AC_ARG_WITH(
- [default-pkcs11],
- AS_HELP_STRING([--with-default-pkcs11=lib],[set the default PKCS11 library other than "/usr/lib/opensc-pkcs11.so"]),
- [AC_DEFINE_UNQUOTED(PKCS11_DEFAULT_LIB, "$withval")],
- [AC_DEFINE_UNQUOTED(PKCS11_DEFAULT_LIB, "/usr/lib/opensc-pkcs11.so")]
+ [default-pkcs11],
+ AS_HELP_STRING([--with-default-pkcs11=lib],[set the default PKCS11 library other than "/usr/lib/opensc-pkcs11.so"]),
+ [AC_DEFINE_UNQUOTED(PKCS11_DEFAULT_LIB, "$withval")],
+ [AC_DEFINE_UNQUOTED(PKCS11_DEFAULT_LIB, "/usr/lib/opensc-pkcs11.so")]
)
AC_ARG_WITH(
- [xauth-module],
- AS_HELP_STRING([--with-xauth-module=lib],[set the path to the XAUTH module]),
- [AC_DEFINE_UNQUOTED(XAUTH_DEFAULT_LIB, "$withval")],
+ [xauth-module],
+ AS_HELP_STRING([--with-xauth-module=lib],[set the path to the XAUTH module]),
+ [AC_DEFINE_UNQUOTED(XAUTH_DEFAULT_LIB, "$withval")],
)
AC_ARG_WITH(
- [random-device],
- AS_HELP_STRING([--with-random-device=dev],[set the device for real random data other than "/dev/random"]),
- [AC_DEFINE_UNQUOTED(DEV_RANDOM, "$withval")],
- [AC_DEFINE_UNQUOTED(DEV_RANDOM, "/dev/random")]
+ [random-device],
+ AS_HELP_STRING([--with-random-device=dev],[set the device for real random data other than "/dev/random"]),
+ [AC_DEFINE_UNQUOTED(DEV_RANDOM, "$withval")],
+ [AC_DEFINE_UNQUOTED(DEV_RANDOM, "/dev/random")]
)
AC_ARG_WITH(
- [resolv-conf],
- AS_HELP_STRING([--with-resolv-conf=file],[set the file to store DNS server information other than "sysconfdir/resolv.conf"]),
- [AC_DEFINE_UNQUOTED(RESOLV_CONF, "$withval")],
- [AC_DEFINE_UNQUOTED(RESOLV_CONF, "${sysconfdir}/resolv.conf")]
+ [resolv-conf],
+ AS_HELP_STRING([--with-resolv-conf=file],[set the file to store DNS server information other than "sysconfdir/resolv.conf"]),
+ [AC_DEFINE_UNQUOTED(RESOLV_CONF, "$withval")],
+ [AC_DEFINE_UNQUOTED(RESOLV_CONF, "${sysconfdir}/resolv.conf")]
)
AC_ARG_WITH(
- [urandom-device],
- AS_HELP_STRING([--with-urandom-device=dev],[set the device for pseudo random data other than "/dev/urandom"]),
- [AC_DEFINE_UNQUOTED(DEV_URANDOM, "$withval")],
- [AC_DEFINE_UNQUOTED(DEV_URANDOM, "/dev/urandom")]
+ [urandom-device],
+ AS_HELP_STRING([--with-urandom-device=dev],[set the device for pseudo random data other than "/dev/urandom"]),
+ [AC_DEFINE_UNQUOTED(DEV_URANDOM, "$withval")],
+ [AC_DEFINE_UNQUOTED(DEV_URANDOM, "/dev/urandom")]
)
AC_ARG_WITH(
- [piddir],
- AS_HELP_STRING([--with-piddir=dir],[path for PID and UNIX socket files other than "/var/run"]),
- [AC_SUBST(piddir, "$withval")],
- [AC_SUBST(piddir, "/var/run")]
+ [piddir],
+ AS_HELP_STRING([--with-piddir=dir],[path for PID and UNIX socket files other than "/var/run"]),
+ [AC_SUBST(piddir, "$withval")],
+ [AC_SUBST(piddir, "/var/run")]
)
AC_ARG_WITH(
- [ipsecdir],
- AS_HELP_STRING([--with-ipsecdir=dir],[installation path for ipsec tools other than "libexecdir/ipsec"]),
- [AC_SUBST(ipsecdir, "$withval")],
- [AC_SUBST(ipsecdir, "${libexecdir}/ipsec")]
+ [ipsecdir],
+ AS_HELP_STRING([--with-ipsecdir=dir],[installation path for ipsec tools other than "libexecdir/ipsec"]),
+ [AC_SUBST(ipsecdir, "$withval")],
+ [AC_SUBST(ipsecdir, "${libexecdir}/ipsec")]
)
AC_SUBST(plugindir, "${ipsecdir}/plugins")
AC_ARG_WITH(
- [plugindir],
- AS_HELP_STRING([--with-plugindir=dir],[installation path for plugins other than "ipsecdir/plugins"]),
- [AC_SUBST(plugindir, "$withval")],
- [AC_SUBST(plugindir, "${ipsecdir}/plugins")]
+ [plugindir],
+ AS_HELP_STRING([--with-plugindir=dir],[installation path for plugins other than "ipsecdir/plugins"]),
+ [AC_SUBST(plugindir, "$withval")],
+ [AC_SUBST(plugindir, "${ipsecdir}/plugins")]
)
AC_ARG_WITH(
- [sim-reader],
- AS_HELP_STRING([--with-sim-reader=library.so],[library containing the sim_run_alg()/sim_get_triplet() function for EAP-SIM]),
- [AC_SUBST(simreader, "$withval")],
- [AC_SUBST(simreader, "${plugindir}/libeapsim-file.so")]
+ [sim-reader],
+ AS_HELP_STRING([--with-sim-reader=library.so],[library containing the sim_run_alg()/sim_get_triplet() function for EAP-SIM]),
