return this->other_id;
}
+/**
+ * Implementation of connection_t.update_my_id
+ */
+static void update_my_id(private_connection_t *this, identification_t *my_id)
+{
+ this->my_id->destroy(this->my_id);
+ this->my_id = my_id;
+}
+
+/**
+ * Implementation of connection_t.update_other_id
+ */
+static void update_other_id(private_connection_t *this, identification_t *other_id)
+{
+ this->other_id->destroy(this->other_id);
+ this->other_id = other_id;
+}
+
/**
* Implementation of connection_t.get_my_host.
*/
this->other_host->destroy(this->other_host);
this->my_id->destroy(this->my_id);
this->other_id->destroy(this->other_id);
+ free(this->name);
free(this);
}
this->public.get_my_host = (host_t*(*)(connection_t*))get_my_host;
this->public.update_my_host = (void(*)(connection_t*,host_t*))update_my_host;
this->public.update_other_host = (void(*)(connection_t*,host_t*))update_other_host;
+ this->public.update_my_id = (void(*)(connection_t*,identification_t*))update_my_id;
+ this->public.update_other_id = (void(*)(connection_t*,identification_t*))update_other_id;
this->public.get_other_host = (host_t*(*)(connection_t*))get_other_host;
this->public.get_proposals = (linked_list_t*(*)(connection_t*))get_proposals;
this->public.select_proposal = (proposal_t*(*)(connection_t*,linked_list_t*))select_proposal;
* @param my_host new host to set as other_host
*/
void (*update_other_host) (connection_t *this, host_t *other_host);
+
+ /**
+ * @brief Update own ID.
+ *
+ * It may be necessary to uptdate own ID, as it
+ * is set to %any or to e.g. *@strongswan.org in
+ * some cases.
+ * Old ID is destroyed, new one NOT cloned.
+ *
+ * @param this calling object
+ * @param my_id new ID to set as my_id
+ */
+ void (*update_my_id) (connection_t *this, identification_t *my_id);
+
+ /**
+ * @brief Update others ID.
+ *
+ * It may be necessary to uptdate others ID, as it
+ * is set to %any or to e.g. *@strongswan.org in
+ * some cases.
+ * Old ID is destroyed, new one NOT cloned.
+ *
+ * @param this calling object
+ * @param other_id new ID to set as other_id
+ */
+ void (*update_other_id) (connection_t *this, identification_t *other_id);
/**
* @brief Returns a list of all supported proposals.
iterator_t *iterator;
policy_t *current, *found = NULL;
- this->logger->log(this->logger, CONTROL|LEVEL0, "Looking for policy for IDs %s - %s",
+ this->logger->log(this->logger, CONTROL|LEVEL1, "Looking for policy for IDs %s - %s",
my_id ? my_id->get_string(my_id) : "%any",
other_id->get_string(other_id));
iterator = this->policies->create_iterator(this->policies, TRUE);
identification_t *config_my_id = current->get_my_id(current);
identification_t *config_other_id = current->get_other_id(current);
- this->logger->log(this->logger, CONTROL|LEVEL0, "Found one for %s - %s",
+ this->logger->log(this->logger, CONTROL|LEVEL2, "Found one for %s - %s",
config_my_id->get_string(config_my_id),
config_other_id->get_string(config_other_id));
if (other_id->belongs_to(other_id, config_other_id))
{
/* get it if my_id not specified */
- if (my_id == NULL)
- {
- found = current->clone(current);
- break;
- }
if (my_id->belongs_to(my_id, config_my_id))
{
found = current->clone(current);
/* apply IDs as they are requsted, since they may be configured as %any or such */
if (found)
{
- if (my_id)
- {
- found->update_my_id(found, my_id->clone(my_id));
- }
+ found->update_my_id(found, my_id->clone(my_id));
found->update_other_id(found, other_id->clone(other_id));
}
return found;
void (*update_my_id) (policy_t *this, identification_t *my_id);
/**
- * @brief Update others id.
+ * @brief Update others ID.
