1
|
--- src/libcharon/plugins/smp/smp.c.orig 2013-11-01 11:40:35.000000000 +0100
|
2
|
+++ src/libcharon/plugins/smp/smp.c 2014-05-26 22:32:43.000000000 +0200
|
3
|
@@ -15,6 +15,7 @@
|
4
|
|
5
|
#include <stdlib.h>
|
6
|
|
7
|
+#include <inttypes.h>
|
8
|
#include "smp.h"
|
9
|
|
10
|
#include <sys/types.h>
|
11
|
@@ -114,6 +115,146 @@
|
12
|
}
|
13
|
|
14
|
/**
|
15
|
+ * Log a configs local or remote authentication config to out
|
16
|
+ */
|
17
|
+static void log_auth_cfgs(xmlTextWriterPtr out, peer_cfg_t *peer_cfg, bool local)
|
18
|
+{
|
19
|
+ enumerator_t *enumerator, *rules;
|
20
|
+ auth_rule_t rule;
|
21
|
+ auth_cfg_t *auth;
|
22
|
+ auth_class_t auth_class;
|
23
|
+ identification_t *id;
|
24
|
+ certificate_t *cert;
|
25
|
+ cert_validation_t valid;
|
26
|
+ char *name;
|
27
|
+
|
28
|
+ name = peer_cfg->get_name(peer_cfg);
|
29
|
+
|
30
|
+ enumerator = peer_cfg->create_auth_cfg_enumerator(peer_cfg, local);
|
31
|
+ while (enumerator->enumerate(enumerator, &auth))
|
32
|
+ {
|
33
|
+ xmlTextWriterStartElement(out, "auth");
|
34
|
+ id = auth->get(auth, AUTH_RULE_IDENTITY);
|
35
|
+ if (id)
|
36
|
+ {
|
37
|
+ write_id(out, "identification", id);
|
38
|
+ }
|
39
|
+
|
40
|
+ auth_class = (uintptr_t)auth->get(auth, AUTH_RULE_AUTH_CLASS);
|
41
|
+ if (auth_class == AUTH_CLASS_EAP)
|
42
|
+ {
|
43
|
+ if ((uintptr_t)auth->get(auth, AUTH_RULE_EAP_TYPE) == EAP_NAK)
|
44
|
+ {
|
45
|
+ xmlTextWriterWriteElement(out, "authtype", "EAP");
|
46
|
+ }
|
47
|
+ else
|
48
|
+ {
|
49
|
+ if ((uintptr_t)auth->get(auth, AUTH_RULE_EAP_VENDOR))
|
50
|
+ {
|
51
|
+ xmlTextWriterStartElement(out, "authtype");
|
52
|
+ xmlTextWriterWriteFormatString(out, "EAP_%" PRIuPTR "-%" PRIuPTR,
|
53
|
+ (uintptr_t)auth->get(auth, AUTH_RULE_EAP_TYPE),
|
54
|
+ (uintptr_t)auth->get(auth, AUTH_RULE_EAP_VENDOR));
|
55
|
+ xmlTextWriterEndElement(out);
|
56
|
+ }
|
57
|
+ else
|
58
|
+ {
|
59
|
+ xmlTextWriterStartElement(out, "authtype");
|
60
|
+ xmlTextWriterWriteFormatString(out, "%N", eap_type_names, (uintptr_t)auth->get(auth, AUTH_RULE_EAP_TYPE));
|
61
|
+ xmlTextWriterEndElement(out);
|
62
|
+ }
|
63
|
+ }
|
64
|
+ id = auth->get(auth, AUTH_RULE_EAP_IDENTITY);
|
65
|
+ if (id)
|
66
|
+ {
|
67
|
+ xmlTextWriterStartElement(out, "identity");
|
68
|
+ xmlTextWriterWriteFormatString(out, "%Y", id);
|
69
|
+ xmlTextWriterEndElement(out);
|
70
|
+ }
|
71
|
+ }
|
72
|
+ else if (auth_class == AUTH_CLASS_XAUTH)
|
73
|
+ {
|
74
|
+ xmlTextWriterStartElement(out, "authtype");
|
75
|
+ xmlTextWriterWriteFormatString(out, "%N: %s", auth_class_names, auth_class,
|
76
|
+ auth->get(auth, AUTH_RULE_XAUTH_BACKEND) ?: "any");
|
77
|
+ xmlTextWriterEndElement(out);
|
78
|
+ id = auth->get(auth, AUTH_RULE_XAUTH_IDENTITY);
|
79
|
+ if (id)
|
80
|
+ {
|
81
|
+ xmlTextWriterStartElement(out, "identity");
|
82
|
+ xmlTextWriterWriteFormatString(out, "%Y", id);
|
83
|
+ xmlTextWriterEndElement(out);
|
84
|
+ }
|
85
|
+ }
|
86
|
+ else
|
87
|
+ {
|
88
|
+ xmlTextWriterStartElement(out, "authtype");
|
89
|
+ xmlTextWriterWriteFormatString(out, "%N", auth_class_names, auth_class);
|
90
|
+ xmlTextWriterEndElement(out);
|
91
|
+ }
|
92
|
+
|
93
|
+ xmlTextWriterStartElement(out, "ca_cert");
|
94
|
+ cert = auth->get(auth, AUTH_RULE_CA_CERT);
|
95
|
+ if (cert)
|
96
