Révision 8ad331b7
Ajouté par Ermal il y a presque 10 ans
pfPorts/strongswan/files/patch-smp.c | ||
---|---|---|
1 |
--- src/libcharon/plugins/smp/smp.c.orig 2014-02-25 01:02:19.000000000 +0100 |
|
2 |
+++ src/libcharon/plugins/smp/smp.c 2014-02-25 00:10:43.000000000 +0100 |
|
3 |
@@ -737,7 +737,7 @@ |
|
1 |
--- src/libcharon/plugins/smp/smp.c.orig 2013-11-01 11:40:35.000000000 +0100 |
|
2 |
+++ src/libcharon/plugins/smp/smp.c 2014-05-26 22:32:43.000000000 +0200 |
|
3 |
@@ -15,6 +15,7 @@ |
|
4 |
|
|
5 |
#include <stdlib.h> |
|
6 |
|
|
7 |
+#include <inttypes.h> |
|
8 |
#include "smp.h" |
|
9 |
|
|
10 |
#include <sys/types.h> |
|
11 |
@@ -114,6 +115,146 @@ |
|
12 |
} |
|
13 |
|
|
14 |
/** |
|
15 |
+ * Log a configs local or remote authentication config to out |
|
16 |
+ */ |
|
17 |
+static void log_auth_cfgs(xmlTextWriterPtr out, peer_cfg_t *peer_cfg, bool local) |
|
18 |
+{ |
|
19 |
+ enumerator_t *enumerator, *rules; |
|
20 |
+ auth_rule_t rule; |
|
21 |
+ auth_cfg_t *auth; |
|
22 |
+ auth_class_t auth_class; |
|
23 |
+ identification_t *id; |
|
24 |
+ certificate_t *cert; |
|
25 |
+ cert_validation_t valid; |
|
26 |
+ char *name; |
|
27 |
+ |
|
28 |
+ name = peer_cfg->get_name(peer_cfg); |
|
29 |
+ |
|
30 |
+ enumerator = peer_cfg->create_auth_cfg_enumerator(peer_cfg, local); |
|
31 |
+ while (enumerator->enumerate(enumerator, &auth)) |
|
32 |
+ { |
|
33 |
+ xmlTextWriterStartElement(out, "auth"); |
|
34 |
+ id = auth->get(auth, AUTH_RULE_IDENTITY); |
|
35 |
+ if (id) |
|
36 |
+ { |
|
37 |
+ write_id(out, "identification", id); |
|
38 |
+ } |
|
39 |
+ |
|
40 |
+ auth_class = (uintptr_t)auth->get(auth, AUTH_RULE_AUTH_CLASS); |
|
41 |
+ if (auth_class == AUTH_CLASS_EAP) |
|
42 |
+ { |
|
43 |
+ if ((uintptr_t)auth->get(auth, AUTH_RULE_EAP_TYPE) == EAP_NAK) |
|
44 |
+ { |
|
45 |
+ xmlTextWriterWriteElement(out, "authtype", "EAP"); |
|
46 |
+ } |
|
47 |
+ else |
|
48 |
+ { |
|
49 |
+ if ((uintptr_t)auth->get(auth, AUTH_RULE_EAP_VENDOR)) |
|
50 |
+ { |
|
51 |
+ xmlTextWriterStartElement(out, "authtype"); |
|
52 |
+ xmlTextWriterWriteFormatString(out, "EAP_%" PRIuPTR "-%" PRIuPTR, |
|
53 |
+ (uintptr_t)auth->get(auth, AUTH_RULE_EAP_TYPE), |
|
54 |
+ (uintptr_t)auth->get(auth, AUTH_RULE_EAP_VENDOR)); |
|
55 |
+ xmlTextWriterEndElement(out); |
|
56 |
+ } |
|
57 |
+ else |
|
58 |
+ { |
|
59 |
+ xmlTextWriterStartElement(out, "authtype"); |
|
60 |
+ xmlTextWriterWriteFormatString(out, "%N", eap_type_names, (uintptr_t)auth->get(auth, AUTH_RULE_EAP_TYPE)); |
|
61 |
+ xmlTextWriterEndElement(out); |
|
62 |
+ } |
|
63 |
+ } |
|
64 |
+ id = auth->get(auth, AUTH_RULE_EAP_IDENTITY); |
|
65 |
+ if (id) |
|
66 |
+ { |
|
67 |
+ xmlTextWriterStartElement(out, "identity"); |
|
68 |
+ xmlTextWriterWriteFormatString(out, "%Y", id); |
|
69 |
+ xmlTextWriterEndElement(out); |
|
70 |
+ } |
|
71 |
+ } |
|
72 |
+ else if (auth_class == AUTH_CLASS_XAUTH) |
|
73 |
+ { |
|
74 |
+ xmlTextWriterStartElement(out, "authtype"); |
|
75 |
+ xmlTextWriterWriteFormatString(out, "%N: %s", auth_class_names, auth_class, |
|
76 |
+ auth->get(auth, AUTH_RULE_XAUTH_BACKEND) ?: "any"); |
|
77 |
+ xmlTextWriterEndElement(out); |
|
78 |
+ id = auth->get(auth, AUTH_RULE_XAUTH_IDENTITY); |
|
79 |
+ if (id) |
|
80 |
+ { |
|
81 |
+ xmlTextWriterStartElement(out, "identity"); |
|
82 |
+ xmlTextWriterWriteFormatString(out, "%Y", id); |
|
83 |
+ xmlTextWriterEndElement(out); |
|
84 |
+ } |
|
85 |
+ } |
|
86 |
+ else |
|
87 |
+ { |
|
88 |
+ xmlTextWriterStartElement(out, "authtype"); |
|
89 |
+ xmlTextWriterWriteFormatString(out, "%N", auth_class_names, auth_class); |