+ [AC_SUBST(simreader, "$withval")],
+ [AC_SUBST(simreader, "${plugindir}/libeapsim-file.so")]
)
AC_ARG_WITH(
- [linux-headers],
- AS_HELP_STRING([--with-linux-headers=dir],[use the linux header files in dir instead of the supplied ones in "src/include"]),
- [AC_SUBST(linuxdir, "$withval")], [AC_SUBST(linuxdir, "../include")]
+ [linux-headers],
+ AS_HELP_STRING([--with-linux-headers=dir],[use the linux header files in dir instead of the supplied ones in "src/include"]),
+ [AC_SUBST(linuxdir, "$withval")], [AC_SUBST(linuxdir, "../include")]
)
AC_SUBST(LINUX_HEADERS)
AC_ARG_WITH(
- [routing-table],
- AS_HELP_STRING([--with-routing-table=num],[use routing table for IPsec routes (default: 220)]),
- [AC_DEFINE_UNQUOTED(IPSEC_ROUTING_TABLE, $withval) AC_SUBST(IPSEC_ROUTING_TABLE, "$withval")],
- [AC_DEFINE_UNQUOTED(IPSEC_ROUTING_TABLE, 220) AC_SUBST(IPSEC_ROUTING_TABLE, "220")]
+ [routing-table],
+ AS_HELP_STRING([--with-routing-table=num],[use routing table for IPsec routes (default: 220)]),
+ [AC_DEFINE_UNQUOTED(IPSEC_ROUTING_TABLE, $withval) AC_SUBST(IPSEC_ROUTING_TABLE, "$withval")],
+ [AC_DEFINE_UNQUOTED(IPSEC_ROUTING_TABLE, 220) AC_SUBST(IPSEC_ROUTING_TABLE, "220")]
)
AC_ARG_WITH(
- [routing-table-prio],
- AS_HELP_STRING([--with-routing-table-prio=prio],[priority for IPsec routing table (default: 220)]),
- [AC_DEFINE_UNQUOTED(IPSEC_ROUTING_TABLE_PRIO, $withval) AC_SUBST(IPSEC_ROUTING_TABLE_PRIO, "$withval")],
- [AC_DEFINE_UNQUOTED(IPSEC_ROUTING_TABLE_PRIO, 220) AC_SUBST(IPSEC_ROUTING_TABLE_PRIO, "220")]
+ [routing-table-prio],
+ AS_HELP_STRING([--with-routing-table-prio=prio],[priority for IPsec routing table (default: 220)]),
+ [AC_DEFINE_UNQUOTED(IPSEC_ROUTING_TABLE_PRIO, $withval) AC_SUBST(IPSEC_ROUTING_TABLE_PRIO, "$withval")],
+ [AC_DEFINE_UNQUOTED(IPSEC_ROUTING_TABLE_PRIO, 220) AC_SUBST(IPSEC_ROUTING_TABLE_PRIO, "220")]
)
AC_ARG_WITH(
- [uid],
- AS_HELP_STRING([--with-uid=uid],[change user of the daemons to UID after startup (default is 0).]),
- [AC_DEFINE_UNQUOTED(IPSEC_UID, $withval) AC_SUBST(ipsecuid, "$withval")],
- [AC_DEFINE_UNQUOTED(IPSEC_UID, 0) AC_SUBST(ipsecuid, "0")]
+ [uid],
+ AS_HELP_STRING([--with-uid=uid],[change user of the daemons to UID after startup (default is 0).]),
+ [AC_DEFINE_UNQUOTED(IPSEC_UID, $withval) AC_SUBST(ipsecuid, "$withval")],
+ [AC_DEFINE_UNQUOTED(IPSEC_UID, 0) AC_SUBST(ipsecuid, "0")]
)
AC_ARG_WITH(
- [gid],
- AS_HELP_STRING([--with-gid=gid],[change group of the daemons to GID after startup (default is 0).]),
- [AC_DEFINE_UNQUOTED(IPSEC_GID, $withval) AC_SUBST(ipsecgid, "$withval")],
- [AC_DEFINE_UNQUOTED(IPSEC_GID, 0) AC_SUBST(ipsecgid, "0")]
+ [gid],
+ AS_HELP_STRING([--with-gid=gid],[change group of the daemons to GID after startup (default is 0).]),
+ [AC_DEFINE_UNQUOTED(IPSEC_GID, $withval) AC_SUBST(ipsecgid, "$withval")],
+ [AC_DEFINE_UNQUOTED(IPSEC_GID, 0) AC_SUBST(ipsecgid, "0")]
)
AC_ARG_ENABLE(
- [curl],
- AS_HELP_STRING([--enable-curl],[enable CURL fetcher plugin to fetch files via libcurl (default is NO). Requires libcurl.]),
- [if test x$enableval = xyes; then
- curl=true
- fi]
+ [curl],
+ AS_HELP_STRING([--enable-curl],[enable CURL fetcher plugin to fetch files via libcurl (default is NO). Requires libcurl.]),
+ [if test x$enableval = xyes; then
+ curl=true
+ fi]
)
-AM_CONDITIONAL(USE_CURL, test x$curl = xtrue)
AC_ARG_ENABLE(
- [ldap],
- AS_HELP_STRING([--enable-ldap],[enable LDAP fetching plugin to fetch files via libldap (default is NO). Requires openLDAP.]),
- [if test x$enableval = xyes; then
- ldap=true
- fi]
+ [ldap],
+ AS_HELP_STRING([--enable-ldap],[enable LDAP fetching plugin to fetch files via libldap (default is NO). Requires openLDAP.]),
+ [if test x$enableval = xyes; then
+ ldap=true
+ fi]
)
-AM_CONDITIONAL(USE_LDAP, test x$ldap = xtrue)
AC_ARG_ENABLE(
- [aes],
- AS_HELP_STRING([--disable-aes],[disable own AES software implementation plugin. (default is NO).]),
- [if test x$enableval = xyes; then
- aes=true
- else
- aes=false
- fi],
- aes=true
+ [aes],
