diff options
Diffstat (limited to 'src/charon/plugins/stroke')
| -rw-r--r-- | src/charon/plugins/stroke/stroke_attribute.c | 58 | ||||
| -rw-r--r-- | src/charon/plugins/stroke/stroke_attribute.h | 12 | ||||
| -rw-r--r-- | src/charon/plugins/stroke/stroke_ca.c | 60 | ||||
| -rw-r--r-- | src/charon/plugins/stroke/stroke_ca.h | 12 | ||||
| -rw-r--r-- | src/charon/plugins/stroke/stroke_config.c | 88 | ||||
| -rw-r--r-- | src/charon/plugins/stroke/stroke_config.h | 6 | ||||
| -rw-r--r-- | src/charon/plugins/stroke/stroke_control.c | 52 | ||||
| -rw-r--r-- | src/charon/plugins/stroke/stroke_control.h | 12 | ||||
| -rw-r--r-- | src/charon/plugins/stroke/stroke_cred.c | 102 | ||||
| -rw-r--r-- | src/charon/plugins/stroke/stroke_cred.h | 10 | ||||
| -rw-r--r-- | src/charon/plugins/stroke/stroke_list.c | 178 | ||||
| -rw-r--r-- | src/charon/plugins/stroke/stroke_list.h | 6 | ||||
| -rw-r--r-- | src/charon/plugins/stroke/stroke_plugin.c | 6 | ||||
| -rw-r--r-- | src/charon/plugins/stroke/stroke_plugin.h | 2 | ||||
| -rw-r--r-- | src/charon/plugins/stroke/stroke_shared_key.c | 12 | ||||
| -rw-r--r-- | src/charon/plugins/stroke/stroke_shared_key.h | 6 | ||||
| -rw-r--r-- | src/charon/plugins/stroke/stroke_socket.c | 78 | ||||
| -rw-r--r-- | src/charon/plugins/stroke/stroke_socket.h | 2 |
18 files changed, 351 insertions, 351 deletions
diff --git a/src/charon/plugins/stroke/stroke_attribute.c b/src/charon/plugins/stroke/stroke_attribute.c index d3211fd67..14464e0bd 100644 --- a/src/charon/plugins/stroke/stroke_attribute.c +++ b/src/charon/plugins/stroke/stroke_attribute.c @@ -33,12 +33,12 @@ struct private_stroke_attribute_t { * public functions */ stroke_attribute_t public; - + /** * list of pools, contains pool_t */ linked_list_t *pools; - + /** * mutex to lock access to pools */ @@ -85,7 +85,7 @@ static void pool_destroy(pool_t *this) { enumerator_t *enumerator; identification_t *id; - + enumerator = this->ids->create_enumerator(this->ids); while (enumerator->enumerate(enumerator, &id, NULL)) { @@ -107,7 +107,7 @@ static pool_t *find_pool(private_stroke_attribute_t *this, char *name) { enumerator_t *enumerator; pool_t *current, *found = NULL; - + enumerator = this->pools->create_enumerator(this->pools); while (enumerator->enumerate(enumerator, ¤t)) { @@ -129,13 +129,13 @@ host_t* offset2host(pool_t *pool, int offset) chunk_t addr; host_t *host; u_int32_t *pos; - + offset--; if (offset > pool->size) { return NULL; } - + addr = chunk_clone(pool->base->get_address(pool->base)); if (pool->base->get_family(pool->base) == AF_INET6) { @@ -158,7 +158,7 @@ int host2offset(pool_t *pool, host_t *addr) { chunk_t host, base; u_int32_t hosti, basei; - + if (addr->get_family(addr) != pool->base->get_family(pool->base)) { return -1; @@ -195,7 +195,7 @@ static host_t* acquire_address(private_stroke_attribute_t *this, uintptr_t offset = 0; enumerator_t *enumerator; identification_t *old_id; - + this->mutex->lock(this->mutex); pool = find_pool(this, name); while (pool) @@ -206,7 +206,7 @@ static host_t* acquire_address(private_stroke_attribute_t *this, this->mutex->unlock(this->mutex); return requested->clone(requested); } - + if (!requested->is_anyaddr(requested) && requested->get_family(requested) != pool->base->get_family(pool->base)) @@ -214,7 +214,7 @@ static host_t* acquire_address(private_stroke_attribute_t *this, DBG1(DBG_CFG, "IP pool address family mismatch"); break; } - + /* check for a valid offline lease, refresh */ offset = (uintptr_t)pool->offline->remove(pool->offline, id); if (offset) @@ -227,7 +227,7 @@ static host_t* acquire_address(private_stroke_attribute_t *this, break; } } - + /* check for a valid online lease, reassign */ offset = (uintptr_t)pool->online->get(pool->online, id); if (offset && offset == host2offset(pool, requested)) @@ -235,7 +235,7 @@ static host_t* acquire_address(private_stroke_attribute_t *this, DBG1(DBG_CFG, "reassigning online lease to '%Y'", id); break; } - + if (pool->unused < pool->size) { /* assigning offset, starting by 1. Handling 0 in hashtable @@ -270,7 +270,7 @@ static host_t* acquire_address(private_stroke_attribute_t *this, } } enumerator->destroy(enumerator); - + DBG1(DBG_CFG, "pool '%s' is full, unable to assign address", name); break; } @@ -291,7 +291,7 @@ static bool release_address(private_stroke_attribute_t *this, pool_t *pool; bool found = FALSE; uintptr_t offset; - + this->mutex->lock(this->mutex); pool = find_pool(this, name); if (pool) @@ -323,7 +323,7 @@ static void add_pool(private_stroke_attribute_t *this, stroke_msg_t *msg) if (msg->add_conn.other.sourceip_size) { pool_t *pool; - + pool = malloc_thing(pool_t); pool->base = NULL; pool->size = 0; @@ -335,17 +335,17 @@ static void add_pool(private_stroke_attribute_t *this, stroke_msg_t *msg) (hashtable_equals_t)id_equals, 16); pool->ids = hashtable_create((hashtable_hash_t)id_hash, (hashtable_equals_t)id_equals, 16); - + /* if %config, add an empty pool, otherwise */ if (msg->add_conn.other.sourceip) { u_int32_t bits; int family; - - DBG1(DBG_CFG, "adding virtual IP address pool '%s': %s/%d", - msg->add_conn.name, msg->add_conn.other.sourceip, + + DBG1(DBG_CFG, "adding virtual IP address pool '%s': %s/%d", + msg->add_conn.name, msg->add_conn.other.sourceip, msg->add_conn.other.sourceip_size); - + pool->base = host_create_from_string(msg->add_conn.other.sourceip, 0); if (!pool->base) { @@ -363,7 +363,7 @@ static void add_pool(private_stroke_attribute_t *this, stroke_msg_t *msg) (family == AF_INET ? 32 : 128) - bits); } pool->size = 1 << (bits); - + if (pool->size > 2) { /* do not use first and last addresses of a block */ pool->unused++; @@ -383,7 +383,7 @@ static void del_pool(private_stroke_attribute_t *this, stroke_msg_t *msg) { enumerator_t *enumerator; pool_t *pool; - + this->mutex->lock(this->mutex); enumerator = this->pools->create_enumerator(this->pools); while (enumerator->enumerate(enumerator, &pool)) @@ -407,7 +407,7 @@ static bool pool_filter(void *mutex, pool_t **poolp, char **name, void *d3, u_int *offline) { pool_t *pool = *poolp; - + *name = pool->name; *size = pool->size; *online = pool->online->get_count(pool->online); @@ -450,10 +450,10 @@ static bool lease_enumerate(lease_enumerator_t *this, identification_t **id_out, { identification_t *id; uintptr_t offset; - + DESTROY_IF(this->current); this->current = NULL; - + if (this->inner->enumerate(this->inner, &id, NULL)) { offset = (uintptr_t)this->pool->online->get(this->pool->online, id); @@ -494,7 +494,7 @@ static enumerator_t* create_lease_enumerator(private_stroke_attribute_t *this, char *pool) { lease_enumerator_t *enumerator; - + this->mutex->lock(this->mutex); enumerator = malloc_thing(lease_enumerator_t); enumerator->pool = find_pool(this, pool); @@ -528,7 +528,7 @@ static void destroy(private_stroke_attribute_t *this) stroke_attribute_t *stroke_attribute_create() { private_stroke_attribute_t *this = malloc_thing(private_stroke_attribute_t); - + this->public.provider.acquire_address = (host_t*(*)(attribute_provider_t *this, char*, identification_t *,host_t *))acquire_address; this->public.provider.release_address = (bool(*)(attribute_provider_t *this, char*,host_t *, identification_t*))release_address; this->public.provider.create_attribute_enumerator = (enumerator_t*(*)(attribute_provider_t*, identification_t *id))enumerator_create_empty; @@ -537,10 +537,10 @@ stroke_attribute_t *stroke_attribute_create() this->public.create_pool_enumerator = (enumerator_t*(*)(stroke_attribute_t*))create_pool_enumerator; this->public.create_lease_enumerator = (enumerator_t*(*)(stroke_attribute_t*, char *pool))create_lease_enumerator; this->public.destroy = (void(*)(stroke_attribute_t*))destroy; - + this->pools = linked_list_create(); this->mutex = mutex_create(MUTEX_TYPE_RECURSIVE); - + return &this->public; } diff --git a/src/charon/plugins/stroke/stroke_attribute.h b/src/charon/plugins/stroke/stroke_attribute.h index fc273d1cb..0bb8ae4bf 100644 --- a/src/charon/plugins/stroke/stroke_attribute.h +++ b/src/charon/plugins/stroke/stroke_attribute.h @@ -30,12 +30,12 @@ typedef struct stroke_attribute_t stroke_attribute_t; * Stroke IKEv2 cfg attribute provider */ struct stroke_attribute_t { - + /** * Implements attribute provider interface */ attribute_provider_t provider; - + /** * Add a virtual IP address. * @@ -43,24 +43,24 @@ struct stroke_attribute_t { * @param end end of stroke message that contains virtual IP. */ void (*add_pool)(stroke_attribute_t *this, stroke_msg_t *msg); - + /** * Remove a virtual IP address. * * @param msg stroke message */ void (*del_pool)(stroke_attribute_t *this, stroke_msg_t *msg); - + /** * Create an enumerator over installed pools. * - * Enumerator enumerates over + * Enumerator enumerates over * char *pool, u_int size, u_int offline, u_int online. * * @return enumerator */ enumerator_t* (*create_pool_enumerator)(stroke_attribute_t *this); - + /** * Create an enumerator over the leases of a pool. * diff --git a/src/charon/plugins/stroke/stroke_ca.c b/src/charon/plugins/stroke/stroke_ca.c index 2f87ba0aa..2c3e2936e 100644 --- a/src/charon/plugins/stroke/stroke_ca.c +++ b/src/charon/plugins/stroke/stroke_ca.c @@ -34,17 +34,17 @@ struct private_stroke_ca_t { * public functions */ stroke_ca_t public; - + /** * read-write lock to lists */ rwlock_t *lock; - + /** * list of starters CA sections and its certificates (ca_section_t) */ linked_list_t *sections; - + /** * stroke credentials, stores our CA certificates */ @@ -62,27 +62,27 @@ struct ca_section_t { * name of the CA section */ char *name; - + /** * reference to cert in trusted_credential_t */ certificate_t *cert; - + /** * CRL URIs */ linked_list_t *crl; - + /** * OCSP URIs */ linked_list_t *ocsp; - + /** * Hashes of certificates issued by this CA */ linked_list_t *hashes; - + /** * Base URI used for certificates from this CA */ @@ -90,12 +90,12 @@ struct ca_section_t { }; /** - * create a new CA section + * create a new CA section */ static ca_section_t *ca_section_create(char *name, certificate_t *cert) { ca_section_t *ca = malloc_thing(ca_section_t); - + ca->name = strdup(name); ca->crl = linked_list_create(); ca->ocsp = linked_list_create(); @@ -145,7 +145,7 @@ static enumerator_t *create_inner_cdp(ca_section_t *section, cdp_data_t *data) chunk_t keyid; enumerator_t *enumerator = NULL; linked_list_t *list; - + if (data->type == CERT_X509_OCSP_RESPONSE) { list = section->ocsp; @@ -154,7 +154,7 @@ static enumerator_t *create_inner_cdp(ca_section_t *section, cdp_data_t *data) { list = section->crl; } - + public = section->cert->get_public_key(section->cert); if (public) { @@ -182,25 +182,25 @@ static enumerator_t *create_inner_cdp_hashandurl(ca_section_t *section, cdp_data { enumerator_t *enumerator = NULL, *hash_enum; identification_t *current; - + if (!data->id || !section->certuribase) { return NULL; } - + hash_enum = section->hashes->create_enumerator(section->hashes); while (hash_enum->enumerate(hash_enum, ¤t)) - { + { if (current->matches(current, data->id)) { char *url, *hash; - + url = malloc(strlen(section->certuribase) + 40 + 1); strcpy(url, section->certuribase); hash = chunk_to_hex(current->get_encoding(current), NULL, FALSE).ptr; strncat(url, hash, 40); free(hash); - + enumerator = enumerator_create_single(url, free); break; } @@ -231,7 +231,7 @@ static enumerator_t *create_cdp_enumerator(private_stroke_ca_t *this, data->this = this; data->type = type; data->id = id; - + this->lock->read_lock(this->lock); return enumerator_create_nested(this->sections->create_enumerator(this->sections), (type == CERT_X509) ? (void*)create_inner_cdp_hashandurl : (void*)create_inner_cdp, @@ -244,12 +244,12 @@ static void add(private_stroke_ca_t *this, stroke_msg_t *msg) { certificate_t *cert; ca_section_t *ca; - + if (msg->add_ca.cacert == NULL) { DBG1(DBG_CFG, "missing cacert parameter"); return; - } + } cert = this->cred->load_ca(this->cred, msg->add_ca.cacert); if (cert) { @@ -288,7 +288,7 @@ static void del(private_stroke_ca_t *this, stroke_msg_t *msg) { enumerator_t *enumerator; ca_section_t *ca = NULL; - + this->lock->write_lock(this->lock); enumerator = this->sections->create_enumerator(this->sections); while (enumerator->enumerate(enumerator, &ca)) @@ -344,14 +344,14 @@ static void check_for_hash_and_url(private_stroke_ca_t *this, certificate_t* cer { ca_section_t *section; enumerator_t *enumerator; - + hasher_t *hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1); if (hasher == NULL) { DBG1(DBG_IKE, "unable to use hash-and-url: sha1 not supported"); return; } - + this->lock->write_lock(this->lock); enumerator = this->sections->create_enumerator(this->sections); while (enumerator->enumerate(enumerator, (void**)§ion)) @@ -369,7 +369,7 @@ static void check_for_hash_and_url(private_stroke_ca_t *this, certificate_t* cer } enumerator->destroy(enumerator); this->lock->unlock(this->lock); - + hasher->destroy(hasher); } @@ -381,7 +381,7 @@ static void list(private_stroke_ca_t *this, stroke_msg_t *msg, FILE *out) bool first = TRUE; ca_section_t *section; enumerator_t *enumerator; - + this->lock->read_lock(this->lock); enumerator = this->sections->create_enumerator(this->sections); while (enumerator->enumerate(enumerator, (void**)§ion)) @@ -389,7 +389,7 @@ static void list(private_stroke_ca_t *this, stroke_msg_t *msg, FILE *out) certificate_t *cert = section->cert; public_key_t *public = cert->get_public_key(cert); chunk_t chunk; - + if (first) { fprintf(out, "\n"); @@ -398,7 +398,7 @@ static void list(private_stroke_ca_t *this, stroke_msg_t *msg, FILE *out) } fprintf(out, "\n"); fprintf(out, " authname: \"%Y\"\n", cert->get_subject(cert)); - + /* list authkey and keyid */ if (public) { @@ -439,7 +439,7 @@ static void destroy(private_stroke_ca_t *this) stroke_ca_t *stroke_ca_create(stroke_cred_t *cred) { private_stroke_ca_t *this = malloc_thing(private_stroke_ca_t); - + this->public.set.create_private_enumerator = (void*)return_null; this->public.set.create_cert_enumerator = (void*)return_null; this->public.set.create_shared_enumerator = (void*)return_null; @@ -450,11 +450,11 @@ stroke_ca_t *stroke_ca_create(stroke_cred_t *cred) this->public.list = (void(*)(stroke_ca_t*, stroke_msg_t *msg, FILE *out))list; this->public.check_for_hash_and_url = (void(*)(stroke_ca_t*, certificate_t*))check_for_hash_and_url; this->public.destroy = (void(*)(stroke_ca_t*))destroy; - + this->sections = linked_list_create(); this->lock = rwlock_create(RWLOCK_TYPE_DEFAULT); this->cred = cred; - + return &this->public; } diff --git a/src/charon/plugins/stroke/stroke_ca.h b/src/charon/plugins/stroke/stroke_ca.h index c882d7b4e..ae55fe8e7 100644 --- a/src/charon/plugins/stroke/stroke_ca.h +++ b/src/charon/plugins/stroke/stroke_ca.h @@ -37,35 +37,35 @@ struct stroke_ca_t { * Implements credential_set_t */ credential_set_t set; - + /** * Add a CA to the set using a stroke_msg_t. * * @param msg stroke message containing CA info */ void (*add)(stroke_ca_t *this, stroke_msg_t *msg); - + /** * Remove a CA from the set using a stroke_msg_t. * * @param msg stroke message containing CA info */ void (*del)(stroke_ca_t *this, stroke_msg_t *msg); - + /** * List CA sections to stroke console. * * @param msg stroke message */ void (*list)(stroke_ca_t *this, stroke_msg_t *msg, FILE *out); - + /** * Check if a certificate can be made available through hash and URL. - * + * * @param cert peer certificate */ void (*check_for_hash_and_url)(stroke_ca_t *this, certificate_t* cert); - + /** * Destroy a stroke_ca instance. */ diff --git a/src/charon/plugins/stroke/stroke_config.c b/src/charon/plugins/stroke/stroke_config.c index 4404f7078..2da1948db 100644 --- a/src/charon/plugins/stroke/stroke_config.c +++ b/src/charon/plugins/stroke/stroke_config.c @@ -30,22 +30,22 @@ struct private_stroke_config_t { * public functions */ stroke_config_t public; - + /** * list of peer_cfg_t */ linked_list_t *list; - + /** * mutex to lock config list */ mutex_t *mutex; - + /** * ca sections */ stroke_ca_t *ca; - + /** * credentials */ @@ -93,7 +93,7 @@ static peer_cfg_t *get_peer_cfg_by_name(private_stroke_config_t *this, char *nam enumerator_t *e1, *e2; peer_cfg_t *current, *found = NULL; child_cfg_t *child; - + this->mutex->lock(this->mutex); e1 = this->list->create_enumerator(this->list); while (e1->enumerate(e1, ¤t)) @@ -139,7 +139,7 @@ static void add_proposals(private_stroke_config_t *this, char *string, char *strict; proposal_t *proposal; protocol_id_t proto = PROTO_ESP; - + if (ike_cfg) { proto = PROTO_IKE; @@ -195,7 +195,7 @@ static ike_cfg_t *build_ike_cfg(private_stroke_config_t *this, stroke_msg_t *msg ike_cfg_t *ike_cfg; char *interface; host_t *host; - + host = host_create_from_dns(msg->add_conn.other.address, 0, 0); if (host) { @@ -227,7 +227,7 @@ static ike_cfg_t *build_ike_cfg(private_stroke_config_t *this, stroke_msg_t *msg { free(interface); } - + } } } @@ -275,7 +275,7 @@ static auth_cfg_t *build_auth_cfg(private_stroke_config_t *this, stroke_end_t *end, *other_end; auth_cfg_t *cfg; char eap_buf[32]; - + /* select strings */ if (local) { @@ -317,7 +317,7 @@ static auth_cfg_t *build_auth_cfg(private_stroke_config_t *this, ca = other_end->ca2; } } - + if (!auth) { if (primary) @@ -366,9 +366,9 @@ static auth_cfg_t *build_auth_cfg(private_stroke_config_t *this, return NULL; } } - + cfg = auth_cfg_create(); - + /* add identity and peer certifcate */ identity = identification_create_from_string(id); if (cert) @@ -394,7 +394,7 @@ static auth_cfg_t *build_auth_cfg(private_stroke_config_t *this, } } cfg->add(cfg, AUTH_RULE_IDENTITY, identity); - + /* CA constraint */ if (ca) { @@ -412,13 +412,13 @@ static auth_cfg_t *build_auth_cfg(private_stroke_config_t *this, "constraint", ca); } } - + /* AC groups */ if (end->groups) { enumerator_t *enumerator; char *group; - + enumerator = enumerator_create_token(end->groups, ",", " "); while (enumerator->enumerate(enumerator, &group)) { @@ -428,7 +428,7 @@ static auth_cfg_t *build_auth_cfg(private_stroke_config_t *this, } enumerator->destroy(enumerator); } - + /* authentication metod (class, actually) */ if (streq(auth, "pubkey") || streq(auth, "rsasig") || streq(auth, "rsa") || @@ -446,9 +446,9 @@ static auth_cfg_t *build_auth_cfg(private_stroke_config_t *this, enumerator_t *enumerator; char *str; int i = 0, type = 0, vendor; - + cfg->add(cfg, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_EAP); - + /* parse EAP string, format: eap[-type[-vendor]] */ enumerator = enumerator_create_token(auth, "-", " "); while (enumerator->enumerate(enumerator, &str)) @@ -488,7 +488,7 @@ static auth_cfg_t *build_auth_cfg(private_stroke_config_t *this, i++; } enumerator->destroy(enumerator); - + if (msg->add_conn.eap_identity) { if (streq(msg->add_conn.eap_identity, "%identity")) @@ -529,7 +529,7 @@ static peer_cfg_t *build_peer_cfg(private_stroke_config_t *this, u_int32_t rekey = 0, reauth = 0, over, jitter; peer_cfg_t *peer_cfg; auth_cfg_t *auth_cfg; - + #ifdef ME if (msg->add_conn.ikeme.mediation && msg->add_conn.ikeme.mediated_by) { @@ -537,13 +537,13 @@ static peer_cfg_t *build_peer_cfg(private_stroke_config_t *this, "at the same time, aborting"); return NULL; } - + if (msg->add_conn.ikeme.mediation) { /* force unique connections for mediation connections */ msg->add_conn.unique = 1; } - + if (msg->add_conn.ikeme.mediated_by) { mediated_by = charon->backends->get_peer_cfg_by_name(charon->backends, @@ -572,7 +572,7 @@ static peer_cfg_t *build_peer_cfg(private_stroke_config_t *this, } } #endif /* ME */ - + jitter = msg->add_conn.rekey.margin * msg->add_conn.rekey.fuzz / 100; over = msg->add_conn.rekey.margin; if (msg->add_conn.rekey.reauth) @@ -632,7 +632,7 @@ static peer_cfg_t *build_peer_cfg(private_stroke_config_t *this, { /* dpdaction=none disables DPD */ msg->add_conn.dpd.delay = 0; } - + /* other.sourceip is managed in stroke_attributes. If it is set, we define * the pool name as the connection name, which the attribute provider * uses to serve pool addresses. */ @@ -644,7 +644,7 @@ static peer_cfg_t *build_peer_cfg(private_stroke_config_t *this, vip, msg->add_conn.other.sourceip_size ? msg->add_conn.name : msg->add_conn.other.sourceip, msg->add_conn.ikeme.mediation, mediated_by, peer_id); - + /* build leftauth= */ auth_cfg = build_auth_cfg(this, msg, TRUE, TRUE); if (auth_cfg) @@ -684,7 +684,7 @@ static void add_ts(private_stroke_config_t *this, stroke_end_t *end, child_cfg_t *child_cfg, bool local) { traffic_selector_t *ts; - + if (end->tohost) { ts = traffic_selector_create_dynamic(end->protocol, @@ -694,7 +694,7 @@ static void add_ts(private_stroke_config_t *this, else { host_t *net; - + if (!end->subnets) { net = host_create_from_string(end->address, IKEV2_UDP_PORT); @@ -708,12 +708,12 @@ static void add_ts(private_stroke_config_t *this, else { char *del, *start, *bits; - + start = end->subnets; do { int intbits = 0; - + del = strchr(start, ','); if (del) { @@ -725,7 +725,7 @@ static void add_ts(private_stroke_config_t *this, *bits = '\0'; intbits = atoi(bits + 1); } - + net = host_create_from_string(start, IKEV2_UDP_PORT); if (net) { @@ -769,7 +769,7 @@ static child_cfg_t *build_child_cfg(private_stroke_config_t *this, .jitter = msg->add_conn.rekey.margin_packets * msg->add_conn.rekey.fuzz / 100 } }; - + switch (msg->add_conn.dpd.action) { /* map startes magic values to our action type */ case 2: /* =hold */ @@ -782,7 +782,7 @@ static child_cfg_t *build_child_cfg(private_stroke_config_t *this, dpd = ACTION_NONE; break; } - + child_cfg = child_cfg_create( msg->add_conn.name, &lifetime, msg->add_conn.me.updown, msg->add_conn.me.hostaccess, @@ -791,9 +791,9 @@ static child_cfg_t *build_child_cfg(private_stroke_config_t *this, msg->add_conn.install_policy); add_ts(this, &msg->add_conn.me, child_cfg, TRUE); add_ts(this, &msg->add_conn.other, child_cfg, FALSE); - + add_proposals(this, msg->add_conn.algorithms.esp, NULL, child_cfg); - + return child_cfg; } @@ -819,7 +819,7 @@ static void add(private_stroke_config_t *this, stroke_msg_t *msg) ike_cfg->destroy(ike_cfg); return; } - + enumerator = create_peer_cfg_enumerator(this, NULL, NULL); while (enumerator->enumerate(enumerator, &existing)) { @@ -837,7 +837,7 @@ static void add(private_stroke_config_t *this, stroke_msg_t *msg) } } enumerator->destroy(enumerator); - + child_cfg = build_child_cfg(this, msg); if (!child_cfg) { @@ -845,7 +845,7 @@ static void add(private_stroke_config_t *this, stroke_msg_t *msg) return; } peer_cfg->add_child_cfg(peer_cfg, child_cfg); - + if (use_existing) { peer_cfg->destroy(peer_cfg); @@ -869,13 +869,13 @@ static void del(private_stroke_config_t *this, stroke_msg_t *msg) peer_cfg_t *peer; child_cfg_t *child; bool deleted = FALSE; - + this->mutex->lock(this->mutex); enumerator = this->list->create_enumerator(this->list); while (enumerator->enumerate(enumerator, (void**)&peer)) { bool keep = FALSE; - + /* remove any child with such a name */ children = peer->create_child_cfg_enumerator(peer); while (children->enumerate(children, &child)) @@ -892,7 +892,7 @@ static void del(private_stroke_config_t *this, stroke_msg_t *msg) } } children->destroy(children); - + /* if peer config matches, or has no children anymore, remove it */ if (!keep || streq(peer->get_name(peer), msg->del_conn.name)) { @@ -903,7 +903,7 @@ static void del(private_stroke_config_t *this, stroke_msg_t *msg) } enumerator->destroy(enumerator); this->mutex->unlock(this->mutex); - + if (deleted) { DBG1(DBG_CFG, "deleted connection '%s'", msg->del_conn.name); @@ -930,19 +930,19 @@ static void destroy(private_stroke_config_t *this) stroke_config_t *stroke_config_create(stroke_ca_t *ca, stroke_cred_t *cred) { private_stroke_config_t *this = malloc_thing(private_stroke_config_t); - + this->public.backend.create_peer_cfg_enumerator = (enumerator_t*(*)(backend_t*, identification_t *me, identification_t *other))create_peer_cfg_enumerator; this->public.backend.create_ike_cfg_enumerator = (enumerator_t*(*)(backend_t*, host_t *me, host_t *other))create_ike_cfg_enumerator; this->public.backend.get_peer_cfg_by_name = (peer_cfg_t* (*)(backend_t*,char*))get_peer_cfg_by_name; this->public.add = (void(*)(stroke_config_t*, stroke_msg_t *msg))add; this->public.del = (void(*)(stroke_config_t*, stroke_msg_t *msg))del; this->public.destroy = (void(*)(stroke_config_t*))destroy; - + this->list = linked_list_create(); this->mutex = mutex_create(MUTEX_TYPE_RECURSIVE); this->ca = ca; this->cred = cred; - + return &this->public; } diff --git a/src/charon/plugins/stroke/stroke_config.h b/src/charon/plugins/stroke/stroke_config.h index 270795e4a..3ed2f994f 100644 --- a/src/charon/plugins/stroke/stroke_config.h +++ b/src/charon/plugins/stroke/stroke_config.h @@ -37,21 +37,21 @@ struct stroke_config_t { * Implements the backend_t interface */ backend_t backend; - + /** * Add a configuration to the backend. * * @param msg received stroke message containing config */ void (*add)(stroke_config_t *this, stroke_msg_t *msg); - + /** * Remove a configuration from the backend. * * @param msg received stroke message containing config name */ void (*del)(stroke_config_t *this, stroke_msg_t *msg); - + /** * Destroy a stroke_config instance. */ diff --git a/src/charon/plugins/stroke/stroke_control.c b/src/charon/plugins/stroke/stroke_control.c index c572117a2..a03aef697 100644 --- a/src/charon/plugins/stroke/stroke_control.c +++ b/src/charon/plugins/stroke/stroke_control.c @@ -43,7 +43,7 @@ struct stroke_log_info_t { * level to log up to */ level_t level; - + /** * where to write log */ @@ -75,7 +75,7 @@ static child_cfg_t* get_child_from_peer(peer_cfg_t *peer_cfg, char *name) { child_cfg_t *current, *found = NULL; enumerator_t *enumerator; - + enumerator = peer_cfg->create_child_cfg_enumerator(peer_cfg); while (enumerator->enumerate(enumerator, ¤t)) { @@ -98,7 +98,7 @@ static void initiate(private_stroke_control_t *this, stroke_msg_t *msg, FILE *ou peer_cfg_t *peer_cfg; child_cfg_t *child_cfg; stroke_log_info_t info; - + peer_cfg = charon->backends->get_peer_cfg_by_name(charon->backends, msg->initiate.name); if (peer_cfg == NULL) @@ -113,7 +113,7 @@ static void initiate(private_stroke_control_t *this, stroke_msg_t *msg, FILE *ou peer_cfg->destroy(peer_cfg); return; } - + child_cfg = get_child_from_peer(peer_cfg, msg->initiate.name); if (child_cfg == NULL) { @@ -121,7 +121,7 @@ static void initiate(private_stroke_control_t *this, stroke_msg_t *msg, FILE *ou peer_cfg->destroy(peer_cfg); return; } - + if (msg->output_verbosity < 0) { charon->controller->initiate(charon->controller, peer_cfg, child_cfg, @@ -150,9 +150,9 @@ static void terminate(private_stroke_control_t *this, stroke_msg_t *msg, FILE *o linked_list_t *ike_list, *child_list; stroke_log_info_t info; uintptr_t del; - + string = msg->terminate.name; - + len = strlen(string); if (len < 1) { @@ -174,7 +174,7 @@ static void terminate(private_stroke_control_t *this, stroke_msg_t *msg, FILE *o child = FALSE; break; } - + if (name) { /* is a single name */ @@ -202,10 +202,10 @@ static void terminate(private_stroke_control_t *this, stroke_msg_t *msg, FILE *o } } } - + info.out = out; info.level = msg->output_verbosity; - + if (id) { if (child) @@ -220,7 +220,7 @@ static void terminate(private_stroke_control_t *this, stroke_msg_t *msg, FILE *o } return; } - + ike_list = linked_list_create(); child_list = linked_list_create(); enumerator = charon->controller->create_ike_sa_enumerator(charon->controller); @@ -228,7 +228,7 @@ static void terminate(private_stroke_control_t *this, stroke_msg_t *msg, FILE *o { child_sa_t *child_sa; iterator_t *children; - + if (child) { children = ike_sa->create_child_sa_iterator(ike_sa); @@ -261,7 +261,7 @@ static void terminate(private_stroke_control_t *this, stroke_msg_t *msg, FILE *o } } enumerator->destroy(enumerator); - + enumerator = child_list->create_enumerator(child_list); while (enumerator->enumerate(enumerator, &del)) { @@ -269,7 +269,7 @@ static void terminate(private_stroke_control_t *this, stroke_msg_t *msg, FILE *o (controller_cb_t)stroke_log, &info); } enumerator->destroy(enumerator); - + enumerator = ike_list->create_enumerator(ike_list); while (enumerator->enumerate(enumerator, &del)) { @@ -277,7 +277,7 @@ static void terminate(private_stroke_control_t *this, stroke_msg_t *msg, FILE *o (controller_cb_t)stroke_log, &info); } enumerator->destroy(enumerator); - + if (child_list->get_count(child_list) == 0 && ike_list->get_count(ike_list) == 0) { @@ -298,7 +298,7 @@ static void terminate_srcip(private_stroke_control_t *this, ike_sa_t *ike_sa; host_t *start = NULL, *end = NULL, *vip; chunk_t chunk_start, chunk_end = chunk_empty, chunk_vip; - + if (msg->terminate_srcip.start) { start = host_create_from_string(msg->terminate_srcip.start, 0); @@ -320,7 +320,7 @@ static void terminate_srcip(private_stroke_control_t *this, } chunk_end = end->get_address(end); } - + enumerator = charon->controller->create_ike_sa_enumerator(charon->controller); while (enumerator->enumerate(enumerator, &ike_sa)) { @@ -369,10 +369,10 @@ static void purge_ike(private_stroke_control_t *this, stroke_msg_t *msg, FILE *o linked_list_t *list; uintptr_t del; stroke_log_info_t info; - + info.out = out; info.level = msg->output_verbosity; - + list = linked_list_create(); enumerator = charon->controller->create_ike_sa_enumerator(charon->controller); while (enumerator->enumerate(enumerator, &ike_sa)) @@ -386,7 +386,7 @@ static void purge_ike(private_stroke_control_t *this, stroke_msg_t *msg, FILE *o iterator->destroy(iterator); } enumerator->destroy(enumerator); - + enumerator = list->create_enumerator(list); while (enumerator->enumerate(enumerator, &del)) { @@ -404,7 +404,7 @@ static void route(private_stroke_control_t *this, stroke_msg_t *msg, FILE *out) { peer_cfg_t *peer_cfg; child_cfg_t *child_cfg; - + peer_cfg = charon->backends->get_peer_cfg_by_name(charon->backends, msg->route.name); if (peer_cfg == NULL) @@ -417,7 +417,7 @@ static void route(private_stroke_control_t *this, stroke_msg_t *msg, FILE *out) peer_cfg->destroy(peer_cfg); return; } - + child_cfg = get_child_from_peer(peer_cfg, msg->route.name); if (child_cfg == NULL) { @@ -425,7 +425,7 @@ static void route(private_stroke_control_t *this, stroke_msg_t *msg, FILE *out) peer_cfg->destroy(peer_cfg); return; } - + if (charon->traps->install(charon->traps, peer_cfg, child_cfg)) { fprintf(out, "configuration '%s' routed\n", msg->route.name); @@ -446,7 +446,7 @@ static void unroute(private_stroke_control_t *this, stroke_msg_t *msg, FILE *out child_sa_t *child_sa; enumerator_t *enumerator; u_int32_t id; - + enumerator = charon->traps->create_enumerator(charon->traps); while (enumerator->enumerate(enumerator, NULL, &child_sa)) { @@ -477,7 +477,7 @@ static void destroy(private_stroke_control_t *this) stroke_control_t *stroke_control_create() { private_stroke_control_t *this = malloc_thing(private_stroke_control_t); - + this->public.initiate = (void(*)(stroke_control_t*, stroke_msg_t *msg, FILE *out))initiate; this->public.terminate = (void(*)(stroke_control_t*, stroke_msg_t *msg, FILE *out))terminate; this->public.terminate_srcip = (void(*)(stroke_control_t*, stroke_msg_t *msg, FILE *out))terminate_srcip; @@ -485,7 +485,7 @@ stroke_control_t *stroke_control_create() this->public.route = (void(*)(stroke_control_t*, stroke_msg_t *msg, FILE *out))route; this->public.unroute = (void(*)(stroke_control_t*, stroke_msg_t *msg, FILE *out))unroute; this->public.destroy = (void(*)(stroke_control_t*))destroy; - + return &this->public; } diff --git a/src/charon/plugins/stroke/stroke_control.h b/src/charon/plugins/stroke/stroke_control.h index 5a61a90a4..9b49bdc31 100644 --- a/src/charon/plugins/stroke/stroke_control.h +++ b/src/charon/plugins/stroke/stroke_control.h @@ -38,42 +38,42 @@ struct stroke_control_t { * @param msg stroke message */ void (*initiate)(stroke_control_t *this, stroke_msg_t *msg, FILE *out); - + /** * Terminate a connection. * * @param msg stroke message */ void (*terminate)(stroke_control_t *this, stroke_msg_t *msg, FILE *out); - + /** * Terminate a connection by peers virtual IP. * * @param msg stroke message */ void (*terminate_srcip)(stroke_control_t *this, stroke_msg_t *msg, FILE *out); - + /** * Delete IKE_SAs without a CHILD_SA. * * @param msg stroke message */ void (*purge_ike)(stroke_control_t *this, stroke_msg_t *msg, FILE *out); - + /** * Route a connection. * * @param msg stroke message */ void (*route)(stroke_control_t *this, stroke_msg_t *msg, FILE *out); - + /** * Unroute a connection. * * @param msg stroke message */ void (*unroute)(stroke_control_t *this, stroke_msg_t *msg, FILE *out); - + /** * Destroy a stroke_control instance. */ diff --git a/src/charon/plugins/stroke/stroke_cred.c b/src/charon/plugins/stroke/stroke_cred.c index 57a02c7a1..9133a1380 100644 --- a/src/charon/plugins/stroke/stroke_cred.c +++ b/src/charon/plugins/stroke/stroke_cred.c @@ -55,7 +55,7 @@ struct private_stroke_cred_t { * public functions */ stroke_cred_t public; - + /** * list of trusted peer/signer/CA certificates (certificate_t) */ @@ -70,12 +70,12 @@ struct private_stroke_cred_t { * list of private keys (private_key_t) */ linked_list_t *private; - + /** * read-write lock to lists */ rwlock_t *lock; - + /** * cache CRLs to disk? */ @@ -107,7 +107,7 @@ static bool private_filter(id_data_t *data, { private_key_t *key; chunk_t keyid; - + key = *in; if (data->id == NULL) { @@ -134,7 +134,7 @@ static enumerator_t* create_private_enumerator(private_stroke_cred_t *this, data = malloc_thing(id_data_t); data->this = this; data->id = id; - + this->lock->read_lock(this->lock); return enumerator_create_filter(this->private->create_enumerator(this->private), (void*)private_filter, data, @@ -149,7 +149,7 @@ static bool certs_filter(id_data_t *data, certificate_t **in, certificate_t **ou public_key_t *public; certificate_t *cert = *in; chunk_t keyid; - + if (cert->get_type(cert) == CERT_X509_CRL || cert->get_type(cert) == CERT_X509_AC) { @@ -160,7 +160,7 @@ static bool certs_filter(id_data_t *data, certificate_t **in, certificate_t **ou *out = *in; return TRUE; } - + public = cert->get_public_key(cert); if (public) { @@ -182,7 +182,7 @@ static bool certs_filter(id_data_t *data, certificate_t **in, certificate_t **ou static bool crl_filter(id_data_t *data, certificate_t **in, certificate_t **out) { certificate_t *cert = *in; - + if (cert->get_type(cert) != CERT_X509_CRL) { return FALSE; @@ -202,7 +202,7 @@ static bool crl_filter(id_data_t *data, certificate_t **in, certificate_t **out) static bool ac_filter(id_data_t *data, certificate_t **in, certificate_t **out) { certificate_t *cert = *in; - + if (cert->get_type(cert) != CERT_X509_AC) { return FALSE; @@ -224,7 +224,7 @@ static enumerator_t* create_cert_enumerator(private_stroke_cred_t *this, identification_t *id, bool trusted) { id_data_t *data; - + if (cert == CERT_X509_CRL || cert == CERT_X509_AC) { if (trusted) @@ -234,7 +234,7 @@ static enumerator_t* create_cert_enumerator(private_stroke_cred_t *this, data = malloc_thing(id_data_t); data->this = this; data->id = id; - + this->lock->read_lock(this->lock); return enumerator_create_filter(this->certs->create_enumerator(this->certs), (cert == CERT_X509_CRL)? (void*)crl_filter : (void*)ac_filter, @@ -247,7 +247,7 @@ static enumerator_t* create_cert_enumerator(private_stroke_cred_t *this, data = malloc_thing(id_data_t); data->this = this; data->id = id; - + this->lock->read_lock(this->lock); return enumerator_create_filter(this->certs->create_enumerator(this->certs), (void*)certs_filter, data, @@ -286,7 +286,7 @@ static bool shared_filter(shared_data_t *data, { return FALSE; } - + my_match = stroke->has_owner(stroke, data->me); other_match = stroke->has_owner(stroke, data->other); if (!my_match && !other_match) @@ -308,12 +308,12 @@ static bool shared_filter(shared_data_t *data, /** * Implements credential_set_t.create_shared_enumerator */ -static enumerator_t* create_shared_enumerator(private_stroke_cred_t *this, +static enumerator_t* create_shared_enumerator(private_stroke_cred_t *this, shared_key_type_t type, identification_t *me, identification_t *other) { shared_data_t *data = malloc_thing(shared_data_t); - + data->this = this; data->me = me; data->other = other; @@ -331,7 +331,7 @@ static certificate_t* add_cert(private_stroke_cred_t *this, certificate_t *cert) { certificate_t *current; enumerator_t *enumerator; - bool new = TRUE; + bool new = TRUE; this->lock->read_lock(this->lock); enumerator = this->certs->create_enumerator(this->certs); @@ -355,7 +355,7 @@ static certificate_t* add_cert(private_stroke_cred_t *this, certificate_t *cert) this->lock->unlock(this->lock); return cert; } - + /** * Implementation of stroke_cred_t.load_ca. */ @@ -363,7 +363,7 @@ static certificate_t* load_ca(private_stroke_cred_t *this, char *filename) { certificate_t *cert; char path[PATH_MAX]; - + if (*filename == '/') { snprintf(path, sizeof(path), "%s", filename); @@ -372,7 +372,7 @@ static certificate_t* load_ca(private_stroke_cred_t *this, char *filename) { snprintf(path, sizeof(path), "%s/%s", CA_CERTIFICATE_DIR, filename); } - + cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509, BUILD_FROM_FILE, path, @@ -380,7 +380,7 @@ static certificate_t* load_ca(private_stroke_cred_t *this, char *filename) if (cert) { x509_t *x509 = (x509_t*)cert; - + if (!