either side */ @@ -1419,13 +1762,13 @@ START_TEST(test_collision_ike_rekey) /* <-- CREATE_CHILD_SA { SA, Ni, KEi } */ assert_single_notify(OUT, TEMPORARY_FAILURE); exchange_test_helper->process_message(exchange_test_helper, a, NULL); - assert_child_sa_state(a, spi_a, CHILD_REKEYING); + assert_child_sa_state(a, spi_a, CHILD_REKEYING, CHILD_OUTBOUND_INSTALLED); /* <-- CREATE_CHILD_SA { N(TEMP_FAIL) } */ /* we expect a job to retry the rekeying is scheduled */ assert_jobs_scheduled(1); exchange_test_helper->process_message(exchange_test_helper, a, NULL); - assert_child_sa_state(a, spi_a, CHILD_INSTALLED); + assert_child_sa_state(a, spi_a, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED); assert_scheduler(); /* CREATE_CHILD_SA { N(TEMP_FAIL) } --> */ diff --git a/src/libcharon/tests/utils/exchange_test_asserts.c b/src/libcharon/tests/utils/exchange_test_asserts.c index 2602b97b7..8042d0b63 100644 --- a/src/libcharon/tests/utils/exchange_test_asserts.c +++ b/src/libcharon/tests/utils/exchange_test_asserts.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2016 Tobias Brunner + * Copyright (C) 2016-2017 Tobias Brunner * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -18,6 +18,7 @@ #include #include "exchange_test_asserts.h" +#include "mock_ipsec.h" /* * Described in header @@ -180,3 +181,57 @@ bool exchange_test_asserts_message(listener_t *listener, ike_sa_t *ike_sa, } return TRUE; } + +/** + * Compare two SPIs + */ +static int spis_cmp(const void *a, const void *b) +{ + return *(const uint32_t*)a - *(const uint32_t*)b; +} + +/** + * Compare two SPIs to sort them + */ +static int spis_sort(const void *a, const void *b, void *data) +{ + return spis_cmp(a, b); +} + + +/* + * Described in header + */ +void exchange_test_asserts_ipsec_sas(ipsec_sas_assert_t *sas) +{ + enumerator_t *enumerator; + array_t *spis; + ike_sa_t *ike_sa; + uint32_t spi; + int i; + + spis = array_create(sizeof(uint32_t), 0); + for (i = 0; i < sas->count; i++) + { + array_insert(spis, ARRAY_TAIL, &sas->spis[i]); + } + array_sort(spis, spis_sort, NULL); + + enumerator = mock_ipsec_create_sa_enumerator(); + while (enumerator->enumerate(enumerator, &ike_sa, &spi)) + { + if (ike_sa == sas->ike_sa) + { + i = array_bsearch(spis, &spi, spis_cmp, NULL); + assert_listener_msg(i != -1, sas, "unexpected IPsec SA %.8x", spi); + array_remove(spis, i, NULL); + } + } + enumerator->destroy(enumerator); + for (i = 0; i < array_count(spis); i++) + { + array_get(spis, i, &spi); + assert_listener_msg(!spi, sas, "expected IPsec SA %.8x not found", spi); + } + array_destroy(spis); +} diff --git a/src/libcharon/tests/utils/exchange_test_asserts.h b/src/libcharon/tests/utils/exchange_test_asserts.h index 32afcc2e4..4d363edfd 100644 --- a/src/libcharon/tests/utils/exchange_test_asserts.h +++ b/src/libcharon/tests/utils/exchange_test_asserts.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2016 Tobias Brunner + * Copyright (C) 2016-2017 Tobias Brunner * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -14,7 +14,7 @@ */ /** - * Special assertions using listener_t. + * Special assertions using listener_t etc. * * @defgroup exchange_test_asserts exchange_test_asserts * @{ @ingroup test_utils_c @@ -28,6 +28,7 @@ typedef struct listener_hook_assert_t listener_hook_assert_t; typedef struct listener_message_assert_t listener_message_assert_t; typedef struct listener_message_rule_t listener_message_rule_t; +typedef struct ipsec_sas_assert_t ipsec_sas_assert_t; struct listener_hook_assert_t { @@ -340,4 +341,60 @@ bool exchange_test_asserts_message(listener_t *this, ike_sa_t *ike_sa, exchange_test_helper->add_listener(exchange_test_helper, &_listener.listener); \ }) +/** + * Data used to check IPsec SAs + */ +struct ipsec_sas_assert_t { + + /** + * Original source file + */ + const char *file; + + /** + * Source line + */ + int line; + + /** + * IKE_SA that installed the IPsec SAs + */ + ike_sa_t *ike_sa; + + /** + * SPIs to check + */ + uint32_t *spis; + + /** + * Number of SPIs for IPsec SAs to check + */ + int count; +}; + +/** + * Assert that all given IPsec SAs (and only these) are installed for the given + * IKE_SA. + */ +void exchange_test_asserts_ipsec_sas(ipsec_sas_assert_t *sas); + +/** + * Assert that the IPsec SAs with the given SPIs (and none other) are currently + * installed by the given IKE_SA. + * + * @param sa IKE_SA + * @param ... list of SPIs + */ +#define assert_ipsec_sas_installed(sa, ...) ({ \ + uint32_t _spis[] = { __VA_ARGS__ }; \ + ipsec_sas_assert_t _sas_assert = { \ + .file = __FILE__, \ + .line = __LINE__, \ + .ike_sa = sa, \ + .spis = _spis, \ + .count = countof(_spis), \ + }; \ + exchange_test_asserts_ipsec_sas(&_sas_assert); \ +}) + #endif /** EXCHANGE_TEST_ASSERTS_H_ @}*/ diff --git a/src/libcharon/tests/utils/mock_ipsec.c b/src/libcharon/tests/utils/mock_ipsec.c index d57a26a87..d6172f5bd 100644 --- a/src/libcharon/tests/utils/mock_ipsec.c +++ b/src/libcharon/tests/utils/mock_ipsec.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2016 Tobias Brunner + * Copyright (C) 2016-2017 Tobias Brunner * Copyright (C) 2008 Martin Willi * HSR Hochschule fuer Technik Rapperswil * @@ -16,6 +16,12 @@ #include "mock_ipsec.h" +#include +#include +#include + +#include + typedef struct private_kernel_ipsec_t private_kernel_ipsec_t; /** @@ -28,17 +34,81 @@ struct private_kernel_ipsec_t { */ kernel_ipsec_t public; + /** + * Rekey listener + */ + listener_t listener; + /** * Allocated SPI */ refcount_t spi; + + /** + * Installed SAs + */ + hashtable_t *sas; }; +/** + * Global instance + */ +static private_kernel_ipsec_t *instance; + +/** + * Data about installed IPsec SAs + */ +typedef struct { + /** + * SPI of the SA + */ + uint32_t spi; + + /** + * Associated IKE_SA + */ + ike_sa_t *ike_sa; + + /** + * TRUE if this was an allocated SPI + */ + bool alloc; + +} entry_t; + +/** + * Hash an IPsec SA entry + */ +static u_int entry_hash(const void *key) +{ + entry_t *entry = (entry_t*)key; + return chunk_hash_inc(chunk_from_thing(entry->spi), + chunk_hash(chunk_from_thing(entry->ike_sa))); +} + +/** + * Compare an IPsec SA entry + */ +static bool entry_equals(const void *key, const void *other_key) +{ + entry_t *a = (entry_t*)key, *b = (entry_t*)other_key; + return a->spi == b->spi && a->ike_sa == b->ike_sa; +} + METHOD(kernel_ipsec_t, get_spi, status_t, private_kernel_ipsec_t *this, host_t *src, host_t *dst, uint8_t protocol, uint32_t *spi) { + entry_t *entry; + *spi = (uint32_t)ref_get(&this->spi); + INIT(entry, + .spi = *spi, + .ike_sa = charon->bus->get_sa(charon->bus), + .alloc = TRUE, + ); + entry = this->sas->put(this->sas, entry, entry); + assert(!entry); return SUCCESS; } @@ -52,6 +122,23 @@ METHOD(kernel_ipsec_t, add_sa, status_t, private_kernel_ipsec_t *this, kernel_ipsec_sa_id_t *id, kernel_ipsec_add_sa_t *data) { + entry_t *entry; + + INIT(entry, + .spi = id->spi, + .ike_sa = charon->bus->get_sa(charon->bus), + ); + if (data->inbound) + { + entry = this->sas->put(this->sas, entry, entry); + assert(entry && entry->alloc); + free(entry); + } + else + { + entry = this->sas->put(this->sas, entry, entry); + assert(!entry); + } return SUCCESS; } @@ -74,9 +161,47 @@ METHOD(kernel_ipsec_t, del_sa, status_t, private_kernel_ipsec_t *this, kernel_ipsec_sa_id_t *id, kernel_ipsec_del_sa_t *data) { + entry_t *entry, lookup = { + .spi = id->spi, + .ike_sa = charon->bus->get_sa(charon->bus), + }; + + entry = this->sas->remove(this->sas, &lookup); + assert(entry); + free(entry); return SUCCESS; } +METHOD(listener_t, ike_rekey, bool, + listener_t *listener, ike_sa_t *old, ike_sa_t *new) +{ + enumerator_t *enumerator; + array_t *sas = NULL; + entry_t *entry; + + enumerator = instance->sas->create_enumerator(instance->sas); + while (enumerator->enumerate(enumerator, &entry, NULL)) + { + if (entry->ike_sa == old) + { + instance->sas->remove_at(instance->sas, enumerator); + array_insert_create(&sas, ARRAY_TAIL, entry); + } + } + enumerator->destroy(enumerator); + enumerator = array_create_enumerator(sas); + while (enumerator->enumerate(enumerator, &entry)) + { + array_remove_at(sas, enumerator); + entry->ike_sa = new; + entry = instance->sas->put(instance->sas, entry, entry); + assert(!entry); + } + enumerator->destroy(enumerator); + array_destroy(sas); + return TRUE; +} + METHOD(kernel_ipsec_t, add_policy, status_t, private_kernel_ipsec_t *this, kernel_ipsec_policy_id_t *id, kernel_ipsec_manage_policy_t *data) @@ -99,6 +224,14 @@ METHOD(kernel_ipsec_t, del_policy, status_t, return SUCCESS; } +METHOD(kernel_ipsec_t, destroy, void, + private_kernel_ipsec_t *this) +{ + charon->bus->remove_listener(charon->bus, &this->listener); + this->sas->destroy(this->sas); + free(this); +} + /* * Described in header */ @@ -121,8 +254,50 @@ kernel_ipsec_t *mock_ipsec_create() .flush_policies = (void*)return_failed, .bypass_socket = (void*)return_true, .enable_udp_decap = (void*)return_true, - .destroy = (void*)free, + .destroy = _destroy, + }, + .listener = { + .ike_rekey = _ike_rekey, }, + .sas = hashtable_create(entry_hash, entry_equals, 8), ); + + instance = this; + + charon->bus->add_listener(charon->bus, &this->listener); + return &this->public; } + + +CALLBACK(filter_sas, bool, + void *data, enumerator_t *orig, va_list args) +{ + entry_t *entry; + ike_sa_t **ike_sa; + uint32_t *spi; + + VA_ARGS_VGET(args, ike_sa, spi); + + while (orig->enumerate(orig, &entry, NULL)) + { + if (entry->alloc) + { + continue; + } + *ike_sa = entry->ike_sa; + *spi = entry->spi; + return TRUE; + } + return FALSE; +} + +/* + * Described in header + */ +enumerator_t *mock_ipsec_create_sa_enumerator() +{ + return enumerator_create_filter( + instance->sas->create_enumerator(instance->sas), + filter_sas, NULL, NULL); +} diff --git a/src/libcharon/tests/utils/mock_ipsec.h b/src/libcharon/tests/utils/mock_ipsec.h index cbf21524a..95038a561 100644 --- a/src/libcharon/tests/utils/mock_ipsec.h +++ b/src/libcharon/tests/utils/mock_ipsec.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2016 Tobias Brunner + * Copyright (C) 2016-2017 Tobias Brunner * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -15,7 +15,7 @@ /** * kernel_ipsec_t implementation used for exchange unit tests. Currently - * returns sequential SPIs, all other methods are noops. + * returns sequential SPIs, and keeps track of installed SAs. * * @defgroup mock_ipsec mock_ipsec * @{ @ingroup test_utils_c @@ -33,4 +33,11 @@ */ kernel_ipsec_t *mock_ipsec_create(); +/** + * Enumerate the installed SAs + * + * @return enumerator over (ike_sa_t*, uint32_t) + */ +enumerator_t *mock_ipsec_create_sa_enumerator(); + #endif /** MOCK_IPSEC_H_ @}*/ diff --git a/src/libcharon/tests/utils/sa_asserts.h b/src/libcharon/tests/utils/sa_asserts.h index 7afa3b55b..d23f724f1 100644 --- a/src/libcharon/tests/utils/sa_asserts.h +++ b/src/libcharon/tests/utils/sa_asserts.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2016 Tobias Brunner + * Copyright (C) 2016-2017 Tobias Brunner * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -81,14 +81,39 @@ _sa->get_child_count(_sa)); \ }) +/** + * Check if the CHILD_SA with the given SPI is in the expected state, optionally + * check the state of the outbound SA. + */ +#define assert_child_sa_state(...) VA_ARGS_DISPATCH(assert_child_sa_state, __VA_ARGS__)(__VA_ARGS__) + /** * Check if the CHILD_SA with the given SPI is in the expected state. */ -#define assert_child_sa_state(ike_sa, spi, state) \ +#define assert_child_sa_state3(ike_sa, spi, state) \ +({ \ + typeof(ike_sa) _sa = ike_sa; \ + typeof(spi) _spi = spi; \ + typeof(state) _state = state; \ + child_sa_t *_child = _sa->get_child_sa(_sa, PROTO_ESP, _spi, TRUE) ?: \ + _sa->get_child_sa(_sa, PROTO_ESP, _spi, FALSE); \ + test_assert_msg(_child, "CHILD_SA with SPI %.8x does not exist", \ + ntohl(_spi)); \ + test_assert_msg(_state == _child->get_state(_child), "%N != %N", \ + child_sa_state_names, _state, \ + child_sa_state_names, _child->get_state(_child)); \ +}) + +/** + * Check if the outbound SA of a CHILD_SA with the given SPI is in the + * expected state. + */ +#define assert_child_sa_state4(ike_sa, spi, state, outbound) \ ({ \ typeof(ike_sa) _sa = ike_sa; \ typeof(spi) _spi = spi; \ typeof(state) _state = state; \ + typeof(outbound) _outbound = outbound; \ child_sa_t *_child = _sa->get_child_sa(_sa, PROTO_ESP, _spi, TRUE) ?: \ _sa->get_child_sa(_sa, PROTO_ESP, _spi, FALSE); \ test_assert_msg(_child, "CHILD_SA with SPI %.8x does not exist", \ @@ -96,6 +121,9 @@ test_assert_msg(_state == _child->get_state(_child), "%N != %N", \ child_sa_state_names, _state, \ child_sa_state_names, _child->get_state(_child)); \ + test_assert_msg(_outbound == _child->get_outbound_state(_child), "%N != %N", \ + child_sa_outbound_state_names, _outbound, \ + child_sa_outbound_state_names, _child->get_outbound_state(_child)); \ }) /** diff --git a/src/libfast/Makefile.in b/src/libfast/Makefile.in index c3512b62c..8adf068e2 100644 --- a/src/libfast/Makefile.in +++ b/src/libfast/Makefile.in @@ -361,6 +361,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -383,6 +384,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ diff --git a/src/libimcv/Makefile.in b/src/libimcv/Makefile.in index b0b55fbdc..e361f20f6 100644 --- a/src/libimcv/Makefile.in +++ b/src/libimcv/Makefile.in @@ -530,6 +530,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -552,6 +553,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ diff --git a/src/libimcv/ietf/ietf_attr_installed_packages.c b/src/libimcv/ietf/ietf_attr_installed_packages.c index 7a870ac40..d8e5b3342 100644 --- a/src/libimcv/ietf/ietf_attr_installed_packages.c +++ b/src/libimcv/ietf/ietf_attr_installed_packages.c @@ -179,7 +179,7 @@ METHOD(pa_tnc_attr_t, process, status_t, u_char *pos; if (this->offset == 0) - { + { if (this->length < IETF_INSTALLED_PACKAGES_MIN_SIZE) { DBG1(DBG_TNC, "insufficient data for %N/%N", pen_names, PEN_IETF, @@ -291,15 +291,21 @@ METHOD(ietf_attr_installed_packages_t, add, void, this->packages->insert_last(this->packages, entry); } -/** - * Enumerate package filter entries - */ -static bool package_filter(void *null, package_entry_t **entry, chunk_t *name, - void *i2, chunk_t *version) +CALLBACK(package_filter, bool, + void *null, enumerator_t *orig, va_list args) { - *name = (*entry)->name; - *version = (*entry)->version; - return TRUE; + package_entry_t *entry; + chunk_t *name, *version; + + VA_ARGS_VGET(args, name, version); + + if (orig->enumerate(orig, &entry)) + { + *name = entry->name; + *version = entry->version; + return TRUE; + } + return FALSE; } METHOD(ietf_attr_installed_packages_t, create_enumerator, enumerator_t*, @@ -307,7 +313,7 @@ METHOD(ietf_attr_installed_packages_t, create_enumerator, enumerator_t*, { return enumerator_create_filter( this->packages->create_enumerator(this->packages), - (void*)package_filter, NULL, NULL); + package_filter, NULL, NULL); } METHOD(ietf_attr_installed_packages_t, get_count, uint16_t, diff --git a/src/libimcv/ietf/ietf_attr_op_status.c b/src/libimcv/ietf/ietf_attr_op_status.c index f04c89b96..1f813b3c6 100644 --- a/src/libimcv/ietf/ietf_attr_op_status.c +++ b/src/libimcv/ietf/ietf_attr_op_status.c @@ -170,6 +170,7 @@ METHOD(pa_tnc_attr_t, process, status_t, chunk_t last_use; uint16_t reserved; struct tm t; + char buf[BUF_LEN]; *offset = 0; @@ -208,7 +209,8 @@ METHOD(pa_tnc_attr_t, process, status_t, *offset = 4; /* Conversion from RFC 3339 ASCII string to time_t */ - if (sscanf(last_use.ptr, "%4d-%2d-%2dT%2d:%2d:%2dZ", &t.tm_year, &t.tm_mon, + snprintf(buf, sizeof(buf), "%.*s", (int)last_use.len, last_use.ptr); + if (sscanf(buf, "%4d-%2d-%2dT%2d:%2d:%2dZ", &t.tm_year, &t.tm_mon, &t.tm_mday, &t.tm_hour, &t.tm_min, &t.tm_sec) != 6) { DBG1(DBG_TNC, "invalid last_use time format in IETF operational status"); diff --git a/src/libimcv/ietf/ietf_attr_port_filter.c b/src/libimcv/ietf/ietf_attr_port_filter.c index 05920fdd8..2f7e4452c 100644 --- a/src/libimcv/ietf/ietf_attr_port_filter.c +++ b/src/libimcv/ietf/ietf_attr_port_filter.c @@ -213,24 +213,31 @@ METHOD(ietf_attr_port_filter_t, add_port, void, this->ports->insert_last(this->ports, entry); } -/** - * Enumerate port filter entries - */ -static bool port_filter(void *null, port_entry_t **entry, - bool *blocked, void *i2, uint8_t *protocol, void *i3, - uint16_t *port) +CALLBACK(port_filter, bool, + void *null, enumerator_t *orig, va_list args) { - *blocked = (*entry)->blocked; - *protocol = (*entry)->protocol; - *port = (*entry)->port; - return TRUE; + port_entry_t *entry; + uint16_t *port; + uint8_t *protocol; + bool *blocked; + + VA_ARGS_VGET(args, blocked, protocol, port); + + if (orig->enumerate(orig, &entry)) + { + *blocked = entry->blocked; + *protocol = entry->protocol; + *port = entry->port; + return TRUE; + } + return FALSE; } METHOD(ietf_attr_port_filter_t, create_port_enumerator, enumerator_t*, private_ietf_attr_port_filter_t *this) { return enumerator_create_filter(this->ports->create_enumerator(this->ports), - (void*)port_filter, NULL, NULL); + port_filter, NULL, NULL); } /** diff --git a/src/libimcv/imc/imc_os_info.c b/src/libimcv/imc/imc_os_info.c index 3315c209f..cc23bb250 100644 --- a/src/libimcv/imc/imc_os_info.c +++ b/src/libimcv/imc/imc_os_info.c @@ -283,23 +283,20 @@ typedef struct { } package_enumerator_t; -/** - * Implementation of package_enumerator.destroy. - */ -static void package_enumerator_destroy(package_enumerator_t *this) +METHOD(enumerator_t, package_enumerator_destroy, void, + package_enumerator_t *this) { pclose(this->file); free(this); } -/** - * Implementation of package_enumerator.enumerate - */ -static bool package_enumerator_enumerate(package_enumerator_t *this, ...) +METHOD(enumerator_t, package_enumerator_enumerate, bool, + package_enumerator_t *this, va_list args) { chunk_t *name, *version; u_char *pos; - va_list args; + + VA_ARGS_VGET(args, name, version); while (TRUE) { @@ -319,23 +316,16 @@ static bool package_enumerator_enumerate(package_enumerator_t *this, ...) { continue; } - va_start(args, this); - - name = va_arg(args, chunk_t*); name->ptr = pos; pos = strchr(pos, '\t'); if (!pos) { - va_end(args); return FALSE; } name->len = pos++ - name->ptr; - version = va_arg(args, chunk_t*); version->ptr = pos; version->len = strlen(pos) - 1; - - va_end(args); return TRUE; } } @@ -354,7 +344,7 @@ METHOD(imc_os_info_t, create_package_enumerator, enumerator_t*, return NULL; } - /* Open a pipe stream for reading the output of the dpkg-query commmand */ + /* Open a pipe stream for reading the output of the dpkg-query command */ file = popen(command, "r"); if (!file) { @@ -362,12 +352,14 @@ METHOD(imc_os_info_t, create_package_enumerator, enumerator_t*, return NULL; } - /* Create a package enumerator instance */ - enumerator = malloc_thing(package_enumerator_t); - enumerator->public.enumerate = (void*)package_enumerator_enumerate; - enumerator->public.destroy = (void*)package_enumerator_destroy; - enumerator->file = file; - + INIT(enumerator, + .public = { + .enumerate = enumerator_enumerate_default, + .venumerate = _package_enumerator_enumerate, + .destroy = _package_enumerator_destroy, + }, + .file = file, + ); return (enumerator_t*)enumerator; } diff --git a/src/libimcv/imv/imv_agent.c b/src/libimcv/imv/imv_agent.c index d0508624d..e96faa77e 100644 --- a/src/libimcv/imv/imv_agent.c +++ b/src/libimcv/imv/imv_agent.c @@ -626,22 +626,13 @@ typedef struct { } language_enumerator_t; -/** - * Implementation of language_enumerator.destroy. - */ -static void language_enumerator_destroy(language_enumerator_t *this) -{ - free(this); -} - -/** - * Implementation of language_enumerator.enumerate - */ -static bool language_enumerator_enumerate(language_enumerator_t *this, ...) +METHOD(enumerator_t, language_enumerator_enumerate, bool, + language_enumerator_t *this, va_list args) { char *pos, *cur_lang, **lang; TNC_UInt32 len; - va_list args; + + VA_ARGS_VGET(args, lang); if (!this->lang_len) { @@ -676,11 +667,7 @@ static bool language_enumerator_enumerate(language_enumerator_t *this, ...) } cur_lang[len] = '\0'; - va_start(args, this); - lang = va_arg(args, char**); *lang = cur_lang; - va_end(args); - return TRUE; } @@ -689,10 +676,13 @@ METHOD(imv_agent_t, create_language_enumerator, enumerator_t*, { language_enumerator_t *e; - /* Create a language enumerator instance */ - e = malloc_thing(language_enumerator_t); - e->public.enumerate = (void*)language_enumerator_enumerate; - e->public.destroy = (void*)language_enumerator_destroy; + INIT(e, + .public = { + .enumerate = enumerator_enumerate_default, + .venumerate = _language_enumerator_enumerate, + .destroy = (void*)free, + }, + ); if (!this->get_attribute || !this->get_attribute(this->id, state->get_connection_id(state), diff --git a/src/libimcv/ita/ita_attr_settings.c b/src/libimcv/ita/ita_attr_settings.c index c7c968a26..b0907789e 100644 --- a/src/libimcv/ita/ita_attr_settings.c +++ b/src/libimcv/ita/ita_attr_settings.c @@ -262,22 +262,29 @@ METHOD(ita_attr_settings_t, add, void, this->list->insert_last(this->list, entry); } -/** - * Enumerate name/value pairs - */ -static bool entry_filter(void *null, entry_t **entry, char **name, - void *i2, chunk_t *value) +CALLBACK(entry_filter, bool, + void *null, enumerator_t *orig, va_list args) { - *name = (*entry)->name; - *value = (*entry)->value; - return TRUE; + entry_t *entry; + chunk_t *value; + char **name; + + VA_ARGS_VGET(args, name, value); + + while (orig->enumerate(orig, &entry)) + { + *name = entry->name; + *value = entry->value; + return TRUE; + } + return FALSE; } METHOD(ita_attr_settings_t, create_enumerator, enumerator_t*, private_ita_attr_settings_t *this) { return enumerator_create_filter(this->list->create_enumerator(this->list), - (void*)entry_filter, NULL, NULL); + entry_filter, NULL, NULL); } /** diff --git a/src/libimcv/plugins/imc_attestation/Makefile.in b/src/libimcv/plugins/imc_attestation/Makefile.in index 0475cee50..d67050f0d 100644 --- a/src/libimcv/plugins/imc_attestation/Makefile.in +++ b/src/libimcv/plugins/imc_attestation/Makefile.in @@ -356,6 +356,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -378,6 +379,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ diff --git a/src/libimcv/plugins/imc_hcd/Makefile.in b/src/libimcv/plugins/imc_hcd/Makefile.in index e2f1dc5fb..981af3964 100644 --- a/src/libimcv/plugins/imc_hcd/Makefile.in +++ b/src/libimcv/plugins/imc_hcd/Makefile.in @@ -353,6 +353,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -375,6 +376,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ diff --git a/src/libimcv/plugins/imc_os/Makefile.in b/src/libimcv/plugins/imc_os/Makefile.in index 0fa0d196b..aa0c49aeb 100644 --- a/src/libimcv/plugins/imc_os/Makefile.in +++ b/src/libimcv/plugins/imc_os/Makefile.in @@ -353,6 +353,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -375,6 +376,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ diff --git a/src/libimcv/plugins/imc_scanner/Makefile.in b/src/libimcv/plugins/imc_scanner/Makefile.in index 1b776b2c1..63b43154c 100644 --- a/src/libimcv/plugins/imc_scanner/Makefile.in +++ b/src/libimcv/plugins/imc_scanner/Makefile.in @@ -354,6 +354,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -376,6 +377,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ diff --git a/src/libimcv/plugins/imc_scanner/imc_scanner.c b/src/libimcv/plugins/imc_scanner/imc_scanner.c index bf2479cf5..93ed4271b 100644 --- a/src/libimcv/plugins/imc_scanner/imc_scanner.c +++ b/src/libimcv/plugins/imc_scanner/imc_scanner.c @@ -116,7 +116,7 @@ static bool do_netstat(ietf_attr_port_filter_t *attr) const char loopback_v4[] = "127.0.0.1"; const char loopback_v6[] = "::1"; - /* Open a pipe stream for reading the output of the netstat commmand */ + /* Open a pipe stream for reading the output of the netstat command */ file = popen("/bin/netstat -n -l -p -4 -6 --inet", "r"); if (!file) { diff --git a/src/libimcv/plugins/imc_swid/Makefile.in b/src/libimcv/plugins/imc_swid/Makefile.in index 13d1924d4..02bc2bfef 100644 --- a/src/libimcv/plugins/imc_swid/Makefile.in +++ b/src/libimcv/plugins/imc_swid/Makefile.in @@ -356,6 +356,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -378,6 +379,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ diff --git a/src/libimcv/plugins/imc_test/Makefile.in b/src/libimcv/plugins/imc_test/Makefile.in index 7a4149e70..93c074853 100644 --- a/src/libimcv/plugins/imc_test/Makefile.in +++ b/src/libimcv/plugins/imc_test/Makefile.in @@ -353,6 +353,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -375,6 +376,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ diff --git a/src/libimcv/plugins/imc_test/imc_test_state.h b/src/libimcv/plugins/imc_test/imc_test_state.h index 5f9ee2537..365caff7c 100644 --- a/src/libimcv/plugins/imc_test/imc_test_state.h +++ b/src/libimcv/plugins/imc_test/imc_test_state.h @@ -42,14 +42,14 @@ struct imc_test_state_t { /** * get the command to send to IMV * - * @return commmand to send to IMV + * @return command to send to IMV */ char* (*get_command)(imc_test_state_t *this); /** * set the command to send to IMV * - * @param command commmand to send to IMV + * @param command command to send to IMV */ void (*set_command)(imc_test_state_t *this, char *command); diff --git a/src/libimcv/plugins/imv_attestation/Makefile.in b/src/libimcv/plugins/imv_attestation/Makefile.in index 9782757e0..02bd5f510 100644 --- a/src/libimcv/plugins/imv_attestation/Makefile.in +++ b/src/libimcv/plugins/imv_attestation/Makefile.in @@ -367,6 +367,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -389,6 +390,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ diff --git a/src/libimcv/plugins/imv_attestation/imv_attestation_state.c b/src/libimcv/plugins/imv_attestation/imv_attestation_state.c index 1c3b91aeb..d63940797 100644 --- a/src/libimcv/plugins/imv_attestation/imv_attestation_state.c +++ b/src/libimcv/plugins/imv_attestation/imv_attestation_state.c @@ -418,24 +418,24 @@ METHOD(imv_attestation_state_t, create_component, pts_component_t*, } } -/** - * Enumerate file measurement entries - */ -static bool entry_filter(void *null, func_comp_t **entry, uint8_t *flags, - void *i2, uint32_t *depth, - void *i3, pts_comp_func_name_t **comp_name) +CALLBACK(entry_filter, bool, + void *null, enumerator_t *orig, va_list args) { - pts_component_t *comp; - pts_comp_func_name_t *name; - - comp = (*entry)->comp; - name = (*entry)->name; + func_comp_t *entry; + pts_comp_func_name_t **comp_name; + uint32_t *depth; + uint8_t *flags; - *flags = comp->get_evidence_flags(comp); - *depth = comp->get_depth(comp); - *comp_name = name; + VA_ARGS_VGET(args, flags, depth, comp_name); - return TRUE; + if (orig->enumerate(orig, &entry)) + { + *flags = entry->comp->get_evidence_flags(entry->comp); + *depth = entry->comp->get_depth(entry->comp); + *comp_name = entry->name; + return TRUE; + } + return FALSE; } METHOD(imv_attestation_state_t, create_component_enumerator, enumerator_t*, @@ -443,7 +443,7 @@ METHOD(imv_attestation_state_t, create_component_enumerator, enumerator_t*, { return enumerator_create_filter( this->components->create_enumerator(this->components), - (void*)entry_filter, NULL, NULL); + entry_filter, NULL, NULL); } METHOD(imv_attestation_state_t, get_component, pts_component_t*, diff --git a/src/libimcv/plugins/imv_hcd/Makefile.in b/src/libimcv/plugins/imv_hcd/Makefile.in index 62bd827f9..b19cb4a41 100644 --- a/src/libimcv/plugins/imv_hcd/Makefile.in +++ b/src/libimcv/plugins/imv_hcd/Makefile.in @@ -353,6 +353,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -375,6 +376,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ diff --git a/src/libimcv/plugins/imv_os/Makefile.in b/src/libimcv/plugins/imv_os/Makefile.in index efefdc87b..f2804f3fc 100644 --- a/src/libimcv/plugins/imv_os/Makefile.in +++ b/src/libimcv/plugins/imv_os/Makefile.in @@ -361,6 +361,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -383,6 +384,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ diff --git a/src/libimcv/plugins/imv_scanner/Makefile.in b/src/libimcv/plugins/imv_scanner/Makefile.in index 535e28f1b..6cc107edb 100644 --- a/src/libimcv/plugins/imv_scanner/Makefile.in +++ b/src/libimcv/plugins/imv_scanner/Makefile.in @@ -355,6 +355,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -377,6 +378,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ diff --git a/src/libimcv/plugins/imv_swid/Makefile.in b/src/libimcv/plugins/imv_swid/Makefile.in index 1150f12f9..3560752ed 100644 --- a/src/libimcv/plugins/imv_swid/Makefile.in +++ b/src/libimcv/plugins/imv_swid/Makefile.in @@ -356,6 +356,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -378,6 +379,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ diff --git a/src/libimcv/plugins/imv_swid/imv_swid_rest.c b/src/libimcv/plugins/imv_swid/imv_swid_rest.c index 143b0b239..0fe96edef 100644 --- a/src/libimcv/plugins/imv_swid/imv_swid_rest.c +++ b/src/libimcv/plugins/imv_swid/imv_swid_rest.c @@ -70,27 +70,29 @@ METHOD(imv_swid_rest_t, post, status_t, FETCH_END); free(uri); - if (status == SUCCESS) + if (status != SUCCESS) { - return SUCCESS; - } - - if (code != HTTP_STATUS_CODE_PRECONDITION_FAILED || !response.ptr) - { - DBG2(DBG_IMV, "REST http request failed with status code: %d", code); - return FAILED; - } - - if (jresponse) - { - /* Parse HTTP response into a JSON object */ - tokener = json_tokener_new(); - *jresponse = json_tokener_parse_ex(tokener, response.ptr, response.len); - json_tokener_free(tokener); + if (code != HTTP_STATUS_CODE_PRECONDITION_FAILED || !response.ptr) + { + DBG2(DBG_IMV, "REST http request failed with status code: %d", code); + status = FAILED; + } + else + { + if (jresponse) + { + /* Parse HTTP response into a JSON object */ + tokener = json_tokener_new(); + *jresponse = json_tokener_parse_ex(tokener, response.ptr, + response.len); + json_tokener_free(tokener); + } + status = NEED_MORE; + } } free(response.ptr); - return NEED_MORE; + return status; } METHOD(imv_swid_rest_t, destroy, void, diff --git a/src/libimcv/plugins/imv_test/Makefile.in b/src/libimcv/plugins/imv_test/Makefile.in index 055d6fdce..9aebfef67 100644 --- a/src/libimcv/plugins/imv_test/Makefile.in +++ b/src/libimcv/plugins/imv_test/Makefile.in @@ -354,6 +354,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -376,6 +377,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ diff --git a/src/libimcv/plugins/imv_test/imv_test_agent.c b/src/libimcv/plugins/imv_test/imv_test_agent.c index 5e4b4866a..fc14359d5 100644 --- a/src/libimcv/plugins/imv_test/imv_test_agent.c +++ b/src/libimcv/plugins/imv_test/imv_test_agent.c @@ -188,6 +188,8 @@ static TNC_Result receive_msg(private_imv_test_agent_t *this, imv_state_t *state if (retry) { test_state->set_rounds(test_state, rounds); + out_msg->destroy(out_msg); + return this->agent->request_handshake_retry( this->agent->get_id(this->agent), state->get_connection_id(state), diff --git a/src/libimcv/pts/pts_file_meas.c b/src/libimcv/pts/pts_file_meas.c index 6cfb86cb3..92f513a2d 100644 --- a/src/libimcv/pts/pts_file_meas.c +++ b/src/libimcv/pts/pts_file_meas.c @@ -94,22 +94,29 @@ METHOD(pts_file_meas_t, add, void, this->list->insert_last(this->list, entry); } -/** - * Enumerate file measurement entries - */ -static bool entry_filter(void *null, entry_t **entry, char **filename, - void *i2, chunk_t *measurement) +CALLBACK(entry_filter, bool, + void *null, enumerator_t *orig, va_list args) { - *filename = (*entry)->filename; - *measurement = (*entry)->measurement; - return TRUE; + entry_t *entry; + chunk_t *measurement; + char **filename; + + VA_ARGS_VGET(args, filename, measurement); + + if (orig->enumerate(orig, &entry)) + { + *filename = entry->filename; + *measurement = entry->measurement; + return TRUE; + } + return FALSE; } METHOD(pts_file_meas_t, create_enumerator, enumerator_t*, private_pts_file_meas_t *this) { return enumerator_create_filter(this->list->create_enumerator(this->list), - (void*)entry_filter, NULL, NULL); + entry_filter, NULL, NULL); } METHOD(pts_file_meas_t, check, bool, diff --git a/src/libimcv/pts/pts_pcr.c b/src/libimcv/pts/pts_pcr.c index d514532c5..9f098c08e 100644 --- a/src/libimcv/pts/pts_pcr.c +++ b/src/libimcv/pts/pts_pcr.c @@ -111,17 +111,12 @@ typedef struct { private_pts_pcr_t *pcrs; } pcr_enumerator_t; -/** - * Implementation of enumerator.enumerate - */ -static bool pcr_enumerator_enumerate(pcr_enumerator_t *this, ...) +METHOD(enumerator_t, pcr_enumerator_enumerate, bool, + pcr_enumerator_t *this, va_list args) { - uint32_t *pcr, i, f; - va_list args; + uint32_t i, f, *pcr; - va_start(args, this); - pcr = va_arg(args, uint32_t*); - va_end(args); + VA_ARGS_VGET(args, pcr); while (this->pcr <= this->pcrs->pcr_max) { @@ -148,7 +143,8 @@ METHOD(pts_pcr_t, create_enumerator, enumerator_t*, INIT(enumerator, .public = { - .enumerate = (void*)pcr_enumerator_enumerate, + .enumerate = enumerator_enumerate_default, + .venumerate = _pcr_enumerator_enumerate, .destroy = (void*)free, }, .pcrs = this, diff --git a/src/libimcv/tcg/pts/tcg_pts_attr_req_func_comp_evid.c b/src/libimcv/tcg/pts/tcg_pts_attr_req_func_comp_evid.c index da21003e3..0d8486756 100644 --- a/src/libimcv/tcg/pts/tcg_pts_attr_req_func_comp_evid.c +++ b/src/libimcv/tcg/pts/tcg_pts_attr_req_func_comp_evid.c @@ -115,18 +115,24 @@ struct entry_t { pts_comp_func_name_t *name; }; -/** - * Enumerate functional component entries - */ -static bool entry_filter(void *null, entry_t **entry, uint8_t *flags, - void *i2, uint32_t *depth, void *i3, - pts_comp_func_name_t **name) +CALLBACK(entry_filter, bool, + void *null, enumerator_t *orig, va_list args) { - *flags = (*entry)->flags; - *depth = (*entry)->depth; - *name = (*entry)->name; + entry_t *entry; + pts_comp_func_name_t **name; + uint32_t *depth; + uint8_t *flags; - return TRUE; + VA_ARGS_VGET(args, flags, depth, name); + + if (orig->enumerate(orig, &entry)) + { + *flags = entry->flags; + *depth = entry->depth; + *name = entry->name; + return TRUE; + } + return FALSE; } /** @@ -318,7 +324,7 @@ METHOD(tcg_pts_attr_req_func_comp_evid_t, create_enumerator, enumerator_t*, private_tcg_pts_attr_req_func_comp_evid_t *this) { return enumerator_create_filter(this->list->create_enumerator(this->list), - (void*)entry_filter, NULL, NULL); + entry_filter, NULL, NULL); } /** diff --git a/src/libimcv/tcg/pts/tcg_pts_attr_simple_comp_evid.c b/src/libimcv/tcg/pts/tcg_pts_attr_simple_comp_evid.c index c249ca151..9438fa062 100644 --- a/src/libimcv/tcg/pts/tcg_pts_attr_simple_comp_evid.c +++ b/src/libimcv/tcg/pts/tcg_pts_attr_simple_comp_evid.c @@ -263,13 +263,15 @@ bool measurement_time_from_utc(time_t *measurement_time, chunk_t utc_time) { int tm_year, tm_mon, tm_day, tm_days, tm_hour, tm_min, tm_sec, tm_secs; int tm_leap_4, tm_leap_100, tm_leap_400, tm_leap; + char buf[BUF_LEN]; if (memeq(utc_undefined_time_str, utc_time.ptr, utc_time.len)) { *measurement_time = 0; return TRUE; } - if (sscanf(utc_time.ptr, "%4d-%2d-%2dT%2d:%2d:%2dZ", + snprintf(buf, sizeof(buf), "%.*s", (int)utc_time.len, utc_time.ptr); + if (sscanf(buf, "%4d-%2d-%2dT%2d:%2d:%2dZ", &tm_year, &tm_mon, &tm_day, &tm_hour, &tm_min, &tm_sec) != 6) { return FALSE; diff --git a/src/libipsec/Makefile.in b/src/libipsec/Makefile.in index 7d514fd6e..55d1d58b5 100644 --- a/src/libipsec/Makefile.in +++ b/src/libipsec/Makefile.in @@ -398,6 +398,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -420,6 +421,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ diff --git a/src/libipsec/ipsec_sa_mgr.c b/src/libipsec/ipsec_sa_mgr.c index a1fa23e28..957d930f2 100644 --- a/src/libipsec/ipsec_sa_mgr.c +++ b/src/libipsec/ipsec_sa_mgr.c @@ -224,42 +224,60 @@ static void flush_entries(private_ipsec_sa_mgr_t *this) enumerator->destroy(enumerator); } -/* - * Different match functions to find SAs in the linked list - */ -static bool match_entry_by_ptr(ipsec_sa_entry_t *item, ipsec_sa_entry_t *entry) +CALLBACK(match_entry_by_sa_ptr, bool, + ipsec_sa_entry_t *item, va_list args) { - return item == entry; -} + ipsec_sa_t *sa; -static bool match_entry_by_sa_ptr(ipsec_sa_entry_t *item, ipsec_sa_t *sa) -{ + VA_ARGS_VGET(args, sa); return item->sa == sa; } -static bool match_entry_by_spi_inbound(ipsec_sa_entry_t *item, uint32_t *spi, - bool *inbound) +CALLBACK(match_entry_by_spi_inbound, bool, + ipsec_sa_entry_t *item, va_list args) { - return item->sa->get_spi(item->sa) == *spi && - item->sa->is_inbound(item->sa) == *inbound; + uint32_t spi; + int inbound; + + VA_ARGS_VGET(args, spi, inbound); + return item->sa->get_spi(item->sa) == spi && + item->sa->is_inbound(item->sa) == inbound; } -static bool match_entry_by_spi_src_dst(ipsec_sa_entry_t *item, uint32_t *spi, +static bool match_entry_by_spi_src_dst(ipsec_sa_entry_t *item, uint32_t spi, host_t *src, host_t *dst) { - return item->sa->match_by_spi_src_dst(item->sa, *spi, src, dst); + return item->sa->match_by_spi_src_dst(item->sa, spi, src, dst); } -static bool match_entry_by_reqid_inbound(ipsec_sa_entry_t *item, - uint32_t *reqid, bool *inbound) +CALLBACK(match_entry_by_spi_src_dst_cb, bool, + ipsec_sa_entry_t *item, va_list args) { - return item->sa->match_by_reqid(item->sa, *reqid, *inbound); + host_t *src, *dst; + uint32_t spi; + + VA_ARGS_VGET(args, spi, src, dst); + return match_entry_by_spi_src_dst(item, spi, src, dst); +} + +CALLBACK(match_entry_by_reqid_inbound, bool, + ipsec_sa_entry_t *item, va_list args) +{ + uint32_t reqid; + int inbound; + + VA_ARGS_VGET(args, reqid, inbound); + return item->sa->match_by_reqid(item->sa, reqid, inbound); } -static bool match_entry_by_spi_dst(ipsec_sa_entry_t *item, uint32_t *spi, - host_t *dst) +CALLBACK(match_entry_by_spi_dst, bool, + ipsec_sa_entry_t *item, va_list args) { - return item->sa->match_by_spi_dst(item->sa, *spi, dst); + host_t *dst; + uint32_t spi; + + VA_ARGS_VGET(args, spi, dst); + return item->sa->match_by_spi_dst(item->sa, spi, dst); } /** @@ -296,8 +314,7 @@ static job_requeue_t sa_expired(ipsec_sa_expired_t *expired) private_ipsec_sa_mgr_t *this = expired->manager; this->mutex->lock(this->mutex); - if (this->sas->find_first(this->sas, (void*)match_entry_by_ptr, - NULL, expired->entry) == SUCCESS) + if (this->sas->find_first(this->sas, NULL, (void**)&expired->entry)) { uint32_t hard_offset; @@ -383,8 +400,8 @@ static bool allocate_spi(private_ipsec_sa_mgr_t *this, uint32_t spi) uint32_t *spi_alloc; if (this->allocated_spis->get(this->allocated_spis, &spi) || - this->sas->find_first(this->sas, (void*)match_entry_by_spi_inbound, - NULL, &spi, TRUE) == SUCCESS) + this->sas->find_first(this->sas, match_entry_by_spi_inbound, + NULL, spi, TRUE)) { return FALSE; } @@ -484,8 +501,8 @@ METHOD(ipsec_sa_mgr_t, add_sa, status_t, free(spi_alloc); } - if (this->sas->find_first(this->sas, (void*)match_entry_by_spi_src_dst, - NULL, &spi, src, dst) == SUCCESS) + if (this->sas->find_first(this->sas, match_entry_by_spi_src_dst_cb, NULL, + spi, src, dst)) { this->mutex->unlock(this->mutex); DBG1(DBG_ESP, "failed to install SAD entry: already installed"); @@ -519,8 +536,8 @@ METHOD(ipsec_sa_mgr_t, update_sa, status_t, } this->mutex->lock(this->mutex); - if (this->sas->find_first(this->sas, (void*)match_entry_by_spi_src_dst, - (void**)&entry, &spi, src, dst) == SUCCESS && + if (this->sas->find_first(this->sas, match_entry_by_spi_src_dst_cb, + (void**)&entry, spi, src, dst) && wait_for_entry(this, entry)) { entry->sa->set_source(entry->sa, new_src); @@ -547,8 +564,8 @@ METHOD(ipsec_sa_mgr_t, query_sa, status_t, ipsec_sa_entry_t *entry = NULL; this->mutex->lock(this->mutex); - if (this->sas->find_first(this->sas, (void*)match_entry_by_spi_src_dst, - (void**)&entry, &spi, src, dst) == SUCCESS && + if (this->sas->find_first(this->sas, match_entry_by_spi_src_dst_cb, + (void**)&entry, spi, src, dst) && wait_for_entry(this, entry)) { entry->sa->get_usestats(entry->sa, bytes, packets, time); @@ -572,7 +589,7 @@ METHOD(ipsec_sa_mgr_t, del_sa, status_t, enumerator = this->sas->create_enumerator(this->sas); while (enumerator->enumerate(enumerator, (void**)¤t)) { - if (match_entry_by_spi_src_dst(current, &spi, src, dst)) + if (match_entry_by_spi_src_dst(current, spi, src, dst)) { if (wait_remove_entry(this, current)) { @@ -602,8 +619,8 @@ METHOD(ipsec_sa_mgr_t, checkout_by_reqid, ipsec_sa_t*, ipsec_sa_t *sa = NULL; this->mutex->lock(this->mutex); - if (this->sas->find_first(this->sas, (void*)match_entry_by_reqid_inbound, - (void**)&entry, &reqid, &inbound) == SUCCESS && + if (this->sas->find_first(this->sas, match_entry_by_reqid_inbound, + (void**)&entry, reqid, inbound) && wait_for_entry(this, entry)) { sa = entry->sa; @@ -619,8 +636,8 @@ METHOD(ipsec_sa_mgr_t, checkout_by_spi, ipsec_sa_t*, ipsec_sa_t *sa = NULL; this->mutex->lock(this->mutex); - if (this->sas->find_first(this->sas, (void*)match_entry_by_spi_dst, - (void**)&entry, &spi, dst) == SUCCESS && + if (this->sas->find_first(this->sas, match_entry_by_spi_dst, + (void**)&entry, spi, dst) && wait_for_entry(this, entry)) { sa = entry->sa; @@ -635,8 +652,8 @@ METHOD(ipsec_sa_mgr_t, checkin, void, ipsec_sa_entry_t *entry; this->mutex->lock(this->mutex); - if (this->sas->find_first(this->sas, (void*)match_entry_by_sa_ptr, - (void**)&entry, sa) == SUCCESS) + if (this->sas->find_first(this->sas, match_entry_by_sa_ptr, + (void**)&entry, sa)) { if (entry->locked) { diff --git a/src/libipsec/tests/Makefile.in b/src/libipsec/tests/Makefile.in index e81d6fc9f..b1fdea499 100644 --- a/src/libipsec/tests/Makefile.in +++ b/src/libipsec/tests/Makefile.in @@ -351,6 +351,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -373,6 +374,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ diff --git a/src/libpttls/Makefile.in b/src/libpttls/Makefile.in index fd3e76391..803d68722 100644 --- a/src/libpttls/Makefile.in +++ b/src/libpttls/Makefile.in @@ -356,6 +356,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -378,6 +379,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ diff --git a/src/libpttls/sasl/sasl_mechanism.c b/src/libpttls/sasl/sasl_mechanism.c index 05a02e56d..4e54de314 100644 --- a/src/libpttls/sasl/sasl_mechanism.c +++ b/src/libpttls/sasl/sasl_mechanism.c @@ -59,8 +59,11 @@ typedef struct { } mech_enumerator_t; METHOD(enumerator_t, mech_enumerate, bool, - mech_enumerator_t *this, char **name) + mech_enumerator_t *this, va_list args) { + char **name; + + VA_ARGS_VGET(args, name); while (this->i < countof(mechs)) { if (mechs[this->i].server == this->server) @@ -83,7 +86,8 @@ enumerator_t* sasl_mechanism_create_enumerator(bool server) INIT(enumerator, .public = { - .enumerate = (void*)_mech_enumerate, + .enumerate = enumerator_enumerate_default, + .venumerate = _mech_enumerate, .destroy = (void*)free, }, .server = server, diff --git a/src/libradius/Makefile.in b/src/libradius/Makefile.in index 8f91275c7..9e7b7372b 100644 --- a/src/libradius/Makefile.in +++ b/src/libradius/Makefile.in @@ -351,6 +351,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -373,6 +374,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ diff --git a/src/libradius/radius_message.c b/src/libradius/radius_message.c index 9705d3b53..51135fbea 100644 --- a/src/libradius/radius_message.c +++ b/src/libradius/radius_message.c @@ -244,8 +244,12 @@ typedef struct { } attribute_enumerator_t; METHOD(enumerator_t, attribute_enumerate, bool, - attribute_enumerator_t *this, int *type, chunk_t *data) + attribute_enumerator_t *this, va_list args) { + chunk_t *data; + int *type; + + VA_ARGS_VGET(args, type, data); if (this->left == 0) { return FALSE; @@ -275,7 +279,8 @@ METHOD(radius_message_t, create_enumerator, enumerator_t*, } INIT(e, .public = { - .enumerate = (void*)_attribute_enumerate, + .enumerate = enumerator_enumerate_default, + .venumerate = _attribute_enumerate, .destroy = (void*)free, }, .next = (rattr_t*)this->msg->attributes, @@ -299,12 +304,14 @@ typedef struct { } vendor_enumerator_t; METHOD(enumerator_t, vendor_enumerate, bool, - vendor_enumerator_t *this, int *vendor, int *type, chunk_t *data) + vendor_enumerator_t *this, va_list args) { - chunk_t inner_data; - int inner_type; + chunk_t inner_data, *data; + int inner_type, *vendor, *type; uint8_t type8, len; + VA_ARGS_VGET(args, vendor, type, data); + while (TRUE) { if (this->reader) @@ -354,7 +361,8 @@ METHOD(radius_message_t, create_vendor_enumerator, enumerator_t*, INIT(e, .public = { - .enumerate = (void*)_vendor_enumerate, + .enumerate = enumerator_enumerate_default, + .venumerate = _vendor_enumerate, .destroy = _vendor_destroy, }, .inner = create_enumerator(this), diff --git a/src/libsimaka/Makefile.in b/src/libsimaka/Makefile.in index 6af66e324..6ecbaecaa 100644 --- a/src/libsimaka/Makefile.in +++ b/src/libsimaka/Makefile.in @@ -354,6 +354,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -376,6 +377,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ diff --git a/src/libsimaka/simaka_message.c b/src/libsimaka/simaka_message.c index 234d7ef2a..6827c1795 100644 --- a/src/libsimaka/simaka_message.c +++ b/src/libsimaka/simaka_message.c @@ -222,17 +222,22 @@ METHOD(simaka_message_t, get_type, eap_type_t, return this->hdr->type; } -/** - * convert attr_t to type and data enumeration - */ -static bool attr_enum_filter(void *null, attr_t **in, simaka_attribute_t *type, - void *dummy, chunk_t *data) +CALLBACK(attr_enum_filter, bool, + void *null, enumerator_t *orig, va_list args) { - attr_t *attr = *in; + attr_t *attr; + simaka_attribute_t *type; + chunk_t *data; - *type = attr->type; - *data = chunk_create(attr->data, attr->len); - return TRUE; + VA_ARGS_VGET(args, type, data); + + if (orig->enumerate(orig, &attr)) + { + *type = attr->type; + *data = chunk_create(attr->data, attr->len); + return TRUE; + } + return FALSE; } METHOD(simaka_message_t, create_attribute_enumerator, enumerator_t*, @@ -240,7 +245,7 @@ METHOD(simaka_message_t, create_attribute_enumerator, enumerator_t*, { return enumerator_create_filter( this->attributes->create_enumerator(this->attributes), - (void*)attr_enum_filter, NULL, NULL); + attr_enum_filter, NULL, NULL); } METHOD(simaka_message_t, add_attribute, void, diff --git a/src/libstrongswan/Makefile.am b/src/libstrongswan/Makefile.am index f6d6f5465..b4d8452f1 100644 --- a/src/libstrongswan/Makefile.am +++ b/src/libstrongswan/Makefile.am @@ -195,6 +195,7 @@ endif EXTRA_DIST = \ asn1/oid.txt asn1/oid.pl \ crypto/proposal/proposal_keywords_static.txt \ +plugins/plugin_constructors.py \ Android.mk BUILT_SOURCES = \ @@ -220,6 +221,15 @@ $(srcdir)/crypto/proposal/proposal_keywords_static.c: $(srcdir)/crypto/proposal/ $(GPERF) -N proposal_get_token_static -m 10 -C -G -c -t -D < \ $(srcdir)/crypto/proposal/proposal_keywords_static.txt > $@ +if STATIC_PLUGIN_CONSTRUCTORS +BUILT_SOURCES += $(srcdir)/plugin_constructors.c +CLEANFILES = $(srcdir)/plugin_constructors.c + +$(srcdir)/plugin_constructors.c: $(srcdir)/plugins/plugin_constructors.py + $(AM_V_GEN) \ + $(PYTHON) $(srcdir)/plugins/plugin_constructors.py ${s_plugins} > $@ +endif + if MONOLITHIC SUBDIRS = else diff --git a/src/libstrongswan/Makefile.in b/src/libstrongswan/Makefile.in index 99bb1158c..9b1c26b35 100644 --- a/src/libstrongswan/Makefile.in +++ b/src/libstrongswan/Makefile.in @@ -123,128 +123,129 @@ host_triplet = @host@ @USE_BUILTIN_PRINTF_TRUE@am__append_15 = -lm @USE_BUILTIN_PRINTF_FALSE@@USE_VSTR_FALSE@am__append_16 = utils/printf_hook/printf_hook_glibc.c @USE_LIBCAP_TRUE@am__append_17 = -lcap +@STATIC_PLUGIN_CONSTRUCTORS_TRUE@am__append_18 = $(srcdir)/plugin_constructors.c # build libnttfft used by some plugins ###################################### -@USE_LIBNTTFFT_TRUE@am__append_18 = math/libnttfft +@USE_LIBNTTFFT_TRUE@am__append_19 = math/libnttfft # build plugins with their own Makefile ####################################### -@USE_AF_ALG_TRUE@am__append_19 = plugins/af_alg -@MONOLITHIC_TRUE@@USE_AF_ALG_TRUE@am__append_20 = plugins/af_alg/libstrongswan-af-alg.la -@USE_AES_TRUE@am__append_21 = plugins/aes -@MONOLITHIC_TRUE@@USE_AES_TRUE@am__append_22 = plugins/aes/libstrongswan-aes.la -@USE_DES_TRUE@am__append_23 = plugins/des -@MONOLITHIC_TRUE@@USE_DES_TRUE@am__append_24 = plugins/des/libstrongswan-des.la -@USE_BLOWFISH_TRUE@am__append_25 = plugins/blowfish -@MONOLITHIC_TRUE@@USE_BLOWFISH_TRUE@am__append_26 = plugins/blowfish/libstrongswan-blowfish.la -@USE_RC2_TRUE@am__append_27 = plugins/rc2 -@MONOLITHIC_TRUE@@USE_RC2_TRUE@am__append_28 = plugins/rc2/libstrongswan-rc2.la -@USE_MD4_TRUE@am__append_29 = plugins/md4 -@MONOLITHIC_TRUE@@USE_MD4_TRUE@am__append_30 = plugins/md4/libstrongswan-md4.la -@USE_MD5_TRUE@am__append_31 = plugins/md5 -@MONOLITHIC_TRUE@@USE_MD5_TRUE@am__append_32 = plugins/md5/libstrongswan-md5.la -@USE_SHA1_TRUE@am__append_33 = plugins/sha1 -@MONOLITHIC_TRUE@@USE_SHA1_TRUE@am__append_34 = plugins/sha1/libstrongswan-sha1.la -@USE_SHA2_TRUE@am__append_35 = plugins/sha2 -@MONOLITHIC_TRUE@@USE_SHA2_TRUE@am__append_36 = plugins/sha2/libstrongswan-sha2.la -@USE_SHA3_TRUE@am__append_37 = plugins/sha3 -@MONOLITHIC_TRUE@@USE_SHA3_TRUE@am__append_38 = plugins/sha3/libstrongswan-sha3.la -@USE_GMP_TRUE@am__append_39 = plugins/gmp -@MONOLITHIC_TRUE@@USE_GMP_TRUE@am__append_40 = plugins/gmp/libstrongswan-gmp.la -@USE_CURVE25519_TRUE@am__append_41 = plugins/curve25519 -@MONOLITHIC_TRUE@@USE_CURVE25519_TRUE@am__append_42 = plugins/curve25519/libstrongswan-curve25519.la -@USE_RDRAND_TRUE@am__append_43 = plugins/rdrand -@MONOLITHIC_TRUE@@USE_RDRAND_TRUE@am__append_44 = plugins/rdrand/libstrongswan-rdrand.la -@USE_AESNI_TRUE@am__append_45 = plugins/aesni -@MONOLITHIC_TRUE@@USE_AESNI_TRUE@am__append_46 = plugins/aesni/libstrongswan-aesni.la -@USE_RANDOM_TRUE@am__append_47 = plugins/random -@MONOLITHIC_TRUE@@USE_RANDOM_TRUE@am__append_48 = plugins/random/libstrongswan-random.la -@USE_NONCE_TRUE@am__append_49 = plugins/nonce -@MONOLITHIC_TRUE@@USE_NONCE_TRUE@am__append_50 = plugins/nonce/libstrongswan-nonce.la -@USE_HMAC_TRUE@am__append_51 = plugins/hmac -@MONOLITHIC_TRUE@@USE_HMAC_TRUE@am__append_52 = plugins/hmac/libstrongswan-hmac.la -@USE_CMAC_TRUE@am__append_53 = plugins/cmac -@MONOLITHIC_TRUE@@USE_CMAC_TRUE@am__append_54 = plugins/cmac/libstrongswan-cmac.la -@USE_XCBC_TRUE@am__append_55 = plugins/xcbc -@MONOLITHIC_TRUE@@USE_XCBC_TRUE@am__append_56 = plugins/xcbc/libstrongswan-xcbc.la -@USE_X509_TRUE@am__append_57 = plugins/x509 -@MONOLITHIC_TRUE@@USE_X509_TRUE@am__append_58 = plugins/x509/libstrongswan-x509.la -@USE_REVOCATION_TRUE@am__append_59 = plugins/revocation -@MONOLITHIC_TRUE@@USE_REVOCATION_TRUE@am__append_60 = plugins/revocation/libstrongswan-revocation.la -@USE_CONSTRAINTS_TRUE@am__append_61 = plugins/constraints -@MONOLITHIC_TRUE@@USE_CONSTRAINTS_TRUE@am__append_62 = plugins/constraints/libstrongswan-constraints.la -@USE_ACERT_TRUE@am__append_63 = plugins/acert -@MONOLITHIC_TRUE@@USE_ACERT_TRUE@am__append_64 = plugins/acert/libstrongswan-acert.la -@USE_PUBKEY_TRUE@am__append_65 = plugins/pubkey -@MONOLITHIC_TRUE@@USE_PUBKEY_TRUE@am__append_66 = plugins/pubkey/libstrongswan-pubkey.la -@USE_PKCS1_TRUE@am__append_67 = plugins/pkcs1 -@MONOLITHIC_TRUE@@USE_PKCS1_TRUE@am__append_68 = plugins/pkcs1/libstrongswan-pkcs1.la -@USE_PKCS7_TRUE@am__append_69 = plugins/pkcs7 -@MONOLITHIC_TRUE@@USE_PKCS7_TRUE@am__append_70 = plugins/pkcs7/libstrongswan-pkcs7.la -@USE_PKCS8_TRUE@am__append_71 = plugins/pkcs8 -@MONOLITHIC_TRUE@@USE_PKCS8_TRUE@am__append_72 = plugins/pkcs8/libstrongswan-pkcs8.la -@USE_PKCS12_TRUE@am__append_73 = plugins/pkcs12 -@MONOLITHIC_TRUE@@USE_PKCS12_TRUE@am__append_74 = plugins/pkcs12/libstrongswan-pkcs12.la -@USE_PGP_TRUE@am__append_75 = plugins/pgp -@MONOLITHIC_TRUE@@USE_PGP_TRUE@am__append_76 = plugins/pgp/libstrongswan-pgp.la -@USE_DNSKEY_TRUE@am__append_77 = plugins/dnskey -@MONOLITHIC_TRUE@@USE_DNSKEY_TRUE@am__append_78 = plugins/dnskey/libstrongswan-dnskey.la -@USE_SSHKEY_TRUE@am__append_79 = plugins/sshkey -@MONOLITHIC_TRUE@@USE_SSHKEY_TRUE@am__append_80 = plugins/sshkey/libstrongswan-sshkey.la -@USE_PEM_TRUE@am__append_81 = plugins/pem -@MONOLITHIC_TRUE@@USE_PEM_TRUE@am__append_82 = plugins/pem/libstrongswan-pem.la -@USE_CURL_TRUE@am__append_83 = plugins/curl -@MONOLITHIC_TRUE@@USE_CURL_TRUE@am__append_84 = plugins/curl/libstrongswan-curl.la -@USE_FILES_TRUE@am__append_85 = plugins/files -@MONOLITHIC_TRUE@@USE_FILES_TRUE@am__append_86 = plugins/files/libstrongswan-files.la -@USE_WINHTTP_TRUE@am__append_87 = plugins/winhttp -@MONOLITHIC_TRUE@@USE_WINHTTP_TRUE@am__append_88 = plugins/winhttp/libstrongswan-winhttp.la -@USE_UNBOUND_TRUE@am__append_89 = plugins/unbound -@MONOLITHIC_TRUE@@USE_UNBOUND_TRUE@am__append_90 = plugins/unbound/libstrongswan-unbound.la -@USE_SOUP_TRUE@am__append_91 = plugins/soup -@MONOLITHIC_TRUE@@USE_SOUP_TRUE@am__append_92 = plugins/soup/libstrongswan-soup.la -@USE_LDAP_TRUE@am__append_93 = plugins/ldap -@MONOLITHIC_TRUE@@USE_LDAP_TRUE@am__append_94 = plugins/ldap/libstrongswan-ldap.la -@USE_MYSQL_TRUE@am__append_95 = plugins/mysql -@MONOLITHIC_TRUE@@USE_MYSQL_TRUE@am__append_96 = plugins/mysql/libstrongswan-mysql.la -@USE_SQLITE_TRUE@am__append_97 = plugins/sqlite -@MONOLITHIC_TRUE@@USE_SQLITE_TRUE@am__append_98 = plugins/sqlite/libstrongswan-sqlite.la -@USE_PADLOCK_TRUE@am__append_99 = plugins/padlock -@MONOLITHIC_TRUE@@USE_PADLOCK_TRUE@am__append_100 = plugins/padlock/libstrongswan-padlock.la -@USE_OPENSSL_TRUE@am__append_101 = plugins/openssl -@MONOLITHIC_TRUE@@USE_OPENSSL_TRUE@am__append_102 = plugins/openssl/libstrongswan-openssl.la -@USE_GCRYPT_TRUE@am__append_103 = plugins/gcrypt -@MONOLITHIC_TRUE@@USE_GCRYPT_TRUE@am__append_104 = plugins/gcrypt/libstrongswan-gcrypt.la -@USE_FIPS_PRF_TRUE@am__append_105 = plugins/fips_prf -@MONOLITHIC_TRUE@@USE_FIPS_PRF_TRUE@am__append_106 = plugins/fips_prf/libstrongswan-fips-prf.la -@USE_AGENT_TRUE@am__append_107 = plugins/agent -@MONOLITHIC_TRUE@@USE_AGENT_TRUE@am__append_108 = plugins/agent/libstrongswan-agent.la -@USE_KEYCHAIN_TRUE@am__append_109 = plugins/keychain -@MONOLITHIC_TRUE@@USE_KEYCHAIN_TRUE@am__append_110 = plugins/keychain/libstrongswan-keychain.la -@USE_PKCS11_TRUE@am__append_111 = plugins/pkcs11 -@MONOLITHIC_TRUE@@USE_PKCS11_TRUE@am__append_112 = plugins/pkcs11/libstrongswan-pkcs11.la -@USE_CHAPOLY_TRUE@am__append_113 = plugins/chapoly -@MONOLITHIC_TRUE@@USE_CHAPOLY_TRUE@am__append_114 = plugins/chapoly/libstrongswan-chapoly.la -@USE_CTR_TRUE@am__append_115 = plugins/ctr -@MONOLITHIC_TRUE@@USE_CTR_TRUE@am__append_116 = plugins/ctr/libstrongswan-ctr.la -@USE_CCM_TRUE@am__append_117 = plugins/ccm -@MONOLITHIC_TRUE@@USE_CCM_TRUE@am__append_118 = plugins/ccm/libstrongswan-ccm.la -@USE_GCM_TRUE@am__append_119 = plugins/gcm -@MONOLITHIC_TRUE@@USE_GCM_TRUE@am__append_120 = plugins/gcm/libstrongswan-gcm.la -@USE_MGF1_TRUE@am__append_121 = plugins/mgf1 -@MONOLITHIC_TRUE@@USE_MGF1_TRUE@am__append_122 = plugins/mgf1/libstrongswan-mgf1.la -@USE_NTRU_TRUE@am__append_123 = plugins/ntru -@MONOLITHIC_TRUE@@USE_NTRU_TRUE@am__append_124 = plugins/ntru/libstrongswan-ntru.la -@USE_BLISS_TRUE@am__append_125 = plugins/bliss -@MONOLITHIC_TRUE@@USE_BLISS_TRUE@am__append_126 = plugins/bliss/libstrongswan-bliss.la -@USE_NEWHOPE_TRUE@am__append_127 = plugins/newhope -@MONOLITHIC_TRUE@@USE_NEWHOPE_TRUE@am__append_128 = plugins/newhope/libstrongswan-newhope.la -@USE_TEST_VECTORS_TRUE@am__append_129 = plugins/test_vectors -@MONOLITHIC_TRUE@@USE_TEST_VECTORS_TRUE@am__append_130 = plugins/test_vectors/libstrongswan-test-vectors.la -@USE_LIBNTTFFT_TRUE@am__append_131 = math/libnttfft/tests -@USE_BLISS_TRUE@am__append_132 = plugins/bliss/tests -@USE_NEWHOPE_TRUE@am__append_133 = plugins/newhope/tests +@USE_AF_ALG_TRUE@am__append_20 = plugins/af_alg +@MONOLITHIC_TRUE@@USE_AF_ALG_TRUE@am__append_21 = plugins/af_alg/libstrongswan-af-alg.la +@USE_AES_TRUE@am__append_22 = plugins/aes +@MONOLITHIC_TRUE@@USE_AES_TRUE@am__append_23 = plugins/aes/libstrongswan-aes.la +@USE_DES_TRUE@am__append_24 = plugins/des +@MONOLITHIC_TRUE@@USE_DES_TRUE@am__append_25 = plugins/des/libstrongswan-des.la +@USE_BLOWFISH_TRUE@am__append_26 = plugins/blowfish +@MONOLITHIC_TRUE@@USE_BLOWFISH_TRUE@am__append_27 = plugins/blowfish/libstrongswan-blowfish.la +@USE_RC2_TRUE@am__append_28 = plugins/rc2 +@MONOLITHIC_TRUE@@USE_RC2_TRUE@am__append_29 = plugins/rc2/libstrongswan-rc2.la +@USE_MD4_TRUE@am__append_30 = plugins/md4 +@MONOLITHIC_TRUE@@USE_MD4_TRUE@am__append_31 = plugins/md4/libstrongswan-md4.la +@USE_MD5_TRUE@am__append_32 = plugins/md5 +@MONOLITHIC_TRUE@@USE_MD5_TRUE@am__append_33 = plugins/md5/libstrongswan-md5.la +@USE_SHA1_TRUE@am__append_34 = plugins/sha1 +@MONOLITHIC_TRUE@@USE_SHA1_TRUE@am__append_35 = plugins/sha1/libstrongswan-sha1.la +@USE_SHA2_TRUE@am__append_36 = plugins/sha2 +@MONOLITHIC_TRUE@@USE_SHA2_TRUE@am__append_37 = plugins/sha2/libstrongswan-sha2.la +@USE_SHA3_TRUE@am__append_38 = plugins/sha3 +@MONOLITHIC_TRUE@@USE_SHA3_TRUE@am__append_39 = plugins/sha3/libstrongswan-sha3.la +@USE_GMP_TRUE@am__append_40 = plugins/gmp +@MONOLITHIC_TRUE@@USE_GMP_TRUE@am__append_41 = plugins/gmp/libstrongswan-gmp.la +@USE_CURVE25519_TRUE@am__append_42 = plugins/curve25519 +@MONOLITHIC_TRUE@@USE_CURVE25519_TRUE@am__append_43 = plugins/curve25519/libstrongswan-curve25519.la +@USE_RDRAND_TRUE@am__append_44 = plugins/rdrand +@MONOLITHIC_TRUE@@USE_RDRAND_TRUE@am__append_45 = plugins/rdrand/libstrongswan-rdrand.la +@USE_AESNI_TRUE@am__append_46 = plugins/aesni +@MONOLITHIC_TRUE@@USE_AESNI_TRUE@am__append_47 = plugins/aesni/libstrongswan-aesni.la +@USE_RANDOM_TRUE@am__append_48 = plugins/random +@MONOLITHIC_TRUE@@USE_RANDOM_TRUE@am__append_49 = plugins/random/libstrongswan-random.la +@USE_NONCE_TRUE@am__append_50 = plugins/nonce +@MONOLITHIC_TRUE@@USE_NONCE_TRUE@am__append_51 = plugins/nonce/libstrongswan-nonce.la +@USE_HMAC_TRUE@am__append_52 = plugins/hmac +@MONOLITHIC_TRUE@@USE_HMAC_TRUE@am__append_53 = plugins/hmac/libstrongswan-hmac.la +@USE_CMAC_TRUE@am__append_54 = plugins/cmac +@MONOLITHIC_TRUE@@USE_CMAC_TRUE@am__append_55 = plugins/cmac/libstrongswan-cmac.la +@USE_XCBC_TRUE@am__append_56 = plugins/xcbc +@MONOLITHIC_TRUE@@USE_XCBC_TRUE@am__append_57 = plugins/xcbc/libstrongswan-xcbc.la +@USE_X509_TRUE@am__append_58 = plugins/x509 +@MONOLITHIC_TRUE@@USE_X509_TRUE@am__append_59 = plugins/x509/libstrongswan-x509.la +@USE_REVOCATION_TRUE@am__append_60 = plugins/revocation +@MONOLITHIC_TRUE@@USE_REVOCATION_TRUE@am__append_61 = plugins/revocation/libstrongswan-revocation.la +@USE_CONSTRAINTS_TRUE@am__append_62 = plugins/constraints +@MONOLITHIC_TRUE@@USE_CONSTRAINTS_TRUE@am__append_63 = plugins/constraints/libstrongswan-constraints.la +@USE_ACERT_TRUE@am__append_64 = plugins/acert +@MONOLITHIC_TRUE@@USE_ACERT_TRUE@am__append_65 = plugins/acert/libstrongswan-acert.la +@USE_PUBKEY_TRUE@am__append_66 = plugins/pubkey +@MONOLITHIC_TRUE@@USE_PUBKEY_TRUE@am__append_67 = plugins/pubkey/libstrongswan-pubkey.la +@USE_PKCS1_TRUE@am__append_68 = plugins/pkcs1 +@MONOLITHIC_TRUE@@USE_PKCS1_TRUE@am__append_69 = plugins/pkcs1/libstrongswan-pkcs1.la +@USE_PKCS7_TRUE@am__append_70 = plugins/pkcs7 +@MONOLITHIC_TRUE@@USE_PKCS7_TRUE@am__append_71 = plugins/pkcs7/libstrongswan-pkcs7.la +@USE_PKCS8_TRUE@am__append_72 = plugins/pkcs8 +@MONOLITHIC_TRUE@@USE_PKCS8_TRUE@am__append_73 = plugins/pkcs8/libstrongswan-pkcs8.la +@USE_PKCS12_TRUE@am__append_74 = plugins/pkcs12 +@MONOLITHIC_TRUE@@USE_PKCS12_TRUE@am__append_75 = plugins/pkcs12/libstrongswan-pkcs12.la +@USE_PGP_TRUE@am__append_76 = plugins/pgp +@MONOLITHIC_TRUE@@USE_PGP_TRUE@am__append_77 = plugins/pgp/libstrongswan-pgp.la +@USE_DNSKEY_TRUE@am__append_78 = plugins/dnskey +@MONOLITHIC_TRUE@@USE_DNSKEY_TRUE@am__append_79 = plugins/dnskey/libstrongswan-dnskey.la +@USE_SSHKEY_TRUE@am__append_80 = plugins/sshkey +@MONOLITHIC_TRUE@@USE_SSHKEY_TRUE@am__append_81 = plugins/sshkey/libstrongswan-sshkey.la +@USE_PEM_TRUE@am__append_82 = plugins/pem +@MONOLITHIC_TRUE@@USE_PEM_TRUE@am__append_83 = plugins/pem/libstrongswan-pem.la +@USE_CURL_TRUE@am__append_84 = plugins/curl +@MONOLITHIC_TRUE@@USE_CURL_TRUE@am__append_85 = plugins/curl/libstrongswan-curl.la +@USE_FILES_TRUE@am__append_86 = plugins/files +@MONOLITHIC_TRUE@@USE_FILES_TRUE@am__append_87 = plugins/files/libstrongswan-files.la +@USE_WINHTTP_TRUE@am__append_88 = plugins/winhttp +@MONOLITHIC_TRUE@@USE_WINHTTP_TRUE@am__append_89 = plugins/winhttp/libstrongswan-winhttp.la +@USE_UNBOUND_TRUE@am__append_90 = plugins/unbound +@MONOLITHIC_TRUE@@USE_UNBOUND_TRUE@am__append_91 = plugins/unbound/libstrongswan-unbound.la +@USE_SOUP_TRUE@am__append_92 = plugins/soup +@MONOLITHIC_TRUE@@USE_SOUP_TRUE@am__append_93 = plugins/soup/libstrongswan-soup.la +@USE_LDAP_TRUE@am__append_94 = plugins/ldap +@MONOLITHIC_TRUE@@USE_LDAP_TRUE@am__append_95 = plugins/ldap/libstrongswan-ldap.la +@USE_MYSQL_TRUE@am__append_96 = plugins/mysql +@MONOLITHIC_TRUE@@USE_MYSQL_TRUE@am__append_97 = plugins/mysql/libstrongswan-mysql.la +@USE_SQLITE_TRUE@am__append_98 = plugins/sqlite +@MONOLITHIC_TRUE@@USE_SQLITE_TRUE@am__append_99 = plugins/sqlite/libstrongswan-sqlite.la +@USE_PADLOCK_TRUE@am__append_100 = plugins/padlock +@MONOLITHIC_TRUE@@USE_PADLOCK_TRUE@am__append_101 = plugins/padlock/libstrongswan-padlock.la +@USE_OPENSSL_TRUE@am__append_102 = plugins/openssl +@MONOLITHIC_TRUE@@USE_OPENSSL_TRUE@am__append_103 = plugins/openssl/libstrongswan-openssl.la +@USE_GCRYPT_TRUE@am__append_104 = plugins/gcrypt +@MONOLITHIC_TRUE@@USE_GCRYPT_TRUE@am__append_105 = plugins/gcrypt/libstrongswan-gcrypt.la +@USE_FIPS_PRF_TRUE@am__append_106 = plugins/fips_prf +@MONOLITHIC_TRUE@@USE_FIPS_PRF_TRUE@am__append_107 = plugins/fips_prf/libstrongswan-fips-prf.la +@USE_AGENT_TRUE@am__append_108 = plugins/agent +@MONOLITHIC_TRUE@@USE_AGENT_TRUE@am__append_109 = plugins/agent/libstrongswan-agent.la +@USE_KEYCHAIN_TRUE@am__append_110 = plugins/keychain +@MONOLITHIC_TRUE@@USE_KEYCHAIN_TRUE@am__append_111 = plugins/keychain/libstrongswan-keychain.la +@USE_PKCS11_TRUE@am__append_112 = plugins/pkcs11 +@MONOLITHIC_TRUE@@USE_PKCS11_TRUE@am__append_113 = plugins/pkcs11/libstrongswan-pkcs11.la +@USE_CHAPOLY_TRUE@am__append_114 = plugins/chapoly +@MONOLITHIC_TRUE@@USE_CHAPOLY_TRUE@am__append_115 = plugins/chapoly/libstrongswan-chapoly.la +@USE_CTR_TRUE@am__append_116 = plugins/ctr +@MONOLITHIC_TRUE@@USE_CTR_TRUE@am__append_117 = plugins/ctr/libstrongswan-ctr.la +@USE_CCM_TRUE@am__append_118 = plugins/ccm +@MONOLITHIC_TRUE@@USE_CCM_TRUE@am__append_119 = plugins/ccm/libstrongswan-ccm.la +@USE_GCM_TRUE@am__append_120 = plugins/gcm +@MONOLITHIC_TRUE@@USE_GCM_TRUE@am__append_121 = plugins/gcm/libstrongswan-gcm.la +@USE_MGF1_TRUE@am__append_122 = plugins/mgf1 +@MONOLITHIC_TRUE@@USE_MGF1_TRUE@am__append_123 = plugins/mgf1/libstrongswan-mgf1.la +@USE_NTRU_TRUE@am__append_124 = plugins/ntru +@MONOLITHIC_TRUE@@USE_NTRU_TRUE@am__append_125 = plugins/ntru/libstrongswan-ntru.la +@USE_BLISS_TRUE@am__append_126 = plugins/bliss +@MONOLITHIC_TRUE@@USE_BLISS_TRUE@am__append_127 = plugins/bliss/libstrongswan-bliss.la +@USE_NEWHOPE_TRUE@am__append_128 = plugins/newhope +@MONOLITHIC_TRUE@@USE_NEWHOPE_TRUE@am__append_129 = plugins/newhope/libstrongswan-newhope.la +@USE_TEST_VECTORS_TRUE@am__append_130 = plugins/test_vectors +@MONOLITHIC_TRUE@@USE_TEST_VECTORS_TRUE@am__append_131 = plugins/test_vectors/libstrongswan-test-vectors.la +@USE_LIBNTTFFT_TRUE@am__append_132 = math/libnttfft/tests +@USE_BLISS_TRUE@am__append_133 = plugins/bliss/tests +@USE_NEWHOPE_TRUE@am__append_134 = plugins/newhope/tests subdir = src/libstrongswan ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ @@ -304,26 +305,26 @@ libstrongswan_la_DEPENDENCIES = $(am__DEPENDENCIES_1) \ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_2) \ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ - $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) $(am__append_20) \ - $(am__append_22) $(am__append_24) $(am__append_26) \ - $(am__append_28) $(am__append_30) $(am__append_32) \ - $(am__append_34) $(am__append_36) $(am__append_38) \ - $(am__append_40) $(am__append_42) $(am__append_44) \ - $(am__append_46) $(am__append_48) $(am__append_50) \ - $(am__append_52) $(am__append_54) $(am__append_56) \ - $(am__append_58) $(am__append_60) $(am__append_62) \ - $(am__append_64) $(am__append_66) $(am__append_68) \ - $(am__append_70) $(am__append_72) $(am__append_74) \ - $(am__append_76) $(am__append_78) $(am__append_80) \ - $(am__append_82) $(am__append_84) $(am__append_86) \ - $(am__append_88) $(am__append_90) $(am__append_92) \ - $(am__append_94) $(am__append_96) $(am__append_98) \ - $(am__append_100) $(am__append_102) $(am__append_104) \ - $(am__append_106) $(am__append_108) $(am__append_110) \ - $(am__append_112) $(am__append_114) $(am__append_116) \ - $(am__append_118) $(am__append_120) $(am__append_122) \ - $(am__append_124) $(am__append_126) $(am__append_128) \ - $(am__append_130) + $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) $(am__append_21) \ + $(am__append_23) $(am__append_25) $(am__append_27) \ + $(am__append_29) $(am__append_31) $(am__append_33) \ + $(am__append_35) $(am__append_37) $(am__append_39) \ + $(am__append_41) $(am__append_43) $(am__append_45) \ + $(am__append_47) $(am__append_49) $(am__append_51) \ + $(am__append_53) $(am__append_55) $(am__append_57) \ + $(am__append_59) $(am__append_61) $(am__append_63) \ + $(am__append_65) $(am__append_67) $(am__append_69) \ + $(am__append_71) $(am__append_73) $(am__append_75) \ + $(am__append_77) $(am__append_79) $(am__append_81) \ + $(am__append_83) $(am__append_85) $(am__append_87) \ + $(am__append_89) $(am__append_91) $(am__append_93) \ + $(am__append_95) $(am__append_97) $(am__append_99) \ + $(am__append_101) $(am__append_103) $(am__append_105) \ + $(am__append_107) $(am__append_109) $(am__append_111) \ + $(am__append_113) $(am__append_115) $(am__append_117) \ + $(am__append_119) $(am__append_121) $(am__append_123) \ + $(am__append_125) $(am__append_127) $(am__append_129) \ + $(am__append_131) am__libstrongswan_la_SOURCES_DIST = library.c asn1/asn1.c \ asn1/asn1_parser.c asn1/oid.c bio/bio_reader.c \ bio/bio_writer.c collections/blocking_queue.c \ @@ -830,6 +831,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -852,6 +854,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ @@ -1037,26 +1040,26 @@ settings/settings_types.h libstrongswan_la_LIBADD = $(DLLIB) $(ATOMICLIB) $(BTLIB) $(SOCKLIB) \ $(RTLIB) $(BFDLIB) $(UNWINDLIB) $(am__append_2) \ $(am__append_4) $(am__append_5) $(am__append_13) \ - $(am__append_15) $(am__append_17) $(am__append_20) \ - $(am__append_22) $(am__append_24) $(am__append_26) \ - $(am__append_28) $(am__append_30) $(am__append_32) \ - $(am__append_34) $(am__append_36) $(am__append_38) \ - $(am__append_40) $(am__append_42) $(am__append_44) \ - $(am__append_46) $(am__append_48) $(am__append_50) \ - $(am__append_52) $(am__append_54) $(am__append_56) \ - $(am__append_58) $(am__append_60) $(am__append_62) \ - $(am__append_64) $(am__append_66) $(am__append_68) \ - $(am__append_70) $(am__append_72) $(am__append_74) \ - $(am__append_76) $(am__append_78) $(am__append_80) \ - $(am__append_82) $(am__append_84) $(am__append_86) \ - $(am__append_88) $(am__append_90) $(am__append_92) \ - $(am__append_94) $(am__append_96) $(am__append_98) \ - $(am__append_100) $(am__append_102) $(am__append_104) \ - $(am__append_106) $(am__append_108) $(am__append_110) \ - $(am__append_112) $(am__append_114) $(am__append_116) \ - $(am__append_118) $(am__append_120) $(am__append_122) \ - $(am__append_124) $(am__append_126) $(am__append_128) \ - $(am__append_130) + $(am__append_15) $(am__append_17) $(am__append_21) \ + $(am__append_23) $(am__append_25) $(am__append_27) \ + $(am__append_29) $(am__append_31) $(am__append_33) \ + $(am__append_35) $(am__append_37) $(am__append_39) \ + $(am__append_41) $(am__append_43) $(am__append_45) \ + $(am__append_47) $(am__append_49) $(am__append_51) \ + $(am__append_53) $(am__append_55) $(am__append_57) \ + $(am__append_59) $(am__append_61) $(am__append_63) \ + $(am__append_65) $(am__append_67) $(am__append_69) \ + $(am__append_71) $(am__append_73) $(am__append_75) \ + $(am__append_77) $(am__append_79) $(am__append_81) \ + $(am__append_83) $(am__append_85) $(am__append_87) \ + $(am__append_89) $(am__append_91) $(am__append_93) \ + $(am__append_95) $(am__append_97) $(am__append_99) \ + $(am__append_101) $(am__append_103) $(am__append_105) \ + $(am__append_107) $(am__append_109) $(am__append_111) \ + $(am__append_113) $(am__append_115) $(am__append_117) \ + $(am__append_119) $(am__append_121) $(am__append_123) \ + $(am__append_125) $(am__append_127) $(am__append_129) \ + $(am__append_131) AM_CPPFLAGS = -I$(top_srcdir)/src/libstrongswan \ -DIPSEC_DIR=\"${ipsecdir}\" -DIPSEC_LIB_DIR=\"${ipseclibdir}\" \ -DPLUGINDIR=\"${plugindir}\" \ @@ -1072,83 +1075,83 @@ AM_YFLAGS = -v -d EXTRA_DIST = \ asn1/oid.txt asn1/oid.pl \ crypto/proposal/proposal_keywords_static.txt \ +plugins/plugin_constructors.py \ Android.mk -BUILT_SOURCES = \ -$(srcdir)/asn1/oid.c $(srcdir)/asn1/oid.h \ -$(srcdir)/crypto/proposal/proposal_keywords_static.c \ -settings/settings_parser.h - +BUILT_SOURCES = $(srcdir)/asn1/oid.c $(srcdir)/asn1/oid.h \ + $(srcdir)/crypto/proposal/proposal_keywords_static.c \ + settings/settings_parser.h $(am__append_18) MAINTAINERCLEANFILES = \ $(srcdir)/asn1/oid.c $(srcdir)/asn1/oid.h \ $(srcdir)/crypto/proposal/proposal_keywords_static.c +@STATIC_PLUGIN_CONSTRUCTORS_TRUE@CLEANFILES = $(srcdir)/plugin_constructors.c # build unit tests ################## -@MONOLITHIC_FALSE@SUBDIRS = . $(am__append_18) $(am__append_19) \ -@MONOLITHIC_FALSE@ $(am__append_21) $(am__append_23) \ -@MONOLITHIC_FALSE@ $(am__append_25) $(am__append_27) \ -@MONOLITHIC_FALSE@ $(am__append_29) $(am__append_31) \ -@MONOLITHIC_FALSE@ $(am__append_33) $(am__append_35) \ -@MONOLITHIC_FALSE@ $(am__append_37) $(am__append_39) \ -@MONOLITHIC_FALSE@ $(am__append_41) $(am__append_43) \ -@MONOLITHIC_FALSE@ $(am__append_45) $(am__append_47) \ -@MONOLITHIC_FALSE@ $(am__append_49) $(am__append_51) \ -@MONOLITHIC_FALSE@ $(am__append_53) $(am__append_55) \ -@MONOLITHIC_FALSE@ $(am__append_57) $(am__append_59) \ -@MONOLITHIC_FALSE@ $(am__append_61) $(am__append_63) \ -@MONOLITHIC_FALSE@ $(am__append_65) $(am__append_67) \ -@MONOLITHIC_FALSE@ $(am__append_69) $(am__append_71) \ -@MONOLITHIC_FALSE@ $(am__append_73) $(am__append_75) \ -@MONOLITHIC_FALSE@ $(am__append_77) $(am__append_79) \ -@MONOLITHIC_FALSE@ $(am__append_81) $(am__append_83) \ -@MONOLITHIC_FALSE@ $(am__append_85) $(am__append_87) \ -@MONOLITHIC_FALSE@ $(am__append_89) $(am__append_91) \ -@MONOLITHIC_FALSE@ $(am__append_93) $(am__append_95) \ -@MONOLITHIC_FALSE@ $(am__append_97) $(am__append_99) \ -@MONOLITHIC_FALSE@ $(am__append_101) $(am__append_103) \ -@MONOLITHIC_FALSE@ $(am__append_105) $(am__append_107) \ -@MONOLITHIC_FALSE@ $(am__append_109) $(am__append_111) \ -@MONOLITHIC_FALSE@ $(am__append_113) $(am__append_115) \ -@MONOLITHIC_FALSE@ $(am__append_117) $(am__append_119) \ -@MONOLITHIC_FALSE@ $(am__append_121) $(am__append_123) \ -@MONOLITHIC_FALSE@ $(am__append_125) $(am__append_127) \ -@MONOLITHIC_FALSE@ $(am__append_129) tests $(am__append_131) \ -@MONOLITHIC_FALSE@ $(am__append_132) $(am__append_133) +@MONOLITHIC_FALSE@SUBDIRS = . $(am__append_19) $(am__append_20) \ +@MONOLITHIC_FALSE@ $(am__append_22) $(am__append_24) \ +@MONOLITHIC_FALSE@ $(am__append_26) $(am__append_28) \ +@MONOLITHIC_FALSE@ $(am__append_30) $(am__append_32) \ +@MONOLITHIC_FALSE@ $(am__append_34) $(am__append_36) \ +@MONOLITHIC_FALSE@ $(am__append_38) $(am__append_40) \ +@MONOLITHIC_FALSE@ $(am__append_42) $(am__append_44) \ +@MONOLITHIC_FALSE@ $(am__append_46) $(am__append_48) \ +@MONOLITHIC_FALSE@ $(am__append_50) $(am__append_52) \ +@MONOLITHIC_FALSE@ $(am__append_54) $(am__append_56) \ +@MONOLITHIC_FALSE@ $(am__append_58) $(am__append_60) \ +@MONOLITHIC_FALSE@ $(am__append_62) $(am__append_64) \ +@MONOLITHIC_FALSE@ $(am__append_66) $(am__append_68) \ +@MONOLITHIC_FALSE@ $(am__append_70) $(am__append_72) \ +@MONOLITHIC_FALSE@ $(am__append_74) $(am__append_76) \ +@MONOLITHIC_FALSE@ $(am__append_78) $(am__append_80) \ +@MONOLITHIC_FALSE@ $(am__append_82) $(am__append_84) \ +@MONOLITHIC_FALSE@ $(am__append_86) $(am__append_88) \ +@MONOLITHIC_FALSE@ $(am__append_90) $(am__append_92) \ +@MONOLITHIC_FALSE@ $(am__append_94) $(am__append_96) \ +@MONOLITHIC_FALSE@ $(am__append_98) $(am__append_100) \ +@MONOLITHIC_FALSE@ $(am__append_102) $(am__append_104) \ +@MONOLITHIC_FALSE@ $(am__append_106) $(am__append_108) \ +@MONOLITHIC_FALSE@ $(am__append_110) $(am__append_112) \ +@MONOLITHIC_FALSE@ $(am__append_114) $(am__append_116) \ +@MONOLITHIC_FALSE@ $(am__append_118) $(am__append_120) \ +@MONOLITHIC_FALSE@ $(am__append_122) $(am__append_124) \ +@MONOLITHIC_FALSE@ $(am__append_126) $(am__append_128) \ +@MONOLITHIC_FALSE@ $(am__append_130) tests $(am__append_132) \ +@MONOLITHIC_FALSE@ $(am__append_133) $(am__append_134) # build unit tests ################## -@MONOLITHIC_TRUE@SUBDIRS = $(am__append_18) $(am__append_19) \ -@MONOLITHIC_TRUE@ $(am__append_21) $(am__append_23) \ -@MONOLITHIC_TRUE@ $(am__append_25) $(am__append_27) \ -@MONOLITHIC_TRUE@ $(am__append_29) $(am__append_31) \ -@MONOLITHIC_TRUE@ $(am__append_33) $(am__append_35) \ -@MONOLITHIC_TRUE@ $(am__append_37) $(am__append_39) \ -@MONOLITHIC_TRUE@ $(am__append_41) $(am__append_43) \ -@MONOLITHIC_TRUE@ $(am__append_45) $(am__append_47) \ -@MONOLITHIC_TRUE@ $(am__append_49) $(am__append_51) \ -@MONOLITHIC_TRUE@ $(am__append_53) $(am__append_55) \ -@MONOLITHIC_TRUE@ $(am__append_57) $(am__append_59) \ -@MONOLITHIC_TRUE@ $(am__append_61) $(am__append_63) \ -@MONOLITHIC_TRUE@ $(am__append_65) $(am__append_67) \ -@MONOLITHIC_TRUE@ $(am__append_69) $(am__append_71) \ -@MONOLITHIC_TRUE@ $(am__append_73) $(am__append_75) \ -@MONOLITHIC_TRUE@ $(am__append_77) $(am__append_79) \ -@MONOLITHIC_TRUE@ $(am__append_81) $(am__append_83) \ -@MONOLITHIC_TRUE@ $(am__append_85) $(am__append_87) \ -@MONOLITHIC_TRUE@ $(am__append_89) $(am__append_91) \ -@MONOLITHIC_TRUE@ $(am__append_93) $(am__append_95) \ -@MONOLITHIC_TRUE@ $(am__append_97) $(am__append_99) \ -@MONOLITHIC_TRUE@ $(am__append_101) $(am__append_103) \ -@MONOLITHIC_TRUE@ $(am__append_105) $(am__append_107) \ -@MONOLITHIC_TRUE@ $(am__append_109) $(am__append_111) \ -@MONOLITHIC_TRUE@ $(am__append_113) $(am__append_115) \ -@MONOLITHIC_TRUE@ $(am__append_117) $(am__append_119) \ -@MONOLITHIC_TRUE@ $(am__append_121) $(am__append_123) \ -@MONOLITHIC_TRUE@ $(am__append_125) $(am__append_127) \ -@MONOLITHIC_TRUE@ $(am__append_129) . tests $(am__append_131) \ -@MONOLITHIC_TRUE@ $(am__append_132) $(am__append_133) +@MONOLITHIC_TRUE@SUBDIRS = $(am__append_19) $(am__append_20) \ +@MONOLITHIC_TRUE@ $(am__append_22) $(am__append_24) \ +@MONOLITHIC_TRUE@ $(am__append_26) $(am__append_28) \ +@MONOLITHIC_TRUE@ $(am__append_30) $(am__append_32) \ +@MONOLITHIC_TRUE@ $(am__append_34) $(am__append_36) \ +@MONOLITHIC_TRUE@ $(am__append_38) $(am__append_40) \ +@MONOLITHIC_TRUE@ $(am__append_42) $(am__append_44) \ +@MONOLITHIC_TRUE@ $(am__append_46) $(am__append_48) \ +@MONOLITHIC_TRUE@ $(am__append_50) $(am__append_52) \ +@MONOLITHIC_TRUE@ $(am__append_54) $(am__append_56) \ +@MONOLITHIC_TRUE@ $(am__append_58) $(am__append_60) \ +@MONOLITHIC_TRUE@ $(am__append_62) $(am__append_64) \ +@MONOLITHIC_TRUE@ $(am__append_66) $(am__append_68) \ +@MONOLITHIC_TRUE@ $(am__append_70) $(am__append_72) \ +@MONOLITHIC_TRUE@ $(am__append_74) $(am__append_76) \ +@MONOLITHIC_TRUE@ $(am__append_78) $(am__append_80) \ +@MONOLITHIC_TRUE@ $(am__append_82) $(am__append_84) \ +@MONOLITHIC_TRUE@ $(am__append_86) $(am__append_88) \ +@MONOLITHIC_TRUE@ $(am__append_90) $(am__append_92) \ +@MONOLITHIC_TRUE@ $(am__append_94) $(am__append_96) \ +@MONOLITHIC_TRUE@ $(am__append_98) $(am__append_100) \ +@MONOLITHIC_TRUE@ $(am__append_102) $(am__append_104) \ +@MONOLITHIC_TRUE@ $(am__append_106) $(am__append_108) \ +@MONOLITHIC_TRUE@ $(am__append_110) $(am__append_112) \ +@MONOLITHIC_TRUE@ $(am__append_114) $(am__append_116) \ +@MONOLITHIC_TRUE@ $(am__append_118) $(am__append_120) \ +@MONOLITHIC_TRUE@ $(am__append_122) $(am__append_124) \ +@MONOLITHIC_TRUE@ $(am__append_126) $(am__append_128) \ +@MONOLITHIC_TRUE@ $(am__append_130) . tests $(am__append_132) \ +@MONOLITHIC_TRUE@ $(am__append_133) $(am__append_134) all: $(BUILT_SOURCES) $(MAKE) $(AM_MAKEFLAGS) all-recursive @@ -2184,6 +2187,7 @@ install-strip: mostlyclean-generic: clean-generic: + -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) @@ -2382,6 +2386,10 @@ $(srcdir)/crypto/proposal/proposal_keywords_static.c: $(srcdir)/crypto/proposal/ $(GPERF) -N proposal_get_token_static -m 10 -C -G -c -t -D < \ $(srcdir)/crypto/proposal/proposal_keywords_static.txt > $@ +@STATIC_PLUGIN_CONSTRUCTORS_TRUE@$(srcdir)/plugin_constructors.c: $(srcdir)/plugins/plugin_constructors.py +@STATIC_PLUGIN_CONSTRUCTORS_TRUE@ $(AM_V_GEN) \ +@STATIC_PLUGIN_CONSTRUCTORS_TRUE@ $(PYTHON) $(srcdir)/plugins/plugin_constructors.py ${s_plugins} > $@ + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff --git a/src/libstrongswan/asn1/asn1.c b/src/libstrongswan/asn1/asn1.c index 5ce840325..8b9dc1c48 100644 --- a/src/libstrongswan/asn1/asn1.c +++ b/src/libstrongswan/asn1/asn1.c @@ -350,13 +350,15 @@ time_t asn1_to_time(const chunk_t *utctime, asn1_t type) int tm_leap_4, tm_leap_100, tm_leap_400, tm_leap; int tz_hour, tz_min, tz_offset; time_t tm_days, tm_secs; - u_char *eot = NULL; + char buf[BUF_LEN], *eot = NULL; - if ((eot = memchr(utctime->ptr, 'Z', utctime->len)) != NULL) + snprintf(buf, sizeof(buf), "%.*s", (int)utctime->len, utctime->ptr); + + if ((eot = strchr(buf, 'Z')) != NULL) { tz_offset = 0; /* Zulu time with a zero time zone offset */ } - else if ((eot = memchr(utctime->ptr, '+', utctime->len)) != NULL) + else if ((eot = strchr(buf, '+')) != NULL) { if (sscanf(eot+1, "%2d%2d", &tz_hour, &tz_min) != 2) { @@ -364,7 +366,7 @@ time_t asn1_to_time(const chunk_t *utctime, asn1_t type) } tz_offset = 3600*tz_hour + 60*tz_min; /* positive time zone offset */ } - else if ((eot = memchr(utctime->ptr, '-', utctime->len)) != NULL) + else if ((eot = strchr(buf, '-')) != NULL) { if (sscanf(eot+1, "%2d%2d", &tz_hour, &tz_min) != 2) { @@ -382,15 +384,15 @@ time_t asn1_to_time(const chunk_t *utctime, asn1_t type) const char* format = (type == ASN1_UTCTIME)? "%2d%2d%2d%2d%2d": "%4d%2d%2d%2d%2d"; - if (sscanf(utctime->ptr, format, &tm_year, &tm_mon, &tm_day, - &tm_hour, &tm_min) != 5) + if (sscanf(buf, format, &tm_year, &tm_mon, &tm_day, + &tm_hour, &tm_min) != 5) { return 0; /* error in [yy]yymmddhhmm time format */ } } /* is there a seconds field? */ - if ((eot - utctime->ptr) == ((type == ASN1_UTCTIME)?12:14)) + if ((eot - buf) == ((type == ASN1_UTCTIME)?12:14)) { if (sscanf(eot-2, "%2d", &tm_sec) != 1) { diff --git a/src/libstrongswan/asn1/asn1_parser.c b/src/libstrongswan/asn1/asn1_parser.c index e7b7a428d..4d5f799b7 100644 --- a/src/libstrongswan/asn1/asn1_parser.c +++ b/src/libstrongswan/asn1/asn1_parser.c @@ -1,8 +1,7 @@ /* * Copyright (C) 2006 Martin Will - * Copyright (C) 2000-2008 Andreas Steffen - * - * Hochschule fuer Technik Rapperswil + * Copyright (C) 2000-2017 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -76,12 +75,18 @@ struct private_asn1_parser_t { * Current parsing pointer for each level */ chunk_t blobs[ASN1_MAX_LEVEL + 2]; + + /** + * Parsing a CHOICE on the current level ? + */ + bool choice[ASN1_MAX_LEVEL + 2]; + }; METHOD(asn1_parser_t, iterate, bool, private_asn1_parser_t *this, int *objectID, chunk_t *object) { - chunk_t *blob, *blob1; + chunk_t *blob, *blob1, blob_ori; u_char *start_ptr; u_int level; asn1Object_t obj; @@ -97,7 +102,7 @@ METHOD(asn1_parser_t, iterate, bool, return FALSE; } - if (obj.flags & ASN1_END) /* end of loop or option found */ + if (obj.flags & ASN1_END) /* end of loop or choice or option found */ { if (this->loopAddr[obj.level] && this->blobs[obj.level+1].len > 0) { @@ -106,13 +111,42 @@ METHOD(asn1_parser_t, iterate, bool, } else { - this->loopAddr[obj.level] = 0; /* exit loop or option*/ + this->loopAddr[obj.level] = 0; /* exit loop */ + + if (obj.flags & ASN1_CHOICE) /* end of choices */ + { + if (this->choice[obj.level+1]) + { + DBG1(DBG_ASN, "L%d - %s: incorrect choice encoding", + this->level0 + obj.level, obj.name); + this->success = FALSE; + goto end; + } + } + + if (obj.flags & ASN1_CH) /* end of choice */ + { + /* parsed a valid choice */ + this->choice[obj.level] = FALSE; + + /* advance to end of choices */ + do + { + this->line++; + } + while (!((this->objects[this->line].flags & ASN1_END) && + (this->objects[this->line].flags & ASN1_CHOICE) && + (this->objects[this->line].level == obj.level-1))); + this->line--; + } + goto end; } } level = this->level0 + obj.level; blob = this->blobs + obj.level; + blob_ori = *blob; blob1 = blob + 1; start_ptr = blob->ptr; @@ -129,7 +163,6 @@ METHOD(asn1_parser_t, iterate, bool, } /* handle ASN.1 options */ - if ((obj.flags & ASN1_OPT) && (blob->len == 0 || *start_ptr != obj.type)) { @@ -144,7 +177,6 @@ METHOD(asn1_parser_t, iterate, bool, } /* an ASN.1 object must possess at least a tag and length field */ - if (blob->len < 2) { DBG1(DBG_ASN, "L%d - %s: ASN.1 object smaller than 2 octets", @@ -167,8 +199,16 @@ METHOD(asn1_parser_t, iterate, bool, blob->ptr += blob1->len; blob->len -= blob1->len; - /* return raw ASN.1 object without prior type checking */ + /* handle ASN.1 choice without explicit context encoding */ + if ((obj.flags & ASN1_CHOICE) && obj.type == ASN1_EOC) + { + DBG2(DBG_ASN, "L%d - %s:", level, obj.name); + this->choice[obj.level+1] = TRUE; + *blob1 = blob_ori; + goto end; + } + /* return raw ASN.1 object without prior type checking */ if (obj.flags & ASN1_RAW) { DBG2(DBG_ASN, "L%d - %s:", level, obj.name); @@ -209,6 +249,18 @@ METHOD(asn1_parser_t, iterate, bool, } } + /* In case of a "CHOICE" start to scan for exactly one valid choice */ + if (obj.flags & ASN1_CHOICE) + { + if (blob1->len == 0) + { + DBG1(DBG_ASN, "L%d - %s: contains no choice", level, obj.name); + this->success = FALSE; + goto end; + } + this->choice[obj.level+1] = TRUE; + } + if (obj.flags & ASN1_OBJ) { object->ptr = start_ptr; diff --git a/src/libstrongswan/asn1/asn1_parser.h b/src/libstrongswan/asn1/asn1_parser.h index 0edc22c23..2ee1e892f 100644 --- a/src/libstrongswan/asn1/asn1_parser.h +++ b/src/libstrongswan/asn1/asn1_parser.h @@ -1,8 +1,7 @@ /* * Copyright (C) 2006 Martin Will - * Copyright (C) 2000-2008 Andreas Steffen - * - * Hochschule fuer Technik Rapperswil + * Copyright (C) 2000-2017 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -32,15 +31,17 @@ /** * Definition of ASN.1 flags */ -#define ASN1_NONE 0x00 -#define ASN1_DEF 0x01 -#define ASN1_OPT 0x02 -#define ASN1_LOOP 0x04 -#define ASN1_END 0x08 -#define ASN1_OBJ 0x10 -#define ASN1_BODY 0x20 -#define ASN1_RAW 0x40 -#define ASN1_EXIT 0x80 +#define ASN1_NONE 0x0000 +#define ASN1_DEF 0x0001 +#define ASN1_OPT 0x0002 +#define ASN1_LOOP 0x0004 +#define ASN1_CHOICE 0x0008 +#define ASN1_CH 0x0010 +#define ASN1_END 0x0020 +#define ASN1_OBJ 0x0040 +#define ASN1_BODY 0x0080 +#define ASN1_RAW 0x0100 +#define ASN1_EXIT 0x0200 typedef struct asn1Object_t asn1Object_t; @@ -51,7 +52,7 @@ struct asn1Object_t{ u_int level; const u_char *name; asn1_t type; - u_char flags; + uint16_t flags; }; typedef struct asn1_parser_t asn1_parser_t; diff --git a/src/libstrongswan/collections/array.c b/src/libstrongswan/collections/array.c index 69e7df99e..c3dd6e0e9 100644 --- a/src/libstrongswan/collections/array.c +++ b/src/libstrongswan/collections/array.c @@ -214,9 +214,11 @@ typedef struct { } array_enumerator_t; METHOD(enumerator_t, enumerate, bool, - array_enumerator_t *this, void **out) + array_enumerator_t *this, va_list args) { - void *pos; + void *pos, **out; + + VA_ARGS_VGET(args, out); if (this->idx >= this->array->count) { @@ -250,7 +252,8 @@ enumerator_t* array_create_enumerator(array_t *array) INIT(enumerator, .public = { - .enumerate = (void*)_enumerate, + .enumerate = enumerator_enumerate_default, + .venumerate = _enumerate, .destroy = (void*)free, }, .array = array, diff --git a/src/libstrongswan/collections/enumerator.c b/src/libstrongswan/collections/enumerator.c index fa277e7c8..52c9e1cd5 100644 --- a/src/libstrongswan/collections/enumerator.c +++ b/src/libstrongswan/collections/enumerator.c @@ -1,7 +1,7 @@ /* - * Copyright (C) 2008-2013 Tobias Brunner + * Copyright (C) 2008-2017 Tobias Brunner * Copyright (C) 2007 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -31,22 +31,43 @@ #include -/** - * Implementation of enumerator_create_empty().enumerate +/* + * Described in header. */ -static bool enumerate_empty(enumerator_t *enumerator, ...) +bool enumerator_enumerate_default(enumerator_t *enumerator, ...) +{ + va_list args; + bool result; + + if (!enumerator->venumerate) + { + DBG1(DBG_LIB, "!!! ENUMERATE DEFAULT: venumerate() missing !!!"); + return FALSE; + } + va_start(args, enumerator); + result = enumerator->venumerate(enumerator, args); + va_end(args); + return result; +} + +METHOD(enumerator_t, enumerate_empty, bool, + enumerator_t *enumerator, va_list args) { return FALSE; } -/** - * See header +/* + * Described in header */ enumerator_t* enumerator_create_empty() { - enumerator_t *this = malloc_thing(enumerator_t); - this->enumerate = enumerate_empty; - this->destroy = (void*)free; + enumerator_t *this; + + INIT(this, + .enumerate = enumerator_enumerate_default, + .venumerate = _enumerate_empty, + .destroy = (void*)free, + ); return this; } @@ -64,32 +85,31 @@ typedef struct { char *full_end; } dir_enum_t; -/** - * Implementation of enumerator_create_directory().destroy - */ -static void destroy_dir_enum(dir_enum_t *this) +METHOD(enumerator_t, destroy_dir_enum, void, + dir_enum_t *this) { closedir(this->dir); free(this); } -/** - * Implementation of enumerator_create_directory().enumerate - */ -static bool enumerate_dir_enum(dir_enum_t *this, char **relative, - char **absolute, struct stat *st) +METHOD(enumerator_t, enumerate_dir_enum, bool, + dir_enum_t *this, va_list args) { struct dirent *entry = readdir(this->dir); + struct stat *st; size_t remaining; + char **relative, **absolute; int len; + VA_ARGS_VGET(args, relative, absolute, st); + if (!entry) { return FALSE; } if (streq(entry->d_name, ".") || streq(entry->d_name, "..")) { - return enumerate_dir_enum(this, relative, absolute, st); + return this->public.enumerate(&this->public, relative, absolute, st); } if (relative) { @@ -122,15 +142,21 @@ static bool enumerate_dir_enum(dir_enum_t *this, char **relative, return TRUE; } -/** - * See header +/* + * Described in header */ enumerator_t* enumerator_create_directory(const char *path) { + dir_enum_t *this; int len; - dir_enum_t *this = malloc_thing(dir_enum_t); - this->public.enumerate = (void*)enumerate_dir_enum; - this->public.destroy = (void*)destroy_dir_enum; + + INIT(this, + .public = { + .enumerate = enumerator_enumerate_default, + .venumerate = _enumerate_dir_enum, + .destroy = _destroy_dir_enum, + }, + ); if (*path == '\0') { @@ -152,9 +178,10 @@ enumerator_t* enumerator_create_directory(const char *path) this->full_end = &this->full[len]; this->dir = opendir(path); - if (this->dir == NULL) + if (!this->dir) { - DBG1(DBG_LIB, "opening directory '%s' failed: %s", path, strerror(errno)); + DBG1(DBG_LIB, "opening directory '%s' failed: %s", path, + strerror(errno)); free(this); return NULL; } @@ -177,21 +204,21 @@ typedef struct { char full[PATH_MAX]; } glob_enum_t; -/** - * Implementation of enumerator_create_glob().destroy - */ -static void destroy_glob_enum(glob_enum_t *this) +METHOD(enumerator_t, destroy_glob_enum, void, + glob_enum_t *this) { globfree(&this->glob); free(this); } -/** - * Implementation of enumerator_create_glob().enumerate - */ -static bool enumerate_glob_enum(glob_enum_t *this, char **file, struct stat *st) +METHOD(enumerator_t, enumerate_glob_enum, bool, + glob_enum_t *this, va_list args) { + struct stat *st; char *match; + char **file; + + VA_ARGS_VGET(args, file, st); if (this->pos >= this->glob.gl_pathc) { @@ -202,20 +229,17 @@ static bool enumerate_glob_enum(glob_enum_t *this, char **file, struct stat *st) { *file = match; } - if (st) + if (st && stat(match, st)) { - if (stat(match, st)) - { - DBG1(DBG_LIB, "stat() on '%s' failed: %s", match, - strerror(errno)); - return FALSE; - } + DBG1(DBG_LIB, "stat() on '%s' failed: %s", match, + strerror(errno)); + return FALSE; } return TRUE; } -/** - * See header +/* + * Described in header */ enumerator_t* enumerator_create_glob(const char *pattern) { @@ -229,8 +253,9 @@ enumerator_t* enumerator_create_glob(const char *pattern) INIT(this, .public = { - .enumerate = (void*)enumerate_glob_enum, - .destroy = (void*)destroy_glob_enum, + .enumerate = enumerator_enumerate_default, + .venumerate = _enumerate_glob_enum, + .destroy = _destroy_glob_enum, }, ); @@ -272,24 +297,22 @@ typedef struct { const char *trim; } token_enum_t; -/** - * Implementation of enumerator_create_token().destroy - */ -static void destroy_token_enum(token_enum_t *this) +METHOD(enumerator_t, destroy_token_enum, void, + token_enum_t *this) { free(this->string); free(this); } -/** - * Implementation of enumerator_create_token().enumerate - */ -static bool enumerate_token_enum(token_enum_t *this, char **token) +METHOD(enumerator_t, enumerate_token_enum, bool, + token_enum_t *this, va_list args) { const char *sep, *trim; - char *pos = NULL, *tmp; + char *pos = NULL, *tmp, **token; bool last = FALSE; + VA_ARGS_VGET(args, token); + /* trim leading characters/separators */ while (*this->pos) { @@ -390,52 +413,48 @@ static bool enumerate_token_enum(token_enum_t *this, char **token) return FALSE; } -/** - * See header +/* + * Described in header */ enumerator_t* enumerator_create_token(const char *string, const char *sep, const char *trim) { - token_enum_t *enumerator = malloc_thing(token_enum_t); + token_enum_t *this; - enumerator->public.enumerate = (void*)enumerate_token_enum; - enumerator->public.destroy = (void*)destroy_token_enum; - enumerator->string = strdup(string); - enumerator->pos = enumerator->string; - enumerator->sep = sep; - enumerator->trim = trim; + INIT(this, + .public = { + .enumerate = enumerator_enumerate_default, + .venumerate = _enumerate_token_enum, + .destroy = _destroy_token_enum, + }, + .string = strdup(string), + .sep = sep, + .trim = trim, + ); + this->pos = this->string; - return &enumerator->public; + return &this->public; } /** - * enumerator for nested enumerations + * Enumerator for nested enumerations */ typedef struct { - /* implements enumerator_t */ enumerator_t public; - /* outer enumerator */ enumerator_t *outer; - /* inner enumerator */ enumerator_t *inner; - /* constructor for inner enumerator */ enumerator_t *(*create_inner)(void *outer, void *data); - /* data to pass to constructor above */ void *data; - /* destructor for data */ - void (*destroy_data)(void *data); + void (*destructor)(void *data); } nested_enumerator_t; -/** - * Implementation of enumerator_create_nested().enumerate() - */ -static bool enumerate_nested(nested_enumerator_t *this, void *v1, void *v2, - void *v3, void *v4, void *v5) +METHOD(enumerator_t, enumerate_nested, bool, + nested_enumerator_t *this, va_list args) { while (TRUE) { - while (this->inner == NULL) + while (!this->inner) { void *outer; @@ -444,8 +463,13 @@ static bool enumerate_nested(nested_enumerator_t *this, void *v1, void *v2, return FALSE; } this->inner = this->create_inner(outer, this->data); + if (this->inner && !this->inner->venumerate) + { + DBG1(DBG_LIB, "!!! ENUMERATE NESTED: venumerate() missing !!!"); + return FALSE; + } } - if (this->inner->enumerate(this->inner, v1, v2, v3, v4, v5)) + if (this->inner->venumerate(this->inner, args)) { return TRUE; } @@ -454,103 +478,100 @@ static bool enumerate_nested(nested_enumerator_t *this, void *v1, void *v2, } } -/** - * Implementation of enumerator_create_nested().destroy() - **/ -static void destroy_nested(nested_enumerator_t *this) +METHOD(enumerator_t, destroy_nested, void, + nested_enumerator_t *this) { - if (this->destroy_data) + if (this->destructor) { - this->destroy_data(this->data); + this->destructor(this->data); } DESTROY_IF(this->inner); this->outer->destroy(this->outer); free(this); } -/** - * See header +/* + * Described in header */ enumerator_t *enumerator_create_nested(enumerator_t *outer, enumerator_t *(inner_constructor)(void *outer, void *data), - void *data, void (*destroy_data)(void *data)) + void *data, void (*destructor)(void *data)) { - nested_enumerator_t *enumerator = malloc_thing(nested_enumerator_t); + nested_enumerator_t *this; - enumerator->public.enumerate = (void*)enumerate_nested; - enumerator->public.destroy = (void*)destroy_nested; - enumerator->outer = outer; - enumerator->inner = NULL; - enumerator->create_inner = (void*)inner_constructor; - enumerator->data = data; - enumerator->destroy_data = destroy_data; - - return &enumerator->public; + INIT(this, + .public = { + .enumerate = enumerator_enumerate_default, + .venumerate = _enumerate_nested, + .destroy = _destroy_nested, + }, + .outer = outer, + .create_inner = inner_constructor, + .data = data, + .destructor = destructor, + ); + return &this->public; } /** - * enumerator for filtered enumerator + * Enumerator for filtered enumerator */ typedef struct { enumerator_t public; - enumerator_t *unfiltered; + enumerator_t *orig; void *data; - bool (*filter)(void *data, ...); + bool (*filter)(void*,enumerator_t*,va_list); void (*destructor)(void *data); } filter_enumerator_t; -/** - * Implementation of enumerator_create_filter().destroy - */ -static void destroy_filter(filter_enumerator_t *this) +METHOD(enumerator_t, destroy_filter, void, + filter_enumerator_t *this) { if (this->destructor) { this->destructor(this->data); } - this->unfiltered->destroy(this->unfiltered); + this->orig->destroy(this->orig); free(this); } -/** - * Implementation of enumerator_create_filter().enumerate - */ -static bool enumerate_filter(filter_enumerator_t *this, void *o1, void *o2, - void *o3, void *o4, void *o5) +METHOD(enumerator_t, enumerate_filter, bool, + filter_enumerator_t *this, va_list args) { - void *i1, *i2, *i3, *i4, *i5; + bool result = FALSE; - while (this->unfiltered->enumerate(this->unfiltered, &i1, &i2, &i3, &i4, &i5)) + if (this->filter(this->data, this->orig, args)) { - if (this->filter(this->data, &i1, o1, &i2, o2, &i3, o3, &i4, o4, &i5, o5)) - { - return TRUE; - } + result = TRUE; } - return FALSE; + return result; } -/** - * see header +/* + * Described in header */ -enumerator_t *enumerator_create_filter(enumerator_t *unfiltered, - bool (*filter)(void *data, ...), - void *data, void (*destructor)(void *data)) +enumerator_t *enumerator_create_filter(enumerator_t *orig, + bool (*filter)(void *data, enumerator_t *orig, va_list args), + void *data, void (*destructor)(void *data)) { - filter_enumerator_t *this = malloc_thing(filter_enumerator_t); - - this->public.enumerate = (void*)enumerate_filter; - this->public.destroy = (void*)destroy_filter; - this->unfiltered = unfiltered; - this->filter = filter; - this->data = data; - this->destructor = destructor; + filter_enumerator_t *this; + INIT(this, + .public = { + .enumerate = enumerator_enumerate_default, + .venumerate = _enumerate_filter, + .destroy = _destroy_filter, + }, + .orig = orig, + .filter = filter, + .data = data, + .destructor = destructor, + ); return &this->public; } /** - * enumerator for cleaner enumerator + * Enumerator for cleaner enumerator */ typedef struct { enumerator_t public; @@ -559,44 +580,48 @@ typedef struct { void *data; } cleaner_enumerator_t; -/** - * Implementation of enumerator_create_cleanup().destroy - */ -static void destroy_cleaner(cleaner_enumerator_t *this) +METHOD(enumerator_t, destroy_cleaner, void, + cleaner_enumerator_t *this) { this->cleanup(this->data); this->wrapped->destroy(this->wrapped); free(this); } -/** - * Implementation of enumerator_create_cleaner().enumerate - */ -static bool enumerate_cleaner(cleaner_enumerator_t *this, void *v1, void *v2, - void *v3, void *v4, void *v5) +METHOD(enumerator_t, enumerate_cleaner, bool, + cleaner_enumerator_t *this, va_list args) { - return this->wrapped->enumerate(this->wrapped, v1, v2, v3, v4, v5); + if (!this->wrapped->venumerate) + { + DBG1(DBG_LIB, "!!! CLEANER ENUMERATOR: venumerate() missing !!!"); + return FALSE; + } + return this->wrapped->venumerate(this->wrapped, args); } -/** - * see header +/* + * Described in header */ enumerator_t *enumerator_create_cleaner(enumerator_t *wrapped, void (*cleanup)(void *data), void *data) { - cleaner_enumerator_t *this = malloc_thing(cleaner_enumerator_t); - - this->public.enumerate = (void*)enumerate_cleaner; - this->public.destroy = (void*)destroy_cleaner; - this->wrapped = wrapped; - this->cleanup = cleanup; - this->data = data; + cleaner_enumerator_t *this; + INIT(this, + .public = { + .enumerate = enumerator_enumerate_default, + .venumerate = _enumerate_cleaner, + .destroy = _destroy_cleaner, + }, + .wrapped = wrapped, + .cleanup = cleanup, + .data = data, + ); return &this->public; } /** - * enumerator for single enumerator + * Enumerator for single enumerator */ typedef struct { enumerator_t public; @@ -605,10 +630,8 @@ typedef struct { bool done; } single_enumerator_t; -/** - * Implementation of enumerator_create_single().destroy - */ -static void destroy_single(single_enumerator_t *this) +METHOD(enumerator_t, destroy_single, void, + single_enumerator_t *this) { if (this->cleanup) { @@ -617,11 +640,12 @@ static void destroy_single(single_enumerator_t *this) free(this); } -/** - * Implementation of enumerator_create_single().enumerate - */ -static bool enumerate_single(single_enumerator_t *this, void **item) +METHOD(enumerator_t, enumerate_single, bool, + single_enumerator_t *this, va_list args) { + void **item; + + VA_ARGS_VGET(args, item); if (this->done) { return FALSE; @@ -631,19 +655,21 @@ static bool enumerate_single(single_enumerator_t *this, void **item) return TRUE; } -/** - * see header +/* + * Described in header */ enumerator_t *enumerator_create_single(void *item, void (*cleanup)(void *item)) { - single_enumerator_t *this = malloc_thing(single_enumerator_t); - - this->public.enumerate = (void*)enumerate_single; - this->public.destroy = (void*)destroy_single; - this->item = item; - this->cleanup = cleanup; - this->done = FALSE; + single_enumerator_t *this; + INIT(this, + .public = { + .enumerate = enumerator_enumerate_default, + .venumerate = _enumerate_single, + .destroy = _destroy_single, + }, + .item = item, + .cleanup = cleanup, + ); return &this->public; } - diff --git a/src/libstrongswan/collections/enumerator.h b/src/libstrongswan/collections/enumerator.h index 55f8d83e6..99f8847e4 100644 --- a/src/libstrongswan/collections/enumerator.h +++ b/src/libstrongswan/collections/enumerator.h @@ -1,7 +1,7 @@ /* - * Copyright (C) 2013 Tobias Brunner + * Copyright (C) 2013-2017 Tobias Brunner * Copyright (C) 2007 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -34,8 +34,11 @@ struct enumerator_t { /** * Enumerate collection. * - * The enumerate function takes a variable argument list containing - * pointers where the enumerated values get written. + * The enumerate() method takes a variable number of pointer arguments + * where the enumerated values get written to. + * + * @note Just assigning the generic enumerator_enumerate_default() function + * that calls the enumerator's venumerate() method is usually enough. * * @param ... variable list of enumerated items, implementation dependent * @return TRUE if pointers returned @@ -43,11 +46,33 @@ struct enumerator_t { bool (*enumerate)(enumerator_t *this, ...); /** - * Destroy a enumerator instance. + * Enumerate collection. + * + * The venumerate() method takes a variable argument list containing + * pointers where the enumerated values get written to. + * + * To simplify the implementation the VA_ARGS_VGET() macro may be used. + * + * @param args variable list of enumerated items, implementation dependent + * @return TRUE if pointers returned + */ + bool (*venumerate)(enumerator_t *this, va_list args); + + /** + * Destroy an enumerator_t instance. */ void (*destroy)(enumerator_t *this); }; +/** + * Generic implementation of enumerator_t::enumerate() that simply calls + * the enumerator's venumerate() method. + * + * @param enumerator the enumerator + * @param ... arguments passed to enumerate() + */ +bool enumerator_enumerate_default(enumerator_t *enumerator, ...); + /** * Create an enumerator which enumerates over nothing * @@ -147,38 +172,41 @@ enumerator_t* enumerator_create_token(const char *string, const char *sep, /** * Creates an enumerator which enumerates over enumerated enumerators :-). * - * The variable argument list of enumeration values is limit to 5. + * The outer enumerator is expected to return objects that, when passed to + * inner_contructor, will create a new enumerator that will be enumerated until + * completion (to this enumerator will the pointer arguments that are passed to + * this enumerator be forwarded) at which point a new element from the outer + * enumerator is requested to create a new inner enumerator. * * @param outer outer enumerator - * @param inner_constructor constructor to inner enumerator + * @param inner_constructor constructor to create inner enumerator * @param data data to pass to each inner_constructor call - * @param destroy_data destructor to pass to data + * @param destructor destructor function to clean up data after use * @return the nested enumerator */ enumerator_t *enumerator_create_nested(enumerator_t *outer, enumerator_t *(*inner_constructor)(void *outer, void *data), - void *data, void (*destroy_data)(void *data)); + void *data, void (*destructor)(void *data)); /** - * Creates an enumerator which filters output of another enumerator. + * Creates an enumerator which filters/maps output of another enumerator. * - * The filter function receives the user supplied "data" followed by a - * unfiltered enumeration item, followed by an output pointer where to write - * the filtered data. Then the next input/output pair follows. - * It returns TRUE to deliver the - * values to the caller of enumerate(), FALSE to filter this enumeration. + * The filter function receives the user supplied "data" followed by the + * original enumerator, followed by the arguments passed to the outer + * enumerator. It returns TRUE to deliver the values assigned to these + * arguments to the caller of enumerate() and FALSE to end the enumeration. + * Filtering items is simple as the filter function may just skip enumerated + * items from the original enumerator. * - * The variable argument list of enumeration values is limit to 5. - * - * @param unfiltered unfiltered enumerator to wrap, gets destroyed + * @param orig original enumerator to wrap, gets destroyed * @param filter filter function * @param data user data to supply to filter * @param destructor destructor function to clean up data after use * @return the filtered enumerator */ -enumerator_t *enumerator_create_filter(enumerator_t *unfiltered, - bool (*filter)(void *data, ...), - void *data, void (*destructor)(void *data)); +enumerator_t *enumerator_create_filter(enumerator_t *orig, + bool (*filter)(void *data, enumerator_t *orig, va_list args), + void *data, void (*destructor)(void *data)); /** * Create an enumerator wrapper which does a cleanup on destroy. diff --git a/src/libstrongswan/collections/hashtable.c b/src/libstrongswan/collections/hashtable.c index 2b77a37cc..b0eda9e6a 100644 --- a/src/libstrongswan/collections/hashtable.c +++ b/src/libstrongswan/collections/hashtable.c @@ -379,8 +379,13 @@ METHOD(hashtable_t, get_count, u_int, } METHOD(enumerator_t, enumerate, bool, - private_enumerator_t *this, const void **key, void **value) + private_enumerator_t *this, va_list args) { + const void **key; + void **value; + + VA_ARGS_VGET(args, key, value); + while (this->count && this->row < this->table->capacity) { this->prev = this->current; @@ -417,7 +422,8 @@ METHOD(hashtable_t, create_enumerator, enumerator_t*, INIT(enumerator, .enumerator = { - .enumerate = (void*)_enumerate, + .enumerate = enumerator_enumerate_default, + .venumerate = _enumerate, .destroy = (void*)free, }, .table = this, diff --git a/src/libstrongswan/collections/linked_list.c b/src/libstrongswan/collections/linked_list.c index b8fe81578..f877be5a6 100644 --- a/src/libstrongswan/collections/linked_list.c +++ b/src/libstrongswan/collections/linked_list.c @@ -47,6 +47,17 @@ struct element_t { element_t *next; }; +/* + * Described in header + */ +bool linked_list_match_str(void *item, va_list args) +{ + char *a = item, *b; + + VA_ARGS_VGET(args, b); + return streq(a, b); +} + /** * Creates an empty linked list object. */ @@ -119,8 +130,12 @@ struct private_enumerator_t { }; METHOD(enumerator_t, enumerate, bool, - private_enumerator_t *this, void **item) + private_enumerator_t *this, va_list args) { + void **item; + + VA_ARGS_VGET(args, item); + if (this->finished) { return FALSE; @@ -152,7 +167,8 @@ METHOD(linked_list_t, create_enumerator, enumerator_t*, INIT(enumerator, .enumerator = { - .enumerate = (void*)_enumerate, + .enumerate = enumerator_enumerate_default, + .venumerate = _enumerate, .destroy = (void*)free, }, .list = this, @@ -366,52 +382,68 @@ METHOD(linked_list_t, remove_at, void, } } -METHOD(linked_list_t, find_first, status_t, - private_linked_list_t *this, linked_list_match_t match, - void **item, void *d1, void *d2, void *d3, void *d4, void *d5) +METHOD(linked_list_t, find_first, bool, + private_linked_list_t *this, linked_list_match_t match, void **item, ...) { element_t *current = this->first; + va_list args; + bool matched = FALSE; + + if (!match && !item) + { + return FALSE; + } while (current) { - if ((match && match(current->value, d1, d2, d3, d4, d5)) || - (!match && item && current->value == *item)) + if (match) + { + va_start(args, item); + matched = match(current->value, args); + va_end(args); + } + else + { + matched = current->value == *item; + } + if (matched) { if (item != NULL) { *item = current->value; } - return SUCCESS; + return TRUE; } current = current->next; } - return NOT_FOUND; + return FALSE; } METHOD(linked_list_t, invoke_offset, void, - private_linked_list_t *this, size_t offset, - void *d1, void *d2, void *d3, void *d4, void *d5) + private_linked_list_t *this, size_t offset) { element_t *current = this->first; - linked_list_invoke_t *method; + void (**method)(void*); while (current) { method = current->value + offset; - (*method)(current->value, d1, d2, d3, d4, d5); + (*method)(current->value); current = current->next; } } METHOD(linked_list_t, invoke_function, void, - private_linked_list_t *this, linked_list_invoke_t fn, - void *d1, void *d2, void *d3, void *d4, void *d5) + private_linked_list_t *this, linked_list_invoke_t fn, ...) { element_t *current = this->first; + va_list args; while (current) { - fn(current->value, d1, d2, d3, d4, d5); + va_start(args, fn); + fn(current->value, args); + va_end(args); current = current->next; } } @@ -542,7 +574,7 @@ linked_list_t *linked_list_create() .reset_enumerator = (void*)_reset_enumerator, .get_first = _get_first, .get_last = _get_last, - .find_first = (void*)_find_first, + .find_first = _find_first, .insert_first = _insert_first, .insert_last = _insert_last, .insert_before = (void*)_insert_before, @@ -550,8 +582,8 @@ linked_list_t *linked_list_create() .remove_last = _remove_last, .remove = _remove_, .remove_at = (void*)_remove_at, - .invoke_offset = (void*)_invoke_offset, - .invoke_function = (void*)_invoke_function, + .invoke_offset = _invoke_offset, + .invoke_function = _invoke_function, .clone_offset = _clone_offset, .equals_offset = _equals_offset, .equals_function = _equals_function, diff --git a/src/libstrongswan/collections/linked_list.h b/src/libstrongswan/collections/linked_list.h index 0b73079d3..246b9a5c5 100644 --- a/src/libstrongswan/collections/linked_list.h +++ b/src/libstrongswan/collections/linked_list.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2007-2015 Tobias Brunner + * Copyright (C) 2007-2017 Tobias Brunner * Copyright (C) 2005-2008 Martin Willi * Copyright (C) 2005 Jan Hutter * Hochschule fuer Technik Rapperswil @@ -28,23 +28,30 @@ typedef struct linked_list_t linked_list_t; #include /** - * Method to match elements in a linked list (used in find_* functions) + * Function to match elements in a linked list * * @param item current list item - * @param ... user supplied data (only pointers, at most 5) + * @param args user supplied data + * @return TRUE, if the item matched, FALSE otherwise + */ +typedef bool (*linked_list_match_t)(void *item, va_list args); + +/** + * Helper function to match a string in a linked list of strings + * + * @param item list item (char*) + * @param args user supplied data (char*) * @return - * - TRUE, if the item matched - * - FALSE, otherwise */ -typedef bool (*linked_list_match_t)(void *item, ...); +bool linked_list_match_str(void *item, va_list args); /** - * Method to be invoked on elements in a linked list (used in invoke_* functions) + * Function to be invoked on elements in a linked list * * @param item current list item - * @param ... user supplied data (only pointers, at most 5) + * @param args user supplied data */ -typedef void (*linked_list_invoke_t)(void *item, ...); +typedef void (*linked_list_invoke_t)(void *item, va_list args); /** * Class implementing a double linked list. @@ -167,21 +174,20 @@ struct linked_list_t { * * The first object passed to the match function is the current list item, * followed by the user supplied data. - * If the supplied function returns TRUE this function returns SUCCESS, and - * the current object is returned in the third parameter, otherwise, + * If the supplied function returns TRUE so does this function, and the + * current object is returned in the third parameter (if given), otherwise, * the next item is checked. * * If match is NULL, *item and the current object are compared. * - * @warning Only use pointers as user supplied data. - * * @param match comparison function to call on each object, or NULL - * @param item the list item, if found - * @param ... user data to supply to match function (limited to 5 arguments) - * @return SUCCESS if found, NOT_FOUND otherwise + * @param item the list item, if found, or NULL + * @param ... user data to supply to match function + * @return TRUE if found, FALSE otherwise (or if neither match, + * nor item is supplied) */ - status_t (*find_first) (linked_list_t *this, linked_list_match_t match, - void **item, ...); + bool (*find_first)(linked_list_t *this, linked_list_match_t match, + void **item, ...); /** * Invoke a method on all of the contained objects. @@ -192,22 +198,18 @@ struct linked_list_t { * which can be evalutated at compile time using the offsetof * macro, e.g.: list->invoke(list, offsetof(object_t, method)); * - * @warning Only use pointers as user supplied data. - * * @param offset offset of the method to invoke on objects - * @param ... user data to supply to called function (limited to 5 arguments) */ - void (*invoke_offset) (linked_list_t *this, size_t offset, ...); + void (*invoke_offset)(linked_list_t *this, size_t offset); /** * Invoke a function on all of the contained objects. * - * @warning Only use pointers as user supplied data. - * - * @param function offset of the method to invoke on objects - * @param ... user data to supply to called function (limited to 5 arguments) + * @param function function to call for each object + * @param ... user data to supply to called function */ - void (*invoke_function) (linked_list_t *this, linked_list_invoke_t function, ...); + void (*invoke_function)(linked_list_t *this, linked_list_invoke_t function, + ...); /** * Clones a list and its objects using the objects' clone method. diff --git a/src/libstrongswan/credentials/auth_cfg.c b/src/libstrongswan/credentials/auth_cfg.c index 8a3e659fd..a9c8b3904 100644 --- a/src/libstrongswan/credentials/auth_cfg.c +++ b/src/libstrongswan/credentials/auth_cfg.c @@ -146,12 +146,14 @@ typedef struct { bool enumerated[AUTH_RULE_MAX]; } entry_enumerator_t; -/** - * enumerate function for item_enumerator_t - */ -static bool enumerate(entry_enumerator_t *this, auth_rule_t *type, void **value) +METHOD(enumerator_t, enumerate, bool, + entry_enumerator_t *this, va_list args) { + auth_rule_t *type; entry_t *entry; + void **value; + + VA_ARGS_VGET(args, type, value); while (this->inner->enumerate(this->inner, &entry)) { @@ -174,10 +176,8 @@ static bool enumerate(entry_enumerator_t *this, auth_rule_t *type, void **value) return FALSE; } -/** - * destroy function for item_enumerator_t - */ -static void entry_enumerator_destroy(entry_enumerator_t *this) +METHOD(enumerator_t, entry_enumerator_destroy, void, + entry_enumerator_t *this) { this->inner->destroy(this->inner); free(this); @@ -190,8 +190,9 @@ METHOD(auth_cfg_t, create_enumerator, enumerator_t*, INIT(enumerator, .public = { - .enumerate = (void*)enumerate, - .destroy = (void*)entry_enumerator_destroy, + .enumerate = enumerator_enumerate_default, + .venumerate = _enumerate, + .destroy = _entry_enumerator_destroy, }, .inner = array_create_enumerator(this->entries), ); diff --git a/src/libstrongswan/credentials/credential_factory.c b/src/libstrongswan/credentials/credential_factory.c index 94c7820e1..07e6ea343 100644 --- a/src/libstrongswan/credentials/credential_factory.c +++ b/src/libstrongswan/credentials/credential_factory.c @@ -163,17 +163,23 @@ METHOD(credential_factory_t, create, void*, return construct; } -/** - * Filter function for builder enumerator - */ -static bool builder_filter(void *null, entry_t **entry, credential_type_t *type, - void *dummy1, int *subtype) +CALLBACK(builder_filter, bool, + void *null, enumerator_t *orig, va_list args) { - if ((*entry)->final) + entry_t *entry; + credential_type_t *type; + int *subtype; + + VA_ARGS_VGET(args, type, subtype); + + while (orig->enumerate(orig, &entry)) { - *type = (*entry)->type; - *subtype = (*entry)->subtype; - return TRUE; + if (entry->final) + { + *type = entry->type; + *subtype = entry->subtype; + return TRUE; + } } return FALSE; } @@ -184,7 +190,7 @@ METHOD(credential_factory_t, create_builder_enumerator, enumerator_t*, this->lock->read_lock(this->lock); return enumerator_create_filter( this->constructors->create_enumerator(this->constructors), - (void*)builder_filter, this->lock, (void*)this->lock->unlock); + builder_filter, this->lock, (void*)this->lock->unlock); } METHOD(credential_factory_t, destroy, void, diff --git a/src/libstrongswan/credentials/credential_manager.c b/src/libstrongswan/credentials/credential_manager.c index 95c5cd777..0a8d3d101 100644 --- a/src/libstrongswan/credentials/credential_manager.c +++ b/src/libstrongswan/credentials/credential_manager.c @@ -155,8 +155,12 @@ METHOD(credential_manager_t, call_hook, void, } METHOD(enumerator_t, sets_enumerate, bool, - sets_enumerator_t *this, credential_set_t **set) + sets_enumerator_t *this, va_list args) { + credential_set_t **set; + + VA_ARGS_VGET(args, set); + if (this->exclusive) { if (this->exclusive->enumerate(this->exclusive, set)) @@ -166,19 +170,19 @@ METHOD(enumerator_t, sets_enumerate, bool, return TRUE; } } - if (this->global) + if (this->local) { - if (this->global->enumerate(this->global, set)) + if (this->local->enumerate(this->local, set)) { return TRUE; } - /* end of global sets, look for local */ - this->global->destroy(this->global); - this->global = NULL; + /* end of local sets, look for global */ + this->local->destroy(this->local); + this->local = NULL; } - if (this->local) + if (this->global) { - return this->local->enumerate(this->local, set); + return this->global->enumerate(this->global, set); } return FALSE; } @@ -202,7 +206,8 @@ static enumerator_t *create_sets_enumerator(private_credential_manager_t *this) INIT(enumerator, .public = { - .enumerate = (void*)_sets_enumerate, + .enumerate = enumerator_enumerate_default, + .venumerate = _sets_enumerate, .destroy = _sets_destroy, }, ); @@ -807,11 +812,12 @@ static bool verify_trust_chain(private_credential_manager_t *this, return trusted; } -/** - * List find match function for certificates - */ -static bool cert_equals(certificate_t *a, certificate_t *b) +CALLBACK(cert_equals, bool, + certificate_t *a, va_list args) { + certificate_t *b; + + VA_ARGS_VGET(args, b); return a->equals(a, b); } @@ -840,9 +846,12 @@ typedef struct { } trusted_enumerator_t; METHOD(enumerator_t, trusted_enumerate, bool, - trusted_enumerator_t *this, certificate_t **cert, auth_cfg_t **auth) + trusted_enumerator_t *this, va_list args) { - certificate_t *current; + certificate_t *current, **cert; + auth_cfg_t **auth; + + VA_ARGS_VGET(args, cert, auth); DESTROY_IF(this->auth); this->auth = auth_cfg_create(); @@ -888,8 +897,7 @@ METHOD(enumerator_t, trusted_enumerate, bool, continue; } - if (this->failed->find_first(this->failed, (void*)cert_equals, - NULL, current) == SUCCESS) + if (this->failed->find_first(this->failed, cert_equals, NULL, current)) { /* check each candidate only once */ continue; } @@ -931,7 +939,8 @@ METHOD(credential_manager_t, create_trusted_enumerator, enumerator_t*, INIT(enumerator, .public = { - .enumerate = (void*)_trusted_enumerate, + .enumerate = enumerator_enumerate_default, + .venumerate = _trusted_enumerate, .destroy = _trusted_destroy, }, .this = this, @@ -960,9 +969,13 @@ typedef struct { } public_enumerator_t; METHOD(enumerator_t, public_enumerate, bool, - public_enumerator_t *this, public_key_t **key, auth_cfg_t **auth) + public_enumerator_t *this, va_list args) { certificate_t *cert; + public_key_t **key; + auth_cfg_t **auth; + + VA_ARGS_VGET(args, key, auth); while (this->inner->enumerate(this->inner, &cert, auth)) { @@ -1001,7 +1014,8 @@ METHOD(credential_manager_t, create_public_enumerator, enumerator_t*, INIT(enumerator, .public = { - .enumerate = (void*)_public_enumerate, + .enumerate = enumerator_enumerate_default, + .venumerate = _public_enumerate, .destroy = _public_destroy, }, .inner = create_trusted_enumerator(this, type, id, online), diff --git a/src/libstrongswan/credentials/keys/public_key.c b/src/libstrongswan/credentials/keys/public_key.c index 2c76ad680..87f7e6664 100644 --- a/src/libstrongswan/credentials/keys/public_key.c +++ b/src/libstrongswan/credentials/keys/public_key.c @@ -272,8 +272,12 @@ typedef struct { } private_enumerator_t; METHOD(enumerator_t, signature_schemes_enumerate, bool, - private_enumerator_t *this, signature_scheme_t *scheme) + private_enumerator_t *this, va_list args) { + signature_scheme_t *scheme; + + VA_ARGS_VGET(args, scheme); + while (++this->index < countof(scheme_map)) { if (this->type == scheme_map[this->index].type && @@ -296,7 +300,8 @@ enumerator_t *signature_schemes_for_key(key_type_t type, int size) INIT(this, .public = { - .enumerate = (void*)_signature_schemes_enumerate, + .enumerate = enumerator_enumerate_default, + .venumerate = _signature_schemes_enumerate, .destroy = (void*)free, }, .index = -1, diff --git a/src/libstrongswan/credentials/sets/auth_cfg_wrapper.c b/src/libstrongswan/credentials/sets/auth_cfg_wrapper.c index 8393d5b18..1cd4b9d03 100644 --- a/src/libstrongswan/credentials/sets/auth_cfg_wrapper.c +++ b/src/libstrongswan/credentials/sets/auth_cfg_wrapper.c @@ -112,15 +112,15 @@ static bool fetch_cert(wrapper_enumerator_t *enumerator, return TRUE; } -/** - * enumerate function for wrapper_enumerator_t - */ -static bool enumerate(wrapper_enumerator_t *this, certificate_t **cert) +METHOD(enumerator_t, enumerate, bool, + wrapper_enumerator_t *this, va_list args) { auth_rule_t rule; - certificate_t *current; + certificate_t *current, **cert; public_key_t *public; + VA_ARGS_VGET(args, cert); + while (this->inner->enumerate(this->inner, &rule, ¤t)) { if (rule == AUTH_HELPER_IM_HASH_URL || @@ -164,10 +164,8 @@ static bool enumerate(wrapper_enumerator_t *this, certificate_t **cert) return FALSE; } -/** - * destroy function for wrapper_enumerator_t - */ -static void wrapper_enumerator_destroy(wrapper_enumerator_t *this) +METHOD(enumerator_t, wrapper_enumerator_destroy, void, + wrapper_enumerator_t *this) { this->inner->destroy(this->inner); free(this); @@ -183,14 +181,18 @@ METHOD(credential_set_t, create_enumerator, enumerator_t*, { return NULL; } - enumerator = malloc_thing(wrapper_enumerator_t); - enumerator->auth = this->auth; - enumerator->cert = cert; - enumerator->key = key; - enumerator->id = id; - enumerator->inner = this->auth->create_enumerator(this->auth); - enumerator->public.enumerate = (void*)enumerate; - enumerator->public.destroy = (void*)wrapper_enumerator_destroy; + INIT(enumerator, + .public = { + .enumerate = enumerator_enumerate_default, + .venumerate = _enumerate, + .destroy = _wrapper_enumerator_destroy, + }, + .auth = this->auth, + .cert = cert, + .key = key, + .id = id, + .inner = this->auth->create_enumerator(this->auth), + ); return &enumerator->public; } diff --git a/src/libstrongswan/credentials/sets/callback_cred.c b/src/libstrongswan/credentials/sets/callback_cred.c index bff33f029..0d72452da 100644 --- a/src/libstrongswan/credentials/sets/callback_cred.c +++ b/src/libstrongswan/credentials/sets/callback_cred.c @@ -60,9 +60,12 @@ typedef struct { } shared_enumerator_t; METHOD(enumerator_t, shared_enumerate, bool, - shared_enumerator_t *this, shared_key_t **out, - id_match_t *match_me, id_match_t *match_other) + shared_enumerator_t *this, va_list args) { + shared_key_t **out; + id_match_t *match_me, *match_other; + + VA_ARGS_VGET(args, out, match_me, match_other); DESTROY_IF(this->current); this->current = this->this->cb.shared(this->this->data, this->type, this->me, this->other, match_me, match_other); @@ -89,7 +92,8 @@ METHOD(credential_set_t, create_shared_enumerator, enumerator_t*, INIT(enumerator, .public = { - .enumerate = (void*)_shared_enumerate, + .enumerate = enumerator_enumerate_default, + .venumerate = _shared_enumerate, .destroy = _shared_destroy, }, .this = this, diff --git a/src/libstrongswan/credentials/sets/cert_cache.c b/src/libstrongswan/credentials/sets/cert_cache.c index 24fdb194b..92d5efdc6 100644 --- a/src/libstrongswan/credentials/sets/cert_cache.c +++ b/src/libstrongswan/credentials/sets/cert_cache.c @@ -252,13 +252,14 @@ typedef struct { int locked; } cert_enumerator_t; -/** - * filter function for certs enumerator - */ -static bool cert_enumerate(cert_enumerator_t *this, certificate_t **out) +METHOD(enumerator_t, cert_enumerate, bool, + cert_enumerator_t *this, va_list args) { public_key_t *public; relation_t *rel; + certificate_t **out; + + VA_ARGS_VGET(args, out); if (this->locked >= 0) { @@ -311,10 +312,8 @@ static bool cert_enumerate(cert_enumerator_t *this, certificate_t **out) return FALSE; } -/** - * clean up enumeration data - */ -static void cert_enumerator_destroy(cert_enumerator_t *this) +METHOD(enumerator_t, cert_enumerator_destroy, void, + cert_enumerator_t *this) { relation_t *rel; @@ -336,16 +335,19 @@ METHOD(credential_set_t, create_enumerator, enumerator_t*, { return NULL; } - enumerator = malloc_thing(cert_enumerator_t); - enumerator->public.enumerate = (void*)cert_enumerate; - enumerator->public.destroy = (void*)cert_enumerator_destroy; - enumerator->cert = cert; - enumerator->key = key; - enumerator->id = id; - enumerator->relations = this->relations; - enumerator->index = -1; - enumerator->locked = -1; - + INIT(enumerator, + .public = { + .enumerate = enumerator_enumerate_default, + .venumerate = _cert_enumerate, + .destroy = _cert_enumerator_destroy, + }, + .cert = cert, + .key = key, + .id = id, + .relations = this->relations, + .index = -1, + .locked = -1, + ); return &enumerator->public; } diff --git a/src/libstrongswan/credentials/sets/mem_cred.c b/src/libstrongswan/credentials/sets/mem_cred.c index 53e035f98..4d594e439 100644 --- a/src/libstrongswan/credentials/sets/mem_cred.c +++ b/src/libstrongswan/credentials/sets/mem_cred.c @@ -74,25 +74,27 @@ typedef struct { identification_t *id; } cert_data_t; -/** - * destroy cert_data - */ -static void cert_data_destroy(cert_data_t *data) +CALLBACK(cert_data_destroy, void, + cert_data_t *data) { data->lock->unlock(data->lock); free(data); } -/** - * filter function for certs enumerator - */ -static bool certs_filter(cert_data_t *data, certificate_t **in, certificate_t **out) +CALLBACK(certs_filter, bool, + cert_data_t *data, enumerator_t *orig, va_list args) { public_key_t *public; - certificate_t *cert = *in; + certificate_t *cert, **out; + + VA_ARGS_VGET(args, out); - if (data->cert == CERT_ANY || data->cert == cert->get_type(cert)) + while (orig->enumerate(orig, &cert)) { + if (data->cert != CERT_ANY && data->cert != cert->get_type(cert)) + { + continue; + } public = cert->get_public_key(cert); if (public) { @@ -102,7 +104,7 @@ static bool certs_filter(cert_data_t *data, certificate_t **in, certificate_t ** data->id->get_encoding(data->id))) { public->destroy(public); - *out = *in; + *out = cert; return TRUE; } } @@ -110,11 +112,11 @@ static bool certs_filter(cert_data_t *data, certificate_t **in, certificate_t ** } else if (data->key != KEY_ANY) { - return FALSE; + continue; } - if (data->id == NULL || cert->has_subject(cert, data->id)) + if (!data->id || cert->has_subject(cert, data->id)) { - *out = *in; + *out = cert; return TRUE; } } @@ -143,12 +145,16 @@ METHOD(credential_set_t, create_cert_enumerator, enumerator_t*, { enumerator = this->untrusted->create_enumerator(this->untrusted); } - return enumerator_create_filter(enumerator, (void*)certs_filter, data, - (void*)cert_data_destroy); + return enumerator_create_filter(enumerator, certs_filter, data, + cert_data_destroy); } -static bool certificate_equals(certificate_t *item, certificate_t *cert) +CALLBACK(certificate_equals, bool, + certificate_t *item, va_list args) { + certificate_t *cert; + + VA_ARGS_VGET(args, cert); return item->equals(item, cert); } @@ -161,9 +167,8 @@ static certificate_t *add_cert_internal(private_mem_cred_t *this, bool trusted, { certificate_t *cached; this->lock->write_lock(this->lock); - if (this->untrusted->find_first(this->untrusted, - (linked_list_match_t)certificate_equals, - (void**)&cached, cert) == SUCCESS) + if (this->untrusted->find_first(this->untrusted, certificate_equals, + (void**)&cached, cert)) { cert->destroy(cert); cert = cached->get_ref(cached); @@ -199,9 +204,8 @@ METHOD(mem_cred_t, get_cert_ref, certificate_t*, certificate_t *cached; this->lock->read_lock(this->lock); - if (this->untrusted->find_first(this->untrusted, - (linked_list_match_t)certificate_equals, - (void**)&cached, cert) == SUCCESS) + if (this->untrusted->find_first(this->untrusted, certificate_equals, + (void**)&cached, cert)) { cert->destroy(cert); cert = cached->get_ref(cached); @@ -301,30 +305,30 @@ typedef struct { identification_t *id; } key_data_t; -/** - * Destroy key enumerator data - */ -static void key_data_destroy(key_data_t *data) +CALLBACK(key_data_destroy, void, + key_data_t *data) { data->lock->unlock(data->lock); free(data); } -/** - * filter function for private key enumerator - */ -static bool key_filter(key_data_t *data, private_key_t **in, private_key_t **out) +CALLBACK(key_filter, bool, + key_data_t *data, enumerator_t *orig, va_list args) { - private_key_t *key; + private_key_t *key, **out; + + VA_ARGS_VGET(args, out); - key = *in; - if (data->type == KEY_ANY || data->type == key->get_type(key)) + while (orig->enumerate(orig, &key)) { - if (data->id == NULL || - key->has_fingerprint(key, data->id->get_encoding(data->id))) + if (data->type == KEY_ANY || data->type == key->get_type(key)) { - *out = key; - return TRUE; + if (data->id == NULL || + key->has_fingerprint(key, data->id->get_encoding(data->id))) + { + *out = key; + return TRUE; + } } } return FALSE; @@ -342,7 +346,7 @@ METHOD(credential_set_t, create_private_enumerator, enumerator_t*, ); this->lock->read_lock(this->lock); return enumerator_create_filter(this->keys->create_enumerator(this->keys), - (void*)key_filter, data, (void*)key_data_destroy); + key_filter, data, key_data_destroy); } METHOD(mem_cred_t, add_key, void, @@ -468,10 +472,8 @@ typedef struct { shared_key_type_t type; } shared_data_t; -/** - * free shared key enumerator data and unlock list - */ -static void shared_data_destroy(shared_data_t *data) +CALLBACK(shared_data_destroy, void, + shared_data_t *data) { data->lock->unlock(data->lock); free(data); @@ -499,44 +501,47 @@ static id_match_t has_owner(shared_entry_t *entry, identification_t *owner) return best; } -/** - * enumerator filter function for shared entries - */ -static bool shared_filter(shared_data_t *data, - shared_entry_t **in, shared_key_t **out, - void **unused1, id_match_t *me, - void **unused2, id_match_t *other) +CALLBACK(shared_filter, bool, + shared_data_t *data, enumerator_t *orig, va_list args) { id_match_t my_match = ID_MATCH_NONE, other_match = ID_MATCH_NONE; - shared_entry_t *entry = *in; + shared_entry_t *entry; + shared_key_t **out; + id_match_t *me, *other; - if (data->type != SHARED_ANY && - entry->shared->get_type(entry->shared) != data->type) - { - return FALSE; - } - if (data->me) - { - my_match = has_owner(entry, data->me); - } - if (data->other) - { - other_match = has_owner(entry, data->other); - } - if ((data->me || data->other) && (!my_match && !other_match)) - { - return FALSE; - } - *out = entry->shared; - if (me) - { - *me = my_match; - } - if (other) + VA_ARGS_VGET(args, out, me, other); + + while (orig->enumerate(orig, &entry)) { - *other = other_match; + if (data->type != SHARED_ANY && + entry->shared->get_type(entry->shared) != data->type) + { + continue; + } + if (data->me) + { + my_match = has_owner(entry, data->me); + } + if (data->other) + { + other_match = has_owner(entry, data->other); + } + if ((data->me || data->other) && (!my_match && !other_match)) + { + continue; + } + *out = entry->shared; + if (me) + { + *me = my_match; + } + if (other) + { + *other = other_match; + } + return TRUE; } - return TRUE; + return FALSE; } METHOD(credential_set_t, create_shared_enumerator, enumerator_t*, @@ -554,7 +559,7 @@ METHOD(credential_set_t, create_shared_enumerator, enumerator_t*, data->lock->read_lock(data->lock); return enumerator_create_filter( this->shared->create_enumerator(this->shared), - (void*)shared_filter, data, (void*)shared_data_destroy); + shared_filter, data, shared_data_destroy); } METHOD(mem_cred_t, add_shared_unique, void, @@ -648,23 +653,27 @@ METHOD(mem_cred_t, remove_shared_unique, void, this->lock->unlock(this->lock); } -/** - * Filter unique ids of shared keys (ingore secrets without unique id) - */ -static bool unique_filter(void *unused, - shared_entry_t **in, char **id) +CALLBACK(unique_filter, bool, + void *unused, enumerator_t *orig, va_list args) { - shared_entry_t *entry = *in; + shared_entry_t *entry; + char **id; - if (!entry->id) - { - return FALSE; - } - if (id) + VA_ARGS_VGET(args, id); + + while (orig->enumerate(orig, &entry)) { - *id = entry->id; + if (!entry->id) + { + continue; + } + if (id) + { + *id = entry->id; + } + return TRUE; } - return TRUE; + return FALSE; } METHOD(mem_cred_t, create_unique_shared_enumerator, enumerator_t*, @@ -673,7 +682,7 @@ METHOD(mem_cred_t, create_unique_shared_enumerator, enumerator_t*, this->lock->read_lock(this->lock); return enumerator_create_filter( this->shared->create_enumerator(this->shared), - (void*)unique_filter, this->lock, + unique_filter, this->lock, (void*)this->lock->unlock); } @@ -721,30 +730,35 @@ typedef struct { rwlock_t *lock; } cdp_data_t; -/** - * Clean up CDP enumerator data - */ -static void cdp_data_destroy(cdp_data_t *data) +CALLBACK(cdp_data_destroy, void, + cdp_data_t *data) { data->lock->unlock(data->lock); free(data); } -/** - * CDP enumerator filter - */ -static bool cdp_filter(cdp_data_t *data, cdp_t **cdp, char **uri) +CALLBACK(cdp_filter, bool, + cdp_data_t *data, enumerator_t *orig, va_list args) { - if (data->type != CERT_ANY && data->type != (*cdp)->type) - { - return FALSE; - } - if (data->id && !(*cdp)->id->matches((*cdp)->id, data->id)) + cdp_t *cdp; + char **uri; + + VA_ARGS_VGET(args, uri); + + while (orig->enumerate(orig, &cdp)) { - return FALSE; + if (data->type != CERT_ANY && data->type != cdp->type) + { + continue; + } + if (data->id && !cdp->id->matches(cdp->id, data->id)) + { + continue; + } + *uri = cdp->uri; + return TRUE; } - *uri = (*cdp)->uri; - return TRUE; + return FALSE; } METHOD(credential_set_t, create_cdp_enumerator, enumerator_t*, @@ -759,7 +773,7 @@ METHOD(credential_set_t, create_cdp_enumerator, enumerator_t*, ); this->lock->read_lock(this->lock); return enumerator_create_filter(this->cdps->create_enumerator(this->cdps), - (void*)cdp_filter, data, (void*)cdp_data_destroy); + cdp_filter, data, cdp_data_destroy); } diff --git a/src/libstrongswan/credentials/sets/mem_cred.h b/src/libstrongswan/credentials/sets/mem_cred.h index 135515260..f55c3ccdf 100644 --- a/src/libstrongswan/credentials/sets/mem_cred.h +++ b/src/libstrongswan/credentials/sets/mem_cred.h @@ -62,7 +62,7 @@ struct mem_cred_t { /** * Get an existing reference to the same certificate. * - * Searches for the same certficate in the set, and returns a reference + * Searches for the same certificate in the set, and returns a reference * to it, destroying the passed certificate. If the passed certificate * is not found, it is just returned. * diff --git a/src/libstrongswan/credentials/sets/ocsp_response_wrapper.c b/src/libstrongswan/credentials/sets/ocsp_response_wrapper.c index 151d69216..12d3f8156 100644 --- a/src/libstrongswan/credentials/sets/ocsp_response_wrapper.c +++ b/src/libstrongswan/credentials/sets/ocsp_response_wrapper.c @@ -49,14 +49,15 @@ typedef struct { identification_t *id; } wrapper_enumerator_t; -/** - * enumerate function wrapper_enumerator_t - */ -static bool enumerate(wrapper_enumerator_t *this, certificate_t **cert) +METHOD(enumerator_t, enumerate, bool, + wrapper_enumerator_t *this, va_list args) { - certificate_t *current; + certificate_t *current, **cert; public_key_t *public; + + VA_ARGS_VGET(args, cert); + while (this->inner->enumerate(this->inner, ¤t)) { if (this->cert != CERT_ANY && this->cert != current->get_type(current)) @@ -85,10 +86,8 @@ static bool enumerate(wrapper_enumerator_t *this, certificate_t **cert) return FALSE; } -/** - * destroy function for wrapper_enumerator_t - */ -static void enumerator_destroy(wrapper_enumerator_t *this) +METHOD(enumerator_t, enumerator_destroy, void, + wrapper_enumerator_t *this) { this->inner->destroy(this->inner); free(this); @@ -105,13 +104,17 @@ METHOD(credential_set_t, create_enumerator, enumerator_t*, return NULL; } - enumerator = malloc_thing(wrapper_enumerator_t); - enumerator->cert = cert; - enumerator->key = key; - enumerator->id = id; - enumerator->inner = this->response->create_cert_enumerator(this->response); - enumerator->public.enumerate = (void*)enumerate; - enumerator->public.destroy = (void*)enumerator_destroy; + INIT(enumerator, + .public = { + .enumerate = enumerator_enumerate_default, + .venumerate = _enumerate, + .destroy = _enumerator_destroy, + }, + .cert = cert, + .key = key, + .id = id, + .inner = this->response->create_cert_enumerator(this->response), + ); return &enumerator->public; } diff --git a/src/libstrongswan/crypto/crypto_factory.c b/src/libstrongswan/crypto/crypto_factory.c index bab59a06f..096bcbc9c 100644 --- a/src/libstrongswan/crypto/crypto_factory.c +++ b/src/libstrongswan/crypto/crypto_factory.c @@ -811,51 +811,66 @@ METHOD(crypto_factory_t, remove_dh, void, this->lock->unlock(this->lock); } -/** - * match algorithms of an entry? - */ -static bool entry_match(entry_t *a, entry_t *b) +CALLBACK(entry_match, bool, + entry_t *a, va_list args) { + entry_t *b; + + VA_ARGS_VGET(args, b); return a->algo == b->algo; } -/** - * check for uniqueness of an entry - */ -static bool unique_check(linked_list_t *list, entry_t **in, entry_t **out) +CALLBACK(unique_check, bool, + linked_list_t *list, enumerator_t *orig, va_list args) { - if (list->find_first(list, (void*)entry_match, NULL, *in) == SUCCESS) + entry_t *entry, **out; + + VA_ARGS_VGET(args, out); + + while (orig->enumerate(orig, &entry)) { - return FALSE; + if (list->find_first(list, entry_match, NULL, entry)) + { + continue; + } + *out = entry; + list->insert_last(list, entry); + return TRUE; } - *out = *in; - list->insert_last(list, *in); - return TRUE; + return FALSE; } /** * create an enumerator over entry->algo in list with locking and unique check */ static enumerator_t *create_enumerator(private_crypto_factory_t *this, - linked_list_t *list, void *filter) + linked_list_t *list, + bool (*filter)(void*,enumerator_t*,va_list)) { this->lock->read_lock(this->lock); return enumerator_create_filter( enumerator_create_filter( - list->create_enumerator(list), (void*)unique_check, + list->create_enumerator(list), unique_check, linked_list_create(), (void*)list->destroy), filter, this->lock, (void*)this->lock->unlock); } -/** - * Filter function to enumerate algorithm, not entry - */ -static bool crypter_filter(void *n, entry_t **entry, encryption_algorithm_t *algo, - void *i2, const char **plugin_name) +CALLBACK(crypter_filter, bool, + void *n, enumerator_t *orig, va_list args) { - *algo = (*entry)->algo; - *plugin_name = (*entry)->plugin_name; - return TRUE; + entry_t *entry; + encryption_algorithm_t *algo; + const char **plugin_name; + + VA_ARGS_VGET(args, algo, plugin_name); + + if (orig->enumerate(orig, &entry)) + { + *algo = entry->algo; + *plugin_name = entry->plugin_name; + return TRUE; + } + return FALSE; } METHOD(crypto_factory_t, create_crypter_enumerator, enumerator_t*, @@ -870,15 +885,22 @@ METHOD(crypto_factory_t, create_aead_enumerator, enumerator_t*, return create_enumerator(this, this->aeads, crypter_filter); } -/** - * Filter function to enumerate algorithm, not entry - */ -static bool signer_filter(void *n, entry_t **entry, integrity_algorithm_t *algo, - void *i2, const char **plugin_name) +CALLBACK(signer_filter, bool, + void *n, enumerator_t *orig, va_list args) { - *algo = (*entry)->algo; - *plugin_name = (*entry)->plugin_name; - return TRUE; + entry_t *entry; + integrity_algorithm_t *algo; + const char **plugin_name; + + VA_ARGS_VGET(args, algo, plugin_name); + + if (orig->enumerate(orig, &entry)) + { + *algo = entry->algo; + *plugin_name = entry->plugin_name; + return TRUE; + } + return FALSE; } METHOD(crypto_factory_t, create_signer_enumerator, enumerator_t*, @@ -887,15 +909,22 @@ METHOD(crypto_factory_t, create_signer_enumerator, enumerator_t*, return create_enumerator(this, this->signers, signer_filter); } -/** - * Filter function to enumerate algorithm, not entry - */ -static bool hasher_filter(void *n, entry_t **entry, hash_algorithm_t *algo, - void *i2, const char **plugin_name) +CALLBACK(hasher_filter, bool, + void *n, enumerator_t *orig, va_list args) { - *algo = (*entry)->algo; - *plugin_name = (*entry)->plugin_name; - return TRUE; + entry_t *entry; + hash_algorithm_t *algo; + const char **plugin_name; + + VA_ARGS_VGET(args, algo, plugin_name); + + if (orig->enumerate(orig, &entry)) + { + *algo = entry->algo; + *plugin_name = entry->plugin_name; + return TRUE; + } + return FALSE; } METHOD(crypto_factory_t, create_hasher_enumerator, enumerator_t*, @@ -904,15 +933,22 @@ METHOD(crypto_factory_t, create_hasher_enumerator, enumerator_t*, return create_enumerator(this, this->hashers, hasher_filter); } -/** - * Filter function to enumerate algorithm, not entry - */ -static bool prf_filter(void *n, entry_t **entry, pseudo_random_function_t *algo, - void *i2, const char **plugin_name) +CALLBACK(prf_filter, bool, + void *n, enumerator_t *orig, va_list args) { - *algo = (*entry)->algo; - *plugin_name = (*entry)->plugin_name; - return TRUE; + entry_t *entry; + pseudo_random_function_t *algo; + const char **plugin_name; + + VA_ARGS_VGET(args, algo, plugin_name); + + if (orig->enumerate(orig, &entry)) + { + *algo = entry->algo; + *plugin_name = entry->plugin_name; + return TRUE; + } + return FALSE; } METHOD(crypto_factory_t, create_prf_enumerator, enumerator_t*, @@ -921,15 +957,22 @@ METHOD(crypto_factory_t, create_prf_enumerator, enumerator_t*, return create_enumerator(this, this->prfs, prf_filter); } -/** - * Filter function to enumerate algorithm, not entry - */ -static bool xof_filter(void *n, entry_t **entry, ext_out_function_t *algo, - void *i2, const char **plugin_name) +CALLBACK(xof_filter, bool, + void *n, enumerator_t *orig, va_list args) { - *algo = (*entry)->algo; - *plugin_name = (*entry)->plugin_name; - return TRUE; + entry_t *entry; + ext_out_function_t *algo; + const char **plugin_name; + + VA_ARGS_VGET(args, algo, plugin_name); + + if (orig->enumerate(orig, &entry)) + { + *algo = entry->algo; + *plugin_name = entry->plugin_name; + return TRUE; + } + return FALSE; } METHOD(crypto_factory_t, create_xof_enumerator, enumerator_t*, @@ -938,15 +981,22 @@ METHOD(crypto_factory_t, create_xof_enumerator, enumerator_t*, return create_enumerator(this, this->xofs, xof_filter); } -/** - * Filter function to enumerate group, not entry - */ -static bool dh_filter(void *n, entry_t **entry, diffie_hellman_group_t *group, - void *i2, const char **plugin_name) +CALLBACK(dh_filter, bool, + void *n, enumerator_t *orig, va_list args) { - *group = (*entry)->algo; - *plugin_name = (*entry)->plugin_name; - return TRUE; + entry_t *entry; + diffie_hellman_group_t *algo; + const char **plugin_name; + + VA_ARGS_VGET(args, algo, plugin_name); + + if (orig->enumerate(orig, &entry)) + { + *algo = entry->algo; + *plugin_name = entry->plugin_name; + return TRUE; + } + return FALSE; } METHOD(crypto_factory_t, create_dh_enumerator, enumerator_t*, @@ -955,15 +1005,22 @@ METHOD(crypto_factory_t, create_dh_enumerator, enumerator_t*, return create_enumerator(this, this->dhs, dh_filter); } -/** - * Filter function to enumerate strength, not entry - */ -static bool rng_filter(void *n, entry_t **entry, rng_quality_t *quality, - void *i2, const char **plugin_name) +CALLBACK(rng_filter, bool, + void *n, enumerator_t *orig, va_list args) { - *quality = (*entry)->algo; - *plugin_name = (*entry)->plugin_name; - return TRUE; + entry_t *entry; + rng_quality_t *algo; + const char **plugin_name; + + VA_ARGS_VGET(args, algo, plugin_name); + + if (orig->enumerate(orig, &entry)) + { + *algo = entry->algo; + *plugin_name = entry->plugin_name; + return TRUE; + } + return FALSE; } METHOD(crypto_factory_t, create_rng_enumerator, enumerator_t*, @@ -972,13 +1029,20 @@ METHOD(crypto_factory_t, create_rng_enumerator, enumerator_t*, return create_enumerator(this, this->rngs, rng_filter); } -/** - * Filter function to enumerate plugin name, not entry - */ -static bool nonce_gen_filter(void *n, entry_t **entry, const char **plugin_name) +CALLBACK(nonce_gen_filter, bool, + void *n, enumerator_t *orig, va_list args) { - *plugin_name = (*entry)->plugin_name; - return TRUE; + entry_t *entry; + const char **plugin_name; + + VA_ARGS_VGET(args, plugin_name); + + if (orig->enumerate(orig, &entry)) + { + *plugin_name = entry->plugin_name; + return TRUE; + } + return FALSE; } METHOD(crypto_factory_t, create_nonce_gen_enumerator, enumerator_t*, @@ -1026,9 +1090,14 @@ typedef struct { } verify_enumerator_t; METHOD(enumerator_t, verify_enumerate, bool, - verify_enumerator_t *this, u_int *alg, const char **plugin, bool *valid) + verify_enumerator_t *this, va_list args) { + const char **plugin; entry_t *entry; + u_int *alg; + bool *valid; + + VA_ARGS_VGET(args, alg, plugin, valid); if (!this->inner->enumerate(this->inner, &entry)) { @@ -1123,7 +1192,8 @@ METHOD(crypto_factory_t, create_verify_enumerator, enumerator_t*, } INIT(enumerator, .public = { - .enumerate = (void*)_verify_enumerate, + .enumerate = enumerator_enumerate_default, + .venumerate = _verify_enumerate, .destroy = _verify_destroy, }, .inner = inner, diff --git a/src/libstrongswan/crypto/hashers/hash_algorithm_set.c b/src/libstrongswan/crypto/hashers/hash_algorithm_set.c index 93b67cb13..4087fe1d9 100644 --- a/src/libstrongswan/crypto/hashers/hash_algorithm_set.c +++ b/src/libstrongswan/crypto/hashers/hash_algorithm_set.c @@ -71,17 +71,26 @@ METHOD(hash_algorithm_set_t, count, int, return array_count(this->algorithms); } -static bool hash_filter(void *data, void **in, hash_algorithm_t *out) +CALLBACK(hash_filter, bool, + void *data, enumerator_t *orig, va_list args) { - *out = **(hash_algorithm_t**)in; - return TRUE; + hash_algorithm_t *algo, *out; + + VA_ARGS_VGET(args, out); + + if (orig->enumerate(orig, &algo)) + { + *out = *algo; + return TRUE; + } + return FALSE; } METHOD(hash_algorithm_set_t, create_enumerator, enumerator_t*, private_hash_algorithm_set_t *this) { return enumerator_create_filter(array_create_enumerator(this->algorithms), - (void*)hash_filter, NULL, NULL); + hash_filter, NULL, NULL); } METHOD(hash_algorithm_set_t, destroy, void, diff --git a/src/libstrongswan/library.c b/src/libstrongswan/library.c index 4f79dcc5b..7944b9356 100644 --- a/src/libstrongswan/library.c +++ b/src/libstrongswan/library.c @@ -93,6 +93,13 @@ void library_add_namespace(char *ns) } } +/** + * Register plugins if built statically + */ +#ifdef STATIC_PLUGIN_CONSTRUCTORS +#include "plugin_constructors.c" +#endif + /** * library instance */ @@ -241,6 +248,8 @@ static bool equals(char *a, char *b) */ #define MEMWIPE_WIPE_WORDS 16 +#ifndef NO_CHECK_MEMWIPE + /** * Write magic to memory, and try to clear it with memwipe() */ @@ -281,6 +290,8 @@ static bool check_memwipe() return TRUE; } +#endif + /* * see header file */ @@ -387,10 +398,12 @@ bool library_init(char *settings, const char *namespace) this->public.streams = stream_manager_create(); this->public.plugins = plugin_loader_create(); +#ifndef NO_CHECK_MEMWIPE if (!check_memwipe()) { return FALSE; } +#endif if (lib->settings->get_bool(lib->settings, "%s.integrity_test", FALSE, lib->ns)) diff --git a/src/libstrongswan/math/libnttfft/Makefile.in b/src/libstrongswan/math/libnttfft/Makefile.in index ff41f9be4..93bd93508 100644 --- a/src/libstrongswan/math/libnttfft/Makefile.in +++ b/src/libstrongswan/math/libnttfft/Makefile.in @@ -349,6 +349,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -371,6 +372,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ diff --git a/src/libstrongswan/math/libnttfft/tests/Makefile.in b/src/libstrongswan/math/libnttfft/tests/Makefile.in index 4f854494b..80ecd3ea7 100644 --- a/src/libstrongswan/math/libnttfft/tests/Makefile.in +++ b/src/libstrongswan/math/libnttfft/tests/Makefile.in @@ -353,6 +353,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -375,6 +376,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ diff --git a/src/libstrongswan/networking/tun_device.c b/src/libstrongswan/networking/tun_device.c index de925553f..86951f1e7 100644 --- a/src/libstrongswan/networking/tun_device.c +++ b/src/libstrongswan/networking/tun_device.c @@ -21,7 +21,16 @@ #include #include -#if !defined(__APPLE__) && !defined(__linux__) && !defined(HAVE_NET_IF_TUN_H) +#if defined(__APPLE__) +#include "TargetConditionals.h" +#if !TARGET_OS_OSX +#define TUN_DEVICE_NOT_SUPPORTED +#endif +#elif !defined(__linux__) && !defined(HAVE_NET_IF_TUN_H) +#define TUN_DEVICE_NOT_SUPPORTED +#endif + +#ifdef TUN_DEVICE_NOT_SUPPORTED tun_device_t *tun_device_create(const char *name_tmpl) { @@ -481,10 +490,25 @@ static bool init_tun(private_tun_device_t *this, const char *name_tmpl) strncpy(this->if_name, ifr.ifr_name, IFNAMSIZ); return TRUE; -#else /* !IFF_TUN */ +#elif defined(__FreeBSD__) + + if (name_tmpl) + { + DBG1(DBG_LIB, "arbitrary naming of TUN devices is not supported"); + } + + this->tunfd = open("/dev/tun", O_RDWR); + if (this->tunfd < 0) + { + DBG1(DBG_LIB, "failed to open /dev/tun: %s", strerror(errno)); + return FALSE; + } + fdevname_r(this->tunfd, this->if_name, IFNAMSIZ); + return TRUE; + +#else /* !