diff options
Diffstat (limited to 'src')
366 files changed, 6611 insertions, 1956 deletions
diff --git a/src/Makefile.am b/src/Makefile.am index 38e4b834d..c412d9181 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -73,7 +73,11 @@ if USE_UPDOWN endif if USE_TOOLS - SUBDIRS += scepclient pki + SUBDIRS += scepclient +endif + +if USE_PKI + SUBDIRS += pki endif if USE_SWANCTL @@ -116,6 +120,10 @@ if USE_CMD SUBDIRS += charon-cmd endif +if USE_SVC + SUBDIRS += charon-svc +endif + if USE_LIBPTTLS SUBDIRS += pt-tls-client endif diff --git a/src/charon-svc/Makefile.am b/src/charon-svc/Makefile.am new file mode 100644 index 000000000..ecccf02f5 --- /dev/null +++ b/src/charon-svc/Makefile.am @@ -0,0 +1,16 @@ +bin_PROGRAMS = charon-svc + +charon_svc_SOURCES = charon-svc.c + +charon-svc.o : $(top_builddir)/config.status + +AM_CPPFLAGS = \ + -I$(top_srcdir)/src/libstrongswan \ + -I$(top_srcdir)/src/libhydra \ + -I$(top_srcdir)/src/libcharon \ + -DPLUGINS=\""${charon_plugins}\"" + +charon_svc_LDADD = \ + $(top_builddir)/src/libstrongswan/libstrongswan.la \ + $(top_builddir)/src/libhydra/libhydra.la \ + $(top_builddir)/src/libcharon/libcharon.la diff --git a/src/charon-svc/charon-svc.c b/src/charon-svc/charon-svc.c new file mode 100644 index 000000000..ff5d5de49 --- /dev/null +++ b/src/charon-svc/charon-svc.c @@ -0,0 +1,333 @@ +/* + * Copyright (C) 2013 Martin Willi + * Copyright (C) 2013 revosec AG + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include <library.h> +#include <hydra.h> +#include <daemon.h> + +#include <utils/backtrace.h> +#include <threading/thread.h> + +/** + * The name of our service, both internal and external + */ +#define SERVICE_NAME "charon-svc" + +/** + * Current service status + */ +static SERVICE_STATUS status; + +/** + * Handle for service status + */ +static SERVICE_STATUS_HANDLE handle; + +/** + * Wait event for main thread + */ +static HANDLE event; + +/** + * hook in library for debugging messages + */ +extern void (*dbg) (debug_t group, level_t level, char *fmt, ...); + +/** + * Forward declaration + */ +static DWORD service_handler(DWORD dwControl, DWORD dwEventType, + LPVOID lpEventData, LPVOID lpContext); + +/** + * Logging hook for library logs, using stderr output + */ +static void dbg_stderr(debug_t group, level_t level, char *fmt, ...) +{ + va_list args; + + if (level <= 1) + { + va_start(args, fmt); + fprintf(stderr, "00[%N] ", debug_names, group); + vfprintf(stderr, fmt, args); + fprintf(stderr, "\n"); + va_end(args); + } +} + +/** + * Log strongSwan/Windows version during startup + */ +static void print_version() +{ + OSVERSIONINFOEX osvie; + + memset(&osvie, 0, sizeof(osvie)); + osvie.dwOSVersionInfoSize = sizeof(osvie); + + if (GetVersionEx((LPOSVERSIONINFO)&osvie)) + { + DBG1(DBG_DMN, "Starting IKE service %s (strongSwan %s, " + "Windows %s %d.%d.%d (SP %d.%d)", SERVICE_NAME, VERSION, + osvie.wProductType == VER_NT_WORKSTATION ? "Client" : "Server", + osvie.dwMajorVersion, osvie.dwMinorVersion, osvie.dwBuildNumber, + osvie.wServicePackMajor, osvie.wServicePackMinor); + } +} + +/** + * Update service state to SCM, increase check point if state didn't change + */ +static void update_status(DWORD state) +{ + if (state == status.dwCurrentState) + { + status.dwCheckPoint++; + } + else + { + status.dwCheckPoint = 0; + } + status.dwCurrentState = state; + if (handle) + { + SetServiceStatus(handle, &status); + } +} + +/** + * Control handler for console + */ +static BOOL console_handler(DWORD dwCtrlType) +{ + switch (dwCtrlType) + { + case CTRL_C_EVENT: + case CTRL_BREAK_EVENT: + case CTRL_CLOSE_EVENT: + DBG1(DBG_DMN, "application is stopping, cleaning up"); + if (status.dwCurrentState == SERVICE_RUNNING) + { + charon->bus->alert(charon->bus, ALERT_SHUTDOWN_SIGNAL, + dwCtrlType); + } + /* signal main thread to clean up */ + SetEvent(event); + return TRUE; + default: + return FALSE; + } +} + +/** + * Service handler function + */ +static DWORD service_handler(DWORD dwControl, DWORD dwEventType, + LPVOID lpEventData, LPVOID lpContext) +{ + switch (dwControl) + { + case SERVICE_CONTROL_STOP: + case SERVICE_CONTROL_SHUTDOWN: + DBG1(DBG_DMN, "service is stopping, cleaning up"); + if (status.dwCurrentState == SERVICE_RUNNING) + { + charon->bus->alert(charon->bus, ALERT_SHUTDOWN_SIGNAL, + dwControl); + } + /* signal main thread to clean up */ + SetEvent(event); + return NO_ERROR; + case SERVICE_CONTROL_INTERROGATE: + return NO_ERROR; + default: + return ERROR_CALL_NOT_IMPLEMENTED; + } +} + +/** + * Wait for console program shutdown + */ +static int console_wait() +{ + update_status(SERVICE_RUNNING); + + if (WaitForSingleObjectEx(event, INFINITE, TRUE) != WAIT_OBJECT_0) + { + return 2; + } + return 0; +} + +/** + * Wait for service shutdown + */ +static int service_wait() +{ + /* service is initialized, we now accept control requests */ + status.dwControlsAccepted = SERVICE_ACCEPT_STOP | SERVICE_ACCEPT_SHUTDOWN; + update_status(SERVICE_RUNNING); + status.dwControlsAccepted = 0; + + if (WaitForSingleObjectEx(event, INFINITE, TRUE) != WAIT_OBJECT_0) + { + return 2; + } + return 0; +} + +/** + * Initialize and run charon using a wait function + */ +static void init_and_run(DWORD dwArgc, LPTSTR *lpszArgv, int (*wait)()) +{ + level_t levels[DBG_MAX]; + int i; + + for (i = 0; i < DBG_MAX; i++) + { + levels[i] = LEVEL_CTRL; + } + + update_status(SERVICE_START_PENDING); + event = CreateEvent(NULL, FALSE, FALSE, NULL); + if (event) + { + update_status(SERVICE_START_PENDING); + if (library_init(NULL, SERVICE_NAME)) + { + update_status(SERVICE_START_PENDING); + if (libhydra_init()) + { + update_status(SERVICE_START_PENDING); + if (libcharon_init()) + { + charon->load_loggers(charon, levels, TRUE); + print_version(); + update_status(SERVICE_START_PENDING); + if (charon->initialize(charon, PLUGINS)) + { + update_status(SERVICE_START_PENDING); + lib->plugins->status(lib->plugins, LEVEL_CTRL); + + charon->start(charon); + + status.dwWin32ExitCode = wait(); + } + update_status(SERVICE_STOP_PENDING); + libcharon_deinit(); + } + update_status(SERVICE_STOP_PENDING); + libhydra_deinit(); + } + update_status(SERVICE_STOP_PENDING); + library_deinit(); + } + update_status(SERVICE_STOP_PENDING); + CloseHandle(event); + } + update_status(SERVICE_STOPPED); +} + +/** + * Main routine when running from console + */ +static void console_main(DWORD dwArgc, LPTSTR *lpszArgv) +{ + status.dwWin32ExitCode = 1; + + if (SetConsoleCtrlHandler(console_handler, TRUE)) + { + init_and_run(dwArgc, lpszArgv, console_wait); + SetConsoleCtrlHandler(console_handler, FALSE); + } +} + +/** + * Switch the working directory to the executable directory + */ +static bool switch_workingdir() +{ + CHAR path[MAX_PATH], *pos; + HMODULE module; + + module = GetModuleHandle(NULL); + if (!module) + { + return FALSE; + } + if (!GetModuleFileName(module, path, sizeof(path))) + { + return FALSE; + } + pos = strrchr(path, '\\'); + if (!pos) + { + return FALSE; + } + *pos = 0; + return SetCurrentDirectory(path); +} + +/** + * Service main routine when running as service + */ +static void service_main(DWORD dwArgc, LPTSTR *lpszArgv) +{ + memset(&status, 0, sizeof(status)); + status.dwServiceType = SERVICE_WIN32_OWN_PROCESS; + status.dwWin32ExitCode = 1; + + handle = RegisterServiceCtrlHandlerEx(SERVICE_NAME, service_handler, NULL); + if (handle) + { + if (switch_workingdir()) + { + init_and_run(dwArgc, lpszArgv, service_wait); + } + } +} + +/** + * Main function, starts the service + */ +int main(int argc, char *argv[]) +{ + SERVICE_TABLE_ENTRY services[] = { + { + .lpServiceName = SERVICE_NAME, + .lpServiceProc = service_main, + }, + { NULL, NULL }, + }; + DWORD err; + + dbg = dbg_stderr; + + if (!StartServiceCtrlDispatcher(services)) + { + err = GetLastError(); + if (err == ERROR_FAILED_SERVICE_CONTROLLER_CONNECT) + { + console_main(argc, argv); + } + else + { + return 2; + } + } + return status.dwWin32ExitCode; +} diff --git a/src/charon-tkm/src/tkm/tkm_listener.c b/src/charon-tkm/src/tkm/tkm_listener.c index 050586456..b2692a586 100644 --- a/src/charon-tkm/src/tkm/tkm_listener.c +++ b/src/charon-tkm/src/tkm/tkm_listener.c @@ -310,7 +310,7 @@ METHOD(listener_t, message, bool, " (ISA context %llu)", isa_id); auth_payload = (auth_payload_t*)message->get_payload(message, - AUTHENTICATION); + PLV2_AUTH); if (auth_payload) { chunk_t auth_data; diff --git a/src/checksum/Makefile.am b/src/checksum/Makefile.am index 078c59790..0bc195b84 100644 --- a/src/checksum/Makefile.am +++ b/src/checksum/Makefile.am @@ -22,7 +22,7 @@ AM_CPPFLAGS = \ -DPLUGINDIR=\"${DESTDIR}${plugindir}\" AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) # we keep track of build dependencies in deps and use libs to store the paths # to the installed libraries. for executables we use the built files directly diff --git a/src/conftest/Makefile.am b/src/conftest/Makefile.am index 900741dbb..eeb26f225 100644 --- a/src/conftest/Makefile.am +++ b/src/conftest/Makefile.am @@ -6,7 +6,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libcharon \ -DPLUGINS=\""${charon_plugins}\"" -AM_CFLAGS = -rdynamic +AM_CFLAGS = $(PLUGIN_CFLAGS) conftest_SOURCES = conftest.c conftest.h config.c config.h actions.c actions.h \ hooks/hook.h hooks/ike_auth_fill.c hooks/unsort_message.c \ diff --git a/src/conftest/hooks/add_notify.c b/src/conftest/hooks/add_notify.c index 504b02a7b..73a9b1a80 100644 --- a/src/conftest/hooks/add_notify.c +++ b/src/conftest/hooks/add_notify.c @@ -88,7 +88,7 @@ METHOD(listener_t, message, bool, { data = chunk_clone(chunk_create(this->data, strlen(this->data))); } - notify = notify_payload_create_from_protocol_and_type(NOTIFY, + notify = notify_payload_create_from_protocol_and_type(PLV2_NOTIFY, this->esp ? PROTO_ESP : PROTO_IKE, type); notify->set_spi(notify, this->spi); if (data.len) diff --git a/src/conftest/hooks/custom_proposal.c b/src/conftest/hooks/custom_proposal.c index 6086d13b5..ee4404575 100644 --- a/src/conftest/hooks/custom_proposal.c +++ b/src/conftest/hooks/custom_proposal.c @@ -124,7 +124,7 @@ METHOD(listener_t, message, bool, enumerator = message->create_payload_enumerator(message); while (enumerator->enumerate(enumerator, &payload)) { - if (payload->get_type(payload) == SECURITY_ASSOCIATION) + if (payload->get_type(payload) == PLV2_SECURITY_ASSOCIATION) { old = (sa_payload_t*)payload; message->remove_payload_at(message, enumerator); diff --git a/src/conftest/hooks/force_cookie.c b/src/conftest/hooks/force_cookie.c index 1b044db14..6be516cf4 100644 --- a/src/conftest/hooks/force_cookie.c +++ b/src/conftest/hooks/force_cookie.c @@ -44,7 +44,7 @@ METHOD(listener_t, message, bool, enumerator = message->create_payload_enumerator(message); while (enumerator->enumerate(enumerator, &payload)) { - if (payload->get_type(payload) == NOTIFY) + if (payload->get_type(payload) == PLV2_NOTIFY) { notify_payload_t *notify = (notify_payload_t*)payload; chunk_t data; diff --git a/src/conftest/hooks/ike_auth_fill.c b/src/conftest/hooks/ike_auth_fill.c index 09590d4f3..5cdd5be38 100644 --- a/src/conftest/hooks/ike_auth_fill.c +++ b/src/conftest/hooks/ike_auth_fill.c @@ -108,7 +108,7 @@ METHOD(listener_t, message, bool, diff = this->bytes - size - CERT_PAYLOAD_HEADER_LENGTH; data = chunk_alloc(diff); memset(data.ptr, 0x12, data.len); - pld = cert_payload_create_custom(CERTIFICATE, 201, data); + pld = cert_payload_create_custom(PLV2_CERTIFICATE, 201, data); message->add_payload(message, &pld->payload_interface); DBG1(DBG_CFG, "inserting %d dummy bytes certificate payload", diff); } diff --git a/src/conftest/hooks/log_id.c b/src/conftest/hooks/log_id.c index 07dd6a44e..f47372fa7 100644 --- a/src/conftest/hooks/log_id.c +++ b/src/conftest/hooks/log_id.c @@ -45,8 +45,8 @@ METHOD(listener_t, message, bool, enumerator = message->create_payload_enumerator(message); while (enumerator->enumerate(enumerator, &payload)) { - if (payload->get_type(payload) == ID_INITIATOR || - payload->get_type(payload) == ID_RESPONDER) + if (payload->get_type(payload) == PLV2_ID_INITIATOR || + payload->get_type(payload) == PLV2_ID_RESPONDER) { id_payload = (id_payload_t*)payload; id = id_payload->get_identification(id_payload); diff --git a/src/conftest/hooks/log_ke.c b/src/conftest/hooks/log_ke.c index 710482326..66aa4a65e 100644 --- a/src/conftest/hooks/log_ke.c +++ b/src/conftest/hooks/log_ke.c @@ -43,7 +43,7 @@ METHOD(listener_t, message, bool, enumerator = message->create_payload_enumerator(message); while (enumerator->enumerate(enumerator, &payload)) { - if (payload->get_type(payload) == KEY_EXCHANGE) + if (payload->get_type(payload) == PLV2_KEY_EXCHANGE) { ke = (ke_payload_t*)payload; DBG1(DBG_CFG, "received DH group %N", diff --git a/src/conftest/hooks/log_proposals.c b/src/conftest/hooks/log_proposals.c index 347b83209..c0d458eae 100644 --- a/src/conftest/hooks/log_proposals.c +++ b/src/conftest/hooks/log_proposals.c @@ -45,7 +45,7 @@ METHOD(listener_t, message, bool, enumerator = message->create_payload_enumerator(message); while (enumerator->enumerate(enumerator, &payload)) { - if (payload->get_type(payload) == SECURITY_ASSOCIATION) + if (payload->get_type(payload) == PLV2_SECURITY_ASSOCIATION) { sa = (sa_payload_t*)payload; list = sa->get_proposals(sa); diff --git a/src/conftest/hooks/log_ts.c b/src/conftest/hooks/log_ts.c index f212efa12..79c59b89a 100644 --- a/src/conftest/hooks/log_ts.c +++ b/src/conftest/hooks/log_ts.c @@ -43,8 +43,8 @@ METHOD(listener_t, message, bool, enumerator = message->create_payload_enumerator(message); while (enumerator->enumerate(enumerator, &payload)) { - if (payload->get_type(payload) == TRAFFIC_SELECTOR_INITIATOR || - payload->get_type(payload) == TRAFFIC_SELECTOR_RESPONDER) + if (payload->get_type(payload) == PLV2_TS_INITIATOR || + payload->get_type(payload) == PLV2_TS_RESPONDER) { ts = (ts_payload_t*)payload; host_t *from, *to; diff --git a/src/conftest/hooks/pretend_auth.c b/src/conftest/hooks/pretend_auth.c index 4166afc79..54957b048 100644 --- a/src/conftest/hooks/pretend_auth.c +++ b/src/conftest/hooks/pretend_auth.c @@ -79,7 +79,7 @@ static void process_init_request(private_pretend_auth_t *this, { nonce_payload_t *nonce; - nonce = (nonce_payload_t*)message->get_payload(message, NONCE); + nonce = (nonce_payload_t*)message->get_payload(message, PLV2_NONCE); if (nonce) { free(this->nonce.ptr); @@ -98,13 +98,13 @@ static void process_auth_request(private_pretend_auth_t *this, ts_payload_t *tsi, *tsr; linked_list_t *proposals; - id = (id_payload_t*)message->get_payload(message, ID_RESPONDER); + id = (id_payload_t*)message->get_payload(message, PLV2_ID_RESPONDER); if (id) { this->id->destroy(this->id); this->id = id->get_identification(id); } - sa = (sa_payload_t*)message->get_payload(message, SECURITY_ASSOCIATION); + sa = (sa_payload_t*)message->get_payload(message, PLV2_SECURITY_ASSOCIATION); if (sa) { proposals = sa->get_proposals(sa); @@ -116,13 +116,13 @@ static void process_auth_request(private_pretend_auth_t *this, proposals->destroy_offset(proposals, offsetof(proposal_t, destroy)); } tsi = (ts_payload_t*)message->get_payload(message, - TRAFFIC_SELECTOR_INITIATOR); + PLV2_TS_INITIATOR); if (tsi) { this->tsi = tsi->get_traffic_selectors(tsi); } tsr = (ts_payload_t*)message->get_payload(message, - TRAFFIC_SELECTOR_RESPONDER); + PLV2_TS_RESPONDER); if (tsr) { this->tsr = tsr->get_traffic_selectors(tsr); @@ -154,7 +154,7 @@ static void build_certs(private_pretend_auth_t *this, cert = auth->get(auth, AUTH_RULE_SUBJECT_CERT); if (cert) { - payload = cert_payload_create_from_cert(CERTIFICATE, cert); + payload = cert_payload_create_from_cert(PLV2_CERTIFICATE, cert); if (payload) { DBG1(DBG_IKE, "pretending end entity cert \"%Y\"", @@ -167,7 +167,7 @@ static void build_certs(private_pretend_auth_t *this, { if (type == AUTH_RULE_IM_CERT) { - payload = cert_payload_create_from_cert(CERTIFICATE, cert); + payload = cert_payload_create_from_cert(PLV2_CERTIFICATE, cert); if (payload) { DBG1(DBG_IKE, "pretending issuer cert \"%Y\"", @@ -276,7 +276,7 @@ static void process_auth_response(private_pretend_auth_t *this, { notify_payload_t *notify = (notify_payload_t*)payload; - if (payload->get_type(payload) != NOTIFY || + if (payload->get_type(payload) != PLV2_NOTIFY || notify->get_notify_type(notify) != AUTHENTICATION_FAILED) { DBG1(DBG_CFG, "no %N notify found, disabling AUTH pretending", @@ -295,7 +295,7 @@ static void process_auth_response(private_pretend_auth_t *this, return; } message->add_payload(message, (payload_t*) - id_payload_create_from_identification(ID_RESPONDER, this->id)); + id_payload_create_from_identification(PLV2_ID_RESPONDER, this->id)); if (this->proposal) { message->add_payload(message, (payload_t*) diff --git a/src/conftest/hooks/rebuild_auth.c b/src/conftest/hooks/rebuild_auth.c index b7e6f22e7..bc2f00071 100644 --- a/src/conftest/hooks/rebuild_auth.c +++ b/src/conftest/hooks/rebuild_auth.c @@ -70,7 +70,7 @@ static bool rebuild_auth(private_rebuild_auth_t *this, ike_sa_t *ike_sa, u_int32_t *lenpos; payload = message->get_payload(message, - message->get_request(message) ? ID_INITIATOR : ID_RESPONDER); + message->get_request(message) ? PLV2_ID_INITIATOR : PLV2_ID_RESPONDER); if (!payload) { DBG1(DBG_CFG, "ID payload not found to rebuild AUTH"); @@ -160,7 +160,7 @@ static bool rebuild_auth(private_rebuild_auth_t *this, ike_sa_t *ike_sa, enumerator = message->create_payload_enumerator(message); while (enumerator->enumerate(enumerator, &payload)) { - if (payload->get_type(payload) == AUTHENTICATION) + if (payload->get_type(payload) == PLV2_AUTH) { message->remove_payload_at(message, enumerator); payload->destroy(payload); @@ -191,7 +191,7 @@ METHOD(listener_t, message, bool, { nonce_payload_t *nonce; - nonce = (nonce_payload_t*)message->get_payload(message, NONCE); + nonce = (nonce_payload_t*)message->get_payload(message, PLV2_NONCE); if (nonce) { free(this->nonce.ptr); diff --git a/src/conftest/hooks/set_proposal_number.c b/src/conftest/hooks/set_proposal_number.c index 0cc3cfc63..4e572d608 100644 --- a/src/conftest/hooks/set_proposal_number.c +++ b/src/conftest/hooks/set_proposal_number.c @@ -85,7 +85,7 @@ METHOD(listener_t, message, bool, enumerator = message->create_payload_enumerator(message); while (enumerator->enumerate(enumerator, &payload)) { - if (payload->get_type(payload) == SECURITY_ASSOCIATION) + if (payload->get_type(payload) == PLV2_SECURITY_ASSOCIATION) { sa = (sa_payload_t*)payload; list = sa->get_proposals(sa); diff --git a/src/conftest/hooks/set_reserved.c b/src/conftest/hooks/set_reserved.c index 5961aebc4..488e8df1c 100644 --- a/src/conftest/hooks/set_reserved.c +++ b/src/conftest/hooks/set_reserved.c @@ -55,7 +55,7 @@ static void set_bit(private_set_reserved_t *this, message_t *message, payload_t *payload; bool *bit; - if (type == HEADER) + if (type == PL_HEADER) { message->set_reserved_header_bit(message, nr); DBG1(DBG_CFG, "setting reserved bit %d of %N", @@ -91,7 +91,7 @@ static void set_byte(private_set_reserved_t *this, message_t *message, payload_t *payload; u_int8_t *byte; - if (type == TRANSFORM_SUBSTRUCTURE || type == PROPOSAL_SUBSTRUCTURE) + if (type == PLV2_TRANSFORM_SUBSTRUCTURE || type == PLV2_PROPOSAL_SUBSTRUCTURE) { enumerator_t *transforms, *proposals; transform_substructure_t *transform; @@ -101,13 +101,13 @@ static void set_byte(private_set_reserved_t *this, message_t *message, payloads = message->create_payload_enumerator(message); while (payloads->enumerate(payloads, &payload)) { - if (payload->get_type(payload) == SECURITY_ASSOCIATION) + if (payload->get_type(payload) == PLV2_SECURITY_ASSOCIATION) { sa = (sa_payload_t*)payload; proposals = sa->create_substructure_enumerator(sa); while (proposals->enumerate(proposals, &proposal)) { - if (type == PROPOSAL_SUBSTRUCTURE) + if (type == PLV2_PROPOSAL_SUBSTRUCTURE) { byte = payload_get_field(&proposal->payload_interface, RESERVED_BYTE, nr); @@ -118,7 +118,7 @@ static void set_byte(private_set_reserved_t *this, message_t *message, *byte = byteval; } } - else if (type == TRANSFORM_SUBSTRUCTURE) + else if (type == PLV2_TRANSFORM_SUBSTRUCTURE) { transforms = proposal->create_substructure_enumerator( proposal); diff --git a/src/conftest/hooks/unencrypted_notify.c b/src/conftest/hooks/unencrypted_notify.c index dae76faba..2a7498527 100644 --- a/src/conftest/hooks/unencrypted_notify.c +++ b/src/conftest/hooks/unencrypted_notify.c @@ -83,7 +83,7 @@ METHOD(listener_t, ike_updown, bool, { data = chunk_clone(chunk_create(this->data, strlen(this->data))); } - notify = notify_payload_create_from_protocol_and_type(NOTIFY, + notify = notify_payload_create_from_protocol_and_type(PLV2_NOTIFY, this->esp ? PROTO_ESP : PROTO_IKE, type); notify->set_spi(notify, this->spi); if (data.len) diff --git a/src/libcharon/Makefile.am b/src/libcharon/Makefile.am index 3e7a96103..8513af86b 100644 --- a/src/libcharon/Makefile.am +++ b/src/libcharon/Makefile.am @@ -5,7 +5,6 @@ bus/bus.c bus/bus.h \ bus/listeners/listener.h \ bus/listeners/logger.h \ bus/listeners/file_logger.c bus/listeners/file_logger.h \ -bus/listeners/sys_logger.c bus/listeners/sys_logger.h \ config/backend_manager.c config/backend_manager.h config/backend.h \ config/child_cfg.c config/child_cfg.h \ config/ike_cfg.c config/ike_cfg.h \ @@ -125,6 +124,10 @@ processing/jobs/dpd_timeout_job.c processing/jobs/dpd_timeout_job.h \ processing/jobs/adopt_children_job.c processing/jobs/adopt_children_job.h endif +if USE_SYSLOG + libcharon_la_SOURCES += \ + bus/listeners/sys_logger.c bus/listeners/sys_logger.h +endif daemon.lo : $(top_builddir)/config.status @@ -144,6 +147,10 @@ libcharon_la_LIBADD = \ $(top_builddir)/src/libhydra/libhydra.la \ -lm $(PTHREADLIB) $(DLLIB) $(SOCKLIB) +if USE_WINDOWS + libcharon_la_LIBADD += -lws2_32 +endif + EXTRA_DIST = Android.mk # compile options diff --git a/src/libcharon/bus/listeners/file_logger.c b/src/libcharon/bus/listeners/file_logger.c index 68a386d11..e3661bde6 100644 --- a/src/libcharon/bus/listeners/file_logger.c +++ b/src/libcharon/bus/listeners/file_logger.c @@ -50,6 +50,11 @@ struct private_file_logger_t { FILE *out; /** + * Flush after writing a line? + */ + bool flush_line; + + /** * Maximum level to log, for each group */ level_t levels[DBG_MAX]; @@ -137,6 +142,12 @@ METHOD(logger_t, log_, void, fprintf(this->out, "%.*s\n", (int)(next - current), current); current = next + 1; } +#ifndef HAVE_SETLINEBUF + if (this->flush_line) + { + fflush(this->out); + } +#endif /* !HAVE_SETLINEBUF */ this->mutex->unlock(this->mutex); this->lock->unlock(this->lock); } @@ -214,14 +225,17 @@ METHOD(file_logger_t, open_, void, this->filename, strerror(errno)); return; } +#ifdef HAVE_SETLINEBUF if (flush_line) { setlinebuf(file); } +#endif /* HAVE_SETLINEBUF */ } this->lock->write_lock(this->lock); close_file(this); this->out = file; + this->flush_line = flush_line; this->lock->unlock(this->lock); } diff --git a/src/libcharon/control/controller.c b/src/libcharon/control/controller.c index c546da544..25667e532 100644 --- a/src/libcharon/control/controller.c +++ b/src/libcharon/control/controller.c @@ -20,7 +20,6 @@ #include <sys/types.h> #include <dirent.h> #include <sys/stat.h> -#include <dlfcn.h> #include <daemon.h> #include <library.h> diff --git a/src/libcharon/daemon.c b/src/libcharon/daemon.c index 16babf014..a89995a51 100644 --- a/src/libcharon/daemon.c +++ b/src/libcharon/daemon.c @@ -19,10 +19,13 @@ #include <stdio.h> #include <sys/types.h> #include <unistd.h> -#include <syslog.h> #include <time.h> #include <errno.h> +#ifdef HAVE_SYSLOG +#include <syslog.h> +#endif + #include "daemon.h" #include <library.h> @@ -179,6 +182,7 @@ static bool logger_entry_match(logger_entry_t *this, char *target, bool *file) */ static void handle_syslog_identifier(private_daemon_t *this) { +#ifdef HAVE_SYSLOG char *identifier; identifier = lib->settings->get_str(lib->settings, "%s.syslog.identifier", @@ -198,6 +202,7 @@ static void handle_syslog_identifier(private_daemon_t *this) closelog(); this->syslog_identifier = NULL; } +#endif /* HAVE_SYSLOG */ } /** @@ -206,6 +211,7 @@ static void handle_syslog_identifier(private_daemon_t *this) */ static int get_syslog_facility(char *facility) { +#ifdef HAVE_SYSLOG if (streq(facility, "daemon")) { return LOG_DAEMON; @@ -214,6 +220,7 @@ static int get_syslog_facility(char *facility) { return LOG_AUTHPRIV; } +#endif /* HAVE_SYSLOG */ return -1; } @@ -237,10 +244,12 @@ static logger_entry_t *get_logger_entry(char *target, bool is_file_logger, { entry->logger.file = file_logger_create(target); } +#ifdef HAVE_SYSLOG else { entry->logger.sys = sys_logger_create(get_syslog_facility(target)); } +#endif /* HAVE_SYSLOG */ } else { @@ -381,18 +390,27 @@ METHOD(daemon_t, load_loggers, void, for (group = 0; group < DBG_MAX; group++) { - sys_logger->set_level(sys_logger, group, levels[group]); + if (sys_logger) + { + sys_logger->set_level(sys_logger, group, levels[group]); + } if (to_stderr) { file_logger->set_level(file_logger, group, levels[group]); } } - charon->bus->add_logger(charon->bus, &sys_logger->logger); + if (sys_logger) + { + charon->bus->add_logger(charon->bus, &sys_logger->logger); + } charon->bus->add_logger(charon->bus, &file_logger->logger); sys_logger = add_sys_logger(this, "auth", current_loggers); - sys_logger->set_level(sys_logger, DBG_ANY, LEVEL_AUDIT); - charon->bus->add_logger(charon->bus, &sys_logger->logger); + if (sys_logger) + { + sys_logger->set_level(sys_logger, DBG_ANY, LEVEL_AUDIT); + charon->bus->add_logger(charon->bus, &sys_logger->logger); + } } /* unregister and destroy any unused remaining loggers */ current_loggers->destroy_function(current_loggers, diff --git a/src/libcharon/encoding/generator.c b/src/libcharon/encoding/generator.c index 2b6825c71..a0a508f53 100644 --- a/src/libcharon/encoding/generator.c +++ b/src/libcharon/encoding/generator.c @@ -17,7 +17,6 @@ #include <stdlib.h> #include <string.h> -#include <arpa/inet.h> #include <stdio.h> #include "generator.h" @@ -498,15 +497,15 @@ METHOD(generator_t, generate_payload, void, case ENCRYPTED_DATA: generate_from_chunk(this, rules[i].offset); break; - case PAYLOAD_LIST + PROPOSAL_SUBSTRUCTURE: - case PAYLOAD_LIST + PROPOSAL_SUBSTRUCTURE_V1: - case PAYLOAD_LIST + TRANSFORM_SUBSTRUCTURE: - case PAYLOAD_LIST + TRANSFORM_SUBSTRUCTURE_V1: - case PAYLOAD_LIST + TRANSFORM_ATTRIBUTE: - case PAYLOAD_LIST + TRANSFORM_ATTRIBUTE_V1: - case PAYLOAD_LIST + CONFIGURATION_ATTRIBUTE: - case PAYLOAD_LIST + CONFIGURATION_ATTRIBUTE_V1: - case PAYLOAD_LIST + TRAFFIC_SELECTOR_SUBSTRUCTURE: + case PAYLOAD_LIST + PLV2_PROPOSAL_SUBSTRUCTURE: + case PAYLOAD_LIST + PLV1_PROPOSAL_SUBSTRUCTURE: + case PAYLOAD_LIST + PLV2_TRANSFORM_SUBSTRUCTURE: + case PAYLOAD_LIST + PLV1_TRANSFORM_SUBSTRUCTURE: + case PAYLOAD_LIST + PLV2_TRANSFORM_ATTRIBUTE: + case PAYLOAD_LIST + PLV1_TRANSFORM_ATTRIBUTE: + case PAYLOAD_LIST + PLV2_CONFIGURATION_ATTRIBUTE: + case PAYLOAD_LIST + PLV1_CONFIGURATION_ATTRIBUTE: + case PAYLOAD_LIST + PLV2_TRAFFIC_SELECTOR_SUBSTRUCTURE: { linked_list_t *proposals; enumerator_t *enumerator; diff --git a/src/libcharon/encoding/message.c b/src/libcharon/encoding/message.c index 3a1014ef0..0f5f40ada 100644 --- a/src/libcharon/encoding/message.c +++ b/src/libcharon/encoding/message.c @@ -89,7 +89,7 @@ typedef struct { typedef struct { /** payload type */ payload_type_t type; - /** notify type, if payload == NOTIFY */ + /** notify type, if payload == PLV2_NOTIFY */ notify_type_t notify; } payload_order_t; @@ -120,11 +120,11 @@ typedef struct { */ static payload_rule_t ike_sa_init_i_rules[] = { /* payload type min max encr suff */ - {NOTIFY, 0, MAX_NOTIFY_PAYLOADS, FALSE, FALSE}, - {SECURITY_ASSOCIATION, 1, 1, FALSE, FALSE}, - {KEY_EXCHANGE, 1, 1, FALSE, FALSE}, - {NONCE, 1, 1, FALSE, FALSE}, - {VENDOR_ID, 0, MAX_VID_PAYLOADS, FALSE, FALSE}, + {PLV2_NOTIFY, 0, MAX_NOTIFY_PAYLOADS, FALSE, FALSE}, + {PLV2_SECURITY_ASSOCIATION, 1, 1, FALSE, FALSE}, + {PLV2_KEY_EXCHANGE, 1, 1, FALSE, FALSE}, + {PLV2_NONCE, 1, 1, FALSE, FALSE}, + {PLV2_VENDOR_ID, 0, MAX_VID_PAYLOADS, FALSE, FALSE}, }; /** @@ -132,14 +132,14 @@ static payload_rule_t ike_sa_init_i_rules[] = { */ static payload_order_t ike_sa_init_i_order[] = { /* payload type notify type */ - {NOTIFY, COOKIE}, - {SECURITY_ASSOCIATION, 0}, - {KEY_EXCHANGE, 0}, - {NONCE, 0}, - {NOTIFY, NAT_DETECTION_SOURCE_IP}, - {NOTIFY, NAT_DETECTION_DESTINATION_IP}, - {NOTIFY, 0}, - {VENDOR_ID, 0}, + {PLV2_NOTIFY, COOKIE}, + {PLV2_SECURITY_ASSOCIATION, 0}, + {PLV2_KEY_EXCHANGE, 0}, + {PLV2_NONCE, 0}, + {PLV2_NOTIFY, NAT_DETECTION_SOURCE_IP}, + {PLV2_NOTIFY, NAT_DETECTION_DESTINATION_IP}, + {PLV2_NOTIFY, 0}, + {PLV2_VENDOR_ID, 0}, }; /** @@ -147,12 +147,12 @@ static payload_order_t ike_sa_init_i_order[] = { */ static payload_rule_t ike_sa_init_r_rules[] = { /* payload type min max encr suff */ - {NOTIFY, 0, MAX_NOTIFY_PAYLOADS, FALSE, TRUE}, - {SECURITY_ASSOCIATION, 1, 1, FALSE, FALSE}, - {KEY_EXCHANGE, 1, 1, FALSE, FALSE}, - {NONCE, 1, 1, FALSE, FALSE}, - {CERTIFICATE_REQUEST, 0, MAX_CERTREQ_PAYLOADS, FALSE, FALSE}, - {VENDOR_ID, 0, MAX_VID_PAYLOADS, FALSE, FALSE}, + {PLV2_NOTIFY, 0, MAX_NOTIFY_PAYLOADS, FALSE, TRUE}, + {PLV2_SECURITY_ASSOCIATION, 1, 1, FALSE, FALSE}, + {PLV2_KEY_EXCHANGE, 1, 1, FALSE, FALSE}, + {PLV2_NONCE, 1, 1, FALSE, FALSE}, + {PLV2_CERTREQ, 0, MAX_CERTREQ_PAYLOADS, FALSE, FALSE}, + {PLV2_VENDOR_ID, 0, MAX_VID_PAYLOADS, FALSE, FALSE}, }; /** @@ -160,15 +160,15 @@ static payload_rule_t ike_sa_init_r_rules[] = { */ static payload_order_t ike_sa_init_r_order[] = { /* payload type notify type */ - {SECURITY_ASSOCIATION, 0}, - {KEY_EXCHANGE, 0}, - {NONCE, 0}, - {NOTIFY, NAT_DETECTION_SOURCE_IP}, - {NOTIFY, NAT_DETECTION_DESTINATION_IP}, - {NOTIFY, HTTP_CERT_LOOKUP_SUPPORTED}, - {CERTIFICATE_REQUEST, 0}, - {NOTIFY, 0}, - {VENDOR_ID, 0}, + {PLV2_SECURITY_ASSOCIATION, 0}, + {PLV2_KEY_EXCHANGE, 0}, + {PLV2_NONCE, 0}, + {PLV2_NOTIFY, NAT_DETECTION_SOURCE_IP}, + {PLV2_NOTIFY, NAT_DETECTION_DESTINATION_IP}, + {PLV2_NOTIFY, HTTP_CERT_LOOKUP_SUPPORTED}, + {PLV2_CERTREQ, 0}, + {PLV2_NOTIFY, 0}, + {PLV2_VENDOR_ID, 0}, }; /** @@ -176,24 +176,24 @@ static payload_order_t ike_sa_init_r_order[] = { */ static payload_rule_t ike_auth_i_rules[] = { /* payload type min max encr suff */ - {NOTIFY, 0, MAX_NOTIFY_PAYLOADS, TRUE, FALSE}, - {EXTENSIBLE_AUTHENTICATION, 0, 1, TRUE, TRUE}, - {AUTHENTICATION, 0, 1, TRUE, TRUE}, - {ID_INITIATOR, 0, 1, TRUE, FALSE}, - {CERTIFICATE, 0, MAX_CERT_PAYLOADS, TRUE, FALSE}, - {CERTIFICATE_REQUEST, 0, MAX_CERTREQ_PAYLOADS, TRUE, FALSE}, - {ID_RESPONDER, 0, 1, TRUE, FALSE}, + {PLV2_NOTIFY, 0, MAX_NOTIFY_PAYLOADS, TRUE, FALSE}, + {PLV2_EAP, 0, 1, TRUE, TRUE}, + {PLV2_AUTH, 0, 1, TRUE, TRUE}, + {PLV2_ID_INITIATOR, 0, 1, TRUE, FALSE}, + {PLV2_CERTIFICATE, 0, MAX_CERT_PAYLOADS, TRUE, FALSE}, + {PLV2_CERTREQ, 0, MAX_CERTREQ_PAYLOADS, TRUE, FALSE}, + {PLV2_ID_RESPONDER, 0, 1, TRUE, FALSE}, #ifdef ME - {SECURITY_ASSOCIATION, 0, 1, TRUE, FALSE}, - {TRAFFIC_SELECTOR_INITIATOR, 0, 1, TRUE, FALSE}, - {TRAFFIC_SELECTOR_RESPONDER, 0, 1, TRUE, FALSE}, + {PLV2_SECURITY_ASSOCIATION, 0, 1, TRUE, FALSE}, + {PLV2_TS_INITIATOR, 0, 1, TRUE, FALSE}, + {PLV2_TS_RESPONDER, 0, 1, TRUE, FALSE}, #else - {SECURITY_ASSOCIATION, 0, 1, TRUE, FALSE}, - {TRAFFIC_SELECTOR_INITIATOR, 0, 1, TRUE, FALSE}, - {TRAFFIC_SELECTOR_RESPONDER, 0, 1, TRUE, FALSE}, + {PLV2_SECURITY_ASSOCIATION, 0, 1, TRUE, FALSE}, + {PLV2_TS_INITIATOR, 0, 1, TRUE, FALSE}, + {PLV2_TS_RESPONDER, 0, 1, TRUE, FALSE}, #endif /* ME */ - {CONFIGURATION, 0, 1, TRUE, FALSE}, - {VENDOR_ID, 0, MAX_VID_PAYLOADS, TRUE, FALSE}, + {PLV2_CONFIGURATION, 0, 1, TRUE, FALSE}, + {PLV2_VENDOR_ID, 0, MAX_VID_PAYLOADS, TRUE, FALSE}, }; /** @@ -201,28 +201,28 @@ static payload_rule_t ike_auth_i_rules[] = { */ static payload_order_t ike_auth_i_order[] = { /* payload type notify type */ - {ID_INITIATOR, 0}, - {CERTIFICATE, 0}, - {NOTIFY, INITIAL_CONTACT}, - {NOTIFY, HTTP_CERT_LOOKUP_SUPPORTED}, - {CERTIFICATE_REQUEST, 0}, - {ID_RESPONDER, 0}, - {AUTHENTICATION, 0}, - {EXTENSIBLE_AUTHENTICATION, 0}, - {CONFIGURATION, 0}, - {NOTIFY, IPCOMP_SUPPORTED}, - {NOTIFY, USE_TRANSPORT_MODE}, - {NOTIFY, ESP_TFC_PADDING_NOT_SUPPORTED}, - {NOTIFY, NON_FIRST_FRAGMENTS_ALSO}, - {SECURITY_ASSOCIATION, 0}, - {TRAFFIC_SELECTOR_INITIATOR, 0}, - {TRAFFIC_SELECTOR_RESPONDER, 0}, - {NOTIFY, MOBIKE_SUPPORTED}, - {NOTIFY, ADDITIONAL_IP4_ADDRESS}, - {NOTIFY, ADDITIONAL_IP6_ADDRESS}, - {NOTIFY, NO_ADDITIONAL_ADDRESSES}, - {NOTIFY, 0}, - {VENDOR_ID, 0}, + {PLV2_ID_INITIATOR, 0}, + {PLV2_CERTIFICATE, 0}, + {PLV2_NOTIFY, INITIAL_CONTACT}, + {PLV2_NOTIFY, HTTP_CERT_LOOKUP_SUPPORTED}, + {PLV2_CERTREQ, 0}, + {PLV2_ID_RESPONDER, 0}, + {PLV2_AUTH, 0}, + {PLV2_EAP, 0}, + {PLV2_CONFIGURATION, 0}, + {PLV2_NOTIFY, IPCOMP_SUPPORTED}, + {PLV2_NOTIFY, USE_TRANSPORT_MODE}, + {PLV2_NOTIFY, ESP_TFC_PADDING_NOT_SUPPORTED}, + {PLV2_NOTIFY, NON_FIRST_FRAGMENTS_ALSO}, + {PLV2_SECURITY_ASSOCIATION, 0}, + {PLV2_TS_INITIATOR, 0}, + {PLV2_TS_RESPONDER, 0}, + {PLV2_NOTIFY, MOBIKE_SUPPORTED}, + {PLV2_NOTIFY, ADDITIONAL_IP4_ADDRESS}, + {PLV2_NOTIFY, ADDITIONAL_IP6_ADDRESS}, + {PLV2_NOTIFY, NO_ADDITIONAL_ADDRESSES}, + {PLV2_NOTIFY, 0}, + {PLV2_VENDOR_ID, 0}, }; /** @@ -230,16 +230,16 @@ static payload_order_t ike_auth_i_order[] = { */ static payload_rule_t ike_auth_r_rules[] = { /* payload type min max encr suff */ - {NOTIFY, 0, MAX_NOTIFY_PAYLOADS, TRUE, TRUE}, - {EXTENSIBLE_AUTHENTICATION, 0, 1, TRUE, TRUE}, - {AUTHENTICATION, 0, 1, TRUE, TRUE}, - {CERTIFICATE, 0, MAX_CERT_PAYLOADS, TRUE, FALSE}, - {ID_RESPONDER, 0, 1, TRUE, FALSE}, - {SECURITY_ASSOCIATION, 0, 1, TRUE, FALSE}, - {TRAFFIC_SELECTOR_INITIATOR, 0, 1, TRUE, FALSE}, - {TRAFFIC_SELECTOR_RESPONDER, 0, 1, TRUE, FALSE}, - {CONFIGURATION, 0, 1, TRUE, FALSE}, - {VENDOR_ID, 0, MAX_VID_PAYLOADS, TRUE, FALSE}, + {PLV2_NOTIFY, 0, MAX_NOTIFY_PAYLOADS, TRUE, TRUE}, + {PLV2_EAP, 0, 1, TRUE, TRUE}, + {PLV2_AUTH, 0, 1, TRUE, TRUE}, + {PLV2_CERTIFICATE, 0, MAX_CERT_PAYLOADS, TRUE, FALSE}, + {PLV2_ID_RESPONDER, 0, 1, TRUE, FALSE}, + {PLV2_SECURITY_ASSOCIATION, 0, 1, TRUE, FALSE}, + {PLV2_TS_INITIATOR, 0, 1, TRUE, FALSE}, + {PLV2_TS_RESPONDER, 0, 1, TRUE, FALSE}, + {PLV2_CONFIGURATION, 0, 1, TRUE, FALSE}, + {PLV2_VENDOR_ID, 0, MAX_VID_PAYLOADS, TRUE, FALSE}, }; /** @@ -247,25 +247,25 @@ static payload_rule_t ike_auth_r_rules[] = { */ static payload_order_t ike_auth_r_order[] = { /* payload type notify type */ - {ID_RESPONDER, 0}, - {CERTIFICATE, 0}, - {AUTHENTICATION, 0}, - {EXTENSIBLE_AUTHENTICATION, 0}, - {CONFIGURATION, 0}, - {NOTIFY, IPCOMP_SUPPORTED}, - {NOTIFY, USE_TRANSPORT_MODE}, - {NOTIFY, ESP_TFC_PADDING_NOT_SUPPORTED}, - {NOTIFY, NON_FIRST_FRAGMENTS_ALSO}, - {SECURITY_ASSOCIATION, 0}, - {TRAFFIC_SELECTOR_INITIATOR, 0}, - {TRAFFIC_SELECTOR_RESPONDER, 0}, - {NOTIFY, AUTH_LIFETIME}, - {NOTIFY, MOBIKE_SUPPORTED}, - {NOTIFY, ADDITIONAL_IP4_ADDRESS}, - {NOTIFY, ADDITIONAL_IP6_ADDRESS}, - {NOTIFY, NO_ADDITIONAL_ADDRESSES}, - {NOTIFY, 0}, - {VENDOR_ID, 0}, + {PLV2_ID_RESPONDER, 0}, + {PLV2_CERTIFICATE, 0}, + {PLV2_AUTH, 0}, + {PLV2_EAP, 0}, + {PLV2_CONFIGURATION, 0}, + {PLV2_NOTIFY, IPCOMP_SUPPORTED}, + {PLV2_NOTIFY, USE_TRANSPORT_MODE}, + {PLV2_NOTIFY, ESP_TFC_PADDING_NOT_SUPPORTED}, + {PLV2_NOTIFY, NON_FIRST_FRAGMENTS_ALSO}, + {PLV2_SECURITY_ASSOCIATION, 0}, + {PLV2_TS_INITIATOR, 0}, + {PLV2_TS_RESPONDER, 0}, + {PLV2_NOTIFY, AUTH_LIFETIME}, + {PLV2_NOTIFY, MOBIKE_SUPPORTED}, + {PLV2_NOTIFY, ADDITIONAL_IP4_ADDRESS}, + {PLV2_NOTIFY, ADDITIONAL_IP6_ADDRESS}, + {PLV2_NOTIFY, NO_ADDITIONAL_ADDRESSES}, + {PLV2_NOTIFY, 0}, + {PLV2_VENDOR_ID, 0}, }; /** @@ -273,10 +273,10 @@ static payload_order_t ike_auth_r_order[] = { */ static payload_rule_t informational_i_rules[] = { /* payload type min max encr suff */ - {NOTIFY, 0, MAX_NOTIFY_PAYLOADS, TRUE, FALSE}, - {CONFIGURATION, 0, 1, TRUE, FALSE}, - {DELETE, 0, MAX_DELETE_PAYLOADS, TRUE, FALSE}, - {VENDOR_ID, 0, MAX_VID_PAYLOADS, TRUE, FALSE}, + {PLV2_NOTIFY, 0, MAX_NOTIFY_PAYLOADS, TRUE, FALSE}, + {PLV2_CONFIGURATION, 0, 1, TRUE, FALSE}, + {PLV2_DELETE, 0, MAX_DELETE_PAYLOADS, TRUE, FALSE}, + {PLV2_VENDOR_ID, 0, MAX_VID_PAYLOADS, TRUE, FALSE}, }; /** @@ -284,13 +284,13 @@ static payload_rule_t informational_i_rules[] = { */ static payload_order_t informational_i_order[] = { /* payload type notify type */ - {NOTIFY, UPDATE_SA_ADDRESSES}, - {NOTIFY, NAT_DETECTION_SOURCE_IP}, - {NOTIFY, NAT_DETECTION_DESTINATION_IP}, - {NOTIFY, COOKIE2}, - {NOTIFY, 0}, - {DELETE, 0}, - {CONFIGURATION, 0}, + {PLV2_NOTIFY, UPDATE_SA_ADDRESSES}, + {PLV2_NOTIFY, NAT_DETECTION_SOURCE_IP}, + {PLV2_NOTIFY, NAT_DETECTION_DESTINATION_IP}, + {PLV2_NOTIFY, COOKIE2}, + {PLV2_NOTIFY, 0}, + {PLV2_DELETE, 0}, + {PLV2_CONFIGURATION, 0}, }; /** @@ -298,10 +298,10 @@ static payload_order_t informational_i_order[] = { */ static payload_rule_t informational_r_rules[] = { /* payload type min max encr suff */ - {NOTIFY, 0, MAX_NOTIFY_PAYLOADS, TRUE, FALSE}, - {CONFIGURATION, 0, 1, TRUE, FALSE}, - {DELETE, 0, MAX_DELETE_PAYLOADS, TRUE, FALSE}, - {VENDOR_ID, 0, MAX_VID_PAYLOADS, TRUE, FALSE}, + {PLV2_NOTIFY, 0, MAX_NOTIFY_PAYLOADS, TRUE, FALSE}, + {PLV2_CONFIGURATION, 0, 1, TRUE, FALSE}, + {PLV2_DELETE, 0, MAX_DELETE_PAYLOADS, TRUE, FALSE}, + {PLV2_VENDOR_ID, 0, MAX_VID_PAYLOADS, TRUE, FALSE}, }; /** @@ -309,13 +309,13 @@ static payload_rule_t informational_r_rules[] = { */ static payload_order_t informational_r_order[] = { /* payload type notify type */ - {NOTIFY, UPDATE_SA_ADDRESSES}, - {NOTIFY, NAT_DETECTION_SOURCE_IP}, - {NOTIFY, NAT_DETECTION_DESTINATION_IP}, - {NOTIFY, COOKIE2}, - {NOTIFY, 0}, - {DELETE, 0}, - {CONFIGURATION, 0}, + {PLV2_NOTIFY, UPDATE_SA_ADDRESSES}, + {PLV2_NOTIFY, NAT_DETECTION_SOURCE_IP}, + {PLV2_NOTIFY, NAT_DETECTION_DESTINATION_IP}, + {PLV2_NOTIFY, COOKIE2}, + {PLV2_NOTIFY, 0}, + {PLV2_DELETE, 0}, + {PLV2_CONFIGURATION, 0}, }; /** @@ -323,14 +323,14 @@ static payload_order_t informational_r_order[] = { */ static payload_rule_t create_child_sa_i_rules[] = { /* payload type min max encr suff */ - {NOTIFY, 0, MAX_NOTIFY_PAYLOADS, TRUE, FALSE}, - {SECURITY_ASSOCIATION, 1, 1, TRUE, FALSE}, - {NONCE, 1, 1, TRUE, FALSE}, - {KEY_EXCHANGE, 0, 1, TRUE, FALSE}, - {TRAFFIC_SELECTOR_INITIATOR, 0, 1, TRUE, FALSE}, - {TRAFFIC_SELECTOR_RESPONDER, 0, 1, TRUE, FALSE}, - {CONFIGURATION, 0, 1, TRUE, FALSE}, - {VENDOR_ID, 0, MAX_VID_PAYLOADS, TRUE, FALSE}, + {PLV2_NOTIFY, 0, MAX_NOTIFY_PAYLOADS, TRUE, FALSE}, + {PLV2_SECURITY_ASSOCIATION, 1, 1, TRUE, FALSE}, + {PLV2_NONCE, 1, 1, TRUE, FALSE}, + {PLV2_KEY_EXCHANGE, 0, 1, TRUE, FALSE}, + {PLV2_TS_INITIATOR, 0, 1, TRUE, FALSE}, + {PLV2_TS_RESPONDER, 0, 1, TRUE, FALSE}, + {PLV2_CONFIGURATION, 0, 1, TRUE, FALSE}, + {PLV2_VENDOR_ID, 0, MAX_VID_PAYLOADS, TRUE, FALSE}, }; /** @@ -338,17 +338,17 @@ static payload_rule_t create_child_sa_i_rules[] = { */ static payload_order_t create_child_sa_i_order[] = { /* payload type notify type */ - {NOTIFY, REKEY_SA}, - {NOTIFY, IPCOMP_SUPPORTED}, - {NOTIFY, USE_TRANSPORT_MODE}, - {NOTIFY, ESP_TFC_PADDING_NOT_SUPPORTED}, - {NOTIFY, NON_FIRST_FRAGMENTS_ALSO}, - {SECURITY_ASSOCIATION, 0}, - {NONCE, 0}, - {KEY_EXCHANGE, 0}, - {TRAFFIC_SELECTOR_INITIATOR, 0}, - {TRAFFIC_SELECTOR_RESPONDER, 0}, - {NOTIFY, 0}, + {PLV2_NOTIFY, REKEY_SA}, + {PLV2_NOTIFY, IPCOMP_SUPPORTED}, + {PLV2_NOTIFY, USE_TRANSPORT_MODE}, + {PLV2_NOTIFY, ESP_TFC_PADDING_NOT_SUPPORTED}, + {PLV2_NOTIFY, NON_FIRST_FRAGMENTS_ALSO}, + {PLV2_SECURITY_ASSOCIATION, 0}, + {PLV2_NONCE, 0}, + {PLV2_KEY_EXCHANGE, 0}, + {PLV2_TS_INITIATOR, 0}, + {PLV2_TS_RESPONDER, 0}, + {PLV2_NOTIFY, 0}, }; /** @@ -356,14 +356,14 @@ static payload_order_t create_child_sa_i_order[] = { */ static payload_rule_t create_child_sa_r_rules[] = { /* payload type min max encr suff */ - {NOTIFY, 0, MAX_NOTIFY_PAYLOADS, TRUE, TRUE}, - {SECURITY_ASSOCIATION, 1, 1, TRUE, FALSE}, - {NONCE, 1, 1, TRUE, FALSE}, - {KEY_EXCHANGE, 0, 1, TRUE, FALSE}, - {TRAFFIC_SELECTOR_INITIATOR, 0, 1, TRUE, FALSE}, - {TRAFFIC_SELECTOR_RESPONDER, 0, 1, TRUE, FALSE}, - {CONFIGURATION, 0, 1, TRUE, FALSE}, - {VENDOR_ID, 0, MAX_VID_PAYLOADS, TRUE, FALSE}, + {PLV2_NOTIFY, 0, MAX_NOTIFY_PAYLOADS, TRUE, TRUE}, + {PLV2_SECURITY_ASSOCIATION, 1, 1, TRUE, FALSE}, + {PLV2_NONCE, 1, 1, TRUE, FALSE}, + {PLV2_KEY_EXCHANGE, 0, 1, TRUE, FALSE}, + {PLV2_TS_INITIATOR, 0, 1, TRUE, FALSE}, + {PLV2_TS_RESPONDER, 0, 1, TRUE, FALSE}, + {PLV2_CONFIGURATION, 0, 1, TRUE, FALSE}, + {PLV2_VENDOR_ID, 0, MAX_VID_PAYLOADS, TRUE, FALSE}, }; /** @@ -371,17 +371,17 @@ static payload_rule_t create_child_sa_r_rules[] = { */ static payload_order_t create_child_sa_r_order[] = { /* payload type notify type */ - {NOTIFY, IPCOMP_SUPPORTED}, - {NOTIFY, USE_TRANSPORT_MODE}, - {NOTIFY, ESP_TFC_PADDING_NOT_SUPPORTED}, - {NOTIFY, NON_FIRST_FRAGMENTS_ALSO}, - {SECURITY_ASSOCIATION, 0}, - {NONCE, 0}, - {KEY_EXCHANGE, 0}, - {TRAFFIC_SELECTOR_INITIATOR, 0}, - {TRAFFIC_SELECTOR_RESPONDER, 0}, - {NOTIFY, ADDITIONAL_TS_POSSIBLE}, - {NOTIFY, 0}, + {PLV2_NOTIFY, IPCOMP_SUPPORTED}, + {PLV2_NOTIFY, USE_TRANSPORT_MODE}, + {PLV2_NOTIFY, ESP_TFC_PADDING_NOT_SUPPORTED}, + {PLV2_NOTIFY, NON_FIRST_FRAGMENTS_ALSO}, + {PLV2_SECURITY_ASSOCIATION, 0}, + {PLV2_NONCE, 0}, + {PLV2_KEY_EXCHANGE, 0}, + {PLV2_TS_INITIATOR, 0}, + {PLV2_TS_RESPONDER, 0}, + {PLV2_NOTIFY, ADDITIONAL_TS_POSSIBLE}, + {PLV2_NOTIFY, 0}, }; #ifdef ME @@ -390,9 +390,9 @@ static payload_order_t create_child_sa_r_order[] = { */ static payload_rule_t me_connect_i_rules[] = { /* payload type min max encr suff */ - {NOTIFY, 0, MAX_NOTIFY_PAYLOADS, TRUE, TRUE}, - {ID_PEER, 1, 1, TRUE, FALSE}, - {VENDOR_ID, 0, MAX_VID_PAYLOADS, TRUE, FALSE} + {PLV2_NOTIFY, 0, MAX_NOTIFY_PAYLOADS, TRUE, TRUE}, + {PLV2_ID_PEER, 1, 1, TRUE, FALSE}, + {PLV2_VENDOR_ID, 0, MAX_VID_PAYLOADS, TRUE, FALSE} }; /** @@ -400,9 +400,9 @@ static payload_rule_t me_connect_i_rules[] = { */ static payload_order_t me_connect_i_order[] = { /* payload type notify type */ - {NOTIFY, 0}, - {ID_PEER, 0}, - {VENDOR_ID, 0}, + {PLV2_NOTIFY, 0}, + {PLV2_ID_PEER, 0}, + {PLV2_VENDOR_ID, 0}, }; /** @@ -410,8 +410,8 @@ static payload_order_t me_connect_i_order[] = { */ static payload_rule_t me_connect_r_rules[] = { /* payload type min max encr suff */ - {NOTIFY, 0, MAX_NOTIFY_PAYLOADS, TRUE, TRUE}, - {VENDOR_ID, 0, MAX_VID_PAYLOADS, TRUE, FALSE} + {PLV2_NOTIFY, 0, MAX_NOTIFY_PAYLOADS, TRUE, TRUE}, + {PLV2_VENDOR_ID, 0, MAX_VID_PAYLOADS, TRUE, FALSE} }; /** @@ -419,8 +419,8 @@ static payload_rule_t me_connect_r_rules[] = { */ static payload_order_t me_connect_r_order[] = { /* payload type notify type */ - {NOTIFY, 0}, - {VENDOR_ID, 0}, + {PLV2_NOTIFY, 0}, + {PLV2_VENDOR_ID, 0}, }; #endif /* ME */ @@ -429,284 +429,284 @@ static payload_order_t me_connect_r_order[] = { * Message rule for ID_PROT from initiator. */ static payload_rule_t id_prot_i_rules[] = { -/* payload type min max encr suff */ - {NOTIFY_V1, 0, MAX_NOTIFY_PAYLOADS, FALSE, FALSE}, - {SECURITY_ASSOCIATION_V1, 0, 1, FALSE, FALSE}, - {KEY_EXCHANGE_V1, 0, 1, FALSE, FALSE}, - {NONCE_V1, 0, 1, FALSE, FALSE}, - {VENDOR_ID_V1, 0, MAX_VID_PAYLOADS, FALSE, FALSE}, - {CERTIFICATE_REQUEST_V1, 0, MAX_CERTREQ_PAYLOADS, FALSE, FALSE}, - {NAT_D_V1, 0, MAX_NAT_D_PAYLOADS, FALSE, FALSE}, - {NAT_D_DRAFT_00_03_V1, 0, MAX_NAT_D_PAYLOADS, FALSE, FALSE}, - {ID_V1, 0, 1, TRUE, FALSE}, - {CERTIFICATE_V1, 0, MAX_CERT_PAYLOADS, TRUE, FALSE}, - {SIGNATURE_V1, 0, 1, TRUE, FALSE}, - {HASH_V1, 0, 1, TRUE, FALSE}, - {FRAGMENT_V1, 0, 1, FALSE, TRUE}, +/* payload type min max encr suff */ + {PLV1_NOTIFY, 0, MAX_NOTIFY_PAYLOADS, FALSE, FALSE}, + {PLV1_SECURITY_ASSOCIATION, 0, 1, FALSE, FALSE}, + {PLV1_KEY_EXCHANGE, 0, 1, FALSE, FALSE}, + {PLV1_NONCE, 0, 1, FALSE, FALSE}, + {PLV1_VENDOR_ID, 0, MAX_VID_PAYLOADS, FALSE, FALSE}, + {PLV1_CERTREQ, 0, MAX_CERTREQ_PAYLOADS, FALSE, FALSE}, + {PLV1_NAT_D, 0, MAX_NAT_D_PAYLOADS, FALSE, FALSE}, + {PLV1_NAT_D_DRAFT_00_03, 0, MAX_NAT_D_PAYLOADS, FALSE, FALSE}, + {PLV1_ID, 0, 1, TRUE, FALSE}, + {PLV1_CERTIFICATE, 0, MAX_CERT_PAYLOADS, TRUE, FALSE}, + {PLV1_SIGNATURE, 0, 1, TRUE, FALSE}, + {PLV1_HASH, 0, 1, TRUE, FALSE}, + {PLV1_FRAGMENT, 0, 1, FALSE, TRUE}, }; /** * payload order for ID_PROT from initiator. */ static payload_order_t id_prot_i_order[] = { -/* payload type notify type */ - {SECURITY_ASSOCIATION_V1, 0}, - {KEY_EXCHANGE_V1, 0}, - {NONCE_V1, 0}, - {ID_V1, 0}, - {CERTIFICATE_V1, 0}, - {SIGNATURE_V1, 0}, - {HASH_V1, 0}, - {CERTIFICATE_REQUEST_V1, 0}, - {NOTIFY_V1, 0}, - {VENDOR_ID_V1, 0}, - {NAT_D_V1, 0}, - {NAT_D_DRAFT_00_03_V1, 0}, - {FRAGMENT_V1, 0}, +/* payload type notify type */ + {PLV1_SECURITY_ASSOCIATION, 0}, + {PLV1_KEY_EXCHANGE, 0}, + {PLV1_NONCE, 0}, + {PLV1_ID, 0}, + {PLV1_CERTIFICATE, 0}, + {PLV1_SIGNATURE, 0}, + {PLV1_HASH, 0}, + {PLV1_CERTREQ, 0}, + {PLV1_NOTIFY, 0}, + {PLV1_VENDOR_ID, 0}, + {PLV1_NAT_D, 0}, + {PLV1_NAT_D_DRAFT_00_03, 0}, + {PLV1_FRAGMENT, 0}, }; /** * Message rule for ID_PROT from responder. */ static payload_rule_t id_prot_r_rules[] = { -/* payload type min max encr suff */ - {NOTIFY_V1, 0, MAX_NOTIFY_PAYLOADS, FALSE, FALSE}, - {SECURITY_ASSOCIATION_V1, 0, 1, FALSE, FALSE}, - {KEY_EXCHANGE_V1, 0, 1, FALSE, FALSE}, - {NONCE_V1, 0, 1, FALSE, FALSE}, - {VENDOR_ID_V1, 0, MAX_VID_PAYLOADS, FALSE, FALSE}, - {CERTIFICATE_REQUEST_V1, 0, MAX_CERTREQ_PAYLOADS, FALSE, FALSE}, - {NAT_D_V1, 0, MAX_NAT_D_PAYLOADS, FALSE, FALSE}, - {NAT_D_DRAFT_00_03_V1, 0, MAX_NAT_D_PAYLOADS, FALSE, FALSE}, - {ID_V1, 0, 1, TRUE, FALSE}, - {CERTIFICATE_V1, 0, MAX_CERT_PAYLOADS, TRUE, FALSE}, - {SIGNATURE_V1, 0, 1, TRUE, FALSE}, - {HASH_V1, 0, 1, TRUE, FALSE}, - {FRAGMENT_V1, 0, 1, FALSE, TRUE}, +/* payload type min max encr suff */ + {PLV1_NOTIFY, 0, MAX_NOTIFY_PAYLOADS, FALSE, FALSE}, + {PLV1_SECURITY_ASSOCIATION, 0, 1, FALSE, FALSE}, + {PLV1_KEY_EXCHANGE, 0, 1, FALSE, FALSE}, + {PLV1_NONCE, 0, 1, FALSE, FALSE}, + {PLV1_VENDOR_ID, 0, MAX_VID_PAYLOADS, FALSE, FALSE}, + {PLV1_CERTREQ, 0, MAX_CERTREQ_PAYLOADS, FALSE, FALSE}, + {PLV1_NAT_D, 0, MAX_NAT_D_PAYLOADS, FALSE, FALSE}, + {PLV1_NAT_D_DRAFT_00_03, 0, MAX_NAT_D_PAYLOADS, FALSE, FALSE}, + {PLV1_ID, 0, 1, TRUE, FALSE}, + {PLV1_CERTIFICATE, 0, MAX_CERT_PAYLOADS, TRUE, FALSE}, + {PLV1_SIGNATURE, 0, 1, TRUE, FALSE}, + {PLV1_HASH, 0, 1, TRUE, FALSE}, + {PLV1_FRAGMENT, 0, 1, FALSE, TRUE}, }; /** * payload order for ID_PROT from responder. */ static payload_order_t id_prot_r_order[] = { -/* payload type notify type */ - {SECURITY_ASSOCIATION_V1, 0}, - {KEY_EXCHANGE_V1, 0}, - {NONCE_V1, 0}, - {ID_V1, 0}, - {CERTIFICATE_V1, 0}, - {SIGNATURE_V1, 0}, - {HASH_V1, 0}, - {CERTIFICATE_REQUEST_V1, 0}, - {NOTIFY_V1, 0}, - {VENDOR_ID_V1, 0}, - {NAT_D_V1, 0}, - {NAT_D_DRAFT_00_03_V1, 0}, - {FRAGMENT_V1, 0}, +/* payload type notify type */ + {PLV1_SECURITY_ASSOCIATION, 0}, + {PLV1_KEY_EXCHANGE, 0}, + {PLV1_NONCE, 0}, + {PLV1_ID, 0}, + {PLV1_CERTIFICATE, 0}, + {PLV1_SIGNATURE, 0}, + {PLV1_HASH, 0}, + {PLV1_CERTREQ, 0}, + {PLV1_NOTIFY, 0}, + {PLV1_VENDOR_ID, 0}, + {PLV1_NAT_D, 0}, + {PLV1_NAT_D_DRAFT_00_03, 0}, + {PLV1_FRAGMENT, 0}, }; /** * Message rule for AGGRESSIVE from initiator. */ static payload_rule_t aggressive_i_rules[] = { -/* payload type min max encr suff */ - {NOTIFY_V1, 0, MAX_NOTIFY_PAYLOADS, FALSE, FALSE}, - {SECURITY_ASSOCIATION_V1, 0, 1, FALSE, FALSE}, - {KEY_EXCHANGE_V1, 0, 1, FALSE, FALSE}, - {NONCE_V1, 0, 1, FALSE, FALSE}, - {VENDOR_ID_V1, 0, MAX_VID_PAYLOADS, FALSE, FALSE}, - {CERTIFICATE_REQUEST_V1, 0, MAX_CERTREQ_PAYLOADS, FALSE, FALSE}, - {NAT_D_V1, 0, MAX_NAT_D_PAYLOADS, FALSE, FALSE}, - {NAT_D_DRAFT_00_03_V1, 0, MAX_NAT_D_PAYLOADS, FALSE, FALSE}, - {ID_V1, 0, 1, FALSE, FALSE}, - {CERTIFICATE_V1, 0, 1, TRUE, FALSE}, - {SIGNATURE_V1, 0, 1, TRUE, FALSE}, - {HASH_V1, 0, 1, TRUE, FALSE}, - {FRAGMENT_V1, 0, 1, FALSE, TRUE}, +/* payload type min max encr suff */ + {PLV1_NOTIFY, 0, MAX_NOTIFY_PAYLOADS, FALSE, FALSE}, + {PLV1_SECURITY_ASSOCIATION, 0, 1, FALSE, FALSE}, + {PLV1_KEY_EXCHANGE, 0, 1, FALSE, FALSE}, + {PLV1_NONCE, 0, 1, FALSE, FALSE}, + {PLV1_VENDOR_ID, 0, MAX_VID_PAYLOADS, FALSE, FALSE}, + {PLV1_CERTREQ, 0, MAX_CERTREQ_PAYLOADS, FALSE, FALSE}, + {PLV1_NAT_D, 0, MAX_NAT_D_PAYLOADS, FALSE, FALSE}, + {PLV1_NAT_D_DRAFT_00_03, 0, MAX_NAT_D_PAYLOADS, FALSE, FALSE}, + {PLV1_ID, 0, 1, FALSE, FALSE}, + {PLV1_CERTIFICATE, 0, 1, TRUE, FALSE}, + {PLV1_SIGNATURE, 0, 1, TRUE, FALSE}, + {PLV1_HASH, 0, 1, TRUE, FALSE}, + {PLV1_FRAGMENT, 0, 1, FALSE, TRUE}, }; /** * payload order for AGGRESSIVE from initiator. */ static payload_order_t aggressive_i_order[] = { -/* payload type notify type */ - {SECURITY_ASSOCIATION_V1, 0}, - {KEY_EXCHANGE_V1, 0}, - {NONCE_V1, 0}, - {ID_V1, 0}, - {CERTIFICATE_V1, 0}, - {NAT_D_V1, 0}, - {NAT_D_DRAFT_00_03_V1, 0}, - {SIGNATURE_V1, 0}, - {HASH_V1, 0}, - {CERTIFICATE_REQUEST_V1, 0}, - {NOTIFY_V1, 0}, - {VENDOR_ID_V1, 0}, - {FRAGMENT_V1, 0}, +/* payload type notify type */ + {PLV1_SECURITY_ASSOCIATION, 0}, + {PLV1_KEY_EXCHANGE, 0}, + {PLV1_NONCE, 0}, + {PLV1_ID, 0}, + {PLV1_CERTIFICATE, 0}, + {PLV1_NAT_D, 0}, + {PLV1_NAT_D_DRAFT_00_03, 0}, + {PLV1_SIGNATURE, 0}, + {PLV1_HASH, 0}, + {PLV1_CERTREQ, 0}, + {PLV1_NOTIFY, 0}, + {PLV1_VENDOR_ID, 0}, + {PLV1_FRAGMENT, 0}, }; /** * Message rule for AGGRESSIVE from responder. */ static payload_rule_t aggressive_r_rules[] = { -/* payload type min max encr suff */ - {NOTIFY_V1, 0, MAX_NOTIFY_PAYLOADS, FALSE, FALSE}, - {SECURITY_ASSOCIATION_V1, 0, 1, FALSE, FALSE}, - {KEY_EXCHANGE_V1, 0, 1, FALSE, FALSE}, - {NONCE_V1, 0, 1, FALSE, FALSE}, - {VENDOR_ID_V1, 0, MAX_VID_PAYLOADS, FALSE, FALSE}, - {CERTIFICATE_REQUEST_V1, 0, MAX_CERTREQ_PAYLOADS, FALSE, FALSE}, - {NAT_D_V1, 0, MAX_NAT_D_PAYLOADS, FALSE, FALSE}, - {NAT_D_DRAFT_00_03_V1, 0, MAX_NAT_D_PAYLOADS, FALSE, FALSE}, - {ID_V1, 0, 1, FALSE, FALSE}, - {CERTIFICATE_V1, 0, 1, FALSE, FALSE}, - {SIGNATURE_V1, 0, 1, FALSE, FALSE}, - {HASH_V1, 0, 1, FALSE, FALSE}, - {FRAGMENT_V1, 0, 1, FALSE, TRUE}, +/* payload type min max encr suff */ + {PLV1_NOTIFY, 0, MAX_NOTIFY_PAYLOADS, FALSE, FALSE}, + {PLV1_SECURITY_ASSOCIATION, 0, 1, FALSE, FALSE}, + {PLV1_KEY_EXCHANGE, 0, 1, FALSE, FALSE}, + {PLV1_NONCE, 0, 1, FALSE, FALSE}, + {PLV1_VENDOR_ID, 0, MAX_VID_PAYLOADS, FALSE, FALSE}, + {PLV1_CERTREQ, 0, MAX_CERTREQ_PAYLOADS, FALSE, FALSE}, + {PLV1_NAT_D, 0, MAX_NAT_D_PAYLOADS, FALSE, FALSE}, + {PLV1_NAT_D_DRAFT_00_03, 0, MAX_NAT_D_PAYLOADS, FALSE, FALSE}, + {PLV1_ID, 0, 1, FALSE, FALSE}, + {PLV1_CERTIFICATE, 0, 1, FALSE, FALSE}, + {PLV1_SIGNATURE, 0, 1, FALSE, FALSE}, + {PLV1_HASH, 0, 1, FALSE, FALSE}, + {PLV1_FRAGMENT, 0, 1, FALSE, TRUE}, }; /** * payload order for AGGRESSIVE from responder. */ static payload_order_t aggressive_r_order[] = { -/* payload type notify type */ - {SECURITY_ASSOCIATION_V1, 0}, - {KEY_EXCHANGE_V1, 0}, - {NONCE_V1, 0}, - {ID_V1, 0}, - {CERTIFICATE_V1, 0}, - {NAT_D_V1, 0}, - {NAT_D_DRAFT_00_03_V1, 0}, - {SIGNATURE_V1, 0}, - {HASH_V1, 0}, - {CERTIFICATE_REQUEST_V1, 0}, - {NOTIFY_V1, 0}, - {VENDOR_ID_V1, 0}, - {FRAGMENT_V1, 0}, +/* payload type notify type */ + {PLV1_SECURITY_ASSOCIATION, 0}, + {PLV1_KEY_EXCHANGE, 0}, + {PLV1_NONCE, 0}, + {PLV1_ID, 0}, + {PLV1_CERTIFICATE, 0}, + {PLV1_NAT_D, 0}, + {PLV1_NAT_D_DRAFT_00_03, 0}, + {PLV1_SIGNATURE, 0}, + {PLV1_HASH, 0}, + {PLV1_CERTREQ, 0}, + {PLV1_NOTIFY, 0}, + {PLV1_VENDOR_ID, 0}, + {PLV1_FRAGMENT, 0}, }; /** * Message rule for INFORMATIONAL_V1 from initiator. */ static payload_rule_t informational_i_rules_v1[] = { -/* payload type min max encr suff */ - {NOTIFY_V1, 0, MAX_NOTIFY_PAYLOADS, FALSE, FALSE}, - {NOTIFY_V1, 0, MAX_NOTIFY_PAYLOADS, TRUE, FALSE}, - {DELETE_V1, 0, MAX_DELETE_PAYLOADS, TRUE, FALSE}, - {VENDOR_ID_V1, 0, MAX_VID_PAYLOADS, TRUE, FALSE}, +/* payload type min max encr suff */ + {PLV1_NOTIFY, 0, MAX_NOTIFY_PAYLOADS, FALSE, FALSE}, + {PLV1_NOTIFY, 0, MAX_NOTIFY_PAYLOADS, TRUE, FALSE}, + {PLV1_DELETE, 0, MAX_DELETE_PAYLOADS, TRUE, FALSE}, + {PLV1_VENDOR_ID, 0, MAX_VID_PAYLOADS, TRUE, FALSE}, }; /** * payload order for INFORMATIONAL_V1 from initiator. */ static payload_order_t informational_i_order_v1[] = { -/* payload type notify type */ - {NOTIFY_V1, 0}, - {DELETE_V1, 0}, - {VENDOR_ID_V1, 0}, +/* payload type notify type */ + {PLV1_NOTIFY, 0}, + {PLV1_DELETE, 0}, + {PLV1_VENDOR_ID, 0}, }; /** * Message rule for INFORMATIONAL_V1 from responder. */ static payload_rule_t informational_r_rules_v1[] = { -/* payload type min max encr suff */ - {NOTIFY_V1, 0, MAX_NOTIFY_PAYLOADS, FALSE, FALSE}, - {NOTIFY_V1, 0, MAX_NOTIFY_PAYLOADS, TRUE, FALSE}, - {DELETE_V1, 0, MAX_DELETE_PAYLOADS, TRUE, FALSE}, - {VENDOR_ID_V1, 0, MAX_VID_PAYLOADS, TRUE, FALSE}, +/* payload type min max encr suff */ + {PLV1_NOTIFY, 0, MAX_NOTIFY_PAYLOADS, FALSE, FALSE}, + {PLV1_NOTIFY, 0, MAX_NOTIFY_PAYLOADS, TRUE, FALSE}, + {PLV1_DELETE, 0, MAX_DELETE_PAYLOADS, TRUE, FALSE}, + {PLV1_VENDOR_ID, 0, MAX_VID_PAYLOADS, TRUE, FALSE}, }; /** * payload order for INFORMATIONAL_V1 from responder. */ static payload_order_t informational_r_order_v1[] = { -/* payload type notify type */ - {NOTIFY_V1, 0}, - {DELETE_V1, 0}, - {VENDOR_ID_V1, 0}, +/* payload type notify type */ + {PLV1_NOTIFY, 0}, + {PLV1_DELETE, 0}, + {PLV1_VENDOR_ID, 0}, }; /** * Message rule for QUICK_MODE from initiator. */ static payload_rule_t quick_mode_i_rules[] = { -/* payload type min max encr suff */ - {NOTIFY_V1, 0, MAX_NOTIFY_PAYLOADS, TRUE, FALSE}, - {VENDOR_ID_V1, 0, MAX_VID_PAYLOADS, TRUE, FALSE}, - {HASH_V1, 0, 1, TRUE, FALSE}, - {SECURITY_ASSOCIATION_V1, 0, 2, TRUE, FALSE}, - {NONCE_V1, 0, 1, TRUE, FALSE}, - {KEY_EXCHANGE_V1, 0, 1, TRUE, FALSE}, - {ID_V1, 0, 2, TRUE, FALSE}, - {NAT_OA_V1, 0, 2, TRUE, FALSE}, - {NAT_OA_DRAFT_00_03_V1, 0, 2, TRUE, FALSE}, +/* payload type min max encr suff */ + {PLV1_NOTIFY, 0, MAX_NOTIFY_PAYLOADS, TRUE, FALSE}, + {PLV1_VENDOR_ID, 0, MAX_VID_PAYLOADS, TRUE, FALSE}, + {PLV1_HASH, 0, 1, TRUE, FALSE}, + {PLV1_SECURITY_ASSOCIATION, 0, 2, TRUE, FALSE}, + {PLV1_NONCE, 0, 1, TRUE, FALSE}, + {PLV1_KEY_EXCHANGE, 0, 1, TRUE, FALSE}, + {PLV1_ID, 0, 2, TRUE, FALSE}, + {PLV1_NAT_OA, 0, 2, TRUE, FALSE}, + {PLV1_NAT_OA_DRAFT_00_03, 0, 2, TRUE, FALSE}, }; /** * payload order for QUICK_MODE from initiator. */ static payload_order_t quick_mode_i_order[] = { -/* payload type notify type */ - {NOTIFY_V1, 0}, - {VENDOR_ID_V1, 0}, - {HASH_V1, 0}, - {SECURITY_ASSOCIATION_V1, 0}, - {NONCE_V1, 0}, - {KEY_EXCHANGE_V1, 0}, - {ID_V1, 0}, - {NAT_OA_V1, 0}, - {NAT_OA_DRAFT_00_03_V1, 0}, +/* payload type notify type */ + {PLV1_NOTIFY, 0}, + {PLV1_VENDOR_ID, 0}, + {PLV1_HASH, 0}, + {PLV1_SECURITY_ASSOCIATION, 0}, + {PLV1_NONCE, 0}, + {PLV1_KEY_EXCHANGE, 0}, + {PLV1_ID, 0}, + {PLV1_NAT_OA, 0}, + {PLV1_NAT_OA_DRAFT_00_03, 0}, }; /** * Message rule for QUICK_MODE from responder. */ static payload_rule_t quick_mode_r_rules[] = { -/* payload type min max encr suff */ - {NOTIFY_V1, 0, MAX_NOTIFY_PAYLOADS, TRUE, FALSE}, - {VENDOR_ID_V1, 0, MAX_VID_PAYLOADS, TRUE, FALSE}, - {HASH_V1, 0, 1, TRUE, FALSE}, - {SECURITY_ASSOCIATION_V1, 0, 2, TRUE, FALSE}, - {NONCE_V1, 0, 1, TRUE, FALSE}, - {KEY_EXCHANGE_V1, 0, 1, TRUE, FALSE}, - {ID_V1, 0, 2, TRUE, FALSE}, - {NAT_OA_V1, 0, 2, TRUE, FALSE}, - {NAT_OA_DRAFT_00_03_V1, 0, 2, TRUE, FALSE}, +/* payload type min max encr suff */ + {PLV1_NOTIFY, 0, MAX_NOTIFY_PAYLOADS, TRUE, FALSE}, + {PLV1_VENDOR_ID, 0, MAX_VID_PAYLOADS, TRUE, FALSE}, + {PLV1_HASH, 0, 1, TRUE, FALSE}, + {PLV1_SECURITY_ASSOCIATION, 0, 2, TRUE, FALSE}, + {PLV1_NONCE, 0, 1, TRUE, FALSE}, + {PLV1_KEY_EXCHANGE, 0, 1, TRUE, FALSE}, + {PLV1_ID, 0, 2, TRUE, FALSE}, + {PLV1_NAT_OA, 0, 2, TRUE, FALSE}, + {PLV1_NAT_OA_DRAFT_00_03, 0, 2, TRUE, FALSE}, }; /** * payload order for QUICK_MODE from responder. */ static payload_order_t quick_mode_r_order[] = { -/* payload type notify type */ - {NOTIFY_V1, 0}, - {VENDOR_ID_V1, 0}, - {HASH_V1, 0}, - {SECURITY_ASSOCIATION_V1, 0}, - {NONCE_V1, 0}, - {KEY_EXCHANGE_V1, 0}, - {ID_V1, 0}, - {NAT_OA_V1, 0}, - {NAT_OA_DRAFT_00_03_V1, 0}, +/* payload type notify type */ + {PLV1_NOTIFY, 0}, + {PLV1_VENDOR_ID, 0}, + {PLV1_HASH, 0}, + {PLV1_SECURITY_ASSOCIATION, 0}, + {PLV1_NONCE, 0}, + {PLV1_KEY_EXCHANGE, 0}, + {PLV1_ID, 0}, + {PLV1_NAT_OA, 0}, + {PLV1_NAT_OA_DRAFT_00_03, 0}, }; /** * Message rule for TRANSACTION. */ static payload_rule_t transaction_payload_rules_v1[] = { -/* payload type min max encr suff */ - {HASH_V1, 0, 1, TRUE, FALSE}, - {CONFIGURATION_V1, 1, 1, FALSE, FALSE}, +/* payload type min max encr suff */ + {PLV1_HASH, 0, 1, TRUE, FALSE}, + {PLV1_CONFIGURATION, 1, 1, FALSE, FALSE}, }; /** * Payload order for TRANSACTION. */ static payload_order_t transaction_payload_order_v1[] = { -/* payload type notify type */ - {HASH_V1, 0}, - {CONFIGURATION_V1, 0}, +/* payload type notify type */ + {PLV1_HASH, 0}, + {PLV1_CONFIGURATION, 0}, }; #endif /* USE_IKEV1 */ @@ -1063,7 +1063,7 @@ METHOD(message_t, add_payload, void, { this->first_payload = payload->get_type(payload); } - payload->set_next_type(payload, NO_PAYLOAD); + payload->set_next_type(payload, PL_NONE); this->payloads->insert_last(this->payloads, payload); DBG2(DBG_ENC ,"added payload of type %N to message", @@ -1086,11 +1086,11 @@ METHOD(message_t, add_notify, void, } if (this->major_version == IKEV2_MAJOR_VERSION) { - notify = notify_payload_create(NOTIFY); + notify = notify_payload_create(PLV2_NOTIFY); } else { - notify = notify_payload_create(NOTIFY_V1); + notify = notify_payload_create(PLV1_NOTIFY); } notify->set_notify_type(notify, type); notify->set_notification_data(notify, data); @@ -1162,8 +1162,8 @@ METHOD(message_t, get_notify, notify_payload_t*, enumerator = create_payload_enumerator(this); while (enumerator->enumerate(enumerator, &payload)) { - if (payload->get_type(payload) == NOTIFY || - payload->get_type(payload) == NOTIFY_V1) + if (payload->get_type(payload) == PLV2_NOTIFY || + payload->get_type(payload) == PLV1_NOTIFY) { notify = (notify_payload_t*)payload; if (notify->get_notify_type(notify) == type) @@ -1212,8 +1212,8 @@ static char* get_string(private_message_t *this, char *buf, int len) } pos += written; len -= written; - if (payload->get_type(payload) == NOTIFY || - payload->get_type(payload) == NOTIFY_V1) + if (payload->get_type(payload) == PLV2_NOTIFY || + payload->get_type(payload) == PLV1_NOTIFY) { notify_payload_t *notify; notify_type_t type; @@ -1239,7 +1239,7 @@ static char* get_string(private_message_t *this, char *buf, int len) pos += written; len -= written; } - if (payload->get_type(payload) == EXTENSIBLE_AUTHENTICATION) + if (payload->get_type(payload) == PLV2_EAP) { eap_payload_t *eap = (eap_payload_t*)payload; u_int32_t vendor; @@ -1268,8 +1268,8 @@ static char* get_string(private_message_t *this, char *buf, int len) pos += written; len -= written; } - if (payload->get_type(payload) == CONFIGURATION || - payload->get_type(payload) == CONFIGURATION_V1) + if (payload->get_type(payload) == PLV2_CONFIGURATION || + payload->get_type(payload) == PLV1_CONFIGURATION) { cp_payload_t *cp = (cp_payload_t*)payload; enumerator_t *attributes; @@ -1365,7 +1365,7 @@ static void order_payloads(private_message_t *this) notify = (notify_payload_t*)payload; /**... and check notify for type. */ - if (order.type != NOTIFY || order.notify == 0 || + if (order.type != PLV2_NOTIFY || order.notify == 0 || order.notify == notify->get_notify_type(notify)) { list->remove_at(list, enumerator); @@ -1410,11 +1410,11 @@ static encryption_payload_t* wrap_payloads(private_message_t *this) if (this->is_encrypted) { - encryption = encryption_payload_create(ENCRYPTED_V1); + encryption = encryption_payload_create(PLV1_ENCRYPTED); } else { - encryption = encryption_payload_create(ENCRYPTED); + encryption = encryption_payload_create(PLV2_ENCRYPTED); } while (payloads->remove_first(payloads, (void**)¤t) == SUCCESS) { @@ -1500,7 +1500,7 @@ METHOD(message_t, generate, status_t, { /* insert a HASH payload as first payload */ hash_payload_t *hash_payload; - hash_payload = hash_payload_create(HASH_V1); + hash_payload = hash_payload_create(PLV1_HASH); hash_payload->set_hash(hash_payload, hash); this->payloads->insert_first(this->payloads, hash_payload); if (this->exchange_type == INFORMATIONAL_V1) @@ -1598,7 +1598,7 @@ METHOD(message_t, generate, status_t, } else { - next_type = encryption ? ENCRYPTED : NO_PAYLOAD; + next_type = encryption ? PLV2_ENCRYPTED : PL_NONE; } payload->set_next_type(payload, next_type); generator->generate_payload(generator, payload); @@ -1683,7 +1683,7 @@ METHOD(message_t, parse_header, status_t, DBG2(DBG_ENC, "parsing header of message"); this->parser->reset_context(this->parser); - status = this->parser->parse_payload(this->parser, HEADER, + status = this->parser->parse_payload(this->parser, PL_HEADER, (payload_t**)&ike_header); if (status != SUCCESS) { @@ -1722,7 +1722,7 @@ METHOD(message_t, parse_header, status_t, } this->first_payload = ike_header->payload_interface.get_next_type( &ike_header->payload_interface); - if (this->first_payload == FRAGMENT_V1 && this->is_encrypted) + if (this->first_payload == PLV1_FRAGMENT && this->is_encrypted) { /* racoon sets the encryted bit when sending a fragment, but these * messages are really not encrypted */ this->is_encrypted = FALSE; @@ -1752,7 +1752,7 @@ static bool is_connectivity_check(private_message_t *this, payload_t *payload) { #ifdef ME if (this->exchange_type == INFORMATIONAL && - payload->get_type(payload) == NOTIFY) + payload->get_type(payload) == PLV2_NOTIFY) { notify_payload_t *notify = (notify_payload_t*)payload; @@ -1784,7 +1784,7 @@ static status_t parse_payloads(private_message_t *this) * payload which is then handled just like a regular payload */ encryption_payload_t *encryption; - status = this->parser->parse_payload(this->parser, ENCRYPTED_V1, + status = this->parser->parse_payload(this->parser, PLV1_ENCRYPTED, (payload_t**)&encryption); if (status != SUCCESS) { @@ -1797,7 +1797,7 @@ static status_t parse_payloads(private_message_t *this) return SUCCESS; } - while (type != NO_PAYLOAD) + while (type != PL_NONE) { DBG2(DBG_ENC, "starting parsing a %N payload", payload_type_names, type); @@ -1826,7 +1826,7 @@ static status_t parse_payloads(private_message_t *this) /* an encrypted payload is the last one, so STOP here. decryption is * done later */ - if (type == ENCRYPTED) + if (type == PLV2_ENCRYPTED) { DBG2(DBG_ENC, "%N payload found, stop parsing", payload_type_names, type); @@ -1930,7 +1930,7 @@ static bool accept_unencrypted_mm(private_message_t *this, payload_type_t type) { if (this->exchange_type == ID_PROT) { - if (type == ID_V1 || type == HASH_V1) + if (type == PLV1_ID || type == PLV1_HASH) { return lib->settings->get_bool(lib->settings, "%s.accept_unencrypted_mainmode_messages", @@ -1959,7 +1959,7 @@ static status_t decrypt_payloads(private_message_t *this, keymat_t *keymat) DBG2(DBG_ENC, "process payload of type %N", payload_type_names, type); - if (type == ENCRYPTED || type == ENCRYPTED_V1) + if (type == PLV2_ENCRYPTED || type == PLV1_ENCRYPTED) { encryption_payload_t *encryption; @@ -2116,7 +2116,7 @@ METHOD(message_t, parse_body, status_t, hash_payload_t *hash_payload; chunk_t other_hash; - if (this->first_payload != HASH_V1) + if (this->first_payload != PLV1_HASH) { if (this->exchange_type == INFORMATIONAL_V1) { @@ -2130,7 +2130,7 @@ METHOD(message_t, parse_body, status_t, chunk_free(&hash); return VERIFY_ERROR; } - hash_payload = (hash_payload_t*)get_payload(this, HASH_V1); + hash_payload = (hash_payload_t*)get_payload(this, PLV1_HASH); other_hash = hash_payload->get_hash(hash_payload); DBG3(DBG_ENC, "HASH received %B\nHASH expected %B", &other_hash, &hash); @@ -2211,7 +2211,7 @@ message_t *message_create_from_packet(packet_t *packet) }, .exchange_type = EXCHANGE_TYPE_UNDEFINED, .is_request = TRUE, - .first_payload = NO_PAYLOAD, + .first_payload = PL_NONE, .packet = packet, .payloads = linked_list_create(), .parser = parser_create(packet->get_data(packet)), diff --git a/src/libcharon/encoding/parser.c b/src/libcharon/encoding/parser.c index 9e7f8311b..c33e30dd3 100644 --- a/src/libcharon/encoding/parser.c +++ b/src/libcharon/encoding/parser.c @@ -15,7 +15,6 @@ */ #include <stdlib.h> -#include <arpa/inet.h> #include <string.h> #include "parser.h" @@ -486,15 +485,15 @@ METHOD(parser_t, parse_payload, status_t, } break; } - case PAYLOAD_LIST + PROPOSAL_SUBSTRUCTURE: - case PAYLOAD_LIST + PROPOSAL_SUBSTRUCTURE_V1: - case PAYLOAD_LIST + TRANSFORM_SUBSTRUCTURE: - case PAYLOAD_LIST + TRANSFORM_SUBSTRUCTURE_V1: - case PAYLOAD_LIST + TRANSFORM_ATTRIBUTE: - case PAYLOAD_LIST + TRANSFORM_ATTRIBUTE_V1: - case PAYLOAD_LIST + CONFIGURATION_ATTRIBUTE: - case PAYLOAD_LIST + CONFIGURATION_ATTRIBUTE_V1: - case PAYLOAD_LIST + TRAFFIC_SELECTOR_SUBSTRUCTURE: + case PAYLOAD_LIST + PLV2_PROPOSAL_SUBSTRUCTURE: + case PAYLOAD_LIST + PLV1_PROPOSAL_SUBSTRUCTURE: + case PAYLOAD_LIST + PLV2_TRANSFORM_SUBSTRUCTURE: + case PAYLOAD_LIST + PLV1_TRANSFORM_SUBSTRUCTURE: + case PAYLOAD_LIST + PLV2_TRANSFORM_ATTRIBUTE: + case PAYLOAD_LIST + PLV1_TRANSFORM_ATTRIBUTE: + case PAYLOAD_LIST + PLV2_CONFIGURATION_ATTRIBUTE: + case PAYLOAD_LIST + PLV1_CONFIGURATION_ATTRIBUTE: + case PAYLOAD_LIST + PLV2_TRAFFIC_SELECTOR_SUBSTRUCTURE: { if (payload_length < header_length || !parse_list(this, rule_number, output + rule->offset, diff --git a/src/libcharon/encoding/payloads/auth_payload.c b/src/libcharon/encoding/payloads/auth_payload.c index 2410a1aaa..ee3ed54fd 100644 --- a/src/libcharon/encoding/payloads/auth_payload.c +++ b/src/libcharon/encoding/payloads/auth_payload.c @@ -135,7 +135,7 @@ METHOD(payload_t, get_header_length, int, METHOD(payload_t, get_type, payload_type_t, private_auth_payload_t *this) { - return AUTHENTICATION; + return PLV2_AUTH; } METHOD(payload_t, get_next_type, payload_type_t, @@ -214,7 +214,7 @@ auth_payload_t *auth_payload_create() .get_data = _get_data, .destroy = _destroy, }, - .next_payload = NO_PAYLOAD, + .next_payload = PL_NONE, .payload_length = get_header_length(this), ); return &this->public; diff --git a/src/libcharon/encoding/payloads/cert_payload.c b/src/libcharon/encoding/payloads/cert_payload.c index 05d41051b..43993ae48 100644 --- a/src/libcharon/encoding/payloads/cert_payload.c +++ b/src/libcharon/encoding/payloads/cert_payload.c @@ -315,7 +315,7 @@ cert_payload_t *cert_payload_create(payload_type_t type) .get_url = _get_url, .destroy = _destroy, }, - .next_payload = NO_PAYLOAD, + .next_payload = PL_NONE, .payload_length = get_header_length(this), .type = type, ); @@ -363,7 +363,7 @@ cert_payload_t *cert_payload_create_from_hash_and_url(chunk_t hash, char *url) { private_cert_payload_t *this; - this = (private_cert_payload_t*)cert_payload_create(CERTIFICATE); + this = (private_cert_payload_t*)cert_payload_create(PLV2_CERTIFICATE); this->encoding = ENC_X509_HASH_AND_URL; this->data = chunk_cat("cc", hash, chunk_create(url, strlen(url))); this->payload_length = get_header_length(this) + this->data.len; diff --git a/src/libcharon/encoding/payloads/certreq_payload.c b/src/libcharon/encoding/payloads/certreq_payload.c index df5e73b5b..6ac90a2a0 100644 --- a/src/libcharon/encoding/payloads/certreq_payload.c +++ b/src/libcharon/encoding/payloads/certreq_payload.c @@ -66,7 +66,7 @@ struct private_certreq_payload_t { chunk_t data; /** - * Payload type CERTIFICATE_REQUEST or CERTIFICATE_REQUEST_V1 + * Payload type PLV2_CERTREQ or PLV1_CERTREQ */ payload_type_t type; }; @@ -111,7 +111,7 @@ static encoding_rule_t encodings[] = { METHOD(payload_t, verify, status_t, private_certreq_payload_t *this) { - if (this->type == CERTIFICATE_REQUEST && + if (this->type == PLV2_CERTREQ && this->encoding == ENC_X509_SIGNATURE) { if (this->data.len % HASH_SIZE_SHA1) @@ -218,7 +218,7 @@ METHOD(certreq_payload_t, create_keyid_enumerator, enumerator_t*, { keyid_enumerator_t *enumerator; - if (this->type == CERTIFICATE_REQUEST_V1) + if (this->type == PLV1_CERTREQ) { return enumerator_create_empty(); } @@ -276,7 +276,7 @@ certreq_payload_t *certreq_payload_create(payload_type_t type) .destroy = _destroy, .get_dn = _get_dn, }, - .next_payload = NO_PAYLOAD, + .next_payload = PL_NONE, .payload_length = get_header_length(this), .type = type, ); @@ -291,7 +291,7 @@ certreq_payload_t *certreq_payload_create_type(certificate_type_t type) private_certreq_payload_t *this; this = (private_certreq_payload_t*) - certreq_payload_create(CERTIFICATE_REQUEST); + certreq_payload_create(PLV2_CERTREQ); switch (type) { case CERT_X509: @@ -314,7 +314,7 @@ certreq_payload_t *certreq_payload_create_dn(identification_t *id) private_certreq_payload_t *this; this = (private_certreq_payload_t*) - certreq_payload_create(CERTIFICATE_REQUEST_V1); + certreq_payload_create(PLV1_CERTREQ); this->encoding = ENC_X509_SIGNATURE; this->data = chunk_clone(id->get_encoding(id)); diff --git a/src/libcharon/encoding/payloads/configuration_attribute.c b/src/libcharon/encoding/payloads/configuration_attribute.c index 482eca882..481bb7bc6 100644 --- a/src/libcharon/encoding/payloads/configuration_attribute.c +++ b/src/libcharon/encoding/payloads/configuration_attribute.c @@ -61,7 +61,7 @@ struct private_configuration_attribute_t { chunk_t value; /** - * Payload type, CONFIGURATION_ATTRIBUTE or DATA_ATTRIBUTE_V1 + * Payload type, PLV2_CONFIGURATION_ATTRIBUTE or DATA_ATTRIBUTE_V1 */ payload_type_t type; }; @@ -209,7 +209,7 @@ METHOD(payload_t, verify, status_t, METHOD(payload_t, get_encoding_rules, int, private_configuration_attribute_t *this, encoding_rule_t **rules) { - if (this->type == CONFIGURATION_ATTRIBUTE) + if (this->type == PLV2_CONFIGURATION_ATTRIBUTE) { *rules = encodings_v2; return countof(encodings_v2); @@ -233,7 +233,7 @@ METHOD(payload_t, get_type, payload_type_t, METHOD(payload_t, get_next_type, payload_type_t, private_configuration_attribute_t *this) { - return NO_PAYLOAD; + return PL_NONE; } METHOD(payload_t, set_next_type, void, @@ -335,7 +335,7 @@ configuration_attribute_t *configuration_attribute_create_value( private_configuration_attribute_t *this; this = (private_configuration_attribute_t*) - configuration_attribute_create(CONFIGURATION_ATTRIBUTE_V1); + configuration_attribute_create(PLV1_CONFIGURATION_ATTRIBUTE); this->attr_type = ((u_int16_t)attr_type) & 0x7FFF; this->length_or_value = value; this->af_flag = TRUE; diff --git a/src/libcharon/encoding/payloads/configuration_attribute.h b/src/libcharon/encoding/payloads/configuration_attribute.h index ecc0f9c07..946c1b500 100644 --- a/src/libcharon/encoding/payloads/configuration_attribute.h +++ b/src/libcharon/encoding/payloads/configuration_attribute.h @@ -68,7 +68,7 @@ struct configuration_attribute_t { /** * Creates an empty configuration attribute. * - * @param type CONFIGURATION_ATTRIBUTE or CONFIGURATION_ATTRIBUTE_V1 + * @param type PLV2_CONFIGURATION_ATTRIBUTE or PLV1_CONFIGURATION_ATTRIBUTE * @return created configuration attribute */ configuration_attribute_t *configuration_attribute_create(payload_type_t type); @@ -76,7 +76,7 @@ configuration_attribute_t *configuration_attribute_create(payload_type_t type); /** * Creates a configuration attribute with type and value. * - * @param type CONFIGURATION_ATTRIBUTE or CONFIGURATION_ATTRIBUTE_V1 + * @param type PLV2_CONFIGURATION_ATTRIBUTE or PLV1_CONFIGURATION_ATTRIBUTE * @param attr_type type of configuration attribute * @param chunk attribute value, gets cloned * @return created configuration attribute @@ -89,7 +89,7 @@ configuration_attribute_t *configuration_attribute_create_chunk( * * @param attr_type type of configuration attribute * @param value attribute value, gets cloned - * @return created CONFIGURATION_ATTRIBUTE_V1 configuration attribute + * @return created PLV1_CONFIGURATION_ATTRIBUTE configuration attribute */ configuration_attribute_t *configuration_attribute_create_value( configuration_attribute_type_t attr_type, u_int16_t value); diff --git a/src/libcharon/encoding/payloads/cp_payload.c b/src/libcharon/encoding/payloads/cp_payload.c index f6f373f99..ef9df84f7 100644 --- a/src/libcharon/encoding/payloads/cp_payload.c +++ b/src/libcharon/encoding/payloads/cp_payload.c @@ -82,7 +82,7 @@ struct private_cp_payload_t { u_int8_t cfg_type; /** - * CONFIGURATION or CONFIGURATION_V1 + * PLV2_CONFIGURATION or PLV1_CONFIGURATION */ payload_type_t type; }; @@ -111,7 +111,7 @@ static encoding_rule_t encodings_v2[] = { { RESERVED_BYTE, offsetof(private_cp_payload_t, reserved_byte[1])}, { RESERVED_BYTE, offsetof(private_cp_payload_t, reserved_byte[2])}, /* list of configuration attributes in a list */ - { PAYLOAD_LIST + CONFIGURATION_ATTRIBUTE, + { PAYLOAD_LIST + PLV2_CONFIGURATION_ATTRIBUTE, offsetof(private_cp_payload_t, attributes) }, }; @@ -152,7 +152,7 @@ static encoding_rule_t encodings_v1[] = { { RESERVED_BYTE, offsetof(private_cp_payload_t, reserved_byte[0])}, { U_INT_16, offsetof(private_cp_payload_t, identifier)}, /* list of configuration attributes in a list */ - { PAYLOAD_LIST + CONFIGURATION_ATTRIBUTE_V1, + { PAYLOAD_LIST + PLV1_CONFIGURATION_ATTRIBUTE, offsetof(private_cp_payload_t, attributes) }, }; @@ -193,7 +193,7 @@ METHOD(payload_t, verify, status_t, METHOD(payload_t, get_encoding_rules, int, private_cp_payload_t *this, encoding_rule_t **rules) { - if (this->type == CONFIGURATION) + if (this->type == PLV2_CONFIGURATION) { *rules = encodings_v2; return countof(encodings_v2); @@ -314,7 +314,7 @@ cp_payload_t *cp_payload_create_type(payload_type_t type, config_type_t cfg_type .set_identifier = _set_identifier, .destroy = _destroy, }, - .next_payload = NO_PAYLOAD, + .next_payload = PL_NONE, .payload_length = get_header_length(this), .attributes = linked_list_create(), .cfg_type = cfg_type, diff --git a/src/libcharon/encoding/payloads/cp_payload.h b/src/libcharon/encoding/payloads/cp_payload.h index c23bc0bb4..d466989d6 100644 --- a/src/libcharon/encoding/payloads/cp_payload.h +++ b/src/libcharon/encoding/payloads/cp_payload.h @@ -100,7 +100,7 @@ struct cp_payload_t { /** * Creates an empty configuration payload * - * @param type payload type, CONFIGURATION or CONFIGURATION_V1 + * @param type payload type, PLV2_CONFIGURATION or PLV1_CONFIGURATION * @return empty configuration payload */ cp_payload_t *cp_payload_create(payload_type_t type); @@ -108,7 +108,7 @@ cp_payload_t *cp_payload_create(payload_type_t type); /** * Creates an cp_payload_t with type and value * - * @param type payload type, CONFIGURATION or CONFIGURATION_V1 + * @param type payload type, PLV2_CONFIGURATION or PLV1_CONFIGURATION * @param cfg_type type of configuration payload to create * @return created configuration payload */ diff --git a/src/libcharon/encoding/payloads/delete_payload.c b/src/libcharon/encoding/payloads/delete_payload.c index 007411f37..c2ab3b951 100644 --- a/src/libcharon/encoding/payloads/delete_payload.c +++ b/src/libcharon/encoding/payloads/delete_payload.c @@ -78,7 +78,7 @@ struct private_delete_payload_t { chunk_t spis; /** - * Payload type, DELETE or DELETE_V1 + * Payload type, PLV2_DELETE or PLV1_DELETE */ payload_type_t type; }; @@ -178,7 +178,7 @@ METHOD(payload_t, verify, status_t, break; case PROTO_IKE: case 0: - if (this->type == DELETE) + if (this->type == PLV2_DELETE) { /* IKEv2 deletion has no spi assigned! */ if (this->spi_size != 0) { @@ -206,7 +206,7 @@ METHOD(payload_t, verify, status_t, METHOD(payload_t, get_encoding_rules, int, private_delete_payload_t *this, encoding_rule_t **rules) { - if (this->type == DELETE) + if (this->type == PLV2_DELETE) { *rules = encodings_v2; return countof(encodings_v2); @@ -218,7 +218,7 @@ METHOD(payload_t, get_encoding_rules, int, METHOD(payload_t, get_header_length, int, private_delete_payload_t *this) { - if (this->type == DELETE) + if (this->type == PLV2_DELETE) { return 8; } @@ -355,7 +355,7 @@ delete_payload_t *delete_payload_create(payload_type_t type, .create_spi_enumerator = _create_spi_enumerator, .destroy = _destroy, }, - .next_payload = NO_PAYLOAD, + .next_payload = PL_NONE, .protocol_id = protocol_id, .doi = IKEV1_DOI_IPSEC, .type = type, @@ -364,7 +364,7 @@ delete_payload_t *delete_payload_create(payload_type_t type, if (protocol_id == PROTO_IKE) { - if (type == DELETE_V1) + if (type == PLV1_DELETE) { this->spi_size = 16; } diff --git a/src/libcharon/encoding/payloads/delete_payload.h b/src/libcharon/encoding/payloads/delete_payload.h index afce1ecf1..46a89eab6 100644 --- a/src/libcharon/encoding/payloads/delete_payload.h +++ b/src/libcharon/encoding/payloads/delete_payload.h @@ -76,7 +76,7 @@ struct delete_payload_t { /** * Creates an empty delete_payload_t object. * - * @param type DELETE or DELETE_V1 + * @param type PLV2_DELETE or PLV1_DELETE * @param protocol_id protocol, such as AH|ESP * @return delete_payload_t object */ diff --git a/src/libcharon/encoding/payloads/eap_payload.c b/src/libcharon/encoding/payloads/eap_payload.c index f2f35aa69..ebdf8a3fe 100644 --- a/src/libcharon/encoding/payloads/eap_payload.c +++ b/src/libcharon/encoding/payloads/eap_payload.c @@ -162,7 +162,7 @@ METHOD(payload_t, get_header_length, int, METHOD(payload_t, get_payload_type, payload_type_t, private_eap_payload_t *this) { - return EXTENSIBLE_AUTHENTICATION; + return PLV2_EAP; } METHOD(payload_t, get_next_type, payload_type_t, @@ -341,7 +341,7 @@ eap_payload_t *eap_payload_create() .is_expanded = _is_expanded, .destroy = _destroy, }, - .next_payload = NO_PAYLOAD, + .next_payload = PL_NONE, .payload_length = get_header_length(this), ); return &this->public; diff --git a/src/libcharon/encoding/payloads/encryption_payload.c b/src/libcharon/encoding/payloads/encryption_payload.c index 6a9f9c3bd..5784562f8 100644 --- a/src/libcharon/encoding/payloads/encryption_payload.c +++ b/src/libcharon/encoding/payloads/encryption_payload.c @@ -74,7 +74,7 @@ struct private_encryption_payload_t { linked_list_t *payloads; /** - * Type of payload, ENCRYPTED or ENCRYPTED_V1 + * Type of payload, PLV2_ENCRYPTED or PLV1_ENCRYPTED */ payload_type_t type; }; @@ -145,7 +145,7 @@ METHOD(payload_t, verify, status_t, METHOD(payload_t, get_encoding_rules, int, private_encryption_payload_t *this, encoding_rule_t **rules) { - if (this->type == ENCRYPTED) + if (this->type == PLV2_ENCRYPTED) { *rules = encodings_v2; return countof(encodings_v2); @@ -157,7 +157,7 @@ METHOD(payload_t, get_encoding_rules, int, METHOD(payload_t, get_header_length, int, private_encryption_payload_t *this) { - if (this->type == ENCRYPTED) + if (this->type == PLV2_ENCRYPTED) { return 4; } @@ -241,7 +241,7 @@ METHOD(encryption_payload_t, add_payload, void, { this->next_payload = payload->get_type(payload); } - payload->set_next_type(payload, NO_PAYLOAD); + payload->set_next_type(payload, PL_NONE); this->payloads->insert_last(this->payloads, payload); compute_length(this); } @@ -281,7 +281,7 @@ static chunk_t generate(private_encryption_payload_t *this, generator->generate_payload(generator, current); current = next; } - current->set_next_type(current, NO_PAYLOAD); + current->set_next_type(current, PL_NONE); generator->generate_payload(generator, current); chunk = generator->get_chunk(generator, &lenpos); @@ -447,7 +447,7 @@ static status_t parse(private_encryption_payload_t *this, chunk_t plain) parser = parser_create(plain); type = this->next_payload; - while (type != NO_PAYLOAD) + while (type != PL_NONE) { payload_t *payload; @@ -618,13 +618,13 @@ encryption_payload_t *encryption_payload_create(payload_type_t type) .decrypt = _decrypt, .destroy = _destroy, }, - .next_payload = NO_PAYLOAD, + .next_payload = PL_NONE, .payloads = linked_list_create(), .type = type, ); this->payload_length = get_header_length(this); - if (type == ENCRYPTED_V1) + if (type == PLV1_ENCRYPTED) { this->public.encrypt = _encrypt_v1; this->public.decrypt = _decrypt_v1; diff --git a/src/libcharon/encoding/payloads/encryption_payload.h b/src/libcharon/encoding/payloads/encryption_payload.h index f4fc7d667..ee44c2de1 100644 --- a/src/libcharon/encoding/payloads/encryption_payload.h +++ b/src/libcharon/encoding/payloads/encryption_payload.h @@ -103,7 +103,7 @@ struct encryption_payload_t { /** * Creates an empty encryption_payload_t object. * - * @param type ENCRYPTED or ENCRYPTED_V1 + * @param type PLV2_ENCRYPTED or PLV1_ENCRYPTED * @return encryption_payload_t object */ encryption_payload_t *encryption_payload_create(payload_type_t type); diff --git a/src/libcharon/encoding/payloads/endpoint_notify.c b/src/libcharon/encoding/payloads/endpoint_notify.c index 25fb42acd..ebe5f32f7 100644 --- a/src/libcharon/encoding/payloads/endpoint_notify.c +++ b/src/libcharon/encoding/payloads/endpoint_notify.c @@ -227,7 +227,7 @@ METHOD(endpoint_notify_t, build_notify, notify_payload_t*, chunk_t data; notify_payload_t *notify; - notify = notify_payload_create(NOTIFY); + notify = notify_payload_create(PLV2_NOTIFY); notify->set_notify_type(notify, ME_ENDPOINT); data = build_notification_data(this); notify->set_notification_data(notify, data); diff --git a/src/libcharon/encoding/payloads/fragment_payload.c b/src/libcharon/encoding/payloads/fragment_payload.c index 1a6b3234b..b861fcc68 100644 --- a/src/libcharon/encoding/payloads/fragment_payload.c +++ b/src/libcharon/encoding/payloads/fragment_payload.c @@ -124,7 +124,7 @@ METHOD(payload_t, get_header_length, int, METHOD(payload_t, get_type, payload_type_t, private_fragment_payload_t *this) { - return FRAGMENT_V1; + return PLV1_FRAGMENT; } METHOD(payload_t, get_next_type, payload_type_t, @@ -201,7 +201,7 @@ fragment_payload_t *fragment_payload_create() .get_data = _get_data, .destroy = _destroy, }, - .next_payload = NO_PAYLOAD, + .next_payload = PL_NONE, ); this->payload_length = get_header_length(this); return &this->public; diff --git a/src/libcharon/encoding/payloads/hash_payload.c b/src/libcharon/encoding/payloads/hash_payload.c index 0cf63ba67..a12b018e5 100644 --- a/src/libcharon/encoding/payloads/hash_payload.c +++ b/src/libcharon/encoding/payloads/hash_payload.c @@ -52,7 +52,7 @@ struct private_hash_payload_t { chunk_t hash; /** - * either HASH_V1 or NAT_D_V1 + * either PLV1_HASH or PLV1_NAT_D */ payload_type_t type; }; @@ -169,7 +169,7 @@ hash_payload_t *hash_payload_create(payload_type_t type) .get_hash = _get_hash, .destroy = _destroy, }, - .next_payload = NO_PAYLOAD, + .next_payload = PL_NONE, .payload_length = get_header_length(this), .type = type, ); diff --git a/src/libcharon/encoding/payloads/hash_payload.h b/src/libcharon/encoding/payloads/hash_payload.h index cfe28460c..604de4894 100644 --- a/src/libcharon/encoding/payloads/hash_payload.h +++ b/src/libcharon/encoding/payloads/hash_payload.h @@ -59,7 +59,7 @@ struct hash_payload_t { /** * Creates an empty hash_payload_t object. * - * @param type either HASH_V1 or NAT_D_V1 + * @param type either PLV1_HASH or PLV1_NAT_D * @return hash_payload_t object */ hash_payload_t *hash_payload_create(payload_type_t type); diff --git a/src/libcharon/encoding/payloads/id_payload.c b/src/libcharon/encoding/payloads/id_payload.c index 7470bb3b4..a002a8f21 100644 --- a/src/libcharon/encoding/payloads/id_payload.c +++ b/src/libcharon/encoding/payloads/id_payload.c @@ -81,7 +81,7 @@ struct private_id_payload_t { u_int16_t port; /** - * one of ID_INITIATOR, ID_RESPONDER, IDv1 and NAT_OA_V1 + * one of PLV2_ID_INITIATOR, PLV2_ID_RESPONDER, IDv1 and PLV1_NAT_OA */ payload_type_t type; }; @@ -165,7 +165,7 @@ METHOD(payload_t, verify, status_t, { bool bad_length = FALSE; - if ((this->type == NAT_OA_V1 || this->type == NAT_OA_DRAFT_00_03_V1) && + if ((this->type == PLV1_NAT_OA || this->type == PLV1_NAT_OA_DRAFT_00_03) && this->id_type != ID_IPV4_ADDR && this->id_type != ID_IPV6_ADDR) { DBG1(DBG_ENC, "invalid ID type %N for %N payload", id_type_names, @@ -195,8 +195,8 @@ METHOD(payload_t, verify, status_t, METHOD(payload_t, get_encoding_rules, int, private_id_payload_t *this, encoding_rule_t **rules) { - if (this->type == ID_V1 || - this->type == NAT_OA_V1 || this->type == NAT_OA_DRAFT_00_03_V1) + if (this->type == PLV1_ID || + this->type == PLV1_NAT_OA || this->type == PLV1_NAT_OA_DRAFT_00_03) { *rules = encodings_v1; return countof(encodings_v1); @@ -368,7 +368,7 @@ id_payload_t *id_payload_create(payload_type_t type) .get_ts = _get_ts, .destroy = _destroy, }, - .next_payload = NO_PAYLOAD, + .next_payload = PL_NONE, .payload_length = get_header_length(this), .type = type, ); @@ -400,7 +400,7 @@ id_payload_t *id_payload_create_from_ts(traffic_selector_t *ts) u_int8_t mask; host_t *net; - this = (private_id_payload_t*)id_payload_create(ID_V1); + this = (private_id_payload_t*)id_payload_create(PLV1_ID); if (ts->is_host(ts, NULL)) { diff --git a/src/libcharon/encoding/payloads/id_payload.h b/src/libcharon/encoding/payloads/id_payload.h index 9a6249429..df1d07553 100644 --- a/src/libcharon/encoding/payloads/id_payload.h +++ b/src/libcharon/encoding/payloads/id_payload.h @@ -70,7 +70,7 @@ struct id_payload_t { /** * Creates an empty id_payload_t object. * - * @param type one of ID_INITIATOR, ID_RESPONDER, ID_V1 and NAT_OA_V1 + * @param type one of PLV2_ID_INITIATOR, PLV2_ID_RESPONDER, PLV1_ID and PLV1_NAT_OA * @return id_payload_t object */ id_payload_t *id_payload_create(payload_type_t type); @@ -78,7 +78,7 @@ id_payload_t *id_payload_create(payload_type_t type); /** * Creates an id_payload_t from an existing identification_t object. * - * @param type one of ID_INITIATOR, ID_RESPONDER, ID_V1 and NAT_OA_V1 + * @param type one of PLV2_ID_INITIATOR, PLV2_ID_RESPONDER, PLV1_ID and PLV1_NAT_OA * @param id identification_t object * @return id_payload_t object */ @@ -89,7 +89,7 @@ id_payload_t *id_payload_create_from_identification(payload_type_t type, * Create an IKEv1 ID_ADDR_SUBNET/RANGE identity from a traffic selector. * * @param ts traffic selector - * @return ID_V1 id_paylad_t object. + * @return PLV1_ID id_paylad_t object. */ id_payload_t *id_payload_create_from_ts(traffic_selector_t *ts); diff --git a/src/libcharon/encoding/payloads/ike_header.c b/src/libcharon/encoding/payloads/ike_header.c index 58b624192..7015667ee 100644 --- a/src/libcharon/encoding/payloads/ike_header.c +++ b/src/libcharon/encoding/payloads/ike_header.c @@ -262,7 +262,7 @@ METHOD(payload_t, get_header_length, int, METHOD(payload_t, get_type, payload_type_t, private_ike_header_t *this) { - return HEADER; + return PL_HEADER; } METHOD(payload_t, get_next_type, payload_type_t, diff --git a/src/libcharon/encoding/payloads/ke_payload.c b/src/libcharon/encoding/payloads/ke_payload.c index 438ea46b9..4f552d6ac 100644 --- a/src/libcharon/encoding/payloads/ke_payload.c +++ b/src/libcharon/encoding/payloads/ke_payload.c @@ -69,7 +69,7 @@ struct private_ke_payload_t { chunk_t key_exchange_data; /** - * Payload type, KEY_EXCHANGE or KEY_EXCHANGE_V1 + * Payload type, PLV2_KEY_EXCHANGE or PLV1_KEY_EXCHANGE */ payload_type_t type; }; @@ -148,7 +148,7 @@ METHOD(payload_t, verify, status_t, METHOD(payload_t, get_encoding_rules, int, private_ke_payload_t *this, encoding_rule_t **rules) { - if (this->type == KEY_EXCHANGE) + if (this->type == PLV2_KEY_EXCHANGE) { *rules = encodings_v2; return countof(encodings_v2); @@ -160,7 +160,7 @@ METHOD(payload_t, get_encoding_rules, int, METHOD(payload_t, get_header_length, int, private_ke_payload_t *this) { - if (this->type == KEY_EXCHANGE) + if (this->type == PLV2_KEY_EXCHANGE) { return 8; } @@ -233,7 +233,7 @@ ke_payload_t *ke_payload_create(payload_type_t type) .get_dh_group_number = _get_dh_group_number, .destroy = _destroy, }, - .next_payload = NO_PAYLOAD, + .next_payload = PL_NONE, .dh_group_number = MODP_NONE, .type = type, ); diff --git a/src/libcharon/encoding/payloads/ke_payload.h b/src/libcharon/encoding/payloads/ke_payload.h index d3aa18484..dfc6308b4 100644 --- a/src/libcharon/encoding/payloads/ke_payload.h +++ b/src/libcharon/encoding/payloads/ke_payload.h @@ -63,7 +63,7 @@ struct ke_payload_t { /** * Creates an empty ke_payload_t object. * - * @param type KEY_EXCHANGE or KEY_EXCHANGE_V1 + * @param type PLV2_KEY_EXCHANGE or PLV1_KEY_EXCHANGE * @return ke_payload_t object */ ke_payload_t *ke_payload_create(payload_type_t type); @@ -71,7 +71,7 @@ ke_payload_t *ke_payload_create(payload_type_t type); /** * Creates a ke_payload_t from a diffie_hellman_t. * - * @param type KEY_EXCHANGE or KEY_EXCHANGE_V1 + * @param type PLV2_KEY_EXCHANGE or PLV1_KEY_EXCHANGE * @param dh diffie hellman object containing group and key * @return ke_payload_t object */ diff --git a/src/libcharon/encoding/payloads/nonce_payload.c b/src/libcharon/encoding/payloads/nonce_payload.c index 3c5eeb535..b0d1c601a 100644 --- a/src/libcharon/encoding/payloads/nonce_payload.c +++ b/src/libcharon/encoding/payloads/nonce_payload.c @@ -60,7 +60,7 @@ struct private_nonce_payload_t { chunk_t nonce; /** - * Payload type, NONCE or NONCE_V1 + * Payload type, PLV2_NONCE or PLV1_NONCE */ payload_type_t type; }; @@ -110,12 +110,12 @@ METHOD(payload_t, verify, status_t, { bad_length = TRUE; } - if (this->type == NONCE && + if (this->type == PLV2_NONCE && this->nonce.len < 16) { bad_length = TRUE; } - if (this->type == NONCE_V1 && + if (this->type == PLV1_NONCE && this->nonce.len < 8) { bad_length = TRUE; @@ -209,7 +209,7 @@ nonce_payload_t *nonce_payload_create(payload_type_t type) .get_nonce = _get_nonce, .destroy = _destroy, }, - .next_payload = NO_PAYLOAD, + .next_payload = PL_NONE, .payload_length = get_header_length(this), .type = type, ); diff --git a/src/libcharon/encoding/payloads/nonce_payload.h b/src/libcharon/encoding/payloads/nonce_payload.h index 5c47f5f9f..ee8ad17f7 100644 --- a/src/libcharon/encoding/payloads/nonce_payload.h +++ b/src/libcharon/encoding/payloads/nonce_payload.h @@ -64,7 +64,7 @@ struct nonce_payload_t { /** * Creates an empty nonce_payload_t object * - * @param type NONCE or NONCE_V1 + * @param type PLV2_NONCE or PLV1_NONCE * @return nonce_payload_t object */ nonce_payload_t *nonce_payload_create(payload_type_t type); diff --git a/src/libcharon/encoding/payloads/notify_payload.c b/src/libcharon/encoding/payloads/notify_payload.c index 889ad6358..dd92e429a 100644 --- a/src/libcharon/encoding/payloads/notify_payload.c +++ b/src/libcharon/encoding/payloads/notify_payload.c @@ -302,7 +302,7 @@ struct private_notify_payload_t { chunk_t notify_data; /** - * Type of payload, NOTIFY or NOTIFY_V1 + * Type of payload, PLV2_NOTIFY or PLV1_NOTIFY */ payload_type_t type; }; @@ -427,7 +427,7 @@ METHOD(payload_t, verify, status_t, { case INVALID_KE_PAYLOAD: { - if (this->type == NOTIFY && this->notify_data.len != 2) + if (this->type == PLV2_NOTIFY && this->notify_data.len != 2) { bad_length = TRUE; } @@ -447,7 +447,7 @@ METHOD(payload_t, verify, status_t, case INVALID_MAJOR_VERSION: case NO_PROPOSAL_CHOSEN: { - if (this->type == NOTIFY && this->notify_data.len != 0) + if (this->type == PLV2_NOTIFY && this->notify_data.len != 0) { bad_length = TRUE; } @@ -531,7 +531,7 @@ METHOD(payload_t, verify, status_t, METHOD(payload_t, get_encoding_rules, int, private_notify_payload_t *this, encoding_rule_t **rules) { - if (this->type == NOTIFY) + if (this->type == PLV2_NOTIFY) { *rules = encodings_v2; return countof(encodings_v2); @@ -543,7 +543,7 @@ METHOD(payload_t, get_encoding_rules, int, METHOD(payload_t, get_header_length, int, private_notify_payload_t *this) { - if (this->type == NOTIFY) + if (this->type == PLV2_NOTIFY) { return 8 + this->spi_size; } @@ -726,7 +726,7 @@ notify_payload_t *notify_payload_create(payload_type_t type) .destroy = _destroy, }, .doi = IKEV1_DOI_IPSEC, - .next_payload = NO_PAYLOAD, + .next_payload = PL_NONE, .type = type, ); compute_length(this); diff --git a/src/libcharon/encoding/payloads/notify_payload.h b/src/libcharon/encoding/payloads/notify_payload.h index c67644a01..3c56f0673 100644 --- a/src/libcharon/encoding/payloads/notify_payload.h +++ b/src/libcharon/encoding/payloads/notify_payload.h @@ -281,7 +281,7 @@ struct notify_payload_t { /** * Creates an empty notify_payload_t object * - * @param type payload type, NOTIFY or NOTIFY_V1 + * @param type payload type, PLV2_NOTIFY or PLV1_NOTIFY * @return created notify_payload_t object */ notify_payload_t *notify_payload_create(payload_type_t type); @@ -289,7 +289,7 @@ notify_payload_t *notify_payload_create(payload_type_t type); /** * Creates an notify_payload_t object of specific type for specific protocol id. * - * @param type payload type, NOTIFY or NOTIFY_V1 + * @param type payload type, PLV2_NOTIFY or PLV1_NOTIFY * @param protocol protocol id (IKE, AH or ESP) * @param notify type of notify * @return notify_payload_t object diff --git a/src/libcharon/encoding/payloads/payload.c b/src/libcharon/encoding/payloads/payload.c index f9dd33edb..fd616620d 100644 --- a/src/libcharon/encoding/payloads/payload.c +++ b/src/libcharon/encoding/payloads/payload.c @@ -39,16 +39,16 @@ #include <encoding/payloads/fragment_payload.h> #include <encoding/payloads/unknown_payload.h> -ENUM_BEGIN(payload_type_names, NO_PAYLOAD, NO_PAYLOAD, - "NO_PAYLOAD"); -ENUM_NEXT(payload_type_names, SECURITY_ASSOCIATION_V1, CONFIGURATION_V1, NO_PAYLOAD, +ENUM_BEGIN(payload_type_names, PL_NONE, PL_NONE, + "PL_NONE"); +ENUM_NEXT(payload_type_names, PLV1_SECURITY_ASSOCIATION, PLV1_CONFIGURATION, PL_NONE, "SECURITY_ASSOCIATION_V1", "PROPOSAL_V1", "TRANSFORM_V1", "KEY_EXCHANGE_V1", "ID_V1", "CERTIFICATE_V1", - "CERTIFICATE_REQUEST_V1", + "CERTREQ_V1", "HASH_V1", "SIGNATURE_V1", "NONCE_V1", @@ -56,41 +56,41 @@ ENUM_NEXT(payload_type_names, SECURITY_ASSOCIATION_V1, CONFIGURATION_V1, NO_PAYL "DELETE_V1", "VENDOR_ID_V1", "CONFIGURATION_V1"); -ENUM_NEXT(payload_type_names, NAT_D_V1, NAT_OA_V1, CONFIGURATION_V1, +ENUM_NEXT(payload_type_names, PLV1_NAT_D, PLV1_NAT_OA, PLV1_CONFIGURATION, "NAT_D_V1", "NAT_OA_V1"); -ENUM_NEXT(payload_type_names, SECURITY_ASSOCIATION, GENERIC_SECURE_PASSWORD_METHOD, NAT_OA_V1, +ENUM_NEXT(payload_type_names, PLV2_SECURITY_ASSOCIATION, PLV2_GSPM, PLV1_NAT_OA, "SECURITY_ASSOCIATION", "KEY_EXCHANGE", "ID_INITIATOR", "ID_RESPONDER", "CERTIFICATE", - "CERTIFICATE_REQUEST", - "AUTHENTICATION", + "CERTREQ", + "AUTH", "NONCE", "NOTIFY", "DELETE", "VENDOR_ID", - "TRAFFIC_SELECTOR_INITIATOR", - "TRAFFIC_SELECTOR_RESPONDER", + "TS_INITIATOR", + "TS_RESPONDER", "ENCRYPTED", "CONFIGURATION", - "EXTENSIBLE_AUTHENTICATION", - "GENERIC_SECURE_PASSWORD_METHOD"); + "EAP", + "GSPM"); #ifdef ME -ENUM_NEXT(payload_type_names, ID_PEER, ID_PEER, GENERIC_SECURE_PASSWORD_METHOD, +ENUM_NEXT(payload_type_names, PLV2_ID_PEER, PLV2_ID_PEER, PLV2_GSPM, "ID_PEER"); -ENUM_NEXT(payload_type_names, NAT_D_DRAFT_00_03_V1, FRAGMENT_V1, ID_PEER, +ENUM_NEXT(payload_type_names, PLV1_NAT_D_DRAFT_00_03, PLV1_FRAGMENT, PLV2_ID_PEER, "NAT_D_DRAFT_V1", "NAT_OA_DRAFT_V1", "FRAGMENT"); #else -ENUM_NEXT(payload_type_names, NAT_D_DRAFT_00_03_V1, FRAGMENT_V1, GENERIC_SECURE_PASSWORD_METHOD, +ENUM_NEXT(payload_type_names, PLV1_NAT_D_DRAFT_00_03, PLV1_FRAGMENT, PLV2_GSPM, "NAT_D_DRAFT_V1", "NAT_OA_DRAFT_V1", "FRAGMENT"); #endif /* ME */ -ENUM_NEXT(payload_type_names, HEADER, ENCRYPTED_V1, FRAGMENT_V1, +ENUM_NEXT(payload_type_names, PL_HEADER, PLV1_ENCRYPTED, PLV1_FRAGMENT, "HEADER", "PROPOSAL_SUBSTRUCTURE", "PROPOSAL_SUBSTRUCTURE_V1", @@ -102,12 +102,12 @@ ENUM_NEXT(payload_type_names, HEADER, ENCRYPTED_V1, FRAGMENT_V1, "CONFIGURATION_ATTRIBUTE", "CONFIGURATION_ATTRIBUTE_V1", "ENCRYPTED_V1"); -ENUM_END(payload_type_names, ENCRYPTED_V1); +ENUM_END(payload_type_names, PLV1_ENCRYPTED); /* short forms of payload names */ -ENUM_BEGIN(payload_type_short_names, NO_PAYLOAD, NO_PAYLOAD, +ENUM_BEGIN(payload_type_short_names, PL_NONE, PL_NONE, "--"); -ENUM_NEXT(payload_type_short_names, SECURITY_ASSOCIATION_V1, CONFIGURATION_V1, NO_PAYLOAD, +ENUM_NEXT(payload_type_short_names, PLV1_SECURITY_ASSOCIATION, PLV1_CONFIGURATION, PL_NONE, "SA", "PROP", "TRANS", @@ -122,10 +122,10 @@ ENUM_NEXT(payload_type_short_names, SECURITY_ASSOCIATION_V1, CONFIGURATION_V1, N "D", "V", "CP"); -ENUM_NEXT(payload_type_short_names, NAT_D_V1, NAT_OA_V1, CONFIGURATION_V1, +ENUM_NEXT(payload_type_short_names, PLV1_NAT_D, PLV1_NAT_OA, PLV1_CONFIGURATION, "NAT-D", "NAT-OA"); -ENUM_NEXT(payload_type_short_names, SECURITY_ASSOCIATION, GENERIC_SECURE_PASSWORD_METHOD, NAT_OA_V1, +ENUM_NEXT(payload_type_short_names, PLV2_SECURITY_ASSOCIATION, PLV2_GSPM, PLV1_NAT_OA, "SA", "KE", "IDi", @@ -144,19 +144,19 @@ ENUM_NEXT(payload_type_short_names, SECURITY_ASSOCIATION, GENERIC_SECURE_PASSWOR "EAP", "GSPM"); #ifdef ME -ENUM_NEXT(payload_type_short_names, ID_PEER, ID_PEER, GENERIC_SECURE_PASSWORD_METHOD, +ENUM_NEXT(payload_type_short_names, PLV2_ID_PEER, PLV2_ID_PEER, PLV2_GSPM, "IDp"); -ENUM_NEXT(payload_type_short_names, NAT_D_DRAFT_00_03_V1, FRAGMENT_V1, ID_PEER, +ENUM_NEXT(payload_type_short_names, PLV1_NAT_D_DRAFT_00_03, PLV1_FRAGMENT, PLV2_ID_PEER, "NAT-D", "NAT-OA", "FRAG"); #else -ENUM_NEXT(payload_type_short_names, NAT_D_DRAFT_00_03_V1, FRAGMENT_V1, GENERIC_SECURE_PASSWORD_METHOD, +ENUM_NEXT(payload_type_short_names, PLV1_NAT_D_DRAFT_00_03, PLV1_FRAGMENT, PLV2_GSPM, "NAT-D", "NAT-OA", "FRAG"); #endif /* ME */ -ENUM_NEXT(payload_type_short_names, HEADER, ENCRYPTED_V1, FRAGMENT_V1, +ENUM_NEXT(payload_type_short_names, PL_HEADER, PLV1_ENCRYPTED, PLV1_FRAGMENT, "HDR", "PROP", "PROP", @@ -168,7 +168,7 @@ ENUM_NEXT(payload_type_short_names, HEADER, ENCRYPTED_V1, FRAGMENT_V1, "CATTR", "CATTR", "E"); -ENUM_END(payload_type_short_names, ENCRYPTED_V1); +ENUM_END(payload_type_short_names, PLV1_ENCRYPTED); /* * see header @@ -177,75 +177,75 @@ payload_t *payload_create(payload_type_t type) { switch (type) { - case HEADER: + case PL_HEADER: return (payload_t*)ike_header_create(); - case SECURITY_ASSOCIATION: - case SECURITY_ASSOCIATION_V1: + case PLV2_SECURITY_ASSOCIATION: + case PLV1_SECURITY_ASSOCIATION: return (payload_t*)sa_payload_create(type); - case PROPOSAL_SUBSTRUCTURE: - case PROPOSAL_SUBSTRUCTURE_V1: + case PLV2_PROPOSAL_SUBSTRUCTURE: + case PLV1_PROPOSAL_SUBSTRUCTURE: return (payload_t*)proposal_substructure_create(type); - case TRANSFORM_SUBSTRUCTURE: - case TRANSFORM_SUBSTRUCTURE_V1: + case PLV2_TRANSFORM_SUBSTRUCTURE: + case PLV1_TRANSFORM_SUBSTRUCTURE: return (payload_t*)transform_substructure_create(type); - case TRANSFORM_ATTRIBUTE: - case TRANSFORM_ATTRIBUTE_V1: + case PLV2_TRANSFORM_ATTRIBUTE: + case PLV1_TRANSFORM_ATTRIBUTE: return (payload_t*)transform_attribute_create(type); - case NONCE: - case NONCE_V1: + case PLV2_NONCE: + case PLV1_NONCE: return (payload_t*)nonce_payload_create(type); - case ID_INITIATOR: - case ID_RESPONDER: - case ID_V1: - case NAT_OA_V1: - case NAT_OA_DRAFT_00_03_V1: + case PLV2_ID_INITIATOR: + case PLV2_ID_RESPONDER: + case PLV1_ID: + case PLV1_NAT_OA: + case PLV1_NAT_OA_DRAFT_00_03: #ifdef ME - case ID_PEER: + case PLV2_ID_PEER: #endif /* ME */ return (payload_t*)id_payload_create(type); - case AUTHENTICATION: + case PLV2_AUTH: return (payload_t*)auth_payload_create(); - case CERTIFICATE: - case CERTIFICATE_V1: + case PLV2_CERTIFICATE: + case PLV1_CERTIFICATE: return (payload_t*)cert_payload_create(type); - case CERTIFICATE_REQUEST: - case CERTIFICATE_REQUEST_V1: + case PLV2_CERTREQ: + case PLV1_CERTREQ: return (payload_t*)certreq_payload_create(type); - case TRAFFIC_SELECTOR_SUBSTRUCTURE: + case PLV2_TRAFFIC_SELECTOR_SUBSTRUCTURE: return (payload_t*)traffic_selector_substructure_create(); - case TRAFFIC_SELECTOR_INITIATOR: + case PLV2_TS_INITIATOR: return (payload_t*)ts_payload_create(TRUE); - case TRAFFIC_SELECTOR_RESPONDER: + case PLV2_TS_RESPONDER: return (payload_t*)ts_payload_create(FALSE); - case KEY_EXCHANGE: - case KEY_EXCHANGE_V1: + case PLV2_KEY_EXCHANGE: + case PLV1_KEY_EXCHANGE: return (payload_t*)ke_payload_create(type); - case NOTIFY: - case NOTIFY_V1: + case PLV2_NOTIFY: + case PLV1_NOTIFY: return (payload_t*)notify_payload_create(type); - case DELETE: - case DELETE_V1: + case PLV2_DELETE: + case PLV1_DELETE: return (payload_t*)delete_payload_create(type, 0); - case VENDOR_ID: - case VENDOR_ID_V1: + case PLV2_VENDOR_ID: + case PLV1_VENDOR_ID: return (payload_t*)vendor_id_payload_create(type); - case HASH_V1: - case SIGNATURE_V1: - case NAT_D_V1: - case NAT_D_DRAFT_00_03_V1: + case PLV1_HASH: + case PLV1_SIGNATURE: + case PLV1_NAT_D: + case PLV1_NAT_D_DRAFT_00_03: return (payload_t*)hash_payload_create(type); - case CONFIGURATION: - case CONFIGURATION_V1: + case PLV2_CONFIGURATION: + case PLV1_CONFIGURATION: return (payload_t*)cp_payload_create(type); - case CONFIGURATION_ATTRIBUTE: - case CONFIGURATION_ATTRIBUTE_V1: + case PLV2_CONFIGURATION_ATTRIBUTE: + case PLV1_CONFIGURATION_ATTRIBUTE: return (payload_t*)configuration_attribute_create(type); - case EXTENSIBLE_AUTHENTICATION: + case PLV2_EAP: return (payload_t*)eap_payload_create(); - case ENCRYPTED: - case ENCRYPTED_V1: + case PLV2_ENCRYPTED: + case PLV1_ENCRYPTED: return (payload_t*)encryption_payload_create(type); - case FRAGMENT_V1: + case PLV1_FRAGMENT: return (payload_t*)fragment_payload_create(); default: return (payload_t*)unknown_payload_create(type); @@ -257,29 +257,29 @@ payload_t *payload_create(payload_type_t type) */ bool payload_is_known(payload_type_t type) { - if (type == HEADER) + if (type == PL_HEADER) { return TRUE; } - if (type >= SECURITY_ASSOCIATION && type <= EXTENSIBLE_AUTHENTICATION) + if (type >= PLV2_SECURITY_ASSOCIATION && type <= PLV2_EAP) { return TRUE; } - if (type >= SECURITY_ASSOCIATION_V1 && type <= CONFIGURATION_V1) + if (type >= PLV1_SECURITY_ASSOCIATION && type <= PLV1_CONFIGURATION) { return TRUE; } - if (type >= NAT_D_V1 && type <= NAT_OA_V1) + if (type >= PLV1_NAT_D && type <= PLV1_NAT_OA) { return TRUE; } #ifdef ME - if (type == ID_PEER) + if (type == PLV2_ID_PEER) { return TRUE; } #endif - if (type >= NAT_D_DRAFT_00_03_V1 && type <= FRAGMENT_V1) + if (type >= PLV1_NAT_D_DRAFT_00_03 && type <= PLV1_FRAGMENT) { return TRUE; } diff --git a/src/libcharon/encoding/payloads/payload.h b/src/libcharon/encoding/payloads/payload.h index 0e8a9267b..d9dd619f7 100644 --- a/src/libcharon/encoding/payloads/payload.h +++ b/src/libcharon/encoding/payloads/payload.h @@ -45,195 +45,195 @@ enum payload_type_t { /** * End of payload list in next_payload */ - NO_PAYLOAD = 0, + PL_NONE = 0, /** * The security association (SA) payload containing proposals. */ - SECURITY_ASSOCIATION_V1 = 1, + PLV1_SECURITY_ASSOCIATION = 1, /** * The proposal payload, containing transforms. */ - PROPOSAL_V1 = 2, + PLV1_PROPOSAL = 2, /** * The transform payload. */ - TRANSFORM_V1 = 3, + PLV1_TRANSFORM = 3, /** * The key exchange (KE) payload containing diffie-hellman values. */ - KEY_EXCHANGE_V1 = 4, + PLV1_KEY_EXCHANGE = 4, /** * ID payload. */ - ID_V1 = 5, + PLV1_ID = 5, /** * Certificate payload with certificates (CERT). */ - CERTIFICATE_V1 = 6, + PLV1_CERTIFICATE = 6, /** * Certificate request payload. */ - CERTIFICATE_REQUEST_V1 = 7, + PLV1_CERTREQ = 7, /** * Hash payload. */ - HASH_V1 = 8, + PLV1_HASH = 8, /** * Signature payload */ - SIGNATURE_V1 = 9, + PLV1_SIGNATURE = 9, /** * Nonce payload. */ - NONCE_V1 = 10, + PLV1_NONCE = 10, /** * Notification payload. */ - NOTIFY_V1 = 11, + PLV1_NOTIFY = 11, /** * Delete payload. */ - DELETE_V1 = 12, + PLV1_DELETE = 12, /** * Vendor id payload. */ - VENDOR_ID_V1 = 13, + PLV1_VENDOR_ID = 13, /** * Attribute payload (ISAKMP Mode Config, aka configuration payload. */ - CONFIGURATION_V1 = 14, + PLV1_CONFIGURATION = 14, /** * NAT discovery payload (NAT-D). */ - NAT_D_V1 = 20, + PLV1_NAT_D = 20, /** * NAT original address payload (NAT-OA). */ - NAT_OA_V1 = 21, + PLV1_NAT_OA = 21, /** * The security association (SA) payload containing proposals. */ - SECURITY_ASSOCIATION = 33, + PLV2_SECURITY_ASSOCIATION = 33, /** * The key exchange (KE) payload containing diffie-hellman values. */ - KEY_EXCHANGE = 34, + PLV2_KEY_EXCHANGE = 34, /** * Identification for the original initiator (IDi). */ - ID_INITIATOR = 35, + PLV2_ID_INITIATOR = 35, /** * Identification for the original responder (IDr). */ - ID_RESPONDER = 36, + PLV2_ID_RESPONDER = 36, /** * Certificate payload with certificates (CERT). */ - CERTIFICATE = 37, + PLV2_CERTIFICATE = 37, /** * Certificate request payload (CERTREQ). */ - CERTIFICATE_REQUEST = 38, + PLV2_CERTREQ = 38, /** * Authentication payload contains auth data (AUTH). */ - AUTHENTICATION = 39, + PLV2_AUTH = 39, /** * Nonces, for initiator and responder (Ni, Nr, N) */ - NONCE = 40, + PLV2_NONCE = 40, /** * Notify paylaod (N). */ - NOTIFY = 41, + PLV2_NOTIFY = 41, /** * Delete payload (D) */ - DELETE = 42, + PLV2_DELETE = 42, /** * Vendor id paylpoad (V). */ - VENDOR_ID = 43, + PLV2_VENDOR_ID = 43, /** * Traffic selector for the original initiator (TSi). */ - TRAFFIC_SELECTOR_INITIATOR = 44, + PLV2_TS_INITIATOR = 44, /** * Traffic selector for the original responser (TSr). */ - TRAFFIC_SELECTOR_RESPONDER = 45, + PLV2_TS_RESPONDER = 45, /** * Encryption payload, contains other payloads (E). */ - ENCRYPTED = 46, + PLV2_ENCRYPTED = 46, /** * Configuration payload (CP). */ - CONFIGURATION = 47, + PLV2_CONFIGURATION = 47, /** * Extensible authentication payload (EAP). */ - EXTENSIBLE_AUTHENTICATION = 48, + PLV2_EAP = 48, /** * Generic Secure Password Method (GSPM). */ - GENERIC_SECURE_PASSWORD_METHOD = 49, + PLV2_GSPM = 49, #ifdef ME /** * Identification payload for peers has a value from * the PRIVATE USE space. */ - ID_PEER = 128, + PLV2_ID_PEER = 128, #endif /* ME */ /** * NAT discovery payload (NAT-D) (drafts). */ - NAT_D_DRAFT_00_03_V1 = 130, + PLV1_NAT_D_DRAFT_00_03 = 130, /** * NAT original address payload (NAT-OA) (drafts). */ - NAT_OA_DRAFT_00_03_V1 = 131, + PLV1_NAT_OA_DRAFT_00_03 = 131, /** * IKE fragment (proprietary IKEv1 extension) */ - FRAGMENT_V1 = 132, + PLV1_FRAGMENT = 132, /** * Header has a value of PRIVATE USE space. @@ -241,57 +241,57 @@ enum payload_type_t { * This type and all the following are never sent over wire and are * used internally only. */ - HEADER = 256, + PL_HEADER = 256, /** - * PROPOSAL_SUBSTRUCTURE, IKEv2 proposals in a SA payload. + * PLV2_PROPOSAL_SUBSTRUCTURE, IKEv2 proposals in a SA payload. */ - PROPOSAL_SUBSTRUCTURE, + PLV2_PROPOSAL_SUBSTRUCTURE, /** - * PROPOSAL_SUBSTRUCTURE_V1, IKEv1 proposals in a SA payload. + * PLV1_PROPOSAL_SUBSTRUCTURE, IKEv1 proposals in a SA payload. */ - PROPOSAL_SUBSTRUCTURE_V1, + PLV1_PROPOSAL_SUBSTRUCTURE, /** - * TRANSFORM_SUBSTRUCTURE, IKEv2 transforms in a proposal substructure. + * PLV2_TRANSFORM_SUBSTRUCTURE, IKEv2 transforms in a proposal substructure. */ - TRANSFORM_SUBSTRUCTURE, + PLV2_TRANSFORM_SUBSTRUCTURE, /** - * TRANSFORM_SUBSTRUCTURE_V1, IKEv1 transforms in a proposal substructure. + * PLV1_TRANSFORM_SUBSTRUCTURE, IKEv1 transforms in a proposal substructure. */ - TRANSFORM_SUBSTRUCTURE_V1, + PLV1_TRANSFORM_SUBSTRUCTURE, /** - * TRANSFORM_ATTRIBUTE, IKEv2 attribute in a transform. + * PLV2_TRANSFORM_ATTRIBUTE, IKEv2 attribute in a transform. */ - TRANSFORM_ATTRIBUTE, + PLV2_TRANSFORM_ATTRIBUTE, /** - * TRANSFORM_ATTRIBUTE_V1, IKEv1 attribute in a transform. + * PLV1_TRANSFORM_ATTRIBUTE, IKEv1 attribute in a transform. */ - TRANSFORM_ATTRIBUTE_V1, + PLV1_TRANSFORM_ATTRIBUTE, /** - * TRAFFIC_SELECTOR_SUBSTRUCTURE, traffic selector in a TS payload. + * PLV2_TRAFFIC_SELECTOR_SUBSTRUCTURE, traffic selector in a TS payload. */ - TRAFFIC_SELECTOR_SUBSTRUCTURE, + PLV2_TRAFFIC_SELECTOR_SUBSTRUCTURE, /** - * CONFIGURATION_ATTRIBUTE, IKEv2 attribute in a configuration payload. + * PLV2_CONFIGURATION_ATTRIBUTE, IKEv2 attribute in a configuration payload. */ - CONFIGURATION_ATTRIBUTE, + PLV2_CONFIGURATION_ATTRIBUTE, /** - * CONFIGURATION_ATTRIBUTE_V1, IKEv1 attribute in a configuration payload. + * PLV1_CONFIGURATION_ATTRIBUTE, IKEv1 attribute in a configuration payload. */ - CONFIGURATION_ATTRIBUTE_V1, + PLV1_CONFIGURATION_ATTRIBUTE, /** * This is not really a payload, but rather the complete IKEv1 message. */ - ENCRYPTED_V1, + PLV1_ENCRYPTED, }; /** @@ -336,7 +336,7 @@ struct payload_t { payload_type_t (*get_type) (payload_t *this); /** - * Get type of next payload or NO_PAYLOAD (0) if this is the last one. + * Get type of next payload or PL_NONE (0) if this is the last one. * * @return type of next payload */ diff --git a/src/libcharon/encoding/payloads/proposal_substructure.c b/src/libcharon/encoding/payloads/proposal_substructure.c index 3e35b75c6..53e8cf3ad 100644 --- a/src/libcharon/encoding/payloads/proposal_substructure.c +++ b/src/libcharon/encoding/payloads/proposal_substructure.c @@ -88,7 +88,7 @@ struct private_proposal_substructure_t { linked_list_t *transforms; /** - * Type of this payload, PROPOSAL_SUBSTRUCTURE or PROPOSAL_SUBSTRUCTURE_V1 + * Type of this payload, PLV2_PROPOSAL_SUBSTRUCTURE or PLV1_PROPOSAL_SUBSTRUCTURE */ payload_type_t type; }; @@ -114,7 +114,7 @@ static encoding_rule_t encodings_v1[] = { /* SPI is a chunk of variable size*/ { SPI, offsetof(private_proposal_substructure_t, spi) }, /* Transforms are stored in a transform substructure list */ - { PAYLOAD_LIST + TRANSFORM_SUBSTRUCTURE_V1, + { PAYLOAD_LIST + PLV1_TRANSFORM_SUBSTRUCTURE, offsetof(private_proposal_substructure_t, transforms) }, }; @@ -139,7 +139,7 @@ static encoding_rule_t encodings_v2[] = { /* SPI is a chunk of variable size*/ { SPI, offsetof(private_proposal_substructure_t, spi) }, /* Transforms are stored in a transform substructure list */ - { PAYLOAD_LIST + TRANSFORM_SUBSTRUCTURE, + { PAYLOAD_LIST + PLV2_TRANSFORM_SUBSTRUCTURE, offsetof(private_proposal_substructure_t, transforms) }, }; @@ -329,7 +329,7 @@ METHOD(payload_t, verify, status_t, enumerator_t *enumerator; payload_t *current; - if (this->next_payload != NO_PAYLOAD && this->next_payload != 2) + if (this->next_payload != PL_NONE && this->next_payload != 2) { /* must be 0 or 2 */ DBG1(DBG_ENC, "inconsistent next payload"); @@ -361,7 +361,7 @@ METHOD(payload_t, verify, status_t, } break; case PROTO_IKE: - if (this->type == PROPOSAL_SUBSTRUCTURE_V1) + if (this->type == PLV1_PROPOSAL_SUBSTRUCTURE) { if (this->spi.len <= 16) { /* according to RFC 2409, section 3.5 anything between @@ -397,7 +397,7 @@ METHOD(payload_t, verify, status_t, METHOD(payload_t, get_encoding_rules, int, private_proposal_substructure_t *this, encoding_rule_t **rules) { - if (this->type == PROPOSAL_SUBSTRUCTURE) + if (this->type == PLV2_PROPOSAL_SUBSTRUCTURE) { *rules = encodings_v2; return countof(encodings_v2); @@ -1028,7 +1028,7 @@ METHOD(proposal_substructure_t, get_proposals, void, proposal->set_spi(proposal, spi); proposals->insert_last(proposals, proposal); } - if (this->type == PROPOSAL_SUBSTRUCTURE) + if (this->type == PLV2_PROPOSAL_SUBSTRUCTURE) { add_to_proposal_v2(proposal, transform); } @@ -1266,7 +1266,7 @@ proposal_substructure_t *proposal_substructure_create(payload_type_t type) .get_encap_mode = _get_encap_mode, .destroy = _destroy, }, - .next_payload = NO_PAYLOAD, + .next_payload = PL_NONE, .transforms = linked_list_create(), .type = type, ); @@ -1286,7 +1286,7 @@ static void set_from_proposal_v1_ike(private_proposal_substructure_t *this, u_int16_t alg, key_size; enumerator_t *enumerator; - transform = transform_substructure_create_type(TRANSFORM_SUBSTRUCTURE_V1, + transform = transform_substructure_create_type(PLV1_TRANSFORM_SUBSTRUCTURE, number, IKEV1_TRANSID_KEY_IKE); enumerator = proposal->create_enumerator(proposal, ENCRYPTION_ALGORITHM); @@ -1296,12 +1296,12 @@ static void set_from_proposal_v1_ike(private_proposal_substructure_t *this, if (alg) { transform->add_transform_attribute(transform, - transform_attribute_create_value(TRANSFORM_ATTRIBUTE_V1, + transform_attribute_create_value(PLV1_TRANSFORM_ATTRIBUTE, TATTR_PH1_ENCRYPTION_ALGORITHM, alg)); if (key_size) { transform->add_transform_attribute(transform, - transform_attribute_create_value(TRANSFORM_ATTRIBUTE_V1, + transform_attribute_create_value(PLV1_TRANSFORM_ATTRIBUTE, TATTR_PH1_KEY_LENGTH, key_size)); } break; @@ -1317,7 +1317,7 @@ static void set_from_proposal_v1_ike(private_proposal_substructure_t *this, if (alg) { transform->add_transform_attribute(transform, - transform_attribute_create_value(TRANSFORM_ATTRIBUTE_V1, + transform_attribute_create_value(PLV1_TRANSFORM_ATTRIBUTE, TATTR_PH1_HASH_ALGORITHM, alg)); break; } @@ -1328,19 +1328,19 @@ static void set_from_proposal_v1_ike(private_proposal_substructure_t *this, if (enumerator->enumerate(enumerator, &alg, &key_size)) { transform->add_transform_attribute(transform, - transform_attribute_create_value(TRANSFORM_ATTRIBUTE_V1, + transform_attribute_create_value(PLV1_TRANSFORM_ATTRIBUTE, TATTR_PH1_GROUP, alg)); } enumerator->destroy(enumerator); transform->add_transform_attribute(transform, - transform_attribute_create_value(TRANSFORM_ATTRIBUTE_V1, + transform_attribute_create_value(PLV1_TRANSFORM_ATTRIBUTE, TATTR_PH1_AUTH_METHOD, get_ikev1_auth(method))); transform->add_transform_attribute(transform, - transform_attribute_create_value(TRANSFORM_ATTRIBUTE_V1, + transform_attribute_create_value(PLV1_TRANSFORM_ATTRIBUTE, TATTR_PH1_LIFE_TYPE, IKEV1_LIFE_TYPE_SECONDS)); transform->add_transform_attribute(transform, - transform_attribute_create_value(TRANSFORM_ATTRIBUTE_V1, + transform_attribute_create_value(PLV1_TRANSFORM_ATTRIBUTE, TATTR_PH1_LIFE_DURATION, lifetime)); add_transform_substructure(this, transform); @@ -1366,11 +1366,11 @@ static void set_from_proposal_v1(private_proposal_substructure_t *this, if (alg) { transform = transform_substructure_create_type( - TRANSFORM_SUBSTRUCTURE_V1, number, alg); + PLV1_TRANSFORM_SUBSTRUCTURE, number, alg); if (key_size) { transform->add_transform_attribute(transform, - transform_attribute_create_value(TRANSFORM_ATTRIBUTE_V1, + transform_attribute_create_value(PLV1_TRANSFORM_ATTRIBUTE, TATTR_PH2_KEY_LENGTH, key_size)); } } @@ -1386,10 +1386,10 @@ static void set_from_proposal_v1(private_proposal_substructure_t *this, if (!transform) { transform = transform_substructure_create_type( - TRANSFORM_SUBSTRUCTURE_V1, number, alg); + PLV1_TRANSFORM_SUBSTRUCTURE, number, alg); } transform->add_transform_attribute(transform, - transform_attribute_create_value(TRANSFORM_ATTRIBUTE_V1, + transform_attribute_create_value(PLV1_TRANSFORM_ATTRIBUTE, TATTR_PH2_AUTH_ALGORITHM, alg)); } } @@ -1404,30 +1404,30 @@ static void set_from_proposal_v1(private_proposal_substructure_t *this, if (enumerator->enumerate(enumerator, &alg, &key_size)) { transform->add_transform_attribute(transform, - transform_attribute_create_value(TRANSFORM_ATTRIBUTE_V1, + transform_attribute_create_value(PLV1_TRANSFORM_ATTRIBUTE, TATTR_PH2_GROUP, alg)); } enumerator->destroy(enumerator); transform->add_transform_attribute(transform, - transform_attribute_create_value(TRANSFORM_ATTRIBUTE_V1, + transform_attribute_create_value(PLV1_TRANSFORM_ATTRIBUTE, TATTR_PH2_ENCAP_MODE, get_ikev1_mode(mode, udp))); if (lifetime) { transform->add_transform_attribute(transform, - transform_attribute_create_value(TRANSFORM_ATTRIBUTE_V1, + transform_attribute_create_value(PLV1_TRANSFORM_ATTRIBUTE, TATTR_PH2_SA_LIFE_TYPE, IKEV1_LIFE_TYPE_SECONDS)); transform->add_transform_attribute(transform, - transform_attribute_create_value(TRANSFORM_ATTRIBUTE_V1, + transform_attribute_create_value(PLV1_TRANSFORM_ATTRIBUTE, TATTR_PH2_SA_LIFE_DURATION, lifetime)); } if (lifebytes) { transform->add_transform_attribute(transform, - transform_attribute_create_value(TRANSFORM_ATTRIBUTE_V1, + transform_attribute_create_value(PLV1_TRANSFORM_ATTRIBUTE, TATTR_PH2_SA_LIFE_TYPE, IKEV1_LIFE_TYPE_KILOBYTES)); transform->add_transform_attribute(transform, - transform_attribute_create_value(TRANSFORM_ATTRIBUTE_V1, + transform_attribute_create_value(PLV1_TRANSFORM_ATTRIBUTE, TATTR_PH2_SA_LIFE_DURATION, lifebytes / 1000)); } @@ -1448,12 +1448,12 @@ static void set_from_proposal_v2(private_proposal_substructure_t *this, enumerator = proposal->create_enumerator(proposal, ENCRYPTION_ALGORITHM); while (enumerator->enumerate(enumerator, &alg, &key_size)) { - transform = transform_substructure_create_type(TRANSFORM_SUBSTRUCTURE, + transform = transform_substructure_create_type(PLV2_TRANSFORM_SUBSTRUCTURE, ENCRYPTION_ALGORITHM, alg); if (key_size) { transform->add_transform_attribute(transform, - transform_attribute_create_value(TRANSFORM_ATTRIBUTE, + transform_attribute_create_value(PLV2_TRANSFORM_ATTRIBUTE, TATTR_IKEV2_KEY_LENGTH, key_size)); } add_transform_substructure(this, transform); @@ -1464,7 +1464,7 @@ static void set_from_proposal_v2(private_proposal_substructure_t *this, enumerator = proposal->create_enumerator(proposal, INTEGRITY_ALGORITHM); while (enumerator->enumerate(enumerator, &alg, &key_size)) { - transform = transform_substructure_create_type(TRANSFORM_SUBSTRUCTURE, + transform = transform_substructure_create_type(PLV2_TRANSFORM_SUBSTRUCTURE, INTEGRITY_ALGORITHM, alg); add_transform_substructure(this, transform); } @@ -1474,7 +1474,7 @@ static void set_from_proposal_v2(private_proposal_substructure_t *this, enumerator = proposal->create_enumerator(proposal, PSEUDO_RANDOM_FUNCTION); while (enumerator->enumerate(enumerator, &alg, &key_size)) { - transform = transform_substructure_create_type(TRANSFORM_SUBSTRUCTURE, + transform = transform_substructure_create_type(PLV2_TRANSFORM_SUBSTRUCTURE, PSEUDO_RANDOM_FUNCTION, alg); add_transform_substructure(this, transform); } @@ -1484,7 +1484,7 @@ static void set_from_proposal_v2(private_proposal_substructure_t *this, enumerator = proposal->create_enumerator(proposal, DIFFIE_HELLMAN_GROUP); while (enumerator->enumerate(enumerator, &alg, NULL)) { - transform = transform_substructure_create_type(TRANSFORM_SUBSTRUCTURE, + transform = transform_substructure_create_type(PLV2_TRANSFORM_SUBSTRUCTURE, DIFFIE_HELLMAN_GROUP, alg); add_transform_substructure(this, transform); } @@ -1494,7 +1494,7 @@ static void set_from_proposal_v2(private_proposal_substructure_t *this, enumerator = proposal->create_enumerator(proposal, EXTENDED_SEQUENCE_NUMBERS); while (enumerator->enumerate(enumerator, &alg, NULL)) { - transform = transform_substructure_create_type(TRANSFORM_SUBSTRUCTURE, + transform = transform_substructure_create_type(PLV2_TRANSFORM_SUBSTRUCTURE, EXTENDED_SEQUENCE_NUMBERS, alg); add_transform_substructure(this, transform); } @@ -1543,7 +1543,7 @@ proposal_substructure_t *proposal_substructure_create_from_proposal_v2( private_proposal_substructure_t *this; this = (private_proposal_substructure_t*) - proposal_substructure_create(SECURITY_ASSOCIATION); + proposal_substructure_create(PLV2_SECURITY_ASSOCIATION); set_from_proposal_v2(this, proposal); set_data(this, proposal); @@ -1560,7 +1560,7 @@ proposal_substructure_t *proposal_substructure_create_from_proposal_v1( private_proposal_substructure_t *this; this = (private_proposal_substructure_t*) - proposal_substructure_create(PROPOSAL_SUBSTRUCTURE_V1); + proposal_substructure_create(PLV1_PROPOSAL_SUBSTRUCTURE); switch (proposal->get_protocol(proposal)) { case PROTO_IKE: @@ -1636,31 +1636,31 @@ proposal_substructure_t *proposal_substructure_create_for_ipcomp_v1( this = (private_proposal_substructure_t*) - proposal_substructure_create(PROPOSAL_SUBSTRUCTURE_V1); + proposal_substructure_create(PLV1_PROPOSAL_SUBSTRUCTURE); /* we currently support DEFLATE only */ - transform = transform_substructure_create_type(TRANSFORM_SUBSTRUCTURE_V1, + transform = transform_substructure_create_type(PLV1_TRANSFORM_SUBSTRUCTURE, 1, IKEV1_IPCOMP_DEFLATE); transform->add_transform_attribute(transform, - transform_attribute_create_value(TRANSFORM_ATTRIBUTE_V1, + transform_attribute_create_value(PLV1_TRANSFORM_ATTRIBUTE, TATTR_PH2_ENCAP_MODE, get_ikev1_mode(mode, udp))); if (lifetime) { transform->add_transform_attribute(transform, - transform_attribute_create_value(TRANSFORM_ATTRIBUTE_V1, + transform_attribute_create_value(PLV1_TRANSFORM_ATTRIBUTE, TATTR_PH2_SA_LIFE_TYPE, IKEV1_LIFE_TYPE_SECONDS)); transform->add_transform_attribute(transform, - transform_attribute_create_value(TRANSFORM_ATTRIBUTE_V1, + transform_attribute_create_value(PLV1_TRANSFORM_ATTRIBUTE, TATTR_PH2_SA_LIFE_DURATION, lifetime)); } if (lifebytes) { transform->add_transform_attribute(transform, - transform_attribute_create_value(TRANSFORM_ATTRIBUTE_V1, + transform_attribute_create_value(PLV1_TRANSFORM_ATTRIBUTE, TATTR_PH2_SA_LIFE_TYPE, IKEV1_LIFE_TYPE_KILOBYTES)); transform->add_transform_attribute(transform, - transform_attribute_create_value(TRANSFORM_ATTRIBUTE_V1, + transform_attribute_create_value(PLV1_TRANSFORM_ATTRIBUTE, TATTR_PH2_SA_LIFE_DURATION, lifebytes / 1000)); } diff --git a/src/libcharon/encoding/payloads/proposal_substructure.h b/src/libcharon/encoding/payloads/proposal_substructure.h index c8e7adfd8..c4614b88f 100644 --- a/src/libcharon/encoding/payloads/proposal_substructure.h +++ b/src/libcharon/encoding/payloads/proposal_substructure.h @@ -168,7 +168,7 @@ struct proposal_substructure_t { /** * Creates an empty proposal_substructure_t object * - * @param type PROPOSAL_SUBSTRUCTURE or PROPOSAL_SUBSTRUCTURE_V1 + * @param type PLV2_PROPOSAL_SUBSTRUCTURE or PLV1_PROPOSAL_SUBSTRUCTURE * @return proposal_substructure_t object */ proposal_substructure_t *proposal_substructure_create(payload_type_t type); @@ -177,7 +177,7 @@ proposal_substructure_t *proposal_substructure_create(payload_type_t type); * Creates an IKEv2 proposal_substructure_t from a proposal_t. * * @param proposal proposal to build a substruct out of it - * @return proposal_substructure_t PROPOSAL_SUBSTRUCTURE + * @return proposal_substructure_t PLV2_PROPOSAL_SUBSTRUCTURE */ proposal_substructure_t *proposal_substructure_create_from_proposal_v2( proposal_t *proposal); @@ -190,7 +190,7 @@ proposal_substructure_t *proposal_substructure_create_from_proposal_v2( * @param auth authentication method to use, or AUTH_NONE * @param mode IPsec encapsulation mode, TRANSPORT or TUNNEL * @param udp ENCAP_UDP to use UDP encapsulation - * @return proposal_substructure_t object PROPOSAL_SUBSTRUCTURE_V1 + * @return proposal_substructure_t object PLV1_PROPOSAL_SUBSTRUCTURE */ proposal_substructure_t *proposal_substructure_create_from_proposal_v1( proposal_t *proposal, u_int32_t lifetime, u_int64_t lifebytes, @@ -205,7 +205,7 @@ proposal_substructure_t *proposal_substructure_create_from_proposal_v1( * @param auth authentication method to use, or AUTH_NONE * @param mode IPsec encapsulation mode, TRANSPORT or TUNNEL * @param udp ENCAP_UDP to use UDP encapsulation - * @return IKEv1 proposal_substructure_t PROPOSAL_SUBSTRUCTURE_V1 + * @return IKEv1 proposal_substructure_t PLV1_PROPOSAL_SUBSTRUCTURE */ proposal_substructure_t *proposal_substructure_create_from_proposals_v1( linked_list_t *proposals, u_int32_t lifetime, u_int64_t lifebytes, @@ -221,7 +221,7 @@ proposal_substructure_t *proposal_substructure_create_from_proposals_v1( * @param mode IPsec encapsulation mode, TRANSPORT or TUNNEL * @param udp ENCAP_UDP to use UDP encapsulation * @param proposal_number the proposal number of the proposal to be linked - * @return IKEv1 proposal_substructure_t PROPOSAL_SUBSTRUCTURE_V1 + * @return IKEv1 proposal_substructure_t PLV1_PROPOSAL_SUBSTRUCTURE */ proposal_substructure_t *proposal_substructure_create_for_ipcomp_v1( u_int32_t lifetime, u_int64_t lifebytes, u_int16_t cpi, diff --git a/src/libcharon/encoding/payloads/sa_payload.c b/src/libcharon/encoding/payloads/sa_payload.c index 3a5bb43a6..8e3a01285 100644 --- a/src/libcharon/encoding/payloads/sa_payload.c +++ b/src/libcharon/encoding/payloads/sa_payload.c @@ -101,7 +101,7 @@ static encoding_rule_t encodings_v1[] = { /* Situation*/ { U_INT_32, offsetof(private_sa_payload_t, situation) }, /* Proposals are stored in a proposal substructure list */ - { PAYLOAD_LIST + PROPOSAL_SUBSTRUCTURE_V1, + { PAYLOAD_LIST + PLV1_PROPOSAL_SUBSTRUCTURE, offsetof(private_sa_payload_t, proposals) }, }; @@ -140,7 +140,7 @@ static encoding_rule_t encodings_v2[] = { /* Length of the whole SA payload*/ { PAYLOAD_LENGTH, offsetof(private_sa_payload_t, payload_length) }, /* Proposals are stored in a proposal substructure list */ - { PAYLOAD_LIST + PROPOSAL_SUBSTRUCTURE, + { PAYLOAD_LIST + PLV2_PROPOSAL_SUBSTRUCTURE, offsetof(private_sa_payload_t, proposals) }, }; @@ -164,7 +164,7 @@ METHOD(payload_t, verify, status_t, enumerator_t *enumerator; proposal_substructure_t *substruct; - if (this->type == SECURITY_ASSOCIATION) + if (this->type == PLV2_SECURITY_ASSOCIATION) { expected_number = 1; } @@ -196,7 +196,7 @@ METHOD(payload_t, verify, status_t, METHOD(payload_t, get_encoding_rules, int, private_sa_payload_t *this, encoding_rule_t **rules) { - if (this->type == SECURITY_ASSOCIATION_V1) + if (this->type == PLV1_SECURITY_ASSOCIATION) { *rules = encodings_v1; return countof(encodings_v1); @@ -208,7 +208,7 @@ METHOD(payload_t, get_encoding_rules, int, METHOD(payload_t, get_header_length, int, private_sa_payload_t *this) { - if (this->type == SECURITY_ASSOCIATION_V1) + if (this->type == PLV1_SECURITY_ASSOCIATION) { return 12; } @@ -295,7 +295,7 @@ METHOD(sa_payload_t, get_proposals, linked_list_t*, proposal_substructure_t *substruct; linked_list_t *substructs, *list; - if (this->type == SECURITY_ASSOCIATION_V1) + if (this->type == PLV1_SECURITY_ASSOCIATION) { /* IKEv1 proposals start with 0 */ struct_number = ignore_struct_number = -1; } @@ -502,7 +502,7 @@ sa_payload_t *sa_payload_create(payload_type_t type) .get_encap_mode = _get_encap_mode, .destroy = _destroy, }, - .next_payload = NO_PAYLOAD, + .next_payload = PL_NONE, .proposals = linked_list_create(), .type = type, /* for IKEv1 only */ @@ -524,7 +524,7 @@ sa_payload_t *sa_payload_create_from_proposals_v2(linked_list_t *proposals) enumerator_t *enumerator; proposal_t *proposal; - this = (private_sa_payload_t*)sa_payload_create(SECURITY_ASSOCIATION); + this = (private_sa_payload_t*)sa_payload_create(PLV2_SECURITY_ASSOCIATION); enumerator = proposals->create_enumerator(proposals); while (enumerator->enumerate(enumerator, &proposal)) { @@ -542,7 +542,7 @@ sa_payload_t *sa_payload_create_from_proposal_v2(proposal_t *proposal) { private_sa_payload_t *this; - this = (private_sa_payload_t*)sa_payload_create(SECURITY_ASSOCIATION); + this = (private_sa_payload_t*)sa_payload_create(PLV2_SECURITY_ASSOCIATION); add_proposal_v2(this, proposal); return &this->public; @@ -560,7 +560,7 @@ sa_payload_t *sa_payload_create_from_proposals_v1(linked_list_t *proposals, proposal_substructure_t *substruct; private_sa_payload_t *this; - this = (private_sa_payload_t*)sa_payload_create(SECURITY_ASSOCIATION_V1); + this = (private_sa_payload_t*)sa_payload_create(PLV1_SECURITY_ASSOCIATION); if (!proposals || !proposals->get_count(proposals)) { diff --git a/src/libcharon/encoding/payloads/sa_payload.h b/src/libcharon/encoding/payloads/sa_payload.h index b62a341d8..0ddf3619c 100644 --- a/src/libcharon/encoding/payloads/sa_payload.h +++ b/src/libcharon/encoding/payloads/sa_payload.h @@ -104,7 +104,7 @@ struct sa_payload_t { /** * Creates an empty sa_payload_t object * - * @param type SECURITY_ASSOCIATION or SECURITY_ASSOCIATION_V1 + * @param type PLV2_SECURITY_ASSOCIATION or PLV1_SECURITY_ASSOCIATION * @return created sa_payload_t object */ sa_payload_t *sa_payload_create(payload_type_t type); diff --git a/src/libcharon/encoding/payloads/traffic_selector_substructure.c b/src/libcharon/encoding/payloads/traffic_selector_substructure.c index 334823db9..83618ff5d 100644 --- a/src/libcharon/encoding/payloads/traffic_selector_substructure.c +++ b/src/libcharon/encoding/payloads/traffic_selector_substructure.c @@ -168,13 +168,13 @@ METHOD(payload_t, get_header_length, int, METHOD(payload_t, get_type, payload_type_t, private_traffic_selector_substructure_t *this) { - return TRAFFIC_SELECTOR_SUBSTRUCTURE; + return PLV2_TRAFFIC_SELECTOR_SUBSTRUCTURE; } METHOD(payload_t, get_next_type, payload_type_t, private_traffic_selector_substructure_t *this) { - return NO_PAYLOAD; + return PL_NONE; } METHOD(payload_t, set_next_type, void, diff --git a/src/libcharon/encoding/payloads/transform_attribute.c b/src/libcharon/encoding/payloads/transform_attribute.c index d20f77c59..4a5b52dcf 100644 --- a/src/libcharon/encoding/payloads/transform_attribute.c +++ b/src/libcharon/encoding/payloads/transform_attribute.c @@ -98,7 +98,7 @@ struct private_transform_attribute_t { chunk_t attribute_value; /** - * Payload type, TRANSFORM_ATTRIBUTE or TRANSFORM_ATTRIBUTE_V1 + * Payload type, PLV2_TRANSFORM_ATTRIBUTE or PLV1_TRANSFORM_ATTRIBUTE */ payload_type_t type; }; @@ -157,7 +157,7 @@ METHOD(payload_t, get_type, payload_type_t, METHOD(payload_t, get_next_type, payload_type_t, private_transform_attribute_t *this) { - return NO_PAYLOAD; + return PL_NONE; } METHOD(payload_t, set_next_type, void, diff --git a/src/libcharon/encoding/payloads/transform_attribute.h b/src/libcharon/encoding/payloads/transform_attribute.h index 23897a50a..87e283b18 100644 --- a/src/libcharon/encoding/payloads/transform_attribute.h +++ b/src/libcharon/encoding/payloads/transform_attribute.h @@ -127,7 +127,7 @@ struct transform_attribute_t { /** * Creates an empty transform_attribute_t object. * - * @param type TRANSFORM_ATTRIBUTE or TRANSFORM_ATTRIBUTE_V1 + * @param type PLV2_TRANSFORM_ATTRIBUTE or PLV1_TRANSFORM_ATTRIBUTE * @return transform_attribute_t object */ transform_attribute_t *transform_attribute_create(payload_type_t type); @@ -135,7 +135,7 @@ transform_attribute_t *transform_attribute_create(payload_type_t type); /** * Creates a two byte value or a larger attribute for a given attribute kind. * - * @param type TRANSFORM_ATTRIBUTE or TRANSFORM_ATTRIBUTE_V1 + * @param type PLV2_TRANSFORM_ATTRIBUTE or PLV1_TRANSFORM_ATTRIBUTE * @param kind attribute kind * @param value fixed two byte value * @return transform_attribute_t object diff --git a/src/libcharon/encoding/payloads/transform_substructure.c b/src/libcharon/encoding/payloads/transform_substructure.c index a85027561..6885d6181 100644 --- a/src/libcharon/encoding/payloads/transform_substructure.c +++ b/src/libcharon/encoding/payloads/transform_substructure.c @@ -73,13 +73,13 @@ struct private_transform_substructure_t { linked_list_t *attributes; /** - * Payload type, TRANSFORM_SUBSTRUCTURE or TRANSFORM_SUBSTRUCTURE_V1 + * Payload type, PLV2_TRANSFORM_SUBSTRUCTURE or PLV1_TRANSFORM_SUBSTRUCTURE */ payload_type_t type; }; /** - * Encoding rules for TRANSFORM_SUBSTRUCTURE + * Encoding rules for PLV2_TRANSFORM_SUBSTRUCTURE */ static encoding_rule_t encodings_v2[] = { /* 1 Byte next payload type, stored in the field next_payload */ @@ -95,12 +95,12 @@ static encoding_rule_t encodings_v2[] = { /* transform identifier, as used by IKEv2 */ { U_INT_16, offsetof(private_transform_substructure_t, transform_id_v2) }, /* Attributes in a transform attribute list */ - { PAYLOAD_LIST + TRANSFORM_ATTRIBUTE, + { PAYLOAD_LIST + PLV2_TRANSFORM_ATTRIBUTE, offsetof(private_transform_substructure_t, attributes) } }; /** - * Encoding rules for TRANSFORM_SUBSTRUCTURE_V1 + * Encoding rules for PLV1_TRANSFORM_SUBSTRUCTURE */ static encoding_rule_t encodings_v1[] = { /* 1 Byte next payload type, stored in the field next_payload */ @@ -117,7 +117,7 @@ static encoding_rule_t encodings_v1[] = { { RESERVED_BYTE, offsetof(private_transform_substructure_t, reserved[1]) }, { RESERVED_BYTE, offsetof(private_transform_substructure_t, reserved[2]) }, /* Attributes in a transform attribute list */ - { PAYLOAD_LIST + TRANSFORM_ATTRIBUTE_V1, + { PAYLOAD_LIST + PLV1_TRANSFORM_ATTRIBUTE, offsetof(private_transform_substructure_t, attributes) } }; @@ -142,7 +142,7 @@ METHOD(payload_t, verify, status_t, enumerator_t *enumerator; payload_t *attribute; - if (this->next_payload != NO_PAYLOAD && this->next_payload != 3) + if (this->next_payload != PL_NONE && this->next_payload != 3) { DBG1(DBG_ENC, "inconsistent next payload"); return FAILED; @@ -167,7 +167,7 @@ METHOD(payload_t, verify, status_t, METHOD(payload_t, get_encoding_rules, int, private_transform_substructure_t *this, encoding_rule_t **rules) { - if (this->type == TRANSFORM_SUBSTRUCTURE) + if (this->type == PLV2_TRANSFORM_SUBSTRUCTURE) { *rules = encodings_v2; return countof(encodings_v2); @@ -244,7 +244,7 @@ METHOD(transform_substructure_t, get_transform_type_or_number, u_int8_t, METHOD(transform_substructure_t, get_transform_id, u_int16_t, private_transform_substructure_t *this) { - if (this->type == TRANSFORM_SUBSTRUCTURE) + if (this->type == PLV2_TRANSFORM_SUBSTRUCTURE) { return this->transform_id_v2; } @@ -291,7 +291,7 @@ transform_substructure_t *transform_substructure_create(payload_type_t type) .create_attribute_enumerator = _create_attribute_enumerator, .destroy = _destroy, }, - .next_payload = NO_PAYLOAD, + .next_payload = PL_NONE, .transform_length = get_header_length(this), .attributes = linked_list_create(), .type = type, @@ -310,7 +310,7 @@ transform_substructure_t *transform_substructure_create_type(payload_type_t type this = (private_transform_substructure_t*)transform_substructure_create(type); this->transform_ton = type_or_number; - if (type == TRANSFORM_SUBSTRUCTURE) + if (type == PLV2_TRANSFORM_SUBSTRUCTURE) { this->transform_id_v2 = id; } diff --git a/src/libcharon/encoding/payloads/transform_substructure.h b/src/libcharon/encoding/payloads/transform_substructure.h index 97717e65b..ba821d3bd 100644 --- a/src/libcharon/encoding/payloads/transform_substructure.h +++ b/src/libcharon/encoding/payloads/transform_substructure.h @@ -97,7 +97,7 @@ struct transform_substructure_t { /** * Creates an empty transform_substructure_t object. * - * @param type TRANSFORM_SUBSTRUCTURE or TRANSFORM_SUBSTRUCTURE_V1 + * @param type PLV2_TRANSFORM_SUBSTRUCTURE or PLV1_TRANSFORM_SUBSTRUCTURE * @return created transform_substructure_t object */ transform_substructure_t *transform_substructure_create(payload_type_t type); @@ -105,7 +105,7 @@ transform_substructure_t *transform_substructure_create(payload_type_t type); /** * Creates an empty transform_substructure_t object. * - * @param type TRANSFORM_SUBSTRUCTURE or TRANSFORM_SUBSTRUCTURE_V1 + * @param type PLV2_TRANSFORM_SUBSTRUCTURE or PLV1_TRANSFORM_SUBSTRUCTURE * @param type_or_number Type (IKEv2) or number (IKEv1) of transform * @param id transform id specifc for the transform type * @return transform_substructure_t object diff --git a/src/libcharon/encoding/payloads/ts_payload.c b/src/libcharon/encoding/payloads/ts_payload.c index 8dfa47bc2..e74b9ae1b 100644 --- a/src/libcharon/encoding/payloads/ts_payload.c +++ b/src/libcharon/encoding/payloads/ts_payload.c @@ -103,7 +103,7 @@ static encoding_rule_t encodings[] = { { RESERVED_BYTE, offsetof(private_ts_payload_t, reserved_byte[1])}, { RESERVED_BYTE, offsetof(private_ts_payload_t, reserved_byte[2])}, /* wrapped list of traffic selectors substructures */ - { PAYLOAD_LIST + TRAFFIC_SELECTOR_SUBSTRUCTURE, + { PAYLOAD_LIST + PLV2_TRAFFIC_SELECTOR_SUBSTRUCTURE, offsetof(private_ts_payload_t, substrs) }, }; @@ -164,9 +164,9 @@ METHOD(payload_t, get_type, payload_type_t, { if (this->is_initiator) { - return TRAFFIC_SELECTOR_INITIATOR; + return PLV2_TS_INITIATOR; } - return TRAFFIC_SELECTOR_RESPONDER; + return PLV2_TS_RESPONDER; } METHOD(payload_t, get_next_type, payload_type_t, @@ -269,7 +269,7 @@ ts_payload_t *ts_payload_create(bool is_initiator) .get_traffic_selectors = _get_traffic_selectors, .destroy = _destroy, }, - .next_payload = NO_PAYLOAD, + .next_payload = PL_NONE, .payload_length = get_header_length(this), .is_initiator = is_initiator, .substrs = linked_list_create(), diff --git a/src/libcharon/encoding/payloads/unknown_payload.c b/src/libcharon/encoding/payloads/unknown_payload.c index fe7ced20b..45b91fd0b 100644 --- a/src/libcharon/encoding/payloads/unknown_payload.c +++ b/src/libcharon/encoding/payloads/unknown_payload.c @@ -184,7 +184,7 @@ unknown_payload_t *unknown_payload_create(payload_type_t type) .get_data = _get_data, .destroy = _destroy, }, - .next_payload = NO_PAYLOAD, + .next_payload = PL_NONE, .payload_length = get_header_length(this), .type = type, ); diff --git a/src/libcharon/encoding/payloads/vendor_id_payload.c b/src/libcharon/encoding/payloads/vendor_id_payload.c index 0c1df56e2..400e0640d 100644 --- a/src/libcharon/encoding/payloads/vendor_id_payload.c +++ b/src/libcharon/encoding/payloads/vendor_id_payload.c @@ -178,7 +178,7 @@ vendor_id_payload_t *vendor_id_payload_create_data(payload_type_t type, .get_data = _get_data, .destroy = _destroy, }, - .next_payload = NO_PAYLOAD, + .next_payload = PL_NONE, .payload_length = get_header_length(this) + data.len, .data = data, .type = type, diff --git a/src/libcharon/encoding/payloads/vendor_id_payload.h b/src/libcharon/encoding/payloads/vendor_id_payload.h index 9a814777b..42c31f921 100644 --- a/src/libcharon/encoding/payloads/vendor_id_payload.h +++ b/src/libcharon/encoding/payloads/vendor_id_payload.h @@ -55,7 +55,7 @@ struct vendor_id_payload_t { /** * Creates an empty Vendor ID payload for IKEv1 or IKEv2. * - * @@param type VENDOR_ID or VENDOR_ID_V1 + * @@param type PLV2_VENDOR_ID or PLV1_VENDOR_ID * @return vendor ID payload */ vendor_id_payload_t *vendor_id_payload_create(payload_type_t type); @@ -63,7 +63,7 @@ vendor_id_payload_t *vendor_id_payload_create(payload_type_t type); /** * Creates a vendor ID payload using a chunk of data * - * @param type VENDOR_ID or VENDOR_ID_V1 + * @param type PLV2_VENDOR_ID or PLV1_VENDOR_ID * @param data data to use in vendor ID payload, gets owned by payload * @return vendor ID payload */ diff --git a/src/libcharon/network/receiver.c b/src/libcharon/network/receiver.c index 8dfb47b69..a2a3b1f89 100644 --- a/src/libcharon/network/receiver.c +++ b/src/libcharon/network/receiver.c @@ -271,7 +271,7 @@ static bool check_cookie(private_receiver_t *this, message_t *message) if (data.len < IKE_HEADER_LENGTH + NOTIFY_PAYLOAD_HEADER_LENGTH + sizeof(u_int32_t) + this->hasher->get_hash_size(this->hasher) || - *(data.ptr + 16) != NOTIFY || + *(data.ptr + 16) != PLV2_NOTIFY || *(u_int16_t*)(data.ptr + IKE_HEADER_LENGTH + 6) != htons(COOKIE)) { /* no cookie found */ diff --git a/src/libcharon/plugins/addrblock/Makefile.am b/src/libcharon/plugins/addrblock/Makefile.am index 407f22d71..33ee60d86 100644 --- a/src/libcharon/plugins/addrblock/Makefile.am +++ b/src/libcharon/plugins/addrblock/Makefile.am @@ -4,7 +4,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libcharon AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-addrblock.la diff --git a/src/libcharon/plugins/android_dns/Makefile.am b/src/libcharon/plugins/android_dns/Makefile.am index ebad963bb..1a0d6e6f2 100644 --- a/src/libcharon/plugins/android_dns/Makefile.am +++ b/src/libcharon/plugins/android_dns/Makefile.am @@ -4,7 +4,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libcharon AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-android-dns.la diff --git a/src/libcharon/plugins/android_log/Makefile.am b/src/libcharon/plugins/android_log/Makefile.am index 4d8b4850b..79c61b51e 100644 --- a/src/libcharon/plugins/android_log/Makefile.am +++ b/src/libcharon/plugins/android_log/Makefile.am @@ -4,7 +4,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libcharon AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-android-log.la diff --git a/src/libcharon/plugins/certexpire/Makefile.am b/src/libcharon/plugins/certexpire/Makefile.am index 2bfad9497..b8c241dfb 100644 --- a/src/libcharon/plugins/certexpire/Makefile.am +++ b/src/libcharon/plugins/certexpire/Makefile.am @@ -5,7 +5,7 @@ AM_CPPFLAGS = \ -DIPSEC_PIDDIR=\"${piddir}\" AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-certexpire.la diff --git a/src/libcharon/plugins/coupling/Makefile.am b/src/libcharon/plugins/coupling/Makefile.am index cbc06a6b7..badc7b7b2 100644 --- a/src/libcharon/plugins/coupling/Makefile.am +++ b/src/libcharon/plugins/coupling/Makefile.am @@ -4,7 +4,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libcharon AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-coupling.la diff --git a/src/libcharon/plugins/dhcp/Makefile.am b/src/libcharon/plugins/dhcp/Makefile.am index e0e857eed..3c09db016 100644 --- a/src/libcharon/plugins/dhcp/Makefile.am +++ b/src/libcharon/plugins/dhcp/Makefile.am @@ -4,7 +4,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libcharon AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-dhcp.la diff --git a/src/libcharon/plugins/dnscert/Makefile.am b/src/libcharon/plugins/dnscert/Makefile.am index 51d542b30..145562522 100644 --- a/src/libcharon/plugins/dnscert/Makefile.am +++ b/src/libcharon/plugins/dnscert/Makefile.am @@ -4,7 +4,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libcharon AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-dnscert.la diff --git a/src/libcharon/plugins/duplicheck/Makefile.am b/src/libcharon/plugins/duplicheck/Makefile.am index 4ea2becf3..338a114fe 100644 --- a/src/libcharon/plugins/duplicheck/Makefile.am +++ b/src/libcharon/plugins/duplicheck/Makefile.am @@ -5,7 +5,7 @@ AM_CPPFLAGS = \ -DIPSEC_PIDDIR=\"${piddir}\" AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-duplicheck.la diff --git a/src/libcharon/plugins/eap_aka/Makefile.am b/src/libcharon/plugins/eap_aka/Makefile.am index ba6e66039..75e8eafb2 100644 --- a/src/libcharon/plugins/eap_aka/Makefile.am +++ b/src/libcharon/plugins/eap_aka/Makefile.am @@ -5,7 +5,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libsimaka AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-eap-aka.la diff --git a/src/libcharon/plugins/eap_aka_3gpp2/Makefile.am b/src/libcharon/plugins/eap_aka_3gpp2/Makefile.am index 4e2b207d2..ec145a39e 100644 --- a/src/libcharon/plugins/eap_aka_3gpp2/Makefile.am +++ b/src/libcharon/plugins/eap_aka_3gpp2/Makefile.am @@ -5,7 +5,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libsimaka AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) libstrongswan_eap_aka_3gpp2_la_LDFLAGS = -module -avoid-version libstrongswan_eap_aka_3gpp2_la_LIBADD = -lgmp diff --git a/src/libcharon/plugins/eap_dynamic/Makefile.am b/src/libcharon/plugins/eap_dynamic/Makefile.am index 13b4d10b1..58b827a78 100644 --- a/src/libcharon/plugins/eap_dynamic/Makefile.am +++ b/src/libcharon/plugins/eap_dynamic/Makefile.am @@ -4,7 +4,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libcharon AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-eap-dynamic.la diff --git a/src/libcharon/plugins/eap_gtc/Makefile.am b/src/libcharon/plugins/eap_gtc/Makefile.am index 811366a94..c3a12ba3e 100644 --- a/src/libcharon/plugins/eap_gtc/Makefile.am +++ b/src/libcharon/plugins/eap_gtc/Makefile.am @@ -4,7 +4,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libcharon AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-eap-gtc.la diff --git a/src/libcharon/plugins/eap_gtc/eap_gtc.c b/src/libcharon/plugins/eap_gtc/eap_gtc.c index e751b51b6..5fcd9ebc9 100644 --- a/src/libcharon/plugins/eap_gtc/eap_gtc.c +++ b/src/libcharon/plugins/eap_gtc/eap_gtc.c @@ -161,11 +161,11 @@ METHOD(eap_method_t, process_server, status_t, { /* assume that "out" contains username/password attributes */ co->destroy(co); - ci = cp_payload_create_type(CONFIGURATION_V1, CFG_REPLY); + ci = cp_payload_create_type(PLV1_CONFIGURATION, CFG_REPLY); ci->add_attribute(ci, configuration_attribute_create_chunk( - CONFIGURATION_ATTRIBUTE_V1, XAUTH_USER_NAME, user)); + PLV1_CONFIGURATION_ATTRIBUTE, XAUTH_USER_NAME, user)); ci->add_attribute(ci, configuration_attribute_create_chunk( - CONFIGURATION_ATTRIBUTE_V1, XAUTH_USER_PASSWORD, pass)); + PLV1_CONFIGURATION_ATTRIBUTE, XAUTH_USER_PASSWORD, pass)); switch (xauth->process(xauth, ci, &co)) { case SUCCESS: diff --git a/src/libcharon/plugins/eap_identity/Makefile.am b/src/libcharon/plugins/eap_identity/Makefile.am index 1c155866d..6c5b43f00 100644 --- a/src/libcharon/plugins/eap_identity/Makefile.am +++ b/src/libcharon/plugins/eap_identity/Makefile.am @@ -4,7 +4,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libcharon AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-eap-identity.la diff --git a/src/libcharon/plugins/eap_md5/Makefile.am b/src/libcharon/plugins/eap_md5/Makefile.am index 583598342..16aa1919b 100644 --- a/src/libcharon/plugins/eap_md5/Makefile.am +++ b/src/libcharon/plugins/eap_md5/Makefile.am @@ -4,7 +4,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libcharon AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-eap-md5.la diff --git a/src/libcharon/plugins/eap_mschapv2/Makefile.am b/src/libcharon/plugins/eap_mschapv2/Makefile.am index 030682d3e..4276a082d 100644 --- a/src/libcharon/plugins/eap_mschapv2/Makefile.am +++ b/src/libcharon/plugins/eap_mschapv2/Makefile.am @@ -4,7 +4,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libcharon AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-eap-mschapv2.la diff --git a/src/libcharon/plugins/eap_peap/Makefile.am b/src/libcharon/plugins/eap_peap/Makefile.am index 19410a408..8960b84bd 100644 --- a/src/libcharon/plugins/eap_peap/Makefile.am +++ b/src/libcharon/plugins/eap_peap/Makefile.am @@ -5,7 +5,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libtls AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-eap-peap.la diff --git a/src/libcharon/plugins/eap_radius/Makefile.am b/src/libcharon/plugins/eap_radius/Makefile.am index 6fdb0d099..bc7a7765d 100644 --- a/src/libcharon/plugins/eap_radius/Makefile.am +++ b/src/libcharon/plugins/eap_radius/Makefile.am @@ -5,7 +5,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libradius AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-eap-radius.la diff --git a/src/libcharon/plugins/eap_radius/eap_radius_forward.c b/src/libcharon/plugins/eap_radius/eap_radius_forward.c index a41d5207d..52ea84070 100644 --- a/src/libcharon/plugins/eap_radius/eap_radius_forward.c +++ b/src/libcharon/plugins/eap_radius/eap_radius_forward.c @@ -232,8 +232,8 @@ static void ike2queue(message_t *message, linked_list_t *queue, enumerator = message->create_payload_enumerator(message); while (enumerator->enumerate(enumerator, &payload)) { - if (payload->get_type(payload) == NOTIFY || - payload->get_type(payload) == NOTIFY_V1) + if (payload->get_type(payload) == PLV2_NOTIFY || + payload->get_type(payload) == PLV1_NOTIFY) { notify = (notify_payload_t*)payload; if (notify->get_notify_type(notify) == RADIUS_ATTRIBUTE) diff --git a/src/libcharon/plugins/eap_radius/eap_radius_xauth.c b/src/libcharon/plugins/eap_radius/eap_radius_xauth.c index d00f6bb2c..0fea50919 100644 --- a/src/libcharon/plugins/eap_radius/eap_radius_xauth.c +++ b/src/libcharon/plugins/eap_radius/eap_radius_xauth.c @@ -87,12 +87,12 @@ static bool build_round(private_eap_radius_xauth_t *this, cp_payload_t *cp) return FALSE; } cp->add_attribute(cp, configuration_attribute_create_chunk( - CONFIGURATION_ATTRIBUTE_V1, this->round.type, chunk_empty)); + PLV1_CONFIGURATION_ATTRIBUTE, this->round.type, chunk_empty)); if (this->round.message && strlen(this->round.message)) { cp->add_attribute(cp, configuration_attribute_create_chunk( - CONFIGURATION_ATTRIBUTE_V1, XAUTH_MESSAGE, + PLV1_CONFIGURATION_ATTRIBUTE, XAUTH_MESSAGE, chunk_from_str(this->round.message))); } return TRUE; @@ -103,10 +103,10 @@ METHOD(xauth_method_t, initiate, status_t, { cp_payload_t *cp; - cp = cp_payload_create_type(CONFIGURATION_V1, CFG_REQUEST); + cp = cp_payload_create_type(PLV1_CONFIGURATION, CFG_REQUEST); /* first message always comes with username */ cp->add_attribute(cp, configuration_attribute_create_chunk( - CONFIGURATION_ATTRIBUTE_V1, XAUTH_USER_NAME, chunk_empty)); + PLV1_CONFIGURATION_ATTRIBUTE, XAUTH_USER_NAME, chunk_empty)); if (build_round(this, cp)) { @@ -211,7 +211,7 @@ METHOD(xauth_method_t, process, status_t, { return verify_radius(this); } - cp = cp_payload_create_type(CONFIGURATION_V1, CFG_REQUEST); + cp = cp_payload_create_type(PLV1_CONFIGURATION, CFG_REQUEST); if (build_round(this, cp)) { *out = cp; diff --git a/src/libcharon/plugins/eap_sim/Makefile.am b/src/libcharon/plugins/eap_sim/Makefile.am index 2e9dad1b8..f68138579 100644 --- a/src/libcharon/plugins/eap_sim/Makefile.am +++ b/src/libcharon/plugins/eap_sim/Makefile.am @@ -5,7 +5,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libsimaka AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-eap-sim.la diff --git a/src/libcharon/plugins/eap_sim_file/Makefile.am b/src/libcharon/plugins/eap_sim_file/Makefile.am index 0d4da07d5..c38e55e2c 100644 --- a/src/libcharon/plugins/eap_sim_file/Makefile.am +++ b/src/libcharon/plugins/eap_sim_file/Makefile.am @@ -6,7 +6,7 @@ AM_CPPFLAGS = \ -DIPSEC_CONFDIR=\"${sysconfdir}\" AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-eap-sim-file.la diff --git a/src/libcharon/plugins/eap_sim_pcsc/Makefile.am b/src/libcharon/plugins/eap_sim_pcsc/Makefile.am index e5e9d01ca..22922049d 100644 --- a/src/libcharon/plugins/eap_sim_pcsc/Makefile.am +++ b/src/libcharon/plugins/eap_sim_pcsc/Makefile.am @@ -6,7 +6,7 @@ AM_CPPFLAGS = \ AM_CFLAGS = \ ${pcsclite_CFLAGS} \ - -rdynamic + $(PLUGIN_CFLAGS) libstrongswan_eap_sim_pcsc_la_LDFLAGS = -module -avoid-version libstrongswan_eap_sim_pcsc_la_LIBADD = ${pcsclite_LIBS} diff --git a/src/libcharon/plugins/eap_simaka_pseudonym/Makefile.am b/src/libcharon/plugins/eap_simaka_pseudonym/Makefile.am index 0f21c6849..f40efbd6f 100644 --- a/src/libcharon/plugins/eap_simaka_pseudonym/Makefile.am +++ b/src/libcharon/plugins/eap_simaka_pseudonym/Makefile.am @@ -5,7 +5,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libsimaka AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-eap-simaka-pseudonym.la diff --git a/src/libcharon/plugins/eap_simaka_reauth/Makefile.am b/src/libcharon/plugins/eap_simaka_reauth/Makefile.am index be000c6d5..0fb622220 100644 --- a/src/libcharon/plugins/eap_simaka_reauth/Makefile.am +++ b/src/libcharon/plugins/eap_simaka_reauth/Makefile.am @@ -5,7 +5,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libsimaka AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-eap-simaka-reauth.la diff --git a/src/libcharon/plugins/eap_simaka_sql/Makefile.am b/src/libcharon/plugins/eap_simaka_sql/Makefile.am index 9a52bd8ab..b7d6fd43e 100644 --- a/src/libcharon/plugins/eap_simaka_sql/Makefile.am +++ b/src/libcharon/plugins/eap_simaka_sql/Makefile.am @@ -6,7 +6,7 @@ AM_CPPFLAGS = \ -DIPSEC_CONFDIR=\"${sysconfdir}\" AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-eap-simaka-sql.la diff --git a/src/libcharon/plugins/eap_tls/Makefile.am b/src/libcharon/plugins/eap_tls/Makefile.am index c4944fca1..825beb841 100644 --- a/src/libcharon/plugins/eap_tls/Makefile.am +++ b/src/libcharon/plugins/eap_tls/Makefile.am @@ -5,7 +5,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libtls AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-eap-tls.la diff --git a/src/libcharon/plugins/eap_tnc/Makefile.am b/src/libcharon/plugins/eap_tnc/Makefile.am index 9586bef14..6fc78bc9a 100644 --- a/src/libcharon/plugins/eap_tnc/Makefile.am +++ b/src/libcharon/plugins/eap_tnc/Makefile.am @@ -7,7 +7,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libtnccs AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-eap-tnc.la diff --git a/src/libcharon/plugins/eap_ttls/Makefile.am b/src/libcharon/plugins/eap_ttls/Makefile.am index 81776d800..3a7a8cda3 100644 --- a/src/libcharon/plugins/eap_ttls/Makefile.am +++ b/src/libcharon/plugins/eap_ttls/Makefile.am @@ -6,7 +6,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libradius AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-eap-ttls.la diff --git a/src/libcharon/plugins/error_notify/Makefile.am b/src/libcharon/plugins/error_notify/Makefile.am index 980fe1fbd..1c64bd2cc 100644 --- a/src/libcharon/plugins/error_notify/Makefile.am +++ b/src/libcharon/plugins/error_notify/Makefile.am @@ -5,7 +5,7 @@ AM_CPPFLAGS = \ -DIPSEC_PIDDIR=\"${piddir}\" AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-error-notify.la diff --git a/src/libcharon/plugins/farp/Makefile.am b/src/libcharon/plugins/farp/Makefile.am index 95e57d8e6..0d862b0a9 100644 --- a/src/libcharon/plugins/farp/Makefile.am +++ b/src/libcharon/plugins/farp/Makefile.am @@ -4,7 +4,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libcharon AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-farp.la diff --git a/src/libcharon/plugins/ha/Makefile.am b/src/libcharon/plugins/ha/Makefile.am index c10f7f903..50d342389 100644 --- a/src/libcharon/plugins/ha/Makefile.am +++ b/src/libcharon/plugins/ha/Makefile.am @@ -5,7 +5,7 @@ AM_CPPFLAGS = \ -DIPSEC_PIDDIR=\"${piddir}\" AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-ha.la diff --git a/src/libcharon/plugins/ipseckey/Makefile.am b/src/libcharon/plugins/ipseckey/Makefile.am index 3a69e521f..aed63c122 100644 --- a/src/libcharon/plugins/ipseckey/Makefile.am +++ b/src/libcharon/plugins/ipseckey/Makefile.am @@ -4,7 +4,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libcharon AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-ipseckey.la diff --git a/src/libcharon/plugins/kernel_libipsec/Makefile.am b/src/libcharon/plugins/kernel_libipsec/Makefile.am index a39d06753..eca2b2325 100644 --- a/src/libcharon/plugins/kernel_libipsec/Makefile.am +++ b/src/libcharon/plugins/kernel_libipsec/Makefile.am @@ -5,7 +5,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libipsec AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-kernel-libipsec.la diff --git a/src/libcharon/plugins/led/Makefile.am b/src/libcharon/plugins/led/Makefile.am index fbe779dd6..18d6af399 100644 --- a/src/libcharon/plugins/led/Makefile.am +++ b/src/libcharon/plugins/led/Makefile.am @@ -4,7 +4,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libcharon AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-led.la diff --git a/src/libcharon/plugins/load_tester/Makefile.am b/src/libcharon/plugins/load_tester/Makefile.am index e7c08783f..31e1b5c6f 100644 --- a/src/libcharon/plugins/load_tester/Makefile.am +++ b/src/libcharon/plugins/load_tester/Makefile.am @@ -5,7 +5,7 @@ AM_CPPFLAGS = \ -DIPSEC_PIDDIR=\"${piddir}\" AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-load-tester.la diff --git a/src/libcharon/plugins/lookip/Makefile.am b/src/libcharon/plugins/lookip/Makefile.am index 6d71c8c13..223654ea9 100644 --- a/src/libcharon/plugins/lookip/Makefile.am +++ b/src/libcharon/plugins/lookip/Makefile.am @@ -5,7 +5,7 @@ AM_CPPFLAGS = \ -DIPSEC_PIDDIR=\"${piddir}\" AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-lookip.la diff --git a/src/libcharon/plugins/maemo/Makefile.am b/src/libcharon/plugins/maemo/Makefile.am index c3c55ba41..fe5c963fd 100644 --- a/src/libcharon/plugins/maemo/Makefile.am +++ b/src/libcharon/plugins/maemo/Makefile.am @@ -5,7 +5,7 @@ AM_CPPFLAGS = \ AM_CFLAGS = \ ${maemo_CFLAGS} \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-maemo.la diff --git a/src/libcharon/plugins/medcli/Makefile.am b/src/libcharon/plugins/medcli/Makefile.am index f645be27e..cfa825980 100644 --- a/src/libcharon/plugins/medcli/Makefile.am +++ b/src/libcharon/plugins/medcli/Makefile.am @@ -4,7 +4,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libcharon AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-medcli.la diff --git a/src/libcharon/plugins/medsrv/Makefile.am b/src/libcharon/plugins/medsrv/Makefile.am index ec305da21..f21220260 100644 --- a/src/libcharon/plugins/medsrv/Makefile.am +++ b/src/libcharon/plugins/medsrv/Makefile.am @@ -4,7 +4,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libcharon AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-medsrv.la diff --git a/src/libcharon/plugins/osx_attr/Makefile.am b/src/libcharon/plugins/osx_attr/Makefile.am index f1ff22e60..aa1d46290 100644 --- a/src/libcharon/plugins/osx_attr/Makefile.am +++ b/src/libcharon/plugins/osx_attr/Makefile.am @@ -4,7 +4,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libcharon AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-osx-attr.la diff --git a/src/libcharon/plugins/radattr/Makefile.am b/src/libcharon/plugins/radattr/Makefile.am index a0b0584d6..15d5a0a1f 100644 --- a/src/libcharon/plugins/radattr/Makefile.am +++ b/src/libcharon/plugins/radattr/Makefile.am @@ -5,7 +5,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libradius AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-radattr.la diff --git a/src/libcharon/plugins/radattr/radattr_listener.c b/src/libcharon/plugins/radattr/radattr_listener.c index aca83aafc..1d30460ad 100644 --- a/src/libcharon/plugins/radattr/radattr_listener.c +++ b/src/libcharon/plugins/radattr/radattr_listener.c @@ -68,7 +68,7 @@ static void print_radius_attributes(private_radattr_listener_t *this, enumerator = message->create_payload_enumerator(message); while (enumerator->enumerate(enumerator, &payload)) { - if (payload->get_type(payload) == NOTIFY) + if (payload->get_type(payload) == PLV2_NOTIFY) { notify = (notify_payload_t*)payload; if (notify->get_notify_type(notify) == RADIUS_ATTRIBUTE) @@ -144,7 +144,7 @@ METHOD(listener_t, message, bool, { if (plain && ike_sa->supports_extension(ike_sa, EXT_STRONGSWAN) && message->get_exchange_type(message) == IKE_AUTH && - message->get_payload(message, EXTENSIBLE_AUTHENTICATION)) + message->get_payload(message, PLV2_EAP)) { if (incoming) { diff --git a/src/libcharon/plugins/smp/Makefile.am b/src/libcharon/plugins/smp/Makefile.am index 67b4b2a6d..3aa533e56 100644 --- a/src/libcharon/plugins/smp/Makefile.am +++ b/src/libcharon/plugins/smp/Makefile.am @@ -6,7 +6,7 @@ AM_CPPFLAGS = \ AM_CFLAGS = \ ${xml_CFLAGS} \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-smp.la diff --git a/src/libcharon/plugins/socket_default/Makefile.am b/src/libcharon/plugins/socket_default/Makefile.am index d734b313f..e524ffd18 100644 --- a/src/libcharon/plugins/socket_default/Makefile.am +++ b/src/libcharon/plugins/socket_default/Makefile.am @@ -5,7 +5,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libcharon AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-socket-default.la diff --git a/src/libcharon/plugins/socket_dynamic/Makefile.am b/src/libcharon/plugins/socket_dynamic/Makefile.am index 04973e5ba..a1e21b98b 100644 --- a/src/libcharon/plugins/socket_dynamic/Makefile.am +++ b/src/libcharon/plugins/socket_dynamic/Makefile.am @@ -5,7 +5,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libcharon AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-socket-dynamic.la diff --git a/src/libcharon/plugins/sql/Makefile.am b/src/libcharon/plugins/sql/Makefile.am index fd5693123..c947db892 100644 --- a/src/libcharon/plugins/sql/Makefile.am +++ b/src/libcharon/plugins/sql/Makefile.am @@ -4,7 +4,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libcharon AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-sql.la diff --git a/src/libcharon/plugins/stroke/Makefile.am b/src/libcharon/plugins/stroke/Makefile.am index 9509b1bd3..b90688791 100644 --- a/src/libcharon/plugins/stroke/Makefile.am +++ b/src/libcharon/plugins/stroke/Makefile.am @@ -7,7 +7,7 @@ AM_CPPFLAGS = \ -DIPSEC_PIDDIR=\"${piddir}\" AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-stroke.la diff --git a/src/libcharon/plugins/tnc_ifmap/Makefile.am b/src/libcharon/plugins/tnc_ifmap/Makefile.am index dfbb1b632..90fbf4651 100644 --- a/src/libcharon/plugins/tnc_ifmap/Makefile.am +++ b/src/libcharon/plugins/tnc_ifmap/Makefile.am @@ -6,7 +6,7 @@ AM_CPPFLAGS = \ AM_CFLAGS = \ ${xml_CFLAGS} \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-tnc-ifmap.la diff --git a/src/libcharon/plugins/tnc_pdp/Makefile.am b/src/libcharon/plugins/tnc_pdp/Makefile.am index 48de82571..3478c5b30 100644 --- a/src/libcharon/plugins/tnc_pdp/Makefile.am +++ b/src/libcharon/plugins/tnc_pdp/Makefile.am @@ -9,7 +9,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libpttls AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-tnc-pdp.la diff --git a/src/libcharon/plugins/uci/Makefile.am b/src/libcharon/plugins/uci/Makefile.am index 1fcd9ed25..134ced0e3 100644 --- a/src/libcharon/plugins/uci/Makefile.am +++ b/src/libcharon/plugins/uci/Makefile.am @@ -4,7 +4,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libcharon AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-uci.la diff --git a/src/libcharon/plugins/unit_tester/Makefile.am b/src/libcharon/plugins/unit_tester/Makefile.am index 21cf08c61..b7f8fc319 100644 --- a/src/libcharon/plugins/unit_tester/Makefile.am +++ b/src/libcharon/plugins/unit_tester/Makefile.am @@ -4,7 +4,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libcharon AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-unit-tester.la diff --git a/src/libcharon/plugins/unity/Makefile.am b/src/libcharon/plugins/unity/Makefile.am index b50dc9a03..38923e068 100644 --- a/src/libcharon/plugins/unity/Makefile.am +++ b/src/libcharon/plugins/unity/Makefile.am @@ -4,7 +4,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libcharon AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-unity.la diff --git a/src/libcharon/plugins/updown/Makefile.am b/src/libcharon/plugins/updown/Makefile.am index a35909408..f03f4744c 100644 --- a/src/libcharon/plugins/updown/Makefile.am +++ b/src/libcharon/plugins/updown/Makefile.am @@ -4,7 +4,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libcharon AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-updown.la diff --git a/src/libcharon/plugins/vici/Makefile.am b/src/libcharon/plugins/vici/Makefile.am index 162827a73..ec9d08efa 100644 --- a/src/libcharon/plugins/vici/Makefile.am +++ b/src/libcharon/plugins/vici/Makefile.am @@ -5,7 +5,7 @@ AM_CPPFLAGS = \ -DIPSEC_PIDDIR=\"${piddir}\" AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-vici.la diff --git a/src/libcharon/plugins/vici/libvici.c b/src/libcharon/plugins/vici/libvici.c index 6e3b85a72..d1dadddcb 100644 --- a/src/libcharon/plugins/vici/libvici.c +++ b/src/libcharon/plugins/vici/libvici.c @@ -43,7 +43,7 @@ typedef struct { typedef enum { WAIT_IDLE = 0, WAIT_SUCCESS, - WAIT_FAILED, + WAIT_FAILURE, WAIT_READ_ERROR, } wait_state_t; @@ -242,7 +242,7 @@ CALLBACK(on_read, bool, return wait_result(conn, WAIT_SUCCESS); case VICI_CMD_UNKNOWN: case VICI_EVENT_UNKNOWN: - return wait_result(conn, WAIT_FAILED); + return wait_result(conn, WAIT_FAILURE); case VICI_CMD_REQUEST: case VICI_EVENT_REGISTER: case VICI_EVENT_UNREGISTER: @@ -403,7 +403,7 @@ vici_res_t* vici_submit(vici_req_t *req, vici_conn_t *conn) case WAIT_READ_ERROR: errno = conn->error; break; - case WAIT_FAILED: + case WAIT_FAILURE: default: errno = ENOENT; break; @@ -712,7 +712,7 @@ int vici_register(vici_conn_t *conn, char *name, vici_event_cb_t cb, void *user) case WAIT_READ_ERROR: errno = conn->error; break; - case WAIT_FAILED: + case WAIT_FAILURE: default: errno = ENOENT; break; diff --git a/src/libcharon/plugins/vici/suites/test_event.c b/src/libcharon/plugins/vici/suites/test_event.c index 12fd03107..b923ad393 100644 --- a/src/libcharon/plugins/vici/suites/test_event.c +++ b/src/libcharon/plugins/vici/suites/test_event.c @@ -20,7 +20,11 @@ #include <unistd.h> -#define URI "unix:///tmp/strongswan-vici-event-test" +#ifdef WIN32 +# define URI "tcp://127.0.0.1:6543" +#else /* !WIN32 */ +# define URI "unix:///tmp/strongswan-vici-event-test" +#endif /* !WIN32 */ static void event_cb(void *user, char *name, vici_res_t *ev) { diff --git a/src/libcharon/plugins/vici/suites/test_request.c b/src/libcharon/plugins/vici/suites/test_request.c index 8cb11a7ea..8eeb37bc9 100644 --- a/src/libcharon/plugins/vici/suites/test_request.c +++ b/src/libcharon/plugins/vici/suites/test_request.c @@ -20,7 +20,11 @@ #include <unistd.h> -#define URI "unix:///tmp/strongswan-vici-request-test" +#ifdef WIN32 +# define URI "tcp://127.0.0.1:6543" +#else /* !WIN32 */ +# define URI "unix:///tmp/strongswan-vici-request-test" +#endif /* !WIN32 */ static void encode_section(vici_req_t *req) { diff --git a/src/libcharon/plugins/vici/suites/test_socket.c b/src/libcharon/plugins/vici/suites/test_socket.c index 032445bb0..8d545c6c1 100644 --- a/src/libcharon/plugins/vici/suites/test_socket.c +++ b/src/libcharon/plugins/vici/suites/test_socket.c @@ -61,11 +61,13 @@ static struct { { "tcp://127.0.0.1:6543", 2 }, { "tcp://127.0.0.1:6543", 3 }, { "tcp://127.0.0.1:6543", 7 }, +#ifndef WIN32 { "unix:///tmp/strongswan-tests-vici-socket", ~0 }, { "unix:///tmp/strongswan-tests-vici-socket", 1 }, { "unix:///tmp/strongswan-tests-vici-socket", 2 }, { "unix:///tmp/strongswan-tests-vici-socket", 3 }, { "unix:///tmp/strongswan-tests-vici-socket", 7 }, +#endif /* !WIN32 */ }; START_TEST(test_echo) diff --git a/src/libcharon/plugins/vici/vici_config.c b/src/libcharon/plugins/vici/vici_config.c index 3f2fec444..2319bddaf 100644 --- a/src/libcharon/plugins/vici/vici_config.c +++ b/src/libcharon/plugins/vici/vici_config.c @@ -24,7 +24,6 @@ #include <collections/linked_list.h> #include <stdio.h> -#include <netdb.h> /** * Magic value for an undefined lifetime diff --git a/src/libcharon/plugins/vici/vici_dispatcher.h b/src/libcharon/plugins/vici/vici_dispatcher.h index effe5a670..2297a80bd 100644 --- a/src/libcharon/plugins/vici/vici_dispatcher.h +++ b/src/libcharon/plugins/vici/vici_dispatcher.h @@ -29,7 +29,11 @@ typedef enum vici_operation_t vici_operation_t; /** * Default socket URI of vici service */ -#define VICI_DEFAULT_URI "unix://" IPSEC_PIDDIR "/charon.vici" +#ifdef WIN32 +# define VICI_DEFAULT_URI "tcp://127.0.0.1:4502" +#else +# define VICI_DEFAULT_URI "unix://" IPSEC_PIDDIR "/charon.vici" +#endif /** * Kind of vici operation diff --git a/src/libcharon/plugins/vici/vici_query.c b/src/libcharon/plugins/vici/vici_query.c index 9a8e9a4d6..e7c48f4aa 100644 --- a/src/libcharon/plugins/vici/vici_query.c +++ b/src/libcharon/plugins/vici/vici_query.c @@ -17,7 +17,9 @@ #include "vici_builder.h" #include <inttypes.h> +#ifndef WIN32 #include <sys/utsname.h> +#endif #include <daemon.h> @@ -786,7 +788,6 @@ CALLBACK(list_certs, vici_message_t*, CALLBACK(version, vici_message_t*, private_vici_query_t *this, char *name, u_int id, vici_message_t *request) { - struct utsname utsname; vici_builder_t *b; b = vici_builder_create(); @@ -794,13 +795,40 @@ CALLBACK(version, vici_message_t*, b->add_kv(b, "daemon", "%s", lib->ns); b->add_kv(b, "version", "%s", VERSION); - if (uname(&utsname) == 0) +#ifdef WIN32 { - b->add_kv(b, "sysname", "%s", utsname.sysname); - b->add_kv(b, "release", "%s", utsname.release); - b->add_kv(b, "machine", "%s", utsname.machine); + OSVERSIONINFOEX osvie; + + memset(&osvie, 0, sizeof(osvie)); + osvie.dwOSVersionInfoSize = sizeof(osvie); + + if (GetVersionEx((LPOSVERSIONINFO)&osvie)) + { + b->add_kv(b, "sysname", "Windows %s", + osvie.wProductType == VER_NT_WORKSTATION ? "Client" : "Server"); + b->add_kv(b, "release", "%d.%d.%d (SP %d.%d)", + osvie.dwMajorVersion, osvie.dwMinorVersion, osvie.dwBuildNumber, + osvie.wServicePackMajor, osvie.wServicePackMinor); + b->add_kv(b, "machine", "%s", +#ifdef WIN64 + "x86_64"); +#else + "x86"); +#endif /* !WIN64 */ + } } +#else /* !WIN32 */ + { + struct utsname utsname; + if (uname(&utsname) == 0) + { + b->add_kv(b, "sysname", "%s", utsname.sysname); + b->add_kv(b, "release", "%s", utsname.release); + b->add_kv(b, "machine", "%s", utsname.machine); + } + } +#endif /* !WIN32 */ return b->finalize(b); } diff --git a/src/libcharon/plugins/whitelist/Makefile.am b/src/libcharon/plugins/whitelist/Makefile.am index e02b4a041..1fd01c888 100644 --- a/src/libcharon/plugins/whitelist/Makefile.am +++ b/src/libcharon/plugins/whitelist/Makefile.am @@ -5,7 +5,7 @@ AM_CPPFLAGS = \ -DIPSEC_PIDDIR=\"${piddir}\" AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-whitelist.la diff --git a/src/libcharon/plugins/xauth_eap/Makefile.am b/src/libcharon/plugins/xauth_eap/Makefile.am index 21f8d0297..ea75c1581 100644 --- a/src/libcharon/plugins/xauth_eap/Makefile.am +++ b/src/libcharon/plugins/xauth_eap/Makefile.am @@ -4,7 +4,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libcharon AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-xauth-eap.la diff --git a/src/libcharon/plugins/xauth_eap/xauth_eap.c b/src/libcharon/plugins/xauth_eap/xauth_eap.c index f597bb7ae..f21d02697 100644 --- a/src/libcharon/plugins/xauth_eap/xauth_eap.c +++ b/src/libcharon/plugins/xauth_eap/xauth_eap.c @@ -163,11 +163,11 @@ METHOD(xauth_method_t, initiate, status_t, { cp_payload_t *cp; - cp = cp_payload_create_type(CONFIGURATION_V1, CFG_REQUEST); + cp = cp_payload_create_type(PLV1_CONFIGURATION, CFG_REQUEST); cp->add_attribute(cp, configuration_attribute_create_chunk( - CONFIGURATION_ATTRIBUTE_V1, XAUTH_USER_NAME, chunk_empty)); + PLV1_CONFIGURATION_ATTRIBUTE, XAUTH_USER_NAME, chunk_empty)); cp->add_attribute(cp, configuration_attribute_create_chunk( - CONFIGURATION_ATTRIBUTE_V1, XAUTH_USER_PASSWORD, chunk_empty)); + PLV1_CONFIGURATION_ATTRIBUTE, XAUTH_USER_PASSWORD, chunk_empty)); *out = cp; return NEED_MORE; } diff --git a/src/libcharon/plugins/xauth_generic/Makefile.am b/src/libcharon/plugins/xauth_generic/Makefile.am index d48e52ddd..1ecd9fd14 100644 --- a/src/libcharon/plugins/xauth_generic/Makefile.am +++ b/src/libcharon/plugins/xauth_generic/Makefile.am @@ -4,7 +4,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libcharon AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-xauth-generic.la diff --git a/src/libcharon/plugins/xauth_generic/xauth_generic.c b/src/libcharon/plugins/xauth_generic/xauth_generic.c index 5df8aadee..c37da0cb0 100644 --- a/src/libcharon/plugins/xauth_generic/xauth_generic.c +++ b/src/libcharon/plugins/xauth_generic/xauth_generic.c @@ -69,7 +69,7 @@ METHOD(xauth_method_t, process_peer, status_t, } enumerator->destroy(enumerator); - cp = cp_payload_create_type(CONFIGURATION_V1, CFG_REPLY); + cp = cp_payload_create_type(PLV1_CONFIGURATION, CFG_REPLY); enumerator = in->create_attribute_enumerator(in); while (enumerator->enumerate(enumerator, &attr)) @@ -80,7 +80,7 @@ METHOD(xauth_method_t, process_peer, status_t, { case XAUTH_USER_NAME: cp->add_attribute(cp, configuration_attribute_create_chunk( - CONFIGURATION_ATTRIBUTE_V1, XAUTH_USER_NAME, + PLV1_CONFIGURATION_ATTRIBUTE, XAUTH_USER_NAME, this->peer->get_encoding(this->peer))); break; case XAUTH_NEXT_PIN: @@ -99,7 +99,7 @@ METHOD(xauth_method_t, process_peer, status_t, return FAILED; } cp->add_attribute(cp, configuration_attribute_create_chunk( - CONFIGURATION_ATTRIBUTE_V1, attr->get_type(attr), + PLV1_CONFIGURATION_ATTRIBUTE, attr->get_type(attr), shared->get_key(shared))); shared->destroy(shared); break; @@ -118,11 +118,11 @@ METHOD(xauth_method_t, initiate_server, status_t, { cp_payload_t *cp; - cp = cp_payload_create_type(CONFIGURATION_V1, CFG_REQUEST); + cp = cp_payload_create_type(PLV1_CONFIGURATION, CFG_REQUEST); cp->add_attribute(cp, configuration_attribute_create_chunk( - CONFIGURATION_ATTRIBUTE_V1, XAUTH_USER_NAME, chunk_empty)); + PLV1_CONFIGURATION_ATTRIBUTE, XAUTH_USER_NAME, chunk_empty)); cp->add_attribute(cp, configuration_attribute_create_chunk( - CONFIGURATION_ATTRIBUTE_V1, XAUTH_USER_PASSWORD, chunk_empty)); + PLV1_CONFIGURATION_ATTRIBUTE, XAUTH_USER_PASSWORD, chunk_empty)); *out = cp; return NEED_MORE; } diff --git a/src/libcharon/plugins/xauth_noauth/Makefile.am b/src/libcharon/plugins/xauth_noauth/Makefile.am index f1581ba67..3902471fe 100644 --- a/src/libcharon/plugins/xauth_noauth/Makefile.am +++ b/src/libcharon/plugins/xauth_noauth/Makefile.am @@ -4,7 +4,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libcharon AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-xauth-noauth.la diff --git a/src/libcharon/plugins/xauth_pam/Makefile.am b/src/libcharon/plugins/xauth_pam/Makefile.am index 1875f81d3..abf83ca75 100644 --- a/src/libcharon/plugins/xauth_pam/Makefile.am +++ b/src/libcharon/plugins/xauth_pam/Makefile.am @@ -4,7 +4,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libcharon AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-xauth-pam.la diff --git a/src/libcharon/plugins/xauth_pam/xauth_pam.c b/src/libcharon/plugins/xauth_pam/xauth_pam.c index 71c79ecc0..1970146c0 100644 --- a/src/libcharon/plugins/xauth_pam/xauth_pam.c +++ b/src/libcharon/plugins/xauth_pam/xauth_pam.c @@ -43,11 +43,11 @@ METHOD(xauth_method_t, initiate, status_t, { cp_payload_t *cp; - cp = cp_payload_create_type(CONFIGURATION_V1, CFG_REQUEST); + cp = cp_payload_create_type(PLV1_CONFIGURATION, CFG_REQUEST); cp->add_attribute(cp, configuration_attribute_create_chunk( - CONFIGURATION_ATTRIBUTE_V1, XAUTH_USER_NAME, chunk_empty)); + PLV1_CONFIGURATION_ATTRIBUTE, XAUTH_USER_NAME, chunk_empty)); cp->add_attribute(cp, configuration_attribute_create_chunk( - CONFIGURATION_ATTRIBUTE_V1, XAUTH_USER_PASSWORD, chunk_empty)); + PLV1_CONFIGURATION_ATTRIBUTE, XAUTH_USER_PASSWORD, chunk_empty)); *out = cp; return NEED_MORE; } diff --git a/src/libcharon/processing/jobs/process_message_job.c b/src/libcharon/processing/jobs/process_message_job.c index 606135b0b..a6795e766 100644 --- a/src/libcharon/processing/jobs/process_message_job.c +++ b/src/libcharon/processing/jobs/process_message_job.c @@ -51,7 +51,7 @@ METHOD(job_t, execute, job_requeue_t, /* if this is an unencrypted INFORMATIONAL exchange it is likely a * connectivity check. */ if (this->message->get_exchange_type(this->message) == INFORMATIONAL && - this->message->get_first_payload_type(this->message) != ENCRYPTED) + this->message->get_first_payload_type(this->message) != PLV2_ENCRYPTED) { /* theoretically this could also be an error message * see RFC 4306, section 1.5. */ diff --git a/src/libcharon/sa/authenticator.c b/src/libcharon/sa/authenticator.c index a32b6ab12..8571274ac 100644 --- a/src/libcharon/sa/authenticator.c +++ b/src/libcharon/sa/authenticator.c @@ -86,7 +86,7 @@ authenticator_t *authenticator_create_verifier( { auth_payload_t *auth_payload; - auth_payload = (auth_payload_t*)message->get_payload(message, AUTHENTICATION); + auth_payload = (auth_payload_t*)message->get_payload(message, PLV2_AUTH); if (auth_payload == NULL) { return (authenticator_t*)eap_authenticator_create_verifier(ike_sa, diff --git a/src/libcharon/sa/ike_sa_manager.c b/src/libcharon/sa/ike_sa_manager.c index 525117f3b..8e68e7bee 100644 --- a/src/libcharon/sa/ike_sa_manager.c +++ b/src/libcharon/sa/ike_sa_manager.c @@ -971,7 +971,7 @@ static bool get_init_hash(private_ike_sa_manager_t *this, message_t *message, { /* this might be the case when flush() has been called */ return FALSE; } - if (message->get_first_payload_type(message) == FRAGMENT_V1) + if (message->get_first_payload_type(message) == PLV1_FRAGMENT) { /* only hash the source IP, port and SPI for fragmented init messages */ u_int16_t port; u_int64_t spi; @@ -1313,7 +1313,7 @@ METHOD(ike_sa_manager_t, checkout_by_message, ike_sa_t*, ike_id = entry->ike_sa->get_id(entry->ike_sa); entry->checked_out = TRUE; - if (message->get_first_payload_type(message) != FRAGMENT_V1) + if (message->get_first_payload_type(message) != PLV1_FRAGMENT) { entry->processing = get_message_id_or_hash(message); } diff --git a/src/libcharon/sa/ikev1/authenticators/psk_v1_authenticator.c b/src/libcharon/sa/ikev1/authenticators/psk_v1_authenticator.c index ee15408c7..aa966cd5f 100644 --- a/src/libcharon/sa/ikev1/authenticators/psk_v1_authenticator.c +++ b/src/libcharon/sa/ikev1/authenticators/psk_v1_authenticator.c @@ -85,7 +85,7 @@ METHOD(authenticator_t, build, status_t, } free(dh.ptr); - hash_payload = hash_payload_create(HASH_V1); + hash_payload = hash_payload_create(PLV1_HASH); hash_payload->set_hash(hash_payload, hash); message->add_payload(message, &hash_payload->payload_interface); free(hash.ptr); @@ -101,7 +101,7 @@ METHOD(authenticator_t, process, status_t, chunk_t hash, dh; auth_cfg_t *auth; - hash_payload = (hash_payload_t*)message->get_payload(message, HASH_V1); + hash_payload = (hash_payload_t*)message->get_payload(message, PLV1_HASH); if (!hash_payload) { DBG1(DBG_IKE, "HASH payload missing in message"); diff --git a/src/libcharon/sa/ikev1/authenticators/pubkey_v1_authenticator.c b/src/libcharon/sa/ikev1/authenticators/pubkey_v1_authenticator.c index d81c77f0d..bfe5ff449 100644 --- a/src/libcharon/sa/ikev1/authenticators/pubkey_v1_authenticator.c +++ b/src/libcharon/sa/ikev1/authenticators/pubkey_v1_authenticator.c @@ -108,7 +108,7 @@ METHOD(authenticator_t, build, status_t, if (private->sign(private, scheme, hash, &sig)) { - sig_payload = hash_payload_create(SIGNATURE_V1); + sig_payload = hash_payload_create(PLV1_SIGNATURE); sig_payload->set_hash(sig_payload, sig); free(sig.ptr); message->add_payload(message, &sig_payload->payload_interface); @@ -144,7 +144,7 @@ METHOD(authenticator_t, process, status_t, scheme = SIGN_ECDSA_WITH_NULL; } - sig_payload = (hash_payload_t*)message->get_payload(message, SIGNATURE_V1); + sig_payload = (hash_payload_t*)message->get_payload(message, PLV1_SIGNATURE); if (!sig_payload) { DBG1(DBG_IKE, "SIG payload missing in message"); diff --git a/src/libcharon/sa/ikev1/keymat_v1.c b/src/libcharon/sa/ikev1/keymat_v1.c index bf1b0046c..619d197bd 100644 --- a/src/libcharon/sa/ikev1/keymat_v1.c +++ b/src/libcharon/sa/ikev1/keymat_v1.c @@ -791,7 +791,7 @@ METHOD(keymat_v1_t, get_hash, bool, static bool get_nonce(message_t *message, chunk_t *n) { nonce_payload_t *nonce; - nonce = (nonce_payload_t*)message->get_payload(message, NONCE_V1); + nonce = (nonce_payload_t*)message->get_payload(message, PLV1_NONCE); if (nonce) { *n = nonce->get_nonce(nonce); @@ -815,7 +815,7 @@ static chunk_t get_message_data(message_t *message, generator_t *generator) enumerator = message->create_payload_enumerator(message); while (enumerator->enumerate(enumerator, &payload)) { - if (payload->get_type(payload) == HASH_V1) + if (payload->get_type(payload) == PLV1_HASH) { continue; } @@ -835,7 +835,7 @@ static chunk_t get_message_data(message_t *message, generator_t *generator) generator->generate_payload(generator, payload); payload = next; } - payload->set_next_type(payload, NO_PAYLOAD); + payload->set_next_type(payload, PL_NONE); generator->generate_payload(generator, payload); } enumerator->destroy(enumerator); diff --git a/src/libcharon/sa/ikev1/phase1.c b/src/libcharon/sa/ikev1/phase1.c index 1189d3c69..114b8a3e4 100644 --- a/src/libcharon/sa/ikev1/phase1.c +++ b/src/libcharon/sa/ikev1/phase1.c @@ -648,7 +648,7 @@ METHOD(phase1_t, save_sa_payload, bool, enumerator = message->create_payload_enumerator(message); while (enumerator->enumerate(enumerator, &payload)) { - if (payload->get_type(payload) == SECURITY_ASSOCIATION_V1) + if (payload->get_type(payload) == PLV1_SECURITY_ASSOCIATION) { sa = payload; break; @@ -682,7 +682,7 @@ METHOD(phase1_t, add_nonce_ke, bool, nonce_gen_t *nonceg; chunk_t nonce; - ke_payload = ke_payload_create_from_diffie_hellman(KEY_EXCHANGE_V1, this->dh); + ke_payload = ke_payload_create_from_diffie_hellman(PLV1_KEY_EXCHANGE, this->dh); message->add_payload(message, &ke_payload->payload_interface); nonceg = this->keymat->keymat.create_nonce_gen(&this->keymat->keymat); @@ -699,7 +699,7 @@ METHOD(phase1_t, add_nonce_ke, bool, } nonceg->destroy(nonceg); - nonce_payload = nonce_payload_create(NONCE_V1); + nonce_payload = nonce_payload_create(PLV1_NONCE); nonce_payload->set_nonce(nonce_payload, nonce); message->add_payload(message, &nonce_payload->payload_interface); @@ -720,7 +720,7 @@ METHOD(phase1_t, get_nonce_ke, bool, nonce_payload_t *nonce_payload; ke_payload_t *ke_payload; - ke_payload = (ke_payload_t*)message->get_payload(message, KEY_EXCHANGE_V1); + ke_payload = (ke_payload_t*)message->get_payload(message, PLV1_KEY_EXCHANGE); if (!ke_payload) { DBG1(DBG_IKE, "KE payload missing in message"); @@ -729,7 +729,7 @@ METHOD(phase1_t, get_nonce_ke, bool, this->dh_value = chunk_clone(ke_payload->get_key_exchange_data(ke_payload)); this->dh->set_other_public_value(this->dh, this->dh_value); - nonce_payload = (nonce_payload_t*)message->get_payload(message, NONCE_V1); + nonce_payload = (nonce_payload_t*)message->get_payload(message, PLV1_NONCE); if (!nonce_payload) { DBG1(DBG_IKE, "NONCE payload missing in message"); diff --git a/src/libcharon/sa/ikev1/task_manager_v1.c b/src/libcharon/sa/ikev1/task_manager_v1.c index 8fc158bba..97812a5c5 100644 --- a/src/libcharon/sa/ikev1/task_manager_v1.c +++ b/src/libcharon/sa/ikev1/task_manager_v1.c @@ -956,7 +956,7 @@ static void send_notify(private_task_manager_t *this, message_t *request, response->set_request(response, TRUE); response->set_message_id(response, mid); response->add_payload(response, (payload_t*) - notify_payload_create_from_protocol_and_type(NOTIFY_V1, + notify_payload_create_from_protocol_and_type(PLV1_NOTIFY, PROTO_IKE, type)); me = this->ike_sa->get_my_host(this->ike_sa); @@ -1265,7 +1265,7 @@ static status_t handle_fragment(private_task_manager_t *this, message_t *msg) chunk_t data; u_int8_t num; - payload = (fragment_payload_t*)msg->get_payload(msg, FRAGMENT_V1); + payload = (fragment_payload_t*)msg->get_payload(msg, PLV1_FRAGMENT); if (!payload) { return FAILED; @@ -1412,7 +1412,7 @@ static status_t parse_message(private_task_manager_t *this, message_t *msg) } } - if (msg->get_first_payload_type(msg) == FRAGMENT_V1) + if (msg->get_first_payload_type(msg) == PLV1_FRAGMENT) { return handle_fragment(this, msg); } @@ -1514,7 +1514,7 @@ METHOD(task_manager_t, process_message, status_t, { if (this->ike_sa->get_state(this->ike_sa) != IKE_CREATED && this->ike_sa->get_state(this->ike_sa) != IKE_CONNECTING && - msg->get_first_payload_type(msg) != FRAGMENT_V1) + msg->get_first_payload_type(msg) != PLV1_FRAGMENT) { DBG1(DBG_IKE, "ignoring %N in established IKE_SA state", exchange_type_names, msg->get_exchange_type(msg)); diff --git a/src/libcharon/sa/ikev1/tasks/aggressive_mode.c b/src/libcharon/sa/ikev1/tasks/aggressive_mode.c index 6cc3e04b3..7009ae95d 100644 --- a/src/libcharon/sa/ikev1/tasks/aggressive_mode.c +++ b/src/libcharon/sa/ikev1/tasks/aggressive_mode.c @@ -133,7 +133,7 @@ static bool has_notify_errors(private_aggressive_mode_t *this, message_t *messag enumerator = message->create_payload_enumerator(message); while (enumerator->enumerate(enumerator, &payload)) { - if (payload->get_type(payload) == NOTIFY_V1) + if (payload->get_type(payload) == PLV1_NOTIFY) { notify_payload_t *notify; notify_type_t type; @@ -167,7 +167,7 @@ static status_t send_notify(private_aggressive_mode_t *this, notify_type_t type) u_int64_t spi_i, spi_r; chunk_t spi; - notify = notify_payload_create_from_protocol_and_type(NOTIFY_V1, + notify = notify_payload_create_from_protocol_and_type(PLV1_NOTIFY, PROTO_IKE, type); ike_sa_id = this->ike_sa->get_id(this->ike_sa); spi_i = ike_sa_id->get_initiator_spi(ike_sa_id); @@ -276,7 +276,7 @@ METHOD(task_t, build_i, status_t, return FAILED; } this->ike_sa->set_my_id(this->ike_sa, id->clone(id)); - id_payload = id_payload_create_from_identification(ID_V1, id); + id_payload = id_payload_create_from_identification(PLV1_ID, id); this->id_data = id_payload->get_encoded(id_payload); message->add_payload(message, &id_payload->payload_interface); @@ -389,7 +389,7 @@ METHOD(task_t, process_r, status_t, message->get_source(message), TRUE); sa_payload = (sa_payload_t*)message->get_payload(message, - SECURITY_ASSOCIATION_V1); + PLV1_SECURITY_ASSOCIATION); if (!sa_payload) { DBG1(DBG_IKE, "SA payload missing"); @@ -448,7 +448,7 @@ METHOD(task_t, process_r, status_t, return send_notify(this, INVALID_PAYLOAD_TYPE); } - id_payload = (id_payload_t*)message->get_payload(message, ID_V1); + id_payload = (id_payload_t*)message->get_payload(message, PLV1_ID); if (!id_payload) { DBG1(DBG_IKE, "IDii payload missing"); @@ -588,7 +588,7 @@ METHOD(task_t, build_r, status_t, } this->ike_sa->set_my_id(this->ike_sa, id->clone(id)); - id_payload = id_payload_create_from_identification(ID_V1, id); + id_payload = id_payload_create_from_identification(PLV1_ID, id); message->add_payload(message, &id_payload->payload_interface); if (!this->ph1->build_auth(this->ph1, this->method, message, @@ -614,7 +614,7 @@ METHOD(task_t, process_i, status_t, u_int32_t lifetime; sa_payload = (sa_payload_t*)message->get_payload(message, - SECURITY_ASSOCIATION_V1); + PLV1_SECURITY_ASSOCIATION); if (!sa_payload) { DBG1(DBG_IKE, "SA payload missing"); @@ -654,7 +654,7 @@ METHOD(task_t, process_i, status_t, return send_notify(this, NO_PROPOSAL_CHOSEN); } - id_payload = (id_payload_t*)message->get_payload(message, ID_V1); + id_payload = (id_payload_t*)message->get_payload(message, PLV1_ID); if (!id_payload) { DBG1(DBG_IKE, "IDir payload missing"); diff --git a/src/libcharon/sa/ikev1/tasks/informational.c b/src/libcharon/sa/ikev1/tasks/informational.c index bda1d2afb..b742dbef9 100644 --- a/src/libcharon/sa/ikev1/tasks/informational.c +++ b/src/libcharon/sa/ikev1/tasks/informational.c @@ -93,7 +93,7 @@ METHOD(task_t, process_r, status_t, { switch (payload->get_type(payload)) { - case NOTIFY_V1: + case PLV1_NOTIFY: notify = (notify_payload_t*)payload; type = notify->get_notify_type(notify); @@ -153,7 +153,7 @@ METHOD(task_t, process_r, status_t, notify_type_names, type); } continue; - case DELETE_V1: + case PLV1_DELETE: if (!this->del) { delete = (delete_payload_t*)payload; diff --git a/src/libcharon/sa/ikev1/tasks/isakmp_cert_post.c b/src/libcharon/sa/ikev1/tasks/isakmp_cert_post.c index edad3b2fa..7dbbdc92f 100644 --- a/src/libcharon/sa/ikev1/tasks/isakmp_cert_post.c +++ b/src/libcharon/sa/ikev1/tasks/isakmp_cert_post.c @@ -68,7 +68,7 @@ static bool use_certs(private_isakmp_cert_post_t *this, message_t *message) enumerator = message->create_payload_enumerator(message); while (enumerator->enumerate(enumerator, &payload)) { - if (payload->get_type(payload) == SECURITY_ASSOCIATION_V1) + if (payload->get_type(payload) == PLV1_SECURITY_ASSOCIATION) { sa_payload_t *sa_payload = (sa_payload_t*)payload; @@ -132,7 +132,7 @@ static void build_certs(private_isakmp_cert_post_t *this, message_t *message) { break; } - payload = cert_payload_create_from_cert(CERTIFICATE_V1, cert); + payload = cert_payload_create_from_cert(PLV1_CERTIFICATE, cert); if (!payload) { break; @@ -146,7 +146,7 @@ static void build_certs(private_isakmp_cert_post_t *this, message_t *message) { if (type == AUTH_RULE_IM_CERT) { - payload = cert_payload_create_from_cert(CERTIFICATE_V1, cert); + payload = cert_payload_create_from_cert(PLV1_CERTIFICATE, cert); if (payload) { DBG1(DBG_IKE, "sending issuer cert \"%Y\"", diff --git a/src/libcharon/sa/ikev1/tasks/isakmp_cert_pre.c b/src/libcharon/sa/ikev1/tasks/isakmp_cert_pre.c index 43a0aaa36..58f856e3f 100644 --- a/src/libcharon/sa/ikev1/tasks/isakmp_cert_pre.c +++ b/src/libcharon/sa/ikev1/tasks/isakmp_cert_pre.c @@ -134,7 +134,7 @@ static void process_certreqs(private_isakmp_cert_pre_t *this, message_t *message { switch (payload->get_type(payload)) { - case CERTIFICATE_REQUEST_V1: + case PLV1_CERTREQ: { certificate_t *cert; @@ -268,7 +268,7 @@ static void process_certs(private_isakmp_cert_pre_t *this, message_t *message) enumerator = message->create_payload_enumerator(message); while (enumerator->enumerate(enumerator, &payload)) { - if (payload->get_type(payload) == CERTIFICATE_V1) + if (payload->get_type(payload) == PLV1_CERTIFICATE) { cert_payload_t *cert_payload; cert_encoding_t encoding; @@ -377,7 +377,7 @@ static void build_certreqs(private_isakmp_cert_pre_t *this, message_t *message) } enumerator->destroy(enumerator); } - if (!message->get_payload(message, CERTIFICATE_REQUEST_V1)) + if (!message->get_payload(message, PLV1_CERTREQ)) { /* otherwise add all trusted CA certificates */ enumerator = lib->credmgr->create_cert_enumerator(lib->credmgr, @@ -402,7 +402,7 @@ static bool use_certs(private_isakmp_cert_pre_t *this, message_t *message) enumerator = message->create_payload_enumerator(message); while (enumerator->enumerate(enumerator, &payload)) { - if (payload->get_type(payload) == SECURITY_ASSOCIATION_V1) + if (payload->get_type(payload) == PLV1_SECURITY_ASSOCIATION) { sa_payload_t *sa_payload = (sa_payload_t*)payload; diff --git a/src/libcharon/sa/ikev1/tasks/isakmp_delete.c b/src/libcharon/sa/ikev1/tasks/isakmp_delete.c index a44f3c4a9..bea0428c4 100644 --- a/src/libcharon/sa/ikev1/tasks/isakmp_delete.c +++ b/src/libcharon/sa/ikev1/tasks/isakmp_delete.c @@ -50,7 +50,7 @@ METHOD(task_t, build_i, status_t, this->ike_sa->get_other_host(this->ike_sa), this->ike_sa->get_other_id(this->ike_sa)); - delete_payload = delete_payload_create(DELETE_V1, PROTO_IKE); + delete_payload = delete_payload_create(PLV1_DELETE, PROTO_IKE); id = this->ike_sa->get_id(this->ike_sa); delete_payload->set_ike_spi(delete_payload, id->get_initiator_spi(id), id->get_responder_spi(id)); diff --git a/src/libcharon/sa/ikev1/tasks/isakmp_dpd.c b/src/libcharon/sa/ikev1/tasks/isakmp_dpd.c index a3395a043..5522e9221 100644 --- a/src/libcharon/sa/ikev1/tasks/isakmp_dpd.c +++ b/src/libcharon/sa/ikev1/tasks/isakmp_dpd.c @@ -55,7 +55,7 @@ METHOD(task_t, build, status_t, u_int32_t seqnr; chunk_t spi; - notify = notify_payload_create_from_protocol_and_type(NOTIFY_V1, + notify = notify_payload_create_from_protocol_and_type(PLV1_NOTIFY, PROTO_IKE, this->type); seqnr = htonl(this->seqnr); ike_sa_id = this->ike_sa->get_id(this->ike_sa); diff --git a/src/libcharon/sa/ikev1/tasks/isakmp_natd.c b/src/libcharon/sa/ikev1/tasks/isakmp_natd.c index fc6ac0771..b8af6f67b 100644 --- a/src/libcharon/sa/ikev1/tasks/isakmp_natd.c +++ b/src/libcharon/sa/ikev1/tasks/isakmp_natd.c @@ -117,9 +117,9 @@ static payload_type_t get_nat_d_payload_type(ike_sa_t *ike_sa) { if (ike_sa->supports_extension(ike_sa, EXT_NATT_DRAFT_02_03)) { - return NAT_D_DRAFT_00_03_V1; + return PLV1_NAT_D_DRAFT_00_03; } - return NAT_D_V1; + return PLV1_NAT_D; } /** @@ -269,8 +269,8 @@ static void process_payloads(private_isakmp_natd_t *this, message_t *message) enumerator = message->create_payload_enumerator(message); while (enumerator->enumerate(enumerator, &payload)) { - if (payload->get_type(payload) != NAT_D_V1 && - payload->get_type(payload) != NAT_D_DRAFT_00_03_V1) + if (payload->get_type(payload) != PLV1_NAT_D && + payload->get_type(payload) != PLV1_NAT_D_DRAFT_00_03) { continue; } @@ -334,7 +334,7 @@ METHOD(task_t, build_i, status_t, case ID_PROT: { /* add NAT-D payloads to the second request, need to process * those by the responder contained in the second response */ - if (message->get_payload(message, SECURITY_ASSOCIATION_V1)) + if (message->get_payload(message, PLV1_SECURITY_ASSOCIATION)) { /* wait for the second exchange */ return NEED_MORE; } @@ -362,7 +362,7 @@ METHOD(task_t, process_i, status_t, case ID_PROT: { /* process NAT-D payloads in the second response, added them in the * second request already, so we're done afterwards */ - if (message->get_payload(message, SECURITY_ASSOCIATION_V1)) + if (message->get_payload(message, PLV1_SECURITY_ASSOCIATION)) { /* wait for the second exchange */ return NEED_MORE; } @@ -407,7 +407,7 @@ METHOD(task_t, process_r, status_t, case ID_PROT: { /* process NAT-D payloads in the second request, need to add ours * to the second response */ - if (message->get_payload(message, SECURITY_ASSOCIATION_V1)) + if (message->get_payload(message, PLV1_SECURITY_ASSOCIATION)) { /* wait for the second exchange */ return NEED_MORE; } @@ -428,7 +428,7 @@ METHOD(task_t, build_r, status_t, case ID_PROT: { /* add NAT-D payloads to second response, already processed those * contained in the second request */ - if (message->get_payload(message, SECURITY_ASSOCIATION_V1)) + if (message->get_payload(message, PLV1_SECURITY_ASSOCIATION)) { /* wait for the second exchange */ return NEED_MORE; } diff --git a/src/libcharon/sa/ikev1/tasks/isakmp_vendor.c b/src/libcharon/sa/ikev1/tasks/isakmp_vendor.c index e07ac0ab4..426c4bd69 100644 --- a/src/libcharon/sa/ikev1/tasks/isakmp_vendor.c +++ b/src/libcharon/sa/ikev1/tasks/isakmp_vendor.c @@ -209,7 +209,7 @@ static void build(private_isakmp_vendor_t *this, message_t *message) (vendor_ids[i].extension == EXT_IKE_FRAGMENTATION && fragmentation)) { DBG2(DBG_IKE, "sending %s vendor ID", vendor_ids[i].desc); - vid_payload = vendor_id_payload_create_data(VENDOR_ID_V1, + vid_payload = vendor_id_payload_create_data(PLV1_VENDOR_ID, chunk_clone(chunk_create(vendor_ids[i].id, vendor_ids[i].len))); message->add_payload(message, &vid_payload->payload_interface); } @@ -220,7 +220,7 @@ static void build(private_isakmp_vendor_t *this, message_t *message) this->best_natt_ext == i) { DBG2(DBG_IKE, "sending %s vendor ID", vendor_natt_ids[i].desc); - vid_payload = vendor_id_payload_create_data(VENDOR_ID_V1, + vid_payload = vendor_id_payload_create_data(PLV1_VENDOR_ID, chunk_clone(chunk_create(vendor_natt_ids[i].id, vendor_natt_ids[i].len))); message->add_payload(message, &vid_payload->payload_interface); @@ -240,7 +240,7 @@ static void process(private_isakmp_vendor_t *this, message_t *message) enumerator = message->create_payload_enumerator(message); while (enumerator->enumerate(enumerator, &payload)) { - if (payload->get_type(payload) == VENDOR_ID_V1) + if (payload->get_type(payload) == PLV1_VENDOR_ID) { vendor_id_payload_t *vid; bool found = FALSE; diff --git a/src/libcharon/sa/ikev1/tasks/main_mode.c b/src/libcharon/sa/ikev1/tasks/main_mode.c index 81638169a..8a5d9ae16 100644 --- a/src/libcharon/sa/ikev1/tasks/main_mode.c +++ b/src/libcharon/sa/ikev1/tasks/main_mode.c @@ -130,7 +130,7 @@ static bool has_notify_errors(private_main_mode_t *this, message_t *message) enumerator = message->create_payload_enumerator(message); while (enumerator->enumerate(enumerator, &payload)) { - if (payload->get_type(payload) == NOTIFY_V1) + if (payload->get_type(payload) == PLV1_NOTIFY) { notify_payload_t *notify; notify_type_t type; @@ -176,7 +176,7 @@ static status_t send_notify(private_main_mode_t *this, notify_type_t type) u_int64_t spi_i, spi_r; chunk_t spi; - notify = notify_payload_create_from_protocol_and_type(NOTIFY_V1, + notify = notify_payload_create_from_protocol_and_type(PLV1_NOTIFY, PROTO_IKE, type); ike_sa_id = this->ike_sa->get_id(this->ike_sa); spi_i = ike_sa_id->get_initiator_spi(ike_sa_id); @@ -302,7 +302,7 @@ METHOD(task_t, build_i, status_t, return send_notify(this, INVALID_ID_INFORMATION); } this->ike_sa->set_my_id(this->ike_sa, id->clone(id)); - id_payload = id_payload_create_from_identification(ID_V1, id); + id_payload = id_payload_create_from_identification(PLV1_ID, id); message->add_payload(message, &id_payload->payload_interface); if (!this->ph1->build_auth(this->ph1, this->method, message, @@ -340,7 +340,7 @@ METHOD(task_t, process_r, status_t, message->get_source(message), TRUE); sa_payload = (sa_payload_t*)message->get_payload(message, - SECURITY_ASSOCIATION_V1); + PLV1_SECURITY_ASSOCIATION); if (!sa_payload) { DBG1(DBG_IKE, "SA payload missing"); @@ -401,7 +401,7 @@ METHOD(task_t, process_r, status_t, id_payload_t *id_payload; identification_t *id; - id_payload = (id_payload_t*)message->get_payload(message, ID_V1); + id_payload = (id_payload_t*)message->get_payload(message, PLV1_ID); if (!id_payload) { DBG1(DBG_IKE, "IDii payload missing"); @@ -488,7 +488,7 @@ METHOD(task_t, build_r, status_t, } this->ike_sa->set_my_id(this->ike_sa, id->clone(id)); - id_payload = id_payload_create_from_identification(ID_V1, id); + id_payload = id_payload_create_from_identification(PLV1_ID, id); message->add_payload(message, &id_payload->payload_interface); if (!this->ph1->build_auth(this->ph1, this->method, message, @@ -575,7 +575,7 @@ METHOD(task_t, process_i, status_t, bool private; sa_payload = (sa_payload_t*)message->get_payload(message, - SECURITY_ASSOCIATION_V1); + PLV1_SECURITY_ASSOCIATION); if (!sa_payload) { DBG1(DBG_IKE, "SA payload missing"); @@ -627,7 +627,7 @@ METHOD(task_t, process_i, status_t, id_payload_t *id_payload; identification_t *id, *cid; - id_payload = (id_payload_t*)message->get_payload(message, ID_V1); + id_payload = (id_payload_t*)message->get_payload(message, PLV1_ID); if (!id_payload) { DBG1(DBG_IKE, "IDir payload missing"); diff --git a/src/libcharon/sa/ikev1/tasks/mode_config.c b/src/libcharon/sa/ikev1/tasks/mode_config.c index 17fe02538..55fb390ce 100644 --- a/src/libcharon/sa/ikev1/tasks/mode_config.c +++ b/src/libcharon/sa/ikev1/tasks/mode_config.c @@ -107,7 +107,7 @@ static configuration_attribute_t *build_vip(host_t *vip) chunk = chunk_cata("cc", chunk, prefix); } } - return configuration_attribute_create_chunk(CONFIGURATION_ATTRIBUTE_V1, + return configuration_attribute_create_chunk(PLV1_CONFIGURATION_ATTRIBUTE, type, chunk); } @@ -222,7 +222,7 @@ static void process_payloads(private_mode_config_t *this, message_t *message) enumerator = message->create_payload_enumerator(message); while (enumerator->enumerate(enumerator, &payload)) { - if (payload->get_type(payload) == CONFIGURATION_V1) + if (payload->get_type(payload) == PLV1_CONFIGURATION) { cp_payload_t *cp = (cp_payload_t*)payload; configuration_attribute_t *ca; @@ -273,7 +273,7 @@ static void add_attribute(private_mode_config_t *this, cp_payload_t *cp, entry_t *entry; cp->add_attribute(cp, - configuration_attribute_create_chunk(CONFIGURATION_ATTRIBUTE_V1, + configuration_attribute_create_chunk(PLV1_CONFIGURATION_ATTRIBUTE, type, data)); INIT(entry, .type = type, @@ -296,7 +296,7 @@ static status_t build_request(private_mode_config_t *this, message_t *message) linked_list_t *vips; host_t *host; - cp = cp_payload_create_type(CONFIGURATION_V1, CFG_REQUEST); + cp = cp_payload_create_type(PLV1_CONFIGURATION, CFG_REQUEST); vips = linked_list_create(); @@ -360,7 +360,7 @@ static status_t build_set(private_mode_config_t *this, message_t *message) host_t *any4, *any6, *found; char *name; - cp = cp_payload_create_type(CONFIGURATION_V1, CFG_SET); + cp = cp_payload_create_type(PLV1_CONFIGURATION, CFG_SET); id = this->ike_sa->get_other_eap_id(this->ike_sa); config = this->ike_sa->get_peer_cfg(this->ike_sa); @@ -470,7 +470,7 @@ static status_t build_reply(private_mode_config_t *this, message_t *message) linked_list_t *vips, *pools; host_t *requested; - cp = cp_payload_create_type(CONFIGURATION_V1, CFG_REPLY); + cp = cp_payload_create_type(PLV1_CONFIGURATION, CFG_REPLY); id = this->ike_sa->get_other_eap_id(this->ike_sa); config = this->ike_sa->get_peer_cfg(this->ike_sa); @@ -511,7 +511,7 @@ static status_t build_reply(private_mode_config_t *this, message_t *message) while (enumerator->enumerate(enumerator, &type, &value)) { cp->add_attribute(cp, - configuration_attribute_create_chunk(CONFIGURATION_ATTRIBUTE_V1, + configuration_attribute_create_chunk(PLV1_CONFIGURATION_ATTRIBUTE, type, value)); } enumerator->destroy(enumerator); @@ -535,7 +535,7 @@ static status_t build_ack(private_mode_config_t *this, message_t *message) configuration_attribute_type_t type; entry_t *entry; - cp = cp_payload_create_type(CONFIGURATION_V1, CFG_ACK); + cp = cp_payload_create_type(PLV1_CONFIGURATION, CFG_ACK); /* return empty attributes for installed IPs */ @@ -552,7 +552,7 @@ static status_t build_ack(private_mode_config_t *this, message_t *message) type = INTERNAL_IP4_ADDRESS; } cp->add_attribute(cp, configuration_attribute_create_chunk( - CONFIGURATION_ATTRIBUTE_V1, type, chunk_empty)); + PLV1_CONFIGURATION_ATTRIBUTE, type, chunk_empty)); } enumerator->destroy(enumerator); @@ -560,7 +560,7 @@ static status_t build_ack(private_mode_config_t *this, message_t *message) while (enumerator->enumerate(enumerator, &entry)) { cp->add_attribute(cp, - configuration_attribute_create_chunk(CONFIGURATION_ATTRIBUTE_V1, + configuration_attribute_create_chunk(PLV1_CONFIGURATION_ATTRIBUTE, entry->type, chunk_empty)); } enumerator->destroy(enumerator); diff --git a/src/libcharon/sa/ikev1/tasks/quick_delete.c b/src/libcharon/sa/ikev1/tasks/quick_delete.c index 605c10cea..499081caa 100644 --- a/src/libcharon/sa/ikev1/tasks/quick_delete.c +++ b/src/libcharon/sa/ikev1/tasks/quick_delete.c @@ -177,7 +177,7 @@ METHOD(task_t, build_i, status_t, DBG1(DBG_IKE, "sending DELETE for %N CHILD_SA with SPI %.8x", protocol_id_names, this->protocol, ntohl(this->spi)); - delete_payload = delete_payload_create(DELETE_V1, this->protocol); + delete_payload = delete_payload_create(PLV1_DELETE, this->protocol); delete_payload->add_spi(delete_payload, this->spi); message->add_payload(message, &delete_payload->payload_interface); @@ -205,7 +205,7 @@ METHOD(task_t, process_r, status_t, payloads = message->create_payload_enumerator(message); while (payloads->enumerate(payloads, &payload)) { - if (payload->get_type(payload) == DELETE_V1) + if (payload->get_type(payload) == PLV1_DELETE) { delete_payload = (delete_payload_t*)payload; protocol = delete_payload->get_protocol_id(delete_payload); diff --git a/src/libcharon/sa/ikev1/tasks/quick_mode.c b/src/libcharon/sa/ikev1/tasks/quick_mode.c index 74b5c453a..e6273682d 100644 --- a/src/libcharon/sa/ikev1/tasks/quick_mode.c +++ b/src/libcharon/sa/ikev1/tasks/quick_mode.c @@ -427,7 +427,7 @@ static bool add_nonce(private_quick_mode_t *this, chunk_t *nonce, } nonceg->destroy(nonceg); - nonce_payload = nonce_payload_create(NONCE_V1); + nonce_payload = nonce_payload_create(PLV1_NONCE); nonce_payload->set_nonce(nonce_payload, *nonce); message->add_payload(message, &nonce_payload->payload_interface); @@ -442,7 +442,7 @@ static bool get_nonce(private_quick_mode_t *this, chunk_t *nonce, { nonce_payload_t *nonce_payload; - nonce_payload = (nonce_payload_t*)message->get_payload(message, NONCE_V1); + nonce_payload = (nonce_payload_t*)message->get_payload(message, PLV1_NONCE); if (!nonce_payload) { DBG1(DBG_IKE, "NONCE payload missing in message"); @@ -460,7 +460,7 @@ static void add_ke(private_quick_mode_t *this, message_t *message) { ke_payload_t *ke_payload; - ke_payload = ke_payload_create_from_diffie_hellman(KEY_EXCHANGE_V1, this->dh); + ke_payload = ke_payload_create_from_diffie_hellman(PLV1_KEY_EXCHANGE, this->dh); message->add_payload(message, &ke_payload->payload_interface); } @@ -471,7 +471,7 @@ static bool get_ke(private_quick_mode_t *this, message_t *message) { ke_payload_t *ke_payload; - ke_payload = (ke_payload_t*)message->get_payload(message, KEY_EXCHANGE_V1); + ke_payload = (ke_payload_t*)message->get_payload(message, PLV1_KEY_EXCHANGE); if (!ke_payload) { DBG1(DBG_IKE, "KE payload missing"); @@ -537,7 +537,7 @@ static bool get_ts(private_quick_mode_t *this, message_t *message) enumerator = message->create_payload_enumerator(message); while (enumerator->enumerate(enumerator, &payload)) { - if (payload->get_type(payload) == ID_V1) + if (payload->get_type(payload) == PLV1_ID) { id_payload = (id_payload_t*)payload; @@ -640,9 +640,9 @@ static payload_type_t get_nat_oa_payload_type(ike_sa_t *ike_sa) { if (ike_sa->supports_extension(ike_sa, EXT_NATT_DRAFT_02_03)) { - return NAT_OA_DRAFT_00_03_V1; + return PLV1_NAT_OA_DRAFT_00_03; } - return NAT_OA_V1; + return PLV1_NAT_OA; } /** @@ -726,7 +726,7 @@ static status_t send_notify(private_quick_mode_t *this, notify_type_t type) { notify_payload_t *notify; - notify = notify_payload_create_from_protocol_and_type(NOTIFY_V1, + notify = notify_payload_create_from_protocol_and_type(PLV1_NOTIFY, this->proto, type); notify->set_spi(notify, this->spi_i); @@ -917,7 +917,7 @@ static bool has_notify_errors(private_quick_mode_t *this, message_t *message) enumerator = message->create_payload_enumerator(message); while (enumerator->enumerate(enumerator, &payload)) { - if (payload->get_type(payload) == NOTIFY_V1) + if (payload->get_type(payload) == PLV1_NOTIFY) { notify_payload_t *notify; notify_type_t type; @@ -1000,7 +1000,7 @@ METHOD(task_t, process_r, status_t, bool private; sa_payload = (sa_payload_t*)message->get_payload(message, - SECURITY_ASSOCIATION_V1); + PLV1_SECURITY_ASSOCIATION); if (!sa_payload) { DBG1(DBG_IKE, "sa payload missing"); @@ -1215,7 +1215,7 @@ METHOD(task_t, process_i, status_t, bool private; sa_payload = (sa_payload_t*)message->get_payload(message, - SECURITY_ASSOCIATION_V1); + PLV1_SECURITY_ASSOCIATION); if (!sa_payload) { DBG1(DBG_IKE, "sa payload missing"); diff --git a/src/libcharon/sa/ikev1/tasks/xauth.c b/src/libcharon/sa/ikev1/tasks/xauth.c index f5555ecd2..9329dab5e 100644 --- a/src/libcharon/sa/ikev1/tasks/xauth.c +++ b/src/libcharon/sa/ikev1/tasks/xauth.c @@ -277,7 +277,7 @@ METHOD(task_t, build_i_status, status_t, { cp_payload_t *cp; - cp = cp_payload_create_type(CONFIGURATION_V1, CFG_SET); + cp = cp_payload_create_type(PLV1_CONFIGURATION, CFG_SET); cp->add_attribute(cp, configuration_attribute_create_value(XAUTH_STATUS, this->status)); @@ -291,7 +291,7 @@ METHOD(task_t, process_i_status, status_t, { cp_payload_t *cp; - cp = (cp_payload_t*)message->get_payload(message, CONFIGURATION_V1); + cp = (cp_payload_t*)message->get_payload(message, PLV1_CONFIGURATION); if (!cp || cp->get_type(cp) != CFG_ACK) { DBG1(DBG_IKE, "received invalid XAUTH status response"); @@ -354,11 +354,11 @@ METHOD(task_t, build_r_ack, status_t, { cp_payload_t *cp; - cp = cp_payload_create_type(CONFIGURATION_V1, CFG_ACK); + cp = cp_payload_create_type(PLV1_CONFIGURATION, CFG_ACK); cp->set_identifier(cp, this->identifier); cp->add_attribute(cp, configuration_attribute_create_chunk( - CONFIGURATION_ATTRIBUTE_V1, XAUTH_STATUS, chunk_empty)); + PLV1_CONFIGURATION_ATTRIBUTE, XAUTH_STATUS, chunk_empty)); message->add_payload(message, (payload_t *)cp); @@ -382,7 +382,7 @@ METHOD(task_t, process_r, status_t, return NEED_MORE; } } - cp = (cp_payload_t*)message->get_payload(message, CONFIGURATION_V1); + cp = (cp_payload_t*)message->get_payload(message, PLV1_CONFIGURATION); if (!cp) { DBG1(DBG_IKE, "configuration payload missing in XAuth request"); @@ -438,7 +438,7 @@ METHOD(task_t, build_r, status_t, { if (!this->cp) { /* send empty reply if building data failed */ - this->cp = cp_payload_create_type(CONFIGURATION_V1, CFG_REPLY); + this->cp = cp_payload_create_type(PLV1_CONFIGURATION, CFG_REPLY); } message->add_payload(message, (payload_t *)this->cp); this->cp = NULL; @@ -451,7 +451,7 @@ METHOD(task_t, process_i, status_t, identification_t *id; cp_payload_t *cp; - cp = (cp_payload_t*)message->get_payload(message, CONFIGURATION_V1); + cp = (cp_payload_t*)message->get_payload(message, PLV1_CONFIGURATION); if (!cp) { DBG1(DBG_IKE, "configuration payload missing in XAuth response"); diff --git a/src/libcharon/sa/ikev2/authenticators/eap_authenticator.c b/src/libcharon/sa/ikev2/authenticators/eap_authenticator.c index b8359cc88..eed6d1996 100644 --- a/src/libcharon/sa/ikev2/authenticators/eap_authenticator.c +++ b/src/libcharon/sa/ikev2/authenticators/eap_authenticator.c @@ -450,7 +450,7 @@ static bool verify_auth(private_eap_authenticator_t *this, message_t *message, keymat_v2_t *keymat; auth_payload = (auth_payload_t*)message->get_payload(message, - AUTHENTICATION); + PLV2_AUTH); if (!auth_payload) { DBG1(DBG_IKE, "AUTH payload missing"); @@ -532,7 +532,7 @@ METHOD(authenticator_t, process_server, status_t, else { eap_payload = (eap_payload_t*)message->get_payload(message, - EXTENSIBLE_AUTHENTICATION); + PLV2_EAP); if (!eap_payload) { return FAILED; @@ -590,7 +590,7 @@ METHOD(authenticator_t, process_client, status_t, } eap_payload = (eap_payload_t*)message->get_payload(message, - EXTENSIBLE_AUTHENTICATION); + PLV2_EAP); if (eap_payload) { switch (eap_payload->get_code(eap_payload)) diff --git a/src/libcharon/sa/ikev2/authenticators/psk_authenticator.c b/src/libcharon/sa/ikev2/authenticators/psk_authenticator.c index 997efe359..c6a4b6ba4 100644 --- a/src/libcharon/sa/ikev2/authenticators/psk_authenticator.c +++ b/src/libcharon/sa/ikev2/authenticators/psk_authenticator.c @@ -103,7 +103,7 @@ METHOD(authenticator_t, process, status_t, int keys_found = 0; keymat_v2_t *keymat; - auth_payload = (auth_payload_t*)message->get_payload(message, AUTHENTICATION); + auth_payload = (auth_payload_t*)message->get_payload(message, PLV2_AUTH); if (!auth_payload) { return FAILED; diff --git a/src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c b/src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c index 5ceff40ba..6fb14bc06 100644 --- a/src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c +++ b/src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c @@ -147,7 +147,7 @@ METHOD(authenticator_t, process, status_t, status_t status = NOT_FOUND; keymat_v2_t *keymat; - auth_payload = (auth_payload_t*)message->get_payload(message, AUTHENTICATION); + auth_payload = (auth_payload_t*)message->get_payload(message, PLV2_AUTH); if (!auth_payload) { return FAILED; diff --git a/src/libcharon/sa/ikev2/connect_manager.c b/src/libcharon/sa/ikev2/connect_manager.c index c4e5ea7a0..161c4fdaf 100644 --- a/src/libcharon/sa/ikev2/connect_manager.c +++ b/src/libcharon/sa/ikev2/connect_manager.c @@ -748,7 +748,7 @@ static status_t process_payloads(message_t *message, check_t *check) enumerator = message->create_payload_enumerator(message); while (enumerator->enumerate(enumerator, &payload)) { - if (payload->get_type(payload) != NOTIFY) + if (payload->get_type(payload) != PLV2_NOTIFY) { DBG1(DBG_IKE, "ignoring payload of type '%N' while processing " "connectivity check", payload_type_names, diff --git a/src/libcharon/sa/ikev2/task_manager_v2.c b/src/libcharon/sa/ikev2/task_manager_v2.c index a5252ab70..ada798bdc 100644 --- a/src/libcharon/sa/ikev2/task_manager_v2.c +++ b/src/libcharon/sa/ikev2/task_manager_v2.c @@ -792,7 +792,7 @@ static status_t process_request(private_task_manager_t *this, { switch (payload->get_type(payload)) { - case NOTIFY: + case PLV2_NOTIFY: { /* if we find a rekey notify, its CHILD_SA rekeying */ notify = (notify_payload_t*)payload; if (notify->get_notify_type(notify) == REKEY_SA && @@ -803,8 +803,8 @@ static status_t process_request(private_task_manager_t *this, } break; } - case TRAFFIC_SELECTOR_INITIATOR: - case TRAFFIC_SELECTOR_RESPONDER: + case PLV2_TS_INITIATOR: + case PLV2_TS_RESPONDER: { /* if we don't find a TS, its IKE rekeying */ ts_found = TRUE; break; @@ -842,7 +842,7 @@ static status_t process_request(private_task_manager_t *this, { switch (payload->get_type(payload)) { - case NOTIFY: + case PLV2_NOTIFY: { notify = (notify_payload_t*)payload; switch (notify->get_notify_type(notify)) @@ -875,7 +875,7 @@ static status_t process_request(private_task_manager_t *this, } break; } - case DELETE: + case PLV2_DELETE: { delete = (delete_payload_t*)payload; if (delete->get_protocol_id(delete) == PROTO_IKE) diff --git a/src/libcharon/sa/ikev2/tasks/child_create.c b/src/libcharon/sa/ikev2/tasks/child_create.c index 35b7e12c9..a1f01c276 100644 --- a/src/libcharon/sa/ikev2/tasks/child_create.c +++ b/src/libcharon/sa/ikev2/tasks/child_create.c @@ -187,7 +187,7 @@ static status_t get_nonce(message_t *message, chunk_t *nonce) { nonce_payload_t *payload; - payload = (nonce_payload_t*)message->get_payload(message, NONCE); + payload = (nonce_payload_t*)message->get_payload(message, PLV2_NONCE); if (payload == NULL) { return FAILED; @@ -731,7 +731,7 @@ static void build_payloads(private_child_create_t *this, message_t *message) /* add nonce payload if not in IKE_AUTH */ if (message->get_exchange_type(message) == CREATE_CHILD_SA) { - nonce_payload = nonce_payload_create(NONCE); + nonce_payload = nonce_payload_create(PLV2_NONCE); nonce_payload->set_nonce(nonce_payload, this->my_nonce); message->add_payload(message, (payload_t*)nonce_payload); } @@ -739,7 +739,7 @@ static void build_payloads(private_child_create_t *this, message_t *message) /* diffie hellman exchange, if PFS enabled */ if (this->dh) { - ke_payload = ke_payload_create_from_diffie_hellman(KEY_EXCHANGE, + ke_payload = ke_payload_create_from_diffie_hellman(PLV2_KEY_EXCHANGE, this->dh); message->add_payload(message, (payload_t*)ke_payload); } @@ -866,11 +866,11 @@ static void process_payloads(private_child_create_t *this, message_t *message) { switch (payload->get_type(payload)) { - case SECURITY_ASSOCIATION: + case PLV2_SECURITY_ASSOCIATION: sa_payload = (sa_payload_t*)payload; this->proposals = sa_payload->get_proposals(sa_payload); break; - case KEY_EXCHANGE: + case PLV2_KEY_EXCHANGE: ke_payload = (ke_payload_t*)payload; if (!this->initiator) { @@ -884,15 +884,15 @@ static void process_payloads(private_child_create_t *this, message_t *message) ke_payload->get_key_exchange_data(ke_payload)); } break; - case TRAFFIC_SELECTOR_INITIATOR: + case PLV2_TS_INITIATOR: ts_payload = (ts_payload_t*)payload; this->tsi = ts_payload->get_traffic_selectors(ts_payload); break; - case TRAFFIC_SELECTOR_RESPONDER: + case PLV2_TS_RESPONDER: ts_payload = (ts_payload_t*)payload; this->tsr = ts_payload->get_traffic_selectors(ts_payload); break; - case NOTIFY: + case PLV2_NOTIFY: handle_notify(this, (notify_payload_t*)payload); break; default: @@ -1217,7 +1217,7 @@ METHOD(task_t, build_r, status_t, enumerator = message->create_payload_enumerator(message); while (enumerator->enumerate(enumerator, &payload)) { - if (payload->get_type(payload) == NOTIFY) + if (payload->get_type(payload) == PLV2_NOTIFY) { notify_payload_t *notify = (notify_payload_t*)payload; @@ -1319,7 +1319,7 @@ METHOD(task_t, build_i_delete, status_t, proto = this->proposal->get_protocol(this->proposal); spi = this->child_sa->get_spi(this->child_sa, TRUE); - del = delete_payload_create(DELETE, proto); + del = delete_payload_create(PLV2_DELETE, proto); del->add_spi(del, spi); message->add_payload(message, (payload_t*)del); @@ -1368,7 +1368,7 @@ METHOD(task_t, process_i, status_t, enumerator = message->create_payload_enumerator(message); while (enumerator->enumerate(enumerator, &payload)) { - if (payload->get_type(payload) == NOTIFY) + if (payload->get_type(payload) == PLV2_NOTIFY) { notify_payload_t *notify = (notify_payload_t*)payload; notify_type_t type = notify->get_notify_type(notify); diff --git a/src/libcharon/sa/ikev2/tasks/child_delete.c b/src/libcharon/sa/ikev2/tasks/child_delete.c index 88b032c8b..2b1697423 100644 --- a/src/libcharon/sa/ikev2/tasks/child_delete.c +++ b/src/libcharon/sa/ikev2/tasks/child_delete.c @@ -93,7 +93,7 @@ static void build_payloads(private_child_delete_t *this, message_t *message) case PROTO_ESP: if (esp == NULL) { - esp = delete_payload_create(DELETE, PROTO_ESP); + esp = delete_payload_create(PLV2_DELETE, PROTO_ESP); message->add_payload(message, (payload_t*)esp); } esp->add_spi(esp, spi); @@ -103,7 +103,7 @@ static void build_payloads(private_child_delete_t *this, message_t *message) case PROTO_AH: if (ah == NULL) { - ah = delete_payload_create(DELETE, PROTO_AH); + ah = delete_payload_create(PLV2_DELETE, PROTO_AH); message->add_payload(message, (payload_t*)ah); } ah->add_spi(ah, spi); @@ -133,7 +133,7 @@ static void process_payloads(private_child_delete_t *this, message_t *message) payloads = message->create_payload_enumerator(message); while (payloads->enumerate(payloads, &payload)) { - if (payload->get_type(payload) == DELETE) + if (payload->get_type(payload) == PLV2_DELETE) { delete_payload = (delete_payload_t*)payload; protocol = delete_payload->get_protocol_id(delete_payload); diff --git a/src/libcharon/sa/ikev2/tasks/child_rekey.c b/src/libcharon/sa/ikev2/tasks/child_rekey.c index d2003bb45..db872827d 100644 --- a/src/libcharon/sa/ikev2/tasks/child_rekey.c +++ b/src/libcharon/sa/ikev2/tasks/child_rekey.c @@ -171,7 +171,7 @@ METHOD(task_t, build_i, status_t, config = this->child_sa->get_config(this->child_sa); /* we just need the rekey notify ... */ - notify = notify_payload_create_from_protocol_and_type(NOTIFY, + notify = notify_payload_create_from_protocol_and_type(PLV2_NOTIFY, this->protocol, REKEY_SA); notify->set_spi(notify, this->spi); message->add_payload(message, (payload_t*)notify); @@ -228,7 +228,7 @@ METHOD(task_t, build_r, status_t, this->child_create->set_config(this->child_create, config->get_ref(config)); this->child_create->task.build(&this->child_create->task, message); - if (message->get_payload(message, SECURITY_ASSOCIATION) == NULL) + if (message->get_payload(message, PLV2_SECURITY_ASSOCIATION) == NULL) { /* rekeying failed, reuse old child */ this->child_sa->set_state(this->child_sa, CHILD_INSTALLED); @@ -332,7 +332,7 @@ METHOD(task_t, process_i, status_t, this->child_create->task.migrate(&this->child_create->task, this->ike_sa); return NEED_MORE; } - if (message->get_payload(message, SECURITY_ASSOCIATION) == NULL) + if (message->get_payload(message, PLV2_SECURITY_ASSOCIATION) == NULL) { /* establishing new child failed, reuse old. but not when we * received a delete in the meantime */ diff --git a/src/libcharon/sa/ikev2/tasks/ike_auth.c b/src/libcharon/sa/ikev2/tasks/ike_auth.c index 800dab07e..bf747a49e 100644 --- a/src/libcharon/sa/ikev2/tasks/ike_auth.c +++ b/src/libcharon/sa/ikev2/tasks/ike_auth.c @@ -132,7 +132,7 @@ static status_t collect_my_init_data(private_ike_auth_t *this, nonce_payload_t *nonce; /* get the nonce that was generated in ike_init */ - nonce = (nonce_payload_t*)message->get_payload(message, NONCE); + nonce = (nonce_payload_t*)message->get_payload(message, PLV2_NONCE); if (nonce == NULL) { return FAILED; @@ -158,7 +158,7 @@ static status_t collect_other_init_data(private_ike_auth_t *this, nonce_payload_t *nonce; /* get the nonce that was generated in ike_init */ - nonce = (nonce_payload_t*)message->get_payload(message, NONCE); + nonce = (nonce_payload_t*)message->get_payload(message, PLV2_NONCE); if (nonce == NULL) { return FAILED; @@ -433,7 +433,7 @@ METHOD(task_t, build_i, status_t, { this->ike_sa->set_other_id(this->ike_sa, idr->clone(idr)); id_payload = id_payload_create_from_identification( - ID_RESPONDER, idr); + PLV2_ID_RESPONDER, idr); message->add_payload(message, (payload_t*)id_payload); } } @@ -451,7 +451,7 @@ METHOD(task_t, build_i, status_t, cfg->add(cfg, AUTH_RULE_IDENTITY, idi); } this->ike_sa->set_my_id(this->ike_sa, idi->clone(idi)); - id_payload = id_payload_create_from_identification(ID_INITIATOR, idi); + id_payload = id_payload_create_from_identification(PLV2_ID_INITIATOR, idi); get_reserved_id_bytes(this, id_payload); message->add_payload(message, (payload_t*)id_payload); @@ -498,7 +498,7 @@ METHOD(task_t, build_i, status_t, /* check for additional authentication rounds */ if (do_another_auth(this)) { - if (message->get_payload(message, AUTHENTICATION)) + if (message->get_payload(message, PLV2_AUTH)) { message->add_notify(message, FALSE, ANOTHER_AUTH_FOLLOWS, chunk_empty); } @@ -525,7 +525,7 @@ METHOD(task_t, process_r, status_t, if (this->my_auth == NULL && this->do_another_auth) { /* handle (optional) IDr payload, apply proposed identity */ - id_payload = (id_payload_t*)message->get_payload(message, ID_RESPONDER); + id_payload = (id_payload_t*)message->get_payload(message, PLV2_ID_RESPONDER); if (id_payload) { id = id_payload->get_identification(id_payload); @@ -558,7 +558,7 @@ METHOD(task_t, process_r, status_t, if (this->other_auth == NULL) { /* handle IDi payload */ - id_payload = (id_payload_t*)message->get_payload(message, ID_INITIATOR); + id_payload = (id_payload_t*)message->get_payload(message, PLV2_ID_INITIATOR); if (!id_payload) { DBG1(DBG_IKE, "IDi payload missing"); @@ -578,7 +578,7 @@ METHOD(task_t, process_r, status_t, return NEED_MORE; } } - if (message->get_payload(message, AUTHENTICATION) == NULL) + if (message->get_payload(message, PLV2_AUTH) == NULL) { /* before authenticating with EAP, we need a EAP config */ cand = get_auth_cfg(this, FALSE); while (!cand || ( @@ -631,7 +631,7 @@ METHOD(task_t, process_r, status_t, this->other_auth = NULL; break; case NEED_MORE: - if (message->get_payload(message, AUTHENTICATION)) + if (message->get_payload(message, PLV2_AUTH)) { /* AUTH verification successful, but another build() needed */ break; } @@ -733,7 +733,7 @@ METHOD(task_t, build_r, status_t, } } - id_payload = id_payload_create_from_identification(ID_RESPONDER, id); + id_payload = id_payload_create_from_identification(PLV2_ID_RESPONDER, id); get_reserved_id_bytes(this, id_payload); message->add_payload(message, (payload_t*)id_payload); @@ -780,7 +780,7 @@ METHOD(task_t, build_r, status_t, case NEED_MORE: break; default: - if (message->get_payload(message, EXTENSIBLE_AUTHENTICATION)) + if (message->get_payload(message, PLV2_EAP)) { /* skip AUTHENTICATION_FAILED if we have EAP_FAILURE */ goto peer_auth_failed_no_notify; } @@ -900,7 +900,7 @@ METHOD(task_t, process_i, status_t, enumerator = message->create_payload_enumerator(message); while (enumerator->enumerate(enumerator, &payload)) { - if (payload->get_type(payload) == NOTIFY) + if (payload->get_type(payload) == PLV2_NOTIFY) { notify_payload_t *notify = (notify_payload_t*)payload; notify_type_t type = notify->get_notify_type(notify); @@ -956,7 +956,7 @@ METHOD(task_t, process_i, status_t, /* handle IDr payload */ id_payload = (id_payload_t*)message->get_payload(message, - ID_RESPONDER); + PLV2_ID_RESPONDER); if (!id_payload) { DBG1(DBG_IKE, "IDr payload missing"); @@ -968,7 +968,7 @@ METHOD(task_t, process_i, status_t, cfg = this->ike_sa->get_auth_cfg(this->ike_sa, FALSE); cfg->add(cfg, AUTH_RULE_IDENTITY, id->clone(id)); - if (message->get_payload(message, AUTHENTICATION)) + if (message->get_payload(message, PLV2_AUTH)) { /* verify authentication data */ this->other_auth = authenticator_create_verifier(this->ike_sa, diff --git a/src/libcharon/sa/ikev2/tasks/ike_cert_post.c b/src/libcharon/sa/ikev2/tasks/ike_cert_post.c index 6dbc4dec3..5a9e08de2 100644 --- a/src/libcharon/sa/ikev2/tasks/ike_cert_post.c +++ b/src/libcharon/sa/ikev2/tasks/ike_cert_post.c @@ -63,14 +63,14 @@ static cert_payload_t *build_cert_payload(private_ike_cert_post_t *this, if (!this->ike_sa->supports_extension(this->ike_sa, EXT_HASH_AND_URL)) { - return cert_payload_create_from_cert(CERTIFICATE, cert); + return cert_payload_create_from_cert(PLV2_CERTIFICATE, cert); } hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1); if (!hasher) { DBG1(DBG_IKE, "unable to use hash-and-url: sha1 not supported"); - return cert_payload_create_from_cert(CERTIFICATE, cert); + return cert_payload_create_from_cert(PLV2_CERTIFICATE, cert); } if (!cert->get_encoding(cert, CERT_ASN1_DER, &encoded)) @@ -83,7 +83,7 @@ static cert_payload_t *build_cert_payload(private_ike_cert_post_t *this, { hasher->destroy(hasher); chunk_free(&encoded); - return cert_payload_create_from_cert(CERTIFICATE, cert); + return cert_payload_create_from_cert(PLV2_CERTIFICATE, cert); } chunk_free(&encoded); hasher->destroy(hasher); @@ -97,7 +97,7 @@ static cert_payload_t *build_cert_payload(private_ike_cert_post_t *this, } else { - payload = cert_payload_create_from_cert(CERTIFICATE, cert); + payload = cert_payload_create_from_cert(PLV2_CERTIFICATE, cert); } enumerator->destroy(enumerator); chunk_free(&hash); @@ -145,7 +145,7 @@ static void add_im_certs(private_ike_cert_post_t *this, auth_cfg_t *auth, { if (type == AUTH_RULE_IM_CERT) { - payload = cert_payload_create_from_cert(CERTIFICATE, cert); + payload = cert_payload_create_from_cert(PLV2_CERTIFICATE, cert); if (payload) { DBG1(DBG_IKE, "sending issuer cert \"%Y\"", @@ -187,7 +187,7 @@ static void add_attribute_certs(private_ike_cert_post_t *this, if (id && id->equals(id, subject->get_issuer(subject)) && cert->get_validity(cert, NULL, NULL, NULL)) { - payload = cert_payload_create_from_cert(CERTIFICATE, cert); + payload = cert_payload_create_from_cert(PLV2_CERTIFICATE, cert); if (payload) { DBG1(DBG_IKE, "sending attribute certificate " @@ -210,7 +210,7 @@ static void build_certs(private_ike_cert_post_t *this, message_t *message) auth_payload_t *payload; auth_cfg_t *auth; - payload = (auth_payload_t*)message->get_payload(message, AUTHENTICATION); + payload = (auth_payload_t*)message->get_payload(message, PLV2_AUTH); peer_cfg = this->ike_sa->get_peer_cfg(this->ike_sa); if (!peer_cfg || !payload || payload->get_auth_method(payload) == AUTH_PSK) { /* no CERT payload for EAP/PSK */ diff --git a/src/libcharon/sa/ikev2/tasks/ike_cert_pre.c b/src/libcharon/sa/ikev2/tasks/ike_cert_pre.c index 558b1e914..0dac975e7 100644 --- a/src/libcharon/sa/ikev2/tasks/ike_cert_pre.c +++ b/src/libcharon/sa/ikev2/tasks/ike_cert_pre.c @@ -138,10 +138,10 @@ static void process_certreqs(private_ike_cert_pre_t *this, message_t *message) { switch (payload->get_type(payload)) { - case CERTIFICATE_REQUEST: + case PLV2_CERTREQ: process_certreq(this, (certreq_payload_t*)payload, auth); break; - case NOTIFY: + case PLV2_NOTIFY: process_notify(this, (notify_payload_t*)payload); break; default: @@ -298,7 +298,7 @@ static void process_certs(private_ike_cert_pre_t *this, message_t *message) enumerator = message->create_payload_enumerator(message); while (enumerator->enumerate(enumerator, &payload)) { - if (payload->get_type(payload) == CERTIFICATE) + if (payload->get_type(payload) == PLV2_CERTIFICATE) { cert_payload_t *cert_payload; cert_encoding_t encoding; @@ -469,7 +469,7 @@ static void build_certreqs(private_ike_cert_pre_t *this, message_t *message) static bool final_auth(message_t *message) { /* we check for an AUTH payload without a ANOTHER_AUTH_FOLLOWS notify */ - if (message->get_payload(message, AUTHENTICATION) == NULL) + if (message->get_payload(message, PLV2_AUTH) == NULL) { return FALSE; } diff --git a/src/libcharon/sa/ikev2/tasks/ike_config.c b/src/libcharon/sa/ikev2/tasks/ike_config.c index 17132feee..1a4c21b54 100644 --- a/src/libcharon/sa/ikev2/tasks/ike_config.c +++ b/src/libcharon/sa/ikev2/tasks/ike_config.c @@ -98,7 +98,7 @@ static configuration_attribute_t *build_vip(host_t *vip) chunk = chunk_cata("cc", chunk, prefix); } } - return configuration_attribute_create_chunk(CONFIGURATION_ATTRIBUTE, + return configuration_attribute_create_chunk(PLV2_CONFIGURATION_ATTRIBUTE, type, chunk); } @@ -200,7 +200,7 @@ static void process_payloads(private_ike_config_t *this, message_t *message) enumerator = message->create_payload_enumerator(message); while (enumerator->enumerate(enumerator, &payload)) { - if (payload->get_type(payload) == CONFIGURATION) + if (payload->get_type(payload) == PLV2_CONFIGURATION) { cp_payload_t *cp = (cp_payload_t*)payload; configuration_attribute_t *ca; @@ -268,7 +268,7 @@ METHOD(task_t, build_i, status_t, if (vips->get_count(vips)) { - cp = cp_payload_create_type(CONFIGURATION, CFG_REQUEST); + cp = cp_payload_create_type(PLV2_CONFIGURATION, CFG_REQUEST); enumerator = vips->create_enumerator(vips); while (enumerator->enumerate(enumerator, &host)) { @@ -288,11 +288,11 @@ METHOD(task_t, build_i, status_t, /* create configuration attribute */ DBG2(DBG_IKE, "building %N attribute", configuration_attribute_type_names, type); - ca = configuration_attribute_create_chunk(CONFIGURATION_ATTRIBUTE, + ca = configuration_attribute_create_chunk(PLV2_CONFIGURATION_ATTRIBUTE, type, data); if (!cp) { - cp = cp_payload_create_type(CONFIGURATION, CFG_REQUEST); + cp = cp_payload_create_type(PLV2_CONFIGURATION, CFG_REQUEST); } cp->add_attribute(cp, ca); @@ -363,7 +363,7 @@ METHOD(task_t, build_r, status_t, this->ike_sa->add_virtual_ip(this->ike_sa, FALSE, found); if (!cp) { - cp = cp_payload_create_type(CONFIGURATION, CFG_REPLY); + cp = cp_payload_create_type(PLV2_CONFIGURATION, CFG_REPLY); } cp->add_attribute(cp, build_vip(found)); vips->insert_last(vips, found); @@ -407,12 +407,12 @@ METHOD(task_t, build_r, status_t, { if (!cp) { - cp = cp_payload_create_type(CONFIGURATION, CFG_REPLY); + cp = cp_payload_create_type(PLV2_CONFIGURATION, CFG_REPLY); } DBG2(DBG_IKE, "building %N attribute", configuration_attribute_type_names, type); cp->add_attribute(cp, - configuration_attribute_create_chunk(CONFIGURATION_ATTRIBUTE, + configuration_attribute_create_chunk(PLV2_CONFIGURATION_ATTRIBUTE, type, value)); } enumerator->destroy(enumerator); diff --git a/src/libcharon/sa/ikev2/tasks/ike_delete.c b/src/libcharon/sa/ikev2/tasks/ike_delete.c index 9bc62bf2a..e972dba07 100644 --- a/src/libcharon/sa/ikev2/tasks/ike_delete.c +++ b/src/libcharon/sa/ikev2/tasks/ike_delete.c @@ -65,7 +65,7 @@ METHOD(task_t, build_i, status_t, this->ike_sa->get_other_host(this->ike_sa), this->ike_sa->get_other_id(this->ike_sa)); - delete_payload = delete_payload_create(DELETE, PROTO_IKE); + delete_payload = delete_payload_create(PLV2_DELETE, PROTO_IKE); message->add_payload(message, (payload_t*)delete_payload); if (this->ike_sa->get_state(this->ike_sa) == IKE_REKEYING) diff --git a/src/libcharon/sa/ikev2/tasks/ike_init.c b/src/libcharon/sa/ikev2/tasks/ike_init.c index 278bdc3f2..e3c18ea0f 100644 --- a/src/libcharon/sa/ikev2/tasks/ike_init.c +++ b/src/libcharon/sa/ikev2/tasks/ike_init.c @@ -147,9 +147,9 @@ static void build_payloads(private_ike_init_t *this, message_t *message) } message->add_payload(message, (payload_t*)sa_payload); - nonce_payload = nonce_payload_create(NONCE); + nonce_payload = nonce_payload_create(PLV2_NONCE); nonce_payload->set_nonce(nonce_payload, this->my_nonce); - ke_payload = ke_payload_create_from_diffie_hellman(KEY_EXCHANGE, this->dh); + ke_payload = ke_payload_create_from_diffie_hellman(PLV2_KEY_EXCHANGE, this->dh); if (this->old_sa) { /* payload order differs if we are rekeying */ @@ -176,7 +176,7 @@ static void process_payloads(private_ike_init_t *this, message_t *message) { switch (payload->get_type(payload)) { - case SECURITY_ASSOCIATION: + case PLV2_SECURITY_ASSOCIATION: { sa_payload_t *sa_payload = (sa_payload_t*)payload; linked_list_t *proposal_list; @@ -196,7 +196,7 @@ static void process_payloads(private_ike_init_t *this, message_t *message) offsetof(proposal_t, destroy)); break; } - case KEY_EXCHANGE: + case PLV2_KEY_EXCHANGE: { ke_payload_t *ke_payload = (ke_payload_t*)payload; @@ -213,7 +213,7 @@ static void process_payloads(private_ike_init_t *this, message_t *message) } break; } - case NONCE: + case PLV2_NONCE: { nonce_payload_t *nonce_payload = (nonce_payload_t*)payload; @@ -449,7 +449,7 @@ METHOD(task_t, process_i, status_t, enumerator = message->create_payload_enumerator(message); while (enumerator->enumerate(enumerator, &payload)) { - if (payload->get_type(payload) == NOTIFY) + if (payload->get_type(payload) == PLV2_NOTIFY) { notify_payload_t *notify = (notify_payload_t*)payload; notify_type_t type = notify->get_notify_type(notify); diff --git a/src/libcharon/sa/ikev2/tasks/ike_me.c b/src/libcharon/sa/ikev2/tasks/ike_me.c index 135c06d19..a7e7505a1 100644 --- a/src/libcharon/sa/ikev2/tasks/ike_me.c +++ b/src/libcharon/sa/ikev2/tasks/ike_me.c @@ -171,7 +171,7 @@ static void process_payloads(private_ike_me_t *this, message_t *message) enumerator = message->create_payload_enumerator(message); while (enumerator->enumerate(enumerator, &payload)) { - if (payload->get_type(payload) != NOTIFY) + if (payload->get_type(payload) != PLV2_NOTIFY) { continue; } @@ -277,7 +277,7 @@ METHOD(task_t, build_i, status_t, { rng_t *rng; id_payload_t *id_payload; - id_payload = id_payload_create_from_identification(ID_PEER, + id_payload = id_payload_create_from_identification(PLV2_ID_PEER, this->peer_id); message->add_payload(message, (payload_t*)id_payload); @@ -339,7 +339,7 @@ METHOD(task_t, process_r, status_t, case ME_CONNECT: { id_payload_t *id_payload; - id_payload = (id_payload_t*)message->get_payload(message, ID_PEER); + id_payload = (id_payload_t*)message->get_payload(message, PLV2_ID_PEER); if (!id_payload) { DBG1(DBG_IKE, "received ME_CONNECT without ID_PEER payload" @@ -534,7 +534,7 @@ METHOD(task_t, build_i_ms, status_t, case ME_CONNECT: { id_payload_t *id_payload; - id_payload = id_payload_create_from_identification(ID_PEER, + id_payload = id_payload_create_from_identification(PLV2_ID_PEER, this->peer_id); message->add_payload(message, (payload_t*)id_payload); @@ -594,7 +594,7 @@ METHOD(task_t, process_r_ms, status_t, case ME_CONNECT: { id_payload_t *id_payload; - id_payload = (id_payload_t*)message->get_payload(message, ID_PEER); + id_payload = (id_payload_t*)message->get_payload(message, PLV2_ID_PEER); if (!id_payload) { DBG1(DBG_IKE, "received ME_CONNECT without ID_PEER payload" diff --git a/src/libcharon/sa/ikev2/tasks/ike_mobike.c b/src/libcharon/sa/ikev2/tasks/ike_mobike.c index ae3526f42..00ca615d8 100644 --- a/src/libcharon/sa/ikev2/tasks/ike_mobike.c +++ b/src/libcharon/sa/ikev2/tasks/ike_mobike.c @@ -96,7 +96,7 @@ static void process_payloads(private_ike_mobike_t *this, message_t *message) chunk_t data; host_t *host; - if (payload->get_type(payload) != NOTIFY) + if (payload->get_type(payload) != PLV2_NOTIFY) { continue; } diff --git a/src/libcharon/sa/ikev2/tasks/ike_natd.c b/src/libcharon/sa/ikev2/tasks/ike_natd.c index 4fc968f25..9e0eb68ce 100644 --- a/src/libcharon/sa/ikev2/tasks/ike_natd.c +++ b/src/libcharon/sa/ikev2/tasks/ike_natd.c @@ -172,7 +172,7 @@ static notify_payload_t *build_natd_payload(private_ike_natd_t *this, { return NULL; } - notify = notify_payload_create(NOTIFY); + notify = notify_payload_create(PLV2_NOTIFY); notify->set_notify_type(notify, type); notify->set_notification_data(notify, hash); chunk_free(&hash); @@ -206,7 +206,7 @@ static void process_payloads(private_ike_natd_t *this, message_t *message) enumerator = message->create_payload_enumerator(message); while (enumerator->enumerate(enumerator, &payload)) { - if (payload->get_type(payload) != NOTIFY) + if (payload->get_type(payload) != PLV2_NOTIFY) { continue; } @@ -381,7 +381,7 @@ METHOD(task_t, build_r, status_t, /* only add notifies on successful responses. */ if (message->get_exchange_type(message) == IKE_SA_INIT && - message->get_payload(message, SECURITY_ASSOCIATION) == NULL) + message->get_payload(message, PLV2_SECURITY_ASSOCIATION) == NULL) { return SUCCESS; } diff --git a/src/libcharon/sa/ikev2/tasks/ike_vendor.c b/src/libcharon/sa/ikev2/tasks/ike_vendor.c index 16ac16673..d536af218 100644 --- a/src/libcharon/sa/ikev2/tasks/ike_vendor.c +++ b/src/libcharon/sa/ikev2/tasks/ike_vendor.c @@ -92,7 +92,7 @@ METHOD(task_t, build, status_t, if (vids[i].extension == EXT_STRONGSWAN && strongswan) { DBG2(DBG_IKE, "sending %s vendor ID", vids[i].desc); - vid = vendor_id_payload_create_data(VENDOR_ID, + vid = vendor_id_payload_create_data(PLV2_VENDOR_ID, chunk_clone(get_vid_data(&vids[i]))); message->add_payload(message, &vid->payload_interface); } @@ -111,7 +111,7 @@ METHOD(task_t, process, status_t, enumerator = message->create_payload_enumerator(message); while (enumerator->enumerate(enumerator, &payload)) { - if (payload->get_type(payload) == VENDOR_ID) + if (payload->get_type(payload) == PLV2_VENDOR_ID) { vendor_id_payload_t *vid; chunk_t data; diff --git a/src/libfast/Makefile.am b/src/libfast/Makefile.am index 41a489b3d..48079c66a 100644 --- a/src/libfast/Makefile.am +++ b/src/libfast/Makefile.am @@ -3,7 +3,7 @@ AM_CPPFLAGS = \ -I/usr/include/ClearSilver AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) AM_LDFLAGS = \ -no-undefined diff --git a/src/libhydra/Makefile.am b/src/libhydra/Makefile.am index f7ae37f98..50964e689 100644 --- a/src/libhydra/Makefile.am +++ b/src/libhydra/Makefile.am @@ -14,6 +14,10 @@ kernel/kernel_listener.h libhydra_la_LIBADD = \ $(top_builddir)/src/libstrongswan/libstrongswan.la +if USE_WINDOWS + libhydra_la_LIBADD += -lws2_32 +endif + AM_CPPFLAGS = \ -I$(top_srcdir)/src/libstrongswan \ -DIPSEC_DIR=\"${ipsecdir}\" \ diff --git a/src/libhydra/plugins/attr/Makefile.am b/src/libhydra/plugins/attr/Makefile.am index 5989beae4..5b899b80c 100644 --- a/src/libhydra/plugins/attr/Makefile.am +++ b/src/libhydra/plugins/attr/Makefile.am @@ -3,7 +3,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libhydra AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-attr.la diff --git a/src/libhydra/plugins/attr_sql/Makefile.am b/src/libhydra/plugins/attr_sql/Makefile.am index d126bb035..6e7eae5eb 100644 --- a/src/libhydra/plugins/attr_sql/Makefile.am +++ b/src/libhydra/plugins/attr_sql/Makefile.am @@ -3,7 +3,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libhydra AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-attr-sql.la diff --git a/src/libhydra/plugins/kernel_klips/Makefile.am b/src/libhydra/plugins/kernel_klips/Makefile.am index 1b98cab06..71173f1f9 100644 --- a/src/libhydra/plugins/kernel_klips/Makefile.am +++ b/src/libhydra/plugins/kernel_klips/Makefile.am @@ -3,7 +3,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libhydra AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-kernel-klips.la diff --git a/src/libhydra/plugins/kernel_netlink/Makefile.am b/src/libhydra/plugins/kernel_netlink/Makefile.am index ad573523e..c91f9a9e4 100644 --- a/src/libhydra/plugins/kernel_netlink/Makefile.am +++ b/src/libhydra/plugins/kernel_netlink/Makefile.am @@ -6,7 +6,7 @@ AM_CPPFLAGS = \ -DROUTING_TABLE_PRIO=${routing_table_prio} AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-kernel-netlink.la diff --git a/src/libhydra/plugins/kernel_pfkey/Makefile.am b/src/libhydra/plugins/kernel_pfkey/Makefile.am index bb5d0d7f7..f645528d9 100644 --- a/src/libhydra/plugins/kernel_pfkey/Makefile.am +++ b/src/libhydra/plugins/kernel_pfkey/Makefile.am @@ -4,7 +4,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libhydra AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-kernel-pfkey.la diff --git a/src/libhydra/plugins/kernel_pfroute/Makefile.am b/src/libhydra/plugins/kernel_pfroute/Makefile.am index 9d1621366..5129c02f6 100644 --- a/src/libhydra/plugins/kernel_pfroute/Makefile.am +++ b/src/libhydra/plugins/kernel_pfroute/Makefile.am @@ -4,7 +4,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libhydra AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-kernel-pfroute.la diff --git a/src/libhydra/plugins/resolve/Makefile.am b/src/libhydra/plugins/resolve/Makefile.am index 4cbf65fc0..33c3e70fc 100644 --- a/src/libhydra/plugins/resolve/Makefile.am +++ b/src/libhydra/plugins/resolve/Makefile.am @@ -4,7 +4,7 @@ AM_CPPFLAGS = \ -DRESOLV_CONF=\"${resolv_conf}\" AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-resolve.la diff --git a/src/libimcv/Makefile.am b/src/libimcv/Makefile.am index 3732267ed..0c56169ee 100644 --- a/src/libimcv/Makefile.am +++ b/src/libimcv/Makefile.am @@ -11,6 +11,10 @@ libimcv_la_LIBADD = \ $(top_builddir)/src/libstrongswan/libstrongswan.la \ $(top_builddir)/src/libtncif/libtncif.la +if USE_WINDOWS + libimcv_la_LIBADD += -lws2_32 +endif + libimcv_la_SOURCES = \ imcv.h imcv.c \ imc/imc_agent.h imc/imc_agent.c imc/imc_state.h \ @@ -56,7 +60,7 @@ ipsec_SCRIPTS = imv/_imv_policy EXTRA_DIST = imv/_imv_policy templatesdir = $(pkgdatadir)/templates/database/imv -dist_templates_DATA = imv/tables.sql imv/data.sql +dist_templates_DATA = imv/tables.sql imv/tables-mysql.sql imv/data.sql ipsec_PROGRAMS = imv_policy_manager imv_policy_manager_SOURCES = \ diff --git a/src/libimcv/imc/imc_agent.c b/src/libimcv/imc/imc_agent.c index 7dc3abddd..533151799 100644 --- a/src/libimcv/imc/imc_agent.c +++ b/src/libimcv/imc/imc_agent.c @@ -490,7 +490,7 @@ METHOD(imc_agent_t, reserve_additional_ids, TNC_Result, count--; /* store the scalar value in the pointer */ - pointer = (void*)id; + pointer = (void*)(uintptr_t)id; this->additional_ids->insert_last(this->additional_ids, pointer); DBG2(DBG_IMC, "IMC %u \"%s\" reserved additional ID %u", this->id, this->name, id); @@ -566,4 +566,3 @@ imc_agent_t *imc_agent_create(const char *name, return &this->public; } - diff --git a/src/libimcv/imc/imc_os_info.c b/src/libimcv/imc/imc_os_info.c index 86a7f82e2..b01a14c01 100644 --- a/src/libimcv/imc/imc_os_info.c +++ b/src/libimcv/imc/imc_os_info.c @@ -13,9 +13,13 @@ * for more details. */ +/* for GetTickCount64, Windows 7 */ +#ifdef WIN32 +# define _WIN32_WINNT 0x0601 +#endif + #include "imc_os_info.h" -#include <sys/utsname.h> #include <stdio.h> #include <stdarg.h> @@ -86,6 +90,71 @@ METHOD(imc_os_info_t, get_version, chunk_t, return this->version; } +#ifdef WIN32 + +METHOD(imc_os_info_t, get_fwd_status, os_fwd_status_t, + private_imc_os_info_t *this) +{ + return OS_FWD_UNKNOWN; +} + +METHOD(imc_os_info_t, get_uptime, time_t, + private_imc_os_info_t *this) +{ + return GetTickCount64() / 1000; +} + +METHOD(imc_os_info_t, get_setting, chunk_t, + private_imc_os_info_t *this, char *name) +{ + return chunk_empty; +} + +METHOD(imc_os_info_t, create_package_enumerator, enumerator_t*, + private_imc_os_info_t *this) +{ + return NULL; +} + +/** + * Determine Windows release + */ +static bool extract_platform_info(os_type_t *type, chunk_t *name, + chunk_t *version) +{ + OSVERSIONINFOEX osvie; + char buf[64]; + + memset(&osvie, 0, sizeof(osvie)); + osvie.dwOSVersionInfoSize = sizeof(osvie); + + if (!GetVersionEx((LPOSVERSIONINFO)&osvie)) + { + return FALSE; + } + *type = OS_TYPE_WINDOWS; + snprintf(buf, sizeof(buf), "Windows %s %s", + osvie.wProductType == VER_NT_WORKSTATION ? "Client" : "Server", +#ifdef WIN64 + "x86_64" +#else + "x86" +#endif + ); + *name = chunk_clone(chunk_from_str(buf)); + + snprintf(buf, sizeof(buf), "%d.