(x509->get_flags(x509) & X509_CA)) { DBG1(DBG_CFG, " ca certificate '%Y' misses ca basic constraint, " @@ -400,7 +400,7 @@ static bool add_crl(private_stroke_cred_t *this, crl_t* crl) { certificate_t *current, *cert = &crl->certificate; enumerator_t *enumerator; - bool new = TRUE, found = FALSE; + bool new = TRUE, found = FALSE; this->lock->write_lock(this->lock); enumerator = this->certs->create_enumerator(this->certs); @@ -411,7 +411,7 @@ static bool add_crl(private_stroke_cred_t *this, crl_t* crl) crl_t *crl_c = (crl_t*)current; chunk_t authkey = crl->get_authKeyIdentifier(crl); chunk_t authkey_c = crl_c->get_authKeyIdentifier(crl_c); - + /* if compare authorityKeyIdentifiers if available */ if (authkey.ptr && authkey_c.ptr && chunk_equals(authkey, authkey_c)) { @@ -421,7 +421,7 @@ static bool add_crl(private_stroke_cred_t *this, crl_t* crl) { identification_t *issuer = cert->get_issuer(cert); identification_t *issuer_c = current->get_issuer(current); - + /* otherwise compare issuer distinguished names */ if (issuer->equals(issuer, issuer_c)) { @@ -444,7 +444,7 @@ static bool add_crl(private_stroke_cred_t *this, crl_t* crl) } } enumerator->destroy(enumerator); - + if (new) { this->certs->insert_last(this->certs, cert); @@ -482,7 +482,7 @@ static certificate_t* load_peer(private_stroke_cred_t *this, char *filename) { snprintf(path, sizeof(path), "%s/%s", CERTIFICATE_DIR, filename); } - + cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509, BUILD_FROM_FILE, path, @@ -508,7 +508,7 @@ static void load_certdir(private_stroke_cred_t *this, char *path, { struct stat st; char *file; - + enumerator_t *enumerator = enumerator_create_directory(path); if (!enumerator) @@ -538,7 +538,7 @@ static void load_certdir(private_stroke_cred_t *this, char *path, if (cert) { x509_t *x509 = (x509_t*)cert; - + if (!(x509->get_flags(x509) & X509_CA)) { DBG1(DBG_CFG, " ca certificate '%Y' misses " @@ -629,18 +629,18 @@ static void cache_cert(private_stroke_cred_t *this, certificate_t *cert) { /* CRLs get written to /etc/ipsec.d/crls/<authkeyId>.crl */ crl_t *crl = (crl_t*)cert; - + cert->get_ref(cert); if (add_crl(this, crl)) { char buf[BUF_LEN]; chunk_t chunk, hex; - + chunk = crl->get_authKeyIdentifier(crl); hex = chunk_to_hex(chunk, NULL, FALSE); snprintf(buf, sizeof(buf), "%s/%s.crl", CRL_DIR, hex); free(hex.ptr); - + chunk = cert->get_encoding(cert); chunk_write(chunk, buf, "crl", 022, TRUE); free(chunk.ptr); @@ -695,7 +695,7 @@ static err_t extract_secret(chunk_t *secret, chunk_t *line) } if (quotes) - { + { /* treat as an ASCII string */ *secret = chunk_clone(raw_secret); return NULL; @@ -736,7 +736,7 @@ typedef struct { chunk_t passphrase_cb(passphrase_cb_data_t *data, int try) { chunk_t secret = chunk_empty;; - + if (try > 5) { fprintf(data->prompt, "invalid passphrase, too many trials\n"); @@ -809,7 +809,7 @@ static void load_secrets(private_stroke_cred_t *this, char *file, int level, private->destroy(private); } } - + while (fetchline(&src, &line)) { chunk_t ids, token; @@ -827,7 +827,7 @@ static void load_secrets(private_stroke_cred_t *this, char *file, int level, glob_t buf; char **expanded, *dir, pattern[PATH_MAX]; u_char *pos; - + if (level > MAX_SECRETS_RECURSION) { DBG1(DBG_CFG, "maximum level of %d includes reached, ignored", @@ -854,7 +854,7 @@ static void load_secrets(private_stroke_cred_t *this, char *file, int level, { /* use directory of current file if relative */ dir = strdup(file); dir = dirname(dir); - + if (line.len + 1 + strlen(dir) + 1 > sizeof(pattern)) { DBG1(DBG_CFG, "include pattern too long, ignored"); @@ -880,7 +880,7 @@ static void load_secrets(private_stroke_cred_t *this, char *file, int level, globfree(&buf); continue; } - + if (line.len > 2 && strneq(": ", line.ptr, 2)) { /* no ids, skip the ':' */ @@ -932,7 +932,7 @@ static void load_secrets(private_stroke_cred_t *this, char *file, int level, else { /* relative path name */ - snprintf(path, sizeof(path), "%s/%.*s", PRIVATE_KEY_DIR, + snprintf(path, sizeof(path), "%s/%.*s", PRIVATE_KEY_DIR, filename.len, filename.ptr); } @@ -951,7 +951,7 @@ static void load_secrets(private_stroke_cred_t *this, char *file, int level, if (prompt) { passphrase_cb_data_t data; - + data.prompt = prompt; data.file = path; key = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, @@ -984,9 +984,9 @@ static void load_secrets(private_stroke_cred_t *this, char *file, int level, char smartcard[32], keyid[22], pin[32]; private_key_t *key; u_int slot; - + err_t ugh = extract_value(&sc, &line); - + if (ugh != NULL) { DBG1(DBG_CFG, "line %d: %s", line_nr, ugh); @@ -999,7 +999,7 @@ static void load_secrets(private_stroke_cred_t *this, char *file, int level, } snprintf(smartcard, sizeof(smartcard), "%.*s", sc.len, sc.ptr); smartcard[sizeof(smartcard) - 1] = '\0'; - + /* parse slot and key id. only two formats are supported. * first try %smartcard<slot>:<keyid> */ if (sscanf(smartcard, "%%smartcard%u:%s", &slot, keyid) == 2) @@ -1017,7 +1017,7 @@ static void load_secrets(private_stroke_cred_t *this, char *file, int level, " supported or invalid", line_nr); goto error; } - + if (!eat_whitespace(&line)) { DBG1(DBG_CFG, "line %d: expected PIN", line_nr); @@ -1031,12 +1031,12 @@ static void load_secrets(private_stroke_cred_t *this, char *file, int level, } snprintf(pin, sizeof(pin), "%.*s", secret.len, secret.ptr); pin[sizeof(pin) - 1] = '\0'; - + /* we assume an RSA key */ key = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_RSA, BUILD_SMARTCARD_KEYID, smartcard, BUILD_SMARTCARD_PIN, pin, BUILD_END); - + if (key) { DBG1(DBG_CFG, " loaded private key from %.*s", sc.len, sc.ptr); @@ -1063,7 +1063,7 @@ static void load_secrets(private_stroke_cred_t *this, char *file, int level, DBG1(DBG_CFG, " loaded %N secret for %s", shared_key_type_names, type, ids.len > 0 ? (char*)ids.ptr : "%any"); DBG4(DBG_CFG, " secret: %#B", &secret); - + this->shared->insert_last(this->shared, shared_key); while (ids.len > 0) { @@ -1080,7 +1080,7 @@ static void load_secrets(private_stroke_cred_t *this, char *file, int level, { continue; } - + /* NULL terminate the ID string */ *(id.ptr + id.len) = '\0'; peer_id = identification_create_from_string(id.ptr); @@ -1089,7 +1089,7 @@ static void load_secrets(private_stroke_cred_t *this, char *file, int level, peer_id->destroy(peer_id); continue; } - + shared_key->add_owner(shared_key, peer_id); any = FALSE; } @@ -1201,7 +1201,7 @@ static void destroy(private_stroke_cred_t *this) stroke_cred_t *stroke_cred_create() { private_stroke_cred_t *this = malloc_thing(private_stroke_cred_t); - + this->public.set.create_private_enumerator = (void*)create_private_enumerator; this->public.set.create_cert_enumerator = (void*)create_cert_enumerator; this->public.set.create_shared_enumerator = (void*)create_shared_enumerator; @@ -1212,7 +1212,7 @@ stroke_cred_t *stroke_cred_create() this->public.load_peer = (certificate_t*(*)(stroke_cred_t*, char *filename))load_peer; this->public.cachecrl = (void(*)(stroke_cred_t*, bool enabled))cachecrl; this->public.destroy = (void(*)(stroke_cred_t*))destroy; - + this->certs = linked_list_create(); this->shared = linked_list_create(); this->private = linked_list_create(); @@ -1220,9 +1220,9 @@ stroke_cred_t *stroke_cred_create() load_certs(this); load_secrets(this, SECRETS_FILE, 0, NULL); - + this->cachecrl = FALSE; - + return &this->public; } diff --git a/src/charon/plugins/stroke/stroke_cred.h b/src/charon/plugins/stroke/stroke_cred.h index 3924ccbc1..ccee7d87c 100644 --- a/src/charon/plugins/stroke/stroke_cred.h +++ b/src/charon/plugins/stroke/stroke_cred.h @@ -38,7 +38,7 @@ struct stroke_cred_t { * Implements credential_set_t */ credential_set_t set; - + /** * Reread secrets from config files. * @@ -46,7 +46,7 @@ struct stroke_cred_t { * @param prompt I/O channel to prompt for private key passhprase */ void (*reread)(stroke_cred_t *this, stroke_msg_t *msg, FILE *prompt); - + /** * Load a CA certificate, and serve it through the credential_set. * @@ -54,7 +54,7 @@ struct stroke_cred_t { * @return reference to loaded certificate, or NULL */ certificate_t* (*load_ca)(stroke_cred_t *this, char *filename); - + /** * Load a peer certificate and serve it rhrough the credential_set. * @@ -62,14 +62,14 @@ struct stroke_cred_t { * @return reference to loaded certificate, or NULL */ certificate_t* (*load_peer)(stroke_cred_t *this, char *filename); - + /** * Enable/Disable CRL caching to disk. * * @param enabled TRUE to enable, FALSE to disable */ void (*cachecrl)(stroke_cred_t *this, bool enabled); - + /** * Destroy a stroke_cred instance. */ diff --git a/src/charon/plugins/stroke/stroke_list.c b/src/charon/plugins/stroke/stroke_list.c index d6754482f..ced627f50 100644 --- a/src/charon/plugins/stroke/stroke_list.c +++ b/src/charon/plugins/stroke/stroke_list.c @@ -40,12 +40,12 @@ struct private_stroke_list_t { * public functions */ stroke_list_t public; - + /** * timestamp of daemon start */ time_t uptime; - + /** * strokes attribute provider */ @@ -59,44 +59,44 @@ static void log_ike_sa(FILE *out, ike_sa_t *ike_sa, bool all) { ike_sa_id_t *id = ike_sa->get_id(ike_sa); time_t now = time_monotonic(NULL); - + fprintf(out, "%12s[%d]: %N", ike_sa->get_name(ike_sa), ike_sa->get_unique_id(ike_sa), ike_sa_state_names, ike_sa->get_state(ike_sa)); - + if (ike_sa->get_state(ike_sa) == IKE_ESTABLISHED) { time_t established; - + established = ike_sa->get_statistic(ike_sa, STAT_ESTABLISHED); fprintf(out, " %V ago", &now, &established); } - + fprintf(out, ", %H[%Y]...