|
90 |
+ xmlTextWriterEndElement(out); |
|
91 |
+ } |
|
92 |
+ |
|
93 |
+ xmlTextWriterStartElement(out, "ca_cert"); |
|
94 |
+ cert = auth->get(auth, AUTH_RULE_CA_CERT); |
|
95 |
+ if (cert) |
|
96 |
+ { |
|
97 |
+ xmlTextWriterWriteFormatString(out, "%Y", cert->get_subject(cert)); |
|
98 |
+ } |
|
99 |
+ xmlTextWriterEndElement(out); |
|
100 |
+ |
|
101 |
+ xmlTextWriterStartElement(out, "im_cert"); |
|
102 |
+ cert = auth->get(auth, AUTH_RULE_IM_CERT); |
|
103 |
+ if (cert) |
|
104 |
+ { |
|
105 |
+ xmlTextWriterWriteFormatString(out, "%Y", cert->get_subject(cert)); |
|
106 |
+ } |
|
107 |
+ xmlTextWriterEndElement(out); |
|
108 |
+ |
|
109 |
+ xmlTextWriterStartElement(out, "subject_cert"); |
|
110 |
+ cert = auth->get(auth, AUTH_RULE_SUBJECT_CERT); |
|
111 |
+ if (cert) |
|
112 |
+ { |
|
113 |
+ xmlTextWriterWriteFormatString(out, "%Y", cert->get_subject(cert)); |
|
114 |
+ } |
|
115 |
+ xmlTextWriterEndElement(out); |
|
116 |
+ |
|
117 |
+ xmlTextWriterStartElement(out, "ocsp_validation"); |
|
118 |
+ valid = (uintptr_t)auth->get(auth, AUTH_RULE_OCSP_VALIDATION); |
|
119 |
+ if (valid != VALIDATION_FAILED) |
|
120 |
+ { |
|
121 |
+ xmlTextWriterWriteFormatString(out, "%s", |
|
122 |
+ (valid == VALIDATION_SKIPPED) ? "SKIPPED" : "GOOD"); |
|
123 |
+ |
|
124 |
+ } |
|
125 |
+ xmlTextWriterEndElement(out); |
|
126 |
+ |
|
127 |
+ xmlTextWriterStartElement(out, "crl_validation"); |
|
128 |
+ valid = (uintptr_t)auth->get(auth, AUTH_RULE_CRL_VALIDATION); |
|
129 |
+ if (valid != VALIDATION_FAILED) |
|
130 |
+ { |
|
131 |
+ xmlTextWriterWriteFormatString(out, "%s", |
|
132 |
+ (valid == VALIDATION_SKIPPED) ? "SKIPPED" : "GOOD"); |
|
133 |
+ } |
|
134 |
+ xmlTextWriterEndElement(out); |
|
135 |
+ |
|
136 |
+ xmlTextWriterStartElement(out, "groups"); |
|
137 |
+ rules = auth->create_enumerator(auth); |
|
138 |
+ while (rules->enumerate(rules, &rule, &id)) |
|
139 |
+ { |
|
140 |
+ if (rule == AUTH_RULE_GROUP) |
|
141 |
+ { |
|
142 |
+ xmlTextWriterStartElement(out, "group"); |
|
143 |
+ xmlTextWriterWriteFormatString(out, "%Y", id); |
|
144 |
+ xmlTextWriterEndElement(out); |
|
145 |
+ } |
|
146 |
+ } |
|
147 |
+ xmlTextWriterEndElement(out); |
|
148 |
+ xmlTextWriterEndElement(out); |
|
149 |
+ rules->destroy(rules); |
|
150 |
+ } |
|
151 |
+ enumerator->destroy(enumerator); |
|
152 |
+} |
|
153 |
+ |
|
154 |
+/** |
|
155 |
* write a host_t address into an element |
|
156 |
*/ |
|
157 |
static void write_address(xmlTextWriterPtr writer, char *element, host_t *host) |
|
158 |
@@ -228,6 +369,7 @@ |
|
159 |
/* <local> */ |
|
160 |
local = ike_sa->get_my_host(ike_sa); |
|
161 |
xmlTextWriterStartElement(writer, "local"); |
|
162 |
+ log_auth_cfgs(writer, ike_sa->get_peer_cfg(ike_sa), TRUE); |
|
163 |
xmlTextWriterWriteFormatElement(writer, "spi", "%.16llx", |
|
164 |
id->is_initiator(id) ? id->get_initiator_spi(id) |
|
165 |
: id->get_responder_spi(id)); |
|
166 |
@@ -245,6 +387,7 @@ |
|
167 |
/* <remote> */ |
|
168 |
remote = ike_sa->get_other_host(ike_sa); |
|
169 |
xmlTextWriterStartElement(writer, "remote"); |
|
170 |
+ log_auth_cfgs(writer, ike_sa->get_peer_cfg(ike_sa), FALSE); |
|
171 |
xmlTextWriterWriteFormatElement(writer, "spi", "%.16llx", |
|
172 |
id->is_initiator(id) ? id->get_responder_spi(id) |
|
173 |
: id->get_initiator_spi(id)); |
|
174 |
@@ -737,7 +880,7 @@ |
|
4 | 175 |
*/ |
5 | 176 |
plugin_t *smp_plugin_create() |
6 | 177 |
{ |
Formats disponibles : Unified diff
Add patch to smp plugin to show a bit more about the authentication performed from local and remote peer