*
* It may be necessary to uptdate others ID, as it
* is set to %any or to e.g. *@strongswan.org in
{
logger = this->logger;
}
- logger->log(logger, CONTROL|LEVEL1, "\"%s\": protected with ESP (%x/%x), AH (%x,%x):",
+ logger->log(logger, CONTROL|LEVEL1, "\"%s\": protected with ESP (0x%x/0x%x), AH (0x%x,0x%x):",
name,
htonl(this->my_esp_spi), htonl(this->other_esp_spi),
htonl(this->my_ah_spi), htonl(this->other_ah_spi));
{
logger = this->logger;
}
- logger->log(logger, CONTROL|LEVEL1, "\"%s\": IKE_SA in state %s, SPIs: %llx %llx",
+ logger->log(logger, CONTROL|LEVEL1, "\"%s\": IKE_SA in state %s, SPIs: 0x%.16llx 0x%.16llx",
name,
mapping_find(ike_sa_state_m, this->current_state->get_state(this->current_state)),
this->ike_sa_id->get_initiator_spi(this->ike_sa_id),
static status_t process_idr_payload(private_ike_auth_requested_t *this, id_payload_t *idr_payload)
{
identification_t *other_id, *configured_other_id;
+ connection_t *connection;
other_id = idr_payload->get_identification(idr_payload);
-
configured_other_id = this->policy->get_other_id(this->policy);
- if (configured_other_id)
+
+ this->logger->log(this->logger, CONTROL|LEVEL1, "configured ID: %s, ID of responder: %s",
+ configured_other_id->get_string(configured_other_id),
+ other_id->get_string(other_id));
+
+ if (!other_id->belongs_to(other_id, configured_other_id))
{
- this->logger->log(this->logger, CONTROL|LEVEL1, "configured ID: %s, ID of responder: %s",
- configured_other_id->get_string(configured_other_id),
- other_id->get_string(other_id));
-
- if (!other_id->equals(other_id, configured_other_id))
- {
- other_id->destroy(other_id);
- this->logger->log(this->logger, AUDIT, "IKE_AUTH reply contained a not requested ID. Deleting IKE_SA");
- return DELETE_ME;
- }
+ other_id->destroy(other_id);
+ this->logger->log(this->logger, AUDIT, "IKE_AUTH reply contained a not acceptable ID. Deleting IKE_SA");
+ return DELETE_ME;
}
- other_id->destroy(other_id);
- /* TODO do we have to store other_id somewhere ? */
+ connection = this->ike_sa->get_connection(this->ike_sa);
+ connection->update_other_id(connection, other_id->clone(other_id));
+
+ this->policy->update_other_id(this->policy, other_id);
return SUCCESS;
}
*/
status_t (*build_id_payload) (private_ike_sa_init_requested_t *this,id_payload_t **id_payload, message_t *response);
+ /**
+ * Build IDr payload for IKE_AUTH request.
+ *
+ * Only built when the ID of the responder contains no wildcards.
+ *
+ * @param this calling object
+ * @param response created payload will be added to this message_t object
+ * @return
+ * - SUCCESS
+ * - FAILED
+ */
+ status_t (*build_idr_payload) (private_ike_sa_init_requested_t *this, message_t *response);
+
/**
* Build AUTH payload for IKE_AUTH request.
*
/* build empty message */
this->ike_sa->build_message(this->ike_sa, IKE_AUTH, TRUE, &request);
- status = this->build_id_payload(this, &id_payload,request);
+ status = this->build_id_payload(this, &id_payload, request);
+ if (status != SUCCESS)
+ {
+ request->destroy(request);
+ return status;
+ }
+ status = this->build_idr_payload(this, request);
if (status != SUCCESS)
{
request->destroy(request);
return status;
}
- status = this->build_auth_payload(this,(id_payload_t *) id_payload, request);
+ status = this->build_auth_payload(this, (id_payload_t*)id_payload, request);
if (status != SUCCESS)
{
request->destroy(request);
identification_t *identification;
policy = this->ike_sa->get_policy(this->ike_sa);
- /* identification_t object gets NOT cloned here */
identification = policy->get_my_id(policy);
- new_id_payload = id_payload_create_from_identification(TRUE,identification);
+ new_id_payload = id_payload_create_from_identification(TRUE, identification);
this->logger->log(this->logger, CONTROL|LEVEL2, "Add ID payload to message");
request->add_payload(request,(payload_t *) new_id_payload);
return SUCCESS;
}
+/**
+ * Implementation of private_ike_sa_init_requested_t.build_idr_payload.
