From 7daf5226b74e14a6e0f1a888b0be26f3d246f9f8 Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Fri, 4 Sep 2009 13:46:09 +0200 Subject: removed trailing spaces ([[:space:]]+$) --- src/charon/plugins/attr/attr_plugin.c | 10 +- src/charon/plugins/attr/attr_plugin.h | 2 +- src/charon/plugins/attr/attr_provider.c | 20 +- src/charon/plugins/attr/attr_provider.h | 4 +- src/charon/plugins/eap_aka/eap_aka.c | 226 ++++----- src/charon/plugins/eap_aka/eap_aka_plugin.c | 6 +- src/charon/plugins/eap_gtc/eap_gtc.c | 46 +- src/charon/plugins/eap_gtc/eap_gtc_plugin.c | 8 +- src/charon/plugins/eap_identity/eap_identity.c | 32 +- .../plugins/eap_identity/eap_identity_plugin.c | 6 +- src/charon/plugins/eap_md5/eap_md5.c | 40 +- src/charon/plugins/eap_md5/eap_md5_plugin.c | 6 +- src/charon/plugins/eap_mschapv2/eap_mschapv2.c | 208 ++++---- .../plugins/eap_mschapv2/eap_mschapv2_plugin.c | 6 +- src/charon/plugins/eap_radius/eap_radius.c | 44 +- src/charon/plugins/eap_radius/eap_radius_plugin.c | 8 +- src/charon/plugins/eap_radius/radius_client.c | 54 +- src/charon/plugins/eap_radius/radius_client.h | 8 +- src/charon/plugins/eap_radius/radius_message.c | 32 +- src/charon/plugins/eap_radius/radius_message.h | 20 +- src/charon/plugins/eap_sim/eap_sim.c | 104 ++-- src/charon/plugins/eap_sim/eap_sim_plugin.c | 6 +- .../plugins/eap_sim_file/eap_sim_file_card.c | 16 +- .../plugins/eap_sim_file/eap_sim_file_card.h | 2 +- .../plugins/eap_sim_file/eap_sim_file_plugin.c | 16 +- .../plugins/eap_sim_file/eap_sim_file_provider.c | 12 +- .../plugins/eap_sim_file/eap_sim_file_provider.h | 2 +- .../plugins/eap_sim_file/eap_sim_file_triplets.c | 38 +- .../plugins/kernel_klips/kernel_klips_ipsec.c | 544 ++++++++++----------- .../plugins/kernel_klips/kernel_klips_plugin.c | 6 +- src/charon/plugins/kernel_klips/pfkeyv2.h | 4 +- .../plugins/kernel_netlink/kernel_netlink_ipsec.c | 360 +++++++------- .../plugins/kernel_netlink/kernel_netlink_net.c | 186 +++---- .../plugins/kernel_netlink/kernel_netlink_plugin.c | 6 +- .../plugins/kernel_netlink/kernel_netlink_shared.c | 56 +-- .../plugins/kernel_netlink/kernel_netlink_shared.h | 12 +- .../plugins/kernel_pfkey/kernel_pfkey_ipsec.c | 346 ++++++------- .../plugins/kernel_pfkey/kernel_pfkey_plugin.c | 6 +- .../plugins/kernel_pfroute/kernel_pfroute_net.c | 96 ++-- .../plugins/kernel_pfroute/kernel_pfroute_plugin.c | 6 +- .../plugins/load_tester/load_tester_config.c | 44 +- .../plugins/load_tester/load_tester_config.h | 4 +- src/charon/plugins/load_tester/load_tester_creds.c | 24 +- src/charon/plugins/load_tester/load_tester_creds.h | 4 +- .../load_tester/load_tester_diffie_hellman.c | 8 +- .../load_tester/load_tester_diffie_hellman.h | 4 +- src/charon/plugins/load_tester/load_tester_ipsec.c | 20 +- .../plugins/load_tester/load_tester_listener.c | 16 +- .../plugins/load_tester/load_tester_listener.h | 4 +- .../plugins/load_tester/load_tester_plugin.c | 44 +- .../plugins/load_tester/load_tester_plugin.h | 2 +- src/charon/plugins/medcli/medcli_config.c | 56 +-- src/charon/plugins/medcli/medcli_config.h | 4 +- src/charon/plugins/medcli/medcli_creds.c | 16 +- src/charon/plugins/medcli/medcli_creds.h | 4 +- src/charon/plugins/medcli/medcli_listener.c | 10 +- src/charon/plugins/medcli/medcli_listener.h | 4 +- src/charon/plugins/medcli/medcli_plugin.c | 20 +- src/charon/plugins/medsrv/medsrv_config.c | 20 +- src/charon/plugins/medsrv/medsrv_config.h | 4 +- src/charon/plugins/medsrv/medsrv_creds.c | 10 +- src/charon/plugins/medsrv/medsrv_creds.h | 4 +- src/charon/plugins/medsrv/medsrv_plugin.c | 18 +- src/charon/plugins/nm/gnome/auth-dialog/main.c | 14 +- .../plugins/nm/gnome/properties/nm-strongswan.c | 24 +- .../plugins/nm/gnome/properties/nm-strongswan.h | 2 +- src/charon/plugins/nm/nm_creds.c | 36 +- src/charon/plugins/nm/nm_creds.h | 4 +- src/charon/plugins/nm/nm_handler.c | 18 +- src/charon/plugins/nm/nm_handler.h | 6 +- src/charon/plugins/nm/nm_plugin.c | 22 +- src/charon/plugins/nm/nm_service.c | 84 ++-- .../plugins/resolv_conf/resolv_conf_handler.c | 32 +- .../plugins/resolv_conf/resolv_conf_handler.h | 4 +- .../plugins/resolv_conf/resolv_conf_plugin.c | 8 +- .../plugins/resolv_conf/resolv_conf_plugin.h | 2 +- src/charon/plugins/smp/smp.c | 98 ++-- src/charon/plugins/sql/pool.c | 52 +- src/charon/plugins/sql/sql_attribute.c | 24 +- src/charon/plugins/sql/sql_attribute.h | 2 +- src/charon/plugins/sql/sql_config.c | 42 +- src/charon/plugins/sql/sql_config.h | 4 +- src/charon/plugins/sql/sql_cred.c | 20 +- src/charon/plugins/sql/sql_cred.h | 4 +- src/charon/plugins/sql/sql_logger.c | 20 +- src/charon/plugins/sql/sql_logger.h | 4 +- src/charon/plugins/sql/sql_plugin.c | 22 +- src/charon/plugins/stroke/stroke_attribute.c | 58 +-- src/charon/plugins/stroke/stroke_attribute.h | 12 +- src/charon/plugins/stroke/stroke_ca.c | 60 +-- src/charon/plugins/stroke/stroke_ca.h | 12 +- src/charon/plugins/stroke/stroke_config.c | 88 ++-- src/charon/plugins/stroke/stroke_config.h | 6 +- src/charon/plugins/stroke/stroke_control.c | 52 +- src/charon/plugins/stroke/stroke_control.h | 12 +- src/charon/plugins/stroke/stroke_cred.c | 102 ++-- src/charon/plugins/stroke/stroke_cred.h | 10 +- src/charon/plugins/stroke/stroke_list.c | 178 +++---- src/charon/plugins/stroke/stroke_list.h | 6 +- src/charon/plugins/stroke/stroke_plugin.c | 6 +- src/charon/plugins/stroke/stroke_plugin.h | 2 +- src/charon/plugins/stroke/stroke_shared_key.c | 12 +- src/charon/plugins/stroke/stroke_shared_key.h | 6 +- src/charon/plugins/stroke/stroke_socket.c | 78 +-- src/charon/plugins/stroke/stroke_socket.h | 2 +- src/charon/plugins/uci/uci_config.c | 36 +- src/charon/plugins/uci/uci_config.h | 4 +- src/charon/plugins/uci/uci_control.c | 26 +- src/charon/plugins/uci/uci_control.h | 2 +- src/charon/plugins/uci/uci_creds.c | 14 +- src/charon/plugins/uci/uci_creds.h | 4 +- src/charon/plugins/uci/uci_parser.c | 22 +- src/charon/plugins/uci/uci_parser.h | 4 +- src/charon/plugins/uci/uci_plugin.c | 12 +- src/charon/plugins/unit_tester/tests.h | 2 +- src/charon/plugins/unit_tester/tests/test_agent.c | 8 +- .../plugins/unit_tester/tests/test_auth_info.c | 10 +- src/charon/plugins/unit_tester/tests/test_cert.c | 12 +- src/charon/plugins/unit_tester/tests/test_chunk.c | 20 +- src/charon/plugins/unit_tester/tests/test_curl.c | 4 +- .../plugins/unit_tester/tests/test_enumerator.c | 34 +- src/charon/plugins/unit_tester/tests/test_id.c | 22 +- src/charon/plugins/unit_tester/tests/test_med_db.c | 2 +- src/charon/plugins/unit_tester/tests/test_mutex.c | 14 +- src/charon/plugins/unit_tester/tests/test_mysql.c | 2 +- src/charon/plugins/unit_tester/tests/test_pool.c | 14 +- .../plugins/unit_tester/tests/test_rsa_gen.c | 4 +- src/charon/plugins/unit_tester/tests/test_sqlite.c | 2 +- src/charon/plugins/unit_tester/unit_tester.c | 16 +- src/charon/plugins/unit_tester/unit_tester.h | 2 +- src/charon/plugins/updown/updown_listener.c | 36 +- src/charon/plugins/updown/updown_listener.h | 4 +- src/charon/plugins/updown/updown_plugin.c | 8 +- 133 files changed, 2272 insertions(+), 2272 deletions(-) (limited to 'src/charon/plugins') diff --git a/src/charon/plugins/attr/attr_plugin.c b/src/charon/plugins/attr/attr_plugin.c index 9d5532310..a3e83fe61 100644 --- a/src/charon/plugins/attr/attr_plugin.c +++ b/src/charon/plugins/attr/attr_plugin.c @@ -24,12 +24,12 @@ typedef struct private_attr_plugin_t private_attr_plugin_t; * private data of attr plugin */ struct private_attr_plugin_t { - + /** * implements plugin interface */ attr_plugin_t public; - + /** * CFG attributes provider */ @@ -52,12 +52,12 @@ static void destroy(private_attr_plugin_t *this) plugin_t *plugin_create() { private_attr_plugin_t *this = malloc_thing(private_attr_plugin_t); - + this->public.plugin.destroy = (void(*)(plugin_t*))destroy; - + this->provider = attr_provider_create(); charon->attributes->add_provider(charon->attributes, &this->provider->provider); - + return &this->public.plugin; } diff --git a/src/charon/plugins/attr/attr_plugin.h b/src/charon/plugins/attr/attr_plugin.h index 9cbbd8bf5..9f31b60e1 100644 --- a/src/charon/plugins/attr/attr_plugin.h +++ b/src/charon/plugins/attr/attr_plugin.h @@ -32,7 +32,7 @@ typedef struct attr_plugin_t attr_plugin_t; * Plugin providing configuration attribute through strongswan.conf. */ struct attr_plugin_t { - + /** * implements plugin interface */ diff --git a/src/charon/plugins/attr/attr_provider.c b/src/charon/plugins/attr/attr_provider.c index 02fa11327..88c5ed4c0 100644 --- a/src/charon/plugins/attr/attr_provider.c +++ b/src/charon/plugins/attr/attr_provider.c @@ -28,12 +28,12 @@ typedef struct attribute_entry_t attribute_entry_t; * private data of attr_provider */ struct private_attr_provider_t { - + /** * public functions */ attr_provider_t public; - + /** * List of attributes, attribute_entry_t */ @@ -75,7 +75,7 @@ static enumerator_t* create_attribute_enumerator( static void destroy(private_attr_provider_t *this) { attribute_entry_t *entry; - + while (this->attributes->remove_last(this->attributes, (void**)&entry) == SUCCESS) { @@ -95,7 +95,7 @@ static void add_entry(private_attr_provider_t *this, char *key, int nr, attribute_entry_t *entry; host_t *host; char *str; - + str = lib->settings->get_str(lib->settings, "charon.%s%d", NULL, key, nr); if (str) { @@ -103,7 +103,7 @@ static void add_entry(private_attr_provider_t *this, char *key, int nr, if (host) { entry = malloc_thing(attribute_entry_t); - + if (host->get_family(host) == AF_INET6) { switch (type) @@ -133,22 +133,22 @@ attr_provider_t *attr_provider_create(database_t *db) { private_attr_provider_t *this; int i; - + this = malloc_thing(private_attr_provider_t); - + this->public.provider.acquire_address = (host_t*(*)(attribute_provider_t *this, char*, identification_t *, host_t *))return_null; this->public.provider.release_address = (bool(*)(attribute_provider_t *this, char*,host_t *, identification_t*))return_false; this->public.provider.create_attribute_enumerator = (enumerator_t*(*)(attribute_provider_t*, identification_t *id))create_attribute_enumerator; this->public.destroy = (void(*)(attr_provider_t*))destroy; - + this->attributes = linked_list_create(); - + for (i = 1; i <= SERVER_MAX; i++) { add_entry(this, "dns", i, INTERNAL_IP4_DNS); add_entry(this, "nbns", i, INTERNAL_IP4_NBNS); } - + return &this->public; } diff --git a/src/charon/plugins/attr/attr_provider.h b/src/charon/plugins/attr/attr_provider.h index 03cbadb4e..e867f2b20 100644 --- a/src/charon/plugins/attr/attr_provider.h +++ b/src/charon/plugins/attr/attr_provider.h @@ -29,12 +29,12 @@ typedef struct attr_provider_t attr_provider_t; * Provide configuration attributes through static strongswan.conf definition. */ struct attr_provider_t { - + /** * Implements attribute provider interface */ attribute_provider_t provider; - + /** * Destroy a attr_provider instance. */ diff --git a/src/charon/plugins/eap_aka/eap_aka.c b/src/charon/plugins/eap_aka/eap_aka.c index ebef74404..0b85428f9 100644 --- a/src/charon/plugins/eap_aka/eap_aka.c +++ b/src/charon/plugins/eap_aka/eap_aka.c @@ -178,72 +178,72 @@ typedef struct private_eap_aka_t private_eap_aka_t; * Private data of an eap_aka_t object. */ struct private_eap_aka_t { - + /** * Public authenticator_t interface. */ eap_aka_t public; - + /** * ID of the server */ identification_t *server; - + /** * ID of the peer */ identification_t *peer; - + /** * SHA11 hasher */ hasher_t *sha1; - + /** * MAC function used in EAP-AKA */ signer_t *signer; - + /** * pseudo random function used in EAP-aka */ prf_t *prf; - + /** * Special keyed SHA1 hasher used in EAP-AKA, implemented as PRF */ prf_t *keyed_prf; - + /** * Key for EAP MAC */ chunk_t k_auth; - + /** * Key for EAP encryption */ chunk_t k_encr; - + /** * MSK */ chunk_t msk; - + /** * Extendend MSK */ chunk_t emsk; - + /** * Expected result from client XRES */ chunk_t xres; - + /** * Shared secret K from ipsec.conf (padded) */ chunk_t k; - + /** * random value RAND generated by server */ @@ -270,7 +270,7 @@ static chunk_t peer_sqn = chunk_from_buf(peer_sqn_buf); static void update_sqn(u_int8_t *sqn, time_t offset) { timeval_t time; - + time_monotonic(&time); /* set sqb_sqn to an integer containing seconds followed by most * significant useconds */ @@ -322,7 +322,7 @@ static void mpz_mul_poly(mpz_t r, mpz_t a, mpz_t b) { mpz_t bm, rm; int current = 0, shifted = 0, shift; - + mpz_init_set(bm, b); mpz_init_set_ui(rm, 0); /* scan through a, for each found bit: */ @@ -335,7 +335,7 @@ static void mpz_mul_poly(mpz_t r, mpz_t a, mpz_t b) mpz_xor(rm, rm, bm); current++; } - + mpz_swap(r, rm); mpz_clear(rm); mpz_clear(bm); @@ -361,13 +361,13 @@ static void mpz_mod_poly(mpz_t r, mpz_t a, mpz_t b) */ int a_bit, b_bit, diff; mpz_t bm, am; - + mpz_init_set(am, a); mpz_init(bm); - + a_bit = mpz_sizeinbase(a, 2); b_bit = mpz_sizeinbase(b, 2); - + /* don't do anything if b > a */ if (a_bit >= b_bit) { @@ -397,7 +397,7 @@ static void mpz_mod_poly(mpz_t r, mpz_t a, mpz_t b) * a = 00000010 * which is the polynomial modulo */ - + mpz_swap(r, am); mpz_clear(am); mpz_clear(bm); @@ -410,12 +410,12 @@ static void mpz_mod_poly(mpz_t r, mpz_t a, mpz_t b) static void step4(private_eap_aka_t *this, u_int8_t x[]) { mpz_t xm, am, bm, gm; - + mpz_init(xm); mpz_init(am); mpz_init(bm); mpz_init(gm); - + mpz_import(xm, HASH_SIZE_SHA1, 1, 1, 1, 0, x); mpz_import(am, sizeof(a), 1, 1, 1, 0, a); mpz_import(bm, sizeof(b), 1, 1, 1, 0, b); @@ -424,9 +424,9 @@ static void step4(private_eap_aka_t *this, u_int8_t x[]) mpz_mul_poly(xm, am, xm); mpz_add_poly(xm, bm, xm); mpz_mod_poly(xm, xm, gm); - + mpz_export(x, NULL, 1, HASH_SIZE_SHA1, 1, 0, xm); - + mpz_clear(xm); mpz_clear(am); mpz_clear(bm); @@ -441,7 +441,7 @@ static void step3(private_eap_aka_t *this, chunk_t k, chunk_t payload, u_int8_t h[]) { u_int8_t buf[64]; - + if (payload.len < sizeof(buf)) { /* pad c with zeros */ @@ -455,7 +455,7 @@ static void step3(private_eap_aka_t *this, /* not more than 512 bits can be G()-ed */ payload.len = sizeof(buf); } - + /* use the keyed hasher to build the hash */ this->keyed_prf->set_key(this->keyed_prf, k); this->keyed_prf->get_bytes(this->keyed_prf, payload, h); @@ -470,19 +470,19 @@ static void fx(private_eap_aka_t *this, chunk_t payload = chunk_alloca(PAYLOAD_LENGTH); u_int8_t h[HASH_SIZE_SHA1]; u_int8_t i; - + for (i = 0; i < 2; i++) { memset(payload.ptr, 0x5c, payload.len); payload.ptr[11] ^= f; memxor(payload.ptr + 12, fmk.ptr, fmk.len); memxor(payload.ptr + 24, rand.ptr, rand.len); - + payload.ptr[3] ^= i; payload.ptr[19] ^= i; payload.ptr[35] ^= i; payload.ptr[51] ^= i; - + step3(this, k, payload, h); step4(this, h); memcpy(out + i * 8, h, 8); @@ -502,14 +502,14 @@ static void f1x(private_eap_aka_t *this, */ chunk_t payload = chunk_alloca(PAYLOAD_LENGTH); u_int8_t h[HASH_SIZE_SHA1]; - + memset(payload.ptr, 0x5c, PAYLOAD_LENGTH); payload.ptr[11] ^= f; memxor(payload.ptr + 12, fmk.ptr, fmk.len); memxor(payload.ptr + 16, rand.ptr, rand.len); memxor(payload.ptr + 34, sqn.ptr, sqn.len); memxor(payload.ptr + 42, amf.ptr, amf.len); - + step3(this, k, payload, h); step4(this, h); memcpy(mac, h, MAC_LENGTH); @@ -518,17 +518,17 @@ static void f1x(private_eap_aka_t *this, /** * Calculation function of f5() and f5star() */ -static void f5x(private_eap_aka_t *this, +static void f5x(private_eap_aka_t *this, u_int8_t f, chunk_t k, chunk_t rand, u_int8_t ak[]) { chunk_t payload = chunk_alloca(PAYLOAD_LENGTH); u_int8_t h[HASH_SIZE_SHA1]; - + memset(payload.ptr, 0x5c, payload.len); payload.ptr[11] ^= f; memxor(payload.ptr + 12, fmk.ptr, fmk.len); memxor(payload.ptr + 16, rand.ptr, rand.len); - + step3(this, k, payload, h); step4(this, h); memcpy(ak, h, AK_LENGTH); @@ -605,12 +605,12 @@ static void f5star(private_eap_aka_t *this, chunk_t k, chunk_t rand, u_int8_t ak static bool derive_keys(private_eap_aka_t *this, identification_t *id) { chunk_t ck, ik, mk, identity, tmp; - + ck = chunk_alloca(CK_LENGTH); ik = chunk_alloca(IK_LENGTH); mk = chunk_alloca(MK_LENGTH); identity = id->get_encoding(id); - + /* MK = SHA1( Identity | IK | CK ) */ f3(this, this->k, this->rand, ck.ptr); f4(this, this->k, this->rand, ik.ptr); @@ -618,7 +618,7 @@ static bool derive_keys(private_eap_aka_t *this, identification_t *id) tmp = chunk_cata("ccc", identity, ik, ck); DBG3(DBG_IKE, "Identity|IK|CK %B", &tmp); this->sha1->get_hash(this->sha1, tmp, mk.ptr); - + /* K_encr | K_auth | MSK | EMSK = prf(0) | prf(0) * FIPS PRF has 320 bit block size, we need 160 byte for keys * => run prf four times */ @@ -694,9 +694,9 @@ static aka_attribute_t read_attribute(chunk_t *data, chunk_t *attr_data) { aka_attribute_t attribute; size_t length; - + DBG3(DBG_IKE, "reading attribute from %B", data); - + if (data->len < 2) { return AT_END; @@ -733,7 +733,7 @@ static eap_payload_t *build_aka_payload(private_eap_aka_t *this, eap_code_t code va_list args; aka_attribute_t attr; u_int8_t *mac_pos = NULL; - + /* write EAP header, skip length bytes */ *pos.ptr++ = code; *pos.ptr++ = identifier; @@ -745,18 +745,18 @@ static eap_payload_t *build_aka_payload(private_eap_aka_t *this, eap_code_t code *pos.ptr++ = 0; *pos.ptr++ = 0; pos.len -= 4; - + va_start(args, type); while ((attr = va_arg(args, aka_attribute_t)) != AT_END) { chunk_t data = va_arg(args, chunk_t); - + DBG3(DBG_IKE, "building %N %B", aka_attribute_names, attr, &data); - + /* write attribute header */ *pos.ptr++ = attr; pos.len--; - + switch (attr) { case AT_RES: @@ -804,11 +804,11 @@ static eap_payload_t *build_aka_payload(private_eap_aka_t *this, eap_code_t code } } va_end(args); - + /* calculate message length, write into header */ message.len = pos.ptr - message.ptr; *(u_int16_t*)(message.ptr + 2) = htons(message.len); - + /* create MAC if AT_MAC attribte was included */ if (mac_pos) { @@ -818,10 +818,10 @@ static eap_payload_t *build_aka_payload(private_eap_aka_t *this, eap_code_t code this->signer->get_signature(this->signer, message, mac_pos); DBG3(DBG_IKE, "is %b", mac_pos, AT_MAC_LENGTH); } - + /* payload constructor takes data with some bytes skipped */ payload = eap_payload_create_data(message); - + DBG3(DBG_IKE, "created EAP message %B", &message); return payload; } @@ -832,7 +832,7 @@ static eap_payload_t *build_aka_payload(private_eap_aka_t *this, eap_code_t code static u_char get_identifier() { u_char id; - + do { id = random(); } while (!id); @@ -847,12 +847,12 @@ static status_t server_initiate_challenge(private_eap_aka_t *this, chunk_t sqn, { rng_t *rng; chunk_t mac, ak, autn; - + mac = chunk_alloca(MAC_LENGTH); ak = chunk_alloca(AK_LENGTH); chunk_free(&this->rand); chunk_free(&this->xres); - + /* generate RAND: * we use a registered RNG, not f0() proposed in S.S0055 */ @@ -864,16 +864,16 @@ static status_t server_initiate_challenge(private_eap_aka_t *this, chunk_t sqn, } rng->allocate_bytes(rng, RAND_LENGTH, &this->rand); rng->destroy(rng); - + # ifdef TEST_VECTORS /* Test vector for RAND */ u_int8_t test_rand[] = { 0x4b,0x05,0x2b,0x20,0xe2,0xa0,0x6c,0x8f, 0xf7,0x00,0xda,0x51,0x2b,0x4e,0x11,0x1e, }; - memcpy(this->rand.ptr, test_rand, this->rand.len); + memcpy(this->rand.ptr, test_rand, this->rand.len); # endif /* TEST_VECTORS */ - + /* Get the shared key K: */ if (load_key(this->server, this->peer, &this->k) != SUCCESS) { @@ -881,7 +881,7 @@ static status_t server_initiate_challenge(private_eap_aka_t *this, chunk_t sqn, "with EAP-AKA", this->server, this->peer); return FAILED; } - + # ifdef TEST_VECTORS /* Test vector for K */ u_int8_t test_k[] = { @@ -890,26 +890,26 @@ static status_t server_initiate_challenge(private_eap_aka_t *this, chunk_t sqn, }; memcpy(this->k.ptr, test_k, this->k.len); # endif /* TEST_VECTORS */ - + /* generate MAC */ f1(this, this->k, this->rand, sqn, amf, mac.ptr); - + /* generate AK */ f5(this, this->k, this->rand, ak.ptr); - + /* precalculate XRES as expected from client */ this->xres = chunk_alloc(RES_LENGTH); f2(this, this->k, this->rand, this->xres.ptr); - + /* calculate AUTN = (SQN xor AK) || AMF || MAC */ autn = chunk_cata("ccc", sqn, amf, mac); memxor(autn.ptr, ak.ptr, ak.len); DBG3(DBG_IKE, "AUTN %B", &autn); - - + + /* derive K_encr, K_auth, MSK, EMSK */ derive_keys(this, this->peer); - + /* build payload */ *out = build_aka_payload(this, EAP_REQUEST, get_identifier(), AKA_CHALLENGE, AT_RAND, this->rand, AT_AUTN, autn, AT_MAC, @@ -923,17 +923,17 @@ static status_t server_initiate_challenge(private_eap_aka_t *this, chunk_t sqn, static status_t server_initiate(private_eap_aka_t *this, eap_payload_t **out) { chunk_t sqn = chunk_alloca(SQN_LENGTH); - + /* we use an offset of 3 minutes to tolerate clock inaccuracy * without the need to synchronize sequence numbers */ update_sqn(sqn.ptr, 180); - + # ifdef TEST_VECTORS /* Test vector for SQN */ u_int8_t test_sqn[] = {0x00,0x00,0x00,0x00,0x00,0x01}; - memcpy(sqn.ptr, test_sqn, sqn.len); + memcpy(sqn.ptr, test_sqn, sqn.len); # endif /* TEST_VECTORS */ - + return server_initiate_challenge(this, sqn, out); } @@ -942,11 +942,11 @@ static status_t server_process_synchronize(private_eap_aka_t *this, { chunk_t attr, auts = chunk_empty, pos, message, macs, xmacs, sqn, aks, amf; u_int i; - + message = in->get_data(in); pos = message; read_header(&pos); - + /* iterate over attributes */ while (TRUE) { @@ -971,19 +971,19 @@ static status_t server_process_synchronize(private_eap_aka_t *this, } break; } - + if (auts.len != AUTS_LENGTH) { DBG1(DBG_IKE, "synchronization request didn't contain useable AUTS"); return FAILED; } - + chunk_split(auts, "mm", SQN_LENGTH, &sqn, MAC_LENGTH, &macs); aks = chunk_alloca(AK_LENGTH); f5star(this, this->k, this->rand, aks.ptr); /* decrypt serial number by XORing AKS */ memxor(sqn.ptr, aks.ptr, aks.len); - + /* verify MACS */ xmacs = chunk_alloca(MAC_LENGTH); amf = chunk_alloca(AMF_LENGTH); @@ -996,7 +996,7 @@ static status_t server_process_synchronize(private_eap_aka_t *this, DBG3(DBG_IKE, "MACS %B XMACS %B", &macs, &xmacs); return FAILED; } - + /* retry the challenge with the received SQN + 1*/ for (i = SQN_LENGTH - 1; i >= 0; i--) { @@ -1014,11 +1014,11 @@ static status_t server_process_synchronize(private_eap_aka_t *this, static status_t server_process_challenge(private_eap_aka_t *this, eap_payload_t *in) { chunk_t attr, res = chunk_empty, at_mac = chunk_empty, pos, message; - + message = in->get_data(in); pos = message; read_header(&pos); - + /* iterate over attributes */ while (TRUE) { @@ -1055,7 +1055,7 @@ static status_t server_process_challenge(private_eap_aka_t *this, eap_payload_t } break; } - + /* verify EAP message MAC AT_MAC */ { this->signer->set_key(this->signer, this->k_auth); @@ -1067,7 +1067,7 @@ static status_t server_process_challenge(private_eap_aka_t *this, eap_payload_t return FAILED; } } - + /* compare received RES against stored precalculated XRES */ if (!chunk_equals(res, this->xres)) { @@ -1086,12 +1086,12 @@ static status_t server_process(private_eap_aka_t *this, { chunk_t message; aka_subtype_t type; - + message = in->get_data(in); type = read_header(&message); - + DBG3(DBG_IKE, "received EAP message %B", &message); - + switch (type) { case AKA_CHALLENGE: @@ -1128,19 +1128,19 @@ static status_t peer_process_challenge(private_eap_aka_t *this, chunk_t autn = chunk_empty, at_mac = chunk_empty; chunk_t ak, sqn, sqn_ak, mac, xmac, res, amf, message, pos; u_int8_t identifier; - + ak = chunk_alloca(AK_LENGTH); xmac = chunk_alloca(MAC_LENGTH); res = chunk_alloca(RES_LENGTH); chunk_free(&this->rand); - + message = in->get_data(in); pos = message; read_header(&pos); identifier = in->get_identifier(in); - + DBG3(DBG_IKE, "reading attributes from %B", &pos); - + /* iterate over attributes */ while (TRUE) { @@ -1178,7 +1178,7 @@ static status_t peer_process_challenge(private_eap_aka_t *this, } break; } - + if (this->rand.len != RAND_LENGTH || autn.len != AUTN_LENGTH) { /* required attributes wrong/not found, abort */ @@ -1188,11 +1188,11 @@ static status_t peer_process_challenge(private_eap_aka_t *this, aka_attribute_names, AT_CLIENT_ERROR_CODE, 0); return NEED_MORE; } - + DBG3(DBG_IKE, "using autn %B", &autn); /* split up AUTN = SQN xor AK | AMF | MAC */ chunk_split(autn, "mmm", SQN_LENGTH, &sqn_ak, AMF_LENGTH, &amf, MAC_LENGTH, &mac); - + /* Get the shared key K: */ chunk_free(&this->k); if (load_key(this->peer, this->server, &this->k) != SUCCESS) @@ -1213,19 +1213,19 @@ static status_t peer_process_challenge(private_eap_aka_t *this, }; memcpy(this->k.ptr, test_k, this->k.len); # endif /* TEST_VECTORS */ - + /* calculate anonymity key AK */ f5(this, this->k, this->rand, ak.ptr); DBG3(DBG_IKE, "using rand %B", &this->rand); DBG3(DBG_IKE, "using ak %B", &ak); /* XOR AK into SQN to decrypt it */ - + sqn = chunk_clonea(sqn_ak); - + DBG3(DBG_IKE, "using ak xor sqn %B", &sqn_ak); memxor(sqn.ptr, ak.ptr, sqn.len); DBG3(DBG_IKE, "using sqn %B", &sqn); - + /* calculate expected MAC and compare against received one */ f1(this, this->k, this->rand, sqn, amf, xmac.ptr); if (!chunk_equals(mac, xmac)) @@ -1243,13 +1243,13 @@ static status_t peer_process_challenge(private_eap_aka_t *this, { /* sequence number invalid. send AUTS */ chunk_t auts, macs, aks, amf; - + macs = chunk_alloca(MAC_LENGTH); aks = chunk_alloca(AK_LENGTH); amf = chunk_alloca(AMF_LENGTH); - + /* AMF is set to zero in AKA_SYNCHRONIZATION_FAILURE */ - memset(amf.ptr, 0, amf.len); + memset(amf.ptr, 0, amf.len); /* AKS = f5*(RAND) */ f5star(this, this->k, this->rand, aks.ptr); /* MACS = f1*(RAND) */ @@ -1257,7 +1257,7 @@ static status_t peer_process_challenge(private_eap_aka_t *this, /* AUTS = SQN xor AKS | MACS */ memxor(aks.ptr, peer_sqn.ptr, aks.len); auts = chunk_cata("cc", aks, macs); - + *out = build_aka_payload(this, EAP_RESPONSE, identifier, AKA_SYNCHRONIZATION_FAILURE, AT_AUTS, auts, AT_END); @@ -1270,7 +1270,7 @@ static status_t peer_process_challenge(private_eap_aka_t *this, /* derive K_encr, K_auth, MSK, EMSK */ derive_keys(this, this->peer); - + /* verify EAP message MAC AT_MAC */ DBG3(DBG_IKE, "verifying AT_MAC signature of %B", &message); DBG3(DBG_IKE, "using key %B", &this->k_auth); @@ -1284,13 +1284,13 @@ static status_t peer_process_challenge(private_eap_aka_t *this, AT_CLIENT_ERROR_CODE, 0); return NEED_MORE; } - + /* update stored SQN to the received one */ memcpy(peer_sqn.ptr, sqn.ptr, sqn.len); - + /* calculate RES */ f2(this, this->k, this->rand, res.ptr); - + /* build response */ *out = build_aka_payload(this, EAP_RESPONSE, identifier, AKA_CHALLENGE, AT_RES, res, AT_MAC, chunk_empty, AT_END); @@ -1305,14 +1305,14 @@ static status_t peer_process_notification(private_eap_aka_t *this, { chunk_t message, pos, attr; u_int8_t identifier; - + message = in->get_data(in); pos = message; read_header(&pos); identifier = in->get_identifier(in); - + DBG3(DBG_IKE, "reading attributes from %B", &pos); - + /* iterate over attributes */ while (TRUE) { @@ -1324,7 +1324,7 @@ static status_t peer_process_notification(private_eap_aka_t *this, case AT_NOTIFICATION: { u_int16_t code; - + if (attr.len != 2) { DBG1(DBG_IKE, "received invalid AKA notification, ignored"); @@ -1333,7 +1333,7 @@ static status_t peer_process_notification(private_eap_aka_t *this, code = ntohs(*(u_int16_t*)attr.ptr); switch (code) { - case 0: + case 0: DBG1(DBG_IKE, "received AKA notification 'general " "failure after authentication' (%d)", code); return FAILED; @@ -1387,13 +1387,13 @@ static status_t peer_process(private_eap_aka_t *this, aka_subtype_t type; chunk_t message; u_int8_t identifier; - + message = in->get_data(in); type = read_header(&message); identifier = in->get_identifier(in); - + DBG3(DBG_IKE, "received EAP message %B", &message); - + switch (type) { case AKA_CHALLENGE: @@ -1483,14 +1483,14 @@ static private_eap_aka_t *eap_aka_create_generic(identification_t *server, identification_t *peer) { private_eap_aka_t *this = malloc_thing(private_eap_aka_t); - + this->public.eap_method_interface.initiate = NULL; this->public.eap_method_interface.process = NULL; this->public.eap_method_interface.get_type = (eap_type_t(*)(eap_method_t*,u_int32_t*))get_type; this->public.eap_method_interface.is_mutual = (bool(*)(eap_method_t*))is_mutual; this->public.eap_method_interface.get_msk = (status_t(*)(eap_method_t*,chunk_t*))get_msk; this->public.eap_method_interface.destroy = (void(*)(eap_method_t*))destroy; - + /* private data */ this->server = server->clone(server); this->peer = peer->clone(peer); @@ -1501,7 +1501,7 @@ static private_eap_aka_t *eap_aka_create_generic(identification_t *server, this->xres = chunk_empty; this->k = chunk_empty; this->rand = chunk_empty; - + this->sha1 = lib->crypto->create_hasher(lib->crypto, HASH_SHA1); this->signer = lib->crypto->create_signer(lib->crypto, AUTH_HMAC_SHA1_128); this->prf = lib->crypto->create_prf(lib->crypto, PRF_FIPS_SHA1_160); @@ -1526,7 +1526,7 @@ static private_eap_aka_t *eap_aka_create_generic(identification_t *server, eap_aka_t *eap_aka_create_server(identification_t *server, identification_t *peer) { private_eap_aka_t *this = eap_aka_create_generic(server, peer); - + if (this) { this->public.eap_method_interface.initiate = (status_t(*)(eap_method_t*,eap_payload_t**))server_initiate; @@ -1541,12 +1541,12 @@ eap_aka_t *eap_aka_create_server(identification_t *server, identification_t *pee eap_aka_t *eap_aka_create_peer(identification_t *server, identification_t *peer) { private_eap_aka_t *this = eap_aka_create_generic(server, peer); - + if (this) { this->public.eap_method_interface.initiate = (status_t(*)(eap_method_t*,eap_payload_t**))peer_initiate; this->public.eap_method_interface.process = (status_t(*)(eap_method_t*,eap_payload_t*,eap_payload_t**))peer_process; } - return (eap_aka_t*)this; + return (eap_aka_t*)this; } diff --git a/src/charon/plugins/eap_aka/eap_aka_plugin.c b/src/charon/plugins/eap_aka/eap_aka_plugin.c index e4a5326fe..20c249d6b 100644 --- a/src/charon/plugins/eap_aka/eap_aka_plugin.c +++ b/src/charon/plugins/eap_aka/eap_aka_plugin.c @@ -37,14 +37,14 @@ static void destroy(eap_aka_plugin_t *this) plugin_t *plugin_create() { eap_aka_plugin_t *this = malloc_thing(eap_aka_plugin_t); - + this->plugin.destroy = (void(*)(plugin_t*))destroy; - + charon->eap->add_method(charon->eap, EAP_AKA, 0, EAP_SERVER, (eap_constructor_t)eap_aka_create_server); charon->eap->add_method(charon->eap, EAP_AKA, 0, EAP_PEER, (eap_constructor_t)eap_aka_create_peer); - + return &this->plugin; } diff --git a/src/charon/plugins/eap_gtc/eap_gtc.c b/src/charon/plugins/eap_gtc/eap_gtc.c index cb4ab2e59..f5e08bb6b 100644 --- a/src/charon/plugins/eap_gtc/eap_gtc.c +++ b/src/charon/plugins/eap_gtc/eap_gtc.c @@ -12,7 +12,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. */ - + #include "eap_gtc.h" #include @@ -30,22 +30,22 @@ typedef struct private_eap_gtc_t private_eap_gtc_t; * Private data of an eap_gtc_t object. */ struct private_eap_gtc_t { - + /** * Public authenticator_t interface. */ eap_gtc_t public; - + /** * ID of the server */ identification_t *server; - + /** * ID of the peer */ identification_t *peer; - + /** * EAP message identififier */ @@ -86,7 +86,7 @@ static int auth_conv(int num_msg, const struct pam_message **msg, struct pam_response **resp, char *password) { struct pam_response *response; - + if (num_msg != 1) { return PAM_CONV_ERR; @@ -106,10 +106,10 @@ static bool authenticate(char *service, char *user, char *password) pam_handle_t *pamh = NULL; static struct pam_conv conv; int ret; - + conv.conv = (void*)auth_conv; conv.appdata_ptr = password; - + ret = pam_start(service, user, &conv, &pamh); if (ret != PAM_SUCCESS) { @@ -143,7 +143,7 @@ static status_t initiate_server(private_eap_gtc_t *this, eap_payload_t **out) { eap_gtc_header_t *req; size_t len; - + len = strlen(GTC_REQUEST_MSG); req = alloca(sizeof(eap_gtc_header_t) + len); req->length = htons(sizeof(eap_gtc_header_t) + len); @@ -151,7 +151,7 @@ static status_t initiate_server(private_eap_gtc_t *this, eap_payload_t **out) req->identifier = this->identifier; req->type = EAP_GTC; memcpy(req->data, GTC_REQUEST_MSG, len); - + *out = eap_payload_create_data(chunk_create((void*)req, sizeof(eap_gtc_header_t) + len)); return NEED_MORE; @@ -178,7 +178,7 @@ static status_t process_peer(private_eap_gtc_t *this, } key = shared->get_key(shared); len = key.len; - + /* TODO: According to the draft we should "SASLprep" password, RFC4013. */ res = alloca(sizeof(eap_gtc_header_t) + len); @@ -187,9 +187,9 @@ static status_t process_peer(private_eap_gtc_t *this, res->identifier = in->get_identifier(in); res->type = EAP_GTC; memcpy(res->data, key.ptr, len); - + shared->destroy(shared); - + *out = eap_payload_create_data(chunk_create((void*)res, sizeof(eap_gtc_header_t) + len)); return NEED_MORE; @@ -203,14 +203,14 @@ static status_t process_server(private_eap_gtc_t *this, { chunk_t data, encoding; char *user, *password, *service, *pos; - + data = chunk_skip(in->get_data(in), 5); if (this->identifier != in->get_identifier(in) || !data.len) { DBG1(DBG_IKE, "received invalid EAP-GTC message"); return FAILED; } - + encoding = this->peer->get_encoding(this->peer); /* if a RFC822_ADDR id is provided, we use the username part only */ pos = memchr(encoding.ptr, '@', encoding.len); @@ -221,14 +221,14 @@ static status_t process_server(private_eap_gtc_t *this, user = alloca(encoding.len + 1); memcpy(user, encoding.ptr, encoding.len); user[encoding.len] = '\0'; - + password = alloca(data.len + 1); memcpy(password, data.ptr, data.len); password[data.len] = '\0'; - + service = lib->settings->get_str(lib->settings, "charon.plugins.eap_gtc.pam_service", GTC_PAM_SERVICE); - + if (!authenticate(service, user, password)) { return FAILED; @@ -278,19 +278,19 @@ static private_eap_gtc_t *eap_gtc_create_generic(identification_t *server, identification_t *peer) { private_eap_gtc_t *this = malloc_thing(private_eap_gtc_t); - + this->public.eap_method_interface.initiate = NULL; this->public.eap_method_interface.process = NULL; this->public.eap_method_interface.get_type = (eap_type_t(*)(eap_method_t*,u_int32_t*))get_type; this->public.eap_method_interface.is_mutual = (bool(*)(eap_method_t*))is_mutual; this->public.eap_method_interface.get_msk = (status_t(*)(eap_method_t*,chunk_t*))get_msk; this->public.eap_method_interface.destroy = (void(*)(eap_method_t*))destroy; - + /* private data */ this->peer = peer->clone(peer); this->server = server->clone(server); this->identifier = 0; - + return this; } @@ -300,7 +300,7 @@ static private_eap_gtc_t *eap_gtc_create_generic(identification_t *server, eap_gtc_t *eap_gtc_create_server(identification_t *server, identification_t *peer) { private_eap_gtc_t *this = eap_gtc_create_generic(server, peer); - + this->public.eap_method_interface.initiate = (status_t(*)(eap_method_t*,eap_payload_t**))initiate_server; this->public.eap_method_interface.process = (status_t(*)(eap_method_t*,eap_payload_t*,eap_payload_t**))process_server; @@ -318,7 +318,7 @@ eap_gtc_t *eap_gtc_create_server(identification_t *server, identification_t *pee eap_gtc_t *eap_gtc_create_peer(identification_t *server, identification_t *peer) { private_eap_gtc_t *this = eap_gtc_create_generic(server, peer); - + this->public.eap_method_interface.initiate = (status_t(*)(eap_method_t*,eap_payload_t**))initiate_peer; this->public.eap_method_interface.process = (status_t(*)(eap_method_t*,eap_payload_t*,eap_payload_t**))process_peer; diff --git a/src/charon/plugins/eap_gtc/eap_gtc_plugin.c b/src/charon/plugins/eap_gtc/eap_gtc_plugin.c index fda6c744a..8550c254c 100644 --- a/src/charon/plugins/eap_gtc/eap_gtc_plugin.c +++ b/src/charon/plugins/eap_gtc/eap_gtc_plugin.c @@ -40,17 +40,17 @@ static void destroy(eap_gtc_plugin_t *this) plugin_t *plugin_create() { eap_gtc_plugin_t *this = malloc_thing(eap_gtc_plugin_t); - + this->plugin.destroy = (void(*)(plugin_t*))destroy; - + /* required for PAM authentication */ charon->keep_cap(charon, CAP_AUDIT_WRITE); - + charon->eap->add_method(charon->eap, EAP_GTC, 0, EAP_SERVER, (eap_constructor_t)eap_gtc_create_server); charon->eap->add_method(charon->eap, EAP_GTC, 0, EAP_PEER, (eap_constructor_t)eap_gtc_create_peer); - + return &this->plugin; } diff --git a/src/charon/plugins/eap_identity/eap_identity.c b/src/charon/plugins/eap_identity/eap_identity.c index e43c50c50..ab082a955 100644 --- a/src/charon/plugins/eap_identity/eap_identity.c +++ b/src/charon/plugins/eap_identity/eap_identity.c @@ -24,17 +24,17 @@ typedef struct private_eap_identity_t private_eap_identity_t; * Private data of an eap_identity_t object. */ struct private_eap_identity_t { - + /** * Public authenticator_t interface. */ eap_identity_t public; - + /** * ID of the peer */ identification_t *peer; - + /** * received identity chunk */ @@ -68,17 +68,17 @@ static status_t process_peer(private_eap_identity_t *this, chunk_t id; eap_identity_header_t *hdr; size_t len; - + id = this->peer->get_encoding(this->peer); len = sizeof(eap_identity_header_t) + id.len; - + hdr = alloca(len); hdr->code = EAP_RESPONSE; hdr->identifier = in->get_identifier(in); hdr->length = htons(len); hdr->type = EAP_IDENTITY; memcpy(hdr->data, id.ptr, id.len); - + *out = eap_payload_create_data(chunk_create((u_char*)hdr, len)); return SUCCESS; } @@ -99,7 +99,7 @@ static status_t process_server(private_eap_identity_t *this, eap_payload_t *in, eap_payload_t **out) { chunk_t data; - + data = chunk_skip(in->get_data(in), 5); if (data.len) { @@ -114,12 +114,12 @@ static status_t process_server(private_eap_identity_t *this, static status_t initiate_server(private_eap_identity_t *this, eap_payload_t **out) { eap_identity_header_t hdr; - + hdr.code = EAP_REQUEST; hdr.identifier = 0; hdr.length = htons(sizeof(eap_identity_header_t)); hdr.type = EAP_IDENTITY; - + *out = eap_payload_create_data(chunk_create((u_char*)&hdr, sizeof(eap_identity_header_t))); return NEED_MORE; @@ -172,17 +172,17 @@ static private_eap_identity_t *eap_identity_create(identification_t *server, identification_t *peer) { private_eap_identity_t *this = malloc_thing(private_eap_identity_t); - + this->public.eap_method_interface.initiate = NULL; this->public.eap_method_interface.process = NULL; this->public.eap_method_interface.get_type = (eap_type_t(*)(eap_method_t*,u_int32_t*))get_type; this->public.eap_method_interface.is_mutual = (bool(*)(eap_method_t*))is_mutual; this->public.eap_method_interface.get_msk = (status_t(*)(eap_method_t*,chunk_t*))get_msk; this->public.eap_method_interface.destroy = (void(*)(eap_method_t*))destroy; - + this->peer = peer->clone(peer); this->identity = chunk_empty; - + return this; } @@ -193,11 +193,11 @@ eap_identity_t *eap_identity_create_peer(identification_t *server, identification_t *peer) { private_eap_identity_t *this = eap_identity_create(server, peer); - + /* public functions */ this->public.eap_method_interface.initiate = (status_t(*)(eap_method_t*,eap_payload_t**))initiate_peer; this->public.eap_method_interface.process = (status_t(*)(eap_method_t*,eap_payload_t*,eap_payload_t**))process_peer; - + return &this->public; } @@ -208,11 +208,11 @@ eap_identity_t *eap_identity_create_server(identification_t *server, identification_t *peer) { private_eap_identity_t *this = eap_identity_create(server, peer); - + /* public functions */ this->public.eap_method_interface.initiate = (status_t(*)(eap_method_t*,eap_payload_t**))initiate_server; this->public.eap_method_interface.process = (status_t(*)(eap_method_t*,eap_payload_t*,eap_payload_t**))process_server; - + return &this->public; } diff --git a/src/charon/plugins/eap_identity/eap_identity_plugin.c b/src/charon/plugins/eap_identity/eap_identity_plugin.c index 809254ccb..a623e1951 100644 --- a/src/charon/plugins/eap_identity/eap_identity_plugin.c +++ b/src/charon/plugins/eap_identity/eap_identity_plugin.c @@ -37,14 +37,14 @@ static void destroy(eap_identity_plugin_t *this) plugin_t *plugin_create() { eap_identity_plugin_t *this = malloc_thing(eap_identity_plugin_t); - + this->plugin.destroy = (void(*)(plugin_t*))destroy; - + charon->eap->add_method(charon->eap, EAP_IDENTITY, 0, EAP_SERVER, (eap_constructor_t)eap_identity_create_server); charon->eap->add_method(charon->eap, EAP_IDENTITY, 0, EAP_PEER, (eap_constructor_t)eap_identity_create_peer); - + return &this->plugin; } diff --git a/src/charon/plugins/eap_md5/eap_md5.c b/src/charon/plugins/eap_md5/eap_md5.c index 36d726947..27c20489d 100644 --- a/src/charon/plugins/eap_md5/eap_md5.c +++ b/src/charon/plugins/eap_md5/eap_md5.c @@ -12,7 +12,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. */ - + #include "eap_md5.h" #include @@ -25,27 +25,27 @@ typedef struct private_eap_md5_t private_eap_md5_t; * Private data of an eap_md5_t object. */ struct private_eap_md5_t { - + /** * Public authenticator_t interface. */ eap_md5_t public; - + /** * ID of the server */ identification_t *server; - + /** * ID of the peer */ identification_t *peer; - + /** * challenge sent by the server */ chunk_t challenge; - + /** * EAP message identififier */ @@ -79,7 +79,7 @@ struct eap_md5_header_t { * Hash the challenge string, create response */ static status_t hash_challenge(private_eap_md5_t *this, chunk_t *response) -{ +{ shared_key_t *shared; chunk_t concat; hasher_t *hasher; @@ -92,7 +92,7 @@ static status_t hash_challenge(private_eap_md5_t *this, chunk_t *response) this->server, this->peer); return NOT_FOUND; } - concat = chunk_cata("ccc", chunk_from_thing(this->identifier), + concat = chunk_cata("ccc", chunk_from_thing(this->identifier), shared->get_key(shared), this->challenge); shared->destroy(shared); hasher = lib->crypto->create_hasher(lib->crypto, HASH_MD5); @@ -122,7 +122,7 @@ static status_t initiate_server(private_eap_md5_t *this, eap_payload_t **out) { rng_t *rng; eap_md5_header_t *req; - + rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK); if (!rng) { @@ -130,7 +130,7 @@ static status_t initiate_server(private_eap_md5_t *this, eap_payload_t **out) } rng->allocate_bytes(rng, CHALLENGE_LEN, &this->challenge); rng->destroy(rng); - + req = alloca(PAYLOAD_LEN); req->length = htons(PAYLOAD_LEN); req->code = EAP_REQUEST; @@ -138,7 +138,7 @@ static status_t initiate_server(private_eap_md5_t *this, eap_payload_t **out) req->type = EAP_MD5; req->value_size = this->challenge.len; memcpy(req->value, this->challenge.ptr, this->challenge.len); - + *out = eap_payload_create_data(chunk_create((void*)req, PAYLOAD_LEN)); return NEED_MORE; } @@ -152,7 +152,7 @@ static status_t process_peer(private_eap_md5_t *this, chunk_t response; chunk_t data; eap_md5_header_t *req; - + this->identifier = in->get_identifier(in); data = in->get_data(in); this->challenge = chunk_clone(chunk_skip(data, 6)); @@ -173,7 +173,7 @@ static status_t process_peer(private_eap_md5_t *this, req->value_size = response.len; memcpy(req->value, response.ptr, response.len); chunk_free(&response); - + *out = eap_payload_create_data(chunk_create((void*)req, PAYLOAD_LEN)); return NEED_MORE; } @@ -186,7 +186,7 @@ static status_t process_server(private_eap_md5_t *this, { chunk_t response, expected; chunk_t data; - + if (this->identifier != in->get_identifier(in)) { DBG1(DBG_IKE, "received invalid EAP-MD5 message"); @@ -198,7 +198,7 @@ static status_t process_server(private_eap_md5_t *this, } data = in->get_data(in); response = chunk_skip(data, 6); - + if (response.len < expected.len || !memeq(response.ptr, expected.ptr, expected.len)) { @@ -253,20 +253,20 @@ static private_eap_md5_t *eap_md5_create_generic(identification_t *server, identification_t *peer) { private_eap_md5_t *this = malloc_thing(private_eap_md5_t); - + this->public.eap_method_interface.initiate = NULL; this->public.eap_method_interface.process = NULL; this->public.eap_method_interface.get_type = (eap_type_t(*)(eap_method_t*,u_int32_t*))get_type; this->public.eap_method_interface.is_mutual = (bool(*)(eap_method_t*))is_mutual; this->public.eap_method_interface.get_msk = (status_t(*)(eap_method_t*,chunk_t*))get_msk; this->public.eap_method_interface.destroy = (void(*)(eap_method_t*))destroy; - + /* private data */ this->peer = peer->clone(peer); this->server = server->clone(server); this->challenge = chunk_empty; this->identifier = 0; - + return this; } @@ -276,7 +276,7 @@ static private_eap_md5_t *eap_md5_create_generic(identification_t *server, eap_md5_t *eap_md5_create_server(identification_t *server, identification_t *peer) { private_eap_md5_t *this = eap_md5_create_generic(server, peer); - + this->public.eap_method_interface.initiate = (status_t(*)(eap_method_t*,eap_payload_t**))initiate_server; this->public.eap_method_interface.process = (status_t(*)(eap_method_t*,eap_payload_t*,eap_payload_t**))process_server; @@ -294,7 +294,7 @@ eap_md5_t *eap_md5_create_server(identification_t *server, identification_t *pee eap_md5_t *eap_md5_create_peer(identification_t *server, identification_t *peer) { private_eap_md5_t *this = eap_md5_create_generic(server, peer); - + this->public.eap_method_interface.initiate = (status_t(*)(eap_method_t*,eap_payload_t**))initiate_peer; this->public.eap_method_interface.process = (status_t(*)(eap_method_t*,eap_payload_t*,eap_payload_t**))process_peer; diff --git a/src/charon/plugins/eap_md5/eap_md5_plugin.c b/src/charon/plugins/eap_md5/eap_md5_plugin.c index e30152fc5..629255ebf 100644 --- a/src/charon/plugins/eap_md5/eap_md5_plugin.c +++ b/src/charon/plugins/eap_md5/eap_md5_plugin.c @@ -37,14 +37,14 @@ static void destroy(eap_md5_plugin_t *this) plugin_t *plugin_create() { eap_md5_plugin_t *this = malloc_thing(eap_md5_plugin_t); - + this->plugin.destroy = (void(*)(plugin_t*))destroy; - + charon->eap->add_method(charon->eap, EAP_MD5, 0, EAP_SERVER, (eap_constructor_t)eap_md5_create_server); charon->eap->add_method(charon->eap, EAP_MD5, 0, EAP_PEER, (eap_constructor_t)eap_md5_create_peer); - + return &this->plugin; } diff --git a/src/charon/plugins/eap_mschapv2/eap_mschapv2.c b/src/charon/plugins/eap_mschapv2/eap_mschapv2.c index 0e3fac780..26c6ffcb2 100644 --- a/src/charon/plugins/eap_mschapv2/eap_mschapv2.c +++ b/src/charon/plugins/eap_mschapv2/eap_mschapv2.c @@ -35,47 +35,47 @@ struct private_eap_mschapv2_t * Public authenticator_t interface. */ eap_mschapv2_t public; - + /** * ID of the server */ identification_t *server; - + /** * ID of the peer */ identification_t *peer; - + /** * challenge sent by the server */ chunk_t challenge; - + /** * generated NT-Response */ chunk_t nt_response; - + /** * generated Authenticator Response */ chunk_t auth_response; - + /** * generated MSK */ chunk_t msk; - + /** * EAP message identifier */ u_int8_t identifier; - + /** * MS-CHAPv2-ID (session ID, increases with each retry) */ u_int8_t mschapv2id; - + /** * Number of retries */ @@ -248,7 +248,7 @@ static chunk_t ExpandDESKey(chunk_t key) int i; u_char carry = 0; chunk_t expanded; - + /* expand the 7 octets to 8 octets */ expanded = chunk_alloc(8); for (i = 0; i < 7; i++) @@ -257,7 +257,7 @@ static chunk_t ExpandDESKey(chunk_t key) carry = key.ptr[i] & ~bitmask[i]; } expanded.ptr[7] = carry << 1; - + /* add parity bits to each octet */ for (i = 0; i < 8; i++) { @@ -269,7 +269,7 @@ static chunk_t ExpandDESKey(chunk_t key) } /** - * Calculate the NT password hash (i.e. hash the (unicode) password with MD4) + * Calculate the NT password hash (i.e. hash the (unicode) password with MD4) */ static status_t NtPasswordHash(chunk_t password, chunk_t *password_hash) { @@ -287,7 +287,7 @@ static status_t NtPasswordHash(chunk_t password, chunk_t *password_hash) /** * Calculate the challenge hash (i.e. hash [peer_challenge | server_challenge | - * username (without domain part)] with SHA1) + * username (without domain part)] with SHA1) */ static status_t ChallengeHash(chunk_t peer_challenge, chunk_t server_challenge, chunk_t username, chunk_t *challenge_hash) @@ -331,7 +331,7 @@ static status_t ChallengeResponse(chunk_t challenge_hash, chunk_t password_hash, memset(z_password_hash.ptr, 0, z_password_hash.len); memcpy(z_password_hash.ptr, password_hash.ptr, password_hash.len); chunk_split(z_password_hash, "mmm", 7, &keys[0], 7, &keys[1], 7, &keys[2]); - + *response = chunk_alloc(24); for (i = 0; i < 3; i++) { @@ -366,22 +366,22 @@ static status_t AuthenticatorResponse(chunk_t password_hash_hash, 0x6E }; static const chunk_t magic1 = chunk_from_buf(magic1_data); static const chunk_t magic2 = chunk_from_buf(magic2_data); - + chunk_t digest = chunk_empty, concat; hasher_t *hasher; - + hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1); if (hasher == NULL) { DBG1(DBG_IKE, "EAP-MS-CHAPv2 failed, SHA1 not supported"); return FAILED; } - + concat = chunk_cata("ccc", password_hash_hash, nt_response, magic1); hasher->allocate_hash(hasher, concat, &digest); concat = chunk_cata("ccc", digest, challenge_hash, magic2); hasher->allocate_hash(hasher, concat, response); - + hasher->destroy(hasher); chunk_free(&digest); return SUCCESS; @@ -433,31 +433,31 @@ static status_t GenerateMSK(chunk_t password_hash_hash, static const chunk_t shapad1 = chunk_from_buf(shapad1_data); static const chunk_t shapad2 = chunk_from_buf(shapad2_data); static const chunk_t keypad = { shapad1_data, 16 }; - + chunk_t concat, master_key, master_receive_key, master_send_key; hasher_t *hasher; - + hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1); if (hasher == NULL) { DBG1(DBG_IKE, "EAP-MS-CHAPv2 failed, SHA1 not supported"); return FAILED; } - + concat = chunk_cata("ccc", password_hash_hash, nt_response, magic1); hasher->allocate_hash(hasher, concat, &master_key); master_key.len = 16; - + concat = chunk_cata("cccc", master_key, shapad1, magic2, shapad2); hasher->allocate_hash(hasher, concat, &master_receive_key); master_receive_key.len = 16; - + concat = chunk_cata("cccc", master_key, shapad1, magic3, shapad2); hasher->allocate_hash(hasher, concat, &master_send_key); master_send_key.len = 16; - + *msk = chunk_cat("cccc", master_receive_key, master_send_key, keypad, keypad); - + hasher->destroy(hasher); chunk_free(&master_key); chunk_free(&master_receive_key); @@ -472,7 +472,7 @@ static status_t GenerateStuff(private_eap_mschapv2_t *this, status_t status = FAILED; chunk_t password_hash = chunk_empty, password_hash_hash = chunk_empty, challenge_hash = chunk_empty; - + if (NtPasswordHash(password, &password_hash) != SUCCESS) { goto error; @@ -486,7 +486,7 @@ static status_t GenerateStuff(private_eap_mschapv2_t *this, { goto error; } - + if (ChallengeResponse(challenge_hash, password_hash, &this->nt_response) != SUCCESS) { @@ -501,9 +501,9 @@ static status_t GenerateStuff(private_eap_mschapv2_t *this, { goto error; } - + status = SUCCESS; - + error: chunk_free(&password_hash); chunk_free(&password_hash_hash); @@ -532,7 +532,7 @@ static chunk_t ascii_to_unicode(chunk_t ascii) static char* sanitize(char *str) { char *pos = str; - + while (pos && *pos) { if (!isprint(*pos)) @@ -592,7 +592,7 @@ static status_t initiate_server(private_eap_mschapv2_t *this, eap_payload_t **ou eap_mschapv2_challenge_t *cha; const char *name = MSCHAPV2_HOST_NAME; u_int16_t len = CHALLENGE_PAYLOAD_LEN + sizeof(MSCHAPV2_HOST_NAME) - 1; - + rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK); if (!rng) { @@ -601,7 +601,7 @@ static status_t initiate_server(private_eap_mschapv2_t *this, eap_payload_t **ou } rng->allocate_bytes(rng, CHALLENGE_LEN, &this->challenge); rng->destroy(rng); - + eap = alloca(len); eap->code = EAP_REQUEST; eap->identifier = this->identifier; @@ -610,12 +610,12 @@ static status_t initiate_server(private_eap_mschapv2_t *this, eap_payload_t **ou eap->opcode = MSCHAPV2_CHALLENGE; eap->ms_chapv2_id = this->mschapv2id; set_ms_length(eap, len); - + cha = (eap_mschapv2_challenge_t*)eap->data; cha->value_size = CHALLENGE_LEN; memcpy(cha->challenge, this->challenge.ptr, this->challenge.len); memcpy(cha->name, name, sizeof(MSCHAPV2_HOST_NAME) - 1); - + *out = eap_payload_create_data(chunk_create((void*) eap, len)); return NEED_MORE; } @@ -634,29 +634,29 @@ static status_t process_peer_challenge(private_eap_mschapv2_t *this, shared_key_t *shared; chunk_t data, peer_challenge, username, password; u_int16_t len = RESPONSE_PAYLOAD_LEN; - + data = in->get_data(in); eap = (eap_mschapv2_header_t*)data.ptr; - + /* the name MUST be at least one octet long */ if (data.len < CHALLENGE_PAYLOAD_LEN + 1) { DBG1(DBG_IKE, "received invalid EAP-MS-CHAPv2 message: too short"); return FAILED; } - + cha = (eap_mschapv2_challenge_t*)eap->data; - + if (cha->value_size != CHALLENGE_LEN) { DBG1(DBG_IKE, "received invalid EAP-MS-CHAPv2 message: " "invalid challenge size"); return FAILED; } - + this->mschapv2id = eap->ms_chapv2_id; this->challenge = chunk_clone(chunk_create(cha->challenge, CHALLENGE_LEN)); - + rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK); if (!rng) { @@ -666,7 +666,7 @@ static status_t process_peer_challenge(private_eap_mschapv2_t *this, peer_challenge = chunk_alloca(CHALLENGE_LEN); rng->get_bytes(rng, CHALLENGE_LEN, peer_challenge.ptr); rng->destroy(rng); - + shared = charon->credentials->get_shared(charon->credentials, SHARED_EAP, this->peer, this->server); if (shared == NULL) @@ -675,13 +675,13 @@ static status_t process_peer_challenge(private_eap_mschapv2_t *this, this->server, this->peer); return NOT_FOUND; } - + password = ascii_to_unicode(shared->get_key(shared)); shared->destroy(shared); - + username = extract_username(this->peer); len += username.len; - + if (GenerateStuff(this, this->challenge, peer_challenge, username, password) != SUCCESS) { DBG1(DBG_IKE, "EAP-MS-CHAPv2 generating NT-Response failed"); @@ -689,7 +689,7 @@ static status_t process_peer_challenge(private_eap_mschapv2_t *this, return FAILED; } chunk_clear(&password); - + eap = alloca(len); eap->code = EAP_RESPONSE; eap->identifier = this->identifier; @@ -698,16 +698,16 @@ static status_t process_peer_challenge(private_eap_mschapv2_t *this, eap->opcode = MSCHAPV2_RESPONSE; eap->ms_chapv2_id = this->mschapv2id; set_ms_length(eap, len); - + res = (eap_mschapv2_response_t*)eap->data; res->value_size = RESPONSE_LEN; memset(&res->response, 0, RESPONSE_LEN); memcpy(res->response.peer_challenge, peer_challenge.ptr, peer_challenge.len); memcpy(res->response.nt_response, this->nt_response.ptr, this->nt_response.len); - + username = this->peer->get_encoding(this->peer); memcpy(res->name, username.ptr, username.len); - + *out = eap_payload_create_data(chunk_create((void*) eap, len)); return NEED_MORE; } @@ -725,21 +725,21 @@ static status_t process_peer_success(private_eap_mschapv2_t *this, char *message, *token, *msg = NULL; int message_len; u_int16_t len = SHORT_HEADER_LEN; - + data = in->get_data(in); eap = (eap_mschapv2_header_t*)data.ptr; - + if (data.len < AUTH_RESPONSE_LEN) { DBG1(DBG_IKE, "received invalid EAP-MS-CHAPv2 message: too short"); return FAILED; } - + message_len = data.len - HEADER_LEN; message = malloc(message_len + 1); memcpy(message, eap->data, message_len); message[message_len] = '\0'; - + /* S= M= */ enumerator = enumerator_create_token(message, " ", " "); while (enumerator->enumerate(enumerator, &token)) @@ -764,32 +764,32 @@ static status_t process_peer_success(private_eap_mschapv2_t *this, } } enumerator->destroy(enumerator); - - if (auth_string.ptr == NULL) + + if (auth_string.ptr == NULL) { DBG1(DBG_IKE, "received invalid EAP-MS-CHAPv2 message: " "auth string missing"); goto error; } - + if (!chunk_equals(this->auth_response, auth_string)) { DBG1(DBG_IKE, "EAP-MS-CHAPv2 verification failed"); goto error; } - + DBG1(DBG_IKE, "EAP-MS-CHAPv2 succeeded: '%s'", sanitize(msg)); - + eap = alloca(len); eap->code = EAP_RESPONSE; eap->identifier = this->identifier; eap->length = htons(len); eap->type = EAP_MSCHAPV2; eap->opcode = MSCHAPV2_SUCCESS; - + *out = eap_payload_create_data(chunk_create((void*) eap, len)); status = NEED_MORE; - + error: chunk_free(&auth_string); free(message); @@ -807,21 +807,21 @@ static status_t process_peer_failure(private_eap_mschapv2_t *this, char *message, *token, *msg = NULL; int message_len, error, retryable; chunk_t challenge = chunk_empty; - + data = in->get_data(in); eap = (eap_mschapv2_header_t*)data.ptr; - + if (data.len < 3) /* we want at least an error code: E=e */ { DBG1(DBG_IKE, "received invalid EAP-MS-CHAPv2 message: too short"); return FAILED; } - + message_len = data.len - HEADER_LEN; message = malloc(message_len + 1); memcpy(message, eap->data, message_len); message[message_len] = '\0'; - + /* E=eeeeeeeeee R=r C=cccccccccccccccccccccccccccccccc V=vvvvvvvvvv M= */ enumerator = enumerator_create_token(message, " ", " "); while (enumerator->enumerate(enumerator, &token)) @@ -862,28 +862,28 @@ static status_t process_peer_failure(private_eap_mschapv2_t *this, } } enumerator->destroy(enumerator); - + DBG1(DBG_IKE, "EAP-MS-CHAPv2 failed with error %N: '%s'", mschapv2_error_names, error, sanitize(msg)); - + /** * at this point, if the error is retryable, we MAY retry the authentication * or MAY send a Change Password packet. - * + * * if the error is not retryable (or if we do neither of the above), we * SHOULD send a Failure Response packet. * windows clients don't do that, and since windows server 2008 r2 behaves * pretty odd if we do send a Failure Response, we just don't send one * either. windows 7 actually sends a delete notify (which, according to the - * logs, results in an error on windows server 2008 r2). - * + * logs, results in an error on windows server 2008 r2). + * * btw, windows server 2008 r2 does not send non-retryable errors for e.g. * a disabled account but returns the windows error code in a notify payload * of type 12345. */ - + status = FAILED; - + error: chunk_free(&challenge); free(message); @@ -899,7 +899,7 @@ static status_t process_peer(private_eap_mschapv2_t *this, eap_payload_t *in, { chunk_t data; eap_mschapv2_header_t *eap; - + this->identifier = in->get_identifier(in); data = in->get_data(in); if (data.len < SHORT_HEADER_LEN) @@ -907,9 +907,9 @@ static status_t process_peer(private_eap_mschapv2_t *this, eap_payload_t *in, DBG1(DBG_IKE, "received invalid EAP-MS-CHAPv2 message"); return FAILED; } - + eap = (eap_mschapv2_header_t*)data.ptr; - + switch (eap->opcode) { case MSCHAPV2_CHALLENGE: @@ -945,7 +945,7 @@ static status_t process_server_retry(private_eap_mschapv2_t *this, chunk_t hex; char msg[FAILURE_MESSAGE_LEN]; u_int16_t len = HEADER_LEN + FAILURE_MESSAGE_LEN - 1; /* no null byte */ - + if (++this->retries > MAX_RETRIES) { /* we MAY send a Failure Request with R=0, but windows 7 does not @@ -957,9 +957,9 @@ static status_t process_server_retry(private_eap_mschapv2_t *this, "maximum number of retries reached"); return FAILED; } - + DBG1(DBG_IKE, "EAP-MS-CHAPv2 verification failed, retry (%d)", this->retries); - + rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK); if (!rng) { @@ -968,11 +968,11 @@ static status_t process_server_retry(private_eap_mschapv2_t *this, } rng->get_bytes(rng, CHALLENGE_LEN, this->challenge.ptr); rng->destroy(rng); - + chunk_free(&this->nt_response); chunk_free(&this->auth_response); chunk_free(&this->msk); - + eap = alloca(len); eap->code = EAP_REQUEST; eap->identifier = ++this->identifier; @@ -981,16 +981,16 @@ static status_t process_server_retry(private_eap_mschapv2_t *this, eap->opcode = MSCHAPV2_FAILURE; eap->ms_chapv2_id = this->mschapv2id++; /* increase for each retry */ set_ms_length(eap, len); - + hex = chunk_to_hex(this->challenge, NULL, TRUE); snprintf(msg, FAILURE_MESSAGE_LEN, "%s%s", FAILURE_MESSAGE, hex.ptr); chunk_free(&hex); memcpy(eap->data, msg, FAILURE_MESSAGE_LEN - 1); /* no null byte */ *out = eap_payload_create_data(chunk_create((void*) eap, len)); - + /* delay the response for some time to make brute-force attacks harder */ sleep(RETRY_DELAY); - + return NEED_MORE; } @@ -1007,25 +1007,25 @@ static status_t process_server_response(private_eap_mschapv2_t *this, shared_key_t *shared; int name_len; char buf[256]; - + data = in->get_data(in); eap = (eap_mschapv2_header_t*)data.ptr; - + if (data.len < RESPONSE_PAYLOAD_LEN) { DBG1(DBG_IKE, "received invalid EAP-MS-CHAPv2 message: too short"); return FAILED; } - + res = (eap_mschapv2_response_t*)eap->data; peer_challenge = chunk_create(res->response.peer_challenge, CHALLENGE_LEN); - + name_len = min(data.len - RESPONSE_PAYLOAD_LEN, 255); snprintf(buf, sizeof(buf), "%.