+ AS_HELP_STRING([--disable-aes],[disable own AES software implementation plugin. (default is NO).]),
+ [if test x$enableval = xyes; then
+ aes=true
+ else
+ aes=false
+ fi],
+ aes=true
)
-AM_CONDITIONAL(USE_AES, test x$aes = xtrue)
AC_ARG_ENABLE(
- [des],
- AS_HELP_STRING([--disable-des],[disable own DES/3DES software implementation plugin. (default is NO).]),
- [if test x$enableval = xyes; then
- des=true
- else
- des=false
- fi],
- des=true
+ [des],
+ AS_HELP_STRING([--disable-des],[disable own DES/3DES software implementation plugin. (default is NO).]),
+ [if test x$enableval = xyes; then
+ des=true
+ else
+ des=false
+ fi],
+ des=true
)
-AM_CONDITIONAL(USE_DES, test x$des = xtrue)
AC_ARG_ENABLE(
- [md5],
- AS_HELP_STRING([--disable-md5],[disable own MD5 software implementation plugin. (default is NO).]),
- [if test x$enableval = xyes; then
- md5=true
- else
- md5=false
- fi],
- md5=true
+ [md5],
+ AS_HELP_STRING([--disable-md5],[disable own MD5 software implementation plugin. (default is NO).]),
+ [if test x$enableval = xyes; then
+ md5=true
+ else
+ md5=false
+ fi],
+ md5=true
)
-AM_CONDITIONAL(USE_MD5, test x$md5 = xtrue)
AC_ARG_ENABLE(
- [sha1],
- AS_HELP_STRING([--disable-sha1],[disable own SHA1 software implementation plugin. (default is NO).]),
- [if test x$enableval = xyes; then
- sha1=true
- else
- sha1=false
- fi],
- sha1=true
+ [sha1],
+ AS_HELP_STRING([--disable-sha1],[disable own SHA1 software implementation plugin. (default is NO).]),
+ [if test x$enableval = xyes; then
+ sha1=true
+ else
+ sha1=false
+ fi],
+ sha1=true
)
-AM_CONDITIONAL(USE_SHA1, test x$sha1 = xtrue)
AC_ARG_ENABLE(
- [sha2],
- AS_HELP_STRING([--disable-sha2],[disable own SHA256/SHA384/SHA512 software implementation plugin. (default is NO).]),
- [if test x$enableval = xyes; then
- sha2=true
- else
- sha2=false
- fi],
- sha2=true
+ [sha2],
+ AS_HELP_STRING([--disable-sha2],[disable own SHA256/SHA384/SHA512 software implementation plugin. (default is NO).]),
+ [if test x$enableval = xyes; then
+ sha2=true
+ else
+ sha2=false
+ fi],
+ sha2=true
)
-AM_CONDITIONAL(USE_SHA2, test x$sha2 = xtrue)
AC_ARG_ENABLE(
- [fips-prf],
- AS_HELP_STRING([--disable-fips-prf],[disable FIPS PRF software implementation plugin. (default is NO).]),
- [if test x$enableval = xyes; then
- fips_prf=true
- else
- fips_prf=false
- fi],
- fips_prf=true
+ [fips-prf],
+ AS_HELP_STRING([--disable-fips-prf],[disable FIPS PRF software implementation plugin. (default is NO).]),
+ [if test x$enableval = xyes; then
+ fips_prf=true
+ else
+ fips_prf=false
+ fi],
+ fips_prf=true
)
-AM_CONDITIONAL(USE_FIPS_PRF, test x$fips_prf = xtrue)
AC_ARG_ENABLE(
- [gmp],
- AS_HELP_STRING([--disable-gmp],[disable own GNU MP (libgmp) based crypto implementation plugin. (default is NO).]),
- [if test x$enableval = xyes; then
- gmp=true
- else
- gmp=false
- fi],
- gmp=true
+ [gmp],
+ AS_HELP_STRING([--disable-gmp],[disable own GNU MP (libgmp) based crypto implementation plugin. (default is NO).]),
+ [if test x$enableval = xyes; then
+ gmp=true
+ else
+ gmp=false
+ fi],
+ gmp=true
)
-AM_CONDITIONAL(USE_GMP, test x$gmp = xtrue)
AC_ARG_ENABLE(
- [x509],
- AS_HELP_STRING([--disable-x509],[disable own X509 certificate implementation plugin. (default is NO).]),
- [if test x$enableval = xyes; then
- x509=true
- else
- x509=false
- fi],
- x509=true
+ [x509],
+ AS_HELP_STRING([--disable-x509],[disable own X509 certificate implementation plugin. (default is NO).]),
+ [if test x$enableval = xyes; then
+ x509=true
+ else
+ x509=false
+ fi],
+ x509=true
)
-AM_CONDITIONAL(USE_X509, test x$x509 = xtrue)
AC_ARG_ENABLE(
- [hmac],
- AS_HELP_STRING([--disable-hmac],[disable HMAC crypto implementation plugin. (default is NO).]),
- [if test x$enableval = xyes; then
- hmac=true
- else
- hmac=false
- fi],
- hmac=true
+ [hmac],
+ AS_HELP_STRING([--disable-hmac],[disable HMAC crypto implementation plugin. (default is NO).]),
+ [if test x$enableval = xyes; then
+ hmac=true
+ else
+ hmac=false
+ fi],
+ hmac=true
)
-AM_CONDITIONAL(USE_HMAC, test x$hmac = xtrue)
AC_ARG_ENABLE(
- [mysql],