+ */
+static status_t build_idr_payload (private_ike_sa_init_requested_t *this, message_t *request)
+{
+ policy_t *policy;
+ id_payload_t *idr_payload;
+ identification_t *identification;
+
+ policy = this->ike_sa->get_policy(this->ike_sa);
+ identification = policy->get_other_id(policy);
+ if (!identification->contains_wildcards(identification))
+ {
+ idr_payload = id_payload_create_from_identification(FALSE, identification);
+
+ this->logger->log(this->logger, CONTROL|LEVEL2, "Add IDr payload to message");
+ request->add_payload(request,(payload_t *) idr_payload);
+ }
+ return SUCCESS;
+}
+
/**
* Implementation of private_ike_sa_init_requested_t.build_auth_payload.
*/
this->build_tsi_payload = build_tsi_payload;
this->build_tsr_payload = build_tsr_payload;
this->build_id_payload = build_id_payload;
+ this->build_idr_payload = build_idr_payload;
this->build_sa_payload = build_sa_payload;
this->process_notify_payload = process_notify_payload;
connection_t *connection;
id_payload_t *idr_response;
+ connection = this->ike_sa->get_connection(this->ike_sa);
+
+ /* update adresses, as connection may contain wildcards, or wrong IDs */
other_id = request_idi->get_identification(request_idi);
if (request_idr)
{
my_id = request_idr->get_identification(request_idr);
+ connection->update_my_id(connection, my_id);
+ }
+ else
+ {
+ my_id = connection->get_my_id(connection);
}
+ connection->update_other_id(connection, other_id);
/* build new sa config */
- connection = this->ike_sa->get_connection(this->ike_sa);
this->policy = charon->policies->get_policy(charon->policies, my_id, other_id);
if (this->policy == NULL)
- {
- if (my_id)
- {
- this->logger->log(this->logger, AUDIT, "We don't have a policy for IDs %s - %s. Deleting IKE_SA",
- other_id->get_string(other_id),my_id->get_string(my_id));
- my_id->destroy(my_id);
- }
- else
- {
- this->logger->log(this->logger, AUDIT, "We don't have a policy for remote ID %s. Deleting IKE_SA",
- other_id->get_string(other_id));
- }
- other_id->destroy(other_id);
- return DELETE_ME;
- }
-
- if (my_id)
{
- my_id->destroy(my_id);
+ this->logger->log(this->logger, AUDIT, "We don't have a policy for IDs %s - %s. Deleting IKE_SA",
+ my_id->get_string(my_id), other_id->get_string(other_id));
+ return DELETE_ME;
}
- other_id->destroy(other_id);
- /* get my id, if not requested */
+ /* get my id from policy, which must contain a fully qualified valid id */
my_id = this->policy->get_my_id(this->policy);
/* update others traffic selectors with actually used address */
}
else
{
- job = initiate_ike_sa_job_create(connection->clone(connection));
+ job = initiate_ike_sa_job_create(connection);
charon->job_queue->add(charon->job_queue, (job_t*)job);
}
}
return this->string;
}
+/**
+ * Implementation of identification_t.contains_wildcards.
+ */
+static bool contains_wildcards(private_identification_t *this)
+{
+ if (this->type == ID_ANY ||
+ memchr(this->encoded.ptr, '*', this->encoded.len) != NULL)
+ {
+ return TRUE;
+ }
+ return FALSE;
+}
+
/**
* Default implementation of identification_t.equals and identification_t.belongs_to.
* compares encoded chunk for equality.
