Révision 8ad331b7
Ajouté par Ermal il y a presque 10 ans
| pfPorts/strongswan/files/patch-smp.c | ||
|---|---|---|
| 1 |
--- src/libcharon/plugins/smp/smp.c.orig 2014-02-25 01:02:19.000000000 +0100 |
|
| 2 |
+++ src/libcharon/plugins/smp/smp.c 2014-02-25 00:10:43.000000000 +0100 |
|
| 3 |
@@ -737,7 +737,7 @@ |
|
| 1 |
--- src/libcharon/plugins/smp/smp.c.orig 2013-11-01 11:40:35.000000000 +0100 |
|
| 2 |
+++ src/libcharon/plugins/smp/smp.c 2014-05-26 22:32:43.000000000 +0200 |
|
| 3 |
@@ -15,6 +15,7 @@ |
|
| 4 |
|
|
| 5 |
#include <stdlib.h> |
|
| 6 |
|
|
| 7 |
+#include <inttypes.h> |
|
| 8 |
#include "smp.h" |
|
| 9 |
|
|
| 10 |
#include <sys/types.h> |
|
| 11 |
@@ -114,6 +115,146 @@ |
|
| 12 |
} |
|
| 13 |
|
|
| 14 |
/** |
|
| 15 |
+ * Log a configs local or remote authentication config to out |
|
| 16 |
+ */ |
|
| 17 |
+static void log_auth_cfgs(xmlTextWriterPtr out, peer_cfg_t *peer_cfg, bool local) |
|
| 18 |
+{
|
|
| 19 |
+ enumerator_t *enumerator, *rules; |
|
| 20 |
+ auth_rule_t rule; |
|
| 21 |
+ auth_cfg_t *auth; |
|
| 22 |
+ auth_class_t auth_class; |
|
| 23 |
+ identification_t *id; |
|
| 24 |
+ certificate_t *cert; |
|
| 25 |
+ cert_validation_t valid; |
|
| 26 |
+ char *name; |
|
| 27 |
+ |
|
| 28 |
+ name = peer_cfg->get_name(peer_cfg); |
|
| 29 |
+ |
|
| 30 |
+ enumerator = peer_cfg->create_auth_cfg_enumerator(peer_cfg, local); |
|
| 31 |
+ while (enumerator->enumerate(enumerator, &auth)) |
|
| 32 |
+ {
|
|
| 33 |
+ xmlTextWriterStartElement(out, "auth"); |
|
| 34 |
+ id = auth->get(auth, AUTH_RULE_IDENTITY); |
|
| 35 |
+ if (id) |
|
| 36 |
+ {
|
|
| 37 |
+ write_id(out, "identification", id); |
|
| 38 |
+ } |
|
| 39 |
+ |
|
| 40 |
+ auth_class = (uintptr_t)auth->get(auth, AUTH_RULE_AUTH_CLASS); |
|
| 41 |
+ if (auth_class == AUTH_CLASS_EAP) |
|
| 42 |
+ {
|
|
| 43 |
+ if ((uintptr_t)auth->get(auth, AUTH_RULE_EAP_TYPE) == EAP_NAK) |
|
| 44 |
+ {
|
|
| 45 |
+ xmlTextWriterWriteElement(out, "authtype", "EAP"); |
|
| 46 |
+ } |
|
| 47 |
+ else |
|
| 48 |
+ {
|
|
| 49 |
+ if ((uintptr_t)auth->get(auth, AUTH_RULE_EAP_VENDOR)) |
|
| 50 |
+ {
|
|
| 51 |
+ xmlTextWriterStartElement(out, "authtype"); |
|
| 52 |
+ xmlTextWriterWriteFormatString(out, "EAP_%" PRIuPTR "-%" PRIuPTR, |
|
| 53 |
+ (uintptr_t)auth->get(auth, AUTH_RULE_EAP_TYPE), |
|
| 54 |
+ (uintptr_t)auth->get(auth, AUTH_RULE_EAP_VENDOR)); |
|
| 55 |
+ xmlTextWriterEndElement(out); |
|
| 56 |
+ } |
|
| 57 |
+ else |
|
| 58 |
+ {
|
|
| 59 |
+ xmlTextWriterStartElement(out, "authtype"); |
