From 922ee2c5292ba898ac1ca72c69e877af307b0bc4 Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Fri, 11 Oct 2013 14:45:56 +0200 Subject: [PATCH 001/138] windows: Add a common Windows header for platform specific wrappers Include some more basic system headers in utils.h, so we can use that common header on the different platforms. --- src/libstrongswan/Makefile.am | 2 +- src/libstrongswan/asn1/oid.pl | 2 +- src/libstrongswan/crypto/crypto_tester.c | 6 +- src/libstrongswan/networking/host.h | 4 +- src/libstrongswan/networking/host_resolver.c | 2 - .../selectors/traffic_selector.c | 7 +- src/libstrongswan/utils/chunk.h | 2 + src/libstrongswan/utils/identification.c | 5 +- src/libstrongswan/utils/leak_detective.c | 8 +- src/libstrongswan/utils/utils.h | 13 +- src/libstrongswan/utils/windows.h | 153 ++++++++++++++++++ 11 files changed, 180 insertions(+), 24 deletions(-) create mode 100644 src/libstrongswan/utils/windows.h diff --git a/src/libstrongswan/Makefile.am b/src/libstrongswan/Makefile.am index c4d1a5802..68162929e 100644 --- a/src/libstrongswan/Makefile.am +++ b/src/libstrongswan/Makefile.am @@ -87,7 +87,7 @@ utils/utils.h utils/chunk.h utils/debug.h utils/enum.h utils/identification.h \ utils/lexparser.h utils/optionsfrom.h utils/capabilities.h utils/backtrace.h \ utils/leak_detective.h utils/printf_hook/printf_hook.h \ utils/printf_hook/printf_hook_vstr.h utils/printf_hook/printf_hook_builtin.h \ -utils/parser_helper.h utils/test.h utils/integrity_checker.h \ +utils/parser_helper.h utils/test.h utils/integrity_checker.h utils/windows.h \ utils/utils/strerror.h endif diff --git a/src/libstrongswan/asn1/oid.pl b/src/libstrongswan/asn1/oid.pl index 82100e8aa..c45077a3f 100644 --- a/src/libstrongswan/asn1/oid.pl +++ b/src/libstrongswan/asn1/oid.pl @@ -30,7 +30,7 @@ print OID_H "/* Object identifiers (OIDs) used by strongSwan\n", " * ", $automatic, "\n", " * ", $warning, "\n", " */\n\n", - "#include \n\n", + "#include \n\n", "#ifndef OID_H_\n", "#define OID_H_\n\n", "typedef struct {\n", diff --git a/src/libstrongswan/crypto/crypto_tester.c b/src/libstrongswan/crypto/crypto_tester.c index c6780daf1..9e1d4dd90 100644 --- a/src/libstrongswan/crypto/crypto_tester.c +++ b/src/libstrongswan/crypto/crypto_tester.c @@ -14,8 +14,10 @@ * for more details. */ -#define _GNU_SOURCE -#include +#ifdef HAVE_DLADDR +# define _GNU_SOURCE +# include +#endif #include #include "crypto_tester.h" diff --git a/src/libstrongswan/networking/host.h b/src/libstrongswan/networking/host.h index 4fc6cf35c..9c9b5035f 100644 --- a/src/libstrongswan/networking/host.h +++ b/src/libstrongswan/networking/host.h @@ -30,10 +30,8 @@ typedef struct host_t host_t; #include #include #include -#include -#include -#include +#include #include /** diff --git a/src/libstrongswan/networking/host_resolver.c b/src/libstrongswan/networking/host_resolver.c index 10af11a7f..a7524ac23 100644 --- a/src/libstrongswan/networking/host_resolver.c +++ b/src/libstrongswan/networking/host_resolver.c @@ -14,8 +14,6 @@ */ #include -#include -#include #include "host_resolver.h" diff --git a/src/libstrongswan/selectors/traffic_selector.c b/src/libstrongswan/selectors/traffic_selector.c index b9d9b6556..94b77467a 100644 --- a/src/libstrongswan/selectors/traffic_selector.c +++ b/src/libstrongswan/selectors/traffic_selector.c @@ -15,16 +15,15 @@ * for more details. */ -#include #include -#include #include #include "traffic_selector.h" -#include -#include #include +#include +#include +#include #define NON_SUBNET_ADDRESS_RANGE 255 diff --git a/src/libstrongswan/utils/chunk.h b/src/libstrongswan/utils/chunk.h index 33f66caec..5a052a013 100644 --- a/src/libstrongswan/utils/chunk.h +++ b/src/libstrongswan/utils/chunk.h @@ -30,6 +30,8 @@ #include #endif +#include + typedef struct chunk_t chunk_t; /** diff --git a/src/libstrongswan/utils/identification.c b/src/libstrongswan/utils/identification.c index e7eb63bc6..b8199c885 100644 --- a/src/libstrongswan/utils/identification.c +++ b/src/libstrongswan/utils/identification.c @@ -15,15 +15,12 @@ * for more details. */ -#define _GNU_SOURCE -#include -#include -#include #include #include #include "identification.h" +#include #include #include #include diff --git a/src/libstrongswan/utils/leak_detective.c b/src/libstrongswan/utils/leak_detective.c index af29e2100..a2bca193d 100644 --- a/src/libstrongswan/utils/leak_detective.c +++ b/src/libstrongswan/utils/leak_detective.c @@ -19,14 +19,11 @@ #include #include #include -#include -#include -#include #include -#include -#include #include +#ifdef HAVE_DLADDR #include +#endif #include #include @@ -42,6 +39,7 @@ #include "leak_detective.h" #include +#include #include #include #include diff --git a/src/libstrongswan/utils/utils.h b/src/libstrongswan/utils/utils.h index 392f24e63..ca0d6b9a3 100644 --- a/src/libstrongswan/utils/utils.h +++ b/src/libstrongswan/utils/utils.h @@ -26,9 +26,18 @@ #include #include #include -#include #include +#ifdef WIN32 +# include "windows.h" +#else +# define _GNU_SOURCE +# include +# include +# include +# include +#endif + /** * strongSwan program return codes */ @@ -273,7 +282,7 @@ static inline bool memeq(const void *x, const void *y, size_t len) * TODO: since the uintXX_t types are defined by the C99 standard we should * probably use those anyway */ -#ifdef __sun +#if defined __sun || defined WIN32 #include typedef uint8_t u_int8_t; typedef uint16_t u_int16_t; diff --git a/src/libstrongswan/utils/windows.h b/src/libstrongswan/utils/windows.h new file mode 100644 index 000000000..5306cbc42 --- /dev/null +++ b/src/libstrongswan/utils/windows.h @@ -0,0 +1,153 @@ +/* + * Copyright (C) 2013 Martin Willi + * Copyright (C) 2013 revosec AG + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup windows windows + * @{ @ingroup utils + */ + +#ifndef WINDOWS_H_ +#define WINDOWS_H_ + +#include +#include +#include + +/* undef Windows variants evaluating values more than once */ +#undef min +#undef max + +/* interface is defined as an alias to "struct" in basetypes.h, but + * we use it here and there as ordinary identifier. */ +#undef interface + +/* used by Windows API, but we have our own */ +#undef CALLBACK + +/* UID/GID types for capabilities, even if not supported */ +typedef u_int uid_t; +typedef u_int gid_t; + +/** + * Replacement for random(3) + */ +static inline long random(void) +{ + return rand(); +} + +/** + * Replacement for srandom(3) + */ +static inline void srandom(unsigned int seed) +{ + srand(seed); +} + +/** + * Provided via ws2_32 + */ +const char *inet_ntop(int af, const void *src, char *dst, socklen_t size); + +/** + * Provided via ws2_32 + */ +int inet_pton(int af, const char *src, void *dst); + +/** + * Provided by printf hook backend + */ +int asprintf(char **strp, const char *fmt, ...); + +/** + * Provided by printf hook backend + */ +int vasprintf(char **strp, const char *fmt, va_list ap); + +/** + * timeradd(3) from + */ +static inline void timeradd(struct timeval *a, struct timeval *b, + struct timeval *res) +{ + res->tv_sec = a->tv_sec + b->tv_sec; + res->tv_usec = a->tv_usec + b->tv_usec; + if (res->tv_usec >= 1000000) + { + res->tv_usec -= 1000000; + res->tv_sec++; + } +} + +/** + * timersub(3) from + */ +static inline void timersub(struct timeval *a, struct timeval *b, + struct timeval *res) +{ + res->tv_sec = a->tv_sec - b->tv_sec; + res->tv_usec = a->tv_usec - b->tv_usec; + if (res->tv_usec < 0) + { + res->tv_usec += 1000000; + res->tv_sec--; + } +} + +/** + * gmtime_r(3) from + */ +static inline struct tm *gmtime_r(const time_t *timep, struct tm *result) +{ + if (sizeof(time_t) == 4) + { + if (_gmtime32_s(result, (__time32_t*)time) == 0) + { + return result; + } + } + else + { + if (_gmtime64_s(result, (__time64_t*)time) == 0) + { + return result; + } + } + return NULL; +} + +/** + * localtime_r(3) from + */ +static inline struct tm *localtime_r(const time_t *timep, struct tm *result) +{ + if (sizeof(time_t) == 4) + { + if (_localtime32_s(result, (__time32_t*)time) == 0) + { + return result; + } + } + else + { + if (_localtime64_s(result, (__time64_t*)time) == 0) + { + return result; + } + } + return NULL; +} + +#endif /** WINDOWS_H_ @}*/ From ce24e0d3e52c545bd0d4b4f22a11ff4a9f8f0039 Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Fri, 11 Oct 2013 15:26:01 +0200 Subject: [PATCH 002/138] configure.ac: Define USE_WINDOWS for Automake when building for Windows --- configure.ac | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/configure.ac b/configure.ac index 309789ca1..8b0b8d087 100644 --- a/configure.ac +++ b/configure.ac @@ -724,6 +724,19 @@ if test x$printf_hooks = xauto -o x$printf_hooks = xglibc; then ) fi +AC_MSG_CHECKING([for Windows target]) +AC_COMPILE_IFELSE( + [AC_LANG_PROGRAM( + [[#include ]], + [[#ifndef WIN32 + # error WIN32 undefined + #endif + ]])], + [AC_MSG_RESULT([yes]); windows=true ], + [AC_MSG_RESULT([no])] +) +AM_CONDITIONAL(USE_WINDOWS, [test "x$windows" = xtrue]) + if test x$printf_hooks = xvstr; then AC_CHECK_LIB([vstr],[main],[LIBS="$LIBS"],[AC_MSG_ERROR([Vstr string library not found])],[]) AC_DEFINE([USE_VSTR], [], [use Vstr string library for printf hooks]) From 43c5388470c66dc0948549af8e4f2d572e23b5f6 Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Fri, 11 Oct 2013 15:43:30 +0200 Subject: [PATCH 003/138] tun-device: Rearrange headers to build properly when tun devices not supported --- src/libstrongswan/networking/tun_device.c | 36 ++++++++++------------- 1 file changed, 15 insertions(+), 21 deletions(-) diff --git a/src/libstrongswan/networking/tun_device.c b/src/libstrongswan/networking/tun_device.c index f2c7b162f..ff2c4a337 100644 --- a/src/libstrongswan/networking/tun_device.c +++ b/src/libstrongswan/networking/tun_device.c @@ -16,6 +16,21 @@ * for more details. */ +#include "tun_device.h" + +#include +#include + +#if !defined(__APPLE__) && !defined(__linux__) && !defined(HAVE_NET_IF_TUN_H) + +tun_device_t *tun_device_create(const char *name_tmpl) +{ + DBG1(DBG_LIB, "TUN devices are not supported"); + return NULL; +} + +#else /* TUN devices supported */ + #include #include #include @@ -27,22 +42,6 @@ #include #include -#if !defined(__APPLE__) && !defined(__linux__) && !defined(HAVE_NET_IF_TUN_H) - -#include "tun_device.h" - -#include - -#warning TUN devices are not supported! - -tun_device_t *tun_device_create(const char *name_tmpl) -{ - DBG1(DBG_LIB, "TUN devices are not supported"); - return NULL; -} - -#else /* TUN devices supported */ - #ifdef __APPLE__ #include #include @@ -58,11 +57,6 @@ tun_device_t *tun_device_create(const char *name_tmpl) #include #endif -#include "tun_device.h" - -#include -#include - #define TUN_DEFAULT_MTU 1500 typedef struct private_tun_device_t private_tun_device_t; From 40a924090e0350ac10c5f854e7cb96c04c7e1b9e Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Fri, 11 Oct 2013 15:59:37 +0200 Subject: [PATCH 004/138] crl: Undefine 's CRL_REASON_* and use our enum values instead --- .../credentials/certificates/crl.h | 28 +++++++++++++------ 1 file changed, 20 insertions(+), 8 deletions(-) diff --git a/src/libstrongswan/credentials/certificates/crl.h b/src/libstrongswan/credentials/certificates/crl.h index 4191c5935..8a48bd7ff 100644 --- a/src/libstrongswan/credentials/certificates/crl.h +++ b/src/libstrongswan/credentials/certificates/crl.h @@ -28,18 +28,30 @@ typedef enum crl_reason_t crl_reason_t; #include #include +/* comes with CRL_REASON clashing with ours. Even if the values + * are identical, we undef them here to use our enum instead of defines. */ +#ifdef WIN32 +# undef CRL_REASON_UNSPECIFIED +# undef CRL_REASON_KEY_COMPROMISE +# undef CRL_REASON_CA_COMPROMISE +# undef CRL_REASON_AFFILIATION_CHANGED +# undef CRL_REASON_SUPERSEDED +# undef CRL_REASON_CERTIFICATE_HOLD +# undef CRL_REASON_REMOVE_FROM_CRL +#endif + /** * RFC 2459 CRL reason codes */ enum crl_reason_t { - CRL_REASON_UNSPECIFIED = 0, - CRL_REASON_KEY_COMPROMISE = 1, - CRL_REASON_CA_COMPROMISE = 2, - CRL_REASON_AFFILIATION_CHANGED = 3, - CRL_REASON_SUPERSEDED = 4, - CRL_REASON_CESSATION_OF_OPERATON = 5, - CRL_REASON_CERTIFICATE_HOLD = 6, - CRL_REASON_REMOVE_FROM_CRL = 8, + CRL_REASON_UNSPECIFIED = 0, + CRL_REASON_KEY_COMPROMISE = 1, + CRL_REASON_CA_COMPROMISE = 2, + CRL_REASON_AFFILIATION_CHANGED = 3, + CRL_REASON_SUPERSEDED = 4, + CRL_REASON_CESSATION_OF_OPERATON = 5, + CRL_REASON_CERTIFICATE_HOLD = 6, + CRL_REASON_REMOVE_FROM_CRL = 8, }; /** From 2e6c203bad2b1c7f05584ab6f91eedc23c880b6d Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Fri, 11 Oct 2013 16:58:02 +0200 Subject: [PATCH 005/138] windows: Provide wrappers for dlopen() function family --- src/libstrongswan/plugins/plugin_loader.c | 2 + src/libstrongswan/utils/windows.h | 81 +++++++++++++++++++++++ 2 files changed, 83 insertions(+) diff --git a/src/libstrongswan/plugins/plugin_loader.c b/src/libstrongswan/plugins/plugin_loader.c index 487fafa01..c23f2f03f 100644 --- a/src/libstrongswan/plugins/plugin_loader.c +++ b/src/libstrongswan/plugins/plugin_loader.c @@ -21,7 +21,9 @@ #include #include #include +#ifdef HAVE_DLADDR #include +#endif #include #include diff --git a/src/libstrongswan/utils/windows.h b/src/libstrongswan/utils/windows.h index 5306cbc42..2457cff32 100644 --- a/src/libstrongswan/utils/windows.h +++ b/src/libstrongswan/utils/windows.h @@ -150,4 +150,85 @@ static inline struct tm *localtime_r(const time_t *timep, struct tm *result) return NULL; } +/** + * dlerror(3) from , printing error to an alloca() buffer + */ +#define dlerror() \ +({ \ + char buf[128], *out;\ + ssize_t len; \ + DWORD err; \ + err = GetLastError(); \ + len = FormatMessage(0, NULL, err, 0, buf, sizeof(buf), NULL); \ + if (len <= 0) \ + { \ + len = snprintf(buf, sizeof(buf), "(%u)", err); \ + } \ + len++; \ + out = alloca(len); \ + memcpy(out, buf, len); \ + out; \ +}) + +/** + * Lazy binding, ignored on Windows + */ +#define RTLD_LAZY 1 + +/** + * dlopen(3) from + */ +static inline void *dlopen(const char *filename, int flag) +{ + return LoadLibrary(filename); +} + +/** + * Default handle targeting .exe + */ +#define RTLD_DEFAULT (NULL) + +/** + * Find symbol in next library + */ +#define RTLD_NEXT ((void*)~(uintptr_t)0) + +/** + * dlsym() from + */ +static inline void *dlsym(void *handle, const char *symbol) +{ + if (handle == RTLD_DEFAULT) + { + handle = GetModuleHandle(NULL); + } + else if (handle == RTLD_NEXT) + { + if (strcmp(symbol, "malloc") == 0 || + strcmp(symbol, "realloc") == 0 || + strcmp(symbol, "free") == 0) + { + /* for leak-detective */ + handle = GetModuleHandle("msvcrt"); + } + else + { + return NULL; + } + } + if (handle) + { + return GetProcAddress((HMODULE)handle, symbol); + } + return NULL; +} + +/** + * dlclose() from + */ +static inline int dlclose(void *handle) +{ + return FreeLibrary((HMODULE)handle); +} + #endif /** WINDOWS_H_ @}*/ From c6b588bf061b0a105a219cbb4449e917111558d6 Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Fri, 11 Oct 2013 17:14:04 +0200 Subject: [PATCH 006/138] thread: Add a Windows pthread variant to print thread identifiers --- src/libstrongswan/threading/thread.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/libstrongswan/threading/thread.c b/src/libstrongswan/threading/thread.c index 0adfb31d0..593f44a44 100644 --- a/src/libstrongswan/threading/thread.c +++ b/src/libstrongswan/threading/thread.c @@ -301,6 +301,9 @@ static void *thread_main(private_thread_t *this) #ifdef HAVE_GETTID DBG2(DBG_LIB, "created thread %.2d [%u]", this->id, gettid()); +#elif defined(WIN32) + DBG2(DBG_LIB, "created thread %.2d [%p]", + this->id, this->thread_id.p); #else DBG2(DBG_LIB, "created thread %.2d [%lx]", this->id, (u_long)this->thread_id); From a3f7dfc1ca14443eccdb0adbdb3bba174d0c1da7 Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Fri, 11 Oct 2013 17:26:35 +0200 Subject: [PATCH 007/138] windows: replace mkdir() with Windows _mkdir() variant --- src/libstrongswan/utils/utils.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/libstrongswan/utils/utils.c b/src/libstrongswan/utils/utils.c index f2a4a065c..63c5bd4bd 100644 --- a/src/libstrongswan/utils/utils.c +++ b/src/libstrongswan/utils/utils.c @@ -307,7 +307,11 @@ bool mkdir_p(const char *path, mode_t mode) *pos = '\0'; if (access(full, F_OK) < 0) { +#ifdef WIN32 + if (_mkdir(full) < 0) +#else if (mkdir(full, mode) < 0) +#endif { DBG1(DBG_LIB, "failed to create directory %s", full); return FALSE; From d3c30b356cd01fdaa77a7be4865678ceca80c368 Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Fri, 11 Oct 2013 17:27:25 +0200 Subject: [PATCH 008/138] windows: Use _getmaxstdio as replacement for syscall(_SC_OPEN_MAX) --- src/libstrongswan/utils/utils.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/libstrongswan/utils/utils.c b/src/libstrongswan/utils/utils.c index 63c5bd4bd..03c7b4f7e 100644 --- a/src/libstrongswan/utils/utils.c +++ b/src/libstrongswan/utils/utils.c @@ -418,7 +418,11 @@ void closefrom(int lowfd) } /* ...fall back to closing all fds otherwise */ +#ifdef WIN32 + maxfd = _getmaxstdio(); +#else maxfd = (int)sysconf(_SC_OPEN_MAX); +#endif if (maxfd < 0) { maxfd = 256; From e7f3ceb7c8e0f02d8db7508f425cb166542759d4 Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Fri, 11 Oct 2013 17:48:33 +0200 Subject: [PATCH 009/138] capabilities: Add build support for Windows We might extend it in the future using some Windows rights management. --- src/libstrongswan/utils/capabilities.c | 40 ++++++++++++++++++++++++-- 1 file changed, 37 insertions(+), 3 deletions(-) diff --git a/src/libstrongswan/utils/capabilities.c b/src/libstrongswan/utils/capabilities.c index c5e90b6c3..923b7d4db 100644 --- a/src/libstrongswan/utils/capabilities.c +++ b/src/libstrongswan/utils/capabilities.c @@ -17,24 +17,27 @@ #include "capabilities.h" +#include + #include #include #include +#include + +#ifndef WIN32 #include #include -#include #ifdef HAVE_PRCTL # include #endif /* HAVE_PRCTL */ -#include - #if !defined(HAVE_GETPWNAM_R) || \ !defined(HAVE_GETGRNAM_R) || \ !defined(HAVE_GETPWUID_R) # include # define EMULATE_R_FUNCS #endif +#endif /* !WIN32 */ typedef struct private_capabilities_t private_capabilities_t; @@ -76,6 +79,8 @@ struct private_capabilities_t { #endif }; +#ifndef WIN32 + /** * Returns TRUE if the current process/user is member of the given group */ @@ -181,6 +186,19 @@ static bool has_capability(private_capabilities_t *this, u_int cap, #endif /* CAPABILITIES_NATIVE */ } +#else /* WIN32 */ + +/** + * Verify that the current process has the given capability, dummy variant + */ +static bool has_capability(private_capabilities_t *this, u_int cap, + bool *ignore) +{ + return TRUE; +} + +#endif /* WIN32 */ + /** * Keep the given capability if it is held by the current process. Returns * FALSE, if this is not the case. @@ -232,13 +250,21 @@ METHOD(capabilities_t, check, bool, METHOD(capabilities_t, get_uid, uid_t, private_capabilities_t *this) { +#ifdef WIN32 + return this->uid; +#else return this->uid ?: geteuid(); +#endif } METHOD(capabilities_t, get_gid, gid_t, private_capabilities_t *this) { +#ifdef WIN32 + return this->gid; +#else return this->gid ?: getegid(); +#endif } METHOD(capabilities_t, set_uid, void, @@ -256,6 +282,7 @@ METHOD(capabilities_t, set_gid, void, METHOD(capabilities_t, resolve_uid, bool, private_capabilities_t *this, char *username) { +#ifndef WIN32 struct passwd *pwp; int err; @@ -284,12 +311,14 @@ METHOD(capabilities_t, resolve_uid, bool, } DBG1(DBG_LIB, "resolving user '%s' failed: %s", username, err ? strerror(err) : "user not found"); +#endif /* !WIN32 */ return FALSE; } METHOD(capabilities_t, resolve_gid, bool, private_capabilities_t *this, char *groupname) { +#ifndef WIN32 struct group *grp; int err; @@ -318,9 +347,11 @@ METHOD(capabilities_t, resolve_gid, bool, } DBG1(DBG_LIB, "resolving user '%s' failed: %s", groupname, err ? strerror(err) : "group not found"); +#endif /* !WIN32 */ return FALSE; } +#ifndef WIN32 /** * Initialize supplementary groups for unprivileged user */ @@ -348,10 +379,12 @@ static bool init_supplementary_groups(private_capabilities_t *this) #endif /* HAVE_GETPWUID_R */ return res == 0; } +#endif /* WIN32 */ METHOD(capabilities_t, drop, bool, private_capabilities_t *this) { +#ifndef WIN32 #ifdef HAVE_PRCTL prctl(PR_SET_KEEPCAPS, 1, 0, 0, 0); #endif @@ -404,6 +437,7 @@ METHOD(capabilities_t, drop, bool, DBG1(DBG_LIB, "dropped capabilities, running as uid %u, gid %u", geteuid(), getegid()); #endif /* CAPABILITIES */ +#endif /*!WIN32 */ return TRUE; } From 71bf82d4741ccd8d3e738ffc53f5de40aced6c8d Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Fri, 11 Oct 2013 18:03:47 +0200 Subject: [PATCH 010/138] windows: Link libstrongswan against ws2_32.dll --- src/libstrongswan/Makefile.am | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/libstrongswan/Makefile.am b/src/libstrongswan/Makefile.am index 68162929e..180d27a7e 100644 --- a/src/libstrongswan/Makefile.am +++ b/src/libstrongswan/Makefile.am @@ -110,6 +110,10 @@ AM_LDFLAGS = \ AM_YFLAGS = -v -d +if USE_WINDOWS + libstrongswan_la_LIBADD += -lws2_32 +endif + if USE_LEAK_DETECTIVE AM_CPPFLAGS += -DLEAK_DETECTIVE libstrongswan_la_SOURCES += utils/leak_detective.c From 1f2b8c8c808163f9b299af5129bc4a9e56f10041 Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Tue, 15 Oct 2013 15:45:11 +0200 Subject: [PATCH 011/138] printf-hook-builtin: Support Windows console colors using TTY escape codes --- .../utils/printf_hook/printf_hook_builtin.c | 124 ++++++++++++++++++ src/libstrongswan/utils/utils.c | 5 +- 2 files changed, 128 insertions(+), 1 deletion(-) diff --git a/src/libstrongswan/utils/printf_hook/printf_hook_builtin.c b/src/libstrongswan/utils/printf_hook/printf_hook_builtin.c index c79d4b87a..466c673d9 100644 --- a/src/libstrongswan/utils/printf_hook/printf_hook_builtin.c +++ b/src/libstrongswan/utils/printf_hook/printf_hook_builtin.c @@ -1104,6 +1104,128 @@ int builtin_vprintf(const char *format, va_list ap) return builtin_vfprintf(stdout, format, ap); } +#ifdef WIN32 +/** + * Set TTY color on Windows consoles + */ +static void set_console_color(HANDLE handle, int color) +{ + CONSOLE_SCREEN_BUFFER_INFO info; + struct { + /* escape code */ + int color; + /* windows console color combination */ + WORD attributes; + } maps[] = { + { 30, 0 }, + { 31, FOREGROUND_RED }, + { 32, FOREGROUND_GREEN }, + { 33, FOREGROUND_GREEN | FOREGROUND_RED }, + { 34, FOREGROUND_BLUE | FOREGROUND_INTENSITY }, + { 35, FOREGROUND_RED | FOREGROUND_BLUE }, + { 36, FOREGROUND_GREEN | FOREGROUND_BLUE }, + { 37, FOREGROUND_GREEN | FOREGROUND_BLUE | FOREGROUND_RED }, + { 39, FOREGROUND_GREEN | FOREGROUND_BLUE | FOREGROUND_RED }, + { 40, 0 }, + { 41, BACKGROUND_RED }, + { 42, BACKGROUND_GREEN }, + { 43, BACKGROUND_GREEN | BACKGROUND_RED }, + { 44, BACKGROUND_BLUE }, + { 45, BACKGROUND_RED | BACKGROUND_BLUE }, + { 46, BACKGROUND_GREEN | BACKGROUND_BLUE }, + { 47, BACKGROUND_GREEN | BACKGROUND_BLUE | BACKGROUND_RED }, + { 49, 0 }, + }; + int i; + + if (GetConsoleScreenBufferInfo(handle, &info)) + { + if (color < 40) + { + info.wAttributes &= ~(FOREGROUND_BLUE | FOREGROUND_GREEN | + FOREGROUND_RED | FOREGROUND_INTENSITY); + } + else + { + info.wAttributes &= ~(BACKGROUND_BLUE | BACKGROUND_GREEN | + BACKGROUND_RED | BACKGROUND_INTENSITY); + } + for (i = 0; i < countof(maps); i++) + { + if (maps[i].color == color) + { + info.wAttributes |= maps[i].attributes; + SetConsoleTextAttribute(handle, info.wAttributes); + break; + } + } + } +} + +int builtin_vfprintf(FILE *stream, const char *format, va_list ap) +{ + char buf[PRINTF_BUF_LEN], *pos, *stop; + HANDLE handle; + int len, total; + DWORD clen, mode; + + total = len = builtin_vsnprintf(buf, sizeof(buf), format, ap); + switch (fileno(stream)) + { + case 1: + handle = GetStdHandle(STD_OUTPUT_HANDLE); + break; + case 2: + handle = GetStdHandle(STD_ERROR_HANDLE); + break; + default: + handle = INVALID_HANDLE_VALUE; + break; + } + /* GetConsoleMode fails if output redirected */ + if (handle == INVALID_HANDLE_VALUE || !GetConsoleMode(handle, &mode)) + { + return fwrite(buf, 1, len, stream); + } + while (len) + { + pos = &buf[total - len]; + if (len > 4) + { + if (pos[0] == '\e' && pos[1] == '[' && pos[4] == 'm') + { + if (isdigit(pos[3])) + { + if (pos[2] == '3' || pos[2] == '4') + { + set_console_color(handle, + (pos[2] - '0') * 10 + pos[3] - '0'); + len -= 5; + continue; + } + } + } + } + stop = memchr(pos + 1, '\e', len); + if (stop) + { + clen = stop - pos; + } + else + { + clen = len; + } + if (clen && !WriteConsole(handle, pos, clen, &clen, NULL)) + { + break; + } + len -= clen; + } + return total - len; +} + +#else /* !WIN32 */ + int builtin_vfprintf(FILE *stream, const char *format, va_list ap) { char buf[PRINTF_BUF_LEN]; @@ -1113,6 +1235,8 @@ int builtin_vfprintf(FILE *stream, const char *format, va_list ap) return fwrite(buf, 1, len, stream); } +#endif /* !WIN32 */ + int builtin_vsprintf(char *str, const char *format, va_list ap) { return builtin_vsnprintf(str, ~(size_t)0, format, ap); diff --git a/src/libstrongswan/utils/utils.c b/src/libstrongswan/utils/utils.c index 03c7b4f7e..7cca845f7 100644 --- a/src/libstrongswan/utils/utils.c +++ b/src/libstrongswan/utils/utils.c @@ -363,6 +363,9 @@ char* tty_escape_get(int fd, tty_escape_t escape) case TTY_BOLD: case TTY_UNDERLINE: case TTY_BLINKING: +#ifdef WIN32 + return ""; +#endif case TTY_FG_BLACK: case TTY_FG_RED: case TTY_FG_GREEN: @@ -382,7 +385,7 @@ char* tty_escape_get(int fd, tty_escape_t escape) case TTY_BG_WHITE: case TTY_BG_DEF: return enum_to_name(tty_color_names, escape); - /* warn if a excape code is missing */ + /* warn if a escape code is missing */ } return ""; } From a7e943a64008ea728c6a2674d80186da766cc735 Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Mon, 14 Oct 2013 11:55:12 +0200 Subject: [PATCH 012/138] backtrace: Add DbgHelp based Windows support for creating/printing backtraces --- configure.ac | 2 + src/libstrongswan/Makefile.am | 5 + src/libstrongswan/utils/backtrace.c | 207 ++++++++++++++++++++++++++-- 3 files changed, 202 insertions(+), 12 deletions(-) diff --git a/configure.ac b/configure.ac index 8b0b8d087..33aee4cc0 100644 --- a/configure.ac +++ b/configure.ac @@ -272,6 +272,7 @@ ARG_DISBL_SET([tools], [disable additional utilities (scepclient and pk ARG_ENABL_SET([aikgen], [enable AIK generator.]) # optional features ARG_ENABL_SET([bfd-backtraces], [use binutils libbfd to resolve backtraces for memory leaks and segfaults.]) +ARG_ENABL_SET([dbghelp-backtraces],[use dbghlp.dll on Windows to create and print backtraces for memory leaks and segfaults.]) ARG_DISBL_SET([ikev1], [disable IKEv1 protocol support in charon.]) ARG_DISBL_SET([ikev2], [disable IKEv2 protocol support in charon.]) ARG_ENABL_SET([integrity-test], [enable integrity testing of libstrongswan and plugins.]) @@ -1410,6 +1411,7 @@ AM_CONDITIONAL(USE_TROUSERS, test x$tss = xtrousers -o x$aikgen = xtrue) AM_CONDITIONAL(MONOLITHIC, test x$monolithic = xtrue) AM_CONDITIONAL(USE_SILENT_RULES, test x$enable_silent_rules = xyes) AM_CONDITIONAL(COVERAGE, test x$coverage = xtrue) +AM_CONDITIONAL(USE_DBGHELP, test x$dbghelp_backtraces = xtrue) AM_CONDITIONAL(USE_TKM, test x$tkm = xtrue) AM_CONDITIONAL(USE_CMD, test x$cmd = xtrue) AM_CONDITIONAL(USE_AIKGEN, test x$aikgen = xtrue) diff --git a/src/libstrongswan/Makefile.am b/src/libstrongswan/Makefile.am index 180d27a7e..35605074a 100644 --- a/src/libstrongswan/Makefile.am +++ b/src/libstrongswan/Makefile.am @@ -114,6 +114,11 @@ if USE_WINDOWS libstrongswan_la_LIBADD += -lws2_32 endif +if USE_DBGHELP + libstrongswan_la_LIBADD += -ldbghelp + AM_CPPFLAGS += -DHAVE_DBGHELP +endif + if USE_LEAK_DETECTIVE AM_CPPFLAGS += -DLEAK_DETECTIVE libstrongswan_la_SOURCES += utils/leak_detective.c diff --git a/src/libstrongswan/utils/backtrace.c b/src/libstrongswan/utils/backtrace.c index f1584620b..f367fe233 100644 --- a/src/libstrongswan/utils/backtrace.c +++ b/src/libstrongswan/utils/backtrace.c @@ -1,6 +1,7 @@ /* - * Copyright (C) 2006-2008 Martin Willi + * Copyright (C) 2006-2013 Martin Willi * Hochschule fuer Technik Rapperswil + * Copyright (C) 2013 revosec AG * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -15,14 +16,14 @@ #define _GNU_SOURCE -#ifdef HAVE_DLADDR -# include -#endif /* HAVE_DLADDR */ - #ifdef HAVE_BACKTRACE # include #endif /* HAVE_BACKTRACE */ - +#ifdef HAVE_DBGHELP +# include +# include +# include +#endif /* HAVE_DBGHELP */ #include #include "backtrace.h" @@ -81,6 +82,8 @@ static void println(FILE *file, char *format, ...) #ifdef HAVE_DLADDR +#include + /** * Same as tty_escape_get(), but for a potentially NULL FILE* */ @@ -375,7 +378,30 @@ static void print_sourceline(FILE *file, char *filename, void *ptr, void* base) #endif /* HAVE_BFD_H */ -#else /* !HAVE_DLADDR */ +#elif defined(HAVE_DBGHELP) /* && !HAVE_DLADDR */ + +#include +#include + +/** + * Mutex to access non-thread-safe dbghelp functions + */ +static mutex_t *dbghelp_mutex; + +void backtrace_init() +{ + SymSetOptions(SYMOPT_LOAD_LINES); + SymInitialize(GetCurrentProcess(), NULL, TRUE); + dbghelp_mutex = mutex_create(MUTEX_TYPE_DEFAULT); +} + +void backtrace_deinit() +{ + dbghelp_mutex->destroy(dbghelp_mutex); + SymCleanup(GetCurrentProcess()); +} + +#else /* !HAVE_DLADDR && !HAVE_DBGHELP */ void backtrace_init() {} void backtrace_deinit() {} @@ -385,7 +411,7 @@ void backtrace_deinit() {} METHOD(backtrace_t, log_, void, private_backtrace_t *this, FILE *file, bool detailed) { -#if defined(HAVE_BACKTRACE) || defined(HAVE_LIBUNWIND_H) +#if defined(HAVE_BACKTRACE) || defined(HAVE_LIBUNWIND_H) || defined(HAVE_DBGHELP) size_t i; char **strings = NULL; @@ -425,7 +451,64 @@ METHOD(backtrace_t, log_, void, } } else -#endif /* HAVE_DLADDR */ +#elif defined(HAVE_DBGHELP) + struct { + SYMBOL_INFO hdr; + char buf[128]; + } symbol; + char filename[MAX_PATH]; + HINSTANCE module; + HANDLE process; + DWORD64 displace, frame; + + process = GetCurrentProcess(); + frame = (uintptr_t)this->frames[i]; + + memset(&symbol, 0, sizeof(symbol)); + symbol.hdr.SizeOfStruct = sizeof(symbol.hdr); + symbol.hdr.MaxNameLen = sizeof(symbol.buf) - 1; + + dbghelp_mutex->lock(dbghelp_mutex); + + module = (HINSTANCE)SymGetModuleBase64(process, frame); + + if (module && GetModuleFileName(module, filename, sizeof(filename))) + { + if (SymFromAddr(process, frame, &displace, &symbol.hdr) && + symbol.hdr.Name) + { + println(file, " %s%s%s @ %p (%s%s%s+0x%tx) [%p]", + esc(file, TTY_FG_YELLOW), filename, + esc(file, TTY_FG_DEF), (void*)module, + esc(file, TTY_FG_RED), symbol.hdr.Name, + esc(file, TTY_FG_DEF), displace, + this->frames[i]); + } + else + { + println(file, " %s%s%s @ %p [%p]", + esc(file, TTY_FG_YELLOW), filename, + esc(file, TTY_FG_DEF), (void*)module, this->frames[i]); + } + if (detailed) + { + IMAGEHLP_LINE64 line; + DWORD off; + + memset(&line, 0, sizeof(line)); + line.SizeOfStruct = sizeof(line); + + if (SymGetLineFromAddr64(process, frame, &off, &line)) + { + + println(file, " -> %s%s:%u%s", esc(file, TTY_FG_GREEN), + line.FileName, line.LineNumber, + esc(file, TTY_FG_DEF)); + } + } + } + else +#endif /* HAVE_DLADDR/HAVE_DBGHELP */ { #ifdef HAVE_BACKTRACE if (!strings) @@ -442,10 +525,13 @@ METHOD(backtrace_t, log_, void, println(file, " %p", this->frames[i]); } } +#ifdef HAVE_DBGHELP + dbghelp_mutex->unlock(dbghelp_mutex); +#endif } free(strings); #else /* !HAVE_BACKTRACE && !HAVE_LIBUNWIND_H */ - println(file, "no support for backtrace()/libunwind"); + println(file, "no support for capturing backtraces"); #endif /* HAVE_BACKTRACE/HAVE_LIBUNWIND_H */ } @@ -470,7 +556,43 @@ METHOD(backtrace_t, contains_function, bool, } } } -#endif /* HAVE_DLADDR */ +#elif defined(HAVE_DBGHELP) + int i, j; + HANDLE process; + + process = GetCurrentProcess(); + + dbghelp_mutex->lock(dbghelp_mutex); + + for (i = 0; i < this->frame_count; i++) + { + struct { + SYMBOL_INFO hdr; + char buf[128]; + } symbol; + + memset(&symbol, 0, sizeof(symbol)); + symbol.hdr.SizeOfStruct = sizeof(symbol.hdr); + symbol.hdr.MaxNameLen = sizeof(symbol.buf) - 1; + + if (SymFromAddr(process, (DWORD64)this->frames[i], NULL, &symbol.hdr)) + { + if (symbol.hdr.Name) + { + for (j = 0; j < count; j++) + { + if (streq(symbol.hdr.Name, function[j])) + { + dbghelp_mutex->unlock(dbghelp_mutex); + return TRUE; + } + } + } + } + } + + dbghelp_mutex->unlock(dbghelp_mutex); +#endif /* HAVE_DLADDR/HAVE_DBGHELP */ return FALSE; } @@ -584,6 +706,65 @@ static inline int backtrace_unwind(void **frames, int count) } #endif /* HAVE_UNWIND */ +#ifdef HAVE_DBGHELP + +/** + * Windows variant for glibc backtrace() + */ +static inline int backtrace_win(void **frames, int count) +{ + STACKFRAME frame; + HANDLE process, thread; + DWORD machine; + CONTEXT context; + int got = 0; + + memset(&frame, 0, sizeof(frame)); + memset(&context, 0, sizeof(context)); + + process = GetCurrentProcess(); + thread = GetCurrentThread(); + +#ifdef __x86_64 + machine = IMAGE_FILE_MACHINE_AMD64; + + frame.AddrPC.Offset = context.Rip; + frame.AddrPC.Mode = AddrModeFlat; + frame.AddrStack.Offset = context.Rsp; + frame.AddrStack.Mode = AddrModeFlat; + frame.AddrFrame.Offset = context.Rbp; + frame.AddrFrame.Mode = AddrModeFlat; +#else /* x86 */ + machine = IMAGE_FILE_MACHINE_I386; + + frame.AddrPC.Offset = context.Eip; + frame.AddrPC.Mode = AddrModeFlat; + frame.AddrStack.Offset = context.Esp; + frame.AddrStack.Mode = AddrModeFlat; + frame.AddrFrame.Offset = context.Ebp; + frame.AddrFrame.Mode = AddrModeFlat; +#endif /* x86_64/x86 */ + + dbghelp_mutex->lock(dbghelp_mutex); + + RtlCaptureContext(&context); + + while (got < count) + { + if (!StackWalk64(machine, process, thread, &frame, &context, + NULL, SymFunctionTableAccess, SymGetModuleBase, NULL)) + { + break; + } + frames[got++] = (void*)frame.AddrPC.Offset; + } + + dbghelp_mutex->unlock(dbghelp_mutex); + + return got; +} +#endif /* HAVE_DBGHELP */ + /** * Get implementation methods of backtrace_t */ @@ -612,7 +793,9 @@ backtrace_t *backtrace_create(int skip) frame_count = backtrace_unwind(frames, countof(frames)); #elif defined(HAVE_BACKTRACE) frame_count = backtrace(frames, countof(frames)); -#endif /* HAVE_BACKTRACE */ +#elif defined(HAVE_DBGHELP) + frame_count = backtrace_win(frames, countof(frames)); +#endif frame_count = max(frame_count - skip, 0); this = malloc(sizeof(private_backtrace_t) + frame_count * sizeof(void*)); memcpy(this->frames, frames + skip, frame_count * sizeof(void*)); From 2127831cdaadd42755574e474c8017b752c0e032 Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Tue, 19 Nov 2013 18:40:51 +0100 Subject: [PATCH 013/138] backtrace: Support backtraces on Windows without DbgHelp While DbgHelp provides a convenient API to create backtraces, any executable linking against DbgHelp gets a more than a significant slow down. Further, it can only lookup global symbols, as it expects PDB files we can't produce with a MinGW build. With some core Kernel32.dll functionality, we can capture stack traces much faster. Together with the optional libbfd, we can print very fine backtraces. When --enable-bfd-backtraces is used on Windows, a libbfd.dll is required for the build. Such a DLL can be created from the binutils sources using: # build binutils with mingw... # extract archive members from binutils libraries x86_64-w64-mingw32-ar x $BINUTILS/bfd/.libs/libbfd.a x86_64-w64-mingw32-ar x $BINUTILS/intl/libintl.a x86_64-w64-mingw32-ar x $BINUTILS/libiberty/libiberty.a # create self-contained libbfd.a, with index x86_64-w64-mingw32-ar qs libbfd.a *.o # create DLL from static library x86_64-w64-mingw32-dlltool -e libbfd.o -l libbfd.lib libbfd.a x86_64-w64-mingw32-gcc -shared libbfd.a libbfd.o -o libbfd.dll --- src/libstrongswan/utils/backtrace.c | 88 ++++++++++++++++++++--------- 1 file changed, 61 insertions(+), 27 deletions(-) diff --git a/src/libstrongswan/utils/backtrace.c b/src/libstrongswan/utils/backtrace.c index f367fe233..6101fb9c2 100644 --- a/src/libstrongswan/utils/backtrace.c +++ b/src/libstrongswan/utils/backtrace.c @@ -30,6 +30,15 @@ #include +#ifdef WIN32 +# include +/* missing in MinGW */ +WINBOOL K32GetModuleInformation(HANDLE hProcess, HMODULE hModule, + LPMODULEINFO lpmodinfo, DWORD cb); +DWORD K32GetModuleFileNameExA(HANDLE hProcess, HMODULE hModule, + LPTSTR lpFilename, DWORD nSize); +#endif + typedef struct private_backtrace_t private_backtrace_t; /** @@ -80,9 +89,34 @@ static void println(FILE *file, char *format, ...) va_end(args); } -#ifdef HAVE_DLADDR +#ifdef HAVE_DBGHELP +#include +#include + +/** + * Mutex to access non-thread-safe dbghelp functions + */ +static mutex_t *dbghelp_mutex; + +void backtrace_init() +{ + SymSetOptions(SYMOPT_LOAD_LINES); + SymInitialize(GetCurrentProcess(), NULL, TRUE); + dbghelp_mutex = mutex_create(MUTEX_TYPE_DEFAULT); +} + +void backtrace_deinit() +{ + dbghelp_mutex->destroy(dbghelp_mutex); + SymCleanup(GetCurrentProcess()); +} + +#elif defined(HAVE_DLADDR) || defined(HAVE_BFD_H) + +#ifdef HAVE_DLADDR #include +#endif /** * Same as tty_escape_get(), but for a potentially NULL FILE* @@ -355,7 +389,6 @@ static void print_sourceline(FILE *file, char *filename, void *ptr, void* base) snprintf(buf, sizeof(buf), "addr2line -e %s %p", filename, ptr); #endif /* __APPLE__ */ - output = popen(buf, "r"); if (output) { @@ -378,29 +411,6 @@ static void print_sourceline(FILE *file, char *filename, void *ptr, void* base) #endif /* HAVE_BFD_H */ -#elif defined(HAVE_DBGHELP) /* && !HAVE_DLADDR */ - -#include -#include - -/** - * Mutex to access non-thread-safe dbghelp functions - */ -static mutex_t *dbghelp_mutex; - -void backtrace_init() -{ - SymSetOptions(SYMOPT_LOAD_LINES); - SymInitialize(GetCurrentProcess(), NULL, TRUE); - dbghelp_mutex = mutex_create(MUTEX_TYPE_DEFAULT); -} - -void backtrace_deinit() -{ - dbghelp_mutex->destroy(dbghelp_mutex); - SymCleanup(GetCurrentProcess()); -} - #else /* !HAVE_DLADDR && !HAVE_DBGHELP */ void backtrace_init() {} @@ -411,7 +421,7 @@ void backtrace_deinit() {} METHOD(backtrace_t, log_, void, private_backtrace_t *this, FILE *file, bool detailed) { -#if defined(HAVE_BACKTRACE) || defined(HAVE_LIBUNWIND_H) || defined(HAVE_DBGHELP) +#if defined(HAVE_BACKTRACE) || defined(HAVE_LIBUNWIND_H) || defined(WIN32) size_t i; char **strings = NULL; @@ -508,6 +518,26 @@ METHOD(backtrace_t, log_, void, } } else +#elif defined(WIN32) + HMODULE module; + MODULEINFO info; + char filename[MAX_PATH]; + + if (GetModuleHandleEx(GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS, + this->frames[i], &module) && + K32GetModuleInformation(GetCurrentProcess(), module, + &info, sizeof(info)) && + K32GetModuleFileNameExA(GetCurrentProcess(), module, + filename, sizeof(filename))) + { + println(file, " %s%s%s @ %p [%p]", + esc(file, TTY_FG_YELLOW), filename, + esc(file, TTY_FG_DEF), info.lpBaseOfDll, this->frames[i]); +#ifdef HAVE_BFD_H + print_sourceline(file, filename, this->frames[i], info.lpBaseOfDll); +#endif /* HAVE_BFD_H */ + } + else #endif /* HAVE_DLADDR/HAVE_DBGHELP */ { #ifdef HAVE_BACKTRACE @@ -709,7 +739,7 @@ static inline int backtrace_unwind(void **frames, int count) #ifdef HAVE_DBGHELP /** - * Windows variant for glibc backtrace() + * Windows dbghelp variant for glibc backtrace() */ static inline int backtrace_win(void **frames, int count) { @@ -763,6 +793,7 @@ static inline int backtrace_win(void **frames, int count) return got; } + #endif /* HAVE_DBGHELP */ /** @@ -795,6 +826,9 @@ backtrace_t *backtrace_create(int skip) frame_count = backtrace(frames, countof(frames)); #elif defined(HAVE_DBGHELP) frame_count = backtrace_win(frames, countof(frames)); +#elif defined(WIN32) + frame_count = CaptureStackBackTrace(skip, countof(frames), frames, NULL); + skip = 0; #endif frame_count = max(frame_count - skip, 0); this = malloc(sizeof(private_backtrace_t) + frame_count * sizeof(void*)); From 087e02e47ebddef0aaad7b0aa554418336cfc517 Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Thu, 2 Jan 2014 14:33:32 +0100 Subject: [PATCH 014/138] backtrace: Inline esc() helper, making it available to all build variants --- src/libstrongswan/utils/backtrace.c | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/src/libstrongswan/utils/backtrace.c b/src/libstrongswan/utils/backtrace.c index 6101fb9c2..3bb163545 100644 --- a/src/libstrongswan/utils/backtrace.c +++ b/src/libstrongswan/utils/backtrace.c @@ -89,6 +89,18 @@ static void println(FILE *file, char *format, ...) va_end(args); } +/** + * Same as tty_escape_get(), but for a potentially NULL FILE* + */ +static inline char* esc(FILE *file, tty_escape_t escape) +{ + if (file) + { + return tty_escape_get(fileno(file), escape); + } + return ""; +} + #ifdef HAVE_DBGHELP #include @@ -118,18 +130,6 @@ void backtrace_deinit() #include #endif -/** - * Same as tty_escape_get(), but for a potentially NULL FILE* - */ -static char* esc(FILE *file, tty_escape_t escape) -{ - if (file) - { - return tty_escape_get(fileno(file), escape); - } - return ""; -} - #ifdef HAVE_BFD_H #include From 8f129319ffd44f6e065a648283a77713c47b1d73 Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Tue, 15 Oct 2013 16:10:05 +0200 Subject: [PATCH 015/138] utils: Printf() defined time output should gmtime/localtime_r() fail --- src/libstrongswan/utils/utils.c | 23 +++++++++++++---------- 1 file changed, 13 insertions(+), 10 deletions(-) diff --git a/src/libstrongswan/utils/utils.c b/src/libstrongswan/utils/utils.c index 7cca845f7..fe3b32f6c 100644 --- a/src/libstrongswan/utils/utils.c +++ b/src/libstrongswan/utils/utils.c @@ -648,21 +648,24 @@ int time_printf_hook(printf_hook_data_t *data, printf_hook_spec_t *spec, }; time_t *time = *((time_t**)(args[0])); bool utc = *((int*)(args[1])); - struct tm t; + struct tm t, *ret = NULL; - if (*time == UNDEFINED_TIME) + if (*time != UNDEFINED_TIME) + { + if (utc) + { + ret = gmtime_r(time, &t); + } + else + { + ret = localtime_r(time, &t); + } + } + if (ret == NULL) { return print_in_hook(data, "--- -- --:--:--%s----", utc ? " UTC " : " "); } - if (utc) - { - gmtime_r(time, &t); - } - else - { - localtime_r(time, &t); - } return print_in_hook(data, "%s %02d %02d:%02d:%02d%s%04d", months[t.tm_mon], t.tm_mday, t.tm_hour, t.tm_min, t.tm_sec, utc ? " UTC " : " ", t.tm_year + 1900); From a4719c5767147bd038128b540a394a802ee0b2e0 Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Tue, 15 Oct 2013 16:11:19 +0200 Subject: [PATCH 016/138] asn1: Return a zeroed ASN1 time if gmtime_r() conversion fails --- src/libstrongswan/asn1/asn1.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/libstrongswan/asn1/asn1.c b/src/libstrongswan/asn1/asn1.c index 38a6ad688..05be574de 100644 --- a/src/libstrongswan/asn1/asn1.c +++ b/src/libstrongswan/asn1/asn1.c @@ -460,7 +460,7 @@ chunk_t asn1_from_time(const time_t *time, asn1_t type) const char *format; char buf[BUF_LEN]; chunk_t formatted_time; - struct tm t; + struct tm t = {}; gmtime_r(time, &t); /* RFC 5280 says that dates through the year 2049 MUST be encoded as UTCTIME From 95a8d53dbe1f0dcff27e170fc47902bd4006102d Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Tue, 15 Oct 2013 16:23:44 +0200 Subject: [PATCH 017/138] windows: Use localtime/gmtime to implement _r variants The _s variants and friends do not seem to work on Windows 7 and always fail. --- src/libstrongswan/utils/windows.h | 44 +++++++++++++------------------ 1 file changed, 18 insertions(+), 26 deletions(-) diff --git a/src/libstrongswan/utils/windows.h b/src/libstrongswan/utils/windows.h index 2457cff32..d47ae9a99 100644 --- a/src/libstrongswan/utils/windows.h +++ b/src/libstrongswan/utils/windows.h @@ -111,21 +111,17 @@ static inline void timersub(struct timeval *a, struct timeval *b, */ static inline struct tm *gmtime_r(const time_t *timep, struct tm *result) { - if (sizeof(time_t) == 4) + struct tm *ret; + + /* gmtime_s() and friends seem not to be implemented/functioning. + * Relying on gmtime() on Windows works as well, as it uses thread + * specific buffers. */ + ret = gmtime(timep); + if (ret) { - if (_gmtime32_s(result, (__time32_t*)time) == 0) - { - return result; - } + memcpy(result, ret, sizeof(*result)); } - else - { - if (_gmtime64_s(result, (__time64_t*)time) == 0) - { - return result; - } - } - return NULL; + return ret; } /** @@ -133,21 +129,17 @@ static inline struct tm *gmtime_r(const time_t *timep, struct tm *result) */ static inline struct tm *localtime_r(const time_t *timep, struct tm *result) { - if (sizeof(time_t) == 4) + struct tm *ret; + + /* localtime_s() and friends seem not to be implemented/functioning. + * Relying on localtime() on Windows works as well, as it uses thread + * specific buffers. */ + ret = localtime(timep); + if (ret) { - if (_localtime32_s(result, (__time32_t*)time) == 0) - { - return result; - } + memcpy(result, ret, sizeof(*result)); } - else - { - if (_localtime64_s(result, (__time64_t*)time) == 0) - { - return result; - } - } - return NULL; + return ret; } /** From a2216a28687f776052163bd1bda315d19ceb70a6 Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Tue, 15 Oct 2013 17:40:06 +0200 Subject: [PATCH 018/138] windows: Fix up PRI* printf formatters when building against own backend --- src/libstrongswan/utils/windows.h | 71 +++++++++++++++++++++++++++++++ 1 file changed, 71 insertions(+) diff --git a/src/libstrongswan/utils/windows.h b/src/libstrongswan/utils/windows.h index d47ae9a99..24c9d8a58 100644 --- a/src/libstrongswan/utils/windows.h +++ b/src/libstrongswan/utils/windows.h @@ -24,6 +24,7 @@ #include #include #include +#include /* undef Windows variants evaluating values more than once */ #undef min @@ -223,4 +224,74 @@ static inline int dlclose(void *handle) return FreeLibrary((HMODULE)handle); } +/* Windows does not support "ll" format printf length modifiers. Mingw + * therefore maps these to the Windows specific I64 length modifier. That + * won't work for us, as we use our own printf backend on Windows, which works + * just fine with "ll". */ +#undef PRId64 +#define PRId64 "lld" +#undef PRId64 +#define PRId64 "lld" +#undef PRIdLEAST64 +#define PRIdLEAST64 "lld" +#undef PRIdFAST64 +#define PRIdFAST64 "lld" +#undef PRIdMAX +#define PRIdMAX "lld" +#undef PRIi64 +#define PRIi64 "lli" +#undef PRIiLEAST64 +#define PRIiLEAST64 "lli" +#undef PRIiFAST64 +#define PRIiFAST64 "lli" +#undef PRIiMAX +#define PRIiMAX "lli" +#undef PRIo64 +#define PRIo64 "llo" +#undef PRIoLEAST64 +#define PRIoLEAST64 "llo" +#undef PRIoFAST64 +#define PRIoFAST64 "llo" +#undef PRIoMAX +#define PRIoMAX "llo" +#undef PRIu64 +#define PRIu64 "llu" +#undef PRIuLEAST64 +#define PRIuLEAST64 "llu" +#undef PRIuFAST64 +#define PRIuFAST64 "llu" +#undef PRIuMAX +#define PRIuMAX "llu" +#undef PRIx64 +#define PRIx64 "llx" +#undef PRIxLEAST64 +#define PRIxLEAST64 "llx" +#undef PRIxFAST64 +#define PRIxFAST64 "llx" +#undef PRIxMAX +#define PRIxMAX "llx" +#undef PRIX64 +#define PRIX64 "llX" +#undef PRIXLEAST64 +#define PRIXLEAST64 "llX" +#undef PRIXFAST64 +#define PRIXFAST64 "llX" +#undef PRIXMAX +#define PRIXMAX "llX" + +#ifdef _WIN64 +# undef PRIdPTR +# define PRIdPTR "lld" +# undef PRIiPTR +# define PRIiPTR "lli" +# undef PRIoPTR +# define PRIoPTR "llo" +# undef PRIuPTR +# define PRIuPTR "llu" +# undef PRIxPTR +# define PRIxPTR "llx" +# undef PRIXPTR +# define PRIXPTR "llX" +#endif /* _WIN64 */ + #endif /** WINDOWS_H_ @}*/ From 4aaf0320d0007f07ba06e243d2eed6b7e8ce3078 Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Tue, 15 Oct 2013 17:40:58 +0200 Subject: [PATCH 019/138] unit-tests: Add support for Windows build Instead of signals we catch Windows exceptions. Currently not supported are timers, which is more a convenience thing anyway. --- src/libstrongswan/tests/test_suite.c | 229 +++++++++++++++++++++++---- src/libstrongswan/tests/test_suite.h | 10 +- 2 files changed, 205 insertions(+), 34 deletions(-) diff --git a/src/libstrongswan/tests/test_suite.c b/src/libstrongswan/tests/test_suite.c index a636d6f7c..c80c6efd6 100644 --- a/src/libstrongswan/tests/test_suite.c +++ b/src/libstrongswan/tests/test_suite.c @@ -18,7 +18,11 @@ #include #include +#ifndef WIN32 #include +#endif + +#include /** * Failure message buf @@ -45,11 +49,6 @@ static backtrace_t *failure_backtrace; */ static bool worker_failed; -/** - * Longjump restore point when failing - */ -sigjmp_buf test_restore_point_env; - /** * See header. */ @@ -124,6 +123,169 @@ void test_suite_add_case(test_suite_t *suite, test_case_t *tcase) array_insert(suite->tcases, -1, tcase); } +#ifdef WIN32 + +/** + * Longjump restore point when failing + */ +jmp_buf test_restore_point_env; + +/** + * Thread ID of main thread + */ +static DWORD main_thread; + +/** + * APC routine invoked by main thread on worker failure + */ +static void set_worker_failure(ULONG_PTR dwParam) +{ + worker_failed = TRUE; +} + +/** + * Let test case fail + */ +static void test_failure() +{ + if (GetCurrentThreadId() == main_thread) + { + longjmp(test_restore_point_env, 1); + } + else + { + HANDLE *thread; + + thread = OpenThread(THREAD_SET_CONTEXT, FALSE, main_thread); + if (thread) + { + QueueUserAPC(set_worker_failure, thread, (uintptr_t)NULL); + CloseHandle(thread); + } + thread_exit(NULL); + } +} + +/** + * See header. + */ +void test_fail_if_worker_failed() +{ + if (GetCurrentThreadId() == main_thread && worker_failed) + { + test_failure(); + } +} + +/** + * Vectored exception handler + */ +static long eh_handler(PEXCEPTION_POINTERS ei) +{ + char *ename; + bool old = FALSE; + + switch (ei->ExceptionRecord->ExceptionCode) + { + case EXCEPTION_ACCESS_VIOLATION: + ename = "ACCESS_VIOLATION"; + break; + case EXCEPTION_ARRAY_BOUNDS_EXCEEDED: + ename = "ARRAY_BOUNDS_EXCEEDED"; + break; + case EXCEPTION_DATATYPE_MISALIGNMENT: + ename = "DATATYPE_MISALIGNMENT"; + break; + case EXCEPTION_FLT_DENORMAL_OPERAND: + ename = "FLT_DENORMAL_OPERAND"; + break; + case EXCEPTION_FLT_DIVIDE_BY_ZERO: + ename = "FLT_DIVIDE_BY_ZERO"; + break; + case EXCEPTION_FLT_INEXACT_RESULT: + ename = "FLT_INEXACT_RESULT"; + break; + case EXCEPTION_FLT_INVALID_OPERATION: + ename = "FLT_INVALID_OPERATION"; + break; + case EXCEPTION_FLT_OVERFLOW: + ename = "FLT_OVERFLOW"; + break; + case EXCEPTION_FLT_STACK_CHECK: + ename = "FLT_STACK_CHECK"; + break; + case EXCEPTION_FLT_UNDERFLOW: + ename = "FLT_UNDERFLOW"; + break; + case EXCEPTION_ILLEGAL_INSTRUCTION: + ename = "ILLEGAL_INSTRUCTION"; + break; + case EXCEPTION_IN_PAGE_ERROR: + ename = "IN_PAGE_ERROR"; + break; + case EXCEPTION_INT_DIVIDE_BY_ZERO: + ename = "INT_DIVIDE_BY_ZERO"; + break; + case EXCEPTION_INT_OVERFLOW: + ename = "INT_OVERFLOW"; + break; + case EXCEPTION_INVALID_DISPOSITION: + ename = "INVALID_DISPOSITION"; + break; + case EXCEPTION_NONCONTINUABLE_EXCEPTION: + ename = "NONCONTINUABLE_EXCEPTION"; + break; + case EXCEPTION_PRIV_INSTRUCTION: + ename = "PRIV_INSTRUCTION"; + break; + case EXCEPTION_STACK_OVERFLOW: + ename = "STACK_OVERFLOW"; + break; + default: + return EXCEPTION_CONTINUE_EXECUTION; + } + + if (lib->leak_detective) + { + old = lib->leak_detective->set_state(lib->leak_detective, FALSE); + } + failure_backtrace = backtrace_create(5); + if (lib->leak_detective) + { + lib->leak_detective->set_state(lib->leak_detective, old); + } + failure_line = 0; + test_fail_msg(NULL, 0, "%s exception", ename); + /* not reached */ + return EXCEPTION_CONTINUE_EXECUTION; +} + +/** + * See header. + */ +void test_setup_handler() +{ + main_thread = GetCurrentThreadId(); + AddVectoredExceptionHandler(0, eh_handler); +} + +/** + * See header. + */ +void test_setup_timeout(int s) +{ + /* TODO: currently not supported. SetTimer()? */ + + worker_failed = FALSE; +} + +#else /* !WIN32 */ + +/** + * Longjump restore point when failing + */ +sigjmp_buf test_restore_point_env; + /** * Main thread performing tests */ @@ -146,34 +308,6 @@ static inline void test_failure() } } -/** - * See header. - */ -void test_fail_vmsg(const char *file, int line, char *fmt, va_list args) -{ - vsnprintf(failure_buf, sizeof(failure_buf), fmt, args); - failure_line = line; - failure_file = file; - - test_failure(); -} - -/** - * See header. - */ -void test_fail_msg(const char *file, int line, char *fmt, ...) -{ - va_list args; - - va_start(args, fmt); - vsnprintf(failure_buf, sizeof(failure_buf), fmt, args); - failure_line = line; - failure_file = file; - va_end(args); - - test_failure(); -} - /** * See header. */ @@ -272,6 +406,35 @@ void test_setup_timeout(int s) worker_failed = FALSE; } +#endif /* !WIN32 */ + +/** + * See header. + */ +void test_fail_vmsg(const char *file, int line, char *fmt, va_list args) +{ + vsnprintf(failure_buf, sizeof(failure_buf), fmt, args); + failure_line = line; + failure_file = file; + + test_failure(); +} +/** + * See header. + */ +void test_fail_msg(const char *file, int line, char *fmt, ...) +{ + va_list args; + + va_start(args, fmt); + vsnprintf(failure_buf, sizeof(failure_buf), fmt, args); + failure_line = line; + failure_file = file; + va_end(args); + + test_failure(); +} + /** * See header. */ diff --git a/src/libstrongswan/tests/test_suite.h b/src/libstrongswan/tests/test_suite.h index 4bef6ff37..da57ab46c 100644 --- a/src/libstrongswan/tests/test_suite.h +++ b/src/libstrongswan/tests/test_suite.h @@ -174,7 +174,11 @@ void test_suite_add_case(test_suite_t *suite, test_case_t *tcase); /** * sigjmp restore point used by test_restore_point */ +#ifdef WIN32 +extern jmp_buf test_restore_point_env; +#else extern sigjmp_buf test_restore_point_env; +#endif /** * Set or return from an execution restore point @@ -185,7 +189,11 @@ extern sigjmp_buf test_restore_point_env; * * @return TRUE if restore point set, FALSE when restored */ -#define test_restore_point() (sigsetjmp(test_restore_point_env, 1) == 0) +#ifdef WIN32 +# define test_restore_point() (setjmp(test_restore_point_env) == 0) +#else +# define test_restore_point() (sigsetjmp(test_restore_point_env, 1) == 0) +#endif /** * Set up signal handlers for test cases From f0bfe4fa67562e73b4561e1ea18f022a28bae359 Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Tue, 15 Oct 2013 18:09:06 +0200 Subject: [PATCH 020/138] .gitignore: Add Windows .exe files --- .gitignore | 1 + 1 file changed, 1 insertion(+) diff --git a/.gitignore b/.gitignore index 7cfa99b45..2ac5b0099 100644 --- a/.gitignore +++ b/.gitignore @@ -23,6 +23,7 @@ libtool .dirstamp *.l[ao] *.[ao] +*.exe y.tab.[ch] lex.yy.c *keywords.c From a8c86599e462a0399b1e91cae4a01e424430a767 Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Tue, 15 Oct 2013 18:12:39 +0200 Subject: [PATCH 021/138] unit-tests: Don't depend on sockaddr_un to test invalid host_t family --- src/libstrongswan/tests/suites/test_host.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/libstrongswan/tests/suites/test_host.c b/src/libstrongswan/tests/suites/test_host.c index 30b9eb940..63442083a 100644 --- a/src/libstrongswan/tests/suites/test_host.c +++ b/src/libstrongswan/tests/suites/test_host.c @@ -286,8 +286,8 @@ END_TEST START_TEST(test_create_from_sockaddr_other) { - struct sockaddr_un addr = { - .sun_family = AF_UNIX, + struct sockaddr addr = { + .sa_family = AF_UNIX, }; host_t *host; From 7458952575c72894177b2074e1f43fb6ddb198cd Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Thu, 21 Nov 2013 16:26:18 +0100 Subject: [PATCH 022/138] unit-tests: Use Windows path for chunk tests, and socket functions if required --- src/libstrongswan/tests/suites/test_chunk.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/src/libstrongswan/tests/suites/test_chunk.c b/src/libstrongswan/tests/suites/test_chunk.c index 34ace2894..b33d70ec7 100644 --- a/src/libstrongswan/tests/suites/test_chunk.c +++ b/src/libstrongswan/tests/suites/test_chunk.c @@ -790,7 +790,11 @@ END_TEST START_TEST(test_chunk_map) { chunk_t *map, contents = chunk_from_chars(0x01,0x02,0x03,0x04,0x05); +#ifdef WIN32 + char *path = "C:\\Windows\\Temp\\strongswan-chunk-map-test"; +#else char *path = "/tmp/strongswan-chunk-map-test"; +#endif ck_assert(chunk_write(contents, path, 022, TRUE)); @@ -827,7 +831,11 @@ END_TEST START_TEST(test_chunk_from_fd_file) { chunk_t in, contents = chunk_from_chars(0x01,0x02,0x03,0x04,0x05); +#ifdef WIN32 + char *path = "C:\\Windows\\Temp\\strongswan-chunk-fd-test"; +#else char *path = "/tmp/strongswan-chunk-fd-test"; +#endif int fd; ck_assert(chunk_write(contents, path, 022, TRUE)); @@ -849,7 +857,7 @@ START_TEST(test_chunk_from_fd_skt) int s[2]; ck_assert(socketpair(AF_UNIX, SOCK_STREAM, 0, s) == 0); - ck_assert(write(s[1], contents.ptr, contents.len) == contents.len); + ck_assert_int_eq(send(s[1], contents.ptr, contents.len, 0), contents.len); close(s[1]); ck_assert_msg(chunk_from_fd(s[0], &in), "%s", strerror(errno)); close(s[0]); @@ -866,7 +874,7 @@ void *chunk_from_fd_run(void *data) for (i = 0; i < FROM_FD_COUNT; i++) { - ck_assert(write(fd, &i, sizeof(i)) == sizeof(i)); + ck_assert(send(fd, &i, sizeof(i), 0) == sizeof(i)); } close(fd); return NULL; From fb81820796349ec353622b08f1391bcecab53582 Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Tue, 15 Oct 2013 18:27:27 +0200 Subject: [PATCH 023/138] windows: Provide a setenv() wrapper --- src/libstrongswan/utils/windows.h | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/src/libstrongswan/utils/windows.h b/src/libstrongswan/utils/windows.h index 24c9d8a58..c0a5198a5 100644 --- a/src/libstrongswan/utils/windows.h +++ b/src/libstrongswan/utils/windows.h @@ -143,6 +143,18 @@ static inline struct tm *localtime_r(const time_t *timep, struct tm *result) return ret; } +/** + * setenv(3) from , overwrite flag is ignored + */ +static inline int setenv(const char *name, const char *value, int overwrite) +{ + if (SetEnvironmentVariableA(name, value) == 0) + { /* failed */ + return -1; + } + return 0; +} + /** * dlerror(3) from , printing error to an alloca() buffer */ From 87a79e6a037c79f73743ed4aa357747760314325 Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Wed, 16 Oct 2013 17:27:19 +0200 Subject: [PATCH 024/138] windows: Add utils_init/deinit functions to initialize Winsock2 --- src/libstrongswan/Makefile.am | 2 ++ src/libstrongswan/library.c | 2 ++ src/libstrongswan/utils/utils.c | 20 ++++++++++++++++++ src/libstrongswan/utils/utils.h | 10 +++++++++ src/libstrongswan/utils/windows.c | 35 +++++++++++++++++++++++++++++++ src/libstrongswan/utils/windows.h | 10 +++++++++ 6 files changed, 79 insertions(+) create mode 100644 src/libstrongswan/utils/windows.c diff --git a/src/libstrongswan/Makefile.am b/src/libstrongswan/Makefile.am index 35605074a..711676a26 100644 --- a/src/libstrongswan/Makefile.am +++ b/src/libstrongswan/Makefile.am @@ -112,6 +112,8 @@ AM_YFLAGS = -v -d if USE_WINDOWS libstrongswan_la_LIBADD += -lws2_32 + libstrongswan_la_SOURCES += \ + utils/windows.c endif if USE_DBGHELP diff --git a/src/libstrongswan/library.c b/src/libstrongswan/library.c index f152a8c1f..b06a2d5a5 100644 --- a/src/libstrongswan/library.c +++ b/src/libstrongswan/library.c @@ -146,6 +146,7 @@ void library_deinit() arrays_deinit(); threads_deinit(); backtrace_deinit(); + utils_deinit(); free((void*)this->public.ns); free(this); @@ -259,6 +260,7 @@ bool library_init(char *settings, const char *namespace) ); lib = &this->public; + utils_init(); backtrace_init(); threads_init(); arrays_init(); diff --git a/src/libstrongswan/utils/utils.c b/src/libstrongswan/utils/utils.c index fe3b32f6c..81eb2acec 100644 --- a/src/libstrongswan/utils/utils.c +++ b/src/libstrongswan/utils/utils.c @@ -47,6 +47,26 @@ ENUM(status_names, SUCCESS, NEED_MORE, "NEED_MORE", ); +/** + * See header + */ +void utils_init() +{ +#ifdef WIN32 + windows_init(); +#endif /* WIN32 */ +} + +/** + * See header + */ +void utils_deinit() +{ +#ifdef WIN32 + windows_deinit(); +#endif /* WIN32 */ +} + /** * Described in header. */ diff --git a/src/libstrongswan/utils/utils.h b/src/libstrongswan/utils/utils.h index ca0d6b9a3..c14b9c11e 100644 --- a/src/libstrongswan/utils/utils.h +++ b/src/libstrongswan/utils/utils.h @@ -82,6 +82,16 @@ #include "enum.h" #include "utils/strerror.h" +/** + * Initialize utility functions + */ +void utils_init(); + +/** + * Deinitialize utility functions + */ +void utils_deinit(); + /** * Helper function that compares two strings for equality */ diff --git a/src/libstrongswan/utils/windows.c b/src/libstrongswan/utils/windows.c new file mode 100644 index 000000000..6627a6c32 --- /dev/null +++ b/src/libstrongswan/utils/windows.c @@ -0,0 +1,35 @@ +/* + * Copyright (C) 2013 Martin Willi + * Copyright (C) 2013 revosec AG + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "utils.h" + +/** + * See header + */ +void windows_init() +{ + WSADATA wsad; + + /* initialize winsock2 */ + WSAStartup(MAKEWORD(2, 2), &wsad); +} + +/** + * See header + */ +void windows_deinit() +{ + WSACleanup(); +} diff --git a/src/libstrongswan/utils/windows.h b/src/libstrongswan/utils/windows.h index c0a5198a5..110498060 100644 --- a/src/libstrongswan/utils/windows.h +++ b/src/libstrongswan/utils/windows.h @@ -41,6 +41,16 @@ typedef u_int uid_t; typedef u_int gid_t; +/** + * Initialize Windows libraries + */ +void windows_init(); + +/** + * Deinitialize windows libraries + */ +void windows_deinit(); + /** * Replacement for random(3) */ From 82fcb8027645957d53ef1c553baec89173e1acd0 Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Wed, 16 Oct 2013 17:44:32 +0200 Subject: [PATCH 025/138] windows: Implement socketpair() using TCP sockets --- src/libstrongswan/utils/windows.c | 64 +++++++++++++++++++++++++++++++ src/libstrongswan/utils/windows.h | 5 +++ 2 files changed, 69 insertions(+) diff --git a/src/libstrongswan/utils/windows.c b/src/libstrongswan/utils/windows.c index 6627a6c32..a519b3b0d 100644 --- a/src/libstrongswan/utils/windows.c +++ b/src/libstrongswan/utils/windows.c @@ -15,6 +15,8 @@ #include "utils.h" +#include + /** * See header */ @@ -33,3 +35,65 @@ void windows_deinit() { WSACleanup(); } + +/** + * See header + */ +int socketpair(int domain, int type, int protocol, int sv[2]) +{ + struct sockaddr_in addr = { + .sin_family = AF_INET, + .sin_addr.s_addr = htonl(INADDR_LOOPBACK), + }; + socklen_t len = sizeof(addr); + int s, c, sc; + BOOL on; + + /* We don't check domain for AF_INET, as we use it as replacement for + * AF_UNIX. */ + if (type != SOCK_STREAM) + { + errno = EINVAL; + return -1; + } + if (protocol != 0 && protocol != IPPROTO_TCP) + { + errno = EINVAL; + return -1; + } + s = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); + if (s == -1) + { + return -1; + } + c = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); + if (c == -1) + { + closesocket(c); + return -1; + } + if (bind(s, (struct sockaddr*)&addr, sizeof(addr)) == 0 && + getsockname(s,(struct sockaddr*)&addr, &len) == 0 && + listen(s, 0) == 0 && + connect(c, (struct sockaddr*)&addr, sizeof(addr)) == 0) + { + sc = accept(s, NULL, NULL); + if (sc > 0) + { + closesocket(s); + s = sc; + if (setsockopt(s, IPPROTO_TCP, TCP_NODELAY, + (void*)&on, sizeof(on)) == 0 && + setsockopt(c, IPPROTO_TCP, TCP_NODELAY, + (void*)&on, sizeof(on)) == 0) + { + sv[0] = s; + sv[1] = c; + return 0; + } + } + } + closesocket(s); + closesocket(c); + return -1; +} diff --git a/src/libstrongswan/utils/windows.h b/src/libstrongswan/utils/windows.h index 110498060..23a6666c4 100644 --- a/src/libstrongswan/utils/windows.h +++ b/src/libstrongswan/utils/windows.h @@ -246,6 +246,11 @@ static inline int dlclose(void *handle) return FreeLibrary((HMODULE)handle); } +/** + * socketpair(2) for SOCK_STREAM, uses TCP on loopback + */ +int socketpair(int domain, int type, int protocol, int sv[2]); + /* Windows does not support "ll" format printf length modifiers. Mingw * therefore maps these to the Windows specific I64 length modifier. That * won't work for us, as we use our own printf backend on Windows, which works From 20021277f251d3a272cf5620476159642e21efb7 Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Wed, 16 Oct 2013 18:31:24 +0200 Subject: [PATCH 026/138] windows: Add send/recv and sendto/recvfrom wrappers supporting MSG_DONTWAIT --- src/libstrongswan/utils/windows.c | 99 +++++++++++++++++++++++++++++++ src/libstrongswan/utils/windows.h | 36 +++++++++++ 2 files changed, 135 insertions(+) diff --git a/src/libstrongswan/utils/windows.c b/src/libstrongswan/utils/windows.c index a519b3b0d..06e0f8295 100644 --- a/src/libstrongswan/utils/windows.c +++ b/src/libstrongswan/utils/windows.c @@ -97,3 +97,102 @@ int socketpair(int domain, int type, int protocol, int sv[2]) closesocket(c); return -1; } + +/** + * Check and clear the dontwait flag + */ +static bool check_dontwait(int *flags) +{ + if (*flags & MSG_DONTWAIT) + { + *flags &= ~MSG_DONTWAIT; + return TRUE; + } + return FALSE; +} + +/** + * See header + */ +#undef recv +ssize_t windows_recv(int sockfd, void *buf, size_t len, int flags) +{ + u_long on = 1, off = 0; + ssize_t outlen = -1; + + if (!check_dontwait(&flags)) + { + return recv(sockfd, buf, len, flags); + } + if (ioctlsocket(sockfd, FIONBIO, &on) == 0) + { + outlen = recv(sockfd, buf, len, flags); + ioctlsocket(sockfd, FIONBIO, &off); + } + return outlen; +} + +/** + * See header + */ +#undef recvfrom +ssize_t windows_recvfrom(int sockfd, void *buf, size_t len, int flags, + struct sockaddr *src_addr, socklen_t *addrlen) +{ + u_long on = 1, off = 0; + ssize_t outlen = -1; + + if (!check_dontwait(&flags)) + { + return recvfrom(sockfd, buf, len, flags, src_addr, addrlen); + } + if (ioctlsocket(sockfd, FIONBIO, &on) == 0) + { + outlen = recvfrom(sockfd, buf, len, flags, src_addr, addrlen); + ioctlsocket(sockfd, FIONBIO, &off); + } + return outlen; +} + +/** + * See header + */ +#undef send +ssize_t windows_send(int sockfd, const void *buf, size_t len, int flags) +{ + u_long on = 1, off = 0; + ssize_t outlen = -1; + + if (!check_dontwait(&flags)) + { + return send(sockfd, buf, len, flags); + } + if (ioctlsocket(sockfd, FIONBIO, &on) == 0) + { + outlen = send(sockfd, buf, len, flags); + ioctlsocket(sockfd, FIONBIO, &off); + } + return outlen; +} + +/** + * See header + */ +#undef sendto +ssize_t windows_sendto(int sockfd, const void *buf, size_t len, int flags, + const struct sockaddr *dest_addr, socklen_t addrlen) +{ + u_long on = 1, off = 0; + ssize_t outlen = -1; + + if (!check_dontwait(&flags)) + { + return sendto(sockfd, buf, len, flags, dest_addr, addrlen); + } + if (ioctlsocket(sockfd, FIONBIO, &on) == 0) + { + outlen = sendto(sockfd, buf, len, flags, dest_addr, addrlen); + ioctlsocket(sockfd, FIONBIO, &off); + } + return outlen; +} diff --git a/src/libstrongswan/utils/windows.h b/src/libstrongswan/utils/windows.h index 23a6666c4..9761c068a 100644 --- a/src/libstrongswan/utils/windows.h +++ b/src/libstrongswan/utils/windows.h @@ -251,6 +251,42 @@ static inline int dlclose(void *handle) */ int socketpair(int domain, int type, int protocol, int sv[2]); +/** + * Map MSG_DONTWAIT to the reserved, but deprecated MSG_INTERRUPT + */ +#define MSG_DONTWAIT MSG_INTERRUPT + +/** + * EWOULDBLOCK is EAGAIN on other systems as well + */ +#define EWOULDBLOCK EAGAIN + +/** + * recv(2) with support for MSG_DONTWAIT + */ +#define recv(...) windows_recv(__VA_ARGS__) +ssize_t windows_recv(int sockfd, void *buf, size_t len, int flags); + +/** + * recvfrom(2) with support for MSG_DONTWAIT + */ +#define recvfrom(...) windows_recvfrom(__VA_ARGS__) +ssize_t windows_recvfrom(int sockfd, void *buf, size_t len, int flags, + struct sockaddr *src_addr, socklen_t *addrlen); + +/** + * recvfrom(2) with support for MSG_DONTWAIT + */ +#define send(...) windows_send(__VA_ARGS__) +ssize_t windows_send(int sockfd, const void *buf, size_t len, int flags); + +/** + * recvfrom(2) with support for MSG_DONTWAIT + */ +#define sendto(...) windows_send(__VA_ARGS__) +ssize_t windows_sendto(int sockfd, const void *buf, size_t len, int flags, + const struct sockaddr *dest_addr, socklen_t addrlen); + /* Windows does not support "ll" format printf length modifiers. Mingw * therefore maps these to the Windows specific I64 length modifier. That * won't work for us, as we use our own printf backend on Windows, which works From df0769299adf6ebe2e3cf9317db00ea088a8da9f Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Thu, 17 Oct 2013 11:32:48 +0200 Subject: [PATCH 027/138] windows: Map WSAGetLastError() to errno failures in wrapped send/recv/from/to --- src/libstrongswan/utils/windows.c | 92 +++++++++++++++++++++++++++---- 1 file changed, 80 insertions(+), 12 deletions(-) diff --git a/src/libstrongswan/utils/windows.c b/src/libstrongswan/utils/windows.c index 06e0f8295..a0ff6b84b 100644 --- a/src/libstrongswan/utils/windows.c +++ b/src/libstrongswan/utils/windows.c @@ -98,6 +98,74 @@ int socketpair(int domain, int type, int protocol, int sv[2]) return -1; } +/** + * Set errno for a function setting WSA error on failure + */ +static int wserr(int retval) +{ + if (retval < 0) + { + switch (WSAGetLastError()) + { + case WSANOTINITIALISED: + errno = EBADF; + break; + case WSAENETDOWN: + case WSAENETRESET: + case WSAESHUTDOWN: + errno = EPIPE; + break; + case WSAEACCES: + errno = EACCES; + break; + case WSAEINTR: + errno = EINTR; + break; + case WSAEINPROGRESS: + errno = EBUSY; + break; + case WSAEFAULT: + errno = EFAULT; + break; + case WSAENOBUFS: + errno = ENOMEM; + break; + case WSAENOTSOCK: + errno = EINVAL; + break; + case WSAEOPNOTSUPP: + errno = ENOSYS; + break; + case WSAEWOULDBLOCK: + errno = EWOULDBLOCK; + break; + case WSAEMSGSIZE: + errno = ENOSPC; + break; + case WSAEINVAL: + errno = EINVAL; + break; + case WSAENOTCONN: + case WSAEHOSTUNREACH: + case WSAECONNABORTED: + case WSAECONNRESET: + errno = EIO; + break; + case WSAETIMEDOUT: + errno = ESRCH; + break; + default: + errno = ENOENT; + break; + } + } + else + { + errno = 0; + } + return retval; +} + /** * Check and clear the dontwait flag */ @@ -122,11 +190,11 @@ ssize_t windows_recv(int sockfd, void *buf, size_t len, int flags) if (!check_dontwait(&flags)) { - return recv(sockfd, buf, len, flags); + return wserr(recv(sockfd, buf, len, flags)); } - if (ioctlsocket(sockfd, FIONBIO, &on) == 0) + if (wserr(ioctlsocket(sockfd, FIONBIO, &on) == 0)) { - outlen = recv(sockfd, buf, len, flags); + outlen = wserr(recv(sockfd, buf, len, flags)); ioctlsocket(sockfd, FIONBIO, &off); } return outlen; @@ -144,11 +212,11 @@ ssize_t windows_recvfrom(int sockfd, void *buf, size_t len, int flags, if (!check_dontwait(&flags)) { - return recvfrom(sockfd, buf, len, flags, src_addr, addrlen); + return wserr(recvfrom(sockfd, buf, len, flags, src_addr, addrlen)); } - if (ioctlsocket(sockfd, FIONBIO, &on) == 0) + if (wserr(ioctlsocket(sockfd, FIONBIO, &on)) == 0) { - outlen = recvfrom(sockfd, buf, len, flags, src_addr, addrlen); + outlen = wserr(recvfrom(sockfd, buf, len, flags, src_addr, addrlen)); ioctlsocket(sockfd, FIONBIO, &off); } return outlen; @@ -165,11 +233,11 @@ ssize_t windows_send(int sockfd, const void *buf, size_t len, int flags) if (!check_dontwait(&flags)) { - return send(sockfd, buf, len, flags); + return wserr(send(sockfd, buf, len, flags)); } - if (ioctlsocket(sockfd, FIONBIO, &on) == 0) + if (wserr(ioctlsocket(sockfd, FIONBIO, &on)) == 0) { - outlen = send(sockfd, buf, len, flags); + outlen = wserr(send(sockfd, buf, len, flags)); ioctlsocket(sockfd, FIONBIO, &off); } return outlen; @@ -187,11 +255,11 @@ ssize_t windows_sendto(int sockfd, const void *buf, size_t len, int flags, if (!check_dontwait(&flags)) { - return sendto(sockfd, buf, len, flags, dest_addr, addrlen); + return wserr(sendto(sockfd, buf, len, flags, dest_addr, addrlen)); } - if (ioctlsocket(sockfd, FIONBIO, &on) == 0) + if (wserr(ioctlsocket(sockfd, FIONBIO, &on)) == 0) { - outlen = sendto(sockfd, buf, len, flags, dest_addr, addrlen); + outlen = wserr(sendto(sockfd, buf, len, flags, dest_addr, addrlen)); ioctlsocket(sockfd, FIONBIO, &off); } return outlen; From 93f78d82256fd50623048dcb262b147cad85b902 Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Thu, 17 Oct 2013 11:56:15 +0200 Subject: [PATCH 028/138] watcher: Add Windows support Instead of a pipe we use a TCP socketpair (can't select() a _pipe()), and Windsock2 send/recv functions instead of read/write. Currently supported (and required) are file descriptors provided by Winsock only; we might use a separate mechanism for traditional file handles if required (or switch to Windows events and WaitForMultipleObjects) for a future version. --- src/libstrongswan/processing/watcher.c | 96 +++++++++++++++++++++----- 1 file changed, 80 insertions(+), 16 deletions(-) diff --git a/src/libstrongswan/processing/watcher.c b/src/libstrongswan/processing/watcher.c index 09905646c..560e47299 100644 --- a/src/libstrongswan/processing/watcher.c +++ b/src/libstrongswan/processing/watcher.c @@ -24,7 +24,9 @@ #include #include +#ifndef WIN32 #include +#endif #include typedef struct private_watcher_t private_watcher_t; @@ -119,7 +121,14 @@ static void update(private_watcher_t *this) this->pending = TRUE; if (this->notify[1] != -1) { - ignore_result(write(this->notify[1], buf, sizeof(buf))); +#ifdef WIN32 + if (send(this->notify[1], buf, sizeof(buf), 0) == -1) +#else + if (write(this->notify[1], buf, sizeof(buf)) == -1) +#endif + { + DBG1(DBG_JOB, "notifying watcher failed: %s", strerror(errno)); + } } } @@ -293,21 +302,40 @@ static job_requeue_t watch(private_watcher_t *this) { char buf[1]; bool old; + ssize_t len; job_t *job; DBG2(DBG_JOB, "watcher going to select()"); thread_cleanup_push((void*)activate_all, this); old = thread_cancelability(TRUE); + res = select(maxfd + 1, &rd, &wr, &ex, NULL); thread_cancelability(old); thread_cleanup_pop(FALSE); + if (res > 0) { if (this->notify[0] != -1 && FD_ISSET(this->notify[0], &rd)) { - DBG2(DBG_JOB, "watcher got notification, rebuilding"); - while (read(this->notify[0], buf, sizeof(buf)) > 0); + while (TRUE) + { +#ifdef WIN32 + len = recv(this->notify[0], buf, sizeof(buf), 0); +#else + len = read(this->notify[0], buf, sizeof(buf)); +#endif + if (len == -1) + { + if (errno != EAGAIN && errno != EWOULDBLOCK) + { + DBG1(DBG_JOB, "reading watcher notify failed: %s", + strerror(errno)); + } + break; + } + } this->pending = FALSE; + DBG2(DBG_JOB, "watcher got notification, rebuilding"); return JOB_REQUEUE_DIRECT; } @@ -446,13 +474,60 @@ METHOD(watcher_t, destroy, void, free(this); } +#ifdef WIN32 + +/** + * Create notify pipe with a TCP socketpair + */ +static bool create_notify(private_watcher_t *this) +{ + u_long on = 1; + + if (socketpair(AF_INET, SOCK_STREAM, 0, this->notify) == 0) + { + /* use non-blocking I/O on read-end of notify pipe */ + if (ioctlsocket(this->notify[0], FIONBIO, &on) == 0) + { + return TRUE; + } + DBG1(DBG_LIB, "setting watcher notify pipe read-end non-blocking " + "failed: %s", strerror(errno)); + } + return FALSE; +} + +#else /* !WIN32 */ + +/** + * Create a notify pipe with a one-directional pipe + */ +static bool create_notify(private_watcher_t *this) +{ + int flags; + + if (pipe(this->notify) == 0) + { + /* use non-blocking I/O on read-end of notify pipe */ + flags = fcntl(this->notify[0], F_GETFL); + if (flags != -1 && + fcntl(this->notify[0], F_SETFL, flags | O_NONBLOCK) != -1) + { + return TRUE; + } + DBG1(DBG_LIB, "setting watcher notify pipe read-end non-blocking " + "failed: %s", strerror(errno)); + } + return FALSE; +} + +#endif /* !WIN32 */ + /** * See header */ watcher_t *watcher_create() { private_watcher_t *this; - int flags; INIT(this, .public = { @@ -467,18 +542,7 @@ watcher_t *watcher_create() .notify = {-1, -1}, ); - if (pipe(this->notify) == 0) - { - /* use non-blocking I/O on read-end of notify pipe */ - flags = fcntl(this->notify[0], F_GETFL); - if (flags == -1 || - fcntl(this->notify[0], F_SETFL, flags | O_NONBLOCK) == -1) - { - DBG1(DBG_LIB, "setting watcher notify pipe read-end non-blocking " - "failed: %s", strerror(errno)); - } - } - else + if (!create_notify(this)) { DBG1(DBG_LIB, "creating watcher notify pipe failed: %s", strerror(errno)); From aa5b49c0377604472ed65122bbba9299d49665a9 Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Fri, 11 Oct 2013 15:32:10 +0200 Subject: [PATCH 029/138] stream: Separate TCP/Unix stream helpers from stream/service implementations This allows us to disable Unix sockets cleanly on Windows. Replaces some read/write calls with recv/send counterparts, as Winsock does not like read/writes. --- src/libstrongswan/Android.mk | 6 +- src/libstrongswan/Makefile.am | 13 +- src/libstrongswan/networking/streams/stream.c | 133 +----------------- src/libstrongswan/networking/streams/stream.h | 51 ------- .../networking/streams/stream_manager.c | 19 ++- .../networking/streams/stream_service.c | 99 +------------ .../networking/streams/stream_service.h | 19 --- .../networking/streams/stream_service_tcp.c | 64 +++++++++ .../networking/streams/stream_service_tcp.h | 33 +++++ .../networking/streams/stream_service_unix.c | 75 ++++++++++ .../networking/streams/stream_service_unix.h | 42 ++++++ .../networking/streams/stream_tcp.c | 99 +++++++++++++ .../networking/streams/stream_tcp.h | 52 +++++++ .../networking/streams/stream_unix.c | 69 +++++++++ .../networking/streams/stream_unix.h | 48 +++++++ src/libstrongswan/utils/windows.h | 6 + 16 files changed, 524 insertions(+), 304 deletions(-) create mode 100644 src/libstrongswan/networking/streams/stream_service_tcp.c create mode 100644 src/libstrongswan/networking/streams/stream_service_tcp.h create mode 100644 src/libstrongswan/networking/streams/stream_service_unix.c create mode 100644 src/libstrongswan/networking/streams/stream_service_unix.h create mode 100644 src/libstrongswan/networking/streams/stream_tcp.c create mode 100644 src/libstrongswan/networking/streams/stream_tcp.h create mode 100644 src/libstrongswan/networking/streams/stream_unix.c create mode 100644 src/libstrongswan/networking/streams/stream_unix.h diff --git a/src/libstrongswan/Android.mk b/src/libstrongswan/Android.mk index 1840ad26e..1310716ed 100644 --- a/src/libstrongswan/Android.mk +++ b/src/libstrongswan/Android.mk @@ -27,8 +27,10 @@ credentials/sets/callback_cred.c credentials/auth_cfg.c database/database.c \ database/database_factory.c fetcher/fetcher.c fetcher/fetcher_manager.c eap/eap.c \ ipsec/ipsec_types.c \ networking/host.c networking/host_resolver.c networking/packet.c \ -networking/tun_device.c networking/streams/stream.c \ -networking/streams/stream_service.c networking/streams/stream_manager.c \ +networking/tun_device.c networking/streams/stream_manager.c \ +networking/streams/stream.c networking/streams/stream_service.c \ +networking/streams/stream_tcp.c networking/streams/stream_service_tcp.c \ +networking/streams/stream_unix.c networking/streams/stream_service_unix.c \ pen/pen.c plugins/plugin_loader.c plugins/plugin_feature.c processing/jobs/job.c \ processing/jobs/callback_job.c processing/processor.c processing/scheduler.c \ processing/watcher.c resolver/resolver_manager.c resolver/rr_set.c \ diff --git a/src/libstrongswan/Makefile.am b/src/libstrongswan/Makefile.am index 711676a26..df1f0260e 100644 --- a/src/libstrongswan/Makefile.am +++ b/src/libstrongswan/Makefile.am @@ -25,8 +25,9 @@ credentials/sets/callback_cred.c credentials/auth_cfg.c database/database.c \ database/database_factory.c fetcher/fetcher.c fetcher/fetcher_manager.c eap/eap.c \ ipsec/ipsec_types.c \ networking/host.c networking/host_resolver.c networking/packet.c \ -networking/tun_device.c networking/streams/stream.c \ -networking/streams/stream_service.c networking/streams/stream_manager.c \ +networking/tun_device.c networking/streams/stream_manager.c \ +networking/streams/stream.c networking/streams/stream_service.c \ +networking/streams/stream_tcp.c networking/streams/stream_service_tcp.c \ pen/pen.c plugins/plugin_loader.c plugins/plugin_feature.c processing/jobs/job.c \ processing/jobs/callback_job.c processing/processor.c processing/scheduler.c \ processing/watcher.c resolver/resolver_manager.c resolver/rr_set.c \ @@ -38,6 +39,12 @@ utils/utils.c utils/chunk.c utils/debug.c utils/enum.c utils/identification.c \ utils/lexparser.c utils/optionsfrom.c utils/capabilities.c utils/backtrace.c \ utils/parser_helper.c utils/test.c utils/utils/strerror.c +if !USE_WINDOWS + libstrongswan_la_SOURCES += \ + networking/streams/stream_unix.c \ + networking/streams/stream_service_unix.c +endif + # private header files noinst_HEADERS = \ settings/settings_types.h @@ -74,6 +81,8 @@ database/database.h database/database_factory.h fetcher/fetcher.h \ fetcher/fetcher_manager.h eap/eap.h pen/pen.h ipsec/ipsec_types.h \ networking/host.h networking/host_resolver.h networking/packet.h \ networking/tun_device.h networking/streams/stream.h \ +networking/streams/stream_unix.h networking/streams/stream_service_unix.h \ +networking/streams/stream_tcp.h networking/streams/stream_service_tcp.h \ networking/streams/stream_service.h networking/streams/stream_manager.h \ resolver/resolver.h resolver/resolver_response.h resolver/rr_set.h \ resolver/rr.h resolver/resolver_manager.h \ diff --git a/src/libstrongswan/networking/streams/stream.c b/src/libstrongswan/networking/streams/stream.c index f6fec0b4a..e49c35a7c 100644 --- a/src/libstrongswan/networking/streams/stream.c +++ b/src/libstrongswan/networking/streams/stream.c @@ -16,7 +16,8 @@ #include #include #include -#include + +#include "stream.h" typedef struct private_stream_t private_stream_t; @@ -65,7 +66,7 @@ METHOD(stream_t, read_, ssize_t, if (block) { - ret = read(this->fd, buf, len); + ret = recv(this->fd, buf, len, 0); } else { @@ -116,7 +117,7 @@ METHOD(stream_t, write_, ssize_t, { if (block) { - ret = write(this->fd, buf, len); + ret = send(this->fd, buf, len, 0); } else { @@ -287,129 +288,3 @@ stream_t *stream_create_from_fd(int fd) return &this->public; } - -/** - * See header - */ -int stream_parse_uri_unix(char *uri, struct sockaddr_un *addr) -{ - if (!strpfx(uri, "unix://")) - { - return -1; - } - uri += strlen("unix://"); - - memset(addr, 0, sizeof(*addr)); - addr->sun_family = AF_UNIX; - strncpy(addr->sun_path, uri, sizeof(addr->sun_path)); - addr->sun_path[sizeof(addr->sun_path)-1] = '\0'; - - return offsetof(struct sockaddr_un, sun_path) + strlen(addr->sun_path); -} - -/** - * See header - */ -stream_t *stream_create_unix(char *uri) -{ - struct sockaddr_un addr; - int len, fd; - - len = stream_parse_uri_unix(uri, &addr); - if (len == -1) - { - DBG1(DBG_NET, "invalid stream URI: '%s'", uri); - return NULL; - } - fd = socket(AF_UNIX, SOCK_STREAM, 0); - if (fd < 0) - { - DBG1(DBG_NET, "opening socket '%s' failed: %s", uri, strerror(errno)); - return NULL; - } - if (connect(fd, (struct sockaddr*)&addr, len) < 0) - { - DBG1(DBG_NET, "connecting to '%s' failed: %s", uri, strerror(errno)); - close(fd); - return NULL; - } - return stream_create_from_fd(fd); -} - -/** - * See header. - */ -int stream_parse_uri_tcp(char *uri, struct sockaddr *addr) -{ - char *pos, buf[128]; - host_t *host; - u_long port; - int len; - - if (!strpfx(uri, "tcp://")) - { - return -1; - } - uri += strlen("tcp://"); - pos = strrchr(uri, ':'); - if (!pos) - { - return -1; - } - if (*uri == '[' && pos > uri && *(pos - 1) == ']') - { - /* IPv6 URI */ - snprintf(buf, sizeof(buf), "%.