*s", name_len, res->name); userid = identification_create_from_string(buf); DBG2(DBG_IKE, "EAP-MS-CHAPv2 username: '%Y'", userid); username = extract_username(userid); - + shared = charon->credentials->get_shared(charon->credentials, SHARED_EAP, this->server, userid); if (shared == NULL) @@ -1041,27 +1041,27 @@ static status_t process_server_response(private_eap_mschapv2_t *this, userid->destroy(userid); return process_server_retry(this, out); } - + password = ascii_to_unicode(shared->get_key(shared)); shared->destroy(shared); - + if (GenerateStuff(this, this->challenge, peer_challenge, username, password) != SUCCESS) { - DBG1(DBG_IKE, "EAP-MS-CHAPv2 verification failed"); + DBG1(DBG_IKE, "EAP-MS-CHAPv2 verification failed"); userid->destroy(userid); chunk_clear(&password); return FAILED; } userid->destroy(userid); chunk_clear(&password); - + if (memeq(res->response.nt_response, this->nt_response.ptr, this->nt_response.len)) { chunk_t hex; char msg[AUTH_RESPONSE_LEN + sizeof(SUCCESS_MESSAGE)]; u_int16_t len = HEADER_LEN + AUTH_RESPONSE_LEN + sizeof(SUCCESS_MESSAGE); - + eap = alloca(len); eap->code = EAP_REQUEST; eap->identifier = ++this->identifier; @@ -1070,7 +1070,7 @@ static status_t process_server_response(private_eap_mschapv2_t *this, eap->opcode = MSCHAPV2_SUCCESS; eap->ms_chapv2_id = this->mschapv2id; set_ms_length(eap, len); - + hex = chunk_to_hex(this->auth_response, NULL, TRUE); snprintf(msg, AUTH_RESPONSE_LEN + sizeof(SUCCESS_MESSAGE), "S=%s%s", hex.ptr, SUCCESS_MESSAGE); @@ -1091,23 +1091,23 @@ static status_t process_server(private_eap_mschapv2_t *this, eap_payload_t *in, { eap_mschapv2_header_t *eap; chunk_t data; - + if (this->identifier != in->get_identifier(in)) { DBG1(DBG_IKE, "received invalid EAP-MS-CHAPv2 message: " "unexpected identifier"); return FAILED; } - + data = in->get_data(in); if (data.len < SHORT_HEADER_LEN) { DBG1(DBG_IKE, "received invalid EAP-MS-CHAPv2 message: too short"); return FAILED; } - + eap = (eap_mschapv2_header_t*)data.ptr; - + switch (eap->opcode) { case MSCHAPV2_RESPONSE: @@ -1182,14 +1182,14 @@ static void destroy(private_eap_mschapv2_t *this) static private_eap_mschapv2_t *eap_mschapv2_create_generic(identification_t *server, identification_t *peer) { private_eap_mschapv2_t *this = malloc_thing(private_eap_mschapv2_t); - + this->public.eap_method_interface.initiate = NULL; this->public.eap_method_interface.process = NULL; this->public.eap_method_interface.get_type = (eap_type_t(*)(eap_method_t*,u_int32_t*))get_type; this->public.eap_method_interface.is_mutual = (bool(*)(eap_method_t*))is_mutual; this->public.eap_method_interface.get_msk = (status_t(*)(eap_method_t*,chunk_t*))get_msk; this->public.eap_method_interface.destroy = (void(*)(eap_method_t*))destroy; - + /* private data */ this->peer = peer->clone(peer); this->server = server->clone(server); @@ -1200,7 +1200,7 @@ static private_eap_mschapv2_t *eap_mschapv2_create_generic(identification_t *ser this->identifier = 0; this->mschapv2id = 0; this->retries = 0; - + return this; } @@ -1210,7 +1210,7 @@ static private_eap_mschapv2_t *eap_mschapv2_create_generic(identification_t *ser eap_mschapv2_t *eap_mschapv2_create_server(identification_t *server, identification_t *peer) { private_eap_mschapv2_t *this = eap_mschapv2_create_generic(server, peer); - + this->public.eap_method_interface.initiate = (status_t(*)(eap_method_t*,eap_payload_t**))initiate_server; this->public.eap_method_interface.process = (status_t(*)(eap_method_t*,eap_payload_t*, eap_payload_t**))process_server; @@ -1219,9 +1219,9 @@ eap_mschapv2_t *eap_mschapv2_create_server(identification_t *server, identificat { this->identifier = random(); } while (!this->identifier); - + this->mschapv2id = this->identifier; - + return &this->public; } @@ -1231,10 +1231,10 @@ eap_mschapv2_t *eap_mschapv2_create_server(identification_t *server, identificat eap_mschapv2_t *eap_mschapv2_create_peer(identification_t *server, identification_t *peer) { private_eap_mschapv2_t *this = eap_mschapv2_create_generic(server, peer); - + this->public.eap_method_interface.initiate = (status_t(*)(eap_method_t*,eap_payload_t**))initiate_peer; this->public.eap_method_interface.process = (status_t(*)(eap_method_t*,eap_payload_t*, eap_payload_t**))process_peer; - + return &this->public; } diff --git a/src/charon/plugins/eap_mschapv2/eap_mschapv2_plugin.c b/src/charon/plugins/eap_mschapv2/eap_mschapv2_plugin.c index d0995c477..404cecb20 100644 --- a/src/charon/plugins/eap_mschapv2/eap_mschapv2_plugin.c +++ b/src/charon/plugins/eap_mschapv2/eap_mschapv2_plugin.c @@ -37,14 +37,14 @@ static void destroy(eap_mschapv2_plugin_t *this) plugin_t *plugin_create() { eap_mschapv2_plugin_t *this = malloc_thing(eap_mschapv2_plugin_t); - + this->plugin.destroy = (void(*)(plugin_t*))destroy; - + charon->eap->add_method(charon->eap, EAP_MSCHAPV2, 0, EAP_SERVER, (eap_constructor_t)eap_mschapv2_create_server); charon->eap->add_method(charon->eap, EAP_MSCHAPV2, 0, EAP_PEER, (eap_constructor_t)eap_mschapv2_create_peer); - + return &this->plugin; } diff --git a/src/charon/plugins/eap_radius/eap_radius.c b/src/charon/plugins/eap_radius/eap_radius.c index deb3b648b..f21d6b859 100644 --- a/src/charon/plugins/eap_radius/eap_radius.c +++ b/src/charon/plugins/eap_radius/eap_radius.c @@ -12,7 +12,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. */ - + #include "eap_radius.h" #include "radius_message.h" @@ -26,47 +26,47 @@ typedef struct private_eap_radius_t private_eap_radius_t; * Private data of an eap_radius_t object. */ struct private_eap_radius_t { - + /** * Public authenticator_t interface. */ eap_radius_t public; - + /** * ID of the server */ identification_t *server; - + /** * ID of the peer */ identification_t *peer; - + /** * EAP method type we are proxying */ eap_type_t type; - + /** * EAP vendor, if any */ u_int32_t vendor; - + /** * EAP MSK, if method established one */ chunk_t msk; - + /** * RADIUS client instance */ radius_client_t *client; - + /** * TRUE to use EAP-Start, FALSE to send EAP-Identity Response directly */ bool eap_start; - + /** * Prefix to prepend to EAP identity */ @@ -93,11 +93,11 @@ static void add_eap_identity(private_eap_radius_t *this, } __attribute__((__packed__)) *hdr; chunk_t id, prefix; size_t len; - + id = this->peer->get_encoding(this->peer); prefix = chunk_create(this->id_prefix, strlen(this->id_prefix)); len = sizeof(*hdr) + prefix.len + id.len; - + hdr = alloca(len); hdr->code = EAP_RESPONSE; hdr->identifier = 0; @@ -105,7 +105,7 @@ static void add_eap_identity(private_eap_radius_t *this, hdr->type = EAP_IDENTITY; memcpy(hdr->data, prefix.ptr, prefix.len); memcpy(hdr->data + prefix.len, id.ptr, id.len); - + request->add(request, RAT_EAP_MESSAGE, chunk_create((u_char*)hdr, len)); } @@ -119,7 +119,7 @@ static bool radius2ike(private_eap_radius_t *this, eap_payload_t *payload; chunk_t data; int type; - + enumerator = msg->create_enumerator(msg); while (enumerator->enumerate(enumerator, &type, &data)) { @@ -144,12 +144,12 @@ static status_t initiate(private_eap_radius_t *this, eap_payload_t **out) radius_message_t *request, *response; status_t status = FAILED; chunk_t username; - + request = radius_message_create_request(); username = chunk_create(this->id_prefix, strlen(this->id_prefix)); username = chunk_cata("cc", username, this->peer->get_encoding(this->peer)); request->add(request, RAT_USER_NAME, username); - + if (this->eap_start) { request->add(request, RAT_EAP_MESSAGE, chunk_empty); @@ -158,7 +158,7 @@ static status_t initiate(private_eap_radius_t *this, eap_payload_t **out) { add_eap_identity(this, request); } - + response = this->client->request(this->client, request); if (response) { @@ -180,11 +180,11 @@ static status_t process(private_eap_radius_t *this, { radius_message_t *request, *response; status_t status = FAILED; - + request = radius_message_create_request(); request->add(request, RAT_USER_NAME, this->peer->get_encoding(this->peer)); request->add(request, RAT_EAP_MESSAGE, in->get_data(in)); - + response = this->client->request(this->client, request); if (response) { @@ -271,14 +271,14 @@ static void destroy(private_eap_radius_t *this) eap_radius_t *eap_radius_create(identification_t *server, identification_t *peer) { private_eap_radius_t *this = malloc_thing(private_eap_radius_t); - + this->public.eap_method_interface.initiate = (status_t(*)(eap_method_t*,eap_payload_t**))initiate; this->public.eap_method_interface.process = (status_t(*)(eap_method_t*,eap_payload_t*,eap_payload_t**))process; this->public.eap_method_interface.get_type = (eap_type_t(*)(eap_method_t*,u_int32_t*))get_type; this->public.eap_method_interface.is_mutual = (bool(*)(eap_method_t*))is_mutual; this->public.eap_method_interface.get_msk = (status_t(*)(eap_method_t*,chunk_t*))get_msk; this->public.eap_method_interface.destroy = (void(*)(eap_method_t*))destroy; - + this->client = radius_client_create(); if (!this->client) { @@ -291,7 +291,7 @@ eap_radius_t *eap_radius_create(identification_t *server, identification_t *peer this->type = EAP_RADIUS; this->vendor = 0; this->msk = chunk_empty; - this->eap_start = lib->settings->get_bool(lib->settings, + this->eap_start = lib->settings->get_bool(lib->settings, "charon.plugins.eap_radius.eap_start", FALSE); this->id_prefix = lib->settings->get_str(lib->settings, "charon.plugins.eap_radius.id_prefix", ""); diff --git a/src/charon/plugins/eap_radius/eap_radius_plugin.c b/src/charon/plugins/eap_radius/eap_radius_plugin.c index 7c6a3c9ff..51e6a69c8 100644 --- a/src/charon/plugins/eap_radius/eap_radius_plugin.c +++ b/src/charon/plugins/eap_radius/eap_radius_plugin.c @@ -36,19 +36,19 @@ static void destroy(eap_radius_plugin_t *this) plugin_t *plugin_create() { eap_radius_plugin_t *this; - + if (!radius_client_init()) { DBG1(DBG_CFG, "RADIUS plugin initialization failed"); return NULL; } - + this = malloc_thing(eap_radius_plugin_t); this->plugin.destroy = (void(*)(plugin_t*))destroy; - + charon->eap->add_method(charon->eap, EAP_RADIUS, 0, EAP_SERVER, (eap_constructor_t)eap_radius_create); - + return &this->plugin; } diff --git a/src/charon/plugins/eap_radius/radius_client.c b/src/charon/plugins/eap_radius/radius_client.c index de1bafc6d..1b35cd2d6 100644 --- a/src/charon/plugins/eap_radius/radius_client.c +++ b/src/charon/plugins/eap_radius/radius_client.c @@ -63,12 +63,12 @@ struct entry_t { * Private data of an radius_client_t object. */ struct private_radius_client_t { - + /** * Public radius_client_t interface. */ radius_client_t public; - + /** * RADIUS servers State attribute */ @@ -106,7 +106,7 @@ static chunk_t nas_identifier; void radius_client_cleanup() { entry_t *entry; - + mutex->destroy(mutex); condvar->destroy(condvar); while (sockets->remove_last(sockets, (void**)&entry) == SUCCESS) @@ -130,11 +130,11 @@ bool radius_client_init() entry_t *entry; host_t *host; char *server; - + nas_identifier.ptr = lib->settings->get_str(lib->settings, "charon.plugins.eap_radius.nas_identifier", "strongSwan"); nas_identifier.len = strlen(nas_identifier.ptr); - + secret.ptr = lib->settings->get_str(lib->settings, "charon.plugins.eap_radius.secret", NULL); if (!secret.ptr) @@ -159,7 +159,7 @@ bool radius_client_init() } count = lib->settings->get_int(lib->settings, "charon.plugins.eap_radius.sockets", 1); - + sockets = linked_list_create(); mutex = mutex_create(MUTEX_TYPE_DEFAULT); condvar = condvar_create(CONDVAR_TYPE_DEFAULT); @@ -214,7 +214,7 @@ bool radius_client_init() static entry_t* get_socket() { entry_t *entry; - + mutex->lock(mutex); while (sockets->remove_first(sockets, (void**)&entry) != SUCCESS) { @@ -243,7 +243,7 @@ static void save_state(private_radius_client_t *this, radius_message_t *msg) enumerator_t *enumerator; int type; chunk_t data; - + enumerator = msg->create_enumerator(msg); while (enumerator->enumerate(enumerator, &type, &data)) { @@ -270,9 +270,9 @@ static radius_message_t* request(private_radius_client_t *this, entry_t *socket; chunk_t data; int i; - + socket = get_socket(); - + /* set Message Identifier */ req->set_identifier(req, socket->identifier++); /* we add the "Virtual" NAS-Port-Type, as we SHOULD include one */ @@ -286,7 +286,7 @@ static radius_message_t* request(private_radius_client_t *this, } /* sign the request */ req->sign(req, socket->rng, socket->signer); - + data = req->get_encoding(req); /* timeout after 2, 3, 4, 5 seconds */ for (i = 2; i <= 5; i++) @@ -297,7 +297,7 @@ static radius_message_t* request(private_radius_client_t *this, char buf[1024]; fd_set fds; int res; - + if (send(socket->fd, data.ptr, data.len, 0) != data.len) { DBG1(DBG_CFG, "sending RADIUS message failed: %s", strerror(errno)); @@ -306,7 +306,7 @@ static radius_message_t* request(private_radius_client_t *this, } tv.tv_sec = i; tv.tv_usec = 0; - + while (TRUE) { FD_ZERO(&fds); @@ -334,7 +334,7 @@ static radius_message_t* request(private_radius_client_t *this, } response = radius_message_parse_response(chunk_create(buf, res)); if (response) - { + { if (response->verify(response, req->get_authenticator(req), secret, socket->hasher, socket->signer)) { @@ -366,7 +366,7 @@ static chunk_t decrypt_mppe_key(private_radius_client_t *this, u_int16_t salt, chunk_t A, R, P, seed; u_char *c, *p; hasher_t *hasher; - + /** * From RFC2548 (encryption): * b(1) = MD5(S + R + A) c(1) = p(1) xor b(1) C = c(1) @@ -374,42 +374,42 @@ static chunk_t decrypt_mppe_key(private_radius_client_t *this, u_int16_t salt, * . . . * b(i) = MD5(S + c(i-1)) c(i) = p(i) xor b(i) C = C + c(i) */ - + if (C.len % HASH_SIZE_MD5 || C.len < HASH_SIZE_MD5) { return chunk_empty; } - + hasher = lib->crypto->create_hasher(lib->crypto, HASH_MD5); if (!hasher) { return chunk_empty; } - + A = chunk_create((u_char*)&salt, sizeof(salt)); R = chunk_create(request->get_authenticator(request), HASH_SIZE_MD5); P = chunk_alloca(C.len); p = P.ptr; c = C.ptr; - + seed = chunk_cata("cc", R, A); - + while (c < C.ptr + C.len) { /* b(i) = MD5(S + c(i-1)) */ hasher->get_hash(hasher, secret, NULL); hasher->get_hash(hasher, seed, p); - + /* p(i) = b(i) xor c(1) */ memxor(p, c, HASH_SIZE_MD5); - + /* prepare next round */ seed = chunk_create(c, HASH_SIZE_MD5); c += HASH_SIZE_MD5; p += HASH_SIZE_MD5; } hasher->destroy(hasher); - + /* remove truncation, first byte is key length */ if (*P.ptr >= P.len) { /* decryption failed? */ @@ -434,7 +434,7 @@ static chunk_t decrypt_msk(private_radius_client_t *this, enumerator_t *enumerator; chunk_t data, send = chunk_empty, recv = chunk_empty; int type; - + enumerator = response->create_enumerator(response); while (enumerator->enumerate(enumerator, &type, &data)) { @@ -482,13 +482,13 @@ static void destroy(private_radius_client_t *this) radius_client_t *radius_client_create() { private_radius_client_t *this = malloc_thing(private_radius_client_t); - + this->public.request = (radius_message_t*(*)(radius_client_t*, radius_message_t *msg))request; this->public.decrypt_msk = (chunk_t(*)(radius_client_t*, radius_message_t *, radius_message_t *))decrypt_msk; this->public.destroy = (void(*)(radius_client_t*))destroy; - + this->state = chunk_empty; - + return &this->public; } diff --git a/src/charon/plugins/eap_radius/radius_client.h b/src/charon/plugins/eap_radius/radius_client.h index 889861a16..77ba94807 100644 --- a/src/charon/plugins/eap_radius/radius_client.h +++ b/src/charon/plugins/eap_radius/radius_client.h @@ -33,11 +33,11 @@ typedef struct radius_client_t radius_client_t; * a socket during request() and releases it afterwards. */ struct radius_client_t { - + /** * Send a RADIUS request and wait for the response. * - * The client fills in RADIUS Message identifier, NAS-Identifier, + * The client fills in RADIUS Message identifier, NAS-Identifier, * NAS-Port-Type, builds a Request-Authenticator and calculates the * Message-Authenticator attribute. * The received response gets verified using the Response-Identifier @@ -47,7 +47,7 @@ struct radius_client_t { * @return response, NULL if timed out/verification failed */ radius_message_t* (*request)(radius_client_t *this, radius_message_t *msg); - + /** * Decrypt the MSK encoded in a messages MS-MPPE-Send/Recv-Key. * @@ -57,7 +57,7 @@ struct radius_client_t { */ chunk_t (*decrypt_msk)(radius_client_t *this, radius_message_t *response, radius_message_t *request); - + /** * Destroy the client, release the socket. */ diff --git a/src/charon/plugins/eap_radius/radius_message.c b/src/charon/plugins/eap_radius/radius_message.c index 59a639f31..8b7ef12d4 100644 --- a/src/charon/plugins/eap_radius/radius_message.c +++ b/src/charon/plugins/eap_radius/radius_message.c @@ -54,12 +54,12 @@ struct rattr_t { * Private data of an radius_message_t object. */ struct private_radius_message_t { - + /** * Public radius_message_t interface. */ radius_message_t public; - + /** * message data, allocated */ @@ -247,12 +247,12 @@ static bool attribute_enumerate(attribute_enumerator_t *this, static enumerator_t* create_enumerator(private_radius_message_t *this) { attribute_enumerator_t *e; - + if (ntohs(this->msg->length) < sizeof(rmsg_t) + sizeof(rattr_t)) { return enumerator_create_empty(); } - + e = malloc_thing(attribute_enumerator_t); e->public.enumerate = (void*)attribute_enumerate; e->public.destroy = (void*)free; @@ -268,7 +268,7 @@ static void add(private_radius_message_t *this, radius_attribute_type_t type, chunk_t data) { rattr_t *attribute; - + this->msg = realloc(this->msg, ntohs(this->msg->length) + sizeof(rattr_t) + data.len); attribute = ((void*)this->msg) + ntohs(this->msg->length); @@ -284,10 +284,10 @@ static void add(private_radius_message_t *this, radius_attribute_type_t type, static void sign(private_radius_message_t *this, rng_t *rng, signer_t *signer) { char buf[HASH_SIZE_MD5]; - + /* build Request-Authenticator */ rng->get_bytes(rng, HASH_SIZE_MD5, this->msg->authenticator); - + /* build Message-Authenticator attribute, using 16 null bytes */ memset(buf, 0, sizeof(buf)); add(this, RAT_MESSAGE_AUTHENTICATOR, chunk_create(buf, sizeof(buf))); @@ -307,12 +307,12 @@ static bool verify(private_radius_message_t *this, u_int8_t *req_auth, int type; chunk_t data, msg; bool has_eap = FALSE, has_auth = FALSE; - + /* replace Response by Request Authenticator for verification */ memcpy(res_auth, this->msg->authenticator, HASH_SIZE_MD5); memcpy(this->msg->authenticator, req_auth, HASH_SIZE_MD5); msg = chunk_create((u_char*)this->msg, ntohs(this->msg->length)); - + /* verify Response-Authenticator */ hasher->get_hash(hasher, msg, NULL); hasher->get_hash(hasher, secret, buf); @@ -321,7 +321,7 @@ static bool verify(private_radius_message_t *this, u_int8_t *req_auth, DBG1(DBG_CFG, "RADIUS Response-Authenticator verification failed"); return FALSE; } - + /* verify Message-Authenticator attribute */ enumerator = create_enumerator(this); while (enumerator->enumerate(enumerator, &type, &data)) @@ -359,7 +359,7 @@ static bool verify(private_radius_message_t *this, u_int8_t *req_auth, enumerator->destroy(enumerator); /* restore Response-Authenticator */ memcpy(this->msg->authenticator, res_auth, HASH_SIZE_MD5); - + if (has_eap && !has_auth) { /* Message-Authenticator is required if we have an EAP-Message */ DBG1(DBG_CFG, "RADIUS Message-Authenticator attribute missing"); @@ -424,7 +424,7 @@ static void destroy(private_radius_message_t *this) static private_radius_message_t *radius_message_create() { private_radius_message_t *this = malloc_thing(private_radius_message_t); - + this->public.create_enumerator = (enumerator_t*(*)(radius_message_t*))create_enumerator; this->public.add = (void(*)(radius_message_t*, radius_attribute_type_t,chunk_t))add; this->public.get_code = (radius_message_code_t(*)(radius_message_t*))get_code; @@ -435,7 +435,7 @@ static private_radius_message_t *radius_message_create() this->public.sign = (void(*)(radius_message_t*, rng_t *rng, signer_t *signer))sign; this->public.verify = (bool(*)(radius_message_t*, u_int8_t *req_auth, chunk_t secret, hasher_t *hasher, signer_t *signer))verify; this->public.destroy = (void(*)(radius_message_t*))destroy; - + return this; } @@ -445,12 +445,12 @@ static private_radius_message_t *radius_message_create() radius_message_t *radius_message_create_request() { private_radius_message_t *this = radius_message_create(); - + this->msg = malloc_thing(rmsg_t); this->msg->code = RMC_ACCESS_REQUEST; this->msg->identifier = 0; this->msg->length = htons(sizeof(rmsg_t)); - + return &this->public; } @@ -460,7 +460,7 @@ radius_message_t *radius_message_create_request() radius_message_t *radius_message_parse_response(chunk_t data) { private_radius_message_t *this = radius_message_create(); - + this->msg = malloc(data.len); memcpy(this->msg, data.ptr, data.len); if (data.len < sizeof(rmsg_t) || diff --git a/src/charon/plugins/eap_radius/radius_message.h b/src/charon/plugins/eap_radius/radius_message.h index d4eec8590..266839d3b 100644 --- a/src/charon/plugins/eap_radius/radius_message.h +++ b/src/charon/plugins/eap_radius/radius_message.h @@ -181,14 +181,14 @@ extern enum_name_t *radius_attribute_type_names; * A RADIUS message, contains attributes. */ struct radius_message_t { - + /** * Create an enumerator over contained RADIUS attributes. * * @return enumerator over (int type, chunk_t data) */ enumerator_t* (*create_enumerator)(radius_message_t *this); - + /** * Add a RADIUS attribute to the message. * @@ -197,42 +197,42 @@ struct radius_message_t { */ void (*add)(radius_message_t *this, radius_attribute_type_t type, chunk_t data); - + /** * Get the message type (code). * * @return message code */ radius_message_code_t (*get_code)(radius_message_t *this); - + /** * Get the message identifier. * * @return message identifier */ u_int8_t (*get_identifier)(radius_message_t *this); - + /** * Set the message identifier. * * @param identifier message identifier */ void (*set_identifier)(radius_message_t *this, u_int8_t identifier); - + /** * Get the 16 byte authenticator. * * @return pointer to the Authenticator field */ u_int8_t* (*get_authenticator)(radius_message_t *this); - + /** * Get the RADIUS message in its encoded form. * * @return chunk pointing to internal RADIUS message. */ chunk_t (*get_encoding)(radius_message_t *this); - + /** * Calculate and add the Message-Authenticator attribute to the message. * @@ -240,7 +240,7 @@ struct radius_message_t { * @param signer HMAC-MD5 signer with secret set */ void (*sign)(radius_message_t *this, rng_t *rng, signer_t *signer); - + /** * Verify the integrity of a received RADIUS response. * @@ -251,7 +251,7 @@ struct radius_message_t { */ bool (*verify)(radius_message_t *this, u_int8_t *req_auth, chunk_t secret, hasher_t *hasher, signer_t *signer); - + /** * Destroy the message. */ diff --git a/src/charon/plugins/eap_sim/eap_sim.c b/src/charon/plugins/eap_sim/eap_sim.c index 2dd6e534b..f439bd248 100644 --- a/src/charon/plugins/eap_sim/eap_sim.c +++ b/src/charon/plugins/eap_sim/eap_sim.c @@ -121,82 +121,82 @@ typedef struct private_eap_sim_t private_eap_sim_t; * Private data of an eap_sim_t object. */ struct private_eap_sim_t { - + /** * Public authenticator_t interface. */ eap_sim_t public; - + /** * ID of ourself */ identification_t *peer; - + /** * hashing function */ hasher_t *hasher; - + /** * prf */ prf_t *prf; - + /** * MAC function */ signer_t *signer; - + /** * how many times we try to authenticate */ int tries; - + /** * unique EAP identifier */ u_int8_t identifier; - + /** * EAP message type this role sends */ u_int8_t type; - + /** * version this implementation uses */ chunk_t version; - + /** * version list received from server */ chunk_t version_list; - + /** * Nonce value used in AT_NONCE_MT */ chunk_t nonce; - + /** * concatenated SRES values */ chunk_t sreses; - + /** * k_encr key derived from MK */ chunk_t k_encr; - + /** * k_auth key derived from MK, used for AT_MAC verification */ chunk_t k_auth; - + /** * MSK, used for EAP-SIM based IKEv2 authentication */ chunk_t msk; - + /** * EMSK, extended MSK for further uses */ @@ -257,9 +257,9 @@ static sim_attribute_t read_attribute(chunk_t *message, chunk_t *data) { sim_attribute_t attribute; size_t length; - + DBG3(DBG_IKE, "reading attribute from %B", message); - + if (message->len < 2) { return AT_END; @@ -294,7 +294,7 @@ static eap_payload_t *build_payload(private_eap_sim_t *this, u_int8_t identifier sim_attribute_t attr; u_int8_t *mac_pos = NULL; chunk_t mac_data = chunk_empty; - + /* write EAP header, skip length bytes */ *pos.ptr++ = this->type; *pos.ptr++ = identifier; @@ -306,18 +306,18 @@ static eap_payload_t *build_payload(private_eap_sim_t *this, u_int8_t identifier *pos.ptr++ = 0; *pos.ptr++ = 0; pos.len -= 4; - + va_start(args, type); while ((attr = va_arg(args, sim_attribute_t)) != AT_END) { chunk_t data = va_arg(args, chunk_t); - + DBG3(DBG_IKE, "building %N %B", sim_attribute_names, attr, &data); - + /* write attribute header */ *pos.ptr++ = attr; pos.len--; - + switch (attr) { case AT_CLIENT_ERROR_CODE: @@ -387,11 +387,11 @@ static eap_payload_t *build_payload(private_eap_sim_t *this, u_int8_t identifier } } va_end(args); - + /* calculate message length, write into header */ message.len = pos.ptr - message.ptr; *(u_int16_t*)(message.ptr + 2) = htons(message.len); - + /* create MAC if AT_MAC attribte was included. Append supplied va_arg * chunk mac_data to "to-sign" chunk */ if (mac_pos) @@ -402,9 +402,9 @@ static eap_payload_t *build_payload(private_eap_sim_t *this, u_int8_t identifier DBG3(DBG_IKE, "AT_MAC signature of %B\n is %b", &mac_data, mac_pos, MAC_LEN); } - + payload = eap_payload_create_data(message); - + DBG3(DBG_IKE, "created EAP message %B", &message); return payload; } @@ -495,7 +495,7 @@ static status_t peer_process_start(private_eap_sim_t *this, eap_payload_t *in, break; } } - + /* build payload. If "include_id" is AT_END, AT_IDENTITY is ommited */ *out = build_payload(this, identifier, SIM_START, AT_SELECTED_VERSION, this->version, @@ -519,7 +519,7 @@ static void derive_keys(private_eap_sim_t *this, chunk_t kcs) mk = chunk_alloca(this->hasher->get_hash_size(this->hasher)); this->hasher->get_hash(this->hasher, tmp, mk.ptr); DBG3(DBG_IKE, "MK = SHA1(%B\n) = %B", &tmp, &mk); - + /* K_encr | K_auth | MSK | EMSK = prf() | prf() | prf() | prf() * FIPS PRF has 320 bit block size, we need 160 byte for keys * => run prf four times */ @@ -549,7 +549,7 @@ static bool get_card_triplet(private_eap_sim_t *this, sim_card_t *card = NULL, *current; id_match_t match, best = ID_MATCH_NONE; bool success = FALSE; - + /* find the best matching SIM */ enumerator = charon->sim->create_card_enumerator(charon->sim); while (enumerator->enumerate(enumerator, ¤t)) @@ -584,7 +584,7 @@ static status_t peer_process_challenge(private_eap_sim_t *this, sim_attribute_t attribute; u_int8_t identifier; chunk_t mac = chunk_empty, rands = chunk_empty; - + if (this->tries-- <= 0) { /* give up without notification. This hack is required as some buggy @@ -643,7 +643,7 @@ static status_t peer_process_challenge(private_eap_sim_t *this, break; } } - + /* excepting two or three RAND, each 16 bytes. We require two valid * and different RANDs */ if ((rands.len != 2 * RAND_LEN && rands.len != 3 * RAND_LEN) || @@ -663,12 +663,12 @@ static status_t peer_process_challenge(private_eap_sim_t *this, AT_END); return NEED_MORE; } - + /* get two or three KCs/SRESes from SIM using RANDs */ kcs = kc = chunk_alloca(rands.len / 2); sreses = sres = chunk_alloca(rands.len / 4); while (rands.len >= RAND_LEN) - { + { if (!get_card_triplet(this, rands.ptr, sres.ptr, kc.ptr)) { DBG1(DBG_IKE, "unable to get EAP-SIM triplet"); @@ -683,9 +683,9 @@ static status_t peer_process_challenge(private_eap_sim_t *this, sres = chunk_skip(sres, SRES_LEN); rands = chunk_skip(rands, RAND_LEN); } - + derive_keys(this, kcs); - + /* verify AT_MAC attribute, signature is over "EAP packet | NONCE_MT" */ this->signer->set_key(this->signer, this->k_auth); tmp = chunk_cata("cc", in->get_data(in), this->nonce); @@ -697,7 +697,7 @@ static status_t peer_process_challenge(private_eap_sim_t *this, AT_END); return NEED_MORE; } - + /* build response, AT_MAC is built over "EAP packet | n*SRES" */ *out = build_payload(this, identifier, SIM_CHALLENGE, AT_MAC, sreses, @@ -714,7 +714,7 @@ static status_t server_process_challenge(private_eap_sim_t *this, chunk_t message, data; sim_attribute_t attribute; chunk_t mac = chunk_empty, tmp; - + message = in->get_data(in); read_header(&message); @@ -761,7 +761,7 @@ static bool get_provider_triplet(private_eap_sim_t *this, enumerator_t *enumerator; sim_provider_t *provider; int tried = 0; - + enumerator = charon->sim->create_provider_enumerator(charon->sim); while (enumerator->enumerate(enumerator, &provider)) { @@ -789,7 +789,7 @@ static status_t server_process_start(private_eap_sim_t *this, bool supported = FALSE; chunk_t rands, rand, kcs, kc, sreses, sres; int i; - + message = in->get_data(in); read_header(&message); @@ -820,7 +820,7 @@ static status_t server_process_start(private_eap_sim_t *this, DBG1(DBG_IKE, "received incomplete EAP-SIM/Response/Start"); return FAILED; } - + /* read triplets from provider */ rand = rands = chunk_alloca(RAND_LEN * TRIPLET_COUNT); kc = kcs = chunk_alloca(KC_LEN * TRIPLET_COUNT); @@ -843,7 +843,7 @@ static status_t server_process_start(private_eap_sim_t *this, kc = chunk_skip(kc, KC_LEN); } derive_keys(this, kcs); - + /* build MAC over "EAP packet | NONCE_MT" */ *out = build_payload(this, this->identifier++, SIM_CHALLENGE, AT_RAND, rands, AT_MAC, this->nonce, AT_END); @@ -859,7 +859,7 @@ static status_t peer_process_notification(private_eap_sim_t *this, { chunk_t message, data; sim_attribute_t attribute; - + message = in->get_data(in); read_header(&message); @@ -910,7 +910,7 @@ static status_t server_process_client_error(private_eap_sim_t *this, { chunk_t message, data; sim_attribute_t attribute; - + message = in->get_data(in); read_header(&message); @@ -943,10 +943,10 @@ static status_t peer_process(private_eap_sim_t *this, { sim_subtype_t type; chunk_t message; - + message = in->get_data(in); type = read_header(&message); - + switch (type) { case SIM_START: @@ -972,10 +972,10 @@ static status_t server_process(private_eap_sim_t *this, { sim_subtype_t type; chunk_t message; - + message = in->get_data(in); type = read_header(&message); - + switch (type) { case SIM_START: @@ -1070,7 +1070,7 @@ eap_sim_t *eap_sim_create_generic(eap_role_t role, identification_t *server, { private_eap_sim_t *this = malloc_thing(private_eap_sim_t); rng_t *rng; - + this->nonce = chunk_empty; this->sreses = chunk_empty; this->peer = peer->clone(peer); @@ -1086,7 +1086,7 @@ eap_sim_t *eap_sim_create_generic(eap_role_t role, identification_t *server, do { this->identifier = random(); } while (!this->identifier); - + switch (role) { case EAP_SERVER: @@ -1116,7 +1116,7 @@ eap_sim_t *eap_sim_create_generic(eap_role_t role, identification_t *server, this->public.eap_method_interface.is_mutual = (bool(*)(eap_method_t*))is_mutual; this->public.eap_method_interface.get_msk = (status_t(*)(eap_method_t*,chunk_t*))get_msk; this->public.eap_method_interface.destroy = (void(*)(eap_method_t*))destroy; - + this->hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1); this->prf = lib->crypto->create_prf(lib->crypto, PRF_FIPS_SHA1_160); this->signer = lib->crypto->create_signer(lib->crypto, AUTH_HMAC_SHA1_128); @@ -1146,4 +1146,4 @@ eap_sim_t *eap_sim_create_peer(identification_t *server, { return eap_sim_create_generic(EAP_PEER, server, peer); } - + diff --git a/src/charon/plugins/eap_sim/eap_sim_plugin.c b/src/charon/plugins/eap_sim/eap_sim_plugin.c index cf18007c0..6a6878303 100644 --- a/src/charon/plugins/eap_sim/eap_sim_plugin.c +++ b/src/charon/plugins/eap_sim/eap_sim_plugin.c @@ -37,14 +37,14 @@ static void destroy(eap_sim_plugin_t *this) plugin_t *plugin_create() { eap_sim_plugin_t *this = malloc_thing(eap_sim_plugin_t); - + this->plugin.destroy = (void(*)(plugin_t*))destroy; - + charon->eap->add_method(charon->eap, EAP_SIM, 0, EAP_SERVER, (eap_constructor_t)eap_sim_create_server); charon->eap->add_method(charon->eap, EAP_SIM, 0, EAP_PEER, (eap_constructor_t)eap_sim_create_peer); - + return &this->plugin; } diff --git a/src/charon/plugins/eap_sim_file/eap_sim_file_card.c b/src/charon/plugins/eap_sim_file/eap_sim_file_card.c index 7d441ffb2..2a854d367 100644 --- a/src/charon/plugins/eap_sim_file/eap_sim_file_card.c +++ b/src/charon/plugins/eap_sim_file/eap_sim_file_card.c @@ -21,17 +21,17 @@ typedef struct private_eap_sim_file_card_t private_eap_sim_file_card_t; * Private data of an eap_sim_file_card_t object. */ struct private_eap_sim_file_card_t { - + /** * Public eap_sim_file_card_t interface. */ eap_sim_file_card_t public; - + /** * IMSI, is ID_ANY for file implementation */ identification_t *imsi; - + /** * source of triplets */ @@ -49,9 +49,9 @@ static bool get_triplet(private_eap_sim_file_card_t *this, enumerator_t *enumerator; identification_t *id; char *c_rand, *c_sres, *c_kc; - + DBG2(DBG_CFG, "looking for rand: %b", rand, RAND_LEN); - + enumerator = this->triplets->create_enumerator(this->triplets); while (enumerator->enumerate(enumerator, &id, &c_rand, &c_sres, &c_kc)) { @@ -92,15 +92,15 @@ static void destroy(private_eap_sim_file_card_t *this) eap_sim_file_card_t *eap_sim_file_card_create(eap_sim_file_triplets_t *triplets) { private_eap_sim_file_card_t *this = malloc_thing(private_eap_sim_file_card_t); - + this->public.card.get_triplet = (bool(*)(sim_card_t*, char *rand, char *sres, char *kc))get_triplet; this->public.card.get_imsi = (identification_t*(*)(sim_card_t*))get_imsi; this->public.destroy = (void(*)(eap_sim_file_card_t*))destroy; - + /* this SIM card implementation does not have an ID, serve ID_ANY */ this->imsi = identification_create_from_encoding(ID_ANY, chunk_empty); this->triplets = triplets; - + return &this->public; } diff --git a/src/charon/plugins/eap_sim_file/eap_sim_file_card.h b/src/charon/plugins/eap_sim_file/eap_sim_file_card.h index e7160a33b..405fbcea6 100644 --- a/src/charon/plugins/eap_sim_file/eap_sim_file_card.h +++ b/src/charon/plugins/eap_sim_file/eap_sim_file_card.h @@ -36,7 +36,7 @@ struct eap_sim_file_card_t { * Implements sim_card_t interface */ sim_card_t card; - + /** * Destroy a eap_sim_file_card_t. */ diff --git a/src/charon/plugins/eap_sim_file/eap_sim_file_plugin.c b/src/charon/plugins/eap_sim_file/eap_sim_file_plugin.c index eb6fb4c9c..eedaa3060 100644 --- a/src/charon/plugins/eap_sim_file/eap_sim_file_plugin.c +++ b/src/charon/plugins/eap_sim_file/eap_sim_file_plugin.c @@ -28,22 +28,22 @@ typedef struct private_eap_sim_file_t private_eap_sim_file_t; * Private data of an eap_sim_file_t object. */ struct private_eap_sim_file_t { - + /** * Public eap_sim_file_plugin_t interface. */ eap_sim_file_plugin_t public; - + /** * SIM card */ eap_sim_file_card_t *card; - + /** * SIM provider */ eap_sim_file_provider_t *provider; - + /** * Triplet source */ @@ -69,16 +69,16 @@ static void destroy(private_eap_sim_file_t *this) plugin_t *plugin_create() { private_eap_sim_file_t *this = malloc_thing(private_eap_sim_file_t); - + this->public.plugin.destroy = (void(*)(plugin_t*))destroy; - + this->triplets = eap_sim_file_triplets_create(TRIPLET_FILE); this->card = eap_sim_file_card_create(this->triplets); this->provider = eap_sim_file_provider_create(this->triplets); - + charon->sim->add_card(charon->sim, &this->card->card); charon->sim->add_provider(charon->sim, &this->provider->provider); - + return &this->public.plugin; } diff --git a/src/charon/plugins/eap_sim_file/eap_sim_file_provider.c b/src/charon/plugins/eap_sim_file/eap_sim_file_provider.c index 89866ade6..dc55911b8 100644 --- a/src/charon/plugins/eap_sim_file/eap_sim_file_provider.c +++ b/src/charon/plugins/eap_sim_file/eap_sim_file_provider.c @@ -21,12 +21,12 @@ typedef struct private_eap_sim_file_provider_t private_eap_sim_file_provider_t; * Private data of an eap_sim_file_provider_t object. */ struct private_eap_sim_file_provider_t { - + /** * Public eap_sim_file_provider_t interface. */ eap_sim_file_provider_t public; - + /** * source of triplets */ @@ -43,7 +43,7 @@ static bool get_triplet(private_eap_sim_file_provider_t *this, enumerator_t *enumerator; identification_t *id; char *c_rand, *c_sres, *c_kc; - + enumerator = this->triplets->create_enumerator(this->triplets); while (enumerator->enumerate(enumerator, &id, &c_rand, &c_sres, &c_kc)) { @@ -75,12 +75,12 @@ eap_sim_file_provider_t *eap_sim_file_provider_create( eap_sim_file_triplets_t *triplets) { private_eap_sim_file_provider_t *this = malloc_thing(private_eap_sim_file_provider_t); - + this->public.provider.get_triplet = (bool(*)(sim_provider_t*, identification_t *imsi, char rand[16], char sres[4], char kc[8]))get_triplet; this->public.destroy = (void(*)(eap_sim_file_provider_t*))destroy; - + this->triplets = triplets; - + return &this->public; } diff --git a/src/charon/plugins/eap_sim_file/eap_sim_file_provider.h b/src/charon/plugins/eap_sim_file/eap_sim_file_provider.h index ec3bfb469..72f29d51f 100644 --- a/src/charon/plugins/eap_sim_file/eap_sim_file_provider.h +++ b/src/charon/plugins/eap_sim_file/eap_sim_file_provider.h @@ -36,7 +36,7 @@ struct eap_sim_file_provider_t { * Implements sim_provider_t interface. */ sim_provider_t provider; - + /** * Destroy a eap_sim_file_provider_t. */ diff --git a/src/charon/plugins/eap_sim_file/eap_sim_file_triplets.c b/src/charon/plugins/eap_sim_file/eap_sim_file_triplets.c index e27ed6860..b4686bf8f 100644 --- a/src/charon/plugins/eap_sim_file/eap_sim_file_triplets.c +++ b/src/charon/plugins/eap_sim_file/eap_sim_file_triplets.c @@ -28,17 +28,17 @@ typedef struct private_eap_sim_file_triplets_t private_eap_sim_file_triplets_t; * Private data of an eap_sim_file_triplets_t object. */ struct private_eap_sim_file_triplets_t { - + /** * Public eap_sim_file_triplets_t interface. */ eap_sim_file_triplets_t public; - + /** * List of triplets, as triplet_t */ linked_list_t *triplets; - + /** * mutex to lock triplets list */ @@ -103,7 +103,7 @@ static bool enumerator_enumerate(triplet_enumerator_t *e, identification_t **ims char **rand, char **sres, char **kc) { triplet_t *triplet; - + if (e->inner->enumerate(e->inner, &triplet)) { e->current = triplet; @@ -123,14 +123,14 @@ static bool enumerator_enumerate(triplet_enumerator_t *e, identification_t **ims static enumerator_t* create_enumerator(private_eap_sim_file_triplets_t *this) { triplet_enumerator_t *enumerator = malloc_thing(triplet_enumerator_t); - + this->mutex->lock(this->mutex); enumerator->public.enumerate = (void*)enumerator_enumerate; enumerator->public.destroy = (void*)enumerator_destroy; enumerator->inner = this->triplets->create_enumerator(this->triplets); enumerator->current = NULL; enumerator->this = this; - + return &enumerator->public; } @@ -140,7 +140,7 @@ static enumerator_t* create_enumerator(private_eap_sim_file_triplets_t *this) static void parse_token(char *to, char *from, size_t len) { chunk_t chunk; - + chunk = chunk_create(from, min(strlen(from), len * 2)); chunk = chunk_from_hex(chunk, NULL); memset(to, 0, len); @@ -156,22 +156,22 @@ static void read_triplets(private_eap_sim_file_triplets_t *this, char *path) char line[512]; FILE *file; int i, nr = 0; - + file = fopen(path, "r"); if (file == NULL) { - DBG1(DBG_CFG, "opening triplet file %s failed: %s", + DBG1(DBG_CFG, "opening triplet file %s failed: %s", path, strerror(errno)); return; } - + /* read line by line */ while (fgets(line, sizeof(line), file)) { triplet_t *triplet; enumerator_t *enumerator; char *token; - + nr++; /* skip comments, empty lines */ switch (line[0]) @@ -186,7 +186,7 @@ static void read_triplets(private_eap_sim_file_triplets_t *this, char *path) } triplet = malloc_thing(triplet_t); memset(triplet, 0, sizeof(triplet_t)); - + i = 0; enumerator = enumerator_create_token(line, ",", " \n\r#"); while (enumerator->enumerate(enumerator, &token)) @@ -217,15 +217,15 @@ static void read_triplets(private_eap_sim_file_triplets_t *this, char *path) triplet_destroy(triplet); continue; } - + DBG2(DBG_CFG, "triplet: imsi %Y\nrand %b\nsres %b\nkc %b", triplet->imsi, triplet->rand, RAND_LEN, triplet->sres, SRES_LEN, triplet->kc, KC_LEN); - + this->triplets->insert_last(this->triplets, triplet); } fclose(file); - + DBG1(DBG_CFG, "read %d triplets from %s", this->triplets->get_count(this->triplets), path); } @@ -246,15 +246,15 @@ static void destroy(private_eap_sim_file_triplets_t *this) eap_sim_file_triplets_t *eap_sim_file_triplets_create(char *file) { private_eap_sim_file_triplets_t *this = malloc_thing(private_eap_sim_file_triplets_t); - + this->public.create_enumerator = (enumerator_t*(*)(eap_sim_file_triplets_t*))create_enumerator; this->public.destroy = (void(*)(eap_sim_file_triplets_t*))destroy; - + this->triplets = linked_list_create(); this->mutex = mutex_create(MUTEX_TYPE_DEFAULT); - + read_triplets(this, file); - + return &this->public; } diff --git a/src/charon/plugins/kernel_klips/kernel_klips_ipsec.c b/src/charon/plugins/kernel_klips/kernel_klips_ipsec.c index f0362c1a4..0ae0beaef 100644 --- a/src/charon/plugins/kernel_klips/kernel_klips_ipsec.c +++ b/src/charon/plugins/kernel_klips/kernel_klips_ipsec.c @@ -78,7 +78,7 @@ /** the prefix of the name of KLIPS ipsec devices */ #define IPSEC_DEV_PREFIX "ipsec" /** this is the default number of ipsec devices */ -#define DEFAULT_IPSEC_DEV_COUNT 4 +#define DEFAULT_IPSEC_DEV_COUNT 4 /** TRUE if the given name matches an ipsec device */ #define IS_IPSEC_DEV(name) (strneq((name), IPSEC_DEV_PREFIX, sizeof(IPSEC_DEV_PREFIX) - 1)) @@ -108,62 +108,62 @@ struct private_kernel_klips_ipsec_t * Public part of the kernel_klips_t object. */ kernel_klips_ipsec_t public; - + /** * mutex to lock access to various lists */ mutex_t *mutex; - + /** * List of installed policies (policy_entry_t) */ linked_list_t *policies; - + /** * List of allocated SPIs without installed SA (sa_entry_t) */ linked_list_t *allocated_spis; - + /** * List of installed SAs (sa_entry_t) */ linked_list_t *installed_sas; - + /** * whether to install routes along policies */ bool install_routes; - + /** * List of ipsec devices (ipsec_dev_t) */ linked_list_t *ipsec_devices; - + /** * job receiving PF_KEY events */ callback_job_t *job; - + /** * mutex to lock access to the PF_KEY socket */ mutex_t *mutex_pfkey; - + /** * PF_KEY socket to communicate with the kernel */ int socket; - + /** * PF_KEY socket to receive acquire and expire events */ int socket_events; - + /** * sequence number for messages sent to the kernel */ int seq; - + }; @@ -175,10 +175,10 @@ typedef struct ipsec_dev_t ipsec_dev_t; struct ipsec_dev_t { /** name of the virtual ipsec interface */ char name[IFNAMSIZ]; - + /** name of the physical interface */ char phys_name[IFNAMSIZ]; - + /** by how many CHILD_SA's this ipsec device is used */ u_int refcount; }; @@ -229,14 +229,14 @@ static status_t attach_ipsec_dev(char* name, char *phys_name) struct ipsectunnelconf *itc = (struct ipsectunnelconf*)&req.ifr_data; short phys_flags; int mtu; - + DBG2(DBG_KNL, "attaching virtual interface %s to %s", name, phys_name); - + if ((sock = socket(AF_INET, SOCK_DGRAM, 0)) <= 0) { return FAILED; } - + strncpy(req.ifr_name, phys_name, IFNAMSIZ); if (ioctl(sock, SIOCGIFFLAGS, &req) < 0) { @@ -251,18 +251,18 @@ static status_t attach_ipsec_dev(char* name, char *phys_name) close(sock); return FAILED; } - + if (req.ifr_flags & IFF_UP) { /* if it's already up, it is already attached, detach it first */ ioctl(sock, IPSEC_DEL_DEV, &req); } - + /* attach it */ strncpy(req.ifr_name, name, IFNAMSIZ); strncpy(itc->cf_name, phys_name, sizeof(itc->cf_name)); ioctl(sock, IPSEC_SET_DEV, &req); - + /* copy address from physical to virtual */ strncpy(req.ifr_name, phys_name, IFNAMSIZ); if (ioctl(sock, SIOCGIFADDR, &req) == 0) @@ -270,7 +270,7 @@ static status_t attach_ipsec_dev(char* name, char *phys_name) strncpy(req.ifr_name, name, IFNAMSIZ); ioctl(sock, SIOCSIFADDR, &req); } - + /* copy net mask from physical to virtual */ strncpy(req.ifr_name, phys_name, IFNAMSIZ); if (ioctl(sock, SIOCGIFNETMASK, &req) == 0) @@ -278,7 +278,7 @@ static status_t attach_ipsec_dev(char* name, char *phys_name) strncpy(req.ifr_name, name, IFNAMSIZ); ioctl(sock, SIOCSIFNETMASK, &req); } - + /* copy other flags and addresses */ strncpy(req.ifr_name, name, IFNAMSIZ); if (ioctl(sock, SIOCGIFFLAGS, &req) == 0) @@ -288,7 +288,7 @@ static status_t attach_ipsec_dev(char* name, char *phys_name) req.ifr_flags |= IFF_POINTOPOINT; req.ifr_flags &= ~IFF_BROADCAST; ioctl(sock, SIOCSIFFLAGS, &req); - + strncpy(req.ifr_name, phys_name, IFNAMSIZ); if (ioctl(sock, SIOCGIFDSTADDR, &req) == 0) { @@ -301,7 +301,7 @@ static status_t attach_ipsec_dev(char* name, char *phys_name) req.ifr_flags &= ~IFF_POINTOPOINT; req.ifr_flags |= IFF_BROADCAST; ioctl(sock, SIOCSIFFLAGS, &req); - + strncpy(req.ifr_name, phys_name, IFNAMSIZ); if (ioctl(sock, SIOCGIFBRDADDR, &req)==0) { @@ -324,7 +324,7 @@ static status_t attach_ipsec_dev(char* name, char *phys_name) /* guess MTU as physical MTU - ESP overhead [- NAT-T overhead] * ESP overhead : 73 bytes * NAT-T overhead : 8 bytes ==> 81 bytes - * + * * assuming tunnel mode with AES encryption and integrity * outer IP header : 20 bytes * (NAT-T UDP header: 8 bytes) @@ -338,19 +338,19 @@ static status_t attach_ipsec_dev(char* name, char *phys_name) ioctl(sock, SIOCGIFMTU, &req); mtu = req.ifr_mtu - 81; } - + /* set MTU */ strncpy(req.ifr_name, name, IFNAMSIZ); req.ifr_mtu = mtu; ioctl(sock, SIOCSIFMTU, &req); - + /* bring ipsec device UP */ if (ioctl(sock, SIOCGIFFLAGS, &req) == 0) { req.ifr_flags |= IFF_UP; ioctl(sock, SIOCSIFFLAGS, &req); } - + close(sock); return SUCCESS; } @@ -362,37 +362,37 @@ static status_t detach_ipsec_dev(char* name, char *phys_name) { int sock; struct ifreq req; - + DBG2(DBG_KNL, "detaching virtual interface %s from %s", name, strlen(phys_name) ? phys_name : "any physical interface"); - + if ((sock = socket(AF_INET, SOCK_DGRAM, 0)) <= 0) { return FAILED; } - + strncpy(req.ifr_name, name, IFNAMSIZ); if (ioctl(sock, SIOCGIFFLAGS, &req) < 0) { close(sock); return FAILED; } - + /* shutting interface down */ if (req.ifr_flags & IFF_UP) { req.ifr_flags &= ~IFF_UP; ioctl(sock, SIOCSIFFLAGS, &req); } - + /* unset address */ memset(&req.ifr_addr, 0, sizeof(req.ifr_addr)); req.ifr_addr.sa_family = AF_INET; ioctl(sock, SIOCSIFADDR, &req); - + /* detach interface */ ioctl(sock, IPSEC_DEL_DEV, &req); - + close(sock); return SUCCESS; } @@ -415,10 +415,10 @@ typedef struct route_entry_t route_entry_t; struct route_entry_t { /** Name of the interface the route is bound to */ char *if_name; - + /** Source ip of the route */ host_t *src_ip; - + /** Gateway for this route */ host_t *gateway; @@ -447,13 +447,13 @@ typedef struct policy_entry_t policy_entry_t; * installed kernel policy. */ struct policy_entry_t { - + /** reqid of this policy, if setup as trap */ u_int32_t reqid; - + /** direction of this policy: in, out, forward */ u_int8_t direction; - + /** parameters of installed policy */ struct { /** subnet and port */ @@ -463,13 +463,13 @@ struct policy_entry_t { /** protocol */ u_int8_t proto; } src, dst; - + /** associated route installed for this policy */ route_entry_t *route; - + /** by how many CHILD_SA's this policy is actively used */ u_int activecount; - + /** by how many CHILD_SA's this policy is trapped */ u_int trapcount; }; @@ -499,22 +499,22 @@ static bool is_host_in_net(host_t *host, host_t *net, u_int8_t mask) static const u_char bitmask[] = { 0x00, 0x80, 0xc0, 0xe0, 0xf0, 0xf8, 0xfc, 0xfe }; chunk_t host_chunk, net_chunk; int bytes = mask / 8, bits = mask % 8; - + host_chunk = host->get_address(host); net_chunk = net->get_address(net); - + if (host_chunk.len != net_chunk.len) { return FALSE; } - + if (memeq(host_chunk.ptr, net_chunk.ptr, bytes)) { return (bits == 0) || - (host_chunk.ptr[bytes] & bitmask[bits]) == + (host_chunk.ptr[bytes] & bitmask[bits]) == (net_chunk.ptr[bytes] & bitmask[bits]); } - + return FALSE; } @@ -530,15 +530,15 @@ static policy_entry_t *create_policy_entry(traffic_selector_t *src_ts, policy->route = NULL; policy->activecount = 0; policy->trapcount = 0; - + src_ts->to_subnet(src_ts, &policy->src.net, &policy->src.mask); dst_ts->to_subnet(dst_ts, &policy->dst.net, &policy->dst.mask); - + /* src or dest proto may be "any" (0), use more restrictive one */ policy->src.proto = max(src_ts->get_protocol(src_ts), dst_ts->get_protocol(dst_ts)); - policy->src.proto = policy->src.proto ? policy->src.proto : 0; + policy->src.proto = policy->src.proto ? policy->src.proto : 0; policy->dst.proto = policy->src.proto; - + return policy; } @@ -585,25 +585,25 @@ typedef struct sa_entry_t sa_entry_t; * - installed inbound SAs with enabled UDP encapsulation */ struct sa_entry_t { - + /** protocol of this SA */ protocol_id_t protocol; - + /** reqid of this SA */ u_int32_t reqid; - + /** SPI of this SA */ u_int32_t spi; - + /** src address of this SA */ host_t *src; - + /** dst address of this SA */ host_t *dst; - + /** TRUE if this SA uses UDP encapsulation */ bool encap; - + /** TRUE if this SA is inbound */ bool inbound; }; @@ -672,8 +672,8 @@ struct pfkey_msg_t * PF_KEY message base */ struct sadb_msg *msg; - - + + /** * PF_KEY message extensions */ @@ -761,7 +761,7 @@ struct kernel_algorithm_t { * Identifier specified in IKEv2 */ int ikev2; - + /** * Identifier as defined in pfkeyv2.h */ @@ -884,7 +884,7 @@ static void add_encap_ext(struct sadb_msg *msg, host_t *src, host_t *dst, { struct sadb_x_nat_t_type* nat_type; struct sadb_x_nat_t_port* nat_port; - + if (!ports_only) { nat_type = (struct sadb_x_nat_t_type*)PFKEY_EXT_ADD_NEXT(msg); @@ -893,13 +893,13 @@ static void add_encap_ext(struct sadb_msg *msg, host_t *src, host_t *dst, nat_type->sadb_x_nat_t_type_type = UDP_ENCAP_ESPINUDP; PFKEY_EXT_ADD(msg, nat_type); } - + nat_port = (struct sadb_x_nat_t_port*)PFKEY_EXT_ADD_NEXT(msg); nat_port->sadb_x_nat_t_port_exttype = SADB_X_EXT_NAT_T_SPORT; nat_port->sadb_x_nat_t_port_len = PFKEY_LEN(sizeof(struct sadb_x_nat_t_port)); nat_port->sadb_x_nat_t_port_port = src->get_port(src); PFKEY_EXT_ADD(msg, nat_port); - + nat_port = (struct sadb_x_nat_t_port*)PFKEY_EXT_ADD_NEXT(msg); nat_port->sadb_x_nat_t_port_exttype = SADB_X_EXT_NAT_T_DPORT; nat_port->sadb_x_nat_t_port_len = PFKEY_LEN(sizeof(struct sadb_x_nat_t_port)); @@ -917,19 +917,19 @@ static void build_addflow(struct sadb_msg *msg, u_int8_t satype, u_int32_t spi, struct sadb_sa *sa; struct sadb_protocol *proto; host_t *host; - + msg->sadb_msg_version = PF_KEY_V2; msg->sadb_msg_type = SADB_X_ADDFLOW; msg->sadb_msg_satype = satype; msg->sadb_msg_len = PFKEY_LEN(sizeof(struct sadb_msg)); - + sa = (struct sadb_sa*)PFKEY_EXT_ADD_NEXT(msg); sa->sadb_sa_exttype = SADB_EXT_SA; sa->sadb_sa_spi = spi; sa->sadb_sa_len = PFKEY_LEN(sizeof(struct sadb_sa)); sa->sadb_sa_flags = replace ? SADB_X_SAFLAGS_REPLACEFLOW : 0; PFKEY_EXT_ADD(msg, sa); - + if (!src) { add_anyaddr_ext(msg, src_net->get_family(src_net), SADB_EXT_ADDRESS_SRC); @@ -938,7 +938,7 @@ static void build_addflow(struct sadb_msg *msg, u_int8_t satype, u_int32_t spi, { add_addr_ext(msg, src, SADB_EXT_ADDRESS_SRC); } - + if (!dst) { add_anyaddr_ext(msg, dst_net->get_family(dst_net), SADB_EXT_ADDRESS_DST); @@ -947,18 +947,18 @@ static void build_addflow(struct sadb_msg *msg, u_int8_t satype, u_int32_t spi, { add_addr_ext(msg, dst, SADB_EXT_ADDRESS_DST); } - + add_addr_ext(msg, src_net, SADB_X_EXT_ADDRESS_SRC_FLOW); add_addr_ext(msg, dst_net, SADB_X_EXT_ADDRESS_DST_FLOW); - + host = mask2host(src_net->get_family(src_net), src_mask); add_addr_ext(msg, host, SADB_X_EXT_ADDRESS_SRC_MASK); host->destroy(host); - + host = mask2host(dst_net->get_family(dst_net), dst_mask); add_addr_ext(msg, host, SADB_X_EXT_ADDRESS_DST_MASK); host->destroy(host); - + proto = (struct sadb_protocol*)PFKEY_EXT_ADD_NEXT(msg); proto->sadb_protocol_exttype = SADB_X_EXT_PROTOCOL; proto->sadb_protocol_len = PFKEY_LEN(sizeof(struct sadb_protocol)); @@ -975,25 +975,25 @@ static void build_delflow(struct sadb_msg *msg, u_int8_t satype, { struct sadb_protocol *proto; host_t *host; - + msg->sadb_msg_version = PF_KEY_V2; msg->sadb_msg_type = SADB_X_DELFLOW; msg->sadb_msg_satype = satype; msg->sadb_msg_len = PFKEY_LEN(sizeof(struct sadb_msg)); - + add_addr_ext(msg, src_net, SADB_X_EXT_ADDRESS_SRC_FLOW); add_addr_ext(msg, dst_net, SADB_X_EXT_ADDRESS_DST_FLOW); - + host = mask2host(src_net->get_family(src_net), src_mask); add_addr_ext(msg, host, SADB_X_EXT_ADDRESS_SRC_MASK); host->destroy(host); - + host = mask2host(dst_net->get_family(dst_net), dst_mask); add_addr_ext(msg, host, SADB_X_EXT_ADDRESS_DST_MASK); host->destroy(host); - + proto = (struct sadb_protocol*)PFKEY_EXT_ADD_NEXT(msg); proto->sadb_protocol_exttype = SADB_X_EXT_PROTOCOL; proto->sadb_protocol_len = PFKEY_LEN(sizeof(struct sadb_protocol)); @@ -1008,15 +1008,15 @@ static status_t parse_pfkey_message(struct sadb_msg *msg, pfkey_msg_t *out) { struct sadb_ext* ext; size_t len; - + memset(out, 0, sizeof(pfkey_msg_t)); out->msg = msg; - + len = msg->sadb_msg_len; len -= PFKEY_LEN(sizeof(struct sadb_msg)); - + ext = (struct sadb_ext*)(((char*)msg) + sizeof(struct sadb_msg)); - + while (len >= PFKEY_LEN(sizeof(struct sadb_ext))) { if (ext->sadb_ext_len < PFKEY_LEN(sizeof(struct sadb_ext)) || @@ -1025,19 +1025,19 @@ static status_t parse_pfkey_message(struct sadb_msg *msg, pfkey_msg_t *out) DBG1(DBG_KNL, "length of PF_KEY extension (%d) is invalid", ext->sadb_ext_type); break; } - + if ((ext->sadb_ext_type > SADB_EXT_MAX) || (!ext->sadb_ext_type)) { DBG1(DBG_KNL, "type of PF_KEY extension (%d) is invalid", ext->sadb_ext_type); break; } - + if (out->ext[ext->sadb_ext_type]) { - DBG1(DBG_KNL, "duplicate PF_KEY extension of type (%d)", ext->sadb_ext_type); + DBG1(DBG_KNL, "duplicate PF_KEY extension of type (%d)", ext->sadb_ext_type); break; } - + out->ext[ext->sadb_ext_type] = ext; ext = PFKEY_EXT_NEXT_LEN(ext, len); } @@ -1047,7 +1047,7 @@ static status_t parse_pfkey_message(struct sadb_msg *msg, pfkey_msg_t *out) DBG1(DBG_KNL, "PF_KEY message length is invalid"); return FAILED; } - + return SUCCESS; } @@ -1060,7 +1060,7 @@ static status_t pfkey_send_socket(private_kernel_klips_ipsec_t *this, int socket unsigned char buf[PFKEY_BUFFER_SIZE]; struct sadb_msg *msg; int in_len, len; - + this->mutex_pfkey->lock(this->mutex_pfkey); in->sadb_msg_seq = ++this->seq; @@ -1093,13 +1093,13 @@ static status_t pfkey_send_socket(private_kernel_klips_ipsec_t *this, int socket } break; } - + while (TRUE) - { + { msg = (struct sadb_msg*)buf; - + len = recv(socket, buf, sizeof(buf), 0); - + if (len < 0) { if (errno == EINTR) @@ -1149,13 +1149,13 @@ static status_t pfkey_send_socket(private_kernel_klips_ipsec_t *this, int socket } break; } - + *out_len = len; *out = (struct sadb_msg*)malloc(len); memcpy(*out, buf, len); - + this->mutex_pfkey->unlock(this->mutex_pfkey); - + return SUCCESS; } @@ -1175,7 +1175,7 @@ static status_t pfkey_send_ack(private_kernel_klips_ipsec_t *this, struct sadb_m { struct sadb_msg *out; size_t len; - + if (pfkey_send(this, in, &out, &len) != SUCCESS) { return FAILED; @@ -1200,12 +1200,12 @@ static status_t add_eroute(private_kernel_klips_ipsec_t *this, u_int8_t satype, { unsigned char request[PFKEY_BUFFER_SIZE]; struct sadb_msg *msg = (struct sadb_msg*)request; - + memset(&request, 0, sizeof(request)); - + build_addflow(msg, satype, spi, src, dst, src_net, src_mask, dst_net, dst_mask, protocol, replace); - + return pfkey_send_ack(this, msg); } @@ -1218,11 +1218,11 @@ static status_t del_eroute(private_kernel_klips_ipsec_t *this, u_int8_t satype, { unsigned char request[PFKEY_BUFFER_SIZE]; struct sadb_msg *msg = (struct sadb_msg*)request; - + memset(&request, 0, sizeof(request)); - + build_delflow(msg, satype, src_net, src_mask, dst_net, dst_mask, protocol); - + return pfkey_send_ack(this, msg); } @@ -1237,7 +1237,7 @@ static void process_acquire(private_kernel_klips_ipsec_t *this, struct sadb_msg* u_int8_t proto; policy_entry_t *policy; job_t *job; - + switch (msg->sadb_msg_satype) { case SADB_SATYPE_UNSPEC: @@ -1248,13 +1248,13 @@ static void process_acquire(private_kernel_klips_ipsec_t *this, struct sadb_msg* /* acquire for AH/ESP only */ return; } - + if (parse_pfkey_message(msg, &response) != SUCCESS) { DBG1(DBG_KNL, "parsing SADB_ACQUIRE from kernel failed"); return; } - + /* KLIPS provides us only with the source and destination address, * and the transport protocol of the packet that triggered the policy. * we use this information to find a matching policy in our cache. @@ -1269,7 +1269,7 @@ static void process_acquire(private_kernel_klips_ipsec_t *this, struct sadb_msg* DBG1(DBG_KNL, "received an SADB_ACQUIRE with invalid hosts"); return; } - + DBG2(DBG_KNL, "received an SADB_ACQUIRE for %H == %H : %d", src, dst, proto); this->mutex->lock(this->mutex); if (this->policies->find_first(this->policies, @@ -1286,17 +1286,17 @@ static void process_acquire(private_kernel_klips_ipsec_t *this, struct sadb_msg* DBG1(DBG_KNL, "received an SADB_ACQUIRE, but policy is not routed anymore"); return; } - + /* add a broad %hold eroute that replaces the %trap eroute */ add_eroute(this, SADB_X_SATYPE_INT, htonl(SPI_HOLD), NULL, NULL, policy->src.net, policy->src.mask, policy->dst.net, policy->dst.mask, policy->src.proto, TRUE); - + /* remove the narrow %hold eroute installed by KLIPS */ del_eroute(this, SADB_X_SATYPE_INT, src, 32, dst, 32, proto); - + this->mutex->unlock(this->mutex); - + DBG2(DBG_KNL, "received an SADB_ACQUIRE"); DBG1(DBG_KNL, "creating acquire job for CHILD_SA with reqid {%d}", reqid); job = (job_t*)acquire_job_create(reqid, NULL, NULL); @@ -1312,23 +1312,23 @@ static void process_mapping(private_kernel_klips_ipsec_t *this, struct sadb_msg* u_int32_t spi, reqid; host_t *old_src, *new_src; job_t *job; - + DBG2(DBG_KNL, "received an SADB_X_NAT_T_NEW_MAPPING"); - + if (parse_pfkey_message(msg, &response) != SUCCESS) { DBG1(DBG_KNL, "parsing SADB_X_NAT_T_NEW_MAPPING from kernel failed"); return; } - + spi = response.sa->sadb_sa_spi; - + if (proto_satype2ike(msg->sadb_msg_satype) == PROTO_ESP) { sa_entry_t *sa; sockaddr_t *addr = (sockaddr_t*)(response.src + 1); old_src = host_create_from_sockaddr(addr); - + this->mutex->lock(this->mutex); if (!old_src || this->installed_sas->find_first(this->installed_sas, (linked_list_match_t)sa_entry_match_encapbysrc, @@ -1340,7 +1340,7 @@ static void process_mapping(private_kernel_klips_ipsec_t *this, struct sadb_msg* } reqid = sa->reqid; this->mutex->unlock(this->mutex); - + addr = (sockaddr_t*)(response.dst + 1); switch (addr->sa_family) { @@ -1352,7 +1352,7 @@ static void process_mapping(private_kernel_klips_ipsec_t *this, struct sadb_msg* case AF_INET6: { struct sockaddr_in6 *sin6 = (struct sockaddr_in6*)addr; - sin6->sin6_port = htons(response.x_natt_dport->sadb_x_nat_t_port_port); + sin6->sin6_port = htons(response.x_natt_dport->sadb_x_nat_t_port_port); } default: break; @@ -1376,11 +1376,11 @@ static job_requeue_t receive_events(private_kernel_klips_ipsec_t *this) unsigned char buf[PFKEY_BUFFER_SIZE]; struct sadb_msg *msg = (struct sadb_msg*)buf; int len, oldstate; - + pthread_setcancelstate(PTHREAD_CANCEL_ENABLE, &oldstate); len = recv(this->socket_events, buf, sizeof(buf), 0); pthread_setcancelstate(oldstate, NULL); - + if (len < 0) { switch (errno) @@ -1397,7 +1397,7 @@ static job_requeue_t receive_events(private_kernel_klips_ipsec_t *this) return JOB_REQUEUE_FAIR; } } - + if (len < sizeof(struct sadb_msg) || msg->sadb_msg_len < PFKEY_LEN(sizeof(struct sadb_msg))) { @@ -1413,7 +1413,7 @@ static job_requeue_t receive_events(private_kernel_klips_ipsec_t *this) DBG1(DBG_KNL, "buffer was too small to receive the complete PF_KEY message"); return JOB_REQUEUE_DIRECT; } - + switch (msg->sadb_msg_type) { case SADB_ACQUIRE: @@ -1433,7 +1433,7 @@ static job_requeue_t receive_events(private_kernel_klips_ipsec_t *this) default: break; } - + return JOB_REQUEUE_DIRECT; } @@ -1473,11 +1473,11 @@ static job_requeue_t sa_expires(sa_expire_t *expire) sa_entry_t *cached_sa; linked_list_t *list; job_t *job; - + /* for an expired SPI we first check whether the CHILD_SA got installed * in the meantime, for expired SAs we check whether they are still installed */ list = expire->type == EXPIRE_TYPE_SPI ? this->allocated_spis : this->installed_sas; - + this->mutex->lock(this->mutex); if (list->find_first(list, (linked_list_match_t)sa_entry_match_byid, (void**)&cached_sa, &protocol, &spi, &reqid) != SUCCESS) @@ -1494,10 +1494,10 @@ static job_requeue_t sa_expires(sa_expire_t *expire) sa_entry_destroy(cached_sa); } this->mutex->unlock(this->mutex); - + DBG2(DBG_KNL, "%N CHILD_SA with SPI %.8x and reqid {%d} expired", protocol_id_names, protocol, ntohl(spi), reqid); - + DBG1(DBG_KNL, "creating %s job for %N CHILD_SA with SPI %.8x and reqid {%d}", hard ? "delete" : "rekey", protocol_id_names, protocol, ntohl(spi), reqid); @@ -1514,7 +1514,7 @@ static job_requeue_t sa_expires(sa_expire_t *expire) } /** - * Schedule an expire job for an SA. Time is in seconds. + * Schedule an expire job for an SA. Time is in seconds. */ static void schedule_expire(private_kernel_klips_ipsec_t *this, protocol_id_t protocol, u_int32_t spi, @@ -1534,8 +1534,8 @@ static void schedule_expire(private_kernel_klips_ipsec_t *this, /** * Implementation of kernel_interface_t.get_spi. */ -static status_t get_spi(private_kernel_klips_ipsec_t *this, - host_t *src, host_t *dst, +static status_t get_spi(private_kernel_klips_ipsec_t *this, + host_t *src, host_t *dst, protocol_id_t protocol, u_int32_t reqid, u_int32_t *spi) { @@ -1545,7 +1545,7 @@ static status_t get_spi(private_kernel_klips_ipsec_t *this, */ rng_t *rng; u_int32_t spi_gen; - + rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK); if (!rng) { @@ -1554,29 +1554,29 @@ static status_t get_spi(private_kernel_klips_ipsec_t *this, } rng->get_bytes(rng, sizeof(spi_gen), (void*)&spi_gen); rng->destroy(rng); - + /* charon's SPIs lie within the range from 0xc0000000 to 0xcFFFFFFF */ spi_gen = 0xc0000000 | (spi_gen & 0x0FFFFFFF); - + DBG2(DBG_KNL, "allocated SPI %.8x for %N SA between %#H..%#H", spi_gen, protocol_id_names, protocol, src, dst); - + *spi = htonl(spi_gen); - + this->mutex->lock(this->mutex); this->allocated_spis->insert_last(this->allocated_spis, create_sa_entry(protocol, *spi, reqid, NULL, NULL, FALSE, TRUE)); this->mutex->unlock(this->mutex); schedule_expire(this, protocol, *spi, reqid, EXPIRE_TYPE_SPI, SPI_TIMEOUT); - + return SUCCESS; } /** * Implementation of kernel_interface_t.get_cpi. */ -static status_t get_cpi(private_kernel_klips_ipsec_t *this, - host_t *src, host_t *dst, +static status_t get_cpi(private_kernel_klips_ipsec_t *this, + host_t *src, host_t *dst, u_int32_t reqid, u_int16_t *cpi) { return FAILED; @@ -1592,27 +1592,27 @@ static status_t add_ipip_sa(private_kernel_klips_ipsec_t *this, struct sadb_msg *msg, *out; struct sadb_sa *sa; size_t len; - + memset(&request, 0, sizeof(request)); - + DBG2(DBG_KNL, "adding pseudo IPIP SA with SPI %.8x and reqid {%d}", ntohl(spi), reqid); - + msg = (struct sadb_msg*)request; msg->sadb_msg_version = PF_KEY_V2; msg->sadb_msg_type = SADB_ADD; msg->sadb_msg_satype = SADB_X_SATYPE_IPIP; msg->sadb_msg_len = PFKEY_LEN(sizeof(struct sadb_msg)); - + sa = (struct sadb_sa*)PFKEY_EXT_ADD_NEXT(msg); sa->sadb_sa_exttype = SADB_EXT_SA; sa->sadb_sa_len = PFKEY_LEN(sizeof(struct sadb_sa)); sa->sadb_sa_spi = spi; sa->sadb_sa_state = SADB_SASTATE_MATURE; PFKEY_EXT_ADD(msg, sa); - + add_addr_ext(msg, src, SADB_EXT_ADDRESS_SRC); add_addr_ext(msg, dst, SADB_EXT_ADDRESS_DST); - + if (pfkey_send(this, msg, &out, &len) != SUCCESS) { DBG1(DBG_KNL, "unable to add pseudo IPIP SA with SPI %.8x", ntohl(spi)); @@ -1625,7 +1625,7 @@ static status_t add_ipip_sa(private_kernel_klips_ipsec_t *this, free(out); return FAILED; } - + free(out); return SUCCESS; } @@ -1642,41 +1642,41 @@ static status_t group_ipip_sa(private_kernel_klips_ipsec_t *this, struct sadb_sa *sa; struct sadb_x_satype *satype; size_t len; - + memset(&request, 0, sizeof(request)); - + DBG2(DBG_KNL, "grouping SAs with SPI %.8x and reqid {%d}", ntohl(spi), reqid); - + msg = (struct sadb_msg*)request; msg->sadb_msg_version = PF_KEY_V2; msg->sadb_msg_type = SADB_X_GRPSA; msg->sadb_msg_satype = SADB_X_SATYPE_IPIP; msg->sadb_msg_len = PFKEY_LEN(sizeof(struct sadb_msg)); - + sa = (struct sadb_sa*)PFKEY_EXT_ADD_NEXT(msg); sa->sadb_sa_exttype = SADB_EXT_SA; sa->sadb_sa_len = PFKEY_LEN(sizeof(struct sadb_sa)); sa->sadb_sa_spi = spi; sa->sadb_sa_state = SADB_SASTATE_MATURE; PFKEY_EXT_ADD(msg, sa); - + add_addr_ext(msg, dst, SADB_EXT_ADDRESS_DST); - + satype = (struct sadb_x_satype*)PFKEY_EXT_ADD_NEXT(msg); satype->sadb_x_satype_exttype = SADB_X_EXT_SATYPE2; satype->sadb_x_satype_len = PFKEY_LEN(sizeof(struct sadb_x_satype)); satype->sadb_x_satype_satype = proto_ike2satype(protocol); PFKEY_EXT_ADD(msg, satype); - + sa = (struct sadb_sa*)PFKEY_EXT_ADD_NEXT(msg); sa->sadb_sa_exttype = SADB_X_EXT_SA2; sa->sadb_sa_len = PFKEY_LEN(sizeof(struct sadb_sa)); sa->sadb_sa_spi = spi; sa->sadb_sa_state = SADB_SASTATE_MATURE; PFKEY_EXT_ADD(msg, sa); - + add_addr_ext(msg, dst, SADB_X_EXT_ADDRESS_DST2); - + if (pfkey_send(this, msg, &out, &len) != SUCCESS) { DBG1(DBG_KNL, "unable to group SAs with SPI %.8x", ntohl(spi)); @@ -1689,7 +1689,7 @@ static status_t group_ipip_sa(private_kernel_klips_ipsec_t *this, free(out); return FAILED; } - + free(out); return SUCCESS; } @@ -1711,7 +1711,7 @@ static status_t add_sa(private_kernel_klips_ipsec_t *this, struct sadb_sa *sa; struct sadb_key *key; size_t len; - + if (inbound) { /* for inbound SAs we allocated an SPI via get_spi, so we first check @@ -1733,17 +1733,17 @@ static status_t add_sa(private_kernel_klips_ipsec_t *this, } this->mutex->unlock(this->mutex); } - + memset(&request, 0, sizeof(request)); - + DBG2(DBG_KNL, "adding SAD entry with SPI %.8x and reqid {%d}", ntohl(spi), reqid); - + msg = (struct sadb_msg*)request; msg->sadb_msg_version = PF_KEY_V2; msg->sadb_msg_type = SADB_ADD; msg->sadb_msg_satype = proto_ike2satype(protocol); msg->sadb_msg_len = PFKEY_LEN(sizeof(struct sadb_msg)); - + sa = (struct sadb_sa*)PFKEY_EXT_ADD_NEXT(msg); sa->sadb_sa_exttype = SADB_EXT_SA; sa->sadb_sa_len = PFKEY_LEN(sizeof(struct sadb_sa)); @@ -1753,10 +1753,10 @@ static status_t add_sa(private_kernel_klips_ipsec_t *this, sa->sadb_sa_auth = lookup_algorithm(integrity_algs, int_alg); sa->sadb_sa_encrypt = lookup_algorithm(encryption_algs, enc_alg); PFKEY_EXT_ADD(msg, sa); - + add_addr_ext(msg, src, SADB_EXT_ADDRESS_SRC); add_addr_ext(msg, dst, SADB_EXT_ADDRESS_DST); - + if (enc_alg != ENCR_UNDEFINED) { if (!sa->sadb_sa_encrypt) @@ -1767,16 +1767,16 @@ static status_t add_sa(private_kernel_klips_ipsec_t *this, } DBG2(DBG_KNL, " using encryption algorithm %N with key size %d", encryption_algorithm_names, enc_alg, enc_key.len * 8); - + key = (struct sadb_key*)PFKEY_EXT_ADD_NEXT(msg); key->sadb_key_exttype = SADB_EXT_KEY_ENCRYPT; key->sadb_key_bits = enc_key.len * 8; key->sadb_key_len = PFKEY_LEN(sizeof(struct sadb_key) + enc_key.len); memcpy(key + 1, enc_key.ptr, enc_key.len); - + PFKEY_EXT_ADD(msg, key); } - + if (int_alg != AUTH_UNDEFINED) { if (!sa->sadb_sa_auth) @@ -1787,26 +1787,26 @@ static status_t add_sa(private_kernel_klips_ipsec_t *this, } DBG2(DBG_KNL, " using integrity algorithm %N with key size %d", integrity_algorithm_names, int_alg, int_key.len * 8); - + key = (struct sadb_key*)PFKEY_EXT_ADD_NEXT(msg); key->sadb_key_exttype = SADB_EXT_KEY_AUTH; key->sadb_key_bits = int_key.len * 8; key->sadb_key_len = PFKEY_LEN(sizeof(struct sadb_key) + int_key.len); memcpy(key + 1, int_key.ptr, int_key.len); - + PFKEY_EXT_ADD(msg, key); } - + if (ipcomp != IPCOMP_NONE) { /*TODO*/ } - + if (encap) { add_encap_ext(msg, src, dst, FALSE); } - + if (pfkey_send(this, msg, &out, &len) != SUCCESS) { DBG1(DBG_KNL, "unable to add SAD entry with SPI %.8x", ntohl(spi)); @@ -1820,7 +1820,7 @@ static status_t add_sa(private_kernel_klips_ipsec_t *this, return FAILED; } free(out); - + /* for tunnel mode SAs we have to install an additional IPIP SA and * group the two SAs together */ if (mode == MODE_TUNNEL) @@ -1832,7 +1832,7 @@ static status_t add_sa(private_kernel_klips_ipsec_t *this, return FAILED; } } - + this->mutex->lock(this->mutex); /* we cache this SA for two reasons: * - in case an SADB_X_NAT_T_MAPPING_NEW event occurs (we need to find the reqid then) @@ -1840,7 +1840,7 @@ static status_t add_sa(private_kernel_klips_ipsec_t *this, this->installed_sas->insert_last(this->installed_sas, create_sa_entry(protocol, spi, reqid, src, dst, encap, inbound)); this->mutex->unlock(this->mutex); - + /* Although KLIPS supports SADB_EXT_LIFETIME_SOFT/HARD, we handle the lifetime * of SAs manually in the plugin. Refer to the comments in receive_events() * for details. */ @@ -1848,12 +1848,12 @@ static status_t add_sa(private_kernel_klips_ipsec_t *this, { schedule_expire(this, protocol, spi, reqid, EXPIRE_TYPE_SOFT, lifetime->time.rekey); } - + if (lifetime->time.life) { schedule_expire(this, protocol, spi, reqid, EXPIRE_TYPE_HARD, lifetime->time.life); } - + return SUCCESS; } @@ -1870,7 +1870,7 @@ static status_t update_sa(private_kernel_klips_ipsec_t *this, struct sadb_msg *msg, *out; struct sadb_sa *sa; size_t len; - + /* we can't update the SA if any of the ip addresses have changed. * that's because we can't use SADB_UPDATE and by deleting and readding the * SA the sequence numbers would get lost */ @@ -1881,7 +1881,7 @@ static status_t update_sa(private_kernel_klips_ipsec_t *this, " are not supported", ntohl(spi)); return NOT_SUPPORTED; } - + /* because KLIPS does not allow us to change the NAT-T type in an SADB_UPDATE, * we can't update the SA if the encap flag has changed since installing it */ if (encap != new_encap) @@ -1890,18 +1890,18 @@ static status_t update_sa(private_kernel_klips_ipsec_t *this, " encapsulation is not supported", ntohl(spi)); return NOT_SUPPORTED; } - + DBG2(DBG_KNL, "updating SAD entry with SPI %.8x from %#H..%#H to %#H..%#H", ntohl(spi), src, dst, new_src, new_dst); - + memset(&request, 0, sizeof(request)); - + msg = (struct sadb_msg*)request; msg->sadb_msg_version = PF_KEY_V2; msg->sadb_msg_type = SADB_UPDATE; msg->sadb_msg_satype = proto_ike2satype(protocol); msg->sadb_msg_len = PFKEY_LEN(sizeof(struct sadb_msg)); - + sa = (struct sadb_sa*)PFKEY_EXT_ADD_NEXT(msg); sa->sadb_sa_exttype = SADB_EXT_SA; sa->sadb_sa_len = PFKEY_LEN(sizeof(struct sadb_sa)); @@ -1910,12 +1910,12 @@ static status_t update_sa(private_kernel_klips_ipsec_t *this, sa->sadb_sa_auth = SADB_AALG_SHA1HMAC; /* ignored */ sa->sadb_sa_state = SADB_SASTATE_MATURE; PFKEY_EXT_ADD(msg, sa); - + add_addr_ext(msg, src, SADB_EXT_ADDRESS_SRC); add_addr_ext(msg, dst, SADB_EXT_ADDRESS_DST); - + add_encap_ext(msg, new_src, new_dst, TRUE); - + if (pfkey_send(this, msg, &out, &len) != SUCCESS) { DBG1(DBG_KNL, "unable to update SAD entry with SPI %.8x", ntohl(spi)); @@ -1929,7 +1929,7 @@ static status_t update_sa(private_kernel_klips_ipsec_t *this, return FAILED; } free(out); - + return SUCCESS; } @@ -1955,13 +1955,13 @@ static status_t del_sa(private_kernel_klips_ipsec_t *this, host_t *src, struct sadb_sa *sa; sa_entry_t *cached_sa; size_t len; - + memset(&request, 0, sizeof(request)); - + /* all grouped SAs are automatically deleted by KLIPS as soon as * one of them is deleted, therefore we delete only the main one */ DBG2(DBG_KNL, "deleting SAD entry with SPI %.8x", ntohl(spi)); - + this->mutex->lock(this->mutex); /* this should not fail, but we don't care if it does, let the kernel decide * whether this SA exists or not */ @@ -1973,24 +1973,24 @@ static status_t del_sa(private_kernel_klips_ipsec_t *this, host_t *src, sa_entry_destroy(cached_sa); } this->mutex->unlock(this->mutex); - + msg = (struct sadb_msg*)request; msg->sadb_msg_version = PF_KEY_V2; msg->sadb_msg_type = SADB_DELETE; msg->sadb_msg_satype = proto_ike2satype(protocol); msg->sadb_msg_len = PFKEY_LEN(sizeof(struct sadb_msg)); - + sa = (struct sadb_sa*)PFKEY_EXT_ADD_NEXT(msg); sa->sadb_sa_exttype = SADB_EXT_SA; sa->sadb_sa_len = PFKEY_LEN(sizeof(struct sadb_sa)); sa->sadb_sa_spi = spi; PFKEY_EXT_ADD(msg, sa); - + /* the kernel wants an SADB_EXT_ADDRESS_SRC to be present even though * it is not used for anything. */ add_anyaddr_ext(msg, dst->get_family(dst), SADB_EXT_ADDRESS_SRC); add_addr_ext(msg, dst, SADB_EXT_ADDRESS_DST); - + if (pfkey_send(this, msg, &out, &len) != SUCCESS) { DBG1(DBG_KNL, "unable to delete SAD entry with SPI %.8x", ntohl(spi)); @@ -2003,7 +2003,7 @@ static status_t del_sa(private_kernel_klips_ipsec_t *this, host_t *src, free(out); return FAILED; } - + DBG2(DBG_KNL, "deleted SAD entry with SPI %.8x", ntohl(spi)); free(out); return SUCCESS; @@ -2012,7 +2012,7 @@ static status_t del_sa(private_kernel_klips_ipsec_t *this, host_t *src, /** * Implementation of kernel_interface_t.add_policy. */ -static status_t add_policy(private_kernel_klips_ipsec_t *this, +static status_t add_policy(private_kernel_klips_ipsec_t *this, host_t *src, host_t *dst, traffic_selector_t *src_ts, traffic_selector_t *dst_ts, @@ -2025,21 +2025,21 @@ static status_t add_policy(private_kernel_klips_ipsec_t *this, struct sadb_msg *msg, *out; policy_entry_t *policy, *found = NULL; u_int8_t satype; - size_t len; - + size_t len; + if (direction == POLICY_FWD) { /* no forward policies for KLIPS */ return SUCCESS; } - + /* tunnel mode policies direct the packets into the pseudo IPIP SA */ satype = (mode == MODE_TUNNEL) ? SADB_X_SATYPE_IPIP : proto_ike2satype(protocol); - + /* create a policy */ policy = create_policy_entry(src_ts, dst_ts, direction); - + /* find a matching policy */ this->mutex->lock(this->mutex); if (this->policies->find_first(this->policies, @@ -2057,21 +2057,21 @@ static status_t add_policy(private_kernel_klips_ipsec_t *this, /* apply the new one, if we have no such policy */ this->policies->insert_last(this->policies, policy); } - + if (routed) { /* we install this as a %trap eroute in the kernel, later to be * triggered by packets matching the policy (-> ACQUIRE). */ spi = htonl(SPI_TRAP); satype = SADB_X_SATYPE_INT; - + /* the reqid is always set to the latest child SA that trapped this * policy. we will need this reqid upon receiving an acquire. */ policy->reqid = reqid; - + /* increase the trap counter */ policy->trapcount++; - + if (policy->activecount) { /* we do not replace the current policy in the kernel while a @@ -2085,21 +2085,21 @@ static status_t add_policy(private_kernel_klips_ipsec_t *this, /* increase the reference counter */ policy->activecount++; } - + DBG2(DBG_KNL, "adding policy %R === %R %N", src_ts, dst_ts, policy_dir_names, direction); - + memset(&request, 0, sizeof(request)); - + msg = (struct sadb_msg*)request; - + /* FIXME: SADB_X_SAFLAGS_INFLOW may be required, if we add an inbound policy for an IPIP SA */ build_addflow(msg, satype, spi, routed ? NULL : src, routed ? NULL : dst, policy->src.net, policy->src.mask, policy->dst.net, policy->dst.mask, policy->src.proto, found != NULL); - + this->mutex->unlock(this->mutex); - + if (pfkey_send(this, msg, &out, &len) != SUCCESS) { DBG1(DBG_KNL, "unable to add policy %R === %R %N", src_ts, dst_ts, @@ -2115,9 +2115,9 @@ static status_t add_policy(private_kernel_klips_ipsec_t *this, return FAILED; } free(out); - + this->mutex->lock(this->mutex); - + /* we try to find the policy again and install the route if needed */ if (this->policies->find_last(this->policies, NULL, (void**)&policy) != SUCCESS) { @@ -2126,7 +2126,7 @@ static status_t add_policy(private_kernel_klips_ipsec_t *this, src_ts, dst_ts, policy_dir_names, direction); return SUCCESS; } - + /* KLIPS requires a special route that directs traffic that matches this * policy to one of the virtual ipsec interfaces. The virtual interface * has to be attached to the physical one the traffic runs over. @@ -2144,19 +2144,19 @@ static status_t add_policy(private_kernel_klips_ipsec_t *this, ipsec_dev_t *dev; route_entry_t *route = malloc_thing(route_entry_t); route->src_ip = NULL; - + if (mode != MODE_TRANSPORT && src->get_family(src) != AF_INET6 && this->install_routes) { charon->kernel_interface->get_address_by_ts(charon->kernel_interface, src_ts, &route->src_ip); } - + if (!route->src_ip) { route->src_ip = host_create_any(src->get_family(src)); } - + /* find the virtual interface */ iface = charon->kernel_interface->get_interface(charon->kernel_interface, src); @@ -2203,13 +2203,13 @@ static status_t add_policy(private_kernel_klips_ipsec_t *this, } free(iface); route->if_name = strdup(dev->name); - + /* get the nexthop to dst */ route->gateway = charon->kernel_interface->get_nexthop( charon->kernel_interface, dst); route->dst_net = chunk_clone(policy->dst.net->get_address(policy->dst.net)); route->prefixlen = policy->dst.mask; - + switch (charon->kernel_interface->add_route(charon->kernel_interface, route->dst_net, route->prefixlen, route->gateway, route->src_ip, route->if_name)) @@ -2227,10 +2227,10 @@ static status_t add_policy(private_kernel_klips_ipsec_t *this, policy->route = route; break; } - } - - this->mutex->unlock(this->mutex); - + } + + this->mutex->unlock(this->mutex); + return SUCCESS; } @@ -2238,7 +2238,7 @@ static status_t add_policy(private_kernel_klips_ipsec_t *this, * Implementation of kernel_interface_t.query_policy. */ static status_t query_policy(private_kernel_klips_ipsec_t *this, - traffic_selector_t *src_ts, + traffic_selector_t *src_ts, traffic_selector_t *dst_ts, policy_dir_t direction, u_int32_t *use_time) { @@ -2250,19 +2250,19 @@ static status_t query_policy(private_kernel_klips_ipsec_t *this, char *said = NULL, *pos; policy_entry_t *policy, *found = NULL; status_t status = FAILED; - + if (direction == POLICY_FWD) { /* we do not install forward policies */ return FAILED; } - + DBG2(DBG_KNL, "querying policy %R === %R %N", src_ts, dst_ts, policy_dir_names, direction); - + /* create a policy */ policy = create_policy_entry(src_ts, dst_ts, direction); - + /* find a matching policy */ this->mutex->lock(this->mutex); if (this->policies->find_first(this->policies, @@ -2276,7 +2276,7 @@ static status_t query_policy(private_kernel_klips_ipsec_t *this, } policy_entry_destroy(policy); policy = found; - + /* src and dst selectors in KLIPS are of the form NET_ADDR/NETBITS:PROTO */ snprintf(src, sizeof(src), "%H/%d:%d", policy->src.net, policy->src.mask, policy->src.proto); @@ -2284,9 +2284,9 @@ static status_t query_policy(private_kernel_klips_ipsec_t *this, snprintf(dst, sizeof(dst), "%H/%d:%d", policy->dst.net, policy->dst.mask, policy->dst.proto); dst[sizeof(dst) - 1] = '\0'; - + this->mutex->unlock(this->mutex); - + /* we try to find the matching eroute first */ file = fopen(path_eroute, "r"); if (file == NULL) @@ -2295,7 +2295,7 @@ static status_t query_policy(private_kernel_klips_ipsec_t *this, dst_ts, policy_dir_names, direction, strerror(errno), errno); return FAILED; } - + /* read line by line where each line looks like: * packets src -> dst => said */ while (fgets(line, sizeof(line), file)) @@ -2303,7 +2303,7 @@ static status_t query_policy(private_kernel_klips_ipsec_t *this, enumerator_t *enumerator; char *token; int i = 0; - + enumerator = enumerator_create_token(line, " \t", " \t\n"); while (enumerator->enumerate(enumerator, &token)) { @@ -2334,7 +2334,7 @@ static status_t query_policy(private_kernel_klips_ipsec_t *this, break; } enumerator->destroy(enumerator); - + if (i == 5) { /* eroute matched */ @@ -2342,19 +2342,19 @@ static status_t query_policy(private_kernel_klips_ipsec_t *this, } } fclose(file); - + if (said == NULL) { DBG1(DBG_KNL, "unable to query policy %R === %R %N: found no matching" " eroute", src_ts, dst_ts, policy_dir_names, direction); return FAILED; } - + /* compared with the one in the spi entry the SA ID from the eroute entry * has an additional ":PROTO" appended, which we need to cut off */ pos = strrchr(said, ':'); *pos = '\0'; - + /* now we try to find the matching spi entry */ file = fopen(path_spi, "r"); if (file == NULL) @@ -2363,7 +2363,7 @@ static status_t query_policy(private_kernel_klips_ipsec_t *this, dst_ts, policy_dir_names, direction, strerror(errno), errno); return FAILED; } - + while (fgets(line, sizeof(line), file)) { if (strneq(line, said, strlen(said))) @@ -2381,7 +2381,7 @@ static status_t query_policy(private_kernel_klips_ipsec_t *this, /* idle time not valid */ break; } - + *use_time = time_monotonic(NULL) - idle_time; status = SUCCESS; break; @@ -2389,7 +2389,7 @@ static status_t query_policy(private_kernel_klips_ipsec_t *this, } fclose(file); free(said); - + return status; } @@ -2397,7 +2397,7 @@ static status_t query_policy(private_kernel_klips_ipsec_t *this, * Implementation of kernel_interface_t.del_policy. */ static status_t del_policy(private_kernel_klips_ipsec_t *this, - traffic_selector_t *src_ts, + traffic_selector_t *src_ts, traffic_selector_t *dst_ts, policy_dir_t direction, bool unrouted) { @@ -2406,19 +2406,19 @@ static status_t del_policy(private_kernel_klips_ipsec_t *this, policy_entry_t *policy, *found = NULL; route_entry_t *route; size_t len; - + if (direction == POLICY_FWD) { /* no forward policies for KLIPS */ return SUCCESS; } - + DBG2(DBG_KNL, "deleting policy %R === %R %N", src_ts, dst_ts, policy_dir_names, direction); - + /* create a policy */ policy = create_policy_entry(src_ts, dst_ts, direction); - + /* find a matching policy */ this->mutex->lock(this->mutex); if (this->policies->find_first(this->policies, @@ -2431,10 +2431,10 @@ static status_t del_policy(private_kernel_klips_ipsec_t *this, return NOT_FOUND; } policy_entry_destroy(policy); - + /* decrease appropriate counter */ unrouted ? found->trapcount-- : found->activecount--; - + if (found->trapcount == 0) { /* if this policy is finally unrouted, we reset the reqid because it @@ -2442,7 +2442,7 @@ static status_t del_policy(private_kernel_klips_ipsec_t *this, * this policy. */ found->reqid = 0; } - + if (found->activecount > 0) { /* is still used by SAs, keep in kernel */ @@ -2462,22 +2462,22 @@ static status_t del_policy(private_kernel_klips_ipsec_t *this, this->mutex->unlock(this->mutex); return pfkey_send_ack(this, msg); } - + /* remove if last reference */ this->policies->remove(this->policies, found, NULL); policy = found; - + this->mutex->unlock(this->mutex); - + memset(&request, 0, sizeof(request)); - + build_delflow(msg, 0, policy->src.net, policy->src.mask, policy->dst.net, policy->dst.mask, policy->src.proto); - + route = policy->route; policy->route = NULL; policy_entry_destroy(policy); - + if (pfkey_send(this, msg, &out, &len) != SUCCESS) { DBG1(DBG_KNL, "unable to delete policy %R === %R %N", src_ts, dst_ts, @@ -2493,11 +2493,11 @@ static status_t del_policy(private_kernel_klips_ipsec_t *this, return FAILED; } free(out); - + if (route) { ipsec_dev_t *dev; - + if (charon->kernel_interface->del_route(charon->kernel_interface, route->dst_net, route->prefixlen, route->gateway, route->src_ip, route->if_name) != SUCCESS) @@ -2506,11 +2506,11 @@ static status_t del_policy(private_kernel_klips_ipsec_t *this, " policy %R === %R %N", src_ts, dst_ts, policy_dir_names, direction); } - + /* we have to detach the ipsec interface from the physical one over which * this SA ran (if it is not used by any other) */ this->mutex->lock(this->mutex); - + if (find_ipsec_dev(this, route->if_name, &dev) == SUCCESS) { /* fine, we found a matching device object, let's check if we have @@ -2525,12 +2525,12 @@ static status_t del_policy(private_kernel_klips_ipsec_t *this, dev->phys_name[0] = '\0'; } } - + this->mutex->unlock(this->mutex); - + route_entry_destroy(route); } - + return SUCCESS; } @@ -2542,7 +2542,7 @@ static void init_ipsec_devices(private_kernel_klips_ipsec_t *this) int i, count = lib->settings->get_int(lib->settings, "charon.plugins.kernel_klips.ipsec_dev_count", DEFAULT_IPSEC_DEV_COUNT); - + for (i = 0; i < count; ++i) { ipsec_dev_t *dev = malloc_thing(ipsec_dev_t); @@ -2551,7 +2551,7 @@ static void init_ipsec_devices(private_kernel_klips_ipsec_t *this) dev->phys_name[0] = '\0'; dev->refcount = 0; this->ipsec_devices->insert_last(this->ipsec_devices, dev); - + /* detach any previously attached ipsec device */ detach_ipsec_dev(dev->name, dev->phys_name); } @@ -2565,15 +2565,15 @@ static status_t register_pfkey_socket(private_kernel_klips_ipsec_t *this, u_int8 unsigned char request[PFKEY_BUFFER_SIZE]; struct sadb_msg *msg, *out; size_t len; - + memset(&request, 0, sizeof(request)); - + msg = (struct sadb_msg*)request; msg->sadb_msg_version = PF_KEY_V2; msg->sadb_msg_type = SADB_REGISTER; msg->sadb_msg_satype = satype; msg->sadb_msg_len = PFKEY_LEN(sizeof(struct sadb_msg)); - + if (pfkey_send_socket(this, this->socket_events, msg, &out, &len) != SUCCESS) { DBG1(DBG_KNL, "unable to register PF_KEY socket"); @@ -2613,7 +2613,7 @@ static void destroy(private_kernel_klips_ipsec_t *this) kernel_klips_ipsec_t *kernel_klips_ipsec_create() { private_kernel_klips_ipsec_t *this = malloc_thing(private_kernel_klips_ipsec_t); - + /* public functions */ this->public.interface.get_spi = (status_t(*)(kernel_ipsec_t*,host_t*,host_t*,protocol_id_t,u_int32_t,u_int32_t*))get_spi; this->public.interface.get_cpi = (status_t(*)(kernel_ipsec_t*,host_t*,host_t*,u_int32_t,u_int16_t*))get_cpi; @@ -2624,7 +2624,7 @@ kernel_klips_ipsec_t *kernel_klips_ipsec_create() this->public.interface.add_policy = (status_t(*)(kernel_ipsec_t*,host_t*,host_t*,traffic_selector_t*,traffic_selector_t*,policy_dir_t,u_int32_t,protocol_id_t,u_int32_t,ipsec_mode_t,u_int16_t,u_int16_t,bool))add_policy; this->public.interface.query_policy = (status_t(*)(kernel_ipsec_t*,traffic_selector_t*,traffic_selector_t*,policy_dir_t,u_int32_t*))query_policy; this->public.interface.del_policy = (status_t(*)(kernel_ipsec_t*,traffic_selector_t*,traffic_selector_t*,policy_dir_t,bool))del_policy; - + this->public.interface.destroy = (void(*)(kernel_ipsec_t*)) destroy; /* private members */ @@ -2636,34 +2636,34 @@ kernel_klips_ipsec_t *kernel_klips_ipsec_create() this->mutex_pfkey = mutex_create(MUTEX_TYPE_DEFAULT); this->install_routes = lib->settings->get_bool(lib->settings, "charon.install_routes", TRUE); this->seq = 0; - + /* initialize ipsec devices */ init_ipsec_devices(this); - + /* create a PF_KEY socket to communicate with the kernel */ this->socket = socket(PF_KEY, SOCK_RAW, PF_KEY_V2); if (this->socket <= 0) { charon->kill(charon, "unable to create PF_KEY socket"); } - + /* create a PF_KEY socket for ACQUIRE & EXPIRE */ this->socket_events = socket(PF_KEY, SOCK_RAW, PF_KEY_V2); if (this->socket_events <= 0) { charon->kill(charon, "unable to create PF_KEY event socket"); } - + /* register the event socket */ if (register_pfkey_socket(this, SADB_SATYPE_ESP) != SUCCESS || register_pfkey_socket(this, SADB_SATYPE_AH) != SUCCESS) { charon->kill(charon, "unable to register PF_KEY event socket"); } - + this->job = callback_job_create((callback_job_cb_t)receive_events, this, NULL, NULL); charon->processor->queue_job(charon->processor, (job_t*)this->job); - + return &this->public; } diff --git a/src/charon/plugins/kernel_klips/kernel_klips_plugin.c b/src/charon/plugins/kernel_klips/kernel_klips_plugin.c index d153ea8af..b0117c10c 100644 --- a/src/charon/plugins/kernel_klips/kernel_klips_plugin.c +++ b/src/charon/plugins/kernel_klips/kernel_klips_plugin.c @@ -47,10 +47,10 @@ static void destroy(private_kernel_klips_plugin_t *this) plugin_t *plugin_create() { private_kernel_klips_plugin_t *this = malloc_thing(private_kernel_klips_plugin_t); - + this->public.plugin.destroy = (void(*)(plugin_t*))destroy; - + charon->kernel_interface->add_ipsec_interface(charon->kernel_interface, (kernel_ipsec_constructor_t)kernel_klips_ipsec_create); - + return &this->public.plugin; } diff --git a/src/charon/plugins/kernel_klips/pfkeyv2.h b/src/charon/plugins/kernel_klips/pfkeyv2.h index 78d3dfa91..20d1c298d 100644 --- a/src/charon/plugins/kernel_klips/pfkeyv2.h +++ b/src/charon/plugins/kernel_klips/pfkeyv2.h @@ -169,7 +169,7 @@ struct sadb_x_satype { uint8_t sadb_x_satype_satype; uint8_t sadb_x_satype_reserved[3]; }; - + struct sadb_x_debug { uint16_t sadb_x_debug_len; uint16_t sadb_x_debug_exttype; @@ -200,7 +200,7 @@ struct sadb_x_nat_t_port { uint16_t sadb_x_nat_t_port_port; uint16_t sadb_x_nat_t_port_reserved; }; - + /* * A protocol structure for passing through the transport level * protocol. It contains more fields than are actually used/needed diff --git a/src/charon/plugins/kernel_netlink/kernel_netlink_ipsec.c b/src/charon/plugins/kernel_netlink/kernel_netlink_ipsec.c index cdd2436c5..bce6016c5 100644 --- a/src/charon/plugins/kernel_netlink/kernel_netlink_ipsec.c +++ b/src/charon/plugins/kernel_netlink/kernel_netlink_ipsec.c @@ -75,8 +75,8 @@ #define XFRMNLGRP(x) (1<<(XFRMNLGRP_##x-1)) /** - * returns a pointer to the first rtattr following the nlmsghdr *nlh and the - * 'usual' netlink data x like 'struct xfrm_usersa_info' + * returns a pointer to the first rtattr following the nlmsghdr *nlh and the + * 'usual' netlink data x like 'struct xfrm_usersa_info' */ #define XFRM_RTA(nlh, x) ((struct rtattr*)(NLMSG_DATA(nlh) + NLMSG_ALIGN(sizeof(x)))) /** @@ -85,8 +85,8 @@ */ #define XFRM_RTA_NEXT(rta) ((struct rtattr*)(((char*)(rta)) + RTA_ALIGN((rta)->rta_len))) /** - * returns the total size of attached rta data - * (after 'usual' netlink data x like 'struct xfrm_usersa_info') + * returns the total size of attached rta data + * (after 'usual' netlink data x like 'struct xfrm_usersa_info') */ #define XFRM_PAYLOAD(nlh, x) NLMSG_PAYLOAD(nlh, sizeof(x)) @@ -100,7 +100,7 @@ struct kernel_algorithm_t { * Identifier specified in IKEv2 */ int ikev2; - + /** * Name of the algorithm in linux crypto API */ @@ -239,10 +239,10 @@ typedef struct route_entry_t route_entry_t; struct route_entry_t { /** Name of the interface the route is bound to */ char *if_name; - + /** Source ip of the route */ host_t *src_ip; - + /** gateway for this route */ host_t *gateway; @@ -271,16 +271,16 @@ typedef struct policy_entry_t policy_entry_t; * installed kernel policy. */ struct policy_entry_t { - + /** direction of this policy: in, out, forward */ u_int8_t direction; - + /** parameters of installed policy */ struct xfrm_selector sel; - + /** associated route installed for this policy */ route_entry_t *route; - + /** by how many CHILD_SA's this policy is used */ u_int refcount; }; @@ -313,32 +313,32 @@ struct private_kernel_netlink_ipsec_t { * Public part of the kernel_netlink_t object. */ kernel_netlink_ipsec_t public; - + /** * mutex to lock access to various lists */ mutex_t *mutex; - + /** * Hash table of installed policies (policy_entry_t) */ hashtable_t *policies; - + /** * job receiving netlink events */ callback_job_t *job; - + /** * Netlink xfrm socket (IPsec) */ netlink_socket_t *socket_xfrm; - + /** * netlink xfrm socket to receive acquire and expire events */ int socket_xfrm_events; - + /** * whether to install routes along policies */ @@ -401,7 +401,7 @@ static u_int8_t mode2kernel(ipsec_mode_t mode) static void host2xfrm(host_t *host, xfrm_address_t *xfrm) { chunk_t chunk = host->get_address(host); - memcpy(xfrm, chunk.ptr, min(chunk.len, sizeof(xfrm_address_t))); + memcpy(xfrm, chunk.ptr, min(chunk.len, sizeof(xfrm_address_t))); } /** @@ -410,7 +410,7 @@ static void host2xfrm(host_t *host, xfrm_address_t *xfrm) static host_t* xfrm2host(int family, xfrm_address_t *xfrm, u_int16_t port) { chunk_t chunk; - + switch (family) { case AF_INET: @@ -428,12 +428,12 @@ static host_t* xfrm2host(int family, xfrm_address_t *xfrm, u_int16_t port) /** * convert a traffic selector address range to subnet and its mask. */ -static void ts2subnet(traffic_selector_t* ts, +static void ts2subnet(traffic_selector_t* ts, xfrm_address_t *net, u_int8_t *mask) { host_t *net_host; chunk_t net_chunk; - + ts->to_subnet(ts, &net_host, mask); net_chunk = net_host->get_address(net_host); memcpy(net, net_chunk.ptr, net_chunk.len); @@ -443,7 +443,7 @@ static void ts2subnet(traffic_selector_t* ts, /** * convert a traffic selector port range to port/portmask */ -static void ts2ports(traffic_selector_t* ts, +static void ts2ports(traffic_selector_t* ts, u_int16_t *port, u_int16_t *mask) { /* linux does not seem to accept complex portmasks. Only @@ -451,10 +451,10 @@ static void ts2ports(traffic_selector_t* ts, * a port range, or to a specific, if we have one port only. */ u_int16_t from, to; - + from = ts->get_from_port(ts); to = ts->get_to_port(ts); - + if (from == to) { *port = htons(from); @@ -470,7 +470,7 @@ static void ts2ports(traffic_selector_t* ts, /** * convert a pair of traffic_selectors to a xfrm_selector */ -static struct xfrm_selector ts2selector(traffic_selector_t *src, +static struct xfrm_selector ts2selector(traffic_selector_t *src, traffic_selector_t *dst) { struct xfrm_selector sel; @@ -485,12 +485,12 @@ static struct xfrm_selector ts2selector(traffic_selector_t *src, ts2ports(src, &sel.sport, &sel.sport_mask); sel.ifindex = 0; sel.user = 0; - + return sel; } /** - * convert a xfrm_selector to a src|dst traffic_selector + * convert a xfrm_selector to a src|dst traffic_selector */ static traffic_selector_t* selector2ts(struct xfrm_selector *sel, bool src) { @@ -498,7 +498,7 @@ static traffic_selector_t* selector2ts(struct xfrm_selector *sel, bool src) u_int8_t prefixlen; u_int16_t port = 0; host_t *host = NULL; - + if (src) { addr = (u_char*)&sel->saddr; @@ -517,9 +517,9 @@ static traffic_selector_t* selector2ts(struct xfrm_selector *sel, bool src) port = htons(sel->dport); } } - + /* The Linux 2.6 kernel does not set the selector's family field, - * so as a kludge we additionally test the prefix length. + * so as a kludge we additionally test the prefix length. */ if (sel->family == AF_INET || sel->prefixlen_s == 32) { @@ -529,7 +529,7 @@ static traffic_selector_t* selector2ts(struct xfrm_selector *sel, bool src) { host = host_create_from_chunk(AF_INET6, chunk_create(addr, 16), 0); } - + if (host) { return traffic_selector_create_from_subnet(host, prefixlen, @@ -550,7 +550,7 @@ static void process_acquire(private_kernel_netlink_ipsec_t *this, struct nlmsghd struct rtattr *rta; size_t rtasize; job_t *job; - + acquire = (struct xfrm_user_acquire*)NLMSG_DATA(hdr); rta = XFRM_RTA(hdr, struct xfrm_user_acquire); rtasize = XFRM_PAYLOAD(hdr, struct xfrm_user_acquire); @@ -598,21 +598,21 @@ static void process_expire(private_kernel_netlink_ipsec_t *this, struct nlmsghdr protocol_id_t protocol; u_int32_t spi, reqid; struct xfrm_user_expire *expire; - + expire = (struct xfrm_user_expire*)NLMSG_DATA(hdr); protocol = proto_kernel2ike(expire->state.id.proto); spi = expire->state.id.spi; reqid = expire->state.reqid; - + DBG2(DBG_KNL, "received a XFRM_MSG_EXPIRE"); - + if (protocol != PROTO_ESP && protocol != PROTO_AH) { DBG2(DBG_KNL, "ignoring XFRM_MSG_EXPIRE for SA with SPI %.8x and reqid {%u} " "which is not a CHILD_SA", ntohl(spi), reqid); return; } - + DBG1(DBG_KNL, "creating %s job for %N CHILD_SA with SPI %.8x and reqid {%d}", expire->hard ? "delete" : "rekey", protocol_id_names, protocol, ntohl(spi), reqid); @@ -648,7 +648,7 @@ static void process_migrate(private_kernel_netlink_ipsec_t *this, struct nlmsghd rtasize = XFRM_PAYLOAD(hdr, struct xfrm_userpolicy_id); DBG2(DBG_KNL, "received a XFRM_MSG_MIGRATE"); - + src_ts = selector2ts(&policy_id->sel, TRUE); dst_ts = selector2ts(&policy_id->sel, FALSE); dir = (policy_dir_t)policy_id->dir; @@ -717,13 +717,13 @@ static void process_mapping(private_kernel_netlink_ipsec_t *this, u_int32_t spi, reqid; struct xfrm_user_mapping *mapping; host_t *host; - + mapping = (struct xfrm_user_mapping*)NLMSG_DATA(hdr); spi = mapping->id.spi; reqid = mapping->reqid; - + DBG2(DBG_KNL, "received a XFRM_MSG_MAPPING"); - + if (proto_kernel2ike(mapping->id.proto) == PROTO_ESP) { host = xfrm2host(mapping->id.family, &mapping->new_saddr, @@ -753,7 +753,7 @@ static job_requeue_t receive_events(private_kernel_netlink_ipsec_t *this) len = recvfrom(this->socket_xfrm_events, response, sizeof(response), 0, (struct sockaddr*)&addr, &addr_len); pthread_setcancelstate(oldstate, NULL); - + if (len < 0) { switch (errno) @@ -770,12 +770,12 @@ static job_requeue_t receive_events(private_kernel_netlink_ipsec_t *this) return JOB_REQUEUE_FAIR; } } - + if (addr.nl_pid != 0) { /* not from kernel. not interested, try another one */ return JOB_REQUEUE_DIRECT; } - + while (NLMSG_OK(hdr, len)) { switch (hdr->nlmsg_type) @@ -813,9 +813,9 @@ static status_t get_spi_internal(private_kernel_netlink_ipsec_t *this, struct xfrm_userspi_info *userspi; u_int32_t received_spi = 0; size_t len; - + memset(&request, 0, sizeof(request)); - + hdr = (struct nlmsghdr*)request; hdr->nlmsg_flags = NLM_F_REQUEST; hdr->nlmsg_type = XFRM_MSG_ALLOCSPI; @@ -830,7 +830,7 @@ static status_t get_spi_internal(private_kernel_netlink_ipsec_t *this, userspi->info.family = src->get_family(src); userspi->min = min; userspi->max = max; - + if (this->socket_xfrm->send(this->socket_xfrm, hdr, &out, &len) == SUCCESS) { hdr = out; @@ -847,7 +847,7 @@ static status_t get_spi_internal(private_kernel_netlink_ipsec_t *this, case NLMSG_ERROR: { struct nlmsgerr *err = NLMSG_DATA(hdr); - + DBG1(DBG_KNL, "allocating SPI failed: %s (%d)", strerror(-err->error), -err->error); break; @@ -862,12 +862,12 @@ static status_t get_spi_internal(private_kernel_netlink_ipsec_t *this, } free(out); } - + if (received_spi == 0) { return FAILED; } - + *spi = received_spi; return SUCCESS; } @@ -875,47 +875,47 @@ static status_t get_spi_internal(private_kernel_netlink_ipsec_t *this, /** * Implementation of kernel_interface_t.get_spi. */ -static status_t get_spi(private_kernel_netlink_ipsec_t *this, - host_t *src, host_t *dst, +static status_t get_spi(private_kernel_netlink_ipsec_t *this, + host_t *src, host_t *dst, protocol_id_t protocol, u_int32_t reqid, u_int32_t *spi) { DBG2(DBG_KNL, "getting SPI for reqid {%u}", reqid); - + if (get_spi_internal(this, src, dst, proto_ike2kernel(protocol), 0xc0000000, 0xcFFFFFFF, reqid, spi) != SUCCESS) { DBG1(DBG_KNL, "unable to get SPI for reqid {%u}", reqid); return FAILED; } - + DBG2(DBG_KNL, "got SPI %.8x for reqid {%u}", ntohl(*spi), reqid); - + return SUCCESS; } /** * Implementation of kernel_interface_t.get_cpi. */ -static status_t get_cpi(private_kernel_netlink_ipsec_t *this, - host_t *src, host_t *dst, +static status_t get_cpi(private_kernel_netlink_ipsec_t *this, + host_t *src, host_t *dst, u_int32_t reqid, u_int16_t *cpi) { u_int32_t received_spi = 0; DBG2(DBG_KNL, "getting CPI for reqid {%u}", reqid); - + if (get_spi_internal(this, src, dst, IPPROTO_COMP, 0x100, 0xEFFF, reqid, &received_spi) != SUCCESS) { DBG1(DBG_KNL, "unable to get CPI for reqid {%u}", reqid); return FAILED; } - + *cpi = htons((u_int16_t)ntohl(received_spi)); - + DBG2(DBG_KNL, "got CPI %.4x for reqid {%u}", ntohs(*cpi), reqid); - + return SUCCESS; } @@ -935,8 +935,8 @@ static status_t add_sa(private_kernel_netlink_ipsec_t *this, char *alg_name; struct nlmsghdr *hdr; struct xfrm_usersa_info *sa; - u_int16_t icv_size = 64; - + u_int16_t icv_size = 64; + /* if IPComp is used, we install an additional IPComp SA. if the cpi is 0 * we are in the recursive call below */ if (ipcomp != IPCOMP_NONE && cpi != 0) @@ -947,17 +947,17 @@ static status_t add_sa(private_kernel_netlink_ipsec_t *this, mode, ipcomp, 0, FALSE, inbound); ipcomp = IPCOMP_NONE; } - + memset(&request, 0, sizeof(request)); - + DBG2(DBG_KNL, "adding SAD entry with SPI %.8x and reqid {%u}", ntohl(spi), reqid); - + hdr = (struct nlmsghdr*)request; hdr->nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK; hdr->nlmsg_type = inbound ? XFRM_MSG_UPDSA : XFRM_MSG_NEWSA; hdr->nlmsg_len = NLMSG_LENGTH(sizeof(struct xfrm_usersa_info)); - + sa = (struct xfrm_usersa_info*)NLMSG_DATA(hdr); host2xfrm(src, &sa->saddr); host2xfrm(dst, &sa->id.daddr); @@ -980,9 +980,9 @@ static status_t add_sa(private_kernel_netlink_ipsec_t *this, sa->lft.hard_add_expires_seconds = lifetime->time.life; sa->lft.soft_use_expires_seconds = 0; sa->lft.hard_use_expires_seconds = 0; - + struct rtattr *rthdr = XFRM_RTA(hdr, struct xfrm_usersa_info); - + switch (enc_alg) { case ENCR_UNDEFINED: @@ -1013,7 +1013,7 @@ static status_t add_sa(private_kernel_netlink_ipsec_t *this, } DBG2(DBG_KNL, " using encryption algorithm %N with key size %d", encryption_algorithm_names, enc_alg, enc_key.len * 8); - + rthdr->rta_type = XFRMA_ALG_AEAD; rthdr->rta_len = RTA_LENGTH(sizeof(struct xfrm_algo_aead) + enc_key.len); hdr->nlmsg_len += rthdr->rta_len; @@ -1021,13 +1021,13 @@ static status_t add_sa(private_kernel_netlink_ipsec_t *this, { return FAILED; } - + algo = (struct xfrm_algo_aead*)RTA_DATA(rthdr); algo->alg_key_len = enc_key.len * 8; algo->alg_icv_len = icv_size; strcpy(algo->alg_name, alg_name); memcpy(algo->alg_key, enc_key.ptr, enc_key.len); - + rthdr = XFRM_RTA_NEXT(rthdr); break; } @@ -1044,7 +1044,7 @@ static status_t add_sa(private_kernel_netlink_ipsec_t *this, } DBG2(DBG_KNL, " using encryption algorithm %N with key size %d", encryption_algorithm_names, enc_alg, enc_key.len * 8); - + rthdr->rta_type = XFRMA_ALG_CRYPT; rthdr->rta_len = RTA_LENGTH(sizeof(struct xfrm_algo) + enc_key.len); hdr->nlmsg_len += rthdr->rta_len; @@ -1052,71 +1052,71 @@ static status_t add_sa(private_kernel_netlink_ipsec_t *this, { return FAILED; } - + algo = (struct xfrm_algo*)RTA_DATA(rthdr); algo->alg_key_len = enc_key.len * 8; strcpy(algo->alg_name, alg_name); memcpy(algo->alg_key, enc_key.ptr, enc_key.len); - + rthdr = XFRM_RTA_NEXT(rthdr); } } - + if (int_alg != AUTH_UNDEFINED) { rthdr->rta_type = XFRMA_ALG_AUTH; alg_name = lookup_algorithm(integrity_algs, int_alg); if (alg_name == NULL) { - DBG1(DBG_KNL, "algorithm %N not supported by kernel!", + DBG1(DBG_KNL, "algorithm %N not supported by kernel!", integrity_algorithm_names, int_alg); return FAILED; } DBG2(DBG_KNL, " using integrity algorithm %N with key size %d", integrity_algorithm_names, int_alg, int_key.len * 8); - + rthdr->rta_len = RTA_LENGTH(sizeof(struct xfrm_algo) + int_key.len); hdr->nlmsg_len += rthdr->rta_len; if (hdr->nlmsg_len > sizeof(request)) { return FAILED; } - + struct xfrm_algo* algo = (struct xfrm_algo*)RTA_DATA(rthdr); algo->alg_key_len = int_key.len * 8; strcpy(algo->alg_name, alg_name); memcpy(algo->alg_key, int_key.ptr, int_key.len); - + rthdr = XFRM_RTA_NEXT(rthdr); } - + if (ipcomp != IPCOMP_NONE) { rthdr->rta_type = XFRMA_ALG_COMP; alg_name = lookup_algorithm(compression_algs, ipcomp); if (alg_name == NULL) { - DBG1(DBG_KNL, "algorithm %N not supported by kernel!", + DBG1(DBG_KNL, "algorithm %N not supported by kernel!", ipcomp_transform_names, ipcomp); return FAILED; } DBG2(DBG_KNL, " using compression algorithm %N", ipcomp_transform_names, ipcomp); - + rthdr->rta_len = RTA_LENGTH(sizeof(struct xfrm_algo)); hdr->nlmsg_len += rthdr->rta_len; if (hdr->nlmsg_len > sizeof(request)) { return FAILED; } - + struct xfrm_algo* algo = (struct xfrm_algo*)RTA_DATA(rthdr); algo->alg_key_len = 0; strcpy(algo->alg_name, alg_name); - + rthdr = XFRM_RTA_NEXT(rthdr); } - + if (encap) { rthdr->rta_type = XFRMA_ENCAP; @@ -1133,13 +1133,13 @@ static status_t add_sa(private_kernel_netlink_ipsec_t *this, tmpl->encap_sport = htons(src->get_port(src)); tmpl->encap_dport = htons(dst->get_port(dst)); memset(&tmpl->encap_oa, 0, sizeof (xfrm_address_t)); - /* encap_oa could probably be derived from the - * traffic selectors [rfc4306, p39]. In the netlink kernel implementation - * pluto does the same as we do here but it uses encap_oa in the - * pfkey implementation. BUT as /usr/src/linux/net/key/af_key.c indicates + /* encap_oa could probably be derived from the + * traffic selectors [rfc4306, p39]. In the netlink kernel implementation + * pluto does the same as we do here but it uses encap_oa in the + * pfkey implementation. BUT as /usr/src/linux/net/key/af_key.c indicates * the kernel ignores it anyway * -> does that mean that NAT-T encap doesn't work in transport mode? - * No. The reason the kernel ignores NAT-OA is that it recomputes + * No. The reason the kernel ignores NAT-OA is that it recomputes * (or, rather, just ignores) the checksum. If packets pass * the IPsec checks it marks them "checksum ok" so OA isn't needed. */ rthdr = XFRM_RTA_NEXT(rthdr); @@ -1166,24 +1166,24 @@ static status_t get_replay_state(private_kernel_netlink_ipsec_t *this, size_t len; struct rtattr *rta; size_t rtasize; - + memset(&request, 0, sizeof(request)); - + DBG2(DBG_KNL, "querying replay state from SAD entry with SPI %.8x", ntohl(spi)); hdr = (struct nlmsghdr*)request; hdr->nlmsg_flags = NLM_F_REQUEST; hdr->nlmsg_type = XFRM_MSG_GETAE; hdr->nlmsg_len = NLMSG_LENGTH(sizeof(struct xfrm_aevent_id)); - + aevent_id = (struct xfrm_aevent_id*)NLMSG_DATA(hdr); aevent_id->flags = XFRM_AE_RVAL; - + host2xfrm(dst, &aevent_id->sa_id.daddr); aevent_id->sa_id.spi = spi; aevent_id->sa_id.proto = proto_ike2kernel(protocol); aevent_id->sa_id.family = dst->get_family(dst); - + if (this->socket_xfrm->send(this->socket_xfrm, hdr, &out, &len) == SUCCESS) { hdr = out; @@ -1212,7 +1212,7 @@ static status_t get_replay_state(private_kernel_netlink_ipsec_t *this, break; } } - + if (out_aevent == NULL) { DBG1(DBG_KNL, "unable to query replay state from SAD entry with SPI %.8x", @@ -1220,7 +1220,7 @@ static status_t get_replay_state(private_kernel_netlink_ipsec_t *this, free(out); return FAILED; } - + rta = XFRM_RTA(out, struct xfrm_aevent_id); rtasize = XFRM_PAYLOAD(out, struct xfrm_aevent_id); while(RTA_OK(rta, rtasize)) @@ -1234,7 +1234,7 @@ static status_t get_replay_state(private_kernel_netlink_ipsec_t *this, } rta = RTA_NEXT(rta, rtasize); } - + DBG1(DBG_KNL, "unable to query replay state from SAD entry with SPI %.8x", ntohl(spi)); free(out); @@ -1253,7 +1253,7 @@ static status_t query_sa(private_kernel_netlink_ipsec_t *this, host_t *src, struct xfrm_usersa_id *sa_id; struct xfrm_usersa_info *sa = NULL; size_t len; - + memset(&request, 0, sizeof(request)); DBG2(DBG_KNL, "querying SAD entry with SPI %.8x", ntohl(spi)); @@ -1268,7 +1268,7 @@ static status_t query_sa(private_kernel_netlink_ipsec_t *this, host_t *src, sa_id->spi = spi; sa_id->proto = proto_ike2kernel(protocol); sa_id->family = dst->get_family(dst); - + if (this->socket_xfrm->send(this->socket_xfrm, hdr, &out, &len) == SUCCESS) { hdr = out; @@ -1297,7 +1297,7 @@ static status_t query_sa(private_kernel_netlink_ipsec_t *this, host_t *src, break; } } - + if (sa == NULL) { DBG2(DBG_KNL, "unable to query SAD entry with SPI %.8x", ntohl(spi)); @@ -1305,7 +1305,7 @@ static status_t query_sa(private_kernel_netlink_ipsec_t *this, host_t *src, return FAILED; } *bytes = sa->curlft.bytes; - + free(out); return SUCCESS; } @@ -1319,28 +1319,28 @@ static status_t del_sa(private_kernel_netlink_ipsec_t *this, host_t *src, netlink_buf_t request; struct nlmsghdr *hdr; struct xfrm_usersa_id *sa_id; - + /* if IPComp was used, we first delete the additional IPComp SA */ if (cpi) { del_sa(this, src, dst, htonl(ntohs(cpi)), IPPROTO_COMP, 0); } - + memset(&request, 0, sizeof(request)); - + DBG2(DBG_KNL, "deleting SAD entry with SPI %.8x", ntohl(spi)); - + hdr = (struct nlmsghdr*)request; hdr->nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK; hdr->nlmsg_type = XFRM_MSG_DELSA; hdr->nlmsg_len = NLMSG_LENGTH(sizeof(struct xfrm_usersa_id)); - + sa_id = (struct xfrm_usersa_id*)NLMSG_DATA(hdr); host2xfrm(dst, &sa_id->daddr); sa_id->spi = spi; sa_id->proto = proto_ike2kernel(protocol); sa_id->family = dst->get_family(dst); - + if (this->socket_xfrm->send_ack(this->socket_xfrm, hdr) != SUCCESS) { DBG1(DBG_KNL, "unable to delete SAD entry with SPI %.8x", ntohl(spi)); @@ -1370,30 +1370,30 @@ static status_t update_sa(private_kernel_netlink_ipsec_t *this, struct xfrm_encap_tmpl* tmpl = NULL; bool got_replay_state = FALSE; struct xfrm_replay_state replay; - + /* if IPComp is used, we first update the IPComp SA */ if (cpi) { update_sa(this, htonl(ntohs(cpi)), IPPROTO_COMP, 0, src, dst, new_src, new_dst, FALSE, FALSE); } - + memset(&request, 0, sizeof(request)); - + DBG2(DBG_KNL, "querying SAD entry with SPI %.8x for update", ntohl(spi)); - + /* query the existing SA first */ hdr = (struct nlmsghdr*)request; hdr->nlmsg_flags = NLM_F_REQUEST; hdr->nlmsg_type = XFRM_MSG_GETSA; hdr->nlmsg_len = NLMSG_LENGTH(sizeof(struct xfrm_usersa_id)); - + sa_id = (struct xfrm_usersa_id*)NLMSG_DATA(hdr); host2xfrm(dst, &sa_id->daddr); sa_id->spi = spi; sa_id->proto = proto_ike2kernel(protocol); sa_id->family = dst->get_family(dst); - + if (this->socket_xfrm->send(this->socket_xfrm, hdr, &out, &len) == SUCCESS) { hdr = out; @@ -1428,13 +1428,13 @@ static status_t update_sa(private_kernel_netlink_ipsec_t *this, free(out); return FAILED; } - + /* try to get the replay state */ if (get_replay_state(this, spi, protocol, dst, &replay) == SUCCESS) { got_replay_state = TRUE; } - + /* delete the old SA (without affecting the IPComp SA) */ if (del_sa(this, src, dst, spi, protocol, 0) != SUCCESS) { @@ -1442,18 +1442,18 @@ static status_t update_sa(private_kernel_netlink_ipsec_t *this, free(out); return FAILED; } - + DBG2(DBG_KNL, "updating SAD entry with SPI %.8x from %#H..