__FreeBSD__ */ - /* this works on FreeBSD and might also work on Linux with older TUN - * driver versions (no IFF_TUN) */ + /* this might work on Linux with older TUN driver versions (no IFF_TUN) */ char devname[IFNAMSIZ]; /* the same process is allowed to open a device again, but that's not what * we want (unless we previously closed a device, which we don't know at diff --git a/src/libstrongswan/plugins/acert/Makefile.in b/src/libstrongswan/plugins/acert/Makefile.in index ee69a8914..1dcc0489e 100644 --- a/src/libstrongswan/plugins/acert/Makefile.in +++ b/src/libstrongswan/plugins/acert/Makefile.in @@ -356,6 +356,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -378,6 +379,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ diff --git a/src/libstrongswan/plugins/aes/Makefile.in b/src/libstrongswan/plugins/aes/Makefile.in index 0a8046b67..2b16ae7d2 100644 --- a/src/libstrongswan/plugins/aes/Makefile.in +++ b/src/libstrongswan/plugins/aes/Makefile.in @@ -355,6 +355,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -377,6 +378,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ diff --git a/src/libstrongswan/plugins/aesni/Makefile.in b/src/libstrongswan/plugins/aesni/Makefile.in index ceb86762e..d32e7f55c 100644 --- a/src/libstrongswan/plugins/aesni/Makefile.in +++ b/src/libstrongswan/plugins/aesni/Makefile.in @@ -358,6 +358,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -380,6 +381,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ diff --git a/src/libstrongswan/plugins/af_alg/Makefile.in b/src/libstrongswan/plugins/af_alg/Makefile.in index bad31cace..e93140279 100644 --- a/src/libstrongswan/plugins/af_alg/Makefile.in +++ b/src/libstrongswan/plugins/af_alg/Makefile.in @@ -359,6 +359,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -381,6 +382,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ diff --git a/src/libstrongswan/plugins/af_alg/af_alg_ops.c b/src/libstrongswan/plugins/af_alg/af_alg_ops.c index 7e129300f..2fa68723d 100644 --- a/src/libstrongswan/plugins/af_alg/af_alg_ops.c +++ b/src/libstrongswan/plugins/af_alg/af_alg_ops.c @@ -107,7 +107,7 @@ METHOD(af_alg_ops_t, hash, bool, return TRUE; } -METHOD(af_alg_ops_t, crypt, bool, +METHOD(af_alg_ops_t, crypt_, bool, private_af_alg_ops_t *this, uint32_t type, chunk_t iv, chunk_t data, char *out) { @@ -224,7 +224,7 @@ af_alg_ops_t *af_alg_ops_create(char *type, char *alg) .public = { .hash = _hash, .reset = _reset, - .crypt = _crypt, + .crypt = _crypt_, .set_key = _set_key, .destroy = _destroy, }, diff --git a/src/libstrongswan/plugins/agent/Makefile.in b/src/libstrongswan/plugins/agent/Makefile.in index cd9036b68..a4e7e2931 100644 --- a/src/libstrongswan/plugins/agent/Makefile.in +++ b/src/libstrongswan/plugins/agent/Makefile.in @@ -357,6 +357,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -379,6 +380,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ diff --git a/src/libstrongswan/plugins/bliss/Makefile.in b/src/libstrongswan/plugins/bliss/Makefile.in index 918a018f9..a6caf7bdf 100644 --- a/src/libstrongswan/plugins/bliss/Makefile.in +++ b/src/libstrongswan/plugins/bliss/Makefile.in @@ -380,6 +380,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -402,6 +403,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ diff --git a/src/libstrongswan/plugins/bliss/tests/Makefile.in b/src/libstrongswan/plugins/bliss/tests/Makefile.in index 1964f199f..5dbaf9b9b 100644 --- a/src/libstrongswan/plugins/bliss/tests/Makefile.in +++ b/src/libstrongswan/plugins/bliss/tests/Makefile.in @@ -359,6 +359,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -381,6 +382,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ diff --git a/src/libstrongswan/plugins/blowfish/Makefile.in b/src/libstrongswan/plugins/blowfish/Makefile.in index c2bc5acd9..0876475d0 100644 --- a/src/libstrongswan/plugins/blowfish/Makefile.in +++ b/src/libstrongswan/plugins/blowfish/Makefile.in @@ -358,6 +358,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -380,6 +381,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ diff --git a/src/libstrongswan/plugins/ccm/Makefile.in b/src/libstrongswan/plugins/ccm/Makefile.in index f0065d0b6..5f768ec8c 100644 --- a/src/libstrongswan/plugins/ccm/Makefile.in +++ b/src/libstrongswan/plugins/ccm/Makefile.in @@ -355,6 +355,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -377,6 +378,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ diff --git a/src/libstrongswan/plugins/chapoly/Makefile.in b/src/libstrongswan/plugins/chapoly/Makefile.in index 3e1d634c2..12ad6f1b8 100644 --- a/src/libstrongswan/plugins/chapoly/Makefile.in +++ b/src/libstrongswan/plugins/chapoly/Makefile.in @@ -370,6 +370,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -392,6 +393,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ diff --git a/src/libstrongswan/plugins/cmac/Makefile.in b/src/libstrongswan/plugins/cmac/Makefile.in index 77d68bd5d..c6bb24a91 100644 --- a/src/libstrongswan/plugins/cmac/Makefile.in +++ b/src/libstrongswan/plugins/cmac/Makefile.in @@ -355,6 +355,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -377,6 +378,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ diff --git a/src/libstrongswan/plugins/constraints/Makefile.in b/src/libstrongswan/plugins/constraints/Makefile.in index edd519f12..aa2fd790f 100644 --- a/src/libstrongswan/plugins/constraints/Makefile.in +++ b/src/libstrongswan/plugins/constraints/Makefile.in @@ -358,6 +358,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -380,6 +381,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ diff --git a/src/libstrongswan/plugins/ctr/Makefile.in b/src/libstrongswan/plugins/ctr/Makefile.in index a9d0b2e13..d112676e7 100644 --- a/src/libstrongswan/plugins/ctr/Makefile.in +++ b/src/libstrongswan/plugins/ctr/Makefile.in @@ -355,6 +355,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -377,6 +378,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ diff --git a/src/libstrongswan/plugins/curl/Makefile.in b/src/libstrongswan/plugins/curl/Makefile.in index 996d25885..2aedb2f75 100644 --- a/src/libstrongswan/plugins/curl/Makefile.in +++ b/src/libstrongswan/plugins/curl/Makefile.in @@ -355,6 +355,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -377,6 +378,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ diff --git a/src/libstrongswan/plugins/curve25519/Makefile.in b/src/libstrongswan/plugins/curve25519/Makefile.in index 1fa2b171b..616f3d83b 100644 --- a/src/libstrongswan/plugins/curve25519/Makefile.in +++ b/src/libstrongswan/plugins/curve25519/Makefile.in @@ -362,6 +362,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -384,6 +385,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ diff --git a/src/libstrongswan/plugins/des/Makefile.in b/src/libstrongswan/plugins/des/Makefile.in index b6cedd8e8..c3f3775d2 100644 --- a/src/libstrongswan/plugins/des/Makefile.in +++ b/src/libstrongswan/plugins/des/Makefile.in @@ -355,6 +355,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -377,6 +378,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ diff --git a/src/libstrongswan/plugins/dnskey/Makefile.in b/src/libstrongswan/plugins/dnskey/Makefile.in index 347c69739..26c69e239 100644 --- a/src/libstrongswan/plugins/dnskey/Makefile.in +++ b/src/libstrongswan/plugins/dnskey/Makefile.in @@ -358,6 +358,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -380,6 +381,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ diff --git a/src/libstrongswan/plugins/files/Makefile.in b/src/libstrongswan/plugins/files/Makefile.in index 10cbc6e76..d8c7daec4 100644 --- a/src/libstrongswan/plugins/files/Makefile.in +++ b/src/libstrongswan/plugins/files/Makefile.in @@ -356,6 +356,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -378,6 +379,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ diff --git a/src/libstrongswan/plugins/fips_prf/Makefile.in b/src/libstrongswan/plugins/fips_prf/Makefile.in index 8b5e162ac..45934d79a 100644 --- a/src/libstrongswan/plugins/fips_prf/Makefile.in +++ b/src/libstrongswan/plugins/fips_prf/Makefile.in @@ -357,6 +357,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -379,6 +380,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ diff --git a/src/libstrongswan/plugins/gcm/Makefile.in b/src/libstrongswan/plugins/gcm/Makefile.in index 0f3878fb5..5d6c1a4e9 100644 --- a/src/libstrongswan/plugins/gcm/Makefile.in +++ b/src/libstrongswan/plugins/gcm/Makefile.in @@ -355,6 +355,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -377,6 +378,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ diff --git a/src/libstrongswan/plugins/gcrypt/Makefile.in b/src/libstrongswan/plugins/gcrypt/Makefile.in index ef246f99a..26930dced 100644 --- a/src/libstrongswan/plugins/gcrypt/Makefile.in +++ b/src/libstrongswan/plugins/gcrypt/Makefile.in @@ -359,6 +359,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -381,6 +382,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ diff --git a/src/libstrongswan/plugins/gmp/Makefile.in b/src/libstrongswan/plugins/gmp/Makefile.in index de8f8fe7a..2fcdce774 100644 --- a/src/libstrongswan/plugins/gmp/Makefile.in +++ b/src/libstrongswan/plugins/gmp/Makefile.in @@ -356,6 +356,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -378,6 +379,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ diff --git a/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c b/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c index 2b2c7f249..32a72ac96 100644 --- a/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c +++ b/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c @@ -475,7 +475,7 @@ gmp_rsa_public_key_t *gmp_rsa_public_key_load(key_type_t type, va_list args) } break; } - if (!e.ptr || !n.ptr) + if (!e.len || !n.len || (n.ptr[n.len-1] & 0x01) == 0) { return NULL; } @@ -506,5 +506,10 @@ gmp_rsa_public_key_t *gmp_rsa_public_key_load(key_type_t type, va_list args) this->k = (mpz_sizeinbase(this->n, 2) + 7) / BITS_PER_BYTE; + if (!mpz_sgn(this->e)) + { + destroy(this); + return NULL; + } return &this->public; } diff --git a/src/libstrongswan/plugins/hmac/Makefile.in b/src/libstrongswan/plugins/hmac/Makefile.in index 3a87fcc02..aa640156a 100644 --- a/src/libstrongswan/plugins/hmac/Makefile.in +++ b/src/libstrongswan/plugins/hmac/Makefile.in @@ -355,6 +355,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -377,6 +378,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ diff --git a/src/libstrongswan/plugins/keychain/Makefile.in b/src/libstrongswan/plugins/keychain/Makefile.in index d113d9ee2..c9e4e40e0 100644 --- a/src/libstrongswan/plugins/keychain/Makefile.in +++ b/src/libstrongswan/plugins/keychain/Makefile.in @@ -358,6 +358,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -380,6 +381,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ diff --git a/src/libstrongswan/plugins/ldap/Makefile.in b/src/libstrongswan/plugins/ldap/Makefile.in index 2005aafb9..1f4d44706 100644 --- a/src/libstrongswan/plugins/ldap/Makefile.in +++ b/src/libstrongswan/plugins/ldap/Makefile.in @@ -355,6 +355,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -377,6 +378,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ diff --git a/src/libstrongswan/plugins/md4/Makefile.in b/src/libstrongswan/plugins/md4/Makefile.in index dad532715..eb9426ccc 100644 --- a/src/libstrongswan/plugins/md4/Makefile.in +++ b/src/libstrongswan/plugins/md4/Makefile.in @@ -355,6 +355,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -377,6 +378,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ diff --git a/src/libstrongswan/plugins/md5/Makefile.in b/src/libstrongswan/plugins/md5/Makefile.in index 5f1ced2f3..eaafd9fe5 100644 --- a/src/libstrongswan/plugins/md5/Makefile.in +++ b/src/libstrongswan/plugins/md5/Makefile.in @@ -355,6 +355,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -377,6 +378,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ diff --git a/src/libstrongswan/plugins/mgf1/Makefile.in b/src/libstrongswan/plugins/mgf1/Makefile.in index 42904a763..991c5421e 100644 --- a/src/libstrongswan/plugins/mgf1/Makefile.in +++ b/src/libstrongswan/plugins/mgf1/Makefile.in @@ -355,6 +355,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -377,6 +378,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ diff --git a/src/libstrongswan/plugins/mysql/Makefile.in b/src/libstrongswan/plugins/mysql/Makefile.in index b61755716..d549f2e71 100644 --- a/src/libstrongswan/plugins/mysql/Makefile.in +++ b/src/libstrongswan/plugins/mysql/Makefile.in @@ -357,6 +357,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -379,6 +380,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ diff --git a/src/libstrongswan/plugins/mysql/mysql_database.c b/src/libstrongswan/plugins/mysql/mysql_database.c index 871cc59a0..211eba704 100644 --- a/src/libstrongswan/plugins/mysql/mysql_database.c +++ b/src/libstrongswan/plugins/mysql/mysql_database.c @@ -403,10 +403,8 @@ typedef struct { unsigned long *length; } mysql_enumerator_t; -/** - * create a mysql enumerator - */ -static void mysql_enumerator_destroy(mysql_enumerator_t *this) +METHOD(enumerator_t, mysql_enumerator_destroy, void, + mysql_enumerator_t *this) { int columns, i; @@ -434,13 +432,10 @@ static void mysql_enumerator_destroy(mysql_enumerator_t *this) free(this); } -/** - * Implementation of database.query().enumerate - */ -static bool mysql_enumerator_enumerate(mysql_enumerator_t *this, ...) +METHOD(enumerator_t, mysql_enumerator_enumerate, bool, + mysql_enumerator_t *this, va_list args) { int i, columns; - va_list args; columns = mysql_stmt_field_count(this->stmt); @@ -477,7 +472,6 @@ static bool mysql_enumerator_enumerate(mysql_enumerator_t *this, ...) return FALSE; } - va_start(args, this); for (i = 0; i < columns; i++) { switch (this->bind[i].buffer_type) @@ -526,7 +520,6 @@ static bool mysql_enumerator_enumerate(mysql_enumerator_t *this, ...) break; } } - va_end(args); return TRUE; } @@ -552,9 +545,9 @@ METHOD(database_t, query, enumerator_t*, INIT(enumerator, .public = { - .enumerate = (void*)mysql_enumerator_enumerate, - .destroy = (void*)mysql_enumerator_destroy, - + .enumerate = enumerator_enumerate_default, + .venumerate = _mysql_enumerator_enumerate, + .destroy = _mysql_enumerator_destroy, }, .db = this, .stmt = stmt, diff --git a/src/libstrongswan/plugins/newhope/Makefile.in b/src/libstrongswan/plugins/newhope/Makefile.in index 24857b3d6..a884b30b6 100644 --- a/src/libstrongswan/plugins/newhope/Makefile.in +++ b/src/libstrongswan/plugins/newhope/Makefile.in @@ -364,6 +364,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -386,6 +387,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ diff --git a/src/libstrongswan/plugins/newhope/tests/Makefile.in b/src/libstrongswan/plugins/newhope/tests/Makefile.in index 884a2eb6b..80fcf4dc5 100644 --- a/src/libstrongswan/plugins/newhope/tests/Makefile.in +++ b/src/libstrongswan/plugins/newhope/tests/Makefile.in @@ -356,6 +356,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -378,6 +379,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ diff --git a/src/libstrongswan/plugins/nonce/Makefile.in b/src/libstrongswan/plugins/nonce/Makefile.in index 8e04841cf..783eaf436 100644 --- a/src/libstrongswan/plugins/nonce/Makefile.in +++ b/src/libstrongswan/plugins/nonce/Makefile.in @@ -356,6 +356,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -378,6 +379,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ diff --git a/src/libstrongswan/plugins/ntru/Makefile.in b/src/libstrongswan/plugins/ntru/Makefile.in index c47f90bac..41ec4cec4 100644 --- a/src/libstrongswan/plugins/ntru/Makefile.in +++ b/src/libstrongswan/plugins/ntru/Makefile.in @@ -357,6 +357,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -379,6 +380,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ diff --git a/src/libstrongswan/plugins/openssl/Makefile.in b/src/libstrongswan/plugins/openssl/Makefile.in index 798ee5f26..9c0523652 100644 --- a/src/libstrongswan/plugins/openssl/Makefile.in +++ b/src/libstrongswan/plugins/openssl/Makefile.in @@ -365,6 +365,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -387,6 +388,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ diff --git a/src/libstrongswan/plugins/openssl/openssl_crl.c b/src/libstrongswan/plugins/openssl/openssl_crl.c index 20bac6be5..61cf3e884 100644 --- a/src/libstrongswan/plugins/openssl/openssl_crl.c +++ b/src/libstrongswan/plugins/openssl/openssl_crl.c @@ -142,8 +142,14 @@ typedef struct { METHOD(enumerator_t, crl_enumerate, bool, - crl_enumerator_t *this, chunk_t *serial, time_t *date, crl_reason_t *reason) + crl_enumerator_t *this, va_list args) { + crl_reason_t *reason; + chunk_t *serial; + time_t *date; + + VA_ARGS_VGET(args, serial, date, reason); + if (this->i < this->num) { X509_REVOKED *revoked; @@ -188,7 +194,8 @@ METHOD(crl_t, create_enumerator, enumerator_t*, INIT(enumerator, .public = { - .enumerate = (void*)_crl_enumerate, + .enumerate = enumerator_enumerate_default, + .venumerate = _crl_enumerate, .destroy = (void*)free, }, .stack = X509_CRL_get_REVOKED(this->crl), diff --git a/src/libstrongswan/plugins/openssl/openssl_pkcs7.c b/src/libstrongswan/plugins/openssl/openssl_pkcs7.c index 5752d96de..83ac8df5b 100644 --- a/src/libstrongswan/plugins/openssl/openssl_pkcs7.c +++ b/src/libstrongswan/plugins/openssl/openssl_pkcs7.c @@ -136,8 +136,12 @@ METHOD(enumerator_t, cert_destroy, void, } METHOD(enumerator_t, cert_enumerate, bool, - cert_enumerator_t *this, certificate_t **out) + cert_enumerator_t *this, va_list args) { + certificate_t **out; + + VA_ARGS_VGET(args, out); + if (!this->certs) { return FALSE; @@ -176,7 +180,8 @@ METHOD(pkcs7_t, create_cert_enumerator, enumerator_t*, { INIT(enumerator, .public = { - .enumerate = (void*)_cert_enumerate, + .enumerate = enumerator_enumerate_default, + .venumerate = _cert_enumerate, .destroy = _cert_destroy, }, .certs = CMS_get1_certs(this->cms), @@ -320,8 +325,12 @@ static bool verify_digest(CMS_ContentInfo *cms, CMS_SignerInfo *si, int hash_oid } METHOD(enumerator_t, signature_enumerate, bool, - signature_enumerator_t *this, auth_cfg_t **out) + signature_enumerator_t *this, va_list args) { + auth_cfg_t **out; + + VA_ARGS_VGET(args, out); + if (!this->signers) { return FALSE; @@ -382,7 +391,8 @@ METHOD(container_t, create_signature_enumerator, enumerator_t*, INIT(enumerator, .public = { - .enumerate = (void*)_signature_enumerate, + .enumerate = enumerator_enumerate_default, + .venumerate = _signature_enumerate, .destroy = _signature_destroy, }, .cms = this->cms, diff --git a/src/libstrongswan/plugins/padlock/Makefile.in b/src/libstrongswan/plugins/padlock/Makefile.in index 1fe0e7bb0..b71749589 100644 --- a/src/libstrongswan/plugins/padlock/Makefile.in +++ b/src/libstrongswan/plugins/padlock/Makefile.in @@ -358,6 +358,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -380,6 +381,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ diff --git a/src/libstrongswan/plugins/pem/Makefile.in b/src/libstrongswan/plugins/pem/Makefile.in index e3d7c776a..8ff3dd021 100644 --- a/src/libstrongswan/plugins/pem/Makefile.in +++ b/src/libstrongswan/plugins/pem/Makefile.in @@ -356,6 +356,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -378,6 +379,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ diff --git a/src/libstrongswan/plugins/pem/pem_builder.c b/src/libstrongswan/plugins/pem/pem_builder.c index 719a2a69e..ec90fb084 100644 --- a/src/libstrongswan/plugins/pem/pem_builder.c +++ b/src/libstrongswan/plugins/pem/pem_builder.c @@ -61,7 +61,7 @@ static bool find_boundary(char* tag, chunk_t *line) if (!present("-----", line) || !present(tag, line) || - *line->ptr != ' ') + !line->len || *line->ptr != ' ') { return FALSE; } @@ -250,7 +250,7 @@ static status_t pem_to_bin(chunk_t *blob, bool *pgp) { continue; } - if (match("Proc-Type", &name) && *value.ptr == '4') + if (match("Proc-Type", &name) && value.len && *value.ptr == '4') { encrypted = TRUE; } @@ -306,7 +306,7 @@ static status_t pem_to_bin(chunk_t *blob, bool *pgp) } /* check for PGP armor checksum */ - if (*data.ptr == '=') + if (data.len && *data.ptr == '=') { *pgp = TRUE; data.ptr++; diff --git a/src/libstrongswan/plugins/pgp/Makefile.in b/src/libstrongswan/plugins/pgp/Makefile.in index 552340230..3ffafd020 100644 --- a/src/libstrongswan/plugins/pgp/Makefile.in +++ b/src/libstrongswan/plugins/pgp/Makefile.in @@ -356,6 +356,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -378,6 +379,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ diff --git a/src/libstrongswan/plugins/pkcs1/Makefile.in b/src/libstrongswan/plugins/pkcs1/Makefile.in index 3cdc73102..cbf227680 100644 --- a/src/libstrongswan/plugins/pkcs1/Makefile.in +++ b/src/libstrongswan/plugins/pkcs1/Makefile.in @@ -357,6 +357,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -379,6 +380,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ diff --git a/src/libstrongswan/plugins/pkcs11/Makefile.in b/src/libstrongswan/plugins/pkcs11/Makefile.in index f4fffd3fa..ca7b5a8a9 100644 --- a/src/libstrongswan/plugins/pkcs11/Makefile.in +++ b/src/libstrongswan/plugins/pkcs11/Makefile.in @@ -360,6 +360,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -382,6 +383,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_creds.c b/src/libstrongswan/plugins/pkcs11/pkcs11_creds.c index e65f3a06b..b1575540d 100644 --- a/src/libstrongswan/plugins/pkcs11/pkcs11_creds.c +++ b/src/libstrongswan/plugins/pkcs11/pkcs11_creds.c @@ -153,30 +153,32 @@ static bool load_certificates(private_pkcs11_creds_t *this) return TRUE; } -/** - * filter function for certs enumerator - */ -static bool certs_filter(identification_t *id, - certificate_t **in, certificate_t **out) +CALLBACK(certs_filter, bool, + identification_t *id, enumerator_t *orig, va_list args) { public_key_t *public; - certificate_t *cert = *in; + certificate_t *cert, **out; - if (id == NULL || cert->has_subject(cert, id)) - { - *out = *in; - return TRUE; - } - public = cert->get_public_key(cert); - if (public) + VA_ARGS_VGET(args, out); + + while (orig->enumerate(orig, &cert)) { - if (public->has_fingerprint(public, id->get_encoding(id))) + if (id == NULL || cert->has_subject(cert, id)) { - public->destroy(public); - *out = *in; + *out = cert; return TRUE; } - public->destroy(public); + public = cert->get_public_key(cert); + if (public) + { + if (public->has_fingerprint(public, id->get_encoding(id))) + { + public->destroy(public); + *out = cert; + return TRUE; + } + public->destroy(public); + } } return FALSE; } @@ -199,7 +201,7 @@ METHOD(credential_set_t, create_cert_enumerator, enumerator_t*, { inner = this->untrusted->create_enumerator(this->untrusted); } - return enumerator_create_filter(inner, (void*)certs_filter, id, NULL); + return enumerator_create_filter(inner, certs_filter, id, NULL); } METHOD(pkcs11_creds_t, get_library, pkcs11_library_t*, diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_library.c b/src/libstrongswan/plugins/pkcs11/pkcs11_library.c index dc8a1f17a..89ae1969e 100644 --- a/src/libstrongswan/plugins/pkcs11/pkcs11_library.c +++ b/src/libstrongswan/plugins/pkcs11/pkcs11_library.c @@ -719,12 +719,14 @@ static bool get_attributes(object_enumerator_t *this, CK_OBJECT_HANDLE object) } METHOD(enumerator_t, object_enumerate, bool, - object_enumerator_t *this, CK_OBJECT_HANDLE *out) + object_enumerator_t *this, va_list args) { - CK_OBJECT_HANDLE object; + CK_OBJECT_HANDLE object, *out; CK_ULONG found; CK_RV rv; + VA_ARGS_VGET(args, out); + if (!this->object) { rv = this->lib->f->C_FindObjects(this->session, &object, 1, &found); @@ -786,7 +788,8 @@ METHOD(pkcs11_library_t, create_object_enumerator, enumerator_t*, INIT(enumerator, .public = { - .enumerate = (void*)_object_enumerate, + .enumerate = enumerator_enumerate_default, + .venumerate = _object_enumerate, .destroy = _object_destroy, }, .session = session, @@ -806,7 +809,8 @@ METHOD(pkcs11_library_t, create_object_attr_enumerator, enumerator_t*, INIT(enumerator, .public = { - .enumerate = (void*)_object_enumerate, + .enumerate = enumerator_enumerate_default, + .venumerate = _object_enumerate, .destroy = _object_destroy, }, .session = session, @@ -838,11 +842,14 @@ typedef struct { } mechanism_enumerator_t; METHOD(enumerator_t, enumerate_mech, bool, - mechanism_enumerator_t *this, CK_MECHANISM_TYPE* type, - CK_MECHANISM_INFO *info) + mechanism_enumerator_t *this, va_list args) { + CK_MECHANISM_INFO *info; + CK_MECHANISM_TYPE *type; CK_RV rv; + VA_ARGS_VGET(args, type, info); + if (this->current >= this->count) { return FALSE; @@ -876,7 +883,8 @@ METHOD(pkcs11_library_t, create_mechanism_enumerator, enumerator_t*, INIT(enumerator, .public = { - .enumerate = (void*)_enumerate_mech, + .enumerate = enumerator_enumerate_default, + .venumerate = _enumerate_mech, .destroy = _destroy_mech, }, .lib = &this->public, diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_manager.c b/src/libstrongswan/plugins/pkcs11/pkcs11_manager.c index 96c4a180d..31bcb0d25 100644 --- a/src/libstrongswan/plugins/pkcs11/pkcs11_manager.c +++ b/src/libstrongswan/plugins/pkcs11/pkcs11_manager.c @@ -265,8 +265,13 @@ typedef struct { } token_enumerator_t; METHOD(enumerator_t, enumerate_token, bool, - token_enumerator_t *this, pkcs11_library_t **out, CK_SLOT_ID *slot) + token_enumerator_t *this, va_list args) { + pkcs11_library_t **out; + CK_SLOT_ID *slot; + + VA_ARGS_VGET(args, out, slot); + if (this->current >= this->count) { free(this->slots); @@ -301,7 +306,8 @@ METHOD(pkcs11_manager_t, create_token_enumerator, enumerator_t*, INIT(enumerator, .public = { - .enumerate = (void*)_enumerate_token, + .enumerate = enumerator_enumerate_default, + .venumerate = _enumerate_token, .destroy = _destroy_token, }, .inner = this->libs->create_enumerator(this->libs), diff --git a/src/libstrongswan/plugins/pkcs12/Makefile.in b/src/libstrongswan/plugins/pkcs12/Makefile.in index 72996f164..73f15d26c 100644 --- a/src/libstrongswan/plugins/pkcs12/Makefile.in +++ b/src/libstrongswan/plugins/pkcs12/Makefile.in @@ -357,6 +357,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -379,6 +380,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ diff --git a/src/libstrongswan/plugins/pkcs7/Makefile.in b/src/libstrongswan/plugins/pkcs7/Makefile.in index 6224b1b92..3bf44de30 100644 --- a/src/libstrongswan/plugins/pkcs7/Makefile.in +++ b/src/libstrongswan/plugins/pkcs7/Makefile.in @@ -359,6 +359,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -381,6 +382,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ diff --git a/src/libstrongswan/plugins/pkcs7/pkcs7_signed_data.c b/src/libstrongswan/plugins/pkcs7/pkcs7_signed_data.c index d224ef3aa..413c3fff5 100644 --- a/src/libstrongswan/plugins/pkcs7/pkcs7_signed_data.c +++ b/src/libstrongswan/plugins/pkcs7/pkcs7_signed_data.c @@ -179,7 +179,7 @@ typedef struct { } signature_enumerator_t; METHOD(enumerator_t, enumerate, bool, - signature_enumerator_t *this, auth_cfg_t **out) + signature_enumerator_t *this, va_list args) { signerinfo_t *info; signature_scheme_t scheme; @@ -187,11 +187,13 @@ METHOD(enumerator_t, enumerate, bool, enumerator_t *enumerator; certificate_t *cert; public_key_t *key; - auth_cfg_t *auth; + auth_cfg_t *auth, **out; chunk_t chunk, hash, content; hasher_t *hasher; bool valid; + VA_ARGS_VGET(args, out); + while (this->inner->enumerate(this->inner, &info)) { /* clean up previous round */ @@ -300,7 +302,8 @@ METHOD(container_t, create_signature_enumerator, enumerator_t*, INIT(enumerator, .public = { - .enumerate = (void*)_enumerate, + .enumerate = enumerator_enumerate_default, + .venumerate = _enumerate, .destroy = _enumerator_destroy, }, .inner = this->signerinfos->create_enumerator(this->signerinfos), diff --git a/src/libstrongswan/plugins/pkcs8/Makefile.in b/src/libstrongswan/plugins/pkcs8/Makefile.in index 475de08fb..2066d8792 100644 --- a/src/libstrongswan/plugins/pkcs8/Makefile.in +++ b/src/libstrongswan/plugins/pkcs8/Makefile.in @@ -356,6 +356,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -378,6 +379,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ diff --git a/src/libstrongswan/plugins/plugin_constructors.py b/src/libstrongswan/plugins/plugin_constructors.py new file mode 100644 index 000000000..d9c40e383 --- /dev/null +++ b/src/libstrongswan/plugins/plugin_constructors.py @@ -0,0 +1,60 @@ +#!/usr/bin/env python +# +# Copyright (C) 2017 Tobias Brunner +# HSR Hochschule fuer Technik Rapperswil +# +# This program is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 2 of the License, or (at your +# option) any later version. See . +# +# This program is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY +# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License +# for more details. + +import sys +from argparse import ArgumentParser + +def generate_output(plugins): + """Generate a source file containing plugin constructor registrations""" + print("/**") + print(" * Register plugin constructors for static libraries") + print(" * Created by {0}".format(__file__)) + print(" */") + print("") + print("#include ") + print("#include ") + print("") + + for plugin in plugins: + print("plugin_t *{0}_plugin_create();".format(plugin.replace('-', '_'))) + + print("") + print("static void register_plugins() __attribute__ ((constructor));") + print("static void register_plugins()") + print("{") + + for plugin in plugins: + print(' plugin_constructor_register("{0}", {1}_plugin_create);'.format(plugin, plugin.replace('-', '_'))) + + print("}") + + print("") + print("static void unregister_plugins() __attribute__ ((destructor));") + print("static void unregister_plugins()") + print("{") + + for plugin in plugins: + print(' plugin_constructor_register("{0}", NULL);'.format(plugin)) + + print("}") + print("") + +parser = ArgumentParser(description = "Generate constructor registration for a list of plugins") +parser.add_argument('plugins', metavar="plugin", nargs="*", + help = "name of a plugin for which to generate constructor registration") + + +args = parser.parse_args() +generate_output(args.plugins); diff --git a/src/libstrongswan/plugins/plugin_loader.c b/src/libstrongswan/plugins/plugin_loader.c index e4698fac0..42d443b7a 100644 --- a/src/libstrongswan/plugins/plugin_loader.c +++ b/src/libstrongswan/plugins/plugin_loader.c @@ -40,6 +40,13 @@ typedef struct registered_feature_t registered_feature_t; typedef struct provided_feature_t provided_feature_t; typedef struct plugin_entry_t plugin_entry_t; +#ifdef STATIC_PLUGIN_CONSTRUCTORS +/** + * Statically registered constructors + */ +static hashtable_t *plugin_constructors = NULL; +#endif + /** * private data of plugin_loader */ @@ -298,6 +305,46 @@ static plugin_t *static_features_create(const char *name, return &this->public; } +#ifdef STATIC_PLUGIN_CONSTRUCTORS +/* + * Described in header. + */ +void plugin_constructor_register(char *name, void *constructor) +{ + bool old = FALSE; + + if (lib && lib->leak_detective) + { + old = lib->leak_detective->set_state(lib->leak_detective, FALSE); + } + + if (!plugin_constructors) + { + chunk_hash_seed(); + plugin_constructors = hashtable_create(hashtable_hash_str, + hashtable_equals_str, 32); + } + if (constructor) + { + plugin_constructors->put(plugin_constructors, name, constructor); + } + else + { + plugin_constructors->remove(plugin_constructors, name); + if (!plugin_constructors->get_count(plugin_constructors)) + { + plugin_constructors->destroy(plugin_constructors); + plugin_constructors = NULL; + } + } + + if (lib && lib->leak_detective) + { + lib->leak_detective->set_state(lib->leak_detective, old); + } +} +#endif + /** * create a plugin * returns: NOT_FOUND, if the constructor was not found @@ -309,7 +356,7 @@ static status_t create_plugin(private_plugin_loader_t *this, void *handle, { char create[128]; plugin_t *plugin; - plugin_constructor_t constructor; + plugin_constructor_t constructor = NULL; if (snprintf(create, sizeof(create), "%s_plugin_create", name) >= sizeof(create)) @@ -317,8 +364,17 @@ static status_t create_plugin(private_plugin_loader_t *this, void *handle, return FAILED; } translate(create, "-", "_"); - constructor = dlsym(handle, create); - if (constructor == NULL) +#ifdef STATIC_PLUGIN_CONSTRUCTORS + if (plugin_constructors) + { + constructor = plugin_constructors->get(plugin_constructors, name); + } + if (!constructor) +#endif + { + constructor = dlsym(handle, create); + } + if (!constructor) { return NOT_FOUND; } @@ -409,34 +465,48 @@ static plugin_entry_t *load_plugin(private_plugin_loader_t *this, char *name, return entry; } -/** - * Convert enumerated provided_feature_t to plugin_feature_t - */ -static bool feature_filter(void *null, provided_feature_t **provided, - plugin_feature_t **feature) +CALLBACK(feature_filter, bool, + void *null, enumerator_t *orig, va_list args) { - *feature = (*provided)->feature; - return (*provided)->loaded; + provided_feature_t *provided; + plugin_feature_t **feature; + + VA_ARGS_VGET(args, feature); + + while (orig->enumerate(orig, &provided)) + { + if (provided->loaded) + { + *feature = provided->feature; + return TRUE; + } + } + return FALSE; } -/** - * Convert enumerated entries to plugin_t - */ -static bool plugin_filter(void *null, plugin_entry_t **entry, plugin_t **plugin, - void *in, linked_list_t **list) +CALLBACK(plugin_filter, bool, + void *null, enumerator_t *orig, va_list args) { - plugin_entry_t *this = *entry; + plugin_entry_t *entry; + linked_list_t **list; + plugin_t **plugin; + + VA_ARGS_VGET(args, plugin, list); - *plugin = this->plugin; - if (list) + if (orig->enumerate(orig, &entry)) { - enumerator_t *features; - features = enumerator_create_filter( - this->features->create_enumerator(this->features), - (void*)feature_filter, NULL, NULL); - *list = linked_list_create_from_enumerator(features); + *plugin = entry->plugin; + if (list) + { + enumerator_t *features; + features = enumerator_create_filter( + entry->features->create_enumerator(entry->features), + feature_filter, NULL, NULL); + *list = linked_list_create_from_enumerator(features); + } + return TRUE; } - return TRUE; + return FALSE; } METHOD(plugin_loader_t, create_plugin_enumerator, enumerator_t*, @@ -444,7 +514,7 @@ METHOD(plugin_loader_t, create_plugin_enumerator, enumerator_t*, { return enumerator_create_filter( this->plugins->create_enumerator(this->plugins), - (void*)plugin_filter, NULL, NULL); + plugin_filter, NULL, NULL); } METHOD(plugin_loader_t, has_feature, bool, @@ -536,18 +606,14 @@ static void load_provided(private_plugin_loader_t *this, provided_feature_t *provided, int level); -/** - * Used to find a loaded feature - */ -static bool is_feature_loaded(provided_feature_t *item) +CALLBACK(is_feature_loaded, bool, + provided_feature_t *item, va_list args) { return item->loaded; } -/** - * Used to find a loadable feature - */ -static bool is_feature_loadable(provided_feature_t *item) +CALLBACK(is_feature_loadable, bool, + provided_feature_t *item, va_list args) { return !item->loading && !item->loaded && !item->failed; } @@ -560,8 +626,7 @@ static bool loaded_feature_matches(registered_feature_t *a, { if (plugin_feature_matches(a->feature, b->feature)) { - return b->plugins->find_first(b->plugins, (void*)is_feature_loaded, - NULL) == SUCCESS; + return b->plugins->find_first(b->plugins, is_feature_loaded, NULL); } return FALSE; } @@ -574,8 +639,7 @@ static bool loadable_feature_equals(registered_feature_t *a, { if (plugin_feature_equals(a->feature, b->feature)) { - return b->plugins->find_first(b->plugins, (void*)is_feature_loadable, - NULL) == SUCCESS; + return b->plugins->find_first(b->plugins, is_feature_loadable, NULL); } return FALSE; } @@ -588,8 +652,7 @@ static bool loadable_feature_matches(registered_feature_t *a, { if (plugin_feature_matches(a->feature, b->feature)) { - return b->plugins->find_first(b->plugins, (void*)is_feature_loadable, - NULL) == SUCCESS; + return b->plugins->find_first(b->plugins, is_feature_loadable, NULL); } return FALSE; } @@ -674,9 +737,11 @@ static bool load_dependencies(private_plugin_loader_t *this, if (!find_compatible_feature(this, &provided->feature[i])) { - char *name, *provide, *depend; bool soft = provided->feature[i].kind == FEATURE_SDEPEND; +#ifndef USE_FUZZING + char *name, *provide, *depend; + name = provided->entry->plugin->get_name(provided->entry->plugin); provide = plugin_feature_get_string(&provided->feature[0]); depend = plugin_feature_get_string(&provided->feature[i]); @@ -697,6 +762,8 @@ static bool load_dependencies(private_plugin_loader_t *this, } free(provide); free(depend); +#endif /* !USE_FUZZING */ + if (soft) { /* it's ok if we can't resolve soft dependencies */ continue; @@ -716,8 +783,6 @@ static void load_feature(private_plugin_loader_t *this, { if (load_dependencies(this, provided, level)) { - char *name, *provide; - if (plugin_feature_load(provided->entry->plugin, provided->feature, provided->reg)) { @@ -727,6 +792,9 @@ static void load_feature(private_plugin_loader_t *this, return; } +#ifndef USE_FUZZING + char *name, *provide; + name = provided->entry->plugin->get_name(provided->entry->plugin); provide = plugin_feature_get_string(&provided->feature[0]); if (provided->entry->critical) @@ -740,6 +808,7 @@ static void load_feature(private_plugin_loader_t *this, provide, name); } free(provide); +#endif /* !USE_FUZZING */ } else { /* TODO: we could check the current level and set a different flag when @@ -759,13 +828,16 @@ static void load_provided(private_plugin_loader_t *this, provided_feature_t *provided, int level) { - char *name, *provide; int indent = level * 2; if (provided->loaded || provided->failed) { return; } + +#ifndef USE_FUZZING + char *name, *provide; + name = provided->entry->plugin->get_name(provided->entry->plugin); provide = plugin_feature_get_string(provided->feature); if (provided->loading) @@ -778,6 +850,12 @@ static void load_provided(private_plugin_loader_t *this, DBG3(DBG_LIB, "%*sloading feature %s in plugin '%s'", indent, "", provide, name); free(provide); +#else + if (provided->loading) + { + return; + } +#endif /* USE_FUZZING */ provided->loading = TRUE; load_feature(this, provided, level + 1); @@ -926,8 +1004,8 @@ static void purge_plugins(private_plugin_loader_t *this) { /* feature interface not supported */ continue; } - if (entry->features->find_first(entry->features, - (void*)is_feature_loaded, NULL) != SUCCESS) + if (!entry->features->find_first(entry->features, is_feature_loaded, + NULL)) { DBG2(DBG_LIB, "unloading plugin '%s' without loaded features", entry->plugin->get_name(entry->plugin)); @@ -977,6 +1055,15 @@ static bool find_plugin(char *path, char *name, char *buf, char **file) return FALSE; } +CALLBACK(find_plugin_cb, bool, + char *path, va_list args) +{ + char *name, *buf, **file; + + VA_ARGS_VGET(args, name, buf, file); + return find_plugin(path, name, buf, file); +} + /** * Used to sort plugins by priority */ @@ -1024,14 +1111,20 @@ static int plugin_priority_cmp(const plugin_priority_t *a, return diff; } -/** - * Convert enumerated plugin_priority_t to a plugin name - */ -static bool plugin_priority_filter(void *null, plugin_priority_t **prio, - char **name) +CALLBACK(plugin_priority_filter, bool, + void *null, enumerator_t *orig, va_list args) { - *name = (*prio)->name; - return TRUE; + plugin_priority_t *prio; + char **name; + + VA_ARGS_VGET(args, name); + + if (orig->enumerate(orig, &prio)) + { + *name = prio->name; + return TRUE; + } + return FALSE; } /** @@ -1071,7 +1164,7 @@ static char *modular_pluginlist(char *list) else { enumerator = enumerator_create_filter(array_create_enumerator(given), - (void*)plugin_priority_filter, NULL, NULL); + plugin_priority_filter, NULL, NULL); load_def = TRUE; } while (enumerator->enumerate(enumerator, &plugin)) @@ -1153,8 +1246,8 @@ METHOD(plugin_loader_t, load_plugins, bool, } if (this->paths) { - this->paths->find_first(this->paths, (void*)find_plugin, NULL, - token, buf, &file); + this->paths->find_first(this->paths, find_plugin_cb, NULL, token, + buf, &file); } if (!file) { diff --git a/src/libstrongswan/plugins/plugin_loader.h b/src/libstrongswan/plugins/plugin_loader.h index 6be6a909c..92a860615 100644 --- a/src/libstrongswan/plugins/plugin_loader.h +++ b/src/libstrongswan/plugins/plugin_loader.h @@ -168,4 +168,14 @@ plugin_loader_t *plugin_loader_create(); */ void plugin_loader_add_plugindirs(char *basedir, char *plugins); +#ifdef STATIC_PLUGIN_CONSTRUCTORS +/** + * Register a plugin constructor in case of static builds. + * + * @param name name of the plugin + * @param constructor constructor to register (set to NULL to unregister) + */ +void plugin_constructor_register(char *name, void *constructor); +#endif + #endif /** PLUGIN_LOADER_H_ @}*/ diff --git a/src/libstrongswan/plugins/pubkey/Makefile.in b/src/libstrongswan/plugins/pubkey/Makefile.in index 4b0b13e16..04888cde2 100644 --- a/src/libstrongswan/plugins/pubkey/Makefile.in +++ b/src/libstrongswan/plugins/pubkey/Makefile.in @@ -357,6 +357,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -379,6 +380,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ diff --git a/src/libstrongswan/plugins/random/Makefile.in b/src/libstrongswan/plugins/random/Makefile.in index 1cf00a586..940c5572a 100644 --- a/src/libstrongswan/plugins/random/Makefile.in +++ b/src/libstrongswan/plugins/random/Makefile.in @@ -357,6 +357,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -379,6 +380,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ diff --git a/src/libstrongswan/plugins/rc2/Makefile.in b/src/libstrongswan/plugins/rc2/Makefile.in index a57e15b64..c432cf810 100644 --- a/src/libstrongswan/plugins/rc2/Makefile.in +++ b/src/libstrongswan/plugins/rc2/Makefile.in @@ -355,6 +355,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -377,6 +378,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ diff --git a/src/libstrongswan/plugins/rdrand/Makefile.in b/src/libstrongswan/plugins/rdrand/Makefile.in index a5d76c109..849c89630 100644 --- a/src/libstrongswan/plugins/rdrand/Makefile.in +++ b/src/libstrongswan/plugins/rdrand/Makefile.in @@ -357,6 +357,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -379,6 +380,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ diff --git a/src/libstrongswan/plugins/revocation/Makefile.in b/src/libstrongswan/plugins/revocation/Makefile.in index cfbbcd8ad..5840c7dd0 100644 --- a/src/libstrongswan/plugins/revocation/Makefile.in +++ b/src/libstrongswan/plugins/revocation/Makefile.in @@ -358,6 +358,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -380,6 +381,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ diff --git a/src/libstrongswan/plugins/sha1/Makefile.in b/src/libstrongswan/plugins/sha1/Makefile.in index 8e3301e6f..fa596e6f4 100644 --- a/src/libstrongswan/plugins/sha1/Makefile.in +++ b/src/libstrongswan/plugins/sha1/Makefile.in @@ -356,6 +356,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -378,6 +379,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ diff --git a/src/libstrongswan/plugins/sha2/Makefile.in b/src/libstrongswan/plugins/sha2/Makefile.in index 045d6e0cc..6e3d6a390 100644 --- a/src/libstrongswan/plugins/sha2/Makefile.in +++ b/src/libstrongswan/plugins/sha2/Makefile.in @@ -355,6 +355,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -377,6 +378,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ diff --git a/src/libstrongswan/plugins/sha3/Makefile.in b/src/libstrongswan/plugins/sha3/Makefile.in index 9fc0a1a1f..2c249343c 100644 --- a/src/libstrongswan/plugins/sha3/Makefile.in +++ b/src/libstrongswan/plugins/sha3/Makefile.in @@ -356,6 +356,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -378,6 +379,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ diff --git a/src/libstrongswan/plugins/soup/Makefile.in b/src/libstrongswan/plugins/soup/Makefile.in index 517900486..02e398729 100644 --- a/src/libstrongswan/plugins/soup/Makefile.in +++ b/src/libstrongswan/plugins/soup/Makefile.in @@ -356,6 +356,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -378,6 +379,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ diff --git a/src/libstrongswan/plugins/sqlite/Makefile.in b/src/libstrongswan/plugins/sqlite/Makefile.in index 8ffc4aae0..5e23cb91c 100644 --- a/src/libstrongswan/plugins/sqlite/Makefile.in +++ b/src/libstrongswan/plugins/sqlite/Makefile.in @@ -358,6 +358,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -380,6 +381,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ diff --git a/src/libstrongswan/plugins/sqlite/sqlite_database.c b/src/libstrongswan/plugins/sqlite/sqlite_database.c index 0a35e3017..9f874212e 100644 --- a/src/libstrongswan/plugins/sqlite/sqlite_database.c +++ b/src/libstrongswan/plugins/sqlite/sqlite_database.c @@ -174,10 +174,8 @@ typedef struct { private_sqlite_database_t *database; } sqlite_enumerator_t; -/** - * destroy a sqlite enumerator - */ -static void sqlite_enumerator_destroy(sqlite_enumerator_t *this) +METHOD(enumerator_t, sqlite_enumerator_destroy, void, + sqlite_enumerator_t *this) { sqlite3_finalize(this->stmt); if (!is_threadsave()) @@ -188,13 +186,10 @@ static void sqlite_enumerator_destroy(sqlite_enumerator_t *this) free(this); } -/** - * Implementation of database.query().enumerate - */ -static bool sqlite_enumerator_enumerate(sqlite_enumerator_t *this, ...) +METHOD(enumerator_t, sqlite_enumerator_enumerate, bool, + sqlite_enumerator_t *this, va_list args) { int i; - va_list args; switch (sqlite3_step(this->stmt)) { @@ -207,7 +202,7 @@ static bool sqlite_enumerator_enumerate(sqlite_enumerator_t *this, ...) case SQLITE_DONE: return FALSE; } - va_start(args, this); + for (i = 0; i < this->count; i++) { switch (this->columns[i]) @@ -245,11 +240,9 @@ static bool sqlite_enumerator_enumerate(sqlite_enumerator_t *this, ...) } default: DBG1(DBG_LIB, "invalid result type supplied"); - va_end(args); return FALSE; } } - va_end(args); return TRUE; } @@ -270,13 +263,17 @@ METHOD(database_t, query, enumerator_t*, stmt = run(this, sql, &args); if (stmt) { - enumerator = malloc_thing(sqlite_enumerator_t); - enumerator->public.enumerate = (void*)sqlite_enumerator_enumerate; - enumerator->public.destroy = (void*)sqlite_enumerator_destroy; - enumerator->stmt = stmt; - enumerator->count = sqlite3_column_count(stmt); + INIT(enumerator, + .public = { + .enumerate = enumerator_enumerate_default, + .venumerate = _sqlite_enumerator_enumerate, + .destroy = _sqlite_enumerator_destroy, + }, + .stmt = stmt, + .count = sqlite3_column_count(stmt), + .database = this, + ); enumerator->columns = malloc(sizeof(db_type_t) * enumerator->count); - enumerator->database = this; for (i = 0; i < enumerator->count; i++) { enumerator->columns[i] = va_arg(args, db_type_t); diff --git a/src/libstrongswan/plugins/sshkey/Makefile.in b/src/libstrongswan/plugins/sshkey/Makefile.in index 8528b8707..a6663999d 100644 --- a/src/libstrongswan/plugins/sshkey/Makefile.in +++ b/src/libstrongswan/plugins/sshkey/Makefile.in @@ -358,6 +358,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -380,6 +381,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ diff --git a/src/libstrongswan/plugins/test_vectors/Makefile.in b/src/libstrongswan/plugins/test_vectors/Makefile.in index 27741dd15..33c5720a4 100644 --- a/src/libstrongswan/plugins/test_vectors/Makefile.in +++ b/src/libstrongswan/plugins/test_vectors/Makefile.in @@ -376,6 +376,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -398,6 +399,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ diff --git a/src/libstrongswan/plugins/unbound/Makefile.in b/src/libstrongswan/plugins/unbound/Makefile.in index 4822283c3..15c8c27cc 100644 --- a/src/libstrongswan/plugins/unbound/Makefile.in +++ b/src/libstrongswan/plugins/unbound/Makefile.in @@ -358,6 +358,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -380,6 +381,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ diff --git a/src/libstrongswan/plugins/winhttp/Makefile.in b/src/libstrongswan/plugins/winhttp/Makefile.in index 9a26a987c..b417d6e66 100644 --- a/src/libstrongswan/plugins/winhttp/Makefile.in +++ b/src/libstrongswan/plugins/winhttp/Makefile.in @@ -358,6 +358,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -380,6 +381,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ diff --git a/src/libstrongswan/plugins/x509/Makefile.in b/src/libstrongswan/plugins/x509/Makefile.in index 8d7f9a810..e1ed6b7ee 100644 --- a/src/libstrongswan/plugins/x509/Makefile.in +++ b/src/libstrongswan/plugins/x509/Makefile.in @@ -357,6 +357,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -379,6 +380,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ diff --git a/src/libstrongswan/plugins/x509/x509_ac.c b/src/libstrongswan/plugins/x509/x509_ac.c index aea8eb53d..ba459288b 100644 --- a/src/libstrongswan/plugins/x509/x509_ac.c +++ b/src/libstrongswan/plugins/x509/x509_ac.c @@ -1,9 +1,8 @@ /* * Copyright (C) 2002 Ueli Galizzi, Ariane Seiler * Copyright (C) 2003 Martin Berner, Lukas Suter - * Copyright (C) 2002-2014 Andreas Steffen + * Copyright (C) 2002-2017 Andreas Steffen * Copyright (C) 2009 Martin Willi - * * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -177,7 +176,7 @@ static chunk_t ASN1_noRevAvail_ext = chunk_from_chars( /** * declaration of function implemented in x509_cert.c */ -extern void x509_parse_generalNames(chunk_t blob, int level0, bool implicit, +extern bool x509_parse_generalNames(chunk_t blob, int level0, bool implicit, linked_list_t *list); /** * parses a directoryName @@ -191,7 +190,11 @@ static bool parse_directoryName(chunk_t blob, int level, bool implicit, linked_list_t *list; list = linked_list_create(); - x509_parse_generalNames(blob, level, implicit, list); + if (!x509_parse_generalNames(blob, level, implicit, list)) + { + list->destroy(list); + return FALSE; + } enumerator = list->create_enumerator(list); while (enumerator->enumerate(enumerator, &directoryName)) @@ -801,20 +804,27 @@ METHOD(ac_t, get_authKeyIdentifier, chunk_t, return this->authKeyIdentifier; } -/** - * Filter function for attribute enumeration - */ -static bool attr_filter(void *null, group_t **in, ac_group_type_t *type, - void *in2, chunk_t *out) +CALLBACK(attr_filter, bool, + void *null, enumerator_t *orig, va_list args) { - if ((*in)->type == AC_GROUP_TYPE_STRING && - !chunk_printable((*in)->value, NULL, 0)) - { /* skip non-printable strings */ - return FALSE; + group_t *group; + ac_group_type_t *type; + chunk_t *out; + + VA_ARGS_VGET(args, type, out); + + while (orig->enumerate(orig, &group)) + { + if (group->type == AC_GROUP_TYPE_STRING && + !chunk_printable(group->value, NULL, 0)) + { /* skip non-printable strings */ + continue; + } + *type = group->type; + *out = group->value; + return TRUE; } - *type = (*in)->type; - *out = (*in)->value; - return TRUE; + return FALSE; } METHOD(ac_t, create_group_enumerator, enumerator_t*, @@ -822,7 +832,7 @@ METHOD(ac_t, create_group_enumerator, enumerator_t*, { return enumerator_create_filter( this->groups->create_enumerator(this->groups), - (void*)attr_filter, NULL, NULL); + attr_filter, NULL, NULL); } METHOD(certificate_t, get_type, certificate_type_t, diff --git a/src/libstrongswan/plugins/x509/x509_cert.c b/src/libstrongswan/plugins/x509/x509_cert.c index b77c5db4d..974e687f9 100644 --- a/src/libstrongswan/plugins/x509/x509_cert.c +++ b/src/libstrongswan/plugins/x509/x509_cert.c @@ -2,10 +2,10 @@ * Copyright (C) 2000 Andreas Hess, Patric Lichtsteiner, Roger Wegmann * Copyright (C) 2001 Marco Bertossa, Andreas Schleiss * Copyright (C) 2002 Mario Strasser - * Copyright (C) 2000-2006 Andreas Steffen + * Copyright (C) 2000-2017 Andreas Steffen * Copyright (C) 2006-2009 Martin Willi * Copyright (C) 2008 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -217,6 +217,29 @@ struct private_x509_cert_t { refcount_t ref; }; +/** + * Convert a generalName to a string + */ +static bool gn_to_string(identification_t *id, char **uri) +{ + int len; + +#ifdef USE_FUZZING + chunk_t proper; + chunk_printable(id->get_encoding(id), &proper, '?'); + len = asprintf(uri, "%.*s", (int)proper.len, proper.ptr); + chunk_free(&proper); +#else + len = asprintf(uri, "%Y", id); +#endif + if (!len) + { + free(*uri); + return FALSE; + } + return len > 0; +} + /** * Destroy a CertificateDistributionPoint */ @@ -280,13 +303,14 @@ static const asn1Object_t basicConstraintsObjects[] = { /** * Extracts the basicConstraints extension */ -static void parse_basicConstraints(chunk_t blob, int level0, +static bool parse_basicConstraints(chunk_t blob, int level0, private_x509_cert_t *this) { asn1_parser_t *parser; chunk_t object; int objectID; bool isCA = FALSE; + bool success; parser = asn1_parser_create(basicConstraintsObjects, blob); parser->set_top_level(parser, level0); @@ -313,7 +337,10 @@ static void parse_basicConstraints(chunk_t blob, int level0, break; } } + success = parser->success(parser); parser->destroy(parser); + + return success; } /** @@ -502,11 +529,14 @@ static const asn1Object_t generalNamesObjects[] = { /** * Extracts one or several GNs and puts them into a chained list */ -void x509_parse_generalNames(chunk_t blob, int level0, bool implicit, linked_list_t *list) +bool x509_parse_generalNames(chunk_t blob, int level0, bool implicit, + linked_list_t *list) { asn1_parser_t *parser; chunk_t object; + identification_t *gn; int objectID; + bool success = FALSE; parser = asn1_parser_create(generalNamesObjects, blob); parser->set_top_level(parser, level0); @@ -516,16 +546,20 @@ void x509_parse_generalNames(chunk_t blob, int level0, bool implicit, linked_lis { if (objectID == GENERAL_NAMES_GN) { - identification_t *gn = parse_generalName(object, - parser->get_level(parser)+1); - - if (gn) + gn = parse_generalName(object, parser->get_level(parser)+1); + if (!gn) { - list->insert_last(list, (void *)gn); + goto end; } + list->insert_last(list, (void *)gn); } } + success = parser->success(parser); + +end: parser->destroy(parser); + + return success; } /** @@ -579,6 +613,7 @@ chunk_t x509_parse_authorityKeyIdentifier(chunk_t blob, int level0, } } parser->destroy(parser); + return authKeyIdentifier; } @@ -599,13 +634,14 @@ static const asn1Object_t authInfoAccessObjects[] = { /** * Extracts an authorityInfoAcess location */ -static void parse_authorityInfoAccess(chunk_t blob, int level0, +static bool parse_authorityInfoAccess(chunk_t blob, int level0, private_x509_cert_t *this) { asn1_parser_t *parser; chunk_t object; int objectID; int accessMethod = OID_UNKNOWN; + bool success = FALSE; parser = asn1_parser_create(authInfoAccessObjects, blob); parser->set_top_level(parser, level0); @@ -636,7 +672,7 @@ static void parse_authorityInfoAccess(chunk_t blob, int level0, } DBG2(DBG_ASN, " '%Y'", id); if (accessMethod == OID_OCSP && - asprintf(&uri, "%Y", id) > 0) + gn_to_string(id, &uri)) { this->ocsp_uris->insert_last(this->ocsp_uris, uri); } @@ -653,9 +689,12 @@ static void parse_authorityInfoAccess(chunk_t blob, int level0, break; } } + success = parser->success(parser); end: parser->destroy(parser); + + return success; } /** @@ -726,12 +765,13 @@ static const asn1Object_t extendedKeyUsageObjects[] = { /** * Extracts extendedKeyUsage OIDs */ -static void parse_extendedKeyUsage(chunk_t blob, int level0, +static bool parse_extendedKeyUsage(chunk_t blob, int level0, private_x509_cert_t *this) { asn1_parser_t *parser; chunk_t object; int objectID; + bool success; parser = asn1_parser_create(extendedKeyUsageObjects, blob); parser->set_top_level(parser, level0); @@ -762,27 +802,30 @@ static void parse_extendedKeyUsage(chunk_t blob, int level0, } } } + success = parser->success(parser); parser->destroy(parser); + + return success; } /** * ASN.1 definition of crlDistributionPoints */ static const asn1Object_t crlDistributionPointsObjects[] = { - { 0, "crlDistributionPoints", ASN1_SEQUENCE, ASN1_LOOP }, /* 0 */ - { 1, "DistributionPoint", ASN1_SEQUENCE, ASN1_NONE }, /* 1 */ - { 2, "distributionPoint", ASN1_CONTEXT_C_0, ASN1_OPT|ASN1_LOOP }, /* 2 */ - { 3, "fullName", ASN1_CONTEXT_C_0, ASN1_OPT|ASN1_OBJ }, /* 3 */ - { 3, "end choice", ASN1_EOC, ASN1_END }, /* 4 */ - { 3, "nameRelToCRLIssuer",ASN1_CONTEXT_C_1, ASN1_OPT|ASN1_BODY }, /* 5 */ - { 3, "end choice", ASN1_EOC, ASN1_END }, /* 6 */ - { 2, "end opt", ASN1_EOC, ASN1_END }, /* 7 */ - { 2, "reasons", ASN1_CONTEXT_C_1, ASN1_OPT|ASN1_BODY }, /* 8 */ - { 2, "end opt", ASN1_EOC, ASN1_END }, /* 9 */ - { 2, "crlIssuer", ASN1_CONTEXT_C_2, ASN1_OPT|ASN1_OBJ }, /* 10 */ - { 2, "end opt", ASN1_EOC, ASN1_END }, /* 11 */ - { 0, "end loop", ASN1_EOC, ASN1_END }, /* 12 */ - { 0, "exit", ASN1_EOC, ASN1_EXIT } + { 0, "crlDistributionPoints", ASN1_SEQUENCE, ASN1_LOOP }, /* 0 */ + { 1, "DistributionPoint", ASN1_SEQUENCE, ASN1_NONE }, /* 1 */ + { 2, "distributionPoint", ASN1_CONTEXT_C_0, ASN1_OPT|ASN1_CHOICE }, /* 2 */ + { 3, "fullName", ASN1_CONTEXT_C_0, ASN1_OPT|ASN1_OBJ }, /* 3 */ + { 3, "end choice", ASN1_EOC, ASN1_END|ASN1_CH }, /* 4 */ + { 3, "nameRelToCRLIssuer",ASN1_CONTEXT_C_1, ASN1_OPT|ASN1_BODY }, /* 5 */ + { 3, "end choice", ASN1_EOC, ASN1_END|ASN1_CH }, /* 6 */ + { 2, "end opt/choices", ASN1_EOC, ASN1_END|ASN1_CHOICE }, /* 7 */ + { 2, "reasons", ASN1_CONTEXT_C_1, ASN1_OPT|ASN1_BODY }, /* 8 */ + { 2, "end opt", ASN1_EOC, ASN1_END }, /* 9 */ + { 2, "crlIssuer", ASN1_CONTEXT_C_2, ASN1_OPT|ASN1_OBJ }, /* 10 */ + { 2, "end opt", ASN1_EOC, ASN1_END }, /* 11 */ + { 0, "end loop", ASN1_EOC, ASN1_END }, /* 12 */ + { 0, "exit", ASN1_EOC, ASN1_EXIT } }; #define CRL_DIST_POINTS 1 #define CRL_DIST_POINTS_FULLNAME 3 @@ -801,7 +844,7 @@ static void add_cdps(linked_list_t *list, linked_list_t *uris, while (uris->remove_last(uris, (void**)&id) == SUCCESS) { - if (asprintf(&uri, "%Y", id) > 0) + if (gn_to_string(id, &uri)) { if (issuers->get_count(issuers)) { @@ -836,13 +879,14 @@ static void add_cdps(linked_list_t *list, linked_list_t *uris, /** * Extracts one or several crlDistributionPoints into a list */ -void x509_parse_crlDistributionPoints(chunk_t blob, int level0, +bool x509_parse_crlDistributionPoints(chunk_t blob, int level0, linked_list_t *list) { linked_list_t *uris, *issuers; asn1_parser_t *parser; chunk_t object; int objectID; + bool success = FALSE; uris = linked_list_create(); issuers = linked_list_create(); @@ -857,37 +901,45 @@ void x509_parse_crlDistributionPoints(chunk_t blob, int level0, add_cdps(list, uris, issuers); break; case CRL_DIST_POINTS_FULLNAME: - x509_parse_generalNames(object, parser->get_level(parser) + 1, - TRUE, uris); + if (!x509_parse_generalNames(object, + parser->get_level(parser) + 1, TRUE, uris)) + { + goto end; + } break; case CRL_DIST_POINTS_ISSUER: - x509_parse_generalNames(object, parser->get_level(parser) + 1, - TRUE, issuers); + if (!x509_parse_generalNames(object, + parser->get_level(parser) + 1, TRUE, issuers)) + { + goto end; + } break; default: break; } } - parser->destroy(parser); - + success = parser->success(parser); add_cdps(list, uris, issuers); - uris->destroy(uris); - issuers->destroy(issuers); +end: + parser->destroy(parser); + uris->destroy_offset(uris, offsetof(identification_t, destroy)); + issuers->destroy_offset(issuers, offsetof(identification_t, destroy)); + + return success; } /** * ASN.1 definition of nameConstraints */ static const asn1Object_t nameConstraintsObjects[] = { - { 0, "nameConstraints", ASN1_SEQUENCE, ASN1_LOOP }, /* 0 */ + { 0, "nameConstraints", ASN1_SEQUENCE, ASN1_NONE }, /* 0 */ { 1, "permittedSubtrees", ASN1_CONTEXT_C_0, ASN1_OPT|ASN1_LOOP }, /* 1 */ { 2, "generalSubtree", ASN1_SEQUENCE, ASN1_BODY }, /* 2 */ { 1, "end loop", ASN1_EOC, ASN1_END }, /* 3 */ { 1, "excludedSubtrees", ASN1_CONTEXT_C_1, ASN1_OPT|ASN1_LOOP }, /* 4 */ { 2, "generalSubtree", ASN1_SEQUENCE, ASN1_BODY }, /* 5 */ { 1, "end loop", ASN1_EOC, ASN1_END }, /* 6 */ - { 0, "end loop", ASN1_EOC, ASN1_END }, /* 7 */ { 0, "exit", ASN1_EOC, ASN1_EXIT } }; #define NAME_CONSTRAINT_PERMITTED 2 @@ -896,13 +948,14 @@ static const asn1Object_t nameConstraintsObjects[] = { /** * Parse permitted/excluded nameConstraints */ -static void parse_nameConstraints(chunk_t blob, int level0, +static bool parse_nameConstraints(chunk_t blob, int level0, private_x509_cert_t *this) { asn1_parser_t *parser; identification_t *id; chunk_t object; int objectID; + bool success = FALSE; parser = asn1_parser_create(nameConstraintsObjects, blob); parser->set_top_level(parser, level0); @@ -913,59 +966,69 @@ static void parse_nameConstraints(chunk_t blob, int level0, { case NAME_CONSTRAINT_PERMITTED: id = parse_generalName(object, parser->get_level(parser) + 1); - if (id) + if (!id) { - this->permitted_names->insert_last(this->permitted_names, id); + goto end; } + this->permitted_names->insert_last(this->permitted_names, id); break; case NAME_CONSTRAINT_EXCLUDED: id = parse_generalName(object, parser->get_level(parser) + 1); - if (id) + if (!id) { - this->excluded_names->insert_last(this->excluded_names, id); + goto end; } + this->excluded_names->insert_last(this->excluded_names, id); break; default: break; } } + success = parser->success(parser); + +end: parser->destroy(parser); + + return success; } /** * ASN.1 definition of a certificatePolicies extension */ static const asn1Object_t certificatePoliciesObject[] = { - { 0, "certificatePolicies", ASN1_SEQUENCE, ASN1_LOOP }, /* 0 */ - { 1, "policyInformation", ASN1_SEQUENCE, ASN1_NONE }, /* 1 */ - { 2, "policyId", ASN1_OID, ASN1_BODY }, /* 2 */ - { 2, "qualifiers", ASN1_SEQUENCE, ASN1_OPT|ASN1_LOOP }, /* 3 */ - { 3, "qualifierInfo", ASN1_SEQUENCE, ASN1_NONE }, /* 4 */ - { 4, "qualifierId", ASN1_OID, ASN1_BODY }, /* 5 */ - { 4, "cPSuri", ASN1_IA5STRING, ASN1_OPT|ASN1_BODY }, /* 6 */ - { 4, "end choice", ASN1_EOC, ASN1_END }, /* 7 */ - { 4, "userNotice", ASN1_SEQUENCE, ASN1_OPT|ASN1_BODY }, /* 8 */ - { 5, "explicitText", ASN1_EOC, ASN1_RAW }, /* 9 */ - { 4, "end choice", ASN1_EOC, ASN1_END }, /* 10 */ - { 2, "end opt/loop", ASN1_EOC, ASN1_END }, /* 12 */ - { 0, "end loop", ASN1_EOC, ASN1_END }, /* 13 */ - { 0, "exit", ASN1_EOC, ASN1_EXIT } + { 0, "certificatePolicies", ASN1_SEQUENCE, ASN1_LOOP }, /* 0 */ + { 1, "policyInformation", ASN1_SEQUENCE, ASN1_NONE }, /* 1 */ + { 2, "policyId", ASN1_OID, ASN1_BODY }, /* 2 */ + { 2, "qualifiers", ASN1_SEQUENCE, ASN1_OPT|ASN1_LOOP }, /* 3 */ + { 3, "qualifierInfo", ASN1_SEQUENCE, ASN1_NONE }, /* 4 */ + { 4, "qualifierId", ASN1_OID, ASN1_BODY }, /* 5 */ + { 4, "qualifier", ASN1_EOC, ASN1_CHOICE }, /* 6 */ + { 5, "cPSuri", ASN1_IA5STRING, ASN1_OPT|ASN1_BODY }, /* 7 */ + { 5, "end choice", ASN1_EOC, ASN1_END|ASN1_CH }, /* 8 */ + { 5, "userNotice", ASN1_SEQUENCE, ASN1_OPT|ASN1_BODY }, /* 9 */ + { 6, "explicitText", ASN1_EOC, ASN1_RAW }, /* 10 */ + { 5, "end choice", ASN1_EOC, ASN1_END|ASN1_CH }, /* 11 */ + { 4, "end choices", ASN1_EOC, ASN1_END|ASN1_CHOICE }, /* 12 */ + { 2, "end opt/loop", ASN1_EOC, ASN1_END }, /* 13 */ + { 0, "end loop", ASN1_EOC, ASN1_END }, /* 14 */ + { 0, "exit", ASN1_EOC, ASN1_EXIT } }; -#define CERT_POLICY_ID 2 -#define CERT_POLICY_QUALIFIER_ID 5 -#define CERT_POLICY_CPS_URI 6 -#define CERT_POLICY_EXPLICIT_TEXT 9 +#define CERT_POLICY_ID 2 +#define CERT_POLICY_QUALIFIER_ID 5 +#define CERT_POLICY_CPS_URI 7 +#define CERT_POLICY_EXPLICIT_TEXT 10 /** * Parse certificatePolicies */ -static void parse_certificatePolicies(chunk_t blob, int level0, +static bool parse_certificatePolicies(chunk_t blob, int level0, private_x509_cert_t *this) { x509_cert_policy_t *policy = NULL; asn1_parser_t *parser; chunk_t object; int objectID, qualifier = OID_UNKNOWN; + bool success; parser = asn1_parser_create(certificatePoliciesObject, blob); parser->set_top_level(parser, level0); @@ -998,7 +1061,10 @@ static void parse_certificatePolicies(chunk_t blob, int level0, break; } } + success = parser->success(parser); parser->destroy(parser); + + return success; } /** @@ -1019,13 +1085,14 @@ static const asn1Object_t policyMappingsObjects[] = { /** * Parse policyMappings */ -static void parse_policyMappings(chunk_t blob, int level0, +static bool parse_policyMappings(chunk_t blob, int level0, private_x509_cert_t *this) { x509_policy_mapping_t *map = NULL; asn1_parser_t *parser; chunk_t object; int objectID; + bool success; parser = asn1_parser_create(policyMappingsObjects, blob); parser->set_top_level(parser, level0); @@ -1054,7 +1121,10 @@ static void parse_policyMappings(chunk_t blob, int level0, break; } } + success = parser->success(parser); parser->destroy(parser); + + return success; } /** @@ -1076,12 +1146,13 @@ static const asn1Object_t policyConstraintsObjects[] = { /** * Parse policyConstraints */ -static void parse_policyConstraints(chunk_t blob, int level0, +static bool parse_policyConstraints(chunk_t blob, int level0, private_x509_cert_t *this) { asn1_parser_t *parser; chunk_t object; int objectID; + bool success; parser = asn1_parser_create(policyConstraintsObjects, blob); parser->set_top_level(parser, level0); @@ -1100,34 +1171,41 @@ static void parse_policyConstraints(chunk_t blob, int level0, break; } } + success = parser->success(parser); parser->destroy(parser); + + return success; } /** * ASN.1 definition of ipAddrBlocks according to RFC 3779 */ static const asn1Object_t ipAddrBlocksObjects[] = { - { 0, "ipAddrBlocks", ASN1_SEQUENCE, ASN1_LOOP }, /* 0 */ - { 1, "ipAddressFamily", ASN1_SEQUENCE, ASN1_NONE }, /* 1 */ - { 2, "addressFamily", ASN1_OCTET_STRING, ASN1_BODY }, /* 2 */ - { 2, "inherit", ASN1_NULL, ASN1_OPT|ASN1_NONE }, /* 3 */ - { 2, "end choice", ASN1_EOC, ASN1_END }, /* 4 */ - { 2, "addressesOrRanges", ASN1_SEQUENCE, ASN1_OPT|ASN1_LOOP }, /* 5 */ - { 3, "addressPrefix", ASN1_BIT_STRING, ASN1_OPT|ASN1_BODY }, /* 6 */ - { 3, "end choice", ASN1_EOC, ASN1_END }, /* 7 */ - { 3, "addressRange", ASN1_SEQUENCE, ASN1_OPT|ASN1_NONE }, /* 8 */ - { 4, "min", ASN1_BIT_STRING, ASN1_BODY }, /* 9 */ - { 4, "max", ASN1_BIT_STRING, ASN1_BODY }, /* 10 */ - { 3, "end choice", ASN1_EOC, ASN1_END }, /* 11 */ - { 2, "end opt/loop", ASN1_EOC, ASN1_END }, /* 12 */ - { 0, "end loop", ASN1_EOC, ASN1_END }, /* 13 */ - { 0, "exit", ASN1_EOC, ASN1_EXIT } + { 0, "ipAddrBlocks", ASN1_SEQUENCE, ASN1_LOOP }, /* 0 */ + { 1, "ipAddressFamily", ASN1_SEQUENCE, ASN1_NONE }, /* 1 */ + { 2, "addressFamily", ASN1_OCTET_STRING, ASN1_BODY }, /* 2 */ + { 2, "ipAddressChoice", ASN1_EOC, ASN1_CHOICE }, /* 3 */ + { 3, "inherit", ASN1_NULL, ASN1_OPT }, /* 4 */ + { 3, "end choice", ASN1_EOC, ASN1_END|ASN1_CH }, /* 5 */ + { 3, "addressesOrRanges", ASN1_SEQUENCE, ASN1_OPT|ASN1_LOOP }, /* 6 */ + { 4, "addressOrRange", ASN1_EOC, ASN1_CHOICE }, /* 7 */ + { 5, "addressPrefix", ASN1_BIT_STRING, ASN1_OPT|ASN1_BODY }, /* 8 */ + { 5, "end choice", ASN1_EOC, ASN1_END|ASN1_CH }, /* 9 */ + { 5, "addressRange", ASN1_SEQUENCE, ASN1_OPT }, /* 10 */ + { 6, "min", ASN1_BIT_STRING, ASN1_BODY }, /* 11 */ + { 6, "max", ASN1_BIT_STRING, ASN1_BODY }, /* 12 */ + { 5, "end choice", ASN1_EOC, ASN1_END|ASN1_CH }, /* 13 */ + { 4, "end choices", ASN1_EOC, ASN1_END|ASN1_CHOICE }, /* 14 */ + { 3, "end loop/choice", ASN1_EOC, ASN1_END|ASN1_CH }, /* 15 */ + { 2, "end choices", ASN1_EOC, ASN1_END|ASN1_CHOICE }, /* 16 */ + { 0, "end loop", ASN1_EOC, ASN1_END }, /* 17 */ + { 0, "exit", ASN1_EOC, ASN1_EXIT } }; #define IP_ADDR_BLOCKS_FAMILY 2 -#define IP_ADDR_BLOCKS_INHERIT 3 -#define IP_ADDR_BLOCKS_PREFIX 6 -#define IP_ADDR_BLOCKS_MIN 9 -#define IP_ADDR_BLOCKS_MAX 10 +#define IP_ADDR_BLOCKS_INHERIT 4 +#define IP_ADDR_BLOCKS_PREFIX 8 +#define IP_ADDR_BLOCKS_MIN 11 +#define IP_ADDR_BLOCKS_MAX 12 static bool check_address_object(ts_type_t ts_type, chunk_t object) { @@ -1171,7 +1249,7 @@ static bool check_address_object(ts_type_t ts_type, chunk_t object) return TRUE; } -static void parse_ipAddrBlocks(chunk_t blob, int level0, +static bool parse_ipAddrBlocks(chunk_t blob, int level0, private_x509_cert_t *this) { asn1_parser_t *parser; @@ -1179,6 +1257,7 @@ static void parse_ipAddrBlocks(chunk_t blob, int level0, ts_type_t ts_type = 0; traffic_selector_t *ts; int objectID; + bool success = FALSE; parser = asn1_parser_create(ipAddrBlocksObjects, blob); parser->set_top_level(parser, level0); @@ -1240,10 +1319,13 @@ static void parse_ipAddrBlocks(chunk_t blob, int level0, break; } } + success = parser->success(parser); this->flags |= X509_IP_ADDR_BLOCKS; end: parser->destroy(parser); + + return success; } /** @@ -1387,43 +1469,74 @@ static bool parse_certificate(private_x509_cert_t *this) this->subjectKeyIdentifier = object; break; case OID_SUBJECT_ALT_NAME: - x509_parse_generalNames(object, level, FALSE, - this->subjectAltNames); + if (!x509_parse_generalNames(object, level, FALSE, + this->subjectAltNames)) + { + goto end; + } break; case OID_BASIC_CONSTRAINTS: - parse_basicConstraints(object, level, this); + if (!parse_basicConstraints(object, level, this)) + { + goto end; + } break; case OID_CRL_DISTRIBUTION_POINTS: - x509_parse_crlDistributionPoints(object, level, - this->crl_uris); + if (!x509_parse_crlDistributionPoints(object, level, + this->crl_uris)) + { + goto end; + } break; case OID_AUTHORITY_KEY_ID: - this->authKeyIdentifier = x509_parse_authorityKeyIdentifier(object, - level, &this->authKeySerialNumber); + chunk_free(&this->authKeyIdentifier); + this->authKeyIdentifier = x509_parse_authorityKeyIdentifier( + object, level, &this->authKeySerialNumber); break; case OID_AUTHORITY_INFO_ACCESS: - parse_authorityInfoAccess(object, level, this); + if (!parse_authorityInfoAccess(object, level, this)) + { + goto end; + } break; case OID_KEY_USAGE: parse_keyUsage(object, this); break; case OID_EXTENDED_KEY_USAGE: - parse_extendedKeyUsage(object, level, this); + if (!parse_extendedKeyUsage(object, level, this)) + { + goto end; + } break; case OID_IP_ADDR_BLOCKS: - parse_ipAddrBlocks(object, level, this); + if (!parse_ipAddrBlocks(object, level, this)) + { + goto end; + } break; case OID_NAME_CONSTRAINTS: - parse_nameConstraints(object, level, this); + if (!parse_nameConstraints(object, level, this)) + { + goto end; + } break; case OID_CERTIFICATE_POLICIES: - parse_certificatePolicies(object, level, this); + if (!parse_certificatePolicies(object, level, this)) + { + goto end; + } break; case OID_POLICY_MAPPINGS: - parse_policyMappings(object, level, this); + if (!parse_policyMappings(object, level, this)) + { + goto end; + } break; case OID_POLICY_CONSTRAINTS: - parse_policyConstraints(object, level, this); + if (!parse_policyConstraints(object, level, this)) + { + goto end; + } break; case OID_INHIBIT_ANY_POLICY: if (!asn1_parse_simple_object(&object, ASN1_INTEGER, diff --git a/src/libstrongswan/plugins/x509/x509_crl.c b/src/libstrongswan/plugins/x509/x509_crl.c index 4d7e7bd10..d8913ad73 100644 --- a/src/libstrongswan/plugins/x509/x509_crl.c +++ b/src/libstrongswan/plugins/x509/x509_crl.c @@ -1,6 +1,7 @@ /* * Copyright (C) 2008-2009 Martin Willi - * Hochschule fuer Technik Rapperswil + * Copyright (C) 2017 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -149,7 +150,7 @@ extern chunk_t x509_parse_authorityKeyIdentifier(chunk_t blob, int level0, /** * from x509_cert */ -extern void x509_parse_crlDistributionPoints(chunk_t blob, int level0, +extern bool x509_parse_crlDistributionPoints(chunk_t blob, int level0, linked_list_t *list); /** @@ -309,8 +310,11 @@ static bool parse(private_x509_crl_t *this) this->crlNumber = object; break; case OID_FRESHEST_CRL: - x509_parse_crlDistributionPoints(object, level, - this->crl_uris); + if (!x509_parse_crlDistributionPoints(object, level, + this->crl_uris)) + { + goto end; + } break; case OID_DELTA_CRL_INDICATOR: if (!asn1_parse_simple_object(&object, ASN1_INTEGER, @@ -360,25 +364,33 @@ end: return success; } -/** - * enumerator filter callback for create_enumerator - */ -static bool filter(void *data, revoked_t **revoked, chunk_t *serial, void *p2, - time_t *date, void *p3, crl_reason_t *reason) +CALLBACK(filter, bool, + void *data, enumerator_t *orig, va_list args) { - if (serial) - { - *serial = (*revoked)->serial; - } - if (date) - { - *date = (*revoked)->date; - } - if (reason) + revoked_t *revoked; + crl_reason_t *reason; + chunk_t *serial; + time_t *date; + + VA_ARGS_VGET(args, serial, date, reason); + + if (orig->enumerate(orig, &revoked)) { - *reason = (*revoked)->reason; + if (serial) + { + *serial = revoked->serial; + } + if (date) + { + *date = revoked->date; + } + if (reason) + { + *reason = revoked->reason; + } + return TRUE; } - return TRUE; + return FALSE; } METHOD(crl_t, get_serial, chunk_t, @@ -418,7 +430,7 @@ METHOD(crl_t, create_enumerator, enumerator_t*, { return enumerator_create_filter( this->revoked->create_enumerator(this->revoked), - (void*)filter, NULL, NULL); + filter, NULL, NULL); } METHOD(certificate_t, get_type, certificate_type_t, diff --git a/src/libstrongswan/plugins/x509/x509_ocsp_response.c b/src/libstrongswan/plugins/x509/x509_ocsp_response.c index b46af30fe..140e9bfa9 100644 --- a/src/libstrongswan/plugins/x509/x509_ocsp_response.c +++ b/src/libstrongswan/plugins/x509/x509_ocsp_response.c @@ -228,32 +228,38 @@ METHOD(ocsp_response_t, create_cert_enumerator, enumerator_t*, return this->certs->create_enumerator(this->certs); } -/** - * enumerator filter callback for create_response_enumerator - */ -static bool filter(void *data, single_response_t **response, - chunk_t *serialNumber, - void *p2, cert_validation_t *status, - void *p3, time_t *revocationTime, - void *p4, crl_reason_t *revocationReason) +CALLBACK(filter, bool, + void *data, enumerator_t *orig, va_list args) { - if (serialNumber) - { - *serialNumber = (*response)->serialNumber; - } - if (status) - { - *status = (*response)->status; - } - if (revocationTime) - { - *revocationTime = (*response)->revocationTime; - } - if (revocationReason) + single_response_t *response; + cert_validation_t *status; + crl_reason_t *revocationReason; + chunk_t *serialNumber; + time_t *revocationTime; + + VA_ARGS_VGET(args, serialNumber, status, revocationTime, revocationReason); + + if (orig->enumerate(orig, &response)) { - *revocationReason = (*response)->revocationReason; + if (serialNumber) + { + *serialNumber = response->serialNumber; + } + if (status) + { + *status = response->status; + } + if (revocationTime) + { + *revocationTime = response->revocationTime; + } + if (revocationReason) + { + *revocationReason = response->revocationReason; + } + return TRUE; } - return TRUE; + return FALSE; } METHOD(ocsp_response_t, create_response_enumerator, enumerator_t*, @@ -261,7 +267,7 @@ METHOD(ocsp_response_t, create_response_enumerator, enumerator_t*, { return enumerator_create_filter( this->responses->create_enumerator(this->responses), - (void*)filter, NULL, NULL); + filter, NULL, NULL); } /** diff --git a/src/libstrongswan/plugins/x509/x509_pkcs10.c b/src/libstrongswan/plugins/x509/x509_pkcs10.c index 20561f7e2..e39e24bff 100644 --- a/src/libstrongswan/plugins/x509/x509_pkcs10.c +++ b/src/libstrongswan/plugins/x509/x509_pkcs10.c @@ -1,7 +1,6 @@ /* * Copyright (C) 2005 Jan Hutter, Martin Willi - * Copyright (C) 2009 Andreas Steffen - * + * Copyright (C) 2009-2017 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -101,7 +100,8 @@ struct private_x509_pkcs10_t { /** * Imported from x509_cert.c */ -extern void x509_parse_generalNames(chunk_t blob, int level0, bool implicit, linked_list_t *list); +extern bool x509_parse_generalNames(chunk_t blob, int level0, bool implicit, + linked_list_t *list); extern chunk_t x509_build_subjectAltNames(linked_list_t *list); METHOD(certificate_t, get_type, certificate_type_t, @@ -290,8 +290,11 @@ static bool parse_extension_request(private_x509_pkcs10_t *this, chunk_t blob, i switch (extn_oid) { case OID_SUBJECT_ALT_NAME: - x509_parse_generalNames(object, level, FALSE, - this->subjectAltNames); + if (!x509_parse_generalNames(object, level, FALSE, + this->subjectAltNames)) + { + goto end; + } break; default: break; @@ -303,7 +306,10 @@ static bool parse_extension_request(private_x509_pkcs10_t *this, chunk_t blob, i } } success = parser->success(parser); + +end: parser->destroy(parser); + return success; } diff --git a/src/libstrongswan/plugins/xcbc/Makefile.in b/src/libstrongswan/plugins/xcbc/Makefile.in index 78f9268c2..a23130851 100644 --- a/src/libstrongswan/plugins/xcbc/Makefile.in +++ b/src/libstrongswan/plugins/xcbc/Makefile.in @@ -355,6 +355,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -377,6 +378,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ diff --git a/src/libstrongswan/processing/processor.c b/src/libstrongswan/processing/processor.c index 27e5ab5f6..bd8d534a5 100644 --- a/src/libstrongswan/processing/processor.c +++ b/src/libstrongswan/processing/processor.c @@ -429,7 +429,15 @@ METHOD(processor_t, execute_job, void, METHOD(processor_t, set_threads, void, private_processor_t *this, u_int count) { + int i; + this->mutex->lock(this->mutex); + for (i = 0; i < JOB_PRIO_MAX; i++) + { + this->prio_threads[i] = lib->settings->get_int(lib->settings, + "%s.processor.priority_threads.%N", 0, lib->ns, + job_priority_names, i); + } if (count > this->total_threads) { /* increase thread count */ worker_thread_t *worker; @@ -551,13 +559,10 @@ processor_t *processor_create() .job_added = condvar_create(CONDVAR_TYPE_DEFAULT), .thread_terminated = condvar_create(CONDVAR_TYPE_DEFAULT), ); + for (i = 0; i < JOB_PRIO_MAX; i++) { this->jobs[i] = linked_list_create(); - this->prio_threads[i] = lib->settings->get_int(lib->settings, - "%s.processor.priority_threads.%N", 0, lib->ns, - job_priority_names, i); } - return &this->public; } diff --git a/src/libstrongswan/settings/settings.c b/src/libstrongswan/settings/settings.c index b00e8190c..2a92d523b 100644 --- a/src/libstrongswan/settings/settings.c +++ b/src/libstrongswan/settings/settings.c @@ -744,10 +744,8 @@ typedef struct { hashtable_t *seen; } enumerator_data_t; -/** - * Destroy enumerator data - */ -static void enumerator_destroy(enumerator_data_t *this) +CALLBACK(enumerator_destroy, void, + enumerator_data_t *this) { this->settings->lock->unlock(this->settings->lock); this->seen->destroy(this->seen); @@ -755,18 +753,25 @@ static void enumerator_destroy(enumerator_data_t *this) free(this); } -/** - * Enumerate section names, not sections - */ -static bool section_filter(hashtable_t *seen, section_t **in, char **out) +CALLBACK(section_filter, bool, + hashtable_t *seen, enumerator_t *orig, va_list args) { - *out = (*in)->name; - if (seen->get(seen, *out)) + section_t *section; + char **out; + + VA_ARGS_VGET(args, out); + + while (orig->enumerate(orig, §ion)) { - return FALSE; + if (seen->get(seen, section->name)) + { + continue; + } + *out = section->name; + seen->put(seen, section->name, section->name); + return TRUE; } - seen->put(seen, *out, *out); - return TRUE; + return FALSE; } /** @@ -776,8 +781,8 @@ static enumerator_t *section_enumerator(section_t *section, enumerator_data_t *data) { return enumerator_create_filter( - array_create_enumerator(section->sections_order), - (void*)section_filter, data->seen, NULL); + array_create_enumerator(section->sections_order), + section_filter, data->seen, NULL); } METHOD(settings_t, create_section_enumerator, enumerator_t*, @@ -803,23 +808,29 @@ METHOD(settings_t, create_section_enumerator, enumerator_t*, .seen = hashtable_create(hashtable_hash_str, hashtable_equals_str, 8), ); return enumerator_create_nested(array_create_enumerator(sections), - (void*)section_enumerator, data, (void*)enumerator_destroy); + (void*)section_enumerator, data, enumerator_destroy); } -/** - * Enumerate key and values, not kv_t entries - */ -static bool kv_filter(hashtable_t *seen, kv_t **in, char **key, - void *none, char **value) +CALLBACK(kv_filter, bool, + hashtable_t *seen, enumerator_t *orig, va_list args) { - *key = (*in)->key; - if (seen->get(seen, *key) || !(*in)->value) + kv_t *kv; + char **key, **value; + + VA_ARGS_VGET(args, key, value); + + while (orig->enumerate(orig, &kv)) { - return FALSE; + if (seen->get(seen, kv->key) || !kv->value) + { + continue; + } + *key = kv->key; + *value = kv->value; + seen->put(seen, kv->key, kv->key); + return TRUE; } - *value = (*in)->value; - seen->put(seen, *key, *key); - return TRUE; + return FALSE; } /** @@ -828,7 +839,7 @@ static bool kv_filter(hashtable_t *seen, kv_t **in, char **key, static enumerator_t *kv_enumerator(section_t *section, enumerator_data_t *data) { return enumerator_create_filter(array_create_enumerator(section->kv_order), - (void*)kv_filter, data->seen, NULL); + kv_filter, data->seen, NULL); } METHOD(settings_t, create_key_value_enumerator, enumerator_t*, diff --git a/src/libstrongswan/tests/Makefile.in b/src/libstrongswan/tests/Makefile.in index f4c607ca4..279e179ea 100644 --- a/src/libstrongswan/tests/Makefile.in +++ b/src/libstrongswan/tests/Makefile.in @@ -396,6 +396,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -418,6 +419,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ diff --git a/src/libstrongswan/tests/suites/test_asn1_parser.c b/src/libstrongswan/tests/suites/test_asn1_parser.c index 973562bff..ebbe7ddaf 100644 --- a/src/libstrongswan/tests/suites/test_asn1_parser.c +++ b/src/libstrongswan/tests/suites/test_asn1_parser.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2014 Andreas Steffen + * Copyright (C) 2014-2017 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -250,6 +250,7 @@ START_TEST(test_asn1_parser_option) i3 = *object.ptr; break; default: + break; } } @@ -264,6 +265,105 @@ START_TEST(test_asn1_parser_option) } END_TEST +/******************************************************************************* + * choice + */ + +typedef struct { + int i1, i2, i3, i4; + chunk_t blob; +} choice_test_t; + +static const asn1Object_t choiceObjects[] = { + { 0, "choiceObject", ASN1_EOC, ASN1_CHOICE }, /* 0 */ + { 1, "choiceA", ASN1_CONTEXT_C_0, ASN1_OPT|ASN1_CHOICE }, /* 1 */ + { 2, "choice1", ASN1_OCTET_STRING, ASN1_OPT|ASN1_BODY }, /* 2 */ + { 2, "end choice1", ASN1_EOC, ASN1_END|ASN1_CH }, /* 3 */ + { 2, "choice2", ASN1_INTEGER, ASN1_OPT|ASN1_BODY }, /* 4 */ + { 2, "end choice2", ASN1_EOC, ASN1_END|ASN1_CH }, /* 5 */ + { 1, "end choiceA", ASN1_EOC, ASN1_END|ASN1_CHOICE| + ASN1_CH }, /* 6 */ + { 1, "choiceB", ASN1_SEQUENCE, ASN1_OPT|ASN1_LOOP }, /* 7 */ + { 2, "choiceObject", ASN1_EOC, ASN1_CHOICE }, /* 8 */ + { 3, "choice3", ASN1_INTEGER, ASN1_OPT|ASN1_BODY }, /* 9 */ + { 3, "end choice3", ASN1_EOC, ASN1_END|ASN1_CH }, /* 10 */ + { 3, "choice4", ASN1_OCTET_STRING, ASN1_OPT|ASN1_BODY }, /* 11 */ + { 3, "end choice4", ASN1_EOC, ASN1_END|ASN1_CH }, /* 12 */ + { 2, "end choices", ASN1_EOC, ASN1_END|ASN1_CHOICE }, /* 13 */ + { 1, "end loop/choice", ASN1_EOC, ASN1_END|ASN1_CH }, /* 14 */ + { 0, "end choices", ASN1_EOC, ASN1_END|ASN1_CHOICE }, /* 15 */ + { 0, "exit", ASN1_EOC, ASN1_EXIT } +}; + +choice_test_t choice_tests[] = { + { 0, 0, 0, 0, { NULL, 0 } }, + { 0, 0, 0, 0, chunk_from_chars(0xA0, 0x00) }, + { 1, 0, 0, 0, chunk_from_chars(0xA0, 0x03, 0x04, 0x01, 0x01) }, + { 1, 0, 0, 0, chunk_from_chars(0xA0, 0x06, 0x04, 0x01, 0x01, + 0x02, 0x01, 0x02) }, + { 0, 2, 0, 0, chunk_from_chars(0xA0, 0x03, 0x02, 0x01, 0x02) }, + { 0, 2, 0, 0, chunk_from_chars(0xA0, 0x03, 0x02, 0x01, 0x02, + 0x30, 0x03, 0x02, 0x01, 0x03) }, + { 0, 0, 0, 0, chunk_from_chars(0xA0, 0x04, 0x03, 0x02, 0x00, 0x04) }, + { 0, 0, 3, 0, chunk_from_chars(0x30, 0x03, 0x02, 0x01, 0x03) }, + { 0, 0, 0, 4, chunk_from_chars(0x30, 0x03, 0x04, 0x01, 0x04) }, + { 0, 0, 3, 4, chunk_from_chars(0x30, 0x06, 0x04, 0x01, 0x04, + 0x02, 0x01, 0x03) }, + { 0, 0, 3, 4, chunk_from_chars(0x30, 0x06, 0x02, 0x01, 0x03, + 0x04, 0x01, 0x04) }, + { 0, 0, 6, 0, chunk_from_chars(0x30, 0x06, 0x02, 0x01, 0x03, + 0x02, 0x01, 0x03) }, + { 0, 0, 0, 8, chunk_from_chars(0x30, 0x06, 0x04, 0x01, 0x04, + 0x04, 0x01, 0x04) }, + { 0, 0, 0, 0, chunk_from_chars(0x30, 0x04, 0x03, 0x02, 0x00, 0x04) }, + { 0, 0, 0, 0, chunk_from_chars(0x03, 0x02, 0x00, 0x04) } +}; + +START_TEST(test_asn1_parser_choice) +{ + asn1_parser_t *parser; + chunk_t object; + int objectID, i1 = 0, i2 = 0, i3 = 0, i4 = 0; + bool success; + + parser = asn1_parser_create(choiceObjects, choice_tests[_i].blob); + while (parser->iterate(parser, &objectID, &object)) + { + switch (objectID) + { + case 2: + i1 += *object.ptr; + break; + case 4: + i2 += *object.ptr; + break; + case 9: + i3 += *object.ptr; + break; + case 11: + i4 += *object.ptr; + break; + default: + + break; + } + } + success = parser->success(parser); + parser->destroy(parser); + + ck_assert(success == (choice_tests[_i].i1 || + choice_tests[_i].i2 || + choice_tests[_i].i3 || + choice_tests[_i].i4 )); + + ck_assert(i1 == choice_tests[_i].i1 && + i2 == choice_tests[_i].i2 && + i3 == choice_tests[_i].i3 && + i4 == choice_tests[_i].i4 ); +} +END_TEST + + Suite *asn1_parser_suite_create() { Suite *s; @@ -287,5 +387,9 @@ Suite *asn1_parser_suite_create() tcase_add_loop_test(tc, test_asn1_parser_option, 0, countof(option_tests)); suite_add_tcase(s, tc); + tc = tcase_create("choice"); + tcase_add_loop_test(tc, test_asn1_parser_choice, 0, countof(choice_tests)); + suite_add_tcase(s, tc); + return s; } diff --git a/src/libstrongswan/tests/suites/test_enumerator.c b/src/libstrongswan/tests/suites/test_enumerator.c index 9bd6d24f2..b781ae9fd 100644 --- a/src/libstrongswan/tests/suites/test_enumerator.c +++ b/src/libstrongswan/tests/suites/test_enumerator.c @@ -104,25 +104,45 @@ static void destroy_data(void *data) * filtered test */ -static bool filter(int *data, int **v, int *vo, int **w, int *wo, - int **x, int *xo, int **y, int *yo, int **z, int *zo) +CALLBACK(filter, bool, + int *data, enumerator_t *orig, va_list args) { - int val = **v; + int *item, *vo, *wo, *xo, *yo, *zo; - *vo = val++; - *wo = val++; - *xo = val++; - *yo = val++; - *zo = val++; - fail_if(data != (void*)101, "data does not match '101' in filter function"); - return TRUE; + VA_ARGS_VGET(args, vo, wo, xo, yo, zo); + + if (orig->enumerate(orig, &item)) + { + int val = *item; + *vo = val++; + *wo = val++; + *xo = val++; + *yo = val++; + *zo = val++; + fail_if(data != (void*)101, "data does not match '101' in filter function"); + return TRUE; + } + return FALSE; } -static bool filter_odd(void *data, int **item, int *out) +CALLBACK(filter_odd, bool, + void *data, enumerator_t *orig, va_list args) { + int *item, *out; + + VA_ARGS_VGET(args, out); + fail_if(data != (void*)101, "data does not match '101' in filter function"); - *out = **item; - return **item % 2 == 0; + + while (orig->enumerate(orig, &item)) + { + if (*item % 2 == 0) + { + *out = *item; + return TRUE; + } + } + return FALSE; } START_TEST(test_filtered) @@ -136,7 +156,7 @@ START_TEST(test_filtered) round = 1; enumerator = enumerator_create_filter(list->create_enumerator(list), - (void*)filter, (void*)101, destroy_data); + filter, (void*)101, destroy_data); while (enumerator->enumerate(enumerator, &v, &w, &x, &y, &z)) { ck_assert_int_eq(v, round); @@ -166,7 +186,7 @@ START_TEST(test_filtered_filter) /* should also work without destructor, so set this manually */ destroy_data_called = 1; enumerator = enumerator_create_filter(list->create_enumerator(list), - (void*)filter_odd, (void*)101, NULL); + filter_odd, (void*)101, NULL); while (enumerator->enumerate(enumerator, &x)) { ck_assert(x % 2 == 0); diff --git a/src/libstrongswan/tests/suites/test_linked_list.c b/src/libstrongswan/tests/suites/test_linked_list.c index 7a161817c..aa1e0429f 100644 --- a/src/libstrongswan/tests/suites/test_linked_list.c +++ b/src/libstrongswan/tests/suites/test_linked_list.c @@ -183,26 +183,48 @@ END_TEST * find */ -static bool match_a_b(void *item, void *a, void *b) +CALLBACK(find_a_b, bool, + void *item, va_list args) { + void *a, *b; + + VA_ARGS_VGET(args, a, b); ck_assert(a == (void*)1); ck_assert(b == (void*)2); return item == a || item == b; } +CALLBACK(find_a, bool, + void *item, va_list args) +{ + void *a; + + VA_ARGS_VGET(args, a); + return match_a(item, a); +} + +CALLBACK(find_b, bool, + void *item, va_list args) +{ + void *b; + + VA_ARGS_VGET(args, b); + return match_b(item, b); +} + START_TEST(test_find) { void *a = (void*)1, *b = (void*)2; - ck_assert(list->find_first(list, NULL, &a) == NOT_FOUND); + ck_assert(!list->find_first(list, NULL, &a)); list->insert_last(list, a); - ck_assert(list->find_first(list, NULL, &a) == SUCCESS); - ck_assert(list->find_first(list, NULL, &b) == NOT_FOUND); + ck_assert(list->find_first(list, NULL, &a)); + ck_assert(!list->find_first(list, NULL, &b)); list->insert_last(list, b); - ck_assert(list->find_first(list, NULL, &a) == SUCCESS); - ck_assert(list->find_first(list, NULL, &b) == SUCCESS); + ck_assert(list->find_first(list, NULL, &a)); + ck_assert(list->find_first(list, NULL, &b)); - ck_assert(list->find_first(list, NULL, NULL) == NOT_FOUND); + ck_assert(!list->find_first(list, NULL, NULL)); } END_TEST @@ -210,29 +232,57 @@ START_TEST(test_find_callback) { void *a = (void*)1, *b = (void*)2, *x = NULL; - ck_assert(list->find_first(list, (linked_list_match_t)match_a_b, &x, a, b) == NOT_FOUND); + ck_assert(!list->find_first(list, find_a_b, &x, a, b)); list->insert_last(list, a); - ck_assert(list->find_first(list, (linked_list_match_t)match_a, NULL, a) == SUCCESS); + ck_assert(list->find_first(list, find_a, NULL, a)); x = NULL; - ck_assert(list->find_first(list, (linked_list_match_t)match_a, &x, a) == SUCCESS); + ck_assert(list->find_first(list, find_a, &x, a)); ck_assert(a == x); - ck_assert(list->find_first(list, (linked_list_match_t)match_b, &x, b) == NOT_FOUND); + ck_assert(!list->find_first(list, find_b, &x, b)); ck_assert(a == x); x = NULL; - ck_assert(list->find_first(list, (linked_list_match_t)match_a_b, &x, a, b) == SUCCESS); + ck_assert(list->find_first(list, find_a_b, &x, a, b)); ck_assert(a == x); list->insert_last(list, b); - ck_assert(list->find_first(list, (linked_list_match_t)match_a, &x, a) == SUCCESS); + ck_assert(list->find_first(list, find_a, &x, a)); ck_assert(a == x); - ck_assert(list->find_first(list, (linked_list_match_t)match_b, &x, b) == SUCCESS); + ck_assert(list->find_first(list, find_b, &x, b)); ck_assert(b == x); x = NULL; - ck_assert(list->find_first(list, (linked_list_match_t)match_a_b, &x, a, b) == SUCCESS); + ck_assert(list->find_first(list, find_a_b, &x, a, b)); ck_assert(a == x); } END_TEST +CALLBACK(find_args, bool, + void *item, va_list args) +{ + uint64_t d, e; + level_t c; + int *a, b; + + VA_ARGS_VGET(args, a, b, c, d, e); + ck_assert_int_eq(*a, 1); + ck_assert_int_eq(b, 2); + ck_assert_int_eq(c, LEVEL_PRIVATE); + ck_assert_int_eq(d, UINT64_MAX); + ck_assert_int_eq(e, UINT64_MAX-1); + return item == a; +} + +START_TEST(test_find_callback_args) +{ + int a = 1, b = 2, *x; + uint64_t d = UINT64_MAX; + + list->insert_last(list, &a); + ck_assert(list->find_first(list, find_args, (void**)&x, &a, b, + LEVEL_PRIVATE, d, UINT64_MAX-1)); + ck_assert_int_eq(a, *x); +} +END_TEST + /******************************************************************************* * invoke */ @@ -241,11 +291,16 @@ typedef struct invoke_t invoke_t; struct invoke_t { int val; - void (*invoke)(invoke_t *item, void *a, void *b, void *c, void *d, int *sum); + void (*invoke)(invoke_t *item); }; -static void invoke(intptr_t item, void *a, void *b, void *c, void *d, int *sum) +CALLBACK(invoke, void, + intptr_t item, va_list args) { + void *a, *b, *c, *d; + int *sum; + + VA_ARGS_VGET(args, a, b, c, d, sum); ck_assert_int_eq((uintptr_t)a, 1); ck_assert_int_eq((uintptr_t)b, 2); ck_assert_int_eq((uintptr_t)c, 3); @@ -253,9 +308,9 @@ static void invoke(intptr_t item, void *a, void *b, void *c, void *d, int *sum) *sum += item; } -static void invoke_offset(invoke_t *item, void *a, void *b, void *c, void *d, int *sum) +static void invoke_offset(invoke_t *item) { - invoke(item->val, a, b, c, d, sum); + item->val++; } START_TEST(test_invoke_function) @@ -267,8 +322,7 @@ START_TEST(test_invoke_function) list->insert_last(list, (void*)3); list->insert_last(list, (void*)4); list->insert_last(list, (void*)5); - list->invoke_function(list, (linked_list_invoke_t)invoke, - (uintptr_t)1, (uintptr_t)2, + list->invoke_function(list, invoke, (uintptr_t)1, (uintptr_t)2, (uintptr_t)3, (uintptr_t)4, &sum); ck_assert_int_eq(sum, 15); } @@ -282,17 +336,19 @@ START_TEST(test_invoke_offset) { .val = 3, .invoke = invoke_offset, }, { .val = 4, .invoke = invoke_offset, }, { .val = 5, .invoke = invoke_offset, }, - }; - int i, sum = 0; + }, *item; + int i; for (i = 0; i < countof(items); i++) { list->insert_last(list, &items[i]); } - list->invoke_offset(list, offsetof(invoke_t, invoke), - (uintptr_t)1, (uintptr_t)2, - (uintptr_t)3, (uintptr_t)4, &sum); - ck_assert_int_eq(sum, 15); + list->invoke_offset(list, offsetof(invoke_t, invoke)); + i = 2; + while (list->remove_first(list, (void**)&item) == SUCCESS) + { + ck_assert_int_eq(item->val, i++); + } } END_TEST @@ -458,6 +514,7 @@ Suite *linked_list_suite_create() tcase_add_checked_fixture(tc, setup_list, teardown_list); tcase_add_test(tc, test_find); tcase_add_test(tc, test_find_callback); + tcase_add_test(tc, test_find_callback_args); suite_add_tcase(s, tc); tc = tcase_create("invoke"); diff --git a/src/libstrongswan/tests/test_suite.h b/src/libstrongswan/tests/test_suite.h index 66c68465a..97c1b42c1 100644 --- a/src/libstrongswan/tests/test_suite.h +++ b/src/libstrongswan/tests/test_suite.h @@ -298,7 +298,7 @@ void test_fail_if_worker_failed(); chunk_t _a = (chunk_t)a; \ chunk_t _b = (chunk_t)b; \ test_fail_if_worker_failed(); \ - if (_a.len != _b.len || !memeq(a.ptr, b.ptr, a.len)) \ + if (_a.len != _b.len || !memeq(_a.ptr, _b.ptr, _a.len)) \ { \ test_fail_msg(__FILE__, __LINE__, \ #a " != " #b " (\"%#B\" != \"%#B\")", &_a, &_b); \ diff --git a/src/libstrongswan/utils/backtrace.c b/src/libstrongswan/utils/backtrace.c index 6dd68d60e..18b19166e 100644 --- a/src/libstrongswan/utils/backtrace.c +++ b/src/libstrongswan/utils/backtrace.c @@ -668,8 +668,12 @@ typedef struct { } frame_enumerator_t; METHOD(enumerator_t, frame_enumerate, bool, - frame_enumerator_t *this, void **addr) + frame_enumerator_t *this, va_list args) { + void **addr; + + VA_ARGS_VGET(args, addr); + if (this->i < this->bt->frame_count) { *addr = this->bt->frames[this->i++]; @@ -685,7 +689,8 @@ METHOD(backtrace_t, create_frame_enumerator, enumerator_t*, INIT(enumerator, .public = { - .enumerate = (void*)_frame_enumerate, + .enumerate = enumerator_enumerate_default, + .venumerate = _frame_enumerate, .destroy = (void*)free, }, .bt = this, diff --git a/src/libstrongswan/utils/chunk.c b/src/libstrongswan/utils/chunk.c index 0c50ab788..8f4b7efff 100644 --- a/src/libstrongswan/utils/chunk.c +++ b/src/libstrongswan/utils/chunk.c @@ -643,7 +643,7 @@ chunk_t chunk_from_base64(chunk_t base64, char *buf) outlen += 3; for (j = 0; j < 4; j++) { - if (*pos == '=') + if (*pos == '=' && outlen > 0) { outlen--; } diff --git a/src/libstrongswan/utils/identification.c b/src/libstrongswan/utils/identification.c index 384bd6c92..1a4769063 100644 --- a/src/libstrongswan/utils/identification.c +++ b/src/libstrongswan/utils/identification.c @@ -136,9 +136,12 @@ typedef struct { } rdn_enumerator_t; METHOD(enumerator_t, rdn_enumerate, bool, - rdn_enumerator_t *this, chunk_t *oid, u_char *type, chunk_t *data) + rdn_enumerator_t *this, va_list args) { - chunk_t rdn; + chunk_t rdn, *oid, *data; + u_char *type; + + VA_ARGS_VGET(args, oid, type, data); /* a DN contains one or more SET, each containing one or more SEQUENCES, * each containing a OID/value RDN */ @@ -173,7 +176,8 @@ static enumerator_t* create_rdn_enumerator(chunk_t dn) INIT(e, .public = { - .enumerate = (void*)_rdn_enumerate, + .enumerate = enumerator_enumerate_default, + .venumerate = _rdn_enumerate, .destroy = (void*)free, }, ); @@ -199,10 +203,11 @@ typedef struct { } rdn_part_enumerator_t; METHOD(enumerator_t, rdn_part_enumerate, bool, - rdn_part_enumerator_t *this, id_part_t *type, chunk_t *data) + rdn_part_enumerator_t *this, va_list args) { int i, known_oid, strtype; - chunk_t oid, inner_data; + chunk_t oid, inner_data, *data; + id_part_t *type; static const struct { int oid; id_part_t type; @@ -228,6 +233,8 @@ METHOD(enumerator_t, rdn_part_enumerate, bool, {OID_EMPLOYEE_NUMBER, ID_PART_RDN_EN}, }; + VA_ARGS_VGET(args, type, data); + while (this->inner->enumerate(this->inner, &oid, &strtype, &inner_data)) { known_oid = asn1_known_oid(oid); @@ -263,7 +270,8 @@ METHOD(identification_t, create_part_enumerator, enumerator_t*, INIT(e, .inner = create_rdn_enumerator(this->encoded), .public = { - .enumerate = (void*)_rdn_part_enumerate, + .enumerate = enumerator_enumerate_default, + .venumerate = _rdn_part_enumerate, .destroy = _rdn_part_enumerator_destroy, }, ); diff --git a/src/libstrongswan/utils/leak_detective.c b/src/libstrongswan/utils/leak_detective.c index ad67c0380..1dfeea557 100644 --- a/src/libstrongswan/utils/leak_detective.c +++ b/src/libstrongswan/utils/leak_detective.c @@ -606,6 +606,9 @@ static char *whitelist[] = { "system__tasking__stages__create_task", /* in case external threads call into our code */ "thread_current_id", + /* FHH IMCs and IMVs */ + "TNC_IMC_NotifyConnectionChange", + "TNC_IMV_NotifyConnectionChange", }; /** diff --git a/src/libstrongswan/utils/utils.h b/src/libstrongswan/utils/utils.h index 0aed842b1..33b8d1956 100644 --- a/src/libstrongswan/utils/utils.h +++ b/src/libstrongswan/utils/utils.h @@ -1,7 +1,7 @@ /* - * Copyright (C) 2008-2015 Tobias Brunner + * Copyright (C) 2008-2017 Tobias Brunner * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -28,6 +28,7 @@ #include #include #include +#include #ifdef HAVE_SYS_PARAM_H #include @@ -140,6 +141,49 @@ void utils_deinit(); #define _VA_ARGS_DISPATCH(func, num) __VA_ARGS_DISPATCH(func, num) #define __VA_ARGS_DISPATCH(func, num) func ## num +/** + * Assign variadic arguments to the given variables. + * + * @note The order and types of the variables are significant and must match the + * variadic arguments passed to the function that calls this macro exactly. + * + * @param last the last argument before ... in the function that calls this + * @param ... variable names + */ +#define VA_ARGS_GET(last, ...) ({ \ + va_list _va_args_get_ap; \ + va_start(_va_args_get_ap, last); \ + _VA_ARGS_GET_ASGN(__VA_ARGS__) \ + va_end(_va_args_get_ap); \ +}) + +/** + * Assign variadic arguments from a va_list to the given variables. + * + * @note The order and types of the variables are significant and must match the + * variadic arguments passed to the function that calls this macro exactly. + * + * @param list the va_list variable in the function that calls this + * @param ... variable names + */ +#define VA_ARGS_VGET(list, ...) ({ \ + va_list _va_args_get_ap; \ + va_copy(_va_args_get_ap, list); \ + _VA_ARGS_GET_ASGN(__VA_ARGS__) \ + va_end(_va_args_get_ap); \ +}) + +#define _VA_ARGS_GET_ASGN(...) VA_ARGS_DISPATCH(_VA_ARGS_GET_ASGN, __VA_ARGS__)(__VA_ARGS__) +#define _VA_ARGS_GET_ASGN1(v1) __VA_ARGS_GET_ASGN(v1) +#define _VA_ARGS_GET_ASGN2(v1,v2) __VA_ARGS_GET_ASGN(v1) __VA_ARGS_GET_ASGN(v2) +#define _VA_ARGS_GET_ASGN3(v1,v2,v3) __VA_ARGS_GET_ASGN(v1) __VA_ARGS_GET_ASGN(v2) \ + __VA_ARGS_GET_ASGN(v3) +#define _VA_ARGS_GET_ASGN4(v1,v2,v3,v4) __VA_ARGS_GET_ASGN(v1) __VA_ARGS_GET_ASGN(v2) \ + __VA_ARGS_GET_ASGN(v3) __VA_ARGS_GET_ASGN(v4) +#define _VA_ARGS_GET_ASGN5(v1,v2,v3,v4,v5) __VA_ARGS_GET_ASGN(v1) __VA_ARGS_GET_ASGN(v2) \ + __VA_ARGS_GET_ASGN(v3) __VA_ARGS_GET_ASGN(v4) __VA_ARGS_GET_ASGN(v5) +#define __VA_ARGS_GET_ASGN(v) v = va_arg(_va_args_get_ap, typeof(v)); + /** * Macro to allocate a sized type. */ diff --git a/src/libtls/Makefile.in b/src/libtls/Makefile.in index 197ffc479..ee1d7fc7e 100644 --- a/src/libtls/Makefile.in +++ b/src/libtls/Makefile.in @@ -408,6 +408,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -430,6 +431,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ diff --git a/src/libtls/tests/Makefile.in b/src/libtls/tests/Makefile.in index 22eb0994e..8c87e1dd0 100644 --- a/src/libtls/tests/Makefile.in +++ b/src/libtls/tests/Makefile.in @@ -352,6 +352,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -374,6 +375,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ diff --git a/src/libtls/tls_crypto.c b/src/libtls/tls_crypto.c index 84b511f53..05ae62b49 100644 --- a/src/libtls/tls_crypto.c +++ b/src/libtls/tls_crypto.c @@ -1296,28 +1296,32 @@ static struct { { ECP_192_BIT, TLS_SECP192R1}, }; -/** - * Filter EC groups, add TLS curve - */ -static bool group_filter(void *null, - diffie_hellman_group_t *in, diffie_hellman_group_t *out, - void* dummy1, tls_named_curve_t *curve) +CALLBACK(group_filter, bool, + void *null, enumerator_t *orig, va_list args) { + diffie_hellman_group_t group, *out; + tls_named_curve_t *curve; + char *plugin; int i; - for (i = 0; i < countof(curves); i++) + VA_ARGS_VGET(args, out, curve); + + while (orig->enumerate(orig, &group, &plugin)) { - if (curves[i].group == *in) + for (i = 0; i < countof(curves); i++) { - if (out) - { - *out = curves[i].group; - } - if (curve) + if (curves[i].group == group) { - *curve = curves[i].curve; + if (out) + { + *out = curves[i].group; + } + if (curve) + { + *curve = curves[i].curve; + } + return TRUE; } - return TRUE; } } return FALSE; @@ -1327,8 +1331,8 @@ METHOD(tls_crypto_t, create_ec_enumerator, enumerator_t*, private_tls_crypto_t *this) { return enumerator_create_filter( - lib->crypto->create_dh_enumerator(lib->crypto), - (void*)group_filter, NULL, NULL); + lib->crypto->create_dh_enumerator(lib->crypto), + group_filter, NULL, NULL); } METHOD(tls_crypto_t, set_protection, void, diff --git a/src/libtnccs/Makefile.am b/src/libtnccs/Makefile.am index 7a630fe54..ff7b54f6a 100644 --- a/src/libtnccs/Makefile.am +++ b/src/libtnccs/Makefile.am @@ -26,6 +26,15 @@ tnc/tnccs/tnccs_manager.h tnc/tnccs/tnccs_manager.c EXTRA_DIST = Android.mk +if STATIC_PLUGIN_CONSTRUCTORS +BUILT_SOURCES = $(srcdir)/plugin_constructors.c +CLEANFILES = $(srcdir)/plugin_constructors.c + +$(srcdir)/plugin_constructors.c: $(top_srcdir)/src/libstrongswan/plugins/plugin_constructors.py + $(AM_V_GEN) \ + $(PYTHON) $(top_srcdir)/src/libstrongswan/plugins/plugin_constructors.py ${t_plugins} > $@ +endif + # build optional plugins ######################## diff --git a/src/libtnccs/Makefile.in b/src/libtnccs/Makefile.in index a22a631bc..653d841a3 100644 --- a/src/libtnccs/Makefile.in +++ b/src/libtnccs/Makefile.in @@ -412,6 +412,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -434,6 +435,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ @@ -521,6 +523,8 @@ tnc/tnccs/tnccs.h tnc/tnccs/tnccs.c \ tnc/tnccs/tnccs_manager.h tnc/tnccs/tnccs_manager.c EXTRA_DIST = Android.mk +@STATIC_PLUGIN_CONSTRUCTORS_TRUE@BUILT_SOURCES = $(srcdir)/plugin_constructors.c +@STATIC_PLUGIN_CONSTRUCTORS_TRUE@CLEANFILES = $(srcdir)/plugin_constructors.c @MONOLITHIC_FALSE@SUBDIRS = . $(am__append_2) $(am__append_4) \ @MONOLITHIC_FALSE@ $(am__append_6) $(am__append_8) \ @MONOLITHIC_FALSE@ $(am__append_10) $(am__append_12) @@ -530,7 +534,8 @@ EXTRA_DIST = Android.mk @MONOLITHIC_TRUE@SUBDIRS = $(am__append_2) $(am__append_4) \ @MONOLITHIC_TRUE@ $(am__append_6) $(am__append_8) \ @MONOLITHIC_TRUE@ $(am__append_10) $(am__append_12) -all: all-recursive +all: $(BUILT_SOURCES) + $(MAKE) $(AM_MAKEFLAGS) all-recursive .SUFFIXES: .SUFFIXES: .c .lo .o .obj @@ -832,14 +837,16 @@ distdir: $(DISTFILES) fi; \ done check-am: all-am -check: check-recursive +check: $(BUILT_SOURCES) + $(MAKE) $(AM_MAKEFLAGS) check-recursive all-am: Makefile $(LTLIBRARIES) installdirs: installdirs-recursive installdirs-am: for dir in "$(DESTDIR)$(ipseclibdir)"; do \ test -z "$$dir" || $(MKDIR_P) "$$dir"; \ done -install: install-recursive +install: $(BUILT_SOURCES) + $(MAKE) $(AM_MAKEFLAGS) install-recursive install-exec: install-exec-recursive install-data: install-data-recursive uninstall: uninstall-recursive @@ -861,6 +868,7 @@ install-strip: mostlyclean-generic: clean-generic: + -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) @@ -875,6 +883,7 @@ distclean-generic: maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." + -test -z "$(BUILT_SOURCES)" || rm -f $(BUILT_SOURCES) clean: clean-recursive clean-am: clean-generic clean-ipseclibLTLIBRARIES clean-libtool \ @@ -946,7 +955,8 @@ ps-am: uninstall-am: uninstall-ipseclibLTLIBRARIES -.MAKE: $(am__recursive_targets) install-am install-strip +.MAKE: $(am__recursive_targets) all check install install-am \ + install-strip .PHONY: $(am__recursive_targets) CTAGS GTAGS TAGS all all-am check \ check-am clean clean-generic clean-ipseclibLTLIBRARIES \ @@ -967,6 +977,10 @@ uninstall-am: uninstall-ipseclibLTLIBRARIES .PRECIOUS: Makefile +@STATIC_PLUGIN_CONSTRUCTORS_TRUE@$(srcdir)/plugin_constructors.c: $(top_srcdir)/src/libstrongswan/plugins/plugin_constructors.py +@STATIC_PLUGIN_CONSTRUCTORS_TRUE@ $(AM_V_GEN) \ +@STATIC_PLUGIN_CONSTRUCTORS_TRUE@ $(PYTHON) $(top_srcdir)/src/libstrongswan/plugins/plugin_constructors.py ${t_plugins} > $@ + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff --git a/src/libtnccs/plugins/tnc_imc/Makefile.in b/src/libtnccs/plugins/tnc_imc/Makefile.in index 2d04cc10e..84dbf1461 100644 --- a/src/libtnccs/plugins/tnc_imc/Makefile.in +++ b/src/libtnccs/plugins/tnc_imc/Makefile.in @@ -360,6 +360,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -382,6 +383,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ diff --git a/src/libtnccs/plugins/tnc_imv/Makefile.in b/src/libtnccs/plugins/tnc_imv/Makefile.in index cfdd73c19..5fd128faa 100644 --- a/src/libtnccs/plugins/tnc_imv/Makefile.in +++ b/src/libtnccs/plugins/tnc_imv/Makefile.in @@ -361,6 +361,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -383,6 +384,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ diff --git a/src/libtnccs/plugins/tnc_imv/tnc_imv_recommendations.c b/src/libtnccs/plugins/tnc_imv/tnc_imv_recommendations.c index a9dbb2b9f..9c6307d65 100644 --- a/src/libtnccs/plugins/tnc_imv/tnc_imv_recommendations.c +++ b/src/libtnccs/plugins/tnc_imv/tnc_imv_recommendations.c @@ -320,31 +320,33 @@ METHOD(recommendations_t, set_reason_language, TNC_Result, return found ? TNC_RESULT_SUCCESS : TNC_RESULT_INVALID_PARAMETER; } -/** - * Enumerate reason and reason_language, not recommendation entries - */ -static bool reason_filter(void *null, recommendation_entry_t **entry, - TNC_IMVID *id, void *i2, chunk_t *reason, void *i3, - chunk_t *reason_language) +CALLBACK(reason_filter, bool, + void *null, enumerator_t *orig, va_list args) { - if ((*entry)->reason.len) - { - *id = (*entry)->id; - *reason = (*entry)->reason; - *reason_language = (*entry)->reason_language; - return TRUE; - } - else + recommendation_entry_t *entry; + TNC_IMVID *id; + chunk_t *reason, *reason_language; + + VA_ARGS_VGET(args, id, reason, reason_language); + + while (orig->enumerate(orig, &entry)) { - return FALSE; + if (entry->reason.len) + { + *id = entry->id; + *reason = entry->reason; + *reason_language = entry->reason_language; + return TRUE; + } } + return FALSE; } METHOD(recommendations_t, create_reason_enumerator, enumerator_t*, private_tnc_imv_recommendations_t *this) { return enumerator_create_filter(this->recs->create_enumerator(this->recs), - (void*)reason_filter, NULL, NULL); + reason_filter, NULL, NULL); } METHOD(recommendations_t, destroy, void, diff --git a/src/libtnccs/plugins/tnc_tnccs/Makefile.in b/src/libtnccs/plugins/tnc_tnccs/Makefile.in index 094d3be9d..acddd84a2 100644 --- a/src/libtnccs/plugins/tnc_tnccs/Makefile.in +++ b/src/libtnccs/plugins/tnc_tnccs/Makefile.in @@ -360,6 +360,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -382,6 +383,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ diff --git a/src/libtnccs/plugins/tnccs_11/Makefile.in b/src/libtnccs/plugins/tnccs_11/Makefile.in index d816d6b10..b6b80749b 100644 --- a/src/libtnccs/plugins/tnccs_11/Makefile.in +++ b/src/libtnccs/plugins/tnccs_11/Makefile.in @@ -370,6 +370,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -392,6 +393,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ diff --git a/src/libtnccs/plugins/tnccs_11/tnccs_11_plugin.c b/src/libtnccs/plugins/tnccs_11/tnccs_11_plugin.c index f534af008..191adbb77 100644 --- a/src/libtnccs/plugins/tnccs_11/tnccs_11_plugin.c +++ b/src/libtnccs/plugins/tnccs_11/tnccs_11_plugin.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2010 Andreas Steffen + * Copyright (C) 2010-2017 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -17,6 +17,7 @@ #include "tnccs_11.h" #include +#include METHOD(plugin_t, get_name, char*, tnccs_11_plugin_t *this) @@ -39,6 +40,7 @@ METHOD(plugin_t, get_features, int, METHOD(plugin_t, destroy, void, tnccs_11_plugin_t *this) { + xmlCleanupParser(); free(this); } @@ -56,6 +58,7 @@ plugin_t *tnccs_11_plugin_create() .destroy = _destroy, }, ); + xmlInitParser(); return &this->plugin; } diff --git a/src/libtnccs/plugins/tnccs_20/Makefile.in b/src/libtnccs/plugins/tnccs_20/Makefile.in index a64288fa1..2a1d327b4 100644 --- a/src/libtnccs/plugins/tnccs_20/Makefile.in +++ b/src/libtnccs/plugins/tnccs_20/Makefile.in @@ -373,6 +373,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -395,6 +396,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ diff --git a/src/libtnccs/plugins/tnccs_dynamic/Makefile.in b/src/libtnccs/plugins/tnccs_dynamic/Makefile.in index 043e64d9a..65201ddaa 100644 --- a/src/libtnccs/plugins/tnccs_dynamic/Makefile.in +++ b/src/libtnccs/plugins/tnccs_dynamic/Makefile.in @@ -360,6 +360,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -382,6 +383,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ diff --git a/src/libtnccs/tnc/tnc.c b/src/libtnccs/tnc/tnc.c index 80ba61c5a..9627be862 100644 --- a/src/libtnccs/tnc/tnc.c +++ b/src/libtnccs/tnc/tnc.c @@ -54,6 +54,13 @@ struct private_tnc_t { refcount_t ref; }; +/** + * Register plugins if built statically + */ +#ifdef STATIC_PLUGIN_CONSTRUCTORS +#include "plugin_constructors.c" +#endif + /** * Single instance of tnc_t. */ diff --git a/src/libtncif/Makefile.in b/src/libtncif/Makefile.in index 77c950a60..2432a704f 100644 --- a/src/libtncif/Makefile.in +++ b/src/libtncif/Makefile.in @@ -322,6 +322,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -344,6 +345,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ diff --git a/src/libtpmtss/Makefile.am b/src/libtpmtss/Makefile.am index c7ac39a09..5f3a97a99 100644 --- a/src/libtpmtss/Makefile.am +++ b/src/libtpmtss/Makefile.am @@ -33,6 +33,15 @@ else SUBDIRS = . endif +if STATIC_PLUGIN_CONSTRUCTORS +BUILT_SOURCES = $(srcdir)/plugin_constructors.c +CLEANFILES = $(srcdir)/plugin_constructors.c + +$(srcdir)/plugin_constructors.c: $(top_srcdir)/src/libstrongswan/plugins/plugin_constructors.py + $(AM_V_GEN) \ + $(PYTHON) $(top_srcdir)/src/libstrongswan/plugins/plugin_constructors.py ${p_plugins} > $@ +endif + if USE_TPM SUBDIRS += plugins/tpm if MONOLITHIC diff --git a/src/libtpmtss/Makefile.in b/src/libtpmtss/Makefile.in index 1a19fb5c8..405d717d9 100644 --- a/src/libtpmtss/Makefile.in +++ b/src/libtpmtss/Makefile.in @@ -400,6 +400,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -422,6 +423,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ @@ -508,7 +510,10 @@ libtpmtss_la_SOURCES = \ @MONOLITHIC_FALSE@SUBDIRS = . $(am__append_3) @MONOLITHIC_TRUE@SUBDIRS = $(am__append_3) -all: all-recursive +@STATIC_PLUGIN_CONSTRUCTORS_TRUE@BUILT_SOURCES = $(srcdir)/plugin_constructors.c +@STATIC_PLUGIN_CONSTRUCTORS_TRUE@CLEANFILES = $(srcdir)/plugin_constructors.c +all: $(BUILT_SOURCES) + $(MAKE) $(AM_MAKEFLAGS) all-recursive .SUFFIXES: .SUFFIXES: .c .lo .o .obj @@ -777,14 +782,16 @@ distdir: $(DISTFILES) fi; \ done check-am: all-am -check: check-recursive +check: $(BUILT_SOURCES) + $(MAKE) $(AM_MAKEFLAGS) check-recursive all-am: Makefile $(LTLIBRARIES) installdirs: installdirs-recursive installdirs-am: for dir in "$(DESTDIR)$(ipseclibdir)"; do \ test -z "$$dir" || $(MKDIR_P) "$$dir"; \ done -install: install-recursive +install: $(BUILT_SOURCES) + $(MAKE) $(AM_MAKEFLAGS) install-recursive install-exec: install-exec-recursive install-data: install-data-recursive uninstall: uninstall-recursive @@ -806,6 +813,7 @@ install-strip: mostlyclean-generic: clean-generic: + -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) @@ -814,6 +822,7 @@ distclean-generic: maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." + -test -z "$(BUILT_SOURCES)" || rm -f $(BUILT_SOURCES) clean: clean-recursive clean-am: clean-generic clean-ipseclibLTLIBRARIES clean-libtool \ @@ -885,7 +894,8 @@ ps-am: uninstall-am: uninstall-ipseclibLTLIBRARIES -.MAKE: $(am__recursive_targets) install-am install-strip +.MAKE: $(am__recursive_targets) all check install install-am \ + install-strip .PHONY: $(am__recursive_targets) CTAGS GTAGS TAGS all all-am check \ check-am clean clean-generic clean-ipseclibLTLIBRARIES \ @@ -906,6 +916,10 @@ uninstall-am: uninstall-ipseclibLTLIBRARIES .PRECIOUS: Makefile +@STATIC_PLUGIN_CONSTRUCTORS_TRUE@$(srcdir)/plugin_constructors.c: $(top_srcdir)/src/libstrongswan/plugins/plugin_constructors.py +@STATIC_PLUGIN_CONSTRUCTORS_TRUE@ $(AM_V_GEN) \ +@STATIC_PLUGIN_CONSTRUCTORS_TRUE@ $(PYTHON) $(top_srcdir)/src/libstrongswan/plugins/plugin_constructors.py ${p_plugins} > $@ + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff --git a/src/libtpmtss/plugins/tpm/Makefile.in b/src/libtpmtss/plugins/tpm/Makefile.in index 9e2641bc6..eb9489eb4 100644 --- a/src/libtpmtss/plugins/tpm/Makefile.in +++ b/src/libtpmtss/plugins/tpm/Makefile.in @@ -357,6 +357,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -379,6 +380,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ diff --git a/src/libtpmtss/tpm_tss.c b/src/libtpmtss/tpm_tss.c index b7b970c8d..42a341896 100644 --- a/src/libtpmtss/tpm_tss.c +++ b/src/libtpmtss/tpm_tss.c @@ -17,6 +17,13 @@ #include "tpm_tss_tss2.h" #include "tpm_tss_trousers.h" +/** + * Register plugins if built statically + */ +#ifdef STATIC_PLUGIN_CONSTRUCTORS +#include "plugin_constructors.c" +#endif + /** * Described in header. */ diff --git a/src/manager/Makefile.in b/src/manager/Makefile.in index 8b0a40245..58c247e1b 100644 --- a/src/manager/Makefile.in +++ b/src/manager/Makefile.in @@ -374,6 +374,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -396,6 +397,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ diff --git a/src/manager/xml.c b/src/manager/xml.c index bf5bbbf05..0aee5f69b 100644 --- a/src/manager/xml.c +++ b/src/manager/xml.c @@ -67,8 +67,13 @@ typedef struct { } child_enum_t; METHOD(enumerator_t, child_enumerate, bool, - child_enum_t *e, private_xml_t **child, char **name, char **value) + child_enum_t *e, va_list args) { + private_xml_t **child; + char **name, **value; + + VA_ARGS_VGET(args, child, name, value); + while (e->node && e->node->type != XML_ELEMENT_NODE) { e->node = e->node->next; @@ -120,7 +125,8 @@ METHOD(xml_t, children, enumerator_t*, child_enum_t *ce; INIT(ce, .e = { - .enumerate = (void*)_child_enumerate, + .enumerate = enumerator_enumerate_default, + .venumerate = _child_enumerate, .destroy = _child_destroy, }, .child = { diff --git a/src/medsrv/Makefile.in b/src/medsrv/Makefile.in index 249728b69..7561ad91c 100644 --- a/src/medsrv/Makefile.in +++ b/src/medsrv/Makefile.in @@ -363,6 +363,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -385,6 +386,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ diff --git a/src/pki/Makefile.in b/src/pki/Makefile.in index 72d554a48..ed95d812a 100644 --- a/src/pki/Makefile.in +++ b/src/pki/Makefile.in @@ -376,6 +376,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -398,6 +399,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ diff --git a/src/pki/commands/issue.c b/src/pki/commands/issue.c index b0399c78b..e41c56d08 100644 --- a/src/pki/commands/issue.c +++ b/src/pki/commands/issue.c @@ -406,6 +406,7 @@ static int issue() goto end; } public->destroy(public); + public = NULL; if (hex) { diff --git a/src/pki/commands/signcrl.c b/src/pki/commands/signcrl.c index 6bccf1b09..25a3aac52 100644 --- a/src/pki/commands/signcrl.c +++ b/src/pki/commands/signcrl.c @@ -61,16 +61,24 @@ static void revoked_destroy(revoked_t *revoked) free(revoked); } -/** - * Filter for revoked enumerator - */ -static bool filter(void *data, revoked_t **revoked, chunk_t *serial, void *p2, - time_t *date, void *p3, crl_reason_t *reason) +CALLBACK(filter, bool, + void *data, enumerator_t *orig, va_list args) { - *serial = (*revoked)->serial; - *date = (*revoked)->date; - *reason = (*revoked)->reason; - return TRUE; + revoked_t *revoked; + crl_reason_t *reason; + chunk_t *serial; + time_t *date; + + VA_ARGS_VGET(args, serial, date, reason); + + if (orig->enumerate(orig, &revoked)) + { + *serial = revoked->serial; + *date = revoked->date; + *reason = revoked->reason; + return TRUE; + } + return FALSE; } /** @@ -392,7 +400,7 @@ static int sign_crl() chunk_increment(crl_serial); enumerator = enumerator_create_filter(list->create_enumerator(list), - (void*)filter, NULL, NULL); + filter, NULL, NULL); crl = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509_CRL, BUILD_SIGNING_KEY, private, BUILD_SIGNING_CERT, ca, BUILD_SERIAL, crl_serial, diff --git a/src/pki/man/Makefile.in b/src/pki/man/Makefile.in index e40aca3b4..a469f8b1c 100644 --- a/src/pki/man/Makefile.in +++ b/src/pki/man/Makefile.in @@ -313,6 +313,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -335,6 +336,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ diff --git a/src/pool/Makefile.in b/src/pool/Makefile.in index d67830ea8..415de5503 100644 --- a/src/pool/Makefile.in +++ b/src/pool/Makefile.in @@ -358,6 +358,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -380,6 +381,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ diff --git a/src/pt-tls-client/Makefile.in b/src/pt-tls-client/Makefile.in index 2c87f5fa5..7912c6058 100644 --- a/src/pt-tls-client/Makefile.in +++ b/src/pt-tls-client/Makefile.in @@ -327,6 +327,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -349,6 +350,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ diff --git a/src/scepclient/Makefile.in b/src/scepclient/Makefile.in index 47b0c8c3d..9b2023f7d 100644 --- a/src/scepclient/Makefile.in +++ b/src/scepclient/Makefile.in @@ -355,6 +355,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -377,6 +378,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ diff --git a/src/starter/Makefile.in b/src/starter/Makefile.in index 3c89b0c77..97a0713c3 100644 --- a/src/starter/Makefile.in +++ b/src/starter/Makefile.in @@ -400,6 +400,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -422,6 +423,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ diff --git a/src/starter/args.c b/src/starter/args.c index 0874cc7e5..477a52082 100644 --- a/src/starter/args.c +++ b/src/starter/args.c @@ -110,6 +110,7 @@ static const char *LST_authby[] = { static const char *LST_fragmentation[] = { "no", + "accept", "yes", "force", NULL @@ -164,6 +165,7 @@ static const token_info_t token_info[] = { ARG_TIME, offsetof(starter_conn_t, dpd_timeout), NULL }, { ARG_ENUM, offsetof(starter_conn_t, dpd_action), LST_dpd_action }, { ARG_ENUM, offsetof(starter_conn_t, close_action), LST_dpd_action }, + { ARG_ENUM, offsetof(starter_conn_t, sha256_96), LST_bool }, { ARG_TIME, offsetof(starter_conn_t, inactivity), NULL }, { ARG_MISC, 0, NULL /* KW_MODECONFIG */ }, { ARG_MISC, 0, NULL /* KW_XAUTH */ }, diff --git a/src/starter/confread.h b/src/starter/confread.h index 45f34ce23..8ee730daa 100644 --- a/src/starter/confread.h +++ b/src/starter/confread.h @@ -65,6 +65,7 @@ typedef enum { typedef enum { /* same as in ike_cfg.h */ FRAGMENTATION_NO, + FRAGMENTATION_ACCEPT, FRAGMENTATION_YES, FRAGMENTATION_FORCE, } fragmentation_t; @@ -161,6 +162,8 @@ struct starter_conn { dpd_action_t close_action; + bool sha256_96; + time_t inactivity; bool me_mediation; diff --git a/src/starter/keywords.c b/src/starter/keywords.c index 762c5d947..505b66010 100644 --- a/src/starter/keywords.c +++ b/src/starter/keywords.c @@ -54,7 +54,7 @@ struct kw_entry { kw_token_t token; }; -#define TOTAL_KEYWORDS 139 +#define TOTAL_KEYWORDS 140 #define MIN_WORD_LENGTH 2 #define MAX_WORD_LENGTH 17 #define MIN_HASH_VALUE 9 @@ -80,7 +80,7 @@ hash (str, len) 258, 258, 258, 258, 258, 258, 258, 258, 258, 258, 258, 258, 258, 258, 258, 258, 258, 258, 258, 258, 258, 258, 258, 258, 258, 258, 258, 258, 258, 14, - 129, 258, 258, 258, 258, 258, 258, 258, 258, 258, + 129, 258, 258, 258, 4, 258, 258, 258, 258, 258, 258, 258, 258, 258, 258, 258, 258, 258, 258, 258, 258, 258, 258, 258, 258, 258, 258, 258, 258, 258, 258, 258, 258, 258, 258, 258, 258, 258, 258, 258, @@ -202,6 +202,7 @@ static const struct kw_entry wordlist[] = {"klipsdebug", KW_SETUP_DEPRECATED}, {"ldapbase", KW_CA_DEPRECATED}, {"overridemtu", KW_SETUP_DEPRECATED}, + {"sha256_96", KW_SHA256_96}, {"ocspuri1", KW_OCSPURI}, {"dpdtimeout", KW_DPDTIMEOUT}, {"aaa_identity", KW_AAA_IDENTITY}, @@ -278,20 +279,20 @@ static const short lookup[] = 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, -1, -1, 60, 61, 62, -1, 63, -1, 64, -1, 65, 66, 67, 68, 69, 70, 71, 72, - -1, 73, 74, 75, 76, 77, 78, -1, 79, -1, - -1, 80, 81, -1, 82, -1, -1, 83, 84, 85, - 86, 87, 88, -1, 89, -1, 90, 91, -1, 92, - 93, -1, 94, 95, -1, 96, -1, -1, 97, 98, - 99, 100, -1, 101, -1, 102, 103, 104, -1, 105, - 106, 107, 108, 109, 110, 111, 112, 113, 114, 115, - -1, 116, -1, 117, -1, 118, -1, -1, 119, 120, - -1, -1, -1, -1, -1, 121, -1, 122, -1, 123, - 124, 125, -1, -1, -1, -1, -1, 126, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, 127, -1, - -1, 128, 129, -1, 130, -1, 131, -1, -1, -1, - -1, -1, -1, 132, -1, 133, -1, 134, 135, -1, - -1, -1, -1, 136, -1, -1, -1, -1, -1, -1, - 137, -1, -1, -1, -1, -1, -1, 138 + -1, 73, 74, 75, 76, 77, 78, 79, 80, -1, + -1, 81, 82, -1, 83, -1, -1, 84, 85, 86, + 87, 88, 89, -1, 90, -1, 91, 92, -1, 93, + 94, -1, 95, 96, -1, 97, -1, -1, 98, 99, + 100, 101, -1, 102, -1, 103, 104, 105, -1, 106, + 107, 108, 109, 110, 111, 112, 113, 114, 115, 116, + -1, 117, -1, 118, -1, 119, -1, -1, 120, 121, + -1, -1, -1, -1, -1, 122, -1, 123, -1, 124, + 125, 126, -1, -1, -1, -1, -1, 127, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 128, -1, + -1, 129, 130, -1, 131, -1, 132, -1, -1, -1, + -1, -1, -1, 133, -1, 134, -1, 135, 136, -1, + -1, -1, -1, 137, -1, -1, -1, -1, -1, -1, + 138, -1, -1, -1, -1, -1, -1, 139 }; #ifdef __GNUC__ diff --git a/src/starter/keywords.h b/src/starter/keywords.h index 94af493f8..0cb46a740 100644 --- a/src/starter/keywords.h +++ b/src/starter/keywords.h @@ -64,6 +64,7 @@ enum kw_token_t { KW_DPDTIMEOUT, KW_DPDACTION, KW_CLOSEACTION, + KW_SHA256_96, KW_INACTIVITY, KW_MODECONFIG, KW_XAUTH, diff --git a/src/starter/keywords.txt b/src/starter/keywords.txt index ee0bd31e1..3f92dc83f 100644 --- a/src/starter/keywords.txt +++ b/src/starter/keywords.txt @@ -61,6 +61,7 @@ dpddelay, KW_DPDDELAY dpdtimeout, KW_DPDTIMEOUT dpdaction, KW_DPDACTION closeaction, KW_CLOSEACTION +sha256_96, KW_SHA256_96 inactivity, KW_INACTIVITY modeconfig, KW_MODECONFIG xauth, KW_XAUTH diff --git a/src/starter/parser/conf_parser.c b/src/starter/parser/conf_parser.c index 6d1c54d20..66e0ae8e4 100644 --- a/src/starter/parser/conf_parser.c +++ b/src/starter/parser/conf_parser.c @@ -158,10 +158,13 @@ typedef struct { } dictionary_enumerator_t; METHOD(enumerator_t, dictionary_enumerate, bool, - dictionary_enumerator_t *this, char **key, char **value) + dictionary_enumerator_t *this, va_list args) { setting_t *setting; section_t *parent; + char **key, **value; + + VA_ARGS_VGET(args, key, value); while (TRUE) { @@ -221,7 +224,8 @@ METHOD(dictionary_t, dictionary_create_enumerator, enumerator_t*, INIT(enumerator, .public = { - .enumerate = (void*)_dictionary_enumerate, + .enumerate = enumerator_enumerate_default, + .venumerate = _dictionary_enumerate, .destroy = _dictionary_enumerator_destroy, }, .seen = hashtable_create(hashtable_hash_str, hashtable_equals_str, 8), @@ -290,24 +294,43 @@ static dictionary_t *section_dictionary_create(private_conf_parser_t *parser, return &this->public; } -static bool conn_filter(void *unused, section_t **section, char **name) +CALLBACK(conn_filter, bool, + void *unused, enumerator_t *orig, va_list args) { - if (streq((*section)->name, "%default")) + section_t *section; + char **name; + + VA_ARGS_VGET(args, name); + + while (orig->enumerate(orig, §ion)) { - return FALSE; + if (!streq(section->name, "%default")) + { + *name = section->name; + return TRUE; + } } - *name = (*section)->name; - return TRUE; + return FALSE; } -static bool ca_filter(void *unused, void *key, char **name, section_t **section) +CALLBACK(ca_filter, bool, + void *unused, enumerator_t *orig, va_list args) { - if (streq((*section)->name, "%default")) + void *key; + section_t *section; + char **name; + + VA_ARGS_VGET(args, name); + + while (orig->enumerate(orig, &key, §ion)) { - return FALSE; + if (!streq(section->name, "%default")) + { + *name = section->name; + return TRUE; + } } - *name = (*section)->name; - return TRUE; + return FALSE; } METHOD(conf_parser_t, get_sections, enumerator_t*, @@ -317,12 +340,12 @@ METHOD(conf_parser_t, get_sections, enumerator_t*, { case CONF_PARSER_CONN: return enumerator_create_filter( - array_create_enumerator(this->conns_order), - (void*)conn_filter, NULL, NULL); + array_create_enumerator(this->conns_order), + conn_filter, NULL, NULL); case CONF_PARSER_CA: return enumerator_create_filter( - this->cas->create_enumerator(this->cas), - (void*)ca_filter, NULL, NULL); + this->cas->create_enumerator(this->cas), + ca_filter, NULL, NULL); case CONF_PARSER_CONFIG_SETUP: default: return enumerator_create_empty(); diff --git a/src/starter/starterstroke.c b/src/starter/starterstroke.c index b92c00c87..90af9372a 100644 --- a/src/starter/starterstroke.c +++ b/src/starter/starterstroke.c @@ -220,6 +220,7 @@ int starter_stroke_add_conn(starter_config_t *cfg, starter_conn_t *conn) msg->add_conn.dpd.timeout = conn->dpd_timeout; msg->add_conn.dpd.action = conn->dpd_action; msg->add_conn.close_action = conn->close_action; + msg->add_conn.sha256_96 = conn->sha256_96; msg->add_conn.inactivity = conn->inactivity; msg->add_conn.ikeme.mediation = conn->me_mediation; push_string(&msg, add_conn.ikeme.mediated_by, conn->me_mediated_by); diff --git a/src/starter/tests/Makefile.in b/src/starter/tests/Makefile.in index 8e9028a7e..6ce8bdaee 100644 --- a/src/starter/tests/Makefile.in +++ b/src/starter/tests/Makefile.in @@ -352,6 +352,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -374,6 +375,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ diff --git a/src/stroke/Makefile.in b/src/stroke/Makefile.in index fff0a5ea0..6af83d9b7 100644 --- a/src/stroke/Makefile.in +++ b/src/stroke/Makefile.in @@ -326,6 +326,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -348,6 +349,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ diff --git a/src/stroke/stroke_msg.h b/src/stroke/stroke_msg.h index a3b911d0f..60ea0028d 100644 --- a/src/stroke/stroke_msg.h +++ b/src/stroke/stroke_msg.h @@ -302,6 +302,7 @@ struct stroke_msg_t { } mark_in, mark_out; stroke_end_t me, other; uint32_t replay_window; + bool sha256_96; } add_conn; /* data for STR_ADD_CA */ diff --git a/src/swanctl/Makefile.in b/src/swanctl/Makefile.in index 7e2a1da6b..b5313a37d 100644 --- a/src/swanctl/Makefile.in +++ b/src/swanctl/Makefile.in @@ -375,6 +375,7 @@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ host = @host@ @@ -397,6 +398,7 @@ json_CFLAGS = @json_CFLAGS@ json_LIBS = @json_LIBS@ libdir = @libdir@ libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ libiptc_CFLAGS = @libiptc_CFLAGS@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ diff --git a/src/swanctl/commands/load_creds.c b/src/swanctl/commands/load_creds.c index 848d8512c..d8541061e 100644 --- a/src/swanctl/commands/load_creds.c +++ b/src/swanctl/commands/load_creds.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2016 Tobias Brunner + * Copyright (C) 2016-2017 Tobias Brunner * Copyright (C) 2015 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * @@ -34,8 +34,6 @@ #include -#define HASH_SIZE_SHA1_HEX (2 * HASH_SIZE_SHA1) - /** * Context used to track loaded secrets */ @@ -144,6 +142,7 @@ static bool load_key(load_ctx_t *ctx, char *dir, char *type, chunk_t data) vici_req_t *req; vici_res_t *res; bool ret = TRUE; + char *id; req = vici_begin("load-key"); @@ -178,6 +177,8 @@ static bool load_key(load_ctx_t *ctx, char *dir, char *type, chunk_t data) else { printf("loaded %s key from '%s'\n", type, dir); + id = vici_find_str(res, "", "id"); + free(ctx->keys->remove(ctx->keys, id)); } vici_free_res(res); return ret; @@ -190,8 +191,7 @@ static bool load_key_anytype(load_ctx_t *ctx, char *path, private_key_t *private) { bool loaded = FALSE; - chunk_t encoding, keyid; - char hex[HASH_SIZE_SHA1_HEX + 1]; + chunk_t encoding; if (!private->get_encoding(private, PRIVKEY_ASN1_DER, &encoding)) { @@ -213,13 +213,6 @@ static bool load_key_anytype(load_ctx_t *ctx, char *path, fprintf(stderr, "unsupported key type in '%s'\n", path); break; } - - if (loaded && - private->get_fingerprint(private, KEYID_PUBKEY_SHA1, &keyid) && - snprintf(hex, sizeof(hex), "%+B", &keyid) == HASH_SIZE_SHA1_HEX) - { - free(ctx->keys->remove(ctx->keys, hex)); - } chunk_clear(&encoding); return loaded; } @@ -408,7 +401,7 @@ static void* decrypt_with_config(load_ctx_t *ctx, char *name, char *type, /** * Try to decrypt and load a private key */ -static bool load_encrypted_key(load_ctx_t *ctx, char *rel, char *path, +static bool load_encrypted_key(load_ctx_t *ctx, char *rel, char *path, char *type, chunk_t data) { private_key_t *private; diff --git a/src/swanctl/swanctl.conf b/src/swanctl/swanctl.conf index 789b128fd..b2045a3d8 100644 --- a/src/swanctl/swanctl.conf +++ b/src/swanctl/swanctl.conf @@ -47,7 +47,7 @@ # Timeout for DPD checks (IKEV1 only). # dpd_timeout = 0s - # Use IKE UDP datagram fragmentation. (yes, no or force). + # Use IKE UDP datagram fragmentation. (yes, accept, no or force). # fragmentation = yes # Send certificate requests payloads (yes or no). @@ -227,6 +227,9 @@ # ESP proposals to offer for the CHILD_SA. # esp_proposals = default + # Use incorrect 96-bit truncation for HMAC-SHA-256. + # sha256_96 = no + # Local traffic selectors to include in CHILD_SA. # local_ts = dynamic @@ -308,6 +311,10 @@ # IPsec replay window to configure for this CHILD_SA. # replay_window = 32 + # Enable hardware offload for this CHILD_SA, if supported by the + # IPsec implementation. + # hw_offload = no + # Action to perform after loading the configuration (none, trap, # start). # start_action = none diff --git a/src/swanctl/swanctl.conf.5.main b/src/swanctl/swanctl.conf.5.main index 6e1e9adfb..9f4044d7e 100644 --- a/src/swanctl/swanctl.conf.5.main +++ b/src/swanctl/swanctl.conf.5.main @@ -168,18 +168,29 @@ Use IKE fragmentation (proprietary IKEv1 extension or RFC 7383 IKEv2 fragmentation). Acceptable values are .RI "" "yes" "" (the default), +.RI "" "accept" "," .RI "" "force" "" and .RI "" "no" "." -Fragmented IKE messages sent by a peer are always accepted irrespective of -the value of this option. If set to +If set to .RI "" "yes" "," -and the peer supports it, -oversized IKE messages will be sent in fragments. If set to +and the peer supports it, oversized IKE +messages will be sent in fragments. If set to +.RI "" "accept" "," +support for +fragmentation is announced to the peer but the daemon does not send its own +messages in fragments. If set to .RI "" "force" "" -(only -supported for IKEv1) the initial IKE message will already be fragmented if -required. +(only supported for IKEv1) the initial +IKE message will already be fragmented if required. Finally, setting the option +to +.RI "" "no" "" +will disable announcing support for this feature. + +Note that fragmented IKE messages sent by a peer are always accepted +irrespective of the value of this option (even when set to +.RI "" "no" ")." + .TP .BR connections..send_certreq " [yes]" @@ -785,6 +796,14 @@ interoperability. If no algorithms are specified for AH nor ESP, the .RI "" "default" "" set of algorithms for ESP is included. +.TP +.BR connections..children..sha256_96 " [no]" +HMAC\-SHA\-256 is used with 128\-bit truncation with IPsec. For compatibility with +implementations that incorrectly use 96\-bit truncation this option may be +enabled to configure the shorter truncation length in the kernel. This is not +negotiated, so this only works with peers that use the incorrect truncation +length (or have this option enabled). + .TP .BR connections..children..local_ts " [dynamic]" Comma separated list of local traffic selectors to include in CHILD_SA. Each @@ -1064,6 +1083,11 @@ IPsec replay window to configure for this CHILD_SA. Larger values than the default of 32 are supported using the Netlink backend only, a value of 0 disables IPsec replay protection. +.TP +.BR connections..children..hw_offload " [no]" +Enable hardware offload for this CHILD_SA, if supported by the IPsec +implementation. + .TP .BR connections..children..start_action " [none]" Action to perform after loading the configuration. The default of diff --git a/src/swanctl/swanctl.opt b/src/swanctl/swanctl.opt index bdd92177f..7e204db61 100644 --- a/src/swanctl/swanctl.opt +++ b/src/swanctl/swanctl.opt @@ -154,15 +154,19 @@ connections..dpd_timeout = 0s specified; this option has no effect on connections using IKE2. connections..fragmentation = yes - Use IKE UDP datagram fragmentation. (_yes_, _no_ or _force_). + Use IKE UDP datagram fragmentation. (_yes_, _accept_, _no_ or _force_). Use IKE fragmentation (proprietary IKEv1 extension or RFC 7383 IKEv2 - fragmentation). Acceptable values are _yes_ (the default), _force_ and - _no_. Fragmented IKE messages sent by a peer are always accepted - irrespective of the value of this option. If set to _yes_, and the peer - supports it, oversized IKE messages will be sent in fragments. If set to - _force_ (only supported for IKEv1) the initial IKE message will already - be fragmented if required. + fragmentation). Acceptable values are _yes_ (the default), _accept_, + _force_ and _no_. If set to _yes_, and the peer supports it, oversized IKE + messages will be sent in fragments. If set to _accept_, support for + fragmentation is announced to the peer but the daemon does not send its own + messages in fragments. If set to _force_ (only supported for IKEv1) the + initial IKE message will already be fragmented if required. Finally, setting + the option to _no_ will disable announcing support for this feature. + + Note that fragmented IKE messages sent by a peer are always accepted + irrespective of the value of this option (even when set to _no_). connections..send_certreq = yes Send certificate requests payloads (_yes_ or _no_). @@ -647,6 +651,15 @@ connections..children..esp_proposals = default for interoperability. If no algorithms are specified for AH nor ESP, the _default_ set of algorithms for ESP is included. +connections..children..sha256_96 = no + Use incorrect 96-bit truncation for HMAC-SHA-256. + + HMAC-SHA-256 is used with 128-bit truncation with IPsec. For compatibility + with implementations that incorrectly use 96-bit truncation this option may + be enabled to configure the shorter truncation length in the kernel. This + is not negotiated, so this only works with peers that use the incorrect + truncation length (or have this option enabled). + connections..children..local_ts = dynamic Local traffic selectors to include in CHILD_SA. @@ -884,6 +897,10 @@ connections..children..replay_window = 32 default of 32 are supported using the Netlink backend only, a value of 0 disables IPsec replay protection. +connections..children..hw_offload = no + Enable hardware offload for this CHILD_SA, if supported by the IPsec + implementation. + connections..children..start_action = none Action to perform after loading the configuration (_none_, _trap_, _start_). -- cgit v1.2.3 From 11d6b62db969bdd808d0f56706cb18f113927a31 Mon Sep 17 00:00:00 2001 From: Yves-Alexis Perez Date: Fri, 1 Sep 2017 17:21:25 +0200 Subject: New upstream version 5.6.0 --- Android.common.mk | 2 +- Makefile.in | 8 +- NEWS | 44 +- conf/Makefile.am | 9 +- conf/Makefile.in | 17 +- conf/format-options.py | 42 +- conf/options/charon.conf | 2 +- conf/options/charon.opt | 2 +- conf/options/imcv.conf | 17 + conf/options/imcv.opt | 9 + conf/options/sw-collector.conf | 31 + conf/options/sw-collector.opt | 31 + conf/options/swanctl.conf | 3 + conf/options/swanctl.opt | 5 +- conf/plugins/curl.conf | 12 + conf/plugins/curl.opt | 3 + conf/plugins/eap-aka-3ggp2.conf | 10 - conf/plugins/eap-aka-3ggp2.opt | 1 - conf/plugins/eap-aka-3gpp.conf | 12 + conf/plugins/eap-aka-3gpp.opt | 3 + conf/plugins/eap-aka-3gpp2.conf | 12 + conf/plugins/eap-aka-3gpp2.opt | 4 + conf/plugins/imc-swid.opt | 7 +- conf/plugins/imc-swima.conf | 8 + conf/plugins/imc-swima.opt | 21 + conf/plugins/imv-swima.conf | 8 + conf/plugins/imv-swima.opt | 5 + conf/strongswan.conf.5.main | 101 +- config.h.in | 9 + configure | 459 ++++++-- configure.ac | 77 +- fuzz/Makefile.in | 8 +- init/Makefile.in | 8 +- init/systemd-swanctl/Makefile.in | 8 +- init/systemd/Makefile.in | 8 +- man/Makefile.in | 8 +- man/ipsec.conf.5.in | 5 +- scripts/Makefile.in | 8 +- src/Makefile.am | 4 + src/Makefile.in | 17 +- src/_copyright/Makefile.in | 8 +- src/_updown/Makefile.in | 8 +- src/aikgen/Makefile.in | 8 +- src/charon-cmd/Makefile.in | 8 +- src/charon-nm/Makefile.in | 8 +- src/charon-svc/Makefile.in | 8 +- src/charon-systemd/Makefile.in | 8 +- src/charon-tkm/Makefile.in | 8 +- src/charon-tkm/src/ees/ees_callbacks.c | 1 + src/charon-tkm/src/tkm/tkm_kernel_ipsec.c | 71 +- src/charon-tkm/src/tkm/tkm_kernel_sad.c | 86 +- src/charon-tkm/src/tkm/tkm_kernel_sad.h | 18 +- src/charon-tkm/tests/kernel_sad_tests.c | 38 +- src/charon/Makefile.in | 8 +- src/checksum/Makefile.am | 8 + src/checksum/Makefile.in | 13 +- src/conftest/Makefile.in | 8 +- src/dumm/Makefile.am | 9 +- src/dumm/Makefile.in | 64 +- src/dumm/ext/dumm.c | 2 + src/dumm/irdumm.c | 2 + src/include/Makefile.in | 8 +- src/ipsec/Makefile.in | 8 +- src/ipsec/_ipsec.8 | 2 +- src/ipsec/_ipsec.in | 2 +- src/libcharon/Android.mk | 2 + src/libcharon/Makefile.am | 7 + src/libcharon/Makefile.in | 234 ++-- src/libcharon/bus/bus.c | 5 +- src/libcharon/config/peer_cfg.c | 30 +- src/libcharon/encoding/generator.c | 2 +- src/libcharon/encoding/message.h | 8 +- src/libcharon/encoding/payloads/encodings.h | 2 +- .../encoding/payloads/proposal_substructure.c | 2 +- src/libcharon/kernel/kernel_interface.h | 2 + src/libcharon/plugins/addrblock/Makefile.in | 8 +- src/libcharon/plugins/android_dns/Makefile.in | 8 +- src/libcharon/plugins/android_log/Makefile.in | 8 +- src/libcharon/plugins/attr/Makefile.in | 8 +- src/libcharon/plugins/attr_sql/Makefile.in | 8 +- src/libcharon/plugins/bypass_lan/Makefile.in | 8 +- src/libcharon/plugins/certexpire/Makefile.in | 8 +- src/libcharon/plugins/connmark/Makefile.in | 8 +- src/libcharon/plugins/coupling/Makefile.in | 8 +- src/libcharon/plugins/dhcp/Makefile.in | 8 +- src/libcharon/plugins/dnscert/Makefile.in | 8 +- src/libcharon/plugins/duplicheck/Makefile.in | 8 +- src/libcharon/plugins/eap_aka/Makefile.in | 8 +- src/libcharon/plugins/eap_aka_3gpp/Makefile.am | 22 + src/libcharon/plugins/eap_aka_3gpp/Makefile.in | 809 ++++++++++++++ .../plugins/eap_aka_3gpp/eap_aka_3gpp_card.c | 208 ++++ .../plugins/eap_aka_3gpp/eap_aka_3gpp_card.h | 75 ++ .../plugins/eap_aka_3gpp/eap_aka_3gpp_functions.c | 364 +++++++ .../plugins/eap_aka_3gpp/eap_aka_3gpp_functions.h | 172 +++ .../plugins/eap_aka_3gpp/eap_aka_3gpp_plugin.c | 164 +++ .../plugins/eap_aka_3gpp/eap_aka_3gpp_plugin.h | 89 ++ .../plugins/eap_aka_3gpp/eap_aka_3gpp_provider.c | 205 ++++ .../plugins/eap_aka_3gpp/eap_aka_3gpp_provider.h | 74 ++ src/libcharon/plugins/eap_aka_3gpp2/Makefile.in | 8 +- src/libcharon/plugins/eap_dynamic/Makefile.in | 8 +- src/libcharon/plugins/eap_gtc/Makefile.in | 8 +- src/libcharon/plugins/eap_identity/Makefile.in | 8 +- src/libcharon/plugins/eap_md5/Makefile.in | 8 +- src/libcharon/plugins/eap_mschapv2/Makefile.in | 8 +- src/libcharon/plugins/eap_peap/Makefile.in | 8 +- src/libcharon/plugins/eap_radius/Makefile.in | 8 +- .../plugins/eap_radius/eap_radius_accounting.c | 2 +- src/libcharon/plugins/eap_sim/Makefile.in | 8 +- src/libcharon/plugins/eap_sim_file/Makefile.in | 8 +- src/libcharon/plugins/eap_sim_pcsc/Makefile.in | 8 +- .../plugins/eap_simaka_pseudonym/Makefile.in | 8 +- .../plugins/eap_simaka_reauth/Makefile.in | 8 +- src/libcharon/plugins/eap_simaka_sql/Makefile.in | 8 +- src/libcharon/plugins/eap_tls/Makefile.in | 8 +- src/libcharon/plugins/eap_tnc/Makefile.in | 8 +- src/libcharon/plugins/eap_ttls/Makefile.in | 8 +- src/libcharon/plugins/error_notify/Makefile.in | 8 +- .../plugins/error_notify/error_notify_socket.c | 3 +- src/libcharon/plugins/ext_auth/Makefile.in | 8 +- src/libcharon/plugins/farp/Makefile.in | 8 +- src/libcharon/plugins/farp/farp_listener.c | 1 + src/libcharon/plugins/forecast/Makefile.in | 8 +- src/libcharon/plugins/ha/Makefile.in | 8 +- src/libcharon/plugins/ipseckey/Makefile.in | 8 +- src/libcharon/plugins/kernel_iph/Makefile.in | 8 +- src/libcharon/plugins/kernel_libipsec/Makefile.in | 8 +- src/libcharon/plugins/kernel_netlink/Makefile.in | 8 +- .../plugins/kernel_netlink/kernel_netlink_ipsec.c | 14 +- .../plugins/kernel_netlink/kernel_netlink_shared.c | 14 +- src/libcharon/plugins/kernel_pfkey/Makefile.in | 8 +- src/libcharon/plugins/kernel_pfroute/Makefile.in | 8 +- .../plugins/kernel_pfroute/kernel_pfroute_net.c | 4 +- src/libcharon/plugins/kernel_wfp/Makefile.in | 8 +- src/libcharon/plugins/led/Makefile.in | 8 +- src/libcharon/plugins/load_tester/Makefile.in | 8 +- src/libcharon/plugins/lookip/Makefile.in | 8 +- src/libcharon/plugins/medcli/Makefile.in | 8 +- src/libcharon/plugins/medsrv/Makefile.in | 8 +- src/libcharon/plugins/osx_attr/Makefile.in | 8 +- src/libcharon/plugins/p_cscf/Makefile.in | 8 +- src/libcharon/plugins/radattr/Makefile.in | 8 +- src/libcharon/plugins/resolve/Makefile.in | 8 +- src/libcharon/plugins/smp/Makefile.in | 8 +- src/libcharon/plugins/socket_default/Makefile.in | 8 +- src/libcharon/plugins/socket_dynamic/Makefile.in | 8 +- src/libcharon/plugins/socket_win/Makefile.in | 8 +- src/libcharon/plugins/sql/Makefile.in | 8 +- src/libcharon/plugins/sql/sql_config.c | 93 +- src/libcharon/plugins/sql/sql_cred.c | 10 +- src/libcharon/plugins/stroke/Makefile.in | 8 +- src/libcharon/plugins/stroke/stroke_config.c | 27 +- src/libcharon/plugins/systime_fix/Makefile.in | 8 +- src/libcharon/plugins/tnc_ifmap/Makefile.in | 8 +- src/libcharon/plugins/tnc_pdp/Makefile.in | 8 +- src/libcharon/plugins/uci/Makefile.in | 8 +- src/libcharon/plugins/unity/Makefile.in | 8 +- src/libcharon/plugins/updown/Makefile.in | 8 +- src/libcharon/plugins/vici/Makefile.in | 8 +- src/libcharon/plugins/vici/perl/Makefile.in | 8 +- src/libcharon/plugins/vici/python/Makefile.in | 8 +- src/libcharon/plugins/vici/ruby/Makefile.in | 10 +- src/libcharon/plugins/vici/ruby/lib/vici.rb | 2 +- src/libcharon/plugins/whitelist/Makefile.in | 8 +- src/libcharon/plugins/xauth_eap/Makefile.in | 8 +- src/libcharon/plugins/xauth_generic/Makefile.in | 8 +- src/libcharon/plugins/xauth_noauth/Makefile.in | 8 +- src/libcharon/plugins/xauth_pam/Makefile.in | 8 +- src/libcharon/sa/child_sa.c | 143 ++- src/libcharon/sa/child_sa.h | 34 +- src/libcharon/sa/ikev1/task_manager_v1.c | 6 +- src/libcharon/sa/ikev1/tasks/quick_mode.c | 7 +- src/libcharon/sa/ikev2/keymat_v2.c | 7 +- src/libcharon/sa/ikev2/tasks/child_create.c | 81 +- src/libcharon/sa/ikev2/tasks/child_delete.c | 1 - src/libcharon/sa/ikev2/tasks/child_rekey.c | 62 +- src/libcharon/sa/trap_manager.c | 59 +- src/libcharon/tests/Makefile.in | 8 +- src/libcharon/tests/suites/test_child_rekey.c | 82 +- src/libcharon/tests/utils/exchange_test_asserts.h | 12 +- src/libcharon/tests/utils/sa_asserts.h | 3 +- src/libfast/Makefile.in | 8 +- src/libimcv/Android.mk | 11 + src/libimcv/Makefile.am | 41 +- src/libimcv/Makefile.in | 361 ++++++- src/libimcv/ietf/ietf_attr.c | 37 +- src/libimcv/ietf/ietf_attr.h | 18 +- src/libimcv/ietf/ietf_attr_pa_tnc_error.c | 22 +- src/libimcv/ietf/ietf_attr_pa_tnc_error.h | 21 +- src/libimcv/ietf/swima/ietf_swima_attr_req.c | 320 ++++++ src/libimcv/ietf/swima/ietf_swima_attr_req.h | 96 ++ src/libimcv/ietf/swima/ietf_swima_attr_sw_ev.c | 482 +++++++++ src/libimcv/ietf/swima/ietf_swima_attr_sw_ev.h | 111 ++ src/libimcv/ietf/swima/ietf_swima_attr_sw_inv.c | 438 ++++++++ src/libimcv/ietf/swima/ietf_swima_attr_sw_inv.h | 112 ++ src/libimcv/imcv.h | 3 + src/libimcv/imcv_tests.h | 4 +- src/libimcv/imv/data.sql | 118 ++- src/libimcv/imv/imv_policy_manager.c | 25 + src/libimcv/imv/tables.sql | 57 +- src/libimcv/pa_tnc/pa_tnc_msg.c | 5 +- src/libimcv/plugins/imc_attestation/Makefile.in | 8 +- src/libimcv/plugins/imc_hcd/Makefile.in | 8 +- src/libimcv/plugins/imc_os/Makefile.in | 8 +- src/libimcv/plugins/imc_scanner/Makefile.in | 8 +- src/libimcv/plugins/imc_swid/Makefile.am | 17 +- src/libimcv/plugins/imc_swid/Makefile.in | 86 +- src/libimcv/plugins/imc_swid/imc_swid.c | 13 +- ...id.2004-03.org.strongswan_strongSwan.swidtag.in | 12 - .../strongswan.org__strongSwan-5-6-0.swidtag | 11 + .../imc_swid/strongswan.org__strongSwan.swidtag.in | 11 + src/libimcv/plugins/imc_swima/Makefile.am | 33 + src/libimcv/plugins/imc_swima/Makefile.in | 828 +++++++++++++++ src/libimcv/plugins/imc_swima/imc_swima.c | 407 +++++++ src/libimcv/plugins/imc_swima/imc_swima_state.c | 176 +++ src/libimcv/plugins/imc_swima/imc_swima_state.h | 51 + .../strongswan.org__strongSwan-5-6-0.swidtag | 11 + .../strongswan.org__strongSwan.swidtag.in | 11 + src/libimcv/plugins/imc_test/Makefile.in | 8 +- src/libimcv/plugins/imv_attestation/Makefile.in | 8 +- src/libimcv/plugins/imv_attestation/attest_db.c | 239 +++-- src/libimcv/plugins/imv_attestation/attest_usage.c | 7 +- src/libimcv/plugins/imv_hcd/Makefile.in | 8 +- src/libimcv/plugins/imv_os/Makefile.in | 8 +- src/libimcv/plugins/imv_scanner/Makefile.in | 8 +- src/libimcv/plugins/imv_swid/Makefile.am | 3 +- src/libimcv/plugins/imv_swid/Makefile.in | 14 +- src/libimcv/plugins/imv_swid/imv_swid_agent.c | 14 +- src/libimcv/plugins/imv_swid/imv_swid_rest.c | 124 --- src/libimcv/plugins/imv_swid/imv_swid_rest.h | 63 -- src/libimcv/plugins/imv_swid/imv_swid_state.c | 14 +- src/libimcv/plugins/imv_swima/Makefile.am | 21 + src/libimcv/plugins/imv_swima/Makefile.in | 795 ++++++++++++++ src/libimcv/plugins/imv_swima/imv_swima.c | 24 + src/libimcv/plugins/imv_swima/imv_swima_agent.c | 804 ++++++++++++++ src/libimcv/plugins/imv_swima/imv_swima_agent.h | 36 + src/libimcv/plugins/imv_swima/imv_swima_state.c | 483 +++++++++ src/libimcv/plugins/imv_swima/imv_swima_state.h | 153 +++ src/libimcv/plugins/imv_test/Makefile.in | 8 +- src/libimcv/pts/components/ita/ita_comp_ima.c | 9 +- src/libimcv/pts/pts_database.c | 27 +- src/libimcv/rest/rest.c | 167 +++ src/libimcv/rest/rest.h | 74 ++ src/libimcv/suites/test_imcv_swima.c | 1117 ++++++++++++++++++++ src/libimcv/swid/swid_inventory.c | 302 ++---- src/libimcv/swid/swid_inventory.h | 5 +- src/libimcv/swid_gen/swid_gen.c | 291 +++++ src/libimcv/swid_gen/swid_gen.h | 69 ++ src/libimcv/swid_gen/swid_gen_info.c | 174 +++ src/libimcv/swid_gen/swid_gen_info.h | 69 ++ src/libimcv/swima/swima_collector.c | 592 +++++++++++ src/libimcv/swima/swima_collector.h | 68 ++ src/libimcv/swima/swima_data_model.c | 28 + src/libimcv/swima/swima_data_model.h | 38 + src/libimcv/swima/swima_error.c | 77 ++ src/libimcv/swima/swima_error.h | 43 + src/libimcv/swima/swima_event.c | 124 +++ src/libimcv/swima/swima_event.h | 87 ++ src/libimcv/swima/swima_events.c | 155 +++ src/libimcv/swima/swima_events.h | 106 ++ src/libimcv/swima/swima_inventory.c | 140 +++ src/libimcv/swima/swima_inventory.h | 99 ++ src/libimcv/swima/swima_record.c | 174 +++ src/libimcv/swima/swima_record.h | 115 ++ src/libimcv/tcg/swid/tcg_swid_attr_req.c | 4 +- src/libimcv/tcg/swid/tcg_swid_attr_req.h | 6 +- src/libipsec/Makefile.in | 8 +- src/libipsec/tests/Makefile.in | 8 +- src/libpttls/Makefile.in | 8 +- src/libradius/Makefile.in | 8 +- src/libsimaka/Makefile.in | 8 +- src/libstrongswan/Android.mk | 4 +- src/libstrongswan/Makefile.in | 8 +- src/libstrongswan/credentials/auth_cfg.c | 2 +- src/libstrongswan/credentials/credential_manager.c | 2 + src/libstrongswan/crypto/crypto_tester.h | 2 +- src/libstrongswan/crypto/prf_plus.c | 4 +- src/libstrongswan/ipsec/ipsec_types.c | 15 +- src/libstrongswan/ipsec/ipsec_types.h | 4 +- src/libstrongswan/math/libnttfft/Makefile.in | 8 +- src/libstrongswan/math/libnttfft/tests/Makefile.in | 8 +- src/libstrongswan/plugins/acert/Makefile.in | 8 +- src/libstrongswan/plugins/aes/Makefile.in | 8 +- src/libstrongswan/plugins/aesni/Makefile.in | 8 +- src/libstrongswan/plugins/af_alg/Makefile.in | 8 +- src/libstrongswan/plugins/agent/Makefile.in | 8 +- src/libstrongswan/plugins/bliss/Makefile.am | 3 +- src/libstrongswan/plugins/bliss/Makefile.in | 11 +- src/libstrongswan/plugins/bliss/tests/Makefile.in | 8 +- src/libstrongswan/plugins/blowfish/Makefile.in | 8 +- src/libstrongswan/plugins/ccm/Makefile.in | 8 +- src/libstrongswan/plugins/chapoly/Makefile.in | 8 +- src/libstrongswan/plugins/cmac/Makefile.in | 8 +- src/libstrongswan/plugins/constraints/Makefile.in | 8 +- src/libstrongswan/plugins/ctr/Makefile.in | 8 +- src/libstrongswan/plugins/curl/Makefile.in | 8 +- src/libstrongswan/plugins/curl/curl_fetcher.c | 23 +- src/libstrongswan/plugins/curve25519/Makefile.in | 8 +- src/libstrongswan/plugins/des/Makefile.in | 8 +- src/libstrongswan/plugins/dnskey/Makefile.in | 8 +- src/libstrongswan/plugins/files/Makefile.in | 8 +- src/libstrongswan/plugins/fips_prf/Makefile.in | 8 +- src/libstrongswan/plugins/gcm/Makefile.in | 8 +- src/libstrongswan/plugins/gcrypt/Makefile.in | 8 +- src/libstrongswan/plugins/gmp/Makefile.in | 8 +- src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c | 12 +- src/libstrongswan/plugins/hmac/Makefile.in | 8 +- src/libstrongswan/plugins/keychain/Makefile.in | 8 +- src/libstrongswan/plugins/ldap/Makefile.in | 8 +- src/libstrongswan/plugins/md4/Makefile.in | 8 +- src/libstrongswan/plugins/md5/Makefile.in | 8 +- src/libstrongswan/plugins/mgf1/Makefile.in | 8 +- src/libstrongswan/plugins/mysql/Makefile.in | 8 +- src/libstrongswan/plugins/newhope/Makefile.am | 3 +- src/libstrongswan/plugins/newhope/Makefile.in | 11 +- .../plugins/newhope/tests/Makefile.in | 8 +- src/libstrongswan/plugins/nonce/Makefile.in | 8 +- src/libstrongswan/plugins/ntru/Makefile.am | 3 +- src/libstrongswan/plugins/ntru/Makefile.in | 11 +- src/libstrongswan/plugins/openssl/Makefile.in | 8 +- src/libstrongswan/plugins/openssl/openssl_x509.c | 14 +- src/libstrongswan/plugins/padlock/Makefile.in | 8 +- src/libstrongswan/plugins/pem/Makefile.in | 8 +- src/libstrongswan/plugins/pgp/Makefile.in | 8 +- src/libstrongswan/plugins/pkcs1/Makefile.in | 8 +- src/libstrongswan/plugins/pkcs11/Makefile.in | 8 +- src/libstrongswan/plugins/pkcs12/Makefile.in | 8 +- src/libstrongswan/plugins/pkcs7/Makefile.in | 8 +- src/libstrongswan/plugins/pkcs8/Makefile.in | 8 +- src/libstrongswan/plugins/pubkey/Makefile.in | 8 +- src/libstrongswan/plugins/random/Makefile.in | 8 +- src/libstrongswan/plugins/rc2/Makefile.in | 8 +- src/libstrongswan/plugins/rdrand/Makefile.in | 8 +- src/libstrongswan/plugins/revocation/Makefile.in | 8 +- src/libstrongswan/plugins/sha1/Makefile.in | 8 +- src/libstrongswan/plugins/sha2/Makefile.in | 8 +- src/libstrongswan/plugins/sha2/sha2_hasher.c | 82 +- src/libstrongswan/plugins/sha3/Makefile.in | 8 +- src/libstrongswan/plugins/soup/Makefile.in | 8 +- src/libstrongswan/plugins/sqlite/Makefile.in | 8 +- src/libstrongswan/plugins/sshkey/Makefile.in | 8 +- src/libstrongswan/plugins/test_vectors/Makefile.in | 8 +- src/libstrongswan/plugins/unbound/Makefile.in | 8 +- src/libstrongswan/plugins/winhttp/Makefile.in | 8 +- src/libstrongswan/plugins/x509/Makefile.in | 8 +- src/libstrongswan/plugins/x509/x509_ocsp_request.c | 3 +- src/libstrongswan/plugins/xcbc/Makefile.in | 8 +- src/libstrongswan/tests/Makefile.in | 8 +- src/libstrongswan/tests/suites/test_settings.c | 8 +- src/libstrongswan/tests/test_suite.c | 2 +- src/libstrongswan/tests/tests.h | 2 +- src/libstrongswan/utils/utils/memory.c | 2 +- src/libstrongswan/utils/utils/memory.h | 2 +- src/libtls/Makefile.in | 8 +- src/libtls/tests/Makefile.in | 8 +- src/libtls/tls.h | 2 +- src/libtls/tls_aead.h | 2 +- src/libtnccs/Android.mk | 2 +- src/libtnccs/Makefile.in | 8 +- src/libtnccs/plugins/tnc_imc/Makefile.in | 8 +- src/libtnccs/plugins/tnc_imv/Makefile.in | 8 +- src/libtnccs/plugins/tnc_tnccs/Makefile.in | 8 +- src/libtnccs/plugins/tnccs_11/Makefile.in | 8 +- src/libtnccs/plugins/tnccs_20/Makefile.in | 8 +- src/libtnccs/plugins/tnccs_dynamic/Makefile.in | 8 +- src/libtncif/Makefile.in | 8 +- src/libtncif/tncif_pa_subtypes.c | 10 +- src/libtncif/tncif_pa_subtypes.h | 3 +- src/libtpmtss/Makefile.in | 8 +- src/libtpmtss/plugins/tpm/Makefile.in | 8 +- src/libtpmtss/tpm_tss_tss2.c | 94 +- src/manager/Makefile.in | 8 +- src/medsrv/Makefile.in | 8 +- src/pki/Makefile.in | 8 +- src/pki/man/Makefile.in | 8 +- src/pki/man/pki---print.1.in | 6 +- src/pool/Makefile.in | 8 +- src/pt-tls-client/Makefile.am | 6 +- src/pt-tls-client/Makefile.in | 161 ++- src/pt-tls-client/pt-tls-client.1.in | 130 +++ src/pt-tls-client/pt-tls-client.c | 40 +- src/scepclient/Makefile.in | 8 +- src/starter/Makefile.in | 8 +- src/starter/tests/Makefile.in | 8 +- src/stroke/Makefile.in | 8 +- src/sw-collector/Makefile.am | 32 + src/sw-collector/Makefile.in | 894 ++++++++++++++++ src/sw-collector/sw-collector.8.in | 124 +++ src/sw-collector/sw-collector.c | 652 ++++++++++++ src/sw-collector/sw_collector_db.c | 427 ++++++++ src/sw-collector/sw_collector_db.h | 155 +++ src/sw-collector/sw_collector_dpkg.c | 152 +++ src/sw-collector/sw_collector_dpkg.h | 53 + src/sw-collector/sw_collector_history.c | 519 +++++++++ src/sw-collector/sw_collector_history.h | 91 ++ src/sw-collector/sw_collector_rest_api.c | 200 ++++ src/sw-collector/sw_collector_rest_api.h | 57 + src/sw-collector/sw_collector_tables.sql | 31 + src/swanctl/Makefile.am | 1 + src/swanctl/Makefile.in | 9 +- src/swanctl/command.c | 4 + src/swanctl/swanctl.conf | 6 + src/swanctl/swanctl.conf.5.main | 29 +- src/swanctl/swanctl.opt | 16 +- testing/Makefile.in | 8 +- testing/do-tests | 94 +- testing/hosts/alice/etc/strongswan.conf | 6 +- testing/hosts/bob/etc/strongswan.conf | 6 +- testing/hosts/carol/etc/strongswan.conf | 6 +- testing/hosts/dave/etc/strongswan.conf | 6 +- testing/hosts/default/usr/local/bin/init_collector | 4 + testing/hosts/moon/etc/strongswan.conf | 6 +- testing/hosts/sun/etc/strongswan.conf | 6 +- testing/hosts/venus/etc/strongswan.conf | 6 +- testing/scripts/build-guestimages | 2 +- testing/scripts/build-strongswan | 1 + testing/scripts/recipes/013_strongswan.mk | 2 + testing/testing.conf | 2 +- testing/tests/ikev2/net2net-rekey/description.txt | 10 + testing/tests/ikev2/net2net-rekey/evaltest.dat | 14 + .../ikev2/net2net-rekey/hosts/moon/etc/ipsec.conf | 24 + .../net2net-rekey/hosts/moon/etc/strongswan.conf | 7 + .../ikev2/net2net-rekey/hosts/sun/etc/ipsec.conf | 22 + .../net2net-rekey/hosts/sun/etc/strongswan.conf | 5 + testing/tests/ikev2/net2net-rekey/posttest.dat | 5 + testing/tests/ikev2/net2net-rekey/pretest.dat | 7 + testing/tests/ikev2/net2net-rekey/test.conf | 21 + .../rw-suite-b-192/hosts/dave/etc/ipsec.conf | 2 +- testing/tests/pfkey/net2net-rekey/description.txt | 10 + testing/tests/pfkey/net2net-rekey/evaltest.dat | 16 + .../pfkey/net2net-rekey/hosts/moon/etc/ipsec.conf | 24 + .../net2net-rekey/hosts/moon/etc/strongswan.conf | 7 + .../pfkey/net2net-rekey/hosts/sun/etc/ipsec.conf | 22 + .../net2net-rekey/hosts/sun/etc/strongswan.conf | 5 + testing/tests/pfkey/net2net-rekey/posttest.dat | 5 + testing/tests/pfkey/net2net-rekey/pretest.dat | 7 + testing/tests/pfkey/net2net-rekey/test.conf | 21 + testing/tests/tkm/xfrmproxy-expire/evaltest.dat | 12 +- .../hosts/moon/etc/strongswan.conf | 2 + .../xfrmproxy-expire/hosts/moon/etc/tkm/tkm.conf | 2 +- testing/tests/tkm/xfrmproxy-rekey/description.txt | 6 + testing/tests/tkm/xfrmproxy-rekey/evaltest.dat | 23 + .../xfrmproxy-rekey/hosts/moon/etc/strongswan.conf | 10 + .../xfrmproxy-rekey/hosts/moon/etc/tkm/moonKey.der | Bin 0 -> 1191 bytes .../hosts/moon/etc/tkm/strongswanCert.der | Bin 0 -> 956 bytes .../xfrmproxy-rekey/hosts/moon/etc/tkm/tkm.conf | 21 + .../tkm/xfrmproxy-rekey/hosts/sun/etc/ipsec.conf | 22 + .../xfrmproxy-rekey/hosts/sun/etc/strongswan.conf | 5 + testing/tests/tkm/xfrmproxy-rekey/posttest.dat | 5 + testing/tests/tkm/xfrmproxy-rekey/pretest.dat | 12 + testing/tests/tkm/xfrmproxy-rekey/test.conf | 21 + .../tests/tnc/tnccs-20-ev-pt-tls/description.txt | 9 + testing/tests/tnc/tnccs-20-ev-pt-tls/evaltest.dat | 24 + .../etc/apache2/sites-available/000-default.conf | 31 + .../alice/etc/apache2/sites-available/default | 1 + .../hosts/alice/etc/iptables.rules | 28 + .../hosts/alice/etc/pts/data1.sql | 61 ++ .../hosts/alice/etc/strongTNC/settings.ini | 19 + .../hosts/alice/etc/strongswan.conf | 49 + .../hosts/alice/etc/swanctl/rsa/aaaKey.pem | 27 + .../hosts/alice/etc/swanctl/swanctl.conf | 7 + .../hosts/alice/etc/swanctl/x509/aaaCert.pem | 25 + .../tnccs-20-ev-pt-tls/hosts/alice/etc/tnc_config | 4 + .../tnccs-20-ev-pt-tls/hosts/carol/etc/ipsec.sql | 4 + .../hosts/carol/etc/iptables.rules | 20 + .../tnccs-20-ev-pt-tls/hosts/carol/etc/pts/options | 6 + .../hosts/carol/etc/strongswan.conf | 25 + .../hosts/carol/etc/swanctl/swanctl.conf | 1 + .../tnccs-20-ev-pt-tls/hosts/carol/etc/tnc_config | 4 + .../tnccs-20-ev-pt-tls/hosts/dave/etc/ipsec.sql | 4 + .../hosts/dave/etc/iptables.rules | 20 + .../tnccs-20-ev-pt-tls/hosts/dave/etc/pts/options | 7 + .../hosts/dave/etc/strongswan.conf | 20 + .../hosts/dave/etc/swanctl/swanctl.conf | 1 + .../tnccs-20-ev-pt-tls/hosts/dave/etc/tnc_config | 4 + .../hosts/moon/etc/strongswan.conf | 3 + .../hosts/moon/etc/swanctl/swanctl.conf | 1 + testing/tests/tnc/tnccs-20-ev-pt-tls/posttest.dat | 10 + testing/tests/tnc/tnccs-20-ev-pt-tls/pretest.dat | 26 + testing/tests/tnc/tnccs-20-ev-pt-tls/test.conf | 29 + .../tests/tnc/tnccs-20-mutual-pt-tls/pretest.dat | 2 +- .../tests/tnc/tnccs-20-nea-pt-tls/description.txt | 9 + testing/tests/tnc/tnccs-20-nea-pt-tls/evaltest.dat | 25 + .../etc/apache2/sites-available/000-default.conf | 31 + .../alice/etc/apache2/sites-available/default | 1 + .../hosts/alice/etc/iptables.rules | 28 + .../hosts/alice/etc/pts/data1.sql | 61 ++ .../hosts/alice/etc/strongTNC/settings.ini | 19 + .../hosts/alice/etc/strongswan.conf | 49 + .../hosts/alice/etc/swanctl/rsa/aaaKey.pem | 27 + .../hosts/alice/etc/swanctl/swanctl.conf | 7 + .../hosts/alice/etc/swanctl/x509/aaaCert.pem | 25 + .../tnccs-20-nea-pt-tls/hosts/alice/etc/tnc_config | 4 + .../tnccs-20-nea-pt-tls/hosts/carol/etc/ipsec.sql | 4 + .../hosts/carol/etc/iptables.rules | 20 + .../hosts/carol/etc/pts/options | 6 + .../hosts/carol/etc/strongswan.conf | 18 + .../hosts/carol/etc/swanctl/swanctl.conf | 1 + .../tnccs-20-nea-pt-tls/hosts/carol/etc/tnc_config | 4 + .../tnccs-20-nea-pt-tls/hosts/dave/etc/ipsec.sql | 4 + .../hosts/dave/etc/iptables.rules | 20 + .../tnccs-20-nea-pt-tls/hosts/dave/etc/pts/options | 7 + .../hosts/dave/etc/strongswan.conf | 27 + .../hosts/dave/etc/swanctl/swanctl.conf | 1 + .../tnccs-20-nea-pt-tls/hosts/dave/etc/tnc_config | 4 + .../hosts/moon/etc/strongswan.conf | 3 + .../hosts/moon/etc/swanctl/swanctl.conf | 1 + testing/tests/tnc/tnccs-20-nea-pt-tls/posttest.dat | 10 + testing/tests/tnc/tnccs-20-nea-pt-tls/pretest.dat | 25 + testing/tests/tnc/tnccs-20-nea-pt-tls/test.conf | 29 + testing/tests/tnc/tnccs-20-pdp-pt-tls/evaltest.dat | 2 +- testing/tests/tnc/tnccs-20-pdp-pt-tls/pretest.dat | 4 +- 511 files changed, 20415 insertions(+), 2056 deletions(-) create mode 100644 conf/options/sw-collector.conf create mode 100644 conf/options/sw-collector.opt create mode 100644 conf/plugins/curl.conf create mode 100644 conf/plugins/curl.opt delete mode 100644 conf/plugins/eap-aka-3ggp2.conf delete mode 100644 conf/plugins/eap-aka-3ggp2.opt create mode 100644 conf/plugins/eap-aka-3gpp.conf create mode 100644 conf/plugins/eap-aka-3gpp.opt create mode 100644 conf/plugins/eap-aka-3gpp2.conf create mode 100644 conf/plugins/eap-aka-3gpp2.opt create mode 100644 conf/plugins/imc-swima.conf create mode 100644 conf/plugins/imc-swima.opt create mode 100644 conf/plugins/imv-swima.conf create mode 100644 conf/plugins/imv-swima.opt create mode 100644 src/libcharon/plugins/eap_aka_3gpp/Makefile.am create mode 100644 src/libcharon/plugins/eap_aka_3gpp/Makefile.in create mode 100644 src/libcharon/plugins/eap_aka_3gpp/eap_aka_3gpp_card.c create mode 100644 src/libcharon/plugins/eap_aka_3gpp/eap_aka_3gpp_card.h create mode 100644 src/libcharon/plugins/eap_aka_3gpp/eap_aka_3gpp_functions.c create mode 100644 src/libcharon/plugins/eap_aka_3gpp/eap_aka_3gpp_functions.h create mode 100644 src/libcharon/plugins/eap_aka_3gpp/eap_aka_3gpp_plugin.c create mode 100644 src/libcharon/plugins/eap_aka_3gpp/eap_aka_3gpp_plugin.h create mode 100644 src/libcharon/plugins/eap_aka_3gpp/eap_aka_3gpp_provider.c create mode 100644 src/libcharon/plugins/eap_aka_3gpp/eap_aka_3gpp_provider.h create mode 100644 src/libimcv/ietf/swima/ietf_swima_attr_req.c create mode 100644 src/libimcv/ietf/swima/ietf_swima_attr_req.h create mode 100644 src/libimcv/ietf/swima/ietf_swima_attr_sw_ev.c create mode 100644 src/libimcv/ietf/swima/ietf_swima_attr_sw_ev.h create mode 100644 src/libimcv/ietf/swima/ietf_swima_attr_sw_inv.c create mode 100644 src/libimcv/ietf/swima/ietf_swima_attr_sw_inv.h delete mode 100644 src/libimcv/plugins/imc_swid/regid.2004-03.org.strongswan_strongSwan.swidtag.in create mode 100644 src/libimcv/plugins/imc_swid/strongswan.org__strongSwan-5-6-0.swidtag create mode 100644 src/libimcv/plugins/imc_swid/strongswan.org__strongSwan.swidtag.in create mode 100644 src/libimcv/plugins/imc_swima/Makefile.am create mode 100644 src/libimcv/plugins/imc_swima/Makefile.in create mode 100644 src/libimcv/plugins/imc_swima/imc_swima.c create mode 100644 src/libimcv/plugins/imc_swima/imc_swima_state.c create mode 100644 src/libimcv/plugins/imc_swima/imc_swima_state.h create mode 100644 src/libimcv/plugins/imc_swima/strongswan.org__strongSwan-5-6-0.swidtag create mode 100644 src/libimcv/plugins/imc_swima/strongswan.org__strongSwan.swidtag.in delete mode 100644 src/libimcv/plugins/imv_swid/imv_swid_rest.c delete mode 100644 src/libimcv/plugins/imv_swid/imv_swid_rest.h create mode 100644 src/libimcv/plugins/imv_swima/Makefile.am create mode 100644 src/libimcv/plugins/imv_swima/Makefile.in create mode 100644 src/libimcv/plugins/imv_swima/imv_swima.c create mode 100644 src/libimcv/plugins/imv_swima/imv_swima_agent.c create mode 100644 src/libimcv/plugins/imv_swima/imv_swima_agent.h create mode 100644 src/libimcv/plugins/imv_swima/imv_swima_state.c create mode 100644 src/libimcv/plugins/imv_swima/imv_swima_state.h create mode 100644 src/libimcv/rest/rest.c create mode 100644 src/libimcv/rest/rest.h create mode 100644 src/libimcv/suites/test_imcv_swima.c create mode 100644 src/libimcv/swid_gen/swid_gen.c create mode 100644 src/libimcv/swid_gen/swid_gen.h create mode 100644 src/libimcv/swid_gen/swid_gen_info.c create mode 100644 src/libimcv/swid_gen/swid_gen_info.h create mode 100644 src/libimcv/swima/swima_collector.c create mode 100644 src/libimcv/swima/swima_collector.h create mode 100644 src/libimcv/swima/swima_data_model.c create mode 100644 src/libimcv/swima/swima_data_model.h create mode 100644 src/libimcv/swima/swima_error.c create mode 100644 src/libimcv/swima/swima_error.h create mode 100644 src/libimcv/swima/swima_event.c create mode 100644 src/libimcv/swima/swima_event.h create mode 100644 src/libimcv/swima/swima_events.c create mode 100644 src/libimcv/swima/swima_events.h create mode 100644 src/libimcv/swima/swima_inventory.c create mode 100644 src/libimcv/swima/swima_inventory.h create mode 100644 src/libimcv/swima/swima_record.c create mode 100644 src/libimcv/swima/swima_record.h create mode 100644 src/pt-tls-client/pt-tls-client.1.in create mode 100644 src/sw-collector/Makefile.am create mode 100644 src/sw-collector/Makefile.in create mode 100644 src/sw-collector/sw-collector.8.in create mode 100644 src/sw-collector/sw-collector.c create mode 100644 src/sw-collector/sw_collector_db.c create mode 100644 src/sw-collector/sw_collector_db.h create mode 100644 src/sw-collector/sw_collector_dpkg.c create mode 100644 src/sw-collector/sw_collector_dpkg.h create mode 100644 src/sw-collector/sw_collector_history.c create mode 100644 src/sw-collector/sw_collector_history.h create mode 100644 src/sw-collector/sw_collector_rest_api.c create mode 100644 src/sw-collector/sw_collector_rest_api.h create mode 100644 src/sw-collector/sw_collector_tables.sql create mode 100755 testing/hosts/default/usr/local/bin/init_collector create mode 100644 testing/tests/ikev2/net2net-rekey/description.txt create mode 100644 testing/tests/ikev2/net2net-rekey/evaltest.dat create mode 100644 testing/tests/ikev2/net2net-rekey/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/ikev2/net2net-rekey/hosts/moon/etc/strongswan.conf create mode 100644 testing/tests/ikev2/net2net-rekey/hosts/sun/etc/ipsec.conf create mode 100644 testing/tests/ikev2/net2net-rekey/hosts/sun/etc/strongswan.conf create mode 100644 testing/tests/ikev2/net2net-rekey/posttest.dat create mode 100644 testing/tests/ikev2/net2net-rekey/pretest.dat create mode 100644 testing/tests/ikev2/net2net-rekey/test.conf create mode 100644 testing/tests/pfkey/net2net-rekey/description.txt create mode 100644 testing/tests/pfkey/net2net-rekey/evaltest.dat create mode 100644 testing/tests/pfkey/net2net-rekey/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/pfkey/net2net-rekey/hosts/moon/etc/strongswan.conf create mode 100644 testing/tests/pfkey/net2net-rekey/hosts/sun/etc/ipsec.conf create mode 100644 testing/tests/pfkey/net2net-rekey/hosts/sun/etc/strongswan.conf create mode 100644 testing/tests/pfkey/net2net-rekey/posttest.dat create mode 100644 testing/tests/pfkey/net2net-rekey/pretest.dat create mode 100644 testing/tests/pfkey/net2net-rekey/test.conf create mode 100644 testing/tests/tkm/xfrmproxy-rekey/description.txt create mode 100644 testing/tests/tkm/xfrmproxy-rekey/evaltest.dat create mode 100644 testing/tests/tkm/xfrmproxy-rekey/hosts/moon/etc/strongswan.conf create mode 100644 testing/tests/tkm/xfrmproxy-rekey/hosts/moon/etc/tkm/moonKey.der create mode 100644 testing/tests/tkm/xfrmproxy-rekey/hosts/moon/etc/tkm/strongswanCert.der create mode 100644 testing/tests/tkm/xfrmproxy-rekey/hosts/moon/etc/tkm/tkm.conf create mode 100644 testing/tests/tkm/xfrmproxy-rekey/hosts/sun/etc/ipsec.conf create mode 100644 testing/tests/tkm/xfrmproxy-rekey/hosts/sun/etc/strongswan.conf create mode 100644 testing/tests/tkm/xfrmproxy-rekey/posttest.dat create mode 100644 testing/tests/tkm/xfrmproxy-rekey/pretest.dat create mode 100644 testing/tests/tkm/xfrmproxy-rekey/test.conf create mode 100644 testing/tests/tnc/tnccs-20-ev-pt-tls/description.txt create mode 100644 testing/tests/tnc/tnccs-20-ev-pt-tls/evaltest.dat create mode 100644 testing/tests/tnc/tnccs-20-ev-pt-tls/hosts/alice/etc/apache2/sites-available/000-default.conf create mode 100644 testing/tests/tnc/tnccs-20-ev-pt-tls/hosts/alice/etc/apache2/sites-available/default create mode 100644 testing/tests/tnc/tnccs-20-ev-pt-tls/hosts/alice/etc/iptables.rules create mode 100644 testing/tests/tnc/tnccs-20-ev-pt-tls/hosts/alice/etc/pts/data1.sql create mode 100644 testing/tests/tnc/tnccs-20-ev-pt-tls/hosts/alice/etc/strongTNC/settings.ini create mode 100644 testing/tests/tnc/tnccs-20-ev-pt-tls/hosts/alice/etc/strongswan.conf create mode 100644 testing/tests/tnc/tnccs-20-ev-pt-tls/hosts/alice/etc/swanctl/rsa/aaaKey.pem create mode 100644 testing/tests/tnc/tnccs-20-ev-pt-tls/hosts/alice/etc/swanctl/swanctl.conf create mode 100644 testing/tests/tnc/tnccs-20-ev-pt-tls/hosts/alice/etc/swanctl/x509/aaaCert.pem create mode 100644 testing/tests/tnc/tnccs-20-ev-pt-tls/hosts/alice/etc/tnc_config create mode 100644 testing/tests/tnc/tnccs-20-ev-pt-tls/hosts/carol/etc/ipsec.sql create mode 100644 testing/tests/tnc/tnccs-20-ev-pt-tls/hosts/carol/etc/iptables.rules create mode 100644 testing/tests/tnc/tnccs-20-ev-pt-tls/hosts/carol/etc/pts/options create mode 100644 testing/tests/tnc/tnccs-20-ev-pt-tls/hosts/carol/etc/strongswan.conf create mode 100644 testing/tests/tnc/tnccs-20-ev-pt-tls/hosts/carol/etc/swanctl/swanctl.conf create mode 100644 testing/tests/tnc/tnccs-20-ev-pt-tls/hosts/carol/etc/tnc_config create mode 100644 testing/tests/tnc/tnccs-20-ev-pt-tls/hosts/dave/etc/ipsec.sql create mode 100644 testing/tests/tnc/tnccs-20-ev-pt-tls/hosts/dave/etc/iptables.rules create mode 100644 testing/tests/tnc/tnccs-20-ev-pt-tls/hosts/dave/etc/pts/options create mode 100644 testing/tests/tnc/tnccs-20-ev-pt-tls/hosts/dave/etc/strongswan.conf create mode 100644 testing/tests/tnc/tnccs-20-ev-pt-tls/hosts/dave/etc/swanctl/swanctl.conf create mode 100644 testing/tests/tnc/tnccs-20-ev-pt-tls/hosts/dave/etc/tnc_config create mode 100644 testing/tests/tnc/tnccs-20-ev-pt-tls/hosts/moon/etc/strongswan.conf create mode 100644 testing/tests/tnc/tnccs-20-ev-pt-tls/hosts/moon/etc/swanctl/swanctl.conf create mode 100644 testing/tests/tnc/tnccs-20-ev-pt-tls/posttest.dat create mode 100644 testing/tests/tnc/tnccs-20-ev-pt-tls/pretest.dat create mode 100644 testing/tests/tnc/tnccs-20-ev-pt-tls/test.conf create mode 100644 testing/tests/tnc/tnccs-20-nea-pt-tls/description.txt create mode 100644 testing/tests/tnc/tnccs-20-nea-pt-tls/evaltest.dat create mode 100644 testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/alice/etc/apache2/sites-available/000-default.conf create mode 100644 testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/alice/etc/apache2/sites-available/default create mode 100644 testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/alice/etc/iptables.rules create mode 100644 testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/alice/etc/pts/data1.sql create mode 100644 testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/alice/etc/strongTNC/settings.ini create mode 100644 testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/alice/etc/strongswan.conf create mode 100644 testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/alice/etc/swanctl/rsa/aaaKey.pem create mode 100644 testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/alice/etc/swanctl/swanctl.conf create mode 100644 testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/alice/etc/swanctl/x509/aaaCert.pem create mode 100644 testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/alice/etc/tnc_config create mode 100644 testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/carol/etc/ipsec.sql create mode 100644 testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/carol/etc/iptables.rules create mode 100644 testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/carol/etc/pts/options create mode 100644 testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/carol/etc/strongswan.conf create mode 100644 testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/carol/etc/swanctl/swanctl.conf create mode 100644 testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/carol/etc/tnc_config create mode 100644 testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/dave/etc/ipsec.sql create mode 100644 testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/dave/etc/iptables.rules create mode 100644 testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/dave/etc/pts/options create mode 100644 testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/dave/etc/strongswan.conf create mode 100644 testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/dave/etc/swanctl/swanctl.conf create mode 100644 testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/dave/etc/tnc_config create mode 100644 testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/moon/etc/strongswan.conf create mode 100644 testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/moon/etc/swanctl/swanctl.conf create mode 100644 testing/tests/tnc/tnccs-20-nea-pt-tls/posttest.dat create mode 100644 testing/tests/tnc/tnccs-20-nea-pt-tls/pretest.dat create mode 100644 testing/tests/tnc/tnccs-20-nea-pt-tls/test.conf (limited to 'src') diff --git a/Android.common.mk b/Android.common.mk index 130212326..1243e26f7 100644 --- a/Android.common.mk +++ b/Android.common.mk @@ -26,5 +26,5 @@ add_plugin_subdirs = $(if $(call plugin_enabled,$(1)), \ ) # strongSwan version, replaced by top Makefile -strongswan_VERSION := "5.5.3" +strongswan_VERSION := "5.6.0" diff --git a/Makefile.in b/Makefile.in index 07528a723..b08cb7bef 100644 --- a/Makefile.in +++ b/Makefile.in @@ -342,8 +342,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -444,6 +442,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -472,6 +472,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/NEWS b/NEWS index 98aefe7ce..8e82607b3 100644 --- a/NEWS +++ b/NEWS @@ -1,3 +1,45 @@ +strongswan-5.6.0 +---------------- + +- Fixed a DoS vulnerability in the gmp plugin that was caused by insufficient + input validation when verifying RSA signatures, which requires decryption + with the operation m^e mod n, where m is the signature, and e and n are the + exponent and modulus of the public key. The value m is an integer between + 0 and n-1, however, the gmp plugin did not verify this. So if m equals n the + calculation results in 0, in which case mpz_export() returns NULL. This + result wasn't handled properly causing a null-pointer dereference. + This vulnerability has been registered as CVE-2017-11185. + +- New SWIMA IMC/IMV pair implements the "draft-ietf-sacm-nea-swima-patnc" + Internet Draft and has been demonstrated at the IETF 99 Prague Hackathon. + +- The IMV database template has been adapted to achieve full compliance + with the ISO 19770-2:2015 SWID tag standard. + +- The sw-collector tool extracts software events from apt history logs + and stores them in an SQLite database to be used by the SWIMA IMC. + The tool can also generate SWID tags both for installed and removed + package versions. + +- The pt-tls-client can attach and use TPM 2.0 protected private keys + via the --keyid parameter. + +- libtpmtss supports Intel's TSS2 Architecture Broker and Resource + Manager interface (tcti-tabrmd). + +- The new eap-aka-3gpp plugin implements the 3GPP MILENAGE algorithms + in software. K (optionally concatenated with OPc) may be configured as + binary EAP secret. + +- CHILD_SA rekeying was fixed in charon-tkm and was slightly changed: The + switch to the new outbound IPsec SA now happens via SPI on the outbound + policy on Linux, and in case of lost rekey collisions no outbound SA/policy + is temporarily installed for the redundant CHILD_SA. + +- The new %unique-dir value for mark* settings allocates separate unique marks + for each CHILD_SA direction (in/out). + + strongswan-5.5.3 ---------------- @@ -894,7 +936,7 @@ strongswan-5.0.0 keying protocols. The feature-set of IKEv1 in charon is almost on par with pluto, but currently does not support AH or bundled AH+ESP SAs. Beside RSA/ECDSA, PSK and XAuth, charon also supports the Hybrid authentication - mode. Informations for interoperability and migration is available at + mode. Information for interoperability and migration is available at http://wiki.strongswan.org/projects/strongswan/wiki/CharonPlutoIKEv1. - Charon's bus_t has been refactored so that loggers and other listeners are diff --git a/conf/Makefile.am b/conf/Makefile.am index eb5c9c2eb..87319db22 100644 --- a/conf/Makefile.am +++ b/conf/Makefile.am @@ -24,7 +24,8 @@ options = \ options/scepclient.opt \ options/starter.opt \ options/swanctl.opt \ - options/tnc.opt + options/tnc.opt \ + options/sw-collector.opt plugins = \ plugins/addrblock.opt \ @@ -35,11 +36,13 @@ plugins = \ plugins/bypass-lan.opt \ plugins/certexpire.opt \ plugins/coupling.opt \ + plugins/curl.opt \ plugins/dhcp.opt \ plugins/dnscert.opt \ plugins/duplicheck.opt \ plugins/eap-aka.opt \ - plugins/eap-aka-3ggp2.opt \ + plugins/eap-aka-3gpp.opt \ + plugins/eap-aka-3gpp2.opt \ plugins/eap-dynamic.opt \ plugins/eap-gtc.opt \ plugins/eap-peap.opt \ @@ -59,11 +62,13 @@ plugins = \ plugins/imc-os.opt \ plugins/imc-scanner.opt \ plugins/imc-swid.opt \ + plugins/imc-swima.opt \ plugins/imc-test.opt \ plugins/imv-attestation.opt \ plugins/imv-os.opt \ plugins/imv-scanner.opt \ plugins/imv-swid.opt \ + plugins/imv-swima.opt \ plugins/imv-test.opt \ plugins/ipseckey.opt \ plugins/led.opt \ diff --git a/conf/Makefile.in b/conf/Makefile.in index 9a85514ed..b403c727d 100644 --- a/conf/Makefile.in +++ b/conf/Makefile.in @@ -265,8 +265,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -367,6 +365,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -395,6 +395,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ @@ -424,7 +428,8 @@ options = \ options/scepclient.opt \ options/starter.opt \ options/swanctl.opt \ - options/tnc.opt + options/tnc.opt \ + options/sw-collector.opt plugins = \ plugins/addrblock.opt \ @@ -435,11 +440,13 @@ plugins = \ plugins/bypass-lan.opt \ plugins/certexpire.opt \ plugins/coupling.opt \ + plugins/curl.opt \ plugins/dhcp.opt \ plugins/dnscert.opt \ plugins/duplicheck.opt \ plugins/eap-aka.opt \ - plugins/eap-aka-3ggp2.opt \ + plugins/eap-aka-3gpp.opt \ + plugins/eap-aka-3gpp2.opt \ plugins/eap-dynamic.opt \ plugins/eap-gtc.opt \ plugins/eap-peap.opt \ @@ -459,11 +466,13 @@ plugins = \ plugins/imc-os.opt \ plugins/imc-scanner.opt \ plugins/imc-swid.opt \ + plugins/imc-swima.opt \ plugins/imc-test.opt \ plugins/imv-attestation.opt \ plugins/imv-os.opt \ plugins/imv-scanner.opt \ plugins/imv-swid.opt \ + plugins/imv-swima.opt \ plugins/imv-test.opt \ plugins/ipseckey.opt \ plugins/led.opt \ diff --git a/conf/format-options.py b/conf/format-options.py index 307394399..592bf6706 100755 --- a/conf/format-options.py +++ b/conf/format-options.py @@ -1,7 +1,7 @@ #!/usr/bin/env python # -# Copyright (C) 2014-2015 Tobias Brunner -# Hochschule fuer Technik Rapperswil +# Copyright (C) 2014-2017 Tobias Brunner +# HSR Hochschule fuer Technik Rapperswil # # This program is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by the @@ -49,6 +49,12 @@ full.section.name {[#]} If a # is added between the curly braces the section header will be commented out in the configuration file snippet, which is useful for example sections. +To add include statements to generated config files (ignored when generating +man pages) the following format can be used: + +full.section.name.include files/to/include + Description of this include statement + Dots in section/option names may be escaped with a backslash. For instance, with the following section description @@ -62,17 +68,18 @@ import sys import re from textwrap import TextWrapper from optparse import OptionParser -from operator import attrgetter +from functools import cmp_to_key class ConfigOption: """Representing a configuration option or described section in strongswan.conf""" - def __init__(self, path, default = None, section = False, commented = False): + def __init__(self, path, default = None, section = False, commented = False, include = False): self.path = path self.name = path[-1] self.fullname = '.'.join(path) self.default = default self.section = section self.commented = commented + self.include = include self.desc = [] self.options = [] @@ -99,6 +106,13 @@ class ConfigOption: self.commented = other.commented self.desc = other.desc + @staticmethod + def cmp(a, b): + # order options before sections and includes last + if a.include or b.include: + return a.include - b.include + return a.section - b.section + class Parser: """Parses one or more files of configuration options""" def __init__(self, sort = True): @@ -135,6 +149,14 @@ class Parser: self.__current = ConfigOption(path, section = True, commented = m.group('comment')) return + # include definition + m = re.match(r'^(?P\S+\.include|include)\s+(?P\S+)\s*$', line) + if m: + if self.__current: + self.__add_option(self.__current) + path = self.__split_name(m.group('name')) + self.__current = ConfigOption(path, m.group('pattern'), include = True) + return # paragraph separator m = re.match(r'^\s*$', line) if m and self.__current: @@ -195,7 +217,7 @@ class TagReplacer: return re.compile(r''' (^|\s|(?P[(\[])) # prefix with optional opening bracket (?P''' + tag + r''') # start tag - (?P\w|\S.*?\S) # text + (?P\S|\S.*?\S) # text ''' + tag + r''' # end tag (?P([.,!:)\]]|\(\d+\))*) # punctuation (?=$|\s) # suffix (don't consume it so that subsequent tags can match) @@ -248,7 +270,9 @@ class ConfFormatter: """Print a single option with description and default value""" comment = "# " if commented or opt.commented else "" self.__print_description(opt, indent) - if opt.default: + if opt.include: + print('{0}{1} {2}'.format(self.__indent * indent, opt.name, opt.default)) + elif opt.default: print('{0}{1}{2} = {3}'.format(self.__indent * indent, comment, opt.name, opt.default)) else: print('{0}{1}{2} ='.format(self.__indent * indent, comment, opt.name)) @@ -261,7 +285,7 @@ class ConfFormatter: self.__print_description(section, indent) print('{0}{1}{2} {{'.format(self.__indent * indent, comment, section.name)) print('') - for o in sorted(section.options, key=attrgetter('section')): + for o in sorted(section.options, key=cmp_to_key(ConfigOption.cmp)): if o.section: self.__print_section(o, indent + 1, commented) else: @@ -273,7 +297,7 @@ class ConfFormatter: """Print a list of options""" if not options: return - for option in sorted(options, key=attrgetter('section')): + for option in sorted(options, key=cmp_to_key(ConfigOption.cmp)): if option.section: self.__print_section(option, 0, False) else: @@ -297,6 +321,8 @@ class ManFormatter: """Print a single option""" if option.section and not len(option.desc): return + if option.include: + return if option.section: print('.TP\n.B {0}\n.br'.format(option.fullname)) else: diff --git a/conf/options/charon.conf b/conf/options/charon.conf index 7ccb74939..f0d084bed 100644 --- a/conf/options/charon.conf +++ b/conf/options/charon.conf @@ -168,7 +168,7 @@ charon { # will be allocated. # port_nat_t = 4500 - # Wether to prefer updating SAs to the path with the best route. + # Whether to prefer updating SAs to the path with the best route. # prefer_best_path = no # Prefer locally configured proposals for IKE/IPsec over supplied ones as diff --git a/conf/options/charon.opt b/conf/options/charon.opt index 3593c6a5f..900b9b46b 100644 --- a/conf/options/charon.opt +++ b/conf/options/charon.opt @@ -271,7 +271,7 @@ charon.port_nat_t = 4500 port will be allocated. charon.prefer_best_path = no - Wether to prefer updating SAs to the path with the best route. + Whether to prefer updating SAs to the path with the best route. By default, charon keeps SAs on the routing path with addresses it previously used if that path is still usable. By setting this option to diff --git a/conf/options/imcv.conf b/conf/options/imcv.conf index bc1f183fc..ede2d9db4 100644 --- a/conf/options/imcv.conf +++ b/conf/options/imcv.conf @@ -42,5 +42,22 @@ libimcv { # Disable output to stderr with a stand-alone libimcv library. # stderr_quiet = no + swid_gen { + + # SWID generator command to be executed. + # command = /usr/local/bin/swid_generator + + tag_creator { + + # Name of the tagCreator entity. + # name = strongSwan Project + + # regid of the tagCreator entity. + # regid = strongswan.org + + } + + } + } diff --git a/conf/options/imcv.opt b/conf/options/imcv.opt index 33ab74bd5..177781ff7 100644 --- a/conf/options/imcv.opt +++ b/conf/options/imcv.opt @@ -21,6 +21,15 @@ charon.imcv.os_info.default_password_enabled = no charon.imcv.policy_script = ipsec _imv_policy Script called for each TNC connection to generate IMV policies. +libimcv.swid_gen.command = /usr/local/bin/swid_generator + SWID generator command to be executed. + +libimcv.swid_gen.tag_creator.name = strongSwan Project + Name of the tagCreator entity. + +libimcv.swid_gen.tag_creator.regid = strongswan.org + regid of the tagCreator entity. + libimcv.debug_level = 1 Debug level for a stand-alone _libimcv_ library. diff --git a/conf/options/sw-collector.conf b/conf/options/sw-collector.conf new file mode 100644 index 000000000..6f588b41a --- /dev/null +++ b/conf/options/sw-collector.conf @@ -0,0 +1,31 @@ +# Options for the sw-collector tool. +sw-collector { + + # URI to software collector database containing event timestamps, software + # creation and deletion events and collected software identifiers. + # database = + + # Path pointing to file created when the Linux OS was installed. + # first_file = /var/log/bootstrap.log + + # Time in UTC when the Linux OS was installed. + # first_time = 0000-00-00T00:00:00Z + + # Path pointing to apt history.log file. + # history = + + # Plugins to load in sw-collector tool. + # load = + + rest_api { + + # Timeout of REST API HTTP POST transaction. + # timeout = 120 + + # HTTP URI of the central collector's REST API. + # uri = + + } + +} + diff --git a/conf/options/sw-collector.opt b/conf/options/sw-collector.opt new file mode 100644 index 000000000..976f4f497 --- /dev/null +++ b/conf/options/sw-collector.opt @@ -0,0 +1,31 @@ +sw-collector {} + Options for the sw-collector tool. + + Options for the sw-collector tool. + +sw-collector.database = + URI to software collector database containing event timestamps, software + creation and deletion events and collected software identifiers. + + URI to software collector database containing event timestamps, software + creation and deletion events and collected software identifiers. + If it contains a password, make sure to adjust the permissions of the config + file accordingly. + +sw-collector.first_file = /var/log/bootstrap.log + Path pointing to file created when the Linux OS was installed. + +sw-collector.first_time = 0000-00-00T00:00:00Z + Time in UTC when the Linux OS was installed. + +sw-collector.history = + Path pointing to apt history.log file. + +sw-collector.rest_api.uri = + HTTP URI of the central collector's REST API. + +sw-collector.rest_api.timeout = 120 + Timeout of REST API HTTP POST transaction. + +sw-collector.load = + Plugins to load in sw-collector tool. diff --git a/conf/options/swanctl.conf b/conf/options/swanctl.conf index cb182396b..18cea486a 100644 --- a/conf/options/swanctl.conf +++ b/conf/options/swanctl.conf @@ -3,5 +3,8 @@ swanctl { # Plugins to load in swanctl. # load = + # VICI socket to connect to by default. + # socket = unix://${piddir}/charon.vici + } diff --git a/conf/options/swanctl.opt b/conf/options/swanctl.opt index f78b4bccc..f2a8a0ff7 100644 --- a/conf/options/swanctl.opt +++ b/conf/options/swanctl.opt @@ -1,2 +1,5 @@ swanctl.load = - Plugins to load in swanctl. \ No newline at end of file + Plugins to load in swanctl. + +swanctl.socket = unix://${piddir}/charon.vici + VICI socket to connect to by default. diff --git a/conf/plugins/curl.conf b/conf/plugins/curl.conf new file mode 100644 index 000000000..9ba042097 --- /dev/null +++ b/conf/plugins/curl.conf @@ -0,0 +1,12 @@ +curl { + + # Whether to load the plugin. Can also be an integer to increase the + # priority of this plugin. + load = yes + + # Maximum number of redirects followed by the plugin, set to 0 to disable + # following redirects, set to -1 for no limit. + # redir = -1 + +} + diff --git a/conf/plugins/curl.opt b/conf/plugins/curl.opt new file mode 100644 index 000000000..90efa12f4 --- /dev/null +++ b/conf/plugins/curl.opt @@ -0,0 +1,3 @@ +charon.plugins.curl.redir = -1 + Maximum number of redirects followed by the plugin, set to 0 to disable + following redirects, set to -1 for no limit. diff --git a/conf/plugins/eap-aka-3ggp2.conf b/conf/plugins/eap-aka-3ggp2.conf deleted file mode 100644 index c52c99609..000000000 --- a/conf/plugins/eap-aka-3ggp2.conf +++ /dev/null @@ -1,10 +0,0 @@ -eap-aka-3ggp2 { - - # Whether to load the plugin. Can also be an integer to increase the - # priority of this plugin. - load = yes - - # seq_check = - -} - diff --git a/conf/plugins/eap-aka-3ggp2.opt b/conf/plugins/eap-aka-3ggp2.opt deleted file mode 100644 index 9e2a42b3f..000000000 --- a/conf/plugins/eap-aka-3ggp2.opt +++ /dev/null @@ -1 +0,0 @@ -charon.plugins.eap-aka-3ggp2.seq_check = diff --git a/conf/plugins/eap-aka-3gpp.conf b/conf/plugins/eap-aka-3gpp.conf new file mode 100644 index 000000000..4164535c4 --- /dev/null +++ b/conf/plugins/eap-aka-3gpp.conf @@ -0,0 +1,12 @@ +eap-aka-3gpp { + + # Whether to load the plugin. Can also be an integer to increase the + # priority of this plugin. + load = yes + + # Enable to activate sequence check of the AKA SQN values in order to + # trigger resync cycles. + # seq_check = + +} + diff --git a/conf/plugins/eap-aka-3gpp.opt b/conf/plugins/eap-aka-3gpp.opt new file mode 100644 index 000000000..1bc733ab1 --- /dev/null +++ b/conf/plugins/eap-aka-3gpp.opt @@ -0,0 +1,3 @@ +charon.plugins.eap-aka-3gpp.seq_check = + Enable to activate sequence check of the AKA SQN values in order to trigger + resync cycles. diff --git a/conf/plugins/eap-aka-3gpp2.conf b/conf/plugins/eap-aka-3gpp2.conf new file mode 100644 index 000000000..3f329aec5 --- /dev/null +++ b/conf/plugins/eap-aka-3gpp2.conf @@ -0,0 +1,12 @@ +eap-aka-3gpp2 { + + # Whether to load the plugin. Can also be an integer to increase the + # priority of this plugin. + load = yes + + # Enable to activate sequence check of the AKA SQN values in order to + # trigger resync cycles. + # seq_check = + +} + diff --git a/conf/plugins/eap-aka-3gpp2.opt b/conf/plugins/eap-aka-3gpp2.opt new file mode 100644 index 000000000..679c386b8 --- /dev/null +++ b/conf/plugins/eap-aka-3gpp2.opt @@ -0,0 +1,4 @@ +charon.plugins.eap-aka-3gpp2.seq_check = + Enable to activate sequence check of the AKA SQN values in order to trigger + resync cycles. + diff --git a/conf/plugins/imc-swid.opt b/conf/plugins/imc-swid.opt index 74490c179..e622aa683 100644 --- a/conf/plugins/imc-swid.opt +++ b/conf/plugins/imc-swid.opt @@ -1,11 +1,8 @@ libimcv.plugins.imc-swid.swid_directory = ${prefix}/share Directory where SWID tags are located. -libimcv.plugins.imc-swid.swid_generator = /usr/local/bin/swid_generator - SWID generator command to be executed. - -libimcv.plugins.imc-swid.swid_pretty = FALSE +libimcv.plugins.imc-swid.swid_pretty = no Generate XML-encoded SWID tags with pretty indentation. -libimcv.plugins.imc-swid.swid_full = FALSE +libimcv.plugins.imc-swid.swid_full = no Include file information in the XML-encoded SWID tags. diff --git a/conf/plugins/imc-swima.conf b/conf/plugins/imc-swima.conf new file mode 100644 index 000000000..0d1e88a5d --- /dev/null +++ b/conf/plugins/imc-swima.conf @@ -0,0 +1,8 @@ +imc-swima { + + # Whether to load the plugin. Can also be an integer to increase the + # priority of this plugin. + load = yes + +} + diff --git a/conf/plugins/imc-swima.opt b/conf/plugins/imc-swima.opt new file mode 100644 index 000000000..099a3c80f --- /dev/null +++ b/conf/plugins/imc-swima.opt @@ -0,0 +1,21 @@ +libimcv.plugins.imc-swima.eid_epoch = 0x11223344 + Set 32 bit epoch value for event IDs manually if software collector database + is not available. + +libimcv.plugins.imc-swima.swid_database = + URI to software collector database containing event timestamps, software + creation and deletion events and collected software identifiers. + + URI to software collector database containing event timestamps, software + creation and deletion events and collected software identifiers. + If it contains a password, make sure to adjust the permissions of the config + file accordingly. + +libimcv.plugins.imc-swima.swid_directory = ${prefix}/share + Directory where SWID tags are located. + +libimcv.plugins.imc-swima.swid_pretty = no + Generate XML-encoded SWID tags with pretty indentation. + +libimcv.plugins.imc-swima.swid_full = no + Include file information in the XML-encoded SWID tags. diff --git a/conf/plugins/imv-swima.conf b/conf/plugins/imv-swima.conf new file mode 100644 index 000000000..cde4e1a88 --- /dev/null +++ b/conf/plugins/imv-swima.conf @@ -0,0 +1,8 @@ +imv-swima { + + # Whether to load the plugin. Can also be an integer to increase the + # priority of this plugin. + load = yes + +} + diff --git a/conf/plugins/imv-swima.opt b/conf/plugins/imv-swima.opt new file mode 100644 index 000000000..a9ba96c21 --- /dev/null +++ b/conf/plugins/imv-swima.opt @@ -0,0 +1,5 @@ +libimcv.plugins.imv-swima.rest_api.uri = + HTTP URI of the SWID REST API. + +libimcv.plugins.imv-swima.rest_api.timeout = 120 + Timeout of SWID REST API HTTP POST transaction. diff --git a/conf/strongswan.conf.5.main b/conf/strongswan.conf.5.main index 4df7ce42d..4f38c9b03 100644 --- a/conf/strongswan.conf.5.main +++ b/conf/strongswan.conf.5.main @@ -518,6 +518,11 @@ Hashing algorithm to fingerprint coupled certificates. .BR charon.plugins.coupling.max " [1]" Maximum number of coupling entries to create. +.TP +.BR charon.plugins.curl.redir " [-1]" +Maximum number of redirects followed by the plugin, set to 0 to disable +following redirects, set to \-1 for no limit. + .TP .BR charon.plugins.dhcp.force_server_address " [no]" Always use the configured server address. This might be helpful if the DHCP @@ -556,7 +561,15 @@ Socket provided by the duplicheck plugin. .TP .BR charon.plugins.eap-aka.request_identity " [yes]" .TP -.BR charon.plugins.eap-aka-3ggp2.seq_check " []" +.BR charon.plugins.eap-aka-3gpp.seq_check " []" +Enable to activate sequence check of the AKA SQN values in order to trigger +resync cycles. + +.TP +.BR charon.plugins.eap-aka-3gpp2.seq_check " []" +Enable to activate sequence check of the AKA SQN values in order to trigger +resync cycles. + .TP .BR charon.plugins.eap-dynamic.prefer_user " [no]" If enabled the EAP methods proposed in an EAP\-Nak message sent by the peer are @@ -2115,15 +2128,34 @@ Send open listening ports without being prompted. Directory where SWID tags are located. .TP -.BR libimcv.plugins.imc-swid.swid_full " [FALSE]" +.BR libimcv.plugins.imc-swid.swid_full " [no]" Include file information in the XML\-encoded SWID tags. .TP -.BR libimcv.plugins.imc-swid.swid_generator " [/usr/local/bin/swid_generator]" -SWID generator command to be executed. +.BR libimcv.plugins.imc-swid.swid_pretty " [no]" +Generate XML\-encoded SWID tags with pretty indentation. .TP -.BR libimcv.plugins.imc-swid.swid_pretty " [FALSE]" +.BR libimcv.plugins.imc-swima.eid_epoch " [0x11223344]" +Set 32 bit epoch value for event IDs manually if software collector database is +not available. + +.TP +.BR libimcv.plugins.imc-swima.swid_database " []" +URI to software collector database containing event timestamps, software +creation and deletion events and collected software identifiers. If it contains +a password, make sure to adjust the permissions of the config file accordingly. + +.TP +.BR libimcv.plugins.imc-swima.swid_directory " [${prefix}/share]" +Directory where SWID tags are located. + +.TP +.BR libimcv.plugins.imc-swima.swid_full " [no]" +Include file information in the XML\-encoded SWID tags. + +.TP +.BR libimcv.plugins.imc-swima.swid_pretty " [no]" Generate XML\-encoded SWID tags with pretty indentation. .TP @@ -2182,6 +2214,14 @@ Timeout of SWID REST API HTTP POST transaction. .BR libimcv.plugins.imv-swid.rest_api_uri " []" HTTP URI of the SWID REST API. +.TP +.BR libimcv.plugins.imv-swima.rest_api.timeout " [120]" +Timeout of SWID REST API HTTP POST transaction. + +.TP +.BR libimcv.plugins.imv-swima.rest_api.uri " []" +HTTP URI of the SWID REST API. + .TP .BR libimcv.plugins.imv-test.rounds " [0]" Number of IMC\-IMV retry rounds. @@ -2192,6 +2232,18 @@ Disable output to stderr with a stand\-alone .RI "" "libimcv" "" library. +.TP +.BR libimcv.swid_gen.command " [/usr/local/bin/swid_generator]" +SWID generator command to be executed. + +.TP +.BR libimcv.swid_gen.tag_creator.name " [strongSwan Project]" +Name of the tagCreator entity. + +.TP +.BR libimcv.swid_gen.tag_creator.regid " [strongswan.org]" +regid of the tagCreator entity. + .TP .BR manager.database " []" Credential database URI for manager. If it contains a password, make sure to @@ -2290,7 +2342,46 @@ Location of the ipsec.conf file .BR starter.load_warning " [yes]" Disable charon plugin load option warning. +.TP +.B sw-collector +.br +Options for the sw\-collector tool. + +.TP +.BR sw-collector.database " []" +URI to software collector database containing event timestamps, software +creation and deletion events and collected software identifiers. If it contains +a password, make sure to adjust the permissions of the config file accordingly. + +.TP +.BR sw-collector.first_file " [/var/log/bootstrap.log]" +Path pointing to file created when the Linux OS was installed. + +.TP +.BR sw-collector.first_time " [0000-00-00T00:00:00Z]" +Time in UTC when the Linux OS was installed. + +.TP +.BR sw-collector.history " []" +Path pointing to apt history.log file. + +.TP +.BR sw-collector.load " []" +Plugins to load in sw\-collector tool. + +.TP +.BR sw-collector.rest_api.timeout " [120]" +Timeout of REST API HTTP POST transaction. + +.TP +.BR sw-collector.rest_api.uri " []" +HTTP URI of the central collector's REST API. + .TP .BR swanctl.load " []" Plugins to load in swanctl. +.TP +.BR swanctl.socket " [unix://${piddir}/charon.vici]" +VICI socket to connect to by default. + diff --git a/config.h.in b/config.h.in index 49aa093ec..06d399922 100644 --- a/config.h.in +++ b/config.h.in @@ -322,6 +322,12 @@ /* Define to 1 if strerror_r returns char *. */ #undef STRERROR_R_CHAR_P +/* use TCTI Sockets */ +#undef TSS2_TCTI_SOCKET + +/* use TCTI Access Broker and Resource Mamager */ +#undef TSS2_TCTI_TABRMD + /* use TrouSerS library libtspi */ #undef TSS_TROUSERS @@ -340,6 +346,9 @@ /* support for IKEv2 protocol */ #undef USE_IKEV2 +/* build code for JSON */ +#undef USE_JSON + /* use thread ID for thread identification, if available */ #undef USE_THREAD_IDS diff --git a/configure b/configure index 21db5345b..287d2b6eb 100755 --- a/configure +++ b/configure @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for strongSwan 5.5.3. +# Generated by GNU Autoconf 2.69 for strongSwan 5.6.0. # # # Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc. @@ -587,8 +587,8 @@ MAKEFLAGS= # Identity of this package. PACKAGE_NAME='strongSwan' PACKAGE_TARNAME='strongswan' -PACKAGE_VERSION='5.5.3' -PACKAGE_STRING='strongSwan 5.5.3' +PACKAGE_VERSION='5.6.0' +PACKAGE_STRING='strongSwan 5.6.0' PACKAGE_BUGREPORT='' PACKAGE_URL='' @@ -769,6 +769,10 @@ USE_IMV_HCD_FALSE USE_IMV_HCD_TRUE USE_IMC_HCD_FALSE USE_IMC_HCD_TRUE +USE_IMV_SWIMA_FALSE +USE_IMV_SWIMA_TRUE +USE_IMC_SWIMA_FALSE +USE_IMC_SWIMA_TRUE USE_IMV_SWID_FALSE USE_IMV_SWID_TRUE USE_IMC_SWID_FALSE @@ -829,6 +833,8 @@ USE_EAP_MSCHAPV2_FALSE USE_EAP_MSCHAPV2_TRUE USE_EAP_AKA_3GPP2_FALSE USE_EAP_AKA_3GPP2_TRUE +USE_EAP_AKA_3GPP_FALSE +USE_EAP_AKA_3GPP_TRUE USE_EAP_AKA_FALSE USE_EAP_AKA_TRUE USE_EAP_GTC_FALSE @@ -1078,8 +1084,8 @@ MYSQLCFLAG MYSQLCONFIG MYSQLLIB clearsilver_LIBS -RUBYLIB -RUBYINCLUDE +ruby_LIBS +ruby_CFLAGS RUBY gtk_LIBS gtk_CFLAGS @@ -1087,6 +1093,10 @@ json_LIBS json_CFLAGS tss2_LIBS tss2_CFLAGS +tss2_socket_LIBS +tss2_socket_CFLAGS +tss2_tabrmd_LIBS +tss2_tabrmd_CFLAGS systemd_journal_LIBS systemd_journal_CFLAGS systemd_daemon_LIBS @@ -1099,7 +1109,6 @@ soup_LIBS soup_CFLAGS USE_X86X64_FALSE USE_X86X64_TRUE -PLUGIN_CFLAGS USE_WINDOWS_FALSE USE_WINDOWS_TRUE OPENSSL_LIB @@ -1175,6 +1184,7 @@ CPPFLAGS LDFLAGS CFLAGS CC +PLUGIN_CFLAGS ipsec_script_upper charon_natt_port charon_udp_port @@ -1364,6 +1374,7 @@ enable_eap_sim enable_eap_sim_file enable_eap_sim_pcsc enable_eap_aka +enable_eap_aka_3gpp enable_eap_aka_3gpp2 enable_eap_simaka_sql enable_eap_simaka_pseudonym @@ -1421,6 +1432,8 @@ enable_imc_attestation enable_imv_attestation enable_imc_swid enable_imv_swid +enable_imc_swima +enable_imv_swima enable_imc_hcd enable_imv_hcd enable_tnc_ifmap @@ -1524,12 +1537,16 @@ systemd_daemon_CFLAGS systemd_daemon_LIBS systemd_journal_CFLAGS systemd_journal_LIBS -tss2_CFLAGS -tss2_LIBS +tss2_tabrmd_CFLAGS +tss2_tabrmd_LIBS +tss2_socket_CFLAGS +tss2_socket_LIBS json_CFLAGS json_LIBS gtk_CFLAGS gtk_LIBS +ruby_CFLAGS +ruby_LIBS pcsclite_CFLAGS pcsclite_LIBS nm_CFLAGS @@ -2086,7 +2103,7 @@ if test "$ac_init_help" = "long"; then # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures strongSwan 5.5.3 to adapt to many kinds of systems. +\`configure' configures strongSwan 5.6.0 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -2157,7 +2174,7 @@ fi if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of strongSwan 5.5.3:";; + short | recursive ) echo "Configuration of strongSwan 5.6.0:";; esac cat <<\_ACEOF @@ -2238,6 +2255,8 @@ Optional Features: --enable-eap-sim-pcsc enable EAP-SIM backend based on a smartcard reader. Requires libpcsclite. --enable-eap-aka enable EAP AKA authentication module. + --enable-eap-aka-3gpp enable EAP AKA backend implementing 3GPP MILENAGE + algorithms in software. --enable-eap-aka-3gpp2 enable EAP AKA backend implementing 3GPP2 algorithms in software. Requires libgmp. --enable-eap-simaka-sql enable EAP-SIM/AKA backend based on a @@ -2313,6 +2332,8 @@ Optional Features: enable IMV attestation module. --enable-imc-swid enable IMC swid module. --enable-imv-swid enable IMV swid module. + --enable-imc-swima enable IMC swima module. + --enable-imv-swima enable IMV swima module. --enable-imc-hcd enable IMC hcd module. --enable-imv-hcd enable IMV hcd module. --enable-tnc-ifmap enable TNC IF-MAP module. Requires libxml @@ -2540,12 +2561,20 @@ Some influential environment variables: C compiler flags for systemd_journal, overriding pkg-config systemd_journal_LIBS linker flags for systemd_journal, overriding pkg-config - tss2_CFLAGS C compiler flags for tss2, overriding pkg-config - tss2_LIBS linker flags for tss2, overriding pkg-config + tss2_tabrmd_CFLAGS + C compiler flags for tss2_tabrmd, overriding pkg-config + tss2_tabrmd_LIBS + linker flags for tss2_tabrmd, overriding pkg-config + tss2_socket_CFLAGS + C compiler flags for tss2_socket, overriding pkg-config + tss2_socket_LIBS + linker flags for tss2_socket, overriding pkg-config json_CFLAGS C compiler flags for json, overriding pkg-config json_LIBS linker flags for json, overriding pkg-config gtk_CFLAGS C compiler flags for gtk, overriding pkg-config gtk_LIBS linker flags for gtk, overriding pkg-config + ruby_CFLAGS C compiler flags for ruby, overriding pkg-config + ruby_LIBS linker flags for ruby, overriding pkg-config pcsclite_CFLAGS C compiler flags for pcsclite, overriding pkg-config pcsclite_LIBS @@ -2623,7 +2652,7 @@ fi test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -strongSwan configure 5.5.3 +strongSwan configure 5.6.0 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -3145,7 +3174,7 @@ cat >config.log <<_ACEOF This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by strongSwan $as_me 5.5.3, which was +It was created by strongSwan $as_me 5.6.0, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -4008,7 +4037,7 @@ fi # Define the identity of the package. PACKAGE='strongswan' - VERSION='5.5.3' + VERSION='5.6.0' cat >>confdefs.h <<_ACEOF @@ -5842,6 +5871,22 @@ fi disabled_by_default=${disabled_by_default}" eap_aka" +# Check whether --enable-eap-aka-3gpp was given. +if test "${enable_eap_aka_3gpp+set}" = set; then : + enableval=$enable_eap_aka_3gpp; eap_aka_3gpp_given=true + if test x$enableval = xyes; then + eap_aka_3gpp=true + else + eap_aka_3gpp=false + fi +else + eap_aka_3gpp=false + eap_aka_3gpp_given=false + +fi + + disabled_by_default=${disabled_by_default}" eap_aka_3gpp" + # Check whether --enable-eap-aka-3gpp2 was given. if test "${enable_eap_aka_3gpp2+set}" = set; then : enableval=$enable_eap_aka_3gpp2; eap_aka_3gpp2_given=true @@ -6758,6 +6803,38 @@ fi disabled_by_default=${disabled_by_default}" imv_swid" +# Check whether --enable-imc-swima was given. +if test "${enable_imc_swima+set}" = set; then : + enableval=$enable_imc_swima; imc_swima_given=true + if test x$enableval = xyes; then + imc_swima=true + else + imc_swima=false + fi +else + imc_swima=false + imc_swima_given=false + +fi + + disabled_by_default=${disabled_by_default}" imc_swima" + +# Check whether --enable-imv-swima was given. +if test "${enable_imv_swima+set}" = set; then : + enableval=$enable_imv_swima; imv_swima_given=true + if test x$enableval = xyes; then + imv_swima=true + else + imv_swima=false + fi +else + imv_swima=false + imv_swima_given=false + +fi + + disabled_by_default=${disabled_by_default}" imv_swima" + # Check whether --enable-imc-hcd was given. if test "${enable_imc_hcd+set}" = set; then : enableval=$enable_imc_hcd; imc_hcd_given=true @@ -7867,6 +7944,7 @@ fi if test -z "$CFLAGS"; then CFLAGS="-g -O2 -Wall -Wno-format -Wno-format-security -Wno-pointer-sign" fi + ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' @@ -18041,7 +18119,7 @@ if test x$eap_tls = xtrue -o x$eap_ttls = xtrue -o x$eap_peap = xtrue -o x$tnc_t tls=true; fi -if test x$imc_test = xtrue -o x$imv_test = xtrue -o x$imc_scanner = xtrue -o x$imv_scanner = xtrue -o x$imc_os = xtrue -o x$imv_os = xtrue -o x$imc_attestation = xtrue -o x$imv_attestation = xtrue -o x$imc_swid = xtrue -o x$imv_swid = xtrue -o x$imc_hcd = xtrue -o x$imv_hcd = xtrue; then +if test x$imc_test = xtrue -o x$imv_test = xtrue -o x$imc_scanner = xtrue -o x$imv_scanner = xtrue -o x$imc_os = xtrue -o x$imv_os = xtrue -o x$imc_attestation = xtrue -o x$imv_attestation = xtrue -o x$imc_swid = xtrue -o x$imv_swid = xtrue -o x$imc_swima = xtrue -o x$imv_swima = xtrue -o x$imc_hcd = xtrue -o x$imv_hcd = xtrue; then imcv=true; fi @@ -19688,8 +19766,7 @@ else $as_echo "no" >&6; } # GCC, but not MinGW requires -rdynamic for plugins if test x$windows != xtrue; then - PLUGIN_CFLAGS=-rdynamic - + PLUGIN_CFLAGS="$PLUGIN_CFLAGS -rdynamic" fi @@ -20853,11 +20930,84 @@ fi if test x$tss_tss2 = xtrue; then pkg_failed=no -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for tss2" >&5 -$as_echo_n "checking for tss2... " >&6; } +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for tss2_tabrmd" >&5 +$as_echo_n "checking for tss2_tabrmd... " >&6; } + +if test -n "$tss2_tabrmd_CFLAGS"; then + pkg_cv_tss2_tabrmd_CFLAGS="$tss2_tabrmd_CFLAGS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"tcti-tabrmd\""; } >&5 + ($PKG_CONFIG --exists --print-errors "tcti-tabrmd") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + pkg_cv_tss2_tabrmd_CFLAGS=`$PKG_CONFIG --cflags "tcti-tabrmd" 2>/dev/null` + test "x$?" != "x0" && pkg_failed=yes +else + pkg_failed=yes +fi + else + pkg_failed=untried +fi +if test -n "$tss2_tabrmd_LIBS"; then + pkg_cv_tss2_tabrmd_LIBS="$tss2_tabrmd_LIBS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"tcti-tabrmd\""; } >&5 + ($PKG_CONFIG --exists --print-errors "tcti-tabrmd") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + pkg_cv_tss2_tabrmd_LIBS=`$PKG_CONFIG --libs "tcti-tabrmd" 2>/dev/null` + test "x$?" != "x0" && pkg_failed=yes +else + pkg_failed=yes +fi + else + pkg_failed=untried +fi + + + +if test $pkg_failed = yes; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + +if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then + _pkg_short_errors_supported=yes +else + _pkg_short_errors_supported=no +fi + if test $_pkg_short_errors_supported = yes; then + tss2_tabrmd_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "tcti-tabrmd" 2>&1` + else + tss2_tabrmd_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "tcti-tabrmd" 2>&1` + fi + # Put the nasty error message in config.log where it belongs + echo "$tss2_tabrmd_PKG_ERRORS" >&5 + + tss2_tabrmd=false +elif test $pkg_failed = untried; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + tss2_tabrmd=false +else + tss2_tabrmd_CFLAGS=$pkg_cv_tss2_tabrmd_CFLAGS + tss2_tabrmd_LIBS=$pkg_cv_tss2_tabrmd_LIBS + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + tss2_tabrmd=true; +$as_echo "#define TSS2_TCTI_TABRMD /**/" >>confdefs.h + +fi + +pkg_failed=no +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for tss2_socket" >&5 +$as_echo_n "checking for tss2_socket... " >&6; } -if test -n "$tss2_CFLAGS"; then - pkg_cv_tss2_CFLAGS="$tss2_CFLAGS" +if test -n "$tss2_socket_CFLAGS"; then + pkg_cv_tss2_socket_CFLAGS="$tss2_socket_CFLAGS" elif test -n "$PKG_CONFIG"; then if test -n "$PKG_CONFIG" && \ { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"tcti-socket\""; } >&5 @@ -20865,7 +21015,7 @@ if test -n "$tss2_CFLAGS"; then ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then - pkg_cv_tss2_CFLAGS=`$PKG_CONFIG --cflags "tcti-socket" 2>/dev/null` + pkg_cv_tss2_socket_CFLAGS=`$PKG_CONFIG --cflags "tcti-socket" 2>/dev/null` test "x$?" != "x0" && pkg_failed=yes else pkg_failed=yes @@ -20873,8 +21023,8 @@ fi else pkg_failed=untried fi -if test -n "$tss2_LIBS"; then - pkg_cv_tss2_LIBS="$tss2_LIBS" +if test -n "$tss2_socket_LIBS"; then + pkg_cv_tss2_socket_LIBS="$tss2_socket_LIBS" elif test -n "$PKG_CONFIG"; then if test -n "$PKG_CONFIG" && \ { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"tcti-socket\""; } >&5 @@ -20882,7 +21032,7 @@ if test -n "$tss2_LIBS"; then ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then - pkg_cv_tss2_LIBS=`$PKG_CONFIG --libs "tcti-socket" 2>/dev/null` + pkg_cv_tss2_socket_LIBS=`$PKG_CONFIG --libs "tcti-socket" 2>/dev/null` test "x$?" != "x0" && pkg_failed=yes else pkg_failed=yes @@ -20903,52 +21053,44 @@ else _pkg_short_errors_supported=no fi if test $_pkg_short_errors_supported = yes; then - tss2_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "tcti-socket" 2>&1` + tss2_socket_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "tcti-socket" 2>&1` else - tss2_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "tcti-socket" 2>&1` + tss2_socket_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "tcti-socket" 2>&1` fi # Put the nasty error message in config.log where it belongs - echo "$tss2_PKG_ERRORS" >&5 - - as_fn_error $? "Package requirements (tcti-socket) were not met: + echo "$tss2_socket_PKG_ERRORS" >&5 -$tss2_PKG_ERRORS - -Consider adjusting the PKG_CONFIG_PATH environment variable if you -installed software in a non-standard prefix. - -Alternatively, you may set the environment variables tss2_CFLAGS -and tss2_LIBS to avoid the need to call pkg-config. -See the pkg-config man page for more details." "$LINENO" 5 + tss2_socket=false elif test $pkg_failed = untried; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } - { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} -as_fn_error $? "The pkg-config script could not be found or is too old. Make sure it -is in your PATH or set the PKG_CONFIG environment variable to the full -path to pkg-config. - -Alternatively, you may set the environment variables tss2_CFLAGS -and tss2_LIBS to avoid the need to call pkg-config. -See the pkg-config man page for more details. - -To get pkg-config, see . -See \`config.log' for more details" "$LINENO" 5; } + tss2_socket=false else - tss2_CFLAGS=$pkg_cv_tss2_CFLAGS - tss2_LIBS=$pkg_cv_tss2_LIBS + tss2_socket_CFLAGS=$pkg_cv_tss2_socket_CFLAGS + tss2_socket_LIBS=$pkg_cv_tss2_socket_LIBS { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } + tss2_socket=true; +$as_echo "#define TSS2_TCTI_SOCKET /**/" >>confdefs.h + +fi + if test x$tss2_tabrmd = xtrue -o x$tss2_socket = xtrue; then $as_echo "#define TSS_TSS2 /**/" >>confdefs.h -fi + tss2_CFLAGS="$tss2_tabrmd_CFLAGS $tss2_socket_CFLAGS" + tss2_LIBS="$tss2_tabrmd_LIBS $tss2_socket_LIBS" + else + { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error $? "no TSS2 TCTI library detected +See \`config.log' for more details" "$LINENO" 5; } + fi fi -if test x$imv_swid = xtrue; then +if test x$imc_swima = xtrue -o $imv_swima = xtrue -o x$imv_swid = xtrue; then pkg_failed=no { $as_echo "$as_me:${as_lineno-$LINENO}: checking for json" >&5 @@ -21340,64 +21482,99 @@ fi test -n "$RUBY" && break done - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for Ruby header files" >&5 -$as_echo_n "checking for Ruby header files... " >&6; } - if test -n "$RUBY"; then - RUBYINCLUDE= - RUBYDIR=`($RUBY -r rbconfig -e 'print RbConfig::CONFIG["rubyhdrdir"] || ""') 2>/dev/null` - if test -n "$RUBYDIR" -a -r "$RUBYDIR/ruby.h"; then - RUBYARCH=`($RUBY -r rbconfig -e 'print RbConfig::CONFIG["arch"] || ""') 2>/dev/null` - if test -n "$RUBYARCH"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $RUBYDIR" >&5 -$as_echo "$RUBYDIR" >&6; } - RUBYINCLUDE="-I$RUBYDIR -I$RUBYDIR/$RUBYARCH" - fi - else - RUBYDIR=`($RUBY -r rbconfig -e 'print RbConfig::CONFIG["archdir"] || ""') 2>/dev/null` - if test -n "$RUBYDIR" -a -r "$RUBYDIR/ruby.h"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $RUBYDIR" >&5 -$as_echo "$RUBYDIR" >&6; } - RUBYINCLUDE="-I$RUBYDIR" - fi - fi - if test -z "$RUBYINCLUDE"; then - as_fn_error $? "ruby.h not found" "$LINENO" 5 - fi - else - as_fn_error $? "don't know how to run ruby" "$LINENO" 5 - fi - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for libruby" >&5 -$as_echo_n "checking for libruby... " >&6; } - saved_LIBS=$LIBS - LIBS=`($RUBY -r rbconfig -e 'print RbConfig::CONFIG["LIBRUBYARG_SHARED"] || ""') 2>/dev/null` - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ +pkg_failed=no +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for ruby" >&5 +$as_echo_n "checking for ruby... " >&6; } -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char ruby_init (); -int -main () -{ -return ruby_init (); - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $LIBS" >&5 -$as_echo "$LIBS" >&6; }; RUBYLIB=$LIBS +if test -n "$ruby_CFLAGS"; then + pkg_cv_ruby_CFLAGS="$ruby_CFLAGS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"ruby\""; } >&5 + ($PKG_CONFIG --exists --print-errors "ruby") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + pkg_cv_ruby_CFLAGS=`$PKG_CONFIG --cflags "ruby" 2>/dev/null` + test "x$?" != "x0" && pkg_failed=yes else - as_fn_error $? "not found" "$LINENO" 5 + pkg_failed=yes fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext + else + pkg_failed=untried +fi +if test -n "$ruby_LIBS"; then + pkg_cv_ruby_LIBS="$ruby_LIBS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"ruby\""; } >&5 + ($PKG_CONFIG --exists --print-errors "ruby") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + pkg_cv_ruby_LIBS=`$PKG_CONFIG --libs "ruby" 2>/dev/null` + test "x$?" != "x0" && pkg_failed=yes +else + pkg_failed=yes +fi + else + pkg_failed=untried +fi + + +if test $pkg_failed = yes; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + +if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then + _pkg_short_errors_supported=yes +else + _pkg_short_errors_supported=no +fi + if test $_pkg_short_errors_supported = yes; then + ruby_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "ruby" 2>&1` + else + ruby_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "ruby" 2>&1` + fi + # Put the nasty error message in config.log where it belongs + echo "$ruby_PKG_ERRORS" >&5 + + as_fn_error $? "Package requirements (ruby) were not met: + +$ruby_PKG_ERRORS + +Consider adjusting the PKG_CONFIG_PATH environment variable if you +installed software in a non-standard prefix. + +Alternatively, you may set the environment variables ruby_CFLAGS +and ruby_LIBS to avoid the need to call pkg-config. +See the pkg-config man page for more details." "$LINENO" 5 +elif test $pkg_failed = untried; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error $? "The pkg-config script could not be found or is too old. Make sure it +is in your PATH or set the PKG_CONFIG environment variable to the full +path to pkg-config. + +Alternatively, you may set the environment variables ruby_CFLAGS +and ruby_LIBS to avoid the need to call pkg-config. +See the pkg-config man page for more details. + +To get pkg-config, see . +See \`config.log' for more details" "$LINENO" 5; } +else + ruby_CFLAGS=$pkg_cv_ruby_CFLAGS + ruby_LIBS=$pkg_cv_ruby_LIBS + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + +fi + saved_LIBS=$LIBS + LIBS=$ruby_LIBS for ac_func in rb_errinfo do : ac_fn_c_check_func "$LINENO" "rb_errinfo" "ac_cv_func_rb_errinfo" @@ -22859,6 +23036,7 @@ fi COVERAGE_LDFLAGS="-fprofile-arcs" + PLUGIN_CFLAGS="$PLUGIN_CFLAGS $COVERAGE_CFLAGS" { $as_echo "$as_me:${as_lineno-$LINENO}: coverage enabled, adding \"-g -O0\" to CFLAGS" >&5 $as_echo "$as_me: coverage enabled, adding \"-g -O0\" to CFLAGS" >&6;} @@ -23353,6 +23531,7 @@ if test x$acert = xtrue; then if test x$pubkey = xtrue; then s_plugins=${s_plugins}" pubkey" charon_plugins=${charon_plugins}" pubkey" + pki_plugins=${pki_plugins}" pubkey" cmd_plugins=${cmd_plugins}" pubkey" aikgen_plugins=${aikgen_plugins}" pubkey" @@ -23888,6 +24067,12 @@ if test x$eap_aka = xtrue; then fi +if test x$eap_aka_3gpp = xtrue; then + c_plugins=${c_plugins}" eap-aka-3gpp" + charon_plugins=${charon_plugins}" eap-aka-3gpp" + + fi + if test x$eap_aka_3gpp2 = xtrue; then c_plugins=${c_plugins}" eap-aka-3gpp2" charon_plugins=${charon_plugins}" eap-aka-3gpp2" @@ -25008,6 +25193,14 @@ else USE_EAP_AKA_FALSE= fi + if test x$eap_aka_3gpp = xtrue; then + USE_EAP_AKA_3GPP_TRUE= + USE_EAP_AKA_3GPP_FALSE='#' +else + USE_EAP_AKA_3GPP_TRUE='#' + USE_EAP_AKA_3GPP_FALSE= +fi + if test x$eap_aka_3gpp2 = xtrue; then USE_EAP_AKA_3GPP2_TRUE= USE_EAP_AKA_3GPP2_FALSE='#' @@ -25248,6 +25441,22 @@ else USE_IMV_SWID_FALSE= fi + if test x$imc_swima = xtrue; then + USE_IMC_SWIMA_TRUE= + USE_IMC_SWIMA_FALSE='#' +else + USE_IMC_SWIMA_TRUE='#' + USE_IMC_SWIMA_FALSE= +fi + + if test x$imv_swima = xtrue; then + USE_IMV_SWIMA_TRUE= + USE_IMV_SWIMA_FALSE='#' +else + USE_IMV_SWIMA_TRUE='#' + USE_IMV_SWIMA_FALSE= +fi + if test x$imc_hcd = xtrue; then USE_IMC_HCD_TRUE= USE_IMC_HCD_FALSE='#' @@ -25839,6 +26048,11 @@ if test x$fuzzing = xtrue; then $as_echo "#define USE_FUZZING /**/" >>confdefs.h +fi +if test x$imc_swima = xtrue -o x$imv_swima = xtrue -o x$imv_swid = xtrue ; then + +$as_echo "#define USE_JSON /**/" >>confdefs.h + fi # ==================================================== @@ -25886,6 +26100,9 @@ fi if test -z "$USE_SWANCTL_TRUE"; then : strongswan_options=${strongswan_options}" swanctl" fi +if test -z "$USE_SYSTEMD_TRUE"; then : + strongswan_options=${strongswan_options}" charon-systemd" +fi @@ -25893,14 +26110,14 @@ fi # build Makefiles # ================= -ac_config_files="$ac_config_files Makefile conf/Makefile fuzz/Makefile man/Makefile init/Makefile init/systemd/Makefile init/systemd-swanctl/Makefile src/Makefile src/include/Makefile src/libstrongswan/Makefile src/libstrongswan/math/libnttfft/Makefile src/libstrongswan/math/libnttfft/tests/Makefile src/libstrongswan/plugins/aes/Makefile src/libstrongswan/plugins/cmac/Makefile src/libstrongswan/plugins/des/Makefile src/libstrongswan/plugins/blowfish/Makefile src/libstrongswan/plugins/rc2/Makefile src/libstrongswan/plugins/md4/Makefile src/libstrongswan/plugins/md5/Makefile src/libstrongswan/plugins/sha1/Makefile src/libstrongswan/plugins/sha2/Makefile src/libstrongswan/plugins/sha3/Makefile src/libstrongswan/plugins/mgf1/Makefile src/libstrongswan/plugins/fips_prf/Makefile src/libstrongswan/plugins/gmp/Makefile src/libstrongswan/plugins/curve25519/Makefile src/libstrongswan/plugins/rdrand/Makefile src/libstrongswan/plugins/aesni/Makefile src/libstrongswan/plugins/random/Makefile src/libstrongswan/plugins/nonce/Makefile src/libstrongswan/plugins/hmac/Makefile src/libstrongswan/plugins/xcbc/Makefile src/libstrongswan/plugins/x509/Makefile src/libstrongswan/plugins/revocation/Makefile src/libstrongswan/plugins/constraints/Makefile src/libstrongswan/plugins/acert/Makefile src/libstrongswan/plugins/pubkey/Makefile src/libstrongswan/plugins/pkcs1/Makefile src/libstrongswan/plugins/pkcs7/Makefile src/libstrongswan/plugins/pkcs8/Makefile src/libstrongswan/plugins/pkcs12/Makefile src/libstrongswan/plugins/pgp/Makefile src/libstrongswan/plugins/dnskey/Makefile src/libstrongswan/plugins/sshkey/Makefile src/libstrongswan/plugins/pem/Makefile src/libstrongswan/plugins/curl/Makefile src/libstrongswan/plugins/files/Makefile src/libstrongswan/plugins/winhttp/Makefile src/libstrongswan/plugins/unbound/Makefile src/libstrongswan/plugins/soup/Makefile src/libstrongswan/plugins/ldap/Makefile src/libstrongswan/plugins/mysql/Makefile src/libstrongswan/plugins/sqlite/Makefile src/libstrongswan/plugins/padlock/Makefile src/libstrongswan/plugins/openssl/Makefile src/libstrongswan/plugins/gcrypt/Makefile src/libstrongswan/plugins/agent/Makefile src/libstrongswan/plugins/keychain/Makefile src/libstrongswan/plugins/pkcs11/Makefile src/libstrongswan/plugins/chapoly/Makefile src/libstrongswan/plugins/ctr/Makefile src/libstrongswan/plugins/ccm/Makefile src/libstrongswan/plugins/gcm/Makefile src/libstrongswan/plugins/af_alg/Makefile src/libstrongswan/plugins/ntru/Makefile src/libstrongswan/plugins/bliss/Makefile src/libstrongswan/plugins/bliss/tests/Makefile src/libstrongswan/plugins/newhope/Makefile src/libstrongswan/plugins/newhope/tests/Makefile src/libstrongswan/plugins/test_vectors/Makefile src/libstrongswan/tests/Makefile src/libipsec/Makefile src/libipsec/tests/Makefile src/libsimaka/Makefile src/libtls/Makefile src/libtls/tests/Makefile src/libradius/Makefile src/libtncif/Makefile src/libtnccs/Makefile src/libtnccs/plugins/tnc_tnccs/Makefile src/libtnccs/plugins/tnc_imc/Makefile src/libtnccs/plugins/tnc_imv/Makefile src/libtnccs/plugins/tnccs_11/Makefile src/libtnccs/plugins/tnccs_20/Makefile src/libtnccs/plugins/tnccs_dynamic/Makefile src/libpttls/Makefile src/libimcv/Makefile src/libimcv/plugins/imc_test/Makefile src/libimcv/plugins/imv_test/Makefile src/libimcv/plugins/imc_scanner/Makefile src/libimcv/plugins/imv_scanner/Makefile src/libimcv/plugins/imc_os/Makefile src/libimcv/plugins/imv_os/Makefile src/libimcv/plugins/imc_attestation/Makefile src/libimcv/plugins/imv_attestation/Makefile src/libimcv/plugins/imc_swid/Makefile src/libimcv/plugins/imv_swid/Makefile src/libimcv/plugins/imc_hcd/Makefile src/libimcv/plugins/imv_hcd/Makefile src/charon/Makefile src/charon-nm/Makefile src/charon-tkm/Makefile src/charon-cmd/Makefile src/charon-svc/Makefile src/charon-systemd/Makefile src/libcharon/Makefile src/libcharon/plugins/eap_aka/Makefile src/libcharon/plugins/eap_aka_3gpp2/Makefile src/libcharon/plugins/eap_dynamic/Makefile src/libcharon/plugins/eap_identity/Makefile src/libcharon/plugins/eap_md5/Makefile src/libcharon/plugins/eap_gtc/Makefile src/libcharon/plugins/eap_sim/Makefile src/libcharon/plugins/eap_sim_file/Makefile src/libcharon/plugins/eap_sim_pcsc/Makefile src/libcharon/plugins/eap_simaka_sql/Makefile src/libcharon/plugins/eap_simaka_pseudonym/Makefile src/libcharon/plugins/eap_simaka_reauth/Makefile src/libcharon/plugins/eap_mschapv2/Makefile src/libcharon/plugins/eap_tls/Makefile src/libcharon/plugins/eap_ttls/Makefile src/libcharon/plugins/eap_peap/Makefile src/libcharon/plugins/eap_tnc/Makefile src/libcharon/plugins/eap_radius/Makefile src/libcharon/plugins/xauth_generic/Makefile src/libcharon/plugins/xauth_eap/Makefile src/libcharon/plugins/xauth_pam/Makefile src/libcharon/plugins/xauth_noauth/Makefile src/libcharon/plugins/tnc_ifmap/Makefile src/libcharon/plugins/tnc_pdp/Makefile src/libcharon/plugins/socket_default/Makefile src/libcharon/plugins/socket_dynamic/Makefile src/libcharon/plugins/socket_win/Makefile src/libcharon/plugins/bypass_lan/Makefile src/libcharon/plugins/connmark/Makefile src/libcharon/plugins/forecast/Makefile src/libcharon/plugins/farp/Makefile src/libcharon/plugins/smp/Makefile src/libcharon/plugins/sql/Makefile src/libcharon/plugins/dnscert/Makefile src/libcharon/plugins/ipseckey/Makefile src/libcharon/plugins/medsrv/Makefile src/libcharon/plugins/medcli/Makefile src/libcharon/plugins/addrblock/Makefile src/libcharon/plugins/unity/Makefile src/libcharon/plugins/uci/Makefile src/libcharon/plugins/ha/Makefile src/libcharon/plugins/kernel_netlink/Makefile src/libcharon/plugins/kernel_pfkey/Makefile src/libcharon/plugins/kernel_pfroute/Makefile src/libcharon/plugins/kernel_libipsec/Makefile src/libcharon/plugins/kernel_wfp/Makefile src/libcharon/plugins/kernel_iph/Makefile src/libcharon/plugins/whitelist/Makefile src/libcharon/plugins/ext_auth/Makefile src/libcharon/plugins/lookip/Makefile src/libcharon/plugins/error_notify/Makefile src/libcharon/plugins/certexpire/Makefile src/libcharon/plugins/systime_fix/Makefile src/libcharon/plugins/led/Makefile src/libcharon/plugins/duplicheck/Makefile src/libcharon/plugins/coupling/Makefile src/libcharon/plugins/radattr/Makefile src/libcharon/plugins/osx_attr/Makefile src/libcharon/plugins/p_cscf/Makefile src/libcharon/plugins/android_dns/Makefile src/libcharon/plugins/android_log/Makefile src/libcharon/plugins/stroke/Makefile src/libcharon/plugins/vici/Makefile src/libcharon/plugins/vici/ruby/Makefile src/libcharon/plugins/vici/perl/Makefile src/libcharon/plugins/vici/python/Makefile src/libcharon/plugins/updown/Makefile src/libcharon/plugins/dhcp/Makefile src/libcharon/plugins/load_tester/Makefile src/libcharon/plugins/resolve/Makefile src/libcharon/plugins/attr/Makefile src/libcharon/plugins/attr_sql/Makefile src/libcharon/tests/Makefile src/libtpmtss/Makefile src/libtpmtss/plugins/tpm/Makefile src/stroke/Makefile src/ipsec/Makefile src/starter/Makefile src/starter/tests/Makefile src/_updown/Makefile src/_copyright/Makefile src/scepclient/Makefile src/aikgen/Makefile src/pki/Makefile src/pki/man/Makefile src/pool/Makefile src/dumm/Makefile src/dumm/ext/extconf.rb src/libfast/Makefile src/manager/Makefile src/medsrv/Makefile src/checksum/Makefile src/conftest/Makefile src/pt-tls-client/Makefile src/swanctl/Makefile scripts/Makefile testing/Makefile" +ac_config_files="$ac_config_files Makefile conf/Makefile fuzz/Makefile man/Makefile init/Makefile init/systemd/Makefile init/systemd-swanctl/Makefile src/Makefile src/include/Makefile src/libstrongswan/Makefile src/libstrongswan/math/libnttfft/Makefile src/libstrongswan/math/libnttfft/tests/Makefile src/libstrongswan/plugins/aes/Makefile src/libstrongswan/plugins/cmac/Makefile src/libstrongswan/plugins/des/Makefile src/libstrongswan/plugins/blowfish/Makefile src/libstrongswan/plugins/rc2/Makefile src/libstrongswan/plugins/md4/Makefile src/libstrongswan/plugins/md5/Makefile src/libstrongswan/plugins/sha1/Makefile src/libstrongswan/plugins/sha2/Makefile src/libstrongswan/plugins/sha3/Makefile src/libstrongswan/plugins/mgf1/Makefile src/libstrongswan/plugins/fips_prf/Makefile src/libstrongswan/plugins/gmp/Makefile src/libstrongswan/plugins/curve25519/Makefile src/libstrongswan/plugins/rdrand/Makefile src/libstrongswan/plugins/aesni/Makefile src/libstrongswan/plugins/random/Makefile src/libstrongswan/plugins/nonce/Makefile src/libstrongswan/plugins/hmac/Makefile src/libstrongswan/plugins/xcbc/Makefile src/libstrongswan/plugins/x509/Makefile src/libstrongswan/plugins/revocation/Makefile src/libstrongswan/plugins/constraints/Makefile src/libstrongswan/plugins/acert/Makefile src/libstrongswan/plugins/pubkey/Makefile src/libstrongswan/plugins/pkcs1/Makefile src/libstrongswan/plugins/pkcs7/Makefile src/libstrongswan/plugins/pkcs8/Makefile src/libstrongswan/plugins/pkcs12/Makefile src/libstrongswan/plugins/pgp/Makefile src/libstrongswan/plugins/dnskey/Makefile src/libstrongswan/plugins/sshkey/Makefile src/libstrongswan/plugins/pem/Makefile src/libstrongswan/plugins/curl/Makefile src/libstrongswan/plugins/files/Makefile src/libstrongswan/plugins/winhttp/Makefile src/libstrongswan/plugins/unbound/Makefile src/libstrongswan/plugins/soup/Makefile src/libstrongswan/plugins/ldap/Makefile src/libstrongswan/plugins/mysql/Makefile src/libstrongswan/plugins/sqlite/Makefile src/libstrongswan/plugins/padlock/Makefile src/libstrongswan/plugins/openssl/Makefile src/libstrongswan/plugins/gcrypt/Makefile src/libstrongswan/plugins/agent/Makefile src/libstrongswan/plugins/keychain/Makefile src/libstrongswan/plugins/pkcs11/Makefile src/libstrongswan/plugins/chapoly/Makefile src/libstrongswan/plugins/ctr/Makefile src/libstrongswan/plugins/ccm/Makefile src/libstrongswan/plugins/gcm/Makefile src/libstrongswan/plugins/af_alg/Makefile src/libstrongswan/plugins/ntru/Makefile src/libstrongswan/plugins/bliss/Makefile src/libstrongswan/plugins/bliss/tests/Makefile src/libstrongswan/plugins/newhope/Makefile src/libstrongswan/plugins/newhope/tests/Makefile src/libstrongswan/plugins/test_vectors/Makefile src/libstrongswan/tests/Makefile src/libipsec/Makefile src/libipsec/tests/Makefile src/libsimaka/Makefile src/libtls/Makefile src/libtls/tests/Makefile src/libradius/Makefile src/libtncif/Makefile src/libtnccs/Makefile src/libtnccs/plugins/tnc_tnccs/Makefile src/libtnccs/plugins/tnc_imc/Makefile src/libtnccs/plugins/tnc_imv/Makefile src/libtnccs/plugins/tnccs_11/Makefile src/libtnccs/plugins/tnccs_20/Makefile src/libtnccs/plugins/tnccs_dynamic/Makefile src/libpttls/Makefile src/libimcv/Makefile src/libimcv/plugins/imc_test/Makefile src/libimcv/plugins/imv_test/Makefile src/libimcv/plugins/imc_scanner/Makefile src/libimcv/plugins/imv_scanner/Makefile src/libimcv/plugins/imc_os/Makefile src/libimcv/plugins/imv_os/Makefile src/libimcv/plugins/imc_attestation/Makefile src/libimcv/plugins/imv_attestation/Makefile src/libimcv/plugins/imc_swid/Makefile src/libimcv/plugins/imv_swid/Makefile src/libimcv/plugins/imc_swima/Makefile src/libimcv/plugins/imv_swima/Makefile src/libimcv/plugins/imc_hcd/Makefile src/libimcv/plugins/imv_hcd/Makefile src/charon/Makefile src/charon-nm/Makefile src/charon-tkm/Makefile src/charon-cmd/Makefile src/charon-svc/Makefile src/charon-systemd/Makefile src/libcharon/Makefile src/libcharon/plugins/eap_aka/Makefile src/libcharon/plugins/eap_aka_3gpp/Makefile src/libcharon/plugins/eap_aka_3gpp2/Makefile src/libcharon/plugins/eap_dynamic/Makefile src/libcharon/plugins/eap_identity/Makefile src/libcharon/plugins/eap_md5/Makefile src/libcharon/plugins/eap_gtc/Makefile src/libcharon/plugins/eap_sim/Makefile src/libcharon/plugins/eap_sim_file/Makefile src/libcharon/plugins/eap_sim_pcsc/Makefile src/libcharon/plugins/eap_simaka_sql/Makefile src/libcharon/plugins/eap_simaka_pseudonym/Makefile src/libcharon/plugins/eap_simaka_reauth/Makefile src/libcharon/plugins/eap_mschapv2/Makefile src/libcharon/plugins/eap_tls/Makefile src/libcharon/plugins/eap_ttls/Makefile src/libcharon/plugins/eap_peap/Makefile src/libcharon/plugins/eap_tnc/Makefile src/libcharon/plugins/eap_radius/Makefile src/libcharon/plugins/xauth_generic/Makefile src/libcharon/plugins/xauth_eap/Makefile src/libcharon/plugins/xauth_pam/Makefile src/libcharon/plugins/xauth_noauth/Makefile src/libcharon/plugins/tnc_ifmap/Makefile src/libcharon/plugins/tnc_pdp/Makefile src/libcharon/plugins/socket_default/Makefile src/libcharon/plugins/socket_dynamic/Makefile src/libcharon/plugins/socket_win/Makefile src/libcharon/plugins/bypass_lan/Makefile src/libcharon/plugins/connmark/Makefile src/libcharon/plugins/forecast/Makefile src/libcharon/plugins/farp/Makefile src/libcharon/plugins/smp/Makefile src/libcharon/plugins/sql/Makefile src/libcharon/plugins/dnscert/Makefile src/libcharon/plugins/ipseckey/Makefile src/libcharon/plugins/medsrv/Makefile src/libcharon/plugins/medcli/Makefile src/libcharon/plugins/addrblock/Makefile src/libcharon/plugins/unity/Makefile src/libcharon/plugins/uci/Makefile src/libcharon/plugins/ha/Makefile src/libcharon/plugins/kernel_netlink/Makefile src/libcharon/plugins/kernel_pfkey/Makefile src/libcharon/plugins/kernel_pfroute/Makefile src/libcharon/plugins/kernel_libipsec/Makefile src/libcharon/plugins/kernel_wfp/Makefile src/libcharon/plugins/kernel_iph/Makefile src/libcharon/plugins/whitelist/Makefile src/libcharon/plugins/ext_auth/Makefile src/libcharon/plugins/lookip/Makefile src/libcharon/plugins/error_notify/Makefile src/libcharon/plugins/certexpire/Makefile src/libcharon/plugins/systime_fix/Makefile src/libcharon/plugins/led/Makefile src/libcharon/plugins/duplicheck/Makefile src/libcharon/plugins/coupling/Makefile src/libcharon/plugins/radattr/Makefile src/libcharon/plugins/osx_attr/Makefile src/libcharon/plugins/p_cscf/Makefile src/libcharon/plugins/android_dns/Makefile src/libcharon/plugins/android_log/Makefile src/libcharon/plugins/stroke/Makefile src/libcharon/plugins/vici/Makefile src/libcharon/plugins/vici/ruby/Makefile src/libcharon/plugins/vici/perl/Makefile src/libcharon/plugins/vici/python/Makefile src/libcharon/plugins/updown/Makefile src/libcharon/plugins/dhcp/Makefile src/libcharon/plugins/load_tester/Makefile src/libcharon/plugins/resolve/Makefile src/libcharon/plugins/attr/Makefile src/libcharon/plugins/attr_sql/Makefile src/libcharon/tests/Makefile src/libtpmtss/Makefile src/libtpmtss/plugins/tpm/Makefile src/stroke/Makefile src/ipsec/Makefile src/starter/Makefile src/starter/tests/Makefile src/_updown/Makefile src/_copyright/Makefile src/scepclient/Makefile src/aikgen/Makefile src/pki/Makefile src/pki/man/Makefile src/pool/Makefile src/dumm/Makefile src/dumm/ext/extconf.rb src/libfast/Makefile src/manager/Makefile src/medsrv/Makefile src/checksum/Makefile src/conftest/Makefile src/pt-tls-client/Makefile src/sw-collector/Makefile src/swanctl/Makefile scripts/Makefile testing/Makefile" # ================= # build man pages # ================= -ac_config_files="$ac_config_files conf/strongswan.conf.5.head conf/strongswan.conf.5.tail man/ipsec.conf.5 man/ipsec.secrets.5 src/charon-cmd/charon-cmd.8 src/pki/man/pki.1 src/pki/man/pki---acert.1 src/pki/man/pki---dn.1 src/pki/man/pki---gen.1 src/pki/man/pki---issue.1 src/pki/man/pki---keyid.1 src/pki/man/pki---pkcs12.1 src/pki/man/pki---pkcs7.1 src/pki/man/pki---print.1 src/pki/man/pki---pub.1 src/pki/man/pki---req.1 src/pki/man/pki---self.1 src/pki/man/pki---signcrl.1 src/pki/man/pki---verify.1 src/swanctl/swanctl.8 src/swanctl/swanctl.conf.5.head src/swanctl/swanctl.conf.5.tail" +ac_config_files="$ac_config_files conf/strongswan.conf.5.head conf/strongswan.conf.5.tail man/ipsec.conf.5 man/ipsec.secrets.5 src/charon-cmd/charon-cmd.8 src/pki/man/pki.1 src/pki/man/pki---acert.1 src/pki/man/pki---dn.1 src/pki/man/pki---gen.1 src/pki/man/pki---issue.1 src/pki/man/pki---keyid.1 src/pki/man/pki---pkcs12.1 src/pki/man/pki---pkcs7.1 src/pki/man/pki---print.1 src/pki/man/pki---pub.1 src/pki/man/pki---req.1 src/pki/man/pki---self.1 src/pki/man/pki---signcrl.1 src/pki/man/pki---verify.1 src/swanctl/swanctl.8 src/swanctl/swanctl.conf.5.head src/swanctl/swanctl.conf.5.tail src/pt-tls-client/pt-tls-client.1 src/sw-collector/sw-collector.8" cat >confcache <<\_ACEOF @@ -26465,6 +26682,10 @@ if test -z "${USE_EAP_AKA_TRUE}" && test -z "${USE_EAP_AKA_FALSE}"; then as_fn_error $? "conditional \"USE_EAP_AKA\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi +if test -z "${USE_EAP_AKA_3GPP_TRUE}" && test -z "${USE_EAP_AKA_3GPP_FALSE}"; then + as_fn_error $? "conditional \"USE_EAP_AKA_3GPP\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi if test -z "${USE_EAP_AKA_3GPP2_TRUE}" && test -z "${USE_EAP_AKA_3GPP2_FALSE}"; then as_fn_error $? "conditional \"USE_EAP_AKA_3GPP2\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 @@ -26585,6 +26806,14 @@ if test -z "${USE_IMV_SWID_TRUE}" && test -z "${USE_IMV_SWID_FALSE}"; then as_fn_error $? "conditional \"USE_IMV_SWID\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi +if test -z "${USE_IMC_SWIMA_TRUE}" && test -z "${USE_IMC_SWIMA_FALSE}"; then + as_fn_error $? "conditional \"USE_IMC_SWIMA\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${USE_IMV_SWIMA_TRUE}" && test -z "${USE_IMV_SWIMA_FALSE}"; then + as_fn_error $? "conditional \"USE_IMV_SWIMA\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi if test -z "${USE_IMC_HCD_TRUE}" && test -z "${USE_IMC_HCD_FALSE}"; then as_fn_error $? "conditional \"USE_IMC_HCD\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 @@ -27254,7 +27483,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by strongSwan $as_me 5.5.3, which was +This file was extended by strongSwan $as_me 5.6.0, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -27320,7 +27549,7 @@ _ACEOF cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -strongSwan config.status 5.5.3 +strongSwan config.status 5.6.0 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" @@ -27832,6 +28061,8 @@ do "src/libimcv/plugins/imv_attestation/Makefile") CONFIG_FILES="$CONFIG_FILES src/libimcv/plugins/imv_attestation/Makefile" ;; "src/libimcv/plugins/imc_swid/Makefile") CONFIG_FILES="$CONFIG_FILES src/libimcv/plugins/imc_swid/Makefile" ;; "src/libimcv/plugins/imv_swid/Makefile") CONFIG_FILES="$CONFIG_FILES src/libimcv/plugins/imv_swid/Makefile" ;; + "src/libimcv/plugins/imc_swima/Makefile") CONFIG_FILES="$CONFIG_FILES src/libimcv/plugins/imc_swima/Makefile" ;; + "src/libimcv/plugins/imv_swima/Makefile") CONFIG_FILES="$CONFIG_FILES src/libimcv/plugins/imv_swima/Makefile" ;; "src/libimcv/plugins/imc_hcd/Makefile") CONFIG_FILES="$CONFIG_FILES src/libimcv/plugins/imc_hcd/Makefile" ;; "src/libimcv/plugins/imv_hcd/Makefile") CONFIG_FILES="$CONFIG_FILES src/libimcv/plugins/imv_hcd/Makefile" ;; "src/charon/Makefile") CONFIG_FILES="$CONFIG_FILES src/charon/Makefile" ;; @@ -27842,6 +28073,7 @@ do "src/charon-systemd/Makefile") CONFIG_FILES="$CONFIG_FILES src/charon-systemd/Makefile" ;; "src/libcharon/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/Makefile" ;; "src/libcharon/plugins/eap_aka/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/eap_aka/Makefile" ;; + "src/libcharon/plugins/eap_aka_3gpp/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/eap_aka_3gpp/Makefile" ;; "src/libcharon/plugins/eap_aka_3gpp2/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/eap_aka_3gpp2/Makefile" ;; "src/libcharon/plugins/eap_dynamic/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/eap_dynamic/Makefile" ;; "src/libcharon/plugins/eap_identity/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/eap_identity/Makefile" ;; @@ -27935,6 +28167,7 @@ do "src/checksum/Makefile") CONFIG_FILES="$CONFIG_FILES src/checksum/Makefile" ;; "src/conftest/Makefile") CONFIG_FILES="$CONFIG_FILES src/conftest/Makefile" ;; "src/pt-tls-client/Makefile") CONFIG_FILES="$CONFIG_FILES src/pt-tls-client/Makefile" ;; + "src/sw-collector/Makefile") CONFIG_FILES="$CONFIG_FILES src/sw-collector/Makefile" ;; "src/swanctl/Makefile") CONFIG_FILES="$CONFIG_FILES src/swanctl/Makefile" ;; "scripts/Makefile") CONFIG_FILES="$CONFIG_FILES scripts/Makefile" ;; "testing/Makefile") CONFIG_FILES="$CONFIG_FILES testing/Makefile" ;; @@ -27960,6 +28193,8 @@ do "src/swanctl/swanctl.8") CONFIG_FILES="$CONFIG_FILES src/swanctl/swanctl.8" ;; "src/swanctl/swanctl.conf.5.head") CONFIG_FILES="$CONFIG_FILES src/swanctl/swanctl.conf.5.head" ;; "src/swanctl/swanctl.conf.5.tail") CONFIG_FILES="$CONFIG_FILES src/swanctl/swanctl.conf.5.tail" ;; + "src/pt-tls-client/pt-tls-client.1") CONFIG_FILES="$CONFIG_FILES src/pt-tls-client/pt-tls-client.1" ;; + "src/sw-collector/sw-collector.8") CONFIG_FILES="$CONFIG_FILES src/sw-collector/sw-collector.8" ;; *) as_fn_error $? "invalid argument: \`$ac_config_target'" "$LINENO" 5;; esac diff --git a/configure.ac b/configure.ac index 1ca254e61..45277d967 100644 --- a/configure.ac +++ b/configure.ac @@ -19,7 +19,7 @@ # initialize & set some vars # ============================ -AC_INIT([strongSwan],[5.5.3]) +AC_INIT([strongSwan],[5.6.0]) AM_INIT_AUTOMAKE(m4_esyscmd([ echo tar-ustar echo subdir-objects @@ -185,6 +185,7 @@ ARG_ENABL_SET([eap-sim], [enable SIM authentication module for EAP.]) ARG_ENABL_SET([eap-sim-file], [enable EAP-SIM backend based on a triplet file.]) ARG_ENABL_SET([eap-sim-pcsc], [enable EAP-SIM backend based on a smartcard reader. Requires libpcsclite.]) ARG_ENABL_SET([eap-aka], [enable EAP AKA authentication module.]) +ARG_ENABL_SET([eap-aka-3gpp], [enable EAP AKA backend implementing 3GPP MILENAGE algorithms in software.]) ARG_ENABL_SET([eap-aka-3gpp2], [enable EAP AKA backend implementing 3GPP2 algorithms in software. Requires libgmp.]) ARG_ENABL_SET([eap-simaka-sql], [enable EAP-SIM/AKA backend based on a triplet/quintuplet SQL database.]) ARG_ENABL_SET([eap-simaka-pseudonym], [enable EAP-SIM/AKA pseudonym storage plugin.]) @@ -246,6 +247,8 @@ ARG_ENABL_SET([imc-attestation],[enable IMC attestation module.]) ARG_ENABL_SET([imv-attestation],[enable IMV attestation module.]) ARG_ENABL_SET([imc-swid], [enable IMC swid module.]) ARG_ENABL_SET([imv-swid], [enable IMV swid module.]) +ARG_ENABL_SET([imc-swima], [enable IMC swima module.]) +ARG_ENABL_SET([imv-swima], [enable IMV swima module.]) ARG_ENABL_SET([imc-hcd], [enable IMC hcd module.]) ARG_ENABL_SET([imv-hcd], [enable IMV hcd module.]) ARG_ENABL_SET([tnc-ifmap], [enable TNC IF-MAP module. Requires libxml]) @@ -350,6 +353,7 @@ fi if test -z "$CFLAGS"; then CFLAGS="-g -O2 -Wall -Wno-format -Wno-format-security -Wno-pointer-sign" fi +AC_SUBST(PLUGIN_CFLAGS) AC_PROG_CC AM_PROG_CC_C_O @@ -420,7 +424,7 @@ if test x$eap_tls = xtrue -o x$eap_ttls = xtrue -o x$eap_peap = xtrue -o x$tnc_t tls=true; fi -if test x$imc_test = xtrue -o x$imv_test = xtrue -o x$imc_scanner = xtrue -o x$imv_scanner = xtrue -o x$imc_os = xtrue -o x$imv_os = xtrue -o x$imc_attestation = xtrue -o x$imv_attestation = xtrue -o x$imc_swid = xtrue -o x$imv_swid = xtrue -o x$imc_hcd = xtrue -o x$imv_hcd = xtrue; then +if test x$imc_test = xtrue -o x$imv_test = xtrue -o x$imc_scanner = xtrue -o x$imv_scanner = xtrue -o x$imc_os = xtrue -o x$imv_os = xtrue -o x$imc_attestation = xtrue -o x$imv_attestation = xtrue -o x$imc_swid = xtrue -o x$imv_swid = xtrue -o x$imc_swima = xtrue -o x$imv_swima = xtrue -o x$imc_hcd = xtrue -o x$imv_hcd = xtrue; then imcv=true; fi @@ -877,7 +881,7 @@ AC_COMPILE_IFELSE( AC_MSG_RESULT([no]) # GCC, but not MinGW requires -rdynamic for plugins if test x$windows != xtrue; then - AC_SUBST(PLUGIN_CFLAGS, [-rdynamic]) + PLUGIN_CFLAGS="$PLUGIN_CFLAGS -rdynamic" fi ] ) @@ -994,12 +998,22 @@ if test x$tss_trousers = xtrue; then fi if test x$tss_tss2 = xtrue; then - PKG_CHECK_MODULES(tss2, [tcti-socket], [AC_DEFINE([TSS_TSS2], [], [use TSS 2.0 libraries])]) - AC_SUBST(tss2_CFLAGS) - AC_SUBST(tss2_LIBS) + PKG_CHECK_MODULES(tss2_tabrmd, [tcti-tabrmd], + [tss2_tabrmd=true; AC_DEFINE([TSS2_TCTI_TABRMD], [], [use TCTI Access Broker and Resource Mamager])], + [tss2_tabrmd=false]) + PKG_CHECK_MODULES(tss2_socket, [tcti-socket], + [tss2_socket=true; AC_DEFINE([TSS2_TCTI_SOCKET], [], [use TCTI Sockets])], + [tss2_socket=false]) + if test x$tss2_tabrmd = xtrue -o x$tss2_socket = xtrue; then + AC_DEFINE([TSS_TSS2], [], [use TSS 2.0 libraries]) + AC_SUBST(tss2_CFLAGS, "$tss2_tabrmd_CFLAGS $tss2_socket_CFLAGS") + AC_SUBST(tss2_LIBS, "$tss2_tabrmd_LIBS $tss2_socket_LIBS") + else + AC_MSG_FAILURE([no TSS2 TCTI library detected]) + fi fi -if test x$imv_swid = xtrue; then +if test x$imc_swima = xtrue -o $imv_swima = xtrue -o x$imv_swid = xtrue; then PKG_CHECK_MODULES(json, [json-c], [], [PKG_CHECK_MODULES(json, [json])]) AC_SUBST(json_CFLAGS) @@ -1011,37 +1025,9 @@ if test x$dumm = xtrue; then AC_SUBST(gtk_CFLAGS) AC_SUBST(gtk_LIBS) AC_CHECK_PROGS(RUBY, ruby) - AC_MSG_CHECKING([for Ruby header files]) - if test -n "$RUBY"; then - RUBYINCLUDE= - RUBYDIR=`($RUBY -r rbconfig -e 'print RbConfig::CONFIG[["rubyhdrdir"]] || ""') 2>/dev/null` - if test -n "$RUBYDIR" -a -r "$RUBYDIR/ruby.h"; then - RUBYARCH=`($RUBY -r rbconfig -e 'print RbConfig::CONFIG[["arch"]] || ""') 2>/dev/null` - if test -n "$RUBYARCH"; then - AC_MSG_RESULT([$RUBYDIR]) - RUBYINCLUDE="-I$RUBYDIR -I$RUBYDIR/$RUBYARCH" - fi - else - RUBYDIR=`($RUBY -r rbconfig -e 'print RbConfig::CONFIG[["archdir"]] || ""') 2>/dev/null` - if test -n "$RUBYDIR" -a -r "$RUBYDIR/ruby.h"; then - AC_MSG_RESULT([$RUBYDIR]) - RUBYINCLUDE="-I$RUBYDIR" - fi - fi - if test -z "$RUBYINCLUDE"; then - AC_MSG_ERROR([ruby.h not found]) - fi - AC_SUBST(RUBYINCLUDE) - else - AC_MSG_ERROR([don't know how to run ruby]) - fi - AC_MSG_CHECKING([for libruby]) + PKG_CHECK_MODULES(ruby, [ruby]) saved_LIBS=$LIBS - LIBS=`($RUBY -r rbconfig -e 'print RbConfig::CONFIG[["LIBRUBYARG_SHARED"]] || ""') 2>/dev/null` - AC_TRY_LINK_FUNC(ruby_init, - [AC_MSG_RESULT([$LIBS]); RUBYLIB=$LIBS], - [AC_MSG_ERROR([not found])]) - AC_SUBST(RUBYLIB) + LIBS=$ruby_LIBS AC_CHECK_FUNCS(rb_errinfo) LIBS=$saved_LIBS fi @@ -1261,6 +1247,7 @@ if test x$coverage = xtrue; then COVERAGE_LDFLAGS="-fprofile-arcs" AC_SUBST(COVERAGE_CFLAGS) AC_SUBST(COVERAGE_LDFLAGS) + PLUGIN_CFLAGS="$PLUGIN_CFLAGS $COVERAGE_CFLAGS" AC_MSG_NOTICE([coverage enabled, adding "-g -O0" to CFLAGS]) CFLAGS="${CFLAGS} -g -O0" @@ -1362,7 +1349,7 @@ ADD_PLUGIN([x509], [s charon scepclient pki scripts attest nm cm ADD_PLUGIN([revocation], [s charon pki nm cmd]) ADD_PLUGIN([constraints], [s charon nm cmd]) ADD_PLUGIN([acert], [s charon]) -ADD_PLUGIN([pubkey], [s charon cmd aikgen]) +ADD_PLUGIN([pubkey], [s charon pki cmd aikgen]) ADD_PLUGIN([pkcs1], [s charon scepclient pki scripts manager medsrv attest nm cmd aikgen fuzz]) ADD_PLUGIN([pkcs7], [s charon scepclient pki scripts nm cmd]) ADD_PLUGIN([pkcs8], [s charon scepclient pki scripts manager medsrv attest nm cmd]) @@ -1425,6 +1412,7 @@ ADD_PLUGIN([eap-sim], [c charon]) ADD_PLUGIN([eap-sim-file], [c charon]) ADD_PLUGIN([eap-sim-pcsc], [c charon]) ADD_PLUGIN([eap-aka], [c charon]) +ADD_PLUGIN([eap-aka-3gpp], [c charon]) ADD_PLUGIN([eap-aka-3gpp2], [c charon]) ADD_PLUGIN([eap-simaka-sql], [c charon]) ADD_PLUGIN([eap-simaka-pseudonym], [c charon]) @@ -1600,6 +1588,7 @@ AM_CONDITIONAL(USE_EAP_IDENTITY, test x$eap_identity = xtrue) AM_CONDITIONAL(USE_EAP_MD5, test x$eap_md5 = xtrue) AM_CONDITIONAL(USE_EAP_GTC, test x$eap_gtc = xtrue) AM_CONDITIONAL(USE_EAP_AKA, test x$eap_aka = xtrue) +AM_CONDITIONAL(USE_EAP_AKA_3GPP, test x$eap_aka_3gpp = xtrue) AM_CONDITIONAL(USE_EAP_AKA_3GPP2, test x$eap_aka_3gpp2 = xtrue) AM_CONDITIONAL(USE_EAP_MSCHAPV2, test x$eap_mschapv2 = xtrue) AM_CONDITIONAL(USE_EAP_TLS, test x$eap_tls = xtrue) @@ -1630,6 +1619,8 @@ AM_CONDITIONAL(USE_IMC_ATTESTATION, test x$imc_attestation = xtrue) AM_CONDITIONAL(USE_IMV_ATTESTATION, test x$imv_attestation = xtrue) AM_CONDITIONAL(USE_IMC_SWID, test x$imc_swid = xtrue) AM_CONDITIONAL(USE_IMV_SWID, test x$imv_swid = xtrue) +AM_CONDITIONAL(USE_IMC_SWIMA, test x$imc_swima = xtrue) +AM_CONDITIONAL(USE_IMV_SWIMA, test x$imv_swima = xtrue) AM_CONDITIONAL(USE_IMC_HCD, test x$imc_hcd = xtrue) AM_CONDITIONAL(USE_IMV_HCD, test x$imv_hcd = xtrue) AM_CONDITIONAL(USE_SOCKET_DEFAULT, test x$socket_default = xtrue) @@ -1730,6 +1721,9 @@ fi if test x$fuzzing = xtrue; then AC_DEFINE([USE_FUZZING], [], [build code for fuzzing]) fi +if test x$imc_swima = xtrue -o x$imv_swima = xtrue -o x$imv_swid = xtrue ; then + AC_DEFINE([USE_JSON], [], [build code for JSON]) +fi # ==================================================== # options for enabled modules (see conf/Makefile.am) @@ -1750,6 +1744,7 @@ AM_COND_IF([USE_MEDSRV], [strongswan_options=${strongswan_options}" medsrv"]) AM_COND_IF([USE_SCEPCLIENT], [strongswan_options=${strongswan_options}" scepclient"]) AM_COND_IF([USE_PKI], [strongswan_options=${strongswan_options}" pki"]) AM_COND_IF([USE_SWANCTL], [strongswan_options=${strongswan_options}" swanctl"]) +AM_COND_IF([USE_SYSTEMD], [strongswan_options=${strongswan_options}" charon-systemd"]) AC_SUBST(strongswan_options) @@ -1855,6 +1850,8 @@ AC_CONFIG_FILES([ src/libimcv/plugins/imv_attestation/Makefile src/libimcv/plugins/imc_swid/Makefile src/libimcv/plugins/imv_swid/Makefile + src/libimcv/plugins/imc_swima/Makefile + src/libimcv/plugins/imv_swima/Makefile src/libimcv/plugins/imc_hcd/Makefile src/libimcv/plugins/imv_hcd/Makefile src/charon/Makefile @@ -1865,6 +1862,7 @@ AC_CONFIG_FILES([ src/charon-systemd/Makefile src/libcharon/Makefile src/libcharon/plugins/eap_aka/Makefile + src/libcharon/plugins/eap_aka_3gpp/Makefile src/libcharon/plugins/eap_aka_3gpp2/Makefile src/libcharon/plugins/eap_dynamic/Makefile src/libcharon/plugins/eap_identity/Makefile @@ -1958,6 +1956,7 @@ AC_CONFIG_FILES([ src/checksum/Makefile src/conftest/Makefile src/pt-tls-client/Makefile + src/sw-collector/Makefile src/swanctl/Makefile scripts/Makefile testing/Makefile @@ -1990,6 +1989,8 @@ AC_CONFIG_FILES([ src/swanctl/swanctl.8 src/swanctl/swanctl.conf.5.head src/swanctl/swanctl.conf.5.tail + src/pt-tls-client/pt-tls-client.1 + src/sw-collector/sw-collector.8 ]) AC_OUTPUT diff --git a/fuzz/Makefile.in b/fuzz/Makefile.in index ea2365fa3..8306f44ec 100644 --- a/fuzz/Makefile.in +++ b/fuzz/Makefile.in @@ -235,8 +235,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -337,6 +335,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -365,6 +365,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/init/Makefile.in b/init/Makefile.in index 118b62ede..a0b2b9bca 100644 --- a/init/Makefile.in +++ b/init/Makefile.in @@ -289,8 +289,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -391,6 +389,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -419,6 +419,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/init/systemd-swanctl/Makefile.in b/init/systemd-swanctl/Makefile.in index 432e87c0a..b68958d46 100644 --- a/init/systemd-swanctl/Makefile.in +++ b/init/systemd-swanctl/Makefile.in @@ -257,8 +257,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -359,6 +357,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -387,6 +387,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/init/systemd/Makefile.in b/init/systemd/Makefile.in index a551f8f6f..3e20f5c7f 100644 --- a/init/systemd/Makefile.in +++ b/init/systemd/Makefile.in @@ -257,8 +257,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -359,6 +357,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -387,6 +387,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/man/Makefile.in b/man/Makefile.in index 22b23c0bb..795505a14 100644 --- a/man/Makefile.in +++ b/man/Makefile.in @@ -263,8 +263,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -365,6 +363,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -393,6 +393,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/man/ipsec.conf.5.in b/man/ipsec.conf.5.in index fef44ae21..69aeba8cb 100644 --- a/man/ipsec.conf.5.in +++ b/man/ipsec.conf.5.in @@ -1037,7 +1037,10 @@ mask of .B 0xffffffff is assumed. The special value .B %unique -assigns a unique value to each newly created IPsec SA. +assigns a unique value to each newly created IPsec SA. To additionally +make the mark unique for each IPsec SA direction (in/out) the special value +.B %unique-dir +may be used. .TP .BR mark_in " = [/]" sets an XFRM mark in the inbound IPsec SA and diff --git a/scripts/Makefile.in b/scripts/Makefile.in index 2dcbe4d88..1f1c37bc5 100644 --- a/scripts/Makefile.in +++ b/scripts/Makefile.in @@ -371,8 +371,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -473,6 +471,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -501,6 +501,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/Makefile.am b/src/Makefile.am index df171b270..1bdb8337c 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -128,6 +128,10 @@ if USE_LIBPTTLS SUBDIRS += pt-tls-client endif +if USE_IMC_SWIMA + SUBDIRS += sw-collector +endif + if USE_INTEGRITY_TEST SUBDIRS += checksum endif diff --git a/src/Makefile.in b/src/Makefile.in index 17c4a9ad7..84d2ad9a1 100644 --- a/src/Makefile.in +++ b/src/Makefile.in @@ -119,8 +119,9 @@ host_triplet = @host@ @USE_CMD_TRUE@am__append_30 = charon-cmd @USE_SVC_TRUE@am__append_31 = charon-svc @USE_LIBPTTLS_TRUE@am__append_32 = pt-tls-client -@USE_INTEGRITY_TEST_TRUE@am__append_33 = checksum -@USE_AIKGEN_TRUE@am__append_34 = aikgen +@USE_IMC_SWIMA_TRUE@am__append_33 = sw-collector +@USE_INTEGRITY_TEST_TRUE@am__append_34 = checksum +@USE_AIKGEN_TRUE@am__append_35 = aikgen subdir = src ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ @@ -199,7 +200,7 @@ DIST_SUBDIRS = . include libstrongswan libipsec libsimaka libtls \ libcharon starter ipsec _copyright charon charon-systemd \ charon-nm stroke _updown scepclient pki swanctl conftest dumm \ libfast manager medsrv pool charon-tkm charon-cmd charon-svc \ - pt-tls-client checksum aikgen + pt-tls-client sw-collector checksum aikgen am__DIST_COMMON = $(srcdir)/Makefile.in DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) am__relativize = \ @@ -326,8 +327,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -428,6 +427,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -456,6 +457,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ @@ -470,7 +475,7 @@ SUBDIRS = . include $(am__append_1) $(am__append_2) $(am__append_3) \ $(am__append_25) $(am__append_26) $(am__append_27) \ $(am__append_28) $(am__append_29) $(am__append_30) \ $(am__append_31) $(am__append_32) $(am__append_33) \ - $(am__append_34) + $(am__append_34) $(am__append_35) all: all-recursive .SUFFIXES: diff --git a/src/_copyright/Makefile.in b/src/_copyright/Makefile.in index 0bea80a10..5ba747ac7 100644 --- a/src/_copyright/Makefile.in +++ b/src/_copyright/Makefile.in @@ -279,8 +279,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -381,6 +379,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -409,6 +409,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/_updown/Makefile.in b/src/_updown/Makefile.in index ba891c139..c51d65dd5 100644 --- a/src/_updown/Makefile.in +++ b/src/_updown/Makefile.in @@ -257,8 +257,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -359,6 +357,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -387,6 +387,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/aikgen/Makefile.in b/src/aikgen/Makefile.in index 7096dd6e4..61fcaf86c 100644 --- a/src/aikgen/Makefile.in +++ b/src/aikgen/Makefile.in @@ -280,8 +280,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -382,6 +380,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -410,6 +410,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/charon-cmd/Makefile.in b/src/charon-cmd/Makefile.in index e4d057fc5..ea492f957 100644 --- a/src/charon-cmd/Makefile.in +++ b/src/charon-cmd/Makefile.in @@ -317,8 +317,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -419,6 +417,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -447,6 +447,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/charon-nm/Makefile.in b/src/charon-nm/Makefile.in index 3efcb8f34..6733a3321 100644 --- a/src/charon-nm/Makefile.in +++ b/src/charon-nm/Makefile.in @@ -316,8 +316,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -418,6 +416,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -446,6 +446,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/charon-svc/Makefile.in b/src/charon-svc/Makefile.in index 9c08e8a01..263c6a3fb 100644 --- a/src/charon-svc/Makefile.in +++ b/src/charon-svc/Makefile.in @@ -280,8 +280,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -382,6 +380,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -410,6 +410,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/charon-systemd/Makefile.in b/src/charon-systemd/Makefile.in index 937753927..9697c426b 100644 --- a/src/charon-systemd/Makefile.in +++ b/src/charon-systemd/Makefile.in @@ -284,8 +284,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -386,6 +384,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -414,6 +414,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/charon-tkm/Makefile.in b/src/charon-tkm/Makefile.in index 9987b44b6..258f33b0f 100644 --- a/src/charon-tkm/Makefile.in +++ b/src/charon-tkm/Makefile.in @@ -227,8 +227,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -329,6 +327,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -357,6 +357,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/charon-tkm/src/ees/ees_callbacks.c b/src/charon-tkm/src/ees/ees_callbacks.c index f4107d90a..a36629b13 100644 --- a/src/charon-tkm/src/ees/ees_callbacks.c +++ b/src/charon-tkm/src/ees/ees_callbacks.c @@ -47,4 +47,5 @@ void charon_esa_expire(result_type *res, const sp_id_type sp_id, DBG1(DBG_KNL, "ees: expire received for reqid %u, spi %x, dst %H", sp_id, ntohl(spi_rem), dst); charon->kernel->expire(charon->kernel, protocol, spi_rem, dst, hard != 0); + dst->destroy(dst); } diff --git a/src/charon-tkm/src/tkm/tkm_kernel_ipsec.c b/src/charon-tkm/src/tkm/tkm_kernel_ipsec.c index c9be8989a..5decde92b 100644 --- a/src/charon-tkm/src/tkm/tkm_kernel_ipsec.c +++ b/src/charon-tkm/src/tkm/tkm_kernel_ipsec.c @@ -1,7 +1,8 @@ /* + * Copyright (C) 2017 Tobias Brunner * Copyright (C) 2012-2014 Reto Buerki * Copyright (C) 2012 Adrian-Ken Rueegsegger - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -52,6 +53,12 @@ struct private_tkm_kernel_ipsec_t { }; +METHOD(kernel_ipsec_t, get_features, kernel_feature_t, + private_tkm_kernel_ipsec_t *this) +{ + return KERNEL_POLICY_SPI; +} + METHOD(kernel_ipsec_t, get_spi, status_t, private_tkm_kernel_ipsec_t *this, host_t *src, host_t *dst, uint8_t protocol, uint32_t *spi) @@ -176,15 +183,6 @@ METHOD(kernel_ipsec_t, add_sa, status_t, tkm->chunk_map->remove(tkm->chunk_map, nonce_loc); tkm->idmgr->release_id(tkm->idmgr, TKM_CTX_NONCE, nonce_loc_id); } - if (ike_esa_select(esa_id) != TKM_OK) - { - DBG1(DBG_KNL, "error selecting new child SA (%llu)", esa_id); - if (ike_esa_reset(esa_id) != TKM_OK) - { - DBG1(DBG_KNL, "child SA (%llu) deletion failed", esa_id); - } - goto failure; - } DBG1(DBG_KNL, "added child SA (esa: %llu, isa: %llu, esp_spi_loc: %x, " "esp_spi_rem: %x, role: %s)", esa_id, esa.isa_id, ntohl(spi_loc), @@ -215,23 +213,12 @@ METHOD(kernel_ipsec_t, del_sa, status_t, private_tkm_kernel_ipsec_t *this, kernel_ipsec_sa_id_t *id, kernel_ipsec_del_sa_t *data) { - esa_id_type esa_id, other_esa_id; + esa_id_type esa_id; esa_id = tkm->sad->get_esa_id(tkm->sad, id->src, id->dst, - id->spi, id->proto); + id->spi, id->proto, TRUE); if (esa_id) { - other_esa_id = tkm->sad->get_other_esa_id(tkm->sad, esa_id); - if (other_esa_id) - { - DBG1(DBG_KNL, "selecting child SA (esa: %llu)", other_esa_id); - if (ike_esa_select(other_esa_id) != TKM_OK) - { - DBG1(DBG_KNL, "error selecting other child SA (esa: %llu)", - other_esa_id); - } - } - DBG1(DBG_KNL, "deleting child SA (esa: %llu, spi: %x)", esa_id, ntohl(id->spi)); if (ike_esa_reset(esa_id) != TKM_OK) @@ -263,6 +250,43 @@ METHOD(kernel_ipsec_t, add_policy, status_t, private_tkm_kernel_ipsec_t *this, kernel_ipsec_policy_id_t *id, kernel_ipsec_manage_policy_t *data) { + esa_id_type esa_id; + uint32_t spi; + uint8_t proto; + + if (id->dir == POLICY_OUT && data->type == POLICY_IPSEC && + data->prio == POLICY_PRIORITY_DEFAULT) + { + if (data->sa->esp.use) + { + spi = data->sa->esp.spi; + proto = IPPROTO_ESP; + } + else if (data->sa->ah.use) + { + spi = data->sa->ah.spi; + proto = IPPROTO_AH; + } + else + { + return FAILED; + } + esa_id = tkm->sad->get_esa_id(tkm->sad, data->src, data->dst, + spi, proto, FALSE); + if (!esa_id) + { + DBG1(DBG_KNL, "unable to find esa ID for policy (spi: %x)", + ntohl(spi)); + return FAILED; + } + DBG1(DBG_KNL, "selecting child SA (esa: %llu, spi: %x)", esa_id, + ntohl(spi)); + if (ike_esa_select(esa_id) != TKM_OK) + { + DBG1(DBG_KNL, "error selecting new child SA (%llu)", esa_id); + return FAILED; + } + } return SUCCESS; } @@ -358,6 +382,7 @@ tkm_kernel_ipsec_t *tkm_kernel_ipsec_create() INIT(this, .public = { .interface = { + .get_features = _get_features, .get_spi = _get_spi, .get_cpi = _get_cpi, .add_sa = _add_sa, diff --git a/src/charon-tkm/src/tkm/tkm_kernel_sad.c b/src/charon-tkm/src/tkm/tkm_kernel_sad.c index 97226f1ac..acc3ff10a 100644 --- a/src/charon-tkm/src/tkm/tkm_kernel_sad.c +++ b/src/charon-tkm/src/tkm/tkm_kernel_sad.c @@ -107,16 +107,23 @@ CALLBACK(sad_entry_match, bool, const host_t *src, *dst; const uint32_t *spi; const uint8_t *proto; + const bool *local; - VA_ARGS_VGET(args, src, dst, spi, proto); + VA_ARGS_VGET(args, src, dst, spi, proto, local); - if (entry->src == NULL || entry->dst == NULL) + if (entry->src == NULL || entry->dst == NULL || entry->proto != *proto) { return FALSE; } - return src->ip_equals(entry->src, (host_t *)src) && - dst->ip_equals(entry->dst, (host_t *)dst) && - entry->spi_rem == *spi && entry->proto == *proto; + if (*local) + { + return entry->src->ip_equals(entry->src, (host_t *)dst) && + entry->dst->ip_equals(entry->dst, (host_t *)src) && + entry->spi_loc == *spi; + } + return entry->src->ip_equals(entry->src, (host_t *)src) && + entry->dst->ip_equals(entry->dst, (host_t *)dst) && + entry->spi_rem == *spi; } CALLBACK(sad_entry_match_dst, bool, @@ -131,26 +138,6 @@ CALLBACK(sad_entry_match_dst, bool, entry->proto == *proto; } -CALLBACK(sad_entry_match_esa_id, bool, - sad_entry_t * const entry, va_list args) -{ - const esa_id_type *esa_id; - - VA_ARGS_VGET(args, esa_id); - return entry->esa_id == *esa_id; -} - -CALLBACK(sad_entry_match_other_esa, bool, - sad_entry_t * const entry, va_list args) -{ - const esa_id_type *esa_id; - const uint32_t *reqid; - - VA_ARGS_VGET(args, esa_id, reqid); - return entry->reqid == *reqid && - entry->esa_id != *esa_id; -} - CALLBACK(sad_entry_equal, bool, sad_entry_t * const left, va_list args) { @@ -213,7 +200,8 @@ METHOD(tkm_kernel_sad_t, insert, bool, METHOD(tkm_kernel_sad_t, get_esa_id, esa_id_type, private_tkm_kernel_sad_t * const this, const host_t * const src, - const host_t * const dst, const uint32_t spi, const uint8_t proto) + const host_t * const dst, const uint32_t spi, const uint8_t proto, + const bool local) { esa_id_type id = 0; sad_entry_t *entry = NULL; @@ -221,51 +209,18 @@ METHOD(tkm_kernel_sad_t, get_esa_id, esa_id_type, this->mutex->lock(this->mutex); const bool res = this->data->find_first(this->data, sad_entry_match, (void**)&entry, src, dst, &spi, - &proto); + &proto, &local); if (res && entry) { id = entry->esa_id; DBG3(DBG_KNL, "returning ESA id %llu of SAD entry (src: %H, dst: %H, " - "spi: %x, proto: %u)", id, src, dst, ntohl(spi), proto); - } - else - { - DBG3(DBG_KNL, "no SAD entry found for src %H, dst %H, spi %x, proto %u", - src, dst, ntohl(spi), proto); - } - this->mutex->unlock(this->mutex); - return id; -} - -METHOD(tkm_kernel_sad_t, get_other_esa_id, esa_id_type, - private_tkm_kernel_sad_t * const this, const esa_id_type esa_id) -{ - esa_id_type id = 0; - sad_entry_t *entry = NULL; - uint32_t reqid; - bool res; - - this->mutex->lock(this->mutex); - res = this->data->find_first(this->data, sad_entry_match_esa_id, - (void**)&entry, &esa_id); - if (res && entry) - { - reqid = entry->reqid; + "%sbound spi: %x, proto: %u)", id, src, dst, local ? "in" : "out", + ntohl(spi), proto); } else { - DBG3(DBG_KNL, "no SAD entry found for ESA id %llu", esa_id); - this->mutex->unlock(this->mutex); - return id; - } - - res = this->data->find_first(this->data, sad_entry_match_other_esa, - (void**)&entry, &esa_id, &reqid); - if (res && entry) - { - id = entry->esa_id; - DBG3(DBG_KNL, "returning ESA id %llu of other SAD entry with reqid %u", - id, reqid); + DBG3(DBG_KNL, "no SAD entry found for src %H, dst %H, %sbound spi %x, " + "proto %u", src, dst, local ? "in" : "out", ntohl(spi), proto); } this->mutex->unlock(this->mutex); return id; @@ -283,7 +238,7 @@ METHOD(tkm_kernel_sad_t, get_dst_host, host_t *, (void**)&entry, &reqid, &spi, &proto); if (res && entry) { - dst = entry->dst; + dst = entry->dst->clone(entry->dst); DBG3(DBG_KNL, "returning destination host %H of SAD entry (reqid: %u," " spi: %x, proto: %u)", dst, reqid, ntohl(spi), proto); } @@ -350,7 +305,6 @@ tkm_kernel_sad_t *tkm_kernel_sad_create() .public = { .insert = _insert, .get_esa_id = _get_esa_id, - .get_other_esa_id = _get_other_esa_id, .get_dst_host = _get_dst_host, .remove = __remove, .destroy = _destroy, diff --git a/src/charon-tkm/src/tkm/tkm_kernel_sad.h b/src/charon-tkm/src/tkm/tkm_kernel_sad.h index ba6462192..3d9f5f3f8 100644 --- a/src/charon-tkm/src/tkm/tkm_kernel_sad.h +++ b/src/charon-tkm/src/tkm/tkm_kernel_sad.h @@ -55,23 +55,14 @@ struct tkm_kernel_sad_t { * * @param src source address of CHILD SA * @param dst destination address of CHILD SA - * @param spi Remote SPI of CHILD SA + * @param spi SPI of CHILD SA * @param proto protocol of CHILD SA (ESP/AH) + * @param local whether the SPI is local or remote * @return ESA id of entry if found, 0 otherwise */ esa_id_type (*get_esa_id)(tkm_kernel_sad_t * const this, const host_t * const src, const host_t * const dst, - const uint32_t spi, const uint8_t proto); - - /** - * Get ESA id for entry associated with same security policy as the - * specified ESA. - * - * @param esa_id id of ESA identifying the security policy - * @return ESA id of entry if found, 0 otherwise - */ - esa_id_type (*get_other_esa_id)(tkm_kernel_sad_t * const this, - const esa_id_type esa_id); + const uint32_t spi, const uint8_t proto, const bool local); /** * Get destination host for entry with given parameters. @@ -79,7 +70,8 @@ struct tkm_kernel_sad_t { * @param reqid reqid of CHILD SA * @param spi Remote SPI of CHILD SA * @param proto protocol of CHILD SA (ESP/AH) - * @return destination host of entry if found, NULL otherwise + * @return destination host of entry if found (cloned), + * NULL otherwise */ host_t * (*get_dst_host)(tkm_kernel_sad_t * const this, const uint32_t reqid, const uint32_t spi, const uint8_t proto); diff --git a/src/charon-tkm/tests/kernel_sad_tests.c b/src/charon-tkm/tests/kernel_sad_tests.c index 2a033d237..39d8a790a 100644 --- a/src/charon-tkm/tests/kernel_sad_tests.c +++ b/src/charon-tkm/tests/kernel_sad_tests.c @@ -63,50 +63,32 @@ START_TEST(test_get_esa_id) tkm_kernel_sad_t *sad = tkm_kernel_sad_create(); fail_unless(sad->insert(sad, 23, 54, addr, addr, 27, 42, 50), "Error inserting SAD entry"); - fail_unless(sad->get_esa_id(sad, addr, addr, 42, 50) == 23, + fail_unless(sad->get_esa_id(sad, addr, addr, 42, 50, FALSE) == 23, "Error getting esa id"); sad->destroy(sad); addr->destroy(addr); } END_TEST -START_TEST(test_get_esa_id_nonexistent) -{ - host_t *addr = host_create_from_string("127.0.0.1", 1024); - tkm_kernel_sad_t *sad = tkm_kernel_sad_create(); - fail_unless(sad->get_esa_id(sad, addr, addr, 42, 50) == 0, - "Got esa id for nonexistent SAD entry"); - sad->destroy(sad); - addr->destroy(addr); -} -END_TEST - -START_TEST(test_get_other_esa_id) +START_TEST(test_get_esa_id_local) { host_t *addr = host_create_from_string("127.0.0.1", 1024); tkm_kernel_sad_t *sad = tkm_kernel_sad_create(); fail_unless(sad->insert(sad, 23, 54, addr, addr, 27, 42, 50), "Error inserting SAD entry"); - fail_unless(sad->insert(sad, 24, 54, addr, addr, 27, 42, 50), - "Error inserting SAD entry"); - fail_unless(sad->get_other_esa_id(sad, 23) == 24, - "Error getting other esa id"); + fail_unless(sad->get_esa_id(sad, addr, addr, 27, 50, TRUE) == 23, + "Error getting esa id"); sad->destroy(sad); addr->destroy(addr); } END_TEST -START_TEST(test_get_other_esa_id_nonexistent) +START_TEST(test_get_esa_id_nonexistent) { host_t *addr = host_create_from_string("127.0.0.1", 1024); tkm_kernel_sad_t *sad = tkm_kernel_sad_create(); - fail_unless(sad->get_other_esa_id(sad, 1) == 0, - "Got other esa id for nonexistent SAD entry"); - fail_unless(sad->insert(sad, 23, 54, addr, addr, 27, 42, 50), - "Error inserting SAD entry"); - fail_unless(sad->get_other_esa_id(sad, 23) == 0, - "Got own esa id"); - + fail_unless(sad->get_esa_id(sad, addr, addr, 42, 50, FALSE) == 0, + "Got esa id for nonexistent SAD entry"); sad->destroy(sad); addr->destroy(addr); } @@ -179,14 +161,10 @@ Suite *make_kernel_sad_tests() tc = tcase_create("get_esa_id"); tcase_add_test(tc, test_get_esa_id); + tcase_add_test(tc, test_get_esa_id_local); tcase_add_test(tc, test_get_esa_id_nonexistent); suite_add_tcase(s, tc); - tc = tcase_create("get_other_esa_id"); - tcase_add_test(tc, test_get_other_esa_id); - tcase_add_test(tc, test_get_other_esa_id_nonexistent); - suite_add_tcase(s, tc); - tc = tcase_create("get_dst_host"); tcase_add_test(tc, test_get_dst_host); tcase_add_test(tc, test_get_dst_host_nonexistent); diff --git a/src/charon/Makefile.in b/src/charon/Makefile.in index d4cec547e..9c5283cd7 100644 --- a/src/charon/Makefile.in +++ b/src/charon/Makefile.in @@ -283,8 +283,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -385,6 +383,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -413,6 +413,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/checksum/Makefile.am b/src/checksum/Makefile.am index 5db5b79c0..1856e2a31 100644 --- a/src/checksum/Makefile.am +++ b/src/checksum/Makefile.am @@ -122,6 +122,14 @@ if USE_IMV_ATTESTATION exes += $(DESTDIR)$(ipsecdir)/attest endif +if USE_LIBPTTLS + exes += $(DESTDIR)$(bindir)/pt-tls-client +endif + +if USE_IMC_SWIMA + exes += $(DESTDIR)$(sbindir)/sw-collector +endif + checksum.c : checksum_builder $(deps) $(exes) ./checksum_builder $(libs) $(exes) > checksum.c diff --git a/src/checksum/Makefile.in b/src/checksum/Makefile.in index e4e3a16e6..87e78a99f 100644 --- a/src/checksum/Makefile.in +++ b/src/checksum/Makefile.in @@ -121,6 +121,8 @@ EXTRA_PROGRAMS = checksum_builder$(EXEEXT) @USE_SWANCTL_TRUE@am__append_30 = $(DESTDIR)$(sbindir)/swanctl @USE_ATTR_SQL_TRUE@am__append_31 = $(DESTDIR)$(ipsecdir)/pool @USE_IMV_ATTESTATION_TRUE@am__append_32 = $(DESTDIR)$(ipsecdir)/attest +@USE_LIBPTTLS_TRUE@am__append_33 = $(DESTDIR)$(bindir)/pt-tls-client +@USE_IMC_SWIMA_TRUE@am__append_34 = $(DESTDIR)$(sbindir)/sw-collector subdir = src/checksum ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ @@ -352,8 +354,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -454,6 +454,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -482,6 +484,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ @@ -521,7 +527,8 @@ libs = $(DESTDIR)$(ipseclibdir)/libstrongswan.so $(am__append_3) \ $(am__append_19) $(am__append_21) $(am__append_23) exes = $(am__append_24) $(am__append_26) $(am__append_27) \ $(am__append_28) $(am__append_29) $(am__append_30) \ - $(am__append_31) $(am__append_32) + $(am__append_31) $(am__append_32) $(am__append_33) \ + $(am__append_34) all: all-am .SUFFIXES: diff --git a/src/conftest/Makefile.in b/src/conftest/Makefile.in index c7d4c6bbe..4f33d9891 100644 --- a/src/conftest/Makefile.in +++ b/src/conftest/Makefile.in @@ -297,8 +297,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -399,6 +397,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -427,6 +427,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/dumm/Makefile.am b/src/dumm/Makefile.am index 1c6a68f58..0d1cfb704 100644 --- a/src/dumm/Makefile.am +++ b/src/dumm/Makefile.am @@ -11,15 +11,14 @@ irdumm_SOURCES = irdumm.c libdumm_la_LIBADD = -lbridge -lfuse -lutil $(top_builddir)/src/libstrongswan/libstrongswan.la dumm_LDADD = libdumm.la ${gtk_LIBS} $(top_builddir)/src/libstrongswan/libstrongswan.la -irdumm_LDADD = libdumm.la ${RUBYLIB} $(top_builddir)/src/libstrongswan/libstrongswan.la +irdumm_LDADD = libdumm.la ${ruby_LIBS} $(top_builddir)/src/libstrongswan/libstrongswan.la AM_CPPFLAGS = \ -D_FILE_OFFSET_BITS=64 \ - -I$(top_srcdir)/src/libstrongswan \ - ${RUBYINCLUDE} + -I$(top_srcdir)/src/libstrongswan -AM_CFLAGS = \ - ${gtk_CFLAGS} +dumm_CFLAGS = ${gtk_CFLAGS} +irdumm_CFLAGS = ${ruby_CFLAGS} all-local: ext diff --git a/src/dumm/Makefile.in b/src/dumm/Makefile.in index 276ca2ef2..6c7cc4176 100644 --- a/src/dumm/Makefile.in +++ b/src/dumm/Makefile.in @@ -148,15 +148,21 @@ am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) am__v_lt_0 = --silent am__v_lt_1 = PROGRAMS = $(ipsec_PROGRAMS) -am_dumm_OBJECTS = main.$(OBJEXT) +am_dumm_OBJECTS = dumm-main.$(OBJEXT) dumm_OBJECTS = $(am_dumm_OBJECTS) am__DEPENDENCIES_1 = dumm_DEPENDENCIES = libdumm.la $(am__DEPENDENCIES_1) \ $(top_builddir)/src/libstrongswan/libstrongswan.la -am_irdumm_OBJECTS = irdumm.$(OBJEXT) +dumm_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CCLD) $(dumm_CFLAGS) $(CFLAGS) \ + $(AM_LDFLAGS) $(LDFLAGS) -o $@ +am_irdumm_OBJECTS = irdumm-irdumm.$(OBJEXT) irdumm_OBJECTS = $(am_irdumm_OBJECTS) irdumm_DEPENDENCIES = libdumm.la $(am__DEPENDENCIES_1) \ $(top_builddir)/src/libstrongswan/libstrongswan.la +irdumm_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CCLD) $(irdumm_CFLAGS) $(CFLAGS) \ + $(AM_LDFLAGS) $(LDFLAGS) -o $@ AM_V_P = $(am__v_P_@AM_V@) am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) am__v_P_0 = false @@ -318,8 +324,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -420,6 +424,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -448,6 +454,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ @@ -462,15 +472,13 @@ dumm_SOURCES = main.c irdumm_SOURCES = irdumm.c libdumm_la_LIBADD = -lbridge -lfuse -lutil $(top_builddir)/src/libstrongswan/libstrongswan.la dumm_LDADD = libdumm.la ${gtk_LIBS} $(top_builddir)/src/libstrongswan/libstrongswan.la -irdumm_LDADD = libdumm.la ${RUBYLIB} $(top_builddir)/src/libstrongswan/libstrongswan.la +irdumm_LDADD = libdumm.la ${ruby_LIBS} $(top_builddir)/src/libstrongswan/libstrongswan.la AM_CPPFLAGS = \ -D_FILE_OFFSET_BITS=64 \ - -I$(top_srcdir)/src/libstrongswan \ - ${RUBYINCLUDE} - -AM_CFLAGS = \ - ${gtk_CFLAGS} + -I$(top_srcdir)/src/libstrongswan +dumm_CFLAGS = ${gtk_CFLAGS} +irdumm_CFLAGS = ${ruby_CFLAGS} all: all-am .SUFFIXES: @@ -594,11 +602,11 @@ clean-ipsecPROGRAMS: dumm$(EXEEXT): $(dumm_OBJECTS) $(dumm_DEPENDENCIES) $(EXTRA_dumm_DEPENDENCIES) @rm -f dumm$(EXEEXT) - $(AM_V_CCLD)$(LINK) $(dumm_OBJECTS) $(dumm_LDADD) $(LIBS) + $(AM_V_CCLD)$(dumm_LINK) $(dumm_OBJECTS) $(dumm_LDADD) $(LIBS) irdumm$(EXEEXT): $(irdumm_OBJECTS) $(irdumm_DEPENDENCIES) $(EXTRA_irdumm_DEPENDENCIES) @rm -f irdumm$(EXEEXT) - $(AM_V_CCLD)$(LINK) $(irdumm_OBJECTS) $(irdumm_LDADD) $(LIBS) + $(AM_V_CCLD)$(irdumm_LINK) $(irdumm_OBJECTS) $(irdumm_LDADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) @@ -608,11 +616,11 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/bridge.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/cowfs.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/dumm-main.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/dumm.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/guest.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/iface.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/irdumm.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/main.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/irdumm-irdumm.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mconsole.Plo@am__quote@ .c.o: @@ -639,6 +647,34 @@ distclean-compile: @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $< +dumm-main.o: main.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(dumm_CFLAGS) $(CFLAGS) -MT dumm-main.o -MD -MP -MF $(DEPDIR)/dumm-main.Tpo -c -o dumm-main.o `test -f 'main.c' || echo '$(srcdir)/'`main.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/dumm-main.Tpo $(DEPDIR)/dumm-main.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='main.c' object='dumm-main.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(dumm_CFLAGS) $(CFLAGS) -c -o dumm-main.o `test -f 'main.c' || echo '$(srcdir)/'`main.c + +dumm-main.obj: main.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(dumm_CFLAGS) $(CFLAGS) -MT dumm-main.obj -MD -MP -MF $(DEPDIR)/dumm-main.Tpo -c -o dumm-main.obj `if test -f 'main.c'; then $(CYGPATH_W) 'main.c'; else $(CYGPATH_W) '$(srcdir)/main.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/dumm-main.Tpo $(DEPDIR)/dumm-main.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='main.c' object='dumm-main.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(dumm_CFLAGS) $(CFLAGS) -c -o dumm-main.obj `if test -f 'main.c'; then $(CYGPATH_W) 'main.c'; else $(CYGPATH_W) '$(srcdir)/main.c'; fi` + +irdumm-irdumm.o: irdumm.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(irdumm_CFLAGS) $(CFLAGS) -MT irdumm-irdumm.o -MD -MP -MF $(DEPDIR)/irdumm-irdumm.Tpo -c -o irdumm-irdumm.o `test -f 'irdumm.c' || echo '$(srcdir)/'`irdumm.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/irdumm-irdumm.Tpo $(DEPDIR)/irdumm-irdumm.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='irdumm.c' object='irdumm-irdumm.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(irdumm_CFLAGS) $(CFLAGS) -c -o irdumm-irdumm.o `test -f 'irdumm.c' || echo '$(srcdir)/'`irdumm.c + +irdumm-irdumm.obj: irdumm.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(irdumm_CFLAGS) $(CFLAGS) -MT irdumm-irdumm.obj -MD -MP -MF $(DEPDIR)/irdumm-irdumm.Tpo -c -o irdumm-irdumm.obj `if test -f 'irdumm.c'; then $(CYGPATH_W) 'irdumm.c'; else $(CYGPATH_W) '$(srcdir)/irdumm.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/irdumm-irdumm.Tpo $(DEPDIR)/irdumm-irdumm.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='irdumm.c' object='irdumm-irdumm.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(irdumm_CFLAGS) $(CFLAGS) -c -o irdumm-irdumm.obj `if test -f 'irdumm.c'; then $(CYGPATH_W) 'irdumm.c'; else $(CYGPATH_W) '$(srcdir)/irdumm.c'; fi` + mostlyclean-libtool: -rm -f *.lo diff --git a/src/dumm/ext/dumm.c b/src/dumm/ext/dumm.c index df7ec4703..b898a2564 100644 --- a/src/dumm/ext/dumm.c +++ b/src/dumm/ext/dumm.c @@ -30,6 +30,8 @@ #undef PACKAGE_STRING #undef PACKAGE_BUGREPORT #undef PACKAGE_URL +#undef HAVE_DLADDR +#undef HAVE_QSORT_R /* avoid redefintiion of snprintf etc. */ #define RUBY_DONT_SUBST /* undef our _GNU_SOURCE, as it gets redefined by */ diff --git a/src/dumm/irdumm.c b/src/dumm/irdumm.c index d30973737..1a4235c9d 100644 --- a/src/dumm/irdumm.c +++ b/src/dumm/irdumm.c @@ -19,6 +19,8 @@ #undef PACKAGE_STRING #undef PACKAGE_BUGREPORT #undef PACKAGE_URL +#undef HAVE_DLADDR +#undef HAVE_QSORT_R #include #ifdef HAVE_RB_ERRINFO diff --git a/src/include/Makefile.in b/src/include/Makefile.in index 569574fc9..dde85cb09 100644 --- a/src/include/Makefile.in +++ b/src/include/Makefile.in @@ -227,8 +227,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -329,6 +327,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -357,6 +357,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/ipsec/Makefile.in b/src/ipsec/Makefile.in index 1a922427b..494dc45ee 100644 --- a/src/ipsec/Makefile.in +++ b/src/ipsec/Makefile.in @@ -260,8 +260,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -362,6 +360,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -390,6 +390,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/ipsec/_ipsec.8 b/src/ipsec/_ipsec.8 index 3f4316dd6..b23b04207 100644 --- a/src/ipsec/_ipsec.8 +++ b/src/ipsec/_ipsec.8 @@ -1,4 +1,4 @@ -.TH IPSEC 8 "2013-10-29" "5.5.3dr2" "strongSwan" +.TH IPSEC 8 "2013-10-29" "5.6.0dr1" "strongSwan" . .SH NAME . diff --git a/src/ipsec/_ipsec.in b/src/ipsec/_ipsec.in index ea399b8c4..65fadf2de 100644 --- a/src/ipsec/_ipsec.in +++ b/src/ipsec/_ipsec.in @@ -73,7 +73,7 @@ case "$1" in echo " rereadocspcerts|rereadacerts|rereadcrls|rereadall" echo " purgecerts|purgecrls|purgeike|purgeocsp" echo " scepclient|pki" - echo " starter|stroke" + echo " stroke" echo " version" echo echo "Refer to the $IPSEC_SCRIPT(8) man page for details." diff --git a/src/libcharon/Android.mk b/src/libcharon/Android.mk index 1a8e068d1..f381860b9 100644 --- a/src/libcharon/Android.mk +++ b/src/libcharon/Android.mk @@ -163,6 +163,8 @@ LOCAL_SRC_FILES += $(call add_plugin, p-cscf) LOCAL_SRC_FILES += $(call add_plugin, eap-aka) +LOCAL_SRC_FILES += $(call add_plugin, eap-aka-3gpp) + LOCAL_SRC_FILES += $(call add_plugin, eap-aka-3gpp2) ifneq ($(call plugin_enabled, eap-aka-3gpp2),) LOCAL_C_INCLUDES += $(libgmp_PATH) diff --git a/src/libcharon/Makefile.am b/src/libcharon/Makefile.am index 3fcaedc3b..ed2236e04 100644 --- a/src/libcharon/Makefile.am +++ b/src/libcharon/Makefile.am @@ -370,6 +370,13 @@ if MONOLITHIC endif endif +if USE_EAP_AKA_3GPP + SUBDIRS += plugins/eap_aka_3gpp +if MONOLITHIC + libcharon_la_LIBADD += plugins/eap_aka_3gpp/libstrongswan-eap-aka-3gpp.la +endif +endif + if USE_EAP_AKA_3GPP2 SUBDIRS += plugins/eap_aka_3gpp2 if MONOLITHIC diff --git a/src/libcharon/Makefile.in b/src/libcharon/Makefile.in index ef9ffd39b..fc6635826 100644 --- a/src/libcharon/Makefile.in +++ b/src/libcharon/Makefile.in @@ -201,100 +201,102 @@ host_triplet = @host@ @MONOLITHIC_TRUE@@USE_EAP_SIMAKA_REAUTH_TRUE@am__append_51 = plugins/eap_simaka_reauth/libstrongswan-eap-simaka-reauth.la @USE_EAP_AKA_TRUE@am__append_52 = plugins/eap_aka @MONOLITHIC_TRUE@@USE_EAP_AKA_TRUE@am__append_53 = plugins/eap_aka/libstrongswan-eap-aka.la -@USE_EAP_AKA_3GPP2_TRUE@am__append_54 = plugins/eap_aka_3gpp2 -@MONOLITHIC_TRUE@@USE_EAP_AKA_3GPP2_TRUE@am__append_55 = plugins/eap_aka_3gpp2/libstrongswan-eap-aka-3gpp2.la -@MONOLITHIC_TRUE@@USE_SIMAKA_TRUE@am__append_56 = $(top_builddir)/src/libsimaka/libsimaka.la -@USE_EAP_MD5_TRUE@am__append_57 = plugins/eap_md5 -@MONOLITHIC_TRUE@@USE_EAP_MD5_TRUE@am__append_58 = plugins/eap_md5/libstrongswan-eap-md5.la -@USE_EAP_GTC_TRUE@am__append_59 = plugins/eap_gtc -@MONOLITHIC_TRUE@@USE_EAP_GTC_TRUE@am__append_60 = plugins/eap_gtc/libstrongswan-eap-gtc.la -@USE_EAP_MSCHAPV2_TRUE@am__append_61 = plugins/eap_mschapv2 -@MONOLITHIC_TRUE@@USE_EAP_MSCHAPV2_TRUE@am__append_62 = plugins/eap_mschapv2/libstrongswan-eap-mschapv2.la -@USE_EAP_DYNAMIC_TRUE@am__append_63 = plugins/eap_dynamic -@MONOLITHIC_TRUE@@USE_EAP_DYNAMIC_TRUE@am__append_64 = plugins/eap_dynamic/libstrongswan-eap-dynamic.la -@USE_EAP_RADIUS_TRUE@am__append_65 = plugins/eap_radius -@MONOLITHIC_TRUE@@USE_EAP_RADIUS_TRUE@am__append_66 = plugins/eap_radius/libstrongswan-eap-radius.la -@USE_EAP_TLS_TRUE@am__append_67 = plugins/eap_tls -@MONOLITHIC_TRUE@@USE_EAP_TLS_TRUE@am__append_68 = plugins/eap_tls/libstrongswan-eap-tls.la -@USE_EAP_TTLS_TRUE@am__append_69 = plugins/eap_ttls -@MONOLITHIC_TRUE@@USE_EAP_TTLS_TRUE@am__append_70 = plugins/eap_ttls/libstrongswan-eap-ttls.la -@USE_EAP_PEAP_TRUE@am__append_71 = plugins/eap_peap -@MONOLITHIC_TRUE@@USE_EAP_PEAP_TRUE@am__append_72 = plugins/eap_peap/libstrongswan-eap-peap.la -@USE_EAP_TNC_TRUE@am__append_73 = plugins/eap_tnc -@MONOLITHIC_TRUE@@USE_EAP_TNC_TRUE@am__append_74 = plugins/eap_tnc/libstrongswan-eap-tnc.la -@MONOLITHIC_TRUE@@USE_TLS_TRUE@am__append_75 = $(top_builddir)/src/libtls/libtls.la -@MONOLITHIC_TRUE@@USE_RADIUS_TRUE@am__append_76 = $(top_builddir)/src/libradius/libradius.la -@USE_TNC_IFMAP_TRUE@am__append_77 = plugins/tnc_ifmap -@MONOLITHIC_TRUE@@USE_TNC_IFMAP_TRUE@am__append_78 = plugins/tnc_ifmap/libstrongswan-tnc-ifmap.la -@USE_TNC_PDP_TRUE@am__append_79 = plugins/tnc_pdp -@MONOLITHIC_TRUE@@USE_TNC_PDP_TRUE@am__append_80 = plugins/tnc_pdp/libstrongswan-tnc-pdp.la -@MONOLITHIC_TRUE@@USE_LIBTNCCS_TRUE@am__append_81 = $(top_builddir)/src/libtnccs/libtnccs.la -@USE_MEDSRV_TRUE@am__append_82 = plugins/medsrv -@MONOLITHIC_TRUE@@USE_MEDSRV_TRUE@am__append_83 = plugins/medsrv/libstrongswan-medsrv.la -@USE_MEDCLI_TRUE@am__append_84 = plugins/medcli -@MONOLITHIC_TRUE@@USE_MEDCLI_TRUE@am__append_85 = plugins/medcli/libstrongswan-medcli.la -@USE_DHCP_TRUE@am__append_86 = plugins/dhcp -@MONOLITHIC_TRUE@@USE_DHCP_TRUE@am__append_87 = plugins/dhcp/libstrongswan-dhcp.la -@USE_OSX_ATTR_TRUE@am__append_88 = plugins/osx_attr -@MONOLITHIC_TRUE@@USE_OSX_ATTR_TRUE@am__append_89 = plugins/osx_attr/libstrongswan-osx-attr.la -@USE_P_CSCF_TRUE@am__append_90 = plugins/p_cscf -@MONOLITHIC_TRUE@@USE_P_CSCF_TRUE@am__append_91 = plugins/p_cscf/libstrongswan-p-cscf.la -@USE_ANDROID_DNS_TRUE@am__append_92 = plugins/android_dns -@MONOLITHIC_TRUE@@USE_ANDROID_DNS_TRUE@am__append_93 = plugins/android_dns/libstrongswan-android-dns.la -@USE_ANDROID_LOG_TRUE@am__append_94 = plugins/android_log -@MONOLITHIC_TRUE@@USE_ANDROID_LOG_TRUE@am__append_95 = plugins/android_log/libstrongswan-android-log.la -@USE_HA_TRUE@am__append_96 = plugins/ha -@MONOLITHIC_TRUE@@USE_HA_TRUE@am__append_97 = plugins/ha/libstrongswan-ha.la -@USE_KERNEL_PFKEY_TRUE@am__append_98 = plugins/kernel_pfkey -@MONOLITHIC_TRUE@@USE_KERNEL_PFKEY_TRUE@am__append_99 = plugins/kernel_pfkey/libstrongswan-kernel-pfkey.la -@USE_KERNEL_PFROUTE_TRUE@am__append_100 = plugins/kernel_pfroute -@MONOLITHIC_TRUE@@USE_KERNEL_PFROUTE_TRUE@am__append_101 = plugins/kernel_pfroute/libstrongswan-kernel-pfroute.la -@USE_KERNEL_NETLINK_TRUE@am__append_102 = plugins/kernel_netlink -@MONOLITHIC_TRUE@@USE_KERNEL_NETLINK_TRUE@am__append_103 = plugins/kernel_netlink/libstrongswan-kernel-netlink.la -@USE_KERNEL_LIBIPSEC_TRUE@am__append_104 = plugins/kernel_libipsec -@MONOLITHIC_TRUE@@USE_KERNEL_LIBIPSEC_TRUE@am__append_105 = plugins/kernel_libipsec/libstrongswan-kernel-libipsec.la -@USE_KERNEL_WFP_TRUE@am__append_106 = plugins/kernel_wfp -@MONOLITHIC_TRUE@@USE_KERNEL_WFP_TRUE@am__append_107 = plugins/kernel_wfp/libstrongswan-kernel-wfp.la -@USE_KERNEL_IPH_TRUE@am__append_108 = plugins/kernel_iph -@MONOLITHIC_TRUE@@USE_KERNEL_IPH_TRUE@am__append_109 = plugins/kernel_iph/libstrongswan-kernel-iph.la -@USE_WHITELIST_TRUE@am__append_110 = plugins/whitelist -@MONOLITHIC_TRUE@@USE_WHITELIST_TRUE@am__append_111 = plugins/whitelist/libstrongswan-whitelist.la -@USE_LOOKIP_TRUE@am__append_112 = plugins/lookip -@MONOLITHIC_TRUE@@USE_LOOKIP_TRUE@am__append_113 = plugins/lookip/libstrongswan-lookip.la -@USE_ERROR_NOTIFY_TRUE@am__append_114 = plugins/error_notify -@MONOLITHIC_TRUE@@USE_ERROR_NOTIFY_TRUE@am__append_115 = plugins/error_notify/libstrongswan-error-notify.la -@USE_CERTEXPIRE_TRUE@am__append_116 = plugins/certexpire -@MONOLITHIC_TRUE@@USE_CERTEXPIRE_TRUE@am__append_117 = plugins/certexpire/libstrongswan-certexpire.la -@USE_SYSTIME_FIX_TRUE@am__append_118 = plugins/systime_fix -@MONOLITHIC_TRUE@@USE_SYSTIME_FIX_TRUE@am__append_119 = plugins/systime_fix/libstrongswan-systime-fix.la -@USE_LED_TRUE@am__append_120 = plugins/led -@MONOLITHIC_TRUE@@USE_LED_TRUE@am__append_121 = plugins/led/libstrongswan-led.la -@USE_DUPLICHECK_TRUE@am__append_122 = plugins/duplicheck -@MONOLITHIC_TRUE@@USE_DUPLICHECK_TRUE@am__append_123 = plugins/duplicheck/libstrongswan-duplicheck.la -@USE_COUPLING_TRUE@am__append_124 = plugins/coupling -@MONOLITHIC_TRUE@@USE_COUPLING_TRUE@am__append_125 = plugins/coupling/libstrongswan-coupling.la -@USE_RADATTR_TRUE@am__append_126 = plugins/radattr -@MONOLITHIC_TRUE@@USE_RADATTR_TRUE@am__append_127 = plugins/radattr/libstrongswan-radattr.la -@USE_UCI_TRUE@am__append_128 = plugins/uci -@MONOLITHIC_TRUE@@USE_UCI_TRUE@am__append_129 = plugins/uci/libstrongswan-uci.la -@USE_ADDRBLOCK_TRUE@am__append_130 = plugins/addrblock -@MONOLITHIC_TRUE@@USE_ADDRBLOCK_TRUE@am__append_131 = plugins/addrblock/libstrongswan-addrblock.la -@USE_UNITY_TRUE@am__append_132 = plugins/unity -@MONOLITHIC_TRUE@@USE_UNITY_TRUE@am__append_133 = plugins/unity/libstrongswan-unity.la -@USE_XAUTH_GENERIC_TRUE@am__append_134 = plugins/xauth_generic -@MONOLITHIC_TRUE@@USE_XAUTH_GENERIC_TRUE@am__append_135 = plugins/xauth_generic/libstrongswan-xauth-generic.la -@USE_XAUTH_EAP_TRUE@am__append_136 = plugins/xauth_eap -@MONOLITHIC_TRUE@@USE_XAUTH_EAP_TRUE@am__append_137 = plugins/xauth_eap/libstrongswan-xauth-eap.la -@USE_XAUTH_PAM_TRUE@am__append_138 = plugins/xauth_pam -@MONOLITHIC_TRUE@@USE_XAUTH_PAM_TRUE@am__append_139 = plugins/xauth_pam/libstrongswan-xauth-pam.la -@USE_XAUTH_NOAUTH_TRUE@am__append_140 = plugins/xauth_noauth -@MONOLITHIC_TRUE@@USE_XAUTH_NOAUTH_TRUE@am__append_141 = plugins/xauth_noauth/libstrongswan-xauth-noauth.la -@USE_RESOLVE_TRUE@am__append_142 = plugins/resolve -@MONOLITHIC_TRUE@@USE_RESOLVE_TRUE@am__append_143 = plugins/resolve/libstrongswan-resolve.la -@USE_ATTR_TRUE@am__append_144 = plugins/attr -@MONOLITHIC_TRUE@@USE_ATTR_TRUE@am__append_145 = plugins/attr/libstrongswan-attr.la -@USE_ATTR_SQL_TRUE@am__append_146 = plugins/attr_sql -@MONOLITHIC_TRUE@@USE_ATTR_SQL_TRUE@am__append_147 = plugins/attr_sql/libstrongswan-attr-sql.la +@USE_EAP_AKA_3GPP_TRUE@am__append_54 = plugins/eap_aka_3gpp +@MONOLITHIC_TRUE@@USE_EAP_AKA_3GPP_TRUE@am__append_55 = plugins/eap_aka_3gpp/libstrongswan-eap-aka-3gpp.la +@USE_EAP_AKA_3GPP2_TRUE@am__append_56 = plugins/eap_aka_3gpp2 +@MONOLITHIC_TRUE@@USE_EAP_AKA_3GPP2_TRUE@am__append_57 = plugins/eap_aka_3gpp2/libstrongswan-eap-aka-3gpp2.la +@MONOLITHIC_TRUE@@USE_SIMAKA_TRUE@am__append_58 = $(top_builddir)/src/libsimaka/libsimaka.la +@USE_EAP_MD5_TRUE@am__append_59 = plugins/eap_md5 +@MONOLITHIC_TRUE@@USE_EAP_MD5_TRUE@am__append_60 = plugins/eap_md5/libstrongswan-eap-md5.la +@USE_EAP_GTC_TRUE@am__append_61 = plugins/eap_gtc +@MONOLITHIC_TRUE@@USE_EAP_GTC_TRUE@am__append_62 = plugins/eap_gtc/libstrongswan-eap-gtc.la +@USE_EAP_MSCHAPV2_TRUE@am__append_63 = plugins/eap_mschapv2 +@MONOLITHIC_TRUE@@USE_EAP_MSCHAPV2_TRUE@am__append_64 = plugins/eap_mschapv2/libstrongswan-eap-mschapv2.la +@USE_EAP_DYNAMIC_TRUE@am__append_65 = plugins/eap_dynamic +@MONOLITHIC_TRUE@@USE_EAP_DYNAMIC_TRUE@am__append_66 = plugins/eap_dynamic/libstrongswan-eap-dynamic.la +@USE_EAP_RADIUS_TRUE@am__append_67 = plugins/eap_radius +@MONOLITHIC_TRUE@@USE_EAP_RADIUS_TRUE@am__append_68 = plugins/eap_radius/libstrongswan-eap-radius.la +@USE_EAP_TLS_TRUE@am__append_69 = plugins/eap_tls +@MONOLITHIC_TRUE@@USE_EAP_TLS_TRUE@am__append_70 = plugins/eap_tls/libstrongswan-eap-tls.la +@USE_EAP_TTLS_TRUE@am__append_71 = plugins/eap_ttls +@MONOLITHIC_TRUE@@USE_EAP_TTLS_TRUE@am__append_72 = plugins/eap_ttls/libstrongswan-eap-ttls.la +@USE_EAP_PEAP_TRUE@am__append_73 = plugins/eap_peap +@MONOLITHIC_TRUE@@USE_EAP_PEAP_TRUE@am__append_74 = plugins/eap_peap/libstrongswan-eap-peap.la +@USE_EAP_TNC_TRUE@am__append_75 = plugins/eap_tnc +@MONOLITHIC_TRUE@@USE_EAP_TNC_TRUE@am__append_76 = plugins/eap_tnc/libstrongswan-eap-tnc.la +@MONOLITHIC_TRUE@@USE_TLS_TRUE@am__append_77 = $(top_builddir)/src/libtls/libtls.la +@MONOLITHIC_TRUE@@USE_RADIUS_TRUE@am__append_78 = $(top_builddir)/src/libradius/libradius.la +@USE_TNC_IFMAP_TRUE@am__append_79 = plugins/tnc_ifmap +@MONOLITHIC_TRUE@@USE_TNC_IFMAP_TRUE@am__append_80 = plugins/tnc_ifmap/libstrongswan-tnc-ifmap.la +@USE_TNC_PDP_TRUE@am__append_81 = plugins/tnc_pdp +@MONOLITHIC_TRUE@@USE_TNC_PDP_TRUE@am__append_82 = plugins/tnc_pdp/libstrongswan-tnc-pdp.la +@MONOLITHIC_TRUE@@USE_LIBTNCCS_TRUE@am__append_83 = $(top_builddir)/src/libtnccs/libtnccs.la +@USE_MEDSRV_TRUE@am__append_84 = plugins/medsrv +@MONOLITHIC_TRUE@@USE_MEDSRV_TRUE@am__append_85 = plugins/medsrv/libstrongswan-medsrv.la +@USE_MEDCLI_TRUE@am__append_86 = plugins/medcli +@MONOLITHIC_TRUE@@USE_MEDCLI_TRUE@am__append_87 = plugins/medcli/libstrongswan-medcli.la +@USE_DHCP_TRUE@am__append_88 = plugins/dhcp +@MONOLITHIC_TRUE@@USE_DHCP_TRUE@am__append_89 = plugins/dhcp/libstrongswan-dhcp.la +@USE_OSX_ATTR_TRUE@am__append_90 = plugins/osx_attr +@MONOLITHIC_TRUE@@USE_OSX_ATTR_TRUE@am__append_91 = plugins/osx_attr/libstrongswan-osx-attr.la +@USE_P_CSCF_TRUE@am__append_92 = plugins/p_cscf +@MONOLITHIC_TRUE@@USE_P_CSCF_TRUE@am__append_93 = plugins/p_cscf/libstrongswan-p-cscf.la +@USE_ANDROID_DNS_TRUE@am__append_94 = plugins/android_dns +@MONOLITHIC_TRUE@@USE_ANDROID_DNS_TRUE@am__append_95 = plugins/android_dns/libstrongswan-android-dns.la +@USE_ANDROID_LOG_TRUE@am__append_96 = plugins/android_log +@MONOLITHIC_TRUE@@USE_ANDROID_LOG_TRUE@am__append_97 = plugins/android_log/libstrongswan-android-log.la +@USE_HA_TRUE@am__append_98 = plugins/ha +@MONOLITHIC_TRUE@@USE_HA_TRUE@am__append_99 = plugins/ha/libstrongswan-ha.la +@USE_KERNEL_PFKEY_TRUE@am__append_100 = plugins/kernel_pfkey +@MONOLITHIC_TRUE@@USE_KERNEL_PFKEY_TRUE@am__append_101 = plugins/kernel_pfkey/libstrongswan-kernel-pfkey.la +@USE_KERNEL_PFROUTE_TRUE@am__append_102 = plugins/kernel_pfroute +@MONOLITHIC_TRUE@@USE_KERNEL_PFROUTE_TRUE@am__append_103 = plugins/kernel_pfroute/libstrongswan-kernel-pfroute.la +@USE_KERNEL_NETLINK_TRUE@am__append_104 = plugins/kernel_netlink +@MONOLITHIC_TRUE@@USE_KERNEL_NETLINK_TRUE@am__append_105 = plugins/kernel_netlink/libstrongswan-kernel-netlink.la +@USE_KERNEL_LIBIPSEC_TRUE@am__append_106 = plugins/kernel_libipsec +@MONOLITHIC_TRUE@@USE_KERNEL_LIBIPSEC_TRUE@am__append_107 = plugins/kernel_libipsec/libstrongswan-kernel-libipsec.la +@USE_KERNEL_WFP_TRUE@am__append_108 = plugins/kernel_wfp +@MONOLITHIC_TRUE@@USE_KERNEL_WFP_TRUE@am__append_109 = plugins/kernel_wfp/libstrongswan-kernel-wfp.la +@USE_KERNEL_IPH_TRUE@am__append_110 = plugins/kernel_iph +@MONOLITHIC_TRUE@@USE_KERNEL_IPH_TRUE@am__append_111 = plugins/kernel_iph/libstrongswan-kernel-iph.la +@USE_WHITELIST_TRUE@am__append_112 = plugins/whitelist +@MONOLITHIC_TRUE@@USE_WHITELIST_TRUE@am__append_113 = plugins/whitelist/libstrongswan-whitelist.la +@USE_LOOKIP_TRUE@am__append_114 = plugins/lookip +@MONOLITHIC_TRUE@@USE_LOOKIP_TRUE@am__append_115 = plugins/lookip/libstrongswan-lookip.la +@USE_ERROR_NOTIFY_TRUE@am__append_116 = plugins/error_notify +@MONOLITHIC_TRUE@@USE_ERROR_NOTIFY_TRUE@am__append_117 = plugins/error_notify/libstrongswan-error-notify.la +@USE_CERTEXPIRE_TRUE@am__append_118 = plugins/certexpire +@MONOLITHIC_TRUE@@USE_CERTEXPIRE_TRUE@am__append_119 = plugins/certexpire/libstrongswan-certexpire.la +@USE_SYSTIME_FIX_TRUE@am__append_120 = plugins/systime_fix +@MONOLITHIC_TRUE@@USE_SYSTIME_FIX_TRUE@am__append_121 = plugins/systime_fix/libstrongswan-systime-fix.la +@USE_LED_TRUE@am__append_122 = plugins/led +@MONOLITHIC_TRUE@@USE_LED_TRUE@am__append_123 = plugins/led/libstrongswan-led.la +@USE_DUPLICHECK_TRUE@am__append_124 = plugins/duplicheck +@MONOLITHIC_TRUE@@USE_DUPLICHECK_TRUE@am__append_125 = plugins/duplicheck/libstrongswan-duplicheck.la +@USE_COUPLING_TRUE@am__append_126 = plugins/coupling +@MONOLITHIC_TRUE@@USE_COUPLING_TRUE@am__append_127 = plugins/coupling/libstrongswan-coupling.la +@USE_RADATTR_TRUE@am__append_128 = plugins/radattr +@MONOLITHIC_TRUE@@USE_RADATTR_TRUE@am__append_129 = plugins/radattr/libstrongswan-radattr.la +@USE_UCI_TRUE@am__append_130 = plugins/uci +@MONOLITHIC_TRUE@@USE_UCI_TRUE@am__append_131 = plugins/uci/libstrongswan-uci.la +@USE_ADDRBLOCK_TRUE@am__append_132 = plugins/addrblock +@MONOLITHIC_TRUE@@USE_ADDRBLOCK_TRUE@am__append_133 = plugins/addrblock/libstrongswan-addrblock.la +@USE_UNITY_TRUE@am__append_134 = plugins/unity +@MONOLITHIC_TRUE@@USE_UNITY_TRUE@am__append_135 = plugins/unity/libstrongswan-unity.la +@USE_XAUTH_GENERIC_TRUE@am__append_136 = plugins/xauth_generic +@MONOLITHIC_TRUE@@USE_XAUTH_GENERIC_TRUE@am__append_137 = plugins/xauth_generic/libstrongswan-xauth-generic.la +@USE_XAUTH_EAP_TRUE@am__append_138 = plugins/xauth_eap +@MONOLITHIC_TRUE@@USE_XAUTH_EAP_TRUE@am__append_139 = plugins/xauth_eap/libstrongswan-xauth-eap.la +@USE_XAUTH_PAM_TRUE@am__append_140 = plugins/xauth_pam +@MONOLITHIC_TRUE@@USE_XAUTH_PAM_TRUE@am__append_141 = plugins/xauth_pam/libstrongswan-xauth-pam.la +@USE_XAUTH_NOAUTH_TRUE@am__append_142 = plugins/xauth_noauth +@MONOLITHIC_TRUE@@USE_XAUTH_NOAUTH_TRUE@am__append_143 = plugins/xauth_noauth/libstrongswan-xauth-noauth.la +@USE_RESOLVE_TRUE@am__append_144 = plugins/resolve +@MONOLITHIC_TRUE@@USE_RESOLVE_TRUE@am__append_145 = plugins/resolve/libstrongswan-resolve.la +@USE_ATTR_TRUE@am__append_146 = plugins/attr +@MONOLITHIC_TRUE@@USE_ATTR_TRUE@am__append_147 = plugins/attr/libstrongswan-attr.la +@USE_ATTR_SQL_TRUE@am__append_148 = plugins/attr_sql +@MONOLITHIC_TRUE@@USE_ATTR_SQL_TRUE@am__append_149 = plugins/attr_sql/libstrongswan-attr-sql.la subdir = src/libcharon ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ @@ -356,12 +358,12 @@ libcharon_la_DEPENDENCIES = \ $(am__append_35) $(am__append_37) $(am__append_39) \ $(am__append_41) $(am__append_43) $(am__append_45) \ $(am__append_47) $(am__append_49) $(am__append_51) \ - $(am__append_53) $(am__append_55) $(am__append_56) \ + $(am__append_53) $(am__append_55) $(am__append_57) \ $(am__append_58) $(am__append_60) $(am__append_62) \ $(am__append_64) $(am__append_66) $(am__append_68) \ $(am__append_70) $(am__append_72) $(am__append_74) \ - $(am__append_75) $(am__append_76) $(am__append_78) \ - $(am__append_80) $(am__append_81) $(am__append_83) \ + $(am__append_76) $(am__append_77) $(am__append_78) \ + $(am__append_80) $(am__append_82) $(am__append_83) \ $(am__append_85) $(am__append_87) $(am__append_89) \ $(am__append_91) $(am__append_93) $(am__append_95) \ $(am__append_97) $(am__append_99) $(am__append_101) \ @@ -372,7 +374,7 @@ libcharon_la_DEPENDENCIES = \ $(am__append_127) $(am__append_129) $(am__append_131) \ $(am__append_133) $(am__append_135) $(am__append_137) \ $(am__append_139) $(am__append_141) $(am__append_143) \ - $(am__append_145) $(am__append_147) + $(am__append_145) $(am__append_147) $(am__append_149) am__libcharon_la_SOURCES_DIST = attributes/attributes.c \ attributes/attributes.h attributes/attribute_provider.h \ attributes/attribute_handler.h attributes/attribute_manager.c \ @@ -747,7 +749,7 @@ DIST_SUBDIRS = . plugins/load_tester plugins/socket_default \ plugins/ext_auth plugins/eap_identity plugins/eap_sim \ plugins/eap_sim_file plugins/eap_sim_pcsc \ plugins/eap_simaka_sql plugins/eap_simaka_pseudonym \ - plugins/eap_simaka_reauth plugins/eap_aka \ + plugins/eap_simaka_reauth plugins/eap_aka plugins/eap_aka_3gpp \ plugins/eap_aka_3gpp2 plugins/eap_md5 plugins/eap_gtc \ plugins/eap_mschapv2 plugins/eap_dynamic plugins/eap_radius \ plugins/eap_tls plugins/eap_ttls plugins/eap_peap \ @@ -889,8 +891,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -991,6 +991,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -1019,6 +1021,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ @@ -1151,12 +1157,12 @@ libcharon_la_LIBADD = \ $(am__append_37) $(am__append_39) $(am__append_41) \ $(am__append_43) $(am__append_45) $(am__append_47) \ $(am__append_49) $(am__append_51) $(am__append_53) \ - $(am__append_55) $(am__append_56) $(am__append_58) \ + $(am__append_55) $(am__append_57) $(am__append_58) \ $(am__append_60) $(am__append_62) $(am__append_64) \ $(am__append_66) $(am__append_68) $(am__append_70) \ - $(am__append_72) $(am__append_74) $(am__append_75) \ - $(am__append_76) $(am__append_78) $(am__append_80) \ - $(am__append_81) $(am__append_83) $(am__append_85) \ + $(am__append_72) $(am__append_74) $(am__append_76) \ + $(am__append_77) $(am__append_78) $(am__append_80) \ + $(am__append_82) $(am__append_83) $(am__append_85) \ $(am__append_87) $(am__append_89) $(am__append_91) \ $(am__append_93) $(am__append_95) $(am__append_97) \ $(am__append_99) $(am__append_101) $(am__append_103) \ @@ -1167,7 +1173,7 @@ libcharon_la_LIBADD = \ $(am__append_129) $(am__append_131) $(am__append_133) \ $(am__append_135) $(am__append_137) $(am__append_139) \ $(am__append_141) $(am__append_143) $(am__append_145) \ - $(am__append_147) + $(am__append_147) $(am__append_149) EXTRA_DIST = Android.mk @STATIC_PLUGIN_CONSTRUCTORS_TRUE@BUILT_SOURCES = $(srcdir)/plugin_constructors.c @STATIC_PLUGIN_CONSTRUCTORS_TRUE@CLEANFILES = $(srcdir)/plugin_constructors.c @@ -1183,13 +1189,13 @@ EXTRA_DIST = Android.mk @MONOLITHIC_FALSE@ $(am__append_42) $(am__append_44) \ @MONOLITHIC_FALSE@ $(am__append_46) $(am__append_48) \ @MONOLITHIC_FALSE@ $(am__append_50) $(am__append_52) \ -@MONOLITHIC_FALSE@ $(am__append_54) $(am__append_57) \ +@MONOLITHIC_FALSE@ $(am__append_54) $(am__append_56) \ @MONOLITHIC_FALSE@ $(am__append_59) $(am__append_61) \ @MONOLITHIC_FALSE@ $(am__append_63) $(am__append_65) \ @MONOLITHIC_FALSE@ $(am__append_67) $(am__append_69) \ @MONOLITHIC_FALSE@ $(am__append_71) $(am__append_73) \ -@MONOLITHIC_FALSE@ $(am__append_77) $(am__append_79) \ -@MONOLITHIC_FALSE@ $(am__append_82) $(am__append_84) \ +@MONOLITHIC_FALSE@ $(am__append_75) $(am__append_79) \ +@MONOLITHIC_FALSE@ $(am__append_81) $(am__append_84) \ @MONOLITHIC_FALSE@ $(am__append_86) $(am__append_88) \ @MONOLITHIC_FALSE@ $(am__append_90) $(am__append_92) \ @MONOLITHIC_FALSE@ $(am__append_94) $(am__append_96) \ @@ -1205,7 +1211,7 @@ EXTRA_DIST = Android.mk @MONOLITHIC_FALSE@ $(am__append_134) $(am__append_136) \ @MONOLITHIC_FALSE@ $(am__append_138) $(am__append_140) \ @MONOLITHIC_FALSE@ $(am__append_142) $(am__append_144) \ -@MONOLITHIC_FALSE@ $(am__append_146) tests +@MONOLITHIC_FALSE@ $(am__append_146) $(am__append_148) tests # build optional plugins ######################## @@ -1221,13 +1227,13 @@ EXTRA_DIST = Android.mk @MONOLITHIC_TRUE@ $(am__append_42) $(am__append_44) \ @MONOLITHIC_TRUE@ $(am__append_46) $(am__append_48) \ @MONOLITHIC_TRUE@ $(am__append_50) $(am__append_52) \ -@MONOLITHIC_TRUE@ $(am__append_54) $(am__append_57) \ +@MONOLITHIC_TRUE@ $(am__append_54) $(am__append_56) \ @MONOLITHIC_TRUE@ $(am__append_59) $(am__append_61) \ @MONOLITHIC_TRUE@ $(am__append_63) $(am__append_65) \ @MONOLITHIC_TRUE@ $(am__append_67) $(am__append_69) \ @MONOLITHIC_TRUE@ $(am__append_71) $(am__append_73) \ -@MONOLITHIC_TRUE@ $(am__append_77) $(am__append_79) \ -@MONOLITHIC_TRUE@ $(am__append_82) $(am__append_84) \ +@MONOLITHIC_TRUE@ $(am__append_75) $(am__append_79) \ +@MONOLITHIC_TRUE@ $(am__append_81) $(am__append_84) \ @MONOLITHIC_TRUE@ $(am__append_86) $(am__append_88) \ @MONOLITHIC_TRUE@ $(am__append_90) $(am__append_92) \ @MONOLITHIC_TRUE@ $(am__append_94) $(am__append_96) \ @@ -1243,7 +1249,7 @@ EXTRA_DIST = Android.mk @MONOLITHIC_TRUE@ $(am__append_134) $(am__append_136) \ @MONOLITHIC_TRUE@ $(am__append_138) $(am__append_140) \ @MONOLITHIC_TRUE@ $(am__append_142) $(am__append_144) \ -@MONOLITHIC_TRUE@ $(am__append_146) . tests +@MONOLITHIC_TRUE@ $(am__append_146) $(am__append_148) . tests all: $(BUILT_SOURCES) $(MAKE) $(AM_MAKEFLAGS) all-recursive diff --git a/src/libcharon/bus/bus.c b/src/libcharon/bus/bus.c index 77a910197..19943d060 100644 --- a/src/libcharon/bus/bus.c +++ b/src/libcharon/bus/bus.c @@ -827,7 +827,10 @@ METHOD(bus_t, ike_updown, void, enumerator = ike_sa->create_child_sa_enumerator(ike_sa); while (enumerator->enumerate(enumerator, (void**)&child_sa)) { - child_updown(this, child_sa, FALSE); + if (child_sa->get_state(child_sa) != CHILD_REKEYED) + { + child_updown(this, child_sa, FALSE); + } } enumerator->destroy(enumerator); } diff --git a/src/libcharon/config/peer_cfg.c b/src/libcharon/config/peer_cfg.c index fcdd6fdeb..29f067858 100644 --- a/src/libcharon/config/peer_cfg.c +++ b/src/libcharon/config/peer_cfg.c @@ -21,7 +21,7 @@ #include -#include +#include #include #include @@ -71,9 +71,9 @@ struct private_peer_cfg_t { linked_list_t *child_cfgs; /** - * mutex to lock access to list of child_cfgs + * lock to access list of child_cfgs */ - mutex_t *mutex; + rwlock_t *lock; /** * should we send a certificate @@ -195,9 +195,9 @@ METHOD(peer_cfg_t, get_ike_cfg, ike_cfg_t*, METHOD(peer_cfg_t, add_child_cfg, void, private_peer_cfg_t *this, child_cfg_t *child_cfg) { - this->mutex->lock(this->mutex); + this->lock->write_lock(this->lock); this->child_cfgs->insert_last(this->child_cfgs, child_cfg); - this->mutex->unlock(this->mutex); + this->lock->unlock(this->lock); } typedef struct { @@ -266,13 +266,13 @@ METHOD(peer_cfg_t, replace_child_cfgs, enumerator_t*, removed = linked_list_create(); - other->mutex->lock(other->mutex); + other->lock->read_lock(other->lock); added = linked_list_create_from_enumerator( other->child_cfgs->create_enumerator(other->child_cfgs)); added->invoke_offset(added, offsetof(child_cfg_t, get_ref)); - other->mutex->unlock(other->mutex); + other->lock->unlock(other->lock); - this->mutex->lock(this->mutex); + this->lock->write_lock(this->lock); others = added->create_enumerator(added); mine = this->child_cfgs->create_enumerator(this->child_cfgs); while (mine->enumerate(mine, &my_cfg)) @@ -302,7 +302,7 @@ METHOD(peer_cfg_t, replace_child_cfgs, enumerator_t*, } others->destroy(others); mine->destroy(mine); - this->mutex->unlock(this->mutex); + this->lock->unlock(this->lock); INIT(enumerator, .public = { @@ -322,7 +322,7 @@ METHOD(peer_cfg_t, replace_child_cfgs, enumerator_t*, typedef struct { enumerator_t public; enumerator_t *wrapped; - mutex_t *mutex; + rwlock_t *lock; } child_cfg_enumerator_t; METHOD(peer_cfg_t, remove_child_cfg, void, @@ -334,7 +334,7 @@ METHOD(peer_cfg_t, remove_child_cfg, void, METHOD(enumerator_t, child_cfg_enumerator_destroy, void, child_cfg_enumerator_t *this) { - this->mutex->unlock(this->mutex); + this->lock->unlock(this->lock); this->wrapped->destroy(this->wrapped); free(this); } @@ -359,11 +359,11 @@ METHOD(peer_cfg_t, create_child_cfg_enumerator, enumerator_t*, .venumerate = _child_cfg_enumerate, .destroy = _child_cfg_enumerator_destroy, }, - .mutex = this->mutex, + .lock = this->lock, .wrapped = this->child_cfgs->create_enumerator(this->child_cfgs), ); - this->mutex->lock(this->mutex); + this->lock->read_lock(this->lock); return &enumerator->public; } @@ -724,7 +724,7 @@ METHOD(peer_cfg_t, destroy, void, DESTROY_IF(this->peer_id); free(this->mediated_by); #endif /* ME */ - this->mutex->destroy(this->mutex); + this->lock->destroy(this->lock); free(this->name); free(this); } @@ -790,7 +790,7 @@ peer_cfg_t *peer_cfg_create(char *name, ike_cfg_t *ike_cfg, .name = strdup(name), .ike_cfg = ike_cfg, .child_cfgs = linked_list_create(), - .mutex = mutex_create(MUTEX_TYPE_DEFAULT), + .lock = rwlock_create(RWLOCK_TYPE_DEFAULT), .cert_policy = data->cert_policy, .unique = data->unique, .keyingtries = data->keyingtries, diff --git a/src/libcharon/encoding/generator.c b/src/libcharon/encoding/generator.c index 41aacd4ed..dee1a3f73 100644 --- a/src/libcharon/encoding/generator.c +++ b/src/libcharon/encoding/generator.c @@ -86,7 +86,7 @@ struct private_generator_t { uint8_t current_bit; /** - * Associated data struct to read informations from. + * Associated data struct to read information from. */ void *data_struct; diff --git a/src/libcharon/encoding/message.h b/src/libcharon/encoding/message.h index 8c4372974..732fd9b54 100644 --- a/src/libcharon/encoding/message.h +++ b/src/libcharon/encoding/message.h @@ -312,7 +312,7 @@ struct message_t { status_t (*add_fragment)(message_t *this, message_t *fragment); /** - * Gets the source host informations. + * Gets the source host information. * * @warning Returned host_t object is not getting cloned, * do not destroy nor modify. @@ -322,7 +322,7 @@ struct message_t { host_t * (*get_source) (message_t *this); /** - * Sets the source host informations. + * Sets the source host information. * * @warning host_t object is not getting cloned and gets destroyed by * message_t.destroy or next call of message_t.set_source. @@ -332,7 +332,7 @@ struct message_t { void (*set_source) (message_t *this, host_t *host); /** - * Gets the destination host informations. + * Gets the destination host information. * * @warning Returned host_t object is not getting cloned, * do not destroy nor modify. @@ -342,7 +342,7 @@ struct message_t { host_t * (*get_destination) (message_t *this); /** - * Sets the destination host informations. + * Sets the destination host information. * * @warning host_t object is not getting cloned and gets destroyed by * message_t.destroy or next call of message_t.set_destination. diff --git a/src/libcharon/encoding/payloads/encodings.h b/src/libcharon/encoding/payloads/encodings.h index 442bf7489..9ff23753a 100644 --- a/src/libcharon/encoding/payloads/encodings.h +++ b/src/libcharon/encoding/payloads/encodings.h @@ -37,7 +37,7 @@ typedef struct encoding_rule_t encoding_rule_t; * Header is parsed like a payload and gets its one payload_id * from PRIVATE USE space. Also the substructures * of specific payload types get their own payload_id - * from PRIVATE_USE space. See IKEv2-Draft for more informations. + * from PRIVATE_USE space. See IKEv2-Draft for more information. */ enum encoding_type_t { diff --git a/src/libcharon/encoding/payloads/proposal_substructure.c b/src/libcharon/encoding/payloads/proposal_substructure.c index 55641e145..c3f06391a 100644 --- a/src/libcharon/encoding/payloads/proposal_substructure.c +++ b/src/libcharon/encoding/payloads/proposal_substructure.c @@ -1360,10 +1360,10 @@ static void set_from_proposal_v1(private_proposal_substructure_t *this, enumerator = proposal->create_enumerator(proposal, INTEGRITY_ALGORITHM); if (enumerator->enumerate(enumerator, &alg, &key_size)) { + transid = get_ikev1_transid_from_alg(INTEGRITY_ALGORITHM, alg); alg = get_ikev1_auth_from_alg(alg); if (alg) { - transid = get_ikev1_transid_from_alg(INTEGRITY_ALGORITHM, alg); if (!transform && transid) { transform = transform_substructure_create_type( diff --git a/src/libcharon/kernel/kernel_interface.h b/src/libcharon/kernel/kernel_interface.h index d601ebd4e..f4f55adfe 100644 --- a/src/libcharon/kernel/kernel_interface.h +++ b/src/libcharon/kernel/kernel_interface.h @@ -77,6 +77,8 @@ enum kernel_feature_t { KERNEL_REQUIRE_UDP_ENCAPSULATION = (1<<2), /** IPsec backend does not require a policy reinstall on SA updates */ KERNEL_NO_POLICY_UPDATES = (1<<3), + /** IPsec backend supports installing SPIs on policies */ + KERNEL_POLICY_SPI = (1<<4), }; /** diff --git a/src/libcharon/plugins/addrblock/Makefile.in b/src/libcharon/plugins/addrblock/Makefile.in index 60fd19bdc..5a76c8187 100644 --- a/src/libcharon/plugins/addrblock/Makefile.in +++ b/src/libcharon/plugins/addrblock/Makefile.in @@ -313,8 +313,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -415,6 +413,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -443,6 +443,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/android_dns/Makefile.in b/src/libcharon/plugins/android_dns/Makefile.in index 0533d81eb..8f5ae6ac7 100644 --- a/src/libcharon/plugins/android_dns/Makefile.in +++ b/src/libcharon/plugins/android_dns/Makefile.in @@ -313,8 +313,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -415,6 +413,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -443,6 +443,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/android_log/Makefile.in b/src/libcharon/plugins/android_log/Makefile.in index bc402ef69..682fa15b9 100644 --- a/src/libcharon/plugins/android_log/Makefile.in +++ b/src/libcharon/plugins/android_log/Makefile.in @@ -313,8 +313,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -415,6 +413,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -443,6 +443,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/attr/Makefile.in b/src/libcharon/plugins/attr/Makefile.in index 9fe4d946f..61570457e 100644 --- a/src/libcharon/plugins/attr/Makefile.in +++ b/src/libcharon/plugins/attr/Makefile.in @@ -310,8 +310,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -412,6 +410,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -440,6 +440,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/attr_sql/Makefile.in b/src/libcharon/plugins/attr_sql/Makefile.in index b3ddf69b5..14a144c38 100644 --- a/src/libcharon/plugins/attr_sql/Makefile.in +++ b/src/libcharon/plugins/attr_sql/Makefile.in @@ -313,8 +313,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -415,6 +413,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -443,6 +443,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/bypass_lan/Makefile.in b/src/libcharon/plugins/bypass_lan/Makefile.in index 6c079481b..1c1a4523a 100644 --- a/src/libcharon/plugins/bypass_lan/Makefile.in +++ b/src/libcharon/plugins/bypass_lan/Makefile.in @@ -313,8 +313,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -415,6 +413,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -443,6 +443,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/certexpire/Makefile.in b/src/libcharon/plugins/certexpire/Makefile.in index acbd7a858..0ae0d28d7 100644 --- a/src/libcharon/plugins/certexpire/Makefile.in +++ b/src/libcharon/plugins/certexpire/Makefile.in @@ -313,8 +313,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -415,6 +413,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -443,6 +443,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/connmark/Makefile.in b/src/libcharon/plugins/connmark/Makefile.in index 55bc25a9f..fb432cd67 100644 --- a/src/libcharon/plugins/connmark/Makefile.in +++ b/src/libcharon/plugins/connmark/Makefile.in @@ -314,8 +314,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -416,6 +414,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -444,6 +444,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/coupling/Makefile.in b/src/libcharon/plugins/coupling/Makefile.in index 6d6fe25bb..06f2592f0 100644 --- a/src/libcharon/plugins/coupling/Makefile.in +++ b/src/libcharon/plugins/coupling/Makefile.in @@ -313,8 +313,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -415,6 +413,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -443,6 +443,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/dhcp/Makefile.in b/src/libcharon/plugins/dhcp/Makefile.in index d3f4ec8bc..aaca1ec99 100644 --- a/src/libcharon/plugins/dhcp/Makefile.in +++ b/src/libcharon/plugins/dhcp/Makefile.in @@ -311,8 +311,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -413,6 +411,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -441,6 +441,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/dnscert/Makefile.in b/src/libcharon/plugins/dnscert/Makefile.in index 3687f0cb7..0febca96d 100644 --- a/src/libcharon/plugins/dnscert/Makefile.in +++ b/src/libcharon/plugins/dnscert/Makefile.in @@ -313,8 +313,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -415,6 +413,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -443,6 +443,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/duplicheck/Makefile.in b/src/libcharon/plugins/duplicheck/Makefile.in index 69959d30f..db4491113 100644 --- a/src/libcharon/plugins/duplicheck/Makefile.in +++ b/src/libcharon/plugins/duplicheck/Makefile.in @@ -320,8 +320,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -422,6 +420,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -450,6 +450,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/eap_aka/Makefile.in b/src/libcharon/plugins/eap_aka/Makefile.in index 5fff12890..09291aff5 100644 --- a/src/libcharon/plugins/eap_aka/Makefile.in +++ b/src/libcharon/plugins/eap_aka/Makefile.in @@ -314,8 +314,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -416,6 +414,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -444,6 +444,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/eap_aka_3gpp/Makefile.am b/src/libcharon/plugins/eap_aka_3gpp/Makefile.am new file mode 100644 index 000000000..5e230ea3b --- /dev/null +++ b/src/libcharon/plugins/eap_aka_3gpp/Makefile.am @@ -0,0 +1,22 @@ +AM_CPPFLAGS = \ + -I$(top_srcdir)/src/libstrongswan \ + -I$(top_srcdir)/src/libcharon \ + -I$(top_srcdir)/src/libsimaka + +AM_CFLAGS = \ + $(PLUGIN_CFLAGS) + +libstrongswan_eap_aka_3gpp_la_LDFLAGS = -module -avoid-version + +if MONOLITHIC +noinst_LTLIBRARIES = libstrongswan-eap-aka-3gpp.la +else +plugin_LTLIBRARIES = libstrongswan-eap-aka-3gpp.la +libstrongswan_eap_aka_3gpp_la_LIBADD = $(top_builddir)/src/libsimaka/libsimaka.la +endif + +libstrongswan_eap_aka_3gpp_la_SOURCES = \ + eap_aka_3gpp_plugin.h eap_aka_3gpp_plugin.c \ + eap_aka_3gpp_card.h eap_aka_3gpp_card.c \ + eap_aka_3gpp_provider.h eap_aka_3gpp_provider.c \ + eap_aka_3gpp_functions.h eap_aka_3gpp_functions.c diff --git a/src/libcharon/plugins/eap_aka_3gpp/Makefile.in b/src/libcharon/plugins/eap_aka_3gpp/Makefile.in new file mode 100644 index 000000000..2b73a57ce --- /dev/null +++ b/src/libcharon/plugins/eap_aka_3gpp/Makefile.in @@ -0,0 +1,809 @@ +# Makefile.in generated by automake 1.15 from Makefile.am. +# @configure_input@ + +# Copyright (C) 1994-2014 Free Software Foundation, Inc. + +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +@SET_MAKE@ + +VPATH = @srcdir@ +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} +am__make_running_with_option = \ + case $${target_option-} in \ + ?) ;; \ + *) echo "am__make_running_with_option: internal error: invalid" \ + "target option '$${target_option-}' specified" >&2; \ + exit 1;; \ + esac; \ + has_opt=no; \ + sane_makeflags=$$MAKEFLAGS; \ + if $(am__is_gnu_make); then \ + sane_makeflags=$$MFLAGS; \ + else \ + case $$MAKEFLAGS in \ + *\\[\ \ ]*) \ + bs=\\; \ + sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ + | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ + esac; \ + fi; \ + skip_next=no; \ + strip_trailopt () \ + { \ + flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ + }; \ + for flg in $$sane_makeflags; do \ + test $$skip_next = yes && { skip_next=no; continue; }; \ + case $$flg in \ + *=*|--*) continue;; \ + -*I) strip_trailopt 'I'; skip_next=yes;; \ + -*I?