%d.%d (SP %d.%d)", + osvie.dwMajorVersion, osvie.dwMinorVersion, osvie.dwBuildNumber, + osvie.wServicePackMajor, osvie.wServicePackMinor); + *version = chunk_clone(chunk_from_str(buf)); + + return TRUE; +} + +#else /* !WIN32 */ + +#include <sys/utsname.h> + METHOD(imc_os_info_t, get_fwd_status, os_fwd_status_t, private_imc_os_info_t *this) { @@ -294,15 +363,6 @@ METHOD(imc_os_info_t, create_package_enumerator, enumerator_t*, return (enumerator_t*)enumerator; } - -METHOD(imc_os_info_t, destroy, void, - private_imc_os_info_t *this) -{ - free(this->name.ptr); - free(this->version.ptr); - free(this); -} - #define RELEASE_LSB 0 #define RELEASE_DEBIAN 1 @@ -505,6 +565,16 @@ static bool extract_platform_info(os_type_t *type, chunk_t *name, return TRUE; } +#endif /* !WIN32 */ + +METHOD(imc_os_info_t, destroy, void, + private_imc_os_info_t *this) +{ + free(this->name.ptr); + free(this->version.ptr); + free(this); +} + /** * See header */ diff --git a/src/libimcv/imcv.c b/src/libimcv/imcv.c index 86164486b..30679a33d 100644 --- a/src/libimcv/imcv.c +++ b/src/libimcv/imcv.c @@ -20,7 +20,9 @@ #include <utils/utils.h> #include <pen/pen.h> +#ifdef HAVE_SYSLOG #include <syslog.h> +#endif #define IMCV_DEBUG_LEVEL 1 #define IMCV_DEFAULT_POLICY_SCRIPT "ipsec _imv_policy" @@ -62,9 +64,6 @@ static bool imcv_stderr_quiet; */ static void imcv_dbg(debug_t group, level_t level, char *fmt, ...) { - int priority = LOG_INFO; - char buffer[8192]; - char *current = buffer, *next; va_list args; if (level <= imcv_debug_level) @@ -78,22 +77,30 @@ static void imcv_dbg(debug_t group, level_t level, char *fmt, ...) va_end(args); } - /* write in memory buffer first */ - va_start(args, fmt); - vsnprintf(buffer, sizeof(buffer), fmt, args); - va_end(args); - - /* do a syslog with every line */ - while (current) +#ifdef HAVE_SYSLOG { - next = strchr(current, '\n'); - if (next) + int priority = LOG_INFO; + char buffer[8192]; + char *current = buffer, *next; + + /* write in memory buffer first */ + va_start(args, fmt); + vsnprintf(buffer, sizeof(buffer), fmt, args); + va_end(args); + + /* do a syslog with every line */ + while (current) { - *(next++) = '\0'; + next = strchr(current, '\n'); + if (next) + { + *(next++) = '\0'; + } + syslog(priority, "[HSR] %s\n", current); + current = next; } - syslog(priority, "[HSR] %s\n", current); - current = next; } +#endif /* HAVE_SYSLOG */ } } @@ -127,7 +134,9 @@ bool libimcv_init(bool is_imv) /* activate the imcv debugging hook */ dbg = imcv_dbg; +#ifdef HAVE_SYSLOG openlog("imcv", 0, LOG_DAEMON); +#endif if (!lib->plugins->load(lib->plugins, lib->settings->get_str(lib->settings, "libimcv.load", @@ -197,4 +206,3 @@ void libimcv_deinit(void) library_deinit(); } } - diff --git a/src/libimcv/imv/_imv_policy b/src/libimcv/imv/_imv_policy index 68a963c27..056284411 100755 --- a/src/libimcv/imv/_imv_policy +++ b/src/libimcv/imv/_imv_policy @@ -20,18 +20,20 @@ # that, and use the "libimcv.policy_script = " option in strongswan.conf # to make strongSwan use yours instead of this default one. -# Environment variables that this script gets +# Passed arguments # -# TNC_SESSION_ID -# unique session ID used as a reference by the policy -# manager. +# $1 +# action +# $2 +# unique session ID used as a reference by the policy +# manager. # case "$1" in start) - echo "start session $TNC_SESSION_ID" + echo "start session $2" ;; stop) - echo "stop session $TNC_SESSION_ID" + echo "stop session $2" ;; *) echo "$0: unknown command '$1'" exit 1 diff --git a/src/libimcv/imv/imv_agent.c b/src/libimcv/imv/imv_agent.c index 5fc3f79c6..a46455d47 100644 --- a/src/libimcv/imv/imv_agent.c +++ b/src/libimcv/imv/imv_agent.c @@ -612,7 +612,7 @@ METHOD(imv_agent_t, reserve_additional_ids, TNC_Result, count--; /* store the scalar value in the pointer */ - pointer = (void*)id; + pointer = (void*)(uintptr_t)id; this->additional_ids->insert_last(this->additional_ids, pointer); DBG2(DBG_IMV, "IMV %u \"%s\" reserved additional ID %u", this->id, this->name, id); @@ -831,5 +831,3 @@ imv_agent_t *imv_agent_create(const char *name, return &this->public; } - - diff --git a/src/libimcv/imv/imv_database.c b/src/libimcv/imv/imv_database.c index 2edb4df04..0c4bb7514 100644 --- a/src/libimcv/imv/imv_database.c +++ b/src/libimcv/imv/imv_database.c @@ -126,7 +126,7 @@ static bool create_session(private_imv_database_t *this, imv_session_t *session) DBG1(DBG_IMV, "imv_db: registering product info failed"); return FALSE; } - + /* get device ID string */ if (!session->get_device_id(session, &device_id)) { @@ -261,9 +261,9 @@ METHOD(imv_database_t, policy_script, bool, } /* call the policy script */ - snprintf(command, sizeof(command), "2>&1 TNC_SESSION_ID='%d' %s %s", - session->get_session_id(session, NULL, NULL), this->script, - start ? "start" : "stop"); + snprintf(command, sizeof(command), "2>&1 %s %s %d", + this->script, start ? "start" : "stop", + session->get_session_id(session, NULL, NULL)); DBG3(DBG_IMV, "running policy script: %s", command); shell = popen(command, "r"); @@ -363,4 +363,3 @@ imv_database_t *imv_database_create(char *uri, char *script) return &this->public; } - diff --git a/src/libimcv/imv/imv_if.h b/src/libimcv/imv/imv_if.h index fa9765b11..2118509e3 100644 --- a/src/libimcv/imv/imv_if.h +++ b/src/libimcv/imv/imv_if.h @@ -26,10 +26,10 @@ static imv_agent_if_t *imv_agent; /* * see section 3.8.1 of TCG TNC IF-IMV Specification 1.3 */ -TNC_Result TNC_IMV_Initialize(TNC_IMVID imv_id, - TNC_Version min_version, - TNC_Version max_version, - TNC_Version *actual_version) +TNC_Result TNC_IMV_API TNC_IMV_Initialize(TNC_IMVID imv_id, + TNC_Version min_version, + TNC_Version max_version, + TNC_Version *actual_version) { if (imv_agent) { @@ -54,9 +54,9 @@ TNC_Result TNC_IMV_Initialize(TNC_IMVID imv_id, /** * see section 3.8.2 of TCG TNC IF-IMV Specification 1.3 */ -TNC_Result TNC_IMV_NotifyConnectionChange(TNC_IMVID imv_id, - TNC_ConnectionID connection_id, - TNC_ConnectionState new_state) +TNC_Result TNC_IMV_API TNC_IMV_NotifyConnectionChange(TNC_IMVID imv_id, + TNC_ConnectionID connection_id, + TNC_ConnectionState new_state) { if (!imv_agent) { @@ -70,11 +70,11 @@ TNC_Result TNC_IMV_NotifyConnectionChange(TNC_IMVID imv_id, /** * see section 3.8.4 of TCG TNC IF-IMV Specification 1.3 */ -TNC_Result TNC_IMV_ReceiveMessage(TNC_IMVID imv_id, - TNC_ConnectionID connection_id, - TNC_BufferReference msg, - TNC_UInt32 msg_len, - TNC_MessageType msg_type) +TNC_Result TNC_IMV_API TNC_IMV_ReceiveMessage(TNC_IMVID imv_id, + TNC_ConnectionID connection_id, + TNC_BufferReference msg, + TNC_UInt32 msg_len, + TNC_MessageType msg_type) { if (!imv_agent) { @@ -88,15 +88,15 @@ TNC_Result TNC_IMV_ReceiveMessage(TNC_IMVID imv_id, /** * see section 3.8.6 of TCG TNC IF-IMV Specification 1.3 */ -TNC_Result TNC_IMV_ReceiveMessageLong(TNC_IMVID imv_id, - TNC_ConnectionID connection_id, - TNC_UInt32 msg_flags, - TNC_BufferReference msg, - TNC_UInt32 msg_len, - TNC_VendorID msg_vid, - TNC_MessageSubtype msg_subtype, - TNC_UInt32 src_imc_id, - TNC_UInt32 dst_imv_id) +TNC_Result TNC_IMV_API TNC_IMV_ReceiveMessageLong(TNC_IMVID imv_id, + TNC_ConnectionID connection_id, + TNC_UInt32 msg_flags, + TNC_BufferReference msg, + TNC_UInt32 msg_len, + TNC_VendorID msg_vid, + TNC_MessageSubtype msg_subtype, + TNC_UInt32 src_imc_id, + TNC_UInt32 dst_imv_id) { if (!imv_agent) { @@ -111,8 +111,8 @@ TNC_Result TNC_IMV_ReceiveMessageLong(TNC_IMVID imv_id, /** * see section 3.8.7 of TCG TNC IF-IMV Specification 1.3 */ -TNC_Result TNC_IMV_SolicitRecommendation(TNC_IMVID imv_id, - TNC_ConnectionID connection_id) +TNC_Result TNC_IMV_API TNC_IMV_SolicitRecommendation(TNC_IMVID imv_id, + TNC_ConnectionID connection_id) { if (!imv_agent) @@ -126,7 +126,8 @@ TNC_Result TNC_IMV_SolicitRecommendation(TNC_IMVID imv_id, /** * see section 3.8.8 of TCG TNC IF-IMV Specification 1.3 */ -TNC_Result TNC_IMV_BatchEnding(TNC_IMVID imv_id, TNC_ConnectionID connection_id) +TNC_Result TNC_IMV_API TNC_IMV_BatchEnding(TNC_IMVID imv_id, + TNC_ConnectionID connection_id) { if (!imv_agent) { @@ -139,7 +140,7 @@ TNC_Result TNC_IMV_BatchEnding(TNC_IMVID imv_id, TNC_ConnectionID connection_id) /** * see section 3.8.9 of TCG TNC IF-IMV Specification 1.3 */ -TNC_Result TNC_IMV_Terminate(TNC_IMVID imv_id) +TNC_Result TNC_IMV_API TNC_IMV_Terminate(TNC_IMVID imv_id) { if (!imv_agent) { @@ -155,8 +156,8 @@ TNC_Result TNC_IMV_Terminate(TNC_IMVID imv_id) /** * see section 4.2.8.1 of TCG TNC IF-IMV Specification 1.3 */ -TNC_Result TNC_IMV_ProvideBindFunction(TNC_IMVID imv_id, - TNC_TNCS_BindFunctionPointer bind_function) +TNC_Result TNC_IMV_API TNC_IMV_ProvideBindFunction(TNC_IMVID imv_id, + TNC_TNCS_BindFunctionPointer bind_function) { if (!imv_agent) { diff --git a/src/libimcv/imv/imv_policy_manager.c b/src/libimcv/imv/imv_policy_manager.c index 028721af3..50f7f2e39 100644 --- a/src/libimcv/imv/imv_policy_manager.c +++ b/src/libimcv/imv/imv_policy_manager.c @@ -278,7 +278,7 @@ static bool policy_stop(database_t *db, int session_id) int main(int argc, char *argv[]) { database_t *db; - char *uri, *tnc_session_id; + char *uri; int session_id; bool start, success; @@ -299,7 +299,7 @@ int main(int argc, char *argv[]) exit(SS_RC_INITIALIZATION_FAILED); } - if (argc < 2) + if (argc < 3) { usage(); exit(SS_RC_INITIALIZATION_FAILED); @@ -318,14 +318,7 @@ int main(int argc, char *argv[]) exit(SS_RC_INITIALIZATION_FAILED); } - /* get session ID */ - tnc_session_id = getenv("TNC_SESSION_ID"); - if (!tnc_session_id) - { - fprintf(stderr, "environment variable TNC_SESSION_ID is not defined\n"); - exit(SS_RC_INITIALIZATION_FAILED); - } - session_id = atoi(tnc_session_id); + session_id = atoi(argv[2]); /* attach IMV database */ uri = lib->settings->get_str(lib->settings, diff --git a/src/libimcv/imv/imv_policy_manager_usage.c b/src/libimcv/imv/imv_policy_manager_usage.c index 3167a5441..c71bc9958 100644 --- a/src/libimcv/imv/imv_policy_manager_usage.c +++ b/src/libimcv/imv/imv_policy_manager_usage.c @@ -24,6 +24,5 @@ void usage(void) { printf("\ Usage:\n\ - imv_policy_manager start|stop\n"); + imv_policy_manager start|stop <tnc-session-id>\n"); } - diff --git a/src/libimcv/imv/imv_session.c b/src/libimcv/imv/imv_session.c index 14fea2b18..faa22c3df 100644 --- a/src/libimcv/imv/imv_session.c +++ b/src/libimcv/imv/imv_session.c @@ -219,7 +219,7 @@ METHOD(imv_session_t, create_workitem_enumerator, enumerator_t*, { if (!this->policy_started) { - return NULL; + return enumerator_create_empty(); } return this->workitems->create_enumerator(this->workitems); } diff --git a/src/libimcv/imv/tables-mysql.sql b/src/libimcv/imv/tables-mysql.sql new file mode 100644 index 000000000..47ee41c86 --- /dev/null +++ b/src/libimcv/imv/tables-mysql.sql @@ -0,0 +1,200 @@ + +DROP TABLE IF EXISTS `directories`; +CREATE TABLE `directories` ( + `id` INTEGER NOT NULL PRIMARY KEY AUTO_INCREMENT, + `path` VARCHAR(2048) NOT NULL +); + +DROP TABLE IF EXISTS `files`; +CREATE TABLE `files` ( + `id` INTEGER NOT NULL PRIMARY KEY AUTO_INCREMENT, + `dir` INTEGER DEFAULT 0 REFERENCES `directories`(`id`), + `name` VARCHAR(512) NOT NULL +); + +DROP TABLE IF EXISTS `products`; +CREATE TABLE `products` ( + `id` INTEGER NOT NULL PRIMARY KEY AUTO_INCREMENT, + `name` VARCHAR(128) NOT NULL +); + +DROP TABLE IF EXISTS `algorithms`; +CREATE TABLE `algorithms` ( + `id` INTEGER PRIMARY KEY, + `name` VARCHAR(20) NOT NULL +); + +DROP TABLE IF EXISTS `file_hashes`; +CREATE TABLE `file_hashes` ( + `id` INTEGER NOT NULL PRIMARY KEY AUTO_INCREMENT, + `file` INTEGER NOT NULL REFERENCES `files`(`id`), + `product` INTEGER NOT NULL REFERENCES `products`(`id`), + `device` INTEGER DEFAULT 0, + `key` INTEGER DEFAULT 0 REFERENCES `keys`(id), + `algo` INTEGER NOT NULL REFERENCES `algorithms`(`id`), + `hash` VARBINARY(64) NOT NULL +); + +DROP TABLE IF EXISTS `keys`; +CREATE TABLE `keys` ( + `id` INTEGER NOT NULL PRIMARY KEY AUTO_INCREMENT, + `keyid` VARBINARY(128) NOT NULL, + `owner` VARCHAR(128) NOT NULL +); + +DROP TABLE IF EXISTS `groups`; +CREATE TABLE `groups` ( + `id` INTEGER NOT NULL PRIMARY KEY AUTO_INCREMENT, + `name` VARCHAR(50) NOT NULL UNIQUE, + `parent` INTEGER +); + +DROP TABLE IF EXISTS `groups_members`; +CREATE TABLE `groups_members` ( + `id` INTEGER NOT NULL PRIMARY KEY AUTO_INCREMENT, + `group_id` INTEGER NOT NULL REFERENCES `groups`(`id`), + `device_id` INTEGER NOT NULL REFERENCES `devices`(`id`), + UNIQUE (`group_id`, `device_id`) +); + +DROP TABLE IF EXISTS `groups_product_defaults`; +CREATE TABLE `groups_product_defaults` ( + `id` INTEGER NOT NULL PRIMARY KEY AUTO_INCREMENT, + `group_id` INTEGER NOT NULL REFERENCES `groups`(`id`), + `product_id` INTEGER NOT NULL REFERENCES `products`(`id`), + UNIQUE (`group_id`, `product_id`) +); + +DROP TABLE IF EXISTS `policies`; +CREATE TABLE `policies` ( + `id` INTEGER NOT NULL PRIMARY KEY AUTO_INCREMENT, + `type` INTEGER NOT NULL, + `name` VARCHAR(100) NOT NULL UNIQUE, + `argument` VARCHAR(100) DEFAULT '' NOT NULL, + `rec_fail` INTEGER NOT NULL, + `rec_noresult` INTEGER NOT NULL, + `file` INTEGER DEFAULT 0 REFERENCES `files`(`id`), + `dir` INTEGER DEFAULT 0 REFERENCES `directories`(`id`) +); + +DROP TABLE IF EXISTS `enforcements`; +CREATE TABLE `enforcements` ( + `id` INTEGER NOT NULL PRIMARY KEY AUTO_INCREMENT, + `policy` INTEGER NOT NULL REFERENCES `policies`(`id`), + `group_id` INTEGER NOT NULL REFERENCES `groups`(`id`), + `rec_fail` INTEGER, + `rec_noresult` INTEGER, + `max_age` INTEGER NOT NULL, + UNIQUE (`policy`, `group_id`) +); + +DROP TABLE IF EXISTS `sessions`; +CREATE TABLE `sessions` ( + `id` INTEGER NOT NULL PRIMARY KEY AUTO_INCREMENT, + `time` INTEGER NOT NULL, + `connection` INTEGER NOT NULL, + `identity` INTEGER DEFAULT 0 REFERENCES `identities`(`id`), + `device` INTEGER DEFAULT 0 REFERENCES `devices`(`id`), + `product` INTEGER DEFAULT 0 REFERENCES `products`(`id`), + `rec` INTEGER DEFAULT 3 +); + +DROP TABLE IF EXISTS `workitems`; +CREATE TABLE `workitems` ( + `id` INTEGER NOT NULL PRIMARY KEY AUTO_INCREMENT, + `session` INTEGER NOT NULL REFERENCES `sessions`(`id`), + `enforcement` INTEGER NOT NULL REFERENCES `enforcements`(`id`), + `type` INTEGER NOT NULL, + `arg_str` VARCHAR(128), + `arg_int` INTEGER DEFAULT 0, + `rec_fail` INTEGER NOT NULL, + `rec_noresult` INTEGER NOT NULL, + `rec_final` INTEGER, + `result` VARCHAR(128) +); + +DROP TABLE IF EXISTS `results`; +CREATE TABLE `results` ( + `id` INTEGER NOT NULL PRIMARY KEY AUTO_INCREMENT, + `session` INTEGER NOT NULL REFERENCES `measurements`(`id`), + `policy` INTEGER NOT NULL REFERENCES `policies`(`id`), + `rec` INTEGER NOT NULL, + `result` TEXT NOT NULL +); + +DROP TABLE IF EXISTS `components`; +CREATE TABLE `components` ( + `id` INTEGER NOT NULL PRIMARY KEY AUTO_INCREMENT, + `vendor_id` INTEGER NOT NULL, + `name` INTEGER NOT NULL, + `qualifier` INTEGER DEFAULT 0 +); + +DROP TABLE IF EXISTS `key_component`; +CREATE TABLE `key_component` ( + `key` INTEGER NOT NULL, + `component` INTEGER NOT NULL, + `depth` INTEGER DEFAULT 0, + `seq_no` INTEGER DEFAULT 0, + PRIMARY KEY (`key`, `component`) +); + +DROP TABLE IF EXISTS `component_hashes`; +CREATE TABLE `component_hashes` ( + `component` INTEGER NOT NULL, + `key` INTEGER NOT NULL, + `seq_no` INTEGER NOT NULL, + `pcr` INTEGER NOT NULL, + `algo` INTEGER NOT NULL, + `hash` VARBINARY(32) NOT NULL, + PRIMARY KEY(`component`, `key`, `seq_no`, `algo`) +); + +DROP TABLE IF EXISTS `packages`; +CREATE TABLE `packages` ( + `id` INTEGER NOT NULL PRIMARY KEY AUTO_INCREMENT, + `name` VARCHAR(128) NOT NULL, + `blacklist` INTEGER DEFAULT 0 +); + +DROP TABLE IF EXISTS versions; +CREATE TABLE versions ( + `id` INTEGER NOT NULL PRIMARY KEY AUTO_INCREMENT, + `package` INTEGER NOT NULL REFERENCES packages(id), + `product` INTEGER NOT NULL REFERENCES products(id), + `release` VARCHAR(32) NOT NULL, + `security` INTEGER DEFAULT 0, + `blacklist` INTEGER DEFAULT 0, + `time` INTEGER DEFAULT 0 +); + +DROP TABLE IF EXISTS `devices`; +CREATE TABLE `devices` ( + `id` INTEGER NOT NULL PRIMARY KEY AUTO_INCREMENT, + `description` VARCHAR(100) DEFAULT "", + `value` VARCHAR(256) NOT NULL, + `product` INTEGER REFERENCES `products`(`id`), + `created` INTEGER +); + +DROP TABLE IF EXISTS `identities`; +CREATE TABLE `identities` ( + `id` INTEGER NOT NULL PRIMARY KEY AUTO_INCREMENT, + `type` INTEGER NOT NULL, + `value` VARBINARY(128) NOT NULL, + UNIQUE (type, value) +); + +DROP TABLE IF EXISTS `regids`; +CREATE TABLE `regids` ( + `id` INTEGER NOT NULL PRIMARY KEY AUTO_INCREMENT, + `name` TEXT NOT NULL +); + +DROP TABLE IF EXISTS `tags`; +CREATE TABLE `tags` ( + `id` INTEGER NOT NULL PRIMARY KEY AUTO_INCREMENT, + `regid` INTEGER NOT NULL REFERENCES `regids`(`id`), + `unique_sw_id` VARCHAR(64) NOT NULL, + `value` VARCHAR(128) +); diff --git a/src/libimcv/os_info/os_info.c b/src/libimcv/os_info/os_info.c index 67b09cd2f..258b8b442 100644 --- a/src/libimcv/os_info/os_info.c +++ b/src/libimcv/os_info/os_info.c @@ -15,7 +15,7 @@ #include "os_info.h" -ENUM(os_type_names, OS_TYPE_UNKNOWN, OS_TYPE_ANDROID, +ENUM(os_type_names, OS_TYPE_UNKNOWN, OS_TYPE_WINDOWS, "Unknown", "Debian", "Ubuntu", @@ -24,7 +24,8 @@ ENUM(os_type_names, OS_TYPE_UNKNOWN, OS_TYPE_ANDROID, "CentOS", "SUSE", "Gentoo", - "Android" + "Android", + "Windows", ); ENUM(os_fwd_status_names, OS_FWD_DISABLED, OS_FWD_UNKNOWN, diff --git a/src/libimcv/os_info/os_info.h b/src/libimcv/os_info/os_info.h index e77d888a7..031355458 100644 --- a/src/libimcv/os_info/os_info.h +++ b/src/libimcv/os_info/os_info.h @@ -40,6 +40,7 @@ enum os_type_t { OS_TYPE_SUSE, OS_TYPE_GENTOO, OS_TYPE_ANDROID, + OS_TYPE_WINDOWS, OS_TYPE_ROOF }; diff --git a/src/libimcv/plugins/imc_os/Makefile.am b/src/libimcv/plugins/imc_os/Makefile.am index fec38cd4e..e6dd10be5 100644 --- a/src/libimcv/plugins/imc_os/Makefile.am +++ b/src/libimcv/plugins/imc_os/Makefile.am @@ -4,7 +4,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libimcv AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) imcv_LTLIBRARIES = imc-os.la diff --git a/src/libimcv/plugins/imc_os/imc_os.c b/src/libimcv/plugins/imc_os/imc_os.c index ed2cfdd59..c624d26b1 100644 --- a/src/libimcv/plugins/imc_os/imc_os.c +++ b/src/libimcv/plugins/imc_os/imc_os.c @@ -52,10 +52,10 @@ static imc_os_info_t *os; /** * see section 3.8.1 of TCG TNC IF-IMC Specification 1.3 */ -TNC_Result TNC_IMC_Initialize(TNC_IMCID imc_id, - TNC_Version min_version, - TNC_Version max_version, - TNC_Version *actual_version) +TNC_Result TNC_IMC_API TNC_IMC_Initialize(TNC_IMCID imc_id, + TNC_Version min_version, + TNC_Version max_version, + TNC_Version *actual_version) { if (imc_os) { @@ -89,9 +89,8 @@ TNC_Result TNC_IMC_Initialize(TNC_IMCID imc_id, /** * see section 3.8.2 of TCG TNC IF-IMC Specification 1.3 */ -TNC_Result TNC_IMC_NotifyConnectionChange(TNC_IMCID imc_id, - TNC_ConnectionID connection_id, - TNC_ConnectionState new_state) +TNC_Result TNC_IMC_API TNC_IMC_NotifyConnectionChange(TNC_IMCID imc_id, + TNC_ConnectionID connection_id, TNC_ConnectionState new_state) { imc_state_t *state; @@ -446,8 +445,8 @@ static void add_settings(enumerator_t *enumerator, imc_msg_t *msg) /** * see section 3.8.3 of TCG TNC IF-IMC Specification 1.3 */ -TNC_Result TNC_IMC_BeginHandshake(TNC_IMCID imc_id, - TNC_ConnectionID connection_id) +TNC_Result TNC_IMC_API TNC_IMC_BeginHandshake(TNC_IMCID imc_id, + TNC_ConnectionID connection_id) { imc_state_t *state; imc_msg_t *out_msg; @@ -594,11 +593,11 @@ static TNC_Result receive_message(imc_state_t *state, imc_msg_t *in_msg) * see section 3.8.4 of TCG TNC IF-IMC Specification 1.3 */ -TNC_Result TNC_IMC_ReceiveMessage(TNC_IMCID imc_id, - TNC_ConnectionID connection_id, - TNC_BufferReference msg, - TNC_UInt32 msg_len, - TNC_MessageType msg_type) +TNC_Result TNC_IMC_API TNC_IMC_ReceiveMessage(TNC_IMCID imc_id, + TNC_ConnectionID connection_id, + TNC_BufferReference msg, + TNC_UInt32 msg_len, + TNC_MessageType msg_type) { imc_state_t *state; imc_msg_t *in_msg; @@ -624,15 +623,15 @@ TNC_Result TNC_IMC_ReceiveMessage(TNC_IMCID imc_id, /** * see section 3.8.6 of TCG TNC IF-IMV Specification 1.3 */ -TNC_Result TNC_IMC_ReceiveMessageLong(TNC_IMCID imc_id, - TNC_ConnectionID connection_id, - TNC_UInt32 msg_flags, - TNC_BufferReference msg, - TNC_UInt32 msg_len, - TNC_VendorID msg_vid, - TNC_MessageSubtype msg_subtype, - TNC_UInt32 src_imv_id, - TNC_UInt32 dst_imc_id) +TNC_Result TNC_IMC_API TNC_IMC_ReceiveMessageLong(TNC_IMCID imc_id, + TNC_ConnectionID connection_id, + TNC_UInt32 msg_flags, + TNC_BufferReference msg, + TNC_UInt32 msg_len, + TNC_VendorID msg_vid, + TNC_MessageSubtype msg_subtype, + TNC_UInt32 src_imv_id, + TNC_UInt32 dst_imc_id) { imc_state_t *state; imc_msg_t *in_msg; @@ -659,8 +658,8 @@ TNC_Result TNC_IMC_ReceiveMessageLong(TNC_IMCID imc_id, /** * see section 3.8.7 of TCG TNC IF-IMC Specification 1.3 */ -TNC_Result TNC_IMC_BatchEnding(TNC_IMCID imc_id, - TNC_ConnectionID connection_id) +TNC_Result TNC_IMC_API TNC_IMC_BatchEnding(TNC_IMCID imc_id, + TNC_ConnectionID connection_id) { if (!imc_os) { @@ -673,7 +672,7 @@ TNC_Result TNC_IMC_BatchEnding(TNC_IMCID imc_id, /** * see section 3.8.8 of TCG TNC IF-IMC Specification 1.3 */ -TNC_Result TNC_IMC_Terminate(TNC_IMCID imc_id) +TNC_Result TNC_IMC_API TNC_IMC_Terminate(TNC_IMCID imc_id) { if (!imc_os) { @@ -692,8 +691,8 @@ TNC_Result TNC_IMC_Terminate(TNC_IMCID imc_id) /** * see section 4.2.8.1 of TCG TNC IF-IMC Specification 1.3 */ -TNC_Result TNC_IMC_ProvideBindFunction(TNC_IMCID imc_id, - TNC_TNCC_BindFunctionPointer bind_function) +TNC_Result TNC_IMC_API TNC_IMC_ProvideBindFunction(TNC_IMCID imc_id, + TNC_TNCC_BindFunctionPointer bind_function) { if (!imc_os) { diff --git a/src/libimcv/plugins/imc_scanner/Makefile.am b/src/libimcv/plugins/imc_scanner/Makefile.am index 7bf9075ed..44d3ad749 100644 --- a/src/libimcv/plugins/imc_scanner/Makefile.am +++ b/src/libimcv/plugins/imc_scanner/Makefile.am @@ -4,7 +4,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libimcv AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) imcv_LTLIBRARIES = imc-scanner.la diff --git a/src/libimcv/plugins/imc_test/Makefile.am b/src/libimcv/plugins/imc_test/Makefile.am index 5a04f1fbe..4bdc23487 100644 --- a/src/libimcv/plugins/imc_test/Makefile.am +++ b/src/libimcv/plugins/imc_test/Makefile.am @@ -4,7 +4,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libimcv AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) imcv_LTLIBRARIES = imc-test.la diff --git a/src/libimcv/plugins/imv_os/Makefile.am b/src/libimcv/plugins/imv_os/Makefile.am index 434e26f69..3b3f793f1 100644 --- a/src/libimcv/plugins/imv_os/Makefile.am +++ b/src/libimcv/plugins/imv_os/Makefile.am @@ -4,7 +4,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libimcv AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) imcv_LTLIBRARIES = imv-os.la @@ -18,9 +18,11 @@ imv_os_la_SOURCES = \ imv_os_la_LDFLAGS = -module -avoid-version -no-undefined +if !USE_WINDOWS ipsec_PROGRAMS = pacman pacman_SOURCES = pacman.c pacman_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la pacman.o : $(top_builddir)/config.status EXTRA_DIST = pacman.sh +endif diff --git a/src/libimcv/plugins/imv_scanner/Makefile.am b/src/libimcv/plugins/imv_scanner/Makefile.am index 2bb0d675e..98814437e 100644 --- a/src/libimcv/plugins/imv_scanner/Makefile.am +++ b/src/libimcv/plugins/imv_scanner/Makefile.am @@ -4,7 +4,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libimcv AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) imcv_LTLIBRARIES = imv-scanner.la diff --git a/src/libimcv/plugins/imv_test/Makefile.am b/src/libimcv/plugins/imv_test/Makefile.am index 5ed916163..4fe715fa8 100644 --- a/src/libimcv/plugins/imv_test/Makefile.am +++ b/src/libimcv/plugins/imv_test/Makefile.am @@ -4,7 +4,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libimcv AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) imcv_LTLIBRARIES = imv-test.la diff --git a/src/libipsec/esp_packet.c b/src/libipsec/esp_packet.c index ebe13ce77..822302280 100644 --- a/src/libipsec/esp_packet.c +++ b/src/libipsec/esp_packet.c @@ -115,7 +115,7 @@ METHOD(packet_t, skip_bytes, void, return this->packet->skip_bytes(this->packet, bytes); } -METHOD(packet_t, clone, packet_t*, +METHOD(packet_t, clone_, packet_t*, private_esp_packet_t *this) { private_esp_packet_t *pkt; @@ -414,7 +414,7 @@ static private_esp_packet_t *esp_packet_create_internal(packet_t *packet) .get_dscp = _get_dscp, .set_dscp = _set_dscp, .skip_bytes = _skip_bytes, - .clone = _clone, + .clone = _clone_, .destroy = _destroy, }, .get_source = _get_source, diff --git a/src/libipsec/ip_packet.c b/src/libipsec/ip_packet.c index ede9d100a..181cb88db 100644 --- a/src/libipsec/ip_packet.c +++ b/src/libipsec/ip_packet.c @@ -95,7 +95,7 @@ METHOD(ip_packet_t, get_next_header, u_int8_t, return this->next_header; } -METHOD(ip_packet_t, clone, ip_packet_t*, +METHOD(ip_packet_t, clone_, ip_packet_t*, private_ip_packet_t *this) { return ip_packet_create(chunk_clone(this->packet)); @@ -183,7 +183,7 @@ ip_packet_t *ip_packet_create(chunk_t packet) .get_destination = _get_destination, .get_next_header = _get_next_header, .get_encoding = _get_encoding, - .clone = _clone, + .clone = _clone_, .destroy = _destroy, }, .src = src, diff --git a/src/libpts/Makefile.am b/src/libpts/Makefile.am index 6bd3a58fc..4d5bdf409 100644 --- a/src/libpts/Makefile.am +++ b/src/libpts/Makefile.am @@ -13,6 +13,10 @@ libpts_la_LIBADD = \ $(top_builddir)/src/libtncif/libtncif.la \ $(top_builddir)/src/libimcv/libimcv.la +if USE_WINDOWS + libpts_la_LIBADD += -lws2_32 +endif + if USE_TROUSERS libpts_la_LIBADD += -ltspi endif diff --git a/src/libpts/plugins/imc_attestation/Makefile.am b/src/libpts/plugins/imc_attestation/Makefile.am index 3f1b52a88..88d9ddd8b 100644 --- a/src/libpts/plugins/imc_attestation/Makefile.am +++ b/src/libpts/plugins/imc_attestation/Makefile.am @@ -5,7 +5,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libpts AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) imcv_LTLIBRARIES = imc-attestation.la diff --git a/src/libpts/plugins/imc_attestation/imc_attestation.c b/src/libpts/plugins/imc_attestation/imc_attestation.c index c71b21666..74bbc468f 100644 --- a/src/libpts/plugins/imc_attestation/imc_attestation.c +++ b/src/libpts/plugins/imc_attestation/imc_attestation.c @@ -61,10 +61,10 @@ static pts_dh_group_t supported_dh_groups = PTS_DH_GROUP_NONE; /** * see section 3.8.1 of TCG TNC IF-IMC Specification 1.3 */ -TNC_Result TNC_IMC_Initialize(TNC_IMCID imc_id, - TNC_Version min_version, - TNC_Version max_version, - TNC_Version *actual_version) +TNC_Result TNC_IMC_API TNC_IMC_Initialize(TNC_IMCID imc_id, + TNC_Version min_version, + TNC_Version max_version, + TNC_Version *actual_version) { bool mandatory_dh_groups; @@ -103,9 +103,9 @@ TNC_Result TNC_IMC_Initialize(TNC_IMCID imc_id, /** * see section 3.8.2 of TCG TNC IF-IMC Specification 1.3 */ -TNC_Result TNC_IMC_NotifyConnectionChange(TNC_IMCID imc_id, - TNC_ConnectionID connection_id, - TNC_ConnectionState new_state) +TNC_Result TNC_IMC_API TNC_IMC_NotifyConnectionChange(TNC_IMCID imc_id, + TNC_ConnectionID connection_id, + TNC_ConnectionState new_state) { imc_state_t *state; @@ -142,8 +142,8 @@ TNC_Result TNC_IMC_NotifyConnectionChange(TNC_IMCID imc_id, /** * see section 3.8.3 of TCG TNC IF-IMC Specification 1.3 */ -TNC_Result TNC_IMC_BeginHandshake(TNC_IMCID imc_id, - TNC_ConnectionID connection_id) +TNC_Result TNC_IMC_API TNC_IMC_BeginHandshake(TNC_IMCID imc_id, + TNC_ConnectionID connection_id) { if (!imc_attestation) { @@ -228,11 +228,11 @@ static TNC_Result receive_message(imc_state_t *state, imc_msg_t *in_msg) /** * see section 3.8.4 of TCG TNC IF-IMC Specification 1.3 */ -TNC_Result TNC_IMC_ReceiveMessage(TNC_IMCID imc_id, - TNC_ConnectionID connection_id, - TNC_BufferReference msg, - TNC_UInt32 msg_len, - TNC_MessageType msg_type) +TNC_Result TNC_IMC_API TNC_IMC_ReceiveMessage(TNC_IMCID imc_id, + TNC_ConnectionID connection_id, + TNC_BufferReference msg, + TNC_UInt32 msg_len, + TNC_MessageType msg_type) { imc_state_t *state; imc_msg_t *in_msg; @@ -259,15 +259,15 @@ TNC_Result TNC_IMC_ReceiveMessage(TNC_IMCID imc_id, /** * see section 3.8.6 of TCG TNC IF-IMV Specification 1.3 */ -TNC_Result TNC_IMC_ReceiveMessageLong(TNC_IMCID imc_id, - TNC_ConnectionID connection_id, - TNC_UInt32 msg_flags, - TNC_BufferReference msg, - TNC_UInt32 msg_len, - TNC_VendorID msg_vid, - TNC_MessageSubtype msg_subtype, - TNC_UInt32 src_imv_id, - TNC_UInt32 dst_imc_id) +TNC_Result TNC_IMC_API TNC_IMC_ReceiveMessageLong(TNC_IMCID imc_id, + TNC_ConnectionID connection_id, + TNC_UInt32 msg_flags, + TNC_BufferReference msg, + TNC_UInt32 msg_len, + TNC_VendorID msg_vid, + TNC_MessageSubtype msg_subtype, + TNC_UInt32 src_imv_id, + TNC_UInt32 dst_imc_id) { imc_state_t *state; imc_msg_t *in_msg; @@ -294,8 +294,8 @@ TNC_Result TNC_IMC_ReceiveMessageLong(TNC_IMCID imc_id, /** * see section 3.8.7 of TCG TNC IF-IMC Specification 1.3 */ -TNC_Result TNC_IMC_BatchEnding(TNC_IMCID imc_id, - TNC_ConnectionID connection_id) +TNC_Result TNC_IMC_API TNC_IMC_BatchEnding(TNC_IMCID imc_id, + TNC_ConnectionID connection_id) { if (!imc_attestation) { @@ -308,7 +308,7 @@ TNC_Result TNC_IMC_BatchEnding(TNC_IMCID imc_id, /** * see section 3.8.8 of TCG TNC IF-IMC Specification 1.3 */ -TNC_Result TNC_IMC_Terminate(TNC_IMCID imc_id) +TNC_Result TNC_IMC_API TNC_IMC_Terminate(TNC_IMCID imc_id) { if (!imc_attestation) { @@ -327,7 +327,7 @@ TNC_Result TNC_IMC_Terminate(TNC_IMCID imc_id) /** * see section 4.2.8.1 of TCG TNC IF-IMC Specification 1.3 */ -TNC_Result TNC_IMC_ProvideBindFunction(TNC_IMCID imc_id, +TNC_Result TNC_IMC_API TNC_IMC_ProvideBindFunction(TNC_IMCID imc_id, TNC_TNCC_BindFunctionPointer bind_function) { if (!imc_attestation) diff --git a/src/libpts/plugins/imc_swid/Makefile.am b/src/libpts/plugins/imc_swid/Makefile.am index d73c6d168..ddf596465 100644 --- a/src/libpts/plugins/imc_swid/Makefile.am +++ b/src/libpts/plugins/imc_swid/Makefile.am @@ -25,7 +25,7 @@ AM_CPPFLAGS = \ -DSWID_DIRECTORY=\"${prefix}/share\" AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) imcv_LTLIBRARIES = imc-swid.la diff --git a/src/libpts/plugins/imv_attestation/Makefile.am b/src/libpts/plugins/imv_attestation/Makefile.am index 8d18f1404..8dc74fd54 100644 --- a/src/libpts/plugins/imv_attestation/Makefile.am +++ b/src/libpts/plugins/imv_attestation/Makefile.am @@ -6,7 +6,7 @@ AM_CPPFLAGS = \ -DPLUGINS=\""${attest_plugins}\"" AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) imcv_LTLIBRARIES = imv-attestation.la diff --git a/src/libpts/plugins/imv_attestation/attest.c b/src/libpts/plugins/imv_attestation/attest.c index 904f5761a..63c0023a7 100644 --- a/src/libpts/plugins/imv_attestation/attest.c +++ b/src/libpts/plugins/imv_attestation/attest.c @@ -19,8 +19,10 @@ #include <stdio.h> #include <string.h> #include <errno.h> -#include <syslog.h> #include <libgen.h> +#ifdef HAVE_SYSLOG +# include <syslog.h> +#endif #include <library.h> #include <utils/debug.h> @@ -43,9 +45,6 @@ static bool stderr_quiet = TRUE; */ static void attest_dbg(debug_t group, level_t level, char *fmt, ...) { - int priority = LOG_INFO; - char buffer[8192]; - char *current = buffer, *next; va_list args; if (level <= debug_level) @@ -58,22 +57,30 @@ static void attest_dbg(debug_t group, level_t level, char *fmt, ...) va_end(args); } - /* write in memory buffer first */ - va_start(args, fmt); - vsnprintf(buffer, sizeof(buffer), fmt, args); - va_end(args); - - /* do a syslog with every line */ - while (current) +#ifdef HAVE_SYSLOG { - next = strchr(current, '\n'); - if (next) + int priority = LOG_INFO; + char buffer[8192]; + char *current = buffer, *next; + + /* write in memory buffer first */ + va_start(args, fmt); + vsnprintf(buffer, sizeof(buffer), fmt, args); + va_end(args); + + /* do a syslog with every line */ + while (current) { - *(next++) = '\0'; + next = strchr(current, '\n'); + if (next) + { + *(next++) = '\0'; + } + syslog(priority, "%s\n", current); + current = next; } - syslog(priority, "%s\n", current); - current = next; } +#endif /* HAVE_SYSLOG */ } } @@ -91,7 +98,9 @@ static void cleanup(void) attest->destroy(attest); libpts_deinit(); libimcv_deinit(); +#ifdef HAVE_SYSLOG closelog(); +#endif } static void do_args(int argc, char *argv[]) @@ -440,7 +449,9 @@ int main(int argc, char *argv[]) /* enable attest debugging hook */ dbg = attest_dbg; +#ifdef HAVE_SYSLOG openlog("attest", 0, LOG_DEBUG); +#endif atexit(library_deinit); @@ -474,4 +485,3 @@ int main(int argc, char *argv[]) exit(EXIT_SUCCESS); } - diff --git a/src/libpts/plugins/imv_attestation/attest_db.c b/src/libpts/plugins/imv_attestation/attest_db.c index 0925300a0..d7f45ad29 100644 --- a/src/libpts/plugins/imv_attestation/attest_db.c +++ b/src/libpts/plugins/imv_attestation/attest_db.c @@ -198,6 +198,21 @@ char* print_cfn(pts_comp_func_name_t *cfn) return buf; } +/** + * Get the directory separator to append to a path + */ +static const char* get_separator(const char *path) +{ + if (streq(path, DIRECTORY_SEPARATOR)) + { /* root directory on Unix file system, no separator */ + return ""; + } + else + { /* non-root or Windows path, use system specific separator */ + return DIRECTORY_SEPARATOR; + } +} + METHOD(attest_db_t, set_component, bool, private_attest_db_t *this, char *comp, bool create) { @@ -314,9 +329,9 @@ METHOD(attest_db_t, set_directory, bool, return FALSE; } - /* remove trailing '/' character if not root directory */ + /* remove trailing '/' or '\' character if not root directory */ len = strlen(dir); - if (len > 1 && dir[len-1] == '/') + if (len > 1 && dir[len-1] == DIRECTORY_SEPARATOR[0]) { dir[len-1] = '\0'; } @@ -390,7 +405,6 @@ METHOD(attest_db_t, set_file, bool, private_attest_db_t *this, char *file, bool create) { int fid; - char *sep; enumerator_t *e; if (this->file) @@ -404,7 +418,6 @@ METHOD(attest_db_t, set_file, bool, { return TRUE; } - sep = streq(this->dir, "/") ? "" : "/"; e = this->db->query(this->db, "SELECT id FROM files " "WHERE dir = ? AND name = ?", DB_INT, this->did, DB_TEXT, file, DB_INT); @@ -423,7 +436,8 @@ METHOD(attest_db_t, set_file, bool, if (!create) { - printf("file '%s%s%s' not found in database\n", this->dir, sep, file); + printf("file '%s%s%s' not found in database\n", + this->dir, get_separator(this->dir), file); return FALSE; } @@ -434,8 +448,8 @@ METHOD(attest_db_t, set_file, bool, { this->fid = fid; } - printf("file '%s%s%s' %sinserted into database\n", this->dir, sep, file, - this->fid ? "" : "could not be "); + printf("file '%s%s%s' %sinserted into database\n", this->dir, + get_separator(this->dir), file, this->fid ? "" : "could not be "); return this->fid > 0; } @@ -1318,7 +1332,7 @@ METHOD(attest_db_t, list_hashes, void, printf("%d %N value%s found for file '%s%s%s'\n", count, pts_meas_algorithm_names, this->algo, (count == 1) ? "" : "s", this->dir, - streq(this->dir, "/") ? "" : "/", this->file); + get_separator(this->dir), this->file); } } else if (this->file) @@ -1655,7 +1669,8 @@ static bool insert_file_hash(private_attest_db_t *this, */ static bool add_hash(private_attest_db_t *this) { - char *pathname, *filename, *sep, *label; + char *pathname, *filename, *label; + const char *sep; pts_file_meas_t *measurements; chunk_t measurement; hasher_t *hasher = NULL; @@ -1666,7 +1681,7 @@ static bool add_hash(private_attest_db_t *this) { this->meas_dir = strdup(this->dir); } - sep = streq(this->meas_dir, "/") ? "" : "/"; + sep = get_separator(this->meas_dir); if (this->fid) { @@ -1803,8 +1818,8 @@ METHOD(attest_db_t, delete, bool, DB_UINT, this->algo, DB_UINT, this->pid, DB_UINT, this->fid) > 0; - printf("%4d: %s%s%s\n", this->fid, this->dir, - streq(this->dir, "/") ? "" : "/", this->file); + printf("%4d: %s%s%s\n", this->fid, this->dir, get_separator(this->dir), + this->file); printf("%N value for product '%s' %sdeleted from database\n", pts_meas_algorithm_names, this->algo, this->product, success ? "" : "could not be "); @@ -1846,7 +1861,7 @@ METHOD(attest_db_t, delete, bool, DB_UINT, this->fid) > 0; printf("file '%s%s%s' %sdeleted from database\n", this->dir, - streq(this->dir, "/") ? "" : "/", this->file, + get_separator(this->dir), this->file, success ? "" : "could not be "); return success; } diff --git a/src/libpts/plugins/imv_swid/Makefile.am b/src/libpts/plugins/imv_swid/Makefile.am index fc4350f85..77f33e6c6 100644 --- a/src/libpts/plugins/imv_swid/Makefile.am +++ b/src/libpts/plugins/imv_swid/Makefile.am @@ -5,7 +5,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libpts AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) imcv_LTLIBRARIES = imv-swid.la diff --git a/src/libpts/pts/pts.c b/src/libpts/pts/pts.c index d43dce9ed..2fff4c901 100644 --- a/src/libpts/pts/pts.c +++ b/src/libpts/pts/pts.c @@ -22,6 +22,10 @@ #include <bio/bio_reader.h> #ifdef TSS_TROUSERS +#ifdef _BASETSD_H_ +/* MinGW defines _BASETSD_H_, but TSS checks for _BASETSD_H */ +# define _BASETSD_H +#endif #include <trousers/tss.h> #include <trousers/trousers.h> #else @@ -35,7 +39,6 @@ #include <sys/types.h> #include <sys/stat.h> -#include <sys/utsname.h> #include <libgen.h> #include <unistd.h> #include <errno.h> @@ -302,29 +305,23 @@ METHOD(pts_t, calculate_secret, bool, */ static void print_tpm_version_info(private_pts_t *this) { - TPM_CAP_VERSION_INFO versionInfo; - UINT64 offset = 0; - TSS_RESULT result; + TPM_CAP_VERSION_INFO *info; - result = Trspi_UnloadBlob_CAP_VERSION_INFO(&offset, - this->tpm_version_info.ptr, &versionInfo); - if (result != TSS_SUCCESS) + info = (TPM_CAP_VERSION_INFO*)this->tpm_version_info.ptr; + + if (this->tpm_version_info.len >= + sizeof(*info) - sizeof(info->vendorSpecific)) { - DBG1(DBG_PTS, "could not parse tpm version info: tss error 0x%x", - result); + DBG2(DBG_PTS, "TPM Version Info: Chip Version: %u.%u.%u.%u, " + "Spec Level: %u, Errata Rev: %u, Vendor ID: %.4s", + info->version.major, info->version.minor, + info->version.revMajor, info->version.revMinor, + untoh16(&info->specLevel), info->errataRev, info->tpmVendorID); } else { - DBG2(DBG_PTS, "TPM 1.2 Version Info: Chip Version: %hhu.%hhu.%hhu.%hhu," - " Spec Level: %hu, Errata Rev: %hhu, Vendor ID: %.4s [%.*s]", - versionInfo.version.major, versionInfo.version.minor, - versionInfo.version.revMajor, versionInfo.version.revMinor, - versionInfo.specLevel, versionInfo.errataRev, - versionInfo.tpmVendorID, versionInfo.vendorSpecificSize, - versionInfo.vendorSpecificSize ? - (char*)versionInfo.vendorSpecific : ""); + DBG1(DBG_PTS, "could not parse tpm version info"); } - free(versionInfo.vendorSpecific); } #else @@ -372,42 +369,31 @@ METHOD(pts_t, set_tpm_version_info, void, */ static void load_aik_blob(private_pts_t *this) { - char *blob_path; - FILE *fp; - u_int32_t aikBlobLen; + char *path; + chunk_t *map; - blob_path = lib->settings->get_str(lib->settings, + path = lib->settings->get_str(lib->settings, "%s.plugins.imc-attestation.aik_blob", NULL, lib->ns); - - if (blob_path) + if (path) { - /* Read aik key blob from a file */ - if ((fp = fopen(blob_path, "r")) == NULL) + map = chunk_map(path, FALSE); + if (map) { - DBG1(DBG_PTS, "unable to open AIK Blob file: %s", blob_path); - return; - } - - fseek(fp, 0, SEEK_END); - aikBlobLen = ftell(fp); - fseek(fp, 0L, SEEK_SET); - - this->aik_blob = chunk_alloc(aikBlobLen); - if (fread(this->aik_blob.ptr, 1, aikBlobLen, fp) == aikBlobLen) - { - DBG2(DBG_PTS, "loaded AIK Blob from '%s'", blob_path); - DBG3(DBG_PTS, "AIK Blob: %B", &this->aik_blob); + DBG2(DBG_PTS, "loaded AIK Blob from '%s'", path); + DBG3(DBG_PTS, "AIK Blob: %B", map); + this->aik_blob = chunk_clone(*map); + chunk_unmap(map); } else { - DBG1(DBG_PTS, "unable to read AIK Blob file '%s'", blob_path); - chunk_free(&this->aik_blob); + DBG1(DBG_PTS, "unable to map AIK Blob file '%s': %s", + path, strerror(errno)); } - fclose(fp); - return; } - - DBG1(DBG_PTS, "AIK Blob is not available"); + else + { + DBG1(DBG_PTS, "AIK Blob is not available"); + } } /** @@ -537,6 +523,7 @@ static bool file_metadata(char *pathname, pts_file_metadata_t **entry) { this->type = PTS_FILE_FIFO; } +#ifndef WIN32 else if (S_ISLNK(st.st_mode)) { this->type = PTS_FILE_SYM_LINK; @@ -545,6 +532,7 @@ static bool file_metadata(char *pathname, pts_file_metadata_t **entry) { this->type = PTS_FILE_SOCKET; } +#endif /* WIN32 */ else { this->type = PTS_FILE_OTHER; @@ -624,7 +612,8 @@ METHOD(pts_t, read_pcr, bool, TSS_HCONTEXT hContext; TSS_HTPM hTPM; TSS_RESULT result; - chunk_t rgbPcrValue; + BYTE *buf; + UINT32 len; bool success = FALSE; @@ -645,12 +634,12 @@ METHOD(pts_t, read_pcr, bool, { goto err; } - result = Tspi_TPM_PcrRead(hTPM, pcr_num, (UINT32*)&rgbPcrValue.len, &rgbPcrValue.ptr); + result = Tspi_TPM_PcrRead(hTPM, pcr_num, &len, &buf); if (result != TSS_SUCCESS) { goto err; } - *pcr_value = chunk_clone(rgbPcrValue); + *pcr_value = chunk_clone(chunk_create(buf, len)); DBG3(DBG_PTS, "PCR %d value:%B", pcr_num, pcr_value); success = TRUE; diff --git a/src/libpts/pts/pts_database.c b/src/libpts/pts/pts_database.c index e9a0e5faa..f2e2c9c74 100644 --- a/src/libpts/pts/pts_database.c +++ b/src/libpts/pts/pts_database.c @@ -48,7 +48,7 @@ METHOD(pts_database_t, get_pathname, char*, private_pts_database_t *this, bool is_dir, int id) { enumerator_t *e; - char *path, *name, *pathname; + char *path, *name, *sep, *pathname = NULL; if (is_dir) { @@ -70,11 +70,21 @@ METHOD(pts_database_t, get_pathname, char*, "SELECT d.path, f.name FROM files AS f " "JOIN directories AS d ON d.id = f.dir WHERE f.id = ?", DB_INT, id, DB_TEXT, DB_TEXT); - if (!e || !e->enumerate(e, &path, &name) || - asprintf(&pathname, "%s%s%s", - path, streq(path, "/") ? "" : "/", name) == -1) + if (e && e->enumerate(e, &path, &name)) { - pathname = NULL; + if (path[0] == '/') + { /* Unix style absolute path */ + sep = "/"; + } + else + { /* Windows absolute path */ + sep = "\\"; + } + if (asprintf(&pathname, "%s%s%s", + path, streq(path, "/") ? "" : sep, name) == -1) + { + pathname = NULL; + } } } DESTROY_IF(e); @@ -420,4 +430,3 @@ pts_database_t *pts_database_create(imv_database_t *imv_db) return &this->public; } - diff --git a/src/libpttls/Makefile.am b/src/libpttls/Makefile.am index f2bcf44d5..7e67600ca 100644 --- a/src/libpttls/Makefile.am +++ b/src/libpttls/Makefile.am @@ -13,6 +13,10 @@ libpttls_la_LIBADD = \ $(top_builddir)/src/libstrongswan/libstrongswan.la \ $(top_builddir)/src/libtls/libtls.la +if USE_WINDOWS + libpttls_la_LIBADD += -lws2_32 +endif + libpttls_la_SOURCES = pt_tls.c pt_tls.h \ pt_tls_client.c pt_tls_client.h \ pt_tls_server.c pt_tls_server.h \ diff --git a/src/libstrongswan/Android.mk b/src/libstrongswan/Android.mk index 1840ad26e..1310716ed 100644 --- a/src/libstrongswan/Android.mk +++ b/src/libstrongswan/Android.mk @@ -27,8 +27,10 @@ credentials/sets/callback_cred.c credentials/auth_cfg.c database/database.c \ database/database_factory.c fetcher/fetcher.c fetcher/fetcher_manager.c eap/eap.c \ ipsec/ipsec_types.c \ networking/host.c networking/host_resolver.c networking/packet.c \ -networking/tun_device.c networking/streams/stream.c \ -networking/streams/stream_service.c networking/streams/stream_manager.c \ +networking/tun_device.c networking/streams/stream_manager.c \ +networking/streams/stream.c networking/streams/stream_service.c \ +networking/streams/stream_tcp.c networking/streams/stream_service_tcp.c \ +networking/streams/stream_unix.c networking/streams/stream_service_unix.c \ pen/pen.c plugins/plugin_loader.c plugins/plugin_feature.c processing/jobs/job.c \ processing/jobs/callback_job.c processing/processor.c processing/scheduler.c \ processing/watcher.c resolver/resolver_manager.c resolver/rr_set.c \ diff --git a/src/libstrongswan/Makefile.am b/src/libstrongswan/Makefile.am index c4d1a5802..2602a9eba 100644 --- a/src/libstrongswan/Makefile.am +++ b/src/libstrongswan/Makefile.am @@ -25,19 +25,30 @@ credentials/sets/callback_cred.c credentials/auth_cfg.c database/database.c \ database/database_factory.c fetcher/fetcher.c fetcher/fetcher_manager.c eap/eap.c \ ipsec/ipsec_types.c \ networking/host.c networking/host_resolver.c networking/packet.c \ -networking/tun_device.c networking/streams/stream.c \ -networking/streams/stream_service.c networking/streams/stream_manager.c \ +networking/tun_device.c networking/streams/stream_manager.c \ +networking/streams/stream.c networking/streams/stream_service.c \ +networking/streams/stream_tcp.c networking/streams/stream_service_tcp.c \ pen/pen.c plugins/plugin_loader.c plugins/plugin_feature.c processing/jobs/job.c \ processing/jobs/callback_job.c processing/processor.c processing/scheduler.c \ processing/watcher.c resolver/resolver_manager.c resolver/rr_set.c \ selectors/traffic_selector.c settings/settings.c settings/settings_types.c \ settings/settings_parser.y settings/settings_lexer.l \ -threading/thread.c threading/thread_value.c threading/mutex.c \ -threading/semaphore.c threading/rwlock.c threading/spinlock.c \ utils/utils.c utils/chunk.c utils/debug.c utils/enum.c utils/identification.c \ utils/lexparser.c utils/optionsfrom.c utils/capabilities.c utils/backtrace.c \ utils/parser_helper.c utils/test.c utils/utils/strerror.c +if !USE_WINDOWS + libstrongswan_la_SOURCES += \ + threading/thread.c \ + threading/thread_value.c \ + threading/mutex.c \ + threading/rwlock.c \ + threading/spinlock.c \ + threading/semaphore.c \ + networking/streams/stream_unix.c \ + networking/streams/stream_service_unix.c +endif + # private header files noinst_HEADERS = \ settings/settings_types.h @@ -74,26 +85,29 @@ database/database.h database/database_factory.h fetcher/fetcher.h \ fetcher/fetcher_manager.h eap/eap.h pen/pen.h ipsec/ipsec_types.h \ networking/host.h networking/host_resolver.h networking/packet.h \ networking/tun_device.h networking/streams/stream.h \ +networking/streams/stream_unix.h networking/streams/stream_service_unix.h \ +networking/streams/stream_tcp.h networking/streams/stream_service_tcp.h \ networking/streams/stream_service.h networking/streams/stream_manager.h \ resolver/resolver.h resolver/resolver_response.h resolver/rr_set.h \ resolver/rr.h resolver/resolver_manager.h \ plugins/plugin_loader.h plugins/plugin.h plugins/plugin_feature.h \ processing/jobs/job.h processing/jobs/callback_job.h processing/processor.h \ processing/scheduler.h processing/watcher.h selectors/traffic_selector.h \ -settings/settings.h threading/thread.h threading/thread_value.h \ +settings/settings.h threading/thread_value.h \ +threading/thread.h threading/windows/thread.h \ threading/mutex.h threading/condvar.h threading/spinlock.h threading/semaphore.h \ threading/rwlock.h threading/rwlock_condvar.h threading/lock_profiler.h \ utils/utils.h utils/chunk.h utils/debug.h utils/enum.h utils/identification.h \ utils/lexparser.h utils/optionsfrom.h utils/capabilities.h utils/backtrace.h \ utils/leak_detective.h utils/printf_hook/printf_hook.h \ utils/printf_hook/printf_hook_vstr.h utils/printf_hook/printf_hook_builtin.h \ -utils/parser_helper.h utils/test.h utils/integrity_checker.h \ +utils/parser_helper.h utils/test.h utils/integrity_checker.h utils/windows.h \ utils/utils/strerror.h endif library.lo : $(top_builddir)/config.status -libstrongswan_la_LIBADD = $(PTHREADLIB) $(DLLIB) $(BTLIB) $(SOCKLIB) $(RTLIB) $(BFDLIB) $(UNWINDLIB) +libstrongswan_la_LIBADD = $(DLLIB) $(BTLIB) $(SOCKLIB) $(RTLIB) $(BFDLIB) $(UNWINDLIB) AM_CPPFLAGS = \ -I$(top_srcdir)/src/libstrongswan \ @@ -110,6 +124,25 @@ AM_LDFLAGS = \ AM_YFLAGS = -v -d +if USE_WINDOWS + libstrongswan_la_LIBADD += -lws2_32 + libstrongswan_la_SOURCES += \ + threading/windows/thread.c \ + threading/windows/thread_value.c \ + threading/windows/mutex.c \ + threading/windows/rwlock.c \ + threading/windows/spinlock.c \ + threading/windows/semaphore.c \ + utils/windows.c +else + libstrongswan_la_LIBADD += $(PTHREADLIB) +endif + +if USE_DBGHELP + libstrongswan_la_LIBADD += -ldbghelp + AM_CPPFLAGS += -DHAVE_DBGHELP +endif + if USE_LEAK_DETECTIVE AM_CPPFLAGS += -DLEAK_DETECTIVE libstrongswan_la_SOURCES += utils/leak_detective.c diff --git a/src/libstrongswan/asn1/asn1.c b/src/libstrongswan/asn1/asn1.c index 38a6ad688..05be574de 100644 --- a/src/libstrongswan/asn1/asn1.c +++ b/src/libstrongswan/asn1/asn1.c @@ -460,7 +460,7 @@ chunk_t asn1_from_time(const time_t *time, asn1_t type) const char *format; char buf[BUF_LEN]; chunk_t formatted_time; - struct tm t; + struct tm t = {}; gmtime_r(time, &t); /* RFC 5280 says that dates through the year 2049 MUST be encoded as UTCTIME diff --git a/src/libstrongswan/asn1/oid.pl b/src/libstrongswan/asn1/oid.pl index 82100e8aa..c45077a3f 100644 --- a/src/libstrongswan/asn1/oid.pl +++ b/src/libstrongswan/asn1/oid.pl @@ -30,7 +30,7 @@ print OID_H "/* Object identifiers (OIDs) used by strongSwan\n", " * ", $automatic, "\n", " * ", $warning, "\n", " */\n\n", - "#include <sys/types.h>\n\n", + "#include <utils/utils.h>\n\n", "#ifndef OID_H_\n", "#define OID_H_\n\n", "typedef struct {\n", diff --git a/src/libstrongswan/credentials/certificates/crl.h b/src/libstrongswan/credentials/certificates/crl.h index 4191c5935..8a48bd7ff 100644 --- a/src/libstrongswan/credentials/certificates/crl.h +++ b/src/libstrongswan/credentials/certificates/crl.h @@ -28,18 +28,30 @@ typedef enum crl_reason_t crl_reason_t; #include <library.h> #include <credentials/certificates/certificate.h> +/* <wincrypt.h> comes with CRL_REASON clashing with ours. Even if the values + * are identical, we undef them here to use our enum instead of defines. */ +#ifdef WIN32 +# undef CRL_REASON_UNSPECIFIED +# undef CRL_REASON_KEY_COMPROMISE +# undef CRL_REASON_CA_COMPROMISE +# undef CRL_REASON_AFFILIATION_CHANGED +# undef CRL_REASON_SUPERSEDED +# undef CRL_REASON_CERTIFICATE_HOLD +# undef CRL_REASON_REMOVE_FROM_CRL +#endif + /** * RFC 2459 CRL reason codes */ enum crl_reason_t { - CRL_REASON_UNSPECIFIED = 0, - CRL_REASON_KEY_COMPROMISE = 1, - CRL_REASON_CA_COMPROMISE = 2, - CRL_REASON_AFFILIATION_CHANGED = 3, - CRL_REASON_SUPERSEDED = 4, - CRL_REASON_CESSATION_OF_OPERATON = 5, - CRL_REASON_CERTIFICATE_HOLD = 6, - CRL_REASON_REMOVE_FROM_CRL = 8, + CRL_REASON_UNSPECIFIED = 0, + CRL_REASON_KEY_COMPROMISE = 1, + CRL_REASON_CA_COMPROMISE = 2, + CRL_REASON_AFFILIATION_CHANGED = 3, + CRL_REASON_SUPERSEDED = 4, + CRL_REASON_CESSATION_OF_OPERATON = 5, + CRL_REASON_CERTIFICATE_HOLD = 6, + CRL_REASON_REMOVE_FROM_CRL = 8, }; /** diff --git a/src/libstrongswan/credentials/sets/cert_cache.c b/src/libstrongswan/credentials/sets/cert_cache.c index e8f0e7ec0..563f4bdd5 100644 --- a/src/libstrongswan/credentials/sets/cert_cache.c +++ b/src/libstrongswan/credentials/sets/cert_cache.c @@ -16,7 +16,6 @@ #include "cert_cache.h" #include <time.h> -#include <sched.h> #include <library.h> #include <threading/rwlock.h> diff --git a/src/libstrongswan/crypto/crypto_tester.c b/src/libstrongswan/crypto/crypto_tester.c index c6780daf1..d09844bfa 100644 --- a/src/libstrongswan/crypto/crypto_tester.c +++ b/src/libstrongswan/crypto/crypto_tester.c @@ -14,8 +14,10 @@ * for more details. */ -#define _GNU_SOURCE -#include <dlfcn.h> +#ifdef HAVE_DLADDR +# define _GNU_SOURCE +# include <dlfcn.h> +#endif #include <time.h> #include "crypto_tester.h" @@ -102,7 +104,7 @@ static const char* get_name(void *sym) return "unknown"; } -#ifdef CLOCK_THREAD_CPUTIME_ID +#if defined(CLOCK_THREAD_CPUTIME_ID) && defined(HAVE_CLOCK_GETTIME) /** * Start a benchmark timer diff --git a/src/libstrongswan/library.c b/src/libstrongswan/library.c index f152a8c1f..e3ad16411 100644 --- a/src/libstrongswan/library.c +++ b/src/libstrongswan/library.c @@ -141,11 +141,13 @@ void library_deinit() { lib->leak_detective->report(lib->leak_detective, detailed); lib->leak_detective->destroy(lib->leak_detective); + lib->leak_detective = NULL; } + backtrace_deinit(); arrays_deinit(); + utils_deinit(); threads_deinit(); - backtrace_deinit(); free((void*)this->public.ns); free(this); @@ -249,6 +251,8 @@ bool library_init(char *settings, const char *namespace) return !this->integrity_failed; } + chunk_hash_seed(); + INIT(this, .public = { .get = _get, @@ -259,9 +263,10 @@ bool library_init(char *settings, const char *namespace) ); lib = &this->public; - backtrace_init(); threads_init(); + utils_init(); arrays_init(); + backtrace_init(); #ifdef LEAK_DETECTIVE lib->leak_detective = leak_detective_create(); diff --git a/src/libstrongswan/networking/host.h b/src/libstrongswan/networking/host.h index 4fc6cf35c..9c9b5035f 100644 --- a/src/libstrongswan/networking/host.h +++ b/src/libstrongswan/networking/host.h @@ -30,10 +30,8 @@ typedef struct host_t host_t; #include <stdlib.h> #include <stdio.h> #include <sys/types.h> -#include <sys/socket.h> -#include <netinet/in.h> -#include <arpa/inet.h> +#include <utils/utils.h> #include <utils/chunk.h> /** diff --git a/src/libstrongswan/networking/host_resolver.c b/src/libstrongswan/networking/host_resolver.c index 10af11a7f..a7524ac23 100644 --- a/src/libstrongswan/networking/host_resolver.c +++ b/src/libstrongswan/networking/host_resolver.c @@ -14,8 +14,6 @@ */ #include <sys/types.h> -#include <sys/socket.h> -#include <netdb.h> #include "host_resolver.h" diff --git a/src/libstrongswan/networking/streams/stream.c b/src/libstrongswan/networking/streams/stream.c index f6fec0b4a..e49c35a7c 100644 --- a/src/libstrongswan/networking/streams/stream.c +++ b/src/libstrongswan/networking/streams/stream.c @@ -16,7 +16,8 @@ #include <library.h> #include <errno.h> #include <unistd.h> -#include <limits.h> + +#include "stream.h" typedef struct private_stream_t private_stream_t; @@ -65,7 +66,7 @@ METHOD(stream_t, read_, ssize_t, if (block) { - ret = read(this->fd, buf, len); + ret = recv(this->fd, buf, len, 0); } else { @@ -116,7 +117,7 @@ METHOD(stream_t, write_, ssize_t, { if (block) { - ret = write(this->fd, buf, len); + ret = send(this->fd, buf, len, 0); } else { @@ -287,129 +288,3 @@ stream_t *stream_create_from_fd(int fd) return &this->public; } - -/** - * See header - */ -int stream_parse_uri_unix(char *uri, struct sockaddr_un *addr) -{ - if (!strpfx(uri, "unix://")) - { - return -1; - } - uri += strlen("unix://"); - - memset(addr, 0, sizeof(*addr)); - addr->sun_family = AF_UNIX; - strncpy(addr->sun_path, uri, sizeof(addr->sun_path)); - addr->sun_path[sizeof(addr->sun_path)-1] = '\0'; - - return offsetof(struct sockaddr_un, sun_path) + strlen(addr->sun_path); -} - -/** - * See header - */ -stream_t *stream_create_unix(char *uri) -{ - struct sockaddr_un addr; - int len, fd; - - len = stream_parse_uri_unix(uri, &addr); - if (len == -1) - { - DBG1(DBG_NET, "invalid stream URI: '%s'", uri); - return NULL; - } - fd = socket(AF_UNIX, SOCK_STREAM, 0); - if (fd < 0) - { - DBG1(DBG_NET, "opening socket '%s' failed: %s", uri, strerror(errno)); - return NULL; - } - if (connect(fd, (struct sockaddr*)&addr, len) < 0) - { - DBG1(DBG_NET, "connecting to '%s' failed: %s", uri, strerror(errno)); - close(fd); - return NULL; - } - return stream_create_from_fd(fd); -} - -/** - * See header. - */ -int stream_parse_uri_tcp(char *uri, struct sockaddr *addr) -{ - char *pos, buf[128]; - host_t *host; - u_long port; - int len; - - if (!strpfx(uri, "tcp://")) - { - return -1; - } - uri += strlen("tcp://"); - pos = strrchr(uri, ':'); - if (!pos) - { - return -1; - } - if (*uri == '[' && pos > uri && *(pos - 1) == ']') - { - /* IPv6 URI */ - snprintf(buf, sizeof(buf), "%.