%H[%Y]\n", ike_sa->get_my_host(ike_sa), ike_sa->get_my_id(ike_sa), ike_sa->get_other_host(ike_sa), ike_sa->get_other_id(ike_sa)); - + if (all) { proposal_t *ike_proposal; - + ike_proposal = ike_sa->get_proposal(ike_sa); - + fprintf(out, "%12s[%d]: IKE SPIs: %.16llx_i%s %.16llx_r%s", ike_sa->get_name(ike_sa), ike_sa->get_unique_id(ike_sa), id->get_initiator_spi(id), id->is_initiator(id) ? "*" : "", id->get_responder_spi(id), id->is_initiator(id) ? "" : "*"); - - + + if (ike_sa->get_state(ike_sa) == IKE_ESTABLISHED) { time_t rekey, reauth; peer_cfg_t *peer_cfg; - + rekey = ike_sa->get_statistic(ike_sa, STAT_REKEY); reauth = ike_sa->get_statistic(ike_sa, STAT_REAUTH); peer_cfg = ike_sa->get_peer_cfg(ike_sa); - + if (rekey) { fprintf(out, ", rekeying in %V", &rekey, &now); @@ -106,7 +106,7 @@ static void log_ike_sa(FILE *out, ike_sa_t *ike_sa, bool all) bool first = TRUE; enumerator_t *enumerator; auth_cfg_t *auth; - + fprintf(out, ", "); enumerator = peer_cfg->create_auth_cfg_enumerator(peer_cfg, TRUE); while (enumerator->enumerate(enumerator, &auth)) @@ -128,11 +128,11 @@ static void log_ike_sa(FILE *out, ike_sa_t *ike_sa, bool all) } } fprintf(out, "\n"); - + if (ike_proposal) { char buf[BUF_LEN]; - + snprintf(buf, BUF_LEN, "%P", ike_proposal); fprintf(out, "%12s[%d]: IKE proposal: %s\n", ike_sa->get_name(ike_sa), ike_sa->get_unique_id(ike_sa), @@ -150,14 +150,14 @@ static void log_child_sa(FILE *out, child_sa_t *child_sa, bool all) u_int64_t bytes_in, bytes_out; proposal_t *proposal; child_cfg_t *config = child_sa->get_config(child_sa); - - - fprintf(out, "%12s{%d}: %N, %N%s", + + + fprintf(out, "%12s{%d}: %N, %N%s", child_sa->get_name(child_sa), child_sa->get_reqid(child_sa), child_sa_state_names, child_sa->get_state(child_sa), ipsec_mode_names, child_sa->get_mode(child_sa), config->use_proxy_mode(config) ? "_PROXY" : ""); - + if (child_sa->get_state(child_sa) == CHILD_INSTALLED) { fprintf(out, ", %N%s SPIs: %.8x_i %.8x_o", @@ -165,30 +165,30 @@ static void log_child_sa(FILE *out, child_sa_t *child_sa, bool all) child_sa->has_encap(child_sa) ? " in UDP" : "", ntohl(child_sa->get_spi(child_sa, TRUE)), ntohl(child_sa->get_spi(child_sa, FALSE))); - + if (child_sa->get_ipcomp(child_sa) != IPCOMP_NONE) { fprintf(out, ", IPCOMP CPIs: %.4x_i %.4x_o", ntohs(child_sa->get_cpi(child_sa, TRUE)), ntohs(child_sa->get_cpi(child_sa, FALSE))); } - + if (all) { - fprintf(out, "\n%12s{%d}: ", child_sa->get_name(child_sa), + fprintf(out, "\n%12s{%d}: ", child_sa->get_name(child_sa), child_sa->get_reqid(child_sa)); - + proposal = child_sa->get_proposal(child_sa); if (proposal) { u_int16_t encr_alg = ENCR_UNDEFINED, int_alg = AUTH_UNDEFINED; u_int16_t encr_size = 0, int_size = 0; - + proposal->get_algorithm(proposal, ENCRYPTION_ALGORITHM, &encr_alg, &encr_size); proposal->get_algorithm(proposal, INTEGRITY_ALGORITHM, &int_alg, &int_size); - + if (encr_alg != ENCR_UNDEFINED) { fprintf(out, "%N", encryption_algorithm_names, encr_alg); @@ -206,7 +206,7 @@ static void log_child_sa(FILE *out, child_sa_t *child_sa, bool all) } } } - + now = time_monotonic(NULL); child_sa->get_usestats(child_sa, TRUE, &use_in, &bytes_in); fprintf(out, ", %llu bytes_i", bytes_in); @@ -222,7 +222,7 @@ static void log_child_sa(FILE *out, child_sa_t *child_sa, bool all) fprintf(out, " (%ds ago)", now - use_out); } fprintf(out, ", rekeying "); - + rekey = child_sa->get_lifetime(child_sa, FALSE); if (rekey) { @@ -239,10 +239,10 @@ static void log_child_sa(FILE *out, child_sa_t *child_sa, bool all) { fprintf(out, "disabled"); } - + } } - + fprintf(out, "\n%12s{%d}: %#R=== %#R\n", child_sa->get_name(child_sa), child_sa->get_reqid(child_sa), child_sa->get_traffic_selectors(child_sa, TRUE), @@ -262,9 +262,9 @@ static void log_auth_cfgs(FILE *out, peer_cfg_t *peer_cfg, bool local) certificate_t *cert; cert_validation_t valid; char *name; - + name = peer_cfg->get_name(peer_cfg); - + enumerator = peer_cfg->create_auth_cfg_enumerator(peer_cfg, local); while (enumerator->enumerate(enumerator, &auth)) { @@ -329,7 +329,7 @@ static void log_auth_cfgs(FILE *out, peer_cfg_t *peer_cfg, bool local) fprintf(out, "%12s: ocsp: status must be GOOD%s\n", name, (valid == VALIDATION_SKIPPED) ? " or SKIPPED" : ""); } - + valid = (uintptr_t)auth->get(auth, AUTH_RULE_CRL_VALIDATION); if (valid != VALIDATION_FAILED) { @@ -362,7 +362,7 @@ static void status(private_stroke_list_t *this, stroke_msg_t *msg, FILE *out, bo ike_sa_t *ike_sa; bool first, found = FALSE; char *name = msg->status.name; - + if (all) { peer_cfg_t *peer_cfg; @@ -371,10 +371,10 @@ static void status(private_stroke_list_t *this, stroke_msg_t *msg, FILE *out, bo u_int32_t dpd; time_t since, now; u_int size, online, offline; - + now = time_monotonic(NULL); since = time(NULL) - (now - this->uptime); - + fprintf(out, "Status of IKEv2 charon daemon (strongSwan "VERSION"):\n"); fprintf(out, " uptime: %V, since %T\n", &now, &this->uptime, &since, FALSE); fprintf(out, " worker threads: %d idle of %d,", @@ -392,7 +392,7 @@ static void status(private_stroke_list_t *this, stroke_msg_t *msg, FILE *out, bo } enumerator->destroy(enumerator); fprintf(out, "\n"); - + first = TRUE; enumerator = this->attribute->create_pool_enumerator(this->attribute); while (enumerator->enumerate(enumerator, &pool, &size, &online, &offline)) @@ -409,7 +409,7 @@ static void status(private_stroke_list_t *this, stroke_msg_t *msg, FILE *out, bo fprintf(out, " %s: %u/%u/%u\n", pool, size, online, offline); } enumerator->destroy(enumerator); - + enumerator = charon->kernel_interface->create_address_enumerator( charon->kernel_interface, FALSE, FALSE); fprintf(out, "Listening IP addresses:\n"); @@ -418,7 +418,7 @@ static void status(private_stroke_list_t *this, stroke_msg_t *msg, FILE *out, bo fprintf(out, " %H\n", host); } enumerator->destroy(enumerator); - + fprintf(out, "Connections:\n"); enumerator = charon->backends->create_peer_cfg_enumerator( charon->backends, NULL, NULL, NULL, NULL); @@ -429,33 +429,33 @@ static void status(private_stroke_list_t *this, stroke_msg_t *msg, FILE *out, bo { continue; } - + ike_cfg = peer_cfg->get_ike_cfg(peer_cfg); fprintf(out, "%12s: %s...%s", peer_cfg->get_name(peer_cfg), ike_cfg->get_my_addr(ike_cfg), ike_cfg->get_other_addr(ike_cfg)); - + dpd = peer_cfg->get_dpd(peer_cfg); if (dpd) { fprintf(out, ", dpddelay=%us", dpd); } fprintf(out, "\n"); - + log_auth_cfgs(out, peer_cfg, TRUE); log_auth_cfgs(out, peer_cfg, FALSE); - + children = peer_cfg->create_child_cfg_enumerator(peer_cfg); while (children->enumerate(children, &child_cfg)) { linked_list_t *my_ts, *other_ts; - + my_ts = child_cfg->get_traffic_selectors(child_cfg, TRUE, NULL, NULL); other_ts = child_cfg->get_traffic_selectors(child_cfg, FALSE, NULL, NULL); fprintf(out, "%12s: child: %#R=== %#R", child_cfg->get_name(child_cfg), my_ts, other_ts); my_ts->destroy_offset(my_ts, offsetof(traffic_selector_t, destroy)); other_ts->destroy_offset(other_ts, offsetof(traffic_selector_t, destroy)); - + if (dpd) { fprintf(out, ", dpdaction=%N", action_names, @@ -468,7 +468,7 @@ static void status(private_stroke_list_t *this, stroke_msg_t *msg, FILE *out, bo enumerator->destroy(enumerator); } - first = TRUE; + first = TRUE; enumerator = charon->traps->create_enumerator(charon->traps); while (enumerator->enumerate(enumerator, NULL, &child_sa)) { @@ -480,14 +480,14 @@ static void status(private_stroke_list_t *this, stroke_msg_t *msg, FILE *out, bo log_child_sa(out, child_sa, all); } enumerator->destroy(enumerator); - + fprintf(out, "Security Associations:\n"); enumerator = charon->controller->create_ike_sa_enumerator(charon->controller); while (enumerator->enumerate(enumerator, &ike_sa)) { bool ike_printed = FALSE; iterator_t *children = ike_sa->create_child_sa_iterator(ike_sa); - + if (name == NULL || streq(name, ike_sa->get_name(ike_sa))) { log_ike_sa(out, ike_sa, all); @@ -506,12 +506,12 @@ static void status(private_stroke_list_t *this, stroke_msg_t *msg, FILE *out, bo ike_printed = TRUE; } log_child_sa(out, child_sa, all); - } + } } children->destroy(children); } enumerator->destroy(enumerator); - + if (!found) { if (name) @@ -536,14 +536,14 @@ static linked_list_t* create_unique_cert_list(certificate_type_t type) charon->credentials, type, KEY_ANY, NULL, FALSE); certificate_t *cert; - + while (enumerator->enumerate(enumerator, (void**)&cert)) { iterator_t *iterator = list->create_iterator(list, TRUE); identification_t *issuer = cert->get_issuer(cert); bool previous_same, same = FALSE, last = TRUE; certificate_t *list_cert; - + while (iterator->iterate(iterator, (void**)&list_cert)) { /* exit if we have a duplicate? */ @@ -581,7 +581,7 @@ static void list_public_key(public_key_t *public, FILE *out) private_key_t *private = NULL; chunk_t keyid; identification_t *id; - + if (public->get_fingerprint(public, KEY_ID_PUBKEY_SHA1, &keyid)) { id = identification_create_from_encoding(ID_KEY_ID, keyid); @@ -610,14 +610,14 @@ static void list_public_key(public_key_t *public, FILE *out) static void stroke_list_pubkeys(linked_list_t *list, bool utc, FILE *out) { bool first = TRUE; - + enumerator_t *enumerator = list->create_enumerator(list); certificate_t *cert; - + while (enumerator->enumerate(enumerator, (void**)&cert)) { public_key_t *public = cert->get_public_key(cert); - + if (public) { if (first) @@ -627,7 +627,7 @@ static void stroke_list_pubkeys(linked_list_t *list, bool utc, FILE *out) first = FALSE; } fprintf(out, "\n"); - + list_public_key(public, out); public->destroy(public); } @@ -638,7 +638,7 @@ static void stroke_list_pubkeys(linked_list_t *list, bool utc, FILE *out) /** * list all X.509 certificates matching the flags */ -static void