%#H to %#H..%#H", ntohl(spi), src, dst, new_src, new_dst); /* copy over the SA from out to request */ hdr = (struct nlmsghdr*)request; memcpy(hdr, out, min(out->nlmsg_len, sizeof(request))); - hdr->nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK; + hdr->nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK; hdr->nlmsg_type = XFRM_MSG_NEWSA; hdr->nlmsg_len = NLMSG_LENGTH(sizeof(struct xfrm_usersa_info)); sa = NLMSG_DATA(hdr); sa->family = new_dst->get_family(new_dst); - + if (!src->ip_equals(src, new_src)) { host2xfrm(new_src, &sa->saddr); @@ -1462,7 +1462,7 @@ static status_t update_sa(private_kernel_netlink_ipsec_t *this, { host2xfrm(new_dst, &sa->id.daddr); } - + rta = XFRM_RTA(out, struct xfrm_usersa_info); rtasize = XFRM_PAYLOAD(out, struct xfrm_usersa_info); pos = (u_char*)XFRM_RTA(hdr, struct xfrm_usersa_info); @@ -1476,47 +1476,47 @@ static status_t update_sa(private_kernel_netlink_ipsec_t *this, tmpl = (struct xfrm_encap_tmpl*)RTA_DATA(rta); tmpl->encap_sport = ntohs(new_src->get_port(new_src)); tmpl->encap_dport = ntohs(new_dst->get_port(new_dst)); - } + } memcpy(pos, rta, rta->rta_len); pos += RTA_ALIGN(rta->rta_len); hdr->nlmsg_len += RTA_ALIGN(rta->rta_len); } rta = RTA_NEXT(rta, rtasize); } - + rta = (struct rtattr*)pos; if (tmpl == NULL && new_encap) { /* add tmpl if we are enabling it */ rta->rta_type = XFRMA_ENCAP; rta->rta_len = RTA_LENGTH(sizeof(struct xfrm_encap_tmpl)); - + hdr->nlmsg_len += rta->rta_len; if (hdr->nlmsg_len > sizeof(request)) { return FAILED; } - + tmpl = (struct xfrm_encap_tmpl*)RTA_DATA(rta); tmpl->encap_type = UDP_ENCAP_ESPINUDP; tmpl->encap_sport = ntohs(new_src->get_port(new_src)); tmpl->encap_dport = ntohs(new_dst->get_port(new_dst)); memset(&tmpl->encap_oa, 0, sizeof (xfrm_address_t)); - + rta = XFRM_RTA_NEXT(rta); } - + if (got_replay_state) { /* copy the replay data if available */ rta->rta_type = XFRMA_REPLAY_VAL; rta->rta_len = RTA_LENGTH(sizeof(struct xfrm_replay_state)); - + hdr->nlmsg_len += rta->rta_len; if (hdr->nlmsg_len > sizeof(request)) { return FAILED; } memcpy(RTA_DATA(rta), &replay, sizeof(replay)); - + rta = XFRM_RTA_NEXT(rta); } @@ -1527,14 +1527,14 @@ static status_t update_sa(private_kernel_netlink_ipsec_t *this, return FAILED; } free(out); - + return SUCCESS; } /** * Implementation of kernel_interface_t.add_policy. */ -static status_t add_policy(private_kernel_netlink_ipsec_t *this, +static status_t add_policy(private_kernel_netlink_ipsec_t *this, host_t *src, host_t *dst, traffic_selector_t *src_ts, traffic_selector_t *dst_ts, @@ -1548,13 +1548,13 @@ static status_t add_policy(private_kernel_netlink_ipsec_t *this, netlink_buf_t request; struct xfrm_userpolicy_info *policy_info; struct nlmsghdr *hdr; - + /* create a policy */ policy = malloc_thing(policy_entry_t); memset(policy, 0, sizeof(policy_entry_t)); policy->sel = ts2selector(src_ts, dst_ts); policy->direction = direction; - + /* find the policy, which matches EXACTLY */ this->mutex->lock(this->mutex); current = this->policies->get(this->policies, policy); @@ -1574,10 +1574,10 @@ static status_t add_policy(private_kernel_netlink_ipsec_t *this, this->policies->put(this->policies, policy, policy); policy->refcount = 1; } - + DBG2(DBG_KNL, "adding policy %R === %R %N", src_ts, dst_ts, policy_dir_names, direction); - + memset(&request, 0, sizeof(request)); hdr = (struct nlmsghdr*)request; hdr->nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK; @@ -1595,7 +1595,7 @@ static status_t add_policy(private_kernel_netlink_ipsec_t *this, policy_info->action = XFRM_POLICY_ALLOW; policy_info->share = XFRM_SHARE_ANY; this->mutex->unlock(this->mutex); - + /* policies don't expire */ policy_info->lft.soft_byte_limit = XFRM_INF; policy_info->lft.soft_packet_limit = XFRM_INF; @@ -1605,19 +1605,19 @@ static status_t add_policy(private_kernel_netlink_ipsec_t *this, policy_info->lft.hard_add_expires_seconds = 0; policy_info->lft.soft_use_expires_seconds = 0; policy_info->lft.hard_use_expires_seconds = 0; - + struct rtattr *rthdr = XFRM_RTA(hdr, struct xfrm_userpolicy_info); rthdr->rta_type = XFRMA_TMPL; rthdr->rta_len = RTA_LENGTH(sizeof(struct xfrm_user_tmpl)); - + hdr->nlmsg_len += rthdr->rta_len; if (hdr->nlmsg_len > sizeof(request)) { return FAILED; } - + struct xfrm_user_tmpl *tmpl = (struct xfrm_user_tmpl*)RTA_DATA(rthdr); - + if (ipcomp != IPCOMP_NONE) { tmpl->reqid = reqid; @@ -1626,10 +1626,10 @@ static status_t add_policy(private_kernel_netlink_ipsec_t *this, tmpl->mode = mode2kernel(mode); tmpl->optional = direction != POLICY_OUT; tmpl->family = src->get_family(src); - + host2xfrm(src, &tmpl->saddr); host2xfrm(dst, &tmpl->id.daddr); - + /* add an additional xfrm_user_tmpl */ rthdr->rta_len += RTA_LENGTH(sizeof(struct xfrm_user_tmpl)); hdr->nlmsg_len += RTA_LENGTH(sizeof(struct xfrm_user_tmpl)); @@ -1637,26 +1637,26 @@ static status_t add_policy(private_kernel_netlink_ipsec_t *this, { return FAILED; } - + tmpl++; } - + tmpl->reqid = reqid; tmpl->id.proto = proto_ike2kernel(protocol); tmpl->aalgos = tmpl->ealgos = tmpl->calgos = ~0; tmpl->mode = mode2kernel(mode); tmpl->family = src->get_family(src); - + host2xfrm(src, &tmpl->saddr); host2xfrm(dst, &tmpl->id.daddr); - + if (this->socket_xfrm->send_ack(this->socket_xfrm, hdr) != SUCCESS) { DBG1(DBG_KNL, "unable to add policy %R === %R %N", src_ts, dst_ts, policy_dir_names, direction); return FAILED; } - + /* install a route, if: * - we are NOT updating a policy * - this is a forward policy (to just get one for each child) @@ -1669,7 +1669,7 @@ static status_t add_policy(private_kernel_netlink_ipsec_t *this, this->install_routes) { route_entry_t *route = malloc_thing(route_entry_t); - + if (charon->kernel_interface->get_address_by_ts(charon->kernel_interface, dst_ts, &route->src_ip) == SUCCESS) { @@ -1681,9 +1681,9 @@ static status_t add_policy(private_kernel_netlink_ipsec_t *this, route->dst_net = chunk_alloc(policy->sel.family == AF_INET ? 4 : 16); memcpy(route->dst_net.ptr, &policy->sel.saddr, route->dst_net.len); route->prefixlen = policy->sel.prefixlen_s; - + if (route->if_name) - { + { switch (charon->kernel_interface->add_route( charon->kernel_interface, route->dst_net, route->prefixlen, route->gateway, @@ -1720,7 +1720,7 @@ static status_t add_policy(private_kernel_netlink_ipsec_t *this, * Implementation of kernel_interface_t.query_policy. */ static status_t query_policy(private_kernel_netlink_ipsec_t *this, - traffic_selector_t *src_ts, + traffic_selector_t *src_ts, traffic_selector_t *dst_ts, policy_dir_t direction, u_int32_t *use_time) { @@ -1729,9 +1729,9 @@ static status_t query_policy(private_kernel_netlink_ipsec_t *this, struct xfrm_userpolicy_id *policy_id; struct xfrm_userpolicy_info *policy = NULL; size_t len; - + memset(&request, 0, sizeof(request)); - + DBG2(DBG_KNL, "querying policy %R === %R %N", src_ts, dst_ts, policy_dir_names, direction); @@ -1743,7 +1743,7 @@ static status_t query_policy(private_kernel_netlink_ipsec_t *this, policy_id = (struct xfrm_userpolicy_id*)NLMSG_DATA(hdr); policy_id->sel = ts2selector(src_ts, dst_ts); policy_id->dir = direction; - + if (this->socket_xfrm->send(this->socket_xfrm, hdr, &out, &len) == SUCCESS) { hdr = out; @@ -1772,7 +1772,7 @@ static status_t query_policy(private_kernel_netlink_ipsec_t *this, break; } } - + if (policy == NULL) { DBG2(DBG_KNL, "unable to query policy %R === %R %N", src_ts, dst_ts, @@ -1780,7 +1780,7 @@ static status_t query_policy(private_kernel_netlink_ipsec_t *this, free(out); return FAILED; } - + if (policy->curlft.use_time) { /* we need the monotonic time, but the kernel returns system time. */ @@ -1790,7 +1790,7 @@ static status_t query_policy(private_kernel_netlink_ipsec_t *this, { *use_time = 0; } - + free(out); return SUCCESS; } @@ -1799,7 +1799,7 @@ static status_t query_policy(private_kernel_netlink_ipsec_t *this, * Implementation of kernel_interface_t.del_policy. */ static status_t del_policy(private_kernel_netlink_ipsec_t *this, - traffic_selector_t *src_ts, + traffic_selector_t *src_ts, traffic_selector_t *dst_ts, policy_dir_t direction, bool unrouted) { @@ -1808,15 +1808,15 @@ static status_t del_policy(private_kernel_netlink_ipsec_t *this, netlink_buf_t request; struct nlmsghdr *hdr; struct xfrm_userpolicy_id *policy_id; - + DBG2(DBG_KNL, "deleting policy %R === %R %N", src_ts, dst_ts, policy_dir_names, direction); - + /* create a policy */ memset(&policy, 0, sizeof(policy_entry_t)); policy.sel = ts2selector(src_ts, dst_ts); policy.direction = direction; - + /* find the policy */ this->mutex->lock(this->mutex); current = this->policies->get(this->policies, &policy); @@ -1840,9 +1840,9 @@ static status_t del_policy(private_kernel_netlink_ipsec_t *this, dst_ts, policy_dir_names, direction); return NOT_FOUND; } - + memset(&request, 0, sizeof(request)); - + hdr = (struct nlmsghdr*)request; hdr->nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK; hdr->nlmsg_type = XFRM_MSG_DELPOLICY; @@ -1851,10 +1851,10 @@ static status_t del_policy(private_kernel_netlink_ipsec_t *this, policy_id = (struct xfrm_userpolicy_id*)NLMSG_DATA(hdr); policy_id->sel = to_delete->sel; policy_id->dir = direction; - + route = to_delete->route; free(to_delete); - + if (this->socket_xfrm->send_ack(this->socket_xfrm, hdr) != SUCCESS) { DBG1(DBG_KNL, "unable to delete policy %R === %R %N", src_ts, dst_ts, @@ -1871,7 +1871,7 @@ static status_t del_policy(private_kernel_netlink_ipsec_t *this, DBG1(DBG_KNL, "error uninstalling route installed with " "policy %R === %R %N", src_ts, dst_ts, policy_dir_names, direction); - } + } route_entry_destroy(route); } return SUCCESS; @@ -1884,7 +1884,7 @@ static void destroy(private_kernel_netlink_ipsec_t *this) { enumerator_t *enumerator; policy_entry_t *policy; - + this->job->cancel(this->job); close(this->socket_xfrm_events); this->socket_xfrm->destroy(this->socket_xfrm); @@ -1907,7 +1907,7 @@ static bool add_bypass_policies() int fd, family, port; enumerator_t *sockets; bool status = TRUE; - + /* we open an AF_KEY socket to autoload the af_key module. Otherwise * setsockopt(IPSEC_POLICY) won't work. */ fd = socket(AF_KEY, SOCK_RAW, PF_KEY_V2); @@ -1917,13 +1917,13 @@ static bool add_bypass_policies() return FALSE; } close(fd); - + sockets = charon->socket->create_enumerator(charon->socket); while (sockets->enumerate(sockets, &fd, &family, &port)) { struct sadb_x_policy policy; u_int sol, ipsec_policy; - + switch (family) { case AF_INET: @@ -1937,12 +1937,12 @@ static bool add_bypass_policies() default: continue; } - + memset(&policy, 0, sizeof(policy)); policy.sadb_x_policy_len = sizeof(policy) / sizeof(u_int64_t); policy.sadb_x_policy_exttype = SADB_X_EXT_POLICY; policy.sadb_x_policy_type = IPSEC_POLICY_BYPASS; - + policy.sadb_x_policy_dir = IPSEC_DIR_OUTBOUND; if (setsockopt(fd, sol, ipsec_policy, &policy, sizeof(policy)) < 0) { @@ -1954,7 +1954,7 @@ static bool add_bypass_policies() policy.sadb_x_policy_dir = IPSEC_DIR_INBOUND; if (setsockopt(fd, sol, ipsec_policy, &policy, sizeof(policy)) < 0) { - DBG1(DBG_KNL, "unable to set IPSEC_POLICY on socket: %s", + DBG1(DBG_KNL, "unable to set IPSEC_POLICY on socket: %s", strerror(errno)); status = FALSE; break; @@ -1972,7 +1972,7 @@ kernel_netlink_ipsec_t *kernel_netlink_ipsec_create() private_kernel_netlink_ipsec_t *this = malloc_thing(private_kernel_netlink_ipsec_t); struct sockaddr_nl addr; int fd; - + /* public functions */ this->public.interface.get_spi = (status_t(*)(kernel_ipsec_t*,host_t*,host_t*,protocol_id_t,u_int32_t,u_int32_t*))get_spi; this->public.interface.get_cpi = (status_t(*)(kernel_ipsec_t*,host_t*,host_t*,u_int32_t,u_int16_t*))get_cpi; @@ -1991,7 +1991,7 @@ kernel_netlink_ipsec_t *kernel_netlink_ipsec_create() this->mutex = mutex_create(MUTEX_TYPE_DEFAULT); this->install_routes = lib->settings->get_bool(lib->settings, "charon.install_routes", TRUE); - + /* disable lifetimes for allocated SPIs in kernel */ fd = open("/proc/sys/net/core/xfrm_acq_expires", O_WRONLY); if (fd) @@ -1999,18 +1999,18 @@ kernel_netlink_ipsec_t *kernel_netlink_ipsec_create() ignore_result(write(fd, "0", 1)); close(fd); } - + /* add bypass policies on the sockets used by charon */ if (!add_bypass_policies()) { charon->kill(charon, "unable to add bypass policies on sockets"); } - + this->socket_xfrm = netlink_socket_create(NETLINK_XFRM); - + memset(&addr, 0, sizeof(addr)); addr.nl_family = AF_NETLINK; - + /* create and bind XFRM socket for ACQUIRE, EXPIRE, MIGRATE & MAPPING */ this->socket_xfrm_events = socket(AF_NETLINK, SOCK_RAW, NETLINK_XFRM); if (this->socket_xfrm_events <= 0) @@ -2023,10 +2023,10 @@ kernel_netlink_ipsec_t *kernel_netlink_ipsec_create() { charon->kill(charon, "unable to bind XFRM event socket"); } - + this->job = callback_job_create((callback_job_cb_t)receive_events, this, NULL, NULL); charon->processor->queue_job(charon->processor, (job_t*)this->job); - + return &this->public; } diff --git a/src/charon/plugins/kernel_netlink/kernel_netlink_net.c b/src/charon/plugins/kernel_netlink/kernel_netlink_net.c index 068860797..4b2a05f8f 100644 --- a/src/charon/plugins/kernel_netlink/kernel_netlink_net.c +++ b/src/charon/plugins/kernel_netlink/kernel_netlink_net.c @@ -48,16 +48,16 @@ typedef struct addr_entry_t addr_entry_t; * IP address in an inface_entry_t */ struct addr_entry_t { - + /** The ip address */ host_t *ip; - + /** virtual IP managed by us */ bool virtual; - + /** scope of the address */ u_char scope; - + /** Number of times this IP is used, if virtual */ u_int refcount; }; @@ -77,16 +77,16 @@ typedef struct iface_entry_t iface_entry_t; * A network interface on this system, containing addr_entry_t's */ struct iface_entry_t { - + /** interface index */ int ifindex; - + /** name of the interface */ char ifname[IFNAMSIZ]; - + /** interface flags, as in netdevice(7) SIOCGIFFLAGS */ u_int flags; - + /** list of addresses as host_t */ linked_list_t *addrs; }; @@ -110,57 +110,57 @@ struct private_kernel_netlink_net_t { * Public part of the kernel_netlink_net_t object. */ kernel_netlink_net_t public; - + /** * mutex to lock access to various lists */ mutex_t *mutex; - + /** * condition variable to signal virtual IP add/removal */ condvar_t *condvar; - + /** * Cached list of interfaces and its addresses (iface_entry_t) */ linked_list_t *ifaces; - + /** * job receiving netlink events */ callback_job_t *job; - + /** * netlink rt socket (routing) */ netlink_socket_t *socket; - + /** * Netlink rt socket to receive address change events */ int socket_events; - + /** * time of the last roam_job */ timeval_t last_roam; - + /** * routing table to install routes */ int routing_table; - + /** * priority of used routing table */ int routing_table_prio; - + /** * whether to react to RTM_NEWROUTE or RTM_DELROUTE events */ bool process_route; - + /** * whether to actually install virtual IPs */ @@ -176,7 +176,7 @@ static int get_vip_refcount(private_kernel_netlink_net_t *this, host_t* ip) iface_entry_t *iface; addr_entry_t *addr; int refcount = 0; - + ifaces = this->ifaces->create_iterator(this->ifaces, TRUE); while (ifaces->iterate(ifaces, (void**)&iface)) { @@ -197,7 +197,7 @@ static int get_vip_refcount(private_kernel_netlink_net_t *this, host_t* ip) } } ifaces->destroy(ifaces); - + return refcount; } @@ -208,7 +208,7 @@ static int get_vip_refcount(private_kernel_netlink_net_t *this, host_t* ip) static void fire_roam_job(private_kernel_netlink_net_t *this, bool address) { timeval_t now; - + time_monotonic(&now); if (timercmp(&now, &this->last_roam, >)) { @@ -237,7 +237,7 @@ static void process_link(private_kernel_netlink_net_t *this, iface_entry_t *current, *entry = NULL; char *name = NULL; bool update = FALSE; - + while(RTA_OK(rta, rtasize)) { switch (rta->rta_type) @@ -252,7 +252,7 @@ static void process_link(private_kernel_netlink_net_t *this, { name = "(unknown)"; } - + this->mutex->lock(this->mutex); switch (hdr->nlmsg_type) { @@ -305,7 +305,7 @@ static void process_link(private_kernel_netlink_net_t *this, { if (current->ifindex == msg->ifi_index) { - /* we do not remove it, as an address may be added to a + /* we do not remove it, as an address may be added to a * "down" interface and we wan't to know that. */ current->flags = msg->ifi_flags; break; @@ -316,7 +316,7 @@ static void process_link(private_kernel_netlink_net_t *this, } } this->mutex->unlock(this->mutex); - + /* send an update to all IKE_SAs */ if (update && event) { @@ -339,7 +339,7 @@ static void process_addr(private_kernel_netlink_net_t *this, addr_entry_t *addr; chunk_t local = chunk_empty, address = chunk_empty; bool update = FALSE, found = FALSE, changed = FALSE; - + while(RTA_OK(rta, rtasize)) { switch (rta->rta_type) @@ -355,7 +355,7 @@ static void process_addr(private_kernel_netlink_net_t *this, } rta = RTA_NEXT(rta, rtasize); } - + /* For PPP interfaces, we need the IFA_LOCAL address, * IFA_ADDRESS is the peers address. But IFA_LOCAL is * not included in all cases (IPv6?), so fallback to IFA_ADDRESS. */ @@ -367,12 +367,12 @@ static void process_addr(private_kernel_netlink_net_t *this, { host = host_create_from_chunk(msg->ifa_family, address, 0); } - + if (host == NULL) { /* bad family? */ return; } - + this->mutex->lock(this->mutex); ifaces = this->ifaces->create_enumerator(this->ifaces); while (ifaces->enumerate(ifaces, &iface)) @@ -403,7 +403,7 @@ static void process_addr(private_kernel_netlink_net_t *this, } } addrs->destroy(addrs); - + if (hdr->nlmsg_type == RTM_NEWADDR) { if (!found) @@ -415,7 +415,7 @@ static void process_addr(private_kernel_netlink_net_t *this, addr->virtual = FALSE; addr->refcount = 1; addr->scope = msg->ifa_scope; - + iface->addrs->insert_last(iface->addrs, addr); if (event) { @@ -433,7 +433,7 @@ static void process_addr(private_kernel_netlink_net_t *this, ifaces->destroy(ifaces); this->mutex->unlock(this->mutex); host->destroy(host); - + /* send an update to all IKE_SAs */ if (update && event && changed) { @@ -450,13 +450,13 @@ static void process_route(private_kernel_netlink_net_t *this, struct nlmsghdr *h struct rtattr *rta = RTM_RTA(msg); size_t rtasize = RTM_PAYLOAD(hdr); host_t *host = NULL; - + /* ignore routes added by us */ if (msg->rtm_table && msg->rtm_table == this->routing_table) { return; } - + while (RTA_OK(rta, rtasize)) { switch (rta->rta_type) @@ -491,11 +491,11 @@ static job_requeue_t receive_events(private_kernel_netlink_net_t *this) socklen_t addr_len = sizeof(addr); int len, oldstate; - pthread_setcancelstate(PTHREAD_CANCEL_ENABLE, &oldstate); + pthread_setcancelstate(PTHREAD_CANCEL_ENABLE, &oldstate); len = recvfrom(this->socket_events, response, sizeof(response), 0, (struct sockaddr*)&addr, &addr_len); pthread_setcancelstate(oldstate, NULL); - + if (len < 0) { switch (errno) @@ -512,12 +512,12 @@ static job_requeue_t receive_events(private_kernel_netlink_net_t *this) return JOB_REQUEUE_FAIR; } } - + if (addr.nl_pid != 0) { /* not from kernel. not interested, try another one */ return JOB_REQUEUE_DIRECT; } - + while (NLMSG_OK(hdr, len)) { /* looks good so far, dispatch netlink message */ @@ -553,7 +553,7 @@ typedef struct { private_kernel_netlink_net_t* this; /** whether to enumerate down interfaces */ bool include_down_ifaces; - /** whether to enumerate virtual ip addresses */ + /** whether to enumerate virtual ip addresses */ bool include_virtual_ips; } address_enumerator_t; @@ -615,7 +615,7 @@ static enumerator_t *create_address_enumerator(private_kernel_netlink_net_t *thi data->this = this; data->include_down_ifaces = include_down_ifaces; data->include_virtual_ips = include_virtual_ips; - + this->mutex->lock(this->mutex); return enumerator_create_nested( enumerator_create_filter(this->ifaces->create_enumerator(this->ifaces), @@ -632,9 +632,9 @@ static char *get_interface_name(private_kernel_netlink_net_t *this, host_t* ip) iface_entry_t *iface; addr_entry_t *addr; char *name = NULL; - + DBG2(DBG_KNL, "getting interface name for %H", ip); - + this->mutex->lock(this->mutex); ifaces = this->ifaces->create_enumerator(this->ifaces); while (ifaces->enumerate(ifaces, &iface)) @@ -656,7 +656,7 @@ static char *get_interface_name(private_kernel_netlink_net_t *this, host_t* ip) } ifaces->destroy(ifaces); this->mutex->unlock(this->mutex); - + if (name) { DBG2(DBG_KNL, "%H is on interface %s", ip, name); @@ -676,9 +676,9 @@ static int get_interface_index(private_kernel_netlink_net_t *this, char* name) enumerator_t *ifaces; iface_entry_t *iface; int ifindex = 0; - + DBG2(DBG_KNL, "getting iface index for %s", name); - + this->mutex->lock(this->mutex); ifaces = this->ifaces->create_enumerator(this->ifaces); while (ifaces->enumerate(ifaces, &iface)) @@ -708,7 +708,7 @@ static bool is_interface_up(private_kernel_netlink_net_t *this, int index) iface_entry_t *iface; /* default to TRUE for interface we do not monitor (e.g. lo) */ bool up = TRUE; - + ifaces = this->ifaces->create_enumerator(this->ifaces); while (ifaces->enumerate(ifaces, &iface)) { @@ -729,7 +729,7 @@ static bool addr_in_subnet(chunk_t addr, chunk_t net, int net_len) { static const u_char mask[] = { 0x00, 0x80, 0xc0, 0xe0, 0xf0, 0xf8, 0xfc, 0xfe }; int byte = 0; - + if (net_len == 0) { /* any address matches a /0 network */ return TRUE; @@ -771,9 +771,9 @@ static host_t *get_route(private_kernel_netlink_net_t *this, host_t *dest, size_t len; int best = -1; host_t *src = NULL, *gtw = NULL; - + DBG2(DBG_KNL, "getting address to reach %H", dest); - + memset(&request, 0, sizeof(request)); hdr = (struct nlmsghdr*)request; @@ -790,7 +790,7 @@ static host_t *get_route(private_kernel_netlink_net_t *this, host_t *dest, } chunk = dest->get_address(dest); netlink_add_attribute(hdr, RTA_DST, chunk, sizeof(request)); - + if (this->socket->send(this->socket, hdr, &out, &len) != SUCCESS) { DBG1(DBG_KNL, "getting address to %H failed", dest); @@ -811,7 +811,7 @@ static host_t *get_route(private_kernel_netlink_net_t *this, host_t *dest, chunk_t rta_gtw, rta_src, rta_dst; u_int32_t rta_oif = 0; host_t *new_src, *new_gtw; - + rta_gtw = rta_src = rta_dst = chunk_empty; msg = (struct rtmsg*)(NLMSG_DATA(current)); rta = RTM_RTA(msg); @@ -855,7 +855,7 @@ static host_t *get_route(private_kernel_netlink_net_t *this, host_t *dest, { /* route destination does not contain dest */ goto next; } - + if (nexthop) { /* nexthop lookup, return gateway */ @@ -907,7 +907,7 @@ static host_t *get_route(private_kernel_netlink_net_t *this, host_t *dest, } free(out); this->mutex->unlock(this->mutex); - + if (nexthop) { if (gtw) @@ -947,23 +947,23 @@ static status_t manage_ipaddr(private_kernel_netlink_net_t *this, int nlmsg_type struct nlmsghdr *hdr; struct ifaddrmsg *msg; chunk_t chunk; - + memset(&request, 0, sizeof(request)); - + chunk = ip->get_address(ip); - + hdr = (struct nlmsghdr*)request; hdr->nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK | flags; - hdr->nlmsg_type = nlmsg_type; + hdr->nlmsg_type = nlmsg_type; hdr->nlmsg_len = NLMSG_LENGTH(sizeof(struct ifaddrmsg)); - + msg = (struct ifaddrmsg*)NLMSG_DATA(hdr); msg->ifa_family = ip->get_family(ip); msg->ifa_flags = 0; msg->ifa_prefixlen = 8 * chunk.len; msg->ifa_scope = RT_SCOPE_UNIVERSE; msg->ifa_index = if_index; - + netlink_add_attribute(hdr, IFA_LOCAL, chunk, sizeof(request)); return this->socket->send_ack(this->socket, hdr); @@ -972,27 +972,27 @@ static status_t manage_ipaddr(private_kernel_netlink_net_t *this, int nlmsg_type /** * Implementation of kernel_net_t.add_ip. */ -static status_t add_ip(private_kernel_netlink_net_t *this, +static status_t add_ip(private_kernel_netlink_net_t *this, host_t *virtual_ip, host_t *iface_ip) { iface_entry_t *iface; addr_entry_t *addr; enumerator_t *addrs, *ifaces; int ifindex; - + if (!this->install_virtual_ip) { /* disabled by config */ return SUCCESS; } - + DBG2(DBG_KNL, "adding virtual IP %H", virtual_ip); - + this->mutex->lock(this->mutex); ifaces = this->ifaces->create_enumerator(this->ifaces); while (ifaces->enumerate(ifaces, &iface)) { bool iface_found = FALSE; - + addrs = iface->addrs->create_enumerator(iface->addrs); while (addrs->enumerate(addrs, &addr)) { @@ -1012,7 +1012,7 @@ static status_t add_ip(private_kernel_netlink_net_t *this, } } addrs->destroy(addrs); - + if (iface_found) { ifindex = iface->ifindex; @@ -1022,7 +1022,7 @@ static status_t add_ip(private_kernel_netlink_net_t *this, addr->virtual = TRUE; addr->scope = RT_SCOPE_UNIVERSE; iface->addrs->insert_last(iface->addrs, addr); - + if (manage_ipaddr(this, RTM_NEWADDR, NLM_F_CREATE | NLM_F_EXCL, ifindex, virtual_ip) == SUCCESS) { @@ -1042,7 +1042,7 @@ static status_t add_ip(private_kernel_netlink_net_t *this, } ifaces->destroy(ifaces); this->mutex->unlock(this->mutex); - + DBG1(DBG_KNL, "interface address %H not found, unable to install" "virtual IP %H", iface_ip, virtual_ip); return FAILED; @@ -1058,14 +1058,14 @@ static status_t del_ip(private_kernel_netlink_net_t *this, host_t *virtual_ip) enumerator_t *addrs, *ifaces; status_t status; int ifindex; - + if (!this->install_virtual_ip) { /* disabled by config */ return SUCCESS; } - + DBG2(DBG_KNL, "deleting virtual IP %H", virtual_ip); - + this->mutex->lock(this->mutex); ifaces = this->ifaces->create_enumerator(this->ifaces); while (ifaces->enumerate(ifaces, &iface)) @@ -1108,7 +1108,7 @@ static status_t del_ip(private_kernel_netlink_net_t *this, host_t *virtual_ip) } ifaces->destroy(ifaces); this->mutex->unlock(this->mutex); - + DBG2(DBG_KNL, "virtual IP %H not cached, unable to delete", virtual_ip); return FAILED; } @@ -1135,11 +1135,11 @@ static status_t manage_srcroute(private_kernel_netlink_net_t *this, int nlmsg_ty chunk_t half_net; u_int8_t half_prefixlen; status_t status; - + half_net = chunk_alloca(dst_net.len); memset(half_net.ptr, 0, half_net.len); half_prefixlen = 1; - + status = manage_srcroute(this, nlmsg_type, flags, half_net, half_prefixlen, gateway, src_ip, if_name); half_net.ptr[0] |= 0x80; @@ -1147,7 +1147,7 @@ static status_t manage_srcroute(private_kernel_netlink_net_t *this, int nlmsg_ty gateway, src_ip, if_name); return status; } - + memset(&request, 0, sizeof(request)); hdr = (struct nlmsghdr*)request; @@ -1162,7 +1162,7 @@ static status_t manage_srcroute(private_kernel_netlink_net_t *this, int nlmsg_ty msg->rtm_protocol = RTPROT_STATIC; msg->rtm_type = RTN_UNICAST; msg->rtm_scope = RT_SCOPE_UNIVERSE; - + netlink_add_attribute(hdr, RTA_DST, dst_net, sizeof(request)); chunk = src_ip->get_address(src_ip); netlink_add_attribute(hdr, RTA_PREFSRC, chunk, sizeof(request)); @@ -1185,7 +1185,7 @@ static status_t add_route(private_kernel_netlink_net_t *this, chunk_t dst_net, return manage_srcroute(this, RTM_NEWROUTE, NLM_F_CREATE | NLM_F_EXCL, dst_net, prefixlen, gateway, src_ip, if_name); } - + /** * Implementation of kernel_net_t.del_route. */ @@ -1208,9 +1208,9 @@ static status_t init_address_list(private_kernel_netlink_net_t *this) enumerator_t *ifaces, *addrs; iface_entry_t *iface; addr_entry_t *addr; - + DBG1(DBG_KNL, "listening on interfaces:"); - + memset(&request, 0, sizeof(request)); in = (struct nlmsghdr*)&request; @@ -1218,7 +1218,7 @@ static status_t init_address_list(private_kernel_netlink_net_t *this) in->nlmsg_flags = NLM_F_REQUEST | NLM_F_MATCH | NLM_F_ROOT; msg = (struct rtgenmsg*)NLMSG_DATA(in); msg->rtgen_family = AF_UNSPEC; - + /* get all links */ in->nlmsg_type = RTM_GETLINK; if (this->socket->send(this->socket, in, &out, &len) != SUCCESS) @@ -1242,7 +1242,7 @@ static status_t init_address_list(private_kernel_netlink_net_t *this) break; } free(out); - + /* get all interface addresses */ in->nlmsg_type = RTM_GETADDR; if (this->socket->send(this->socket, in, &out, &len) != SUCCESS) @@ -1266,7 +1266,7 @@ static status_t init_address_list(private_kernel_netlink_net_t *this) break; } free(out); - + this->mutex->lock(this->mutex); ifaces = this->ifaces->create_enumerator(this->ifaces); while (ifaces->enumerate(ifaces, &iface)) @@ -1298,10 +1298,10 @@ static status_t manage_rule(private_kernel_netlink_net_t *this, int nlmsg_type, struct rtmsg *msg; chunk_t chunk; - memset(&request, 0, sizeof(request)); + memset(&request, 0, sizeof(request)); hdr = (struct nlmsghdr*)request; hdr->nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK; - hdr->nlmsg_type = nlmsg_type; + hdr->nlmsg_type = nlmsg_type; if (nlmsg_type == RTM_NEWRULE) { hdr->nlmsg_flags |= NLM_F_CREATE | NLM_F_EXCL; @@ -1348,7 +1348,7 @@ kernel_netlink_net_t *kernel_netlink_net_create() { private_kernel_netlink_net_t *this = malloc_thing(private_kernel_netlink_net_t); struct sockaddr_nl addr; - + /* public functions */ this->public.interface.get_interface = (char*(*)(kernel_net_t*,host_t*))get_interface_name; this->public.interface.create_address_enumerator = (enumerator_t*(*)(kernel_net_t*,bool,bool))create_address_enumerator; @@ -1373,34 +1373,34 @@ kernel_netlink_net_t *kernel_netlink_net_create() "charon.process_route", TRUE); this->install_virtual_ip = lib->settings->get_bool(lib->settings, "charon.install_virtual_ip", TRUE); - + this->socket = netlink_socket_create(NETLINK_ROUTE); - + memset(&addr, 0, sizeof(addr)); addr.nl_family = AF_NETLINK; - + /* create and bind RT socket for events (address/interface/route changes) */ this->socket_events = socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE); if (this->socket_events <= 0) { charon->kill(charon, "unable to create RT event socket"); } - addr.nl_groups = RTMGRP_IPV4_IFADDR | RTMGRP_IPV6_IFADDR | + addr.nl_groups = RTMGRP_IPV4_IFADDR | RTMGRP_IPV6_IFADDR | RTMGRP_IPV4_ROUTE | RTMGRP_IPV4_ROUTE | RTMGRP_LINK; if (bind(this->socket_events, (struct sockaddr*)&addr, sizeof(addr))) { charon->kill(charon, "unable to bind RT event socket"); } - + this->job = callback_job_create((callback_job_cb_t)receive_events, this, NULL, NULL); charon->processor->queue_job(charon->processor, (job_t*)this->job); - + if (init_address_list(this) != SUCCESS) { charon->kill(charon, "unable to get interface list"); } - + if (this->routing_table) { if (manage_rule(this, RTM_NEWRULE, this->routing_table, @@ -1409,6 +1409,6 @@ kernel_netlink_net_t *kernel_netlink_net_create() DBG1(DBG_KNL, "unable to create routing table rule"); } } - + return &this->public; } diff --git a/src/charon/plugins/kernel_netlink/kernel_netlink_plugin.c b/src/charon/plugins/kernel_netlink/kernel_netlink_plugin.c index 77005e871..cdf20f14a 100644 --- a/src/charon/plugins/kernel_netlink/kernel_netlink_plugin.c +++ b/src/charon/plugins/kernel_netlink/kernel_netlink_plugin.c @@ -49,11 +49,11 @@ static void destroy(private_kernel_netlink_plugin_t *this) plugin_t *plugin_create() { private_kernel_netlink_plugin_t *this = malloc_thing(private_kernel_netlink_plugin_t); - + this->public.plugin.destroy = (void(*)(plugin_t*))destroy; - + charon->kernel_interface->add_ipsec_interface(charon->kernel_interface, (kernel_ipsec_constructor_t)kernel_netlink_ipsec_create); charon->kernel_interface->add_net_interface(charon->kernel_interface, (kernel_net_constructor_t)kernel_netlink_net_create); - + return &this->public.plugin; } diff --git a/src/charon/plugins/kernel_netlink/kernel_netlink_shared.c b/src/charon/plugins/kernel_netlink/kernel_netlink_shared.c index ec1187083..3d8ca8807 100644 --- a/src/charon/plugins/kernel_netlink/kernel_netlink_shared.c +++ b/src/charon/plugins/kernel_netlink/kernel_netlink_shared.c @@ -34,7 +34,7 @@ struct private_netlink_socket_t { * public part of the netlink_socket_t object. */ netlink_socket_t public; - + /** * mutex to lock access to netlink socket */ @@ -46,12 +46,12 @@ struct private_netlink_socket_t { int seq; /** - * netlink socket protocol + * netlink socket protocol */ int protocol; /** - * netlink socket + * netlink socket */ int socket; }; @@ -71,12 +71,12 @@ static status_t netlink_send(private_netlink_socket_t *this, struct nlmsghdr *in struct sockaddr_nl addr; chunk_t result = chunk_empty, tmp; struct nlmsghdr *msg, peek; - + this->mutex->lock(this->mutex); - + in->nlmsg_seq = ++this->seq; in->nlmsg_pid = getpid(); - + memset(&addr, 0, sizeof(addr)); addr.nl_family = AF_NETLINK; addr.nl_pid = 0; @@ -91,11 +91,11 @@ static status_t netlink_send(private_netlink_socket_t *this, struct nlmsghdr *in while (TRUE) { - len = sendto(this->socket, in, in->nlmsg_len, 0, + len = sendto(this->socket, in, in->nlmsg_len, 0, (struct sockaddr*)&addr, sizeof(addr)); - + if (len != in->nlmsg_len) - { + { if (errno == EINTR) { /* interrupted, try again */ @@ -107,23 +107,23 @@ static status_t netlink_send(private_netlink_socket_t *this, struct nlmsghdr *in } break; } - + while (TRUE) - { + { char buf[4096]; tmp.len = sizeof(buf); tmp.ptr = buf; msg = (struct nlmsghdr*)tmp.ptr; - + memset(&addr, 0, sizeof(addr)); addr.nl_family = AF_NETLINK; addr.nl_pid = getpid(); addr.nl_groups = 0; addr_len = sizeof(addr); - + len = recvfrom(this->socket, tmp.ptr, tmp.len, 0, (struct sockaddr*)&addr, &addr_len); - + if (len < 0) { if (errno == EINTR) @@ -155,17 +155,17 @@ static status_t netlink_send(private_netlink_socket_t *this, struct nlmsghdr *in free(result.ptr); return FAILED; } - + tmp.len = len; result.ptr = realloc(result.ptr, result.len + tmp.len); memcpy(result.ptr + result.len, tmp.ptr, tmp.len); result.len += tmp.len; - + /* NLM_F_MULTI flag does not seem to be set correctly, we use sequence * numbers to detect multi header messages */ len = recvfrom(this->socket, &peek, sizeof(peek), MSG_PEEK | MSG_DONTWAIT, (struct sockaddr*)&addr, &addr_len); - + if (len == sizeof(peek) && peek.nlmsg_seq == this->seq) { /* seems to be multipart */ @@ -173,12 +173,12 @@ static status_t netlink_send(private_netlink_socket_t *this, struct nlmsghdr *in } break; } - + *out_len = result.len; *out = (struct nlmsghdr*)result.ptr; - + this->mutex->unlock(this->mutex); - + return SUCCESS; } @@ -202,7 +202,7 @@ static status_t netlink_send_ack(private_netlink_socket_t *this, struct nlmsghdr case NLMSG_ERROR: { struct nlmsgerr* err = (struct nlmsgerr*)NLMSG_DATA(hdr); - + if (err->error) { if (-err->error == EEXIST) @@ -247,7 +247,7 @@ static void destroy(private_netlink_socket_t *this) netlink_socket_t *netlink_socket_create(int protocol) { private_netlink_socket_t *this = malloc_thing(private_netlink_socket_t); struct sockaddr_nl addr; - + /* public functions */ this->public.send = (status_t(*)(netlink_socket_t*,struct nlmsghdr*, struct nlmsghdr**, size_t*))netlink_send; this->public.send_ack = (status_t(*)(netlink_socket_t*,struct nlmsghdr*))netlink_send_ack; @@ -256,23 +256,23 @@ netlink_socket_t *netlink_socket_create(int protocol) { /* private members */ this->seq = 200; this->mutex = mutex_create(MUTEX_TYPE_DEFAULT); - + memset(&addr, 0, sizeof(addr)); addr.nl_family = AF_NETLINK; - + this->protocol = protocol; this->socket = socket(AF_NETLINK, SOCK_RAW, protocol); if (this->socket <= 0) { charon->kill(charon, "unable to create netlink socket"); } - + addr.nl_groups = 0; if (bind(this->socket, (struct sockaddr*)&addr, sizeof(addr))) { charon->kill(charon, "unable to bind netlink socket"); } - + return &this->public; } @@ -283,13 +283,13 @@ void netlink_add_attribute(struct nlmsghdr *hdr, int rta_type, chunk_t data, size_t buflen) { struct rtattr *rta; - + if (NLMSG_ALIGN(hdr->nlmsg_len) + RTA_ALIGN(data.len) > buflen) { DBG1(DBG_KNL, "unable to add attribute, buffer too small"); return; } - + rta = (struct rtattr*)(((char*)hdr) + NLMSG_ALIGN(hdr->nlmsg_len)); rta->rta_type = rta_type; rta->rta_len = RTA_LENGTH(data.len); diff --git a/src/charon/plugins/kernel_netlink/kernel_netlink_shared.h b/src/charon/plugins/kernel_netlink/kernel_netlink_shared.h index 5a70e4d9b..dfd27a21a 100644 --- a/src/charon/plugins/kernel_netlink/kernel_netlink_shared.h +++ b/src/charon/plugins/kernel_netlink/kernel_netlink_shared.h @@ -37,20 +37,20 @@ struct netlink_socket_t { /** * Send a netlink message and wait for a reply. - * + * * @param in netlink message to send * @param out received netlink message * @param out_len length of the received message */ status_t (*send)(netlink_socket_t *this, struct nlmsghdr *in, struct nlmsghdr **out, size_t *out_len); - + /** * Send a netlink message and wait for its acknowledge. - * + * * @param in netlink message to send */ status_t (*send_ack)(netlink_socket_t *this, struct nlmsghdr *in); - + /** * Destroy the socket. */ @@ -59,14 +59,14 @@ struct netlink_socket_t { /** * Create a netlink_socket_t object. - * + * * @param protocol protocol type (e.g. NETLINK_XFRM or NETLINK_ROUTE) */ netlink_socket_t *netlink_socket_create(int protocol); /** * Creates an rtattr and adds it to the given netlink message. - * + * * @param hdr netlink message * @param rta_type type of the rtattr * @param data data to add to the rtattr diff --git a/src/charon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c b/src/charon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c index 002e1bee8..57e3a92e3 100644 --- a/src/charon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c +++ b/src/charon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c @@ -151,42 +151,42 @@ struct private_kernel_pfkey_ipsec_t * Public part of the kernel_pfkey_t object. */ kernel_pfkey_ipsec_t public; - + /** * mutex to lock access to various lists */ mutex_t *mutex; - + /** * List of installed policies (policy_entry_t) */ linked_list_t *policies; - + /** * whether to install routes along policies */ bool install_routes; - + /** * job receiving PF_KEY events */ callback_job_t *job; - + /** * mutex to lock access to the PF_KEY socket */ mutex_t *mutex_pfkey; - + /** * PF_KEY socket to communicate with the kernel */ int socket; - + /** * PF_KEY socket to receive acquire and expire events */ int socket_events; - + /** * sequence number for messages sent to the kernel */ @@ -201,10 +201,10 @@ typedef struct route_entry_t route_entry_t; struct route_entry_t { /** Name of the interface the route is bound to */ char *if_name; - + /** Source ip of the route */ host_t *src_ip; - + /** gateway for this route */ host_t *gateway; @@ -233,16 +233,16 @@ typedef struct policy_entry_t policy_entry_t; * installed kernel policy. */ struct policy_entry_t { - + /** reqid of this policy */ u_int32_t reqid; - + /** index assigned by the kernel */ u_int32_t index; - + /** direction of this policy: in, out, forward */ u_int8_t direction; - + /** parameters of installed policy */ struct { /** subnet and port */ @@ -252,10 +252,10 @@ struct policy_entry_t { /** protocol */ u_int8_t proto; } src, dst; - + /** associated route installed for this policy */ route_entry_t *route; - + /** by how many CHILD_SA's this policy is used */ u_int refcount; }; @@ -272,15 +272,15 @@ static policy_entry_t *create_policy_entry(traffic_selector_t *src_ts, policy->direction = dir; policy->route = NULL; policy->refcount = 0; - + src_ts->to_subnet(src_ts, &policy->src.net, &policy->src.mask); dst_ts->to_subnet(dst_ts, &policy->dst.net, &policy->dst.mask); - + /* src or dest proto may be "any" (0), use more restrictive one */ policy->src.proto = max(src_ts->get_protocol(src_ts), dst_ts->get_protocol(dst_ts)); policy->src.proto = policy->src.proto ? policy->src.proto : IPSEC_PROTO_ANY; policy->dst.proto = policy->src.proto; - + return policy; } @@ -328,7 +328,7 @@ struct pfkey_msg_t * PF_KEY message base */ struct sadb_msg *msg; - + /** * PF_KEY message extensions */ @@ -518,7 +518,7 @@ struct kernel_algorithm_t { * Identifier specified in IKEv2 */ int ikev2; - + /** * Identifier as defined in pfkeyv2.h */ @@ -652,19 +652,19 @@ static void add_encap_ext(struct sadb_msg *msg, host_t *src, host_t *dst) { struct sadb_x_nat_t_type* nat_type; struct sadb_x_nat_t_port* nat_port; - + nat_type = (struct sadb_x_nat_t_type*)PFKEY_EXT_ADD_NEXT(msg); nat_type->sadb_x_nat_t_type_exttype = SADB_X_EXT_NAT_T_TYPE; nat_type->sadb_x_nat_t_type_len = PFKEY_LEN(sizeof(struct sadb_x_nat_t_type)); nat_type->sadb_x_nat_t_type_type = UDP_ENCAP_ESPINUDP; PFKEY_EXT_ADD(msg, nat_type); - + nat_port = (struct sadb_x_nat_t_port*)PFKEY_EXT_ADD_NEXT(msg); nat_port->sadb_x_nat_t_port_exttype = SADB_X_EXT_NAT_T_SPORT; nat_port->sadb_x_nat_t_port_len = PFKEY_LEN(sizeof(struct sadb_x_nat_t_port)); nat_port->sadb_x_nat_t_port_port = htons(src->get_port(src)); PFKEY_EXT_ADD(msg, nat_port); - + nat_port = (struct sadb_x_nat_t_port*)PFKEY_EXT_ADD_NEXT(msg); nat_port->sadb_x_nat_t_port_exttype = SADB_X_EXT_NAT_T_DPORT; nat_port->sadb_x_nat_t_port_len = PFKEY_LEN(sizeof(struct sadb_x_nat_t_port)); @@ -697,15 +697,15 @@ static status_t parse_pfkey_message(struct sadb_msg *msg, pfkey_msg_t *out) { struct sadb_ext* ext; size_t len; - + memset(out, 0, sizeof(pfkey_msg_t)); out->msg = msg; - + len = msg->sadb_msg_len; len -= PFKEY_LEN(sizeof(struct sadb_msg)); - + ext = (struct sadb_ext*)(((char*)msg) + sizeof(struct sadb_msg)); - + while (len >= PFKEY_LEN(sizeof(struct sadb_ext))) { DBG3(DBG_KNL, " %N", sadb_ext_type_names, ext->sadb_ext_type); @@ -716,20 +716,20 @@ static status_t parse_pfkey_message(struct sadb_msg *msg, pfkey_msg_t *out) sadb_ext_type_names, ext->sadb_ext_type); break; } - + if ((ext->sadb_ext_type > SADB_EXT_MAX) || (!ext->sadb_ext_type)) { DBG1(DBG_KNL, "type of PF_KEY extension (%d) is invalid", ext->sadb_ext_type); break; } - + if (out->ext[ext->sadb_ext_type]) { DBG1(DBG_KNL, "duplicate %N extension", sadb_ext_type_names, ext->sadb_ext_type); break; } - + out->ext[ext->sadb_ext_type] = ext; ext = PFKEY_EXT_NEXT_LEN(ext, len); } @@ -739,7 +739,7 @@ static status_t parse_pfkey_message(struct sadb_msg *msg, pfkey_msg_t *out) DBG1(DBG_KNL, "PF_KEY message length is invalid"); return FAILED; } - + return SUCCESS; } @@ -752,7 +752,7 @@ static status_t pfkey_send_socket(private_kernel_pfkey_ipsec_t *this, int socket unsigned char buf[PFKEY_BUFFER_SIZE]; struct sadb_msg *msg; int in_len, len; - + this->mutex_pfkey->lock(this->mutex_pfkey); /* FIXME: our usage of sequence numbers is probably wrong. check RFC 2367, @@ -779,13 +779,13 @@ static status_t pfkey_send_socket(private_kernel_pfkey_ipsec_t *this, int socket } break; } - + while (TRUE) { msg = (struct sadb_msg*)buf; - + len = recv(socket, buf, sizeof(buf), 0); - + if (len < 0) { if (errno == EINTR) @@ -844,13 +844,13 @@ static status_t pfkey_send_socket(private_kernel_pfkey_ipsec_t *this, int socket } break; } - + *out_len = len; *out = (struct sadb_msg*)malloc(len); memcpy(*out, buf, len); - + this->mutex_pfkey->unlock(this->mutex_pfkey); - + return SUCCESS; } @@ -873,7 +873,7 @@ static void process_acquire(private_kernel_pfkey_ipsec_t *this, struct sadb_msg* traffic_selector_t *src_ts, *dst_ts; policy_entry_t *policy; job_t *job; - + switch (msg->sadb_msg_satype) { case SADB_SATYPE_UNSPEC: @@ -885,13 +885,13 @@ static void process_acquire(private_kernel_pfkey_ipsec_t *this, struct sadb_msg* return; } DBG2(DBG_KNL, "received an SADB_ACQUIRE"); - + if (parse_pfkey_message(msg, &response) != SUCCESS) { DBG1(DBG_KNL, "parsing SADB_ACQUIRE from kernel failed"); return; } - + index = response.x_policy->sadb_x_policy_id; this->mutex->lock(this->mutex); if (this->policies->find_first(this->policies, @@ -907,7 +907,7 @@ static void process_acquire(private_kernel_pfkey_ipsec_t *this, struct sadb_msg* src_ts = sadb_address2ts(response.src); dst_ts = sadb_address2ts(response.dst); this->mutex->unlock(this->mutex); - + DBG1(DBG_KNL, "creating acquire job for policy %R === %R with reqid {%u}", src_ts, dst_ts, reqid); job = (job_t*)acquire_job_create(reqid, src_ts, dst_ts); @@ -924,27 +924,27 @@ static void process_expire(private_kernel_pfkey_ipsec_t *this, struct sadb_msg* u_int32_t spi, reqid; bool hard; job_t *job; - + DBG2(DBG_KNL, "received an SADB_EXPIRE"); - + if (parse_pfkey_message(msg, &response) != SUCCESS) { DBG1(DBG_KNL, "parsing SADB_EXPIRE from kernel failed"); return; } - + protocol = proto_satype2ike(msg->sadb_msg_satype); spi = response.sa->sadb_sa_spi; reqid = response.x_sa2->sadb_x_sa2_reqid; hard = response.lft_hard != NULL; - + if (protocol != PROTO_ESP && protocol != PROTO_AH) { DBG2(DBG_KNL, "ignoring SADB_EXPIRE for SA with SPI %.8x and reqid {%u} " "which is not a CHILD_SA", ntohl(spi), reqid); return; } - + DBG1(DBG_KNL, "creating %s job for %N CHILD_SA with SPI %.8x and reqid {%u}", hard ? "delete" : "rekey", protocol_id_names, protocol, ntohl(spi), reqid); @@ -984,7 +984,7 @@ static void process_migrate(private_kernel_pfkey_ipsec_t *this, struct sadb_msg* dir = kernel2dir(response.x_policy->sadb_x_policy_dir); DBG2(DBG_KNL, " policy %R === %R %N, id %u", src_ts, dst_ts, policy_dir_names, dir); - + /* SADB_X_EXT_KMADDRESS is not present in unpatched kernels < 2.6.28 */ if (response.x_kmaddress) { @@ -999,7 +999,7 @@ static void process_migrate(private_kernel_pfkey_ipsec_t *this, struct sadb_msg* remote = host_create_from_sockaddr(remote_addr); DBG2(DBG_KNL, " kmaddress: %H...%H", local, remote); } - + if (src_ts && dst_ts && local && remote) { DBG1(DBG_KNL, "creating migrate job for policy %R === %R %N with reqid {%u}", @@ -1028,24 +1028,24 @@ static void process_mapping(private_kernel_pfkey_ipsec_t *this, struct sadb_msg* u_int32_t spi, reqid; host_t *host; job_t *job; - + DBG2(DBG_KNL, "received an SADB_X_NAT_T_NEW_MAPPING"); - + if (parse_pfkey_message(msg, &response) != SUCCESS) { DBG1(DBG_KNL, "parsing SADB_X_NAT_T_NEW_MAPPING from kernel failed"); return; } - + if (!response.x_sa2) { DBG1(DBG_KNL, "received SADB_X_NAT_T_NEW_MAPPING is missing required information"); return; } - + spi = response.sa->sadb_sa_spi; reqid = response.x_sa2->sadb_x_sa2_reqid; - + if (proto_satype2ike(msg->sadb_msg_satype) == PROTO_ESP) { sockaddr_t *sa = (sockaddr_t*)(response.dst + 1); @@ -1084,11 +1084,11 @@ static job_requeue_t receive_events(private_kernel_pfkey_ipsec_t *this) unsigned char buf[PFKEY_BUFFER_SIZE]; struct sadb_msg *msg = (struct sadb_msg*)buf; int len, oldstate; - + pthread_setcancelstate(PTHREAD_CANCEL_ENABLE, &oldstate); len = recvfrom(this->socket_events, buf, sizeof(buf), 0, NULL, 0); pthread_setcancelstate(oldstate, NULL); - + if (len < 0) { switch (errno) @@ -1105,7 +1105,7 @@ static job_requeue_t receive_events(private_kernel_pfkey_ipsec_t *this) return JOB_REQUEUE_FAIR; } } - + if (len < sizeof(struct sadb_msg) || msg->sadb_msg_len < PFKEY_LEN(sizeof(struct sadb_msg))) { @@ -1121,7 +1121,7 @@ static job_requeue_t receive_events(private_kernel_pfkey_ipsec_t *this) DBG1(DBG_KNL, "buffer was too small to receive the complete PF_KEY message"); return JOB_REQUEUE_DIRECT; } - + switch (msg->sadb_msg_type) { case SADB_ACQUIRE: @@ -1143,7 +1143,7 @@ static job_requeue_t receive_events(private_kernel_pfkey_ipsec_t *this) default: break; } - + return JOB_REQUEUE_DIRECT; } @@ -1162,31 +1162,31 @@ static status_t get_spi(private_kernel_pfkey_ipsec_t *this, pfkey_msg_t response; u_int32_t received_spi = 0; size_t len; - + memset(&request, 0, sizeof(request)); - + msg = (struct sadb_msg*)request; msg->sadb_msg_version = PF_KEY_V2; msg->sadb_msg_type = SADB_GETSPI; msg->sadb_msg_satype = proto_ike2satype(protocol); msg->sadb_msg_len = PFKEY_LEN(sizeof(struct sadb_msg)); - + sa2 = (struct sadb_x_sa2*)PFKEY_EXT_ADD_NEXT(msg); sa2->sadb_x_sa2_exttype = SADB_X_EXT_SA2; sa2->sadb_x_sa2_len = PFKEY_LEN(sizeof(struct sadb_spirange)); sa2->sadb_x_sa2_reqid = reqid; PFKEY_EXT_ADD(msg, sa2); - + add_addr_ext(msg, src, SADB_EXT_ADDRESS_SRC, 0, 0); add_addr_ext(msg, dst, SADB_EXT_ADDRESS_DST, 0, 0); - + range = (struct sadb_spirange*)PFKEY_EXT_ADD_NEXT(msg); range->sadb_spirange_exttype = SADB_EXT_SPIRANGE; range->sadb_spirange_len = PFKEY_LEN(sizeof(struct sadb_spirange)); range->sadb_spirange_min = 0xc0000000; range->sadb_spirange_max = 0xcFFFFFFF; PFKEY_EXT_ADD(msg, range); - + if (pfkey_send(this, msg, &out, &len) == SUCCESS) { if (out->sadb_msg_errno) @@ -1200,12 +1200,12 @@ static status_t get_spi(private_kernel_pfkey_ipsec_t *this, } free(out); } - + if (received_spi == 0) { return FAILED; } - + *spi = received_spi; return SUCCESS; } @@ -1239,11 +1239,11 @@ static status_t add_sa(private_kernel_pfkey_ipsec_t *this, struct sadb_lifetime *lft; struct sadb_key *key; size_t len; - + memset(&request, 0, sizeof(request)); - + DBG2(DBG_KNL, "adding SAD entry with SPI %.8x and reqid {%u}", ntohl(spi), reqid); - + msg = (struct sadb_msg*)request; msg->sadb_msg_version = PF_KEY_V2; msg->sadb_msg_type = inbound ? SADB_UPDATE : SADB_ADD; @@ -1273,17 +1273,17 @@ static status_t add_sa(private_kernel_pfkey_ipsec_t *this, sa->sadb_sa_auth = lookup_algorithm(integrity_algs, int_alg); sa->sadb_sa_encrypt = lookup_algorithm(encryption_algs, enc_alg); PFKEY_EXT_ADD(msg, sa); - + sa2 = (struct sadb_x_sa2*)PFKEY_EXT_ADD_NEXT(msg); sa2->sadb_x_sa2_exttype = SADB_X_EXT_SA2; sa2->sadb_x_sa2_len = PFKEY_LEN(sizeof(struct sadb_spirange)); sa2->sadb_x_sa2_mode = mode2kernel(mode); sa2->sadb_x_sa2_reqid = reqid; PFKEY_EXT_ADD(msg, sa2); - + add_addr_ext(msg, src, SADB_EXT_ADDRESS_SRC, 0, 0); add_addr_ext(msg, dst, SADB_EXT_ADDRESS_DST, 0, 0); - + lft = (struct sadb_lifetime*)PFKEY_EXT_ADD_NEXT(msg); lft->sadb_lifetime_exttype = SADB_EXT_LIFETIME_SOFT; lft->sadb_lifetime_len = PFKEY_LEN(sizeof(struct sadb_lifetime)); @@ -1292,7 +1292,7 @@ static status_t add_sa(private_kernel_pfkey_ipsec_t *this, lft->sadb_lifetime_addtime = lifetime->time.rekey; lft->sadb_lifetime_usetime = 0; /* we only use addtime */ PFKEY_EXT_ADD(msg, lft); - + lft = (struct sadb_lifetime*)PFKEY_EXT_ADD_NEXT(msg); lft->sadb_lifetime_exttype = SADB_EXT_LIFETIME_HARD; lft->sadb_lifetime_len = PFKEY_LEN(sizeof(struct sadb_lifetime)); @@ -1301,7 +1301,7 @@ static status_t add_sa(private_kernel_pfkey_ipsec_t *this, lft->sadb_lifetime_addtime = lifetime->time.life; lft->sadb_lifetime_usetime = 0; /* we only use addtime */ PFKEY_EXT_ADD(msg, lft); - + if (enc_alg != ENCR_UNDEFINED) { if (!sa->sadb_sa_encrypt) @@ -1312,16 +1312,16 @@ static status_t add_sa(private_kernel_pfkey_ipsec_t *this, } DBG2(DBG_KNL, " using encryption algorithm %N with key size %d", encryption_algorithm_names, enc_alg, enc_key.len * 8); - + key = (struct sadb_key*)PFKEY_EXT_ADD_NEXT(msg); key->sadb_key_exttype = SADB_EXT_KEY_ENCRYPT; key->sadb_key_bits = enc_key.len * 8; key->sadb_key_len = PFKEY_LEN(sizeof(struct sadb_key) + enc_key.len); memcpy(key + 1, enc_key.ptr, enc_key.len); - + PFKEY_EXT_ADD(msg, key); } - + if (int_alg != AUTH_UNDEFINED) { if (!sa->sadb_sa_auth) @@ -1332,16 +1332,16 @@ static status_t add_sa(private_kernel_pfkey_ipsec_t *this, } DBG2(DBG_KNL, " using integrity algorithm %N with key size %d", integrity_algorithm_names, int_alg, int_key.len * 8); - + key = (struct sadb_key*)PFKEY_EXT_ADD_NEXT(msg); key->sadb_key_exttype = SADB_EXT_KEY_AUTH; key->sadb_key_bits = int_key.len * 8; key->sadb_key_len = PFKEY_LEN(sizeof(struct sadb_key) + int_key.len); memcpy(key + 1, int_key.ptr, int_key.len); - + PFKEY_EXT_ADD(msg, key); } - + if (ipcomp != IPCOMP_NONE) { /*TODO*/ @@ -1353,7 +1353,7 @@ static status_t add_sa(private_kernel_pfkey_ipsec_t *this, add_encap_ext(msg, src, dst); } #endif /*HAVE_NATT*/ - + if (pfkey_send(this, msg, &out, &len) != SUCCESS) { DBG1(DBG_KNL, "unable to add SAD entry with SPI %.8x", ntohl(spi)); @@ -1366,7 +1366,7 @@ static status_t add_sa(private_kernel_pfkey_ipsec_t *this, free(out); return FAILED; } - + free(out); return SUCCESS; } @@ -1385,7 +1385,7 @@ static status_t update_sa(private_kernel_pfkey_ipsec_t *this, struct sadb_sa *sa; pfkey_msg_t response; size_t len; - + /* we can't update the SA if any of the ip addresses have changed. * that's because we can't use SADB_UPDATE and by deleting and readding the * SA the sequence numbers would get lost */ @@ -1396,28 +1396,28 @@ static status_t update_sa(private_kernel_pfkey_ipsec_t *this, " are not supported", ntohl(spi)); return NOT_SUPPORTED; } - + memset(&request, 0, sizeof(request)); - + DBG2(DBG_KNL, "querying SAD entry with SPI %.8x", ntohl(spi)); - + msg = (struct sadb_msg*)request; msg->sadb_msg_version = PF_KEY_V2; msg->sadb_msg_type = SADB_GET; msg->sadb_msg_satype = proto_ike2satype(protocol); msg->sadb_msg_len = PFKEY_LEN(sizeof(struct sadb_msg)); - + sa = (struct sadb_sa*)PFKEY_EXT_ADD_NEXT(msg); sa->sadb_sa_exttype = SADB_EXT_SA; sa->sadb_sa_len = PFKEY_LEN(sizeof(struct sadb_sa)); sa->sadb_sa_spi = spi; PFKEY_EXT_ADD(msg, sa); - + /* the kernel wants a SADB_EXT_ADDRESS_SRC to be present even though * it is not used for anything. */ add_anyaddr_ext(msg, dst->get_family(dst), SADB_EXT_ADDRESS_SRC); add_addr_ext(msg, dst, SADB_EXT_ADDRESS_DST, 0, 0); - + if (pfkey_send(this, msg, &out, &len) != SUCCESS) { DBG1(DBG_KNL, "unable to query SAD entry with SPI %.8x", @@ -1438,18 +1438,18 @@ static status_t update_sa(private_kernel_pfkey_ipsec_t *this, free(out); return FAILED; } - + DBG2(DBG_KNL, "updating SAD entry with SPI %.8x from %#H..%#H to %#H..%#H", ntohl(spi), src, dst, new_src, new_dst); - + memset(&request, 0, sizeof(request)); - + msg = (struct sadb_msg*)request; msg->sadb_msg_version = PF_KEY_V2; msg->sadb_msg_type = SADB_UPDATE; msg->sadb_msg_satype = proto_ike2satype(protocol); msg->sadb_msg_len = PFKEY_LEN(sizeof(struct sadb_msg)); - + #ifdef __APPLE__ { struct sadb_sa_2 *sa_2; @@ -1466,32 +1466,32 @@ static status_t update_sa(private_kernel_pfkey_ipsec_t *this, PFKEY_EXT_COPY(msg, response.sa); #endif PFKEY_EXT_COPY(msg, response.x_sa2); - + PFKEY_EXT_COPY(msg, response.src); PFKEY_EXT_COPY(msg, response.dst); - + PFKEY_EXT_COPY(msg, response.lft_soft); PFKEY_EXT_COPY(msg, response.lft_hard); - + if (response.key_encr) { PFKEY_EXT_COPY(msg, response.key_encr); } - + if (response.key_auth) { PFKEY_EXT_COPY(msg, response.key_auth); } - + #ifdef HAVE_NATT if (new_encap) { add_encap_ext(msg, new_src, new_dst); } #endif /*HAVE_NATT*/ - + free(out); - + if (pfkey_send(this, msg, &out, &len) != SUCCESS) { DBG1(DBG_KNL, "unable to update SAD entry with SPI %.8x", ntohl(spi)); @@ -1505,7 +1505,7 @@ static status_t update_sa(private_kernel_pfkey_ipsec_t *this, return FAILED; } free(out); - + return SUCCESS; } @@ -1521,29 +1521,29 @@ static status_t query_sa(private_kernel_pfkey_ipsec_t *this, host_t *src, struct sadb_sa *sa; pfkey_msg_t response; size_t len; - + memset(&request, 0, sizeof(request)); - + DBG2(DBG_KNL, "querying SAD entry with SPI %.8x", ntohl(spi)); - + msg = (struct sadb_msg*)request; msg->sadb_msg_version = PF_KEY_V2; msg->sadb_msg_type = SADB_GET; msg->sadb_msg_satype = proto_ike2satype(protocol); msg->sadb_msg_len = PFKEY_LEN(sizeof(struct sadb_msg)); - + sa = (struct sadb_sa*)PFKEY_EXT_ADD_NEXT(msg); sa->sadb_sa_exttype = SADB_EXT_SA; sa->sadb_sa_len = PFKEY_LEN(sizeof(struct sadb_sa)); sa->sadb_sa_spi = spi; PFKEY_EXT_ADD(msg, sa); - + /* the Linux Kernel doesn't care for the src address, but other systems do * (e.g. FreeBSD) */ add_addr_ext(msg, src, SADB_EXT_ADDRESS_SRC, 0, 0); add_addr_ext(msg, dst, SADB_EXT_ADDRESS_DST, 0, 0); - + if (pfkey_send(this, msg, &out, &len) != SUCCESS) { DBG1(DBG_KNL, "unable to query SAD entry with SPI %.8x", ntohl(spi)); @@ -1579,29 +1579,29 @@ static status_t del_sa(private_kernel_pfkey_ipsec_t *this, host_t *src, struct sadb_msg *msg, *out; struct sadb_sa *sa; size_t len; - + memset(&request, 0, sizeof(request)); - + DBG2(DBG_KNL, "deleting SAD entry with SPI %.8x", ntohl(spi)); - + msg = (struct sadb_msg*)request; msg->sadb_msg_version = PF_KEY_V2; msg->sadb_msg_type = SADB_DELETE; msg->sadb_msg_satype = proto_ike2satype(protocol); msg->sadb_msg_len = PFKEY_LEN(sizeof(struct sadb_msg)); - + sa = (struct sadb_sa*)PFKEY_EXT_ADD_NEXT(msg); sa->sadb_sa_exttype = SADB_EXT_SA; sa->sadb_sa_len = PFKEY_LEN(sizeof(struct sadb_sa)); sa->sadb_sa_spi = spi; PFKEY_EXT_ADD(msg, sa); - + /* the Linux Kernel doesn't care for the src address, but other systems do * (e.g. FreeBSD) */ add_addr_ext(msg, src, SADB_EXT_ADDRESS_SRC, 0, 0); add_addr_ext(msg, dst, SADB_EXT_ADDRESS_DST, 0, 0); - + if (pfkey_send(this, msg, &out, &len) != SUCCESS) { DBG1(DBG_KNL, "unable to delete SAD entry with SPI %.8x", ntohl(spi)); @@ -1614,7 +1614,7 @@ static status_t del_sa(private_kernel_pfkey_ipsec_t *this, host_t *src, free(out); return FAILED; } - + DBG2(DBG_KNL, "deleted SAD entry with SPI %.8x", ntohl(spi)); free(out); return SUCCESS; @@ -1639,16 +1639,16 @@ static status_t add_policy(private_kernel_pfkey_ipsec_t *this, policy_entry_t *policy, *found = NULL; pfkey_msg_t response; size_t len; - + if (dir2kernel(direction) == IPSEC_DIR_INVALID) { /* FWD policies are not supported on all platforms */ return SUCCESS; } - + /* create a policy */ policy = create_policy_entry(src_ts, dst_ts, direction, reqid); - + /* find a matching policy */ this->mutex->lock(this->mutex); if (this->policies->find_first(this->policies, @@ -1668,18 +1668,18 @@ static status_t add_policy(private_kernel_pfkey_ipsec_t *this, this->policies->insert_last(this->policies, policy); policy->refcount = 1; } - + memset(&request, 0, sizeof(request)); - + DBG2(DBG_KNL, "adding policy %R === %R %N", src_ts, dst_ts, policy_dir_names, direction); - + msg = (struct sadb_msg*)request; msg->sadb_msg_version = PF_KEY_V2; msg->sadb_msg_type = found ? SADB_X_SPDUPDATE : SADB_X_SPDADD; msg->sadb_msg_satype = 0; msg->sadb_msg_len = PFKEY_LEN(sizeof(struct sadb_msg)); - + pol = (struct sadb_x_policy*)PFKEY_EXT_ADD_NEXT(msg); pol->sadb_x_policy_exttype = SADB_X_EXT_POLICY; pol->sadb_x_policy_len = PFKEY_LEN(sizeof(struct sadb_x_policy)); @@ -1693,7 +1693,7 @@ static status_t add_policy(private_kernel_pfkey_ipsec_t *this, pol->sadb_x_policy_priority -= policy->src.proto != IPSEC_PROTO_ANY ? 