*) strip_trailopt 'I';; \ + -*O) strip_trailopt 'O'; skip_next=yes;; \ + -*O?*) strip_trailopt 'O';; \ + -*l) strip_trailopt 'l'; skip_next=yes;; \ + -*l?*) strip_trailopt 'l';; \ + -[dEDm]) skip_next=yes;; \ + -[JT]) skip_next=yes;; \ + esac; \ + case $$flg in \ + *$$target_option*) has_opt=yes; break;; \ + esac; \ + done; \ + test $$has_opt = yes +am__make_dryrun = (target_option=n; $(am__make_running_with_option)) +am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) +pkgdatadir = $(datadir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ +am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +install_sh_DATA = $(install_sh) -c -m 644 +install_sh_PROGRAM = $(install_sh) -c +install_sh_SCRIPT = $(install_sh) -c +INSTALL_HEADER = $(INSTALL_DATA) +transform = $(program_transform_name) +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +build_triplet = @build@ +host_triplet = @host@ +subdir = src/libcharon/plugins/eap_aka_3gpp +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ + $(top_srcdir)/m4/config/ltoptions.m4 \ + $(top_srcdir)/m4/config/ltsugar.m4 \ + $(top_srcdir)/m4/config/ltversion.m4 \ + $(top_srcdir)/m4/config/lt~obsolete.m4 \ + $(top_srcdir)/m4/macros/split-package-version.m4 \ + $(top_srcdir)/m4/macros/with.m4 \ + $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/m4/macros/add-plugin.m4 \ + $(top_srcdir)/configure.ac +am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ + $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) +mkinstalldirs = $(install_sh) -d +CONFIG_HEADER = $(top_builddir)/config.h +CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = +am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; +am__vpath_adj = case $$p in \ + $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ + *) f=$$p;; \ + esac; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' +am__uninstall_files_from_dir = { \ + test -z "$$files" \ + || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ + || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ + $(am__cd) "$$dir" && rm -f $$files; }; \ + } +am__installdirs = "$(DESTDIR)$(plugindir)" +LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES) +@MONOLITHIC_FALSE@libstrongswan_eap_aka_3gpp_la_DEPENDENCIES = \ +@MONOLITHIC_FALSE@ $(top_builddir)/src/libsimaka/libsimaka.la +am_libstrongswan_eap_aka_3gpp_la_OBJECTS = eap_aka_3gpp_plugin.lo \ + eap_aka_3gpp_card.lo eap_aka_3gpp_provider.lo \ + eap_aka_3gpp_functions.lo +libstrongswan_eap_aka_3gpp_la_OBJECTS = \ + $(am_libstrongswan_eap_aka_3gpp_la_OBJECTS) +AM_V_lt = $(am__v_lt_@AM_V@) +am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) +am__v_lt_0 = --silent +am__v_lt_1 = +libstrongswan_eap_aka_3gpp_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \ + $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ + $(AM_CFLAGS) $(CFLAGS) \ + $(libstrongswan_eap_aka_3gpp_la_LDFLAGS) $(LDFLAGS) -o $@ +@MONOLITHIC_FALSE@am_libstrongswan_eap_aka_3gpp_la_rpath = -rpath \ +@MONOLITHIC_FALSE@ $(plugindir) +@MONOLITHIC_TRUE@am_libstrongswan_eap_aka_3gpp_la_rpath = +AM_V_P = $(am__v_P_@AM_V@) +am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) +am__v_P_0 = false +am__v_P_1 = : +AM_V_GEN = $(am__v_GEN_@AM_V@) +am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) +am__v_GEN_0 = @echo " GEN " $@; +am__v_GEN_1 = +AM_V_at = $(am__v_at_@AM_V@) +am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) +am__v_at_0 = @ +am__v_at_1 = +DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) +depcomp = $(SHELL) $(top_srcdir)/depcomp +am__depfiles_maybe = depfiles +am__mv = mv -f +COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ + $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \ + $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \ + $(AM_CFLAGS) $(CFLAGS) +AM_V_CC = $(am__v_CC_@AM_V@) +am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@) +am__v_CC_0 = @echo " CC " $@; +am__v_CC_1 = +CCLD = $(CC) +LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ + $(AM_LDFLAGS) $(LDFLAGS) -o $@ +AM_V_CCLD = $(am__v_CCLD_@AM_V@) +am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) +am__v_CCLD_0 = @echo " CCLD " $@; +am__v_CCLD_1 = +SOURCES = $(libstrongswan_eap_aka_3gpp_la_SOURCES) +DIST_SOURCES = $(libstrongswan_eap_aka_3gpp_la_SOURCES) +am__can_run_installinfo = \ + case $$AM_UPDATE_INFO_DIR in \ + n|no|NO) false;; \ + *) (install-info --version) >/dev/null 2>&1;; \ + esac +am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) +# Read a list of newline-separated strings from the standard input, +# and print each of them once, without duplicates. Input order is +# *not* preserved. +am__uniquify_input = $(AWK) '\ + BEGIN { nonempty = 0; } \ + { items[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in items) print i; }; } \ +' +# Make sure the list of sources is unique. This is necessary because, +# e.g., the same source file might be shared among _SOURCES variables +# for different programs/libraries. +am__define_uniq_tagged_files = \ + list='$(am__tagged_files)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | $(am__uniquify_input)` +ETAGS = etags +CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +ACLOCAL = @ACLOCAL@ +ALLOCA = @ALLOCA@ +AMTAR = @AMTAR@ +AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ +AR = @AR@ +ATOMICLIB = @ATOMICLIB@ +AUTOCONF = @AUTOCONF@ +AUTOHEADER = @AUTOHEADER@ +AUTOMAKE = @AUTOMAKE@ +AWK = @AWK@ +BFDLIB = @BFDLIB@ +BTLIB = @BTLIB@ +CC = @CC@ +CCDEPMODE = @CCDEPMODE@ +CFLAGS = @CFLAGS@ +COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ +COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ +CPP = @CPP@ +CPPFLAGS = @CPPFLAGS@ +CYGPATH_W = @CYGPATH_W@ +DEFS = @DEFS@ +DEPDIR = @DEPDIR@ +DLLIB = @DLLIB@ +DLLTOOL = @DLLTOOL@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ +EASY_INSTALL = @EASY_INSTALL@ +ECHO_C = @ECHO_C@ +ECHO_N = @ECHO_N@ +ECHO_T = @ECHO_T@ +EGREP = @EGREP@ +EXEEXT = @EXEEXT@ +FGREP = @FGREP@ +GEM = @GEM@ +GENHTML = @GENHTML@ +GPERF = @GPERF@ +GPRBUILD = @GPRBUILD@ +GREP = @GREP@ +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LCOV = @LCOV@ +LD = @LD@ +LDFLAGS = @LDFLAGS@ +LEX = @LEX@ +LEXLIB = @LEXLIB@ +LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ +LIBOBJS = @LIBOBJS@ +LIBS = @LIBS@ +LIBTOOL = @LIBTOOL@ +LIPO = @LIPO@ +LN_S = @LN_S@ +LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ +MAKEINFO = @MAKEINFO@ +MANIFEST_TOOL = @MANIFEST_TOOL@ +MKDIR_P = @MKDIR_P@ +MYSQLCFLAG = @MYSQLCFLAG@ +MYSQLCONFIG = @MYSQLCONFIG@ +MYSQLLIB = @MYSQLLIB@ +NM = @NM@ +NMEDIT = @NMEDIT@ +OBJDUMP = @OBJDUMP@ +OBJEXT = @OBJEXT@ +OPENSSL_LIB = @OPENSSL_LIB@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ +PACKAGE = @PACKAGE@ +PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ +PACKAGE_NAME = @PACKAGE_NAME@ +PACKAGE_STRING = @PACKAGE_STRING@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ +PACKAGE_VERSION = @PACKAGE_VERSION@ +PACKAGE_VERSION_BUILD = @PACKAGE_VERSION_BUILD@ +PACKAGE_VERSION_MAJOR = @PACKAGE_VERSION_MAJOR@ +PACKAGE_VERSION_MINOR = @PACKAGE_VERSION_MINOR@ +PACKAGE_VERSION_REVIEW = @PACKAGE_VERSION_REVIEW@ +PATH_SEPARATOR = @PATH_SEPARATOR@ +PERL = @PERL@ +PKG_CONFIG = @PKG_CONFIG@ +PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ +PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ +PLUGIN_CFLAGS = @PLUGIN_CFLAGS@ +PTHREADLIB = @PTHREADLIB@ +PYTHON = @PYTHON@ +PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ +PY_TEST = @PY_TEST@ +RANLIB = @RANLIB@ +RTLIB = @RTLIB@ +RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ +SED = @SED@ +SET_MAKE = @SET_MAKE@ +SHELL = @SHELL@ +SOCKLIB = @SOCKLIB@ +STRIP = @STRIP@ +UNWINDLIB = @UNWINDLIB@ +VERSION = @VERSION@ +YACC = @YACC@ +YFLAGS = @YFLAGS@ +abs_builddir = @abs_builddir@ +abs_srcdir = @abs_srcdir@ +abs_top_builddir = @abs_top_builddir@ +abs_top_srcdir = @abs_top_srcdir@ +ac_ct_AR = @ac_ct_AR@ +ac_ct_CC = @ac_ct_CC@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +aikgen_plugins = @aikgen_plugins@ +am__include = @am__include@ +am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ +am__tar = @am__tar@ +am__untar = @am__untar@ +attest_plugins = @attest_plugins@ +bindir = @bindir@ +build = @build@ +build_alias = @build_alias@ +build_cpu = @build_cpu@ +build_os = @build_os@ +build_vendor = @build_vendor@ +builddir = @builddir@ +c_plugins = @c_plugins@ +charon_natt_port = @charon_natt_port@ +charon_plugins = @charon_plugins@ +charon_udp_port = @charon_udp_port@ +clearsilver_LIBS = @clearsilver_LIBS@ +cmd_plugins = @cmd_plugins@ +datadir = @datadir@ +datarootdir = @datarootdir@ +dev_headers = @dev_headers@ +docdir = @docdir@ +dvidir = @dvidir@ +exec_prefix = @exec_prefix@ +fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ +gtk_CFLAGS = @gtk_CFLAGS@ +gtk_LIBS = @gtk_LIBS@ +host = @host@ +host_alias = @host_alias@ +host_cpu = @host_cpu@ +host_os = @host_os@ +host_vendor = @host_vendor@ +htmldir = @htmldir@ +imcvdir = @imcvdir@ +includedir = @includedir@ +infodir = @infodir@ +install_sh = @install_sh@ +ipsec_script = @ipsec_script@ +ipsec_script_upper = @ipsec_script_upper@ +ipsecdir = @ipsecdir@ +ipsecgroup = @ipsecgroup@ +ipseclibdir = @ipseclibdir@ +ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ +libdir = @libdir@ +libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ +libiptc_CFLAGS = @libiptc_CFLAGS@ +libiptc_LIBS = @libiptc_LIBS@ +linux_headers = @linux_headers@ +localedir = @localedir@ +localstatedir = @localstatedir@ +manager_plugins = @manager_plugins@ +mandir = @mandir@ +medsrv_plugins = @medsrv_plugins@ +mkdir_p = @mkdir_p@ +nm_CFLAGS = @nm_CFLAGS@ +nm_LIBS = @nm_LIBS@ +nm_ca_dir = @nm_ca_dir@ +nm_plugins = @nm_plugins@ +oldincludedir = @oldincludedir@ +p_plugins = @p_plugins@ +pcsclite_CFLAGS = @pcsclite_CFLAGS@ +pcsclite_LIBS = @pcsclite_LIBS@ +pdfdir = @pdfdir@ +piddir = @piddir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ +pki_plugins = @pki_plugins@ +plugindir = @plugindir@ +pool_plugins = @pool_plugins@ +prefix = @prefix@ +program_transform_name = @program_transform_name@ +psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ +random_device = @random_device@ +resolv_conf = @resolv_conf@ +routing_table = @routing_table@ +routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ +runstatedir = @runstatedir@ +s_plugins = @s_plugins@ +sbindir = @sbindir@ +scepclient_plugins = @scepclient_plugins@ +scripts_plugins = @scripts_plugins@ +sharedstatedir = @sharedstatedir@ +soup_CFLAGS = @soup_CFLAGS@ +soup_LIBS = @soup_LIBS@ +srcdir = @srcdir@ +starter_plugins = @starter_plugins@ +strongswan_conf = @strongswan_conf@ +strongswan_options = @strongswan_options@ +swanctldir = @swanctldir@ +sysconfdir = @sysconfdir@ +systemd_CFLAGS = @systemd_CFLAGS@ +systemd_LIBS = @systemd_LIBS@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ +systemdsystemunitdir = @systemdsystemunitdir@ +t_plugins = @t_plugins@ +target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ +top_builddir = @top_builddir@ +top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ +urandom_device = @urandom_device@ +xml_CFLAGS = @xml_CFLAGS@ +xml_LIBS = @xml_LIBS@ +AM_CPPFLAGS = \ + -I$(top_srcdir)/src/libstrongswan \ + -I$(top_srcdir)/src/libcharon \ + -I$(top_srcdir)/src/libsimaka + +AM_CFLAGS = \ + $(PLUGIN_CFLAGS) + +libstrongswan_eap_aka_3gpp_la_LDFLAGS = -module -avoid-version +@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-eap-aka-3gpp.la +@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-eap-aka-3gpp.la +@MONOLITHIC_FALSE@libstrongswan_eap_aka_3gpp_la_LIBADD = $(top_builddir)/src/libsimaka/libsimaka.la +libstrongswan_eap_aka_3gpp_la_SOURCES = \ + eap_aka_3gpp_plugin.h eap_aka_3gpp_plugin.c \ + eap_aka_3gpp_card.h eap_aka_3gpp_card.c \ + eap_aka_3gpp_provider.h eap_aka_3gpp_provider.c \ + eap_aka_3gpp_functions.h eap_aka_3gpp_functions.c + +all: all-am + +.SUFFIXES: +.SUFFIXES: .c .lo .o .obj +$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ + *$$dep*) \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ + exit 1;; \ + esac; \ + done; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/eap_aka_3gpp/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu src/libcharon/plugins/eap_aka_3gpp/Makefile +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + @case '$?' in \ + *config.status*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ + *) \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ + esac; + +$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + +$(top_srcdir)/configure: $(am__configure_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(ACLOCAL_M4): $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): + +clean-noinstLTLIBRARIES: + -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES) + @list='$(noinst_LTLIBRARIES)'; \ + locs=`for p in $$list; do echo $$p; done | \ + sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \ + sort -u`; \ + test -z "$$locs" || { \ + echo rm -f $${locs}; \ + rm -f $${locs}; \ + } + +install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) + @$(NORMAL_INSTALL) + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + list2=; for p in $$list; do \ + if test -f $$p; then \ + list2="$$list2 $$p"; \ + else :; fi; \ + done; \ + test -z "$$list2" || { \ + echo " $(MKDIR_P) '$(DESTDIR)$(plugindir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(plugindir)" || exit 1; \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \ + } + +uninstall-pluginLTLIBRARIES: + @$(NORMAL_UNINSTALL) + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + for p in $$list; do \ + $(am__strip_dir) \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$f'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$f"; \ + done + +clean-pluginLTLIBRARIES: + -test -z "$(plugin_LTLIBRARIES)" || rm -f $(plugin_LTLIBRARIES) + @list='$(plugin_LTLIBRARIES)'; \ + locs=`for p in $$list; do echo $$p; done | \ + sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \ + sort -u`; \ + test -z "$$locs" || { \ + echo rm -f $${locs}; \ + rm -f $${locs}; \ + } + +libstrongswan-eap-aka-3gpp.la: $(libstrongswan_eap_aka_3gpp_la_OBJECTS) $(libstrongswan_eap_aka_3gpp_la_DEPENDENCIES) $(EXTRA_libstrongswan_eap_aka_3gpp_la_DEPENDENCIES) + $(AM_V_CCLD)$(libstrongswan_eap_aka_3gpp_la_LINK) $(am_libstrongswan_eap_aka_3gpp_la_rpath) $(libstrongswan_eap_aka_3gpp_la_OBJECTS) $(libstrongswan_eap_aka_3gpp_la_LIBADD) $(LIBS) + +mostlyclean-compile: + -rm -f *.$(OBJEXT) + +distclean-compile: + -rm -f *.tab.c + +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/eap_aka_3gpp_card.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/eap_aka_3gpp_functions.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/eap_aka_3gpp_plugin.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/eap_aka_3gpp_provider.Plo@am__quote@ + +.c.o: +@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.o$$||'`;\ +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\ +@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $< + +.c.obj: +@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.obj$$||'`;\ +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ `$(CYGPATH_W) '$<'` &&\ +@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'` + +.c.lo: +@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.lo$$||'`;\ +@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\ +@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $< + +mostlyclean-libtool: + -rm -f *.lo + +clean-libtool: + -rm -rf .libs _libs + +ID: $(am__tagged_files) + $(am__define_uniq_tagged_files); mkid -fID $$unique +tags: tags-am +TAGS: tags + +tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) + set x; \ + here=`pwd`; \ + $(am__define_uniq_tagged_files); \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ + test -n "$$unique" || unique=$$empty_fix; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ + fi +ctags: ctags-am + +CTAGS: ctags +ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) + $(am__define_uniq_tagged_files); \ + test -z "$(CTAGS_ARGS)$$unique" \ + || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ + $$unique + +GTAGS: + here=`$(am__cd) $(top_builddir) && pwd` \ + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" +cscopelist: cscopelist-am + +cscopelist-am: $(am__tagged_files) + list='$(am__tagged_files)'; \ + case "$(srcdir)" in \ + [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \ + *) sdir=$(subdir)/$(srcdir) ;; \ + esac; \ + for i in $$list; do \ + if test -f "$$i"; then \ + echo "$(subdir)/$$i"; \ + else \ + echo "$$sdir/$$i"; \ + fi; \ + done >> $(top_builddir)/cscope.files + +distclean-tags: + -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags + +distdir: $(DISTFILES) + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ + dist_files=`for file in $$list; do echo $$file; done | \ + sed -e "s|^$$srcdirstrip/||;t" \ + -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ + case $$dist_files in \ + */*) $(MKDIR_P) `echo "$$dist_files" | \ + sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ + sort -u` ;; \ + esac; \ + for file in $$dist_files; do \ + if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + if test -d $$d/$$file; then \ + dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ + else \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ + || exit 1; \ + fi; \ + done +check-am: all-am +check: check-am +all-am: Makefile $(LTLIBRARIES) +installdirs: + for dir in "$(DESTDIR)$(plugindir)"; do \ + test -z "$$dir" || $(MKDIR_P) "$$dir"; \ + done +install: install-am +install-exec: install-exec-am +install-data: install-data-am +uninstall: uninstall-am + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am + +installcheck: installcheck-am +install-strip: + if test -z '$(STRIP)'; then \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + install; \ + else \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ + fi +mostlyclean-generic: + +clean-generic: + +distclean-generic: + -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + +maintainer-clean-generic: + @echo "This command is intended for maintainers to use" + @echo "it deletes files that may require special tools to rebuild." +clean: clean-am + +clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \ + clean-pluginLTLIBRARIES mostlyclean-am + +distclean: distclean-am + -rm -rf ./$(DEPDIR) + -rm -f Makefile +distclean-am: clean-am distclean-compile distclean-generic \ + distclean-tags + +dvi: dvi-am + +dvi-am: + +html: html-am + +html-am: + +info: info-am + +info-am: + +install-data-am: install-pluginLTLIBRARIES + +install-dvi: install-dvi-am + +install-dvi-am: + +install-exec-am: + +install-html: install-html-am + +install-html-am: + +install-info: install-info-am + +install-info-am: + +install-man: + +install-pdf: install-pdf-am + +install-pdf-am: + +install-ps: install-ps-am + +install-ps-am: + +installcheck-am: + +maintainer-clean: maintainer-clean-am + -rm -rf ./$(DEPDIR) + -rm -f Makefile +maintainer-clean-am: distclean-am maintainer-clean-generic + +mostlyclean: mostlyclean-am + +mostlyclean-am: mostlyclean-compile mostlyclean-generic \ + mostlyclean-libtool + +pdf: pdf-am + +pdf-am: + +ps: ps-am + +ps-am: + +uninstall-am: uninstall-pluginLTLIBRARIES + +.MAKE: install-am install-strip + +.PHONY: CTAGS GTAGS TAGS all all-am check check-am clean clean-generic \ + clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \ + cscopelist-am ctags ctags-am distclean distclean-compile \ + distclean-generic distclean-libtool distclean-tags distdir dvi \ + dvi-am html html-am info info-am install install-am \ + install-data install-data-am install-dvi install-dvi-am \ + install-exec install-exec-am install-html install-html-am \ + install-info install-info-am install-man install-pdf \ + install-pdf-am install-pluginLTLIBRARIES install-ps \ + install-ps-am install-strip installcheck installcheck-am \ + installdirs maintainer-clean maintainer-clean-generic \ + mostlyclean mostlyclean-compile mostlyclean-generic \ + mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ + uninstall-am uninstall-pluginLTLIBRARIES + +.PRECIOUS: Makefile + + +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff --git a/src/libcharon/plugins/eap_aka_3gpp/eap_aka_3gpp_card.c b/src/libcharon/plugins/eap_aka_3gpp/eap_aka_3gpp_card.c new file mode 100644 index 000000000..22c1181ad --- /dev/null +++ b/src/libcharon/plugins/eap_aka_3gpp/eap_aka_3gpp_card.c @@ -0,0 +1,208 @@ +/* + * Copyright (C) 2008-2009 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ +/* + * Copyright (C) 2015 Thomas Strangert + * Polystar System AB, Sweden + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ + +#include "eap_aka_3gpp_card.h" + +#include + +typedef struct private_eap_aka_3gpp_card_t private_eap_aka_3gpp_card_t; + +/** + * Private data of an eap_aka_3gpp_card_t object. + */ +struct private_eap_aka_3gpp_card_t { + + /** + * Public eap_aka_3gpp_card_t interface. + */ + eap_aka_3gpp_card_t public; + + /** + * AKA functions + */ + eap_aka_3gpp_functions_t *f; + + /** + * do sequence number checking? + */ + bool seq_check; + + /** + * SQN stored in this pseudo-USIM + */ + uint8_t sqn[AKA_SQN_LEN]; +}; + +METHOD(simaka_card_t, get_quintuplet, status_t, + private_eap_aka_3gpp_card_t *this, identification_t *id, + char rand[AKA_RAND_LEN], char autn[AKA_AUTN_LEN], char ck[AKA_CK_LEN], + char ik[AKA_IK_LEN], char res[AKA_RES_MAX], int *res_len) +{ + uint8_t *amf, *mac; + uint8_t k[AKA_K_LEN], opc[AKA_OPC_LEN], ak[AKA_AK_LEN], sqn[AKA_SQN_LEN], + xmac[AKA_MAC_LEN]; + + if (!eap_aka_3gpp_get_k_opc(id, k, opc)) + { + DBG1(DBG_IKE, "no EAP key found for %Y to authenticate with AKA", id); + return FAILED; + } + DBG4(DBG_IKE, "EAP key found for id %Y, using K %b and OPc %b", id, k, + AKA_K_LEN, opc, AKA_OPC_LEN); + + /* AUTN = SQN xor AK | AMF | MAC */ + memcpy(sqn, autn, AKA_SQN_LEN); + amf = autn + AKA_SQN_LEN; + mac = autn + AKA_SQN_LEN + AKA_AMF_LEN; + DBG3(DBG_IKE, "received AUTN %b", autn, AKA_AUTN_LEN); + DBG3(DBG_IKE, "received AMF %b", amf, AKA_AMF_LEN); + DBG3(DBG_IKE, "received MAC %b", mac, AKA_MAC_LEN); + + /* generate RES, CK, IK, AK from received RAND */ + DBG3(DBG_IKE, "received RAND %b", rand, AKA_RAND_LEN); + if (!this->f->f2345(this->f, k, opc, rand, res, ck, ik, ak)) + { + return FAILED; + } + *res_len = AKA_RES_LEN; + DBG3(DBG_IKE, "using RES %b", res, AKA_RES_LEN); + DBG3(DBG_IKE, "using CK %b", ck, AKA_CK_LEN); + DBG3(DBG_IKE, "using IK %b", ik, AKA_IK_LEN); + DBG3(DBG_IKE, "using AK %b", ak, AKA_AK_LEN); + + /* XOR anonymity key AK into SQN to decrypt it */ + memxor(sqn, ak, AKA_SQN_LEN); + DBG3(DBG_IKE, "using SQN %b", sqn, AKA_SQN_LEN); + + /* calculate expected MAC and compare against received one */ + if (!this->f->f1(this->f, k, opc, rand, sqn, amf, xmac)) + { + return FAILED; + } + if (!memeq_const(mac, xmac, AKA_MAC_LEN)) + { + DBG1(DBG_IKE, "received MAC does not match XMAC"); + DBG3(DBG_IKE, "MAC %b\nXMAC %b", mac, AKA_MAC_LEN, xmac, AKA_MAC_LEN); + return FAILED; + } + DBG3(DBG_IKE, "MAC equals XMAC %b", mac, AKA_MAC_LEN); + + if (this->seq_check && memcmp(this->sqn, sqn, AKA_SQN_LEN) >= 0) + { + DBG3(DBG_IKE, "received SQN %b\ncurrent SQN %b", + sqn, AKA_SQN_LEN, this->sqn, AKA_SQN_LEN); + return INVALID_STATE; + } + + /* update stored SQN to the received one */ + memcpy(this->sqn, sqn, AKA_SQN_LEN); + + return SUCCESS; +} + +METHOD(simaka_card_t, resync, bool, + private_eap_aka_3gpp_card_t *this, identification_t *id, + char rand[AKA_RAND_LEN], char auts[AKA_AUTS_LEN]) +{ + uint8_t amf[AKA_AMF_LEN], k[AKA_K_LEN], opc[AKA_OPC_LEN], aks[AKA_AK_LEN], + macs[AKA_MAC_LEN]; + + if (!eap_aka_3gpp_get_k_opc(id, k, opc)) + { + DBG1(DBG_IKE, "no EAP key found for %Y to resync AKA", id); + return FALSE; + } + DBG4(DBG_IKE, "EAP key found for id %Y, using K %b and OPc %b to resync AKA", + id, k, AKA_K_LEN, opc, AKA_OPC_LEN); + + /* AMF is set to zero in resync */ + memset(amf, 0, AKA_AMF_LEN); + if (!this->f->f5star(this->f, k, opc, rand, aks) || + !this->f->f1star(this->f, k, opc, rand, this->sqn, amf, macs)) + { + return FALSE; + } + /* AUTS = SQN xor AKS | MACS */ + memcpy(auts, this->sqn, AKA_SQN_LEN); + memxor(auts, aks, AKA_AK_LEN); + memcpy(auts + AKA_AK_LEN, macs, AKA_MAC_LEN); + DBG3(DBG_IKE, "generated AUTS %b", auts, AKA_AUTN_LEN); + + return TRUE; +} + +METHOD(eap_aka_3gpp_card_t, destroy, void, + private_eap_aka_3gpp_card_t *this) +{ + free(this); +} + +/** + * See header + */ +eap_aka_3gpp_card_t *eap_aka_3gpp_card_create(eap_aka_3gpp_functions_t *f) +{ + private_eap_aka_3gpp_card_t *this; + + INIT(this, + .public = { + .card = { + .get_triplet = (void*)return_false, + .get_quintuplet = _get_quintuplet, + .resync = _resync, + .get_pseudonym = (void*)return_null, + .set_pseudonym = (void*)nop, + .get_reauth = (void*)return_null, + .set_reauth = (void*)nop, + }, + .destroy = _destroy, + }, + .f = f, + .seq_check = lib->settings->get_bool(lib->settings, + "%s.plugins.eap-aka-3gpp.seq_check", +#ifdef SEQ_CHECK /* handle legacy compile time configuration as default */ + TRUE, +#else /* !SEQ_CHECK */ + FALSE, +#endif /* SEQ_CHECK */ + lib->ns), + ); + + eap_aka_3gpp_get_sqn(this->sqn, 0); + + return &this->public; +} diff --git a/src/libcharon/plugins/eap_aka_3gpp/eap_aka_3gpp_card.h b/src/libcharon/plugins/eap_aka_3gpp/eap_aka_3gpp_card.h new file mode 100644 index 000000000..0ef90681f --- /dev/null +++ b/src/libcharon/plugins/eap_aka_3gpp/eap_aka_3gpp_card.h @@ -0,0 +1,75 @@ +/* + * Copyright (C) 2008-2009 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ +/* + * Copyright (C) 2015 Thomas Strangert + * Polystar System AB, Sweden + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ + +/** + * @defgroup eap_aka_3gpp_card eap_aka_3gpp_card + * @{ @ingroup eap_aka_3gpp + */ + +#ifndef EAP_AKA_3GPP_CARD_H_ +#define EAP_AKA_3GPP_CARD_H_ + +#include "eap_aka_3gpp_functions.h" + +#include + +typedef struct eap_aka_3gpp_card_t eap_aka_3gpp_card_t; + +/** + * SIM card implementation using a set of AKA functions. + */ +struct eap_aka_3gpp_card_t { + + /** + * Implements simaka_card_t interface + */ + simaka_card_t card; + + /** + * Destroy a eap_aka_3gpp_card_t. + */ + void (*destroy)(eap_aka_3gpp_card_t *this); +}; + +/** + * Create a eap_aka_3gpp_card instance. + * + * @param f AKA functions + */ +eap_aka_3gpp_card_t *eap_aka_3gpp_card_create(eap_aka_3gpp_functions_t *f); + +#endif /** EAP_AKA_3GPP_CARD_H_ @}*/ diff --git a/src/libcharon/plugins/eap_aka_3gpp/eap_aka_3gpp_functions.c b/src/libcharon/plugins/eap_aka_3gpp/eap_aka_3gpp_functions.c new file mode 100644 index 000000000..d017d2c99 --- /dev/null +++ b/src/libcharon/plugins/eap_aka_3gpp/eap_aka_3gpp_functions.c @@ -0,0 +1,364 @@ +/* + * Copyright (C) 2017 Tobias Brunner + * Copyright (C) 2008-2009 Martin Willi + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ +/* + * Copyright (C) 2015 Thomas Strangert + * Polystar System AB, Sweden + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ + +#include "eap_aka_3gpp_functions.h" + +#include +#include +#include + +typedef struct private_eap_aka_3gpp_functions_t private_eap_aka_3gpp_functions_t; + +/** + * Private data of an eap_aka_3gpp_functions_t object. + */ +struct private_eap_aka_3gpp_functions_t { + + /** + * Public eap_aka_3gpp_functions_t interface. + */ + eap_aka_3gpp_functions_t public; + + /** + * AES instance + */ + crypter_t *crypter; +}; + +/* + * Described in header + */ +bool eap_aka_3gpp_get_k_opc(identification_t *id, uint8_t k[AKA_K_LEN], + uint8_t opc[AKA_OPC_LEN]) +{ + shared_key_t *shared; + chunk_t key; + + shared = lib->credmgr->get_shared(lib->credmgr, SHARED_EAP, id, NULL); + if (!shared) + { + return FALSE; + } + key = shared->get_key(shared); + + if (key.len == AKA_K_LEN) + { + memcpy(k, key.ptr, AKA_K_LEN); + /* set OPc to a neutral default value, harmless to XOR with */ + memset(opc, '\0', AKA_OPC_LEN); + } + else if (key.len == AKA_K_LEN + AKA_OPC_LEN) + { + memcpy(k, key.ptr, AKA_K_LEN); + memcpy(opc, key.ptr + AKA_K_LEN, AKA_OPC_LEN); + } + else + { + DBG1(DBG_IKE, "invalid EAP K or K+OPc key found for %Y to authenticate " + "with AKA, should be a %d or %d byte long binary value", id, + AKA_K_LEN, AKA_K_LEN + AKA_OPC_LEN); + shared->destroy(shared); + return FALSE; + } + shared->destroy(shared); + return TRUE; +} + +/* + * Described in header + */ +void eap_aka_3gpp_get_sqn(uint8_t sqn[AKA_SQN_LEN], int offset) +{ + timeval_t time; + + gettimeofday(&time, NULL); + /* set sqn to an integer containing 4 bytes seconds + 2 bytes usecs */ + time.tv_sec = htonl(time.tv_sec + offset); + /* usec's are never larger than 0x000f423f, so we shift the 12 first bits */ + time.tv_usec = htonl(time.tv_usec << 12); + memcpy(sqn, (uint8_t*)&time.tv_sec + sizeof(time_t) - 4, 4); + memcpy(sqn + 4, &time.tv_usec, 2); +} + +static bool f1andf1star(private_eap_aka_3gpp_functions_t *this, + const uint8_t k[AKA_K_LEN], const uint8_t opc[AKA_OPC_LEN], + const uint8_t rand[AKA_RAND_LEN], const uint8_t sqn[AKA_SQN_LEN], + const uint8_t amf[AKA_AMF_LEN], uint8_t mac[16]) +{ + uint8_t i, data[16], in[16], iv[16] = { 0 }; + + if (!this->crypter->set_key(this->crypter, + chunk_create((uint8_t*)k, AKA_K_LEN))) + { + return FALSE; + } + + /* XOR RAND and OPc */ + memcpy(data, rand, sizeof(data)); + memxor(data, opc, sizeof(data)); + if (!this->crypter->encrypt(this->crypter, chunk_create(data, sizeof(data)), + chunk_create(iv, sizeof(iv)), NULL)) + { + return FALSE; + } + + /* concatenate SQN || AMF ||SQN || AMF */ + memcpy(in, sqn, 6); + memcpy(&in[6], amf, 2); + memcpy(&in[8], in, 8); + + /* XOR opc and in, rotate by r1=64, and XOR + * on the constant c1 (which is all zeroes) and finally the output above */ + for (i = 0; i < 16; i++) + { + data[(i + 8) % 16] ^= in[i] ^ opc[i]; + } + if (!this->crypter->encrypt(this->crypter, chunk_create(data, sizeof(data)), + chunk_create(iv, sizeof(iv)), NULL)) + { + return FALSE; + } + memxor(data, opc, sizeof(data)); + memcpy(mac, data, 16); + return TRUE; +} + +METHOD(eap_aka_3gpp_functions_t, f1, bool, + private_eap_aka_3gpp_functions_t *this, const uint8_t k[AKA_K_LEN], + const uint8_t opc[AKA_OPC_LEN], const uint8_t rand[AKA_RAND_LEN], + const uint8_t sqn[AKA_SQN_LEN], const uint8_t amf[AKA_AMF_LEN], + uint8_t maca[AKA_MAC_LEN]) +{ + uint8_t mac[16]; + + if (!f1andf1star(this, k, opc, rand, sqn, amf, mac)) + { + return FALSE; + } + /* only diff between f1 and f1* is here: + * f1 uses bytes 0-7 as MAC-A + * f1* uses bytes 8-15 as MAC-S */ + memcpy(maca, mac, AKA_MAC_LEN); + return TRUE; +} + +METHOD(eap_aka_3gpp_functions_t, f1star, bool, + private_eap_aka_3gpp_functions_t *this, const uint8_t k[AKA_K_LEN], + const uint8_t opc[AKA_OPC_LEN], const uint8_t rand[AKA_RAND_LEN], + const uint8_t sqn[AKA_SQN_LEN], const uint8_t amf[AKA_AMF_LEN], + uint8_t macs[AKA_MAC_LEN]) +{ + uint8_t mac[16]; + + if (!f1andf1star(this, k, opc, rand, sqn, amf, mac)) + { + return FALSE; + } + /* only diff between f1 and f1* is here: + * f1 uses bytes 0-7 as MAC-A + * f1* uses bytes 8-15 as MAC-S */ + memcpy(macs, &mac[8], AKA_MAC_LEN); + return TRUE; +} + +METHOD(eap_aka_3gpp_functions_t, f2345, bool, + private_eap_aka_3gpp_functions_t *this, const uint8_t k[AKA_K_LEN], + const uint8_t opc[AKA_OPC_LEN], const uint8_t rand[AKA_RAND_LEN], + uint8_t res[AKA_RES_LEN], uint8_t ck[AKA_CK_LEN], uint8_t ik[AKA_IK_LEN], + uint8_t ak[AKA_AK_LEN]) +{ + uint8_t data[16], iv[16] = { 0 }; + chunk_t temp; + uint8_t i; + + if (!this->crypter->set_key(this->crypter, + chunk_create((uint8_t*)k, AKA_K_LEN))) + { + return FALSE; + } + + /* XOR RAND and OPc */ + memcpy(data, rand, sizeof(data)); + memxor(data, opc, sizeof(data)); + if (!this->crypter->encrypt(this->crypter, chunk_create(data, sizeof(data)), + chunk_create(iv, sizeof(iv)), &temp)) + { + return FALSE; + } + + /* to obtain output block OUT2: XOR OPc and TEMP, + * rotate by r2=0, and XOR on the constant c2 (which is all zeroes except + * that the last bit is 1). */ + for (i = 0; i < 16; i++) + { + data[i] = temp.ptr[i] ^ opc[i]; + } + data[15] ^= 1; + + if (!this->crypter->encrypt(this->crypter, chunk_create(data, sizeof(data)), + chunk_create(iv, sizeof(iv)), NULL)) + { + chunk_free(&temp); + return FALSE; + } + memxor(data, opc, sizeof(data)); + + /* f5 output */ + memcpy(ak, data, 6); + /* f2 output */ + memcpy(res, &data[8], 8); + + /* to obtain output block OUT3: XOR OPc and TEMP, + * rotate by r3=32, and XOR on the constant c3 (which + * is all zeroes except that the next to last bit is 1) */ + for (i = 0; i < 16; i++) + { + data[(i + 12) % 16] = temp.ptr[i] ^ opc[i]; + } + data[15] ^= 2; + + if (!this->crypter->encrypt(this->crypter, chunk_create(data, sizeof(data)), + chunk_create(iv, sizeof(iv)), NULL)) + { + chunk_free(&temp); + return FALSE; + } + memxor(data, opc, sizeof(data)); + + /* f3 output */ + memcpy(ck, data, 16); + + /* to obtain output block OUT4: XOR OPc and TEMP, + * rotate by r4=64, and XOR on the constant c4 (which + * is all zeroes except that the 2nd from last bit is 1). */ + for (i = 0; i < 16; i++) + { + data[(i + 8) % 16] = temp.ptr[i] ^ opc[i]; + } + data[15] ^= 4; + + if (!this->crypter->encrypt(this->crypter, chunk_create(data, sizeof(data)), + chunk_create(iv, sizeof(iv)), NULL)) + { + chunk_free(&temp); + return FALSE; + } + memxor(data, opc, sizeof(data)); + /* f4 output */ + memcpy(ik, data, 16); + chunk_free(&temp); + return TRUE; + +} + +METHOD(eap_aka_3gpp_functions_t, f5star, bool, + private_eap_aka_3gpp_functions_t *this, const uint8_t k[AKA_K_LEN], + const uint8_t opc[AKA_OPC_LEN], const uint8_t rand[AKA_RAND_LEN], + uint8_t aks[AKA_AK_LEN]) +{ + uint8_t i, data[16], iv[16] = { 0 }; + chunk_t temp; + + if (!this->crypter->set_key(this->crypter, + chunk_create((uint8_t*)k, AKA_K_LEN))) + { + return FALSE; + } + + /* XOR RAND and OPc */ + memcpy(data, rand, sizeof(data)); + memxor(data, opc, sizeof(data)); + if (!this->crypter->encrypt(this->crypter, chunk_create(data, sizeof(data)), + chunk_create(iv, sizeof(iv)), &temp)) + { + return FALSE; + } + + /* to obtain output block OUT5: XOR OPc and the output above, + * rotate by r5=96, and XOR on the constant c5 (which + * is all zeroes except that the 3rd from last bit is 1). */ + for (i = 0; i < 16; i++) + { + data[(i + 4) % 16] = temp.ptr[i] ^ opc[i]; + } + data[15] ^= 8; + chunk_free(&temp); + + if (!this->crypter->encrypt(this->crypter, chunk_create(data, sizeof(data)), + chunk_create(iv, sizeof(iv)), NULL)) + { + return FALSE; + } + memxor(data, opc, sizeof(data)); + memcpy(aks, data, 6); + return TRUE; +} + +METHOD(eap_aka_3gpp_functions_t, destroy, void, + private_eap_aka_3gpp_functions_t *this) +{ + this->crypter->destroy(this->crypter); + free(this); +} + +/** + * See header + */ +eap_aka_3gpp_functions_t *eap_aka_3gpp_functions_create() +{ + private_eap_aka_3gpp_functions_t *this; + + INIT(this, + .public = { + .f1 = _f1, + .f1star = _f1star, + .f2345 = _f2345, + .f5star = _f5star, + .destroy = _destroy, + }, + .crypter = lib->crypto->create_crypter(lib->crypto, ENCR_AES_CBC, 16), + ); + if (!this->crypter) + { + DBG1(DBG_IKE, "%N not supported, unable to use 3GPP algorithm", + encryption_algorithm_names, ENCR_AES_CBC); + free(this); + return NULL; + } + return &this->public; +} diff --git a/src/libcharon/plugins/eap_aka_3gpp/eap_aka_3gpp_functions.h b/src/libcharon/plugins/eap_aka_3gpp/eap_aka_3gpp_functions.h new file mode 100644 index 000000000..c089cd385 --- /dev/null +++ b/src/libcharon/plugins/eap_aka_3gpp/eap_aka_3gpp_functions.h @@ -0,0 +1,172 @@ +/* + * Copyright (C) 2008-2009 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ +/* + * Copyright (C) 2015 Thomas Strangert + * Polystar System AB, Sweden + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ + +/** + * @defgroup eap_aka_3gpp_functions eap_aka_3gpp_functions + * @{ @ingroup eap_aka_3gpp + */ + +#ifndef EAP_AKA_3GPP_FUNCTIONS_H_ +#define EAP_AKA_3GPP_FUNCTIONS_H_ + +#include +#include +#include "eap_aka_3gpp_plugin.h" + +#define AKA_SQN_LEN 6 +#define AKA_K_LEN 16 +#define AKA_OPC_LEN 16 +#define AKA_MAC_LEN 8 +#define AKA_AK_LEN 6 +#define AKA_AMF_LEN 2 +#define AKA_RES_LEN 8 + +typedef struct eap_aka_3gpp_functions_t eap_aka_3gpp_functions_t; + +/** + * Get a shared key K and OPc of a particular user from the credential database. + * + * @param id user identity + * @param[out] k (16 byte) scratchpad to receive secret key K + * @param[out] opc (16 byte) scratchpad to receive operator variant key + * derivate OPc + */ +bool eap_aka_3gpp_get_k_opc(identification_t *id, uint8_t k[AKA_K_LEN], + uint8_t opc[AKA_OPC_LEN]); + +/** + * Get SQN using current time. Only used when creating/initializing + * an eap_aka_3gpp_card_t or eap_aka_3gpp_provider_t object. + * + * @param offset time offset to add to current time to avoid initial + * SQN resync + * @param[out] sqn (6 byte) scratchpad to receive generated SQN + */ +void eap_aka_3gpp_get_sqn(uint8_t sqn[AKA_SQN_LEN], int offset); + +/** + * f1, f1*(), f2345() and f5*() functions from 3GPP as specified + * in the TS 35.205, .206, .207, .208 standards. + */ +struct eap_aka_3gpp_functions_t { + + /** + * f1 : Calculate MAC-A from RAND, SQN, AMF using K and OPc + * + * @param k (128 bit) secret key K + * @param opc (128 bit) operator variant key derivate OPc + * @param rand (128 bit) random value RAND + * @param sqn (48 bit) sequence number SQN + * @param amf (16 bit) authentication management field AMF + * @param[out] maca (64 bit) scratchpad to receive network auth code MAC-A + * @return TRUE if calculations successful + */ + bool (*f1)(eap_aka_3gpp_functions_t *this, + const uint8_t k[AKA_K_LEN], const uint8_t opc[AKA_OPC_LEN], + const uint8_t rand[AKA_RAND_LEN], const uint8_t sqn[AKA_SQN_LEN], + const uint8_t amf[AKA_AMF_LEN], + uint8_t maca[AKA_MAC_LEN]); + + + /** + * f1* : Calculate MAC-S from RAND, SQN, AMF using K and OPc + * + * @param k (128 bit) secret key K + * @param opc (128 bit) operator variant key derivate OPc + * @param rand (128 bit) random value RAND + * @param sqn (48 bit) sequence number SQN + * @param amf (16 bit) authentication management field AMF + * @param[out] macs (64 bit) scratchpad to receive resync auth code MAC-S + * @return TRUE if calculations successful + */ + bool (*f1star)(eap_aka_3gpp_functions_t *this, + const uint8_t k[AKA_K_LEN], const uint8_t opc[AKA_OPC_LEN], + const uint8_t rand[AKA_RAND_LEN], const uint8_t sqn[AKA_SQN_LEN], + const uint8_t amf[AKA_AMF_LEN], + uint8_t macs[AKA_MAC_LEN]); + + /** + * f2345 : Do f2, f3, f4 and f5 in a single scoop, where: + * f2 : Calculates RES from RAND using K and OPc + * f3 : Calculates CK from RAND using K and OPc + * f4 : Calculates IK from RAND using K and OPc + * f5 : Calculates AK from RAND using K and OPc + * + * @param k (128 bit) secret key K + * @param opc (128 bit) operator variant key derivate OPc + * @param rand (128 bit) random value RAND + * @param[out] res (64 bit) scratchpad to receive signed response RES + * @param[out] ck (128 bit) scratchpad to receive encryption key CK + * @param[out] ik (128 bit) scratchpad to receive integrity key IK + * @param[out] ak (48 bit) scratchpad to receive anonymity key AK + * @return TRUE if calculations successful + */ + bool (*f2345)(eap_aka_3gpp_functions_t *this, + const uint8_t k[AKA_K_LEN], const uint8_t opc[AKA_OPC_LEN], + const uint8_t rand[AKA_RAND_LEN], + uint8_t res[AKA_RES_LEN], uint8_t ck[AKA_CK_LEN], + uint8_t ik[AKA_IK_LEN], uint8_t ak[AKA_AK_LEN]); + + + /** + * f5* : Calculates resync AKS from RAND using K and OPc + * + * @param k (128 bit) secret key K + * @param opc (128 bit) operator variant key derivate OPc + * @param rand (128 bit) random value RAND + * @param[out] aks (48 bit) scratchpad to receive resync anonymity key AKS + * @return TRUE if calculations successful + */ + bool (*f5star)(eap_aka_3gpp_functions_t *this, + const uint8_t k[AKA_K_LEN], const uint8_t opc[AKA_OPC_LEN], + const uint8_t rand[AKA_RAND_LEN], + uint8_t aks[AKA_AK_LEN]); + + /** + * Destroy a eap_aka_3gpp_functions_t. + */ + void (*destroy)(eap_aka_3gpp_functions_t *this); +}; + +/** + * Create a eap_aka_3gpp_functions instance. + * + * @return function set, NULL on error + */ +eap_aka_3gpp_functions_t *eap_aka_3gpp_functions_create(); + +#endif /** EAP_AKA_3GPP_FUNCTIONS_H_ @}*/ diff --git a/src/libcharon/plugins/eap_aka_3gpp/eap_aka_3gpp_plugin.c b/src/libcharon/plugins/eap_aka_3gpp/eap_aka_3gpp_plugin.c new file mode 100644 index 000000000..3d0e06146 --- /dev/null +++ b/src/libcharon/plugins/eap_aka_3gpp/eap_aka_3gpp_plugin.c @@ -0,0 +1,164 @@ +/* + * Copyright (C) 2008-2009 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ +/* + * Copyright (C) 2015 Thomas Strangert + * Polystar System AB, Sweden + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ + +#include "eap_aka_3gpp_plugin.h" +#include "eap_aka_3gpp_card.h" +#include "eap_aka_3gpp_provider.h" +#include "eap_aka_3gpp_functions.h" + +#include + +typedef struct private_eap_aka_3gpp_t private_eap_aka_3gpp_t; + +/** + * Private data of an eap_aka_3gpp_t object. + */ +struct private_eap_aka_3gpp_t { + + /** + * Public eap_aka_3gpp_plugin_t interface. + */ + eap_aka_3gpp_plugin_t public; + + /** + * USIM/EAP-AKA card + */ + eap_aka_3gpp_card_t *card; + + /** + * EAP-AKA provider + */ + eap_aka_3gpp_provider_t *provider; + + /** + * AKA functions + */ + eap_aka_3gpp_functions_t *functions; +}; + +METHOD(plugin_t, get_name, char*, + private_eap_aka_3gpp_t *this) +{ + return "eap-aka-3gpp"; +} + +/** + * Try to instanciate ea_aka_3gpp functions and card/provider backends + */ +static bool register_functions(private_eap_aka_3gpp_t *this, + plugin_feature_t *feature, bool reg, void *data) +{ + if (reg) + { + this->functions = eap_aka_3gpp_functions_create(); + if (!this->functions) + { + return FALSE; + } + this->card = eap_aka_3gpp_card_create(this->functions); + this->provider = eap_aka_3gpp_provider_create(this->functions); + return TRUE; + } + this->card->destroy(this->card); + this->provider->destroy(this->provider); + this->functions->destroy(this->functions); + this->card = NULL; + this->provider = NULL; + this->functions = NULL; + return TRUE; +} + +/** + * Callback providing our card to register + */ +static simaka_card_t* get_card(private_eap_aka_3gpp_t *this) +{ + return &this->card->card; +} + +/** + * Callback providing our provider to register + */ +static simaka_provider_t* get_provider(private_eap_aka_3gpp_t *this) +{ + return &this->provider->provider; +} + +METHOD(plugin_t, get_features, int, + private_eap_aka_3gpp_t *this, plugin_feature_t *features[]) +{ + static plugin_feature_t f[] = { + PLUGIN_CALLBACK((void*)register_functions, NULL), + PLUGIN_PROVIDE(CUSTOM, "eap-aka-3gpp-functions"), + PLUGIN_DEPENDS(CRYPTER, ENCR_AES_CBC, 16), + PLUGIN_CALLBACK(simaka_manager_register, get_card), + PLUGIN_PROVIDE(CUSTOM, "aka-card"), + PLUGIN_DEPENDS(CUSTOM, "aka-manager"), + PLUGIN_DEPENDS(CUSTOM, "eap-aka-3gpp-functions"), + PLUGIN_CALLBACK(simaka_manager_register, get_provider), + PLUGIN_PROVIDE(CUSTOM, "aka-provider"), + PLUGIN_DEPENDS(CUSTOM, "aka-manager"), + PLUGIN_DEPENDS(CUSTOM, "eap-aka-3gpp-functions"), + }; + *features = f; + return countof(f); +} + +METHOD(plugin_t, destroy, void, private_eap_aka_3gpp_t *this) +{ + free(this); +} + +/** + * See header + */ +plugin_t *eap_aka_3gpp_plugin_create() +{ + private_eap_aka_3gpp_t *this; + + INIT(this, + .public = { + .plugin = { + .get_name = _get_name, + .get_features = _get_features, + .destroy = _destroy, + }, + }, + ); + + return &this->public.plugin; +} diff --git a/src/libcharon/plugins/eap_aka_3gpp/eap_aka_3gpp_plugin.h b/src/libcharon/plugins/eap_aka_3gpp/eap_aka_3gpp_plugin.h new file mode 100644 index 000000000..e101f4be6 --- /dev/null +++ b/src/libcharon/plugins/eap_aka_3gpp/eap_aka_3gpp_plugin.h @@ -0,0 +1,89 @@ +/* + * Copyright (C) 2008-2009 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ +/* + * Copyright (C) 2015 Thomas Strangert + * Polystar System AB, Sweden + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ + +/** + * @defgroup eap_aka_3gpp eap_aka_3gpp + * @ingroup cplugins + * + * @defgroup eap_aka_3gpp_plugin eap_aka_3gpp_plugin + * @{ @ingroup eap_aka_3gpp + */ + +#ifndef EAP_AKA_3GPP_PLUGIN_H_ +#define EAP_AKA_3GPP_PLUGIN_H_ + +#include + +typedef struct eap_aka_3gpp_plugin_t eap_aka_3gpp_plugin_t; + +/** + * Plugin to provide a USIM card/provider according to the 3GPP standard. + * + * This plugin implements the 3GPP standards TS 35.205, .206, .207, .208 + * completely in software using the MILENAGE algorithm. + * The shared keys used for authentication (K, OPc) are from ipsec.secrets. + * The peers ID is used to query it. + * + * To enable SEQ sequence check by default define SEQ_CHECK. Left undefined/off, + * it makes the USIM 'card' to accept any SEQ number, not comparing received + * SQN with its own locally stored value. This potentially allows an attacker + * to do replay attacks. But since the server has proven his identity via IKE, + * such an attack is only possible between server and AAA (if any). + * Note that SEQ_CHECK only controls the compile-time default behaviour, + * but the run-time behaviour can always be controlled by setting the + * charon.plugins.eap-aka-3gpp.seq_check config variable. + */ +struct eap_aka_3gpp_plugin_t { + + /** + * implements plugin interface + */ + plugin_t plugin; +}; + +/** + * The AKA mechanism uses sequence numbers to detect replay attacks. The + * peer stores the sequence number normally in a USIM and accepts + * incremental sequence numbers (incremental for lifetime of the USIM). To + * prevent a complex sequence number management, this implementation uses + * a sequence number derived from time. It is initialized to the startup + * time of the daemon. On the provider side, an offset can optionally be + * added to allow for a time sqew towards the card side. + */ +#define SQN_TIME_OFFSET 180 + +#endif /** EAP_AKA_3GPP_PLUGIN_H_ @}*/ diff --git a/src/libcharon/plugins/eap_aka_3gpp/eap_aka_3gpp_provider.c b/src/libcharon/plugins/eap_aka_3gpp/eap_aka_3gpp_provider.c new file mode 100644 index 000000000..d5112d390 --- /dev/null +++ b/src/libcharon/plugins/eap_aka_3gpp/eap_aka_3gpp_provider.c @@ -0,0 +1,205 @@ +/* + * Copyright (C) 2008-2009 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ +/* + * Copyright (C) 2015 Thomas Strangert + * Polystar System AB, Sweden + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ + +#include "eap_aka_3gpp_provider.h" + +#include + +typedef struct private_eap_aka_3gpp_provider_t private_eap_aka_3gpp_provider_t; + +/** + * Private data of an eap_aka_3gpp_provider_t object. + */ +struct private_eap_aka_3gpp_provider_t { + + /** + * Public eap_aka_3gpp_provider_t interface. + */ + eap_aka_3gpp_provider_t public; + + /** + * AKA functions + */ + eap_aka_3gpp_functions_t *f; + + /** + * time based SQN, we use the same for all peers + */ + uint8_t sqn[AKA_SQN_LEN]; +}; + +/** Authentication management field, AMF, as defined in 3GPP TS 33.102 V12.2.0 + * + * The 16 bits in the AMF are numbered from "0" to "15" where bit "0" is + * the most significant bit and bit "15" is the least significant bit. + * Bit "0" is called the "AMF separation bit". It is used for the purposes + * of EPS (Evolved Packet System) and is specified in + * - TS 33.401 [28] for E-UTRAN access to EPS; + * - TS 33.402 [29] for non-3GPP access to EPS. + * Bits "1" to "7" are reserved for future standardization use. + * Bits "1" to "7" shall be set to 0 while not yet specified for a particular use. + * Bits "8" to "15" can be used for proprietary purposes. + */ +static const uint8_t amf[AKA_AMF_LEN] = {0x80, 0x00}; + +METHOD(simaka_provider_t, get_quintuplet, bool, + private_eap_aka_3gpp_provider_t *this, identification_t *id, + char rand[AKA_RAND_LEN], char xres[AKA_RES_MAX], int *xres_len, + char ck[AKA_CK_LEN], char ik[AKA_IK_LEN], char autn[AKA_AUTN_LEN]) +{ + rng_t *rng; + uint8_t maca[AKA_MAC_LEN], ak[AKA_AK_LEN], k[AKA_K_LEN], opc[AKA_OPC_LEN]; + + /* generate RAND: we use a RNG already registered as f0(). */ + rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK); + if (!rng || !rng->get_bytes(rng, AKA_RAND_LEN, rand)) + { + DBG1(DBG_IKE, "generating RAND for AKA failed"); + DESTROY_IF(rng); + return FALSE; + } + rng->destroy(rng); + DBG3(DBG_IKE, "generated rand %b", rand, AKA_RAND_LEN); + + if (!eap_aka_3gpp_get_k_opc(id, k, opc)) + { + DBG1(DBG_IKE, "no EAP key found for %Y to authenticate with AKA", id); + return FALSE; + } + DBG4(DBG_IKE, "EAP key found for id %Y, using K %b and OPc %b", id, k, + AKA_K_LEN, opc, AKA_OPC_LEN); + + /* generate MAC and XRES, CK, IK, AK */ + if (!this->f->f1(this->f, k, opc, rand, this->sqn, amf, maca) || + !this->f->f2345(this->f, k, opc, rand, xres, ck, ik, ak)) + { + return FALSE; + } + *xres_len = AKA_RES_LEN; + + /* create AUTN = (SQN xor AK) || AMF || MAC */ + memcpy(autn, this->sqn, AKA_SQN_LEN); + memxor(autn, ak, AKA_AK_LEN); + memcpy(autn + AKA_SQN_LEN, amf, AKA_AMF_LEN); + memcpy(autn + AKA_SQN_LEN + AKA_AMF_LEN, maca, AKA_MAC_LEN); + DBG3(DBG_IKE, "AUTN %b", autn, AKA_AUTN_LEN); + + chunk_increment(chunk_create(this->sqn, AKA_SQN_LEN)); + + return TRUE; +} + +METHOD(simaka_provider_t, resync, bool, + private_eap_aka_3gpp_provider_t *this, identification_t *id, + char rand[AKA_RAND_LEN], char auts[AKA_AUTS_LEN]) +{ + uint8_t *sqn, *macs; + uint8_t aks[AKA_AK_LEN], k[AKA_K_LEN], opc[AKA_OPC_LEN], amfs[AKA_AMF_LEN], + xmacs[AKA_MAC_LEN]; + + if (!eap_aka_3gpp_get_k_opc(id, k, opc)) + { + DBG1(DBG_IKE, "no EAP key found for %Y to authenticate with AKA", id); + return FALSE; + } + DBG4(DBG_IKE, "EAP key found for id %Y, using K %b and OPc %b", id, k, + AKA_K_LEN, opc, AKA_OPC_LEN); + + /* get SQNms out of the AUTS the card created as: + * AUTS = (SQNms xor AKS) || MAC-S */ + sqn = auts; + macs = auts + AKA_SQN_LEN; + if (!this->f->f5star(this->f, k, opc, rand, aks)) + { + return FALSE; + } + memxor(sqn, aks, AKA_AK_LEN); + + /* generate resync XMAC-S... */ + memset(amfs, 0, AKA_AMF_LEN); + if (!this->f->f1star(this->f, k, opc, rand, sqn, amfs, xmacs)) + { + return FALSE; + } + /* ...and compare it with the card's MAC-S */ + if (!memeq_const(xmacs, macs, AKA_MAC_LEN)) + { + DBG1(DBG_IKE, "received MACS does not match XMACS"); + DBG3(DBG_IKE, "MACS %b XMACS %b", + macs, AKA_MAC_LEN, xmacs, AKA_MAC_LEN); + return FALSE; + } + /* update stored SQN to received SQN + 1 */ + memcpy(this->sqn, sqn, AKA_SQN_LEN); + chunk_increment(chunk_create(this->sqn, AKA_SQN_LEN)); + return TRUE; +} + +METHOD(eap_aka_3gpp_provider_t, destroy, void, + private_eap_aka_3gpp_provider_t *this) +{ + free(this); +} + +/** + * See header + */ +eap_aka_3gpp_provider_t *eap_aka_3gpp_provider_create( + eap_aka_3gpp_functions_t *f) +{ + private_eap_aka_3gpp_provider_t *this; + + INIT(this, + .public = { + .provider = { + .get_triplet = (void*)return_false, + .get_quintuplet = _get_quintuplet, + .resync = _resync, + .is_pseudonym = (void*)return_null, + .gen_pseudonym = (void*)return_null, + .is_reauth = (void*)return_null, + .gen_reauth = (void*)return_null, + }, + .destroy = _destroy, + }, + .f = f, + ); + /* use an offset to accept clock skew between client/server without resync */ + eap_aka_3gpp_get_sqn(this->sqn, SQN_TIME_OFFSET); + + return &this->public; +} diff --git a/src/libcharon/plugins/eap_aka_3gpp/eap_aka_3gpp_provider.h b/src/libcharon/plugins/eap_aka_3gpp/eap_aka_3gpp_provider.h new file mode 100644 index 000000000..6af8b4b4f --- /dev/null +++ b/src/libcharon/plugins/eap_aka_3gpp/eap_aka_3gpp_provider.h @@ -0,0 +1,74 @@ +/* + * Copyright (C) 2008-2009 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ +/* + * Copyright (C) 2015 Thomas Strangert + * Polystar System AB, Sweden + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ + +/** + * @defgroup eap_aka_3gpp_provider eap_aka_3gpp_provider + * @{ @ingroup eap_aka_3gpp + */ + +#ifndef EAP_AKA_3GPP_PROVIDER_H_ +#define EAP_AKA_3GPP_PROVIDER_H_ + +#include "eap_aka_3gpp_functions.h" + +#include + +typedef struct eap_aka_3gpp_provider_t eap_aka_3gpp_provider_t; + +/** + * SIM provider implementation using a set of AKA functions. + */ +struct eap_aka_3gpp_provider_t { + + /** + * Implements simaka_provider_t interface. + */ + simaka_provider_t provider; + + /** + * Destroy a eap_aka_3gpp_provider_t. + */ + void (*destroy)(eap_aka_3gpp_provider_t *this); +}; + +/** + * Create a eap_aka_3gpp_provider instance. + */ +eap_aka_3gpp_provider_t *eap_aka_3gpp_provider_create( + eap_aka_3gpp_functions_t *f); + +#endif /** EAP_AKA_3GPP_PROVIDER_H_ @}*/ diff --git a/src/libcharon/plugins/eap_aka_3gpp2/Makefile.in b/src/libcharon/plugins/eap_aka_3gpp2/Makefile.in index 478225562..a14afbc55 100644 --- a/src/libcharon/plugins/eap_aka_3gpp2/Makefile.in +++ b/src/libcharon/plugins/eap_aka_3gpp2/Makefile.in @@ -315,8 +315,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -417,6 +415,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -445,6 +445,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/eap_dynamic/Makefile.in b/src/libcharon/plugins/eap_dynamic/Makefile.in index 2591dee55..e6427106a 100644 --- a/src/libcharon/plugins/eap_dynamic/Makefile.in +++ b/src/libcharon/plugins/eap_dynamic/Makefile.in @@ -313,8 +313,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -415,6 +413,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -443,6 +443,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/eap_gtc/Makefile.in b/src/libcharon/plugins/eap_gtc/Makefile.in index 08d8ef8f6..0075513b2 100644 --- a/src/libcharon/plugins/eap_gtc/Makefile.in +++ b/src/libcharon/plugins/eap_gtc/Makefile.in @@ -312,8 +312,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -414,6 +412,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -442,6 +442,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/eap_identity/Makefile.in b/src/libcharon/plugins/eap_identity/Makefile.in index 4859833ba..7481fe377 100644 --- a/src/libcharon/plugins/eap_identity/Makefile.in +++ b/src/libcharon/plugins/eap_identity/Makefile.in @@ -313,8 +313,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -415,6 +413,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -443,6 +443,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/eap_md5/Makefile.in b/src/libcharon/plugins/eap_md5/Makefile.in index 796d42f14..f26a58550 100644 --- a/src/libcharon/plugins/eap_md5/Makefile.in +++ b/src/libcharon/plugins/eap_md5/Makefile.in @@ -312,8 +312,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -414,6 +412,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -442,6 +442,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/eap_mschapv2/Makefile.in b/src/libcharon/plugins/eap_mschapv2/Makefile.in index 00a9f73da..abc3081b8 100644 --- a/src/libcharon/plugins/eap_mschapv2/Makefile.in +++ b/src/libcharon/plugins/eap_mschapv2/Makefile.in @@ -313,8 +313,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -415,6 +413,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -443,6 +443,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/eap_peap/Makefile.in b/src/libcharon/plugins/eap_peap/Makefile.in index df3c2eae2..8e8597cab 100644 --- a/src/libcharon/plugins/eap_peap/Makefile.in +++ b/src/libcharon/plugins/eap_peap/Makefile.in @@ -314,8 +314,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -416,6 +414,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -444,6 +444,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/eap_radius/Makefile.in b/src/libcharon/plugins/eap_radius/Makefile.in index d8ebeb8b5..938243394 100644 --- a/src/libcharon/plugins/eap_radius/Makefile.in +++ b/src/libcharon/plugins/eap_radius/Makefile.in @@ -315,8 +315,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -417,6 +415,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -445,6 +445,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/eap_radius/eap_radius_accounting.c b/src/libcharon/plugins/eap_radius/eap_radius_accounting.c index 0c302af51..e1f5be06a 100644 --- a/src/libcharon/plugins/eap_radius/eap_radius_accounting.c +++ b/src/libcharon/plugins/eap_radius/eap_radius_accounting.c @@ -477,7 +477,7 @@ static entry_t* get_or_create_entry(private_eap_radius_accounting_t *this, .interim = { .last = now, }, - /* default terminate cause, if none other catched */ + /* default terminate cause, if none other caught */ .cause = ACCT_CAUSE_USER_REQUEST, ); snprintf(entry->sid, sizeof(entry->sid), "%u-%u", this->prefix, unique); diff --git a/src/libcharon/plugins/eap_sim/Makefile.in b/src/libcharon/plugins/eap_sim/Makefile.in index 6c2584ae4..f7b2d3e2d 100644 --- a/src/libcharon/plugins/eap_sim/Makefile.in +++ b/src/libcharon/plugins/eap_sim/Makefile.in @@ -314,8 +314,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -416,6 +414,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -444,6 +444,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/eap_sim_file/Makefile.in b/src/libcharon/plugins/eap_sim_file/Makefile.in index b2473725a..a78155080 100644 --- a/src/libcharon/plugins/eap_sim_file/Makefile.in +++ b/src/libcharon/plugins/eap_sim_file/Makefile.in @@ -315,8 +315,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -417,6 +415,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -445,6 +445,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/eap_sim_pcsc/Makefile.in b/src/libcharon/plugins/eap_sim_pcsc/Makefile.in index 88c31a95e..28e7b4612 100644 --- a/src/libcharon/plugins/eap_sim_pcsc/Makefile.in +++ b/src/libcharon/plugins/eap_sim_pcsc/Makefile.in @@ -316,8 +316,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -418,6 +416,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -446,6 +446,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/eap_simaka_pseudonym/Makefile.in b/src/libcharon/plugins/eap_simaka_pseudonym/Makefile.in index 62c8ca11e..98d4fe9cc 100644 --- a/src/libcharon/plugins/eap_simaka_pseudonym/Makefile.in +++ b/src/libcharon/plugins/eap_simaka_pseudonym/Makefile.in @@ -316,8 +316,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -418,6 +416,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -446,6 +446,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/eap_simaka_reauth/Makefile.in b/src/libcharon/plugins/eap_simaka_reauth/Makefile.in index ef20102bb..539dc657e 100644 --- a/src/libcharon/plugins/eap_simaka_reauth/Makefile.in +++ b/src/libcharon/plugins/eap_simaka_reauth/Makefile.in @@ -315,8 +315,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -417,6 +415,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -445,6 +445,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/eap_simaka_sql/Makefile.in b/src/libcharon/plugins/eap_simaka_sql/Makefile.in index c9af52fa9..284178e13 100644 --- a/src/libcharon/plugins/eap_simaka_sql/Makefile.in +++ b/src/libcharon/plugins/eap_simaka_sql/Makefile.in @@ -314,8 +314,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -416,6 +414,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -444,6 +444,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/eap_tls/Makefile.in b/src/libcharon/plugins/eap_tls/Makefile.in index dfe6d8b03..9e69e068c 100644 --- a/src/libcharon/plugins/eap_tls/Makefile.in +++ b/src/libcharon/plugins/eap_tls/Makefile.in @@ -313,8 +313,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -415,6 +413,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -443,6 +443,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/eap_tnc/Makefile.in b/src/libcharon/plugins/eap_tnc/Makefile.in index 902d79d76..6f5d3a466 100644 --- a/src/libcharon/plugins/eap_tnc/Makefile.in +++ b/src/libcharon/plugins/eap_tnc/Makefile.in @@ -314,8 +314,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -416,6 +414,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -444,6 +444,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/eap_ttls/Makefile.in b/src/libcharon/plugins/eap_ttls/Makefile.in index 53fb187fd..5a9310a7d 100644 --- a/src/libcharon/plugins/eap_ttls/Makefile.in +++ b/src/libcharon/plugins/eap_ttls/Makefile.in @@ -315,8 +315,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -417,6 +415,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -445,6 +445,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/error_notify/Makefile.in b/src/libcharon/plugins/error_notify/Makefile.in index 1514f4011..7322bc036 100644 --- a/src/libcharon/plugins/error_notify/Makefile.in +++ b/src/libcharon/plugins/error_notify/Makefile.in @@ -321,8 +321,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -423,6 +421,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -451,6 +451,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/error_notify/error_notify_socket.c b/src/libcharon/plugins/error_notify/error_notify_socket.c index 959c4c67d..6b9622ae3 100644 --- a/src/libcharon/plugins/error_notify/error_notify_socket.c +++ b/src/libcharon/plugins/error_notify/error_notify_socket.c @@ -94,7 +94,6 @@ METHOD(error_notify_socket_t, notify, void, DBG1(DBG_CFG, "sending notify failed: %s", strerror(errno)); break; } - break; } } enumerator->destroy(enumerator); @@ -146,7 +145,7 @@ error_notify_socket_t *error_notify_socket_create() this->service = lib->streams->create_service(lib->streams, uri, 10); if (!this->service) { - DBG1(DBG_CFG, "creating duplicheck socket failed"); + DBG1(DBG_CFG, "creating error-notify socket failed"); destroy(this); return NULL; } diff --git a/src/libcharon/plugins/ext_auth/Makefile.in b/src/libcharon/plugins/ext_auth/Makefile.in index c3a18191f..8ab170b6d 100644 --- a/src/libcharon/plugins/ext_auth/Makefile.in +++ b/src/libcharon/plugins/ext_auth/Makefile.in @@ -313,8 +313,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -415,6 +413,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -443,6 +443,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/farp/Makefile.in b/src/libcharon/plugins/farp/Makefile.in index 3de99da38..4328db1f9 100644 --- a/src/libcharon/plugins/farp/Makefile.in +++ b/src/libcharon/plugins/farp/Makefile.in @@ -311,8 +311,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -413,6 +411,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -441,6 +441,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/farp/farp_listener.c b/src/libcharon/plugins/farp/farp_listener.c index e19fc5972..28ced546e 100644 --- a/src/libcharon/plugins/farp/farp_listener.c +++ b/src/libcharon/plugins/farp/farp_listener.c @@ -101,6 +101,7 @@ METHOD(listener_t, child_updown, bool, entry->remote->destroy_offset(entry->remote, offsetof(traffic_selector_t, destroy)); free(entry); + break; } } enumerator->destroy(enumerator); diff --git a/src/libcharon/plugins/forecast/Makefile.in b/src/libcharon/plugins/forecast/Makefile.in index 5263ccd43..15589b35d 100644 --- a/src/libcharon/plugins/forecast/Makefile.in +++ b/src/libcharon/plugins/forecast/Makefile.in @@ -314,8 +314,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -416,6 +414,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -444,6 +444,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/ha/Makefile.in b/src/libcharon/plugins/ha/Makefile.in index d82bdd28e..cdf33f61f 100644 --- a/src/libcharon/plugins/ha/Makefile.in +++ b/src/libcharon/plugins/ha/Makefile.in @@ -313,8 +313,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -415,6 +413,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -443,6 +443,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/ipseckey/Makefile.in b/src/libcharon/plugins/ipseckey/Makefile.in index 02243e47c..adb40765e 100644 --- a/src/libcharon/plugins/ipseckey/Makefile.in +++ b/src/libcharon/plugins/ipseckey/Makefile.in @@ -313,8 +313,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -415,6 +413,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -443,6 +443,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/kernel_iph/Makefile.in b/src/libcharon/plugins/kernel_iph/Makefile.in index d9c172c1d..6164f5c7b 100644 --- a/src/libcharon/plugins/kernel_iph/Makefile.in +++ b/src/libcharon/plugins/kernel_iph/Makefile.in @@ -313,8 +313,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -415,6 +413,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -443,6 +443,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/kernel_libipsec/Makefile.in b/src/libcharon/plugins/kernel_libipsec/Makefile.in index 9f1a490cf..e604be758 100644 --- a/src/libcharon/plugins/kernel_libipsec/Makefile.in +++ b/src/libcharon/plugins/kernel_libipsec/Makefile.in @@ -315,8 +315,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -417,6 +415,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -445,6 +445,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/kernel_netlink/Makefile.in b/src/libcharon/plugins/kernel_netlink/Makefile.in index 7f25c5202..8d653104e 100644 --- a/src/libcharon/plugins/kernel_netlink/Makefile.in +++ b/src/libcharon/plugins/kernel_netlink/Makefile.in @@ -352,8 +352,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -454,6 +452,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -482,6 +482,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c b/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c index c411b829d..8ddaa71d3 100644 --- a/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c +++ b/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c @@ -1141,7 +1141,7 @@ static bool receive_events(private_kernel_netlink_ipsec_t *this, int fd, METHOD(kernel_ipsec_t, get_features, kernel_feature_t, private_kernel_netlink_ipsec_t *this) { - return KERNEL_ESP_V3_TFC; + return KERNEL_ESP_V3_TFC | KERNEL_POLICY_SPI; } /** @@ -2409,11 +2409,13 @@ static status_t add_policy_internal(private_kernel_netlink_ipsec_t *this, struct xfrm_user_tmpl *tmpl; struct { uint8_t proto; + uint32_t spi; bool use; } protos[] = { - { IPPROTO_COMP, ipsec->cfg.ipcomp.transform != IPCOMP_NONE }, - { IPPROTO_ESP, ipsec->cfg.esp.use }, - { IPPROTO_AH, ipsec->cfg.ah.use }, + { IPPROTO_COMP, htonl(ntohs(ipsec->cfg.ipcomp.cpi)), + ipsec->cfg.ipcomp.transform != IPCOMP_NONE }, + { IPPROTO_ESP, ipsec->cfg.esp.spi, ipsec->cfg.esp.use }, + { IPPROTO_AH, ipsec->cfg.ah.spi, ipsec->cfg.ah.use }, }; ipsec_mode_t proto_mode = ipsec->cfg.mode; int count = 0; @@ -2441,6 +2443,10 @@ static status_t add_policy_internal(private_kernel_netlink_ipsec_t *this, } tmpl->reqid = ipsec->cfg.reqid; tmpl->id.proto = protos[i].proto; + if (policy->direction == POLICY_OUT) + { + tmpl->id.spi = protos[i].spi; + } tmpl->aalgos = tmpl->ealgos = tmpl->calgos = ~0; tmpl->mode = mode2kernel(proto_mode); tmpl->optional = protos[i].proto == IPPROTO_COMP && diff --git a/src/libcharon/plugins/kernel_netlink/kernel_netlink_shared.c b/src/libcharon/plugins/kernel_netlink/kernel_netlink_shared.c index cf85cb0a6..f3b5b1d4a 100644 --- a/src/libcharon/plugins/kernel_netlink/kernel_netlink_shared.c +++ b/src/libcharon/plugins/kernel_netlink/kernel_netlink_shared.c @@ -265,9 +265,10 @@ static bool read_and_queue(private_netlink_socket_t *this, bool block) { struct nlmsghdr *hdr; char buf[this->buflen]; - ssize_t len; + ssize_t len, read_len; + bool wipe = FALSE; - len = read_msg(this, buf, sizeof(buf), block); + len = read_len = read_msg(this, buf, sizeof(buf), block); if (len == -1) { return TRUE; @@ -277,6 +278,11 @@ static bool read_and_queue(private_netlink_socket_t *this, bool block) hdr = (struct nlmsghdr*)buf; while (NLMSG_OK(hdr, len)) { + if (this->protocol == NETLINK_XFRM && + hdr->nlmsg_type == XFRM_MSG_NEWSA) + { /* wipe potential IPsec SA keys */ + wipe = TRUE; + } if (!queue(this, hdr)) { break; @@ -284,6 +290,10 @@ static bool read_and_queue(private_netlink_socket_t *this, bool block) hdr = NLMSG_NEXT(hdr, len); } } + if (wipe) + { + memwipe(buf, read_len); + } return FALSE; } diff --git a/src/libcharon/plugins/kernel_pfkey/Makefile.in b/src/libcharon/plugins/kernel_pfkey/Makefile.in index b27408a3f..0ef880035 100644 --- a/src/libcharon/plugins/kernel_pfkey/Makefile.in +++ b/src/libcharon/plugins/kernel_pfkey/Makefile.in @@ -313,8 +313,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -415,6 +413,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -443,6 +443,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/kernel_pfroute/Makefile.in b/src/libcharon/plugins/kernel_pfroute/Makefile.in index e7005bbff..1f232502a 100644 --- a/src/libcharon/plugins/kernel_pfroute/Makefile.in +++ b/src/libcharon/plugins/kernel_pfroute/Makefile.in @@ -313,8 +313,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -415,6 +413,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -443,6 +443,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/kernel_pfroute/kernel_pfroute_net.c b/src/libcharon/plugins/kernel_pfroute/kernel_pfroute_net.c index 6d06ee179..da7ae472d 100644 --- a/src/libcharon/plugins/kernel_pfroute/kernel_pfroute_net.c +++ b/src/libcharon/plugins/kernel_pfroute/kernel_pfroute_net.c @@ -1831,7 +1831,7 @@ METHOD(enumerator_t, enumerate_subnets, bool, for (; this->current < this->buf + this->len; this->current += rtm->rtm_msglen) { - struct sockaddr *netmask; + struct sockaddr *netmask = NULL; uint8_t netbits = 0; rtm = (struct rt_msghdr*)this->current; @@ -1864,7 +1864,7 @@ METHOD(enumerator_t, enumerate_subnets, bool, this->ifname = strndup(sdl->sdl_data, sdl->sdl_nlen); } } - if (this->net) + if (this->net && netmask) { netbits = sockaddr_to_netmask(netmask, this->net); } diff --git a/src/libcharon/plugins/kernel_wfp/Makefile.in b/src/libcharon/plugins/kernel_wfp/Makefile.in index ffdae84c0..263ec5d64 100644 --- a/src/libcharon/plugins/kernel_wfp/Makefile.in +++ b/src/libcharon/plugins/kernel_wfp/Makefile.in @@ -321,8 +321,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -423,6 +421,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -451,6 +451,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/led/Makefile.in b/src/libcharon/plugins/led/Makefile.in index 7f820292d..54a7ccf44 100644 --- a/src/libcharon/plugins/led/Makefile.in +++ b/src/libcharon/plugins/led/Makefile.in @@ -310,8 +310,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -412,6 +410,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -440,6 +440,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/load_tester/Makefile.in b/src/libcharon/plugins/load_tester/Makefile.in index c55e3578c..b25f3a669 100644 --- a/src/libcharon/plugins/load_tester/Makefile.in +++ b/src/libcharon/plugins/load_tester/Makefile.in @@ -323,8 +323,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -425,6 +423,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -453,6 +453,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/lookip/Makefile.in b/src/libcharon/plugins/lookip/Makefile.in index ba86d3788..4db0b7dc2 100644 --- a/src/libcharon/plugins/lookip/Makefile.in +++ b/src/libcharon/plugins/lookip/Makefile.in @@ -319,8 +319,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -421,6 +419,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -449,6 +449,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/medcli/Makefile.in b/src/libcharon/plugins/medcli/Makefile.in index e2d63be1c..721edbdd5 100644 --- a/src/libcharon/plugins/medcli/Makefile.in +++ b/src/libcharon/plugins/medcli/Makefile.in @@ -313,8 +313,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -415,6 +413,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -443,6 +443,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/medsrv/Makefile.in b/src/libcharon/plugins/medsrv/Makefile.in index 10b48daa3..81d895df1 100644 --- a/src/libcharon/plugins/medsrv/Makefile.in +++ b/src/libcharon/plugins/medsrv/Makefile.in @@ -313,8 +313,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -415,6 +413,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -443,6 +443,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/osx_attr/Makefile.in b/src/libcharon/plugins/osx_attr/Makefile.in index 8e0b10eb0..e9bd93803 100644 --- a/src/libcharon/plugins/osx_attr/Makefile.in +++ b/src/libcharon/plugins/osx_attr/Makefile.in @@ -313,8 +313,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -415,6 +413,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -443,6 +443,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/p_cscf/Makefile.in b/src/libcharon/plugins/p_cscf/Makefile.in index 954a43dc8..7ccbfb102 100644 --- a/src/libcharon/plugins/p_cscf/Makefile.in +++ b/src/libcharon/plugins/p_cscf/Makefile.in @@ -313,8 +313,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -415,6 +413,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -443,6 +443,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/radattr/Makefile.in b/src/libcharon/plugins/radattr/Makefile.in index add1f547f..2e4ea256d 100644 --- a/src/libcharon/plugins/radattr/Makefile.in +++ b/src/libcharon/plugins/radattr/Makefile.in @@ -314,8 +314,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -416,6 +414,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -444,6 +444,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/resolve/Makefile.in b/src/libcharon/plugins/resolve/Makefile.in index 5e166f28f..0db2cb187 100644 --- a/src/libcharon/plugins/resolve/Makefile.in +++ b/src/libcharon/plugins/resolve/Makefile.in @@ -313,8 +313,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -415,6 +413,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -443,6 +443,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/smp/Makefile.in b/src/libcharon/plugins/smp/Makefile.in index 9aac31894..5f3517c25 100644 --- a/src/libcharon/plugins/smp/Makefile.in +++ b/src/libcharon/plugins/smp/Makefile.in @@ -311,8 +311,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -413,6 +411,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -441,6 +441,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/socket_default/Makefile.in b/src/libcharon/plugins/socket_default/Makefile.in index b87afa4a6..54e9ed9b9 100644 --- a/src/libcharon/plugins/socket_default/Makefile.in +++ b/src/libcharon/plugins/socket_default/Makefile.in @@ -313,8 +313,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -415,6 +413,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -443,6 +443,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/socket_dynamic/Makefile.in b/src/libcharon/plugins/socket_dynamic/Makefile.in index 595651f21..1971282a1 100644 --- a/src/libcharon/plugins/socket_dynamic/Makefile.in +++ b/src/libcharon/plugins/socket_dynamic/Makefile.in @@ -313,8 +313,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -415,6 +413,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -443,6 +443,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/socket_win/Makefile.in b/src/libcharon/plugins/socket_win/Makefile.in index 8f1e43926..6efd3e189 100644 --- a/src/libcharon/plugins/socket_win/Makefile.in +++ b/src/libcharon/plugins/socket_win/Makefile.in @@ -313,8 +313,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -415,6 +413,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -443,6 +443,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/sql/Makefile.in b/src/libcharon/plugins/sql/Makefile.in index 5c146190d..e0b813d6b 100644 --- a/src/libcharon/plugins/sql/Makefile.in +++ b/src/libcharon/plugins/sql/Makefile.in @@ -311,8 +311,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -413,6 +411,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -441,6 +441,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/sql/sql_config.c b/src/libcharon/plugins/sql/sql_config.c index 00ed693eb..86728515f 100644 --- a/src/libcharon/plugins/sql/sql_config.c +++ b/src/libcharon/plugins/sql/sql_config.c @@ -102,10 +102,11 @@ static void add_traffic_selectors(private_sql_config_t *this, bool local; e = this->db->query(this->db, - "SELECT kind, type, protocol, " - "start_addr, end_addr, start_port, end_port " - "FROM traffic_selectors JOIN child_config_traffic_selector " - "ON id = traffic_selector WHERE child_cfg = ?", + "SELECT ct.kind, t.type, t.protocol, " + "t.start_addr, t.end_addr, t.start_port, t.end_port " + "FROM traffic_selectors AS t " + "JOIN child_config_traffic_selector AS ct " + "ON t.id = ct.traffic_selector WHERE ct.child_cfg = ?", DB_INT, id, DB_INT, DB_INT, DB_INT, DB_BLOB, DB_BLOB, DB_INT, DB_INT); @@ -131,9 +132,9 @@ static void add_esp_proposals(private_sql_config_t *this, bool use_default = TRUE; e = this->db->query(this->db, - "SELECT proposal " - "FROM proposals JOIN child_config_proposal ON id = prop " - "WHERE child_cfg = ? ORDER BY prio", + "SELECT p.proposal " + "FROM proposals AS p JOIN child_config_proposal AS cp " + "ON p.id = cp.prop WHERE cp.child_cfg = ? ORDER BY cp.prio", DB_INT, id, DB_TEXT); if (e) { @@ -202,10 +203,11 @@ static void add_child_cfgs(private_sql_config_t *this, peer_cfg_t *peer, int id) child_cfg_t *child_cfg; e = this->db->query(this->db, - "SELECT id, name, lifetime, rekeytime, jitter, updown, hostaccess, " - "mode, start_action, dpd_action, close_action, ipcomp, reqid " - "FROM child_configs JOIN peer_config_child_config ON id = child_cfg " - "WHERE peer_cfg = ?", + "SELECT c.id, c.name, c.lifetime, c.rekeytime, c.jitter, c.updown, " + "c.hostaccess, c.mode, c.start_action, c.dpd_action, " + "c.close_action, c.ipcomp, c.reqid " + "FROM child_configs AS c JOIN peer_config_child_config AS pc " + "ON c.id = pc.child_cfg WHERE pc.peer_cfg = ?", DB_INT, id, DB_INT, DB_TEXT, DB_INT, DB_INT, DB_INT, DB_TEXT, DB_INT, DB_INT, DB_INT, DB_INT, DB_INT, DB_INT, DB_INT); @@ -231,9 +233,10 @@ static void add_ike_proposals(private_sql_config_t *this, bool use_default = TRUE; e = this->db->query(this->db, - "SELECT proposal " - "FROM proposals JOIN ike_config_proposal ON id = prop " - "WHERE ike_cfg = ? ORDER BY prio", + "SELECT p.proposal " + "FROM proposals AS p " + "JOIN ike_config_proposal AS ip ON p.id = ip.prop " + "WHERE ip.ike_cfg = ? ORDER BY ip.prio", DB_INT, id, DB_TEXT); if (e) { @@ -288,8 +291,8 @@ static ike_cfg_t* get_ike_cfg_by_id(private_sql_config_t *this, int id) ike_cfg_t *ike_cfg = NULL; e = this->db->query(this->db, - "SELECT id, certreq, force_encap, local, remote " - "FROM ike_configs WHERE id = ?", + "SELECT c.id, c.certreq, c.force_encap, c.local, c.remote " + "FROM ike_configs AS c WHERE c.id = ?", DB_INT, id, DB_INT, DB_INT, DB_INT, DB_TEXT, DB_TEXT); if (e) @@ -310,16 +313,16 @@ static peer_cfg_t *get_peer_cfg_by_id(private_sql_config_t *this, int id) peer_cfg_t *peer_cfg = NULL; e = this->db->query(this->db, - "SELECT c.id, name, ike_cfg, l.type, l.data, r.type, r.data, " - "cert_policy, uniqueid, auth_method, eap_type, eap_vendor, " - "keyingtries, rekeytime, reauthtime, jitter, overtime, mobike, " - "dpd_delay, virtual, pool, " - "mediation, mediated_by, COALESCE(p.type, 0), p.data " + "SELECT c.id, c.name, c.ike_cfg, l.type, l.data, r.type, r.data, " + "c.cert_policy, c.uniqueid, c.auth_method, c.eap_type, " + "c.eap_vendor, c.keyingtries, c.rekeytime, c.reauthtime, c.jitter, " + "c.overtime, c.mobike, c.dpd_delay, c.virtual, c.pool, " + "c.mediation, c.mediated_by, COALESCE(p.type, 0), p.data " "FROM peer_configs AS c " - "JOIN identities AS l ON local_id = l.id " - "JOIN identities AS r ON remote_id = r.id " - "LEFT JOIN identities AS p ON peer_id = p.id " - "WHERE id = ?", + "JOIN identities AS l ON c.local_id = l.id " + "JOIN identities AS r ON c.remote_id = r.id " + "LEFT JOIN identities AS p ON c.peer_id = p.id " + "WHERE c.id = ?", DB_INT, id, DB_INT, DB_TEXT, DB_INT, DB_INT, DB_BLOB, DB_INT, DB_BLOB, DB_INT, DB_INT, DB_INT, DB_INT, DB_INT, @@ -465,16 +468,16 @@ METHOD(backend_t, get_peer_cfg_by_name, peer_cfg_t*, peer_cfg_t *peer_cfg = NULL; e = this->db->query(this->db, - "SELECT c.id, name, ike_cfg, l.type, l.data, r.type, r.data, " - "cert_policy, uniqueid, auth_method, eap_type, eap_vendor, " - "keyingtries, rekeytime, reauthtime, jitter, overtime, mobike, " - "dpd_delay, virtual, pool, " - "mediation, mediated_by, COALESCE(p.type, 0), p.data " + "SELECT c.id, c.name, c.ike_cfg, l.type, l.data, r.type, r.data, " + "c.cert_policy, c.uniqueid, c.auth_method, c.eap_type, " + "c.eap_vendor, c.keyingtries, c.rekeytime, c.reauthtime, c.jitter, " + "c.overtime, c.mobike, c.dpd_delay, c.virtual, c.pool, " + "c.mediation, c.mediated_by, COALESCE(p.type, 0), p.data " "FROM peer_configs AS c " - "JOIN identities AS l ON local_id = l.id " - "JOIN identities AS r ON remote_id = r.id " - "LEFT JOIN identities AS p ON peer_id = p.id " - "WHERE ike_version = ? AND name = ?", + "JOIN identities AS l ON c.local_id = l.id " + "JOIN identities AS r ON c.remote_id = r.id " + "LEFT JOIN identities AS p ON c.peer_id = p.id " + "WHERE c.ike_version = ? AND c.name = ?", DB_INT, 2, DB_TEXT, name, DB_INT, DB_TEXT, DB_INT, DB_INT, DB_BLOB, DB_INT, DB_BLOB, DB_INT, DB_INT, DB_INT, DB_INT, DB_INT, @@ -544,8 +547,8 @@ METHOD(backend_t, create_ike_cfg_enumerator, enumerator_t*, .other = other, ); e->inner = this->db->query(this->db, - "SELECT id, certreq, force_encap, local, remote " - "FROM ike_configs", + "SELECT c.id, c.certreq, c.force_encap, " + "c.local, c.remote FROM ike_configs AS c", DB_INT, DB_INT, DB_INT, DB_TEXT, DB_TEXT); if (!e->inner) { @@ -613,16 +616,16 @@ METHOD(backend_t, create_peer_cfg_enumerator, enumerator_t*, /* TODO: only get configs whose IDs match exactly or contain wildcards */ e->inner = this->db->query(this->db, - "SELECT c.id, name, ike_cfg, l.type, l.data, r.type, r.data, " - "cert_policy, uniqueid, auth_method, eap_type, eap_vendor, " - "keyingtries, rekeytime, reauthtime, jitter, overtime, mobike, " - "dpd_delay, virtual, pool, " - "mediation, mediated_by, COALESCE(p.type, 0), p.data " + "SELECT c.id, c.name, c.ike_cfg, l.type, l.data, r.type, r.data, " + "c.cert_policy, c.uniqueid, c.auth_method, c.eap_type, " + "c.eap_vendor, c.keyingtries, c.rekeytime, c.reauthtime, c.jitter, " + "c.overtime, c.mobike, c.dpd_delay, c.virtual, c.pool, " + "c.mediation, c.mediated_by, COALESCE(p.type, 0), p.data " "FROM peer_configs AS c " - "JOIN identities AS l ON local_id = l.id " - "JOIN identities AS r ON remote_id = r.id " - "LEFT JOIN identities AS p ON peer_id = p.id " - "WHERE ike_version = ?", + "JOIN identities AS l ON c.local_id = l.id " + "JOIN identities AS r ON c.remote_id = r.id " + "LEFT JOIN identities AS p ON c.peer_id = p.id " + "WHERE c.ike_version = ?", DB_INT, 2, DB_INT, DB_TEXT, DB_INT, DB_INT, DB_BLOB, DB_INT, DB_BLOB, DB_INT, DB_INT, DB_INT, DB_INT, DB_INT, diff --git a/src/libcharon/plugins/sql/sql_cred.c b/src/libcharon/plugins/sql/sql_cred.c index 3317de6c8..9ba0bf1c9 100644 --- a/src/libcharon/plugins/sql/sql_cred.c +++ b/src/libcharon/plugins/sql/sql_cred.c @@ -110,7 +110,8 @@ METHOD(credential_set_t, create_private_enumerator, enumerator_t*, else { e->inner = this->db->query(this->db, - "SELECT type, data FROM private_keys WHERE (? OR type = ?)", + "SELECT p.type, p.data FROM private_keys AS p " + "WHERE (? OR p.type = ?)", DB_INT, type == KEY_ANY, DB_INT, type, DB_INT, DB_BLOB); } @@ -197,8 +198,8 @@ METHOD(credential_set_t, create_cert_enumerator, enumerator_t*, else { e->inner = this->db->query(this->db, - "SELECT type, data FROM certificates WHERE " - "(? OR type = ?) AND (? OR keytype = ?)", + "SELECT c.type, c.data FROM certificates AS c WHERE " + "(? OR c.type = ?) AND (? OR c.keytype = ?)", DB_INT, cert == CERT_ANY, DB_INT, cert, DB_INT, key == KEY_ANY, DB_INT, key, DB_INT, DB_BLOB); @@ -286,7 +287,8 @@ METHOD(credential_set_t, create_shared_enumerator, enumerator_t*, if (!me && !other) { e->inner = this->db->query(this->db, - "SELECT type, data FROM shared_secrets WHERE (? OR type = ?)", + "SELECT s.type, s.data FROM shared_secrets AS s " + "WHERE (? OR s.type = ?)", DB_INT, type == SHARED_ANY, DB_INT, type, DB_INT, DB_BLOB); } diff --git a/src/libcharon/plugins/stroke/Makefile.in b/src/libcharon/plugins/stroke/Makefile.in index 0af607fd7..70374b32f 100644 --- a/src/libcharon/plugins/stroke/Makefile.in +++ b/src/libcharon/plugins/stroke/Makefile.in @@ -315,8 +315,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -417,6 +415,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -445,6 +445,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/stroke/stroke_config.c b/src/libcharon/plugins/stroke/stroke_config.c index 00f74831c..ac0129210 100644 --- a/src/libcharon/plugins/stroke/stroke_config.c +++ b/src/libcharon/plugins/stroke/stroke_config.c @@ -136,7 +136,7 @@ METHOD(backend_t, get_peer_cfg_by_name, peer_cfg_t*, /** * parse a proposal string, either into ike_cfg or child_cfg */ -static void add_proposals(private_stroke_config_t *this, char *string, +static bool add_proposals(private_stroke_config_t *this, char *string, ike_cfg_t *ike_cfg, child_cfg_t *child_cfg, protocol_id_t proto) { if (string) @@ -170,10 +170,11 @@ static void add_proposals(private_stroke_config_t *this, char *string, continue; } DBG1(DBG_CFG, "skipped invalid proposal string: %s", single); + return FALSE; } if (strict) { - return; + return TRUE; } /* add default porposal to the end if not strict */ } @@ -187,6 +188,7 @@ static void add_proposals(private_stroke_config_t *this, char *string, child_cfg->add_proposal(child_cfg, proposal_create_default(proto)); child_cfg->add_proposal(child_cfg, proposal_create_default_aead(proto)); } + return TRUE; } /** @@ -289,7 +291,12 @@ static ike_cfg_t *build_ike_cfg(private_stroke_config_t *this, stroke_msg_t *msg msg->add_conn.fragmentation, msg->add_conn.ikedscp); - add_proposals(this, msg->add_conn.algorithms.ike, ike_cfg, NULL, PROTO_IKE); + if (!add_proposals(this, msg->add_conn.algorithms.ike, ike_cfg, + NULL, PROTO_IKE)) + { + ike_cfg->destroy(ike_cfg); + return NULL; + } return ike_cfg; } @@ -1050,6 +1057,7 @@ static child_cfg_t *build_child_cfg(private_stroke_config_t *this, stroke_msg_t *msg) { child_cfg_t *child_cfg; + bool success; child_cfg_create_t child = { .lifetime = { .time = { @@ -1100,13 +1108,18 @@ static child_cfg_t *build_child_cfg(private_stroke_config_t *this, if (msg->add_conn.algorithms.ah) { - add_proposals(this, msg->add_conn.algorithms.ah, - NULL, child_cfg, PROTO_AH); + success = add_proposals(this, msg->add_conn.algorithms.ah, + NULL, child_cfg, PROTO_AH); } else { - add_proposals(this, msg->add_conn.algorithms.esp, - NULL, child_cfg, PROTO_ESP); + success = add_proposals(this, msg->add_conn.algorithms.esp, + NULL, child_cfg, PROTO_ESP); + } + if (!success) + { + child_cfg->destroy(child_cfg); + return NULL; } return child_cfg; } diff --git a/src/libcharon/plugins/systime_fix/Makefile.in b/src/libcharon/plugins/systime_fix/Makefile.in index 327443020..278eaa17b 100644 --- a/src/libcharon/plugins/systime_fix/Makefile.in +++ b/src/libcharon/plugins/systime_fix/Makefile.in @@ -313,8 +313,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -415,6 +413,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -443,6 +443,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/tnc_ifmap/Makefile.in b/src/libcharon/plugins/tnc_ifmap/Makefile.in index 438001baf..3b146e1ee 100644 --- a/src/libcharon/plugins/tnc_ifmap/Makefile.in +++ b/src/libcharon/plugins/tnc_ifmap/Makefile.in @@ -316,8 +316,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -418,6 +416,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -446,6 +446,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/tnc_pdp/Makefile.in b/src/libcharon/plugins/tnc_pdp/Makefile.in index abc77433a..3452080a8 100644 --- a/src/libcharon/plugins/tnc_pdp/Makefile.in +++ b/src/libcharon/plugins/tnc_pdp/Makefile.in @@ -317,8 +317,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -419,6 +417,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -447,6 +447,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/uci/Makefile.in b/src/libcharon/plugins/uci/Makefile.in index 46f4e4f85..2c127985c 100644 --- a/src/libcharon/plugins/uci/Makefile.in +++ b/src/libcharon/plugins/uci/Makefile.in @@ -311,8 +311,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -413,6 +411,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -441,6 +441,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/unity/Makefile.in b/src/libcharon/plugins/unity/Makefile.in index 245bbd471..b82c37966 100644 --- a/src/libcharon/plugins/unity/Makefile.in +++ b/src/libcharon/plugins/unity/Makefile.in @@ -312,8 +312,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -414,6 +412,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -442,6 +442,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/updown/Makefile.in b/src/libcharon/plugins/updown/Makefile.in index ef0f33ce3..4c648fbad 100644 --- a/src/libcharon/plugins/updown/Makefile.in +++ b/src/libcharon/plugins/updown/Makefile.in @@ -313,8 +313,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -415,6 +413,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -443,6 +443,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/vici/Makefile.in b/src/libcharon/plugins/vici/Makefile.in index fd2b89849..cd3dafb08 100644 --- a/src/libcharon/plugins/vici/Makefile.in +++ b/src/libcharon/plugins/vici/Makefile.in @@ -409,8 +409,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -511,6 +509,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -539,6 +539,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/vici/perl/Makefile.in b/src/libcharon/plugins/vici/perl/Makefile.in index 0e9626aa3..f48eb6abb 100644 --- a/src/libcharon/plugins/vici/perl/Makefile.in +++ b/src/libcharon/plugins/vici/perl/Makefile.in @@ -227,8 +227,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -329,6 +327,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -357,6 +357,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/vici/python/Makefile.in b/src/libcharon/plugins/vici/python/Makefile.in index 7d5383290..7d5944ab1 100644 --- a/src/libcharon/plugins/vici/python/Makefile.in +++ b/src/libcharon/plugins/vici/python/Makefile.in @@ -249,8 +249,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -351,6 +349,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -379,6 +379,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/vici/ruby/Makefile.in b/src/libcharon/plugins/vici/ruby/Makefile.in index 5691a74d1..b1222765b 100644 --- a/src/libcharon/plugins/vici/ruby/Makefile.in +++ b/src/libcharon/plugins/vici/ruby/Makefile.in @@ -227,8 +227,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -329,6 +327,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -357,6 +357,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ @@ -470,8 +474,8 @@ distclean-generic: maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." -@RUBY_GEMS_INSTALL_FALSE@uninstall-local: @RUBY_GEMS_INSTALL_FALSE@install-data-local: +@RUBY_GEMS_INSTALL_FALSE@uninstall-local: clean: clean-am clean-am: clean-generic clean-libtool clean-local mostlyclean-am diff --git a/src/libcharon/plugins/vici/ruby/lib/vici.rb b/src/libcharon/plugins/vici/ruby/lib/vici.rb index bcf1a17be..f846a14af 100644 --- a/src/libcharon/plugins/vici/ruby/lib/vici.rb +++ b/src/libcharon/plugins/vici/ruby/lib/vici.rb @@ -550,7 +550,7 @@ module Vici # Listen for a set of event messages. This call is blocking, and invokes # the passed closure for each event received. The closure receives the # event name and the event message as argument. To stop listening, the - # closure may raise a StopEventListening exception, the only catched + # closure may raise a StopEventListening exception, the only caught # exception. def listen_events(events, &block) self.class.instance_eval do diff --git a/src/libcharon/plugins/whitelist/Makefile.in b/src/libcharon/plugins/whitelist/Makefile.in index 0347c5f53..50c790af5 100644 --- a/src/libcharon/plugins/whitelist/Makefile.in +++ b/src/libcharon/plugins/whitelist/Makefile.in @@ -320,8 +320,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -422,6 +420,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -450,6 +450,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/xauth_eap/Makefile.in b/src/libcharon/plugins/xauth_eap/Makefile.in index 28158a373..7d3dc897b 100644 --- a/src/libcharon/plugins/xauth_eap/Makefile.in +++ b/src/libcharon/plugins/xauth_eap/Makefile.in @@ -313,8 +313,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -415,6 +413,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -443,6 +443,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/xauth_generic/Makefile.in b/src/libcharon/plugins/xauth_generic/Makefile.in index 1dc267545..8b937bb8d 100644 --- a/src/libcharon/plugins/xauth_generic/Makefile.in +++ b/src/libcharon/plugins/xauth_generic/Makefile.in @@ -313,8 +313,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -415,6 +413,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -443,6 +443,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/xauth_noauth/Makefile.in b/src/libcharon/plugins/xauth_noauth/Makefile.in index a610bab2a..ff2e6e9ab 100644 --- a/src/libcharon/plugins/xauth_noauth/Makefile.in +++ b/src/libcharon/plugins/xauth_noauth/Makefile.in @@ -313,8 +313,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -415,6 +413,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -443,6 +443,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/xauth_pam/Makefile.in b/src/libcharon/plugins/xauth_pam/Makefile.in index 8c31f2472..0f320dfeb 100644 --- a/src/libcharon/plugins/xauth_pam/Makefile.in +++ b/src/libcharon/plugins/xauth_pam/Makefile.in @@ -313,8 +313,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -415,6 +413,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -443,6 +443,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/sa/child_sa.c b/src/libcharon/sa/child_sa.c index 3d9f6133b..4133d9182 100644 --- a/src/libcharon/sa/child_sa.c +++ b/src/libcharon/sa/child_sa.c @@ -40,10 +40,10 @@ ENUM(child_sa_state_names, CHILD_CREATED, CHILD_DESTROYING, "DESTROYING", ); -ENUM(child_sa_outbound_state_names, CHILD_OUTBOUND_NONE, CHILD_OUTBOUND_INSTALLED, - "NONE", +ENUM_FLAGS(child_sa_outbound_state_names, CHILD_OUTBOUND_REGISTERED, CHILD_OUTBOUND_POLICIES, "REGISTERED", - "INSTALLED", + "SA", + "POLICIES", ); typedef struct private_child_sa_t private_child_sa_t; @@ -296,12 +296,15 @@ METHOD(child_sa_t, get_config, child_cfg_t*, METHOD(child_sa_t, set_state, void, private_child_sa_t *this, child_sa_state_t state) { - DBG2(DBG_CHD, "CHILD_SA %s{%d} state change: %N => %N", - get_name(this), this->unique_id, - child_sa_state_names, this->state, - child_sa_state_names, state); - charon->bus->child_state_change(charon->bus, &this->public, state); - this->state = state; + if (this->state != state) + { + DBG2(DBG_CHD, "CHILD_SA %s{%d} state change: %N => %N", + get_name(this), this->unique_id, + child_sa_state_names, this->state, + child_sa_state_names, state); + charon->bus->child_state_change(charon->bus, &this->public, state); + this->state = state; + } } METHOD(child_sa_t, get_state, child_sa_state_t, @@ -547,7 +550,7 @@ static status_t update_usebytes(private_child_sa_t *this, bool inbound) } else { - if (this->other_spi && this->outbound_state == CHILD_OUTBOUND_INSTALLED) + if (this->other_spi && (this->outbound_state & CHILD_OUTBOUND_SA)) { kernel_ipsec_sa_id_t id = { .src = this->my_addr, @@ -788,7 +791,7 @@ static status_t install_internal(private_child_sa_t *this, chunk_t encr, { tfc = this->config->get_tfc(this->config); } - this->outbound_state = CHILD_OUTBOUND_INSTALLED; + this->outbound_state |= CHILD_OUTBOUND_SA; } DBG2(DBG_CHD, "adding %s %N SA", inbound ? "inbound" : "outbound", @@ -1188,6 +1191,7 @@ METHOD(child_sa_t, install_policies, status_t, linked_list_t *my_ts_list, *other_ts_list; traffic_selector_t *my_ts, *other_ts; status_t status = SUCCESS; + bool install_outbound = FALSE; if (!this->reqid_allocated && !this->static_reqid) { @@ -1207,12 +1211,17 @@ METHOD(child_sa_t, install_policies, status_t, this->reqid_allocated = TRUE; } + if (!(this->outbound_state & CHILD_OUTBOUND_REGISTERED)) + { + install_outbound = TRUE; + this->outbound_state |= CHILD_OUTBOUND_POLICIES; + } + if (!this->config->has_option(this->config, OPT_NO_POLICIES)) { policy_priority_t priority; ipsec_sa_cfg_t my_sa, other_sa; uint32_t manual_prio; - bool install_outbound; prepare_sa_cfg(this, &my_sa, &other_sa); manual_prio = this->config->get_manual_prio(this->config); @@ -1222,7 +1231,6 @@ METHOD(child_sa_t, install_policies, status_t, this->trap = this->state == CHILD_CREATED; priority = this->trap ? POLICY_PRIORITY_ROUTED : POLICY_PRIORITY_DEFAULT; - install_outbound = this->outbound_state != CHILD_OUTBOUND_REGISTERED; /* enumerate pairs of traffic selectors */ enumerator = create_policy_enumerator(this); @@ -1250,7 +1258,6 @@ METHOD(child_sa_t, install_policies, status_t, this->other_addr, my_ts, other_ts, &my_sa, &other_sa, POLICY_IPSEC, priority, manual_prio); - } if (status != SUCCESS) { @@ -1267,21 +1274,35 @@ METHOD(child_sa_t, install_policies, status_t, return status; } -METHOD(child_sa_t, register_outbound, void, +METHOD(child_sa_t, register_outbound, status_t, private_child_sa_t *this, chunk_t encr, chunk_t integ, uint32_t spi, uint16_t cpi, bool tfcv3) { - DBG2(DBG_CHD, "registering outbound %N SA", protocol_id_names, - this->protocol); - DBG2(DBG_CHD, " SPI 0x%.8x, src %H dst %H", ntohl(spi), this->my_addr, - this->other_addr); - - this->other_spi = spi; - this->other_cpi = cpi; - this->encr_r = chunk_clone(encr); - this->integ_r = chunk_clone(integ); - this->tfcv3 = tfcv3; - this->outbound_state = CHILD_OUTBOUND_REGISTERED; + status_t status; + + /* if the kernel supports installing SPIs with policies we install the + * SA immediately as it will only be used once we update the policies */ + if (charon->kernel->get_features(charon->kernel) & KERNEL_POLICY_SPI) + { + status = install_internal(this, encr, integ, spi, cpi, FALSE, FALSE, + tfcv3); + } + else + { + DBG2(DBG_CHD, "registering outbound %N SA", protocol_id_names, + this->protocol); + DBG2(DBG_CHD, " SPI 0x%.8x, src %H dst %H", ntohl(spi), this->my_addr, + this->other_addr); + + this->other_spi = spi; + this->other_cpi = cpi; + this->encr_r = chunk_clone(encr); + this->integ_r = chunk_clone(integ); + this->tfcv3 = tfcv3; + status = SUCCESS; + } + this->outbound_state |= CHILD_OUTBOUND_REGISTERED; + return status; } METHOD(child_sa_t, install_outbound, status_t, @@ -1289,18 +1310,23 @@ METHOD(child_sa_t, install_outbound, status_t, { enumerator_t *enumerator; traffic_selector_t *my_ts, *other_ts; - status_t status; + status_t status = SUCCESS; - status = install_internal(this, this->encr_r, this->integ_r, - this->other_spi, this->other_cpi, FALSE, FALSE, - this->tfcv3); - chunk_clear(&this->encr_r); - chunk_clear(&this->integ_r); + if (!(this->outbound_state & CHILD_OUTBOUND_SA)) + { + status = install_internal(this, this->encr_r, this->integ_r, + this->other_spi, this->other_cpi, FALSE, + FALSE, this->tfcv3); + chunk_clear(&this->encr_r); + chunk_clear(&this->integ_r); + } + this->outbound_state &= ~CHILD_OUTBOUND_REGISTERED; if (status != SUCCESS) { return status; } - if (!this->config->has_option(this->config, OPT_NO_POLICIES)) + if (!this->config->has_option(this->config, OPT_NO_POLICIES) && + !(this->outbound_state & CHILD_OUTBOUND_POLICIES)) { ipsec_sa_cfg_t my_sa, other_sa; uint32_t manual_prio; @@ -1331,6 +1357,7 @@ METHOD(child_sa_t, install_outbound, status_t, } enumerator->destroy(enumerator); } + this->outbound_state |= CHILD_OUTBOUND_POLICIES; return status; } @@ -1340,20 +1367,19 @@ METHOD(child_sa_t, remove_outbound, void, enumerator_t *enumerator; traffic_selector_t *my_ts, *other_ts; - switch (this->outbound_state) + if (!(this->outbound_state & CHILD_OUTBOUND_SA)) { - case CHILD_OUTBOUND_INSTALLED: - break; - case CHILD_OUTBOUND_REGISTERED: + if (this->outbound_state & CHILD_OUTBOUND_REGISTERED) + { chunk_clear(&this->encr_r); chunk_clear(&this->integ_r); this->outbound_state = CHILD_OUTBOUND_NONE; - /* fall-through */ - case CHILD_OUTBOUND_NONE: - return; + } + return; } - if (!this->config->has_option(this->config, OPT_NO_POLICIES)) + if (!this->config->has_option(this->config, OPT_NO_POLICIES) && + (this->outbound_state & CHILD_OUTBOUND_POLICIES)) { ipsec_sa_cfg_t my_sa, other_sa; uint32_t manual_prio; @@ -1598,8 +1624,8 @@ METHOD(child_sa_t, destroy, void, prepare_sa_cfg(this, &my_sa, &other_sa); manual_prio = this->config->get_manual_prio(this->config); - del_outbound = this->trap || - this->outbound_state == CHILD_OUTBOUND_INSTALLED; + del_outbound = (this->outbound_state & CHILD_OUTBOUND_POLICIES) || + this->trap; /* delete all policies in the kernel */ enumerator = create_policy_enumerator(this); @@ -1640,7 +1666,7 @@ METHOD(child_sa_t, destroy, void, }; charon->kernel->del_sa(charon->kernel, &id, &sa); } - if (this->other_spi && this->outbound_state == CHILD_OUTBOUND_INSTALLED) + if (this->other_spi && (this->outbound_state & CHILD_OUTBOUND_SA)) { kernel_ipsec_sa_id_t id = { .src = this->my_addr, @@ -1719,7 +1745,7 @@ child_sa_t * child_sa_create(host_t *me, host_t* other, { private_child_sa_t *this; static refcount_t unique_id = 0, unique_mark = 0; - refcount_t mark; + refcount_t mark = 0; INIT(this, .public = { @@ -1792,16 +1818,33 @@ child_sa_t * child_sa_create(host_t *me, host_t* other, { this->mark_out.value = mark_out; } - if (this->mark_in.value == MARK_UNIQUE || - this->mark_out.value == MARK_UNIQUE) + + if (MARK_IS_UNIQUE(this->mark_in.value) || + MARK_IS_UNIQUE(this->mark_out.value)) { - mark = ref_get(&unique_mark); - if (this->mark_in.value == MARK_UNIQUE) + bool unique_dir; + + unique_dir = this->mark_in.value == MARK_UNIQUE_DIR || + this->mark_out.value == MARK_UNIQUE_DIR; + + if (!unique_dir) + { + mark = ref_get(&unique_mark); + } + if (MARK_IS_UNIQUE(this->mark_in.value)) { + if (unique_dir) + { + mark = ref_get(&unique_mark); + } this->mark_in.value = mark; } - if (this->mark_out.value == MARK_UNIQUE) + if (MARK_IS_UNIQUE(this->mark_out.value)) { + if (unique_dir) + { + mark = ref_get(&unique_mark); + } this->mark_out.value = mark; } } diff --git a/src/libcharon/sa/child_sa.h b/src/libcharon/sa/child_sa.h index b9a913da1..082404d93 100644 --- a/src/libcharon/sa/child_sa.h +++ b/src/libcharon/sa/child_sa.h @@ -102,17 +102,28 @@ enum child_sa_outbound_state_t { /** * Outbound SA is not installed */ - CHILD_OUTBOUND_NONE, + CHILD_OUTBOUND_NONE = 0, /** - * Data for the outbound SA has been registered, but not installed yet + * Data for the outbound SA has been registered during a rekeying (not set + * once the SA and policies are both installed) */ - CHILD_OUTBOUND_REGISTERED, + CHILD_OUTBOUND_REGISTERED = (1<<0), /** - * The outbound SA is currently installed + * The outbound SA has been installed */ - CHILD_OUTBOUND_INSTALLED, + CHILD_OUTBOUND_SA = (1<<1), + + /** + * The outbound policies have been installed + */ + CHILD_OUTBOUND_POLICIES = (1<<2), + + /** + * The outbound SA and policies are both installed + */ + CHILD_OUTBOUND_INSTALLED = (CHILD_OUTBOUND_SA|CHILD_OUTBOUND_POLICIES), }; /** @@ -400,20 +411,23 @@ struct child_sa_t { * Register data for the installation of an outbound SA as responder during * a rekeying. * - * The SA is not installed until install_outbound() is called. + * If the kernel is able to handle SPIs on policies the SA is installed + * immediately, if not it won't be installed until install_outbound() is + * called. * * @param encr encryption key, if any (cloned) * @param integ integrity key (cloned) * @param spi SPI to use, allocated for inbound * @param cpi CPI to use, allocated for outbound * @param tfcv3 TRUE if peer supports ESPv3 TFC + * @return SUCCESS or FAILED */ - void (*register_outbound)(child_sa_t *this, chunk_t encr, chunk_t integ, - uint32_t spi, uint16_t cpi, bool tfcv3); + status_t (*register_outbound)(child_sa_t *this, chunk_t encr, chunk_t integ, + uint32_t spi, uint16_t cpi, bool tfcv3); /** - * Install the outbound SA and the outbound policies as responder during a - * rekeying. + * Install the outbound policies and, if not already done, the outbound SA + * as responder during a rekeying. * * @return SUCCESS or FAILED */ diff --git a/src/libcharon/sa/ikev1/task_manager_v1.c b/src/libcharon/sa/ikev1/task_manager_v1.c index 48ec3e7f5..3472d2c35 100644 --- a/src/libcharon/sa/ikev1/task_manager_v1.c +++ b/src/libcharon/sa/ikev1/task_manager_v1.c @@ -1805,8 +1805,12 @@ METHOD(task_manager_t, queue_child_rekey, void, if (is_redundant(this, child_sa)) { child_sa->set_state(child_sa, CHILD_REKEYED); - queue_task(this, (task_t*)quick_delete_create(this->ike_sa, + if (lib->settings->get_bool(lib->settings, "%s.delete_rekeyed", + FALSE, lib->ns)) + { + queue_task(this, (task_t*)quick_delete_create(this->ike_sa, protocol, spi, FALSE, FALSE)); + } } else { diff --git a/src/libcharon/sa/ikev1/tasks/quick_mode.c b/src/libcharon/sa/ikev1/tasks/quick_mode.c index 8be82ebe2..49b476ad8 100644 --- a/src/libcharon/sa/ikev1/tasks/quick_mode.c +++ b/src/libcharon/sa/ikev1/tasks/quick_mode.c @@ -396,10 +396,6 @@ static bool install(private_quick_mode_t *this) charon->bus->child_keys(charon->bus, this->child_sa, this->initiator, this->dh, this->nonce_i, this->nonce_r); - /* add to IKE_SA, and remove from task */ - this->child_sa->set_state(this->child_sa, CHILD_INSTALLED); - this->ike_sa->add_child_sa(this->ike_sa, this->child_sa); - my_ts = linked_list_create_from_enumerator( this->child_sa->create_ts_enumerator(this->child_sa, TRUE)); other_ts = linked_list_create_from_enumerator( @@ -415,6 +411,9 @@ static bool install(private_quick_mode_t *this) my_ts->destroy(my_ts); other_ts->destroy(other_ts); + this->child_sa->set_state(this->child_sa, CHILD_INSTALLED); + this->ike_sa->add_child_sa(this->ike_sa, this->child_sa); + if (this->rekey) { old = this->ike_sa->get_child_sa(this->ike_sa, diff --git a/src/libcharon/sa/ikev2/keymat_v2.c b/src/libcharon/sa/ikev2/keymat_v2.c index 70dacd1dc..0c41c68d0 100644 --- a/src/libcharon/sa/ikev2/keymat_v2.c +++ b/src/libcharon/sa/ikev2/keymat_v2.c @@ -342,10 +342,13 @@ METHOD(keymat_v2_t, derive_ike_keys, bool, * the nonces. */ switch (alg) { + case PRF_AES128_CMAC: + /* while variable keys may be used according to RFC 4615, RFC 7296 + * explicitly limits the key size to 128 bit for this application */ case PRF_AES128_XCBC: - /* while rfc4434 defines variable keys for AES-XCBC, rfc3664 does + /* while RFC 4434 defines variable keys for AES-XCBC, RFC 3664 does * not and therefore fixed key semantics apply to XCBC for key - * derivation. */ + * derivation, which is also reinforced by RFC 7296 */ case PRF_CAMELLIA128_XCBC: /* draft-kanno-ipsecme-camellia-xcbc refers to rfc 4434, we * assume fixed key length. */ diff --git a/src/libcharon/sa/ikev2/tasks/child_create.c b/src/libcharon/sa/ikev2/tasks/child_create.c index 896cabb2b..cac3bc0a2 100644 --- a/src/libcharon/sa/ikev2/tasks/child_create.c +++ b/src/libcharon/sa/ikev2/tasks/child_create.c @@ -478,6 +478,7 @@ static status_t select_and_install(private_child_create_t *this, bool no_dh, bool ike_auth) { status_t status, status_i, status_o; + child_sa_outbound_state_t out_state; chunk_t nonce_i, nonce_r; chunk_t encr_i = chunk_empty, encr_r = chunk_empty; chunk_t integ_i = chunk_empty, integ_r = chunk_empty; @@ -678,29 +679,42 @@ static status_t select_and_install(private_child_create_t *this, status_i = this->child_sa->install(this->child_sa, encr_r, integ_r, this->my_spi, this->my_cpi, this->initiator, TRUE, this->tfcv3); - status_o = this->child_sa->install(this->child_sa, encr_i, integ_i, - this->other_spi, this->other_cpi, this->initiator, - FALSE, this->tfcv3); } - else if (!this->rekey) + else { status_i = this->child_sa->install(this->child_sa, encr_i, integ_i, this->my_spi, this->my_cpi, this->initiator, TRUE, this->tfcv3); - status_o = this->child_sa->install(this->child_sa, encr_r, integ_r, + } + if (this->rekey) + { /* during rekeyings we install the outbound SA and/or policies + * separately: as responder when we receive the delete for the old + * SA, as initiator pretty much immediately in the ike-rekey task, + * unless there was a rekey collision that we lost */ + if (this->initiator) + { + status_o = this->child_sa->register_outbound(this->child_sa, + encr_i, integ_i, this->other_spi, this->other_cpi, + this->tfcv3); + } + else + { + status_o = this->child_sa->register_outbound(this->child_sa, + encr_r, integ_r, this->other_spi, this->other_cpi, + this->tfcv3); + } + } + else if (this->initiator) + { + status_o = this->child_sa->install(this->child_sa, encr_i, integ_i, this->other_spi, this->other_cpi, this->initiator, FALSE, this->tfcv3); } else - { /* as responder during a rekeying we only install the inbound - * SA now, the outbound SA and policies are installed when we - * receive the delete for the old SA */ - status_i = this->child_sa->install(this->child_sa, encr_i, integ_i, - this->my_spi, this->my_cpi, this->initiator, - TRUE, this->tfcv3); - this->child_sa->register_outbound(this->child_sa, encr_r, integ_r, - this->other_spi, this->other_cpi, this->tfcv3); - status_o = SUCCESS; + { + status_o = this->child_sa->install(this->child_sa, encr_r, integ_r, + this->other_spi, this->other_cpi, this->initiator, + FALSE, this->tfcv3); } } @@ -745,20 +759,15 @@ static status_t select_and_install(private_child_create_t *this, charon->bus->child_keys(charon->bus, this->child_sa, this->initiator, this->dh, nonce_i, nonce_r); - this->child_sa->set_state(this->child_sa, CHILD_INSTALLED); - this->ike_sa->add_child_sa(this->ike_sa, this->child_sa); - this->established = TRUE; - - schedule_inactivity_timeout(this); - my_ts = linked_list_create_from_enumerator( this->child_sa->create_ts_enumerator(this->child_sa, TRUE)); other_ts = linked_list_create_from_enumerator( this->child_sa->create_ts_enumerator(this->child_sa, FALSE)); + out_state = this->child_sa->get_outbound_state(this->child_sa); DBG0(DBG_IKE, "%sCHILD_SA %s{%d} established " "with SPIs %.8x_i %.8x_o and TS %#R === %#R", - this->rekey && !this->initiator ? "inbound " : "", + (out_state == CHILD_OUTBOUND_INSTALLED) ? "" : "inbound ", this->child_sa->get_name(this->child_sa), this->child_sa->get_unique_id(this->child_sa), ntohl(this->child_sa->get_spi(this->child_sa, TRUE)), @@ -767,6 +776,12 @@ static status_t select_and_install(private_child_create_t *this, my_ts->destroy(my_ts); other_ts->destroy(other_ts); + + this->child_sa->set_state(this->child_sa, CHILD_INSTALLED); + this->ike_sa->add_child_sa(this->ike_sa, this->child_sa); + this->established = TRUE; + + schedule_inactivity_timeout(this); return SUCCESS; } @@ -1007,17 +1022,6 @@ METHOD(task_t, build_i, status_t, break; } - if (this->reqid) - { - DBG0(DBG_IKE, "establishing CHILD_SA %s{%d}", - this->config->get_name(this->config), this->reqid); - } - else - { - DBG0(DBG_IKE, "establishing CHILD_SA %s", - this->config->get_name(this->config)); - } - /* check if we want a virtual IP, but don't have one */ list = linked_list_create(); peer_cfg = this->ike_sa->get_peer_cfg(this->ike_sa); @@ -1070,6 +1074,19 @@ METHOD(task_t, build_i, status_t, this->ike_sa->has_condition(this->ike_sa, COND_NAT_ANY), this->mark_in, this->mark_out); + if (this->reqid) + { + DBG0(DBG_IKE, "establishing CHILD_SA %s{%d} reqid %d", + this->child_sa->get_name(this->child_sa), + this->child_sa->get_unique_id(this->child_sa), this->reqid); + } + else + { + DBG0(DBG_IKE, "establishing CHILD_SA %s{%d}", + this->child_sa->get_name(this->child_sa), + this->child_sa->get_unique_id(this->child_sa)); + } + if (!allocate_spi(this)) { DBG1(DBG_IKE, "unable to allocate SPIs from kernel"); diff --git a/src/libcharon/sa/ikev2/tasks/child_delete.c b/src/libcharon/sa/ikev2/tasks/child_delete.c index 626796383..2217295b6 100644 --- a/src/libcharon/sa/ikev2/tasks/child_delete.c +++ b/src/libcharon/sa/ikev2/tasks/child_delete.c @@ -196,7 +196,6 @@ static void install_outbound(private_child_delete_t *this, /* FIXME: delete the new child_sa? */ return; } - child_sa->set_state(child_sa, CHILD_INSTALLED); my_ts = linked_list_create_from_enumerator( child_sa->create_ts_enumerator(child_sa, TRUE)); diff --git a/src/libcharon/sa/ikev2/tasks/child_rekey.c b/src/libcharon/sa/ikev2/tasks/child_rekey.c index 761c860e7..b67e9b80f 100644 --- a/src/libcharon/sa/ikev2/tasks/child_rekey.c +++ b/src/libcharon/sa/ikev2/tasks/child_rekey.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2009-2016 Tobias Brunner + * Copyright (C) 2009-2017 Tobias Brunner * Copyright (C) 2005-2007 Martin Willi * Copyright (C) 2005 Jan Hutter * HSR Hochschule fuer Technik Rapperswil @@ -283,7 +283,8 @@ METHOD(task_t, build_r, status_t, /** * Handle a rekey collision */ -static child_sa_t *handle_collision(private_child_rekey_t *this) +static child_sa_t *handle_collision(private_child_rekey_t *this, + child_sa_t **to_install) { child_sa_t *to_delete; @@ -302,8 +303,11 @@ static child_sa_t *handle_collision(private_child_rekey_t *this) { child_sa_t *child_sa; - DBG1(DBG_IKE, "CHILD_SA rekey collision won, deleting old child"); + *to_install = this->child_create->get_child(this->child_create); to_delete = this->child_sa; + DBG1(DBG_IKE, "CHILD_SA rekey collision won, deleting old child " + "%s{%d}", to_delete->get_name(to_delete), + to_delete->get_unique_id(to_delete)); /* don't touch child other created, it has already been deleted */ if (!this->other_child_destroyed) { @@ -321,9 +325,10 @@ static child_sa_t *handle_collision(private_child_rekey_t *this) } else { - DBG1(DBG_IKE, "CHILD_SA rekey collision lost, " - "deleting rekeyed child"); to_delete = this->child_create->get_child(this->child_create); + DBG1(DBG_IKE, "CHILD_SA rekey collision lost, deleting redundant " + "child %s{%d}", to_delete->get_name(to_delete), + to_delete->get_unique_id(to_delete)); } } else @@ -334,15 +339,17 @@ static child_sa_t *handle_collision(private_child_rekey_t *this) * the CHILD_SA the other is not deleting. */ if (del->get_child(del) != this->child_sa) { - DBG1(DBG_IKE, "CHILD_SA rekey/delete collision, " - "deleting rekeyed child"); to_delete = this->child_sa; + DBG1(DBG_IKE, "CHILD_SA rekey/delete collision, deleting old child " + "%s{%d}", to_delete->get_name(to_delete), + to_delete->get_unique_id(to_delete)); } else { - DBG1(DBG_IKE, "CHILD_SA rekey/delete collision, " - "deleting redundant child"); to_delete = this->child_create->get_child(this->child_create); + DBG1(DBG_IKE, "CHILD_SA rekey/delete collision, deleting redundant " + "child %s{%d}", to_delete->get_name(to_delete), + to_delete->get_unique_id(to_delete)); } } return to_delete; @@ -353,7 +360,7 @@ METHOD(task_t, process_i, status_t, { protocol_id_t protocol; uint32_t spi; - child_sa_t *to_delete; + child_sa_t *to_delete, *to_install = NULL; if (message->get_notify(message, NO_ADDITIONAL_SAS)) { @@ -415,19 +422,48 @@ METHOD(task_t, process_i, status_t, /* check for rekey collisions */ if (this->collision) { - to_delete = handle_collision(this); + to_delete = handle_collision(this, &to_install); } else { + to_install = this->child_create->get_child(this->child_create); to_delete = this->child_sa; } - + if (to_install) + { + if (to_install->install_outbound(to_install) != SUCCESS) + { + DBG1(DBG_IKE, "unable to install outbound IPsec SA (SAD) in kernel"); + charon->bus->alert(charon->bus, ALERT_INSTALL_CHILD_SA_FAILED, + to_install); + /* FIXME: delete the child_sa? fail the task? */ + } + else + { + linked_list_t *my_ts, *other_ts; + + my_ts = linked_list_create_from_enumerator( + to_install->create_ts_enumerator(to_install, TRUE)); + other_ts = linked_list_create_from_enumerator( + to_install->create_ts_enumerator(to_install, FALSE)); + + DBG0(DBG_IKE, "outbound CHILD_SA %s{%d} established " + "with SPIs %.8x_i %.8x_o and TS %#R === %#R", + to_install->get_name(to_install), + to_install->get_unique_id(to_install), + ntohl(to_install->get_spi(to_install, TRUE)), + ntohl(to_install->get_spi(to_install, FALSE)), + my_ts, other_ts); + + my_ts->destroy(my_ts); + other_ts->destroy(other_ts); + } + } if (to_delete != this->child_create->get_child(this->child_create)) { /* invoke rekey hook if rekeying successful */ charon->bus->child_rekey(charon->bus, this->child_sa, this->child_create->get_child(this->child_create)); } - if (to_delete == NULL) { return SUCCESS; diff --git a/src/libcharon/sa/trap_manager.c b/src/libcharon/sa/trap_manager.c index f9fee5e7e..6436a2549 100644 --- a/src/libcharon/sa/trap_manager.c +++ b/src/libcharon/sa/trap_manager.c @@ -158,6 +158,31 @@ CALLBACK(acquire_by_dst, bool, return this->dst && this->dst->ip_equals(this->dst, dst); } +/** + * Check if any remote TS are dynamic + */ +static bool dynamic_remote_ts(child_cfg_t *child) +{ + enumerator_t *enumerator; + linked_list_t *other_ts; + traffic_selector_t *ts; + bool found = FALSE; + + other_ts = child->get_traffic_selectors(child, FALSE, NULL, NULL); + enumerator = other_ts->create_enumerator(other_ts); + while (enumerator->enumerate(enumerator, &ts)) + { + if (ts->is_dynamic(ts)) + { + found = TRUE; + break; + } + } + enumerator->destroy(enumerator); + other_ts->destroy_offset(other_ts, offsetof(traffic_selector_t, destroy)); + return found; +} + METHOD(trap_manager_t, install, uint32_t, private_trap_manager_t *this, peer_cfg_t *peer, child_cfg_t *child, uint32_t reqid) @@ -184,25 +209,39 @@ METHOD(trap_manager_t, install, uint32_t, me = host_create_any(other->get_family(other)); wildcard = TRUE; } - else if (!other || other->is_anyaddr(other)) + else if (other && other->is_anyaddr(other)) { - DESTROY_IF(other); + other->destroy(other); DBG1(DBG_CFG, "installing trap failed, remote address unknown"); return 0; } else - { - me = ike_cfg->resolve_me(ike_cfg, other->get_family(other)); - if (!me || me->is_anyaddr(me)) + { /* depending on the traffic selectors we don't really need a remote + * host yet, but we might fail later if no IP can be resolved */ + if (!other && dynamic_remote_ts(child)) + { /* with dynamic TS we do need a host, otherwise 0.0.0.0/0 is used, + * which is probably not what users expect*/ + DBG1(DBG_CFG, "installing trap failed, remote address unknown with " + "dynamic traffic selector"); + return 0; + } + me = ike_cfg->resolve_me(ike_cfg, other ? other->get_family(other) + : AF_UNSPEC); + if (!other) + { + other = host_create_any(me ? me->get_family(me) : AF_INET); + } + other->set_port(other, ike_cfg->get_other_port(ike_cfg)); + if ((!me || me->is_anyaddr(me)) && !other->is_anyaddr(other)) { DESTROY_IF(me); me = charon->kernel->get_source_addr(charon->kernel, other, NULL); - if (!me) - { - me = host_create_any(other->get_family(other)); - } - me->set_port(me, ike_cfg->get_my_port(ike_cfg)); } + if (!me) + { + me = host_create_any(other->get_family(other)); + } + me->set_port(me, ike_cfg->get_my_port(ike_cfg)); } this->lock->write_lock(this->lock); diff --git a/src/libcharon/tests/Makefile.in b/src/libcharon/tests/Makefile.in index 3070f429b..8a2775bc0 100644 --- a/src/libcharon/tests/Makefile.in +++ b/src/libcharon/tests/Makefile.in @@ -335,8 +335,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -437,6 +435,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -465,6 +465,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/tests/suites/test_child_rekey.c b/src/libcharon/tests/suites/test_child_rekey.c index 76b23f589..ac169723f 100644 --- a/src/libcharon/tests/suites/test_child_rekey.c +++ b/src/libcharon/tests/suites/test_child_rekey.c @@ -483,6 +483,9 @@ START_TEST(test_collision) CHILD_OUTBOUND_REGISTERED); assert_child_sa_state(a, data[_i].spi_a, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED); + assert_child_sa_state(a, data[_i].spi_del_a, CHILD_DELETING, + CHILD_OUTBOUND_INSTALLED); + assert_ipsec_sas_installed(a, 1, 2, 3, 5, 6); } else { @@ -493,10 +496,10 @@ START_TEST(test_collision) CHILD_OUTBOUND_INSTALLED); assert_child_sa_state(a, data[_i].spi_a, CHILD_INSTALLED, CHILD_OUTBOUND_REGISTERED); + assert_child_sa_state(a, data[_i].spi_del_a, CHILD_DELETING, + CHILD_OUTBOUND_REGISTERED); + assert_ipsec_sas_installed(a, 1, 2, 3, 6); } - assert_child_sa_state(a, data[_i].spi_del_a, CHILD_DELETING, - CHILD_OUTBOUND_INSTALLED); - assert_ipsec_sas_installed(a, 1, 2, 3, 5, 6); /* CREATE_CHILD_SA { SA, Nr, [KEr,] TSi, TSr } --> */ if (data[_i].spi_del_b == 2) { @@ -507,6 +510,9 @@ START_TEST(test_collision) CHILD_OUTBOUND_REGISTERED); assert_child_sa_state(b, data[_i].spi_b, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED); + assert_child_sa_state(b, data[_i].spi_del_b, CHILD_DELETING, + CHILD_OUTBOUND_INSTALLED); + assert_ipsec_sas_installed(b, 1, 2, 4, 5, 6); } else { @@ -517,10 +523,10 @@ START_TEST(test_collision) CHILD_OUTBOUND_INSTALLED); assert_child_sa_state(b, data[_i].spi_b, CHILD_INSTALLED, CHILD_OUTBOUND_REGISTERED); + assert_child_sa_state(b, data[_i].spi_del_b, CHILD_DELETING, + CHILD_OUTBOUND_REGISTERED); + assert_ipsec_sas_installed(b, 1, 2, 4, 5); } - assert_child_sa_state(b, data[_i].spi_del_b, CHILD_DELETING, - CHILD_OUTBOUND_INSTALLED); - assert_ipsec_sas_installed(b, 1, 2, 4, 5, 6); /* we don't expect this hook to get called anymore */ assert_hook_not_called(child_rekey); @@ -528,27 +534,41 @@ START_TEST(test_collision) assert_jobs_scheduled(1); exchange_test_helper->process_message(exchange_test_helper, b, NULL); assert_child_sa_state(b, data[_i].spi_del_b, CHILD_DELETING, - CHILD_OUTBOUND_INSTALLED); + data[_i].spi_del_b == 2 ? CHILD_OUTBOUND_INSTALLED + : CHILD_OUTBOUND_REGISTERED); assert_child_sa_state(b, data[_i].spi_del_a, CHILD_DELETING, CHILD_OUTBOUND_NONE); assert_child_sa_state(b, data[_i].spi_b, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED); assert_child_sa_count(b, 3); - assert_ipsec_sas_installed(b, 2, 4, 5, 6, - data[_i].spi_del_b == 2 ? 1 : 3); + if (data[_i].spi_del_b == 2) + { + assert_ipsec_sas_installed(b, 1, 2, 4, 5, 6); + } + else + { + assert_ipsec_sas_installed(b, 2, 3, 4, 5); + } assert_scheduler(); /* <-- INFORMATIONAL { D } */ assert_jobs_scheduled(1); exchange_test_helper->process_message(exchange_test_helper, a, NULL); assert_child_sa_state(a, data[_i].spi_del_a, CHILD_DELETING, - CHILD_OUTBOUND_INSTALLED); + data[_i].spi_del_a == 1 ? CHILD_OUTBOUND_INSTALLED + : CHILD_OUTBOUND_REGISTERED); assert_child_sa_state(a, data[_i].spi_del_b, CHILD_DELETING, CHILD_OUTBOUND_NONE); assert_child_sa_state(a, data[_i].spi_a, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED); assert_child_sa_count(a, 3); - assert_ipsec_sas_installed(a, 1, 3, 5, 6, - data[_i].spi_del_a == 1 ? 2 : 4); + if (data[_i].spi_del_a == 1) + { + assert_ipsec_sas_installed(a, 1, 2, 3, 5, 6); + } + else + { + assert_ipsec_sas_installed(a, 1, 3, 4, 6); + } assert_scheduler(); /* <-- INFORMATIONAL { D } */ assert_jobs_scheduled(1); @@ -682,6 +702,9 @@ START_TEST(test_collision_delayed_response) CHILD_OUTBOUND_REGISTERED); assert_child_sa_state(b, data[_i].spi_b, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED); + assert_child_sa_state(b, data[_i].spi_del_b, CHILD_DELETING, + CHILD_OUTBOUND_INSTALLED); + assert_ipsec_sas_installed(b, 1, 2, 4, 5, 6); } else { @@ -692,10 +715,10 @@ START_TEST(test_collision_delayed_response) CHILD_OUTBOUND_INSTALLED); assert_child_sa_state(b, data[_i].spi_b, CHILD_INSTALLED, CHILD_OUTBOUND_REGISTERED); + assert_child_sa_state(b, data[_i].spi_del_b, CHILD_DELETING, + CHILD_OUTBOUND_REGISTERED); + assert_ipsec_sas_installed(b, 1, 2, 4, 5); } - assert_child_sa_state(b, data[_i].spi_del_b, CHILD_DELETING, - CHILD_OUTBOUND_INSTALLED); - assert_ipsec_sas_installed(b, 1, 2, 4, 5, 6); /* <-- INFORMATIONAL { D } */ assert_hook_not_called(child_rekey); @@ -748,21 +771,23 @@ START_TEST(test_collision_delayed_response) assert_hook_rekey(child_rekey, 1, data[_i].spi_a); exchange_test_helper->process_message(exchange_test_helper, a, msg); assert_hook(); + assert_child_sa_state(a, data[_i].spi_del_a, CHILD_DELETING, + CHILD_OUTBOUND_INSTALLED); + assert_ipsec_sas_installed(a, 1, 2, 3, 5, 6); } else { assert_hook_not_called(child_rekey); exchange_test_helper->process_message(exchange_test_helper, a, msg); assert_hook(); + assert_child_sa_state(a, data[_i].spi_del_a, CHILD_DELETING, + CHILD_OUTBOUND_REGISTERED); + assert_ipsec_sas_installed(a, 1, 3, 4, 6); } - assert_child_sa_state(a, data[_i].spi_del_a, CHILD_DELETING, - CHILD_OUTBOUND_INSTALLED); assert_child_sa_state(a, data[_i].spi_del_b, CHILD_DELETING, CHILD_OUTBOUND_NONE); assert_child_sa_state(a, data[_i].spi_a, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED); - assert_ipsec_sas_installed(a, 1, 3, 5, 6, - data[_i].spi_del_a == 1 ? 2 : 4); assert_child_sa_count(a, 3); /* we don't expect this hook to get called anymore */ @@ -1173,6 +1198,8 @@ START_TEST(test_collision_ke_invalid) CHILD_OUTBOUND_REGISTERED); assert_child_sa_state(a, data[_i].spi_a, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED); + assert_child_sa_state(a, data[_i].spi_del_a, CHILD_DELETING, + CHILD_OUTBOUND_INSTALLED); } else { @@ -1181,9 +1208,9 @@ START_TEST(test_collision_ke_invalid) CHILD_OUTBOUND_INSTALLED); assert_child_sa_state(a, data[_i].spi_a, CHILD_INSTALLED, CHILD_OUTBOUND_REGISTERED); + assert_child_sa_state(a, data[_i].spi_del_a, CHILD_DELETING, + CHILD_OUTBOUND_REGISTERED); } - assert_child_sa_state(a, data[_i].spi_del_a, CHILD_DELETING, - CHILD_OUTBOUND_INSTALLED); /* CREATE_CHILD_SA { SA, Nr, [KEr,] TSi, TSr } --> */ if (data[_i].spi_del_b == 2) { @@ -1194,6 +1221,8 @@ START_TEST(test_collision_ke_invalid) CHILD_OUTBOUND_REGISTERED); assert_child_sa_state(b, data[_i].spi_b, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED); + assert_child_sa_state(b, data[_i].spi_del_b, CHILD_DELETING, + CHILD_OUTBOUND_INSTALLED); } else { @@ -1202,9 +1231,10 @@ START_TEST(test_collision_ke_invalid) CHILD_OUTBOUND_INSTALLED); assert_child_sa_state(b, data[_i].spi_b, CHILD_INSTALLED, CHILD_OUTBOUND_REGISTERED); + assert_child_sa_state(b, data[_i].spi_del_b, CHILD_DELETING, + CHILD_OUTBOUND_REGISTERED); } - assert_child_sa_state(b, data[_i].spi_del_b, CHILD_DELETING, - CHILD_OUTBOUND_INSTALLED); + /* we don't expect this hook to get called anymore */ assert_hook_not_called(child_rekey); @@ -1212,7 +1242,8 @@ START_TEST(test_collision_ke_invalid) assert_jobs_scheduled(1); exchange_test_helper->process_message(exchange_test_helper, b, NULL); assert_child_sa_state(b, data[_i].spi_del_b, CHILD_DELETING, - CHILD_OUTBOUND_INSTALLED); + data[_i].spi_del_b == 2 ? CHILD_OUTBOUND_INSTALLED + : CHILD_OUTBOUND_REGISTERED); assert_child_sa_state(b, data[_i].spi_del_a, CHILD_DELETING, CHILD_OUTBOUND_NONE); assert_child_sa_state(b, data[_i].spi_b, CHILD_INSTALLED, @@ -1223,7 +1254,8 @@ START_TEST(test_collision_ke_invalid) assert_jobs_scheduled(1); exchange_test_helper->process_message(exchange_test_helper, a, NULL); assert_child_sa_state(a, data[_i].spi_del_a, CHILD_DELETING, - CHILD_OUTBOUND_INSTALLED); + data[_i].spi_del_a == 1 ? CHILD_OUTBOUND_INSTALLED + : CHILD_OUTBOUND_REGISTERED); assert_child_sa_state(a, data[_i].spi_del_b, CHILD_DELETING, CHILD_OUTBOUND_NONE); assert_child_sa_state(a, data[_i].spi_a, CHILD_INSTALLED, diff --git a/src/libcharon/tests/utils/exchange_test_asserts.h b/src/libcharon/tests/utils/exchange_test_asserts.h index 4d363edfd..ae9ac5c98 100644 --- a/src/libcharon/tests/utils/exchange_test_asserts.h +++ b/src/libcharon/tests/utils/exchange_test_asserts.h @@ -285,7 +285,7 @@ bool exchange_test_asserts_message(listener_t *this, ike_sa_t *ike_sa, * @param dir IN or OUT to check the next in- or outbound message */ #define assert_message_empty(dir) \ - _assert_payload(dir, 0) + _assert_payload(#dir, 0) /** * Assert that the next in- or outbound plaintext message contains exactly @@ -295,7 +295,7 @@ bool exchange_test_asserts_message(listener_t *this, ike_sa_t *ike_sa, * @param expected expected payload type */ #define assert_single_payload(dir, expected) \ - _assert_payload(dir, 1, { TRUE, expected, 0 }) + _assert_payload(#dir, 1, { TRUE, expected, 0 }) /** * Assert that the next in- or outbound plaintext message contains exactly @@ -305,7 +305,7 @@ bool exchange_test_asserts_message(listener_t *this, ike_sa_t *ike_sa, * @param expected expected notify type */ #define assert_single_notify(dir, expected) \ - _assert_payload(dir, 1, { TRUE, 0, expected }) + _assert_payload(#dir, 1, { TRUE, 0, expected }) /** * Assert that the next in- or outbound plaintext message contains a notify @@ -315,7 +315,7 @@ bool exchange_test_asserts_message(listener_t *this, ike_sa_t *ike_sa, * @param expected expected notify type */ #define assert_notify(dir, expected) \ - _assert_payload(dir, -1, { TRUE, 0, expected }) + _assert_payload(#dir, -1, { TRUE, 0, expected }) /** * Assert that the next in- or outbound plaintext message does not contain a @@ -325,7 +325,7 @@ bool exchange_test_asserts_message(listener_t *this, ike_sa_t *ike_sa, * @param unexpected not expected notify type */ #define assert_no_notify(dir, unexpected) \ - _assert_payload(dir, -1, { FALSE, 0, unexpected }) + _assert_payload(#dir, -1, { FALSE, 0, unexpected }) #define _assert_payload(dir, c, ...) ({ \ listener_message_rule_t _rules[] = { __VA_ARGS__ }; \ @@ -333,7 +333,7 @@ bool exchange_test_asserts_message(listener_t *this, ike_sa_t *ike_sa, .listener = { .message = exchange_test_asserts_message, }, \ .file = __FILE__, \ .line = __LINE__, \ - .incoming = streq(#dir, "IN") ? TRUE : FALSE, \ + .incoming = streq(dir, "IN") ? TRUE : FALSE, \ .count = c, \ .rules = _rules, \ .num_rules = countof(_rules), \ diff --git a/src/libcharon/tests/utils/sa_asserts.h b/src/libcharon/tests/utils/sa_asserts.h index d23f724f1..216c15065 100644 --- a/src/libcharon/tests/utils/sa_asserts.h +++ b/src/libcharon/tests/utils/sa_asserts.h @@ -121,7 +121,8 @@ test_assert_msg(_state == _child->get_state(_child), "%N != %N", \ child_sa_state_names, _state, \ child_sa_state_names, _child->get_state(_child)); \ - test_assert_msg(_outbound == _child->get_outbound_state(_child), "%N != %N", \ + typeof(outbound) _cur_out = _child->get_outbound_state(_child); \ + test_assert_msg(_outbound == _cur_out || _outbound & _cur_out, "%N != %N", \ child_sa_outbound_state_names, _outbound, \ child_sa_outbound_state_names, _child->get_outbound_state(_child)); \ }) diff --git a/src/libfast/Makefile.in b/src/libfast/Makefile.in index 8adf068e2..d147b27d8 100644 --- a/src/libfast/Makefile.in +++ b/src/libfast/Makefile.in @@ -316,8 +316,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -418,6 +416,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -446,6 +446,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libimcv/Android.mk b/src/libimcv/Android.mk index 89ce5801a..4df3dcb64 100644 --- a/src/libimcv/Android.mk +++ b/src/libimcv/Android.mk @@ -33,6 +33,9 @@ libimcv_la_SOURCES := \ ietf/ietf_attr_product_info.h ietf/ietf_attr_product_info.c \ ietf/ietf_attr_remediation_instr.h ietf/ietf_attr_remediation_instr.c \ ietf/ietf_attr_string_version.h ietf/ietf_attr_string_version.c \ + ietf/swima/ietf_swima_attr_req.h ietf/swima/ietf_swima_attr_req.c \ + ietf/swima/ietf_swima_attr_sw_inv.h ietf/swima/ietf_swima_attr_sw_inv.c \ + ietf/swima/ietf_swima_attr_sw_ev.h ietf/swima/ietf_swima_attr_sw_ev.c \ ita/ita_attr.h ita/ita_attr.c \ ita/ita_attr_command.h ita/ita_attr_command.c \ ita/ita_attr_dummy.h ita/ita_attr_dummy.c \ @@ -68,6 +71,7 @@ libimcv_la_SOURCES := \ pts/components/tcg/tcg_comp_func_name.h pts/components/tcg/tcg_comp_func_name.c \ pwg/pwg_attr.h pwg/pwg_attr.c \ pwg/pwg_attr_vendor_smi_code.h pwg/pwg_attr_vendor_smi_code.c \ + rest/rest.h rest/rest.c \ seg/seg_contract.h seg/seg_contract.c \ seg/seg_contract_manager.h seg/seg_contract_manager.c \ seg/seg_env.h seg/seg_env.c \ @@ -75,6 +79,13 @@ libimcv_la_SOURCES := \ swid/swid_inventory.h swid/swid_inventory.c \ swid/swid_tag.h swid/swid_tag.c \ swid/swid_tag_id.h swid/swid_tag_id.c \ + swima/swima_data_model.h swima/swima_data_model.c \ + swima/swima_record.h swima/swima_record.c \ + swima/swima_event.h swima/swima_event.c \ + swima/swima_events.h swima/swima_events.c \ + swima/swima_inventory.h swima/swima_inventory.c \ + swima/swima_collector.h swima/swima_collector.c \ + swima/swima_error.h swima/swima_error.c \ tcg/tcg_attr.h tcg/tcg_attr.c \ tcg/pts/tcg_pts_attr_proto_caps.h tcg/pts/tcg_pts_attr_proto_caps.c \ tcg/pts/tcg_pts_attr_dh_nonce_params_req.h tcg/pts/tcg_pts_attr_dh_nonce_params_req.c \ diff --git a/src/libimcv/Makefile.am b/src/libimcv/Makefile.am index 8cde4b7fc..a6397c5ff 100644 --- a/src/libimcv/Makefile.am +++ b/src/libimcv/Makefile.am @@ -2,7 +2,11 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libstrongswan \ -I$(top_srcdir)/src/libtncif \ -I$(top_srcdir)/src/libtpmtss \ - -DIPSEC_SCRIPT=\"${ipsec_script}\" + -DIPSEC_SCRIPT=\"${ipsec_script}\" \ + -DSWID_DIRECTORY=\"${prefix}/share\" + +AM_CFLAGS = \ + $(json_CFLAGS) ipseclib_LTLIBRARIES = libimcv.la @@ -12,7 +16,8 @@ libimcv_la_LDFLAGS = \ libimcv_la_LIBADD = \ $(top_builddir)/src/libstrongswan/libstrongswan.la \ $(top_builddir)/src/libtncif/libtncif.la \ - $(top_builddir)/src/libtpmtss/libtpmtss.la + $(top_builddir)/src/libtpmtss/libtpmtss.la \ + $(json_LIBS) if USE_WINDOWS libimcv_la_LIBADD += -lws2_32 @@ -49,6 +54,9 @@ libimcv_la_SOURCES = \ ietf/ietf_attr_product_info.h ietf/ietf_attr_product_info.c \ ietf/ietf_attr_remediation_instr.h ietf/ietf_attr_remediation_instr.c \ ietf/ietf_attr_string_version.h ietf/ietf_attr_string_version.c \ + ietf/swima/ietf_swima_attr_req.h ietf/swima/ietf_swima_attr_req.c \ + ietf/swima/ietf_swima_attr_sw_inv.h ietf/swima/ietf_swima_attr_sw_inv.c \ + ietf/swima/ietf_swima_attr_sw_ev.h ietf/swima/ietf_swima_attr_sw_ev.c \ ita/ita_attr.h ita/ita_attr.c \ ita/ita_attr_command.h ita/ita_attr_command.c \ ita/ita_attr_dummy.h ita/ita_attr_dummy.c \ @@ -84,6 +92,7 @@ libimcv_la_SOURCES = \ pts/components/tcg/tcg_comp_func_name.h pts/components/tcg/tcg_comp_func_name.c \ pwg/pwg_attr.h pwg/pwg_attr.c \ pwg/pwg_attr_vendor_smi_code.h pwg/pwg_attr_vendor_smi_code.c \ + rest/rest.h rest/rest.c \ seg/seg_contract.h seg/seg_contract.c \ seg/seg_contract_manager.h seg/seg_contract_manager.c \ seg/seg_env.h seg/seg_env.c \ @@ -91,6 +100,15 @@ libimcv_la_SOURCES = \ swid/swid_inventory.h swid/swid_inventory.c \ swid/swid_tag.h swid/swid_tag.c \ swid/swid_tag_id.h swid/swid_tag_id.c \ + swid_gen/swid_gen.h swid_gen/swid_gen.c \ + swid_gen/swid_gen_info.h swid_gen/swid_gen_info.c \ + swima/swima_data_model.h swima/swima_data_model.c \ + swima/swima_record.h swima/swima_record.c \ + swima/swima_event.h swima/swima_event.c \ + swima/swima_events.h swima/swima_events.c \ + swima/swima_inventory.h swima/swima_inventory.c \ + swima/swima_collector.h swima/swima_collector.c \ + swima/swima_error.h swima/swima_error.c \ tcg/tcg_attr.h tcg/tcg_attr.c \ tcg/pts/tcg_pts_attr_proto_caps.h tcg/pts/tcg_pts_attr_proto_caps.c \ tcg/pts/tcg_pts_attr_dh_nonce_params_req.h tcg/pts/tcg_pts_attr_dh_nonce_params_req.c \ @@ -173,6 +191,14 @@ if USE_IMV_SWID SUBDIRS += plugins/imv_swid endif +if USE_IMC_SWIMA + SUBDIRS += plugins/imc_swima +endif + +if USE_IMV_SWIMA + SUBDIRS += plugins/imv_swima +endif + if USE_IMC_HCD SUBDIRS += plugins/imc_hcd endif @@ -190,8 +216,19 @@ imcv_tests_SOURCES = \ pa_tnc/pa_tnc_attr_manager.c \ seg/seg_env.c seg/seg_contract.c \ seg/seg_contract_manager.c \ + swid_gen/swid_gen.c \ + swima/swima_data_model.c \ + swima/swima_event.c \ + swima/swima_events.c \ + swima/swima_record.c \ + swima/swima_inventory.c \ + swima/swima_collector.c \ suites/test_imcv_seg.c \ + suites/test_imcv_swima.c \ ietf/ietf_attr_pa_tnc_error.c \ + ietf/swima/ietf_swima_attr_req.c \ + ietf/swima/ietf_swima_attr_sw_inv.c \ + ietf/swima/ietf_swima_attr_sw_ev.c \ tcg/seg/tcg_seg_attr_seg_env.c \ imcv.c imcv_tests.h imcv_tests.c diff --git a/src/libimcv/Makefile.in b/src/libimcv/Makefile.in index e361f20f6..246ffe29d 100644 --- a/src/libimcv/Makefile.in +++ b/src/libimcv/Makefile.in @@ -103,8 +103,10 @@ ipsec_PROGRAMS = imv_policy_manager$(EXEEXT) @USE_IMV_ATTESTATION_TRUE@am__append_9 = plugins/imv_attestation @USE_IMC_SWID_TRUE@am__append_10 = plugins/imc_swid @USE_IMV_SWID_TRUE@am__append_11 = plugins/imv_swid -@USE_IMC_HCD_TRUE@am__append_12 = plugins/imc_hcd -@USE_IMV_HCD_TRUE@am__append_13 = plugins/imv_hcd +@USE_IMC_SWIMA_TRUE@am__append_12 = plugins/imc_swima +@USE_IMV_SWIMA_TRUE@am__append_13 = plugins/imv_swima +@USE_IMC_HCD_TRUE@am__append_14 = plugins/imc_hcd +@USE_IMV_HCD_TRUE@am__append_15 = plugins/imv_hcd TESTS = imcv_tests$(EXEEXT) check_PROGRAMS = $(am__EXEEXT_1) subdir = src/libimcv @@ -162,7 +164,7 @@ libimcv_la_DEPENDENCIES = \ $(top_builddir)/src/libstrongswan/libstrongswan.la \ $(top_builddir)/src/libtncif/libtncif.la \ $(top_builddir)/src/libtpmtss/libtpmtss.la \ - $(am__DEPENDENCIES_1) + $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) am__dirstamp = $(am__leading_dot)dirstamp am_libimcv_la_OBJECTS = imcv.lo imc/imc_agent.lo imc/imc_msg.lo \ imc/imc_os_info.lo imv/imv_agent.lo imv/imv_database.lo \ @@ -178,7 +180,10 @@ am_libimcv_la_OBJECTS = imcv.lo imc/imc_agent.lo imc/imc_msg.lo \ ietf/ietf_attr_pa_tnc_error.lo ietf/ietf_attr_port_filter.lo \ ietf/ietf_attr_product_info.lo \ ietf/ietf_attr_remediation_instr.lo \ - ietf/ietf_attr_string_version.lo ita/ita_attr.lo \ + ietf/ietf_attr_string_version.lo \ + ietf/swima/ietf_swima_attr_req.lo \ + ietf/swima/ietf_swima_attr_sw_inv.lo \ + ietf/swima/ietf_swima_attr_sw_ev.lo ita/ita_attr.lo \ ita/ita_attr_command.lo ita/ita_attr_dummy.lo \ ita/ita_attr_get_settings.lo ita/ita_attr_settings.lo \ ita/ita_attr_angel.lo os_info/os_info.lo pa_tnc/pa_tnc_msg.lo \ @@ -195,10 +200,15 @@ am_libimcv_la_OBJECTS = imcv.lo imc/imc_agent.lo imc/imc_msg.lo \ pts/components/ita/ita_comp_tboot.lo \ pts/components/ita/ita_comp_tgrub.lo \ pts/components/tcg/tcg_comp_func_name.lo pwg/pwg_attr.lo \ - pwg/pwg_attr_vendor_smi_code.lo seg/seg_contract.lo \ - seg/seg_contract_manager.lo seg/seg_env.lo swid/swid_error.lo \ - swid/swid_inventory.lo swid/swid_tag.lo swid/swid_tag_id.lo \ - tcg/tcg_attr.lo tcg/pts/tcg_pts_attr_proto_caps.lo \ + pwg/pwg_attr_vendor_smi_code.lo rest/rest.lo \ + seg/seg_contract.lo seg/seg_contract_manager.lo seg/seg_env.lo \ + swid/swid_error.lo swid/swid_inventory.lo swid/swid_tag.lo \ + swid/swid_tag_id.lo swid_gen/swid_gen.lo \ + swid_gen/swid_gen_info.lo swima/swima_data_model.lo \ + swima/swima_record.lo swima/swima_event.lo \ + swima/swima_events.lo swima/swima_inventory.lo \ + swima/swima_collector.lo swima/swima_error.lo tcg/tcg_attr.lo \ + tcg/pts/tcg_pts_attr_proto_caps.lo \ tcg/pts/tcg_pts_attr_dh_nonce_params_req.lo \ tcg/pts/tcg_pts_attr_dh_nonce_params_resp.lo \ tcg/pts/tcg_pts_attr_dh_nonce_finish.lo \ @@ -234,8 +244,19 @@ am_imcv_tests_OBJECTS = ita/imcv_tests-ita_attr_command.