- AS_HELP_STRING([--enable-mysql],[enable MySQL database support (default is NO). Requires libmysqlclient_r.]),
- [if test x$enableval = xyes; then
- mysql=true
- fi]
+ [mysql],
+ AS_HELP_STRING([--enable-mysql],[enable MySQL database support (default is NO). Requires libmysqlclient_r.]),
+ [if test x$enableval = xyes; then
+ mysql=true
+ fi]
)
-AM_CONDITIONAL(USE_MYSQL, test x$mysql = xtrue)
AC_ARG_ENABLE(
- [sqlite],
- AS_HELP_STRING([--enable-sqlite],[enable SQLite database support (default is NO). Requires libsqlite3.]),
- [if test x$enableval = xyes; then
- sqlite=true
- fi]
+ [sqlite],
+ AS_HELP_STRING([--enable-sqlite],[enable SQLite database support (default is NO). Requires libsqlite3.]),
+ [if test x$enableval = xyes; then
+ sqlite=true
+ fi]
)
-AM_CONDITIONAL(USE_SQLITE, test x$sqlite = xtrue)
AC_ARG_ENABLE(
- [stroke],
- AS_HELP_STRING([--disable-stroke],[disable charons stroke (pluto compatibility) configuration backend. (default is NO).]),
- [if test x$enableval = xyes; then
- stroke=true
- else
- stroke=false
- fi],
- stroke=true
+ [stroke],
+ AS_HELP_STRING([--disable-stroke],[disable charons stroke (pluto compatibility) configuration backend. (default is NO).]),
+ [if test x$enableval = xyes; then
+ stroke=true
+ else
+ stroke=false
+ fi],
+ stroke=true
)
-AM_CONDITIONAL(USE_STROKE, test x$stroke = xtrue)
AC_ARG_ENABLE(
- [med-db],
- AS_HELP_STRING([--enable-med-db],[enable MySQL mediation database plugin (default is NO).]),
- [if test x$enableval = xyes; then
- med_db=true
- AC_DEFINE(LIBDBUS)
- fi]
+ [med-db],
+ AS_HELP_STRING([--enable-med-db],[enable MySQL mediation database plugin (default is NO).]),
+ [if test x$enableval = xyes; then
+ med_db=true
+ fi]
)
-AM_CONDITIONAL(USE_MED_DB, test x$med_db = xtrue)
AC_ARG_ENABLE(
- [dbus],
- AS_HELP_STRING([--enable-dbus],[enable DBUS configuration and control interface (default is NO). Requires libdbus.]),
- [if test x$enableval = xyes; then
- dbus=true
- AC_DEFINE(LIBDBUS)
- fi]
+ [smp],
+ AS_HELP_STRING([--enable-smp],[enable SMP configuration and control interface (default is NO). Requires libxml.]),
+ [if test x$enableval = xyes; then
+ smp=true
+ fi]
)
-AM_CONDITIONAL(USE_LIBDBUS, test x$dbus = xtrue)
AC_ARG_ENABLE(
- [xml],
- AS_HELP_STRING([--enable-xml],[enable XML configuration and control interface (default is NO). Requires libxml.]),
- [if test x$enableval = xyes; then
- xml=true
- AC_DEFINE(LIBXML)
- fi]
+ [sql],
+ AS_HELP_STRING([--enable-sql],[enable SQL database configuration backend (default is NO).]),
+ [if test x$enableval = xyes; then
+ sql=true
+ fi]
)
-AM_CONDITIONAL(USE_LIBXML, test x$xml = xtrue)
AC_ARG_ENABLE(
- [sql],
- AS_HELP_STRING([--enable-sql],[enable SQL database configuration backend (default is NO).]),
- [if test x$enableval = xyes; then
- sql=true
- fi]
+ [smartcard],
+ AS_HELP_STRING([--enable-smartcard],[enable smartcard support (default is NO).]),
+ [if test x$enableval = xyes; then
+ smartcard=true
+ fi]
)
-AM_CONDITIONAL(USE_SQL, test x$sql = xtrue)
AC_ARG_ENABLE(
- [smartcard],
- AS_HELP_STRING([--enable-smartcard],[enable smartcard support (default is NO).]),
- [if test x$enableval = xyes; then
- smartcard=true
- AC_DEFINE(SMARTCARD)
- fi]
+ [cisco-quirks],
+ AS_HELP_STRING([--enable-cisco-quirks],[enable support of Cisco VPN client (default is NO).]),
+ [if test x$enableval = xyes; then
+ cisco_quirks=true
+ fi]
)
-AM_CONDITIONAL(USE_SMARTCARD, test x$smartcard = xtrue)
AC_ARG_ENABLE(
- [cisco-quirks],
- AS_HELP_STRING([--enable-cisco-quirks],[enable support of Cisco VPN client (default is NO).]),
- [if test x$enableval = xyes; then
- cisco_quirks=true
- fi]
+ [leak-detective],
+ AS_HELP_STRING([--enable-leak-detective],[enable malloc hooks to find memory leaks (default is NO).]),
+ [if test x$enableval = xyes; then
+ leak_detective=true
+ fi]
)
-AM_CONDITIONAL(USE_CISCO_QUIRKS, test x$cisco_quirks = xtrue)
AC_ARG_ENABLE(
- [leak-detective],
- AS_HELP_STRING([--enable-leak-detective],[enable malloc hooks to find memory leaks (default is NO).]),