2 : 0; pol->sadb_x_policy_priority -= policy->src.net->get_port(policy->src.net) ? 1 : 0; #endif - + /* one or more sadb_x_ipsecrequest extensions are added to the sadb_x_policy extension */ req = (struct sadb_x_ipsecrequest*)(pol + 1); req->sadb_x_ipsecrequest_proto = proto_ike2ip(protocol); @@ -1713,15 +1713,15 @@ static status_t add_policy(private_kernel_pfkey_ipsec_t *this, memcpy((u_int8_t*)(req + 1) + sl, sa, sl); req->sadb_x_ipsecrequest_len += sl * 2; } - + pol->sadb_x_policy_len += PFKEY_LEN(req->sadb_x_ipsecrequest_len); PFKEY_EXT_ADD(msg, pol); - + add_addr_ext(msg, policy->src.net, SADB_EXT_ADDRESS_SRC, policy->src.proto, policy->src.mask); add_addr_ext(msg, policy->dst.net, SADB_EXT_ADDRESS_DST, policy->dst.proto, policy->dst.mask); - + #ifdef __FreeBSD__ { /* on FreeBSD a lifetime has to be defined to be able to later query * the current use time. */ @@ -1733,9 +1733,9 @@ static status_t add_policy(private_kernel_pfkey_ipsec_t *this, PFKEY_EXT_ADD(msg, lft); } #endif - + this->mutex->unlock(this->mutex); - + if (pfkey_send(this, msg, &out, &len) != SUCCESS) { DBG1(DBG_KNL, "unable to add policy %R === %R %N", src_ts, dst_ts, @@ -1757,9 +1757,9 @@ static status_t add_policy(private_kernel_pfkey_ipsec_t *this, free(out); return FAILED; } - + this->mutex->lock(this->mutex); - + /* we try to find the policy again and update the kernel index */ if (this->policies->find_last(this->policies, NULL, (void**)&policy) != SUCCESS) { @@ -1771,7 +1771,7 @@ static status_t add_policy(private_kernel_pfkey_ipsec_t *this, } policy->index = response.x_policy->sadb_x_policy_id; free(out); - + /* install a route, if: * - we are NOT updating a policy * - this is a forward policy (to just get one for each child) @@ -1784,7 +1784,7 @@ static status_t add_policy(private_kernel_pfkey_ipsec_t *this, this->install_routes) { route_entry_t *route = malloc_thing(route_entry_t); - + if (charon->kernel_interface->get_address_by_ts(charon->kernel_interface, dst_ts, &route->src_ip) == SUCCESS) { @@ -1795,7 +1795,7 @@ static status_t add_policy(private_kernel_pfkey_ipsec_t *this, charon->kernel_interface, dst); route->dst_net = chunk_clone(policy->src.net->get_address(policy->src.net)); route->prefixlen = policy->src.mask; - + switch (charon->kernel_interface->add_route(charon->kernel_interface, route->dst_net, route->prefixlen, route->gateway, route->src_ip, route->if_name)) @@ -1819,9 +1819,9 @@ static status_t add_policy(private_kernel_pfkey_ipsec_t *this, free(route); } } - + this->mutex->unlock(this->mutex); - + return SUCCESS; } @@ -1839,19 +1839,19 @@ static status_t query_policy(private_kernel_pfkey_ipsec_t *this, policy_entry_t *policy, *found = NULL; pfkey_msg_t response; size_t len; - + if (dir2kernel(direction) == IPSEC_DIR_INVALID) { /* FWD policies are not supported on all platforms */ return NOT_FOUND; } - + DBG2(DBG_KNL, "querying policy %R === %R %N", src_ts, dst_ts, policy_dir_names, direction); /* create a policy */ policy = create_policy_entry(src_ts, dst_ts, direction, 0); - + /* find a matching policy */ this->mutex->lock(this->mutex); if (this->policies->find_first(this->policies, @@ -1865,15 +1865,15 @@ static status_t query_policy(private_kernel_pfkey_ipsec_t *this, } policy_entry_destroy(policy); policy = found; - + memset(&request, 0, sizeof(request)); - + msg = (struct sadb_msg*)request; msg->sadb_msg_version = PF_KEY_V2; msg->sadb_msg_type = SADB_X_SPDGET; msg->sadb_msg_satype = 0; msg->sadb_msg_len = PFKEY_LEN(sizeof(struct sadb_msg)); - + pol = (struct sadb_x_policy*)PFKEY_EXT_ADD_NEXT(msg); pol->sadb_x_policy_exttype = SADB_X_EXT_POLICY; pol->sadb_x_policy_id = policy->index; @@ -1881,14 +1881,14 @@ static status_t query_policy(private_kernel_pfkey_ipsec_t *this, pol->sadb_x_policy_dir = dir2kernel(direction); pol->sadb_x_policy_type = IPSEC_POLICY_IPSEC; PFKEY_EXT_ADD(msg, pol); - + add_addr_ext(msg, policy->src.net, SADB_EXT_ADDRESS_SRC, policy->src.proto, policy->src.mask); add_addr_ext(msg, policy->dst.net, SADB_EXT_ADDRESS_DST, policy->dst.proto, policy->dst.mask); - + this->mutex->unlock(this->mutex); - + if (pfkey_send(this, msg, &out, &len) != SUCCESS) { DBG1(DBG_KNL, "unable to query policy %R === %R %N", src_ts, dst_ts, @@ -1928,7 +1928,7 @@ static status_t query_policy(private_kernel_pfkey_ipsec_t *this, *use_time = 0; } free(out); - + return SUCCESS; } @@ -1946,19 +1946,19 @@ static status_t del_policy(private_kernel_pfkey_ipsec_t *this, policy_entry_t *policy, *found = NULL; route_entry_t *route; size_t len; - + if (dir2kernel(direction) == IPSEC_DIR_INVALID) { /* FWD policies are not supported on all platforms */ return SUCCESS; } - + DBG2(DBG_KNL, "deleting policy %R === %R %N", src_ts, dst_ts, policy_dir_names, direction); - + /* create a policy */ policy = create_policy_entry(src_ts, dst_ts, direction, 0); - + /* find a matching policy */ this->mutex->lock(this->mutex); if (this->policies->find_first(this->policies, @@ -1986,31 +1986,31 @@ static status_t del_policy(private_kernel_pfkey_ipsec_t *this, return NOT_FOUND; } this->mutex->unlock(this->mutex); - + memset(&request, 0, sizeof(request)); - + msg = (struct sadb_msg*)request; msg->sadb_msg_version = PF_KEY_V2; msg->sadb_msg_type = SADB_X_SPDDELETE; msg->sadb_msg_satype = 0; msg->sadb_msg_len = PFKEY_LEN(sizeof(struct sadb_msg)); - + pol = (struct sadb_x_policy*)PFKEY_EXT_ADD_NEXT(msg); pol->sadb_x_policy_exttype = SADB_X_EXT_POLICY; pol->sadb_x_policy_len = PFKEY_LEN(sizeof(struct sadb_x_policy)); pol->sadb_x_policy_dir = dir2kernel(direction); pol->sadb_x_policy_type = IPSEC_POLICY_IPSEC; PFKEY_EXT_ADD(msg, pol); - + add_addr_ext(msg, policy->src.net, SADB_EXT_ADDRESS_SRC, policy->src.proto, policy->src.mask); add_addr_ext(msg, policy->dst.net, SADB_EXT_ADDRESS_DST, policy->dst.proto, policy->dst.mask); - + route = policy->route; policy->route = NULL; policy_entry_destroy(policy); - + if (pfkey_send(this, msg, &out, &len) != SUCCESS) { DBG1(DBG_KNL, "unable to delete policy %R === %R %N", src_ts, dst_ts, @@ -2026,7 +2026,7 @@ static status_t del_policy(private_kernel_pfkey_ipsec_t *this, return FAILED; } free(out); - + if (route) { if (charon->kernel_interface->del_route(charon->kernel_interface, @@ -2039,7 +2039,7 @@ static status_t del_policy(private_kernel_pfkey_ipsec_t *this, } route_entry_destroy(route); } - + return SUCCESS; } @@ -2051,15 +2051,15 @@ static status_t register_pfkey_socket(private_kernel_pfkey_ipsec_t *this, u_int8 unsigned char request[PFKEY_BUFFER_SIZE]; struct sadb_msg *msg, *out; size_t len; - + memset(&request, 0, sizeof(request)); - + msg = (struct sadb_msg*)request; msg->sadb_msg_version = PF_KEY_V2; msg->sadb_msg_type = SADB_REGISTER; msg->sadb_msg_satype = satype; msg->sadb_msg_len = PFKEY_LEN(sizeof(struct sadb_msg)); - + if (pfkey_send_socket(this, this->socket_events, msg, &out, &len) != SUCCESS) { DBG1(DBG_KNL, "unable to register PF_KEY socket"); @@ -2098,13 +2098,13 @@ static bool add_bypass_policies(private_kernel_pfkey_ipsec_t *this) int fd, family, port; enumerator_t *sockets; bool status = TRUE; - + sockets = charon->socket->create_enumerator(charon->socket); while (sockets->enumerate(sockets, &fd, &family, &port)) { struct sadb_x_policy policy; u_int sol, ipsec_policy; - + switch (family) { case AF_INET: @@ -2122,12 +2122,12 @@ static bool add_bypass_policies(private_kernel_pfkey_ipsec_t *this) default: continue; } - + memset(&policy, 0, sizeof(policy)); policy.sadb_x_policy_len = sizeof(policy) / sizeof(u_int64_t); policy.sadb_x_policy_exttype = SADB_X_EXT_POLICY; policy.sadb_x_policy_type = IPSEC_POLICY_BYPASS; - + policy.sadb_x_policy_dir = IPSEC_DIR_OUTBOUND; if (setsockopt(fd, sol, ipsec_policy, &policy, sizeof(policy)) < 0) { @@ -2155,7 +2155,7 @@ static bool add_bypass_policies(private_kernel_pfkey_ipsec_t *this) kernel_pfkey_ipsec_t *kernel_pfkey_ipsec_create() { private_kernel_pfkey_ipsec_t *this = malloc_thing(private_kernel_pfkey_ipsec_t); - + /* public functions */ this->public.interface.get_spi = (status_t(*)(kernel_ipsec_t*,host_t*,host_t*,protocol_id_t,u_int32_t,u_int32_t*))get_spi; this->public.interface.get_cpi = (status_t(*)(kernel_ipsec_t*,host_t*,host_t*,u_int32_t,u_int16_t*))get_cpi; @@ -2166,7 +2166,7 @@ kernel_pfkey_ipsec_t *kernel_pfkey_ipsec_create() this->public.interface.add_policy = (status_t(*)(kernel_ipsec_t*,host_t*,host_t*,traffic_selector_t*,traffic_selector_t*,policy_dir_t,u_int32_t,protocol_id_t,u_int32_t,ipsec_mode_t,u_int16_t,u_int16_t,bool))add_policy; this->public.interface.query_policy = (status_t(*)(kernel_ipsec_t*,traffic_selector_t*,traffic_selector_t*,policy_dir_t,u_int32_t*))query_policy; this->public.interface.del_policy = (status_t(*)(kernel_ipsec_t*,traffic_selector_t*,traffic_selector_t*,policy_dir_t,bool))del_policy; - + this->public.interface.destroy = (void(*)(kernel_ipsec_t*)) destroy; /* private members */ @@ -2176,37 +2176,37 @@ kernel_pfkey_ipsec_t *kernel_pfkey_ipsec_create() this->install_routes = lib->settings->get_bool(lib->settings, "charon.install_routes", TRUE); this->seq = 0; - + /* create a PF_KEY socket to communicate with the kernel */ this->socket = socket(PF_KEY, SOCK_RAW, PF_KEY_V2); if (this->socket <= 0) { charon->kill(charon, "unable to create PF_KEY socket"); } - + /* create a PF_KEY socket for ACQUIRE & EXPIRE */ this->socket_events = socket(PF_KEY, SOCK_RAW, PF_KEY_V2); if (this->socket_events <= 0) { charon->kill(charon, "unable to create PF_KEY event socket"); } - + /* add bypass policies on the sockets used by charon */ if (!add_bypass_policies(this)) { charon->kill(charon, "unable to add bypass policies on sockets"); } - + /* register the event socket */ if (register_pfkey_socket(this, SADB_SATYPE_ESP) != SUCCESS || register_pfkey_socket(this, SADB_SATYPE_AH) != SUCCESS) { charon->kill(charon, "unable to register PF_KEY event socket"); } - + this->job = callback_job_create((callback_job_cb_t)receive_events, this, NULL, NULL); charon->processor->queue_job(charon->processor, (job_t*)this->job); - + return &this->public; } diff --git a/src/charon/plugins/kernel_pfkey/kernel_pfkey_plugin.c b/src/charon/plugins/kernel_pfkey/kernel_pfkey_plugin.c index 09dc4780d..3380c328c 100644 --- a/src/charon/plugins/kernel_pfkey/kernel_pfkey_plugin.c +++ b/src/charon/plugins/kernel_pfkey/kernel_pfkey_plugin.c @@ -47,10 +47,10 @@ static void destroy(private_kernel_pfkey_plugin_t *this) plugin_t *plugin_create() { private_kernel_pfkey_plugin_t *this = malloc_thing(private_kernel_pfkey_plugin_t); - + this->public.plugin.destroy = (void(*)(plugin_t*))destroy; - + charon->kernel_interface->add_ipsec_interface(charon->kernel_interface, (kernel_ipsec_constructor_t)kernel_pfkey_ipsec_create); - + return &this->public.plugin; } diff --git a/src/charon/plugins/kernel_pfroute/kernel_pfroute_net.c b/src/charon/plugins/kernel_pfroute/kernel_pfroute_net.c index da97fcd83..768810411 100644 --- a/src/charon/plugins/kernel_pfroute/kernel_pfroute_net.c +++ b/src/charon/plugins/kernel_pfroute/kernel_pfroute_net.c @@ -47,13 +47,13 @@ typedef struct addr_entry_t addr_entry_t; * IP address in an inface_entry_t */ struct addr_entry_t { - + /** The ip address */ host_t *ip; - + /** virtual IP managed by us */ bool virtual; - + /** Number of times this IP is used, if virtual */ u_int refcount; }; @@ -73,16 +73,16 @@ typedef struct iface_entry_t iface_entry_t; * A network interface on this system, containing addr_entry_t's */ struct iface_entry_t { - + /** interface index */ int ifindex; - + /** name of the interface */ char ifname[IFNAMSIZ]; - + /** interface flags, as in netdevice(7) SIOCGIFFLAGS */ u_int flags; - + /** list of addresses as host_t */ linked_list_t *addrs; }; @@ -108,42 +108,42 @@ struct private_kernel_pfroute_net_t * Public part of the kernel_pfroute_t object. */ kernel_pfroute_net_t public; - + /** * mutex to lock access to various lists */ mutex_t *mutex; - + /** * Cached list of interfaces and their addresses (iface_entry_t) */ linked_list_t *ifaces; - + /** * job receiving PF_ROUTE events */ callback_job_t *job; - + /** * mutex to lock access to the PF_ROUTE socket */ mutex_t *mutex_pfroute; - + /** * PF_ROUTE socket to communicate with the kernel */ int socket; - + /** * PF_ROUTE socket to receive events */ int socket_events; - + /** * sequence number for messages sent to the kernel */ int seq; - + /** * time of last roam job */ @@ -157,7 +157,7 @@ struct private_kernel_pfroute_net_t static void fire_roam_job(private_kernel_pfroute_net_t *this, bool address) { timeval_t now; - + time_monotonic(&now); if (timercmp(&now, &this->last_roam, >)) { @@ -187,7 +187,7 @@ static void process_addr(private_kernel_pfroute_net_t *this, addr_entry_t *addr; bool found = FALSE, changed = FALSE, roam = FALSE; int i; - + for (i = 1; i < (1 << RTAX_MAX); i <<= 1) { if (ifa->ifam_addrs & i) @@ -200,12 +200,12 @@ static void process_addr(private_kernel_pfroute_net_t *this, sockaddr = (sockaddr_t*)((char*)sockaddr + sockaddr->sa_len); } } - + if (!host) { return; } - + this->mutex->lock(this->mutex); ifaces = this->ifaces->create_enumerator(this->ifaces); while (ifaces->enumerate(ifaces, &iface)) @@ -236,7 +236,7 @@ static void process_addr(private_kernel_pfroute_net_t *this, } } addrs->destroy(addrs); - + if (!found && ifa->ifam_type == RTM_NEWADDR) { changed = TRUE; @@ -247,7 +247,7 @@ static void process_addr(private_kernel_pfroute_net_t *this, iface->addrs->insert_last(iface->addrs, addr); DBG1(DBG_KNL, "%H appeared on %s", host, iface->ifname); } - + if (changed && (iface->flags & IFF_UP)) { roam = TRUE; @@ -258,7 +258,7 @@ static void process_addr(private_kernel_pfroute_net_t *this, ifaces->destroy(ifaces); this->mutex->unlock(this->mutex); host->destroy(host); - + if (roam) { fire_roam_job(this, TRUE); @@ -275,12 +275,12 @@ static void process_link(private_kernel_pfroute_net_t *this, enumerator_t *enumerator; iface_entry_t *iface; bool roam = FALSE; - + if (msg->ifm_flags & IFF_LOOPBACK) { /* ignore loopback interfaces */ return; } - + this->mutex->lock(this->mutex); enumerator = this->ifaces->create_enumerator(this->ifaces); while (enumerator->enumerate(enumerator, &iface)) @@ -303,7 +303,7 @@ static void process_link(private_kernel_pfroute_net_t *this, } enumerator->destroy(enumerator); this->mutex->unlock(this->mutex); - + if (roam) { fire_roam_job(this, TRUE); @@ -327,11 +327,11 @@ static job_requeue_t receive_events(private_kernel_pfroute_net_t *this) unsigned char buf[PFROUTE_BUFFER_SIZE]; struct rt_msghdr *msg = (struct rt_msghdr*)buf; int len, oldstate; - + pthread_setcancelstate(PTHREAD_CANCEL_ENABLE, &oldstate); len = recvfrom(this->socket_events, buf, sizeof(buf), 0, NULL, 0); pthread_setcancelstate(oldstate, NULL); - + if (len < 0) { switch (errno) @@ -348,14 +348,14 @@ static job_requeue_t receive_events(private_kernel_pfroute_net_t *this) return JOB_REQUEUE_FAIR; } } - + if (len < sizeof(msg->rtm_msglen) || len < msg->rtm_msglen || msg->rtm_version != RTM_VERSION) { DBG2(DBG_KNL, "received corrupted PF_ROUTE message"); return JOB_REQUEUE_DIRECT; } - + switch (msg->rtm_type) { case RTM_NEWADDR: @@ -372,7 +372,7 @@ static job_requeue_t receive_events(private_kernel_pfroute_net_t *this) default: break; } - + return JOB_REQUEUE_DIRECT; } @@ -491,7 +491,7 @@ static char *get_interface_name(private_kernel_pfroute_net_t *this, host_t* ip) } ifaces->destroy(ifaces); this->mutex->unlock(this->mutex); - + if (name) { DBG2(DBG_KNL, "%H is on interface %s", ip, name); @@ -564,15 +564,15 @@ static status_t init_address_list(private_kernel_pfroute_net_t *this) iface_entry_t *iface, *current; addr_entry_t *addr; enumerator_t *ifaces, *addrs; - + DBG1(DBG_KNL, "listening on interfaces:"); - + if (getifaddrs(&ifap) < 0) { DBG1(DBG_KNL, " failed to get interfaces!"); return FAILED; } - + for (ifa = ifap; ifa != NULL; ifa = ifa->ifa_next) { if (ifa->ifa_addr == NULL) @@ -589,7 +589,7 @@ static status_t init_address_list(private_kernel_pfroute_net_t *this) { /* ignore loopback interfaces */ continue; } - + iface = NULL; ifaces = this->ifaces->create_enumerator(this->ifaces); while (ifaces->enumerate(ifaces, ¤t)) @@ -601,7 +601,7 @@ static status_t init_address_list(private_kernel_pfroute_net_t *this) } } ifaces->destroy(ifaces); - + if (!iface) { iface = malloc_thing(iface_entry_t); @@ -611,7 +611,7 @@ static status_t init_address_list(private_kernel_pfroute_net_t *this) iface->addrs = linked_list_create(); this->ifaces->insert_last(this->ifaces, iface); } - + if (ifa->ifa_addr->sa_family != AF_LINK) { addr = malloc_thing(addr_entry_t); @@ -624,7 +624,7 @@ static status_t init_address_list(private_kernel_pfroute_net_t *this) } } freeifaddrs(ifap); - + ifaces = this->ifaces->create_enumerator(this->ifaces); while (ifaces->enumerate(ifaces, &iface)) { @@ -640,7 +640,7 @@ static status_t init_address_list(private_kernel_pfroute_net_t *this) } } ifaces->destroy(ifaces); - + return SUCCESS; } @@ -664,7 +664,7 @@ static void destroy(private_kernel_pfroute_net_t *this) kernel_pfroute_net_t *kernel_pfroute_net_create() { private_kernel_pfroute_net_t *this = malloc_thing(private_kernel_pfroute_net_t); - + /* public functions */ this->public.interface.get_interface = (char*(*)(kernel_net_t*,host_t*))get_interface_name; this->public.interface.create_address_enumerator = (enumerator_t*(*)(kernel_net_t*,bool,bool))create_address_enumerator; @@ -674,38 +674,38 @@ kernel_pfroute_net_t *kernel_pfroute_net_create() this->public.interface.del_ip = (status_t(*)(kernel_net_t*,host_t*)) del_ip; this->public.interface.add_route = (status_t(*)(kernel_net_t*,chunk_t,u_int8_t,host_t*,host_t*,char*)) add_route; this->public.interface.del_route = (status_t(*)(kernel_net_t*,chunk_t,u_int8_t,host_t*,host_t*,char*)) del_route; - + this->public.interface.destroy = (void(*)(kernel_net_t*)) destroy; - + /* private members */ this->ifaces = linked_list_create(); this->mutex = mutex_create(MUTEX_TYPE_DEFAULT); this->mutex_pfroute = mutex_create(MUTEX_TYPE_DEFAULT); - + this->seq = 0; - + /* create a PF_ROUTE socket to communicate with the kernel */ this->socket = socket(PF_ROUTE, SOCK_RAW, AF_UNSPEC); if (this->socket <= 0) { charon->kill(charon, "unable to create PF_ROUTE socket"); } - + /* create a PF_ROUTE socket to receive events */ this->socket_events = socket(PF_ROUTE, SOCK_RAW, AF_UNSPEC); if (this->socket_events <= 0) { charon->kill(charon, "unable to create PF_ROUTE event socket"); } - + this->job = callback_job_create((callback_job_cb_t)receive_events, this, NULL, NULL); charon->processor->queue_job(charon->processor, (job_t*)this->job); - + if (init_address_list(this) != SUCCESS) { charon->kill(charon, "unable to get interface list"); } - + return &this->public; } diff --git a/src/charon/plugins/kernel_pfroute/kernel_pfroute_plugin.c b/src/charon/plugins/kernel_pfroute/kernel_pfroute_plugin.c index 767049bb0..e73cbeafb 100644 --- a/src/charon/plugins/kernel_pfroute/kernel_pfroute_plugin.c +++ b/src/charon/plugins/kernel_pfroute/kernel_pfroute_plugin.c @@ -48,11 +48,11 @@ static void destroy(private_kernel_pfroute_plugin_t *this) plugin_t *plugin_create() { private_kernel_pfroute_plugin_t *this = malloc_thing(private_kernel_pfroute_plugin_t); - + this->public.plugin.destroy = (void(*)(plugin_t*))destroy; - + charon->kernel_interface->add_net_interface(charon->kernel_interface, (kernel_net_constructor_t)kernel_pfroute_net_create); - + return &this->public.plugin; } diff --git a/src/charon/plugins/load_tester/load_tester_config.c b/src/charon/plugins/load_tester/load_tester_config.c index aecaf624f..74a62f667 100644 --- a/src/charon/plugins/load_tester/load_tester_config.c +++ b/src/charon/plugins/load_tester/load_tester_config.c @@ -28,52 +28,52 @@ struct private_load_tester_config_t { * Public part */ load_tester_config_t public; - + /** * peer config */ peer_cfg_t *peer_cfg; - + /** * virtual IP, if any */ host_t *vip; - + /** * Remote address */ char *remote; - + /** * IP address pool */ char *pool; - + /** * IKE proposal */ proposal_t *proposal; - + /** * Authentication method(s) to use/expect from initiator */ char *initiator_auth; - + /** * Authentication method(s) use/expected from responder */ char *responder_auth; - + /** * IKE_SA rekeying delay */ u_int ike_rekey; - + /** * CHILD_SA rekeying delay */ u_int child_rekey; - + /** * incremental numbering of generated configs */ @@ -93,13 +93,13 @@ static void generate_auth_cfg(private_load_tester_config_t *this, char *str, eap_type_t type; char buf[128]; int rnd = 0; - + enumerator = enumerator_create_token(str, "|", " "); while (enumerator->enumerate(enumerator, &str)) { auth = auth_cfg_create(); rnd++; - + if (streq(str, "psk")) { /* PSK authentication, use FQDNs */ class = AUTH_CLASS_PSK; @@ -188,7 +188,7 @@ static peer_cfg_t* generate_config(private_load_tester_config_t *this, uint num) .jitter = 0 } }; - + ike_cfg = ike_cfg_create(FALSE, FALSE, "0.0.0.0", this->remote); ike_cfg->add_proposal(ike_cfg, this->proposal->clone(this->proposal)); peer_cfg = peer_cfg_create("load-test", 2, ike_cfg, @@ -208,7 +208,7 @@ static peer_cfg_t* generate_config(private_load_tester_config_t *this, uint num) generate_auth_cfg(this, this->responder_auth, peer_cfg, TRUE, num); generate_auth_cfg(this, this->initiator_auth, peer_cfg, FALSE, num); } - + child_cfg = child_cfg_create("load-test", &lifetime, NULL, TRUE, MODE_TUNNEL, ACTION_NONE, ACTION_NONE, FALSE); proposal = proposal_create_from_string(PROTO_ESP, "aes128-sha1"); @@ -225,7 +225,7 @@ static peer_cfg_t* generate_config(private_load_tester_config_t *this, uint num) * Implementation of backend_t.create_peer_cfg_enumerator. */ static enumerator_t* create_peer_cfg_enumerator(private_load_tester_config_t *this, - identification_t *me, + identification_t *me, identification_t *other) { return enumerator_create_single(this->peer_cfg, NULL); @@ -273,12 +273,12 @@ static void destroy(private_load_tester_config_t *this) load_tester_config_t *load_tester_config_create() { private_load_tester_config_t *this = malloc_thing(private_load_tester_config_t); - + this->public.backend.create_peer_cfg_enumerator = (enumerator_t*(*)(backend_t*, identification_t *me, identification_t *other))create_peer_cfg_enumerator; this->public.backend.create_ike_cfg_enumerator = (enumerator_t*(*)(backend_t*, host_t *me, host_t *other))create_ike_cfg_enumerator; this->public.backend.get_peer_cfg_by_name = (peer_cfg_t* (*)(backend_t*,char*))get_peer_cfg_by_name; this->public.destroy = (void(*)(load_tester_config_t*))destroy; - + this->vip = NULL; if (lib->settings->get_bool(lib->settings, "charon.plugins.load_tester.request_virtual_ip", FALSE)) @@ -287,9 +287,9 @@ load_tester_config_t *load_tester_config_create() } this->pool = lib->settings->get_str(lib->settings, "charon.plugins.load_tester.pool", NULL); - this->remote = lib->settings->get_str(lib->settings, + this->remote = lib->settings->get_str(lib->settings, "charon.plugins.load_tester.remote", "127.0.0.1"); - + this->proposal = proposal_create_from_string(PROTO_IKE, lib->settings->get_str(lib->settings, "charon.plugins.load_tester.proposal", "aes128-sha1-modp768")); @@ -302,15 +302,15 @@ load_tester_config_t *load_tester_config_create() "charon.plugins.load_tester.ike_rekey", 0); this->child_rekey = lib->settings->get_int(lib->settings, "charon.plugins.load_tester.child_rekey", 600); - + this->initiator_auth = lib->settings->get_str(lib->settings, "charon.plugins.load_tester.initiator_auth", "pubkey"); this->responder_auth = lib->settings->get_str(lib->settings, "charon.plugins.load_tester.responder_auth", "pubkey"); - + this->num = 1; this->peer_cfg = generate_config(this, 0); - + return &this->public; } diff --git a/src/charon/plugins/load_tester/load_tester_config.h b/src/charon/plugins/load_tester/load_tester_config.h index f09a3f832..c22387743 100644 --- a/src/charon/plugins/load_tester/load_tester_config.h +++ b/src/charon/plugins/load_tester/load_tester_config.h @@ -34,11 +34,11 @@ struct load_tester_config_t { * Implements backend_t interface */ backend_t backend; - + /** * Destroy the backend. */ - void (*destroy)(load_tester_config_t *this); + void (*destroy)(load_tester_config_t *this); }; /** diff --git a/src/charon/plugins/load_tester/load_tester_creds.c b/src/charon/plugins/load_tester/load_tester_creds.c index b32380d30..ec3606c0b 100644 --- a/src/charon/plugins/load_tester/load_tester_creds.c +++ b/src/charon/plugins/load_tester/load_tester_creds.c @@ -32,27 +32,27 @@ struct private_load_tester_creds_t { * Public part */ load_tester_creds_t public; - + /** * Private key to create signatures */ private_key_t *private; - + /** * CA certificate, to issue/verify peer certificates */ certificate_t *ca; - + /** * serial number to issue certificates */ u_int32_t serial; - + /** * Preshared key */ shared_key_t *shared; - + /** * Identification for shared key */ @@ -196,7 +196,7 @@ static enumerator_t* create_private_enumerator(private_load_tester_creds_t *this if (id) { chunk_t keyid; - + if (!this->private->get_fingerprint(this->private, KEY_ID_PUBKEY_SHA1, &keyid) || !chunk_equals(keyid, id->get_encoding(id))) @@ -219,7 +219,7 @@ static enumerator_t* create_cert_enumerator(private_load_tester_creds_t *this, u_int32_t serial; time_t now; chunk_t keyid; - + if (this->ca == NULL) { return NULL; @@ -278,7 +278,7 @@ static enumerator_t* create_cert_enumerator(private_load_tester_creds_t *this, /** * Implements credential_set_t.create_shared_enumerator */ -static enumerator_t* create_shared_enumerator(private_load_tester_creds_t *this, +static enumerator_t* create_shared_enumerator(private_load_tester_creds_t *this, shared_key_type_t type, identification_t *me, identification_t *other) { @@ -319,17 +319,17 @@ load_tester_creds_t *load_tester_creds_create() this->public.credential_set.create_cdp_enumerator = (enumerator_t*(*) (credential_set_t *,certificate_type_t, identification_t *))return_null; this->public.credential_set.cache_cert = (void (*)(credential_set_t *, certificate_t *))nop; this->public.destroy = (void(*) (load_tester_creds_t*))destroy; - + this->private = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_RSA, BUILD_BLOB_ASN1_DER, chunk_create(private, sizeof(private)), BUILD_END); - + this->ca = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509, BUILD_BLOB_ASN1_DER, chunk_create(cert, sizeof(cert)), BUILD_X509_FLAG, X509_CA, BUILD_END); - - this->shared = shared_key_create(SHARED_IKE, + + this->shared = shared_key_create(SHARED_IKE, chunk_clone(chunk_create(psk, sizeof(psk)))); this->id = identification_create_from_string("CN=*, OU=load-test, O=strongSwan"); this->serial = 0; diff --git a/src/charon/plugins/load_tester/load_tester_creds.h b/src/charon/plugins/load_tester/load_tester_creds.h index 60cf67795..fb3541164 100644 --- a/src/charon/plugins/load_tester/load_tester_creds.h +++ b/src/charon/plugins/load_tester/load_tester_creds.h @@ -34,11 +34,11 @@ struct load_tester_creds_t { * Implements credential set interface. */ credential_set_t credential_set; - + /** * Destroy the backend. */ - void (*destroy)(load_tester_creds_t *this); + void (*destroy)(load_tester_creds_t *this); }; /** diff --git a/src/charon/plugins/load_tester/load_tester_diffie_hellman.c b/src/charon/plugins/load_tester/load_tester_diffie_hellman.c index 87d9ef42b..d5ec3599b 100644 --- a/src/charon/plugins/load_tester/load_tester_diffie_hellman.c +++ b/src/charon/plugins/load_tester/load_tester_diffie_hellman.c @@ -49,19 +49,19 @@ load_tester_diffie_hellman_t *load_tester_diffie_hellman_create( diffie_hellman_group_t group) { load_tester_diffie_hellman_t *this; - + if (group != MODP_NULL) { return NULL; } - + this = malloc_thing(load_tester_diffie_hellman_t); - + this->dh.get_shared_secret = (status_t (*)(diffie_hellman_t *, chunk_t *))get_shared_secret; this->dh.set_other_public_value = (void (*)(diffie_hellman_t *, chunk_t ))nop; this->dh.get_my_public_value = (void (*)(diffie_hellman_t *, chunk_t *))get_my_public_value; this->dh.get_dh_group = (diffie_hellman_group_t (*)(diffie_hellman_t *))get_dh_group; this->dh.destroy = (void (*)(diffie_hellman_t *))free; - + return this; } diff --git a/src/charon/plugins/load_tester/load_tester_diffie_hellman.h b/src/charon/plugins/load_tester/load_tester_diffie_hellman.h index 045c4bb4a..1014429a9 100644 --- a/src/charon/plugins/load_tester/load_tester_diffie_hellman.h +++ b/src/charon/plugins/load_tester/load_tester_diffie_hellman.h @@ -29,7 +29,7 @@ typedef struct load_tester_diffie_hellman_t load_tester_diffie_hellman_t; * A NULL Diffie Hellman implementation to avoid calculation overhead in tests. */ struct load_tester_diffie_hellman_t { - + /** * Implements diffie_hellman_t interface. */ @@ -38,7 +38,7 @@ struct load_tester_diffie_hellman_t { /** * Creates a new gmp_diffie_hellman_t object. - * + * * @param group Diffie Hellman group, supports MODP_NULL only * @return gmp_diffie_hellman_t object */ diff --git a/src/charon/plugins/load_tester/load_tester_ipsec.c b/src/charon/plugins/load_tester/load_tester_ipsec.c index 76460c3e1..b6c9f6bbf 100644 --- a/src/charon/plugins/load_tester/load_tester_ipsec.c +++ b/src/charon/plugins/load_tester/load_tester_ipsec.c @@ -27,7 +27,7 @@ struct private_load_tester_ipsec_t { * Public interface. */ load_tester_ipsec_t public; - + /** * faked SPI counter */ @@ -37,8 +37,8 @@ struct private_load_tester_ipsec_t { /** * Implementation of kernel_interface_t.get_spi. */ -static status_t get_spi(private_load_tester_ipsec_t *this, - host_t *src, host_t *dst, +static status_t get_spi(private_load_tester_ipsec_t *this, + host_t *src, host_t *dst, protocol_id_t protocol, u_int32_t reqid, u_int32_t *spi) { @@ -49,8 +49,8 @@ static status_t get_spi(private_load_tester_ipsec_t *this, /** * Implementation of kernel_interface_t.get_cpi. */ -static status_t get_cpi(private_load_tester_ipsec_t *this, - host_t *src, host_t *dst, +static status_t get_cpi(private_load_tester_ipsec_t *this, + host_t *src, host_t *dst, u_int32_t reqid, u_int16_t *cpi) { return FAILED; @@ -122,7 +122,7 @@ static status_t add_policy(private_load_tester_ipsec_t *this, * Implementation of kernel_interface_t.query_policy. */ static status_t query_policy(private_load_tester_ipsec_t *this, - traffic_selector_t *src_ts, + traffic_selector_t *src_ts, traffic_selector_t *dst_ts, policy_dir_t direction, u_int32_t *use_time) { @@ -134,7 +134,7 @@ static status_t query_policy(private_load_tester_ipsec_t *this, * Implementation of kernel_interface_t.del_policy. */ static status_t del_policy(private_load_tester_ipsec_t *this, - traffic_selector_t *src_ts, + traffic_selector_t *src_ts, traffic_selector_t *dst_ts, policy_dir_t direction, bool unrouted) { @@ -155,7 +155,7 @@ static void destroy(private_load_tester_ipsec_t *this) load_tester_ipsec_t *load_tester_ipsec_create() { private_load_tester_ipsec_t *this = malloc_thing(private_load_tester_ipsec_t); - + /* public functions */ this->public.interface.get_spi = (status_t(*)(kernel_ipsec_t*,host_t*,host_t*,protocol_id_t,u_int32_t,u_int32_t*))get_spi; this->public.interface.get_cpi = (status_t(*)(kernel_ipsec_t*,host_t*,host_t*,u_int32_t,u_int16_t*))get_cpi; @@ -167,9 +167,9 @@ load_tester_ipsec_t *load_tester_ipsec_create() this->public.interface.query_policy = (status_t(*)(kernel_ipsec_t*,traffic_selector_t*,traffic_selector_t*,policy_dir_t,u_int32_t*))query_policy; this->public.interface.del_policy = (status_t(*)(kernel_ipsec_t*,traffic_selector_t*,traffic_selector_t*,policy_dir_t,bool))del_policy; this->public.interface.destroy = (void(*)(kernel_ipsec_t*)) destroy; - + this->spi = 0; - + return &this->public; } diff --git a/src/charon/plugins/load_tester/load_tester_listener.c b/src/charon/plugins/load_tester/load_tester_listener.c index fe9a90aed..0708b35b6 100644 --- a/src/charon/plugins/load_tester/load_tester_listener.c +++ b/src/charon/plugins/load_tester/load_tester_listener.c @@ -30,7 +30,7 @@ struct private_load_tester_listener_t { * Public part */ load_tester_listener_t public; - + /** * Delete IKE_SA after it has been established */ @@ -40,7 +40,7 @@ struct private_load_tester_listener_t { * Number of established SAs */ u_int established; - + /** * Shutdown the daemon if we have established this SA count */ @@ -56,13 +56,13 @@ static bool ike_state_change(private_load_tester_listener_t *this, if (state == IKE_ESTABLISHED) { ike_sa_id_t *id = ike_sa->get_id(ike_sa); - + if (this->delete_after_established) { charon->processor->queue_job(charon->processor, (job_t*)delete_ike_sa_job_create(id, TRUE)); } - + if (id->is_initiator(id)) { if (this->shutdown_on == ++this->established) @@ -86,17 +86,17 @@ static void destroy(private_load_tester_listener_t *this) load_tester_listener_t *load_tester_listener_create(u_int shutdown_on) { private_load_tester_listener_t *this = malloc_thing(private_load_tester_listener_t); - + memset(&this->public.listener, 0, sizeof(listener_t)); this->public.listener.ike_state_change = (void*)ike_state_change; this->public.destroy = (void(*) (load_tester_listener_t*))destroy; - + this->delete_after_established = lib->settings->get_bool(lib->settings, "charon.plugins.load_tester.delete_after_established", FALSE); - + this->shutdown_on = shutdown_on; this->established = 0; - + return &this->public; } diff --git a/src/charon/plugins/load_tester/load_tester_listener.h b/src/charon/plugins/load_tester/load_tester_listener.h index 6842b3532..b9599294c 100644 --- a/src/charon/plugins/load_tester/load_tester_listener.h +++ b/src/charon/plugins/load_tester/load_tester_listener.h @@ -34,11 +34,11 @@ struct load_tester_listener_t { * Implements listener set interface. */ listener_t listener; - + /** * Destroy the backend. */ - void (*destroy)(load_tester_listener_t *this); + void (*destroy)(load_tester_listener_t *this); }; /** diff --git a/src/charon/plugins/load_tester/load_tester_plugin.c b/src/charon/plugins/load_tester/load_tester_plugin.c index 93ed2e3c5..d857a4602 100644 --- a/src/charon/plugins/load_tester/load_tester_plugin.c +++ b/src/charon/plugins/load_tester/load_tester_plugin.c @@ -37,47 +37,47 @@ struct private_load_tester_plugin_t { * implements plugin interface */ load_tester_plugin_t public; - + /** * load_tester configuration backend */ load_tester_config_t *config; - + /** * load_tester credential set implementation */ load_tester_creds_t *creds; - + /** * event handler, listens on bus */ load_tester_listener_t *listener; - + /** * number of iterations per thread */ int iterations; - + /** * number desired initiator threads */ int initiators; - + /** * currenly running initiators */ int running; - + /** * delay between initiations, in ms */ int delay; - + /** * mutex to lock running field */ mutex_t *mutex; - + /** * condvar to wait for initiators */ @@ -90,7 +90,7 @@ struct private_load_tester_plugin_t { static job_requeue_t do_load_test(private_load_tester_plugin_t *this) { int i, s = 0, ms = 0; - + this->mutex->lock(this->mutex); if (!this->running) { @@ -102,13 +102,13 @@ static job_requeue_t do_load_test(private_load_tester_plugin_t *this) s = this->delay / 1000; ms = this->delay % 1000; } - + for (i = 0; this->iterations == 0 || i < this->iterations; i++) { peer_cfg_t *peer_cfg; child_cfg_t *child_cfg = NULL; enumerator_t *enumerator; - + peer_cfg = charon->backends->get_peer_cfg_by_name(charon->backends, "load-test"); if (!peer_cfg) @@ -122,7 +122,7 @@ static job_requeue_t do_load_test(private_load_tester_plugin_t *this) break; } enumerator->destroy(enumerator); - + charon->controller->initiate(charon->controller, peer_cfg, child_cfg->get_ref(child_cfg), NULL, NULL); @@ -176,20 +176,20 @@ plugin_t *plugin_create() { private_load_tester_plugin_t *this; u_int i, shutdown_on = 0; - + if (!lib->settings->get_bool(lib->settings, "charon.plugins.load_tester.enable", FALSE)) { DBG1(DBG_CFG, "disabling load-tester plugin, not configured"); return NULL; } - + this = malloc_thing(private_load_tester_plugin_t); this->public.plugin.destroy = (void(*)(plugin_t*))destroy; - - lib->crypto->add_dh(lib->crypto, MODP_NULL, + + lib->crypto->add_dh(lib->crypto, MODP_NULL, (dh_constructor_t)load_tester_diffie_hellman_create); - + this->delay = lib->settings->get_int(lib->settings, "charon.plugins.load_tester.delay", 0); this->iterations = lib->settings->get_int(lib->settings, @@ -201,7 +201,7 @@ plugin_t *plugin_create() { shutdown_on = this->iterations * this->initiators; } - + this->mutex = mutex_create(MUTEX_TYPE_DEFAULT); this->condvar = condvar_create(CONDVAR_TYPE_DEFAULT); this->config = load_tester_config_create(); @@ -210,17 +210,17 @@ plugin_t *plugin_create() charon->backends->add_backend(charon->backends, &this->config->backend); charon->credentials->add_set(charon->credentials, &this->creds->credential_set); charon->bus->add_listener(charon->bus, &this->listener->listener); - + if (lib->settings->get_bool(lib->settings, "charon.plugins.load_tester.fake_kernel", FALSE)) { - charon->kernel_interface->add_ipsec_interface(charon->kernel_interface, + charon->kernel_interface->add_ipsec_interface(charon->kernel_interface, (kernel_ipsec_constructor_t)load_tester_ipsec_create); } this->running = 0; for (i = 0; i < this->initiators; i++) { - charon->processor->queue_job(charon->processor, + charon->processor->queue_job(charon->processor, (job_t*)callback_job_create((callback_job_cb_t)do_load_test, this, NULL, NULL)); } diff --git a/src/charon/plugins/load_tester/load_tester_plugin.h b/src/charon/plugins/load_tester/load_tester_plugin.h index 87e8914e0..e33f06ac7 100644 --- a/src/charon/plugins/load_tester/load_tester_plugin.h +++ b/src/charon/plugins/load_tester/load_tester_plugin.h @@ -31,7 +31,7 @@ typedef struct load_tester_plugin_t load_tester_plugin_t; /** * Load tester plugin to inspect system core under high load. * - * This plugin + * This plugin */ struct load_tester_plugin_t { diff --git a/src/charon/plugins/medcli/medcli_config.c b/src/charon/plugins/medcli/medcli_config.c index 9d3998757..505e744e1 100644 --- a/src/charon/plugins/medcli/medcli_config.c +++ b/src/charon/plugins/medcli/medcli_config.c @@ -32,22 +32,22 @@ struct private_medcli_config_t { * Public part */ medcli_config_t public; - + /** * database connection */ database_t *db; - + /** * rekey time */ int rekey; - + /** * dpd delay */ int dpd; - + /** * default ike config */ @@ -64,7 +64,7 @@ static traffic_selector_t *ts_from_string(char *str) int netbits = 32; host_t *net; char *pos; - + str = strdupa(str); pos = strchr(str, '/'); if (pos) @@ -107,9 +107,9 @@ static peer_cfg_t *get_peer_cfg_by_name(private_medcli_config_t *this, char *nam .jitter = this->rekey } }; - + /* query mediation server config: - * - build ike_cfg/peer_cfg for mediation connection on-the-fly + * - build ike_cfg/peer_cfg for mediation connection on-the-fly */ e = this->db->query(this->db, "SELECT Address, ClientConfig.KeyId, MediationServerConfig.KeyId " @@ -124,14 +124,14 @@ static peer_cfg_t *get_peer_cfg_by_name(private_medcli_config_t *this, char *nam ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE)); med_cfg = peer_cfg_create( "mediation", 2, ike_cfg, - CERT_NEVER_SEND, UNIQUE_REPLACE, + CERT_NEVER_SEND, UNIQUE_REPLACE, 1, this->rekey*60, 0, /* keytries, rekey, reauth */ this->rekey*5, this->rekey*3, /* jitter, overtime */ TRUE, this->dpd, /* mobike, dpddelay */ NULL, NULL, /* vip, pool */ TRUE, NULL, NULL); /* mediation, med by, peer id */ e->destroy(e); - + auth = auth_cfg_create(); auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PUBKEY); auth->add(auth, AUTH_RULE_IDENTITY, @@ -142,7 +142,7 @@ static peer_cfg_t *get_peer_cfg_by_name(private_medcli_config_t *this, char *nam auth->add(auth, AUTH_RULE_IDENTITY, identification_create_from_encoding(ID_KEY_ID, other)); med_cfg->add_auth_cfg(med_cfg, auth, FALSE); - + /* query mediated config: * - use any-any ike_cfg * - build peer_cfg on-the-fly using med_cfg @@ -161,14 +161,14 @@ static peer_cfg_t *get_peer_cfg_by_name(private_medcli_config_t *this, char *nam } peer_cfg = peer_cfg_create( name, 2, this->ike->get_ref(this->ike), - CERT_NEVER_SEND, UNIQUE_REPLACE, + CERT_NEVER_SEND, UNIQUE_REPLACE, 1, this->rekey*60, 0, /* keytries, rekey, reauth */ this->rekey*5, this->rekey*3, /* jitter, overtime */ TRUE, this->dpd, /* mobike, dpddelay */ NULL, NULL, /* vip, pool */ FALSE, med_cfg, /* mediation, med by */ identification_create_from_encoding(ID_KEY_ID, other)); - + auth = auth_cfg_create(); auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PUBKEY); auth->add(auth, AUTH_RULE_IDENTITY, @@ -179,7 +179,7 @@ static peer_cfg_t *get_peer_cfg_by_name(private_medcli_config_t *this, char *nam auth->add(auth, AUTH_RULE_IDENTITY, identification_create_from_encoding(ID_KEY_ID, other)); peer_cfg->add_auth_cfg(peer_cfg, auth, FALSE); - + child_cfg = child_cfg_create(name, &lifetime, NULL, TRUE, MODE_TUNNEL, ACTION_NONE, ACTION_NONE, FALSE); child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP)); @@ -240,13 +240,13 @@ static bool peer_enumerator_enumerate(peer_enumerator_t *this, peer_cfg_t **cfg) } this->current = peer_cfg_create( name, 2, this->ike->get_ref(this->ike), - CERT_NEVER_SEND, UNIQUE_REPLACE, + CERT_NEVER_SEND, UNIQUE_REPLACE, 1, this->rekey*60, 0, /* keytries, rekey, reauth */ this->rekey*5, this->rekey*3, /* jitter, overtime */ TRUE, this->dpd, /* mobike, dpddelay */ NULL, NULL, /* vip, pool */ FALSE, NULL, NULL); /* mediation, med by, peer id */ - + auth = auth_cfg_create(); auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PUBKEY); auth->add(auth, AUTH_RULE_IDENTITY, @@ -257,7 +257,7 @@ static bool peer_enumerator_enumerate(peer_enumerator_t *this, peer_cfg_t **cfg) auth->add(auth, AUTH_RULE_IDENTITY, identification_create_from_encoding(ID_KEY_ID, other)); this->current->add_auth_cfg(this->current, auth, FALSE); - + child_cfg = child_cfg_create(name, &lifetime, NULL, TRUE, MODE_TUNNEL, ACTION_NONE, ACTION_NONE, FALSE); child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP)); @@ -286,7 +286,7 @@ static enumerator_t* create_peer_cfg_enumerator(private_medcli_config_t *this, identification_t *other) { peer_enumerator_t *e = malloc_thing(peer_enumerator_t); - + e->current = NULL; e->ike = this->ike; e->rekey = this->rekey; @@ -300,12 +300,12 @@ static enumerator_t* create_peer_cfg_enumerator(private_medcli_config_t *this, "Connection.LocalSubnet, Connection.RemoteSubnet " "FROM ClientConfig JOIN Connection " "WHERE Active AND " - "(? OR ClientConfig.KeyId = ?) AND (? OR Connection.KeyId = ?)", - DB_INT, me == NULL || me->get_type(me) == ID_ANY, - DB_BLOB, me && me->get_type(me) == ID_KEY_ID ? + "(? OR ClientConfig.KeyId = ?) AND (? OR Connection.KeyId = ?)", + DB_INT, me == NULL || me->get_type(me) == ID_ANY, + DB_BLOB, me && me->get_type(me) == ID_KEY_ID ? me->get_encoding(me) : chunk_empty, - DB_INT, other == NULL || other->get_type(other) == ID_ANY, - DB_BLOB, other && other->get_type(other) == ID_KEY_ID ? + DB_INT, other == NULL || other->get_type(other) == ID_ANY, + DB_BLOB, other && other->get_type(other) == ID_KEY_ID ? other->get_encoding(other) : chunk_empty, DB_TEXT, DB_BLOB, DB_BLOB, DB_TEXT, DB_TEXT); if (!e->inner) @@ -323,7 +323,7 @@ static job_requeue_t initiate_config(peer_cfg_t *peer_cfg) { enumerator_t *enumerator; child_cfg_t *child_cfg = NULL;; - + enumerator = peer_cfg->create_child_cfg_enumerator(peer_cfg); enumerator->enumerate(enumerator, &child_cfg); if (child_cfg) @@ -348,7 +348,7 @@ static void schedule_autoinit(private_medcli_config_t *this) { enumerator_t *e; char *name; - + e = this->db->query(this->db, "SELECT Alias FROM Connection WHERE Active", DB_TEXT); if (e) @@ -356,7 +356,7 @@ static void schedule_autoinit(private_medcli_config_t *this) while (e->enumerate(e, &name)) { peer_cfg_t *peer_cfg; - + peer_cfg = get_peer_cfg_by_name(this, name); if (peer_cfg) { @@ -391,15 +391,15 @@ medcli_config_t *medcli_config_create(database_t *db) this->public.backend.create_ike_cfg_enumerator = (enumerator_t*(*)(backend_t*, host_t *me, host_t *other))create_ike_cfg_enumerator; this->public.backend.get_peer_cfg_by_name = (peer_cfg_t* (*)(backend_t*,char*))get_peer_cfg_by_name; this->public.destroy = (void(*)(medcli_config_t*))destroy; - + this->db = db; this->rekey = lib->settings->get_time(lib->settings, "medcli.rekey", 1200); this->dpd = lib->settings->get_time(lib->settings, "medcli.dpd", 300); this->ike = ike_cfg_create(FALSE, FALSE, "0.0.0.0", "0.0.0.0"); this->ike->add_proposal(this->ike, proposal_create_default(PROTO_IKE)); - + schedule_autoinit(this); - + return &this->public; } diff --git a/src/charon/plugins/medcli/medcli_config.h b/src/charon/plugins/medcli/medcli_config.h index a37280bd0..36c20adf7 100644 --- a/src/charon/plugins/medcli/medcli_config.h +++ b/src/charon/plugins/medcli/medcli_config.h @@ -35,11 +35,11 @@ struct medcli_config_t { * Implements backend_t interface */ backend_t backend; - + /** * Destroy the backend. */ - void (*destroy)(medcli_config_t *this); + void (*destroy)(medcli_config_t *this); }; /** diff --git a/src/charon/plugins/medcli/medcli_creds.c b/src/charon/plugins/medcli/medcli_creds.c index d3c66ae35..777913628 100644 --- a/src/charon/plugins/medcli/medcli_creds.c +++ b/src/charon/plugins/medcli/medcli_creds.c @@ -30,7 +30,7 @@ struct private_medcli_creds_t { * Public part */ medcli_creds_t public; - + /** * underlying database handle */ @@ -90,21 +90,21 @@ static enumerator_t* create_private_enumerator(private_medcli_creds_t *this, key_type_t type, identification_t *id) { private_enumerator_t *e; - + if ((type != KEY_RSA && type != KEY_ANY) || id == NULL || id->get_type(id) != ID_KEY_ID) { DBG1(DBG_CFG, "%N - %Y", key_type_names, type, id); return NULL; } - + e = malloc_thing(private_enumerator_t); e->current = NULL; e->public.enumerate = (void*)private_enumerator_enumerate; e->public.destroy = (void*)private_enumerator_destroy; e->inner = this->db->query(this->db, "SELECT PrivateKey FROM ClientConfig WHERE KeyId = ?", - DB_BLOB, id->get_encoding(id), + DB_BLOB, id->get_encoding(id), DB_BLOB); if (!e->inner) { @@ -185,13 +185,13 @@ static enumerator_t* create_cert_enumerator(private_medcli_creds_t *this, identification_t *id, bool trusted) { cert_enumerator_t *e; - + if ((cert != CERT_TRUSTED_PUBKEY && cert != CERT_ANY) || id == NULL || id->get_type(id) != ID_KEY_ID) { return NULL; } - + e = malloc_thing(cert_enumerator_t); e->current = NULL; e->type = key; @@ -235,9 +235,9 @@ medcli_creds_t *medcli_creds_create(database_t *db) this->public.set.cache_cert = (void*)nop; this->public.destroy = (void (*)(medcli_creds_t*))destroy; - + this->db = db; - + return &this->public; } diff --git a/src/charon/plugins/medcli/medcli_creds.h b/src/charon/plugins/medcli/medcli_creds.h index 97bf1c226..4b5402653 100644 --- a/src/charon/plugins/medcli/medcli_creds.h +++ b/src/charon/plugins/medcli/medcli_creds.h @@ -35,11 +35,11 @@ struct medcli_creds_t { * Implements credential_set_t interface */ credential_set_t set; - + /** * Destroy the credentials databse. */ - void (*destroy)(medcli_creds_t *this); + void (*destroy)(medcli_creds_t *this); }; /** diff --git a/src/charon/plugins/medcli/medcli_listener.c b/src/charon/plugins/medcli/medcli_listener.c index 4d058c0cd..142f02e6c 100644 --- a/src/charon/plugins/medcli/medcli_listener.c +++ b/src/charon/plugins/medcli/medcli_listener.c @@ -39,7 +39,7 @@ struct private_medcli_listener_t { * Public part */ medcli_listener_t public; - + /** * underlying database handle */ @@ -117,17 +117,17 @@ static void destroy(private_medcli_listener_t *this) medcli_listener_t *medcli_listener_create(database_t *db) { private_medcli_listener_t *this = malloc_thing(private_medcli_listener_t); - + memset(&this->public.listener, 0, sizeof(listener_t)); - + this->public.listener.ike_state_change = (void*)ike_state_change; this->public.listener.child_state_change = (void*)child_state_change; this->public.destroy = (void (*)(medcli_listener_t*))destroy; - + this->db = db; db->execute(db, NULL, "UPDATE Connection SET Status = ?", DB_UINT, STATE_DOWN); - + return &this->public; } diff --git a/src/charon/plugins/medcli/medcli_listener.h b/src/charon/plugins/medcli/medcli_listener.h index c6881f88a..4768beccd 100644 --- a/src/charon/plugins/medcli/medcli_listener.h +++ b/src/charon/plugins/medcli/medcli_listener.h @@ -35,11 +35,11 @@ struct medcli_listener_t { * Implements bus_listener_t interface */ listener_t listener; - + /** * Destroy the credentials databse. */ - void (*destroy)(medcli_listener_t *this); + void (*destroy)(medcli_listener_t *this); }; /** diff --git a/src/charon/plugins/medcli/medcli_plugin.c b/src/charon/plugins/medcli/medcli_plugin.c index 908b144f0..148eded61 100644 --- a/src/charon/plugins/medcli/medcli_plugin.c +++ b/src/charon/plugins/medcli/medcli_plugin.c @@ -32,22 +32,22 @@ struct private_medcli_plugin_t { * implements plugin interface */ medcli_plugin_t public; - + /** * database connection instance */ database_t *db; - + /** * medcli credential set instance */ medcli_creds_t *creds; - + /** * medcli config database */ medcli_config_t *config; - + /** * Listener to update database connection state */ @@ -76,9 +76,9 @@ plugin_t *plugin_create() { char *uri; private_medcli_plugin_t *this = malloc_thing(private_medcli_plugin_t); - + this->public.plugin.destroy = (void(*)(plugin_t*))destroy; - + uri = lib->settings->get_str(lib->settings, "medcli.database", NULL); if (!uri) @@ -87,7 +87,7 @@ plugin_t *plugin_create() free(this); return NULL; } - + this->db = lib->db->create(lib->db, uri); if (this->db == NULL) { @@ -95,15 +95,15 @@ plugin_t *plugin_create() free(this); return NULL; } - + this->creds = medcli_creds_create(this->db); this->config = medcli_config_create(this->db); this->listener = medcli_listener_create(this->db); - + charon->credentials->add_set(charon->credentials, &this->creds->set); charon->backends->add_backend(charon->backends, &this->config->backend); charon->bus->add_listener(charon->bus, &this->listener->listener); - + return &this->public.plugin; } diff --git a/src/charon/plugins/medsrv/medsrv_config.c b/src/charon/plugins/medsrv/medsrv_config.c index 1ab7f3864..3df720967 100644 --- a/src/charon/plugins/medsrv/medsrv_config.c +++ b/src/charon/plugins/medsrv/medsrv_config.c @@ -30,22 +30,22 @@ struct private_medsrv_config_t { * Public part */ medsrv_config_t public; - + /** * database connection */ database_t *db; - + /** * rekey time */ int rekey; - + /** * dpd delay */ int dpd; - + /** * default ike config */ @@ -77,7 +77,7 @@ static enumerator_t* create_peer_cfg_enumerator(private_medsrv_config_t *this, identification_t *other) { enumerator_t *e; - + if (!me || !other || other->get_type(other) != ID_KEY_ID) { return NULL; @@ -92,7 +92,7 @@ static enumerator_t* create_peer_cfg_enumerator(private_medsrv_config_t *this, peer_cfg_t *peer_cfg; auth_cfg_t *auth; char *name; - + if (e->enumerate(e, &name)) { peer_cfg = peer_cfg_create( @@ -104,7 +104,7 @@ static enumerator_t* create_peer_cfg_enumerator(private_medsrv_config_t *this, NULL, NULL, /* vip, pool */ TRUE, NULL, NULL); /* mediation, med by, peer id */ e->destroy(e); - + auth = auth_cfg_create(); auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PUBKEY); auth->add(auth, AUTH_RULE_IDENTITY, me->clone(me)); @@ -113,7 +113,7 @@ static enumerator_t* create_peer_cfg_enumerator(private_medsrv_config_t *this, auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PUBKEY); auth->add(auth, AUTH_RULE_IDENTITY, other->clone(other)); peer_cfg->add_auth_cfg(peer_cfg, auth, FALSE); - + return enumerator_create_single(peer_cfg, (void*)peer_cfg->destroy); } e->destroy(e); @@ -141,13 +141,13 @@ medsrv_config_t *medsrv_config_create(database_t *db) this->public.backend.create_ike_cfg_enumerator = (enumerator_t*(*)(backend_t*, host_t *me, host_t *other))create_ike_cfg_enumerator; this->public.backend.get_peer_cfg_by_name = (peer_cfg_t* (*)(backend_t*,char*))get_peer_cfg_by_name; this->public.destroy = (void(*)(medsrv_config_t*))destroy; - + this->db = db; this->rekey = lib->settings->get_time(lib->settings, "medsrv.rekey", 1200); this->dpd = lib->settings->get_time(lib->settings, "medsrv.dpd", 300); this->ike = ike_cfg_create(FALSE, FALSE, "0.0.0.0", "0.0.0.0"); this->ike->add_proposal(this->ike, proposal_create_default(PROTO_IKE)); - + return &this->public; } diff --git a/src/charon/plugins/medsrv/medsrv_config.h b/src/charon/plugins/medsrv/medsrv_config.h index 2ed63bca7..fc8b0e972 100644 --- a/src/charon/plugins/medsrv/medsrv_config.h +++ b/src/charon/plugins/medsrv/medsrv_config.h @@ -35,11 +35,11 @@ struct medsrv_config_t { * Implements backend_t interface */ backend_t backend; - + /** * Destroy the backend. */ - void (*destroy)(medsrv_config_t *this); + void (*destroy)(medsrv_config_t *this); }; /** diff --git a/src/charon/plugins/medsrv/medsrv_creds.c b/src/charon/plugins/medsrv/medsrv_creds.c index 7dac37f1f..2127f5660 100644 --- a/src/charon/plugins/medsrv/medsrv_creds.c +++ b/src/charon/plugins/medsrv/medsrv_creds.c @@ -30,7 +30,7 @@ struct private_medsrv_creds_t { * Public part */ medsrv_creds_t public; - + /** * underlying database handle */ @@ -109,13 +109,13 @@ static enumerator_t* create_cert_enumerator(private_medsrv_creds_t *this, identification_t *id, bool trusted) { cert_enumerator_t *e; - + if ((cert != CERT_TRUSTED_PUBKEY && cert != CERT_ANY) || id == NULL || id->get_type(id) != ID_KEY_ID) { return NULL; } - + e = malloc_thing(cert_enumerator_t); e->current = NULL; e->type = key; @@ -155,9 +155,9 @@ medsrv_creds_t *medsrv_creds_create(database_t *db) this->public.set.cache_cert = (void*)nop; this->public.destroy = (void (*)(medsrv_creds_t*))destroy; - + this->db = db; - + return &this->public; } diff --git a/src/charon/plugins/medsrv/medsrv_creds.h b/src/charon/plugins/medsrv/medsrv_creds.h index da23220c2..d08adf3bf 100644 --- a/src/charon/plugins/medsrv/medsrv_creds.h +++ b/src/charon/plugins/medsrv/medsrv_creds.h @@ -35,11 +35,11 @@ struct medsrv_creds_t { * Implements credential_set_t interface */ credential_set_t set; - + /** * Destroy the credentials databse. */ - void (*destroy)(medsrv_creds_t *this); + void (*destroy)(medsrv_creds_t *this); }; /** diff --git a/src/charon/plugins/medsrv/medsrv_plugin.c b/src/charon/plugins/medsrv/medsrv_plugin.c index 4340d7991..7c533f10e 100644 --- a/src/charon/plugins/medsrv/medsrv_plugin.c +++ b/src/charon/plugins/medsrv/medsrv_plugin.c @@ -31,17 +31,17 @@ struct private_medsrv_plugin_t { * implements plugin interface */ medsrv_plugin_t public; - + /** * database connection instance */ database_t *db; - + /** * medsrv credential set instance */ medsrv_creds_t *creds; - + /** * medsrv config database */ @@ -68,9 +68,9 @@ plugin_t *plugin_create() { char *uri; private_medsrv_plugin_t *this = malloc_thing(private_medsrv_plugin_t); - + this->public.plugin.destroy = (void(*)(plugin_t*))destroy; - + uri = lib->settings->get_str(lib->settings, "medsrv.database", NULL); if (!uri) @@ -79,7 +79,7 @@ plugin_t *plugin_create() free(this); return NULL; } - + this->db = lib->db->create(lib->db, uri); if (this->db == NULL) { @@ -87,13 +87,13 @@ plugin_t *plugin_create() free(this); return NULL; } - + this->creds = medsrv_creds_create(this->db); this->config = medsrv_config_create(this->db); - + charon->credentials->add_set(charon->credentials, &this->creds->set); charon->backends->add_backend(charon->backends, &this->config->backend); - + return &this->public.plugin; } diff --git a/src/charon/plugins/nm/gnome/auth-dialog/main.c b/src/charon/plugins/nm/gnome/auth-dialog/main.c index 84b3387e1..4ff926b22 100644 --- a/src/charon/plugins/nm/gnome/auth-dialog/main.c +++ b/src/charon/plugins/nm/gnome/auth-dialog/main.c @@ -1,7 +1,7 @@ /* * Copyright (C) 2008 Martin Willi * Hochschule fuer Technik Rapperswil - * Copyright (C) 2004 Dan Williams + * Copyright (C) 2004 Dan Williams * Red Hat, Inc. * * This program is free software; you can redistribute it and/or modify it @@ -49,7 +49,7 @@ static char *lookup_password(char *name, char *service) for (iter = list; iter; iter = iter->next) { GnomeKeyringNetworkPasswordData *data = iter->data; - + if (strcmp(data->object, "password") == 0 && data->password) { pass = g_strdup(data->password); @@ -97,7 +97,7 @@ static char* get_connection_type(char *uuid) } g_slist_foreach(list, (GFunc)g_free, NULL); g_slist_free(list); - + if (found) { key = g_strdup_printf ("%s/%s/%s", found, @@ -139,14 +139,14 @@ int main (int argc, char *argv[]) argc, argv, GNOME_PARAM_GOPTION_CONTEXT, context, GNOME_PARAM_NONE); - + if (uuid == NULL || name == NULL || service == NULL) { fprintf (stderr, "Have to supply UUID, name, and service\n"); g_object_unref (program); return 1; } - + if (strcmp(service, NM_DBUS_SERVICE_STRONGSWAN) != 0) { fprintf(stderr, "This dialog only works with the '%s' service\n", @@ -154,7 +154,7 @@ int main (int argc, char *argv[]) g_object_unref (program); return 1; } - + type = get_connection_type(uuid); if (!type) { @@ -221,7 +221,7 @@ int main (int argc, char *argv[]) else { dialog = gtk_message_dialog_new(NULL, 0, GTK_MESSAGE_ERROR, - GTK_BUTTONS_OK, + GTK_BUTTONS_OK, _("Configuration uses ssh-agent for authentication, " "but ssh-agent is not running!")); gtk_dialog_run (GTK_DIALOG (dialog)); diff --git a/src/charon/plugins/nm/gnome/properties/nm-strongswan.c b/src/charon/plugins/nm/gnome/properties/nm-strongswan.c index 18bf097ea..0c55d3abc 100644 --- a/src/charon/plugins/nm/gnome/properties/nm-strongswan.c +++ b/src/charon/plugins/nm/gnome/properties/nm-strongswan.c @@ -158,7 +158,7 @@ settings_changed_cb (GtkWidget *widget, gpointer user_data) { StrongswanPluginUiWidget *self = STRONGSWAN_PLUGIN_UI_WIDGET (user_data); StrongswanPluginUiWidgetPrivate *priv = STRONGSWAN_PLUGIN_UI_WIDGET_GET_PRIVATE (self); - + if (widget == glade_xml_get_widget (priv->xml, "method-combo")) { update_layout(glade_xml_get_widget (priv->xml, "method-combo"), priv); @@ -173,7 +173,7 @@ init_plugin_ui (StrongswanPluginUiWidget *self, NMConnection *connection, GError NMSettingVPN *settings; GtkWidget *widget; const char *value; - + settings = NM_SETTING_VPN(nm_connection_get_setting(connection, NM_TYPE_SETTING_VPN)); widget = glade_xml_get_widget (priv->xml, "address-entry"); value = nm_setting_vpn_get_data_item (settings, "address"); @@ -218,7 +218,7 @@ init_plugin_ui (StrongswanPluginUiWidget *self, NMConnection *connection, GError } update_layout (widget, priv); g_signal_connect (G_OBJECT (widget), "changed", G_CALLBACK (settings_changed_cb), self); - + widget = glade_xml_get_widget (priv->xml, "usercert-label"); gtk_widget_set_no_show_all (widget, TRUE); widget = glade_xml_get_widget (priv->xml, "usercert-button"); @@ -227,7 +227,7 @@ init_plugin_ui (StrongswanPluginUiWidget *self, NMConnection *connection, GError if (value) gtk_file_chooser_set_filename (GTK_FILE_CHOOSER (widget), value); g_signal_connect (G_OBJECT (widget), "selection-changed", G_CALLBACK (settings_changed_cb), self); - + widget = glade_xml_get_widget (priv->xml, "userkey-label"); gtk_widget_set_no_show_all (widget, TRUE); widget = glade_xml_get_widget (priv->xml, "userkey-button"); @@ -236,7 +236,7 @@ init_plugin_ui (StrongswanPluginUiWidget *self, NMConnection *connection, GError if (value) gtk_file_chooser_set_filename (GTK_FILE_CHOOSER (widget), value); g_signal_connect (G_OBJECT (widget), "selection-changed", G_CALLBACK (settings_changed_cb), self); - + widget = glade_xml_get_widget (priv->xml, "virtual-check"); value = nm_setting_vpn_get_data_item (settings, "virtual"); if (value && strcmp(value, "yes") == 0) @@ -244,7 +244,7 @@ init_plugin_ui (StrongswanPluginUiWidget *self, NMConnection *connection, GError gtk_toggle_button_set_active(GTK_TOGGLE_BUTTON(widget), TRUE); } g_signal_connect (G_OBJECT (widget), "toggled", G_CALLBACK (settings_changed_cb), self); - + widget = glade_xml_get_widget (priv->xml, "encap-check"); value = nm_setting_vpn_get_data_item (settings, "encap"); if (value && strcmp(value, "yes") == 0) @@ -252,7 +252,7 @@ init_plugin_ui (StrongswanPluginUiWidget *self, NMConnection *connection, GError gtk_toggle_button_set_active(GTK_TOGGLE_BUTTON(widget), TRUE); } g_signal_connect (G_OBJECT (widget), "toggled", G_CALLBACK (settings_changed_cb), self); - + widget = glade_xml_get_widget (priv->xml, "ipcomp-check"); value = nm_setting_vpn_get_data_item (settings, "ipcomp"); if (value && strcmp(value, "yes") == 0) @@ -288,7 +288,7 @@ update_connection (NMVpnPluginUiWidgetInterface *iface, if (!check_validity (self, error)) return FALSE; settings = NM_SETTING_VPN (nm_setting_vpn_new ()); - + g_object_set (settings, NM_SETTING_VPN_SERVICE_TYPE, NM_DBUS_SERVICE_STRONGSWAN, NULL); @@ -303,7 +303,7 @@ update_connection (NMVpnPluginUiWidgetInterface *iface, if (str) { nm_setting_vpn_add_data_item (settings, "certificate", str); } - + widget = glade_xml_get_widget (priv->xml, "method-combo"); switch (gtk_combo_box_get_active (GTK_COMBO_BOX (widget))) { @@ -339,15 +339,15 @@ update_connection (NMVpnPluginUiWidgetInterface *iface, break; } nm_setting_vpn_add_data_item (settings, "method", str); - + widget = glade_xml_get_widget (priv->xml, "virtual-check"); active = gtk_toggle_button_get_active(GTK_TOGGLE_BUTTON(widget)); nm_setting_vpn_add_data_item (settings, "virtual", active ? "yes" : "no"); - + widget = glade_xml_get_widget (priv->xml, "encap-check"); active = gtk_toggle_button_get_active(GTK_TOGGLE_BUTTON(widget)); nm_setting_vpn_add_data_item (settings, "encap", active ? "yes" : "no"); - + widget = glade_xml_get_widget (priv->xml, "ipcomp-check"); active = gtk_toggle_button_get_active(GTK_TOGGLE_BUTTON(widget)); nm_setting_vpn_add_data_item (settings, "ipcomp", active ? "yes" : "no"); diff --git a/src/charon/plugins/nm/gnome/properties/nm-strongswan.h b/src/charon/plugins/nm/gnome/properties/nm-strongswan.h index 2ebd4bed1..e2b66bb15 100644 --- a/src/charon/plugins/nm/gnome/properties/nm-strongswan.h +++ b/src/charon/plugins/nm/gnome/properties/nm-strongswan.h @@ -28,7 +28,7 @@ typedef enum STRONGSWAN_PLUGIN_UI_ERROR_MISSING_PROPERTY } StrongswanPluginUiError; -#define STRONGSWAN_TYPE_PLUGIN_UI_ERROR (strongswan_plugin_ui_error_get_type ()) +#define STRONGSWAN_TYPE_PLUGIN_UI_ERROR (strongswan_plugin_ui_error_get_type ()) GType strongswan_plugin_ui_error_get_type (void); #define STRONGSWAN_TYPE_PLUGIN_UI (strongswan_plugin_ui_get_type ()) diff --git a/src/charon/plugins/nm/nm_creds.c b/src/charon/plugins/nm/nm_creds.c index 9d1b0b895..1a35105cf 100644 --- a/src/charon/plugins/nm/nm_creds.c +++ b/src/charon/plugins/nm/nm_creds.c @@ -29,32 +29,32 @@ struct private_nm_creds_t { * public functions */ nm_creds_t public; - + /** * gateway certificate */ certificate_t *cert; - + /** * User name */ identification_t *user; - + /** * User password */ char *pass; - + /** * users certificate */ certificate_t *usercert; - + /** * users private key */ private_key_t *key; - + /** * read/write lock */ @@ -68,13 +68,13 @@ static enumerator_t *create_usercert_enumerator(private_nm_creds_t *this, certificate_type_t cert, key_type_t key) { public_key_t *public; - + if (cert != CERT_ANY && cert != this->usercert->get_type(this->usercert)) { return NULL; } if (key != KEY_ANY) - { + { public = this->usercert->get_public_key(this->usercert); if (!public) { @@ -121,7 +121,7 @@ static enumerator_t* create_cert_enumerator(private_nm_creds_t *this, if (key != KEY_ANY) { public_key_t *public; - + public = this->cert->get_public_key(this->cert); if (!public) { @@ -156,7 +156,7 @@ static enumerator_t* create_private_enumerator(private_nm_creds_t *this, if (id && id->get_type(id) != ID_ANY) { chunk_t keyid; - + if (id->get_type(id) != ID_KEY_ID || !this->key->get_fingerprint(this->key, KEY_ID_PUBKEY_SHA1, &keyid) || !chunk_equals(keyid, id->get_encoding(id))) @@ -208,7 +208,7 @@ static void shared_destroy(shared_enumerator_t *this) /** * Implements credential_set_t.create_cert_enumerator */ -static enumerator_t* create_shared_enumerator(private_nm_creds_t *this, +static enumerator_t* create_shared_enumerator(private_nm_creds_t *this, shared_key_type_t type, identification_t *me, identification_t *other) { @@ -226,7 +226,7 @@ static enumerator_t* create_shared_enumerator(private_nm_creds_t *this, { return NULL; } - + enumerator = malloc_thing(shared_enumerator_t); enumerator->public.enumerate = (void*)shared_enumerate; enumerator->public.destroy = (void*)shared_destroy; @@ -267,7 +267,7 @@ static void set_username_password(private_nm_creds_t *this, identification_t *id /** * Implementation of nm_creds_t.set_cert_and_key */ -static void set_cert_and_key(private_nm_creds_t *this, certificate_t *cert, +static void set_cert_and_key(private_nm_creds_t *this, certificate_t *cert, private_key_t *key) { this->lock->write_lock(this->lock); @@ -276,7 +276,7 @@ static void set_cert_and_key(private_nm_creds_t *this, certificate_t *cert, this->key = key; this->usercert = cert; this->lock->unlock(this->lock); -} +} /** * Implementation of nm_creds_t.clear @@ -311,7 +311,7 @@ static void destroy(private_nm_creds_t *this) nm_creds_t *nm_creds_create() { private_nm_creds_t *this = malloc_thing(private_nm_creds_t); - + this->public.set.create_private_enumerator = (void*)create_private_enumerator; this->public.set.create_cert_enumerator = (void*)create_cert_enumerator; this->public.set.create_shared_enumerator = (void*)create_shared_enumerator; @@ -322,15 +322,15 @@ nm_creds_t *nm_creds_create() this->public.set_cert_and_key = (void(*)(nm_creds_t*, certificate_t *cert, private_key_t *key))set_cert_and_key; this->public.clear = (void(*)(nm_creds_t*))clear; this->public.destroy = (void(*)(nm_creds_t*))destroy; - + this->lock = rwlock_create(RWLOCK_TYPE_DEFAULT); - + this->cert = NULL; this->user = NULL; this->pass = NULL; this->usercert = NULL; this->key = NULL; - + return &this->public; } diff --git a/src/charon/plugins/nm/nm_creds.h b/src/charon/plugins/nm/nm_creds.h index 421442c81..754fe53df 100644 --- a/src/charon/plugins/nm/nm_creds.h +++ b/src/charon/plugins/nm/nm_creds.h @@ -35,14 +35,14 @@ struct nm_creds_t { * Implements credential_set_t */ credential_set_t set; - + /** * Set the trusted gateway certificate to serve by this set. * * @param cert certificate to serve */ void (*set_certificate)(nm_creds_t *this, certificate_t *cert); - + /** * Set the username/password for authentication. * diff --git a/src/charon/plugins/nm/nm_handler.c b/src/charon/plugins/nm/nm_handler.c index 026c47af2..7b9c10b65 100644 --- a/src/charon/plugins/nm/nm_handler.c +++ b/src/charon/plugins/nm/nm_handler.c @@ -23,17 +23,17 @@ typedef struct private_nm_handler_t private_nm_handler_t; * Private data of an nm_handler_t object. */ struct private_nm_handler_t { - + /** * Public nm_handler_t interface. */ nm_handler_t public; - + /** * list of received DNS server attributes, pointer to 4 byte data */ linked_list_t *dns; - + /** * list of received NBNS server attributes, pointer to 4 byte data */ @@ -47,7 +47,7 @@ static bool handle(private_nm_handler_t *this, ike_sa_t *ike_sa, configuration_attribute_type_t type, chunk_t data) { linked_list_t *list; - + switch (type) { case INTERNAL_IP4_DNS: @@ -83,7 +83,7 @@ static enumerator_t* create_enumerator(private_nm_handler_t *this, configuration_attribute_type_t type) { linked_list_t *list; - + switch (type) { case INTERNAL_IP4_DNS: @@ -105,7 +105,7 @@ static enumerator_t* create_enumerator(private_nm_handler_t *this, static void reset(private_nm_handler_t *this) { void *data; - + while (this->dns->remove_last(this->dns, (void**)&data) == SUCCESS) { free(data); @@ -133,16 +133,16 @@ static void destroy(private_nm_handler_t *this) nm_handler_t *nm_handler_create() { private_nm_handler_t *this = malloc_thing(private_nm_handler_t); - + this->public.handler.handle = (bool(*)(attribute_handler_t*, ike_sa_t*, configuration_attribute_type_t, chunk_t))handle; this->public.handler.release = (void(*)(attribute_handler_t*, ike_sa_t*, configuration_attribute_type_t, chunk_t))nop; this->public.create_enumerator = (enumerator_t*(*)(nm_handler_t*, configuration_attribute_type_t type))create_enumerator; this->public.reset = (void(*)(nm_handler_t*))reset; this->public.destroy = (void(*)(nm_handler_t*))destroy; - + this->dns = linked_list_create(); this->nbns = linked_list_create(); - + return &this->public; } diff --git a/src/charon/plugins/nm/nm_handler.h b/src/charon/plugins/nm/nm_handler.h index d537bb8de..3904ce1f0 100644 --- a/src/charon/plugins/nm/nm_handler.h +++ b/src/charon/plugins/nm/nm_handler.h @@ -29,12 +29,12 @@ typedef struct nm_handler_t nm_handler_t; * Handles DNS/NBNS attributes to pass to NM. */ struct nm_handler_t { - + /** * Implements attribute handler interface */ attribute_handler_t handler; - + /** * Create an enumerator over received attributes of a given kind. * @@ -47,7 +47,7 @@ struct nm_handler_t { * Reset state, flush all received attributes. */ void (*reset)(nm_handler_t *this); - + /** * Destroy a nm_handler_t. */ diff --git a/src/charon/plugins/nm/nm_plugin.c b/src/charon/plugins/nm/nm_plugin.c index 1fb46f814..46cc9c39e 100644 --- a/src/charon/plugins/nm/nm_plugin.c +++ b/src/charon/plugins/nm/nm_plugin.c @@ -34,22 +34,22 @@ struct private_nm_plugin_t { * implements plugin interface */ nm_plugin_t public; - + /** * NetworkManager service (VPNPlugin) */ NMStrongswanPlugin *plugin; - + /** * Glib main loop for a thread, handles DBUS calls */ GMainLoop *loop; - + /** * credential set registered at the daemon */ nm_creds_t *creds; - + /** * attribute handler regeisterd at the daemon */ @@ -96,16 +96,16 @@ static void destroy(private_nm_plugin_t *this) plugin_t *plugin_create() { private_nm_plugin_t *this = malloc_thing(private_nm_plugin_t); - + this->public.plugin.destroy = (void(*)(plugin_t*))destroy; - + this->loop = NULL; g_type_init (); if (!g_thread_supported()) { g_thread_init(NULL); } - + this->creds = nm_creds_create(); this->handler = nm_handler_create(); charon->credentials->add_set(charon->credentials, &this->creds->set); @@ -117,13 +117,13 @@ plugin_t *plugin_create() destroy(this); return NULL; } - + /* bypass file permissions to read from users ssh-agent */ charon->keep_cap(charon, CAP_DAC_OVERRIDE); - - charon->processor->queue_job(charon->processor, + + charon->processor->queue_job(charon->processor, (job_t*)callback_job_create((callback_job_cb_t)run, this, NULL, NULL)); - + return &this->public.plugin; } diff --git a/src/charon/plugins/nm/nm_service.c b/src/charon/plugins/nm/nm_service.c index 6aa5561f1..d896a432d 100644 --- a/src/charon/plugins/nm/nm_service.c +++ b/src/charon/plugins/nm/nm_service.c @@ -59,7 +59,7 @@ static GValue* handler_to_val(nm_handler_t *handler, GArray *array; enumerator_t *enumerator; chunk_t chunk; - + enumerator = handler->create_enumerator(handler, type); array = g_array_new (FALSE, TRUE, sizeof (guint32)); while (enumerator->enumerate(enumerator, &chunk)) @@ -70,7 +70,7 @@ static GValue* handler_to_val(nm_handler_t *handler, val = g_slice_new0 (GValue); g_value_init (val, DBUS_TYPE_G_UINT_ARRAY); g_value_set_boxed (val, array); - + return val; } @@ -84,37 +84,37 @@ static void signal_ipv4_config(NMVPNPlugin *plugin, GHashTable *config; host_t *me, *other; nm_handler_t *handler; - + config = g_hash_table_new(g_str_hash, g_str_equal); me = ike_sa->get_my_host(ike_sa); other = ike_sa->get_other_host(ike_sa); handler = NM_STRONGSWAN_PLUGIN_GET_PRIVATE(plugin)->handler; - + /* NM requires a tundev, but netkey does not use one. Passing an invalid * iface makes NM complain, but it accepts it without fiddling on eth0. */ val = g_slice_new0 (GValue); g_value_init (val, G_TYPE_STRING); g_value_set_string (val, "none"); g_hash_table_insert (config, NM_VPN_PLUGIN_IP4_CONFIG_TUNDEV, val); - + val = g_slice_new0(GValue); g_value_init(val, G_TYPE_UINT); g_value_set_uint(val, *(u_int32_t*)me->get_address(me).ptr); g_hash_table_insert(config, NM_VPN_PLUGIN_IP4_CONFIG_ADDRESS, val); - + val = g_slice_new0(GValue); g_value_init(val, G_TYPE_UINT); g_value_set_uint(val, me->get_address(me).len * 8); g_hash_table_insert(config, NM_VPN_PLUGIN_IP4_CONFIG_PREFIX, val); - + val = handler_to_val(handler, INTERNAL_IP4_DNS); g_hash_table_insert(config, NM_VPN_PLUGIN_IP4_CONFIG_DNS, val); - + val = handler_to_val(handler, INTERNAL_IP4_NBNS); g_hash_table_insert(config, NM_VPN_PLUGIN_IP4_CONFIG_NBNS, val); - + handler->reset(handler); - + nm_vpn_plugin_set_ip4_config(plugin, config); } @@ -124,11 +124,11 @@ static void signal_ipv4_config(NMVPNPlugin *plugin, static void signal_failure(NMVPNPlugin *plugin, NMVPNPluginFailure failure) { nm_handler_t *handler = NM_STRONGSWAN_PLUGIN_GET_PRIVATE(plugin)->handler; - + handler->reset(handler); - + /* TODO: NM does not handle this failure!? */ - nm_vpn_plugin_failure(plugin, failure); + nm_vpn_plugin_failure(plugin, failure); nm_vpn_plugin_set_state(plugin, NM_VPN_SERVICE_STATE_STOPPED); } @@ -139,7 +139,7 @@ static bool ike_state_change(listener_t *listener, ike_sa_t *ike_sa, ike_sa_state_t state) { NMStrongswanPluginPrivate *private = (NMStrongswanPluginPrivate*)listener; - + if (private->ike_sa == ike_sa && state == IKE_DESTROYING) { signal_failure(private->plugin, NM_VPN_PLUGIN_FAILURE_LOGIN_FAILED); @@ -155,7 +155,7 @@ static bool child_state_change(listener_t *listener, ike_sa_t *ike_sa, child_sa_t *child_sa, child_sa_state_t state) { NMStrongswanPluginPrivate *private = (NMStrongswanPluginPrivate*)listener; - + if (private->ike_sa == ike_sa && state == CHILD_DESTROYING) { signal_failure(private->plugin, NM_VPN_PLUGIN_FAILURE_CONNECT_FAILED); @@ -171,7 +171,7 @@ static bool child_updown(listener_t *listener, ike_sa_t *ike_sa, child_sa_t *child_sa, bool up) { NMStrongswanPluginPrivate *private = (NMStrongswanPluginPrivate*)listener; - + if (private->ike_sa == ike_sa) { if (up) @@ -195,7 +195,7 @@ static bool child_updown(listener_t *listener, ike_sa_t *ike_sa, static bool ike_rekey(listener_t *listener, ike_sa_t *old, ike_sa_t *new) { NMStrongswanPluginPrivate *private = (NMStrongswanPluginPrivate*)listener; - + if (private->ike_sa == old) { /* follow a rekeyed IKE_SA */ private->ike_sa = new; @@ -232,7 +232,7 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection, .jitter = 300 /* 5min */ } }; - + /** * Read parameters */ @@ -280,12 +280,12 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection, auth_class = AUTH_CLASS_PUBKEY; } } - + /** * Register credentials */ priv->creds->clear(priv->creds); - + /* gateway/CA cert */ str = nm_setting_vpn_get_data_item(vpn, "certificate"); if (str) @@ -315,7 +315,7 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection, gateway = gateway->clone(gateway); DBG1(DBG_CFG, "using gateway certificate, identity '%Y'", gateway); } - + if (auth_class == AUTH_CLASS_EAP) { /* username/password authentication ... */ @@ -327,7 +327,7 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection, priv->creds->set_username_password(priv->creds, user, (char*)str); } } - + if (auth_class == AUTH_CLASS_PUBKEY) { /* ... or certificate/private key authenitcation */ @@ -336,7 +336,7 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection, { public_key_t *public; private_key_t *private = NULL; - + cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509, BUILD_FROM_FILE, str, BUILD_END); if (!cert) @@ -347,7 +347,7 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection, gateway->destroy(gateway); return FALSE; } - /* try agent */ + /* try agent */ str = nm_setting_vpn_get_secret(vpn, "agent"); if (agent && str) { @@ -368,12 +368,12 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection, "Connecting to SSH agent failed."); } } - /* ... or key file */ + /* ... or key file */ str = nm_setting_vpn_get_data_item(vpn, "userkey"); if (!agent && str) { chunk_t secret; - + secret.ptr = (char*)nm_setting_vpn_get_secret(vpn, "password"); if (secret.ptr) { @@ -403,7 +403,7 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection, } } } - + if (!user) { g_set_error(err, NM_VPN_PLUGIN_ERROR, NM_VPN_PLUGIN_ERROR_BAD_ARGUMENTS, @@ -411,7 +411,7 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection, gateway->destroy(gateway); return FALSE; } - + /** * Set up configurations */ @@ -432,7 +432,7 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection, auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PUBKEY); auth->add(auth, AUTH_RULE_IDENTITY, gateway); peer_cfg->add_auth_cfg(peer_cfg, auth, FALSE); - + child_cfg = child_cfg_create(priv->name, &lifetime, NULL, TRUE, MODE_TUNNEL, /* updown, hostaccess */ ACTION_NONE, ACTION_NONE, ipcomp); @@ -444,7 +444,7 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection, "255.255.255.255", 65535); child_cfg->add_traffic_selector(child_cfg, FALSE, ts); peer_cfg->add_child_cfg(peer_cfg, child_cfg); - + /** * Prepare IKE_SA */ @@ -458,7 +458,7 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection, { peer_cfg->destroy(peer_cfg); } - + /** * Register listener, enable initiate-failure-detection hooks */ @@ -466,7 +466,7 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection, priv->listener.ike_state_change = ike_state_change; priv->listener.child_state_change = child_state_change; charon->bus->add_listener(charon->bus, &priv->listener); - + /** * Initiate */ @@ -474,7 +474,7 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection, { charon->bus->remove_listener(charon->bus, &priv->listener); charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager, ike_sa); - + g_set_error(err, NM_VPN_PLUGIN_ERROR, NM_VPN_PLUGIN_ERROR_LAUNCH_FAILED, "Initiating failed."); return FALSE; @@ -484,14 +484,14 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection, } /** - * NeedSecrets called from NM via DBUS + * NeedSecrets called from NM via DBUS */ static gboolean need_secrets(NMVPNPlugin *plugin, NMConnection *connection, char **setting_name, GError **error) { NMSettingVPN *settings; const char *method, *path; - + settings = NM_SETTING_VPN(nm_connection_get_setting(connection, NM_TYPE_SETTING_VPN)); method = nm_setting_vpn_get_data_item(settings, "method"); @@ -518,7 +518,7 @@ static gboolean need_secrets(NMVPNPlugin *plugin, NMConnection *connection, { private_key_t *key; chunk_t secret; - + secret.ptr = (char*)nm_setting_vpn_get_secret(settings, "password"); if (secret.ptr) { @@ -541,7 +541,7 @@ static gboolean need_secrets(NMVPNPlugin *plugin, NMConnection *connection, } /** - * Disconnect called from NM via DBUS + * Disconnect called from NM via DBUS */ static gboolean disconnect(NMVPNPlugin *plugin, GError **err) { @@ -549,7 +549,7 @@ static gboolean disconnect(NMVPNPlugin *plugin, GError **err) enumerator_t *enumerator; ike_sa_t *ike_sa; u_int id; - + /* our ike_sa pointer might be invalid, lookup sa */ enumerator = charon->controller->create_ike_sa_enumerator(charon->controller); while (enumerator->enumerate(enumerator, &ike_sa)) @@ -564,7 +564,7 @@ static gboolean disconnect(NMVPNPlugin *plugin, GError **err) } } enumerator->destroy(enumerator); - + g_set_error(err, NM_VPN_PLUGIN_ERROR, NM_VPN_PLUGIN_ERROR_GENERAL, "Connection not found."); return FALSE; @@ -576,7 +576,7 @@ static gboolean disconnect(NMVPNPlugin *plugin, GError **err) static void nm_strongswan_plugin_init(NMStrongswanPlugin *plugin) { NMStrongswanPluginPrivate *priv; - + priv = NM_STRONGSWAN_PLUGIN_GET_PRIVATE(plugin); priv->plugin = NM_VPN_PLUGIN(plugin); memset(&priv->listener.log, 0, sizeof(listener_t)); @@ -591,7 +591,7 @@ static void nm_strongswan_plugin_class_init( NMStrongswanPluginClass *strongswan_class) { NMVPNPluginClass *parent_class = NM_VPN_PLUGIN_CLASS(strongswan_class); - + g_type_class_add_private(G_OBJECT_CLASS(strongswan_class), sizeof(NMStrongswanPluginPrivate)); parent_class->connect = connect_; @@ -612,7 +612,7 @@ NMStrongswanPlugin *nm_strongswan_plugin_new(nm_creds_t *creds, if (plugin) { NMStrongswanPluginPrivate *priv; - + priv = NM_STRONGSWAN_PLUGIN_GET_PRIVATE(plugin); priv->creds = creds; priv->handler = handler; diff --git a/src/charon/plugins/resolv_conf/resolv_conf_handler.c b/src/charon/plugins/resolv_conf/resolv_conf_handler.c index 749cfbc5b..47e04416c 100644 --- a/src/charon/plugins/resolv_conf/resolv_conf_handler.c +++ b/src/charon/plugins/resolv_conf/resolv_conf_handler.c @@ -26,17 +26,17 @@ typedef struct private_resolv_conf_handler_t private_resolv_conf_handler_t; * Private data of an resolv_conf_handler_t object. */ struct private_resolv_conf_handler_t { - + /** * Public resolv_conf_handler_t interface. */ resolv_conf_handler_t public; - + /** * resolv.conf file to use */ char *file; - + /** * Mutex to access file exclusively */ @@ -55,7 +55,7 @@ static bool handle(private_resolv_conf_handler_t *this, ike_sa_t *ike_sa, int family; size_t len; bool handled = FALSE; - + switch (type) { case INTERNAL_IP4_DNS: @@ -67,9 +67,9 @@ static bool handle(private_resolv_conf_handler_t *this, ike_sa_t *ike_sa, default: return FALSE; } - + this->mutex->lock(this->mutex); - + in = fopen(this->file, "r"); /* allows us to stream from in to out */ unlink(this->file); @@ -82,7 +82,7 @@ static bool handle(private_resolv_conf_handler_t *this, ike_sa_t *ike_sa, DBG1(DBG_IKE, "installing DNS server %H to %s", addr, this->file); addr->destroy(addr); handled = TRUE; - + /* copy rest of the file */ if (in) { @@ -94,7 +94,7 @@ static bool handle(private_resolv_conf_handler_t *this, ike_sa_t *ike_sa, } fclose(out); } - + if (!handled) { DBG1(DBG_IKE, "adding DNS server failed", this->file); @@ -113,7 +113,7 @@ static void release(private_resolv_conf_handler_t *this, ike_sa_t *ike_sa, char line[1024], matcher[512], *pos; host_t *addr; int family; - + switch (type) { case INTERNAL_IP4_DNS: @@ -125,9 +125,9 @@ static void release(private_resolv_conf_handler_t *this, ike_sa_t *ike_sa, default: return; } - + this->mutex->lock(this->mutex); - + in = fopen(this->file, "r"); if (in) { @@ -140,7 +140,7 @@ static void release(private_resolv_conf_handler_t *this, ike_sa_t *ike_sa, snprintf(matcher, sizeof(matcher), "nameserver %H # by strongSwan, from %Y\n", addr, ike_sa->get_other_id(ike_sa)); - + /* copy all, but matching line */ while ((pos = fgets(line, sizeof(line), in))) { @@ -159,7 +159,7 @@ static void release(private_resolv_conf_handler_t *this, ike_sa_t *ike_sa, } fclose(in); } - + this->mutex->unlock(this->mutex); } @@ -178,15 +178,15 @@ static void destroy(private_resolv_conf_handler_t *this) resolv_conf_handler_t *resolv_conf_handler_create() { private_resolv_conf_handler_t *this = malloc_thing(private_resolv_conf_handler_t); - + this->public.handler.handle = (bool(*)(attribute_handler_t*, ike_sa_t*, configuration_attribute_type_t, chunk_t))handle; this->public.handler.release = (void(*)(attribute_handler_t*, ike_sa_t*, configuration_attribute_type_t, chunk_t))release; this->public.destroy = (void(*)(resolv_conf_handler_t*))destroy; - + this->mutex = mutex_create(MUTEX_TYPE_DEFAULT); this->file = lib->settings->get_str(lib->settings, "charon.plugins.resolv-conf.file", RESOLV_CONF); - + return &this->public; } diff --git a/src/charon/plugins/resolv_conf/resolv_conf_handler.h b/src/charon/plugins/resolv_conf/resolv_conf_handler.h index 2635bb802..5aa17cada 100644 --- a/src/charon/plugins/resolv_conf/resolv_conf_handler.h +++ b/src/charon/plugins/resolv_conf/resolv_conf_handler.h @@ -29,12 +29,12 @@ typedef struct resolv_conf_handler_t resolv_conf_handler_t; * Handle DNS configuration attributes by mangling a resolv.conf file. */ struct resolv_conf_handler_t { - + /** * Implements the attribute_handler_t interface */ attribute_handler_t handler; - + /** * Destroy a resolv_conf_handler_t. */ diff --git a/src/charon/plugins/resolv_conf/resolv_conf_plugin.c b/src/charon/plugins/resolv_conf/resolv_conf_plugin.c index ff9d96eb3..418820115 100644 --- a/src/charon/plugins/resolv_conf/resolv_conf_plugin.c +++ b/src/charon/plugins/resolv_conf/resolv_conf_plugin.c @@ -29,7 +29,7 @@ struct private_resolv_conf_plugin_t { * implements plugin interface */ resolv_conf_plugin_t public; - + /** * The registerd DNS attribute handler */ @@ -53,12 +53,12 @@ static void destroy(private_resolv_conf_plugin_t *this) plugin_t *plugin_create() { private_resolv_conf_plugin_t *this = malloc_thing(private_resolv_conf_plugin_t); - + this->public.plugin.destroy = (void(*)(plugin_t*))destroy; - + this->handler = resolv_conf_handler_create(); charon->attributes->add_handler(charon->attributes, &this->handler->handler); - + return &this->public.plugin; } diff --git a/src/charon/plugins/resolv_conf/resolv_conf_plugin.h b/src/charon/plugins/resolv_conf/resolv_conf_plugin.h index f5943d9a3..7cbeab86c 100644 --- a/src/charon/plugins/resolv_conf/resolv_conf_plugin.h +++ b/src/charon/plugins/resolv_conf/resolv_conf_plugin.h @@ -32,7 +32,7 @@ typedef struct resolv_conf_plugin_t resolv_conf_plugin_t; * Plugin that writes received DNS servers in a resolv.conf file. */ struct resolv_conf_plugin_t { - + /** * implements plugin interface */ diff --git a/src/charon/plugins/smp/smp.c b/src/charon/plugins/smp/smp.c index 562add06d..8a4c27ce0 100644 --- a/src/charon/plugins/smp/smp.c +++ b/src/charon/plugins/smp/smp.c @@ -44,12 +44,12 @@ struct private_smp_t { * Public part of smp_t object. */ smp_t public; - + /** * XML unix socket fd */ int socket; - + /** * job accepting stroke messages */ @@ -146,7 +146,7 @@ static void write_networks(xmlTextWriterPtr writer, char *element, { enumerator_t *enumerator; traffic_selector_t *ts; - + xmlTextWriterStartElement(writer, element); enumerator = list->create_enumerator(list); while (enumerator->enumerate(enumerator, (void**)&ts)) @@ -167,26 +167,26 @@ static void write_networks(xmlTextWriterPtr writer, char *element, static void write_childend(xmlTextWriterPtr writer, child_sa_t *child, bool local) { linked_list_t *list; - - xmlTextWriterWriteFormatElement(writer, "spi", "%lx", + + xmlTextWriterWriteFormatElement(writer, "spi", "%lx", htonl(child->get_spi(child, local))); list = child->get_traffic_selectors(child, local); write_networks(writer, "networks", list); } /** - * write a child_sa_t + * write a child_sa_t */ static void write_child(xmlTextWriterPtr writer, child_sa_t *child) { child_cfg_t *config; - + config = child->get_config(child); xmlTextWriterStartElement(writer, "childsa"); xmlTextWriterWriteFormatElement(writer, "reqid", "%d", child->get_reqid(child)); - xmlTextWriterWriteFormatElement(writer, "childconfig", "%s", + xmlTextWriterWriteFormatElement(writer, "childconfig", "%s", config->get_name(config)); xmlTextWriterStartElement(writer, "local"); write_childend(writer, child, TRUE); @@ -207,7 +207,7 @@ static void request_query_ikesa(xmlTextReaderPtr reader, xmlTextWriterPtr writer /* */ xmlTextWriterStartElement(writer, "ikesalist"); - + enumerator = charon->controller->create_ike_sa_enumerator(charon->controller); while (enumerator->enumerate(enumerator, &ike_sa)) { @@ -215,18 +215,18 @@ static void request_query_ikesa(xmlTextReaderPtr reader, xmlTextWriterPtr writer host_t *local, *remote; iterator_t *children; child_sa_t *child_sa; - + id = ike_sa->get_id(ike_sa); - + xmlTextWriterStartElement(writer, "ikesa"); xmlTextWriterWriteFormatElement(writer, "id", "%d", ike_sa->get_unique_id(ike_sa)); - xmlTextWriterWriteFormatElement(writer, "status", "%N", + xmlTextWriterWriteFormatElement(writer, "status", "%N", ike_sa_state_lower_names, ike_sa->get_state(ike_sa)); xmlTextWriterWriteElement(writer, "role", id->is_initiator(id) ? "initiator" : "responder"); xmlTextWriterWriteElement(writer, "peerconfig", ike_sa->get_name(ike_sa)); - + /* */ local = ike_sa->get_my_host(ike_sa); xmlTextWriterStartElement(writer, "local"); @@ -243,7 +243,7 @@ static void request_query_ikesa(xmlTextReaderPtr reader, xmlTextWriterPtr writer } xmlTextWriterEndElement(writer); /* */ - + /* */ remote = ike_sa->get_other_host(ike_sa); xmlTextWriterStartElement(writer, "remote"); @@ -259,8 +259,8 @@ static void request_query_ikesa(xmlTextReaderPtr reader, xmlTextWriterPtr writer write_bool(writer, "nat", ike_sa->has_condition(ike_sa, COND_NAT_THERE)); } xmlTextWriterEndElement(writer); - /* */ - + /* */ + /* */ xmlTextWriterStartElement(writer, "childsalist"); children = ike_sa->create_child_sa_iterator(ike_sa); @@ -270,13 +270,13 @@ static void request_query_ikesa(xmlTextReaderPtr reader, xmlTextWriterPtr writer } children->destroy(children); /* */ - xmlTextWriterEndElement(writer); - + xmlTextWriterEndElement(writer); + /* */ xmlTextWriterEndElement(writer); } enumerator->destroy(enumerator); - + /* */ xmlTextWriterEndElement(writer); } @@ -291,7 +291,7 @@ static void request_query_config(xmlTextReaderPtr reader, xmlTextWriterPtr write /* */ xmlTextWriterStartElement(writer, "configlist"); - + enumerator = charon->backends->create_peer_cfg_enumerator(charon->backends, NULL, NULL, NULL, NULL); while (enumerator->enumerate(enumerator, &peer_cfg)) @@ -300,18 +300,18 @@ static void request_query_config(xmlTextReaderPtr reader, xmlTextWriterPtr write child_cfg_t *child_cfg; ike_cfg_t *ike_cfg; linked_list_t *list; - + if (peer_cfg->get_ike_version(peer_cfg) != 2) { /* only IKEv2 connections yet */ continue; } - + /* */ xmlTextWriterStartElement(writer, "peerconfig"); xmlTextWriterWriteElement(writer, "name", peer_cfg->get_name(peer_cfg)); - + /* TODO: write auth_cfgs */ - + /* */ ike_cfg = peer_cfg->get_ike_cfg(peer_cfg); xmlTextWriterStartElement(writer, "ikeconfig"); @@ -319,14 +319,14 @@ static void request_query_config(xmlTextReaderPtr reader, xmlTextWriterPtr write xmlTextWriterWriteElement(writer, "remote", ike_cfg->get_other_addr(ike_cfg)); xmlTextWriterEndElement(writer); /* */ - + /* */ xmlTextWriterStartElement(writer, "childconfiglist"); children = peer_cfg->create_child_cfg_enumerator(peer_cfg); while (children->enumerate(children, &child_cfg)) { /* */ - xmlTextWriterStartElement(writer, "childconfig"); + xmlTextWriterStartElement(writer, "childconfig"); xmlTextWriterWriteElement(writer, "name", child_cfg->get_name(child_cfg)); list = child_cfg->get_traffic_selectors(child_cfg, TRUE, NULL, NULL); @@ -334,7 +334,7 @@ static void request_query_config(xmlTextReaderPtr reader, xmlTextWriterPtr write list->destroy_offset(list, offsetof(traffic_selector_t, destroy)); list = child_cfg->get_traffic_selectors(child_cfg, FALSE, NULL, NULL); write_networks(writer, "remote", list); - list->destroy_offset(list, offsetof(traffic_selector_t, destroy)); + list->destroy_offset(list, offsetof(traffic_selector_t, destroy)); xmlTextWriterEndElement(writer); /* */ } @@ -342,7 +342,7 @@ static void request_query_config(xmlTextReaderPtr reader, xmlTextWriterPtr write /* */ xmlTextWriterEndElement(writer); /* */ - xmlTextWriterEndElement(writer); + xmlTextWriterEndElement(writer); } enumerator->destroy(enumerator); /* */ @@ -381,7 +381,7 @@ static void request_control_terminate(xmlTextReaderPtr reader, const char *str; u_int32_t id; status_t status; - + str = xmlTextReaderConstValue(reader); if (str == NULL) { @@ -393,7 +393,7 @@ static void request_control_terminate(xmlTextReaderPtr reader, { enumerator_t *enumerator; ike_sa_t *ike_sa; - + enumerator = charon->controller->create_ike_sa_enumerator(charon->controller); while (enumerator->enumerate(enumerator, &ike_sa)) { @@ -411,21 +411,21 @@ static void request_control_terminate(xmlTextReaderPtr reader, DBG1(DBG_CFG, "error parsing XML id string"); return; } - + DBG1(DBG_CFG, "terminating %s_SA %d", ike ? "IKE" : "CHILD", id); - + /* */ xmlTextWriterStartElement(writer, "log"); if (ike) { status = charon->controller->terminate_ike( - charon->controller, id, + charon->controller, id, (controller_cb_t)xml_callback, writer); } else { status = charon->controller->terminate_child( - charon->controller, id, + charon->controller, id, (controller_cb_t)xml_callback, writer); } /* */ @@ -448,7 +448,7 @@ static void request_control_initiate(xmlTextReaderPtr reader, peer_cfg_t *peer; child_cfg_t *child = NULL; enumerator_t *enumerator; - + str = xmlTextReaderConstValue(reader); if (str == NULL) { @@ -456,7 +456,7 @@ static void request_control_initiate(xmlTextReaderPtr reader, return; } DBG1(DBG_CFG, "initiating %s_SA %s", ike ? "IKE" : "CHILD", str); - + /* */ xmlTextWriterStartElement(writer, "log"); peer = charon->backends->get_peer_cfg_by_name(charon->backends, (char*)str); @@ -571,7 +571,7 @@ static void request_control(xmlTextReaderPtr reader, xmlTextWriterPtr writer) static void request(xmlTextReaderPtr reader, char *id, int fd) { xmlTextWriterPtr writer; - + writer = xmlNewTextWriter(xmlOutputBufferCreateFd(fd, NULL)); if (writer == NULL) { @@ -627,7 +627,7 @@ static job_requeue_t process(int *fdp) size_t len; xmlTextReaderPtr reader; char *id = NULL, *type = NULL; - + pthread_cleanup_push((void*)closefdp, (void*)&fd); pthread_setcancelstate(PTHREAD_CANCEL_ENABLE, &oldstate); len = read(fd, buffer, sizeof(buffer)); @@ -640,14 +640,14 @@ static job_requeue_t process(int *fdp) return JOB_REQUEUE_NONE; } DBG3(DBG_CFG, "got XML request: %b", buffer, len); - + reader = xmlReaderForMemory(buffer, len, NULL, NULL, 0); if (reader == NULL) { DBG1(DBG_CFG, "opening SMP XML reader failed"); return JOB_REQUEUE_FAIR;; } - + /* read message type and id */ while (xmlTextReaderRead(reader)) { @@ -659,7 +659,7 @@ static job_requeue_t process(int *fdp) break; } } - + /* process message */ if (id && type) { @@ -684,24 +684,24 @@ static job_requeue_t dispatch(private_smp_t *this) struct sockaddr_un strokeaddr; int oldstate, fd, *fdp, strokeaddrlen = sizeof(strokeaddr); callback_job_t *job; - + /* wait for connections, but allow thread to terminate */ pthread_setcancelstate(PTHREAD_CANCEL_ENABLE, &oldstate); fd = accept(this->socket, (struct sockaddr *)&strokeaddr, &strokeaddrlen); pthread_setcancelstate(oldstate, NULL); - + if (fd < 0) { DBG1(DBG_CFG, "accepting SMP XML socket failed: %s", strerror(errno)); sleep(1); return JOB_REQUEUE_FAIR;; } - + fdp = malloc_thing(int); *fdp = fd; job = callback_job_create((callback_job_cb_t)process, fdp, free, this->job); charon->processor->queue_job(charon->processor, (job_t*)job); - + return JOB_REQUEUE_DIRECT; } @@ -725,7 +725,7 @@ plugin_t *plugin_create() mode_t old; this->public.plugin.destroy = (void (*)(plugin_t*))destroy; - + /* set up unix socket */ this->socket = socket(AF_UNIX, SOCK_STREAM, 0); if (this->socket == -1) @@ -734,7 +734,7 @@ plugin_t *plugin_create() free(this); return NULL; } - + unlink(unix_addr.sun_path); old = umask(~(S_IRWXU | S_IRWXG)); if (bind(this->socket, (struct sockaddr *)&unix_addr, sizeof(unix_addr)) < 0) @@ -749,7 +749,7 @@ plugin_t *plugin_create() { DBG1(DBG_CFG, "changing XML socket permissions failed: %s", strerror(errno)); } - + if (listen(this->socket, 5) < 0) { DBG1(DBG_CFG, "could not listen on XML socket: %s", strerror(errno)); @@ -760,7 +760,7 @@ plugin_t *plugin_create() this->job = callback_job_create((callback_job_cb_t)dispatch, this, NULL, NULL); charon->processor->queue_job(charon->processor, (job_t*)this->job); - + return &this->public.plugin; } diff --git a/src/charon/plugins/sql/pool.c b/src/charon/plugins/sql/pool.c index ef119c966..c029dea24 100644 --- a/src/charon/plugins/sql/pool.c +++ b/src/charon/plugins/sql/pool.c @@ -43,7 +43,7 @@ static u_int get_pool_size(chunk_t start, chunk_t end) if (start.len < sizeof(u_int) || end.len < sizeof(u_int)) { - return 0; + return 0; } start_ptr = (u_int*)(start.ptr + start.len - sizeof(u_int)); end_ptr = (u_int*)(end.ptr + end.len - sizeof(u_int)); @@ -103,7 +103,7 @@ static void status(void) { enumerator_t *pool, *lease; bool found = FALSE; - + pool = db->query(db, "SELECT id, name, start, end, timeout FROM pools", DB_INT, DB_TEXT, DB_BLOB, DB_BLOB, DB_UINT); if (pool) @@ -112,7 +112,7 @@ static void status(void) chunk_t start_chunk, end_chunk; host_t *start, *end; u_int id, timeout, online = 0, used = 0, size = 0; - + while (pool->enumerate(pool, &id, &name, &start_chunk, &end_chunk, &timeout)) { @@ -122,7 +122,7 @@ static void status(void) "end", "timeout", "size", "online", "usage"); found = TRUE; } - + start = host_create_from_chunk(AF_UNSPEC, start_chunk, 0); end = host_create_from_chunk(AF_UNSPEC, end_chunk, 0); size = get_pool_size(start_chunk, end_chunk); @@ -159,7 +159,7 @@ static void status(void) lease->destroy(lease); } printf("%5d (%2d%%) ", used, used*100/size); - + printf("\n"); DESTROY_IF(start); DESTROY_IF(end); @@ -180,7 +180,7 @@ static void add(char *name, host_t *start, host_t *end, int timeout) { chunk_t start_addr, end_addr, cur_addr; u_int id, count; - + start_addr = start->get_address(start); end_addr = end->get_address(end); cur_addr = chunk_clonea(start_addr); @@ -224,7 +224,7 @@ static void add(char *name, host_t *start, host_t *end, int timeout) db->execute(db, NULL, "END TRANSACTION"); } printf("done.\n", count); - + exit(0); } @@ -236,7 +236,7 @@ static void del(char *name) enumerator_t *query; u_int id; bool found = FALSE; - + query = db->query(db, "SELECT id FROM pools WHERE name = ?", DB_TEXT, name, DB_UINT); if (!query) @@ -277,9 +277,9 @@ static void resize(char *name, host_t *end) enumerator_t *query; chunk_t old_addr, new_addr, cur_addr; u_int id, count; - + new_addr = end->get_address(end); - + query = db->query(db, "SELECT id, end FROM pools WHERE name = ?", DB_TEXT, name, DB_UINT, DB_BLOB); if (!query || !query->enumerate(query, &id, &old_addr)) @@ -306,7 +306,7 @@ static void resize(char *name, host_t *end) fprintf(stderr, "pool '%s' not found.\n", name); exit(-1); } - + printf("allocating %d new addresses... ", count); fflush(stdout); if (db->get_driver(db) == DB_SQLITE) @@ -326,7 +326,7 @@ static void resize(char *name, host_t *end) db->execute(db, NULL, "END TRANSACTION"); } printf("done.\n", count); - + exit(0); } @@ -356,7 +356,7 @@ static enumerator_t *create_lease_query(char *filter) [FIL_STATE] = "status", NULL }; - + /* if the filter string contains a distinguished name as a ID, we replace * ", " by "/ " in order to not confuse the getsubopt parser */ pos = filter; @@ -368,7 +368,7 @@ static enumerator_t *create_lease_query(char *filter) } pos++; } - + while (filter && *filter != '\0') { switch (getsubopt(&filter, token, &value)) @@ -493,7 +493,7 @@ static void leases(char *filter, bool utc) host_t *address; identification_t *identity; bool found = FALSE; - + query = create_lease_query(filter); if (!query) { @@ -513,7 +513,7 @@ static void leases(char *filter, bool utc) } address = host_create_from_chunk(AF_UNSPEC, address_chunk, 0); identity = identification_create_from_encoding(identity_type, identity_chunk); - + printf("%-8s %-15H ", name, address); if (released == 0) { @@ -531,7 +531,7 @@ static void leases(char *filter, bool utc) { printf("%-7s ", "expired"); } - + printf(" %T ", &acquired, utc); if (released) { @@ -564,7 +564,7 @@ static void leases(char *filter, bool utc) static void purge(char *name) { int purged = 0; - + purged = db->execute(db, NULL, "DELETE FROM leases WHERE address IN (" " SELECT id FROM addresses WHERE pool IN (" @@ -595,7 +595,7 @@ static void cleanup(void) static void dbg_stderr(int level, char *fmt, ...) { va_list args; - + if (level <= 1) { va_start(args, fmt); @@ -639,7 +639,7 @@ int main(int argc, char *argv[]) { exit(SS_RC_INITIALIZATION_FAILED); } - + uri = lib->settings->get_str(lib->settings, "charon.plugins.sql.database", NULL); if (!uri) { @@ -653,14 +653,14 @@ int main(int argc, char *argv[]) exit(SS_RC_INITIALIZATION_FAILED); } atexit(cleanup); - + while (TRUE) { int c; - + struct option long_opts[] = { { "help", no_argument, NULL, 'h' }, - + { "utc", no_argument, NULL, 'u' }, { "status", no_argument, NULL, 'w' }, { "add", required_argument, NULL, 'a' }, @@ -668,14 +668,14 @@ int main(int argc, char *argv[]) { "resize", required_argument, NULL, 'r' }, { "leases", no_argument, NULL, 'l' }, { "purge", required_argument, NULL, 'p' }, - + { "start", required_argument, NULL, 's' }, { "end", required_argument, NULL, 'e' }, { "timeout", required_argument, NULL, 't' }, { "filter", required_argument, NULL, 'f' }, { 0,0,0,0 } }; - + c = getopt_long(argc, argv, "", long_opts, NULL); switch (c) { @@ -744,7 +744,7 @@ int main(int argc, char *argv[]) } break; } - + switch (operation) { case OP_USAGE: diff --git a/src/charon/plugins/sql/sql_attribute.c b/src/charon/plugins/sql/sql_attribute.c index 77601e612..9045f7739 100644 --- a/src/charon/plugins/sql/sql_attribute.c +++ b/src/charon/plugins/sql/sql_attribute.c @@ -30,12 +30,12 @@ struct private_sql_attribute_t { * public functions */ sql_attribute_t public; - + /** * database connection */ database_t *db; - + /** * wheter to record lease history in lease table */ @@ -49,13 +49,13 @@ static u_int get_identity(private_sql_attribute_t *this, identification_t *id) { enumerator_t *e; u_int row; - + /* look for peer identity in the identities table */ e = this->db->query(this->db, "SELECT id FROM identities WHERE type = ? AND data = ?", DB_INT, id->get_type(id), DB_BLOB, id->get_encoding(id), DB_UINT); - + if (e && e->enumerate(e, &row)) { e->destroy(e); @@ -111,7 +111,7 @@ static host_t* check_lease(private_sql_attribute_t *this, char *name, if (!e || !e->enumerate(e, &id, &address)) { DESTROY_IF(e); - break; + break; } address = chunk_clonea(address); e->destroy(e); @@ -172,11 +172,11 @@ static host_t* get_lease(private_sql_attribute_t *this, char *name, if (!e || !e->enumerate(e, &id, &address)) { DESTROY_IF(e); - break; + break; } address = chunk_clonea(address); e->destroy(e); - + if (timeout) { hits = this->db->execute(this->db, NULL, @@ -290,12 +290,12 @@ static bool release_address(private_sql_attribute_t *this, enumerator_t *enumerator; bool found = FALSE; time_t now = time(NULL); - + enumerator = enumerator_create_token(name, ",", " "); while (enumerator->enumerate(enumerator, &name)) { u_int pool, timeout; - + pool = get_pool(this, name, &timeout); if (pool) { @@ -337,16 +337,16 @@ sql_attribute_t *sql_attribute_create(database_t *db) { private_sql_attribute_t *this = malloc_thing(private_sql_attribute_t); time_t now = time(NULL); - + this->public.provider.acquire_address = (host_t*(*)(attribute_provider_t *this, char*, identification_t *, host_t *))acquire_address; this->public.provider.release_address = (bool(*)(attribute_provider_t *this, char*,host_t *, identification_t*))release_address; this->public.provider.create_attribute_enumerator = (enumerator_t*(*)(attribute_provider_t*, identification_t *id))enumerator_create_empty; this->public.destroy = (void(*)(sql_attribute_t*))destroy; - + this->db = db; this->history = lib->settings->get_bool(lib->settings, "charon.plugins.sql.lease_history", TRUE); - + /* close any "online" leases in the case we crashed */ if (this->history) { diff --git a/src/charon/plugins/sql/sql_attribute.h b/src/charon/plugins/sql/sql_attribute.h index 23700dea9..6d4958d32 100644 --- a/src/charon/plugins/sql/sql_attribute.h +++ b/src/charon/plugins/sql/sql_attribute.h @@ -34,7 +34,7 @@ struct sql_attribute_t { * Implements attribute provider interface */ attribute_provider_t provider; - + /** * Destroy a sql_attribute instance. */ diff --git a/src/charon/plugins/sql/sql_config.c b/src/charon/plugins/sql/sql_config.c index 67b5c3b64..7c76c572d 100644 --- a/src/charon/plugins/sql/sql_config.c +++ b/src/charon/plugins/sql/sql_config.c @@ -30,7 +30,7 @@ struct private_sql_config_t { * Public part */ sql_config_t public; - + /** * database connection */ @@ -58,7 +58,7 @@ static traffic_selector_t *build_traffic_selector(private_sql_config_t *this, TS_LOCAL_DYNAMIC = 2, TS_REMOTE_DYNAMIC = 3, } kind; - + while (e->enumerate(e, &kind, &type, &protocol, &start_addr, &end_addr, &start_port, &end_port)) { @@ -99,7 +99,7 @@ static void add_traffic_selectors(private_sql_config_t *this, enumerator_t *e; traffic_selector_t *ts; bool local; - + e = this->db->query(this->db, "SELECT kind, type, protocol, " "start_addr, end_addr, start_port, end_port " @@ -126,8 +126,8 @@ static child_cfg_t *build_child_cfg(private_sql_config_t *this, enumerator_t *e) int id, lifetime, rekeytime, jitter, hostaccess, mode, dpd, close, ipcomp; char *name, *updown; child_cfg_t *child_cfg; - - if (e->enumerate(e, &id, &name, &lifetime, &rekeytime, &jitter, + + if (e->enumerate(e, &id, &name, &lifetime, &rekeytime, &jitter, &updown, &hostaccess, &mode, &dpd, &close, &ipcomp)) { lifetime_cfg_t lft = { @@ -150,7 +150,7 @@ static void add_child_cfgs(private_sql_config_t *this, peer_cfg_t *peer, int id) { enumerator_t *e; child_cfg_t *child_cfg; - + e = this->db->query(this->db, "SELECT id, name, lifetime, rekeytime, jitter, " "updown, hostaccess, mode, dpd_action, close_action, ipcomp " @@ -177,11 +177,11 @@ static ike_cfg_t *build_ike_cfg(private_sql_config_t *this, enumerator_t *e, { int certreq, force_encap; char *local, *remote; - + while (e->enumerate(e, &certreq, &force_encap, &local, &remote)) { ike_cfg_t *ike_cfg; - + ike_cfg = ike_cfg_create(certreq, force_encap, local, remote); /* TODO: read proposal from db */ ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE)); @@ -197,7 +197,7 @@ static ike_cfg_t* get_ike_cfg_by_id(private_sql_config_t *this, int id) { enumerator_t *e; ike_cfg_t *ike_cfg = NULL; - + e = this->db->query(this->db, "SELECT certreq, force_encap, local, remote " "FROM ike_configs WHERE id = ?", @@ -218,7 +218,7 @@ static peer_cfg_t *get_peer_cfg_by_id(private_sql_config_t *this, int id) { enumerator_t *e; peer_cfg_t *peer_cfg = NULL; - + e = this->db->query(this->db, "SELECT c.id, name, ike_cfg, l.type, l.data, r.type, r.data, " "cert_policy, uniqueid, auth_method, eap_type, eap_vendor, " @@ -232,8 +232,8 @@ static peer_cfg_t *get_peer_cfg_by_id(private_sql_config_t *this, int id) "WHERE id = ?", DB_INT, id, DB_INT, DB_TEXT, DB_INT, DB_INT, DB_BLOB, DB_INT, DB_BLOB, - DB_INT, DB_INT, DB_INT, DB_INT, DB_INT, - DB_INT, DB_INT, DB_INT, DB_INT, DB_INT, DB_INT, + DB_INT, DB_INT, DB_INT, DB_INT, DB_INT, + DB_INT, DB_INT, DB_INT, DB_INT, DB_INT, DB_INT, DB_INT, DB_TEXT, DB_TEXT, DB_INT, DB_INT, DB_INT, DB_BLOB); if (e) @@ -256,11 +256,11 @@ static peer_cfg_t *build_peer_cfg(private_sql_config_t *this, enumerator_t *e, mediation, mediated_by, p_type; chunk_t l_data, r_data, p_data; char *name, *virtual, *pool; - + while (e->enumerate(e, &id, &name, &ike_cfg, &l_type, &l_data, &r_type, &r_data, &cert_policy, &uniqueid, &auth_method, &eap_type, &eap_vendor, - &keyingtries, &rekeytime, &reauthtime, &jitter, &overtime, &mobike, + &keyingtries, &rekeytime, &reauthtime, &jitter, &overtime, &mobike, &dpd_delay, &virtual, &pool, &mediation, &mediated_by, &p_type, &p_data)) { @@ -269,7 +269,7 @@ static peer_cfg_t *build_peer_cfg(private_sql_config_t *this, enumerator_t *e, ike_cfg_t *ike; host_t *vip = NULL; auth_cfg_t *auth; - + local_id = identification_create_from_encoding(l_type, l_data); remote_id = identification_create_from_encoding(r_type, r_data); if ((me && !me->matches(me, local_id)) || @@ -331,7 +331,7 @@ static peer_cfg_t *get_peer_cfg_by_name(private_sql_config_t *this, char *name) { enumerator_t *e; peer_cfg_t *peer_cfg = NULL; - + e = this->db->query(this->db, "SELECT c.id, name, ike_cfg, l.type, l.data, r.type, r.data, " "cert_policy, uniqueid, auth_method, eap_type, eap_vendor, " @@ -404,14 +404,14 @@ static enumerator_t* create_ike_cfg_enumerator(private_sql_config_t *this, host_t *me, host_t *other) { ike_enumerator_t *e = malloc_thing(ike_enumerator_t); - + e->this = this; e->me = me; e->other = other; e->current = NULL; e->public.enumerate = (void*)ike_enumerator_enumerate; e->public.destroy = (void*)ike_enumerator_destroy; - + e->inner = this->db->query(this->db, "SELECT certreq, force_encap, local, remote " "FROM ike_configs", @@ -473,7 +473,7 @@ static enumerator_t* create_peer_cfg_enumerator(private_sql_config_t *this, identification_t *other) { peer_enumerator_t *e = malloc_thing(peer_enumerator_t); - + e->this = this; e->me = me; e->other = other; @@ -526,9 +526,9 @@ sql_config_t *sql_config_create(database_t *db) this->public.backend.create_ike_cfg_enumerator = (enumerator_t*(*)(backend_t*, host_t *me, host_t *other))create_ike_cfg_enumerator; this->public.backend.get_peer_cfg_by_name = (peer_cfg_t* (*)(backend_t*,char*))get_peer_cfg_by_name; this->public.destroy = (void(*)(sql_config_t*))destroy; - + this->db = db; - + return &this->public; } diff --git a/src/charon/plugins/sql/sql_config.h b/src/charon/plugins/sql/sql_config.h index abc6ef382..700d00a97 100644 --- a/src/charon/plugins/sql/sql_config.h +++ b/src/charon/plugins/sql/sql_config.h @@ -35,11 +35,11 @@ struct sql_config_t { * Implements backend_t interface */ backend_t backend; - + /** * Destry the backend. */ - void (*destroy)(sql_config_t *this); + void (*destroy)(sql_config_t *this); }; /** diff --git a/src/charon/plugins/sql/sql_cred.c b/src/charon/plugins/sql/sql_cred.c index f8b7a35c1..12f4ab045 100644 --- a/src/charon/plugins/sql/sql_cred.c +++ b/src/charon/plugins/sql/sql_cred.c @@ -30,7 +30,7 @@ struct private_sql_cred_t { * Public part */ sql_cred_t public; - + /** * database connection */ @@ -92,7 +92,7 @@ static enumerator_t* create_private_enumerator(private_sql_cred_t *this, identification_t *id) { private_enumerator_t *e; - + e = malloc_thing(private_enumerator_t); e->current = NULL; e->public.enumerate = (void*)private_enumerator_enumerate; @@ -178,7 +178,7 @@ static enumerator_t* create_cert_enumerator(private_sql_cred_t *this, identification_t *id, bool trusted) { cert_enumerator_t *e; - + e = malloc_thing(cert_enumerator_t); e->current = NULL; e->public.enumerate = (void*)cert_enumerator_enumerate; @@ -275,11 +275,11 @@ static void shared_enumerator_destroy(shared_enumerator_t *this) * Implementation of credential_set_t.create_shared_enumerator. */ static enumerator_t* create_shared_enumerator(private_sql_cred_t *this, - shared_key_type_t type, + shared_key_type_t type, identification_t *me, identification_t *other) { shared_enumerator_t *e; - + e = malloc_thing(shared_enumerator_t); e->me = me; e->other = other; @@ -306,12 +306,12 @@ static enumerator_t* create_shared_enumerator(private_sql_cred_t *this, DB_INT, me->get_type(me), DB_BLOB, me->get_encoding(me), DB_INT, other->get_type(other), DB_BLOB, other->get_encoding(other), DB_INT, type == SHARED_ANY, DB_INT, type, - DB_INT, DB_BLOB); + DB_INT, DB_BLOB); } else { identification_t *id = me ? me : other; - + e->inner = this->db->query(this->db, "SELECT s.type, s.data FROM shared_secrets AS s " "JOIN shared_secret_identity AS si ON s.id = si.shared_secret " @@ -350,16 +350,16 @@ static void destroy(private_sql_cred_t *this) sql_cred_t *sql_cred_create(database_t *db) { private_sql_cred_t *this = malloc_thing(private_sql_cred_t); - + this->public.set.create_private_enumerator = (void*)create_private_enumerator; this->public.set.create_cert_enumerator = (void*)create_cert_enumerator; this->public.set.create_shared_enumerator = (void*)create_shared_enumerator; this->public.set.create_cdp_enumerator = (void*)return_null; this->public.set.cache_cert = (void*)cache_cert; this->public.destroy = (void(*)(sql_cred_t*))destroy; - + this->db = db; - + return &this->public; } diff --git a/src/charon/plugins/sql/sql_cred.h b/src/charon/plugins/sql/sql_cred.h index 2a9a96df1..7f387398e 100644 --- a/src/charon/plugins/sql/sql_cred.h +++ b/src/charon/plugins/sql/sql_cred.h @@ -35,11 +35,11 @@ struct sql_cred_t { * Implements credential_set_t interface */ credential_set_t set; - + /** * Destry the backend. */ - void (*destroy)(sql_cred_t *this); + void (*destroy)(sql_cred_t *this); }; /** diff --git a/src/charon/plugins/sql/sql_logger.c b/src/charon/plugins/sql/sql_logger.c index 20d42662b..d350c4c3d 100644 --- a/src/charon/plugins/sql/sql_logger.c +++ b/src/charon/plugins/sql/sql_logger.c @@ -30,17 +30,17 @@ struct private_sql_logger_t { * Public part */ sql_logger_t public; - + /** * database connection */ database_t *db; - + /** * logging level */ int level; - + /** * avoid recursive logging */ @@ -67,7 +67,7 @@ static bool log_(private_sql_logger_t *this, debug_t group, level_t level, identification_t *local_id, *remote_id; u_int64_t ispi, rspi; ike_sa_id_t *id; - + id = ike_sa->get_id(ike_sa); ispi = id->get_initiator_spi(id); rspi = id->get_responder_spi(id); @@ -86,9 +86,9 @@ static bool log_(private_sql_logger_t *this, debug_t group, level_t level, remote_id = ike_sa->get_other_id(ike_sa); local_host = ike_sa->get_my_host(ike_sa); remote_host = ike_sa->get_other_host(ike_sa); - + vsnprintf(buffer, sizeof(buffer), format, args); - + this->db->execute(this->db, NULL, "REPLACE INTO ike_sas (" "local_spi, remote_spi, id, initiator, " "local_id_type, local_id_data, " @@ -129,17 +129,17 @@ static void destroy(private_sql_logger_t *this) sql_logger_t *sql_logger_create(database_t *db) { private_sql_logger_t *this = malloc_thing(private_sql_logger_t); - + memset(&this->public.listener, 0, sizeof(listener_t)); this->public.listener.log = (bool(*)(listener_t*,debug_t,level_t,int,ike_sa_t*,char*,va_list))log_; this->public.destroy = (void(*)(sql_logger_t*))destroy; - + this->db = db; this->recursive = FALSE; - + this->level = lib->settings->get_int(lib->settings, "charon.plugins.sql.loglevel", -1); - + return &this->public; } diff --git a/src/charon/plugins/sql/sql_logger.h b/src/charon/plugins/sql/sql_logger.h index 3636c2293..a933705da 100644 --- a/src/charon/plugins/sql/sql_logger.h +++ b/src/charon/plugins/sql/sql_logger.h @@ -35,11 +35,11 @@ struct sql_logger_t { * Implements bus_listener_t interface */ listener_t listener; - + /** * Destry the backend. */ - void (*destroy)(sql_logger_t *this); + void (*destroy)(sql_logger_t *this); }; /** diff --git a/src/charon/plugins/sql/sql_plugin.c b/src/charon/plugins/sql/sql_plugin.c index e5a4afd1d..65691cc00 100644 --- a/src/charon/plugins/sql/sql_plugin.c +++ b/src/charon/plugins/sql/sql_plugin.c @@ -32,27 +32,27 @@ struct private_sql_plugin_t { * implements plugin interface */ sql_plugin_t public; - + /** * database connection instance */ database_t *db; - + /** * configuration backend */ sql_config_t *config; - + /** * credential set */ sql_cred_t *cred; - + /** * CFG attributes */ sql_attribute_t *attribute; - + /** * bus listener/logger */ @@ -83,18 +83,18 @@ plugin_t *plugin_create() { char *uri; private_sql_plugin_t *this; - + uri = lib->settings->get_str(lib->settings, "charon.plugins.sql.database", NULL); if (!uri) { DBG1(DBG_CFG, "sql plugin: database URI not set"); return NULL; } - + this = malloc_thing(private_sql_plugin_t); - + this->public.plugin.destroy = (void(*)(plugin_t*))destroy; - + this->db = lib->db->create(lib->db, uri); if (!this->db) { @@ -106,12 +106,12 @@ plugin_t *plugin_create() this->cred = sql_cred_create(this->db); this->attribute = sql_attribute_create(this->db); this->logger = sql_logger_create(this->db); - + charon->backends->add_backend(charon->backends, &this->config->backend); charon->credentials->add_set(charon->credentials, &this->cred->set); charon->attributes->add_provider(charon->attributes, &this->attribute->provider); charon->bus->add_listener(charon->bus, &this->logger->listener); - + return &this->public.plugin; } diff --git a/src/charon/plugins/stroke/stroke_attribute.c b/src/charon/plugins/stroke/stroke_attribute.c index d3211fd67..14464e0bd 100644 --- a/src/charon/plugins/stroke/stroke_attribute.c +++ b/src/charon/plugins/stroke/stroke_attribute.c @@ -33,12 +33,12 @@ struct private_stroke_attribute_t { * public functions */ stroke_attribute_t public; - + /** * list of pools, contains pool_t */ linked_list_t *pools; - + /** * mutex to lock access to pools */ @@ -85,7 +85,7 @@ static void pool_destroy(pool_t *this) { enumerator_t *enumerator; identification_t *id; - + enumerator = this->ids->create_enumerator(this->ids); while (enumerator->enumerate(enumerator, &id, NULL)) { @@ -107,7 +107,7 @@ static pool_t *find_pool(private_stroke_attribute_t *this, char *name) { enumerator_t *enumerator; pool_t *current, *found = NULL; - + enumerator = this->pools->create_enumerator(this->pools); while (enumerator->enumerate(enumerator, ¤t)) { @@ -129,13 +129,13 @@ host_t* offset2host(pool_t *pool, int offset) chunk_t addr; host_t *host; u_int32_t *pos; - + offset--; if (offset > pool->size) { return NULL; } - + addr = chunk_clone(pool->base->get_address(pool->base)); if (pool->base->get_family(pool->base) == AF_INET6) { @@ -158,7 +158,7 @@ int host2offset(pool_t *pool, host_t *addr) { chunk_t host, base; u_int32_t hosti, basei; - + if (addr->get_family(addr) != pool->base->get_family(pool->base)) { return -1; @@ -195,7 +195,7 @@ static host_t* acquire_address(private_stroke_attribute_t *this, uintptr_t offset = 0; enumerator_t *enumerator; identification_t *old_id; - + this->mutex->lock(this->mutex); pool = find_pool(this, name); while (pool) @@ -206,7 +206,7 @@ static host_t* acquire_address(private_stroke_attribute_t *this, this->mutex->unlock(this->mutex); return requested->clone(requested); } - + if (!requested->is_anyaddr(requested) && requested->get_family(requested) != pool->base->get_family(pool->base)) @@ -214,7 +214,7 @@ static host_t* acquire_address(private_stroke_attribute_t *this, DBG1(DBG_CFG, "IP pool address family mismatch"); break; } - + /* check for a valid offline lease, refresh */ offset = (uintptr_t)pool->offline->remove(pool->offline, id); if (offset) @@ -227,7 +227,7 @@ static host_t* acquire_address(private_stroke_attribute_t *this, break; } } - + /* check for a valid online lease, reassign */ offset = (uintptr_t)pool->online->get(pool->online, id); if (offset && offset == host2offset(pool, requested)) @@ -235,7 +235,7 @@ static host_t* acquire_address(private_stroke_attribute_t *this, DBG1(DBG_CFG, "reassigning online lease to '%Y'", id); break; } - + if (pool->unused < pool->size) { /* assigning offset, starting by 1. Handling 0 in hashtable @@ -270,7 +270,7 @@ static host_t* acquire_address(private_stroke_attribute_t *this, } } enumerator->destroy(enumerator); - + DBG1(DBG_CFG, "pool '%s' is full, unable to assign address", name); break; } @@ -291,7 +291,7 @@ static bool release_address(private_stroke_attribute_t *this, pool_t *pool; bool found = FALSE; uintptr_t offset; - + this->mutex->lock(this->mutex); pool = find_pool(this, name); if (pool) @@ -323,7 +323,7 @@ static void add_pool(private_stroke_attribute_t *this, stroke_msg_t *msg) if (msg->add_conn.other.sourceip_size) { pool_t *pool; - + pool = malloc_thing(pool_t); pool->base = NULL; pool->size = 0; @@ -335,17 +335,17 @@ static void add_pool(private_stroke_attribute_t *this, stroke_msg_t *msg) (hashtable_equals_t)id_equals, 16); pool->ids = hashtable_create((hashtable_hash_t)id_hash, (hashtable_equals_t)id_equals, 16); - + /* if %config, add an empty pool, otherwise */ if (msg->add_conn.other.sourceip) { u_int32_t bits; int family; - - DBG1(DBG_CFG, "adding virtual IP address pool '%s': %s/%d", - msg->add_conn.name, msg->add_conn.other.sourceip, + + DBG1(DBG_CFG, "adding virtual IP address pool '%s': %s/%d", + msg->add_conn.name, msg->add_conn.other.sourceip, msg->add_conn.other.sourceip_size); - + pool->base = host_create_from_string(msg->add_conn.other.sourceip, 0); if (!pool->base) { @@ -363,7 +363,7 @@ static void add_pool(private_stroke_attribute_t *this, stroke_msg_t *msg) (family == AF_INET ? 