*s", (int)(pos - uri - 2), uri + 1); - } - else - { - snprintf(buf, sizeof(buf), "%.*s", (int)(pos - uri), uri); - } - port = strtoul(pos + 1, &pos, 10); - if (port == ULONG_MAX || *pos || port > 65535) - { - return -1; - } - host = host_create_from_dns(buf, AF_UNSPEC, port); - if (!host) - { - return -1; - } - len = *host->get_sockaddr_len(host); - memcpy(addr, host->get_sockaddr(host), len); - host->destroy(host); - return len; -} - -/** - * See header - */ -stream_t *stream_create_tcp(char *uri) -{ - union { - struct sockaddr_in in; - struct sockaddr_in6 in6; - struct sockaddr sa; - } addr; - int fd, len; - - len = stream_parse_uri_tcp(uri, &addr.sa); - if (len == -1) - { - DBG1(DBG_NET, "invalid stream URI: '%s'", uri); - return NULL; - } - fd = socket(addr.sa.sa_family, SOCK_STREAM, 0); - if (fd < 0) - { - DBG1(DBG_NET, "opening socket '%s' failed: %s", uri, strerror(errno)); - return NULL; - } - if (connect(fd, &addr.sa, len)) - { - DBG1(DBG_NET, "connecting to '%s' failed: %s", uri, strerror(errno)); - close(fd); - return NULL; - } - return stream_create_from_fd(fd); -} diff --git a/src/libstrongswan/networking/streams/stream.h b/src/libstrongswan/networking/streams/stream.h index 3516d9186..747bf651c 100644 --- a/src/libstrongswan/networking/streams/stream.h +++ b/src/libstrongswan/networking/streams/stream.h @@ -25,9 +25,6 @@ typedef struct stream_t stream_t; #include -#include -#include - /** * Constructor function prototype for stream_t. * @@ -137,54 +134,6 @@ struct stream_t { void (*destroy)(stream_t *this); }; -/** - * Create a stream for UNIX sockets. - * - * UNIX URIs start with unix://, followed by the socket path. For absolute - * paths, an URI looks something like: - * - * unix:///path/to/socket - * - * @param uri UNIX socket specific URI, must start with "unix://" - * @return stream instance, NULL on failure - */ -stream_t *stream_create_unix(char *uri); - -/** - * Helper function to parse a unix:// URI to a sockaddr - * - * @param uri URI - * @param addr sockaddr - * @return length of sockaddr, -1 on error - */ -int stream_parse_uri_unix(char *uri, struct sockaddr_un *addr); - -/** - * Create a stream for TCP sockets. - * - * TCP URIs start with tcp://, followed by a hostname (FQDN or IP), followed - * by a colon separated port. A full TCP uri looks something like: - * - * tcp://srv.example.com:5555 - * tcp://0.0.0.0:1234 - * tcp://[fec2::1]:7654 - * - * There is no default port, so a colon after tcp:// is mandatory. - * - * @param uri TCP socket specific URI, must start with "tcp://" - * @return stream instance, NULL on failure - */ -stream_t *stream_create_tcp(char *uri); - -/** - * Helper function to parse a tcp:// URI to a sockaddr - * - * @param uri URI - * @param addr sockaddr, large enough for URI - * @return length of sockaddr, -1 on error - */ -int stream_parse_uri_tcp(char *uri, struct sockaddr *addr); - /** * Create a stream from a file descriptor. * diff --git a/src/libstrongswan/networking/streams/stream_manager.c b/src/libstrongswan/networking/streams/stream_manager.c index 2cbd6127e..8de243daa 100644 --- a/src/libstrongswan/networking/streams/stream_manager.c +++ b/src/libstrongswan/networking/streams/stream_manager.c @@ -15,6 +15,13 @@ #include "stream_manager.h" +#include "stream_tcp.h" +#include "stream_service_tcp.h" +#ifndef WIN32 +# include "stream_unix.h" +# include "stream_service_unix.h" +#endif + #include typedef struct private_stream_manager_t private_stream_manager_t; @@ -193,10 +200,12 @@ METHOD(stream_manager_t, remove_service, void, METHOD(stream_manager_t, destroy, void, private_stream_manager_t *this) { - remove_stream(this, stream_create_unix); remove_stream(this, stream_create_tcp); - remove_service(this, stream_service_create_unix); remove_service(this, stream_service_create_tcp); +#ifndef WIN32 + remove_stream(this, stream_create_unix); + remove_service(this, stream_service_create_unix); +#endif this->streams->destroy(this->streams); this->services->destroy(this->services); @@ -226,10 +235,12 @@ stream_manager_t *stream_manager_create() .lock = rwlock_create(RWLOCK_TYPE_DEFAULT), ); - add_stream(this, "unix://", stream_create_unix); add_stream(this, "tcp://", stream_create_tcp); - add_service(this, "unix://", stream_service_create_unix); add_service(this, "tcp://", stream_service_create_tcp); +#ifndef WIN32 + add_stream(this, "unix://", stream_create_unix); + add_service(this, "unix://", stream_service_create_unix); +#endif return &this->public; } diff --git a/src/libstrongswan/networking/streams/stream_service.c b/src/libstrongswan/networking/streams/stream_service.c index 4e0eebddb..7358c580e 100644 --- a/src/libstrongswan/networking/streams/stream_service.c +++ b/src/libstrongswan/networking/streams/stream_service.c @@ -19,10 +19,10 @@ #include #include +#include "stream_service.h" + #include #include -#include -#include #include typedef struct private_stream_service_t private_stream_service_t; @@ -235,98 +235,3 @@ stream_service_t *stream_service_create_from_fd(int fd) return &this->public; } - -/** - * See header - */ -stream_service_t *stream_service_create_unix(char *uri, int backlog) -{ - struct sockaddr_un addr; - mode_t old; - int fd, len; - - len = stream_parse_uri_unix(uri, &addr); - if (len == -1) - { - DBG1(DBG_NET, "invalid stream URI: '%s'", uri); - return NULL; - } - if (!lib->caps->check(lib->caps, CAP_CHOWN)) - { /* required to chown(2) service socket */ - DBG1(DBG_NET, "socket '%s' requires CAP_CHOWN capability", uri); - return NULL; - } - fd = socket(AF_UNIX, SOCK_STREAM, 0); - if (fd == -1) - { - DBG1(DBG_NET, "opening socket '%s' failed: %s", uri, strerror(errno)); - return NULL; - } - unlink(addr.sun_path); - - old = umask(S_IRWXO); - if (bind(fd, (struct sockaddr*)&addr, len) < 0) - { - DBG1(DBG_NET, "binding socket '%s' failed: %s", uri, strerror(errno)); - close(fd); - return NULL; - } - umask(old); - if (chown(addr.sun_path, lib->caps->get_uid(lib->caps), - lib->caps->get_gid(lib->caps)) != 0) - { - DBG1(DBG_NET, "changing socket permissions for '%s' failed: %s", - uri, strerror(errno)); - } - if (listen(fd, backlog) < 0) - { - DBG1(DBG_NET, "listen on socket '%s' failed: %s", uri, strerror(errno)); - unlink(addr.sun_path); - close(fd); - return NULL; - } - return stream_service_create_from_fd(fd); -} - -/** - * See header - */ -stream_service_t *stream_service_create_tcp(char *uri, int backlog) -{ - union { - struct sockaddr_in in; - struct sockaddr_in6 in6; - struct sockaddr sa; - } addr; - int fd, len, on = 1; - - len = stream_parse_uri_tcp(uri, &addr.sa); - if (len == -1) - { - DBG1(DBG_NET, "invalid stream URI: '%s'", uri); - return NULL; - } - fd = socket(addr.sa.sa_family, SOCK_STREAM, 0); - if (fd < 0) - { - DBG1(DBG_NET, "opening socket '%s' failed: %s", uri, strerror(errno)); - return NULL; - } - if (setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, &on, sizeof(on)) != 0) - { - DBG1(DBG_NET, "SO_REUSADDR on '%s' failed: %s", uri, strerror(errno)); - } - if (bind(fd, &addr.sa, len) < 0) - { - DBG1(DBG_NET, "binding socket '%s' failed: %s", uri, strerror(errno)); - close(fd); - return NULL; - } - if (listen(fd, backlog) < 0) - { - DBG1(DBG_NET, "listen on socket '%s' failed: %s", uri, strerror(errno)); - close(fd); - return NULL; - } - return stream_service_create_from_fd(fd); -} diff --git a/src/libstrongswan/networking/streams/stream_service.h b/src/libstrongswan/networking/streams/stream_service.h index c8faba323..de2aaf7a5 100644 --- a/src/libstrongswan/networking/streams/stream_service.h +++ b/src/libstrongswan/networking/streams/stream_service.h @@ -23,7 +23,6 @@ typedef struct stream_service_t stream_service_t; -#include #include #include @@ -83,22 +82,4 @@ struct stream_service_t { */ stream_service_t *stream_service_create_from_fd(int fd); -/** - * Create a service instance for UNIX sockets. - * - * @param uri UNIX socket specific URI, must start with "unix://" - * @param backlog size of the backlog queue, as passed to listen() - * @return stream_service instance, NULL on failure - */ -stream_service_t *stream_service_create_unix(char *uri, int backlog); - -/** - * Create a service instance for TCP sockets. - * - * @param uri TCP socket specific URI, must start with "tcp://" - * @param backlog size of the backlog queue, as passed to listen() - * @return stream_service instance, NULL on failure - */ -stream_service_t *stream_service_create_tcp(char *uri, int backlog); - #endif /** STREAM_SERVICE_H_ @}*/ diff --git a/src/libstrongswan/networking/streams/stream_service_tcp.c b/src/libstrongswan/networking/streams/stream_service_tcp.c new file mode 100644 index 000000000..4082834c8 --- /dev/null +++ b/src/libstrongswan/networking/streams/stream_service_tcp.c @@ -0,0 +1,64 @@ +/* + * Copyright (C) 2013 Martin Willi + * Copyright (C) 2013 revosec AG + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include +#include + +#include +#include +#include + +/** + * See header + */ +stream_service_t *stream_service_create_tcp(char *uri, int backlog) +{ + union { + struct sockaddr_in in; + struct sockaddr_in6 in6; + struct sockaddr sa; + } addr; + int fd, len, on = 1; + + len = stream_parse_uri_tcp(uri, &addr.sa); + if (len == -1) + { + DBG1(DBG_NET, "invalid stream URI: '%s'", uri); + return NULL; + } + fd = socket(addr.sa.sa_family, SOCK_STREAM, 0); + if (fd < 0) + { + DBG1(DBG_NET, "opening socket '%s' failed: %s", uri, strerror(errno)); + return NULL; + } + if (setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, (void*)&on, sizeof(on)) != 0) + { + DBG1(DBG_NET, "SO_REUSADDR on '%s' failed: %s", uri, strerror(errno)); + } + if (bind(fd, &addr.sa, len) < 0) + { + DBG1(DBG_NET, "binding socket '%s' failed: %s", uri, strerror(errno)); + close(fd); + return NULL; + } + if (listen(fd, backlog) < 0) + { + DBG1(DBG_NET, "listen on socket '%s' failed: %s", uri, strerror(errno)); + close(fd); + return NULL; + } + return stream_service_create_from_fd(fd); +} diff --git a/src/libstrongswan/networking/streams/stream_service_tcp.h b/src/libstrongswan/networking/streams/stream_service_tcp.h new file mode 100644 index 000000000..f63f0074b --- /dev/null +++ b/src/libstrongswan/networking/streams/stream_service_tcp.h @@ -0,0 +1,33 @@ +/* + * Copyright (C) 2013 Martin Willi + * Copyright (C) 2013 revosec AG + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup stream_service_tcp stream_service_tcp + * @{ @ingroup stream + */ + +#ifndef STREAM_SERVICE_TCP_H_ +#define STREAM_SERVICE_TCP_H_ + +/** + * Create a service instance for TCP sockets. + * + * @param uri TCP socket specific URI, must start with "tcp://" + * @param backlog size of the backlog queue, as passed to listen() + * @return stream_service instance, NULL on failure + */ +stream_service_t *stream_service_create_tcp(char *uri, int backlog); + +#endif /** STREAM_SERVICE_TCP_H_ @}*/ diff --git a/src/libstrongswan/networking/streams/stream_service_unix.c b/src/libstrongswan/networking/streams/stream_service_unix.c new file mode 100644 index 000000000..1ed27c499 --- /dev/null +++ b/src/libstrongswan/networking/streams/stream_service_unix.c @@ -0,0 +1,75 @@ +/* + * Copyright (C) 2013 Martin Willi + * Copyright (C) 2013 revosec AG + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include +#include + +#include +#include +#include +#include +#include + +/** + * See header + */ +stream_service_t *stream_service_create_unix(char *uri, int backlog) +{ + struct sockaddr_un addr; + mode_t old; + int fd, len; + + len = stream_parse_uri_unix(uri, &addr); + if (len == -1) + { + DBG1(DBG_NET, "invalid stream URI: '%s'", uri); + return NULL; + } + if (!lib->caps->check(lib->caps, CAP_CHOWN)) + { /* required to chown(2) service socket */ + DBG1(DBG_NET, "socket '%s' requires CAP_CHOWN capability", uri); + return NULL; + } + fd = socket(AF_UNIX, SOCK_STREAM, 0); + if (fd == -1) + { + DBG1(DBG_NET, "opening socket '%s' failed: %s", uri, strerror(errno)); + return NULL; + } + unlink(addr.sun_path); + + old = umask(S_IRWXO); + if (bind(fd, (struct sockaddr*)&addr, len) < 0) + { + DBG1(DBG_NET, "binding socket '%s' failed: %s", uri, strerror(errno)); + close(fd); + return NULL; + } + umask(old); + if (chown(addr.sun_path, lib->caps->get_uid(lib->caps), + lib->caps->get_gid(lib->caps)) != 0) + { + DBG1(DBG_NET, "changing socket permissions for '%s' failed: %s", + uri, strerror(errno)); + } + if (listen(fd, backlog) < 0) + { + DBG1(DBG_NET, "listen on socket '%s' failed: %s", uri, strerror(errno)); + unlink(addr.sun_path); + close(fd); + return NULL; + } + return stream_service_create_from_fd(fd); +} diff --git a/src/libstrongswan/networking/streams/stream_service_unix.h b/src/libstrongswan/networking/streams/stream_service_unix.h new file mode 100644 index 000000000..14c09cbb5 --- /dev/null +++ b/src/libstrongswan/networking/streams/stream_service_unix.h @@ -0,0 +1,42 @@ +/* + * Copyright (C) 2013 Martin Willi + * Copyright (C) 2013 revosec AG + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup stream_service_unix stream_service_unix + * @{ @ingroup stream + */ + +#ifndef STREAM_SERVICE_UNIX_H_ +#define STREAM_SERVICE_UNIX_H_ + +/** + * Create a service instance for UNIX sockets. + * + * @param uri UNIX socket specific URI, must start with "unix://" + * @param backlog size of the backlog queue, as passed to listen() + * @return stream_service instance, NULL on failure + */ +stream_service_t *stream_service_create_unix(char *uri, int backlog); + +/** + * Create a service instance for TCP sockets. + * + * @param uri TCP socket specific URI, must start with "tcp://" + * @param backlog size of the backlog queue, as passed to listen() + * @return stream_service instance, NULL on failure + */ +stream_service_t *stream_service_create_tcp(char *uri, int backlog); + +#endif /** STREAM_SERVICE_UNIX_H_ @}*/ diff --git a/src/libstrongswan/networking/streams/stream_tcp.c b/src/libstrongswan/networking/streams/stream_tcp.c new file mode 100644 index 000000000..5459145a0 --- /dev/null +++ b/src/libstrongswan/networking/streams/stream_tcp.c @@ -0,0 +1,99 @@ +/* + * Copyright (C) 2013 Martin Willi + * Copyright (C) 2013 revosec AG + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include +#include +#include +#include + +#include "stream_tcp.h" + +/** + * See header. + */ +int stream_parse_uri_tcp(char *uri, struct sockaddr *addr) +{ + char *pos, buf[128]; + host_t *host; + u_long port; + int len; + + if (!strpfx(uri, "tcp://")) + { + return -1; + } + uri += strlen("tcp://"); + pos = strrchr(uri, ':'); + if (!pos) + { + return -1; + } + if (*uri == '[' && pos > uri && *(pos - 1) == ']') + { + /* IPv6 URI */ + snprintf(buf, sizeof(buf), "%.*s", (int)(pos - uri - 2), uri + 1); + } + else + { + snprintf(buf, sizeof(buf), "%.*s", (int)(pos - uri), uri); + } + port = strtoul(pos + 1, &pos, 10); + if (port == ULONG_MAX || *pos || port > 65535) + { + return -1; + } + host = host_create_from_dns(buf, AF_UNSPEC, port); + if (!host) + { + return -1; + } + len = *host->get_sockaddr_len(host); + memcpy(addr, host->get_sockaddr(host), len); + host->destroy(host); + return len; +} + +/** + * See header + */ +stream_t *stream_create_tcp(char *uri) +{ + union { + struct sockaddr_in in; + struct sockaddr_in6 in6; + struct sockaddr sa; + } addr; + int fd, len; + + len = stream_parse_uri_tcp(uri, &addr.sa); + if (len == -1) + { + DBG1(DBG_NET, "invalid stream URI: '%s'", uri); + return NULL; + } + fd = socket(addr.sa.sa_family, SOCK_STREAM, 0); + if (fd < 0) + { + DBG1(DBG_NET, "opening socket '%s' failed: %s", uri, strerror(errno)); + return NULL; + } + if (connect(fd, &addr.sa, len)) + { + DBG1(DBG_NET, "connecting to '%s' failed: %s", uri, strerror(errno)); + close(fd); + return NULL; + } + return stream_create_from_fd(fd); +} diff --git a/src/libstrongswan/networking/streams/stream_tcp.h b/src/libstrongswan/networking/streams/stream_tcp.h new file mode 100644 index 000000000..5bf6c8235 --- /dev/null +++ b/src/libstrongswan/networking/streams/stream_tcp.h @@ -0,0 +1,52 @@ +/* + * Copyright (C) 2013 Martin Willi + * Copyright (C) 2013 revosec AG + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup stream_tcp stream_tcp + * @{ @ingroup streams + */ + +#ifndef STREAM_TCP_H_ +#define STREAM_TCP_H_ + +#include + +/** + * Create a stream for TCP sockets. + * + * TCP URIs start with tcp://, followed by a hostname (FQDN or IP), followed + * by a colon separated port. A full TCP uri looks something like: + * + * tcp://srv.example.com:5555 + * tcp://0.0.0.0:1234 + * tcp://[fec2::1]:7654 + * + * There is no default port, so a colon after tcp:// is mandatory. + * + * @param uri TCP socket specific URI, must start with "tcp://" + * @return stream instance, NULL on failure + */ +stream_t *stream_create_tcp(char *uri); + +/** + * Helper function to parse a tcp:// URI to a sockaddr + * + * @param uri URI + * @param addr sockaddr, large enough for URI + * @return length of sockaddr, -1 on error + */ +int stream_parse_uri_tcp(char *uri, struct sockaddr *addr); + +#endif /** STREAM_TCP_H_ @}*/ diff --git a/src/libstrongswan/networking/streams/stream_unix.c b/src/libstrongswan/networking/streams/stream_unix.c new file mode 100644 index 000000000..13e56bc78 --- /dev/null +++ b/src/libstrongswan/networking/streams/stream_unix.c @@ -0,0 +1,69 @@ +/* + * Copyright (C) 2013 Martin Willi + * Copyright (C) 2013 revosec AG + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include +#include +#include +#include + +#include "stream_unix.h" + +/** + * See header + */ +int stream_parse_uri_unix(char *uri, struct sockaddr_un *addr) +{ + if (!strpfx(uri, "unix://")) + { + return -1; + } + uri += strlen("unix://"); + + memset(addr, 0, sizeof(*addr)); + addr->sun_family = AF_UNIX; + strncpy(addr->sun_path, uri, sizeof(addr->sun_path)); + addr->sun_path[sizeof(addr->sun_path)-1] = '\0'; + + return offsetof(struct sockaddr_un, sun_path) + strlen(addr->sun_path); +} + +/** + * See header + */ +stream_t *stream_create_unix(char *uri) +{ + struct sockaddr_un addr; + int len, fd; + + len = stream_parse_uri_unix(uri, &addr); + if (len == -1) + { + DBG1(DBG_NET, "invalid stream URI: '%s'", uri); + return NULL; + } + fd = socket(AF_UNIX, SOCK_STREAM, 0); + if (fd < 0) + { + DBG1(DBG_NET, "opening socket '%s' failed: %s", uri, strerror(errno)); + return NULL; + } + if (connect(fd, (struct sockaddr*)&addr, len) < 0) + { + DBG1(DBG_NET, "connecting to '%s' failed: %s", uri, strerror(errno)); + close(fd); + return NULL; + } + return stream_create_from_fd(fd); +} diff --git a/src/libstrongswan/networking/streams/stream_unix.h b/src/libstrongswan/networking/streams/stream_unix.h new file mode 100644 index 000000000..5204251b3 --- /dev/null +++ b/src/libstrongswan/networking/streams/stream_unix.h @@ -0,0 +1,48 @@ +/* + * Copyright (C) 2013 Martin Willi + * Copyright (C) 2013 revosec AG + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup stream_unix stream_unix + * @{ @ingroup streams + */ + +#ifndef STREAM_UNIX_H_ +#define STREAM_UNIX_H_ + +#include + +/** + * Create a stream for UNIX sockets. + * + * UNIX URIs start with unix://, followed by the socket path. For absolute + * paths, an URI looks something like: + * + * unix:///path/to/socket + * + * @param uri UNIX socket specific URI, must start with "unix://" + * @return stream instance, NULL on failure + */ +stream_t *stream_create_unix(char *uri); + +/** + * Helper function to parse a unix:// URI to a sockaddr + * + * @param uri URI + * @param addr sockaddr + * @return length of sockaddr, -1 on error + */ +int stream_parse_uri_unix(char *uri, struct sockaddr_un *addr); + +#endif /** STREAM_UNIX_H_ @}*/ diff --git a/src/libstrongswan/utils/windows.h b/src/libstrongswan/utils/windows.h index 9761c068a..8c009cabb 100644 --- a/src/libstrongswan/utils/windows.h +++ b/src/libstrongswan/utils/windows.h @@ -261,6 +261,12 @@ int socketpair(int domain, int type, int protocol, int sv[2]); */ #define EWOULDBLOCK EAGAIN +/** + * ECONNRESET is mapped to something arbitrary. It is returned by + * stream->read_all() but should not be mapped from a send/recv WSA error. + */ +#define ECONNRESET ENXIO + /** * recv(2) with support for MSG_DONTWAIT */ From adaa9f39426aad190975944e1c2f751b3b62aaa7 Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Wed, 16 Oct 2013 19:32:15 +0200 Subject: [PATCH 030/138] unit-tests: Use send/recv on socket in watcher tests Windows does not support read/write on sockets. --- src/libstrongswan/tests/suites/test_watcher.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/libstrongswan/tests/suites/test_watcher.c b/src/libstrongswan/tests/suites/test_watcher.c index 9415bead9..451fa0b38 100644 --- a/src/libstrongswan/tests/suites/test_watcher.c +++ b/src/libstrongswan/tests/suites/test_watcher.c @@ -48,7 +48,7 @@ START_TEST(test_read) for (c = 'a'; c <= 'z'; c++) { - ck_assert_int_eq(write(fd[1], &c, 1), 1); + ck_assert_int_eq(send(fd[1], &c, 1, 0), 1); while (testbuf[0] != c) { sched_yield(); @@ -84,7 +84,7 @@ START_TEST(test_write) lib->watcher->add(lib->watcher, fd[1], WATCHER_WRITE, writecb, &in); - ck_assert_int_eq(read(fd[0], &out, 1), 1); + ck_assert_int_eq(recv(fd[0], &out, 1, 0), 1); ck_assert_int_eq(out, in); lib->watcher->remove(lib->watcher, fd[1]); @@ -123,7 +123,7 @@ START_TEST(test_multiread) { for (in = 'a'; in <= 'z'; in++) { - ck_assert_int_eq(write(fd[i][1], &in, 1), 1); + ck_assert_int_eq(send(fd[i][1], &in, 1, 0), 1); while (out[i] != in) { sched_yield(); @@ -171,7 +171,7 @@ START_TEST(test_multiwrite) { for (i = 0; i < countof(fd); i++) { - ck_assert_int_eq(read(fd[i][0], &out, 1), 1); + ck_assert_int_eq(recv(fd[i][0], &out, 1, 0), 1); ck_assert_int_eq(out, i); } } From d8e56dfe32276ff02228bbb88d8d870bb94b2691 Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Thu, 17 Oct 2013 15:09:17 +0200 Subject: [PATCH 031/138] unit-tests: Don't test Unix socket stream/services on Windows --- src/libstrongswan/tests/suites/test_stream.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/libstrongswan/tests/suites/test_stream.c b/src/libstrongswan/tests/suites/test_stream.c index 2d3173d46..899306af2 100644 --- a/src/libstrongswan/tests/suites/test_stream.c +++ b/src/libstrongswan/tests/suites/test_stream.c @@ -18,7 +18,9 @@ #include static char* services[] = { +#ifndef WIN32 "unix:///tmp/strongswan-test-service.sck", +#endif "tcp://127.0.0.1:7766", "tcp://[::1]:7766", }; @@ -121,7 +123,6 @@ START_TEST(test_async) stream_service_t *service; stream_t *stream; - lib->processor->set_threads(lib->processor, 8); service = lib->streams->create_service(lib->streams, services[_i], 1); From a506b922f32bc925a9aaeda88c39eba16141211e Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Thu, 17 Oct 2013 16:23:43 +0200 Subject: [PATCH 032/138] windows: Provide a strdup variant safe when passing zero-length strings --- src/libstrongswan/utils/windows.h | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/src/libstrongswan/utils/windows.h b/src/libstrongswan/utils/windows.h index 8c009cabb..90c92fd60 100644 --- a/src/libstrongswan/utils/windows.h +++ b/src/libstrongswan/utils/windows.h @@ -67,6 +67,21 @@ static inline void srandom(unsigned int seed) srand(seed); } +/** + * strdup(3), the Windows variant can't free(strdup("")) and others + */ +#define strdup strdup_windows +static inline char* strdup_windows(const char *src) +{ + size_t len; + char *dst; + + len = strlen(src) + 1; + dst = malloc(len); + memcpy(dst, src, len); + return dst; +} + /** * Provided via ws2_32 */ From 4189cd2f03d963c8ed31a21050201b2731eda4c5 Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Thu, 17 Oct 2013 17:12:34 +0200 Subject: [PATCH 033/138] windows: Link libhydra against Winsock2 --- src/libhydra/Makefile.am | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/libhydra/Makefile.am b/src/libhydra/Makefile.am index f7ae37f98..50964e689 100644 --- a/src/libhydra/Makefile.am +++ b/src/libhydra/Makefile.am @@ -14,6 +14,10 @@ kernel/kernel_listener.h libhydra_la_LIBADD = \ $(top_builddir)/src/libstrongswan/libstrongswan.la +if USE_WINDOWS + libhydra_la_LIBADD += -lws2_32 +endif + AM_CPPFLAGS = \ -I$(top_srcdir)/src/libstrongswan \ -DIPSEC_DIR=\"${ipsecdir}\" \ From eb94f585954bf9f1ea0abc16e8d1413aaf265ac4 Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Wed, 28 May 2014 12:15:10 +0200 Subject: [PATCH 034/138] strerror: Don't directly depend on pthread --- src/libstrongswan/utils/utils.c | 2 + src/libstrongswan/utils/utils/strerror.c | 126 ++++++++++++++++------- src/libstrongswan/utils/utils/strerror.h | 10 ++ 3 files changed, 100 insertions(+), 38 deletions(-) diff --git a/src/libstrongswan/utils/utils.c b/src/libstrongswan/utils/utils.c index 81eb2acec..8ed0a25dd 100644 --- a/src/libstrongswan/utils/utils.c +++ b/src/libstrongswan/utils/utils.c @@ -55,6 +55,7 @@ void utils_init() #ifdef WIN32 windows_init(); #endif /* WIN32 */ + strerror_init(); } /** @@ -65,6 +66,7 @@ void utils_deinit() #ifdef WIN32 windows_deinit(); #endif /* WIN32 */ + strerror_deinit(); } /** diff --git a/src/libstrongswan/utils/utils/strerror.c b/src/libstrongswan/utils/utils/strerror.c index 95e463f5f..d35bbec68 100644 --- a/src/libstrongswan/utils/utils/strerror.c +++ b/src/libstrongswan/utils/utils/strerror.c @@ -15,7 +15,10 @@ #include #include -#include + +#include +#include +#include #include "strerror.h" @@ -25,22 +28,16 @@ #define STRERROR_BUF_LEN 256 /** - * Key to store thread-specific error buffer + * Thread specific strerror buffer, as char* */ -static pthread_key_t strerror_buf_key; +static thread_value_t *strerror_buf; +#ifndef HAVE_STRERROR_R /** - * Only initialize the key above once + * Lock to access strerror() safely */ -static pthread_once_t strerror_buf_key_once = PTHREAD_ONCE_INIT; - -/** - * Create the key used for the thread-specific error buffer - */ -static void create_strerror_buf_key() -{ - pthread_key_create(&strerror_buf_key, free); -} +static spinlock_t *strerror_lock; +#endif /* HAVE_STRERROR_R */ /** * Retrieve the error buffer assigned to the current thread (or create it) @@ -48,50 +45,103 @@ static void create_strerror_buf_key() static inline char *get_strerror_buf() { char *buf; + bool old = FALSE; - pthread_once(&strerror_buf_key_once, create_strerror_buf_key); - buf = pthread_getspecific(strerror_buf_key); + if (!strerror_buf) + { + return NULL; + } + + buf = strerror_buf->get(strerror_buf); if (!buf) { + if (lib->leak_detective) + { + old = lib->leak_detective->set_state(lib->leak_detective, FALSE); + } buf = malloc(STRERROR_BUF_LEN); - pthread_setspecific(strerror_buf_key, buf); + strerror_buf->set(strerror_buf, buf); + if (lib->leak_detective) + { + lib->leak_detective->set_state(lib->leak_detective, old); + } } return buf; } -#ifdef HAVE_STRERROR_R +/** + * Use real strerror() below + */ +#undef strerror + /* * Described in header. */ const char *strerror_safe(int errnum) { - char *buf = get_strerror_buf(), *msg; + char *buf, *msg; -#ifdef STRERROR_R_CHAR_P + buf = get_strerror_buf(); + if (!buf) + { + /* library not initialized? fallback */ + return strerror(errnum); + } +#ifdef HAVE_STRERROR_R +# ifdef STRERROR_R_CHAR_P /* char* version which may or may not return the original buffer */ msg = strerror_r(errnum, buf, STRERROR_BUF_LEN); -#else +# else /* int version returns 0 on success */ msg = strerror_r(errnum, buf, STRERROR_BUF_LEN) ? "Unknown error" : buf; -#endif +# endif +#else /* HAVE_STRERROR_R */ + /* use a lock to ensure calling strerror(3) is thread-safe */ + strerror_lock->lock(strerror_lock); + msg = strncpy(buf, strerror(errnum), STRERROR_BUF_LEN); + strerror_lock->unlock(strerror_lock); + buf[STRERROR_BUF_LEN - 1] = '\0'; +#endif /* HAVE_STRERROR_R */ return msg; } -#else /* HAVE_STRERROR_R */ -/* we actually wan't to call strerror(3) below */ -#undef strerror -/* - * Described in header. - */ -const char *strerror_safe(int errnum) -{ - static pthread_mutex_t mutex = PTHREAD_MUTEX_INITIALIZER; - char *buf = get_strerror_buf(); - /* use a mutex to ensure calling strerror(3) is thread-safe */ - pthread_mutex_lock(&mutex); - strncpy(buf, strerror(errnum), STRERROR_BUF_LEN); - pthread_mutex_unlock(&mutex); - buf[STRERROR_BUF_LEN - 1] = '\0'; - return buf; +/** + * free() with disabled leak detective + */ +static void free_no_ld(void *buf) +{ + bool old = FALSE; + + if (lib->leak_detective) + { + old = lib->leak_detective->set_state(lib->leak_detective, FALSE); + } + free(buf); + if (lib->leak_detective) + { + lib->leak_detective->set_state(lib->leak_detective, old); + } +} + +/** + * See header + */ +void strerror_init() +{ + strerror_buf = thread_value_create(free_no_ld); +#ifndef HAVE_STRERROR_R + strerror_lock = spinlock_create(); +#endif +} + +/** + * See header + */ +void strerror_deinit() +{ + strerror_buf->destroy(strerror_buf); + strerror_buf = NULL; +#ifndef HAVE_STRERROR_R + strerror_lock->destroy(strerror_lock); +#endif } -#endif /* HAVE_STRERROR_R */ diff --git a/src/libstrongswan/utils/utils/strerror.h b/src/libstrongswan/utils/utils/strerror.h index 2cb76f12e..e1b063842 100644 --- a/src/libstrongswan/utils/utils/strerror.h +++ b/src/libstrongswan/utils/utils/strerror.h @@ -32,6 +32,16 @@ */ const char *strerror_safe(int errnum); +/** + * Initialize strerror_safe() + */ +void strerror_init(); + +/** + * Deinitialize strerror_safe() + */ +void strerror_deinit(); + /** * Replace usages of strerror(3) with thread-safe variant. */ From f1c9653e042452f98e810162904f008b071687f9 Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Wed, 28 May 2014 12:17:15 +0200 Subject: [PATCH 035/138] utils: Don't directly depend on pthread --- src/libstrongswan/utils/utils.c | 93 +++++++++++++++++++-------------- 1 file changed, 53 insertions(+), 40 deletions(-) diff --git a/src/libstrongswan/utils/utils.c b/src/libstrongswan/utils/utils.c index 8ed0a25dd..70fd1cb31 100644 --- a/src/libstrongswan/utils/utils.c +++ b/src/libstrongswan/utils/utils.c @@ -24,13 +24,12 @@ #include #include #include -#include -#include "utils.h" - -#include "collections/enumerator.h" -#include "utils/debug.h" -#include "utils/chunk.h" +#include +#include +#include +#include +#include ENUM(status_names, SUCCESS, NEED_MORE, "SUCCESS", @@ -47,28 +46,6 @@ ENUM(status_names, SUCCESS, NEED_MORE, "NEED_MORE", ); -/** - * See header - */ -void utils_init() -{ -#ifdef WIN32 - windows_init(); -#endif /* WIN32 */ - strerror_init(); -} - -/** - * See header - */ -void utils_deinit() -{ -#ifdef WIN32 - windows_deinit(); -#endif /* WIN32 */ - strerror_deinit(); -} - /** * Described in header. */ @@ -547,9 +524,9 @@ void nop() #if !defined(HAVE_GCC_ATOMIC_OPERATIONS) && !defined(HAVE_GCC_SYNC_OPERATIONS) /** - * We use a single mutex for all refcount variables. + * Spinlock for ref_get/put */ -static pthread_mutex_t ref_mutex = PTHREAD_MUTEX_INITIALIZER; +static spinlock_t *ref_lock; /** * Increase refcount @@ -558,9 +535,10 @@ refcount_t ref_get(refcount_t *ref) { refcount_t current; - pthread_mutex_lock(&ref_mutex); + ref_lock->lock(ref_lock); current = ++(*ref); - pthread_mutex_unlock(&ref_mutex); + ref_lock->unlock(ref_lock); + return current; } @@ -571,9 +549,9 @@ bool ref_put(refcount_t *ref) { bool more_refs; - pthread_mutex_lock(&ref_mutex); + ref_lock->lock(ref_lock); more_refs = --(*ref) > 0; - pthread_mutex_unlock(&ref_mutex); + ref_lock->unlock(ref_lock); return !more_refs; } @@ -584,16 +562,17 @@ refcount_t ref_cur(refcount_t *ref) { refcount_t current; - pthread_mutex_lock(&ref_mutex); + ref_lock->lock(ref_lock); current = *ref; - pthread_mutex_unlock(&ref_mutex); + ref_lock->unlock(ref_lock); + return current; } /** - * Single mutex for all compare and swap operations. + * Spinlock for all compare and swap operations. */ -static pthread_mutex_t cas_mutex = PTHREAD_MUTEX_INITIALIZER; +static spinlock_t *cas_lock; /** * Compare and swap if equal to old value @@ -602,9 +581,9 @@ static pthread_mutex_t cas_mutex = PTHREAD_MUTEX_INITIALIZER; bool cas_##name(type *ptr, type oldval, type newval) \ { \ bool swapped; \ - pthread_mutex_lock(&cas_mutex); \ + cas_lock->lock(cas_lock); \ if ((swapped = (*ptr == oldval))) { *ptr = newval; } \ - pthread_mutex_unlock(&cas_mutex); \ + cas_lock->unlock(cas_lock); \ return swapped; \ } @@ -658,6 +637,40 @@ FILE *fmemopen(void *buf, size_t size, const char *mode) #endif /* FMEMOPEN fallback*/ +/** + * See header + */ +void utils_init() +{ +#ifdef WIN32 + windows_init(); +#endif + +#if !defined(HAVE_GCC_ATOMIC_OPERATIONS) && !defined(HAVE_GCC_SYNC_OPERATIONS) + ref_lock = spinlock_create(); + cas_lock = spinlock_create(); +#endif + + strerror_init(); +} + +/** + * See header + */ +void utils_deinit() +{ +#ifdef WIN32 + windows_deinit(); +#endif + +#if !defined(HAVE_GCC_ATOMIC_OPERATIONS) && !defined(HAVE_GCC_SYNC_OPERATIONS) + ref_lock->destroy(ref_lock); + cas_lock->destroy(cas_lock); +#endif + + strerror_deinit(); +} + /** * Described in header. */ From c46cee6f6d4c2ad93ddf183d21bc42bd94de70b8 Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Fri, 18 Oct 2013 15:04:55 +0200 Subject: [PATCH 036/138] chunk: Don't depend on pthread directly --- src/libstrongswan/library.c | 9 +++++++++ src/libstrongswan/utils/chunk.c | 18 +++++------------- src/libstrongswan/utils/chunk.h | 8 ++++++++ 3 files changed, 22 insertions(+), 13 deletions(-) diff --git a/src/libstrongswan/library.c b/src/libstrongswan/library.c index b06a2d5a5..c5850e155 100644 --- a/src/libstrongswan/library.c +++ b/src/libstrongswan/library.c @@ -242,6 +242,7 @@ bool library_init(char *settings, const char *namespace) { private_library_t *this; printf_hook_t *pfh; + static bool seeded = FALSE; if (lib) { /* already initialized, increase refcount */ @@ -250,6 +251,14 @@ bool library_init(char *settings, const char *namespace) return !this->integrity_failed; } + if (!seeded) + { + /* we do this just once to allow hash table lifetimes longer than + * one init/deinit cycle. */ + seeded = TRUE; + chunk_hash_seed(); + } + INIT(this, .public = { .get = _get, diff --git a/src/libstrongswan/utils/chunk.c b/src/libstrongswan/utils/chunk.c index 47181719a..dd84d5106 100644 --- a/src/libstrongswan/utils/chunk.c +++ b/src/libstrongswan/utils/chunk.c @@ -24,8 +24,8 @@ #include #include #include -#include #include +#include #include "chunk.h" @@ -884,9 +884,9 @@ u_int64_t chunk_mac(chunk_t chunk, u_char *key) } /** - * Secret key allocated randomly during first use. + * Secret key allocated randomly with chunk_hash_seed(). */ -static u_char key[16]; +static u_char key[16] = {}; /** * Static key used in case predictable hash values are required. @@ -895,15 +895,9 @@ static u_char static_key[] = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}; /** - * Only allocate the key once + * See header */ -static pthread_once_t key_allocated = PTHREAD_ONCE_INIT; - -/** - * Allocate a key on first use, we do this manually to avoid dependencies on - * plugins. - */ -static void allocate_key() +void chunk_hash_seed() { ssize_t len; size_t done = 0; @@ -939,7 +933,6 @@ static void allocate_key() */ u_int32_t chunk_hash_inc(chunk_t chunk, u_int32_t hash) { - pthread_once(&key_allocated, allocate_key); /* we could use a mac of the previous hash, but this is faster */ return chunk_mac_inc(chunk, key, ((u_int64_t)hash) << 32 | hash); } @@ -949,7 +942,6 @@ u_int32_t chunk_hash_inc(chunk_t chunk, u_int32_t hash) */ u_int32_t chunk_hash(chunk_t chunk) { - pthread_once(&key_allocated, allocate_key); return chunk_mac(chunk, key); } diff --git a/src/libstrongswan/utils/chunk.h b/src/libstrongswan/utils/chunk.h index 5a052a013..760f922e1 100644 --- a/src/libstrongswan/utils/chunk.h +++ b/src/libstrongswan/utils/chunk.h @@ -339,6 +339,14 @@ bool chunk_increment(chunk_t chunk); */ bool chunk_printable(chunk_t chunk, chunk_t *sane, char replace); +/** + * Seed initial key for chunk_hash(). + * + * This call should get invoked once during startup. This is usually done + * by calling library_init(). + */ +void chunk_hash_seed(); + /** * Computes a 32 bit hash of the given chunk. * From 965e846cc31050078399f724ecc1d67b1937bcd8 Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Mon, 21 Oct 2013 13:00:29 +0200 Subject: [PATCH 037/138] library: Change init/deinit order to allow utils to depend on threading --- src/libstrongswan/library.c | 9 +++++---- src/libstrongswan/tests/test_runner.c | 3 +++ 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/src/libstrongswan/library.c b/src/libstrongswan/library.c index c5850e155..93ff8400f 100644 --- a/src/libstrongswan/library.c +++ b/src/libstrongswan/library.c @@ -141,12 +141,13 @@ void library_deinit() { lib->leak_detective->report(lib->leak_detective, detailed); lib->leak_detective->destroy(lib->leak_detective); + lib->leak_detective = NULL; } - arrays_deinit(); - threads_deinit(); backtrace_deinit(); + arrays_deinit(); utils_deinit(); + threads_deinit(); free((void*)this->public.ns); free(this); @@ -269,10 +270,10 @@ bool library_init(char *settings, const char *namespace) ); lib = &this->public; - utils_init(); - backtrace_init(); threads_init(); + utils_init(); arrays_init(); + backtrace_init(); #ifdef LEAK_DETECTIVE lib->leak_detective = leak_detective_create(); diff --git a/src/libstrongswan/tests/test_runner.c b/src/libstrongswan/tests/test_runner.c index 1f11050f4..4684eb18d 100644 --- a/src/libstrongswan/tests/test_runner.c +++ b/src/libstrongswan/tests/test_runner.c @@ -18,6 +18,7 @@ #include "test_runner.h" #include +#include #include #include #include @@ -372,6 +373,7 @@ static void print_failures(array_t *failures) { failure_t failure; + threads_init(); backtrace_init(); while (array_remove(failures, 0, &failure)) @@ -391,6 +393,7 @@ static void print_failures(array_t *failures) } backtrace_deinit(); + threads_deinit(); } /** From 4de7401a980db8e1b074e74723a8aa84c8621d16 Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Fri, 18 Oct 2013 14:19:32 +0200 Subject: [PATCH 038/138] windows: Provide a time_monotonic() based on GetTickCount64() --- src/libstrongswan/utils/utils.c | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/src/libstrongswan/utils/utils.c b/src/libstrongswan/utils/utils.c index 70fd1cb31..dc0608627 100644 --- a/src/libstrongswan/utils/utils.c +++ b/src/libstrongswan/utils/utils.c @@ -15,6 +15,13 @@ */ #define _GNU_SOURCE /* for memrchr */ +#ifdef WIN32 +/* for GetTickCount64, Windows 7 */ +# define _WIN32_WINNT 0x0601 +#endif + +#include "utils.h" + #include #include #include @@ -441,6 +448,19 @@ void closefrom(int lowfd) */ time_t time_monotonic(timeval_t *tv) { +#ifdef WIN32 + ULONGLONG ms; + time_t s; + + ms = GetTickCount64(); + s = ms / 1000; + if (tv) + { + tv->tv_sec = s; + tv->tv_usec = (ms - (s * 1000)) * 1000; + } + return s; +#else /* !WIN32 */ #if defined(HAVE_CLOCK_GETTIME) && \ (defined(HAVE_CONDATTR_CLOCK_MONOTONIC) || \ defined(HAVE_PTHREAD_COND_TIMEDWAIT_MONOTONIC)) @@ -472,6 +492,7 @@ time_t time_monotonic(timeval_t *tv) return -1; } return tv->tv_sec; +#endif /* !WIN32 */ } /** From 5f35b73344e5e20c2579a90e4ea36796e0c5cc56 Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Mon, 10 Mar 2014 17:06:57 +0100 Subject: [PATCH 039/138] libipsec: Avoid name clash with sched.h clone() --- src/libipsec/esp_packet.c | 4 ++-- src/libipsec/ip_packet.c | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/src/libipsec/esp_packet.c b/src/libipsec/esp_packet.c index ebe13ce77..822302280 100644 --- a/src/libipsec/esp_packet.c +++ b/src/libipsec/esp_packet.c @@ -115,7 +115,7 @@ METHOD(packet_t, skip_bytes, void, return this->packet->skip_bytes(this->packet, bytes); } -METHOD(packet_t, clone, packet_t*, +METHOD(packet_t, clone_, packet_t*, private_esp_packet_t *this) { private_esp_packet_t *pkt; @@ -414,7 +414,7 @@ static private_esp_packet_t *esp_packet_create_internal(packet_t *packet) .get_dscp = _get_dscp, .set_dscp = _set_dscp, .skip_bytes = _skip_bytes, - .clone = _clone, + .clone = _clone_, .destroy = _destroy, }, .get_source = _get_source, diff --git a/src/libipsec/ip_packet.c b/src/libipsec/ip_packet.c index ede9d100a..181cb88db 100644 --- a/src/libipsec/ip_packet.c +++ b/src/libipsec/ip_packet.c @@ -95,7 +95,7 @@ METHOD(ip_packet_t, get_next_header, u_int8_t, return this->next_header; } -METHOD(ip_packet_t, clone, ip_packet_t*, +METHOD(ip_packet_t, clone_, ip_packet_t*, private_ip_packet_t *this) { return ip_packet_create(chunk_clone(this->packet)); @@ -183,7 +183,7 @@ ip_packet_t *ip_packet_create(chunk_t packet) .get_destination = _get_destination, .get_next_header = _get_next_header, .get_encoding = _get_encoding, - .clone = _clone, + .clone = _clone_, .destroy = _destroy, }, .src = src, From 266ee0a190beb026335a9f51b25edf721825b609 Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Wed, 23 Oct 2013 16:44:14 +0200 Subject: [PATCH 040/138] windows: Provide a sched_yield() implementation --- src/libstrongswan/credentials/sets/cert_cache.c | 1 - src/libstrongswan/tests/suites/test_threading.c | 1 - src/libstrongswan/tests/suites/test_watcher.c | 1 - src/libstrongswan/utils/utils.h | 1 + src/libstrongswan/utils/windows.h | 9 +++++++++ 5 files changed, 10 insertions(+), 3 deletions(-) diff --git a/src/libstrongswan/credentials/sets/cert_cache.c b/src/libstrongswan/credentials/sets/cert_cache.c index e8f0e7ec0..563f4bdd5 100644 --- a/src/libstrongswan/credentials/sets/cert_cache.c +++ b/src/libstrongswan/credentials/sets/cert_cache.c @@ -16,7 +16,6 @@ #include "cert_cache.h" #include -#include #include #include diff --git a/src/libstrongswan/tests/suites/test_threading.c b/src/libstrongswan/tests/suites/test_threading.c index 496310c8c..0526d9d6e 100644 --- a/src/libstrongswan/tests/suites/test_threading.c +++ b/src/libstrongswan/tests/suites/test_threading.c @@ -16,7 +16,6 @@ #include "test_suite.h" -#include #include #include diff --git a/src/libstrongswan/tests/suites/test_watcher.c b/src/libstrongswan/tests/suites/test_watcher.c index 451fa0b38..11b4c3a7d 100644 --- a/src/libstrongswan/tests/suites/test_watcher.c +++ b/src/libstrongswan/tests/suites/test_watcher.c @@ -17,7 +17,6 @@ #include -#include #include #include diff --git a/src/libstrongswan/utils/utils.h b/src/libstrongswan/utils/utils.h index c14b9c11e..ced47a4b8 100644 --- a/src/libstrongswan/utils/utils.h +++ b/src/libstrongswan/utils/utils.h @@ -36,6 +36,7 @@ # include # include # include +# include #endif /** diff --git a/src/libstrongswan/utils/windows.h b/src/libstrongswan/utils/windows.h index 90c92fd60..83a6d6253 100644 --- a/src/libstrongswan/utils/windows.h +++ b/src/libstrongswan/utils/windows.h @@ -67,6 +67,15 @@ static inline void srandom(unsigned int seed) srand(seed); } +/** + * Replacement of sched_yield(2) from + */ +static inline int sched_yield(void) +{ + Sleep(0); + return 0; +} + /** * strdup(3), the Windows variant can't free(strdup("")) and others */ From 986a577097f8aeb5b5dda16a5c148e3fa02aba4a Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Mon, 21 Oct 2013 16:58:54 +0200 Subject: [PATCH 041/138] windows: Add a sleep function acting as cancellation point --- src/libstrongswan/utils/windows.h | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/src/libstrongswan/utils/windows.h b/src/libstrongswan/utils/windows.h index 83a6d6253..afa524242 100644 --- a/src/libstrongswan/utils/windows.h +++ b/src/libstrongswan/utils/windows.h @@ -76,6 +76,15 @@ static inline int sched_yield(void) return 0; } +/** + * Replacement of sleep(3), cancellable by thread_cancel() + */ +static inline int sleep(unsigned int seconds) +{ + SleepEx(seconds * 1000, TRUE); + return 0; +} + /** * strdup(3), the Windows variant can't free(strdup("")) and others */ From a48570a046d593e3f603e031e294527a9cf31cdb Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Wed, 23 Oct 2013 15:50:10 +0200 Subject: [PATCH 042/138] windows: Provide a cancellable usleep(), but with ms resolution only --- src/libstrongswan/utils/windows.c | 13 +++++++++++++ src/libstrongswan/utils/windows.h | 5 +++++ 2 files changed, 18 insertions(+) diff --git a/src/libstrongswan/utils/windows.c b/src/libstrongswan/utils/windows.c index a0ff6b84b..4a6a35eff 100644 --- a/src/libstrongswan/utils/windows.c +++ b/src/libstrongswan/utils/windows.c @@ -36,6 +36,19 @@ void windows_deinit() WSACleanup(); } +/** + * See header + */ +int usleep(useconds_t usec) +{ + if (usec > 0 && usec < 1000) + { /* do not Sleep(0) for small values */ + usec = 1000; + } + SleepEx(usec / 1000, TRUE); + return 0; +} + /** * See header */ diff --git a/src/libstrongswan/utils/windows.h b/src/libstrongswan/utils/windows.h index afa524242..8e6fd80b1 100644 --- a/src/libstrongswan/utils/windows.h +++ b/src/libstrongswan/utils/windows.h @@ -85,6 +85,11 @@ static inline int sleep(unsigned int seconds) return 0; } +/** + * Replacement of usleep(3), cancellable, ms resolution only + */ +int usleep(useconds_t usec); + /** * strdup(3), the Windows variant can't free(strdup("")) and others */ From 0fa9c958114f902c55f4922631e2ca4e5e77c736 Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Mon, 21 Oct 2013 18:07:51 +0200 Subject: [PATCH 043/138] windows: Provide a complete native Windows threading backend --- src/libstrongswan/Makefile.am | 21 +- src/libstrongswan/threading/windows/mutex.c | 197 ++++++ src/libstrongswan/threading/windows/rwlock.c | 221 +++++++ .../threading/windows/semaphore.c | 101 +++ .../threading/windows/spinlock.c | 79 +++ src/libstrongswan/threading/windows/thread.c | 619 ++++++++++++++++++ src/libstrongswan/threading/windows/thread.h | 92 +++ .../threading/windows/thread_value.c | 183 ++++++ 8 files changed, 1509 insertions(+), 4 deletions(-) create mode 100644 src/libstrongswan/threading/windows/mutex.c create mode 100644 src/libstrongswan/threading/windows/rwlock.c create mode 100644 src/libstrongswan/threading/windows/semaphore.c create mode 100644 src/libstrongswan/threading/windows/spinlock.c create mode 100644 src/libstrongswan/threading/windows/thread.c create mode 100644 src/libstrongswan/threading/windows/thread.h create mode 100644 src/libstrongswan/threading/windows/thread_value.c diff --git a/src/libstrongswan/Makefile.am b/src/libstrongswan/Makefile.am index df1f0260e..2602a9eba 100644 --- a/src/libstrongswan/Makefile.am +++ b/src/libstrongswan/Makefile.am @@ -33,14 +33,18 @@ processing/jobs/callback_job.c processing/processor.c processing/scheduler.c \ processing/watcher.c resolver/resolver_manager.c resolver/rr_set.c \ selectors/traffic_selector.c settings/settings.c settings/settings_types.c \ settings/settings_parser.y settings/settings_lexer.l \ -threading/thread.c threading/thread_value.c threading/mutex.c \ -threading/semaphore.c threading/rwlock.c threading/spinlock.c \ utils/utils.c utils/chunk.c utils/debug.c utils/enum.c utils/identification.c \ utils/lexparser.c utils/optionsfrom.c utils/capabilities.c utils/backtrace.c \ utils/parser_helper.c utils/test.c utils/utils/strerror.c if !USE_WINDOWS libstrongswan_la_SOURCES += \ + threading/thread.c \ + threading/thread_value.c \ + threading/mutex.c \ + threading/rwlock.c \ + threading/spinlock.c \ + threading/semaphore.c \ networking/streams/stream_unix.c \ networking/streams/stream_service_unix.c endif @@ -89,7 +93,8 @@ resolver/rr.h resolver/resolver_manager.h \ plugins/plugin_loader.h plugins/plugin.h plugins/plugin_feature.h \ processing/jobs/job.h processing/jobs/callback_job.h processing/processor.h \ processing/scheduler.h processing/watcher.h selectors/traffic_selector.h \ -settings/settings.h threading/thread.h threading/thread_value.h \ +settings/settings.h threading/thread_value.h \ +threading/thread.h threading/windows/thread.h \ threading/mutex.h threading/condvar.h threading/spinlock.h threading/semaphore.h \ threading/rwlock.h threading/rwlock_condvar.h threading/lock_profiler.h \ utils/utils.h utils/chunk.h utils/debug.h utils/enum.h utils/identification.h \ @@ -102,7 +107,7 @@ endif library.lo : $(top_builddir)/config.status -libstrongswan_la_LIBADD = $(PTHREADLIB) $(DLLIB) $(BTLIB) $(SOCKLIB) $(RTLIB) $(BFDLIB) $(UNWINDLIB) +libstrongswan_la_LIBADD = $(DLLIB) $(BTLIB) $(SOCKLIB) $(RTLIB) $(BFDLIB) $(UNWINDLIB) AM_CPPFLAGS = \ -I$(top_srcdir)/src/libstrongswan \ @@ -122,7 +127,15 @@ AM_YFLAGS = -v -d if USE_WINDOWS libstrongswan_la_LIBADD += -lws2_32 libstrongswan_la_SOURCES += \ + threading/windows/thread.c \ + threading/windows/thread_value.c \ + threading/windows/mutex.c \ + threading/windows/rwlock.c \ + threading/windows/spinlock.c \ + threading/windows/semaphore.c \ utils/windows.c +else + libstrongswan_la_LIBADD += $(PTHREADLIB) endif if USE_DBGHELP diff --git a/src/libstrongswan/threading/windows/mutex.c b/src/libstrongswan/threading/windows/mutex.c new file mode 100644 index 000000000..873cb8f98 --- /dev/null +++ b/src/libstrongswan/threading/windows/mutex.c @@ -0,0 +1,197 @@ +/* + * Copyright (C) 2013 Martin Willi + * Copyright (C) 2013 revosec AG + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include +#include +#include +#include + +#include "thread.h" + +typedef struct private_mutex_t private_mutex_t; +typedef struct private_condvar_t private_condvar_t; + +/** + * private data of mutex + */ +struct private_mutex_t { + + /** + * public functions + */ + mutex_t public; + + /** + * wrapped critical section + */ + CRITICAL_SECTION cs; + + /** + * Recursive lock count + */ + u_int times; +}; + +/** + * private data of condvar + */ +struct private_condvar_t { + + /** + * public functions + */ + condvar_t public; + + /** + * wrapped condition variable + */ + CONDITION_VARIABLE cv; +}; + + +METHOD(mutex_t, lock, void, + private_mutex_t *this) +{ + EnterCriticalSection(&this->cs); + this->times++; +} + +METHOD(mutex_t, unlock, void, + private_mutex_t *this) +{ + this->times--; + LeaveCriticalSection(&this->cs); +} + +METHOD(mutex_t, mutex_destroy, void, + private_mutex_t *this) +{ + DeleteCriticalSection(&this->cs); + free(this); +} + +/* + * see header file + */ +mutex_t *mutex_create(mutex_type_t type) +{ + private_mutex_t *this; + + INIT(this, + .public = { + .lock = _lock, + .unlock = _unlock, + .destroy = _mutex_destroy, + }, + ); + + /* CriticalSections are recursive, we use it for all mutex types. */ + InitializeCriticalSection(&this->cs); + + return &this->public; +} + +METHOD(condvar_t, timed_wait, bool, + private_condvar_t *this, mutex_t *pubmutex, u_int timeout) +{ + private_mutex_t *mutex = (private_mutex_t*)pubmutex; + u_int times; + bool ret; + + thread_set_active_condvar(&this->cv); + + /* while a CriticalSection is recursive, waiting in a condvar releases + * only one mutex. So release (and reaquire) all locks except the last. */ + times = mutex->times; + while (mutex->times-- > 1) + { + LeaveCriticalSection(&mutex->cs); + } + + ret = SleepConditionVariableCS(&this->cv, &mutex->cs, timeout); + + while (++mutex->times < times) + { + EnterCriticalSection(&mutex->cs); + } + + thread_set_active_condvar(NULL); + + return ret == 0; +} + +METHOD(condvar_t, wait_, void, + private_condvar_t *this, mutex_t *mutex) +{ + timed_wait(this, mutex, INFINITE); +} + +METHOD(condvar_t, timed_wait_abs, bool, + private_condvar_t *this, mutex_t *mutex, timeval_t tv) +{ + DWORD timeout; + timeval_t now, diff; + + time_monotonic(&now); + if (timercmp(&now, &tv, >)) + { + return TRUE; + } + timersub(&tv, &now, &diff); + timeout = diff.tv_sec * 1000 + diff.tv_usec / 1000; + + return timed_wait(this, mutex, timeout); +} + +METHOD(condvar_t, signal_, void, + private_condvar_t *this) +{ + WakeConditionVariable(&this->cv); +} + +METHOD(condvar_t, broadcast, void, + private_condvar_t *this) +{ + WakeAllConditionVariable(&this->cv); +} + +METHOD(condvar_t, condvar_destroy, void, + private_condvar_t *this) +{ + free(this); +} + +/* + * see header file + */ +condvar_t *condvar_create(condvar_type_t type) +{ + private_condvar_t *this; + + INIT(this, + .public = { + .wait = _wait_, + .timed_wait = _timed_wait, + .timed_wait_abs = _timed_wait_abs, + .signal = _signal_, + .broadcast = _broadcast, + .destroy = _condvar_destroy, + } + ); + + InitializeConditionVariable(&this->cv); + + return &this->public; +} diff --git a/src/libstrongswan/threading/windows/rwlock.c b/src/libstrongswan/threading/windows/rwlock.c new file mode 100644 index 000000000..b27ef0035 --- /dev/null +++ b/src/libstrongswan/threading/windows/rwlock.c @@ -0,0 +1,221 @@ +/* + * Copyright (C) 2013 Martin Willi + * Copyright (C) 2013 revosec AG + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include +#include +#include +#include +#include + +#include "thread.h" + +typedef struct private_rwlock_t private_rwlock_t; +typedef struct private_rwlock_condvar_t private_rwlock_condvar_t; + +/** + * private data of rwlock + */ +struct private_rwlock_t { + + /** + * public functions + */ + rwlock_t public; + + /** + * wrapped rwlock + */ + SRWLOCK srw; + + /** + * Thread specific shared lock count + */ + thread_value_t *shared; +}; + +/** + * private data of condvar + */ +struct private_rwlock_condvar_t { + + /** + * public interface + */ + rwlock_condvar_t public; + + /** + * condition variable + */ + CONDITION_VARIABLE cv; +}; + +METHOD(rwlock_t, read_lock, void, + private_rwlock_t *this) +{ + uintptr_t count; + + /* Recursive read locks are not supported. Use a thread specific + * recursiveness counter. */ + + count = (uintptr_t)this->shared->get(this->shared); + if (count == 0) + { + AcquireSRWLockShared(&this->srw); + } + this->shared->set(this->shared, (void*)(count + 1)); +} + +METHOD(rwlock_t, write_lock, void, + private_rwlock_t *this) +{ + AcquireSRWLockExclusive(&this->srw); +} + +METHOD(rwlock_t, try_write_lock, bool, + private_rwlock_t *this) +{ + /* TODO: causes random failures and segfaults. Bug? */ + return FALSE; + return TryAcquireSRWLockExclusive(&this->srw); +} + +METHOD(rwlock_t, unlock, void, + private_rwlock_t *this) +{ + uintptr_t count; + + count = (uintptr_t)this->shared->get(this->shared); + switch (count) + { + case 0: + ReleaseSRWLockExclusive(&this->srw); + break; + case 1: + ReleaseSRWLockShared(&this->srw); + /* fall */ + default: + this->shared->set(this->shared, (void*)(count - 1)); + break; + } +} + +METHOD(rwlock_t, destroy, void, + private_rwlock_t *this) +{ + this->shared->destroy(this->shared); + free(this); +} + +/* + * see header file + */ +rwlock_t *rwlock_create(rwlock_type_t type) +{ + private_rwlock_t *this; + + INIT(this, + .public = { + .read_lock = _read_lock, + .write_lock = _write_lock, + .try_write_lock = _try_write_lock, + .unlock = _unlock, + .destroy = _destroy, + }, + .shared = thread_value_create(NULL), + ); + + InitializeSRWLock(&this->srw); + + return &this->public; +} + +METHOD(rwlock_condvar_t, timed_wait, bool, + private_rwlock_condvar_t *this, rwlock_t *pubrwlock, u_int timeout) +{ + private_rwlock_t *rwlock = (private_rwlock_t*)pubrwlock; + bool ret; + + thread_set_active_condvar(&this->cv); + + ret = SleepConditionVariableSRW(&this->cv, &rwlock->srw, timeout, 0); + + thread_set_active_condvar(NULL); + + return ret == 0; +} + +METHOD(rwlock_condvar_t, wait_, void, + private_rwlock_condvar_t *this, rwlock_t *lock) +{ + timed_wait(this, lock, INFINITE); +} + +METHOD(rwlock_condvar_t, timed_wait_abs, bool, + private_rwlock_condvar_t *this, rwlock_t *lock, timeval_t tv) +{ + DWORD timeout; + timeval_t now, diff; + + time_monotonic(&now); + if (timercmp(&now, &tv, >)) + { + return TRUE; + } + timersub(&tv, &now, &diff); + timeout = diff.tv_sec * 1000 + diff.tv_usec / 1000; + + return timed_wait(this, lock, timeout); +} + +METHOD(rwlock_condvar_t, signal_, void, + private_rwlock_condvar_t *this) +{ + WakeConditionVariable(&this->cv); +} + +METHOD(rwlock_condvar_t, broadcast, void, + private_rwlock_condvar_t *this) +{ + WakeAllConditionVariable(&this->cv); +} + +METHOD(rwlock_condvar_t, condvar_destroy, void, + private_rwlock_condvar_t *this) +{ + free(this); +} + +/* + * see header file + */ +rwlock_condvar_t *rwlock_condvar_create() +{ + private_rwlock_condvar_t *this; + + INIT(this, + .public = { + .wait = _wait_, + .timed_wait = _timed_wait, + .timed_wait_abs = _timed_wait_abs, + .signal = _signal_, + .broadcast = _broadcast, + .destroy = _condvar_destroy, + }, + ); + + InitializeConditionVariable(&this->cv); + + return &this->public; +} diff --git a/src/libstrongswan/threading/windows/semaphore.c b/src/libstrongswan/threading/windows/semaphore.c new file mode 100644 index 000000000..29f523d3e --- /dev/null +++ b/src/libstrongswan/threading/windows/semaphore.c @@ -0,0 +1,101 @@ +/* + * Copyright (C) 2013 Martin Willi + * Copyright (C) 2013 revosec AG + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include +#include + +typedef struct private_semaphore_t private_semaphore_t; + +/** + * private data of a semaphore + */ +struct private_semaphore_t { + /** + * public interface + */ + semaphore_t public; + + /** + * Handle to semaphore + */ + HANDLE handle; +}; + +METHOD(semaphore_t, timed_wait, bool, + private_semaphore_t *this, u_int timeout) +{ + /* use alertable wait to allow cancellation */ + return WaitForSingleObjectEx(this->handle, timeout, TRUE) == WAIT_TIMEOUT; +} + +METHOD(semaphore_t, timed_wait_abs, bool, + private_semaphore_t *this, timeval_t tv) +{ + DWORD timeout; + timeval_t now, diff; + + time_monotonic(&now); + if (timercmp(&now, &tv, >)) + { + return TRUE; + } + timersub(&tv, &now, &diff); + timeout = diff.tv_sec * 1000 + diff.tv_usec / 1000; + + return timed_wait(this, timeout); +} + +METHOD(semaphore_t, wait_, void, + private_semaphore_t *this) +{ + timed_wait(this, INFINITE); +} + +METHOD(semaphore_t, post, void, + private_semaphore_t *this) +{ + ReleaseSemaphore(this->handle, 1, NULL); +} + +METHOD(semaphore_t, destroy, void, + private_semaphore_t *this) +{ + CloseHandle(this->handle); + free(this); +} + +/* + * Described in header + */ +semaphore_t *semaphore_create(u_int value) +{ + private_semaphore_t *this; + + INIT(this, + .public = { + .wait = _wait_, + .timed_wait = _timed_wait, + .timed_wait_abs = _timed_wait_abs, + .post = _post, + .destroy = _destroy, + }, + /* our API does not have an upper limit, but Windows requires one. + * 0xFFFFFFF (268435455) is the highest value for which Windows does + * not return ERROR_INVALID_PARAMETER, and should be sufficient. */ + .handle = CreateSemaphore(NULL, value, 0xFFFFFFF, NULL), + ); + + return &this->public; +} diff --git a/src/libstrongswan/threading/windows/spinlock.c b/src/libstrongswan/threading/windows/spinlock.c new file mode 100644 index 000000000..155dd56dc --- /dev/null +++ b/src/libstrongswan/threading/windows/spinlock.c @@ -0,0 +1,79 @@ +/* + * Copyright (C) 2013 Martin Willi + * Copyright (C) 2013 revosec AG + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include +#include + +typedef struct private_spinlock_t private_spinlock_t; + +/** + * private data of spinlock + */ +struct private_spinlock_t { + + /** + * public functions + */ + spinlock_t public; + + /** + * wrapped critical section + */ + CRITICAL_SECTION cs; +}; + +METHOD(spinlock_t, lock, void, + private_spinlock_t *this) +{ + EnterCriticalSection(&this->cs); +} + +METHOD(spinlock_t, unlock, void, + private_spinlock_t *this) +{ + LeaveCriticalSection(&this->cs); +} + +METHOD(spinlock_t, destroy, void, + private_spinlock_t *this) +{ + DeleteCriticalSection(&this->cs); + free(this); +} + +/* + * see header file + */ +spinlock_t *spinlock_create() +{ + private_spinlock_t *this; + + INIT(this, + .public = { + .lock = _lock, + .unlock = _unlock, + .destroy = _destroy, + }, + ); + + /* Usually the wait time in a spinlock should be short, so we could have + * a high spincount. But having a large/INFINITE spincount does not scale + * that well where a spinlock is not the perfect choice for a lock. We + * choose the spincount quite arbitrary, so we go to wait if it is not + * much more expensive than spinning. */ + InitializeCriticalSectionAndSpinCount(&this->cs, 256); + + return &this->public; +} diff --git a/src/libstrongswan/threading/windows/thread.c b/src/libstrongswan/threading/windows/thread.c new file mode 100644 index 000000000..71e56528e --- /dev/null +++ b/src/libstrongswan/threading/windows/thread.c @@ -0,0 +1,619 @@ +/* + * Copyright (C) 2013 Martin Willi + * Copyright (C) 2013 revosec AG + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include +#include +#include +#include +#include +#include + +#include "thread.h" + + +typedef struct private_thread_t private_thread_t; + +struct private_thread_t { + + /** + * Public interface. + */ + thread_t public; + + /** + * GetCurrentThreadId() of thread + */ + DWORD id; + + /** + * Printable thread id returned by thread_current_id() + */ + u_int tid; + + /** + * Windows thread handle + */ + HANDLE handle; + + /** + * Main function of this thread (NULL for the main thread). + */ + thread_main_t main; + + /** + * Argument for the main function. + */ + void *arg; + + /** + * Thread return value + */ + void *ret; + + /** + * Stack of cleanup handlers, as cleanup_t + */ + array_t *cleanup; + + /** + * Thread specific values for this thread, as cleanup_t + */ + hashtable_t *tls; + + /** + * Thread terminated? + */ + bool terminated; + + /** + * Thread detached? + */ + bool detached; + + /** + * Is thread in cancellable state + */ + bool cancelability; + + /** + * Has the thread been cancelled + */ + bool canceled; + + /** + * Active condition variable thread is waiting in, if any + */ + CONDITION_VARIABLE *condvar; +}; + +/** + * Global list of threads, GetCurrentThreadId() => private_thread_t + */ +static hashtable_t *threads; + +/** + * Lock for threads table + */ +static spinlock_t *threads_lock; + +/** + * Counter to assign printable thread IDs + */ +static u_int threads_ids = 0; + +/** + * Forward declaration + */ +static private_thread_t *create_internal(DWORD id); + +/** + * Set leak detective state + */ +static inline bool set_leak_detective(bool state) +{ +#ifdef LEAK_DETECTIVE + if (lib && lib->leak_detective) + { + return lib->leak_detective->set_state(lib->leak_detective, state); + } +#endif + return FALSE; +} + +/** + * Store thread in index + */ +static void put_thread(private_thread_t *this) +{ + bool old; + + old = set_leak_detective(FALSE); + threads_lock->lock(threads_lock); + + this = threads->put(threads, (void*)(uintptr_t)this->id, this); + + threads_lock->unlock(threads_lock); + set_leak_detective(old); +} + +/** + * Remove thread from index + */ +static void remove_thread(private_thread_t *this) +{ + bool old; + + old = set_leak_detective(FALSE); + threads_lock->lock(threads_lock); + + threads->remove(threads, (void*)(uintptr_t)this->id); + + threads_lock->unlock(threads_lock); + set_leak_detective(old); +} + +/** + * Get thread data for calling thread + */ +static private_thread_t *get_current_thread() +{ + private_thread_t *this; + + threads_lock->lock(threads_lock); + + this = threads->get(threads, (void*)(uintptr_t)GetCurrentThreadId()); + + threads_lock->unlock(threads_lock); + + if (!this) + { + this = create_internal(GetCurrentThreadId()); + put_thread(this); + } + + return this; +} + +/** + * See header. + */ +void* thread_tls_put(void *key, void *value) +{ + private_thread_t *thread; + bool old; + + thread = get_current_thread(); + + old = set_leak_detective(FALSE); + value = thread->tls->put(thread->tls, key, value); + set_leak_detective(old); + + return value; +} + +/** + * See header. + */ +void* thread_tls_get(void *key) +{ + private_thread_t *thread; + void *value; + bool old; + + thread = get_current_thread(); + + old = set_leak_detective(FALSE); + value = thread->tls->get(thread->tls, key); + set_leak_detective(old); + + return value; +} + +/** + * See header. + */ +void* thread_tls_remove(void *key) +{ + private_thread_t *thread; + void *value; + bool old; + + thread = get_current_thread(); + + old = set_leak_detective(FALSE); + value = thread->tls->remove(thread->tls, key); + set_leak_detective(old); + + return value; +} + +/** + * Thread cleanup data + */ +typedef struct { + /** Cleanup callback function */ + thread_cleanup_t cb; + /** Argument provided to the cleanup function */ + void *arg; +} cleanup_t; + +/** + * Invoke pushed/tls cleanup handlers + */ +static void docleanup(private_thread_t *this) +{ + enumerator_t *enumerator; + cleanup_t cleanup, *tls; + bool old; + + old = set_leak_detective(FALSE); + + while (array_remove(this->cleanup, -1, &cleanup)) + { + set_leak_detective(old); + cleanup.cb(cleanup.arg); + set_leak_detective(FALSE); + } + + enumerator = this->tls->create_enumerator(this->tls); + while (enumerator->enumerate(enumerator, NULL, &tls)) + { + this->tls->remove_at(this->tls, enumerator); + + set_leak_detective(old); + thread_tls_cleanup(tls); + set_leak_detective(FALSE); + } + enumerator->destroy(enumerator); + + set_leak_detective(old); +} + +/** + * Clean up and destroy a thread + */ +static void destroy(private_thread_t *this) +{ + bool old; + + docleanup(this); + + old = set_leak_detective(FALSE); + + array_destroy(this->cleanup); + this->tls->destroy(this->tls); + if (this->handle) + { + CloseHandle(this->handle); + } + free(this); + + set_leak_detective(old); +} + +/** + * End a thread, destroy when detached + */ +static void end_thread(private_thread_t *this) +{ + if (this->detached) + { + remove_thread(this); + destroy(this); + } + else + { + this->terminated = TRUE; + docleanup(this); + } +} + +/** + * See header. + */ +void thread_set_active_condvar(CONDITION_VARIABLE *condvar) +{ + private_thread_t *thread; + + thread = get_current_thread(); + + threads_lock->lock(threads_lock); + thread->condvar = condvar; + threads_lock->unlock(threads_lock); + + /* this is a cancellation point, as condvar wait is one */ + SleepEx(0, TRUE); +} + +/** + * APC to cancel a thread + */ +static void docancel(private_thread_t *this) +{ + /* make sure cancel() does not access this anymore */ + threads_lock->lock(threads_lock); + threads_lock->unlock(threads_lock); + + end_thread(this); + ExitThread(0); +} + +METHOD(thread_t, cancel, void, + private_thread_t *this) +{ + this->canceled = TRUE; + if (this->cancelability) + { + threads_lock->lock(threads_lock); + QueueUserAPC((void*)docancel, this->handle, (uintptr_t)this); + if (this->condvar) + { + WakeAllConditionVariable(this->condvar); + } + threads_lock->unlock(threads_lock); + } +} + +METHOD(thread_t, kill_, void, + private_thread_t *this, int sig) +{ +} + +METHOD(thread_t, detach, void, + private_thread_t *this) +{ + this->detached = TRUE; +} + +METHOD(thread_t, join, void*, + private_thread_t *this) +{ + void *ret; + + if (this->detached) + { + return NULL; + } + + while (!this->terminated) + { + /* join is a cancellation point, use alertable wait */ + WaitForSingleObjectEx(this->handle, INFINITE, TRUE); + } + + ret = this->ret; + + remove_thread(this); + destroy(this); + + return ret; +} + +/** + * Main function wrapper for threads + */ +static DWORD thread_cb(private_thread_t *this) +{ + /* Enable cancelability once the thread starts. We must check for any + * pending cancellation request an queue the APC that gets executed + * at the first cancellation point. */ + this->cancelability = TRUE; + if (this->canceled) + { + cancel(this); + } + + this->ret = this->main(this->arg); + + end_thread(this); + + return 0; +} + +/** + * Create an internal thread object. + */ +static private_thread_t *create_internal(DWORD id) +{ + private_thread_t *this; + bool old; + + old = set_leak_detective(FALSE); + + INIT(this, + .public = { + .cancel = _cancel, + .kill = _kill_, + .detach = _detach, + .join = _join, + }, + .cleanup = array_create(sizeof(cleanup_t), 0), + .tls = hashtable_create(hashtable_hash_ptr, hashtable_equals_ptr, 4), + .id = id, + .cancelability = TRUE, + ); + + set_leak_detective(old); + + threads_lock->lock(threads_lock); + this->tid = threads_ids++; + threads_lock->unlock(threads_lock); + + if (id) + { + this->handle = OpenThread(THREAD_ALL_ACCESS, FALSE, id); + } + return this; +} + +/** + * Described in header. + */ +thread_t *thread_create(thread_main_t main, void *arg) +{ + private_thread_t *this; + + this = create_internal(0); + + this->main = main; + this->arg = arg; + /* not cancellable until started */ + this->cancelability = FALSE; + + this->handle = CreateThread(NULL, 0, (void*)thread_cb, this, + CREATE_SUSPENDED, &this->id); + if (!this->handle) + { + destroy(this); + return NULL; + } + + put_thread(this); + + DBG2(DBG_LIB, "created thread %u", this->id); + + ResumeThread(this->handle); + + return &this->public; +} + +/** + * Described in header. + */ +thread_t *thread_current() +{ + return &get_current_thread()->public; +} + +/** + * Described in header. + */ +u_int thread_current_id() +{ + return get_current_thread()->tid; +} + +/** + * Described in header. + */ +void thread_cleanup_push(thread_cleanup_t cb, void *arg) +{ + private_thread_t *this; + cleanup_t cleanup = { + .cb = cb, + .arg = arg, + }; + bool old; + + this = get_current_thread(); + + old = set_leak_detective(FALSE); + array_insert(this->cleanup, -1, &cleanup); + set_leak_detective(old); +} + +/** + * Described in header + */ +void thread_cleanup_pop(bool execute) +{ + private_thread_t *this; + cleanup_t cleanup = {}; + bool old; + + this = get_current_thread(); + + old = set_leak_detective(FALSE); + array_remove(this->cleanup, -1, &cleanup); + set_leak_detective(old); + + if (execute) + { + cleanup.cb(cleanup.arg); + } +} + +/** + * Described in header. + */ +bool thread_cancelability(bool enable) +{ + private_thread_t *this; + bool old; + + this = get_current_thread(); + old = this->cancelability; + this->cancelability = enable; + + if (enable && !old && this->canceled) + { + cancel(this); + } + return old; +} + +/** + * Described in header. + */ +void thread_cancellation_point() +{ + bool old; + + old = thread_cancelability(TRUE); + SleepEx(0, TRUE); + thread_cancelability(old); +} + +/** + * Described in header. + */ +void thread_exit(void *val) +{ + private_thread_t *this; + + this = get_current_thread(); + this->ret = val; + + end_thread(this); + ExitThread(0); +} + +/* + * Described in header. + */ +void threads_init() +{ + threads_lock = spinlock_create(); + threads = hashtable_create(hashtable_hash_ptr, hashtable_equals_ptr, 4); + + /* reset counter should we initialize more than once */ + threads_ids = 0; + + put_thread(create_internal(GetCurrentThreadId())); +} + +/** + * Described in header. + */ +void threads_deinit() +{ + private_thread_t *this; + + this = threads->remove(threads, (void*)(uintptr_t)GetCurrentThreadId()); + destroy(this); + + threads_lock->destroy(threads_lock); + threads->destroy(threads); +} diff --git a/src/libstrongswan/threading/windows/thread.h b/src/libstrongswan/threading/windows/thread.h new file mode 100644 index 000000000..e393d183c --- /dev/null +++ b/src/libstrongswan/threading/windows/thread.h @@ -0,0 +1,92 @@ +/* + * Copyright (C) 2013 Martin Willi + * Copyright (C) 2013 revosec AG + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#ifndef WINDOWS_THREAD_H_ +#define WINDOWS_THREAD_H_ + +/** + * @defgroup windowsthread windows + * @ingroup threading + * + * @defgroup threadwindows thread + * @{ @ingroup windowsthread + */ + +/** + * MinGW seems to miss the actual struct definition + */ +typedef struct { + PVOID Ptr; +} SRWLOCK, *PSRWLOCK, CONDITION_VARIABLE, *PCONDITION_VARIABLE; + +VOID WINAPI InitializeConditionVariable(PCONDITION_VARIABLE ConditionVariable); +BOOL WINAPI SleepConditionVariableCS(PCONDITION_VARIABLE ConditionVariable, + PCRITICAL_SECTION CriticalSection, DWORD dwMilliseconds); +BOOL WINAPI SleepConditionVariableSRW(PCONDITION_VARIABLE ConditionVariable, + PSRWLOCK SRWLock, DWORD dwMilliseconds, ULONG Flags); +VOID WINAPI WakeAllConditionVariable(PCONDITION_VARIABLE ConditionVariable); +VOID WINAPI WakeConditionVariable(PCONDITION_VARIABLE ConditionVariable); +VOID WINAPI AcquireSRWLockExclusive(PSRWLOCK SRWLock); +VOID WINAPI AcquireSRWLockShared(PSRWLOCK SRWLock); +BOOL TryAcquireSRWLockExclusive(PSRWLOCK SRWLock); +VOID WINAPI InitializeSRWLock(PSRWLOCK SRWLock); +VOID WINAPI ReleaseSRWLockExclusive(PSRWLOCK SRWLock); +VOID WINAPI ReleaseSRWLockShared(PSRWLOCK SRWLock); + +/** + * Set active condvar of a thread before waiting in it. + * + * @param cv active condition variable, NULL to unset + */ +void thread_set_active_condvar(CONDITION_VARIABLE *condvar); + +/** + * Set a thread specific value on the current thread. + * + * @param key unique key specifying the TLS variable + * @param value value to set + * @return old value for key, if any + */ +void* thread_tls_put(void *key, void *value); + +/** + * Get a thread specific value from the current thread. + * + * @param key unique key specifying the TLS variable + * @return value for key, if any + */ +void* thread_tls_get(void *key); + +/** + * Remove a thread specific value from the current thread. + * + * @param key unique key specifying the TLS variable + * @param value value to set + * @return old value for key, if any + */ +void* thread_tls_remove(void *key); + +/** + * Cleanup function for thread specific value. + * + * This is called whenever a thread exits to clean up thread specific data. + * + * This function is actually implemented in thread_value.c. + * + * @param value value, as passed to thread_tls_put() + */ +void thread_tls_cleanup(void *value); + +#endif /** WINDOWS_THREAD_H_ @}*/ diff --git a/src/libstrongswan/threading/windows/thread_value.c b/src/libstrongswan/threading/windows/thread_value.c new file mode 100644 index 000000000..8ba127fd4 --- /dev/null +++ b/src/libstrongswan/threading/windows/thread_value.c @@ -0,0 +1,183 @@ +/* + * Copyright (C) 2013 Martin Willi + * Copyright (C) 2013 revosec AG + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include +#include + +#include "thread.h" + + +typedef struct private_thread_value_t private_thread_value_t; + +/** + * Unified thread_value_t implementation + */ +struct private_thread_value_t { + + /** + * Public interface. + */ + thread_value_t public; + + union { + + /** + * Cleanup function + */ + thread_cleanup_t cleanup; + + /** + * Windows TLS index, if used + */ + DWORD index; + }; +}; + +/** + * TLS entry + */ +typedef struct { + /** TLS value */ + void *value; + /** cleanup handler function */ + thread_cleanup_t cleanup; +} entry_t; + +/** + * See windows/thread.h + */ +void thread_tls_cleanup(void *value) +{ + entry_t *entry = (entry_t*)value; + + if (entry->cleanup) + { + entry->cleanup(entry->value); + } + free(entry); +} + +METHOD(thread_value_t, tls_set, void, + private_thread_value_t *this, void *val) +{ + entry_t *entry; + + if (val) + { + INIT(entry, + .cleanup = this->cleanup, + .value = val, + ); + + free(thread_tls_put(this, entry)); + } + else + { + free(thread_tls_remove(this)); + } +} + +METHOD(thread_value_t, tls_get, void*, + private_thread_value_t *this) +{ + entry_t *entry; + + entry = thread_tls_get(this); + if (entry) + { + return entry->value; + } + return NULL; +} + +METHOD(thread_value_t, tls_destroy, void, + private_thread_value_t *this) +{ + entry_t *entry; + + entry = thread_tls_remove(this); + if (entry) + { + if (entry->cleanup) + { + entry->cleanup(entry->value); + } + free(entry); + } + free(this); +} + +METHOD(thread_value_t, tls_set_index, void, + private_thread_value_t *this, void *val) +{ + TlsSetValue(this->index, val); +} + +METHOD(thread_value_t, tls_get_index, void*, + private_thread_value_t *this) +{ + return TlsGetValue(this->index); +} + +METHOD(thread_value_t, tls_destroy_index, void, + private_thread_value_t *this) +{ + TlsFree(this->index); + free(this); +} + +/** + * Described in header. + */ +thread_value_t *thread_value_create(thread_cleanup_t cleanup) +{ + private_thread_value_t *this; + DWORD index = TLS_OUT_OF_INDEXES; + + /* we have two implementations: Windows Tls* functions do not support + * callbacks and has limited instances. We use it nonetheless if possible, + * especially as leak detective relies on TLS, but we have to mangle + * leak detective state for TLS storage. */ + + if (!cleanup) + { + index = TlsAlloc(); + } + + if (index == TLS_OUT_OF_INDEXES) + { + INIT(this, + .public = { + .set = _tls_set, + .get = _tls_get, + .destroy = _tls_destroy, + }, + .cleanup = cleanup, + ); + } + else + { + INIT(this, + .public = { + .set = _tls_set_index, + .get = _tls_get_index, + .destroy = _tls_destroy_index, + }, + .index = index, + ); + } + + return &this->public; +} From 9dec601f30ca6558c1b070de1d8e1a2a43eaf49e Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Wed, 28 May 2014 17:34:48 +0200 Subject: [PATCH 044/138] windows: Prevent queueing of multiple thread cancel APCs This avoids any races during cleanup invocation if multiple cancel() requests come in. --- src/libstrongswan/threading/windows/thread.c | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) diff --git a/src/libstrongswan/threading/windows/thread.c b/src/libstrongswan/threading/windows/thread.c index 71e56528e..5fa68bb91 100644 --- a/src/libstrongswan/threading/windows/thread.c +++ b/src/libstrongswan/threading/windows/thread.c @@ -88,10 +88,15 @@ struct private_thread_t { bool cancelability; /** - * Has the thread been cancelled + * Has the thread been cancelled by thread->cancel()? */ bool canceled; + /** + * Did we schedule an APC to docancel()? + */ + bool cancel_pending; + /** * Active condition variable thread is waiting in, if any */ @@ -357,10 +362,14 @@ METHOD(thread_t, cancel, void, if (this->cancelability) { threads_lock->lock(threads_lock); - QueueUserAPC((void*)docancel, this->handle, (uintptr_t)this); - if (this->condvar) + if (!this->cancel_pending) { - WakeAllConditionVariable(this->condvar); + this->cancel_pending = TRUE; + QueueUserAPC((void*)docancel, this->handle, (uintptr_t)this); + if (this->condvar) + { + WakeAllConditionVariable(this->condvar); + } } threads_lock->unlock(threads_lock); } From 204098a7520205b4534044b3840f68cb1a6e20ae Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Fri, 6 Dec 2013 11:33:40 +0100 Subject: [PATCH 045/138] thread-value: Immediately cleanup all Windows TLS values on destroy --- src/libstrongswan/threading/windows/thread.c | 36 ++++++++++++++++++- src/libstrongswan/threading/windows/thread.h | 12 +++++-- .../threading/windows/thread_value.c | 12 +------ 3 files changed, 46 insertions(+), 14 deletions(-) diff --git a/src/libstrongswan/threading/windows/thread.c b/src/libstrongswan/threading/windows/thread.c index 5fa68bb91..35d56c47d 100644 --- a/src/libstrongswan/threading/windows/thread.c +++ b/src/libstrongswan/threading/windows/thread.c @@ -68,7 +68,7 @@ struct private_thread_t { array_t *cleanup; /** - * Thread specific values for this thread, as cleanup_t + * Thread specific values for this thread */ hashtable_t *tls; @@ -238,12 +238,44 @@ void* thread_tls_remove(void *key) thread = get_current_thread(); old = set_leak_detective(FALSE); + threads_lock->lock(threads_lock); value = thread->tls->remove(thread->tls, key); + threads_lock->unlock(threads_lock); set_leak_detective(old); return value; } +/** + * See header. + */ +void thread_tls_remove_all(void *key) +{ + private_thread_t *thread; + enumerator_t *enumerator; + void *value; + bool old; + + old = set_leak_detective(FALSE); + threads_lock->lock(threads_lock); + + enumerator = threads->create_enumerator(threads); + while (enumerator->enumerate(enumerator, NULL, &thread)) + { + value = thread->tls->remove(thread->tls, key); + if (value) + { + set_leak_detective(old); + thread_tls_cleanup(value); + set_leak_detective(FALSE); + } + } + enumerator->destroy(enumerator); + + threads_lock->unlock(threads_lock); + set_leak_detective(old); +} + /** * Thread cleanup data */ @@ -272,6 +304,7 @@ static void docleanup(private_thread_t *this) set_leak_detective(FALSE); } + threads_lock->lock(threads_lock); enumerator = this->tls->create_enumerator(this->tls); while (enumerator->enumerate(enumerator, NULL, &tls)) { @@ -282,6 +315,7 @@ static void docleanup(private_thread_t *this) set_leak_detective(FALSE); } enumerator->destroy(enumerator); + threads_lock->unlock(threads_lock); set_leak_detective(old); } diff --git a/src/libstrongswan/threading/windows/thread.h b/src/libstrongswan/threading/windows/thread.h index e393d183c..571171702 100644 --- a/src/libstrongswan/threading/windows/thread.h +++ b/src/libstrongswan/threading/windows/thread.h @@ -73,11 +73,19 @@ void* thread_tls_get(void *key); * Remove a thread specific value from the current thread. * * @param key unique key specifying the TLS variable - * @param value value to set - * @return old value for key, if any + * @return value for key, if any */ void* thread_tls_remove(void *key); +/** + * Remove a thread specific value from all threads. + * + * For each found TLS value thread_tls_cleanup() is invoked. + * + * @param key unique key specifying the TLS variable + */ +void thread_tls_remove_all(void *key); + /** * Cleanup function for thread specific value. * diff --git a/src/libstrongswan/threading/windows/thread_value.c b/src/libstrongswan/threading/windows/thread_value.c index 8ba127fd4..da79d7b44 100644 --- a/src/libstrongswan/threading/windows/thread_value.c +++ b/src/libstrongswan/threading/windows/thread_value.c @@ -105,17 +105,7 @@ METHOD(thread_value_t, tls_get, void*, METHOD(thread_value_t, tls_destroy, void, private_thread_value_t *this) { - entry_t *entry; - - entry = thread_tls_remove(this); - if (entry) - { - if (entry->cleanup) - { - entry->cleanup(entry->value); - } - free(entry); - } + thread_tls_remove_all(this); free(this); } From 110e42361e38bd7b6ee85c84d809afc72dce6bf1 Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Fri, 25 Oct 2013 16:03:07 +0200 Subject: [PATCH 046/138] unit-tests: Uninline dlopen() and friends, make more dynamic, fix dlerror() As the error string contains a newline, we have to remove that before returning the string. --- src/libstrongswan/utils/windows.c | 124 ++++++++++++++++++++++++++++++ src/libstrongswan/utils/windows.h | 70 +++-------------- 2 files changed, 136 insertions(+), 58 deletions(-) diff --git a/src/libstrongswan/utils/windows.c b/src/libstrongswan/utils/windows.c index 4a6a35eff..feefcd497 100644 --- a/src/libstrongswan/utils/windows.c +++ b/src/libstrongswan/utils/windows.c @@ -49,6 +49,130 @@ int usleep(useconds_t usec) return 0; } +/* + * See header. + */ +void *dlopen(const char *filename, int flag) +{ + return LoadLibrary(filename); +} + +/** + * Load a symbol from known default libs (monolithic build) + */ +static void* dlsym_default(const char *name) +{ + const char *dlls[] = { + "libstrongswan-0.dll", + "libhydra-0.dll", + "libcharon-0.dll", + "libtnccs-0.dll", + NULL /* .exe */ + }; + HANDLE handle; + void *sym = NULL; + int i; + + for (i = 0; i < countof(dlls); i++) + { + handle = GetModuleHandle(dlls[i]); + if (handle) + { + sym = GetProcAddress(handle, name); + if (sym) + { + break; + } + } + } + return sym; +} + +/** + * Emulate RTLD_NEXT for some known symbols + */ +static void* dlsym_next(const char *name) +{ + struct { + const char *dll; + const char *syms[4]; + } dlls[] = { + /* for leak detective */ + { "msvcrt", + { "malloc", "calloc", "realloc", "free" } + }, + }; + HANDLE handle = NULL; + int i, j; + + for (i = 0; i < countof(dlls); i++) + { + for (j = 0; j < countof(dlls[0].syms); j++) + { + if (dlls[i].syms[j] && streq(dlls[i].syms[j], name)) + { + handle = GetModuleHandle(dlls[i].dll); + break; + } + } + } + if (handle) + { + return GetProcAddress(handle, name); + } + return handle; +} + +/** + * See header. + */ +void* dlsym(void *handle, const char *symbol) +{ + if (handle == RTLD_DEFAULT) + { + return dlsym_default(symbol); + } + if (handle == RTLD_NEXT) + { + return dlsym_next(symbol); + } + return GetProcAddress((HMODULE)handle, symbol); +} + +/** + * See header. + */ +char* dlerror(void) +{ + static char buf[128]; + char *pos; + DWORD err; + + err = GetLastError(); + if (FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_IGNORE_INSERTS, + NULL, err, 0, buf, sizeof(buf), NULL) > 0) + { + pos = strchr(buf, '\n'); + if (pos) + { + *pos = '\0'; + } + } + else + { + snprintf(buf, sizeof(buf), "(%u)", err); + } + return buf; +} + +/** + * See header. + */ +int dlclose(void *handle) +{ + return FreeLibrary((HMODULE)handle); +} + /** * See header */ diff --git a/src/libstrongswan/utils/windows.h b/src/libstrongswan/utils/windows.h index 8e6fd80b1..e070a79a2 100644 --- a/src/libstrongswan/utils/windows.h +++ b/src/libstrongswan/utils/windows.h @@ -203,39 +203,11 @@ static inline int setenv(const char *name, const char *value, int overwrite) return 0; } -/** - * dlerror(3) from , printing error to an alloca() buffer - */ -#define dlerror() \ -({ \ - char buf[128], *out;\ - ssize_t len; \ - DWORD err; \ - err = GetLastError(); \ - len = FormatMessage(0, NULL, err, 0, buf, sizeof(buf), NULL); \ - if (len <= 0) \ - { \ - len = snprintf(buf, sizeof(buf), "(%u)", err); \ - } \ - len++; \ - out = alloca(len); \ - memcpy(out, buf, len); \ - out; \ -}) - /** * Lazy binding, ignored on Windows */ #define RTLD_LAZY 1 -/** - * dlopen(3) from - */ -static inline void *dlopen(const char *filename, int flag) -{ - return LoadLibrary(filename); -} - /** * Default handle targeting .exe */ @@ -246,43 +218,25 @@ static inline void *dlopen(const char *filename, int flag) */ #define RTLD_NEXT ((void*)~(uintptr_t)0) +/** + * dlopen(3) from + */ +void* dlopen(const char *filename, int flag); + /** * dlsym() from */ -static inline void *dlsym(void *handle, const char *symbol) -{ - if (handle == RTLD_DEFAULT) - { - handle = GetModuleHandle(NULL); - } - else if (handle == RTLD_NEXT) - { - if (strcmp(symbol, "malloc") == 0 || - strcmp(symbol, "realloc") == 0 || - strcmp(symbol, "free") == 0) - { - /* for leak-detective */ - handle = GetModuleHandle("msvcrt"); - } - else - { - return NULL; - } - } - if (handle) - { - return GetProcAddress((HMODULE)handle, symbol); - } - return NULL; -} +void* dlsym(void *handle, const char *symbol); + +/** + * dlerror(3) from , currently not thread save + */ +char* dlerror(void); /** * dlclose() from */ -static inline int dlclose(void *handle) -{ - return FreeLibrary((HMODULE)handle); -} +int dlclose(void *handle); /** * socketpair(2) for SOCK_STREAM, uses TCP on loopback From 4163421f918d830585bfdccde0973d8801aad258 Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Fri, 25 Oct 2013 16:03:47 +0200 Subject: [PATCH 047/138] plugins: Don't link with -rdynamic on Windows --- configure.ac | 2 +- src/checksum/Makefile.am | 2 +- src/conftest/Makefile.am | 2 +- src/libcharon/plugins/addrblock/Makefile.am | 2 +- src/libcharon/plugins/android_dns/Makefile.am | 2 +- src/libcharon/plugins/android_log/Makefile.am | 2 +- src/libcharon/plugins/certexpire/Makefile.am | 2 +- src/libcharon/plugins/coupling/Makefile.am | 2 +- src/libcharon/plugins/dhcp/Makefile.am | 2 +- src/libcharon/plugins/dnscert/Makefile.am | 2 +- src/libcharon/plugins/duplicheck/Makefile.am | 2 +- src/libcharon/plugins/eap_aka/Makefile.am | 2 +- src/libcharon/plugins/eap_aka_3gpp2/Makefile.am | 2 +- src/libcharon/plugins/eap_dynamic/Makefile.am | 2 +- src/libcharon/plugins/eap_gtc/Makefile.am | 2 +- src/libcharon/plugins/eap_identity/Makefile.am | 2 +- src/libcharon/plugins/eap_md5/Makefile.am | 2 +- src/libcharon/plugins/eap_mschapv2/Makefile.am | 2 +- src/libcharon/plugins/eap_peap/Makefile.am | 2 +- src/libcharon/plugins/eap_radius/Makefile.am | 2 +- src/libcharon/plugins/eap_sim/Makefile.am | 2 +- src/libcharon/plugins/eap_sim_file/Makefile.am | 2 +- src/libcharon/plugins/eap_sim_pcsc/Makefile.am | 2 +- src/libcharon/plugins/eap_simaka_pseudonym/Makefile.am | 2 +- src/libcharon/plugins/eap_simaka_reauth/Makefile.am | 2 +- src/libcharon/plugins/eap_simaka_sql/Makefile.am | 2 +- src/libcharon/plugins/eap_tls/Makefile.am | 2 +- src/libcharon/plugins/eap_tnc/Makefile.am | 2 +- src/libcharon/plugins/eap_ttls/Makefile.am | 2 +- src/libcharon/plugins/error_notify/Makefile.am | 2 +- src/libcharon/plugins/farp/Makefile.am | 2 +- src/libcharon/plugins/ha/Makefile.am | 2 +- src/libcharon/plugins/ipseckey/Makefile.am | 2 +- src/libcharon/plugins/kernel_libipsec/Makefile.am | 2 +- src/libcharon/plugins/led/Makefile.am | 2 +- src/libcharon/plugins/load_tester/Makefile.am | 2 +- src/libcharon/plugins/lookip/Makefile.am | 2 +- src/libcharon/plugins/maemo/Makefile.am | 2 +- src/libcharon/plugins/medcli/Makefile.am | 2 +- src/libcharon/plugins/medsrv/Makefile.am | 2 +- src/libcharon/plugins/osx_attr/Makefile.am | 2 +- src/libcharon/plugins/radattr/Makefile.am | 2 +- src/libcharon/plugins/smp/Makefile.am | 2 +- src/libcharon/plugins/socket_default/Makefile.am | 2 +- src/libcharon/plugins/socket_dynamic/Makefile.am | 2 +- src/libcharon/plugins/sql/Makefile.am | 2 +- src/libcharon/plugins/stroke/Makefile.am | 2 +- src/libcharon/plugins/tnc_ifmap/Makefile.am | 2 +- src/libcharon/plugins/tnc_pdp/Makefile.am | 2 +- src/libcharon/plugins/uci/Makefile.am | 2 +- src/libcharon/plugins/unit_tester/Makefile.am | 2 +- src/libcharon/plugins/unity/Makefile.am | 2 +- src/libcharon/plugins/updown/Makefile.am | 2 +- src/libcharon/plugins/vici/Makefile.am | 2 +- src/libcharon/plugins/whitelist/Makefile.am | 2 +- src/libcharon/plugins/xauth_eap/Makefile.am | 2 +- src/libcharon/plugins/xauth_generic/Makefile.am | 2 +- src/libcharon/plugins/xauth_noauth/Makefile.am | 2 +- src/libcharon/plugins/xauth_pam/Makefile.am | 2 +- src/libfast/Makefile.am | 2 +- src/libhydra/plugins/attr/Makefile.am | 2 +- src/libhydra/plugins/attr_sql/Makefile.am | 2 +- src/libhydra/plugins/kernel_klips/Makefile.am | 2 +- src/libhydra/plugins/kernel_netlink/Makefile.am | 2 +- src/libhydra/plugins/kernel_pfkey/Makefile.am | 2 +- src/libhydra/plugins/kernel_pfroute/Makefile.am | 2 +- src/libhydra/plugins/resolve/Makefile.am | 2 +- src/libimcv/plugins/imc_os/Makefile.am | 2 +- src/libimcv/plugins/imc_scanner/Makefile.am | 2 +- src/libimcv/plugins/imc_test/Makefile.am | 2 +- src/libimcv/plugins/imv_os/Makefile.am | 2 +- src/libimcv/plugins/imv_scanner/Makefile.am | 2 +- src/libimcv/plugins/imv_test/Makefile.am | 2 +- src/libpts/plugins/imc_attestation/Makefile.am | 2 +- src/libpts/plugins/imc_swid/Makefile.am | 2 +- src/libpts/plugins/imv_attestation/Makefile.am | 2 +- src/libpts/plugins/imv_swid/Makefile.am | 2 +- src/libstrongswan/plugins/acert/Makefile.am | 2 +- src/libstrongswan/plugins/aes/Makefile.am | 2 +- src/libstrongswan/plugins/af_alg/Makefile.am | 2 +- src/libstrongswan/plugins/agent/Makefile.am | 2 +- src/libstrongswan/plugins/blowfish/Makefile.am | 2 +- src/libstrongswan/plugins/ccm/Makefile.am | 2 +- src/libstrongswan/plugins/cmac/Makefile.am | 2 +- src/libstrongswan/plugins/constraints/Makefile.am | 2 +- src/libstrongswan/plugins/ctr/Makefile.am | 2 +- src/libstrongswan/plugins/curl/Makefile.am | 2 +- src/libstrongswan/plugins/des/Makefile.am | 2 +- src/libstrongswan/plugins/dnskey/Makefile.am | 2 +- src/libstrongswan/plugins/fips_prf/Makefile.am | 2 +- src/libstrongswan/plugins/gcm/Makefile.am | 2 +- src/libstrongswan/plugins/gcrypt/Makefile.am | 2 +- src/libstrongswan/plugins/gmp/Makefile.am | 2 +- src/libstrongswan/plugins/hmac/Makefile.am | 2 +- src/libstrongswan/plugins/keychain/Makefile.am | 2 +- src/libstrongswan/plugins/ldap/Makefile.am | 2 +- src/libstrongswan/plugins/md4/Makefile.am | 2 +- src/libstrongswan/plugins/md5/Makefile.am | 2 +- src/libstrongswan/plugins/mysql/Makefile.am | 2 +- src/libstrongswan/plugins/nonce/Makefile.am | 2 +- src/libstrongswan/plugins/ntru/Makefile.am | 5 ++--- src/libstrongswan/plugins/openssl/Makefile.am | 2 +- src/libstrongswan/plugins/padlock/Makefile.am | 2 +- src/libstrongswan/plugins/pem/Makefile.am | 2 +- src/libstrongswan/plugins/pgp/Makefile.am | 2 +- src/libstrongswan/plugins/pkcs1/Makefile.am | 2 +- src/libstrongswan/plugins/pkcs11/Makefile.am | 2 +- src/libstrongswan/plugins/pkcs12/Makefile.am | 2 +- src/libstrongswan/plugins/pkcs7/Makefile.am | 2 +- src/libstrongswan/plugins/pkcs8/Makefile.am | 2 +- src/libstrongswan/plugins/pubkey/Makefile.am | 2 +- src/libstrongswan/plugins/random/Makefile.am | 2 +- src/libstrongswan/plugins/rc2/Makefile.am | 2 +- src/libstrongswan/plugins/rdrand/Makefile.am | 2 +- src/libstrongswan/plugins/revocation/Makefile.am | 2 +- src/libstrongswan/plugins/sha1/Makefile.am | 2 +- src/libstrongswan/plugins/sha2/Makefile.am | 2 +- src/libstrongswan/plugins/soup/Makefile.am | 2 +- src/libstrongswan/plugins/sqlite/Makefile.am | 2 +- src/libstrongswan/plugins/sshkey/Makefile.am | 2 +- src/libstrongswan/plugins/test_vectors/Makefile.am | 2 +- src/libstrongswan/plugins/unbound/Makefile.am | 2 +- src/libstrongswan/plugins/x509/Makefile.am | 2 +- src/libstrongswan/plugins/xcbc/Makefile.am | 2 +- src/libtnccs/plugins/tnc_imc/Makefile.am | 2 +- src/libtnccs/plugins/tnc_imv/Makefile.am | 2 +- src/libtnccs/plugins/tnc_tnccs/Makefile.am | 2 +- src/libtnccs/plugins/tnccs_11/Makefile.am | 2 +- src/libtnccs/plugins/tnccs_20/Makefile.am | 2 +- src/libtnccs/plugins/tnccs_dynamic/Makefile.am | 2 +- src/manager/Makefile.am | 2 +- src/medsrv/Makefile.am | 2 +- 132 files changed, 133 insertions(+), 134 deletions(-) diff --git a/configure.ac b/configure.ac index 33aee4cc0..754b49281 100644 --- a/configure.ac +++ b/configure.ac @@ -734,7 +734,7 @@ AC_COMPILE_IFELSE( #endif ]])], [AC_MSG_RESULT([yes]); windows=true ], - [AC_MSG_RESULT([no])] + [AC_MSG_RESULT([no]); AC_SUBST(PLUGIN_CFLAGS, [-rdynamic])] ) AM_CONDITIONAL(USE_WINDOWS, [test "x$windows" = xtrue]) diff --git a/src/checksum/Makefile.am b/src/checksum/Makefile.am index 078c59790..0bc195b84 100644 --- a/src/checksum/Makefile.am +++ b/src/checksum/Makefile.am @@ -22,7 +22,7 @@ AM_CPPFLAGS = \ -DPLUGINDIR=\"${DESTDIR}${plugindir}\" AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) # we keep track of build dependencies in deps and use libs to store the paths # to the installed libraries. for executables we use the built files directly diff --git a/src/conftest/Makefile.am b/src/conftest/Makefile.am index 900741dbb..eeb26f225 100644 --- a/src/conftest/Makefile.am +++ b/src/conftest/Makefile.am @@ -6,7 +6,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libcharon \ -DPLUGINS=\""${charon_plugins}\"" -AM_CFLAGS = -rdynamic +AM_CFLAGS = $(PLUGIN_CFLAGS) conftest_SOURCES = conftest.c conftest.h config.c config.h actions.c actions.h \ hooks/hook.h hooks/ike_auth_fill.c hooks/unsort_message.c \ diff --git a/src/libcharon/plugins/addrblock/Makefile.am b/src/libcharon/plugins/addrblock/Makefile.am index 407f22d71..33ee60d86 100644 --- a/src/libcharon/plugins/addrblock/Makefile.am +++ b/src/libcharon/plugins/addrblock/Makefile.am @@ -4,7 +4,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libcharon AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-addrblock.la diff --git a/src/libcharon/plugins/android_dns/Makefile.am b/src/libcharon/plugins/android_dns/Makefile.am index ebad963bb..1a0d6e6f2 100644 --- a/src/libcharon/plugins/android_dns/Makefile.am +++ b/src/libcharon/plugins/android_dns/Makefile.am @@ -4,7 +4,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libcharon AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-android-dns.la diff --git a/src/libcharon/plugins/android_log/Makefile.am b/src/libcharon/plugins/android_log/Makefile.am index 4d8b4850b..79c61b51e 100644 --- a/src/libcharon/plugins/android_log/Makefile.am +++ b/src/libcharon/plugins/android_log/Makefile.am @@ -4,7 +4,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libcharon AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-android-log.la diff --git a/src/libcharon/plugins/certexpire/Makefile.am b/src/libcharon/plugins/certexpire/Makefile.am index 2bfad9497..b8c241dfb 100644 --- a/src/libcharon/plugins/certexpire/Makefile.am +++ b/src/libcharon/plugins/certexpire/Makefile.am @@ -5,7 +5,7 @@ AM_CPPFLAGS = \ -DIPSEC_PIDDIR=\"${piddir}\" AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-certexpire.la diff --git a/src/libcharon/plugins/coupling/Makefile.am b/src/libcharon/plugins/coupling/Makefile.am index cbc06a6b7..badc7b7b2 100644 --- a/src/libcharon/plugins/coupling/Makefile.am +++ b/src/libcharon/plugins/coupling/Makefile.am @@ -4,7 +4,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libcharon AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-coupling.la diff --git a/src/libcharon/plugins/dhcp/Makefile.am b/src/libcharon/plugins/dhcp/Makefile.am index e0e857eed..3c09db016 100644 --- a/src/libcharon/plugins/dhcp/Makefile.am +++ b/src/libcharon/plugins/dhcp/Makefile.am @@ -4,7 +4,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libcharon AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-dhcp.la diff --git a/src/libcharon/plugins/dnscert/Makefile.am b/src/libcharon/plugins/dnscert/Makefile.am index 51d542b30..145562522 100644 --- a/src/libcharon/plugins/dnscert/Makefile.am +++ b/src/libcharon/plugins/dnscert/Makefile.am @@ -4,7 +4,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libcharon AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-dnscert.la diff --git a/src/libcharon/plugins/duplicheck/Makefile.am b/src/libcharon/plugins/duplicheck/Makefile.am index 4ea2becf3..338a114fe 100644 --- a/src/libcharon/plugins/duplicheck/Makefile.am +++ b/src/libcharon/plugins/duplicheck/Makefile.am @@ -5,7 +5,7 @@ AM_CPPFLAGS = \ -DIPSEC_PIDDIR=\"${piddir}\" AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-duplicheck.la diff --git a/src/libcharon/plugins/eap_aka/Makefile.am b/src/libcharon/plugins/eap_aka/Makefile.am index ba6e66039..75e8eafb2 100644 --- a/src/libcharon/plugins/eap_aka/Makefile.am +++ b/src/libcharon/plugins/eap_aka/Makefile.am @@ -5,7 +5,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libsimaka AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-eap-aka.la diff --git a/src/libcharon/plugins/eap_aka_3gpp2/Makefile.am b/src/libcharon/plugins/eap_aka_3gpp2/Makefile.am index 4e2b207d2..ec145a39e 100644 --- a/src/libcharon/plugins/eap_aka_3gpp2/Makefile.am +++ b/src/libcharon/plugins/eap_aka_3gpp2/Makefile.am @@ -5,7 +5,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libsimaka AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) libstrongswan_eap_aka_3gpp2_la_LDFLAGS = -module -avoid-version libstrongswan_eap_aka_3gpp2_la_LIBADD = -lgmp diff --git a/src/libcharon/plugins/eap_dynamic/Makefile.am b/src/libcharon/plugins/eap_dynamic/Makefile.am index 13b4d10b1..58b827a78 100644 --- a/src/libcharon/plugins/eap_dynamic/Makefile.am +++ b/src/libcharon/plugins/eap_dynamic/Makefile.am @@ -4,7 +4,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libcharon AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-eap-dynamic.la diff --git a/src/libcharon/plugins/eap_gtc/Makefile.am b/src/libcharon/plugins/eap_gtc/Makefile.am index 811366a94..c3a12ba3e 100644 --- a/src/libcharon/plugins/eap_gtc/Makefile.am +++ b/src/libcharon/plugins/eap_gtc/Makefile.am @@ -4,7 +4,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libcharon AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-eap-gtc.la diff --git a/src/libcharon/plugins/eap_identity/Makefile.am b/src/libcharon/plugins/eap_identity/Makefile.am index 1c155866d..6c5b43f00 100644 --- a/src/libcharon/plugins/eap_identity/Makefile.am +++ b/src/libcharon/plugins/eap_identity/Makefile.am @@ -4,7 +4,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libcharon AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-eap-identity.la diff --git a/src/libcharon/plugins/eap_md5/Makefile.am b/src/libcharon/plugins/eap_md5/Makefile.am index 583598342..16aa1919b 100644 --- a/src/libcharon/plugins/eap_md5/Makefile.am +++ b/src/libcharon/plugins/eap_md5/Makefile.am @@ -4,7 +4,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libcharon AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-eap-md5.la diff --git a/src/libcharon/plugins/eap_mschapv2/Makefile.am b/src/libcharon/plugins/eap_mschapv2/Makefile.am index 030682d3e..4276a082d 100644 --- a/src/libcharon/plugins/eap_mschapv2/Makefile.am +++ b/src/libcharon/plugins/eap_mschapv2/Makefile.am @@ -4,7 +4,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libcharon AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-eap-mschapv2.la diff --git a/src/libcharon/plugins/eap_peap/Makefile.am b/src/libcharon/plugins/eap_peap/Makefile.am index 19410a408..8960b84bd 100644 --- a/src/libcharon/plugins/eap_peap/Makefile.am +++ b/src/libcharon/plugins/eap_peap/Makefile.am @@ -5,7 +5,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libtls AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-eap-peap.la diff --git a/src/libcharon/plugins/eap_radius/Makefile.am b/src/libcharon/plugins/eap_radius/Makefile.am index 6fdb0d099..bc7a7765d 100644 --- a/src/libcharon/plugins/eap_radius/Makefile.am +++ b/src/libcharon/plugins/eap_radius/Makefile.am @@ -5,7 +5,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libradius AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-eap-radius.la diff --git a/src/libcharon/plugins/eap_sim/Makefile.am b/src/libcharon/plugins/eap_sim/Makefile.am index 2e9dad1b8..f68138579 100644 --- a/src/libcharon/plugins/eap_sim/Makefile.am +++ b/src/libcharon/plugins/eap_sim/Makefile.am @@ -5,7 +5,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libsimaka AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-eap-sim.la diff --git a/src/libcharon/plugins/eap_sim_file/Makefile.am b/src/libcharon/plugins/eap_sim_file/Makefile.am index 0d4da07d5..c38e55e2c 100644 --- a/src/libcharon/plugins/eap_sim_file/Makefile.am +++ b/src/libcharon/plugins/eap_sim_file/Makefile.am @@ -6,7 +6,7 @@ AM_CPPFLAGS = \ -DIPSEC_CONFDIR=\"${sysconfdir}\" AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-eap-sim-file.la diff --git a/src/libcharon/plugins/eap_sim_pcsc/Makefile.am b/src/libcharon/plugins/eap_sim_pcsc/Makefile.am index e5e9d01ca..22922049d 100644 --- a/src/libcharon/plugins/eap_sim_pcsc/Makefile.am +++ b/src/libcharon/plugins/eap_sim_pcsc/Makefile.am @@ -6,7 +6,7 @@ AM_CPPFLAGS = \ AM_CFLAGS = \ ${pcsclite_CFLAGS} \ - -rdynamic + $(PLUGIN_CFLAGS) libstrongswan_eap_sim_pcsc_la_LDFLAGS = -module -avoid-version libstrongswan_eap_sim_pcsc_la_LIBADD = ${pcsclite_LIBS} diff --git a/src/libcharon/plugins/eap_simaka_pseudonym/Makefile.am b/src/libcharon/plugins/eap_simaka_pseudonym/Makefile.am index 0f21c6849..f40efbd6f 100644 --- a/src/libcharon/plugins/eap_simaka_pseudonym/Makefile.am +++ b/src/libcharon/plugins/eap_simaka_pseudonym/Makefile.am @@ -5,7 +5,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libsimaka AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-eap-simaka-pseudonym.la diff --git a/src/libcharon/plugins/eap_simaka_reauth/Makefile.am b/src/libcharon/plugins/eap_simaka_reauth/Makefile.am index be000c6d5..0fb622220 100644 --- a/src/libcharon/plugins/eap_simaka_reauth/Makefile.am +++ b/src/libcharon/plugins/eap_simaka_reauth/Makefile.am @@ -5,7 +5,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libsimaka AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-eap-simaka-reauth.la diff --git a/src/libcharon/plugins/eap_simaka_sql/Makefile.am b/src/libcharon/plugins/eap_simaka_sql/Makefile.am index 9a52bd8ab..b7d6fd43e 100644 --- a/src/libcharon/plugins/eap_simaka_sql/Makefile.am +++ b/src/libcharon/plugins/eap_simaka_sql/Makefile.am @@ -6,7 +6,7 @@ AM_CPPFLAGS = \ -DIPSEC_CONFDIR=\"${sysconfdir}\" AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-eap-simaka-sql.la diff --git a/src/libcharon/plugins/eap_tls/Makefile.am b/src/libcharon/plugins/eap_tls/Makefile.am index c4944fca1..825beb841 100644 --- a/src/libcharon/plugins/eap_tls/Makefile.am +++ b/src/libcharon/plugins/eap_tls/Makefile.am @@ -5,7 +5,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libtls AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-eap-tls.la diff --git a/src/libcharon/plugins/eap_tnc/Makefile.am b/src/libcharon/plugins/eap_tnc/Makefile.am index 9586bef14..6fc78bc9a 100644 --- a/src/libcharon/plugins/eap_tnc/Makefile.am +++ b/src/libcharon/plugins/eap_tnc/Makefile.am @@ -7,7 +7,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libtnccs AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-eap-tnc.la diff --git a/src/libcharon/plugins/eap_ttls/Makefile.am b/src/libcharon/plugins/eap_ttls/Makefile.am index 81776d800..3a7a8cda3 100644 --- a/src/libcharon/plugins/eap_ttls/Makefile.am +++ b/src/libcharon/plugins/eap_ttls/Makefile.am @@ -6,7 +6,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libradius AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-eap-ttls.la diff --git a/src/libcharon/plugins/error_notify/Makefile.am b/src/libcharon/plugins/error_notify/Makefile.am index 980fe1fbd..1c64bd2cc 100644 --- a/src/libcharon/plugins/error_notify/Makefile.am +++ b/src/libcharon/plugins/error_notify/Makefile.am @@ -5,7 +5,7 @@ AM_CPPFLAGS = \ -DIPSEC_PIDDIR=\"${piddir}\" AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-error-notify.la diff --git a/src/libcharon/plugins/farp/Makefile.am b/src/libcharon/plugins/farp/Makefile.am index 95e57d8e6..0d862b0a9 100644 --- a/src/libcharon/plugins/farp/Makefile.am +++ b/src/libcharon/plugins/farp/Makefile.am @@ -4,7 +4,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libcharon AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-farp.la diff --git a/src/libcharon/plugins/ha/Makefile.am b/src/libcharon/plugins/ha/Makefile.am index c10f7f903..50d342389 100644 --- a/src/libcharon/plugins/ha/Makefile.am +++ b/src/libcharon/plugins/ha/Makefile.am @@ -5,7 +5,7 @@ AM_CPPFLAGS = \ -DIPSEC_PIDDIR=\"${piddir}\" AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-ha.la diff --git a/src/libcharon/plugins/ipseckey/Makefile.am b/src/libcharon/plugins/ipseckey/Makefile.am index 3a69e521f..aed63c122 100644 --- a/src/libcharon/plugins/ipseckey/Makefile.am +++ b/src/libcharon/plugins/ipseckey/Makefile.am @@ -4,7 +4,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libcharon AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-ipseckey.la diff --git a/src/libcharon/plugins/kernel_libipsec/Makefile.am b/src/libcharon/plugins/kernel_libipsec/Makefile.am index a39d06753..eca2b2325 100644 --- a/src/libcharon/plugins/kernel_libipsec/Makefile.am +++ b/src/libcharon/plugins/kernel_libipsec/Makefile.am @@ -5,7 +5,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libipsec AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-kernel-libipsec.la diff --git a/src/libcharon/plugins/led/Makefile.am b/src/libcharon/plugins/led/Makefile.am index fbe779dd6..18d6af399 100644 --- a/src/libcharon/plugins/led/Makefile.am +++ b/src/libcharon/plugins/led/Makefile.am @@ -4,7 +4,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libcharon AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-led.la diff --git a/src/libcharon/plugins/load_tester/Makefile.am b/src/libcharon/plugins/load_tester/Makefile.am index e7c08783f..31e1b5c6f 100644 --- a/src/libcharon/plugins/load_tester/Makefile.am +++ b/src/libcharon/plugins/load_tester/Makefile.am @@ -5,7 +5,7 @@ AM_CPPFLAGS = \ -DIPSEC_PIDDIR=\"${piddir}\" AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-load-tester.la diff --git a/src/libcharon/plugins/lookip/Makefile.am b/src/libcharon/plugins/lookip/Makefile.am index 6d71c8c13..223654ea9 100644 --- a/src/libcharon/plugins/lookip/Makefile.am +++ b/src/libcharon/plugins/lookip/Makefile.am @@ -5,7 +5,7 @@ AM_CPPFLAGS = \ -DIPSEC_PIDDIR=\"${piddir}\" AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-lookip.la diff --git a/src/libcharon/plugins/maemo/Makefile.am b/src/libcharon/plugins/maemo/Makefile.am index c3c55ba41..fe5c963fd 100644 --- a/src/libcharon/plugins/maemo/Makefile.am +++ b/src/libcharon/plugins/maemo/Makefile.am @@ -5,7 +5,7 @@ AM_CPPFLAGS = \ AM_CFLAGS = \ ${maemo_CFLAGS} \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-maemo.la diff --git a/src/libcharon/plugins/medcli/Makefile.am b/src/libcharon/plugins/medcli/Makefile.am index f645be27e..cfa825980 100644 --- a/src/libcharon/plugins/medcli/Makefile.am +++ b/src/libcharon/plugins/medcli/Makefile.am @@ -4,7 +4,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libcharon AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-medcli.la diff --git a/src/libcharon/plugins/medsrv/Makefile.am b/src/libcharon/plugins/medsrv/Makefile.am index ec305da21..f21220260 100644 --- a/src/libcharon/plugins/medsrv/Makefile.am +++ b/src/libcharon/plugins/medsrv/Makefile.am @@ -4,7 +4,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libcharon AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-medsrv.la diff --git a/src/libcharon/plugins/osx_attr/Makefile.am b/src/libcharon/plugins/osx_attr/Makefile.am index f1ff22e60..aa1d46290 100644 --- a/src/libcharon/plugins/osx_attr/Makefile.am +++ b/src/libcharon/plugins/osx_attr/Makefile.am @@ -4,7 +4,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libcharon AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-osx-attr.la diff --git a/src/libcharon/plugins/radattr/Makefile.am b/src/libcharon/plugins/radattr/Makefile.am index a0b0584d6..15d5a0a1f 100644 --- a/src/libcharon/plugins/radattr/Makefile.am +++ b/src/libcharon/plugins/radattr/Makefile.am @@ -5,7 +5,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libradius AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-radattr.la diff --git a/src/libcharon/plugins/smp/Makefile.am b/src/libcharon/plugins/smp/Makefile.am index 67b4b2a6d..3aa533e56 100644 --- a/src/libcharon/plugins/smp/Makefile.am +++ b/src/libcharon/plugins/smp/Makefile.am @@ -6,7 +6,7 @@ AM_CPPFLAGS = \ AM_CFLAGS = \ ${xml_CFLAGS} \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-smp.la diff --git a/src/libcharon/plugins/socket_default/Makefile.am b/src/libcharon/plugins/socket_default/Makefile.am index d734b313f..e524ffd18 100644 --- a/src/libcharon/plugins/socket_default/Makefile.am +++ b/src/libcharon/plugins/socket_default/Makefile.am @@ -5,7 +5,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libcharon AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-socket-default.la diff --git a/src/libcharon/plugins/socket_dynamic/Makefile.am b/src/libcharon/plugins/socket_dynamic/Makefile.am index 04973e5ba..a1e21b98b 100644 --- a/src/libcharon/plugins/socket_dynamic/Makefile.am +++ b/src/libcharon/plugins/socket_dynamic/Makefile.am @@ -5,7 +5,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libcharon AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-socket-dynamic.la diff --git a/src/libcharon/plugins/sql/Makefile.am b/src/libcharon/plugins/sql/Makefile.am index fd5693123..c947db892 100644 --- a/src/libcharon/plugins/sql/Makefile.am +++ b/src/libcharon/plugins/sql/Makefile.am @@ -4,7 +4,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libcharon AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-sql.la diff --git a/src/libcharon/plugins/stroke/Makefile.am b/src/libcharon/plugins/stroke/Makefile.am index 9509b1bd3..b90688791 100644 --- a/src/libcharon/plugins/stroke/Makefile.am +++ b/src/libcharon/plugins/stroke/Makefile.am @@ -7,7 +7,7 @@ AM_CPPFLAGS = \ -DIPSEC_PIDDIR=\"${piddir}\" AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-stroke.la diff --git a/src/libcharon/plugins/tnc_ifmap/Makefile.am b/src/libcharon/plugins/tnc_ifmap/Makefile.am index dfbb1b632..90fbf4651 100644 --- a/src/libcharon/plugins/tnc_ifmap/Makefile.am +++ b/src/libcharon/plugins/tnc_ifmap/Makefile.am @@ -6,7 +6,7 @@ AM_CPPFLAGS = \ AM_CFLAGS = \ ${xml_CFLAGS} \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-tnc-ifmap.la diff --git a/src/libcharon/plugins/tnc_pdp/Makefile.am b/src/libcharon/plugins/tnc_pdp/Makefile.am index 48de82571..3478c5b30 100644 --- a/src/libcharon/plugins/tnc_pdp/Makefile.am +++ b/src/libcharon/plugins/tnc_pdp/Makefile.am @@ -9,7 +9,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libpttls AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-tnc-pdp.la diff --git a/src/libcharon/plugins/uci/Makefile.am b/src/libcharon/plugins/uci/Makefile.am index 1fcd9ed25..134ced0e3 100644 --- a/src/libcharon/plugins/uci/Makefile.am +++ b/src/libcharon/plugins/uci/Makefile.am @@ -4,7 +4,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libcharon AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-uci.la diff --git a/src/libcharon/plugins/unit_tester/Makefile.am b/src/libcharon/plugins/unit_tester/Makefile.am index 21cf08c61..b7f8fc319 100644 --- a/src/libcharon/plugins/unit_tester/Makefile.am +++ b/src/libcharon/plugins/unit_tester/Makefile.am @@ -4,7 +4,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libcharon AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-unit-tester.la diff --git a/src/libcharon/plugins/unity/Makefile.am b/src/libcharon/plugins/unity/Makefile.am index b50dc9a03..38923e068 100644 --- a/src/libcharon/plugins/unity/Makefile.am +++ b/src/libcharon/plugins/unity/Makefile.am @@ -4,7 +4,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libcharon AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-unity.la diff --git a/src/libcharon/plugins/updown/Makefile.am b/src/libcharon/plugins/updown/Makefile.am index a35909408..f03f4744c 100644 --- a/src/libcharon/plugins/updown/Makefile.am +++ b/src/libcharon/plugins/updown/Makefile.am @@ -4,7 +4,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libcharon AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-updown.la diff --git a/src/libcharon/plugins/vici/Makefile.am b/src/libcharon/plugins/vici/Makefile.am index 162827a73..ec9d08efa 100644 --- a/src/libcharon/plugins/vici/Makefile.am +++ b/src/libcharon/plugins/vici/Makefile.am @@ -5,7 +5,7 @@ AM_CPPFLAGS = \ -DIPSEC_PIDDIR=\"${piddir}\" AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-vici.la diff --git a/src/libcharon/plugins/whitelist/Makefile.am b/src/libcharon/plugins/whitelist/Makefile.am index e02b4a041..1fd01c888 100644 --- a/src/libcharon/plugins/whitelist/Makefile.am +++ b/src/libcharon/plugins/whitelist/Makefile.am @@ -5,7 +5,7 @@ AM_CPPFLAGS = \ -DIPSEC_PIDDIR=\"${piddir}\" AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-whitelist.la diff --git a/src/libcharon/plugins/xauth_eap/Makefile.am b/src/libcharon/plugins/xauth_eap/Makefile.am index 21f8d0297..ea75c1581 100644 --- a/src/libcharon/plugins/xauth_eap/Makefile.am +++ b/src/libcharon/plugins/xauth_eap/Makefile.am @@ -4,7 +4,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libcharon AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-xauth-eap.la diff --git a/src/libcharon/plugins/xauth_generic/Makefile.am b/src/libcharon/plugins/xauth_generic/Makefile.am index d48e52ddd..1ecd9fd14 100644 --- a/src/libcharon/plugins/xauth_generic/Makefile.am +++ b/src/libcharon/plugins/xauth_generic/Makefile.am @@ -4,7 +4,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libcharon AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-xauth-generic.la diff --git a/src/libcharon/plugins/xauth_noauth/Makefile.am b/src/libcharon/plugins/xauth_noauth/Makefile.am index f1581ba67..3902471fe 100644 --- a/src/libcharon/plugins/xauth_noauth/Makefile.am +++ b/src/libcharon/plugins/xauth_noauth/Makefile.am @@ -4,7 +4,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libcharon AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-xauth-noauth.la diff --git a/src/libcharon/plugins/xauth_pam/Makefile.am b/src/libcharon/plugins/xauth_pam/Makefile.am index 1875f81d3..abf83ca75 100644 --- a/src/libcharon/plugins/xauth_pam/Makefile.am +++ b/src/libcharon/plugins/xauth_pam/Makefile.am @@ -4,7 +4,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libcharon AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-xauth-pam.la diff --git a/src/libfast/Makefile.am b/src/libfast/Makefile.am index 41a489b3d..48079c66a 100644 --- a/src/libfast/Makefile.am +++ b/src/libfast/Makefile.am @@ -3,7 +3,7 @@ AM_CPPFLAGS = \ -I/usr/include/ClearSilver AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) AM_LDFLAGS = \ -no-undefined diff --git a/src/libhydra/plugins/attr/Makefile.am b/src/libhydra/plugins/attr/Makefile.am index 5989beae4..5b899b80c 100644 --- a/src/libhydra/plugins/attr/Makefile.am +++ b/src/libhydra/plugins/attr/Makefile.am @@ -3,7 +3,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libhydra AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-attr.la diff --git a/src/libhydra/plugins/attr_sql/Makefile.am b/src/libhydra/plugins/attr_sql/Makefile.am index d126bb035..6e7eae5eb 100644 --- a/src/libhydra/plugins/attr_sql/Makefile.am +++ b/src/libhydra/plugins/attr_sql/Makefile.am @@ -3,7 +3,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libhydra AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-attr-sql.la diff --git a/src/libhydra/plugins/kernel_klips/Makefile.am b/src/libhydra/plugins/kernel_klips/Makefile.am index 1b98cab06..71173f1f9 100644 --- a/src/libhydra/plugins/kernel_klips/Makefile.am +++ b/src/libhydra/plugins/kernel_klips/Makefile.am @@ -3,7 +3,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libhydra AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-kernel-klips.la diff --git a/src/libhydra/plugins/kernel_netlink/Makefile.am b/src/libhydra/plugins/kernel_netlink/Makefile.am index ad573523e..c91f9a9e4 100644 --- a/src/libhydra/plugins/kernel_netlink/Makefile.am +++ b/src/libhydra/plugins/kernel_netlink/Makefile.am @@ -6,7 +6,7 @@ AM_CPPFLAGS = \ -DROUTING_TABLE_PRIO=${routing_table_prio} AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-kernel-netlink.la diff --git a/src/libhydra/plugins/kernel_pfkey/Makefile.am b/src/libhydra/plugins/kernel_pfkey/Makefile.am index bb5d0d7f7..f645528d9 100644 --- a/src/libhydra/plugins/kernel_pfkey/Makefile.am +++ b/src/libhydra/plugins/kernel_pfkey/Makefile.am @@ -4,7 +4,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libhydra AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-kernel-pfkey.la diff --git a/src/libhydra/plugins/kernel_pfroute/Makefile.am b/src/libhydra/plugins/kernel_pfroute/Makefile.am index 9d1621366..5129c02f6 100644 --- a/src/libhydra/plugins/kernel_pfroute/Makefile.am +++ b/src/libhydra/plugins/kernel_pfroute/Makefile.am @@ -4,7 +4,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libhydra AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-kernel-pfroute.la diff --git a/src/libhydra/plugins/resolve/Makefile.am b/src/libhydra/plugins/resolve/Makefile.am index 4cbf65fc0..33c3e70fc 100644 --- a/src/libhydra/plugins/resolve/Makefile.am +++ b/src/libhydra/plugins/resolve/Makefile.am @@ -4,7 +4,7 @@ AM_CPPFLAGS = \ -DRESOLV_CONF=\"${resolv_conf}\" AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-resolve.la diff --git a/src/libimcv/plugins/imc_os/Makefile.am b/src/libimcv/plugins/imc_os/Makefile.am index fec38cd4e..e6dd10be5 100644 --- a/src/libimcv/plugins/imc_os/Makefile.am +++ b/src/libimcv/plugins/imc_os/Makefile.am @@ -4,7 +4,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libimcv AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) imcv_LTLIBRARIES = imc-os.la diff --git a/src/libimcv/plugins/imc_scanner/Makefile.am b/src/libimcv/plugins/imc_scanner/Makefile.am index 7bf9075ed..44d3ad749 100644 --- a/src/libimcv/plugins/imc_scanner/Makefile.am +++ b/src/libimcv/plugins/imc_scanner/Makefile.am @@ -4,7 +4,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libimcv AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) imcv_LTLIBRARIES = imc-scanner.la diff --git a/src/libimcv/plugins/imc_test/Makefile.am b/src/libimcv/plugins/imc_test/Makefile.am index 5a04f1fbe..4bdc23487 100644 --- a/src/libimcv/plugins/imc_test/Makefile.am +++ b/src/libimcv/plugins/imc_test/Makefile.am @@ -4,7 +4,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libimcv AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) imcv_LTLIBRARIES = imc-test.la diff --git a/src/libimcv/plugins/imv_os/Makefile.am b/src/libimcv/plugins/imv_os/Makefile.am index 434e26f69..3a9537a4d 100644 --- a/src/libimcv/plugins/imv_os/Makefile.am +++ b/src/libimcv/plugins/imv_os/Makefile.am @@ -4,7 +4,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libimcv AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) imcv_LTLIBRARIES = imv-os.la diff --git a/src/libimcv/plugins/imv_scanner/Makefile.am b/src/libimcv/plugins/imv_scanner/Makefile.am index 2bb0d675e..98814437e 100644 --- a/src/libimcv/plugins/imv_scanner/Makefile.am +++ b/src/libimcv/plugins/imv_scanner/Makefile.am @@ -4,7 +4,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libimcv AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) imcv_LTLIBRARIES = imv-scanner.la diff --git a/src/libimcv/plugins/imv_test/Makefile.am b/src/libimcv/plugins/imv_test/Makefile.am index 5ed916163..4fe715fa8 100644 --- a/src/libimcv/plugins/imv_test/Makefile.am +++ b/src/libimcv/plugins/imv_test/Makefile.am @@ -4,7 +4,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libimcv AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) imcv_LTLIBRARIES = imv-test.la diff --git a/src/libpts/plugins/imc_attestation/Makefile.am b/src/libpts/plugins/imc_attestation/Makefile.am index 3f1b52a88..88d9ddd8b 100644 --- a/src/libpts/plugins/imc_attestation/Makefile.am +++ b/src/libpts/plugins/imc_attestation/Makefile.am @@ -5,7 +5,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libpts AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) imcv_LTLIBRARIES = imc-attestation.la diff --git a/src/libpts/plugins/imc_swid/Makefile.am b/src/libpts/plugins/imc_swid/Makefile.am index d73c6d168..ddf596465 100644 --- a/src/libpts/plugins/imc_swid/Makefile.am +++ b/src/libpts/plugins/imc_swid/Makefile.am @@ -25,7 +25,7 @@ AM_CPPFLAGS = \ -DSWID_DIRECTORY=\"${prefix}/share\" AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) imcv_LTLIBRARIES = imc-swid.la diff --git a/src/libpts/plugins/imv_attestation/Makefile.am b/src/libpts/plugins/imv_attestation/Makefile.am index 8d18f1404..8dc74fd54 100644 --- a/src/libpts/plugins/imv_attestation/Makefile.am +++ b/src/libpts/plugins/imv_attestation/Makefile.am @@ -6,7 +6,7 @@ AM_CPPFLAGS = \ -DPLUGINS=\""${attest_plugins}\"" AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) imcv_LTLIBRARIES = imv-attestation.la diff --git a/src/libpts/plugins/imv_swid/Makefile.am b/src/libpts/plugins/imv_swid/Makefile.am index fc4350f85..77f33e6c6 100644 --- a/src/libpts/plugins/imv_swid/Makefile.am +++ b/src/libpts/plugins/imv_swid/Makefile.am @@ -5,7 +5,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libpts AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) imcv_LTLIBRARIES = imv-swid.la diff --git a/src/libstrongswan/plugins/acert/Makefile.am b/src/libstrongswan/plugins/acert/Makefile.am index ba16f413a..558034eba 100644 --- a/src/libstrongswan/plugins/acert/Makefile.am +++ b/src/libstrongswan/plugins/acert/Makefile.am @@ -2,7 +2,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libstrongswan AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-acert.la diff --git a/src/libstrongswan/plugins/aes/Makefile.am b/src/libstrongswan/plugins/aes/Makefile.am index 8c5505bfc..cfdcf49fd 100644 --- a/src/libstrongswan/plugins/aes/Makefile.am +++ b/src/libstrongswan/plugins/aes/Makefile.am @@ -2,7 +2,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libstrongswan AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-aes.la diff --git a/src/libstrongswan/plugins/af_alg/Makefile.am b/src/libstrongswan/plugins/af_alg/Makefile.am index 58113ca3d..bd3985367 100644 --- a/src/libstrongswan/plugins/af_alg/Makefile.am +++ b/src/libstrongswan/plugins/af_alg/Makefile.am @@ -3,7 +3,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libstrongswan AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-af-alg.la diff --git a/src/libstrongswan/plugins/agent/Makefile.am b/src/libstrongswan/plugins/agent/Makefile.am index e60d19363..984621385 100644 --- a/src/libstrongswan/plugins/agent/Makefile.am +++ b/src/libstrongswan/plugins/agent/Makefile.am @@ -2,7 +2,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libstrongswan AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-agent.la diff --git a/src/libstrongswan/plugins/blowfish/Makefile.am b/src/libstrongswan/plugins/blowfish/Makefile.am index 3e5cf8f08..9c04f564d 100644 --- a/src/libstrongswan/plugins/blowfish/Makefile.am +++ b/src/libstrongswan/plugins/blowfish/Makefile.am @@ -2,7 +2,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libstrongswan AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-blowfish.la diff --git a/src/libstrongswan/plugins/ccm/Makefile.am b/src/libstrongswan/plugins/ccm/Makefile.am index d512f5a94..f67c7f9f1 100644 --- a/src/libstrongswan/plugins/ccm/Makefile.am +++ b/src/libstrongswan/plugins/ccm/Makefile.am @@ -2,7 +2,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libstrongswan AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-ccm.la diff --git a/src/libstrongswan/plugins/cmac/Makefile.am b/src/libstrongswan/plugins/cmac/Makefile.am index 08e910be1..8e0a45008 100644 --- a/src/libstrongswan/plugins/cmac/Makefile.am +++ b/src/libstrongswan/plugins/cmac/Makefile.am @@ -2,7 +2,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libstrongswan AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-cmac.la diff --git a/src/libstrongswan/plugins/constraints/Makefile.am b/src/libstrongswan/plugins/constraints/Makefile.am index 8afde7013..21835829b 100644 --- a/src/libstrongswan/plugins/constraints/Makefile.am +++ b/src/libstrongswan/plugins/constraints/Makefile.am @@ -2,7 +2,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libstrongswan AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-constraints.la diff --git a/src/libstrongswan/plugins/ctr/Makefile.am b/src/libstrongswan/plugins/ctr/Makefile.am index 52278b6d2..abee58e72 100644 --- a/src/libstrongswan/plugins/ctr/Makefile.am +++ b/src/libstrongswan/plugins/ctr/Makefile.am @@ -2,7 +2,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libstrongswan AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-ctr.la diff --git a/src/libstrongswan/plugins/curl/Makefile.am b/src/libstrongswan/plugins/curl/Makefile.am index 17bcc8d98..a22f9b3ab 100644 --- a/src/libstrongswan/plugins/curl/Makefile.am +++ b/src/libstrongswan/plugins/curl/Makefile.am @@ -2,7 +2,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libstrongswan AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-curl.la diff --git a/src/libstrongswan/plugins/des/Makefile.am b/src/libstrongswan/plugins/des/Makefile.am index 9ca965995..87fbcb1b7 100644 --- a/src/libstrongswan/plugins/des/Makefile.am +++ b/src/libstrongswan/plugins/des/Makefile.am @@ -2,7 +2,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libstrongswan AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-des.la diff --git a/src/libstrongswan/plugins/dnskey/Makefile.am b/src/libstrongswan/plugins/dnskey/Makefile.am index 7e74fd897..47f432753 100644 --- a/src/libstrongswan/plugins/dnskey/Makefile.am +++ b/src/libstrongswan/plugins/dnskey/Makefile.am @@ -2,7 +2,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libstrongswan AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-dnskey.la diff --git a/src/libstrongswan/plugins/fips_prf/Makefile.am b/src/libstrongswan/plugins/fips_prf/Makefile.am index a7ae612c0..f7e7e1a72 100644 --- a/src/libstrongswan/plugins/fips_prf/Makefile.am +++ b/src/libstrongswan/plugins/fips_prf/Makefile.am @@ -2,7 +2,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libstrongswan AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-fips-prf.la diff --git a/src/libstrongswan/plugins/gcm/Makefile.am b/src/libstrongswan/plugins/gcm/Makefile.am index 228b4708d..5cfeaf7f0 100644 --- a/src/libstrongswan/plugins/gcm/Makefile.am +++ b/src/libstrongswan/plugins/gcm/Makefile.am @@ -2,7 +2,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libstrongswan AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-gcm.la diff --git a/src/libstrongswan/plugins/gcrypt/Makefile.am b/src/libstrongswan/plugins/gcrypt/Makefile.am index 1a9d225ec..24a5a9c3e 100644 --- a/src/libstrongswan/plugins/gcrypt/Makefile.am +++ b/src/libstrongswan/plugins/gcrypt/Makefile.am @@ -2,7 +2,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libstrongswan AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-gcrypt.la diff --git a/src/libstrongswan/plugins/gmp/Makefile.am b/src/libstrongswan/plugins/gmp/Makefile.am index 57e1fd7a8..a2cfefd01 100644 --- a/src/libstrongswan/plugins/gmp/Makefile.am +++ b/src/libstrongswan/plugins/gmp/Makefile.am @@ -2,7 +2,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libstrongswan AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-gmp.la diff --git a/src/libstrongswan/plugins/hmac/Makefile.am b/src/libstrongswan/plugins/hmac/Makefile.am index 5d88d26c8..65c36b2ec 100644 --- a/src/libstrongswan/plugins/hmac/Makefile.am +++ b/src/libstrongswan/plugins/hmac/Makefile.am @@ -2,7 +2,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libstrongswan AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-hmac.la diff --git a/src/libstrongswan/plugins/keychain/Makefile.am b/src/libstrongswan/plugins/keychain/Makefile.am index bd04db33d..07d2bcdbb 100644 --- a/src/libstrongswan/plugins/keychain/Makefile.am +++ b/src/libstrongswan/plugins/keychain/Makefile.am @@ -1,7 +1,7 @@ AM_CPPFLAGS = -I$(top_srcdir)/src/libstrongswan -AM_CFLAGS = -rdynamic +AM_CFLAGS = $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-keychain.la diff --git a/src/libstrongswan/plugins/ldap/Makefile.am b/src/libstrongswan/plugins/ldap/Makefile.am index 3bcef1aa8..333d97401 100644 --- a/src/libstrongswan/plugins/ldap/Makefile.am +++ b/src/libstrongswan/plugins/ldap/Makefile.am @@ -2,7 +2,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libstrongswan AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-ldap.la diff --git a/src/libstrongswan/plugins/md4/Makefile.am b/src/libstrongswan/plugins/md4/Makefile.am index a2fe8ecab..713057427 100644 --- a/src/libstrongswan/plugins/md4/Makefile.am +++ b/src/libstrongswan/plugins/md4/Makefile.am @@ -2,7 +2,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libstrongswan AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-md4.la diff --git a/src/libstrongswan/plugins/md5/Makefile.am b/src/libstrongswan/plugins/md5/Makefile.am index fc6406afa..071116087 100644 --- a/src/libstrongswan/plugins/md5/Makefile.am +++ b/src/libstrongswan/plugins/md5/Makefile.am @@ -2,7 +2,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libstrongswan AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-md5.la diff --git a/src/libstrongswan/plugins/mysql/Makefile.am b/src/libstrongswan/plugins/mysql/Makefile.am index 588b7991b..11711b31b 100644 --- a/src/libstrongswan/plugins/mysql/Makefile.am +++ b/src/libstrongswan/plugins/mysql/Makefile.am @@ -3,7 +3,7 @@ AM_CPPFLAGS = \ AM_CFLAGS = \ $(MYSQLCFLAG) \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-mysql.la diff --git a/src/libstrongswan/plugins/nonce/Makefile.am b/src/libstrongswan/plugins/nonce/Makefile.am index 7dde99e5f..49dd3e225 100644 --- a/src/libstrongswan/plugins/nonce/Makefile.am +++ b/src/libstrongswan/plugins/nonce/Makefile.am @@ -2,7 +2,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libstrongswan AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-nonce.la diff --git a/src/libstrongswan/plugins/ntru/Makefile.am b/src/libstrongswan/plugins/ntru/Makefile.am index e241554b5..b959afa8e 100644 --- a/src/libstrongswan/plugins/ntru/Makefile.am +++ b/src/libstrongswan/plugins/ntru/Makefile.am @@ -2,7 +2,8 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libstrongswan AM_CFLAGS = \ - -rdynamic @COVERAGE_CFLAGS@ + $(PLUGIN_CFLAGS) \ + @COVERAGE_CFLAGS@ if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-ntru.la @@ -23,5 +24,3 @@ libstrongswan_ntru_la_SOURCES = \ ntru_trits.h ntru_trits.c libstrongswan_ntru_la_LDFLAGS = -module -avoid-version - - diff --git a/src/libstrongswan/plugins/openssl/Makefile.am b/src/libstrongswan/plugins/openssl/Makefile.am index cbfd69b71..a7ffefd82 100644 --- a/src/libstrongswan/plugins/openssl/Makefile.am +++ b/src/libstrongswan/plugins/openssl/Makefile.am @@ -3,7 +3,7 @@ AM_CPPFLAGS = \ -DFIPS_MODE=${fips_mode} AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-openssl.la diff --git a/src/libstrongswan/plugins/padlock/Makefile.am b/src/libstrongswan/plugins/padlock/Makefile.am index 0acd8384c..1110a2ebb 100644 --- a/src/libstrongswan/plugins/padlock/Makefile.am +++ b/src/libstrongswan/plugins/padlock/Makefile.am @@ -2,7 +2,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libstrongswan AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-padlock.la diff --git a/src/libstrongswan/plugins/pem/Makefile.am b/src/libstrongswan/plugins/pem/Makefile.am index 9aa853e13..55e52511e 100644 --- a/src/libstrongswan/plugins/pem/Makefile.am +++ b/src/libstrongswan/plugins/pem/Makefile.am @@ -2,7 +2,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libstrongswan AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-pem.la diff --git a/src/libstrongswan/plugins/pgp/Makefile.am b/src/libstrongswan/plugins/pgp/Makefile.am index d3eef3ce1..093e94b60 100644 --- a/src/libstrongswan/plugins/pgp/Makefile.am +++ b/src/libstrongswan/plugins/pgp/Makefile.am @@ -2,7 +2,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libstrongswan AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-pgp.la diff --git a/src/libstrongswan/plugins/pkcs1/Makefile.am b/src/libstrongswan/plugins/pkcs1/Makefile.am index 5dbc4e9c2..d579531ef 100644 --- a/src/libstrongswan/plugins/pkcs1/Makefile.am +++ b/src/libstrongswan/plugins/pkcs1/Makefile.am @@ -2,7 +2,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libstrongswan AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-pkcs1.la diff --git a/src/libstrongswan/plugins/pkcs11/Makefile.am b/src/libstrongswan/plugins/pkcs11/Makefile.am index 1d175ecb4..a2a1bcff8 100644 --- a/src/libstrongswan/plugins/pkcs11/Makefile.am +++ b/src/libstrongswan/plugins/pkcs11/Makefile.am @@ -2,7 +2,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libstrongswan AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-pkcs11.la diff --git a/src/libstrongswan/plugins/pkcs12/Makefile.am b/src/libstrongswan/plugins/pkcs12/Makefile.am index af472ba82..8078ff342 100644 --- a/src/libstrongswan/plugins/pkcs12/Makefile.am +++ b/src/libstrongswan/plugins/pkcs12/Makefile.am @@ -2,7 +2,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libstrongswan AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-pkcs12.la diff --git a/src/libstrongswan/plugins/pkcs7/Makefile.am b/src/libstrongswan/plugins/pkcs7/Makefile.am index 080947f46..f69176ab6 100644 --- a/src/libstrongswan/plugins/pkcs7/Makefile.am +++ b/src/libstrongswan/plugins/pkcs7/Makefile.am @@ -2,7 +2,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libstrongswan AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-pkcs7.la diff --git a/src/libstrongswan/plugins/pkcs8/Makefile.am b/src/libstrongswan/plugins/pkcs8/Makefile.am index 98e3263df..88a205a76 100644 --- a/src/libstrongswan/plugins/pkcs8/Makefile.am +++ b/src/libstrongswan/plugins/pkcs8/Makefile.am @@ -2,7 +2,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libstrongswan AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-pkcs8.la diff --git a/src/libstrongswan/plugins/pubkey/Makefile.am b/src/libstrongswan/plugins/pubkey/Makefile.am index 4f2354455..5a78bf2b9 100644 --- a/src/libstrongswan/plugins/pubkey/Makefile.am +++ b/src/libstrongswan/plugins/pubkey/Makefile.am @@ -2,7 +2,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libstrongswan AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-pubkey.la diff --git a/src/libstrongswan/plugins/random/Makefile.am b/src/libstrongswan/plugins/random/Makefile.am index 7c03c66ef..b87622cdd 100644 --- a/src/libstrongswan/plugins/random/Makefile.am +++ b/src/libstrongswan/plugins/random/Makefile.am @@ -4,7 +4,7 @@ AM_CPPFLAGS = \ -DDEV_URANDOM=\"${urandom_device}\" AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-random.la diff --git a/src/libstrongswan/plugins/rc2/Makefile.am b/src/libstrongswan/plugins/rc2/Makefile.am index 3f892728d..edaf90c9c 100644 --- a/src/libstrongswan/plugins/rc2/Makefile.am +++ b/src/libstrongswan/plugins/rc2/Makefile.am @@ -2,7 +2,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libstrongswan AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-rc2.la diff --git a/src/libstrongswan/plugins/rdrand/Makefile.am b/src/libstrongswan/plugins/rdrand/Makefile.am index d9cb00161..674bc48b2 100644 --- a/src/libstrongswan/plugins/rdrand/Makefile.am +++ b/src/libstrongswan/plugins/rdrand/Makefile.am @@ -2,7 +2,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libstrongswan AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-rdrand.la diff --git a/src/libstrongswan/plugins/revocation/Makefile.am b/src/libstrongswan/plugins/revocation/Makefile.am index 5bb5ac204..9532d5f03 100644 --- a/src/libstrongswan/plugins/revocation/Makefile.am +++ b/src/libstrongswan/plugins/revocation/Makefile.am @@ -2,7 +2,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libstrongswan AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-revocation.la diff --git a/src/libstrongswan/plugins/sha1/Makefile.am b/src/libstrongswan/plugins/sha1/Makefile.am index f5e7d946e..99c9d180f 100644 --- a/src/libstrongswan/plugins/sha1/Makefile.am +++ b/src/libstrongswan/plugins/sha1/Makefile.am @@ -2,7 +2,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libstrongswan AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-sha1.la diff --git a/src/libstrongswan/plugins/sha2/Makefile.am b/src/libstrongswan/plugins/sha2/Makefile.am index cdd8696cd..7233b9518 100644 --- a/src/libstrongswan/plugins/sha2/Makefile.am +++ b/src/libstrongswan/plugins/sha2/Makefile.am @@ -2,7 +2,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libstrongswan AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-sha2.la diff --git a/src/libstrongswan/plugins/soup/Makefile.am b/src/libstrongswan/plugins/soup/Makefile.am index 8df666f4c..a600fc04c 100644 --- a/src/libstrongswan/plugins/soup/Makefile.am +++ b/src/libstrongswan/plugins/soup/Makefile.am @@ -3,7 +3,7 @@ AM_CPPFLAGS = \ AM_CFLAGS = \ ${soup_CFLAGS} \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-soup.la diff --git a/src/libstrongswan/plugins/sqlite/Makefile.am b/src/libstrongswan/plugins/sqlite/Makefile.am index 717d6350d..0a9b11d3c 100644 --- a/src/libstrongswan/plugins/sqlite/Makefile.am +++ b/src/libstrongswan/plugins/sqlite/Makefile.am @@ -2,7 +2,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libstrongswan AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-sqlite.la diff --git a/src/libstrongswan/plugins/sshkey/Makefile.am b/src/libstrongswan/plugins/sshkey/Makefile.am index 22c076f84..5b86a7e56 100644 --- a/src/libstrongswan/plugins/sshkey/Makefile.am +++ b/src/libstrongswan/plugins/sshkey/Makefile.am @@ -2,7 +2,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libstrongswan AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-sshkey.la diff --git a/src/libstrongswan/plugins/test_vectors/Makefile.am b/src/libstrongswan/plugins/test_vectors/Makefile.am index 6dcad400d..85f86726b 100644 --- a/src/libstrongswan/plugins/test_vectors/Makefile.am +++ b/src/libstrongswan/plugins/test_vectors/Makefile.am @@ -2,7 +2,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libstrongswan AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-test-vectors.la diff --git a/src/libstrongswan/plugins/unbound/Makefile.am b/src/libstrongswan/plugins/unbound/Makefile.am index 64a5cc7e1..b8d9acec6 100644 --- a/src/libstrongswan/plugins/unbound/Makefile.am +++ b/src/libstrongswan/plugins/unbound/Makefile.am @@ -3,7 +3,7 @@ AM_CPPFLAGS = \ -DIPSEC_CONFDIR=\"${sysconfdir}\" AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-unbound.la diff --git a/src/libstrongswan/plugins/x509/Makefile.am b/src/libstrongswan/plugins/x509/Makefile.am index b464d1483..a4160bb32 100644 --- a/src/libstrongswan/plugins/x509/Makefile.am +++ b/src/libstrongswan/plugins/x509/Makefile.am @@ -2,7 +2,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libstrongswan AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-x509.la diff --git a/src/libstrongswan/plugins/xcbc/Makefile.am b/src/libstrongswan/plugins/xcbc/Makefile.am index 6e2227206..43371cd13 100644 --- a/src/libstrongswan/plugins/xcbc/Makefile.am +++ b/src/libstrongswan/plugins/xcbc/Makefile.am @@ -2,7 +2,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libstrongswan AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-xcbc.la diff --git a/src/libtnccs/plugins/tnc_imc/Makefile.am b/src/libtnccs/plugins/tnc_imc/Makefile.am index b2c26cbff..5e181044a 100644 --- a/src/libtnccs/plugins/tnc_imc/Makefile.am +++ b/src/libtnccs/plugins/tnc_imc/Makefile.am @@ -5,7 +5,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libtls AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-tnc-imc.la diff --git a/src/libtnccs/plugins/tnc_imv/Makefile.am b/src/libtnccs/plugins/tnc_imv/Makefile.am index 0541d4c86..8e2af6370 100644 --- a/src/libtnccs/plugins/tnc_imv/Makefile.am +++ b/src/libtnccs/plugins/tnc_imv/Makefile.am @@ -5,7 +5,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libtls AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-tnc-imv.la diff --git a/src/libtnccs/plugins/tnc_tnccs/Makefile.am b/src/libtnccs/plugins/tnc_tnccs/Makefile.am index f16bf8e1b..05a854a15 100644 --- a/src/libtnccs/plugins/tnc_tnccs/Makefile.am +++ b/src/libtnccs/plugins/tnc_tnccs/Makefile.am @@ -5,7 +5,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libtnccs AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-tnc-tnccs.la diff --git a/src/libtnccs/plugins/tnccs_11/Makefile.am b/src/libtnccs/plugins/tnccs_11/Makefile.am index cbe0b8e19..fc22c46ff 100644 --- a/src/libtnccs/plugins/tnccs_11/Makefile.am +++ b/src/libtnccs/plugins/tnccs_11/Makefile.am @@ -6,7 +6,7 @@ AM_CPPFLAGS = \ AM_CFLAGS = \ ${xml_CFLAGS} \ - -rdynamic + $(PLUGIN_CFLAGS) libstrongswan_tnccs_11_la_LIBADD = ${xml_LIBS} diff --git a/src/libtnccs/plugins/tnccs_20/Makefile.am b/src/libtnccs/plugins/tnccs_20/Makefile.am index f64526eda..2aefecd26 100644 --- a/src/libtnccs/plugins/tnccs_20/Makefile.am +++ b/src/libtnccs/plugins/tnccs_20/Makefile.am @@ -5,7 +5,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libtnccs AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-tnccs-20.la diff --git a/src/libtnccs/plugins/tnccs_dynamic/Makefile.am b/src/libtnccs/plugins/tnccs_dynamic/Makefile.am index 1a2887816..23eb7f17a 100644 --- a/src/libtnccs/plugins/tnccs_dynamic/Makefile.am +++ b/src/libtnccs/plugins/tnccs_dynamic/Makefile.am @@ -5,7 +5,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libtnccs AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-tnccs-dynamic.la diff --git a/src/manager/Makefile.am b/src/manager/Makefile.am index 41001dd8b..a4f151ca4 100644 --- a/src/manager/Makefile.am +++ b/src/manager/Makefile.am @@ -22,7 +22,7 @@ AM_CPPFLAGS = \ AM_CFLAGS = \ ${xml_CFLAGS} \ - -rdynamic + $(PLUGIN_CFLAGS) # Don't forget to add templates to EXTRA_DIST !!! How to automate? manager_templatesdir = ${managerdir}/templates diff --git a/src/medsrv/Makefile.am b/src/medsrv/Makefile.am index 40bafd856..94ab0cf67 100644 --- a/src/medsrv/Makefile.am +++ b/src/medsrv/Makefile.am @@ -18,7 +18,7 @@ AM_CPPFLAGS = \ -DPLUGINS=\""${medsrv_plugins}\"" AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) # Don't forget to add templates to EXTRA_DIST !!! How to automate? medsrv_templatesdir = ${medsrvdir}/templates From 2dbb719b7680e790d824801f61303ea5965bf154 Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Fri, 25 Oct 2013 16:40:32 +0200 Subject: [PATCH 048/138] x509: Undef OCSP_RESPONSE from before using it --- src/libstrongswan/plugins/x509/x509_ocsp_response.