{
char *this_str, *other_str, *pos;
+ if (other->type == ID_ANY)
+ {
+ return TRUE;
+ }
+
if (this->type == other->type)
{
/* try a binary comparison first */
/**
* Special implementation of identification_t.belongs_to for ID_ANY.
- * ANY matches any, even ANY, thats why its there...
+ * ANY matches only another ANY, but nothing other
*/
static bool belongs_to_any(private_identification_t *this, private_identification_t *other)
-{
- return TRUE;
+{
+ if (other->type == ID_ANY)
+ {
+ return TRUE;
+ }
+ return FALSE;
}
/**
{
int wildcards;
+ if (other->type == ID_ANY)
+ {
+ return TRUE;
+ }
+
if (this->type == other->type)
{
return match_dn(this->encoded, other->encoded, &wildcards);
this->public.get_encoding = (chunk_t (*) (identification_t*))get_encoding;
this->public.get_type = (id_type_t (*) (identification_t*))get_type;
this->public.get_string = (char* (*) (identification_t*))get_string;
+ this->public.contains_wildcards = (bool (*) (identification_t *this))contains_wildcards;
this->public.clone = (identification_t* (*) (identification_t*))clone;
this->public.destroy = (void (*) (identification_t*))destroy;
/* we use these as defaults, the may be overloaded for special ID types */
*/
bool (*belongs_to) (identification_t *this, identification_t *other);
+ /**
+ * @brief Check if an ID is a wildcard ID.
+ *
+ * If the ID represents multiple IDs (with wildcards, or
+ * as the type ID_ANY), TRUE is returned. If it is unique,
+ * FALSE is returned.
+ *
+ * @param this identification_t object
+ * @return TRUE if ID contains wildcards
+ */
+ bool (*contains_wildcards) (identification_t *this);
+
/**
* @brief Clone a identification_t instance.
*
{
pthread_mutex_unlock(&mutex);
/* TODO: since pthread_join cannot be excluded cleanly, we are not whining about bad frees */
- //return;
+ return;
logger->log(logger, ERROR, "freeing of invalid memory (%p)", ptr);
stack_frame_count = backtrace(stack_frames, STACK_FRAMES_COUNT);
log_stack_frames(stack_frames, stack_frame_count);
return result;
}
-// int pthread_create(pthread_t *__restrict __threadp, __const pthread_attr_t *__restrict __attr,
-// void *(*__start_routine) (void *), void *__restrict __arg)
-// {
-// int (*_pthread_create) (pthread_t *__restrict __threadp,
-// __const pthread_attr_t *__restrict __attr,
-// void *(*__start_routine) (void *),
-// void *__restrict __arg) = excluded_functions[PTHREAD_CREATE].lib_function;
-// int result;
-//
-// pthread_mutex_lock(&mutex);
-// uninstall_hooks();
-//
-// result = _pthread_create(__threadp, __attr, __start_routine, __arg);
-//
-// install_hooks();
-// pthread_mutex_unlock(&mutex);
-// return result;
-// }
-//
-//
-// int pthread_cancel(pthread_t __th)
-// {
-// int (*_pthread_cancel) (pthread_t) = excluded_functions[PTHREAD_CANCEL].lib_function;
-// int result;
-//
-// pthread_mutex_lock(&mutex);
-// uninstall_hooks();
-//
-// result = _pthread_cancel(__th);
-//
-// install_hooks();
-// pthread_mutex_unlock(&mutex);
-// return result;
-// }
-//
+int pthread_create(pthread_t *__restrict __threadp, __const pthread_attr_t *__restrict __attr,
+ void *(*__start_routine) (void *), void *__restrict __arg)
+{
+ int (*_pthread_create) (pthread_t *__restrict __threadp,
+ __const pthread_attr_t *__restrict __attr,
+ void *(*__start_routine) (void *),
+ void *__restrict __arg) = excluded_functions[PTHREAD_CREATE].lib_function;
+ int result;
+
+ pthread_mutex_lock(&mutex);
+ uninstall_hooks();
+
+ result = _pthread_create(__threadp, __attr, __start_routine, __arg);
+
+ install_hooks();
+ pthread_mutex_unlock(&mutex);
+ return result;
+}
+
+
+int pthread_cancel(pthread_t __th)
+{
+ int (*_pthread_cancel) (pthread_t) = excluded_functions[PTHREAD_CANCEL].lib_function;
+ int result;
+
+ pthread_mutex_lock(&mutex);
+ uninstall_hooks();
+
+ result = _pthread_cancel(__th);
+
+ install_hooks();
+ pthread_mutex_unlock(&mutex);
+ return result;
+}
+
// /* TODO: join has probs, since it dellocates memory
// * allocated (somewhere) with leak_detective :-(.