32 : 128) - bits); } pool->size = 1 << (bits); - + if (pool->size > 2) { /* do not use first and last addresses of a block */ pool->unused++; @@ -383,7 +383,7 @@ static void del_pool(private_stroke_attribute_t *this, stroke_msg_t *msg) { enumerator_t *enumerator; pool_t *pool; - + this->mutex->lock(this->mutex); enumerator = this->pools->create_enumerator(this->pools); while (enumerator->enumerate(enumerator, &pool)) @@ -407,7 +407,7 @@ static bool pool_filter(void *mutex, pool_t **poolp, char **name, void *d3, u_int *offline) { pool_t *pool = *poolp; - + *name = pool->name; *size = pool->size; *online = pool->online->get_count(pool->online); @@ -450,10 +450,10 @@ static bool lease_enumerate(lease_enumerator_t *this, identification_t **id_out, { identification_t *id; uintptr_t offset; - + DESTROY_IF(this->current); this->current = NULL; - + if (this->inner->enumerate(this->inner, &id, NULL)) { offset = (uintptr_t)this->pool->online->get(this->pool->online, id); @@ -494,7 +494,7 @@ static enumerator_t* create_lease_enumerator(private_stroke_attribute_t *this, char *pool) { lease_enumerator_t *enumerator; - + this->mutex->lock(this->mutex); enumerator = malloc_thing(lease_enumerator_t); enumerator->pool = find_pool(this, pool); @@ -528,7 +528,7 @@ static void destroy(private_stroke_attribute_t *this) stroke_attribute_t *stroke_attribute_create() { private_stroke_attribute_t *this = malloc_thing(private_stroke_attribute_t); - + this->public.provider.acquire_address = (host_t*(*)(attribute_provider_t *this, char*, identification_t *,host_t *))acquire_address; this->public.provider.release_address = (bool(*)(attribute_provider_t *this, char*,host_t *, identification_t*))release_address; this->public.provider.create_attribute_enumerator = (enumerator_t*(*)(attribute_provider_t*, identification_t *id))enumerator_create_empty; @@ -537,10 +537,10 @@ stroke_attribute_t *stroke_attribute_create() this->public.create_pool_enumerator = (enumerator_t*(*)(stroke_attribute_t*))create_pool_enumerator; this->public.create_lease_enumerator = (enumerator_t*(*)(stroke_attribute_t*, char *pool))create_lease_enumerator; this->public.destroy = (void(*)(stroke_attribute_t*))destroy; - + this->pools = linked_list_create(); this->mutex = mutex_create(MUTEX_TYPE_RECURSIVE); - + return &this->public; } diff --git a/src/charon/plugins/stroke/stroke_attribute.h b/src/charon/plugins/stroke/stroke_attribute.h index fc273d1cb..0bb8ae4bf 100644 --- a/src/charon/plugins/stroke/stroke_attribute.h +++ b/src/charon/plugins/stroke/stroke_attribute.h @@ -30,12 +30,12 @@ typedef struct stroke_attribute_t stroke_attribute_t; * Stroke IKEv2 cfg attribute provider */ struct stroke_attribute_t { - + /** * Implements attribute provider interface */ attribute_provider_t provider; - + /** * Add a virtual IP address. * @@ -43,24 +43,24 @@ struct stroke_attribute_t { * @param end end of stroke message that contains virtual IP. */ void (*add_pool)(stroke_attribute_t *this, stroke_msg_t *msg); - + /** * Remove a virtual IP address. * * @param msg stroke message */ void (*del_pool)(stroke_attribute_t *this, stroke_msg_t *msg); - + /** * Create an enumerator over installed pools. * - * Enumerator enumerates over + * Enumerator enumerates over * char *pool, u_int size, u_int offline, u_int online. * * @return enumerator */ enumerator_t* (*create_pool_enumerator)(stroke_attribute_t *this); - + /** * Create an enumerator over the leases of a pool. * diff --git a/src/charon/plugins/stroke/stroke_ca.c b/src/charon/plugins/stroke/stroke_ca.c index 2f87ba0aa..2c3e2936e 100644 --- a/src/charon/plugins/stroke/stroke_ca.c +++ b/src/charon/plugins/stroke/stroke_ca.c @@ -34,17 +34,17 @@ struct private_stroke_ca_t { * public functions */ stroke_ca_t public; - + /** * read-write lock to lists */ rwlock_t *lock; - + /** * list of starters CA sections and its certificates (ca_section_t) */ linked_list_t *sections; - + /** * stroke credentials, stores our CA certificates */ @@ -62,27 +62,27 @@ struct ca_section_t { * name of the CA section */ char *name; - + /** * reference to cert in trusted_credential_t */ certificate_t *cert; - + /** * CRL URIs */ linked_list_t *crl; - + /** * OCSP URIs */ linked_list_t *ocsp; - + /** * Hashes of certificates issued by this CA */ linked_list_t *hashes; - + /** * Base URI used for certificates from this CA */ @@ -90,12 +90,12 @@ struct ca_section_t { }; /** - * create a new CA section + * create a new CA section */ static ca_section_t *ca_section_create(char *name, certificate_t *cert) { ca_section_t *ca = malloc_thing(ca_section_t); - + ca->name = strdup(name); ca->crl = linked_list_create(); ca->ocsp = linked_list_create(); @@ -145,7 +145,7 @@ static enumerator_t *create_inner_cdp(ca_section_t *section, cdp_data_t *data) chunk_t keyid; enumerator_t *enumerator = NULL; linked_list_t *list; - + if (data->type == CERT_X509_OCSP_RESPONSE) { list = section->ocsp; @@ -154,7 +154,7 @@ static enumerator_t *create_inner_cdp(ca_section_t *section, cdp_data_t *data) { list = section->crl; } - + public = section->cert->get_public_key(section->cert); if (public) { @@ -182,25 +182,25 @@ static enumerator_t *create_inner_cdp_hashandurl(ca_section_t *section, cdp_data { enumerator_t *enumerator = NULL, *hash_enum; identification_t *current; - + if (!data->id || !section->certuribase) { return NULL; } - + hash_enum = section->hashes->create_enumerator(section->hashes); while (hash_enum->enumerate(hash_enum, ¤t)) - { + { if (current->matches(current, data->id)) { char *url, *hash; - + url = malloc(strlen(section->certuribase) + 40 + 1); strcpy(url, section->certuribase); hash = chunk_to_hex(current->get_encoding(current), NULL, FALSE).ptr; strncat(url, hash, 40); free(hash); - + enumerator = enumerator_create_single(url, free); break; } @@ -231,7 +231,7 @@ static enumerator_t *create_cdp_enumerator(private_stroke_ca_t *this, data->this = this; data->type = type; data->id = id; - + this->lock->read_lock(this->lock); return enumerator_create_nested(this->sections->create_enumerator(this->sections), (type == CERT_X509) ? (void*)create_inner_cdp_hashandurl : (void*)create_inner_cdp, @@ -244,12 +244,12 @@ static void add(private_stroke_ca_t *this, stroke_msg_t *msg) { certificate_t *cert; ca_section_t *ca; - + if (msg->add_ca.cacert == NULL) { DBG1(DBG_CFG, "missing cacert parameter"); return; - } + } cert = this->cred->load_ca(this->cred, msg->add_ca.cacert); if (cert) { @@ -288,7 +288,7 @@ static void del(private_stroke_ca_t *this, stroke_msg_t *msg) { enumerator_t *enumerator; ca_section_t *ca = NULL; - + this->lock->write_lock(this->lock); enumerator = this->sections->create_enumerator(this->sections); while (enumerator->enumerate(enumerator, &ca)) @@ -344,14 +344,14 @@ static void check_for_hash_and_url(private_stroke_ca_t *this, certificate_t* cer { ca_section_t *section; enumerator_t *enumerator; - + hasher_t *hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1); if (hasher == NULL) { DBG1(DBG_IKE, "unable to use hash-and-url: sha1 not supported"); return; } - + this->lock->write_lock(this->lock); enumerator = this->sections->create_enumerator(this->sections); while (enumerator->enumerate(enumerator, (void**)§ion)) @@ -369,7 +369,7 @@ static void check_for_hash_and_url(private_stroke_ca_t *this, certificate_t* cer } enumerator->destroy(enumerator); this->lock->unlock(this->lock); - + hasher->destroy(hasher); } @@ -381,7 +381,7 @@ static void list(private_stroke_ca_t *this, stroke_msg_t *msg, FILE *out) bool first = TRUE; ca_section_t *section; enumerator_t *enumerator; - + this->lock->read_lock(this->lock); enumerator = this->sections->create_enumerator(this->sections); while (enumerator->enumerate(enumerator, (void**)§ion)) @@ -389,7 +389,7 @@ static void list(private_stroke_ca_t *this, stroke_msg_t *msg, FILE *out) certificate_t *cert = section->cert; public_key_t *public = cert->get_public_key(cert); chunk_t chunk; - + if (first) { fprintf(out, "\n"); @@ -398,7 +398,7 @@ static void list(private_stroke_ca_t *this, stroke_msg_t *msg, FILE *out) } fprintf(out, "\n"); fprintf(out, " authname: \"%Y\"\n", cert->get_subject(cert)); - + /* list authkey and keyid */ if (public) { @@ -439,7 +439,7 @@ static void destroy(private_stroke_ca_t *this) stroke_ca_t *stroke_ca_create(stroke_cred_t *cred) { private_stroke_ca_t *this = malloc_thing(private_stroke_ca_t); - + this->public.set.create_private_enumerator = (void*)return_null; this->public.set.create_cert_enumerator = (void*)return_null; this->public.set.create_shared_enumerator = (void*)return_null; @@ -450,11 +450,11 @@ stroke_ca_t *stroke_ca_create(stroke_cred_t *cred) this->public.list = (void(*)(stroke_ca_t*, stroke_msg_t *msg, FILE *out))list; this->public.check_for_hash_and_url = (void(*)(stroke_ca_t*, certificate_t*))check_for_hash_and_url; this->public.destroy = (void(*)(stroke_ca_t*))destroy; - + this->sections = linked_list_create(); this->lock = rwlock_create(RWLOCK_TYPE_DEFAULT); this->cred = cred; - + return &this->public; } diff --git a/src/charon/plugins/stroke/stroke_ca.h b/src/charon/plugins/stroke/stroke_ca.h index c882d7b4e..ae55fe8e7 100644 --- a/src/charon/plugins/stroke/stroke_ca.h +++ b/src/charon/plugins/stroke/stroke_ca.h @@ -37,35 +37,35 @@ struct stroke_ca_t { * Implements credential_set_t */ credential_set_t set; - + /** * Add a CA to the set using a stroke_msg_t. * * @param msg stroke message containing CA info */ void (*add)(stroke_ca_t *this, stroke_msg_t *msg); - + /** * Remove a CA from the set using a stroke_msg_t. * * @param msg stroke message containing CA info */ void (*del)(stroke_ca_t *this, stroke_msg_t *msg); - + /** * List CA sections to stroke console. * * @param msg stroke message */ void (*list)(stroke_ca_t *this, stroke_msg_t *msg, FILE *out); - + /** * Check if a certificate can be made available through hash and URL. - * + * * @param cert peer certificate */ void (*check_for_hash_and_url)(stroke_ca_t *this, certificate_t* cert); - + /** * Destroy a stroke_ca instance. */ diff --git a/src/charon/plugins/stroke/stroke_config.c b/src/charon/plugins/stroke/stroke_config.c index 4404f7078..2da1948db 100644 --- a/src/charon/plugins/stroke/stroke_config.c +++ b/src/charon/plugins/stroke/stroke_config.c @@ -30,22 +30,22 @@ struct private_stroke_config_t { * public functions */ stroke_config_t public; - + /** * list of peer_cfg_t */ linked_list_t *list; - + /** * mutex to lock config list */ mutex_t *mutex; - + /** * ca sections */ stroke_ca_t *ca; - + /** * credentials */ @@ -93,7 +93,7 @@ static peer_cfg_t *get_peer_cfg_by_name(private_stroke_config_t *this, char *nam enumerator_t *e1, *e2; peer_cfg_t *current, *found = NULL; child_cfg_t *child; - + this->mutex->lock(this->mutex); e1 = this->list->create_enumerator(this->list); while (e1->enumerate(e1, ¤t)) @@ -139,7 +139,7 @@ static void add_proposals(private_stroke_config_t *this, char *string, char *strict; proposal_t *proposal; protocol_id_t proto = PROTO_ESP; - + if (ike_cfg) { proto = PROTO_IKE; @@ -195,7 +195,7 @@ static ike_cfg_t *build_ike_cfg(private_stroke_config_t *this, stroke_msg_t *msg ike_cfg_t *ike_cfg; char *interface; host_t *host; - + host = host_create_from_dns(msg->add_conn.other.address, 0, 0); if (host) { @@ -227,7 +227,7 @@ static ike_cfg_t *build_ike_cfg(private_stroke_config_t *this, stroke_msg_t *msg { free(interface); } - + } } } @@ -275,7 +275,7 @@ static auth_cfg_t *build_auth_cfg(private_stroke_config_t *this, stroke_end_t *end, *other_end; auth_cfg_t *cfg; char eap_buf[32]; - + /* select strings */ if (local) { @@ -317,7 +317,7 @@ static auth_cfg_t *build_auth_cfg(private_stroke_config_t *this, ca = other_end->ca2; } } - + if (!auth) { if (primary) @@ -366,9 +366,9 @@ static auth_cfg_t *build_auth_cfg(private_stroke_config_t *this, return NULL; } } - + cfg = auth_cfg_create(); - + /* add identity and peer certifcate */ identity = identification_create_from_string(id); if (cert) @@ -394,7 +394,7 @@ static auth_cfg_t *build_auth_cfg(private_stroke_config_t *this, } } cfg->add(cfg, AUTH_RULE_IDENTITY, identity); - + /* CA constraint */ if (ca) { @@ -412,13 +412,13 @@ static auth_cfg_t *build_auth_cfg(private_stroke_config_t *this, "constraint", ca); } } - + /* AC groups */ if (end->groups) { enumerator_t *enumerator; char *group; - + enumerator = enumerator_create_token(end->groups, ",", " "); while (enumerator->enumerate(enumerator, &group)) { @@ -428,7 +428,7 @@ static auth_cfg_t *build_auth_cfg(private_stroke_config_t *this, } enumerator->destroy(enumerator); } - + /* authentication metod (class, actually) */ if (streq(auth, "pubkey") || streq(auth, "rsasig") || streq(auth, "rsa") || @@ -446,9 +446,9 @@ static auth_cfg_t *build_auth_cfg(private_stroke_config_t *this, enumerator_t *enumerator; char *str; int i = 0, type = 0, vendor; - + cfg->add(cfg, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_EAP); - + /* parse EAP string, format: eap[-type[-vendor]] */ enumerator = enumerator_create_token(auth, "-", " "); while (enumerator->enumerate(enumerator, &str)) @@ -488,7 +488,7 @@ static auth_cfg_t *build_auth_cfg(private_stroke_config_t *this, i++; } enumerator->destroy(enumerator); - + if (msg->add_conn.eap_identity) { if (streq(msg->add_conn.eap_identity, "%identity")) @@ -529,7 +529,7 @@ static peer_cfg_t *build_peer_cfg(private_stroke_config_t *this, u_int32_t rekey = 0, reauth = 0, over, jitter; peer_cfg_t *peer_cfg; auth_cfg_t *auth_cfg; - + #ifdef ME if (msg->add_conn.ikeme.mediation && msg->add_conn.ikeme.mediated_by) { @@ -537,13 +537,13 @@ static peer_cfg_t *build_peer_cfg(private_stroke_config_t *this, "at the same time, aborting"); return NULL; } - + if (msg->add_conn.ikeme.mediation) { /* force unique connections for mediation connections */ msg->add_conn.unique = 1; } - + if (msg->add_conn.ikeme.mediated_by) { mediated_by = charon->backends->get_peer_cfg_by_name(charon->backends, @@ -572,7 +572,7 @@ static peer_cfg_t *build_peer_cfg(private_stroke_config_t *this, } } #endif /* ME */ - + jitter = msg->add_conn.rekey.margin * msg->add_conn.rekey.fuzz / 100; over = msg->add_conn.rekey.margin; if (msg->add_conn.rekey.reauth) @@ -632,7 +632,7 @@ static peer_cfg_t *build_peer_cfg(private_stroke_config_t *this, { /* dpdaction=none disables DPD */ msg->add_conn.dpd.delay = 0; } - + /* other.sourceip is managed in stroke_attributes. If it is set, we define * the pool name as the connection name, which the attribute provider * uses to serve pool addresses. */ @@ -644,7 +644,7 @@ static peer_cfg_t *build_peer_cfg(private_stroke_config_t *this, vip, msg->add_conn.other.sourceip_size ? msg->add_conn.name : msg->add_conn.other.sourceip, msg->add_conn.ikeme.mediation, mediated_by, peer_id); - + /* build leftauth= */ auth_cfg = build_auth_cfg(this, msg, TRUE, TRUE); if (auth_cfg) @@ -684,7 +684,7 @@ static void add_ts(private_stroke_config_t *this, stroke_end_t *end, child_cfg_t *child_cfg, bool local) { traffic_selector_t *ts; - + if (end->tohost) { ts = traffic_selector_create_dynamic(end->protocol, @@ -694,7 +694,7 @@ static void add_ts(private_stroke_config_t *this, else { host_t *net; - + if (!end->subnets) { net = host_create_from_string(end->address, IKEV2_UDP_PORT); @@ -708,12 +708,12 @@ static void add_ts(private_stroke_config_t *this, else { char *del, *start, *bits; - + start = end->subnets; do { int intbits = 0; - + del = strchr(start, ','); if (del) { @@ -725,7 +725,7 @@ static void add_ts(private_stroke_config_t *this, *bits = '\0'; intbits = atoi(bits + 1); } - + net = host_create_from_string(start, IKEV2_UDP_PORT); if (net) { @@ -769,7 +769,7 @@ static child_cfg_t *build_child_cfg(private_stroke_config_t *this, .jitter = msg->add_conn.rekey.margin_packets * msg->add_conn.rekey.fuzz / 100 } }; - + switch (msg->add_conn.dpd.action) { /* map startes magic values to our action type */ case 2: /* =hold */ @@ -782,7 +782,7 @@ static child_cfg_t *build_child_cfg(private_stroke_config_t *this, dpd = ACTION_NONE; break; } - + child_cfg = child_cfg_create( msg->add_conn.name, &lifetime, msg->add_conn.me.updown, msg->add_conn.me.hostaccess, @@ -791,9 +791,9 @@ static child_cfg_t *build_child_cfg(private_stroke_config_t *this, msg->add_conn.install_policy); add_ts(this, &msg->add_conn.me, child_cfg, TRUE); add_ts(this, &msg->add_conn.other, child_cfg, FALSE); - + add_proposals(this, msg->add_conn.algorithms.esp, NULL, child_cfg); - + return child_cfg; } @@ -819,7 +819,7 @@ static void add(private_stroke_config_t *this, stroke_msg_t *msg) ike_cfg->destroy(ike_cfg); return; } - + enumerator = create_peer_cfg_enumerator(this, NULL, NULL); while (enumerator->enumerate(enumerator, &existing)) { @@ -837,7 +837,7 @@ static void add(private_stroke_config_t *this, stroke_msg_t *msg) } } enumerator->destroy(enumerator); - + child_cfg = build_child_cfg(this, msg); if (!child_cfg) { @@ -845,7 +845,7 @@ static void add(private_stroke_config_t *this, stroke_msg_t *msg) return; } peer_cfg->add_child_cfg(peer_cfg, child_cfg); - + if (use_existing) { peer_cfg->destroy(peer_cfg); @@ -869,13 +869,13 @@ static void del(private_stroke_config_t *this, stroke_msg_t *msg) peer_cfg_t *peer; child_cfg_t *child; bool deleted = FALSE; - + this->mutex->lock(this->mutex); enumerator = this->list->create_enumerator(this->list); while (enumerator->enumerate(enumerator, (void**)&peer)) { bool keep = FALSE; - + /* remove any child with such a name */ children = peer->create_child_cfg_enumerator(peer); while (children->enumerate(children, &child)) @@ -892,7 +892,7 @@ static void del(private_stroke_config_t *this, stroke_msg_t *msg) } } children->destroy(children); - + /* if peer config matches, or has no children anymore, remove it */ if (!keep || streq(peer->get_name(peer), msg->del_conn.name)) { @@ -903,7 +903,7 @@ static void del(private_stroke_config_t *this, stroke_msg_t *msg) } enumerator->destroy(enumerator); this->mutex->unlock(this->mutex); - + if (deleted) { DBG1(DBG_CFG, "deleted connection '%s'", msg->del_conn.name); @@ -930,19 +930,19 @@ static void destroy(private_stroke_config_t *this) stroke_config_t *stroke_config_create(stroke_ca_t *ca, stroke_cred_t *cred) { private_stroke_config_t *this = malloc_thing(private_stroke_config_t); - + this->public.backend.create_peer_cfg_enumerator = (enumerator_t*(*)(backend_t*, identification_t *me, identification_t *other))create_peer_cfg_enumerator; this->public.backend.create_ike_cfg_enumerator = (enumerator_t*(*)(backend_t*, host_t *me, host_t *other))create_ike_cfg_enumerator; this->public.backend.get_peer_cfg_by_name = (peer_cfg_t* (*)(backend_t*,char*))get_peer_cfg_by_name; this->public.add = (void(*)(stroke_config_t*, stroke_msg_t *msg))add; this->public.del = (void(*)(stroke_config_t*, stroke_msg_t *msg))del; this->public.destroy = (void(*)(stroke_config_t*))destroy; - + this->list = linked_list_create(); this->mutex = mutex_create(MUTEX_TYPE_RECURSIVE); this->ca = ca; this->cred = cred; - + return &this->public; } diff --git a/src/charon/plugins/stroke/stroke_config.h b/src/charon/plugins/stroke/stroke_config.h index 270795e4a..3ed2f994f 100644 --- a/src/charon/plugins/stroke/stroke_config.h +++ b/src/charon/plugins/stroke/stroke_config.h @@ -37,21 +37,21 @@ struct stroke_config_t { * Implements the backend_t interface */ backend_t backend; - + /** * Add a configuration to the backend. * * @param msg received stroke message containing config */ void (*add)(stroke_config_t *this, stroke_msg_t *msg); - + /** * Remove a configuration from the backend. * * @param msg received stroke message containing config name */ void (*del)(stroke_config_t *this, stroke_msg_t *msg); - + /** * Destroy a stroke_config instance. */ diff --git a/src/charon/plugins/stroke/stroke_control.c b/src/charon/plugins/stroke/stroke_control.c index c572117a2..a03aef697 100644 --- a/src/charon/plugins/stroke/stroke_control.c +++ b/src/charon/plugins/stroke/stroke_control.c @@ -43,7 +43,7 @@ struct stroke_log_info_t { * level to log up to */ level_t level; - + /** * where to write log */ @@ -75,7 +75,7 @@ static child_cfg_t* get_child_from_peer(peer_cfg_t *peer_cfg, char *name) { child_cfg_t *current, *found = NULL; enumerator_t *enumerator; - + enumerator = peer_cfg->create_child_cfg_enumerator(peer_cfg); while (enumerator->enumerate(enumerator, ¤t)) { @@ -98,7 +98,7 @@ static void initiate(private_stroke_control_t *this, stroke_msg_t *msg, FILE *ou peer_cfg_t *peer_cfg; child_cfg_t *child_cfg; stroke_log_info_t info; - + peer_cfg = charon->backends->get_peer_cfg_by_name(charon->backends, msg->initiate.name); if (peer_cfg == NULL) @@ -113,7 +113,7 @@ static void initiate(private_stroke_control_t *this, stroke_msg_t *msg, FILE *ou peer_cfg->destroy(peer_cfg); return; } - + child_cfg = get_child_from_peer(peer_cfg, msg->initiate.name); if (child_cfg == NULL) { @@ -121,7 +121,7 @@ static void initiate(private_stroke_control_t *this, stroke_msg_t *msg, FILE *ou peer_cfg->destroy(peer_cfg); return; } - + if (msg->output_verbosity < 0) { charon->controller->initiate(charon->controller, peer_cfg, child_cfg, @@ -150,9 +150,9 @@ static void terminate(private_stroke_control_t *this, stroke_msg_t *msg, FILE *o linked_list_t *ike_list, *child_list; stroke_log_info_t info; uintptr_t del; - + string = msg->terminate.name; - + len = strlen(string); if (len < 1) { @@ -174,7 +174,7 @@ static void terminate(private_stroke_control_t *this, stroke_msg_t *msg, FILE *o child = FALSE; break; } - + if (name) { /* is a single name */ @@ -202,10 +202,10 @@ static void terminate(private_stroke_control_t *this, stroke_msg_t *msg, FILE *o } } } - + info.out = out; info.level = msg->output_verbosity; - + if (id) { if (child) @@ -220,7 +220,7 @@ static void terminate(private_stroke_control_t *this, stroke_msg_t *msg, FILE *o } return; } - + ike_list = linked_list_create(); child_list = linked_list_create(); enumerator = charon->controller->create_ike_sa_enumerator(charon->controller); @@ -228,7 +228,7 @@ static void terminate(private_stroke_control_t *this, stroke_msg_t *msg, FILE *o { child_sa_t *child_sa; iterator_t *children; - + if (child) { children = ike_sa->create_child_sa_iterator(ike_sa); @@ -261,7 +261,7 @@ static void terminate(private_stroke_control_t *this, stroke_msg_t *msg, FILE *o } } enumerator->destroy(enumerator); - + enumerator = child_list->create_enumerator(child_list); while (enumerator->enumerate(enumerator, &del)) { @@ -269,7 +269,7 @@ static void terminate(private_stroke_control_t *this, stroke_msg_t *msg, FILE *o (controller_cb_t)stroke_log, &info); } enumerator->destroy(enumerator); - + enumerator = ike_list->create_enumerator(ike_list); while (enumerator->enumerate(enumerator, &del)) { @@ -277,7 +277,7 @@ static void terminate(private_stroke_control_t *this, stroke_msg_t *msg, FILE *o (controller_cb_t)stroke_log, &info); } enumerator->destroy(enumerator); - + if (child_list->get_count(child_list) == 0 && ike_list->get_count(ike_list) == 0) { @@ -298,7 +298,7 @@ static void terminate_srcip(private_stroke_control_t *this, ike_sa_t *ike_sa; host_t *start = NULL, *end = NULL, *vip; chunk_t chunk_start, chunk_end = chunk_empty, chunk_vip; - + if (msg->terminate_srcip.start) { start = host_create_from_string(msg->terminate_srcip.start, 0); @@ -320,7 +320,7 @@ static void terminate_srcip(private_stroke_control_t *this, } chunk_end = end->get_address(end); } - + enumerator = charon->controller->create_ike_sa_enumerator(charon->controller); while (enumerator->enumerate(enumerator, &ike_sa)) { @@ -369,10 +369,10 @@ static void purge_ike(private_stroke_control_t *this, stroke_msg_t *msg, FILE *o linked_list_t *list; uintptr_t del; stroke_log_info_t info; - + info.out = out; info.level = msg->output_verbosity; - + list = linked_list_create(); enumerator = charon->controller->create_ike_sa_enumerator(charon->controller); while (enumerator->enumerate(enumerator, &ike_sa)) @@ -386,7 +386,7 @@ static void purge_ike(private_stroke_control_t *this, stroke_msg_t *msg, FILE *o iterator->destroy(iterator); } enumerator->destroy(enumerator); - + enumerator = list->create_enumerator(list); while (enumerator->enumerate(enumerator, &del)) { @@ -404,7 +404,7 @@ static void route(private_stroke_control_t *this, stroke_msg_t *msg, FILE *out) { peer_cfg_t *peer_cfg; child_cfg_t *child_cfg; - + peer_cfg = charon->backends->get_peer_cfg_by_name(charon->backends, msg->route.name); if (peer_cfg == NULL) @@ -417,7 +417,7 @@ static void route(private_stroke_control_t *this, stroke_msg_t *msg, FILE *out) peer_cfg->destroy(peer_cfg); return; } - + child_cfg = get_child_from_peer(peer_cfg, msg->route.name); if (child_cfg == NULL) { @@ -425,7 +425,7 @@ static void route(private_stroke_control_t *this, stroke_msg_t *msg, FILE *out) peer_cfg->destroy(peer_cfg); return; } - + if (charon->traps->install(charon->traps, peer_cfg, child_cfg)) { fprintf(out, "configuration '%s' routed\n", msg->route.name); @@ -446,7 +446,7 @@ static void unroute(private_stroke_control_t *this, stroke_msg_t *msg, FILE *out child_sa_t *child_sa; enumerator_t *enumerator; u_int32_t id; - + enumerator = charon->traps->create_enumerator(charon->traps); while (enumerator->enumerate(enumerator, NULL, &child_sa)) { @@ -477,7 +477,7 @@ static void destroy(private_stroke_control_t *this) stroke_control_t *stroke_control_create() { private_stroke_control_t *this = malloc_thing(private_stroke_control_t); - + this->public.initiate = (void(*)(stroke_control_t*, stroke_msg_t *msg, FILE *out))initiate; this->public.terminate = (void(*)(stroke_control_t*, stroke_msg_t *msg, FILE *out))terminate; this->public.terminate_srcip = (void(*)(stroke_control_t*, stroke_msg_t *msg, FILE *out))terminate_srcip; @@ -485,7 +485,7 @@ stroke_control_t *stroke_control_create() this->public.route = (void(*)(stroke_control_t*, stroke_msg_t *msg, FILE *out))route; this->public.unroute = (void(*)(stroke_control_t*, stroke_msg_t *msg, FILE *out))unroute; this->public.destroy = (void(*)(stroke_control_t*))destroy; - + return &this->public; } diff --git a/src/charon/plugins/stroke/stroke_control.h b/src/charon/plugins/stroke/stroke_control.h index 5a61a90a4..9b49bdc31 100644 --- a/src/charon/plugins/stroke/stroke_control.h +++ b/src/charon/plugins/stroke/stroke_control.h @@ -38,42 +38,42 @@ struct stroke_control_t { * @param msg stroke message */ void (*initiate)(stroke_control_t *this, stroke_msg_t *msg, FILE *out); - + /** * Terminate a connection. * * @param msg stroke message */ void (*terminate)(stroke_control_t *this, stroke_msg_t *msg, FILE *out); - + /** * Terminate a connection by peers virtual IP. * * @param msg stroke message */ void (*terminate_srcip)(stroke_control_t *this, stroke_msg_t *msg, FILE *out); - + /** * Delete IKE_SAs without a CHILD_SA. * * @param msg stroke message */ void (*purge_ike)(stroke_control_t *this, stroke_msg_t *msg, FILE *out); - + /** * Route a connection. * * @param msg stroke message */ void (*route)(stroke_control_t *this, stroke_msg_t *msg, FILE *out); - + /** * Unroute a connection. * * @param msg stroke message */ void (*unroute)(stroke_control_t *this, stroke_msg_t *msg, FILE *out); - + /** * Destroy a stroke_control instance. */ diff --git a/src/charon/plugins/stroke/stroke_cred.c b/src/charon/plugins/stroke/stroke_cred.c index 57a02c7a1..9133a1380 100644 --- a/src/charon/plugins/stroke/stroke_cred.c +++ b/src/charon/plugins/stroke/stroke_cred.c @@ -55,7 +55,7 @@ struct private_stroke_cred_t { * public functions */ stroke_cred_t public; - + /** * list of trusted peer/signer/CA certificates (certificate_t) */ @@ -70,12 +70,12 @@ struct private_stroke_cred_t { * list of private keys (private_key_t) */ linked_list_t *private; - + /** * read-write lock to lists */ rwlock_t *lock; - + /** * cache CRLs to disk? */ @@ -107,7 +107,7 @@ static bool private_filter(id_data_t *data, { private_key_t *key; chunk_t keyid; - + key = *in; if (data->id == NULL) { @@ -134,7 +134,7 @@ static enumerator_t* create_private_enumerator(private_stroke_cred_t *this, data = malloc_thing(id_data_t); data->this = this; data->id = id; - + this->lock->read_lock(this->lock); return enumerator_create_filter(this->private->create_enumerator(this->private), (void*)private_filter, data, @@ -149,7 +149,7 @@ static bool certs_filter(id_data_t *data, certificate_t **in, certificate_t **ou public_key_t *public; certificate_t *cert = *in; chunk_t keyid; - + if (cert->get_type(cert) == CERT_X509_CRL || cert->get_type(cert) == CERT_X509_AC) { @@ -160,7 +160,7 @@ static bool certs_filter(id_data_t *data, certificate_t **in, certificate_t **ou *out = *in; return TRUE; } - + public = cert->get_public_key(cert); if (public) { @@ -182,7 +182,7 @@ static bool certs_filter(id_data_t *data, certificate_t **in, certificate_t **ou static bool crl_filter(id_data_t *data, certificate_t **in, certificate_t **out) { certificate_t *cert = *in; - + if (cert->get_type(cert) != CERT_X509_CRL) { return FALSE; @@ -202,7 +202,7 @@ static bool crl_filter(id_data_t *data, certificate_t **in, certificate_t **out) static bool ac_filter(id_data_t *data, certificate_t **in, certificate_t **out) { certificate_t *cert = *in; - + if (cert->get_type(cert) != CERT_X509_AC) { return FALSE; @@ -224,7 +224,7 @@ static enumerator_t* create_cert_enumerator(private_stroke_cred_t *this, identification_t *id, bool trusted) { id_data_t *data; - + if (cert == CERT_X509_CRL || cert == CERT_X509_AC) { if (trusted) @@ -234,7 +234,7 @@ static enumerator_t* create_cert_enumerator(private_stroke_cred_t *this, data = malloc_thing(id_data_t); data->this = this; data->id = id; - + this->lock->read_lock(this->lock); return enumerator_create_filter(this->certs->create_enumerator(this->certs), (cert == CERT_X509_CRL)? (void*)crl_filter : (void*)ac_filter, @@ -247,7 +247,7 @@ static enumerator_t* create_cert_enumerator(private_stroke_cred_t *this, data = malloc_thing(id_data_t); data->this = this; data->id = id; - + this->lock->read_lock(this->lock); return enumerator_create_filter(this->certs->create_enumerator(this->certs), (void*)certs_filter, data, @@ -286,7 +286,7 @@ static bool shared_filter(shared_data_t *data, { return FALSE; } - + my_match = stroke->has_owner(stroke, data->me); other_match = stroke->has_owner(stroke, data->other); if (!my_match && !other_match) @@ -308,12 +308,12 @@ static bool shared_filter(shared_data_t *data, /** * Implements credential_set_t.create_shared_enumerator */ -static enumerator_t* create_shared_enumerator(private_stroke_cred_t *this, +static enumerator_t* create_shared_enumerator(private_stroke_cred_t *this, shared_key_type_t type, identification_t *me, identification_t *other) { shared_data_t *data = malloc_thing(shared_data_t); - + data->this = this; data->me = me; data->other = other; @@ -331,7 +331,7 @@ static certificate_t* add_cert(private_stroke_cred_t *this, certificate_t *cert) { certificate_t *current; enumerator_t *enumerator; - bool new = TRUE; + bool new = TRUE; this->lock->read_lock(this->lock); enumerator = this->certs->create_enumerator(this->certs); @@ -355,7 +355,7 @@ static certificate_t* add_cert(private_stroke_cred_t *this, certificate_t *cert) this->lock->unlock(this->lock); return cert; } - + /** * Implementation of stroke_cred_t.load_ca. */ @@ -363,7 +363,7 @@ static certificate_t* load_ca(private_stroke_cred_t *this, char *filename) { certificate_t *cert; char path[PATH_MAX]; - + if (*filename == '/') { snprintf(path, sizeof(path), "%s", filename); @@ -372,7 +372,7 @@ static certificate_t* load_ca(private_stroke_cred_t *this, char *filename) { snprintf(path, sizeof(path), "%s/%s", CA_CERTIFICATE_DIR, filename); } - + cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509, BUILD_FROM_FILE, path, @@ -380,7 +380,7 @@ static certificate_t* load_ca(private_stroke_cred_t *this, char *filename) if (cert) { x509_t *x509 = (x509_t*)cert; - + if (!(x509->get_flags(x509) & X509_CA)) { DBG1(DBG_CFG, " ca certificate '%Y' misses ca basic constraint, " @@ -400,7 +400,7 @@ static bool add_crl(private_stroke_cred_t *this, crl_t* crl) { certificate_t *current, *cert = &crl->certificate; enumerator_t *enumerator; - bool new = TRUE, found = FALSE; + bool new = TRUE, found = FALSE; this->lock->write_lock(this->lock); enumerator = this->certs->create_enumerator(this->certs); @@ -411,7 +411,7 @@ static bool add_crl(private_stroke_cred_t *this, crl_t* crl) crl_t *crl_c = (crl_t*)current; chunk_t authkey = crl->get_authKeyIdentifier(crl); chunk_t authkey_c = crl_c->get_authKeyIdentifier(crl_c); - + /* if compare authorityKeyIdentifiers if available */ if (authkey.ptr && authkey_c.ptr && chunk_equals(authkey, authkey_c)) { @@ -421,7 +421,7 @@ static bool add_crl(private_stroke_cred_t *this, crl_t* crl) { identification_t *issuer = cert->get_issuer(cert); identification_t *issuer_c = current->get_issuer(current); - + /* otherwise compare issuer distinguished names */ if (issuer->equals(issuer, issuer_c)) { @@ -444,7 +444,7 @@ static bool add_crl(private_stroke_cred_t *this, crl_t* crl) } } enumerator->destroy(enumerator); - + if (new) { this->certs->insert_last(this->certs, cert); @@ -482,7 +482,7 @@ static certificate_t* load_peer(private_stroke_cred_t *this, char *filename) { snprintf(path, sizeof(path), "%s/%s", CERTIFICATE_DIR, filename); } - + cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509, BUILD_FROM_FILE, path, @@ -508,7 +508,7 @@ static void load_certdir(private_stroke_cred_t *this, char *path, { struct stat st; char *file; - + enumerator_t *enumerator = enumerator_create_directory(path); if (!enumerator) @@ -538,7 +538,7 @@ static void load_certdir(private_stroke_cred_t *this, char *path, if (cert) { x509_t *x509 = (x509_t*)cert; - + if (!(x509->get_flags(x509) & X509_CA)) { DBG1(DBG_CFG, " ca certificate '%Y' misses " @@ -629,18 +629,18 @@ static void cache_cert(private_stroke_cred_t *this, certificate_t *cert) { /* CRLs get written to /etc/ipsec.d/crls/.crl */ crl_t *crl = (crl_t*)cert; - + cert->get_ref(cert); if (add_crl(this, crl)) { char buf[BUF_LEN]; chunk_t chunk, hex; - + chunk = crl->get_authKeyIdentifier(crl); hex = chunk_to_hex(chunk, NULL, FALSE); snprintf(buf, sizeof(buf), "%s/%s.crl", CRL_DIR, hex); free(hex.ptr); - + chunk = cert->get_encoding(cert); chunk_write(chunk, buf, "crl", 022, TRUE); free(chunk.ptr); @@ -695,7 +695,7 @@ static err_t extract_secret(chunk_t *secret, chunk_t *line) } if (quotes) - { + { /* treat as an ASCII string */ *secret = chunk_clone(raw_secret); return NULL; @@ -736,7 +736,7 @@ typedef struct { chunk_t passphrase_cb(passphrase_cb_data_t *data, int try) { chunk_t secret = chunk_empty;; - + if (try > 5) { fprintf(data->prompt, "invalid passphrase, too many trials\n"); @@ -809,7 +809,7 @@ static void load_secrets(private_stroke_cred_t *this, char *file, int level, private->destroy(private); } } - + while (fetchline(&src, &line)) { chunk_t ids, token; @@ -827,7 +827,7 @@ static void load_secrets(private_stroke_cred_t *this, char *file, int level, glob_t buf; char **expanded, *dir, pattern[PATH_MAX]; u_char *pos; - + if (level > MAX_SECRETS_RECURSION) { DBG1(DBG_CFG, "maximum level of %d includes reached, ignored", @@ -854,7 +854,7 @@ static void load_secrets(private_stroke_cred_t *this, char *file, int level, { /* use directory of current file if relative */ dir = strdup(file); dir = dirname(dir); - + if (line.len + 1 + strlen(dir) + 1 > sizeof(pattern)) { DBG1(DBG_CFG, "include pattern too long, ignored"); @@ -880,7 +880,7 @@ static void load_secrets(private_stroke_cred_t *this, char *file, int level, globfree(&buf); continue; } - + if (line.len > 2 && strneq(": ", line.ptr, 2)) { /* no ids, skip the ':' */ @@ -932,7 +932,7 @@ static void load_secrets(private_stroke_cred_t *this, char *file, int level, else { /* relative path name */ - snprintf(path, sizeof(path), "%s/%.*s", PRIVATE_KEY_DIR, + snprintf(path, sizeof(path), "%s/%.*s", PRIVATE_KEY_DIR, filename.len, filename.ptr); } @@ -951,7 +951,7 @@ static void load_secrets(private_stroke_cred_t *this, char *file, int level, if (prompt) { passphrase_cb_data_t data; - + data.prompt = prompt; data.file = path; key = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, @@ -984,9 +984,9 @@ static void load_secrets(private_stroke_cred_t *this, char *file, int level, char smartcard[32], keyid[22], pin[32]; private_key_t *key; u_int slot; - + err_t ugh = extract_value(&sc, &line); - + if (ugh != NULL) { DBG1(DBG_CFG, "line %d: %s", line_nr, ugh); @@ -999,7 +999,7 @@ static void load_secrets(private_stroke_cred_t *this, char *file, int level, } snprintf(smartcard, sizeof(smartcard), "%.*s", sc.len, sc.ptr); smartcard[sizeof(smartcard) - 1] = '\0'; - + /* parse slot and key id. only two formats are supported. * first try %smartcard: */ if (sscanf(smartcard, "%%smartcard%u:%s", &slot, keyid) == 2) @@ -1017,7 +1017,7 @@ static void load_secrets(private_stroke_cred_t *this, char *file, int level, " supported or invalid", line_nr); goto error; } - + if (!eat_whitespace(&line)) { DBG1(DBG_CFG, "line %d: expected PIN", line_nr); @@ -1031,12 +1031,12 @@ static void load_secrets(private_stroke_cred_t *this, char *file, int level, } snprintf(pin, sizeof(pin), "%.*s", secret.len, secret.ptr); pin[sizeof(pin) - 1] = '\0'; - + /* we assume an RSA key */ key = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_RSA, BUILD_SMARTCARD_KEYID, smartcard, BUILD_SMARTCARD_PIN, pin, BUILD_END); - + if (key) { DBG1(DBG_CFG, " loaded private key from %.*s", sc.len, sc.ptr); @@ -1063,7 +1063,7 @@ static void load_secrets(private_stroke_cred_t *this, char *file, int level, DBG1(DBG_CFG, " loaded %N secret for %s", shared_key_type_names, type, ids.len > 0 ? (char*)ids.ptr : "%any"); DBG4(DBG_CFG, " secret: %#B", &secret); - + this->shared->insert_last(this->shared, shared_key); while (ids.len > 0) { @@ -1080,7 +1080,7 @@ static void load_secrets(private_stroke_cred_t *this, char *file, int level, { continue; } - + /* NULL terminate the ID string */ *(id.ptr + id.len) = '\0'; peer_id = identification_create_from_string(id.ptr); @@ -1089,7 +1089,7 @@ static void load_secrets(private_stroke_cred_t *this, char *file, int level, peer_id->destroy(peer_id); continue; } - + shared_key->add_owner(shared_key, peer_id); any = FALSE; } @@ -1201,7 +1201,7 @@ static void destroy(private_stroke_cred_t *this) stroke_cred_t *stroke_cred_create() { private_stroke_cred_t *this = malloc_thing(private_stroke_cred_t); - + this->public.set.create_private_enumerator = (void*)create_private_enumerator; this->public.set.create_cert_enumerator = (void*)create_cert_enumerator; this->public.set.create_shared_enumerator = (void*)create_shared_enumerator; @@ -1212,7 +1212,7 @@ stroke_cred_t *stroke_cred_create() this->public.load_peer = (certificate_t*(*)(stroke_cred_t*, char *filename))load_peer; this->public.cachecrl = (void(*)(stroke_cred_t*, bool enabled))cachecrl; this->public.destroy = (void(*)(stroke_cred_t*))destroy; - + this->certs = linked_list_create(); this->shared = linked_list_create(); this->private = linked_list_create(); @@ -1220,9 +1220,9 @@ stroke_cred_t *stroke_cred_create() load_certs(this); load_secrets(this, SECRETS_FILE, 0, NULL); - + this->cachecrl = FALSE; - + return &this->public; } diff --git a/src/charon/plugins/stroke/stroke_cred.h b/src/charon/plugins/stroke/stroke_cred.h index 3924ccbc1..ccee7d87c 100644 --- a/src/charon/plugins/stroke/stroke_cred.h +++ b/src/charon/plugins/stroke/stroke_cred.h @@ -38,7 +38,7 @@ struct stroke_cred_t { * Implements credential_set_t */ credential_set_t set; - + /** * Reread secrets from config files. * @@ -46,7 +46,7 @@ struct stroke_cred_t { * @param prompt I/O channel to prompt for private key passhprase */ void (*reread)(stroke_cred_t *this, stroke_msg_t *msg, FILE *prompt); - + /** * Load a CA certificate, and serve it through the credential_set. * @@ -54,7 +54,7 @@ struct stroke_cred_t { * @return reference to loaded certificate, or NULL */ certificate_t* (*load_ca)(stroke_cred_t *this, char *filename); - + /** * Load a peer certificate and serve it rhrough the credential_set. * @@ -62,14 +62,14 @@ struct stroke_cred_t { * @return reference to loaded certificate, or NULL */ certificate_t* (*load_peer)(stroke_cred_t *this, char *filename); - + /** * Enable/Disable CRL caching to disk. * * @param enabled TRUE to enable, FALSE to disable */ void (*cachecrl)(stroke_cred_t *this, bool enabled); - + /** * Destroy a stroke_cred instance. */ diff --git a/src/charon/plugins/stroke/stroke_list.c b/src/charon/plugins/stroke/stroke_list.c index d6754482f..ced627f50 100644 --- a/src/charon/plugins/stroke/stroke_list.c +++ b/src/charon/plugins/stroke/stroke_list.c @@ -40,12 +40,12 @@ struct private_stroke_list_t { * public functions */ stroke_list_t public; - + /** * timestamp of daemon start */ time_t uptime; - + /** * strokes attribute provider */ @@ -59,44 +59,44 @@ static void log_ike_sa(FILE *out, ike_sa_t *ike_sa, bool all) { ike_sa_id_t *id = ike_sa->get_id(ike_sa); time_t now = time_monotonic(NULL); - + fprintf(out, "%12s[%d]: %N", ike_sa->get_name(ike_sa), ike_sa->get_unique_id(ike_sa), ike_sa_state_names, ike_sa->get_state(ike_sa)); - + if (ike_sa->get_state(ike_sa) == IKE_ESTABLISHED) { time_t established; - + established = ike_sa->get_statistic(ike_sa, STAT_ESTABLISHED); fprintf(out, " %V ago", &now, &established); } - + fprintf(out, ", %H[%Y]...%H[%Y]\n", ike_sa->get_my_host(ike_sa), ike_sa->get_my_id(ike_sa), ike_sa->get_other_host(ike_sa), ike_sa->get_other_id(ike_sa)); - + if (all) { proposal_t *ike_proposal; - + ike_proposal = ike_sa->get_proposal(ike_sa); - + fprintf(out, "%12s[%d]: IKE SPIs: %.16llx_i%s %.16llx_r%s", ike_sa->get_name(ike_sa), ike_sa->get_unique_id(ike_sa), id->get_initiator_spi(id), id->is_initiator(id) ? "*" : "", id->get_responder_spi(id), id->is_initiator(id) ? "" : "*"); - - + + if (ike_sa->get_state(ike_sa) == IKE_ESTABLISHED) { time_t rekey, reauth; peer_cfg_t *peer_cfg; - + rekey = ike_sa->get_statistic(ike_sa, STAT_REKEY); reauth = ike_sa->get_statistic(ike_sa, STAT_REAUTH); peer_cfg = ike_sa->get_peer_cfg(ike_sa); - + if (rekey) { fprintf(out, ", rekeying in %V", &rekey, &now); @@ -106,7 +106,7 @@ static void log_ike_sa(FILE *out, ike_sa_t *ike_sa, bool all) bool first = TRUE; enumerator_t *enumerator; auth_cfg_t *auth; - + fprintf(out, ", "); enumerator = peer_cfg->create_auth_cfg_enumerator(peer_cfg, TRUE); while (enumerator->enumerate(enumerator, &auth)) @@ -128,11 +128,11 @@ static void log_ike_sa(FILE *out, ike_sa_t *ike_sa, bool all) } } fprintf(out, "\n"); - + if (ike_proposal) { char buf[BUF_LEN]; - + snprintf(buf, BUF_LEN, "%P", ike_proposal); fprintf(out, "%12s[%d]: IKE proposal: %s\n", ike_sa->get_name(ike_sa), ike_sa->get_unique_id(ike_sa), @@ -150,14 +150,14 @@ static void log_child_sa(FILE *out, child_sa_t *child_sa, bool all) u_int64_t bytes_in, bytes_out; proposal_t *proposal; child_cfg_t *config = child_sa->get_config(child_sa); - - - fprintf(out, "%12s{%d}: %N, %N%s", + + + fprintf(out, "%12s{%d}: %N, %N%s", child_sa->get_name(child_sa), child_sa->get_reqid(child_sa), child_sa_state_names, child_sa->get_state(child_sa), ipsec_mode_names, child_sa->get_mode(child_sa), config->use_proxy_mode(config) ? "_PROXY" : ""); - + if (child_sa->get_state(child_sa) == CHILD_INSTALLED) { fprintf(out, ", %N%s SPIs: %.8x_i %.8x_o", @@ -165,30 +165,30 @@ static void log_child_sa(FILE *out, child_sa_t *child_sa, bool all) child_sa->has_encap(child_sa) ? " in UDP" : "", ntohl(child_sa->get_spi(child_sa, TRUE)), ntohl(child_sa->get_spi(child_sa, FALSE))); - + if (child_sa->get_ipcomp(child_sa) != IPCOMP_NONE) { fprintf(out, ", IPCOMP CPIs: %.4x_i %.4x_o", ntohs(child_sa->get_cpi(child_sa, TRUE)), ntohs(child_sa->get_cpi(child_sa, FALSE))); } - + if (all) { - fprintf(out, "\n%12s{%d}: ", child_sa->get_name(child_sa), + fprintf(out, "\n%12s{%d}: ", child_sa->get_name(child_sa), child_sa->get_reqid(child_sa)); - + proposal = child_sa->get_proposal(child_sa); if (proposal) { u_int16_t encr_alg = ENCR_UNDEFINED, int_alg = AUTH_UNDEFINED; u_int16_t encr_size = 0, int_size = 0; - + proposal->get_algorithm(proposal, ENCRYPTION_ALGORITHM, &encr_alg, &encr_size); proposal->get_algorithm(proposal, INTEGRITY_ALGORITHM, &int_alg, &int_size); - + if (encr_alg != ENCR_UNDEFINED) { fprintf(out, "%N", encryption_algorithm_names, encr_alg); @@ -206,7 +206,7 @@ static void log_child_sa(FILE *out, child_sa_t *child_sa, bool all) } } } - + now = time_monotonic(NULL); child_sa->get_usestats(child_sa, TRUE, &use_in, &bytes_in); fprintf(out, ", %llu bytes_i", bytes_in); @@ -222,7 +222,7 @@ static void log_child_sa(FILE *out, child_sa_t *child_sa, bool all) fprintf(out, " (%ds ago)", now - use_out); } fprintf(out, ", rekeying "); - + rekey = child_sa->get_lifetime(child_sa, FALSE); if (rekey) { @@ -239,10 +239,10 @@ static void log_child_sa(FILE *out, child_sa_t *child_sa, bool all) { fprintf(out, "disabled"); } - + } } - + fprintf(out, "\n%12s{%d}: %#R=== %#R\n", child_sa->get_name(child_sa), child_sa->get_reqid(child_sa), child_sa->get_traffic_selectors(child_sa, TRUE), @@ -262,9 +262,9 @@ static void log_auth_cfgs(FILE *out, peer_cfg_t *peer_cfg, bool local) certificate_t *cert; cert_validation_t valid; char *name; - + name = peer_cfg->get_name(peer_cfg); - + enumerator = peer_cfg->create_auth_cfg_enumerator(peer_cfg, local); while (enumerator->enumerate(enumerator, &auth)) { @@ -329,7 +329,7 @@ static void log_auth_cfgs(FILE *out, peer_cfg_t *peer_cfg, bool local) fprintf(out, "%12s: ocsp: status must be GOOD%s\n", name, (valid == VALIDATION_SKIPPED) ? " or SKIPPED" : ""); } - + valid = (uintptr_t)auth->get(auth, AUTH_RULE_CRL_VALIDATION); if (valid != VALIDATION_FAILED) { @@ -362,7 +362,7 @@ static void status(private_stroke_list_t *this, stroke_msg_t *msg, FILE *out, bo ike_sa_t *ike_sa; bool first, found = FALSE; char *name = msg->status.name; - + if (all) { peer_cfg_t *peer_cfg; @@ -371,10 +371,10 @@ static void status(private_stroke_list_t *this, stroke_msg_t *msg, FILE *out, bo u_int32_t dpd; time_t since, now; u_int size, online, offline; - + now = time_monotonic(NULL); since = time(NULL) - (now - this->uptime); - + fprintf(out, "Status of IKEv2 charon daemon (strongSwan "VERSION"):\n"); fprintf(out, " uptime: %V, since %T\n", &now, &this->uptime, &since, FALSE); fprintf(out, " worker threads: %d idle of %d,", @@ -392,7 +392,7 @@ static void status(private_stroke_list_t *this, stroke_msg_t *msg, FILE *out, bo } enumerator->destroy(enumerator); fprintf(out, "\n"); - + first = TRUE; enumerator = this->attribute->create_pool_enumerator(this->attribute); while (enumerator->enumerate(enumerator, &pool, &size, &online, &offline)) @@ -409,7 +409,7 @@ static void status(private_stroke_list_t *this, stroke_msg_t *msg, FILE *out, bo fprintf(out, " %s: %u/%u/%u\n", pool, size, online, offline); } enumerator->destroy(enumerator); - + enumerator = charon->kernel_interface->create_address_enumerator( charon->kernel_interface, FALSE, FALSE); fprintf(out, "Listening IP addresses:\n"); @@ -418,7 +418,7 @@ static void status(private_stroke_list_t *this, stroke_msg_t *msg, FILE *out, bo fprintf(out, " %H\n", host); } enumerator->destroy(enumerator); - + fprintf(out, "Connections:\n"); enumerator = charon->backends->create_peer_cfg_enumerator( charon->backends, NULL, NULL, NULL, NULL); @@ -429,33 +429,33 @@ static void status(private_stroke_list_t *this, stroke_msg_t *msg, FILE *out, bo { continue; } - + ike_cfg = peer_cfg->get_ike_cfg(peer_cfg); fprintf(out, "%12s: %s...