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/libstrongswan/plugins/x509/x509_ocsp_response.c b/src/libstrongswan/plugins/x509/x509_ocsp_response.c index 65b2a04bb..ad04c7dea 100644 --- a/src/libstrongswan/plugins/x509/x509_ocsp_response.c +++ b/src/libstrongswan/plugins/x509/x509_ocsp_response.c @@ -35,6 +35,11 @@ */ #define OCSP_DEFAULT_LIFETIME 30 +/* defined in wincrypt.h */ +#ifdef OCSP_RESPONSE +# undef OCSP_RESPONSE +#endif + typedef struct private_x509_ocsp_response_t private_x509_ocsp_response_t; /** From 8f3a3656d371d067e71908e78755bb4a3dd2b057 Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Fri, 25 Oct 2013 16:41:04 +0200 Subject: [PATCH 049/138] sha1: Include instead of directly including On Windows we don't have --- src/libstrongswan/plugins/sha1/sha1_hasher.c | 4 ++-- src/libstrongswan/plugins/sha1/sha1_prf.c | 3 +-- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/src/libstrongswan/plugins/sha1/sha1_hasher.c b/src/libstrongswan/plugins/sha1/sha1_hasher.c index b0efbae7d..b51a26152 100644 --- a/src/libstrongswan/plugins/sha1/sha1_hasher.c +++ b/src/libstrongswan/plugins/sha1/sha1_hasher.c @@ -18,7 +18,8 @@ */ #include -#include + +#include #include "sha1_hasher.h" @@ -257,4 +258,3 @@ sha1_hasher_t *sha1_hasher_create(hash_algorithm_t algo) return &(this->public); } - diff --git a/src/libstrongswan/plugins/sha1/sha1_prf.c b/src/libstrongswan/plugins/sha1/sha1_prf.c index cdc494b34..cc4924a80 100644 --- a/src/libstrongswan/plugins/sha1/sha1_prf.c +++ b/src/libstrongswan/plugins/sha1/sha1_prf.c @@ -16,7 +16,7 @@ #include "sha1_prf.h" #include "sha1_hasher.h" -#include +#include typedef struct private_sha1_prf_t private_sha1_prf_t; typedef struct private_sha1_hasher_t private_sha1_hasher_t; @@ -148,4 +148,3 @@ sha1_prf_t *sha1_prf_create(pseudo_random_function_t algo) return &this->public; } - From f3c809e615f0e8eb476efcc85a3c8cf2cbe3f7c3 Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Fri, 25 Oct 2013 16:41:48 +0200 Subject: [PATCH 050/138] windows: Provide a strndup(3) replacement --- src/libstrongswan/utils/windows.c | 15 +++++++++++++++ src/libstrongswan/utils/windows.h | 5 +++++ 2 files changed, 20 insertions(+) diff --git a/src/libstrongswan/utils/windows.c b/src/libstrongswan/utils/windows.c index feefcd497..48a70b6c2 100644 --- a/src/libstrongswan/utils/windows.c +++ b/src/libstrongswan/utils/windows.c @@ -49,6 +49,21 @@ int usleep(useconds_t usec) return 0; } +/** + * See header. + */ +char* strndup(const char *s, size_t n) +{ + char *dst; + + n = min(strnlen(s, n), n); + dst = malloc(n + 1); + memcpy(dst, s, n); + dst[n] = '\0'; + + return dst; +} + /* * See header. */ diff --git a/src/libstrongswan/utils/windows.h b/src/libstrongswan/utils/windows.h index e070a79a2..4e1e6b6c2 100644 --- a/src/libstrongswan/utils/windows.h +++ b/src/libstrongswan/utils/windows.h @@ -105,6 +105,11 @@ static inline char* strdup_windows(const char *src) return dst; } +/** + * strndup(3) + */ +char* strndup(const char *s, size_t n); + /** * Provided via ws2_32 */ From b7a4d44bd035eea462b264482a8871a0e26e16ec Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Fri, 25 Oct 2013 17:28:13 +0200 Subject: [PATCH 051/138] openssl: Check and link against libeay32 instead of libcrypto on Windows Most Windows OpenSSL builds come with the crypto library named libeay32. --- configure.ac | 15 ++++++++++++--- src/libstrongswan/plugins/openssl/Makefile.am | 2 +- 2 files changed, 13 insertions(+), 4 deletions(-) diff --git a/configure.ac b/configure.ac index 754b49281..803c7258d 100644 --- a/configure.ac +++ b/configure.ac @@ -733,9 +733,18 @@ AC_COMPILE_IFELSE( # error WIN32 undefined #endif ]])], - [AC_MSG_RESULT([yes]); windows=true ], - [AC_MSG_RESULT([no]); AC_SUBST(PLUGIN_CFLAGS, [-rdynamic])] + [ + AC_MSG_RESULT([yes]) + windows=true + openssl_lib=eay32 + ], + [ + AC_MSG_RESULT([no]) + openssl_lib=crypto + AC_SUBST(PLUGIN_CFLAGS, [-rdynamic]) + ] ) +AC_SUBST(OPENSSL_LIB, [-l$openssl_lib]) AM_CONDITIONAL(USE_WINDOWS, [test "x$windows" = xtrue]) if test x$printf_hooks = xvstr; then @@ -918,7 +927,7 @@ if test x$sqlite = xtrue; then fi if test x$openssl = xtrue; then - AC_CHECK_LIB([crypto],[main],[LIBS="$LIBS"],[AC_MSG_ERROR([OpenSSL crypto library not found])],[]) + AC_CHECK_LIB([$openssl_lib],[main],[LIBS="$LIBS"],[AC_MSG_ERROR([OpenSSL lib$openssl_lib not found])],[]) AC_CHECK_HEADER([openssl/evp.h],,[AC_MSG_ERROR([OpenSSL header openssl/evp.h not found!])]) fi diff --git a/src/libstrongswan/plugins/openssl/Makefile.am b/src/libstrongswan/plugins/openssl/Makefile.am index a7ffefd82..9287f788a 100644 --- a/src/libstrongswan/plugins/openssl/Makefile.am +++ b/src/libstrongswan/plugins/openssl/Makefile.am @@ -32,4 +32,4 @@ libstrongswan_openssl_la_SOURCES = \ openssl_gcm.c openssl_gcm.h libstrongswan_openssl_la_LDFLAGS = -module -avoid-version -libstrongswan_openssl_la_LIBADD = -lcrypto +libstrongswan_openssl_la_LIBADD = $(OPENSSL_LIB) From 4f310a2e7538741471f708dc4d23e06d081a2165 Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Fri, 25 Oct 2013 17:29:31 +0200 Subject: [PATCH 052/138] openssl: Undef OpenSSLs X509_NAME defined by --- src/libstrongswan/plugins/openssl/openssl_util.h | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/libstrongswan/plugins/openssl/openssl_util.h b/src/libstrongswan/plugins/openssl/openssl_util.h index ce2a9e109..2db073139 100644 --- a/src/libstrongswan/plugins/openssl/openssl_util.h +++ b/src/libstrongswan/plugins/openssl/openssl_util.h @@ -22,6 +22,12 @@ #define OPENSSL_UTIL_H_ #include + +#ifdef X509_NAME +/* from */ +# undef X509_NAME +#endif + #include #include From 06c33ebf6a7abea85dfece0ada532c60b69628a5 Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Fri, 25 Oct 2013 17:30:27 +0200 Subject: [PATCH 053/138] openssl: Fix includes to prevent to complain about include order --- src/libstrongswan/plugins/openssl/openssl_plugin.c | 12 ++++++------ src/libstrongswan/plugins/openssl/openssl_rng.c | 2 ++ 2 files changed, 8 insertions(+), 6 deletions(-) diff --git a/src/libstrongswan/plugins/openssl/openssl_plugin.c b/src/libstrongswan/plugins/openssl/openssl_plugin.c index f4aef8200..372a480fa 100644 --- a/src/libstrongswan/plugins/openssl/openssl_plugin.c +++ b/src/libstrongswan/plugins/openssl/openssl_plugin.c @@ -14,6 +14,12 @@ * for more details. */ +#include +#include +#include +#include +#include + #include #include #include @@ -24,12 +30,6 @@ #endif #include "openssl_plugin.h" - -#include -#include -#include -#include -#include #include "openssl_util.h" #include "openssl_crypter.h" #include "openssl_hasher.h" diff --git a/src/libstrongswan/plugins/openssl/openssl_rng.c b/src/libstrongswan/plugins/openssl/openssl_rng.c index 815cf4f0c..c807bb607 100644 --- a/src/libstrongswan/plugins/openssl/openssl_rng.c +++ b/src/libstrongswan/plugins/openssl/openssl_rng.c @@ -20,7 +20,9 @@ * THE SOFTWARE. */ +#include #include + #include #include From 396baeaea257608655f91a824ddfcbb3fa01e7a5 Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Wed, 6 Nov 2013 11:17:01 +0100 Subject: [PATCH 054/138] windows: Never link to libpthread --- configure.ac | 1 + 1 file changed, 1 insertion(+) diff --git a/configure.ac b/configure.ac index 803c7258d..3848f8cde 100644 --- a/configure.ac +++ b/configure.ac @@ -737,6 +737,7 @@ AC_COMPILE_IFELSE( AC_MSG_RESULT([yes]) windows=true openssl_lib=eay32 + AC_SUBST(PTHREADLIB, "") ], [ AC_MSG_RESULT([no]) From 3ecfc83c6be2e96d01bf8ee805737e9e14262a01 Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Tue, 29 Oct 2013 10:09:39 +0100 Subject: [PATCH 055/138] payload: Use common prefixes for all payload type identifiers The old identifiers did not use a proper namespace and often clashed with other defines. --- src/charon-tkm/src/tkm/tkm_listener.c | 2 +- src/conftest/hooks/add_notify.c | 2 +- src/conftest/hooks/custom_proposal.c | 2 +- src/conftest/hooks/force_cookie.c | 2 +- src/conftest/hooks/ike_auth_fill.c | 2 +- src/conftest/hooks/log_id.c | 4 +- src/conftest/hooks/log_ke.c | 2 +- src/conftest/hooks/log_proposals.c | 2 +- src/conftest/hooks/log_ts.c | 4 +- src/conftest/hooks/pretend_auth.c | 18 +- src/conftest/hooks/rebuild_auth.c | 6 +- src/conftest/hooks/set_proposal_number.c | 2 +- src/conftest/hooks/set_reserved.c | 10 +- src/conftest/hooks/unencrypted_notify.c | 2 +- src/libcharon/encoding/generator.c | 18 +- src/libcharon/encoding/message.c | 734 +++++++++--------- src/libcharon/encoding/parser.c | 18 +- .../encoding/payloads/auth_payload.c | 4 +- .../encoding/payloads/cert_payload.c | 4 +- .../encoding/payloads/certreq_payload.c | 12 +- .../payloads/configuration_attribute.c | 8 +- .../payloads/configuration_attribute.h | 6 +- src/libcharon/encoding/payloads/cp_payload.c | 10 +- src/libcharon/encoding/payloads/cp_payload.h | 4 +- .../encoding/payloads/delete_payload.c | 12 +- .../encoding/payloads/delete_payload.h | 2 +- src/libcharon/encoding/payloads/eap_payload.c | 4 +- .../encoding/payloads/encryption_payload.c | 16 +- .../encoding/payloads/encryption_payload.h | 2 +- .../encoding/payloads/endpoint_notify.c | 2 +- .../encoding/payloads/fragment_payload.c | 4 +- .../encoding/payloads/hash_payload.c | 4 +- .../encoding/payloads/hash_payload.h | 2 +- src/libcharon/encoding/payloads/id_payload.c | 12 +- src/libcharon/encoding/payloads/id_payload.h | 6 +- src/libcharon/encoding/payloads/ike_header.c | 2 +- src/libcharon/encoding/payloads/ke_payload.c | 8 +- src/libcharon/encoding/payloads/ke_payload.h | 4 +- .../encoding/payloads/nonce_payload.c | 8 +- .../encoding/payloads/nonce_payload.h | 2 +- .../encoding/payloads/notify_payload.c | 12 +- .../encoding/payloads/notify_payload.h | 4 +- src/libcharon/encoding/payloads/payload.c | 154 ++-- src/libcharon/encoding/payloads/payload.h | 118 +-- .../encoding/payloads/proposal_substructure.c | 82 +- .../encoding/payloads/proposal_substructure.h | 10 +- src/libcharon/encoding/payloads/sa_payload.c | 20 +- src/libcharon/encoding/payloads/sa_payload.h | 2 +- .../payloads/traffic_selector_substructure.c | 4 +- .../encoding/payloads/transform_attribute.c | 4 +- .../encoding/payloads/transform_attribute.h | 4 +- .../payloads/transform_substructure.c | 20 +- .../payloads/transform_substructure.h | 4 +- src/libcharon/encoding/payloads/ts_payload.c | 8 +- .../encoding/payloads/unknown_payload.c | 2 +- .../encoding/payloads/vendor_id_payload.c | 2 +- .../encoding/payloads/vendor_id_payload.h | 4 +- src/libcharon/network/receiver.c | 2 +- src/libcharon/plugins/eap_gtc/eap_gtc.c | 6 +- .../plugins/eap_radius/eap_radius_forward.c | 4 +- .../plugins/eap_radius/eap_radius_xauth.c | 10 +- .../plugins/radattr/radattr_listener.c | 4 +- src/libcharon/plugins/xauth_eap/xauth_eap.c | 6 +- .../plugins/xauth_generic/xauth_generic.c | 12 +- src/libcharon/plugins/xauth_pam/xauth_pam.c | 6 +- .../processing/jobs/process_message_job.c | 2 +- src/libcharon/sa/authenticator.c | 2 +- src/libcharon/sa/ike_sa_manager.c | 4 +- .../authenticators/psk_v1_authenticator.c | 4 +- .../authenticators/pubkey_v1_authenticator.c | 4 +- src/libcharon/sa/ikev1/keymat_v1.c | 6 +- src/libcharon/sa/ikev1/phase1.c | 10 +- src/libcharon/sa/ikev1/task_manager_v1.c | 8 +- .../sa/ikev1/tasks/aggressive_mode.c | 16 +- src/libcharon/sa/ikev1/tasks/informational.c | 4 +- .../sa/ikev1/tasks/isakmp_cert_post.c | 6 +- .../sa/ikev1/tasks/isakmp_cert_pre.c | 8 +- src/libcharon/sa/ikev1/tasks/isakmp_delete.c | 2 +- src/libcharon/sa/ikev1/tasks/isakmp_dpd.c | 2 +- src/libcharon/sa/ikev1/tasks/isakmp_natd.c | 16 +- src/libcharon/sa/ikev1/tasks/isakmp_vendor.c | 6 +- src/libcharon/sa/ikev1/tasks/main_mode.c | 16 +- src/libcharon/sa/ikev1/tasks/mode_config.c | 20 +- src/libcharon/sa/ikev1/tasks/quick_delete.c | 4 +- src/libcharon/sa/ikev1/tasks/quick_mode.c | 22 +- src/libcharon/sa/ikev1/tasks/xauth.c | 14 +- .../ikev2/authenticators/eap_authenticator.c | 6 +- .../ikev2/authenticators/psk_authenticator.c | 2 +- .../authenticators/pubkey_authenticator.c | 2 +- src/libcharon/sa/ikev2/connect_manager.c | 2 +- src/libcharon/sa/ikev2/task_manager_v2.c | 10 +- src/libcharon/sa/ikev2/tasks/child_create.c | 22 +- src/libcharon/sa/ikev2/tasks/child_delete.c | 6 +- src/libcharon/sa/ikev2/tasks/child_rekey.c | 6 +- src/libcharon/sa/ikev2/tasks/ike_auth.c | 28 +- src/libcharon/sa/ikev2/tasks/ike_cert_post.c | 14 +- src/libcharon/sa/ikev2/tasks/ike_cert_pre.c | 8 +- src/libcharon/sa/ikev2/tasks/ike_config.c | 16 +- src/libcharon/sa/ikev2/tasks/ike_delete.c | 2 +- src/libcharon/sa/ikev2/tasks/ike_init.c | 12 +- src/libcharon/sa/ikev2/tasks/ike_me.c | 10 +- src/libcharon/sa/ikev2/tasks/ike_mobike.c | 2 +- src/libcharon/sa/ikev2/tasks/ike_natd.c | 6 +- src/libcharon/sa/ikev2/tasks/ike_vendor.c | 4 +- 104 files changed, 903 insertions(+), 903 deletions(-) diff --git a/src/charon-tkm/src/tkm/tkm_listener.c b/src/charon-tkm/src/tkm/tkm_listener.c index 050586456..b2692a586 100644 --- a/src/charon-tkm/src/tkm/tkm_listener.c +++ b/src/charon-tkm/src/tkm/tkm_listener.c @@ -310,7 +310,7 @@ METHOD(listener_t, message, bool, " (ISA context %llu)", isa_id); auth_payload = (auth_payload_t*)message->get_payload(message, - AUTHENTICATION); + PLV2_AUTH); if (auth_payload) { chunk_t auth_data; diff --git a/src/conftest/hooks/add_notify.c b/src/conftest/hooks/add_notify.c index 504b02a7b..73a9b1a80 100644 --- a/src/conftest/hooks/add_notify.c +++ b/src/conftest/hooks/add_notify.c @@ -88,7 +88,7 @@ METHOD(listener_t, message, bool, { data = chunk_clone(chunk_create(this->data, strlen(this->data))); } - notify = notify_payload_create_from_protocol_and_type(NOTIFY, + notify = notify_payload_create_from_protocol_and_type(PLV2_NOTIFY, this->esp ? PROTO_ESP : PROTO_IKE, type); notify->set_spi(notify, this->spi); if (data.len) diff --git a/src/conftest/hooks/custom_proposal.c b/src/conftest/hooks/custom_proposal.c index 6086d13b5..ee4404575 100644 --- a/src/conftest/hooks/custom_proposal.c +++ b/src/conftest/hooks/custom_proposal.c @@ -124,7 +124,7 @@ METHOD(listener_t, message, bool, enumerator = message->create_payload_enumerator(message); while (enumerator->enumerate(enumerator, &payload)) { - if (payload->get_type(payload) == SECURITY_ASSOCIATION) + if (payload->get_type(payload) == PLV2_SECURITY_ASSOCIATION) { old = (sa_payload_t*)payload; message->remove_payload_at(message, enumerator); diff --git a/src/conftest/hooks/force_cookie.c b/src/conftest/hooks/force_cookie.c index 1b044db14..6be516cf4 100644 --- a/src/conftest/hooks/force_cookie.c +++ b/src/conftest/hooks/force_cookie.c @@ -44,7 +44,7 @@ METHOD(listener_t, message, bool, enumerator = message->create_payload_enumerator(message); while (enumerator->enumerate(enumerator, &payload)) { - if (payload->get_type(payload) == NOTIFY) + if (payload->get_type(payload) == PLV2_NOTIFY) { notify_payload_t *notify = (notify_payload_t*)payload; chunk_t data; diff --git a/src/conftest/hooks/ike_auth_fill.c b/src/conftest/hooks/ike_auth_fill.c index 09590d4f3..5cdd5be38 100644 --- a/src/conftest/hooks/ike_auth_fill.c +++ b/src/conftest/hooks/ike_auth_fill.c @@ -108,7 +108,7 @@ METHOD(listener_t, message, bool, diff = this->bytes - size - CERT_PAYLOAD_HEADER_LENGTH; data = chunk_alloc(diff); memset(data.ptr, 0x12, data.len); - pld = cert_payload_create_custom(CERTIFICATE, 201, data); + pld = cert_payload_create_custom(PLV2_CERTIFICATE, 201, data); message->add_payload(message, &pld->payload_interface); DBG1(DBG_CFG, "inserting %d dummy bytes certificate payload", diff); } diff --git a/src/conftest/hooks/log_id.c b/src/conftest/hooks/log_id.c index 07dd6a44e..f47372fa7 100644 --- a/src/conftest/hooks/log_id.c +++ b/src/conftest/hooks/log_id.c @@ -45,8 +45,8 @@ METHOD(listener_t, message, bool, enumerator = message->create_payload_enumerator(message); while (enumerator->enumerate(enumerator, &payload)) { - if (payload->get_type(payload) == ID_INITIATOR || - payload->get_type(payload) == ID_RESPONDER) + if (payload->get_type(payload) == PLV2_ID_INITIATOR || + payload->get_type(payload) == PLV2_ID_RESPONDER) { id_payload = (id_payload_t*)payload; id = id_payload->get_identification(id_payload); diff --git a/src/conftest/hooks/log_ke.c b/src/conftest/hooks/log_ke.c index 710482326..66aa4a65e 100644 --- a/src/conftest/hooks/log_ke.c +++ b/src/conftest/hooks/log_ke.c @@ -43,7 +43,7 @@ METHOD(listener_t, message, bool, enumerator = message->create_payload_enumerator(message); while (enumerator->enumerate(enumerator, &payload)) { - if (payload->get_type(payload) == KEY_EXCHANGE) + if (payload->get_type(payload) == PLV2_KEY_EXCHANGE) { ke = (ke_payload_t*)payload; DBG1(DBG_CFG, "received DH group %N", diff --git a/src/conftest/hooks/log_proposals.c b/src/conftest/hooks/log_proposals.c index 347b83209..c0d458eae 100644 --- a/src/conftest/hooks/log_proposals.c +++ b/src/conftest/hooks/log_proposals.c @@ -45,7 +45,7 @@ METHOD(listener_t, message, bool, enumerator = message->create_payload_enumerator(message); while (enumerator->enumerate(enumerator, &payload)) { - if (payload->get_type(payload) == SECURITY_ASSOCIATION) + if (payload->get_type(payload) == PLV2_SECURITY_ASSOCIATION) { sa = (sa_payload_t*)payload; list = sa->get_proposals(sa); diff --git a/src/conftest/hooks/log_ts.c b/src/conftest/hooks/log_ts.c index f212efa12..79c59b89a 100644 --- a/src/conftest/hooks/log_ts.c +++ b/src/conftest/hooks/log_ts.c @@ -43,8 +43,8 @@ METHOD(listener_t, message, bool, enumerator = message->create_payload_enumerator(message); while (enumerator->enumerate(enumerator, &payload)) { - if (payload->get_type(payload) == TRAFFIC_SELECTOR_INITIATOR || - payload->get_type(payload) == TRAFFIC_SELECTOR_RESPONDER) + if (payload->get_type(payload) == PLV2_TS_INITIATOR || + payload->get_type(payload) == PLV2_TS_RESPONDER) { ts = (ts_payload_t*)payload; host_t *from, *to; diff --git a/src/conftest/hooks/pretend_auth.c b/src/conftest/hooks/pretend_auth.c index 4166afc79..54957b048 100644 --- a/src/conftest/hooks/pretend_auth.c +++ b/src/conftest/hooks/pretend_auth.c @@ -79,7 +79,7 @@ static void process_init_request(private_pretend_auth_t *this, { nonce_payload_t *nonce; - nonce = (nonce_payload_t*)message->get_payload(message, NONCE); + nonce = (nonce_payload_t*)message->get_payload(message, PLV2_NONCE); if (nonce) { free(this->nonce.ptr); @@ -98,13 +98,13 @@ static void process_auth_request(private_pretend_auth_t *this, ts_payload_t *tsi, *tsr; linked_list_t *proposals; - id = (id_payload_t*)message->get_payload(message, ID_RESPONDER); + id = (id_payload_t*)message->get_payload(message, PLV2_ID_RESPONDER); if (id) { this->id->destroy(this->id); this->id = id->get_identification(id); } - sa = (sa_payload_t*)message->get_payload(message, SECURITY_ASSOCIATION); + sa = (sa_payload_t*)message->get_payload(message, PLV2_SECURITY_ASSOCIATION); if (sa) { proposals = sa->get_proposals(sa); @@ -116,13 +116,13 @@ static void process_auth_request(private_pretend_auth_t *this, proposals->destroy_offset(proposals, offsetof(proposal_t, destroy)); } tsi = (ts_payload_t*)message->get_payload(message, - TRAFFIC_SELECTOR_INITIATOR); + PLV2_TS_INITIATOR); if (tsi) { this->tsi = tsi->get_traffic_selectors(tsi); } tsr = (ts_payload_t*)message->get_payload(message, - TRAFFIC_SELECTOR_RESPONDER); + PLV2_TS_RESPONDER); if (tsr) { this->tsr = tsr->get_traffic_selectors(tsr); @@ -154,7 +154,7 @@ static void build_certs(private_pretend_auth_t *this, cert = auth->get(auth, AUTH_RULE_SUBJECT_CERT); if (cert) { - payload = cert_payload_create_from_cert(CERTIFICATE, cert); + payload = cert_payload_create_from_cert(PLV2_CERTIFICATE, cert); if (payload) { DBG1(DBG_IKE, "pretending end entity cert \"%Y\"", @@ -167,7 +167,7 @@ static void build_certs(private_pretend_auth_t *this, { if (type == AUTH_RULE_IM_CERT) { - payload = cert_payload_create_from_cert(CERTIFICATE, cert); + payload = cert_payload_create_from_cert(PLV2_CERTIFICATE, cert); if (payload) { DBG1(DBG_IKE, "pretending issuer cert \"%Y\"", @@ -276,7 +276,7 @@ static void process_auth_response(private_pretend_auth_t *this, { notify_payload_t *notify = (notify_payload_t*)payload; - if (payload->get_type(payload) != NOTIFY || + if (payload->get_type(payload) != PLV2_NOTIFY || notify->get_notify_type(notify) != AUTHENTICATION_FAILED) { DBG1(DBG_CFG, "no %N notify found, disabling AUTH pretending", @@ -295,7 +295,7 @@ static void process_auth_response(private_pretend_auth_t *this, return; } message->add_payload(message, (payload_t*) - id_payload_create_from_identification(ID_RESPONDER, this->id)); + id_payload_create_from_identification(PLV2_ID_RESPONDER, this->id)); if (this->proposal) { message->add_payload(message, (payload_t*) diff --git a/src/conftest/hooks/rebuild_auth.c b/src/conftest/hooks/rebuild_auth.c index b7e6f22e7..bc2f00071 100644 --- a/src/conftest/hooks/rebuild_auth.c +++ b/src/conftest/hooks/rebuild_auth.c @@ -70,7 +70,7 @@ static bool rebuild_auth(private_rebuild_auth_t *this, ike_sa_t *ike_sa, u_int32_t *lenpos; payload = message->get_payload(message, - message->get_request(message) ? ID_INITIATOR : ID_RESPONDER); + message->get_request(message) ? PLV2_ID_INITIATOR : PLV2_ID_RESPONDER); if (!payload) { DBG1(DBG_CFG, "ID payload not found to rebuild AUTH"); @@ -160,7 +160,7 @@ static bool rebuild_auth(private_rebuild_auth_t *this, ike_sa_t *ike_sa, enumerator = message->create_payload_enumerator(message); while (enumerator->enumerate(enumerator, &payload)) { - if (payload->get_type(payload) == AUTHENTICATION) + if (payload->get_type(payload) == PLV2_AUTH) { message->remove_payload_at(message, enumerator); payload->destroy(payload); @@ -191,7 +191,7 @@ METHOD(listener_t, message, bool, { nonce_payload_t *nonce; - nonce = (nonce_payload_t*)message->get_payload(message, NONCE); + nonce = (nonce_payload_t*)message->get_payload(message, PLV2_NONCE); if (nonce) { free(this->nonce.ptr); diff --git a/src/conftest/hooks/set_proposal_number.c b/src/conftest/hooks/set_proposal_number.c index 0cc3cfc63..4e572d608 100644 --- a/src/conftest/hooks/set_proposal_number.c +++ b/src/conftest/hooks/set_proposal_number.c @@ -85,7 +85,7 @@ METHOD(listener_t, message, bool, enumerator = message->create_payload_enumerator(message); while (enumerator->enumerate(enumerator, &payload)) { - if (payload->get_type(payload) == SECURITY_ASSOCIATION) + if (payload->get_type(payload) == PLV2_SECURITY_ASSOCIATION) { sa = (sa_payload_t*)payload; list = sa->get_proposals(sa); diff --git a/src/conftest/hooks/set_reserved.c b/src/conftest/hooks/set_reserved.c index 5961aebc4..488e8df1c 100644 --- a/src/conftest/hooks/set_reserved.c +++ b/src/conftest/hooks/set_reserved.c @@ -55,7 +55,7 @@ static void set_bit(private_set_reserved_t *this, message_t *message, payload_t *payload; bool *bit; - if (type == HEADER) + if (type == PL_HEADER) { message->set_reserved_header_bit(message, nr); DBG1(DBG_CFG, "setting reserved bit %d of %N", @@ -91,7 +91,7 @@ static void set_byte(private_set_reserved_t *this, message_t *message, payload_t *payload; u_int8_t *byte; - if (type == TRANSFORM_SUBSTRUCTURE || type == PROPOSAL_SUBSTRUCTURE) + if (type == PLV2_TRANSFORM_SUBSTRUCTURE || type == PLV2_PROPOSAL_SUBSTRUCTURE) { enumerator_t *transforms, *proposals; transform_substructure_t *transform; @@ -101,13 +101,13 @@ static void set_byte(private_set_reserved_t *this, message_t *message, payloads = message->create_payload_enumerator(message); while (payloads->enumerate(payloads, &payload)) { - if (payload->get_type(payload) == SECURITY_ASSOCIATION) + if (payload->get_type(payload) == PLV2_SECURITY_ASSOCIATION) { sa = (sa_payload_t*)payload; proposals = sa->create_substructure_enumerator(sa); while (proposals->enumerate(proposals, &proposal)) { - if (type == PROPOSAL_SUBSTRUCTURE) + if (type == PLV2_PROPOSAL_SUBSTRUCTURE) { byte = payload_get_field(&proposal->payload_interface, RESERVED_BYTE, nr); @@ -118,7 +118,7 @@ static void set_byte(private_set_reserved_t *this, message_t *message, *byte = byteval; } } - else if (type == TRANSFORM_SUBSTRUCTURE) + else if (type == PLV2_TRANSFORM_SUBSTRUCTURE) { transforms = proposal->create_substructure_enumerator( proposal); diff --git a/src/conftest/hooks/unencrypted_notify.c b/src/conftest/hooks/unencrypted_notify.c index dae76faba..2a7498527 100644 --- a/src/conftest/hooks/unencrypted_notify.c +++ b/src/conftest/hooks/unencrypted_notify.c @@ -83,7 +83,7 @@ METHOD(listener_t, ike_updown, bool, { data = chunk_clone(chunk_create(this->data, strlen(this->data))); } - notify = notify_payload_create_from_protocol_and_type(NOTIFY, + notify = notify_payload_create_from_protocol_and_type(PLV2_NOTIFY, this->esp ? PROTO_ESP : PROTO_IKE, type); notify->set_spi(notify, this->spi); if (data.len) diff --git a/src/libcharon/encoding/generator.c b/src/libcharon/encoding/generator.c index 2b6825c71..d4ca5b584 100644 --- a/src/libcharon/encoding/generator.c +++ b/src/libcharon/encoding/generator.c @@ -498,15 +498,15 @@ METHOD(generator_t, generate_payload, void, case ENCRYPTED_DATA: generate_from_chunk(this, rules[i].offset); break; - case PAYLOAD_LIST + PROPOSAL_SUBSTRUCTURE: - case PAYLOAD_LIST + PROPOSAL_SUBSTRUCTURE_V1: - case PAYLOAD_LIST + TRANSFORM_SUBSTRUCTURE: - case PAYLOAD_LIST + TRANSFORM_SUBSTRUCTURE_V1: - case PAYLOAD_LIST + TRANSFORM_ATTRIBUTE: - case PAYLOAD_LIST + TRANSFORM_ATTRIBUTE_V1: - case PAYLOAD_LIST + CONFIGURATION_ATTRIBUTE: - case PAYLOAD_LIST + CONFIGURATION_ATTRIBUTE_V1: - case PAYLOAD_LIST + TRAFFIC_SELECTOR_SUBSTRUCTURE: + case PAYLOAD_LIST + PLV2_PROPOSAL_SUBSTRUCTURE: + case PAYLOAD_LIST + PLV1_PROPOSAL_SUBSTRUCTURE: + case PAYLOAD_LIST + PLV2_TRANSFORM_SUBSTRUCTURE: + case PAYLOAD_LIST + PLV1_TRANSFORM_SUBSTRUCTURE: + case PAYLOAD_LIST + PLV2_TRANSFORM_ATTRIBUTE: + case PAYLOAD_LIST + PLV1_TRANSFORM_ATTRIBUTE: + case PAYLOAD_LIST + PLV2_CONFIGURATION_ATTRIBUTE: + case PAYLOAD_LIST + PLV1_CONFIGURATION_ATTRIBUTE: + case PAYLOAD_LIST + PLV2_TRAFFIC_SELECTOR_SUBSTRUCTURE: { linked_list_t *proposals; enumerator_t *enumerator; diff --git a/src/libcharon/encoding/message.c b/src/libcharon/encoding/message.c index 3a1014ef0..0f5f40ada 100644 --- a/src/libcharon/encoding/message.c +++ b/src/libcharon/encoding/message.c @@ -89,7 +89,7 @@ typedef struct { typedef struct { /** payload type */ payload_type_t type; - /** notify type, if payload == NOTIFY */ + /** notify type, if payload == PLV2_NOTIFY */ notify_type_t notify; } payload_order_t; @@ -120,11 +120,11 @@ typedef struct { */ static payload_rule_t ike_sa_init_i_rules[] = { /* payload type min max encr suff */ - {NOTIFY, 0, MAX_NOTIFY_PAYLOADS, FALSE, FALSE}, - {SECURITY_ASSOCIATION, 1, 1, FALSE, FALSE}, - {KEY_EXCHANGE, 1, 1, FALSE, FALSE}, - {NONCE, 1, 1, FALSE, FALSE}, - {VENDOR_ID, 0, MAX_VID_PAYLOADS, FALSE, FALSE}, + {PLV2_NOTIFY, 0, MAX_NOTIFY_PAYLOADS, FALSE, FALSE}, + {PLV2_SECURITY_ASSOCIATION, 1, 1, FALSE, FALSE}, + {PLV2_KEY_EXCHANGE, 1, 1, FALSE, FALSE}, + {PLV2_NONCE, 1, 1, FALSE, FALSE}, + {PLV2_VENDOR_ID, 0, MAX_VID_PAYLOADS, FALSE, FALSE}, }; /** @@ -132,14 +132,14 @@ static payload_rule_t ike_sa_init_i_rules[] = { */ static payload_order_t ike_sa_init_i_order[] = { /* payload type notify type */ - {NOTIFY, COOKIE}, - {SECURITY_ASSOCIATION, 0}, - {KEY_EXCHANGE, 0}, - {NONCE, 0}, - {NOTIFY, NAT_DETECTION_SOURCE_IP}, - {NOTIFY, NAT_DETECTION_DESTINATION_IP}, - {NOTIFY, 0}, - {VENDOR_ID, 0}, + {PLV2_NOTIFY, COOKIE}, + {PLV2_SECURITY_ASSOCIATION, 0}, + {PLV2_KEY_EXCHANGE, 0}, + {PLV2_NONCE, 0}, + {PLV2_NOTIFY, NAT_DETECTION_SOURCE_IP}, + {PLV2_NOTIFY, NAT_DETECTION_DESTINATION_IP}, + {PLV2_NOTIFY, 0}, + {PLV2_VENDOR_ID, 0}, }; /** @@ -147,12 +147,12 @@ static payload_order_t ike_sa_init_i_order[] = { */ static payload_rule_t ike_sa_init_r_rules[] = { /* payload type min max encr suff */ - {NOTIFY, 0, MAX_NOTIFY_PAYLOADS, FALSE, TRUE}, - {SECURITY_ASSOCIATION, 1, 1, FALSE, FALSE}, - {KEY_EXCHANGE, 1, 1, FALSE, FALSE}, - {NONCE, 1, 1, FALSE, FALSE}, - {CERTIFICATE_REQUEST, 0, MAX_CERTREQ_PAYLOADS, FALSE, FALSE}, - {VENDOR_ID, 0, MAX_VID_PAYLOADS, FALSE, FALSE}, + {PLV2_NOTIFY, 0, MAX_NOTIFY_PAYLOADS, FALSE, TRUE}, + {PLV2_SECURITY_ASSOCIATION, 1, 1, FALSE, FALSE}, + {PLV2_KEY_EXCHANGE, 1, 1, FALSE, FALSE}, + {PLV2_NONCE, 1, 1, FALSE, FALSE}, + {PLV2_CERTREQ, 0, MAX_CERTREQ_PAYLOADS, FALSE, FALSE}, + {PLV2_VENDOR_ID, 0, MAX_VID_PAYLOADS, FALSE, FALSE}, }; /** @@ -160,15 +160,15 @@ static payload_rule_t ike_sa_init_r_rules[] = { */ static payload_order_t ike_sa_init_r_order[] = { /* payload type notify type */ - {SECURITY_ASSOCIATION, 0}, - {KEY_EXCHANGE, 0}, - {NONCE, 0}, - {NOTIFY, NAT_DETECTION_SOURCE_IP}, - {NOTIFY, NAT_DETECTION_DESTINATION_IP}, - {NOTIFY, HTTP_CERT_LOOKUP_SUPPORTED}, - {CERTIFICATE_REQUEST, 0}, - {NOTIFY, 0}, - {VENDOR_ID, 0}, + {PLV2_SECURITY_ASSOCIATION, 0}, + {PLV2_KEY_EXCHANGE, 0}, + {PLV2_NONCE, 0}, + {PLV2_NOTIFY, NAT_DETECTION_SOURCE_IP}, + {PLV2_NOTIFY, NAT_DETECTION_DESTINATION_IP}, + {PLV2_NOTIFY, HTTP_CERT_LOOKUP_SUPPORTED}, + {PLV2_CERTREQ, 0}, + {PLV2_NOTIFY, 0}, + {PLV2_VENDOR_ID, 0}, }; /** @@ -176,24 +176,24 @@ static payload_order_t ike_sa_init_r_order[] = { */ static payload_rule_t ike_auth_i_rules[] = { /* payload type min max encr suff */ - {NOTIFY, 0, MAX_NOTIFY_PAYLOADS, TRUE, FALSE}, - {EXTENSIBLE_AUTHENTICATION, 0, 1, TRUE, TRUE}, - {AUTHENTICATION, 0, 1, TRUE, TRUE}, - {ID_INITIATOR, 0, 1, TRUE, FALSE}, - {CERTIFICATE, 0, MAX_CERT_PAYLOADS, TRUE, FALSE}, - {CERTIFICATE_REQUEST, 0, MAX_CERTREQ_PAYLOADS, TRUE, FALSE}, - {ID_RESPONDER, 0, 1, TRUE, FALSE}, + {PLV2_NOTIFY, 0, MAX_NOTIFY_PAYLOADS, TRUE, FALSE}, + {PLV2_EAP, 0, 1, TRUE, TRUE}, + {PLV2_AUTH, 0, 1, TRUE, TRUE}, + {PLV2_ID_INITIATOR, 0, 1, TRUE, FALSE}, + {PLV2_CERTIFICATE, 0, MAX_CERT_PAYLOADS, TRUE, FALSE}, + {PLV2_CERTREQ, 0, MAX_CERTREQ_PAYLOADS, TRUE, FALSE}, + {PLV2_ID_RESPONDER, 0, 1, TRUE, FALSE}, #ifdef ME - {SECURITY_ASSOCIATION, 0, 1, TRUE, FALSE}, - {TRAFFIC_SELECTOR_INITIATOR, 0, 1, TRUE, FALSE}, - {TRAFFIC_SELECTOR_RESPONDER, 0, 1, TRUE, FALSE}, + {PLV2_SECURITY_ASSOCIATION, 0, 1, TRUE, FALSE}, + {PLV2_TS_INITIATOR, 0, 1, TRUE, FALSE}, + {PLV2_TS_RESPONDER, 0, 1, TRUE, FALSE}, #else - {SECURITY_ASSOCIATION, 0, 1, TRUE, FALSE}, - {TRAFFIC_SELECTOR_INITIATOR, 0, 1, TRUE, FALSE}, - {TRAFFIC_SELECTOR_RESPONDER, 0, 1, TRUE, FALSE}, + {PLV2_SECURITY_ASSOCIATION, 0, 1, TRUE, FALSE}, + {PLV2_TS_INITIATOR, 0, 1, TRUE, FALSE}, + {PLV2_TS_RESPONDER, 0, 1, TRUE, FALSE}, #endif /* ME */ - {CONFIGURATION, 0, 1, TRUE, FALSE}, - {VENDOR_ID, 0, MAX_VID_PAYLOADS, TRUE, FALSE}, + {PLV2_CONFIGURATION, 0, 1, TRUE, FALSE}, + {PLV2_VENDOR_ID, 0, MAX_VID_PAYLOADS, TRUE, FALSE}, }; /** @@ -201,28 +201,28 @@ static payload_rule_t ike_auth_i_rules[] = { */ static payload_order_t ike_auth_i_order[] = { /* payload type notify type */ - {ID_INITIATOR, 0}, - {CERTIFICATE, 0}, - {NOTIFY, INITIAL_CONTACT}, - {NOTIFY, HTTP_CERT_LOOKUP_SUPPORTED}, - {CERTIFICATE_REQUEST, 0}, - {ID_RESPONDER, 0}, - {AUTHENTICATION, 0}, - {EXTENSIBLE_AUTHENTICATION, 0}, - {CONFIGURATION, 0}, - {NOTIFY, IPCOMP_SUPPORTED}, - {NOTIFY, USE_TRANSPORT_MODE}, - {NOTIFY, ESP_TFC_PADDING_NOT_SUPPORTED}, - {NOTIFY, NON_FIRST_FRAGMENTS_ALSO}, - {SECURITY_ASSOCIATION, 0}, - {TRAFFIC_SELECTOR_INITIATOR, 0}, - {TRAFFIC_SELECTOR_RESPONDER, 0}, - {NOTIFY, MOBIKE_SUPPORTED}, - {NOTIFY, ADDITIONAL_IP4_ADDRESS}, - {NOTIFY, ADDITIONAL_IP6_ADDRESS}, - {NOTIFY, NO_ADDITIONAL_ADDRESSES}, - {NOTIFY, 0}, - {VENDOR_ID, 0}, + {PLV2_ID_INITIATOR, 0}, + {PLV2_CERTIFICATE, 0}, + {PLV2_NOTIFY, INITIAL_CONTACT}, + {PLV2_NOTIFY, HTTP_CERT_LOOKUP_SUPPORTED}, + {PLV2_CERTREQ, 0}, + {PLV2_ID_RESPONDER, 0}, + {PLV2_AUTH, 0}, + {PLV2_EAP, 0}, + {PLV2_CONFIGURATION, 0}, + {PLV2_NOTIFY, IPCOMP_SUPPORTED}, + {PLV2_NOTIFY, USE_TRANSPORT_MODE}, + {PLV2_NOTIFY, ESP_TFC_PADDING_NOT_SUPPORTED}, + {PLV2_NOTIFY, NON_FIRST_FRAGMENTS_ALSO}, + {PLV2_SECURITY_ASSOCIATION, 0}, + {PLV2_TS_INITIATOR, 0}, + {PLV2_TS_RESPONDER, 0}, + {PLV2_NOTIFY, MOBIKE_SUPPORTED}, + {PLV2_NOTIFY, ADDITIONAL_IP4_ADDRESS}, + {PLV2_NOTIFY, ADDITIONAL_IP6_ADDRESS}, + {PLV2_NOTIFY, NO_ADDITIONAL_ADDRESSES}, + {PLV2_NOTIFY, 0}, + {PLV2_VENDOR_ID, 0}, }; /** @@ -230,16 +230,16 @@ static payload_order_t ike_auth_i_order[] = { */ static payload_rule_t ike_auth_r_rules[] = { /* payload type min max encr suff */ - {NOTIFY, 0, MAX_NOTIFY_PAYLOADS, TRUE, TRUE}, - {EXTENSIBLE_AUTHENTICATION, 0, 1, TRUE, TRUE}, - {AUTHENTICATION, 0, 1, TRUE, TRUE}, - {CERTIFICATE, 0, MAX_CERT_PAYLOADS, TRUE, FALSE}, - {ID_RESPONDER, 0, 1, TRUE, FALSE}, - {SECURITY_ASSOCIATION, 0, 1, TRUE, FALSE}, - {TRAFFIC_SELECTOR_INITIATOR, 0, 1, TRUE, FALSE}, - {TRAFFIC_SELECTOR_RESPONDER, 0, 1, TRUE, FALSE}, - {CONFIGURATION, 0, 1, TRUE, FALSE}, - {VENDOR_ID, 0, MAX_VID_PAYLOADS, TRUE, FALSE}, + {PLV2_NOTIFY, 0, MAX_NOTIFY_PAYLOADS, TRUE, TRUE}, + {PLV2_EAP, 0, 1, TRUE, TRUE}, + {PLV2_AUTH, 0, 1, TRUE, TRUE}, + {PLV2_CERTIFICATE, 0, MAX_CERT_PAYLOADS, TRUE, FALSE}, + {PLV2_ID_RESPONDER, 0, 1, TRUE, FALSE}, + {PLV2_SECURITY_ASSOCIATION, 0, 1, TRUE, FALSE}, + {PLV2_TS_INITIATOR, 0, 1, TRUE, FALSE}, + {PLV2_TS_RESPONDER, 0, 1, TRUE, FALSE}, + {PLV2_CONFIGURATION, 0, 1, TRUE, FALSE}, + {PLV2_VENDOR_ID, 0, MAX_VID_PAYLOADS, TRUE, FALSE}, }; /** @@ -247,25 +247,25 @@ static payload_rule_t ike_auth_r_rules[] = { */ static payload_order_t ike_auth_r_order[] = { /* payload type notify type */ - {ID_RESPONDER, 0}, - {CERTIFICATE, 0}, - {AUTHENTICATION, 0}, - {EXTENSIBLE_AUTHENTICATION, 0}, - {CONFIGURATION, 0}, - {NOTIFY, IPCOMP_SUPPORTED}, - {NOTIFY, USE_TRANSPORT_MODE}, - {NOTIFY, ESP_TFC_PADDING_NOT_SUPPORTED}, - {NOTIFY, NON_FIRST_FRAGMENTS_ALSO}, - {SECURITY_ASSOCIATION, 0}, - {TRAFFIC_SELECTOR_INITIATOR, 0}, - {TRAFFIC_SELECTOR_RESPONDER, 0}, - {NOTIFY, AUTH_LIFETIME}, - {NOTIFY, MOBIKE_SUPPORTED}, - {NOTIFY, ADDITIONAL_IP4_ADDRESS}, - {NOTIFY, ADDITIONAL_IP6_ADDRESS}, - {NOTIFY, NO_ADDITIONAL_ADDRESSES}, - {NOTIFY, 0}, - {VENDOR_ID, 0}, + {PLV2_ID_RESPONDER, 0}, + {PLV2_CERTIFICATE, 0}, + {PLV2_AUTH, 0}, + {PLV2_EAP, 0}, + {PLV2_CONFIGURATION, 0}, + {PLV2_NOTIFY, IPCOMP_SUPPORTED}, + {PLV2_NOTIFY, USE_TRANSPORT_MODE}, + {PLV2_NOTIFY, ESP_TFC_PADDING_NOT_SUPPORTED}, + {PLV2_NOTIFY, NON_FIRST_FRAGMENTS_ALSO}, + {PLV2_SECURITY_ASSOCIATION, 0}, + {PLV2_TS_INITIATOR, 0}, + {PLV2_TS_RESPONDER, 0}, + {PLV2_NOTIFY, AUTH_LIFETIME}, + {PLV2_NOTIFY, MOBIKE_SUPPORTED}, + {PLV2_NOTIFY, ADDITIONAL_IP4_ADDRESS}, + {PLV2_NOTIFY, ADDITIONAL_IP6_ADDRESS}, + {PLV2_NOTIFY, NO_ADDITIONAL_ADDRESSES}, + {PLV2_NOTIFY, 0}, + {PLV2_VENDOR_ID, 0}, }; /** @@ -273,10 +273,10 @@ static payload_order_t ike_auth_r_order[] = { */ static payload_rule_t informational_i_rules[] = { /* payload type min max encr suff */ - {NOTIFY, 0, MAX_NOTIFY_PAYLOADS, TRUE, FALSE}, - {CONFIGURATION, 0, 1, TRUE, FALSE}, - {DELETE, 0, MAX_DELETE_PAYLOADS, TRUE, FALSE}, - {VENDOR_ID, 0, MAX_VID_PAYLOADS, TRUE, FALSE}, + {PLV2_NOTIFY, 0, MAX_NOTIFY_PAYLOADS, TRUE, FALSE}, + {PLV2_CONFIGURATION, 0, 1, TRUE, FALSE}, + {PLV2_DELETE, 0, MAX_DELETE_PAYLOADS, TRUE, FALSE}, + {PLV2_VENDOR_ID, 0, MAX_VID_PAYLOADS, TRUE, FALSE}, }; /** @@ -284,13 +284,13 @@ static payload_rule_t informational_i_rules[] = { */ static payload_order_t informational_i_order[] = { /* payload type notify type */ - {NOTIFY, UPDATE_SA_ADDRESSES}, - {NOTIFY, NAT_DETECTION_SOURCE_IP}, - {NOTIFY, NAT_DETECTION_DESTINATION_IP}, - {NOTIFY, COOKIE2}, - {NOTIFY, 0}, - {DELETE, 0}, - {CONFIGURATION, 0}, + {PLV2_NOTIFY, UPDATE_SA_ADDRESSES}, + {PLV2_NOTIFY, NAT_DETECTION_SOURCE_IP}, + {PLV2_NOTIFY, NAT_DETECTION_DESTINATION_IP}, + {PLV2_NOTIFY, COOKIE2}, + {PLV2_NOTIFY, 0}, + {PLV2_DELETE, 0}, + {PLV2_CONFIGURATION, 0}, }; /** @@ -298,10 +298,10 @@ static payload_order_t informational_i_order[] = { */ static payload_rule_t informational_r_rules[] = { /* payload type min max encr suff */ - {NOTIFY, 0, MAX_NOTIFY_PAYLOADS, TRUE, FALSE}, - {CONFIGURATION, 0, 1, TRUE, FALSE}, - {DELETE, 0, MAX_DELETE_PAYLOADS, TRUE, FALSE}, - {VENDOR_ID, 0, MAX_VID_PAYLOADS, TRUE, FALSE}, + {PLV2_NOTIFY, 0, MAX_NOTIFY_PAYLOADS, TRUE, FALSE}, + {PLV2_CONFIGURATION, 0, 1, TRUE, FALSE}, + {PLV2_DELETE, 0, MAX_DELETE_PAYLOADS, TRUE, FALSE}, + {PLV2_VENDOR_ID, 0, MAX_VID_PAYLOADS, TRUE, FALSE}, }; /** @@ -309,13 +309,13 @@ static payload_rule_t informational_r_rules[] = { */ static payload_order_t informational_r_order[] = { /* payload type notify type */ - {NOTIFY, UPDATE_SA_ADDRESSES}, - {NOTIFY, NAT_DETECTION_SOURCE_IP}, - {NOTIFY, NAT_DETECTION_DESTINATION_IP}, - {NOTIFY, COOKIE2}, - {NOTIFY, 0}, - {DELETE, 0}, - {CONFIGURATION, 0}, + {PLV2_NOTIFY, UPDATE_SA_ADDRESSES}, + {PLV2_NOTIFY, NAT_DETECTION_SOURCE_IP}, + {PLV2_NOTIFY, NAT_DETECTION_DESTINATION_IP}, + {PLV2_NOTIFY, COOKIE2}, + {PLV2_NOTIFY, 0}, + {PLV2_DELETE, 0}, + {PLV2_CONFIGURATION, 0}, }; /** @@ -323,14 +323,14 @@ static payload_order_t informational_r_order[] = { */ static payload_rule_t create_child_sa_i_rules[] = { /* payload type min max encr suff */ - {NOTIFY, 0, MAX_NOTIFY_PAYLOADS, TRUE, FALSE}, - {SECURITY_ASSOCIATION, 1, 1, TRUE, FALSE}, - {NONCE, 1, 1, TRUE, FALSE}, - {KEY_EXCHANGE, 0, 1, TRUE, FALSE}, - {TRAFFIC_SELECTOR_INITIATOR, 0, 1, TRUE, FALSE}, - {TRAFFIC_SELECTOR_RESPONDER, 0, 1, TRUE, FALSE}, - {CONFIGURATION, 0, 1, TRUE, FALSE}, - {VENDOR_ID, 0, MAX_VID_PAYLOADS, TRUE, FALSE}, + {PLV2_NOTIFY, 0, MAX_NOTIFY_PAYLOADS, TRUE, FALSE}, + {PLV2_SECURITY_ASSOCIATION, 1, 1, TRUE, FALSE}, + {PLV2_NONCE, 1, 1, TRUE, FALSE}, + {PLV2_KEY_EXCHANGE, 0, 1, TRUE, FALSE}, + {PLV2_TS_INITIATOR, 0, 1, TRUE, FALSE}, + {PLV2_TS_RESPONDER, 0, 1, TRUE, FALSE}, + {PLV2_CONFIGURATION, 0, 1, TRUE, FALSE}, + {PLV2_VENDOR_ID, 0, MAX_VID_PAYLOADS, TRUE, FALSE}, }; /** @@ -338,17 +338,17 @@ static payload_rule_t create_child_sa_i_rules[] = { */ static payload_order_t create_child_sa_i_order[] = { /* payload type notify type */ - {NOTIFY, REKEY_SA}, - {NOTIFY, IPCOMP_SUPPORTED}, - {NOTIFY, USE_TRANSPORT_MODE}, - {NOTIFY, ESP_TFC_PADDING_NOT_SUPPORTED}, - {NOTIFY, NON_FIRST_FRAGMENTS_ALSO}, - {SECURITY_ASSOCIATION, 0}, - {NONCE, 0}, - {KEY_EXCHANGE, 0}, - {TRAFFIC_SELECTOR_INITIATOR, 0}, - {TRAFFIC_SELECTOR_RESPONDER, 0}, - {NOTIFY, 0}, + {PLV2_NOTIFY, REKEY_SA}, + {PLV2_NOTIFY, IPCOMP_SUPPORTED}, + {PLV2_NOTIFY, USE_TRANSPORT_MODE}, + {PLV2_NOTIFY, ESP_TFC_PADDING_NOT_SUPPORTED}, + {PLV2_NOTIFY, NON_FIRST_FRAGMENTS_ALSO}, + {PLV2_SECURITY_ASSOCIATION, 0}, + {PLV2_NONCE, 0}, + {PLV2_KEY_EXCHANGE, 0}, + {PLV2_TS_INITIATOR, 0}, + {PLV2_TS_RESPONDER, 0}, + {PLV2_NOTIFY, 0}, }; /** @@ -356,14 +356,14 @@ static payload_order_t create_child_sa_i_order[] = { */ static payload_rule_t create_child_sa_r_rules[] = { /* payload type min max encr suff */ - {NOTIFY, 0, MAX_NOTIFY_PAYLOADS, TRUE, TRUE}, - {SECURITY_ASSOCIATION, 1, 1, TRUE, FALSE}, - {NONCE, 1, 1, TRUE, FALSE}, - {KEY_EXCHANGE, 0, 1, TRUE, FALSE}, - {TRAFFIC_SELECTOR_INITIATOR, 0, 1, TRUE, FALSE}, - {TRAFFIC_SELECTOR_RESPONDER, 0, 1, TRUE, FALSE}, - {CONFIGURATION, 0, 1, TRUE, FALSE}, - {VENDOR_ID, 0, MAX_VID_PAYLOADS, TRUE, FALSE}, + {PLV2_NOTIFY, 0, MAX_NOTIFY_PAYLOADS, TRUE, TRUE}, + {PLV2_SECURITY_ASSOCIATION, 1, 1, TRUE, FALSE}, + {PLV2_NONCE, 1, 1, TRUE, FALSE}, + {PLV2_KEY_EXCHANGE, 0, 1, TRUE, FALSE}, + {PLV2_TS_INITIATOR, 0, 1, TRUE, FALSE}, + {PLV2_TS_RESPONDER, 0, 1, TRUE, FALSE}, + {PLV2_CONFIGURATION, 0, 1, TRUE, FALSE}, + {PLV2_VENDOR_ID, 0, MAX_VID_PAYLOADS, TRUE, FALSE}, }; /** @@ -371,17 +371,17 @@ static payload_rule_t create_child_sa_r_rules[] = { */ static payload_order_t create_child_sa_r_order[] = { /* payload type notify type */ - {NOTIFY, IPCOMP_SUPPORTED}, - {NOTIFY, USE_TRANSPORT_MODE}, - {NOTIFY, ESP_TFC_PADDING_NOT_SUPPORTED}, - {NOTIFY, NON_FIRST_FRAGMENTS_ALSO}, - {SECURITY_ASSOCIATION, 0}, - {NONCE, 0}, - {KEY_EXCHANGE, 0}, - {TRAFFIC_SELECTOR_INITIATOR, 0}, - {TRAFFIC_SELECTOR_RESPONDER, 0}, - {NOTIFY, ADDITIONAL_TS_POSSIBLE}, - {NOTIFY, 0}, + {PLV2_NOTIFY, IPCOMP_SUPPORTED}, + {PLV2_NOTIFY, USE_TRANSPORT_MODE}, + {PLV2_NOTIFY, ESP_TFC_PADDING_NOT_SUPPORTED}, + {PLV2_NOTIFY, NON_FIRST_FRAGMENTS_ALSO}, + {PLV2_SECURITY_ASSOCIATION, 0}, + {PLV2_NONCE, 0}, + {PLV2_KEY_EXCHANGE, 0}, + {PLV2_TS_INITIATOR, 0}, + {PLV2_TS_RESPONDER, 0}, + {PLV2_NOTIFY, ADDITIONAL_TS_POSSIBLE}, + {PLV2_NOTIFY, 0}, }; #ifdef ME @@ -390,9 +390,9 @@ static payload_order_t create_child_sa_r_order[] = { */ static payload_rule_t me_connect_i_rules[] = { /* payload type min max encr suff */ - {NOTIFY, 0, MAX_NOTIFY_PAYLOADS, TRUE, TRUE}, - {ID_PEER, 1, 1, TRUE, FALSE}, - {VENDOR_ID, 0, MAX_VID_PAYLOADS, TRUE, FALSE} + {PLV2_NOTIFY, 0, MAX_NOTIFY_PAYLOADS, TRUE, TRUE}, + {PLV2_ID_PEER, 1, 1, TRUE, FALSE}, + {PLV2_VENDOR_ID, 0, MAX_VID_PAYLOADS, TRUE, FALSE} }; /** @@ -400,9 +400,9 @@ static payload_rule_t me_connect_i_rules[] = { */ static payload_order_t me_connect_i_order[] = { /* payload type notify type */ - {NOTIFY, 0}, - {ID_PEER, 0}, - {VENDOR_ID, 0}, + {PLV2_NOTIFY, 0}, + {PLV2_ID_PEER, 0}, + {PLV2_VENDOR_ID, 0}, }; /** @@ -410,8 +410,8 @@ static payload_order_t me_connect_i_order[] = { */ static payload_rule_t me_connect_r_rules[] = { /* payload type min max encr suff */ - {NOTIFY, 0, MAX_NOTIFY_PAYLOADS, TRUE, TRUE}, - {VENDOR_ID, 0, MAX_VID_PAYLOADS, TRUE, FALSE} + {PLV2_NOTIFY, 0, MAX_NOTIFY_PAYLOADS, TRUE, TRUE}, + {PLV2_VENDOR_ID, 0, MAX_VID_PAYLOADS, TRUE, FALSE} }; /** @@ -419,8 +419,8 @@ static payload_rule_t me_connect_r_rules[] = { */ static payload_order_t me_connect_r_order[] = { /* payload type notify type */ - {NOTIFY, 0}, - {VENDOR_ID, 0}, + {PLV2_NOTIFY, 0}, + {PLV2_VENDOR_ID, 0}, }; #endif /* ME */ @@ -429,284 +429,284 @@ static payload_order_t me_connect_r_order[] = { * Message rule for ID_PROT from initiator. */ static payload_rule_t id_prot_i_rules[] = { -/* payload type min max encr suff */ - {NOTIFY_V1, 0, MAX_NOTIFY_PAYLOADS, FALSE, FALSE}, - {SECURITY_ASSOCIATION_V1, 0, 1, FALSE, FALSE}, - {KEY_EXCHANGE_V1, 0, 1, FALSE, FALSE}, - {NONCE_V1, 0, 1, FALSE, FALSE}, - {VENDOR_ID_V1, 0, MAX_VID_PAYLOADS, FALSE, FALSE}, - {CERTIFICATE_REQUEST_V1, 0, MAX_CERTREQ_PAYLOADS, FALSE, FALSE}, - {NAT_D_V1, 0, MAX_NAT_D_PAYLOADS, FALSE, FALSE}, - {NAT_D_DRAFT_00_03_V1, 0, MAX_NAT_D_PAYLOADS, FALSE, FALSE}, - {ID_V1, 0, 1, TRUE, FALSE}, - {CERTIFICATE_V1, 0, MAX_CERT_PAYLOADS, TRUE, FALSE}, - {SIGNATURE_V1, 0, 1, TRUE, FALSE}, - {HASH_V1, 0, 1, TRUE, FALSE}, - {FRAGMENT_V1, 0, 1, FALSE, TRUE}, +/* payload type min max encr suff */ + {PLV1_NOTIFY, 0, MAX_NOTIFY_PAYLOADS, FALSE, FALSE}, + {PLV1_SECURITY_ASSOCIATION, 0, 1, FALSE, FALSE}, + {PLV1_KEY_EXCHANGE, 0, 1, FALSE, FALSE}, + {PLV1_NONCE, 0, 1, FALSE, FALSE}, + {PLV1_VENDOR_ID, 0, MAX_VID_PAYLOADS, FALSE, FALSE}, + {PLV1_CERTREQ, 0, MAX_CERTREQ_PAYLOADS, FALSE, FALSE}, + {PLV1_NAT_D, 0, MAX_NAT_D_PAYLOADS, FALSE, FALSE}, + {PLV1_NAT_D_DRAFT_00_03, 0, MAX_NAT_D_PAYLOADS, FALSE, FALSE}, + {PLV1_ID, 0, 1, TRUE, FALSE}, + {PLV1_CERTIFICATE, 0, MAX_CERT_PAYLOADS, TRUE, FALSE}, + {PLV1_SIGNATURE, 0, 1, TRUE, FALSE}, + {PLV1_HASH, 0, 1, TRUE, FALSE}, + {PLV1_FRAGMENT, 0, 1, FALSE, TRUE}, }; /** * payload order for ID_PROT from initiator. */ static payload_order_t id_prot_i_order[] = { -/* payload type notify type */ - {SECURITY_ASSOCIATION_V1, 0}, - {KEY_EXCHANGE_V1, 0}, - {NONCE_V1, 0}, - {ID_V1, 0}, - {CERTIFICATE_V1, 0}, - {SIGNATURE_V1, 0}, - {HASH_V1, 0}, - {CERTIFICATE_REQUEST_V1, 0}, - {NOTIFY_V1, 0}, - {VENDOR_ID_V1, 0}, - {NAT_D_V1, 0}, - {NAT_D_DRAFT_00_03_V1, 0}, - {FRAGMENT_V1, 0}, +/* payload type notify type */ + {PLV1_SECURITY_ASSOCIATION, 0}, + {PLV1_KEY_EXCHANGE, 0}, + {PLV1_NONCE, 0}, + {PLV1_ID, 0}, + {PLV1_CERTIFICATE, 0}, + {PLV1_SIGNATURE, 0}, + {PLV1_HASH, 0}, + {PLV1_CERTREQ, 0}, + {PLV1_NOTIFY, 0}, + {PLV1_VENDOR_ID, 0}, + {PLV1_NAT_D, 0}, + {PLV1_NAT_D_DRAFT_00_03, 0}, + {PLV1_FRAGMENT, 0}, }; /** * Message rule for ID_PROT from responder. */ static payload_rule_t id_prot_r_rules[] = { -/* payload type min max encr suff */ - {NOTIFY_V1, 0, MAX_NOTIFY_PAYLOADS, FALSE, FALSE}, - {SECURITY_ASSOCIATION_V1, 0, 1, FALSE, FALSE}, - {KEY_EXCHANGE_V1, 0, 1, FALSE, FALSE}, - {NONCE_V1, 0, 1, FALSE, FALSE}, - {VENDOR_ID_V1, 0, MAX_VID_PAYLOADS, FALSE, FALSE}, - {CERTIFICATE_REQUEST_V1, 0, MAX_CERTREQ_PAYLOADS, FALSE, FALSE}, - {NAT_D_V1, 0, MAX_NAT_D_PAYLOADS, FALSE, FALSE}, - {NAT_D_DRAFT_00_03_V1, 0, MAX_NAT_D_PAYLOADS, FALSE, FALSE}, - {ID_V1, 0, 1, TRUE, FALSE}, - {CERTIFICATE_V1, 0, MAX_CERT_PAYLOADS, TRUE, FALSE}, - {SIGNATURE_V1, 0, 1, TRUE, FALSE}, - {HASH_V1, 0, 1, TRUE, FALSE}, - {FRAGMENT_V1, 0, 1, FALSE, TRUE}, +/* payload type min max encr suff */ + {PLV1_NOTIFY, 0, MAX_NOTIFY_PAYLOADS, FALSE, FALSE}, + {PLV1_SECURITY_ASSOCIATION, 0, 1, FALSE, FALSE}, + {PLV1_KEY_EXCHANGE, 0, 1, FALSE, FALSE}, + {PLV1_NONCE, 0, 1, FALSE, FALSE}, + {PLV1_VENDOR_ID, 0, MAX_VID_PAYLOADS, FALSE, FALSE}, + {PLV1_CERTREQ, 0, MAX_CERTREQ_PAYLOADS, FALSE, FALSE}, + {PLV1_NAT_D, 0, MAX_NAT_D_PAYLOADS, FALSE, FALSE}, + {PLV1_NAT_D_DRAFT_00_03, 0, MAX_NAT_D_PAYLOADS, FALSE, FALSE}, + {PLV1_ID, 0, 1, TRUE, FALSE}, + {PLV1_CERTIFICATE, 0, MAX_CERT_PAYLOADS, TRUE, FALSE}, + {PLV1_SIGNATURE, 0, 1, TRUE, FALSE}, + {PLV1_HASH, 0, 1, TRUE, FALSE}, + {PLV1_FRAGMENT, 0, 1, FALSE, TRUE}, }; /** * payload order for ID_PROT from responder. */ static payload_order_t id_prot_r_order[] = { -/* payload type notify type */ - {SECURITY_ASSOCIATION_V1, 0}, - {KEY_EXCHANGE_V1, 0}, - {NONCE_V1, 0}, - {ID_V1, 0}, - {CERTIFICATE_V1, 0}, - {SIGNATURE_V1, 0}, - {HASH_V1, 0}, - {CERTIFICATE_REQUEST_V1, 0}, - {NOTIFY_V1, 0}, - {VENDOR_ID_V1, 0}, - {NAT_D_V1, 0}, - {NAT_D_DRAFT_00_03_V1, 0}, - {FRAGMENT_V1, 0}, +/* payload type notify type */ + {PLV1_SECURITY_ASSOCIATION, 0}, + {PLV1_KEY_EXCHANGE, 0}, + {PLV1_NONCE, 0}, + {PLV1_ID, 0}, + {PLV1_CERTIFICATE, 0}, + {PLV1_SIGNATURE, 0}, + {PLV1_HASH, 0}, + {PLV1_CERTREQ, 0}, + {PLV1_NOTIFY, 0}, + {PLV1_VENDOR_ID, 0}, + {PLV1_NAT_D, 0}, + {PLV1_NAT_D_DRAFT_00_03, 0}, + {PLV1_FRAGMENT, 0}, }; /** * Message rule for AGGRESSIVE from initiator. */ static payload_rule_t aggressive_i_rules[] = { -/* payload type min max encr suff */ - {NOTIFY_V1, 0, MAX_NOTIFY_PAYLOADS, FALSE, FALSE}, - {SECURITY_ASSOCIATION_V1, 0, 1, FALSE, FALSE}, - {KEY_EXCHANGE_V1, 0, 1, FALSE, FALSE}, - {NONCE_V1, 0, 1, FALSE, FALSE}, - {VENDOR_ID_V1, 0, MAX_VID_PAYLOADS, FALSE, FALSE}, - {CERTIFICATE_REQUEST_V1, 0, MAX_CERTREQ_PAYLOADS, FALSE, FALSE}, - {NAT_D_V1, 0, MAX_NAT_D_PAYLOADS, FALSE, FALSE}, - {NAT_D_DRAFT_00_03_V1, 0, MAX_NAT_D_PAYLOADS, FALSE, FALSE}, - {ID_V1, 0, 1, FALSE, FALSE}, - {CERTIFICATE_V1, 0, 1, TRUE, FALSE}, - {SIGNATURE_V1, 0, 1, TRUE, FALSE}, - {HASH_V1, 0, 1, TRUE, FALSE}, - {FRAGMENT_V1, 0, 1, FALSE, TRUE}, +/* payload type min max encr suff */ + {PLV1_NOTIFY, 0, MAX_NOTIFY_PAYLOADS, FALSE, FALSE}, + {PLV1_SECURITY_ASSOCIATION, 0, 1, FALSE, FALSE}, + {PLV1_KEY_EXCHANGE, 0, 1, FALSE, FALSE}, + {PLV1_NONCE, 0, 1, FALSE, FALSE}, + {PLV1_VENDOR_ID, 0, MAX_VID_PAYLOADS, FALSE, FALSE}, + {PLV1_CERTREQ, 0, MAX_CERTREQ_PAYLOADS, FALSE, FALSE}, + {PLV1_NAT_D, 0, MAX_NAT_D_PAYLOADS, FALSE, FALSE}, + {PLV1_NAT_D_DRAFT_00_03, 0, MAX_NAT_D_PAYLOADS, FALSE, FALSE}, + {PLV1_ID, 0, 1, FALSE, FALSE}, + {PLV1_CERTIFICATE, 0, 1, TRUE, FALSE}, + {PLV1_SIGNATURE, 0, 1, TRUE, FALSE}, + {PLV1_HASH, 0, 1, TRUE, FALSE}, + {PLV1_FRAGMENT, 0, 1, FALSE, TRUE}, }; /** * payload order for AGGRESSIVE from initiator. */ static payload_order_t aggressive_i_order[] = { -/* payload type notify type */ - {SECURITY_ASSOCIATION_V1, 0}, - {KEY_EXCHANGE_V1, 0}, - {NONCE_V1, 0}, - {ID_V1, 0}, - {CERTIFICATE_V1, 0}, - {NAT_D_V1, 0}, - {NAT_D_DRAFT_00_03_V1, 0}, - {SIGNATURE_V1, 0}, - {HASH_V1, 0}, - {CERTIFICATE_REQUEST_V1, 0}, - {NOTIFY_V1, 0}, - {VENDOR_ID_V1, 0}, - {FRAGMENT_V1, 0}, +/* payload type notify type */ + {PLV1_SECURITY_ASSOCIATION, 0}, + {PLV1_KEY_EXCHANGE, 0}, + {PLV1_NONCE, 0}, + {PLV1_ID, 0}, + {PLV1_CERTIFICATE, 0}, + {PLV1_NAT_D, 0}, + {PLV1_NAT_D_DRAFT_00_03, 0}, + {PLV1_SIGNATURE, 0}, + {PLV1_HASH, 0}, + {PLV1_CERTREQ, 0}, + {PLV1_NOTIFY, 0}, + {PLV1_VENDOR_ID, 0}, + {PLV1_FRAGMENT, 0}, }; /** * Message rule for AGGRESSIVE from responder. */ static payload_rule_t aggressive_r_rules[] = { -/* payload type min max encr suff */ - {NOTIFY_V1, 0, MAX_NOTIFY_PAYLOADS, FALSE, FALSE}, - {SECURITY_ASSOCIATION_V1, 0, 1, FALSE, FALSE}, - {KEY_EXCHANGE_V1, 0, 1, FALSE, FALSE}, - {NONCE_V1, 0, 1, FALSE, FALSE}, - {VENDOR_ID_V1, 0, MAX_VID_PAYLOADS, FALSE, FALSE}, - {CERTIFICATE_REQUEST_V1, 0, MAX_CERTREQ_PAYLOADS, FALSE, FALSE}, - {NAT_D_V1, 0, MAX_NAT_D_PAYLOADS, FALSE, FALSE}, - {NAT_D_DRAFT_00_03_V1, 0, MAX_NAT_D_PAYLOADS, FALSE, FALSE}, - {ID_V1, 0, 1, FALSE, FALSE}, - {CERTIFICATE_V1, 0, 1, FALSE, FALSE}, - {SIGNATURE_V1, 0, 1, FALSE, FALSE}, - {HASH_V1, 0, 1, FALSE, FALSE}, - {FRAGMENT_V1, 0, 1, FALSE, TRUE}, +/* payload type min max encr suff */ + {PLV1_NOTIFY, 0, MAX_NOTIFY_PAYLOADS, FALSE, FALSE}, + {PLV1_SECURITY_ASSOCIATION, 0, 1, FALSE, FALSE}, + {PLV1_KEY_EXCHANGE, 0, 1, FALSE, FALSE}, + {PLV1_NONCE, 0, 1, FALSE, FALSE}, + {PLV1_VENDOR_ID, 0, MAX_VID_PAYLOADS, FALSE, FALSE}, + {PLV1_CERTREQ, 0, MAX_CERTREQ_PAYLOADS, FALSE, FALSE}, + {PLV1_NAT_D, 0, MAX_NAT_D_PAYLOADS, FALSE, FALSE}, + {PLV1_NAT_D_DRAFT_00_03, 0, MAX_NAT_D_PAYLOADS, FALSE, FALSE}, + {PLV1_ID, 0, 1, FALSE, FALSE}, + {PLV1_CERTIFICATE, 0, 1, FALSE, FALSE}, + {PLV1_SIGNATURE, 0, 1, FALSE, FALSE}, + {PLV1_HASH, 0, 1, FALSE, FALSE}, + {PLV1_FRAGMENT, 0, 1, FALSE, TRUE}, }; /** * payload order for AGGRESSIVE from responder. */ static payload_order_t aggressive_r_order[] = { -/* payload type notify type */ - {SECURITY_ASSOCIATION_V1, 0}, - {KEY_EXCHANGE_V1, 0}, - {NONCE_V1, 0}, - {ID_V1, 0}, - {CERTIFICATE_V1, 0}, - {NAT_D_V1, 0}, - {NAT_D_DRAFT_00_03_V1, 0}, - {SIGNATURE_V1, 0}, - {HASH_V1, 0}, - {CERTIFICATE_REQUEST_V1, 0}, - {NOTIFY_V1, 0}, - {VENDOR_ID_V1, 0}, - {FRAGMENT_V1, 0}, +/* payload type notify type */ + {PLV1_SECURITY_ASSOCIATION, 0}, + {PLV1_KEY_EXCHANGE, 0}, + {PLV1_NONCE, 0}, + {PLV1_ID, 0}, + {PLV1_CERTIFICATE, 0}, + {PLV1_NAT_D, 0}, + {PLV1_NAT_D_DRAFT_00_03, 0}, + {PLV1_SIGNATURE, 0}, + {PLV1_HASH, 0}, + {PLV1_CERTREQ, 0}, + {PLV1_NOTIFY, 0}, + {PLV1_VENDOR_ID, 0}, + {PLV1_FRAGMENT, 0}, }; /** * Message rule for INFORMATIONAL_V1 from initiator. */ static payload_rule_t informational_i_rules_v1[] = { -/* payload type min max encr suff */ - {NOTIFY_V1, 0, MAX_NOTIFY_PAYLOADS, FALSE, FALSE}, - {NOTIFY_V1, 0, MAX_NOTIFY_PAYLOADS, TRUE, FALSE}, - {DELETE_V1, 0, MAX_DELETE_PAYLOADS, TRUE, FALSE}, - {VENDOR_ID_V1, 0, MAX_VID_PAYLOADS, TRUE, FALSE}, +/* payload type min max encr suff */ + {PLV1_NOTIFY, 0, MAX_NOTIFY_PAYLOADS, FALSE, FALSE}, + {PLV1_NOTIFY, 0, MAX_NOTIFY_PAYLOADS, TRUE, FALSE}, + {PLV1_DELETE, 0, MAX_DELETE_PAYLOADS, TRUE, FALSE}, + {PLV1_VENDOR_ID, 0, MAX_VID_PAYLOADS, TRUE, FALSE}, }; /** * payload order for INFORMATIONAL_V1 from initiator. */ static payload_order_t informational_i_order_v1[] = { -/* payload type notify type */ - {NOTIFY_V1, 0}, - {DELETE_V1, 0}, - {VENDOR_ID_V1, 0}, +/* payload type notify type */ + {PLV1_NOTIFY, 0}, + {PLV1_DELETE, 0}, + {PLV1_VENDOR_ID, 0}, }; /** * Message rule for INFORMATIONAL_V1 from responder. */ static payload_rule_t informational_r_rules_v1[] = { -/* payload type min max encr suff */ - {NOTIFY_V1, 0, MAX_NOTIFY_PAYLOADS, FALSE, FALSE}, - {NOTIFY_V1, 0, MAX_NOTIFY_PAYLOADS, TRUE, FALSE}, - {DELETE_V1, 0, MAX_DELETE_PAYLOADS, TRUE, FALSE}, - {VENDOR_ID_V1, 0, MAX_VID_PAYLOADS, TRUE, FALSE}, +/* payload type min max encr suff */ + {PLV1_NOTIFY, 0, MAX_NOTIFY_PAYLOADS, FALSE, FALSE}, + {PLV1_NOTIFY, 0, MAX_NOTIFY_PAYLOADS, TRUE, FALSE}, + {PLV1_DELETE, 0, MAX_DELETE_PAYLOADS, TRUE, FALSE}, + {PLV1_VENDOR_ID, 0, MAX_VID_PAYLOADS, TRUE, FALSE}, }; /** * payload order for INFORMATIONAL_V1 from responder. */ static payload_order_t informational_r_order_v1[] = { -/* payload type notify type */ - {NOTIFY_V1, 0}, - {DELETE_V1, 0}, - {VENDOR_ID_V1, 0}, +/* payload type notify type */ + {PLV1_NOTIFY, 0}, + {PLV1_DELETE, 0}, + {PLV1_VENDOR_ID, 0}, }; /** * Message rule for QUICK_MODE from initiator. */ static payload_rule_t quick_mode_i_rules[] = { -/* payload type min max encr suff */ - {NOTIFY_V1, 0, MAX_NOTIFY_PAYLOADS, TRUE, FALSE}, - {VENDOR_ID_V1, 0, MAX_VID_PAYLOADS, TRUE, FALSE}, - {HASH_V1, 0, 1, TRUE, FALSE}, - {SECURITY_ASSOCIATION_V1, 0, 2, TRUE, FALSE}, - {NONCE_V1, 0, 1, TRUE, FALSE}, - {KEY_EXCHANGE_V1, 0, 1, TRUE, FALSE}, - {ID_V1, 0, 2, TRUE, FALSE}, - {NAT_OA_V1, 0, 2, TRUE, FALSE}, - {NAT_OA_DRAFT_00_03_V1, 0, 2, TRUE, FALSE}, +/* payload type min max encr suff */ + {PLV1_NOTIFY, 0, MAX_NOTIFY_PAYLOADS, TRUE, FALSE}, + {PLV1_VENDOR_ID, 0, MAX_VID_PAYLOADS, TRUE, FALSE}, + {PLV1_HASH, 0, 1, TRUE, FALSE}, + {PLV1_SECURITY_ASSOCIATION, 0, 2, TRUE, FALSE}, + {PLV1_NONCE, 0, 1, TRUE, FALSE}, + {PLV1_KEY_EXCHANGE, 0, 1, TRUE, FALSE}, + {PLV1_ID, 0, 2, TRUE, FALSE}, + {PLV1_NAT_OA, 0, 2, TRUE, FALSE}, + {PLV1_NAT_OA_DRAFT_00_03, 0, 2, TRUE, FALSE}, }; /** * payload order for QUICK_MODE from initiator. */ static payload_order_t quick_mode_i_order[] = { -/* payload type notify type */ - {NOTIFY_V1, 0}, - {VENDOR_ID_V1, 0}, - {HASH_V1, 0}, - {SECURITY_ASSOCIATION_V1, 0}, - {NONCE_V1, 0}, - {KEY_EXCHANGE_V1, 0}, - {ID_V1, 0}, - {NAT_OA_V1, 0}, - {NAT_OA_DRAFT_00_03_V1, 0}, +/* payload type notify type */ + {PLV1_NOTIFY, 0}, + {PLV1_VENDOR_ID, 0}, + {PLV1_HASH, 0}, + {PLV1_SECURITY_ASSOCIATION, 0}, + {PLV1_NONCE, 0}, + {PLV1_KEY_EXCHANGE, 0}, + {PLV1_ID, 0}, + {PLV1_NAT_OA, 0}, + {PLV1_NAT_OA_DRAFT_00_03, 0}, }; /** * Message rule for QUICK_MODE from responder. */ static payload_rule_t quick_mode_r_rules[] = { -/* payload type min max encr suff */ - {NOTIFY_V1, 0, MAX_NOTIFY_PAYLOADS, TRUE, FALSE}, - {VENDOR_ID_V1, 0, MAX_VID_PAYLOADS, TRUE, FALSE}, - {HASH_V1, 0, 1, TRUE, FALSE}, - {SECURITY_ASSOCIATION_V1, 0, 2, TRUE, FALSE}, - {NONCE_V1, 0, 1, TRUE, FALSE}, - {KEY_EXCHANGE_V1, 0, 1, TRUE, FALSE}, - {ID_V1, 0, 2, TRUE, FALSE}, - {NAT_OA_V1, 0, 2, TRUE, FALSE}, - {NAT_OA_DRAFT_00_03_V1, 0, 2, TRUE, FALSE}, +/* payload type min max encr suff */ + {PLV1_NOTIFY, 0, MAX_NOTIFY_PAYLOADS, TRUE, FALSE}, + {PLV1_VENDOR_ID, 0, MAX_VID_PAYLOADS, TRUE, FALSE}, + {PLV1_HASH, 0, 1, TRUE, FALSE}, + {PLV1_SECURITY_ASSOCIATION, 0, 2, TRUE, FALSE}, + {PLV1_NONCE, 0, 1, TRUE, FALSE}, + {PLV1_KEY_EXCHANGE, 0, 1, TRUE, FALSE}, + {PLV1_ID, 0, 2, TRUE, FALSE}, + {PLV1_NAT_OA, 0, 2, TRUE, FALSE}, + {PLV1_NAT_OA_DRAFT_00_03, 0, 2, TRUE, FALSE}, }; /** * payload order for QUICK_MODE from responder. */ static payload_order_t quick_mode_r_order[] = { -/* payload type notify type */ - {NOTIFY_V1, 0}, - {VENDOR_ID_V1, 0}, - {HASH_V1, 0}, - {SECURITY_ASSOCIATION_V1, 0}, - {NONCE_V1, 0}, - {KEY_EXCHANGE_V1, 0}, - {ID_V1, 0}, - {NAT_OA_V1, 0}, - {NAT_OA_DRAFT_00_03_V1, 0}, +/* payload type notify type */ + {PLV1_NOTIFY, 0}, + {PLV1_VENDOR_ID, 0}, + {PLV1_HASH, 0}, + {PLV1_SECURITY_ASSOCIATION, 0}, + {PLV1_NONCE, 0}, + {PLV1_KEY_EXCHANGE, 0}, + {PLV1_ID, 0}, + {PLV1_NAT_OA, 0}, + {PLV1_NAT_OA_DRAFT_00_03, 0}, }; /** * Message rule for TRANSACTION. */ static payload_rule_t transaction_payload_rules_v1[] = { -/* payload type min max encr suff */ - {HASH_V1, 0, 1, TRUE, FALSE}, - {CONFIGURATION_V1, 1, 1, FALSE, FALSE}, +/* payload type min max encr suff */ + {PLV1_HASH, 0, 1, TRUE, FALSE}, + {PLV1_CONFIGURATION, 1, 1, FALSE, FALSE}, }; /** * Payload order for TRANSACTION. */ static payload_order_t transaction_payload_order_v1[] = { -/* payload type notify type */ - {HASH_V1, 0}, - {CONFIGURATION_V1, 0}, +/* payload type notify type */ + {PLV1_HASH, 0}, + {PLV1_CONFIGURATION, 0}, }; #endif /* USE_IKEV1 */ @@ -1063,7 +1063,7 @@ METHOD(message_t, add_payload, void, { this->first_payload = payload->get_type(payload); } - payload->set_next_type(payload, NO_PAYLOAD); + payload->set_next_type(payload, PL_NONE); this->payloads->insert_last(this->payloads, payload); DBG2(DBG_ENC ,"added payload of type %N to message", @@ -1086,11 +1086,11 @@ METHOD(message_t, add_notify, void, } if (this->major_version == IKEV2_MAJOR_VERSION) { - notify = notify_payload_create(NOTIFY); + notify = notify_payload_create(PLV2_NOTIFY); } else { - notify = notify_payload_create(NOTIFY_V1); + notify = notify_payload_create(PLV1_NOTIFY); } notify->set_notify_type(notify, type); notify->set_notification_data(notify, data); @@ -1162,8 +1162,8 @@ METHOD(message_t, get_notify, notify_payload_t*, enumerator = create_payload_enumerator(this); while (enumerator->enumerate(enumerator, &payload)) { - if (payload->get_type(payload) == NOTIFY || - payload->get_type(payload) == NOTIFY_V1) + if (payload->get_type(payload) == PLV2_NOTIFY || + payload->get_type(payload) == PLV1_NOTIFY) { notify = (notify_payload_t*)payload; if (notify->get_notify_type(notify) == type) @@ -1212,8 +1212,8 @@ static char* get_string(private_message_t *this, char *buf, int len) } pos += written; len -= written; - if (payload->get_type(payload) == NOTIFY || - payload->get_type(payload) == NOTIFY_V1) + if (payload->get_type(payload) == PLV2_NOTIFY || + payload->get_type(payload) == PLV1_NOTIFY) { notify_payload_t *notify; notify_type_t type; @@ -1239,7 +1239,7 @@ static char* get_string(private_message_t *this, char *buf, int len) pos += written; len -= written; } - if (payload->get_type(payload) == EXTENSIBLE_AUTHENTICATION) + if (payload->get_type(payload) == PLV2_EAP) { eap_payload_t *eap = (eap_payload_t*)payload; u_int32_t vendor; @@ -1268,8 +1268,8 @@ static char* get_string(private_message_t *this, char *buf, int len) pos += written; len -= written; } - if (payload->get_type(payload) == CONFIGURATION || - payload->get_type(payload) == CONFIGURATION_V1) + if (payload->get_type(payload) == PLV2_CONFIGURATION || + payload->get_type(payload) == PLV1_CONFIGURATION) { cp_payload_t *cp = (cp_payload_t*)payload; enumerator_t *attributes; @@ -1365,7 +1365,7 @@ static void order_payloads(private_message_t *this) notify = (notify_payload_t*)payload; /**... and check notify for type. */ - if (order.type != NOTIFY || order.notify == 0 || + if (order.type != PLV2_NOTIFY || order.notify == 0 || order.notify == notify->get_notify_type(notify)) { list->remove_at(list, enumerator); @@ -1410,11 +1410,11 @@ static encryption_payload_t* wrap_payloads(private_message_t *this) if (this->is_encrypted) { - encryption = encryption_payload_create(ENCRYPTED_V1); + encryption = encryption_payload_create(PLV1_ENCRYPTED); } else { - encryption = encryption_payload_create(ENCRYPTED); + encryption = encryption_payload_create(PLV2_ENCRYPTED); } while (payloads->remove_first(payloads, (void**)¤t) == SUCCESS) { @@ -1500,7 +1500,7 @@ METHOD(message_t, generate, status_t, { /* insert a HASH payload as first payload */ hash_payload_t *hash_payload; - hash_payload = hash_payload_create(HASH_V1); + hash_payload = hash_payload_create(PLV1_HASH); hash_payload->set_hash(hash_payload, hash); this->payloads->insert_first(this->payloads, hash_payload); if (this->exchange_type == INFORMATIONAL_V1) @@ -1598,7 +1598,7 @@ METHOD(message_t, generate, status_t, } else { - next_type = encryption ? ENCRYPTED : NO_PAYLOAD; + next_type = encryption ? PLV2_ENCRYPTED : PL_NONE; } payload->set_next_type(payload, next_type); generator->generate_payload(generator, payload); @@ -1683,7 +1683,7 @@ METHOD(message_t, parse_header, status_t, DBG2(DBG_ENC, "parsing header of message"); this->parser->reset_context(this->parser); - status = this->parser->parse_payload(this->parser, HEADER, + status = this->parser->parse_payload(this->parser, PL_HEADER, (payload_t**)&ike_header); if (status != SUCCESS) { @@ -1722,7 +1722,7 @@ METHOD(message_t, parse_header, status_t, } this->first_payload = ike_header->payload_interface.get_next_type( &ike_header->payload_interface); - if (this->first_payload == FRAGMENT_V1 && this->is_encrypted) + if (this->first_payload == PLV1_FRAGMENT && this->is_encrypted) { /* racoon sets the encryted bit when sending a fragment, but these * messages are really not encrypted */ this->is_encrypted = FALSE; @@ -1752,7 +1752,7 @@ static bool is_connectivity_check(private_message_t *this, payload_t *payload) { #ifdef ME if (this->exchange_type == INFORMATIONAL && - payload->get_type(payload) == NOTIFY) + payload->get_type(payload) == PLV2_NOTIFY) { notify_payload_t *notify = (notify_payload_t*)payload; @@ -1784,7 +1784,7 @@ static status_t parse_payloads(private_message_t *this) * payload which is then handled just like a regular payload */ encryption_payload_t *encryption; - status = this->parser->parse_payload(this->parser, ENCRYPTED_V1, + status = this->parser->parse_payload(this->parser, PLV1_ENCRYPTED, (payload_t**)&encryption); if (status != SUCCESS) { @@ -1797,7 +1797,7 @@ static status_t parse_payloads(private_message_t *this) return SUCCESS; } - while (type != NO_PAYLOAD) + while (type != PL_NONE) { DBG2(DBG_ENC, "starting parsing a %N payload", payload_type_names, type); @@ -1826,7 +1826,7 @@ static status_t parse_payloads(private_message_t *this) /* an encrypted payload is the last one, so STOP here. decryption is * done later */ - if (type == ENCRYPTED) + if (type == PLV2_ENCRYPTED) { DBG2(DBG_ENC, "%N payload found, stop parsing", payload_type_names, type); @@ -1930,7 +1930,7 @@ static bool accept_unencrypted_mm(private_message_t *this, payload_type_t type) { if (this->exchange_type == ID_PROT) { - if (type == ID_V1 || type == HASH_V1) + if (type == PLV1_ID || type == PLV1_HASH) { return lib->settings->get_bool(lib->settings, "%s.accept_unencrypted_mainmode_messages", @@ -1959,7 +1959,7 @@ static status_t decrypt_payloads(private_message_t *this, keymat_t *keymat) DBG2(DBG_ENC, "process payload of type %N", payload_type_names, type); - if (type == ENCRYPTED || type == ENCRYPTED_V1) + if (type == PLV2_ENCRYPTED || type == PLV1_ENCRYPTED) { encryption_payload_t *encryption; @@ -2116,7 +2116,7 @@ METHOD(message_t, parse_body, status_t, hash_payload_t *hash_payload; chunk_t other_hash; - if (this->first_payload != HASH_V1) + if (this->first_payload != PLV1_HASH) { if (this->exchange_type == INFORMATIONAL_V1) { @@ -2130,7 +2130,7 @@ METHOD(message_t, parse_body, status_t, chunk_free(&hash); return VERIFY_ERROR; } - hash_payload = (hash_payload_t*)get_payload(this, HASH_V1); + hash_payload = (hash_payload_t*)get_payload(this, PLV1_HASH); other_hash = hash_payload->get_hash(hash_payload); DBG3(DBG_ENC, "HASH received %B\nHASH expected %B", &other_hash, &hash); @@ -2211,7 +2211,7 @@ message_t *message_create_from_packet(packet_t *packet) }, .exchange_type = EXCHANGE_TYPE_UNDEFINED, .is_request = TRUE, - .first_payload = NO_PAYLOAD, + .first_payload = PL_NONE, .packet = packet, .payloads = linked_list_create(), .parser = parser_create(packet->get_data(packet)), diff --git a/src/libcharon/encoding/parser.c b/src/libcharon/encoding/parser.c index 9e7f8311b..588b8af72 100644 --- a/src/libcharon/encoding/parser.c +++ b/src/libcharon/encoding/parser.c @@ -486,15 +486,15 @@ METHOD(parser_t, parse_payload, status_t, } break; } - case PAYLOAD_LIST + PROPOSAL_SUBSTRUCTURE: - case PAYLOAD_LIST + PROPOSAL_SUBSTRUCTURE_V1: - case PAYLOAD_LIST + TRANSFORM_SUBSTRUCTURE: - case PAYLOAD_LIST + TRANSFORM_SUBSTRUCTURE_V1: - case PAYLOAD_LIST + TRANSFORM_ATTRIBUTE: - case PAYLOAD_LIST + TRANSFORM_ATTRIBUTE_V1: - case PAYLOAD_LIST + CONFIGURATION_ATTRIBUTE: - case PAYLOAD_LIST + CONFIGURATION_ATTRIBUTE_V1: - case PAYLOAD_LIST + TRAFFIC_SELECTOR_SUBSTRUCTURE: + case PAYLOAD_LIST + PLV2_PROPOSAL_SUBSTRUCTURE: + case PAYLOAD_LIST + PLV1_PROPOSAL_SUBSTRUCTURE: + case PAYLOAD_LIST + PLV2_TRANSFORM_SUBSTRUCTURE: + case PAYLOAD_LIST + PLV1_TRANSFORM_SUBSTRUCTURE: + case PAYLOAD_LIST + PLV2_TRANSFORM_ATTRIBUTE: + case PAYLOAD_LIST + PLV1_TRANSFORM_ATTRIBUTE: + case PAYLOAD_LIST + PLV2_CONFIGURATION_ATTRIBUTE: + case PAYLOAD_LIST + PLV1_CONFIGURATION_ATTRIBUTE: + case PAYLOAD_LIST + PLV2_TRAFFIC_SELECTOR_SUBSTRUCTURE: { if (payload_length < header_length || !parse_list(this, rule_number, output + rule->offset, diff --git a/src/libcharon/encoding/payloads/auth_payload.c b/src/libcharon/encoding/payloads/auth_payload.c index 2410a1aaa..ee3ed54fd 100644 --- a/src/libcharon/encoding/payloads/auth_payload.c +++ b/src/libcharon/encoding/payloads/auth_payload.c @@ -135,7 +135,7 @@ METHOD(payload_t, get_header_length, int, METHOD(payload_t, get_type, payload_type_t, private_auth_payload_t *this) { - return AUTHENTICATION; + return PLV2_AUTH; } METHOD(payload_t, get_next_type, payload_type_t, @@ -214,7 +214,7 @@ auth_payload_t *auth_payload_create() .get_data = _get_data, .destroy = _destroy, }, - .next_payload = NO_PAYLOAD, + .next_payload = PL_NONE, .payload_length = get_header_length(this), ); return &this->public; diff --git a/src/libcharon/encoding/payloads/cert_payload.c b/src/libcharon/encoding/payloads/cert_payload.c index 05d41051b..43993ae48 100644 --- a/src/libcharon/encoding/payloads/cert_payload.c +++ b/src/libcharon/encoding/payloads/cert_payload.c @@ -315,7 +315,7 @@ cert_payload_t *cert_payload_create(payload_type_t type) .get_url = _get_url, .destroy = _destroy, }, - .next_payload = NO_PAYLOAD, + .next_payload = PL_NONE, .payload_length = get_header_length(this), .type = type, ); @@ -363,7 +363,7 @@ cert_payload_t *cert_payload_create_from_hash_and_url(chunk_t hash, char *url) { private_cert_payload_t *this; - this = (private_cert_payload_t*)cert_payload_create(CERTIFICATE); + this = (private_cert_payload_t*)cert_payload_create(PLV2_CERTIFICATE); this->encoding = ENC_X509_HASH_AND_URL; this->data = chunk_cat("cc", hash, chunk_create(url, strlen(url))); this->payload_length = get_header_length(this) + this->data.len; diff --git a/src/libcharon/encoding/payloads/certreq_payload.c b/src/libcharon/encoding/payloads/certreq_payload.c index df5e73b5b..6ac90a2a0 100644 --- a/src/libcharon/encoding/payloads/certreq_payload.c +++ b/src/libcharon/encoding/payloads/certreq_payload.c @@ -66,7 +66,7 @@ struct private_certreq_payload_t { chunk_t data; /** - * Payload type CERTIFICATE_REQUEST or CERTIFICATE_REQUEST_V1 + * Payload type PLV2_CERTREQ or PLV1_CERTREQ */ payload_type_t type; }; @@ -111,7 +111,7 @@ static encoding_rule_t encodings[] = { METHOD(payload_t, verify, status_t, private_certreq_payload_t *this) { - if (this->type == CERTIFICATE_REQUEST && + if (this->type == PLV2_CERTREQ && this->encoding == ENC_X509_SIGNATURE) { if (this->data.len % HASH_SIZE_SHA1) @@ -218,7 +218,7 @@ METHOD(certreq_payload_t, create_keyid_enumerator, enumerator_t*, { keyid_enumerator_t *enumerator; - if (this->type == CERTIFICATE_REQUEST_V1) + if (this->type == PLV1_CERTREQ) { return enumerator_create_empty(); } @@ -276,7 +276,7 @@ certreq_payload_t *certreq_payload_create(payload_type_t type) .destroy = _destroy, .get_dn = _get_dn, }, - .next_payload = NO_PAYLOAD, + .next_payload = PL_NONE, .payload_length = get_header_length(this), .type = type, ); @@ -291,7 +291,7 @@ certreq_payload_t *certreq_payload_create_type(certificate_type_t type) private_certreq_payload_t *this; this = (private_certreq_payload_t*) - certreq_payload_create(CERTIFICATE_REQUEST); + certreq_payload_create(PLV2_CERTREQ); switch (type) { case CERT_X509: @@ -314,7 +314,7 @@ certreq_payload_t *certreq_payload_create_dn(identification_t *id) private_certreq_payload_t *this; this = (private_certreq_payload_t*) - certreq_payload_create(CERTIFICATE_REQUEST_V1); + certreq_payload_create(PLV1_CERTREQ); this->encoding = ENC_X509_SIGNATURE; this->data = chunk_clone(id->get_encoding(id)); diff --git a/src/libcharon/encoding/payloads/configuration_attribute.c b/src/libcharon/encoding/payloads/configuration_attribute.c index 482eca882..481bb7bc6 100644 --- a/src/libcharon/encoding/payloads/configuration_attribute.c +++ b/src/libcharon/encoding/payloads/configuration_attribute.c @@ -61,7 +61,7 @@ struct private_configuration_attribute_t { chunk_t value; /** - * Payload type, CONFIGURATION_ATTRIBUTE or DATA_ATTRIBUTE_V1 + * Payload type, PLV2_CONFIGURATION_ATTRIBUTE or DATA_ATTRIBUTE_V1 */ payload_type_t type; }; @@ -209,7 +209,7 @@ METHOD(payload_t, verify, status_t, METHOD(payload_t, get_encoding_rules, int, private_configuration_attribute_t *this, encoding_rule_t **rules) { - if (this->type == CONFIGURATION_ATTRIBUTE) + if (this->type == PLV2_CONFIGURATION_ATTRIBUTE) { *rules = encodings_v2; return countof(encodings_v2); @@ -233,7 +233,7 @@ METHOD(payload_t, get_type, payload_type_t, METHOD(payload_t, get_next_type, payload_type_t, private_configuration_attribute_t *this) { - return NO_PAYLOAD; + return PL_NONE; } METHOD(payload_t, set_next_type, void, @@ -335,7 +335,7 @@ configuration_attribute_t *configuration_attribute_create_value( private_configuration_attribute_t *this; this = (private_configuration_attribute_t*) - configuration_attribute_create(CONFIGURATION_ATTRIBUTE_V1); + configuration_attribute_create(PLV1_CONFIGURATION_ATTRIBUTE); this->attr_type = ((u_int16_t)attr_type) & 0x7FFF; this->length_or_value = value; this->af_flag = TRUE; diff --git a/src/libcharon/encoding/payloads/configuration_attribute.h b/src/libcharon/encoding/payloads/configuration_attribute.h index ecc0f9c07..946c1b500 100644 --- a/src/libcharon/encoding/payloads/configuration_attribute.h +++ b/src/libcharon/encoding/payloads/configuration_attribute.h @@ -68,7 +68,7 @@ struct configuration_attribute_t { /** * Creates an empty configuration attribute. * - * @param type CONFIGURATION_ATTRIBUTE or CONFIGURATION_ATTRIBUTE_V1 + * @param type PLV2_CONFIGURATION_ATTRIBUTE or PLV1_CONFIGURATION_ATTRIBUTE * @return created configuration attribute */ configuration_attribute_t *configuration_attribute_create(payload_type_t type); @@ -76,7 +76,7 @@ configuration_attribute_t *configuration_attribute_create(payload_type_t type); /** * Creates a configuration attribute with type and value. * - * @param type CONFIGURATION_ATTRIBUTE or CONFIGURATION_ATTRIBUTE_V1 + * @param type PLV2_CONFIGURATION_ATTRIBUTE or PLV1_CONFIGURATION_ATTRIBUTE * @param attr_type type of configuration attribute * @param chunk attribute value, gets cloned * @return created configuration attribute @@ -89,7 +89,7 @@ configuration_attribute_t *configuration_attribute_create_chunk( * * @param attr_type type of configuration attribute * @param value attribute value, gets cloned - * @return created CONFIGURATION_ATTRIBUTE_V1 configuration attribute + * @return created PLV1_CONFIGURATION_ATTRIBUTE configuration attribute */ configuration_attribute_t *configuration_attribute_create_value( configuration_attribute_type_t attr_type, u_int16_t value); diff --git a/src/libcharon/encoding/payloads/cp_payload.c b/src/libcharon/encoding/payloads/cp_payload.c index f6f373f99..ef9df84f7 100644 --- a/src/libcharon/encoding/payloads/cp_payload.c +++ b/src/libcharon/encoding/payloads/cp_payload.c @@ -82,7 +82,7 @@ struct private_cp_payload_t { u_int8_t cfg_type; /** - * CONFIGURATION or CONFIGURATION_V1 + * PLV2_CONFIGURATION or PLV1_CONFIGURATION */ payload_type_t type; }; @@ -111,7 +111,7 @@ static encoding_rule_t encodings_v2[] = { { RESERVED_BYTE, offsetof(private_cp_payload_t, reserved_byte[1])}, { RESERVED_BYTE, offsetof(private_cp_payload_t, reserved_byte[2])}, /* list of configuration attributes in a list */ - { PAYLOAD_LIST + CONFIGURATION_ATTRIBUTE, + { PAYLOAD_LIST + PLV2_CONFIGURATION_ATTRIBUTE, offsetof(private_cp_payload_t, attributes) }, }; @@ -152,7 +152,7 @@ static encoding_rule_t encodings_v1[] = { { RESERVED_BYTE, offsetof(private_cp_payload_t, reserved_byte[0])}, { U_INT_16, offsetof(private_cp_payload_t, identifier)}, /* list of configuration attributes in a list */ - { PAYLOAD_LIST + CONFIGURATION_ATTRIBUTE_V1, + { PAYLOAD_LIST + PLV1_CONFIGURATION_ATTRIBUTE, offsetof(private_cp_payload_t, attributes) }, }; @@ -193,7 +193,7 @@ METHOD(payload_t, verify, status_t, METHOD(payload_t, get_encoding_rules, int, private_cp_payload_t *this, encoding_rule_t **rules) { - if (this->type == CONFIGURATION) + if (this->type == PLV2_CONFIGURATION) { *rules = encodings_v2; return countof(encodings_v2); @@ -314,7 +314,7 @@ cp_payload_t *cp_payload_create_type(payload_type_t type, config_type_t cfg_type .set_identifier = _set_identifier, .destroy = _destroy, }, - .next_payload = NO_PAYLOAD, + .next_payload = PL_NONE, .payload_length = get_header_length(this), .attributes = linked_list_create(), .cfg_type = cfg_type, diff --git a/src/libcharon/encoding/payloads/cp_payload.h b/src/libcharon/encoding/payloads/cp_payload.h index c23bc0bb4..d466989d6 100644 --- a/src/libcharon/encoding/payloads/cp_payload.h +++ b/src/libcharon/encoding/payloads/cp_payload.h @@ -100,7 +100,7 @@ struct cp_payload_t { /** * Creates an empty configuration payload * - * @param type payload type, CONFIGURATION or CONFIGURATION_V1 + * @param type payload type, PLV2_CONFIGURATION or PLV1_CONFIGURATION * @return empty configuration payload */ cp_payload_t *cp_payload_create(payload_type_t type); @@ -108,7 +108,7 @@ cp_payload_t *cp_payload_create(payload_type_t type); /** * Creates an cp_payload_t with type and value * - * @param type payload type, CONFIGURATION or CONFIGURATION_V1 + * @param type payload type, PLV2_CONFIGURATION or PLV1_CONFIGURATION * @param cfg_type type of configuration payload to create * @return created configuration payload */ diff --git a/src/libcharon/encoding/payloads/delete_payload.c b/src/libcharon/encoding/payloads/delete_payload.c index 007411f37..c2ab3b951 100644 --- a/src/libcharon/encoding/payloads/delete_payload.c +++ b/src/libcharon/encoding/payloads/delete_payload.c @@ -78,7 +78,7 @@ struct private_delete_payload_t { chunk_t spis; /** - * Payload type, DELETE or DELETE_V1 + * Payload type, PLV2_DELETE or PLV1_DELETE */ payload_type_t type; }; @@ -178,7 +178,7 @@ METHOD(payload_t, verify, status_t, break; case PROTO_IKE: case 0: - if (this->type == DELETE) + if (this->type == PLV2_DELETE) { /* IKEv2 deletion has no spi assigned! */ if (this->spi_size != 0) { @@ -206,7 +206,7 @@ METHOD(payload_t, verify, status_t, METHOD(payload_t, get_encoding_rules, int, private_delete_payload_t *this, encoding_rule_t **rules) { - if (this->type == DELETE) + if (this->type == PLV2_DELETE) { *rules = encodings_v2; return countof(encodings_v2); @@ -218,7 +218,7 @@ METHOD(payload_t, get_encoding_rules, int, METHOD(payload_t, get_header_length, int, private_delete_payload_t *this) { - if (this->type == DELETE) + if (this->type == PLV2_DELETE) { return 8; } @@ -355,7 +355,7 @@ delete_payload_t *delete_payload_create(payload_type_t type, .create_spi_enumerator = _create_spi_enumerator, .destroy = _destroy, }, - .next_payload = NO_PAYLOAD, + .next_payload = PL_NONE, .protocol_id = protocol_id, .doi = IKEV1_DOI_IPSEC, .type = type, @@ -364,7 +364,7 @@ delete_payload_t *delete_payload_create(payload_type_t type, if (protocol_id == PROTO_IKE) { - if (type == DELETE_V1) + if (type == PLV1_DELETE) { this->spi_size = 16; } diff --git a/src/libcharon/encoding/payloads/delete_payload.h b/src/libcharon/encoding/payloads/delete_payload.h index afce1ecf1..46a89eab6 100644 --- a/src/libcharon/encoding/payloads/delete_payload.h +++ b/src/libcharon/encoding/payloads/delete_payload.h @@ -76,7 +76,7 @@ struct delete_payload_t { /** * Creates an empty delete_payload_t object. * - * @param type DELETE or DELETE_V1 + * @param type PLV2_DELETE or PLV1_DELETE * @param protocol_id protocol, such as AH|ESP * @return delete_payload_t object */ diff --git a/src/libcharon/encoding/payloads/eap_payload.c b/src/libcharon/encoding/payloads/eap_payload.c index f2f35aa69..ebdf8a3fe 100644 --- a/src/libcharon/encoding/payloads/eap_payload.c +++ b/src/libcharon/encoding/payloads/eap_payload.c @@ -162,7 +162,7 @@ METHOD(payload_t, get_header_length, int, METHOD(payload_t, get_payload_type, payload_type_t, private_eap_payload_t *this) { - return EXTENSIBLE_AUTHENTICATION; + return PLV2_EAP; } METHOD(payload_t, get_next_type, payload_type_t, @@ -341,7 +341,7 @@ eap_payload_t *eap_payload_create() .is_expanded = _is_expanded, .destroy = _destroy, }, - .next_payload = NO_PAYLOAD, + .next_payload = PL_NONE, .payload_length = get_header_length(this), ); return &this->public; diff --git a/src/libcharon/encoding/payloads/encryption_payload.c b/src/libcharon/encoding/payloads/encryption_payload.c index 6a9f9c3bd..5784562f8 100644 --- a/src/libcharon/encoding/payloads/encryption_payload.c +++ b/src/libcharon/encoding/payloads/encryption_payload.c @@ -74,7 +74,7 @@ struct private_encryption_payload_t { linked_list_t *payloads; /** - * Type of payload, ENCRYPTED or ENCRYPTED_V1 + * Type of payload, PLV2_ENCRYPTED or PLV1_ENCRYPTED */ payload_type_t type; }; @@ -145,7 +145,7 @@ METHOD(payload_t, verify, status_t, METHOD(payload_t, get_encoding_rules, int, private_encryption_payload_t *this, encoding_rule_t **rules) { - if (this->type == ENCRYPTED) + if (this->type == PLV2_ENCRYPTED) { *rules = encodings_v2; return countof(encodings_v2); @@ -157,7 +157,7 @@ METHOD(payload_t, get_encoding_rules, int, METHOD(payload_t, get_header_length, int, private_encryption_payload_t *this) { - if (this->type == ENCRYPTED) + if (this->type == PLV2_ENCRYPTED) { return 4; } @@ -241,7 +241,7 @@ METHOD(encryption_payload_t, add_payload, void, { this->next_payload = payload->get_type(payload); } - payload->set_next_type(payload, NO_PAYLOAD); + payload->set_next_type(payload, PL_NONE); this->payloads->insert_last(this->payloads, payload); compute_length(this); } @@ -281,7 +281,7 @@ static chunk_t generate(private_encryption_payload_t *this, generator->generate_payload(generator, current); current = next; } - current->set_next_type(current, NO_PAYLOAD); + current->set_next_type(current, PL_NONE); generator->generate_payload(generator, current); chunk = generator->get_chunk(generator, &lenpos); @@ -447,7 +447,7 @@ static status_t parse(private_encryption_payload_t *this, chunk_t plain) parser = parser_create(plain); type = this->next_payload; - while (type != NO_PAYLOAD) + while (type != PL_NONE) { payload_t *payload; @@ -618,13 +618,13 @@ encryption_payload_t *encryption_payload_create(payload_type_t type) .decrypt = _decrypt, .destroy = _destroy, }, - .next_payload = NO_PAYLOAD, + .next_payload = PL_NONE, .payloads = linked_list_create(), .type = type, ); this->payload_length = get_header_length(this); - if (type == ENCRYPTED_V1) + if (type == PLV1_ENCRYPTED) { this->public.encrypt = _encrypt_v1; this->public.decrypt = _decrypt_v1; diff --git a/src/libcharon/encoding/payloads/encryption_payload.h b/src/libcharon/encoding/payloads/encryption_payload.h index f4fc7d667..ee44c2de1 100644 --- a/src/libcharon/encoding/payloads/encryption_payload.h +++ b/src/libcharon/encoding/payloads/encryption_payload.h @@ -103,7 +103,7 @@ struct encryption_payload_t { /** * Creates an empty encryption_payload_t object. * - * @param type ENCRYPTED or ENCRYPTED_V1 + * @param type PLV2_ENCRYPTED or PLV1_ENCRYPTED * @return encryption_payload_t object */ encryption_payload_t *encryption_payload_create(payload_type_t type); diff --git a/src/libcharon/encoding/payloads/endpoint_notify.c b/src/libcharon/encoding/payloads/endpoint_notify.c index 25fb42acd..ebe5f32f7 100644 --- a/src/libcharon/encoding/payloads/endpoint_notify.c +++ b/src/libcharon/encoding/payloads/endpoint_notify.c @@ -227,7 +227,7 @@ METHOD(endpoint_notify_t, build_notify, notify_payload_t*, chunk_t data; notify_payload_t *notify; - notify = notify_payload_create(NOTIFY); + notify = notify_payload_create(PLV2_NOTIFY); notify->set_notify_type(notify, ME_ENDPOINT); data = build_notification_data(this); notify->set_notification_data(notify, data); diff --git a/src/libcharon/encoding/payloads/fragment_payload.c b/src/libcharon/encoding/payloads/fragment_payload.c index 1a6b3234b..b861fcc68 100644 --- a/src/libcharon/encoding/payloads/fragment_payload.c +++ b/src/libcharon/encoding/payloads/fragment_payload.c @@ -124,7 +124,7 @@ METHOD(payload_t, get_header_length, int, METHOD(payload_t, get_type, payload_type_t, private_fragment_payload_t *this) { - return FRAGMENT_V1; + return PLV1_FRAGMENT; } METHOD(payload_t, get_next_type, payload_type_t, @@ -201,7 +201,7 @@ fragment_payload_t *fragment_payload_create() .get_data = _get_data, .destroy = _destroy, }, - .next_payload = NO_PAYLOAD, + .next_payload = PL_NONE, ); this->payload_length = get_header_length(this); return &this->public; diff --git a/src/libcharon/encoding/payloads/hash_payload.c b/src/libcharon/encoding/payloads/hash_payload.c index 0cf63ba67..a12b018e5 100644 --- a/src/libcharon/encoding/payloads/hash_payload.c +++ b/src/libcharon/encoding/payloads/hash_payload.c @@ -52,7 +52,7 @@ struct private_hash_payload_t { chunk_t hash; /** - * either HASH_V1 or NAT_D_V1 + * either PLV1_HASH or PLV1_NAT_D */ payload_type_t type; }; @@ -169,7 +169,7 @@ hash_payload_t *hash_payload_create(payload_type_t type) .get_hash = _get_hash, .destroy = _destroy, }, - .next_payload = NO_PAYLOAD, + .next_payload = PL_NONE, .payload_length = get_header_length(this), .type = type, ); diff --git a/src/libcharon/encoding/payloads/hash_payload.h b/src/libcharon/encoding/payloads/hash_payload.h index cfe28460c..604de4894 100644 --- a/src/libcharon/encoding/payloads/hash_payload.h +++ b/src/libcharon/encoding/payloads/hash_payload.h @@ -59,7 +59,7 @@ struct hash_payload_t { /** * Creates an empty hash_payload_t object. * - * @param type either HASH_V1 or NAT_D_V1 + * @param type either PLV1_HASH or PLV1_NAT_D * @return hash_payload_t object */ hash_payload_t *hash_payload_create(payload_type_t type); diff --git a/src/libcharon/encoding/payloads/id_payload.c b/src/libcharon/encoding/payloads/id_payload.c index 7470bb3b4..a002a8f21 100644 --- a/src/libcharon/encoding/payloads/id_payload.c +++ b/src/libcharon/encoding/payloads/id_payload.c @@ -81,7 +81,7 @@ struct private_id_payload_t { u_int16_t port; /** - * one of ID_INITIATOR, ID_RESPONDER, IDv1 and NAT_OA_V1 + * one of PLV2_ID_INITIATOR, PLV2_ID_RESPONDER, IDv1 and PLV1_NAT_OA */ payload_type_t type; }; @@ -165,7 +165,7 @@ METHOD(payload_t, verify, status_t, { bool bad_length = FALSE; - if ((this->type == NAT_OA_V1 || this->type == NAT_OA_DRAFT_00_03_V1) && + if ((this->type == PLV1_NAT_OA || this->type == PLV1_NAT_OA_DRAFT_00_03) && this->id_type != ID_IPV4_ADDR && this->id_type != ID_IPV6_ADDR) { DBG1(DBG_ENC, "invalid ID type %N for %N payload", id_type_names, @@ -195,8 +195,8 @@ METHOD(payload_t, verify, status_t, METHOD(payload_t, get_encoding_rules, int, private_id_payload_t *this, encoding_rule_t **rules) { - if (this->type == ID_V1 || - this->type == NAT_OA_V1 || this->type == NAT_OA_DRAFT_00_03_V1) + if (this->type == PLV1_ID || + this->type == PLV1_NAT_OA || this->type == PLV1_NAT_OA_DRAFT_00_03) { *rules = encodings_v1; return countof(encodings_v1); @@ -368,7 +368,7 @@ id_payload_t *id_payload_create(payload_type_t type) .get_ts = _get_ts, .destroy = _destroy, }, - .next_payload = NO_PAYLOAD, + .next_payload = PL_NONE, .payload_length = get_header_length(this), .type = type, ); @@ -400,7 +400,7 @@ id_payload_t *id_payload_create_from_ts(traffic_selector_t *ts) u_int8_t mask; host_t *net; - this = (private_id_payload_t*)id_payload_create(ID_V1); + this = (private_id_payload_t*)id_payload_create(PLV1_ID); if (ts->is_host(ts, NULL)) { diff --git a/src/libcharon/encoding/payloads/id_payload.h b/src/libcharon/encoding/payloads/id_payload.h index 9a6249429..df1d07553 100644 --- a/src/libcharon/encoding/payloads/id_payload.h +++ b/src/libcharon/encoding/payloads/id_payload.h @@ -70,7 +70,7 @@ struct id_payload_t { /** * Creates an empty id_payload_t object. * - * @param type one of ID_INITIATOR, ID_RESPONDER, ID_V1 and NAT_OA_V1 + * @param type one of PLV2_ID_INITIATOR, PLV2_ID_RESPONDER, PLV1_ID and PLV1_NAT_OA * @return id_payload_t object */ id_payload_t *id_payload_create(payload_type_t type); @@ -78,7 +78,7 @@ id_payload_t *id_payload_create(payload_type_t type); /** * Creates an id_payload_t from an existing identification_t object. * - * @param type one of ID_INITIATOR, ID_RESPONDER, ID_V1 and NAT_OA_V1 + * @param type one of PLV2_ID_INITIATOR, PLV2_ID_RESPONDER, PLV1_ID and PLV1_NAT_OA * @param id identification_t object * @return id_payload_t object */ @@ -89,7 +89,7 @@ id_payload_t *id_payload_create_from_identification(payload_type_t type, * Create an IKEv1 ID_ADDR_SUBNET/RANGE identity from a traffic selector. * * @param ts traffic selector - * @return ID_V1 id_paylad_t object. + * @return PLV1_ID id_paylad_t object. */ id_payload_t *id_payload_create_from_ts(traffic_selector_t *ts); diff --git a/src/libcharon/encoding/payloads/ike_header.c b/src/libcharon/encoding/payloads/ike_header.c index 58b624192..7015667ee 100644 --- a/src/libcharon/encoding/payloads/ike_header.c +++ b/src/libcharon/encoding/payloads/ike_header.c @@ -262,7 +262,7 @@ METHOD(payload_t, get_header_length, int, METHOD(payload_t, get_type, payload_type_t, private_ike_header_t *this) { - return HEADER; + return PL_HEADER; } METHOD(payload_t, get_next_type, payload_type_t, diff --git a/src/libcharon/encoding/payloads/ke_payload.c b/src/libcharon/encoding/payloads/ke_payload.c index 438ea46b9..4f552d6ac 100644 --- a/src/libcharon/encoding/payloads/ke_payload.c +++ b/src/libcharon/encoding/payloads/ke_payload.c @@ -69,7 +69,7 @@ struct private_ke_payload_t { chunk_t key_exchange_data; /** - * Payload type, KEY_EXCHANGE or KEY_EXCHANGE_V1 + * Payload type, PLV2_KEY_EXCHANGE or PLV1_KEY_EXCHANGE */ payload_type_t type; }; @@ -148,7 +148,7 @@ METHOD(payload_t, verify, status_t, METHOD(payload_t, get_encoding_rules, int, private_ke_payload_t *this, encoding_rule_t **rules) { - if (this->type == KEY_EXCHANGE) + if (this->type == PLV2_KEY_EXCHANGE) { *rules = encodings_v2; return countof(encodings_v2); @@ -160,7 +160,7 @@ METHOD(payload_t, get_encoding_rules, int, METHOD(payload_t, get_header_length, int, private_ke_payload_t *this) { - if (this->type == KEY_EXCHANGE) + if (this->type == PLV2_KEY_EXCHANGE) { return 8; } @@ -233,7 +233,7 @@ ke_payload_t *ke_payload_create(payload_type_t type) .get_dh_group_number = _get_dh_group_number, .destroy = _destroy, }, - .next_payload = NO_PAYLOAD, + .next_payload = PL_NONE, .dh_group_number = MODP_NONE, .type = type, ); diff --git a/src/libcharon/encoding/payloads/ke_payload.h b/src/libcharon/encoding/payloads/ke_payload.h index d3aa18484..dfc6308b4 100644 --- a/src/libcharon/encoding/payloads/ke_payload.h +++ b/src/libcharon/encoding/payloads/ke_payload.h @@ -63,7 +63,7 @@ struct ke_payload_t { /** * Creates an empty ke_payload_t object. * - * @param type KEY_EXCHANGE or KEY_EXCHANGE_V1 + * @param type PLV2_KEY_EXCHANGE or PLV1_KEY_EXCHANGE * @return ke_payload_t object */ ke_payload_t *ke_payload_create(payload_type_t type); @@ -71,7 +71,7 @@ ke_payload_t *ke_payload_create(payload_type_t type); /** * Creates a ke_payload_t from a diffie_hellman_t. * - * @param type KEY_EXCHANGE or KEY_EXCHANGE_V1 + * @param type PLV2_KEY_EXCHANGE or PLV1_KEY_EXCHANGE * @param dh diffie hellman object containing group and key * @return ke_payload_t object */ diff --git a/src/libcharon/encoding/payloads/nonce_payload.c b/src/libcharon/encoding/payloads/nonce_payload.c index 3c5eeb535..b0d1c601a 100644 --- a/src/libcharon/encoding/payloads/nonce_payload.c +++ b/src/libcharon/encoding/payloads/nonce_payload.c @@ -60,7 +60,7 @@ struct private_nonce_payload_t { chunk_t nonce; /** - * Payload type, NONCE or NONCE_V1 + * Payload type, PLV2_NONCE or PLV1_NONCE */ payload_type_t type; }; @@ -110,12 +110,12 @@ METHOD(payload_t, verify, status_t, { bad_length = TRUE; } - if (this->type == NONCE && + if (this->type == PLV2_NONCE && this->nonce.len < 16) { bad_length = TRUE; } - if (this->type == NONCE_V1 && + if (this->type == PLV1_NONCE && this->nonce.len < 8) { bad_length = TRUE; @@ -209,7 +209,7 @@ nonce_payload_t *nonce_payload_create(payload_type_t type) .get_nonce = _get_nonce, .destroy = _destroy, }, - .next_payload = NO_PAYLOAD, + .next_payload = PL_NONE, .payload_length = get_header_length(this), .type = type, ); diff --git a/src/libcharon/encoding/payloads/nonce_payload.h b/src/libcharon/encoding/payloads/nonce_payload.h index 5c47f5f9f..ee8ad17f7 100644 --- a/src/libcharon/encoding/payloads/nonce_payload.h +++ b/src/libcharon/encoding/payloads/nonce_payload.h @@ -64,7 +64,7 @@ struct nonce_payload_t { /** * Creates an empty nonce_payload_t object * - * @param type NONCE or NONCE_V1 + * @param type PLV2_NONCE or PLV1_NONCE * @return nonce_payload_t object */ nonce_payload_t *nonce_payload_create(payload_type_t type); diff --git a/src/libcharon/encoding/payloads/notify_payload.c b/src/libcharon/encoding/payloads/notify_payload.c index 889ad6358..dd92e429a 100644 --- a/src/libcharon/encoding/payloads/notify_payload.c +++ b/src/libcharon/encoding/payloads/notify_payload.c @@ -302,7 +302,7 @@ struct private_notify_payload_t { chunk_t notify_data; /** - * Type of payload, NOTIFY or NOTIFY_V1 + * Type of payload, PLV2_NOTIFY or PLV1_NOTIFY */ payload_type_t type; }; @@ -427,7 +427,7 @@ METHOD(payload_t, verify, status_t, { case INVALID_KE_PAYLOAD: { - if (this->type == NOTIFY && this->notify_data.len != 2) + if (this->type == PLV2_NOTIFY && this->notify_data.len != 2) { bad_length = TRUE; } @@ -447,7 +447,7 @@ METHOD(payload_t, verify, status_t, case INVALID_MAJOR_VERSION: case NO_PROPOSAL_CHOSEN: { - if (this->type == NOTIFY && this->notify_data.len != 0) + if (this->type == PLV2_NOTIFY && this->notify_data.len != 0) { bad_length = TRUE; } @@ -531,7 +531,7 @@ METHOD(payload_t, verify, status_t, METHOD(payload_t, get_encoding_rules, int, private_notify_payload_t *this, encoding_rule_t **rules) { - if (this->type == NOTIFY) + if (this->type == PLV2_NOTIFY) { *rules = encodings_v2; return countof(encodings_v2); @@ -543,7 +543,7 @@ METHOD(payload_t, get_encoding_rules, int, METHOD(payload_t, get_header_length, int, private_notify_payload_t *this) { - if (this->type == NOTIFY) + if (this->type == PLV2_NOTIFY) { return 8 + this->spi_size; } @@ -726,7 +726,7 @@ notify_payload_t *notify_payload_create(payload_type_t type) .destroy = _destroy, }, .doi = IKEV1_DOI_IPSEC, - .next_payload = NO_PAYLOAD, + .next_payload = PL_NONE, .type = type, ); compute_length(this); diff --git a/src/libcharon/encoding/payloads/notify_payload.h b/src/libcharon/encoding/payloads/notify_payload.h index c67644a01..3c56f0673 100644 --- a/src/libcharon/encoding/payloads/notify_payload.h +++ b/src/libcharon/encoding/payloads/notify_payload.h @@ -281,7 +281,7 @@ struct notify_payload_t { /** * Creates an empty notify_payload_t object * - * @param type payload type, NOTIFY or NOTIFY_V1 + * @param type payload type, PLV2_NOTIFY or PLV1_NOTIFY * @return created notify_payload_t object */ notify_payload_t *notify_payload_create(payload_type_t type); @@ -289,7 +289,7 @@ notify_payload_t *notify_payload_create(payload_type_t type); /** * Creates an notify_payload_t object of specific type for specific protocol id. * - * @param type payload type, NOTIFY or NOTIFY_V1 + * @param type payload type, PLV2_NOTIFY or PLV1_NOTIFY * @param protocol protocol id (IKE, AH or ESP) * @param notify type of notify * @return notify_payload_t object diff --git a/src/libcharon/encoding/payloads/payload.c b/src/libcharon/encoding/payloads/payload.c index f9dd33edb..fd616620d 100644 --- a/src/libcharon/encoding/payloads/payload.c +++ b/src/libcharon/encoding/payloads/payload.c @@ -39,16 +39,16 @@ #include #include -ENUM_BEGIN(payload_type_names, NO_PAYLOAD, NO_PAYLOAD, - "NO_PAYLOAD"); -ENUM_NEXT(payload_type_names, SECURITY_ASSOCIATION_V1, CONFIGURATION_V1, NO_PAYLOAD, +ENUM_BEGIN(payload_type_names, PL_NONE, PL_NONE, + "PL_NONE"); +ENUM_NEXT(payload_type_names, PLV1_SECURITY_ASSOCIATION, PLV1_CONFIGURATION, PL_NONE, "SECURITY_ASSOCIATION_V1", "PROPOSAL_V1", "TRANSFORM_V1", "KEY_EXCHANGE_V1", "ID_V1", "CERTIFICATE_V1", - "CERTIFICATE_REQUEST_V1", + "CERTREQ_V1", "HASH_V1", "SIGNATURE_V1", "NONCE_V1", @@ -56,41 +56,41 @@ ENUM_NEXT(payload_type_names, SECURITY_ASSOCIATION_V1, CONFIGURATION_V1, NO_PAYL "DELETE_V1", "VENDOR_ID_V1", "CONFIGURATION_V1"); -ENUM_NEXT(payload_type_names, NAT_D_V1, NAT_OA_V1, CONFIGURATION_V1, +ENUM_NEXT(payload_type_names, PLV1_NAT_D, PLV1_NAT_OA, PLV1_CONFIGURATION, "NAT_D_V1", "NAT_OA_V1"); -ENUM_NEXT(payload_type_names, SECURITY_ASSOCIATION, GENERIC_SECURE_PASSWORD_METHOD, NAT_OA_V1, +ENUM_NEXT(payload_type_names, PLV2_SECURITY_ASSOCIATION, PLV2_GSPM, PLV1_NAT_OA, "SECURITY_ASSOCIATION", "KEY_EXCHANGE", "ID_INITIATOR", "ID_RESPONDER", "CERTIFICATE", - "CERTIFICATE_REQUEST", - "AUTHENTICATION", + "CERTREQ", + "AUTH", "NONCE", "NOTIFY", "DELETE", "VENDOR_ID", - "TRAFFIC_SELECTOR_INITIATOR", - "TRAFFIC_SELECTOR_RESPONDER", + "TS_INITIATOR", + "TS_RESPONDER", "ENCRYPTED", "CONFIGURATION", - "EXTENSIBLE_AUTHENTICATION", - "GENERIC_SECURE_PASSWORD_METHOD"); + "EAP", + "GSPM"); #ifdef ME -ENUM_NEXT(payload_type_names, ID_PEER, ID_PEER, GENERIC_SECURE_PASSWORD_METHOD, +ENUM_NEXT(payload_type_names, PLV2_ID_PEER, PLV2_ID_PEER, PLV2_GSPM, "ID_PEER"); -ENUM_NEXT(payload_type_names, NAT_D_DRAFT_00_03_V1, FRAGMENT_V1, ID_PEER, +ENUM_NEXT(payload_type_names, PLV1_NAT_D_DRAFT_00_03, PLV1_FRAGMENT, PLV2_ID_PEER, "NAT_D_DRAFT_V1", "NAT_OA_DRAFT_V1", "FRAGMENT"); #else -ENUM_NEXT(payload_type_names, NAT_D_DRAFT_00_03_V1, FRAGMENT_V1, GENERIC_SECURE_PASSWORD_METHOD, +ENUM_NEXT(payload_type_names, PLV1_NAT_D_DRAFT_00_03, PLV1_FRAGMENT, PLV2_GSPM, "NAT_D_DRAFT_V1", "NAT_OA_DRAFT_V1", "FRAGMENT"); #endif /* ME */ -ENUM_NEXT(payload_type_names, HEADER, ENCRYPTED_V1, FRAGMENT_V1, +ENUM_NEXT(payload_type_names, PL_HEADER, PLV1_ENCRYPTED, PLV1_FRAGMENT, "HEADER", "PROPOSAL_SUBSTRUCTURE", "PROPOSAL_SUBSTRUCTURE_V1", @@ -102,12 +102,12 @@ ENUM_NEXT(payload_type_names, HEADER, ENCRYPTED_V1, FRAGMENT_V1, "CONFIGURATION_ATTRIBUTE", "CONFIGURATION_ATTRIBUTE_V1", "ENCRYPTED_V1"); -ENUM_END(payload_type_names, ENCRYPTED_V1); +ENUM_END(payload_type_names, PLV1_ENCRYPTED); /* short forms of payload names */ -ENUM_BEGIN(payload_type_short_names, NO_PAYLOAD, NO_PAYLOAD, +ENUM_BEGIN(payload_type_short_names, PL_NONE, PL_NONE, "--"); -ENUM_NEXT(payload_type_short_names, SECURITY_ASSOCIATION_V1, CONFIGURATION_V1, NO_PAYLOAD, +ENUM_NEXT(payload_type_short_names, PLV1_SECURITY_ASSOCIATION, PLV1_CONFIGURATION, PL_NONE, "SA", "PROP", "TRANS", @@ -122,10 +122,10 @@ ENUM_NEXT(payload_type_short_names, SECURITY_ASSOCIATION_V1, CONFIGURATION_V1, N "D", "V", "CP"); -ENUM_NEXT(payload_type_short_names, NAT_D_V1, NAT_OA_V1, CONFIGURATION_V1, +ENUM_NEXT(payload_type_short_names, PLV1_NAT_D, PLV1_NAT_OA, PLV1_CONFIGURATION, "NAT-D", "NAT-OA"); -ENUM_NEXT(payload_type_short_names, SECURITY_ASSOCIATION, GENERIC_SECURE_PASSWORD_METHOD, NAT_OA_V1, +ENUM_NEXT(payload_type_short_names, PLV2_SECURITY_ASSOCIATION, PLV2_GSPM, PLV1_NAT_OA, "SA", "KE", "IDi", @@ -144,19 +144,19 @@ ENUM_NEXT(payload_type_short_names, SECURITY_ASSOCIATION, GENERIC_SECURE_PASSWOR "EAP", "GSPM"); #ifdef ME -ENUM_NEXT(payload_type_short_names, ID_PEER, ID_PEER, GENERIC_SECURE_PASSWORD_METHOD, +ENUM_NEXT(payload_type_short_names, PLV2_ID_PEER, PLV2_ID_PEER, PLV2_GSPM, "IDp"); -ENUM_NEXT(payload_type_short_names, NAT_D_DRAFT_00_03_V1, FRAGMENT_V1, ID_PEER, +ENUM_NEXT(payload_type_short_names, PLV1_NAT_D_DRAFT_00_03, PLV1_FRAGMENT, PLV2_ID_PEER, "NAT-D", "NAT-OA", "FRAG"); #else -ENUM_NEXT(payload_type_short_names, NAT_D_DRAFT_00_03_V1, FRAGMENT_V1, GENERIC_SECURE_PASSWORD_METHOD, +ENUM_NEXT(payload_type_short_names, PLV1_NAT_D_DRAFT_00_03, PLV1_FRAGMENT, PLV2_GSPM, "NAT-D", "NAT-OA", "FRAG"); #endif /* ME */ -ENUM_NEXT(payload_type_short_names, HEADER, ENCRYPTED_V1, FRAGMENT_V1, +ENUM_NEXT(payload_type_short_names, PL_HEADER, PLV1_ENCRYPTED, PLV1_FRAGMENT, "HDR", "PROP", "PROP", @@ -168,7 +168,7 @@ ENUM_NEXT(payload_type_short_names, HEADER, ENCRYPTED_V1, FRAGMENT_V1, "CATTR", "CATTR", "E"); -ENUM_END(payload_type_short_names, ENCRYPTED_V1); +ENUM_END(payload_type_short_names, PLV1_ENCRYPTED); /* * see header @@ -177,75 +177,75 @@ payload_t *payload_create(payload_type_t type) { switch (type) { - case HEADER: + case PL_HEADER: return (payload_t*)ike_header_create(); - case SECURITY_ASSOCIATION: - case SECURITY_ASSOCIATION_V1: + case PLV2_SECURITY_ASSOCIATION: + case PLV1_SECURITY_ASSOCIATION: return (payload_t*)sa_payload_create(type); - case PROPOSAL_SUBSTRUCTURE: - case PROPOSAL_SUBSTRUCTURE_V1: + case PLV2_PROPOSAL_SUBSTRUCTURE: + case PLV1_PROPOSAL_SUBSTRUCTURE: return (payload_t*)proposal_substructure_create(type); - case TRANSFORM_SUBSTRUCTURE: - case TRANSFORM_SUBSTRUCTURE_V1: + case PLV2_TRANSFORM_SUBSTRUCTURE: + case PLV1_TRANSFORM_SUBSTRUCTURE: return (payload_t*)transform_substructure_create(type); - case TRANSFORM_ATTRIBUTE: - case TRANSFORM_ATTRIBUTE_V1: + case PLV2_TRANSFORM_ATTRIBUTE: + case PLV1_TRANSFORM_ATTRIBUTE: return (payload_t*)transform_attribute_create(type); - case NONCE: - case NONCE_V1: + case PLV2_NONCE: + case PLV1_NONCE: return (payload_t*)nonce_payload_create(type); - case ID_INITIATOR: - case ID_RESPONDER: - case ID_V1: - case NAT_OA_V1: - case NAT_OA_DRAFT_00_03_V1: + case PLV2_ID_INITIATOR: + case PLV2_ID_RESPONDER: + case PLV1_ID: + case PLV1_NAT_OA: + case PLV1_NAT_OA_DRAFT_00_03: #ifdef ME - case ID_PEER: + case PLV2_ID_PEER: #endif /* ME */ return (payload_t*)id_payload_create(type); - case AUTHENTICATION: + case PLV2_AUTH: return (payload_t*)auth_payload_create(); - case CERTIFICATE: - case CERTIFICATE_V1: + case PLV2_CERTIFICATE: + case PLV1_CERTIFICATE: return (payload_t*)cert_payload_create(type); - case CERTIFICATE_REQUEST: - case CERTIFICATE_REQUEST_V1: + case PLV2_CERTREQ: + case PLV1_CERTREQ: return (payload_t*)certreq_payload_create(type); - case TRAFFIC_SELECTOR_SUBSTRUCTURE: + case PLV2_TRAFFIC_SELECTOR_SUBSTRUCTURE: return (payload_t*)traffic_selector_substructure_create(); - case TRAFFIC_SELECTOR_INITIATOR: + case PLV2_TS_INITIATOR: return (payload_t*)ts_payload_create(TRUE); - case TRAFFIC_SELECTOR_RESPONDER: + case PLV2_TS_RESPONDER: return (payload_t*)ts_payload_create(FALSE); - case KEY_EXCHANGE: - case KEY_EXCHANGE_V1: + case PLV2_KEY_EXCHANGE: + case PLV1_KEY_EXCHANGE: return (payload_t*)ke_payload_create(type); - case NOTIFY: - case NOTIFY_V1: + case PLV2_NOTIFY: + case PLV1_NOTIFY: return (payload_t*)notify_payload_create(type); - case DELETE: - case DELETE_V1: + case PLV2_DELETE: + case PLV1_DELETE: return (payload_t*)delete_payload_create(type, 0); - case VENDOR_ID: - case VENDOR_ID_V1: + case PLV2_VENDOR_ID: + case PLV1_VENDOR_ID: return (payload_t*)vendor_id_payload_create(type); - case HASH_V1: - case SIGNATURE_V1: - case NAT_D_V1: - case NAT_D_DRAFT_00_03_V1: + case PLV1_HASH: + case PLV1_SIGNATURE: + case PLV1_NAT_D: + case PLV1_NAT_D_DRAFT_00_03: return (payload_t*)hash_payload_create(type); - case CONFIGURATION: - case CONFIGURATION_V1: + case PLV2_CONFIGURATION: + case PLV1_CONFIGURATION: return (payload_t*)cp_payload_create(type); - case CONFIGURATION_ATTRIBUTE: - case CONFIGURATION_ATTRIBUTE_V1: + case PLV2_CONFIGURATION_ATTRIBUTE: + case PLV1_CONFIGURATION_ATTRIBUTE: return (payload_t*)configuration_attribute_create(type); - case EXTENSIBLE_AUTHENTICATION: + case PLV2_EAP: return (payload_t*)eap_payload_create(); - case ENCRYPTED: - case ENCRYPTED_V1: + case PLV2_ENCRYPTED: + case PLV1_ENCRYPTED: return (payload_t*)encryption_payload_create(type); - case FRAGMENT_V1: + case PLV1_FRAGMENT: return (payload_t*)fragment_payload_create(); default: return (payload_t*)unknown_payload_create(type); @@ -257,29 +257,29 @@ payload_t *payload_create(payload_type_t type) */ bool payload_is_known(payload_type_t type) { - if (type == HEADER) + if (type == PL_HEADER) { return TRUE; } - if (type >= SECURITY_ASSOCIATION && type <= EXTENSIBLE_AUTHENTICATION) + if (type >= PLV2_SECURITY_ASSOCIATION && type <= PLV2_EAP) { return TRUE; } - if (type >= SECURITY_ASSOCIATION_V1 && type <= CONFIGURATION_V1) + if (type >= PLV1_SECURITY_ASSOCIATION && type <= PLV1_CONFIGURATION) { return TRUE; } - if (type >= NAT_D_V1 && type <= NAT_OA_V1) + if (type >= PLV1_NAT_D && type <= PLV1_NAT_OA) { return TRUE; } #ifdef ME - if (type == ID_PEER) + if (type == PLV2_ID_PEER) { return TRUE; } #endif - if (type >= NAT_D_DRAFT_00_03_V1 && type <= FRAGMENT_V1) + if (type >= PLV1_NAT_D_DRAFT_00_03 && type <= PLV1_FRAGMENT) { return TRUE; } diff --git a/src/libcharon/encoding/payloads/payload.h b/src/libcharon/encoding/payloads/payload.h index 0e8a9267b..d9dd619f7 100644 --- a/src/libcharon/encoding/payloads/payload.h +++ b/src/libcharon/encoding/payloads/payload.h @@ -45,195 +45,195 @@ enum payload_type_t { /** * End of payload list in next_payload */ - NO_PAYLOAD = 0, + PL_NONE = 0, /** * The security association (SA) payload containing proposals. */ - SECURITY_ASSOCIATION_V1 = 1, + PLV1_SECURITY_ASSOCIATION = 1, /** * The proposal payload, containing transforms. */ - PROPOSAL_V1 = 2, + PLV1_PROPOSAL = 2, /** * The transform payload. */ - TRANSFORM_V1 = 3, + PLV1_TRANSFORM = 3, /** * The key exchange (KE) payload containing diffie-hellman values. */ - KEY_EXCHANGE_V1 = 4, + PLV1_KEY_EXCHANGE = 4, /** * ID payload. */ - ID_V1 = 5, + PLV1_ID = 5, /** * Certificate payload with certificates (CERT). */ - CERTIFICATE_V1 = 6, + PLV1_CERTIFICATE = 6, /** * Certificate request payload. */ - CERTIFICATE_REQUEST_V1 = 7, + PLV1_CERTREQ = 7, /** * Hash payload. */ - HASH_V1 = 8, + PLV1_HASH = 8, /** * Signature payload */ - SIGNATURE_V1 = 9, + PLV1_SIGNATURE = 9, /** * Nonce payload. */ - NONCE_V1 = 10, + PLV1_NONCE = 10, /** * Notification payload. */ - NOTIFY_V1 = 11, + PLV1_NOTIFY = 11, /** * Delete payload. */ - DELETE_V1 = 12, + PLV1_DELETE = 12, /** * Vendor id payload. */ - VENDOR_ID_V1 = 13, + PLV1_VENDOR_ID = 13, /** * Attribute payload (ISAKMP Mode Config, aka configuration payload. */ - CONFIGURATION_V1 = 14, + PLV1_CONFIGURATION = 14, /** * NAT discovery payload (NAT-D). */ - NAT_D_V1 = 20, + PLV1_NAT_D = 20, /** * NAT original address payload (NAT-OA). */ - NAT_OA_V1 = 21, + PLV1_NAT_OA = 21, /** * The security association (SA) payload containing proposals. */ - SECURITY_ASSOCIATION = 33, + PLV2_SECURITY_ASSOCIATION = 33, /** * The key exchange (KE) payload containing diffie-hellman values. */ - KEY_EXCHANGE = 34, + PLV2_KEY_EXCHANGE = 34, /** * Identification for the original initiator (IDi). */ - ID_INITIATOR = 35, + PLV2_ID_INITIATOR = 35, /** * Identification for the original responder (IDr). */ - ID_RESPONDER = 36, + PLV2_ID_RESPONDER = 36, /** * Certificate payload with certificates (CERT). */ - CERTIFICATE = 37, + PLV2_CERTIFICATE = 37, /** * Certificate request payload (CERTREQ). */ - CERTIFICATE_REQUEST = 38, + PLV2_CERTREQ = 38, /** * Authentication payload contains auth data (AUTH). */ - AUTHENTICATION = 39, + PLV2_AUTH = 39, /** * Nonces, for initiator and responder (Ni, Nr, N) */ - NONCE = 40, + PLV2_NONCE = 40, /** * Notify paylaod (N). */ - NOTIFY = 41, + PLV2_NOTIFY = 41, /** * Delete payload (D) */ - DELETE = 42, + PLV2_DELETE = 42, /** * Vendor id paylpoad (V). */ - VENDOR_ID = 43, + PLV2_VENDOR_ID = 43, /** * Traffic selector for the original initiator (TSi). */ - TRAFFIC_SELECTOR_INITIATOR = 44, + PLV2_TS_INITIATOR = 44, /** * Traffic selector for the original responser (TSr). */ - TRAFFIC_SELECTOR_RESPONDER = 45, + PLV2_TS_RESPONDER = 45, /** * Encryption payload, contains other payloads (E). */ - ENCRYPTED = 46, + PLV2_ENCRYPTED = 46, /** * Configuration payload (CP). */ - CONFIGURATION = 47, + PLV2_CONFIGURATION = 47, /** * Extensible authentication payload (EAP). */ - EXTENSIBLE_AUTHENTICATION = 48, + PLV2_EAP = 48, /** * Generic Secure Password Method (GSPM). */ - GENERIC_SECURE_PASSWORD_METHOD = 49, + PLV2_GSPM = 49, #ifdef ME /** * Identification payload for peers has a value from * the PRIVATE USE space. */ - ID_PEER = 128, + PLV2_ID_PEER = 128, #endif /* ME */ /** * NAT discovery payload (NAT-D) (drafts). */ - NAT_D_DRAFT_00_03_V1 = 130, + PLV1_NAT_D_DRAFT_00_03 = 130, /** * NAT original address payload (NAT-OA) (drafts). */ - NAT_OA_DRAFT_00_03_V1 = 131, + PLV1_NAT_OA_DRAFT_00_03 = 131, /** * IKE fragment (proprietary IKEv1 extension) */ - FRAGMENT_V1 = 132, + PLV1_FRAGMENT = 132, /** * Header has a value of PRIVATE USE space. @@ -241,57 +241,57 @@ enum payload_type_t { * This type and all the following are never sent over wire and are * used internally only. */ - HEADER = 256, + PL_HEADER = 256, /** - * PROPOSAL_SUBSTRUCTURE, IKEv2 proposals in a SA payload. + * PLV2_PROPOSAL_SUBSTRUCTURE, IKEv2 proposals in a SA payload. */ - PROPOSAL_SUBSTRUCTURE, + PLV2_PROPOSAL_SUBSTRUCTURE, /** - * PROPOSAL_SUBSTRUCTURE_V1, IKEv1 proposals in a SA payload. + * PLV1_PROPOSAL_SUBSTRUCTURE, IKEv1 proposals in a SA payload. */ - PROPOSAL_SUBSTRUCTURE_V1, + PLV1_PROPOSAL_SUBSTRUCTURE, /** - * TRANSFORM_SUBSTRUCTURE, IKEv2 transforms in a proposal substructure. + * PLV2_TRANSFORM_SUBSTRUCTURE, IKEv2 transforms in a proposal substructure. */ - TRANSFORM_SUBSTRUCTURE, + PLV2_TRANSFORM_SUBSTRUCTURE, /** - * TRANSFORM_SUBSTRUCTURE_V1, IKEv1 transforms in a proposal substructure. + * PLV1_TRANSFORM_SUBSTRUCTURE, IKEv1 transforms in a proposal substructure. */ - TRANSFORM_SUBSTRUCTURE_V1, + PLV1_TRANSFORM_SUBSTRUCTURE, /** - * TRANSFORM_ATTRIBUTE, IKEv2 attribute in a transform. + * PLV2_TRANSFORM_ATTRIBUTE, IKEv2 attribute in a transform. */ - TRANSFORM_ATTRIBUTE, + PLV2_TRANSFORM_ATTRIBUTE, /** - * TRANSFORM_ATTRIBUTE_V1, IKEv1 attribute in a transform. + * PLV1_TRANSFORM_ATTRIBUTE, IKEv1 attribute in a transform. */ - TRANSFORM_ATTRIBUTE_V1, + PLV1_TRANSFORM_ATTRIBUTE, /** - * TRAFFIC_SELECTOR_SUBSTRUCTURE, traffic selector in a TS payload. + * PLV2_TRAFFIC_SELECTOR_SUBSTRUCTURE, traffic selector in a TS payload. */ - TRAFFIC_SELECTOR_SUBSTRUCTURE, + PLV2_TRAFFIC_SELECTOR_SUBSTRUCTURE, /** - * CONFIGURATION_ATTRIBUTE, IKEv2 attribute in a configuration payload. + * PLV2_CONFIGURATION_ATTRIBUTE, IKEv2 attribute in a configuration payload. */ - CONFIGURATION_ATTRIBUTE, + PLV2_CONFIGURATION_ATTRIBUTE, /** - * CONFIGURATION_ATTRIBUTE_V1, IKEv1 attribute in a configuration payload. + * PLV1_CONFIGURATION_ATTRIBUTE, IKEv1 attribute in a configuration payload. */ - CONFIGURATION_ATTRIBUTE_V1, + PLV1_CONFIGURATION_ATTRIBUTE, /** * This is not really a payload, but rather the complete IKEv1 message. */ - ENCRYPTED_V1, + PLV1_ENCRYPTED, }; /** @@ -336,7 +336,7 @@ struct payload_t { payload_type_t (*get_type) (payload_t *this); /** - * Get type of next payload or NO_PAYLOAD (0) if this is the last one. + * Get type of next payload or PL_NONE (0) if this is the last one. * * @return type of next payload */ diff --git a/src/libcharon/encoding/payloads/proposal_substructure.c b/src/libcharon/encoding/payloads/proposal_substructure.c index 3e35b75c6..53e8cf3ad 100644 --- a/src/libcharon/encoding/payloads/proposal_substructure.c +++ b/src/libcharon/encoding/payloads/proposal_substructure.c @@ -88,7 +88,7 @@ struct private_proposal_substructure_t { linked_list_t *transforms; /** - * Type of this payload, PROPOSAL_SUBSTRUCTURE or PROPOSAL_SUBSTRUCTURE_V1 + * Type of this payload, PLV2_PROPOSAL_SUBSTRUCTURE or PLV1_PROPOSAL_SUBSTRUCTURE */ payload_type_t type; }; @@ -114,7 +114,7 @@ static encoding_rule_t encodings_v1[] = { /* SPI is a chunk of variable size*/ { SPI, offsetof(private_proposal_substructure_t, spi) }, /* Transforms are stored in a transform substructure list */ - { PAYLOAD_LIST + TRANSFORM_SUBSTRUCTURE_V1, + { PAYLOAD_LIST + PLV1_TRANSFORM_SUBSTRUCTURE, offsetof(private_proposal_substructure_t, transforms) }, }; @@ -139,7 +139,7 @@ static encoding_rule_t encodings_v2[] = { /* SPI is a chunk of variable size*/ { SPI, offsetof(private_proposal_substructure_t, spi) }, /* Transforms are stored in a transform substructure list */ - { PAYLOAD_LIST + TRANSFORM_SUBSTRUCTURE, + { PAYLOAD_LIST + PLV2_TRANSFORM_SUBSTRUCTURE, offsetof(private_proposal_substructure_t, transforms) }, }; @@ -329,7 +329,7 @@ METHOD(payload_t, verify, status_t, enumerator_t *enumerator; payload_t *current; - if (this->next_payload != NO_PAYLOAD && this->next_payload != 2) + if (this->next_payload != PL_NONE && this->next_payload != 2) { /* must be 0 or 2 */ DBG1(DBG_ENC, "inconsistent next payload"); @@ -361,7 +361,7 @@ METHOD(payload_t, verify, status_t, } break; case PROTO_IKE: - if (this->type == PROPOSAL_SUBSTRUCTURE_V1) + if (this->type == PLV1_PROPOSAL_SUBSTRUCTURE) { if (this->spi.len <= 16) { /* according to RFC 2409, section 3.5 anything between @@ -397,7 +397,7 @@ METHOD(payload_t, verify, status_t, METHOD(payload_t, get_encoding_rules, int, private_proposal_substructure_t *this, encoding_rule_t **rules) { - if (this->type == PROPOSAL_SUBSTRUCTURE) + if (this->type == PLV2_PROPOSAL_SUBSTRUCTURE) { *rules = encodings_v2; return countof(encodings_v2); @@ -1028,7 +1028,7 @@ METHOD(proposal_substructure_t, get_proposals, void, proposal->set_spi(proposal, spi); proposals->insert_last(proposals, proposal); } - if (this->type == PROPOSAL_SUBSTRUCTURE) + if (this->type == PLV2_PROPOSAL_SUBSTRUCTURE) { add_to_proposal_v2(proposal, transform); } @@ -1266,7 +1266,7 @@ proposal_substructure_t *proposal_substructure_create(payload_type_t type) .get_encap_mode = _get_encap_mode, .destroy = _destroy, }, - .next_payload = NO_PAYLOAD, + .next_payload = PL_NONE, .transforms = linked_list_create(), .type = type, ); @@ -1286,7 +1286,7 @@ static void set_from_proposal_v1_ike(private_proposal_substructure_t *this, u_int16_t alg, key_size; enumerator_t *enumerator; - transform = transform_substructure_create_type(TRANSFORM_SUBSTRUCTURE_V1, + transform = transform_substructure_create_type(PLV1_TRANSFORM_SUBSTRUCTURE, number, IKEV1_TRANSID_KEY_IKE); enumerator = proposal->create_enumerator(proposal, ENCRYPTION_ALGORITHM); @@ -1296,12 +1296,12 @@ static void set_from_proposal_v1_ike(private_proposal_substructure_t *this, if (alg) { transform->add_transform_attribute(transform, - transform_attribute_create_value(TRANSFORM_ATTRIBUTE_V1, + transform_attribute_create_value(PLV1_TRANSFORM_ATTRIBUTE, TATTR_PH1_ENCRYPTION_ALGORITHM, alg)); if (key_size) { transform->add_transform_attribute(transform, - transform_attribute_create_value(TRANSFORM_ATTRIBUTE_V1, + transform_attribute_create_value(PLV1_TRANSFORM_ATTRIBUTE, TATTR_PH1_KEY_LENGTH, key_size)); } break; @@ -1317,7 +1317,7 @@ static void set_from_proposal_v1_ike(private_proposal_substructure_t *this, if (alg) { transform->add_transform_attribute(transform, - transform_attribute_create_value(TRANSFORM_ATTRIBUTE_V1, + transform_attribute_create_value(PLV1_TRANSFORM_ATTRIBUTE, TATTR_PH1_HASH_ALGORITHM, alg)); break; } @@ -1328,19 +1328,19 @@ static void set_from_proposal_v1_ike(private_proposal_substructure_t *this, if (enumerator->enumerate(enumerator, &alg, &key_size)) { transform->add_transform_attribute(transform, - transform_attribute_create_value(TRANSFORM_ATTRIBUTE_V1, + transform_attribute_create_value(PLV1_TRANSFORM_ATTRIBUTE, TATTR_PH1_GROUP, alg)); } enumerator->destroy(enumerator); transform->add_transform_attribute(transform, - transform_attribute_create_value(TRANSFORM_ATTRIBUTE_V1, + transform_attribute_create_value(PLV1_TRANSFORM_ATTRIBUTE, TATTR_PH1_AUTH_METHOD, get_ikev1_auth(method))); transform->add_transform_attribute(transform, - transform_attribute_create_value(TRANSFORM_ATTRIBUTE_V1, + transform_attribute_create_value(PLV1_TRANSFORM_ATTRIBUTE, TATTR_PH1_LIFE_TYPE, IKEV1_LIFE_TYPE_SECONDS)); transform->add_transform_attribute(transform, - transform_attribute_create_value(TRANSFORM_ATTRIBUTE_V1, + transform_attribute_create_value(PLV1_TRANSFORM_ATTRIBUTE, TATTR_PH1_LIFE_DURATION, lifetime)); add_transform_substructure(this, transform); @@ -1366,11 +1366,11 @@ static void set_from_proposal_v1(private_proposal_substructure_t *this, if (alg) { transform = transform_substructure_create_type( - TRANSFORM_SUBSTRUCTURE_V1, number, alg); + PLV1_TRANSFORM_SUBSTRUCTURE, number, alg); if (key_size) { transform->add_transform_attribute(transform, - transform_attribute_create_value(TRANSFORM_ATTRIBUTE_V1, + transform_attribute_create_value(PLV1_TRANSFORM_ATTRIBUTE, TATTR_PH2_KEY_LENGTH, key_size)); } } @@ -1386,10 +1386,10 @@ static void set_from_proposal_v1(private_proposal_substructure_t *this, if (!transform) { transform = transform_substructure_create_type( - TRANSFORM_SUBSTRUCTURE_V1, number, alg); + PLV1_TRANSFORM_SUBSTRUCTURE, number, alg); } transform->add_transform_attribute(transform, - transform_attribute_create_value(TRANSFORM_ATTRIBUTE_V1, + transform_attribute_create_value(PLV1_TRANSFORM_ATTRIBUTE, TATTR_PH2_AUTH_ALGORITHM, alg)); } } @@ -1404,30 +1404,30 @@ static void set_from_proposal_v1(private_proposal_substructure_t *this, if (enumerator->enumerate(enumerator, &alg, &key_size)) { transform->add_transform_attribute(transform, - transform_attribute_create_value(TRANSFORM_ATTRIBUTE_V1, + transform_attribute_create_value(PLV1_TRANSFORM_ATTRIBUTE, TATTR_PH2_GROUP, alg)); } enumerator->destroy(enumerator); transform->add_transform_attribute(transform, - transform_attribute_create_value(TRANSFORM_ATTRIBUTE_V1, + transform_attribute_create_value(PLV1_TRANSFORM_ATTRIBUTE, TATTR_PH2_ENCAP_MODE, get_ikev1_mode(mode, udp))); if (lifetime) { transform->add_transform_attribute(transform, - transform_attribute_create_value(TRANSFORM_ATTRIBUTE_V1, + transform_attribute_create_value(PLV1_TRANSFORM_ATTRIBUTE, TATTR_PH2_SA_LIFE_TYPE, IKEV1_LIFE_TYPE_SECONDS)); transform->add_transform_attribute(transform, - transform_attribute_create_value(TRANSFORM_ATTRIBUTE_V1, + transform_attribute_create_value(PLV1_TRANSFORM_ATTRIBUTE, TATTR_PH2_SA_LIFE_DURATION, lifetime)); } if (lifebytes) { transform->add_transform_attribute(transform, - transform_attribute_create_value(TRANSFORM_ATTRIBUTE_V1, + transform_attribute_create_value(PLV1_TRANSFORM_ATTRIBUTE, TATTR_PH2_SA_LIFE_TYPE, IKEV1_LIFE_TYPE_KILOBYTES)); transform->add_transform_attribute(transform, - transform_attribute_create_value(TRANSFORM_ATTRIBUTE_V1, + transform_attribute_create_value(PLV1_TRANSFORM_ATTRIBUTE, TATTR_PH2_SA_LIFE_DURATION, lifebytes / 1000)); } @@ -1448,12 +1448,12 @@ static void set_from_proposal_v2(private_proposal_substructure_t *this, enumerator = proposal->create_enumerator(proposal, ENCRYPTION_ALGORITHM); while (enumerator->enumerate(enumerator, &alg, &key_size)) { - transform = transform_substructure_create_type(TRANSFORM_SUBSTRUCTURE, + transform = transform_substructure_create_type(PLV2_TRANSFORM_SUBSTRUCTURE, ENCRYPTION_ALGORITHM, alg); if (key_size) { transform->add_transform_attribute(transform, - transform_attribute_create_value(TRANSFORM_ATTRIBUTE, + transform_attribute_create_value(PLV2_TRANSFORM_ATTRIBUTE, TATTR_IKEV2_KEY_LENGTH, key_size)); } add_transform_substructure(this, transform); @@ -1464,7 +1464,7 @@ static void set_from_proposal_v2(private_proposal_substructure_t *this, enumerator = proposal->create_enumerator(proposal, INTEGRITY_ALGORITHM); while (enumerator->enumerate(enumerator, &alg, &key_size)) { - transform = transform_substructure_create_type(TRANSFORM_SUBSTRUCTURE, + transform = transform_substructure_create_type(PLV2_TRANSFORM_SUBSTRUCTURE, INTEGRITY_ALGORITHM, alg); add_transform_substructure(this, transform); } @@ -1474,7 +1474,7 @@ static void set_from_proposal_v2(private_proposal_substructure_t *this, enumerator = proposal->create_enumerator(proposal, PSEUDO_RANDOM_FUNCTION); while (enumerator->enumerate(enumerator, &alg, &key_size)) { - transform = transform_substructure_create_type(TRANSFORM_SUBSTRUCTURE, + transform = transform_substructure_create_type(PLV2_TRANSFORM_SUBSTRUCTURE, PSEUDO_RANDOM_FUNCTION, alg); add_transform_substructure(this, transform); } @@ -1484,7 +1484,7 @@ static void set_from_proposal_v2(private_proposal_substructure_t *this, enumerator = proposal->create_enumerator(proposal, DIFFIE_HELLMAN_GROUP); while (enumerator->enumerate(enumerator, &alg, NULL)) { - transform = transform_substructure_create_type(TRANSFORM_SUBSTRUCTURE, + transform = transform_substructure_create_type(PLV2_TRANSFORM_SUBSTRUCTURE, DIFFIE_HELLMAN_GROUP, alg); add_transform_substructure(this, transform); } @@ -1494,7 +1494,7 @@ static void set_from_proposal_v2(private_proposal_substructure_t *this, enumerator = proposal->create_enumerator(proposal, EXTENDED_SEQUENCE_NUMBERS); while (enumerator->enumerate(enumerator, &alg, NULL)) { - transform = transform_substructure_create_type(TRANSFORM_SUBSTRUCTURE, + transform = transform_substructure_create_type(PLV2_TRANSFORM_SUBSTRUCTURE, EXTENDED_SEQUENCE_NUMBERS, alg); add_transform_substructure(this, transform); } @@ -1543,7 +1543,7 @@ proposal_substructure_t *proposal_substructure_create_from_proposal_v2( private_proposal_substructure_t *this; this = (private_proposal_substructure_t*) - proposal_substructure_create(SECURITY_ASSOCIATION); + proposal_substructure_create(PLV2_SECURITY_ASSOCIATION); set_from_proposal_v2(this, proposal); set_data(this, proposal); @@ -1560,7 +1560,7 @@ proposal_substructure_t *proposal_substructure_create_from_proposal_v1( private_proposal_substructure_t *this; this = (private_proposal_substructure_t*) - proposal_substructure_create(PROPOSAL_SUBSTRUCTURE_V1); + proposal_substructure_create(PLV1_PROPOSAL_SUBSTRUCTURE); switch (proposal->get_protocol(proposal)) { case PROTO_IKE: @@ -1636,31 +1636,31 @@ proposal_substructure_t *proposal_substructure_create_for_ipcomp_v1( this = (private_proposal_substructure_t*) - proposal_substructure_create(PROPOSAL_SUBSTRUCTURE_V1); + proposal_substructure_create(PLV1_PROPOSAL_SUBSTRUCTURE); /* we currently support DEFLATE only */ - transform = transform_substructure_create_type(TRANSFORM_SUBSTRUCTURE_V1, + transform = transform_substructure_create_type(PLV1_TRANSFORM_SUBSTRUCTURE, 1, IKEV1_IPCOMP_DEFLATE); transform->add_transform_attribute(transform, - transform_attribute_create_value(TRANSFORM_ATTRIBUTE_V1, + transform_attribute_create_value(PLV1_TRANSFORM_ATTRIBUTE, TATTR_PH2_ENCAP_MODE, get_ikev1_mode(mode, udp))); if (lifetime) { transform->add_transform_attribute(transform, - transform_attribute_create_value(TRANSFORM_ATTRIBUTE_V1, + transform_attribute_create_value(PLV1_TRANSFORM_ATTRIBUTE, TATTR_PH2_SA_LIFE_TYPE, IKEV1_LIFE_TYPE_SECONDS)); transform->add_transform_attribute(transform, - transform_attribute_create_value(TRANSFORM_ATTRIBUTE_V1, + transform_attribute_create_value(PLV1_TRANSFORM_ATTRIBUTE, TATTR_PH2_SA_LIFE_DURATION, lifetime)); } if (lifebytes) { transform->add_transform_attribute(transform, - transform_attribute_create_value(TRANSFORM_ATTRIBUTE_V1, + transform_attribute_create_value(PLV1_TRANSFORM_ATTRIBUTE, TATTR_PH2_SA_LIFE_TYPE, IKEV1_LIFE_TYPE_KILOBYTES)); transform->add_transform_attribute(transform, - transform_attribute_create_value(TRANSFORM_ATTRIBUTE_V1, + transform_attribute_create_value(PLV1_TRANSFORM_ATTRIBUTE, TATTR_PH2_SA_LIFE_DURATION, lifebytes / 1000)); } diff --git a/src/libcharon/encoding/payloads/proposal_substructure.h b/src/libcharon/encoding/payloads/proposal_substructure.h index c8e7adfd8..c4614b88f 100644 --- a/src/libcharon/encoding/payloads/proposal_substructure.h +++ b/src/libcharon/encoding/payloads/proposal_substructure.h @@ -168,7 +168,7 @@ struct proposal_substructure_t { /** * Creates an empty proposal_substructure_t object * - * @param type PROPOSAL_SUBSTRUCTURE or PROPOSAL_SUBSTRUCTURE_V1 + * @param type PLV2_PROPOSAL_SUBSTRUCTURE or PLV1_PROPOSAL_SUBSTRUCTURE * @return proposal_substructure_t object */ proposal_substructure_t *proposal_substructure_create(payload_type_t type); @@ -177,7 +177,7 @@ proposal_substructure_t *proposal_substructure_create(payload_type_t type); * Creates an IKEv2 proposal_substructure_t from a proposal_t. * * @param proposal proposal to build a substruct out of it - * @return proposal_substructure_t PROPOSAL_SUBSTRUCTURE + * @return proposal_substructure_t PLV2_PROPOSAL_SUBSTRUCTURE */ proposal_substructure_t *proposal_substructure_create_from_proposal_v2( proposal_t *proposal); @@ -190,7 +190,7 @@ proposal_substructure_t *proposal_substructure_create_from_proposal_v2( * @param auth authentication method to use, or AUTH_NONE * @param mode IPsec encapsulation mode, TRANSPORT or TUNNEL * @param udp ENCAP_UDP to use UDP encapsulation - * @return proposal_substructure_t object PROPOSAL_SUBSTRUCTURE_V1 + * @return proposal_substructure_t object PLV1_PROPOSAL_SUBSTRUCTURE */ proposal_substructure_t *proposal_substructure_create_from_proposal_v1( proposal_t *proposal, u_int32_t lifetime, u_int64_t lifebytes, @@ -205,7 +205,7 @@ proposal_substructure_t *proposal_substructure_create_from_proposal_v1( * @param auth authentication method to use, or AUTH_NONE * @param mode IPsec encapsulation mode, TRANSPORT or TUNNEL * @param udp ENCAP_UDP to use UDP encapsulation - * @return IKEv1 proposal_substructure_t PROPOSAL_SUBSTRUCTURE_V1 + * @return IKEv1 proposal_substructure_t PLV1_PROPOSAL_SUBSTRUCTURE */ proposal_substructure_t *proposal_substructure_create_from_proposals_v1( linked_list_t *proposals, u_int32_t lifetime, u_int64_t lifebytes, @@ -221,7 +221,7 @@ proposal_substructure_t *proposal_substructure_create_from_proposals_v1( * @param mode IPsec encapsulation mode, TRANSPORT or TUNNEL * @param udp ENCAP_UDP to use UDP encapsulation * @param proposal_number the proposal number of the proposal to be linked - * @return IKEv1 proposal_substructure_t PROPOSAL_SUBSTRUCTURE_V1 + * @return IKEv1 proposal_substructure_t PLV1_PROPOSAL_SUBSTRUCTURE */ proposal_substructure_t *proposal_substructure_create_for_ipcomp_v1( u_int32_t lifetime, u_int64_t lifebytes, u_int16_t cpi, diff --git a/src/libcharon/encoding/payloads/sa_payload.c b/src/libcharon/encoding/payloads/sa_payload.c index 3a5bb43a6..8e3a01285 100644 --- a/src/libcharon/encoding/payloads/sa_payload.c +++ b/src/libcharon/encoding/payloads/sa_payload.c @@ -101,7 +101,7 @@ static encoding_rule_t encodings_v1[] = { /* Situation*/ { U_INT_32, offsetof(private_sa_payload_t, situation) }, /* Proposals are stored in a proposal substructure list */ - { PAYLOAD_LIST + PROPOSAL_SUBSTRUCTURE_V1, + { PAYLOAD_LIST + PLV1_PROPOSAL_SUBSTRUCTURE, offsetof(private_sa_payload_t, proposals) }, }; @@ -140,7 +140,7 @@ static encoding_rule_t encodings_v2[] = { /* Length of the whole SA payload*/ { PAYLOAD_LENGTH, offsetof(private_sa_payload_t, payload_length) }, /* Proposals are stored in a proposal substructure list */ - { PAYLOAD_LIST + PROPOSAL_SUBSTRUCTURE, + { PAYLOAD_LIST + PLV2_PROPOSAL_SUBSTRUCTURE, offsetof(private_sa_payload_t, proposals) }, }; @@ -164,7 +164,7 @@ METHOD(payload_t, verify, status_t, enumerator_t *enumerator; proposal_substructure_t *substruct; - if (this->type == SECURITY_ASSOCIATION) + if (this->type == PLV2_SECURITY_ASSOCIATION) { expected_number = 1; } @@ -196,7 +196,7 @@ METHOD(payload_t, verify, status_t, METHOD(payload_t, get_encoding_rules, int, private_sa_payload_t *this, encoding_rule_t **rules) { - if (this->type == SECURITY_ASSOCIATION_V1) + if (this->type == PLV1_SECURITY_ASSOCIATION) { *rules = encodings_v1; return countof(encodings_v1); @@ -208,7 +208,7 @@ METHOD(payload_t, get_encoding_rules, int, METHOD(payload_t, get_header_length, int, private_sa_payload_t *this) { - if (this->type == SECURITY_ASSOCIATION_V1) + if (this->type == PLV1_SECURITY_ASSOCIATION) { return 12; } @@ -295,7 +295,7 @@ METHOD(sa_payload_t, get_proposals, linked_list_t*, proposal_substructure_t *substruct; linked_list_t *substructs, *list; - if (this->type == SECURITY_ASSOCIATION_V1) + if (this->type == PLV1_SECURITY_ASSOCIATION) { /* IKEv1 proposals start with 0 */ struct_number = ignore_struct_number = -1; } @@ -502,7 +502,7 @@ sa_payload_t *sa_payload_create(payload_type_t type) .get_encap_mode = _get_encap_mode, .destroy = _destroy, }, - .next_payload = NO_PAYLOAD, + .next_payload = PL_NONE, .proposals = linked_list_create(), .type = type, /* for IKEv1 only */ @@ -524,7 +524,7 @@ sa_payload_t *sa_payload_create_from_proposals_v2(linked_list_t *proposals) enumerator_t *enumerator; proposal_t *proposal; - this = (private_sa_payload_t*)sa_payload_create(SECURITY_ASSOCIATION); + this = (private_sa_payload_t*)sa_payload_create(PLV2_SECURITY_ASSOCIATION); enumerator = proposals->create_enumerator(proposals); while (enumerator->enumerate(enumerator, &proposal)) { @@ -542,7 +542,7 @@ sa_payload_t *sa_payload_create_from_proposal_v2(proposal_t *proposal) { private_sa_payload_t *this; - this = (private_sa_payload_t*)sa_payload_create(SECURITY_ASSOCIATION); + this = (private_sa_payload_t*)sa_payload_create(PLV2_SECURITY_ASSOCIATION); add_proposal_v2(this, proposal); return &this->public; @@ -560,7 +560,7 @@ sa_payload_t *sa_payload_create_from_proposals_v1(linked_list_t *proposals, proposal_substructure_t *substruct; private_sa_payload_t *this; - this = (private_sa_payload_t*)sa_payload_create(SECURITY_ASSOCIATION_V1); + this = (private_sa_payload_t*)sa_payload_create(PLV1_SECURITY_ASSOCIATION); if (!proposals || !proposals->get_count(proposals)) { diff --git a/src/libcharon/encoding/payloads/sa_payload.h b/src/libcharon/encoding/payloads/sa_payload.h index b62a341d8..0ddf3619c 100644 --- a/src/libcharon/encoding/payloads/sa_payload.h +++ b/src/libcharon/encoding/payloads/sa_payload.h @@ -104,7 +104,7 @@ struct sa_payload_t { /** * Creates an empty sa_payload_t object * - * @param type SECURITY_ASSOCIATION or SECURITY_ASSOCIATION_V1 + * @param type PLV2_SECURITY_ASSOCIATION or PLV1_SECURITY_ASSOCIATION * @return created sa_payload_t object */ sa_payload_t *sa_payload_create(payload_type_t type); diff --git a/src/libcharon/encoding/payloads/traffic_selector_substructure.c b/src/libcharon/encoding/payloads/traffic_selector_substructure.c index 334823db9..83618ff5d 100644 --- a/src/libcharon/encoding/payloads/traffic_selector_substructure.c +++ b/src/libcharon/encoding/payloads/traffic_selector_substructure.c @@ -168,13 +168,13 @@ METHOD(payload_t, get_header_length, int, METHOD(payload_t, get_type, payload_type_t, private_traffic_selector_substructure_t *this) { - return TRAFFIC_SELECTOR_SUBSTRUCTURE; + return PLV2_TRAFFIC_SELECTOR_SUBSTRUCTURE; } METHOD(payload_t, get_next_type, payload_type_t, private_traffic_selector_substructure_t *this) { - return NO_PAYLOAD; + return PL_NONE; } METHOD(payload_t, set_next_type, void, diff --git a/src/libcharon/encoding/payloads/transform_attribute.c b/src/libcharon/encoding/payloads/transform_attribute.c index d20f77c59..4a5b52dcf 100644 --- a/src/libcharon/encoding/payloads/transform_attribute.c +++ b/src/libcharon/encoding/payloads/transform_attribute.c @@ -98,7 +98,7 @@ struct private_transform_attribute_t { chunk_t attribute_value; /** - * Payload type, TRANSFORM_ATTRIBUTE or TRANSFORM_ATTRIBUTE_V1 + * Payload type, PLV2_TRANSFORM_ATTRIBUTE or PLV1_TRANSFORM_ATTRIBUTE */ payload_type_t type; }; @@ -157,7 +157,7 @@ METHOD(payload_t, get_type, payload_type_t, METHOD(payload_t, get_next_type, payload_type_t, private_transform_attribute_t *this) { - return NO_PAYLOAD; + return PL_NONE; } METHOD(payload_t, set_next_type, void, diff --git a/src/libcharon/encoding/payloads/transform_attribute.h b/src/libcharon/encoding/payloads/transform_attribute.h index 23897a50a..87e283b18 100644 --- a/src/libcharon/encoding/payloads/transform_attribute.h +++ b/src/libcharon/encoding/payloads/transform_attribute.h @@ -127,7 +127,7 @@ struct transform_attribute_t { /** * Creates an empty transform_attribute_t object. * - * @param type TRANSFORM_ATTRIBUTE or TRANSFORM_ATTRIBUTE_V1 + * @param type PLV2_TRANSFORM_ATTRIBUTE or PLV1_TRANSFORM_ATTRIBUTE * @return transform_attribute_t object */ transform_attribute_t *transform_attribute_create(payload_type_t type); @@ -135,7 +135,7 @@ transform_attribute_t *transform_attribute_create(payload_type_t type); /** * Creates a two byte value or a larger attribute for a given attribute kind. * - * @param type TRANSFORM_ATTRIBUTE or TRANSFORM_ATTRIBUTE_V1 + * @param type PLV2_TRANSFORM_ATTRIBUTE or PLV1_TRANSFORM_ATTRIBUTE * @param kind attribute kind * @param value fixed two byte value * @return transform_attribute_t object diff --git a/src/libcharon/encoding/payloads/transform_substructure.c b/src/libcharon/encoding/payloads/transform_substructure.c index a85027561..6885d6181 100644 --- a/src/libcharon/encoding/payloads/transform_substructure.c +++ b/src/libcharon/encoding/payloads/transform_substructure.c @@ -73,13 +73,13 @@ struct private_transform_substructure_t { linked_list_t *attributes; /** - * Payload type, TRANSFORM_SUBSTRUCTURE or TRANSFORM_SUBSTRUCTURE_V1 + * Payload type, PLV2_TRANSFORM_SUBSTRUCTURE or PLV1_TRANSFORM_SUBSTRUCTURE */ payload_type_t type; }; /** - * Encoding rules for TRANSFORM_SUBSTRUCTURE + * Encoding rules for PLV2_TRANSFORM_SUBSTRUCTURE */ static encoding_rule_t encodings_v2[] = { /* 1 Byte next payload type, stored in the field next_payload */ @@ -95,12 +95,12 @@ static encoding_rule_t encodings_v2[] = { /* transform identifier, as used by IKEv2 */ { U_INT_16, offsetof(private_transform_substructure_t, transform_id_v2) }, /* Attributes in a transform attribute list */ - { PAYLOAD_LIST + TRANSFORM_ATTRIBUTE, + { PAYLOAD_LIST + PLV2_TRANSFORM_ATTRIBUTE, offsetof(private_transform_substructure_t, attributes) } }; /** - * Encoding rules for TRANSFORM_SUBSTRUCTURE_V1 + * Encoding rules for PLV1_TRANSFORM_SUBSTRUCTURE */ static encoding_rule_t encodings_v1[] = { /* 1 Byte next payload type, stored in the field next_payload */ @@ -117,7 +117,7 @@ static encoding_rule_t encodings_v1[] = { { RESERVED_BYTE, offsetof(private_transform_substructure_t, reserved[1]) }, { RESERVED_BYTE, offsetof(private_transform_substructure_t, reserved[2]) }, /* Attributes in a transform attribute list */ - { PAYLOAD_LIST + TRANSFORM_ATTRIBUTE_V1, + { PAYLOAD_LIST + PLV1_TRANSFORM_ATTRIBUTE, offsetof(private_transform_substructure_t, attributes) } }; @@ -142,7 +142,7 @@ METHOD(payload_t, verify, status_t, enumerator_t *enumerator; payload_t *attribute; - if (this->next_payload != NO_PAYLOAD && this->next_payload != 3) + if (this->next_payload != PL_NONE && this->next_payload != 3) { DBG1(DBG_ENC, "inconsistent next payload"); return FAILED; @@ -167,7 +167,7 @@ METHOD(payload_t, verify, status_t, METHOD(payload_t, get_encoding_rules, int, private_transform_substructure_t *this, encoding_rule_t **rules) { - if (this->type == TRANSFORM_SUBSTRUCTURE) + if (this->type == PLV2_TRANSFORM_SUBSTRUCTURE) { *rules = encodings_v2; return countof(encodings_v2); @@ -244,7 +244,7 @@ METHOD(transform_substructure_t, get_transform_type_or_number, u_int8_t, METHOD(transform_substructure_t, get_transform_id, u_int16_t, private_transform_substructure_t *this) { - if (this->type == TRANSFORM_SUBSTRUCTURE) + if (this->type == PLV2_TRANSFORM_SUBSTRUCTURE) { return this->transform_id_v2; } @@ -291,7 +291,7 @@ transform_substructure_t *transform_substructure_create(payload_type_t type) .create_attribute_enumerator = _create_attribute_enumerator, .destroy = _destroy, }, - .next_payload = NO_PAYLOAD, + .next_payload = PL_NONE, .transform_length = get_header_length(this), .attributes = linked_list_create(), .type = type, @@ -310,7 +310,7 @@ transform_substructure_t *transform_substructure_create_type(payload_type_t type this = (private_transform_substructure_t*)transform_substructure_create(type); this->transform_ton = type_or_number; - if (type == TRANSFORM_SUBSTRUCTURE) + if (type == PLV2_TRANSFORM_SUBSTRUCTURE) { this->transform_id_v2 = id; } diff --git a/src/libcharon/encoding/payloads/transform_substructure.h b/src/libcharon/encoding/payloads/transform_substructure.h index 97717e65b..ba821d3bd 100644 --- a/src/libcharon/encoding/payloads/transform_substructure.h +++ b/src/libcharon/encoding/payloads/transform_substructure.h @@ -97,7 +97,7 @@ struct transform_substructure_t { /** * Creates an empty transform_substructure_t object. * - * @param type TRANSFORM_SUBSTRUCTURE or TRANSFORM_SUBSTRUCTURE_V1 + * @param type PLV2_TRANSFORM_SUBSTRUCTURE or PLV1_TRANSFORM_SUBSTRUCTURE * @return created transform_substructure_t object */ transform_substructure_t *transform_substructure_create(payload_type_t type); @@ -105,7 +105,7 @@ transform_substructure_t *transform_substructure_create(payload_type_t type); /** * Creates an empty transform_substructure_t object. * - * @param type TRANSFORM_SUBSTRUCTURE or TRANSFORM_SUBSTRUCTURE_V1 + * @param type PLV2_TRANSFORM_SUBSTRUCTURE or PLV1_TRANSFORM_SUBSTRUCTURE * @param type_or_number Type (IKEv2) or number (IKEv1) of transform * @param id transform id specifc for the transform type * @return transform_substructure_t object diff --git a/src/libcharon/encoding/payloads/ts_payload.c b/src/libcharon/encoding/payloads/ts_payload.c index 8dfa47bc2..e74b9ae1b 100644 --- a/src/libcharon/encoding/payloads/ts_payload.c +++ b/src/libcharon/encoding/payloads/ts_payload.c @@ -103,7 +103,7 @@ static encoding_rule_t encodings[] = { { RESERVED_BYTE, offsetof(private_ts_payload_t, reserved_byte[1])}, { RESERVED_BYTE, offsetof(private_ts_payload_t, reserved_byte[2])}, /* wrapped list of traffic selectors substructures */ - { PAYLOAD_LIST + TRAFFIC_SELECTOR_SUBSTRUCTURE, + { PAYLOAD_LIST + PLV2_TRAFFIC_SELECTOR_SUBSTRUCTURE, offsetof(private_ts_payload_t, substrs) }, }; @@ -164,9 +164,9 @@ METHOD(payload_t, get_type, payload_type_t, { if (this->is_initiator) { - return TRAFFIC_SELECTOR_INITIATOR; + return PLV2_TS_INITIATOR; } - return TRAFFIC_SELECTOR_RESPONDER; + return PLV2_TS_RESPONDER; } METHOD(payload_t, get_next_type, payload_type_t, @@ -269,7 +269,7 @@ ts_payload_t *ts_payload_create(bool is_initiator) .get_traffic_selectors = _get_traffic_selectors, .destroy = _destroy, }, - .next_payload = NO_PAYLOAD, + .next_payload = PL_NONE, .payload_length = get_header_length(this), .is_initiator = is_initiator, .substrs = linked_list_create(), diff --git a/src/libcharon/encoding/payloads/unknown_payload.c b/src/libcharon/encoding/payloads/unknown_payload.c index fe7ced20b..45b91fd0b 100644 --- a/src/libcharon/encoding/payloads/unknown_payload.c +++ b/src/libcharon/encoding/payloads/unknown_payload.c @@ -184,7 +184,7 @@ unknown_payload_t *unknown_payload_create(payload_type_t type) .get_data = _get_data, .destroy = _destroy, }, - .next_payload = NO_PAYLOAD, + .next_payload = PL_NONE, .payload_length = get_header_length(this), .type = type, ); diff --git a/src/libcharon/encoding/payloads/vendor_id_payload.c b/src/libcharon/encoding/payloads/vendor_id_payload.c index 0c1df56e2..400e0640d 100644 --- a/src/libcharon/encoding/payloads/vendor_id_payload.c +++ b/src/libcharon/encoding/payloads/vendor_id_payload.c @@ -178,7 +178,7 @@ vendor_id_payload_t *vendor_id_payload_create_data(payload_type_t type, .get_data = _get_data, .destroy = _destroy, }, - .next_payload = NO_PAYLOAD, + .next_payload = PL_NONE, .payload_length = get_header_length(this) + data.len, .data = data, .type = type, diff --git a/src/libcharon/encoding/payloads/vendor_id_payload.h b/src/libcharon/encoding/payloads/vendor_id_payload.h index 9a814777b..42c31f921 100644 --- a/src/libcharon/encoding/payloads/vendor_id_payload.h +++ b/src/libcharon/encoding/payloads/vendor_id_payload.h @@ -55,7 +55,7 @@ struct vendor_id_payload_t { /** * Creates an empty Vendor ID payload for IKEv1 or IKEv2. * - * @@param type VENDOR_ID or VENDOR_ID_V1 + * @@param type PLV2_VENDOR_ID or PLV1_VENDOR_ID * @return vendor ID payload */ vendor_id_payload_t *vendor_id_payload_create(payload_type_t type); @@ -63,7 +63,7 @@ vendor_id_payload_t *vendor_id_payload_create(payload_type_t type); /** * Creates a vendor ID payload using a chunk of data * - * @param type VENDOR_ID or VENDOR_ID_V1 + * @param type PLV2_VENDOR_ID or PLV1_VENDOR_ID * @param data data to use in vendor ID payload, gets owned by payload * @return vendor ID payload */ diff --git a/src/libcharon/network/receiver.c b/src/libcharon/network/receiver.c index 8dfb47b69..a2a3b1f89 100644 --- a/src/libcharon/network/receiver.c +++ b/src/libcharon/network/receiver.c @@ -271,7 +271,7 @@ static bool check_cookie(private_receiver_t *this, message_t *message) if (data.len < IKE_HEADER_LENGTH + NOTIFY_PAYLOAD_HEADER_LENGTH + sizeof(u_int32_t) + this->hasher->get_hash_size(this->hasher) || - *(data.ptr + 16) != NOTIFY || + *(data.ptr + 16) != PLV2_NOTIFY || *(u_int16_t*)(data.ptr + IKE_HEADER_LENGTH + 6) != htons(COOKIE)) { /* no cookie found */ diff --git a/src/libcharon/plugins/eap_gtc/eap_gtc.c b/src/libcharon/plugins/eap_gtc/eap_gtc.c index e751b51b6..5fcd9ebc9 100644 --- a/src/libcharon/plugins/eap_gtc/eap_gtc.c +++ b/src/libcharon/plugins/eap_gtc/eap_gtc.c @@ -161,11 +161,11 @@ METHOD(eap_method_t, process_server, status_t, { /* assume that "out" contains username/password attributes */ co->destroy(co); - ci = cp_payload_create_type(CONFIGURATION_V1, CFG_REPLY); + ci = cp_payload_create_type(PLV1_CONFIGURATION, CFG_REPLY); ci->add_attribute(ci, configuration_attribute_create_chunk( - CONFIGURATION_ATTRIBUTE_V1, XAUTH_USER_NAME, user)); + PLV1_CONFIGURATION_ATTRIBUTE, XAUTH_USER_NAME, user)); ci->add_attribute(ci, configuration_attribute_create_chunk( - CONFIGURATION_ATTRIBUTE_V1, XAUTH_USER_PASSWORD, pass)); + PLV1_CONFIGURATION_ATTRIBUTE, XAUTH_USER_PASSWORD, pass)); switch (xauth->process(xauth, ci, &co)) { case SUCCESS: diff --git a/src/libcharon/plugins/eap_radius/eap_radius_forward.c b/src/libcharon/plugins/eap_radius/eap_radius_forward.c index a41d5207d..52ea84070 100644 --- a/src/libcharon/plugins/eap_radius/eap_radius_forward.c +++ b/src/libcharon/plugins/eap_radius/eap_radius_forward.c @@ -232,8 +232,8 @@ static void ike2queue(message_t *message, linked_list_t *queue, enumerator = message->create_payload_enumerator(message); while (enumerator->enumerate(enumerator, &payload)) { - if (payload->get_type(payload) == NOTIFY || - payload->get_type(payload) == NOTIFY_V1) + if (payload->get_type(payload) == PLV2_NOTIFY || + payload->get_type(payload) == PLV1_NOTIFY) { notify = (notify_payload_t*)payload; if (notify->get_notify_type(notify) == RADIUS_ATTRIBUTE) diff --git a/src/libcharon/plugins/eap_radius/eap_radius_xauth.c b/src/libcharon/plugins/eap_radius/eap_radius_xauth.c index d00f6bb2c..0fea50919 100644 --- a/src/libcharon/plugins/eap_radius/eap_radius_xauth.c +++ b/src/libcharon/plugins/eap_radius/eap_radius_xauth.c @@ -87,12 +87,12 @@ static bool build_round(private_eap_radius_xauth_t *this, cp_payload_t *cp) return FALSE; } cp->add_attribute(cp, configuration_attribute_create_chunk( - CONFIGURATION_ATTRIBUTE_V1, this->round.type, chunk_empty)); + PLV1_CONFIGURATION_ATTRIBUTE, this->round.type, chunk_empty)); if (this->round.message && strlen(this->round.message)) { cp->add_attribute(cp, configuration_attribute_create_chunk( - CONFIGURATION_ATTRIBUTE_V1, XAUTH_MESSAGE, + PLV1_CONFIGURATION_ATTRIBUTE, XAUTH_MESSAGE, chunk_from_str(this->round.message))); } return TRUE; @@ -103,10 +103,10 @@ METHOD(xauth_method_t, initiate, status_t, { cp_payload_t *cp; - cp = cp_payload_create_type(CONFIGURATION_V1, CFG_REQUEST); + cp = cp_payload_create_type(PLV1_CONFIGURATION, CFG_REQUEST); /* first message always comes with username */ cp->add_attribute(cp, configuration_attribute_create_chunk( - CONFIGURATION_ATTRIBUTE_V1, XAUTH_USER_NAME, chunk_empty)); + PLV1_CONFIGURATION_ATTRIBUTE, XAUTH_USER_NAME, chunk_empty)); if (build_round(this, cp)) { @@ -211,7 +211,7 @@ METHOD(xauth_method_t, process, status_t, { return verify_radius(this); } - cp = cp_payload_create_type(CONFIGURATION_V1, CFG_REQUEST); + cp = cp_payload_create_type(PLV1_CONFIGURATION, CFG_REQUEST); if (build_round(this, cp)) { *out = cp; diff --git a/src/libcharon/plugins/radattr/radattr_listener.c b/src/libcharon/plugins/radattr/radattr_listener.c index aca83aafc..1d30460ad 100644 --- a/src/libcharon/plugins/radattr/radattr_listener.c +++ b/src/libcharon/plugins/radattr/radattr_listener.c @@ -68,7 +68,7 @@ static void print_radius_attributes(private_radattr_listener_t *this, enumerator = message->create_payload_enumerator(message); while (enumerator->enumerate(enumerator, &payload)) { - if (payload->get_type(payload) == NOTIFY) + if (payload->get_type(payload) == PLV2_NOTIFY) { notify = (notify_payload_t*)payload; if (notify->get_notify_type(notify) == RADIUS_ATTRIBUTE) @@ -144,7 +144,7 @@ METHOD(listener_t, message, bool, { if (plain && ike_sa->supports_extension(ike_sa, EXT_STRONGSWAN) && message->get_exchange_type(message) == IKE_AUTH && - message->get_payload(message, EXTENSIBLE_AUTHENTICATION)) + message->get_payload(message, PLV2_EAP)) { if (incoming) { diff --git a/src/libcharon/plugins/xauth_eap/xauth_eap.c b/src/libcharon/plugins/xauth_eap/xauth_eap.c index f597bb7ae..f21d02697 100644 --- a/src/libcharon/plugins/xauth_eap/xauth_eap.c +++ b/src/libcharon/plugins/xauth_eap/xauth_eap.c @@ -163,11 +163,11 @@ METHOD(xauth_method_t, initiate, status_t, { cp_payload_t *cp; - cp = cp_payload_create_type(CONFIGURATION_V1, CFG_REQUEST); + cp = cp_payload_create_type(PLV1_CONFIGURATION, CFG_REQUEST); cp->add_attribute(cp, configuration_attribute_create_chunk( - CONFIGURATION_ATTRIBUTE_V1, XAUTH_USER_NAME, chunk_empty)); + PLV1_CONFIGURATION_ATTRIBUTE, XAUTH_USER_NAME, chunk_empty)); cp->add_attribute(cp, configuration_attribute_create_chunk( - CONFIGURATION_ATTRIBUTE_V1, XAUTH_USER_PASSWORD, chunk_empty)); + PLV1_CONFIGURATION_ATTRIBUTE, XAUTH_USER_PASSWORD, chunk_empty)); *out = cp; return NEED_MORE; } diff --git a/src/libcharon/plugins/xauth_generic/xauth_generic.c b/src/libcharon/plugins/xauth_generic/xauth_generic.c index 5df8aadee..c37da0cb0 100644 --- a/src/libcharon/plugins/xauth_generic/xauth_generic.c +++ b/src/libcharon/plugins/xauth_generic/xauth_generic.c @@ -69,7 +69,7 @@ METHOD(xauth_method_t, process_peer, status_t, } enumerator->destroy(enumerator); - cp = cp_payload_create_type(CONFIGURATION_V1, CFG_REPLY); + cp = cp_payload_create_type(PLV1_CONFIGURATION, CFG_REPLY); enumerator = in->create_attribute_enumerator(in); while (enumerator->enumerate(enumerator, &attr)) @@ -80,7 +80,7 @@ METHOD(xauth_method_t, process_peer, status_t, { case XAUTH_USER_NAME: cp->add_attribute(cp, configuration_attribute_create_chunk( - CONFIGURATION_ATTRIBUTE_V1, XAUTH_USER_NAME, + PLV1_CONFIGURATION_ATTRIBUTE, XAUTH_USER_NAME, this->peer->get_encoding(this->peer))); break; case XAUTH_NEXT_PIN: @@ -99,7 +99,7 @@ METHOD(xauth_method_t, process_peer, status_t, return FAILED; } cp->add_attribute(cp, configuration_attribute_create_chunk( - CONFIGURATION_ATTRIBUTE_V1, attr->get_type(attr), + PLV1_CONFIGURATION_ATTRIBUTE, attr->get_type(attr), shared->get_key(shared))); shared->destroy(shared); break; @@ -118,11 +118,11 @@ METHOD(xauth_method_t, initiate_server, status_t, { cp_payload_t *cp; - cp = cp_payload_create_type(CONFIGURATION_V1, CFG_REQUEST); + cp = cp_payload_create_type(PLV1_CONFIGURATION, CFG_REQUEST); cp->add_attribute(cp, configuration_attribute_create_chunk( - CONFIGURATION_ATTRIBUTE_V1, XAUTH_USER_NAME, chunk_empty)); + PLV1_CONFIGURATION_ATTRIBUTE, XAUTH_USER_NAME, chunk_empty)); cp->add_attribute(cp, configuration_attribute_create_chunk( - CONFIGURATION_ATTRIBUTE_V1, XAUTH_USER_PASSWORD, chunk_empty)); + PLV1_CONFIGURATION_ATTRIBUTE, XAUTH_USER_PASSWORD, chunk_empty)); *out = cp; return NEED_MORE; } diff --git a/src/libcharon/plugins/xauth_pam/xauth_pam.c b/src/libcharon/plugins/xauth_pam/xauth_pam.c index 71c79ecc0..1970146c0 100644 --- a/src/libcharon/plugins/xauth_pam/xauth_pam.c +++ b/src/libcharon/plugins/xauth_pam/xauth_pam.c @@ -43,11 +43,11 @@ METHOD(xauth_method_t, initiate, status_t, { cp_payload_t *cp; - cp = cp_payload_create_type(CONFIGURATION_V1, CFG_REQUEST); + cp = cp_payload_create_type(PLV1_CONFIGURATION, CFG_REQUEST); cp->add_attribute(cp, configuration_attribute_create_chunk( - CONFIGURATION_ATTRIBUTE_V1, XAUTH_USER_NAME, chunk_empty)); + PLV1_CONFIGURATION_ATTRIBUTE, XAUTH_USER_NAME, chunk_empty)); cp->add_attribute(cp, configuration_attribute_create_chunk( - CONFIGURATION_ATTRIBUTE_V1, XAUTH_USER_PASSWORD, chunk_empty)); + PLV1_CONFIGURATION_ATTRIBUTE, XAUTH_USER_PASSWORD, chunk_empty)); *out = cp; return NEED_MORE; } diff --git a/src/libcharon/processing/jobs/process_message_job.c b/src/libcharon/processing/jobs/process_message_job.c index 606135b0b..a6795e766 100644 --- a/src/libcharon/processing/jobs/process_message_job.c +++ b/src/libcharon/processing/jobs/process_message_job.c @@ -51,7 +51,7 @@ METHOD(job_t, execute, job_requeue_t, /* if this is an unencrypted INFORMATIONAL exchange it is likely a * connectivity check. */ if (this->message->get_exchange_type(this->message) == INFORMATIONAL && - this->message->get_first_payload_type(this->message) != ENCRYPTED) + this->message->get_first_payload_type(this->message) != PLV2_ENCRYPTED) { /* theoretically this could also be an error message * see RFC 4306, section 1.5. */ diff --git a/src/libcharon/sa/authenticator.c b/src/libcharon/sa/authenticator.c index a32b6ab12..8571274ac 100644 --- a/src/libcharon/sa/authenticator.c +++ b/src/libcharon/sa/authenticator.c @@ -86,7 +86,7 @@ authenticator_t *authenticator_create_verifier( { auth_payload_t *auth_payload; - auth_payload = (auth_payload_t*)message->get_payload(message, AUTHENTICATION); + auth_payload = (auth_payload_t*)message->get_payload(message, PLV2_AUTH); if (auth_payload == NULL) { return (authenticator_t*)eap_authenticator_create_verifier(ike_sa, diff --git a/src/libcharon/sa/ike_sa_manager.c b/src/libcharon/sa/ike_sa_manager.c index 525117f3b..8e68e7bee 100644 --- a/src/libcharon/sa/ike_sa_manager.c +++ b/src/libcharon/sa/ike_sa_manager.c @@ -971,7 +971,7 @@ static bool get_init_hash(private_ike_sa_manager_t *this, message_t *message, { /* this might be the case when flush() has been called */ return FALSE; } - if (message->get_first_payload_type(message) == FRAGMENT_V1) + if (message->get_first_payload_type(message) == PLV1_FRAGMENT) { /* only hash the source IP, port and SPI for fragmented init messages */ u_int16_t port; u_int64_t spi; @@ -1313,7 +1313,7 @@ METHOD(ike_sa_manager_t, checkout_by_message, ike_sa_t*, ike_id = entry->ike_sa->get_id(entry->ike_sa); entry->checked_out = TRUE; - if (message->get_first_payload_type(message) != FRAGMENT_V1) + if (message->get_first_payload_type(message) != PLV1_FRAGMENT) { entry->processing = get_message_id_or_hash(message); } diff --git a/src/libcharon/sa/ikev1/authenticators/psk_v1_authenticator.c b/src/libcharon/sa/ikev1/authenticators/psk_v1_authenticator.c index ee15408c7..aa966cd5f 100644 --- a/src/libcharon/sa/ikev1/authenticators/psk_v1_authenticator.c +++ b/src/libcharon/sa/ikev1/authenticators/psk_v1_authenticator.c @@ -85,7 +85,7 @@ METHOD(authenticator_t, build, status_t, } free(dh.ptr); - hash_payload = hash_payload_create(HASH_V1); + hash_payload = hash_payload_create(PLV1_HASH); hash_payload->set_hash(hash_payload, hash); message->add_payload(message, &hash_payload->payload_interface); free(hash.ptr); @@ -101,7 +101,7 @@ METHOD(authenticator_t, process, status_t, chunk_t hash, dh; auth_cfg_t *auth; - hash_payload = (hash_payload_t*)message->get_payload(message, HASH_V1); + hash_payload = (hash_payload_t*)message->get_payload(message, PLV1_HASH); if (!hash_payload) { DBG1(DBG_IKE, "HASH payload missing in message"); diff --git a/src/libcharon/sa/ikev1/authenticators/pubkey_v1_authenticator.c b/src/libcharon/sa/ikev1/authenticators/pubkey_v1_authenticator.c index d81c77f0d..bfe5ff449 100644 --- a/src/libcharon/sa/ikev1/authenticators/pubkey_v1_authenticator.c +++ b/src/libcharon/sa/ikev1/authenticators/pubkey_v1_authenticator.c @@ -108,7 +108,7 @@ METHOD(authenticator_t, build, status_t, if (private->sign(private, scheme, hash, &sig)) { - sig_payload = hash_payload_create(SIGNATURE_V1); + sig_payload = hash_payload_create(PLV1_SIGNATURE); sig_payload->set_hash(sig_payload, sig); free(sig.ptr); message->add_payload(message, &sig_payload->payload_interface); @@ -144,7 +144,7 @@ METHOD(authenticator_t, process, status_t, scheme = SIGN_ECDSA_WITH_NULL; } - sig_payload = (hash_payload_t*)message->get_payload(message, SIGNATURE_V1); + sig_payload = (hash_payload_t*)message->get_payload(message, PLV1_SIGNATURE); if (!sig_payload) { DBG1(DBG_IKE, "SIG payload missing in message"); diff --git a/src/libcharon/sa/ikev1/keymat_v1.c b/src/libcharon/sa/ikev1/keymat_v1.c index bf1b0046c..619d197bd 100644 --- a/src/libcharon/sa/ikev1/keymat_v1.c +++ b/src/libcharon/sa/ikev1/keymat_v1.c @@ -791,7 +791,7 @@ METHOD(keymat_v1_t, get_hash, bool, static bool get_nonce(message_t *message, chunk_t *n) { nonce_payload_t *nonce; - nonce = (nonce_payload_t*)message->get_payload(message, NONCE_V1); + nonce = (nonce_payload_t*)message->get_payload(message, PLV1_NONCE); if (nonce) { *n = nonce->get_nonce(nonce); @@ -815,7 +815,7 @@ static chunk_t get_message_data(message_t *message, generator_t *generator) enumerator = message->create_payload_enumerator(message); while (enumerator->enumerate(enumerator, &payload)) { - if (payload->get_type(payload) == HASH_V1) + if (payload->get_type(payload) == PLV1_HASH) { continue; } @@ -835,7 +835,7 @@ static chunk_t get_message_data(message_t *message, generator_t *generator) generator->generate_payload(generator, payload); payload = next; } - payload->set_next_type(payload, NO_PAYLOAD); + payload->set_next_type(payload, PL_NONE); generator->generate_payload(generator, payload); } enumerator->destroy(enumerator); diff --git a/src/libcharon/sa/ikev1/phase1.c b/src/libcharon/sa/ikev1/phase1.c index 1189d3c69..114b8a3e4 100644 --- a/src/libcharon/sa/ikev1/phase1.c +++ b/src/libcharon/sa/ikev1/phase1.c @@ -648,7 +648,7 @@ METHOD(phase1_t, save_sa_payload, bool, enumerator = message->create_payload_enumerator(message); while (enumerator->enumerate(enumerator, &payload)) { - if (payload->get_type(payload) == SECURITY_ASSOCIATION_V1) + if (payload->get_type(payload) == PLV1_SECURITY_ASSOCIATION) { sa = payload; break; @@ -682,7 +682,7 @@ METHOD(phase1_t, add_nonce_ke, bool, nonce_gen_t *nonceg; chunk_t nonce; - ke_payload = ke_payload_create_from_diffie_hellman(KEY_EXCHANGE_V1, this->dh); + ke_payload = ke_payload_create_from_diffie_hellman(PLV1_KEY_EXCHANGE, this->dh); message->add_payload(message, &ke_payload->payload_interface); nonceg = this->keymat->keymat.create_nonce_gen(&this->keymat->keymat); @@ -699,7 +699,7 @@ METHOD(phase1_t, add_nonce_ke, bool, } nonceg->destroy(nonceg); - nonce_payload = nonce_payload_create(NONCE_V1); + nonce_payload = nonce_payload_create(PLV1_NONCE); nonce_payload->set_nonce(nonce_payload, nonce); message->add_payload(message, &nonce_payload->payload_interface); @@ -720,7 +720,7 @@ METHOD(phase1_t, get_nonce_ke, bool, nonce_payload_t *nonce_payload; ke_payload_t *ke_payload; - ke_payload = (ke_payload_t*)message->get_payload(message, KEY_EXCHANGE_V1); + ke_payload = (ke_payload_t*)message->get_payload(message, PLV1_KEY_EXCHANGE); if (!ke_payload) { DBG1(DBG_IKE, "KE payload missing in message"); @@ -729,7 +729,7 @@ METHOD(phase1_t, get_nonce_ke, bool, this->dh_value = chunk_clone(ke_payload->get_key_exchange_data(ke_payload)); this->dh->set_other_public_value(this->dh, this->dh_value); - nonce_payload = (nonce_payload_t*)message->get_payload(message, NONCE_V1); + nonce_payload = (nonce_payload_t*)message->get_payload(message, PLV1_NONCE); if (!nonce_payload) { DBG1(DBG_IKE, "NONCE payload missing in message"); diff --git a/src/libcharon/sa/ikev1/task_manager_v1.c b/src/libcharon/sa/ikev1/task_manager_v1.c index 8fc158bba..97812a5c5 100644 --- a/src/libcharon/sa/ikev1/task_manager_v1.c +++ b/src/libcharon/sa/ikev1/task_manager_v1.c @@ -956,7 +956,7 @@ static void send_notify(private_task_manager_t *this, message_t *request, response->set_request(response, TRUE); response->set_message_id(response, mid); response->add_payload(response, (payload_t*) - notify_payload_create_from_protocol_and_type(NOTIFY_V1, + notify_payload_create_from_protocol_and_type(PLV1_NOTIFY, PROTO_IKE, type)); me = this->ike_sa->get_my_host(this->ike_sa); @@ -1265,7 +1265,7 @@ static status_t handle_fragment(private_task_manager_t *this, message_t *msg) chunk_t data; u_int8_t num; - payload = (fragment_payload_t*)msg->get_payload(msg, FRAGMENT_V1); + payload = (fragment_payload_t*)msg->get_payload(msg, PLV1_FRAGMENT); if (!payload) { return FAILED; @@ -1412,7 +1412,7 @@ static status_t parse_message(private_task_manager_t *this, message_t *msg) } } - if (msg->get_first_payload_type(msg) == FRAGMENT_V1) + if (msg->get_first_payload_type(msg) == PLV1_FRAGMENT) { return handle_fragment(this, msg); } @@ -1514,7 +1514,7 @@ METHOD(task_manager_t, process_message, status_t, { if (this->ike_sa->get_state(this->ike_sa) != IKE_CREATED && this->ike_sa->get_state(this->ike_sa) != IKE_CONNECTING && - msg->get_first_payload_type(msg) != FRAGMENT_V1) + msg->get_first_payload_type(msg) != PLV1_FRAGMENT) { DBG1(DBG_IKE, "ignoring %N in established IKE_SA state", exchange_type_names, msg->get_exchange_type(msg)); diff --git a/src/libcharon/sa/ikev1/tasks/aggressive_mode.c b/src/libcharon/sa/ikev1/tasks/aggressive_mode.c index 6cc3e04b3..7009ae95d 100644 --- a/src/libcharon/sa/ikev1/tasks/aggressive_mode.c +++ b/src/libcharon/sa/ikev1/tasks/aggressive_mode.c @@ -133,7 +133,7 @@ static bool has_notify_errors(private_aggressive_mode_t *this, message_t *messag enumerator = message->create_payload_enumerator(message); while (enumerator->enumerate(enumerator, &payload)) { - if (payload->get_type(payload) == NOTIFY_V1) + if (payload->get_type(payload) == PLV1_NOTIFY) { notify_payload_t *notify; notify_type_t type; @@ -167,7 +167,7 @@ static status_t send_notify(private_aggressive_mode_t *this, notify_type_t type) u_int64_t spi_i, spi_r; chunk_t spi; - notify = notify_payload_create_from_protocol_and_type(NOTIFY_V1, + notify = notify_payload_create_from_protocol_and_type(PLV1_NOTIFY, PROTO_IKE, type); ike_sa_id = this->ike_sa->get_id(this->ike_sa); spi_i = ike_sa_id->get_initiator_spi(ike_sa_id); @@ -276,7 +276,7 @@ METHOD(task_t, build_i, status_t, return FAILED; } this->ike_sa->set_my_id(this->ike_sa, id->clone(id)); - id_payload = id_payload_create_from_identification(ID_V1, id); + id_payload = id_payload_create_from_identification(PLV1_ID, id); this->id_data = id_payload->get_encoded(id_payload); message->add_payload(message, &id_payload->payload_interface); @@ -389,7 +389,7 @@ METHOD(task_t, process_r, status_t, message->get_source(message), TRUE); sa_payload = (sa_payload_t*)message->get_payload(message, - SECURITY_ASSOCIATION_V1); + PLV1_SECURITY_ASSOCIATION); if (!sa_payload) { DBG1(DBG_IKE, "SA payload missing"); @@ -448,7 +448,7 @@ METHOD(task_t, process_r, status_t, return send_notify(this, INVALID_PAYLOAD_TYPE); } - id_payload = (id_payload_t*)message->get_payload(message, ID_V1); + id_payload = (id_payload_t*)message->get_payload(message, PLV1_ID); if (!id_payload) { DBG1(DBG_IKE, "IDii payload missing"); @@ -588,7 +588,7 @@ METHOD(task_t, build_r, status_t, } this->ike_sa->set_my_id(this->ike_sa, id->clone(id)); - id_payload = id_payload_create_from_identification(ID_V1, id); + id_payload = id_payload_create_from_identification(PLV1_ID, id); message->add_payload(message, &id_payload->payload_interface); if (!this->ph1->build_auth(this->ph1, this->method, message, @@ -614,7 +614,7 @@ METHOD(task_t, process_i, status_t, u_int32_t lifetime; sa_payload = (sa_payload_t*)message->get_payload(message, - SECURITY_ASSOCIATION_V1); + PLV1_SECURITY_ASSOCIATION); if (!sa_payload) { DBG1(DBG_IKE, "SA payload missing"); @@ -654,7 +654,7 @@ METHOD(task_t, process_i, status_t, return send_notify(this, NO_PROPOSAL_CHOSEN); } - id_payload = (id_payload_t*)message->get_payload(message, ID_V1); + id_payload = (id_payload_t*)message->get_payload(message, PLV1_ID); if (!id_payload) { DBG1(DBG_IKE, "IDir payload missing"); diff --git a/src/libcharon/sa/ikev1/tasks/informational.c b/src/libcharon/sa/ikev1/tasks/informational.c index bda1d2afb..b742dbef9 100644 --- a/src/libcharon/sa/ikev1/tasks/informational.c +++ b/src/libcharon/sa/ikev1/tasks/informational.c @@ -93,7 +93,7 @@ METHOD(task_t, process_r, status_t, { switch (payload->get_type(payload)) { - case NOTIFY_V1: + case PLV1_NOTIFY: notify = (notify_payload_t*)payload; type = notify->get_notify_type(notify); @@ -153,7 +153,7 @@ METHOD(task_t, process_r, status_t, notify_type_names, type); } continue; - case DELETE_V1: + case PLV1_DELETE: if (!this->del) { delete = (delete_payload_t*)payload; diff --git a/src/libcharon/sa/ikev1/tasks/isakmp_cert_post.c b/src/libcharon/sa/ikev1/tasks/isakmp_cert_post.c index edad3b2fa..7dbbdc92f 100644 --- a/src/libcharon/sa/ikev1/tasks/isakmp_cert_post.c +++ b/src/libcharon/sa/ikev1/tasks/isakmp_cert_post.c @@ -68,7 +68,7 @@ static bool use_certs(private_isakmp_cert_post_t *this, message_t *message) enumerator = message->create_payload_enumerator(message); while (enumerator->enumerate(enumerator, &payload)) { - if (payload->get_type(payload) == SECURITY_ASSOCIATION_V1) + if (payload->get_type(payload) == PLV1_SECURITY_ASSOCIATION) { sa_payload_t *sa_payload = (sa_payload_t*)payload; @@ -132,7 +132,7 @@ static void build_certs(private_isakmp_cert_post_t *this, message_t *message) { break; } - payload = cert_payload_create_from_cert(CERTIFICATE_V1, cert); + payload = cert_payload_create_from_cert(PLV1_CERTIFICATE, cert); if (!payload) { break; @@ -146,7 +146,7 @@ static void build_certs(private_isakmp_cert_post_t *this, message_t *message) { if (type == AUTH_RULE_IM_CERT) { - payload = cert_payload_create_from_cert(CERTIFICATE_V1, cert); + payload = cert_payload_create_from_cert(PLV1_CERTIFICATE, cert); if (payload) { DBG1(DBG_IKE, "sending issuer cert \"%Y\"", diff --git a/src/libcharon/sa/ikev1/tasks/isakmp_cert_pre.c b/src/libcharon/sa/ikev1/tasks/isakmp_cert_pre.c index 43a0aaa36..58f856e3f 100644 --- a/src/libcharon/sa/ikev1/tasks/isakmp_cert_pre.c +++ b/src/libcharon/sa/ikev1/tasks/isakmp_cert_pre.c @@ -134,7 +134,7 @@ static void process_certreqs(private_isakmp_cert_pre_t *this, message_t *message { switch (payload->get_type(payload)) { - case CERTIFICATE_REQUEST_V1: + case PLV1_CERTREQ: { certificate_t *cert; @@ -268,7 +268,7 @@ static void process_certs(private_isakmp_cert_pre_t *this, message_t *message) enumerator = message->create_payload_enumerator(message); while (enumerator->enumerate(enumerator, &payload)) { - if (payload->get_type(payload) == CERTIFICATE_V1) + if (payload->get_type(payload) == PLV1_CERTIFICATE) { cert_payload_t *cert_payload; cert_encoding_t encoding; @@ -377,7 +377,7 @@ static void build_certreqs(private_isakmp_cert_pre_t *this, message_t *message) } enumerator->destroy(enumerator); } - if (!message->get_payload(message, CERTIFICATE_REQUEST_V1)) + if (!message->get_payload(message, PLV1_CERTREQ)) { /* otherwise add all trusted CA certificates */ enumerator = lib->credmgr->create_cert_enumerator(lib->credmgr, @@ -402,7 +402,7 @@ static bool use_certs(private_isakmp_cert_pre_t *this, message_t *message) enumerator = message->create_payload_enumerator(message); while (enumerator->enumerate(enumerator, &payload)) { - if (payload->get_type(payload) == SECURITY_ASSOCIATION_V1) + if (payload->get_type(payload) == PLV1_SECURITY_ASSOCIATION) { sa_payload_t *sa_payload = (sa_payload_t*)payload; diff --git a/src/libcharon/sa/ikev1/tasks/isakmp_delete.c b/src/libcharon/sa/ikev1/tasks/isakmp_delete.c index a44f3c4a9..bea0428c4 100644 --- a/src/libcharon/sa/ikev1/tasks/isakmp_delete.c +++ b/src/libcharon/sa/ikev1/tasks/isakmp_delete.c @@ -50,7 +50,7 @@ METHOD(task_t, build_i, status_t, this->ike_sa->get_other_host(this->ike_sa), this->ike_sa->get_other_id(this->ike_sa)); - delete_payload = delete_payload_create(DELETE_V1, PROTO_IKE); + delete_payload = delete_payload_create(PLV1_DELETE, PROTO_IKE); id = this->ike_sa->get_id(this->ike_sa); delete_payload->set_ike_spi(delete_payload, id->get_initiator_spi(id), id->get_responder_spi(id)); diff --git a/src/libcharon/sa/ikev1/tasks/isakmp_dpd.c b/src/libcharon/sa/ikev1/tasks/isakmp_dpd.c index a3395a043..5522e9221 100644 --- a/src/libcharon/sa/ikev1/tasks/isakmp_dpd.c +++ b/src/libcharon/sa/ikev1/tasks/isakmp_dpd.c @@ -55,7 +55,7 @@ METHOD(task_t, build, status_t, u_int32_t seqnr; chunk_t spi; - notify = notify_payload_create_from_protocol_and_type(NOTIFY_V1, + notify = notify_payload_create_from_protocol_and_type(PLV1_NOTIFY, PROTO_IKE, this->type); seqnr = htonl(this->seqnr); ike_sa_id = this->ike_sa->get_id(this->ike_sa); diff --git a/src/libcharon/sa/ikev1/tasks/isakmp_natd.c b/src/libcharon/sa/ikev1/tasks/isakmp_natd.c index fc6ac0771..b8af6f67b 100644 --- a/src/libcharon/sa/ikev1/tasks/isakmp_natd.c +++ b/src/libcharon/sa/ikev1/tasks/isakmp_natd.c @@ -117,9 +117,9 @@ static payload_type_t get_nat_d_payload_type(ike_sa_t *ike_sa) { if (ike_sa->supports_extension(ike_sa, EXT_NATT_DRAFT_02_03)) { - return NAT_D_DRAFT_00_03_V1; + return PLV1_NAT_D_DRAFT_00_03; } - return NAT_D_V1; + return PLV1_NAT_D; } /** @@ -269,8 +269,8 @@ static void process_payloads(private_isakmp_natd_t *this, message_t *message) enumerator = message->create_payload_enumerator(message); while (enumerator->enumerate(enumerator, &payload)) { - if (payload->get_type(payload) != NAT_D_V1 && - payload->get_type(payload) != NAT_D_DRAFT_00_03_V1) + if (payload->get_type(payload) != PLV1_NAT_D && + payload->get_type(payload) != PLV1_NAT_D_DRAFT_00_03) { continue; } @@ -334,7 +334,7 @@ METHOD(task_t, build_i, status_t, case ID_PROT: { /* add NAT-D payloads to the second request, need to process * those by the responder contained in the second response */ - if (message->get_payload(message, SECURITY_ASSOCIATION_V1)) + if (message->get_payload(message, PLV1_SECURITY_ASSOCIATION)) { /* wait for the second exchange */ return NEED_MORE; } @@ -362,7 +362,7 @@ METHOD(task_t, process_i, status_t, case ID_PROT: { /* process NAT-D payloads in the second response, added them in the * second request already, so we're done afterwards */ - if (message->get_payload(message, SECURITY_ASSOCIATION_V1)) + if (message->get_payload(message, PLV1_SECURITY_ASSOCIATION)) { /* wait for the second exchange */ return NEED_MORE; } @@ -407,7 +407,7 @@ METHOD(task_t, process_r, status_t, case ID_PROT: { /* process NAT-D payloads in the second request, need to add ours * to the second response */ - if (message->get_payload(message, SECURITY_ASSOCIATION_V1)) + if (message->get_payload(message, PLV1_SECURITY_ASSOCIATION)) { /* wait for the second exchange */ return NEED_MORE; } @@ -428,7 +428,7 @@ METHOD(task_t, build_r, status_t, case ID_PROT: { /* add NAT-D payloads to second response, already processed those * contained in the second request */ - if (message->get_payload(message, SECURITY_ASSOCIATION_V1)) + if (message->get_payload(message, PLV1_SECURITY_ASSOCIATION)) { /* wait for the second exchange */ return NEED_MORE; } diff --git a/src/libcharon/sa/ikev1/tasks/isakmp_vendor.c b/src/libcharon/sa/ikev1/tasks/isakmp_vendor.c index e07ac0ab4..426c4bd69 100644 --- a/src/libcharon/sa/ikev1/tasks/isakmp_vendor.c +++ b/src/libcharon/sa/ikev1/tasks/isakmp_vendor.c @@ -209,7 +209,7 @@ static void build(private_isakmp_vendor_t *this, message_t *message) (vendor_ids[i].extension == EXT_IKE_FRAGMENTATION && fragmentation)) { DBG2(DBG_IKE, "sending %s vendor ID", vendor_ids[i].desc); - vid_payload = vendor_id_payload_create_data(VENDOR_ID_V1, + vid_payload = vendor_id_payload_create_data(PLV1_VENDOR_ID, chunk_clone(chunk_create(vendor_ids[i].id, vendor_ids[i].len))); message->add_payload(message, &vid_payload->payload_interface); } @@ -220,7 +220,7 @@ static void build(private_isakmp_vendor_t *this, message_t *message) this->best_natt_ext == i) { DBG2(DBG_IKE, "sending %s vendor ID", vendor_natt_ids[i].desc); - vid_payload = vendor_id_payload_create_data(VENDOR_ID_V1, + vid_payload = vendor_id_payload_create_data(PLV1_VENDOR_ID, chunk_clone(chunk_create(vendor_natt_ids[i].id, vendor_natt_ids[i].len))); message->add_payload(message, &vid_payload->payload_interface); @@ -240,7 +240,7 @@ static void process(private_isakmp_vendor_t *this, message_t *message) enumerator = message->create_payload_enumerator(message); while (enumerator->enumerate(enumerator, &payload)) { - if (payload->get_type(payload) == VENDOR_ID_V1) + if (payload->get_type(payload) == PLV1_VENDOR_ID) { vendor_id_payload_t *vid; bool found = FALSE; diff --git a/src/libcharon/sa/ikev1/tasks/main_mode.c b/src/libcharon/sa/ikev1/tasks/main_mode.c index 81638169a..8a5d9ae16 100644 --- a/src/libcharon/sa/ikev1/tasks/main_mode.c +++ b/src/libcharon/sa/ikev1/tasks/main_mode.c @@ -130,7 +130,7 @@ static bool has_notify_errors(private_main_mode_t *this, message_t *message) enumerator = message->create_payload_enumerator(message); while (enumerator->enumerate(enumerator, &payload)) { - if (payload->get_type(payload) == NOTIFY_V1) + if (payload->get_type(payload) == PLV1_NOTIFY) { notify_payload_t *notify; notify_type_t type; @@ -176,7 +176,7 @@ static status_t send_notify(private_main_mode_t *this, notify_type_t type) u_int64_t spi_i, spi_r; chunk_t spi; - notify = notify_payload_create_from_protocol_and_type(NOTIFY_V1, + notify = notify_payload_create_from_protocol_and_type(PLV1_NOTIFY, PROTO_IKE, type); ike_sa_id = this->ike_sa->get_id(this->ike_sa); spi_i = ike_sa_id->get_initiator_spi(ike_sa_id); @@ -302,7 +302,7 @@ METHOD(task_t, build_i, status_t, return send_notify(this, INVALID_ID_INFORMATION); } this->ike_sa->set_my_id(this->ike_sa, id->clone(id)); - id_payload = id_payload_create_from_identification(ID_V1, id); + id_payload = id_payload_create_from_identification(PLV1_ID, id); message->add_payload(message, &id_payload->payload_interface); if (!this->ph1->build_auth(this->ph1, this->method, message, @@ -340,7 +340,7 @@ METHOD(task_t, process_r, status_t, message->get_source(message), TRUE); sa_payload = (sa_payload_t*)message->get_payload(message, - SECURITY_ASSOCIATION_V1); + PLV1_SECURITY_ASSOCIATION); if (!sa_payload) { DBG1(DBG_IKE, "SA payload missing"); @@ -401,7 +401,7 @@ METHOD(task_t, process_r, status_t, id_payload_t *id_payload; identification_t *id; - id_payload = (id_payload_t*)message->get_payload(message, ID_V1); + id_payload = (id_payload_t*)message->get_payload(message, PLV1_ID); if (!id_payload) { DBG1(DBG_IKE, "IDii payload missing"); @@ -488,7 +488,7 @@ METHOD(task_t, build_r, status_t, } this->ike_sa->set_my_id(this->ike_sa, id->clone(id)); - id_payload = id_payload_create_from_identification(ID_V1, id); + id_payload = id_payload_create_from_identification(PLV1_ID, id); message->add_payload(message, &id_payload->payload_interface); if (!this->ph1->build_auth(this->ph1, this->method, message, @@ -575,7 +575,7 @@ METHOD(task_t, process_i, status_t, bool private; sa_payload = (sa_payload_t*)message->get_payload(message, - SECURITY_ASSOCIATION_V1); + PLV1_SECURITY_ASSOCIATION); if (!sa_payload) { DBG1(DBG_IKE, "SA payload missing"); @@ -627,7 +627,7 @@ METHOD(task_t, process_i, status_t, id_payload_t *id_payload; identification_t *id, *cid; - id_payload = (id_payload_t*)message->get_payload(message, ID_V1); + id_payload = (id_payload_t*)message->get_payload(message, PLV1_ID); if (!id_payload) { DBG1(DBG_IKE, "IDir payload missing"); diff --git a/src/libcharon/sa/ikev1/tasks/mode_config.c b/src/libcharon/sa/ikev1/tasks/mode_config.c index 17fe02538..55fb390ce 100644 --- a/src/libcharon/sa/ikev1/tasks/mode_config.c +++ b/src/libcharon/sa/ikev1/tasks/mode_config.c @@ -107,7 +107,7 @@ static configuration_attribute_t *build_vip(host_t *vip) chunk = chunk_cata("cc", chunk, prefix); } } - return configuration_attribute_create_chunk(CONFIGURATION_ATTRIBUTE_V1, + return configuration_attribute_create_chunk(PLV1_CONFIGURATION_ATTRIBUTE, type, chunk); } @@ -222,7 +222,7 @@ static void process_payloads(private_mode_config_t *this, message_t *message) enumerator = message->create_payload_enumerator(message); while (enumerator->enumerate(enumerator, &payload)) { - if (payload->get_type(payload) == CONFIGURATION_V1) + if (payload->get_type(payload) == PLV1_CONFIGURATION) { cp_payload_t *cp = (cp_payload_t*)payload; configuration_attribute_t *ca; @@ -273,7 +273,7 @@ static void add_attribute(private_mode_config_t *this, cp_payload_t *cp, entry_t *entry; cp->add_attribute(cp, - configuration_attribute_create_chunk(CONFIGURATION_ATTRIBUTE_V1, + configuration_attribute_create_chunk(PLV1_CONFIGURATION_ATTRIBUTE, type, data)); INIT(entry, .type = type, @@ -296,7 +296,7 @@ static status_t build_request(private_mode_config_t *this, message_t *message) linked_list_t *vips; host_t *host; - cp = cp_payload_create_type(CONFIGURATION_V1, CFG_REQUEST); + cp = cp_payload_create_type(PLV1_CONFIGURATION, CFG_REQUEST); vips = linked_list_create(); @@ -360,7 +360,7 @@ static status_t build_set(private_mode_config_t *this, message_t *message) host_t *any4, *any6, *found; char *name; - cp = cp_payload_create_type(CONFIGURATION_V1, CFG_SET); + cp = cp_payload_create_type(PLV1_CONFIGURATION, CFG_SET); id = this->ike_sa->get_other_eap_id(this->ike_sa); config = this->ike_sa->get_peer_cfg(this->ike_sa); @@ -470,7 +470,7 @@ static status_t build_reply(private_mode_config_t *this, message_t *message) linked_list_t *vips, *pools; host_t *requested; - cp = cp_payload_create_type(CONFIGURATION_V1, CFG_REPLY); + cp = cp_payload_create_type(PLV1_CONFIGURATION, CFG_REPLY); id = this->ike_sa->get_other_eap_id(this->ike_sa); config = this->ike_sa->get_peer_cfg(this->ike_sa); @@ -511,7 +511,7 @@ static status_t build_reply(private_mode_config_t *this, message_t *message) while (enumerator->enumerate(enumerator, &type, &value)) { cp->add_attribute(cp, - configuration_attribute_create_chunk(CONFIGURATION_ATTRIBUTE_V1, + configuration_attribute_create_chunk(PLV1_CONFIGURATION_ATTRIBUTE, type, value)); } enumerator->destroy(enumerator); @@ -535,7 +535,7 @@ static status_t build_ack(private_mode_config_t *this, message_t *message) configuration_attribute_type_t type; entry_t *entry; - cp = cp_payload_create_type(CONFIGURATION_V1, CFG_ACK); + cp = cp_payload_create_type(PLV1_CONFIGURATION, CFG_ACK); /* return empty attributes for installed IPs */ @@ -552,7 +552,7 @@ static status_t build_ack(private_mode_config_t *this, message_t *message) type = INTERNAL_IP4_ADDRESS; } cp->add_attribute(cp, configuration_attribute_create_chunk( - CONFIGURATION_ATTRIBUTE_V1, type, chunk_empty)); + PLV1_CONFIGURATION_ATTRIBUTE, type, chunk_empty)); } enumerator->destroy(enumerator); @@ -560,7 +560,7 @@ static status_t build_ack(private_mode_config_t *this, message_t *message) while (enumerator->enumerate(enumerator, &entry)) { cp->add_attribute(cp, - configuration_attribute_create_chunk(CONFIGURATION_ATTRIBUTE_V1, + configuration_attribute_create_chunk(PLV1_CONFIGURATION_ATTRIBUTE, entry->type, chunk_empty)); } enumerator->destroy(enumerator); diff --git a/src/libcharon/sa/ikev1/tasks/quick_delete.c b/src/libcharon/sa/ikev1/tasks/quick_delete.c index 605c10cea..499081caa 100644 --- a/src/libcharon/sa/ikev1/tasks/quick_delete.c +++ b/src/libcharon/sa/ikev1/tasks/quick_delete.c @@ -177,7 +177,7 @@ METHOD(task_t, build_i, status_t, DBG1(DBG_IKE, "sending DELETE for %N CHILD_SA with SPI %.8x", protocol_id_names, this->protocol, ntohl(this->spi)); - delete_payload = delete_payload_create(DELETE_V1, this->protocol); + delete_payload = delete_payload_create(PLV1_DELETE, this->protocol); delete_payload->add_spi(delete_payload, this->spi); message->add_payload(message, &delete_payload->payload_interface); @@ -205,7 +205,7 @@ METHOD(task_t, process_r, status_t, payloads = message->create_payload_enumerator(message); while (payloads->enumerate(payloads, &payload)) { - if (payload->get_type(payload) == DELETE_V1) + if (payload->get_type(payload) == PLV1_DELETE) { delete_payload = (delete_payload_t*)payload; protocol = delete_payload->get_protocol_id(delete_payload); diff --git a/src/libcharon/sa/ikev1/tasks/quick_mode.c b/src/libcharon/sa/ikev1/tasks/quick_mode.c index 74b5c453a..e6273682d 100644 --- a/src/libcharon/sa/ikev1/tasks/quick_mode.c +++ b/src/libcharon/sa/ikev1/tasks/quick_mode.c @@ -427,7 +427,7 @@ static bool add_nonce(private_quick_mode_t *this, chunk_t *nonce, } nonceg->destroy(nonceg); - nonce_payload = nonce_payload_create(NONCE_V1); + nonce_payload = nonce_payload_create(PLV1_NONCE); nonce_payload->set_nonce(nonce_payload, *nonce); message->add_payload(message, &nonce_payload->payload_interface); @@ -442,7 +442,7 @@ static bool get_nonce(private_quick_mode_t *this, chunk_t *nonce, { nonce_payload_t *nonce_payload; - nonce_payload = (nonce_payload_t*)message->get_payload(message, NONCE_V1); + nonce_payload = (nonce_payload_t*)message->get_payload(message, PLV1_NONCE); if (!nonce_payload) { DBG1(DBG_IKE, "NONCE payload missing in message"); @@ -460,7 +460,7 @@ static void add_ke(private_quick_mode_t *this, message_t *message) { ke_payload_t *ke_payload; - ke_payload = ke_payload_create_from_diffie_hellman(KEY_EXCHANGE_V1, this->dh); + ke_payload = ke_payload_create_from_diffie_hellman(PLV1_KEY_EXCHANGE, this->dh); message->add_payload(message, &ke_payload->payload_interface); } @@ -471,7 +471,7 @@ static bool get_ke(private_quick_mode_t *this, message_t *message) { ke_payload_t *ke_payload; - ke_payload = (ke_payload_t*)message->get_payload(message, KEY_EXCHANGE_V1); + ke_payload = (ke_payload_t*)message->get_payload(message, PLV1_KEY_EXCHANGE); if (!ke_payload) { DBG1(DBG_IKE, "KE payload missing"); @@ -537,7 +537,7 @@ static bool get_ts(private_quick_mode_t *this, message_t *message) enumerator = message->create_payload_enumerator(message); while (enumerator->enumerate(enumerator, &payload)) { - if (payload->get_type(payload) == ID_V1) + if (payload->get_type(payload) == PLV1_ID) { id_payload = (id_payload_t*)payload; @@ -640,9 +640,9 @@ static payload_type_t get_nat_oa_payload_type(ike_sa_t *ike_sa) { if (ike_sa->supports_extension(ike_sa, EXT_NATT_DRAFT_02_03)) { - return NAT_OA_DRAFT_00_03_V1; + return PLV1_NAT_OA_DRAFT_00_03; } - return NAT_OA_V1; + return PLV1_NAT_OA; } /** @@ -726,7 +726,7 @@ static status_t send_notify(private_quick_mode_t *this, notify_type_t type) { notify_payload_t *notify; - notify = notify_payload_create_from_protocol_and_type(NOTIFY_V1, + notify = notify_payload_create_from_protocol_and_type(PLV1_NOTIFY, this->proto, type); notify->set_spi(notify, this->spi_i); @@ -917,7 +917,7 @@ static bool has_notify_errors(private_quick_mode_t *this, message_t *message) enumerator = message->create_payload_enumerator(message); while (enumerator->enumerate(enumerator, &payload)) { - if (payload->get_type(payload) == NOTIFY_V1) + if (payload->get_type(payload) == PLV1_NOTIFY) { notify_payload_t *notify; notify_type_t type; @@ -1000,7 +1000,7 @@ METHOD(task_t, process_r, status_t, bool private; sa_payload = (sa_payload_t*)message->get_payload(message, - SECURITY_ASSOCIATION_V1); + PLV1_SECURITY_ASSOCIATION); if (!sa_payload) { DBG1(DBG_IKE, "sa payload missing"); @@ -1215,7 +1215,7 @@ METHOD(task_t, process_i, status_t, bool private; sa_payload = (sa_payload_t*)message->get_payload(message, - SECURITY_ASSOCIATION_V1); + PLV1_SECURITY_ASSOCIATION); if (!sa_payload) { DBG1(DBG_IKE, "sa payload missing"); diff --git a/src/libcharon/sa/ikev1/tasks/xauth.c b/src/libcharon/sa/ikev1/tasks/xauth.c index f5555ecd2..9329dab5e 100644 --- a/src/libcharon/sa/ikev1/tasks/xauth.c +++ b/src/libcharon/sa/ikev1/tasks/xauth.c @@ -277,7 +277,7 @@ METHOD(task_t, build_i_status, status_t, { cp_payload_t *cp; - cp = cp_payload_create_type(CONFIGURATION_V1, CFG_SET); + cp = cp_payload_create_type(PLV1_CONFIGURATION, CFG_SET); cp->add_attribute(cp, configuration_attribute_create_value(XAUTH_STATUS, this->status)); @@ -291,7 +291,7 @@ METHOD(task_t, process_i_status, status_t, { cp_payload_t *cp; - cp = (cp_payload_t*)message->get_payload(message, CONFIGURATION_V1); + cp = (cp_payload_t*)message->get_payload(message, PLV1_CONFIGURATION); if (!cp || cp->get_type(cp) != CFG_ACK) { DBG1(DBG_IKE, "received invalid XAUTH status response"); @@ -354,11 +354,11 @@ METHOD(task_t, build_r_ack, status_t, { cp_payload_t *cp; - cp = cp_payload_create_type(CONFIGURATION_V1, CFG_ACK); + cp = cp_payload_create_type(PLV1_CONFIGURATION, CFG_ACK); cp->set_identifier(cp, this->identifier); cp->add_attribute(cp, configuration_attribute_create_chunk( - CONFIGURATION_ATTRIBUTE_V1, XAUTH_STATUS, chunk_empty)); + PLV1_CONFIGURATION_ATTRIBUTE, XAUTH_STATUS, chunk_empty)); message->add_payload(message, (payload_t *)cp); @@ -382,7 +382,7 @@ METHOD(task_t, process_r, status_t, return NEED_MORE; } } - cp = (cp_payload_t*)message->get_payload(message, CONFIGURATION_V1); + cp = (cp_payload_t*)message->get_payload(message, PLV1_CONFIGURATION); if (!cp) { DBG1(DBG_IKE, "configuration payload missing in XAuth request"); @@ -438,7 +438,7 @@ METHOD(task_t, build_r, status_t, { if (!this->cp) { /* send empty reply if building data failed */ - this->cp = cp_payload_create_type(CONFIGURATION_V1, CFG_REPLY); + this->cp = cp_payload_create_type(PLV1_CONFIGURATION, CFG_REPLY); } message->add_payload(message, (payload_t *)this->cp); this->cp = NULL; @@ -451,7 +451,7 @@ METHOD(task_t, process_i, status_t, identification_t *id; cp_payload_t *cp; - cp = (cp_payload_t*)message->get_payload(message, CONFIGURATION_V1); + cp = (cp_payload_t*)message->get_payload(message, PLV1_CONFIGURATION); if (!cp) { DBG1(DBG_IKE, "configuration payload missing in XAuth response"); diff --git a/src/libcharon/sa/ikev2/authenticators/eap_authenticator.c b/src/libcharon/sa/ikev2/authenticators/eap_authenticator.c index b8359cc88..eed6d1996 100644 --- a/src/libcharon/sa/ikev2/authenticators/eap_authenticator.c +++ b/src/libcharon/sa/ikev2/authenticators/eap_authenticator.c @@ -450,7 +450,7 @@ static bool verify_auth(private_eap_authenticator_t *this, message_t *message, keymat_v2_t *keymat; auth_payload = (auth_payload_t*)message->get_payload(message, - AUTHENTICATION); + PLV2_AUTH); if (!auth_payload) { DBG1(DBG_IKE, "AUTH payload missing"); @@ -532,7 +532,7 @@ METHOD(authenticator_t, process_server, status_t, else { eap_payload = (eap_payload_t*)message->get_payload(message, - EXTENSIBLE_AUTHENTICATION); + PLV2_EAP); if (!eap_payload) { return FAILED; @@ -590,7 +590,7 @@ METHOD(authenticator_t, process_client, status_t, } eap_payload = (eap_payload_t*)message->get_payload(message, - EXTENSIBLE_AUTHENTICATION); + PLV2_EAP); if (eap_payload) { switch (eap_payload->get_code(eap_payload)) diff --git a/src/libcharon/sa/ikev2/authenticators/psk_authenticator.c b/src/libcharon/sa/ikev2/authenticators/psk_authenticator.c index 997efe359..c6a4b6ba4 100644 --- a/src/libcharon/sa/ikev2/authenticators/psk_authenticator.c +++ b/src/libcharon/sa/ikev2/authenticators/psk_authenticator.c @@ -103,7 +103,7 @@ METHOD(authenticator_t, process, status_t, int keys_found = 0; keymat_v2_t *keymat; - auth_payload = (auth_payload_t*)message->get_payload(message, AUTHENTICATION); + auth_payload = (auth_payload_t*)message->get_payload(message, PLV2_AUTH); if (!auth_payload) { return FAILED; diff --git a/src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c b/src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c index 5ceff40ba..6fb14bc06 100644 --- a/src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c +++ b/src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c @@ -147,7 +147,7 @@ METHOD(authenticator_t, process, status_t, status_t status = NOT_FOUND; keymat_v2_t *keymat; - auth_payload = (auth_payload_t*)message->get_payload(message, AUTHENTICATION); + auth_payload = (auth_payload_t*)message->get_payload(message, PLV2_AUTH); if (!auth_payload) { return FAILED; diff --git a/src/libcharon/sa/ikev2/connect_manager.c b/src/libcharon/sa/ikev2/connect_manager.c index c4e5ea7a0..161c4fdaf 100644 --- a/src/libcharon/sa/ikev2/connect_manager.c +++ b/src/libcharon/sa/ikev2/connect_manager.c @@ -748,7 +748,7 @@ static status_t process_payloads(message_t *message, check_t *check) enumerator = message->create_payload_enumerator(message); while (enumerator->enumerate(enumerator, &payload)) { - if (payload->get_type(payload) != NOTIFY) + if (payload->get_type(payload) != PLV2_NOTIFY) { DBG1(DBG_IKE, "ignoring payload of type '%N' while processing " "connectivity check", payload_type_names, diff --git a/src/libcharon/sa/ikev2/task_manager_v2.c b/src/libcharon/sa/ikev2/task_manager_v2.c index a5252ab70..ada798bdc 100644 --- a/src/libcharon/sa/ikev2/task_manager_v2.c +++ b/src/libcharon/sa/ikev2/task_manager_v2.c @@ -792,7 +792,7 @@ static status_t process_request(private_task_manager_t *this, { switch (payload->get_type(payload)) { - case NOTIFY: + case PLV2_NOTIFY: { /* if we find a rekey notify, its CHILD_SA rekeying */ notify = (notify_payload_t*)payload; if (notify->get_notify_type(notify) == REKEY_SA && @@ -803,8 +803,8 @@ static status_t process_request(private_task_manager_t *this, } break; } - case TRAFFIC_SELECTOR_INITIATOR: - case TRAFFIC_SELECTOR_RESPONDER: + case PLV2_TS_INITIATOR: + case PLV2_TS_RESPONDER: { /* if we don't find a TS, its IKE rekeying */ ts_found = TRUE; break; @@ -842,7 +842,7 @@ static status_t process_request(private_task_manager_t *this, { switch (payload->get_type(payload)) { - case NOTIFY: + case PLV2_NOTIFY: { notify = (notify_payload_t*)payload; switch (notify->get_notify_type(notify)) @@ -875,7 +875,7 @@ static status_t process_request(private_task_manager_t *this, } break; } - case DELETE: + case PLV2_DELETE: { delete = (delete_payload_t*)payload; if (delete->get_protocol_id(delete) == PROTO_IKE) diff --git a/src/libcharon/sa/ikev2/tasks/child_create.c b/src/libcharon/sa/ikev2/tasks/child_create.c index 35b7e12c9..a1f01c276 100644 --- a/src/libcharon/sa/ikev2/tasks/child_create.c +++ b/src/libcharon/sa/ikev2/tasks/child_create.c @@ -187,7 +187,7 @@ static status_t get_nonce(message_t *message, chunk_t *nonce) { nonce_payload_t *payload; - payload = (nonce_payload_t*)message->get_payload(message, NONCE); + payload = (nonce_payload_t*)message->get_payload(message, PLV2_NONCE); if (payload == NULL) { return FAILED; @@ -731,7 +731,7 @@ static void build_payloads(private_child_create_t *this, message_t *message) /* add nonce payload if not in IKE_AUTH */ if (message->get_exchange_type(message) == CREATE_CHILD_SA) { - nonce_payload = nonce_payload_create(NONCE); + nonce_payload = nonce_payload_create(PLV2_NONCE); nonce_payload->set_nonce(nonce_payload, this->my_nonce); message->add_payload(message, (payload_t*)nonce_payload); } @@ -739,7 +739,7 @@ static void build_payloads(private_child_create_t *this, message_t *message) /* diffie hellman exchange, if PFS enabled */ if (this->dh) { - ke_payload = ke_payload_create_from_diffie_hellman(KEY_EXCHANGE, + ke_payload = ke_payload_create_from_diffie_hellman(PLV2_KEY_EXCHANGE, this->dh); message->add_payload(message, (payload_t*)ke_payload); } @@ -866,11 +866,11 @@ static void process_payloads(private_child_create_t *this, message_t *message) { switch (payload->get_type(payload)) { - case SECURITY_ASSOCIATION: + case PLV2_SECURITY_ASSOCIATION: sa_payload = (sa_payload_t*)payload; this->proposals = sa_payload->get_proposals(sa_payload); break; - case KEY_EXCHANGE: + case PLV2_KEY_EXCHANGE: ke_payload = (ke_payload_t*)payload; if (!this->initiator) { @@ -884,15 +884,15 @@ static void process_payloads(private_child_create_t *this, message_t *message) ke_payload->get_key_exchange_data(ke_payload)); } break; - case TRAFFIC_SELECTOR_INITIATOR: + case PLV2_TS_INITIATOR: ts_payload = (ts_payload_t*)payload; this->tsi = ts_payload->get_traffic_selectors(ts_payload); break; - case TRAFFIC_SELECTOR_RESPONDER: + case PLV2_TS_RESPONDER: ts_payload = (ts_payload_t*)payload; this->tsr = ts_payload->get_traffic_selectors(ts_payload); break; - case NOTIFY: + case PLV2_NOTIFY: handle_notify(this, (notify_payload_t*)payload); break; default: @@ -1217,7 +1217,7 @@ METHOD(task_t, build_r, status_t, enumerator = message->create_payload_enumerator(message); while (enumerator->enumerate(enumerator, &payload)) { - if (payload->get_type(payload) == NOTIFY) + if (payload->get_type(payload) == PLV2_NOTIFY) { notify_payload_t *notify = (notify_payload_t*)payload; @@ -1319,7 +1319,7 @@ METHOD(task_t, build_i_delete, status_t, proto = this->proposal->get_protocol(this->proposal); spi = this->child_sa->get_spi(this->child_sa, TRUE); - del = delete_payload_create(DELETE, proto); + del = delete_payload_create(PLV2_DELETE, proto); del->add_spi(del, spi); message->add_payload(message, (payload_t*)del); @@ -1368,7 +1368,7 @@ METHOD(task_t, process_i, status_t, enumerator = message->create_payload_enumerator(message); while (enumerator->enumerate(enumerator, &payload)) { - if (payload->get_type(payload) == NOTIFY) + if (payload->get_type(payload) == PLV2_NOTIFY) { notify_payload_t *notify = (notify_payload_t*)payload; notify_type_t type = notify->get_notify_type(notify); diff --git a/src/libcharon/sa/ikev2/tasks/child_delete.c b/src/libcharon/sa/ikev2/tasks/child_delete.c index 88b032c8b..2b1697423 100644 --- a/src/libcharon/sa/ikev2/tasks/child_delete.c +++ b/src/libcharon/sa/ikev2/tasks/child_delete.c @@ -93,7 +93,7 @@ static void build_payloads(private_child_delete_t *this, message_t *message) case PROTO_ESP: if (esp == NULL) { - esp = delete_payload_create(DELETE, PROTO_ESP); + esp = delete_payload_create(PLV2_DELETE, PROTO_ESP); message->add_payload(message, (payload_t*)esp); } esp->add_spi(esp, spi); @@ -103,7 +103,7 @@ static void build_payloads(private_child_delete_t *this, message_t *message) case PROTO_AH: if (ah == NULL) { - ah = delete_payload_create(DELETE, PROTO_AH); + ah = delete_payload_create(PLV2_DELETE, PROTO_AH); message->add_payload(message, (payload_t*)ah); } ah->add_spi(ah, spi); @@ -133,7 +133,7 @@ static void process_payloads(private_child_delete_t *this, message_t *message) payloads = message->create_payload_enumerator(message); while (payloads->enumerate(payloads, &payload)) { - if (payload->get_type(payload) == DELETE) + if (payload->get_type(payload) == PLV2_DELETE) { delete_payload = (delete_payload_t*)payload; protocol = delete_payload->get_protocol_id(delete_payload); diff --git a/src/libcharon/sa/ikev2/tasks/child_rekey.c b/src/libcharon/sa/ikev2/tasks/child_rekey.c index d2003bb45..db872827d 100644 --- a/src/libcharon/sa/ikev2/tasks/child_rekey.c +++ b/src/libcharon/sa/ikev2/tasks/child_rekey.c @@ -171,7 +171,7 @@ METHOD(task_t, build_i, status_t, config = this->child_sa->get_config(this->child_sa); /* we just need the rekey notify ... */ - notify = notify_payload_create_from_protocol_and_type(NOTIFY, + notify = notify_payload_create_from_protocol_and_type(PLV2_NOTIFY, this->protocol, REKEY_SA); notify->set_spi(notify, this->spi); message->add_payload(message, (payload_t*)notify); @@ -228,7 +228,7 @@ METHOD(task_t, build_r, status_t, this->child_create->set_config(this->child_create, config->get_ref(config)); this->child_create->task.build(&this->child_create->task, message); - if (message->get_payload(message, SECURITY_ASSOCIATION) == NULL) + if (message->get_payload(message, PLV2_SECURITY_ASSOCIATION) == NULL) { /* rekeying failed, reuse old child */ this->child_sa->set_state(this->child_sa, CHILD_INSTALLED); @@ -332,7 +332,7 @@ METHOD(task_t, process_i, status_t, this->child_create->task.migrate(&this->child_create->task, this->ike_sa); return NEED_MORE; } - if (message->get_payload(message, SECURITY_ASSOCIATION) == NULL) + if (message->get_payload(message, PLV2_SECURITY_ASSOCIATION) == NULL) { /* establishing new child failed, reuse old. but not when we * received a delete in the meantime */ diff --git a/src/libcharon/sa/ikev2/tasks/ike_auth.c b/src/libcharon/sa/ikev2/tasks/ike_auth.c index 800dab07e..bf747a49e 100644 --- a/src/libcharon/sa/ikev2/tasks/ike_auth.c +++ b/src/libcharon/sa/ikev2/tasks/ike_auth.c @@ -132,7 +132,7 @@ static status_t collect_my_init_data(private_ike_auth_t *this, nonce_payload_t *nonce; /* get the nonce that was generated in ike_init */ - nonce = (nonce_payload_t*)message->get_payload(message, NONCE); + nonce = (nonce_payload_t*)message->get_payload(message, PLV2_NONCE); if (nonce == NULL) { return FAILED; @@ -158,7 +158,7 @@ static status_t collect_other_init_data(private_ike_auth_t *this, nonce_payload_t *nonce; /* get the nonce that was generated in ike_init */ - nonce = (nonce_payload_t*)message->get_payload(message, NONCE); + nonce = (nonce_payload_t*)message->get_payload(message, PLV2_NONCE); if (nonce == NULL) { return FAILED; @@ -433,7 +433,7 @@ METHOD(task_t, build_i, status_t, { this->ike_sa->set_other_id(this->ike_sa, idr->clone(idr)); id_payload = id_payload_create_from_identification( - ID_RESPONDER, idr); + PLV2_ID_RESPONDER, idr); message->add_payload(message, (payload_t*)id_payload); } } @@ -451,7 +451,7 @@ METHOD(task_t, build_i, status_t, cfg->add(cfg, AUTH_RULE_IDENTITY, idi); } this->ike_sa->set_my_id(this->ike_sa, idi->clone(idi)); - id_payload = id_payload_create_from_identification(ID_INITIATOR, idi); + id_payload = id_payload_create_from_identification(PLV2_ID_INITIATOR, idi); get_reserved_id_bytes(this, id_payload); message->add_payload(message, (payload_t*)id_payload); @@ -498,7 +498,7 @@ METHOD(task_t, build_i, status_t, /* check for additional authentication rounds */ if (do_another_auth(this)) { - if (message->get_payload(message, AUTHENTICATION)) + if (message->get_payload(message, PLV2_AUTH)) { message->add_notify(message, FALSE, ANOTHER_AUTH_FOLLOWS, chunk_empty); } @@ -525,7 +525,7 @@ METHOD(task_t, process_r, status_t, if (this->my_auth == NULL && this->do_another_auth) { /* handle (optional) IDr payload, apply proposed identity */ - id_payload = (id_payload_t*)message->get_payload(message, ID_RESPONDER); + id_payload = (id_payload_t*)message->get_payload(message, PLV2_ID_RESPONDER); if (id_payload) { id = id_payload->get_identification(id_payload); @@ -558,7 +558,7 @@ METHOD(task_t, process_r, status_t, if (this->other_auth == NULL) { /* handle IDi payload */ - id_payload = (id_payload_t*)message->get_payload(message, ID_INITIATOR); + id_payload = (id_payload_t*)message->get_payload(message, PLV2_ID_INITIATOR); if (!id_payload) { DBG1(DBG_IKE, "IDi payload missing"); @@ -578,7 +578,7 @@ METHOD(task_t, process_r, status_t, return NEED_MORE; } } - if (message->get_payload(message, AUTHENTICATION) == NULL) + if (message->get_payload(message, PLV2_AUTH) == NULL) { /* before authenticating with EAP, we need a EAP config */ cand = get_auth_cfg(this, FALSE); while (!cand || ( @@ -631,7 +631,7 @@ METHOD(task_t, process_r, status_t, this->other_auth = NULL; break; case NEED_MORE: - if (message->get_payload(message, AUTHENTICATION)) + if (message->get_payload(message, PLV2_AUTH)) { /* AUTH verification successful, but another build() needed */ break; } @@ -733,7 +733,7 @@ METHOD(task_t, build_r, status_t, } } - id_payload = id_payload_create_from_identification(ID_RESPONDER, id); + id_payload = id_payload_create_from_identification(PLV2_ID_RESPONDER, id); get_reserved_id_bytes(this, id_payload); message->add_payload(message, (payload_t*)id_payload); @@ -780,7 +780,7 @@ METHOD(task_t, build_r, status_t, case NEED_MORE: break; default: - if (message->get_payload(message, EXTENSIBLE_AUTHENTICATION)) + if (message->get_payload(message, PLV2_EAP)) { /* skip AUTHENTICATION_FAILED if we have EAP_FAILURE */ goto peer_auth_failed_no_notify; } @@ -900,7 +900,7 @@ METHOD(task_t, process_i, status_t, enumerator = message->create_payload_enumerator(message); while (enumerator->enumerate(enumerator, &payload)) { - if (payload->get_type(payload) == NOTIFY) + if (payload->get_type(payload) == PLV2_NOTIFY) { notify_payload_t *notify = (notify_payload_t*)payload; notify_type_t type = notify->get_notify_type(notify); @@ -956,7 +956,7 @@ METHOD(task_t, process_i, status_t, /* handle IDr payload */ id_payload = (id_payload_t*)message->get_payload(message, - ID_RESPONDER); + PLV2_ID_RESPONDER); if (!id_payload) { DBG1(DBG_IKE, "IDr payload missing"); @@ -968,7 +968,7 @@ METHOD(task_t, process_i, status_t, cfg = this->ike_sa->get_auth_cfg(this->ike_sa, FALSE); cfg->add(cfg, AUTH_RULE_IDENTITY, id->clone(id)); - if (message->get_payload(message, AUTHENTICATION)) + if (message->get_payload(message, PLV2_AUTH)) { /* verify authentication data */ this->other_auth = authenticator_create_verifier(this->ike_sa, diff --git a/src/libcharon/sa/ikev2/tasks/ike_cert_post.c b/src/libcharon/sa/ikev2/tasks/ike_cert_post.c index 6dbc4dec3..5a9e08de2 100644 --- a/src/libcharon/sa/ikev2/tasks/ike_cert_post.c +++ b/src/libcharon/sa/ikev2/tasks/ike_cert_post.c @@ -63,14 +63,14 @@ static cert_payload_t *build_cert_payload(private_ike_cert_post_t *this, if (!this->ike_sa->supports_extension(this->ike_sa, EXT_HASH_AND_URL)) { - return cert_payload_create_from_cert(CERTIFICATE, cert); + return cert_payload_create_from_cert(PLV2_CERTIFICATE, cert); } hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1); if (!hasher) { DBG1(DBG_IKE, "unable to use hash-and-url: sha1 not supported"); - return cert_payload_create_from_cert(CERTIFICATE, cert); + return cert_payload_create_from_cert(PLV2_CERTIFICATE, cert); } if (!cert->get_encoding(cert, CERT_ASN1_DER, &encoded)) @@ -83,7 +83,7 @@ static cert_payload_t *build_cert_payload(private_ike_cert_post_t *this, { hasher->destroy(hasher); chunk_free(&encoded); - return cert_payload_create_from_cert(CERTIFICATE, cert); + return cert_payload_create_from_cert(PLV2_CERTIFICATE, cert); } chunk_free(&encoded); hasher->destroy(hasher); @@ -97,7 +97,7 @@ static cert_payload_t *build_cert_payload(private_ike_cert_post_t *this, } else { - payload = cert_payload_create_from_cert(CERTIFICATE, cert); + payload = cert_payload_create_from_cert(PLV2_CERTIFICATE, cert); } enumerator->destroy(enumerator); chunk_free(&hash); @@ -145,7 +145,7 @@ static void add_im_certs(private_ike_cert_post_t *this, auth_cfg_t *auth, { if (type == AUTH_RULE_IM_CERT) { - payload = cert_payload_create_from_cert(CERTIFICATE, cert); + payload = cert_payload_create_from_cert(PLV2_CERTIFICATE, cert); if (payload) { DBG1(DBG_IKE, "sending issuer cert \"%Y\"", @@ -187,7 +187,7 @@ static void add_attribute_certs(private_ike_cert_post_t *this, if (id && id->equals(id, subject->get_issuer(subject)) && cert->get_validity(cert, NULL, NULL, NULL)) { - payload = cert_payload_create_from_cert(CERTIFICATE, cert); + payload = cert_payload_create_from_cert(PLV2_CERTIFICATE, cert); if (payload) { DBG1(DBG_IKE, "sending attribute certificate " @@ -210,7 +210,7 @@ static void build_certs(private_ike_cert_post_t *this, message_t *message) auth_payload_t *payload; auth_cfg_t *auth; - payload = (auth_payload_t*)message->get_payload(message, AUTHENTICATION); + payload = (auth_payload_t*)message->get_payload(message, PLV2_AUTH); peer_cfg = this->ike_sa->get_peer_cfg(this->ike_sa); if (!peer_cfg || !payload || payload->get_auth_method(payload) == AUTH_PSK) { /* no CERT payload for EAP/PSK */ diff --git a/src/libcharon/sa/ikev2/tasks/ike_cert_pre.c b/src/libcharon/sa/ikev2/tasks/ike_cert_pre.c index 558b1e914..0dac975e7 100644 --- a/src/libcharon/sa/ikev2/tasks/ike_cert_pre.c +++ b/src/libcharon/sa/ikev2/tasks/ike_cert_pre.c @@ -138,10 +138,10 @@ static void process_certreqs(private_ike_cert_pre_t *this, message_t *message) { switch (payload->get_type(payload)) { - case CERTIFICATE_REQUEST: + case PLV2_CERTREQ: process_certreq(this, (certreq_payload_t*)payload, auth); break; - case NOTIFY: + case PLV2_NOTIFY: process_notify(this, (notify_payload_t*)payload); break; default: @@ -298,7 +298,7 @@ static void process_certs(private_ike_cert_pre_t *this, message_t *message) enumerator = message->create_payload_enumerator(message); while (enumerator->enumerate(enumerator, &payload)) { - if (payload->get_type(payload) == CERTIFICATE) + if (payload->get_type(payload) == PLV2_CERTIFICATE) { cert_payload_t *cert_payload; cert_encoding_t encoding; @@ -469,7 +469,7 @@ static void build_certreqs(private_ike_cert_pre_t *this, message_t *message) static bool final_auth(message_t *message) { /* we check for an AUTH payload without a ANOTHER_AUTH_FOLLOWS notify */ - if (message->get_payload(message, AUTHENTICATION) == NULL) + if (message->get_payload(message, PLV2_AUTH) == NULL) { return FALSE; } diff --git a/src/libcharon/sa/ikev2/tasks/ike_config.c b/src/libcharon/sa/ikev2/tasks/ike_config.c index 17132feee..1a4c21b54 100644 --- a/src/libcharon/sa/ikev2/tasks/ike_config.c +++ b/src/libcharon/sa/ikev2/tasks/ike_config.c @@ -98,7 +98,7 @@ static configuration_attribute_t *build_vip(host_t *vip) chunk = chunk_cata("cc", chunk, prefix); } } - return configuration_attribute_create_chunk(CONFIGURATION_ATTRIBUTE, + return configuration_attribute_create_chunk(PLV2_CONFIGURATION_ATTRIBUTE, type, chunk); } @@ -200,7 +200,7 @@ static void process_payloads(private_ike_config_t *this, message_t *message) enumerator = message->create_payload_enumerator(message); while (enumerator->enumerate(enumerator, &payload)) { - if (payload->get_type(payload) == CONFIGURATION) + if (payload->get_type(payload) == PLV2_CONFIGURATION) { cp_payload_t *cp = (cp_payload_t*)payload; configuration_attribute_t *ca; @@ -268,7 +268,7 @@ METHOD(task_t, build_i, status_t, if (vips->get_count(vips)) { - cp = cp_payload_create_type(CONFIGURATION, CFG_REQUEST); + cp = cp_payload_create_type(PLV2_CONFIGURATION, CFG_REQUEST); enumerator = vips->create_enumerator(vips); while (enumerator->enumerate(enumerator, &host)) { @@ -288,11 +288,11 @@ METHOD(task_t, build_i, status_t, /* create configuration attribute */ DBG2(DBG_IKE, "building %N attribute", configuration_attribute_type_names, type); - ca = configuration_attribute_create_chunk(CONFIGURATION_ATTRIBUTE, + ca = configuration_attribute_create_chunk(PLV2_CONFIGURATION_ATTRIBUTE, type, data); if (!cp) { - cp = cp_payload_create_type(CONFIGURATION, CFG_REQUEST); + cp = cp_payload_create_type(PLV2_CONFIGURATION, CFG_REQUEST); } cp->add_attribute(cp, ca); @@ -363,7 +363,7 @@ METHOD(task_t, build_r, status_t, this->ike_sa->add_virtual_ip(this->ike_sa, FALSE, found); if (!cp) { - cp = cp_payload_create_type(CONFIGURATION, CFG_REPLY); + cp = cp_payload_create_type(PLV2_CONFIGURATION, CFG_REPLY); } cp->add_attribute(cp, build_vip(found)); vips->insert_last(vips, found); @@ -407,12 +407,12 @@ METHOD(task_t, build_r, status_t, { if (!cp) { - cp = cp_payload_create_type(CONFIGURATION, CFG_REPLY); + cp = cp_payload_create_type(PLV2_CONFIGURATION, CFG_REPLY); } DBG2(DBG_IKE, "building %N attribute", configuration_attribute_type_names, type); cp->add_attribute(cp, - configuration_attribute_create_chunk(CONFIGURATION_ATTRIBUTE, + configuration_attribute_create_chunk(PLV2_CONFIGURATION_ATTRIBUTE, type, value)); } enumerator->destroy(enumerator); diff --git a/src/libcharon/sa/ikev2/tasks/ike_delete.c b/src/libcharon/sa/ikev2/tasks/ike_delete.c index 9bc62bf2a..e972dba07 100644 --- a/src/libcharon/sa/ikev2/tasks/ike_delete.c +++ b/src/libcharon/sa/ikev2/tasks/ike_delete.c @@ -65,7 +65,7 @@ METHOD(task_t, build_i, status_t, this->ike_sa->get_other_host(this->ike_sa), this->ike_sa->get_other_id(this->ike_sa)); - delete_payload = delete_payload_create(DELETE, PROTO_IKE); + delete_payload = delete_payload_create(PLV2_DELETE, PROTO_IKE); message->add_payload(message, (payload_t*)delete_payload); if (this->ike_sa->get_state(this->ike_sa) == IKE_REKEYING) diff --git a/src/libcharon/sa/ikev2/tasks/ike_init.c b/src/libcharon/sa/ikev2/tasks/ike_init.c index 278bdc3f2..e3c18ea0f 100644 --- a/src/libcharon/sa/ikev2/tasks/ike_init.c +++ b/src/libcharon/sa/ikev2/tasks/ike_init.c @@ -147,9 +147,9 @@ static void build_payloads(private_ike_init_t *this, message_t *message) } message->add_payload(message, (payload_t*)sa_payload); - nonce_payload = nonce_payload_create(NONCE); + nonce_payload = nonce_payload_create(PLV2_NONCE); nonce_payload->set_nonce(nonce_payload, this->my_nonce); - ke_payload = ke_payload_create_from_diffie_hellman(KEY_EXCHANGE, this->dh); + ke_payload = ke_payload_create_from_diffie_hellman(PLV2_KEY_EXCHANGE, this->dh); if (this->old_sa) { /* payload order differs if we are rekeying */ @@ -176,7 +176,7 @@ static void process_payloads(private_ike_init_t *this, message_t *message) { switch (payload->get_type(payload)) { - case SECURITY_ASSOCIATION: + case PLV2_SECURITY_ASSOCIATION: { sa_payload_t *sa_payload = (sa_payload_t*)payload; linked_list_t *proposal_list; @@ -196,7 +196,7 @@ static void process_payloads(private_ike_init_t *this, message_t *message) offsetof(proposal_t, destroy)); break; } - case KEY_EXCHANGE: + case PLV2_KEY_EXCHANGE: { ke_payload_t *ke_payload = (ke_payload_t*)payload; @@ -213,7 +213,7 @@ static void process_payloads(private_ike_init_t *this, message_t *message) } break; } - case NONCE: + case PLV2_NONCE: { nonce_payload_t *nonce_payload = (nonce_payload_t*)payload; @@ -449,7 +449,7 @@ METHOD(task_t, process_i, status_t, enumerator = message->create_payload_enumerator(message); while (enumerator->enumerate(enumerator, &payload)) { - if (payload->get_type(payload) == NOTIFY) + if (payload->get_type(payload) == PLV2_NOTIFY) { notify_payload_t *notify = (notify_payload_t*)payload; notify_type_t type = notify->get_notify_type(notify); diff --git a/src/libcharon/sa/ikev2/tasks/ike_me.c b/src/libcharon/sa/ikev2/tasks/ike_me.c index 135c06d19..a7e7505a1 100644 --- a/src/libcharon/sa/ikev2/tasks/ike_me.c +++ b/src/libcharon/sa/ikev2/tasks/ike_me.c @@ -171,7 +171,7 @@ static void process_payloads(private_ike_me_t *this, message_t *message) enumerator = message->create_payload_enumerator(message); while (enumerator->enumerate(enumerator, &payload)) { - if (payload->get_type(payload) != NOTIFY) + if (payload->get_type(payload) != PLV2_NOTIFY) { continue; } @@ -277,7 +277,7 @@ METHOD(task_t, build_i, status_t, { rng_t *rng; id_payload_t *id_payload; - id_payload = id_payload_create_from_identification(ID_PEER, + id_payload = id_payload_create_from_identification(PLV2_ID_PEER, this->peer_id); message->add_payload(message, (payload_t*)id_payload); @@ -339,7 +339,7 @@ METHOD(task_t, process_r, status_t, case ME_CONNECT: { id_payload_t *id_payload; - id_payload = (id_payload_t*)message->get_payload(message, ID_PEER); + id_payload = (id_payload_t*)message->get_payload(message, PLV2_ID_PEER); if (!id_payload) { DBG1(DBG_IKE, "received ME_CONNECT without ID_PEER payload" @@ -534,7 +534,7 @@ METHOD(task_t, build_i_ms, status_t, case ME_CONNECT: { id_payload_t *id_payload; - id_payload = id_payload_create_from_identification(ID_PEER, + id_payload = id_payload_create_from_identification(PLV2_ID_PEER, this->peer_id); message->add_payload(message, (payload_t*)id_payload); @@ -594,7 +594,7 @@ METHOD(task_t, process_r_ms, status_t, case ME_CONNECT: { id_payload_t *id_payload; - id_payload = (id_payload_t*)message->get_payload(message, ID_PEER); + id_payload = (id_payload_t*)message->get_payload(message, PLV2_ID_PEER); if (!id_payload) { DBG1(DBG_IKE, "received ME_CONNECT without ID_PEER payload" diff --git a/src/libcharon/sa/ikev2/tasks/ike_mobike.c b/src/libcharon/sa/ikev2/tasks/ike_mobike.c index ae3526f42..00ca615d8 100644 --- a/src/libcharon/sa/ikev2/tasks/ike_mobike.c +++ b/src/libcharon/sa/ikev2/tasks/ike_mobike.c @@ -96,7 +96,7 @@ static void process_payloads(private_ike_mobike_t *this, message_t *message) chunk_t data; host_t *host; - if (payload->get_type(payload) != NOTIFY) + if (payload->get_type(payload) != PLV2_NOTIFY) { continue; } diff --git a/src/libcharon/sa/ikev2/tasks/ike_natd.c b/src/libcharon/sa/ikev2/tasks/ike_natd.c index 4fc968f25..9e0eb68ce 100644 --- a/src/libcharon/sa/ikev2/tasks/ike_natd.c +++ b/src/libcharon/sa/ikev2/tasks/ike_natd.c @@ -172,7 +172,7 @@ static notify_payload_t *build_natd_payload(private_ike_natd_t *this, { return NULL; } - notify = notify_payload_create(NOTIFY); + notify = notify_payload_create(PLV2_NOTIFY); notify->set_notify_type(notify, type); notify->set_notification_data(notify, hash); chunk_free(&hash); @@ -206,7 +206,7 @@ static void process_payloads(private_ike_natd_t *this, message_t *message) enumerator = message->create_payload_enumerator(message); while (enumerator->enumerate(enumerator, &payload)) { - if (payload->get_type(payload) != NOTIFY) + if (payload->get_type(payload) != PLV2_NOTIFY) { continue; } @@ -381,7 +381,7 @@ METHOD(task_t, build_r, status_t, /* only add notifies on successful responses. */ if (message->get_exchange_type(message) == IKE_SA_INIT && - message->get_payload(message, SECURITY_ASSOCIATION) == NULL) + message->get_payload(message, PLV2_SECURITY_ASSOCIATION) == NULL) { return SUCCESS; } diff --git a/src/libcharon/sa/ikev2/tasks/ike_vendor.c b/src/libcharon/sa/ikev2/tasks/ike_vendor.c index 16ac16673..d536af218 100644 --- a/src/libcharon/sa/ikev2/tasks/ike_vendor.c +++ b/src/libcharon/sa/ikev2/tasks/ike_vendor.c @@ -92,7 +92,7 @@ METHOD(task_t, build, status_t, if (vids[i].extension == EXT_STRONGSWAN && strongswan) { DBG2(DBG_IKE, "sending %s vendor ID", vids[i].desc); - vid = vendor_id_payload_create_data(VENDOR_ID, + vid = vendor_id_payload_create_data(PLV2_VENDOR_ID, chunk_clone(get_vid_data(&vids[i]))); message->add_payload(message, &vid->payload_interface); } @@ -111,7 +111,7 @@ METHOD(task_t, process, status_t, enumerator = message->create_payload_enumerator(message); while (enumerator->enumerate(enumerator, &payload)) { - if (payload->get_type(payload) == VENDOR_ID) + if (payload->get_type(payload) == PLV2_VENDOR_ID) { vendor_id_payload_t *vid; chunk_t data; From d1eff687cf01b865692f7b314261773997407a5a Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Tue, 29 Oct 2013 10:45:43 +0100 Subject: [PATCH 056/138] encoding: Don't explicitly include --- src/libcharon/encoding/generator.c | 1 - src/libcharon/encoding/parser.c | 1 - 2 files changed, 2 deletions(-) diff --git a/src/libcharon/encoding/generator.c b/src/libcharon/encoding/generator.c index d4ca5b584..a0a508f53 100644 --- a/src/libcharon/encoding/generator.c +++ b/src/libcharon/encoding/generator.c @@ -17,7 +17,6 @@ #include #include -#include #include #include "generator.h" diff --git a/src/libcharon/encoding/parser.c b/src/libcharon/encoding/parser.c index 588b8af72..c33e30dd3 100644 --- a/src/libcharon/encoding/parser.c +++ b/src/libcharon/encoding/parser.c @@ -15,7 +15,6 @@ */ #include -#include #include #include "parser.h" From c6503d451adac9a85335b187333a431d463f6562 Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Tue, 29 Oct 2013 10:46:30 +0100 Subject: [PATCH 057/138] charon: Don't use syslog() if not supported --- configure.ac | 2 +- src/libcharon/Makefile.am | 7 ++++++- src/libcharon/daemon.c | 28 +++++++++++++++++++++++----- 3 files changed, 30 insertions(+), 7 deletions(-) diff --git a/configure.ac b/configure.ac index 3848f8cde..0dc5ac6ff 100644 --- a/configure.ac +++ b/configure.ac @@ -568,7 +568,7 @@ AC_CHECK_FUNC( ) AC_CHECK_FUNCS(prctl mallinfo getpass closefrom getpwnam_r getgrnam_r getpwuid_r) -AC_CHECK_FUNCS(fmemopen funopen mmap memrchr) +AC_CHECK_FUNCS(fmemopen funopen mmap memrchr syslog) AC_CHECK_HEADERS(sys/sockio.h glob.h net/if_tun.h linux/fib_rules.h) AC_CHECK_HEADERS(net/pfkeyv2.h netipsec/ipsec.h netinet6/ipsec.h linux/udp.h) diff --git a/src/libcharon/Makefile.am b/src/libcharon/Makefile.am index 3e7a96103..586d1dd9a 100644 --- a/src/libcharon/Makefile.am +++ b/src/libcharon/Makefile.am @@ -5,7 +5,6 @@ bus/bus.c bus/bus.h \ bus/listeners/listener.h \ bus/listeners/logger.h \ bus/listeners/file_logger.c bus/listeners/file_logger.h \ -bus/listeners/sys_logger.c bus/listeners/sys_logger.h \ config/backend_manager.c config/backend_manager.h config/backend.h \ config/child_cfg.c config/child_cfg.h \ config/ike_cfg.c config/ike_cfg.h \ @@ -144,6 +143,12 @@ libcharon_la_LIBADD = \ $(top_builddir)/src/libhydra/libhydra.la \ -lm $(PTHREADLIB) $(DLLIB) $(SOCKLIB) +if USE_WINDOWS +else + libcharon_la_SOURCES += \ + bus/listeners/sys_logger.c bus/listeners/sys_logger.h +endif + EXTRA_DIST = Android.mk # compile options diff --git a/src/libcharon/daemon.c b/src/libcharon/daemon.c index 16babf014..a89995a51 100644 --- a/src/libcharon/daemon.c +++ b/src/libcharon/daemon.c @@ -19,10 +19,13 @@ #include #include #include -#include #include #include +#ifdef HAVE_SYSLOG +#include +#endif + #include "daemon.h" #include @@ -179,6 +182,7 @@ static bool logger_entry_match(logger_entry_t *this, char *target, bool *file) */ static void handle_syslog_identifier(private_daemon_t *this) { +#ifdef HAVE_SYSLOG char *identifier; identifier = lib->settings->get_str(lib->settings, "%s.syslog.identifier", @@ -198,6 +202,7 @@ static void handle_syslog_identifier(private_daemon_t *this) closelog(); this->syslog_identifier = NULL; } +#endif /* HAVE_SYSLOG */ } /** @@ -206,6 +211,7 @@ static void handle_syslog_identifier(private_daemon_t *this) */ static int get_syslog_facility(char *facility) { +#ifdef HAVE_SYSLOG if (streq(facility, "daemon")) { return LOG_DAEMON; @@ -214,6 +220,7 @@ static int get_syslog_facility(char *facility) { return LOG_AUTHPRIV; } +#endif /* HAVE_SYSLOG */ return -1; } @@ -237,10 +244,12 @@ static logger_entry_t *get_logger_entry(char *target, bool is_file_logger, { entry->logger.file = file_logger_create(target); } +#ifdef HAVE_SYSLOG else { entry->logger.sys = sys_logger_create(get_syslog_facility(target)); } +#endif /* HAVE_SYSLOG */ } else { @@ -381,18 +390,27 @@ METHOD(daemon_t, load_loggers, void, for (group = 0; group < DBG_MAX; group++) { - sys_logger->set_level(sys_logger, group, levels[group]); + if (sys_logger) + { + sys_logger->set_level(sys_logger, group, levels[group]); + } if (to_stderr) { file_logger->set_level(file_logger, group, levels[group]); } } - charon->bus->add_logger(charon->bus, &sys_logger->logger); + if (sys_logger) + { + charon->bus->add_logger(charon->bus, &sys_logger->logger); + } charon->bus->add_logger(charon->bus, &file_logger->logger); sys_logger = add_sys_logger(this, "auth", current_loggers); - sys_logger->set_level(sys_logger, DBG_ANY, LEVEL_AUDIT); - charon->bus->add_logger(charon->bus, &sys_logger->logger); + if (sys_logger) + { + sys_logger->set_level(sys_logger, DBG_ANY, LEVEL_AUDIT); + charon->bus->add_logger(charon->bus, &sys_logger->logger); + } } /* unregister and destroy any unused remaining loggers */ current_loggers->destroy_function(current_loggers, From 87664d92ca5f74fc191338d56a937d2b16dcef1d Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Tue, 29 Oct 2013 10:47:36 +0100 Subject: [PATCH 058/138] controller: Remove unused include --- src/libcharon/control/controller.c | 1 - 1 file changed, 1 deletion(-) diff --git a/src/libcharon/control/controller.c b/src/libcharon/control/controller.c index c546da544..25667e532 100644 --- a/src/libcharon/control/controller.c +++ b/src/libcharon/control/controller.c @@ -20,7 +20,6 @@ #include #include #include -#include #include #include From 9ff171602958c614d14547b6be71e5b5d34866bb Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Tue, 29 Oct 2013 10:48:09 +0100 Subject: [PATCH 059/138] windows: Don't use function macros to overload send/recv() and friends While the macro versions would not catch non-function invocations, we actually have to use catch all to support the sender_t.send() function. --- src/libstrongswan/utils/windows.h | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/libstrongswan/utils/windows.h b/src/libstrongswan/utils/windows.h index 4e1e6b6c2..d57b5dc1d 100644 --- a/src/libstrongswan/utils/windows.h +++ b/src/libstrongswan/utils/windows.h @@ -267,26 +267,26 @@ int socketpair(int domain, int type, int protocol, int sv[2]); /** * recv(2) with support for MSG_DONTWAIT */ -#define recv(...) windows_recv(__VA_ARGS__) +#define recv windows_recv ssize_t windows_recv(int sockfd, void *buf, size_t len, int flags); /** * recvfrom(2) with support for MSG_DONTWAIT */ -#define recvfrom(...) windows_recvfrom(__VA_ARGS__) +#define recvfrom windows_recvfrom ssize_t windows_recvfrom(int sockfd, void *buf, size_t len, int flags, struct sockaddr *src_addr, socklen_t *addrlen); /** * recvfrom(2) with support for MSG_DONTWAIT */ -#define send(...) windows_send(__VA_ARGS__) +#define send windows_send ssize_t windows_send(int sockfd, const void *buf, size_t len, int flags); /** * recvfrom(2) with support for MSG_DONTWAIT */ -#define sendto(...) windows_send(__VA_ARGS__) +#define sendto windows_send ssize_t windows_sendto(int sockfd, const void *buf, size_t len, int flags, const struct sockaddr *dest_addr, socklen_t addrlen); From 740404d48193dece09047608c7d8362c5a7536e8 Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Thu, 21 Nov 2013 16:27:50 +0100 Subject: [PATCH 060/138] chunk: Fallback to recv() on Windows chunk_from_fd() when operating on socket --- src/libstrongswan/utils/chunk.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/libstrongswan/utils/chunk.c b/src/libstrongswan/utils/chunk.c index dd84d5106..7958931d0 100644 --- a/src/libstrongswan/utils/chunk.c +++ b/src/libstrongswan/utils/chunk.c @@ -269,6 +269,12 @@ bool chunk_from_fd(int fd, chunk_t *out) while (TRUE) { len = read(fd, buf + total, bufsize - total); +#ifdef WIN32 + if (len == -1 && errno == EBADF) + { /* operating on a Winsock socket? */ + len = recv(fd, buf + total, bufsize - total, 0); + } +#endif if (len < 0) { free(buf); From efcf249aebe395e196237e87bd34232f84559112 Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Thu, 21 Nov 2013 16:27:21 +0100 Subject: [PATCH 061/138] windows: Provide a close(2) that can close both file handles and sockets --- src/libstrongswan/utils/windows.c | 16 ++++++++++++++++ src/libstrongswan/utils/windows.h | 6 ++++++ 2 files changed, 22 insertions(+) diff --git a/src/libstrongswan/utils/windows.c b/src/libstrongswan/utils/windows.c index 48a70b6c2..492821d53 100644 --- a/src/libstrongswan/utils/windows.c +++ b/src/libstrongswan/utils/windows.c @@ -331,6 +331,22 @@ static bool check_dontwait(int *flags) return FALSE; } +/** + * See header + */ +#undef close +int windows_close(int fd) +{ + int ret; + + ret = close(fd); + if (ret == -1 && errno == EBADF) + { /* Winsock socket? */ + ret = wserr(closesocket(fd)); + } + return ret; +} + /** * See header */ diff --git a/src/libstrongswan/utils/windows.h b/src/libstrongswan/utils/windows.h index d57b5dc1d..3e317ce59 100644 --- a/src/libstrongswan/utils/windows.h +++ b/src/libstrongswan/utils/windows.h @@ -264,6 +264,12 @@ int socketpair(int domain, int type, int protocol, int sv[2]); */ #define ECONNRESET ENXIO +/** + * close(2) working for file handles and Winsock sockets + */ +#define close windows_close +int windows_close(int fd); + /** * recv(2) with support for MSG_DONTWAIT */ From b9dca7057cd4423555ae87d64c1a2cf272c9c87c Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Tue, 29 Oct 2013 10:58:39 +0100 Subject: [PATCH 062/138] filelog: Ignore flush_line option if setlinebuf() not supported --- configure.ac | 2 +- src/libcharon/bus/listeners/file_logger.c | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/configure.ac b/configure.ac index 0dc5ac6ff..e3e4f881a 100644 --- a/configure.ac +++ b/configure.ac @@ -568,7 +568,7 @@ AC_CHECK_FUNC( ) AC_CHECK_FUNCS(prctl mallinfo getpass closefrom getpwnam_r getgrnam_r getpwuid_r) -AC_CHECK_FUNCS(fmemopen funopen mmap memrchr syslog) +AC_CHECK_FUNCS(fmemopen funopen mmap memrchr syslog setlinebuf) AC_CHECK_HEADERS(sys/sockio.h glob.h net/if_tun.h linux/fib_rules.h) AC_CHECK_HEADERS(net/pfkeyv2.h netipsec/ipsec.h netinet6/ipsec.h linux/udp.h) diff --git a/src/libcharon/bus/listeners/file_logger.c b/src/libcharon/bus/listeners/file_logger.c index 68a386d11..c86cff132 100644 --- a/src/libcharon/bus/listeners/file_logger.c +++ b/src/libcharon/bus/listeners/file_logger.c @@ -214,10 +214,12 @@ METHOD(file_logger_t, open_, void, this->filename, strerror(errno)); return; } +#ifdef HAVE_SETLINEBUF if (flush_line) { setlinebuf(file); } +#endif /* HAVE_SETLINEBUF */ } this->lock->write_lock(this->lock); close_file(this); From 87b43dd8b0b422bd911c2b90e012decfaea25982 Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Tue, 29 Oct 2013 10:59:08 +0100 Subject: [PATCH 063/138] libcharon: Link against Winsock2 on Windows --- src/libcharon/Makefile.am | 1 + 1 file changed, 1 insertion(+) diff --git a/src/libcharon/Makefile.am b/src/libcharon/Makefile.am index 586d1dd9a..a4f1ebbe3 100644 --- a/src/libcharon/Makefile.am +++ b/src/libcharon/Makefile.am @@ -144,6 +144,7 @@ libcharon_la_LIBADD = \ -lm $(PTHREADLIB) $(DLLIB) $(SOCKLIB) if USE_WINDOWS + libcharon_la_LIBADD += -lws2_32 else libcharon_la_SOURCES += \ bus/listeners/sys_logger.c bus/listeners/sys_logger.h From df4341747cdba90212dc21784b391a605cd2b977 Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Tue, 29 Oct 2013 17:33:33 +0100 Subject: [PATCH 064/138] charon-svc: Implement a Windows IKE service using libcharon The resulting binary can be either run as Windows service or directly as console application. --- configure.ac | 9 +- src/Makefile.am | 4 + src/charon-svc/Makefile.am | 16 +++ src/charon-svc/charon-svc.c | 264 ++++++++++++++++++++++++++++++++++++ 4 files changed, 290 insertions(+), 3 deletions(-) create mode 100644 src/charon-svc/Makefile.am create mode 100644 src/charon-svc/charon-svc.c diff --git a/configure.ac b/configure.ac index e3e4f881a..4eda8eec4 100644 --- a/configure.ac +++ b/configure.ac @@ -266,6 +266,7 @@ ARG_ENABL_SET([medcli], [enable mediation client configuration database ARG_ENABL_SET([medsrv], [enable mediation server web frontend and daemon plugin.]) ARG_ENABL_SET([nm], [enable NetworkManager backend.]) ARG_DISBL_SET([scripts], [disable additional utilities (found in directory scripts).]) +ARG_ENABL_SET([svc], [enable charon Windows service.]) ARG_ENABL_SET([swanctl], [enable swanctl configuration and control tool.]) ARG_ENABL_SET([tkm], [enable Trusted Key Manager support.]) ARG_DISBL_SET([tools], [disable additional utilities (scepclient and pki).]) @@ -1400,9 +1401,9 @@ AM_CONDITIONAL(USE_NM, test x$nm = xtrue) AM_CONDITIONAL(USE_TOOLS, test x$tools = xtrue) AM_CONDITIONAL(USE_SCRIPTS, test x$scripts = xtrue) AM_CONDITIONAL(USE_CONFTEST, test x$conftest = xtrue) -AM_CONDITIONAL(USE_LIBSTRONGSWAN, test x$charon = xtrue -o x$tools = xtrue -o x$conftest = xtrue -o x$fast = xtrue -o x$imcv = xtrue -o x$nm = xtrue -o x$tkm = xtrue -o x$cmd = xtrue -o x$tls = xtrue -o x$tnc_tnccs = xtrue -o x$aikgen = xtrue) -AM_CONDITIONAL(USE_LIBHYDRA, test x$charon = xtrue -o x$nm = xtrue -o x$tkm = xtrue -o x$cmd = xtrue) -AM_CONDITIONAL(USE_LIBCHARON, test x$charon = xtrue -o x$conftest = xtrue -o x$nm = xtrue -o x$tkm = xtrue -o x$cmd = xtrue) +AM_CONDITIONAL(USE_LIBSTRONGSWAN, test x$charon = xtrue -o x$tools = xtrue -o x$conftest = xtrue -o x$fast = xtrue -o x$imcv = xtrue -o x$nm = xtrue -o x$tkm = xtrue -o x$cmd = xtrue -o x$tls = xtrue -o x$tnc_tnccs = xtrue -o x$aikgen = xtrue -o x$svc = xtrue) +AM_CONDITIONAL(USE_LIBHYDRA, test x$charon = xtrue -o x$nm = xtrue -o x$tkm = xtrue -o x$cmd = xtrue -o x$svc = xtrue) +AM_CONDITIONAL(USE_LIBCHARON, test x$charon = xtrue -o x$conftest = xtrue -o x$nm = xtrue -o x$tkm = xtrue -o x$cmd = xtrue -o x$svc = xtrue) AM_CONDITIONAL(USE_LIBIPSEC, test x$libipsec = xtrue) AM_CONDITIONAL(USE_LIBTNCIF, test x$tnc_tnccs = xtrue -o x$imcv = xtrue) AM_CONDITIONAL(USE_LIBTNCCS, test x$tnc_tnccs = xtrue) @@ -1426,6 +1427,7 @@ AM_CONDITIONAL(USE_TKM, test x$tkm = xtrue) AM_CONDITIONAL(USE_CMD, test x$cmd = xtrue) AM_CONDITIONAL(USE_AIKGEN, test x$aikgen = xtrue) AM_CONDITIONAL(USE_SWANCTL, test x$swanctl = xtrue) +AM_CONDITIONAL(USE_SVC, test x$svc = xtrue) # ======================== # set global definitions @@ -1565,6 +1567,7 @@ AC_CONFIG_FILES([ src/charon-nm/Makefile src/charon-tkm/Makefile src/charon-cmd/Makefile + src/charon-svc/Makefile src/libcharon/Makefile src/libcharon/plugins/eap_aka/Makefile src/libcharon/plugins/eap_aka_3gpp2/Makefile diff --git a/src/Makefile.am b/src/Makefile.am index 38e4b834d..89c059255 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -116,6 +116,10 @@ if USE_CMD SUBDIRS += charon-cmd endif +if USE_SVC + SUBDIRS += charon-svc +endif + if USE_LIBPTTLS SUBDIRS += pt-tls-client endif diff --git a/src/charon-svc/Makefile.am b/src/charon-svc/Makefile.am new file mode 100644 index 000000000..ecccf02f5 --- /dev/null +++ b/src/charon-svc/Makefile.am @@ -0,0 +1,16 @@ +bin_PROGRAMS = charon-svc + +charon_svc_SOURCES = charon-svc.c + +charon-svc.o : $(top_builddir)/config.status + +AM_CPPFLAGS = \ + -I$(top_srcdir)/src/libstrongswan \ + -I$(top_srcdir)/src/libhydra \ + -I$(top_srcdir)/src/libcharon \ + -DPLUGINS=\""${charon_plugins}\"" + +charon_svc_LDADD = \ + $(top_builddir)/src/libstrongswan/libstrongswan.la \ + $(top_builddir)/src/libhydra/libhydra.la \ + $(top_builddir)/src/libcharon/libcharon.la diff --git a/src/charon-svc/charon-svc.c b/src/charon-svc/charon-svc.c new file mode 100644 index 000000000..3f4b80dce --- /dev/null +++ b/src/charon-svc/charon-svc.c @@ -0,0 +1,264 @@ +/* + * Copyright (C) 2013 Martin Willi + * Copyright (C) 2013 revosec AG + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include +#include +#include + +#include +#include + +/** + * The name of our service, both internal and external + */ +#define SERVICE_NAME "charon-svc" + +/** + * Current service status + */ +static SERVICE_STATUS status; + +/** + * Handle for service status + */ +static SERVICE_STATUS_HANDLE handle; + +/** + * Wait event for main thread + */ +static HANDLE event; + +/** + * hook in library for debugging messages + */ +extern void (*dbg) (debug_t group, level_t level, char *fmt, ...); + +/** + * Logging hook for library logs, using stderr output + */ +static void dbg_stderr(debug_t group, level_t level, char *fmt, ...) +{ + va_list args; + + if (level <= 1) + { + va_start(args, fmt); + fprintf(stderr, "00[%N] ", debug_names, group); + vfprintf(stderr, fmt, args); + fprintf(stderr, "\n"); + va_end(args); + } +} + +/** + * Log strongSwan/Windows version during startup + */ +static void print_version() +{ + OSVERSIONINFOEX osvie; + + memset(&osvie, 0, sizeof(osvie)); + osvie.dwOSVersionInfoSize = sizeof(osvie); + + if (GetVersionEx((LPOSVERSIONINFO)&osvie)) + { + DBG1(DBG_DMN, "Starting IKE service %s (strongSwan %s, " + "Windows %s %d.%d.%d (SP %d.