// * We should exclude all pthread_ functions to fix it !? */
#define MAX_LOG 8192
/**
- * Maximum number of logged bytes pre line
+ * Maximum number of logged bytes per line
*/
#define MAX_BYTES 16
* Should a thread_id be included in the log?
*/
bool log_thread_id;
-
- /**
- * Applies a prefix to string and stores it in buffer.
- *
- * @warning: buffer must be at least have MAX_LOG size.
- */
- void (*prepend_prefix) (private_logger_t *this, log_level_t loglevel, const char *string, char *buffer);
};
/**
- * Implementation of private_logger_t.prepend_prefix.
+ * prepend the logging prefix to string and store it in buffer
*/
static void prepend_prefix(private_logger_t *this, log_level_t loglevel, const char *string, char *buffer)
{
char log_type, log_details;
+ char thread_id[10] = "";
+
if (loglevel & CONTROL)
{
- log_type = '~';
+ log_type = 'C';
}
else if (loglevel & ERROR)
{
- log_type = '!';
+ log_type = 'E';
}
else if (loglevel & RAW)
{
- log_type = '#';
+ log_type = 'R';
}
else if (loglevel & PRIVATE)
{
- log_type = '?';
+ log_type = 'P';
}
else if (loglevel & AUDIT)
{
- log_type = '>';
+ log_type = 'A';
}
else
{
if (this->log_thread_id)
{
- snprintf(buffer, MAX_LOG, "[%c%c:%s] @%u %s", log_type, log_details, this->name, (int)pthread_self(), string);
+ snprintf(thread_id, sizeof(thread_id), " @%d", (int)pthread_self());
}
- else
+ snprintf(buffer, MAX_LOG, "[%c%c:%s]%s %s", log_type, log_details, this->name, thread_id, string);
+}
+
+/**
+ * Convert a charon-loglevel to a syslog priority
+ */
+static int get_priority(log_level_t loglevel)
+{
+ if (loglevel & AUDIT)
{
- snprintf(buffer, MAX_LOG, "[%c%c:%s] %s", log_type, log_details, this->name, string);
+ return LOG_AUTHPRIV|LOG_INFO;
}
+ return LOG_DAEMON|LOG_DEBUG;
}
/**
* Implementation of logger_t.log.
*
- * Yes, logg is wrong written :-).
+ * Yes, logg is written wrong :-).
*/
-static void logg(private_logger_t *this, log_level_t loglevel, char *format, ...)
+static void logg(private_logger_t *this, log_level_t loglevel, const char *format, ...)
{
if ((this->level & loglevel) == loglevel)
{
if (this->output == NULL)
{
/* syslog */
- this->prepend_prefix(this, loglevel, format, buffer);
+ prepend_prefix(this, loglevel, format, buffer);
va_start(args, format);
- vsyslog(LOG_INFO, buffer, args);
+ vsyslog(get_priority(loglevel), buffer, args);
va_end(args);
}
else
{
/* File output */
- this->prepend_prefix(this, loglevel, format, buffer);
+ prepend_prefix(this, loglevel, format, buffer);
va_start(args, format);
vfprintf(this->output, buffer, args);
va_end(args);
if ((this->level & loglevel) == loglevel)
{
+ char thread_id[10] = "";
char buffer[MAX_LOG];
char ascii_buffer[MAX_BYTES+1];
char *buffer_pos = buffer;
- const char format[] = "%s %d bytes @ %p";
+ const char format[] = "%s %d bytes @ %p";
const char *bytes_pos = bytes;
const char *bytes_roof = bytes + len;
int line_start = 0;
int i = 0;
+ if (this->log_thread_id)
+ {
+ snprintf(thread_id, sizeof(thread_id), " @%d", (int)pthread_self());
+ }
+
/* since me can't do multi-line output to syslog,
* we must do multiple syslogs. To avoid
* problems in output order, lock this by a mutex.