%s", peer_cfg->get_name(peer_cfg), ike_cfg->get_my_addr(ike_cfg), ike_cfg->get_other_addr(ike_cfg)); - + dpd = peer_cfg->get_dpd(peer_cfg); if (dpd) { fprintf(out, ", dpddelay=%us", dpd); } fprintf(out, "\n"); - + log_auth_cfgs(out, peer_cfg, TRUE); log_auth_cfgs(out, peer_cfg, FALSE); - + children = peer_cfg->create_child_cfg_enumerator(peer_cfg); while (children->enumerate(children, &child_cfg)) { linked_list_t *my_ts, *other_ts; - + my_ts = child_cfg->get_traffic_selectors(child_cfg, TRUE, NULL, NULL); other_ts = child_cfg->get_traffic_selectors(child_cfg, FALSE, NULL, NULL); fprintf(out, "%12s: child: %#R=== %#R", child_cfg->get_name(child_cfg), my_ts, other_ts); my_ts->destroy_offset(my_ts, offsetof(traffic_selector_t, destroy)); other_ts->destroy_offset(other_ts, offsetof(traffic_selector_t, destroy)); - + if (dpd) { fprintf(out, ", dpdaction=%N", action_names, @@ -468,7 +468,7 @@ static void status(private_stroke_list_t *this, stroke_msg_t *msg, FILE *out, bo enumerator->destroy(enumerator); } - first = TRUE; + first = TRUE; enumerator = charon->traps->create_enumerator(charon->traps); while (enumerator->enumerate(enumerator, NULL, &child_sa)) { @@ -480,14 +480,14 @@ static void status(private_stroke_list_t *this, stroke_msg_t *msg, FILE *out, bo log_child_sa(out, child_sa, all); } enumerator->destroy(enumerator); - + fprintf(out, "Security Associations:\n"); enumerator = charon->controller->create_ike_sa_enumerator(charon->controller); while (enumerator->enumerate(enumerator, &ike_sa)) { bool ike_printed = FALSE; iterator_t *children = ike_sa->create_child_sa_iterator(ike_sa); - + if (name == NULL || streq(name, ike_sa->get_name(ike_sa))) { log_ike_sa(out, ike_sa, all); @@ -506,12 +506,12 @@ static void status(private_stroke_list_t *this, stroke_msg_t *msg, FILE *out, bo ike_printed = TRUE; } log_child_sa(out, child_sa, all); - } + } } children->destroy(children); } enumerator->destroy(enumerator); - + if (!found) { if (name) @@ -536,14 +536,14 @@ static linked_list_t* create_unique_cert_list(certificate_type_t type) charon->credentials, type, KEY_ANY, NULL, FALSE); certificate_t *cert; - + while (enumerator->enumerate(enumerator, (void**)&cert)) { iterator_t *iterator = list->create_iterator(list, TRUE); identification_t *issuer = cert->get_issuer(cert); bool previous_same, same = FALSE, last = TRUE; certificate_t *list_cert; - + while (iterator->iterate(iterator, (void**)&list_cert)) { /* exit if we have a duplicate? */ @@ -581,7 +581,7 @@ static void list_public_key(public_key_t *public, FILE *out) private_key_t *private = NULL; chunk_t keyid; identification_t *id; - + if (public->get_fingerprint(public, KEY_ID_PUBKEY_SHA1, &keyid)) { id = identification_create_from_encoding(ID_KEY_ID, keyid); @@ -610,14 +610,14 @@ static void list_public_key(public_key_t *public, FILE *out) static void stroke_list_pubkeys(linked_list_t *list, bool utc, FILE *out) { bool first = TRUE; - + enumerator_t *enumerator = list->create_enumerator(list); certificate_t *cert; - + while (enumerator->enumerate(enumerator, (void**)&cert)) { public_key_t *public = cert->get_public_key(cert); - + if (public) { if (first) @@ -627,7 +627,7 @@ static void stroke_list_pubkeys(linked_list_t *list, bool utc, FILE *out) first = FALSE; } fprintf(out, "\n"); - + list_public_key(public, out); public->destroy(public); } @@ -638,7 +638,7 @@ static void stroke_list_pubkeys(linked_list_t *list, bool utc, FILE *out) /** * list all X.509 certificates matching the flags */ -static void stroke_list_certs(linked_list_t *list, char *label, +static void stroke_list_certs(linked_list_t *list, char *label, x509_flag_t flags, bool utc, FILE *out) { bool first = TRUE; @@ -650,7 +650,7 @@ static void stroke_list_certs(linked_list_t *list, char *label, { x509_t *x509 = (x509_t*)cert; x509_flag_t x509_flags = x509->get_flags(x509); - + /* list only if flag is set, or flags == 0 (ignoring self-signed) */ if ((x509_flags & flags) || (flags == (x509_flags & ~X509_SELF_SIGNED))) { @@ -660,7 +660,7 @@ static void stroke_list_certs(linked_list_t *list, char *label, chunk_t serial, authkey; time_t notBefore, notAfter; public_key_t *public; - + if (first) { fprintf(out, "\n"); @@ -668,7 +668,7 @@ static void stroke_list_certs(linked_list_t *list, char *label, first = FALSE; } fprintf(out, "\n"); - + /* list subjectAltNames */ enumerator = x509->create_subjectAltName_enumerator(x509); while (enumerator->enumerate(enumerator, (void**)&altName)) @@ -689,12 +689,12 @@ static void stroke_list_certs(linked_list_t *list, char *label, fprintf(out, "\n"); } enumerator->destroy(enumerator); - + fprintf(out, " subject: \"%Y\"\n", cert->get_subject(cert)); fprintf(out, " issuer: \"%Y\"\n", cert->get_issuer(cert)); serial = x509->get_serial(x509); fprintf(out, " serial: %#B\n", &serial); - + /* list validity */ cert->get_validity(cert, &now, ¬Before, ¬After); fprintf(out, " validity: not before %T, ", ¬Before, utc); @@ -720,14 +720,14 @@ static void stroke_list_certs(linked_list_t *list, char *label, } fprintf(out, " \n"); } - + public = cert->get_public_key(cert); if (public) { list_public_key(public, out); public->destroy(public); } - + /* list optional authorityKeyIdentifier */ authkey = x509->get_authKeyIdentifier(x509); if (authkey.ptr) @@ -754,7 +754,7 @@ static void stroke_list_acerts(linked_list_t *list, bool utc, FILE *out) ac_t *ac = (ac_t*)cert; identification_t *id; chunk_t chunk; - + if (first) { fprintf(out, "\n"); @@ -762,7 +762,7 @@ static void stroke_list_acerts(linked_list_t *list, bool utc, FILE *out) first = FALSE; } fprintf(out, "\n"); - + id = cert->get_subject(cert); if (id) { @@ -799,7 +799,7 @@ static void stroke_list_acerts(linked_list_t *list, bool utc, FILE *out) } fprintf(out, " \n"); } - + /* list optional authorityKeyIdentifier */ chunk = ac->get_authKeyIdentifier(ac); if (chunk.ptr) @@ -819,12 +819,12 @@ static void stroke_list_crls(linked_list_t *list, bool utc, FILE *out) time_t thisUpdate, nextUpdate, now = time(NULL); enumerator_t *enumerator = list->create_enumerator(list); certificate_t *cert; - + while (enumerator->enumerate(enumerator, (void**)&cert)) { crl_t *crl = (crl_t*)cert; chunk_t chunk; - + if (first) { fprintf(out, "\n"); @@ -832,21 +832,21 @@ static void stroke_list_crls(linked_list_t *list, bool utc, FILE *out) first = FALSE; } fprintf(out, "\n"); - + fprintf(out, " issuer: \"%Y\"\n", cert->get_issuer(cert)); - + /* list optional crlNumber */ chunk = crl->get_serial(crl); if (chunk.ptr) { fprintf(out, " serial: %#B\n", &chunk); } - + /* count the number of revoked certificates */ { int count = 0; enumerator_t *enumerator = crl->create_enumerator(crl); - + while (enumerator->enumerate(enumerator, NULL, NULL, NULL)) { count++; @@ -855,7 +855,7 @@ static void stroke_list_crls(linked_list_t *list, bool utc, FILE *out) (count == 1)? "" : "s"); enumerator->destroy(enumerator); } - + /* list validity */ cert->get_validity(cert, &now, &thisUpdate, &nextUpdate); fprintf(out, " updates: this %T\n", &thisUpdate, utc); @@ -873,7 +873,7 @@ static void stroke_list_crls(linked_list_t *list, bool utc, FILE *out) } fprintf(out, " \n"); } - + /* list optional authorityKeyIdentifier */ chunk = crl->get_authKeyIdentifier(crl); if (chunk.ptr) @@ -892,7 +892,7 @@ static void stroke_list_ocsp(linked_list_t* list, bool utc, FILE *out) bool first = TRUE; enumerator_t *enumerator = list->create_enumerator(list); certificate_t *cert; - + while (enumerator->enumerate(enumerator, (void**)&cert)) { if (first) @@ -919,7 +919,7 @@ static void list_algs(FILE *out) hash_algorithm_t hash; pseudo_random_function_t prf; diffie_hellman_group_t group; - + fprintf(out, "\n"); fprintf(out, "List of registered IKEv2 Algorithms:\n"); fprintf(out, "\n encryption: "); @@ -972,7 +972,7 @@ static void list(private_stroke_list_t *this, stroke_msg_t *msg, FILE *out) linked_list_t *pubkey_list = create_unique_cert_list(CERT_TRUSTED_PUBKEY); stroke_list_pubkeys(pubkey_list, msg->list.utc, out); - pubkey_list->destroy_offset(pubkey_list, offsetof(certificate_t, destroy)); + pubkey_list->destroy_offset(pubkey_list, offsetof(certificate_t, destroy)); } if (msg->list.flags & (LIST_CERTS | LIST_CACERTS | LIST_OCSPCERTS | LIST_AACERTS)) { @@ -1003,22 +1003,22 @@ static void list(private_stroke_list_t *this, stroke_msg_t *msg, FILE *out) linked_list_t *ac_list = create_unique_cert_list(CERT_X509_AC); stroke_list_acerts(ac_list, msg->list.utc, out); - ac_list->destroy_offset(ac_list, offsetof(certificate_t, destroy)); + ac_list->destroy_offset(ac_list, offsetof(certificate_t, destroy)); } if (msg->list.flags & LIST_CRLS) { linked_list_t *crl_list = create_unique_cert_list(CERT_X509_CRL); stroke_list_crls(crl_list, msg->list.utc, out); - crl_list->destroy_offset(crl_list, offsetof(certificate_t, destroy)); + crl_list->destroy_offset(crl_list, offsetof(certificate_t, destroy)); } if (msg->list.flags & LIST_OCSP) { linked_list_t *ocsp_list = create_unique_cert_list(CERT_X509_OCSP_RESPONSE); stroke_list_ocsp(ocsp_list, msg->list.utc, out); - - ocsp_list->destroy_offset(ocsp_list, offsetof(certificate_t, destroy)); + + ocsp_list->destroy_offset(ocsp_list, offsetof(certificate_t, destroy)); } if (msg->list.flags & LIST_ALGS) { @@ -1038,7 +1038,7 @@ static void pool_leases(private_stroke_list_t *this, FILE *out, char *pool, host_t *lease; bool on; int found = 0; - + fprintf(out, "Leases in pool '%s', usage: %lu/%lu, %lu online\n", pool, online + offline, size, online); enumerator = this->attribute->create_lease_enumerator(this->attribute, pool); @@ -1068,12 +1068,12 @@ static void leases(private_stroke_list_t *this, stroke_msg_t *msg, FILE *out) host_t *address = NULL; char *pool; int found = 0; - + if (msg->leases.address) { address = host_create_from_string(msg->leases.address, 0); } - + enumerator = this->attribute->create_pool_enumerator(this->attribute); while (enumerator->enumerate(enumerator, &pool, &size, &online, &offline)) { @@ -1112,15 +1112,15 @@ static void destroy(private_stroke_list_t *this) stroke_list_t *stroke_list_create(stroke_attribute_t *attribute) { private_stroke_list_t *this = malloc_thing(private_stroke_list_t); - + this->public.list = (void(*)(stroke_list_t*, stroke_msg_t *msg, FILE *out))list; this->public.status = (void(*)(stroke_list_t*, stroke_msg_t *msg, FILE *out,bool))status; this->public.leases = (void(*)(stroke_list_t*, stroke_msg_t *msg, FILE *out))leases; this->public.destroy = (void(*)(stroke_list_t*))destroy; - + this->uptime = time_monotonic(NULL); this->attribute = attribute; - + return &this->public; } diff --git a/src/charon/plugins/stroke/stroke_list.h b/src/charon/plugins/stroke/stroke_list.h index 2430abfbb..b5bedc6c2 100644 --- a/src/charon/plugins/stroke/stroke_list.h +++ b/src/charon/plugins/stroke/stroke_list.h @@ -40,7 +40,7 @@ struct stroke_list_t { * @param out stroke console stream */ void (*list)(stroke_list_t *this, stroke_msg_t *msg, FILE *out); - + /** * Log status information to stroke console. * @@ -49,7 +49,7 @@ struct stroke_list_t { * @param all TRUE for "statusall" */ void (*status)(stroke_list_t *this, stroke_msg_t *msg, FILE *out, bool all); - + /** * Log pool leases to stroke console. * @@ -57,7 +57,7 @@ struct stroke_list_t { * @param out stroke console stream */ void (*leases)(stroke_list_t *this, stroke_msg_t *msg, FILE *out); - + /** * Destroy a stroke_list instance. */ diff --git a/src/charon/plugins/stroke/stroke_plugin.c b/src/charon/plugins/stroke/stroke_plugin.c index 22c1125a1..61ae10953 100644 --- a/src/charon/plugins/stroke/stroke_plugin.c +++ b/src/charon/plugins/stroke/stroke_plugin.c @@ -29,7 +29,7 @@ struct private_stroke_plugin_t { * public functions */ stroke_plugin_t public; - + /** * stroke socket, receives strokes */ @@ -51,9 +51,9 @@ static void destroy(private_stroke_plugin_t *this) plugin_t *plugin_create() { private_stroke_plugin_t *this = malloc_thing(private_stroke_plugin_t); - + this->public.plugin.destroy = (void(*)(plugin_t*))destroy; - + this->socket = stroke_socket_create(); if (this->socket == NULL) { diff --git a/src/charon/plugins/stroke/stroke_plugin.h b/src/charon/plugins/stroke/stroke_plugin.h index 6e9d556ad..3a1e81df6 100644 --- a/src/charon/plugins/stroke/stroke_plugin.h +++ b/src/charon/plugins/stroke/stroke_plugin.h @@ -20,7 +20,7 @@ * @defgroup stroke_plugin stroke_plugin * @{ @ingroup stroke */ - + #ifndef STROKE_PLUGIN_H_ #define STROKE_PLUGIN_H_ diff --git a/src/charon/plugins/stroke/stroke_shared_key.c b/src/charon/plugins/stroke/stroke_shared_key.c index 8f53f509d..4f716e83a 100644 --- a/src/charon/plugins/stroke/stroke_shared_key.c +++ b/src/charon/plugins/stroke/stroke_shared_key.c @@ -28,7 +28,7 @@ struct private_stroke_shared_key_t { * implements shared_key_t */ stroke_shared_key_t public; - + /** * type of this key */ @@ -43,7 +43,7 @@ struct private_stroke_shared_key_t { * list of key owners, as identification_t */ linked_list_t *owners; - + /** * reference counter */ @@ -73,8 +73,8 @@ static private_stroke_shared_key_t* get_ref(private_stroke_shared_key_t *this) static chunk_t get_key(private_stroke_shared_key_t *this) { return this->key; -} - +} + /** * Implementation of stroke_shared_key_t.has_owner. */ @@ -83,7 +83,7 @@ static id_match_t has_owner(private_stroke_shared_key_t *this, identification_t enumerator_t *enumerator; id_match_t match, best = ID_MATCH_NONE; identification_t *current; - + enumerator = this->owners->create_enumerator(this->owners); while (enumerator->enumerate(enumerator, ¤t)) { @@ -135,6 +135,6 @@ stroke_shared_key_t *stroke_shared_key_create(shared_key_type_t type, chunk_t ke this->type = type; this->key = key; this->ref = 1; - + return &this->public; } diff --git a/src/charon/plugins/stroke/stroke_shared_key.h b/src/charon/plugins/stroke/stroke_shared_key.h index 224062100..05ad55083 100644 --- a/src/charon/plugins/stroke/stroke_shared_key.h +++ b/src/charon/plugins/stroke/stroke_shared_key.h @@ -35,21 +35,21 @@ struct stroke_shared_key_t { * Implements the shared_key_t interface. */ shared_key_t shared; - + /** * Add an owner to the key. * * @param owner owner to add */ void (*add_owner)(stroke_shared_key_t *this, identification_t *owner); - + /** * Check if a key has a specific owner. * * @param owner owner to check * @return best match found */ - id_match_t (*has_owner)(stroke_shared_key_t *this, identification_t *owner); + id_match_t (*has_owner)(stroke_shared_key_t *this, identification_t *owner); }; /** diff --git a/src/charon/plugins/stroke/stroke_socket.c b/src/charon/plugins/stroke/stroke_socket.c index f420266cd..7ae00d118 100644 --- a/src/charon/plugins/stroke/stroke_socket.c +++ b/src/charon/plugins/stroke/stroke_socket.c @@ -48,42 +48,42 @@ struct private_stroke_socket_t { * public functions */ stroke_socket_t public; - + /** * Unix socket to listen for strokes */ int socket; - + /** * job accepting stroke messages */ callback_job_t *job; - + /** * configuration backend */ stroke_config_t *config; - + /** * attribute provider */ stroke_attribute_t *attribute; - + /** * controller to control daemon */ stroke_control_t *control; - + /** * credential set */ stroke_cred_t *cred; - + /** * CA sections */ stroke_ca_t *ca; - + /** * Status information logging */ @@ -99,7 +99,7 @@ struct stroke_job_context_t { * file descriptor to read from */ int fd; - + /** * global stroke interface */ @@ -152,7 +152,7 @@ static void pop_end(stroke_msg_t *msg, const char* label, stroke_end_t *end) pop_string(msg, &end->ca2); pop_string(msg, &end->groups); pop_string(msg, &end->updown); - + DBG2(DBG_CFG, " %s=%s", label, end->address); DBG2(DBG_CFG, " %ssubnet=%s", label, end->subnets); DBG2(DBG_CFG, " %ssourceip=%s", label, end->sourceip); @@ -202,7 +202,7 @@ static void stroke_del_conn(private_stroke_socket_t *this, stroke_msg_t *msg) { pop_string(msg, &msg->del_conn.name); DBG1(DBG_CFG, "received stroke: delete connection '%s'", msg->del_conn.name); - + this->config->del(this->config, msg); this->attribute->del_pool(this->attribute, msg); } @@ -214,7 +214,7 @@ static void stroke_initiate(private_stroke_socket_t *this, stroke_msg_t *msg, FI { pop_string(msg, &msg->initiate.name); DBG1(DBG_CFG, "received stroke: initiate '%s'", msg->initiate.name); - + this->control->initiate(this->control, msg, out); } @@ -227,7 +227,7 @@ static void stroke_terminate(private_stroke_socket_t *this, stroke_msg_t *msg, F DBG1(DBG_CFG, "received stroke: terminate '%s'", msg->terminate.name); this->control->terminate(this->control, msg, out); -} +} /** * terminate a connection by peers virtual IP @@ -250,7 +250,7 @@ static void stroke_route(private_stroke_socket_t *this, stroke_msg_t *msg, FILE { pop_string(msg, &msg->route.name); DBG1(DBG_CFG, "received stroke: route '%s'", msg->route.name); - + this->control->route(this->control, msg, out); } @@ -261,7 +261,7 @@ static void stroke_unroute(private_stroke_socket_t *this, stroke_msg_t *msg, FIL { pop_string(msg, &msg->terminate.name); DBG1(DBG_CFG, "received stroke: unroute '%s'", msg->route.name); - + this->control->unroute(this->control, msg, out); } @@ -287,7 +287,7 @@ static void stroke_add_ca(private_stroke_socket_t *this, DBG2(DBG_CFG, " ocspuri=%s", msg->add_ca.ocspuri); DBG2(DBG_CFG, " ocspuri2=%s", msg->add_ca.ocspuri2); DBG2(DBG_CFG, " certuribase=%s", msg->add_ca.certuribase); - + this->ca->add(this->ca, msg); } @@ -299,7 +299,7 @@ static void stroke_del_ca(private_stroke_socket_t *this, { pop_string(msg, &msg->del_ca.name); DBG1(DBG_CFG, "received stroke: delete ca '%s'", msg->del_ca.name); - + this->ca->del(this->ca, msg); } @@ -311,7 +311,7 @@ static void stroke_status(private_stroke_socket_t *this, stroke_msg_t *msg, FILE *out, bool all) { pop_string(msg, &(msg->status.name)); - + this->list->status(this->list, msg, out, all); } @@ -361,7 +361,7 @@ static void stroke_leases(private_stroke_socket_t *this, { pop_string(msg, &msg->leases.pool); pop_string(msg, &msg->leases.address); - + this->list->leases(this->list, msg, out); } @@ -390,11 +390,11 @@ static void stroke_loglevel(private_stroke_socket_t *this, sys_logger_t *sys_logger; file_logger_t *file_logger; debug_t group; - + pop_string(msg, &(msg->loglevel.type)); DBG1(DBG_CFG, "received stroke: loglevel %d for %s", msg->loglevel.level, msg->loglevel.type); - + group = get_group_from_name(msg->loglevel.type); if (group < 0) { @@ -448,7 +448,7 @@ static job_requeue_t process(stroke_job_context_t *ctx) FILE *out; private_stroke_socket_t *this = ctx->this; int strokefd = ctx->fd; - + /* peek the length */ bytes_read = recv(strokefd, &msg_length, sizeof(msg_length), MSG_PEEK); if (bytes_read != sizeof(msg_length)) @@ -457,7 +457,7 @@ static job_requeue_t process(stroke_job_context_t *ctx) strerror(errno)); return JOB_REQUEUE_NONE; } - + /* read message */ msg = alloca(msg_length); bytes_read = recv(strokefd, msg, msg_length, 0); @@ -466,16 +466,16 @@ static job_requeue_t process(stroke_job_context_t *ctx) DBG1(DBG_CFG, "reading stroke message failed: %s", strerror(errno)); return JOB_REQUEUE_NONE; } - + out = fdopen(strokefd, "w+"); if (out == NULL) { DBG1(DBG_CFG, "opening stroke output channel failed: %s", strerror(errno)); return JOB_REQUEUE_NONE; } - + DBG3(DBG_CFG, "stroke message %b", (void*)msg, msg_length); - + switch (msg->type) { case STR_INITIATE: @@ -550,24 +550,24 @@ static job_requeue_t receive(private_stroke_socket_t *this) int oldstate; callback_job_t *job; stroke_job_context_t *ctx; - + pthread_setcancelstate(PTHREAD_CANCEL_ENABLE, &oldstate); strokefd = accept(this->socket, (struct sockaddr *)&strokeaddr, &strokeaddrlen); pthread_setcancelstate(oldstate, NULL); - + if (strokefd < 0) { DBG1(DBG_CFG, "accepting stroke connection failed: %s", strerror(errno)); return JOB_REQUEUE_FAIR; } - + ctx = malloc_thing(stroke_job_context_t); ctx->fd = strokefd; ctx->this = this; job = callback_job_create((callback_job_cb_t)process, ctx, (void*)stroke_job_context_destroy, this->job); charon->processor->queue_job(charon->processor, (job_t*)job); - + return JOB_REQUEUE_FAIR; } @@ -582,7 +582,7 @@ static bool open_socket(private_stroke_socket_t *this) socket_addr.sun_family = AF_UNIX; strcpy(socket_addr.sun_path, STROKE_SOCKET); - + /* set up unix socket */ this->socket = socket(AF_UNIX, SOCK_STREAM, 0); if (this->socket == -1) @@ -590,7 +590,7 @@ static bool open_socket(private_stroke_socket_t *this) DBG1(DBG_CFG, "could not create stroke socket"); return FALSE; } - + unlink(socket_addr.sun_path); old = umask(~(S_IRWXU | S_IRWXG)); if (bind(this->socket, (struct sockaddr *)&socket_addr, sizeof(socket_addr)) < 0) @@ -605,7 +605,7 @@ static bool open_socket(private_stroke_socket_t *this) DBG1(DBG_CFG, "changing stroke socket permissions failed: %s", strerror(errno)); } - + if (listen(this->socket, 10) < 0) { DBG1(DBG_CFG, "could not listen on stroke socket: %s", strerror(errno)); @@ -641,31 +641,31 @@ static void destroy(private_stroke_socket_t *this) stroke_socket_t *stroke_socket_create() { private_stroke_socket_t *this = malloc_thing(private_stroke_socket_t); - + this->public.destroy = (void(*)(stroke_socket_t*))destroy; - + if (!open_socket(this)) { free(this); return NULL; } - + this->cred = stroke_cred_create(); this->attribute = stroke_attribute_create(); this->ca = stroke_ca_create(this->cred); this->config = stroke_config_create(this->ca, this->cred); this->control = stroke_control_create(); this->list = stroke_list_create(this->attribute); - + charon->credentials->add_set(charon->credentials, &this->ca->set); charon->credentials->add_set(charon->credentials, &this->cred->set); charon->backends->add_backend(charon->backends, &this->config->backend); charon->attributes->add_provider(charon->attributes, &this->attribute->provider); - + this->job = callback_job_create((callback_job_cb_t)receive, this, NULL, NULL); charon->processor->queue_job(charon->processor, (job_t*)this->job); - + return &this->public; } diff --git a/src/charon/plugins/stroke/stroke_socket.h b/src/charon/plugins/stroke/stroke_socket.h index 6073f5133..ae5481677 100644 --- a/src/charon/plugins/stroke/stroke_socket.h +++ b/src/charon/plugins/stroke/stroke_socket.h @@ -27,7 +27,7 @@ typedef struct stroke_socket_t stroke_socket_t; * Stroke socket, opens UNIX communication socket, reads and dispatches. */ struct stroke_socket_t { - + /** * Destroy a stroke_socket instance. */ diff --git a/src/charon/plugins/uci/uci_config.c b/src/charon/plugins/uci/uci_config.c index e81e49af7..d53d05750 100644 --- a/src/charon/plugins/uci/uci_config.c +++ b/src/charon/plugins/uci/uci_config.c @@ -34,7 +34,7 @@ struct private_uci_config_t { * Public part */ uci_config_t public; - + /** * UCI parser context */ @@ -59,7 +59,7 @@ typedef struct { static proposal_t *create_proposal(char *string, protocol_id_t proto) { proposal_t *proposal = NULL; - + if (string) { proposal = proposal_create_from_string(proto, string); @@ -68,12 +68,12 @@ static proposal_t *create_proposal(char *string, protocol_id_t proto) { /* UCI default is aes/sha1 only */ if (proto == PROTO_IKE) { - proposal = proposal_create_from_string(proto, + proposal = proposal_create_from_string(proto, "aes128-aes192-aes256-sha1-modp1536-modp2048"); } else { - proposal = proposal_create_from_string(proto, + proposal = proposal_create_from_string(proto, "aes128-aes192-aes256-sha1"); } } @@ -90,7 +90,7 @@ static traffic_selector_t *create_ts(char *string) int netbits = 32; host_t *net; char *pos; - + string = strdupa(string); pos = strchr(string, '/'); if (pos) @@ -120,7 +120,7 @@ static traffic_selector_t *create_ts(char *string) static u_int create_rekey(char *string) { u_int rekey = 0; - + if (string) { rekey = atoi(string); @@ -151,7 +151,7 @@ static bool peer_enumerator_enumerate(peer_enumerator_t *this, peer_cfg_t **cfg) .jitter = 300 } }; - + /* defaults */ name = "unnamed"; local_id = NULL; @@ -164,7 +164,7 @@ static bool peer_enumerator_enumerate(peer_enumerator_t *this, peer_cfg_t **cfg) esp_proposal = NULL; ike_rekey = NULL; esp_rekey = NULL; - + if (this->inner->enumerate(this->inner, &name, &local_id, &remote_id, &local_addr, &remote_addr, &local_net, &remote_net, &ike_proposal, &esp_proposal, &ike_rekey, &esp_rekey)) @@ -184,7 +184,7 @@ static bool peer_enumerator_enumerate(peer_enumerator_t *this, peer_cfg_t **cfg) auth->add(auth, AUTH_RULE_IDENTITY, identification_create_from_string(local_id)); this->peer_cfg->add_auth_cfg(this->peer_cfg, auth, TRUE); - + auth = auth_cfg_create(); auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PSK); if (remote_id) @@ -193,7 +193,7 @@ static bool peer_enumerator_enumerate(peer_enumerator_t *this, peer_cfg_t **cfg) identification_create_from_string(remote_id)); } this->peer_cfg->add_auth_cfg(this->peer_cfg, auth, FALSE); - + child_cfg = child_cfg_create(name, &lifetime, NULL, TRUE, MODE_TUNNEL, ACTION_NONE, ACTION_NONE, FALSE); child_cfg->add_proposal(child_cfg, create_proposal(esp_proposal, PROTO_ESP)); @@ -220,15 +220,15 @@ static void peer_enumerator_destroy(peer_enumerator_t *this) * Implementation of backend_t.create_peer_cfg_enumerator. */ static enumerator_t* create_peer_cfg_enumerator(private_uci_config_t *this, - identification_t *me, + identification_t *me, identification_t *other) { peer_enumerator_t *e = malloc_thing(peer_enumerator_t); - + e->public.enumerate = (void*)peer_enumerator_enumerate; e->public.destroy = (void*)peer_enumerator_destroy; e->peer_cfg = NULL; - e->inner = this->parser->create_section_enumerator(this->parser, + e->inner = this->parser->create_section_enumerator(this->parser, "local_id", "remote_id", "local_addr", "remote_addr", "local_net", "remote_net", "ike_proposal", "esp_proposal", "ike_rekey", "esp_rekey", NULL); @@ -258,12 +258,12 @@ typedef struct { static bool ike_enumerator_enumerate(ike_enumerator_t *this, ike_cfg_t **cfg) { char *local_addr, *remote_addr, *ike_proposal; - + /* defaults */ local_addr = "0.0.0.0"; remote_addr = "0.0.0.0"; ike_proposal = NULL; - + if (this->inner->enumerate(this->inner, NULL, &local_addr, &remote_addr, &ike_proposal)) { @@ -295,11 +295,11 @@ static enumerator_t* create_ike_cfg_enumerator(private_uci_config_t *this, host_t *me, host_t *other) { ike_enumerator_t *e = malloc_thing(ike_enumerator_t); - + e->public.enumerate = (void*)ike_enumerator_enumerate; e->public.destroy = (void*)ike_enumerator_destroy; e->ike_cfg = NULL; - e->inner = this->parser->create_section_enumerator(this->parser, + e->inner = this->parser->create_section_enumerator(this->parser, "local_addr", "remote_addr", "ike_proposal", NULL); if (!e->inner) { @@ -316,7 +316,7 @@ static peer_cfg_t *get_peer_cfg_by_name(private_uci_config_t *this, char *name) { enumerator_t *enumerator; peer_cfg_t *current, *found = NULL; - + enumerator = create_peer_cfg_enumerator(this, NULL, NULL); if (enumerator) { diff --git a/src/charon/plugins/uci/uci_config.h b/src/charon/plugins/uci/uci_config.h index eac05b1df..130f15d85 100644 --- a/src/charon/plugins/uci/uci_config.h +++ b/src/charon/plugins/uci/uci_config.h @@ -37,11 +37,11 @@ struct uci_config_t { * Implements backend_t interface */ backend_t backend; - + /** * Destroy the backend. */ - void (*destroy)(uci_config_t *this); + void (*destroy)(uci_config_t *this); }; /** diff --git a/src/charon/plugins/uci/uci_control.c b/src/charon/plugins/uci/uci_control.c index f74224fa7..9bfc4ecee 100644 --- a/src/charon/plugins/uci/uci_control.c +++ b/src/charon/plugins/uci/uci_control.c @@ -37,14 +37,14 @@ typedef struct private_uci_control_t private_uci_control_t; * private data of uci_control_t */ struct private_uci_control_t { - + /** * Public part */ uci_control_t public; - + /** - * Job + * Job */ callback_job_t *job; }; @@ -56,7 +56,7 @@ static void write_fifo(private_uci_control_t *this, char *format, ...) { va_list args; FILE *out; - + out = fopen(FIFO_FILE, "w"); if (out) { @@ -83,7 +83,7 @@ static void status(private_uci_control_t *this, char *name) peer_cfg_t *peer_cfg; char buf[2048]; FILE *out = NULL; - + configs = charon->backends->create_peer_cfg_enumerator(charon->backends, NULL, NULL, NULL, NULL); while (configs->enumerate(configs, &peer_cfg)) @@ -109,7 +109,7 @@ static void status(private_uci_control_t *this, char *name) } fprintf(out, "%-8s %-20D %-16H ", ike_sa->get_name(ike_sa), ike_sa->get_other_id(ike_sa), ike_sa->get_other_host(ike_sa)); - + children = ike_sa->create_child_sa_iterator(ike_sa); while (children->iterate(children, (void**)&child_sa)) { @@ -141,7 +141,7 @@ static void initiate(private_uci_control_t *this, char *name) peer_cfg_t *peer_cfg; child_cfg_t *child_cfg; enumerator_t *enumerator; - + peer_cfg = charon->backends->get_peer_cfg_by_name(charon->backends, name); if (peer_cfg) { @@ -173,7 +173,7 @@ static void terminate(private_uci_control_t *this, char *name) enumerator_t *enumerator; ike_sa_t *ike_sa; u_int id; - + enumerator = charon->controller->create_ike_sa_enumerator(charon->controller); while (enumerator->enumerate(enumerator, &ike_sa)) { @@ -197,7 +197,7 @@ static void terminate(private_uci_control_t *this, char *name) static void process(private_uci_control_t *this, char *message) { enumerator_t* enumerator; - + enumerator = enumerator_create_token(message, " \n", ""); if (enumerator->enumerate(enumerator, &message)) { @@ -217,7 +217,7 @@ static void process(private_uci_control_t *this, char *message) { initiate(this, message); } - else if (streq(message, "down") && + else if (streq(message, "down") && enumerator->enumerate(enumerator, &message)) { terminate(this, message); @@ -239,7 +239,7 @@ static job_requeue_t receive(private_uci_control_t *this) char message[128]; int oldstate, len; FILE *in; - + memset(message, 0, sizeof(message)); pthread_setcancelstate(PTHREAD_CANCEL_ENABLE, &oldstate); in = fopen(FIFO_FILE, "r"); @@ -280,9 +280,9 @@ static void destroy(private_uci_control_t *this) uci_control_t *uci_control_create() { private_uci_control_t *this = malloc_thing(private_uci_control_t); - + this->public.destroy = (void(*)(uci_control_t*))destroy; - + unlink(FIFO_FILE); if (mkfifo(FIFO_FILE, S_IRUSR|S_IWUSR) != 0) { diff --git a/src/charon/plugins/uci/uci_control.h b/src/charon/plugins/uci/uci_control.h index 527ed82e7..794220aa1 100644 --- a/src/charon/plugins/uci/uci_control.h +++ b/src/charon/plugins/uci/uci_control.h @@ -27,7 +27,7 @@ typedef struct uci_control_t uci_control_t; * UCI control interface, uses a simple FIFO file */ struct uci_control_t { - + /** * Destroy the controller */ diff --git a/src/charon/plugins/uci/uci_creds.c b/src/charon/plugins/uci/uci_creds.c index 05bc6e109..4d664feb2 100644 --- a/src/charon/plugins/uci/uci_creds.c +++ b/src/charon/plugins/uci/uci_creds.c @@ -31,7 +31,7 @@ struct private_uci_creds_t { * Public part */ uci_creds_t public; - + /** * UCI parser context */ @@ -66,7 +66,7 @@ static bool shared_enumerator_enumerate(shared_enumerator_t *this, local_id = "%any"; remote_id = "%any"; psk = NULL; - + if (!this->inner->enumerate(this->inner, NULL, &local_id, &remote_id, &psk)) { @@ -122,23 +122,23 @@ static void shared_enumerator_destroy(shared_enumerator_t *this) */ static enumerator_t* create_shared_enumerator(private_uci_creds_t *this, shared_key_type_t type, - identification_t *me, + identification_t *me, identification_t *other) { shared_enumerator_t *e; - + if (type != SHARED_IKE) { return NULL; } - + e = malloc_thing(shared_enumerator_t); e->current = NULL; e->public.enumerate = (void*)shared_enumerator_enumerate; e->public.destroy = (void*)shared_enumerator_destroy; e->me = me; e->other = other; - e->inner = this->parser->create_section_enumerator(this->parser, + e->inner = this->parser->create_section_enumerator(this->parser, "local_id", "remote_id", "psk", NULL); if (!e->inner) { @@ -166,7 +166,7 @@ uci_creds_t *uci_creds_create(uci_parser_t *parser) this->public.credential_set.create_cdp_enumerator = (enumerator_t*(*) (credential_set_t *,certificate_type_t, identification_t *))return_null; this->public.credential_set.cache_cert = (void (*)(credential_set_t *, certificate_t *))nop; this->public.destroy = (void(*) (uci_creds_t*))destroy; - + this->parser = parser; return &this->public; diff --git a/src/charon/plugins/uci/uci_creds.h b/src/charon/plugins/uci/uci_creds.h index de50984a9..a283ed9f5 100644 --- a/src/charon/plugins/uci/uci_creds.h +++ b/src/charon/plugins/uci/uci_creds.h @@ -37,11 +37,11 @@ struct uci_creds_t { * Implements credential set interface. */ credential_set_t credential_set; - + /** * Destroy the backend. */ - void (*destroy)(uci_creds_t *this); + void (*destroy)(uci_creds_t *this); }; /** diff --git a/src/charon/plugins/uci/uci_parser.c b/src/charon/plugins/uci/uci_parser.c index f994e36f7..76019a3b4 100644 --- a/src/charon/plugins/uci/uci_parser.c +++ b/src/charon/plugins/uci/uci_parser.c @@ -32,7 +32,7 @@ struct private_uci_parser_t { * Public part */ uci_parser_t public; - + /** * UCI package name this parser reads */ @@ -66,12 +66,12 @@ static bool section_enumerator_enumerate(section_enumerator_t *this, ...) char **value; va_list args; int i; - + if (&this->current->list == this->list) { return FALSE; } - + va_start(args, this); value = va_arg(args, char**); @@ -87,7 +87,7 @@ static bool section_enumerator_enumerate(section_enumerator_t *this, ...) *value = uci_to_section(this->current)->type; } } - + /* followed by keyword parameters */ for (i = 0; this->keywords[i]; i++) { @@ -99,7 +99,7 @@ static bool section_enumerator_enumerate(section_enumerator_t *this, ...) } } va_end(args); - + this->current = list_to_element(this->current->list.next); return TRUE; } @@ -121,7 +121,7 @@ static enumerator_t* create_section_enumerator(private_uci_parser_t *this, ...) section_enumerator_t *e; va_list args; int i; - + /* allocate enumerator large enought to hold keyword pointers */ i = 1; va_start(args, this); @@ -133,16 +133,16 @@ static enumerator_t* create_section_enumerator(private_uci_parser_t *this, ...) e = malloc(sizeof(section_enumerator_t) + sizeof(char*) * i); i = 0; va_start(args, this); - do + do { e->keywords[i] = va_arg(args, char*); } while (e->keywords[i++]); va_end(args); - + e->public.enumerate = (void*)section_enumerator_enumerate; e->public.destroy = (void*)section_enumerator_destroy; - + /* load uci context */ e->ctx = uci_alloc_context(); if (uci_load(e->ctx, this->package, &e->package) != UCI_OK) @@ -178,9 +178,9 @@ uci_parser_t *uci_parser_create(char *package) this->public.create_section_enumerator = (enumerator_t*(*)(uci_parser_t*, ...))create_section_enumerator; this->public.destroy = (void(*)(uci_parser_t*))destroy; - + this->package = strdup(package); - + return &this->public; } diff --git a/src/charon/plugins/uci/uci_parser.h b/src/charon/plugins/uci/uci_parser.h index ef3d7b0f5..7217e507a 100644 --- a/src/charon/plugins/uci/uci_parser.h +++ b/src/charon/plugins/uci/uci_parser.h @@ -41,11 +41,11 @@ struct uci_parser_t { * @return enumerator over sections */ enumerator_t* (*create_section_enumerator)(uci_parser_t *this, ...); - + /** * Destroy the parser. */ - void (*destroy)(uci_parser_t *this); + void (*destroy)(uci_parser_t *this); }; /** diff --git a/src/charon/plugins/uci/uci_plugin.c b/src/charon/plugins/uci/uci_plugin.c index 3ab4c92f8..2a79b9109 100644 --- a/src/charon/plugins/uci/uci_plugin.c +++ b/src/charon/plugins/uci/uci_plugin.c @@ -36,17 +36,17 @@ struct private_uci_plugin_t { * implements plugin interface */ uci_plugin_t public; - + /** * UCI configuration backend */ uci_config_t *config; - + /** * UCI credential set implementation */ uci_creds_t *creds; - + /** * UCI parser wrapper */ @@ -78,16 +78,16 @@ static void destroy(private_uci_plugin_t *this) plugin_t *plugin_create() { private_uci_plugin_t *this = malloc_thing(private_uci_plugin_t); - + this->public.plugin.destroy = (void(*)(plugin_t*))destroy; - + this->parser = uci_parser_create(UCI_PACKAGE); this->config = uci_config_create(this->parser); this->creds = uci_creds_create(this->parser); this->control = uci_control_create(); charon->backends->add_backend(charon->backends, &this->config->backend); charon->credentials->add_set(charon->credentials, &this->creds->credential_set); - + return &this->public.plugin; } diff --git a/src/charon/plugins/unit_tester/tests.h b/src/charon/plugins/unit_tester/tests.h index b99940c1a..96313d390 100644 --- a/src/charon/plugins/unit_tester/tests.h +++ b/src/charon/plugins/unit_tester/tests.h @@ -14,7 +14,7 @@ */ /** - * @defgroup tests tests + * @defgroup tests tests * @{ @ingroup unit_tester */ diff --git a/src/charon/plugins/unit_tester/tests/test_agent.c b/src/charon/plugins/unit_tester/tests/test_agent.c index fd76b9cf5..21cb8b777 100644 --- a/src/charon/plugins/unit_tester/tests/test_agent.c +++ b/src/charon/plugins/unit_tester/tests/test_agent.c @@ -25,14 +25,14 @@ bool test_agent() chunk_t sig, data = chunk_from_buf(buf); private_key_t *private; public_key_t *public; - + path = getenv("SSH_AUTH_SOCK"); if (!path) { DBG1(DBG_CFG, "ssh-agent not found."); return FALSE; } - + private = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_RSA, BUILD_AGENT_SOCKET, path, BUILD_END); if (!private) @@ -58,10 +58,10 @@ bool test_agent() { return FALSE; } - + private->destroy(private); public->destroy(public); - + return TRUE; } diff --git a/src/charon/plugins/unit_tester/tests/test_auth_info.c b/src/charon/plugins/unit_tester/tests/test_auth_info.c index 37bdd1087..6de34b2a1 100644 --- a/src/charon/plugins/unit_tester/tests/test_auth_info.c +++ b/src/charon/plugins/unit_tester/tests/test_auth_info.c @@ -83,7 +83,7 @@ bool test_auth_cfg() int round = 0; void *value; auth_rule_t type; - + c1 = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509, BUILD_BLOB_ASN1_DER, certchunk, BUILD_END); @@ -91,7 +91,7 @@ bool test_auth_cfg() { return FALSE; } - + auth->add(auth, AUTH_RULE_SUBJECT_CERT, c1->get_ref(c1)); c2 = auth->get(auth, AUTH_RULE_SUBJECT_CERT); if (!c2) @@ -102,7 +102,7 @@ bool test_auth_cfg() { return FALSE; } - + enumerator = auth->create_enumerator(auth); while (enumerator->enumerate(enumerator, &type, &value)) { @@ -114,11 +114,11 @@ bool test_auth_cfg() return FALSE; } enumerator->destroy(enumerator); - + auth2 = auth_cfg_create(); auth2->add(auth2, AUTH_RULE_CA_CERT, c1->get_ref(c1)); auth2->merge(auth2, auth, FALSE); - + round = 0; enumerator = auth2->create_enumerator(auth2); while (enumerator->enumerate(enumerator, &type, &value)) diff --git a/src/charon/plugins/unit_tester/tests/test_cert.c b/src/charon/plugins/unit_tester/tests/test_cert.c index 95ab289df..3b00421f8 100644 --- a/src/charon/plugins/unit_tester/tests/test_cert.c +++ b/src/charon/plugins/unit_tester/tests/test_cert.c @@ -28,10 +28,10 @@ bool test_cert_x509() identification_t *issuer, *subject; u_int32_t serial = htonl(0); chunk_t encoding; - + issuer = identification_create_from_string("CN=CA, OU=Test, O=strongSwan"); subject = identification_create_from_string("CN=Peer, OU=Test, O=strongSwan"); - + ca_key = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_RSA, BUILD_KEY_SIZE, 1024, BUILD_END); peer_key = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_RSA, @@ -50,7 +50,7 @@ bool test_cert_x509() { return FALSE; } - + encoding = ca_cert->get_encoding(ca_cert); parsed = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509, BUILD_BLOB_ASN1_DER, encoding, @@ -65,7 +65,7 @@ bool test_cert_x509() return FALSE; } parsed->destroy(parsed); - + serial = htonl(ntohl(serial) + 1); public = peer_key->get_public_key(peer_key); peer_cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509, @@ -80,7 +80,7 @@ bool test_cert_x509() { return FALSE; } - + encoding = peer_cert->get_encoding(peer_cert); parsed = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509, BUILD_BLOB_ASN1_DER, encoding, @@ -95,7 +95,7 @@ bool test_cert_x509() return FALSE; } parsed->destroy(parsed); - + ca_cert->destroy(ca_cert); ca_key->destroy(ca_key); peer_cert->destroy(peer_cert); diff --git a/src/charon/plugins/unit_tester/tests/test_chunk.c b/src/charon/plugins/unit_tester/tests/test_chunk.c index 5356c1d96..2e0905b2c 100644 --- a/src/charon/plugins/unit_tester/tests/test_chunk.c +++ b/src/charon/plugins/unit_tester/tests/test_chunk.c @@ -31,12 +31,12 @@ bool test_chunk_base64() * BASE64("fooba") = "Zm9vYmE=" * BASE64("foobar") = "Zm9vYmFy" */ - + typedef struct { char *in; char *out; } testdata_t; - + testdata_t test[] = { {"", ""}, {"f", "Zg=="}, @@ -47,31 +47,31 @@ bool test_chunk_base64() {"foobar", "Zm9vYmFy"}, }; int i; - + for (i = 0; i < countof(test); i++) { chunk_t out; - + out = chunk_to_base64(chunk_create(test[i].in, strlen(test[i].in)), NULL); - + if (!streq(out.ptr, test[i].out)) { - DBG1(DBG_CFG, "base64 conversion error - should %s, is %s", + DBG1(DBG_CFG, "base64 conversion error - should %s, is %s", test[i].out, out.ptr); return FALSE; } free(out.ptr); } - + for (i = 0; i < countof(test); i++) { chunk_t out; - + out = chunk_from_base64(chunk_create(test[i].out, strlen(test[i].out)), NULL); - + if (!strneq(out.ptr, test[i].in, out.len)) { - DBG1(DBG_CFG, "base64 conversion error - should %s, is %#B", + DBG1(DBG_CFG, "base64 conversion error - should %s, is %#B", test[i].in, &out); return FALSE; } diff --git a/src/charon/plugins/unit_tester/tests/test_curl.c b/src/charon/plugins/unit_tester/tests/test_curl.c index c011617a7..21656a94e 100644 --- a/src/charon/plugins/unit_tester/tests/test_curl.c +++ b/src/charon/plugins/unit_tester/tests/test_curl.c @@ -25,14 +25,14 @@ bool test_curl_get() { chunk_t chunk; - + if (lib->fetcher->fetch(lib->fetcher, "http://www.strongswan.org", &chunk, FETCH_END) != SUCCESS) { return FALSE; } free(chunk.ptr); - + if (lib->fetcher->fetch(lib->fetcher, "http://www.google.com", &chunk, FETCH_END) != SUCCESS) { diff --git a/src/charon/plugins/unit_tester/tests/test_enumerator.c b/src/charon/plugins/unit_tester/tests/test_enumerator.c index 6898084fc..edbf0f5bb 100644 --- a/src/charon/plugins/unit_tester/tests/test_enumerator.c +++ b/src/charon/plugins/unit_tester/tests/test_enumerator.c @@ -23,7 +23,7 @@ bool test_list_remove() { void *a = (void*)1, *b = (void*)2; linked_list_t *list; - + list = linked_list_create(); list->insert_last(list, a); if (list->remove(list, a, NULL) != 1) @@ -67,15 +67,15 @@ bool test_enumerate() void *a = (void*)4, *b = (void*)3, *c = (void*)2, *d = (void*)5, *e = (void*)1; linked_list_t *list; enumerator_t *enumerator; - + list = linked_list_create(); - + list->insert_last(list, a); list->insert_first(list, b); list->insert_first(list, c); list->insert_last(list, d); list->insert_first(list, e); - + round = 1; enumerator = list->create_enumerator(list); while (enumerator->enumerate(enumerator, &x)) @@ -87,7 +87,7 @@ bool test_enumerate() round++; } enumerator->destroy(enumerator); - + list->destroy(list); return TRUE; } @@ -122,7 +122,7 @@ bool test_enumerate_nested() void *a = (void*)1, *b = (void*)2, *c = (void*)3, *d = (void*)4, *e = (void*)5; linked_list_t *list, *l1, *l2, *l3; enumerator_t *enumerator; - + bad_data = FALSE; list = linked_list_create(); l1 = linked_list_create(); @@ -131,13 +131,13 @@ bool test_enumerate_nested() list->insert_last(list, l1); list->insert_last(list, l2); list->insert_last(list, l3); - + l1->insert_last(l1, a); l1->insert_last(l1, b); l3->insert_last(l3, c); l3->insert_last(l3, d); l3->insert_last(l3, e); - + round = 1; enumerator = enumerator_create_nested(list->create_enumerator(list), (void*)create_inner, (void*)101, destroy_data); @@ -150,7 +150,7 @@ bool test_enumerate_nested() round++; } enumerator->destroy(enumerator); - + list->destroy(list); l1->destroy(l1); l2->destroy(l2); @@ -185,16 +185,16 @@ bool test_enumerate_filtered() void *a = (void*)1, *b = (void*)2, *c = (void*)3, *d = (void*)4, *e = (void*)5; linked_list_t *list; enumerator_t *enumerator; - + bad_data = FALSE; list = linked_list_create(); - + list->insert_last(list, a); list->insert_last(list, b); list->insert_last(list, c); list->insert_last(list, d); list->insert_last(list, e); - + round = 1; enumerator = enumerator_create_filter(list->create_enumerator(list), (void*)filter, (void*)101, destroy_data); @@ -208,7 +208,7 @@ bool test_enumerate_filtered() round++; } enumerator->destroy(enumerator); - + list->destroy(list); return !bad_data; } @@ -216,7 +216,7 @@ bool test_enumerate_filtered() /******************************************************************************* * token parser test ******************************************************************************/ - + bool test_enumerate_token() { enumerator_t *enumerator; @@ -240,7 +240,7 @@ bool test_enumerate_token() {"a.b,c", ",.", ""}, {" a b c ", " ", " "}, }; - + for (num = 0; num < countof(tests1); num++) { i = 0; @@ -270,7 +270,7 @@ bool test_enumerate_token() } enumerator->destroy(enumerator); } - + for (num = 0; num < countof(tests2); num++) { i = 0; @@ -300,7 +300,7 @@ bool test_enumerate_token() } enumerator->destroy(enumerator); } - + return TRUE; } diff --git a/src/charon/plugins/unit_tester/tests/test_id.c b/src/charon/plugins/unit_tester/tests/test_id.c index a1ef76be8..868a2ca8b 100644 --- a/src/charon/plugins/unit_tester/tests/test_id.c +++ b/src/charon/plugins/unit_tester/tests/test_id.c @@ -25,9 +25,9 @@ bool test_id_parts() id_part_t part; chunk_t data; int i = 0; - + id = identification_create_from_string("C=CH, O=strongSwan, CN=tester"); - + enumerator = id->create_part_enumerator(id); while (enumerator->enumerate(enumerator, &part, &data)) { @@ -75,7 +75,7 @@ static bool test_id_wildcards_has(char *string) { identification_t *id; bool contains; - + id = identification_create_from_string(string); contains = id->contains_wildcards(id); id->destroy(id); @@ -115,7 +115,7 @@ static bool test_id_equals_one(identification_t *a, char *b_str) { identification_t *b; bool equals; - + b = identification_create_from_string(b_str); equals = a->equals(a, b); b->destroy(b); @@ -127,10 +127,10 @@ bool test_id_equals() identification_t *a; chunk_t encoding, fuzzed; int i; - + a = identification_create_from_string( "C=CH, E=martin@strongswan.org, CN=martin"); - + if (!test_id_equals_one(a, "C=CH, E=martin@strongswan.org, CN=martin")) { return FALSE; @@ -153,7 +153,7 @@ bool test_id_equals() } encoding = chunk_clone(a->get_encoding(a)); a->destroy(a); - + /* simple fuzzing, increment each byte of encoding */ for (i = 0; i < encoding.len; i++) { @@ -171,7 +171,7 @@ bool test_id_equals() a->destroy(a); free(fuzzed.ptr); } - + /* and decrement each byte of encoding */ for (i = 0; i < encoding.len; i++) { @@ -201,7 +201,7 @@ static id_match_t test_id_matches_one(identification_t *a, char *b_str) { identification_t *b; id_match_t match; - + b = identification_create_from_string(b_str); match = a->matches(a, b); b->destroy(b); @@ -211,10 +211,10 @@ static id_match_t test_id_matches_one(identification_t *a, char *b_str) bool test_id_matches() { identification_t *a; - + a = identification_create_from_string( "C=CH, E=martin@strongswan.org, CN=martin"); - + if (test_id_matches_one(a, "C=CH, E=martin@strongswan.org, CN=martin") != ID_MATCH_PERFECT) { diff --git a/src/charon/plugins/unit_tester/tests/test_med_db.c b/src/charon/plugins/unit_tester/tests/test_med_db.c index da517958e..c5c15d1c2 100644 --- a/src/charon/plugins/unit_tester/tests/test_med_db.c +++ b/src/charon/plugins/unit_tester/tests/test_med_db.c @@ -36,7 +36,7 @@ bool test_med_db() public_key_t *public; auth_cfg_t *auth; bool good = FALSE; - + id = identification_create_from_encoding(ID_KEY_ID, keyid); enumerator = charon->credentials->create_public_enumerator( charon->credentials, KEY_ANY, id, NULL); diff --git a/src/charon/plugins/unit_tester/tests/test_mutex.c b/src/charon/plugins/unit_tester/tests/test_mutex.c index cb315276b..cfe00cc7c 100644 --- a/src/charon/plugins/unit_tester/tests/test_mutex.c +++ b/src/charon/plugins/unit_tester/tests/test_mutex.c @@ -46,7 +46,7 @@ static void* run(void* null) if (locked > 1) { failed = TRUE; - } + } locked--; mutex->unlock(mutex); mutex->unlock(mutex); @@ -64,9 +64,9 @@ bool test_mutex() { int i; pthread_t threads[THREADS]; - + mutex = mutex_create(MUTEX_TYPE_RECURSIVE); - + for (i = 0; i < 10; i++) { mutex->lock(mutex); @@ -80,9 +80,9 @@ bool test_mutex() { mutex->unlock(mutex); } - + pthread_barrier_init(&barrier, NULL, THREADS); - + for (i = 0; i < THREADS; i++) { pthread_create(&threads[i], NULL, run, NULL); @@ -92,9 +92,9 @@ bool test_mutex() pthread_join(threads[i], NULL); } pthread_barrier_destroy(&barrier); - + mutex->destroy(mutex); - + return !failed; } diff --git a/src/charon/plugins/unit_tester/tests/test_mysql.c b/src/charon/plugins/unit_tester/tests/test_mysql.c index ff3d38ad8..cd63a5f78 100644 --- a/src/charon/plugins/unit_tester/tests/test_mysql.c +++ b/src/charon/plugins/unit_tester/tests/test_mysql.c @@ -31,7 +31,7 @@ bool test_mysql() char *qtxt; bool good = FALSE; enumerator_t *enumerator; - + db = lib->db->create(lib->db, "mysql://testuser:testpass@localhost/test"); if (!db) { diff --git a/src/charon/plugins/unit_tester/tests/test_pool.c b/src/charon/plugins/unit_tester/tests/test_pool.c index f32cd5820..f9a776a82 100644 --- a/src/charon/plugins/unit_tester/tests/test_pool.c +++ b/src/charon/plugins/unit_tester/tests/test_pool.c @@ -27,33 +27,33 @@ static void* testing(void *thread) int i; host_t *addr[ALLOCS]; identification_t *id[ALLOCS]; - + /* prepare identities */ for (i = 0; i < ALLOCS; i++) { char buf[256]; - + snprintf(buf, sizeof(buf), "%d-%d@strongswan.org", (uintptr_t)thread, i); id[i] = identification_create_from_string(buf); } - + /* allocate addresses */ for (i = 0; i < ALLOCS; i++) { - addr[i] = charon->attributes->acquire_address(charon->attributes, + addr[i] = charon->attributes->acquire_address(charon->attributes, "test", id[i], NULL); if (!addr[i]) { return (void*)FALSE; } } - + /* release addresses */ for (i = 0; i < ALLOCS; i++) { charon->attributes->release_address(charon->attributes, "test", addr[i], id[i]); } - + /* cleanup */ for (i = 0; i < ALLOCS; i++) { @@ -72,7 +72,7 @@ bool test_pool() uintptr_t i; void *res; pthread_t thread[THREADS]; - + for (i = 0; i < THREADS; i++) { if (pthread_create(&thread[i], NULL, (void*)testing, (void*)i) < 0) diff --git a/src/charon/plugins/unit_tester/tests/test_rsa_gen.c b/src/charon/plugins/unit_tester/tests/test_rsa_gen.c index 1b7af63ee..a449112ec 100644 --- a/src/charon/plugins/unit_tester/tests/test_rsa_gen.c +++ b/src/charon/plugins/unit_tester/tests/test_rsa_gen.c @@ -26,7 +26,7 @@ bool test_rsa_gen() private_key_t *private; public_key_t *public; u_int key_size; - + for (key_size = 512; key_size <= 2048; key_size *= 2) { private = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_RSA, @@ -113,7 +113,7 @@ bool test_rsa_load_any() { chunk_t chunk = chunk_from_buf(public_any); public_key_t *public; - + public = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_ANY, BUILD_BLOB_ASN1_DER, chunk, BUILD_END); diff --git a/src/charon/plugins/unit_tester/tests/test_sqlite.c b/src/charon/plugins/unit_tester/tests/test_sqlite.c index d152fc594..4dcc5bad1 100644 --- a/src/charon/plugins/unit_tester/tests/test_sqlite.c +++ b/src/charon/plugins/unit_tester/tests/test_sqlite.c @@ -36,7 +36,7 @@ bool test_sqlite() char *qtxt; bool good = FALSE; enumerator_t *enumerator; - + db = lib->db->create(lib->db, "sqlite://" DBFILE); if (!db) { diff --git a/src/charon/plugins/unit_tester/unit_tester.c b/src/charon/plugins/unit_tester/unit_tester.c index c9651e601..3c39688c6 100644 --- a/src/charon/plugins/unit_tester/unit_tester.c +++ b/src/charon/plugins/unit_tester/unit_tester.c @@ -33,17 +33,17 @@ struct private_unit_tester_t { }; struct unit_test_t { - + /** * name of the test */ char *name; - + /** * test function */ bool (*test)(void); - + /** * run the test? */ @@ -62,10 +62,10 @@ static unit_test_t tests[] = { static void run_tests(private_unit_tester_t *this) { int i, run = 0, failed = 0, success = 0, skipped = 0; - + DBG1(DBG_CFG, "running unit tests, %d tests registered", sizeof(tests)/sizeof(unit_test_t)); - + for (i = 0; i < sizeof(tests)/sizeof(unit_test_t); i++) { if (tests[i].enabled) @@ -106,11 +106,11 @@ static void destroy(private_unit_tester_t *this) plugin_t *plugin_create() { private_unit_tester_t *this = malloc_thing(private_unit_tester_t); - + this->public.plugin.destroy = (void(*)(plugin_t*))destroy; - + run_tests(this); - + return &this->public.plugin; } diff --git a/src/charon/plugins/unit_tester/unit_tester.h b/src/charon/plugins/unit_tester/unit_tester.h index 33b13313d..79d5bc021 100644 --- a/src/charon/plugins/unit_tester/unit_tester.h +++ b/src/charon/plugins/unit_tester/unit_tester.h @@ -28,7 +28,7 @@ typedef struct unit_tester_t unit_tester_t; /** * Unit testing plugin. * - * The unit testing plugin runs tests on plugin initialization. Tests are + * The unit testing plugin runs tests on plugin initialization. Tests are * defined in tests.h using the DEFINE_TEST macro. Implementation of the * tests is done in the tests folder. Each test has uses a function which * returns TRUE for success or FALSE for failure. diff --git a/src/charon/plugins/updown/updown_listener.c b/src/charon/plugins/updown/updown_listener.c index a6be35690..10a94726a 100644 --- a/src/charon/plugins/updown/updown_listener.c +++ b/src/charon/plugins/updown/updown_listener.c @@ -27,12 +27,12 @@ typedef struct private_updown_listener_t private_updown_listener_t; * Private data of an updown_listener_t object. */ struct private_updown_listener_t { - + /** * Public updown_listener_t interface. */ updown_listener_t public; - + /** * List of cached interface names */ @@ -58,10 +58,10 @@ static void cache_iface(private_updown_listener_t *this, u_int32_t reqid, char *iface) { cache_entry_t *entry = malloc_thing(cache_entry_t); - + entry->reqid = reqid; entry->iface = strdup(iface); - + this->iface_cache->insert_first(this->iface_cache, entry); } @@ -73,7 +73,7 @@ static char* uncache_iface(private_updown_listener_t *this, u_int32_t reqid) enumerator_t *enumerator; cache_entry_t *entry; char *iface = NULL; - + enumerator = this->iface_cache->create_enumerator(this->iface_cache); while (enumerator->enumerate(enumerator, &entry)) { @@ -100,18 +100,18 @@ static void updown(private_updown_listener_t *this, ike_sa_t *ike_sa, child_cfg_t *config; host_t *vip, *me, *other; char *script; - + config = child_sa->get_config(child_sa); vip = ike_sa->get_virtual_ip(ike_sa, TRUE); script = config->get_updown(config); me = ike_sa->get_my_host(ike_sa); other = ike_sa->get_other_host(ike_sa); - + if (script == NULL) { return; } - + enumerator = child_sa->create_policy_enumerator(child_sa); while (enumerator->enumerate(enumerator, &my_ts, &other_ts)) { @@ -160,7 +160,7 @@ static void updown(private_updown_listener_t *this, ike_sa_t *ike_sa, virtual_ip = NULL; } } - + if (up) { iface = charon->kernel_interface->get_interface( @@ -174,7 +174,7 @@ static void updown(private_updown_listener_t *this, ike_sa_t *ike_sa, { iface = uncache_iface(this, child_sa->get_reqid(child_sa)); } - + /* build the command with all env variables. * TODO: PLUTO_PEER_CA and PLUTO_NEXT_HOP are currently missing */ @@ -225,7 +225,7 @@ static void updown(private_updown_listener_t *this, ike_sa_t *ike_sa, free(other_client); free(virtual_ip); free(iface); - + DBG3(DBG_CHD, "running updown script: %s", command); shell = popen(command, "r"); @@ -234,11 +234,11 @@ static void updown(private_updown_listener_t *this, ike_sa_t *ike_sa, DBG1(DBG_CHD, "could not execute updown script '%s'", script); return; } - + while (TRUE) { char resp[128]; - + if (fgets(resp, sizeof(resp), shell) == NULL) { if (ferror(shell)) @@ -273,11 +273,11 @@ static bool child_state_change(private_updown_listener_t *this, ike_sa_t *ike_sa child_sa_t *child_sa, child_sa_state_t state) { child_sa_state_t old; - + if (ike_sa) { old = child_sa->get_state(child_sa); - + if ((old == CHILD_INSTALLED && state != CHILD_REKEYING ) || (old == CHILD_DELETING && state == CHILD_DESTROYING)) { @@ -306,13 +306,13 @@ static void destroy(private_updown_listener_t *this) updown_listener_t *updown_listener_create() { private_updown_listener_t *this = malloc_thing(private_updown_listener_t); - + memset(&this->public.listener, 0, sizeof(listener_t)); this->public.listener.child_state_change = (void*)child_state_change; this->public.destroy = (void(*)(updown_listener_t*))destroy; - + this->iface_cache = linked_list_create(); - + return &this->public; } diff --git a/src/charon/plugins/updown/updown_listener.h b/src/charon/plugins/updown/updown_listener.h index cc59f61c6..7b978b0cc 100644 --- a/src/charon/plugins/updown/updown_listener.h +++ b/src/charon/plugins/updown/updown_listener.h @@ -29,12 +29,12 @@ typedef struct updown_listener_t updown_listener_t; * Listener which invokes the scripts on CHILD_SA up/down. */ struct updown_listener_t { - + /** * Implements listener_t. */ listener_t listener; - + /** * Destroy a updown_listener_t. */ diff --git a/src/charon/plugins/updown/updown_plugin.c b/src/charon/plugins/updown/updown_plugin.c index 4f0483fac..6cb0efdcd 100644 --- a/src/charon/plugins/updown/updown_plugin.c +++ b/src/charon/plugins/updown/updown_plugin.c @@ -29,7 +29,7 @@ struct private_updown_plugin_t { * implements plugin interface */ updown_plugin_t public; - + /** * Listener interface, listens to CHILD_SA state changes */ @@ -52,12 +52,12 @@ static void destroy(private_updown_plugin_t *this) plugin_t *plugin_create() { private_updown_plugin_t *this = malloc_thing(private_updown_plugin_t); - + this->public.plugin.destroy = (void(*)(plugin_t*))destroy; - + this->listener = updown_listener_create(); charon->bus->add_listener(charon->bus, &this->listener->listener); - + return &this->public.plugin; } -- cgit v1.2.3