- [if test x$enableval = xyes; then
- leak_detective=true
- fi]
+ [unit-tests],
+ AS_HELP_STRING([--enable-unit-tests],[enable unit tests on IKEv2 daemon startup (default is NO).]),
+ [if test x$enableval = xyes; then
+ unittest=true
+ fi]
)
-AM_CONDITIONAL(USE_LEAK_DETECTIVE, test x$leak_detective = xtrue)
AC_ARG_ENABLE(
- [unit-tests],
- AS_HELP_STRING([--enable-unit-tests],[enable unit tests on IKEv2 daemon startup (default is NO).]),
- [if test x$enableval = xyes; then
- unittest=true
- fi]
+ [eap-sim],
+ AS_HELP_STRING([--enable-eap-sim],[build SIM authenication module for EAP (default is NO).]),
+ [if test x$enableval = xyes; then
+ eap_sim=true
+ fi]
)
-AM_CONDITIONAL(USE_UNIT_TESTS, test x$unittest = xtrue)
AC_ARG_ENABLE(
- [eap-sim],
- AS_HELP_STRING([--enable-eap-sim],[build SIM authenication module for EAP (default is NO).]),
- [if test x$enableval = xyes; then
- eap_sim=true
- fi]
+ [eap-identity],
+ AS_HELP_STRING([--enable-eap-identity],[build EAP module providing EAP-Identity helper (default is NO).]),
+ [if test x$enableval = xyes; then
+ eap_identity=true
+ fi]
)
-AM_CONDITIONAL(USE_EAP_SIM, test x$eap_sim = xtrue)
AC_ARG_ENABLE(
- [eap-identity],
- AS_HELP_STRING([--enable-eap-identity],[build EAP module providing EAP-Identity helper (default is NO).]),
- [if test x$enableval = xyes; then
- eap_identity=true
- fi]
+ [eap-md5],
+ AS_HELP_STRING([--enable-eap-md5],[build MD5 (CHAP) authenication module for EAP (default is NO).]),
+ [if test x$enableval = xyes; then
+ eap_md5=true
+ fi]
)
-AM_CONDITIONAL(USE_EAP_IDENTITY, test x$eap_identity = xtrue)
-
-AC_ARG_ENABLE(
- [eap-md5],
- AS_HELP_STRING([--enable-eap-md5],[build MD5 (CHAP) authenication module for EAP (default is NO).]),
- [if test x$enableval = xyes; then
- eap_md5=true
- fi]
-)
-AM_CONDITIONAL(USE_EAP_MD5, test x$eap_md5 = xtrue)
AC_ARG_ENABLE(
- [eap-aka],
- AS_HELP_STRING([--enable-eap-aka],[build AKA authentication module for EAP (default is NO).]),
- [if test x$enableval = xyes; then
- eap_aka=true
- fi]
+ [eap-aka],
+ AS_HELP_STRING([--enable-eap-aka],[build AKA authentication module for EAP (default is NO).]),
+ [if test x$enableval = xyes; then
+ eap_aka=true
+ fi]
)
-AM_CONDITIONAL(USE_EAP_AKA, test x$eap_aka = xtrue)
AC_ARG_ENABLE(
- [nat-transport],
- AS_HELP_STRING([--enable-nat-transport],[enable NAT traversal with IPsec transport mode (default is NO).]),
- [if test x$enableval = xyes; then
- nat_transport=true
- fi]
+ [nat-transport],
+ AS_HELP_STRING([--enable-nat-transport],[enable NAT traversal with IPsec transport mode (default is NO).]),
+ [if test x$enableval = xyes; then
+ nat_transport=true
+ fi]
)
-AM_CONDITIONAL(USE_NAT_TRANSPORT, test x$nat_transport = xtrue)
AC_ARG_ENABLE(
- [vendor-id],
- AS_HELP_STRING([--disable-vendor-id],[disable the sending of the strongSwan vendor ID (default is NO).]),
- [if test x$enableval = xyes; then
- vendor_id=true
- else
- vendor_id=false
- fi],
- vendor_id=true
+ [vendor-id],
+ AS_HELP_STRING([--disable-vendor-id],[disable the sending of the strongSwan vendor ID (default is NO).]),
+ [if test x$enableval = xyes; then
+ vendor_id=true
+ else
+ vendor_id=false
+ fi],
+ vendor_id=true
)
-AM_CONDITIONAL(USE_VENDORID, test x$vendor_id = xtrue)
AC_ARG_ENABLE(
- [xauth-vid],
- AS_HELP_STRING([--disable-xauth-vid],[disable the sending of the XAUTH vendor ID (default is NO).]),
- [if test x$enableval = xyes; then
- xauth_vid=true
- else
- xauth_vid=false
- fi],
- xauth_vid=true
+ [xauth-vid],
+ AS_HELP_STRING([--disable-xauth-vid],[disable the sending of the XAUTH vendor ID (default is NO).]),
+ [if test x$enableval = xyes; then
+ xauth_vid=true
+ else
+ xauth_vid=false
+ fi],
+ xauth_vid=true
)
-AM_CONDITIONAL(USE_XAUTH_VID, test x$xauth_vid = xtrue)
AC_ARG_ENABLE(
- [uml],
- AS_HELP_STRING([--enable-uml],[build the UML test framework (default is NO).]),
- [if test x$enableval = xyes; then
- uml=true
- fi]
+ [dumm],
+ AS_HELP_STRING([--enable-dumm],[build the DUMM UML test framework (default is NO).]),