stroke_list_certs(linked_list_t *list, char *label, +static void stroke_list_certs(linked_list_t *list, char *label, x509_flag_t flags, bool utc, FILE *out) { bool first = TRUE; @@ -650,7 +650,7 @@ static void stroke_list_certs(linked_list_t *list, char *label, { x509_t *x509 = (x509_t*)cert; x509_flag_t x509_flags = x509->get_flags(x509); - + /* list only if flag is set, or flags == 0 (ignoring self-signed) */ if ((x509_flags & flags) || (flags == (x509_flags & ~X509_SELF_SIGNED))) { @@ -660,7 +660,7 @@ static void stroke_list_certs(linked_list_t *list, char *label, chunk_t serial, authkey; time_t notBefore, notAfter; public_key_t *public; - + if (first) { fprintf(out, "\n"); @@ -668,7 +668,7 @@ static void stroke_list_certs(linked_list_t *list, char *label, first = FALSE; } fprintf(out, "\n"); - + /* list subjectAltNames */ enumerator = x509->create_subjectAltName_enumerator(x509); while (enumerator->enumerate(enumerator, (void**)&altName)) @@ -689,12 +689,12 @@ static void stroke_list_certs(linked_list_t *list, char *label, fprintf(out, "\n"); } enumerator->destroy(enumerator); - + fprintf(out, " subject: \"%Y\"\n", cert->get_subject(cert)); fprintf(out, " issuer: \"%Y\"\n", cert->get_issuer(cert)); serial = x509->get_serial(x509); fprintf(out, " serial: %#B\n", &serial); - + /* list validity */ cert->get_validity(cert, &now, ¬Before, ¬After); fprintf(out, " validity: not before %T, ", ¬Before, utc); @@ -720,14 +720,14 @@ static void stroke_list_certs(linked_list_t *list, char *label, } fprintf(out, " \n"); } - + public = cert->get_public_key(cert); if (public) { list_public_key(public, out); public->destroy(public); } - + /* list optional authorityKeyIdentifier */ authkey = x509->get_authKeyIdentifier(x509); if (authkey.ptr) @@ -754,7 +754,7 @@ static void stroke_list_acerts(linked_list_t *list, bool utc, FILE *out) ac_t *ac = (ac_t*)cert; identification_t *id; chunk_t chunk; - + if (first) { fprintf(out, "\n"); @@ -762,7 +762,7 @@ static void stroke_list_acerts(linked_list_t *list, bool utc, FILE *out) first = FALSE; } fprintf(out, "\n"); - + id = cert->get_subject(cert); if (id) { @@ -799,7 +799,7 @@ static void stroke_list_acerts(linked_list_t *list, bool utc, FILE *out) } fprintf(out, " \n"); } - + /* list optional authorityKeyIdentifier */ chunk = ac->get_authKeyIdentifier(ac); if (chunk.ptr) @@ -819,12 +819,12 @@ static void stroke_list_crls(linked_list_t *list, bool utc, FILE *out) time_t thisUpdate, nextUpdate, now = time(NULL); enumerator_t *enumerator = list->create_enumerator(list); certificate_t *cert; - + while (enumerator->enumerate(enumerator, (void**)&cert)) { crl_t *crl = (crl_t*)cert; chunk_t chunk; - + if (first) { fprintf(out, "\n"); @@ -832,21 +832,21 @@ static void stroke_list_crls(linked_list_t *list, bool utc, FILE *out) first = FALSE; } fprintf(out, "\n"); - + fprintf(out, " issuer: \"%Y\"\n", cert->get_issuer(cert)); - + /* list optional crlNumber */ chunk = crl->get_serial(crl); if (chunk.ptr) { fprintf(out, " serial: %#B\n", &chunk); } - + /* count the number of revoked certificates */ { int count = 0; enumerator_t *enumerator = crl->create_enumerator(crl); - + while (enumerator->enumerate(enumerator, NULL, NULL, NULL)) { count++; @@ -855,7 +855,7 @@ static void stroke_list_crls(linked_list_t *list, bool utc, FILE *out) (count == 1)? "" : "s"); enumerator->destroy(enumerator); } - + /* list validity */ cert->get_validity(cert, &now, &thisUpdate, &nextUpdate); fprintf(out, " updates: this %T\n", &thisUpdate, utc); @@ -873,7 +873,7 @@ static void stroke_list_crls(linked_list_t *list, bool utc, FILE *out) } fprintf(out, " \n"); } - + /* list optional authorityKeyIdentifier */ chunk = crl->get_authKeyIdentifier(crl); if (chunk.ptr) @@ -892,7 +892,7 @@ static void stroke_list_ocsp(linked_list_t* list, bool utc, FILE *out) bool first = TRUE; enumerator_t *enumerator = list->create_enumerator(list); certificate_t *cert; - + while (enumerator->enumerate(enumerator, (void**)&cert)) { if (first) @@ -919,7 +919,7 @@ static void list_algs(FILE *out) hash_algorithm_t hash; pseudo_random_function_t prf; diffie_hellman_group_t group; - + fprintf(out, "\n"); fprintf(out, "List of registered IKEv2 Algorithms:\n"); fprintf(out, "\n encryption: "); @@ -972,7 +972,7 @@ static void list(private_stroke_list_t *this, stroke_msg_t *msg, FILE *out) linked_list_t *pubkey_list = create_unique_cert_list(CERT_TRUSTED_PUBKEY); stroke_list_pubkeys(pubkey_list, msg->list.utc, out); - pubkey_list->destroy_offset(pubkey_list, offsetof(certificate_t, destroy)); + pubkey_list->destroy_offset(pubkey_list, offsetof(certificate_t, destroy)); } if (msg->list.flags & (LIST_CERTS | LIST_CACERTS | LIST_OCSPCERTS | LIST_AACERTS)) { @@ -1003,22 +1003,22 @@ static void list(private_stroke_list_t *this, stroke_msg_t *msg, FILE *out) linked_list_t *ac_list = create_unique_cert_list(CERT_X509_AC); stroke_list_acerts(ac_list, msg->list.utc, out); - ac_list->destroy_offset(ac_list, offsetof(certificate_t, destroy)); + ac_list->destroy_offset(ac_list, offsetof(certificate_t, destroy)); } if (msg->list.flags & LIST_CRLS) { linked_list_t *crl_list = create_unique_cert_list(CERT_X509_CRL); stroke_list_crls(crl_list, msg->list.utc, out); - crl_list->destroy_offset(crl_list, offsetof(certificate_t, destroy)); + crl_list->destroy_offset(crl_list, offsetof(certificate_t, destroy)); } if (msg->list.flags & LIST_OCSP) { linked_list_t *ocsp_list = create_unique_cert_list(CERT_X509_OCSP_RESPONSE); stroke_list_ocsp(ocsp_list, msg->list.utc, out); - - ocsp_list->destroy_offset(ocsp_list, offsetof(certificate_t, destroy)); + + ocsp_list->destroy_offset(ocsp_list, offsetof(certificate_t, destroy)); } if (msg->list.flags & LIST_ALGS) { @@ -1038,7 +1038,7 @@ static void pool_leases(private_stroke_list_t *this, FILE *out, char *pool, host_t *lease; bool on; int found = 0; - + fprintf(out, "Leases in pool '%s', usage: %lu/%lu, %lu online\n", pool, online + offline, size, online); enumerator = this->attribute->create_lease_enumerator(this->attribute, pool); @@ -1068,12 +1068,12 @@ static void leases(private_stroke_list_t *this, stroke_msg_t *msg, FILE *out) host_t *address = NULL; char *pool; int found = 0; - + if (msg->leases.address) { address = host_create_from_string(msg->leases.address, 0); } - + enumerator = this->attribute->create_pool_enumerator(this->attribute); while (enumerator->enumerate(enumerator, &pool, &size, &online, &offline)) { @@ -1112,15 +1112,15 @@ static void destroy(private_stroke_list_t *this) stroke_list_t *stroke_list_create(stroke_attribute_t *attribute) { private_stroke_list_t *this = malloc_thing(private_stroke_list_t); - + this->public.list = (void(*)(stroke_list_t*, stroke_msg_t *msg, FILE *out))list; this->public.status = (void(*)(stroke_list_t*, stroke_msg_t *msg, FILE *out,bool))status; this->public.leases = (void(*)(stroke_list_t*, stroke_msg_t *msg, FILE *out))leases; this->public.destroy = (void(*)(stroke_list_t*))destroy; - + this->uptime = time_monotonic(NULL); this->attribute = attribute; - + return &this->public; } diff --git a/src/charon/plugins/stroke/stroke_list.h b/src/charon/plugins/stroke/stroke_list.h index 2430abfbb..b5bedc6c2 100644 --- a/src/charon/plugins/stroke/stroke_list.h +++ b/src/charon/plugins/stroke/stroke_list.h @@ -40,7 +40,7 @@ struct stroke_list_t { * @param out stroke console stream */ void (*list)(stroke_list_t *this, stroke_msg_t *msg, FILE *out); - + /** * Log status information to stroke console. * @@ -49,7 +49,7 @@ struct stroke_list_t { * @param all TRUE for "statusall" */ void (*status)(stroke_list_t *this, stroke_msg_t *msg, FILE *out, bool all); - + /** * Log pool leases to stroke console. * @@ -57,7 +57,7 @@ struct stroke_list_t { * @param out stroke console stream */ void (*leases)(stroke_list_t *this, stroke_msg_t *msg, FILE *out); - + /** * Destroy a stroke_list instance. */ diff --git a/src/charon/plugins/stroke/stroke_plugin.c b/src/charon/plugins/stroke/stroke_plugin.c index 22c1125a1..61ae10953 100644 --- a/src/charon/plugins/stroke/stroke_plugin.c +++ b/src/charon/plugins/stroke/stroke_plugin.c @@ -29,7 +29,7 @@ struct private_stroke_plugin_t { * public functions */ stroke_plugin_t public; - + /** * stroke socket, receives strokes */ @@ -51,9 +51,9 @@ static void destroy(private_stroke_plugin_t *this) plugin_t *plugin_create() { private_stroke_plugin_t *this = malloc_thing(private_stroke_plugin_t); - + this->public.plugin.destroy = (void(*)(plugin_t*))destroy; - + this->socket = stroke_socket_create(); if (this->socket == NULL) { diff --git a/src/charon/plugins/stroke/stroke_plugin.h b/src/charon/plugins/stroke/stroke_plugin.h index 6e9d556ad..3a1e81df6 100644 --- a/src/charon/plugins/stroke/stroke_plugin.h +++ b/src/charon/plugins/stroke/stroke_plugin.h @@ -20,7 +20,7 @@ * @defgroup stroke_plugin stroke_plugin * @{ @ingroup stroke */ - + #ifndef STROKE_PLUGIN_H_ #define STROKE_PLUGIN_H_ diff --git a/src/charon/plugins/stroke/stroke_shared_key.c b/src/charon/plugins/stroke/stroke_shared_key.c index 8f53f509d..4f716e83a 100644 --- a/src/charon/plugins/stroke/stroke_shared_key.c +++ b/src/charon/plugins/stroke/stroke_shared_key.c @@ -28,7 +28,7 @@ struct private_stroke_shared_key_t { * implements shared_key_t */ stroke_shared_key_t public; - + /** * type of this key */ @@ -43,7 +43,7 @@ struct private_stroke_shared_key_t { * list of key owners, as identification_t */ linked_list_t *owners; - + /** * reference counter */ @@ -73,8 +73,8 @@ static private_stroke_shared_key_t* get_ref(private_stroke_shared_key_t *this) static chunk_t get_key(private_stroke_shared_key_t *this) { return this->key; -} - +} + /** * Implementation of stroke_shared_key_t.has_owner. */ @@ -83,7 +83,7 @@ static id_match_t has_owner(private_stroke_shared_key_t *this, identification_t enumerator_t *enumerator; id_match_t match, best = ID_MATCH_NONE; identification_t *current; - + enumerator = this->owners->create_enumerator(this->owners); while (enumerator->enumerate(enumerator, ¤t)) { @@ -135,6 +135,6 @@ stroke_shared_key_t *stroke_shared_key_create(shared_key_type_t type, chunk_t ke this->type = type; this->key = key; this->ref = 1; - + return &this->public; } diff --git a/src/charon/plugins/stroke/stroke_shared_key.h b/src/charon/plugins/stroke/stroke_shared_key.h index 224062100..05ad55083 100644 --- a/src/charon/plugins/stroke/stroke_shared_key.h +++ b/src/charon/plugins/stroke/stroke_shared_key.h @@ -35,21 +35,21 @@ struct stroke_shared_key_t { * Implements the shared_key_t interface. */ shared_key_t shared; - + /** * Add an owner to the key. * * @param owner owner to add */ void (*add_owner)(stroke_shared_key_t *this, identification_t *owner); - + /** * Check if a key has a specific owner. * * @param owner owner to check * @return best match found */ - id_match_t (*has_owner)(stroke_shared_key_t *this, identification_t *owner); + id_match_t (*has_owner)(stroke_shared_key_t *this, identification_t *owner); }; /** diff --git a/src/charon/plugins/stroke/stroke_socket.c b/src/charon/plugins/stroke/stroke_socket.c index f420266cd..7ae00d118 100644 --- a/src/charon/plugins/stroke/stroke_socket.c +++ b/src/charon/plugins/stroke/stroke_socket.c @@ -48,42 +48,42 @@ struct private_stroke_socket_t { * public functions */ stroke_socket_t public; - + /** * Unix socket to listen for strokes */ int socket; - + /** * job accepting stroke messages */ callback_job_t *job; - + /** * configuration backend */ stroke_config_t *config; - + /** * attribute provider */ stroke_attribute_t *attribute; - + /** * controller to control daemon */ stroke_control_t *control; - + /** * credential set */ stroke_cred_t *cred; - + /** * CA sections */ stroke_ca_t *ca; - + /** * Status information logging */ @@ -99,7 +99,7 @@ struct stroke_job_context_t { * file descriptor to read from */ int fd; - + /** * global stroke interface */ @@ -152,7 +152,7 @@ static void pop_end(stroke_msg_t *msg, const char* label, stroke_end_t *end) pop_string(msg, &end->ca2); pop_string(msg, &end->groups); pop_string(msg, &end->updown); - + DBG2(DBG_CFG, " %s=%s", label, end->address); DBG2(DBG_CFG, " %ssubnet=%s", label, end->subnets); DBG2(DBG_CFG, " %ssourceip=%s", label, end->sourceip); @@ -202,7 +202,7 @@ static void stroke_del_conn(private_stroke_socket_t *this, stroke_msg_t *msg) { pop_string(msg, &msg->del_conn.name); DBG1(DBG_CFG, "received stroke: delete connection '%s'", msg->del_conn.name); - + this->config->del(this->config, msg); this->attribute->del_pool(this->attribute, msg); } @@ -214,7 +214,7 @@ static void stroke_initiate(private_stroke_socket_t *this, stroke_msg_t *msg, FI { pop_string(msg, &msg->initiate.name); DBG1(DBG_CFG, "received stroke: initiate '%s'", msg->initiate.name); - + this->control->initiate(this->control, msg, out); } @@ -227,7 +227,7 @@ static void stroke_terminate(private_stroke_socket_t *this, stroke_msg_t *msg, F DBG1(DBG_CFG, "received stroke: terminate '%s'", msg->terminate.name); this->control->terminate(this->control, msg, out); -} +} /** * terminate a connection by peers virtual IP @@ -250,7 +250,7 @@ static void stroke_route(private_stroke_socket_t *this, stroke_msg_t *msg, FILE { pop_string(msg, &msg->route.name); DBG1(DBG_CFG, "received stroke: route '%s'", msg->route.name); - + this->control->route(this->control, msg, out); } @@ -261,7 +261,7 @@ static void stroke_unroute(private_stroke_socket_t *this, stroke_msg_t *msg, FIL { pop_string(msg, &msg->terminate.name); DBG1(DBG_CFG, "received stroke: unroute '%s'", msg->route.name); - + this->control->unroute(this->control, msg, out); } @@ -287,7 +287,7 @@ static void stroke_add_ca(private_stroke_socket_t *this, DBG2(DBG_CFG, " ocspuri=%s", msg->add_ca.ocspuri); DBG2(DBG_CFG, " ocspuri2=%s", msg->add_ca.ocspuri2); DBG2(DBG_CFG, " certuribase=%s", msg->add_ca.certuribase); - + this->ca->add(this->ca, msg); } @@ -299,7 +299,7 @@ static void stroke_del_ca(private_stroke_socket_t *this, { pop_string(msg, &msg->del_ca.name); DBG1(DBG_CFG, "received stroke: delete ca '%s'", msg->del_ca.name); - + this->ca->del(this->ca, msg); } @@ -311,7 +311,7 @@ static void stroke_status(private_stroke_socket_t *this, stroke_msg_t *msg, FILE *out, bool all) { pop_string(msg, &(msg->status.name)); - + this->list->status(this->list, msg, out, all); } @@ -361,7 +361,7 @@ static void stroke_leases(private_stroke_socket_t *this, { pop_string(msg, &msg->leases.pool); pop_string(msg, &msg->leases.address); - + this->list->leases(this->list, msg, out); } @@ -390,11 +390,11 @@ static void stroke_loglevel(private_stroke_socket_t *this, sys_logger_t *sys_logger; file_logger_t *file_logger; debug_t group; - + pop_string(msg, &(msg->loglevel.type)); DBG1(DBG_CFG, "received stroke: loglevel %d for %s", msg->loglevel.level, msg->loglevel.type); - + group = get_group_from_name(msg->loglevel.type); if (group < 0) { @@ -448,7 +448,7 @@ static job_requeue_t process(stroke_job_context_t *ctx) FILE *out; private_stroke_socket_t *this = ctx->this; int strokefd = ctx->fd; - + /* peek the length */ bytes_read = recv(strokefd, &msg_length, sizeof(msg_length), MSG_PEEK); if (bytes_read != sizeof(msg_length)) @@ -457,7 +457,7 @@ static job_requeue_t process(stroke_job_context_t *ctx) strerror(errno)); return JOB_REQUEUE_NONE; } - + /* read message */ msg = alloca(msg_length); bytes_read = recv(strokefd, msg, msg_length, 0); @@ -466,16 +466,16 @@ static job_requeue_t process(stroke_job_context_t *ctx) DBG1(DBG_CFG, "reading stroke message failed: %s", strerror(errno)); return JOB_REQUEUE_NONE; } - + out = fdopen(strokefd, "w+"); if (out == NULL) { DBG1(DBG_CFG, "opening stroke output channel failed: %s", strerror(errno)); return JOB_REQUEUE_NONE; } - + DBG3(DBG_CFG, "stroke message %b", (void*)msg, msg_length); - + switch (msg->type) { case STR_INITIATE: @@ -550,24 +550,24 @@ static job_requeue_t receive(private_stroke_socket_t *this) int oldstate; callback_job_t *job; stroke_job_context_t *ctx; - + pthread_setcancelstate(PTHREAD_CANCEL_ENABLE, &oldstate); strokefd = accept(this->socket, (struct sockaddr *)&strokeaddr, &strokeaddrlen); pthread_setcancelstate(oldstate, NULL); - + if (strokefd < 0) { DBG1(DBG_CFG, "accepting stroke connection failed: %s", strerror(errno)); return JOB_REQUEUE_FAIR; } - + ctx = malloc_thing(stroke_job_context_t); ctx->fd = strokefd; ctx->this = this; job = callback_job_create((callback_job_cb_t)process, ctx, (void*)stroke_job_context_destroy, this->job); charon->processor->queue_job(charon->processor, (job_t*)job); - + return JOB_REQUEUE_FAIR; } @@ -582,7 +582,7 @@ static bool open_socket(private_stroke_socket_t *this) socket_addr.sun_family = AF_UNIX; strcpy(socket_addr.sun_path, STROKE_SOCKET); - + /* set up unix socket */ this->socket = socket(AF_UNIX, SOCK_STREAM, 0); if (this->socket == -1) @@ -590,7 +590,7 @@ static bool open_socket(private_stroke_socket_t *this) DBG1(DBG_CFG, "could not create stroke socket"); return FALSE; } - + unlink(socket_addr.sun_path); old = umask(~(S_IRWXU | S_IRWXG)); if (bind(this->socket, (struct sockaddr *)&socket_addr, sizeof(socket_addr)) < 0) @@ -605,7 +605,7 @@ static bool open_socket(private_stroke_socket_t *this) DBG1(DBG_CFG, "changing stroke socket permissions failed: %s", strerror(errno)); } - + if (listen(this->socket, 10) < 0) { DBG1(DBG_CFG, "could not listen on stroke socket: %s", strerror(errno)); @@ -641,31 +641,31 @@ static void destroy(private_stroke_socket_t *this) stroke_socket_t *stroke_socket_create() { private_stroke_socket_t *this = malloc_thing(private_stroke_socket_t); - + this->public.destroy = (void(*)(stroke_socket_t*))destroy; - + if (!open_socket(this)) { free(this); return NULL; } - + this->cred = stroke_cred_create(); this->attribute = stroke_attribute_create(); this->ca = stroke_ca_create(this->cred); this->config = stroke_config_create(this->ca, this->cred); this->control = stroke_control_create(); this->list = stroke_list_create(this->attribute); - + charon->credentials->add_set(charon->credentials, &this->ca->set); charon->credentials->add_set(charon->credentials, &this->cred->set); charon->backends->add_backend(charon->backends, &this->config->backend); charon->attributes->add_provider(charon->attributes, &this->attribute->provider); - + this->job = callback_job_create((callback_job_cb_t)receive, this, NULL, NULL); charon->processor->queue_job(charon->processor, (job_t*)this->job); - + return &this->public; } diff --git a/src/charon/plugins/stroke/stroke_socket.h b/src/charon/plugins/stroke/stroke_socket.h index 6073f5133..ae5481677 100644 --- a/src/charon/plugins/stroke/stroke_socket.h +++ b/src/charon/plugins/stroke/stroke_socket.h @@ -27,7 +27,7 @@ typedef struct stroke_socket_t stroke_socket_t; * Stroke socket, opens UNIX communication socket, reads and dispatches. */ struct stroke_socket_t { - + /** * Destroy a stroke_socket instance. */ |