$(OBJEXT) \ seg/imcv_tests-seg_env.$(OBJEXT) \ seg/imcv_tests-seg_contract.$(OBJEXT) \ seg/imcv_tests-seg_contract_manager.$(OBJEXT) \ + swid_gen/imcv_tests-swid_gen.$(OBJEXT) \ + swima/imcv_tests-swima_data_model.$(OBJEXT) \ + swima/imcv_tests-swima_event.$(OBJEXT) \ + swima/imcv_tests-swima_events.$(OBJEXT) \ + swima/imcv_tests-swima_record.$(OBJEXT) \ + swima/imcv_tests-swima_inventory.$(OBJEXT) \ + swima/imcv_tests-swima_collector.$(OBJEXT) \ suites/imcv_tests-test_imcv_seg.$(OBJEXT) \ + suites/imcv_tests-test_imcv_swima.$(OBJEXT) \ ietf/imcv_tests-ietf_attr_pa_tnc_error.$(OBJEXT) \ + ietf/swima/imcv_tests-ietf_swima_attr_req.$(OBJEXT) \ + ietf/swima/imcv_tests-ietf_swima_attr_sw_inv.$(OBJEXT) \ + ietf/swima/imcv_tests-ietf_swima_attr_sw_ev.$(OBJEXT) \ tcg/seg/imcv_tests-tcg_seg_attr_seg_env.$(OBJEXT) \ imcv_tests-imcv.$(OBJEXT) imcv_tests-imcv_tests.$(OBJEXT) imcv_tests_OBJECTS = $(am_imcv_tests_OBJECTS) @@ -357,8 +378,8 @@ am__tty_colors = { \ DIST_SUBDIRS = . plugins/imc_test plugins/imv_test plugins/imc_scanner \ plugins/imv_scanner plugins/imc_os plugins/imv_os \ plugins/imc_attestation plugins/imv_attestation \ - plugins/imc_swid plugins/imv_swid plugins/imc_hcd \ - plugins/imv_hcd + plugins/imc_swid plugins/imv_swid plugins/imc_swima \ + plugins/imv_swima plugins/imc_hcd plugins/imv_hcd am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) am__relativize = \ @@ -485,8 +506,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -587,6 +606,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -615,6 +636,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ @@ -622,7 +647,11 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libstrongswan \ -I$(top_srcdir)/src/libtncif \ -I$(top_srcdir)/src/libtpmtss \ - -DIPSEC_SCRIPT=\"${ipsec_script}\" + -DIPSEC_SCRIPT=\"${ipsec_script}\" \ + -DSWID_DIRECTORY=\"${prefix}/share\" + +AM_CFLAGS = \ + $(json_CFLAGS) ipseclib_LTLIBRARIES = libimcv.la libimcv_la_LDFLAGS = \ @@ -631,7 +660,8 @@ libimcv_la_LDFLAGS = \ libimcv_la_LIBADD = \ $(top_builddir)/src/libstrongswan/libstrongswan.la \ $(top_builddir)/src/libtncif/libtncif.la \ - $(top_builddir)/src/libtpmtss/libtpmtss.la $(am__append_1) + $(top_builddir)/src/libtpmtss/libtpmtss.la $(json_LIBS) \ + $(am__append_1) libimcv_la_SOURCES = \ imcv.h imcv.c \ imc/imc_agent.h imc/imc_agent.c imc/imc_state.h \ @@ -663,6 +693,9 @@ libimcv_la_SOURCES = \ ietf/ietf_attr_product_info.h ietf/ietf_attr_product_info.c \ ietf/ietf_attr_remediation_instr.h ietf/ietf_attr_remediation_instr.c \ ietf/ietf_attr_string_version.h ietf/ietf_attr_string_version.c \ + ietf/swima/ietf_swima_attr_req.h ietf/swima/ietf_swima_attr_req.c \ + ietf/swima/ietf_swima_attr_sw_inv.h ietf/swima/ietf_swima_attr_sw_inv.c \ + ietf/swima/ietf_swima_attr_sw_ev.h ietf/swima/ietf_swima_attr_sw_ev.c \ ita/ita_attr.h ita/ita_attr.c \ ita/ita_attr_command.h ita/ita_attr_command.c \ ita/ita_attr_dummy.h ita/ita_attr_dummy.c \ @@ -698,6 +731,7 @@ libimcv_la_SOURCES = \ pts/components/tcg/tcg_comp_func_name.h pts/components/tcg/tcg_comp_func_name.c \ pwg/pwg_attr.h pwg/pwg_attr.c \ pwg/pwg_attr_vendor_smi_code.h pwg/pwg_attr_vendor_smi_code.c \ + rest/rest.h rest/rest.c \ seg/seg_contract.h seg/seg_contract.c \ seg/seg_contract_manager.h seg/seg_contract_manager.c \ seg/seg_env.h seg/seg_env.c \ @@ -705,6 +739,15 @@ libimcv_la_SOURCES = \ swid/swid_inventory.h swid/swid_inventory.c \ swid/swid_tag.h swid/swid_tag.c \ swid/swid_tag_id.h swid/swid_tag_id.c \ + swid_gen/swid_gen.h swid_gen/swid_gen.c \ + swid_gen/swid_gen_info.h swid_gen/swid_gen_info.c \ + swima/swima_data_model.h swima/swima_data_model.c \ + swima/swima_record.h swima/swima_record.c \ + swima/swima_event.h swima/swima_event.c \ + swima/swima_events.h swima/swima_events.c \ + swima/swima_inventory.h swima/swima_inventory.c \ + swima/swima_collector.h swima/swima_collector.c \ + swima/swima_error.h swima/swima_error.c \ tcg/tcg_attr.h tcg/tcg_attr.c \ tcg/pts/tcg_pts_attr_proto_caps.h tcg/pts/tcg_pts_attr_proto_caps.c \ tcg/pts/tcg_pts_attr_dh_nonce_params_req.h tcg/pts/tcg_pts_attr_dh_nonce_params_req.c \ @@ -746,14 +789,26 @@ imv_policy_manager_LDADD = \ SUBDIRS = . $(am__append_2) $(am__append_3) $(am__append_4) \ $(am__append_5) $(am__append_6) $(am__append_7) \ $(am__append_8) $(am__append_9) $(am__append_10) \ - $(am__append_11) $(am__append_12) $(am__append_13) + $(am__append_11) $(am__append_12) $(am__append_13) \ + $(am__append_14) $(am__append_15) imcv_tests_SOURCES = \ ita/ita_attr_command.c \ pa_tnc/pa_tnc_attr_manager.c \ seg/seg_env.c seg/seg_contract.c \ seg/seg_contract_manager.c \ + swid_gen/swid_gen.c \ + swima/swima_data_model.c \ + swima/swima_event.c \ + swima/swima_events.c \ + swima/swima_record.c \ + swima/swima_inventory.c \ + swima/swima_collector.c \ suites/test_imcv_seg.c \ + suites/test_imcv_swima.c \ ietf/ietf_attr_pa_tnc_error.c \ + ietf/swima/ietf_swima_attr_req.c \ + ietf/swima/ietf_swima_attr_sw_inv.c \ + ietf/swima/ietf_swima_attr_sw_ev.c \ tcg/seg/tcg_seg_attr_seg_env.c \ imcv.c imcv_tests.h imcv_tests.c @@ -908,6 +963,18 @@ ietf/ietf_attr_remediation_instr.lo: ietf/$(am__dirstamp) \ ietf/$(DEPDIR)/$(am__dirstamp) ietf/ietf_attr_string_version.lo: ietf/$(am__dirstamp) \ ietf/$(DEPDIR)/$(am__dirstamp) +ietf/swima/$(am__dirstamp): + @$(MKDIR_P) ietf/swima + @: > ietf/swima/$(am__dirstamp) +ietf/swima/$(DEPDIR)/$(am__dirstamp): + @$(MKDIR_P) ietf/swima/$(DEPDIR) + @: > ietf/swima/$(DEPDIR)/$(am__dirstamp) +ietf/swima/ietf_swima_attr_req.lo: ietf/swima/$(am__dirstamp) \ + ietf/swima/$(DEPDIR)/$(am__dirstamp) +ietf/swima/ietf_swima_attr_sw_inv.lo: ietf/swima/$(am__dirstamp) \ + ietf/swima/$(DEPDIR)/$(am__dirstamp) +ietf/swima/ietf_swima_attr_sw_ev.lo: ietf/swima/$(am__dirstamp) \ + ietf/swima/$(DEPDIR)/$(am__dirstamp) ita/$(am__dirstamp): @$(MKDIR_P) ita @: > ita/$(am__dirstamp) @@ -1016,6 +1083,13 @@ pwg/$(DEPDIR)/$(am__dirstamp): pwg/pwg_attr.lo: pwg/$(am__dirstamp) pwg/$(DEPDIR)/$(am__dirstamp) pwg/pwg_attr_vendor_smi_code.lo: pwg/$(am__dirstamp) \ pwg/$(DEPDIR)/$(am__dirstamp) +rest/$(am__dirstamp): + @$(MKDIR_P) rest + @: > rest/$(am__dirstamp) +rest/$(DEPDIR)/$(am__dirstamp): + @$(MKDIR_P) rest/$(DEPDIR) + @: > rest/$(DEPDIR)/$(am__dirstamp) +rest/rest.lo: rest/$(am__dirstamp) rest/$(DEPDIR)/$(am__dirstamp) seg/$(am__dirstamp): @$(MKDIR_P) seg @: > seg/$(am__dirstamp) @@ -1039,6 +1113,36 @@ swid/swid_inventory.lo: swid/$(am__dirstamp) \ swid/swid_tag.lo: swid/$(am__dirstamp) swid/$(DEPDIR)/$(am__dirstamp) swid/swid_tag_id.lo: swid/$(am__dirstamp) \ swid/$(DEPDIR)/$(am__dirstamp) +swid_gen/$(am__dirstamp): + @$(MKDIR_P) swid_gen + @: > swid_gen/$(am__dirstamp) +swid_gen/$(DEPDIR)/$(am__dirstamp): + @$(MKDIR_P) swid_gen/$(DEPDIR) + @: > swid_gen/$(DEPDIR)/$(am__dirstamp) +swid_gen/swid_gen.lo: swid_gen/$(am__dirstamp) \ + swid_gen/$(DEPDIR)/$(am__dirstamp) +swid_gen/swid_gen_info.lo: swid_gen/$(am__dirstamp) \ + swid_gen/$(DEPDIR)/$(am__dirstamp) +swima/$(am__dirstamp): + @$(MKDIR_P) swima + @: > swima/$(am__dirstamp) +swima/$(DEPDIR)/$(am__dirstamp): + @$(MKDIR_P) swima/$(DEPDIR) + @: > swima/$(DEPDIR)/$(am__dirstamp) +swima/swima_data_model.lo: swima/$(am__dirstamp) \ + swima/$(DEPDIR)/$(am__dirstamp) +swima/swima_record.lo: swima/$(am__dirstamp) \ + swima/$(DEPDIR)/$(am__dirstamp) +swima/swima_event.lo: swima/$(am__dirstamp) \ + swima/$(DEPDIR)/$(am__dirstamp) +swima/swima_events.lo: swima/$(am__dirstamp) \ + swima/$(DEPDIR)/$(am__dirstamp) +swima/swima_inventory.lo: swima/$(am__dirstamp) \ + swima/$(DEPDIR)/$(am__dirstamp) +swima/swima_collector.lo: swima/$(am__dirstamp) \ + swima/$(DEPDIR)/$(am__dirstamp) +swima/swima_error.lo: swima/$(am__dirstamp) \ + swima/$(DEPDIR)/$(am__dirstamp) tcg/$(am__dirstamp): @$(MKDIR_P) tcg @: > tcg/$(am__dirstamp) @@ -1181,6 +1285,20 @@ seg/imcv_tests-seg_contract.$(OBJEXT): seg/$(am__dirstamp) \ seg/$(DEPDIR)/$(am__dirstamp) seg/imcv_tests-seg_contract_manager.$(OBJEXT): seg/$(am__dirstamp) \ seg/$(DEPDIR)/$(am__dirstamp) +swid_gen/imcv_tests-swid_gen.$(OBJEXT): swid_gen/$(am__dirstamp) \ + swid_gen/$(DEPDIR)/$(am__dirstamp) +swima/imcv_tests-swima_data_model.$(OBJEXT): swima/$(am__dirstamp) \ + swima/$(DEPDIR)/$(am__dirstamp) +swima/imcv_tests-swima_event.$(OBJEXT): swima/$(am__dirstamp) \ + swima/$(DEPDIR)/$(am__dirstamp) +swima/imcv_tests-swima_events.$(OBJEXT): swima/$(am__dirstamp) \ + swima/$(DEPDIR)/$(am__dirstamp) +swima/imcv_tests-swima_record.$(OBJEXT): swima/$(am__dirstamp) \ + swima/$(DEPDIR)/$(am__dirstamp) +swima/imcv_tests-swima_inventory.$(OBJEXT): swima/$(am__dirstamp) \ + swima/$(DEPDIR)/$(am__dirstamp) +swima/imcv_tests-swima_collector.$(OBJEXT): swima/$(am__dirstamp) \ + swima/$(DEPDIR)/$(am__dirstamp) suites/$(am__dirstamp): @$(MKDIR_P) suites @: > suites/$(am__dirstamp) @@ -1189,8 +1307,19 @@ suites/$(DEPDIR)/$(am__dirstamp): @: > suites/$(DEPDIR)/$(am__dirstamp) suites/imcv_tests-test_imcv_seg.$(OBJEXT): suites/$(am__dirstamp) \ suites/$(DEPDIR)/$(am__dirstamp) +suites/imcv_tests-test_imcv_swima.$(OBJEXT): suites/$(am__dirstamp) \ + suites/$(DEPDIR)/$(am__dirstamp) ietf/imcv_tests-ietf_attr_pa_tnc_error.$(OBJEXT): \ ietf/$(am__dirstamp) ietf/$(DEPDIR)/$(am__dirstamp) +ietf/swima/imcv_tests-ietf_swima_attr_req.$(OBJEXT): \ + ietf/swima/$(am__dirstamp) \ + ietf/swima/$(DEPDIR)/$(am__dirstamp) +ietf/swima/imcv_tests-ietf_swima_attr_sw_inv.$(OBJEXT): \ + ietf/swima/$(am__dirstamp) \ + ietf/swima/$(DEPDIR)/$(am__dirstamp) +ietf/swima/imcv_tests-ietf_swima_attr_sw_ev.$(OBJEXT): \ + ietf/swima/$(am__dirstamp) \ + ietf/swima/$(DEPDIR)/$(am__dirstamp) tcg/seg/imcv_tests-tcg_seg_attr_seg_env.$(OBJEXT): \ tcg/seg/$(am__dirstamp) tcg/seg/$(DEPDIR)/$(am__dirstamp) @@ -1247,6 +1376,8 @@ mostlyclean-compile: -rm -f generic/*.lo -rm -f ietf/*.$(OBJEXT) -rm -f ietf/*.lo + -rm -f ietf/swima/*.$(OBJEXT) + -rm -f ietf/swima/*.lo -rm -f imc/*.$(OBJEXT) -rm -f imc/*.lo -rm -f imv/*.$(OBJEXT) @@ -1267,11 +1398,17 @@ mostlyclean-compile: -rm -f pts/components/tcg/*.lo -rm -f pwg/*.$(OBJEXT) -rm -f pwg/*.lo + -rm -f rest/*.$(OBJEXT) + -rm -f rest/*.lo -rm -f seg/*.$(OBJEXT) -rm -f seg/*.lo -rm -f suites/*.$(OBJEXT) -rm -f swid/*.$(OBJEXT) -rm -f swid/*.lo + -rm -f swid_gen/*.$(OBJEXT) + -rm -f swid_gen/*.lo + -rm -f swima/*.$(OBJEXT) + -rm -f swima/*.lo -rm -f tcg/*.$(OBJEXT) -rm -f tcg/*.lo -rm -f tcg/pts/*.$(OBJEXT) @@ -1303,6 +1440,12 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@ietf/$(DEPDIR)/ietf_attr_remediation_instr.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@ietf/$(DEPDIR)/ietf_attr_string_version.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@ietf/$(DEPDIR)/imcv_tests-ietf_attr_pa_tnc_error.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@ietf/swima/$(DEPDIR)/ietf_swima_attr_req.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@ietf/swima/$(DEPDIR)/ietf_swima_attr_sw_ev.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@ietf/swima/$(DEPDIR)/ietf_swima_attr_sw_inv.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@ietf/swima/$(DEPDIR)/imcv_tests-ietf_swima_attr_req.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@ietf/swima/$(DEPDIR)/imcv_tests-ietf_swima_attr_sw_ev.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@ietf/swima/$(DEPDIR)/imcv_tests-ietf_swima_attr_sw_inv.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@imc/$(DEPDIR)/imc_agent.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@imc/$(DEPDIR)/imc_msg.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@imc/$(DEPDIR)/imc_os_info.Plo@am__quote@ @@ -1351,6 +1494,7 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@pts/components/tcg/$(DEPDIR)/tcg_comp_func_name.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@pwg/$(DEPDIR)/pwg_attr.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@pwg/$(DEPDIR)/pwg_attr_vendor_smi_code.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@rest/$(DEPDIR)/rest.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@seg/$(DEPDIR)/imcv_tests-seg_contract.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@seg/$(DEPDIR)/imcv_tests-seg_contract_manager.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@seg/$(DEPDIR)/imcv_tests-seg_env.Po@am__quote@ @@ -1358,10 +1502,27 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@seg/$(DEPDIR)/seg_contract_manager.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@seg/$(DEPDIR)/seg_env.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/imcv_tests-test_imcv_seg.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/imcv_tests-test_imcv_swima.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@swid/$(DEPDIR)/swid_error.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@swid/$(DEPDIR)/swid_inventory.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@swid/$(DEPDIR)/swid_tag.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@swid/$(DEPDIR)/swid_tag_id.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@swid_gen/$(DEPDIR)/imcv_tests-swid_gen.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@swid_gen/$(DEPDIR)/swid_gen.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@swid_gen/$(DEPDIR)/swid_gen_info.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@swima/$(DEPDIR)/imcv_tests-swima_collector.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@swima/$(DEPDIR)/imcv_tests-swima_data_model.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@swima/$(DEPDIR)/imcv_tests-swima_event.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@swima/$(DEPDIR)/imcv_tests-swima_events.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@swima/$(DEPDIR)/imcv_tests-swima_inventory.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@swima/$(DEPDIR)/imcv_tests-swima_record.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@swima/$(DEPDIR)/swima_collector.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@swima/$(DEPDIR)/swima_data_model.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@swima/$(DEPDIR)/swima_error.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@swima/$(DEPDIR)/swima_event.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@swima/$(DEPDIR)/swima_events.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@swima/$(DEPDIR)/swima_inventory.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@swima/$(DEPDIR)/swima_record.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@tcg/$(DEPDIR)/tcg_attr.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@tcg/pts/$(DEPDIR)/tcg_pts_attr_aik.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@tcg/pts/$(DEPDIR)/tcg_pts_attr_dh_nonce_finish.Plo@am__quote@ @@ -1482,6 +1643,104 @@ seg/imcv_tests-seg_contract_manager.obj: seg/seg_contract_manager.c @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -c -o seg/imcv_tests-seg_contract_manager.obj `if test -f 'seg/seg_contract_manager.c'; then $(CYGPATH_W) 'seg/seg_contract_manager.c'; else $(CYGPATH_W) '$(srcdir)/seg/seg_contract_manager.c'; fi` +swid_gen/imcv_tests-swid_gen.o: swid_gen/swid_gen.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -MT swid_gen/imcv_tests-swid_gen.o -MD -MP -MF swid_gen/$(DEPDIR)/imcv_tests-swid_gen.Tpo -c -o swid_gen/imcv_tests-swid_gen.o `test -f 'swid_gen/swid_gen.c' || echo '$(srcdir)/'`swid_gen/swid_gen.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) swid_gen/$(DEPDIR)/imcv_tests-swid_gen.Tpo swid_gen/$(DEPDIR)/imcv_tests-swid_gen.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='swid_gen/swid_gen.c' object='swid_gen/imcv_tests-swid_gen.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -c -o swid_gen/imcv_tests-swid_gen.o `test -f 'swid_gen/swid_gen.c' || echo '$(srcdir)/'`swid_gen/swid_gen.c + +swid_gen/imcv_tests-swid_gen.obj: swid_gen/swid_gen.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -MT swid_gen/imcv_tests-swid_gen.obj -MD -MP -MF swid_gen/$(DEPDIR)/imcv_tests-swid_gen.Tpo -c -o swid_gen/imcv_tests-swid_gen.obj `if test -f 'swid_gen/swid_gen.c'; then $(CYGPATH_W) 'swid_gen/swid_gen.c'; else $(CYGPATH_W) '$(srcdir)/swid_gen/swid_gen.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) swid_gen/$(DEPDIR)/imcv_tests-swid_gen.Tpo swid_gen/$(DEPDIR)/imcv_tests-swid_gen.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='swid_gen/swid_gen.c' object='swid_gen/imcv_tests-swid_gen.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -c -o swid_gen/imcv_tests-swid_gen.obj `if test -f 'swid_gen/swid_gen.c'; then $(CYGPATH_W) 'swid_gen/swid_gen.c'; else $(CYGPATH_W) '$(srcdir)/swid_gen/swid_gen.c'; fi` + +swima/imcv_tests-swima_data_model.o: swima/swima_data_model.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -MT swima/imcv_tests-swima_data_model.o -MD -MP -MF swima/$(DEPDIR)/imcv_tests-swima_data_model.Tpo -c -o swima/imcv_tests-swima_data_model.o `test -f 'swima/swima_data_model.c' || echo '$(srcdir)/'`swima/swima_data_model.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) swima/$(DEPDIR)/imcv_tests-swima_data_model.Tpo swima/$(DEPDIR)/imcv_tests-swima_data_model.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='swima/swima_data_model.c' object='swima/imcv_tests-swima_data_model.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -c -o swima/imcv_tests-swima_data_model.o `test -f 'swima/swima_data_model.c' || echo '$(srcdir)/'`swima/swima_data_model.c + +swima/imcv_tests-swima_data_model.obj: swima/swima_data_model.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -MT swima/imcv_tests-swima_data_model.obj -MD -MP -MF swima/$(DEPDIR)/imcv_tests-swima_data_model.Tpo -c -o swima/imcv_tests-swima_data_model.obj `if test -f 'swima/swima_data_model.c'; then $(CYGPATH_W) 'swima/swima_data_model.c'; else $(CYGPATH_W) '$(srcdir)/swima/swima_data_model.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) swima/$(DEPDIR)/imcv_tests-swima_data_model.Tpo swima/$(DEPDIR)/imcv_tests-swima_data_model.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='swima/swima_data_model.c' object='swima/imcv_tests-swima_data_model.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -c -o swima/imcv_tests-swima_data_model.obj `if test -f 'swima/swima_data_model.c'; then $(CYGPATH_W) 'swima/swima_data_model.c'; else $(CYGPATH_W) '$(srcdir)/swima/swima_data_model.c'; fi` + +swima/imcv_tests-swima_event.o: swima/swima_event.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -MT swima/imcv_tests-swima_event.o -MD -MP -MF swima/$(DEPDIR)/imcv_tests-swima_event.Tpo -c -o swima/imcv_tests-swima_event.o `test -f 'swima/swima_event.c' || echo '$(srcdir)/'`swima/swima_event.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) swima/$(DEPDIR)/imcv_tests-swima_event.Tpo swima/$(DEPDIR)/imcv_tests-swima_event.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='swima/swima_event.c' object='swima/imcv_tests-swima_event.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -c -o swima/imcv_tests-swima_event.o `test -f 'swima/swima_event.c' || echo '$(srcdir)/'`swima/swima_event.c + +swima/imcv_tests-swima_event.obj: swima/swima_event.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -MT swima/imcv_tests-swima_event.obj -MD -MP -MF swima/$(DEPDIR)/imcv_tests-swima_event.Tpo -c -o swima/imcv_tests-swima_event.obj `if test -f 'swima/swima_event.c'; then $(CYGPATH_W) 'swima/swima_event.c'; else $(CYGPATH_W) '$(srcdir)/swima/swima_event.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) swima/$(DEPDIR)/imcv_tests-swima_event.Tpo swima/$(DEPDIR)/imcv_tests-swima_event.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='swima/swima_event.c' object='swima/imcv_tests-swima_event.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -c -o swima/imcv_tests-swima_event.obj `if test -f 'swima/swima_event.c'; then $(CYGPATH_W) 'swima/swima_event.c'; else $(CYGPATH_W) '$(srcdir)/swima/swima_event.c'; fi` + +swima/imcv_tests-swima_events.o: swima/swima_events.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -MT swima/imcv_tests-swima_events.o -MD -MP -MF swima/$(DEPDIR)/imcv_tests-swima_events.Tpo -c -o swima/imcv_tests-swima_events.o `test -f 'swima/swima_events.c' || echo '$(srcdir)/'`swima/swima_events.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) swima/$(DEPDIR)/imcv_tests-swima_events.Tpo swima/$(DEPDIR)/imcv_tests-swima_events.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='swima/swima_events.c' object='swima/imcv_tests-swima_events.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -c -o swima/imcv_tests-swima_events.o `test -f 'swima/swima_events.c' || echo '$(srcdir)/'`swima/swima_events.c + +swima/imcv_tests-swima_events.obj: swima/swima_events.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -MT swima/imcv_tests-swima_events.obj -MD -MP -MF swima/$(DEPDIR)/imcv_tests-swima_events.Tpo -c -o swima/imcv_tests-swima_events.obj `if test -f 'swima/swima_events.c'; then $(CYGPATH_W) 'swima/swima_events.c'; else $(CYGPATH_W) '$(srcdir)/swima/swima_events.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) swima/$(DEPDIR)/imcv_tests-swima_events.Tpo swima/$(DEPDIR)/imcv_tests-swima_events.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='swima/swima_events.c' object='swima/imcv_tests-swima_events.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -c -o swima/imcv_tests-swima_events.obj `if test -f 'swima/swima_events.c'; then $(CYGPATH_W) 'swima/swima_events.c'; else $(CYGPATH_W) '$(srcdir)/swima/swima_events.c'; fi` + +swima/imcv_tests-swima_record.o: swima/swima_record.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -MT swima/imcv_tests-swima_record.o -MD -MP -MF swima/$(DEPDIR)/imcv_tests-swima_record.Tpo -c -o swima/imcv_tests-swima_record.o `test -f 'swima/swima_record.c' || echo '$(srcdir)/'`swima/swima_record.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) swima/$(DEPDIR)/imcv_tests-swima_record.Tpo swima/$(DEPDIR)/imcv_tests-swima_record.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='swima/swima_record.c' object='swima/imcv_tests-swima_record.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -c -o swima/imcv_tests-swima_record.o `test -f 'swima/swima_record.c' || echo '$(srcdir)/'`swima/swima_record.c + +swima/imcv_tests-swima_record.obj: swima/swima_record.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -MT swima/imcv_tests-swima_record.obj -MD -MP -MF swima/$(DEPDIR)/imcv_tests-swima_record.Tpo -c -o swima/imcv_tests-swima_record.obj `if test -f 'swima/swima_record.c'; then $(CYGPATH_W) 'swima/swima_record.c'; else $(CYGPATH_W) '$(srcdir)/swima/swima_record.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) swima/$(DEPDIR)/imcv_tests-swima_record.Tpo swima/$(DEPDIR)/imcv_tests-swima_record.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='swima/swima_record.c' object='swima/imcv_tests-swima_record.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -c -o swima/imcv_tests-swima_record.obj `if test -f 'swima/swima_record.c'; then $(CYGPATH_W) 'swima/swima_record.c'; else $(CYGPATH_W) '$(srcdir)/swima/swima_record.c'; fi` + +swima/imcv_tests-swima_inventory.o: swima/swima_inventory.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -MT swima/imcv_tests-swima_inventory.o -MD -MP -MF swima/$(DEPDIR)/imcv_tests-swima_inventory.Tpo -c -o swima/imcv_tests-swima_inventory.o `test -f 'swima/swima_inventory.c' || echo '$(srcdir)/'`swima/swima_inventory.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) swima/$(DEPDIR)/imcv_tests-swima_inventory.Tpo swima/$(DEPDIR)/imcv_tests-swima_inventory.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='swima/swima_inventory.c' object='swima/imcv_tests-swima_inventory.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -c -o swima/imcv_tests-swima_inventory.o `test -f 'swima/swima_inventory.c' || echo '$(srcdir)/'`swima/swima_inventory.c + +swima/imcv_tests-swima_inventory.obj: swima/swima_inventory.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -MT swima/imcv_tests-swima_inventory.obj -MD -MP -MF swima/$(DEPDIR)/imcv_tests-swima_inventory.Tpo -c -o swima/imcv_tests-swima_inventory.obj `if test -f 'swima/swima_inventory.c'; then $(CYGPATH_W) 'swima/swima_inventory.c'; else $(CYGPATH_W) '$(srcdir)/swima/swima_inventory.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) swima/$(DEPDIR)/imcv_tests-swima_inventory.Tpo swima/$(DEPDIR)/imcv_tests-swima_inventory.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='swima/swima_inventory.c' object='swima/imcv_tests-swima_inventory.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -c -o swima/imcv_tests-swima_inventory.obj `if test -f 'swima/swima_inventory.c'; then $(CYGPATH_W) 'swima/swima_inventory.c'; else $(CYGPATH_W) '$(srcdir)/swima/swima_inventory.c'; fi` + +swima/imcv_tests-swima_collector.o: swima/swima_collector.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -MT swima/imcv_tests-swima_collector.o -MD -MP -MF swima/$(DEPDIR)/imcv_tests-swima_collector.Tpo -c -o swima/imcv_tests-swima_collector.o `test -f 'swima/swima_collector.c' || echo '$(srcdir)/'`swima/swima_collector.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) swima/$(DEPDIR)/imcv_tests-swima_collector.Tpo swima/$(DEPDIR)/imcv_tests-swima_collector.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='swima/swima_collector.c' object='swima/imcv_tests-swima_collector.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -c -o swima/imcv_tests-swima_collector.o `test -f 'swima/swima_collector.c' || echo '$(srcdir)/'`swima/swima_collector.c + +swima/imcv_tests-swima_collector.obj: swima/swima_collector.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -MT swima/imcv_tests-swima_collector.obj -MD -MP -MF swima/$(DEPDIR)/imcv_tests-swima_collector.Tpo -c -o swima/imcv_tests-swima_collector.obj `if test -f 'swima/swima_collector.c'; then $(CYGPATH_W) 'swima/swima_collector.c'; else $(CYGPATH_W) '$(srcdir)/swima/swima_collector.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) swima/$(DEPDIR)/imcv_tests-swima_collector.Tpo swima/$(DEPDIR)/imcv_tests-swima_collector.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='swima/swima_collector.c' object='swima/imcv_tests-swima_collector.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -c -o swima/imcv_tests-swima_collector.obj `if test -f 'swima/swima_collector.c'; then $(CYGPATH_W) 'swima/swima_collector.c'; else $(CYGPATH_W) '$(srcdir)/swima/swima_collector.c'; fi` + suites/imcv_tests-test_imcv_seg.o: suites/test_imcv_seg.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -MT suites/imcv_tests-test_imcv_seg.o -MD -MP -MF suites/$(DEPDIR)/imcv_tests-test_imcv_seg.Tpo -c -o suites/imcv_tests-test_imcv_seg.o `test -f 'suites/test_imcv_seg.c' || echo '$(srcdir)/'`suites/test_imcv_seg.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/imcv_tests-test_imcv_seg.Tpo suites/$(DEPDIR)/imcv_tests-test_imcv_seg.Po @@ -1496,6 +1755,20 @@ suites/imcv_tests-test_imcv_seg.obj: suites/test_imcv_seg.c @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -c -o suites/imcv_tests-test_imcv_seg.obj `if test -f 'suites/test_imcv_seg.c'; then $(CYGPATH_W) 'suites/test_imcv_seg.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_imcv_seg.c'; fi` +suites/imcv_tests-test_imcv_swima.o: suites/test_imcv_swima.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -MT suites/imcv_tests-test_imcv_swima.o -MD -MP -MF suites/$(DEPDIR)/imcv_tests-test_imcv_swima.Tpo -c -o suites/imcv_tests-test_imcv_swima.o `test -f 'suites/test_imcv_swima.c' || echo '$(srcdir)/'`suites/test_imcv_swima.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/imcv_tests-test_imcv_swima.Tpo suites/$(DEPDIR)/imcv_tests-test_imcv_swima.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_imcv_swima.c' object='suites/imcv_tests-test_imcv_swima.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -c -o suites/imcv_tests-test_imcv_swima.o `test -f 'suites/test_imcv_swima.c' || echo '$(srcdir)/'`suites/test_imcv_swima.c + +suites/imcv_tests-test_imcv_swima.obj: suites/test_imcv_swima.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -MT suites/imcv_tests-test_imcv_swima.obj -MD -MP -MF suites/$(DEPDIR)/imcv_tests-test_imcv_swima.Tpo -c -o suites/imcv_tests-test_imcv_swima.obj `if test -f 'suites/test_imcv_swima.c'; then $(CYGPATH_W) 'suites/test_imcv_swima.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_imcv_swima.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/imcv_tests-test_imcv_swima.Tpo suites/$(DEPDIR)/imcv_tests-test_imcv_swima.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_imcv_swima.c' object='suites/imcv_tests-test_imcv_swima.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -c -o suites/imcv_tests-test_imcv_swima.obj `if test -f 'suites/test_imcv_swima.c'; then $(CYGPATH_W) 'suites/test_imcv_swima.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_imcv_swima.c'; fi` + ietf/imcv_tests-ietf_attr_pa_tnc_error.o: ietf/ietf_attr_pa_tnc_error.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -MT ietf/imcv_tests-ietf_attr_pa_tnc_error.o -MD -MP -MF ietf/$(DEPDIR)/imcv_tests-ietf_attr_pa_tnc_error.Tpo -c -o ietf/imcv_tests-ietf_attr_pa_tnc_error.o `test -f 'ietf/ietf_attr_pa_tnc_error.c' || echo '$(srcdir)/'`ietf/ietf_attr_pa_tnc_error.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) ietf/$(DEPDIR)/imcv_tests-ietf_attr_pa_tnc_error.Tpo ietf/$(DEPDIR)/imcv_tests-ietf_attr_pa_tnc_error.Po @@ -1510,6 +1783,48 @@ ietf/imcv_tests-ietf_attr_pa_tnc_error.obj: ietf/ietf_attr_pa_tnc_error.c @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -c -o ietf/imcv_tests-ietf_attr_pa_tnc_error.obj `if test -f 'ietf/ietf_attr_pa_tnc_error.c'; then $(CYGPATH_W) 'ietf/ietf_attr_pa_tnc_error.c'; else $(CYGPATH_W) '$(srcdir)/ietf/ietf_attr_pa_tnc_error.c'; fi` +ietf/swima/imcv_tests-ietf_swima_attr_req.o: ietf/swima/ietf_swima_attr_req.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -MT ietf/swima/imcv_tests-ietf_swima_attr_req.o -MD -MP -MF ietf/swima/$(DEPDIR)/imcv_tests-ietf_swima_attr_req.Tpo -c -o ietf/swima/imcv_tests-ietf_swima_attr_req.o `test -f 'ietf/swima/ietf_swima_attr_req.c' || echo '$(srcdir)/'`ietf/swima/ietf_swima_attr_req.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) ietf/swima/$(DEPDIR)/imcv_tests-ietf_swima_attr_req.Tpo ietf/swima/$(DEPDIR)/imcv_tests-ietf_swima_attr_req.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='ietf/swima/ietf_swima_attr_req.c' object='ietf/swima/imcv_tests-ietf_swima_attr_req.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -c -o ietf/swima/imcv_tests-ietf_swima_attr_req.o `test -f 'ietf/swima/ietf_swima_attr_req.c' || echo '$(srcdir)/'`ietf/swima/ietf_swima_attr_req.c + +ietf/swima/imcv_tests-ietf_swima_attr_req.obj: ietf/swima/ietf_swima_attr_req.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -MT ietf/swima/imcv_tests-ietf_swima_attr_req.obj -MD -MP -MF ietf/swima/$(DEPDIR)/imcv_tests-ietf_swima_attr_req.Tpo -c -o ietf/swima/imcv_tests-ietf_swima_attr_req.obj `if test -f 'ietf/swima/ietf_swima_attr_req.c'; then $(CYGPATH_W) 'ietf/swima/ietf_swima_attr_req.c'; else $(CYGPATH_W) '$(srcdir)/ietf/swima/ietf_swima_attr_req.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) ietf/swima/$(DEPDIR)/imcv_tests-ietf_swima_attr_req.Tpo ietf/swima/$(DEPDIR)/imcv_tests-ietf_swima_attr_req.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='ietf/swima/ietf_swima_attr_req.c' object='ietf/swima/imcv_tests-ietf_swima_attr_req.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -c -o ietf/swima/imcv_tests-ietf_swima_attr_req.obj `if test -f 'ietf/swima/ietf_swima_attr_req.c'; then $(CYGPATH_W) 'ietf/swima/ietf_swima_attr_req.c'; else $(CYGPATH_W) '$(srcdir)/ietf/swima/ietf_swima_attr_req.c'; fi` + +ietf/swima/imcv_tests-ietf_swima_attr_sw_inv.o: ietf/swima/ietf_swima_attr_sw_inv.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -MT ietf/swima/imcv_tests-ietf_swima_attr_sw_inv.o -MD -MP -MF ietf/swima/$(DEPDIR)/imcv_tests-ietf_swima_attr_sw_inv.Tpo -c -o ietf/swima/imcv_tests-ietf_swima_attr_sw_inv.o `test -f 'ietf/swima/ietf_swima_attr_sw_inv.c' || echo '$(srcdir)/'`ietf/swima/ietf_swima_attr_sw_inv.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) ietf/swima/$(DEPDIR)/imcv_tests-ietf_swima_attr_sw_inv.Tpo ietf/swima/$(DEPDIR)/imcv_tests-ietf_swima_attr_sw_inv.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='ietf/swima/ietf_swima_attr_sw_inv.c' object='ietf/swima/imcv_tests-ietf_swima_attr_sw_inv.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -c -o ietf/swima/imcv_tests-ietf_swima_attr_sw_inv.o `test -f 'ietf/swima/ietf_swima_attr_sw_inv.c' || echo '$(srcdir)/'`ietf/swima/ietf_swima_attr_sw_inv.c + +ietf/swima/imcv_tests-ietf_swima_attr_sw_inv.obj: ietf/swima/ietf_swima_attr_sw_inv.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -MT ietf/swima/imcv_tests-ietf_swima_attr_sw_inv.obj -MD -MP -MF ietf/swima/$(DEPDIR)/imcv_tests-ietf_swima_attr_sw_inv.Tpo -c -o ietf/swima/imcv_tests-ietf_swima_attr_sw_inv.obj `if test -f 'ietf/swima/ietf_swima_attr_sw_inv.c'; then $(CYGPATH_W) 'ietf/swima/ietf_swima_attr_sw_inv.c'; else $(CYGPATH_W) '$(srcdir)/ietf/swima/ietf_swima_attr_sw_inv.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) ietf/swima/$(DEPDIR)/imcv_tests-ietf_swima_attr_sw_inv.Tpo ietf/swima/$(DEPDIR)/imcv_tests-ietf_swima_attr_sw_inv.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='ietf/swima/ietf_swima_attr_sw_inv.c' object='ietf/swima/imcv_tests-ietf_swima_attr_sw_inv.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -c -o ietf/swima/imcv_tests-ietf_swima_attr_sw_inv.obj `if test -f 'ietf/swima/ietf_swima_attr_sw_inv.c'; then $(CYGPATH_W) 'ietf/swima/ietf_swima_attr_sw_inv.c'; else $(CYGPATH_W) '$(srcdir)/ietf/swima/ietf_swima_attr_sw_inv.c'; fi` + +ietf/swima/imcv_tests-ietf_swima_attr_sw_ev.o: ietf/swima/ietf_swima_attr_sw_ev.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -MT ietf/swima/imcv_tests-ietf_swima_attr_sw_ev.o -MD -MP -MF ietf/swima/$(DEPDIR)/imcv_tests-ietf_swima_attr_sw_ev.Tpo -c -o ietf/swima/imcv_tests-ietf_swima_attr_sw_ev.o `test -f 'ietf/swima/ietf_swima_attr_sw_ev.c' || echo '$(srcdir)/'`ietf/swima/ietf_swima_attr_sw_ev.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) ietf/swima/$(DEPDIR)/imcv_tests-ietf_swima_attr_sw_ev.Tpo ietf/swima/$(DEPDIR)/imcv_tests-ietf_swima_attr_sw_ev.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='ietf/swima/ietf_swima_attr_sw_ev.c' object='ietf/swima/imcv_tests-ietf_swima_attr_sw_ev.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -c -o ietf/swima/imcv_tests-ietf_swima_attr_sw_ev.o `test -f 'ietf/swima/ietf_swima_attr_sw_ev.c' || echo '$(srcdir)/'`ietf/swima/ietf_swima_attr_sw_ev.c + +ietf/swima/imcv_tests-ietf_swima_attr_sw_ev.obj: ietf/swima/ietf_swima_attr_sw_ev.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -MT ietf/swima/imcv_tests-ietf_swima_attr_sw_ev.obj -MD -MP -MF ietf/swima/$(DEPDIR)/imcv_tests-ietf_swima_attr_sw_ev.Tpo -c -o ietf/swima/imcv_tests-ietf_swima_attr_sw_ev.obj `if test -f 'ietf/swima/ietf_swima_attr_sw_ev.c'; then $(CYGPATH_W) 'ietf/swima/ietf_swima_attr_sw_ev.c'; else $(CYGPATH_W) '$(srcdir)/ietf/swima/ietf_swima_attr_sw_ev.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) ietf/swima/$(DEPDIR)/imcv_tests-ietf_swima_attr_sw_ev.Tpo ietf/swima/$(DEPDIR)/imcv_tests-ietf_swima_attr_sw_ev.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='ietf/swima/ietf_swima_attr_sw_ev.c' object='ietf/swima/imcv_tests-ietf_swima_attr_sw_ev.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -c -o ietf/swima/imcv_tests-ietf_swima_attr_sw_ev.obj `if test -f 'ietf/swima/ietf_swima_attr_sw_ev.c'; then $(CYGPATH_W) 'ietf/swima/ietf_swima_attr_sw_ev.c'; else $(CYGPATH_W) '$(srcdir)/ietf/swima/ietf_swima_attr_sw_ev.c'; fi` + tcg/seg/imcv_tests-tcg_seg_attr_seg_env.o: tcg/seg/tcg_seg_attr_seg_env.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -MT tcg/seg/imcv_tests-tcg_seg_attr_seg_env.o -MD -MP -MF tcg/seg/$(DEPDIR)/imcv_tests-tcg_seg_attr_seg_env.Tpo -c -o tcg/seg/imcv_tests-tcg_seg_attr_seg_env.o `test -f 'tcg/seg/tcg_seg_attr_seg_env.c' || echo '$(srcdir)/'`tcg/seg/tcg_seg_attr_seg_env.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) tcg/seg/$(DEPDIR)/imcv_tests-tcg_seg_attr_seg_env.Tpo tcg/seg/$(DEPDIR)/imcv_tests-tcg_seg_attr_seg_env.Po @@ -1559,6 +1874,7 @@ clean-libtool: -rm -rf .libs _libs -rm -rf generic/.libs generic/_libs -rm -rf ietf/.libs ietf/_libs + -rm -rf ietf/swima/.libs ietf/swima/_libs -rm -rf imc/.libs imc/_libs -rm -rf imv/.libs imv/_libs -rm -rf ita/.libs ita/_libs @@ -1569,8 +1885,11 @@ clean-libtool: -rm -rf pts/components/ita/.libs pts/components/ita/_libs -rm -rf pts/components/tcg/.libs pts/components/tcg/_libs -rm -rf pwg/.libs pwg/_libs + -rm -rf rest/.libs rest/_libs -rm -rf seg/.libs seg/_libs -rm -rf swid/.libs swid/_libs + -rm -rf swid_gen/.libs swid_gen/_libs + -rm -rf swima/.libs swima/_libs -rm -rf tcg/.libs tcg/_libs -rm -rf tcg/pts/.libs tcg/pts/_libs -rm -rf tcg/seg/.libs tcg/seg/_libs @@ -1884,6 +2203,8 @@ distclean-generic: -rm -f generic/$(am__dirstamp) -rm -f ietf/$(DEPDIR)/$(am__dirstamp) -rm -f ietf/$(am__dirstamp) + -rm -f ietf/swima/$(DEPDIR)/$(am__dirstamp) + -rm -f ietf/swima/$(am__dirstamp) -rm -f imc/$(DEPDIR)/$(am__dirstamp) -rm -f imc/$(am__dirstamp) -rm -f imv/$(DEPDIR)/$(am__dirstamp) @@ -1904,12 +2225,18 @@ distclean-generic: -rm -f pts/components/tcg/$(am__dirstamp) -rm -f pwg/$(DEPDIR)/$(am__dirstamp) -rm -f pwg/$(am__dirstamp) + -rm -f rest/$(DEPDIR)/$(am__dirstamp) + -rm -f rest/$(am__dirstamp) -rm -f seg/$(DEPDIR)/$(am__dirstamp) -rm -f seg/$(am__dirstamp) -rm -f suites/$(DEPDIR)/$(am__dirstamp) -rm -f suites/$(am__dirstamp) -rm -f swid/$(DEPDIR)/$(am__dirstamp) -rm -f swid/$(am__dirstamp) + -rm -f swid_gen/$(DEPDIR)/$(am__dirstamp) + -rm -f swid_gen/$(am__dirstamp) + -rm -f swima/$(DEPDIR)/$(am__dirstamp) + -rm -f swima/$(am__dirstamp) -rm -f tcg/$(DEPDIR)/$(am__dirstamp) -rm -f tcg/$(am__dirstamp) -rm -f tcg/pts/$(DEPDIR)/$(am__dirstamp) @@ -1928,7 +2255,7 @@ clean-am: clean-checkPROGRAMS clean-generic clean-ipsecPROGRAMS \ clean-ipseclibLTLIBRARIES clean-libtool mostlyclean-am distclean: distclean-recursive - -rm -rf ./$(DEPDIR) generic/$(DEPDIR) ietf/$(DEPDIR) imc/$(DEPDIR) imv/$(DEPDIR) ita/$(DEPDIR) os_info/$(DEPDIR) pa_tnc/$(DEPDIR) pts/$(DEPDIR) pts/components/$(DEPDIR) pts/components/ita/$(DEPDIR) pts/components/tcg/$(DEPDIR) pwg/$(DEPDIR) seg/$(DEPDIR) suites/$(DEPDIR) swid/$(DEPDIR) tcg/$(DEPDIR) tcg/pts/$(DEPDIR) tcg/seg/$(DEPDIR) tcg/swid/$(DEPDIR) + -rm -rf ./$(DEPDIR) generic/$(DEPDIR) ietf/$(DEPDIR) ietf/swima/$(DEPDIR) imc/$(DEPDIR) imv/$(DEPDIR) ita/$(DEPDIR) os_info/$(DEPDIR) pa_tnc/$(DEPDIR) pts/$(DEPDIR) pts/components/$(DEPDIR) pts/components/ita/$(DEPDIR) pts/components/tcg/$(DEPDIR) pwg/$(DEPDIR) rest/$(DEPDIR) seg/$(DEPDIR) suites/$(DEPDIR) swid/$(DEPDIR) swid_gen/$(DEPDIR) swima/$(DEPDIR) tcg/$(DEPDIR) tcg/pts/$(DEPDIR) tcg/seg/$(DEPDIR) tcg/swid/$(DEPDIR) -rm -f Makefile distclean-am: clean-am distclean-compile distclean-generic \ distclean-tags @@ -1975,7 +2302,7 @@ install-ps-am: installcheck-am: maintainer-clean: maintainer-clean-recursive - -rm -rf ./$(DEPDIR) generic/$(DEPDIR) ietf/$(DEPDIR) imc/$(DEPDIR) imv/$(DEPDIR) ita/$(DEPDIR) os_info/$(DEPDIR) pa_tnc/$(DEPDIR) pts/$(DEPDIR) pts/components/$(DEPDIR) pts/components/ita/$(DEPDIR) pts/components/tcg/$(DEPDIR) pwg/$(DEPDIR) seg/$(DEPDIR) suites/$(DEPDIR) swid/$(DEPDIR) tcg/$(DEPDIR) tcg/pts/$(DEPDIR) tcg/seg/$(DEPDIR) tcg/swid/$(DEPDIR) + -rm -rf ./$(DEPDIR) generic/$(DEPDIR) ietf/$(DEPDIR) ietf/swima/$(DEPDIR) imc/$(DEPDIR) imv/$(DEPDIR) ita/$(DEPDIR) os_info/$(DEPDIR) pa_tnc/$(DEPDIR) pts/$(DEPDIR) pts/components/$(DEPDIR) pts/components/ita/$(DEPDIR) pts/components/tcg/$(DEPDIR) pwg/$(DEPDIR) rest/$(DEPDIR) seg/$(DEPDIR) suites/$(DEPDIR) swid/$(DEPDIR) swid_gen/$(DEPDIR) swima/$(DEPDIR) tcg/$(DEPDIR) tcg/pts/$(DEPDIR) tcg/seg/$(DEPDIR) tcg/swid/$(DEPDIR) -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic diff --git a/src/libimcv/ietf/ietf_attr.c b/src/libimcv/ietf/ietf_attr.c index cfac6ed17..9e3e83d4d 100644 --- a/src/libimcv/ietf/ietf_attr.c +++ b/src/libimcv/ietf/ietf_attr.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2011-2015 Andreas Steffen + * Copyright (C) 2011-2017 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -25,10 +25,14 @@ #include "ietf/ietf_attr_product_info.h" #include "ietf/ietf_attr_remediation_instr.h" #include "ietf/ietf_attr_string_version.h" +#include "ietf/swima/ietf_swima_attr_req.h" +#include "ietf/swima/ietf_swima_attr_sw_inv.h" +#include "ietf/swima/ietf_swima_attr_sw_ev.h" #include "generic/generic_attr_bool.h" -ENUM(ietf_attr_names, IETF_ATTR_TESTING, IETF_ATTR_FACTORY_DEFAULT_PWD_ENABLED, +ENUM_BEGIN(ietf_attr_names, IETF_ATTR_TESTING, + IETF_ATTR_FACTORY_DEFAULT_PWD_ENABLED, "Testing", "Attribute Request", "Product Information", @@ -43,6 +47,20 @@ ENUM(ietf_attr_names, IETF_ATTR_TESTING, IETF_ATTR_FACTORY_DEFAULT_PWD_ENABLED, "Forwarding Enabled", "Factory Default Password Enabled", ); +ENUM_NEXT(ietf_attr_names, IETF_ATTR_SW_REQUEST, + IETF_ATTR_SRC_METADATA_RESP, + IETF_ATTR_FACTORY_DEFAULT_PWD_ENABLED, + "SW Request", + "SW Identifier Inventory", + "SW Identifier Events", + "SW Inventory", + "SW Events", + "SW Subscription Status Request", + "SW Subscription Status Response", + "SW Source Metadata Request", + "SW Source Metadata Response", +); +ENUM_END(ietf_attr_names, IETF_ATTR_SRC_METADATA_RESP); /** * See header @@ -79,8 +97,23 @@ pa_tnc_attr_t* ietf_attr_create_from_data(uint32_t type, size_t length, case IETF_ATTR_FACTORY_DEFAULT_PWD_ENABLED: return generic_attr_bool_create_from_data(length, value, pen_type_create(PEN_IETF, type)); + case IETF_ATTR_SW_REQUEST: + return ietf_swima_attr_req_create_from_data(length, value); + case IETF_ATTR_SW_ID_INVENTORY: + return ietf_swima_attr_sw_inv_create_from_data(length, value, TRUE); + case IETF_ATTR_SW_INVENTORY: + return ietf_swima_attr_sw_inv_create_from_data(length, value, FALSE); + case IETF_ATTR_SW_ID_EVENTS: + return ietf_swima_attr_sw_ev_create_from_data(length, value, TRUE); + case IETF_ATTR_SW_EVENTS: + return ietf_swima_attr_sw_ev_create_from_data(length, value, FALSE); case IETF_ATTR_TESTING: case IETF_ATTR_RESERVED: + /* unsupported IETF/SWIMA attributes */ + case IETF_ATTR_SUBSCRIPTION_STATUS_REQ: + case IETF_ATTR_SUBSCRIPTION_STATUS_RESP: + case IETF_ATTR_SRC_METADATA_REQ: + case IETF_ATTR_SRC_METADATA_RESP: default: return NULL; } diff --git a/src/libimcv/ietf/ietf_attr.h b/src/libimcv/ietf/ietf_attr.h index 7154674af..d2ea98201 100644 --- a/src/libimcv/ietf/ietf_attr.h +++ b/src/libimcv/ietf/ietf_attr.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2011-2014 Andreas Steffen + * Copyright (C) 2011-2017 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -28,9 +28,11 @@ typedef enum ietf_attr_t ietf_attr_t; /** - * IETF standard PA-TNC attribute types defined by RFC 5792 + * IETF standard PA-TNC attribute types */ enum ietf_attr_t { + + /* RFC 5792 */ IETF_ATTR_TESTING = 0, IETF_ATTR_ATTRIBUTE_REQUEST = 1, IETF_ATTR_PRODUCT_INFORMATION = 2, @@ -44,6 +46,18 @@ enum ietf_attr_t { IETF_ATTR_REMEDIATION_INSTRUCTIONS = 10, IETF_ATTR_FORWARDING_ENABLED = 11, IETF_ATTR_FACTORY_DEFAULT_PWD_ENABLED = 12, + + /* draft-ietf-sacm-nea-swid-patnc */ + IETF_ATTR_SW_REQUEST = 17, + IETF_ATTR_SW_ID_INVENTORY = 18, + IETF_ATTR_SW_ID_EVENTS = 19, + IETF_ATTR_SW_INVENTORY = 20, + IETF_ATTR_SW_EVENTS = 21, + IETF_ATTR_SUBSCRIPTION_STATUS_REQ = 22, + IETF_ATTR_SUBSCRIPTION_STATUS_RESP = 23, + IETF_ATTR_SRC_METADATA_REQ = 24, + IETF_ATTR_SRC_METADATA_RESP = 25, + IETF_ATTR_RESERVED = 0xffffffff, }; diff --git a/src/libimcv/ietf/ietf_attr_pa_tnc_error.c b/src/libimcv/ietf/ietf_attr_pa_tnc_error.c index 0dbb4aaef..966c095e2 100644 --- a/src/libimcv/ietf/ietf_attr_pa_tnc_error.c +++ b/src/libimcv/ietf/ietf_attr_pa_tnc_error.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2011-2014 Andreas Steffen + * Copyright (C) 2011-2017 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -20,13 +20,23 @@ #include #include -ENUM(pa_tnc_error_code_names, PA_ERROR_RESERVED, - PA_ERROR_ATTR_TYPE_NOT_SUPPORTED, +ENUM_BEGIN(pa_tnc_error_code_names, PA_ERROR_RESERVED, + PA_ERROR_ATTR_TYPE_NOT_SUPPORTED, "Reserved", "Invalid Parameter", "Version Not Supported", "Attribute Type Not Supported" ); +ENUM_NEXT(pa_tnc_error_code_names, PA_ERROR_SW, + PA_ERROR_SW_SUBSCRIPTION_ID_REUSE, + PA_ERROR_ATTR_TYPE_NOT_SUPPORTED, + "SW Error", + "SW Subscription Denied", + "SW Response Too Large", + "SW Subscription Fulfillment Error", + "SW Subscription ID Reuse" +); +ENUM_END(pa_tnc_error_code_names, PA_ERROR_SW_SUBSCRIPTION_ID_REUSE); typedef struct private_ietf_attr_pa_tnc_error_t private_ietf_attr_pa_tnc_error_t; @@ -246,7 +256,8 @@ METHOD(pa_tnc_attr_t, process, status_t, reader->read_uint24(reader, &this->error_code.vendor_id); reader->read_uint32(reader, &this->error_code.type); - if (this->error_code.vendor_id == PEN_IETF) + if (this->error_code.vendor_id == PEN_IETF && + this->error_code.type <= PA_ERROR_PA_TNC_MSG_ROOF) { if (!reader->read_data(reader, PA_ERROR_MSG_INFO_SIZE, &this->msg_info)) { @@ -396,7 +407,8 @@ pa_tnc_attr_t *ietf_attr_pa_tnc_error_create(pen_type_t error_code, { private_ietf_attr_pa_tnc_error_t *this; - if (error_code.vendor_id == PEN_IETF) + if (error_code.vendor_id == PEN_IETF && + error_code.type <= PA_ERROR_PA_TNC_MSG_ROOF) { msg_info.len = PA_ERROR_MSG_INFO_SIZE; } diff --git a/src/libimcv/ietf/ietf_attr_pa_tnc_error.h b/src/libimcv/ietf/ietf_attr_pa_tnc_error.h index b1df1945a..7dbc33828 100644 --- a/src/libimcv/ietf/ietf_attr_pa_tnc_error.h +++ b/src/libimcv/ietf/ietf_attr_pa_tnc_error.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2011-2014 Andreas Steffen + * Copyright (C) 2011-2017 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -27,15 +27,24 @@ typedef enum pa_tnc_error_code_t pa_tnc_error_code_t; #include "ietf_attr.h" #include "pa_tnc/pa_tnc_attr.h" - /** * IETF Standard PA-TNC Error Codes as defined in section 4.2.8 of RFC 5792 */ enum pa_tnc_error_code_t { - PA_ERROR_RESERVED = 0, - PA_ERROR_INVALID_PARAMETER = 1, - PA_ERROR_VERSION_NOT_SUPPORTED = 2, - PA_ERROR_ATTR_TYPE_NOT_SUPPORTED = 3, + + /* RFC 5792 PA-TNC */ + PA_ERROR_RESERVED = 0, + PA_ERROR_INVALID_PARAMETER = 1, + PA_ERROR_VERSION_NOT_SUPPORTED = 2, + PA_ERROR_ATTR_TYPE_NOT_SUPPORTED = 3, + PA_ERROR_PA_TNC_MSG_ROOF = 3, + + /* draft-ietf-sacm-nea-swid-patnc (SWIMA) */ + PA_ERROR_SW = 32, + PA_ERROR_SW_SUBSCRIPTION_DENIED = 33, + PA_ERROR_SW_RESPONSE_TOO_LARGE = 34, + PA_ERROR_SW_SUBSCRIPTION_FULFILLMENT = 35, + PA_ERROR_SW_SUBSCRIPTION_ID_REUSE = 36 }; /** diff --git a/src/libimcv/ietf/swima/ietf_swima_attr_req.c b/src/libimcv/ietf/swima/ietf_swima_attr_req.c new file mode 100644 index 000000000..07d0b0c5f --- /dev/null +++ b/src/libimcv/ietf/swima/ietf_swima_attr_req.c @@ -0,0 +1,320 @@ +/* + * Copyright (C) 2017 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "ietf_swima_attr_req.h" +#include "swima/swima_record.h" + +#include +#include +#include +#include +#include + +typedef struct private_ietf_swima_attr_req_t private_ietf_swima_attr_req_t; + +/** + * SW Request + * see section 5.7 of IETF SW Inventory Message and Attributes for PA-TNC + * + * 1 2 3 + * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * |C|S|R| Reserved| Software Identifier Count | + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * | Request ID | + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * | Earliest EID | + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * | Software Identifier Length | Software Identifier (Var Len) | + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + */ + +#define SW_REQ_RESERVED_MASK 0xE0 + +/** + * Private data of an ietf_swima_attr_req_t object. + */ +struct private_ietf_swima_attr_req_t { + + /** + * Public members of ietf_swima_attr_req_t + */ + ietf_swima_attr_req_t public; + + /** + * Vendor-specific attribute type + */ + pen_type_t type; + + /** + * Length of attribute value + */ + size_t length; + + /** + * Attribute value or segment + */ + chunk_t value; + + /** + * Noskip flag + */ + bool noskip_flag; + + /** + * SWID request flags + */ + uint8_t flags; + + /** + * Request ID + */ + uint32_t request_id; + + /** + * Inventory of Target Software Identifiers + */ + swima_inventory_t *targets; + + /** + * Reference count + */ + refcount_t ref; +}; + +METHOD(pa_tnc_attr_t, get_type, pen_type_t, + private_ietf_swima_attr_req_t *this) +{ + return this->type; +} + +METHOD(pa_tnc_attr_t, get_value, chunk_t, + private_ietf_swima_attr_req_t *this) +{ + return this->value; +} + +METHOD(pa_tnc_attr_t, get_noskip_flag, bool, + private_ietf_swima_attr_req_t *this) +{ + return this->noskip_flag; +} + +METHOD(pa_tnc_attr_t, set_noskip_flag,void, + private_ietf_swima_attr_req_t *this, bool noskip) +{ + this->noskip_flag = noskip; +} + +METHOD(pa_tnc_attr_t, build, void, + private_ietf_swima_attr_req_t *this) +{ + bio_writer_t *writer; + swima_record_t *sw_record; + uint32_t earliest_eid; + chunk_t sw_id; + enumerator_t *enumerator; + + if (this->value.ptr) + { + return; + } + earliest_eid = this->targets->get_eid(this->targets, NULL); + + writer = bio_writer_create(IETF_SWIMA_REQ_MIN_SIZE); + writer->write_uint8 (writer, this->flags); + writer->write_uint24(writer, this->targets->get_count(this->targets)); + writer->write_uint32(writer, this->request_id); + writer->write_uint32(writer, earliest_eid); + + enumerator = this->targets->create_enumerator(this->targets); + while (enumerator->enumerate(enumerator, &sw_record)) + { + sw_id = sw_record->get_sw_id(sw_record, NULL); + writer->write_data16(writer, sw_id); + } + enumerator->destroy(enumerator); + + this->value = writer->extract_buf(writer); + this->length = this->value.len; + writer->destroy(writer); +} + +METHOD(pa_tnc_attr_t, process, status_t, + private_ietf_swima_attr_req_t *this, uint32_t *offset) +{ + bio_reader_t *reader; + swima_record_t *sw_record; + uint32_t sw_id_count, earliest_eid; + chunk_t sw_id; + + *offset = 0; + + if (this->value.len < this->length) + { + return NEED_MORE; + } + if (this->value.len < IETF_SWIMA_REQ_MIN_SIZE) + { + DBG1(DBG_TNC, "insufficient data for SW Request"); + return FAILED; + } + + reader = bio_reader_create(this->value); + reader->read_uint8 (reader, &this->flags); + reader->read_uint24(reader, &sw_id_count); + reader->read_uint32(reader, &this->request_id); + reader->read_uint32(reader, &earliest_eid); + + *offset = IETF_SWIMA_REQ_MIN_SIZE; + this->flags &= SW_REQ_RESERVED_MASK; + this->targets->set_eid(this->targets, earliest_eid, 0); + + while (sw_id_count--) + { + if (!reader->read_data16(reader, &sw_id)) + { + DBG1(DBG_TNC, "insufficient data for Software ID"); + reader->destroy(reader); + return FAILED; + } + *offset += 2 + sw_id.len; + + sw_record = swima_record_create(0, sw_id, chunk_empty); + this->targets->add(this->targets, sw_record); + } + reader->destroy(reader); + + return SUCCESS; +} + +METHOD(pa_tnc_attr_t, add_segment, void, + private_ietf_swima_attr_req_t *this, chunk_t segment) +{ + this->value = chunk_cat("mc", this->value, segment); +} + +METHOD(pa_tnc_attr_t, get_ref, pa_tnc_attr_t*, + private_ietf_swima_attr_req_t *this) +{ + ref_get(&this->ref); + return &this->public.pa_tnc_attribute; +} + +METHOD(pa_tnc_attr_t, destroy, void, + private_ietf_swima_attr_req_t *this) +{ + if (ref_put(&this->ref)) + { + this->targets->destroy(this->targets); + free(this->value.ptr); + free(this); + } +} + +METHOD(ietf_swima_attr_req_t, get_flags, uint8_t, + private_ietf_swima_attr_req_t *this) +{ + return this->flags; +} + +METHOD(ietf_swima_attr_req_t, get_request_id, uint32_t, + private_ietf_swima_attr_req_t *this) +{ + return this->request_id; +} + +METHOD(ietf_swima_attr_req_t, set_targets, void, + private_ietf_swima_attr_req_t *this, swima_inventory_t *targets) +{ + this->targets->destroy(this->targets); + this->targets = targets->get_ref(targets); +} + +METHOD(ietf_swima_attr_req_t, get_targets, swima_inventory_t*, + private_ietf_swima_attr_req_t *this) +{ + return this->targets; +} + +/** + * Described in header. + */ +pa_tnc_attr_t *ietf_swima_attr_req_create(uint8_t flags, uint32_t request_id) +{ + private_ietf_swima_attr_req_t *this; + + INIT(this, + .public = { + .pa_tnc_attribute = { + .get_type = _get_type, + .get_value = _get_value, + .get_noskip_flag = _get_noskip_flag, + .set_noskip_flag = _set_noskip_flag, + .build = _build, + .process = _process, + .add_segment = _add_segment, + .get_ref = _get_ref, + .destroy = _destroy, + }, + .get_flags = _get_flags, + .get_request_id = _get_request_id, + .set_targets = _set_targets, + .get_targets = _get_targets, + }, + .type = { PEN_IETF, IETF_ATTR_SW_REQUEST }, + .flags = flags & SW_REQ_RESERVED_MASK, + .request_id = request_id, + .targets = swima_inventory_create(), + .ref = 1, + ); + + return &this->public.pa_tnc_attribute; +} + +/** + * Described in header. + */ +pa_tnc_attr_t *ietf_swima_attr_req_create_from_data(size_t length, chunk_t data) +{ + private_ietf_swima_attr_req_t *this; + + INIT(this, + .public = { + .pa_tnc_attribute = { + .get_type = _get_type, + .get_value = _get_value, + .get_noskip_flag = _get_noskip_flag, + .set_noskip_flag = _set_noskip_flag, + .build = _build, + .process = _process, + .add_segment = _add_segment, + .get_ref = _get_ref, + .destroy = _destroy, + }, + .get_flags = _get_flags, + .get_request_id = _get_request_id, + .set_targets = _set_targets, + .get_targets = _get_targets, + }, + .type = { PEN_IETF, IETF_ATTR_SW_REQUEST }, + .length = length, + .value = chunk_clone(data), + .targets = swima_inventory_create(), + .ref = 1, + ); + + return &this->public.pa_tnc_attribute; +} diff --git a/src/libimcv/ietf/swima/ietf_swima_attr_req.h b/src/libimcv/ietf/swima/ietf_swima_attr_req.h new file mode 100644 index 000000000..21155d62c --- /dev/null +++ b/src/libimcv/ietf/swima/ietf_swima_attr_req.h @@ -0,0 +1,96 @@ +/* + * Copyright (C) 2017 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup ietf_swima_attr_req ietf_swima_attr_req + * @{ @ingroup ietf_attr + */ + +#ifndef IETF_SWIMA_ATTR_REQ_H_ +#define IETF_SWIMA_ATTR_REQ_H_ + +#define IETF_SWIMA_REQ_MIN_SIZE 12 + +typedef struct ietf_swima_attr_req_t ietf_swima_attr_req_t; +typedef enum ietf_swima_attr_req_flag_t ietf_swima_attr_req_flag_t; + +enum ietf_swima_attr_req_flag_t { + IETF_SWIMA_ATTR_REQ_FLAG_NONE = 0, + IETF_SWIMA_ATTR_REQ_FLAG_C = (1 << 7), + IETF_SWIMA_ATTR_REQ_FLAG_S = (1 << 6), + IETF_SWIMA_ATTR_REQ_FLAG_R = (1 << 5) +}; + +#include "swima/swima_inventory.h" +#include "ietf/ietf_attr.h" +#include "pa_tnc/pa_tnc_attr.h" + +/** + * Class implementing the IETF SW Request attribute + */ +struct ietf_swima_attr_req_t { + + /** + * Public PA-TNC attribute interface + */ + pa_tnc_attr_t pa_tnc_attribute; + + /** + * Get SW request flags + * + * @return Flags + */ + uint8_t (*get_flags)(ietf_swima_attr_req_t *this); + + /** + * Get Request ID + * + * @return Request ID + */ + uint32_t (*get_request_id)(ietf_swima_attr_req_t *this); + + /** + * Set Software Identity targets + * + * @param targets SW ID inventory containing targets (not cloned) + */ + void (*set_targets)(ietf_swima_attr_req_t *this, swima_inventory_t *targets); + + /** + * Get Software Identity targets + * + * @return SW ID inventory containing targets + */ + swima_inventory_t* (*get_targets)(ietf_swima_attr_req_t *this); + +}; + +/** + * Creates an ietf_swima_attr_req_t object + * + * @param flags Sets the C|S|R flags + * @param request_id Request ID + */ +pa_tnc_attr_t* ietf_swima_attr_req_create(uint8_t flags, uint32_t request_id); + +/** + * Creates an ietf_swima_attr_req_t object from received data + * + * @param length Total length of attribute value + * @param value Unparsed attribute value (might be a segment) + */ +pa_tnc_attr_t* ietf_swima_attr_req_create_from_data(size_t length, chunk_t value); + +#endif /** IETF_SWIMA_ATTR_REQ_H_ @}*/ diff --git a/src/libimcv/ietf/swima/ietf_swima_attr_sw_ev.c b/src/libimcv/ietf/swima/ietf_swima_attr_sw_ev.c new file mode 100644 index 000000000..e315c3dbb --- /dev/null +++ b/src/libimcv/ietf/swima/ietf_swima_attr_sw_ev.c @@ -0,0 +1,482 @@ +/* + * Copyright (C) 2017 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "ietf_swima_attr_sw_ev.h" +#include "swima/swima_event.h" + +#include +#include +#include +#include + +#define SW_EV_TIMESTAMP_SIZE 20 + +typedef struct private_ietf_swima_attr_sw_ev_t private_ietf_swima_attr_sw_ev_t; + +/** + * Software [Identifier] Events + * see sections 5.9/5.11 of IETF SW Inventory Message and Attributes for PA-TNC + * + * 1 2 3 + * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * | Flags | Software Identifier Count | + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * | Request ID Copy / Subscription ID | + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * | EID Epoch | + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * | Last EID | + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * | Last Consulted EID | + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * | EID | + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * | Timestamp | + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * | Timestamp | + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * | Timestamp | + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * | Timestamp | + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * | Timestamp | + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * | Record Identifier | + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * | Data Model Type PEN |Data Model Type| + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * | Source ID Num | Action | Software Identifier Length | + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * | Software Identifier (Variable Length) | + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * | Software Locator Length | Software Locator (Var. Len) | + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * + * Software Event only + * see section 5.11 of IETF SW Inventory Message and Attributes for PA-TNC + * + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * | Record Length | + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * | Record (Variable length) | + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + */ + +/** + * Private data of an ietf_swima_attr_sw_ev_t object. + */ +struct private_ietf_swima_attr_sw_ev_t { + + /** + * Public members of ietf_swima_attr_sw_ev_t + */ + ietf_swima_attr_sw_ev_t public; + + /** + * Vendor-specific attribute type + */ + pen_type_t type; + + /** + * Length of attribute value + */ + size_t length; + + /** + * Offset up to which attribute value has been processed + */ + size_t offset; + + /** + * Current position of attribute value pointer + */ + chunk_t value; + + /** + * Contains complete attribute or current segment + */ + chunk_t segment; + + /** + * Noskip flag + */ + bool noskip_flag; + + /** + * Request ID + */ + uint32_t request_id; + + /** + * Attribute flags + */ + uint8_t flags; + + /** + * Number of unprocessed software events in attribute + */ + uint32_t event_count; + + /** + * Event list + */ + swima_events_t *events; + + /** + * Reference count + */ + refcount_t ref; +}; + +METHOD(pa_tnc_attr_t, get_type, pen_type_t, + private_ietf_swima_attr_sw_ev_t *this) +{ + return this->type; +} + +METHOD(pa_tnc_attr_t, get_value, chunk_t, + private_ietf_swima_attr_sw_ev_t *this) +{ + return this->value; +} + +METHOD(pa_tnc_attr_t, get_noskip_flag, bool, + private_ietf_swima_attr_sw_ev_t *this) +{ + return this->noskip_flag; +} + +METHOD(pa_tnc_attr_t, set_noskip_flag,void, + private_ietf_swima_attr_sw_ev_t *this, bool noskip) +{ + this->noskip_flag = noskip; +} + +METHOD(pa_tnc_attr_t, build, void, + private_ietf_swima_attr_sw_ev_t *this) +{ + bio_writer_t *writer; + swima_event_t *sw_event; + swima_record_t *sw_record; + chunk_t timestamp, sw_id, sw_locator, record; + pen_type_t data_model; + uint32_t eid, record_id, last_eid, last_consulted_eid, eid_epoch; + uint8_t action, source_id; + enumerator_t *enumerator; + + if (this->value.ptr) + { + return; + } + last_consulted_eid = this->events->get_eid(this->events, &eid_epoch, + &last_eid); + + writer = bio_writer_create(IETF_SWIMA_SW_EV_MIN_SIZE); + writer->write_uint8 (writer, this->flags); + writer->write_uint24(writer, this->events->get_count(this->events)); + writer->write_uint32(writer, this->request_id); + writer->write_uint32(writer, eid_epoch); + writer->write_uint32(writer, last_eid); + writer->write_uint32(writer, last_consulted_eid); + + enumerator = this->events->create_enumerator(this->events); + while (enumerator->enumerate(enumerator, &sw_event)) + { + eid = sw_event->get_eid(sw_event, ×tamp); + action = sw_event->get_action(sw_event); + sw_record = sw_event->get_sw_record(sw_event); + record_id = sw_record->get_record_id(sw_record); + data_model = sw_record->get_data_model(sw_record); + source_id = sw_record->get_source_id(sw_record); + sw_id = sw_record->get_sw_id(sw_record, &sw_locator); + + writer->write_uint32(writer, eid); + writer->write_data (writer, timestamp); + writer->write_uint32(writer, record_id); + writer->write_uint24(writer, data_model.vendor_id); + writer->write_uint8 (writer, data_model.type); + writer->write_uint8 (writer, source_id); + writer->write_uint8 (writer, action); + writer->write_data16(writer, sw_id); + writer->write_data16(writer, sw_locator); + + if (this->type.type == IETF_ATTR_SW_EVENTS) + { + record = sw_record->get_record(sw_record); + writer->write_data32(writer, record); + } + } + enumerator->destroy(enumerator); + + this->value = writer->extract_buf(writer); + this->segment = this->value; + this->length = this->value.len; + writer->destroy(writer); +} + +METHOD(pa_tnc_attr_t, process, status_t, + private_ietf_swima_attr_sw_ev_t *this, uint32_t *offset) +{ + bio_reader_t *reader; + uint32_t data_model_pen, record_id; + uint32_t eid, eid_epoch, last_eid, last_consulted_eid; + uint8_t data_model_type, source_id, action; + pen_type_t data_model; + chunk_t sw_id, sw_locator, record, timestamp; + swima_event_t *sw_event; + swima_record_t *sw_record; + status_t status = NEED_MORE; + + if (this->offset == 0) + { + if (this->length < IETF_SWIMA_SW_EV_MIN_SIZE) + { + DBG1(DBG_TNC, "insufficient data for %N/%N", pen_names, PEN_IETF, + ietf_attr_names, this->type.type); + *offset = this->offset; + return FAILED; + } + if (this->value.len < IETF_SWIMA_SW_EV_MIN_SIZE) + { + return NEED_MORE; + } + reader = bio_reader_create(this->value); + reader->read_uint8 (reader, &this->flags); + reader->read_uint24(reader, &this->event_count); + reader->read_uint32(reader, &this->request_id); + reader->read_uint32(reader, &eid_epoch); + reader->read_uint32(reader, &last_eid); + reader->read_uint32(reader, &last_consulted_eid); + this->offset = IETF_SWIMA_SW_EV_MIN_SIZE; + this->events->set_eid(this->events, last_consulted_eid, eid_epoch); + this->events->set_last_eid(this->events, last_eid); + this->value = reader->peek(reader); + reader->destroy(reader); + } + + reader = bio_reader_create(this->value); + + while (this->event_count) + { + if (!reader->read_uint32(reader, &eid) || + !reader->read_data (reader, SW_EV_TIMESTAMP_SIZE, ×tamp) || + !reader->read_uint32(reader, &record_id) || + !reader->read_uint24(reader, &data_model_pen) || + !reader->read_uint8 (reader, &data_model_type) || + !reader->read_uint8 (reader, &source_id) || + !reader->read_uint8 (reader, &action) || + !reader->read_data16(reader, &sw_id) || + !reader->read_data16(reader, &sw_locator)) + { + goto end; + } + record = chunk_empty; + + if (action == 0 || action > SWIMA_EVENT_ACTION_LAST) + { + DBG1(DBG_TNC, "invalid event action value for %N/%N", pen_names, + PEN_IETF, ietf_attr_names, this->type.type); + *offset = this->offset; + reader->destroy(reader); + + return FAILED; + } + + if (this->type.type == IETF_ATTR_SW_EVENTS && + !reader->read_data32(reader, &record)) + { + goto end; + } + data_model = pen_type_create(data_model_pen, data_model_type); + sw_record = swima_record_create(record_id, sw_id, sw_locator); + sw_record->set_data_model(sw_record, data_model); + sw_record->set_source_id(sw_record, source_id); + sw_record->set_record(sw_record, record); + sw_event = swima_event_create(eid, timestamp, action, sw_record); + this->events->add(this->events, sw_event); + this->offset += this->value.len - reader->remaining(reader); + this->value = reader->peek(reader); + + /* at least one software event was processed */ + status = SUCCESS; + this->event_count--; + } + + if (this->length == this->offset) + { + status = SUCCESS; + } + else + { + DBG1(DBG_TNC, "inconsistent length for %N/%N", pen_names, PEN_IETF, + ietf_attr_names, this->type.type); + *offset = this->offset; + status = FAILED; + } + +end: + reader->destroy(reader); + return status; +} + +METHOD(pa_tnc_attr_t, add_segment, void, + private_ietf_swima_attr_sw_ev_t *this, chunk_t segment) +{ + this->value = chunk_cat("cc", this->value, segment); + chunk_free(&this->segment); + this->segment = this->value; +} + +METHOD(pa_tnc_attr_t, get_ref, pa_tnc_attr_t*, + private_ietf_swima_attr_sw_ev_t *this) +{ + ref_get(&this->ref); + return &this->public.pa_tnc_attribute; +} + +METHOD(pa_tnc_attr_t, destroy, void, + private_ietf_swima_attr_sw_ev_t *this) +{ + if (ref_put(&this->ref)) + { + this->events->destroy(this->events); + free(this->segment.ptr); + free(this); + } +} + +METHOD(ietf_swima_attr_sw_ev_t, get_flags, uint8_t, + private_ietf_swima_attr_sw_ev_t *this) +{ + return this->flags; +} + +METHOD(ietf_swima_attr_sw_ev_t, get_request_id, uint32_t, + private_ietf_swima_attr_sw_ev_t *this) +{ + return this->request_id; +} + +METHOD(ietf_swima_attr_sw_ev_t, get_event_count, uint32_t, + private_ietf_swima_attr_sw_ev_t *this) +{ + return this->event_count; +} + +METHOD(ietf_swima_attr_sw_ev_t, set_events, void, + private_ietf_swima_attr_sw_ev_t *this, swima_events_t *events) +{ + this->events->destroy(this->events); + this->events = events->get_ref(events); +} + +METHOD(ietf_swima_attr_sw_ev_t, get_events, swima_events_t*, + private_ietf_swima_attr_sw_ev_t *this) +{ + return this->events; +} + +METHOD(ietf_swima_attr_sw_ev_t, clear_events, void, + private_ietf_swima_attr_sw_ev_t *this) +{ + this->events->clear(this->events); +} + +/** + * Described in header. + */ +pa_tnc_attr_t *ietf_swima_attr_sw_ev_create(uint8_t flags, uint32_t request_id, + bool sw_id_only) +{ + private_ietf_swima_attr_sw_ev_t *this; + ietf_attr_t type; + + type = sw_id_only ? IETF_ATTR_SW_ID_EVENTS : IETF_ATTR_SW_EVENTS; + + INIT(this, + .public = { + .pa_tnc_attribute = { + .get_type = _get_type, + .get_value = _get_value, + .get_noskip_flag = _get_noskip_flag, + .set_noskip_flag = _set_noskip_flag, + .build = _build, + .process = _process, + .add_segment = _add_segment, + .get_ref = _get_ref, + .destroy = _destroy, + }, + .get_flags = _get_flags, + .get_request_id = _get_request_id, + .get_event_count = _get_event_count, + .set_events = _set_events, + .get_events = _get_events, + .clear_events = _clear_events, + }, + .type = { PEN_IETF, type }, + .flags = flags, + .request_id = request_id, + .events = swima_events_create(), + .ref = 1, + ); + + return &this->public.pa_tnc_attribute; +} + + +/** + * Described in header. + */ +pa_tnc_attr_t *ietf_swima_attr_sw_ev_create_from_data(size_t length, + chunk_t data, bool sw_id_only) +{ + private_ietf_swima_attr_sw_ev_t *this; + ietf_attr_t type; + + type = sw_id_only ? IETF_ATTR_SW_ID_EVENTS : IETF_ATTR_SW_EVENTS; + + INIT(this, + .public = { + .pa_tnc_attribute = { + .get_type = _get_type, + .get_value = _get_value, + .get_noskip_flag = _get_noskip_flag, + .set_noskip_flag = _set_noskip_flag, + .build = _build, + .process = _process, + .add_segment = _add_segment, + .get_ref = _get_ref, + .destroy = _destroy, + }, + .get_flags = _get_flags, + .get_request_id = _get_request_id, + .get_event_count = _get_event_count, + .set_events = _set_events, + .get_events = _get_events, + .clear_events = _clear_events, + }, + .type = { PEN_IETF, type }, + .length = length, + .segment = chunk_clone(data), + .events = swima_events_create(), + .ref = 1, + ); + + /* received either complete attribute value or first segment */ + this->value = this->segment; + + return &this->public.pa_tnc_attribute; +} diff --git a/src/libimcv/ietf/swima/ietf_swima_attr_sw_ev.h b/src/libimcv/ietf/swima/ietf_swima_attr_sw_ev.h new file mode 100644 index 000000000..00f64dd80 --- /dev/null +++ b/src/libimcv/ietf/swima/ietf_swima_attr_sw_ev.h @@ -0,0 +1,111 @@ +/* + * Copyright (C) 2017 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup ietf_swima_attr_sw_ev ietf_swima_attr_sw_ev + * @{ @ingroup ietf_attr + */ + +#ifndef IETF_SWIMA_ATTR_SW_EV_H_ +#define IETF_SWIMA_ATTR_SW_EV_H_ + +#define IETF_SWIMA_SW_EV_MIN_SIZE 20 + +typedef struct ietf_swima_attr_sw_ev_t ietf_swima_attr_sw_ev_t; +typedef enum ietf_swima_attr_sw_ev_flag_t ietf_swima_attr_sw_ev_flag_t; + +enum ietf_swima_attr_sw_ev_flag_t { + IETF_SWIMA_ATTR_SW_EV_FLAG_NONE = 0, + IETF_SWIMA_ATTR_SW_EV_FLAG_S_F = (1 << 7) +}; + +#include "ietf/ietf_attr.h" +#include "swima/swima_events.h" +#include "pa_tnc/pa_tnc_attr.h" + +/** + * Class implementing the IETF SW Identifier Inventory attribute + * + */ +struct ietf_swima_attr_sw_ev_t { + + /** + * Public PA-TNC attribute interface + */ + pa_tnc_attr_t pa_tnc_attribute; + + /** + * Get Software Inventory flags + * + * @return Flags + */ + uint8_t (*get_flags)(ietf_swima_attr_sw_ev_t *this); + + /** + * Get Request ID + * + * @return Request ID + */ + uint32_t (*get_request_id)(ietf_swima_attr_sw_ev_t *this); + + /** + * Get number of Software [Identifier] Events + * + * @return Software [Identifier] event count + */ + uint32_t (*get_event_count)(ietf_swima_attr_sw_ev_t *this); + + /** + * Add Software [Identifier] Events + * + * @param sw_events List of Software [Identifier] events to be added + */ + void (*set_events)(ietf_swima_attr_sw_ev_t *this, + swima_events_t *sw_events); + /** + * Get Software [Identifier] Events + * + * @result Software [Identifier] events + */ + swima_events_t* (*get_events)(ietf_swima_attr_sw_ev_t *this); + + /** + * Remove all Software [Identifier] events + */ + void (*clear_events)(ietf_swima_attr_sw_ev_t *this); + +}; + +/** + * Creates an ietf_swima_attr_sw_ev_t object + * + * @param flags Sets the flags + * @param request_id Copy of the Request ID + * @param sw_id_only TRUE if the Software ID, only is transmitted + */ +pa_tnc_attr_t* ietf_swima_attr_sw_ev_create(uint8_t flags, uint32_t request_id, + bool sw_id_only); + +/** + * Creates an ietf_swima_attr_sw_ev_t object from received data + * + * @param length Total length of attribute value + * @param value Unparsed attribute value (might be a segment) + * @param sw_id_only TRUE if the Software ID, only is transmitted + */ +pa_tnc_attr_t* ietf_swima_attr_sw_ev_create_from_data(size_t length, + chunk_t value, bool sw_id_only); + +#endif /** IETF_SWIMA_ATTR_SW_EV_H_ @}*/ diff --git a/src/libimcv/ietf/swima/ietf_swima_attr_sw_inv.c b/src/libimcv/ietf/swima/ietf_swima_attr_sw_inv.c new file mode 100644 index 000000000..ee5b16b92 --- /dev/null +++ b/src/libimcv/ietf/swima/ietf_swima_attr_sw_inv.c @@ -0,0 +1,438 @@ +/* + * Copyright (C) 2017 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "ietf_swima_attr_sw_inv.h" +#include "swima/swima_record.h" + +#include +#include +#include +#include + + +typedef struct private_ietf_swima_attr_sw_inv_t private_ietf_swima_attr_sw_inv_t; + +/** + * Software [Identifier] Inventory + * see sections 5.8/5.10 of IETF SW Inventory Message and Attributes for PA-TNC + * + * 1 2 3 + * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * | Flags | Software Identifier Count | + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * | Request ID Copy / Subscription ID | + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * | EID Epoch | + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * | Last EID | + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * | Record Identifier | + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * | Data Model Type PEN |Data Model Type| + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * | Source ID Num | Software Identifier Length |Software Id (v)| + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * | Software Locator Length | Software Locator (Var. Len) | + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * + * Software Inventory only + * see section 5.10 of IETF SW Inventory Message and Attributes for PA-TNC + * + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * | Record Length | + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * | Record (Variable length) | + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + */ + +/** + * Private data of an ietf_swima_attr_sw_inv_t object. + */ +struct private_ietf_swima_attr_sw_inv_t { + + /** + * Public members of ietf_swima_attr_sw_inv_t + */ + ietf_swima_attr_sw_inv_t public; + + /** + * Vendor-specific attribute type + */ + pen_type_t type; + + /** + * Length of attribute value + */ + size_t length; + + /** + * Offset up to which attribute value has been processed + */ + size_t offset; + + /** + * Current position of attribute value pointer + */ + chunk_t value; + + /** + * Contains complete attribute or current segment + */ + chunk_t segment; + + /** + * Noskip flag + */ + bool noskip_flag; + + /** + * Request ID + */ + uint32_t request_id; + + /** + * Attribute flags + */ + uint8_t flags; + + /** + * Number of unprocessed software inventory evidence records in attribute + */ + uint32_t record_count; + + /** + * SWID Tag ID Inventory + */ + swima_inventory_t *inventory; + + /** + * Reference count + */ + refcount_t ref; +}; + +METHOD(pa_tnc_attr_t, get_type, pen_type_t, + private_ietf_swima_attr_sw_inv_t *this) +{ + return this->type; +} + +METHOD(pa_tnc_attr_t, get_value, chunk_t, + private_ietf_swima_attr_sw_inv_t *this) +{ + return this->value; +} + +METHOD(pa_tnc_attr_t, get_noskip_flag, bool, + private_ietf_swima_attr_sw_inv_t *this) +{ + return this->noskip_flag; +} + +METHOD(pa_tnc_attr_t, set_noskip_flag,void, + private_ietf_swima_attr_sw_inv_t *this, bool noskip) +{ + this->noskip_flag = noskip; +} + +METHOD(pa_tnc_attr_t, build, void, + private_ietf_swima_attr_sw_inv_t *this) +{ + bio_writer_t *writer; + swima_record_t *sw_record; + chunk_t sw_id, sw_locator, record; + pen_type_t data_model; + uint32_t record_id, last_eid, eid_epoch; + uint8_t source_id; + enumerator_t *enumerator; + + if (this->value.ptr) + { + return; + } + last_eid = this->inventory->get_eid(this->inventory, &eid_epoch); + + writer = bio_writer_create(IETF_SWIMA_SW_INV_MIN_SIZE); + writer->write_uint8 (writer, this->flags); + writer->write_uint24(writer, this->inventory->get_count(this->inventory)); + writer->write_uint32(writer, this->request_id); + writer->write_uint32(writer, eid_epoch); + writer->write_uint32(writer, last_eid); + + enumerator = this->inventory->create_enumerator(this->inventory); + while (enumerator->enumerate(enumerator, &sw_record)) + { + record_id = sw_record->get_record_id(sw_record); + data_model = sw_record->get_data_model(sw_record); + source_id = sw_record->get_source_id(sw_record); + sw_id = sw_record->get_sw_id(sw_record, &sw_locator); + + writer->write_uint32(writer, record_id); + writer->write_uint24(writer, data_model.vendor_id); + writer->write_uint8 (writer, data_model.type); + writer->write_uint8 (writer, source_id); + writer->write_data16(writer, sw_id); + writer->write_data16(writer, sw_locator); + + if (this->type.type == IETF_ATTR_SW_INVENTORY) + { + record = sw_record->get_record(sw_record); + writer->write_data32(writer, record); + } + } + enumerator->destroy(enumerator); + + this->value = writer->extract_buf(writer); + this->segment = this->value; + this->length = this->value.len; + writer->destroy(writer); +} + +METHOD(pa_tnc_attr_t, process, status_t, + private_ietf_swima_attr_sw_inv_t *this, uint32_t *offset) +{ + bio_reader_t *reader; + uint32_t data_model_pen, record_id, last_eid, eid_epoch; + uint8_t data_model_type, source_id; + pen_type_t data_model; + chunk_t sw_id, sw_locator, record; + swima_record_t *sw_record; + status_t status = NEED_MORE; + + if (this->offset == 0) + { + if (this->length < IETF_SWIMA_SW_INV_MIN_SIZE) + { + DBG1(DBG_TNC, "insufficient data for %N/%N", pen_names, PEN_IETF, + ietf_attr_names, this->type.type); + *offset = this->offset; + return FAILED; + } + if (this->value.len < IETF_SWIMA_SW_INV_MIN_SIZE) + { + return NEED_MORE; + } + reader = bio_reader_create(this->value); + reader->read_uint8 (reader, &this->flags); + reader->read_uint24(reader, &this->record_count); + reader->read_uint32(reader, &this->request_id); + reader->read_uint32(reader, &eid_epoch); + reader->read_uint32(reader, &last_eid); + this->offset = IETF_SWIMA_SW_INV_MIN_SIZE; + this->value = reader->peek(reader); + this->inventory->set_eid(this->inventory, last_eid, eid_epoch); + reader->destroy(reader); + } + + reader = bio_reader_create(this->value); + + while (this->record_count) + { + if (!reader->read_uint32(reader, &record_id) || + !reader->read_uint24(reader, &data_model_pen) || + !reader->read_uint8 (reader, &data_model_type) || + !reader->read_uint8 (reader, &source_id) || + !reader->read_data16(reader, &sw_id) || + !reader->read_data16(reader, &sw_locator)) + { + goto end; + } + record = chunk_empty; + + if (this->type.type == IETF_ATTR_SW_INVENTORY && + !reader->read_data32(reader, &record)) + { + goto end; + } + data_model = pen_type_create(data_model_pen, data_model_type); + sw_record = swima_record_create(record_id, sw_id, sw_locator); + sw_record->set_data_model(sw_record, data_model); + sw_record->set_source_id(sw_record, source_id); + sw_record->set_record(sw_record, record); + this->inventory->add(this->inventory, sw_record); + this->offset += this->value.len - reader->remaining(reader); + this->value = reader->peek(reader); + + /* at least one software inventory evidence record was processed */ + status = SUCCESS; + this->record_count--; + } + + if (this->length == this->offset) + { + status = SUCCESS; + } + else + { + DBG1(DBG_TNC, "inconsistent length for %N/%N", pen_names, PEN_IETF, + ietf_attr_names, this->type.type); + *offset = this->offset; + status = FAILED; + } + +end: + reader->destroy(reader); + return status; +} + +METHOD(pa_tnc_attr_t, add_segment, void, + private_ietf_swima_attr_sw_inv_t *this, chunk_t segment) +{ + this->value = chunk_cat("cc", this->value, segment); + chunk_free(&this->segment); + this->segment = this->value; +} + +METHOD(pa_tnc_attr_t, get_ref, pa_tnc_attr_t*, + private_ietf_swima_attr_sw_inv_t *this) +{ + ref_get(&this->ref); + return &this->public.pa_tnc_attribute; +} + +METHOD(pa_tnc_attr_t, destroy, void, + private_ietf_swima_attr_sw_inv_t *this) +{ + if (ref_put(&this->ref)) + { + this->inventory->destroy(this->inventory); + free(this->segment.ptr); + free(this); + } +} + +METHOD(ietf_swima_attr_sw_inv_t, get_flags, uint8_t, + private_ietf_swima_attr_sw_inv_t *this) +{ + return this->flags; +} + +METHOD(ietf_swima_attr_sw_inv_t, get_request_id, uint32_t, + private_ietf_swima_attr_sw_inv_t *this) +{ + return this->request_id; +} + +METHOD(ietf_swima_attr_sw_inv_t, get_record_count, uint32_t, + private_ietf_swima_attr_sw_inv_t *this) +{ + return this->record_count; +} + +METHOD(ietf_swima_attr_sw_inv_t, set_inventory, void, + private_ietf_swima_attr_sw_inv_t *this, swima_inventory_t *inventory) +{ + this->inventory->destroy(this->inventory); + this->inventory = inventory->get_ref(inventory); +} + +METHOD(ietf_swima_attr_sw_inv_t, get_inventory, swima_inventory_t*, + private_ietf_swima_attr_sw_inv_t *this) +{ + return this->inventory; +} + +METHOD(ietf_swima_attr_sw_inv_t, clear_inventory, void, + private_ietf_swima_attr_sw_inv_t *this) +{ + this->inventory->clear(this->inventory); +} + +/** + * Described in header. + */ +pa_tnc_attr_t *ietf_swima_attr_sw_inv_create(uint8_t flags, uint32_t request_id, + bool sw_id_only) +{ + private_ietf_swima_attr_sw_inv_t *this; + ietf_attr_t type; + + type = sw_id_only ? IETF_ATTR_SW_ID_INVENTORY : IETF_ATTR_SW_INVENTORY; + + INIT(this, + .public = { + .pa_tnc_attribute = { + .get_type = _get_type, + .get_value = _get_value, + .get_noskip_flag = _get_noskip_flag, + .set_noskip_flag = _set_noskip_flag, + .build = _build, + .process = _process, + .add_segment = _add_segment, + .get_ref = _get_ref, + .destroy = _destroy, + }, + .get_flags = _get_flags, + .get_request_id = _get_request_id, + .get_record_count = _get_record_count, + .set_inventory = _set_inventory, + .get_inventory = _get_inventory, + .clear_inventory = _clear_inventory, + }, + .type = { PEN_IETF, type }, + .flags = flags, + .request_id = request_id, + .inventory = swima_inventory_create(), + .ref = 1, + ); + + return &this->public.pa_tnc_attribute; +} + + +/** + * Described in header. + */ +pa_tnc_attr_t *ietf_swima_attr_sw_inv_create_from_data(size_t length, + chunk_t data, bool sw_id_only) +{ + private_ietf_swima_attr_sw_inv_t *this; + ietf_attr_t type; + + type = sw_id_only ? IETF_ATTR_SW_ID_INVENTORY : IETF_ATTR_SW_INVENTORY; + + INIT(this, + .public = { + .pa_tnc_attribute = { + .get_type = _get_type, + .get_value = _get_value, + .get_noskip_flag = _get_noskip_flag, + .set_noskip_flag = _set_noskip_flag, + .build = _build, + .process = _process, + .add_segment = _add_segment, + .get_ref = _get_ref, + .destroy = _destroy, + }, + .get_flags = _get_flags, + .get_request_id = _get_request_id, + .get_record_count = _get_record_count, + .set_inventory = _set_inventory, + .get_inventory = _get_inventory, + .clear_inventory = _clear_inventory, + }, + .type = { PEN_IETF, type }, + .length = length, + .segment = chunk_clone(data), + .inventory = swima_inventory_create(), + .ref = 1, + ); + + /* received either complete attribute value or first segment */ + this->value = this->segment; + + return &this->public.pa_tnc_attribute; +} diff --git a/src/libimcv/ietf/swima/ietf_swima_attr_sw_inv.h b/src/libimcv/ietf/swima/ietf_swima_attr_sw_inv.h new file mode 100644 index 000000000..a50cf2914 --- /dev/null +++ b/src/libimcv/ietf/swima/ietf_swima_attr_sw_inv.h @@ -0,0 +1,112 @@ +/* + * Copyright (C) 2017 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup ietf_swima_attr_sw_inv ietf_swima_attr_sw_inv + * @{ @ingroup ietf_attr + */ + +#ifndef IETF_SWIMA_ATTR_SW_INV_H_ +#define IETF_SWIMA_ATTR_SW_INV_H_ + +#define IETF_SWIMA_SW_INV_MIN_SIZE 16 + +typedef struct ietf_swima_attr_sw_inv_t ietf_swima_attr_sw_inv_t; +typedef enum ietf_swima_attr_sw_inv_flag_t ietf_swima_attr_sw_inv_flag_t; + +enum ietf_swima_attr_sw_inv_flag_t { + IETF_SWIMA_ATTR_SW_INV_FLAG_NONE = 0, + IETF_SWIMA_ATTR_SW_INV_FLAG_S_F = (1 << 7) +}; + +#include "ietf/ietf_attr.h" +#include "swima/swima_inventory.h" +#include "pa_tnc/pa_tnc_attr.h" + +/** + * Class implementing the IETF SW Identifier Inventory attribute + * + */ +struct ietf_swima_attr_sw_inv_t { + + /** + * Public PA-TNC attribute interface + */ + pa_tnc_attr_t pa_tnc_attribute; + + /** + * Get Software Inventory flags + * + * @return Flags + */ + uint8_t (*get_flags)(ietf_swima_attr_sw_inv_t *this); + + /** + * Get Request ID + * + * @return Request ID + */ + uint32_t (*get_request_id)(ietf_swima_attr_sw_inv_t *this); + + /** + * Get number of Software [Identifier] Inventory records + * + * @return Software ID count + */ + uint32_t (*get_record_count)(ietf_swima_attr_sw_inv_t *this); + + /** + * Add a Software [Identifier] Inventory + * + * @param sw_inventory Software [Identifier] record to be added + */ + void (*set_inventory)(ietf_swima_attr_sw_inv_t *this, + swima_inventory_t *sw_inventory); + /** + * Get Software [Identifier] Inventory + * + * @result Software [Identifier] Inventory + */ + swima_inventory_t* (*get_inventory)(ietf_swima_attr_sw_inv_t *this); + + /** + * Remove all Software [Identifier] records from the inventory + */ + void (*clear_inventory)(ietf_swima_attr_sw_inv_t *this); + + +}; + +/** + * Creates an ietf_swima_attr_sw_inv_t object + * + * @param flags Sets the flags + * @param request_id Copy of the Request ID + * @param sw_id_only TRUE if the Software ID, only is transmitted + */ +pa_tnc_attr_t* ietf_swima_attr_sw_inv_create(uint8_t flags, uint32_t request_id, + bool sw_id_only); + +/** + * Creates an ietf_swima_attr_sw_inv_t object from received data + * + * @param length Total length of attribute value + * @param value Unparsed attribute value (might be a segment) + * @param sw_id_only TRUE if the Software ID, only is transmitted + */ +pa_tnc_attr_t* ietf_swima_attr_sw_inv_create_from_data(size_t length, + chunk_t value, bool sw_id_only); + +#endif /** IETF_SWIMA_ATTR_SW_INV_H_ @}*/ diff --git a/src/libimcv/imcv.h b/src/libimcv/imcv.h index e260ff8f6..0f44d8f6f 100644 --- a/src/libimcv/imcv.h +++ b/src/libimcv/imcv.h @@ -36,6 +36,9 @@ * @defgroup libimcv_swid swid * @ingroup libimcv * + * @defgroup libimcv_swima swima + * @ingroup libimcv + * * @addtogroup libimcv * @{ */ diff --git a/src/libimcv/imcv_tests.h b/src/libimcv/imcv_tests.h index d3ea24b1f..2a0e13206 100644 --- a/src/libimcv/imcv_tests.h +++ b/src/libimcv/imcv_tests.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2014 Andreas Steffen + * Copyright (C) 2014-2017 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -14,4 +14,4 @@ */ TEST_SUITE(imcv_seg_suite_create) - +TEST_SUITE(imcv_swima_suite_create) diff --git a/src/libimcv/imv/data.sql b/src/libimcv/imv/data.sql index fb0db91ee..a872499d2 100644 --- a/src/libimcv/imv/data.sql +++ b/src/libimcv/imv/data.sql @@ -652,114 +652,120 @@ INSERT INTO algorithms ( 8192, 'SHA384' ); +INSERT INTO algorithms ( + id, name +) VALUES ( + 4096, 'SHA512' +); + /* File Hashes */ INSERT INTO file_hashes ( - product, file, algo, hash + version, file, algo, hash ) VALUES ( - 28, 2, 32768, X'6c6f8e12f6cbfba612e780374c4cdcd40f20968a' + 2, 2, 32768, '6c6f8e12f6cbfba612e780374c4cdcd40f20968a' ); INSERT INTO file_hashes ( - product, file, algo, hash + version, file, algo, hash ) VALUES ( - 28, 2, 16384, X'dbcecd19d59310183cf5c31ddee29e8d7bec64d3f9583aad074330a1b3024b07' + 2, 2, 16384, 'dbcecd19d59310183cf5c31ddee29e8d7bec64d3f9583aad074330a1b3024b07' ); INSERT INTO file_hashes ( - product, file, algo, hash + version, file, algo, hash ) VALUES ( - 28, 2, 8192, X'197c5385e5853003188833d4f991136c1b0875fa416a60b1159f64e57e457b3184762c884a802a2bda194c058e3bd953' + 2, 2, 8192, '197c5385e5853003188833d4f991136c1b0875fa416a60b1159f64e57e457b3184762c884a802a2bda194c058e3bd953' ); INSERT INTO file_hashes ( - product, file, algo, hash + version, file, algo, hash ) VALUES ( - 28, 4, 32768, X'3ad204f99eb7262efab79cfca02628870ea76361' + 2, 4, 32768, '3ad204f99eb7262efab79cfca02628870ea76361' ); INSERT INTO file_hashes ( - product, file, algo, hash + version, file, algo, hash ) VALUES ( - 28, 4, 16384, X'3a2170aad92fdd58b55e0e199822bc873cf587b2d1eb1ed7ed8dcea97ae86376' + 2, 4, 16384, '3a2170aad92fdd58b55e0e199822bc873cf587b2d1eb1ed7ed8dcea97ae86376' ); INSERT INTO file_hashes ( - product, file, algo, hash + version, file, algo, hash ) VALUES ( - 28, 4, 8192, X'f778076baa876b5e4b502494a3db081fb09dd870dee6991d54104a74b7e009c58fe261db5ffd13c11e08ef0cefcfa59f' + 2, 4, 8192, 'f778076baa876b5e4b502494a3db081fb09dd870dee6991d54104a74b7e009c58fe261db5ffd13c11e08ef0cefcfa59f' ); INSERT INTO file_hashes ( - product, file, algo, hash + version, file, algo, hash ) VALUES ( - 28, 5, 32768, X'ecd9c7076cc0572724c7a67db7f19c2831e0445f' + 4, 5, 32768, 'ecd9c7076cc0572724c7a67db7f19c2831e0445f' ); INSERT INTO file_hashes ( - product, file, algo, hash + version, file, algo, hash ) VALUES ( - 28, 5, 16384, X'28f3ea5afd34444c8232ea75003131e294a0c9b847de300e4b205d38c1a41305' + 4, 5, 16384, '28f3ea5afd34444c8232ea75003131e294a0c9b847de300e4b205d38c1a41305' ); INSERT INTO file_hashes ( - product, file, algo, hash + version, file, algo, hash ) VALUES ( - 28, 5, 8192, X'51921a8b9322f2d3f06d55002ff40a79da67e70cb563b2a50977642d603dfac2ccbb68b3d32a8bb350769b75d6254208' + 4, 5, 8192, '51921a8b9322f2d3f06d55002ff40a79da67e70cb563b2a50977642d603dfac2ccbb68b3d32a8bb350769b75d6254208' ); INSERT INTO file_hashes ( - product, file, algo, hash + version, file, algo, hash ) VALUES ( - 18, 1, 32768, X'd9309b9e45928239d7a7b18711e690792632cce4' + 5, 1, 32768, 'd9309b9e45928239d7a7b18711e690792632cce4' ); INSERT INTO file_hashes ( - product, file, algo, hash + version, file, algo, hash ) VALUES ( - 18, 1, 16384, X'dbfa1856d278d8707c4989b30dd065b4bcd309908f0f2e6e66ff2aa83ff93f59' + 5, 1, 16384, 'dbfa1856d278d8707c4989b30dd065b4bcd309908f0f2e6e66ff2aa83ff93f59' ); INSERT INTO file_hashes ( - product, file, algo, hash + version, file, algo, hash ) VALUES ( - 18, 1, 8192, X'fb8d027f03bb5ebb47741ed247eb9e174127b714d20229885feb37e0979aeb14a1b74020cded891d680441093625729c' + 5, 1, 8192, 'fb8d027f03bb5ebb47741ed247eb9e174127b714d20229885feb37e0979aeb14a1b74020cded891d680441093625729c' ); INSERT INTO file_hashes ( - product, file, algo, hash + version, file, algo, hash ) VALUES ( - 18, 3, 32768, X'3715f2f94016a91fab5bbc503f0f1d43c5a9fc2b' + 5, 3, 32768, '3715f2f94016a91fab5bbc503f0f1d43c5a9fc2b' ); INSERT INTO file_hashes ( - product, file, algo, hash + version, file, algo, hash ) VALUES ( - 18, 3, 16384, X'c03a5296b5decb87b01517f9927a8b2349dfb29ff9f5ba084f994c155ca5d4be' + 5, 3, 16384, 'c03a5296b5decb87b01517f9927a8b2349dfb29ff9f5ba084f994c155ca5d4be' ); INSERT INTO file_hashes ( - product, file, algo, hash + version, file, algo, hash ) VALUES ( - 18, 3, 8192, X'b8bc345f56115235cc6091f61e312ce43ea54a5b99e7295002ae7b415fd35e06ec4c731ab70ad00d784bb53a318a2fa0' + 5, 3, 8192, 'b8bc345f56115235cc6091f61e312ce43ea54a5b99e7295002ae7b415fd35e06ec4c731ab70ad00d784bb53a318a2fa0' ); INSERT INTO file_hashes ( - product, file, algo, hash + version, file, algo, hash ) VALUES ( - 18, 5, 32768, X'e59602f4edf24c1b36199588886d06665d4adcd7' + 6, 5, 32768, 'e59602f4edf24c1b36199588886d06665d4adcd7' ); INSERT INTO file_hashes ( - product, file, algo, hash + version, file, algo, hash ) VALUES ( - 18, 5, 16384, X'090e1b77bda7fe665e498c6b5e09dbb7ddc5cfe57f213de48f4fb6736484f500' + 6, 5, 16384, '090e1b77bda7fe665e498c6b5e09dbb7ddc5cfe57f213de48f4fb6736484f500' ); INSERT INTO file_hashes ( - product, file, algo, hash + version, file, algo, hash ) VALUES ( - 18, 5, 8192, X'7cbdb4612a13443dba910ecdef5161f2213e52c9b4a2eef14bcee5d287e9df931cd022e9e9715518ad9c9b6e3384a668' + 6, 5, 8192, '7cbdb4612a13443dba910ecdef5161f2213e52c9b4a2eef14bcee5d287e9df931cd022e9e9715518ad9c9b6e3384a668' ); /* Packages */ @@ -790,30 +796,42 @@ INSERT INTO packages ( /* 4 */ /* Versions */ -INSERT INTO versions ( +INSERT INTO versions ( /* 1 */ package, product, release, time ) VALUES ( 1, 28, '1.0.1e-2', 1366531494 ); -INSERT INTO versions ( +INSERT INTO versions ( /* 2 */ package, product, release, time ) VALUES ( 2, 28, '1.0.1e-2', 1366531494 ); -INSERT INTO versions ( +INSERT INTO versions ( /* 3 */ package, product, release, time ) VALUES ( 3, 28, '1.0.1e-2', 1366531494 ); -INSERT INTO versions ( +INSERT INTO versions ( /* 4 */ package, product, release, time ) VALUES ( 4, 28, '1.0.1e-2', 1366531494 ); +INSERT INTO versions ( /* 5 */ + package, product, time +) VALUES ( + 2, 18, 1350544774 +); + +INSERT INTO versions ( /* 6 */ + package, product, time +) VALUES ( + 4, 18, 1350544774 +); + /* Components */ INSERT INTO components ( @@ -1681,59 +1699,59 @@ INSERT INTO enforcements ( /* 18 */ INSERT INTO "swid_entities" ( /* 1 */ "name", "regid" ) VALUES ( - 'strongSwan Project', 'regid.2004-03.org.strongswan' + 'strongSwan Project', 'strongswan.org' ); INSERT INTO swid_entities ( /* 2 */ "name", "regid" ) VALUES ( - 'Adobe Systems Inc.', 'regid.1986-12.com.adobe' + 'Adobe Systems Inc.', 'adobe.com' ); INSERT INTO swid_entities ( /* 3 */ "name", "regid" ) VALUES ( - 'Microsoft Corporation', 'regid.1991-06.com.microsoft' + 'Microsoft Corporation', 'microsoft.com' ); INSERT INTO swid_entities ( /* 4 */ "name", "regid" ) VALUES ( - 'Ubuntu Project', 'regid.2004-05.com.ubuntu' + 'Ubuntu Project', 'ubuntu.com' ); INSERT INTO swid_entities ( /* 5 */ "name", "regid" ) VALUES ( - 'Apache Software Foundation', 'regid.1995-04.org.apache' + 'Apache Software Foundation', 'apache.org' ); INSERT INTO swid_entities ( /* 6 */ "name", "regid" ) VALUES ( - 'Debian Project', 'regid.1999-03.org.debian' + 'Debian Project', 'debian.org' ); INSERT INTO swid_entities ( /* 7 */ "name", "regid" ) VALUES ( - 'Internet Systems Consortium', 'regid.1994-04.org.isc' + 'Internet Systems Consortium', 'isc.org' ); INSERT INTO swid_entities ( /* 8 */ "name", "regid" ) VALUES ( - 'OpenSSL Project', 'regid.1998-12.org.openssl' + 'OpenSSL Project', 'openssl.org' ); INSERT INTO swid_entities ( /* 9 */ "name", "regid" ) VALUES ( - 'Samba Project', 'regid.1998-01.org.samba' + 'Samba Project', 'samba.org' ); INSERT INTO swid_entities ( /* 10 */ "name", "regid" ) VALUES ( - 'SQLite Project', 'regid.2002-08.org.sqlite' + 'SQLite Project', 'sqlite.org' ); diff --git a/src/libimcv/imv/imv_policy_manager.c b/src/libimcv/imv/imv_policy_manager.c index b730f8c41..1988873e9 100644 --- a/src/libimcv/imv/imv_policy_manager.c +++ b/src/libimcv/imv/imv_policy_manager.c @@ -130,6 +130,31 @@ static bool iterate_enforcements(database_t *db, int device_id, int session_id, case IMV_WORKITEM_DIR_META: arg_int = dir; break; + case IMV_WORKITEM_SWID_TAGS: + /* software [identifier] inventory by default */ + arg_int = 0; + + /* software identifiers only? */ + if (device_id && strchr(argument, 'R')) + { + /* get last EID in order to set earliest EID */ + e2 = db->query(db, + "SELECT eid FROM swid_events where device == ? " + "ORDER BY eid DESC", DB_UINT, device_id, DB_INT); + if (e2) + { + if (e2->enumerate(e2, &arg_int)) + { + arg_int++; + } + else + { + arg_int = 1; + } + e2->destroy(e2); + } + } + break; default: arg_int = 0; } diff --git a/src/libimcv/imv/tables.sql b/src/libimcv/imv/tables.sql index 5c2a6563b..8bde8898f 100644 --- a/src/libimcv/imv/tables.sql +++ b/src/libimcv/imv/tables.sql @@ -41,11 +41,15 @@ DROP TABLE IF EXISTS file_hashes; CREATE TABLE file_hashes ( id INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT, file INTEGER NOT NULL REFERENCES files(id), - product INTEGER NOT NULL REFERENCES products(id), - device INTEGER DEFAULT 0 REFERENCES devices(id), + version INTEGER REFERENCES versions(id), + device INTEGER REFERENCES devices(id), + size INTEGER, algo INTEGER NOT NULL REFERENCES algorithms(id), - hash BLOB NOT NULL + hash VARCHAR(64) NOT NULL, + mutable INTEGER DEFAULT 0 ); +DROP INDEX IF EXISTS "file_hashes_idx"; +CREATE INDEX "file_hashes_idx" ON "file_hashes" ("file", "version", "algo"); DROP TABLE IF EXISTS groups; CREATE TABLE groups ( @@ -177,9 +181,9 @@ CREATE INDEX packages_name ON packages ( DROP TABLE IF EXISTS versions; CREATE TABLE versions ( id INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT, - package INTEGER NOT NULL REFERENCES packages(id), product INTEGER NOT NULL REFERENCES products(id), - release TEXT NOT NULL, + package INTEGER NOT NULL REFERENCES packages(id), + release TEXT, security INTEGER DEFAULT 0, blacklist INTEGER DEFAULT 0, time INTEGER DEFAULT 0 @@ -302,14 +306,47 @@ CREATE INDEX "swid_tags_sessions_session_id" ON "swid_tags_sessions" ( DROP TABLE IF EXISTS "swid_tagstats"; CREATE TABLE "swid_tagstats" ( - "id" integer NOT NULL PRIMARY KEY, - "tag_id" integer NOT NULL REFERENCES "swid_tags" ("id"), - "device_id" integer NOT NULL REFERENCES "devices" ("id"), - "first_seen_id" integer NOT NULL REFERENCES "sessions" ("id"), - "last_seen_id" integer NOT NULL REFERENCES "sessions" ("id"), + "id" INTEGER NOT NULL PRIMARY KEY, + "tag_id" INTEGER NOT NULL REFERENCES "swid_tags" ("id"), + "device_id" INTEGER NOT NULL REFERENCES "devices" ("id"), + "first_seen_id" INTEGER NOT NULL REFERENCES "sessions" ("id"), + "last_seen_id" INTEGER NOT NULL REFERENCES "sessions" ("id"), + "first_installed_id" INTEGER REFERENCES "swid_events" ("id"), + "last_deleted_id" INTEGER REFERENCES "swid_events" ("id"), UNIQUE ("tag_id", "device_id") ); CREATE INDEX "swid_tagstats_tag_id" ON "swid_tagstats" ("tag_id"); CREATE INDEX "swid_tagstats_device_id" ON "swid_tagstats" ("device_id"); CREATE INDEX "swid_tagstats_first_seen_id" ON "swid_tagstats" ("first_seen_id"); CREATE INDEX "swid_tagstats_last_seen_id" ON "swid_tagstats" ("last_seen_id"); + +DROP TABLE IF EXISTS "swid_events"; +CREATE TABLE "swid_events" ( + "id" INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT, + "device" INTEGER REFERENCES "devices" ("id"), + "epoch" INTEGER NOT NULL, + "eid" INTEGER NOT NULL, + "timestamp" CHAR(20) NOT NULL +); +DROP INDEX IF EXISTS "swid_events_device"; +CREATE INDEX "swid_events_device" ON "swid_events" ( + "device" +); + +DROP TABLE IF EXISTS "swid_tags_events"; +CREATE TABLE "swid_tags_events" ( + "id" INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT, + "tag_id" INTEGER NOT NULL REFERENCES "swid_tags" ("id"), + "event_id" INTEGER NOT NULL REFERENCES "swid_events" ("id"), + "action" INTEGER NOT NULL, + "record_id" INTEGER DEFAULT 0, + "source_id" INTEGER DEFAULT 0 +); +DROP INDEX IF EXISTS "swid_tags_events_event_id"; +DROP INDEX IF EXISTS "swid_tags_events_tag_id"; +CREATE INDEX "swid_tags_events_event_id" ON "swid_tags_events" ( + "event_id" +); +CREATE INDEX "swid_tags_events_tag_id" ON "swid_tags_events" ( + "tag_id" +); diff --git a/src/libimcv/pa_tnc/pa_tnc_msg.c b/src/libimcv/pa_tnc/pa_tnc_msg.c index 17c649dfd..5f5add704 100644 --- a/src/libimcv/pa_tnc/pa_tnc_msg.c +++ b/src/libimcv/pa_tnc/pa_tnc_msg.c @@ -299,8 +299,9 @@ METHOD(pa_tnc_msg_t, process_ietf_std_errors, bool, error_code = error_attr->get_error_code(error_attr); msg_info = error_attr->get_msg_info(error_attr); - /* skip errors from non-IETF namespaces */ - if (error_code.vendor_id != PEN_IETF) + /* skip errors from non-IETF namespaces and non PA-TNC msg errors */ + if (error_code.vendor_id != PEN_IETF || + error_code.type > PA_ERROR_PA_TNC_MSG_ROOF) { continue; } diff --git a/src/libimcv/plugins/imc_attestation/Makefile.in b/src/libimcv/plugins/imc_attestation/Makefile.in index d67050f0d..1600d4d2f 100644 --- a/src/libimcv/plugins/imc_attestation/Makefile.in +++ b/src/libimcv/plugins/imc_attestation/Makefile.in @@ -311,8 +311,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -413,6 +411,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -441,6 +441,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libimcv/plugins/imc_hcd/Makefile.in b/src/libimcv/plugins/imc_hcd/Makefile.in index 981af3964..b12499d82 100644 --- a/src/libimcv/plugins/imc_hcd/Makefile.in +++ b/src/libimcv/plugins/imc_hcd/Makefile.in @@ -308,8 +308,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -410,6 +408,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -438,6 +438,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libimcv/plugins/imc_os/Makefile.in b/src/libimcv/plugins/imc_os/Makefile.in index aa0c49aeb..14c6e02a0 100644 --- a/src/libimcv/plugins/imc_os/Makefile.in +++ b/src/libimcv/plugins/imc_os/Makefile.in @@ -308,8 +308,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -410,6 +408,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -438,6 +438,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libimcv/plugins/imc_scanner/Makefile.in b/src/libimcv/plugins/imc_scanner/Makefile.in index 63b43154c..664ffdff6 100644 --- a/src/libimcv/plugins/imc_scanner/Makefile.in +++ b/src/libimcv/plugins/imc_scanner/Makefile.in @@ -309,8 +309,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -411,6 +409,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -439,6 +439,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libimcv/plugins/imc_swid/Makefile.am b/src/libimcv/plugins/imc_swid/Makefile.am index c1cdb988a..22f2e3762 100644 --- a/src/libimcv/plugins/imc_swid/Makefile.am +++ b/src/libimcv/plugins/imc_swid/Makefile.am @@ -1,21 +1,20 @@ -regid = regid.2004-03.org.strongswan +regid = strongswan.org unique_sw_id = strongSwan-$(PACKAGE_VERSION_MAJOR)-$(PACKAGE_VERSION_MINOR)-$(PACKAGE_VERSION_BUILD)$(PACKAGE_VERSION_REVIEW) -swid_tag = $(regid)_$(unique_sw_id).swidtag +swid_tag = $(regid)__$(unique_sw_id).swidtag -swiddir = $(prefix)/share/$(regid) -swid_DATA = $(swid_tag) -ipsec_DATA = $(swid_tag) -EXTRA_DIST = $(regid)_strongSwan.swidtag.in -CLEANFILES = $(regid)_strongSwan*.swidtag +swiddir = $(pkgdatadir)/swidtag +dist_swid_DATA = $(swid_tag) +EXTRA_DIST = $(regid)__strongSwan.swidtag.in +CLEANFILES = $(regid)__strongSwan*.swidtag -$(swid_tag) : regid.2004-03.org.strongswan_strongSwan.swidtag.in +$(swid_tag) : $(regid)__strongSwan.swidtag.in $(AM_V_GEN) \ sed \ -e "s:@VERSION_MAJOR@:$(PACKAGE_VERSION_MAJOR):" \ -e "s:@VERSION_MINOR@:$(PACKAGE_VERSION_MINOR):" \ -e "s:@VERSION_BUILD@:$(PACKAGE_VERSION_BUILD):" \ -e "s:@VERSION_REVIEW@:$(PACKAGE_VERSION_REVIEW):" \ - $(srcdir)/$(regid)_strongSwan.swidtag.in > $@ + $(srcdir)/$(regid)__strongSwan.swidtag.in > $@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libstrongswan \ diff --git a/src/libimcv/plugins/imc_swid/Makefile.in b/src/libimcv/plugins/imc_swid/Makefile.in index 02bc2bfef..b6a77dda4 100644 --- a/src/libimcv/plugins/imc_swid/Makefile.in +++ b/src/libimcv/plugins/imc_swid/Makefile.in @@ -103,7 +103,8 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) -DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) +DIST_COMMON = $(srcdir)/Makefile.am $(dist_swid_DATA) \ + $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -135,8 +136,7 @@ am__uninstall_files_from_dir = { \ || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ $(am__cd) "$$dir" && rm -f $$files; }; \ } -am__installdirs = "$(DESTDIR)$(imcvdir)" "$(DESTDIR)$(ipsecdir)" \ - "$(DESTDIR)$(swiddir)" +am__installdirs = "$(DESTDIR)$(imcvdir)" "$(DESTDIR)$(swiddir)" LTLIBRARIES = $(imcv_LTLIBRARIES) imc_swid_la_DEPENDENCIES = $(top_builddir)/src/libimcv/libimcv.la \ $(top_builddir)/src/libstrongswan/libstrongswan.la @@ -190,7 +190,7 @@ am__can_run_installinfo = \ n|no|NO) false;; \ *) (install-info --version) >/dev/null 2>&1;; \ esac -DATA = $(ipsec_DATA) $(swid_DATA) +DATA = $(dist_swid_DATA) am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) # Read a list of newline-separated strings from the standard input, # and print each of them once, without duplicates. Input order is @@ -311,8 +311,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -413,6 +411,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -441,17 +441,20 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ -regid = regid.2004-03.org.strongswan +regid = strongswan.org unique_sw_id = strongSwan-$(PACKAGE_VERSION_MAJOR)-$(PACKAGE_VERSION_MINOR)-$(PACKAGE_VERSION_BUILD)$(PACKAGE_VERSION_REVIEW) -swid_tag = $(regid)_$(unique_sw_id).swidtag -swiddir = $(prefix)/share/$(regid) -swid_DATA = $(swid_tag) -ipsec_DATA = $(swid_tag) -EXTRA_DIST = $(regid)_strongSwan.swidtag.in -CLEANFILES = $(regid)_strongSwan*.swidtag +swid_tag = $(regid)__$(unique_sw_id).swidtag +swiddir = $(pkgdatadir)/swidtag +dist_swid_DATA = $(swid_tag) +EXTRA_DIST = $(regid)__strongSwan.swidtag.in +CLEANFILES = $(regid)__strongSwan*.swidtag AM_CPPFLAGS = \ -I$(top_srcdir)/src/libstrongswan \ -I$(top_srcdir)/src/libtncif \ @@ -578,30 +581,9 @@ mostlyclean-libtool: clean-libtool: -rm -rf .libs _libs -install-ipsecDATA: $(ipsec_DATA) +install-dist_swidDATA: $(dist_swid_DATA) @$(NORMAL_INSTALL) - @list='$(ipsec_DATA)'; test -n "$(ipsecdir)" || list=; \ - if test -n "$$list"; then \ - echo " $(MKDIR_P) '$(DESTDIR)$(ipsecdir)'"; \ - $(MKDIR_P) "$(DESTDIR)$(ipsecdir)" || exit 1; \ - fi; \ - for p in $$list; do \ - if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ - echo "$$d$$p"; \ - done | $(am__base_list) | \ - while read files; do \ - echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(ipsecdir)'"; \ - $(INSTALL_DATA) $$files "$(DESTDIR)$(ipsecdir)" || exit $$?; \ - done - -uninstall-ipsecDATA: - @$(NORMAL_UNINSTALL) - @list='$(ipsec_DATA)'; test -n "$(ipsecdir)" || list=; \ - files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ - dir='$(DESTDIR)$(ipsecdir)'; $(am__uninstall_files_from_dir) -install-swidDATA: $(swid_DATA) - @$(NORMAL_INSTALL) - @list='$(swid_DATA)'; test -n "$(swiddir)" || list=; \ + @list='$(dist_swid_DATA)'; test -n "$(swiddir)" || list=; \ if test -n "$$list"; then \ echo " $(MKDIR_P) '$(DESTDIR)$(swiddir)'"; \ $(MKDIR_P) "$(DESTDIR)$(swiddir)" || exit 1; \ @@ -615,9 +597,9 @@ install-swidDATA: $(swid_DATA) $(INSTALL_DATA) $$files "$(DESTDIR)$(swiddir)" || exit $$?; \ done -uninstall-swidDATA: +uninstall-dist_swidDATA: @$(NORMAL_UNINSTALL) - @list='$(swid_DATA)'; test -n "$(swiddir)" || list=; \ + @list='$(dist_swid_DATA)'; test -n "$(swiddir)" || list=; \ files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ dir='$(DESTDIR)$(swiddir)'; $(am__uninstall_files_from_dir) @@ -707,7 +689,7 @@ check-am: all-am check: check-am all-am: Makefile $(LTLIBRARIES) $(DATA) installdirs: - for dir in "$(DESTDIR)$(imcvdir)" "$(DESTDIR)$(ipsecdir)" "$(DESTDIR)$(swiddir)"; do \ + for dir in "$(DESTDIR)$(imcvdir)" "$(DESTDIR)$(swiddir)"; do \ test -z "$$dir" || $(MKDIR_P) "$$dir"; \ done install: install-am @@ -764,8 +746,7 @@ info: info-am info-am: -install-data-am: install-imcvLTLIBRARIES install-ipsecDATA \ - install-swidDATA +install-data-am: install-dist_swidDATA install-imcvLTLIBRARIES install-dvi: install-dvi-am @@ -811,8 +792,7 @@ ps: ps-am ps-am: -uninstall-am: uninstall-imcvLTLIBRARIES uninstall-ipsecDATA \ - uninstall-swidDATA +uninstall-am: uninstall-dist_swidDATA uninstall-imcvLTLIBRARIES .MAKE: install-am install-strip @@ -821,28 +801,28 @@ uninstall-am: uninstall-imcvLTLIBRARIES uninstall-ipsecDATA \ ctags-am distclean distclean-compile distclean-generic \ distclean-libtool distclean-tags distdir dvi dvi-am html \ html-am info info-am install install-am install-data \ - install-data-am install-dvi install-dvi-am install-exec \ - install-exec-am install-html install-html-am \ - install-imcvLTLIBRARIES install-info install-info-am \ - install-ipsecDATA install-man install-pdf install-pdf-am \ - install-ps install-ps-am install-strip install-swidDATA \ - installcheck installcheck-am installdirs maintainer-clean \ + install-data-am install-dist_swidDATA install-dvi \ + install-dvi-am install-exec install-exec-am install-html \ + install-html-am install-imcvLTLIBRARIES install-info \ + install-info-am install-man install-pdf install-pdf-am \ + install-ps install-ps-am install-strip installcheck \ + installcheck-am installdirs maintainer-clean \ maintainer-clean-generic mostlyclean mostlyclean-compile \ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ - tags tags-am uninstall uninstall-am uninstall-imcvLTLIBRARIES \ - uninstall-ipsecDATA uninstall-swidDATA + tags tags-am uninstall uninstall-am uninstall-dist_swidDATA \ + uninstall-imcvLTLIBRARIES .PRECIOUS: Makefile -$(swid_tag) : regid.2004-03.org.strongswan_strongSwan.swidtag.in +$(swid_tag) : $(regid)__strongSwan.swidtag.in $(AM_V_GEN) \ sed \ -e "s:@VERSION_MAJOR@:$(PACKAGE_VERSION_MAJOR):" \ -e "s:@VERSION_MINOR@:$(PACKAGE_VERSION_MINOR):" \ -e "s:@VERSION_BUILD@:$(PACKAGE_VERSION_BUILD):" \ -e "s:@VERSION_REVIEW@:$(PACKAGE_VERSION_REVIEW):" \ - $(srcdir)/$(regid)_strongSwan.swidtag.in > $@ + $(srcdir)/$(regid)__strongSwan.swidtag.in > $@ # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libimcv/plugins/imc_swid/imc_swid.c b/src/libimcv/plugins/imc_swid/imc_swid.c index 0dcb9afb6..1468a59cc 100644 --- a/src/libimcv/plugins/imc_swid/imc_swid.c +++ b/src/libimcv/plugins/imc_swid/imc_swid.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2013-2015 Andreas Steffen + * Copyright (C) 2013-2017 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -30,8 +30,6 @@ #include #include -#define SWID_GENERATOR "/usr/local/bin/swid_generator" - /* IMC definitions */ static const char imc_name[] = "SWID"; @@ -165,7 +163,7 @@ static bool add_swid_inventory(imc_state_t *state, imc_msg_t *msg, pa_tnc_attr_t *attr, *attr_error; imc_swid_state_t *swid_state; swid_inventory_t *swid_inventory; - char *swid_directory, *swid_generator; + char *swid_directory; uint32_t eid_epoch; bool swid_pretty, swid_full; enumerator_t *enumerator; @@ -173,9 +171,6 @@ static bool add_swid_inventory(imc_state_t *state, imc_msg_t *msg, swid_directory = lib->settings->get_str(lib->settings, "%s.plugins.imc-swid.swid_directory", SWID_DIRECTORY, lib->ns); - swid_generator = lib->settings->get_str(lib->settings, - "%s.plugins.imc-swid.swid_generator", - SWID_GENERATOR, lib->ns); swid_pretty = lib->settings->get_bool(lib->settings, "%s.plugins.imc-swid.swid_pretty", FALSE, lib->ns); @@ -184,8 +179,8 @@ static bool add_swid_inventory(imc_state_t *state, imc_msg_t *msg, FALSE, lib->ns); swid_inventory = swid_inventory_create(full_tags); - if (!swid_inventory->collect(swid_inventory, swid_directory, swid_generator, - targets, swid_pretty, swid_full)) + if (!swid_inventory->collect(swid_inventory, swid_directory, targets, + swid_pretty, swid_full)) { swid_inventory->destroy(swid_inventory); attr_error = swid_error_create(TCG_SWID_ERROR, request_id, diff --git a/src/libimcv/plugins/imc_swid/regid.2004-03.org.strongswan_strongSwan.swidtag.in b/src/libimcv/plugins/imc_swid/regid.2004-03.org.strongswan_strongSwan.swidtag.in deleted file mode 100644 index 8b7b50fdf..000000000 --- a/src/libimcv/plugins/imc_swid/regid.2004-03.org.strongswan_strongSwan.swidtag.in +++ /dev/null @@ -1,12 +0,0 @@ - - - - - diff --git a/src/libimcv/plugins/imc_swid/strongswan.org__strongSwan-5-6-0.swidtag b/src/libimcv/plugins/imc_swid/strongswan.org__strongSwan-5-6-0.swidtag new file mode 100644 index 000000000..644c0989c --- /dev/null +++ b/src/libimcv/plugins/imc_swid/strongswan.org__strongSwan-5-6-0.swidtag @@ -0,0 +1,11 @@ + + + + diff --git a/src/libimcv/plugins/imc_swid/strongswan.org__strongSwan.swidtag.in b/src/libimcv/plugins/imc_swid/strongswan.org__strongSwan.swidtag.in new file mode 100644 index 000000000..0e5aa8d4d --- /dev/null +++ b/src/libimcv/plugins/imc_swid/strongswan.org__strongSwan.swidtag.in @@ -0,0 +1,11 @@ + + + + diff --git a/src/libimcv/plugins/imc_swima/Makefile.am b/src/libimcv/plugins/imc_swima/Makefile.am new file mode 100644 index 000000000..4a29e7949 --- /dev/null +++ b/src/libimcv/plugins/imc_swima/Makefile.am @@ -0,0 +1,33 @@ +regid = strongswan.org +unique_sw_id = strongSwan-$(PACKAGE_VERSION_MAJOR)-$(PACKAGE_VERSION_MINOR)-$(PACKAGE_VERSION_BUILD)$(PACKAGE_VERSION_REVIEW) +swid_tag = $(regid)__$(unique_sw_id).swidtag + +swiddir = $(pkgdatadir)/swidtag +dist_swid_DATA = $(swid_tag) +EXTRA_DIST = $(regid)__strongSwan.swidtag.in +CLEANFILES = $(regid)__strongSwan*.swidtag + +$(swid_tag) : $(regid)__strongSwan.swidtag.in + $(AM_V_GEN) \ + sed \ + -e "s:@VERSION_MAJOR@:$(PACKAGE_VERSION_MAJOR):" \ + -e "s:@VERSION_MINOR@:$(PACKAGE_VERSION_MINOR):" \ + -e "s:@VERSION_BUILD@:$(PACKAGE_VERSION_BUILD):" \ + -e "s:@VERSION_REVIEW@:$(PACKAGE_VERSION_REVIEW):" \ + $(srcdir)/$(regid)__strongSwan.swidtag.in > $@ + +AM_CPPFLAGS = \ + -I$(top_srcdir)/src/libstrongswan \ + -I$(top_srcdir)/src/libtncif \ + -I$(top_srcdir)/src/libimcv + +AM_CFLAGS = \ + $(PLUGIN_CFLAGS) $(json_CFLAGS) + +imcv_LTLIBRARIES = imc-swima.la + +imc_swima_la_LIBADD = \ + $(top_builddir)/src/libimcv/libimcv.la \ + $(top_builddir)/src/libstrongswan/libstrongswan.la +imc_swima_la_SOURCES = imc_swima.c imc_swima_state.h imc_swima_state.c +imc_swima_la_LDFLAGS = -module -avoid-version -no-undefined diff --git a/src/libimcv/plugins/imc_swima/Makefile.in b/src/libimcv/plugins/imc_swima/Makefile.in new file mode 100644 index 000000000..ae1d024af --- /dev/null +++ b/src/libimcv/plugins/imc_swima/Makefile.in @@ -0,0 +1,828 @@ +# Makefile.in generated by automake 1.15 from Makefile.am. +# @configure_input@ + +# Copyright (C) 1994-2014 Free Software Foundation, Inc. + +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +@SET_MAKE@ + + +VPATH = @srcdir@ +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} +am__make_running_with_option = \ + case $${target_option-} in \ + ?) ;; \ + *) echo "am__make_running_with_option: internal error: invalid" \ + "target option '$${target_option-}' specified" >&2; \ + exit 1;; \ + esac; \ + has_opt=no; \ + sane_makeflags=$$MAKEFLAGS; \ + if $(am__is_gnu_make); then \ + sane_makeflags=$$MFLAGS; \ + else \ + case $$MAKEFLAGS in \ + *\\[\ \ ]*) \ + bs=\\; \ + sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ + | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ + esac; \ + fi; \ + skip_next=no; \ + strip_trailopt () \ + { \ + flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ + }; \ + for flg in $$sane_makeflags; do \ + test $$skip_next = yes && { skip_next=no; continue; }; \ + case $$flg in \ + *=*|--*) continue;; \ + -*I) strip_trailopt 'I'; skip_next=yes;; \ + -*I?*) strip_trailopt 'I';; \ + -*O) strip_trailopt 'O'; skip_next=yes;; \ + -*O?*) strip_trailopt 'O';; \ + -*l) strip_trailopt 'l'; skip_next=yes;; \ + -*l?*) strip_trailopt 'l';; \ + -[dEDm]) skip_next=yes;; \ + -[JT]) skip_next=yes;; \ + esac; \ + case $$flg in \ + *$$target_option*) has_opt=yes; break;; \ + esac; \ + done; \ + test $$has_opt = yes +am__make_dryrun = (target_option=n; $(am__make_running_with_option)) +am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) +pkgdatadir = $(datadir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ +am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +install_sh_DATA = $(install_sh) -c -m 644 +install_sh_PROGRAM = $(install_sh) -c +install_sh_SCRIPT = $(install_sh) -c +INSTALL_HEADER = $(INSTALL_DATA) +transform = $(program_transform_name) +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +build_triplet = @build@ +host_triplet = @host@ +subdir = src/libimcv/plugins/imc_swima +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ + $(top_srcdir)/m4/config/ltoptions.m4 \ + $(top_srcdir)/m4/config/ltsugar.m4 \ + $(top_srcdir)/m4/config/ltversion.m4 \ + $(top_srcdir)/m4/config/lt~obsolete.m4 \ + $(top_srcdir)/m4/macros/split-package-version.m4 \ + $(top_srcdir)/m4/macros/with.m4 \ + $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/m4/macros/add-plugin.m4 \ + $(top_srcdir)/configure.ac +am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ + $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(dist_swid_DATA) \ + $(am__DIST_COMMON) +mkinstalldirs = $(install_sh) -d +CONFIG_HEADER = $(top_builddir)/config.h +CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = +am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; +am__vpath_adj = case $$p in \ + $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ + *) f=$$p;; \ + esac; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' +am__uninstall_files_from_dir = { \ + test -z "$$files" \ + || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ + || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ + $(am__cd) "$$dir" && rm -f $$files; }; \ + } +am__installdirs = "$(DESTDIR)$(imcvdir)" "$(DESTDIR)$(swiddir)" +LTLIBRARIES = $(imcv_LTLIBRARIES) +imc_swima_la_DEPENDENCIES = $(top_builddir)/src/libimcv/libimcv.la \ + $(top_builddir)/src/libstrongswan/libstrongswan.la +am_imc_swima_la_OBJECTS = imc_swima.lo imc_swima_state.lo +imc_swima_la_OBJECTS = $(am_imc_swima_la_OBJECTS) +AM_V_lt = $(am__v_lt_@AM_V@) +am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) +am__v_lt_0 = --silent +am__v_lt_1 = +imc_swima_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ + $(imc_swima_la_LDFLAGS) $(LDFLAGS) -o $@ +AM_V_P = $(am__v_P_@AM_V@) +am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) +am__v_P_0 = false +am__v_P_1 = : +AM_V_GEN = $(am__v_GEN_@AM_V@) +am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) +am__v_GEN_0 = @echo " GEN " $@; +am__v_GEN_1 = +AM_V_at = $(am__v_at_@AM_V@) +am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) +am__v_at_0 = @ +am__v_at_1 = +DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) +depcomp = $(SHELL) $(top_srcdir)/depcomp +am__depfiles_maybe = depfiles +am__mv = mv -f +COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ + $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \ + $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \ + $(AM_CFLAGS) $(CFLAGS) +AM_V_CC = $(am__v_CC_@AM_V@) +am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@) +am__v_CC_0 = @echo " CC " $@; +am__v_CC_1 = +CCLD = $(CC) +LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ + $(AM_LDFLAGS) $(LDFLAGS) -o $@ +AM_V_CCLD = $(am__v_CCLD_@AM_V@) +am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) +am__v_CCLD_0 = @echo " CCLD " $@; +am__v_CCLD_1 = +SOURCES = $(imc_swima_la_SOURCES) +DIST_SOURCES = $(imc_swima_la_SOURCES) +am__can_run_installinfo = \ + case $$AM_UPDATE_INFO_DIR in \ + n|no|NO) false;; \ + *) (install-info --version) >/dev/null 2>&1;; \ + esac +DATA = $(dist_swid_DATA) +am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) +# Read a list of newline-separated strings from the standard input, +# and print each of them once, without duplicates. Input order is +# *not* preserved. +am__uniquify_input = $(AWK) '\ + BEGIN { nonempty = 0; } \ + { items[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in items) print i; }; } \ +' +# Make sure the list of sources is unique. This is necessary because, +# e.g., the same source file might be shared among _SOURCES variables +# for different programs/libraries. +am__define_uniq_tagged_files = \ + list='$(am__tagged_files)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | $(am__uniquify_input)` +ETAGS = etags +CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +ACLOCAL = @ACLOCAL@ +ALLOCA = @ALLOCA@ +AMTAR = @AMTAR@ +AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ +AR = @AR@ +ATOMICLIB = @ATOMICLIB@ +AUTOCONF = @AUTOCONF@ +AUTOHEADER = @AUTOHEADER@ +AUTOMAKE = @AUTOMAKE@ +AWK = @AWK@ +BFDLIB = @BFDLIB@ +BTLIB = @BTLIB@ +CC = @CC@ +CCDEPMODE = @CCDEPMODE@ +CFLAGS = @CFLAGS@ +COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ +COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ +CPP = @CPP@ +CPPFLAGS = @CPPFLAGS@ +CYGPATH_W = @CYGPATH_W@ +DEFS = @DEFS@ +DEPDIR = @DEPDIR@ +DLLIB = @DLLIB@ +DLLTOOL = @DLLTOOL@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ +EASY_INSTALL = @EASY_INSTALL@ +ECHO_C = @ECHO_C@ +ECHO_N = @ECHO_N@ +ECHO_T = @ECHO_T@ +EGREP = @EGREP@ +EXEEXT = @EXEEXT@ +FGREP = @FGREP@ +GEM = @GEM@ +GENHTML = @GENHTML@ +GPERF = @GPERF@ +GPRBUILD = @GPRBUILD@ +GREP = @GREP@ +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LCOV = @LCOV@ +LD = @LD@ +LDFLAGS = @LDFLAGS@ +LEX = @LEX@ +LEXLIB = @LEXLIB@ +LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ +LIBOBJS = @LIBOBJS@ +LIBS = @LIBS@ +LIBTOOL = @LIBTOOL@ +LIPO = @LIPO@ +LN_S = @LN_S@ +LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ +MAKEINFO = @MAKEINFO@ +MANIFEST_TOOL = @MANIFEST_TOOL@ +MKDIR_P = @MKDIR_P@ +MYSQLCFLAG = @MYSQLCFLAG@ +MYSQLCONFIG = @MYSQLCONFIG@ +MYSQLLIB = @MYSQLLIB@ +NM = @NM@ +NMEDIT = @NMEDIT@ +OBJDUMP = @OBJDUMP@ +OBJEXT = @OBJEXT@ +OPENSSL_LIB = @OPENSSL_LIB@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ +PACKAGE = @PACKAGE@ +PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ +PACKAGE_NAME = @PACKAGE_NAME@ +PACKAGE_STRING = @PACKAGE_STRING@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ +PACKAGE_VERSION = @PACKAGE_VERSION@ +PACKAGE_VERSION_BUILD = @PACKAGE_VERSION_BUILD@ +PACKAGE_VERSION_MAJOR = @PACKAGE_VERSION_MAJOR@ +PACKAGE_VERSION_MINOR = @PACKAGE_VERSION_MINOR@ +PACKAGE_VERSION_REVIEW = @PACKAGE_VERSION_REVIEW@ +PATH_SEPARATOR = @PATH_SEPARATOR@ +PERL = @PERL@ +PKG_CONFIG = @PKG_CONFIG@ +PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ +PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ +PLUGIN_CFLAGS = @PLUGIN_CFLAGS@ +PTHREADLIB = @PTHREADLIB@ +PYTHON = @PYTHON@ +PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ +PY_TEST = @PY_TEST@ +RANLIB = @RANLIB@ +RTLIB = @RTLIB@ +RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ +SED = @SED@ +SET_MAKE = @SET_MAKE@ +SHELL = @SHELL@ +SOCKLIB = @SOCKLIB@ +STRIP = @STRIP@ +UNWINDLIB = @UNWINDLIB@ +VERSION = @VERSION@ +YACC = @YACC@ +YFLAGS = @YFLAGS@ +abs_builddir = @abs_builddir@ +abs_srcdir = @abs_srcdir@ +abs_top_builddir = @abs_top_builddir@ +abs_top_srcdir = @abs_top_srcdir@ +ac_ct_AR = @ac_ct_AR@ +ac_ct_CC = @ac_ct_CC@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +aikgen_plugins = @aikgen_plugins@ +am__include = @am__include@ +am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ +am__tar = @am__tar@ +am__untar = @am__untar@ +attest_plugins = @attest_plugins@ +bindir = @bindir@ +build = @build@ +build_alias = @build_alias@ +build_cpu = @build_cpu@ +build_os = @build_os@ +build_vendor = @build_vendor@ +builddir = @builddir@ +c_plugins = @c_plugins@ +charon_natt_port = @charon_natt_port@ +charon_plugins = @charon_plugins@ +charon_udp_port = @charon_udp_port@ +clearsilver_LIBS = @clearsilver_LIBS@ +cmd_plugins = @cmd_plugins@ +datadir = @datadir@ +datarootdir = @datarootdir@ +dev_headers = @dev_headers@ +docdir = @docdir@ +dvidir = @dvidir@ +exec_prefix = @exec_prefix@ +fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ +gtk_CFLAGS = @gtk_CFLAGS@ +gtk_LIBS = @gtk_LIBS@ +host = @host@ +host_alias = @host_alias@ +host_cpu = @host_cpu@ +host_os = @host_os@ +host_vendor = @host_vendor@ +htmldir = @htmldir@ +imcvdir = @imcvdir@ +includedir = @includedir@ +infodir = @infodir@ +install_sh = @install_sh@ +ipsec_script = @ipsec_script@ +ipsec_script_upper = @ipsec_script_upper@ +ipsecdir = @ipsecdir@ +ipsecgroup = @ipsecgroup@ +ipseclibdir = @ipseclibdir@ +ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ +libdir = @libdir@ +libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ +libiptc_CFLAGS = @libiptc_CFLAGS@ +libiptc_LIBS = @libiptc_LIBS@ +linux_headers = @linux_headers@ +localedir = @localedir@ +localstatedir = @localstatedir@ +manager_plugins = @manager_plugins@ +mandir = @mandir@ +medsrv_plugins = @medsrv_plugins@ +mkdir_p = @mkdir_p@ +nm_CFLAGS = @nm_CFLAGS@ +nm_LIBS = @nm_LIBS@ +nm_ca_dir = @nm_ca_dir@ +nm_plugins = @nm_plugins@ +oldincludedir = @oldincludedir@ +p_plugins = @p_plugins@ +pcsclite_CFLAGS = @pcsclite_CFLAGS@ +pcsclite_LIBS = @pcsclite_LIBS@ +pdfdir = @pdfdir@ +piddir = @piddir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ +pki_plugins = @pki_plugins@ +plugindir = @plugindir@ +pool_plugins = @pool_plugins@ +prefix = @prefix@ +program_transform_name = @program_transform_name@ +psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ +random_device = @random_device@ +resolv_conf = @resolv_conf@ +routing_table = @routing_table@ +routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ +runstatedir = @runstatedir@ +s_plugins = @s_plugins@ +sbindir = @sbindir@ +scepclient_plugins = @scepclient_plugins@ +scripts_plugins = @scripts_plugins@ +sharedstatedir = @sharedstatedir@ +soup_CFLAGS = @soup_CFLAGS@ +soup_LIBS = @soup_LIBS@ +srcdir = @srcdir@ +starter_plugins = @starter_plugins@ +strongswan_conf = @strongswan_conf@ +strongswan_options = @strongswan_options@ +swanctldir = @swanctldir@ +sysconfdir = @sysconfdir@ +systemd_CFLAGS = @systemd_CFLAGS@ +systemd_LIBS = @systemd_LIBS@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ +systemdsystemunitdir = @systemdsystemunitdir@ +t_plugins = @t_plugins@ +target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ +top_builddir = @top_builddir@ +top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ +urandom_device = @urandom_device@ +xml_CFLAGS = @xml_CFLAGS@ +xml_LIBS = @xml_LIBS@ +regid = strongswan.org +unique_sw_id = strongSwan-$(PACKAGE_VERSION_MAJOR)-$(PACKAGE_VERSION_MINOR)-$(PACKAGE_VERSION_BUILD)$(PACKAGE_VERSION_REVIEW) +swid_tag = $(regid)__$(unique_sw_id).swidtag +swiddir = $(pkgdatadir)/swidtag +dist_swid_DATA = $(swid_tag) +EXTRA_DIST = $(regid)__strongSwan.swidtag.in +CLEANFILES = $(regid)__strongSwan*.swidtag +AM_CPPFLAGS = \ + -I$(top_srcdir)/src/libstrongswan \ + -I$(top_srcdir)/src/libtncif \ + -I$(top_srcdir)/src/libimcv + +AM_CFLAGS = \ + $(PLUGIN_CFLAGS) $(json_CFLAGS) + +imcv_LTLIBRARIES = imc-swima.la +imc_swima_la_LIBADD = \ + $(top_builddir)/src/libimcv/libimcv.la \ + $(top_builddir)/src/libstrongswan/libstrongswan.la + +imc_swima_la_SOURCES = imc_swima.c imc_swima_state.h imc_swima_state.c +imc_swima_la_LDFLAGS = -module -avoid-version -no-undefined +all: all-am + +.SUFFIXES: +.SUFFIXES: .c .lo .o .obj +$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ + *$$dep*) \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ + exit 1;; \ + esac; \ + done; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libimcv/plugins/imc_swima/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu src/libimcv/plugins/imc_swima/Makefile +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + @case '$?' in \ + *config.status*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ + *) \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ + esac; + +$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + +$(top_srcdir)/configure: $(am__configure_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(ACLOCAL_M4): $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): + +install-imcvLTLIBRARIES: $(imcv_LTLIBRARIES) + @$(NORMAL_INSTALL) + @list='$(imcv_LTLIBRARIES)'; test -n "$(imcvdir)" || list=; \ + list2=; for p in $$list; do \ + if test -f $$p; then \ + list2="$$list2 $$p"; \ + else :; fi; \ + done; \ + test -z "$$list2" || { \ + echo " $(MKDIR_P) '$(DESTDIR)$(imcvdir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(imcvdir)" || exit 1; \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(imcvdir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(imcvdir)"; \ + } + +uninstall-imcvLTLIBRARIES: + @$(NORMAL_UNINSTALL) + @list='$(imcv_LTLIBRARIES)'; test -n "$(imcvdir)" || list=; \ + for p in $$list; do \ + $(am__strip_dir) \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(imcvdir)/$$f'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(imcvdir)/$$f"; \ + done + +clean-imcvLTLIBRARIES: + -test -z "$(imcv_LTLIBRARIES)" || rm -f $(imcv_LTLIBRARIES) + @list='$(imcv_LTLIBRARIES)'; \ + locs=`for p in $$list; do echo $$p; done | \ + sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \ + sort -u`; \ + test -z "$$locs" || { \ + echo rm -f $${locs}; \ + rm -f $${locs}; \ + } + +imc-swima.la: $(imc_swima_la_OBJECTS) $(imc_swima_la_DEPENDENCIES) $(EXTRA_imc_swima_la_DEPENDENCIES) + $(AM_V_CCLD)$(imc_swima_la_LINK) -rpath $(imcvdir) $(imc_swima_la_OBJECTS) $(imc_swima_la_LIBADD) $(LIBS) + +mostlyclean-compile: + -rm -f *.$(OBJEXT) + +distclean-compile: + -rm -f *.tab.c + +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/imc_swima.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/imc_swima_state.Plo@am__quote@ + +.c.o: +@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.o$$||'`;\ +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\ +@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $< + +.c.obj: +@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.obj$$||'`;\ +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ `$(CYGPATH_W) '$<'` &&\ +@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'` + +.c.lo: +@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.lo$$||'`;\ +@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\ +@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $< + +mostlyclean-libtool: + -rm -f *.lo + +clean-libtool: + -rm -rf .libs _libs +install-dist_swidDATA: $(dist_swid_DATA) + @$(NORMAL_INSTALL) + @list='$(dist_swid_DATA)'; test -n "$(swiddir)" || list=; \ + if test -n "$$list"; then \ + echo " $(MKDIR_P) '$(DESTDIR)$(swiddir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(swiddir)" || exit 1; \ + fi; \ + for p in $$list; do \ + if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; \ + done | $(am__base_list) | \ + while read files; do \ + echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(swiddir)'"; \ + $(INSTALL_DATA) $$files "$(DESTDIR)$(swiddir)" || exit $$?; \ + done + +uninstall-dist_swidDATA: + @$(NORMAL_UNINSTALL) + @list='$(dist_swid_DATA)'; test -n "$(swiddir)" || list=; \ + files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ + dir='$(DESTDIR)$(swiddir)'; $(am__uninstall_files_from_dir) + +ID: $(am__tagged_files) + $(am__define_uniq_tagged_files); mkid -fID $$unique +tags: tags-am +TAGS: tags + +tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) + set x; \ + here=`pwd`; \ + $(am__define_uniq_tagged_files); \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ + test -n "$$unique" || unique=$$empty_fix; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ + fi +ctags: ctags-am + +CTAGS: ctags +ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) + $(am__define_uniq_tagged_files); \ + test -z "$(CTAGS_ARGS)$$unique" \ + || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ + $$unique + +GTAGS: + here=`$(am__cd) $(top_builddir) && pwd` \ + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" +cscopelist: cscopelist-am + +cscopelist-am: $(am__tagged_files) + list='$(am__tagged_files)'; \ + case "$(srcdir)" in \ + [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \ + *) sdir=$(subdir)/$(srcdir) ;; \ + esac; \ + for i in $$list; do \ + if test -f "$$i"; then \ + echo "$(subdir)/$$i"; \ + else \ + echo "$$sdir/$$i"; \ + fi; \ + done >> $(top_builddir)/cscope.files + +distclean-tags: + -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags + +distdir: $(DISTFILES) + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ + dist_files=`for file in $$list; do echo $$file; done | \ + sed -e "s|^$$srcdirstrip/||;t" \ + -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ + case $$dist_files in \ + */*) $(MKDIR_P) `echo "$$dist_files" | \ + sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ + sort -u` ;; \ + esac; \ + for file in $$dist_files; do \ + if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + if test -d $$d/$$file; then \ + dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ + else \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ + || exit 1; \ + fi; \ + done +check-am: all-am +check: check-am +all-am: Makefile $(LTLIBRARIES) $(DATA) +installdirs: + for dir in "$(DESTDIR)$(imcvdir)" "$(DESTDIR)$(swiddir)"; do \ + test -z "$$dir" || $(MKDIR_P) "$$dir"; \ + done +install: install-am +install-exec: install-exec-am +install-data: install-data-am +uninstall: uninstall-am + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am + +installcheck: installcheck-am +install-strip: + if test -z '$(STRIP)'; then \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + install; \ + else \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ + fi +mostlyclean-generic: + +clean-generic: + -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) + +distclean-generic: + -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + +maintainer-clean-generic: + @echo "This command is intended for maintainers to use" + @echo "it deletes files that may require special tools to rebuild." +clean: clean-am + +clean-am: clean-generic clean-imcvLTLIBRARIES clean-libtool \ + mostlyclean-am + +distclean: distclean-am + -rm -rf ./$(DEPDIR) + -rm -f Makefile +distclean-am: clean-am distclean-compile distclean-generic \ + distclean-tags + +dvi: dvi-am + +dvi-am: + +html: html-am + +html-am: + +info: info-am + +info-am: + +install-data-am: install-dist_swidDATA install-imcvLTLIBRARIES + +install-dvi: install-dvi-am + +install-dvi-am: + +install-exec-am: + +install-html: install-html-am + +install-html-am: + +install-info: install-info-am + +install-info-am: + +install-man: + +install-pdf: install-pdf-am + +install-pdf-am: + +install-ps: install-ps-am + +install-ps-am: + +installcheck-am: + +maintainer-clean: maintainer-clean-am + -rm -rf ./$(DEPDIR) + -rm -f Makefile +maintainer-clean-am: distclean-am maintainer-clean-generic + +mostlyclean: mostlyclean-am + +mostlyclean-am: mostlyclean-compile mostlyclean-generic \ + mostlyclean-libtool + +pdf: pdf-am + +pdf-am: + +ps: ps-am + +ps-am: + +uninstall-am: uninstall-dist_swidDATA uninstall-imcvLTLIBRARIES + +.MAKE: install-am install-strip + +.PHONY: CTAGS GTAGS TAGS all all-am check check-am clean clean-generic \ + clean-imcvLTLIBRARIES clean-libtool cscopelist-am ctags \ + ctags-am distclean distclean-compile distclean-generic \ + distclean-libtool distclean-tags distdir dvi dvi-am html \ + html-am info info-am install install-am install-data \ + install-data-am install-dist_swidDATA install-dvi \ + install-dvi-am install-exec install-exec-am install-html \ + install-html-am install-imcvLTLIBRARIES install-info \ + install-info-am install-man install-pdf install-pdf-am \ + install-ps install-ps-am install-strip installcheck \ + installcheck-am installdirs maintainer-clean \ + maintainer-clean-generic mostlyclean mostlyclean-compile \ + mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ + tags tags-am uninstall uninstall-am uninstall-dist_swidDATA \ + uninstall-imcvLTLIBRARIES + +.PRECIOUS: Makefile + + +$(swid_tag) : $(regid)__strongSwan.swidtag.in + $(AM_V_GEN) \ + sed \ + -e "s:@VERSION_MAJOR@:$(PACKAGE_VERSION_MAJOR):" \ + -e "s:@VERSION_MINOR@:$(PACKAGE_VERSION_MINOR):" \ + -e "s:@VERSION_BUILD@:$(PACKAGE_VERSION_BUILD):" \ + -e "s:@VERSION_REVIEW@:$(PACKAGE_VERSION_REVIEW):" \ + $(srcdir)/$(regid)__strongSwan.swidtag.in > $@ + +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff --git a/src/libimcv/plugins/imc_swima/imc_swima.c b/src/libimcv/plugins/imc_swima/imc_swima.c new file mode 100644 index 000000000..e120cf7fc --- /dev/null +++ b/src/libimcv/plugins/imc_swima/imc_swima.c @@ -0,0 +1,407 @@ +/* + * Copyright (C) 2017 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "imc_swima_state.h" + +#include +#include +#include "ietf/swima/ietf_swima_attr_req.h" +#include "ietf/swima/ietf_swima_attr_sw_inv.h" +#include "ietf/swima/ietf_swima_attr_sw_ev.h" +#include "swima/swima_inventory.h" +#include "swima/swima_collector.h" +#include "swima/swima_error.h" +#include "tcg/seg/tcg_seg_attr_max_size.h" +#include "tcg/seg/tcg_seg_attr_seg_env.h" + +#include +#include +#include + +/* IMC definitions */ + +static const char imc_name[] = "SWIMA"; + +static pen_type_t msg_types[] = { + { PEN_IETF, PA_SUBTYPE_IETF_SW } +}; + +static imc_agent_t *imc_swima; + +/** + * see section 3.8.1 of TCG TNC IF-IMC Specification 1.3 + */ +TNC_Result TNC_IMC_Initialize(TNC_IMCID imc_id, + TNC_Version min_version, + TNC_Version max_version, + TNC_Version *actual_version) +{ + if (imc_swima) + { + DBG1(DBG_IMC, "IMC \"%s\" has already been initialized", imc_name); + return TNC_RESULT_ALREADY_INITIALIZED; + } + imc_swima = imc_agent_create(imc_name, msg_types, countof(msg_types), + imc_id, actual_version); + if (!imc_swima) + { + return TNC_RESULT_FATAL; + } + if (min_version > TNC_IFIMC_VERSION_1 || max_version < TNC_IFIMC_VERSION_1) + { + DBG1(DBG_IMC, "no common IF-IMC version"); + return TNC_RESULT_NO_COMMON_VERSION; + } + return TNC_RESULT_SUCCESS; +} + +/** + * see section 3.8.2 of TCG TNC IF-IMC Specification 1.3 + */ +TNC_Result TNC_IMC_NotifyConnectionChange(TNC_IMCID imc_id, + TNC_ConnectionID connection_id, + TNC_ConnectionState new_state) +{ + imc_state_t *state; + + if (!imc_swima) + { + DBG1(DBG_IMC, "IMC \"%s\" has not been initialized", imc_name); + return TNC_RESULT_NOT_INITIALIZED; + } + switch (new_state) + { + case TNC_CONNECTION_STATE_CREATE: + state = imc_swima_state_create(connection_id); + return imc_swima->create_state(imc_swima, state); + case TNC_CONNECTION_STATE_HANDSHAKE: + if (imc_swima->change_state(imc_swima, connection_id, new_state, + &state) != TNC_RESULT_SUCCESS) + { + return TNC_RESULT_FATAL; + } + state->set_result(state, imc_id, + TNC_IMV_EVALUATION_RESULT_DONT_KNOW); + return TNC_RESULT_SUCCESS; + case TNC_CONNECTION_STATE_DELETE: + return imc_swima->delete_state(imc_swima, connection_id); + default: + return imc_swima->change_state(imc_swima, connection_id, + new_state, NULL); + } +} + +/** + * see section 3.8.3 of TCG TNC IF-IMC Specification 1.3 + */ +TNC_Result TNC_IMC_BeginHandshake(TNC_IMCID imc_id, + TNC_ConnectionID connection_id) +{ + imc_state_t *state; + imc_msg_t *out_msg; + pa_tnc_attr_t *attr; + seg_contract_t *contract; + seg_contract_manager_t *contracts; + size_t max_attr_size = SWIMA_MAX_ATTR_SIZE; + size_t max_seg_size; + char buf[BUF_LEN]; + TNC_Result result = TNC_RESULT_SUCCESS; + + if (!imc_swima) + { + DBG1(DBG_IMC, "IMC \"%s\" has not been initialized", imc_name); + return TNC_RESULT_NOT_INITIALIZED; + } + if (!imc_swima->get_state(imc_swima, connection_id, &state)) + { + return TNC_RESULT_FATAL; + } + + /* Determine maximum PA-TNC attribute segment size */ + max_seg_size = state->get_max_msg_len(state) - PA_TNC_HEADER_SIZE + - PA_TNC_ATTR_HEADER_SIZE + - TCG_SEG_ATTR_SEG_ENV_HEADER; + + /* Announce support of PA-TNC segmentation to IMV */ + contract = seg_contract_create(msg_types[0], max_attr_size, max_seg_size, + TRUE, imc_id, TRUE); + contract->get_info_string(contract, buf, BUF_LEN, TRUE); + DBG2(DBG_IMC, "%s", buf); + contracts = state->get_contracts(state); + contracts->add_contract(contracts, contract); + attr = tcg_seg_attr_max_size_create(max_attr_size, max_seg_size, TRUE); + + /* send PA-TNC message with the excl flag not set */ + out_msg = imc_msg_create(imc_swima, state, connection_id, imc_id, + TNC_IMVID_ANY, msg_types[0]); + out_msg->add_attribute(out_msg, attr); + result = out_msg->send(out_msg, FALSE); + out_msg->destroy(out_msg); + + return result; +} + +/** + * Add SWID Inventory or Event attribute to the send queue + */ +static void fulfill_request(imc_state_t *state, imc_msg_t *msg, + uint32_t request_id, bool sw_id_only, + swima_inventory_t *targets) +{ + pa_tnc_attr_t *attr; + swima_collector_t *collector; + size_t msg_len = 64; + char error_msg[msg_len], *id_str; + bool collect_inventory = TRUE; + int items; + + collector = swima_collector_create(); + id_str = sw_id_only ? " ID" : ""; + + if (targets->get_eid(targets, NULL) > 0) + { + swima_events_t *sw_ev; + ietf_swima_attr_sw_ev_t *sw_ev_attr; + + sw_ev = collector->collect_events(collector, sw_id_only, targets); + if (!sw_ev) + { + snprintf(error_msg, msg_len, "failed to collect SW%s events, " + "fallback to SW%s inventory", id_str, id_str); + attr = swima_error_create(PA_ERROR_SW, request_id, 0, error_msg); + msg->add_attribute(msg, attr); + } + else { + items = sw_ev->get_count(sw_ev); + DBG1(DBG_IMC, "collected %d SW%s event%s", items, id_str, + items == 1 ? "" : "s"); + + /* Send an IETF SW [Identity] Events attribute */ + attr = ietf_swima_attr_sw_ev_create(IETF_SWIMA_ATTR_SW_INV_FLAG_NONE, + request_id, sw_id_only); + sw_ev_attr = (ietf_swima_attr_sw_ev_t*)attr; + sw_ev_attr->set_events(sw_ev_attr, sw_ev); + collect_inventory = FALSE; + } + } + + if (collect_inventory) + { + swima_inventory_t *sw_inv; + ietf_swima_attr_sw_inv_t *sw_inv_attr; + + sw_inv = collector->collect_inventory(collector, sw_id_only, targets); + if (!sw_inv) + { + snprintf(error_msg, msg_len, "failed to collect SW%s inventory", + id_str); + attr = swima_error_create(PA_ERROR_SW, request_id, 0, error_msg); + } + else + { + items = sw_inv->get_count(sw_inv); + DBG1(DBG_IMC, "collected %d SW%s record%s", items, id_str, + items == 1 ? "" : "s"); + + /* Send an IETF SW [Identity] Inventory attribute */ + attr = ietf_swima_attr_sw_inv_create(IETF_SWIMA_ATTR_SW_INV_FLAG_NONE, + request_id, sw_id_only); + sw_inv_attr = (ietf_swima_attr_sw_inv_t*)attr; + sw_inv_attr->set_inventory(sw_inv_attr, sw_inv); + } + } + msg->add_attribute(msg, attr); + collector->destroy(collector); +} + +static TNC_Result receive_message(imc_state_t *state, imc_msg_t *in_msg) +{ + imc_msg_t *out_msg; + pa_tnc_attr_t *attr; + enumerator_t *enumerator; + pen_type_t type; + TNC_Result result; + bool fatal_error = FALSE; + + /* generate an outgoing PA-TNC message - we might need it */ + out_msg = imc_msg_create_as_reply(in_msg); + + /* parse received PA-TNC message and handle local and remote errors */ + result = in_msg->receive(in_msg, out_msg, &fatal_error); + if (result != TNC_RESULT_SUCCESS) + { + out_msg->destroy(out_msg); + return result; + } + + /* analyze PA-TNC attributes */ + enumerator = in_msg->create_attribute_enumerator(in_msg); + while (enumerator->enumerate(enumerator, &attr)) + { + ietf_swima_attr_req_t *attr_req; + uint8_t flags; + uint32_t request_id; + bool sw_id_only; + swima_inventory_t *targets; + + type = attr->get_type(attr); + + if (type.vendor_id != PEN_IETF || type.type != IETF_ATTR_SW_REQUEST) + { + continue; + } + + attr_req = (ietf_swima_attr_req_t*)attr; + flags = attr_req->get_flags(attr_req); + request_id = attr_req->get_request_id(attr_req); + targets = attr_req->get_targets(attr_req); + + if (flags & (IETF_SWIMA_ATTR_REQ_FLAG_S | IETF_SWIMA_ATTR_REQ_FLAG_C)) + { + attr = swima_error_create(PA_ERROR_SW_SUBSCRIPTION_DENIED, + request_id, 0, "no subscription available yet"); + out_msg->add_attribute(out_msg, attr); + break; + } + sw_id_only = (flags & IETF_SWIMA_ATTR_REQ_FLAG_R); + + fulfill_request(state, out_msg, request_id, sw_id_only, targets); + break; + } + enumerator->destroy(enumerator); + + if (fatal_error) + { + result = TNC_RESULT_FATAL; + } + else + { + /* send PA-TNC message with the EXCL flag set */ + result = out_msg->send(out_msg, TRUE); + } + out_msg->destroy(out_msg); + + return result; +} + +/** + * see section 3.8.4 of TCG TNC IF-IMC Specification 1.3 + + */ +TNC_Result TNC_IMC_ReceiveMessage(TNC_IMCID imc_id, + TNC_ConnectionID connection_id, + TNC_BufferReference msg, + TNC_UInt32 msg_len, + TNC_MessageType msg_type) +{ + imc_state_t *state; + imc_msg_t *in_msg; + TNC_Result result; + + if (!imc_swima) + { + DBG1(DBG_IMC, "IMC \"%s\" has not been initialized", imc_name); + return TNC_RESULT_NOT_INITIALIZED; + } + if (!imc_swima->get_state(imc_swima, connection_id, &state)) + { + return TNC_RESULT_FATAL; + } + in_msg = imc_msg_create_from_data(imc_swima, state, connection_id, msg_type, + chunk_create(msg, msg_len)); + result = receive_message(state, in_msg); + in_msg->destroy(in_msg); + + return result; +} + +/** + * see section 3.8.6 of TCG TNC IF-IMV Specification 1.3 + */ +TNC_Result TNC_IMC_ReceiveMessageLong(TNC_IMCID imc_id, + TNC_ConnectionID connection_id, + TNC_UInt32 msg_flags, + TNC_BufferReference msg, + TNC_UInt32 msg_len, + TNC_VendorID msg_vid, + TNC_MessageSubtype msg_subtype, + TNC_UInt32 src_imv_id, + TNC_UInt32 dst_imc_id) +{ + imc_state_t *state; + imc_msg_t *in_msg; + TNC_Result result; + + if (!imc_swima) + { + DBG1(DBG_IMC, "IMC \"%s\" has not been initialized", imc_name); + return TNC_RESULT_NOT_INITIALIZED; + } + if (!imc_swima->get_state(imc_swima, connection_id, &state)) + { + return TNC_RESULT_FATAL; + } + in_msg = imc_msg_create_from_long_data(imc_swima, state, connection_id, + src_imv_id, dst_imc_id,msg_vid, msg_subtype, + chunk_create(msg, msg_len)); + result =receive_message(state, in_msg); + in_msg->destroy(in_msg); + + return result; +} + +/** + * see section 3.8.7 of TCG TNC IF-IMC Specification 1.3 + */ +TNC_Result TNC_IMC_BatchEnding(TNC_IMCID imc_id, + TNC_ConnectionID connection_id) +{ + if (!imc_swima) + { + DBG1(DBG_IMC, "IMC \"%s\" has not been initialized", imc_name); + return TNC_RESULT_NOT_INITIALIZED; + } + return TNC_RESULT_SUCCESS; +} + +/** + * see section 3.8.8 of TCG TNC IF-IMC Specification 1.3 + */ +TNC_Result TNC_IMC_Terminate(TNC_IMCID imc_id) +{ + if (!imc_swima) + { + DBG1(DBG_IMC, "IMC \"%s\" has not been initialized", imc_name); + return TNC_RESULT_NOT_INITIALIZED; + } + imc_swima->destroy(imc_swima); + imc_swima = NULL; + + return TNC_RESULT_SUCCESS; +} + +/** + * see section 4.2.8.1 of TCG TNC IF-IMC Specification 1.3 + */ +TNC_Result TNC_IMC_ProvideBindFunction(TNC_IMCID imc_id, + TNC_TNCC_BindFunctionPointer bind_function) +{ + if (!imc_swima) + { + DBG1(DBG_IMC, "IMC \"%s\" has not been initialized", imc_name); + return TNC_RESULT_NOT_INITIALIZED; + } + return imc_swima->bind_functions(imc_swima, bind_function); +} diff --git a/src/libimcv/plugins/imc_swima/imc_swima_state.c b/src/libimcv/plugins/imc_swima/imc_swima_state.c new file mode 100644 index 000000000..70b2434a4 --- /dev/null +++ b/src/libimcv/plugins/imc_swima/imc_swima_state.c @@ -0,0 +1,176 @@ +/* + * Copyright (C) 2017 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "imc_swima_state.h" + +#include + +#include + +typedef struct private_imc_swima_state_t private_imc_swima_state_t; + +/** + * Private data of an imc_swima_state_t object. + */ +struct private_imc_swima_state_t { + + /** + * Public members of imc_swima_state_t + */ + imc_swima_state_t public; + + /** + * TNCCS connection ID + */ + TNC_ConnectionID connection_id; + + /** + * TNCCS connection state + */ + TNC_ConnectionState state; + + /** + * Assessment/Evaluation Result + */ + TNC_IMV_Evaluation_Result result; + + /** + * Does the TNCCS connection support long message types? + */ + bool has_long; + + /** + * Does the TNCCS connection support exclusive delivery? + */ + bool has_excl; + + /** + * Maximum PA-TNC message size for this TNCCS connection + */ + uint32_t max_msg_len; + + /** + * PA-TNC attribute segmentation contracts associated with TNCCS connection + */ + seg_contract_manager_t *contracts; +}; + +METHOD(imc_state_t, get_connection_id, TNC_ConnectionID, + private_imc_swima_state_t *this) +{ + return this->connection_id; +} + +METHOD(imc_state_t, has_long, bool, + private_imc_swima_state_t *this) +{ + return this->has_long; +} + +METHOD(imc_state_t, has_excl, bool, + private_imc_swima_state_t *this) +{ + return this->has_excl; +} + +METHOD(imc_state_t, set_flags, void, + private_imc_swima_state_t *this, bool has_long, bool has_excl) +{ + this->has_long = has_long; + this->has_excl = has_excl; +} + +METHOD(imc_state_t, set_max_msg_len, void, + private_imc_swima_state_t *this, uint32_t max_msg_len) +{ + this->max_msg_len = max_msg_len; +} + +METHOD(imc_state_t, get_max_msg_len, uint32_t, + private_imc_swima_state_t *this) +{ + return this->max_msg_len; +} + +METHOD(imc_state_t, get_contracts, seg_contract_manager_t*, + private_imc_swima_state_t *this) +{ + return this->contracts; +} + +METHOD(imc_state_t, change_state, void, + private_imc_swima_state_t *this, TNC_ConnectionState new_state) +{ + this->state = new_state; +} + +METHOD(imc_state_t, set_result, void, + private_imc_swima_state_t *this, TNC_IMCID id, + TNC_IMV_Evaluation_Result result) +{ + this->result = result; +} + +METHOD(imc_state_t, get_result, bool, + private_imc_swima_state_t *this, TNC_IMCID id, + TNC_IMV_Evaluation_Result *result) +{ + if (result) + { + *result = this->result; + } + return this->result != TNC_IMV_EVALUATION_RESULT_DONT_KNOW; +} + +METHOD(imc_state_t, destroy, void, + private_imc_swima_state_t *this) +{ + this->contracts->destroy(this->contracts); + free(this); +} + +/** + * Described in header. + */ +imc_state_t *imc_swima_state_create(TNC_ConnectionID connection_id) +{ + private_imc_swima_state_t *this; + + INIT(this, + .public = { + .interface = { + .get_connection_id = _get_connection_id, + .has_long = _has_long, + .has_excl = _has_excl, + .set_flags = _set_flags, + .set_max_msg_len = _set_max_msg_len, + .get_max_msg_len = _get_max_msg_len, + .get_contracts = _get_contracts, + .change_state = _change_state, + .set_result = _set_result, + .get_result = _get_result, + .destroy = _destroy, + }, + }, + .state = TNC_CONNECTION_STATE_CREATE, + .result = TNC_IMV_EVALUATION_RESULT_DONT_KNOW, + .connection_id = connection_id, + .contracts = seg_contract_manager_create(), + ); + + return &this->public.interface; +} + + diff --git a/src/libimcv/plugins/imc_swima/imc_swima_state.h b/src/libimcv/plugins/imc_swima/imc_swima_state.h new file mode 100644 index 000000000..4e4e3b1bf --- /dev/null +++ b/src/libimcv/plugins/imc_swima/imc_swima_state.h @@ -0,0 +1,51 @@ +/* + * Copyright (C) 2017 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup imc_swima imc_swima + * @ingroup libimcv_plugins + * + * @defgroup imc_swima_state_t imc_swima_state + * @{ @ingroup imc_swima + */ + +#ifndef IMC_SWIMA_STATE_H_ +#define IMC_SWIMA_STATE_H_ + +#include +#include + +typedef struct imc_swima_state_t imc_swima_state_t; + +/** + * Internal state of an imc_swima_t connection instance + */ +struct imc_swima_state_t { + + /** + * imc_state_t interface + */ + imc_state_t interface; + +}; + +/** + * Create an imc_swima_state_t instance + * + * @param id connection ID + */ +imc_state_t* imc_swima_state_create(TNC_ConnectionID id); + +#endif /** IMC_SWIMA_STATE_H_ @}*/ diff --git a/src/libimcv/plugins/imc_swima/strongswan.org__strongSwan-5-6-0.swidtag b/src/libimcv/plugins/imc_swima/strongswan.org__strongSwan-5-6-0.swidtag new file mode 100644 index 000000000..644c0989c --- /dev/null +++ b/src/libimcv/plugins/imc_swima/strongswan.org__strongSwan-5-6-0.swidtag @@ -0,0 +1,11 @@ + + + + diff --git a/src/libimcv/plugins/imc_swima/strongswan.org__strongSwan.swidtag.in b/src/libimcv/plugins/imc_swima/strongswan.org__strongSwan.swidtag.in new file mode 100644 index 000000000..0e5aa8d4d --- /dev/null +++ b/src/libimcv/plugins/imc_swima/strongswan.org__strongSwan.swidtag.in @@ -0,0 +1,11 @@ + + + + diff --git a/src/libimcv/plugins/imc_test/Makefile.in b/src/libimcv/plugins/imc_test/Makefile.in index 93c074853..a002f0baf 100644 --- a/src/libimcv/plugins/imc_test/Makefile.in +++ b/src/libimcv/plugins/imc_test/Makefile.in @@ -308,8 +308,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -410,6 +408,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -438,6 +438,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libimcv/plugins/imv_attestation/Makefile.in b/src/libimcv/plugins/imv_attestation/Makefile.in index 02bd5f510..3872b9a57 100644 --- a/src/libimcv/plugins/imv_attestation/Makefile.in +++ b/src/libimcv/plugins/imv_attestation/Makefile.in @@ -322,8 +322,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -424,6 +422,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -452,6 +452,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libimcv/plugins/imv_attestation/attest_db.c b/src/libimcv/plugins/imv_attestation/attest_db.c index 034418428..fb894f393 100644 --- a/src/libimcv/plugins/imv_attestation/attest_db.c +++ b/src/libimcv/plugins/imv_attestation/attest_db.