+ [if test x$enableval = xyes; then
+ dumm=true
+ fi]
)
-AM_CONDITIONAL(USE_UML, test x$uml = xtrue)
AC_ARG_ENABLE(
- [fast],
- AS_HELP_STRING([--enable-fast],[build libfast (FastCGI Application Server w/ templates (default is NO).]),
- [if test x$enableval = xyes; then
- fast=true
- fi]
+ [fast],
+ AS_HELP_STRING([--enable-fast],[build libfast (FastCGI Application Server w/ templates (default is NO).]),
+ [if test x$enableval = xyes; then
+ fast=true
+ fi]
)
-AM_CONDITIONAL(USE_FAST, test x$fast = xtrue)
AC_ARG_ENABLE(
- [manager],
- AS_HELP_STRING([--enable-manager],[build web management console (default is NO).]),
- [if test x$enableval = xyes; then
- manager=true
- fi]
+ [manager],
+ AS_HELP_STRING([--enable-manager],[build web management console (default is NO).]),
+ [if test x$enableval = xyes; then
+ manager=true
+ xml=true
+ fi]
)
-AM_CONDITIONAL(USE_MANAGER, test x$manager = xtrue)
AC_ARG_ENABLE(
- [mediation],
- AS_HELP_STRING([--enable-mediation],[enable IKEv2 Mediation Extension (default is NO).]),
- [if test x$enableval = xyes; then
- me=true
- AC_DEFINE(ME)
- fi]
+ [mediation],
+ AS_HELP_STRING([--enable-mediation],[enable IKEv2 Mediation Extension (default is NO).]),
+ [if test x$enableval = xyes; then
+ me=true
+ fi]
)
-AM_CONDITIONAL(USE_ME, test x$me = xtrue)
AC_ARG_ENABLE(
- [integrity-test],
- AS_HELP_STRING([--enable-integrity-test],[enable the integrity test of the crypto library (default is NO).]),
- [if test x$enableval = xyes; then
- integrity_test=true
- AC_DEFINE(INTEGRITY_TEST)
- fi]
+ [integrity-test],
+ AS_HELP_STRING([--enable-integrity-test],[enable the integrity test of the crypto library (default is NO).]),
+ [if test x$enableval = xyes; then
+ integrity_test=true
+ fi]
)
-AM_CONDITIONAL(USE_INTEGRITY_TEST, test x$integrity_test = xtrue)
AC_ARG_ENABLE(
- [self-test],
- AS_HELP_STRING([--disable-self-test],[disable the self-test of the crypto library (default is NO).]),
- [if test x$enableval = xyes; then
- self_test=true
- else
- self_test=false
- AC_DEFINE(NO_SELF_TEST)
- fi],
- self_test=true
+ [self-test],
+ AS_HELP_STRING([--disable-self-test],[disable the self-test of the crypto library (default is NO).]),
+ [if test x$enableval = xyes; then
+ self_test=true
+ else
+ self_test=false
+ fi],
+ self_test=true
)
-AM_CONDITIONAL(USE_SELF_TEST, test x$self_test = xtrue)
AC_ARG_ENABLE(
- [pluto],
- AS_HELP_STRING([--disable-pluto],[disable the IKEv1 keying daemon pluto. (default is NO).]),
- [if test x$enableval = xyes; then
- pluto=true
- else
- pluto=false
- fi],
- pluto=true
+ [pluto],
+ AS_HELP_STRING([--disable-pluto],[disable the IKEv1 keying daemon pluto. (default is NO).]),
+ [if test x$enableval = xyes; then
+ pluto=true
+ else
+ pluto=false
+ fi],
+ pluto=true
)
-AM_CONDITIONAL(USE_PLUTO, test x$pluto = xtrue)
AC_ARG_ENABLE(
- [charon],
- AS_HELP_STRING([--disable-charon],[disable the IKEv2 keying daemon charon. (default is NO).]),
- [if test x$enableval = xyes; then
- charon=true
- else
- charon=false
- fi],
- charon=true
+ [charon],
+ AS_HELP_STRING([--disable-charon],[disable the IKEv2 keying daemon charon. (default is NO).]),
+ [if test x$enableval = xyes; then
+ charon=true
+ else
+ charon=false
+ fi],
+ charon=true
)
-AM_CONDITIONAL(USE_CHARON, test x$charon = xtrue)
AC_ARG_ENABLE(
- [tools],
- AS_HELP_STRING([--disable-tools],[disable additional utilities (openac and scepclient). (default is NO).]),
- [if test x$enableval = xyes; then
- tools=true
- else
- tools=false
- fi],
- tools=true
+ [tools],
+ AS_HELP_STRING([--disable-tools],[disable additional utilities (openac and scepclient). (default is NO).]),
+ [if test x$enableval = xyes; then
+ tools=true
+ else
+ tools=false
+ fi],
+ tools=true
)
-AM_CONDITIONAL(USE_TOOLS, test x$tools = xtrue)
-
-AM_CONDITIONAL(USE_PLUTO_OR_CHARON, test x$pluto = xtrue -o x$charon = xtrue)
-AM_CONDITIONAL(USE_LIBSTRONGSWAN, test x$charon = xtrue -o x$tools = xtrue)
-AM_CONDITIONAL(USE_FILE_CONFIG, test x$pluto = xtrue -o x$stroke = xtrue)
dnl =========================