%d)", SERVICE_NAME, VERSION, + osvie.wProductType == VER_NT_WORKSTATION ? "Client" : "Server", + osvie.dwMajorVersion, osvie.dwMinorVersion, osvie.dwBuildNumber, + osvie.wServicePackMajor, osvie.wServicePackMinor); + } +} + +/** + * Update service state to SCM, increase check point if state didn't change + */ +static void update_status(DWORD state) +{ + if (state == status.dwCurrentState) + { + status.dwCheckPoint++; + } + else + { + status.dwCheckPoint = 0; + } + status.dwCurrentState = state; + if (handle) + { + SetServiceStatus(handle, &status); + } +} + +/** + * Initialize and run charon + */ +static void init_and_run(DWORD dwArgc, LPTSTR *lpszArgv) +{ + level_t levels[DBG_MAX]; + int i; + + for (i = 0; i < DBG_MAX; i++) + { + levels[i] = LEVEL_CTRL; + } + + update_status(SERVICE_START_PENDING); + event = CreateEvent(NULL, FALSE, FALSE, NULL); + if (event) + { + update_status(SERVICE_START_PENDING); + if (library_init(NULL, SERVICE_NAME)) + { + update_status(SERVICE_START_PENDING); + if (libhydra_init()) + { + update_status(SERVICE_START_PENDING); + if (libcharon_init()) + { + charon->load_loggers(charon, levels, TRUE); + print_version(); + update_status(SERVICE_START_PENDING); + if (charon->initialize(charon, PLUGINS)) + { + update_status(SERVICE_START_PENDING); + lib->plugins->status(lib->plugins, LEVEL_CTRL); + + charon->start(charon); + + status.dwWin32ExitCode = 0; + update_status(SERVICE_RUNNING); + + /* main thread goes to sleep */ + WaitForSingleObjectEx(event, INFINITE, TRUE); + } + update_status(SERVICE_STOP_PENDING); + libcharon_deinit(); + } + update_status(SERVICE_STOP_PENDING); + libhydra_deinit(); + } + update_status(SERVICE_STOP_PENDING); + library_deinit(); + } + update_status(SERVICE_STOP_PENDING); + CloseHandle(event); + } + update_status(SERVICE_STOPPED); +} + +/** + * Control handler for console + */ +static BOOL console_handler(DWORD dwCtrlType) +{ + switch (dwCtrlType) + { + case CTRL_C_EVENT: + case CTRL_BREAK_EVENT: + case CTRL_CLOSE_EVENT: + DBG1(DBG_DMN, "application is stopping, cleaning up"); + charon->bus->alert(charon->bus, ALERT_SHUTDOWN_SIGNAL, dwCtrlType); + /* signal main thread to clean up */ + SetEvent(event); + return TRUE; + default: + return FALSE; + } +} + +/** + * Main routine when running from console + */ +static void console_main(DWORD dwArgc, LPTSTR *lpszArgv) +{ + status.dwWin32ExitCode = 1; + + if (SetConsoleCtrlHandler(console_handler, TRUE)) + { + init_and_run(dwArgc, lpszArgv); + SetConsoleCtrlHandler(console_handler, FALSE); + } +} + +/** + * Service handler function + */ +static DWORD service_handler(DWORD dwControl, DWORD dwEventType, + LPVOID lpEventData, LPVOID lpContext) +{ + switch (dwControl) + { + case SERVICE_CONTROL_STOP: + case SERVICE_CONTROL_SHUTDOWN: + DBG1(DBG_DMN, "service is stopping, cleaning up"); + charon->bus->alert(charon->bus, ALERT_SHUTDOWN_SIGNAL, dwControl); + /* signal main thread to clean up */ + SetEvent(event); + return NO_ERROR; + case SERVICE_CONTROL_INTERROGATE: + return NO_ERROR; + default: + return ERROR_CALL_NOT_IMPLEMENTED; + } +} + +/** + * Service main routine when running as service + */ +static void service_main(DWORD dwArgc, LPTSTR *lpszArgv) +{ + memset(&status, 0, sizeof(status)); + status.dwServiceType = SERVICE_WIN32_OWN_PROCESS; + status.dwControlsAccepted = SERVICE_ACCEPT_STOP | SERVICE_ACCEPT_SHUTDOWN; + status.dwWin32ExitCode = 1; + + handle = RegisterServiceCtrlHandlerEx(SERVICE_NAME, service_handler, NULL); + if (handle) + { + init_and_run(dwArgc, lpszArgv); + } +} + +/** + * Main function, starts the service + */ +int main(int argc, char *argv[]) +{ + SERVICE_TABLE_ENTRY services[] = { + { + .lpServiceName = SERVICE_NAME, + .lpServiceProc = service_main, + }, + { NULL, NULL }, + }; + DWORD err; + + dbg = dbg_stderr; + + if (!StartServiceCtrlDispatcher(services)) + { + err = GetLastError(); + if (err == ERROR_FAILED_SERVICE_CONTROLLER_CONNECT) + { + console_main(argc, argv); + } + else + { + return 2; + } + } + return status.dwWin32ExitCode; +} From 8e1c0d15a93a1862797b2c3d2eb164adcbfb5b01 Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Fri, 22 Nov 2013 09:08:09 +0100 Subject: [PATCH 065/138] mysql: Add Windows support As the mysql_config script is not available for Windows, we use a hardcoded library name and no additional CFLAGS. This builds fine against the binary MySQL Connector/C distribution. --- configure.ac | 16 +++++++++++----- src/libstrongswan/plugins/mysql/mysql_database.c | 12 +++++++----- src/libstrongswan/plugins/mysql/mysql_database.h | 1 + 3 files changed, 19 insertions(+), 10 deletions(-) diff --git a/configure.ac b/configure.ac index 4eda8eec4..633e611dc 100644 --- a/configure.ac +++ b/configure.ac @@ -895,12 +895,18 @@ if test x$fast = xtrue; then fi if test x$mysql = xtrue; then - AC_PATH_PROG([MYSQLCONFIG], [mysql_config], [], [$PATH:/bin:/usr/bin:/usr/local/bin]) - if test x$MYSQLCONFIG = x; then - AC_MSG_ERROR([mysql_config not found!]) + if test "x$windows" = xtrue; then + AC_CHECK_HEADER([mysql.h],,[AC_MSG_ERROR([MySQL header file mysql.h not found!])]) + AC_CHECK_LIB([mysql],[main],[LIBS="$LIBS"],[AC_MSG_ERROR([MySQL library not found!])],[]) + AC_SUBST(MYSQLLIB, -lmysql) + else + AC_PATH_PROG([MYSQLCONFIG], [mysql_config], [], [$PATH:/bin:/usr/bin:/usr/local/bin]) + if test x$MYSQLCONFIG = x; then + AC_MSG_ERROR([mysql_config not found!]) + fi + AC_SUBST(MYSQLLIB, `$MYSQLCONFIG --libs_r`) + AC_SUBST(MYSQLCFLAG, `$MYSQLCONFIG --cflags`) fi - AC_SUBST(MYSQLLIB, `$MYSQLCONFIG --libs_r`) - AC_SUBST(MYSQLCFLAG, `$MYSQLCONFIG --cflags`) fi if test x$sqlite = xtrue; then diff --git a/src/libstrongswan/plugins/mysql/mysql_database.c b/src/libstrongswan/plugins/mysql/mysql_database.c index 373e9dc7c..871cc59a0 100644 --- a/src/libstrongswan/plugins/mysql/mysql_database.c +++ b/src/libstrongswan/plugins/mysql/mysql_database.c @@ -14,12 +14,12 @@ * for more details. */ +#include "mysql_database.h" + #define _GNU_SOURCE #include #include -#include "mysql_database.h" - #include #include #include @@ -730,7 +730,7 @@ static bool finalize_transaction(private_mysql_database_t *this, return TRUE; } -METHOD(database_t, commit, bool, +METHOD(database_t, commit_, bool, private_mysql_database_t *this) { return finalize_transaction(this, FALSE); @@ -768,7 +768,7 @@ static bool parse_uri(private_mysql_database_t *this, char *uri) /** * parse mysql://username:pass@host:port/database uri */ - username = strdupa(uri + 8); + username = strdup(uri + 8); pos = strchr(username, ':'); if (pos) { @@ -800,10 +800,12 @@ static bool parse_uri(private_mysql_database_t *this, char *uri) this->password = strdup(password); this->database = strdup(database); this->port = atoi(port); + free(username); return TRUE; } } } + free(username); DBG1(DBG_LIB, "parsing MySQL database uri '%s' failed", uri); return FALSE; } @@ -828,7 +830,7 @@ mysql_database_t *mysql_database_create(char *uri) .query = _query, .execute = _execute, .transaction = _transaction, - .commit = _commit, + .commit = _commit_, .rollback = _rollback, .get_driver = _get_driver, .destroy = _destroy, diff --git a/src/libstrongswan/plugins/mysql/mysql_database.h b/src/libstrongswan/plugins/mysql/mysql_database.h index 98ddcad36..bbf6a33e9 100644 --- a/src/libstrongswan/plugins/mysql/mysql_database.h +++ b/src/libstrongswan/plugins/mysql/mysql_database.h @@ -21,6 +21,7 @@ #ifndef MYSQL_DATABASE_H_ #define MYSQL_DATABASE_H_ +#include #include typedef struct mysql_database_t mysql_database_t; From 9df2a04a9357c1f27f5b975cfb17512e4f9ee924 Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Mon, 2 Dec 2013 11:36:34 +0100 Subject: [PATCH 066/138] sqlite: Avoid name clash when building on Windows --- src/libstrongswan/plugins/sqlite/sqlite_database.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/libstrongswan/plugins/sqlite/sqlite_database.c b/src/libstrongswan/plugins/sqlite/sqlite_database.c index 675707491..ec1ca1404 100644 --- a/src/libstrongswan/plugins/sqlite/sqlite_database.c +++ b/src/libstrongswan/plugins/sqlite/sqlite_database.c @@ -367,7 +367,7 @@ static bool finalize_transaction(private_sqlite_database_t *this, return TRUE; } -METHOD(database_t, commit, bool, +METHOD(database_t, commit_, bool, private_sqlite_database_t *this) { return finalize_transaction(this, FALSE); @@ -431,7 +431,7 @@ sqlite_database_t *sqlite_database_create(char *uri) .query = _query, .execute = _execute, .transaction = _transaction, - .commit = _commit, + .commit = _commit_, .rollback = _rollback, .get_driver = _get_driver, .destroy = _destroy, From 3d50dd47ef3876ee730495fcfa0a383d5a946131 Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Thu, 2 Jan 2014 14:29:35 +0100 Subject: [PATCH 067/138] windows: Overload sleep() cancellable when it is defined in --- src/libstrongswan/utils/windows.h | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/libstrongswan/utils/windows.h b/src/libstrongswan/utils/windows.h index 3e317ce59..2de6f043b 100644 --- a/src/libstrongswan/utils/windows.h +++ b/src/libstrongswan/utils/windows.h @@ -25,6 +25,7 @@ #include #include #include +#include /* undef Windows variants evaluating values more than once */ #undef min @@ -79,7 +80,8 @@ static inline int sched_yield(void) /** * Replacement of sleep(3), cancellable by thread_cancel() */ -static inline int sleep(unsigned int seconds) +#define sleep sleep_cancellable +static inline int sleep_cancellable(unsigned int seconds) { SleepEx(seconds * 1000, TRUE); return 0; From 89c3ff6d2cf890374b722675854f39658f22cc6d Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Thu, 2 Jan 2014 14:30:45 +0100 Subject: [PATCH 068/138] windows: Check for clock_gettime() function itself as well CLOCK_THREAD_CPUTIME_ID seems to be defined sometimes even if clock_gettime() is missing. --- src/libstrongswan/crypto/crypto_tester.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/libstrongswan/crypto/crypto_tester.c b/src/libstrongswan/crypto/crypto_tester.c index 9e1d4dd90..d09844bfa 100644 --- a/src/libstrongswan/crypto/crypto_tester.c +++ b/src/libstrongswan/crypto/crypto_tester.c @@ -104,7 +104,7 @@ static const char* get_name(void *sym) return "unknown"; } -#ifdef CLOCK_THREAD_CPUTIME_ID +#if defined(CLOCK_THREAD_CPUTIME_ID) && defined(HAVE_CLOCK_GETTIME) /** * Start a benchmark timer From 1f3bf4175d72af01320d49c090fd3d294f658aeb Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Thu, 2 Jan 2014 14:34:00 +0100 Subject: [PATCH 069/138] windows: Check for existence of error codes before defining them --- src/libstrongswan/utils/windows.h | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/libstrongswan/utils/windows.h b/src/libstrongswan/utils/windows.h index 2de6f043b..9ed6f8f11 100644 --- a/src/libstrongswan/utils/windows.h +++ b/src/libstrongswan/utils/windows.h @@ -258,13 +258,17 @@ int socketpair(int domain, int type, int protocol, int sv[2]); /** * EWOULDBLOCK is EAGAIN on other systems as well */ +#ifndef EWOULDBLOCK #define EWOULDBLOCK EAGAIN +#endif /** * ECONNRESET is mapped to something arbitrary. It is returned by * stream->read_all() but should not be mapped from a send/recv WSA error. */ +#ifndef ECONNRESET #define ECONNRESET ENXIO +#endif /** * close(2) working for file handles and Winsock sockets From 8120b3c33960309fa820cf43d8062b7ab04efe1f Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Thu, 2 Jan 2014 15:20:14 +0100 Subject: [PATCH 070/138] windows: Don't redeclare inet_ntop/pton if already defined --- src/libstrongswan/utils/windows.h | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/libstrongswan/utils/windows.h b/src/libstrongswan/utils/windows.h index 9ed6f8f11..235586c53 100644 --- a/src/libstrongswan/utils/windows.h +++ b/src/libstrongswan/utils/windows.h @@ -115,12 +115,16 @@ char* strndup(const char *s, size_t n); /** * Provided via ws2_32 */ +#ifndef InetNtop const char *inet_ntop(int af, const void *src, char *dst, socklen_t size); +#endif /** * Provided via ws2_32 */ +#ifndef InetPton int inet_pton(int af, const char *src, void *dst); +#endif /** * Provided by printf hook backend From 89e46c41f1e6e818979a9aab07447a807629f179 Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Thu, 2 Jan 2014 18:14:51 +0100 Subject: [PATCH 071/138] windows: Include for Vista instead of defining CondVar/SRWLock functions ourself --- src/libstrongswan/threading/windows/mutex.c | 5 ++-- src/libstrongswan/threading/windows/rwlock.c | 5 ++-- src/libstrongswan/threading/windows/thread.c | 5 ++-- src/libstrongswan/threading/windows/thread.h | 25 +++---------------- .../threading/windows/thread_value.c | 5 ++-- 5 files changed, 12 insertions(+), 33 deletions(-) diff --git a/src/libstrongswan/threading/windows/mutex.c b/src/libstrongswan/threading/windows/mutex.c index 873cb8f98..a26889580 100644 --- a/src/libstrongswan/threading/windows/mutex.c +++ b/src/libstrongswan/threading/windows/mutex.c @@ -13,13 +13,12 @@ * for more details. */ -#include +#include "thread.h" + #include #include #include -#include "thread.h" - typedef struct private_mutex_t private_mutex_t; typedef struct private_condvar_t private_condvar_t; diff --git a/src/libstrongswan/threading/windows/rwlock.c b/src/libstrongswan/threading/windows/rwlock.c index b27ef0035..0de57f713 100644 --- a/src/libstrongswan/threading/windows/rwlock.c +++ b/src/libstrongswan/threading/windows/rwlock.c @@ -13,14 +13,13 @@ * for more details. */ -#include +#include "thread.h" + #include #include #include #include -#include "thread.h" - typedef struct private_rwlock_t private_rwlock_t; typedef struct private_rwlock_condvar_t private_rwlock_condvar_t; diff --git a/src/libstrongswan/threading/windows/thread.c b/src/libstrongswan/threading/windows/thread.c index 35d56c47d..2ea0f9a7e 100644 --- a/src/libstrongswan/threading/windows/thread.c +++ b/src/libstrongswan/threading/windows/thread.c @@ -13,15 +13,14 @@ * for more details. */ -#include +#include "thread.h" + #include #include #include #include #include -#include "thread.h" - typedef struct private_thread_t private_thread_t; diff --git a/src/libstrongswan/threading/windows/thread.h b/src/libstrongswan/threading/windows/thread.h index 571171702..3c470522b 100644 --- a/src/libstrongswan/threading/windows/thread.h +++ b/src/libstrongswan/threading/windows/thread.h @@ -16,6 +16,10 @@ #ifndef WINDOWS_THREAD_H_ #define WINDOWS_THREAD_H_ +/* for conditionVariables, Vista */ +#define _WIN32_WINNT 0x0600 +#include + /** * @defgroup windowsthread windows * @ingroup threading @@ -24,27 +28,6 @@ * @{ @ingroup windowsthread */ -/** - * MinGW seems to miss the actual struct definition - */ -typedef struct { - PVOID Ptr; -} SRWLOCK, *PSRWLOCK, CONDITION_VARIABLE, *PCONDITION_VARIABLE; - -VOID WINAPI InitializeConditionVariable(PCONDITION_VARIABLE ConditionVariable); -BOOL WINAPI SleepConditionVariableCS(PCONDITION_VARIABLE ConditionVariable, - PCRITICAL_SECTION CriticalSection, DWORD dwMilliseconds); -BOOL WINAPI SleepConditionVariableSRW(PCONDITION_VARIABLE ConditionVariable, - PSRWLOCK SRWLock, DWORD dwMilliseconds, ULONG Flags); -VOID WINAPI WakeAllConditionVariable(PCONDITION_VARIABLE ConditionVariable); -VOID WINAPI WakeConditionVariable(PCONDITION_VARIABLE ConditionVariable); -VOID WINAPI AcquireSRWLockExclusive(PSRWLOCK SRWLock); -VOID WINAPI AcquireSRWLockShared(PSRWLOCK SRWLock); -BOOL TryAcquireSRWLockExclusive(PSRWLOCK SRWLock); -VOID WINAPI InitializeSRWLock(PSRWLOCK SRWLock); -VOID WINAPI ReleaseSRWLockExclusive(PSRWLOCK SRWLock); -VOID WINAPI ReleaseSRWLockShared(PSRWLOCK SRWLock); - /** * Set active condvar of a thread before waiting in it. * diff --git a/src/libstrongswan/threading/windows/thread_value.c b/src/libstrongswan/threading/windows/thread_value.c index da79d7b44..1dd8a7816 100644 --- a/src/libstrongswan/threading/windows/thread_value.c +++ b/src/libstrongswan/threading/windows/thread_value.c @@ -13,11 +13,10 @@ * for more details. */ -#include -#include - #include "thread.h" +#include + typedef struct private_thread_value_t private_thread_value_t; From ee2498e3d6c14a3b4e60ad9e155c6c3c5f07595a Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Wed, 8 Jan 2014 11:28:49 +0100 Subject: [PATCH 072/138] bus: Build syslog logger depending on syslog() availability --- configure.ac | 8 +++++++- src/libcharon/Makefile.am | 7 ++++--- 2 files changed, 11 insertions(+), 4 deletions(-) diff --git a/configure.ac b/configure.ac index 633e611dc..ca5c63668 100644 --- a/configure.ac +++ b/configure.ac @@ -569,7 +569,13 @@ AC_CHECK_FUNC( ) AC_CHECK_FUNCS(prctl mallinfo getpass closefrom getpwnam_r getgrnam_r getpwuid_r) -AC_CHECK_FUNCS(fmemopen funopen mmap memrchr syslog setlinebuf) +AC_CHECK_FUNCS(fmemopen funopen mmap memrchr setlinebuf) + +AC_CHECK_FUNC([syslog], [ + AC_DEFINE([HAVE_SYSLOG], [], [have syslog(3) and friends]) + syslog=true +]) +AM_CONDITIONAL(USE_SYSLOG, [test "x$syslog" = xtrue]) AC_CHECK_HEADERS(sys/sockio.h glob.h net/if_tun.h linux/fib_rules.h) AC_CHECK_HEADERS(net/pfkeyv2.h netipsec/ipsec.h netinet6/ipsec.h linux/udp.h) diff --git a/src/libcharon/Makefile.am b/src/libcharon/Makefile.am index a4f1ebbe3..8513af86b 100644 --- a/src/libcharon/Makefile.am +++ b/src/libcharon/Makefile.am @@ -124,6 +124,10 @@ processing/jobs/dpd_timeout_job.c processing/jobs/dpd_timeout_job.h \ processing/jobs/adopt_children_job.c processing/jobs/adopt_children_job.h endif +if USE_SYSLOG + libcharon_la_SOURCES += \ + bus/listeners/sys_logger.c bus/listeners/sys_logger.h +endif daemon.lo : $(top_builddir)/config.status @@ -145,9 +149,6 @@ libcharon_la_LIBADD = \ if USE_WINDOWS libcharon_la_LIBADD += -lws2_32 -else - libcharon_la_SOURCES += \ - bus/listeners/sys_logger.c bus/listeners/sys_logger.h endif EXTRA_DIST = Android.mk From 30308c5fdba20bd12d402258a39d965373a9b606 Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Wed, 8 Jan 2014 11:06:18 +0100 Subject: [PATCH 073/138] libtls: Link against ws_w32 on Windows --- src/libtls/Makefile.am | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/libtls/Makefile.am b/src/libtls/Makefile.am index d565a1479..b6496363c 100644 --- a/src/libtls/Makefile.am +++ b/src/libtls/Makefile.am @@ -14,6 +14,10 @@ libtls_la_SOURCES = \ libtls_la_LIBADD = \ $(top_builddir)/src/libstrongswan/libstrongswan.la +if USE_WINDOWS + libtls_la_LIBADD += -lws2_32 +endif + if USE_DEV_HEADERS tls_includedir = ${dev_headers}/tls nobase_tls_include_HEADERS = \ From 262802f1012450794c1dbaeb4409878939516800 Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Wed, 8 Jan 2014 11:06:50 +0100 Subject: [PATCH 074/138] libtnccs: Link against ws_w32 on Windows --- src/libtnccs/Makefile.am | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/src/libtnccs/Makefile.am b/src/libtnccs/Makefile.am index 22a3b93b0..7a630fe54 100644 --- a/src/libtnccs/Makefile.am +++ b/src/libtnccs/Makefile.am @@ -12,6 +12,10 @@ libtnccs_la_LIBADD = \ $(top_builddir)/src/libstrongswan/libstrongswan.la \ $(top_builddir)/src/libtncif/libtncif.la +if USE_WINDOWS + libtnccs_la_LIBADD += -lws2_32 +endif + libtnccs_la_SOURCES = \ tnc/tnc.h tnc/tnc.c \ tnc/imc/imc.h tnc/imc/imc_manager.h \ @@ -72,5 +76,3 @@ if MONOLITHIC libtnccs_la_LIBADD += plugins/tnccs_dynamic/libstrongswan-tnccs-dynamic.la endif endif - - From 17c17665cbad77df2aa4bce812fd371a5795d228 Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Wed, 8 Jan 2014 11:07:01 +0100 Subject: [PATCH 075/138] libpttls: Link against ws_w32 on Windows --- src/libpttls/Makefile.am | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/libpttls/Makefile.am b/src/libpttls/Makefile.am index f2bcf44d5..7e67600ca 100644 --- a/src/libpttls/Makefile.am +++ b/src/libpttls/Makefile.am @@ -13,6 +13,10 @@ libpttls_la_LIBADD = \ $(top_builddir)/src/libstrongswan/libstrongswan.la \ $(top_builddir)/src/libtls/libtls.la +if USE_WINDOWS + libpttls_la_LIBADD += -lws2_32 +endif + libpttls_la_SOURCES = pt_tls.c pt_tls.h \ pt_tls_client.c pt_tls_client.h \ pt_tls_server.c pt_tls_server.h \ From fb7cb97d6e3492c5700ad20ffae593f8398f30cc Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Wed, 8 Jan 2014 11:56:44 +0100 Subject: [PATCH 076/138] libimcv: Link against ws_w32 on Windows --- src/libimcv/Makefile.am | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/libimcv/Makefile.am b/src/libimcv/Makefile.am index 3732267ed..ca5a9ac7c 100644 --- a/src/libimcv/Makefile.am +++ b/src/libimcv/Makefile.am @@ -11,6 +11,10 @@ libimcv_la_LIBADD = \ $(top_builddir)/src/libstrongswan/libstrongswan.la \ $(top_builddir)/src/libtncif/libtncif.la +if USE_WINDOWS + libimcv_la_LIBADD += -lws2_32 +endif + libimcv_la_SOURCES = \ imcv.h imcv.c \ imc/imc_agent.h imc/imc_agent.c imc/imc_state.h \ From 09e5f15a134f82e167e1978709f5a6c8851f0e17 Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Wed, 8 Jan 2014 11:29:41 +0100 Subject: [PATCH 077/138] libimcv: Disable default syslog() logging if not supported --- src/libimcv/imcv.c | 40 ++++++++++++++++++++++++---------------- 1 file changed, 24 insertions(+), 16 deletions(-) diff --git a/src/libimcv/imcv.c b/src/libimcv/imcv.c index 86164486b..30679a33d 100644 --- a/src/libimcv/imcv.c +++ b/src/libimcv/imcv.c @@ -20,7 +20,9 @@ #include #include +#ifdef HAVE_SYSLOG #include +#endif #define IMCV_DEBUG_LEVEL 1 #define IMCV_DEFAULT_POLICY_SCRIPT "ipsec _imv_policy" @@ -62,9 +64,6 @@ static bool imcv_stderr_quiet; */ static void imcv_dbg(debug_t group, level_t level, char *fmt, ...) { - int priority = LOG_INFO; - char buffer[8192]; - char *current = buffer, *next; va_list args; if (level <= imcv_debug_level) @@ -78,22 +77,30 @@ static void imcv_dbg(debug_t group, level_t level, char *fmt, ...) va_end(args); } - /* write in memory buffer first */ - va_start(args, fmt); - vsnprintf(buffer, sizeof(buffer), fmt, args); - va_end(args); - - /* do a syslog with every line */ - while (current) +#ifdef HAVE_SYSLOG { - next = strchr(current, '\n'); - if (next) + int priority = LOG_INFO; + char buffer[8192]; + char *current = buffer, *next; + + /* write in memory buffer first */ + va_start(args, fmt); + vsnprintf(buffer, sizeof(buffer), fmt, args); + va_end(args); + + /* do a syslog with every line */ + while (current) { - *(next++) = '\0'; + next = strchr(current, '\n'); + if (next) + { + *(next++) = '\0'; + } + syslog(priority, "[HSR] %s\n", current); + current = next; } - syslog(priority, "[HSR] %s\n", current); - current = next; } +#endif /* HAVE_SYSLOG */ } } @@ -127,7 +134,9 @@ bool libimcv_init(bool is_imv) /* activate the imcv debugging hook */ dbg = imcv_dbg; +#ifdef HAVE_SYSLOG openlog("imcv", 0, LOG_DAEMON); +#endif if (!lib->plugins->load(lib->plugins, lib->settings->get_str(lib->settings, "libimcv.load", @@ -197,4 +206,3 @@ void libimcv_deinit(void) library_deinit(); } } - From 9bac2c9e40d86d8ea422bf10c242033dc82e18cc Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Wed, 8 Jan 2014 11:56:55 +0100 Subject: [PATCH 078/138] libimcv: Port os_info (partially) to Windows --- src/libimcv/imc/imc_os_info.c | 88 +++++++++++++++++++++++++++++++---- src/libimcv/os_info/os_info.c | 5 +- src/libimcv/os_info/os_info.h | 1 + 3 files changed, 82 insertions(+), 12 deletions(-) diff --git a/src/libimcv/imc/imc_os_info.c b/src/libimcv/imc/imc_os_info.c index 86a7f82e2..33f9bf5af 100644 --- a/src/libimcv/imc/imc_os_info.c +++ b/src/libimcv/imc/imc_os_info.c @@ -13,9 +13,13 @@ * for more details. */ +/* for GetTickCount64, Windows 7 */ +#ifdef WIN32 +# define _WIN32_WINNT 0x0601 +#endif + #include "imc_os_info.h" -#include #include #include @@ -86,6 +90,69 @@ METHOD(imc_os_info_t, get_version, chunk_t, return this->version; } +#ifdef WIN32 + +METHOD(imc_os_info_t, get_fwd_status, os_fwd_status_t, + private_imc_os_info_t *this) +{ + return OS_FWD_UNKNOWN; +} + +METHOD(imc_os_info_t, get_uptime, time_t, + private_imc_os_info_t *this) +{ + return GetTickCount64() / 1000; +} + +METHOD(imc_os_info_t, get_setting, chunk_t, + private_imc_os_info_t *this, char *name) +{ + return chunk_empty; +} + +METHOD(imc_os_info_t, create_package_enumerator, enumerator_t*, + private_imc_os_info_t *this) +{ + return NULL; +} + +/** + * Determine Windows release + */ +static bool extract_platform_info(os_type_t *type, chunk_t *name, + chunk_t *version) +{ + OSVERSIONINFOEX osvie; + char buf[64]; + + memset(&osvie, 0, sizeof(osvie)); + osvie.dwOSVersionInfoSize = sizeof(osvie); + + if (!GetVersionEx((LPOSVERSIONINFO)&osvie)) + { + return FALSE; + } + *type = OS_TYPE_WINDOWS; + if (osvie.wProductType == VER_NT_WORKSTATION) + { + *name = chunk_clone(chunk_from_str("Client")); + } + else + { + *name = chunk_clone(chunk_from_str("Server")); + } + snprintf(buf, sizeof(buf), "%d.%d.%d (SP %d.%d)", + osvie.dwMajorVersion, osvie.dwMinorVersion, osvie.dwBuildNumber, + osvie.wServicePackMajor, osvie.wServicePackMinor); + *version = chunk_clone(chunk_from_str(buf)); + + return TRUE; +} + +#else /* !WIN32 */ + +#include + METHOD(imc_os_info_t, get_fwd_status, os_fwd_status_t, private_imc_os_info_t *this) { @@ -294,15 +361,6 @@ METHOD(imc_os_info_t, create_package_enumerator, enumerator_t*, return (enumerator_t*)enumerator; } - -METHOD(imc_os_info_t, destroy, void, - private_imc_os_info_t *this) -{ - free(this->name.ptr); - free(this->version.ptr); - free(this); -} - #define RELEASE_LSB 0 #define RELEASE_DEBIAN 1 @@ -505,6 +563,16 @@ static bool extract_platform_info(os_type_t *type, chunk_t *name, return TRUE; } +#endif /* !WIN32 */ + +METHOD(imc_os_info_t, destroy, void, + private_imc_os_info_t *this) +{ + free(this->name.ptr); + free(this->version.ptr); + free(this); +} + /** * See header */ diff --git a/src/libimcv/os_info/os_info.c b/src/libimcv/os_info/os_info.c index 67b09cd2f..258b8b442 100644 --- a/src/libimcv/os_info/os_info.c +++ b/src/libimcv/os_info/os_info.c @@ -15,7 +15,7 @@ #include "os_info.h" -ENUM(os_type_names, OS_TYPE_UNKNOWN, OS_TYPE_ANDROID, +ENUM(os_type_names, OS_TYPE_UNKNOWN, OS_TYPE_WINDOWS, "Unknown", "Debian", "Ubuntu", @@ -24,7 +24,8 @@ ENUM(os_type_names, OS_TYPE_UNKNOWN, OS_TYPE_ANDROID, "CentOS", "SUSE", "Gentoo", - "Android" + "Android", + "Windows", ); ENUM(os_fwd_status_names, OS_FWD_DISABLED, OS_FWD_UNKNOWN, diff --git a/src/libimcv/os_info/os_info.h b/src/libimcv/os_info/os_info.h index e77d888a7..031355458 100644 --- a/src/libimcv/os_info/os_info.h +++ b/src/libimcv/os_info/os_info.h @@ -40,6 +40,7 @@ enum os_type_t { OS_TYPE_SUSE, OS_TYPE_GENTOO, OS_TYPE_ANDROID, + OS_TYPE_WINDOWS, OS_TYPE_ROOF }; From 2a062f38d08d236de9a362ecdbc83b7ee2977ef2 Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Wed, 8 Jan 2014 11:59:50 +0100 Subject: [PATCH 079/138] libpts: Link against ws_w32 on Windows --- src/libpts/Makefile.am | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/libpts/Makefile.am b/src/libpts/Makefile.am index 6bd3a58fc..4d5bdf409 100644 --- a/src/libpts/Makefile.am +++ b/src/libpts/Makefile.am @@ -13,6 +13,10 @@ libpts_la_LIBADD = \ $(top_builddir)/src/libtncif/libtncif.la \ $(top_builddir)/src/libimcv/libimcv.la +if USE_WINDOWS + libpts_la_LIBADD += -lws2_32 +endif + if USE_TROUSERS libpts_la_LIBADD += -ltspi endif From a81a04d39e9d02c5fde12a84d698af3af3f55143 Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Wed, 8 Jan 2014 12:00:06 +0100 Subject: [PATCH 080/138] libpts: Fix build on Windows --- src/libpts/pts/pts.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/libpts/pts/pts.c b/src/libpts/pts/pts.c index d43dce9ed..3bddc6c39 100644 --- a/src/libpts/pts/pts.c +++ b/src/libpts/pts/pts.c @@ -35,7 +35,6 @@ #include #include -#include #include #include #include @@ -537,6 +536,7 @@ static bool file_metadata(char *pathname, pts_file_metadata_t **entry) { this->type = PTS_FILE_FIFO; } +#ifndef WIN32 else if (S_ISLNK(st.st_mode)) { this->type = PTS_FILE_SYM_LINK; @@ -545,6 +545,7 @@ static bool file_metadata(char *pathname, pts_file_metadata_t **entry) { this->type = PTS_FILE_SOCKET; } +#endif /* WIN32 */ else { this->type = PTS_FILE_OTHER; From 3f8a818610bb8ecb420b581178c15e40aff46866 Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Wed, 8 Jan 2014 12:03:58 +0100 Subject: [PATCH 081/138] attest: Disable syslog logging if syslog() missing --- src/libpts/plugins/imv_attestation/attest.c | 44 +++++++++++++-------- 1 file changed, 27 insertions(+), 17 deletions(-) diff --git a/src/libpts/plugins/imv_attestation/attest.c b/src/libpts/plugins/imv_attestation/attest.c index 904f5761a..63c0023a7 100644 --- a/src/libpts/plugins/imv_attestation/attest.c +++ b/src/libpts/plugins/imv_attestation/attest.c @@ -19,8 +19,10 @@ #include #include #include -#include #include +#ifdef HAVE_SYSLOG +# include +#endif #include #include @@ -43,9 +45,6 @@ static bool stderr_quiet = TRUE; */ static void attest_dbg(debug_t group, level_t level, char *fmt, ...) { - int priority = LOG_INFO; - char buffer[8192]; - char *current = buffer, *next; va_list args; if (level <= debug_level) @@ -58,22 +57,30 @@ static void attest_dbg(debug_t group, level_t level, char *fmt, ...) va_end(args); } - /* write in memory buffer first */ - va_start(args, fmt); - vsnprintf(buffer, sizeof(buffer), fmt, args); - va_end(args); - - /* do a syslog with every line */ - while (current) +#ifdef HAVE_SYSLOG { - next = strchr(current, '\n'); - if (next) + int priority = LOG_INFO; + char buffer[8192]; + char *current = buffer, *next; + + /* write in memory buffer first */ + va_start(args, fmt); + vsnprintf(buffer, sizeof(buffer), fmt, args); + va_end(args); + + /* do a syslog with every line */ + while (current) { - *(next++) = '\0'; + next = strchr(current, '\n'); + if (next) + { + *(next++) = '\0'; + } + syslog(priority, "%s\n", current); + current = next; } - syslog(priority, "%s\n", current); - current = next; } +#endif /* HAVE_SYSLOG */ } } @@ -91,7 +98,9 @@ static void cleanup(void) attest->destroy(attest); libpts_deinit(); libimcv_deinit(); +#ifdef HAVE_SYSLOG closelog(); +#endif } static void do_args(int argc, char *argv[]) @@ -440,7 +449,9 @@ int main(int argc, char *argv[]) /* enable attest debugging hook */ dbg = attest_dbg; +#ifdef HAVE_SYSLOG openlog("attest", 0, LOG_DEBUG); +#endif atexit(library_deinit); @@ -474,4 +485,3 @@ int main(int argc, char *argv[]) exit(EXIT_SUCCESS); } - From 481f1d1c9a24f773d2556f2435348b88ca6c7ae6 Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Wed, 8 Jan 2014 12:04:31 +0100 Subject: [PATCH 082/138] pt-tls-client: Remove unneeded socket.h include, fixing Windows build --- src/pt-tls-client/pt-tls-client.c | 1 - 1 file changed, 1 deletion(-) diff --git a/src/pt-tls-client/pt-tls-client.c b/src/pt-tls-client/pt-tls-client.c index 631ae3cce..b2d439abe 100644 --- a/src/pt-tls-client/pt-tls-client.c +++ b/src/pt-tls-client/pt-tls-client.c @@ -17,7 +17,6 @@ #include #include #include -#include #include #include #include From b7d71ff95d22eeb6cbd30da3ba83e5010ffa3d8a Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Mon, 2 Jun 2014 11:55:59 +0200 Subject: [PATCH 083/138] pt-tls-client: Support platforms not having syslog() --- src/pt-tls-client/pt-tls-client.c | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/src/pt-tls-client/pt-tls-client.c b/src/pt-tls-client/pt-tls-client.c index b2d439abe..8b41ae25e 100644 --- a/src/pt-tls-client/pt-tls-client.c +++ b/src/pt-tls-client/pt-tls-client.c @@ -21,7 +21,9 @@ #include #include #include +#ifdef HAVE_SYSLOG #include +#endif #include #include @@ -126,13 +128,13 @@ static bool load_key(char *filename) * Logging and debug level */ static bool log_to_stderr = TRUE; +#ifdef HAVE_SYSLOG static bool log_to_syslog = TRUE; +#endif /* HAVE_SYSLOG */ static level_t default_loglevel = 1; static void dbg_pt_tls(debug_t group, level_t level, char *fmt, ...) { - char buffer[8192]; - char *current = buffer, *next; va_list args; if (level <= default_loglevel) @@ -144,8 +146,12 @@ static void dbg_pt_tls(debug_t group, level_t level, char *fmt, ...) va_end(args); fprintf(stderr, "\n"); } +#ifdef HAVE_SYSLOG if (log_to_syslog) { + char buffer[8192]; + char *current = buffer, *next; + /* write in memory buffer first */ va_start(args, fmt); vsnprintf(buffer, sizeof(buffer), fmt, args); @@ -163,6 +169,7 @@ static void dbg_pt_tls(debug_t group, level_t level, char *fmt, ...) current = next; } } +#endif /* HAVE_SYSLOG */ } } @@ -177,10 +184,12 @@ static void init_log(const char *program) { setbuf(stderr, NULL); } +#ifdef HAVE_SYSLOG if (log_to_syslog) { openlog(program, LOG_CONS | LOG_NDELAY | LOG_PID, LOG_AUTHPRIV); } +#endif /* HAVE_SYSLOG */ } /** From 6b98c002855cfca41c51f6d2d929f0554cdc94b1 Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Wed, 8 Jan 2014 12:17:01 +0100 Subject: [PATCH 084/138] libimcv: Silence integer to pointer cast warnings --- src/libimcv/imc/imc_agent.c | 3 +-- src/libimcv/imv/imv_agent.c | 4 +--- 2 files changed, 2 insertions(+), 5 deletions(-) diff --git a/src/libimcv/imc/imc_agent.c b/src/libimcv/imc/imc_agent.c index 7dc3abddd..533151799 100644 --- a/src/libimcv/imc/imc_agent.c +++ b/src/libimcv/imc/imc_agent.c @@ -490,7 +490,7 @@ METHOD(imc_agent_t, reserve_additional_ids, TNC_Result, count--; /* store the scalar value in the pointer */ - pointer = (void*)id; + pointer = (void*)(uintptr_t)id; this->additional_ids->insert_last(this->additional_ids, pointer); DBG2(DBG_IMC, "IMC %u \"%s\" reserved additional ID %u", this->id, this->name, id); @@ -566,4 +566,3 @@ imc_agent_t *imc_agent_create(const char *name, return &this->public; } - diff --git a/src/libimcv/imv/imv_agent.c b/src/libimcv/imv/imv_agent.c index 5fc3f79c6..a46455d47 100644 --- a/src/libimcv/imv/imv_agent.c +++ b/src/libimcv/imv/imv_agent.c @@ -612,7 +612,7 @@ METHOD(imv_agent_t, reserve_additional_ids, TNC_Result, count--; /* store the scalar value in the pointer */ - pointer = (void*)id; + pointer = (void*)(uintptr_t)id; this->additional_ids->insert_last(this->additional_ids, pointer); DBG2(DBG_IMV, "IMV %u \"%s\" reserved additional ID %u", this->id, this->name, id); @@ -831,5 +831,3 @@ imv_agent_t *imv_agent_create(const char *name, return &this->public; } - - From 1cd9bb49d8d9690a3e0130be59138a788b9b3849 Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Wed, 8 Jan 2014 12:23:13 +0100 Subject: [PATCH 085/138] libimcv: Use TNC_IMV_API prefix on TNC functions for correct declspec --- src/libimcv/imv/imv_if.h | 55 ++++++++++++++++++++-------------------- 1 file changed, 28 insertions(+), 27 deletions(-) diff --git a/src/libimcv/imv/imv_if.h b/src/libimcv/imv/imv_if.h index fa9765b11..2118509e3 100644 --- a/src/libimcv/imv/imv_if.h +++ b/src/libimcv/imv/imv_if.h @@ -26,10 +26,10 @@ static imv_agent_if_t *imv_agent; /* * see section 3.8.1 of TCG TNC IF-IMV Specification 1.3 */ -TNC_Result TNC_IMV_Initialize(TNC_IMVID imv_id, - TNC_Version min_version, - TNC_Version max_version, - TNC_Version *actual_version) +TNC_Result TNC_IMV_API TNC_IMV_Initialize(TNC_IMVID imv_id, + TNC_Version min_version, + TNC_Version max_version, + TNC_Version *actual_version) { if (imv_agent) { @@ -54,9 +54,9 @@ TNC_Result TNC_IMV_Initialize(TNC_IMVID imv_id, /** * see section 3.8.2 of TCG TNC IF-IMV Specification 1.3 */ -TNC_Result TNC_IMV_NotifyConnectionChange(TNC_IMVID imv_id, - TNC_ConnectionID connection_id, - TNC_ConnectionState new_state) +TNC_Result TNC_IMV_API TNC_IMV_NotifyConnectionChange(TNC_IMVID imv_id, + TNC_ConnectionID connection_id, + TNC_ConnectionState new_state) { if (!imv_agent) { @@ -70,11 +70,11 @@ TNC_Result TNC_IMV_NotifyConnectionChange(TNC_IMVID imv_id, /** * see section 3.8.4 of TCG TNC IF-IMV Specification 1.3 */ -TNC_Result TNC_IMV_ReceiveMessage(TNC_IMVID imv_id, - TNC_ConnectionID connection_id, - TNC_BufferReference msg, - TNC_UInt32 msg_len, - TNC_MessageType msg_type) +TNC_Result TNC_IMV_API TNC_IMV_ReceiveMessage(TNC_IMVID imv_id, + TNC_ConnectionID connection_id, + TNC_BufferReference msg, + TNC_UInt32 msg_len, + TNC_MessageType msg_type) { if (!imv_agent) { @@ -88,15 +88,15 @@ TNC_Result TNC_IMV_ReceiveMessage(TNC_IMVID imv_id, /** * see section 3.8.6 of TCG TNC IF-IMV Specification 1.3 */ -TNC_Result TNC_IMV_ReceiveMessageLong(TNC_IMVID imv_id, - TNC_ConnectionID connection_id, - TNC_UInt32 msg_flags, - TNC_BufferReference msg, - TNC_UInt32 msg_len, - TNC_VendorID msg_vid, - TNC_MessageSubtype msg_subtype, - TNC_UInt32 src_imc_id, - TNC_UInt32 dst_imv_id) +TNC_Result TNC_IMV_API TNC_IMV_ReceiveMessageLong(TNC_IMVID imv_id, + TNC_ConnectionID connection_id, + TNC_UInt32 msg_flags, + TNC_BufferReference msg, + TNC_UInt32 msg_len, + TNC_VendorID msg_vid, + TNC_MessageSubtype msg_subtype, + TNC_UInt32 src_imc_id, + TNC_UInt32 dst_imv_id) { if (!imv_agent) { @@ -111,8 +111,8 @@ TNC_Result TNC_IMV_ReceiveMessageLong(TNC_IMVID imv_id, /** * see section 3.8.7 of TCG TNC IF-IMV Specification 1.3 */ -TNC_Result TNC_IMV_SolicitRecommendation(TNC_IMVID imv_id, - TNC_ConnectionID connection_id) +TNC_Result TNC_IMV_API TNC_IMV_SolicitRecommendation(TNC_IMVID imv_id, + TNC_ConnectionID connection_id) { if (!imv_agent) @@ -126,7 +126,8 @@ TNC_Result TNC_IMV_SolicitRecommendation(TNC_IMVID imv_id, /** * see section 3.8.8 of TCG TNC IF-IMV Specification 1.3 */ -TNC_Result TNC_IMV_BatchEnding(TNC_IMVID imv_id, TNC_ConnectionID connection_id) +TNC_Result TNC_IMV_API TNC_IMV_BatchEnding(TNC_IMVID imv_id, + TNC_ConnectionID connection_id) { if (!imv_agent) { @@ -139,7 +140,7 @@ TNC_Result TNC_IMV_BatchEnding(TNC_IMVID imv_id, TNC_ConnectionID connection_id) /** * see section 3.8.9 of TCG TNC IF-IMV Specification 1.3 */ -TNC_Result TNC_IMV_Terminate(TNC_IMVID imv_id) +TNC_Result TNC_IMV_API TNC_IMV_Terminate(TNC_IMVID imv_id) { if (!imv_agent) { @@ -155,8 +156,8 @@ TNC_Result TNC_IMV_Terminate(TNC_IMVID imv_id) /** * see section 4.2.8.1 of TCG TNC IF-IMV Specification 1.3 */ -TNC_Result TNC_IMV_ProvideBindFunction(TNC_IMVID imv_id, - TNC_TNCS_BindFunctionPointer bind_function) +TNC_Result TNC_IMV_API TNC_IMV_ProvideBindFunction(TNC_IMVID imv_id, + TNC_TNCS_BindFunctionPointer bind_function) { if (!imv_agent) { From eb8677986e23b6b14fed9e48254e7bef58e306e9 Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Wed, 8 Jan 2014 12:24:37 +0100 Subject: [PATCH 086/138] imc-attestation: Use TNC_IMV_API prefix on TNC functions for correct declspec --- .../plugins/imc_attestation/imc_attestation.c | 54 +++++++++---------- 1 file changed, 27 insertions(+), 27 deletions(-) diff --git a/src/libpts/plugins/imc_attestation/imc_attestation.c b/src/libpts/plugins/imc_attestation/imc_attestation.c index c71b21666..74bbc468f 100644 --- a/src/libpts/plugins/imc_attestation/imc_attestation.c +++ b/src/libpts/plugins/imc_attestation/imc_attestation.c @@ -61,10 +61,10 @@ static pts_dh_group_t supported_dh_groups = PTS_DH_GROUP_NONE; /** * see section 3.8.1 of TCG TNC IF-IMC Specification 1.3 */ -TNC_Result TNC_IMC_Initialize(TNC_IMCID imc_id, - TNC_Version min_version, - TNC_Version max_version, - TNC_Version *actual_version) +TNC_Result TNC_IMC_API TNC_IMC_Initialize(TNC_IMCID imc_id, + TNC_Version min_version, + TNC_Version max_version, + TNC_Version *actual_version) { bool mandatory_dh_groups; @@ -103,9 +103,9 @@ TNC_Result TNC_IMC_Initialize(TNC_IMCID imc_id, /** * see section 3.8.2 of TCG TNC IF-IMC Specification 1.3 */ -TNC_Result TNC_IMC_NotifyConnectionChange(TNC_IMCID imc_id, - TNC_ConnectionID connection_id, - TNC_ConnectionState new_state) +TNC_Result TNC_IMC_API TNC_IMC_NotifyConnectionChange(TNC_IMCID imc_id, + TNC_ConnectionID connection_id, + TNC_ConnectionState new_state) { imc_state_t *state; @@ -142,8 +142,8 @@ TNC_Result TNC_IMC_NotifyConnectionChange(TNC_IMCID imc_id, /** * see section 3.8.3 of TCG TNC IF-IMC Specification 1.3 */ -TNC_Result TNC_IMC_BeginHandshake(TNC_IMCID imc_id, - TNC_ConnectionID connection_id) +TNC_Result TNC_IMC_API TNC_IMC_BeginHandshake(TNC_IMCID imc_id, + TNC_ConnectionID connection_id) { if (!imc_attestation) { @@ -228,11 +228,11 @@ static TNC_Result receive_message(imc_state_t *state, imc_msg_t *in_msg) /** * see section 3.8.4 of TCG TNC IF-IMC Specification 1.3 */ -TNC_Result TNC_IMC_ReceiveMessage(TNC_IMCID imc_id, - TNC_ConnectionID connection_id, - TNC_BufferReference msg, - TNC_UInt32 msg_len, - TNC_MessageType msg_type) +TNC_Result TNC_IMC_API TNC_IMC_ReceiveMessage(TNC_IMCID imc_id, + TNC_ConnectionID connection_id, + TNC_BufferReference msg, + TNC_UInt32 msg_len, + TNC_MessageType msg_type) { imc_state_t *state; imc_msg_t *in_msg; @@ -259,15 +259,15 @@ TNC_Result TNC_IMC_ReceiveMessage(TNC_IMCID imc_id, /** * see section 3.8.6 of TCG TNC IF-IMV Specification 1.3 */ -TNC_Result TNC_IMC_ReceiveMessageLong(TNC_IMCID imc_id, - TNC_ConnectionID connection_id, - TNC_UInt32 msg_flags, - TNC_BufferReference msg, - TNC_UInt32 msg_len, - TNC_VendorID msg_vid, - TNC_MessageSubtype msg_subtype, - TNC_UInt32 src_imv_id, - TNC_UInt32 dst_imc_id) +TNC_Result TNC_IMC_API TNC_IMC_ReceiveMessageLong(TNC_IMCID imc_id, + TNC_ConnectionID connection_id, + TNC_UInt32 msg_flags, + TNC_BufferReference msg, + TNC_UInt32 msg_len, + TNC_VendorID msg_vid, + TNC_MessageSubtype msg_subtype, + TNC_UInt32 src_imv_id, + TNC_UInt32 dst_imc_id) { imc_state_t *state; imc_msg_t *in_msg; @@ -294,8 +294,8 @@ TNC_Result TNC_IMC_ReceiveMessageLong(TNC_IMCID imc_id, /** * see section 3.8.7 of TCG TNC IF-IMC Specification 1.3 */ -TNC_Result TNC_IMC_BatchEnding(TNC_IMCID imc_id, - TNC_ConnectionID connection_id) +TNC_Result TNC_IMC_API TNC_IMC_BatchEnding(TNC_IMCID imc_id, + TNC_ConnectionID connection_id) { if (!imc_attestation) { @@ -308,7 +308,7 @@ TNC_Result TNC_IMC_BatchEnding(TNC_IMCID imc_id, /** * see section 3.8.8 of TCG TNC IF-IMC Specification 1.3 */ -TNC_Result TNC_IMC_Terminate(TNC_IMCID imc_id) +TNC_Result TNC_IMC_API TNC_IMC_Terminate(TNC_IMCID imc_id) { if (!imc_attestation) { @@ -327,7 +327,7 @@ TNC_Result TNC_IMC_Terminate(TNC_IMCID imc_id) /** * see section 4.2.8.1 of TCG TNC IF-IMC Specification 1.3 */ -TNC_Result TNC_IMC_ProvideBindFunction(TNC_IMCID imc_id, +TNC_Result TNC_IMC_API TNC_IMC_ProvideBindFunction(TNC_IMCID imc_id, TNC_TNCC_BindFunctionPointer bind_function) { if (!imc_attestation) From d6935ddaf665aff3cc438f07c84490e05273467e Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Wed, 8 Jan 2014 16:45:09 +0100 Subject: [PATCH 087/138] libpts: Work around BASETSD_H define mismatch between MinGW and TSS --- src/libpts/pts/pts.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/libpts/pts/pts.c b/src/libpts/pts/pts.c index 3bddc6c39..d2e24cbdb 100644 --- a/src/libpts/pts/pts.c +++ b/src/libpts/pts/pts.c @@ -22,6 +22,10 @@ #include #ifdef TSS_TROUSERS +#ifdef _BASETSD_H_ +/* MinGW defines _BASETSD_H_, but TSS checks for _BASETSD_H */ +# define _BASETSD_H +#endif #include #include #else From 6d8094ee1f49b1e0d31563d4b67356bcf7f907c0 Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Thu, 9 Jan 2014 14:58:32 +0100 Subject: [PATCH 088/138] libtnccs: Use a default tnc_config in the current working dir on Windows --- src/libtnccs/tnc/tnc.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/src/libtnccs/tnc/tnc.c b/src/libtnccs/tnc/tnc.c index e002b10e0..80ba61c5a 100644 --- a/src/libtnccs/tnc/tnc.c +++ b/src/libtnccs/tnc/tnc.c @@ -26,6 +26,12 @@ #include #include +#ifdef WIN32 +# define DEFAULT_TNC_CONFIG "tnc_config" +#else +# define DEFAULT_TNC_CONFIG "/etc/tnc_config" +#endif + typedef struct private_tnc_t private_tnc_t; typedef tnccs_manager_t *(*tnc_create_tnccs_manager_t)(void); @@ -251,7 +257,7 @@ bool tnc_manager_register(plugin_t *plugin, plugin_feature_t *feature, { load_imcvs_from_config( lib->settings->get_str(lib->settings, - "%s.tnc.tnc_config", "/etc/tnc_config", lib->ns), + "%s.tnc.tnc_config", DEFAULT_TNC_CONFIG, lib->ns), is_imc); } } From ce3e7ac57dc948a4e8dcae1859d01c1e18fb6016 Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Thu, 9 Jan 2014 14:59:25 +0100 Subject: [PATCH 089/138] tnc-imc/imv: Don't include on Windows --- src/libtnccs/plugins/tnc_imc/tnc_imc.c | 2 ++ src/libtnccs/plugins/tnc_imv/tnc_imv.c | 2 ++ 2 files changed, 4 insertions(+) diff --git a/src/libtnccs/plugins/tnc_imc/tnc_imc.c b/src/libtnccs/plugins/tnc_imc/tnc_imc.c index 2d556d9d9..6af8d166d 100644 --- a/src/libtnccs/plugins/tnc_imc/tnc_imc.c +++ b/src/libtnccs/plugins/tnc_imc/tnc_imc.c @@ -15,7 +15,9 @@ #include "tnc_imc.h" +#ifndef WIN32 #include +#endif #include diff --git a/src/libtnccs/plugins/tnc_imv/tnc_imv.c b/src/libtnccs/plugins/tnc_imv/tnc_imv.c index ab2e55253..039f1fcf1 100644 --- a/src/libtnccs/plugins/tnc_imv/tnc_imv.c +++ b/src/libtnccs/plugins/tnc_imv/tnc_imv.c @@ -15,7 +15,9 @@ #include "tnc_imv.h" +#ifndef WIN32 #include +#endif #include From becc382101ed9f53b03fd6c2013d6b710d17c59b Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Thu, 9 Jan 2014 15:00:09 +0100 Subject: [PATCH 090/138] libnccs: Fix casts between integers and pointers --- src/libtnccs/plugins/tnc_imc/tnc_imc.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/libtnccs/plugins/tnc_imc/tnc_imc.c b/src/libtnccs/plugins/tnc_imc/tnc_imc.c index 6af8d166d..623da7f62 100644 --- a/src/libtnccs/plugins/tnc_imc/tnc_imc.c +++ b/src/libtnccs/plugins/tnc_imc/tnc_imc.c @@ -97,7 +97,7 @@ METHOD(imc_t, add_id, void, void *pointer; /* store the scalar value in the pointer */ - pointer = (void*)id; + pointer = (void*)(uintptr_t)id; this->additional_ids->insert_last(this->additional_ids, pointer); } @@ -126,7 +126,7 @@ METHOD(imc_t, has_id, bool, while (enumerator->enumerate(enumerator, &pointer)) { /* interpret pointer as scalar value */ - additional_id = (TNC_UInt32)pointer; + additional_id = (uintptr_t)pointer; if (id == additional_id) { From c9891716b8333c01857fe8a2d54a79286e281fa1 Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Thu, 9 Jan 2014 17:25:37 +0100 Subject: [PATCH 091/138] libpts: Parse TPM version info without TrouSerS helper function Trspi_UnloadBlob_CAP_VERSION_INFO() is a TrouSerS specific function, not available on all platforms. --- src/libpts/pts/pts.c | 28 +++++++++++----------------- 1 file changed, 11 insertions(+), 17 deletions(-) diff --git a/src/libpts/pts/pts.c b/src/libpts/pts/pts.c index d2e24cbdb..075af5bcc 100644 --- a/src/libpts/pts/pts.c +++ b/src/libpts/pts/pts.c @@ -305,29 +305,23 @@ METHOD(pts_t, calculate_secret, bool, */ static void print_tpm_version_info(private_pts_t *this) { - TPM_CAP_VERSION_INFO versionInfo; - UINT64 offset = 0; - TSS_RESULT result; + TPM_CAP_VERSION_INFO *info; - result = Trspi_UnloadBlob_CAP_VERSION_INFO(&offset, - this->tpm_version_info.ptr, &versionInfo); - if (result != TSS_SUCCESS) + info = (TPM_CAP_VERSION_INFO*)this->tpm_version_info.ptr; + + if (this->tpm_version_info.len >= + sizeof(*info) - sizeof(info->vendorSpecific)) { - DBG1(DBG_PTS, "could not parse tpm version info: tss error 0x%x", - result); + DBG2(DBG_PTS, "TPM Version Info: Chip Version: %u.%u.%u.%u, " + "Spec Level: %u, Errata Rev: %u, Vendor ID: %.4s", + info->version.major, info->version.minor, + info->version.revMajor, info->version.revMinor, + untoh16(&info->specLevel), info->errataRev, info->tpmVendorID); } else { - DBG2(DBG_PTS, "TPM 1.2 Version Info: Chip Version: %hhu.%hhu.%hhu.%hhu," - " Spec Level: %hu, Errata Rev: %hhu, Vendor ID: %.4s [%.*s]", - versionInfo.version.major, versionInfo.version.minor, - versionInfo.version.revMajor, versionInfo.version.revMinor, - versionInfo.specLevel, versionInfo.errataRev, - versionInfo.tpmVendorID, versionInfo.vendorSpecificSize, - versionInfo.vendorSpecificSize ? - (char*)versionInfo.vendorSpecific : ""); + DBG1(DBG_PTS, "could not parse tpm version info"); } - free(versionInfo.vendorSpecific); } #else From 2877355408d539af08b85586e1f30bceaa2933e1 Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Thu, 9 Jan 2014 17:29:35 +0100 Subject: [PATCH 092/138] libpts: Fix PCR read, avoid cast of a pointer to different sized integer --- src/libpts/pts/pts.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/src/libpts/pts/pts.c b/src/libpts/pts/pts.c index 075af5bcc..b82b74405 100644 --- a/src/libpts/pts/pts.c +++ b/src/libpts/pts/pts.c @@ -623,7 +623,8 @@ METHOD(pts_t, read_pcr, bool, TSS_HCONTEXT hContext; TSS_HTPM hTPM; TSS_RESULT result; - chunk_t rgbPcrValue; + BYTE *buf; + UINT32 len; bool success = FALSE; @@ -644,12 +645,12 @@ METHOD(pts_t, read_pcr, bool, { goto err; } - result = Tspi_TPM_PcrRead(hTPM, pcr_num, (UINT32*)&rgbPcrValue.len, &rgbPcrValue.ptr); + result = Tspi_TPM_PcrRead(hTPM, pcr_num, &len, &buf); if (result != TSS_SUCCESS) { goto err; } - *pcr_value = chunk_clone(rgbPcrValue); + *pcr_value = chunk_clone(chunk_create(buf, len)); DBG3(DBG_PTS, "PCR %d value:%B", pcr_num, pcr_value); success = TRUE; From c5447bc2f5eb2d98cd8ed8acca7a1e0bb4176620 Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Mon, 13 Jan 2014 16:20:19 +0100 Subject: [PATCH 093/138] chunk: On Windows, chunk_map() opens files in binary mode --- src/libstrongswan/utils/chunk.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/src/libstrongswan/utils/chunk.c b/src/libstrongswan/utils/chunk.c index 7958931d0..de8996c82 100644 --- a/src/libstrongswan/utils/chunk.c +++ b/src/libstrongswan/utils/chunk.c @@ -333,10 +333,15 @@ chunk_t *chunk_map(char *path, bool wr) { mmaped_chunk_t *chunk; struct stat sb; - int tmp; + int tmp, flags; + + flags = wr ? O_RDWR : O_RDONLY; +#ifdef WIN32 + flags |= O_BINARY; +#endif INIT(chunk, - .fd = open(path, wr ? O_RDWR : O_RDONLY), + .fd = open(path, flags), .wr = wr, ); From 37089963b6b51c7dbecc65aa0bc9b0a16a7c1fa1 Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Mon, 13 Jan 2014 16:21:36 +0100 Subject: [PATCH 094/138] libpts: Use chunk_map() to load AIK blob --- src/libpts/pts/pts.c | 43 ++++++++++++++++--------------------------- 1 file changed, 16 insertions(+), 27 deletions(-) diff --git a/src/libpts/pts/pts.c b/src/libpts/pts/pts.c index b82b74405..2fff4c901 100644 --- a/src/libpts/pts/pts.c +++ b/src/libpts/pts/pts.c @@ -369,42 +369,31 @@ METHOD(pts_t, set_tpm_version_info, void, */ static void load_aik_blob(private_pts_t *this) { - char *blob_path; - FILE *fp; - u_int32_t aikBlobLen; + char *path; + chunk_t *map; - blob_path = lib->settings->get_str(lib->settings, + path = lib->settings->get_str(lib->settings, "%s.plugins.imc-attestation.aik_blob", NULL, lib->ns); - - if (blob_path) + if (path) { - /* Read aik key blob from a file */ - if ((fp = fopen(blob_path, "r")) == NULL) + map = chunk_map(path, FALSE); + if (map) { - DBG1(DBG_PTS, "unable to open AIK Blob file: %s", blob_path); - return; - } - - fseek(fp, 0, SEEK_END); - aikBlobLen = ftell(fp); - fseek(fp, 0L, SEEK_SET); - - this->aik_blob = chunk_alloc(aikBlobLen); - if (fread(this->aik_blob.ptr, 1, aikBlobLen, fp) == aikBlobLen) - { - DBG2(DBG_PTS, "loaded AIK Blob from '%s'", blob_path); - DBG3(DBG_PTS, "AIK Blob: %B", &this->aik_blob); + DBG2(DBG_PTS, "loaded AIK Blob from '%s'", path); + DBG3(DBG_PTS, "AIK Blob: %B", map); + this->aik_blob = chunk_clone(*map); + chunk_unmap(map); } else { - DBG1(DBG_PTS, "unable to read AIK Blob file '%s'", blob_path); - chunk_free(&this->aik_blob); + DBG1(DBG_PTS, "unable to map AIK Blob file '%s': %s", + path, strerror(errno)); } - fclose(fp); - return; } - - DBG1(DBG_PTS, "AIK Blob is not available"); + else + { + DBG1(DBG_PTS, "AIK Blob is not available"); + } } /** From 4161ee66783b665e2a6222373cc13305dd3f8019 Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Wed, 15 Jan 2014 17:01:24 +0100 Subject: [PATCH 095/138] configure: Check if __attribute__((packed)) works as expected This is really hard to detect if not, and is not unlikely. If -mms-bitfields is given, the attribute does not work. Even worse, that switch is by default on with GCC/MinGW 4.7+ for Windows targets. http://gcc.gnu.org/bugzilla/show_bug.cgi?id=52991 --- configure.ac | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/configure.ac b/configure.ac index ca5c63668..4e714237c 100644 --- a/configure.ac +++ b/configure.ac @@ -755,6 +755,17 @@ AC_COMPILE_IFELSE( AC_SUBST(OPENSSL_LIB, [-l$openssl_lib]) AM_CONDITIONAL(USE_WINDOWS, [test "x$windows" = xtrue]) +AC_MSG_CHECKING([for working __attribute__((packed))]) +AC_COMPILE_IFELSE( + [AC_LANG_PROGRAM([], [[ + struct test { char a; short b; } __attribute__((packed)); + char x[sizeof(struct test) == sizeof(char) + sizeof(short) ? 1 : -1]; + return 0; + ]])], + [AC_MSG_RESULT([yes])], + [AC_MSG_RESULT([no]); AC_MSG_ERROR([__attribute__((packed)) does not work])] +) + if test x$printf_hooks = xvstr; then AC_CHECK_LIB([vstr],[main],[LIBS="$LIBS"],[AC_MSG_ERROR([Vstr string library not found])],[]) AC_DEFINE([USE_VSTR], [], [use Vstr string library for printf hooks]) From 41bb8ba5d2b47ae6b7f968610fc0b56a3f00a992 Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Thu, 20 Feb 2014 11:30:17 +0100 Subject: [PATCH 096/138] windows: Provide a getpass() implementation --- src/libstrongswan/utils/windows.c | 59 +++++++++++++++++++++++++++++++ src/libstrongswan/utils/windows.h | 6 ++++ 2 files changed, 65 insertions(+) diff --git a/src/libstrongswan/utils/windows.c b/src/libstrongswan/utils/windows.c index 492821d53..c0ae3d87a 100644 --- a/src/libstrongswan/utils/windows.c +++ b/src/libstrongswan/utils/windows.c @@ -250,6 +250,65 @@ int socketpair(int domain, int type, int protocol, int sv[2]) return -1; } +/** + * See header + */ +char* getpass(const char *prompt) +{ + static char buf[64] = ""; + char *pos; + HANDLE in, out; + DWORD mode, written = 0, total, done; + + out = GetStdHandle(STD_OUTPUT_HANDLE); + in = GetStdHandle(STD_INPUT_HANDLE); + + if (out == INVALID_HANDLE_VALUE || in == INVALID_HANDLE_VALUE || + !GetConsoleMode(out, &mode) || !GetConsoleMode(in, &mode)) + { + return NULL; + } + + total = strlen(prompt); + while (written < total) + { + if (!WriteConsole(out, prompt + written, total - written, &done, NULL)) + { + return NULL; + } + written += done; + } + + if (!SetConsoleMode(in, mode & ~ENABLE_ECHO_INPUT)) + { + return NULL; + } + + while (TRUE) + { + if (!ReadConsole(in, buf, sizeof(buf), &done, NULL)) + { + SetConsoleMode(in, mode); + return NULL; + } + if (done) + { + pos = strchr(buf, '\r'); + if (pos) + { + *pos = '\0'; + } + break; + } + } + SetConsoleMode(in, mode); + + /* append a newline, as we have no echo during input */ + WriteConsole(out, "\r\n", 2, &done, NULL); + + return buf; +} + /** * Set errno for a function setting WSA error on failure */ diff --git a/src/libstrongswan/utils/windows.h b/src/libstrongswan/utils/windows.h index 235586c53..c93f3fd7d 100644 --- a/src/libstrongswan/utils/windows.h +++ b/src/libstrongswan/utils/windows.h @@ -254,6 +254,12 @@ int dlclose(void *handle); */ int socketpair(int domain, int type, int protocol, int sv[2]); +/** + * getpass(3) on Windows consoles + */ +char* getpass(const char *prompt); +#define HAVE_GETPASS + /** * Map MSG_DONTWAIT to the reserved, but deprecated MSG_INTERRUPT */ From b70849ada27dae7a01bbf2059b9595a63a2d780f Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Tue, 4 Mar 2014 12:24:52 +0100 Subject: [PATCH 097/138] configure: Separate pki from --disable-tools While pki builds and runs just fine on Windows, this is not true for scepclient. --- conf/Makefile.am | 1 + conf/options/pki.opt | 2 ++ conf/options/tools.opt | 3 --- configure.ac | 7 +++++-- src/Makefile.am | 6 +++++- 5 files changed, 13 insertions(+), 6 deletions(-) create mode 100644 conf/options/pki.opt diff --git a/conf/Makefile.am b/conf/Makefile.am index ccc696781..580ea91ae 100644 --- a/conf/Makefile.am +++ b/conf/Makefile.am @@ -18,6 +18,7 @@ options = \ options/pool.opt \ options/starter.opt \ options/tnc.opt \ + options/pki.opt \ options/tools.opt plugins = \ diff --git a/conf/options/pki.opt b/conf/options/pki.opt new file mode 100644 index 000000000..c57dcc8c5 --- /dev/null +++ b/conf/options/pki.opt @@ -0,0 +1,2 @@ +pki.load = + Plugins to load in ipsec pki tool. diff --git a/conf/options/tools.opt b/conf/options/tools.opt index 72a49de28..7e30f5cd3 100644 --- a/conf/options/tools.opt +++ b/conf/options/tools.opt @@ -1,5 +1,2 @@ -pki.load = - Plugins to load in ipsec pki tool. - scepclient.load = Plugins to load in ipsec scepclient tool. diff --git a/configure.ac b/configure.ac index 4e714237c..759e4a16a 100644 --- a/configure.ac +++ b/configure.ac @@ -265,11 +265,12 @@ ARG_ENABL_SET([manager], [enable web management console (proof of concept ARG_ENABL_SET([medcli], [enable mediation client configuration database plugin.]) ARG_ENABL_SET([medsrv], [enable mediation server web frontend and daemon plugin.]) ARG_ENABL_SET([nm], [enable NetworkManager backend.]) +ARG_DISBL_SET([pki], [disable pki certificate utility.]) ARG_DISBL_SET([scripts], [disable additional utilities (found in directory scripts).]) ARG_ENABL_SET([svc], [enable charon Windows service.]) ARG_ENABL_SET([swanctl], [enable swanctl configuration and control tool.]) ARG_ENABL_SET([tkm], [enable Trusted Key Manager support.]) -ARG_DISBL_SET([tools], [disable additional utilities (scepclient and pki).]) +ARG_DISBL_SET([tools], [disable additional utilities (scepclient).]) ARG_ENABL_SET([aikgen], [enable AIK generator.]) # optional features ARG_ENABL_SET([bfd-backtraces], [use binutils libbfd to resolve backtraces for memory leaks and segfaults.]) @@ -1421,10 +1422,11 @@ AM_CONDITIONAL(USE_THREADS, test x$threads = xtrue) AM_CONDITIONAL(USE_ADNS, test x$adns = xtrue) AM_CONDITIONAL(USE_CHARON, test x$charon = xtrue) AM_CONDITIONAL(USE_NM, test x$nm = xtrue) +AM_CONDITIONAL(USE_PKI, test x$pki = xtrue) AM_CONDITIONAL(USE_TOOLS, test x$tools = xtrue) AM_CONDITIONAL(USE_SCRIPTS, test x$scripts = xtrue) AM_CONDITIONAL(USE_CONFTEST, test x$conftest = xtrue) -AM_CONDITIONAL(USE_LIBSTRONGSWAN, test x$charon = xtrue -o x$tools = xtrue -o x$conftest = xtrue -o x$fast = xtrue -o x$imcv = xtrue -o x$nm = xtrue -o x$tkm = xtrue -o x$cmd = xtrue -o x$tls = xtrue -o x$tnc_tnccs = xtrue -o x$aikgen = xtrue -o x$svc = xtrue) +AM_CONDITIONAL(USE_LIBSTRONGSWAN, test x$charon = xtrue -o x$pki = xtrue -o x$tools = xtrue -o x$conftest = xtrue -o x$fast = xtrue -o x$imcv = xtrue -o x$nm = xtrue -o x$tkm = xtrue -o x$cmd = xtrue -o x$tls = xtrue -o x$tnc_tnccs = xtrue -o x$aikgen = xtrue -o x$svc = xtrue) AM_CONDITIONAL(USE_LIBHYDRA, test x$charon = xtrue -o x$nm = xtrue -o x$tkm = xtrue -o x$cmd = xtrue -o x$svc = xtrue) AM_CONDITIONAL(USE_LIBCHARON, test x$charon = xtrue -o x$conftest = xtrue -o x$nm = xtrue -o x$tkm = xtrue -o x$cmd = xtrue -o x$svc = xtrue) AM_CONDITIONAL(USE_LIBIPSEC, test x$libipsec = xtrue) @@ -1488,6 +1490,7 @@ AM_COND_IF([USE_LIBTNCCS], [strongswan_options=${strongswan_options}" tnc"]) AM_COND_IF([USE_MANAGER], [strongswan_options=${strongswan_options}" manager"]) AM_COND_IF([USE_MEDSRV], [strongswan_options=${strongswan_options}" medsrv"]) AM_COND_IF([USE_TOOLS], [strongswan_options=${strongswan_options}" tools"]) +AM_COND_IF([USE_PKI], [strongswan_options=${strongswan_options}" pki"]) AC_SUBST(strongswan_options) diff --git a/src/Makefile.am b/src/Makefile.am index 89c059255..c412d9181 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -73,7 +73,11 @@ if USE_UPDOWN endif if USE_TOOLS - SUBDIRS += scepclient pki + SUBDIRS += scepclient +endif + +if USE_PKI + SUBDIRS += pki endif if USE_SWANCTL From a43f1e56310f40722a270f043e40285a19818f5c Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Tue, 4 Mar 2014 13:58:20 +0100 Subject: [PATCH 098/138] utils: Define a platform directory separator character used in paths --- src/libstrongswan/utils/utils.h | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/src/libstrongswan/utils/utils.h b/src/libstrongswan/utils/utils.h index ced47a4b8..5a455baff 100644 --- a/src/libstrongswan/utils/utils.h +++ b/src/libstrongswan/utils/utils.h @@ -83,6 +83,15 @@ #include "enum.h" #include "utils/strerror.h" +/** + * Directory separator character in paths on this platform + */ +#ifdef WIN32 +# define DIRECTORY_SEPARATOR "\\" +#else +# define DIRECTORY_SEPARATOR "/" +#endif + /** * Initialize utility functions */ From 8182631bc301d426f76164b8a7a869b0f6285e8d Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Fri, 7 Mar 2014 12:12:55 +0100 Subject: [PATCH 099/138] utils: Support Windows path separators in path_basename/dirname --- src/libstrongswan/tests/suites/test_utils.c | 19 +++++++++++++++++++ src/libstrongswan/utils/utils.c | 18 +++++++++--------- 2 files changed, 28 insertions(+), 9 deletions(-) diff --git a/src/libstrongswan/tests/suites/test_utils.c b/src/libstrongswan/tests/suites/test_utils.c index 0260726b2..04f0c4640 100644 --- a/src/libstrongswan/tests/suites/test_utils.c +++ b/src/libstrongswan/tests/suites/test_utils.c @@ -520,6 +520,24 @@ static struct { {"", ".", "."}, {".", ".", "."}, {"..", ".", ".."}, +#ifdef WIN32 + {"C:\\", "C:\\", "C:\\"}, + {"C:\\\\", "C:\\", "C:\\"}, + {"foo", ".", "foo"}, + {"f\\", ".", "f"}, + {"foo\\", ".", "foo"}, + {"foo\\\\", ".", "foo"}, + {"C:\\f", "C:\\", "f"}, + {"C:\\f\\", "\\", "f"}, + {"C:\\foo", "C:\\", "foo"}, + {"C:\\foo\\", "C:\\", "foo"}, + {"foo\\bar", "foo", "bar"}, + {"foo\\\\bar", "foo", "bar"}, + {"C:\\foo\\bar", "C:\\foo", "bar"}, + {"C:\\foo\\bar\\", "C:\\foo", "bar"}, + {"C:\\foo\\bar\\baz", "C:\\foo\\bar", "baz"}, + {"\\foo\\bar", "\\foo", "bar"}, +#else /* !WIN32 */ {"/", "/", "/"}, {"//", "/", "/"}, {"foo", ".", "foo"}, @@ -536,6 +554,7 @@ static struct { {"/foo/bar", "/foo", "bar"}, {"/foo/bar/", "/foo", "bar"}, {"/foo/bar/baz", "/foo/bar", "baz"}, +#endif }; START_TEST(test_path_dirname) diff --git a/src/libstrongswan/utils/utils.c b/src/libstrongswan/utils/utils.c index dc0608627..1b3765a69 100644 --- a/src/libstrongswan/utils/utils.c +++ b/src/libstrongswan/utils/utils.c @@ -229,21 +229,21 @@ char* path_dirname(const char *path) { char *pos; - pos = path ? strrchr(path, '/') : NULL; + pos = path ? strrchr(path, DIRECTORY_SEPARATOR[0]) : NULL; if (pos && !pos[1]) { /* if path ends with slashes we have to look beyond them */ - while (pos > path && *pos == '/') + while (pos > path && *pos == DIRECTORY_SEPARATOR[0]) { /* skip trailing slashes */ pos--; } - pos = memrchr(path, '/', pos - path + 1); + pos = memrchr(path, DIRECTORY_SEPARATOR[0], pos - path + 1); } if (!pos) { return strdup("."); } - while (pos > path && *pos == '/') + while (pos > path && *pos == DIRECTORY_SEPARATOR[0]) { /* skip superfluous slashes */ pos--; } @@ -261,19 +261,19 @@ char* path_basename(const char *path) { return strdup("."); } - pos = strrchr(path, '/'); + pos = strrchr(path, DIRECTORY_SEPARATOR[0]); if (pos && !pos[1]) { /* if path ends with slashes we have to look beyond them */ - while (pos > path && *pos == '/') + while (pos > path && *pos == DIRECTORY_SEPARATOR[0]) { /* skip trailing slashes */ pos--; } - if (pos == path && *pos == '/') + if (pos == path && *pos == DIRECTORY_SEPARATOR[0]) { /* contains only slashes */ - return strdup("/"); + return strdup(DIRECTORY_SEPARATOR); } trail = pos + 1; - pos = memrchr(path, '/', trail - path); + pos = memrchr(path, DIRECTORY_SEPARATOR[0], trail - path); } pos = pos ? pos + 1 : (char*)path; return trail ? strndup(pos, trail - pos) : strdup(pos); From 2496eaffdeb855624903950ba844bfdad6361891 Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Fri, 7 Mar 2014 14:16:50 +0100 Subject: [PATCH 100/138] utils: Return plain drive letter as base/pathname for drive letters on Windows --- src/libstrongswan/utils/utils.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/src/libstrongswan/utils/utils.c b/src/libstrongswan/utils/utils.c index 1b3765a69..2829aba77 100644 --- a/src/libstrongswan/utils/utils.c +++ b/src/libstrongswan/utils/utils.c @@ -241,6 +241,15 @@ char* path_dirname(const char *path) } if (!pos) { +#ifdef WIN32 + if (path && strlen(path)) + { + if ((isalpha(path[0]) && path[1] == ':')) + { /* if just a drive letter given, return that as dirname */ + return chunk_clone(chunk_from_chars(path[0], ':', 0)).ptr; + } + } +#endif return strdup("."); } while (pos > path && *pos == DIRECTORY_SEPARATOR[0]) From 67b3bcd13df85631152de2f663ff64a3303efd07 Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Fri, 7 Mar 2014 12:25:31 +0100 Subject: [PATCH 101/138] utils: Provide a path_absolute() function to check path for non-relativeness The usually used trivial '/' check won't work on Windows platforms. --- src/libstrongswan/tests/suites/test_utils.c | 91 ++++++++++++--------- src/libstrongswan/utils/utils.c | 27 ++++++ src/libstrongswan/utils/utils.h | 8 ++ 3 files changed, 88 insertions(+), 38 deletions(-) diff --git a/src/libstrongswan/tests/suites/test_utils.c b/src/libstrongswan/tests/suites/test_utils.c index 04f0c4640..1a2f74c04 100644 --- a/src/libstrongswan/tests/suites/test_utils.c +++ b/src/libstrongswan/tests/suites/test_utils.c @@ -508,52 +508,54 @@ START_TEST(test_strreplace) END_TEST /******************************************************************************* - * path_dirname/basename + * path_dirname/basename/absolute */ static struct { char *path; char *dir; char *base; + bool absolute; } path_data[] = { - {NULL, ".", "."}, - {"", ".", "."}, - {".", ".", "."}, - {"..", ".", ".."}, + {NULL, ".", ".", FALSE}, + {"", ".", ".", FALSE}, + {".", ".", ".", FALSE}, + {"..", ".", "..", FALSE}, #ifdef WIN32 - {"C:\\", "C:\\", "C:\\"}, - {"C:\\\\", "C:\\", "C:\\"}, - {"foo", ".", "foo"}, - {"f\\", ".", "f"}, - {"foo\\", ".", "foo"}, - {"foo\\\\", ".", "foo"}, - {"C:\\f", "C:\\", "f"}, - {"C:\\f\\", "\\", "f"}, - {"C:\\foo", "C:\\", "foo"}, - {"C:\\foo\\", "C:\\", "foo"}, - {"foo\\bar", "foo", "bar"}, - {"foo\\\\bar", "foo", "bar"}, - {"C:\\foo\\bar", "C:\\foo", "bar"}, - {"C:\\foo\\bar\\", "C:\\foo", "bar"}, - {"C:\\foo\\bar\\baz", "C:\\foo\\bar", "baz"}, - {"\\foo\\bar", "\\foo", "bar"}, + {"C:\\", "C:", "C:", TRUE}, + {"X:\\\\", "X:", "X:", TRUE}, + {"foo", ".", "foo", FALSE}, + {"f\\", ".", "f", FALSE}, + {"foo\\", ".", "foo", FALSE}, + {"foo\\\\", ".", "foo", FALSE}, + {"d:\\f", "d:", "f", TRUE}, + {"C:\\f\\", "C:", "f", TRUE}, + {"C:\\foo", "C:", "foo", TRUE}, + {"C:\\foo\\", "C:", "foo", TRUE}, + {"foo\\bar", "foo", "bar", FALSE}, + {"foo\\\\bar", "foo", "bar", FALSE}, + {"C:\\foo\\bar", "C:\\foo", "bar", TRUE}, + {"C:\\foo\\bar\\", "C:\\foo", "bar", TRUE}, + {"C:\\foo\\bar\\baz", "C:\\foo\\bar", "baz", TRUE}, + {"\\foo\\bar", "\\foo", "bar", FALSE}, + {"\\\\foo\\bar", "\\\\foo", "bar", TRUE}, #else /* !WIN32 */ - {"/", "/", "/"}, - {"//", "/", "/"}, - {"foo", ".", "foo"}, - {"f/", ".", "f"}, - {"foo/", ".", "foo"}, - {"foo//", ".", "foo"}, - {"/f", "/", "f"}, - {"/f/", "/", "f"}, - {"/foo", "/", "foo"}, - {"/foo/", "/", "foo"}, - {"//foo/", "/", "foo"}, - {"foo/bar", "foo", "bar"}, - {"foo//bar", "foo", "bar"}, - {"/foo/bar", "/foo", "bar"}, - {"/foo/bar/", "/foo", "bar"}, - {"/foo/bar/baz", "/foo/bar", "baz"}, + {"/", "/", "/", TRUE}, + {"//", "/", "/", TRUE}, + {"foo", ".", "foo", FALSE}, + {"f/", ".", "f", FALSE}, + {"foo/", ".", "foo", FALSE}, + {"foo//", ".", "foo", FALSE}, + {"/f", "/", "f", TRUE}, + {"/f/", "/", "f", TRUE}, + {"/foo", "/", "foo", TRUE}, + {"/foo/", "/", "foo", TRUE}, + {"//foo/", "/", "foo", TRUE}, + {"foo/bar", "foo", "bar", FALSE}, + {"foo//bar", "foo", "bar", FALSE}, + {"/foo/bar", "/foo", "bar", TRUE}, + {"/foo/bar/", "/foo", "bar", TRUE}, + {"/foo/bar/baz", "/foo/bar", "baz", TRUE}, #endif }; @@ -577,6 +579,12 @@ START_TEST(test_path_basename) } END_TEST +START_TEST(test_path_absolute) +{ + ck_assert(path_data[_i].absolute == path_absolute(path_data[_i].path)); +} +END_TEST + /******************************************************************************* * time_printf_hook */ @@ -744,11 +752,18 @@ Suite *utils_suite_create() tcase_add_loop_test(tc, test_strreplace, 0, countof(strreplace_data)); suite_add_tcase(s, tc); - tc = tcase_create("path_dirname/basename"); + tc = tcase_create("path_dirname"); tcase_add_loop_test(tc, test_path_dirname, 0, countof(path_data)); + suite_add_tcase(s, tc); + + tc = tcase_create("path_basename"); tcase_add_loop_test(tc, test_path_basename, 0, countof(path_data)); suite_add_tcase(s, tc); + tc = tcase_create("path_absolute"); + tcase_add_loop_test(tc, test_path_absolute, 0, countof(path_data)); + suite_add_tcase(s, tc); + tc = tcase_create("printf_hooks"); tcase_add_loop_test(tc, test_time_printf_hook, 0, countof(time_data)); tcase_add_loop_test(tc, test_time_delta_printf_hook, 0, countof(time_delta_data)); diff --git a/src/libstrongswan/utils/utils.c b/src/libstrongswan/utils/utils.c index 2829aba77..0f12b58d7 100644 --- a/src/libstrongswan/utils/utils.c +++ b/src/libstrongswan/utils/utils.c @@ -288,6 +288,33 @@ char* path_basename(const char *path) return trail ? strndup(pos, trail - pos) : strdup(pos); } +/** + * Described in header. + */ +bool path_absolute(const char *path) +{ + if (!path) + { + return FALSE; + } +#ifdef WIN32 + if (strpfx(path, "\\\\")) + { /* UNC */ + return TRUE; + } + if (strlen(path) && isalpha(path[0]) && path[1] == ':') + { /* drive letter */ + return TRUE; + } +#else /* !WIN32 */ + if (path[0] == DIRECTORY_SEPARATOR[0]) + { + return TRUE; + } +#endif + return FALSE; +} + /** * Described in header. */ diff --git a/src/libstrongswan/utils/utils.h b/src/libstrongswan/utils/utils.h index 5a455baff..ac0841c49 100644 --- a/src/libstrongswan/utils/utils.h +++ b/src/libstrongswan/utils/utils.h @@ -568,6 +568,14 @@ char *path_dirname(const char *path); */ char *path_basename(const char *path); +/** + * Check if a given path is absolute. + * + * @param path path to check + * @return TRUE if absolute, FALSE if relative + */ +bool path_absolute(const char *path); + /** * Creates a directory and all required parent directories. * From bc9fd3735d1493f179dd1ffe45ba565193a880d9 Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Tue, 4 Mar 2014 13:59:04 +0100 Subject: [PATCH 102/138] parser-helper: Detect absolute pathnames and concatenate paths on Windows --- src/libstrongswan/utils/parser_helper.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/src/libstrongswan/utils/parser_helper.c b/src/libstrongswan/utils/parser_helper.c index 40c6cfedd..17307e92c 100644 --- a/src/libstrongswan/utils/parser_helper.c +++ b/src/libstrongswan/utils/parser_helper.c @@ -140,7 +140,7 @@ METHOD(parser_helper_t, file_include, void, return; } - if (!file->name || pattern[0] == '/') + if (!file->name || path_absolute(pattern)) { /* absolute path */ if (snprintf(pat, sizeof(pat), "%s", pattern) >= sizeof(pat)) { @@ -152,7 +152,8 @@ METHOD(parser_helper_t, file_include, void, else { /* base relative paths to the directory of the current file */ char *dir = path_dirname(file->name); - if (snprintf(pat, sizeof(pat), "%s/%s", dir, pattern) >= sizeof(pat)) + if (snprintf(pat, sizeof(pat), "%s%s%s", dir, DIRECTORY_SEPARATOR, + pattern) >= sizeof(pat)) { PARSER_DBG1(&this->public, "include pattern too long, ignored"); free(dir); From b67069b00cc8878b6f8fbe55e0498359e6f55413 Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Thu, 15 May 2014 15:12:35 +0200 Subject: [PATCH 103/138] swanctl: Concatenate relative certificate paths correctly on Windows --- src/swanctl/commands/load_conns.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/src/swanctl/commands/load_conns.c b/src/swanctl/commands/load_conns.c index d418cd3a4..c551601df 100644 --- a/src/swanctl/commands/load_conns.c +++ b/src/swanctl/commands/load_conns.c @@ -102,16 +102,18 @@ static void add_file_list_key(vici_req_t *req, char *key, char *value) enumerator = enumerator_create_token(value, ",", " "); while (enumerator->enumerate(enumerator, &token)) { - if (*token != '/') + if (!path_absolute(token)) { if (streq(key, "certs")) { - snprintf(buf, sizeof(buf), "%s/%s", SWANCTL_X509DIR, token); + snprintf(buf, sizeof(buf), "%s%s%s", + SWANCTL_X509DIR, DIRECTORY_SEPARATOR, token); token = buf; } if (streq(key, "cacerts")) { - snprintf(buf, sizeof(buf), "%s/%s", SWANCTL_X509CADIR, token); + snprintf(buf, sizeof(buf), "%s%s%s", + SWANCTL_X509CADIR, DIRECTORY_SEPARATOR, token); token = buf; } } From 74e14ea5472694ed645475f7946e731c1b27482c Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Tue, 4 Mar 2014 14:00:11 +0100 Subject: [PATCH 104/138] unit-tests: Adapt settings tests for Windows --- src/libstrongswan/tests/suites/test_settings.c | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/src/libstrongswan/tests/suites/test_settings.c b/src/libstrongswan/tests/suites/test_settings.c index 97e45fc04..32676be26 100644 --- a/src/libstrongswan/tests/suites/test_settings.c +++ b/src/libstrongswan/tests/suites/test_settings.c @@ -22,7 +22,11 @@ #include #include +#ifdef WIN32 +static char *path = "C:\\Windows\\Temp\\strongswan-settings-test"; +#else static char *path = "/tmp/strongswan-settings-test"; +#endif static settings_t *settings; static void create_settings(chunk_t contents) @@ -522,8 +526,13 @@ START_TEST(test_key_value_enumerator) } END_TEST -#define include1 "/tmp/strongswan-settings-test-include1" -#define include2 "/tmp/strongswan-settings-test-include2" +#ifdef WIN32 +# define include1 "C:\\Windows\\Temp\\strongswan-settings-test-include1" +# define include2 "C:\\Windows\\Temp\\strongswan-settings-test-include2" +#else +# define include1 "/tmp/strongswan-settings-test-include1" +# define include2 "/tmp/strongswan-settings-test-include2" +#endif START_SETUP(setup_include_config) { @@ -675,6 +684,7 @@ START_TEST(test_load_files_section) ck_assert(!settings->load_files_section(settings, include1".conf", TRUE, "")); verify_include(); +#ifndef WIN32 /* unreadable files are too (only fails when not running as root) */ if (getuid() != 0) { @@ -683,6 +693,7 @@ START_TEST(test_load_files_section) unlink(include1".no"); verify_include(); } +#endif ck_assert(settings->load_files_section(settings, include2, FALSE, "main")); verify_null("main.key1"); From 93168c5f1df52ad52ba28bfe4fb17c0931ed1a85 Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Wed, 5 Mar 2014 12:18:33 +0100 Subject: [PATCH 105/138] openssl: Be less verbose about FIPS mode when not running as daemon While this is valuable information, printing it for pki and other tools is annoying. --- src/libstrongswan/plugins/openssl/openssl_plugin.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/libstrongswan/plugins/openssl/openssl_plugin.c b/src/libstrongswan/plugins/openssl/openssl_plugin.c index 372a480fa..1ca1690ad 100644 --- a/src/libstrongswan/plugins/openssl/openssl_plugin.c +++ b/src/libstrongswan/plugins/openssl/openssl_plugin.c @@ -558,8 +558,8 @@ plugin_t *openssl_plugin_create() #ifdef OPENSSL_FIPS /* we do this here as it may have been enabled via openssl.conf */ fips_mode = FIPS_mode(); - DBG1(DBG_LIB, "openssl FIPS mode(%d) - %sabled ", fips_mode, - fips_mode ? "en" : "dis"); + dbg(DBG_LIB, strpfx(lib->ns, "charon") ? 1 : 2, + "openssl FIPS mode(%d) - %sabled ", fips_mode, fips_mode ? "en" : "dis"); #endif /* OPENSSL_FIPS */ #ifndef OPENSSL_NO_ENGINE From fc987bea52a4f7394edc24828b9237f72cb98114 Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Wed, 5 Mar 2014 15:45:42 +0100 Subject: [PATCH 106/138] charon-svc: When running as service, change working directory to executable Services get executed with system32 as current working directory. This does not work for us, as we expect paths to be relative to the executable. --- src/charon-svc/charon-svc.c | 31 ++++++++++++++++++++++++++++++- 1 file changed, 30 insertions(+), 1 deletion(-) diff --git a/src/charon-svc/charon-svc.c b/src/charon-svc/charon-svc.c index 3f4b80dce..c21fc1ff5 100644 --- a/src/charon-svc/charon-svc.c +++ b/src/charon-svc/charon-svc.c @@ -215,6 +215,32 @@ static DWORD service_handler(DWORD dwControl, DWORD dwEventType, } } +/** + * Switch the working directory to the executable directory + */ +static bool switch_workingdir() +{ + CHAR path[MAX_PATH], *pos; + HMODULE module; + + module = GetModuleHandle(NULL); + if (!module) + { + return FALSE; + } + if (!GetModuleFileName(module, path, sizeof(path))) + { + return FALSE; + } + pos = strrchr(path, '\\'); + if (!pos) + { + return FALSE; + } + *pos = 0; + return SetCurrentDirectory(path); +} + /** * Service main routine when running as service */ @@ -228,7 +254,10 @@ static void service_main(DWORD dwArgc, LPTSTR *lpszArgv) handle = RegisterServiceCtrlHandlerEx(SERVICE_NAME, service_handler, NULL); if (handle) { - init_and_run(dwArgc, lpszArgv); + if (switch_workingdir()) + { + init_and_run(dwArgc, lpszArgv); + } } } From 55c2b47a904473c10cb62ac6e884a398080a9ed9 Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Wed, 5 Mar 2014 16:28:38 +0100 Subject: [PATCH 107/138] file-logger: Emulate setlinebuf() if not supported by using fflush() --- src/libcharon/bus/listeners/file_logger.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/src/libcharon/bus/listeners/file_logger.c b/src/libcharon/bus/listeners/file_logger.c index c86cff132..e3661bde6 100644 --- a/src/libcharon/bus/listeners/file_logger.c +++ b/src/libcharon/bus/listeners/file_logger.c @@ -49,6 +49,11 @@ struct private_file_logger_t { */ FILE *out; + /** + * Flush after writing a line? + */ + bool flush_line; + /** * Maximum level to log, for each group */ @@ -137,6 +142,12 @@ METHOD(logger_t, log_, void, fprintf(this->out, "%.