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2011-2014 Andreas Steffen + * Copyright (C) 2011-2017 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -133,6 +133,11 @@ struct private_attest_db_t { */ char *version; + /** + * Primary key of software package version to be queried + */ + int vid; + /** * TRUE if version has been set */ @@ -975,7 +980,7 @@ METHOD(attest_db_t, list_files, void, { while (e->enumerate(e, &fid, &file)) { - printf("%4d: %s\n", fid, file); + printf("%6d: %s\n", fid, file); count++; } e->destroy(e); @@ -996,10 +1001,10 @@ METHOD(attest_db_t, list_files, void, { if (did != last_did) { - printf("%4d: %s\n", did, dir); + printf("%6d: %s\n", did, dir); last_did = did; } - printf("%4d: %s\n", fid, file); + printf("%6d: %s\n", fid, file); count++; } e->destroy(e); @@ -1182,24 +1187,24 @@ METHOD(attest_db_t, list_hashes, void, private_attest_db_t *this) { enumerator_t *e; - chunk_t hash; - char *file, *dir, *product; + char *file, *dir, *product, *hash; int id, fid, fid_old = 0, did, did_old = 0, pid, pid_old = 0, count = 0; if (this->pid && this->fid && this->did) { - printf("%4d: %s\n", this->did, this->dir); - printf("%4d: %s\n", this->fid, this->file); + printf("%6d: %s\n", this->did, this->dir); + printf("%6d: %s\n", this->fid, this->file); e = this->db->query(this->db, - "SELECT id, hash FROM file_hashes " - "WHERE algo = ? AND file = ? AND product = ?", + "SELECT h.id, h.hash FROM file_hashes AS h " + "JOIN versions AS v ON h.version = v.id " + "WHERE h.algo = ? AND h.file = ? AND v.product = ?", DB_INT, this->algo, DB_INT, this->fid, DB_INT, this->pid, - DB_INT, DB_BLOB); + DB_INT, DB_TEXT); if (e) { while (e->enumerate(e, &id, &hash)) { - printf("%4d: %#B\n", id, &hash); + printf("%6d: %s\n", id, hash); count++; } e->destroy(e); @@ -1216,25 +1221,26 @@ METHOD(attest_db_t, list_hashes, void, "FROM file_hashes AS h " "JOIN files AS f ON h.file = f.id " "JOIN directories AS d ON f.dir = d.id " - "WHERE h.algo = ? AND h.product = ? AND f.name = ? " + "JOIN versions AS v ON h.version = v.id " + "WHERE h.algo = ? AND v.product = ? AND f.name = ? " "ORDER BY d.path, f.name, h.hash", DB_INT, this->algo, DB_INT, this->pid, DB_TEXT, this->file, - DB_INT, DB_BLOB, DB_INT, DB_INT, DB_TEXT); + DB_INT, DB_TEXT, DB_INT, DB_INT, DB_TEXT); if (e) { while (e->enumerate(e, &id, &hash, &fid, &did, &dir)) { if (did != did_old) { - printf("%4d: %s\n", did, dir); + printf("%6d: %s\n", did, dir); did_old = did; } if (fid != fid_old) { - printf("%4d: %s\n", fid, this->file); + printf("%6d: %s\n", fid, this->file); fid_old = fid; } - printf("%4d: %#B\n", id, &hash); + printf("%6d: %s\n", id, hash); count++; } e->destroy(e); @@ -1246,25 +1252,26 @@ METHOD(attest_db_t, list_hashes, void, } else if (this->pid && this->did) { - printf("%4d: %s\n", this->did, this->dir); + printf("%6d: %s\n", this->did, this->dir); e = this->db->query(this->db, "SELECT h.id, h.hash, f.id, f.name " "FROM file_hashes AS h " "JOIN files AS f ON h.file = f.id " - "WHERE h.algo = ? AND h.product = ? AND f.dir = ? " + "JOIN versions AS v ON h.version = v.id " + "WHERE h.algo = ? AND v.product = ? AND f.dir = ? " "ORDER BY f.name, h.hash", DB_INT, this->algo, DB_INT, this->pid, DB_INT, this->did, - DB_INT, DB_BLOB, DB_INT, DB_TEXT); + DB_INT, DB_TEXT, DB_INT, DB_TEXT); if (e) { while (e->enumerate(e, &id, &hash, &fid, &file)) { if (fid != fid_old) { - printf("%4d: %s\n", fid, file); + printf("%6d: %s\n", fid, file); fid_old = fid; } - printf("%4d: %#B\n", id, &hash); + printf("%6d: %s\n", id, hash); count++; } e->destroy(e); @@ -1281,25 +1288,26 @@ METHOD(attest_db_t, list_hashes, void, "FROM file_hashes AS h " "JOIN files AS f ON h.file = f.id " "JOIN directories AS d ON f.dir = d.id " - "WHERE h.algo = ? AND h.product = ? " + "JOIN versions AS v ON h.version = v.id " + "WHERE h.algo = ? AND v.product = ? " "ORDER BY d.path, f.name, h.hash", DB_INT, this->algo, DB_INT, this->pid, - DB_INT, DB_BLOB, DB_INT, DB_TEXT, DB_INT, DB_TEXT); + DB_INT, DB_TEXT, DB_INT, DB_TEXT, DB_INT, DB_TEXT); if (e) { while (e->enumerate(e, &id, &hash, &fid, &file, &did, &dir)) { if (did != did_old) { - printf("%4d: %s\n", did, dir); + printf("%6d: %s\n", did, dir); did_old = did; } if (fid != fid_old) { - printf("%4d: %s\n", fid, file); + printf("%6d: %s\n", fid, file); fid_old = fid; } - printf("%4d: %#B\n", id, &hash); + printf("%6d: %s\n", id, hash); count++; } e->destroy(e); @@ -1313,21 +1321,22 @@ METHOD(attest_db_t, list_hashes, void, { e = this->db->query(this->db, "SELECT h.id, h.hash, p.id, p.name FROM file_hashes AS h " - "JOIN products AS p ON h.product = p.id " + "JOIN versions AS v ON h.version = v.id " + "JOIN products AS p ON v.product = p.id " "WHERE h.algo = ? AND h.file = ? " "ORDER BY p.name, h.hash", DB_INT, this->algo, DB_INT, this->fid, - DB_INT, DB_BLOB, DB_INT, DB_TEXT); + DB_INT, DB_TEXT, DB_INT, DB_TEXT); if (e) { while (e->enumerate(e, &id, &hash, &pid, &product)) { if (pid != pid_old) { - printf("%4d: %s\n", pid, product); + printf("%6d: %s\n", pid, product); pid_old = pid; } - printf("%4d: %#B\n", id, &hash); + printf("%6d: %s\n", id, hash); count++; } e->destroy(e); @@ -1345,32 +1354,33 @@ METHOD(attest_db_t, list_hashes, void, "FROM file_hashes AS h " "JOIN files AS f ON h.file = f.id " "JOIN directories AS d ON f.dir = d.id " - "JOIN products AS p ON h.product = p.id " + "JOIN versions AS v ON h.version = v.id " + "JOIN products AS p ON v.product = p.id " "WHERE h.algo = ? AND f.name = ? " "ORDER BY d.path, f.name, p.name, h.hash", DB_INT, this->algo, DB_TEXT, this->file, - DB_INT, DB_BLOB, DB_INT, DB_INT, DB_TEXT, DB_INT, DB_TEXT); + DB_INT, DB_TEXT, DB_INT, DB_INT, DB_TEXT, DB_INT, DB_TEXT); if (e) { while (e->enumerate(e, &id, &hash, &fid, &did, &dir, &pid, &product)) { if (did != did_old) { - printf("%4d: %s\n", did, dir); + printf("%6d: %s\n", did, dir); did_old = did; } if (fid != fid_old) { - printf("%4d: %s\n", fid, this->file); + printf("%6d: %s\n", fid, this->file); fid_old = fid; pid_old = 0; } if (pid != pid_old) { - printf("%4d: %s\n", pid, product); + printf("%6d: %s\n", pid, product); pid_old = pid; } - printf("%4d: %#B\n", id, &hash); + printf("%6d: %s\n", id, hash); count++; } e->destroy(e); @@ -1386,27 +1396,28 @@ METHOD(attest_db_t, list_hashes, void, "SELECT h.id, h.hash, f.id, f.name, p.id, p.name " "FROM file_hashes AS h " "JOIN files AS f ON h.file = f.id " - "JOIN products AS p ON h.product = p.id " + "JOIN versions AS v ON h.version = v.id " + "JOIN products AS p ON v.product = p.id " "WHERE h.algo = ? AND f.dir = ? " "ORDER BY f.name, p.name, h.hash", DB_INT, this->algo, DB_INT, this->did, - DB_INT, DB_BLOB, DB_INT, DB_TEXT, DB_INT, DB_TEXT); + DB_INT, DB_TEXT, DB_INT, DB_TEXT, DB_INT, DB_TEXT); if (e) { while (e->enumerate(e, &id, &hash, &fid, &file, &pid, &product)) { if (fid != fid_old) { - printf("%4d: %s\n", fid, file); + printf("%6d: %s\n", fid, file); fid_old = fid; pid_old = 0; } if (pid != pid_old) { - printf("%4d: %s\n", pid, product); + printf("%6d: %s\n", pid, product); pid_old = pid; } - printf("%4d: %#B\n", id, &hash); + printf("%6d: %s\n", id, hash); count++; } e->destroy(e); @@ -1423,10 +1434,11 @@ METHOD(attest_db_t, list_hashes, void, "FROM file_hashes AS h " "JOIN files AS f ON h.file = f.id " "JOIN directories AS d ON f.dir = d.id " - "JOIN products AS p on h.product = p.id " + "JOIN versions AS v ON h.version = v.id " + "JOIN products AS p on v.product = p.id " "WHERE h.algo = ? " "ORDER BY d.path, f.name, p.name, h.hash", - DB_INT, this->algo, DB_INT, DB_BLOB, DB_INT, DB_TEXT, + DB_INT, this->algo, DB_INT, DB_TEXT, DB_INT, DB_TEXT, DB_INT, DB_TEXT, DB_INT, DB_TEXT); if (e) { @@ -1435,21 +1447,21 @@ METHOD(attest_db_t, list_hashes, void, { if (did != did_old) { - printf("%4d: %s\n", did, dir); + printf("%6d: %s\n", did, dir); did_old = did; } if (fid != fid_old) { - printf("%4d: %s\n", fid, file); + printf("%6d: %s\n", fid, file); fid_old = fid; pid_old = 0; } if (pid != pid_old) { - printf("%4d: %s\n", pid, product); + printf("%6d: %s\n", pid, product); pid_old = pid; } - printf("%4d: %#B\n", id, &hash); + printf("%6d: %s\n", id, hash); count++; } e->destroy(e); @@ -1610,28 +1622,32 @@ static bool insert_file_hash(private_attest_db_t *this, int *hashes_added, int *hashes_updated) { enumerator_t *e; - chunk_t hash; + uint8_t hex_measurement_buf[2*HASH_SIZE_SHA512 + 1]; + uint8_t *hex_hash_buf; + chunk_t hex_hash, hex_measurement; char *label; bool insert = TRUE, update = FALSE; label = "could not be created"; e = this->db->query(this->db, - "SELECT hash FROM file_hashes WHERE algo = ? " - "AND file = ? AND product = ? AND device = 0", - DB_INT, algo, DB_UINT, fid, DB_UINT, this->pid, DB_BLOB); + "SELECT hash FROM file_hashes " + "WHERE algo = ? AND file = ? AND version = ?", + DB_INT, algo, DB_UINT, fid, DB_UINT, this->vid, DB_TEXT); if (!e) { printf("file_hashes query failed\n"); return FALSE; } + hex_measurement = chunk_to_hex(measurement, hex_measurement_buf, FALSE); - while (e->enumerate(e, &hash)) + while (e->enumerate(e, &hex_hash_buf)) { update = TRUE; + hex_hash = chunk_from_str(hex_hash_buf); - if (chunk_equals(measurement, hash)) + if (chunk_equals(hex_measurement, hex_hash)) { label = "exists and equals"; insert = FALSE; @@ -1644,10 +1660,10 @@ static bool insert_file_hash(private_attest_db_t *this, { if (this->db->execute(this->db, NULL, "INSERT INTO file_hashes " - "(file, product, device, algo, hash) " - "VALUES (?, ?, 0, ?, ?)", - DB_UINT, fid, DB_UINT, this->pid, - DB_INT, algo, DB_BLOB, measurement) != 1) + "(file, version, algo, hash) " + "VALUES (?, ?, ?, ?)", + DB_UINT, fid, DB_UINT, this->vid, + DB_INT, algo, DB_TEXT, hex_measurement) != 1) { printf("file_hash insertion failed\n"); return FALSE; @@ -1667,6 +1683,75 @@ static bool insert_file_hash(private_attest_db_t *this, return TRUE; } +/** + * Add a package version + */ +static bool add_version(private_attest_db_t *this) +{ + int vid, security_old, security, blacklist_old, blacklist; + time_t t = time(NULL); + enumerator_t *e; + bool success; + + security = this->package_state == OS_PACKAGE_STATE_SECURITY; + blacklist = this->package_state == OS_PACKAGE_STATE_BLACKLIST; + + e = this->db->query(this->db, + "SELECT id, security, blacklist FROM versions " + "WHERE package = ? AND product = ? AND release = ?", + DB_UINT, this->gid, DB_UINT, this->pid, DB_TEXT, this->version, + DB_INT, DB_INT, DB_INT, DB_INT); + if (e) + { + if (e->enumerate(e, &vid, &security_old, &blacklist_old)) + { + this->vid = vid; + } + e->destroy(e); + } + if (this->vid) + { + if (security != security_old || blacklist != blacklist_old) + { + /* update security and/or blacklist flag */ + success = this->db->execute(this->db, NULL, "UPDATE versions " + "SET security = ?, blacklist = ?, time = ? WHERE id = ?", + DB_INT, security, DB_INT, blacklist, DB_INT, t, + DB_INT, this->vid) == 1; + + printf("'%s' package %s (%s)%N %s updated in database\n", + this->product, this->package, this->version, + os_package_state_names, this->package_state, + success ? "" : "could not be "); + } + else + { + success = TRUE; + + printf("'%s' package %s (%s)%N exists in database\n", + this->product, this->package, this->version, + os_package_state_names, this->package_state); + } + return success; + } + + /* create a new version */ + success = this->db->execute(this->db, NULL, + "INSERT INTO versions " + "(package, product, release, security, blacklist, time) " + "VALUES (?, ?, ?, ?, ?, ?)", + DB_UINT, this->gid, DB_INT, this->pid, DB_TEXT, + this->version, DB_INT, security, DB_INT, blacklist, + DB_INT, t) == 1; + + printf("'%s' package %s (%s)%N %sinserted into database\n", + this->product, this->package, this->version, + os_package_state_names, this->package_state, + success ? "" : "could not be "); + + return success; +} + /** * Add hash measurement for a single file or all files in a directory */ @@ -1771,7 +1856,14 @@ static bool add_hash(private_attest_db_t *this) METHOD(attest_db_t, add, bool, private_attest_db_t *this) { - bool success = FALSE; + /* insert package version */ + if (this->version_set && this->gid && this->pid) + { + if (!add_version(this)) + { + return FALSE; + } + } /* add directory or file hash measurement for a given product */ if (this->did && this->pid) @@ -1779,29 +1871,7 @@ METHOD(attest_db_t, add, bool, return add_hash(this); } - /* insert package version */ - if (this->version_set && this->gid && this->pid) - { - time_t t = time(NULL); - int security, blacklist; - - security = this->package_state == OS_PACKAGE_STATE_SECURITY; - blacklist = this->package_state == OS_PACKAGE_STATE_BLACKLIST; - - success = this->db->execute(this->db, NULL, - "INSERT INTO versions " - "(package, product, release, security, blacklist, time) " - "VALUES (?, ?, ?, ?, ?, ?)", - DB_UINT, this->gid, DB_INT, this->pid, DB_TEXT, - this->version, DB_INT, security, DB_INT, blacklist, - DB_INT, t) == 1; - - printf("'%s' package %s (%s)%N %sinserted into database\n", - this->product, this->package, this->version, - os_package_state_names, this->package_state, - success ? "" : "could not be "); - } - return success; + return FALSE; } METHOD(attest_db_t, delete, bool, @@ -1816,8 +1886,9 @@ METHOD(attest_db_t, delete, bool, if (this->algo && this->pid && this->fid) { success = this->db->execute(this->db, NULL, - "DELETE FROM file_hashes " - "WHERE algo = ? AND product = ? AND file = ?", + "DELETE FROM file_hashes AS h " + "JOIN versions AS v ON h.version = v.id " + "WHERE h.algo = ? AND v.product = ? AND h.file = ?", DB_UINT, this->algo, DB_UINT, this->pid, DB_UINT, this->fid) > 0; diff --git a/src/libimcv/plugins/imv_attestation/attest_usage.c b/src/libimcv/plugins/imv_attestation/attest_usage.c index 8f4afdbad..2966529e1 100644 --- a/src/libimcv/plugins/imv_attestation/attest_usage.c +++ b/src/libimcv/plugins/imv_attestation/attest_usage.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2011-2014 Andreas Steffen + * Copyright (C) 2011-2017 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -77,8 +77,9 @@ Usage:\n\ ipsec attest --add [--owner ] --key |--aik \n\ Add an AIK public key digest entry preceded by an optional owner name\n\ \n\ - ipsec attest --add --product |--pid --sha1|--sha1-ima|--sha256|--sha384\n\ - [--relative|--rel] --dir |--file \n\ + ipsec attest --add --product |--pid --sha1|--sha256|--sha384\n\ + [--relative|--rel] [--package --version ]\n\ + --dir |--file \n\ Add hashes of a single file or all files in a directory under absolute or relative filenames\n\ \n\ ipsec attest --add --key --component |--cid --sequence |--seq \n\ diff --git a/src/libimcv/plugins/imv_hcd/Makefile.in b/src/libimcv/plugins/imv_hcd/Makefile.in index b19cb4a41..fda666b06 100644 --- a/src/libimcv/plugins/imv_hcd/Makefile.in +++ b/src/libimcv/plugins/imv_hcd/Makefile.in @@ -308,8 +308,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -410,6 +408,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -438,6 +438,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libimcv/plugins/imv_os/Makefile.in b/src/libimcv/plugins/imv_os/Makefile.in index f2804f3fc..a8d80b3f8 100644 --- a/src/libimcv/plugins/imv_os/Makefile.in +++ b/src/libimcv/plugins/imv_os/Makefile.in @@ -316,8 +316,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -418,6 +416,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -446,6 +446,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libimcv/plugins/imv_scanner/Makefile.in b/src/libimcv/plugins/imv_scanner/Makefile.in index 6cc107edb..b851f84e7 100644 --- a/src/libimcv/plugins/imv_scanner/Makefile.in +++ b/src/libimcv/plugins/imv_scanner/Makefile.in @@ -310,8 +310,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -412,6 +410,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -440,6 +440,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libimcv/plugins/imv_swid/Makefile.am b/src/libimcv/plugins/imv_swid/Makefile.am index 73da84b55..e573ea0d8 100644 --- a/src/libimcv/plugins/imv_swid/Makefile.am +++ b/src/libimcv/plugins/imv_swid/Makefile.am @@ -16,7 +16,6 @@ imv_swid_la_LIBADD = \ imv_swid_la_SOURCES = \ imv_swid.c imv_swid_state.h imv_swid_state.c \ - imv_swid_agent.h imv_swid_agent.c \ - imv_swid_rest.h imv_swid_rest.c + imv_swid_agent.h imv_swid_agent.c imv_swid_la_LDFLAGS = -module -avoid-version -no-undefined diff --git a/src/libimcv/plugins/imv_swid/Makefile.in b/src/libimcv/plugins/imv_swid/Makefile.in index 3560752ed..c745b4597 100644 --- a/src/libimcv/plugins/imv_swid/Makefile.in +++ b/src/libimcv/plugins/imv_swid/Makefile.in @@ -141,7 +141,7 @@ imv_swid_la_DEPENDENCIES = $(top_builddir)/src/libimcv/libimcv.la \ $(top_builddir)/src/libstrongswan/libstrongswan.la \ $(am__DEPENDENCIES_1) am_imv_swid_la_OBJECTS = imv_swid.lo imv_swid_state.lo \ - imv_swid_agent.lo imv_swid_rest.lo + imv_swid_agent.lo imv_swid_la_OBJECTS = $(am_imv_swid_la_OBJECTS) AM_V_lt = $(am__v_lt_@AM_V@) am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) @@ -311,8 +311,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -413,6 +411,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -441,6 +441,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ @@ -461,8 +465,7 @@ imv_swid_la_LIBADD = \ imv_swid_la_SOURCES = \ imv_swid.c imv_swid_state.h imv_swid_state.c \ - imv_swid_agent.h imv_swid_agent.c \ - imv_swid_rest.h imv_swid_rest.c + imv_swid_agent.h imv_swid_agent.c imv_swid_la_LDFLAGS = -module -avoid-version -no-undefined all: all-am @@ -545,7 +548,6 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/imv_swid.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/imv_swid_agent.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/imv_swid_rest.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/imv_swid_state.Plo@am__quote@ .c.o: diff --git a/src/libimcv/plugins/imv_swid/imv_swid_agent.c b/src/libimcv/plugins/imv_swid/imv_swid_agent.c index c057e7ed1..2884a169c 100644 --- a/src/libimcv/plugins/imv_swid/imv_swid_agent.c +++ b/src/libimcv/plugins/imv_swid/imv_swid_agent.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2013-2016 Andreas Steffen + * Copyright (C) 2013-2017 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -18,12 +18,12 @@ #include "imv_swid_agent.h" #include "imv_swid_state.h" -#include "imv_swid_rest.h" #include #include #include #include +#include "rest/rest.h" #include "tcg/seg/tcg_seg_attr_max_size.h" #include "tcg/seg/tcg_seg_attr_seg_env.h" #include "tcg/swid/tcg_swid_attr_req.h" @@ -72,7 +72,7 @@ struct private_imv_swid_agent_t { /** * REST API to strongTNC manager */ - imv_swid_rest_t *rest_api; + rest_t *rest_api; }; @@ -590,7 +590,7 @@ METHOD(imv_agent_if_t, batch_ending, TNC_Result, DBG1(DBG_IMV, " %s", target); /* Separate target into tag_creator and unique_sw_id */ - separator = strchr(target, '_'); + separator = strstr(target, "__"); if (!separator) { error_str = "separation of regid from " @@ -598,9 +598,9 @@ METHOD(imv_agent_if_t, batch_ending, TNC_Result, break; } tag_creator = chunk_create(target, separator - target); - separator++; + separator += 2; unique_sw_id = chunk_create(separator, strlen(target) - - tag_creator.len - 1); + tag_creator.len - 2); tag_id = swid_tag_id_create(tag_creator, unique_sw_id, chunk_empty); cast_attr = (tcg_swid_attr_req_t*)attr; @@ -719,7 +719,7 @@ imv_agent_if_t *imv_swid_agent_create(const char *name, TNC_IMVID id, "%s.plugins.imv-swid.rest_api_timeout", 120, lib->ns); if (rest_api_uri) { - this->rest_api = imv_swid_rest_create(rest_api_uri, rest_api_timeout); + this->rest_api = rest_create(rest_api_uri, rest_api_timeout); } return &this->public; diff --git a/src/libimcv/plugins/imv_swid/imv_swid_rest.c b/src/libimcv/plugins/imv_swid/imv_swid_rest.c deleted file mode 100644 index 0fe96edef..000000000 --- a/src/libimcv/plugins/imv_swid/imv_swid_rest.c +++ /dev/null @@ -1,124 +0,0 @@ -/* - * Copyright (C) 2014 Andreas Steffen - * HSR Hochschule fuer Technik Rapperswil - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See . - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -#define _GNU_SOURCE -#include - -#include "imv_swid_rest.h" - -typedef struct private_imv_swid_rest_t private_imv_swid_rest_t; - -/** - * Private data of an imv_swid_rest_t object. - */ -struct private_imv_swid_rest_t { - - /** - * Public members of imv_swid_rest_t - */ - imv_swid_rest_t public; - - /** - * URI of REST API - */ - char *uri; - - /** - * Timeout of REST API connection - */ - u_int timeout; - -}; - -#define HTTP_STATUS_CODE_PRECONDITION_FAILED 412 - -METHOD(imv_swid_rest_t, post, status_t, - private_imv_swid_rest_t *this, char *command, json_object *jrequest, - json_object **jresponse) -{ - struct json_tokener *tokener; - chunk_t data, response = chunk_empty; - status_t status; - char *uri; - int code; - - if (asprintf(&uri, "%s%s",this->uri, command) < 0) - { - return FAILED; - } - data = chunk_from_str((char*)json_object_to_json_string(jrequest)); - - status = lib->fetcher->fetch(lib->fetcher, uri, &response, - FETCH_TIMEOUT, this->timeout, - FETCH_REQUEST_DATA, data, - FETCH_REQUEST_TYPE, "application/json; charset=utf-8", - FETCH_REQUEST_HEADER, "Accept: application/json", - FETCH_REQUEST_HEADER, "Expect:", - FETCH_RESPONSE_CODE, &code, - FETCH_END); - free(uri); - - if (status != SUCCESS) - { - if (code != HTTP_STATUS_CODE_PRECONDITION_FAILED || !response.ptr) - { - DBG2(DBG_IMV, "REST http request failed with status code: %d", code); - status = FAILED; - } - else - { - if (jresponse) - { - /* Parse HTTP response into a JSON object */ - tokener = json_tokener_new(); - *jresponse = json_tokener_parse_ex(tokener, response.ptr, - response.len); - json_tokener_free(tokener); - } - status = NEED_MORE; - } - } - free(response.ptr); - - return status; -} - -METHOD(imv_swid_rest_t, destroy, void, - private_imv_swid_rest_t *this) -{ - free(this->uri); - free(this); -} - -/** - * Described in header. - */ -imv_swid_rest_t *imv_swid_rest_create(char *uri, u_int timeout) -{ - private_imv_swid_rest_t *this; - - INIT(this, - .public = { - .post = _post, - .destroy = _destroy, - }, - .uri = strdup(uri), - .timeout = timeout, - ); - - return &this->public; -} - - diff --git a/src/libimcv/plugins/imv_swid/imv_swid_rest.h b/src/libimcv/plugins/imv_swid/imv_swid_rest.h deleted file mode 100644 index 32392cbe6..000000000 --- a/src/libimcv/plugins/imv_swid/imv_swid_rest.h +++ /dev/null @@ -1,63 +0,0 @@ -/* - * Copyright (C) 2013-2014 Andreas Steffen - * HSR Hochschule fuer Technik Rapperswil - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See . - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -/** - * @defgroup imv_swid imv_swid - * @ingroup libimcv_plugins - * - * @defgroup imv_swid_rest_t imv_swid_rest - * @{ @ingroup imv_swid - */ - -#ifndef IMV_SWID_REST_H_ -#define IMV_SWID_REST_H_ - -#include - -#include - -typedef struct imv_swid_rest_t imv_swid_rest_t; - -/** - * Public REST interface - */ -struct imv_swid_rest_t { - - /** - * Post a HTTP request including a JSON object - * - * @param jreq JSON object in HTTP request - * @param jresp JSON object in HTTP response if NEED_MORE - * @return Status (SUCCESS, NEED_MORE or FAILED) - */ - status_t (*post)(imv_swid_rest_t *this, char *command, json_object *jreq, - json_object **jresp); - - /** - * Destroy imv_swid_rest_t object - */ - void (*destroy)(imv_swid_rest_t *this); - -}; - -/** - * Create an imv_swid_rest_t instance - * - * @param uri REST URI (http://username:password@hostname[:port]/api/) - * @param timeout Timeout of the REST connection - */ -imv_swid_rest_t* imv_swid_rest_create(char *uri, u_int timeout); - -#endif /** IMV_SWID_REST_H_ @}*/ diff --git a/src/libimcv/plugins/imv_swid/imv_swid_state.c b/src/libimcv/plugins/imv_swid/imv_swid_state.c index fb9493a83..50e9f489a 100644 --- a/src/libimcv/plugins/imv_swid/imv_swid_state.c +++ b/src/libimcv/plugins/imv_swid/imv_swid_state.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2013-2016 Andreas Steffen + * Copyright (C) 2013-2017 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -288,8 +288,8 @@ METHOD(imv_swid_state_t, get_request_id, uint32_t, METHOD(imv_swid_state_t, set_swid_inventory, void, private_imv_swid_state_t *this, swid_inventory_t *inventory) { - chunk_t tag_creator, unique_sw_id; - char software_id[256]; + chunk_t tag_creator, sw_id; + char software_id[BUF_LEN]; json_object *jstring; swid_tag_id_t *tag_id; enumerator_t *enumerator; @@ -299,10 +299,10 @@ METHOD(imv_swid_state_t, set_swid_inventory, void, { /* Construct software ID from tag creator and unique software ID */ tag_creator = tag_id->get_tag_creator(tag_id); - unique_sw_id = tag_id->get_unique_sw_id(tag_id, NULL); - snprintf(software_id, 256, "%.*s_%.*s", - tag_creator.len, tag_creator.ptr, - unique_sw_id.len, unique_sw_id.ptr); + sw_id = tag_id->get_unique_sw_id(tag_id, NULL); + snprintf(software_id, BUF_LEN, "%.*s__%.*s", + (int)tag_creator.len, tag_creator.ptr, + (int)sw_id.len, sw_id.ptr); DBG3(DBG_IMV, " %s", software_id); /* Add software ID to JSON array */ diff --git a/src/libimcv/plugins/imv_swima/Makefile.am b/src/libimcv/plugins/imv_swima/Makefile.am new file mode 100644 index 000000000..b1726f061 --- /dev/null +++ b/src/libimcv/plugins/imv_swima/Makefile.am @@ -0,0 +1,21 @@ +AM_CPPFLAGS = \ + -I$(top_srcdir)/src/libstrongswan \ + -I$(top_srcdir)/src/libtncif \ + -I$(top_srcdir)/src/libtpmtss \ + -I$(top_srcdir)/src/libimcv + +AM_CFLAGS = \ + $(PLUGIN_CFLAGS) $(json_CFLAGS) + +imcv_LTLIBRARIES = imv-swima.la + +imv_swima_la_LIBADD = \ + $(top_builddir)/src/libimcv/libimcv.la \ + $(top_builddir)/src/libstrongswan/libstrongswan.la \ + $(json_LIBS) + +imv_swima_la_SOURCES = \ + imv_swima.c imv_swima_state.h imv_swima_state.c \ + imv_swima_agent.h imv_swima_agent.c + +imv_swima_la_LDFLAGS = -module -avoid-version -no-undefined diff --git a/src/libimcv/plugins/imv_swima/Makefile.in b/src/libimcv/plugins/imv_swima/Makefile.in new file mode 100644 index 000000000..56eafa5ad --- /dev/null +++ b/src/libimcv/plugins/imv_swima/Makefile.in @@ -0,0 +1,795 @@ +# Makefile.in generated by automake 1.15 from Makefile.am. +# @configure_input@ + +# Copyright (C) 1994-2014 Free Software Foundation, Inc. + +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +@SET_MAKE@ + +VPATH = @srcdir@ +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} +am__make_running_with_option = \ + case $${target_option-} in \ + ?) ;; \ + *) echo "am__make_running_with_option: internal error: invalid" \ + "target option '$${target_option-}' specified" >&2; \ + exit 1;; \ + esac; \ + has_opt=no; \ + sane_makeflags=$$MAKEFLAGS; \ + if $(am__is_gnu_make); then \ + sane_makeflags=$$MFLAGS; \ + else \ + case $$MAKEFLAGS in \ + *\\[\ \ ]*) \ + bs=\\; \ + sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ + | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ + esac; \ + fi; \ + skip_next=no; \ + strip_trailopt () \ + { \ + flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ + }; \ + for flg in $$sane_makeflags; do \ + test $$skip_next = yes && { skip_next=no; continue; }; \ + case $$flg in \ + *=*|--*) continue;; \ + -*I) strip_trailopt 'I'; skip_next=yes;; \ + -*I?*) strip_trailopt 'I';; \ + -*O) strip_trailopt 'O'; skip_next=yes;; \ + -*O?*) strip_trailopt 'O';; \ + -*l) strip_trailopt 'l'; skip_next=yes;; \ + -*l?*) strip_trailopt 'l';; \ + -[dEDm]) skip_next=yes;; \ + -[JT]) skip_next=yes;; \ + esac; \ + case $$flg in \ + *$$target_option*) has_opt=yes; break;; \ + esac; \ + done; \ + test $$has_opt = yes +am__make_dryrun = (target_option=n; $(am__make_running_with_option)) +am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) +pkgdatadir = $(datadir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ +am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +install_sh_DATA = $(install_sh) -c -m 644 +install_sh_PROGRAM = $(install_sh) -c +install_sh_SCRIPT = $(install_sh) -c +INSTALL_HEADER = $(INSTALL_DATA) +transform = $(program_transform_name) +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +build_triplet = @build@ +host_triplet = @host@ +subdir = src/libimcv/plugins/imv_swima +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ + $(top_srcdir)/m4/config/ltoptions.m4 \ + $(top_srcdir)/m4/config/ltsugar.m4 \ + $(top_srcdir)/m4/config/ltversion.m4 \ + $(top_srcdir)/m4/config/lt~obsolete.m4 \ + $(top_srcdir)/m4/macros/split-package-version.m4 \ + $(top_srcdir)/m4/macros/with.m4 \ + $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/m4/macros/add-plugin.m4 \ + $(top_srcdir)/configure.ac +am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ + $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) +mkinstalldirs = $(install_sh) -d +CONFIG_HEADER = $(top_builddir)/config.h +CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = +am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; +am__vpath_adj = case $$p in \ + $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ + *) f=$$p;; \ + esac; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' +am__uninstall_files_from_dir = { \ + test -z "$$files" \ + || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ + || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ + $(am__cd) "$$dir" && rm -f $$files; }; \ + } +am__installdirs = "$(DESTDIR)$(imcvdir)" +LTLIBRARIES = $(imcv_LTLIBRARIES) +am__DEPENDENCIES_1 = +imv_swima_la_DEPENDENCIES = $(top_builddir)/src/libimcv/libimcv.la \ + $(top_builddir)/src/libstrongswan/libstrongswan.la \ + $(am__DEPENDENCIES_1) +am_imv_swima_la_OBJECTS = imv_swima.lo imv_swima_state.lo \ + imv_swima_agent.lo +imv_swima_la_OBJECTS = $(am_imv_swima_la_OBJECTS) +AM_V_lt = $(am__v_lt_@AM_V@) +am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) +am__v_lt_0 = --silent +am__v_lt_1 = +imv_swima_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ + $(imv_swima_la_LDFLAGS) $(LDFLAGS) -o $@ +AM_V_P = $(am__v_P_@AM_V@) +am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) +am__v_P_0 = false +am__v_P_1 = : +AM_V_GEN = $(am__v_GEN_@AM_V@) +am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) +am__v_GEN_0 = @echo " GEN " $@; +am__v_GEN_1 = +AM_V_at = $(am__v_at_@AM_V@) +am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) +am__v_at_0 = @ +am__v_at_1 = +DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) +depcomp = $(SHELL) $(top_srcdir)/depcomp +am__depfiles_maybe = depfiles +am__mv = mv -f +COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ + $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \ + $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \ + $(AM_CFLAGS) $(CFLAGS) +AM_V_CC = $(am__v_CC_@AM_V@) +am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@) +am__v_CC_0 = @echo " CC " $@; +am__v_CC_1 = +CCLD = $(CC) +LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ + $(AM_LDFLAGS) $(LDFLAGS) -o $@ +AM_V_CCLD = $(am__v_CCLD_@AM_V@) +am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) +am__v_CCLD_0 = @echo " CCLD " $@; +am__v_CCLD_1 = +SOURCES = $(imv_swima_la_SOURCES) +DIST_SOURCES = $(imv_swima_la_SOURCES) +am__can_run_installinfo = \ + case $$AM_UPDATE_INFO_DIR in \ + n|no|NO) false;; \ + *) (install-info --version) >/dev/null 2>&1;; \ + esac +am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) +# Read a list of newline-separated strings from the standard input, +# and print each of them once, without duplicates. Input order is +# *not* preserved. +am__uniquify_input = $(AWK) '\ + BEGIN { nonempty = 0; } \ + { items[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in items) print i; }; } \ +' +# Make sure the list of sources is unique. This is necessary because, +# e.g., the same source file might be shared among _SOURCES variables +# for different programs/libraries. +am__define_uniq_tagged_files = \ + list='$(am__tagged_files)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | $(am__uniquify_input)` +ETAGS = etags +CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +ACLOCAL = @ACLOCAL@ +ALLOCA = @ALLOCA@ +AMTAR = @AMTAR@ +AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ +AR = @AR@ +ATOMICLIB = @ATOMICLIB@ +AUTOCONF = @AUTOCONF@ +AUTOHEADER = @AUTOHEADER@ +AUTOMAKE = @AUTOMAKE@ +AWK = @AWK@ +BFDLIB = @BFDLIB@ +BTLIB = @BTLIB@ +CC = @CC@ +CCDEPMODE = @CCDEPMODE@ +CFLAGS = @CFLAGS@ +COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ +COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ +CPP = @CPP@ +CPPFLAGS = @CPPFLAGS@ +CYGPATH_W = @CYGPATH_W@ +DEFS = @DEFS@ +DEPDIR = @DEPDIR@ +DLLIB = @DLLIB@ +DLLTOOL = @DLLTOOL@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ +EASY_INSTALL = @EASY_INSTALL@ +ECHO_C = @ECHO_C@ +ECHO_N = @ECHO_N@ +ECHO_T = @ECHO_T@ +EGREP = @EGREP@ +EXEEXT = @EXEEXT@ +FGREP = @FGREP@ +GEM = @GEM@ +GENHTML = @GENHTML@ +GPERF = @GPERF@ +GPRBUILD = @GPRBUILD@ +GREP = @GREP@ +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LCOV = @LCOV@ +LD = @LD@ +LDFLAGS = @LDFLAGS@ +LEX = @LEX@ +LEXLIB = @LEXLIB@ +LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ +LIBOBJS = @LIBOBJS@ +LIBS = @LIBS@ +LIBTOOL = @LIBTOOL@ +LIPO = @LIPO@ +LN_S = @LN_S@ +LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ +MAKEINFO = @MAKEINFO@ +MANIFEST_TOOL = @MANIFEST_TOOL@ +MKDIR_P = @MKDIR_P@ +MYSQLCFLAG = @MYSQLCFLAG@ +MYSQLCONFIG = @MYSQLCONFIG@ +MYSQLLIB = @MYSQLLIB@ +NM = @NM@ +NMEDIT = @NMEDIT@ +OBJDUMP = @OBJDUMP@ +OBJEXT = @OBJEXT@ +OPENSSL_LIB = @OPENSSL_LIB@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ +PACKAGE = @PACKAGE@ +PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ +PACKAGE_NAME = @PACKAGE_NAME@ +PACKAGE_STRING = @PACKAGE_STRING@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ +PACKAGE_VERSION = @PACKAGE_VERSION@ +PACKAGE_VERSION_BUILD = @PACKAGE_VERSION_BUILD@ +PACKAGE_VERSION_MAJOR = @PACKAGE_VERSION_MAJOR@ +PACKAGE_VERSION_MINOR = @PACKAGE_VERSION_MINOR@ +PACKAGE_VERSION_REVIEW = @PACKAGE_VERSION_REVIEW@ +PATH_SEPARATOR = @PATH_SEPARATOR@ +PERL = @PERL@ +PKG_CONFIG = @PKG_CONFIG@ +PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ +PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ +PLUGIN_CFLAGS = @PLUGIN_CFLAGS@ +PTHREADLIB = @PTHREADLIB@ +PYTHON = @PYTHON@ +PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ +PY_TEST = @PY_TEST@ +RANLIB = @RANLIB@ +RTLIB = @RTLIB@ +RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ +SED = @SED@ +SET_MAKE = @SET_MAKE@ +SHELL = @SHELL@ +SOCKLIB = @SOCKLIB@ +STRIP = @STRIP@ +UNWINDLIB = @UNWINDLIB@ +VERSION = @VERSION@ +YACC = @YACC@ +YFLAGS = @YFLAGS@ +abs_builddir = @abs_builddir@ +abs_srcdir = @abs_srcdir@ +abs_top_builddir = @abs_top_builddir@ +abs_top_srcdir = @abs_top_srcdir@ +ac_ct_AR = @ac_ct_AR@ +ac_ct_CC = @ac_ct_CC@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +aikgen_plugins = @aikgen_plugins@ +am__include = @am__include@ +am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ +am__tar = @am__tar@ +am__untar = @am__untar@ +attest_plugins = @attest_plugins@ +bindir = @bindir@ +build = @build@ +build_alias = @build_alias@ +build_cpu = @build_cpu@ +build_os = @build_os@ +build_vendor = @build_vendor@ +builddir = @builddir@ +c_plugins = @c_plugins@ +charon_natt_port = @charon_natt_port@ +charon_plugins = @charon_plugins@ +charon_udp_port = @charon_udp_port@ +clearsilver_LIBS = @clearsilver_LIBS@ +cmd_plugins = @cmd_plugins@ +datadir = @datadir@ +datarootdir = @datarootdir@ +dev_headers = @dev_headers@ +docdir = @docdir@ +dvidir = @dvidir@ +exec_prefix = @exec_prefix@ +fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ +gtk_CFLAGS = @gtk_CFLAGS@ +gtk_LIBS = @gtk_LIBS@ +host = @host@ +host_alias = @host_alias@ +host_cpu = @host_cpu@ +host_os = @host_os@ +host_vendor = @host_vendor@ +htmldir = @htmldir@ +imcvdir = @imcvdir@ +includedir = @includedir@ +infodir = @infodir@ +install_sh = @install_sh@ +ipsec_script = @ipsec_script@ +ipsec_script_upper = @ipsec_script_upper@ +ipsecdir = @ipsecdir@ +ipsecgroup = @ipsecgroup@ +ipseclibdir = @ipseclibdir@ +ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ +libdir = @libdir@ +libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ +libiptc_CFLAGS = @libiptc_CFLAGS@ +libiptc_LIBS = @libiptc_LIBS@ +linux_headers = @linux_headers@ +localedir = @localedir@ +localstatedir = @localstatedir@ +manager_plugins = @manager_plugins@ +mandir = @mandir@ +medsrv_plugins = @medsrv_plugins@ +mkdir_p = @mkdir_p@ +nm_CFLAGS = @nm_CFLAGS@ +nm_LIBS = @nm_LIBS@ +nm_ca_dir = @nm_ca_dir@ +nm_plugins = @nm_plugins@ +oldincludedir = @oldincludedir@ +p_plugins = @p_plugins@ +pcsclite_CFLAGS = @pcsclite_CFLAGS@ +pcsclite_LIBS = @pcsclite_LIBS@ +pdfdir = @pdfdir@ +piddir = @piddir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ +pki_plugins = @pki_plugins@ +plugindir = @plugindir@ +pool_plugins = @pool_plugins@ +prefix = @prefix@ +program_transform_name = @program_transform_name@ +psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ +random_device = @random_device@ +resolv_conf = @resolv_conf@ +routing_table = @routing_table@ +routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ +runstatedir = @runstatedir@ +s_plugins = @s_plugins@ +sbindir = @sbindir@ +scepclient_plugins = @scepclient_plugins@ +scripts_plugins = @scripts_plugins@ +sharedstatedir = @sharedstatedir@ +soup_CFLAGS = @soup_CFLAGS@ +soup_LIBS = @soup_LIBS@ +srcdir = @srcdir@ +starter_plugins = @starter_plugins@ +strongswan_conf = @strongswan_conf@ +strongswan_options = @strongswan_options@ +swanctldir = @swanctldir@ +sysconfdir = @sysconfdir@ +systemd_CFLAGS = @systemd_CFLAGS@ +systemd_LIBS = @systemd_LIBS@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ +systemdsystemunitdir = @systemdsystemunitdir@ +t_plugins = @t_plugins@ +target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ +top_builddir = @top_builddir@ +top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ +urandom_device = @urandom_device@ +xml_CFLAGS = @xml_CFLAGS@ +xml_LIBS = @xml_LIBS@ +AM_CPPFLAGS = \ + -I$(top_srcdir)/src/libstrongswan \ + -I$(top_srcdir)/src/libtncif \ + -I$(top_srcdir)/src/libtpmtss \ + -I$(top_srcdir)/src/libimcv + +AM_CFLAGS = \ + $(PLUGIN_CFLAGS) $(json_CFLAGS) + +imcv_LTLIBRARIES = imv-swima.la +imv_swima_la_LIBADD = \ + $(top_builddir)/src/libimcv/libimcv.la \ + $(top_builddir)/src/libstrongswan/libstrongswan.la \ + $(json_LIBS) + +imv_swima_la_SOURCES = \ + imv_swima.c imv_swima_state.h imv_swima_state.c \ + imv_swima_agent.h imv_swima_agent.c + +imv_swima_la_LDFLAGS = -module -avoid-version -no-undefined +all: all-am + +.SUFFIXES: +.SUFFIXES: .c .lo .o .obj +$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ + *$$dep*) \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ + exit 1;; \ + esac; \ + done; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libimcv/plugins/imv_swima/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu src/libimcv/plugins/imv_swima/Makefile +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + @case '$?' in \ + *config.status*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ + *) \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ + esac; + +$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + +$(top_srcdir)/configure: $(am__configure_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(ACLOCAL_M4): $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): + +install-imcvLTLIBRARIES: $(imcv_LTLIBRARIES) + @$(NORMAL_INSTALL) + @list='$(imcv_LTLIBRARIES)'; test -n "$(imcvdir)" || list=; \ + list2=; for p in $$list; do \ + if test -f $$p; then \ + list2="$$list2 $$p"; \ + else :; fi; \ + done; \ + test -z "$$list2" || { \ + echo " $(MKDIR_P) '$(DESTDIR)$(imcvdir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(imcvdir)" || exit 1; \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(imcvdir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(imcvdir)"; \ + } + +uninstall-imcvLTLIBRARIES: + @$(NORMAL_UNINSTALL) + @list='$(imcv_LTLIBRARIES)'; test -n "$(imcvdir)" || list=; \ + for p in $$list; do \ + $(am__strip_dir) \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(imcvdir)/$$f'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(imcvdir)/$$f"; \ + done + +clean-imcvLTLIBRARIES: + -test -z "$(imcv_LTLIBRARIES)" || rm -f $(imcv_LTLIBRARIES) + @list='$(imcv_LTLIBRARIES)'; \ + locs=`for p in $$list; do echo $$p; done | \ + sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \ + sort -u`; \ + test -z "$$locs" || { \ + echo rm -f $${locs}; \ + rm -f $${locs}; \ + } + +imv-swima.la: $(imv_swima_la_OBJECTS) $(imv_swima_la_DEPENDENCIES) $(EXTRA_imv_swima_la_DEPENDENCIES) + $(AM_V_CCLD)$(imv_swima_la_LINK) -rpath $(imcvdir) $(imv_swima_la_OBJECTS) $(imv_swima_la_LIBADD) $(LIBS) + +mostlyclean-compile: + -rm -f *.$(OBJEXT) + +distclean-compile: + -rm -f *.tab.c + +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/imv_swima.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/imv_swima_agent.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/imv_swima_state.Plo@am__quote@ + +.c.o: +@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.o$$||'`;\ +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\ +@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $< + +.c.obj: +@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.obj$$||'`;\ +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ `$(CYGPATH_W) '$<'` &&\ +@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'` + +.c.lo: +@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.lo$$||'`;\ +@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\ +@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $< + +mostlyclean-libtool: + -rm -f *.lo + +clean-libtool: + -rm -rf .libs _libs + +ID: $(am__tagged_files) + $(am__define_uniq_tagged_files); mkid -fID $$unique +tags: tags-am +TAGS: tags + +tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) + set x; \ + here=`pwd`; \ + $(am__define_uniq_tagged_files); \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ + test -n "$$unique" || unique=$$empty_fix; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ + fi +ctags: ctags-am + +CTAGS: ctags +ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) + $(am__define_uniq_tagged_files); \ + test -z "$(CTAGS_ARGS)$$unique" \ + || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ + $$unique + +GTAGS: + here=`$(am__cd) $(top_builddir) && pwd` \ + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" +cscopelist: cscopelist-am + +cscopelist-am: $(am__tagged_files) + list='$(am__tagged_files)'; \ + case "$(srcdir)" in \ + [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \ + *) sdir=$(subdir)/$(srcdir) ;; \ + esac; \ + for i in $$list; do \ + if test -f "$$i"; then \ + echo "$(subdir)/$$i"; \ + else \ + echo "$$sdir/$$i"; \ + fi; \ + done >> $(top_builddir)/cscope.files + +distclean-tags: + -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags + +distdir: $(DISTFILES) + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ + dist_files=`for file in $$list; do echo $$file; done | \ + sed -e "s|^$$srcdirstrip/||;t" \ + -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ + case $$dist_files in \ + */*) $(MKDIR_P) `echo "$$dist_files" | \ + sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ + sort -u` ;; \ + esac; \ + for file in $$dist_files; do \ + if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + if test -d $$d/$$file; then \ + dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ + else \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ + || exit 1; \ + fi; \ + done +check-am: all-am +check: check-am +all-am: Makefile $(LTLIBRARIES) +installdirs: + for dir in "$(DESTDIR)$(imcvdir)"; do \ + test -z "$$dir" || $(MKDIR_P) "$$dir"; \ + done +install: install-am +install-exec: install-exec-am +install-data: install-data-am +uninstall: uninstall-am + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am + +installcheck: installcheck-am +install-strip: + if test -z '$(STRIP)'; then \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + install; \ + else \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ + fi +mostlyclean-generic: + +clean-generic: + +distclean-generic: + -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + +maintainer-clean-generic: + @echo "This command is intended for maintainers to use" + @echo "it deletes files that may require special tools to rebuild." +clean: clean-am + +clean-am: clean-generic clean-imcvLTLIBRARIES clean-libtool \ + mostlyclean-am + +distclean: distclean-am + -rm -rf ./$(DEPDIR) + -rm -f Makefile +distclean-am: clean-am distclean-compile distclean-generic \ + distclean-tags + +dvi: dvi-am + +dvi-am: + +html: html-am + +html-am: + +info: info-am + +info-am: + +install-data-am: install-imcvLTLIBRARIES + +install-dvi: install-dvi-am + +install-dvi-am: + +install-exec-am: + +install-html: install-html-am + +install-html-am: + +install-info: install-info-am + +install-info-am: + +install-man: + +install-pdf: install-pdf-am + +install-pdf-am: + +install-ps: install-ps-am + +install-ps-am: + +installcheck-am: + +maintainer-clean: maintainer-clean-am + -rm -rf ./$(DEPDIR) + -rm -f Makefile +maintainer-clean-am: distclean-am maintainer-clean-generic + +mostlyclean: mostlyclean-am + +mostlyclean-am: mostlyclean-compile mostlyclean-generic \ + mostlyclean-libtool + +pdf: pdf-am + +pdf-am: + +ps: ps-am + +ps-am: + +uninstall-am: uninstall-imcvLTLIBRARIES + +.MAKE: install-am install-strip + +.PHONY: CTAGS GTAGS TAGS all all-am check check-am clean clean-generic \ + clean-imcvLTLIBRARIES clean-libtool cscopelist-am ctags \ + ctags-am distclean distclean-compile distclean-generic \ + distclean-libtool distclean-tags distdir dvi dvi-am html \ + html-am info info-am install install-am install-data \ + install-data-am install-dvi install-dvi-am install-exec \ + install-exec-am install-html install-html-am \ + install-imcvLTLIBRARIES install-info install-info-am \ + install-man install-pdf install-pdf-am install-ps \ + install-ps-am install-strip installcheck installcheck-am \ + installdirs maintainer-clean maintainer-clean-generic \ + mostlyclean mostlyclean-compile mostlyclean-generic \ + mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ + uninstall-am uninstall-imcvLTLIBRARIES + +.PRECIOUS: Makefile + + +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff --git a/src/libimcv/plugins/imv_swima/imv_swima.c b/src/libimcv/plugins/imv_swima/imv_swima.c new file mode 100644 index 000000000..0d78ea034 --- /dev/null +++ b/src/libimcv/plugins/imv_swima/imv_swima.c @@ -0,0 +1,24 @@ +/* + * Copyright (C) 2017 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "imv_swima_agent.h" + +static const char imv_name[] = "SWIMA"; +static const imv_agent_create_t imv_agent_create = imv_swima_agent_create; + +/* include generic TGC TNC IF-IMV API code below */ + +#include + diff --git a/src/libimcv/plugins/imv_swima/imv_swima_agent.c b/src/libimcv/plugins/imv_swima/imv_swima_agent.c new file mode 100644 index 000000000..efa2b1105 --- /dev/null +++ b/src/libimcv/plugins/imv_swima/imv_swima_agent.c @@ -0,0 +1,804 @@ +/* + * Copyright (C) 2017 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#define _GNU_SOURCE +#include + +#include "imv_swima_agent.h" +#include "imv_swima_state.h" + +#include +#include +#include +#include "rest/rest.h" +#include "tcg/seg/tcg_seg_attr_max_size.h" +#include "tcg/seg/tcg_seg_attr_seg_env.h" +#include "ietf/swima/ietf_swima_attr_req.h" +#include "ietf/swima/ietf_swima_attr_sw_inv.h" +#include "ietf/swima/ietf_swima_attr_sw_ev.h" +#include "swima/swima_error.h" +#include "swima/swima_inventory.h" +#include "swima/swima_events.h" +#include "swima/swima_data_model.h" + +#include +#include + +#include +#include +#include + +typedef struct private_imv_swima_agent_t private_imv_swima_agent_t; + +/* Subscribed PA-TNC message subtypes */ +static pen_type_t msg_types[] = { + { PEN_IETF, PA_SUBTYPE_IETF_SW } +}; + +/** + * Flag set when corresponding attribute has been received + */ +enum imv_swima_attr_t { + IMV_SWIMA_ATTR_SW_INV = (1<<0), + IMV_SWIMA_ATTR_SW_ID_INV = (1<<1), + IMV_SWIMA_ATTR_SW_EV = (1<<2), + IMV_SWIMA_ATTR_SW_ID_EV = (1<<2) +}; + +/** + * Private data of an imv_swima_agent_t object. + */ +struct private_imv_swima_agent_t { + + /** + * Public members of imv_swima_agent_t + */ + imv_agent_if_t public; + + /** + * IMV agent responsible for generic functions + */ + imv_agent_t *agent; + + /** + * REST API to strongTNC manager + */ + rest_t *rest_api; + +}; + +METHOD(imv_agent_if_t, bind_functions, TNC_Result, + private_imv_swima_agent_t *this, TNC_TNCS_BindFunctionPointer bind_function) +{ + return this->agent->bind_functions(this->agent, bind_function); +} + +METHOD(imv_agent_if_t, notify_connection_change, TNC_Result, + private_imv_swima_agent_t *this, TNC_ConnectionID id, + TNC_ConnectionState new_state) +{ + imv_state_t *state; + + switch (new_state) + { + case TNC_CONNECTION_STATE_CREATE: + state = imv_swima_state_create(id); + return this->agent->create_state(this->agent, state); + case TNC_CONNECTION_STATE_DELETE: + return this->agent->delete_state(this->agent, id); + default: + return this->agent->change_state(this->agent, id, new_state, NULL); + } +} + +/** + * Process a received message + */ +static TNC_Result receive_msg(private_imv_swima_agent_t *this, + imv_state_t *state, imv_msg_t *in_msg) +{ + imv_swima_state_t *swima_state; + imv_msg_t *out_msg; + enumerator_t *enumerator; + pa_tnc_attr_t *attr; + TNC_Result result; + bool fatal_error = FALSE; + + /* generate an outgoing PA-TNC message - we might need it */ + out_msg = imv_msg_create_as_reply(in_msg); + + /* parse received PA-TNC message and handle local and remote errors */ + result = in_msg->receive(in_msg, out_msg, &fatal_error); + if (result != TNC_RESULT_SUCCESS) + { + out_msg->destroy(out_msg); + return result; + } + + swima_state = (imv_swima_state_t*)state; + + /* analyze PA-TNC attributes */ + enumerator = in_msg->create_attribute_enumerator(in_msg); + while (enumerator->enumerate(enumerator, &attr)) + { + uint32_t request_id = 0, last_eid, eid_epoch; + swima_inventory_t *inventory; + swima_events_t *events; + pen_type_t type; + + type = attr->get_type(attr); + + if (type.vendor_id != PEN_IETF) + { + continue; + } + + switch (type.type) + { + case IETF_ATTR_PA_TNC_ERROR: + { + ietf_attr_pa_tnc_error_t *error_attr; + pen_type_t error_code; + chunk_t msg_info, description; + bio_reader_t *reader; + uint32_t max_attr_size; + bool success; + + error_attr = (ietf_attr_pa_tnc_error_t*)attr; + error_code = error_attr->get_error_code(error_attr); + + if (error_code.vendor_id != PEN_IETF || + error_code.type <= PA_ERROR_PA_TNC_MSG_ROOF) + { + continue; + } + msg_info = error_attr->get_msg_info(error_attr); + reader = bio_reader_create(msg_info); + success = reader->read_uint32(reader, &request_id); + + DBG1(DBG_IMV, "received PA-TNC error '%N' for request %d", + pa_tnc_error_code_names, error_code.type, request_id); + if (!success) + { + reader->destroy(reader); + continue; + } + if (error_code.type == PA_ERROR_SW_RESPONSE_TOO_LARGE) + { + if (!reader->read_uint32(reader, &max_attr_size)) + { + reader->destroy(reader); + continue; + } + DBG1(DBG_IMV, " maximum PA-TNC attribute size is %u bytes", + max_attr_size); + } + description = reader->peek(reader); + if (description.len) + { + DBG1(DBG_IMV, " description: %.*s", description.len, + description.ptr); + } + reader->destroy(reader); + break; + } + case IETF_ATTR_SW_ID_INVENTORY: + { + ietf_swima_attr_sw_inv_t *attr_cast; + uint32_t missing; + int sw_id_count; + + state->set_action_flags(state, IMV_SWIMA_ATTR_SW_ID_INV); + + attr_cast = (ietf_swima_attr_sw_inv_t*)attr; + request_id = attr_cast->get_request_id(attr_cast); + inventory = attr_cast->get_inventory(attr_cast); + last_eid = inventory->get_eid(inventory, &eid_epoch); + sw_id_count = inventory->get_count(inventory); + missing = attr_cast->get_record_count(attr_cast); + swima_state->set_missing(swima_state, missing); + + DBG2(DBG_IMV, "received software ID inventory with " + "%d item%s for request %d at last eid %d of epoch 0x%08x, " + "%d item%s to follow", sw_id_count, + (sw_id_count == 1) ? "" : "s", request_id, last_eid, + eid_epoch, missing, (missing == 1) ? "" : "s"); + + if (request_id == swima_state->get_request_id(swima_state)) + { + swima_state->set_inventory(swima_state, inventory); + swima_state->set_count(swima_state, sw_id_count, 0, + in_msg->get_src_id(in_msg)); + } + else + { + DBG1(DBG_IMV, "no workitem found for software ID " + "inventory with request ID %d", request_id); + } + attr_cast->clear_inventory(attr_cast); + break; + } + case IETF_ATTR_SW_INVENTORY: + { + ietf_swima_attr_sw_inv_t *attr_cast; + swima_record_t *sw_record; + json_object *jobj, *jarray, *jstring; + pen_type_t data_model; + chunk_t tag; + char *tag_str; + uint32_t missing; + int sw_count; + enumerator_t *e; + + state->set_action_flags(state, IMV_SWIMA_ATTR_SW_INV); + + attr_cast = (ietf_swima_attr_sw_inv_t*)attr; + request_id = attr_cast->get_request_id(attr_cast); + inventory = attr_cast->get_inventory(attr_cast); + last_eid = inventory->get_eid(inventory, &eid_epoch); + sw_count = inventory->get_count(inventory); + missing = attr_cast->get_record_count(attr_cast); + swima_state->set_missing(swima_state, missing); + + DBG2(DBG_IMV, "received software inventory with %d item%s for " + "request %d at last eid %d of epoch 0x%08x, %d item%s to " + "follow", sw_count, (sw_count == 1) ? "" : "s", request_id, + last_eid, eid_epoch, missing, (missing == 1) ? "" : "s"); + + if (request_id == swima_state->get_request_id(swima_state)) + { + swima_state->set_count(swima_state, 0, sw_count, + in_msg->get_src_id(in_msg)); + + if (this->rest_api) + { + jobj = json_object_new_object(); + jarray = json_object_new_array(); + json_object_object_add(jobj, "data", jarray); + + e = inventory->create_enumerator(inventory); + while (e->enumerate(e, &sw_record)) + { + tag = sw_record->get_record(sw_record); + DBG3(DBG_IMV, "%.*s", tag.len, tag.ptr); + + data_model = sw_record->get_data_model(sw_record); + if (!pen_type_equals(data_model, + swima_data_model_iso_2015_swid_xml)) + { + DBG1(DBG_IMV, "only ISO/IEC 19770-2-2015 XML " + "data model supported"); + continue; + } + + tag_str = strndup(tag.ptr, tag.len); + jstring = json_object_new_string(tag_str); + json_object_array_add(jarray, jstring); + free(tag_str); + } + e->destroy(e); + + if (this->rest_api->post(this->rest_api, + "swid/add-tags/", jobj, NULL) != SUCCESS) + { + DBG1(DBG_IMV, "error in REST API add-tags request"); + } + json_object_put(jobj); + } + } + else + { + DBG1(DBG_IMV, "no workitem found for SWID tag inventory " + "with request ID %d", request_id); + } + attr_cast->clear_inventory(attr_cast); + break; + } + case IETF_ATTR_SW_ID_EVENTS: + { + ietf_swima_attr_sw_ev_t *attr_cast; + uint32_t missing; + int sw_ev_count; + + state->set_action_flags(state, IMV_SWIMA_ATTR_SW_ID_EV); + + attr_cast = (ietf_swima_attr_sw_ev_t*)attr; + request_id = attr_cast->get_request_id(attr_cast); + events = attr_cast->get_events(attr_cast); + last_eid = events->get_eid(events, &eid_epoch, NULL); + sw_ev_count = events->get_count(events); + missing = attr_cast->get_event_count(attr_cast); + swima_state->set_missing(swima_state, missing); + + DBG2(DBG_IMV, "received software ID events with " + "%d item%s for request %d at last eid %d of epoch 0x%08x, " + "%d item%s to follow", sw_ev_count, + (sw_ev_count == 1) ? "" : "s", request_id, last_eid, + eid_epoch, missing, (missing == 1) ? "" : "s"); + + if (request_id == swima_state->get_request_id(swima_state)) + { + swima_state->set_events(swima_state, events); + swima_state->set_count(swima_state, sw_ev_count, 0, + in_msg->get_src_id(in_msg)); + } + else + { + DBG1(DBG_IMV, "no workitem found for software ID events " + "with request ID %d", request_id); + } + attr_cast->clear_events(attr_cast); + break; + + } + default: + break; + } + } + enumerator->destroy(enumerator); + + if (fatal_error) + { + state->set_recommendation(state, + TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION, + TNC_IMV_EVALUATION_RESULT_ERROR); + result = out_msg->send_assessment(out_msg); + if (result == TNC_RESULT_SUCCESS) + { + result = this->agent->provide_recommendation(this->agent, state); + } + } + else + { + /* send PA-TNC message with the EXCL flag set */ + result = out_msg->send(out_msg, TRUE); + } + out_msg->destroy(out_msg); + + return result; +} + +METHOD(imv_agent_if_t, receive_message, TNC_Result, + private_imv_swima_agent_t *this, TNC_ConnectionID id, + TNC_MessageType msg_type, chunk_t msg) +{ + imv_state_t *state; + imv_msg_t *in_msg; + TNC_Result result; + + if (!this->agent->get_state(this->agent, id, &state)) + { + return TNC_RESULT_FATAL; + } + in_msg = imv_msg_create_from_data(this->agent, state, id, msg_type, msg); + result = receive_msg(this, state, in_msg); + in_msg->destroy(in_msg); + + return result; +} + +METHOD(imv_agent_if_t, receive_message_long, TNC_Result, + private_imv_swima_agent_t *this, TNC_ConnectionID id, + TNC_UInt32 src_imc_id, TNC_UInt32 dst_imv_id, + TNC_VendorID msg_vid, TNC_MessageSubtype msg_subtype, chunk_t msg) +{ + imv_state_t *state; + imv_msg_t *in_msg; + TNC_Result result; + + if (!this->agent->get_state(this->agent, id, &state)) + { + return TNC_RESULT_FATAL; + } + in_msg = imv_msg_create_from_long_data(this->agent, state, id, + src_imc_id, dst_imv_id, msg_vid, msg_subtype, msg); + result = receive_msg(this, state, in_msg); + in_msg->destroy(in_msg); + + return result; + +} + +METHOD(imv_agent_if_t, batch_ending, TNC_Result, + private_imv_swima_agent_t *this, TNC_ConnectionID id) +{ + imv_msg_t *out_msg; + imv_state_t *state; + imv_session_t *session; + imv_workitem_t *workitem; + imv_swima_state_t *swima_state; + imv_swima_handshake_state_t handshake_state; + pa_tnc_attr_t *attr; + TNC_IMVID imv_id; + TNC_Result result = TNC_RESULT_SUCCESS; + bool no_workitems = TRUE; + uint32_t request_id, received; + uint8_t flags; + enumerator_t *enumerator; + + if (!this->agent->get_state(this->agent, id, &state)) + { + return TNC_RESULT_FATAL; + } + swima_state = (imv_swima_state_t*)state; + handshake_state = swima_state->get_handshake_state(swima_state); + session = state->get_session(state); + imv_id = this->agent->get_id(this->agent); + + if (handshake_state == IMV_SWIMA_STATE_END) + { + return TNC_RESULT_SUCCESS; + } + + /* Create an empty out message - we might need it */ + out_msg = imv_msg_create(this->agent, state, id, imv_id, + swima_state->get_imc_id(swima_state), + msg_types[0]); + + if (!imcv_db) + { + DBG2(DBG_IMV, "no workitems available - no evaluation possible"); + state->set_recommendation(state, + TNC_IMV_ACTION_RECOMMENDATION_ALLOW, + TNC_IMV_EVALUATION_RESULT_DONT_KNOW); + result = out_msg->send_assessment(out_msg); + out_msg->destroy(out_msg); + swima_state->set_handshake_state(swima_state, IMV_SWIMA_STATE_END); + + if (result != TNC_RESULT_SUCCESS) + { + return result; + } + return this->agent->provide_recommendation(this->agent, state); + } + + /* Look for SWID tag workitem and create SWID tag request */ + if (handshake_state == IMV_SWIMA_STATE_INIT && + session->get_policy_started(session)) + { + size_t max_attr_size = SWIMA_MAX_ATTR_SIZE; + size_t max_seg_size; + ietf_swima_attr_req_t *cast_attr; + seg_contract_t *contract; + seg_contract_manager_t *contracts; + swima_inventory_t *targets; + uint32_t earliest_eid = 0; + char buf[BUF_LEN]; + + enumerator = session->create_workitem_enumerator(session); + if (enumerator) + { + while (enumerator->enumerate(enumerator, &workitem)) + { + if (workitem->get_imv_id(workitem) != TNC_IMVID_ANY || + workitem->get_type(workitem) != IMV_WORKITEM_SWID_TAGS) + { + continue; + } + + flags = IETF_SWIMA_ATTR_REQ_FLAG_NONE; + if (strchr(workitem->get_arg_str(workitem), 'R')) + { + flags |= IETF_SWIMA_ATTR_REQ_FLAG_R; + } + if (strchr(workitem->get_arg_str(workitem), 'S')) + { + flags |= IETF_SWIMA_ATTR_REQ_FLAG_S; + } + if (strchr(workitem->get_arg_str(workitem), 'C')) + { + flags |= IETF_SWIMA_ATTR_REQ_FLAG_C; + } + earliest_eid = workitem->get_arg_int(workitem); + + /* Determine maximum PA-TNC attribute segment size */ + max_seg_size = state->get_max_msg_len(state) + - PA_TNC_HEADER_SIZE + - PA_TNC_ATTR_HEADER_SIZE + - TCG_SEG_ATTR_SEG_ENV_HEADER; + + /* Announce support of PA-TNC segmentation to IMC */ + contract = seg_contract_create(msg_types[0], max_attr_size, + max_seg_size, TRUE, imv_id, FALSE); + contract->get_info_string(contract, buf, BUF_LEN, TRUE); + DBG2(DBG_IMV, "%s", buf); + contracts = state->get_contracts(state); + contracts->add_contract(contracts, contract); + attr = tcg_seg_attr_max_size_create(max_attr_size, + max_seg_size, TRUE); + out_msg->add_attribute(out_msg, attr); + + /* Issue a SWID request */ + request_id = workitem->get_id(workitem); + swima_state->set_request_id(swima_state, request_id); + attr = ietf_swima_attr_req_create(flags, request_id); + + /* Request software identifier events */ + targets = swima_inventory_create(); + targets->set_eid(targets, earliest_eid, 0); + cast_attr = (ietf_swima_attr_req_t*)attr; + cast_attr->set_targets(cast_attr, targets); + targets->destroy(targets); + + out_msg->add_attribute(out_msg, attr); + workitem->set_imv_id(workitem, imv_id); + no_workitems = FALSE; + DBG2(DBG_IMV, "IMV %d issues sw request %d with earliest eid %d", + imv_id, request_id, earliest_eid); + break; + } + enumerator->destroy(enumerator); + + if (no_workitems) + { + DBG2(DBG_IMV, "IMV %d has no workitems - " + "no evaluation requested", imv_id); + state->set_recommendation(state, + TNC_IMV_ACTION_RECOMMENDATION_ALLOW, + TNC_IMV_EVALUATION_RESULT_DONT_KNOW); + } + handshake_state = IMV_SWIMA_STATE_WORKITEMS; + swima_state->set_handshake_state(swima_state, handshake_state); + } + } + + received = state->get_action_flags(state); + + if (handshake_state == IMV_SWIMA_STATE_WORKITEMS && + (received & (IMV_SWIMA_ATTR_SW_INV|IMV_SWIMA_ATTR_SW_ID_INV| + IMV_SWIMA_ATTR_SW_EV |IMV_SWIMA_ATTR_SW_ID_EV)) && + swima_state->get_missing(swima_state) == 0) + { + TNC_IMV_Evaluation_Result eval; + TNC_IMV_Action_Recommendation rec; + char result_str[BUF_LEN], *format = NULL, *cmd = NULL, *command; + char *target_str, *error_str = ""; + int sw_id_count, tag_count, i, res; + json_object *jrequest, *jresponse, *jvalue; + ietf_swima_attr_req_t *cast_attr; + swima_inventory_t *targets; + swima_record_t *target; + status_t status = SUCCESS; + + if (received & IMV_SWIMA_ATTR_SW_ID_INV) + { + cmd = "swid-measurement"; + format = "received inventory of %d SW ID%s and %d SWID tag%s"; + } + else if (received & IMV_SWIMA_ATTR_SW_ID_EV) + { + cmd = "swid-events"; + format = "received %d SW ID event%s and %d SWID tag%s"; + } + + if (cmd && this->rest_api) + { + res = asprintf(&command, "sessions/%d/%s/", + session->get_session_id(session, NULL, NULL), cmd); + if (res < 0) + { + error_str = "allocation of command string failed"; + status = FAILED; + } + else + { + jrequest = swima_state->get_jrequest(swima_state); + status = this->rest_api->post(this->rest_api, command, + jrequest, &jresponse); + if (status == FAILED) + { + error_str = "error in REST API request"; + } + free(command); + } + } + + switch (status) + { + case SUCCESS: + enumerator = session->create_workitem_enumerator(session); + while (enumerator->enumerate(enumerator, &workitem)) + { + if (workitem->get_type(workitem) == IMV_WORKITEM_SWID_TAGS) + { + swima_state->get_count(swima_state, &sw_id_count, + &tag_count); + if (format) + { + snprintf(result_str, BUF_LEN, format, + sw_id_count, (sw_id_count == 1) ? "" : "s", + tag_count, (tag_count == 1) ? "" : "s"); + } + else + { + snprintf(result_str, BUF_LEN, "received %d SWID tag" + "%s", tag_count, (tag_count == 1) ? "" : "s"); + + } + session->remove_workitem(session, enumerator); + + eval = TNC_IMV_EVALUATION_RESULT_COMPLIANT; + rec = workitem->set_result(workitem, result_str, eval); + state->update_recommendation(state, rec, eval); + imcv_db->finalize_workitem(imcv_db, workitem); + workitem->destroy(workitem); + break; + } + } + enumerator->destroy(enumerator); + break; + case NEED_MORE: + if (received & IMV_SWIMA_ATTR_SW_INV) + { + error_str = "not all requested SWID tags were received"; + status = FAILED; + json_object_put(jresponse); + break; + } + if (json_object_get_type(jresponse) != json_type_array) + { + error_str = "response was not a json_array"; + status = FAILED; + json_object_put(jresponse); + break; + } + + /* Create an IETF SW Request attribute */ + attr = ietf_swima_attr_req_create(IETF_SWIMA_ATTR_REQ_FLAG_NONE, + swima_state->get_request_id(swima_state)); + sw_id_count = json_object_array_length(jresponse); + DBG1(DBG_IMV, "%d SWID tag target%s", sw_id_count, + (sw_id_count == 1) ? "" : "s"); + swima_state->set_missing(swima_state, sw_id_count); + targets = swima_inventory_create(); + + for (i = 0; i < sw_id_count; i++) + { + jvalue = json_object_array_get_idx(jresponse, i); + if (json_object_get_type(jvalue) != json_type_string) + { + error_str = "json_string element expected in json_array"; + status = FAILED; + json_object_put(jresponse); + break; + } + target_str = (char*)json_object_get_string(jvalue); + DBG1(DBG_IMV, " %s", target_str); + target = swima_record_create(0, chunk_from_str(target_str), + chunk_empty); + targets->add(targets, target); + } + json_object_put(jresponse); + + cast_attr = (ietf_swima_attr_req_t*)attr; + cast_attr->set_targets(cast_attr, targets); + targets->destroy(targets); + out_msg->add_attribute(out_msg, attr); + break; + case FAILED: + default: + break; + } + + if (status == FAILED) + { + enumerator = session->create_workitem_enumerator(session); + while (enumerator->enumerate(enumerator, &workitem)) + { + if (workitem->get_type(workitem) == IMV_WORKITEM_SWID_TAGS) + { + session->remove_workitem(session, enumerator); + eval = TNC_IMV_EVALUATION_RESULT_ERROR; + rec = workitem->set_result(workitem, error_str, eval); + state->update_recommendation(state, rec, eval); + imcv_db->finalize_workitem(imcv_db, workitem); + workitem->destroy(workitem); + break; + } + } + enumerator->destroy(enumerator); + } + } + + /* finalized all workitems ? */ + if (handshake_state == IMV_SWIMA_STATE_WORKITEMS && + session->get_workitem_count(session, imv_id) == 0) + { + result = out_msg->send_assessment(out_msg); + out_msg->destroy(out_msg); + swima_state->set_handshake_state(swima_state, IMV_SWIMA_STATE_END); + + if (result != TNC_RESULT_SUCCESS) + { + return result; + } + return this->agent->provide_recommendation(this->agent, state); + } + + /* send non-empty PA-TNC message with excl flag not set */ + if (out_msg->get_attribute_count(out_msg)) + { + result = out_msg->send(out_msg, FALSE); + } + out_msg->destroy(out_msg); + + return result; +} + +METHOD(imv_agent_if_t, solicit_recommendation, TNC_Result, + private_imv_swima_agent_t *this, TNC_ConnectionID id) +{ + imv_state_t *state; + + if (!this->agent->get_state(this->agent, id, &state)) + { + return TNC_RESULT_FATAL; + } + return this->agent->provide_recommendation(this->agent, state); +} + +METHOD(imv_agent_if_t, destroy, void, + private_imv_swima_agent_t *this) +{ + DESTROY_IF(this->rest_api); + this->agent->destroy(this->agent); + free(this); +} + +/** + * Described in header. + */ +imv_agent_if_t *imv_swima_agent_create(const char *name, TNC_IMVID id, + TNC_Version *actual_version) +{ + private_imv_swima_agent_t *this; + imv_agent_t *agent; + char *uri; + u_int timeout; + + agent = imv_agent_create(name, msg_types, countof(msg_types), id, + actual_version); + if (!agent) + { + return NULL; + } + agent->add_non_fatal_attr_type(agent, + pen_type_create(PEN_TCG, TCG_SEG_MAX_ATTR_SIZE_REQ)); + + INIT(this, + .public = { + .bind_functions = _bind_functions, + .notify_connection_change = _notify_connection_change, + .receive_message = _receive_message, + .receive_message_long = _receive_message_long, + .batch_ending = _batch_ending, + .solicit_recommendation = _solicit_recommendation, + .destroy = _destroy, + }, + .agent = agent, + ); + + uri = lib->settings->get_str(lib->settings, + "%s.plugins.imv-swima.rest_api.uri", NULL, lib->ns); + timeout = lib->settings->get_int(lib->settings, + "%s.plugins.imv-swima.rest_api.timeout", 120, lib->ns); + if (uri) + { + this->rest_api = rest_create(uri, timeout); + } + + return &this->public; +} + diff --git a/src/libimcv/plugins/imv_swima/imv_swima_agent.h b/src/libimcv/plugins/imv_swima/imv_swima_agent.h new file mode 100644 index 000000000..d07c774dc --- /dev/null +++ b/src/libimcv/plugins/imv_swima/imv_swima_agent.h @@ -0,0 +1,36 @@ +/* + * Copyright (C) 2017 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup imv_swima_agent_t imv_swima_agent + * @{ @ingroup imv_swima + */ + +#ifndef IMV_SWIMA_AGENT_H_ +#define IMV_SWIMA_AGENT_H_ + +#include + +/** + * Creates an SWID IMV agent + * + * @param name Name of the IMV + * @param id ID of the IMV + * @param actual_version TNC IF-IMV version + */ +imv_agent_if_t* imv_swima_agent_create(const char* name, TNC_IMVID id, + TNC_Version *actual_version); + +#endif /** IMV_SWIMA_AGENT_H_ @}*/ diff --git a/src/libimcv/plugins/imv_swima/imv_swima_state.c b/src/libimcv/plugins/imv_swima/imv_swima_state.c new file mode 100644 index 000000000..03500bc2d --- /dev/null +++ b/src/libimcv/plugins/imv_swima/imv_swima_state.c @@ -0,0 +1,483 @@ +/* + * Copyright (C) 2017 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "imv_swima_state.h" + +#include +#include +#include + +#include + +#include + +typedef struct private_imv_swima_state_t private_imv_swima_state_t; + +/** + * Private data of an imv_swima_state_t object. + */ +struct private_imv_swima_state_t { + + /** + * Public members of imv_swima_state_t + */ + imv_swima_state_t public; + + /** + * TNCCS connection ID + */ + TNC_ConnectionID connection_id; + + /** + * TNCCS connection state + */ + TNC_ConnectionState state; + + /** + * Does the TNCCS connection support long message types? + */ + bool has_long; + + /** + * Does the TNCCS connection support exclusive delivery? + */ + bool has_excl; + + /** + * Maximum PA-TNC message size for this TNCCS connection + */ + uint32_t max_msg_len; + + /** + * Flags set for completed actions + */ + uint32_t action_flags; + + /** + * IMV database session associated with TNCCS connection + */ + imv_session_t *session; + + /** + * PA-TNC attribute segmentation contracts associated with TNCCS connection + */ + seg_contract_manager_t *contracts; + + /** + * IMV action recommendation + */ + TNC_IMV_Action_Recommendation rec; + + /** + * IMV evaluation result + */ + TNC_IMV_Evaluation_Result eval; + + /** + * IMV Scanner handshake state + */ + imv_swima_handshake_state_t handshake_state; + + /** + * TNC Reason String + */ + imv_reason_string_t *reason_string; + + /** + * IETF Remediation Instructions String + */ + imv_remediation_string_t *remediation_string; + + /** + * SWID Tag Request ID + */ + uint32_t request_id; + + /** + * Number of processed Software Identifiers + */ + int sw_id_count; + + /** + * Number of processed SWID Tags + */ + int tag_count; + + /** + * Number of missing Software Identifiers or SWID Tags + */ + uint32_t missing; + + /** + * SWID IMC ID + */ + TNC_UInt32 imc_id; + + /** + * Top level JSON object + */ + json_object *jobj; + + /** + * JSON array containing either a SW [ID] inventory or SW ID events + */ + json_object *jarray; + +}; + +METHOD(imv_state_t, get_connection_id, TNC_ConnectionID, + private_imv_swima_state_t *this) +{ + return this->connection_id; +} + +METHOD(imv_state_t, has_long, bool, + private_imv_swima_state_t *this) +{ + return this->has_long; +} + +METHOD(imv_state_t, has_excl, bool, + private_imv_swima_state_t *this) +{ + return this->has_excl; +} + +METHOD(imv_state_t, set_flags, void, + private_imv_swima_state_t *this, bool has_long, bool has_excl) +{ + this->has_long = has_long; + this->has_excl = has_excl; +} + +METHOD(imv_state_t, set_max_msg_len, void, + private_imv_swima_state_t *this, uint32_t max_msg_len) +{ + this->max_msg_len = max_msg_len; +} + +METHOD(imv_state_t, get_max_msg_len, uint32_t, + private_imv_swima_state_t *this) +{ + return this->max_msg_len; +} + +METHOD(imv_state_t, set_action_flags, void, + private_imv_swima_state_t *this, uint32_t flags) +{ + this->action_flags |= flags; +} + +METHOD(imv_state_t, get_action_flags, uint32_t, + private_imv_swima_state_t *this) +{ + return this->action_flags; +} + +METHOD(imv_state_t, set_session, void, + private_imv_swima_state_t *this, imv_session_t *session) +{ + this->session = session; +} + +METHOD(imv_state_t, get_session, imv_session_t*, + private_imv_swima_state_t *this) +{ + return this->session; +} + +METHOD(imv_state_t, get_contracts, seg_contract_manager_t*, + private_imv_swima_state_t *this) +{ + return this->contracts; +} + +METHOD(imv_state_t, change_state, void, + private_imv_swima_state_t *this, TNC_ConnectionState new_state) +{ + this->state = new_state; +} + +METHOD(imv_state_t, get_recommendation, void, + private_imv_swima_state_t *this, TNC_IMV_Action_Recommendation *rec, + TNC_IMV_Evaluation_Result *eval) +{ + *rec = this->rec; + *eval = this->eval; +} + +METHOD(imv_state_t, set_recommendation, void, + private_imv_swima_state_t *this, TNC_IMV_Action_Recommendation rec, + TNC_IMV_Evaluation_Result eval) +{ + this->rec = rec; + this->eval = eval; +} + +METHOD(imv_state_t, update_recommendation, void, + private_imv_swima_state_t *this, TNC_IMV_Action_Recommendation rec, + TNC_IMV_Evaluation_Result eval) +{ + this->rec = tncif_policy_update_recommendation(this->rec, rec); + this->eval = tncif_policy_update_evaluation(this->eval, eval); +} + +METHOD(imv_state_t, get_reason_string, bool, + private_imv_swima_state_t *this, enumerator_t *language_enumerator, + chunk_t *reason_string, char **reason_language) +{ + return FALSE; +} + +METHOD(imv_state_t, get_remediation_instructions, bool, + private_imv_swima_state_t *this, enumerator_t *language_enumerator, + chunk_t *string, char **lang_code, char **uri) +{ + return FALSE; +} + +METHOD(imv_state_t, destroy, void, + private_imv_swima_state_t *this) +{ + json_object_put(this->jobj); + DESTROY_IF(this->session); + DESTROY_IF(this->reason_string); + DESTROY_IF(this->remediation_string); + this->contracts->destroy(this->contracts); + free(this); +} + +METHOD(imv_swima_state_t, set_handshake_state, void, + private_imv_swima_state_t *this, imv_swima_handshake_state_t new_state) +{ + this->handshake_state = new_state; +} + +METHOD(imv_swima_state_t, get_handshake_state, imv_swima_handshake_state_t, + private_imv_swima_state_t *this) +{ + return this->handshake_state; +} + +METHOD(imv_swima_state_t, set_request_id, void, + private_imv_swima_state_t *this, uint32_t request_id) +{ + this->request_id = request_id; +} + +METHOD(imv_swima_state_t, get_request_id, uint32_t, + private_imv_swima_state_t *this) +{ + return this->request_id; +} + +METHOD(imv_swima_state_t, set_inventory, void, + private_imv_swima_state_t *this, swima_inventory_t *inventory) +{ + chunk_t sw_id, sw_locator; + uint32_t record_id; + char *sw_id_str; + json_object *jstring; + swima_record_t *sw_record; + enumerator_t *enumerator; + + if (this->sw_id_count == 0) + { + this->jarray = json_object_new_array(); + json_object_object_add(this->jobj, "data", this->jarray); + } + + enumerator = inventory->create_enumerator(inventory); + while (enumerator->enumerate(enumerator, &sw_record)) + { + record_id = sw_record->get_record_id(sw_record); + sw_id = sw_record->get_sw_id(sw_record, &sw_locator); + sw_id_str = strndup(sw_id.ptr, sw_id.len); + if (sw_locator.len) + { + DBG3(DBG_IMV, "%6u: %s @ %.*s", record_id, sw_id_str, + sw_locator.len, sw_locator.ptr); + } + else + { + DBG3(DBG_IMV, "%6u: %s", record_id, sw_id_str); + } + + /* Add software identity to JSON array */ + jstring = json_object_new_string(sw_id_str); + json_object_array_add(this->jarray, jstring); + free(sw_id_str); + } + enumerator->destroy(enumerator); +} + +METHOD(imv_swima_state_t, set_events, void, + private_imv_swima_state_t *this, swima_events_t *events) +{ + chunk_t sw_id, timestamp; + uint32_t record_id, eid, last_eid, epoch, source_id, action; + char *sw_id_str, *timestamp_str; + json_object *jevent, *jvalue, *jstring; + swima_event_t *sw_event; + swima_record_t *sw_record; + enumerator_t *enumerator; + + if (this->sw_id_count == 0) + { + last_eid = events->get_eid(events, &epoch, NULL); + jvalue = json_object_new_int(epoch); + json_object_object_add(this->jobj, "epoch", jvalue); + jvalue = json_object_new_int(last_eid); + json_object_object_add(this->jobj, "lastEid", jvalue); + this->jarray = json_object_new_array(); + json_object_object_add(this->jobj, "events", this->jarray); + } + + enumerator = events->create_enumerator(events); + while (enumerator->enumerate(enumerator, &sw_event)) + { + eid = sw_event->get_eid(sw_event, ×tamp); + timestamp_str = strndup(timestamp.ptr, timestamp.len); + action = sw_event->get_action(sw_event); + sw_record = sw_event->get_sw_record(sw_event); + record_id = sw_record->get_record_id(sw_record); + source_id = sw_record->get_source_id(sw_record); + sw_id = sw_record->get_sw_id(sw_record, NULL); + sw_id_str = strndup(sw_id.ptr, sw_id.len); + DBG3(DBG_IMV, "%3u %.*s %u %5u: %s", eid, timestamp.len, timestamp.ptr, + action, record_id, sw_id_str); + + /* Add software event to JSON array */ + jevent = json_object_new_object(); + jvalue = json_object_new_int(eid); + json_object_object_add(jevent, "eid", jvalue); + jstring = json_object_new_string(timestamp_str); + json_object_object_add(jevent, "timestamp", jstring); + jvalue = json_object_new_int(record_id); + json_object_object_add(jevent, "recordId", jvalue); + jvalue = json_object_new_int(source_id); + json_object_object_add(jevent, "sourceId", jvalue); + jvalue = json_object_new_int(action); + json_object_object_add(jevent, "action", jvalue); + jstring = json_object_new_string(sw_id_str); + json_object_object_add(jevent, "softwareId", jstring); + json_object_array_add(this->jarray, jevent); + free(timestamp_str); + free(sw_id_str); + } + enumerator->destroy(enumerator); +} + +METHOD(imv_swima_state_t, get_jrequest, json_object*, + private_imv_swima_state_t *this) +{ + return this->jobj; +} + +METHOD(imv_swima_state_t, set_missing, void, + private_imv_swima_state_t *this, uint32_t count) +{ + this->missing = count; +} + +METHOD(imv_swima_state_t, get_missing, uint32_t, + private_imv_swima_state_t *this) +{ + return this->missing; +} + +METHOD(imv_swima_state_t, set_count, void, + private_imv_swima_state_t *this, int sw_id_count, int tag_count, + TNC_UInt32 imc_id) +{ + this->sw_id_count += sw_id_count; + this->tag_count += tag_count; + this->imc_id = imc_id; +} + +METHOD(imv_swima_state_t, get_count, void, + private_imv_swima_state_t *this, int *sw_id_count, int *tag_count) +{ + if (sw_id_count) + { + *sw_id_count = this->sw_id_count; + } + if (tag_count) + { + *tag_count = this->tag_count; + } +} + +METHOD(imv_swima_state_t, get_imc_id, TNC_UInt32, + private_imv_swima_state_t *this) +{ + return this->imc_id; +} + +/** + * Described in header. + */ +imv_state_t *imv_swima_state_create(TNC_ConnectionID connection_id) +{ + private_imv_swima_state_t *this; + + INIT(this, + .public = { + .interface = { + .get_connection_id = _get_connection_id, + .has_long = _has_long, + .has_excl = _has_excl, + .set_flags = _set_flags, + .set_max_msg_len = _set_max_msg_len, + .get_max_msg_len = _get_max_msg_len, + .set_action_flags = _set_action_flags, + .get_action_flags = _get_action_flags, + .set_session = _set_session, + .get_session= _get_session, + .get_contracts = _get_contracts, + .change_state = _change_state, + .get_recommendation = _get_recommendation, + .set_recommendation = _set_recommendation, + .update_recommendation = _update_recommendation, + .get_reason_string = _get_reason_string, + .get_remediation_instructions = _get_remediation_instructions, + .destroy = _destroy, + }, + .set_handshake_state = _set_handshake_state, + .get_handshake_state = _get_handshake_state, + .set_request_id = _set_request_id, + .get_request_id = _get_request_id, + .set_inventory = _set_inventory, + .set_events = _set_events, + .get_jrequest = _get_jrequest, + .set_missing = _set_missing, + .get_missing = _get_missing, + .set_count = _set_count, + .get_count = _get_count, + .get_imc_id = _get_imc_id, + }, + .state = TNC_CONNECTION_STATE_CREATE, + .rec = TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION, + .eval = TNC_IMV_EVALUATION_RESULT_DONT_KNOW, + .connection_id = connection_id, + .contracts = seg_contract_manager_create(), + .imc_id = TNC_IMCID_ANY, + .jobj = json_object_new_object(), + ); + + return &this->public.interface; +} + + diff --git a/src/libimcv/plugins/imv_swima/imv_swima_state.h b/src/libimcv/plugins/imv_swima/imv_swima_state.h new file mode 100644 index 000000000..4fa32daf4 --- /dev/null +++ b/src/libimcv/plugins/imv_swima/imv_swima_state.h @@ -0,0 +1,153 @@ +/* + * Copyright (C) 2017 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup imv_swima imv_swima + * @ingroup libimcv_plugins + * + * @defgroup imv_swima_state_t imv_swima_state + * @{ @ingroup imv_swima + */ + +#ifndef IMV_SWIMA_STATE_H_ +#define IMV_SWIMA_STATE_H_ + +#include +#include +#include +#include + +#include + +typedef struct imv_swima_state_t imv_swima_state_t; +typedef enum imv_swima_handshake_state_t imv_swima_handshake_state_t; + +/** + * IMV OS Handshake States (state machine) + */ +enum imv_swima_handshake_state_t { + IMV_SWIMA_STATE_INIT, + IMV_SWIMA_STATE_WORKITEMS, + IMV_SWIMA_STATE_END +}; + +/** + * Internal state of an imv_swima_t connection instance + */ +struct imv_swima_state_t { + + /** + * imv_state_t interface + */ + imv_state_t interface; + + /** + * Set state of the handshake + * + * @param new_state the handshake state of IMV + */ + void (*set_handshake_state)(imv_swima_state_t *this, + imv_swima_handshake_state_t new_state); + + /** + * Get state of the handshake + * + * @return the handshake state of IMV + */ + imv_swima_handshake_state_t (*get_handshake_state)(imv_swima_state_t *this); + + /** + * Set the SWID request ID + * + * @param request_id SWID request ID to be set + */ + void (*set_request_id)(imv_swima_state_t *this, uint32_t request_id); + + /** + * Get the SWID request ID + * + * @return SWID request ID + */ + uint32_t (*get_request_id)(imv_swima_state_t *this); + + /** + * Set or extend the SW ID inventory in the state + * + * @param inventory SW ID inventory to be added + */ + void (*set_inventory)(imv_swima_state_t *this, swima_inventory_t *inventory); + + /** + * Set or extend the SW ID events in the state + * + * @param events SW ID events to be added + */ + void (*set_events)(imv_swima_state_t *this, swima_events_t *events); + + /** + * Get the JSON encoding of the complete SW ID inventory or SW ID events + * + * @return JSON encoding + */ + json_object* (*get_jrequest)(imv_swima_state_t *this); + + /** + * Set the number of still missing SW [ID] records or envents + * + * @param count Number of missing SW [ID] records or envents + */ + void (*set_missing)(imv_swima_state_t *this, uint32_t count); + + /** + * Get the number of still missing SWID Tags or Tag IDs + * + * @result Number of missing SWID Tags or Tag IDs + */ + uint32_t (*get_missing)(imv_swima_state_t *this); + + /** + * Set [or with multiple attributes increment] SWID Tag [ID] counters + * + * @param tag_id_count Number of received SWID Tag IDs + * @param tag_count Number of received SWID Tags + * @param imc_id SWID IMC ID + */ + void (*set_count)(imv_swima_state_t *this, int tag_id_count, int tag_count, + TNC_UInt32 imc_id); + + /** + * Set [or with multiple attributes increment] SWID Tag [ID] counters + * + * @param tag_id_count Number of received SWID Tag IDs + * @param tag_count Number of received SWID Tags + */ + void (*get_count)(imv_swima_state_t *this, int *tag_id_count, int *tag_count); + + /** + * Get SWID IMC ID + * + * @return SWID IMC ID + */ + TNC_UInt32 (*get_imc_id)(imv_swima_state_t *this); +}; + +/** + * Create an imv_swima_state_t instance + * + * @param id connection ID + */ +imv_state_t* imv_swima_state_create(TNC_ConnectionID id); + +#endif /** IMV_SWIMA_STATE_H_ @}*/ diff --git a/src/libimcv/plugins/imv_test/Makefile.in b/src/libimcv/plugins/imv_test/Makefile.in index 9aebfef67..8a6b9ed15 100644 --- a/src/libimcv/plugins/imv_test/Makefile.in +++ b/src/libimcv/plugins/imv_test/Makefile.in @@ -309,8 +309,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -411,6 +409,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -439,6 +439,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libimcv/pts/components/ita/ita_comp_ima.c b/src/libimcv/pts/components/ita/ita_comp_ima.c index 448ca9ffb..9ba72d01d 100644 --- a/src/libimcv/pts/components/ita/ita_comp_ima.c +++ b/src/libimcv/pts/components/ita/ita_comp_ima.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2011-2014 Andreas Steffen + * Copyright (C) 2011-2017 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -667,7 +667,8 @@ METHOD(pts_component_t, verify, status_t, case IMA_STATE_RUNTIME: { uint8_t hash_buf[HASH_SIZE_SHA512]; - chunk_t digest, hash; + uint8_t digest_buf[HASH_SIZE_SHA512], *hex_digest_buf; + chunk_t hex_digest, digest, hash; enumerator_t *e; this->count++; @@ -685,8 +686,10 @@ METHOD(pts_component_t, verify, status_t, hash_algo, ima_name); if (e) { - while (e->enumerate(e, &digest)) + while (e->enumerate(e, &hex_digest_buf)) { + hex_digest = chunk_from_str(hex_digest_buf); + digest = chunk_from_hex(hex_digest, digest_buf); if (!ima_hash(digest, ima_algo, ima_name, FALSE, algo, hash_buf)) { diff --git a/src/libimcv/pts/pts_database.c b/src/libimcv/pts/pts_database.c index 1a4c4212d..4a47b06f0 100644 --- a/src/libimcv/pts/pts_database.c +++ b/src/libimcv/pts/pts_database.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2011-2012 Sansar Choinyambuu - * Copyright (C) 2012-2014 Andreas Steffen + * Copyright (C) 2012-2017 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -104,17 +104,19 @@ METHOD(pts_database_t, create_file_hash_enumerator, enumerator_t*, "SELECT f.id, f.name, fh.hash FROM file_hashes AS fh " "JOIN files AS f ON f.id = fh.file " "JOIN directories as d ON d.id = f.dir " - "WHERE fh.product = ? AND fh.algo = ? AND d.id = ? " + "JOIN versions as v ON v.id = fh.version " + "WHERE v.product = ? AND fh.algo = ? AND d.id = ? " "ORDER BY f.name", - DB_INT, pid, DB_INT, algo, DB_INT, id, DB_INT, DB_TEXT, DB_BLOB); + DB_INT, pid, DB_INT, algo, DB_INT, id, DB_INT, DB_TEXT, DB_TEXT); } else { e = this->db->query(this->db, "SELECT f.id, f.name, fh.hash FROM file_hashes AS fh " "JOIN files AS f ON f.id = fh.file " - "WHERE fh.product = ? AND fh.algo = ? AND fh.file = ?", - DB_INT, pid, DB_INT, algo, DB_INT, id, DB_INT, DB_TEXT, DB_BLOB); + "JOIN versions AS v ON v.id = fh.version " + "WHERE v.product = ? AND fh.algo = ? AND fh.file = ?", + DB_INT, pid, DB_INT, algo, DB_INT, id, DB_INT, DB_TEXT, DB_TEXT); } return e; } @@ -179,7 +181,8 @@ METHOD(pts_database_t, add_file_measurement, status_t, /* does hash measurement value already exist? */ e = this->db->query(this->db, "SELECT fh.id, fh.hash FROM file_hashes AS fh " - "WHERE fh.product = ? AND fh.algo = ? AND fh.file = ?", + "JOIN versions AS v ON v.id = fh.version " + "WHERE v.product = ? AND fh.algo = ? AND fh.file = ?", DB_INT, pid, DB_INT, algo, DB_INT, fid, DB_INT, DB_BLOB); if (!e) { @@ -235,8 +238,10 @@ METHOD(pts_database_t, create_file_meas_enumerator, enumerator_t*, e = this->db->query(this->db, "SELECT fh.hash FROM file_hashes AS fh " "JOIN files AS f ON f.id = fh.file " - "WHERE fh.product = ? AND f.name = ? AND fh.algo = ?", - DB_INT, pid, DB_TEXT, file, DB_INT, algo, DB_BLOB); + "JOIN versions AS v ON v.id = fh.version " + "WHERE v.product = ? AND f.name = ? AND fh.algo = ? " + "ORDER BY v.time DESC", + DB_INT, pid, DB_TEXT, file, DB_INT, algo, DB_TEXT); } else { /* absolute pathname */ @@ -256,8 +261,10 @@ METHOD(pts_database_t, create_file_meas_enumerator, enumerator_t*, e = this->db->query(this->db, "SELECT fh.hash FROM file_hashes AS fh " "JOIN files AS f ON f.id = fh.file " - "WHERE fh.product = ? AND f.dir = ? AND f.name = ? AND fh.algo = ?", - DB_INT, pid, DB_INT, did, DB_TEXT, file, DB_INT, algo, DB_BLOB); + "JOIN versions AS v ON v.id = fh.version " + "WHERE v.product = ? AND f.dir = ? AND f.name = ? AND fh.algo = ? " + "ORDER BY v.time DESC", + DB_INT, pid, DB_INT, did, DB_TEXT, file, DB_INT, algo, DB_TEXT); } err: diff --git a/src/libimcv/rest/rest.c b/src/libimcv/rest/rest.c new file mode 100644 index 000000000..531da090e --- /dev/null +++ b/src/libimcv/rest/rest.c @@ -0,0 +1,167 @@ +/* + * Copyright (C) 2017 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#ifdef USE_JSON + +#define _GNU_SOURCE +#include + +#include "rest.h" + +typedef struct private_rest_t private_rest_t; + +/** + * Private data of an rest_t object. + */ +struct private_rest_t { + + /** + * Public members of rest_t + */ + rest_t public; + + /** + * URI of REST API + */ + char *uri; + + /** + * Timeout of REST API connection + */ + u_int timeout; + +}; + +METHOD(rest_t, get, status_t, + private_rest_t *this, char *command, json_object **jresponse) +{ + struct json_tokener *tokener; + chunk_t response = chunk_empty; + status_t status; + char *uri; + + if (asprintf(&uri, "%s%s",this->uri, command) < 0) + { + return FAILED; + } + + status = lib->fetcher->fetch(lib->fetcher, uri, &response, + FETCH_TIMEOUT, this->timeout, + FETCH_END); + free(uri); + + if (status == SUCCESS && jresponse) + { + /* Parse HTTP response into a JSON object */ + tokener = json_tokener_new(); + *jresponse = json_tokener_parse_ex(tokener, response.ptr, response.len); + json_tokener_free(tokener); + } + free(response.ptr); + + return status; +} + +#define HTTP_STATUS_CODE_NOT_FOUND 404 +#define HTTP_STATUS_CODE_PRECONDITION_FAILED 412 + +METHOD(rest_t, post, status_t, + private_rest_t *this, char *command, json_object *jrequest, + json_object **jresponse) +{ + struct json_tokener *tokener; + chunk_t data, response = chunk_empty; + status_t status; + char *uri; + int code; + + if (asprintf(&uri, "%s%s",this->uri, command) < 0) + { + return FAILED; + } + data = chunk_from_str((char*)json_object_to_json_string(jrequest)); + + status = lib->fetcher->fetch(lib->fetcher, uri, &response, + FETCH_TIMEOUT, this->timeout, + FETCH_REQUEST_DATA, data, + FETCH_REQUEST_TYPE, "application/json; charset=utf-8", + FETCH_REQUEST_HEADER, "Accept: application/json", + FETCH_REQUEST_HEADER, "Expect:", + FETCH_RESPONSE_CODE, &code, + FETCH_END); + free(uri); + + if (status != SUCCESS) + { + switch (code) + { + case HTTP_STATUS_CODE_NOT_FOUND: + status = NOT_FOUND; + break; + case HTTP_STATUS_CODE_PRECONDITION_FAILED: + if (!response.ptr) + { + return FAILED; + } + if (jresponse) + { + /* Parse HTTP response into a JSON object */ + tokener = json_tokener_new(); + *jresponse = json_tokener_parse_ex(tokener, response.ptr, + response.len); + json_tokener_free(tokener); + } + status = NEED_MORE; + break; + default: + DBG2(DBG_IMV, "REST http request failed with status code: %d", + code); + status = FAILED; + break; + } + } + free(response.ptr); + + return status; +} + +METHOD(rest_t, destroy, void, + private_rest_t *this) +{ + free(this->uri); + free(this); +} + +/** + * Described in header. + */ +rest_t *rest_create(char *uri, u_int timeout) +{ + private_rest_t *this; + + INIT(this, + .public = { + .get = _get, + .post = _post, + .destroy = _destroy, + }, + .uri = strdup(uri), + .timeout = timeout, + ); + + return &this->public; +} + +#endif /* USE_JSON */ diff --git a/src/libimcv/rest/rest.h b/src/libimcv/rest/rest.h new file mode 100644 index 000000000..bddb881b8 --- /dev/null +++ b/src/libimcv/rest/rest.h @@ -0,0 +1,74 @@ +/* + * Copyright (C) 2017 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup imv_swima imv_swima + * @ingroup libimcv_plugins + * + * @defgroup rest_t rest + * @{ @ingroup imv_swima + */ + +#ifndef REST_H_ +#define REST_H_ + +#ifdef USE_JSON + +#include +#include + +typedef struct rest_t rest_t; + +/** + * Public REST interface + */ +struct rest_t { + + /** + * Send an HTTP GET request returning a JSON object + * + * @param jresp JSON object in HTTP + * @return Status (SUCCESS or FAILED) + */ + status_t (*get)(rest_t *this, char *command, json_object **jresp); + + /** + * Send an HTTP POST request including a JSON object + * + * @param jreq JSON object in HTTP request + * @param jresp JSON object in HTTP response if NEED_MORE + * @return Status (SUCCESS, NEED_MORE or FAILED) + */ + status_t (*post)(rest_t *this, char *command, json_object *jreq, + json_object **jresp); + + /** + * Destroy rest_t object + */ + void (*destroy)(rest_t *this); + +}; + +/** + * Create an rest_t instance + * + * @param uri REST URI (http://username:password@hostname[:port]/api/) + * @param timeout Timeout of the REST connection + */ +rest_t* rest_create(char *uri, u_int timeout); + +#endif /* USE_JSON */ + +#endif /** REST_H_ @}*/ diff --git a/src/libimcv/suites/test_imcv_swima.c b/src/libimcv/suites/test_imcv_swima.c new file mode 100644 index 000000000..c54669d1d --- /dev/null +++ b/src/libimcv/suites/test_imcv_swima.c @@ -0,0 +1,1117 @@ +/* + * Copyright (C) 2017 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "test_suite.h" + +#include "swima/swima_record.h" +#include "swima/swima_data_model.h" +#include "swima/swima_inventory.h" +#include "swima/swima_event.h" +#include "swima/swima_events.h" +#include "swima/swima_collector.h" +#include "ietf/swima/ietf_swima_attr_req.h" +#include "ietf/swima/ietf_swima_attr_sw_inv.h" +#include "ietf/swima/ietf_swima_attr_sw_ev.h" + +static pen_type_t ita_data_model = { PEN_ITA, 0x19 }; + +static char* sw_id_str[] = { + "strongswan.org_strongSwan_5.3.3", + "strongswan.org_62251aa6-1a01-479b-aea6-f3dcf0ab1f1a" +}; +static char sw_locator_str[] = "/usr/share/strongswan"; + +static char* sw_record_str[] = { + "", + "" +}; + +START_TEST(test_imcv_swima_record) +{ + chunk_t sw_id, sw_locator, locator; + swima_record_t *sw_record, *sw_record_cp; + uint32_t record_id = 1; + uint8_t source_id = 2; + chunk_t record = chunk_from_str(sw_record_str[0]); + + sw_id = chunk_from_str(sw_id_str[0]); + sw_locator = chunk_from_str(sw_locator_str); + + /* Software Identity with Software Locator */ + sw_record = swima_record_create(record_id, sw_id, sw_locator), + ck_assert(sw_record); + sw_record_cp = sw_record->get_ref(sw_record); + + ck_assert(record_id == sw_record->get_record_id(sw_record)); + ck_assert_chunk_eq(sw_id, sw_record->get_sw_id(sw_record, NULL)); + ck_assert_chunk_eq(sw_id, sw_record->get_sw_id(sw_record, &locator)); + ck_assert_chunk_eq(locator, sw_locator); + + sw_record->set_data_model(sw_record, ita_data_model); + ck_assert(pen_type_equals(sw_record->get_data_model(sw_record), + ita_data_model)); + + sw_record->set_source_id(sw_record, source_id); + ck_assert(source_id == sw_record->get_source_id(sw_record)); + + sw_record->set_record(sw_record, record); + ck_assert_chunk_eq(record, sw_record->get_record(sw_record)); + + sw_record->destroy(sw_record); + sw_record_cp->destroy(sw_record); + + /* Software Identity without Software Locator */ + sw_record = swima_record_create(record_id, sw_id, chunk_empty), + ck_assert(sw_record); + ck_assert_chunk_eq(sw_id, sw_record->get_sw_id(sw_record, &locator)); + ck_assert(locator.ptr == NULL && locator.len == 0); + + ck_assert(pen_type_equals(swima_data_model_iso_2015_swid_xml, + sw_record->get_data_model(sw_record))); + + sw_record->destroy(sw_record); +} +END_TEST + +typedef struct req_data_t req_data_t; + +struct req_data_t { + uint8_t flags; + uint32_t request_id; + uint32_t earliest_eid; + uint32_t sw_id_count; + chunk_t value; +}; + +static req_data_t req_data[] = { + { IETF_SWIMA_ATTR_REQ_FLAG_NONE, 1, 0, 0, chunk_from_chars( + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, + 0x00, 0x00) + }, + { IETF_SWIMA_ATTR_REQ_FLAG_R, 2, 15, 1, chunk_from_chars( + 0x20, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, + 0x00, 0x0F, 0x00, 0x1f, 0x73, 0x74, 0x72, 0x6f, 0x6e, 0x67, + 0x73, 0x77, 0x61, 0x6e, 0x2e, 0x6f, 0x72, 0x67, 0x5f, 0x73, + 0x74, 0x72, 0x6f, 0x6e, 0x67, 0x53, 0x77, 0x61, 0x6e, 0x5f, + 0x35, 0x2e, 0x33, 0x2e, 0x33) + }, + { IETF_SWIMA_ATTR_REQ_FLAG_S, 3, 256, 2, chunk_from_chars( + 0x40, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x03, 0x00, 0x00, + 0x01, 0x00, 0x00, 0x1f, 0x73, 0x74, 0x72, 0x6f, 0x6e, 0x67, + 0x73, 0x77, 0x61, 0x6e, 0x2e, 0x6f, 0x72, 0x67, 0x5f, 0x73, + 0x74, 0x72, 0x6f, 0x6e, 0x67, 0x53, 0x77, 0x61, 0x6e, 0x5f, + 0x35, 0x2e, 0x33, 0x2e, 0x33, 0x00, 0x33, 0x73, 0x74, 0x72, + 0x6f, 0x6e, 0x67, 0x73, 0x77, 0x61, 0x6e, 0x2e, 0x6f, 0x72, + 0x67, 0x5f, 0x36, 0x32, 0x32, 0x35, 0x31, 0x61, 0x61, 0x36, + 0x2d, 0x31, 0x61, 0x30, 0x31, 0x2d, 0x34, 0x37, 0x39, 0x62, + 0x2d, 0x61, 0x65, 0x61, 0x36, 0x2d, 0x66, 0x33, 0x64, 0x63, + 0x66, 0x30, 0x61, 0x62, 0x31, 0x66, 0x31, 0x61) + }, +}; + +START_TEST(test_imcv_swima_sw_req) +{ + pen_type_t type; + pen_type_t pen_type = { PEN_IETF, IETF_ATTR_SW_REQUEST }; + pa_tnc_attr_t *attr, *attr1, *attr2; + ietf_swima_attr_req_t *c_attr; + swima_record_t *target; + swima_inventory_t *targets; + chunk_t sw_id, value; + enumerator_t *enumerator; + uint32_t offset; + int n; + + attr = ietf_swima_attr_req_create(req_data[_i].flags, + req_data[_i].request_id); + ck_assert(attr); + + type = attr->get_type(attr); + ck_assert(pen_type_equals(type, pen_type)); + + ck_assert(attr->get_noskip_flag(attr) == FALSE); + attr->set_noskip_flag(attr, TRUE); + ck_assert(attr->get_noskip_flag(attr) == TRUE); + + targets = swima_inventory_create(); + targets->set_eid(targets, req_data[_i].earliest_eid, 0); + + for (n = 0; n < req_data[_i].sw_id_count; n++) + { + sw_id = chunk_from_str(sw_id_str[n]); + target = swima_record_create(0, sw_id, chunk_empty); + targets->add(targets, target); + } + c_attr = (ietf_swima_attr_req_t*)attr; + c_attr->set_targets(c_attr, targets); + c_attr->set_targets(c_attr, targets); + targets->destroy(targets); + + attr->build(attr); + attr->build(attr); + value = attr->get_value(attr); + ck_assert_chunk_eq(value, req_data[_i].value); + + attr1 = attr->get_ref(attr); + attr->destroy(attr); + + attr2 = ietf_swima_attr_req_create_from_data(value.len, value); + ck_assert(attr2); + + attr1->destroy(attr1); + ck_assert(attr2->process(attr2, &offset) == SUCCESS); + + type = attr2->get_type(attr2); + ck_assert(pen_type_equals(type, pen_type)); + + c_attr = (ietf_swima_attr_req_t*)attr2; + ck_assert(c_attr->get_flags(c_attr) == req_data[_i].flags); + ck_assert(c_attr->get_request_id(c_attr) == req_data[_i].request_id); + + targets = c_attr->get_targets(c_attr); + ck_assert(targets->get_eid(targets, NULL) == req_data[_i].earliest_eid); + + enumerator = targets->create_enumerator(targets); + ck_assert(enumerator); + n = 0; + while (enumerator->enumerate(enumerator, &target)) + { + sw_id = target->get_sw_id(target, NULL); + ck_assert(chunk_equals(sw_id, chunk_from_str(sw_id_str[n++]))); + } + enumerator->destroy(enumerator); + + attr2->destroy(attr2); +} +END_TEST + +START_TEST(test_imcv_swima_sw_req_trunc) +{ + pa_tnc_attr_t *attr; + chunk_t data; + uint32_t offset = 100; + + /* Data smaller than minimum size */ + attr = ietf_swima_attr_req_create_from_data(0, chunk_empty); + ck_assert(attr); + ck_assert(attr->process(attr, &offset) == FAILED && offset == 0); + attr->destroy(attr); + + /* Truncate first SW ID */ + data = req_data[2].value; + data.len = 14; + attr = ietf_swima_attr_req_create_from_data(data.len, data); + ck_assert(attr); + ck_assert(attr->process(attr, &offset) == FAILED && offset == 12); + attr->destroy(attr); + + /* Truncate second SW ID */ + data = req_data[2].value; + data.len = 47; + attr = ietf_swima_attr_req_create_from_data(data.len, data); + ck_assert(attr); + ck_assert(attr->process(attr, &offset) == FAILED && offset == 45); + attr->destroy(attr); + + /* Segmentation */ + data = req_data[2].value; + data.len = 50; + attr = ietf_swima_attr_req_create_from_data(req_data[2].value.len, data); + ck_assert(attr); + ck_assert(attr->process(attr, &offset) == NEED_MORE); + data = chunk_skip(req_data[2].value, 50); + attr->add_segment(attr, data); + ck_assert(attr->process(attr, &offset) == SUCCESS); + attr->destroy(attr); +} +END_TEST + +static pen_type_t sw_inv_types[] = { + { PEN_IETF, IETF_ATTR_SW_INVENTORY }, + { PEN_IETF, IETF_ATTR_SW_ID_INVENTORY } +}; + +typedef struct sw_inv_data_t sw_inv_data_t; + +struct sw_inv_data_t { + uint8_t flags; + uint32_t request_id; + uint32_t eid_epoch; + uint32_t last_eid; + chunk_t value; +}; + +static sw_inv_data_t sw_inv_data[] = { + { IETF_SWIMA_ATTR_SW_INV_FLAG_NONE, 0xaabbccd0, 0x87654321, 0x00000007, + chunk_from_chars( + 0x00, 0x00, 0x00, 0x00, 0xAA, 0xBB, 0xCC, 0xD0, 0x87, 0x65, + 0x43, 0x21, 0x00, 0x00, 0x00, 0x07) + }, + { IETF_SWIMA_ATTR_SW_INV_FLAG_NONE, 0xaabbccd1, 0x87654321, 0x00000007, + chunk_from_chars( + 0x00, 0x00, 0x00, 0x00, 0xAA, 0xBB, 0xCC, 0xD1, 0x87, 0x65, + 0x43, 0x21, 0x00, 0x00, 0x00, 0x07) + }, + { IETF_SWIMA_ATTR_SW_INV_FLAG_NONE, 0xaabbccd2, 0x12345678, 0x00000030, + chunk_from_chars( + 0x00, 0x00, 0x00, 0x01, 0xAA, 0xBB, 0xCC, 0xD2, 0x12, 0x34, + 0x56, 0x78, 0x00, 0x00, 0x00, 0x30, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x1F, 0x73, 0x74, 0x72, + 0x6F, 0x6E, 0x67, 0x73, 0x77, 0x61, 0x6E, 0x2E, 0x6F, 0x72, + 0x67, 0x5F, 0x73, 0x74, 0x72, 0x6F, 0x6E, 0x67, 0x53, 0x77, + 0x61, 0x6E, 0x5F, 0x35, 0x2E, 0x33, 0x2E, 0x33, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x31, 0x3C, 0x53, 0x6F, 0x66, 0x74, 0x77, + 0x61, 0x72, 0x65, 0x49, 0x64, 0x65, 0x6E, 0x74, 0x69, 0x74, + 0x79, 0x20, 0x74, 0x61, 0x67, 0x49, 0x64, 0x3D, 0x22, 0x61, + 0x62, 0x63, 0x22, 0x3E, 0x3C, 0x2F, 0x53, 0x6F, 0x66, 0x74, + 0x77, 0x61, 0x72, 0x65, 0x49, 0x64, 0x65, 0x6E, 0x74, 0x69, + 0x74, 0x79, 0x3E) + }, + { IETF_SWIMA_ATTR_SW_INV_FLAG_NONE, 0xaabbccd3, 0x12345678, 0x00000030, + chunk_from_chars( + 0x00, 0x00, 0x00, 0x01, 0xAA, 0xBB, 0xCC, 0xD3, 0x12, 0x34, + 0x56, 0x78, 0x00, 0x00, 0x00, 0x30, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x1F, 0x73, 0x74, 0x72, + 0x6F, 0x6E, 0x67, 0x73, 0x77, 0x61, 0x6E, 0x2E, 0x6F, 0x72, + 0x67, 0x5F, 0x73, 0x74, 0x72, 0x6F, 0x6E, 0x67, 0x53, 0x77, + 0x61, 0x6E, 0x5F, 0x35, 0x2E, 0x33, 0x2E, 0x33, 0x00, 0x00) + }, + { IETF_SWIMA_ATTR_SW_INV_FLAG_S_F, 0xaabbccd4, 0x12345678, 0x00000034, + chunk_from_chars( + 0x80, 0x00, 0x00, 0x02, 0xAA, 0xBB, 0xCC, 0xD4, 0x12, 0x34, + 0x56, 0x78, 0x00, 0x00, 0x00, 0x34, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x1F, 0x73, 0x74, 0x72, + 0x6F, 0x6E, 0x67, 0x73, 0x77, 0x61, 0x6E, 0x2E, 0x6F, 0x72, + 0x67, 0x5F, 0x73, 0x74, 0x72, 0x6F, 0x6E, 0x67, 0x53, 0x77, + 0x61, 0x6E, 0x5F, 0x35, 0x2E, 0x33, 0x2E, 0x33, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x31, 0x3C, 0x53, 0x6F, 0x66, 0x74, 0x77, + 0x61, 0x72, 0x65, 0x49, 0x64, 0x65, 0x6E, 0x74, 0x69, 0x74, + 0x79, 0x20, 0x74, 0x61, 0x67, 0x49, 0x64, 0x3D, 0x22, 0x61, + 0x62, 0x63, 0x22, 0x3E, 0x3C, 0x2F, 0x53, 0x6F, 0x66, 0x74, + 0x77, 0x61, 0x72, 0x65, 0x49, 0x64, 0x65, 0x6E, 0x74, 0x69, + 0x74, 0x79, 0x3E, 0x00, 0x00, 0x00, 0x01, 0x00, 0x90, 0x2A, + 0x19, 0x11, 0x00, 0x33, 0x73, 0x74, 0x72, 0x6F, 0x6E, 0x67, + 0x73, 0x77, 0x61, 0x6E, 0x2E, 0x6F, 0x72, 0x67, 0x5F, 0x36, + 0x32, 0x32, 0x35, 0x31, 0x61, 0x61, 0x36, 0x2D, 0x31, 0x61, + 0x30, 0x31, 0x2D, 0x34, 0x37, 0x39, 0x62, 0x2D, 0x61, 0x65, + 0x61, 0x36, 0x2D, 0x66, 0x33, 0x64, 0x63, 0x66, 0x30, 0x61, + 0x62, 0x31, 0x66, 0x31, 0x61, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x31, 0x3C, 0x53, 0x6F, 0x66, 0x74, 0x77, 0x61, 0x72, 0x65, + 0x49, 0x64, 0x65, 0x6E, 0x74, 0x69, 0x74, 0x79, 0x20, 0x74, + 0x61, 0x67, 0x49, 0x64, 0x3D, 0x22, 0x64, 0x65, 0x66, 0x22, + 0x3E, 0x3C, 0x2F, 0x53, 0x6F, 0x66, 0x74, 0x77, 0x61, 0x72, + 0x65, 0x49, 0x64, 0x65, 0x6E, 0x74, 0x69, 0x74, 0x79, 0x3E) + }, + { IETF_SWIMA_ATTR_SW_INV_FLAG_S_F, 0xaabbccd5, 0x12345678, 0x00000034, + chunk_from_chars( + 0x80, 0x00, 0x00, 0x02, 0xAA, 0xBB, 0xCC, 0xD5, 0x12, 0x34, + 0x56, 0x78, 0x00, 0x00, 0x00, 0x34, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x1F, 0x73, 0x74, 0x72, + 0x6F, 0x6E, 0x67, 0x73, 0x77, 0x61, 0x6E, 0x2E, 0x6F, 0x72, + 0x67, 0x5F, 0x73, 0x74, 0x72, 0x6F, 0x6E, 0x67, 0x53, 0x77, + 0x61, 0x6E, 0x5F, 0x35, 0x2E, 0x33, 0x2E, 0x33, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x01, 0x00, 0x90, 0x2A, 0x19, 0x11, 0x00, + 0x33, 0x73, 0x74, 0x72, 0x6F, 0x6E, 0x67, 0x73, 0x77, 0x61, + 0x6E, 0x2E, 0x6F, 0x72, 0x67, 0x5F, 0x36, 0x32, 0x32, 0x35, + 0x31, 0x61, 0x61, 0x36, 0x2D, 0x31, 0x61, 0x30, 0x31, 0x2D, + 0x34, 0x37, 0x39, 0x62, 0x2D, 0x61, 0x65, 0x61, 0x36, 0x2D, + 0x66, 0x33, 0x64, 0x63, 0x66, 0x30, 0x61, 0x62, 0x31, 0x66, + 0x31, 0x61, 0x00, 0x00) + } +}; + +START_TEST(test_imcv_swima_inv) +{ + pen_type_t type, data_model; + chunk_t sw_id, record, value; + ietf_swima_attr_sw_inv_t *c_attr; + pa_tnc_attr_t *attr, *attr1, *attr2; + swima_record_t *sw_record; + swima_inventory_t *sw_inv; + enumerator_t *enumerator; + uint32_t offset, epoch; + uint8_t source_id; + bool sw_id_only = _i % 2; + int n; + + attr = ietf_swima_attr_sw_inv_create(sw_inv_data[_i].flags, + sw_inv_data[_i].request_id, + sw_id_only); + + sw_inv = swima_inventory_create(); + sw_inv->set_eid(sw_inv, sw_inv_data[_i].last_eid, sw_inv_data[_i].eid_epoch); + for (n = 0; n < _i/2; n++) + { + sw_id = chunk_from_str(sw_id_str[n]); + sw_record = swima_record_create(n, sw_id, chunk_empty); + + if (n == 1) + { + sw_record->set_data_model(sw_record, ita_data_model); + sw_record->set_source_id(sw_record, 0x11); + } + if (!sw_id_only) + { + record = chunk_from_str(sw_record_str[n]); + sw_record->set_record(sw_record, record); + } + sw_inv->add(sw_inv, sw_record); + } + c_attr = (ietf_swima_attr_sw_inv_t*)attr; + c_attr->set_inventory(c_attr, sw_inv); + c_attr->set_inventory(c_attr, sw_inv); + + attr->build(attr); + attr->build(attr); + sw_inv->destroy(sw_inv); + + type = attr->get_type(attr); + ck_assert(pen_type_equals(type, sw_inv_types[sw_id_only])); + + ck_assert(attr->get_noskip_flag(attr) == FALSE); + attr->set_noskip_flag(attr, TRUE); + ck_assert(attr->get_noskip_flag(attr) == TRUE); + + value = attr->get_value(attr); + ck_assert_chunk_eq(value, sw_inv_data[_i].value); + + attr1 = attr->get_ref(attr); + attr->destroy(attr); + + attr2 = ietf_swima_attr_sw_inv_create_from_data(value.len, value, + sw_id_only); + ck_assert(attr2); + attr1->destroy(attr1); + ck_assert(attr2->process(attr2, &offset) == SUCCESS); + + type = attr2->get_type(attr2); + ck_assert(pen_type_equals(type, sw_inv_types[sw_id_only])); + + c_attr = (ietf_swima_attr_sw_inv_t*)attr2; + ck_assert(c_attr->get_flags(c_attr) == sw_inv_data[_i].flags); + ck_assert(c_attr->get_record_count(c_attr) == 0); + ck_assert(c_attr->get_request_id(c_attr) == sw_inv_data[_i].request_id); + + sw_inv = c_attr->get_inventory(c_attr); + ck_assert(sw_inv->get_eid(sw_inv, NULL) == sw_inv_data[_i].last_eid); + ck_assert(sw_inv->get_eid(sw_inv, &epoch) == sw_inv_data[_i].last_eid); + ck_assert(epoch == sw_inv_data[_i].eid_epoch); + ck_assert(sw_inv); + ck_assert(sw_inv->get_count(sw_inv) == _i/2); + + enumerator = sw_inv->create_enumerator(sw_inv); + ck_assert(enumerator); + + n = 0; + while (enumerator->enumerate(enumerator, &sw_record)) + { + ck_assert(sw_record->get_record_id(sw_record) == n); + data_model = sw_record->get_data_model(sw_record); + ck_assert(pen_type_equals(data_model, (n == 1) ? ita_data_model : + swima_data_model_iso_2015_swid_xml)); + source_id = sw_record->get_source_id(sw_record); + ck_assert(source_id == (n == 1 ? 0x11 : 0x00)); + n++; + } + enumerator->destroy(enumerator); + ck_assert(n == _i/2); + + attr2->destroy(attr2); +} +END_TEST + +/** + * Offsets in sw_inv_data[4].value + * + * 0 constant header + * 12 segment 1 - 12 octets + * 16 record_id + * 18 segment 2 - 6 octets + * 20 data_model_pen + * 22 segment 3 - 4 octets + * 23 segment 4 - 1 octet + * 23 data_model_type + * 24 segment 5 - 1 octet + * 24 source_id + * 25 sw_id + * 26 segment 6 - 2 octets + * 58 sw_locator + * 59 segment 7 - 33 octets + * 60 record + * 62 segment 8 - 3 octets + * 113 sw record 2 + * 114 segment 9 - 52 octets + * 230 segment 10 - 116 octets + */ + +START_TEST(test_imcv_swima_sw_inv_trunc) +{ + pa_tnc_attr_t *attr; + ietf_swima_attr_sw_inv_t *c_attr; + chunk_t data; + swima_inventory_t *sw_inv; + size_t len = sw_inv_data[4].value.len; + uint32_t offset = 100; + + /* Data smaller than minimum size */ + attr = ietf_swima_attr_sw_inv_create_from_data(0, chunk_empty, FALSE); + ck_assert(attr); + ck_assert(attr->process(attr, &offset) == FAILED && offset == 0); + attr->destroy(attr); + + /* Length larger than data */ + data = sw_inv_data[4].value; + attr = ietf_swima_attr_sw_inv_create_from_data(len + 2, data, FALSE); + ck_assert(attr); + ck_assert(attr->process(attr, &offset) == FAILED && offset == len); + attr->destroy(attr); + + /* Segment 1 truncates minimum size */ + data = sw_inv_data[4].value; + data.len = 12; + attr = ietf_swima_attr_sw_inv_create_from_data(len, data, FALSE); + ck_assert(attr); + ck_assert(attr->process(attr, &offset) == NEED_MORE); + + /* Segment 2 truncates record_id */ + data = chunk_skip(sw_inv_data[4].value, 12); + data.len = 6; + attr->add_segment(attr, data); + ck_assert(attr->process(attr, &offset) == NEED_MORE); + + /* Segment 3 truncates data_model_pen */ + data = chunk_skip(sw_inv_data[4].value, 18); + data.len = 4; + attr->add_segment(attr, data); + ck_assert(attr->process(attr, &offset) == NEED_MORE); + + /* Segment 4 truncates data_model_type */ + data = chunk_skip(sw_inv_data[4].value, 22); + data.len = 1; + attr->add_segment(attr, data); + ck_assert(attr->process(attr, &offset) == NEED_MORE); + + /* Segment 5 truncates source_id */ + data = chunk_skip(sw_inv_data[4].value, 23); + data.len = 1; + attr->add_segment(attr, data); + ck_assert(attr->process(attr, &offset) == NEED_MORE); + + /* Segment 6 truncates sw_id */ + data = chunk_skip(sw_inv_data[4].value, 24); + data.len = 2; + attr->add_segment(attr, data); + ck_assert(attr->process(attr, &offset) == NEED_MORE); + + /* Segment 7 truncates sw_locator */ + data = chunk_skip(sw_inv_data[4].value, 26); + data.len = 33; + attr->add_segment(attr, data); + ck_assert(attr->process(attr, &offset) == NEED_MORE); + + /* Segment 8 truncates record */ + data = chunk_skip(sw_inv_data[4].value, 59); + data.len = 3; + attr->add_segment(attr, data); + ck_assert(attr->process(attr, &offset) == NEED_MORE); + + /* Segment 9 truncates second sw_record */ + data = chunk_skip(sw_inv_data[4].value, 62); + data.len = 52; + attr->add_segment(attr, data); + ck_assert(attr->process(attr, &offset) == SUCCESS); + + /* Process first inventory entry */ + c_attr = (ietf_swima_attr_sw_inv_t*)attr; + sw_inv = c_attr->get_inventory(c_attr); + ck_assert(sw_inv->get_count(sw_inv) == 1); + c_attr->clear_inventory(c_attr); + + /* Segment 10 truncates second sw_record */ + data = chunk_skip(sw_inv_data[4].value, 114); + data.len = 116; + attr->add_segment(attr, data); + ck_assert(attr->process(attr, &offset) == SUCCESS); + + /* Process second inventory entry */ + sw_inv = c_attr->get_inventory(c_attr); + ck_assert(sw_inv->get_count(sw_inv) == 1); + c_attr->clear_inventory(c_attr); + + attr->destroy(attr); +} +END_TEST + +static char* sw_ev_timestamp_str[] = { + "2017-05-30T18:09:25Z", + "2017-06-14T15:38:00Z" +}; + +START_TEST(test_imcv_swima_event) +{ + chunk_t sw_id, sw_timestamp, timestamp; + swima_event_t *sw_event, *sw_event_cp; + swima_record_t *sw_record; + uint32_t record_id = 1, eid = 7; + uint8_t action = SWIMA_EVENT_ACTION_CREATION; + + sw_id = chunk_from_str(sw_id_str[0]); + sw_timestamp = chunk_from_str(sw_ev_timestamp_str[0]); + + /* Software Identity without Software Locator */ + sw_record = swima_record_create(record_id, sw_id, chunk_empty), + ck_assert(sw_record); + + sw_event = swima_event_create(eid, sw_timestamp, action, sw_record); + ck_assert(sw_event); + sw_event_cp = sw_event->get_ref(sw_event); + + ck_assert(sw_event->get_eid(sw_event, NULL) == eid); + ck_assert(sw_event->get_eid(sw_event, ×tamp) == eid); + ck_assert_chunk_eq(sw_timestamp, timestamp); + ck_assert(sw_event->get_action(sw_event) == action); + sw_event->destroy(sw_event); + + sw_record = sw_event_cp->get_sw_record(sw_event_cp); + ck_assert(sw_record); + ck_assert(sw_record->get_record_id(sw_record) == record_id); + ck_assert_chunk_eq(sw_record->get_sw_id(sw_record, NULL), sw_id); + sw_event_cp->destroy(sw_event_cp); +} +END_TEST + +static pen_type_t sw_ev_types[] = { + { PEN_IETF, IETF_ATTR_SW_EVENTS }, + { PEN_IETF, IETF_ATTR_SW_ID_EVENTS } +}; + +typedef struct sw_ev_data_t sw_ev_data_t; + +struct sw_ev_data_t { + uint8_t flags; + uint32_t request_id; + uint32_t eid_epoch; + uint32_t last_eid; + uint32_t last_consulted_eid; + chunk_t value; +}; + +static sw_ev_data_t sw_ev_data[] = { + { IETF_SWIMA_ATTR_SW_EV_FLAG_NONE, 0xaabbccd0, 0x87654321, 0x00000007, + 0x00000007, chunk_from_chars( + 0x00, 0x00, 0x00, 0x00, 0xAA, 0xBB, 0xCC, 0xD0, 0x87, 0x65, + 0x43, 0x21, 0x00, 0x00, 0x00, 0x07, 0x00, 0x00, 0x00, 0x07) + }, + { IETF_SWIMA_ATTR_SW_EV_FLAG_NONE, 0xaabbccd1, 0x87654321, 0x00000007, + 0x00000007, chunk_from_chars( + 0x00, 0x00, 0x00, 0x00, 0xAA, 0xBB, 0xCC, 0xD1, 0x87, 0x65, + 0x43, 0x21, 0x00, 0x00, 0x00, 0x07, 0x00, 0x00, 0x00, 0x07) + }, + { IETF_SWIMA_ATTR_SW_EV_FLAG_NONE, 0xaabbccd2, 0x12345678, 0x00000030, + 0x00000030, chunk_from_chars( + 0x00, 0x00, 0x00, 0x01, 0xAA, 0xBB, 0xCC, 0xD2, 0x12, 0x34, + 0x56, 0x78, 0x00, 0x00, 0x00, 0x30, 0x00, 0x00, 0x00, 0x30, + 0x00, 0x00, 0x00, 0x30, '2', '0', '1', '7', '-', '0', + '5', '-', '3', '0', 'T', '1', '8', ':', '0', '9', + ':', '2', '5', 'Z', 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x01, 0x00, 0x01, 0x00, 0x1F, 0x73, 0x74, 0x72, 0x6F, + 0x6E, 0x67, 0x73, 0x77, 0x61, 0x6E, 0x2E, 0x6F, 0x72, 0x67, + 0x5F, 0x73, 0x74, 0x72, 0x6F, 0x6E, 0x67, 0x53, 0x77, 0x61, + 0x6E, 0x5F, 0x35, 0x2E, 0x33, 0x2E, 0x33, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x31, 0x3C, 0x53, 0x6F, 0x66, 0x74, 0x77, 0x61, + 0x72, 0x65, 0x49, 0x64, 0x65, 0x6E, 0x74, 0x69, 0x74, 0x79, + 0x20, 0x74, 0x61, 0x67, 0x49, 0x64, 0x3D, 0x22, 0x61, 0x62, + 0x63, 0x22, 0x3E, 0x3C, 0x2F, 0x53, 0x6F, 0x66, 0x74, 0x77, + 0x61, 0x72, 0x65, 0x49, 0x64, 0x65, 0x6E, 0x74, 0x69, 0x74, + 0x79, 0x3E) + }, + { IETF_SWIMA_ATTR_SW_EV_FLAG_NONE, 0xaabbccd3, 0x12345678, 0x00000030, + 0x00000030, chunk_from_chars( + 0x00, 0x00, 0x00, 0x01, 0xAA, 0xBB, 0xCC, 0xD3, 0x12, 0x34, + 0x56, 0x78, 0x00, 0x00, 0x00, 0x30, 0x00, 0x00, 0x00, 0x30, + 0x00, 0x00, 0x00, 0x30, '2', '0', '1', '7', '-', '0', + '5', '-', '3', '0', 'T', '1', '8', ':', '0', '9', + ':', '2', '5', 'Z', 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x01, 0x00, 0x01, 0x00, 0x1F, 0x73, 0x74, 0x72, 0x6F, + 0x6E, 0x67, 0x73, 0x77, 0x61, 0x6E, 0x2E, 0x6F, 0x72, 0x67, + 0x5F, 0x73, 0x74, 0x72, 0x6F, 0x6E, 0x67, 0x53, 0x77, 0x61, + 0x6E, 0x5F, 0x35, 0x2E, 0x33, 0x2E, 0x33, 0x00, 0x00) + }, + { IETF_SWIMA_ATTR_SW_EV_FLAG_S_F, 0xaabbccd4, 0x12345678, 0x00000050, + 0x00000034, chunk_from_chars( + 0x80, 0x00, 0x00, 0x02, 0xAA, 0xBB, 0xCC, 0xD4, 0x12, 0x34, + 0x56, 0x78, 0x00, 0x00, 0x00, 0x50, 0x00, 0x00, 0x00, 0x34, + 0x00, 0x00, 0x00, 0x30, '2', '0', '1', '7', '-', '0', + '5', '-', '3', '0', 'T', '1', '8', ':', '0', '9', + ':', '2', '5', 'Z', 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x01, 0x00, 0x01, 0x00, 0x1F, 0x73, 0x74, 0x72, 0x6F, + 0x6E, 0x67, 0x73, 0x77, 0x61, 0x6E, 0x2E, 0x6F, 0x72, 0x67, + 0x5F, 0x73, 0x74, 0x72, 0x6F, 0x6E, 0x67, 0x53, 0x77, 0x61, + 0x6E, 0x5F, 0x35, 0x2E, 0x33, 0x2E, 0x33, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x31, 0x3C, 0x53, 0x6F, 0x66, 0x74, 0x77, 0x61, + 0x72, 0x65, 0x49, 0x64, 0x65, 0x6E, 0x74, 0x69, 0x74, 0x79, + 0x20, 0x74, 0x61, 0x67, 0x49, 0x64, 0x3D, 0x22, 0x61, 0x62, + 0x63, 0x22, 0x3E, 0x3C, 0x2F, 0x53, 0x6F, 0x66, 0x74, 0x77, + 0x61, 0x72, 0x65, 0x49, 0x64, 0x65, 0x6E, 0x74, 0x69, 0x74, + 0x79, 0x3E, 0x00, 0x00, 0x00, 0x34, '2', '0', '1', '7', + '-', '0', '6', '-', '1', '4', 'T', '1', '5', ':', + '3', '8', ':', '0', '0', 'Z', 0x00, 0x00, 0x00, 0x01, + 0x00, 0x90, 0x2A, 0x19, 0x11, 0x02, 0x00, 0x33, 0x73, 0x74, + 0x72, 0x6F, 0x6E, 0x67, 0x73, 0x77, 0x61, 0x6E, 0x2E, 0x6F, + 0x72, 0x67, 0x5F, 0x36, 0x32, 0x32, 0x35, 0x31, 0x61, 0x61, + 0x36, 0x2D, 0x31, 0x61, 0x30, 0x31, 0x2D, 0x34, 0x37, 0x39, + 0x62, 0x2D, 0x61, 0x65, 0x61, 0x36, 0x2D, 0x66, 0x33, 0x64, + 0x63, 0x66, 0x30, 0x61, 0x62, 0x31, 0x66, 0x31, 0x61, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x31, 0x3C, 0x53, 0x6F, 0x66, 0x74, + 0x77, 0x61, 0x72, 0x65, 0x49, 0x64, 0x65, 0x6E, 0x74, 0x69, + 0x74, 0x79, 0x20, 0x74, 0x61, 0x67, 0x49, 0x64, 0x3D, 0x22, + 0x64, 0x65, 0x66, 0x22, 0x3E, 0x3C, 0x2F, 0x53, 0x6F, 0x66, + 0x74, 0x77, 0x61, 0x72, 0x65, 0x49, 0x64, 0x65, 0x6E, 0x74, + 0x69, 0x74, 0x79, 0x3E) + }, + { IETF_SWIMA_ATTR_SW_EV_FLAG_S_F, 0xaabbccd5, 0x12345678, 0x00000050, + 0x00000034, chunk_from_chars( + 0x80, 0x00, 0x00, 0x02, 0xAA, 0xBB, 0xCC, 0xD5, 0x12, 0x34, + 0x56, 0x78, 0x00, 0x00, 0x00, 0x50, 0x00, 0x00, 0x00, 0x34, + 0x00, 0x00, 0x00, 0x30, '2', '0', '1', '7', '-', '0', + '5', '-', '3', '0', 'T', '1', '8', ':', '0', '9', + ':', '2', '5', 'Z', 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x01, 0x00, 0x01, 0x00, 0x1F, 0x73, 0x74, 0x72, 0x6F, + 0x6E, 0x67, 0x73, 0x77, 0x61, 0x6E, 0x2E, 0x6F, 0x72, 0x67, + 0x5F, 0x73, 0x74, 0x72, 0x6F, 0x6E, 0x67, 0x53, 0x77, 0x61, + 0x6E, 0x5F, 0x35, 0x2E, 0x33, 0x2E, 0x33, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x34, '2', '0', '1', '7', '-', '0', '6', + '-', '1', '4', 'T', '1', '5', ':', '3', '8', ':', + '0', '0', 'Z', 0x00, 0x00, 0x00, 0x01, 0x00, 0x90, 0x2A, + 0x19, 0x11, 0x02, 0x00, 0x33, 0x73, 0x74, 0x72, 0x6F, 0x6E, + 0x67, 0x73, 0x77, 0x61, 0x6E, 0x2E, 0x6F, 0x72, 0x67, 0x5F, + 0x36, 0x32, 0x32, 0x35, 0x31, 0x61, 0x61, 0x36, 0x2D, 0x31, + 0x61, 0x30, 0x31, 0x2D, 0x34, 0x37, 0x39, 0x62, 0x2D, 0x61, + 0x65, 0x61, 0x36, 0x2D, 0x66, 0x33, 0x64, 0x63, 0x66, 0x30, + 0x61, 0x62, 0x31, 0x66, 0x31, 0x61, 0x00, 0x00) + } +}; + +START_TEST(test_imcv_swima_ev) +{ + pen_type_t type, data_model; + chunk_t sw_id, record, timestamp, value; + ietf_swima_attr_sw_ev_t *c_attr; + pa_tnc_attr_t *attr, *attr1, *attr2; + swima_record_t *sw_record; + swima_event_t *sw_event; + swima_events_t *sw_ev; + enumerator_t *enumerator; + uint32_t offset, epoch, eid, last_eid; + uint8_t source_id, action; + bool sw_id_only = _i % 2; + int n; + + attr = ietf_swima_attr_sw_ev_create(sw_ev_data[_i].flags, + sw_ev_data[_i].request_id, + sw_id_only); + sw_ev = swima_events_create(); + sw_ev->set_eid(sw_ev, sw_ev_data[_i].last_consulted_eid, + sw_ev_data[_i].eid_epoch); + if (sw_ev_data[_i].last_consulted_eid < sw_ev_data[_i].last_eid) + { + sw_ev->set_last_eid(sw_ev, sw_ev_data[_i].last_eid); + } + + for (n = 0; n < _i/2; n++) + { + sw_id = chunk_from_str(sw_id_str[n]); + sw_record = swima_record_create(n, sw_id, chunk_empty); + + if (n == 1) + { + sw_record->set_data_model(sw_record, ita_data_model); + sw_record->set_source_id(sw_record, 0x11); + } + if (!sw_id_only) + { + record = chunk_from_str(sw_record_str[n]); + sw_record->set_record(sw_record, record); + } + eid = 0x30 + 4 * n; + timestamp = chunk_from_str(sw_ev_timestamp_str[n]); + action = n + 1; + sw_event = swima_event_create(eid, timestamp, action, sw_record); + sw_ev->add(sw_ev, sw_event); + } + c_attr = (ietf_swima_attr_sw_ev_t*)attr; + c_attr->set_events(c_attr, sw_ev); + c_attr->set_events(c_attr, sw_ev); + + attr->build(attr); + attr->build(attr); + sw_ev->destroy(sw_ev); + + type = attr->get_type(attr); + ck_assert(pen_type_equals(type, sw_ev_types[sw_id_only])); + + ck_assert(attr->get_noskip_flag(attr) == FALSE); + attr->set_noskip_flag(attr, TRUE); + ck_assert(attr->get_noskip_flag(attr) == TRUE); + + value = attr->get_value(attr); + ck_assert_chunk_eq(value, sw_ev_data[_i].value); + + attr1 = attr->get_ref(attr); + attr->destroy(attr); + + attr2 = ietf_swima_attr_sw_ev_create_from_data(value.len, value, + sw_id_only); + ck_assert(attr2); + attr1->destroy(attr1); + ck_assert(attr2->process(attr2, &offset) == SUCCESS); + + type = attr2->get_type(attr2); + ck_assert(pen_type_equals(type, sw_ev_types[sw_id_only])); + + c_attr = (ietf_swima_attr_sw_ev_t*)attr2; + ck_assert(c_attr->get_flags(c_attr) == sw_ev_data[_i].flags); + ck_assert(c_attr->get_event_count(c_attr) == 0); + ck_assert(c_attr->get_request_id(c_attr) == sw_ev_data[_i].request_id); + + sw_ev = c_attr->get_events(c_attr); + ck_assert(sw_ev); + eid = sw_ev->get_eid(sw_ev, NULL, NULL); + ck_assert(eid == sw_ev_data[_i].last_consulted_eid); + eid = sw_ev->get_eid(sw_ev, &epoch, &last_eid); + ck_assert(eid == sw_ev_data[_i].last_consulted_eid); + ck_assert(epoch == sw_ev_data[_i].eid_epoch); + ck_assert(last_eid == sw_ev_data[_i].last_eid); + ck_assert(sw_ev->get_count(sw_ev) == _i/2); + + enumerator = sw_ev->create_enumerator(sw_ev); + ck_assert(enumerator); + + n = 0; + while (enumerator->enumerate(enumerator, &sw_event)) + { + ck_assert(sw_event->get_eid(sw_event, ×tamp) == 0x30 + 4 * n); + ck_assert_chunk_eq(timestamp, chunk_from_str(sw_ev_timestamp_str[n])); + sw_record = sw_event->get_sw_record(sw_event); + ck_assert(sw_record); + ck_assert(sw_record->get_record_id(sw_record) == n); + data_model = sw_record->get_data_model(sw_record); + ck_assert(pen_type_equals(data_model, (n == 1) ? ita_data_model : + swima_data_model_iso_2015_swid_xml)); + source_id = sw_record->get_source_id(sw_record); + ck_assert(source_id == (n == 1 ? 0x11 : 0x00)); + n++; + } + enumerator->destroy(enumerator); + ck_assert(n == _i/2); + + attr2->destroy(attr2); +} +END_TEST + + +/** + * Offsets in sw_ev_data[4].value + * + * 0 constant header + * 16 segment 1 - 16 octets + * 20 eid + * 22 segment 2 - 6 octets + * 24 timestamp + * 26 segment 3 - 4 octets + * 44 record_id + * 46 segment 4 - 20 octets + * 48 data_model_pen + * 50 segment 5 - 4 octets + * 51 segment 6 - 1 octet + * 51 data_model_type + * 52 segment 7 - 1 octet + * 52 source_id + * 53 segment 8 - 1 octet + * 53 action + * 54 sw_id + * 55 segment 9 - 2 octets + * 87 sw_locator + * 88 segment 10 - 33 octets + * 89 record + * 91 segment 11 - 3 octets + * 142 sw record 2 + * 143 segment 12 - 52 octets + * 284 segment 13 - 141 octets + */ + +START_TEST(test_imcv_swima_sw_ev_trunc) +{ + pa_tnc_attr_t *attr; + ietf_swima_attr_sw_ev_t *c_attr; + chunk_t data; + swima_events_t *sw_ev; + size_t len = sw_ev_data[4].value.len; + uint32_t offset = 100; + + /* Data smaller than minimum size */ + attr = ietf_swima_attr_sw_ev_create_from_data(0, chunk_empty, FALSE); + ck_assert(attr); + ck_assert(attr->process(attr, &offset) == FAILED && offset == 0); + attr->destroy(attr); + + /* Length larger than data */ + data = sw_ev_data[4].value; + attr = ietf_swima_attr_sw_ev_create_from_data(len + 2, data, FALSE); + ck_assert(attr); + ck_assert(attr->process(attr, &offset) == FAILED && offset == len); + attr->destroy(attr); + + /* Segment 1 truncates minimum size */ + data = sw_ev_data[4].value; + data.len = 16; + attr = ietf_swima_attr_sw_ev_create_from_data(len, data, FALSE); + ck_assert(attr); + ck_assert(attr->process(attr, &offset) == NEED_MORE); + + /* Segment 2 truncates eid */ + data = chunk_skip(sw_ev_data[4].value, 16); + data.len = 6; + attr->add_segment(attr, data); + ck_assert(attr->process(attr, &offset) == NEED_MORE); + + /* Segment 3 truncates timestamp */ + data = chunk_skip(sw_ev_data[4].value, 22); + data.len = 4; + attr->add_segment(attr, data); + ck_assert(attr->process(attr, &offset) == NEED_MORE); + + /* Segment 4 truncates record_id */ + data = chunk_skip(sw_ev_data[4].value, 26); + data.len = 20; + attr->add_segment(attr, data); + ck_assert(attr->process(attr, &offset) == NEED_MORE); + + /* Segment 5 truncates data_model_pen */ + data = chunk_skip(sw_ev_data[4].value, 46); + data.len = 4; + attr->add_segment(attr, data); + ck_assert(attr->process(attr, &offset) == NEED_MORE); + + /* Segment 6 truncates data_model_type */ + data = chunk_skip(sw_ev_data[4].value, 50); + data.len = 1; + attr->add_segment(attr, data); + ck_assert(attr->process(attr, &offset) == NEED_MORE); + + /* Segment 7 truncates source_id */ + data = chunk_skip(sw_ev_data[4].value, 51); + data.len = 1; + attr->add_segment(attr, data); + ck_assert(attr->process(attr, &offset) == NEED_MORE); + + /* Segment 8 truncates action */ + data = chunk_skip(sw_ev_data[4].value, 52); + data.len = 1; + attr->add_segment(attr, data); + ck_assert(attr->process(attr, &offset) == NEED_MORE); + + /* Segment 9 truncates sw_id */ + data = chunk_skip(sw_ev_data[4].value, 53); + data.len = 2; + attr->add_segment(attr, data); + ck_assert(attr->process(attr, &offset) == NEED_MORE); + + /* Segment 10 truncates sw_locator */ + data = chunk_skip(sw_ev_data[4].value, 55); + data.len = 33; + attr->add_segment(attr, data); + ck_assert(attr->process(attr, &offset) == NEED_MORE); + + /* Segment 11 truncates record */ + data = chunk_skip(sw_ev_data[4].value, 88); + data.len = 3; + attr->add_segment(attr, data); + ck_assert(attr->process(attr, &offset) == NEED_MORE); + + /* Segment 12 truncates second sw_entry */ + data = chunk_skip(sw_ev_data[4].value, 91); + data.len = 52; + attr->add_segment(attr, data); + ck_assert(attr->process(attr, &offset) == SUCCESS); + + /* Process first event entry */ + c_attr = (ietf_swima_attr_sw_ev_t*)attr; + sw_ev = c_attr->get_events(c_attr); + ck_assert(sw_ev->get_count(sw_ev) == 1); + c_attr->clear_events(c_attr); + + /* Segment 13 truncates second sw_record */ + data = chunk_skip(sw_ev_data[4].value, 143); + data.len = 141; + attr->add_segment(attr, data); + ck_assert(attr->process(attr, &offset) == SUCCESS); + + /* Process second event entry */ + sw_ev = c_attr->get_events(c_attr); + ck_assert(sw_ev->get_count(sw_ev) == 1); + c_attr->clear_events(c_attr); + attr->destroy(attr); + + /* Invalid Action values */ + data = chunk_clone(sw_ev_data[2].value); + data.ptr[53] = 0; + attr = ietf_swima_attr_sw_ev_create_from_data(data.len, data, FALSE); + ck_assert(attr); + ck_assert(attr->process(attr, &offset) == FAILED); + attr->destroy(attr); + + data.ptr[53] = SWIMA_EVENT_ACTION_LAST + 1; + attr = ietf_swima_attr_sw_ev_create_from_data(data.len, data, FALSE); + ck_assert(attr); + ck_assert(attr->process(attr, &offset) == FAILED && offset == 20); + attr->destroy(attr); + chunk_free(&data); +} +END_TEST + +START_TEST(test_imcv_swima_sw_collector) +{ + swima_collector_t *collector; + swima_inventory_t *targets, *inventory; + swima_events_t *events; + swima_record_t *sw_record; + swima_event_t *sw_event; + chunk_t sw_id, sw_locator, swid_tag; + enumerator_t *enumerator; + uint8_t source_id; + int item = 0, items; + + targets = swima_inventory_create(); + collector = swima_collector_create(); + + /* software identifier events only */ + events = collector->collect_events(collector, TRUE, targets); + if (events) + { + items = events->get_count(events); + DBG1(DBG_IMC, "%d software identifiers collected", items); + + enumerator = events->create_enumerator(events); + while (enumerator->enumerate(enumerator, &sw_event)) + { + item++; + if ( item == 1 || item == items) + { + sw_record = sw_event->get_sw_record(sw_event); + sw_id = sw_record->get_sw_id(sw_record, NULL); + source_id =sw_record->get_source_id(sw_record); + DBG1(DBG_IMC, "source %u: %.*s", source_id, sw_id.len, sw_id.ptr); + } + } + enumerator->destroy(enumerator); + } + + /* software identifier inventory only */ + inventory = collector->collect_inventory(collector, TRUE, targets); + if (inventory) + { + items = inventory->get_count(inventory); + DBG1(DBG_IMC, "%d software identifiers collected", items); + + enumerator = inventory->create_enumerator(inventory); + while (enumerator->enumerate(enumerator, &sw_record)) + { + item++; + if ( item == 1 || item == items) + { + sw_id = sw_record->get_sw_id(sw_record, &sw_locator); + source_id =sw_record->get_source_id(sw_record); + DBG1(DBG_IMC, "source %u: %.*s", source_id, sw_id.len, sw_id.ptr); + if (sw_locator.len > 0) + { + DBG1(DBG_IMC, " locator: %.*s", + sw_locator.len, sw_locator.ptr); + } + targets->add(targets, sw_record->get_ref(sw_record)); + } + } + enumerator->destroy(enumerator); + } + + /* targeted software inventory */ + inventory = collector->collect_inventory(collector, FALSE, targets); + if (inventory) + { + items = inventory->get_count(inventory); + DBG1(DBG_IMC, "%d SWID tags collected", items); + + enumerator = inventory->create_enumerator(inventory); + while (enumerator->enumerate(enumerator, &sw_record)) + { + sw_id = sw_record->get_sw_id(sw_record, NULL); + source_id =sw_record->get_source_id(sw_record); + swid_tag = sw_record->get_record(sw_record); + DBG1(DBG_IMC, "source %u: %.*s", source_id, sw_id.len, sw_id.ptr); + DBG2(DBG_IMC, "%B", &swid_tag); + } + enumerator->destroy(enumerator); + } + + collector->destroy(collector); + targets->destroy(targets); +} +END_TEST + +Suite *imcv_swima_suite_create() +{ + Suite *s; + TCase *tc; + + s = suite_create("imcv_swima"); + + tc = tcase_create("sw_record"); + tcase_add_test(tc, test_imcv_swima_record); + suite_add_tcase(s, tc); + + tc = tcase_create("sw_req"); + tcase_add_loop_test(tc, test_imcv_swima_sw_req, 0, countof(req_data)); + suite_add_tcase(s, tc); + + tc = tcase_create("sw_req_trunc"); + tcase_add_test(tc, test_imcv_swima_sw_req_trunc); + suite_add_tcase(s, tc); + + tc = tcase_create("sw_inv"); + tcase_add_loop_test(tc, test_imcv_swima_inv, 0, 6); + suite_add_tcase(s, tc); + + tc = tcase_create("sw_inv_trunc"); + tcase_add_test(tc, test_imcv_swima_sw_inv_trunc); + suite_add_tcase(s, tc); + + tc = tcase_create("sw_event"); + tcase_add_test(tc, test_imcv_swima_event); + suite_add_tcase(s, tc); + + tc = tcase_create("sw_ev"); + tcase_add_loop_test(tc, test_imcv_swima_ev, 0, 6); + suite_add_tcase(s, tc); + + tc = tcase_create("sw_ev_trunc"); + tcase_add_test(tc, test_imcv_swima_sw_ev_trunc); + suite_add_tcase(s, tc); + + tc = tcase_create("sw_collector"); + tcase_add_test(tc, test_imcv_swima_sw_collector); + suite_add_tcase(s, tc); + + return s; +} diff --git a/src/libimcv/swid/swid_inventory.c b/src/libimcv/swid/swid_inventory.c index a49286954..5f6e50cb7 100644 --- a/src/libimcv/swid/swid_inventory.c +++ b/src/libimcv/swid/swid_inventory.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2013-2014 Andreas Steffen + * Copyright (C) 2013-2017 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -16,9 +16,10 @@ #include "swid_inventory.h" #include "swid_tag.h" #include "swid_tag_id.h" +#include "swid_gen/swid_gen.h" #include -#include +#include #include #include @@ -52,192 +53,99 @@ struct private_swid_inventory_t { linked_list_t *list; }; -/** - * Read SWID tags issued by the swid_generator tool - */ -static status_t read_swid_tags(private_swid_inventory_t *this, FILE *file) +static status_t generate_tags(private_swid_inventory_t *this, + swid_inventory_t *targets, bool pretty, bool full) { + swid_gen_t *swid_gen; swid_tag_t *tag; - bio_writer_t *writer; - chunk_t tag_encoding, tag_file_path = chunk_empty; - bool more_tags = TRUE, last_newline; - char line[8192]; - size_t len; - - while (more_tags) - { - last_newline = TRUE; - writer = bio_writer_create(512); - while (TRUE) - { - if (!fgets(line, sizeof(line), file)) - { - more_tags = FALSE; - break; - } - len = strlen(line); - - if (last_newline && line[0] == '\n') - { - break; - } - else - { - last_newline = (line[len-1] == '\n'); - writer->write_data(writer, chunk_create(line, len)); - } - } - - tag_encoding = writer->get_buf(writer); - - if (tag_encoding.len > 1) - { - /* remove trailing newline if present */ - if (tag_encoding.ptr[tag_encoding.len - 1] == '\n') - { - tag_encoding.len--; - } - DBG3(DBG_IMC, " %.*s", tag_encoding.len, tag_encoding.ptr); - - tag = swid_tag_create(tag_encoding, tag_file_path); - this->list->insert_last(this->list, tag); - } - writer->destroy(writer); - } - - return SUCCESS; -} - -/** - * Read SWID tag or software IDs issued by the swid_generator tool - */ -static status_t read_swid_tag_ids(private_swid_inventory_t *this, FILE *file) -{ swid_tag_id_t *tag_id; - chunk_t tag_creator, unique_sw_id, tag_file_path = chunk_empty; - char line[BUF_LEN]; - - while (TRUE) - { - char *separator; - size_t len; - - if (!fgets(line, sizeof(line), file)) - { - return SUCCESS; - } - len = strlen(line); - - /* remove trailing newline if present */ - if (len > 0 && line[len - 1] == '\n') - { - len--; - } - DBG3(DBG_IMC, " %.*s", len, line); - - separator = strchr(line, '_'); - if (!separator) - { - DBG1(DBG_IMC, "separation of regid from unique software ID failed"); - return FAILED; - } - tag_creator = chunk_create(line, separator - line); - separator++; - - unique_sw_id = chunk_create(separator, len - (separator - line)); - tag_id = swid_tag_id_create(tag_creator, unique_sw_id, tag_file_path); - this->list->insert_last(this->list, tag_id); - } -} - -static status_t generate_tags(private_swid_inventory_t *this, char *generator, - swid_inventory_t *targets, bool pretty, bool full) -{ - FILE *file; - char command[BUF_LEN]; - char doc_separator[] = "'\n\n'"; - + enumerator_t *enumerator; status_t status = SUCCESS; + chunk_t out; + + swid_gen = swid_gen_create(); if (targets->get_count(targets) == 0) { - /* Assemble the SWID generator command */ - if (this->full_tags) - { - snprintf(command, BUF_LEN, "%s swid --doc-separator %s%s%s", - generator, doc_separator, pretty ? " --pretty" : "", - full ? " --full" : ""); - } - else - { - snprintf(command, BUF_LEN, "%s software-id", generator); - } + DBG2(DBG_IMC, "SWID tag%s generation by package manager", + this->full_tags ? "" : " ID"); - /* Open a pipe stream for reading the SWID generator output */ - file = popen(command, "r"); - if (!file) + enumerator = swid_gen->create_tag_enumerator(swid_gen, !this->full_tags, + full, pretty); + if (enumerator) { - DBG1(DBG_IMC, "failed to run swid_generator command"); - return NOT_SUPPORTED; - } + while (enumerator->enumerate(enumerator, &out)) + { + if (this->full_tags) + { + chunk_t swid_tag = out; - if (this->full_tags) - { - DBG2(DBG_IMC, "SWID tag generation by package manager"); - status = read_swid_tags(this, file); + tag = swid_tag_create(swid_tag, chunk_empty); + this->list->insert_last(this->list, tag); + } + else + { + chunk_t tag_creator, sw_id = out; + + if (extract_token_str(&tag_creator, "__", &sw_id)) + { + tag_id = swid_tag_id_create(tag_creator, sw_id, + chunk_empty); + this->list->insert_last(this->list, tag_id); + } + else + { + DBG1(DBG_IMC, "separation of regid from unique " + "software ID failed"); + status = FAILED; + chunk_free(&out); + break; + } + } + chunk_free(&out); + } + enumerator->destroy(enumerator); } else { - DBG2(DBG_IMC, "SWID tag ID generation by package manager"); - status = read_swid_tag_ids(this, file); + status = NOT_SUPPORTED; } - pclose(file); } else if (this->full_tags) { - swid_tag_id_t *tag_id; - enumerator_t *enumerator; + DBG2(DBG_IMC, "targeted SWID tag generation"); enumerator = targets->create_enumerator(targets); while (enumerator->enumerate(enumerator, &tag_id)) { - char software_id[BUF_LEN]; - chunk_t tag_creator, unique_sw_id; + char software_id[BUF_LEN], *swid_tag; + chunk_t tag_creator, sw_id; + /* Construct software ID from tag creator and unique software ID */ tag_creator = tag_id->get_tag_creator(tag_id); - unique_sw_id = tag_id->get_unique_sw_id(tag_id, NULL); - snprintf(software_id, BUF_LEN, "%.*s_%.*s", - tag_creator.len, tag_creator.ptr, - unique_sw_id.len, unique_sw_id.ptr); - - /* Assemble the SWID generator command */ - snprintf(command, BUF_LEN, "%s swid --software-id %s%s%s", - generator, software_id, pretty ? " --pretty" : "", - full ? " --full" : ""); - - /* Open a pipe stream for reading the SWID generator output */ - file = popen(command, "r"); - if (!file) - { - DBG1(DBG_IMC, "failed to run swid_generator command"); - return NOT_SUPPORTED; - } - status = read_swid_tags(this, file); - pclose(file); - - if (status != SUCCESS) + sw_id = tag_id->get_unique_sw_id(tag_id, NULL); + snprintf(software_id, BUF_LEN, "%.*s__%.*s", + (int)tag_creator.len, tag_creator.ptr, + (int)sw_id.len, sw_id.ptr); + + swid_tag = swid_gen->generate_tag(swid_gen, software_id, NULL, NULL, + full, pretty); + if (swid_tag) { - break; + tag = swid_tag_create(chunk_from_str(swid_tag), chunk_empty); + this->list->insert_last(this->list, tag); + free(swid_tag); } } enumerator->destroy(enumerator); } + swid_gen->destroy(swid_gen); return status; } static bool collect_tags(private_swid_inventory_t *this, char *pathname, - swid_inventory_t *targets) + swid_inventory_t *targets, bool is_swidtag_dir) { char *rel_name, *abs_name; struct stat st; @@ -251,72 +159,49 @@ static bool collect_tags(private_swid_inventory_t *this, char *pathname, pathname, strerror(errno)); return FALSE; } - DBG2(DBG_IMC, "entering %s", pathname); + if (is_swidtag_dir) + { + DBG2(DBG_IMC, "entering %s", pathname); + } while (enumerator->enumerate(enumerator, &rel_name, &abs_name, &st)) { - char * start, *stop; + char *separator, *suffix; chunk_t tag_creator; chunk_t unique_sw_id = chunk_empty, tag_file_path = chunk_empty; - if (!strstr(rel_name, "regid.")) - { - continue; - } if (S_ISDIR(st.st_mode)) { - /* In case of a targeted request */ - if (targets->get_count(targets)) - { - enumerator_t *target_enumerator; - swid_tag_id_t *tag_id; - bool match = FALSE; - - target_enumerator = targets->create_enumerator(targets); - while (target_enumerator->enumerate(target_enumerator, &tag_id)) - { - if (chunk_equals(tag_id->get_tag_creator(tag_id), - chunk_from_str(rel_name))) - { - match = TRUE; - break; - } - } - target_enumerator->destroy(target_enumerator); - - if (!match) - { - continue; - } - } - - if (!collect_tags(this, abs_name, targets)) + if (!collect_tags(this, abs_name, targets, is_swidtag_dir || + streq(rel_name, "swidtag"))) { goto end; } continue; } + if (!is_swidtag_dir) + { + continue; + } - /* parse the regid filename into its components */ - start = rel_name; - stop = strchr(start, '_'); - if (!stop) + /* found a swidtag file? */ + suffix = strstr(rel_name, ".swidtag"); + if (!suffix) { - DBG1(DBG_IMC, " %s", rel_name); - DBG1(DBG_IMC, " '_' separator not found"); - goto end; + continue; } - tag_creator = chunk_create(start, stop-start); - start = stop + 1; - stop = strstr(start, ".swidtag"); - if (!stop) + /* parse the swidtag filename into its components */ + separator = strstr(rel_name, "__"); + if (!separator) { DBG1(DBG_IMC, " %s", rel_name); - DBG1(DBG_IMC, " swidtag postfix not found"); + DBG1(DBG_IMC, " '__' separator not found"); goto end; } - unique_sw_id = chunk_create(start, stop-start); + tag_creator = chunk_create(rel_name, separator-rel_name); + + unique_sw_id = chunk_create(separator+2, suffix-separator-2); tag_file_path = chunk_from_str(abs_name); /* In case of a targeted request */ @@ -334,7 +219,7 @@ static bool collect_tags(private_swid_inventory_t *this, char *pathname, target_tag_creator = tag_id->get_tag_creator(tag_id); if (chunk_equals(target_unique_sw_id, unique_sw_id) && - chunk_equals(target_tag_creator, tag_creator)) + chunk_equals(target_tag_creator, tag_creator)) { match = TRUE; break; @@ -358,7 +243,7 @@ static bool collect_tags(private_swid_inventory_t *this, char *pathname, if (!xml_tag) { DBG1(DBG_IMC, " opening '%s' failed: %s", abs_name, - strerror(errno)); + strerror(errno)); goto end; } @@ -378,25 +263,28 @@ static bool collect_tags(private_swid_inventory_t *this, char *pathname, end: enumerator->destroy(enumerator); - DBG2(DBG_IMC, "leaving %s", pathname); + if (is_swidtag_dir) + { + DBG2(DBG_IMC, "leaving %s", pathname); + } return success; } METHOD(swid_inventory_t, collect, bool, - private_swid_inventory_t *this, char *directory, char *generator, - swid_inventory_t *targets, bool pretty, bool full) + private_swid_inventory_t *this, char *directory, swid_inventory_t *targets, + bool pretty, bool full) { /** * Tags are generated by a package manager */ - generate_tags(this, generator, targets, pretty, full); + generate_tags(this, targets, pretty, full); /** * Collect swidtag files by iteratively entering all directories in * the tree under the "directory" path. */ - return collect_tags(this, directory, targets); + return collect_tags(this, directory, targets, FALSE); } METHOD(swid_inventory_t, add, void, diff --git a/src/libimcv/swid/swid_inventory.h b/src/libimcv/swid/swid_inventory.h index 04029070e..ba2518e26 100644 --- a/src/libimcv/swid/swid_inventory.h +++ b/src/libimcv/swid/swid_inventory.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2013-2014 Andreas Steffen + * Copyright (C) 2013-2017 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -37,13 +37,12 @@ struct swid_inventory_t { * Collect the SWID tags stored on the endpoint * * @param directory SWID directory path - * @param generator Path to SWID generator * @param targets List of target tag IDs * @param pretty Generate indented XML SWID tags * @param full Include file information in SWID tags * @return TRUE if successful */ - bool (*collect)(swid_inventory_t *this, char *directory, char *generator, + bool (*collect)(swid_inventory_t *this, char *directory, swid_inventory_t *targets, bool pretty, bool full); /** diff --git a/src/libimcv/swid_gen/swid_gen.c b/src/libimcv/swid_gen/swid_gen.c new file mode 100644 index 000000000..206d41d11 --- /dev/null +++ b/src/libimcv/swid_gen/swid_gen.c @@ -0,0 +1,291 @@ +/* + * Copyright (C) 2017 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#define _GNU_SOURCE +#include + +#include "swid_gen.h" + +#include + +#define SWID_GENERATOR "/usr/local/bin/swid_generator" + +typedef struct private_swid_gen_t private_swid_gen_t; + +/** + * Private data of a swid_gen_t object. + * + */ +struct private_swid_gen_t { + + /** + * Public swid_gen_t interface. + */ + swid_gen_t public; + + /** + * Path of the SWID generator command + */ + char *generator; + + /** + * Entity name of the tagCreator + */ + char *entity; + + /** + * Regid of the tagCreator + */ + char *regid; + +}; + +METHOD(swid_gen_t, generate_tag, char*, + private_swid_gen_t *this, char *sw_id, char *package, char *version, + bool full, bool pretty) +{ + char *tag = NULL; + size_t tag_buf_len = 8192; + char tag_buf[tag_buf_len], command[BUF_LEN]; + bio_writer_t *writer; + chunk_t swid_tag; + FILE *file; + + /* Compose the SWID generator command */ + if (full || !package || !version) + { + snprintf(command, BUF_LEN, "%s swid --entity-name \"%s\" " + "--regid %s --software-id %s%s%s", + this->generator, this->entity, this->regid, sw_id, + full ? " --full" : "", pretty ? " --pretty" : ""); + } + else + { + snprintf(command, BUF_LEN, "%s swid --entity-name \"%s\" " + "--regid %s --name %s --version-string %s%s", + this->generator, this->entity, this->regid, package, + version, pretty ? " --pretty" : ""); + } + + /* Open a pipe stream for reading the SWID generator output */ + file = popen(command, "r"); + if (file) + { + writer = bio_writer_create(tag_buf_len); + while (TRUE) + { + if (!fgets(tag_buf, tag_buf_len, file)) + { + break; + } + writer->write_data(writer, chunk_create(tag_buf, strlen(tag_buf))); + } + pclose(file); + swid_tag = writer->extract_buf(writer); + writer->destroy(writer); + + if (swid_tag.len > 0) + { + tag = swid_tag.ptr; + tag[swid_tag.len - 1] = '\0'; + } + else + { + chunk_free(&swid_tag); + } + } + else + { + DBG1(DBG_IMC, "failed to run swid_generator command"); + } + + return tag; +} + +typedef struct { + /** public enumerator interface */ + enumerator_t public; + /** swid_generator output stream */ + FILE *file; + /** generate software identifier only */ + bool sw_id_only; +} swid_gen_enumerator_t; + +METHOD(enumerator_t, enumerate, bool, + swid_gen_enumerator_t *this, va_list args) +{ + chunk_t *out; + + VA_ARGS_VGET(args, out); + + if (this->sw_id_only) + { + char line[BUF_LEN]; + size_t len; + + if (!fgets(line, sizeof(line), this->file)) + { + return FALSE; + } + len = strlen(line); + + if (len == 0) + { + return FALSE; + } + + /* remove trailing newline if present */ + if (line[len - 1] == '\n') + { + len--; + } + DBG3(DBG_IMC, " %.*s", len, line); + *out = chunk_clone(chunk_create(line, len)); + } + else + { + bool last_newline = TRUE; + size_t len, line_len = 8192; + char line[line_len]; + bio_writer_t *writer; + chunk_t swid_tag; + + writer = bio_writer_create(line_len); + while (TRUE) + { + if (!fgets(line, line_len, this->file)) + { + break; + } + len = strlen(line); + + if (last_newline && line[0] == '\n') + { + break; + } + else + { + last_newline = (line[len-1] == '\n'); + writer->write_data(writer, chunk_create(line, len)); + } + } + swid_tag = writer->extract_buf(writer); + writer->destroy(writer); + + if (swid_tag.len <= 1) + { + chunk_free(&swid_tag); + return FALSE; + } + + /* remove trailing newline if present */ + if (swid_tag.ptr[swid_tag.len - 1] == '\n') + { + swid_tag.len--; + } + DBG3(DBG_IMC, " %.