|
| 60 |
+ xmlTextWriterWriteFormatString(out, "%N", eap_type_names, (uintptr_t)auth->get(auth, AUTH_RULE_EAP_TYPE)); |
|
| 61 |
+ xmlTextWriterEndElement(out); |
|
| 62 |
+ } |
|
| 63 |
+ } |
|
| 64 |
+ id = auth->get(auth, AUTH_RULE_EAP_IDENTITY); |
|
| 65 |
+ if (id) |
|
| 66 |
+ {
|
|
| 67 |
+ xmlTextWriterStartElement(out, "identity"); |
|
| 68 |
+ xmlTextWriterWriteFormatString(out, "%Y", id); |
|
| 69 |
+ xmlTextWriterEndElement(out); |
|
| 70 |
+ } |
|
| 71 |
+ } |
|
| 72 |
+ else if (auth_class == AUTH_CLASS_XAUTH) |
|
| 73 |
+ {
|
|
| 74 |
+ xmlTextWriterStartElement(out, "authtype"); |
|
| 75 |
+ xmlTextWriterWriteFormatString(out, "%N: %s", auth_class_names, auth_class, |
|
| 76 |
+ auth->get(auth, AUTH_RULE_XAUTH_BACKEND) ?: "any"); |
|
| 77 |
+ xmlTextWriterEndElement(out); |
|
| 78 |
+ id = auth->get(auth, AUTH_RULE_XAUTH_IDENTITY); |
|
| 79 |
+ if (id) |
|
| 80 |
+ {
|
|
| 81 |
+ xmlTextWriterStartElement(out, "identity"); |
|
| 82 |
+ xmlTextWriterWriteFormatString(out, "%Y", id); |
|
| 83 |
+ xmlTextWriterEndElement(out); |
|
| 84 |
+ } |
|
| 85 |
+ } |
|
| 86 |
+ else |
|
| 87 |
+ {
|
|
| 88 |
+ xmlTextWriterStartElement(out, "authtype"); |
|
| 89 |
+ xmlTextWriterWriteFormatString(out, "%N", auth_class_names, auth_class); |
|
| 90 |
+ xmlTextWriterEndElement(out); |
|
| 91 |
+ } |
|
| 92 |
+ |
|
| 93 |
+ xmlTextWriterStartElement(out, "ca_cert"); |
|
| 94 |
+ cert = auth->get(auth, AUTH_RULE_CA_CERT); |
|
| 95 |
+ if (cert) |
|
| 96 |
+ {
|
|
| 97 |
+ xmlTextWriterWriteFormatString(out, "%Y", cert->get_subject(cert)); |
|
| 98 |
+ } |
|
| 99 |
+ xmlTextWriterEndElement(out); |
|
| 100 |
+ |
|
| 101 |
+ xmlTextWriterStartElement(out, "im_cert"); |
|
| 102 |
+ cert = auth->get(auth, AUTH_RULE_IM_CERT); |
|
| 103 |
+ if (cert) |
|
| 104 |
+ {
|
|
| 105 |
+ xmlTextWriterWriteFormatString(out, "%Y", cert->get_subject(cert)); |
|
| 106 |
+ } |
|
| 107 |
+ xmlTextWriterEndElement(out); |
|
| 108 |
+ |
|
| 109 |
+ xmlTextWriterStartElement(out, "subject_cert"); |
|
| 110 |
+ cert = auth->get(auth, AUTH_RULE_SUBJECT_CERT); |
|
| 111 |
+ if (cert) |
|
| 112 |
+ {
|
|
| 113 |
+ xmlTextWriterWriteFormatString(out, "%Y", cert->get_subject(cert)); |
|
| 114 |
+ } |
|
| 115 |
+ xmlTextWriterEndElement(out); |
|
| 116 |
+ |
|
| 117 |
+ xmlTextWriterStartElement(out, "ocsp_validation"); |
|
| 118 |
+ valid = (uintptr_t)auth->get(auth, AUTH_RULE_OCSP_VALIDATION); |
|
| 119 |
+ if (valid != VALIDATION_FAILED) |
|
| 120 |
+ {
|
|
| 121 |