*s", (int)(pos - uri - 2), uri + 1); - } - else - { - snprintf(buf, sizeof(buf), "%.*s", (int)(pos - uri), uri); - } - port = strtoul(pos + 1, &pos, 10); - if (port == ULONG_MAX || *pos || port > 65535) - { - return -1; - } - host = host_create_from_dns(buf, AF_UNSPEC, port); - if (!host) - { - return -1; - } - len = *host->get_sockaddr_len(host); - memcpy(addr, host->get_sockaddr(host), len); - host->destroy(host); - return len; -} - -/** - * See header - */ -stream_t *stream_create_tcp(char *uri) -{ - union { - struct sockaddr_in in; - struct sockaddr_in6 in6; - struct sockaddr sa; - } addr; - int fd, len; - - len = stream_parse_uri_tcp(uri, &addr.sa); - if (len == -1) - { - DBG1(DBG_NET, "invalid stream URI: '%s'", uri); - return NULL; - } - fd = socket(addr.sa.sa_family, SOCK_STREAM, 0); - if (fd < 0) - { - DBG1(DBG_NET, "opening socket '%s' failed: %s", uri, strerror(errno)); - return NULL; - } - if (connect(fd, &addr.sa, len)) - { - DBG1(DBG_NET, "connecting to '%s' failed: %s", uri, strerror(errno)); - close(fd); - return NULL; - } - return stream_create_from_fd(fd); -} diff --git a/src/libstrongswan/networking/streams/stream.h b/src/libstrongswan/networking/streams/stream.h index 3516d9186..747bf651c 100644 --- a/src/libstrongswan/networking/streams/stream.h +++ b/src/libstrongswan/networking/streams/stream.h @@ -25,9 +25,6 @@ typedef struct stream_t stream_t; #include <library.h> -#include <sys/un.h> -#include <sys/socket.h> - /** * Constructor function prototype for stream_t. * @@ -138,54 +135,6 @@ struct stream_t { }; /** - * Create a stream for UNIX sockets. - * - * UNIX URIs start with unix://, followed by the socket path. For absolute - * paths, an URI looks something like: - * - * unix:///path/to/socket - * - * @param uri UNIX socket specific URI, must start with "unix://" - * @return stream instance, NULL on failure - */ -stream_t *stream_create_unix(char *uri); - -/** - * Helper function to parse a unix:// URI to a sockaddr - * - * @param uri URI - * @param addr sockaddr - * @return length of sockaddr, -1 on error - */ -int stream_parse_uri_unix(char *uri, struct sockaddr_un *addr); - -/** - * Create a stream for TCP sockets. - * - * TCP URIs start with tcp://, followed by a hostname (FQDN or IP), followed - * by a colon separated port. A full TCP uri looks something like: - * - * tcp://srv.example.com:5555 - * tcp://0.0.0.0:1234 - * tcp://[fec2::1]:7654 - * - * There is no default port, so a colon after tcp:// is mandatory. - * - * @param uri TCP socket specific URI, must start with "tcp://" - * @return stream instance, NULL on failure - */ -stream_t *stream_create_tcp(char *uri); - -/** - * Helper function to parse a tcp:// URI to a sockaddr - * - * @param uri URI - * @param addr sockaddr, large enough for URI - * @return length of sockaddr, -1 on error - */ -int stream_parse_uri_tcp(char *uri, struct sockaddr *addr); - -/** * Create a stream from a file descriptor. * * The file descriptor MUST be a socket for non-blocking operation. diff --git a/src/libstrongswan/networking/streams/stream_manager.c b/src/libstrongswan/networking/streams/stream_manager.c index 2cbd6127e..8de243daa 100644 --- a/src/libstrongswan/networking/streams/stream_manager.c +++ b/src/libstrongswan/networking/streams/stream_manager.c @@ -15,6 +15,13 @@ #include "stream_manager.h" +#include "stream_tcp.h" +#include "stream_service_tcp.h" +#ifndef WIN32 +# include "stream_unix.h" +# include "stream_service_unix.h" +#endif + #include <threading/rwlock.h> typedef struct private_stream_manager_t private_stream_manager_t; @@ -193,10 +200,12 @@ METHOD(stream_manager_t, remove_service, void, METHOD(stream_manager_t, destroy, void, private_stream_manager_t *this) { - remove_stream(this, stream_create_unix); remove_stream(this, stream_create_tcp); - remove_service(this, stream_service_create_unix); remove_service(this, stream_service_create_tcp); +#ifndef WIN32 + remove_stream(this, stream_create_unix); + remove_service(this, stream_service_create_unix); +#endif this->streams->destroy(this->streams); this->services->destroy(this->services); @@ -226,10 +235,12 @@ stream_manager_t *stream_manager_create() .lock = rwlock_create(RWLOCK_TYPE_DEFAULT), ); - add_stream(this, "unix://", stream_create_unix); add_stream(this, "tcp://", stream_create_tcp); - add_service(this, "unix://", stream_service_create_unix); add_service(this, "tcp://", stream_service_create_tcp); +#ifndef WIN32 + add_stream(this, "unix://", stream_create_unix); + add_service(this, "unix://", stream_service_create_unix); +#endif return &this->public; } diff --git a/src/libstrongswan/networking/streams/stream_service.c b/src/libstrongswan/networking/streams/stream_service.c index 4e0eebddb..7358c580e 100644 --- a/src/libstrongswan/networking/streams/stream_service.c +++ b/src/libstrongswan/networking/streams/stream_service.c @@ -19,10 +19,10 @@ #include <threading/condvar.h> #include <processing/jobs/callback_job.h> +#include "stream_service.h" + #include <errno.h> #include <unistd.h> -#include <sys/socket.h> -#include <sys/un.h> #include <sys/stat.h> typedef struct private_stream_service_t private_stream_service_t; @@ -235,98 +235,3 @@ stream_service_t *stream_service_create_from_fd(int fd) return &this->public; } - -/** - * See header - */ -stream_service_t *stream_service_create_unix(char *uri, int backlog) -{ - struct sockaddr_un addr; - mode_t old; - int fd, len; - - len = stream_parse_uri_unix(uri, &addr); - if (len == -1) - { - DBG1(DBG_NET, "invalid stream URI: '%s'", uri); - return NULL; - } - if (!lib->caps->check(lib->caps, CAP_CHOWN)) - { /* required to chown(2) service socket */ - DBG1(DBG_NET, "socket '%s' requires CAP_CHOWN capability", uri); - return NULL; - } - fd = socket(AF_UNIX, SOCK_STREAM, 0); - if (fd == -1) - { - DBG1(DBG_NET, "opening socket '%s' failed: %s", uri, strerror(errno)); - return NULL; - } - unlink(addr.sun_path); - - old = umask(S_IRWXO); - if (bind(fd, (struct sockaddr*)&addr, len) < 0) - { - DBG1(DBG_NET, "binding socket '%s' failed: %s", uri, strerror(errno)); - close(fd); - return NULL; - } - umask(old); - if (chown(addr.sun_path, lib->caps->get_uid(lib->caps), - lib->caps->get_gid(lib->caps)) != 0) - { - DBG1(DBG_NET, "changing socket permissions for '%s' failed: %s", - uri, strerror(errno)); - } - if (listen(fd, backlog) < 0) - { - DBG1(DBG_NET, "listen on socket '%s' failed: %s", uri, strerror(errno)); - unlink(addr.sun_path); - close(fd); - return NULL; - } - return stream_service_create_from_fd(fd); -} - -/** - * See header - */ -stream_service_t *stream_service_create_tcp(char *uri, int backlog) -{ - union { - struct sockaddr_in in; - struct sockaddr_in6 in6; - struct sockaddr sa; - } addr; - int fd, len, on = 1; - - len = stream_parse_uri_tcp(uri, &addr.sa); - if (len == -1) - { - DBG1(DBG_NET, "invalid stream URI: '%s'", uri); - return NULL; - } - fd = socket(addr.sa.sa_family, SOCK_STREAM, 0); - if (fd < 0) - { - DBG1(DBG_NET, "opening socket '%s' failed: %s", uri, strerror(errno)); - return NULL; - } - if (setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, &on, sizeof(on)) != 0) - { - DBG1(DBG_NET, "SO_REUSADDR on '%s' failed: %s", uri, strerror(errno)); - } - if (bind(fd, &addr.sa, len) < 0) - { - DBG1(DBG_NET, "binding socket '%s' failed: %s", uri, strerror(errno)); - close(fd); - return NULL; - } - if (listen(fd, backlog) < 0) - { - DBG1(DBG_NET, "listen on socket '%s' failed: %s", uri, strerror(errno)); - close(fd); - return NULL; - } - return stream_service_create_from_fd(fd); -} diff --git a/src/libstrongswan/networking/streams/stream_service.h b/src/libstrongswan/networking/streams/stream_service.h index c8faba323..de2aaf7a5 100644 --- a/src/libstrongswan/networking/streams/stream_service.h +++ b/src/libstrongswan/networking/streams/stream_service.h @@ -23,7 +23,6 @@ typedef struct stream_service_t stream_service_t; -#include <library.h> #include <processing/jobs/job.h> #include <networking/streams/stream.h> @@ -83,22 +82,4 @@ struct stream_service_t { */ stream_service_t *stream_service_create_from_fd(int fd); -/** - * Create a service instance for UNIX sockets. - * - * @param uri UNIX socket specific URI, must start with "unix://" - * @param backlog size of the backlog queue, as passed to listen() - * @return stream_service instance, NULL on failure - */ -stream_service_t *stream_service_create_unix(char *uri, int backlog); - -/** - * Create a service instance for TCP sockets. - * - * @param uri TCP socket specific URI, must start with "tcp://" - * @param backlog size of the backlog queue, as passed to listen() - * @return stream_service instance, NULL on failure - */ -stream_service_t *stream_service_create_tcp(char *uri, int backlog); - #endif /** STREAM_SERVICE_H_ @}*/ diff --git a/src/libstrongswan/networking/streams/stream_service_tcp.c b/src/libstrongswan/networking/streams/stream_service_tcp.c new file mode 100644 index 000000000..4082834c8 --- /dev/null +++ b/src/libstrongswan/networking/streams/stream_service_tcp.c @@ -0,0 +1,64 @@ +/* + * Copyright (C) 2013 Martin Willi + * Copyright (C) 2013 revosec AG + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include <library.h> +#include <networking/streams/stream_tcp.h> + +#include <errno.h> +#include <unistd.h> +#include <sys/stat.h> + +/** + * See header + */ +stream_service_t *stream_service_create_tcp(char *uri, int backlog) +{ + union { + struct sockaddr_in in; + struct sockaddr_in6 in6; + struct sockaddr sa; + } addr; + int fd, len, on = 1; + + len = stream_parse_uri_tcp(uri, &addr.sa); + if (len == -1) + { + DBG1(DBG_NET, "invalid stream URI: '%s'", uri); + return NULL; + } + fd = socket(addr.sa.sa_family, SOCK_STREAM, 0); + if (fd < 0) + { + DBG1(DBG_NET, "opening socket '%s' failed: %s", uri, strerror(errno)); + return NULL; + } + if (setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, (void*)&on, sizeof(on)) != 0) + { + DBG1(DBG_NET, "SO_REUSADDR on '%s' failed: %s", uri, strerror(errno)); + } + if (bind(fd, &addr.sa, len) < 0) + { + DBG1(DBG_NET, "binding socket '%s' failed: %s", uri, strerror(errno)); + close(fd); + return NULL; + } + if (listen(fd, backlog) < 0) + { + DBG1(DBG_NET, "listen on socket '%s' failed: %s", uri, strerror(errno)); + close(fd); + return NULL; + } + return stream_service_create_from_fd(fd); +} diff --git a/src/libstrongswan/networking/streams/stream_service_tcp.h b/src/libstrongswan/networking/streams/stream_service_tcp.h new file mode 100644 index 000000000..f63f0074b --- /dev/null +++ b/src/libstrongswan/networking/streams/stream_service_tcp.h @@ -0,0 +1,33 @@ +/* + * Copyright (C) 2013 Martin Willi + * Copyright (C) 2013 revosec AG + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup stream_service_tcp stream_service_tcp + * @{ @ingroup stream + */ + +#ifndef STREAM_SERVICE_TCP_H_ +#define STREAM_SERVICE_TCP_H_ + +/** + * Create a service instance for TCP sockets. + * + * @param uri TCP socket specific URI, must start with "tcp://" + * @param backlog size of the backlog queue, as passed to listen() + * @return stream_service instance, NULL on failure + */ +stream_service_t *stream_service_create_tcp(char *uri, int backlog); + +#endif /** STREAM_SERVICE_TCP_H_ @}*/ diff --git a/src/libstrongswan/networking/streams/stream_service_unix.c b/src/libstrongswan/networking/streams/stream_service_unix.c new file mode 100644 index 000000000..1ed27c499 --- /dev/null +++ b/src/libstrongswan/networking/streams/stream_service_unix.c @@ -0,0 +1,75 @@ +/* + * Copyright (C) 2013 Martin Willi + * Copyright (C) 2013 revosec AG + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include <library.h> +#include <networking/streams/stream_unix.h> + +#include <errno.h> +#include <unistd.h> +#include <sys/socket.h> +#include <sys/un.h> +#include <sys/stat.h> + +/** + * See header + */ +stream_service_t *stream_service_create_unix(char *uri, int backlog) +{ + struct sockaddr_un addr; + mode_t old; + int fd, len; + + len = stream_parse_uri_unix(uri, &addr); + if (len == -1) + { + DBG1(DBG_NET, "invalid stream URI: '%s'", uri); + return NULL; + } + if (!lib->caps->check(lib->caps, CAP_CHOWN)) + { /* required to chown(2) service socket */ + DBG1(DBG_NET, "socket '%s' requires CAP_CHOWN capability", uri); + return NULL; + } + fd = socket(AF_UNIX, SOCK_STREAM, 0); + if (fd == -1) + { + DBG1(DBG_NET, "opening socket '%s' failed: %s", uri, strerror(errno)); + return NULL; + } + unlink(addr.sun_path); + + old = umask(S_IRWXO); + if (bind(fd, (struct sockaddr*)&addr, len) < 0) + { + DBG1(DBG_NET, "binding socket '%s' failed: %s", uri, strerror(errno)); + close(fd); + return NULL; + } + umask(old); + if (chown(addr.sun_path, lib->caps->get_uid(lib->caps), + lib->caps->get_gid(lib->caps)) != 0) + { + DBG1(DBG_NET, "changing socket permissions for '%s' failed: %s", + uri, strerror(errno)); + } + if (listen(fd, backlog) < 0) + { + DBG1(DBG_NET, "listen on socket '%s' failed: %s", uri, strerror(errno)); + unlink(addr.sun_path); + close(fd); + return NULL; + } + return stream_service_create_from_fd(fd); +} diff --git a/src/libstrongswan/networking/streams/stream_service_unix.h b/src/libstrongswan/networking/streams/stream_service_unix.h new file mode 100644 index 000000000..14c09cbb5 --- /dev/null +++ b/src/libstrongswan/networking/streams/stream_service_unix.h @@ -0,0 +1,42 @@ +/* + * Copyright (C) 2013 Martin Willi + * Copyright (C) 2013 revosec AG + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup stream_service_unix stream_service_unix + * @{ @ingroup stream + */ + +#ifndef STREAM_SERVICE_UNIX_H_ +#define STREAM_SERVICE_UNIX_H_ + +/** + * Create a service instance for UNIX sockets. + * + * @param uri UNIX socket specific URI, must start with "unix://" + * @param backlog size of the backlog queue, as passed to listen() + * @return stream_service instance, NULL on failure + */ +stream_service_t *stream_service_create_unix(char *uri, int backlog); + +/** + * Create a service instance for TCP sockets. + * + * @param uri TCP socket specific URI, must start with "tcp://" + * @param backlog size of the backlog queue, as passed to listen() + * @return stream_service instance, NULL on failure + */ +stream_service_t *stream_service_create_tcp(char *uri, int backlog); + +#endif /** STREAM_SERVICE_UNIX_H_ @}*/ diff --git a/src/libstrongswan/networking/streams/stream_tcp.c b/src/libstrongswan/networking/streams/stream_tcp.c new file mode 100644 index 000000000..5459145a0 --- /dev/null +++ b/src/libstrongswan/networking/streams/stream_tcp.c @@ -0,0 +1,99 @@ +/* + * Copyright (C) 2013 Martin Willi + * Copyright (C) 2013 revosec AG + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include <library.h> +#include <errno.h> +#include <unistd.h> +#include <limits.h> + +#include "stream_tcp.h" + +/** + * See header. + */ +int stream_parse_uri_tcp(char *uri, struct sockaddr *addr) +{ + char *pos, buf[128]; + host_t *host; + u_long port; + int len; + + if (!strpfx(uri, "tcp://")) + { + return -1; + } + uri += strlen("tcp://"); + pos = strrchr(uri, ':'); + if (!pos) + { + return -1; + } + if (*uri == '[' && pos > uri && *(pos - 1) == ']') + { + /* IPv6 URI */ + snprintf(buf, sizeof(buf), "%.*s", (int)(pos - uri - 2), uri + 1); + } + else + { + snprintf(buf, sizeof(buf), "%.*s", (int)(pos - uri), uri); + } + port = strtoul(pos + 1, &pos, 10); + if (port == ULONG_MAX || *pos || port > 65535) + { + return -1; + } + host = host_create_from_dns(buf, AF_UNSPEC, port); + if (!host) + { + return -1; + } + len = *host->get_sockaddr_len(host); + memcpy(addr, host->get_sockaddr(host), len); + host->destroy(host); + return len; +} + +/** + * See header + */ +stream_t *stream_create_tcp(char *uri) +{ + union { + struct sockaddr_in in; + struct sockaddr_in6 in6; + struct sockaddr sa; + } addr; + int fd, len; + + len = stream_parse_uri_tcp(uri, &addr.sa); + if (len == -1) + { + DBG1(DBG_NET, "invalid stream URI: '%s'", uri); + return NULL; + } + fd = socket(addr.sa.sa_family, SOCK_STREAM, 0); + if (fd < 0) + { + DBG1(DBG_NET, "opening socket '%s' failed: %s", uri, strerror(errno)); + return NULL; + } + if (connect(fd, &addr.sa, len)) + { + DBG1(DBG_NET, "connecting to '%s' failed: %s", uri, strerror(errno)); + close(fd); + return NULL; + } + return stream_create_from_fd(fd); +} diff --git a/src/libstrongswan/networking/streams/stream_tcp.h b/src/libstrongswan/networking/streams/stream_tcp.h new file mode 100644 index 000000000..5bf6c8235 --- /dev/null +++ b/src/libstrongswan/networking/streams/stream_tcp.h @@ -0,0 +1,52 @@ +/* + * Copyright (C) 2013 Martin Willi + * Copyright (C) 2013 revosec AG + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup stream_tcp stream_tcp + * @{ @ingroup streams + */ + +#ifndef STREAM_TCP_H_ +#define STREAM_TCP_H_ + +#include <library.h> + +/** + * Create a stream for TCP sockets. + * + * TCP URIs start with tcp://, followed by a hostname (FQDN or IP), followed + * by a colon separated port. A full TCP uri looks something like: + * + * tcp://srv.example.com:5555 + * tcp://0.0.0.0:1234 + * tcp://[fec2::1]:7654 + * + * There is no default port, so a colon after tcp:// is mandatory. + * + * @param uri TCP socket specific URI, must start with "tcp://" + * @return stream instance, NULL on failure + */ +stream_t *stream_create_tcp(char *uri); + +/** + * Helper function to parse a tcp:// URI to a sockaddr + * + * @param uri URI + * @param addr sockaddr, large enough for URI + * @return length of sockaddr, -1 on error + */ +int stream_parse_uri_tcp(char *uri, struct sockaddr *addr); + +#endif /** STREAM_TCP_H_ @}*/ diff --git a/src/libstrongswan/networking/streams/stream_unix.c b/src/libstrongswan/networking/streams/stream_unix.c new file mode 100644 index 000000000..13e56bc78 --- /dev/null +++ b/src/libstrongswan/networking/streams/stream_unix.c @@ -0,0 +1,69 @@ +/* + * Copyright (C) 2013 Martin Willi + * Copyright (C) 2013 revosec AG + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include <library.h> +#include <errno.h> +#include <unistd.h> +#include <limits.h> + +#include "stream_unix.h" + +/** + * See header + */ +int stream_parse_uri_unix(char *uri, struct sockaddr_un *addr) +{ + if (!strpfx(uri, "unix://")) + { + return -1; + } + uri += strlen("unix://"); + + memset(addr, 0, sizeof(*addr)); + addr->sun_family = AF_UNIX; + strncpy(addr->sun_path, uri, sizeof(addr->sun_path)); + addr->sun_path[sizeof(addr->sun_path)-1] = '\0'; + + return offsetof(struct sockaddr_un, sun_path) + strlen(addr->sun_path); +} + +/** + * See header + */ +stream_t *stream_create_unix(char *uri) +{ + struct sockaddr_un addr; + int len, fd; + + len = stream_parse_uri_unix(uri, &addr); + if (len == -1) + { + DBG1(DBG_NET, "invalid stream URI: '%s'", uri); + return NULL; + } + fd = socket(AF_UNIX, SOCK_STREAM, 0); + if (fd < 0) + { + DBG1(DBG_NET, "opening socket '%s' failed: %s", uri, strerror(errno)); + return NULL; + } + if (connect(fd, (struct sockaddr*)&addr, len) < 0) + { + DBG1(DBG_NET, "connecting to '%s' failed: %s", uri, strerror(errno)); + close(fd); + return NULL; + } + return stream_create_from_fd(fd); +} diff --git a/src/libstrongswan/networking/streams/stream_unix.h b/src/libstrongswan/networking/streams/stream_unix.h new file mode 100644 index 000000000..5204251b3 --- /dev/null +++ b/src/libstrongswan/networking/streams/stream_unix.h @@ -0,0 +1,48 @@ +/* + * Copyright (C) 2013 Martin Willi + * Copyright (C) 2013 revosec AG + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup stream_unix stream_unix + * @{ @ingroup streams + */ + +#ifndef STREAM_UNIX_H_ +#define STREAM_UNIX_H_ + +#include <sys/un.h> + +/** + * Create a stream for UNIX sockets. + * + * UNIX URIs start with unix://, followed by the socket path. For absolute + * paths, an URI looks something like: + * + * unix:///path/to/socket + * + * @param uri UNIX socket specific URI, must start with "unix://" + * @return stream instance, NULL on failure + */ +stream_t *stream_create_unix(char *uri); + +/** + * Helper function to parse a unix:// URI to a sockaddr + * + * @param uri URI + * @param addr sockaddr + * @return length of sockaddr, -1 on error + */ +int stream_parse_uri_unix(char *uri, struct sockaddr_un *addr); + +#endif /** STREAM_UNIX_H_ @}*/ diff --git a/src/libstrongswan/networking/tun_device.c b/src/libstrongswan/networking/tun_device.c index f2c7b162f..ff2c4a337 100644 --- a/src/libstrongswan/networking/tun_device.c +++ b/src/libstrongswan/networking/tun_device.c @@ -16,24 +16,12 @@ * for more details. */ -#include <errno.h> -#include <fcntl.h> -#include <netinet/in.h> -#include <string.h> -#include <sys/ioctl.h> -#include <sys/types.h> -#include <sys/socket.h> -#include <sys/stat.h> -#include <unistd.h> -#include <net/if.h> - -#if !defined(__APPLE__) && !defined(__linux__) && !defined(HAVE_NET_IF_TUN_H) - #include "tun_device.h" #include <utils/debug.h> +#include <threading/thread.h> -#warning TUN devices are not supported! +#if !defined(__APPLE__) && !defined(__linux__) && !defined(HAVE_NET_IF_TUN_H) tun_device_t *tun_device_create(const char *name_tmpl) { @@ -43,6 +31,17 @@ tun_device_t *tun_device_create(const char *name_tmpl) #else /* TUN devices supported */ +#include <errno.h> +#include <fcntl.h> +#include <netinet/in.h> +#include <string.h> +#include <sys/ioctl.h> +#include <sys/types.h> +#include <sys/socket.h> +#include <sys/stat.h> +#include <unistd.h> +#include <net/if.h> + #ifdef __APPLE__ #include <net/if_utun.h> #include <netinet/in_var.h> @@ -58,11 +57,6 @@ tun_device_t *tun_device_create(const char *name_tmpl) #include <net/if_tun.h> #endif -#include "tun_device.h" - -#include <utils/debug.h> -#include <threading/thread.h> - #define TUN_DEFAULT_MTU 1500 typedef struct private_tun_device_t private_tun_device_t; diff --git a/src/libstrongswan/plugins/acert/Makefile.am b/src/libstrongswan/plugins/acert/Makefile.am index ba16f413a..558034eba 100644 --- a/src/libstrongswan/plugins/acert/Makefile.am +++ b/src/libstrongswan/plugins/acert/Makefile.am @@ -2,7 +2,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libstrongswan AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-acert.la diff --git a/src/libstrongswan/plugins/aes/Makefile.am b/src/libstrongswan/plugins/aes/Makefile.am index 8c5505bfc..cfdcf49fd 100644 --- a/src/libstrongswan/plugins/aes/Makefile.am +++ b/src/libstrongswan/plugins/aes/Makefile.am @@ -2,7 +2,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libstrongswan AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-aes.la diff --git a/src/libstrongswan/plugins/af_alg/Makefile.am b/src/libstrongswan/plugins/af_alg/Makefile.am index 58113ca3d..bd3985367 100644 --- a/src/libstrongswan/plugins/af_alg/Makefile.am +++ b/src/libstrongswan/plugins/af_alg/Makefile.am @@ -3,7 +3,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libstrongswan AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-af-alg.la diff --git a/src/libstrongswan/plugins/agent/Makefile.am b/src/libstrongswan/plugins/agent/Makefile.am index e60d19363..984621385 100644 --- a/src/libstrongswan/plugins/agent/Makefile.am +++ b/src/libstrongswan/plugins/agent/Makefile.am @@ -2,7 +2,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libstrongswan AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-agent.la diff --git a/src/libstrongswan/plugins/blowfish/Makefile.am b/src/libstrongswan/plugins/blowfish/Makefile.am index 3e5cf8f08..9c04f564d 100644 --- a/src/libstrongswan/plugins/blowfish/Makefile.am +++ b/src/libstrongswan/plugins/blowfish/Makefile.am @@ -2,7 +2,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libstrongswan AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-blowfish.la diff --git a/src/libstrongswan/plugins/ccm/Makefile.am b/src/libstrongswan/plugins/ccm/Makefile.am index d512f5a94..f67c7f9f1 100644 --- a/src/libstrongswan/plugins/ccm/Makefile.am +++ b/src/libstrongswan/plugins/ccm/Makefile.am @@ -2,7 +2,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libstrongswan AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-ccm.la diff --git a/src/libstrongswan/plugins/cmac/Makefile.am b/src/libstrongswan/plugins/cmac/Makefile.am index 08e910be1..8e0a45008 100644 --- a/src/libstrongswan/plugins/cmac/Makefile.am +++ b/src/libstrongswan/plugins/cmac/Makefile.am @@ -2,7 +2,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libstrongswan AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-cmac.la diff --git a/src/libstrongswan/plugins/constraints/Makefile.am b/src/libstrongswan/plugins/constraints/Makefile.am index 8afde7013..21835829b 100644 --- a/src/libstrongswan/plugins/constraints/Makefile.am +++ b/src/libstrongswan/plugins/constraints/Makefile.am @@ -2,7 +2,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libstrongswan AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-constraints.la diff --git a/src/libstrongswan/plugins/ctr/Makefile.am b/src/libstrongswan/plugins/ctr/Makefile.am index 52278b6d2..abee58e72 100644 --- a/src/libstrongswan/plugins/ctr/Makefile.am +++ b/src/libstrongswan/plugins/ctr/Makefile.am @@ -2,7 +2,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libstrongswan AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-ctr.la diff --git a/src/libstrongswan/plugins/curl/Makefile.am b/src/libstrongswan/plugins/curl/Makefile.am index 17bcc8d98..a22f9b3ab 100644 --- a/src/libstrongswan/plugins/curl/Makefile.am +++ b/src/libstrongswan/plugins/curl/Makefile.am @@ -2,7 +2,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libstrongswan AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-curl.la diff --git a/src/libstrongswan/plugins/des/Makefile.am b/src/libstrongswan/plugins/des/Makefile.am index 9ca965995..87fbcb1b7 100644 --- a/src/libstrongswan/plugins/des/Makefile.am +++ b/src/libstrongswan/plugins/des/Makefile.am @@ -2,7 +2,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libstrongswan AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-des.la diff --git a/src/libstrongswan/plugins/dnskey/Makefile.am b/src/libstrongswan/plugins/dnskey/Makefile.am index 7e74fd897..47f432753 100644 --- a/src/libstrongswan/plugins/dnskey/Makefile.am +++ b/src/libstrongswan/plugins/dnskey/Makefile.am @@ -2,7 +2,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libstrongswan AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-dnskey.la diff --git a/src/libstrongswan/plugins/fips_prf/Makefile.am b/src/libstrongswan/plugins/fips_prf/Makefile.am index a7ae612c0..f7e7e1a72 100644 --- a/src/libstrongswan/plugins/fips_prf/Makefile.am +++ b/src/libstrongswan/plugins/fips_prf/Makefile.am @@ -2,7 +2,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libstrongswan AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-fips-prf.la diff --git a/src/libstrongswan/plugins/gcm/Makefile.am b/src/libstrongswan/plugins/gcm/Makefile.am index 228b4708d..5cfeaf7f0 100644 --- a/src/libstrongswan/plugins/gcm/Makefile.am +++ b/src/libstrongswan/plugins/gcm/Makefile.am @@ -2,7 +2,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libstrongswan AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-gcm.la diff --git a/src/libstrongswan/plugins/gcrypt/Makefile.am b/src/libstrongswan/plugins/gcrypt/Makefile.am index 1a9d225ec..24a5a9c3e 100644 --- a/src/libstrongswan/plugins/gcrypt/Makefile.am +++ b/src/libstrongswan/plugins/gcrypt/Makefile.am @@ -2,7 +2,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libstrongswan AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-gcrypt.la diff --git a/src/libstrongswan/plugins/gmp/Makefile.am b/src/libstrongswan/plugins/gmp/Makefile.am index 57e1fd7a8..a2cfefd01 100644 --- a/src/libstrongswan/plugins/gmp/Makefile.am +++ b/src/libstrongswan/plugins/gmp/Makefile.am @@ -2,7 +2,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libstrongswan AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-gmp.la diff --git a/src/libstrongswan/plugins/hmac/Makefile.am b/src/libstrongswan/plugins/hmac/Makefile.am index 5d88d26c8..65c36b2ec 100644 --- a/src/libstrongswan/plugins/hmac/Makefile.am +++ b/src/libstrongswan/plugins/hmac/Makefile.am @@ -2,7 +2,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libstrongswan AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-hmac.la diff --git a/src/libstrongswan/plugins/keychain/Makefile.am b/src/libstrongswan/plugins/keychain/Makefile.am index bd04db33d..07d2bcdbb 100644 --- a/src/libstrongswan/plugins/keychain/Makefile.am +++ b/src/libstrongswan/plugins/keychain/Makefile.am @@ -1,7 +1,7 @@ AM_CPPFLAGS = -I$(top_srcdir)/src/libstrongswan -AM_CFLAGS = -rdynamic +AM_CFLAGS = $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-keychain.la diff --git a/src/libstrongswan/plugins/ldap/Makefile.am b/src/libstrongswan/plugins/ldap/Makefile.am index 3bcef1aa8..333d97401 100644 --- a/src/libstrongswan/plugins/ldap/Makefile.am +++ b/src/libstrongswan/plugins/ldap/Makefile.am @@ -2,7 +2,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libstrongswan AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-ldap.la diff --git a/src/libstrongswan/plugins/md4/Makefile.am b/src/libstrongswan/plugins/md4/Makefile.am index a2fe8ecab..713057427 100644 --- a/src/libstrongswan/plugins/md4/Makefile.am +++ b/src/libstrongswan/plugins/md4/Makefile.am @@ -2,7 +2,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libstrongswan AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-md4.la diff --git a/src/libstrongswan/plugins/md5/Makefile.am b/src/libstrongswan/plugins/md5/Makefile.am index fc6406afa..071116087 100644 --- a/src/libstrongswan/plugins/md5/Makefile.am +++ b/src/libstrongswan/plugins/md5/Makefile.am @@ -2,7 +2,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libstrongswan AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-md5.la diff --git a/src/libstrongswan/plugins/mysql/Makefile.am b/src/libstrongswan/plugins/mysql/Makefile.am index 588b7991b..11711b31b 100644 --- a/src/libstrongswan/plugins/mysql/Makefile.am +++ b/src/libstrongswan/plugins/mysql/Makefile.am @@ -3,7 +3,7 @@ AM_CPPFLAGS = \ AM_CFLAGS = \ $(MYSQLCFLAG) \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-mysql.la diff --git a/src/libstrongswan/plugins/mysql/mysql_database.c b/src/libstrongswan/plugins/mysql/mysql_database.c index 373e9dc7c..871cc59a0 100644 --- a/src/libstrongswan/plugins/mysql/mysql_database.c +++ b/src/libstrongswan/plugins/mysql/mysql_database.c @@ -14,12 +14,12 @@ * for more details. */ +#include "mysql_database.h" + #define _GNU_SOURCE #include <string.h> #include <mysql.h> -#include "mysql_database.h" - #include <utils/debug.h> #include <utils/chunk.h> #include <threading/thread_value.h> @@ -730,7 +730,7 @@ static bool finalize_transaction(private_mysql_database_t *this, return TRUE; } -METHOD(database_t, commit, bool, +METHOD(database_t, commit_, bool, private_mysql_database_t *this) { return finalize_transaction(this, FALSE); @@ -768,7 +768,7 @@ static bool parse_uri(private_mysql_database_t *this, char *uri) /** * parse mysql://username:pass@host:port/database uri */ - username = strdupa(uri + 8); + username = strdup(uri + 8); pos = strchr(username, ':'); if (pos) { @@ -800,10 +800,12 @@ static bool parse_uri(private_mysql_database_t *this, char *uri) this->password = strdup(password); this->database = strdup(database); this->port = atoi(port); + free(username); return TRUE; } } } + free(username); DBG1(DBG_LIB, "parsing MySQL database uri '%s' failed", uri); return FALSE; } @@ -828,7 +830,7 @@ mysql_database_t *mysql_database_create(char *uri) .query = _query, .execute = _execute, .transaction = _transaction, - .commit = _commit, + .commit = _commit_, .rollback = _rollback, .get_driver = _get_driver, .destroy = _destroy, diff --git a/src/libstrongswan/plugins/mysql/mysql_database.h b/src/libstrongswan/plugins/mysql/mysql_database.h index 98ddcad36..bbf6a33e9 100644 --- a/src/libstrongswan/plugins/mysql/mysql_database.h +++ b/src/libstrongswan/plugins/mysql/mysql_database.h @@ -21,6 +21,7 @@ #ifndef MYSQL_DATABASE_H_ #define MYSQL_DATABASE_H_ +#include <library.h> #include <database/database.h> typedef struct mysql_database_t mysql_database_t; diff --git a/src/libstrongswan/plugins/nonce/Makefile.am b/src/libstrongswan/plugins/nonce/Makefile.am index 7dde99e5f..49dd3e225 100644 --- a/src/libstrongswan/plugins/nonce/Makefile.am +++ b/src/libstrongswan/plugins/nonce/Makefile.am @@ -2,7 +2,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libstrongswan AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-nonce.la diff --git a/src/libstrongswan/plugins/ntru/Makefile.am b/src/libstrongswan/plugins/ntru/Makefile.am index e241554b5..b959afa8e 100644 --- a/src/libstrongswan/plugins/ntru/Makefile.am +++ b/src/libstrongswan/plugins/ntru/Makefile.am @@ -2,7 +2,8 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libstrongswan AM_CFLAGS = \ - -rdynamic @COVERAGE_CFLAGS@ + $(PLUGIN_CFLAGS) \ + @COVERAGE_CFLAGS@ if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-ntru.la @@ -23,5 +24,3 @@ libstrongswan_ntru_la_SOURCES = \ ntru_trits.h ntru_trits.c libstrongswan_ntru_la_LDFLAGS = -module -avoid-version - - diff --git a/src/libstrongswan/plugins/openssl/Makefile.am b/src/libstrongswan/plugins/openssl/Makefile.am index cbfd69b71..9287f788a 100644 --- a/src/libstrongswan/plugins/openssl/Makefile.am +++ b/src/libstrongswan/plugins/openssl/Makefile.am @@ -3,7 +3,7 @@ AM_CPPFLAGS = \ -DFIPS_MODE=${fips_mode} AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-openssl.la @@ -32,4 +32,4 @@ libstrongswan_openssl_la_SOURCES = \ openssl_gcm.c openssl_gcm.h libstrongswan_openssl_la_LDFLAGS = -module -avoid-version -libstrongswan_openssl_la_LIBADD = -lcrypto +libstrongswan_openssl_la_LIBADD = $(OPENSSL_LIB) diff --git a/src/libstrongswan/plugins/openssl/openssl_plugin.c b/src/libstrongswan/plugins/openssl/openssl_plugin.c index f4aef8200..a426cdcb3 100644 --- a/src/libstrongswan/plugins/openssl/openssl_plugin.c +++ b/src/libstrongswan/plugins/openssl/openssl_plugin.c @@ -14,6 +14,12 @@ * for more details. */ +#include <library.h> +#include <utils/debug.h> +#include <threading/thread.h> +#include <threading/mutex.h> +#include <threading/thread_value.h> + #include <openssl/err.h> #include <openssl/evp.h> #include <openssl/conf.h> @@ -24,12 +30,6 @@ #endif #include "openssl_plugin.h" - -#include <library.h> -#include <utils/debug.h> -#include <threading/thread.h> -#include <threading/mutex.h> -#include <threading/thread_value.h> #include "openssl_util.h" #include "openssl_crypter.h" #include "openssl_hasher.h" @@ -526,9 +526,10 @@ plugin_t *openssl_plugin_create() #ifdef OPENSSL_FIPS if (fips_mode) { - if (!FIPS_mode_set(fips_mode)) + if (FIPS_mode() != fips_mode && !FIPS_mode_set(fips_mode)) { - DBG1(DBG_LIB, "unable to set openssl FIPS mode(%d)", fips_mode); + DBG1(DBG_LIB, "unable to set openssl FIPS mode(%d) from (%d)", + fips_mode, FIPS_mode()); return NULL; } } @@ -558,8 +559,8 @@ plugin_t *openssl_plugin_create() #ifdef OPENSSL_FIPS /* we do this here as it may have been enabled via openssl.conf */ fips_mode = FIPS_mode(); - DBG1(DBG_LIB, "openssl FIPS mode(%d) - %sabled ", fips_mode, - fips_mode ? "en" : "dis"); + dbg(DBG_LIB, strpfx(lib->ns, "charon") ? 1 : 2, + "openssl FIPS mode(%d) - %sabled ", fips_mode, fips_mode ? "en" : "dis"); #endif /* OPENSSL_FIPS */ #ifndef OPENSSL_NO_ENGINE diff --git a/src/libstrongswan/plugins/openssl/openssl_rng.c b/src/libstrongswan/plugins/openssl/openssl_rng.c index 815cf4f0c..c807bb607 100644 --- a/src/libstrongswan/plugins/openssl/openssl_rng.c +++ b/src/libstrongswan/plugins/openssl/openssl_rng.c @@ -20,7 +20,9 @@ * THE SOFTWARE. */ +#include <library.h> #include <utils/debug.h> + #include <openssl/rand.h> #include <openssl/err.h> diff --git a/src/libstrongswan/plugins/openssl/openssl_util.h b/src/libstrongswan/plugins/openssl/openssl_util.h index ce2a9e109..2db073139 100644 --- a/src/libstrongswan/plugins/openssl/openssl_util.h +++ b/src/libstrongswan/plugins/openssl/openssl_util.h @@ -22,6 +22,12 @@ #define OPENSSL_UTIL_H_ #include <library.h> + +#ifdef X509_NAME +/* from <wincrypt.h> */ +# undef X509_NAME +#endif + #include <openssl/bn.h> #include <openssl/asn1.h> diff --git a/src/libstrongswan/plugins/padlock/Makefile.am b/src/libstrongswan/plugins/padlock/Makefile.am index 0acd8384c..1110a2ebb 100644 --- a/src/libstrongswan/plugins/padlock/Makefile.am +++ b/src/libstrongswan/plugins/padlock/Makefile.am @@ -2,7 +2,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libstrongswan AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-padlock.la diff --git a/src/libstrongswan/plugins/pem/Makefile.am b/src/libstrongswan/plugins/pem/Makefile.am index 9aa853e13..55e52511e 100644 --- a/src/libstrongswan/plugins/pem/Makefile.am +++ b/src/libstrongswan/plugins/pem/Makefile.am @@ -2,7 +2,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libstrongswan AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-pem.la diff --git a/src/libstrongswan/plugins/pgp/Makefile.am b/src/libstrongswan/plugins/pgp/Makefile.am index d3eef3ce1..093e94b60 100644 --- a/src/libstrongswan/plugins/pgp/Makefile.am +++ b/src/libstrongswan/plugins/pgp/Makefile.am @@ -2,7 +2,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libstrongswan AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-pgp.la diff --git a/src/libstrongswan/plugins/pkcs1/Makefile.am b/src/libstrongswan/plugins/pkcs1/Makefile.am index 5dbc4e9c2..d579531ef 100644 --- a/src/libstrongswan/plugins/pkcs1/Makefile.am +++ b/src/libstrongswan/plugins/pkcs1/Makefile.am @@ -2,7 +2,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libstrongswan AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-pkcs1.la diff --git a/src/libstrongswan/plugins/pkcs11/Makefile.am b/src/libstrongswan/plugins/pkcs11/Makefile.am index 1d175ecb4..a2a1bcff8 100644 --- a/src/libstrongswan/plugins/pkcs11/Makefile.am +++ b/src/libstrongswan/plugins/pkcs11/Makefile.am @@ -2,7 +2,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libstrongswan AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-pkcs11.la diff --git a/src/libstrongswan/plugins/pkcs12/Makefile.am b/src/libstrongswan/plugins/pkcs12/Makefile.am index af472ba82..8078ff342 100644 --- a/src/libstrongswan/plugins/pkcs12/Makefile.am +++ b/src/libstrongswan/plugins/pkcs12/Makefile.am @@ -2,7 +2,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libstrongswan AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-pkcs12.la diff --git a/src/libstrongswan/plugins/pkcs7/Makefile.am b/src/libstrongswan/plugins/pkcs7/Makefile.am index 080947f46..f69176ab6 100644 --- a/src/libstrongswan/plugins/pkcs7/Makefile.am +++ b/src/libstrongswan/plugins/pkcs7/Makefile.am @@ -2,7 +2,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libstrongswan AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-pkcs7.la diff --git a/src/libstrongswan/plugins/pkcs8/Makefile.am b/src/libstrongswan/plugins/pkcs8/Makefile.am index 98e3263df..88a205a76 100644 --- a/src/libstrongswan/plugins/pkcs8/Makefile.am +++ b/src/libstrongswan/plugins/pkcs8/Makefile.am @@ -2,7 +2,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libstrongswan AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-pkcs8.la diff --git a/src/libstrongswan/plugins/plugin_loader.c b/src/libstrongswan/plugins/plugin_loader.c index 487fafa01..c23f2f03f 100644 --- a/src/libstrongswan/plugins/plugin_loader.c +++ b/src/libstrongswan/plugins/plugin_loader.c @@ -21,7 +21,9 @@ #include <sys/stat.h> #include <unistd.h> #include <string.h> +#ifdef HAVE_DLADDR #include <dlfcn.h> +#endif #include <limits.h> #include <stdio.h> diff --git a/src/libstrongswan/plugins/pubkey/Makefile.am b/src/libstrongswan/plugins/pubkey/Makefile.am index 4f2354455..5a78bf2b9 100644 --- a/src/libstrongswan/plugins/pubkey/Makefile.am +++ b/src/libstrongswan/plugins/pubkey/Makefile.am @@ -2,7 +2,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libstrongswan AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-pubkey.la diff --git a/src/libstrongswan/plugins/random/Makefile.am b/src/libstrongswan/plugins/random/Makefile.am index 7c03c66ef..b87622cdd 100644 --- a/src/libstrongswan/plugins/random/Makefile.am +++ b/src/libstrongswan/plugins/random/Makefile.am @@ -4,7 +4,7 @@ AM_CPPFLAGS = \ -DDEV_URANDOM=\"${urandom_device}\" AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-random.la diff --git a/src/libstrongswan/plugins/rc2/Makefile.am b/src/libstrongswan/plugins/rc2/Makefile.am index 3f892728d..edaf90c9c 100644 --- a/src/libstrongswan/plugins/rc2/Makefile.am +++ b/src/libstrongswan/plugins/rc2/Makefile.am @@ -2,7 +2,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libstrongswan AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-rc2.la diff --git a/src/libstrongswan/plugins/rdrand/Makefile.am b/src/libstrongswan/plugins/rdrand/Makefile.am index d9cb00161..674bc48b2 100644 --- a/src/libstrongswan/plugins/rdrand/Makefile.am +++ b/src/libstrongswan/plugins/rdrand/Makefile.am @@ -2,7 +2,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libstrongswan AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-rdrand.la diff --git a/src/libstrongswan/plugins/revocation/Makefile.am b/src/libstrongswan/plugins/revocation/Makefile.am index 5bb5ac204..9532d5f03 100644 --- a/src/libstrongswan/plugins/revocation/Makefile.am +++ b/src/libstrongswan/plugins/revocation/Makefile.am @@ -2,7 +2,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libstrongswan AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-revocation.la diff --git a/src/libstrongswan/plugins/sha1/Makefile.am b/src/libstrongswan/plugins/sha1/Makefile.am index f5e7d946e..99c9d180f 100644 --- a/src/libstrongswan/plugins/sha1/Makefile.am +++ b/src/libstrongswan/plugins/sha1/Makefile.am @@ -2,7 +2,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libstrongswan AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-sha1.la diff --git a/src/libstrongswan/plugins/sha1/sha1_hasher.c b/src/libstrongswan/plugins/sha1/sha1_hasher.c index b0efbae7d..b51a26152 100644 --- a/src/libstrongswan/plugins/sha1/sha1_hasher.c +++ b/src/libstrongswan/plugins/sha1/sha1_hasher.c @@ -18,7 +18,8 @@ */ #include <string.h> -#include <arpa/inet.h> + +#include <library.h> #include "sha1_hasher.h" @@ -257,4 +258,3 @@ sha1_hasher_t *sha1_hasher_create(hash_algorithm_t algo) return &(this->public); } - diff --git a/src/libstrongswan/plugins/sha1/sha1_prf.c b/src/libstrongswan/plugins/sha1/sha1_prf.c index cdc494b34..cc4924a80 100644 --- a/src/libstrongswan/plugins/sha1/sha1_prf.c +++ b/src/libstrongswan/plugins/sha1/sha1_prf.c @@ -16,7 +16,7 @@ #include "sha1_prf.h" #include "sha1_hasher.h" -#include <arpa/inet.h> +#include <library.h> typedef struct private_sha1_prf_t private_sha1_prf_t; typedef struct private_sha1_hasher_t private_sha1_hasher_t; @@ -148,4 +148,3 @@ sha1_prf_t *sha1_prf_create(pseudo_random_function_t algo) return &this->public; } - diff --git a/src/libstrongswan/plugins/sha2/Makefile.am b/src/libstrongswan/plugins/sha2/Makefile.am index cdd8696cd..7233b9518 100644 --- a/src/libstrongswan/plugins/sha2/Makefile.am +++ b/src/libstrongswan/plugins/sha2/Makefile.am @@ -2,7 +2,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libstrongswan AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-sha2.la diff --git a/src/libstrongswan/plugins/soup/Makefile.am b/src/libstrongswan/plugins/soup/Makefile.am index 8df666f4c..a600fc04c 100644 --- a/src/libstrongswan/plugins/soup/Makefile.am +++ b/src/libstrongswan/plugins/soup/Makefile.am @@ -3,7 +3,7 @@ AM_CPPFLAGS = \ AM_CFLAGS = \ ${soup_CFLAGS} \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-soup.la diff --git a/src/libstrongswan/plugins/sqlite/Makefile.am b/src/libstrongswan/plugins/sqlite/Makefile.am index 717d6350d..0a9b11d3c 100644 --- a/src/libstrongswan/plugins/sqlite/Makefile.am +++ b/src/libstrongswan/plugins/sqlite/Makefile.am @@ -2,7 +2,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libstrongswan AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-sqlite.la diff --git a/src/libstrongswan/plugins/sqlite/sqlite_database.c b/src/libstrongswan/plugins/sqlite/sqlite_database.c index 675707491..ec1ca1404 100644 --- a/src/libstrongswan/plugins/sqlite/sqlite_database.c +++ b/src/libstrongswan/plugins/sqlite/sqlite_database.c @@ -367,7 +367,7 @@ static bool finalize_transaction(private_sqlite_database_t *this, return TRUE; } -METHOD(database_t, commit, bool, +METHOD(database_t, commit_, bool, private_sqlite_database_t *this) { return finalize_transaction(this, FALSE); @@ -431,7 +431,7 @@ sqlite_database_t *sqlite_database_create(char *uri) .query = _query, .execute = _execute, .transaction = _transaction, - .commit = _commit, + .commit = _commit_, .rollback = _rollback, .get_driver = _get_driver, .destroy = _destroy, diff --git a/src/libstrongswan/plugins/sshkey/Makefile.am b/src/libstrongswan/plugins/sshkey/Makefile.am index 22c076f84..5b86a7e56 100644 --- a/src/libstrongswan/plugins/sshkey/Makefile.am +++ b/src/libstrongswan/plugins/sshkey/Makefile.am @@ -2,7 +2,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libstrongswan AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-sshkey.la diff --git a/src/libstrongswan/plugins/test_vectors/Makefile.am b/src/libstrongswan/plugins/test_vectors/Makefile.am index 6dcad400d..85f86726b 100644 --- a/src/libstrongswan/plugins/test_vectors/Makefile.am +++ b/src/libstrongswan/plugins/test_vectors/Makefile.am @@ -2,7 +2,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libstrongswan AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-test-vectors.la diff --git a/src/libstrongswan/plugins/unbound/Makefile.am b/src/libstrongswan/plugins/unbound/Makefile.am index 64a5cc7e1..b8d9acec6 100644 --- a/src/libstrongswan/plugins/unbound/Makefile.am +++ b/src/libstrongswan/plugins/unbound/Makefile.am @@ -3,7 +3,7 @@ AM_CPPFLAGS = \ -DIPSEC_CONFDIR=\"${sysconfdir}\" AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-unbound.la diff --git a/src/libstrongswan/plugins/x509/Makefile.am b/src/libstrongswan/plugins/x509/Makefile.am index b464d1483..a4160bb32 100644 --- a/src/libstrongswan/plugins/x509/Makefile.am +++ b/src/libstrongswan/plugins/x509/Makefile.am @@ -2,7 +2,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libstrongswan AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-x509.la diff --git a/src/libstrongswan/plugins/x509/x509_ac.c b/src/libstrongswan/plugins/x509/x509_ac.c index 30b871d42..ed58377a6 100644 --- a/src/libstrongswan/plugins/x509/x509_ac.c +++ b/src/libstrongswan/plugins/x509/x509_ac.c @@ -754,17 +754,22 @@ static chunk_t build_attr_cert_info(private_x509_ac_t *this) /** * build an X.509 attribute certificate */ -static chunk_t build_ac(private_x509_ac_t *this) +static bool build_ac(private_x509_ac_t *this) { chunk_t signatureValue, attributeCertificateInfo; attributeCertificateInfo = build_attr_cert_info(this); - this->signerKey->sign(this->signerKey, SIGN_RSA_EMSA_PKCS1_SHA1, - attributeCertificateInfo, &signatureValue); - return asn1_wrap(ASN1_SEQUENCE, "mmm", - attributeCertificateInfo, - asn1_algorithmIdentifier(OID_SHA1_WITH_RSA), - asn1_bitstring("m", signatureValue)); + if (!this->signerKey->sign(this->signerKey, SIGN_RSA_EMSA_PKCS1_SHA1, + attributeCertificateInfo, &signatureValue)) + { + free(attributeCertificateInfo.ptr); + return FALSE; + } + this->encoding = asn1_wrap(ASN1_SEQUENCE, "mmm", + attributeCertificateInfo, + asn1_algorithmIdentifier(OID_SHA1_WITH_RSA), + asn1_bitstring("m", signatureValue)); + return TRUE; } METHOD(ac_t, get_serial, chunk_t, @@ -1154,8 +1159,10 @@ x509_ac_t *x509_ac_gen(certificate_type_t type, va_list args) ac->holderCert->get_type(ac->holderCert) == CERT_X509 && ac->signerCert->get_type(ac->signerCert) == CERT_X509) { - ac->encoding = build_ac(ac); - return &ac->public; + if (build_ac(ac)) + { + return &ac->public; + } } destroy(ac); return NULL; diff --git a/src/libstrongswan/plugins/x509/x509_ocsp_response.c b/src/libstrongswan/plugins/x509/x509_ocsp_response.c index 65b2a04bb..ad04c7dea 100644 --- a/src/libstrongswan/plugins/x509/x509_ocsp_response.c +++ b/src/libstrongswan/plugins/x509/x509_ocsp_response.c @@ -35,6 +35,11 @@ */ #define OCSP_DEFAULT_LIFETIME 30 +/* defined in wincrypt.h */ +#ifdef OCSP_RESPONSE +# undef OCSP_RESPONSE +#endif + typedef struct private_x509_ocsp_response_t private_x509_ocsp_response_t; /** diff --git a/src/libstrongswan/plugins/xcbc/Makefile.am b/src/libstrongswan/plugins/xcbc/Makefile.am index 6e2227206..43371cd13 100644 --- a/src/libstrongswan/plugins/xcbc/Makefile.am +++ b/src/libstrongswan/plugins/xcbc/Makefile.am @@ -2,7 +2,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libstrongswan AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-xcbc.la diff --git a/src/libstrongswan/processing/watcher.c b/src/libstrongswan/processing/watcher.c index 09905646c..560e47299 100644 --- a/src/libstrongswan/processing/watcher.c +++ b/src/libstrongswan/processing/watcher.c @@ -24,7 +24,9 @@ #include <unistd.h> #include <errno.h> +#ifndef WIN32 #include <sys/select.h> +#endif #include <fcntl.h> typedef struct private_watcher_t private_watcher_t; @@ -119,7 +121,14 @@ static void update(private_watcher_t *this) this->pending = TRUE; if (this->notify[1] != -1) { - ignore_result(write(this->notify[1], buf, sizeof(buf))); +#ifdef WIN32 + if (send(this->notify[1], buf, sizeof(buf), 0) == -1) +#else + if (write(this->notify[1], buf, sizeof(buf)) == -1) +#endif + { + DBG1(DBG_JOB, "notifying watcher failed: %s", strerror(errno)); + } } } @@ -293,21 +302,40 @@ static job_requeue_t watch(private_watcher_t *this) { char buf[1]; bool old; + ssize_t len; job_t *job; DBG2(DBG_JOB, "watcher going to select()"); thread_cleanup_push((void*)activate_all, this); old = thread_cancelability(TRUE); + res = select(maxfd + 1, &rd, &wr, &ex, NULL); thread_cancelability(old); thread_cleanup_pop(FALSE); + if (res > 0) { if (this->notify[0] != -1 && FD_ISSET(this->notify[0], &rd)) { - DBG2(DBG_JOB, "watcher got notification, rebuilding"); - while (read(this->notify[0], buf, sizeof(buf)) > 0); + while (TRUE) + { +#ifdef WIN32 + len = recv(this->notify[0], buf, sizeof(buf), 0); +#else + len = read(this->notify[0], buf, sizeof(buf)); +#endif + if (len == -1) + { + if (errno != EAGAIN && errno != EWOULDBLOCK) + { + DBG1(DBG_JOB, "reading watcher notify failed: %s", + strerror(errno)); + } + break; + } + } this->pending = FALSE; + DBG2(DBG_JOB, "watcher got notification, rebuilding"); return JOB_REQUEUE_DIRECT; } @@ -446,13 +474,60 @@ METHOD(watcher_t, destroy, void, free(this); } +#ifdef WIN32 + +/** + * Create notify pipe with a TCP socketpair + */ +static bool create_notify(private_watcher_t *this) +{ + u_long on = 1; + + if (socketpair(AF_INET, SOCK_STREAM, 0, this->notify) == 0) + { + /* use non-blocking I/O on read-end of notify pipe */ + if (ioctlsocket(this->notify[0], FIONBIO, &on) == 0) + { + return TRUE; + } + DBG1(DBG_LIB, "setting watcher notify pipe read-end non-blocking " + "failed: %s", strerror(errno)); + } + return FALSE; +} + +#else /* !WIN32 */ + +/** + * Create a notify pipe with a one-directional pipe + */ +static bool create_notify(private_watcher_t *this) +{ + int flags; + + if (pipe(this->notify) == 0) + { + /* use non-blocking I/O on read-end of notify pipe */ + flags = fcntl(this->notify[0], F_GETFL); + if (flags != -1 && + fcntl(this->notify[0], F_SETFL, flags | O_NONBLOCK) != -1) + { + return TRUE; + } + DBG1(DBG_LIB, "setting watcher notify pipe read-end non-blocking " + "failed: %s", strerror(errno)); + } + return FALSE; +} + +#endif /* !WIN32 */ + /** * See header */ watcher_t *watcher_create() { private_watcher_t *this; - int flags; INIT(this, .public = { @@ -467,18 +542,7 @@ watcher_t *watcher_create() .notify = {-1, -1}, ); - if (pipe(this->notify) == 0) - { - /* use non-blocking I/O on read-end of notify pipe */ - flags = fcntl(this->notify[0], F_GETFL); - if (flags == -1 || - fcntl(this->notify[0], F_SETFL, flags | O_NONBLOCK) == -1) - { - DBG1(DBG_LIB, "setting watcher notify pipe read-end non-blocking " - "failed: %s", strerror(errno)); - } - } - else + if (!create_notify(this)) { DBG1(DBG_LIB, "creating watcher notify pipe failed: %s", strerror(errno)); diff --git a/src/libstrongswan/selectors/traffic_selector.c b/src/libstrongswan/selectors/traffic_selector.c index b9d9b6556..94b77467a 100644 --- a/src/libstrongswan/selectors/traffic_selector.c +++ b/src/libstrongswan/selectors/traffic_selector.c @@ -15,16 +15,15 @@ * for more details. */ -#include <arpa/inet.h> #include <string.h> -#include <netdb.h> #include <stdio.h> #include "traffic_selector.h" -#include <collections/linked_list.h> -#include <utils/identification.h> #include <utils/debug.h> +#include <utils/utils.h> +#include <utils/identification.h> +#include <collections/linked_list.h> #define NON_SUBNET_ADDRESS_RANGE 255 diff --git a/src/libstrongswan/tests/suites/test_chunk.c b/src/libstrongswan/tests/suites/test_chunk.c index 34ace2894..b33d70ec7 100644 --- a/src/libstrongswan/tests/suites/test_chunk.c +++ b/src/libstrongswan/tests/suites/test_chunk.c @@ -790,7 +790,11 @@ END_TEST START_TEST(test_chunk_map) { chunk_t *map, contents = chunk_from_chars(0x01,0x02,0x03,0x04,0x05); +#ifdef WIN32 + char *path = "C:\\Windows\\Temp\\strongswan-chunk-map-test"; +#else char *path = "/tmp/strongswan-chunk-map-test"; +#endif ck_assert(chunk_write(contents, path, 022, TRUE)); @@ -827,7 +831,11 @@ END_TEST START_TEST(test_chunk_from_fd_file) { chunk_t in, contents = chunk_from_chars(0x01,0x02,0x03,0x04,0x05); +#ifdef WIN32 + char *path = "C:\\Windows\\Temp\\strongswan-chunk-fd-test"; +#else char *path = "/tmp/strongswan-chunk-fd-test"; +#endif int fd; ck_assert(chunk_write(contents, path, 022, TRUE)); @@ -849,7 +857,7 @@ START_TEST(test_chunk_from_fd_skt) int s[2]; ck_assert(socketpair(AF_UNIX, SOCK_STREAM, 0, s) == 0); - ck_assert(write(s[1], contents.ptr, contents.len) == contents.len); + ck_assert_int_eq(send(s[1], contents.ptr, contents.len, 0), contents.len); close(s[1]); ck_assert_msg(chunk_from_fd(s[0], &in), "%s", strerror(errno)); close(s[0]); @@ -866,7 +874,7 @@ void *chunk_from_fd_run(void *data) for (i = 0; i < FROM_FD_COUNT; i++) { - ck_assert(write(fd, &i, sizeof(i)) == sizeof(i)); + ck_assert(send(fd, &i, sizeof(i), 0) == sizeof(i)); } close(fd); return NULL; diff --git a/src/libstrongswan/tests/suites/test_host.c b/src/libstrongswan/tests/suites/test_host.c index 30b9eb940..63442083a 100644 --- a/src/libstrongswan/tests/suites/test_host.c +++ b/src/libstrongswan/tests/suites/test_host.c @@ -286,8 +286,8 @@ END_TEST START_TEST(test_create_from_sockaddr_other) { - struct sockaddr_un addr = { - .sun_family = AF_UNIX, + struct sockaddr addr = { + .sa_family = AF_UNIX, }; host_t *host; diff --git a/src/libstrongswan/tests/suites/test_settings.c b/src/libstrongswan/tests/suites/test_settings.c index 97e45fc04..32676be26 100644 --- a/src/libstrongswan/tests/suites/test_settings.c +++ b/src/libstrongswan/tests/suites/test_settings.c @@ -22,7 +22,11 @@ #include <utils/utils.h> #include <collections/linked_list.h> +#ifdef WIN32 +static char *path = "C:\\Windows\\Temp\\strongswan-settings-test"; +#else static char *path = "/tmp/strongswan-settings-test"; +#endif static settings_t *settings; static void create_settings(chunk_t contents) @@ -522,8 +526,13 @@ START_TEST(test_key_value_enumerator) } END_TEST -#define include1 "/tmp/strongswan-settings-test-include1" -#define include2 "/tmp/strongswan-settings-test-include2" +#ifdef WIN32 +# define include1 "C:\\Windows\\Temp\\strongswan-settings-test-include1" +# define include2 "C:\\Windows\\Temp\\strongswan-settings-test-include2" +#else +# define include1 "/tmp/strongswan-settings-test-include1" +# define include2 "/tmp/strongswan-settings-test-include2" +#endif START_SETUP(setup_include_config) { @@ -675,6 +684,7 @@ START_TEST(test_load_files_section) ck_assert(!settings->load_files_section(settings, include1".conf", TRUE, "")); verify_include(); +#ifndef WIN32 /* unreadable files are too (only fails when not running as root) */ if (getuid() != 0) { @@ -683,6 +693,7 @@ START_TEST(test_load_files_section) unlink(include1".no"); verify_include(); } +#endif ck_assert(settings->load_files_section(settings, include2, FALSE, "main")); verify_null("main.key1"); diff --git a/src/libstrongswan/tests/suites/test_stream.c b/src/libstrongswan/tests/suites/test_stream.c index 2d3173d46..899306af2 100644 --- a/src/libstrongswan/tests/suites/test_stream.c +++ b/src/libstrongswan/tests/suites/test_stream.c @@ -18,7 +18,9 @@ #include <unistd.h> static char* services[] = { +#ifndef WIN32 "unix:///tmp/strongswan-test-service.sck", +#endif "tcp://127.0.0.1:7766", "tcp://[::1]:7766", }; @@ -121,7 +123,6 @@ START_TEST(test_async) stream_service_t *service; stream_t *stream; - lib->processor->set_threads(lib->processor, 8); service = lib->streams->create_service(lib->streams, services[_i], 1); diff --git a/src/libstrongswan/tests/suites/test_threading.c b/src/libstrongswan/tests/suites/test_threading.c index 496310c8c..0526d9d6e 100644 --- a/src/libstrongswan/tests/suites/test_threading.c +++ b/src/libstrongswan/tests/suites/test_threading.c @@ -16,7 +16,6 @@ #include "test_suite.h" -#include <sched.h> #include <unistd.h> #include <threading/thread.h> diff --git a/src/libstrongswan/tests/suites/test_utils.c b/src/libstrongswan/tests/suites/test_utils.c index 0260726b2..abca4620e 100644 --- a/src/libstrongswan/tests/suites/test_utils.c +++ b/src/libstrongswan/tests/suites/test_utils.c @@ -508,34 +508,55 @@ START_TEST(test_strreplace) END_TEST /******************************************************************************* - * path_dirname/basename + * path_dirname/basename/absolute */ static struct { char *path; char *dir; char *base; + bool absolute; } path_data[] = { - {NULL, ".", "."}, - {"", ".", "."}, - {".", ".", "."}, - {"..", ".", ".."