dnl check required programs
AC_PATH_PROG([GPERF], [gperf], [], [$PATH:/bin:/usr/bin:/usr/local/bin])
AC_PATH_PROG([PERL], [perl], [], [$PATH:/bin:/usr/bin:/usr/local/bin])
-dnl ==========================
-dnl check required libraries
-dnl ==========================
+dnl =========================
+dnl dependency calculation
+dnl =========================
-AC_HAVE_LIBRARY(dl)
+if test x$pluto = xtrue; then
+ gmp=true;
+fi
+
+if test x$tools = xtrue; then
+ gmp=true;
+fi
+if test x$smp = xtrue; then
+ xml=true
+fi
+
+if test x$manager = xtrue; then
+ fast=true
+fi
+
+dnl ==========================================
+dnl check required libraries and header files
+dnl ==========================================
+
+AC_HAVE_LIBRARY(dl)
AC_CHECK_FUNCS(backtrace)
AC_CHECK_FUNCS(dladdr)
-AC_CHECK_FUNCS(getifaddrs)
-AC_HAVE_LIBRARY([gmp],[LIBS="$LIBS"],[AC_MSG_ERROR([GNU Multi Precision library gmp not found])])
-if test "$ldap" = "true"; then
- AC_HAVE_LIBRARY([ldap],[LIBS="$LIBS"],[AC_MSG_ERROR([LDAP enabled, but library ldap not found])])
- AC_HAVE_LIBRARY([lber],[LIBS="$LIBS"],[AC_MSG_ERROR([LDAP enabled, but library lber not found])])
+AC_MSG_CHECKING([capset() definition])
+AC_TRY_COMPILE(
+ [#include <linux/capset.h>],
+ [
+ void *test = capset;
+ ],
+ [AC_MSG_RESULT([yes])], [AC_MSG_RESULT([no]); AC_DEFINE_UNQUOTED(NO_CAPSET_DEFINED, 1)]
+)
+
+if test x$gmp = xtrue; then
+ AC_HAVE_LIBRARY([gmp],[LIBS="$LIBS"],[AC_MSG_ERROR([GNU Multi Precision library gmp not found])])
+ AC_MSG_CHECKING([gmp.h version >= 4.1.4])
+ AC_TRY_COMPILE(
+ [#include "gmp.h"],
+ [
+ #if (__GNU_MP_VERSION*100 + __GNU_MP_VERSION_MINOR*10 + __GNU_MP_VERSION_PATCHLEVEL) < 414
+ #error bad gmp
+ #endif
+ ],
+ [AC_MSG_RESULT([yes])], [AC_MSG_RESULT([no]); AC_MSG_ERROR([No usable gmp.h found!])]
+ )
fi
-if test "$curl" = "true"; then
- AC_HAVE_LIBRARY([curl],[LIBS="$LIBS"],[AC_MSG_ERROR([CURL enabled, but library curl not found])])
+
+if test x$ldap = xtrue; then
+ AC_HAVE_LIBRARY([ldap],[LIBS="$LIBS"],[AC_MSG_ERROR([LDAP library ldap not found])])
+ AC_HAVE_LIBRARY([lber],[LIBS="$LIBS"],[AC_MSG_ERROR([LDAP library lber not found])])
+ AC_CHECK_HEADER([ldap.h],,[AC_MSG_ERROR([LDAP header ldap.h not found!])])
fi
-if test "$xml" = "true"; then
+if test x$curl = xtrue; then
+ AC_HAVE_LIBRARY([curl],[LIBS="$LIBS"],[AC_MSG_ERROR([CURL library curl not found])])
+ AC_CHECK_HEADER([curl/curl.h],,[AC_MSG_ERROR([CURL header curl/curl.h not found!])])
+fi
+
+if test x$xml = xtrue; then
PKG_CHECK_MODULES(xml, [libxml-2.0],, AC_MSG_ERROR([No libxml2 package information found]))
AC_SUBST(xml_CFLAGS)
AC_SUBST(xml_LIBS)
fi
-if test "$dbus" = "true"; then
- PKG_CHECK_MODULES(dbus, [dbus-1],, AC_MSG_ERROR([No libdbus package information found]))
- AC_SUBST(dbus_CFLAGS)
- AC_SUBST(dbus_LIBS)
+if test x$fast = xtrue; then
+ AC_HAVE_LIBRARY([neo_cgi],[LIBS="$LIBS"],[AC_MSG_ERROR([ClearSilver library neo_cgi not found!])])
+ AC_HAVE_LIBRARY([neo_utl],[LIBS="$LIBS"],[AC_MSG_ERROR([ClearSilver library neo_utl not found!])])
+ AC_HAVE_LIBRARY([z],[LIBS="$LIBS"],[AC_MSG_ERROR([ClearSilver dependency zlib not found!])])
+dnl autoconf does not like CamelCase!? How to fix this?
+dnl AC_CHECK_HEADER([ClearSilver/ClearSilver.h],,[AC_MSG_ERROR([ClearSilver header file ClearSilver/ClearSilver.h not found!])])
+
+ AC_HAVE_LIBRARY([fcgi],[LIBS="$LIBS"],[AC_MSG_ERROR([FastCGI library fcgi not found!])])
+ AC_CHECK_HEADER([fcgiapp.h],,[AC_MSG_ERROR([FastCGI header file fcgiapp.h not found!])])
fi
+if test x$mysql = xtrue; then
+ AC_HAVE_LIBRARY([mysqlclient_r],[LIBS="$LIBS"],[AC_MSG_ERROR([MySQL library mysqlclient_r not found])])
+ AC_CHECK_HEADER([mysql/mysql.h],,[AC_MSG_ERROR([MySQL header mysql/mysql.h not found!])])
+fi
-dnl =============================
-dnl check required header files
-dnl =============================
+if test x$mysql = xtrue; then
+ AC_HAVE_LIBRARY([sqlite3],[LIBS="$LIBS"],[AC_MSG_ERROR([SQLite library sqlite3 not found])])
+ AC_CHECK_HEADER([sqlite3.h],,[AC_MSG_ERROR([SQLite header sqlite3.h not found!])])