*/
pthread_mutex_lock(&mutex);
- this->prepend_prefix(this, loglevel, format, buffer);
+ prepend_prefix(this, loglevel, format, buffer);
if (this->output == NULL)
{
- syslog(LOG_INFO, buffer, label, len, bytes);
+ syslog(get_priority(loglevel), buffer, label, len, bytes);
}
else
{
if (this->output == NULL)
{
- syslog(LOG_INFO, "[ :%5d] %s %s", line_start, buffer, ascii_buffer);
+ syslog(get_priority(loglevel), "[ :%5d]%s %s %s", line_start, thread_id, buffer, ascii_buffer);
}
else
{
- fprintf(this->output, "[ :%5d] %s %s\n", line_start, buffer, ascii_buffer);
+ fprintf(this->output, "[ :%5d]%s %s %s\n", line_start, thread_id, buffer, ascii_buffer);
}
buffer_pos = buffer;
- line_start += 16;
+ line_start += MAX_BYTES;
i = 0;
}
else
/**
* Implementation of logger_t.log_chunk.
*/
-static void log_chunk(logger_t *this, log_level_t loglevel, char *label, chunk_t chunk)
+static void log_chunk(logger_t *this, log_level_t loglevel, const char *label, chunk_t chunk)
{
this->log_bytes(this, loglevel, label, chunk.ptr, chunk.len);
}
private_logger_t *this = malloc_thing(private_logger_t);
/* public functions */
- this->public.log = (void(*)(logger_t*,log_level_t,char*,...))logg;
- this->public.log_bytes = (void(*)(logger_t*, log_level_t, char*,char*,size_t))log_bytes;
+ this->public.log = (void(*)(logger_t*,log_level_t,const char*,...))logg;
+ this->public.log_bytes = (void(*)(logger_t*, log_level_t, const char*, const char*,size_t))log_bytes;
this->public.log_chunk = log_chunk;
this->public.enable_level = (void(*)(logger_t*,log_level_t))enable_level;
this->public.disable_level = (void(*)(logger_t*,log_level_t))disable_level;
this->public.set_output = (void(*)(logger_t*,FILE*))set_output;
this->public.destroy = (void(*)(logger_t*))destroy;
- /* private functions */
- this->prepend_prefix = prepend_prefix;
-
if (logger_name == NULL)
{
logger_name = "";
strcpy(this->name,logger_name);
this->output = output;
- if (output == NULL)
- {
- //openlog(DAEMON_NAME, 0, LOG_DAEMON);
- }
-
return (logger_t*)this;
}
* @param format printf like format string
* @param ... printf like parameters
*/
- void (*log) (logger_t *this, log_level_t log_level, char *format, ...);
+ void (*log) (logger_t *this, log_level_t log_level, const char *format, ...);
/**
* @brief Log some bytes, useful for debugging.
* @param bytes pointer to the bytes to dump
* @param len number of bytes to dump
*/
- void (*log_bytes) (logger_t *this, log_level_t loglevel, char *label, char *bytes, size_t len);
+ void (*log_bytes) (logger_t *this, log_level_t loglevel, const char *label, const char *bytes, size_t len);
/**
* @brief Log a chunk, useful for debugging.
* @param label a labeling name, logged with the bytes
* @param chunk chunk to log
*/
- void (*log_chunk) (logger_t *this, log_level_t loglevel, char *label, chunk_t chunk);
+ void (*log_chunk) (logger_t *this, log_level_t loglevel, const char *label, chunk_t chunk);
/**
* @brief Enables a loglevel for the current logger_t object.