*s\n", (int)(next - current), current); current = next + 1; } +#ifndef HAVE_SETLINEBUF + if (this->flush_line) + { + fflush(this->out); + } +#endif /* !HAVE_SETLINEBUF */ this->mutex->unlock(this->mutex); this->lock->unlock(this->lock); } @@ -224,6 +235,7 @@ METHOD(file_logger_t, open_, void, this->lock->write_lock(this->lock); close_file(this); this->out = file; + this->flush_line = flush_line; this->lock->unlock(this->lock); } From 0c512610cc52c38ae3967fd74fa54c5ad887fcb0 Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Thu, 6 Mar 2014 17:24:27 +0100 Subject: [PATCH 108/138] imv-os: Don't build pacman on Windows --- src/libimcv/plugins/imv_os/Makefile.am | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/libimcv/plugins/imv_os/Makefile.am b/src/libimcv/plugins/imv_os/Makefile.am index 3a9537a4d..3b3f793f1 100644 --- a/src/libimcv/plugins/imv_os/Makefile.am +++ b/src/libimcv/plugins/imv_os/Makefile.am @@ -18,9 +18,11 @@ imv_os_la_SOURCES = \ imv_os_la_LDFLAGS = -module -avoid-version -no-undefined +if !USE_WINDOWS ipsec_PROGRAMS = pacman pacman_SOURCES = pacman.c pacman_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la pacman.o : $(top_builddir)/config.status EXTRA_DIST = pacman.sh +endif From 5388389befe692ad7bdf2dbcbfc6b74c189cd01b Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Thu, 6 Mar 2014 17:24:49 +0100 Subject: [PATCH 109/138] imc-os: Add missing TNC_IMC_API definitions, fixes warnings on Windows --- src/libimcv/plugins/imc_os/imc_os.c | 55 ++++++++++++++--------------- 1 file changed, 27 insertions(+), 28 deletions(-) diff --git a/src/libimcv/plugins/imc_os/imc_os.c b/src/libimcv/plugins/imc_os/imc_os.c index ed2cfdd59..c624d26b1 100644 --- a/src/libimcv/plugins/imc_os/imc_os.c +++ b/src/libimcv/plugins/imc_os/imc_os.c @@ -52,10 +52,10 @@ static imc_os_info_t *os; /** * see section 3.8.1 of TCG TNC IF-IMC Specification 1.3 */ -TNC_Result TNC_IMC_Initialize(TNC_IMCID imc_id, - TNC_Version min_version, - TNC_Version max_version, - TNC_Version *actual_version) +TNC_Result TNC_IMC_API TNC_IMC_Initialize(TNC_IMCID imc_id, + TNC_Version min_version, + TNC_Version max_version, + TNC_Version *actual_version) { if (imc_os) { @@ -89,9 +89,8 @@ TNC_Result TNC_IMC_Initialize(TNC_IMCID imc_id, /** * see section 3.8.2 of TCG TNC IF-IMC Specification 1.3 */ -TNC_Result TNC_IMC_NotifyConnectionChange(TNC_IMCID imc_id, - TNC_ConnectionID connection_id, - TNC_ConnectionState new_state) +TNC_Result TNC_IMC_API TNC_IMC_NotifyConnectionChange(TNC_IMCID imc_id, + TNC_ConnectionID connection_id, TNC_ConnectionState new_state) { imc_state_t *state; @@ -446,8 +445,8 @@ static void add_settings(enumerator_t *enumerator, imc_msg_t *msg) /** * see section 3.8.3 of TCG TNC IF-IMC Specification 1.3 */ -TNC_Result TNC_IMC_BeginHandshake(TNC_IMCID imc_id, - TNC_ConnectionID connection_id) +TNC_Result TNC_IMC_API TNC_IMC_BeginHandshake(TNC_IMCID imc_id, + TNC_ConnectionID connection_id) { imc_state_t *state; imc_msg_t *out_msg; @@ -594,11 +593,11 @@ static TNC_Result receive_message(imc_state_t *state, imc_msg_t *in_msg) * see section 3.8.4 of TCG TNC IF-IMC Specification 1.3 */ -TNC_Result TNC_IMC_ReceiveMessage(TNC_IMCID imc_id, - TNC_ConnectionID connection_id, - TNC_BufferReference msg, - TNC_UInt32 msg_len, - TNC_MessageType msg_type) +TNC_Result TNC_IMC_API TNC_IMC_ReceiveMessage(TNC_IMCID imc_id, + TNC_ConnectionID connection_id, + TNC_BufferReference msg, + TNC_UInt32 msg_len, + TNC_MessageType msg_type) { imc_state_t *state; imc_msg_t *in_msg; @@ -624,15 +623,15 @@ TNC_Result TNC_IMC_ReceiveMessage(TNC_IMCID imc_id, /** * see section 3.8.6 of TCG TNC IF-IMV Specification 1.3 */ -TNC_Result TNC_IMC_ReceiveMessageLong(TNC_IMCID imc_id, - TNC_ConnectionID connection_id, - TNC_UInt32 msg_flags, - TNC_BufferReference msg, - TNC_UInt32 msg_len, - TNC_VendorID msg_vid, - TNC_MessageSubtype msg_subtype, - TNC_UInt32 src_imv_id, - TNC_UInt32 dst_imc_id) +TNC_Result TNC_IMC_API TNC_IMC_ReceiveMessageLong(TNC_IMCID imc_id, + TNC_ConnectionID connection_id, + TNC_UInt32 msg_flags, + TNC_BufferReference msg, + TNC_UInt32 msg_len, + TNC_VendorID msg_vid, + TNC_MessageSubtype msg_subtype, + TNC_UInt32 src_imv_id, + TNC_UInt32 dst_imc_id) { imc_state_t *state; imc_msg_t *in_msg; @@ -659,8 +658,8 @@ TNC_Result TNC_IMC_ReceiveMessageLong(TNC_IMCID imc_id, /** * see section 3.8.7 of TCG TNC IF-IMC Specification 1.3 */ -TNC_Result TNC_IMC_BatchEnding(TNC_IMCID imc_id, - TNC_ConnectionID connection_id) +TNC_Result TNC_IMC_API TNC_IMC_BatchEnding(TNC_IMCID imc_id, + TNC_ConnectionID connection_id) { if (!imc_os) { @@ -673,7 +672,7 @@ TNC_Result TNC_IMC_BatchEnding(TNC_IMCID imc_id, /** * see section 3.8.8 of TCG TNC IF-IMC Specification 1.3 */ -TNC_Result TNC_IMC_Terminate(TNC_IMCID imc_id) +TNC_Result TNC_IMC_API TNC_IMC_Terminate(TNC_IMCID imc_id) { if (!imc_os) { @@ -692,8 +691,8 @@ TNC_Result TNC_IMC_Terminate(TNC_IMCID imc_id) /** * see section 4.2.8.1 of TCG TNC IF-IMC Specification 1.3 */ -TNC_Result TNC_IMC_ProvideBindFunction(TNC_IMCID imc_id, - TNC_TNCC_BindFunctionPointer bind_function) +TNC_Result TNC_IMC_API TNC_IMC_ProvideBindFunction(TNC_IMCID imc_id, + TNC_TNCC_BindFunctionPointer bind_function) { if (!imc_os) { From ede10dd9746fac902ef23cba2f6e69461a1a42e3 Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Thu, 6 Mar 2014 17:25:21 +0100 Subject: [PATCH 110/138] imv: Return an empty enumerator instead of null, as expected by callers --- src/libimcv/imv/imv_session.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/libimcv/imv/imv_session.c b/src/libimcv/imv/imv_session.c index 14fea2b18..faa22c3df 100644 --- a/src/libimcv/imv/imv_session.c +++ b/src/libimcv/imv/imv_session.c @@ -219,7 +219,7 @@ METHOD(imv_session_t, create_workitem_enumerator, enumerator_t*, { if (!this->policy_started) { - return NULL; + return enumerator_create_empty(); } return this->workitems->create_enumerator(this->workitems); } From 9b7d1a3b334f49673e9d05238db6aaf3b4214837 Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Thu, 6 Mar 2014 17:35:51 +0100 Subject: [PATCH 111/138] libimcv: Be a little more verbose about the Windows system reported --- src/libimcv/imc/imc_os_info.c | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/src/libimcv/imc/imc_os_info.c b/src/libimcv/imc/imc_os_info.c index 33f9bf5af..b01a14c01 100644 --- a/src/libimcv/imc/imc_os_info.c +++ b/src/libimcv/imc/imc_os_info.c @@ -133,14 +133,16 @@ static bool extract_platform_info(os_type_t *type, chunk_t *name, return FALSE; } *type = OS_TYPE_WINDOWS; - if (osvie.wProductType == VER_NT_WORKSTATION) - { - *name = chunk_clone(chunk_from_str("Client")); - } - else - { - *name = chunk_clone(chunk_from_str("Server")); - } + snprintf(buf, sizeof(buf), "Windows %s %s", + osvie.wProductType == VER_NT_WORKSTATION ? "Client" : "Server", +#ifdef WIN64 + "x86_64" +#else + "x86" +#endif + ); + *name = chunk_clone(chunk_from_str(buf)); + snprintf(buf, sizeof(buf), "%d.%d.%d (SP %d.%d)", osvie.dwMajorVersion, osvie.dwMinorVersion, osvie.dwBuildNumber, osvie.wServicePackMajor, osvie.wServicePackMinor); From ecc6c2e8a41b046efac3a760638864ff4f91413b Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Thu, 6 Mar 2014 19:08:24 +0100 Subject: [PATCH 112/138] libimcv: Pass TNC_SESSION_ID as argument instead as a environment variable Doing so works on Windows as well. --- src/libimcv/imv/_imv_policy | 14 ++++++++------ src/libimcv/imv/imv_database.c | 9 ++++----- src/libimcv/imv/imv_policy_manager.c | 13 +++---------- src/libimcv/imv/imv_policy_manager_usage.c | 3 +-- 4 files changed, 16 insertions(+), 23 deletions(-) diff --git a/src/libimcv/imv/_imv_policy b/src/libimcv/imv/_imv_policy index 68a963c27..056284411 100755 --- a/src/libimcv/imv/_imv_policy +++ b/src/libimcv/imv/_imv_policy @@ -20,18 +20,20 @@ # that, and use the "libimcv.policy_script = " option in strongswan.conf # to make strongSwan use yours instead of this default one. -# Environment variables that this script gets +# Passed arguments # -# TNC_SESSION_ID -# unique session ID used as a reference by the policy -# manager. +# $1 +# action +# $2 +# unique session ID used as a reference by the policy +# manager. # case "$1" in start) - echo "start session $TNC_SESSION_ID" + echo "start session $2" ;; stop) - echo "stop session $TNC_SESSION_ID" + echo "stop session $2" ;; *) echo "$0: unknown command '$1'" exit 1 diff --git a/src/libimcv/imv/imv_database.c b/src/libimcv/imv/imv_database.c index 2edb4df04..0c4bb7514 100644 --- a/src/libimcv/imv/imv_database.c +++ b/src/libimcv/imv/imv_database.c @@ -126,7 +126,7 @@ static bool create_session(private_imv_database_t *this, imv_session_t *session) DBG1(DBG_IMV, "imv_db: registering product info failed"); return FALSE; } - + /* get device ID string */ if (!session->get_device_id(session, &device_id)) { @@ -261,9 +261,9 @@ METHOD(imv_database_t, policy_script, bool, } /* call the policy script */ - snprintf(command, sizeof(command), "2>&1 TNC_SESSION_ID='%d' %s %s", - session->get_session_id(session, NULL, NULL), this->script, - start ? "start" : "stop"); + snprintf(command, sizeof(command), "2>&1 %s %s %d", + this->script, start ? "start" : "stop", + session->get_session_id(session, NULL, NULL)); DBG3(DBG_IMV, "running policy script: %s", command); shell = popen(command, "r"); @@ -363,4 +363,3 @@ imv_database_t *imv_database_create(char *uri, char *script) return &this->public; } - diff --git a/src/libimcv/imv/imv_policy_manager.c b/src/libimcv/imv/imv_policy_manager.c index 028721af3..50f7f2e39 100644 --- a/src/libimcv/imv/imv_policy_manager.c +++ b/src/libimcv/imv/imv_policy_manager.c @@ -278,7 +278,7 @@ static bool policy_stop(database_t *db, int session_id) int main(int argc, char *argv[]) { database_t *db; - char *uri, *tnc_session_id; + char *uri; int session_id; bool start, success; @@ -299,7 +299,7 @@ int main(int argc, char *argv[]) exit(SS_RC_INITIALIZATION_FAILED); } - if (argc < 2) + if (argc < 3) { usage(); exit(SS_RC_INITIALIZATION_FAILED); @@ -318,14 +318,7 @@ int main(int argc, char *argv[]) exit(SS_RC_INITIALIZATION_FAILED); } - /* get session ID */ - tnc_session_id = getenv("TNC_SESSION_ID"); - if (!tnc_session_id) - { - fprintf(stderr, "environment variable TNC_SESSION_ID is not defined\n"); - exit(SS_RC_INITIALIZATION_FAILED); - } - session_id = atoi(tnc_session_id); + session_id = atoi(argv[2]); /* attach IMV database */ uri = lib->settings->get_str(lib->settings, diff --git a/src/libimcv/imv/imv_policy_manager_usage.c b/src/libimcv/imv/imv_policy_manager_usage.c index 3167a5441..c71bc9958 100644 --- a/src/libimcv/imv/imv_policy_manager_usage.c +++ b/src/libimcv/imv/imv_policy_manager_usage.c @@ -24,6 +24,5 @@ void usage(void) { printf("\ Usage:\n\ - imv_policy_manager start|stop\n"); + imv_policy_manager start|stop \n"); } - From 0731d41ca9eefbf081a883aeacdf97533455234b Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Fri, 7 Mar 2014 12:27:20 +0100 Subject: [PATCH 113/138] attest: Properly separate and build absolute path names on Windows --- .../plugins/imv_attestation/attest_db.c | 41 +++++++++++++------ 1 file changed, 28 insertions(+), 13 deletions(-) diff --git a/src/libpts/plugins/imv_attestation/attest_db.c b/src/libpts/plugins/imv_attestation/attest_db.c index 0925300a0..d7f45ad29 100644 --- a/src/libpts/plugins/imv_attestation/attest_db.c +++ b/src/libpts/plugins/imv_attestation/attest_db.c @@ -198,6 +198,21 @@ char* print_cfn(pts_comp_func_name_t *cfn) return buf; } +/** + * Get the directory separator to append to a path + */ +static const char* get_separator(const char *path) +{ + if (streq(path, DIRECTORY_SEPARATOR)) + { /* root directory on Unix file system, no separator */ + return ""; + } + else + { /* non-root or Windows path, use system specific separator */ + return DIRECTORY_SEPARATOR; + } +} + METHOD(attest_db_t, set_component, bool, private_attest_db_t *this, char *comp, bool create) { @@ -314,9 +329,9 @@ METHOD(attest_db_t, set_directory, bool, return FALSE; } - /* remove trailing '/' character if not root directory */ + /* remove trailing '/' or '\' character if not root directory */ len = strlen(dir); - if (len > 1 && dir[len-1] == '/') + if (len > 1 && dir[len-1] == DIRECTORY_SEPARATOR[0]) { dir[len-1] = '\0'; } @@ -390,7 +405,6 @@ METHOD(attest_db_t, set_file, bool, private_attest_db_t *this, char *file, bool create) { int fid; - char *sep; enumerator_t *e; if (this->file) @@ -404,7 +418,6 @@ METHOD(attest_db_t, set_file, bool, { return TRUE; } - sep = streq(this->dir, "/") ? "" : "/"; e = this->db->query(this->db, "SELECT id FROM files " "WHERE dir = ? AND name = ?", DB_INT, this->did, DB_TEXT, file, DB_INT); @@ -423,7 +436,8 @@ METHOD(attest_db_t, set_file, bool, if (!create) { - printf("file '%s%s%s' not found in database\n", this->dir, sep, file); + printf("file '%s%s%s' not found in database\n", + this->dir, get_separator(this->dir), file); return FALSE; } @@ -434,8 +448,8 @@ METHOD(attest_db_t, set_file, bool, { this->fid = fid; } - printf("file '%s%s%s' %sinserted into database\n", this->dir, sep, file, - this->fid ? "" : "could not be "); + printf("file '%s%s%s' %sinserted into database\n", this->dir, + get_separator(this->dir), file, this->fid ? "" : "could not be "); return this->fid > 0; } @@ -1318,7 +1332,7 @@ METHOD(attest_db_t, list_hashes, void, printf("%d %N value%s found for file '%s%s%s'\n", count, pts_meas_algorithm_names, this->algo, (count == 1) ? "" : "s", this->dir, - streq(this->dir, "/") ? "" : "/", this->file); + get_separator(this->dir), this->file); } } else if (this->file) @@ -1655,7 +1669,8 @@ static bool insert_file_hash(private_attest_db_t *this, */ static bool add_hash(private_attest_db_t *this) { - char *pathname, *filename, *sep, *label; + char *pathname, *filename, *label; + const char *sep; pts_file_meas_t *measurements; chunk_t measurement; hasher_t *hasher = NULL; @@ -1666,7 +1681,7 @@ static bool add_hash(private_attest_db_t *this) { this->meas_dir = strdup(this->dir); } - sep = streq(this->meas_dir, "/") ? "" : "/"; + sep = get_separator(this->meas_dir); if (this->fid) { @@ -1803,8 +1818,8 @@ METHOD(attest_db_t, delete, bool, DB_UINT, this->algo, DB_UINT, this->pid, DB_UINT, this->fid) > 0; - printf("%4d: %s%s%s\n", this->fid, this->dir, - streq(this->dir, "/") ? "" : "/", this->file); + printf("%4d: %s%s%s\n", this->fid, this->dir, get_separator(this->dir), + this->file); printf("%N value for product '%s' %sdeleted from database\n", pts_meas_algorithm_names, this->algo, this->product, success ? "" : "could not be "); @@ -1846,7 +1861,7 @@ METHOD(attest_db_t, delete, bool, DB_UINT, this->fid) > 0; printf("file '%s%s%s' %sdeleted from database\n", this->dir, - streq(this->dir, "/") ? "" : "/", this->file, + get_separator(this->dir), this->file, success ? "" : "could not be "); return success; } From 0b786610429a75e054a55408f862a349e5778d06 Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Fri, 7 Mar 2014 12:28:07 +0100 Subject: [PATCH 114/138] libpts: Respect path separators when concatenating database filenames As we can't use the system native directory separator on cross-platform measurements, we determine the path separator from the base directory format. --- src/libpts/pts/pts_database.c | 21 +++++++++++++++------ 1 file changed, 15 insertions(+), 6 deletions(-) diff --git a/src/libpts/pts/pts_database.c b/src/libpts/pts/pts_database.c index e9a0e5faa..f2e2c9c74 100644 --- a/src/libpts/pts/pts_database.c +++ b/src/libpts/pts/pts_database.c @@ -48,7 +48,7 @@ METHOD(pts_database_t, get_pathname, char*, private_pts_database_t *this, bool is_dir, int id) { enumerator_t *e; - char *path, *name, *pathname; + char *path, *name, *sep, *pathname = NULL; if (is_dir) { @@ -70,11 +70,21 @@ METHOD(pts_database_t, get_pathname, char*, "SELECT d.path, f.name FROM files AS f " "JOIN directories AS d ON d.id = f.dir WHERE f.id = ?", DB_INT, id, DB_TEXT, DB_TEXT); - if (!e || !e->enumerate(e, &path, &name) || - asprintf(&pathname, "%s%s%s", - path, streq(path, "/") ? "" : "/", name) == -1) + if (e && e->enumerate(e, &path, &name)) { - pathname = NULL; + if (path[0] == '/') + { /* Unix style absolute path */ + sep = "/"; + } + else + { /* Windows absolute path */ + sep = "\\"; + } + if (asprintf(&pathname, "%s%s%s", + path, streq(path, "/") ? "" : sep, name) == -1) + { + pathname = NULL; + } } } DESTROY_IF(e); @@ -420,4 +430,3 @@ pts_database_t *pts_database_create(imv_database_t *imv_db) return &this->public; } - From fc50731376c454116820cc39814851a629ebcc0e Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Fri, 7 Mar 2014 12:53:19 +0100 Subject: [PATCH 115/138] imv: Provide database table scheme for MySQL --- src/libimcv/Makefile.am | 2 +- src/libimcv/imv/tables-mysql.sql | 200 +++++++++++++++++++++++++++++++ 2 files changed, 201 insertions(+), 1 deletion(-) create mode 100644 src/libimcv/imv/tables-mysql.sql diff --git a/src/libimcv/Makefile.am b/src/libimcv/Makefile.am index ca5a9ac7c..0c56169ee 100644 --- a/src/libimcv/Makefile.am +++ b/src/libimcv/Makefile.am @@ -60,7 +60,7 @@ ipsec_SCRIPTS = imv/_imv_policy EXTRA_DIST = imv/_imv_policy templatesdir = $(pkgdatadir)/templates/database/imv -dist_templates_DATA = imv/tables.sql imv/data.sql +dist_templates_DATA = imv/tables.sql imv/tables-mysql.sql imv/data.sql ipsec_PROGRAMS = imv_policy_manager imv_policy_manager_SOURCES = \ diff --git a/src/libimcv/imv/tables-mysql.sql b/src/libimcv/imv/tables-mysql.sql new file mode 100644 index 000000000..47ee41c86 --- /dev/null +++ b/src/libimcv/imv/tables-mysql.sql @@ -0,0 +1,200 @@ + +DROP TABLE IF EXISTS `directories`; +CREATE TABLE `directories` ( + `id` INTEGER NOT NULL PRIMARY KEY AUTO_INCREMENT, + `path` VARCHAR(2048) NOT NULL +); + +DROP TABLE IF EXISTS `files`; +CREATE TABLE `files` ( + `id` INTEGER NOT NULL PRIMARY KEY AUTO_INCREMENT, + `dir` INTEGER DEFAULT 0 REFERENCES `directories`(`id`), + `name` VARCHAR(512) NOT NULL +); + +DROP TABLE IF EXISTS `products`; +CREATE TABLE `products` ( + `id` INTEGER NOT NULL PRIMARY KEY AUTO_INCREMENT, + `name` VARCHAR(128) NOT NULL +); + +DROP TABLE IF EXISTS `algorithms`; +CREATE TABLE `algorithms` ( + `id` INTEGER PRIMARY KEY, + `name` VARCHAR(20) NOT NULL +); + +DROP TABLE IF EXISTS `file_hashes`; +CREATE TABLE `file_hashes` ( + `id` INTEGER NOT NULL PRIMARY KEY AUTO_INCREMENT, + `file` INTEGER NOT NULL REFERENCES `files`(`id`), + `product` INTEGER NOT NULL REFERENCES `products`(`id`), + `device` INTEGER DEFAULT 0, + `key` INTEGER DEFAULT 0 REFERENCES `keys`(id), + `algo` INTEGER NOT NULL REFERENCES `algorithms`(`id`), + `hash` VARBINARY(64) NOT NULL +); + +DROP TABLE IF EXISTS `keys`; +CREATE TABLE `keys` ( + `id` INTEGER NOT NULL PRIMARY KEY AUTO_INCREMENT, + `keyid` VARBINARY(128) NOT NULL, + `owner` VARCHAR(128) NOT NULL +); + +DROP TABLE IF EXISTS `groups`; +CREATE TABLE `groups` ( + `id` INTEGER NOT NULL PRIMARY KEY AUTO_INCREMENT, + `name` VARCHAR(50) NOT NULL UNIQUE, + `parent` INTEGER +); + +DROP TABLE IF EXISTS `groups_members`; +CREATE TABLE `groups_members` ( + `id` INTEGER NOT NULL PRIMARY KEY AUTO_INCREMENT, + `group_id` INTEGER NOT NULL REFERENCES `groups`(`id`), + `device_id` INTEGER NOT NULL REFERENCES `devices`(`id`), + UNIQUE (`group_id`, `device_id`) +); + +DROP TABLE IF EXISTS `groups_product_defaults`; +CREATE TABLE `groups_product_defaults` ( + `id` INTEGER NOT NULL PRIMARY KEY AUTO_INCREMENT, + `group_id` INTEGER NOT NULL REFERENCES `groups`(`id`), + `product_id` INTEGER NOT NULL REFERENCES `products`(`id`), + UNIQUE (`group_id`, `product_id`) +); + +DROP TABLE IF EXISTS `policies`; +CREATE TABLE `policies` ( + `id` INTEGER NOT NULL PRIMARY KEY AUTO_INCREMENT, + `type` INTEGER NOT NULL, + `name` VARCHAR(100) NOT NULL UNIQUE, + `argument` VARCHAR(100) DEFAULT '' NOT NULL, + `rec_fail` INTEGER NOT NULL, + `rec_noresult` INTEGER NOT NULL, + `file` INTEGER DEFAULT 0 REFERENCES `files`(`id`), + `dir` INTEGER DEFAULT 0 REFERENCES `directories`(`id`) +); + +DROP TABLE IF EXISTS `enforcements`; +CREATE TABLE `enforcements` ( + `id` INTEGER NOT NULL PRIMARY KEY AUTO_INCREMENT, + `policy` INTEGER NOT NULL REFERENCES `policies`(`id`), + `group_id` INTEGER NOT NULL REFERENCES `groups`(`id`), + `rec_fail` INTEGER, + `rec_noresult` INTEGER, + `max_age` INTEGER NOT NULL, + UNIQUE (`policy`, `group_id`) +); + +DROP TABLE IF EXISTS `sessions`; +CREATE TABLE `sessions` ( + `id` INTEGER NOT NULL PRIMARY KEY AUTO_INCREMENT, + `time` INTEGER NOT NULL, + `connection` INTEGER NOT NULL, + `identity` INTEGER DEFAULT 0 REFERENCES `identities`(`id`), + `device` INTEGER DEFAULT 0 REFERENCES `devices`(`id`), + `product` INTEGER DEFAULT 0 REFERENCES `products`(`id`), + `rec` INTEGER DEFAULT 3 +); + +DROP TABLE IF EXISTS `workitems`; +CREATE TABLE `workitems` ( + `id` INTEGER NOT NULL PRIMARY KEY AUTO_INCREMENT, + `session` INTEGER NOT NULL REFERENCES `sessions`(`id`), + `enforcement` INTEGER NOT NULL REFERENCES `enforcements`(`id`), + `type` INTEGER NOT NULL, + `arg_str` VARCHAR(128), + `arg_int` INTEGER DEFAULT 0, + `rec_fail` INTEGER NOT NULL, + `rec_noresult` INTEGER NOT NULL, + `rec_final` INTEGER, + `result` VARCHAR(128) +); + +DROP TABLE IF EXISTS `results`; +CREATE TABLE `results` ( + `id` INTEGER NOT NULL PRIMARY KEY AUTO_INCREMENT, + `session` INTEGER NOT NULL REFERENCES `measurements`(`id`), + `policy` INTEGER NOT NULL REFERENCES `policies`(`id`), + `rec` INTEGER NOT NULL, + `result` TEXT NOT NULL +); + +DROP TABLE IF EXISTS `components`; +CREATE TABLE `components` ( + `id` INTEGER NOT NULL PRIMARY KEY AUTO_INCREMENT, + `vendor_id` INTEGER NOT NULL, + `name` INTEGER NOT NULL, + `qualifier` INTEGER DEFAULT 0 +); + +DROP TABLE IF EXISTS `key_component`; +CREATE TABLE `key_component` ( + `key` INTEGER NOT NULL, + `component` INTEGER NOT NULL, + `depth` INTEGER DEFAULT 0, + `seq_no` INTEGER DEFAULT 0, + PRIMARY KEY (`key`, `component`) +); + +DROP TABLE IF EXISTS `component_hashes`; +CREATE TABLE `component_hashes` ( + `component` INTEGER NOT NULL, + `key` INTEGER NOT NULL, + `seq_no` INTEGER NOT NULL, + `pcr` INTEGER NOT NULL, + `algo` INTEGER NOT NULL, + `hash` VARBINARY(32) NOT NULL, + PRIMARY KEY(`component`, `key`, `seq_no`, `algo`) +); + +DROP TABLE IF EXISTS `packages`; +CREATE TABLE `packages` ( + `id` INTEGER NOT NULL PRIMARY KEY AUTO_INCREMENT, + `name` VARCHAR(128) NOT NULL, + `blacklist` INTEGER DEFAULT 0 +); + +DROP TABLE IF EXISTS versions; +CREATE TABLE versions ( + `id` INTEGER NOT NULL PRIMARY KEY AUTO_INCREMENT, + `package` INTEGER NOT NULL REFERENCES packages(id), + `product` INTEGER NOT NULL REFERENCES products(id), + `release` VARCHAR(32) NOT NULL, + `security` INTEGER DEFAULT 0, + `blacklist` INTEGER DEFAULT 0, + `time` INTEGER DEFAULT 0 +); + +DROP TABLE IF EXISTS `devices`; +CREATE TABLE `devices` ( + `id` INTEGER NOT NULL PRIMARY KEY AUTO_INCREMENT, + `description` VARCHAR(100) DEFAULT "", + `value` VARCHAR(256) NOT NULL, + `product` INTEGER REFERENCES `products`(`id`), + `created` INTEGER +); + +DROP TABLE IF EXISTS `identities`; +CREATE TABLE `identities` ( + `id` INTEGER NOT NULL PRIMARY KEY AUTO_INCREMENT, + `type` INTEGER NOT NULL, + `value` VARBINARY(128) NOT NULL, + UNIQUE (type, value) +); + +DROP TABLE IF EXISTS `regids`; +CREATE TABLE `regids` ( + `id` INTEGER NOT NULL PRIMARY KEY AUTO_INCREMENT, + `name` TEXT NOT NULL +); + +DROP TABLE IF EXISTS `tags`; +CREATE TABLE `tags` ( + `id` INTEGER NOT NULL PRIMARY KEY AUTO_INCREMENT, + `regid` INTEGER NOT NULL REFERENCES `regids`(`id`), + `unique_sw_id` VARCHAR(64) NOT NULL, + `value` VARCHAR(128) +); From 1309cb7b1a5e025ba80aa370e6d3a12d1806740a Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Sat, 8 Mar 2014 14:37:28 +0100 Subject: [PATCH 116/138] chunk: On Windows, use binary mode in chunk_write() --- src/libstrongswan/utils/chunk.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/src/libstrongswan/utils/chunk.c b/src/libstrongswan/utils/chunk.c index de8996c82..ef79a7453 100644 --- a/src/libstrongswan/utils/chunk.c +++ b/src/libstrongswan/utils/chunk.c @@ -221,7 +221,14 @@ bool chunk_write(chunk_t chunk, char *path, mode_t mask, bool force) return FALSE; } oldmask = umask(mask); - fd = fopen(path, "w"); + fd = fopen(path, +#ifdef WIN32 + "wb" +#else + "w" +#endif + ); + if (fd) { if (fwrite(chunk.ptr, sizeof(u_char), chunk.len, fd) == chunk.len) From f1e7b9b0d7afd0e62984790d8c0eaa7e506142e6 Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Mon, 10 Mar 2014 17:35:06 +0100 Subject: [PATCH 117/138] pki: Stop prompting for password when entering empty string --- src/pki/pki.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/pki/pki.c b/src/pki/pki.c index 8d880f066..55b300e1a 100644 --- a/src/pki/pki.c +++ b/src/pki/pki.c @@ -182,7 +182,7 @@ static shared_key_t* cb(void *data, shared_key_type_t type, #ifdef HAVE_GETPASS secret = getpass(buf); #endif - if (secret) + if (secret && strlen(secret)) { if (match_me) { From 13298719e3edc01fcbd1b3cb85ee36efaa573822 Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Sat, 8 Mar 2014 14:57:54 +0100 Subject: [PATCH 118/138] pki: Switch to binary mode on Windows when reading/writing DER to FDs --- src/pki/commands/acert.c | 2 ++ src/pki/commands/gen.c | 2 +- src/pki/commands/issue.c | 2 ++ src/pki/commands/keyid.c | 1 + src/pki/commands/pkcs7.c | 1 + src/pki/commands/print.c | 1 + src/pki/commands/pub.c | 2 ++ src/pki/commands/req.c | 2 ++ src/pki/commands/self.c | 2 ++ src/pki/commands/signcrl.c | 1 + src/pki/commands/verify.c | 1 + src/pki/pki.c | 28 ++++++++++++++++++++++++++++ src/pki/pki.h | 5 +++++ 13 files changed, 49 insertions(+), 1 deletion(-) diff --git a/src/pki/commands/acert.c b/src/pki/commands/acert.c index 4a11c4716..185aa40b4 100644 --- a/src/pki/commands/acert.c +++ b/src/pki/commands/acert.c @@ -196,6 +196,7 @@ static int acert() } else { + set_file_mode(stdin, CERT_ASN1_DER); if (!chunk_from_fd(0, &encoding)) { fprintf(stderr, "%s: ", strerror(errno)); @@ -232,6 +233,7 @@ static int acert() error = "encoding attribute certificate failed"; goto end; } + set_file_mode(stdout, form); if (fwrite(encoding.ptr, encoding.len, 1, stdout) != 1) { error = "writing attribute certificate key failed"; diff --git a/src/pki/commands/gen.c b/src/pki/commands/gen.c index b74be7d98..ce28a0971 100644 --- a/src/pki/commands/gen.c +++ b/src/pki/commands/gen.c @@ -133,6 +133,7 @@ static int gen() return 1; } key->destroy(key); + set_file_mode(stdout, form); if (fwrite(encoding.ptr, encoding.len, 1, stdout) != 1) { fprintf(stderr, "writing private key failed\n"); @@ -163,4 +164,3 @@ static void __attribute__ ((constructor))reg() } }); } - diff --git a/src/pki/commands/issue.c b/src/pki/commands/issue.c index 339a88042..aaa2c2ff7 100644 --- a/src/pki/commands/issue.c +++ b/src/pki/commands/issue.c @@ -402,6 +402,7 @@ static int issue() { chunk_t chunk; + set_file_mode(stdin, CERT_ASN1_DER); if (!chunk_from_fd(0, &chunk)) { fprintf(stderr, "%s: ", strerror(errno)); @@ -500,6 +501,7 @@ static int issue() error = "encoding certificate failed"; goto end; } + set_file_mode(stdout, form); if (fwrite(encoding.ptr, encoding.len, 1, stdout) != 1) { error = "writing certificate key failed"; diff --git a/src/pki/commands/keyid.c b/src/pki/commands/keyid.c index 64bb3cc2c..c3ac0c288 100644 --- a/src/pki/commands/keyid.c +++ b/src/pki/commands/keyid.c @@ -91,6 +91,7 @@ static int keyid() { chunk_t chunk; + set_file_mode(stdin, CERT_ASN1_DER); if (!chunk_from_fd(0, &chunk)) { fprintf(stderr, "reading input failed: %s\n", strerror(errno)); diff --git a/src/pki/commands/pkcs7.c b/src/pki/commands/pkcs7.c index 6c75693ab..28bcd1397 100644 --- a/src/pki/commands/pkcs7.c +++ b/src/pki/commands/pkcs7.c @@ -58,6 +58,7 @@ static bool write_to_stream(FILE *stream, chunk_t data) { size_t len, total = 0; + set_file_mode(stream, CERT_ASN1_DER); while (total < data.len) { len = fwrite(data.ptr + total, 1, data.len - total, stream); diff --git a/src/pki/commands/print.c b/src/pki/commands/print.c index 15ace035d..fb07169bf 100644 --- a/src/pki/commands/print.c +++ b/src/pki/commands/print.c @@ -604,6 +604,7 @@ static int print() { chunk_t chunk; + set_file_mode(stdin, CERT_ASN1_DER); if (!chunk_from_fd(0, &chunk)) { fprintf(stderr, "reading input failed: %s\n", strerror(errno)); diff --git a/src/pki/commands/pub.c b/src/pki/commands/pub.c index 260044c4e..b8d2f701d 100644 --- a/src/pki/commands/pub.c +++ b/src/pki/commands/pub.c @@ -110,6 +110,7 @@ static int pub() { chunk_t chunk; + set_file_mode(stdin, CERT_ASN1_DER); if (!chunk_from_fd(0, &chunk)) { fprintf(stderr, "reading input failed: %s\n", strerror(errno)); @@ -163,6 +164,7 @@ static int pub() return 1; } public->destroy(public); + set_file_mode(stdout, form); if (fwrite(encoding.ptr, encoding.len, 1, stdout) != 1) { fprintf(stderr, "writing public key failed\n"); diff --git a/src/pki/commands/req.c b/src/pki/commands/req.c index 1dce8cba2..023683569 100644 --- a/src/pki/commands/req.c +++ b/src/pki/commands/req.c @@ -118,6 +118,7 @@ static int req() { chunk_t chunk; + set_file_mode(stdin, CERT_ASN1_DER); if (!chunk_from_fd(0, &chunk)) { fprintf(stderr, "reading private key failed: %s\n", strerror(errno)); @@ -150,6 +151,7 @@ static int req() error = "encoding certificate request failed"; goto end; } + set_file_mode(stdout, form); if (fwrite(encoding.ptr, encoding.len, 1, stdout) != 1) { error = "writing certificate request failed"; diff --git a/src/pki/commands/self.c b/src/pki/commands/self.c index 80f5053a1..daefcdc10 100644 --- a/src/pki/commands/self.c +++ b/src/pki/commands/self.c @@ -292,6 +292,7 @@ static int self() { chunk_t chunk; + set_file_mode(stdin, CERT_ASN1_DER); if (!chunk_from_fd(0, &chunk)) { fprintf(stderr, "%s: ", strerror(errno)); @@ -360,6 +361,7 @@ static int self() error = "encoding certificate failed"; goto end; } + set_file_mode(stdout, form); if (fwrite(encoding.ptr, encoding.len, 1, stdout) != 1) { error = "writing certificate key failed"; diff --git a/src/pki/commands/signcrl.c b/src/pki/commands/signcrl.c index 3be020a4c..e5f49efe2 100644 --- a/src/pki/commands/signcrl.c +++ b/src/pki/commands/signcrl.c @@ -405,6 +405,7 @@ static int sign_crl() error = "encoding CRL failed"; goto error; } + set_file_mode(stdout, form); if (fwrite(encoding.ptr, encoding.len, 1, stdout) != 1) { error = "writing CRL failed"; diff --git a/src/pki/commands/verify.c b/src/pki/commands/verify.c index f30dda94d..6cfaaf263 100644 --- a/src/pki/commands/verify.c +++ b/src/pki/commands/verify.c @@ -59,6 +59,7 @@ static int verify() { chunk_t chunk; + set_file_mode(stdin, CERT_ASN1_DER); if (!chunk_from_fd(0, &chunk)) { fprintf(stderr, "reading certificate failed: %s\n", strerror(errno)); diff --git a/src/pki/pki.c b/src/pki/pki.c index 55b300e1a..5d37bfb9f 100644 --- a/src/pki/pki.c +++ b/src/pki/pki.c @@ -19,6 +19,7 @@ #include #include +#include #include #include @@ -153,6 +154,33 @@ bool calculate_lifetime(char *format, char *nbstr, char *nastr, time_t span, return TRUE; } +/** + * Set output file mode appropriate for credential encoding form on Windows + */ +void set_file_mode(FILE *stream, cred_encoding_type_t enc) +{ +#ifdef WIN32 + int fd; + + switch (enc) + { + case CERT_PEM: + case PRIVKEY_PEM: + case PUBKEY_PEM: + /* keep default text mode */ + return; + default: + /* switch to binary mode */ + break; + } + fd = fileno(stream); + if (fd != -1) + { + _setmode(fd, _O_BINARY); + } +#endif +} + /** * Callback credential set pki uses */ diff --git a/src/pki/pki.h b/src/pki/pki.h index 616fac44a..1f0827733 100644 --- a/src/pki/pki.h +++ b/src/pki/pki.h @@ -50,4 +50,9 @@ bool get_form(char *form, cred_encoding_type_t *enc, credential_type_t type); bool calculate_lifetime(char *format, char *nbstr, char *nastr, time_t span, time_t *nb, time_t *na); +/** + * Set output file mode appropriate for credential encoding form on Windows + */ +void set_file_mode(FILE *stream, cred_encoding_type_t enc); + #endif /** PKI_H_ @}*/ From 66c0801dc7a789f0f2143d55b5067f246bf95d5f Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Mon, 10 Mar 2014 12:12:47 +0100 Subject: [PATCH 119/138] utils: Add a wait_sigint() function to wait for SIGINT or equivalent --- src/libstrongswan/utils/utils.c | 83 +++++++++++++++++++++++++++++++++ src/libstrongswan/utils/utils.h | 5 ++ 2 files changed, 88 insertions(+) diff --git a/src/libstrongswan/utils/utils.c b/src/libstrongswan/utils/utils.c index 0f12b58d7..8ef9a1f33 100644 --- a/src/libstrongswan/utils/utils.c +++ b/src/libstrongswan/utils/utils.c @@ -31,12 +31,17 @@ #include #include #include +#ifndef WIN32 +# include +#endif #include #include #include #include #include +#include +#include ENUM(status_names, SUCCESS, NEED_MORE, "SUCCESS", @@ -222,6 +227,84 @@ char* strreplace(const char *str, const char *search, const char *replace) return res; } +#ifdef WIN32 + +/** + * Flag to indicate signaled wait_sigint() + */ +static bool sigint_signaled = FALSE; + +/** + * Condvar to wait in wait_sigint() + */ +static condvar_t *sigint_cond; + +/** + * Mutex to check signaling() + */ +static mutex_t *sigint_mutex; + +/** + * Control handler to catch ^C + */ +static BOOL handler(DWORD dwCtrlType) +{ + switch (dwCtrlType) + { + case CTRL_C_EVENT: + case CTRL_BREAK_EVENT: + case CTRL_CLOSE_EVENT: + sigint_mutex->lock(sigint_mutex); + sigint_signaled = TRUE; + sigint_cond->signal(sigint_cond); + sigint_mutex->unlock(sigint_mutex); + return TRUE; + default: + return FALSE; + } +} + +/** + * Windows variant + */ +void wait_sigint() +{ + SetConsoleCtrlHandler(handler, TRUE); + + sigint_mutex = mutex_create(MUTEX_TYPE_DEFAULT); + sigint_cond = condvar_create(CONDVAR_TYPE_DEFAULT); + + sigint_mutex->lock(sigint_mutex); + while (!sigint_signaled) + { + sigint_cond->wait(sigint_cond, sigint_mutex); + } + sigint_mutex->unlock(sigint_mutex); + + sigint_mutex->destroy(sigint_mutex); + sigint_cond->destroy(sigint_cond); +} + +#else /* !WIN32 */ + +/** + * Unix variant + */ +void wait_sigint() +{ + sigset_t set; + int sig; + + sigemptyset(&set); + sigaddset(&set, SIGINT); + sigaddset(&set, SIGTERM); + + sigprocmask(SIG_BLOCK, &set, NULL); + sigwait(&set, &sig); +} + +#endif + /** * Described in header. */ diff --git a/src/libstrongswan/utils/utils.h b/src/libstrongswan/utils/utils.h index ac0841c49..961ddb583 100644 --- a/src/libstrongswan/utils/utils.h +++ b/src/libstrongswan/utils/utils.h @@ -542,6 +542,11 @@ char *translate(char *str, const char *from, const char *to); */ char *strreplace(const char *str, const char *search, const char *replace); +/** + * Portable function to wait for SIGINT/SIGTERM (or equivalent). + */ +void wait_sigint(); + /** * Like dirname(3) returns the directory part of the given null-terminated * pathname, up to but not including the final '/' (or '.' if no '/' is found). From c2c2c639afbae4e7ddb90d10cfa9a25734d3d283 Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Wed, 2 Apr 2014 11:31:41 +0200 Subject: [PATCH 120/138] travis: Build "all" test without Windows specific charon-svc or dbghelp --- scripts/test.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/scripts/test.sh b/scripts/test.sh index bc09c76d4..2c8872ce4 100755 --- a/scripts/test.sh +++ b/scripts/test.sh @@ -31,7 +31,8 @@ all) CONFIG="--enable-all --disable-android-dns --disable-android-log --disable-dumm --disable-kernel-pfroute --disable-keychain --disable-lock-profiler --disable-maemo --disable-padlock - --disable-osx-attr --disable-tkm --disable-uci --disable-aikgen" + --disable-osx-attr --disable-tkm --disable-uci --disable-aikgen + --disable-svc --disable-dbghelp-backtraces" if test "$LEAK_DETECTIVE" = "yes"; then # libgcrypt can't be deinitialized CONFIG="$CONFIG --disable-gcrypt" From 549502bcb20ed6a91fc7afaaaa9e23f382d56632 Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Wed, 2 Apr 2014 12:29:32 +0200 Subject: [PATCH 121/138] unit-tests: Force a CET/CEST timezone Windows understands As it is currently unclear what the "three-letter-timezone" for CEST is, we use the German timezone, which actually is CET/CEST. SetEnvironmentVariable() "TZ" does not seem to affect localtime(), so we use _putenv() instead. --- src/libstrongswan/tests/suites/test_utils.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/libstrongswan/tests/suites/test_utils.c b/src/libstrongswan/tests/suites/test_utils.c index 1a2f74c04..abca4620e 100644 --- a/src/libstrongswan/tests/suites/test_utils.c +++ b/src/libstrongswan/tests/suites/test_utils.c @@ -701,7 +701,11 @@ Suite *utils_suite_create() TCase *tc; /* force a timezone to match non-UTC conversions */ +#ifdef WIN32 + _putenv("TZ=GST-1GDT"); +#else setenv("TZ", "Europe/Zurich", 1); +#endif tzset(); s = suite_create("utils"); From d34d800c6c77f2dc6efba12ab079b49f1a39301e Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Wed, 2 Apr 2014 15:16:15 +0200 Subject: [PATCH 122/138] openssl: Don't re-enter FIPS mode if we are already using it If FIPS mode has been enabled by other means, under some environments it can't be entered again. It fails with "FIPS mode already set". To avoid it, we first check the mode before changing it. --- src/libstrongswan/plugins/openssl/openssl_plugin.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/src/libstrongswan/plugins/openssl/openssl_plugin.c b/src/libstrongswan/plugins/openssl/openssl_plugin.c index 1ca1690ad..a426cdcb3 100644 --- a/src/libstrongswan/plugins/openssl/openssl_plugin.c +++ b/src/libstrongswan/plugins/openssl/openssl_plugin.c @@ -526,9 +526,10 @@ plugin_t *openssl_plugin_create() #ifdef OPENSSL_FIPS if (fips_mode) { - if (!FIPS_mode_set(fips_mode)) + if (FIPS_mode() != fips_mode && !FIPS_mode_set(fips_mode)) { - DBG1(DBG_LIB, "unable to set openssl FIPS mode(%d)", fips_mode); + DBG1(DBG_LIB, "unable to set openssl FIPS mode(%d) from (%d)", + fips_mode, FIPS_mode()); return NULL; } } From 5cd28cd25a009fd4d0d5b91b60e82cf7a661a169 Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Thu, 3 Apr 2014 11:15:51 +0200 Subject: [PATCH 123/138] pki: Provide a fallback if strptime() not supported For simplicity, we support the default pki datetime format only, but optionally accept four digit years for longer lifetimes. --- configure.ac | 2 +- src/pki/pki.c | 72 ++++++++++++++++++++++++++++++++++++++++++++------- 2 files changed, 64 insertions(+), 10 deletions(-) diff --git a/configure.ac b/configure.ac index 759e4a16a..67017773a 100644 --- a/configure.ac +++ b/configure.ac @@ -570,7 +570,7 @@ AC_CHECK_FUNC( ) AC_CHECK_FUNCS(prctl mallinfo getpass closefrom getpwnam_r getgrnam_r getpwuid_r) -AC_CHECK_FUNCS(fmemopen funopen mmap memrchr setlinebuf) +AC_CHECK_FUNCS(fmemopen funopen mmap memrchr setlinebuf strptime) AC_CHECK_FUNC([syslog], [ AC_DEFINE([HAVE_SYSLOG], [], [have syslog(3) and friends]) diff --git a/src/pki/pki.c b/src/pki/pki.c index 5d37bfb9f..434287de6 100644 --- a/src/pki/pki.c +++ b/src/pki/pki.c @@ -105,13 +105,12 @@ bool get_form(char *form, cred_encoding_type_t *enc, credential_type_t type) } /** - * See header + * Convert a time string to struct tm using strptime format */ -bool calculate_lifetime(char *format, char *nbstr, char *nastr, time_t span, - time_t *nb, time_t *na) +static bool convert_time(char *str, char *format, struct tm *tm) { - struct tm tm; - time_t now; +#ifdef HAVE_STRPTIME + char *end; if (!format) @@ -119,29 +118,84 @@ bool calculate_lifetime(char *format, char *nbstr, char *nastr, time_t span, format = "%d.%m.%y %T"; } + end = strptime(str, format, tm); + if (end == NULL || *end != '\0') + { + return FALSE; + } + return TRUE; + +#else /* !HAVE_STRPTIME */ + + if (format) + { + fprintf(stderr, "custom datetime string format not supported\n"); + return FALSE; + } + + if (sscanf(str, "%d.%d.%d %d:%d:%d", + &tm->tm_mday, &tm->tm_mon, &tm->tm_year, + &tm->tm_hour, &tm->tm_min, &tm->tm_sec) != 6) + { + return FALSE; + } + /* strptime() interprets two-digit years > 68 as 19xx, do the same here. + * mktime() expects years based on 1900 */ + if (tm->tm_year <= 68) + { + tm->tm_year += 100; + } + else if (tm->tm_year >= 1900) + { /* looks like four digits? */ + tm->tm_year -= 1900; + } + /* month is specified from 0-11 */ + tm->tm_mon--; + /* automatically detect daylight saving time */ + tm->tm_isdst = -1; + return TRUE; + +#endif /* !HAVE_STRPTIME */ +} + +/** + * See header + */ +bool calculate_lifetime(char *format, char *nbstr, char *nastr, time_t span, + time_t *nb, time_t *na) +{ + struct tm tm; + time_t now; + now = time(NULL); localtime_r(&now, &tm); if (nbstr) { - end = strptime(nbstr, format, &tm); - if (end == NULL || *end != '\0') + if (!convert_time(nbstr, format, &tm)) { return FALSE; } } *nb = mktime(&tm); + if (*nb == -1) + { + return FALSE; + } localtime_r(&now, &tm); if (nastr) { - end = strptime(nastr, format, &tm); - if (end == NULL || *end != '\0') + if (!convert_time(nastr, format, &tm)) { return FALSE; } } *na = mktime(&tm); + if (*na == -1) + { + return FALSE; + } if (!nbstr && nastr) { From 460adb5d0925f4af807b09434b771545d1f62b47 Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Thu, 3 Apr 2014 11:46:09 +0200 Subject: [PATCH 124/138] unit-tests: Seed chunk_hash() only once, but before creating any hashtables Due to the removal of pthread_once, we manually create the seed for chunk_hash(). With the new testable functions interface, this won't work for the hashtable initiated using __attribute__((constructor)). Enforce seeding before creating that hashtable. --- src/libstrongswan/library.c | 9 +-------- src/libstrongswan/tests/test_runner.c | 3 +++ src/libstrongswan/utils/chunk.c | 8 ++++++++ src/libstrongswan/utils/chunk.h | 3 ++- 4 files changed, 14 insertions(+), 9 deletions(-) diff --git a/src/libstrongswan/library.c b/src/libstrongswan/library.c index 93ff8400f..e3ad16411 100644 --- a/src/libstrongswan/library.c +++ b/src/libstrongswan/library.c @@ -243,7 +243,6 @@ bool library_init(char *settings, const char *namespace) { private_library_t *this; printf_hook_t *pfh; - static bool seeded = FALSE; if (lib) { /* already initialized, increase refcount */ @@ -252,13 +251,7 @@ bool library_init(char *settings, const char *namespace) return !this->integrity_failed; } - if (!seeded) - { - /* we do this just once to allow hash table lifetimes longer than - * one init/deinit cycle. */ - seeded = TRUE; - chunk_hash_seed(); - } + chunk_hash_seed(); INIT(this, .public = { diff --git a/src/libstrongswan/tests/test_runner.c b/src/libstrongswan/tests/test_runner.c index 4684eb18d..63d79199f 100644 --- a/src/libstrongswan/tests/test_runner.c +++ b/src/libstrongswan/tests/test_runner.c @@ -44,6 +44,9 @@ void testable_functions_create() { if (!testable_functions) { + /* as this is executed before chunk_hash() seed initialization used + * by hashtables, we enforce seeding it here. */ + chunk_hash_seed(); testable_functions = hashtable_create(hashtable_hash_str, hashtable_equals_str, 8); } diff --git a/src/libstrongswan/utils/chunk.c b/src/libstrongswan/utils/chunk.c index ef79a7453..1a9674f4d 100644 --- a/src/libstrongswan/utils/chunk.c +++ b/src/libstrongswan/utils/chunk.c @@ -917,10 +917,17 @@ static u_char static_key[] = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, */ void chunk_hash_seed() { + static bool seeded = FALSE; ssize_t len; size_t done = 0; int fd; + if (seeded) + { + /* just once to have the same seed during the whole process lifetimes */ + return; + } + fd = open("/dev/urandom", O_RDONLY); if (fd >= 0) { @@ -944,6 +951,7 @@ void chunk_hash_seed() key[done] = (u_char)random(); } } + seeded = TRUE; } /** diff --git a/src/libstrongswan/utils/chunk.h b/src/libstrongswan/utils/chunk.h index 760f922e1..9951ff31f 100644 --- a/src/libstrongswan/utils/chunk.h +++ b/src/libstrongswan/utils/chunk.h @@ -343,7 +343,8 @@ bool chunk_printable(chunk_t chunk, chunk_t *sane, char replace); * Seed initial key for chunk_hash(). * * This call should get invoked once during startup. This is usually done - * by calling library_init(). + * by calling library_init(). Calling it multiple times is safe, it gets + * executed just once. */ void chunk_hash_seed(); From 0c34c1b3afb82bc4a4fabf6a4b3d90b5906e4885 Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Thu, 3 Apr 2014 12:25:38 +0200 Subject: [PATCH 125/138] unit-tests: Support testable functions on Windows, avoid weak GCC symbols Instead of using weak symbols, we use dlsym() on Windows to find an arbitrary symbol in libtest to detect its linkage. Instead of creating the associated hashtable in the test runner, we maintain it in libstrongswan, making it significantly simpler. --- src/libstrongswan/tests/test_runner.c | 33 ++----------- src/libstrongswan/utils/test.c | 71 ++++++++++++++++++--------- src/libstrongswan/utils/test.h | 20 ++++---- 3 files changed, 62 insertions(+), 62 deletions(-) diff --git a/src/libstrongswan/tests/test_runner.c b/src/libstrongswan/tests/test_runner.c index 63d79199f..443c0ae13 100644 --- a/src/libstrongswan/tests/test_runner.c +++ b/src/libstrongswan/tests/test_runner.c @@ -35,35 +35,12 @@ #define TTY(color) tty_escape_get(2, TTY_FG_##color) /** - * Initialize the lookup table for testable functions (defined in - * libstrongswan). We don't use the constructor attribute as the order can't - * really be defined (clang does not support it and gcc does not adhere to it in - * the monolithic build). The function here is a weak symbol in libstrongswan. + * A global symbol indicating libtest linkage */ -void testable_functions_create() -{ - if (!testable_functions) - { - /* as this is executed before chunk_hash() seed initialization used - * by hashtables, we enforce seeding it here. */ - chunk_hash_seed(); - testable_functions = hashtable_create(hashtable_hash_str, - hashtable_equals_str, 8); - } -} - -/** - * Destroy the lookup table for testable functions - */ -static void testable_functions_destroy() __attribute__ ((destructor)); -static void testable_functions_destroy() -{ - DESTROY_IF(testable_functions); - /* if leak detective is enabled plugins are not actually unloaded, which - * means their destructor is called AFTER this one when the process - * terminates, make sure this does not crash */ - testable_functions = NULL; -} +#ifdef WIN32 +__declspec(dllexport) +#endif +bool test_runner_available = TRUE; /** * Destroy a single test suite and associated data diff --git a/src/libstrongswan/utils/test.c b/src/libstrongswan/utils/test.c index 624ac4b34..0b0a80f42 100644 --- a/src/libstrongswan/utils/test.c +++ b/src/libstrongswan/utils/test.c @@ -20,13 +20,23 @@ /** * A collection of testable functions */ -hashtable_t *testable_functions; +static hashtable_t *functions = NULL; + +#ifndef WIN32 +bool test_runner_available __attribute__((weak)); +#endif /** - * The function that actually initializes the hash table above. Provided - * by the test runner. + * Check if we have libtest linkage and need testable functions */ -void testable_functions_create() __attribute__((weak)); +static bool has_libtest_linkage() +{ +#ifdef WIN32 + return dlsym(RTLD_DEFAULT, "test_runner_available"); +#else + return test_runner_available; +#endif +} /* * Described in header. @@ -35,33 +45,48 @@ void testable_function_register(char *name, void *fn) { bool old = FALSE; - if (!testable_functions_create) - { /* not linked to the test runner */ - return; - } - else if (!fn && !testable_functions) - { /* ignore as testable_functions has already been destroyed */ - return; - } - if (lib && lib->leak_detective) { old = lib->leak_detective->set_state(lib->leak_detective, FALSE); } - if (!testable_functions) + + if (has_libtest_linkage()) { - testable_functions_create(); - } - if (fn) - { - testable_functions->put(testable_functions, name, fn); - } - else - { - testable_functions->remove(testable_functions, name); + if (!functions) + { + chunk_hash_seed(); + functions = hashtable_create(hashtable_hash_str, + hashtable_equals_str, 8); + } + if (fn) + { + functions->put(functions, name, fn); + } + else + { + functions->remove(functions, name); + if (functions->get_count(functions) == 0) + { + functions->destroy(functions); + functions = NULL; + } + } } + if (lib && lib->leak_detective) { lib->leak_detective->set_state(lib->leak_detective, old); } } + +/* + * Described in header. + */ +void* testable_function_get(char *name) +{ + if (functions) + { + return functions->get(functions, name); + } + return NULL; +} diff --git a/src/libstrongswan/utils/test.h b/src/libstrongswan/utils/test.h index a1b2a2d9b..f9a84713e 100644 --- a/src/libstrongswan/utils/test.h +++ b/src/libstrongswan/utils/test.h @@ -23,13 +23,6 @@ #include "collections/hashtable.h" -/** - * Collection of testable functions. - * - * @note Is initialized only if libtest is loaded. - */ -extern hashtable_t *testable_functions; - /** * Register a (possibly static) function so that it can be called from tests. * @@ -38,6 +31,14 @@ extern hashtable_t *testable_functions; */ void testable_function_register(char *name, void *fn); +/** + * Find a previously registered testable function. + * + * @param name name (namespace/function) + * @return function, NULL if not found + */ +void* testable_function_get(char *name); + /** * Macro to automatically register/unregister a function that can be called * from tests. @@ -82,10 +83,7 @@ static ret (*TEST_##ns##name)(__VA_ARGS__); */ #define TEST_FUNCTION(ns, name, ...) \ ({ \ - if (testable_functions) \ - { \ - TEST_##ns##name = testable_functions->get(testable_functions, #ns "/" #name); \ - } \ + TEST_##ns##name = testable_function_get( #ns "/" #name); \ if (!TEST_##ns##name) \ { \ test_fail_msg(__FILE__, __LINE__, "function " #name " (" #ns ") not found"); \ From c079c098c41b8dd2345ac1600770ce39ab6f91c0 Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Thu, 3 Apr 2014 15:44:02 +0200 Subject: [PATCH 126/138] x509: Check return value when signing attribute certificates In addition that this lets AC generation fail properly if private key signing fails, it also fixes an issue when compiling on Windows with MinGW 4.8.1, where for some reason the attributeCertificateInfo got encoded incorrectly. --- src/libstrongswan/plugins/x509/x509_ac.c | 25 +++++++++++++++--------- 1 file changed, 16 insertions(+), 9 deletions(-) diff --git a/src/libstrongswan/plugins/x509/x509_ac.c b/src/libstrongswan/plugins/x509/x509_ac.c index 30b871d42..ed58377a6 100644 --- a/src/libstrongswan/plugins/x509/x509_ac.c +++ b/src/libstrongswan/plugins/x509/x509_ac.c @@ -754,17 +754,22 @@ static chunk_t build_attr_cert_info(private_x509_ac_t *this) /** * build an X.509 attribute certificate */ -static chunk_t build_ac(private_x509_ac_t *this) +static bool build_ac(private_x509_ac_t *this) { chunk_t signatureValue, attributeCertificateInfo; attributeCertificateInfo = build_attr_cert_info(this); - this->signerKey->sign(this->signerKey, SIGN_RSA_EMSA_PKCS1_SHA1, - attributeCertificateInfo, &signatureValue); - return asn1_wrap(ASN1_SEQUENCE, "mmm", - attributeCertificateInfo, - asn1_algorithmIdentifier(OID_SHA1_WITH_RSA), - asn1_bitstring("m", signatureValue)); + if (!this->signerKey->sign(this->signerKey, SIGN_RSA_EMSA_PKCS1_SHA1, + attributeCertificateInfo, &signatureValue)) + { + free(attributeCertificateInfo.ptr); + return FALSE; + } + this->encoding = asn1_wrap(ASN1_SEQUENCE, "mmm", + attributeCertificateInfo, + asn1_algorithmIdentifier(OID_SHA1_WITH_RSA), + asn1_bitstring("m", signatureValue)); + return TRUE; } METHOD(ac_t, get_serial, chunk_t, @@ -1154,8 +1159,10 @@ x509_ac_t *x509_ac_gen(certificate_type_t type, va_list args) ac->holderCert->get_type(ac->holderCert) == CERT_X509 && ac->signerCert->get_type(ac->signerCert) == CERT_X509) { - ac->encoding = build_ac(ac); - return &ac->public; + if (build_ac(ac)) + { + return &ac->public; + } } destroy(ac); return NULL; From 2162e500040c9a9b1f5231ee7d7ee8c9f956741e Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Wed, 9 Apr 2014 14:21:12 +0200 Subject: [PATCH 127/138] windows: Provide shutdown(2) operation aliases mapping to those on Windows --- src/libstrongswan/utils/windows.h | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/src/libstrongswan/utils/windows.h b/src/libstrongswan/utils/windows.h index c93f3fd7d..766050d23 100644 --- a/src/libstrongswan/utils/windows.h +++ b/src/libstrongswan/utils/windows.h @@ -280,6 +280,13 @@ char* getpass(const char *prompt); #define ECONNRESET ENXIO #endif +/** + * shutdown(2) "how"-aliases, to use Unix variant on Windows + */ +#define SHUT_RD SD_RECEIVE +#define SHUT_WR SD_SEND +#define SHUT_RDWR SD_BOTH + /** * close(2) working for file handles and Winsock sockets */ From 7659f67af3d32e65a3099dcbb688f11734d8a0ad Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Fri, 9 May 2014 10:17:03 +0200 Subject: [PATCH 128/138] windows: Provide POSIX supplement errno values missing in MinGW MinGW headers do not define these values, but Windows system headers do. Windows defines them for POSIX compatibility, we do the same locally. --- src/libstrongswan/utils/windows.c | 26 ++++-- src/libstrongswan/utils/windows.h | 144 ++++++++++++++++++++++++++---- 2 files changed, 147 insertions(+), 23 deletions(-) diff --git a/src/libstrongswan/utils/windows.c b/src/libstrongswan/utils/windows.c index c0ae3d87a..741d199ec 100644 --- a/src/libstrongswan/utils/windows.c +++ b/src/libstrongswan/utils/windows.c @@ -322,9 +322,13 @@ static int wserr(int retval) errno = EBADF; break; case WSAENETDOWN: + errno = ENETDOWN; + break; case WSAENETRESET: + errno = ENETRESET; + break; case WSAESHUTDOWN: - errno = EPIPE; + errno = ECONNABORTED; break; case WSAEACCES: errno = EACCES; @@ -333,37 +337,43 @@ static int wserr(int retval) errno = EINTR; break; case WSAEINPROGRESS: - errno = EBUSY; + errno = EINPROGRESS; break; case WSAEFAULT: errno = EFAULT; break; case WSAENOBUFS: - errno = ENOMEM; + errno = ENOBUFS; break; case WSAENOTSOCK: - errno = EINVAL; + errno = ENOTSOCK; break; case WSAEOPNOTSUPP: - errno = ENOSYS; + errno = EOPNOTSUPP; break; case WSAEWOULDBLOCK: errno = EWOULDBLOCK; break; case WSAEMSGSIZE: - errno = ENOSPC; + errno = EMSGSIZE; break; case WSAEINVAL: errno = EINVAL; break; case WSAENOTCONN: + errno = ENOTCONN; + break; case WSAEHOSTUNREACH: + errno = EHOSTUNREACH; + break; case WSAECONNABORTED: + errno = ECONNABORTED; + break; case WSAECONNRESET: - errno = EIO; + errno = ECONNRESET; break; case WSAETIMEDOUT: - errno = ESRCH; + errno = ETIMEDOUT; break; default: errno = ENOENT; diff --git a/src/libstrongswan/utils/windows.h b/src/libstrongswan/utils/windows.h index 766050d23..b66138644 100644 --- a/src/libstrongswan/utils/windows.h +++ b/src/libstrongswan/utils/windows.h @@ -265,21 +265,6 @@ char* getpass(const char *prompt); */ #define MSG_DONTWAIT MSG_INTERRUPT -/** - * EWOULDBLOCK is EAGAIN on other systems as well - */ -#ifndef EWOULDBLOCK -#define EWOULDBLOCK EAGAIN -#endif - -/** - * ECONNRESET is mapped to something arbitrary. It is returned by - * stream->read_all() but should not be mapped from a send/recv WSA error. - */ -#ifndef ECONNRESET -#define ECONNRESET ENXIO -#endif - /** * shutdown(2) "how"-aliases, to use Unix variant on Windows */ @@ -319,6 +304,135 @@ ssize_t windows_send(int sockfd, const void *buf, size_t len, int flags); ssize_t windows_sendto(int sockfd, const void *buf, size_t len, int flags, const struct sockaddr *dest_addr, socklen_t addrlen); +/** + * MinGW does provide extended errno values. Windows itself knowns them + * for POSIX compatibility; we define them as well. + */ +#ifndef EADDRINUSE +#define EADDRINUSE 100 +#endif +#ifndef EADDRNOTAVAIL +#define EADDRNOTAVAIL 101 +#endif +#ifndef EAFNOSUPPORT +#define EAFNOSUPPORT 102 +#endif +#ifndef EALREADY +#define EALREADY 103 +#endif +#ifndef EBADMSG +#define EBADMSG 104 +#endif +#ifndef ECANCELED +#define ECANCELED 105 +#endif +#ifndef ECONNABORTED +#define ECONNABORTED 106 +#endif +#ifndef ECONNREFUSED +#define ECONNREFUSED 107 +#endif +#ifndef ECONNRESET +#define ECONNRESET 108 +#endif +#ifndef EDESTADDRREQ +#define EDESTADDRREQ 109 +#endif +#ifndef EHOSTUNREACH +#define EHOSTUNREACH 110 +#endif +#ifndef EIDRM +#define EIDRM 111 +#endif +#ifndef EINPROGRESS +#define EINPROGRESS 112 +#endif +#ifndef EISCONN +#define EISCONN 113 +#endif +#ifndef ELOOP +#define ELOOP 114 +#endif +#ifndef EMSGSIZE +#define EMSGSIZE 115 +#endif +#ifndef ENETDOWN +#define ENETDOWN 116 +#endif +#ifndef ENETRESET +#define ENETRESET 117 +#endif +#ifndef ENETUNREACH +#define ENETUNREACH 118 +#endif +#ifndef ENOBUFS +#define ENOBUFS 119 +#endif +#ifndef ENODATA +#define ENODATA 120 +#endif +#ifndef ENOLINK +#define ENOLINK 121 +#endif +#ifndef ENOMSG +#define ENOMSG 122 +#endif +#ifndef ENOPROTOOPT +#define ENOPROTOOPT 123 +#endif +#ifndef ENOSR +#define ENOSR 124 +#endif +#ifndef ENOSTR +#define ENOSTR 125 +#endif +#ifndef ENOTCONN +#define ENOTCONN 126 +#endif +#ifndef ENOTRECOVERABLE +#define ENOTRECOVERABLE 127 +#endif +#ifndef ENOTSOCK +#define ENOTSOCK 128 +#endif +#ifndef ENOTSUP +#define ENOTSUP 129 +#endif +#ifndef EOPNOTSUPP +#define EOPNOTSUPP 130 +#endif +#ifndef EOTHER +#define EOTHER 131 +#endif +#ifndef EOVERFLOW +#define EOVERFLOW 132 +#endif +#ifndef EOWNERDEAD +#define EOWNERDEAD 133 +#endif +#ifndef EPROTO +#define EPROTO 134 +#endif +#ifndef EPROTONOSUPPORT +#define EPROTONOSUPPORT 135 +#endif +#ifndef EPROTOTYPE +#define EPROTOTYPE 136 +#endif +#ifndef ETIME +#define ETIME 137 +#endif +#ifndef ETIMEDOUT +#define ETIMEDOUT 138 +#endif +#ifndef ETXTBSY +#define ETXTBSY 139 +#endif +#ifndef EWOULDBLOCK +#define EWOULDBLOCK 140 +#endif + + /* Windows does not support "ll" format printf length modifiers. Mingw * therefore maps these to the Windows specific I64 length modifier. That * won't work for us, as we use our own printf backend on Windows, which works From dfb23fa159695ce53f84e243802b4f56f40176dd Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Thu, 20 Feb 2014 11:29:35 +0100 Subject: [PATCH 129/138] vici: Add Windows support --- src/libcharon/plugins/vici/libvici.c | 8 ++-- .../plugins/vici/suites/test_event.c | 6 ++- .../plugins/vici/suites/test_request.c | 6 ++- .../plugins/vici/suites/test_socket.c | 2 + src/libcharon/plugins/vici/vici_config.c | 1 - src/libcharon/plugins/vici/vici_dispatcher.h | 6 ++- src/libcharon/plugins/vici/vici_query.c | 40 ++++++++++++++++--- 7 files changed, 55 insertions(+), 14 deletions(-) diff --git a/src/libcharon/plugins/vici/libvici.c b/src/libcharon/plugins/vici/libvici.c index 6e3b85a72..d1dadddcb 100644 --- a/src/libcharon/plugins/vici/libvici.c +++ b/src/libcharon/plugins/vici/libvici.c @@ -43,7 +43,7 @@ typedef struct { typedef enum { WAIT_IDLE = 0, WAIT_SUCCESS, - WAIT_FAILED, + WAIT_FAILURE, WAIT_READ_ERROR, } wait_state_t; @@ -242,7 +242,7 @@ CALLBACK(on_read, bool, return wait_result(conn, WAIT_SUCCESS); case VICI_CMD_UNKNOWN: case VICI_EVENT_UNKNOWN: - return wait_result(conn, WAIT_FAILED); + return wait_result(conn, WAIT_FAILURE); case VICI_CMD_REQUEST: case VICI_EVENT_REGISTER: case VICI_EVENT_UNREGISTER: @@ -403,7 +403,7 @@ vici_res_t* vici_submit(vici_req_t *req, vici_conn_t *conn) case WAIT_READ_ERROR: errno = conn->error; break; - case WAIT_FAILED: + case WAIT_FAILURE: default: errno = ENOENT; break; @@ -712,7 +712,7 @@ int vici_register(vici_conn_t *conn, char *name, vici_event_cb_t cb, void *user) case WAIT_READ_ERROR: errno = conn->error; break; - case WAIT_FAILED: + case WAIT_FAILURE: default: errno = ENOENT; break; diff --git a/src/libcharon/plugins/vici/suites/test_event.c b/src/libcharon/plugins/vici/suites/test_event.c index 12fd03107..b923ad393 100644 --- a/src/libcharon/plugins/vici/suites/test_event.c +++ b/src/libcharon/plugins/vici/suites/test_event.c @@ -20,7 +20,11 @@ #include -#define URI "unix:///tmp/strongswan-vici-event-test" +#ifdef WIN32 +# define URI "tcp://127.0.0.1:6543" +#else /* !WIN32 */ +# define URI "unix:///tmp/strongswan-vici-event-test" +#endif /* !WIN32 */ static void event_cb(void *user, char *name, vici_res_t *ev) { diff --git a/src/libcharon/plugins/vici/suites/test_request.c b/src/libcharon/plugins/vici/suites/test_request.c index 8cb11a7ea..8eeb37bc9 100644 --- a/src/libcharon/plugins/vici/suites/test_request.c +++ b/src/libcharon/plugins/vici/suites/test_request.c @@ -20,7 +20,11 @@ #include -#define URI "unix:///tmp/strongswan-vici-request-test" +#ifdef WIN32 +# define URI "tcp://127.0.0.1:6543" +#else /* !WIN32 */ +# define URI "unix:///tmp/strongswan-vici-request-test" +#endif /* !WIN32 */ static void encode_section(vici_req_t *req) { diff --git a/src/libcharon/plugins/vici/suites/test_socket.c b/src/libcharon/plugins/vici/suites/test_socket.c index 032445bb0..8d545c6c1 100644 --- a/src/libcharon/plugins/vici/suites/test_socket.c +++ b/src/libcharon/plugins/vici/suites/test_socket.c @@ -61,11 +61,13 @@ static struct { { "tcp://127.0.0.1:6543", 2 }, { "tcp://127.0.0.1:6543", 3 }, { "tcp://127.0.0.1:6543", 7 }, +#ifndef WIN32 { "unix:///tmp/strongswan-tests-vici-socket", ~0 }, { "unix:///tmp/strongswan-tests-vici-socket", 1 }, { "unix:///tmp/strongswan-tests-vici-socket", 2 }, { "unix:///tmp/strongswan-tests-vici-socket", 3 }, { "unix:///tmp/strongswan-tests-vici-socket", 7 }, +#endif /* !WIN32 */ }; START_TEST(test_echo) diff --git a/src/libcharon/plugins/vici/vici_config.c b/src/libcharon/plugins/vici/vici_config.c index 3f2fec444..2319bddaf 100644 --- a/src/libcharon/plugins/vici/vici_config.c +++ b/src/libcharon/plugins/vici/vici_config.c @@ -24,7 +24,6 @@ #include #include -#include /** * Magic value for an undefined lifetime diff --git a/src/libcharon/plugins/vici/vici_dispatcher.h b/src/libcharon/plugins/vici/vici_dispatcher.h index effe5a670..2297a80bd 100644 --- a/src/libcharon/plugins/vici/vici_dispatcher.h +++ b/src/libcharon/plugins/vici/vici_dispatcher.h @@ -29,7 +29,11 @@ typedef enum vici_operation_t vici_operation_t; /** * Default socket URI of vici service */ -#define VICI_DEFAULT_URI "unix://" IPSEC_PIDDIR "/charon.vici" +#ifdef WIN32 +# define VICI_DEFAULT_URI "tcp://127.0.0.1:4502" +#else +# define VICI_DEFAULT_URI "unix://" IPSEC_PIDDIR "/charon.vici" +#endif /** * Kind of vici operation diff --git a/src/libcharon/plugins/vici/vici_query.c b/src/libcharon/plugins/vici/vici_query.c index 9a8e9a4d6..e7c48f4aa 100644 --- a/src/libcharon/plugins/vici/vici_query.c +++ b/src/libcharon/plugins/vici/vici_query.c @@ -17,7 +17,9 @@ #include "vici_builder.h" #include +#ifndef WIN32 #include +#endif #include @@ -786,7 +788,6 @@ CALLBACK(list_certs, vici_message_t*, CALLBACK(version, vici_message_t*, private_vici_query_t *this, char *name, u_int id, vici_message_t *request) { - struct utsname utsname; vici_builder_t *b; b = vici_builder_create(); @@ -794,13 +795,40 @@ CALLBACK(version, vici_message_t*, b->add_kv(b, "daemon", "%s", lib->ns); b->add_kv(b, "version", "%s", VERSION); - if (uname(&utsname) == 0) +#ifdef WIN32 { - b->add_kv(b, "sysname", "%s", utsname.sysname); - b->add_kv(b, "release", "%s", utsname.release); - b->add_kv(b, "machine", "%s", utsname.machine); - } + OSVERSIONINFOEX osvie; + memset(&osvie, 0, sizeof(osvie)); + osvie.dwOSVersionInfoSize = sizeof(osvie); + + if (GetVersionEx((LPOSVERSIONINFO)&osvie)) + { + b->add_kv(b, "sysname", "Windows %s", + osvie.wProductType == VER_NT_WORKSTATION ? "Client" : "Server"); + b->add_kv(b, "release", "%d.%d.%d (SP %d.%d)", + osvie.dwMajorVersion, osvie.dwMinorVersion, osvie.dwBuildNumber, + osvie.wServicePackMajor, osvie.wServicePackMinor); + b->add_kv(b, "machine", "%s", +#ifdef WIN64 + "x86_64"); +#else + "x86"); +#endif /* !WIN64 */ + } + } +#else /* !WIN32 */ + { + struct utsname utsname; + + if (uname(&utsname) == 0) + { + b->add_kv(b, "sysname", "%s", utsname.sysname); + b->add_kv(b, "release", "%s", utsname.release); + b->add_kv(b, "machine", "%s", utsname.machine); + } + } +#endif /* !WIN32 */ return b->finalize(b); } From f59e2b7bb3c7e5c72375a2a9faf44598944fc218 Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Thu, 6 Mar 2014 11:22:19 +0100 Subject: [PATCH 130/138] swanctl: Stop logging with Ctrl+C on Windows as well --- src/swanctl/commands/log.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/src/swanctl/commands/log.c b/src/swanctl/commands/log.c index 4810025d4..10a748f1f 100644 --- a/src/swanctl/commands/log.c +++ b/src/swanctl/commands/log.c @@ -73,10 +73,11 @@ static int logcmd(vici_conn_t *conn) fprintf(stderr, "registering for log failed: %s\n", strerror(errno)); return errno; } - while (TRUE) - { - sleep(1); - } + + wait_sigint(); + + fprintf(stderr, "disconnecting...\n"); + return 0; } From ef7bfadabb3440ea25ad3cb19ea1ff442fa0c6ce Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Wed, 28 May 2014 15:55:34 +0200 Subject: [PATCH 131/138] charon-svc: Check if daemon has been initialized before invoking shutdown alert --- src/charon-svc/charon-svc.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/src/charon-svc/charon-svc.c b/src/charon-svc/charon-svc.c index c21fc1ff5..d4fc83c48 100644 --- a/src/charon-svc/charon-svc.c +++ b/src/charon-svc/charon-svc.c @@ -170,7 +170,11 @@ static BOOL console_handler(DWORD dwCtrlType) case CTRL_BREAK_EVENT: case CTRL_CLOSE_EVENT: DBG1(DBG_DMN, "application is stopping, cleaning up"); - charon->bus->alert(charon->bus, ALERT_SHUTDOWN_SIGNAL, dwCtrlType); + if (status.dwCurrentState == SERVICE_RUNNING) + { + charon->bus->alert(charon->bus, ALERT_SHUTDOWN_SIGNAL, + dwCtrlType); + } /* signal main thread to clean up */ SetEvent(event); return TRUE; @@ -204,7 +208,11 @@ static DWORD service_handler(DWORD dwControl, DWORD dwEventType, case SERVICE_CONTROL_STOP: case SERVICE_CONTROL_SHUTDOWN: DBG1(DBG_DMN, "service is stopping, cleaning up"); - charon->bus->alert(charon->bus, ALERT_SHUTDOWN_SIGNAL, dwControl); + if (status.dwCurrentState == SERVICE_RUNNING) + { + charon->bus->alert(charon->bus, ALERT_SHUTDOWN_SIGNAL, + dwControl); + } /* signal main thread to clean up */ SetEvent(event); return NO_ERROR; From 4ce8b0cae6b2aabe109d17fa419965da848a3ae1 Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Wed, 28 May 2014 16:14:04 +0200 Subject: [PATCH 132/138] charon-svc: Register for stop events not before reaching STATUS_RUNNING MSDN SetServiceStatus(): "Do not register to accept controls while the status is SERVICE_START_PENDING or the service can crash." --- src/charon-svc/charon-svc.c | 152 ++++++++++++++++++++++-------------- 1 file changed, 92 insertions(+), 60 deletions(-) diff --git a/src/charon-svc/charon-svc.c b/src/charon-svc/charon-svc.c index d4fc83c48..ff5d5de49 100644 --- a/src/charon-svc/charon-svc.c +++ b/src/charon-svc/charon-svc.c @@ -45,6 +45,12 @@ static HANDLE event; */ extern void (*dbg) (debug_t group, level_t level, char *fmt, ...); +/** + * Forward declaration + */ +static DWORD service_handler(DWORD dwControl, DWORD dwEventType, + LPVOID lpEventData, LPVOID lpContext); + /** * Logging hook for library logs, using stderr output */ @@ -103,9 +109,90 @@ static void update_status(DWORD state) } /** - * Initialize and run charon + * Control handler for console */ -static void init_and_run(DWORD dwArgc, LPTSTR *lpszArgv) +static BOOL console_handler(DWORD dwCtrlType) +{ + switch (dwCtrlType) + { + case CTRL_C_EVENT: + case CTRL_BREAK_EVENT: + case CTRL_CLOSE_EVENT: + DBG1(DBG_DMN, "application is stopping, cleaning up"); + if (status.dwCurrentState == SERVICE_RUNNING) + { + charon->bus->alert(charon->bus, ALERT_SHUTDOWN_SIGNAL, + dwCtrlType); + } + /* signal main thread to clean up */ + SetEvent(event); + return TRUE; + default: + return FALSE; + } +} + +/** + * Service handler function + */ +static DWORD service_handler(DWORD dwControl, DWORD dwEventType, + LPVOID lpEventData, LPVOID lpContext) +{ + switch (dwControl) + { + case SERVICE_CONTROL_STOP: + case SERVICE_CONTROL_SHUTDOWN: + DBG1(DBG_DMN, "service is stopping, cleaning up"); + if (status.dwCurrentState == SERVICE_RUNNING) + { + charon->bus->alert(charon->bus, ALERT_SHUTDOWN_SIGNAL, + dwControl); + } + /* signal main thread to clean up */ + SetEvent(event); + return NO_ERROR; + case SERVICE_CONTROL_INTERROGATE: + return NO_ERROR; + default: + return ERROR_CALL_NOT_IMPLEMENTED; + } +} + +/** + * Wait for console program shutdown + */ +static int console_wait() +{ + update_status(SERVICE_RUNNING); + + if (WaitForSingleObjectEx(event, INFINITE, TRUE) != WAIT_OBJECT_0) + { + return 2; + } + return 0; +} + +/** + * Wait for service shutdown + */ +static int service_wait() +{ + /* service is initialized, we now accept control requests */ + status.dwControlsAccepted = SERVICE_ACCEPT_STOP | SERVICE_ACCEPT_SHUTDOWN; + update_status(SERVICE_RUNNING); + status.dwControlsAccepted = 0; + + if (WaitForSingleObjectEx(event, INFINITE, TRUE) != WAIT_OBJECT_0) + { + return 2; + } + return 0; +} + +/** + * Initialize and run charon using a wait function + */ +static void init_and_run(DWORD dwArgc, LPTSTR *lpszArgv, int (*wait)()) { level_t levels[DBG_MAX]; int i; @@ -138,11 +225,7 @@ static void init_and_run(DWORD dwArgc, LPTSTR *lpszArgv) charon->start(charon); - status.dwWin32ExitCode = 0; - update_status(SERVICE_RUNNING); - - /* main thread goes to sleep */ - WaitForSingleObjectEx(event, INFINITE, TRUE); + status.dwWin32ExitCode = wait(); } update_status(SERVICE_STOP_PENDING); libcharon_deinit(); @@ -159,30 +242,6 @@ static void init_and_run(DWORD dwArgc, LPTSTR *lpszArgv) update_status(SERVICE_STOPPED); } -/** - * Control handler for console - */ -static BOOL console_handler(DWORD dwCtrlType) -{ - switch (dwCtrlType) - { - case CTRL_C_EVENT: - case CTRL_BREAK_EVENT: - case CTRL_CLOSE_EVENT: - DBG1(DBG_DMN, "application is stopping, cleaning up"); - if (status.dwCurrentState == SERVICE_RUNNING) - { - charon->bus->alert(charon->bus, ALERT_SHUTDOWN_SIGNAL, - dwCtrlType); - } - /* signal main thread to clean up */ - SetEvent(event); - return TRUE; - default: - return FALSE; - } -} - /** * Main routine when running from console */ @@ -192,37 +251,11 @@ static void console_main(DWORD dwArgc, LPTSTR *lpszArgv) if (SetConsoleCtrlHandler(console_handler, TRUE)) { - init_and_run(dwArgc, lpszArgv); + init_and_run(dwArgc, lpszArgv, console_wait); SetConsoleCtrlHandler(console_handler, FALSE); } } -/** - * Service handler function - */ -static DWORD service_handler(DWORD dwControl, DWORD dwEventType, - LPVOID lpEventData, LPVOID lpContext) -{ - switch (dwControl) - { - case SERVICE_CONTROL_STOP: - case SERVICE_CONTROL_SHUTDOWN: - DBG1(DBG_DMN, "service is stopping, cleaning up"); - if (status.dwCurrentState == SERVICE_RUNNING) - { - charon->bus->alert(charon->bus, ALERT_SHUTDOWN_SIGNAL, - dwControl); - } - /* signal main thread to clean up */ - SetEvent(event); - return NO_ERROR; - case SERVICE_CONTROL_INTERROGATE: - return NO_ERROR; - default: - return ERROR_CALL_NOT_IMPLEMENTED; - } -} - /** * Switch the working directory to the executable directory */ @@ -256,7 +289,6 @@ static void service_main(DWORD dwArgc, LPTSTR *lpszArgv) { memset(&status, 0, sizeof(status)); status.dwServiceType = SERVICE_WIN32_OWN_PROCESS; - status.dwControlsAccepted = SERVICE_ACCEPT_STOP | SERVICE_ACCEPT_SHUTDOWN; status.dwWin32ExitCode = 1; handle = RegisterServiceCtrlHandlerEx(SERVICE_NAME, service_handler, NULL); @@ -264,7 +296,7 @@ static void service_main(DWORD dwArgc, LPTSTR *lpszArgv) { if (switch_workingdir()) { - init_and_run(dwArgc, lpszArgv); + init_and_run(dwArgc, lpszArgv, service_wait); } } } From 2d42dce4a48f107469f039897c58bf70145268e8 Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Thu, 8 May 2014 16:28:50 +0200 Subject: [PATCH 133/138] configure: Don't use -rdynamic with the LLVM toolchain --- configure.ac | 21 ++++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) diff --git a/configure.ac b/configure.ac index 67017773a..6e836146b 100644 --- a/configure.ac +++ b/configure.ac @@ -750,7 +750,6 @@ AC_COMPILE_IFELSE( [ AC_MSG_RESULT([no]) openssl_lib=crypto - AC_SUBST(PLUGIN_CFLAGS, [-rdynamic]) ] ) AC_SUBST(OPENSSL_LIB, [-l$openssl_lib]) @@ -767,6 +766,26 @@ AC_COMPILE_IFELSE( [AC_MSG_RESULT([no]); AC_MSG_ERROR([__attribute__((packed)) does not work])] ) +AC_MSG_CHECKING([clang]) +AC_COMPILE_IFELSE( + [AC_LANG_PROGRAM( + [], [[ + #ifndef __clang__ + # error not using LLVM clang + #endif + ]])], + [ + AC_MSG_RESULT([yes]) + ], + [ + AC_MSG_RESULT([no]) + # GCC, but not MinGW requires -rdynamic for plugins + if test x$windows != xtrue; then + AC_SUBST(PLUGIN_CFLAGS, [-rdynamic]) + fi + ] +) + if test x$printf_hooks = xvstr; then AC_CHECK_LIB([vstr],[main],[LIBS="$LIBS"],[AC_MSG_ERROR([Vstr string library not found])],[]) AC_DEFINE([USE_VSTR], [], [use Vstr string library for printf hooks]) From 3ab6082a0fec9a5df039fe857a6ac3ca08ecd825 Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Thu, 8 May 2014 15:12:06 +0200 Subject: [PATCH 134/138] configure: Mark conftest variable as unused to pass test with -Werror When using -Werror, the warning for the unused variable would let the test fail, even if in6addr_any is available. --- configure.ac | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configure.ac b/configure.ac index 6e836146b..e5087d049 100644 --- a/configure.ac +++ b/configure.ac @@ -609,7 +609,7 @@ AC_COMPILE_IFELSE( [[#include #include #include ]], - [[struct in6_addr in6; + [[struct in6_addr in6 __attribute__((unused)); in6 = in6addr_any;]])], [AC_MSG_RESULT([yes]); AC_DEFINE([HAVE_IN6ADDR_ANY], [], [have struct in6_addr in6addr_any])], From 0ca8541564d3f6692ff4dc08633171127f5d700b Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Thu, 8 May 2014 16:37:48 +0200 Subject: [PATCH 135/138] configure: Fix attribute((packed)) test when using -Werror --- configure.ac | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/configure.ac b/configure.ac index e5087d049..20e40327b 100644 --- a/configure.ac +++ b/configure.ac @@ -759,7 +759,8 @@ AC_MSG_CHECKING([for working __attribute__((packed))]) AC_COMPILE_IFELSE( [AC_LANG_PROGRAM([], [[ struct test { char a; short b; } __attribute__((packed)); - char x[sizeof(struct test) == sizeof(char) + sizeof(short) ? 1 : -1]; + char x[sizeof(struct test) == sizeof(char) + sizeof(short) ? 1 : -1] + __attribute__((unused)); return 0; ]])], [AC_MSG_RESULT([yes])], From 3b7b806d27024b71506ba3b803fd5b42dd40b745 Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Tue, 3 Jun 2014 11:06:50 +0200 Subject: [PATCH 136/138] windows: Compile with -mno-ms-bitfields if option not set explicitly -mms-bitfields is the default in newer MinGWs, but it breaks __attribute__((packed)). --- configure.ac | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/configure.ac b/configure.ac index 20e40327b..d069a168d 100644 --- a/configure.ac +++ b/configure.ac @@ -746,6 +746,11 @@ AC_COMPILE_IFELSE( windows=true openssl_lib=eay32 AC_SUBST(PTHREADLIB, "") + # explicitly disable ms-bitfields, as it breaks __attribute__((packed)) + case "$CFLAGS" in + *ms-bitfields*) ;; + *) CFLAGS="$CFLAGS -mno-ms-bitfields" ;; + esac ], [ AC_MSG_RESULT([no]) From 95e67e8d19011b92b1706b3194bea446ba3e5ced Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Thu, 8 May 2014 15:14:33 +0200 Subject: [PATCH 137/138] travis: Perform build tests with -Werror --- scripts/test.sh | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/scripts/test.sh b/scripts/test.sh index 2c8872ce4..b70e3c0f4 100755 --- a/scripts/test.sh +++ b/scripts/test.sh @@ -11,6 +11,8 @@ TARGET=check DEPS="libgmp-dev" +CFLAGS="-g -O2 -Wall -Wno-format -Wno-format-security -Wno-pointer-sign -Werror" + case "$TEST" in default) # should be the default, but lets make sure @@ -69,4 +71,4 @@ CONFIG="$CONFIG --enable-leak-detective=${LEAK_DETECTIVE-no}" echo "$ ./configure $CONFIG && make $TARGET" -./configure $CONFIG && make -j4 $TARGET +CFLAGS="$CFLAGS" ./configure $CONFIG && make -j4 $TARGET From d930d184177ef352c4b5def4e5848463819435ec Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Thu, 8 May 2014 17:08:42 +0200 Subject: [PATCH 138/138] travis: Define a Windows build test using MinGW --- .travis.yml | 2 ++ scripts/test.sh | 20 ++++++++++++++++++-- 2 files changed, 20 insertions(+), 2 deletions(-) diff --git a/.travis.yml b/.travis.yml index 2a23fea06..697425f57 100644 --- a/.travis.yml +++ b/.travis.yml @@ -37,3 +37,5 @@ matrix: include: - compiler: gcc env: TEST=dist + - compiler: gcc + env: TEST=win MONOLITHIC=yes diff --git a/scripts/test.sh b/scripts/test.sh index b70e3c0f4..8824817fe 100755 --- a/scripts/test.sh +++ b/scripts/test.sh @@ -50,6 +50,22 @@ all) libnm-glib-dev libnm-glib-vpn-dev libpcsclite-dev libpam0g-dev binutils-dev libunwind7-dev libjson0-dev" ;; +win) + CONFIG="--host=x86_64-w64-mingw32 --disable-defaults --enable-svc --enable-ikev2 + --enable-ikev1 --enable-static --enable-test-vectors --enable-nonce + --enable-constraints --enable-revocation --enable-pem --enable-pkcs1 + --enable-pkcs8 --enable-x509 --enable-pubkey --enable-acert + --enable-eap-tnc --enable-eap-ttls --enable-eap-identity + --enable-tnccs-20 --enable-imc-attestation --enable-imv-attestation + --enable-imc-os --enable-imv-os --enable-tnc-imv --enable-tnc-imc + --enable-pki --enable-swanctl" + # no make check for Windows binaries + TARGET= + CFLAGS="$CFLAGS -mno-ms-bitfields" + DEPS="gcc-mingw-w64-x86-64 binutils-mingw-w64-x86-64 gcc-mingw-w64-base + mingw-w64-dev" + CC="x86_64-w64-mingw32-gcc" + ;; dist) TARGET=distcheck ;; @@ -70,5 +86,5 @@ CONFIG="$CONFIG --enable-monolithic=${MONOLITHIC-no} --enable-leak-detective=${LEAK_DETECTIVE-no}" -echo "$ ./configure $CONFIG && make $TARGET" -CFLAGS="$CFLAGS" ./configure $CONFIG && make -j4 $TARGET +echo "$ CC="$CC" CFLAGS="$CFLAGS" ./configure $CONFIG && make $TARGET" +CC="$CC" CFLAGS="$CFLAGS" ./configure $CONFIG && make -j4 $TARGET