+ xmlTextWriterWriteFormatString(out, "%s", |
|
| 122 |
+ (valid == VALIDATION_SKIPPED) ? "SKIPPED" : "GOOD"); |
|
| 123 |
+ |
|
| 124 |
+ } |
|
| 125 |
+ xmlTextWriterEndElement(out); |
|
| 126 |
+ |
|
| 127 |
+ xmlTextWriterStartElement(out, "crl_validation"); |
|
| 128 |
+ valid = (uintptr_t)auth->get(auth, AUTH_RULE_CRL_VALIDATION); |
|
| 129 |
+ if (valid != VALIDATION_FAILED) |
|
| 130 |
+ {
|
|
| 131 |
+ xmlTextWriterWriteFormatString(out, "%s", |
|
| 132 |
+ (valid == VALIDATION_SKIPPED) ? "SKIPPED" : "GOOD"); |
|
| 133 |
+ } |
|
| 134 |
+ xmlTextWriterEndElement(out); |
|
| 135 |
+ |
|
| 136 |
+ xmlTextWriterStartElement(out, "groups"); |
|
| 137 |
+ rules = auth->create_enumerator(auth); |
|
| 138 |
+ while (rules->enumerate(rules, &rule, &id)) |
|
| 139 |
+ {
|
|
| 140 |
+ if (rule == AUTH_RULE_GROUP) |
|
| 141 |
+ {
|
|
| 142 |
+ xmlTextWriterStartElement(out, "group"); |
|
| 143 |
+ xmlTextWriterWriteFormatString(out, "%Y", id); |
|
| 144 |
+ xmlTextWriterEndElement(out); |
|
| 145 |
+ } |
|
| 146 |
+ } |
|
| 147 |
+ xmlTextWriterEndElement(out); |
|
| 148 |
+ xmlTextWriterEndElement(out); |
|
| 149 |
+ rules->destroy(rules); |
|
| 150 |
+ } |
|
| 151 |
+ enumerator->destroy(enumerator); |
|
| 152 |
+} |
|
| 153 |
+ |
|
| 154 |
+/** |
|
| 155 |
* write a host_t address into an element |
|
| 156 |
*/ |
|
| 157 |
static void write_address(xmlTextWriterPtr writer, char *element, host_t *host) |
|
| 158 |
@@ -228,6 +369,7 @@ |
|
| 159 |
/* <local> */ |
|
| 160 |
local = ike_sa->get_my_host(ike_sa); |
|
| 161 |
xmlTextWriterStartElement(writer, "local"); |
|
| 162 |
+ log_auth_cfgs(writer, ike_sa->get_peer_cfg(ike_sa), TRUE); |
|
| 163 |
xmlTextWriterWriteFormatElement(writer, "spi", "%.16llx", |
|
| 164 |
id->is_initiator(id) ? id->get_initiator_spi(id) |
|
| 165 |
: id->get_responder_spi(id)); |
|
| 166 |
@@ -245,6 +387,7 @@ |
|
| 167 |
/* <remote> */ |
|
| 168 |
remote = ike_sa->get_other_host(ike_sa); |
|
| 169 |
xmlTextWriterStartElement(writer, "remote"); |
|
| 170 |
+ log_auth_cfgs(writer, ike_sa->get_peer_cfg(ike_sa), FALSE); |
|
| 171 |
xmlTextWriterWriteFormatElement(writer, "spi", "%.16llx", |
|
| 172 |
id->is_initiator(id) ? id->get_responder_spi(id) |
|
| 173 |
: id->get_initiator_spi(id)); |
|
| 174 |
@@ -737,7 +880,7 @@ |
|
| 4 | 175 |
*/ |
| 5 | 176 |
plugin_t *smp_plugin_create() |
| 6 | 177 |
{
|
Formats disponibles : Unified diff
Add patch to smp plugin to show a bit more about the authentication performed from local and remote peer