}, - {"/", "/", "/"}, - {"//", "/", "/"}, - {"foo", ".", "foo"}, - {"f/", ".", "f"}, - {"foo/", ".", "foo"}, - {"foo//", ".", "foo"}, - {"/f", "/", "f"}, - {"/f/", "/", "f"}, - {"/foo", "/", "foo"}, - {"/foo/", "/", "foo"}, - {"//foo/", "/", "foo"}, - {"foo/bar", "foo", "bar"}, - {"foo//bar", "foo", "bar"}, - {"/foo/bar", "/foo", "bar"}, - {"/foo/bar/", "/foo", "bar"}, - {"/foo/bar/baz", "/foo/bar", "baz"}, + {NULL, ".", ".", FALSE}, + {"", ".", ".", FALSE}, + {".", ".", ".", FALSE}, + {"..", ".", "..", FALSE}, +#ifdef WIN32 + {"C:\\", "C:", "C:", TRUE}, + {"X:\\\\", "X:", "X:", TRUE}, + {"foo", ".", "foo", FALSE}, + {"f\\", ".", "f", FALSE}, + {"foo\\", ".", "foo", FALSE}, + {"foo\\\\", ".", "foo", FALSE}, + {"d:\\f", "d:", "f", TRUE}, + {"C:\\f\\", "C:", "f", TRUE}, + {"C:\\foo", "C:", "foo", TRUE}, + {"C:\\foo\\", "C:", "foo", TRUE}, + {"foo\\bar", "foo", "bar", FALSE}, + {"foo\\\\bar", "foo", "bar", FALSE}, + {"C:\\foo\\bar", "C:\\foo", "bar", TRUE}, + {"C:\\foo\\bar\\", "C:\\foo", "bar", TRUE}, + {"C:\\foo\\bar\\baz", "C:\\foo\\bar", "baz", TRUE}, + {"\\foo\\bar", "\\foo", "bar", FALSE}, + {"\\\\foo\\bar", "\\\\foo", "bar", TRUE}, +#else /* !WIN32 */ + {"/", "/", "/", TRUE}, + {"//", "/", "/", TRUE}, + {"foo", ".", "foo", FALSE}, + {"f/", ".", "f", FALSE}, + {"foo/", ".", "foo", FALSE}, + {"foo//", ".", "foo", FALSE}, + {"/f", "/", "f", TRUE}, + {"/f/", "/", "f", TRUE}, + {"/foo", "/", "foo", TRUE}, + {"/foo/", "/", "foo", TRUE}, + {"//foo/", "/", "foo", TRUE}, + {"foo/bar", "foo", "bar", FALSE}, + {"foo//bar", "foo", "bar", FALSE}, + {"/foo/bar", "/foo", "bar", TRUE}, + {"/foo/bar/", "/foo", "bar", TRUE}, + {"/foo/bar/baz", "/foo/bar", "baz", TRUE}, +#endif }; START_TEST(test_path_dirname) @@ -558,6 +579,12 @@ START_TEST(test_path_basename) } END_TEST +START_TEST(test_path_absolute) +{ + ck_assert(path_data[_i].absolute == path_absolute(path_data[_i].path)); +} +END_TEST + /******************************************************************************* * time_printf_hook */ @@ -674,7 +701,11 @@ Suite *utils_suite_create() TCase *tc; /* force a timezone to match non-UTC conversions */ +#ifdef WIN32 + _putenv("TZ=GST-1GDT"); +#else setenv("TZ", "Europe/Zurich", 1); +#endif tzset(); s = suite_create("utils"); @@ -725,11 +756,18 @@ Suite *utils_suite_create() tcase_add_loop_test(tc, test_strreplace, 0, countof(strreplace_data)); suite_add_tcase(s, tc); - tc = tcase_create("path_dirname/basename"); + tc = tcase_create("path_dirname"); tcase_add_loop_test(tc, test_path_dirname, 0, countof(path_data)); + suite_add_tcase(s, tc); + + tc = tcase_create("path_basename"); tcase_add_loop_test(tc, test_path_basename, 0, countof(path_data)); suite_add_tcase(s, tc); + tc = tcase_create("path_absolute"); + tcase_add_loop_test(tc, test_path_absolute, 0, countof(path_data)); + suite_add_tcase(s, tc); + tc = tcase_create("printf_hooks"); tcase_add_loop_test(tc, test_time_printf_hook, 0, countof(time_data)); tcase_add_loop_test(tc, test_time_delta_printf_hook, 0, countof(time_delta_data)); diff --git a/src/libstrongswan/tests/suites/test_watcher.c b/src/libstrongswan/tests/suites/test_watcher.c index 9415bead9..11b4c3a7d 100644 --- a/src/libstrongswan/tests/suites/test_watcher.c +++ b/src/libstrongswan/tests/suites/test_watcher.c @@ -17,7 +17,6 @@ #include <library.h> -#include <sched.h> #include <unistd.h> #include <errno.h> @@ -48,7 +47,7 @@ START_TEST(test_read) for (c = 'a'; c <= 'z'; c++) { - ck_assert_int_eq(write(fd[1], &c, 1), 1); + ck_assert_int_eq(send(fd[1], &c, 1, 0), 1); while (testbuf[0] != c) { sched_yield(); @@ -84,7 +83,7 @@ START_TEST(test_write) lib->watcher->add(lib->watcher, fd[1], WATCHER_WRITE, writecb, &in); - ck_assert_int_eq(read(fd[0], &out, 1), 1); + ck_assert_int_eq(recv(fd[0], &out, 1, 0), 1); ck_assert_int_eq(out, in); lib->watcher->remove(lib->watcher, fd[1]); @@ -123,7 +122,7 @@ START_TEST(test_multiread) { for (in = 'a'; in <= 'z'; in++) { - ck_assert_int_eq(write(fd[i][1], &in, 1), 1); + ck_assert_int_eq(send(fd[i][1], &in, 1, 0), 1); while (out[i] != in) { sched_yield(); @@ -171,7 +170,7 @@ START_TEST(test_multiwrite) { for (i = 0; i < countof(fd); i++) { - ck_assert_int_eq(read(fd[i][0], &out, 1), 1); + ck_assert_int_eq(recv(fd[i][0], &out, 1, 0), 1); ck_assert_int_eq(out, i); } } diff --git a/src/libstrongswan/tests/test_runner.c b/src/libstrongswan/tests/test_runner.c index 1f11050f4..443c0ae13 100644 --- a/src/libstrongswan/tests/test_runner.c +++ b/src/libstrongswan/tests/test_runner.c @@ -18,6 +18,7 @@ #include "test_runner.h" #include <library.h> +#include <threading/thread.h> #include <plugins/plugin_feature.h> #include <collections/array.h> #include <utils/test.h> @@ -34,32 +35,12 @@ #define TTY(color) tty_escape_get(2, TTY_FG_##color) /** - * Initialize the lookup table for testable functions (defined in - * libstrongswan). We don't use the constructor attribute as the order can't - * really be defined (clang does not support it and gcc does not adhere to it in - * the monolithic build). The function here is a weak symbol in libstrongswan. + * A global symbol indicating libtest linkage */ -void testable_functions_create() -{ - if (!testable_functions) - { - testable_functions = hashtable_create(hashtable_hash_str, - hashtable_equals_str, 8); - } -} - -/** - * Destroy the lookup table for testable functions - */ -static void testable_functions_destroy() __attribute__ ((destructor)); -static void testable_functions_destroy() -{ - DESTROY_IF(testable_functions); - /* if leak detective is enabled plugins are not actually unloaded, which - * means their destructor is called AFTER this one when the process - * terminates, make sure this does not crash */ - testable_functions = NULL; -} +#ifdef WIN32 +__declspec(dllexport) +#endif +bool test_runner_available = TRUE; /** * Destroy a single test suite and associated data @@ -372,6 +353,7 @@ static void print_failures(array_t *failures) { failure_t failure; + threads_init(); backtrace_init(); while (array_remove(failures, 0, &failure)) @@ -391,6 +373,7 @@ static void print_failures(array_t *failures) } backtrace_deinit(); + threads_deinit(); } /** diff --git a/src/libstrongswan/tests/test_suite.c b/src/libstrongswan/tests/test_suite.c index a636d6f7c..c80c6efd6 100644 --- a/src/libstrongswan/tests/test_suite.c +++ b/src/libstrongswan/tests/test_suite.c @@ -18,7 +18,11 @@ #include <signal.h> #include <unistd.h> +#ifndef WIN32 #include <pthread.h> +#endif + +#include <threading/thread.h> /** * Failure message buf @@ -46,11 +50,6 @@ static backtrace_t *failure_backtrace; static bool worker_failed; /** - * Longjump restore point when failing - */ -sigjmp_buf test_restore_point_env; - -/** * See header. */ test_suite_t* test_suite_create(const char *name) @@ -124,54 +123,189 @@ void test_suite_add_case(test_suite_t *suite, test_case_t *tcase) array_insert(suite->tcases, -1, tcase); } +#ifdef WIN32 + /** - * Main thread performing tests + * Longjump restore point when failing */ -static pthread_t main_thread; +jmp_buf test_restore_point_env; + +/** + * Thread ID of main thread + */ +static DWORD main_thread; + +/** + * APC routine invoked by main thread on worker failure + */ +static void set_worker_failure(ULONG_PTR dwParam) +{ + worker_failed = TRUE; +} /** * Let test case fail */ -static inline void test_failure() +static void test_failure() { - if (pthread_self() == main_thread) + if (GetCurrentThreadId() == main_thread) { - siglongjmp(test_restore_point_env, 1); + longjmp(test_restore_point_env, 1); } else { - pthread_kill(main_thread, SIGUSR1); - /* terminate thread to prevent it from going wild */ - pthread_exit(NULL); + HANDLE *thread; + + thread = OpenThread(THREAD_SET_CONTEXT, FALSE, main_thread); + if (thread) + { + QueueUserAPC(set_worker_failure, thread, (uintptr_t)NULL); + CloseHandle(thread); + } + thread_exit(NULL); } } /** * See header. */ -void test_fail_vmsg(const char *file, int line, char *fmt, va_list args) +void test_fail_if_worker_failed() { - vsnprintf(failure_buf, sizeof(failure_buf), fmt, args); - failure_line = line; - failure_file = file; + if (GetCurrentThreadId() == main_thread && worker_failed) + { + test_failure(); + } +} - test_failure(); +/** + * Vectored exception handler + */ +static long eh_handler(PEXCEPTION_POINTERS ei) +{ + char *ename; + bool old = FALSE; + + switch (ei->ExceptionRecord->ExceptionCode) + { + case EXCEPTION_ACCESS_VIOLATION: + ename = "ACCESS_VIOLATION"; + break; + case EXCEPTION_ARRAY_BOUNDS_EXCEEDED: + ename = "ARRAY_BOUNDS_EXCEEDED"; + break; + case EXCEPTION_DATATYPE_MISALIGNMENT: + ename = "DATATYPE_MISALIGNMENT"; + break; + case EXCEPTION_FLT_DENORMAL_OPERAND: + ename = "FLT_DENORMAL_OPERAND"; + break; + case EXCEPTION_FLT_DIVIDE_BY_ZERO: + ename = "FLT_DIVIDE_BY_ZERO"; + break; + case EXCEPTION_FLT_INEXACT_RESULT: + ename = "FLT_INEXACT_RESULT"; + break; + case EXCEPTION_FLT_INVALID_OPERATION: + ename = "FLT_INVALID_OPERATION"; + break; + case EXCEPTION_FLT_OVERFLOW: + ename = "FLT_OVERFLOW"; + break; + case EXCEPTION_FLT_STACK_CHECK: + ename = "FLT_STACK_CHECK"; + break; + case EXCEPTION_FLT_UNDERFLOW: + ename = "FLT_UNDERFLOW"; + break; + case EXCEPTION_ILLEGAL_INSTRUCTION: + ename = "ILLEGAL_INSTRUCTION"; + break; + case EXCEPTION_IN_PAGE_ERROR: + ename = "IN_PAGE_ERROR"; + break; + case EXCEPTION_INT_DIVIDE_BY_ZERO: + ename = "INT_DIVIDE_BY_ZERO"; + break; + case EXCEPTION_INT_OVERFLOW: + ename = "INT_OVERFLOW"; + break; + case EXCEPTION_INVALID_DISPOSITION: + ename = "INVALID_DISPOSITION"; + break; + case EXCEPTION_NONCONTINUABLE_EXCEPTION: + ename = "NONCONTINUABLE_EXCEPTION"; + break; + case EXCEPTION_PRIV_INSTRUCTION: + ename = "PRIV_INSTRUCTION"; + break; + case EXCEPTION_STACK_OVERFLOW: + ename = "STACK_OVERFLOW"; + break; + default: + return EXCEPTION_CONTINUE_EXECUTION; + } + + if (lib->leak_detective) + { + old = lib->leak_detective->set_state(lib->leak_detective, FALSE); + } + failure_backtrace = backtrace_create(5); + if (lib->leak_detective) + { + lib->leak_detective->set_state(lib->leak_detective, old); + } + failure_line = 0; + test_fail_msg(NULL, 0, "%s exception", ename); + /* not reached */ + return EXCEPTION_CONTINUE_EXECUTION; } /** * See header. */ -void test_fail_msg(const char *file, int line, char *fmt, ...) +void test_setup_handler() { - va_list args; + main_thread = GetCurrentThreadId(); + AddVectoredExceptionHandler(0, eh_handler); +} - va_start(args, fmt); - vsnprintf(failure_buf, sizeof(failure_buf), fmt, args); - failure_line = line; - failure_file = file; - va_end(args); +/** + * See header. + */ +void test_setup_timeout(int s) +{ + /* TODO: currently not supported. SetTimer()? */ - test_failure(); + worker_failed = FALSE; +} + +#else /* !WIN32 */ + +/** + * Longjump restore point when failing + */ +sigjmp_buf test_restore_point_env; + +/** + * Main thread performing tests + */ +static pthread_t main_thread; + +/** + * Let test case fail + */ +static inline void test_failure() +{ + if (pthread_self() == main_thread) + { + siglongjmp(test_restore_point_env, 1); + } + else + { + pthread_kill(main_thread, SIGUSR1); + /* terminate thread to prevent it from going wild */ + pthread_exit(NULL); + } } /** @@ -272,6 +406,35 @@ void test_setup_timeout(int s) worker_failed = FALSE; } +#endif /* !WIN32 */ + +/** + * See header. + */ +void test_fail_vmsg(const char *file, int line, char *fmt, va_list args) +{ + vsnprintf(failure_buf, sizeof(failure_buf), fmt, args); + failure_line = line; + failure_file = file; + + test_failure(); +} +/** + * See header. + */ +void test_fail_msg(const char *file, int line, char *fmt, ...) +{ + va_list args; + + va_start(args, fmt); + vsnprintf(failure_buf, sizeof(failure_buf), fmt, args); + failure_line = line; + failure_file = file; + va_end(args); + + test_failure(); +} + /** * See header. */ diff --git a/src/libstrongswan/tests/test_suite.h b/src/libstrongswan/tests/test_suite.h index 4bef6ff37..da57ab46c 100644 --- a/src/libstrongswan/tests/test_suite.h +++ b/src/libstrongswan/tests/test_suite.h @@ -174,7 +174,11 @@ void test_suite_add_case(test_suite_t *suite, test_case_t *tcase); /** * sigjmp restore point used by test_restore_point */ +#ifdef WIN32 +extern jmp_buf test_restore_point_env; +#else extern sigjmp_buf test_restore_point_env; +#endif /** * Set or return from an execution restore point @@ -185,7 +189,11 @@ extern sigjmp_buf test_restore_point_env; * * @return TRUE if restore point set, FALSE when restored */ -#define test_restore_point() (sigsetjmp(test_restore_point_env, 1) == 0) +#ifdef WIN32 +# define test_restore_point() (setjmp(test_restore_point_env) == 0) +#else +# define test_restore_point() (sigsetjmp(test_restore_point_env, 1) == 0) +#endif /** * Set up signal handlers for test cases diff --git a/src/libstrongswan/threading/thread.c b/src/libstrongswan/threading/thread.c index 0adfb31d0..593f44a44 100644 --- a/src/libstrongswan/threading/thread.c +++ b/src/libstrongswan/threading/thread.c @@ -301,6 +301,9 @@ static void *thread_main(private_thread_t *this) #ifdef HAVE_GETTID DBG2(DBG_LIB, "created thread %.2d [%u]", this->id, gettid()); +#elif defined(WIN32) + DBG2(DBG_LIB, "created thread %.2d [%p]", + this->id, this->thread_id.p); #else DBG2(DBG_LIB, "created thread %.2d [%lx]", this->id, (u_long)this->thread_id); diff --git a/src/libstrongswan/threading/windows/mutex.c b/src/libstrongswan/threading/windows/mutex.c new file mode 100644 index 000000000..a26889580 --- /dev/null +++ b/src/libstrongswan/threading/windows/mutex.c @@ -0,0 +1,196 @@ +/* + * Copyright (C) 2013 Martin Willi + * Copyright (C) 2013 revosec AG + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "thread.h" + +#include <utils/debug.h> +#include <threading/mutex.h> +#include <threading/condvar.h> + +typedef struct private_mutex_t private_mutex_t; +typedef struct private_condvar_t private_condvar_t; + +/** + * private data of mutex + */ +struct private_mutex_t { + + /** + * public functions + */ + mutex_t public; + + /** + * wrapped critical section + */ + CRITICAL_SECTION cs; + + /** + * Recursive lock count + */ + u_int times; +}; + +/** + * private data of condvar + */ +struct private_condvar_t { + + /** + * public functions + */ + condvar_t public; + + /** + * wrapped condition variable + */ + CONDITION_VARIABLE cv; +}; + + +METHOD(mutex_t, lock, void, + private_mutex_t *this) +{ + EnterCriticalSection(&this->cs); + this->times++; +} + +METHOD(mutex_t, unlock, void, + private_mutex_t *this) +{ + this->times--; + LeaveCriticalSection(&this->cs); +} + +METHOD(mutex_t, mutex_destroy, void, + private_mutex_t *this) +{ + DeleteCriticalSection(&this->cs); + free(this); +} + +/* + * see header file + */ +mutex_t *mutex_create(mutex_type_t type) +{ + private_mutex_t *this; + + INIT(this, + .public = { + .lock = _lock, + .unlock = _unlock, + .destroy = _mutex_destroy, + }, + ); + + /* CriticalSections are recursive, we use it for all mutex types. */ + InitializeCriticalSection(&this->cs); + + return &this->public; +} + +METHOD(condvar_t, timed_wait, bool, + private_condvar_t *this, mutex_t *pubmutex, u_int timeout) +{ + private_mutex_t *mutex = (private_mutex_t*)pubmutex; + u_int times; + bool ret; + + thread_set_active_condvar(&this->cv); + + /* while a CriticalSection is recursive, waiting in a condvar releases + * only one mutex. So release (and reaquire) all locks except the last. */ + times = mutex->times; + while (mutex->times-- > 1) + { + LeaveCriticalSection(&mutex->cs); + } + + ret = SleepConditionVariableCS(&this->cv, &mutex->cs, timeout); + + while (++mutex->times < times) + { + EnterCriticalSection(&mutex->cs); + } + + thread_set_active_condvar(NULL); + + return ret == 0; +} + +METHOD(condvar_t, wait_, void, + private_condvar_t *this, mutex_t *mutex) +{ + timed_wait(this, mutex, INFINITE); +} + +METHOD(condvar_t, timed_wait_abs, bool, + private_condvar_t *this, mutex_t *mutex, timeval_t tv) +{ + DWORD timeout; + timeval_t now, diff; + + time_monotonic(&now); + if (timercmp(&now, &tv, >)) + { + return TRUE; + } + timersub(&tv, &now, &diff); + timeout = diff.tv_sec * 1000 + diff.tv_usec / 1000; + + return timed_wait(this, mutex, timeout); +} + +METHOD(condvar_t, signal_, void, + private_condvar_t *this) +{ + WakeConditionVariable(&this->cv); +} + +METHOD(condvar_t, broadcast, void, + private_condvar_t *this) +{ + WakeAllConditionVariable(&this->cv); +} + +METHOD(condvar_t, condvar_destroy, void, + private_condvar_t *this) +{ + free(this); +} + +/* + * see header file + */ +condvar_t *condvar_create(condvar_type_t type) +{ + private_condvar_t *this; + + INIT(this, + .public = { + .wait = _wait_, + .timed_wait = _timed_wait, + .timed_wait_abs = _timed_wait_abs, + .signal = _signal_, + .broadcast = _broadcast, + .destroy = _condvar_destroy, + } + ); + + InitializeConditionVariable(&this->cv); + + return &this->public; +} diff --git a/src/libstrongswan/threading/windows/rwlock.c b/src/libstrongswan/threading/windows/rwlock.c new file mode 100644 index 000000000..0de57f713 --- /dev/null +++ b/src/libstrongswan/threading/windows/rwlock.c @@ -0,0 +1,220 @@ +/* + * Copyright (C) 2013 Martin Willi + * Copyright (C) 2013 revosec AG + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "thread.h" + +#include <utils/debug.h> +#include <threading/rwlock.h> +#include <threading/rwlock_condvar.h> +#include <threading/thread_value.h> + +typedef struct private_rwlock_t private_rwlock_t; +typedef struct private_rwlock_condvar_t private_rwlock_condvar_t; + +/** + * private data of rwlock + */ +struct private_rwlock_t { + + /** + * public functions + */ + rwlock_t public; + + /** + * wrapped rwlock + */ + SRWLOCK srw; + + /** + * Thread specific shared lock count + */ + thread_value_t *shared; +}; + +/** + * private data of condvar + */ +struct private_rwlock_condvar_t { + + /** + * public interface + */ + rwlock_condvar_t public; + + /** + * condition variable + */ + CONDITION_VARIABLE cv; +}; + +METHOD(rwlock_t, read_lock, void, + private_rwlock_t *this) +{ + uintptr_t count; + + /* Recursive read locks are not supported. Use a thread specific + * recursiveness counter. */ + + count = (uintptr_t)this->shared->get(this->shared); + if (count == 0) + { + AcquireSRWLockShared(&this->srw); + } + this->shared->set(this->shared, (void*)(count + 1)); +} + +METHOD(rwlock_t, write_lock, void, + private_rwlock_t *this) +{ + AcquireSRWLockExclusive(&this->srw); +} + +METHOD(rwlock_t, try_write_lock, bool, + private_rwlock_t *this) +{ + /* TODO: causes random failures and segfaults. Bug? */ + return FALSE; + return TryAcquireSRWLockExclusive(&this->srw); +} + +METHOD(rwlock_t, unlock, void, + private_rwlock_t *this) +{ + uintptr_t count; + + count = (uintptr_t)this->shared->get(this->shared); + switch (count) + { + case 0: + ReleaseSRWLockExclusive(&this->srw); + break; + case 1: + ReleaseSRWLockShared(&this->srw); + /* fall */ + default: + this->shared->set(this->shared, (void*)(count - 1)); + break; + } +} + +METHOD(rwlock_t, destroy, void, + private_rwlock_t *this) +{ + this->shared->destroy(this->shared); + free(this); +} + +/* + * see header file + */ +rwlock_t *rwlock_create(rwlock_type_t type) +{ + private_rwlock_t *this; + + INIT(this, + .public = { + .read_lock = _read_lock, + .write_lock = _write_lock, + .try_write_lock = _try_write_lock, + .unlock = _unlock, + .destroy = _destroy, + }, + .shared = thread_value_create(NULL), + ); + + InitializeSRWLock(&this->srw); + + return &this->public; +} + +METHOD(rwlock_condvar_t, timed_wait, bool, + private_rwlock_condvar_t *this, rwlock_t *pubrwlock, u_int timeout) +{ + private_rwlock_t *rwlock = (private_rwlock_t*)pubrwlock; + bool ret; + + thread_set_active_condvar(&this->cv); + + ret = SleepConditionVariableSRW(&this->cv, &rwlock->srw, timeout, 0); + + thread_set_active_condvar(NULL); + + return ret == 0; +} + +METHOD(rwlock_condvar_t, wait_, void, + private_rwlock_condvar_t *this, rwlock_t *lock) +{ + timed_wait(this, lock, INFINITE); +} + +METHOD(rwlock_condvar_t, timed_wait_abs, bool, + private_rwlock_condvar_t *this, rwlock_t *lock, timeval_t tv) +{ + DWORD timeout; + timeval_t now, diff; + + time_monotonic(&now); + if (timercmp(&now, &tv, >)) + { + return TRUE; + } + timersub(&tv, &now, &diff); + timeout = diff.tv_sec * 1000 + diff.tv_usec / 1000; + + return timed_wait(this, lock, timeout); +} + +METHOD(rwlock_condvar_t, signal_, void, + private_rwlock_condvar_t *this) +{ + WakeConditionVariable(&this->cv); +} + +METHOD(rwlock_condvar_t, broadcast, void, + private_rwlock_condvar_t *this) +{ + WakeAllConditionVariable(&this->cv); +} + +METHOD(rwlock_condvar_t, condvar_destroy, void, + private_rwlock_condvar_t *this) +{ + free(this); +} + +/* + * see header file + */ +rwlock_condvar_t *rwlock_condvar_create() +{ + private_rwlock_condvar_t *this; + + INIT(this, + .public = { + .wait = _wait_, + .timed_wait = _timed_wait, + .timed_wait_abs = _timed_wait_abs, + .signal = _signal_, + .broadcast = _broadcast, + .destroy = _condvar_destroy, + }, + ); + + InitializeConditionVariable(&this->cv); + + return &this->public; +} diff --git a/src/libstrongswan/threading/windows/semaphore.c b/src/libstrongswan/threading/windows/semaphore.c new file mode 100644 index 000000000..29f523d3e --- /dev/null +++ b/src/libstrongswan/threading/windows/semaphore.c @@ -0,0 +1,101 @@ +/* + * Copyright (C) 2013 Martin Willi + * Copyright (C) 2013 revosec AG + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include <library.h> +#include <threading/semaphore.h> + +typedef struct private_semaphore_t private_semaphore_t; + +/** + * private data of a semaphore + */ +struct private_semaphore_t { + /** + * public interface + */ + semaphore_t public; + + /** + * Handle to semaphore + */ + HANDLE handle; +}; + +METHOD(semaphore_t, timed_wait, bool, + private_semaphore_t *this, u_int timeout) +{ + /* use alertable wait to allow cancellation */ + return WaitForSingleObjectEx(this->handle, timeout, TRUE) == WAIT_TIMEOUT; +} + +METHOD(semaphore_t, timed_wait_abs, bool, + private_semaphore_t *this, timeval_t tv) +{ + DWORD timeout; + timeval_t now, diff; + + time_monotonic(&now); + if (timercmp(&now, &tv, >)) + { + return TRUE; + } + timersub(&tv, &now, &diff); + timeout = diff.tv_sec * 1000 + diff.tv_usec / 1000; + + return timed_wait(this, timeout); +} + +METHOD(semaphore_t, wait_, void, + private_semaphore_t *this) +{ + timed_wait(this, INFINITE); +} + +METHOD(semaphore_t, post, void, + private_semaphore_t *this) +{ + ReleaseSemaphore(this->handle, 1, NULL); +} + +METHOD(semaphore_t, destroy, void, + private_semaphore_t *this) +{ + CloseHandle(this->handle); + free(this); +} + +/* + * Described in header + */ +semaphore_t *semaphore_create(u_int value) +{ + private_semaphore_t *this; + + INIT(this, + .public = { + .wait = _wait_, + .timed_wait = _timed_wait, + .timed_wait_abs = _timed_wait_abs, + .post = _post, + .destroy = _destroy, + }, + /* our API does not have an upper limit, but Windows requires one. + * 0xFFFFFFF (268435455) is the highest value for which Windows does + * not return ERROR_INVALID_PARAMETER, and should be sufficient. */ + .handle = CreateSemaphore(NULL, value, 0xFFFFFFF, NULL), + ); + + return &this->public; +} diff --git a/src/libstrongswan/threading/windows/spinlock.c b/src/libstrongswan/threading/windows/spinlock.c new file mode 100644 index 000000000..155dd56dc --- /dev/null +++ b/src/libstrongswan/threading/windows/spinlock.c @@ -0,0 +1,79 @@ +/* + * Copyright (C) 2013 Martin Willi + * Copyright (C) 2013 revosec AG + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include <library.h> +#include <threading/spinlock.h> + +typedef struct private_spinlock_t private_spinlock_t; + +/** + * private data of spinlock + */ +struct private_spinlock_t { + + /** + * public functions + */ + spinlock_t public; + + /** + * wrapped critical section + */ + CRITICAL_SECTION cs; +}; + +METHOD(spinlock_t, lock, void, + private_spinlock_t *this) +{ + EnterCriticalSection(&this->cs); +} + +METHOD(spinlock_t, unlock, void, + private_spinlock_t *this) +{ + LeaveCriticalSection(&this->cs); +} + +METHOD(spinlock_t, destroy, void, + private_spinlock_t *this) +{ + DeleteCriticalSection(&this->cs); + free(this); +} + +/* + * see header file + */ +spinlock_t *spinlock_create() +{ + private_spinlock_t *this; + + INIT(this, + .public = { + .lock = _lock, + .unlock = _unlock, + .destroy = _destroy, + }, + ); + + /* Usually the wait time in a spinlock should be short, so we could have + * a high spincount. But having a large/INFINITE spincount does not scale + * that well where a spinlock is not the perfect choice for a lock. We + * choose the spincount quite arbitrary, so we go to wait if it is not + * much more expensive than spinning. */ + InitializeCriticalSectionAndSpinCount(&this->cs, 256); + + return &this->public; +} diff --git a/src/libstrongswan/threading/windows/thread.c b/src/libstrongswan/threading/windows/thread.c new file mode 100644 index 000000000..2ea0f9a7e --- /dev/null +++ b/src/libstrongswan/threading/windows/thread.c @@ -0,0 +1,661 @@ +/* + * Copyright (C) 2013 Martin Willi + * Copyright (C) 2013 revosec AG + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "thread.h" + +#include <utils/debug.h> +#include <threading/spinlock.h> +#include <threading/thread.h> +#include <collections/hashtable.h> +#include <collections/array.h> + + +typedef struct private_thread_t private_thread_t; + +struct private_thread_t { + + /** + * Public interface. + */ + thread_t public; + + /** + * GetCurrentThreadId() of thread + */ + DWORD id; + + /** + * Printable thread id returned by thread_current_id() + */ + u_int tid; + + /** + * Windows thread handle + */ + HANDLE handle; + + /** + * Main function of this thread (NULL for the main thread). + */ + thread_main_t main; + + /** + * Argument for the main function. + */ + void *arg; + + /** + * Thread return value + */ + void *ret; + + /** + * Stack of cleanup handlers, as cleanup_t + */ + array_t *cleanup; + + /** + * Thread specific values for this thread + */ + hashtable_t *tls; + + /** + * Thread terminated? + */ + bool terminated; + + /** + * Thread detached? + */ + bool detached; + + /** + * Is thread in cancellable state + */ + bool cancelability; + + /** + * Has the thread been cancelled by thread->cancel()? + */ + bool canceled; + + /** + * Did we schedule an APC to docancel()? + */ + bool cancel_pending; + + /** + * Active condition variable thread is waiting in, if any + */ + CONDITION_VARIABLE *condvar; +}; + +/** + * Global list of threads, GetCurrentThreadId() => private_thread_t + */ +static hashtable_t *threads; + +/** + * Lock for threads table + */ +static spinlock_t *threads_lock; + +/** + * Counter to assign printable thread IDs + */ +static u_int threads_ids = 0; + +/** + * Forward declaration + */ +static private_thread_t *create_internal(DWORD id); + +/** + * Set leak detective state + */ +static inline bool set_leak_detective(bool state) +{ +#ifdef LEAK_DETECTIVE + if (lib && lib->leak_detective) + { + return lib->leak_detective->set_state(lib->leak_detective, state); + } +#endif + return FALSE; +} + +/** + * Store thread in index + */ +static void put_thread(private_thread_t *this) +{ + bool old; + + old = set_leak_detective(FALSE); + threads_lock->lock(threads_lock); + + this = threads->put(threads, (void*)(uintptr_t)this->id, this); + + threads_lock->unlock(threads_lock); + set_leak_detective(old); +} + +/** + * Remove thread from index + */ +static void remove_thread(private_thread_t *this) +{ + bool old; + + old = set_leak_detective(FALSE); + threads_lock->lock(threads_lock); + + threads->remove(threads, (void*)(uintptr_t)this->id); + + threads_lock->unlock(threads_lock); + set_leak_detective(old); +} + +/** + * Get thread data for calling thread + */ +static private_thread_t *get_current_thread() +{ + private_thread_t *this; + + threads_lock->lock(threads_lock); + + this = threads->get(threads, (void*)(uintptr_t)GetCurrentThreadId()); + + threads_lock->unlock(threads_lock); + + if (!this) + { + this = create_internal(GetCurrentThreadId()); + put_thread(this); + } + + return this; +} + +/** + * See header. + */ +void* thread_tls_put(void *key, void *value) +{ + private_thread_t *thread; + bool old; + + thread = get_current_thread(); + + old = set_leak_detective(FALSE); + value = thread->tls->put(thread->tls, key, value); + set_leak_detective(old); + + return value; +} + +/** + * See header. + */ +void* thread_tls_get(void *key) +{ + private_thread_t *thread; + void *value; + bool old; + + thread = get_current_thread(); + + old = set_leak_detective(FALSE); + value = thread->tls->get(thread->tls, key); + set_leak_detective(old); + + return value; +} + +/** + * See header. + */ +void* thread_tls_remove(void *key) +{ + private_thread_t *thread; + void *value; + bool old; + + thread = get_current_thread(); + + old = set_leak_detective(FALSE); + threads_lock->lock(threads_lock); + value = thread->tls->remove(thread->tls, key); + threads_lock->unlock(threads_lock); + set_leak_detective(old); + + return value; +} + +/** + * See header. + */ +void thread_tls_remove_all(void *key) +{ + private_thread_t *thread; + enumerator_t *enumerator; + void *value; + bool old; + + old = set_leak_detective(FALSE); + threads_lock->lock(threads_lock); + + enumerator = threads->create_enumerator(threads); + while (enumerator->enumerate(enumerator, NULL, &thread)) + { + value = thread->tls->remove(thread->tls, key); + if (value) + { + set_leak_detective(old); + thread_tls_cleanup(value); + set_leak_detective(FALSE); + } + } + enumerator->destroy(enumerator); + + threads_lock->unlock(threads_lock); + set_leak_detective(old); +} + +/** + * Thread cleanup data + */ +typedef struct { + /** Cleanup callback function */ + thread_cleanup_t cb; + /** Argument provided to the cleanup function */ + void *arg; +} cleanup_t; + +/** + * Invoke pushed/tls cleanup handlers + */ +static void docleanup(private_thread_t *this) +{ + enumerator_t *enumerator; + cleanup_t cleanup, *tls; + bool old; + + old = set_leak_detective(FALSE); + + while (array_remove(this->cleanup, -1, &cleanup)) + { + set_leak_detective(old); + cleanup.cb(cleanup.arg); + set_leak_detective(FALSE); + } + + threads_lock->lock(threads_lock); + enumerator = this->tls->create_enumerator(this->tls); + while (enumerator->enumerate(enumerator, NULL, &tls)) + { + this->tls->remove_at(this->tls, enumerator); + + set_leak_detective(old); + thread_tls_cleanup(tls); + set_leak_detective(FALSE); + } + enumerator->destroy(enumerator); + threads_lock->unlock(threads_lock); + + set_leak_detective(old); +} + +/** + * Clean up and destroy a thread + */ +static void destroy(private_thread_t *this) +{ + bool old; + + docleanup(this); + + old = set_leak_detective(FALSE); + + array_destroy(this->cleanup); + this->tls->destroy(this->tls); + if (this->handle) + { + CloseHandle(this->handle); + } + free(this); + + set_leak_detective(old); +} + +/** + * End a thread, destroy when detached + */ +static void end_thread(private_thread_t *this) +{ + if (this->detached) + { + remove_thread(this); + destroy(this); + } + else + { + this->terminated = TRUE; + docleanup(this); + } +} + +/** + * See header. + */ +void thread_set_active_condvar(CONDITION_VARIABLE *condvar) +{ + private_thread_t *thread; + + thread = get_current_thread(); + + threads_lock->lock(threads_lock); + thread->condvar = condvar; + threads_lock->unlock(threads_lock); + + /* this is a cancellation point, as condvar wait is one */ + SleepEx(0, TRUE); +} + +/** + * APC to cancel a thread + */ +static void docancel(private_thread_t *this) +{ + /* make sure cancel() does not access this anymore */ + threads_lock->lock(threads_lock); + threads_lock->unlock(threads_lock); + + end_thread(this); + ExitThread(0); +} + +METHOD(thread_t, cancel, void, + private_thread_t *this) +{ + this->canceled = TRUE; + if (this->cancelability) + { + threads_lock->lock(threads_lock); + if (!this->cancel_pending) + { + this->cancel_pending = TRUE; + QueueUserAPC((void*)docancel, this->handle, (uintptr_t)this); + if (this->condvar) + { + WakeAllConditionVariable(this->condvar); + } + } + threads_lock->unlock(threads_lock); + } +} + +METHOD(thread_t, kill_, void, + private_thread_t *this, int sig) +{ +} + +METHOD(thread_t, detach, void, + private_thread_t *this) +{ + this->detached = TRUE; +} + +METHOD(thread_t, join, void*, + private_thread_t *this) +{ + void *ret; + + if (this->detached) + { + return NULL; + } + + while (!this->terminated) + { + /* join is a cancellation point, use alertable wait */ + WaitForSingleObjectEx(this->handle, INFINITE, TRUE); + } + + ret = this->ret; + + remove_thread(this); + destroy(this); + + return ret; +} + +/** + * Main function wrapper for threads + */ +static DWORD thread_cb(private_thread_t *this) +{ + /* Enable cancelability once the thread starts. We must check for any + * pending cancellation request an queue the APC that gets executed + * at the first cancellation point. */ + this->cancelability = TRUE; + if (this->canceled) + { + cancel(this); + } + + this->ret = this->main(this->arg); + + end_thread(this); + + return 0; +} + +/** + * Create an internal thread object. + */ +static private_thread_t *create_internal(DWORD id) +{ + private_thread_t *this; + bool old; + + old = set_leak_detective(FALSE); + + INIT(this, + .public = { + .cancel = _cancel, + .kill = _kill_, + .detach = _detach, + .join = _join, + }, + .cleanup = array_create(sizeof(cleanup_t), 0), + .tls = hashtable_create(hashtable_hash_ptr, hashtable_equals_ptr, 4), + .id = id, + .cancelability = TRUE, + ); + + set_leak_detective(old); + + threads_lock->lock(threads_lock); + this->tid = threads_ids++; + threads_lock->unlock(threads_lock); + + if (id) + { + this->handle = OpenThread(THREAD_ALL_ACCESS, FALSE, id); + } + return this; +} + +/** + * Described in header. + */ +thread_t *thread_create(thread_main_t main, void *arg) +{ + private_thread_t *this; + + this = create_internal(0); + + this->main = main; + this->arg = arg; + /* not cancellable until started */ + this->cancelability = FALSE; + + this->handle = CreateThread(NULL, 0, (void*)thread_cb, this, + CREATE_SUSPENDED, &this->id); + if (!this->handle) + { + destroy(this); + return NULL; + } + + put_thread(this); + + DBG2(DBG_LIB, "created thread %u", this->id); + + ResumeThread(this->handle); + + return &this->public; +} + +/** + * Described in header. + */ +thread_t *thread_current() +{ + return &get_current_thread()->public; +} + +/** + * Described in header. + */ +u_int thread_current_id() +{ + return get_current_thread()->tid; +} + +/** + * Described in header. + */ +void thread_cleanup_push(thread_cleanup_t cb, void *arg) +{ + private_thread_t *this; + cleanup_t cleanup = { + .cb = cb, + .arg = arg, + }; + bool old; + + this = get_current_thread(); + + old = set_leak_detective(FALSE); + array_insert(this->cleanup, -1, &cleanup); + set_leak_detective(old); +} + +/** + * Described in header + */ +void thread_cleanup_pop(bool execute) +{ + private_thread_t *this; + cleanup_t cleanup = {}; + bool old; + + this = get_current_thread(); + + old = set_leak_detective(FALSE); + array_remove(this->cleanup, -1, &cleanup); + set_leak_detective(old); + + if (execute) + { + cleanup.cb(cleanup.arg); + } +} + +/** + * Described in header. + */ +bool thread_cancelability(bool enable) +{ + private_thread_t *this; + bool old; + + this = get_current_thread(); + old = this->cancelability; + this->cancelability = enable; + + if (enable && !old && this->canceled) + { + cancel(this); + } + return old; +} + +/** + * Described in header. + */ +void thread_cancellation_point() +{ + bool old; + + old = thread_cancelability(TRUE); + SleepEx(0, TRUE); + thread_cancelability(old); +} + +/** + * Described in header. + */ +void thread_exit(void *val) +{ + private_thread_t *this; + + this = get_current_thread(); + this->ret = val; + + end_thread(this); + ExitThread(0); +} + +/* + * Described in header. + */ +void threads_init() +{ + threads_lock = spinlock_create(); + threads = hashtable_create(hashtable_hash_ptr, hashtable_equals_ptr, 4); + + /* reset counter should we initialize more than once */ + threads_ids = 0; + + put_thread(create_internal(GetCurrentThreadId())); +} + +/** + * Described in header. + */ +void threads_deinit() +{ + private_thread_t *this; + + this = threads->remove(threads, (void*)(uintptr_t)GetCurrentThreadId()); + destroy(this); + + threads_lock->destroy(threads_lock); + threads->destroy(threads); +} diff --git a/src/libstrongswan/threading/windows/thread.h b/src/libstrongswan/threading/windows/thread.h new file mode 100644 index 000000000..3c470522b --- /dev/null +++ b/src/libstrongswan/threading/windows/thread.h @@ -0,0 +1,83 @@ +/* + * Copyright (C) 2013 Martin Willi + * Copyright (C) 2013 revosec AG + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#ifndef WINDOWS_THREAD_H_ +#define WINDOWS_THREAD_H_ + +/* for conditionVariables, Vista */ +#define _WIN32_WINNT 0x0600 +#include <library.h> + +/** + * @defgroup windowsthread windows + * @ingroup threading + * + * @defgroup threadwindows thread + * @{ @ingroup windowsthread + */ + +/** + * Set active condvar of a thread before waiting in it. + * + * @param cv active condition variable, NULL to unset + */ +void thread_set_active_condvar(CONDITION_VARIABLE *condvar); + +/** + * Set a thread specific value on the current thread. + * + * @param key unique key specifying the TLS variable + * @param value value to set + * @return old value for key, if any + */ +void* thread_tls_put(void *key, void *value); + +/** + * Get a thread specific value from the current thread. + * + * @param key unique key specifying the TLS variable + * @return value for key, if any + */ +void* thread_tls_get(void *key); + +/** + * Remove a thread specific value from the current thread. + * + * @param key unique key specifying the TLS variable + * @return value for key, if any + */ +void* thread_tls_remove(void *key); + +/** + * Remove a thread specific value from all threads. + * + * For each found TLS value thread_tls_cleanup() is invoked. + * + * @param key unique key specifying the TLS variable + */ +void thread_tls_remove_all(void *key); + +/** + * Cleanup function for thread specific value. + * + * This is called whenever a thread exits to clean up thread specific data. + * + * This function is actually implemented in thread_value.c. + * + * @param value value, as passed to thread_tls_put() + */ +void thread_tls_cleanup(void *value); + +#endif /** WINDOWS_THREAD_H_ @}*/ diff --git a/src/libstrongswan/threading/windows/thread_value.c b/src/libstrongswan/threading/windows/thread_value.c new file mode 100644 index 000000000..1dd8a7816 --- /dev/null +++ b/src/libstrongswan/threading/windows/thread_value.c @@ -0,0 +1,172 @@ +/* + * Copyright (C) 2013 Martin Willi + * Copyright (C) 2013 revosec AG + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "thread.h" + +#include <threading/thread_value.h> + + +typedef struct private_thread_value_t private_thread_value_t; + +/** + * Unified thread_value_t implementation + */ +struct private_thread_value_t { + + /** + * Public interface. + */ + thread_value_t public; + + union { + + /** + * Cleanup function + */ + thread_cleanup_t cleanup; + + /** + * Windows TLS index, if used + */ + DWORD index; + }; +}; + +/** + * TLS entry + */ +typedef struct { + /** TLS value */ + void *value; + /** cleanup handler function */ + thread_cleanup_t cleanup; +} entry_t; + +/** + * See windows/thread.h + */ +void thread_tls_cleanup(void *value) +{ + entry_t *entry = (entry_t*)value; + + if (entry->cleanup) + { + entry->cleanup(entry->value); + } + free(entry); +} + +METHOD(thread_value_t, tls_set, void, + private_thread_value_t *this, void *val) +{ + entry_t *entry; + + if (val) + { + INIT(entry, + .cleanup = this->cleanup, + .value = val, + ); + + free(thread_tls_put(this, entry)); + } + else + { + free(thread_tls_remove(this)); + } +} + +METHOD(thread_value_t, tls_get, void*, + private_thread_value_t *this) +{ + entry_t *entry; + + entry = thread_tls_get(this); + if (entry) + { + return entry->value; + } + return NULL; +} + +METHOD(thread_value_t, tls_destroy, void, + private_thread_value_t *this) +{ + thread_tls_remove_all(this); + free(this); +} + +METHOD(thread_value_t, tls_set_index, void, + private_thread_value_t *this, void *val) +{ + TlsSetValue(this->index, val); +} + +METHOD(thread_value_t, tls_get_index, void*, + private_thread_value_t *this) +{ + return TlsGetValue(this->index); +} + +METHOD(thread_value_t, tls_destroy_index, void, + private_thread_value_t *this) +{ + TlsFree(this->index); + free(this); +} + +/** + * Described in header. + */ +thread_value_t *thread_value_create(thread_cleanup_t cleanup) +{ + private_thread_value_t *this; + DWORD index = TLS_OUT_OF_INDEXES; + + /* we have two implementations: Windows Tls* functions do not support + * callbacks and has limited instances. We use it nonetheless if possible, + * especially as leak detective relies on TLS, but we have to mangle + * leak detective state for TLS storage. */ + + if (!cleanup) + { + index = TlsAlloc(); + } + + if (index == TLS_OUT_OF_INDEXES) + { + INIT(this, + .public = { + .set = _tls_set, + .get = _tls_get, + .destroy = _tls_destroy, + }, + .cleanup = cleanup, + ); + } + else + { + INIT(this, + .public = { + .set = _tls_set_index, + .get = _tls_get_index, + .destroy = _tls_destroy_index, + }, + .index = index, + ); + } + + return &this->public; +} diff --git a/src/libstrongswan/utils/backtrace.c b/src/libstrongswan/utils/backtrace.c index f1584620b..3bb163545 100644 --- a/src/libstrongswan/utils/backtrace.c +++ b/src/libstrongswan/utils/backtrace.c @@ -1,6 +1,7 @@ /* - * Copyright (C) 2006-2008 Martin Willi + * Copyright (C) 2006-2013 Martin Willi * Hochschule fuer Technik Rapperswil + * Copyright (C) 2013 revosec AG * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -15,20 +16,29 @@ #define _GNU_SOURCE -#ifdef HAVE_DLADDR -# include <dlfcn.h> -#endif /* HAVE_DLADDR */ - #ifdef HAVE_BACKTRACE # include <execinfo.h> #endif /* HAVE_BACKTRACE */ - +#ifdef HAVE_DBGHELP +# include <winsock2.h> +# include <windows.h> +# include <dbghelp.h> +#endif /* HAVE_DBGHELP */ #include <string.h> #include "backtrace.h" #include <utils/debug.h> +#ifdef WIN32 +# include <psapi.h> +/* missing in MinGW */ +WINBOOL K32GetModuleInformation(HANDLE hProcess, HMODULE hModule, + LPMODULEINFO lpmodinfo, DWORD cb); +DWORD K32GetModuleFileNameExA(HANDLE hProcess, HMODULE hModule, + LPTSTR lpFilename, DWORD nSize); +#endif + typedef struct private_backtrace_t private_backtrace_t; /** @@ -79,12 +89,10 @@ static void println(FILE *file, char *format, ...) va_end(args); } -#ifdef HAVE_DLADDR - /** * Same as tty_escape_get(), but for a potentially NULL FILE* */ -static char* esc(FILE *file, tty_escape_t escape) +static inline char* esc(FILE *file, tty_escape_t escape) { if (file) { @@ -93,6 +101,35 @@ static char* esc(FILE *file, tty_escape_t escape) return ""; } +#ifdef HAVE_DBGHELP + +#include <dbghelp.h> +#include <threading/mutex.h> + +/** + * Mutex to access non-thread-safe dbghelp functions + */ +static mutex_t *dbghelp_mutex; + +void backtrace_init() +{ + SymSetOptions(SYMOPT_LOAD_LINES); + SymInitialize(GetCurrentProcess(), NULL, TRUE); + dbghelp_mutex = mutex_create(MUTEX_TYPE_DEFAULT); +} + +void backtrace_deinit() +{ + dbghelp_mutex->destroy(dbghelp_mutex); + SymCleanup(GetCurrentProcess()); +} + +#elif defined(HAVE_DLADDR) || defined(HAVE_BFD_H) + +#ifdef HAVE_DLADDR +#include <dlfcn.h> +#endif + #ifdef HAVE_BFD_H #include <bfd.h> @@ -352,7 +389,6 @@ static void print_sourceline(FILE *file, char *filename, void *ptr, void* base) snprintf(buf, sizeof(buf), "addr2line -e %s %p", filename, ptr); #endif /* __APPLE__ */ - output = popen(buf, "r"); if (output) { @@ -375,7 +411,7 @@ static void print_sourceline(FILE *file, char *filename, void *ptr, void* base) #endif /* HAVE_BFD_H */ -#else /* !HAVE_DLADDR */ +#else /* !HAVE_DLADDR && !HAVE_DBGHELP */ void backtrace_init() {} void backtrace_deinit() {} @@ -385,7 +421,7 @@ void backtrace_deinit() {} METHOD(backtrace_t, log_, void, private_backtrace_t *this, FILE *file, bool detailed) { -#if defined(HAVE_BACKTRACE) || defined(HAVE_LIBUNWIND_H) +#if defined(HAVE_BACKTRACE) || defined(HAVE_LIBUNWIND_H) || defined(WIN32) size_t i; char **strings = NULL; @@ -425,7 +461,84 @@ METHOD(backtrace_t, log_, void, } } else -#endif /* HAVE_DLADDR */ +#elif defined(HAVE_DBGHELP) + struct { + SYMBOL_INFO hdr; + char buf[128]; + } symbol; + char filename[MAX_PATH]; + HINSTANCE module; + HANDLE process; + DWORD64 displace, frame; + + process = GetCurrentProcess(); + frame = (uintptr_t)this->frames[i]; + + memset(&symbol, 0, sizeof(symbol)); + symbol.hdr.SizeOfStruct = sizeof(symbol.hdr); + symbol.hdr.MaxNameLen = sizeof(symbol.buf) - 1; + + dbghelp_mutex->lock(dbghelp_mutex); + + module = (HINSTANCE)SymGetModuleBase64(process, frame); + + if (module && GetModuleFileName(module, filename, sizeof(filename))) + { + if (SymFromAddr(process, frame, &displace, &symbol.hdr) && + symbol.hdr.Name) + { + println(file, " %s%s%s @ %p (%s%s%s+0x%tx) [%p]", + esc(file, TTY_FG_YELLOW), filename, + esc(file, TTY_FG_DEF), (void*)module, + esc(file, TTY_FG_RED), symbol.hdr.Name, + esc(file, TTY_FG_DEF), displace, + this->frames[i]); + } + else + { + println(file, " %s%s%s @ %p [%p]", + esc(file, TTY_FG_YELLOW), filename, + esc(file, TTY_FG_DEF), (void*)module, this->frames[i]); + } + if (detailed) + { + IMAGEHLP_LINE64 line; + DWORD off; + + memset(&line, 0, sizeof(line)); + line.SizeOfStruct = sizeof(line); + + if (SymGetLineFromAddr64(process, frame, &off, &line)) + { + + println(file, " -> %s%s:%u%s", esc(file, TTY_FG_GREEN), + line.FileName, line.LineNumber, + esc(file, TTY_FG_DEF)); + } + } + } + else +#elif defined(WIN32) + HMODULE module; + MODULEINFO info; + char filename[MAX_PATH]; + + if (GetModuleHandleEx(GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS, + this->frames[i], &module) && + K32GetModuleInformation(GetCurrentProcess(), module, + &info, sizeof(info)) && + K32GetModuleFileNameExA(GetCurrentProcess(), module, + filename, sizeof(filename))) + { + println(file, " %s%s%s @ %p [%p]", + esc(file, TTY_FG_YELLOW), filename, + esc(file, TTY_FG_DEF), info.lpBaseOfDll, this->frames[i]); +#ifdef HAVE_BFD_H + print_sourceline(file, filename, this->frames[i], info.lpBaseOfDll); +#endif /* HAVE_BFD_H */ + } + else +#endif /* HAVE_DLADDR/HAVE_DBGHELP */ { #ifdef HAVE_BACKTRACE if (!strings) @@ -442,10 +555,13 @@ METHOD(backtrace_t, log_, void, println(file, " %p", this->frames[i]); } } +#ifdef HAVE_DBGHELP + dbghelp_mutex->unlock(dbghelp_mutex); +#endif } free(strings); #else /* !HAVE_BACKTRACE && !HAVE_LIBUNWIND_H */ - println(file, "no support for backtrace()/libunwind"); + println(file, "no support for capturing backtraces"); #endif /* HAVE_BACKTRACE/HAVE_LIBUNWIND_H */ } @@ -470,7 +586,43 @@ METHOD(backtrace_t, contains_function, bool, } } } -#endif /* HAVE_DLADDR */ +#elif defined(HAVE_DBGHELP) + int i, j; + HANDLE process; + + process = GetCurrentProcess(); + + dbghelp_mutex->lock(dbghelp_mutex); + + for (i = 0; i < this->frame_count; i++) + { + struct { + SYMBOL_INFO hdr; + char buf[128]; + } symbol; + + memset(&symbol, 0, sizeof(symbol)); + symbol.hdr.SizeOfStruct = sizeof(symbol.hdr); + symbol.hdr.MaxNameLen = sizeof(symbol.buf) - 1; + + if (SymFromAddr(process, (DWORD64)this->frames[i], NULL, &symbol.hdr)) + { + if (symbol.hdr.Name) + { + for (j = 0; j < count; j++) + { + if (streq(symbol.hdr.Name, function[j])) + { + dbghelp_mutex->unlock(dbghelp_mutex); + return TRUE; + } + } + } + } + } + + dbghelp_mutex->unlock(dbghelp_mutex); +#endif /* HAVE_DLADDR/HAVE_DBGHELP */ return FALSE; } @@ -584,6 +736,66 @@ static inline int backtrace_unwind(void **frames, int count) } #endif /* HAVE_UNWIND */ +#ifdef HAVE_DBGHELP + +/** + * Windows dbghelp variant for glibc backtrace() + */ +static inline int backtrace_win(void **frames, int count) +{ + STACKFRAME frame; + HANDLE process, thread; + DWORD machine; + CONTEXT context; + int got = 0; + + memset(&frame, 0, sizeof(frame)); + memset(&context, 0, sizeof(context)); + + process = GetCurrentProcess(); + thread = GetCurrentThread(); + +#ifdef __x86_64 + machine = IMAGE_FILE_MACHINE_AMD64; + + frame.AddrPC.Offset = context.Rip; + frame.AddrPC.Mode = AddrModeFlat; + frame.AddrStack.Offset = context.Rsp; + frame.AddrStack.Mode = AddrModeFlat; + frame.AddrFrame.Offset = context.Rbp; + frame.AddrFrame.Mode = AddrModeFlat; +#else /* x86 */ + machine = IMAGE_FILE_MACHINE_I386; + + frame.AddrPC.Offset = context.Eip; + frame.AddrPC.Mode = AddrModeFlat; + frame.AddrStack.Offset = context.Esp; + frame.AddrStack.Mode = AddrModeFlat; + frame.AddrFrame.Offset = context.Ebp; + frame.AddrFrame.Mode = AddrModeFlat; +#endif /* x86_64/x86 */ + + dbghelp_mutex->lock(dbghelp_mutex); + + RtlCaptureContext(&context); + + while (got < count) + { + if (!StackWalk64(machine, process, thread, &frame, &context, + NULL, SymFunctionTableAccess, SymGetModuleBase, NULL)) + { + break; + } + frames[got++] = (void*)frame.AddrPC.Offset; + } + + dbghelp_mutex->unlock(dbghelp_mutex); + + return got; +} + +#endif /* HAVE_DBGHELP */ + /** * Get implementation methods of backtrace_t */ @@ -612,7 +824,12 @@ backtrace_t *backtrace_create(int skip) frame_count = backtrace_unwind(frames, countof(frames)); #elif defined(HAVE_BACKTRACE) frame_count = backtrace(frames, countof(frames)); -#endif /* HAVE_BACKTRACE */ +#elif defined(HAVE_DBGHELP) + frame_count = backtrace_win(frames, countof(frames)); +#elif defined(WIN32) + frame_count = CaptureStackBackTrace(skip, countof(frames), frames, NULL); + skip = 0; +#endif frame_count = max(frame_count - skip, 0); this = malloc(sizeof(private_backtrace_t) + frame_count * sizeof(void*)); memcpy(this->frames, frames + skip, frame_count * sizeof(void*)); diff --git a/src/libstrongswan/utils/capabilities.c b/src/libstrongswan/utils/capabilities.c index c5e90b6c3..923b7d4db 100644 --- a/src/libstrongswan/utils/capabilities.c +++ b/src/libstrongswan/utils/capabilities.c @@ -17,24 +17,27 @@ #include "capabilities.h" +#include <utils/debug.h> + #include <errno.h> #include <string.h> #include <sys/types.h> +#include <unistd.h> + +#ifndef WIN32 #include <pwd.h> #include <grp.h> -#include <unistd.h> #ifdef HAVE_PRCTL # include <sys/prctl.h> #endif /* HAVE_PRCTL */ -#include <utils/debug.h> - #if !defined(HAVE_GETPWNAM_R) || \ !defined(HAVE_GETGRNAM_R) || \ !defined(HAVE_GETPWUID_R) # include <threading/mutex.h> # define EMULATE_R_FUNCS #endif +#endif /* !WIN32 */ typedef struct private_capabilities_t private_capabilities_t; @@ -76,6 +79,8 @@ struct private_capabilities_t { #endif }; +#ifndef WIN32 + /** * Returns TRUE if the current process/user is member of the given group */ @@ -181,6 +186,19 @@ static bool has_capability(private_capabilities_t *this, u_int cap, #endif /* CAPABILITIES_NATIVE */ } +#else /* WIN32 */ + +/** + * Verify that the current process has the given capability, dummy variant + */ +static bool has_capability(private_capabilities_t *this, u_int cap, + bool *ignore) +{ + return TRUE; +} + +#endif /* WIN32 */ + /** * Keep the given capability if it is held by the current process. Returns * FALSE, if this is not the case. @@ -232,13 +250,21 @@ METHOD(capabilities_t, check, bool, METHOD(capabilities_t, get_uid, uid_t, private_capabilities_t *this) { +#ifdef WIN32 + return this->uid; +#else return this->uid ?: geteuid(); +#endif } METHOD(capabilities_t, get_gid, gid_t, private_capabilities_t *this) { +#ifdef WIN32 + return this->gid; +#else return this->gid ?: getegid(); +#endif } METHOD(capabilities_t, set_uid, void, @@ -256,6 +282,7 @@ METHOD(capabilities_t, set_gid, void, METHOD(capabilities_t, resolve_uid, bool, private_capabilities_t *this, char *username) { +#ifndef WIN32 struct passwd *pwp; int err; @@ -284,12 +311,14 @@ METHOD(capabilities_t, resolve_uid, bool, } DBG1(DBG_LIB, "resolving user '%s' failed: %s", username, err ? strerror(err) : "user not found"); +#endif /* !WIN32 */ return FALSE; } METHOD(capabilities_t, resolve_gid, bool, private_capabilities_t *this, char *groupname) { +#ifndef WIN32 struct group *grp; int err; @@ -318,9 +347,11 @@ METHOD(capabilities_t, resolve_gid, bool, } DBG1(DBG_LIB, "resolving user '%s' failed: %s", groupname, err ? strerror(err) : "group not found"); +#endif /* !WIN32 */ return FALSE; } +#ifndef WIN32 /** * Initialize supplementary groups for unprivileged user */ @@ -348,10 +379,12 @@ static bool init_supplementary_groups(private_capabilities_t *this) #endif /* HAVE_GETPWUID_R */ return res == 0; } +#endif /* WIN32 */ METHOD(capabilities_t, drop, bool, private_capabilities_t *this) { +#ifndef WIN32 #ifdef HAVE_PRCTL prctl(PR_SET_KEEPCAPS, 1, 0, 0, 0); #endif @@ -404,6 +437,7 @@ METHOD(capabilities_t, drop, bool, DBG1(DBG_LIB, "dropped capabilities, running as uid %u, gid %u", geteuid(), getegid()); #endif /* CAPABILITIES */ +#endif /*!WIN32 */ return TRUE; } diff --git a/src/libstrongswan/utils/chunk.c b/src/libstrongswan/utils/chunk.c index 47181719a..1a9674f4d 100644 --- a/src/libstrongswan/utils/chunk.c +++ b/src/libstrongswan/utils/chunk.c @@ -24,8 +24,8 @@ #include <fcntl.h> #include <unistd.h> #include <errno.h> -#include <pthread.h> #include <ctype.h> +#include <time.h> #include "chunk.h" @@ -221,7 +221,14 @@ bool chunk_write(chunk_t chunk, char *path, mode_t mask, bool force) return FALSE; } oldmask = umask(mask); - fd = fopen(path, "w"); + fd = fopen(path, +#ifdef WIN32 + "wb" +#else + "w" +#endif + ); + if (fd) { if (fwrite(chunk.ptr, sizeof(u_char), chunk.len, fd) == chunk.len) @@ -269,6 +276,12 @@ bool chunk_from_fd(int fd, chunk_t *out) while (TRUE) { len = read(fd, buf + total, bufsize - total); +#ifdef WIN32 + if (len == -1 && errno == EBADF) + { /* operating on a Winsock socket? */ + len = recv(fd, buf + total, bufsize - total, 0); + } +#endif if (len < 0) { free(buf); @@ -327,10 +340,15 @@ chunk_t *chunk_map(char *path, bool wr) { mmaped_chunk_t *chunk; struct stat sb; - int tmp; + int tmp, flags; + + flags = wr ? O_RDWR : O_RDONLY; +#ifdef WIN32 + flags |= O_BINARY; +#endif INIT(chunk, - .fd = open(path, wr ? O_RDWR : O_RDONLY), + .fd = open(path, flags), .wr = wr, ); @@ -884,9 +902,9 @@ u_int64_t chunk_mac(chunk_t chunk, u_char *key) } /** - * Secret key allocated randomly during first use. + * Secret key allocated randomly with chunk_hash_seed(). */ -static u_char key[16]; +static u_char key[16] = {}; /** * Static key used in case predictable hash values are required. @@ -895,20 +913,21 @@ static u_char static_key[] = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}; /** - * Only allocate the key once + * See header */ -static pthread_once_t key_allocated = PTHREAD_ONCE_INIT; - -/** - * Allocate a key on first use, we do this manually to avoid dependencies on - * plugins. - */ -static void allocate_key() +void chunk_hash_seed() { + static bool seeded = FALSE; ssize_t len; size_t done = 0; int fd; + if (seeded) + { + /* just once to have the same seed during the whole process lifetimes */ + return; + } + fd = open("/dev/urandom", O_RDONLY); if (fd >= 0) { @@ -932,6 +951,7 @@ static void allocate_key() key[done] = (u_char)random(); } } + seeded = TRUE; } /** @@ -939,7 +959,6 @@ static void allocate_key() */ u_int32_t chunk_hash_inc(chunk_t chunk, u_int32_t hash) { - pthread_once(&key_allocated, allocate_key); /* we could use a mac of the previous hash, but this is faster */ return chunk_mac_inc(chunk, key, ((u_int64_t)hash) << 32 | hash); } @@ -949,7 +968,6 @@ u_int32_t chunk_hash_inc(chunk_t chunk, u_int32_t hash) */ u_int32_t chunk_hash(chunk_t chunk) { - pthread_once(&key_allocated, allocate_key); return chunk_mac(chunk, key); } diff --git a/src/libstrongswan/utils/chunk.h b/src/libstrongswan/utils/chunk.h index 33f66caec..9951ff31f 100644 --- a/src/libstrongswan/utils/chunk.h +++ b/src/libstrongswan/utils/chunk.h @@ -30,6 +30,8 @@ #include <alloca.h> #endif +#include <utils/utils.h> + typedef struct chunk_t chunk_t; /** @@ -338,6 +340,15 @@ bool chunk_increment(chunk_t chunk); bool chunk_printable(chunk_t chunk, chunk_t *sane, char replace); /** + * Seed initial key for chunk_hash(). + * + * This call should get invoked once during startup. This is usually done + * by calling library_init(). Calling it multiple times is safe, it gets + * executed just once. + */ +void chunk_hash_seed(); + +/** * Computes a 32 bit hash of the given chunk. * * @note The output of this function is randomized, that is, it will only diff --git a/src/libstrongswan/utils/identification.c b/src/libstrongswan/utils/identification.c index e7eb63bc6..b8199c885 100644 --- a/src/libstrongswan/utils/identification.c +++ b/src/libstrongswan/utils/identification.c @@ -15,15 +15,12 @@ * for more details. */ -#define _GNU_SOURCE -#include <sys/socket.h> -#include <netinet/in.h> -#include <arpa/inet.h> #include <string.h> #include <stdio.h> #include "identification.h" +#include <utils/utils.h> #include <asn1/oid.h> #include <asn1/asn1.h> #include <crypto/hashers/hasher.h> diff --git a/src/libstrongswan/utils/leak_detective.c b/src/libstrongswan/utils/leak_detective.c index af29e2100..a2bca193d 100644 --- a/src/libstrongswan/utils/leak_detective.c +++ b/src/libstrongswan/utils/leak_detective.c @@ -19,14 +19,11 @@ #include <string.h> #include <stdio.h> #include <signal.h> -#include <sys/socket.h> -#include <netinet/in.h> -#include <arpa/inet.h> #include <unistd.h> -#include <syslog.h> -#include <netdb.h> #include <locale.h> +#ifdef HAVE_DLADDR #include <dlfcn.h> +#endif #include <time.h> #include <errno.h> @@ -42,6 +39,7 @@ #include "leak_detective.h" #include <library.h> +#include <utils/utils.h> #include <utils/debug.h> #include <utils/backtrace.h> #include <collections/hashtable.h> diff --git a/src/libstrongswan/utils/parser_helper.c b/src/libstrongswan/utils/parser_helper.c index 40c6cfedd..17307e92c 100644 --- a/src/libstrongswan/utils/parser_helper.c +++ b/src/libstrongswan/utils/parser_helper.c @@ -140,7 +140,7 @@ METHOD(parser_helper_t, file_include, void, return; } - if (!file->name || pattern[0] == '/') + if (!file->name || path_absolute(pattern)) { /* absolute path */ if (snprintf(pat, sizeof(pat), "%s", pattern) >= sizeof(pat)) { @@ -152,7 +152,8 @@ METHOD(parser_helper_t, file_include, void, else { /* base relative paths to the directory of the current file */ char *dir = path_dirname(file->name); - if (snprintf(pat, sizeof(pat), "%s/%s", dir, pattern) >= sizeof(pat)) + if (snprintf(pat, sizeof(pat), "%s%s%s", dir, DIRECTORY_SEPARATOR, + pattern) >= sizeof(pat)) { PARSER_DBG1(&this->public, "include pattern too long, ignored"); free(dir); diff --git a/src/libstrongswan/utils/printf_hook/printf_hook_builtin.c b/src/libstrongswan/utils/printf_hook/printf_hook_builtin.c index c79d4b87a..466c673d9 100644 --- a/src/libstrongswan/utils/printf_hook/printf_hook_builtin.c +++ b/src/libstrongswan/utils/printf_hook/printf_hook_builtin.c @@ -1104,6 +1104,128 @@ int builtin_vprintf(const char *format, va_list ap) return builtin_vfprintf(stdout, format, ap); } +#ifdef WIN32 +/** + * Set TTY color on Windows consoles + */ +static void set_console_color(HANDLE handle, int color) +{ + CONSOLE_SCREEN_BUFFER_INFO info; + struct { + /* escape code */ + int color; + /* windows console color combination */ + WORD attributes; + } maps[] = { + { 30, 0 }, + { 31, FOREGROUND_RED }, + { 32, FOREGROUND_GREEN }, + { 33, FOREGROUND_GREEN | FOREGROUND_RED }, + { 34, FOREGROUND_BLUE | FOREGROUND_INTENSITY }, + { 35, FOREGROUND_RED | FOREGROUND_BLUE }, + { 36, FOREGROUND_GREEN | FOREGROUND_BLUE }, + { 37, FOREGROUND_GREEN | FOREGROUND_BLUE | FOREGROUND_RED }, + { 39, FOREGROUND_GREEN | FOREGROUND_BLUE | FOREGROUND_RED }, + { 40, 0 }, + { 41, BACKGROUND_RED }, + { 42, BACKGROUND_GREEN }, + { 43, BACKGROUND_GREEN | BACKGROUND_RED }, + { 44, BACKGROUND_BLUE }, + { 45, BACKGROUND_RED | BACKGROUND_BLUE }, + { 46, BACKGROUND_GREEN | BACKGROUND_BLUE }, + { 47, BACKGROUND_GREEN | BACKGROUND_BLUE | BACKGROUND_RED }, + { 49, 0 }, + }; + int i; + + if (GetConsoleScreenBufferInfo(handle, &info)) + { + if (color < 40) + { + info.wAttributes &= ~(FOREGROUND_BLUE | FOREGROUND_GREEN | + FOREGROUND_RED | FOREGROUND_INTENSITY); + } + else + { + info.wAttributes &= ~(BACKGROUND_BLUE | BACKGROUND_GREEN | + BACKGROUND_RED | BACKGROUND_INTENSITY); + } + for (i = 0; i < countof(maps); i++) + { + if (maps[i].color == color) + { + info.wAttributes |= maps[i].attributes; + SetConsoleTextAttribute(handle, info.wAttributes); + break; + } + } + } +} + +int builtin_vfprintf(FILE *stream, const char *format, va_list ap) +{ + char buf[PRINTF_BUF_LEN], *pos, *stop; + HANDLE handle; + int len, total; + DWORD clen, mode; + + total = len = builtin_vsnprintf(buf, sizeof(buf), format, ap); + switch (fileno(stream)) + { + case 1: + handle = GetStdHandle(STD_OUTPUT_HANDLE); + break; + case 2: + handle = GetStdHandle(STD_ERROR_HANDLE); + break; + default: + handle = INVALID_HANDLE_VALUE; + break; + } + /* GetConsoleMode fails if output redirected */ + if (handle == INVALID_HANDLE_VALUE || !GetConsoleMode(handle, &mode)) + { + return fwrite(buf, 1, len, stream); + } + while (len) + { + pos = &buf[total - len]; + if (len > 4) + { + if (pos[0] == '\e' && pos[1] == '[' && pos[4] == 'm') + { + if (isdigit(pos[3])) + { + if (pos[2] == '3' || pos[2] == '4') + { + set_console_color(handle, + (pos[2] - '0') * 10 + pos[3] - '0'); + len -= 5; + continue; + } + } + } + } + stop = memchr(pos + 1, '\e', len); + if (stop) + { + clen = stop - pos; + } + else + { + clen = len; + } + if (clen && !WriteConsole(handle, pos, clen, &clen, NULL)) + { + break; + } + len -= clen; + } + return total - len; +} + +#else /* !WIN32 */ + int builtin_vfprintf(FILE *stream, const char *format, va_list ap) { char buf[PRINTF_BUF_LEN]; @@ -1113,6 +1235,8 @@ int builtin_vfprintf(FILE *stream, const char *format, va_list ap) return fwrite(buf, 1, len, stream); } +#endif /* !WIN32 */ + int builtin_vsprintf(char *str, const char *format, va_list ap) { return builtin_vsnprintf(str, ~(size_t)0, format, ap); diff --git a/src/libstrongswan/utils/test.c b/src/libstrongswan/utils/test.c index 624ac4b34..0b0a80f42 100644 --- a/src/libstrongswan/utils/test.c +++ b/src/libstrongswan/utils/test.c @@ -20,13 +20,23 @@ /** * A collection of testable functions */ -hashtable_t *testable_functions; +static hashtable_t *functions = NULL; + +#ifndef WIN32 +bool test_runner_available __attribute__((weak)); +#endif /** - * The function that actually initializes the hash table above. Provided - * by the test runner. + * Check if we have libtest linkage and need testable functions */ -void testable_functions_create() __attribute__((weak)); +static bool has_libtest_linkage() +{ +#ifdef WIN32 + return dlsym(RTLD_DEFAULT, "test_runner_available"); +#else + return test_runner_available; +#endif +} /* * Described in header. @@ -35,33 +45,48 @@ void testable_function_register(char *name, void *fn) { bool old = FALSE; - if (!testable_functions_create) - { /* not linked to the test runner */ - return; - } - else if (!fn && !testable_functions) - { /* ignore as testable_functions has already been destroyed */ - return; - } - if (lib && lib->leak_detective) { old = lib->leak_detective->set_state(lib->leak_detective, FALSE); } - if (!testable_functions) - { - testable_functions_create(); - } - if (fn) - { - testable_functions->put(testable_functions, name, fn); - } - else + + if (has_libtest_linkage()) { - testable_functions->remove(testable_functions, name); + if (!functions) + { + chunk_hash_seed(); + functions = hashtable_create(hashtable_hash_str, + hashtable_equals_str, 8); + } + if (fn) + { + functions->put(functions, name, fn); + } + else + { + functions->remove(functions, name); + if (functions->get_count(functions) == 0) + { + functions->destroy(functions); + functions = NULL; + } + } } + if (lib && lib->leak_detective) { lib->leak_detective->set_state(lib->leak_detective, old); } } + +/* + * Described in header. + */ +void* testable_function_get(char *name) +{ + if (functions) + { + return functions->get(functions, name); + } + return NULL; +} diff --git a/src/libstrongswan/utils/test.h b/src/libstrongswan/utils/test.h index a1b2a2d9b..f9a84713e 100644 --- a/src/libstrongswan/utils/test.h +++ b/src/libstrongswan/utils/test.h @@ -24,19 +24,20 @@ #include "collections/hashtable.h" /** - * Collection of testable functions. + * Register a (possibly static) function so that it can be called from tests. * - * @note Is initialized only if libtest is loaded. + * @param name name (namespace/function) + * @param fn function to register (set to NULL to unregister) */ -extern hashtable_t *testable_functions; +void testable_function_register(char *name, void *fn); /** - * Register a (possibly static) function so that it can be called from tests. + * Find a previously registered testable function. * * @param name name (namespace/function) - * @param fn function to register (set to NULL to unregister) + * @return function, NULL if not found */ -void testable_function_register(char *name, void *fn); +void* testable_function_get(char *name); /** * Macro to automatically register/unregister a function that can be called @@ -82,10 +83,7 @@ static ret (*TEST_##ns##name)(__VA_ARGS__); */ #define TEST_FUNCTION(ns, name, ...) \ ({ \ - if (testable_functions) \ - { \ - TEST_##ns##name = testable_functions->get(testable_functions, #ns "/" #name); \ - } \ + TEST_##ns##name = testable_function_get( #ns "/" #name); \ if (!TEST_##ns##name) \ { \ test_fail_msg(__FILE__, __LINE__, "function " #name " (" #ns ") not found"); \ diff --git a/src/libstrongswan/utils/utils.c b/src/libstrongswan/utils/utils.c index f2a4a065c..8ef9a1f33 100644 --- a/src/libstrongswan/utils/utils.c +++ b/src/libstrongswan/utils/utils.c @@ -15,6 +15,13 @@ */ #define _GNU_SOURCE /* for memrchr */ +#ifdef WIN32 +/* for GetTickCount64, Windows 7 */ +# define _WIN32_WINNT 0x0601 +#endif + +#include "utils.h" + #include <sys/stat.h> #include <string.h> #include <stdio.h> @@ -24,13 +31,17 @@ #include <limits.h> #include <dirent.h> #include <time.h> -#include <pthread.h> - -#include "utils.h" - -#include "collections/enumerator.h" -#include "utils/debug.h" -#include "utils/chunk.h" +#ifndef WIN32 +# include <signal.h> +#endif + +#include <library.h> +#include <utils/debug.h> +#include <utils/chunk.h> +#include <collections/enumerator.h> +#include <threading/spinlock.h> +#include <threading/mutex.h> +#include <threading/condvar.h> ENUM(status_names, SUCCESS, NEED_MORE, "SUCCESS", @@ -216,6 +227,84 @@ char* strreplace(const char *str, const char *search, const char *replace) return res; } +#ifdef WIN32 + +/** + * Flag to indicate signaled wait_sigint() + */ +static bool sigint_signaled = FALSE; + +/** + * Condvar to wait in wait_sigint() + */ +static condvar_t *sigint_cond; + +/** + * Mutex to check signaling() + */ +static mutex_t *sigint_mutex; + +/** + * Control handler to catch ^C + */ +static BOOL handler(DWORD dwCtrlType) +{ + switch (dwCtrlType) + { + case CTRL_C_EVENT: + case CTRL_BREAK_EVENT: + case CTRL_CLOSE_EVENT: + sigint_mutex->lock(sigint_mutex); + sigint_signaled = TRUE; + sigint_cond->signal(sigint_cond); + sigint_mutex->unlock(sigint_mutex); + return TRUE; + default: + return FALSE; + } +} + +/** + * Windows variant + */ +void wait_sigint() +{ + SetConsoleCtrlHandler(handler, TRUE); + + sigint_mutex = mutex_create(MUTEX_TYPE_DEFAULT); + sigint_cond = condvar_create(CONDVAR_TYPE_DEFAULT); + + sigint_mutex->lock(sigint_mutex); + while (!sigint_signaled) + { + sigint_cond->wait(sigint_cond, sigint_mutex); + } + sigint_mutex->unlock(sigint_mutex); + + sigint_mutex->destroy(sigint_mutex); + sigint_cond->destroy(sigint_cond); +} + +#else /* !WIN32 */ + +/** + * Unix variant + */ +void wait_sigint() +{ + sigset_t set; + int sig; + + sigemptyset(&set); + sigaddset(&set, SIGINT); + sigaddset(&set, SIGTERM); + + sigprocmask(SIG_BLOCK, &set, NULL); + sigwait(&set, &sig); +} + +#endif + /** * Described in header. */ @@ -223,21 +312,30 @@ char* path_dirname(const char *path) { char *pos; - pos = path ? strrchr(path, '/') : NULL; + pos = path ? strrchr(path, DIRECTORY_SEPARATOR[0]) : NULL; if (pos && !pos[1]) { /* if path ends with slashes we have to look beyond them */ - while (pos > path && *pos == '/') + while (pos > path && *pos == DIRECTORY_SEPARATOR[0]) { /* skip trailing slashes */ pos--; } - pos = memrchr(path, '/', pos - path + 1); + pos = memrchr(path, DIRECTORY_SEPARATOR[0], pos - path + 1); } if (!pos) { +#ifdef WIN32 + if (path && strlen(path)) + { + if ((isalpha(path[0]) && path[1] == ':')) + { /* if just a drive letter given, return that as dirname */ + return chunk_clone(chunk_from_chars(path[0], ':', 0)).ptr; + } + } +#endif return strdup("."); } - while (pos > path && *pos == '/') + while (pos > path && *pos == DIRECTORY_SEPARATOR[0]) { /* skip superfluous slashes */ pos--; } @@ -255,19 +353,19 @@ char* path_basename(const char *path) { return strdup("."); } - pos = strrchr(path, '/'); + pos = strrchr(path, DIRECTORY_SEPARATOR[0]); if (pos && !pos[1]) { /* if path ends with slashes we have to look beyond them */ - while (pos > path && *pos == '/') + while (pos > path && *pos == DIRECTORY_SEPARATOR[0]) { /* skip trailing slashes */ pos--; } - if (pos == path && *pos == '/') + if (pos == path && *pos == DIRECTORY_SEPARATOR[0]) { /* contains only slashes */ - return strdup("/"); + return strdup(DIRECTORY_SEPARATOR); } trail = pos + 1; - pos = memrchr(path, '/', trail - path); + pos = memrchr(path, DIRECTORY_SEPARATOR[0], trail - path); } pos = pos ? pos + 1 : (char*)path; return trail ? strndup(pos, trail - pos) : strdup(pos); @@ -276,6 +374,33 @@ char* path_basename(const char *path) /** * Described in header. */ +bool path_absolute(const char *path) +{ + if (!path) + { + return FALSE; + } +#ifdef WIN32 + if (strpfx(path, "\\\\")) + { /* UNC */ + return TRUE; + } + if (strlen(path) && isalpha(path[0]) && path[1] == ':') + { /* drive letter */ + return TRUE; + } +#else /* !WIN32 */ + if (path[0] == DIRECTORY_SEPARATOR[0]) + { + return TRUE; + } +#endif + return FALSE; +} + +/** + * Described in header. + */ bool mkdir_p(const char *path, mode_t mode) { int len; @@ -307,7 +432,11 @@ bool mkdir_p(const char *path, mode_t mode) *pos = '\0'; if (access(full, F_OK) < 0) { +#ifdef WIN32 + if (_mkdir(full) < 0) +#else if (mkdir(full, mode) < 0) +#endif { DBG1(DBG_LIB, "failed to create directory %s", full); return FALSE; @@ -359,6 +488,9 @@ char* tty_escape_get(int fd, tty_escape_t escape) case TTY_BOLD: case TTY_UNDERLINE: case TTY_BLINKING: +#ifdef WIN32 + return ""; +#endif case TTY_FG_BLACK: case TTY_FG_RED: case TTY_FG_GREEN: @@ -378,7 +510,7 @@ char* tty_escape_get(int fd, tty_escape_t escape) case TTY_BG_WHITE: case TTY_BG_DEF: return enum_to_name(tty_color_names, escape); - /* warn if a excape code is missing */ + /* warn if a escape code is missing */ } return ""; } @@ -414,7 +546,11 @@ void closefrom(int lowfd) } /* ...fall back to closing all fds otherwise */ +#ifdef WIN32 + maxfd = _getmaxstdio(); +#else maxfd = (int)sysconf(_SC_OPEN_MAX); +#endif if (maxfd < 0) { maxfd = 256; @@ -431,6 +567,19 @@ void closefrom(int lowfd) */ time_t time_monotonic(timeval_t *tv) { +#ifdef WIN32 + ULONGLONG ms; + time_t s; + + ms = GetTickCount64(); + s = ms / 1000; + if (tv) + { + tv->tv_sec = s; + tv->tv_usec = (ms - (s * 1000)) * 1000; + } + return s; +#else /* !WIN32 */ #if defined(HAVE_CLOCK_GETTIME) && \ (defined(HAVE_CONDATTR_CLOCK_MONOTONIC) || \ defined(HAVE_PTHREAD_COND_TIMEDWAIT_MONOTONIC)) @@ -462,6 +611,7 @@ time_t time_monotonic(timeval_t *tv) return -1; } return tv->tv_sec; +#endif /* !WIN32 */ } /** @@ -514,9 +664,9 @@ void nop() #if !defined(HAVE_GCC_ATOMIC_OPERATIONS) && !defined(HAVE_GCC_SYNC_OPERATIONS) /** - * We use a single mutex for all refcount variables. + * Spinlock for ref_get/put */ -static pthread_mutex_t ref_mutex = PTHREAD_MUTEX_INITIALIZER; +static spinlock_t *ref_lock; /** * Increase refcount @@ -525,9 +675,10 @@ refcount_t ref_get(refcount_t *ref) { refcount_t current; - pthread_mutex_lock(&ref_mutex); + ref_lock->lock(ref_lock); current = ++(*ref); - pthread_mutex_unlock(&ref_mutex); + ref_lock->unlock(ref_lock); + return current; } @@ -538,9 +689,9 @@ bool ref_put(refcount_t *ref) { bool more_refs; - pthread_mutex_lock(&ref_mutex); + ref_lock->lock(ref_lock); more_refs = --(*ref) > 0; - pthread_mutex_unlock(&ref_mutex); + ref_lock->unlock(ref_lock); return !more_refs; } @@ -551,16 +702,17 @@ refcount_t ref_cur(refcount_t *ref) { refcount_t current; - pthread_mutex_lock(&ref_mutex); + ref_lock->lock(ref_lock); current = *ref; - pthread_mutex_unlock(&ref_mutex); + ref_lock->unlock(ref_lock); + return current; } /** - * Single mutex for all compare and swap operations. + * Spinlock for all compare and swap operations. */ -static pthread_mutex_t cas_mutex = PTHREAD_MUTEX_INITIALIZER; +static spinlock_t *cas_lock; /** * Compare and swap if equal to old value @@ -569,9 +721,9 @@ static pthread_mutex_t cas_mutex = PTHREAD_MUTEX_INITIALIZER; bool cas_##name(type *ptr, type oldval, type newval) \ { \ bool swapped; \ - pthread_mutex_lock(&cas_mutex); \ + cas_lock->lock(cas_lock); \ if ((swapped = (*ptr == oldval))) { *ptr = newval; } \ - pthread_mutex_unlock(&cas_mutex); \ + cas_lock->unlock(cas_lock); \ return swapped; \ } @@ -626,6 +778,40 @@ FILE *fmemopen(void *buf, size_t size, const char *mode) #endif /* FMEMOPEN fallback*/ /** + * See header + */ +void utils_init() +{ +#ifdef WIN32 + windows_init(); +#endif + +#if !defined(HAVE_GCC_ATOMIC_OPERATIONS) && !defined(HAVE_GCC_SYNC_OPERATIONS) + ref_lock = spinlock_create(); + cas_lock = spinlock_create(); +#endif + + strerror_init(); +} + +/** + * See header + */ +void utils_deinit() +{ +#ifdef WIN32 + windows_deinit(); +#endif + +#if !defined(HAVE_GCC_ATOMIC_OPERATIONS) && !defined(HAVE_GCC_SYNC_OPERATIONS) + ref_lock->destroy(ref_lock); + cas_lock->destroy(cas_lock); +#endif + + strerror_deinit(); +} + +/** * Described in header. */ int time_printf_hook(printf_hook_data_t *data, printf_hook_spec_t *spec, @@ -637,20 +823,23 @@ int time_printf_hook(printf_hook_data_t *data, printf_hook_spec_t *spec, }; time_t *time = *((time_t**)(args[0])); bool utc = *((int*)(args[1])); - struct tm t; + struct tm t, *ret = NULL; - if (*time == UNDEFINED_TIME) + if (*time != UNDEFINED_TIME) { - return print_in_hook(data, "--- -- --:--:--%s----", - utc ? " UTC " : " "); - } - if (utc) - { - gmtime_r(time, &t); + if (utc) + { + ret = gmtime_r(time, &t); + } + else + { + ret = localtime_r(time, &t); + } } - else + if (ret == NULL) { - localtime_r(time, &t); + return print_in_hook(data, "--- -- --:--:--%s----", + utc ? " UTC " : " "); } return print_in_hook(data, "%s %02d %02d:%02d:%02d%s%04d", months[t.tm_mon], t.tm_mday, t.tm_hour, t.tm_min, diff --git a/src/libstrongswan/utils/utils.h b/src/libstrongswan/utils/utils.h index 392f24e63..961ddb583 100644 --- a/src/libstrongswan/utils/utils.h +++ b/src/libstrongswan/utils/utils.h @@ -26,9 +26,19 @@ #include <stdlib.h> #include <stddef.h> #include <sys/time.h> -#include <arpa/inet.h> #include <string.h> +#ifdef WIN32 +# include "windows.h" +#else +# define _GNU_SOURCE +# include <arpa/inet.h> +# include <sys/socket.h> +# include <netdb.h> +# include <netinet/in.h> +# include <sched.h> +#endif + /** * strongSwan program return codes */ @@ -74,6 +84,25 @@ #include "utils/strerror.h" /** + * Directory separator character in paths on this platform + */ +#ifdef WIN32 +# define DIRECTORY_SEPARATOR "\\" +#else +# define DIRECTORY_SEPARATOR "/" +#endif + +/** + * Initialize utility functions + */ +void utils_init(); + +/** + * Deinitialize utility functions + */ +void utils_deinit(); + +/** * Helper function that compares two strings for equality */ static inline bool streq(const char *x, const char *y) @@ -273,7 +302,7 @@ static inline bool memeq(const void *x, const void *y, size_t len) * TODO: since the uintXX_t types are defined by the C99 standard we should * probably use those anyway */ -#ifdef __sun +#if defined __sun || defined WIN32 #include <stdint.h> typedef uint8_t u_int8_t; typedef uint16_t u_int16_t; @@ -514,6 +543,11 @@ char *translate(char *str, const char *from, const char *to); char *strreplace(const char *str, const char *search, const char *replace); /** + * Portable function to wait for SIGINT/SIGTERM (or equivalent). + */ +void wait_sigint(); + +/** * Like dirname(3) returns the directory part of the given null-terminated * pathname, up to but not including the final '/' (or '.' if no '/' is found). * Trailing '/' are not counted as part of the pathname. @@ -540,6 +574,14 @@ char *path_dirname(const char *path); char *path_basename(const char *path); /** + * Check if a given path is absolute. + * + * @param path path to check + * @return TRUE if absolute, FALSE if relative + */ +bool path_absolute(const char *path); + +/** * Creates a directory and all required parent directories. * * @param path path to the new directory diff --git a/src/libstrongswan/utils/utils/strerror.c b/src/libstrongswan/utils/utils/strerror.c index 95e463f5f..d35bbec68 100644 --- a/src/libstrongswan/utils/utils/strerror.c +++ b/src/libstrongswan/utils/utils/strerror.c @@ -15,7 +15,10 @@ #include <stdlib.h> #include <string.h> -#include <pthread.h> + +#include <library.h> +#include <threading/thread_value.h> +#include <threading/spinlock.h> #include "strerror.h" @@ -25,22 +28,16 @@ #define STRERROR_BUF_LEN 256 /** - * Key to store thread-specific error buffer - */ -static pthread_key_t strerror_buf_key; - -/** - * Only initialize the key above once + * Thread specific strerror buffer, as char* */ -static pthread_once_t strerror_buf_key_once = PTHREAD_ONCE_INIT; +static thread_value_t *strerror_buf; +#ifndef HAVE_STRERROR_R /** - * Create the key used for the thread-specific error buffer + * Lock to access strerror() safely */ -static void create_strerror_buf_key() -{ - pthread_key_create(&strerror_buf_key, free); -} +static spinlock_t *strerror_lock; +#endif /* HAVE_STRERROR_R */ /** * Retrieve the error buffer assigned to the current thread (or create it) @@ -48,50 +45,103 @@ static void create_strerror_buf_key() static inline char *get_strerror_buf() { char *buf; + bool old = FALSE; - pthread_once(&strerror_buf_key_once, create_strerror_buf_key); - buf = pthread_getspecific(strerror_buf_key); + if (!strerror_buf) + { + return NULL; + } + + buf = strerror_buf->get(strerror_buf); if (!buf) { + if (lib->leak_detective) + { + old = lib->leak_detective->set_state(lib->leak_detective, FALSE); + } buf = malloc(STRERROR_BUF_LEN); - pthread_setspecific(strerror_buf_key, buf); + strerror_buf->set(strerror_buf, buf); + if (lib->leak_detective) + { + lib->leak_detective->set_state(lib->leak_detective, old); + } } return buf; } -#ifdef HAVE_STRERROR_R +/** + * Use real strerror() below + */ +#undef strerror + /* * Described in header. */ const char *strerror_safe(int errnum) { - char *buf = get_strerror_buf(), *msg; + char *buf, *msg; -#ifdef STRERROR_R_CHAR_P + buf = get_strerror_buf(); + if (!buf) + { + /* library not initialized? fallback */ + return strerror(errnum); + } +#ifdef HAVE_STRERROR_R +# ifdef STRERROR_R_CHAR_P /* char* version which may or may not return the original buffer */ msg = strerror_r(errnum, buf, STRERROR_BUF_LEN); -#else +# else /* int version returns 0 on success */ msg = strerror_r(errnum, buf, STRERROR_BUF_LEN) ? "Unknown error" : buf; -#endif +# endif +#else /* HAVE_STRERROR_R */ + /* use a lock to ensure calling strerror(3) is thread-safe */ + strerror_lock->lock(strerror_lock); + msg = strncpy(buf, strerror(errnum), STRERROR_BUF_LEN); + strerror_lock->unlock(strerror_lock); + buf[STRERROR_BUF_LEN - 1] = '\0'; +#endif /* HAVE_STRERROR_R */ return msg; } -#else /* HAVE_STRERROR_R */ -/* we actually wan't to call strerror(3) below */ -#undef strerror -/* - * Described in header. + +/** + * free() with disabled leak detective */ -const char *strerror_safe(int errnum) +static void free_no_ld(void *buf) { - static pthread_mutex_t mutex = PTHREAD_MUTEX_INITIALIZER; - char *buf = get_strerror_buf(); + bool old = FALSE; - /* use a mutex to ensure calling strerror(3) is thread-safe */ - pthread_mutex_lock(&mutex); - strncpy(buf, strerror(errnum), STRERROR_BUF_LEN); - pthread_mutex_unlock(&mutex); - buf[STRERROR_BUF_LEN - 1] = '\0'; - return buf; + if (lib->leak_detective) + { + old = lib->leak_detective->set_state(lib->leak_detective, FALSE); + } + free(buf); + if (lib->leak_detective) + { + lib->leak_detective->set_state(lib->leak_detective, old); + } +} + +/** + * See header + */ +void strerror_init() +{ + strerror_buf = thread_value_create(free_no_ld); +#ifndef HAVE_STRERROR_R + strerror_lock = spinlock_create(); +#endif +} + +/** + * See header + */ +void strerror_deinit() +{ + strerror_buf->destroy(strerror_buf); + strerror_buf = NULL; +#ifndef HAVE_STRERROR_R + strerror_lock->destroy(strerror_lock); +#endif } -#endif /* HAVE_STRERROR_R */ diff --git a/src/libstrongswan/utils/utils/strerror.h b/src/libstrongswan/utils/utils/strerror.h index 2cb76f12e..e1b063842 100644 --- a/src/libstrongswan/utils/utils/strerror.h +++ b/src/libstrongswan/utils/utils/strerror.h @@ -33,6 +33,16 @@ const char *strerror_safe(int errnum); /** + * Initialize strerror_safe() + */ +void strerror_init(); + +/** + * Deinitialize strerror_safe() + */ +void strerror_deinit(); + +/** * Replace usages of strerror(3) with thread-safe variant. */ #define strerror(errnum) strerror_safe(errnum) diff --git a/src/libstrongswan/utils/windows.c b/src/libstrongswan/utils/windows.c new file mode 100644 index 000000000..741d199ec --- /dev/null +++ b/src/libstrongswan/utils/windows.c @@ -0,0 +1,503 @@ +/* + * Copyright (C) 2013 Martin Willi + * Copyright (C) 2013 revosec AG + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "utils.h" + +#include <errno.h> + +/** + * See header + */ +void windows_init() +{ + WSADATA wsad; + + /* initialize winsock2 */ + WSAStartup(MAKEWORD(2, 2), &wsad); +} + +/** + * See header + */ +void windows_deinit() +{ + WSACleanup(); +} + +/** + * See header + */ +int usleep(useconds_t usec) +{ + if (usec > 0 && usec < 1000) + { /* do not Sleep(0) for small values */ + usec = 1000; + } + SleepEx(usec / 1000, TRUE); + return 0; +} + +/** + * See header. + */ +char* strndup(const char *s, size_t n) +{ + char *dst; + + n = min(strnlen(s, n), n); + dst = malloc(n + 1); + memcpy(dst, s, n); + dst[n] = '\0'; + + return dst; +} + +/* + * See header. + */ +void *dlopen(const char *filename, int flag) +{ + return LoadLibrary(filename); +} + +/** + * Load a symbol from known default libs (monolithic build) + */ +static void* dlsym_default(const char *name) +{ + const char *dlls[] = { + "libstrongswan-0.dll", + "libhydra-0.dll", + "libcharon-0.dll", + "libtnccs-0.dll", + NULL /* .exe */ + }; + HANDLE handle; + void *sym = NULL; + int i; + + for (i = 0; i < countof(dlls); i++) + { + handle = GetModuleHandle(dlls[i]); + if (handle) + { + sym = GetProcAddress(handle, name); + if (sym) + { + break; + } + } + } + return sym; +} + +/** + * Emulate RTLD_NEXT for some known symbols + */ +static void* dlsym_next(const char *name) +{ + struct { + const char *dll; + const char *syms[4]; + } dlls[] = { + /* for leak detective */ + { "msvcrt", + { "malloc", "calloc", "realloc", "free" } + }, + }; + HANDLE handle = NULL; + int i, j; + + for (i = 0; i < countof(dlls); i++) + { + for (j = 0; j < countof(dlls[0].syms); j++) + { + if (dlls[i].syms[j] && streq(dlls[i].syms[j], name)) + { + handle = GetModuleHandle(dlls[i].dll); + break; + } + } + } + if (handle) + { + return GetProcAddress(handle, name); + } + return handle; +} + +/** + * See header. + */ +void* dlsym(void *handle, const char *symbol) +{ + if (handle == RTLD_DEFAULT) + { + return dlsym_default(symbol); + } + if (handle == RTLD_NEXT) + { + return dlsym_next(symbol); + } + return GetProcAddress((HMODULE)handle, symbol); +} + +/** + * See header. + */ +char* dlerror(void) +{ + static char buf[128]; + char *pos; + DWORD err; + + err = GetLastError(); + if (FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_IGNORE_INSERTS, + NULL, err, 0, buf, sizeof(buf), NULL) > 0) + { + pos = strchr(buf, '\n'); + if (pos) + { + *pos = '\0'; + } + } + else + { + snprintf(buf, sizeof(buf), "(%u)", err); + } + return buf; +} + +/** + * See header. + */ +int dlclose(void *handle) +{ + return FreeLibrary((HMODULE)handle); +} + +/** + * See header + */ +int socketpair(int domain, int type, int protocol, int sv[2]) +{ + struct sockaddr_in addr = { + .sin_family = AF_INET, + .sin_addr.s_addr = htonl(INADDR_LOOPBACK), + }; + socklen_t len = sizeof(addr); + int s, c, sc; + BOOL on; + + /* We don't check domain for AF_INET, as we use it as replacement for + * AF_UNIX. */ + if (type != SOCK_STREAM) + { + errno = EINVAL; + return -1; + } + if (protocol != 0 && protocol != IPPROTO_TCP) + { + errno = EINVAL; + return -1; + } + s = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); + if (s == -1) + { + return -1; + } + c = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); + if (c == -1) + { + closesocket(c); + return -1; + } + if (bind(s, (struct sockaddr*)&addr, sizeof(addr)) == 0 && + getsockname(s,(struct sockaddr*)&addr, &len) == 0 && + listen(s, 0) == 0 && + connect(c, (struct sockaddr*)&addr, sizeof(addr)) == 0) + { + sc = accept(s, NULL, NULL); + if (sc > 0) + { + closesocket(s); + s = sc; + if (setsockopt(s, IPPROTO_TCP, TCP_NODELAY, + (void*)&on, sizeof(on)) == 0 && + setsockopt(c, IPPROTO_TCP, TCP_NODELAY, + (void*)&on, sizeof(on)) == 0) + { + sv[0] = s; + sv[1] = c; + return 0; + } + } + } + closesocket(s); + closesocket(c); + return -1; +} + +/** + * See header + */ +char* getpass(const char *prompt) +{ + static char buf[64] = ""; + char *pos; + HANDLE in, out; + DWORD mode, written = 0, total, done; + + out = GetStdHandle(STD_OUTPUT_HANDLE); + in = GetStdHandle(STD_INPUT_HANDLE); + + if (out == INVALID_HANDLE_VALUE || in == INVALID_HANDLE_VALUE || + !GetConsoleMode(out, &mode) || !GetConsoleMode(in, &mode)) + { + return NULL; + } + + total = strlen(prompt); + while (written < total) + { + if (!WriteConsole(out, prompt + written, total - written, &done, NULL)) + { + return NULL; + } + written += done; + } + + if (!SetConsoleMode(in, mode & ~ENABLE_ECHO_INPUT)) + { + return NULL; + } + + while (TRUE) + { + if (!ReadConsole(in, buf, sizeof(buf), &done, NULL)) + { + SetConsoleMode(in, mode); + return NULL; + } + if (done) + { + pos = strchr(buf, '\r'); + if (pos) + { + *pos = '\0'; + } + break; + } + } + SetConsoleMode(in, mode); + + /* append a newline, as we have no echo during input */ + WriteConsole(out, "\r\n", 2, &done, NULL); + + return buf; +} + +/** + * Set errno for a function setting WSA error on failure + */ +static int wserr(int retval) +{ + if (retval < 0) + { + switch (WSAGetLastError()) + { + case WSANOTINITIALISED: + errno = EBADF; + break; + case WSAENETDOWN: + errno = ENETDOWN; + break; + case WSAENETRESET: + errno = ENETRESET; + break; + case WSAESHUTDOWN: + errno = ECONNABORTED; + break; + case WSAEACCES: + errno = EACCES; + break; + case WSAEINTR: + errno = EINTR; + break; + case WSAEINPROGRESS: + errno = EINPROGRESS; + break; + case WSAEFAULT: + errno = EFAULT; + break; + case WSAENOBUFS: + errno = ENOBUFS; + break; + case WSAENOTSOCK: + errno = ENOTSOCK; + break; + case WSAEOPNOTSUPP: + errno = EOPNOTSUPP; + break; + case WSAEWOULDBLOCK: + errno = EWOULDBLOCK; + break; + case WSAEMSGSIZE: + errno = EMSGSIZE; + break; + case WSAEINVAL: + errno = EINVAL; + break; + case WSAENOTCONN: + errno = ENOTCONN; + break; + case WSAEHOSTUNREACH: + errno = EHOSTUNREACH; + break; + case WSAECONNABORTED: + errno = ECONNABORTED; + break; + case WSAECONNRESET: + errno = ECONNRESET; + break; + case WSAETIMEDOUT: + errno = ETIMEDOUT; + break; + default: + errno = ENOENT; + break; + } + } + else + { + errno = 0; + } + return retval; +} + +/** + * Check and clear the dontwait flag + */ +static bool check_dontwait(int *flags) +{ + if (*flags & MSG_DONTWAIT) + { + *flags &= ~MSG_DONTWAIT; + return TRUE; + } + return FALSE; +} + +/** + * See header + */ +#undef close +int windows_close(int fd) +{ + int ret; + + ret = close(fd); + if (ret == -1 && errno == EBADF) + { /* Winsock socket? */ + ret = wserr(closesocket(fd)); + } + return ret; +} + +/** + * See header + */ +#undef recv +ssize_t windows_recv(int sockfd, void *buf, size_t len, int flags) +{ + u_long on = 1, off = 0; + ssize_t outlen = -1; + + if (!check_dontwait(&flags)) + { + return wserr(recv(sockfd, buf, len, flags)); + } + if (wserr(ioctlsocket(sockfd, FIONBIO, &on) == 0)) + { + outlen = wserr(recv(sockfd, buf, len, flags)); + ioctlsocket(sockfd, FIONBIO, &off); + } + return outlen; +} + +/** + * See header + */ +#undef recvfrom +ssize_t windows_recvfrom(int sockfd, void *buf, size_t len, int flags, + struct sockaddr *src_addr, socklen_t *addrlen) +{ + u_long on = 1, off = 0; + ssize_t outlen = -1; + + if (!check_dontwait(&flags)) + { + return wserr(recvfrom(sockfd, buf, len, flags, src_addr, addrlen)); + } + if (wserr(ioctlsocket(sockfd, FIONBIO, &on)) == 0) + { + outlen = wserr(recvfrom(sockfd, buf, len, flags, src_addr, addrlen)); + ioctlsocket(sockfd, FIONBIO, &off); + } + return outlen; +} + +/** + * See header + */ +#undef send +ssize_t windows_send(int sockfd, const void *buf, size_t len, int flags) +{ + u_long on = 1, off = 0; + ssize_t outlen = -1; + + if (!check_dontwait(&flags)) + { + return wserr(send(sockfd, buf, len, flags)); + } + if (wserr(ioctlsocket(sockfd, FIONBIO, &on)) == 0) + { + outlen = wserr(send(sockfd, buf, len, flags)); + ioctlsocket(sockfd, FIONBIO, &off); + } + return outlen; +} + +/** + * See header + */ +#undef sendto +ssize_t windows_sendto(int sockfd, const void *buf, size_t len, int flags, + const struct sockaddr *dest_addr, socklen_t addrlen) +{ + u_long on = 1, off = 0; + ssize_t outlen = -1; + + if (!check_dontwait(&flags)) + { + return wserr(sendto(sockfd, buf, len, flags, dest_addr, addrlen)); + } + if (wserr(ioctlsocket(sockfd, FIONBIO, &on)) == 0) + { + outlen = wserr(sendto(sockfd, buf, len, flags, dest_addr, addrlen)); + ioctlsocket(sockfd, FIONBIO, &off); + } + return outlen; +} diff --git a/src/libstrongswan/utils/windows.h b/src/libstrongswan/utils/windows.h new file mode 100644 index 000000000..b66138644 --- /dev/null +++ b/src/libstrongswan/utils/windows.h @@ -0,0 +1,506 @@ +/* + * Copyright (C) 2013 Martin Willi + * Copyright (C) 2013 revosec AG + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup windows windows + * @{ @ingroup utils + */ + +#ifndef WINDOWS_H_ +#define WINDOWS_H_ + +#include <winsock2.h> +#include <ws2tcpip.h> +#include <direct.h> +#include <inttypes.h> +#include <unistd.h> + +/* undef Windows variants evaluating values more than once */ +#undef min +#undef max + +/* interface is defined as an alias to "struct" in basetypes.h, but + * we use it here and there as ordinary identifier. */ +#undef interface + +/* used by Windows API, but we have our own */ +#undef CALLBACK + +/* UID/GID types for capabilities, even if not supported */ +typedef u_int uid_t; +typedef u_int gid_t; + +/** + * Initialize Windows libraries + */ +void windows_init(); + +/** + * Deinitialize windows libraries + */ +void windows_deinit(); + +/** + * Replacement for random(3) + */ +static inline long random(void) +{ + return rand(); +} + +/** + * Replacement for srandom(3) + */ +static inline void srandom(unsigned int seed) +{ + srand(seed); +} + +/** + * Replacement of sched_yield(2) from <sched.h> + */ +static inline int sched_yield(void) +{ + Sleep(0); + return 0; +} + +/** + * Replacement of sleep(3), cancellable by thread_cancel() + */ +#define sleep sleep_cancellable +static inline int sleep_cancellable(unsigned int seconds) +{ + SleepEx(seconds * 1000, TRUE); + return 0; +} + +/** + * Replacement of usleep(3), cancellable, ms resolution only + */ +int usleep(useconds_t usec); + +/** + * strdup(3), the Windows variant can't free(strdup("")) and others + */ +#define strdup strdup_windows +static inline char* strdup_windows(const char *src) +{ + size_t len; + char *dst; + + len = strlen(src) + 1; + dst = malloc(len); + memcpy(dst, src, len); + return dst; +} + +/** + * strndup(3) + */ +char* strndup(const char *s, size_t n); + +/** + * Provided via ws2_32 + */ +#ifndef InetNtop +const char *inet_ntop(int af, const void *src, char *dst, socklen_t size); +#endif + +/** + * Provided via ws2_32 + */ +#ifndef InetPton +int inet_pton(int af, const char *src, void *dst); +#endif + +/** + * Provided by printf hook backend + */ +int asprintf(char **strp, const char *fmt, ...); + +/** + * Provided by printf hook backend + */ +int vasprintf(char **strp, const char *fmt, va_list ap); + +/** + * timeradd(3) from <sys/time.h> + */ +static inline void timeradd(struct timeval *a, struct timeval *b, + struct timeval *res) +{ + res->tv_sec = a->tv_sec + b->tv_sec; + res->tv_usec = a->tv_usec + b->tv_usec; + if (res->tv_usec >= 1000000) + { + res->tv_usec -= 1000000; + res->tv_sec++; + } +} + +/** + * timersub(3) from <sys/time.h> + */ +static inline void timersub(struct timeval *a, struct timeval *b, + struct timeval *res) +{ + res->tv_sec = a->tv_sec - b->tv_sec; + res->tv_usec = a->tv_usec - b->tv_usec; + if (res->tv_usec < 0) + { + res->tv_usec += 1000000; + res->tv_sec--; + } +} + +/** + * gmtime_r(3) from <time.h> + */ +static inline struct tm *gmtime_r(const time_t *timep, struct tm *result) +{ + struct tm *ret; + + /* gmtime_s() and friends seem not to be implemented/functioning. + * Relying on gmtime() on Windows works as well, as it uses thread + * specific buffers. */ + ret = gmtime(timep); + if (ret) + { + memcpy(result, ret, sizeof(*result)); + } + return ret; +} + +/** + * localtime_r(3) from <time.h> + */ +static inline struct tm *localtime_r(const time_t *timep, struct tm *result) +{ + struct tm *ret; + + /* localtime_s() and friends seem not to be implemented/functioning. + * Relying on localtime() on Windows works as well, as it uses thread + * specific buffers. */ + ret = localtime(timep); + if (ret) + { + memcpy(result, ret, sizeof(*result)); + } + return ret; +} + +/** + * setenv(3) from <stdlib.h>, overwrite flag is ignored + */ +static inline int setenv(const char *name, const char *value, int overwrite) +{ + if (SetEnvironmentVariableA(name, value) == 0) + { /* failed */ + return -1; + } + return 0; +} + +/** + * Lazy binding, ignored on Windows + */ +#define RTLD_LAZY 1 + +/** + * Default handle targeting .exe + */ +#define RTLD_DEFAULT (NULL) + +/** + * Find symbol in next library + */ +#define RTLD_NEXT ((void*)~(uintptr_t)0) + +/** + * dlopen(3) from <dlfcn.h> + */ +void* dlopen(const char *filename, int flag); + +/** + * dlsym() from <dlfcn.h> + */ +void* dlsym(void *handle, const char *symbol); + +/** + * dlerror(3) from <dlfcn.h>, currently not thread save + */ +char* dlerror(void); + +/** + * dlclose() from <dlfcn.h> + */ +int dlclose(void *handle); + +/** + * socketpair(2) for SOCK_STREAM, uses TCP on loopback + */ +int socketpair(int domain, int type, int protocol, int sv[2]); + +/** + * getpass(3) on Windows consoles + */ +char* getpass(const char *prompt); +#define HAVE_GETPASS + +/** + * Map MSG_DONTWAIT to the reserved, but deprecated MSG_INTERRUPT + */ +#define MSG_DONTWAIT MSG_INTERRUPT + +/** + * shutdown(2) "how"-aliases, to use Unix variant on Windows + */ +#define SHUT_RD SD_RECEIVE +#define SHUT_WR SD_SEND +#define SHUT_RDWR SD_BOTH + +/** + * close(2) working for file handles and Winsock sockets + */ +#define close windows_close +int windows_close(int fd); + +/** + * recv(2) with support for MSG_DONTWAIT + */ +#define recv windows_recv +ssize_t windows_recv(int sockfd, void *buf, size_t len, int flags); + +/** + * recvfrom(2) with support for MSG_DONTWAIT + */ +#define recvfrom windows_recvfrom +ssize_t windows_recvfrom(int sockfd, void *buf, size_t len, int flags, + struct sockaddr *src_addr, socklen_t *addrlen); + +/** + * recvfrom(2) with support for MSG_DONTWAIT + */ +#define send windows_send +ssize_t windows_send(int sockfd, const void *buf, size_t len, int flags); + +/** + * recvfrom(2) with support for MSG_DONTWAIT + */ +#define sendto windows_send +ssize_t windows_sendto(int sockfd, const void *buf, size_t len, int flags, + const struct sockaddr *dest_addr, socklen_t addrlen); + +/** + * MinGW does provide extended errno values. Windows itself knowns them + * for POSIX compatibility; we define them as well. + */ +#ifndef EADDRINUSE +#define EADDRINUSE 100 +#endif +#ifndef EADDRNOTAVAIL +#define EADDRNOTAVAIL 101 +#endif +#ifndef EAFNOSUPPORT +#define EAFNOSUPPORT 102 +#endif +#ifndef EALREADY +#define EALREADY 103 +#endif +#ifndef EBADMSG +#define EBADMSG 104 +#endif +#ifndef ECANCELED +#define ECANCELED 105 +#endif +#ifndef ECONNABORTED +#define ECONNABORTED 106 +#endif +#ifndef ECONNREFUSED +#define ECONNREFUSED 107 +#endif +#ifndef ECONNRESET +#define ECONNRESET 108 +#endif +#ifndef EDESTADDRREQ +#define EDESTADDRREQ 109 +#endif +#ifndef EHOSTUNREACH +#define EHOSTUNREACH 110 +#endif +#ifndef EIDRM +#define EIDRM 111 +#endif +#ifndef EINPROGRESS +#define EINPROGRESS 112 +#endif +#ifndef EISCONN +#define EISCONN 113 +#endif +#ifndef ELOOP +#define ELOOP 114 +#endif +#ifndef EMSGSIZE +#define EMSGSIZE 115 +#endif +#ifndef ENETDOWN +#define ENETDOWN 116 +#endif +#ifndef ENETRESET +#define ENETRESET 117 +#endif +#ifndef ENETUNREACH +#define ENETUNREACH 118 +#endif +#ifndef ENOBUFS +#define ENOBUFS 119 +#endif +#ifndef ENODATA +#define ENODATA 120 +#endif +#ifndef ENOLINK +#define ENOLINK 121 +#endif +#ifndef ENOMSG +#define ENOMSG 122 +#endif +#ifndef ENOPROTOOPT +#define ENOPROTOOPT 123 +#endif +#ifndef ENOSR +#define ENOSR 124 +#endif +#ifndef ENOSTR +#define ENOSTR 125 +#endif +#ifndef ENOTCONN +#define ENOTCONN 126 +#endif +#ifndef ENOTRECOVERABLE +#define ENOTRECOVERABLE 127 +#endif +#ifndef ENOTSOCK +#define ENOTSOCK 128 +#endif +#ifndef ENOTSUP +#define ENOTSUP 129 +#endif +#ifndef EOPNOTSUPP +#define EOPNOTSUPP 130 +#endif +#ifndef EOTHER +#define EOTHER 131 +#endif +#ifndef EOVERFLOW +#define EOVERFLOW 132 +#endif +#ifndef EOWNERDEAD +#define EOWNERDEAD 133 +#endif +#ifndef EPROTO +#define EPROTO 134 +#endif +#ifndef EPROTONOSUPPORT +#define EPROTONOSUPPORT 135 +#endif +#ifndef EPROTOTYPE +#define EPROTOTYPE 136 +#endif +#ifndef ETIME +#define ETIME 137 +#endif +#ifndef ETIMEDOUT +#define ETIMEDOUT 138 +#endif +#ifndef ETXTBSY +#define ETXTBSY 139 +#endif +#ifndef EWOULDBLOCK +#define EWOULDBLOCK 140 +#endif + + +/* Windows does not support "ll" format printf length modifiers. Mingw + * therefore maps these to the Windows specific I64 length modifier. That + * won't work for us, as we use our own printf backend on Windows, which works + * just fine with "ll". */ +#undef PRId64 +#define PRId64 "lld" +#undef PRId64 +#define PRId64 "lld" +#undef PRIdLEAST64 +#define PRIdLEAST64 "lld" +#undef PRIdFAST64 +#define PRIdFAST64 "lld" +#undef PRIdMAX +#define PRIdMAX "lld" +#undef PRIi64 +#define PRIi64 "lli" +#undef PRIiLEAST64 +#define PRIiLEAST64 "lli" +#undef PRIiFAST64 +#define PRIiFAST64 "lli" +#undef PRIiMAX +#define PRIiMAX "lli" +#undef PRIo64 +#define PRIo64 "llo" +#undef PRIoLEAST64 +#define PRIoLEAST64 "llo" +#undef PRIoFAST64 +#define PRIoFAST64 "llo" +#undef PRIoMAX +#define PRIoMAX "llo" +#undef PRIu64 +#define PRIu64 "llu" +#undef PRIuLEAST64 +#define PRIuLEAST64 "llu" +#undef PRIuFAST64 +#define PRIuFAST64 "llu" +#undef PRIuMAX +#define PRIuMAX "llu" +#undef PRIx64 +#define PRIx64 "llx" +#undef PRIxLEAST64 +#define PRIxLEAST64 "llx" +#undef PRIxFAST64 +#define PRIxFAST64 "llx" +#undef PRIxMAX +#define PRIxMAX "llx" +#undef PRIX64 +#define PRIX64 "llX" +#undef PRIXLEAST64 +#define PRIXLEAST64 "llX" +#undef PRIXFAST64 +#define PRIXFAST64 "llX" +#undef PRIXMAX +#define PRIXMAX "llX" + +#ifdef _WIN64 +# undef PRIdPTR +# define PRIdPTR "lld" +# undef PRIiPTR +# define PRIiPTR "lli" +# undef PRIoPTR +# define PRIoPTR "llo" +# undef PRIuPTR +# define PRIuPTR "llu" +# undef PRIxPTR +# define PRIxPTR "llx" +# undef PRIXPTR +# define PRIXPTR "llX" +#endif /* _WIN64 */ + +#endif /** WINDOWS_H_ @}*/ diff --git a/src/libtls/Makefile.am b/src/libtls/Makefile.am index d565a1479..b6496363c 100644 --- a/src/libtls/Makefile.am +++ b/src/libtls/Makefile.am @@ -14,6 +14,10 @@ libtls_la_SOURCES = \ libtls_la_LIBADD = \ $(top_builddir)/src/libstrongswan/libstrongswan.la +if USE_WINDOWS + libtls_la_LIBADD += -lws2_32 +endif + if USE_DEV_HEADERS tls_includedir = ${dev_headers}/tls nobase_tls_include_HEADERS = \ diff --git a/src/libtnccs/Makefile.am b/src/libtnccs/Makefile.am index 22a3b93b0..7a630fe54 100644 --- a/src/libtnccs/Makefile.am +++ b/src/libtnccs/Makefile.am @@ -12,6 +12,10 @@ libtnccs_la_LIBADD = \ $(top_builddir)/src/libstrongswan/libstrongswan.la \ $(top_builddir)/src/libtncif/libtncif.la +if USE_WINDOWS + libtnccs_la_LIBADD += -lws2_32 +endif + libtnccs_la_SOURCES = \ tnc/tnc.h tnc/tnc.c \ tnc/imc/imc.h tnc/imc/imc_manager.h \ @@ -72,5 +76,3 @@ if MONOLITHIC libtnccs_la_LIBADD += plugins/tnccs_dynamic/libstrongswan-tnccs-dynamic.la endif endif - - diff --git a/src/libtnccs/plugins/tnc_imc/Makefile.am b/src/libtnccs/plugins/tnc_imc/Makefile.am index b2c26cbff..5e181044a 100644 --- a/src/libtnccs/plugins/tnc_imc/Makefile.am +++ b/src/libtnccs/plugins/tnc_imc/Makefile.am @@ -5,7 +5,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libtls AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-tnc-imc.la diff --git a/src/libtnccs/plugins/tnc_imc/tnc_imc.c b/src/libtnccs/plugins/tnc_imc/tnc_imc.c index 2d556d9d9..623da7f62 100644 --- a/src/libtnccs/plugins/tnc_imc/tnc_imc.c +++ b/src/libtnccs/plugins/tnc_imc/tnc_imc.c @@ -15,7 +15,9 @@ #include "tnc_imc.h" +#ifndef WIN32 #include <dlfcn.h> +#endif #include <tncif_pa_subtypes.h> @@ -95,7 +97,7 @@ METHOD(imc_t, add_id, void, void *pointer; /* store the scalar value in the pointer */ - pointer = (void*)id; + pointer = (void*)(uintptr_t)id; this->additional_ids->insert_last(this->additional_ids, pointer); } @@ -124,7 +126,7 @@ METHOD(imc_t, has_id, bool, while (enumerator->enumerate(enumerator, &pointer)) { /* interpret pointer as scalar value */ - additional_id = (TNC_UInt32)pointer; + additional_id = (uintptr_t)pointer; if (id == additional_id) { diff --git a/src/libtnccs/plugins/tnc_imv/Makefile.am b/src/libtnccs/plugins/tnc_imv/Makefile.am index 0541d4c86..8e2af6370 100644 --- a/src/libtnccs/plugins/tnc_imv/Makefile.am +++ b/src/libtnccs/plugins/tnc_imv/Makefile.am @@ -5,7 +5,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libtls AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-tnc-imv.la diff --git a/src/libtnccs/plugins/tnc_imv/tnc_imv.c b/src/libtnccs/plugins/tnc_imv/tnc_imv.c index ab2e55253..039f1fcf1 100644 --- a/src/libtnccs/plugins/tnc_imv/tnc_imv.c +++ b/src/libtnccs/plugins/tnc_imv/tnc_imv.c @@ -15,7 +15,9 @@ #include "tnc_imv.h" +#ifndef WIN32 #include <dlfcn.h> +#endif #include <tncif_pa_subtypes.h> diff --git a/src/libtnccs/plugins/tnc_tnccs/Makefile.am b/src/libtnccs/plugins/tnc_tnccs/Makefile.am index f16bf8e1b..05a854a15 100644 --- a/src/libtnccs/plugins/tnc_tnccs/Makefile.am +++ b/src/libtnccs/plugins/tnc_tnccs/Makefile.am @@ -5,7 +5,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libtnccs AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-tnc-tnccs.la diff --git a/src/libtnccs/plugins/tnccs_11/Makefile.am b/src/libtnccs/plugins/tnccs_11/Makefile.am index cbe0b8e19..fc22c46ff 100644 --- a/src/libtnccs/plugins/tnccs_11/Makefile.am +++ b/src/libtnccs/plugins/tnccs_11/Makefile.am @@ -6,7 +6,7 @@ AM_CPPFLAGS = \ AM_CFLAGS = \ ${xml_CFLAGS} \ - -rdynamic + $(PLUGIN_CFLAGS) libstrongswan_tnccs_11_la_LIBADD = ${xml_LIBS} diff --git a/src/libtnccs/plugins/tnccs_20/Makefile.am b/src/libtnccs/plugins/tnccs_20/Makefile.am index f64526eda..2aefecd26 100644 --- a/src/libtnccs/plugins/tnccs_20/Makefile.am +++ b/src/libtnccs/plugins/tnccs_20/Makefile.am @@ -5,7 +5,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libtnccs AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-tnccs-20.la diff --git a/src/libtnccs/plugins/tnccs_dynamic/Makefile.am b/src/libtnccs/plugins/tnccs_dynamic/Makefile.am index 1a2887816..23eb7f17a 100644 --- a/src/libtnccs/plugins/tnccs_dynamic/Makefile.am +++ b/src/libtnccs/plugins/tnccs_dynamic/Makefile.am @@ -5,7 +5,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libtnccs AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-tnccs-dynamic.la diff --git a/src/libtnccs/tnc/tnc.c b/src/libtnccs/tnc/tnc.c index e002b10e0..80ba61c5a 100644 --- a/src/libtnccs/tnc/tnc.c +++ b/src/libtnccs/tnc/tnc.c @@ -26,6 +26,12 @@ #include <utils/lexparser.h> #include <utils/debug.h> +#ifdef WIN32 +# define DEFAULT_TNC_CONFIG "tnc_config" +#else +# define DEFAULT_TNC_CONFIG "/etc/tnc_config" +#endif + typedef struct private_tnc_t private_tnc_t; typedef tnccs_manager_t *(*tnc_create_tnccs_manager_t)(void); @@ -251,7 +257,7 @@ bool tnc_manager_register(plugin_t *plugin, plugin_feature_t *feature, { load_imcvs_from_config( lib->settings->get_str(lib->settings, - "%s.tnc.tnc_config", "/etc/tnc_config", lib->ns), + "%s.tnc.tnc_config", DEFAULT_TNC_CONFIG, lib->ns), is_imc); } } diff --git a/src/manager/Makefile.am b/src/manager/Makefile.am index 41001dd8b..a4f151ca4 100644 --- a/src/manager/Makefile.am +++ b/src/manager/Makefile.am @@ -22,7 +22,7 @@ AM_CPPFLAGS = \ AM_CFLAGS = \ ${xml_CFLAGS} \ - -rdynamic + $(PLUGIN_CFLAGS) # Don't forget to add templates to EXTRA_DIST !!! How to automate? manager_templatesdir = ${managerdir}/templates diff --git a/src/medsrv/Makefile.am b/src/medsrv/Makefile.am index 40bafd856..94ab0cf67 100644 --- a/src/medsrv/Makefile.am +++ b/src/medsrv/Makefile.am @@ -18,7 +18,7 @@ AM_CPPFLAGS = \ -DPLUGINS=\""${medsrv_plugins}\"" AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) # Don't forget to add templates to EXTRA_DIST !!! How to automate? medsrv_templatesdir = ${medsrvdir}/templates diff --git a/src/pki/commands/acert.c b/src/pki/commands/acert.c index 4a11c4716..185aa40b4 100644 --- a/src/pki/commands/acert.c +++ b/src/pki/commands/acert.c @@ -196,6 +196,7 @@ static int acert() } else { + set_file_mode(stdin, CERT_ASN1_DER); if (!chunk_from_fd(0, &encoding)) { fprintf(stderr, "%s: ", strerror(errno)); @@ -232,6 +233,7 @@ static int acert() error = "encoding attribute certificate failed"; goto end; } + set_file_mode(stdout, form); if (fwrite(encoding.ptr, encoding.len, 1, stdout) != 1) { error = "writing attribute certificate key failed"; diff --git a/src/pki/commands/gen.c b/src/pki/commands/gen.c index b74be7d98..ce28a0971 100644 --- a/src/pki/commands/gen.c +++ b/src/pki/commands/gen.c @@ -133,6 +133,7 @@ static int gen() return 1; } key->destroy(key); + set_file_mode(stdout, form); if (fwrite(encoding.ptr, encoding.len, 1, stdout) != 1) { fprintf(stderr, "writing private key failed\n"); @@ -163,4 +164,3 @@ static void __attribute__ ((constructor))reg() } }); } - diff --git a/src/pki/commands/issue.c b/src/pki/commands/issue.c index 339a88042..aaa2c2ff7 100644 --- a/src/pki/commands/issue.c +++ b/src/pki/commands/issue.c @@ -402,6 +402,7 @@ static int issue() { chunk_t chunk; + set_file_mode(stdin, CERT_ASN1_DER); if (!chunk_from_fd(0, &chunk)) { fprintf(stderr, "%s: ", strerror(errno)); @@ -500,6 +501,7 @@ static int issue() error = "encoding certificate failed"; goto end; } + set_file_mode(stdout, form); if (fwrite(encoding.ptr, encoding.len, 1, stdout) != 1) { error = "writing certificate key failed"; diff --git a/src/pki/commands/keyid.c b/src/pki/commands/keyid.c index 64bb3cc2c..c3ac0c288 100644 --- a/src/pki/commands/keyid.c +++ b/src/pki/commands/keyid.c @@ -91,6 +91,7 @@ static int keyid() { chunk_t chunk; + set_file_mode(stdin, CERT_ASN1_DER); if (!chunk_from_fd(0, &chunk)) { fprintf(stderr, "reading input failed: %s\n", strerror(errno)); diff --git a/src/pki/commands/pkcs7.c b/src/pki/commands/pkcs7.c index 6c75693ab..28bcd1397 100644 --- a/src/pki/commands/pkcs7.c +++ b/src/pki/commands/pkcs7.c @@ -58,6 +58,7 @@ static bool write_to_stream(FILE *stream, chunk_t data) { size_t len, total = 0; + set_file_mode(stream, CERT_ASN1_DER); while (total < data.len) { len = fwrite(data.ptr + total, 1, data.len - total, stream); diff --git a/src/pki/commands/print.c b/src/pki/commands/print.c index 15ace035d..fb07169bf 100644 --- a/src/pki/commands/print.c +++ b/src/pki/commands/print.c @@ -604,6 +604,7 @@ static int print() { chunk_t chunk; + set_file_mode(stdin, CERT_ASN1_DER); if (!chunk_from_fd(0, &chunk)) { fprintf(stderr, "reading input failed: %s\n", strerror(errno)); diff --git a/src/pki/commands/pub.c b/src/pki/commands/pub.c index 260044c4e..b8d2f701d 100644 --- a/src/pki/commands/pub.c +++ b/src/pki/commands/pub.c @@ -110,6 +110,7 @@ static int pub() { chunk_t chunk; + set_file_mode(stdin, CERT_ASN1_DER); if (!chunk_from_fd(0, &chunk)) { fprintf(stderr, "reading input failed: %s\n", strerror(errno)); @@ -163,6 +164,7 @@ static int pub() return 1; } public->destroy(public); + set_file_mode(stdout, form); if (fwrite(encoding.ptr, encoding.len, 1, stdout) != 1) { fprintf(stderr, "writing public key failed\n"); diff --git a/src/pki/commands/req.c b/src/pki/commands/req.c index 1dce8cba2..023683569 100644 --- a/src/pki/commands/req.c +++ b/src/pki/commands/req.c @@ -118,6 +118,7 @@ static int req() { chunk_t chunk; + set_file_mode(stdin, CERT_ASN1_DER); if (!chunk_from_fd(0, &chunk)) { fprintf(stderr, "reading private key failed: %s\n", strerror(errno)); @@ -150,6 +151,7 @@ static int req() error = "encoding certificate request failed"; goto end; } + set_file_mode(stdout, form); if (fwrite(encoding.ptr, encoding.len, 1, stdout) != 1) { error = "writing certificate request failed"; diff --git a/src/pki/commands/self.c b/src/pki/commands/self.c index 80f5053a1..daefcdc10 100644 --- a/src/pki/commands/self.c +++ b/src/pki/commands/self.c @@ -292,6 +292,7 @@ static int self() { chunk_t chunk; + set_file_mode(stdin, CERT_ASN1_DER); if (!chunk_from_fd(0, &chunk)) { fprintf(stderr, "%s: ", strerror(errno)); @@ -360,6 +361,7 @@ static int self() error = "encoding certificate failed"; goto end; } + set_file_mode(stdout, form); if (fwrite(encoding.ptr, encoding.len, 1, stdout) != 1) { error = "writing certificate key failed"; diff --git a/src/pki/commands/signcrl.c b/src/pki/commands/signcrl.c index 3be020a4c..e5f49efe2 100644 --- a/src/pki/commands/signcrl.c +++ b/src/pki/commands/signcrl.c @@ -405,6 +405,7 @@ static int sign_crl() error = "encoding CRL failed"; goto error; } + set_file_mode(stdout, form); if (fwrite(encoding.ptr, encoding.len, 1, stdout) != 1) { error = "writing CRL failed"; diff --git a/src/pki/commands/verify.c b/src/pki/commands/verify.c index f30dda94d..6cfaaf263 100644 --- a/src/pki/commands/verify.c +++ b/src/pki/commands/verify.c @@ -59,6 +59,7 @@ static int verify() { chunk_t chunk; + set_file_mode(stdin, CERT_ASN1_DER); if (!chunk_from_fd(0, &chunk)) { fprintf(stderr, "reading certificate failed: %s\n", strerror(errno)); diff --git a/src/pki/pki.c b/src/pki/pki.c index 8d880f066..434287de6 100644 --- a/src/pki/pki.c +++ b/src/pki/pki.c @@ -19,6 +19,7 @@ #include <time.h> #include <unistd.h> +#include <fcntl.h> #include <utils/debug.h> #include <credentials/sets/callback_cred.h> @@ -104,13 +105,12 @@ bool get_form(char *form, cred_encoding_type_t *enc, credential_type_t type) } /** - * See header + * Convert a time string to struct tm using strptime format */ -bool calculate_lifetime(char *format, char *nbstr, char *nastr, time_t span, - time_t *nb, time_t *na) +static bool convert_time(char *str, char *format, struct tm *tm) { - struct tm tm; - time_t now; +#ifdef HAVE_STRPTIME + char *end; if (!format) @@ -118,29 +118,84 @@ bool calculate_lifetime(char *format, char *nbstr, char *nastr, time_t span, format = "%d.%m.%y %T"; } + end = strptime(str, format, tm); + if (end == NULL || *end != '\0') + { + return FALSE; + } + return TRUE; + +#else /* !HAVE_STRPTIME */ + + if (format) + { + fprintf(stderr, "custom datetime string format not supported\n"); + return FALSE; + } + + if (sscanf(str, "%d.%d.%d %d:%d:%d", + &tm->tm_mday, &tm->tm_mon, &tm->tm_year, + &tm->tm_hour, &tm->tm_min, &tm->tm_sec) != 6) + { + return FALSE; + } + /* strptime() interprets two-digit years > 68 as 19xx, do the same here. + * mktime() expects years based on 1900 */ + if (tm->tm_year <= 68) + { + tm->tm_year += 100; + } + else if (tm->tm_year >= 1900) + { /* looks like four digits? */ + tm->tm_year -= 1900; + } + /* month is specified from 0-11 */ + tm->tm_mon--; + /* automatically detect daylight saving time */ + tm->tm_isdst = -1; + return TRUE; + +#endif /* !HAVE_STRPTIME */ +} + +/** + * See header + */ +bool calculate_lifetime(char *format, char *nbstr, char *nastr, time_t span, + time_t *nb, time_t *na) +{ + struct tm tm; + time_t now; + now = time(NULL); localtime_r(&now, &tm); if (nbstr) { - end = strptime(nbstr, format, &tm); - if (end == NULL || *end != '\0') + if (!convert_time(nbstr, format, &tm)) { return FALSE; } } *nb = mktime(&tm); + if (*nb == -1) + { + return FALSE; + } localtime_r(&now, &tm); if (nastr) { - end = strptime(nastr, format, &tm); - if (end == NULL || *end != '\0') + if (!convert_time(nastr, format, &tm)) { return FALSE; } } *na = mktime(&tm); + if (*na == -1) + { + return FALSE; + } if (!nbstr && nastr) { @@ -154,6 +209,33 @@ bool calculate_lifetime(char *format, char *nbstr, char *nastr, time_t span, } /** + * Set output file mode appropriate for credential encoding form on Windows + */ +void set_file_mode(FILE *stream, cred_encoding_type_t enc) +{ +#ifdef WIN32 + int fd; + + switch (enc) + { + case CERT_PEM: + case PRIVKEY_PEM: + case PUBKEY_PEM: + /* keep default text mode */ + return; + default: + /* switch to binary mode */ + break; + } + fd = fileno(stream); + if (fd != -1) + { + _setmode(fd, _O_BINARY); + } +#endif +} + +/** * Callback credential set pki uses */ static callback_cred_t *cb_set; @@ -182,7 +264,7 @@ static shared_key_t* cb(void *data, shared_key_type_t type, #ifdef HAVE_GETPASS secret = getpass(buf); #endif - if (secret) + if (secret && strlen(secret)) { if (match_me) { diff --git a/src/pki/pki.h b/src/pki/pki.h index 616fac44a..1f0827733 100644 --- a/src/pki/pki.h +++ b/src/pki/pki.h @@ -50,4 +50,9 @@ bool get_form(char *form, cred_encoding_type_t *enc, credential_type_t type); bool calculate_lifetime(char *format, char *nbstr, char *nastr, time_t span, time_t *nb, time_t *na); +/** + * Set output file mode appropriate for credential encoding form on Windows + */ +void set_file_mode(FILE *stream, cred_encoding_type_t enc); + #endif /** PKI_H_ @}*/ diff --git a/src/pt-tls-client/pt-tls-client.c b/src/pt-tls-client/pt-tls-client.c index 631ae3cce..8b41ae25e 100644 --- a/src/pt-tls-client/pt-tls-client.c +++ b/src/pt-tls-client/pt-tls-client.c @@ -17,12 +17,13 @@ #include <unistd.h> #include <stdio.h> #include <sys/types.h> -#include <sys/socket.h> #include <getopt.h> #include <errno.h> #include <string.h> #include <stdlib.h> +#ifdef HAVE_SYSLOG #include <syslog.h> +#endif #include <pt_tls.h> #include <pt_tls_client.h> @@ -127,13 +128,13 @@ static bool load_key(char *filename) * Logging and debug level */ static bool log_to_stderr = TRUE; +#ifdef HAVE_SYSLOG static bool log_to_syslog = TRUE; +#endif /* HAVE_SYSLOG */ static level_t default_loglevel = 1; static void dbg_pt_tls(debug_t group, level_t level, char *fmt, ...) { - char buffer[8192]; - char *current = buffer, *next; va_list args; if (level <= default_loglevel) @@ -145,8 +146,12 @@ static void dbg_pt_tls(debug_t group, level_t level, char *fmt, ...) va_end(args); fprintf(stderr, "\n"); } +#ifdef HAVE_SYSLOG if (log_to_syslog) { + char buffer[8192]; + char *current = buffer, *next; + /* write in memory buffer first */ va_start(args, fmt); vsnprintf(buffer, sizeof(buffer), fmt, args); @@ -164,6 +169,7 @@ static void dbg_pt_tls(debug_t group, level_t level, char *fmt, ...) current = next; } } +#endif /* HAVE_SYSLOG */ } } @@ -178,10 +184,12 @@ static void init_log(const char *program) { setbuf(stderr, NULL); } +#ifdef HAVE_SYSLOG if (log_to_syslog) { openlog(program, LOG_CONS | LOG_NDELAY | LOG_PID, LOG_AUTHPRIV); } +#endif /* HAVE_SYSLOG */ } /** diff --git a/src/swanctl/commands/load_conns.c b/src/swanctl/commands/load_conns.c index d418cd3a4..c551601df 100644 --- a/src/swanctl/commands/load_conns.c +++ b/src/swanctl/commands/load_conns.c @@ -102,16 +102,18 @@ static void add_file_list_key(vici_req_t *req, char *key, char *value) enumerator = enumerator_create_token(value, ",", " "); while (enumerator->enumerate(enumerator, &token)) { - if (*token != '/') + if (!path_absolute(token)) { if (streq(key, "certs")) { - snprintf(buf, sizeof(buf), "%s/%s", SWANCTL_X509DIR, token); + snprintf(buf, sizeof(buf), "%s%s%s", + SWANCTL_X509DIR, DIRECTORY_SEPARATOR, token); token = buf; } if (streq(key, "cacerts")) { - snprintf(buf, sizeof(buf), "%s/%s", SWANCTL_X509CADIR, token); + snprintf(buf, sizeof(buf), "%s%s%s", + SWANCTL_X509CADIR, DIRECTORY_SEPARATOR, token); token = buf; } } diff --git a/src/swanctl/commands/log.c b/src/swanctl/commands/log.c index 4810025d4..10a748f1f 100644 --- a/src/swanctl/commands/log.c +++ b/src/swanctl/commands/log.c @@ -73,10 +73,11 @@ static int logcmd(vici_conn_t *conn) fprintf(stderr, "registering for log failed: %s\n", strerror(errno)); return errno; } - while (TRUE) - { - sleep(1); - } + + wait_sigint(); + + fprintf(stderr, "disconnecting...\n"); + return 0; } |