*s", swid_tag.len, swid_tag.ptr); + *out = swid_tag; + } + + return TRUE; +} + +METHOD(enumerator_t, enumerator_destroy, void, + swid_gen_enumerator_t *this) +{ + pclose(this->file); + free(this); +} + +METHOD(swid_gen_t, create_tag_enumerator, enumerator_t*, + private_swid_gen_t *this, bool sw_id_only, bool full, bool pretty) +{ + swid_gen_enumerator_t *enumerator; + char command[BUF_LEN]; + char doc_separator[] = "'\n\n'"; + FILE *file; + + /* Assemble the SWID generator command */ + if (sw_id_only) + { + snprintf(command, BUF_LEN, "%s software-id --regid %s ", + this->generator, this->regid); + } + else + { + snprintf(command, BUF_LEN, "%s swid --entity-name \"%s\" --regid %s " + "--doc-separator %s%s%s", this->generator, this->entity, + this->regid, doc_separator, pretty ? " --pretty" : "", + full ? " --full" : ""); + } + + /* Open a pipe stream for reading the SWID generator output */ + file = popen(command, "r"); + if (!file) + { + DBG1(DBG_IMC, "failed to run swid_generator command"); + return NULL; + } + + INIT(enumerator, + .public = { + .enumerate = enumerator_enumerate_default, + .venumerate = _enumerate, + .destroy = _enumerator_destroy, + }, + .sw_id_only = sw_id_only, + .file = file, + ); + + return &enumerator->public; +} + +METHOD(swid_gen_t, destroy, void, + private_swid_gen_t *this) +{ + free(this->generator); + free(this->entity); + free(this->regid); + free(this); +} + +/** + * See header + */ +swid_gen_t *swid_gen_create(void) +{ + private_swid_gen_t *this; + char *entity, *regid, *generator; + + entity = lib->settings->get_str(lib->settings, + "libimcv.swid_gen.tag_creator.name", "strongSwan Project"); + regid = lib->settings->get_str(lib->settings, + "libimcv.swid_gen.tag_creator.regid", "strongswan.org"); + generator = lib->settings->get_str(lib->settings, + "libimcv.swid_gen.command", SWID_GENERATOR); + + INIT(this, + .public = { + .generate_tag = _generate_tag, + .create_tag_enumerator = _create_tag_enumerator, + .destroy = _destroy, + }, + .generator = strdup(generator), + .entity = strdup(entity), + .regid = strdup(regid), + ); + + return &this->public; +} diff --git a/src/libimcv/swid_gen/swid_gen.h b/src/libimcv/swid_gen/swid_gen.h new file mode 100644 index 000000000..c143f292d --- /dev/null +++ b/src/libimcv/swid_gen/swid_gen.h @@ -0,0 +1,69 @@ +/* + * Copyright (C) 2017 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup swid_gen swid_gen + * @{ @ingroup libimcv + */ + +#ifndef SWID_GEN_H_ +#define SWID_GEN_H_ + +#include + +typedef struct swid_gen_t swid_gen_t; + +/** + * Class generating a either a full or a minimalistic ISO 19770-2:2015 SWID tag + */ +struct swid_gen_t { + + /** + * Generate a SWID tag + * + * @param sw_id Software identifier + * @param package Package name (can be NULL) + * @param version Package version (can be NULL) + * @param full Generate full SWID tags with file information + * @param pretty Generate SWID tags with pretty formatting + * @return SWID tag + */ + char* (*generate_tag)(swid_gen_t *this, char *sw_id, char *package, + char *version, bool full, bool pretty); + + /** + * Generate a SWID tag + * + * @param sw_id_only Return software identifier only + * @param full Generate full SWID tags with file information + * @param pretty Generate SWID tags with pretty formatting + * @return Tag enumerator (sw_id, tag) + */ + enumerator_t* (*create_tag_enumerator)(swid_gen_t *this, bool sw_id_only, + bool full, bool pretty); + + /** + * Destroys a swid_gen_t object. + */ + void (*destroy)(swid_gen_t *this); + +}; + +/** + * Creates a swid_gen_t object + */ +swid_gen_t* swid_gen_create(void); + +#endif /** SWID_GEN_H_ @}*/ diff --git a/src/libimcv/swid_gen/swid_gen_info.c b/src/libimcv/swid_gen/swid_gen_info.c new file mode 100644 index 000000000..bdaeedce7 --- /dev/null +++ b/src/libimcv/swid_gen/swid_gen_info.c @@ -0,0 +1,174 @@ +/* + * Copyright (C) 2017 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#define _GNU_SOURCE +#include + +#include "swid_gen_info.h" + +#include +#include + +typedef struct private_swid_gen_info_t private_swid_gen_info_t; + +/** + * Private data of an swid_gen_info_t object. + */ +struct private_swid_gen_info_t { + + /** + * Public members of swid_gen_info_state_t + */ + swid_gen_info_t public; + + /** + * tagCreator + */ + char *tag_creator; + + /** + * OS string 'Name_Version-Arch' + */ + char *os; + + /** + * Product string 'Name Version Arch' + */ + char *product; + + /** + * OS info about endpoint + */ + imc_os_info_t *os_info; + +}; + +/** + * Replaces invalid character by a valid one + */ +static void sanitize_uri(char *uri, char a, char b) +{ + char *pos = uri; + + while (TRUE) + { + pos = strchr(pos, a); + if (!pos) + { + break; + } + *pos = b; + pos++; + } +} + +METHOD(swid_gen_info_t, get_os_type, os_type_t, + private_swid_gen_info_t *this) +{ + return this->os_info->get_type(this->os_info); +} + +METHOD(swid_gen_info_t, get_os, char*, + private_swid_gen_info_t *this, char **product) +{ + if (product) + { + *product = this->product; + } + return this->os; +} + +METHOD(swid_gen_info_t, create_sw_id, char*, + private_swid_gen_info_t *this, char *package, char *version) +{ + char *sw_id; + + if (asprintf(&sw_id, "%s__%s-%s%s%s", this->tag_creator, this->os, + package, strlen(version) ? "-" : "", version) == -1) + { + return NULL; + } + sanitize_uri(sw_id, ':', '~'); + sanitize_uri(sw_id, '+', '~'); + + return sw_id; +} + +METHOD(swid_gen_info_t, destroy, void, + private_swid_gen_info_t *this) +{ + this->os_info->destroy(this->os_info); + free(this->os); + free(this->product); + free(this->tag_creator); + free(this); +} + +/** + * Described in header. + */ +swid_gen_info_t *swid_gen_info_create(void) +{ + private_swid_gen_info_t *this; + chunk_t os_name, os_version, os_arch; + char *tag_creator; + + tag_creator = lib->settings->get_str(lib->settings, + "libimcv.swid_gen.tag_creator.regid", "strongswan.org"); + + INIT(this, + .public = { + .get_os_type = _get_os_type, + .get_os = _get_os, + .create_sw_id = _create_sw_id, + .destroy = _destroy, + }, + .os_info = imc_os_info_create(), + .tag_creator = strdup(tag_creator), + ); + + os_name = this->os_info->get_name(this->os_info); + os_arch = this->os_info->get_version(this->os_info); + + /* get_version() returns version followed by arch */ + if (!extract_token(&os_version, ' ', &os_arch)) + { + DBG1(DBG_IMC, "separation of OS version from arch failed"); + destroy(this); + return NULL; + } + + /* construct OS string */ + if (asprintf(&this->os, "%.*s_%.*s-%.*s", (int)os_name.len, os_name.ptr, + (int)os_version.len, os_version.ptr, (int)os_arch.len, + os_arch.ptr) == -1) + { + DBG1(DBG_IMC, "constructon of OS string failed"); + destroy(this); + return NULL; + } + + /* construct product string */ + if (asprintf(&this->product, "%.*s %.*s %.*s", (int)os_name.len, + os_name.ptr, (int)os_version.len, os_version.ptr, + (int)os_arch.len, os_arch.ptr) == -1) + { + DBG1(DBG_IMC, "constructon of product string failed"); + destroy(this); + return NULL; + } + + return &this->public; +} diff --git a/src/libimcv/swid_gen/swid_gen_info.h b/src/libimcv/swid_gen/swid_gen_info.h new file mode 100644 index 000000000..b99fec4f3 --- /dev/null +++ b/src/libimcv/swid_gen/swid_gen_info.h @@ -0,0 +1,69 @@ +/* + * Copyright (C) 2017 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup sw_collector sw-collector + * + * @defgroup swid_gen_info_t swid_gen_info + * @{ @ingroup sw_collector + */ + +#ifndef SWID_GEN_INFO_H_ +#define SWID_GEN_INFO_H_ + +typedef struct swid_gen_info_t swid_gen_info_t; + +#include "imc/imc_os_info.h" + +struct swid_gen_info_t { + + /** + * Get OS type + * + * @return OS type + */ + os_type_t (*get_os_type)(swid_gen_info_t *this); + + /** + * Get OS and product strings + * + * @param product Product string 'Name Version Arch' + * @return OS string 'Name_Version-Arch' + */ + char* (*get_os)(swid_gen_info_t *this, char **product); + + /** + * Create software identifier including tagCreator and OS + * + * @param package Package string + * @param version Version string + * @return Software Identifier string + */ + char* (*create_sw_id)(swid_gen_info_t *this, char *package, + char *version); + + /** + * Destroy swid_gen_info_t object + */ + void (*destroy)(swid_gen_info_t *this); + +}; + +/** + * Create an swid_gen_info_t instance + */ +swid_gen_info_t* swid_gen_info_create(void); + +#endif /** SWID_GEN_INFO_H_ @}*/ diff --git a/src/libimcv/swima/swima_collector.c b/src/libimcv/swima/swima_collector.c new file mode 100644 index 000000000..096093b01 --- /dev/null +++ b/src/libimcv/swima/swima_collector.c @@ -0,0 +1,592 @@ +/* + * Copyright (C) 2017 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "swima_collector.h" + +#include + +#include +#include + +#include +#include +#include +#include +#include +#include + +#define SOURCE_ID_GENERATOR 1 +#define SOURCE_ID_COLLECTOR 2 + +#ifndef SWID_DIRECTORY +#define SWID_DIRECTORY NULL +#endif + +/** + * Directories to be skipped by collector + */ +static const char* skip_directories[] = { + "/usr/share/doc", + "/usr/share/help", + "/usr/share/icons", + "/usr/share/gnome/help" +}; + +typedef struct private_swima_collector_t private_swima_collector_t; + +/** + * Private data of a swima_collector_t object. + * + */ +struct private_swima_collector_t { + + /** + * Public swima_collector_t interface. + */ + swima_collector_t public; + + /** + * Collect Software Identifiers only + */ + bool sw_id_only; + + /** + * Software Collector Database [if it exists] + */ + database_t *db; + + /** + * List of Software [Identifier] records + */ + swima_inventory_t *inventory; + + /** + * List of Software [Identifier] events + */ + swima_events_t *events; + +}; + +/** + * Extract Software Identifier from SWID tag + */ +static status_t extract_sw_id(chunk_t swid_tag, chunk_t *sw_id) +{ + char *pos, *tag, *tagid, *regid; + size_t len, tagid_len, regid_len; + status_t status = NOT_FOUND; + + /* Copy at most 1023 bytes of the SWID tag and null-terminate it */ + len = min(1023, swid_tag.len); + pos = tag = strndup(swid_tag.ptr, len); + + tagid= strstr(pos, "tagId=\""); + if (tagid == NULL) + { + goto end; + } + tagid += 7; + len -= tagid - pos - 7; + + pos = strchr(tagid, '"'); + if (pos == NULL) + { + goto end; + } + tagid_len = pos - tagid; + + regid= strstr(pos, "regid=\""); + if (regid == NULL) + { + goto end; + } + regid += 7; + len -= regid - pos - 7; + + pos = strchr(regid, '"'); + if (pos == NULL) + { + goto end; + } + regid_len = pos - regid; + + *sw_id = chunk_cat("ccc", chunk_create(regid, regid_len), + chunk_from_chars('_','_'), + chunk_create(tagid, tagid_len)); + status = SUCCESS; +end: + free(tag); + + return status; +} + +static status_t retrieve_inventory(private_swima_collector_t *this, + swima_inventory_t *targets) +{ + char *name; + uint32_t record_id, source; + swima_record_t *sw_record; + chunk_t sw_id; + enumerator_t *e; + + /* Retrieve complete software identifier inventory */ + e = this->db->query(this->db, + "SELECT id, name, source FROM sw_identifiers WHERE installed = 1 " + "ORDER BY name ASC", DB_UINT, DB_TEXT, DB_UINT); + if (!e) + { + DBG1(DBG_IMC, "database query for installed sw_identifiers failed"); + return FAILED; + } + while (e->enumerate(e, &record_id, &name, &source)) + { + sw_id = chunk_from_str(name); + sw_record = swima_record_create(record_id, sw_id, chunk_empty); + sw_record->set_source_id(sw_record, source); + this->inventory->add(this->inventory, sw_record); + } + e->destroy(e); + + return SUCCESS; +} + +static status_t retrieve_events(private_swima_collector_t *this, + swima_inventory_t *targets) +{ + enumerator_t *e; + char *name, *timestamp; + uint32_t record_id, source, action, eid, earliest_eid; + chunk_t sw_id, ev_ts; + swima_record_t *sw_record; + swima_event_t *sw_event; + + earliest_eid = targets->get_eid(targets, NULL); + + /* Retrieve complete software identifier inventory */ + e = this->db->query(this->db, + "SELECT e.id, e.timestamp, i.id, i.name, i.source, s.action " + "FROM sw_events as s JOIN events AS e ON s.eid = e.id " + "JOIN sw_identifiers as i ON s.sw_id = i.id WHERE s.eid >= ?" + "ORDER BY s.eid, i.name, s.action ASC", DB_UINT, earliest_eid, + DB_UINT, DB_TEXT, DB_UINT, DB_TEXT, DB_UINT, DB_UINT); + if (!e) + { + DBG1(DBG_IMC, "database query for sw_events failed"); + return FAILED; + } + while (e->enumerate(e, &eid, ×tamp, &record_id, &name, &source, &action)) + { + sw_id = chunk_from_str(name); + ev_ts = chunk_from_str(timestamp); + sw_record = swima_record_create(record_id, sw_id, chunk_empty); + sw_record->set_source_id(sw_record, source); + sw_event = swima_event_create(eid, ev_ts, action, sw_record); + this->events->add(this->events, sw_event); + } + e->destroy(e); + + return SUCCESS; +} + +static status_t generate_tags(private_swima_collector_t *this, + swima_inventory_t *targets, bool pretty, bool full) +{ + swid_gen_t *swid_gen; + swima_record_t *target, *sw_record; + enumerator_t *enumerator; + status_t status = SUCCESS; + + swid_gen = swid_gen_create(); + + if (targets->get_count(targets) == 0) + { + chunk_t out, sw_id, swid_tag = chunk_empty; + + DBG2(DBG_IMC, "SWID tag%s generation by package manager", + this->sw_id_only ? " ID" : ""); + + enumerator = swid_gen->create_tag_enumerator(swid_gen, this->sw_id_only, + full, pretty); + if (enumerator) + { + while (enumerator->enumerate(enumerator, &out)) + { + if (this->sw_id_only) + { + sw_id = out; + } + else + { + swid_tag = out; + status = extract_sw_id(swid_tag, &sw_id); + if (status != SUCCESS) + { + DBG1(DBG_IMC, "software id could not be extracted " + "from tag"); + chunk_free(&swid_tag); + break; + } + } + sw_record = swima_record_create(0, sw_id, chunk_empty); + sw_record->set_source_id(sw_record, SOURCE_ID_GENERATOR); + if (!this->sw_id_only) + { + sw_record->set_record(sw_record, swid_tag); + chunk_free(&swid_tag); + } + this->inventory->add(this->inventory, sw_record); + chunk_free(&sw_id); + } + enumerator->destroy(enumerator); + } + else + { + status = NOT_SUPPORTED; + } + } + else if (!this->sw_id_only) + { + DBG2(DBG_IMC, "targeted SWID tag generation"); + + enumerator = targets->create_enumerator(targets); + while (enumerator->enumerate(enumerator, &target)) + { + swima_record_t *sw_record; + char *tag = NULL, *name, *package, *version; + u_int installed; + chunk_t sw_id; + enumerator_t *e; + + sw_id = target->get_sw_id(target, NULL); + name = strndup(sw_id.ptr, sw_id.len); + + if (this->db) + { + e = this->db->query(this->db, + "SELECT package, version, installed " + "FROM sw_identifiers WHERE name = ?", DB_TEXT, name, + DB_TEXT, DB_TEXT, DB_UINT); + if (!e) + { + DBG1(DBG_IMC, "database query for sw_identifiers failed"); + status = FAILED; + free(name); + break; + } + if (e->enumerate(e, &package, &version, &installed)) + { + tag = swid_gen->generate_tag(swid_gen, name, package, + version, full && installed, pretty); + } + e->destroy(e); + } + else + { + tag = swid_gen->generate_tag(swid_gen, name, NULL, NULL, + full, pretty); + } + free(name); + + if (tag) + { + DBG2(DBG_IMC, " %.*s", sw_id.len, sw_id.ptr); + sw_record = swima_record_create(0, sw_id, chunk_empty); + sw_record->set_source_id(sw_record, SOURCE_ID_GENERATOR); + sw_record->set_record(sw_record, chunk_from_str(tag)); + this->inventory->add(this->inventory, sw_record); + free(tag); + } + } + enumerator->destroy(enumerator); + } + swid_gen->destroy(swid_gen); + + return status; +} + +static bool collect_tags(private_swima_collector_t *this, char *pathname, + swima_inventory_t *targets, bool is_swidtag_dir) +{ + char *rel_name, *abs_name, *suffix, *pos; + chunk_t *swid_tag, sw_id, sw_locator; + swima_record_t *sw_record; + struct stat st; + bool success = FALSE, skip, is_new_swidtag_dir; + enumerator_t *enumerator; + int i; + + if (!pathname) + { + return TRUE; + } + + enumerator = enumerator_create_directory(pathname); + if (!enumerator) + { + DBG1(DBG_IMC, "directory '%s' can not be opened, %s", + pathname, strerror(errno)); + return FALSE; + } + + while (enumerator->enumerate(enumerator, &rel_name, &abs_name, &st)) + { + if (S_ISDIR(st.st_mode)) + { + skip = FALSE; + + for (i = 0; i < countof(skip_directories); i++) + { + if (streq(abs_name, skip_directories[i])) + { + skip = TRUE; + break; + } + } + + if (skip) + { + continue; + } + + is_new_swidtag_dir = streq(rel_name, "swidtag"); + if (is_new_swidtag_dir) + { + DBG2(DBG_IMC, "entering %s", pathname); + } + if (!collect_tags(this, abs_name, targets, is_swidtag_dir || + is_new_swidtag_dir)) + { + goto end; + } + if (is_new_swidtag_dir) + { + DBG2(DBG_IMC, "leaving %s", pathname); + } + } + + if (!is_swidtag_dir) + { + continue; + } + + /* found a swidtag file? */ + suffix = strstr(rel_name, ".swidtag"); + if (!suffix) + { + continue; + } + + /* load the swidtag file */ + swid_tag = chunk_map(abs_name, FALSE); + if (!swid_tag) + { + DBG1(DBG_IMC, " opening '%s' failed: %s", abs_name, + strerror(errno)); + goto end; + } + + /* extract software identity from SWID tag */ + if (extract_sw_id(*swid_tag, &sw_id) != SUCCESS) + { + DBG1(DBG_IMC, "software id could not be extracted from SWID tag"); + chunk_unmap(swid_tag); + goto end; + } + + /* In case of a targeted request */ + if (targets->get_count(targets)) + { + enumerator_t *target_enumerator; + swima_record_t *target; + bool match = FALSE; + + target_enumerator = targets->create_enumerator(targets); + while (target_enumerator->enumerate(target_enumerator, &target)) + { + if (chunk_equals(target->get_sw_id(target, NULL), sw_id)) + { + DBG2(DBG_IMC, " %.*s", sw_id.len, sw_id.ptr); + match = TRUE; + break; + } + } + target_enumerator->destroy(target_enumerator); + + if (!match) + { + chunk_unmap(swid_tag); + chunk_free(&sw_id); + continue; + } + } + DBG2(DBG_IMC, " %s", rel_name); + + pos = strstr(pathname, "/swidtag"); + sw_locator = pos ? chunk_create(pathname, pos - pathname) : chunk_empty; + sw_record = swima_record_create(0, sw_id, sw_locator); + sw_record->set_source_id(sw_record, SOURCE_ID_COLLECTOR); + if (!this->sw_id_only) + { + sw_record->set_record(sw_record, *swid_tag); + } + this->inventory->add(this->inventory, sw_record); + chunk_unmap(swid_tag); + chunk_free(&sw_id); + } + success = TRUE; + +end: + enumerator->destroy(enumerator); + + return success; +} + +METHOD(swima_collector_t, collect_inventory, swima_inventory_t*, + private_swima_collector_t *this, bool sw_id_only, swima_inventory_t *targets) +{ + bool pretty, full; + char *directory; + status_t status; + + directory = lib->settings->get_str(lib->settings, + "%s.plugins.imc-swima.swid_directory", + SWID_DIRECTORY, lib->ns); + pretty = lib->settings->get_bool(lib->settings, + "%s.plugins.imc-swima.swid_pretty", + FALSE, lib->ns); + full = lib->settings->get_bool(lib->settings, + "%s.plugins.imc-swima.swid_full", + FALSE, lib->ns); + + /** + * Re-initialize collector + */ + this->sw_id_only = sw_id_only; + this->inventory->clear(this->inventory); + + /** + * Source 1: Tags are generated by a package manager + */ + if (sw_id_only && this->db) + { + status = retrieve_inventory(this, targets); + } + else + { + status = generate_tags(this, targets, pretty, full); + } + + /** + * Source 2: Collect swidtag files by iteratively entering all + * directories in the tree under the "directory" path. + */ + DBG2(DBG_IMC, "SWID tag%s collection", sw_id_only ? " ID" : ""); + collect_tags(this, directory, targets, FALSE); + + return status == SUCCESS ? this->inventory : NULL; +} + +METHOD(swima_collector_t, collect_events, swima_events_t*, + private_swima_collector_t *this, bool sw_id_only, swima_inventory_t *targets) +{ + if (!sw_id_only || !this->db) + { + return NULL; + } + + /** + * Re-initialize collector + */ + this->sw_id_only = sw_id_only; + this->events->clear(this->events); + + return retrieve_events(this, targets) == SUCCESS ? this->events : NULL; +} + +METHOD(swima_collector_t, destroy, void, + private_swima_collector_t *this) +{ + DESTROY_IF(this->db); + this->inventory->destroy(this->inventory); + this->events->destroy(this->events); + free(this); +} + +/** + * See header + */ +swima_collector_t *swima_collector_create(void) +{ + private_swima_collector_t *this; + char *database; + uint32_t last_eid = 1, eid_epoch = 0x11223344; + + INIT(this, + .public = { + .collect_inventory = _collect_inventory, + .collect_events = _collect_events, + .destroy = _destroy, + }, + .inventory = swima_inventory_create(), + .events = swima_events_create(), + ); + + database = lib->settings->get_str(lib->settings, + "%s.plugins.imc-swima.swid_database", NULL, lib->ns); + + /* If we have an URI, try to connect to sw_collector database */ + if (database) + { + database_t *db = lib->db->create(lib->db, database); + + if (db) + { + enumerator_t *e; + + /* Get last event ID and corresponding epoch */ + e = db->query(db, + "SELECT id, epoch FROM events ORDER BY timestamp DESC", + DB_UINT, DB_UINT); + if (!e || !e->enumerate(e, &last_eid, &eid_epoch)) + { + DBG1(DBG_IMC, "database query for last event failed"); + DESTROY_IF(e); + db->destroy(db); + } + else + { + /* The query worked, attach collector database permanently */ + e->destroy(e); + this->db = db; + } + } + else + { + DBG1(DBG_IMC, "opening sw-collector database URI '%s' failed", + database); + } + } + if (!this->db) + { + /* Set the event ID epoch and last event ID smanually */ + eid_epoch = lib->settings->get_int(lib->settings, + "%s.plugins.imc-swima.eid_epoch", + eid_epoch, lib->ns); + } + this->inventory->set_eid(this->inventory, last_eid, eid_epoch); + this->events->set_eid(this->events, last_eid, eid_epoch); + + return &this->public; +} diff --git a/src/libimcv/swima/swima_collector.h b/src/libimcv/swima/swima_collector.h new file mode 100644 index 000000000..848dc1696 --- /dev/null +++ b/src/libimcv/swima/swima_collector.h @@ -0,0 +1,68 @@ +/* + * Copyright (C) 2017 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup swima_collector swima_collector + * @{ @ingroup libimcv_swima + */ + +#ifndef SWIMA_COLLECTOR_H_ +#define SWIMA_COLLECTOR_H_ + +#include "swima/swima_inventory.h" +#include "swima/swima_events.h" + +typedef struct swima_collector_t swima_collector_t; + +/** + * Class collecting Software [Identity] Inventory + */ +struct swima_collector_t { + + /** + * Collect the Software [Identity] Inventory + * + * @param sw_id_only TRUE to request Software Identity Inventory only + * @param targets Software Identity targets + * @return Software [Identity] Inventory + */ + swima_inventory_t* (*collect_inventory)(swima_collector_t *this, + bool sw_id_only, + swima_inventory_t *targets); + + /** + * Collect Software [Identity] Events + * + * @param sw_id_only TRUE to request Software Identity Inventory only + * @param targets Software Identity targets + * @return Software [Identity] Events + */ + swima_events_t* (*collect_events)(swima_collector_t *this, + bool sw_id_only, + swima_inventory_t *targets); + + /** + * Destroys a swima_collector_t object. + */ + void (*destroy)(swima_collector_t *this); + +}; + +/** + * Creates a swima_collector_t object + */ +swima_collector_t* swima_collector_create(void); + +#endif /** SWIMA_COLLECTOR_H_ @}*/ diff --git a/src/libimcv/swima/swima_data_model.c b/src/libimcv/swima/swima_data_model.c new file mode 100644 index 000000000..f444724c1 --- /dev/null +++ b/src/libimcv/swima/swima_data_model.c @@ -0,0 +1,28 @@ +/* + * Copyright (C) 2017 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "swima/swima_data_model.h" + +/** + * ISO/IEC 19770-2-2015: Information Technology - Software Asset Management - + * Part 2: Software Identification Tag + */ +pen_type_t swima_data_model_iso_2015_swid_xml = { PEN_IETF, 1 }; + +/** + * ISO/IEC 19770-2-2009: Information Technology - Software Asset Management - + * Part 2: Software Identification Tag + */ +pen_type_t swima_data_model_iso_2009_swid_xml = { PEN_IETF, 2 }; diff --git a/src/libimcv/swima/swima_data_model.h b/src/libimcv/swima/swima_data_model.h new file mode 100644 index 000000000..40f0ba7b9 --- /dev/null +++ b/src/libimcv/swima/swima_data_model.h @@ -0,0 +1,38 @@ +/* + * Copyright (C) 2017 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup swima_data_model swima_data_model + * @{ @ingroup libimcv_swima + */ + +#ifndef SWIMA_DATA_MODEL_H_ +#define SWIMA_DATA_MODEL_H_ + +#include + +/** + * ISO/IEC 19770-2-2015: Information Technology - Software Asset Management - + * Part 2: Software Identification Tag + */ +extern pen_type_t swima_data_model_iso_2015_swid_xml; + +/** + * ISO/IEC 19770-2-2009: Information Technology - Software Asset Management - + * Part 2: Software Identification Tag + */ +extern pen_type_t swima_data_model_iso_2009_swid_xml; + +#endif /** SWIMA_DATA_MODEL_H_ @}*/ diff --git a/src/libimcv/swima/swima_error.c b/src/libimcv/swima/swima_error.c new file mode 100644 index 000000000..2aed2966b --- /dev/null +++ b/src/libimcv/swima/swima_error.c @@ -0,0 +1,77 @@ +/* + * Copyright (C) 2017 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "swima_error.h" + +#include +#include + +/** + * SW_ERROR, SW_SUBSCRIPTION_DENIED_ERROR and SW_SUBSCRIPTION_ID_REUSE_ERROR + * + * 1 2 3 + * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * | Copy of Request ID / Subscription ID | + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * | Description (variable length) | + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + */ + +/** + * SW_RESPONSE_TOO_LARGE_ERROR + * + * 1 2 3 + * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * | Copy of Request ID / Subscription ID | + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * | Maximum Allowed Size | + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * | Description (variable length) | + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + */ + +/** + * Described in header. + */ +pa_tnc_attr_t* swima_error_create(pa_tnc_error_code_t code, uint32_t request_id, + uint32_t max_attr_size, char *description) +{ + bio_writer_t *writer; + chunk_t msg_info; + pa_tnc_attr_t *attr; + pen_type_t error_code; + + error_code = pen_type_create( PEN_IETF, code); + writer = bio_writer_create(4); + writer->write_uint32(writer, request_id); + + if (code == PA_ERROR_SW_RESPONSE_TOO_LARGE) + { + writer->write_uint32(writer, max_attr_size); + } + + if (description) + { + writer->write_data(writer, chunk_from_str(description)); + } + msg_info = writer->get_buf(writer); + attr = ietf_attr_pa_tnc_error_create(error_code, msg_info); + writer->destroy(writer); + + return attr; +} + diff --git a/src/libimcv/swima/swima_error.h b/src/libimcv/swima/swima_error.h new file mode 100644 index 000000000..4073b075f --- /dev/null +++ b/src/libimcv/swima/swima_error.h @@ -0,0 +1,43 @@ +/* + * Copyright (C) 2017 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup swima_error swima_error + * @{ @ingroup libimcv_swima + */ + +#ifndef SWIMA_ERROR_H_ +#define SWIMA_ERROR_H_ + +typedef enum swima_error_code_t swima_error_code_t; + +#include "pa_tnc/pa_tnc_attr.h" +#include "ietf/ietf_attr_pa_tnc_error.h" + +#include + +/** + * Creates a SWIMA Error Attribute + * see section 5.16 of IETF SW Inventory Message and Attributes for PA-TNC + * + * @param code PA-TNC error code + * @param request SWID request ID + * @param max_attr_size Maximum PA-TNC attribute size (if applicable) + * @param description Optional description string or NULL + */ +pa_tnc_attr_t* swima_error_create(pa_tnc_error_code_t code, uint32_t request, + uint32_t max_attr_size, char *description); + +#endif /** SWIMA_ERROR_H_ @}*/ diff --git a/src/libimcv/swima/swima_event.c b/src/libimcv/swima/swima_event.c new file mode 100644 index 000000000..20cfa8da7 --- /dev/null +++ b/src/libimcv/swima/swima_event.c @@ -0,0 +1,124 @@ +/* + * Copyright (C) 2017 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "swima_event.h" +#include "swima_data_model.h" + +typedef struct private_swima_event_t private_swima_event_t; + +/** + * Private data of a swima_event_t object. + * + */ +struct private_swima_event_t { + + /** + * Public swima_event_t interface. + */ + swima_event_t public; + + /** + * Event ID + */ + uint32_t eid; + + /** + * Timestamp + */ + chunk_t timestamp; + + /** + * Action + */ + uint8_t action; + + /** + * Software [Identifier] record + */ + swima_record_t *sw_record; + + /** + * Reference count + */ + refcount_t ref; +}; + +METHOD(swima_event_t, get_eid, uint32_t, + private_swima_event_t *this, chunk_t *timestamp) +{ + if (timestamp) + { + *timestamp = this->timestamp; + } + return this->eid; +} + +METHOD(swima_event_t, get_action, uint8_t, + private_swima_event_t *this) +{ + return this->action; +} + +METHOD(swima_event_t, get_sw_record, swima_record_t*, + private_swima_event_t *this) +{ + return this->sw_record; +} + + +METHOD(swima_event_t, get_ref, swima_event_t*, + private_swima_event_t *this) +{ + ref_get(&this->ref); + return &this->public; +} + +METHOD(swima_event_t, destroy, void, + private_swima_event_t *this) +{ + if (ref_put(&this->ref)) + { + this->sw_record->destroy(this->sw_record); + free(this->timestamp.ptr); + free(this); + } +} + +/** + * See header + */ +swima_event_t *swima_event_create(uint32_t eid, chunk_t timestamp, + uint8_t action, swima_record_t *sw_record) +{ + private_swima_event_t *this; + + INIT(this, + .public = { + .get_eid = _get_eid, + .get_action = _get_action, + .get_sw_record = _get_sw_record, + .get_ref = _get_ref, + .destroy = _destroy, + }, + .eid = eid, + .timestamp = chunk_clone(timestamp), + .action = action, + .sw_record = sw_record, + .ref = 1, + ); + + return &this->public; +} + diff --git a/src/libimcv/swima/swima_event.h b/src/libimcv/swima/swima_event.h new file mode 100644 index 000000000..fe69d6aad --- /dev/null +++ b/src/libimcv/swima/swima_event.h @@ -0,0 +1,87 @@ +/* + * Copyright (C) 2017 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup swima_event swima_event + * @{ @ingroup libimcv_swima + */ + +#ifndef SWIMA_EVENT_H_ +#define SWIMA_EVENT_H_ + +#include "swima_record.h" + +#include + +#define SWIMA_EVENT_ACTION_CREATION 1 +#define SWIMA_EVENT_ACTION_DELETION 2 +#define SWIMA_EVENT_ACTION_ALTERATION 3 +#define SWIMA_EVENT_ACTION_LAST 3 + +typedef struct swima_event_t swima_event_t; + +/** + * Class storing a Software [Identifier] event + */ +struct swima_event_t { + + /** + * Get Event ID and optionally the associated timestamp + * + * @param timestamp Timestamp associated with Event + * @return Event ID + */ + uint32_t (*get_eid)(swima_event_t *this, chunk_t *timestamp); + + /** + * Get Action associated with Event + * + * @return Action associated with event + */ + uint8_t (*get_action)(swima_event_t *this); + + /** + * Get Software [Identifier] record + * + * @return Software [Identifier] record + */ + swima_record_t* (*get_sw_record)(swima_event_t *this); + + /** + * Get a new reference to a swima_event object + * + * @return this, with an increased refcount + */ + swima_event_t* (*get_ref)(swima_event_t *this); + + /** + * Destroys a swima_event_t object. + */ + void (*destroy)(swima_event_t *this); + +}; + +/** + * Creates a swima_event_t object + * + * @param eid Event ID + * @param timestamp Time of Event + * @param action Action (CREATION, DELETION, ALTERATION) + * @param sw_record Software [Identifier] record + */ +swima_event_t* swima_event_create(uint32_t eid, chunk_t timestamp, + uint8_t action, swima_record_t *sw_record); + +#endif /** SWIMA_EVENT_H_ @}*/ diff --git a/src/libimcv/swima/swima_events.c b/src/libimcv/swima/swima_events.c new file mode 100644 index 000000000..ba0810d5f --- /dev/null +++ b/src/libimcv/swima/swima_events.c @@ -0,0 +1,155 @@ +/* + * Copyright (C) 2017 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "swima_events.h" +#include "swima_record.h" + +#include +#include + +typedef struct private_swima_events_t private_swima_events_t; + +/** + * Private data of a swima_events_t object. + * + */ +struct private_swima_events_t { + + /** + * Public swima_events_t interface. + */ + swima_events_t public; + + /** + * Epoch of Event IDs + */ + uint32_t epoch; + + /** + * Last Event ID + */ + uint32_t last_eid; + + /** + * Last Consulted Event ID + */ + uint32_t last_consulted_eid; + + /** + * List of SW records + */ + linked_list_t *list; + + /** + * Reference count + */ + refcount_t ref; + +}; + +METHOD(swima_events_t, add, void, + private_swima_events_t *this, swima_event_t *event) +{ + this->list->insert_last(this->list, event); +} + +METHOD(swima_events_t, get_count, int, + private_swima_events_t *this) +{ + return this->list->get_count(this->list); +} + +METHOD(swima_events_t, set_eid, void, + private_swima_events_t *this, uint32_t eid, uint32_t epoch) +{ + this->last_eid = this->last_consulted_eid = eid; + this->epoch = epoch; +} + +METHOD(swima_events_t, set_last_eid, void, + private_swima_events_t *this, uint32_t last_eid) +{ + this->last_eid = last_eid; +} + +METHOD(swima_events_t, get_eid, uint32_t, + private_swima_events_t *this, uint32_t *epoch, uint32_t *last_eid) +{ + if (epoch) + { + *epoch = this->epoch; + } + if (last_eid) + { + *last_eid = this->last_eid; + } + return this->last_consulted_eid; +} + +METHOD(swima_events_t, create_enumerator, enumerator_t*, + private_swima_events_t *this) +{ + return this->list->create_enumerator(this->list); +} + +METHOD(swima_events_t, get_ref, swima_events_t*, + private_swima_events_t *this) +{ + ref_get(&this->ref); + return &this->public; +} + +METHOD(swima_events_t, clear, void, + private_swima_events_t *this) +{ + this->list->destroy_offset(this->list, offsetof(swima_event_t, destroy)); + this->list = linked_list_create(); +} + +METHOD(swima_events_t, destroy, void, + private_swima_events_t *this) +{ + if (ref_put(&this->ref)) + { + this->list->destroy_offset(this->list, offsetof(swima_event_t, destroy)); + free(this); + } +} + +/** + * See header + */ +swima_events_t *swima_events_create(void) +{ + private_swima_events_t *this; + + INIT(this, + .public = { + .add = _add, + .get_count = _get_count, + .set_eid = _set_eid, + .set_last_eid = _set_last_eid, + .get_eid = _get_eid, + .create_enumerator = _create_enumerator, + .get_ref = _get_ref, + .clear = _clear, + .destroy = _destroy, + }, + .list = linked_list_create(), + .ref = 1, + ); + + return &this->public; +} diff --git a/src/libimcv/swima/swima_events.h b/src/libimcv/swima/swima_events.h new file mode 100644 index 000000000..66bbedf7e --- /dev/null +++ b/src/libimcv/swima/swima_events.h @@ -0,0 +1,106 @@ +/* + * Copyright (C) 2017 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup swima_events swima_events + * @{ @ingroup libimcv_swima + */ + +#ifndef SWIMA_EVENTS_H_ +#define SWIMA_EVENTS_H_ + +#define SWIMA_MAX_ATTR_SIZE 10000000 + +#include "swima_event.h" + +#include + +typedef struct swima_events_t swima_events_t; + +/** + * Class managing list of Software [Identifier] Events + */ +struct swima_events_t { + + /** + * Add event to list + * + * @param event Event to be added + */ + void (*add)(swima_events_t *this, swima_event_t *event); + + /** + * Get the number of events in the event list + * + * @return Number of events + */ + int (*get_count)(swima_events_t *this); + + /** + * Set both the Last and Last Consulted Event ID + * + * @param Last [Consulted] Event ID + * @param Epoch of event IDs + */ + void (*set_eid)(swima_events_t *this, uint32_t eid, uint32_t epoch); + + /** + * Set Last Event ID if different from Last Consulted Event ID + * + * @param last_eid Last Event ID + */ + void (*set_last_eid)(swima_events_t *this, uint32_t last_eid); + + /** + * Get both the Last and Last Consulted Event ID + * + * @param eid_epoch Event ID Epoch + * @param last_eid Last Event ID + * @return Last Consulted Event ID + */ + uint32_t (*get_eid)(swima_events_t *this, uint32_t *epoch, uint32_t *last_eid); + + /** + * Create an event enumerator + * + * @return Enumerator returning events + */ + enumerator_t* (*create_enumerator)(swima_events_t *this); + + /** + * Get a new reference to a swima_events object + * + * @return this, with an increased refcount + */ + swima_events_t* (*get_ref)(swima_events_t *this); + + /** + * Clears the events, keeping the eid and epoch values. + */ + void (*clear)(swima_events_t *this); + + /** + * Destroys a swima_events_t object. + */ + void (*destroy)(swima_events_t *this); + +}; + +/** + * Creates a swima_events_t object + */ +swima_events_t* swima_events_create(void); + +#endif /** SWIMA_EVENTS_H_ @}*/ diff --git a/src/libimcv/swima/swima_inventory.c b/src/libimcv/swima/swima_inventory.c new file mode 100644 index 000000000..acb69b95d --- /dev/null +++ b/src/libimcv/swima/swima_inventory.c @@ -0,0 +1,140 @@ +/* + * Copyright (C) 2017 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "swima_inventory.h" +#include "swima_record.h" + +#include +#include + +typedef struct private_swima_inventory_t private_swima_inventory_t; + +/** + * Private data of a swima_inventory_t object. + * + */ +struct private_swima_inventory_t { + + /** + * Public swima_inventory_t interface. + */ + swima_inventory_t public; + + /** + * Earliest or last event ID of the inventory + */ + uint32_t eid; + + /** + * Epoch of event IDs + */ + uint32_t epoch; + + /** + * List of SW records + */ + linked_list_t *list; + + + /** + * Reference count + */ + refcount_t ref; + +}; + +METHOD(swima_inventory_t, add, void, + private_swima_inventory_t *this, swima_record_t *record) +{ + this->list->insert_last(this->list, record); +} + +METHOD(swima_inventory_t, get_count, int, + private_swima_inventory_t *this) +{ + return this->list->get_count(this->list); +} + +METHOD(swima_inventory_t, set_eid, void, + private_swima_inventory_t *this, uint32_t eid, uint32_t epoch) +{ + this->eid = eid; + this->epoch = epoch; +} + +METHOD(swima_inventory_t, get_eid, uint32_t, + private_swima_inventory_t *this, uint32_t *epoch) +{ + if (epoch) + { + *epoch = this->epoch; + } + return this->eid; +} + +METHOD(swima_inventory_t, create_enumerator, enumerator_t*, + private_swima_inventory_t *this) +{ + return this->list->create_enumerator(this->list); +} + +METHOD(swima_inventory_t, get_ref, swima_inventory_t*, + private_swima_inventory_t *this) +{ + ref_get(&this->ref); + return &this->public; +} + +METHOD(swima_inventory_t, clear, void, + private_swima_inventory_t *this) +{ + this->list->destroy_offset(this->list, offsetof(swima_record_t, destroy)); + this->list = linked_list_create(); +} + +METHOD(swima_inventory_t, destroy, void, + private_swima_inventory_t *this) +{ + if (ref_put(&this->ref)) + { + this->list->destroy_offset(this->list, offsetof(swima_record_t, destroy)); + free(this); + } +} + +/** + * See header + */ +swima_inventory_t *swima_inventory_create(void) +{ + private_swima_inventory_t *this; + + INIT(this, + .public = { + .add = _add, + .get_count = _get_count, + .set_eid = _set_eid, + .get_eid = _get_eid, + .create_enumerator = _create_enumerator, + .get_ref = _get_ref, + .clear = _clear, + .destroy = _destroy, + }, + .list = linked_list_create(), + .ref = 1, + ); + + return &this->public; +} diff --git a/src/libimcv/swima/swima_inventory.h b/src/libimcv/swima/swima_inventory.h new file mode 100644 index 000000000..21953bbd2 --- /dev/null +++ b/src/libimcv/swima/swima_inventory.h @@ -0,0 +1,99 @@ +/* + * Copyright (C) 2017 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup swima_inventory swima_inventory + * @{ @ingroup libimcv_swima + */ + +#ifndef SWIMA_INVENTORY_H_ +#define SWIMA_INVENTORY_H_ + +#define SWIMA_MAX_ATTR_SIZE 10000000 + +#include "swima_record.h" + +#include + +typedef struct swima_inventory_t swima_inventory_t; + +/** + * Class managing software inventory + */ +struct swima_inventory_t { + + /** + * Add evidence record to software inventory + * + * @param record Software evidence record to be added + */ + void (*add)(swima_inventory_t *this, swima_record_t *record); + + /** + * Get the number of evidence records in the software inventory + * + * @return Number evidence records + */ + int (*get_count)(swima_inventory_t *this); + + /** + * Set the earliest or last event ID of the inventory + * + * @param Event ID + * @param Epoch of event IDs + */ + void (*set_eid)(swima_inventory_t *this, uint32_t eid, uint32_t epoch); + + /** + * Get the earliest or last event ID of the inventory + * + * @param Epoch of event IDs + * @return Event ID + */ + uint32_t (*get_eid)(swima_inventory_t *this, uint32_t *epoch); + + /** + * Create a software inventory evidence record enumerator + * + * @return Enumerator returning evidence records + */ + enumerator_t* (*create_enumerator)(swima_inventory_t *this); + + /** + * Get a new reference to a swima_inventory object + * + * @return This, with an increased refcount + */ + swima_inventory_t* (*get_ref)(swima_inventory_t *this); + + /** + * Clears the inventory, keeping the eid and epoch values + */ + void (*clear)(swima_inventory_t *this); + + /** + * Destroys a swima_inventory_t object + */ + void (*destroy)(swima_inventory_t *this); + +}; + +/** + * Creates a swima_inventory_t object + * + */ +swima_inventory_t* swima_inventory_create(void); + +#endif /** SWIMA_INVENTORY_H_ @}*/ diff --git a/src/libimcv/swima/swima_record.c b/src/libimcv/swima/swima_record.c new file mode 100644 index 000000000..dc6a5413a --- /dev/null +++ b/src/libimcv/swima/swima_record.c @@ -0,0 +1,174 @@ +/* + * Copyright (C) 2017 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "swima_record.h" +#include "swima_data_model.h" + +typedef struct private_swima_record_t private_swima_record_t; + +/** + * Private data of a swima_record_t object. + * + */ +struct private_swima_record_t { + + /** + * Public swima_record_t interface. + */ + swima_record_t public; + + /** + * Record ID + */ + uint32_t record_id; + + /** + * Software Identity + */ + chunk_t sw_id; + + /** + * Optional Software Locator + */ + chunk_t sw_locator; + + /** + * Data Model + */ + pen_type_t data_model; + + /** + * Source ID + */ + uint8_t source_id; + + /**g + * Optional Software Inventory Evidence Record + */ + chunk_t record; + + /** + * Reference count + */ + refcount_t ref; +}; + +METHOD(swima_record_t, get_record_id, uint32_t, + private_swima_record_t *this) +{ + return this->record_id; +} + +METHOD(swima_record_t, get_sw_id, chunk_t, + private_swima_record_t *this, chunk_t *sw_locator) +{ + if (sw_locator) + { + *sw_locator = this->sw_locator; + } + return this->sw_id; +} + +METHOD(swima_record_t, set_data_model, void, + private_swima_record_t *this, pen_type_t data_model) +{ + this->data_model = data_model; +} + +METHOD(swima_record_t, get_data_model, pen_type_t, + private_swima_record_t *this) +{ + return this->data_model; +} + +METHOD(swima_record_t, set_source_id, void, + private_swima_record_t *this, uint8_t source_id) +{ + this->source_id = source_id; +} + +METHOD(swima_record_t, get_source_id, uint8_t, + private_swima_record_t *this) +{ + return this->source_id; +} + +METHOD(swima_record_t, set_record, void, + private_swima_record_t *this, chunk_t record) +{ + chunk_free(&this->record); + this->record = chunk_clone(record); +} + +METHOD(swima_record_t, get_record, chunk_t, + private_swima_record_t *this) +{ + return this->record; +} + +METHOD(swima_record_t, get_ref, swima_record_t*, + private_swima_record_t *this) +{ + ref_get(&this->ref); + return &this->public; +} + +METHOD(swima_record_t, destroy, void, + private_swima_record_t *this) +{ + if (ref_put(&this->ref)) + { + free(this->sw_id.ptr); + free(this->sw_locator.ptr); + free(this->record.ptr); + free(this); + } +} + +/** + * See header + */ +swima_record_t *swima_record_create(uint32_t record_id, chunk_t sw_id, + chunk_t sw_locator) +{ + private_swima_record_t *this; + + INIT(this, + .public = { + .get_record_id = _get_record_id, + .get_sw_id = _get_sw_id, + .set_data_model = _set_data_model, + .get_data_model = _get_data_model, + .set_source_id = _set_source_id, + .get_source_id = _get_source_id, + .set_record = _set_record, + .get_record = _get_record, + .get_ref = _get_ref, + .destroy = _destroy, + }, + .record_id = record_id, + .data_model = swima_data_model_iso_2015_swid_xml, + .sw_id = chunk_clone(sw_id), + .ref = 1, + ); + + if (sw_locator.len > 0) + { + this->sw_locator = chunk_clone(sw_locator); + } + + return &this->public; +} + diff --git a/src/libimcv/swima/swima_record.h b/src/libimcv/swima/swima_record.h new file mode 100644 index 000000000..c26ffdf64 --- /dev/null +++ b/src/libimcv/swima/swima_record.h @@ -0,0 +1,115 @@ +/* + * Copyright (C) 2017 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup swima_record swima_record + * @{ @ingroup libimcv_swima + */ + +#ifndef SWIMA_RECORD_H_ +#define SWIMA_RECORD_H_ + +#include +#include + +typedef struct swima_record_t swima_record_t; + +/** + * Class storing a Software Inventory Evidence Collection record + */ +struct swima_record_t { + + /** + * Get Software Identifier and optional Software Location + * + * @return Record ID + */ + uint32_t (*get_record_id)(swima_record_t *this); + + /** + * Get Software Identifier and optional Software Location + * + * @param sw_locator Optional Software Locator + * @return Software Identifier + */ + chunk_t (*get_sw_id)(swima_record_t *this, chunk_t *sw_locator); + + /** + * Set Data Model + * + * @param Data model type in PEN namespace + */ + void (*set_data_model)(swima_record_t *this, pen_type_t data_model); + + /** + * Get Data Model + * + * @return Data model type in PEN namespace + */ + pen_type_t (*get_data_model)(swima_record_t *this); + + /** + * Set Source ID + * + * @param Source ID + */ + void (*set_source_id)(swima_record_t *this, uint8_t source_id); + + /** + * Get Source ID + * + * @return Source ID + */ + uint8_t (*get_source_id)(swima_record_t *this); + + /** + * Set Software Inventory Evidence Record + * + * @param Software Inventory Evidence Record + */ + void (*set_record)(swima_record_t *this, chunk_t record); + + /** + * Get Software Inventory Evidence Record + * + * @return Software Inventory Evidence Record + */ + chunk_t (*get_record)(swima_record_t *this); + + /** + * Get a new reference to a swima_record object + * + * @return this, with an increased refcount + */ + swima_record_t* (*get_ref)(swima_record_t *this); + + /** + * Destroys a swima_record_t object. + */ + void (*destroy)(swima_record_t *this); + +}; + +/** + * Creates a swima_record_t object + * + * @param record_id Record ID + * @param sw_id Software Identifierl + * @param sw_locator Software Locator or empty chunk + */ +swima_record_t* swima_record_create(uint32_t record_id, chunk_t sw_id, + chunk_t sw_locator); + +#endif /** SWIMA_RECORD_H_ @}*/ diff --git a/src/libimcv/tcg/swid/tcg_swid_attr_req.c b/src/libimcv/tcg/swid/tcg_swid_attr_req.c index f02bbcb85..be35ee49d 100644 --- a/src/libimcv/tcg/swid/tcg_swid_attr_req.c +++ b/src/libimcv/tcg/swid/tcg_swid_attr_req.c @@ -32,7 +32,7 @@ typedef struct private_tcg_swid_attr_req_t private_tcg_swid_attr_req_t; * 1 2 3 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ - * |R|S|C| Reserved| Tag ID Count | + * |C|S|R| Reserved| Tag ID Count | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ * | Request ID | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ @@ -201,6 +201,7 @@ METHOD(pa_tnc_attr_t, process, status_t, if (!reader->read_data16(reader, &tag_creator)) { DBG1(DBG_TNC, "insufficient data for Tag Creator field"); + reader->destroy(reader); return FAILED; } *offset += 2 + tag_creator.len; @@ -208,6 +209,7 @@ METHOD(pa_tnc_attr_t, process, status_t, if (!reader->read_data16(reader, &unique_sw_id)) { DBG1(DBG_TNC, "insufficient data for Unique Software ID"); + reader->destroy(reader); return FAILED; } *offset += 2 + unique_sw_id.len; diff --git a/src/libimcv/tcg/swid/tcg_swid_attr_req.h b/src/libimcv/tcg/swid/tcg_swid_attr_req.h index b28c33a8b..2c85aaf6d 100644 --- a/src/libimcv/tcg/swid/tcg_swid_attr_req.h +++ b/src/libimcv/tcg/swid/tcg_swid_attr_req.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2013-2014 Andreas Steffen + * Copyright (C) 2013-2017 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -28,9 +28,9 @@ typedef enum tcg_swid_attr_req_flag_t tcg_swid_attr_req_flag_t; enum tcg_swid_attr_req_flag_t { TCG_SWID_ATTR_REQ_FLAG_NONE = 0, - TCG_SWID_ATTR_REQ_FLAG_R = (1 << 7), + TCG_SWID_ATTR_REQ_FLAG_C = (1 << 7), TCG_SWID_ATTR_REQ_FLAG_S = (1 << 6), - TCG_SWID_ATTR_REQ_FLAG_C = (1 << 5) + TCG_SWID_ATTR_REQ_FLAG_R = (1 << 5) }; #include "tcg/tcg_attr.h" diff --git a/src/libipsec/Makefile.in b/src/libipsec/Makefile.in index 55d1d58b5..e4f0c4411 100644 --- a/src/libipsec/Makefile.in +++ b/src/libipsec/Makefile.in @@ -353,8 +353,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -455,6 +453,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -483,6 +483,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libipsec/tests/Makefile.in b/src/libipsec/tests/Makefile.in index b1fdea499..5b6c53075 100644 --- a/src/libipsec/tests/Makefile.in +++ b/src/libipsec/tests/Makefile.in @@ -306,8 +306,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -408,6 +406,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -436,6 +436,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libpttls/Makefile.in b/src/libpttls/Makefile.in index 803d68722..0185a3961 100644 --- a/src/libpttls/Makefile.in +++ b/src/libpttls/Makefile.in @@ -311,8 +311,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -413,6 +411,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -441,6 +441,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libradius/Makefile.in b/src/libradius/Makefile.in index 9e7b7372b..794b4b447 100644 --- a/src/libradius/Makefile.in +++ b/src/libradius/Makefile.in @@ -306,8 +306,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -408,6 +406,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -436,6 +436,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libsimaka/Makefile.in b/src/libsimaka/Makefile.in index 6ecbaecaa..df1da70f4 100644 --- a/src/libsimaka/Makefile.in +++ b/src/libsimaka/Makefile.in @@ -309,8 +309,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -411,6 +409,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -439,6 +439,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libstrongswan/Android.mk b/src/libstrongswan/Android.mk index a5e6b7273..afca13428 100644 --- a/src/libstrongswan/Android.mk +++ b/src/libstrongswan/Android.mk @@ -113,6 +113,8 @@ LOCAL_SRC_FILES += $(call add_plugin, pubkey) LOCAL_SRC_FILES += $(call add_plugin, random) +LOCAL_SRC_FILES += $(call add_plugin, revocation) + LOCAL_SRC_FILES += $(call add_plugin, sha1) LOCAL_SRC_FILES += $(call add_plugin, sha2) @@ -133,6 +135,6 @@ LOCAL_ARM_MODE := arm LOCAL_PRELINK_MODULE := false -LOCAL_SHARED_LIBRARIES += libdl +LOCAL_LDLIBS += -ldl include $(BUILD_SHARED_LIBRARY) diff --git a/src/libstrongswan/Makefile.in b/src/libstrongswan/Makefile.in index 9b1c26b35..16e585654 100644 --- a/src/libstrongswan/Makefile.in +++ b/src/libstrongswan/Makefile.in @@ -786,8 +786,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -888,6 +886,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -916,6 +916,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libstrongswan/credentials/auth_cfg.c b/src/libstrongswan/credentials/auth_cfg.c index a9c8b3904..07da596e4 100644 --- a/src/libstrongswan/credentials/auth_cfg.c +++ b/src/libstrongswan/credentials/auth_cfg.c @@ -840,7 +840,7 @@ METHOD(auth_cfg_t, complies, bool, { /* also verify identity against subjectAltNames */ certificate_t *cert; - cert = get(this, AUTH_HELPER_SUBJECT_CERT); + cert = get(this, AUTH_RULE_SUBJECT_CERT); if (cert && cert->has_subject(cert, id1)) { break; diff --git a/src/libstrongswan/credentials/credential_manager.c b/src/libstrongswan/credentials/credential_manager.c index 0a8d3d101..9be7407ef 100644 --- a/src/libstrongswan/credentials/credential_manager.c +++ b/src/libstrongswan/credentials/credential_manager.c @@ -774,6 +774,8 @@ static bool verify_trust_chain(private_credential_manager_t *this, { DBG1(DBG_CFG, "no issuer certificate found for \"%Y\"", current->get_subject(current)); + DBG1(DBG_CFG, " issuer is \"%Y\"", + current->get_issuer(current)); call_hook(this, CRED_HOOK_NO_ISSUER, current); break; } diff --git a/src/libstrongswan/crypto/crypto_tester.h b/src/libstrongswan/crypto/crypto_tester.h index 34dfa9489..1b02cb469 100644 --- a/src/libstrongswan/crypto/crypto_tester.h +++ b/src/libstrongswan/crypto/crypto_tester.h @@ -83,7 +83,7 @@ struct signer_test_vector_t { size_t len; /** input data */ u_char *data; - /** expected output, with ouput size of the tested algorithm */ + /** expected output, with output size of the tested algorithm */ u_char *mac; }; diff --git a/src/libstrongswan/crypto/prf_plus.c b/src/libstrongswan/crypto/prf_plus.c index 6b7f8f851..a26010aae 100644 --- a/src/libstrongswan/crypto/prf_plus.c +++ b/src/libstrongswan/crypto/prf_plus.c @@ -115,8 +115,8 @@ METHOD(prf_plus_t, allocate_bytes, bool, METHOD(prf_plus_t, destroy, void, private_prf_plus_t *this) { - free(this->buffer.ptr); - free(this->seed.ptr); + chunk_clear(&this->buffer); + chunk_clear(&this->seed); free(this); } diff --git a/src/libstrongswan/ipsec/ipsec_types.c b/src/libstrongswan/ipsec/ipsec_types.c index a52a1eb51..68c3935b9 100644 --- a/src/libstrongswan/ipsec/ipsec_types.c +++ b/src/libstrongswan/ipsec/ipsec_types.c @@ -66,8 +66,21 @@ bool mark_from_string(const char *value, mark_t *mark) } if (strcasepfx(value, "%unique")) { - mark->value = MARK_UNIQUE; endptr = (char*)value + strlen("%unique"); + if (strcasepfx(endptr, "-dir")) + { + mark->value = MARK_UNIQUE_DIR; + endptr += strlen("-dir"); + } + else if (!*endptr || *endptr == '/') + { + mark->value = MARK_UNIQUE; + } + else + { + DBG1(DBG_APP, "invalid mark value: %s", value); + return FALSE; + } } else { diff --git a/src/libstrongswan/ipsec/ipsec_types.h b/src/libstrongswan/ipsec/ipsec_types.h index c93d95562..1db78ba6f 100644 --- a/src/libstrongswan/ipsec/ipsec_types.h +++ b/src/libstrongswan/ipsec/ipsec_types.h @@ -178,9 +178,11 @@ struct mark_t { }; /** - * Special mark value that uses a unique mark for each CHILD_SA + * Special mark value that uses a unique mark for each CHILD_SA (and direction) */ #define MARK_UNIQUE (0xFFFFFFFF) +#define MARK_UNIQUE_DIR (0xFFFFFFFE) +#define MARK_IS_UNIQUE(m) ((m) == MARK_UNIQUE || (m) == MARK_UNIQUE_DIR) /** * Try to parse a mark_t from the given string of the form mark[/mask]. diff --git a/src/libstrongswan/math/libnttfft/Makefile.in b/src/libstrongswan/math/libnttfft/Makefile.in index 93bd93508..439c0f32d 100644 --- a/src/libstrongswan/math/libnttfft/Makefile.in +++ b/src/libstrongswan/math/libnttfft/Makefile.in @@ -304,8 +304,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -406,6 +404,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -434,6 +434,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libstrongswan/math/libnttfft/tests/Makefile.in b/src/libstrongswan/math/libnttfft/tests/Makefile.in index 80ecd3ea7..1f3ee6d60 100644 --- a/src/libstrongswan/math/libnttfft/tests/Makefile.in +++ b/src/libstrongswan/math/libnttfft/tests/Makefile.in @@ -308,8 +308,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -410,6 +408,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -438,6 +438,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libstrongswan/plugins/acert/Makefile.in b/src/libstrongswan/plugins/acert/Makefile.in index 1dcc0489e..10e6fa460 100644 --- a/src/libstrongswan/plugins/acert/Makefile.in +++ b/src/libstrongswan/plugins/acert/Makefile.in @@ -311,8 +311,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -413,6 +411,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -441,6 +441,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libstrongswan/plugins/aes/Makefile.in b/src/libstrongswan/plugins/aes/Makefile.in index 2b16ae7d2..08f965596 100644 --- a/src/libstrongswan/plugins/aes/Makefile.in +++ b/src/libstrongswan/plugins/aes/Makefile.in @@ -310,8 +310,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -412,6 +410,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -440,6 +440,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libstrongswan/plugins/aesni/Makefile.in b/src/libstrongswan/plugins/aesni/Makefile.in index d32e7f55c..fbc7d9230 100644 --- a/src/libstrongswan/plugins/aesni/Makefile.in +++ b/src/libstrongswan/plugins/aesni/Makefile.in @@ -313,8 +313,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -415,6 +413,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -443,6 +443,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libstrongswan/plugins/af_alg/Makefile.in b/src/libstrongswan/plugins/af_alg/Makefile.in index e93140279..2c45ce5ba 100644 --- a/src/libstrongswan/plugins/af_alg/Makefile.in +++ b/src/libstrongswan/plugins/af_alg/Makefile.in @@ -314,8 +314,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -416,6 +414,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -444,6 +444,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libstrongswan/plugins/agent/Makefile.in b/src/libstrongswan/plugins/agent/Makefile.in index a4e7e2931..8183de939 100644 --- a/src/libstrongswan/plugins/agent/Makefile.in +++ b/src/libstrongswan/plugins/agent/Makefile.in @@ -312,8 +312,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -414,6 +412,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -442,6 +442,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libstrongswan/plugins/bliss/Makefile.am b/src/libstrongswan/plugins/bliss/Makefile.am index b2d09427e..cbe47063d 100644 --- a/src/libstrongswan/plugins/bliss/Makefile.am +++ b/src/libstrongswan/plugins/bliss/Makefile.am @@ -3,8 +3,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libstrongswan/math/libnttfft AM_CFLAGS = \ - $(PLUGIN_CFLAGS) \ - @COVERAGE_CFLAGS@ + $(PLUGIN_CFLAGS) # these file are also used by bliss_huffman noinst_LTLIBRARIES = libbliss-params.la diff --git a/src/libstrongswan/plugins/bliss/Makefile.in b/src/libstrongswan/plugins/bliss/Makefile.in index a6caf7bdf..eb8eaecb0 100644 --- a/src/libstrongswan/plugins/bliss/Makefile.in +++ b/src/libstrongswan/plugins/bliss/Makefile.in @@ -335,8 +335,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -437,6 +435,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -465,6 +465,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ @@ -473,8 +477,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libstrongswan/math/libnttfft AM_CFLAGS = \ - $(PLUGIN_CFLAGS) \ - @COVERAGE_CFLAGS@ + $(PLUGIN_CFLAGS) # these file are also used by bliss_huffman diff --git a/src/libstrongswan/plugins/bliss/tests/Makefile.in b/src/libstrongswan/plugins/bliss/tests/Makefile.in index 5dbaf9b9b..a2d56cdd1 100644 --- a/src/libstrongswan/plugins/bliss/tests/Makefile.in +++ b/src/libstrongswan/plugins/bliss/tests/Makefile.in @@ -314,8 +314,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -416,6 +414,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -444,6 +444,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libstrongswan/plugins/blowfish/Makefile.in b/src/libstrongswan/plugins/blowfish/Makefile.in index 0876475d0..0d091d196 100644 --- a/src/libstrongswan/plugins/blowfish/Makefile.in +++ b/src/libstrongswan/plugins/blowfish/Makefile.in @@ -313,8 +313,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -415,6 +413,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -443,6 +443,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libstrongswan/plugins/ccm/Makefile.in b/src/libstrongswan/plugins/ccm/Makefile.in index 5f768ec8c..008407097 100644 --- a/src/libstrongswan/plugins/ccm/Makefile.in +++ b/src/libstrongswan/plugins/ccm/Makefile.in @@ -310,8 +310,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -412,6 +410,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -440,6 +440,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libstrongswan/plugins/chapoly/Makefile.in b/src/libstrongswan/plugins/chapoly/Makefile.in index 12ad6f1b8..0b2998c95 100644 --- a/src/libstrongswan/plugins/chapoly/Makefile.in +++ b/src/libstrongswan/plugins/chapoly/Makefile.in @@ -325,8 +325,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -427,6 +425,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -455,6 +455,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libstrongswan/plugins/cmac/Makefile.in b/src/libstrongswan/plugins/cmac/Makefile.in index c6bb24a91..2586d77c4 100644 --- a/src/libstrongswan/plugins/cmac/Makefile.in +++ b/src/libstrongswan/plugins/cmac/Makefile.in @@ -310,8 +310,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -412,6 +410,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -440,6 +440,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libstrongswan/plugins/constraints/Makefile.in b/src/libstrongswan/plugins/constraints/Makefile.in index aa2fd790f..25632d745 100644 --- a/src/libstrongswan/plugins/constraints/Makefile.in +++ b/src/libstrongswan/plugins/constraints/Makefile.in @@ -313,8 +313,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -415,6 +413,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -443,6 +443,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libstrongswan/plugins/ctr/Makefile.in b/src/libstrongswan/plugins/ctr/Makefile.in index d112676e7..275a76273 100644 --- a/src/libstrongswan/plugins/ctr/Makefile.in +++ b/src/libstrongswan/plugins/ctr/Makefile.in @@ -310,8 +310,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -412,6 +410,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -440,6 +440,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libstrongswan/plugins/curl/Makefile.in b/src/libstrongswan/plugins/curl/Makefile.in index 2aedb2f75..0dbcca895 100644 --- a/src/libstrongswan/plugins/curl/Makefile.in +++ b/src/libstrongswan/plugins/curl/Makefile.in @@ -310,8 +310,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -412,6 +410,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -440,6 +440,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libstrongswan/plugins/curl/curl_fetcher.c b/src/libstrongswan/plugins/curl/curl_fetcher.c index 9207f11b6..b52b35ba0 100644 --- a/src/libstrongswan/plugins/curl/curl_fetcher.c +++ b/src/libstrongswan/plugins/curl/curl_fetcher.c @@ -58,6 +58,11 @@ struct private_curl_fetcher_t { * Timeout for a transfer */ long timeout; + + /** + * Maximum number of redirects to follow + */ + long redir; }; /** @@ -85,7 +90,7 @@ static size_t curl_cb(void *ptr, size_t size, size_t nmemb, cb_data_t *data) METHOD(fetcher_t, fetch, status_t, private_curl_fetcher_t *this, char *uri, void *userdata) { - char error[CURL_ERROR_SIZE], *enc_uri; + char error[CURL_ERROR_SIZE], *enc_uri, *p1, *p2; CURLcode curl_status; status_t status; long result = 0; @@ -116,6 +121,8 @@ METHOD(fetcher_t, fetch, status_t, curl_easy_setopt(this->curl, CURLOPT_TIMEOUT, this->timeout); } curl_easy_setopt(this->curl, CURLOPT_CONNECTTIMEOUT, CONNECT_TIMEOUT); + curl_easy_setopt(this->curl, CURLOPT_FOLLOWLOCATION, TRUE); + curl_easy_setopt(this->curl, CURLOPT_MAXREDIRS, this->redir); curl_easy_setopt(this->curl, CURLOPT_WRITEFUNCTION, (void*)curl_cb); curl_easy_setopt(this->curl, CURLOPT_WRITEDATA, &data); if (this->headers) @@ -123,7 +130,17 @@ METHOD(fetcher_t, fetch, status_t, curl_easy_setopt(this->curl, CURLOPT_HTTPHEADER, this->headers); } - DBG2(DBG_LIB, " sending request to '%s'...", uri); + /* if the URI contains a username[:password] prefix then mask it */ + p1 = strstr(uri, "://"); + p2 = strchr(uri, '@'); + if (p1 && p2) + { + DBG2(DBG_LIB, " sending request to '%.*sxxxx%s'...", p1+3-uri, uri, p2); + } + else + { + DBG2(DBG_LIB, " sending request to '%s'...", uri); + } curl_status = curl_easy_perform(this->curl); switch (curl_status) { @@ -250,6 +267,8 @@ curl_fetcher_t *curl_fetcher_create() }, .curl = curl_easy_init(), .cb = fetcher_default_callback, + .redir = lib->settings->get_int(lib->settings, "%s.plugins.curl.redir", + -1, lib->ns), ); if (!this->curl) diff --git a/src/libstrongswan/plugins/curve25519/Makefile.in b/src/libstrongswan/plugins/curve25519/Makefile.in index 616f3d83b..21b0e75f7 100644 --- a/src/libstrongswan/plugins/curve25519/Makefile.in +++ b/src/libstrongswan/plugins/curve25519/Makefile.in @@ -317,8 +317,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -419,6 +417,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -447,6 +447,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libstrongswan/plugins/des/Makefile.in b/src/libstrongswan/plugins/des/Makefile.in index c3f3775d2..89b279875 100644 --- a/src/libstrongswan/plugins/des/Makefile.in +++ b/src/libstrongswan/plugins/des/Makefile.in @@ -310,8 +310,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -412,6 +410,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -440,6 +440,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libstrongswan/plugins/dnskey/Makefile.in b/src/libstrongswan/plugins/dnskey/Makefile.in index 26c69e239..385749a11 100644 --- a/src/libstrongswan/plugins/dnskey/Makefile.in +++ b/src/libstrongswan/plugins/dnskey/Makefile.in @@ -313,8 +313,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -415,6 +413,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -443,6 +443,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libstrongswan/plugins/files/Makefile.in b/src/libstrongswan/plugins/files/Makefile.in index d8c7daec4..7708f9551 100644 --- a/src/libstrongswan/plugins/files/Makefile.in +++ b/src/libstrongswan/plugins/files/Makefile.in @@ -311,8 +311,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -413,6 +411,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -441,6 +441,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libstrongswan/plugins/fips_prf/Makefile.in b/src/libstrongswan/plugins/fips_prf/Makefile.in index 45934d79a..478ae818e 100644 --- a/src/libstrongswan/plugins/fips_prf/Makefile.in +++ b/src/libstrongswan/plugins/fips_prf/Makefile.in @@ -312,8 +312,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -414,6 +412,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -442,6 +442,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libstrongswan/plugins/gcm/Makefile.in b/src/libstrongswan/plugins/gcm/Makefile.in index 5d6c1a4e9..91ea7c673 100644 --- a/src/libstrongswan/plugins/gcm/Makefile.in +++ b/src/libstrongswan/plugins/gcm/Makefile.in @@ -310,8 +310,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -412,6 +410,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -440,6 +440,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libstrongswan/plugins/gcrypt/Makefile.in b/src/libstrongswan/plugins/gcrypt/Makefile.in index 26930dced..2212be0e2 100644 --- a/src/libstrongswan/plugins/gcrypt/Makefile.in +++ b/src/libstrongswan/plugins/gcrypt/Makefile.in @@ -314,8 +314,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -416,6 +414,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -444,6 +444,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libstrongswan/plugins/gmp/Makefile.in b/src/libstrongswan/plugins/gmp/Makefile.in index 2fcdce774..39a2bcabb 100644 --- a/src/libstrongswan/plugins/gmp/Makefile.in +++ b/src/libstrongswan/plugins/gmp/Makefile.in @@ -311,8 +311,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -413,6 +411,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -441,6 +441,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c b/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c index 32a72ac96..065c88903 100644 --- a/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c +++ b/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c @@ -78,11 +78,17 @@ static chunk_t rsaep(private_gmp_rsa_public_key_t *this, chunk_t data) mpz_t m, c; chunk_t encrypted; - mpz_init(c); mpz_init(m); - mpz_import(m, data.len, 1, 1, 1, 0, data.ptr); + if (mpz_cmp_ui(m, 0) <= 0 || mpz_cmp(m, this->n) >= 0) + { /* m must be <= n-1, and while 0 is technically a valid value, it + * doesn't really make sense here, so we filter that too */ + mpz_clear(m); + return chunk_empty; + } + + mpz_init(c); mpz_powm(c, m, this->e, this->n); encrypted.len = this->k; @@ -150,7 +156,7 @@ static bool verify_emsa_pkcs1_signature(private_gmp_rsa_public_key_t *this, */ /* check magic bytes */ - if (*(em.ptr) != 0x00 || *(em.ptr+1) != 0x01) + if (em.len < 2 || *(em.ptr) != 0x00 || *(em.ptr+1) != 0x01) { goto end; } diff --git a/src/libstrongswan/plugins/hmac/Makefile.in b/src/libstrongswan/plugins/hmac/Makefile.in index aa640156a..cddeace7f 100644 --- a/src/libstrongswan/plugins/hmac/Makefile.in +++ b/src/libstrongswan/plugins/hmac/Makefile.in @@ -310,8 +310,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -412,6 +410,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -440,6 +440,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libstrongswan/plugins/keychain/Makefile.in b/src/libstrongswan/plugins/keychain/Makefile.in index c9e4e40e0..e072c9225 100644 --- a/src/libstrongswan/plugins/keychain/Makefile.in +++ b/src/libstrongswan/plugins/keychain/Makefile.in @@ -313,8 +313,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -415,6 +413,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -443,6 +443,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libstrongswan/plugins/ldap/Makefile.in b/src/libstrongswan/plugins/ldap/Makefile.in index 1f4d44706..229a0cad0 100644 --- a/src/libstrongswan/plugins/ldap/Makefile.in +++ b/src/libstrongswan/plugins/ldap/Makefile.in @@ -310,8 +310,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -412,6 +410,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -440,6 +440,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libstrongswan/plugins/md4/Makefile.in b/src/libstrongswan/plugins/md4/Makefile.in index eb9426ccc..d135c291f 100644 --- a/src/libstrongswan/plugins/md4/Makefile.in +++ b/src/libstrongswan/plugins/md4/Makefile.in @@ -310,8 +310,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -412,6 +410,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -440,6 +440,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libstrongswan/plugins/md5/Makefile.in b/src/libstrongswan/plugins/md5/Makefile.in index eaafd9fe5..e81213c2a 100644 --- a/src/libstrongswan/plugins/md5/Makefile.in +++ b/src/libstrongswan/plugins/md5/Makefile.in @@ -310,8 +310,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -412,6 +410,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -440,6 +440,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libstrongswan/plugins/mgf1/Makefile.in b/src/libstrongswan/plugins/mgf1/Makefile.in index 991c5421e..8a2788319 100644 --- a/src/libstrongswan/plugins/mgf1/Makefile.in +++ b/src/libstrongswan/plugins/mgf1/Makefile.in @@ -310,8 +310,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -412,6 +410,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -440,6 +440,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libstrongswan/plugins/mysql/Makefile.in b/src/libstrongswan/plugins/mysql/Makefile.in index d549f2e71..c99e4f806 100644 --- a/src/libstrongswan/plugins/mysql/Makefile.in +++ b/src/libstrongswan/plugins/mysql/Makefile.in @@ -312,8 +312,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -414,6 +412,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -442,6 +442,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libstrongswan/plugins/newhope/Makefile.am b/src/libstrongswan/plugins/newhope/Makefile.am index b01987d22..8dd6c5fab 100644 --- a/src/libstrongswan/plugins/newhope/Makefile.am +++ b/src/libstrongswan/plugins/newhope/Makefile.am @@ -3,8 +3,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libstrongswan/math/libnttfft AM_CFLAGS = \ - $(PLUGIN_CFLAGS) \ - @COVERAGE_CFLAGS@ + $(PLUGIN_CFLAGS) # these files are also used by the tests, we can't directly refer to them # because of the subdirectory, which would cause distclean to fail diff --git a/src/libstrongswan/plugins/newhope/Makefile.in b/src/libstrongswan/plugins/newhope/Makefile.in index a884b30b6..786337420 100644 --- a/src/libstrongswan/plugins/newhope/Makefile.in +++ b/src/libstrongswan/plugins/newhope/Makefile.in @@ -319,8 +319,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -421,6 +419,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -449,6 +449,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ @@ -457,8 +461,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libstrongswan/math/libnttfft AM_CFLAGS = \ - $(PLUGIN_CFLAGS) \ - @COVERAGE_CFLAGS@ + $(PLUGIN_CFLAGS) # these files are also used by the tests, we can't directly refer to them diff --git a/src/libstrongswan/plugins/newhope/tests/Makefile.in b/src/libstrongswan/plugins/newhope/tests/Makefile.in index 80fcf4dc5..be6ffef28 100644 --- a/src/libstrongswan/plugins/newhope/tests/Makefile.in +++ b/src/libstrongswan/plugins/newhope/tests/Makefile.in @@ -311,8 +311,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -413,6 +411,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -441,6 +441,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libstrongswan/plugins/nonce/Makefile.in b/src/libstrongswan/plugins/nonce/Makefile.in index 783eaf436..fca8309e5 100644 --- a/src/libstrongswan/plugins/nonce/Makefile.in +++ b/src/libstrongswan/plugins/nonce/Makefile.in @@ -311,8 +311,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -413,6 +411,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -441,6 +441,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libstrongswan/plugins/ntru/Makefile.am b/src/libstrongswan/plugins/ntru/Makefile.am index c9fcee982..4045544d4 100644 --- a/src/libstrongswan/plugins/ntru/Makefile.am +++ b/src/libstrongswan/plugins/ntru/Makefile.am @@ -2,8 +2,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libstrongswan AM_CFLAGS = \ - $(PLUGIN_CFLAGS) \ - @COVERAGE_CFLAGS@ + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-ntru.la diff --git a/src/libstrongswan/plugins/ntru/Makefile.in b/src/libstrongswan/plugins/ntru/Makefile.in index 41ec4cec4..2ef9aa8dc 100644 --- a/src/libstrongswan/plugins/ntru/Makefile.in +++ b/src/libstrongswan/plugins/ntru/Makefile.in @@ -312,8 +312,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -414,6 +412,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -442,6 +442,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ @@ -449,8 +453,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libstrongswan AM_CFLAGS = \ - $(PLUGIN_CFLAGS) \ - @COVERAGE_CFLAGS@ + $(PLUGIN_CFLAGS) @MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-ntru.la @MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-ntru.la diff --git a/src/libstrongswan/plugins/openssl/Makefile.in b/src/libstrongswan/plugins/openssl/Makefile.in index 9c0523652..dcf4c2c8a 100644 --- a/src/libstrongswan/plugins/openssl/Makefile.in +++ b/src/libstrongswan/plugins/openssl/Makefile.in @@ -320,8 +320,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -422,6 +420,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -450,6 +450,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libstrongswan/plugins/openssl/openssl_x509.c b/src/libstrongswan/plugins/openssl/openssl_x509.c index e95eb729b..e03a4255d 100644 --- a/src/libstrongswan/plugins/openssl/openssl_x509.c +++ b/src/libstrongswan/plugins/openssl/openssl_x509.c @@ -686,15 +686,13 @@ static bool parse_keyUsage_ext(private_openssl_x509_t *this, { flags |= usage->data[1] << 8; } - switch (flags) + if (flags & X509v3_KU_CRL_SIGN) { - case X509v3_KU_CRL_SIGN: - this->flags |= X509_CRL_SIGN; - break; - case X509v3_KU_KEY_CERT_SIGN: - /* we use the caBasicContraint, MUST be set */ - default: - break; + this->flags |= X509_CRL_SIGN; + } + if (flags & X509v3_KU_KEY_CERT_SIGN) + { + /* we use the caBasicContraint, MUST be set */ } } ASN1_BIT_STRING_free(usage); diff --git a/src/libstrongswan/plugins/padlock/Makefile.in b/src/libstrongswan/plugins/padlock/Makefile.in index b71749589..101119300 100644 --- a/src/libstrongswan/plugins/padlock/Makefile.in +++ b/src/libstrongswan/plugins/padlock/Makefile.in @@ -313,8 +313,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -415,6 +413,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -443,6 +443,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libstrongswan/plugins/pem/Makefile.in b/src/libstrongswan/plugins/pem/Makefile.in index 8ff3dd021..4b69f9f49 100644 --- a/src/libstrongswan/plugins/pem/Makefile.in +++ b/src/libstrongswan/plugins/pem/Makefile.in @@ -311,8 +311,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -413,6 +411,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -441,6 +441,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libstrongswan/plugins/pgp/Makefile.in b/src/libstrongswan/plugins/pgp/Makefile.in index 3ffafd020..8104a2a94 100644 --- a/src/libstrongswan/plugins/pgp/Makefile.in +++ b/src/libstrongswan/plugins/pgp/Makefile.in @@ -311,8 +311,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -413,6 +411,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -441,6 +441,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libstrongswan/plugins/pkcs1/Makefile.in b/src/libstrongswan/plugins/pkcs1/Makefile.in index cbf227680..6f6c6237f 100644 --- a/src/libstrongswan/plugins/pkcs1/Makefile.in +++ b/src/libstrongswan/plugins/pkcs1/Makefile.in @@ -312,8 +312,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -414,6 +412,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -442,6 +442,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libstrongswan/plugins/pkcs11/Makefile.in b/src/libstrongswan/plugins/pkcs11/Makefile.in index ca7b5a8a9..7bf33d967 100644 --- a/src/libstrongswan/plugins/pkcs11/Makefile.in +++ b/src/libstrongswan/plugins/pkcs11/Makefile.in @@ -315,8 +315,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -417,6 +415,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -445,6 +445,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libstrongswan/plugins/pkcs12/Makefile.in b/src/libstrongswan/plugins/pkcs12/Makefile.in index 73f15d26c..d25a1af44 100644 --- a/src/libstrongswan/plugins/pkcs12/Makefile.in +++ b/src/libstrongswan/plugins/pkcs12/Makefile.in @@ -312,8 +312,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -414,6 +412,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -442,6 +442,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libstrongswan/plugins/pkcs7/Makefile.in b/src/libstrongswan/plugins/pkcs7/Makefile.in index 3bf44de30..e5698a302 100644 --- a/src/libstrongswan/plugins/pkcs7/Makefile.in +++ b/src/libstrongswan/plugins/pkcs7/Makefile.in @@ -314,8 +314,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -416,6 +414,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -444,6 +444,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libstrongswan/plugins/pkcs8/Makefile.in b/src/libstrongswan/plugins/pkcs8/Makefile.in index 2066d8792..3ff09f5f2 100644 --- a/src/libstrongswan/plugins/pkcs8/Makefile.in +++ b/src/libstrongswan/plugins/pkcs8/Makefile.in @@ -311,8 +311,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -413,6 +411,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -441,6 +441,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libstrongswan/plugins/pubkey/Makefile.in b/src/libstrongswan/plugins/pubkey/Makefile.in index 04888cde2..02607958f 100644 --- a/src/libstrongswan/plugins/pubkey/Makefile.in +++ b/src/libstrongswan/plugins/pubkey/Makefile.in @@ -312,8 +312,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -414,6 +412,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -442,6 +442,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libstrongswan/plugins/random/Makefile.in b/src/libstrongswan/plugins/random/Makefile.in index 940c5572a..98702d0d3 100644 --- a/src/libstrongswan/plugins/random/Makefile.in +++ b/src/libstrongswan/plugins/random/Makefile.in @@ -312,8 +312,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -414,6 +412,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -442,6 +442,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libstrongswan/plugins/rc2/Makefile.in b/src/libstrongswan/plugins/rc2/Makefile.in index c432cf810..b874e9081 100644 --- a/src/libstrongswan/plugins/rc2/Makefile.in +++ b/src/libstrongswan/plugins/rc2/Makefile.in @@ -310,8 +310,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -412,6 +410,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -440,6 +440,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libstrongswan/plugins/rdrand/Makefile.in b/src/libstrongswan/plugins/rdrand/Makefile.in index 849c89630..40b1d7644 100644 --- a/src/libstrongswan/plugins/rdrand/Makefile.in +++ b/src/libstrongswan/plugins/rdrand/Makefile.in @@ -312,8 +312,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -414,6 +412,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -442,6 +442,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libstrongswan/plugins/revocation/Makefile.in b/src/libstrongswan/plugins/revocation/Makefile.in index 5840c7dd0..8254c1424 100644 --- a/src/libstrongswan/plugins/revocation/Makefile.in +++ b/src/libstrongswan/plugins/revocation/Makefile.in @@ -313,8 +313,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -415,6 +413,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -443,6 +443,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libstrongswan/plugins/sha1/Makefile.in b/src/libstrongswan/plugins/sha1/Makefile.in index fa596e6f4..0c68798a9 100644 --- a/src/libstrongswan/plugins/sha1/Makefile.in +++ b/src/libstrongswan/plugins/sha1/Makefile.in @@ -311,8 +311,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -413,6 +411,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -441,6 +441,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libstrongswan/plugins/sha2/Makefile.in b/src/libstrongswan/plugins/sha2/Makefile.in index 6e3d6a390..109726b6a 100644 --- a/src/libstrongswan/plugins/sha2/Makefile.in +++ b/src/libstrongswan/plugins/sha2/Makefile.in @@ -310,8 +310,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -412,6 +410,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -440,6 +440,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libstrongswan/plugins/sha2/sha2_hasher.c b/src/libstrongswan/plugins/sha2/sha2_hasher.c index 89e7675e3..2c56a2f1b 100644 --- a/src/libstrongswan/plugins/sha2/sha2_hasher.c +++ b/src/libstrongswan/plugins/sha2/sha2_hasher.c @@ -226,7 +226,7 @@ static void sha256_write(private_sha256_hasher_t *ctx, /** * finalize SHA256 hash */ -static void sha256_final(private_sha256_hasher_t *ctx) +static void sha256_final(private_sha256_hasher_t *ctx, u_char *buf, size_t len) { register int j; uint64_t bitLength; @@ -255,8 +255,7 @@ static void sha256_final(private_sha256_hasher_t *ctx) ctx->sha_out[63] = bitLength; sha256_transform(ctx, &ctx->sha_out[0]); - /* return results in ctx->sha_out[0...31] */ - datap = &ctx->sha_out[0]; + datap = buf; j = 0; do { i = ctx->sha_H[j]; @@ -265,7 +264,7 @@ static void sha256_final(private_sha256_hasher_t *ctx) datap[2] = i >> 8; datap[3] = i; datap += 4; - } while(++j < 8); + } while(++j < len / 4); } /* update macros for SHA512 */ @@ -371,7 +370,7 @@ static void sha512_write(private_sha512_hasher_t *ctx, /** * Finalize a SHA384/SHA512 hash */ -static void sha512_final(private_sha512_hasher_t *ctx) +static void sha512_final(private_sha512_hasher_t *ctx, u_char *buf, size_t len) { register int j; uint64_t bitLength, bitLengthMSB; @@ -409,8 +408,7 @@ static void sha512_final(private_sha512_hasher_t *ctx) ctx->sha_out[127] = bitLength; sha512_transform(ctx, &ctx->sha_out[0]); - /* return results in ctx->sha_out[0...63] */ - datap = &ctx->sha_out[0]; + datap = buf; j = 0; do { i = ctx->sha_H[j]; @@ -423,7 +421,7 @@ static void sha512_final(private_sha512_hasher_t *ctx) datap[6] = i >> 8; datap[7] = i; datap += 8; - } while(++j < 8); + } while(++j < len / 8); } METHOD(hasher_t, reset224, bool, @@ -432,7 +430,6 @@ METHOD(hasher_t, reset224, bool, memcpy(&this->sha_H[0], &sha224_hashInit[0], sizeof(this->sha_H)); this->sha_blocks = 0; this->sha_bufCnt = 0; - return TRUE; } @@ -442,7 +439,6 @@ METHOD(hasher_t, reset256, bool, memcpy(&this->sha_H[0], &sha256_hashInit[0], sizeof(this->sha_H)); this->sha_blocks = 0; this->sha_bufCnt = 0; - return TRUE; } @@ -453,7 +449,6 @@ METHOD(hasher_t, reset384, bool, this->sha_blocks = 0; this->sha_blocksMSB = 0; this->sha_bufCnt = 0; - return TRUE; } @@ -464,7 +459,6 @@ METHOD(hasher_t, reset512, bool, this->sha_blocks = 0; this->sha_blocksMSB = 0; this->sha_bufCnt = 0; - return TRUE; } @@ -474,8 +468,7 @@ METHOD(hasher_t, get_hash224, bool, sha256_write(this, chunk.ptr, chunk.len); if (buffer != NULL) { - sha256_final(this); - memcpy(buffer, this->sha_out, HASH_SIZE_SHA224); + sha256_final(this, buffer, HASH_SIZE_SHA224); reset224(this); } return TRUE; @@ -487,8 +480,7 @@ METHOD(hasher_t, get_hash256, bool, sha256_write(this, chunk.ptr, chunk.len); if (buffer != NULL) { - sha256_final(this); - memcpy(buffer, this->sha_out, HASH_SIZE_SHA256); + sha256_final(this, buffer, HASH_SIZE_SHA256); reset256(this); } return TRUE; @@ -500,8 +492,7 @@ METHOD(hasher_t, get_hash384, bool, sha512_write(this, chunk.ptr, chunk.len); if (buffer != NULL) { - sha512_final(this); - memcpy(buffer, this->sha_out, HASH_SIZE_SHA384); + sha512_final(this, buffer, HASH_SIZE_SHA384); reset384(this); } return TRUE; @@ -513,8 +504,7 @@ METHOD(hasher_t, get_hash512, bool, sha512_write(this, chunk.ptr, chunk.len); if (buffer != NULL) { - sha512_final(this); - memcpy(buffer, this->sha_out, HASH_SIZE_SHA512); + sha512_final(this, buffer, HASH_SIZE_SHA512); reset512(this); } return TRUE; @@ -523,69 +513,49 @@ METHOD(hasher_t, get_hash512, bool, METHOD(hasher_t, allocate_hash224, bool, private_sha256_hasher_t *this, chunk_t chunk, chunk_t *hash) { - chunk_t allocated_hash; + chunk_t allocated_hash = chunk_empty; - sha256_write(this, chunk.ptr, chunk.len); - if (hash != NULL) + if (hash) { - sha256_final(this); - allocated_hash = chunk_alloc(HASH_SIZE_SHA224); - memcpy(allocated_hash.ptr, this->sha_out, HASH_SIZE_SHA224); - reset224(this); - *hash = allocated_hash; + *hash = allocated_hash = chunk_alloc(HASH_SIZE_SHA224); } - return TRUE; + return get_hash224(this, chunk, allocated_hash.ptr); } METHOD(hasher_t, allocate_hash256, bool, private_sha256_hasher_t *this, chunk_t chunk, chunk_t *hash) { - chunk_t allocated_hash; + chunk_t allocated_hash = chunk_empty; - sha256_write(this, chunk.ptr, chunk.len); - if (hash != NULL) + if (hash) { - sha256_final(this); - allocated_hash = chunk_alloc(HASH_SIZE_SHA256); - memcpy(allocated_hash.ptr, this->sha_out, HASH_SIZE_SHA256); - reset256(this); - *hash = allocated_hash; + *hash = allocated_hash = chunk_alloc(HASH_SIZE_SHA256); } - return TRUE; + return get_hash256(this, chunk, allocated_hash.ptr); } METHOD(hasher_t, allocate_hash384, bool, private_sha512_hasher_t *this, chunk_t chunk, chunk_t *hash) { - chunk_t allocated_hash; + chunk_t allocated_hash = chunk_empty; - sha512_write(this, chunk.ptr, chunk.len); - if (hash != NULL) + if (hash) { - sha512_final(this); - allocated_hash = chunk_alloc(HASH_SIZE_SHA384); - memcpy(allocated_hash.ptr, this->sha_out, HASH_SIZE_SHA384); - reset384(this); - *hash = allocated_hash; + *hash = allocated_hash = chunk_alloc(HASH_SIZE_SHA384); } - return TRUE; + return get_hash384(this, chunk, allocated_hash.ptr); } METHOD(hasher_t, allocate_hash512, bool, private_sha512_hasher_t *this, chunk_t chunk, chunk_t *hash) { - chunk_t allocated_hash; + chunk_t allocated_hash = chunk_empty; - sha512_write(this, chunk.ptr, chunk.len); - if (hash != NULL) + if (hash) { - sha512_final(this); - allocated_hash = chunk_alloc(HASH_SIZE_SHA512); - memcpy(allocated_hash.ptr, this->sha_out, HASH_SIZE_SHA512); - reset512(this); - *hash = allocated_hash; + *hash = allocated_hash = chunk_alloc(HASH_SIZE_SHA512); } - return TRUE; + return get_hash512(this, chunk, allocated_hash.ptr); } METHOD(hasher_t, get_hash_size224, size_t, diff --git a/src/libstrongswan/plugins/sha3/Makefile.in b/src/libstrongswan/plugins/sha3/Makefile.in index 2c249343c..a1f79740b 100644 --- a/src/libstrongswan/plugins/sha3/Makefile.in +++ b/src/libstrongswan/plugins/sha3/Makefile.in @@ -311,8 +311,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -413,6 +411,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -441,6 +441,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libstrongswan/plugins/soup/Makefile.in b/src/libstrongswan/plugins/soup/Makefile.in index 02e398729..ceccab7f1 100644 --- a/src/libstrongswan/plugins/soup/Makefile.in +++ b/src/libstrongswan/plugins/soup/Makefile.in @@ -311,8 +311,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -413,6 +411,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -441,6 +441,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libstrongswan/plugins/sqlite/Makefile.in b/src/libstrongswan/plugins/sqlite/Makefile.in index 5e23cb91c..39d705622 100644 --- a/src/libstrongswan/plugins/sqlite/Makefile.in +++ b/src/libstrongswan/plugins/sqlite/Makefile.in @@ -313,8 +313,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -415,6 +413,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -443,6 +443,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libstrongswan/plugins/sshkey/Makefile.in b/src/libstrongswan/plugins/sshkey/Makefile.in index a6663999d..ded2bf8f1 100644 --- a/src/libstrongswan/plugins/sshkey/Makefile.in +++ b/src/libstrongswan/plugins/sshkey/Makefile.in @@ -313,8 +313,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -415,6 +413,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -443,6 +443,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libstrongswan/plugins/test_vectors/Makefile.in b/src/libstrongswan/plugins/test_vectors/Makefile.in index 33c5720a4..b7332d4a7 100644 --- a/src/libstrongswan/plugins/test_vectors/Makefile.in +++ b/src/libstrongswan/plugins/test_vectors/Makefile.in @@ -331,8 +331,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -433,6 +431,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -461,6 +461,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libstrongswan/plugins/unbound/Makefile.in b/src/libstrongswan/plugins/unbound/Makefile.in index 15c8c27cc..93159ff17 100644 --- a/src/libstrongswan/plugins/unbound/Makefile.in +++ b/src/libstrongswan/plugins/unbound/Makefile.in @@ -313,8 +313,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -415,6 +413,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -443,6 +443,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libstrongswan/plugins/winhttp/Makefile.in b/src/libstrongswan/plugins/winhttp/Makefile.in index b417d6e66..91033262d 100644 --- a/src/libstrongswan/plugins/winhttp/Makefile.in +++ b/src/libstrongswan/plugins/winhttp/Makefile.in @@ -313,8 +313,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -415,6 +413,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -443,6 +443,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libstrongswan/plugins/x509/Makefile.in b/src/libstrongswan/plugins/x509/Makefile.in index e1ed6b7ee..3596d1f85 100644 --- a/src/libstrongswan/plugins/x509/Makefile.in +++ b/src/libstrongswan/plugins/x509/Makefile.in @@ -312,8 +312,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -414,6 +412,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -442,6 +442,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libstrongswan/plugins/x509/x509_ocsp_request.c b/src/libstrongswan/plugins/x509/x509_ocsp_request.c index e32f8eefe..aef76af32 100644 --- a/src/libstrongswan/plugins/x509/x509_ocsp_request.c +++ b/src/libstrongswan/plugins/x509/x509_ocsp_request.c @@ -209,7 +209,8 @@ static chunk_t build_nonce(private_x509_ocsp_request_t *this) } rng->destroy(rng); return asn1_wrap(ASN1_SEQUENCE, "cm", ASN1_nonce_oid, - asn1_simple_object(ASN1_OCTET_STRING, this->nonce)); + asn1_wrap(ASN1_OCTET_STRING, "m", + asn1_simple_object(ASN1_OCTET_STRING, this->nonce))); } /** diff --git a/src/libstrongswan/plugins/xcbc/Makefile.in b/src/libstrongswan/plugins/xcbc/Makefile.in index a23130851..d5d47694f 100644 --- a/src/libstrongswan/plugins/xcbc/Makefile.in +++ b/src/libstrongswan/plugins/xcbc/Makefile.in @@ -310,8 +310,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -412,6 +410,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -440,6 +440,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libstrongswan/tests/Makefile.in b/src/libstrongswan/tests/Makefile.in index 279e179ea..ce0ad3772 100644 --- a/src/libstrongswan/tests/Makefile.in +++ b/src/libstrongswan/tests/Makefile.in @@ -351,8 +351,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -453,6 +451,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -481,6 +481,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libstrongswan/tests/suites/test_settings.c b/src/libstrongswan/tests/suites/test_settings.c index 5ddd0bb9a..9d0a6dea1 100644 --- a/src/libstrongswan/tests/suites/test_settings.c +++ b/src/libstrongswan/tests/suites/test_settings.c @@ -549,10 +549,14 @@ END_TEST #ifdef WIN32 # define include1 "C:\\Windows\\Temp\\strongswan-settings-test-include1" +# define include1_str "C:\\\\Windows\\\\Temp\\\\strongswan-settings-test-include1" # define include2 "C:\\Windows\\Temp\\strongswan-settings-test-include2" +# define include2_str "C:\\\\Windows\\\\Temp\\\\strongswan-settings-test-include2" #else # define include1 "/tmp/strongswan-settings-test-include1" +# define include1_str include1 # define include2 "/tmp/strongswan-settings-test-include2" +# define include2_str include2 #endif static char *include_content1 = @@ -638,10 +642,10 @@ START_TEST(test_include_string) " include this/does/not/exist.conf\n" " include = value\n" " key2 = value2\n" - " include \"" include2 "\"\n" + " include \"" include2_str "\"\n" " }\n" "}\n" - "include \"" include1 "\""); + "include \"" include1_str "\""); create_settings(contents); verify_include(); diff --git a/src/libstrongswan/tests/test_suite.c b/src/libstrongswan/tests/test_suite.c index 0af34c847..8541cdaef 100644 --- a/src/libstrongswan/tests/test_suite.c +++ b/src/libstrongswan/tests/test_suite.c @@ -381,7 +381,7 @@ void test_setup_handler() sigaction(SIGSEGV, &action, NULL); sigaction(SIGILL, &action, NULL); sigaction(SIGBUS, &action, NULL); - /* ignore ALRM/USR1, these are catched by main thread only */ + /* ignore ALRM/USR1, these are caught by main thread only */ action.sa_handler = SIG_IGN; sigaction(SIGALRM, &action, NULL); sigaction(SIGUSR1, &action, NULL); diff --git a/src/libstrongswan/tests/tests.h b/src/libstrongswan/tests/tests.h index 79a88e27d..c19cac25a 100644 --- a/src/libstrongswan/tests/tests.h +++ b/src/libstrongswan/tests/tests.h @@ -41,7 +41,7 @@ TEST_SUITE(auth_cfg_suite_create) TEST_SUITE(hasher_suite_create) TEST_SUITE(crypter_suite_create) TEST_SUITE(crypto_factory_suite_create) -TEST_SUITE(iv_gen_suite_create) +TEST_SUITE_DEPEND(iv_gen_suite_create, RNG, RNG_STRONG) TEST_SUITE(pen_suite_create) TEST_SUITE(asn1_suite_create) TEST_SUITE(asn1_parser_suite_create) diff --git a/src/libstrongswan/utils/utils/memory.c b/src/libstrongswan/utils/utils/memory.c index 30c6f546c..4b4b6ccee 100644 --- a/src/libstrongswan/utils/utils/memory.c +++ b/src/libstrongswan/utils/utils/memory.c @@ -20,7 +20,7 @@ /** * Described in header. */ -void memxor(uint8_t dst[], uint8_t src[], size_t n) +void memxor(uint8_t dst[], const uint8_t src[], size_t n) { int m, i; diff --git a/src/libstrongswan/utils/utils/memory.h b/src/libstrongswan/utils/utils/memory.h index b978e7c48..e84033010 100644 --- a/src/libstrongswan/utils/utils/memory.h +++ b/src/libstrongswan/utils/utils/memory.h @@ -80,7 +80,7 @@ static inline void *memset_noop(void *s, int c, size_t n) /** * Same as memcpy, but XORs src into dst instead of copy */ -void memxor(uint8_t dest[], uint8_t src[], size_t n); +void memxor(uint8_t dest[], const uint8_t src[], size_t n); /** * Safely overwrite n bytes of memory at ptr with zero, non-inlining variant. diff --git a/src/libtls/Makefile.in b/src/libtls/Makefile.in index ee1d7fc7e..292d10f0b 100644 --- a/src/libtls/Makefile.in +++ b/src/libtls/Makefile.in @@ -363,8 +363,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -465,6 +463,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -493,6 +493,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libtls/tests/Makefile.in b/src/libtls/tests/Makefile.in index 8c87e1dd0..2e2c3debf 100644 --- a/src/libtls/tests/Makefile.in +++ b/src/libtls/tests/Makefile.in @@ -307,8 +307,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -409,6 +407,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -437,6 +437,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libtls/tls.h b/src/libtls/tls.h index f3dc198cf..f832ef50e 100644 --- a/src/libtls/tls.h +++ b/src/libtls/tls.h @@ -169,7 +169,7 @@ struct tls_t { * Query upper layer for one or more TLS records, build fragments. * * The TLS stack automatically fragments the records to the given buffer - * size. Fragmentation is indicated by the reclen ouput parameter and + * size. Fragmentation is indicated by the reclen output parameter and * the return value. For the first fragment of a TLS record, a non-zero * record length is returned in reclen. If more fragments follow, NEED_MORE * is returned. A return value of ALREADY_DONE indicates that the final diff --git a/src/libtls/tls_aead.h b/src/libtls/tls_aead.h index 8b5cda5a7..389a498a5 100644 --- a/src/libtls/tls_aead.h +++ b/src/libtls/tls_aead.h @@ -75,7 +75,7 @@ struct tls_aead_t { size_t (*get_mac_key_size)(tls_aead_t *this); /** - * Get the encrytion key size, if used. + * Get the encryption key size, if used. * * @return key size, in bytes, 0 if not used */ diff --git a/src/libtnccs/Android.mk b/src/libtnccs/Android.mk index e37973202..ba7496517 100644 --- a/src/libtnccs/Android.mk +++ b/src/libtnccs/Android.mk @@ -16,7 +16,7 @@ LOCAL_SRC_FILES := $(filter %.c,$(libtnccs_la_SOURCES)) LOCAL_SRC_FILES += $(call add_plugin, tnc-imc) ifneq ($(call plugin_enabled, tnc-imc),) -LOCAL_SHARED_LIBRARIES += libdl +LOCAL_LDLIBS += -ldl endif LOCAL_SRC_FILES += $(call add_plugin, tnc-tnccs) diff --git a/src/libtnccs/Makefile.in b/src/libtnccs/Makefile.in index 653d841a3..9a7639e06 100644 --- a/src/libtnccs/Makefile.in +++ b/src/libtnccs/Makefile.in @@ -367,8 +367,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -469,6 +467,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -497,6 +497,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libtnccs/plugins/tnc_imc/Makefile.in b/src/libtnccs/plugins/tnc_imc/Makefile.in index 84dbf1461..5824c4597 100644 --- a/src/libtnccs/plugins/tnc_imc/Makefile.in +++ b/src/libtnccs/plugins/tnc_imc/Makefile.in @@ -315,8 +315,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -417,6 +415,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -445,6 +445,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libtnccs/plugins/tnc_imv/Makefile.in b/src/libtnccs/plugins/tnc_imv/Makefile.in index 5fd128faa..4de4bccb3 100644 --- a/src/libtnccs/plugins/tnc_imv/Makefile.in +++ b/src/libtnccs/plugins/tnc_imv/Makefile.in @@ -316,8 +316,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -418,6 +416,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -446,6 +446,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libtnccs/plugins/tnc_tnccs/Makefile.in b/src/libtnccs/plugins/tnc_tnccs/Makefile.in index acddd84a2..a8607d3b4 100644 --- a/src/libtnccs/plugins/tnc_tnccs/Makefile.in +++ b/src/libtnccs/plugins/tnc_tnccs/Makefile.in @@ -315,8 +315,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -417,6 +415,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -445,6 +445,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libtnccs/plugins/tnccs_11/Makefile.in b/src/libtnccs/plugins/tnccs_11/Makefile.in index b6b80749b..eac0e1f63 100644 --- a/src/libtnccs/plugins/tnccs_11/Makefile.in +++ b/src/libtnccs/plugins/tnccs_11/Makefile.in @@ -325,8 +325,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -427,6 +425,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -455,6 +455,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libtnccs/plugins/tnccs_20/Makefile.in b/src/libtnccs/plugins/tnccs_20/Makefile.in index 2a1d327b4..0d1e73aa4 100644 --- a/src/libtnccs/plugins/tnccs_20/Makefile.in +++ b/src/libtnccs/plugins/tnccs_20/Makefile.in @@ -328,8 +328,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -430,6 +428,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -458,6 +458,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libtnccs/plugins/tnccs_dynamic/Makefile.in b/src/libtnccs/plugins/tnccs_dynamic/Makefile.in index 65201ddaa..ebe42fe5d 100644 --- a/src/libtnccs/plugins/tnccs_dynamic/Makefile.in +++ b/src/libtnccs/plugins/tnccs_dynamic/Makefile.in @@ -315,8 +315,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -417,6 +415,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -445,6 +445,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libtncif/Makefile.in b/src/libtncif/Makefile.in index 2432a704f..1fc797c7f 100644 --- a/src/libtncif/Makefile.in +++ b/src/libtncif/Makefile.in @@ -277,8 +277,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -379,6 +377,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -407,6 +407,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libtncif/tncif_pa_subtypes.c b/src/libtncif/tncif_pa_subtypes.c index d83c3255d..2789e7d3e 100644 --- a/src/libtncif/tncif_pa_subtypes.c +++ b/src/libtncif/tncif_pa_subtypes.c @@ -1,6 +1,5 @@ /* - * Copyright (C) 2010-2015 Andreas Steffen - * + * Copyright (C) 2010-2017 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -17,7 +16,7 @@ #include "tncif_pa_subtypes.h" /* IETF PA Subtype names */ -ENUM_BEGIN(pa_subtype_ietf_names, PA_SUBTYPE_IETF_TESTING, PA_SUBTYPE_IETF_NEA_CLIENT, +ENUM_BEGIN(pa_subtype_ietf_names, PA_SUBTYPE_IETF_TESTING, PA_SUBTYPE_IETF_SW, "Testing", "Operating System", "Anti-Virus", @@ -26,10 +25,11 @@ ENUM_BEGIN(pa_subtype_ietf_names, PA_SUBTYPE_IETF_TESTING, PA_SUBTYPE_IETF_NEA_C "Firewall", "IDPS", "VPN", - "NEA Client" + "NEA Client", + "Software" ); ENUM_NEXT(pa_subtype_ietf_names, PA_SUBTYPE_IETF_ANY, PA_SUBTYPE_IETF_ANY, - PA_SUBTYPE_IETF_NEA_CLIENT, + PA_SUBTYPE_IETF_SW, "ANY" ); ENUM_END(pa_subtype_ietf_names, PA_SUBTYPE_IETF_ANY); diff --git a/src/libtncif/tncif_pa_subtypes.h b/src/libtncif/tncif_pa_subtypes.h index d6dcad025..696441029 100644 --- a/src/libtncif/tncif_pa_subtypes.h +++ b/src/libtncif/tncif_pa_subtypes.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2011-2015 Andreas Steffen + * Copyright (C) 2011-2017 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -43,6 +43,7 @@ typedef enum pa_subtype_ita_t pa_subtype_ita_t; PA_SUBTYPE_IETF_IDPS = 0x06, PA_SUBTYPE_IETF_VPN = 0x07, PA_SUBTYPE_IETF_NEA_CLIENT = 0x08, + PA_SUBTYPE_IETF_SW = 0x09, PA_SUBTYPE_IETF_ANY = 0xff }; diff --git a/src/libtpmtss/Makefile.in b/src/libtpmtss/Makefile.in index 405d717d9..90d5e54f5 100644 --- a/src/libtpmtss/Makefile.in +++ b/src/libtpmtss/Makefile.in @@ -355,8 +355,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -457,6 +455,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -485,6 +485,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libtpmtss/plugins/tpm/Makefile.in b/src/libtpmtss/plugins/tpm/Makefile.in index eb9489eb4..f80c0f736 100644 --- a/src/libtpmtss/plugins/tpm/Makefile.in +++ b/src/libtpmtss/plugins/tpm/Makefile.in @@ -312,8 +312,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -414,6 +412,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -442,6 +442,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libtpmtss/tpm_tss_tss2.c b/src/libtpmtss/tpm_tss_tss2.c index 9a4b9a40c..dcba05c43 100644 --- a/src/libtpmtss/tpm_tss_tss2.c +++ b/src/libtpmtss/tpm_tss_tss2.c @@ -23,8 +23,18 @@ #include #include + +#ifdef TSS2_TCTI_TABRMD +#include +#endif /* TSS2_TCTI_TABRMD */ + +#ifdef TSS2_TCTI_SOCKET #include +#define TCTI_SOCKET_DEFAULT_ADDRESS "127.0.0.1" +#define TCTI_SOCKET_DEFAULT_PORT 2323 +#endif /* TSS2_TCTI_SOCKET */ + #define LABEL "TPM 2.0 -" typedef struct private_tpm_tss_tss2_t private_tpm_tss_tss2_t; @@ -209,23 +219,52 @@ static bool get_algs_capability(private_tpm_tss_tss2_t *this) } /** - * Initialize TSS context + * Initialize TSS2 TCTI TABRMD context */ -static bool initialize_context(private_tpm_tss_tss2_t *this) +static bool initialize_tcti_tabrmd_context(private_tpm_tss_tss2_t *this) { +#ifdef TSS2_TCTI_TABRMD size_t tcti_context_size; - uint32_t sys_context_size; uint32_t rval; - TCTI_SOCKET_CONF rm_if_config = { DEFAULT_HOSTNAME, - DEFAULT_RESMGR_TPM_PORT - }; + /* determine size of tcti context */ + rval = tss2_tcti_tabrmd_init(NULL, &tcti_context_size); + if (rval != TSS2_RC_SUCCESS) + { + DBG1(DBG_PTS, "%s could not get tcti_context size: 0x%06x", + LABEL, rval); + return FALSE; + } - TSS2_ABI_VERSION abi_version = { TSSWG_INTEROP, - TSS_SAPI_FIRST_FAMILY, - TSS_SAPI_FIRST_LEVEL, - TSS_SAPI_FIRST_VERSION - }; + /* allocate memory for tcti context */ + this->tcti_context = (TSS2_TCTI_CONTEXT*)malloc(tcti_context_size); + + /* initialize tcti context */ + rval = tss2_tcti_tabrmd_init(this->tcti_context, &tcti_context_size); + if (rval != TSS2_RC_SUCCESS) + { + DBG1(DBG_PTS, "%s could not get tcti_context: 0x%06x " + "via tabrmd interface", LABEL, rval); + return FALSE; + } + return TRUE; +#else /* TSS2_TCTI_TABRMD */ + return FALSE; +#endif /* TSS2_TCTI_TABRMD */ +} + +/** + * Initialize TSS2 TCTI Socket context + */ +static bool initialize_tcti_socket_context(private_tpm_tss_tss2_t *this) +{ +#ifdef TSS2_TCTI_SOCKET + size_t tcti_context_size; + uint32_t rval; + + TCTI_SOCKET_CONF rm_if_config = { TCTI_SOCKET_DEFAULT_ADDRESS, + TCTI_SOCKET_DEFAULT_PORT + }; /* determine size of tcti context */ rval = InitSocketTcti(NULL, &tcti_context_size, &rm_if_config, 0); @@ -244,10 +283,29 @@ static bool initialize_context(private_tpm_tss_tss2_t *this) &rm_if_config, 0); if (rval != TSS2_RC_SUCCESS) { - DBG1(DBG_PTS, "%s could not get tcti_context: 0x%06x", - LABEL, rval); + DBG1(DBG_PTS, "%s could not get tcti_context: 0x%06x " + "via socket interface", LABEL, rval); return FALSE; } + return TRUE; +#else /* TSS2_TCTI_SOCKET */ + return FALSE; +#endif /* TSS2_TCTI_SOCKET */ +} + +/** + * Initialize TSS2 Sys context + */ +static bool initialize_sys_context(private_tpm_tss_tss2_t *this) +{ + uint32_t sys_context_size; + uint32_t rval; + + TSS2_ABI_VERSION abi_version = { TSSWG_INTEROP, + TSS_SAPI_FIRST_FAMILY, + TSS_SAPI_FIRST_LEVEL, + TSS_SAPI_FIRST_VERSION + }; /* determine size of sys context */ sys_context_size = Tss2_Sys_GetContextSize(0); @@ -885,7 +943,15 @@ tpm_tss_t *tpm_tss_tss2_create() }, ); - available = initialize_context(this); + available = initialize_tcti_tabrmd_context(this); + if (!available) + { + available = initialize_tcti_socket_context(this); + } + if (available) + { + available = initialize_sys_context(this); + } DBG1(DBG_PTS, "TPM 2.0 via TSS2 %savailable", available ? "" : "not "); if (!available) diff --git a/src/manager/Makefile.in b/src/manager/Makefile.in index 58c247e1b..0c128c1a8 100644 --- a/src/manager/Makefile.in +++ b/src/manager/Makefile.in @@ -329,8 +329,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -431,6 +429,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -459,6 +459,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/medsrv/Makefile.in b/src/medsrv/Makefile.in index 7561ad91c..6ebe48691 100644 --- a/src/medsrv/Makefile.in +++ b/src/medsrv/Makefile.in @@ -318,8 +318,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -420,6 +418,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -448,6 +448,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/pki/Makefile.in b/src/pki/Makefile.in index ed95d812a..58de24aca 100644 --- a/src/pki/Makefile.in +++ b/src/pki/Makefile.in @@ -331,8 +331,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -433,6 +431,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -461,6 +461,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/pki/man/Makefile.in b/src/pki/man/Makefile.in index a469f8b1c..bf8092bd4 100644 --- a/src/pki/man/Makefile.in +++ b/src/pki/man/Makefile.in @@ -268,8 +268,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -370,6 +368,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -398,6 +398,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/pki/man/pki---print.1.in b/src/pki/man/pki---print.1.in index 65fb8bc46..ad85fb381 100644 --- a/src/pki/man/pki---print.1.in +++ b/src/pki/man/pki---print.1.in @@ -46,9 +46,9 @@ Input file. If not given the input is read from \fISTDIN\fR. .BI "\-t, \-\-type " type Type of input. One of \fIx509\fR (X.509 certificate), \fIcrl\fR (Certificate Revocation List, CRL), \fIac\fR (Attribute Certificate), \fIpub\fR (public key), -\fpriv\fR (private key), \fIrsa\fR (RSA private key), \fIecdsa\fR (ECDSA private -key), \fIed25519\fR (Ed25519 private key), \fIbliss\fR (BLISS private key), -\fIpriv\fR (private key), defaults to \fIx509\fR. +\fIpriv\fR (private key), \fIrsa\fR (RSA private key), \fIecdsa\fR (ECDSA +private key), \fIed25519\fR (Ed25519 private key), \fIbliss\fR (BLISS private +key), defaults to \fIx509\fR. . .SH "SEE ALSO" . diff --git a/src/pool/Makefile.in b/src/pool/Makefile.in index 415de5503..1da001d09 100644 --- a/src/pool/Makefile.in +++ b/src/pool/Makefile.in @@ -313,8 +313,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -415,6 +413,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -443,6 +443,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/pt-tls-client/Makefile.am b/src/pt-tls-client/Makefile.am index 8d1567eef..a17b5ddf0 100644 --- a/src/pt-tls-client/Makefile.am +++ b/src/pt-tls-client/Makefile.am @@ -1,4 +1,4 @@ -ipsec_PROGRAMS = pt-tls-client +bin_PROGRAMS = pt-tls-client pt_tls_client_SOURCES = pt-tls-client.c @@ -19,3 +19,7 @@ pt_tls_client_LDADD = \ $(top_builddir)/src/libpttls/libpttls.la \ $(top_builddir)/src/libtnccs/libtnccs.la +man1_MANS = pt-tls-client.1 + +CLEANFILES = $(man1_MANS) + diff --git a/src/pt-tls-client/Makefile.in b/src/pt-tls-client/Makefile.in index 7912c6058..820bec9f3 100644 --- a/src/pt-tls-client/Makefile.in +++ b/src/pt-tls-client/Makefile.in @@ -88,7 +88,7 @@ PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ -ipsec_PROGRAMS = pt-tls-client$(EXEEXT) +bin_PROGRAMS = pt-tls-client$(EXEEXT) subdir = src/pt-tls-client ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ @@ -106,10 +106,10 @@ am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h -CONFIG_CLEAN_FILES = +CONFIG_CLEAN_FILES = pt-tls-client.1 CONFIG_CLEAN_VPATH_FILES = -am__installdirs = "$(DESTDIR)$(ipsecdir)" -PROGRAMS = $(ipsec_PROGRAMS) +am__installdirs = "$(DESTDIR)$(bindir)" "$(DESTDIR)$(man1dir)" +PROGRAMS = $(bin_PROGRAMS) am_pt_tls_client_OBJECTS = pt-tls-client.$(OBJEXT) pt_tls_client_OBJECTS = $(am_pt_tls_client_OBJECTS) pt_tls_client_DEPENDENCIES = \ @@ -162,6 +162,36 @@ am__can_run_installinfo = \ n|no|NO) false;; \ *) (install-info --version) >/dev/null 2>&1;; \ esac +am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; +am__vpath_adj = case $$p in \ + $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ + *) f=$$p;; \ + esac; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' +am__uninstall_files_from_dir = { \ + test -z "$$files" \ + || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ + || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ + $(am__cd) "$$dir" && rm -f $$files; }; \ + } +man1dir = $(mandir)/man1 +NROFF = nroff +MANS = $(man1_MANS) am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) # Read a list of newline-separated strings from the standard input, # and print each of them once, without duplicates. Input order is @@ -181,7 +211,8 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags -am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp +am__DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/pt-tls-client.1.in \ + $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ @@ -282,8 +313,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -384,6 +413,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -412,6 +443,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ @@ -431,6 +466,8 @@ pt_tls_client_LDADD = \ $(top_builddir)/src/libpttls/libpttls.la \ $(top_builddir)/src/libtnccs/libtnccs.la +man1_MANS = pt-tls-client.1 +CLEANFILES = $(man1_MANS) all: all-am .SUFFIXES: @@ -464,12 +501,14 @@ $(top_srcdir)/configure: $(am__configure_deps) $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): -install-ipsecPROGRAMS: $(ipsec_PROGRAMS) +pt-tls-client.1: $(top_builddir)/config.status $(srcdir)/pt-tls-client.1.in + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ +install-binPROGRAMS: $(bin_PROGRAMS) @$(NORMAL_INSTALL) - @list='$(ipsec_PROGRAMS)'; test -n "$(ipsecdir)" || list=; \ + @list='$(bin_PROGRAMS)'; test -n "$(bindir)" || list=; \ if test -n "$$list"; then \ - echo " $(MKDIR_P) '$(DESTDIR)$(ipsecdir)'"; \ - $(MKDIR_P) "$(DESTDIR)$(ipsecdir)" || exit 1; \ + echo " $(MKDIR_P) '$(DESTDIR)$(bindir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(bindir)" || exit 1; \ fi; \ for p in $$list; do echo "$$p $$p"; done | \ sed 's/$(EXEEXT)$$//' | \ @@ -489,24 +528,24 @@ install-ipsecPROGRAMS: $(ipsec_PROGRAMS) while read type dir files; do \ if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \ test -z "$$files" || { \ - echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files '$(DESTDIR)$(ipsecdir)$$dir'"; \ - $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files "$(DESTDIR)$(ipsecdir)$$dir" || exit $$?; \ + echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files '$(DESTDIR)$(bindir)$$dir'"; \ + $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files "$(DESTDIR)$(bindir)$$dir" || exit $$?; \ } \ ; done -uninstall-ipsecPROGRAMS: +uninstall-binPROGRAMS: @$(NORMAL_UNINSTALL) - @list='$(ipsec_PROGRAMS)'; test -n "$(ipsecdir)" || list=; \ + @list='$(bin_PROGRAMS)'; test -n "$(bindir)" || list=; \ files=`for p in $$list; do echo "$$p"; done | \ sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \ -e 's/$$/$(EXEEXT)/' \ `; \ test -n "$$list" || exit 0; \ - echo " ( cd '$(DESTDIR)$(ipsecdir)' && rm -f" $$files ")"; \ - cd "$(DESTDIR)$(ipsecdir)" && rm -f $$files + echo " ( cd '$(DESTDIR)$(bindir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(bindir)" && rm -f $$files -clean-ipsecPROGRAMS: - @list='$(ipsec_PROGRAMS)'; test -n "$$list" || exit 0; \ +clean-binPROGRAMS: + @list='$(bin_PROGRAMS)'; test -n "$$list" || exit 0; \ echo " rm -f" $$list; \ rm -f $$list || exit $$?; \ test -n "$(EXEEXT)" || exit 0; \ @@ -555,6 +594,47 @@ mostlyclean-libtool: clean-libtool: -rm -rf .libs _libs +install-man1: $(man1_MANS) + @$(NORMAL_INSTALL) + @list1='$(man1_MANS)'; \ + list2=''; \ + test -n "$(man1dir)" \ + && test -n "`echo $$list1$$list2`" \ + || exit 0; \ + echo " $(MKDIR_P) '$(DESTDIR)$(man1dir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(man1dir)" || exit 1; \ + { for i in $$list1; do echo "$$i"; done; \ + if test -n "$$list2"; then \ + for i in $$list2; do echo "$$i"; done \ + | sed -n '/\.1[a-z]*$$/p'; \ + fi; \ + } | while read p; do \ + if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; echo "$$p"; \ + done | \ + sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^1][0-9a-z]*$$,1,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \ + sed 'N;N;s,\n, ,g' | { \ + list=; while read file base inst; do \ + if test "$$base" = "$$inst"; then list="$$list $$file"; else \ + echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man1dir)/$$inst'"; \ + $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man1dir)/$$inst" || exit $$?; \ + fi; \ + done; \ + for i in $$list; do echo "$$i"; done | $(am__base_list) | \ + while read files; do \ + test -z "$$files" || { \ + echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man1dir)'"; \ + $(INSTALL_DATA) $$files "$(DESTDIR)$(man1dir)" || exit $$?; }; \ + done; } + +uninstall-man1: + @$(NORMAL_UNINSTALL) + @list='$(man1_MANS)'; test -n "$(man1dir)" || exit 0; \ + files=`{ for i in $$list; do echo "$$i"; done; \ + } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^1][0-9a-z]*$$,1,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ + dir='$(DESTDIR)$(man1dir)'; $(am__uninstall_files_from_dir) ID: $(am__tagged_files) $(am__define_uniq_tagged_files); mkid -fID $$unique @@ -640,9 +720,9 @@ distdir: $(DISTFILES) done check-am: all-am check: check-am -all-am: Makefile $(PROGRAMS) +all-am: Makefile $(PROGRAMS) $(MANS) installdirs: - for dir in "$(DESTDIR)$(ipsecdir)"; do \ + for dir in "$(DESTDIR)$(bindir)" "$(DESTDIR)$(man1dir)"; do \ test -z "$$dir" || $(MKDIR_P) "$$dir"; \ done install: install-am @@ -667,6 +747,7 @@ install-strip: mostlyclean-generic: clean-generic: + -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) @@ -677,8 +758,7 @@ maintainer-clean-generic: @echo "it deletes files that may require special tools to rebuild." clean: clean-am -clean-am: clean-generic clean-ipsecPROGRAMS clean-libtool \ - mostlyclean-am +clean-am: clean-binPROGRAMS clean-generic clean-libtool mostlyclean-am distclean: distclean-am -rm -rf ./$(DEPDIR) @@ -698,13 +778,13 @@ info: info-am info-am: -install-data-am: install-ipsecPROGRAMS +install-data-am: install-man install-dvi: install-dvi-am install-dvi-am: -install-exec-am: +install-exec-am: install-binPROGRAMS install-html: install-html-am @@ -714,7 +794,7 @@ install-info: install-info-am install-info-am: -install-man: +install-man: install-man1 install-pdf: install-pdf-am @@ -744,23 +824,26 @@ ps: ps-am ps-am: -uninstall-am: uninstall-ipsecPROGRAMS +uninstall-am: uninstall-binPROGRAMS uninstall-man + +uninstall-man: uninstall-man1 .MAKE: install-am install-strip -.PHONY: CTAGS GTAGS TAGS all all-am check check-am clean clean-generic \ - clean-ipsecPROGRAMS clean-libtool cscopelist-am ctags ctags-am \ - distclean distclean-compile distclean-generic \ +.PHONY: CTAGS GTAGS TAGS all all-am check check-am clean \ + clean-binPROGRAMS clean-generic clean-libtool cscopelist-am \ + ctags ctags-am distclean distclean-compile distclean-generic \ distclean-libtool distclean-tags distdir dvi dvi-am html \ - html-am info info-am install install-am install-data \ - install-data-am install-dvi install-dvi-am install-exec \ - install-exec-am install-html install-html-am install-info \ - install-info-am install-ipsecPROGRAMS install-man install-pdf \ - install-pdf-am install-ps install-ps-am install-strip \ - installcheck installcheck-am installdirs maintainer-clean \ - maintainer-clean-generic mostlyclean mostlyclean-compile \ - mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ - tags tags-am uninstall uninstall-am uninstall-ipsecPROGRAMS + html-am info info-am install install-am install-binPROGRAMS \ + install-data install-data-am install-dvi install-dvi-am \ + install-exec install-exec-am install-html install-html-am \ + install-info install-info-am install-man install-man1 \ + install-pdf install-pdf-am install-ps install-ps-am \ + install-strip installcheck installcheck-am installdirs \ + maintainer-clean maintainer-clean-generic mostlyclean \ + mostlyclean-compile mostlyclean-generic mostlyclean-libtool \ + pdf pdf-am ps ps-am tags tags-am uninstall uninstall-am \ + uninstall-binPROGRAMS uninstall-man uninstall-man1 .PRECIOUS: Makefile diff --git a/src/pt-tls-client/pt-tls-client.1.in b/src/pt-tls-client/pt-tls-client.1.in new file mode 100644 index 000000000..d7c9dffe5 --- /dev/null +++ b/src/pt-tls-client/pt-tls-client.1.in @@ -0,0 +1,130 @@ +.TH PT-TLS-CLIENT 1 "2017-07-15" "@PACKAGE_VERSION@" "strongSwan" +. +.SH "NAME" +. +pt-tls-client \- Simple client using PT-TLS to collect integrity information +. +.SH "SYNOPSIS" +. +.SY "pt-tls-client" +.BI \-\-connect +.IR hostname |\fIaddress +.OP \-\-port hex +.RB [ \-\-cert +.IR file ]+ +.RB [ \-\-keyid +.IR hex |\fB\-\-key +.IR file ] +.RB [ \-\-key-type +.BR rsa |\fBecdsa\fR] +.OP \-\-client client-id +.OP \-\-secret password +.OP \-\-mutual +.OP \-\-optionsfrom filename +.OP \-\-quiet +.OP \-\-debug level +.YS +. +.SY "pt-tls-client" +.B \-h +| +.B \-\-help +.YS +. +.SH "DESCRIPTION" +. +.B pt-tls-client +is a simple client using the PT-TLS (RFC 6876) transport protocol to collect +integrity measurements on the client platform. PT-TLS does an initial TLS +handshake with certificate-based server authentication and optional +certificate-based client authentication. Alternatively simple password-based +SASL client authentication protected by TLS can be used. +.P +Attribute requests and integrity measurements are exchanged via the PA-TNC (RFC +5792) message protocol between any number of Integrity Measurement Verifiers +(IMVs) residing on the remote PT-TLS server and multiple Integrity Measurement +Collectors (IMCs) loaded dynamically by the PT-TLS client according to a list +defined by \fI/etc/tnc_config\fR. PA-TNC messages that contain one or several +PA-TNC attributes are multiplexed into PB-TNC (RFC 5793) client or server data +batches which in turn are transported via PT-TLS. +. +.SH "OPTIONS" +. +.TP +.B "\-h, \-\-help" +Prints usage information and a short summary of the available commands. +.TP +.BI "\-c, \-\-connect " hostname\fR|\fIaddress +Set the hostname or IP address of the PT-TLS server. +.TP +.BI "\-p, \-\-port " port +Set the port of the PT-TLS server, default: 271. +.TP +.BI "\-x, \-\-cert " file +Set the path to an X.509 certificate file. This option can be repeated to load +multiple client and CA certificates. +.TP +.BI "\-k, \-\-key " file +Set the path to the client's PKCS#1 or PKCS#8 private key file +.TP +.BI "\-t, \-\-key\-type " type +Define the type of the private key if stored in PKCS#1 format. Can be omitted +with PKCS#8 keys. +.TP +.BI "\-x, \-\-keyid " hex +Set the keyid of the private key stored in a smartcard or a TPM 2.0 Trusted +Platform Module. +.TP +.BI "\-i, \-\-client " client-id +Set the username or client ID of the client required for password-based SASL +authentication. +.TP +.BI "\-s, \-\-secret " password +Set the preshared secret or client password required for password-based SASL +authentication. +.TP +.B "\-q, \-\-mutual +Enable mutual attestation between PT-TLS client and PT-TLS server. +.TP +.BI "\-v, \-\-debug " level +Set debug level, default: 1. +.TP +.B "\-q, \-\-quiet +Disable debug output to stderr. +.TP +.BI "\-+, \-\-optionsfrom " file +Read command line options from \fIfile\fR. +. +.SH "EXAMPLES" +. +Connect to a PT-TLS server using certificate-based authentication, +storing the private ECDSA key in a file: +.PP +.EX + pt-tls-client \-\-connect pdp.example.com \-\-cert ca.crt \\ + \-\-cert client.crt \-\-key client.key \-\-key\-type ecdsa +.EE +.PP +Connect to a PT-TLS server using certificate-based authentication, +storing the private key in a smartcard or a TPM 2.0 Trusted Platform Module: +.PP +.EX + pt-tls-client \-\-connect pdp.example.com \-\-cert ca.crt \\ + \-\-cert client.crt \-\-keyid 0x81010002 +.EE +.PP +Connect to a PT-TLS server listening on port 443, using SASL password-based +authentication: +.PP +.EX + pt-tls-client \-\-connect pdp.example.com --port 443 \-\-cert ca.crt \\ + \-\-client jane \-\-password p2Nl9trKlb +.EE +.SH FILES +.TP +/etc/tnc_config +. +.SH "SEE ALSO" +. +.BR strongswan.conf (5) + diff --git a/src/pt-tls-client/pt-tls-client.c b/src/pt-tls-client/pt-tls-client.c index 6f200c316..d7e78c497 100644 --- a/src/pt-tls-client/pt-tls-client.c +++ b/src/pt-tls-client/pt-tls-client.c @@ -42,9 +42,10 @@ static void usage(FILE *out) { fprintf(out, "Usage: pt-tls --connect [--port ]\n" - " [--cert ]+ [--key ] [--key-type rsa|ecdsa]\n" - " [--client ] [--secret ]\n" - " [--optionsfrom ] [--quiet] [--debug ]\n"); + " [--cert ]+ [--keyid |--key ]\n" + " [--key-type rsa|ecdsa] [--client ]\n" + " [--secret ] [--mutual] [--quiet]\n" + " [--debug ] [--optionsfrom ]\n"); } /** @@ -121,15 +122,26 @@ static bool load_certificate(char *filename) /** * Load private key from file */ -static bool load_key(char *filename, key_type_t type) +static bool load_key(char *keyid, char *filename, key_type_t type) { private_key_t *key; + chunk_t chunk; - key = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, type, - BUILD_FROM_FILE, filename, BUILD_END); + if (keyid) + { + chunk = chunk_from_hex(chunk_create(keyid, strlen(keyid)), NULL); + key = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_ANY, + BUILD_PKCS11_KEYID, chunk, BUILD_END); + chunk_free(&chunk); + } + else + { + key = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, type, + BUILD_FROM_FILE, filename, BUILD_END); + } if (!key) { - DBG1(DBG_TLS, "loading key from '%s' failed", filename); + DBG1(DBG_TLS, "loading key from '%s' failed", keyid ? keyid : filename); return FALSE; } creds->add_key(creds, key); @@ -255,7 +267,8 @@ static void init() int main(int argc, char *argv[]) { - char *address = NULL, *identity = "%any", *secret = NULL, *key_file = NULL; + char *address = NULL, *identity = "%any", *secret = NULL; + char *keyid = NULL, *key_file = NULL; key_type_t key_type = KEY_RSA; int port = PT_TLS_PORT; @@ -270,15 +283,17 @@ int main(int argc, char *argv[]) {"secret", required_argument, NULL, 's' }, {"port", required_argument, NULL, 'p' }, {"cert", required_argument, NULL, 'x' }, + {"keyid", required_argument, NULL, 'K' }, {"key", required_argument, NULL, 'k' }, - {"key-type", required_argument, NULL, 't' }, + {"key-type", required_argument, NULL, 't' }, {"mutual", no_argument, NULL, 'm' }, {"quiet", no_argument, NULL, 'q' }, {"debug", required_argument, NULL, 'd' }, {"optionsfrom", required_argument, NULL, '+' }, {0,0,0,0 } }; - switch (getopt_long(argc, argv, "", long_opts, NULL)) + switch (getopt_long(argc, argv, "hc:i:s:p:x:K:k:t:mqd:+:", long_opts, + NULL)) { case EOF: break; @@ -291,6 +306,9 @@ int main(int argc, char *argv[]) return 1; } continue; + case 'K': /* --keyid */ + keyid = optarg; + continue; case 'k': /* --key */ key_file = optarg; continue; @@ -352,7 +370,7 @@ int main(int argc, char *argv[]) usage(stderr); return 1; } - if (key_file && !load_key(key_file, key_type)) + if ((keyid || key_file) && !load_key(keyid, key_file, key_type)) { return 1; } diff --git a/src/scepclient/Makefile.in b/src/scepclient/Makefile.in index 9b2023f7d..85522ad7b 100644 --- a/src/scepclient/Makefile.in +++ b/src/scepclient/Makefile.in @@ -310,8 +310,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -412,6 +410,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -440,6 +440,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/starter/Makefile.in b/src/starter/Makefile.in index 97a0713c3..2fa22ae97 100644 --- a/src/starter/Makefile.in +++ b/src/starter/Makefile.in @@ -355,8 +355,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -457,6 +455,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -485,6 +485,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/starter/tests/Makefile.in b/src/starter/tests/Makefile.in index 6ce8bdaee..fc5b86397 100644 --- a/src/starter/tests/Makefile.in +++ b/src/starter/tests/Makefile.in @@ -307,8 +307,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -409,6 +407,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -437,6 +437,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/stroke/Makefile.in b/src/stroke/Makefile.in index 6af83d9b7..9d17733ba 100644 --- a/src/stroke/Makefile.in +++ b/src/stroke/Makefile.in @@ -281,8 +281,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -383,6 +381,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -411,6 +411,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/sw-collector/Makefile.am b/src/sw-collector/Makefile.am new file mode 100644 index 000000000..4ed73c925 --- /dev/null +++ b/src/sw-collector/Makefile.am @@ -0,0 +1,32 @@ +sbin_PROGRAMS = sw-collector + +sw_collector_SOURCES = \ + sw-collector.c \ + sw_collector_db.h sw_collector_db.c \ + sw_collector_dpkg.h sw_collector_dpkg.c \ + sw_collector_history.h sw_collector_history.c \ + sw_collector_rest_api.h sw_collector_rest_api.c + +sw-collector.o : $(top_builddir)/config.status + +AM_CPPFLAGS = \ + -I$(top_srcdir)/src/libstrongswan \ + -I$(top_srcdir)/src/libtncif \ + -I$(top_srcdir)/src/libimcv \ + -DPLUGINS=\""random openssl sqlite curl"\" + +AM_CFLAGS = $(json_CFLAGS) + +sw_collector_LDADD = \ + $(top_builddir)/src/libstrongswan/libstrongswan.la \ + $(top_builddir)/src/libimcv/libimcv.la \ + $(json_LIBS) + +templatesdir = $(pkgdatadir)/templates/database/sw-collector +dist_templates_DATA = sw_collector_tables.sql + +man8_MANS = sw-collector.8 + +CLEANFILES = $(man8_MANS) + + diff --git a/src/sw-collector/Makefile.in b/src/sw-collector/Makefile.in new file mode 100644 index 000000000..73016ad72 --- /dev/null +++ b/src/sw-collector/Makefile.in @@ -0,0 +1,894 @@ +# Makefile.in generated by automake 1.15 from Makefile.am. +# @configure_input@ + +# Copyright (C) 1994-2014 Free Software Foundation, Inc. + +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +@SET_MAKE@ + + +VPATH = @srcdir@ +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} +am__make_running_with_option = \ + case $${target_option-} in \ + ?) ;; \ + *) echo "am__make_running_with_option: internal error: invalid" \ + "target option '$${target_option-}' specified" >&2; \ + exit 1;; \ + esac; \ + has_opt=no; \ + sane_makeflags=$$MAKEFLAGS; \ + if $(am__is_gnu_make); then \ + sane_makeflags=$$MFLAGS; \ + else \ + case $$MAKEFLAGS in \ + *\\[\ \ ]*) \ + bs=\\; \ + sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ + | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ + esac; \ + fi; \ + skip_next=no; \ + strip_trailopt () \ + { \ + flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ + }; \ + for flg in $$sane_makeflags; do \ + test $$skip_next = yes && { skip_next=no; continue; }; \ + case $$flg in \ + *=*|--*) continue;; \ + -*I) strip_trailopt 'I'; skip_next=yes;; \ + -*I?*) strip_trailopt 'I';; \ + -*O) strip_trailopt 'O'; skip_next=yes;; \ + -*O?*) strip_trailopt 'O';; \ + -*l) strip_trailopt 'l'; skip_next=yes;; \ + -*l?*) strip_trailopt 'l';; \ + -[dEDm]) skip_next=yes;; \ + -[JT]) skip_next=yes;; \ + esac; \ + case $$flg in \ + *$$target_option*) has_opt=yes; break;; \ + esac; \ + done; \ + test $$has_opt = yes +am__make_dryrun = (target_option=n; $(am__make_running_with_option)) +am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) +pkgdatadir = $(datadir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ +am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +install_sh_DATA = $(install_sh) -c -m 644 +install_sh_PROGRAM = $(install_sh) -c +install_sh_SCRIPT = $(install_sh) -c +INSTALL_HEADER = $(INSTALL_DATA) +transform = $(program_transform_name) +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +build_triplet = @build@ +host_triplet = @host@ +sbin_PROGRAMS = sw-collector$(EXEEXT) +subdir = src/sw-collector +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ + $(top_srcdir)/m4/config/ltoptions.m4 \ + $(top_srcdir)/m4/config/ltsugar.m4 \ + $(top_srcdir)/m4/config/ltversion.m4 \ + $(top_srcdir)/m4/config/lt~obsolete.m4 \ + $(top_srcdir)/m4/macros/split-package-version.m4 \ + $(top_srcdir)/m4/macros/with.m4 \ + $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/m4/macros/add-plugin.m4 \ + $(top_srcdir)/configure.ac +am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ + $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(dist_templates_DATA) \ + $(am__DIST_COMMON) +mkinstalldirs = $(install_sh) -d +CONFIG_HEADER = $(top_builddir)/config.h +CONFIG_CLEAN_FILES = sw-collector.8 +CONFIG_CLEAN_VPATH_FILES = +am__installdirs = "$(DESTDIR)$(sbindir)" "$(DESTDIR)$(man8dir)" \ + "$(DESTDIR)$(templatesdir)" +PROGRAMS = $(sbin_PROGRAMS) +am_sw_collector_OBJECTS = sw-collector.$(OBJEXT) \ + sw_collector_db.$(OBJEXT) sw_collector_dpkg.$(OBJEXT) \ + sw_collector_history.$(OBJEXT) sw_collector_rest_api.$(OBJEXT) +sw_collector_OBJECTS = $(am_sw_collector_OBJECTS) +am__DEPENDENCIES_1 = +sw_collector_DEPENDENCIES = \ + $(top_builddir)/src/libstrongswan/libstrongswan.la \ + $(top_builddir)/src/libimcv/libimcv.la $(am__DEPENDENCIES_1) +AM_V_lt = $(am__v_lt_@AM_V@) +am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) +am__v_lt_0 = --silent +am__v_lt_1 = +AM_V_P = $(am__v_P_@AM_V@) +am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) +am__v_P_0 = false +am__v_P_1 = : +AM_V_GEN = $(am__v_GEN_@AM_V@) +am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) +am__v_GEN_0 = @echo " GEN " $@; +am__v_GEN_1 = +AM_V_at = $(am__v_at_@AM_V@) +am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) +am__v_at_0 = @ +am__v_at_1 = +DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) +depcomp = $(SHELL) $(top_srcdir)/depcomp +am__depfiles_maybe = depfiles +am__mv = mv -f +COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ + $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \ + $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \ + $(AM_CFLAGS) $(CFLAGS) +AM_V_CC = $(am__v_CC_@AM_V@) +am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@) +am__v_CC_0 = @echo " CC " $@; +am__v_CC_1 = +CCLD = $(CC) +LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ + $(AM_LDFLAGS) $(LDFLAGS) -o $@ +AM_V_CCLD = $(am__v_CCLD_@AM_V@) +am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) +am__v_CCLD_0 = @echo " CCLD " $@; +am__v_CCLD_1 = +SOURCES = $(sw_collector_SOURCES) +DIST_SOURCES = $(sw_collector_SOURCES) +am__can_run_installinfo = \ + case $$AM_UPDATE_INFO_DIR in \ + n|no|NO) false;; \ + *) (install-info --version) >/dev/null 2>&1;; \ + esac +am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; +am__vpath_adj = case $$p in \ + $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ + *) f=$$p;; \ + esac; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' +am__uninstall_files_from_dir = { \ + test -z "$$files" \ + || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ + || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ + $(am__cd) "$$dir" && rm -f $$files; }; \ + } +man8dir = $(mandir)/man8 +NROFF = nroff +MANS = $(man8_MANS) +DATA = $(dist_templates_DATA) +am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) +# Read a list of newline-separated strings from the standard input, +# and print each of them once, without duplicates. Input order is +# *not* preserved. +am__uniquify_input = $(AWK) '\ + BEGIN { nonempty = 0; } \ + { items[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in items) print i; }; } \ +' +# Make sure the list of sources is unique. This is necessary because, +# e.g., the same source file might be shared among _SOURCES variables +# for different programs/libraries. +am__define_uniq_tagged_files = \ + list='$(am__tagged_files)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | $(am__uniquify_input)` +ETAGS = etags +CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/sw-collector.8.in \ + $(top_srcdir)/depcomp +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +ACLOCAL = @ACLOCAL@ +ALLOCA = @ALLOCA@ +AMTAR = @AMTAR@ +AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ +AR = @AR@ +ATOMICLIB = @ATOMICLIB@ +AUTOCONF = @AUTOCONF@ +AUTOHEADER = @AUTOHEADER@ +AUTOMAKE = @AUTOMAKE@ +AWK = @AWK@ +BFDLIB = @BFDLIB@ +BTLIB = @BTLIB@ +CC = @CC@ +CCDEPMODE = @CCDEPMODE@ +CFLAGS = @CFLAGS@ +COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ +COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ +CPP = @CPP@ +CPPFLAGS = @CPPFLAGS@ +CYGPATH_W = @CYGPATH_W@ +DEFS = @DEFS@ +DEPDIR = @DEPDIR@ +DLLIB = @DLLIB@ +DLLTOOL = @DLLTOOL@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ +EASY_INSTALL = @EASY_INSTALL@ +ECHO_C = @ECHO_C@ +ECHO_N = @ECHO_N@ +ECHO_T = @ECHO_T@ +EGREP = @EGREP@ +EXEEXT = @EXEEXT@ +FGREP = @FGREP@ +GEM = @GEM@ +GENHTML = @GENHTML@ +GPERF = @GPERF@ +GPRBUILD = @GPRBUILD@ +GREP = @GREP@ +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LCOV = @LCOV@ +LD = @LD@ +LDFLAGS = @LDFLAGS@ +LEX = @LEX@ +LEXLIB = @LEXLIB@ +LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ +LIBOBJS = @LIBOBJS@ +LIBS = @LIBS@ +LIBTOOL = @LIBTOOL@ +LIPO = @LIPO@ +LN_S = @LN_S@ +LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ +MAKEINFO = @MAKEINFO@ +MANIFEST_TOOL = @MANIFEST_TOOL@ +MKDIR_P = @MKDIR_P@ +MYSQLCFLAG = @MYSQLCFLAG@ +MYSQLCONFIG = @MYSQLCONFIG@ +MYSQLLIB = @MYSQLLIB@ +NM = @NM@ +NMEDIT = @NMEDIT@ +OBJDUMP = @OBJDUMP@ +OBJEXT = @OBJEXT@ +OPENSSL_LIB = @OPENSSL_LIB@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ +PACKAGE = @PACKAGE@ +PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ +PACKAGE_NAME = @PACKAGE_NAME@ +PACKAGE_STRING = @PACKAGE_STRING@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ +PACKAGE_VERSION = @PACKAGE_VERSION@ +PACKAGE_VERSION_BUILD = @PACKAGE_VERSION_BUILD@ +PACKAGE_VERSION_MAJOR = @PACKAGE_VERSION_MAJOR@ +PACKAGE_VERSION_MINOR = @PACKAGE_VERSION_MINOR@ +PACKAGE_VERSION_REVIEW = @PACKAGE_VERSION_REVIEW@ +PATH_SEPARATOR = @PATH_SEPARATOR@ +PERL = @PERL@ +PKG_CONFIG = @PKG_CONFIG@ +PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ +PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ +PLUGIN_CFLAGS = @PLUGIN_CFLAGS@ +PTHREADLIB = @PTHREADLIB@ +PYTHON = @PYTHON@ +PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ +PY_TEST = @PY_TEST@ +RANLIB = @RANLIB@ +RTLIB = @RTLIB@ +RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ +SED = @SED@ +SET_MAKE = @SET_MAKE@ +SHELL = @SHELL@ +SOCKLIB = @SOCKLIB@ +STRIP = @STRIP@ +UNWINDLIB = @UNWINDLIB@ +VERSION = @VERSION@ +YACC = @YACC@ +YFLAGS = @YFLAGS@ +abs_builddir = @abs_builddir@ +abs_srcdir = @abs_srcdir@ +abs_top_builddir = @abs_top_builddir@ +abs_top_srcdir = @abs_top_srcdir@ +ac_ct_AR = @ac_ct_AR@ +ac_ct_CC = @ac_ct_CC@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +aikgen_plugins = @aikgen_plugins@ +am__include = @am__include@ +am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ +am__tar = @am__tar@ +am__untar = @am__untar@ +attest_plugins = @attest_plugins@ +bindir = @bindir@ +build = @build@ +build_alias = @build_alias@ +build_cpu = @build_cpu@ +build_os = @build_os@ +build_vendor = @build_vendor@ +builddir = @builddir@ +c_plugins = @c_plugins@ +charon_natt_port = @charon_natt_port@ +charon_plugins = @charon_plugins@ +charon_udp_port = @charon_udp_port@ +clearsilver_LIBS = @clearsilver_LIBS@ +cmd_plugins = @cmd_plugins@ +datadir = @datadir@ +datarootdir = @datarootdir@ +dev_headers = @dev_headers@ +docdir = @docdir@ +dvidir = @dvidir@ +exec_prefix = @exec_prefix@ +fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ +gtk_CFLAGS = @gtk_CFLAGS@ +gtk_LIBS = @gtk_LIBS@ +host = @host@ +host_alias = @host_alias@ +host_cpu = @host_cpu@ +host_os = @host_os@ +host_vendor = @host_vendor@ +htmldir = @htmldir@ +imcvdir = @imcvdir@ +includedir = @includedir@ +infodir = @infodir@ +install_sh = @install_sh@ +ipsec_script = @ipsec_script@ +ipsec_script_upper = @ipsec_script_upper@ +ipsecdir = @ipsecdir@ +ipsecgroup = @ipsecgroup@ +ipseclibdir = @ipseclibdir@ +ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ +libdir = @libdir@ +libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ +libiptc_CFLAGS = @libiptc_CFLAGS@ +libiptc_LIBS = @libiptc_LIBS@ +linux_headers = @linux_headers@ +localedir = @localedir@ +localstatedir = @localstatedir@ +manager_plugins = @manager_plugins@ +mandir = @mandir@ +medsrv_plugins = @medsrv_plugins@ +mkdir_p = @mkdir_p@ +nm_CFLAGS = @nm_CFLAGS@ +nm_LIBS = @nm_LIBS@ +nm_ca_dir = @nm_ca_dir@ +nm_plugins = @nm_plugins@ +oldincludedir = @oldincludedir@ +p_plugins = @p_plugins@ +pcsclite_CFLAGS = @pcsclite_CFLAGS@ +pcsclite_LIBS = @pcsclite_LIBS@ +pdfdir = @pdfdir@ +piddir = @piddir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ +pki_plugins = @pki_plugins@ +plugindir = @plugindir@ +pool_plugins = @pool_plugins@ +prefix = @prefix@ +program_transform_name = @program_transform_name@ +psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ +random_device = @random_device@ +resolv_conf = @resolv_conf@ +routing_table = @routing_table@ +routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ +runstatedir = @runstatedir@ +s_plugins = @s_plugins@ +sbindir = @sbindir@ +scepclient_plugins = @scepclient_plugins@ +scripts_plugins = @scripts_plugins@ +sharedstatedir = @sharedstatedir@ +soup_CFLAGS = @soup_CFLAGS@ +soup_LIBS = @soup_LIBS@ +srcdir = @srcdir@ +starter_plugins = @starter_plugins@ +strongswan_conf = @strongswan_conf@ +strongswan_options = @strongswan_options@ +swanctldir = @swanctldir@ +sysconfdir = @sysconfdir@ +systemd_CFLAGS = @systemd_CFLAGS@ +systemd_LIBS = @systemd_LIBS@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ +systemdsystemunitdir = @systemdsystemunitdir@ +t_plugins = @t_plugins@ +target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ +top_builddir = @top_builddir@ +top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ +urandom_device = @urandom_device@ +xml_CFLAGS = @xml_CFLAGS@ +xml_LIBS = @xml_LIBS@ +sw_collector_SOURCES = \ + sw-collector.c \ + sw_collector_db.h sw_collector_db.c \ + sw_collector_dpkg.h sw_collector_dpkg.c \ + sw_collector_history.h sw_collector_history.c \ + sw_collector_rest_api.h sw_collector_rest_api.c + +AM_CPPFLAGS = \ + -I$(top_srcdir)/src/libstrongswan \ + -I$(top_srcdir)/src/libtncif \ + -I$(top_srcdir)/src/libimcv \ + -DPLUGINS=\""random openssl sqlite curl"\" + +AM_CFLAGS = $(json_CFLAGS) +sw_collector_LDADD = \ + $(top_builddir)/src/libstrongswan/libstrongswan.la \ + $(top_builddir)/src/libimcv/libimcv.la \ + $(json_LIBS) + +templatesdir = $(pkgdatadir)/templates/database/sw-collector +dist_templates_DATA = sw_collector_tables.sql +man8_MANS = sw-collector.8 +CLEANFILES = $(man8_MANS) +all: all-am + +.SUFFIXES: +.SUFFIXES: .c .lo .o .obj +$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ + *$$dep*) \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ + exit 1;; \ + esac; \ + done; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/sw-collector/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu src/sw-collector/Makefile +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + @case '$?' in \ + *config.status*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ + *) \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ + esac; + +$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + +$(top_srcdir)/configure: $(am__configure_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(ACLOCAL_M4): $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): +sw-collector.8: $(top_builddir)/config.status $(srcdir)/sw-collector.8.in + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ +install-sbinPROGRAMS: $(sbin_PROGRAMS) + @$(NORMAL_INSTALL) + @list='$(sbin_PROGRAMS)'; test -n "$(sbindir)" || list=; \ + if test -n "$$list"; then \ + echo " $(MKDIR_P) '$(DESTDIR)$(sbindir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(sbindir)" || exit 1; \ + fi; \ + for p in $$list; do echo "$$p $$p"; done | \ + sed 's/$(EXEEXT)$$//' | \ + while read p p1; do if test -f $$p \ + || test -f $$p1 \ + ; then echo "$$p"; echo "$$p"; else :; fi; \ + done | \ + sed -e 'p;s,.*/,,;n;h' \ + -e 's|.*|.|' \ + -e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \ + sed 'N;N;N;s,\n, ,g' | \ + $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \ + { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \ + if ($$2 == $$4) files[d] = files[d] " " $$1; \ + else { print "f", $$3 "/" $$4, $$1; } } \ + END { for (d in files) print "f", d, files[d] }' | \ + while read type dir files; do \ + if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \ + test -z "$$files" || { \ + echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files '$(DESTDIR)$(sbindir)$$dir'"; \ + $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files "$(DESTDIR)$(sbindir)$$dir" || exit $$?; \ + } \ + ; done + +uninstall-sbinPROGRAMS: + @$(NORMAL_UNINSTALL) + @list='$(sbin_PROGRAMS)'; test -n "$(sbindir)" || list=; \ + files=`for p in $$list; do echo "$$p"; done | \ + sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \ + -e 's/$$/$(EXEEXT)/' \ + `; \ + test -n "$$list" || exit 0; \ + echo " ( cd '$(DESTDIR)$(sbindir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(sbindir)" && rm -f $$files + +clean-sbinPROGRAMS: + @list='$(sbin_PROGRAMS)'; test -n "$$list" || exit 0; \ + echo " rm -f" $$list; \ + rm -f $$list || exit $$?; \ + test -n "$(EXEEXT)" || exit 0; \ + list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ + echo " rm -f" $$list; \ + rm -f $$list + +sw-collector$(EXEEXT): $(sw_collector_OBJECTS) $(sw_collector_DEPENDENCIES) $(EXTRA_sw_collector_DEPENDENCIES) + @rm -f sw-collector$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(sw_collector_OBJECTS) $(sw_collector_LDADD) $(LIBS) + +mostlyclean-compile: + -rm -f *.$(OBJEXT) + +distclean-compile: + -rm -f *.tab.c + +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sw-collector.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sw_collector_db.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sw_collector_dpkg.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sw_collector_history.