|
+ {
|
97
|
+ xmlTextWriterWriteFormatString(out, "%Y", cert->get_subject(cert));
|
98
|
+ }
|
99
|
+ xmlTextWriterEndElement(out);
|
100
|
+
|
101
|
+ xmlTextWriterStartElement(out, "im_cert");
|
102
|
+ cert = auth->get(auth, AUTH_RULE_IM_CERT);
|
103
|
+ if (cert)
|
104
|
+ {
|
105
|
+ xmlTextWriterWriteFormatString(out, "%Y", cert->get_subject(cert));
|
106
|
+ }
|
107
|
+ xmlTextWriterEndElement(out);
|
108
|
+
|
109
|
+ xmlTextWriterStartElement(out, "subject_cert");
|
110
|
+ cert = auth->get(auth, AUTH_RULE_SUBJECT_CERT);
|
111
|
+ if (cert)
|
112
|
+ {
|
113
|
+ xmlTextWriterWriteFormatString(out, "%Y", cert->get_subject(cert));
|
114
|
+ }
|
115
|
+ xmlTextWriterEndElement(out);
|
116
|
+
|
117
|
+ xmlTextWriterStartElement(out, "ocsp_validation");
|
118
|
+ valid = (uintptr_t)auth->get(auth, AUTH_RULE_OCSP_VALIDATION);
|
119
|
+ if (valid != VALIDATION_FAILED)
|
120
|
+ {
|
121
|
+ xmlTextWriterWriteFormatString(out, "%s",
|
122
|
+ (valid == VALIDATION_SKIPPED) ? "SKIPPED" : "GOOD");
|
123
|
+
|
124
|
+ }
|
125
|
+ xmlTextWriterEndElement(out);
|
126
|
+
|
127
|
+ xmlTextWriterStartElement(out, "crl_validation");
|
128
|
+ valid = (uintptr_t)auth->get(auth, AUTH_RULE_CRL_VALIDATION);
|
129
|
+ if (valid != VALIDATION_FAILED)
|
130
|
+ {
|
131
|
+ xmlTextWriterWriteFormatString(out, "%s",
|
132
|
+ (valid == VALIDATION_SKIPPED) ? "SKIPPED" : "GOOD");
|
133
|
+ }
|
134
|
+ xmlTextWriterEndElement(out);
|
135
|
+
|
136
|
+ xmlTextWriterStartElement(out, "groups");
|
137
|
+ rules = auth->create_enumerator(auth);
|
138
|
+ while (rules->enumerate(rules, &rule, &id))
|
139
|
+ {
|
140
|
+ if (rule == AUTH_RULE_GROUP)
|
141
|
+ {
|
142
|
+ xmlTextWriterStartElement(out, "group");
|
143
|
+ xmlTextWriterWriteFormatString(out, "%Y", id);
|
144
|
+ xmlTextWriterEndElement(out);
|
145
|
+ }
|
146
|
+ }
|
147
|
+ xmlTextWriterEndElement(out);
|
148
|
+ xmlTextWriterEndElement(out);
|
149
|
+ rules->destroy(rules);
|
150
|
+ }
|
151
|
+ enumerator->destroy(enumerator);
|
152
|
+}
|
153
|
+
|
154
|
+/**
|
155
|
* write a host_t address into an element
|
156
|
*/
|
157
|
static void write_address(xmlTextWriterPtr writer, char *element, host_t *host)
|
158
|
@@ -228,6 +369,7 @@
|
159
|
/* <local> */
|
160
|
local = ike_sa->get_my_host(ike_sa);
|
161
|
xmlTextWriterStartElement(writer, "local");
|
162
|
+ log_auth_cfgs(writer, ike_sa->get_peer_cfg(ike_sa), TRUE);
|
163
|
xmlTextWriterWriteFormatElement(writer, "spi", "%.16llx",
|
164
|
id->is_initiator(id) ? id->get_initiator_spi(id)
|
165
|
: id->get_responder_spi(id));
|
166
|
@@ -245,6 +387,7 @@
|
167
|
/* <remote> */
|
168
|
remote = ike_sa->get_other_host(ike_sa);
|
169
|
xmlTextWriterStartElement(writer, "remote");
|
170
|
+ log_auth_cfgs(writer, ike_sa->get_peer_cfg(ike_sa), FALSE);
|
171
|
xmlTextWriterWriteFormatElement(writer, "spi", "%.16llx",
|
172
|
id->is_initiator(id) ? id->get_responder_spi(id)
|
173
|
: id->get_initiator_spi(id));
|
174
|
@@ -737,7 +880,7 @@
|
175
|
*/
|
176
|
plugin_t *smp_plugin_create()
|
177
|
{
|
178
|
- struct sockaddr_un unix_addr = { AF_UNIX, IPSEC_PIDDIR "/charon.xml"};
|
179
|
+ struct sockaddr_un unix_addr = { sizeof(struct sockaddr_un), AF_UNIX, IPSEC_PIDDIR "/charon.xml"};
|
180
|
private_smp_t *this;
|
181
|
mode_t old;
|
182
|
|