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sw_collector_rest_api.Po@am__quote@ + +.c.o: +@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.o$$||'`;\ +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\ +@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $< + +.c.obj: +@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.obj$$||'`;\ +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ `$(CYGPATH_W) '$<'` &&\ +@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'` + +.c.lo: +@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.lo$$||'`;\ +@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\ +@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $< + +mostlyclean-libtool: + -rm -f *.lo + +clean-libtool: + -rm -rf .libs _libs +install-man8: $(man8_MANS) + @$(NORMAL_INSTALL) + @list1='$(man8_MANS)'; \ + list2=''; \ + test -n "$(man8dir)" \ + && test -n "`echo $$list1$$list2`" \ + || exit 0; \ + echo " $(MKDIR_P) '$(DESTDIR)$(man8dir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(man8dir)" || exit 1; \ + { for i in $$list1; do echo "$$i"; done; \ + if test -n "$$list2"; then \ + for i in $$list2; do echo "$$i"; done \ + | sed -n '/\.8[a-z]*$$/p'; \ + fi; \ + } | while read p; do \ + if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; echo "$$p"; \ + done | \ + sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \ + sed 'N;N;s,\n, ,g' | { \ + list=; while read file base inst; do \ + if test "$$base" = "$$inst"; then list="$$list $$file"; else \ + echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \ + $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst" || exit $$?; \ + fi; \ + done; \ + for i in $$list; do echo "$$i"; done | $(am__base_list) | \ + while read files; do \ + test -z "$$files" || { \ + echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man8dir)'"; \ + $(INSTALL_DATA) $$files "$(DESTDIR)$(man8dir)" || exit $$?; }; \ + done; } + +uninstall-man8: + @$(NORMAL_UNINSTALL) + @list='$(man8_MANS)'; test -n "$(man8dir)" || exit 0; \ + files=`{ for i in $$list; do echo "$$i"; done; \ + } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ + dir='$(DESTDIR)$(man8dir)'; $(am__uninstall_files_from_dir) +install-dist_templatesDATA: $(dist_templates_DATA) + @$(NORMAL_INSTALL) + @list='$(dist_templates_DATA)'; test -n "$(templatesdir)" || list=; \ + if test -n "$$list"; then \ + echo " $(MKDIR_P) '$(DESTDIR)$(templatesdir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(templatesdir)" || exit 1; \ + fi; \ + for p in $$list; do \ + if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; \ + done | $(am__base_list) | \ + while read files; do \ + echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(templatesdir)'"; \ + $(INSTALL_DATA) $$files "$(DESTDIR)$(templatesdir)" || exit $$?; \ + done + +uninstall-dist_templatesDATA: + @$(NORMAL_UNINSTALL) + @list='$(dist_templates_DATA)'; test -n "$(templatesdir)" || list=; \ + files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ + dir='$(DESTDIR)$(templatesdir)'; $(am__uninstall_files_from_dir) + +ID: $(am__tagged_files) + $(am__define_uniq_tagged_files); mkid -fID $$unique +tags: tags-am +TAGS: tags + +tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) + set x; \ + here=`pwd`; \ + $(am__define_uniq_tagged_files); \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ + test -n "$$unique" || unique=$$empty_fix; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ + fi +ctags: ctags-am + +CTAGS: ctags +ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) + $(am__define_uniq_tagged_files); \ + test -z "$(CTAGS_ARGS)$$unique" \ + || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ + $$unique + +GTAGS: + here=`$(am__cd) $(top_builddir) && pwd` \ + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" +cscopelist: cscopelist-am + +cscopelist-am: $(am__tagged_files) + list='$(am__tagged_files)'; \ + case "$(srcdir)" in \ + [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \ + *) sdir=$(subdir)/$(srcdir) ;; \ + esac; \ + for i in $$list; do \ + if test -f "$$i"; then \ + echo "$(subdir)/$$i"; \ + else \ + echo "$$sdir/$$i"; \ + fi; \ + done >> $(top_builddir)/cscope.files + +distclean-tags: + -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags + +distdir: $(DISTFILES) + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ + dist_files=`for file in $$list; do echo $$file; done | \ + sed -e "s|^$$srcdirstrip/||;t" \ + -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ + case $$dist_files in \ + */*) $(MKDIR_P) `echo "$$dist_files" | \ + sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ + sort -u` ;; \ + esac; \ + for file in $$dist_files; do \ + if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + if test -d $$d/$$file; then \ + dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ + else \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ + || exit 1; \ + fi; \ + done +check-am: all-am +check: check-am +all-am: Makefile $(PROGRAMS) $(MANS) $(DATA) +installdirs: + for dir in "$(DESTDIR)$(sbindir)" "$(DESTDIR)$(man8dir)" "$(DESTDIR)$(templatesdir)"; do \ + test -z "$$dir" || $(MKDIR_P) "$$dir"; \ + done +install: install-am +install-exec: install-exec-am +install-data: install-data-am +uninstall: uninstall-am + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am + +installcheck: installcheck-am +install-strip: + if test -z '$(STRIP)'; then \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + install; \ + else \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ + fi +mostlyclean-generic: + +clean-generic: + -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) + +distclean-generic: + -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + +maintainer-clean-generic: + @echo "This command is intended for maintainers to use" + @echo "it deletes files that may require special tools to rebuild." +clean: clean-am + +clean-am: clean-generic clean-libtool clean-sbinPROGRAMS \ + mostlyclean-am + +distclean: distclean-am + -rm -rf ./$(DEPDIR) + -rm -f Makefile +distclean-am: clean-am distclean-compile distclean-generic \ + distclean-tags + +dvi: dvi-am + +dvi-am: + +html: html-am + +html-am: + +info: info-am + +info-am: + +install-data-am: install-dist_templatesDATA install-man + +install-dvi: install-dvi-am + +install-dvi-am: + +install-exec-am: install-sbinPROGRAMS + +install-html: install-html-am + +install-html-am: + +install-info: install-info-am + +install-info-am: + +install-man: install-man8 + +install-pdf: install-pdf-am + +install-pdf-am: + +install-ps: install-ps-am + +install-ps-am: + +installcheck-am: + +maintainer-clean: maintainer-clean-am + -rm -rf ./$(DEPDIR) + -rm -f Makefile +maintainer-clean-am: distclean-am maintainer-clean-generic + +mostlyclean: mostlyclean-am + +mostlyclean-am: mostlyclean-compile mostlyclean-generic \ + mostlyclean-libtool + +pdf: pdf-am + +pdf-am: + +ps: ps-am + +ps-am: + +uninstall-am: uninstall-dist_templatesDATA uninstall-man \ + uninstall-sbinPROGRAMS + +uninstall-man: uninstall-man8 + +.MAKE: install-am install-strip + +.PHONY: CTAGS GTAGS TAGS all all-am check check-am clean clean-generic \ + clean-libtool clean-sbinPROGRAMS cscopelist-am ctags ctags-am \ + distclean distclean-compile distclean-generic \ + distclean-libtool distclean-tags distdir dvi dvi-am html \ + html-am info info-am install install-am install-data \ + install-data-am install-dist_templatesDATA install-dvi \ + install-dvi-am install-exec install-exec-am install-html \ + install-html-am install-info install-info-am install-man \ + install-man8 install-pdf install-pdf-am install-ps \ + install-ps-am install-sbinPROGRAMS install-strip installcheck \ + installcheck-am installdirs maintainer-clean \ + maintainer-clean-generic mostlyclean mostlyclean-compile \ + mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ + tags tags-am uninstall uninstall-am \ + uninstall-dist_templatesDATA uninstall-man uninstall-man8 \ + uninstall-sbinPROGRAMS + +.PRECIOUS: Makefile + + +sw-collector.o : $(top_builddir)/config.status + +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff --git a/src/sw-collector/sw-collector.8.in b/src/sw-collector/sw-collector.8.in new file mode 100644 index 000000000..8560ba095 --- /dev/null +++ b/src/sw-collector/sw-collector.8.in @@ -0,0 +1,124 @@ +.TH SW-COLLECTOR 1 "2017-07-15" "@PACKAGE_VERSION@" "strongSwan" +. +.SH "NAME" +. +sw-collector \- Extracts software installation events from dpkg history log +. +.SH "SYNOPSIS" +. +.SY "sw-collector" +.OP \-\-debug level +.OP \-\-quiet +.OP \-\-count event-count +.YS +. +.SY "sw-collector" +.OP \-\-debug level +.OP \-\-quiet +.OP \-\-installed\fR|\fB\--removed +.BR \-\-list |\fB\-\-unregistered +.YS +. +.SY "sw-collector" +.OP \-\-debug level +.OP \-\-quiet +.OP \-\-installed\fR|\fB\--removed +.OP \-\-full +.BR \-\-generate +.YS +. +.SY "sw-collector" +.OP \-\-debug level +.OP \-\-quiet +.BR \-\-migrate +.YS +. +.SY "sw-collector" +.B \-h +| +.B \-\-help +.YS +. +.SH "DESCRIPTION" +. +.B sw-collector +extracts information about software package installation, update or removal +events from the apt history log and stores the software events in an SQLite +database. The retrieved history information is then merged and made consistent +with the actual list of installed software packages obtained with dpkg-query. +. +.SH "OPTIONS" +. +.TP +.B "\-h, \-\-help" +Prints usage information and a short summary of the available commands. +.TP +.BI "\-v, \-\-debug " level +Set debug level, default: 2. +.TP +.B "\-q, \-\-quiet +Disable debug output to stderr. +.TP +.B "\-i, \-\-installed +Apply command to installed software packages, only. +.TP +.B "\-r, \-\-removed +Apply command to removed software packages, only. +.TP +.B "\-f, \-\-full +Generate ISO 19770-2:2015 SWID tags with full file information (possible for +installed software packages, only). +.TP +.B "\-l, \-\-list +Lists all software packages stored in the collector database showing their +installation status. +.TP +.B "\-u, \-\-unregistered +Lists all software packages residing in the local collector database but for +which no SWID tags exist yet in a central collector database reachable via a +REST interface. +.TP +.B "\-g, \-\-generate +Generates ISO 19770-2:2015 SWID tags for all software packages residing in the +local collector database but for which no SWID tags exist in a central collector +database reachable via a REST interface. +.TP +.B "\-m, \-\-migrate +Can be used to migrate collector database versions. Currently all architecture +suffixes are removed from dpkg package names. +. +.SH "CONFIGURATION" +. +The following parameters can be configured in strongswan.conf: +.P + sw-collector { + database = sqlite:///etc/pts/collector.db + history = /var/log/apt/history.log + first_time = 2016-04-22T20:55:14Z + rest_api { + uri = https://admin-user:ietf99hackathon@tnc.strongswan.org/api/ + timeout = 120 + } + } +.P +The parameters of the swid_generator used with the \-\-generate command can +be changed in the libimcv section of strongswan.conf: +.P + libimcv { + swid_gen { + command = /usr/local/bin/swid_generator + tag_creator { + name = strongSwan Project + regid = strongswan.org + } + } + } +. +.SH "FILES" +. +@PKGDATADIR@/templates/database/sw-collector/sw_collector_tables.sql +. +.SH "SEE ALSO" +. +.BR strongswan.conf (5) + diff --git a/src/sw-collector/sw-collector.c b/src/sw-collector/sw-collector.c new file mode 100644 index 000000000..e673dd657 --- /dev/null +++ b/src/sw-collector/sw-collector.c @@ -0,0 +1,652 @@ +/* + * Copyright (C) 2017 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#define _GNU_SOURCE +#include +#include +#include +#include +#include +#ifdef HAVE_SYSLOG +# include +#endif + +#include "sw_collector_db.h" +#include "sw_collector_history.h" +#include "sw_collector_rest_api.h" +#include "sw_collector_dpkg.h" +# +#include +#include +#include + +#include + +/** + * global debug output variables + */ +static int debug_level = 2; +static bool stderr_quiet = FALSE; +static int count = 0; + +typedef enum collector_op_t collector_op_t; + +enum collector_op_t { + COLLECTOR_OP_EXTRACT, + COLLECTOR_OP_LIST, + COLLECTOR_OP_UNREGISTERED, + COLLECTOR_OP_GENERATE, + COLLECTOR_OP_MIGRATE +}; + +/** + * sw_collector dbg function + */ +static void sw_collector_dbg(debug_t group, level_t level, char *fmt, ...) +{ + va_list args; + + if (level <= debug_level) + { + if (!stderr_quiet) + { + va_start(args, fmt); + vfprintf(stderr, fmt, args); + fprintf(stderr, "\n"); + va_end(args); + } + +#ifdef HAVE_SYSLOG + { + int priority = LOG_INFO; + char buffer[8192]; + char *current = buffer, *next; + + /* write in memory buffer first */ + va_start(args, fmt); + vsnprintf(buffer, sizeof(buffer), fmt, args); + va_end(args); + + /* do a syslog with every line */ + while (current) + { + next = strchr(current, '\n'); + if (next) + { + *(next++) = '\0'; + } + syslog(priority, "%s\n", current); + current = next; + } + } +#endif /* HAVE_SYSLOG */ + } +} + +/** + * atexit handler + */ +static void cleanup(void) +{ + library_deinit(); +#ifdef HAVE_SYSLOG + closelog(); +#endif +} + +/** + * Display usage of sw-collector command + */ +static void usage(void) +{ + printf("\ +Usage:\n\ + sw-collector --help\n\ + sw-collector [--debug ] [--quiet] [--count ]\n\ + sw-collector [--debug ] [--quiet] [--installed|--removed] \ +--list|-unregistered\n\ + sw-collector [--debug ] [--quiet] [--installed|--removed] \ +[--full] --generate\n\ + sw-collector [--debug ] [--quiet] --migrate\n"); +} + +/** + * Parse command line options + */ +static collector_op_t do_args(int argc, char *argv[], bool *full_tags, + sw_collector_db_query_t *query_type) +{ + collector_op_t op = COLLECTOR_OP_EXTRACT; + bool installed = FALSE, removed = FALSE, full = FALSE; + + /* reinit getopt state */ + optind = 0; + + while (TRUE) + { + int c; + + struct option long_opts[] = { + { "help", no_argument, NULL, 'h' }, + { "count", required_argument, NULL, 'c' }, + { "debug", required_argument, NULL, 'd' }, + { "full", no_argument, NULL, 'f' }, + { "generate", no_argument, NULL, 'g' }, + { "installed", no_argument, NULL, 'i' }, + { "list", no_argument, NULL, 'l' }, + { "migrate", no_argument, NULL, 'm' }, + { "quiet", no_argument, NULL, 'q' }, + { "removed", no_argument, NULL, 'r' }, + { "unregistered", no_argument, NULL, 'u' }, + { 0,0,0,0 } + }; + + c = getopt_long(argc, argv, "hc:d:fgilmqru", long_opts, NULL); + switch (c) + { + case EOF: + break; + case 'h': + usage(); + exit(SUCCESS); + break; + case 'c': + count = atoi(optarg); + continue; + case 'd': + debug_level = atoi(optarg); + continue; + case 'f': + full = TRUE; + continue; + case 'g': + op = COLLECTOR_OP_GENERATE; + continue; + case 'i': + installed = TRUE; + continue; + case 'l': + op = COLLECTOR_OP_LIST; + continue; + case 'm': + op = COLLECTOR_OP_MIGRATE; + continue; + case 'q': + stderr_quiet = TRUE; + continue; + case 'r': + removed = TRUE; + continue; + case 'u': + op = COLLECTOR_OP_UNREGISTERED; + continue; + default: + usage(); + exit(EXIT_FAILURE); + } + break; + } + + if ((!installed && !removed) || (installed && removed)) + { + *query_type = SW_QUERY_ALL; + } + else if (installed) + { + *query_type = SW_QUERY_INSTALLED; + } + else + { + *query_type = SW_QUERY_REMOVED; + } + *full_tags = full; + + return op; +} + +/** + * Extract software events from apt history log files + */ +static int extract_history(sw_collector_db_t *db) +{ + sw_collector_history_t *history = NULL; + uint32_t epoch, last_eid, eid = 0; + char *history_path, *last_time = NULL, rfc_time[21]; + chunk_t *h, history_chunk, line, cmd; + int status = EXIT_FAILURE; + bool skip = TRUE; + + /* open history file for reading */ + history_path = lib->settings->get_str(lib->settings, "%s.history", NULL, + lib->ns); + if (!history_path) + { + fprintf(stderr, "sw-collector.history path not set.\n"); + return EXIT_FAILURE; + } + h = chunk_map(history_path, FALSE); + if (!h) + { + fprintf(stderr, "opening '%s' failed: %s", history_path, + strerror(errno)); + return EXIT_FAILURE; + } + history_chunk = *h; + + /* Instantiate history extractor */ + history = sw_collector_history_create(db, 1); + if (!history) + { + return EXIT_FAILURE; + } + + /* retrieve last event in database */ + if (!db->get_last_event(db, &last_eid, &epoch, &last_time) || !last_eid) + { + goto end; + } + DBG0(DBG_IMC, "Last-Event: %s, eid = %u, epoch = %u", + last_time, last_eid, epoch); + + /* parse history file */ + while (fetchline(&history_chunk, &line)) + { + if (line.len == 0) + { + continue; + } + if (!extract_token(&cmd, ':', &line)) + { + fprintf(stderr, "terminator symbol ':' not found.\n"); + goto end; + } + if (match("Start-Date", &cmd)) + { + if (!history->extract_timestamp(history, line, rfc_time)) + { + goto end; + } + + /* have we reached new history entries? */ + if (skip && strcmp(rfc_time, last_time) > 0) + { + skip = FALSE; + } + if (skip) + { + continue; + } + + /* insert new event into database */ + eid = db->add_event(db, rfc_time); + if (!eid) + { + goto end; + } + DBG1(DBG_IMC, "Start-Date: %s, eid = %u, epoch = %u", + rfc_time, eid, epoch); + } + else if (skip) + { + /* skip old history entries which have already been processed */ + continue; + } + else if (match("Install", &cmd)) + { + DBG1(DBG_IMC, " Install:"); + if (!history->extract_packages(history, line, eid, SW_OP_INSTALL)) + { + goto end; + } + } + else if (match("Upgrade", &cmd)) + { + DBG1(DBG_IMC, " Upgrade:"); + if (!history->extract_packages(history, line, eid, SW_OP_UPGRADE)) + { + goto end; + } + } + else if (match("Remove", &cmd)) + { + DBG1(DBG_IMC, " Remove:"); + if (!history->extract_packages(history, line, eid, SW_OP_REMOVE)) + { + goto end; + } + } + else if (match("Purge", &cmd)) + { + DBG1(DBG_IMC, " Purge:"); + if (!history->extract_packages(history, line, eid, SW_OP_REMOVE)) + { + goto end; + } + } + else if (match("End-Date", &cmd)) + { + /* Process 'count' events at a time */ + if (count > 0 && eid - last_eid == count) + { + fprintf(stderr, "added %d events\n", count); + goto end; + } + } + } + + if (history->merge_installed_packages(history)) + { + status = EXIT_SUCCESS; + } + +end: + free(last_time); + history->destroy(history); + chunk_unmap(h); + + return status; +} + +/** + * List all endpoint software identifiers stored in local collector database + */ +static int list_identifiers(sw_collector_db_t *db, sw_collector_db_query_t type) +{ + enumerator_t *e; + char *name, *package, *version; + uint32_t sw_id, count = 0, installed_count = 0, removed_count, installed; + + e = db->create_sw_enumerator(db, type, NULL); + if (!e) + { + return EXIT_FAILURE; + } + while (e->enumerate(e, &sw_id, &name, &package, &version, &installed)) + { + printf("%s,%s,%s,%d\n", name, package, version, installed); + if (installed) + { + installed_count++; + } + count++; + } + removed_count = count - installed_count; + e->destroy(e); + + switch (type) + { + case SW_QUERY_ALL: + DBG1(DBG_IMC, "retrieved %u software identities with %u installed " + "and %u removed", count, installed_count, removed_count); + break; + case SW_QUERY_INSTALLED: + DBG1(DBG_IMC, "retrieved %u installed software identities", count); + break; + case SW_QUERY_REMOVED: + DBG1(DBG_IMC, "retrieved %u removed software identities", count); + break; + } + + return EXIT_SUCCESS; +} + +static bool query_registry(sw_collector_rest_api_t *rest_api, bool installed) +{ + sw_collector_db_query_t type; + enumerator_t *enumerator; + char *sw_id; + int count = 0; + + type = installed ? SW_QUERY_INSTALLED : SW_QUERY_REMOVED; + enumerator = rest_api->create_sw_enumerator(rest_api, type); + if (!enumerator) + { + return FALSE; + } + while (enumerator->enumerate(enumerator, &sw_id)) + { + printf("%s,%s\n", sw_id, installed ? "1" : "0"); + count++; + } + enumerator->destroy(enumerator); + DBG1(DBG_IMC, "%d %s software identifiers not registered", count, + installed ? "installed" : "removed"); + return TRUE; +} + + +/** + * List all endpoint software identifiers stored in local collector database + * that are not registered yet in central collelector database + */ +static int unregistered_identifiers(sw_collector_db_t *db, + sw_collector_db_query_t type) +{ + sw_collector_rest_api_t *rest_api; + int status = EXIT_SUCCESS; + + rest_api = sw_collector_rest_api_create(db); + if (!rest_api) + { + return EXIT_FAILURE; + } + + /* List installed software identifiers not registered centrally */ + if (type != SW_QUERY_REMOVED && !query_registry(rest_api, TRUE)) + { + status = EXIT_FAILURE; + } + + /* List removed software identifiers not registered centrally */ + if (type != SW_QUERY_INSTALLED && !query_registry(rest_api, FALSE)) + { + status = EXIT_FAILURE; + } + rest_api->destroy(rest_api); + + return status; +} + +/** + * Generate ISO 19770-2:2015 SWID tags for [installed|removed|all] + * SW identifiers that are not registered centrally + */ +static int generate_tags(sw_collector_db_t *db, bool full_tags, + sw_collector_db_query_t type) +{ + swid_gen_t * swid_gen; + sw_collector_rest_api_t *rest_api; + char *name, *package, *version, *tag; + enumerator_t *enumerator; + uint32_t sw_id; + bool installed; + int count = 0, installed_count = 0, status = EXIT_FAILURE; + + swid_gen = swid_gen_create(); + rest_api = sw_collector_rest_api_create(db); + if (!rest_api) + { + goto end; + } + + enumerator = rest_api->create_sw_enumerator(rest_api, type); + if (!enumerator) + { + goto end; + } + while (enumerator->enumerate(enumerator, &name)) + { + sw_id = db->get_sw_id(db, name, &package, &version, NULL, &installed); + if (sw_id) + { + tag = swid_gen->generate_tag(swid_gen, name, package, version, + full_tags && installed, FALSE); + if (tag) + { + DBG2(DBG_IMC, " creating %s", name); + printf("%s\n", tag); + free(tag); + count++; + if (installed) + { + installed_count++; + } + } + free(package); + free(version); + } + } + enumerator->destroy(enumerator); + status = EXIT_SUCCESS; + + switch (type) + { + case SW_QUERY_ALL: + DBG1(DBG_IMC, "created %d tags for unregistered software " + "identifiers with %d installed and %d removed", count, + installed_count, count - installed_count); + break; + case SW_QUERY_INSTALLED: + DBG1(DBG_IMC, "created %d tags for unregistered installed software " + "identifiers", count); + break; + case SW_QUERY_REMOVED: + DBG1(DBG_IMC, "created %d tags for unregistered removed software " + "identifiers", count); + break; + } + +end: + swid_gen->destroy(swid_gen); + DESTROY_IF(rest_api); + + return status; +} + +/** + * Append missing architecture suffix to package entries in the database + */ +static int migrate(sw_collector_db_t *db) +{ + sw_collector_dpkg_t *dpkg; + + char *package, *arch, *version; + char package_filter[BUF_LEN]; + int res, count = 0; + int status = EXIT_SUCCESS; + enumerator_t *enumerator; + + dpkg = sw_collector_dpkg_create(); + if (!dpkg) + { + return FAILED; + } + + enumerator = dpkg->create_sw_enumerator(dpkg); + while (enumerator->enumerate(enumerator, &package, &arch, &version)) + { + + /* Look for package names with architecture suffix */ + snprintf(package_filter, BUF_LEN, "%s:%%", package); + + res = db->update_package(db, package_filter, package); + if (res < 0) + { + status = EXIT_FAILURE; + break; + } + else if (res > 0) + { + count += res; + DBG2(DBG_IMC, "%s: removed arch suffix %d times", package, res); + } + } + enumerator->destroy(enumerator); + dpkg->destroy(dpkg); + + DBG1(DBG_IMC, "migrated %d sw identifier records", count); + + return status; +} + + +int main(int argc, char *argv[]) +{ + sw_collector_db_t *db = NULL; + sw_collector_db_query_t query_type; + collector_op_t op; + bool full_tags; + char *uri; + int status = EXIT_FAILURE; + + op = do_args(argc, argv, &full_tags, &query_type); + + /* enable sw_collector debugging hook */ + dbg = sw_collector_dbg; +#ifdef HAVE_SYSLOG + openlog("sw-collector", 0, LOG_DEBUG); +#endif + + atexit(cleanup); + + /* initialize library */ + if (!library_init(NULL, "sw-collector")) + { + exit(SS_RC_LIBSTRONGSWAN_INTEGRITY); + } + + /* load sw-collector plugins */ + if (!lib->plugins->load(lib->plugins, + lib->settings->get_str(lib->settings, "%s.load", PLUGINS, lib->ns))) + { + exit(SS_RC_INITIALIZATION_FAILED); + } + + /* connect to sw-collector database */ + uri = lib->settings->get_str(lib->settings, "%s.database", NULL, lib->ns); + if (!uri) + { + fprintf(stderr, "sw-collector.database URI not set.\n"); + exit(EXIT_FAILURE); + } + db = sw_collector_db_create(uri); + if (!db) + { + fprintf(stderr, "connection to sw-collector database failed.\n"); + exit(EXIT_FAILURE); + } + + switch (op) + { + case COLLECTOR_OP_EXTRACT: + status = extract_history(db); + break; + case COLLECTOR_OP_LIST: + status = list_identifiers(db, query_type); + break; + case COLLECTOR_OP_UNREGISTERED: + status = unregistered_identifiers(db, query_type); + break; + case COLLECTOR_OP_GENERATE: + status = generate_tags(db, full_tags, query_type); + break; + case COLLECTOR_OP_MIGRATE: + status = migrate(db); + break; + } + db->destroy(db); + + exit(status); +} diff --git a/src/sw-collector/sw_collector_db.c b/src/sw-collector/sw_collector_db.c new file mode 100644 index 000000000..554c3d624 --- /dev/null +++ b/src/sw-collector/sw_collector_db.c @@ -0,0 +1,427 @@ +/* + * Copyright (C) 2017 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#define _GNU_SOURCE +#include +#include +#include +#include + +#include "sw_collector_db.h" + +#include "swima/swima_event.h" + +typedef struct private_sw_collector_db_t private_sw_collector_db_t; + +/** + * Private data of an sw_collector_db_t object. + */ +struct private_sw_collector_db_t { + + /** + * Public members of sw_collector_db_state_t + */ + sw_collector_db_t public; + + /** + * Epoch + */ + uint32_t epoch; + + /** + * Event ID of last event stored in database + */ + uint32_t last_eid; + + /** + * Software collector database + */ + database_t *db; + +}; + +METHOD(sw_collector_db_t, add_event, uint32_t, + private_sw_collector_db_t *this, char *timestamp) +{ + uint32_t eid = 0; + + if (this->db->execute(this->db, &eid, + "INSERT INTO events (epoch, timestamp) VALUES (?, ?)", + DB_UINT, this->epoch, DB_TEXT, timestamp) != 1) + { + DBG1(DBG_IMC, "unable to insert event into database"); + return 0; + } + + return eid; +} + +METHOD(sw_collector_db_t, get_last_event, bool, + private_sw_collector_db_t *this, uint32_t *eid, uint32_t *epoch, + char **last_time) +{ + char *timestamp; + enumerator_t *e; + + e = this->db->query(this->db, + "SELECT id, epoch, timestamp FROM events ORDER BY timestamp DESC", + DB_UINT, DB_UINT, DB_TEXT); + if (!e) + { + DBG1(DBG_IMC, "database query for event failed"); + return FALSE; + } + if (e->enumerate(e, eid, epoch, ×tamp)) + { + if (last_time) + { + *last_time = strdup(timestamp); + } + } + else + { + *eid = 0; + } + e->destroy(e); + + return TRUE; +} + +METHOD(sw_collector_db_t, add_sw_event, bool, + private_sw_collector_db_t *this, uint32_t eid, uint32_t sw_id, + uint8_t action) +{ + if (this->db->execute(this->db, NULL, + "INSERT INTO sw_events (eid, sw_id, action) VALUES (?, ?, ?)", + DB_UINT, eid, DB_UINT, sw_id, DB_UINT, action) != 1) + { + DBG1(DBG_IMC, "unable to insert sw_event into database"); + return FALSE; + } + + return TRUE; +} + +METHOD(sw_collector_db_t, set_sw_id, uint32_t, + private_sw_collector_db_t *this, char *name, char *package, char *version, + uint8_t source, bool installed) +{ + uint32_t sw_id; + + if (this->db->execute(this->db, &sw_id, + "INSERT INTO sw_identifiers " + "(name, package, version, source, installed) VALUES (?, ?, ?, ?, ?)", + DB_TEXT, name, DB_TEXT, package, DB_TEXT, version, DB_UINT, source, + DB_UINT, installed) != 1) + { + DBG1(DBG_IMC, "unable to insert sw_id into database"); + return 0; + } + + return sw_id; +} + +METHOD(sw_collector_db_t, get_sw_id, uint32_t, + private_sw_collector_db_t *this, char *name, char **package, char **version, + uint8_t *source, bool *installed) +{ + char *sw_package, *sw_version; + uint32_t sw_id = 0, sw_source, sw_installed; + enumerator_t *e; + + /* Does software identifier already exist in database? */ + e = this->db->query(this->db, + "SELECT id, package, version, source, installed " + "FROM sw_identifiers WHERE name = ?", + DB_TEXT, name, DB_UINT, DB_TEXT, DB_TEXT, DB_UINT, DB_UINT); + if (!e) + { + DBG1(DBG_IMC, "database query for sw_identifier failed"); + return 0; + } + if (e->enumerate(e, &sw_id, &sw_package, &sw_version, &sw_source, + &sw_installed)) + { + if (package) + { + *package = strdup(sw_package); + } + if (version) + { + *version = strdup(sw_version); + } + if (source) + { + *source = sw_source; + } + if (installed) + { + *installed = sw_installed; + } + } + e->destroy(e); + + return sw_id; +} + +METHOD(sw_collector_db_t, get_sw_id_count, uint32_t, + private_sw_collector_db_t *this, sw_collector_db_query_t type) +{ + uint32_t count, installed; + enumerator_t *e; + + if (type == SW_QUERY_ALL) + { + e = this->db->query(this->db, + "SELECT COUNT(installed) FROM sw_identifiers", DB_UINT); + } + else + { + installed = (type == SW_QUERY_INSTALLED); + e = this->db->query(this->db, + "SELECT COUNT(installed) FROM sw_identifiers WHERE installed = ?", + DB_UINT, installed, DB_UINT); + } + + if (!e) + { + DBG1(DBG_IMC, "database query for sw_identifier count failed"); + return 0; + } + if (!e->enumerate(e, &count)) + { + count = 0; + } + e->destroy(e); + + return count; +} + +METHOD(sw_collector_db_t, update_sw_id, bool, + private_sw_collector_db_t *this, uint32_t sw_id, char *name, char *version, + bool installed) +{ + int res; + + if (name && version) + { + res = this->db->execute(this->db, NULL, + "UPDATE sw_identifiers SET name = ?, version = ?, installed = ? " + "WHERE id = ?", DB_TEXT, name, DB_TEXT, version, DB_UINT, installed, + DB_UINT, sw_id); + } + else + { + res = this->db->execute(this->db, NULL, + "UPDATE sw_identifiers SET installed = ? WHERE id = ?", + DB_UINT, installed, DB_UINT, sw_id); + } + if (res != 1) + { + DBG1(DBG_IMC, "unable to update software identifier in database"); + return FALSE; + } + return TRUE; +} + +METHOD(sw_collector_db_t, update_package, int, + private_sw_collector_db_t *this, char *package_filter, char *package) +{ + int count; + + count = this->db->execute(this->db, NULL, + "UPDATE sw_identifiers SET package = ? WHERE package LIKE ?", + DB_TEXT, package, DB_TEXT, package_filter); + if (count < 0) + { + DBG1(DBG_IMC, "unable to update package name in database"); + } + + return count; +} + +METHOD(sw_collector_db_t, create_sw_enumerator, enumerator_t*, + private_sw_collector_db_t *this, sw_collector_db_query_t type, char *package) +{ + enumerator_t *e; + u_int installed; + + if (type == SW_QUERY_ALL) + { + if (package) + { + e = this->db->query(this->db, + "SELECT id, name, package, version, installed " + "FROM sw_identifiers WHERE package = ? ORDER BY name ASC", + DB_TEXT, package, DB_UINT, DB_TEXT, DB_TEXT, DB_TEXT, DB_UINT); + } + else + { + e = this->db->query(this->db, + "SELECT id, name, package, version, installed " + "FROM sw_identifiers ORDER BY name ASC", + DB_UINT, DB_TEXT, DB_TEXT, DB_TEXT, DB_UINT); + } + } + else + { + installed = (type == SW_QUERY_INSTALLED); + + if (package) + { + e = this->db->query(this->db, + "SELECT id, name, package, version, installed " + "FROM sw_identifiers WHERE package = ? AND installed = ? " + "ORDER BY name ASC", DB_TEXT, package, DB_UINT, installed, + DB_UINT, DB_TEXT, DB_TEXT, DB_TEXT, DB_UINT); + } + else + { + e = this->db->query(this->db, + "SELECT id, name, package, version, installed " + "FROM sw_identifiers WHERE installed = ? ORDER BY name ASC", + DB_UINT, installed, DB_UINT, DB_TEXT, DB_TEXT, DB_TEXT, DB_UINT); + } + } + if (!e) + { + DBG1(DBG_IMC, "database query for sw_identifier count failed"); + return NULL; + } + + return e; +} + +METHOD(sw_collector_db_t, destroy, void, + private_sw_collector_db_t *this) +{ + this->db->destroy(this->db); + free(this); +} + +/** + * Determine file creation data and convert it into RFC 3339 format + */ +bool get_file_creation_date(char *pathname, char *timestamp) +{ + struct stat st; + struct tm ct; + + if (stat(pathname, &st)) + { + DBG1(DBG_IMC, "unable to obtain statistics on '%s'", pathname); + return FALSE; + } + + /* Convert from local time to UTC */ + gmtime_r(&st.st_mtime, &ct); + ct.tm_year += 1900; + ct.tm_mon += 1; + + /* Form timestamp according to RFC 3339 (20 characters) */ + snprintf(timestamp, 21, "%4d-%02d-%02dT%02d:%02d:%02dZ", + ct.tm_year, ct.tm_mon, ct.tm_mday, + ct.tm_hour, ct.tm_min, ct.tm_sec); + + return TRUE; +} + +/** + * Described in header. + */ +sw_collector_db_t *sw_collector_db_create(char *uri) +{ + private_sw_collector_db_t *this; + uint32_t first_eid, last_eid; + char first_time_buf[21], *first_time, *first_file; + + INIT(this, + .public = { + .add_event = _add_event, + .get_last_event = _get_last_event, + .add_sw_event = _add_sw_event, + .set_sw_id = _set_sw_id, + .get_sw_id = _get_sw_id, + .get_sw_id_count = _get_sw_id_count, + .update_sw_id = _update_sw_id, + .update_package = _update_package, + .create_sw_enumerator = _create_sw_enumerator, + .destroy = _destroy, + }, + .db = lib->db->create(lib->db, uri), + ); + + if (!this->db) + { + DBG1(DBG_IMC, "opening database URI '%s' failed", uri); + free(this); + return NULL; + } + + /* Retrieve last event in database */ + if (!get_last_event(this, &last_eid, &this->epoch, NULL)) + { + destroy(this); + return NULL; + } + + /* Create random epoch and first event if no events exist yet */ + if (!last_eid) + { + rng_t *rng; + + rng = lib->crypto->create_rng(lib->crypto, RNG_STRONG); + if (!rng || + !rng->get_bytes(rng, sizeof(uint32_t), (uint8_t*)&this->epoch)) + { + DESTROY_IF(rng); + destroy(this); + DBG1(DBG_IMC, "generating random epoch value failed"); + return NULL; + } + rng->destroy(rng); + + /* strongTNC workaround - limit epoch to 31 bit unsigned integer */ + this->epoch &= 0x7fffffff; + + /* Create first event when the OS was installed */ + first_file = lib->settings->get_str(lib->settings, + "sw-collector.first_file", "/var/log/bootstrap.log"); + first_time = lib->settings->get_str(lib->settings, + "sw-collector.first_time", NULL); + if (!first_time) + { + if (get_file_creation_date(first_file, first_time_buf)) + { + first_time = first_time_buf; + } + else + { + first_time = "0000-00-00T00:00:00Z"; + } + } + first_eid = add_event(this, first_time); + + if (!first_eid) + { + destroy(this); + return NULL; + } + DBG0(DBG_IMC, "First-Date: %s, eid = %u, epoch = %u", + first_time, first_eid, this->epoch); + } + + return &this->public; +} diff --git a/src/sw-collector/sw_collector_db.h b/src/sw-collector/sw_collector_db.h new file mode 100644 index 000000000..e3b56af93 --- /dev/null +++ b/src/sw-collector/sw_collector_db.h @@ -0,0 +1,155 @@ +/* + * Copyright (C) 2017 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup sw_collector_db_t sw_collector_db + * @{ @ingroup sw_collector + */ + +#ifndef SW_COLLECTOR_DB_H_ +#define SW_COLLECTOR_DB_H_ + +#include + +typedef struct sw_collector_db_t sw_collector_db_t; +typedef enum sw_collector_db_query_t sw_collector_db_query_t; + +/** + * Type of software identifier queries + */ +enum sw_collector_db_query_t { + SW_QUERY_ALL, + SW_QUERY_INSTALLED, + SW_QUERY_REMOVED +}; + +/** + * Software collector database object + */ +struct sw_collector_db_t { + + /** + * bAdd event to database + * + * @param timestamp Timestamp in 20 octet RFC 3339 format + * @return Primary key pointing to event ID or 0 if failed + */ + uint32_t (*add_event)(sw_collector_db_t *this, char *timestamp); + + /** + * Get last event, zero EID if none exists + * + * @param eid Primary key pointing to last event + * @param epoch Epoch + * @param last_time Timestamp in 20 octet RFC 3339 format of last event + * @return + */ + bool (*get_last_event)(sw_collector_db_t *this, uint32_t *eid, + uint32_t *epoch, char **last_time); + + /** + * Add software identifier event to database + * + * @param eid Foreign key pointing to an event ID + * @param sw_id Foreign key pointing to a software identifier + * @param action 1 for CREATION, 2 for deletion + * @return TRUE if successful + */ + bool (*add_sw_event)(sw_collector_db_t *this, uint32_t eid, uint32_t sw_id, + uint8_t action); + + /** + * Set software_identifier, checking if the identifier already exists + * + * @param name Software identifier + * @param package Software package + * @param version Version of software package + * @param source Source ID of the software collector + * @param installed Installation status to be set, TRUE if installed + * @return Primary key pointing to SW ID or 0 if failed + */ + uint32_t (*set_sw_id)(sw_collector_db_t *this, char *name, char *package, + char *version, uint8_t source, bool installed); + + /** + * Get software_identifier record + * + * @param name Software identifier + * @param package Software package + * @param version Version of software package + * @param source Source ID of the software collector + * @param installed Installation status + * @return Primary key pointing to SW ID or 0 if failed + */ + uint32_t (*get_sw_id)(sw_collector_db_t *this, char *name, char **package, + char **version, uint8_t *source, bool *installed); + + /** + * Get number of installed or removed software identifiers + * + * @param type Query type (ALL, INSTALLED, REMOVED) + * @return Count + */ + uint32_t (*get_sw_id_count)(sw_collector_db_t *this, + sw_collector_db_query_t type); + + /** + * Update the software identifier version + * + * @param sw_id Primary key of software identifier + * @param name Software identifier + * @param version Package version + * @param installed Installation status + * @return TRUE if update successful + */ + bool (*update_sw_id)(sw_collector_db_t *this, uint32_t sw_id, char *name, + char *version, bool installed); + + /** + * Update the package name + * + * @param package_filter Package name[s] to be changed + * @param package New package name + * @return TRUE if update successful + */ + int (*update_package)(sw_collector_db_t *this, char *package_filter, + char *package); + + /** + * Enumerate over all collected [installed] software identities + * + * @param type Query type (ALL, INSTALLED, REMOVED) + * @param package If not NULL enumerate over all package versions + * @return Enumerator + */ + enumerator_t* (*create_sw_enumerator)(sw_collector_db_t *this, + sw_collector_db_query_t type, + char *package); + + /** + * Destroy sw_collector_db_t object + */ + void (*destroy)(sw_collector_db_t *this); + +}; + +/** + * Create an sw_collector_db_t instance + * + * @param uri database URI + */ +sw_collector_db_t* sw_collector_db_create(char *uri); + +#endif /** SW_COLLECTOR_DB_H_ @}*/ diff --git a/src/sw-collector/sw_collector_dpkg.c b/src/sw-collector/sw_collector_dpkg.c new file mode 100644 index 000000000..b5a858297 --- /dev/null +++ b/src/sw-collector/sw_collector_dpkg.c @@ -0,0 +1,152 @@ +/* + * Copyright (C) 2017 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#define _GNU_SOURCE +#include + +#include "sw_collector_dpkg.h" + +typedef struct private_sw_collector_dpkg_t private_sw_collector_dpkg_t; + +/** + * Private data of an sw_collector_dpkg_t object. + */ +struct private_sw_collector_dpkg_t { + + /** + * Public members of sw_collector_dpkg_state_t + */ + sw_collector_dpkg_t public; + +}; + +typedef struct { + /** public enumerator interface */ + enumerator_t public; + /** dpkg output stream */ + FILE *file; + /** current dpkg output line */ + char line[BUF_LEN]; +} dpkg_enumerator_t; + +METHOD(enumerator_t, enumerate, bool, + dpkg_enumerator_t *this, va_list args) +{ + char **package, **arch, **version, *state, *pos; + + VA_ARGS_VGET(args, package, arch, version); + + while (TRUE) + { + if (!fgets(this->line, BUF_LEN, this->file)) + { + return FALSE; + } + + *package = this->line; + pos = strchr(this->line, '\t'); + if (!pos) + { + return FALSE; + } + *pos = '\0'; + + *arch = ++pos; + pos = strchr(pos, '\t'); + if (!pos) + { + return FALSE; + } + *pos = '\0'; + + *version = ++pos; + pos = strchr(pos, '\t'); + if (!pos) + { + return FALSE; + } + *pos = '\0'; + + state = ++pos; + pos = strchr(pos, '\n'); + if (!pos) + { + return FALSE; + } + *pos = '\0'; + + if (streq(state, "install ok installed")) + { + return TRUE; + } + } +} + +METHOD(enumerator_t, enumerator_destroy, void, + dpkg_enumerator_t *this) +{ + pclose(this->file); + free(this); +} + +METHOD(sw_collector_dpkg_t, create_sw_enumerator, enumerator_t*, + private_sw_collector_dpkg_t *this) +{ + dpkg_enumerator_t *enumerator; + char cmd[] = "dpkg-query -W -f=" + "\'${Package}\t${Architecture}\t${Version}\t${Status}\n\'"; + FILE *file; + + file = popen(cmd, "r"); + if (!file) + { + DBG1(DBG_IMC, "failed to run dpgk-query command"); + return NULL; + } + + INIT(enumerator, + .public = { + .enumerate = enumerator_enumerate_default, + .venumerate = _enumerate, + .destroy = _enumerator_destroy, + }, + .file = file, + ); + + return &enumerator->public; +} + +METHOD(sw_collector_dpkg_t, destroy, void, + private_sw_collector_dpkg_t *this) +{ + free(this); +} + +/** + * Described in header. + */ +sw_collector_dpkg_t *sw_collector_dpkg_create(void) +{ + private_sw_collector_dpkg_t *this; + + INIT(this, + .public = { + .create_sw_enumerator = _create_sw_enumerator, + .destroy = _destroy, + }, + ); + + return &this->public; +} diff --git a/src/sw-collector/sw_collector_dpkg.h b/src/sw-collector/sw_collector_dpkg.h new file mode 100644 index 000000000..eab792e8a --- /dev/null +++ b/src/sw-collector/sw_collector_dpkg.h @@ -0,0 +1,53 @@ +/* + * Copyright (C) 2017 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup sw_collector_dpkg_t sw_collector_dpkg + * @{ @ingroup sw_collector + */ + +#ifndef SW_COLLECTOR_DPKG_H_ +#define SW_COLLECTOR_DPKG_H_ + +#include + +typedef struct sw_collector_dpkg_t sw_collector_dpkg_t; + +/** + * Software collector dpkg object + */ +struct sw_collector_dpkg_t { + + /** + * List of installed software identifiers managed by the + * Debian "dpkg" package manager + * + * @return Enumerator + */ + enumerator_t* (*create_sw_enumerator)(sw_collector_dpkg_t *this); + + /** + * Destroy sw_collector_dpkg_t object + */ + void (*destroy)(sw_collector_dpkg_t *this); + +}; + +/** + * Create an sw_collector_dpkg_t instance + */ +sw_collector_dpkg_t* sw_collector_dpkg_create(void); + +#endif /** SW_COLLECTOR_DPKG_H_ @}*/ diff --git a/src/sw-collector/sw_collector_history.c b/src/sw-collector/sw_collector_history.c new file mode 100644 index 000000000..f1fd9f60f --- /dev/null +++ b/src/sw-collector/sw_collector_history.c @@ -0,0 +1,519 @@ +/* + * Copyright (C) 2017 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#define _GNU_SOURCE +#include +#include + +#include "sw_collector_history.h" +#include "sw_collector_dpkg.h" + +#include +#include + +typedef struct private_sw_collector_history_t private_sw_collector_history_t; + +/** + * Private data of an sw_collector_history_t object. + */ +struct private_sw_collector_history_t { + + /** + * Public members of sw_collector_history_state_t + */ + sw_collector_history_t public; + + /** + * Software Event Source Number + */ + uint8_t source; + + /** + * Reference to OS info object + */ + swid_gen_info_t *info; + + /** + * Reference to collector database + */ + sw_collector_db_t *db; + +}; + +/** + * Define auxiliary package_t list item object + */ +typedef struct package_t package_t; + +struct package_t { + char *package; + char *version; + char *old_version; + char *sw_id; + char *old_sw_id; +}; + +/** + * Create package_t list item object + */ +static package_t* create_package(swid_gen_info_t *info, chunk_t package, + chunk_t version, chunk_t old_version) +{ + package_t *this; + + INIT(this, + .package = strndup(package.ptr, package.len), + .version = strndup(version.ptr, version.len), + .old_version = strndup(old_version.ptr, old_version.len), + ) + + this->sw_id = info->create_sw_id(info, this->package, this->version); + if (old_version.len) + { + this->old_sw_id = info->create_sw_id(info, this->package, + this->old_version); + } + + return this; +} + +/** + * Free package_t list item object + */ +static void free_package(package_t *this) +{ + if (this) + { + free(this->package); + free(this->version); + free(this->old_version); + free(this->sw_id); + free(this->old_sw_id); + free(this); + } +} + +/** + * Extract and parse a single package item + */ +static package_t* extract_package(chunk_t item, swid_gen_info_t *info, + sw_collector_history_op_t op) +{ + chunk_t package, package_stripped, version, old_version; + package_t *p; + + /* extract package name */ + if (!extract_token(&package, ' ', &item)) + { + fprintf(stderr, "version not found.\n"); + return NULL; + } + item = chunk_skip(item, 1); + + /* strip architecture suffix if present */ + if (extract_token(&package_stripped, ':', &package)) + { + package = package_stripped; + } + + /* extract versions */ + version = old_version = chunk_empty; + + if (item.len > 0) + { + if (extract_token(&version, ',', &item)) + { + eat_whitespace(&item); + if (!match("automatic", &item)) + { + old_version = version; + version = item; + } + } + else + { + version = item; + } + } + p = create_package(info, package, version, old_version); + + /* generate log entry */ + if (op == SW_OP_UPGRADE) + { + DBG2(DBG_IMC, " %s (%s, %s)", p->package, p->old_version, p->version); + DBG2(DBG_IMC, " +%s", p->sw_id); + DBG2(DBG_IMC, " -%s", p->old_sw_id); + } + else + { + DBG2(DBG_IMC, " %s (%s)", p->package, p->version); + DBG2(DBG_IMC, " %s%s", (op == SW_OP_INSTALL) ? "+" : "-", p->sw_id); + } + + return p; +} + +METHOD(sw_collector_history_t, extract_timestamp, bool, + private_sw_collector_history_t *this, chunk_t args, char *buf) +{ + struct tm loc, utc; + chunk_t t1, t2; + time_t t; + + /* Break down local time with format t1 = yyyy-mm-dd and t2 = hh:mm:ss */ + if (!eat_whitespace(&args) || !extract_token(&t1, ' ', &args) || + !eat_whitespace(&args) || t1.len != 10 || args.len != 8) + { + DBG1(DBG_IMC, "unable to parse start-date"); + return FALSE; + } + t2 = args; + + if (sscanf(t1.ptr, "%4d-%2d-%2d", + &loc.tm_year, &loc.tm_mon, &loc.tm_mday) != 3) + { + DBG1(DBG_IMC, "unable to parse date format yyyy-mm-dd"); + return FALSE; + } + loc.tm_year -= 1900; + loc.tm_mon -= 1; + loc.tm_isdst = -1; + + if (sscanf(t2.ptr, "%2d:%2d:%2d", + &loc.tm_hour, &loc.tm_min, &loc.tm_sec) != 3) + { + DBG1(DBG_IMC, "unable to parse time format hh:mm:ss"); + return FALSE; + } + + /* Convert from local time to UTC */ + t = mktime(&loc); + gmtime_r(&t, &utc); + utc.tm_year += 1900; + utc.tm_mon += 1; + + /* Form timestamp according to RFC 3339 (20 characters) */ + snprintf(buf, 21, "%4d-%02d-%02dT%02d:%02d:%02dZ", + utc.tm_year, utc.tm_mon, utc.tm_mday, + utc.tm_hour, utc.tm_min, utc.tm_sec); + + return TRUE; +} + +METHOD(sw_collector_history_t, extract_packages, bool, + private_sw_collector_history_t *this, chunk_t args, uint32_t eid, + sw_collector_history_op_t op) +{ + bool success = FALSE; + package_t *p = NULL; + chunk_t item; + + eat_whitespace(&args); + + while (extract_token(&item, ')', &args)) + { + char *del_sw_id = NULL, *del_version = NULL; + char *nx, *px, *vx, *v1; + bool installed; + u_int sw_idx, ix; + uint32_t sw_id, sw_id_epoch_less = 0; + enumerator_t *e; + + p = extract_package(item, this->info, op); + if (!p) + { + goto end; + } + + /* packages without version information cannot be handled */ + if (strlen(p->version) == 0) + { + free_package(p); + continue; + } + + switch (op) + { + case SW_OP_REMOVE: + /* prepare subsequent deletion sw event */ + del_sw_id = p->sw_id; + del_version = p->version; + break; + case SW_OP_UPGRADE: + /* prepare subsequent deletion sw event */ + del_sw_id = p->old_sw_id; + del_version = p->old_version; + /* fall through to next case */ + case SW_OP_INSTALL: + sw_id = this->db->get_sw_id(this->db, p->sw_id, NULL, NULL, + NULL, &installed); + if (sw_id) + { + /* sw identifier exists - update state to 'installed' */ + if (installed) + { + /* this case should not occur */ + DBG1(DBG_IMC, " warning: sw_id %d is already " + "installed", sw_id); + } + else if (!this->db->update_sw_id(this->db, sw_id, NULL, + NULL, TRUE)) + { + goto end; + } + } + else + { + /* new sw identifier - create with state 'installed' */ + sw_id = this->db->set_sw_id(this->db, p->sw_id, p->package, + p->version, this->source, TRUE); + if (!sw_id) + { + goto end; + } + } + + /* add creation sw event with current eid */ + if (!this->db->add_sw_event(this->db, eid, sw_id, + SWIMA_EVENT_ACTION_CREATION)) + { + goto end; + } + break; + } + + if (op != SW_OP_INSTALL) + { + sw_id = 0; + + /* look for existing installed package versions */ + e = this->db->create_sw_enumerator(this->db, SW_QUERY_INSTALLED, + p->package); + if (!e) + { + goto end; + } + + while (e->enumerate(e, &sw_idx, &nx, &px, &vx, &ix)) + { + if (streq(vx, del_version)) + { + /* full match with epoch */ + sw_id = sw_idx; + break; + } + v1 = strchr(vx, ':'); + if (v1 && streq(++v1, del_version)) + { + /* match with stripped epoch */ + sw_id_epoch_less = sw_idx; + } + } + e->destroy(e); + + if (!sw_id && sw_id_epoch_less) + { + /* no full match - fall back to epoch-less match */ + sw_id = sw_id_epoch_less; + } + if (sw_id) + { + /* sw identifier exists - update state to 'removed' */ + if (!this->db->update_sw_id(this->db, sw_id, NULL, NULL, FALSE)) + { + goto end; + } + } + else + { + /* new sw identifier - create with state 'removed' */ + sw_id = this->db->set_sw_id(this->db, del_sw_id, p->package, + del_version, this->source, FALSE); + + /* add creation sw event with eid = 1 */ + if (!sw_id || !this->db->add_sw_event(this->db, 1, sw_id, + SWIMA_EVENT_ACTION_CREATION)) + { + goto end; + } + } + + /* add creation sw event with current eid */ + if (!this->db->add_sw_event(this->db, eid, sw_id, + SWIMA_EVENT_ACTION_DELETION)) + { + goto end; + } + } + free_package(p); + + if (args.len < 2) + { + break; + } + args = chunk_skip(args, 2); + } + p = NULL; + success = TRUE; + +end: + free_package(p); + + return success; +} + +METHOD(sw_collector_history_t, merge_installed_packages, bool, + private_sw_collector_history_t *this) +{ + uint32_t sw_id, count = 0; + char *package, *arch, *version, *v1, *name, *n1; + bool installed, success = FALSE; + sw_collector_dpkg_t *dpkg; + enumerator_t *enumerator; + + DBG1(DBG_IMC, "Merging:"); + + dpkg = sw_collector_dpkg_create(); + if (!dpkg) + { + return FALSE; + } + + enumerator = dpkg->create_sw_enumerator(dpkg); + while (enumerator->enumerate(enumerator, &package, &arch, &version)) + { + name = this->info->create_sw_id(this->info, package, version); + DBG3(DBG_IMC, " %s merged", name); + + sw_id = this->db->get_sw_id(this->db, name, NULL, NULL, NULL, + &installed); + if (sw_id) + { + if (!installed) + { + DBG1(DBG_IMC, " warning: existing sw_id %u" + " is not installed", sw_id); + + if (!this->db->update_sw_id(this->db, sw_id, name, version, + TRUE)) + { + free(name); + goto end; + } + } + } + else + { + /* check for a Debian epoch number */ + v1 = strchr(version, ':'); + if (v1) + { + /* check for existing and installed epoch-less version */ + n1 = this->info->create_sw_id(this->info, package, ++v1); + sw_id = this->db->get_sw_id(this->db, n1, NULL, NULL, NULL, + &installed); + free(n1); + + if (sw_id && installed) + { + /* add epoch to existing version */ + if (!this->db->update_sw_id(this->db, sw_id, name, version, + installed)) + { + free(name); + goto end; + } + } + else + { + sw_id = 0; + } + } + } + + if (!sw_id) + { + /* new sw identifier - create with state 'installed' */ + sw_id = this->db->set_sw_id(this->db, name, package, version, + this->source, TRUE); + + /* add creation sw event with eid = 1 */ + if (!sw_id || !this->db->add_sw_event(this->db, 1, sw_id, + SWIMA_EVENT_ACTION_CREATION)) + { + free(name); + goto end; + } + + } + free(name); + count++; + } + success = TRUE; + + DBG1(DBG_IMC, " merged %u installed packages, %u registered in database", + count, this->db->get_sw_id_count(this->db, SW_QUERY_INSTALLED)); + +end: + enumerator->destroy(enumerator); + dpkg->destroy(dpkg); + + return success; +} + +METHOD(sw_collector_history_t, destroy, void, + private_sw_collector_history_t *this) +{ + this->info->destroy(this->info); + free(this); +} + +/** + * Described in header. + */ +sw_collector_history_t *sw_collector_history_create(sw_collector_db_t *db, + uint8_t source) +{ + private_sw_collector_history_t *this; + swid_gen_info_t *info; + os_type_t os_type; + char *os; + + info = swid_gen_info_create(); + + /* check if OS supports apg/dpkg history logs */ + info->get_os(info, &os); + os_type = info->get_os_type(info); + if (os_type != OS_TYPE_DEBIAN && os_type != OS_TYPE_UBUNTU) + { + DBG1(DBG_IMC, "%.*s not supported", os); + info->destroy(info); + return NULL; + } + + INIT(this, + .public = { + .extract_timestamp = _extract_timestamp, + .extract_packages = _extract_packages, + .merge_installed_packages = _merge_installed_packages, + .destroy = _destroy, + }, + .source = source, + .info = info, + .db = db, + ); + + return &this->public; +} diff --git a/src/sw-collector/sw_collector_history.h b/src/sw-collector/sw_collector_history.h new file mode 100644 index 000000000..aa354e8f4 --- /dev/null +++ b/src/sw-collector/sw_collector_history.h @@ -0,0 +1,91 @@ +/* + * Copyright (C) 2017 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup sw_collector_history_t sw_collector_history + * @{ @ingroup sw_collector + */ + +#ifndef SW_COLLECTOR_HISTORY_H_ +#define SW_COLLECTOR_HISTORY_H_ + +#include "sw_collector_db.h" + +#include +#include +#include + +typedef struct sw_collector_history_t sw_collector_history_t; +typedef enum sw_collector_history_op_t sw_collector_history_op_t; + +/** + * Define major history event operations + */ +enum sw_collector_history_op_t { + SW_OP_INSTALL, + SW_OP_UPGRADE, + SW_OP_REMOVE +}; + +/** + * Software collector history object + */ +struct sw_collector_history_t { + + /** + * Extract timestamp from event in installation history + * + * @param args Arguments to be processed + * @param buf timestamp buffer for 21 byte RFC 3339 string + * @return TRUE if extraction succeeded + */ + bool (*extract_timestamp)(sw_collector_history_t *this, chunk_t args, + char *buf); + + /** + * Extract packages from event in installation history + * + * @param args Arguments to be processed + * @param eid Primary key pointing to current event + * @param op Extraction operation + * @return TRUE if extraction succeeded + */ + bool (*extract_packages)(sw_collector_history_t *this, chunk_t args, + uint32_t eid, sw_collector_history_op_t op); + + /** + * Merge packages from initial installation + * + * @return TRUE if merge succeeded + */ + bool (*merge_installed_packages)(sw_collector_history_t *this); + + /** + * Destroy sw_collector_history_t object + */ + void (*destroy)(sw_collector_history_t *this); + +}; + +/** + * Create an sw_collector_history_t instance + * + * @param db Internal reference to collector database + * @param source Software event source number + */ +sw_collector_history_t* sw_collector_history_create(sw_collector_db_t *db, + uint8_t source); + +#endif /** SW_COLLECTOR_HISTORY_H_ @}*/ diff --git a/src/sw-collector/sw_collector_rest_api.c b/src/sw-collector/sw_collector_rest_api.c new file mode 100644 index 000000000..6b9b7b96a --- /dev/null +++ b/src/sw-collector/sw_collector_rest_api.c @@ -0,0 +1,200 @@ +/* + * Copyright (C) 2017 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "sw_collector_rest_api.h" + +#include +#include + +typedef struct private_sw_collector_rest_api_t private_sw_collector_rest_api_t; + +/** + * Private data of an sw_collector_rest_api_t object. + */ +struct private_sw_collector_rest_api_t { + + /** + * Public members of sw_collector_rest_api_state_t + */ + sw_collector_rest_api_t public; + + /** + * Software collector database + */ + sw_collector_db_t *db; + + /** + * REST API of central collector database + */ + rest_t *rest_api; + +}; + +/** + * Put all locally retrieved software identifiers into a json object + */ +static json_object* create_rest_request(private_sw_collector_rest_api_t *this, + sw_collector_db_query_t type) +{ + json_object *jrequest, *jarray, *jstring; + char *name, *package, *version; + uint32_t sw_id, i; + enumerator_t *e; + + jrequest = json_object_new_object(); + jarray = json_object_new_array(); + json_object_object_add(jrequest, "data", jarray); + + e = this->db->create_sw_enumerator(this->db, type, NULL); + if (!e) + { + return NULL; + } + while (e->enumerate(e, &sw_id, &name, &package, &version, &i)) + { + jstring = json_object_new_string(name); + json_object_array_add(jarray, jstring); + } + e->destroy(e); + + return jrequest; +} + +typedef struct { + /** public enumerator interface */ + enumerator_t public; + /** enumerated json array */ + json_object *jarray; + /** current index +1, initialized at 0 */ + int idx; +} json_array_enumerator_t; + +METHOD(enumerator_t, enumerate, bool, + json_array_enumerator_t *this, va_list args) +{ + json_object *jvalue; + char **out; + + VA_ARGS_VGET(args, out); + + if (this->idx >= json_object_array_length(this->jarray)) + { + return FALSE; + } + + jvalue = json_object_array_get_idx(this->jarray, this->idx++); + if (json_object_get_type(jvalue) != json_type_string) + { + DBG1(DBG_IMC, "json_string element expected in json_array"); + return FALSE; + } + *out = (char*)json_object_get_string(jvalue); + + return TRUE; +} + +METHOD(enumerator_t, enumerator_destroy, void, + json_array_enumerator_t *this) +{ + json_object_put(this->jarray); + free(this); +} + +METHOD(sw_collector_rest_api_t, create_sw_enumerator, enumerator_t*, + private_sw_collector_rest_api_t *this, sw_collector_db_query_t type) +{ + json_array_enumerator_t *enumerator; + json_object *jrequest, *jresponse; + char cmd[BUF_LEN]; + status_t status; + + jrequest = create_rest_request(this, type); + if (!jrequest) + { + return NULL; + } + snprintf(cmd, BUF_LEN, "sessions/0/swid-measurement/"); + + status = this->rest_api->post(this->rest_api, cmd, jrequest, &jresponse); + json_object_put(jrequest); + + switch (status) + { + case SUCCESS: + case NOT_FOUND: + jresponse = json_object_new_array(); + break; + case NEED_MORE: + if (json_object_get_type(jresponse) != json_type_array) + { + DBG1(DBG_IMC, "REST response was not a json_array"); + json_object_put(jresponse); + return NULL; + } + break; + case FAILED: + default: + return NULL; + } + + INIT(enumerator, + .public = { + .enumerate = enumerator_enumerate_default, + .venumerate = _enumerate, + .destroy = _enumerator_destroy, + }, + .jarray = jresponse, + ); + + return &enumerator->public; +} + +METHOD(sw_collector_rest_api_t, destroy, void, + private_sw_collector_rest_api_t *this) +{ + this->rest_api->destroy(this->rest_api); + free(this); +} + +/** + * Described in header. + */ +sw_collector_rest_api_t *sw_collector_rest_api_create(sw_collector_db_t *db) +{ + private_sw_collector_rest_api_t *this; + int timeout; + char *uri; + + uri = lib->settings->get_str(lib->settings, "%s.rest_api.uri", NULL, + lib->ns); + timeout = lib->settings->get_int(lib->settings, "%s.rest_api.timeout", 120, + lib->ns); + if (!uri) + { + DBG1(DBG_IMC, "REST URI to central collector database not set"); + return NULL; + } + + INIT(this, + .public = { + .create_sw_enumerator = _create_sw_enumerator, + .destroy = _destroy, + }, + .db = db, + .rest_api = rest_create(uri, timeout), + ); + + return &this->public; +} diff --git a/src/sw-collector/sw_collector_rest_api.h b/src/sw-collector/sw_collector_rest_api.h new file mode 100644 index 000000000..fe142fc66 --- /dev/null +++ b/src/sw-collector/sw_collector_rest_api.h @@ -0,0 +1,57 @@ +/* + * Copyright (C) 2017 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup sw_collector_rest_api_t sw_collector_rest_api + * @{ @ingroup sw_collector + */ + +#ifndef SW_COLLECTOR_REST_API_H_ +#define SW_COLLECTOR_REST_API_H_ + +#include "sw_collector_db.h" + +typedef struct sw_collector_rest_api_t sw_collector_rest_api_t; + +/** + * Software collector REST API object + */ +struct sw_collector_rest_api_t { + + /** + * List of locally stored software identifiers that are not registered + * in a central collector database + * + * @param type Query type (ALL, INSTALLED, REMOVED) + * @return Enumerator + */ + enumerator_t* (*create_sw_enumerator)(sw_collector_rest_api_t *this, + sw_collector_db_query_t type); + + /** + * Destroy sw_collector_rest_api_t object + */ + void (*destroy)(sw_collector_rest_api_t *this); + +}; + +/** + * Create an sw_collector_rest_api_t instance + * + * @param db Software collector database to be used + */ +sw_collector_rest_api_t* sw_collector_rest_api_create(sw_collector_db_t *db); + +#endif /** SW_COLLECTOR_REST_API_H_ @}*/ diff --git a/src/sw-collector/sw_collector_tables.sql b/src/sw-collector/sw_collector_tables.sql new file mode 100644 index 000000000..b7b430b3c --- /dev/null +++ b/src/sw-collector/sw_collector_tables.sql @@ -0,0 +1,31 @@ +/* SQLit database for an Endpoint Collector */ + +DROP TABLE IF EXISTS "events"; +CREATE TABLE "events" ( + "id" INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT, + "epoch" INTEGER NOT NULL, + "timestamp" CHAR(20) NOT NULL +); + +DROP TABLE IF EXISTS "sw_identifiers"; +CREATE TABLE "sw_identifiers" ( + "id" INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT, + "name" VARCHAR(255) NOT NULL, + "package" VARCHAR(255) NOT NULL, + "version" VARCHAR(255) NOT NULL, + "source" INTEGER DEFAULT 0, + "installed" INTEGER DEFAULT 1, + "tag" TEXT + ); +DROP INDEX IF EXISTS "sw_identifiers_name"; +CREATE INDEX "sw_identifiers_name" ON "sw_identifiers" ( + "name" +); + +DROP TABLE IF EXISTS "sw_events"; +CREATE TABLE "sw_events" ( + "id" INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT, + "eid" INTEGER REFERENCES "events" ("id"), + "sw_id" INTEGER NOT NULL REFERENCES "sw_identifiers" ("id"), + "action" INTEGER NOT NULL +); diff --git a/src/swanctl/Makefile.am b/src/swanctl/Makefile.am index 2fc998262..19815c51a 100644 --- a/src/swanctl/Makefile.am +++ b/src/swanctl/Makefile.am @@ -64,6 +64,7 @@ maintainer-clean-local: install-data-local: swanctl.conf test -e "$(DESTDIR)$(swanctldir)" || $(INSTALL) -d "$(DESTDIR)$(swanctldir)" || true + test -e "$(DESTDIR)$(swanctldir)/conf.d" || $(INSTALL) -d "$(DESTDIR)$(swanctldir)/conf.d" || true test -e "$(DESTDIR)$(swanctldir)/x509" || $(INSTALL) -d "$(DESTDIR)$(swanctldir)/x509" || true test -e "$(DESTDIR)$(swanctldir)/x509ca" || $(INSTALL) -d "$(DESTDIR)$(swanctldir)/x509ca" || true test -e "$(DESTDIR)$(swanctldir)/x509aa" || $(INSTALL) -d "$(DESTDIR)$(swanctldir)/x509aa" || true diff --git a/src/swanctl/Makefile.in b/src/swanctl/Makefile.in index b5313a37d..6da739b88 100644 --- a/src/swanctl/Makefile.in +++ b/src/swanctl/Makefile.in @@ -330,8 +330,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -432,6 +430,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -460,6 +460,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ @@ -1039,6 +1043,7 @@ maintainer-clean-local: install-data-local: swanctl.conf test -e "$(DESTDIR)$(swanctldir)" || $(INSTALL) -d "$(DESTDIR)$(swanctldir)" || true + test -e "$(DESTDIR)$(swanctldir)/conf.d" || $(INSTALL) -d "$(DESTDIR)$(swanctldir)/conf.d" || true test -e "$(DESTDIR)$(swanctldir)/x509" || $(INSTALL) -d "$(DESTDIR)$(swanctldir)/x509" || true test -e "$(DESTDIR)$(swanctldir)/x509ca" || $(INSTALL) -d "$(DESTDIR)$(swanctldir)/x509ca" || true test -e "$(DESTDIR)$(swanctldir)/x509aa" || $(INSTALL) -d "$(DESTDIR)$(swanctldir)/x509aa" || true diff --git a/src/swanctl/command.c b/src/swanctl/command.c index fd9bc0083..7f65d2b0e 100644 --- a/src/swanctl/command.c +++ b/src/swanctl/command.c @@ -315,6 +315,10 @@ int command_dispatch(int c, char *v[]) { int op, i; + uri = lib->settings->get_str(lib->settings, "%s.socket", + lib->settings->get_str(lib->settings, "%s.plugins.vici.socket", + NULL, lib->ns), lib->ns); + options = options_create(); atexit(cleanup); active = help_idx = registered; diff --git a/src/swanctl/swanctl.conf b/src/swanctl/swanctl.conf index b2045a3d8..1ff5ee8fb 100644 --- a/src/swanctl/swanctl.conf +++ b/src/swanctl/swanctl.conf @@ -151,6 +151,9 @@ # IKE identity to expect for authentication round. # id = %any + # Identity to use as peer identity during EAP authentication. + # eap_id = id + # Authorization group memberships to require. # groups = @@ -502,3 +505,6 @@ # } +# Include config snippets +include conf.d/*.conf + diff --git a/src/swanctl/swanctl.conf.5.main b/src/swanctl/swanctl.conf.5.main index 9f4044d7e..d1aced493 100644 --- a/src/swanctl/swanctl.conf.5.main +++ b/src/swanctl/swanctl.conf.5.main @@ -568,6 +568,13 @@ IKE identity to expect for authentication round. Refer to the .RI "" "id" "" section for details. +.TP +.BR connections..remote.eap_id " [id]" +Identity to use as peer identity during EAP authentication. If set to +.RI "" "%any" "" +the +EAP\-Identity method will be used to ask the client for an identity. + .TP .BR connections..remote.groups " []" Comma separated authorization group memberships to require. The peer must prove @@ -1050,9 +1057,14 @@ Netfilter mark and mask for input traffic. On Linux Netfilter may require marks on each packet to match an SA having that option set. This allows Netfilter rules to select specific tunnels for incoming traffic. The special value .RI "" "%unique" "" -sets a unique mark on each CHILD_SA instance. - -An additional mask may be appended to the mark, separated by _/_. The default +sets a unique mark on each CHILD_SA instance, beyond that the value +.RI "" "%unique\-dir" "" +assigns a different unique mark for each CHILD_SA direction +(in/out). + +An additional mask may be appended to the mark, separated by +.RI "" "/" "." +The default mask if omitted is 0xffffffff. .TP @@ -1061,9 +1073,14 @@ Netfilter mark and mask for output traffic. On Linux Netfilter may require marks on each packet to match a policy having that option set. This allows Netfilter rules to select specific tunnels for outgoing traffic. The special value .RI "" "%unique" "" -sets a unique mark on each CHILD_SA instance. - -An additional mask may be appended to the mark, separated by _/_. The default +sets a unique mark on each CHILD_SA instance, beyond that the value +.RI "" "%unique\-dir" "" +assigns a different unique mark for each CHILD_SA direction +(in/out). + +An additional mask may be appended to the mark, separated by +.RI "" "/" "." +The default mask if omitted is 0xffffffff. .TP diff --git a/src/swanctl/swanctl.opt b/src/swanctl/swanctl.opt index 7e204db61..d0a0d21dd 100644 --- a/src/swanctl/swanctl.opt +++ b/src/swanctl/swanctl.opt @@ -460,6 +460,12 @@ connections..remote.id = %any IKE identity to expect for authentication round. Refer to the _local_ _id_ section for details. +connections..remote.eap_id = id + Identity to use as peer identity during EAP authentication. + + Identity to use as peer identity during EAP authentication. If set to _%any_ + the EAP-Identity method will be used to ask the client for an identity. + connections..remote.groups = Authorization group memberships to require. @@ -864,7 +870,9 @@ connections..children..mark_in = 0/0x00000000 Netfilter mark and mask for input traffic. On Linux Netfilter may require marks on each packet to match an SA having that option set. This allows Netfilter rules to select specific tunnels for incoming traffic. The - special value _%unique_ sets a unique mark on each CHILD_SA instance. + special value _%unique_ sets a unique mark on each CHILD_SA instance, + beyond that the value _%unique-dir_ assigns a different unique mark for each + CHILD_SA direction (in/out). An additional mask may be appended to the mark, separated by _/_. The default mask if omitted is 0xffffffff. @@ -875,7 +883,9 @@ connections..children..mark_out = 0/0x00000000 Netfilter mark and mask for output traffic. On Linux Netfilter may require marks on each packet to match a policy having that option set. This allows Netfilter rules to select specific tunnels for outgoing traffic. The - special value _%unique_ sets a unique mark on each CHILD_SA instance. + special value _%unique_ sets a unique mark on each CHILD_SA instance, + beyond that the value _%unique-dir_ assigns a different unique mark for each + CHILD_SA direction (in/out). An additional mask may be appended to the mark, separated by _/_. The default mask if omitted is 0xffffffff. @@ -1152,3 +1162,5 @@ authorities..cert_uri_base = built by appending the SHA1 hash of the DER encoded certificates to this base URI. +include conf.d/*.conf + Include config snippets diff --git a/testing/Makefile.in b/testing/Makefile.in index af153d3ea..3f6f1e4dd 100644 --- a/testing/Makefile.in +++ b/testing/Makefile.in @@ -227,8 +227,6 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -329,6 +327,8 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +ruby_CFLAGS = @ruby_CFLAGS@ +ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -357,6 +357,10 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/testing/do-tests b/testing/do-tests index 60c34c798..e3fd9b464 100755 --- a/testing/do-tests +++ b/testing/do-tests @@ -48,6 +48,25 @@ failed_cnt="0" passed_cnt="0" subdir_cnt="0" +############################################################################## +# parse optional arguments +# +while getopts "v" opt +do + case "$opt" in + v) + verbose=YES + ;; + esac +done +shift $((OPTIND-1)) + + +function print_time() +{ + [ "$verbose" == "YES" ] && echo "$(date +%T.%N) ~ " +} + ############################################################################## # copy default tests to $BUILDDIR # @@ -207,12 +226,16 @@ for SUBDIR in $TESTS do SUBTESTS="`basename $SUBDIR`" - if [ $SUBTESTS = $SUBDIR ] - then - SUBTESTS="`ls $DEFAULTTESTSDIR/$SUBDIR`" - else - SUBDIR="`dirname $SUBDIR`" - fi + if [ $SUBTESTS = $SUBDIR ] + then + SUBTESTS="`ls $DEFAULTTESTSDIR/$SUBDIR`" + else + if [[ $SUBTESTS == *'*'* ]] + then + SUBTESTS="`basename -a $DEFAULTTESTSDIR/$SUBDIR`" + fi + SUBDIR="`dirname $SUBDIR`" + fi if [ ! -d $TODAYDIR/$SUBDIR ] then @@ -326,7 +349,7 @@ do host=`echo $host_iface | awk -F ":" '{print $1}'` iface=`echo $host_iface | awk -F ":" '{if ($2 != "") { print $2 } else { printf("eth0") }}'` tcpdump_cmd="tcpdump -l $TCPDUMP_IM -i $iface not port ssh and not port domain >/tmp/tcpdump.log 2>/tmp/tcpdump.err.log &" - echo "${host}# $tcpdump_cmd" >> $CONSOLE_LOG + echo "$(print_time)${host}# $tcpdump_cmd" >> $CONSOLE_LOG ssh $SSHCONF root@`eval echo \\\$ipv4_$host '$tcpdump_cmd'` eval TDUP_${host}="true" done @@ -381,7 +404,7 @@ do eval `awk -F "::" '{ if ($1 !~ /^#.*/ && $2 != "") { - printf("echo \"%s# %s\"; ", $1, $2) + printf("echo \"$(print_time)%s# %s\"; ", $1, $2) printf("ssh \044SSHCONF root@\044ipv4_%s \"%s\"; ", $1, $2) printf("echo;\n") } @@ -395,7 +418,7 @@ do function stop_tcpdump { # wait for packets to get processed, but don't wait longer than 1s eval ssh $SSHCONF root@\$ipv4_${1} "\"i=100; while [ \\\$i -gt 0 ]; do pkill -USR1 tcpdump; tail -1 /tmp/tcpdump.err.log | perl -n -e '/(\\d+).*?(\\d+)/; exit (\\\$1 == \\\$2)' || break; sleep 0.01; i=\\\$((\\\$i-1)); done;\"" - echo "${1}# killall tcpdump" >> $CONSOLE_LOG + echo "$(print_time)${1}# killall tcpdump" >> $CONSOLE_LOG eval ssh $SSHCONF root@\$ipv4_${1} "\"killall tcpdump; while true; do killall -q -0 tcpdump || break; sleep 0.01; done;\"" eval TDUP_${1}="false" echo "" >> $CONSOLE_LOG @@ -412,29 +435,50 @@ do STATUS="passed" eval `awk -F "::" '{ - host=$1 - command=$2 - pattern=$3 - hit=$4 - if (host !~ /^#.*/ && command != "") - { + host=$1 + command=$2 + pattern=$3 + hit=$4 + if (host ~ /^#.*/ || command == "") + { + next + } + printf("cmd_err=\044(tempfile -p test -s err); ") if (command == "tcpdump") { - printf("if [ \044TDUP_%s == \"true\" ]; then stop_tcpdump %s; fi; \n", host, host) - printf("echo \"%s# cat /tmp/tcpdump.log | grep \047%s\047 [%s]\"; ", host, pattern, hit) - printf("ssh \044SSHCONF root@\044ipv4_%s cat /tmp/tcpdump.log | grep \"%s\"; ", host, pattern) + printf("if [ \044TDUP_%s == \"true\" ]; then stop_tcpdump %s; fi; \n", host, host) + printf("cmd_out=\044(ssh \044SSHCONF root@\044ipv4_%s cat /tmp/tcpdump.log | grep \"%s\"); ", host, pattern) } else { - printf("echo \"%s# %s | grep \047%s\047 [%s]\"; ", host, command, pattern, hit) - printf("ssh \044SSHCONF root@\044ipv4_%s %s | grep \"%s\"; ", host, command, pattern) + printf("cmd_out=\044(ssh \044SSHCONF root@\044ipv4_%s %s 2>\044cmd_err | grep \"%s\"); ", host, command, pattern) } printf("cmd_exit=\044?; ") + printf("cmd_fail=0; ") + if (hit ~ /^[0-9]+$/) + { + printf("if [ \044(echo \"\044cmd_out\" | wc -l) -ne %d ] ", hit) + } + else + { + printf("if [ \044cmd_exit -eq 0 -a \"%s\" = \"NO\" ] ", hit) + printf("|| [ \044cmd_exit -ne 0 -a \"%s\" = \"YES\" ] ", hit) + } + printf("; then STATUS=\"failed\"; cmd_fail=1; fi; \n") + + printf("if [ \044cmd_fail -ne 0 ]; then echo \"~~~~~~~ FAIL ~~~~~~~\"; fi; \n") + if (command == "tcpdump") + { + printf("echo \"$(print_time)%s# cat /tmp/tcpdump.log | grep \047%s\047 [%s]\"; ", host, pattern, hit) + } + else + { + printf("echo \"$(print_time)%s# %s | grep \047%s\047 [%s]\"; ", host, command, pattern, hit) + } + printf("if [ -n \"\044cmd_out\" ]; then echo \"\044cmd_out\"; fi; \n") + printf("cat \044cmd_err; rm -f -- \044cmd_err; \n") + printf("if [ \044cmd_fail -ne 0 ]; then echo \"~~~~~~~~~~~~~~~~~~~~\"; fi; \n") printf("echo; ") - printf("if [ \044cmd_exit -eq 0 -a \"%s\" = \"NO\" ] ", hit) - printf("|| [ \044cmd_exit -ne 0 -a \"%s\" = \"YES\" ] ", hit) - printf("; then STATUS=\"failed\"; fi; \n") - } }' $TESTDIR/evaltest.dat` >> $CONSOLE_LOG 2>&1 @@ -718,7 +762,7 @@ do eval `awk -F "::" '{ if ($1 !~ /^#.*/ && $2 != "") { - printf("echo \"%s# %s\"; ", $1, $2) + printf("echo \"$(print_time)%s# %s\"; ", $1, $2) printf("ssh \044SSHCONF root@\044ipv4_%s \"%s\"; ", $1, $2) printf("echo;\n") } diff --git a/testing/hosts/alice/etc/strongswan.conf b/testing/hosts/alice/etc/strongswan.conf index f7a87e90c..bc0ddbf33 100644 --- a/testing/hosts/alice/etc/strongswan.conf +++ b/testing/hosts/alice/etc/strongswan.conf @@ -1,9 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation constraints pubkey gmp random nonce curl kernel-netlink socket-default updown stroke -} - -libstrongswan { - dh_exponent_ansi_x9_42 = no + load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation constraints curve25519 pubkey gmp random nonce curl kernel-netlink socket-default updown stroke vici } diff --git a/testing/hosts/bob/etc/strongswan.conf b/testing/hosts/bob/etc/strongswan.conf index f7a87e90c..bc0ddbf33 100644 --- a/testing/hosts/bob/etc/strongswan.conf +++ b/testing/hosts/bob/etc/strongswan.conf @@ -1,9 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation constraints pubkey gmp random nonce curl kernel-netlink socket-default updown stroke -} - -libstrongswan { - dh_exponent_ansi_x9_42 = no + load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation constraints curve25519 pubkey gmp random nonce curl kernel-netlink socket-default updown stroke vici } diff --git a/testing/hosts/carol/etc/strongswan.conf b/testing/hosts/carol/etc/strongswan.conf index f7a87e90c..bc0ddbf33 100644 --- a/testing/hosts/carol/etc/strongswan.conf +++ b/testing/hosts/carol/etc/strongswan.conf @@ -1,9 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation constraints pubkey gmp random nonce curl kernel-netlink socket-default updown stroke -} - -libstrongswan { - dh_exponent_ansi_x9_42 = no + load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation constraints curve25519 pubkey gmp random nonce curl kernel-netlink socket-default updown stroke vici } diff --git a/testing/hosts/dave/etc/strongswan.conf b/testing/hosts/dave/etc/strongswan.conf index f7a87e90c..bc0ddbf33 100644 --- a/testing/hosts/dave/etc/strongswan.conf +++ b/testing/hosts/dave/etc/strongswan.conf @@ -1,9 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation constraints pubkey gmp random nonce curl kernel-netlink socket-default updown stroke -} - -libstrongswan { - dh_exponent_ansi_x9_42 = no + load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation constraints curve25519 pubkey gmp random nonce curl kernel-netlink socket-default updown stroke vici } diff --git a/testing/hosts/default/usr/local/bin/init_collector b/testing/hosts/default/usr/local/bin/init_collector new file mode 100755 index 000000000..c522de874 --- /dev/null +++ b/testing/hosts/default/usr/local/bin/init_collector @@ -0,0 +1,4 @@ +#! /bin/sh + +cat /usr/local/share/strongswan/templates/database/sw-collector/sw_collector_tables.sql | sqlite3 /etc/db.d/collector.db +LEAK_DETECTIVE_DISABLE=1 /usr/local/sbin/sw-collector diff --git a/testing/hosts/moon/etc/strongswan.conf b/testing/hosts/moon/etc/strongswan.conf index f7a87e90c..bc0ddbf33 100644 --- a/testing/hosts/moon/etc/strongswan.conf +++ b/testing/hosts/moon/etc/strongswan.conf @@ -1,9 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation constraints pubkey gmp random nonce curl kernel-netlink socket-default updown stroke -} - -libstrongswan { - dh_exponent_ansi_x9_42 = no + load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation constraints curve25519 pubkey gmp random nonce curl kernel-netlink socket-default updown stroke vici } diff --git a/testing/hosts/sun/etc/strongswan.conf b/testing/hosts/sun/etc/strongswan.conf index f7a87e90c..bc0ddbf33 100644 --- a/testing/hosts/sun/etc/strongswan.conf +++ b/testing/hosts/sun/etc/strongswan.conf @@ -1,9 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation constraints pubkey gmp random nonce curl kernel-netlink socket-default updown stroke -} - -libstrongswan { - dh_exponent_ansi_x9_42 = no + load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation constraints curve25519 pubkey gmp random nonce curl kernel-netlink socket-default updown stroke vici } diff --git a/testing/hosts/venus/etc/strongswan.conf b/testing/hosts/venus/etc/strongswan.conf index f7a87e90c..bc0ddbf33 100644 --- a/testing/hosts/venus/etc/strongswan.conf +++ b/testing/hosts/venus/etc/strongswan.conf @@ -1,9 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation constraints pubkey gmp random nonce curl kernel-netlink socket-default updown stroke -} - -libstrongswan { - dh_exponent_ansi_x9_42 = no + load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation constraints curve25519 pubkey gmp random nonce curl kernel-netlink socket-default updown stroke vici } diff --git a/testing/scripts/build-guestimages b/testing/scripts/build-guestimages index 43a71b921..7dd7188c2 100755 --- a/testing/scripts/build-guestimages +++ b/testing/scripts/build-guestimages @@ -48,11 +48,11 @@ do execute "cp -rf $HOSTSDIR/${host}/etc $LOOPDIR" 0 execute "cp -rf $HOSTSDIR/default/* $LOOPDIR" 0 execute_chroot "ldconfig" 0 + execute "mkdir $LOOPDIR/etc/pts" 0 if [ "$host" = "alice" ] then execute "mkdir $LOOPDIR/var/log/apache2/tnc" 0 - execute "mkdir $LOOPDIR/etc/pts" 0 execute_chroot "chgrp www-data /etc/pts" 0 execute_chroot "chmod g+w /etc/pts" 0 fi diff --git a/testing/scripts/build-strongswan b/testing/scripts/build-strongswan index 8c6ecaafd..d4e9e922f 100755 --- a/testing/scripts/build-strongswan +++ b/testing/scripts/build-strongswan @@ -51,6 +51,7 @@ do_on_exit umount $LOOPDIR/root/strongswan log_action "Remove SWID tags of previous versions" execute_chroot 'find /usr/local/share/regid.2004-03.org.strongswan -name *.swidtag -delete' +execute_chroot 'find /usr/local/share/strongswan -name *.swidtag -delete' echo "Building and installing strongSwan" diff --git a/testing/scripts/recipes/013_strongswan.mk b/testing/scripts/recipes/013_strongswan.mk index a5b2d8060..3c5f41834 100644 --- a/testing/scripts/recipes/013_strongswan.mk +++ b/testing/scripts/recipes/013_strongswan.mk @@ -56,6 +56,8 @@ CONFIG_OPTS = \ --enable-imv-attestation \ --enable-imc-swid \ --enable-imv-swid \ + --enable-imc-swima \ + --enable-imv-swima \ --enable-imc-hcd \ --enable-imv-hcd \ --enable-sql \ diff --git a/testing/testing.conf b/testing/testing.conf index eeb69ea3d..e22afc3e4 100644 --- a/testing/testing.conf +++ b/testing/testing.conf @@ -31,7 +31,7 @@ fi : ${KERNELPATCH=ha-4.4-abicompat.patch.bz2} # strongSwan version used in tests -: ${SWANVERSION=5.5.3} +: ${SWANVERSION=5.6.0} # Build directory where the guest kernel and images will be built : ${BUILDDIR=$TESTDIR/build} diff --git a/testing/tests/ikev2/net2net-rekey/description.txt b/testing/tests/ikev2/net2net-rekey/description.txt new file mode 100644 index 000000000..c3122a76f --- /dev/null +++ b/testing/tests/ikev2/net2net-rekey/description.txt @@ -0,0 +1,10 @@ +A connection between the subnets behind the gateways moon and sun is set up. +The authentication is based on X.509 certificates. Upon the successful +establishment of the IPsec tunnel, leftfirewall=yes automatically +inserts iptables-based firewall rules that let pass the tunneled traffic. +After a while the CHILD_SA is rekeyed by moon (after a deliberately short +time in this test scenario). +In order to test both tunnel and firewall after the rekeying, client alice +behind gateway moon pings client bob located behind gateway sun +twice, once right after the rekeying and once after the old inbound SA has been +deleted. diff --git a/testing/tests/ikev2/net2net-rekey/evaltest.dat b/testing/tests/ikev2/net2net-rekey/evaltest.dat new file mode 100644 index 000000000..0a34efe9d --- /dev/null +++ b/testing/tests/ikev2/net2net-rekey/evaltest.dat @@ -0,0 +1,14 @@ +moon::ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun.strongswan.org::YES +sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES +moon::ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES +sun:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES +moon::sleep 6::wait for rekeying::NO +moon::cat /var/log/daemon.log::creating rekey job for CHILD_SA::YES +moon::cat /var/log/daemon.log::generating CREATE_CHILD_SA request.*REKEY_SA::YES +moon::cat /var/log/daemon.log::deleted SAD entry with SPI::1 +alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES +moon::sleep 2::wait until inbound SA is deleted::NO +moon::cat /var/log/daemon.log::deleted SAD entry with SPI::2 +alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES +sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES +sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/net2net-rekey/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/net2net-rekey/hosts/moon/etc/ipsec.conf new file mode 100644 index 000000000..dcd98b4de --- /dev/null +++ b/testing/tests/ikev2/net2net-rekey/hosts/moon/etc/ipsec.conf @@ -0,0 +1,24 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + charondebug="knl 2" + +conn %default + ikelifetime=60m + lifetime=10s + margintime=5s + rekeyfuzz=0% + keyingtries=1 + keyexchange=ikev2 + mobike=no + +conn net-net + left=PH_IP_MOON + leftcert=moonCert.pem + leftid=@moon.strongswan.org + leftsubnet=10.1.0.0/16 + leftfirewall=yes + right=PH_IP_SUN + rightid=@sun.strongswan.org + rightsubnet=10.2.0.0/16 + auto=add diff --git a/testing/tests/ikev2/net2net-rekey/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/net2net-rekey/hosts/moon/etc/strongswan.conf new file mode 100644 index 000000000..3dcbf76ea --- /dev/null +++ b/testing/tests/ikev2/net2net-rekey/hosts/moon/etc/strongswan.conf @@ -0,0 +1,7 @@ +# /etc/strongswan.conf - strongSwan configuration file + +charon { + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown + # remove rekeyed inbound SA a bit quicker for the test scenario + delete_rekeyed_delay = 2 +} diff --git a/testing/tests/ikev2/net2net-rekey/hosts/sun/etc/ipsec.conf b/testing/tests/ikev2/net2net-rekey/hosts/sun/etc/ipsec.conf new file mode 100644 index 000000000..5b391db4b --- /dev/null +++ b/testing/tests/ikev2/net2net-rekey/hosts/sun/etc/ipsec.conf @@ -0,0 +1,22 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + keyexchange=ikev2 + mobike=no + +conn net-net + left=PH_IP_SUN + leftcert=sunCert.pem + leftid=@sun.strongswan.org + leftsubnet=10.2.0.0/16 + leftfirewall=yes + right=PH_IP_MOON + rightid=@moon.strongswan.org + rightsubnet=10.1.0.0/16 + auto=add diff --git a/testing/tests/ikev2/net2net-rekey/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/net2net-rekey/hosts/sun/etc/strongswan.conf new file mode 100644 index 000000000..93f434598 --- /dev/null +++ b/testing/tests/ikev2/net2net-rekey/hosts/sun/etc/strongswan.conf @@ -0,0 +1,5 @@ +# /etc/strongswan.conf - strongSwan configuration file + +charon { + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown +} diff --git a/testing/tests/ikev2/net2net-rekey/posttest.dat b/testing/tests/ikev2/net2net-rekey/posttest.dat new file mode 100644 index 000000000..837738fc6 --- /dev/null +++ b/testing/tests/ikev2/net2net-rekey/posttest.dat @@ -0,0 +1,5 @@ +moon::ipsec stop +sun::ipsec stop +moon::iptables-restore < /etc/iptables.flush +sun::iptables-restore < /etc/iptables.flush + diff --git a/testing/tests/ikev2/net2net-rekey/pretest.dat b/testing/tests/ikev2/net2net-rekey/pretest.dat new file mode 100644 index 000000000..bcc2cb04d --- /dev/null +++ b/testing/tests/ikev2/net2net-rekey/pretest.dat @@ -0,0 +1,7 @@ +moon::iptables-restore < /etc/iptables.rules +sun::iptables-restore < /etc/iptables.rules +sun::ipsec start +moon::ipsec start +sun::expect-connection net-net +moon::expect-connection net-net +moon::ipsec up net-net diff --git a/testing/tests/ikev2/net2net-rekey/test.conf b/testing/tests/ikev2/net2net-rekey/test.conf new file mode 100644 index 000000000..afa2accbe --- /dev/null +++ b/testing/tests/ikev2/net2net-rekey/test.conf @@ -0,0 +1,21 @@ +#!/bin/bash +# +# This configuration file provides information on the +# guest instances used for this test + +# All guest instances that are required for this test +# +VIRTHOSTS="alice moon winnetou sun bob" + +# Corresponding block diagram +# +DIAGRAM="a-m-w-s-b.png" + +# Guest instances on which tcpdump is to be started +# +TCPDUMPHOSTS="sun" + +# Guest instances on which IPsec is started +# Used for IPsec logging purposes +# +IPSECHOSTS="moon sun" diff --git a/testing/tests/openssl-ikev2/rw-suite-b-192/hosts/dave/etc/ipsec.conf b/testing/tests/openssl-ikev2/rw-suite-b-192/hosts/dave/etc/ipsec.conf index f6feda0bb..b81e9b277 100644 --- a/testing/tests/openssl-ikev2/rw-suite-b-192/hosts/dave/etc/ipsec.conf +++ b/testing/tests/openssl-ikev2/rw-suite-b-192/hosts/dave/etc/ipsec.conf @@ -9,7 +9,7 @@ conn %default keyingtries=1 keyexchange=ikev2 ike=aes256gcm128-prfsha384-ecp384! - esp=aes256cm128-ecp384! + esp=aes256gcm128-ecp384! conn peer left=PH_IP_DAVE diff --git a/testing/tests/pfkey/net2net-rekey/description.txt b/testing/tests/pfkey/net2net-rekey/description.txt new file mode 100644 index 000000000..c3122a76f --- /dev/null +++ b/testing/tests/pfkey/net2net-rekey/description.txt @@ -0,0 +1,10 @@ +A connection between the subnets behind the gateways moon and sun is set up. +The authentication is based on X.509 certificates. Upon the successful +establishment of the IPsec tunnel, leftfirewall=yes automatically +inserts iptables-based firewall rules that let pass the tunneled traffic. +After a while the CHILD_SA is rekeyed by moon (after a deliberately short +time in this test scenario). +In order to test both tunnel and firewall after the rekeying, client alice +behind gateway moon pings client bob located behind gateway sun +twice, once right after the rekeying and once after the old inbound SA has been +deleted. diff --git a/testing/tests/pfkey/net2net-rekey/evaltest.dat b/testing/tests/pfkey/net2net-rekey/evaltest.dat new file mode 100644 index 000000000..3bf3b274b --- /dev/null +++ b/testing/tests/pfkey/net2net-rekey/evaltest.dat @@ -0,0 +1,16 @@ +moon::ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun.strongswan.org::YES +sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES +moon::ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES +sun:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES +# deleting the inbound SPI +moon::cat /var/log/daemon.log::deleted SAD entry with SPI::1 +moon::sleep 6::wait for rekeying::NO +moon::cat /var/log/daemon.log::creating rekey job for CHILD_SA::YES +moon::cat /var/log/daemon.log::generating CREATE_CHILD_SA request.*REKEY_SA::YES +moon::cat /var/log/daemon.log::deleted SAD entry with SPI::3 +alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES +moon::sleep 2::wait until inbound SA is deleted::NO +moon::cat /var/log/daemon.log::deleted SAD entry with SPI::4 +alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES +sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES +sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/pfkey/net2net-rekey/hosts/moon/etc/ipsec.conf b/testing/tests/pfkey/net2net-rekey/hosts/moon/etc/ipsec.conf new file mode 100644 index 000000000..dcd98b4de --- /dev/null +++ b/testing/tests/pfkey/net2net-rekey/hosts/moon/etc/ipsec.conf @@ -0,0 +1,24 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + charondebug="knl 2" + +conn %default + ikelifetime=60m + lifetime=10s + margintime=5s + rekeyfuzz=0% + keyingtries=1 + keyexchange=ikev2 + mobike=no + +conn net-net + left=PH_IP_MOON + leftcert=moonCert.pem + leftid=@moon.strongswan.org + leftsubnet=10.1.0.0/16 + leftfirewall=yes + right=PH_IP_SUN + rightid=@sun.strongswan.org + rightsubnet=10.2.0.0/16 + auto=add diff --git a/testing/tests/pfkey/net2net-rekey/hosts/moon/etc/strongswan.conf b/testing/tests/pfkey/net2net-rekey/hosts/moon/etc/strongswan.conf new file mode 100644 index 000000000..4234eb134 --- /dev/null +++ b/testing/tests/pfkey/net2net-rekey/hosts/moon/etc/strongswan.conf @@ -0,0 +1,7 @@ +# /etc/strongswan.conf - strongSwan configuration file + +charon { + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-pfkey kernel-netlink socket-default updown + # remove rekeyed inbound SA a bit quicker for the test scenario + delete_rekeyed_delay = 2 +} diff --git a/testing/tests/pfkey/net2net-rekey/hosts/sun/etc/ipsec.conf b/testing/tests/pfkey/net2net-rekey/hosts/sun/etc/ipsec.conf new file mode 100644 index 000000000..5b391db4b --- /dev/null +++ b/testing/tests/pfkey/net2net-rekey/hosts/sun/etc/ipsec.conf @@ -0,0 +1,22 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + keyexchange=ikev2 + mobike=no + +conn net-net + left=PH_IP_SUN + leftcert=sunCert.pem + leftid=@sun.strongswan.org + leftsubnet=10.2.0.0/16 + leftfirewall=yes + right=PH_IP_MOON + rightid=@moon.strongswan.org + rightsubnet=10.1.0.0/16 + auto=add diff --git a/testing/tests/pfkey/net2net-rekey/hosts/sun/etc/strongswan.conf b/testing/tests/pfkey/net2net-rekey/hosts/sun/etc/strongswan.conf new file mode 100644 index 000000000..0ecc2f847 --- /dev/null +++ b/testing/tests/pfkey/net2net-rekey/hosts/sun/etc/strongswan.conf @@ -0,0 +1,5 @@ +# /etc/strongswan.conf - strongSwan configuration file + +charon { + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-pfkey kernel-netlink socket-default updown +} diff --git a/testing/tests/pfkey/net2net-rekey/posttest.dat b/testing/tests/pfkey/net2net-rekey/posttest.dat new file mode 100644 index 000000000..837738fc6 --- /dev/null +++ b/testing/tests/pfkey/net2net-rekey/posttest.dat @@ -0,0 +1,5 @@ +moon::ipsec stop +sun::ipsec stop +moon::iptables-restore < /etc/iptables.flush +sun::iptables-restore < /etc/iptables.flush + diff --git a/testing/tests/pfkey/net2net-rekey/pretest.dat b/testing/tests/pfkey/net2net-rekey/pretest.dat new file mode 100644 index 000000000..bcc2cb04d --- /dev/null +++ b/testing/tests/pfkey/net2net-rekey/pretest.dat @@ -0,0 +1,7 @@ +moon::iptables-restore < /etc/iptables.rules +sun::iptables-restore < /etc/iptables.rules +sun::ipsec start +moon::ipsec start +sun::expect-connection net-net +moon::expect-connection net-net +moon::ipsec up net-net diff --git a/testing/tests/pfkey/net2net-rekey/test.conf b/testing/tests/pfkey/net2net-rekey/test.conf new file mode 100644 index 000000000..afa2accbe --- /dev/null +++ b/testing/tests/pfkey/net2net-rekey/test.conf @@ -0,0 +1,21 @@ +#!/bin/bash +# +# This configuration file provides information on the +# guest instances used for this test + +# All guest instances that are required for this test +# +VIRTHOSTS="alice moon winnetou sun bob" + +# Corresponding block diagram +# +DIAGRAM="a-m-w-s-b.png" + +# Guest instances on which tcpdump is to be started +# +TCPDUMPHOSTS="sun" + +# Guest instances on which IPsec is started +# Used for IPsec logging purposes +# +IPSECHOSTS="moon sun" diff --git a/testing/tests/tkm/xfrmproxy-expire/evaltest.dat b/testing/tests/tkm/xfrmproxy-expire/evaltest.dat index 05bf42057..a3f45871c 100644 --- a/testing/tests/tkm/xfrmproxy-expire/evaltest.dat +++ b/testing/tests/tkm/xfrmproxy-expire/evaltest.dat @@ -2,20 +2,24 @@ moon::ipsec stroke status 2> /dev/null::conn1.*ESTABLISHED.*moon.strongswan.org. sun::ipsec status 2> /dev/null::host-host.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES moon::ipsec stroke status 2> /dev/null::conn1.*INSTALLED, TRANSPORT::YES sun::ipsec status 2> /dev/null::host-host.*INSTALLED, TRANSPORT::YES -moon::ping -c 1 PH_IP_SUN::64 bytes from PH_IP_SUN: icmp_.eq=1::YES -sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES -sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES +moon::sleep 2::wait for rekeying::NO moon::cat /var/log/daemon.log::ees: acquire received for reqid 1::YES moon::cat /var/log/daemon.log::ees: expire received for reqid 1, spi.*, dst 192.168.0.2::YES moon::cat /var/log/daemon.log::creating rekey job for CHILD_SA ESP/0x.*/192.168.0.2::YES +moon::cat /var/log/daemon.log::deleting child SA (esa: 1, spi:.*)::NO +moon::ping -c 1 PH_IP_SUN::64 bytes from PH_IP_SUN: icmp_.eq=1::YES +sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES +sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES +moon::sleep 2::wait until inbound SA is deleted::NO moon::cat /var/log/daemon.log::deleting child SA (esa: 1, spi:.*)::YES +moon::ping -c 1 PH_IP_SUN::64 bytes from PH_IP_SUN: icmp_.eq=1::YES moon::cat /tmp/tkm.log::RSA private key '/etc/tkm/moonKey.der' loaded::YES moon::cat /tmp/tkm.log::Adding policy \[ 1, 192.168.0.1 <-> 192.168.0.2 \]::YES moon::cat /tmp/tkm.log::Checked CA certificate of CC context 1::YES moon::cat /tmp/tkm.log::Authentication of ISA context 1 successful::YES moon::cat /tmp/tkm.log::Creating first new ESA context with ID 1 (Isa 1, Sp 1, Ea 1, Initiator TRUE, spi_loc.*, spi_rem.*)::YES moon::cat /tmp/tkm.log::Creating ESA context with ID 2 (Isa 1, Sp 1, Ea 1, Dh_Id 1, Nc_Loc_Id 1, Initiator TRUE, spi_loc.*, spi_rem.*)::YES -moon::cat /tmp/tkm.log | grep 'Adding ESA \[ 1, 192.168.0.1 <-> 192.168.0.2, SPI_in.*, SPI_out.*, soft 2, hard 60 \]' | wc -l::2::YES +moon::cat /tmp/tkm.log | grep 'Adding ESA \[ 1, 192.168.0.1 <-> 192.168.0.2, SPI_in.*, SPI_out.*, soft 4, hard 60 \]' | wc -l::2::YES moon::cat /tmp/tkm.log::Resetting ESA context 1::YES moon::cat /tmp/tkm.log::Deleting ESA \[ 1, 192.168.0.1 <=> 192.168.0.2, SPI_in.*, SPI_out.* \]::YES moon::cat /tmp/xfrm_proxy.log::Initiating ESA acquire for reqid 1::YES diff --git a/testing/tests/tkm/xfrmproxy-expire/hosts/moon/etc/strongswan.conf b/testing/tests/tkm/xfrmproxy-expire/hosts/moon/etc/strongswan.conf index cc9d6e072..5b79af9f4 100644 --- a/testing/tests/tkm/xfrmproxy-expire/hosts/moon/etc/strongswan.conf +++ b/testing/tests/tkm/xfrmproxy-expire/hosts/moon/etc/strongswan.conf @@ -1,6 +1,8 @@ # /etc/strongswan.conf - strongSwan configuration file charon-tkm { + # remove rekeyed inbound SA a bit quicker for the test scenario + delete_rekeyed_delay = 2 dh_mapping { 15 = 1 16 = 2 diff --git a/testing/tests/tkm/xfrmproxy-expire/hosts/moon/etc/tkm/tkm.conf b/testing/tests/tkm/xfrmproxy-expire/hosts/moon/etc/tkm/tkm.conf index 23e958ab0..62b103a80 100644 --- a/testing/tests/tkm/xfrmproxy-expire/hosts/moon/etc/tkm/tkm.conf +++ b/testing/tests/tkm/xfrmproxy-expire/hosts/moon/etc/tkm/tkm.conf @@ -14,7 +14,7 @@ 192.168.0.2 - 2 + 4 60 diff --git a/testing/tests/tkm/xfrmproxy-rekey/description.txt b/testing/tests/tkm/xfrmproxy-rekey/description.txt new file mode 100644 index 000000000..648011b11 --- /dev/null +++ b/testing/tests/tkm/xfrmproxy-rekey/description.txt @@ -0,0 +1,6 @@ +A transport connection between the hosts moon and sun is set up. +The host moon starts the Trusted Key Manager (TKM) and the Ada XFRM +proxy, which relays XFRM kernel messages to charon. The authentication is based +on X.509 certificates. The connection is initiated by a ping from moon +to sun. The test asserts that a rekeying initiated by sun works +as expected. diff --git a/testing/tests/tkm/xfrmproxy-rekey/evaltest.dat b/testing/tests/tkm/xfrmproxy-rekey/evaltest.dat new file mode 100644 index 000000000..15bdf3b39 --- /dev/null +++ b/testing/tests/tkm/xfrmproxy-rekey/evaltest.dat @@ -0,0 +1,23 @@ +moon::ipsec stroke status 2> /dev/null::conn1.*ESTABLISHED.*moon.strongswan.org.*sun.strongswan.org::YES +sun::ipsec status 2> /dev/null::host-host.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES +moon::ipsec stroke status 2> /dev/null::conn1.*INSTALLED, TRANSPORT::YES +sun::ipsec status 2> /dev/null::host-host.*INSTALLED, TRANSPORT::YES +moon::sleep 2::wait for rekeying::NO +sun::cat /var/log/daemon.log::creating rekey job for CHILD_SA ESP/0x.*/192.168.0.2::YES +moon::ping -c 1 PH_IP_SUN::64 bytes from PH_IP_SUN: icmp_.eq=1::YES +sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES +sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES +moon::cat /var/log/daemon.log::deleting child SA (esa: 1, spi:.*)::NO +moon::sleep 2::wait until inbound SA is deleted::NO +moon::cat /var/log/daemon.log::deleting child SA (esa: 1, spi:.*)::YES +moon::ping -c 1 PH_IP_SUN::64 bytes from PH_IP_SUN: icmp_.eq=1::YES +moon::cat /tmp/tkm.log::RSA private key '/etc/tkm/moonKey.der' loaded::YES +moon::cat /tmp/tkm.log::Adding policy \[ 1, 192.168.0.1 <-> 192.168.0.2 \]::YES +moon::cat /tmp/tkm.log::Checked CA certificate of CC context 1::YES +moon::cat /tmp/tkm.log::Authentication of ISA context 1 successful::YES +moon::cat /tmp/tkm.log::Creating first new ESA context with ID 1 (Isa 1, Sp 1, Ea 1, Initiator TRUE, spi_loc.*, spi_rem.*)::YES +moon::cat /tmp/tkm.log::Creating ESA context with ID 2 (Isa 1, Sp 1, Ea 1, Dh_Id 1, Nc_Loc_Id 1, Initiator FALSE, spi_loc.*, spi_rem.*)::YES +moon::cat /tmp/tkm.log | grep 'Adding ESA \[ 1, 192.168.0.1 <-> 192.168.0.2, SPI_in.*, SPI_out.*, soft 30, hard 60 \]' | wc -l::2::YES +moon::cat /tmp/tkm.log::Resetting ESA context 1::YES +moon::cat /tmp/tkm.log::Deleting ESA \[ 1, 192.168.0.1 <=> 192.168.0.2, SPI_in.*, SPI_out.* \]::YES +moon::cat /tmp/xfrm_proxy.log::Initiating ESA acquire for reqid 1::YES diff --git a/testing/tests/tkm/xfrmproxy-rekey/hosts/moon/etc/strongswan.conf b/testing/tests/tkm/xfrmproxy-rekey/hosts/moon/etc/strongswan.conf new file mode 100644 index 000000000..5b79af9f4 --- /dev/null +++ b/testing/tests/tkm/xfrmproxy-rekey/hosts/moon/etc/strongswan.conf @@ -0,0 +1,10 @@ +# /etc/strongswan.conf - strongSwan configuration file + +charon-tkm { + # remove rekeyed inbound SA a bit quicker for the test scenario + delete_rekeyed_delay = 2 + dh_mapping { + 15 = 1 + 16 = 2 + } +} diff --git a/testing/tests/tkm/xfrmproxy-rekey/hosts/moon/etc/tkm/moonKey.der b/testing/tests/tkm/xfrmproxy-rekey/hosts/moon/etc/tkm/moonKey.der new file mode 100644 index 000000000..d3748930a Binary files /dev/null and b/testing/tests/tkm/xfrmproxy-rekey/hosts/moon/etc/tkm/moonKey.der differ diff --git a/testing/tests/tkm/xfrmproxy-rekey/hosts/moon/etc/tkm/strongswanCert.der b/testing/tests/tkm/xfrmproxy-rekey/hosts/moon/etc/tkm/strongswanCert.der new file mode 100644 index 000000000..a5a631f4b Binary files /dev/null and b/testing/tests/tkm/xfrmproxy-rekey/hosts/moon/etc/tkm/strongswanCert.der differ diff --git a/testing/tests/tkm/xfrmproxy-rekey/hosts/moon/etc/tkm/tkm.conf b/testing/tests/tkm/xfrmproxy-rekey/hosts/moon/etc/tkm/tkm.conf new file mode 100644 index 000000000..2619c0089 --- /dev/null +++ b/testing/tests/tkm/xfrmproxy-rekey/hosts/moon/etc/tkm/tkm.conf @@ -0,0 +1,21 @@ + + + moon.strongswan.org + moonCert.pem + + + transport + + 1 + 192.168.0.1 + + + sun.strongswan.org + 192.168.0.2 + + + 30 + 60 + + + diff --git a/testing/tests/tkm/xfrmproxy-rekey/hosts/sun/etc/ipsec.conf b/testing/tests/tkm/xfrmproxy-rekey/hosts/sun/etc/ipsec.conf new file mode 100644 index 000000000..9dc641240 --- /dev/null +++ b/testing/tests/tkm/xfrmproxy-rekey/hosts/sun/etc/ipsec.conf @@ -0,0 +1,22 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + +conn %default + ikelifetime=60m + keylife=10s + rekeymargin=6s + rekeyfuzz=0% + keyingtries=1 + keyexchange=ikev2 + +conn host-host + left=PH_IP_SUN + leftcert=sunCert.pem + leftid=sun.strongswan.org + right=PH_IP_MOON + rightid=moon.strongswan.org + ike=aes256-sha512-modp4096! + esp=aes256-sha512-modp4096! + type=transport + auto=add diff --git a/testing/tests/tkm/xfrmproxy-rekey/hosts/sun/etc/strongswan.conf b/testing/tests/tkm/xfrmproxy-rekey/hosts/sun/etc/strongswan.conf new file mode 100644 index 000000000..f585edfca --- /dev/null +++ b/testing/tests/tkm/xfrmproxy-rekey/hosts/sun/etc/strongswan.conf @@ -0,0 +1,5 @@ +# /etc/strongswan.conf - strongSwan configuration file + +charon { + load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown +} diff --git a/testing/tests/tkm/xfrmproxy-rekey/posttest.dat b/testing/tests/tkm/xfrmproxy-rekey/posttest.dat new file mode 100644 index 000000000..99efe7b00 --- /dev/null +++ b/testing/tests/tkm/xfrmproxy-rekey/posttest.dat @@ -0,0 +1,5 @@ +moon::DAEMON_NAME=charon-tkm ipsec stop +moon::killall xfrm_proxy +moon::killall tkm_keymanager +moon::rm -f /tmp/tkm.rpc.ike /tmp/tkm.rpc.ees /tmp/tkm.log /tmp/xfrm_proxy.log +sun::ipsec stop diff --git a/testing/tests/tkm/xfrmproxy-rekey/pretest.dat b/testing/tests/tkm/xfrmproxy-rekey/pretest.dat new file mode 100644 index 000000000..d645ddbfe --- /dev/null +++ b/testing/tests/tkm/xfrmproxy-rekey/pretest.dat @@ -0,0 +1,12 @@ +sun::ipsec start +moon::rm /etc/ipsec.secrets +moon::tkm_cfgtool -c /etc/tkm/tkm.conf -i /etc/ipsec.conf -t /etc/tkm/tkm.bin -s /usr/local/share/tkm/tkmconfig.xsd +moon::cat /etc/ipsec.conf +moon::tkm_keymanager -c /etc/tkm/tkm.bin -k /etc/tkm/moonKey.der -r /etc/tkm/strongswanCert.der >/tmp/tkm.log 2>&1 & +moon::expect-file /tmp/tkm.rpc.ike +moon::DAEMON_NAME=charon-tkm ipsec start +moon::expect-file /tmp/tkm.rpc.ees +moon::xfrm_proxy >/tmp/xfrm_proxy.log 2>&1 & +moon::DAEMON_NAME=charon-tkm expect-connection conn1 +sun::expect-connection host-host +moon::ping -c 3 192.168.0.2 diff --git a/testing/tests/tkm/xfrmproxy-rekey/test.conf b/testing/tests/tkm/xfrmproxy-rekey/test.conf new file mode 100644 index 000000000..9647dc6a2 --- /dev/null +++ b/testing/tests/tkm/xfrmproxy-rekey/test.conf @@ -0,0 +1,21 @@ +#!/bin/bash +# +# This configuration file provides information on the +# guest instances used for this test + +# All guest instances that are required for this test +# +VIRTHOSTS="moon winnetou sun" + +# Corresponding block diagram +# +DIAGRAM="m-w-s.png" + +# Guest instances on which tcpdump is to be started +# +TCPDUMPHOSTS="sun" + +# Guest instances on which IPsec is started +# Used for IPsec logging purposes +# +IPSECHOSTS="moon sun" diff --git a/testing/tests/tnc/tnccs-20-ev-pt-tls/description.txt b/testing/tests/tnc/tnccs-20-ev-pt-tls/description.txt new file mode 100644 index 000000000..a4d9b4cf4 --- /dev/null +++ b/testing/tests/tnc/tnccs-20-ev-pt-tls/description.txt @@ -0,0 +1,9 @@ +The PT-TLS (RFC 6876) clients carol and dave set up a connection each to the policy decision +point (PDP) alice. Endpoint carol uses password-based SASL PLAIN client authentication during the +PT-TLS negotiation phase whereas endpoint dave uses certificate-based TLS client authentication +during the TLS setup phase. +

+During the ensuing PT-TLS data transport phase the OS and SWIMA IMC/IMV pairs +loaded by the PT-TLS clients and PDP, respectively, exchange PA-TNC (RFC 5792) messages +embedded in PB-TNC (RFC 5793) batches. The SWIMA IMC on carol is requested to deliver +all Software ID Events whereas dave must send a full Software Inventory. diff --git a/testing/tests/tnc/tnccs-20-ev-pt-tls/evaltest.dat b/testing/tests/tnc/tnccs-20-ev-pt-tls/evaltest.dat new file mode 100644 index 000000000..2248d002c --- /dev/null +++ b/testing/tests/tnc/tnccs-20-ev-pt-tls/evaltest.dat @@ -0,0 +1,24 @@ +dave:: cat /var/log/auth.log::sending TLS CertificateVerify handshake::YES +dave:: cat /var/log/auth.log::collected ... SW records::YES +dave:: cat /var/log/auth.log::strongswan.org__strongSwan.*swidtag::YES +carol::cat /var/log/auth.log::received SASL Success result::YES +carol::cat /var/log/auth.log::collected ... SW ID events::YES +carol::cat /var/log/auth.log::collected 3 SW records::YES +alice::cat /var/log/daemon.log::accepting PT-TLS stream from PH_IP_DAVE::YES +alice::cat /var/log/daemon.log::checking certificate status of.*C=CH, O=Linux strongSwan, OU=Accounting, CN=dave@strongswan.org::YES +alice::cat /var/log/daemon.log::certificate status is good::YES +alice::cat /var/log/daemon.log::skipping SASL, client already authenticated by TLS certificate::YES +alice::cat /var/log/daemon.log::user AR identity.*C=CH, O=Linux strongSwan, OU=Accounting, CN=dave@strongswan.org.*authenticated by certificate::YES +alice::cat /var/log/daemon.log::received software inventory with ... items for request 3 at last eid 1 of epoch::YES +alice::cat /var/log/daemon.log::role=.softwareCreator licensor tagCreator::YES +alice::cat /var/log/daemon.log::successful system command: ssh root@moon.*logger -t charon -p auth.alert.*host with IP address 192.168.0.200 is blocked::YES +moon:: cat /var/log/auth.log::host with IP address 192.168.0.200 is blocked::YES +alice::cat /var/log/daemon.log::accepting PT-TLS stream from PH_IP_CAROL::YES +alice::cat /var/log/daemon.log::SASL PLAIN authentication successful::YES +alice::cat /var/log/daemon.log::SASL client identity is.*carol::YES +alice::cat /var/log/daemon.log::user AR identity.*carol.*authenticated by password::YES +alice::cat /var/log/daemon.log::received software ID events with ... items for request 9 at last eid 2 of epoch::YES +alice::cat /var/log/daemon.log::3 SWID tag target::YES +alice::cat /var/log/daemon.log::received software inventory with 3 items for request 9 at last eid 2 of epoch::YES +alice::cat /var/log/daemon.log::successful system command: ssh root@moon.*logger -t charon -p auth.alert.*host with IP address 192.168.0.100 is allowed::YES +moon::cat /var/log/auth.log::host with IP address 192.168.0.100 is allowed::YES diff --git a/testing/tests/tnc/tnccs-20-ev-pt-tls/hosts/alice/etc/apache2/sites-available/000-default.conf b/testing/tests/tnc/tnccs-20-ev-pt-tls/hosts/alice/etc/apache2/sites-available/000-default.conf new file mode 100644 index 000000000..4075f75bd --- /dev/null +++ b/testing/tests/tnc/tnccs-20-ev-pt-tls/hosts/alice/etc/apache2/sites-available/000-default.conf @@ -0,0 +1,31 @@ +WSGIPythonPath /var/www/tnc + + + ServerName tnc.strongswan.org + ServerAlias tnc + ServerAdmin webmaster@localhost + + DocumentRoot /var/www/tnc + + + + + Require all granted + + + Order deny,allow + Allow from all + + + + + WSGIScriptAlias / /var/www/tnc/config/wsgi.py + WSGIApplicationGroup %{GLOBAL} + WSGIPassAuthorization On + + Alias /static/ /var/www/tnc/static/ + + ErrorLog ${APACHE_LOG_DIR}/tnc/error.log + LogLevel warn + CustomLog ${APACHE_LOG_DIR}/tnc/access.log combined + diff --git a/testing/tests/tnc/tnccs-20-ev-pt-tls/hosts/alice/etc/apache2/sites-available/default b/testing/tests/tnc/tnccs-20-ev-pt-tls/hosts/alice/etc/apache2/sites-available/default new file mode 100644 index 000000000..1dc8b5688 --- /dev/null +++ b/testing/tests/tnc/tnccs-20-ev-pt-tls/hosts/alice/etc/apache2/sites-available/default @@ -0,0 +1 @@ +Include sites-available/000-default.conf \ No newline at end of file diff --git a/testing/tests/tnc/tnccs-20-ev-pt-tls/hosts/alice/etc/iptables.rules b/testing/tests/tnc/tnccs-20-ev-pt-tls/hosts/alice/etc/iptables.rules new file mode 100644 index 000000000..c556d9483 --- /dev/null +++ b/testing/tests/tnc/tnccs-20-ev-pt-tls/hosts/alice/etc/iptables.rules @@ -0,0 +1,28 @@ +*filter + +# default policy is DROP +-P INPUT DROP +-P OUTPUT DROP +-P FORWARD DROP + +# open loopback interface +-A INPUT -i lo -j ACCEPT +-A OUTPUT -o lo -j ACCEPT + +# allow PT-TLS +-A INPUT -i eth0 -p tcp --dport 271 -j ACCEPT +-A OUTPUT -o eth0 -p tcp --sport 271 -j ACCEPT + +# allow inbound ssh +-A INPUT -p tcp --dport 22 -j ACCEPT +-A OUTPUT -p tcp --sport 22 -j ACCEPT + +# allow outbound ssh +-A OUTPUT -p tcp --dport 22 -j ACCEPT +-A INPUT -p tcp --sport 22 -j ACCEPT + +# allow crl fetch from winnetou +-A INPUT -i eth0 -p tcp --sport 80 -s 192.168.0.150 -j ACCEPT +-A OUTPUT -o eth0 -p tcp --dport 80 -d 192.168.0.150 -j ACCEPT + +COMMIT diff --git a/testing/tests/tnc/tnccs-20-ev-pt-tls/hosts/alice/etc/pts/data1.sql b/testing/tests/tnc/tnccs-20-ev-pt-tls/hosts/alice/etc/pts/data1.sql new file mode 100644 index 000000000..16ab96d58 --- /dev/null +++ b/testing/tests/tnc/tnccs-20-ev-pt-tls/hosts/alice/etc/pts/data1.sql @@ -0,0 +1,61 @@ +/* Devices */ + +INSERT INTO devices ( /* 1 */ + value, product, created +) +SELECT 'aabbccddeeff11223344556677889900', id, 1372330615 +FROM products WHERE name = 'Debian DEBIAN_VERSION x86_64'; + +/* Groups Members */ + +INSERT INTO groups_members ( + group_id, device_id +) VALUES ( + 10, 1 +); + +/* Identities */ + +INSERT INTO identities ( + type, value +) VALUES ( /* dave@strongswan.org */ + 4, X'64617665407374726f6e677377616e2e6f7267' +); + +/* Sessions */ + +INSERT INTO sessions ( + time, connection, identity, device, product, rec +) +SELECT NOW, 1, 1, 1, id, 0 +FROM products WHERE name = 'Debian DEBIAN_VERSION x86_64'; + +/* Results */ + +INSERT INTO results ( + session, policy, rec, result +) VALUES ( + 1, 1, 0, 'processed 355 packages: 0 not updated, 0 blacklisted, 4 ok, 351 not found' +); + +/* Enforcements */ + +INSERT INTO enforcements ( + policy, group_id, max_age, rec_fail, rec_noresult +) VALUES ( + 3, 10, 0, 2, 2 +); + +INSERT INTO enforcements ( + policy, group_id, max_age +) VALUES ( + 17, 2, 86400 +); + +INSERT INTO enforcements ( + policy, group_id, max_age +) VALUES ( + 18, 10, 86400 +); + +DELETE FROM enforcements WHERE id = 1; diff --git a/testing/tests/tnc/tnccs-20-ev-pt-tls/hosts/alice/etc/strongTNC/settings.ini b/testing/tests/tnc/tnccs-20-ev-pt-tls/hosts/alice/etc/strongTNC/settings.ini new file mode 100644 index 000000000..5ae53c47a --- /dev/null +++ b/testing/tests/tnc/tnccs-20-ev-pt-tls/hosts/alice/etc/strongTNC/settings.ini @@ -0,0 +1,19 @@ +[debug] +DEBUG=0 +TEMPLATE_DEBUG=0 +DEBUG_TOOLBAR=0 + +[db] +DJANGO_DB_URL=sqlite:////var/www/tnc/django.db +STRONGTNC_DB_URL = sqlite:////etc/db.d/config.db + +[localization] +LANGUAGE_CODE=en-us +TIME_ZONE=Europe/Zurich + +[admins] +Your Name: alice@strongswan.org + +[security] +SECRET_KEY=strongSwan +ALLOWED_HOSTS=127.0.0.1,10.1.0.10,tnc.strongswan.org,tnc diff --git a/testing/tests/tnc/tnccs-20-ev-pt-tls/hosts/alice/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-ev-pt-tls/hosts/alice/etc/strongswan.conf new file mode 100644 index 000000000..1148b945a --- /dev/null +++ b/testing/tests/tnc/tnccs-20-ev-pt-tls/hosts/alice/etc/strongswan.conf @@ -0,0 +1,49 @@ +# /etc/strongswan.conf - strongSwan configuration file + +charon { + load = random nonce pem pkcs1 x509 openssl revocation constraints curl vici socket-default kernel-netlink tnc-pdp tnc-imv tnc-tnccs tnccs-20 sqlite + + syslog { + auth { + default = 0 + } + daemon { + tls = 2 + tnc = 2 + imv = 3 + } + } + plugins { + tnc-pdp { + server = aaa.strongswan.org + radius { + secret = gv6URkSs + } + } + tnc-imv { + dlclose = no + } + } +} + +libtls { + suites = TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 +} + +libimcv { + database = sqlite:///etc/db.d/config.db + policy_script = /usr/local/libexec/ipsec/imv_policy_manager + + plugins { + imv-swima { + rest_api { + uri = http://admin-user:strongSwan@tnc.strongswan.org/api/ + } + } + } +} + +imv_policy_manager { + command_allow = ssh root@moon 'logger -t charon -p auth.alert "\"host with IP address %s is allowed\""' + command_block = ssh root@moon 'logger -t charon -p auth.alert "\"host with IP address %s is blocked\""' +} diff --git a/testing/tests/tnc/tnccs-20-ev-pt-tls/hosts/alice/etc/swanctl/rsa/aaaKey.pem b/testing/tests/tnc/tnccs-20-ev-pt-tls/hosts/alice/etc/swanctl/rsa/aaaKey.pem new file mode 100644 index 000000000..adc47dd33 --- /dev/null +++ b/testing/tests/tnc/tnccs-20-ev-pt-tls/hosts/alice/etc/swanctl/rsa/aaaKey.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpQIBAAKCAQEAtxfP0jM8wZqtJvNmYar+WmB5GkzZbm431C5YWpSc/4vjCMXl +h/7VuGPkOeuEqU4KOKL3l0OQt1Exh77ii9ekg0X//4n132fI/hg0sKVRPCK8HC8l +0LdwnLLNI7uO5ObYY1KtAVnDeI/cfFbLV0z38/X7GWCpKi7ocmVMNalpD5w7c/9a +VgpO70O9NPr+OPhs1Lp9uJQQbQzQlhydhK3SLA1bJEcyXYMqOamJud+EcM1Hjq3S +W5JpKhuroDSxGzMntRF0TgrGXf8ctNfz/52repoUh2GrFfOhkpXrKUErf46NNtnD +e4FXvyprZNQO4wJBWKCSS3p16UWEL+1LFwiDPQIDAQABAoIBAQCNeNG0+rA0bF7k +nOf8CZL1pFuOzdin8nQi+Bh/DRvufVlU+wyrM2ZSTqUXd/sOkuVk889ZyvQ0IYGj +AQStx1cvs9Pl0OTx1ZDBfVShNWv6imBNasTObB+QhLvro037Yr/KpyRUydY2/vn/ +/VSrRSbGE8gMyNqNZKdpVQo44Ij0bJXxx7kVJ7CfftB65bujkRSK5u7eGjFVyHGs +P9v4n72Pt0mVdC8yeiMjJAmmKLWaDf7U2SUoaxf0IRjRNPdVBuPjbYjfnJ0sGlxF +sCQtu+3JQ4b7vyxrAyUtImbTLwvFqQHTGIahZUvhGd/1aO0Zmls1mvuZ+VhUIsek +uBJh54jFAoGBAN7M08mBkA8oUns0IzzG+A0JYDmdbvOWbKtyQDRl7LkXOq/PckIj +PoliI/5aNZe9+Q8kq8xnvLVcsup7EX6Ovaqc6S3ODNEjy4XEqGMM9tkrz4R4N5f5 +hLayOg3MfdJiPOn3HF+cVvHp0Vwpt8K5TgVmOWkVSKTa+6eX4mhQUuKjAoGBANJg +Rmka90zo+7PPze4oo5ePeqwZrwQ3/6OeD/G1lqMFPOgk3MLGuv9HvtQA5gyyAH7+ +Qy/t+rdPSC7PZi29s8/cERmWTdbZ1ocuKa6xxSvktl7Ibv51d0sW1n+kfVin7cLL +SskoK8BRXjXsZg7jjZjE5f6iqdHq+JPA2JWM10CfAoGAOXTvJScxhIcshjNS5wiU +zZ/eXd1Y0J65VZl4L0sdujngW5iO6bl3FizmBWE0Mva99QbK+0LBarAGP+wO/elH +xmkCxVo++exWPyARIMImIqlmsc3i4GFrtUXPLOHQjOHivZ+JhKqnzWk0IaVsi14I +XeIX6h6gBkum3HiR3b7hMSsCgYEAtq7ftbmy8liG6hgTzTIBDUWM0xHihxlRpnVF +hzGWw61yvGv2QDVugOt+bH7zRib0g1KsaVyQkMoJ9ownQKUxFdkWCFAa++1iezS9 +AXRhscIEE76dk93RX6VPUrw2FNyOfM8n/BIkG/cMhmroHRnBBd5Fkp8SNLWEclnO +Od95tCUCgYEAgvohkyZAAKMRUFYEvHgwyxeXHifHVPIoK9UN022DJmIEJE2ISGtH +yHnBKgF52tlYhC9ijKwMG43C9IvycydRUtViOxDV8AiE4BV1tXuQHLl0jD2R7yq5 +9pNtnYgXW+ZKlx9705ltHj8hhKl6r2I8oXdR9KFGO83wq8fr6tyjqHc= +-----END RSA PRIVATE KEY----- diff --git a/testing/tests/tnc/tnccs-20-ev-pt-tls/hosts/alice/etc/swanctl/swanctl.conf b/testing/tests/tnc/tnccs-20-ev-pt-tls/hosts/alice/etc/swanctl/swanctl.conf new file mode 100644 index 000000000..635620b7d --- /dev/null +++ b/testing/tests/tnc/tnccs-20-ev-pt-tls/hosts/alice/etc/swanctl/swanctl.conf @@ -0,0 +1,7 @@ +secrets { + + eap-carol { + id = carol + secret = "Ar3etTnp" + } +} diff --git a/testing/tests/tnc/tnccs-20-ev-pt-tls/hosts/alice/etc/swanctl/x509/aaaCert.pem b/testing/tests/tnc/tnccs-20-ev-pt-tls/hosts/alice/etc/swanctl/x509/aaaCert.pem new file mode 100644 index 000000000..42083c2a9 --- /dev/null +++ b/testing/tests/tnc/tnccs-20-ev-pt-tls/hosts/alice/etc/swanctl/x509/aaaCert.pem @@ -0,0 +1,25 @@ +-----BEGIN CERTIFICATE----- +MIIEIDCCAwigAwIBAgIBMzANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ +MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS +b290IENBMB4XDTE1MDgwNDE0NTUzMVoXDTE5MDkwNjE0NTUzMVowRTELMAkGA1UE +BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMTEmFhYS5z +dHJvbmdzd2FuLm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALcX +z9IzPMGarSbzZmGq/lpgeRpM2W5uN9QuWFqUnP+L4wjF5Yf+1bhj5DnrhKlOCjii +95dDkLdRMYe+4ovXpINF//+J9d9nyP4YNLClUTwivBwvJdC3cJyyzSO7juTm2GNS +rQFZw3iP3HxWy1dM9/P1+xlgqSou6HJlTDWpaQ+cO3P/WlYKTu9DvTT6/jj4bNS6 +fbiUEG0M0JYcnYSt0iwNWyRHMl2DKjmpibnfhHDNR46t0luSaSobq6A0sRszJ7UR +dE4Kxl3/HLTX8/+dq3qaFIdhqxXzoZKV6ylBK3+OjTbZw3uBV78qa2TUDuMCQVig +kkt6delFhC/tSxcIgz0CAwEAAaOCARkwggEVMAkGA1UdEwQCMAAwCwYDVR0PBAQD +AgOoMB0GA1UdDgQWBBRFNnP26ELy5j7KMOO+a8dh5pLe6DBtBgNVHSMEZjBkgBRd +p91wBlEyfue2bbO15eBg6i5N76FJpEcwRTELMAkGA1UEBhMCQ0gxGTAXBgNVBAoT +EExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQYIB +ADAdBgNVHREEFjAUghJhYWEuc3Ryb25nc3dhbi5vcmcwEwYDVR0lBAwwCgYIKwYB +BQUHAwEwOQYDVR0fBDIwMDAuoCygKoYoaHR0cDovL2NybC5zdHJvbmdzd2FuLm9y +Zy9zdHJvbmdzd2FuLmNybDANBgkqhkiG9w0BAQsFAAOCAQEAsncNPDCCDd4mzIHs +nHY7b6H1tVQtFSbAQntV06D4D7vOp6Y+M5S8ta50hJu4f4GEeH5c7/hm8gbRdHt/ +TcjlV/UWBfhU3c/hNJo2LpmmtdmYUABLA3rdZ+FzOnAHX9H8eI988G7eHpI9T7L2 +FY2YEnWhIUVjFrojtH2+NbuA/Ori1QwSBiVhvJQgvUPjhKkjUtC+8zIdaCmJFErQ +GGObpAMtnTcQ74md9BQ791RPMp77tDe1fgm7m8QWIsoIyYEhvzyfk2VTBn1VlWyH +sbT0Vb3X9ubt0KXn2Xr491WTCpc5rzDWj9CNUYUgW7RaPxgw5cj2HK6oiLnGpO73 +xyr/Qw== +-----END CERTIFICATE----- diff --git a/testing/tests/tnc/tnccs-20-ev-pt-tls/hosts/alice/etc/tnc_config b/testing/tests/tnc/tnccs-20-ev-pt-tls/hosts/alice/etc/tnc_config new file mode 100644 index 000000000..1499dfc90 --- /dev/null +++ b/testing/tests/tnc/tnccs-20-ev-pt-tls/hosts/alice/etc/tnc_config @@ -0,0 +1,4 @@ +#IMV configuration file for strongSwan client + +IMV "OS" /usr/local/lib/ipsec/imcvs/imv-os.so +IMV "SWIMA" /usr/local/lib/ipsec/imcvs/imv-swima.so diff --git a/testing/tests/tnc/tnccs-20-ev-pt-tls/hosts/carol/etc/ipsec.sql b/testing/tests/tnc/tnccs-20-ev-pt-tls/hosts/carol/etc/ipsec.sql new file mode 100644 index 000000000..805c8bfd9 --- /dev/null +++ b/testing/tests/tnc/tnccs-20-ev-pt-tls/hosts/carol/etc/ipsec.sql @@ -0,0 +1,4 @@ +/* strongSwan SQLite database */ + +/* configuration is read from the command line */ +/* credentials are read from the command line */ diff --git a/testing/tests/tnc/tnccs-20-ev-pt-tls/hosts/carol/etc/iptables.rules b/testing/tests/tnc/tnccs-20-ev-pt-tls/hosts/carol/etc/iptables.rules new file mode 100644 index 000000000..d01d0a3c9 --- /dev/null +++ b/testing/tests/tnc/tnccs-20-ev-pt-tls/hosts/carol/etc/iptables.rules @@ -0,0 +1,20 @@ +*filter + +# default policy is DROP +-P INPUT DROP +-P OUTPUT DROP +-P FORWARD DROP + +# allow PT-TLS +-A INPUT -i eth0 -s 10.1.0.10 -p tcp --sport 271 -j ACCEPT +-A OUTPUT -o eth0 -d 10.1.0.10 -p tcp --dport 271 -j ACCEPT + +# allow ssh +-A INPUT -p tcp --dport 22 -j ACCEPT +-A OUTPUT -p tcp --sport 22 -j ACCEPT + +# allow crl fetch from winnetou +-A INPUT -i eth0 -p tcp --sport 80 -s 192.168.0.150 -j ACCEPT +-A OUTPUT -o eth0 -p tcp --dport 80 -d 192.168.0.150 -j ACCEPT + +COMMIT diff --git a/testing/tests/tnc/tnccs-20-ev-pt-tls/hosts/carol/etc/pts/options b/testing/tests/tnc/tnccs-20-ev-pt-tls/hosts/carol/etc/pts/options new file mode 100644 index 000000000..52a3673b3 --- /dev/null +++ b/testing/tests/tnc/tnccs-20-ev-pt-tls/hosts/carol/etc/pts/options @@ -0,0 +1,6 @@ +--connect aaa.strongswan.org +--client carol +--secret "Ar3etTnp" +--cert /etc/swanctl/x509ca/strongswanCert.pem +--quiet +--debug 2 diff --git a/testing/tests/tnc/tnccs-20-ev-pt-tls/hosts/carol/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-ev-pt-tls/hosts/carol/etc/strongswan.conf new file mode 100644 index 000000000..87c3745a3 --- /dev/null +++ b/testing/tests/tnc/tnccs-20-ev-pt-tls/hosts/carol/etc/strongswan.conf @@ -0,0 +1,25 @@ +# /etc/strongswan.conf - strongSwan configuration file + +libtls { + suites = TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 +} + +libimcv { + plugins { + imc-swima { + swid_database = sqlite:///etc/db.d/collector.db + } + } +} + +pt-tls-client { + load = revocation constraints pem openssl curl sqlite nonce tnc-tnccs tnc-imc tnccs-20 +} + +sw-collector { + database = sqlite:///etc/db.d/collector.db + history = /var/log/apt/history.log + rest_api { + uri = http://admin-user:strongSwan@tnc.strongswan.org/api/ + } +} diff --git a/testing/tests/tnc/tnccs-20-ev-pt-tls/hosts/carol/etc/swanctl/swanctl.conf b/testing/tests/tnc/tnccs-20-ev-pt-tls/hosts/carol/etc/swanctl/swanctl.conf new file mode 100644 index 000000000..28da4d427 --- /dev/null +++ b/testing/tests/tnc/tnccs-20-ev-pt-tls/hosts/carol/etc/swanctl/swanctl.conf @@ -0,0 +1 @@ +# the PT-TLS client reads its configuration and secrets via the command line diff --git a/testing/tests/tnc/tnccs-20-ev-pt-tls/hosts/carol/etc/tnc_config b/testing/tests/tnc/tnccs-20-ev-pt-tls/hosts/carol/etc/tnc_config new file mode 100644 index 000000000..3975056ca --- /dev/null +++ b/testing/tests/tnc/tnccs-20-ev-pt-tls/hosts/carol/etc/tnc_config @@ -0,0 +1,4 @@ +#IMC configuration file for strongSwan client + +IMC "OS" /usr/local/lib/ipsec/imcvs/imc-os.so +IMC "SWIMA" /usr/local/lib/ipsec/imcvs/imc-swima.so diff --git a/testing/tests/tnc/tnccs-20-ev-pt-tls/hosts/dave/etc/ipsec.sql b/testing/tests/tnc/tnccs-20-ev-pt-tls/hosts/dave/etc/ipsec.sql new file mode 100644 index 000000000..805c8bfd9 --- /dev/null +++ b/testing/tests/tnc/tnccs-20-ev-pt-tls/hosts/dave/etc/ipsec.sql @@ -0,0 +1,4 @@ +/* strongSwan SQLite database */ + +/* configuration is read from the command line */ +/* credentials are read from the command line */ diff --git a/testing/tests/tnc/tnccs-20-ev-pt-tls/hosts/dave/etc/iptables.rules b/testing/tests/tnc/tnccs-20-ev-pt-tls/hosts/dave/etc/iptables.rules new file mode 100644 index 000000000..d01d0a3c9 --- /dev/null +++ b/testing/tests/tnc/tnccs-20-ev-pt-tls/hosts/dave/etc/iptables.rules @@ -0,0 +1,20 @@ +*filter + +# default policy is DROP +-P INPUT DROP +-P OUTPUT DROP +-P FORWARD DROP + +# allow PT-TLS +-A INPUT -i eth0 -s 10.1.0.10 -p tcp --sport 271 -j ACCEPT +-A OUTPUT -o eth0 -d 10.1.0.10 -p tcp --dport 271 -j ACCEPT + +# allow ssh +-A INPUT -p tcp --dport 22 -j ACCEPT +-A OUTPUT -p tcp --sport 22 -j ACCEPT + +# allow crl fetch from winnetou +-A INPUT -i eth0 -p tcp --sport 80 -s 192.168.0.150 -j ACCEPT +-A OUTPUT -o eth0 -p tcp --dport 80 -d 192.168.0.150 -j ACCEPT + +COMMIT diff --git a/testing/tests/tnc/tnccs-20-ev-pt-tls/hosts/dave/etc/pts/options b/testing/tests/tnc/tnccs-20-ev-pt-tls/hosts/dave/etc/pts/options new file mode 100644 index 000000000..08953142f --- /dev/null +++ b/testing/tests/tnc/tnccs-20-ev-pt-tls/hosts/dave/etc/pts/options @@ -0,0 +1,7 @@ +--connect aaa.strongswan.org +--client dave@strongswan.org +--key /etc/swanctl/rsa/daveKey.pem +--cert /etc/swanctl/x509/daveCert.pem +--cert /etc/swanctl/x509ca/strongswanCert.pem +--quiet +--debug 2 diff --git a/testing/tests/tnc/tnccs-20-ev-pt-tls/hosts/dave/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-ev-pt-tls/hosts/dave/etc/strongswan.conf new file mode 100644 index 000000000..93cbb7101 --- /dev/null +++ b/testing/tests/tnc/tnccs-20-ev-pt-tls/hosts/dave/etc/strongswan.conf @@ -0,0 +1,20 @@ +# /etc/strongswan.conf - strongSwan configuration file + +libimcv { + plugins { + imc-os { + push_info = no + } + imc-swima { + swid_pretty = yes + } + } +} + +libtls { + suites = TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 +} + +pt-tls-client { + load = revocation constraints pem openssl curl nonce tnc-tnccs tnc-imc tnccs-20 +} diff --git a/testing/tests/tnc/tnccs-20-ev-pt-tls/hosts/dave/etc/swanctl/swanctl.conf b/testing/tests/tnc/tnccs-20-ev-pt-tls/hosts/dave/etc/swanctl/swanctl.conf new file mode 100644 index 000000000..28da4d427 --- /dev/null +++ b/testing/tests/tnc/tnccs-20-ev-pt-tls/hosts/dave/etc/swanctl/swanctl.conf @@ -0,0 +1 @@ +# the PT-TLS client reads its configuration and secrets via the command line diff --git a/testing/tests/tnc/tnccs-20-ev-pt-tls/hosts/dave/etc/tnc_config b/testing/tests/tnc/tnccs-20-ev-pt-tls/hosts/dave/etc/tnc_config new file mode 100644 index 000000000..3975056ca --- /dev/null +++ b/testing/tests/tnc/tnccs-20-ev-pt-tls/hosts/dave/etc/tnc_config @@ -0,0 +1,4 @@ +#IMC configuration file for strongSwan client + +IMC "OS" /usr/local/lib/ipsec/imcvs/imc-os.so +IMC "SWIMA" /usr/local/lib/ipsec/imcvs/imc-swima.so diff --git a/testing/tests/tnc/tnccs-20-ev-pt-tls/hosts/moon/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-ev-pt-tls/hosts/moon/etc/strongswan.conf new file mode 100644 index 000000000..d99a4b78a --- /dev/null +++ b/testing/tests/tnc/tnccs-20-ev-pt-tls/hosts/moon/etc/strongswan.conf @@ -0,0 +1,3 @@ +# /etc/strongswan.conf - strongSwan configuration file + +# this file is not used in this scenario diff --git a/testing/tests/tnc/tnccs-20-ev-pt-tls/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/tnc/tnccs-20-ev-pt-tls/hosts/moon/etc/swanctl/swanctl.conf new file mode 100644 index 000000000..27f96a620 --- /dev/null +++ b/testing/tests/tnc/tnccs-20-ev-pt-tls/hosts/moon/etc/swanctl/swanctl.conf @@ -0,0 +1 @@ +# this file is not used in this scenario diff --git a/testing/tests/tnc/tnccs-20-ev-pt-tls/posttest.dat b/testing/tests/tnc/tnccs-20-ev-pt-tls/posttest.dat new file mode 100644 index 000000000..09c8a6cbc --- /dev/null +++ b/testing/tests/tnc/tnccs-20-ev-pt-tls/posttest.dat @@ -0,0 +1,10 @@ +carol::ip route del 10.1.0.0/16 via 192.168.0.1 +dave::ip route del 10.1.0.0/16 via 192.168.0.1 +winnetou::ip route del 10.1.0.0/16 via 192.168.0.1 +alice::service charon stop +alice::service apache2 stop +alice::rm /etc/swanctl/rsa/aaaKey.pem +alice::rm /etc/swanctl/x509/aaaCert.pem +alice::iptables-restore < /etc/iptables.flush +carol::iptables-restore < /etc/iptables.flush +dave::iptables-restore < /etc/iptables.flush diff --git a/testing/tests/tnc/tnccs-20-ev-pt-tls/pretest.dat b/testing/tests/tnc/tnccs-20-ev-pt-tls/pretest.dat new file mode 100644 index 000000000..c0d732368 --- /dev/null +++ b/testing/tests/tnc/tnccs-20-ev-pt-tls/pretest.dat @@ -0,0 +1,26 @@ +alice::iptables-restore < /etc/iptables.rules +carol::iptables-restore < /etc/iptables.rules +dave::iptables-restore < /etc/iptables.rules +alice::cat /etc/tnc_config +carol::cat /etc/tnc_config +carol::echo 0 > /proc/sys/net/ipv4/ip_forward +dave::echo aabbccddeeff11223344556677889900 > /var/lib/dbus/machine-id +dave::cat /etc/tnc_config +alice::sed -i "s/NOW/`date +%s`/g" /etc/pts/data1.sql +alice::sed -i "s:DEBIAN_VERSION:\`cat /etc/debian_version\`:" /etc/pts/data1.sql +alice::cd /usr/local/share/strongswan/templates/database/imv; cat tables.sql data.sql /etc/pts/data1.sql | sqlite3 /etc/db.d/config.db +alice::chgrp -R www-data /etc/db.d/config.db; chmod -R g+w /etc/db.d/config.db +alice::/usr/local/bin/init_tnc +alice::rm /etc/swanctl/x509/aliceCert.pem +alice::rm /etc/swanctl/rsa/aliceKey.pem +alice::service charon start +alice::service apache2 start +alice::swanctl --load-creds +winnetou::ip route add 10.1.0.0/16 via 192.168.0.1 +dave::ip route add 10.1.0.0/16 via 192.168.0.1 +dave::cat /etc/pts/options +dave::/usr/local/bin/pt-tls-client --optionsfrom /etc/pts/options +carol::/usr/local/bin/init_collector +carol::ip route add 10.1.0.0/16 via 192.168.0.1 +carol::cat /etc/pts/options +carol::/usr/local/bin/pt-tls-client --optionsfrom /etc/pts/options diff --git a/testing/tests/tnc/tnccs-20-ev-pt-tls/test.conf b/testing/tests/tnc/tnccs-20-ev-pt-tls/test.conf new file mode 100644 index 000000000..f434789b9 --- /dev/null +++ b/testing/tests/tnc/tnccs-20-ev-pt-tls/test.conf @@ -0,0 +1,29 @@ +#!/bin/bash +# +# This configuration file provides information on the +# guest instances used for this test + +# All guest instances that are required for this test +# +VIRTHOSTS="alice moon carol winnetou dave" + +# Corresponding block diagram +# +DIAGRAM="a-m-c-w-d.png" + +# Guest instances on which tcpdump is to be started +# +TCPDUMPHOSTS="moon" + +# Guest instances on which IPsec is started +# Used for IPsec logging purposes +# +IPSECHOSTS="carol moon dave alice" + +# Guest instances on which databases are used +# +DBHOSTS="alice carol" + +# charon controlled by swanctl +# +SWANCTL=1 diff --git a/testing/tests/tnc/tnccs-20-mutual-pt-tls/pretest.dat b/testing/tests/tnc/tnccs-20-mutual-pt-tls/pretest.dat index af53e6c9b..8642292a8 100644 --- a/testing/tests/tnc/tnccs-20-mutual-pt-tls/pretest.dat +++ b/testing/tests/tnc/tnccs-20-mutual-pt-tls/pretest.dat @@ -1,4 +1,4 @@ sun::service charon start moon::cat /etc/pts/options moon::sleep 1 -moon::ipsec pt-tls-client --optionsfrom /etc/pts/options +moon::/usr/local/bin/pt-tls-client --optionsfrom /etc/pts/options diff --git a/testing/tests/tnc/tnccs-20-nea-pt-tls/description.txt b/testing/tests/tnc/tnccs-20-nea-pt-tls/description.txt new file mode 100644 index 000000000..90e85485c --- /dev/null +++ b/testing/tests/tnc/tnccs-20-nea-pt-tls/description.txt @@ -0,0 +1,9 @@ +The PT-TLS (RFC 6876) clients carol and dave set up a connection each to the policy decision +point (PDP) alice. Endpoint carol uses password-based SASL PLAIN client authentication during the +PT-TLS negotiation phase whereas endpoint dave uses certificate-based TLS client authentication +during the TLS setup phase. +

+During the ensuing PT-TLS data transport phase the OS and SWIMA IMC/IMV pairs +loaded by the PT-TLS clients and PDP, respectively, exchange PA-TNC (RFC 5792) messages +embedded in PB-TNC (RFC 5793) batches. The SWIMA IMC on carol is requested to deliver +a concise Software ID Inventory whereas dave must send a full Software Inventory. diff --git a/testing/tests/tnc/tnccs-20-nea-pt-tls/evaltest.dat b/testing/tests/tnc/tnccs-20-nea-pt-tls/evaltest.dat new file mode 100644 index 000000000..198b2bde3 --- /dev/null +++ b/testing/tests/tnc/tnccs-20-nea-pt-tls/evaltest.dat @@ -0,0 +1,25 @@ +dave:: cat /var/log/auth.log::sending TLS CertificateVerify handshake::YES +dave:: cat /var/log/auth.log::collected ... SW records::YES +carol::cat /var/log/auth.log::received SASL Success result::YES +carol::cat /var/log/auth.log::collected ... SW ID records::YES +carol::cat /var/log/auth.log::strongswan.org__strongSwan.*swidtag::YES +carol::cat /var/log/auth.log::collected 1 SW record::YES +alice::cat /var/log/daemon.log::accepting PT-TLS stream from PH_IP_DAVE::YES +alice::cat /var/log/daemon.log::checking certificate status of.*C=CH, O=Linux strongSwan, OU=Accounting, CN=dave@strongswan.org::YES +alice::cat /var/log/daemon.log::certificate status is good::YES +alice::cat /var/log/daemon.log::skipping SASL, client already authenticated by TLS certificate::YES +alice::cat /var/log/daemon.log::user AR identity.*C=CH, O=Linux strongSwan, OU=Accounting, CN=dave@strongswan.org.*authenticated by certificate::YES +alice::cat /var/log/daemon.log::received software inventory with ... items for request 3 at last eid 1 of epoch::YES +alice::cat /var/log/daemon.log::successful system command: ssh root@moon.*logger -t charon -p auth.alert.*host with IP address 192.168.0.200 is blocked::YES +moon:: cat /var/log/auth.log::host with IP address 192.168.0.200 is blocked::YES +alice::cat /var/log/daemon.log::accepting PT-TLS stream from PH_IP_CAROL::YES +alice::cat /var/log/daemon.log::SASL PLAIN authentication successful::YES +alice::cat /var/log/daemon.log::SASL client identity is.*carol::YES +alice::cat /var/log/daemon.log::user AR identity.*carol.*authenticated by password::YES +alice::cat /var/log/daemon.log::failed to collect SW ID events, fallback to SW ID inventory::YES +alice::cat /var/log/daemon.log::received software ID inventory with ... items for request 9 at last eid 1 of epoch::YES +alice::cat /var/log/daemon.log::1 SWID tag target::YES +alice::cat /var/log/daemon.log::received software inventory with 1 item for request 9 at last eid 1 of epoch::YES +alice::cat /var/log/daemon.log::strongswan.org__strongSwan.*@ /usr/local/share/strongswan::YES +alice::cat /var/log/daemon.log::successful system command: ssh root@moon.*logger -t charon -p auth.alert.*host with IP address 192.168.0.100 is allowed::YES +moon::cat /var/log/auth.log::host with IP address 192.168.0.100 is allowed::YES diff --git a/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/alice/etc/apache2/sites-available/000-default.conf b/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/alice/etc/apache2/sites-available/000-default.conf new file mode 100644 index 000000000..4075f75bd --- /dev/null +++ b/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/alice/etc/apache2/sites-available/000-default.conf @@ -0,0 +1,31 @@ +WSGIPythonPath /var/www/tnc + + + ServerName tnc.strongswan.org + ServerAlias tnc + ServerAdmin webmaster@localhost + + DocumentRoot /var/www/tnc + + + + + Require all granted + + + Order deny,allow + Allow from all + + + + + WSGIScriptAlias / /var/www/tnc/config/wsgi.py + WSGIApplicationGroup %{GLOBAL} + WSGIPassAuthorization On + + Alias /static/ /var/www/tnc/static/ + + ErrorLog ${APACHE_LOG_DIR}/tnc/error.log + LogLevel warn + CustomLog ${APACHE_LOG_DIR}/tnc/access.log combined + diff --git a/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/alice/etc/apache2/sites-available/default b/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/alice/etc/apache2/sites-available/default new file mode 100644 index 000000000..1dc8b5688 --- /dev/null +++ b/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/alice/etc/apache2/sites-available/default @@ -0,0 +1 @@ +Include sites-available/000-default.conf \ No newline at end of file diff --git a/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/alice/etc/iptables.rules b/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/alice/etc/iptables.rules new file mode 100644 index 000000000..c556d9483 --- /dev/null +++ b/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/alice/etc/iptables.rules @@ -0,0 +1,28 @@ +*filter + +# default policy is DROP +-P INPUT DROP +-P OUTPUT DROP +-P FORWARD DROP + +# open loopback interface +-A INPUT -i lo -j ACCEPT +-A OUTPUT -o lo -j ACCEPT + +# allow PT-TLS +-A INPUT -i eth0 -p tcp --dport 271 -j ACCEPT +-A OUTPUT -o eth0 -p tcp --sport 271 -j ACCEPT + +# allow inbound ssh +-A INPUT -p tcp --dport 22 -j ACCEPT +-A OUTPUT -p tcp --sport 22 -j ACCEPT + +# allow outbound ssh +-A OUTPUT -p tcp --dport 22 -j ACCEPT +-A INPUT -p tcp --sport 22 -j ACCEPT + +# allow crl fetch from winnetou +-A INPUT -i eth0 -p tcp --sport 80 -s 192.168.0.150 -j ACCEPT +-A OUTPUT -o eth0 -p tcp --dport 80 -d 192.168.0.150 -j ACCEPT + +COMMIT diff --git a/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/alice/etc/pts/data1.sql b/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/alice/etc/pts/data1.sql new file mode 100644 index 000000000..16ab96d58 --- /dev/null +++ b/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/alice/etc/pts/data1.sql @@ -0,0 +1,61 @@ +/* Devices */ + +INSERT INTO devices ( /* 1 */ + value, product, created +) +SELECT 'aabbccddeeff11223344556677889900', id, 1372330615 +FROM products WHERE name = 'Debian DEBIAN_VERSION x86_64'; + +/* Groups Members */ + +INSERT INTO groups_members ( + group_id, device_id +) VALUES ( + 10, 1 +); + +/* Identities */ + +INSERT INTO identities ( + type, value +) VALUES ( /* dave@strongswan.org */ + 4, X'64617665407374726f6e677377616e2e6f7267' +); + +/* Sessions */ + +INSERT INTO sessions ( + time, connection, identity, device, product, rec +) +SELECT NOW, 1, 1, 1, id, 0 +FROM products WHERE name = 'Debian DEBIAN_VERSION x86_64'; + +/* Results */ + +INSERT INTO results ( + session, policy, rec, result +) VALUES ( + 1, 1, 0, 'processed 355 packages: 0 not updated, 0 blacklisted, 4 ok, 351 not found' +); + +/* Enforcements */ + +INSERT INTO enforcements ( + policy, group_id, max_age, rec_fail, rec_noresult +) VALUES ( + 3, 10, 0, 2, 2 +); + +INSERT INTO enforcements ( + policy, group_id, max_age +) VALUES ( + 17, 2, 86400 +); + +INSERT INTO enforcements ( + policy, group_id, max_age +) VALUES ( + 18, 10, 86400 +); + +DELETE FROM enforcements WHERE id = 1; diff --git a/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/alice/etc/strongTNC/settings.ini b/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/alice/etc/strongTNC/settings.ini new file mode 100644 index 000000000..5ae53c47a --- /dev/null +++ b/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/alice/etc/strongTNC/settings.ini @@ -0,0 +1,19 @@ +[debug] +DEBUG=0 +TEMPLATE_DEBUG=0 +DEBUG_TOOLBAR=0 + +[db] +DJANGO_DB_URL=sqlite:////var/www/tnc/django.db +STRONGTNC_DB_URL = sqlite:////etc/db.d/config.db + +[localization] +LANGUAGE_CODE=en-us +TIME_ZONE=Europe/Zurich + +[admins] +Your Name: alice@strongswan.org + +[security] +SECRET_KEY=strongSwan +ALLOWED_HOSTS=127.0.0.1,10.1.0.10,tnc.strongswan.org,tnc diff --git a/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/alice/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/alice/etc/strongswan.conf new file mode 100644 index 000000000..1148b945a --- /dev/null +++ b/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/alice/etc/strongswan.conf @@ -0,0 +1,49 @@ +# /etc/strongswan.conf - strongSwan configuration file + +charon { + load = random nonce pem pkcs1 x509 openssl revocation constraints curl vici socket-default kernel-netlink tnc-pdp tnc-imv tnc-tnccs tnccs-20 sqlite + + syslog { + auth { + default = 0 + } + daemon { + tls = 2 + tnc = 2 + imv = 3 + } + } + plugins { + tnc-pdp { + server = aaa.strongswan.org + radius { + secret = gv6URkSs + } + } + tnc-imv { + dlclose = no + } + } +} + +libtls { + suites = TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 +} + +libimcv { + database = sqlite:///etc/db.d/config.db + policy_script = /usr/local/libexec/ipsec/imv_policy_manager + + plugins { + imv-swima { + rest_api { + uri = http://admin-user:strongSwan@tnc.strongswan.org/api/ + } + } + } +} + +imv_policy_manager { + command_allow = ssh root@moon 'logger -t charon -p auth.alert "\"host with IP address %s is allowed\""' + command_block = ssh root@moon 'logger -t charon -p auth.alert "\"host with IP address %s is blocked\""' +} diff --git a/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/alice/etc/swanctl/rsa/aaaKey.pem b/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/alice/etc/swanctl/rsa/aaaKey.pem new file mode 100644 index 000000000..adc47dd33 --- /dev/null +++ b/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/alice/etc/swanctl/rsa/aaaKey.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpQIBAAKCAQEAtxfP0jM8wZqtJvNmYar+WmB5GkzZbm431C5YWpSc/4vjCMXl +h/7VuGPkOeuEqU4KOKL3l0OQt1Exh77ii9ekg0X//4n132fI/hg0sKVRPCK8HC8l +0LdwnLLNI7uO5ObYY1KtAVnDeI/cfFbLV0z38/X7GWCpKi7ocmVMNalpD5w7c/9a +VgpO70O9NPr+OPhs1Lp9uJQQbQzQlhydhK3SLA1bJEcyXYMqOamJud+EcM1Hjq3S +W5JpKhuroDSxGzMntRF0TgrGXf8ctNfz/52repoUh2GrFfOhkpXrKUErf46NNtnD +e4FXvyprZNQO4wJBWKCSS3p16UWEL+1LFwiDPQIDAQABAoIBAQCNeNG0+rA0bF7k +nOf8CZL1pFuOzdin8nQi+Bh/DRvufVlU+wyrM2ZSTqUXd/sOkuVk889ZyvQ0IYGj +AQStx1cvs9Pl0OTx1ZDBfVShNWv6imBNasTObB+QhLvro037Yr/KpyRUydY2/vn/ +/VSrRSbGE8gMyNqNZKdpVQo44Ij0bJXxx7kVJ7CfftB65bujkRSK5u7eGjFVyHGs +P9v4n72Pt0mVdC8yeiMjJAmmKLWaDf7U2SUoaxf0IRjRNPdVBuPjbYjfnJ0sGlxF +sCQtu+3JQ4b7vyxrAyUtImbTLwvFqQHTGIahZUvhGd/1aO0Zmls1mvuZ+VhUIsek +uBJh54jFAoGBAN7M08mBkA8oUns0IzzG+A0JYDmdbvOWbKtyQDRl7LkXOq/PckIj +PoliI/5aNZe9+Q8kq8xnvLVcsup7EX6Ovaqc6S3ODNEjy4XEqGMM9tkrz4R4N5f5 +hLayOg3MfdJiPOn3HF+cVvHp0Vwpt8K5TgVmOWkVSKTa+6eX4mhQUuKjAoGBANJg +Rmka90zo+7PPze4oo5ePeqwZrwQ3/6OeD/G1lqMFPOgk3MLGuv9HvtQA5gyyAH7+ +Qy/t+rdPSC7PZi29s8/cERmWTdbZ1ocuKa6xxSvktl7Ibv51d0sW1n+kfVin7cLL +SskoK8BRXjXsZg7jjZjE5f6iqdHq+JPA2JWM10CfAoGAOXTvJScxhIcshjNS5wiU +zZ/eXd1Y0J65VZl4L0sdujngW5iO6bl3FizmBWE0Mva99QbK+0LBarAGP+wO/elH +xmkCxVo++exWPyARIMImIqlmsc3i4GFrtUXPLOHQjOHivZ+JhKqnzWk0IaVsi14I +XeIX6h6gBkum3HiR3b7hMSsCgYEAtq7ftbmy8liG6hgTzTIBDUWM0xHihxlRpnVF +hzGWw61yvGv2QDVugOt+bH7zRib0g1KsaVyQkMoJ9ownQKUxFdkWCFAa++1iezS9 +AXRhscIEE76dk93RX6VPUrw2FNyOfM8n/BIkG/cMhmroHRnBBd5Fkp8SNLWEclnO +Od95tCUCgYEAgvohkyZAAKMRUFYEvHgwyxeXHifHVPIoK9UN022DJmIEJE2ISGtH +yHnBKgF52tlYhC9ijKwMG43C9IvycydRUtViOxDV8AiE4BV1tXuQHLl0jD2R7yq5 +9pNtnYgXW+ZKlx9705ltHj8hhKl6r2I8oXdR9KFGO83wq8fr6tyjqHc= +-----END RSA PRIVATE KEY----- diff --git a/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/alice/etc/swanctl/swanctl.conf b/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/alice/etc/swanctl/swanctl.conf new file mode 100644 index 000000000..635620b7d --- /dev/null +++ b/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/alice/etc/swanctl/swanctl.conf @@ -0,0 +1,7 @@ +secrets { + + eap-carol { + id = carol + secret = "Ar3etTnp" + } +} diff --git a/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/alice/etc/swanctl/x509/aaaCert.pem b/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/alice/etc/swanctl/x509/aaaCert.pem new file mode 100644 index 000000000..42083c2a9 --- /dev/null +++ b/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/alice/etc/swanctl/x509/aaaCert.pem @@ -0,0 +1,25 @@ +-----BEGIN CERTIFICATE----- +MIIEIDCCAwigAwIBAgIBMzANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ +MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS +b290IENBMB4XDTE1MDgwNDE0NTUzMVoXDTE5MDkwNjE0NTUzMVowRTELMAkGA1UE +BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMTEmFhYS5z +dHJvbmdzd2FuLm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALcX +z9IzPMGarSbzZmGq/lpgeRpM2W5uN9QuWFqUnP+L4wjF5Yf+1bhj5DnrhKlOCjii +95dDkLdRMYe+4ovXpINF//+J9d9nyP4YNLClUTwivBwvJdC3cJyyzSO7juTm2GNS +rQFZw3iP3HxWy1dM9/P1+xlgqSou6HJlTDWpaQ+cO3P/WlYKTu9DvTT6/jj4bNS6 +fbiUEG0M0JYcnYSt0iwNWyRHMl2DKjmpibnfhHDNR46t0luSaSobq6A0sRszJ7UR +dE4Kxl3/HLTX8/+dq3qaFIdhqxXzoZKV6ylBK3+OjTbZw3uBV78qa2TUDuMCQVig +kkt6delFhC/tSxcIgz0CAwEAAaOCARkwggEVMAkGA1UdEwQCMAAwCwYDVR0PBAQD +AgOoMB0GA1UdDgQWBBRFNnP26ELy5j7KMOO+a8dh5pLe6DBtBgNVHSMEZjBkgBRd +p91wBlEyfue2bbO15eBg6i5N76FJpEcwRTELMAkGA1UEBhMCQ0gxGTAXBgNVBAoT +EExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQYIB +ADAdBgNVHREEFjAUghJhYWEuc3Ryb25nc3dhbi5vcmcwEwYDVR0lBAwwCgYIKwYB +BQUHAwEwOQYDVR0fBDIwMDAuoCygKoYoaHR0cDovL2NybC5zdHJvbmdzd2FuLm9y +Zy9zdHJvbmdzd2FuLmNybDANBgkqhkiG9w0BAQsFAAOCAQEAsncNPDCCDd4mzIHs +nHY7b6H1tVQtFSbAQntV06D4D7vOp6Y+M5S8ta50hJu4f4GEeH5c7/hm8gbRdHt/ +TcjlV/UWBfhU3c/hNJo2LpmmtdmYUABLA3rdZ+FzOnAHX9H8eI988G7eHpI9T7L2 +FY2YEnWhIUVjFrojtH2+NbuA/Ori1QwSBiVhvJQgvUPjhKkjUtC+8zIdaCmJFErQ +GGObpAMtnTcQ74md9BQ791RPMp77tDe1fgm7m8QWIsoIyYEhvzyfk2VTBn1VlWyH +sbT0Vb3X9ubt0KXn2Xr491WTCpc5rzDWj9CNUYUgW7RaPxgw5cj2HK6oiLnGpO73 +xyr/Qw== +-----END CERTIFICATE----- diff --git a/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/alice/etc/tnc_config b/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/alice/etc/tnc_config new file mode 100644 index 000000000..1499dfc90 --- /dev/null +++ b/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/alice/etc/tnc_config @@ -0,0 +1,4 @@ +#IMV configuration file for strongSwan client + +IMV "OS" /usr/local/lib/ipsec/imcvs/imv-os.so +IMV "SWIMA" /usr/local/lib/ipsec/imcvs/imv-swima.so diff --git a/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/carol/etc/ipsec.sql b/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/carol/etc/ipsec.sql new file mode 100644 index 000000000..805c8bfd9 --- /dev/null +++ b/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/carol/etc/ipsec.sql @@ -0,0 +1,4 @@ +/* strongSwan SQLite database */ + +/* configuration is read from the command line */ +/* credentials are read from the command line */ diff --git a/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/carol/etc/iptables.rules b/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/carol/etc/iptables.rules new file mode 100644 index 000000000..d01d0a3c9 --- /dev/null +++ b/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/carol/etc/iptables.rules @@ -0,0 +1,20 @@ +*filter + +# default policy is DROP +-P INPUT DROP +-P OUTPUT DROP +-P FORWARD DROP + +# allow PT-TLS +-A INPUT -i eth0 -s 10.1.0.10 -p tcp --sport 271 -j ACCEPT +-A OUTPUT -o eth0 -d 10.1.0.10 -p tcp --dport 271 -j ACCEPT + +# allow ssh +-A INPUT -p tcp --dport 22 -j ACCEPT +-A OUTPUT -p tcp --sport 22 -j ACCEPT + +# allow crl fetch from winnetou +-A INPUT -i eth0 -p tcp --sport 80 -s 192.168.0.150 -j ACCEPT +-A OUTPUT -o eth0 -p tcp --dport 80 -d 192.168.0.150 -j ACCEPT + +COMMIT diff --git a/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/carol/etc/pts/options b/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/carol/etc/pts/options new file mode 100644 index 000000000..52a3673b3 --- /dev/null +++ b/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/carol/etc/pts/options @@ -0,0 +1,6 @@ +--connect aaa.strongswan.org +--client carol +--secret "Ar3etTnp" +--cert /etc/swanctl/x509ca/strongswanCert.pem +--quiet +--debug 2 diff --git a/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/carol/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/carol/etc/strongswan.conf new file mode 100644 index 000000000..5aad08905 --- /dev/null +++ b/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/carol/etc/strongswan.conf @@ -0,0 +1,18 @@ +# /etc/strongswan.conf - strongSwan configuration file + +libtls { + suites = TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 +} + +libimcv { + swid_gen { + tag_creator { + name = Debian Project + regid = debian.org + } + } +} + +pt-tls-client { + load = revocation constraints pem openssl curl nonce tnc-tnccs tnc-imc tnccs-20 +} diff --git a/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/carol/etc/swanctl/swanctl.conf b/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/carol/etc/swanctl/swanctl.conf new file mode 100644 index 000000000..28da4d427 --- /dev/null +++ b/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/carol/etc/swanctl/swanctl.conf @@ -0,0 +1 @@ +# the PT-TLS client reads its configuration and secrets via the command line diff --git a/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/carol/etc/tnc_config b/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/carol/etc/tnc_config new file mode 100644 index 000000000..3975056ca --- /dev/null +++ b/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/carol/etc/tnc_config @@ -0,0 +1,4 @@ +#IMC configuration file for strongSwan client + +IMC "OS" /usr/local/lib/ipsec/imcvs/imc-os.so +IMC "SWIMA" /usr/local/lib/ipsec/imcvs/imc-swima.so diff --git a/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/dave/etc/ipsec.sql b/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/dave/etc/ipsec.sql new file mode 100644 index 000000000..805c8bfd9 --- /dev/null +++ b/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/dave/etc/ipsec.sql @@ -0,0 +1,4 @@ +/* strongSwan SQLite database */ + +/* configuration is read from the command line */ +/* credentials are read from the command line */ diff --git a/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/dave/etc/iptables.rules b/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/dave/etc/iptables.rules new file mode 100644 index 000000000..d01d0a3c9 --- /dev/null +++ b/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/dave/etc/iptables.rules @@ -0,0 +1,20 @@ +*filter + +# default policy is DROP +-P INPUT DROP +-P OUTPUT DROP +-P FORWARD DROP + +# allow PT-TLS +-A INPUT -i eth0 -s 10.1.0.10 -p tcp --sport 271 -j ACCEPT +-A OUTPUT -o eth0 -d 10.1.0.10 -p tcp --dport 271 -j ACCEPT + +# allow ssh +-A INPUT -p tcp --dport 22 -j ACCEPT +-A OUTPUT -p tcp --sport 22 -j ACCEPT + +# allow crl fetch from winnetou +-A INPUT -i eth0 -p tcp --sport 80 -s 192.168.0.150 -j ACCEPT +-A OUTPUT -o eth0 -p tcp --dport 80 -d 192.168.0.150 -j ACCEPT + +COMMIT diff --git a/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/dave/etc/pts/options b/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/dave/etc/pts/options new file mode 100644 index 000000000..08953142f --- /dev/null +++ b/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/dave/etc/pts/options @@ -0,0 +1,7 @@ +--connect aaa.strongswan.org +--client dave@strongswan.org +--key /etc/swanctl/rsa/daveKey.pem +--cert /etc/swanctl/x509/daveCert.pem +--cert /etc/swanctl/x509ca/strongswanCert.pem +--quiet +--debug 2 diff --git a/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/dave/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/dave/etc/strongswan.conf new file mode 100644 index 000000000..cf08b969d --- /dev/null +++ b/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/dave/etc/strongswan.conf @@ -0,0 +1,27 @@ +# /etc/strongswan.conf - strongSwan configuration file + +libimcv { + swid_gen { + tag_creator { + name = Debian Project + regid = debian.org + } + } + plugins { + imc-os { + push_info = no + } + imc-swima { + swid_directory = /usr/share + swid_pretty = yes + } + } +} + +libtls { + suites = TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 +} + +pt-tls-client { + load = revocation constraints pem openssl curl nonce tnc-tnccs tnc-imc tnccs-20 +} diff --git a/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/dave/etc/swanctl/swanctl.conf b/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/dave/etc/swanctl/swanctl.conf new file mode 100644 index 000000000..28da4d427 --- /dev/null +++ b/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/dave/etc/swanctl/swanctl.conf @@ -0,0 +1 @@ +# the PT-TLS client reads its configuration and secrets via the command line diff --git a/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/dave/etc/tnc_config b/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/dave/etc/tnc_config new file mode 100644 index 000000000..3975056ca --- /dev/null +++ b/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/dave/etc/tnc_config @@ -0,0 +1,4 @@ +#IMC configuration file for strongSwan client + +IMC "OS" /usr/local/lib/ipsec/imcvs/imc-os.so +IMC "SWIMA" /usr/local/lib/ipsec/imcvs/imc-swima.so diff --git a/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/moon/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/moon/etc/strongswan.conf new file mode 100644 index 000000000..d99a4b78a --- /dev/null +++ b/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/moon/etc/strongswan.conf @@ -0,0 +1,3 @@ +# /etc/strongswan.conf - strongSwan configuration file + +# this file is not used in this scenario diff --git a/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/moon/etc/swanctl/swanctl.conf new file mode 100644 index 000000000..27f96a620 --- /dev/null +++ b/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/moon/etc/swanctl/swanctl.conf @@ -0,0 +1 @@ +# this file is not used in this scenario diff --git a/testing/tests/tnc/tnccs-20-nea-pt-tls/posttest.dat b/testing/tests/tnc/tnccs-20-nea-pt-tls/posttest.dat new file mode 100644 index 000000000..09c8a6cbc --- /dev/null +++ b/testing/tests/tnc/tnccs-20-nea-pt-tls/posttest.dat @@ -0,0 +1,10 @@ +carol::ip route del 10.1.0.0/16 via 192.168.0.1 +dave::ip route del 10.1.0.0/16 via 192.168.0.1 +winnetou::ip route del 10.1.0.0/16 via 192.168.0.1 +alice::service charon stop +alice::service apache2 stop +alice::rm /etc/swanctl/rsa/aaaKey.pem +alice::rm /etc/swanctl/x509/aaaCert.pem +alice::iptables-restore < /etc/iptables.flush +carol::iptables-restore < /etc/iptables.flush +dave::iptables-restore < /etc/iptables.flush diff --git a/testing/tests/tnc/tnccs-20-nea-pt-tls/pretest.dat b/testing/tests/tnc/tnccs-20-nea-pt-tls/pretest.dat new file mode 100644 index 000000000..d8ac3ab41 --- /dev/null +++ b/testing/tests/tnc/tnccs-20-nea-pt-tls/pretest.dat @@ -0,0 +1,25 @@ +alice::iptables-restore < /etc/iptables.rules +carol::iptables-restore < /etc/iptables.rules +dave::iptables-restore < /etc/iptables.rules +alice::cat /etc/tnc_config +carol::cat /etc/tnc_config +carol::echo 0 > /proc/sys/net/ipv4/ip_forward +dave::echo aabbccddeeff11223344556677889900 > /var/lib/dbus/machine-id +dave::cat /etc/tnc_config +alice::sed -i "s/NOW/`date +%s`/g" /etc/pts/data1.sql +alice::sed -i "s:DEBIAN_VERSION:\`cat /etc/debian_version\`:" /etc/pts/data1.sql +alice::cd /usr/local/share/strongswan/templates/database/imv; cat tables.sql data.sql /etc/pts/data1.sql | sqlite3 /etc/db.d/config.db +alice::chgrp -R www-data /etc/db.d/config.db; chmod -R g+w /etc/db.d/config.db +alice::/usr/local/bin/init_tnc +alice::rm /etc/swanctl/x509/aliceCert.pem +alice::rm /etc/swanctl/rsa/aliceKey.pem +alice::service charon start +alice::service apache2 start +alice::swanctl --load-creds +winnetou::ip route add 10.1.0.0/16 via 192.168.0.1 +dave::ip route add 10.1.0.0/16 via 192.168.0.1 +dave::cat /etc/pts/options +dave::/usr/local/bin/pt-tls-client --optionsfrom /etc/pts/options +carol::ip route add 10.1.0.0/16 via 192.168.0.1 +carol::cat /etc/pts/options +carol::/usr/local/bin/pt-tls-client --optionsfrom /etc/pts/options diff --git a/testing/tests/tnc/tnccs-20-nea-pt-tls/test.conf b/testing/tests/tnc/tnccs-20-nea-pt-tls/test.conf new file mode 100644 index 000000000..08ea543e2 --- /dev/null +++ b/testing/tests/tnc/tnccs-20-nea-pt-tls/test.conf @@ -0,0 +1,29 @@ +#!/bin/bash +# +# This configuration file provides information on the +# guest instances used for this test + +# All guest instances that are required for this test +# +VIRTHOSTS="alice moon carol winnetou dave" + +# Corresponding block diagram +# +DIAGRAM="a-m-c-w-d.png" + +# Guest instances on which tcpdump is to be started +# +TCPDUMPHOSTS="moon" + +# Guest instances on which IPsec is started +# Used for IPsec logging purposes +# +IPSECHOSTS="carol moon dave alice" + +# Guest instances on which databases are used +# +DBHOSTS="alice" + +# charon controlled by swanctl +# +SWANCTL=1 diff --git a/testing/tests/tnc/tnccs-20-pdp-pt-tls/evaltest.dat b/testing/tests/tnc/tnccs-20-pdp-pt-tls/evaltest.dat index c3409fd66..fc232bfde 100644 --- a/testing/tests/tnc/tnccs-20-pdp-pt-tls/evaltest.dat +++ b/testing/tests/tnc/tnccs-20-pdp-pt-tls/evaltest.dat @@ -18,6 +18,6 @@ alice::cat /var/log/daemon.log::user AR identity.*carol.*authenticated by passwo alice::cat /var/log/daemon.log::received SWID tag ID inventory with ... items for request 9 at eid 1 of epoch::YES alice::cat /var/log/daemon.log::1 SWID tag target::YES alice::cat /var/log/daemon.log::received SWID tag inventory with 1 item for request 9 at eid 1 of epoch::YES -alice::cat /var/log/daemon.log::regid.2004-03.org.strongswan_strongSwan-::YES +alice::cat /var/log/daemon.log::strongswan.org__strongSwan-::YES alice::cat /var/log/daemon.log::successful system command: ssh root@moon.*logger -t charon -p auth.alert.*host with IP address 192.168.0.100 is allowed::YES moon::cat /var/log/auth.log::host with IP address 192.168.0.100 is allowed::YES diff --git a/testing/tests/tnc/tnccs-20-pdp-pt-tls/pretest.dat b/testing/tests/tnc/tnccs-20-pdp-pt-tls/pretest.dat index 17951e811..d8ac3ab41 100644 --- a/testing/tests/tnc/tnccs-20-pdp-pt-tls/pretest.dat +++ b/testing/tests/tnc/tnccs-20-pdp-pt-tls/pretest.dat @@ -19,7 +19,7 @@ alice::swanctl --load-creds winnetou::ip route add 10.1.0.0/16 via 192.168.0.1 dave::ip route add 10.1.0.0/16 via 192.168.0.1 dave::cat /etc/pts/options -dave::ipsec pt-tls-client --optionsfrom /etc/pts/options +dave::/usr/local/bin/pt-tls-client --optionsfrom /etc/pts/options carol::ip route add 10.1.0.0/16 via 192.168.0.1 carol::cat /etc/pts/options -carol::ipsec pt-tls-client --optionsfrom /etc/pts/options +carol::/usr/local/bin/pt-tls-client --optionsfrom /etc/pts/options -- cgit v1.2.3