+fi
+dnl =========================
+dnl set Makefile.am vars
+dnl =========================
-AC_MSG_CHECKING([gmp.h version >= 4.1.4])
-AC_TRY_COMPILE(
- [#include "gmp.h"],
- [
- #if (__GNU_MP_VERSION*100 + __GNU_MP_VERSION_MINOR*10 + __GNU_MP_VERSION_PATCHLEVEL) < 414
- #error bad gmp
- #endif
- ],
- [AC_MSG_RESULT([yes])], [AC_MSG_RESULT([no]); AC_MSG_ERROR([No usable gmp.h found!])]
-)
-AC_MSG_CHECKING([capset() definition])
-AC_TRY_COMPILE(
- [#include <linux/capset.h>],
- [
- void *test = capset;
- ],
- [AC_MSG_RESULT([yes])], [AC_MSG_RESULT([no]); AC_DEFINE_UNQUOTED(NO_CAPSET_DEFINED, 1)]
-)
-if test "$ldap" = "true"; then
- AC_CHECK_HEADER([ldap.h],,[AC_MSG_ERROR([LDAP enabled, but ldap.h not found!])])
-fi
-if test "$curl" = "true"; then
- AC_CHECK_HEADER([curl/curl.h],,[AC_MSG_ERROR([CURL enabled, but curl.h not found!])])
-fi
+AM_CONDITIONAL(USE_CURL, test x$curl = xtrue)
+AM_CONDITIONAL(USE_LDAP, test x$ldap = xtrue)
+AM_CONDITIONAL(USE_AES, test x$aes = xtrue)
+AM_CONDITIONAL(USE_DES, test x$des = xtrue)
+AM_CONDITIONAL(USE_MD5, test x$md5 = xtrue)
+AM_CONDITIONAL(USE_SHA1, test x$sha1 = xtrue)
+AM_CONDITIONAL(USE_SHA2, test x$sha2 = xtrue)
+AM_CONDITIONAL(USE_FIPS_PRF, test x$fips_prf = xtrue)
+AM_CONDITIONAL(USE_GMP, test x$gmp = xtrue)
+AM_CONDITIONAL(USE_X509, test x$x509 = xtrue)
+AM_CONDITIONAL(USE_HMAC, test x$hmac = xtrue)
+AM_CONDITIONAL(USE_MYSQL, test x$mysql = xtrue)
+AM_CONDITIONAL(USE_SQLITE, test x$sqlite = xtrue)
+AM_CONDITIONAL(USE_STROKE, test x$stroke = xtrue)
+AM_CONDITIONAL(USE_MED_DB, test x$med_db = xtrue)
+AM_CONDITIONAL(USE_SMP, test x$smp = xtrue)
+AM_CONDITIONAL(USE_SQL, test x$sql = xtrue)
+AM_CONDITIONAL(USE_SMARTCARD, test x$smartcard = xtrue)
+AM_CONDITIONAL(USE_CISCO_QUIRKS, test x$cisco_quirks = xtrue)
+AM_CONDITIONAL(USE_LEAK_DETECTIVE, test x$leak_detective = xtrue)
+AM_CONDITIONAL(USE_UNIT_TESTS, test x$unittest = xtrue)
+AM_CONDITIONAL(USE_EAP_SIM, test x$eap_sim = xtrue)
+AM_CONDITIONAL(USE_EAP_IDENTITY, test x$eap_identity = xtrue)
+AM_CONDITIONAL(USE_EAP_MD5, test x$eap_md5 = xtrue)
+AM_CONDITIONAL(USE_EAP_AKA, test x$eap_aka = xtrue)
+AM_CONDITIONAL(USE_NAT_TRANSPORT, test x$nat_transport = xtrue)
+AM_CONDITIONAL(USE_VENDORID, test x$vendor_id = xtrue)
+AM_CONDITIONAL(USE_XAUTH_VID, test x$xauth_vid = xtrue)
+AM_CONDITIONAL(USE_DUMM, test x$dumm = xtrue)
+AM_CONDITIONAL(USE_FAST, test x$fast = xtrue)
+AM_CONDITIONAL(USE_MANAGER, test x$manager = xtrue)
+AM_CONDITIONAL(USE_ME, test x$me = xtrue)
+AM_CONDITIONAL(USE_INTEGRITY_TEST, test x$integrity_test = xtrue)
+AM_CONDITIONAL(USE_SELF_TEST, test x$self_test = xtrue)
+AM_CONDITIONAL(USE_PLUTO, test x$pluto = xtrue)
+AM_CONDITIONAL(USE_CHARON, test x$charon = xtrue)
+AM_CONDITIONAL(USE_TOOLS, test x$tools = xtrue)
+AM_CONDITIONAL(USE_PLUTO_OR_CHARON, test x$pluto = xtrue -o x$charon = xtrue)
+AM_CONDITIONAL(USE_LIBSTRONGSWAN, test x$charon = xtrue -o x$tools = xtrue)
+AM_CONDITIONAL(USE_FILE_CONFIG, test x$pluto = xtrue -o x$stroke = xtrue)
dnl ==============================
dnl build Makefiles
src/charon/plugins/eap_md5/Makefile
src/charon/plugins/eap_sim/Makefile
src/charon/plugins/dbus/Makefile
- src/charon/plugins/xml/Makefile
+ src/charon/plugins/smp/Makefile
src/charon/plugins/sql/Makefile
src/charon/plugins/med_db/Makefile
src/charon/plugins/stroke/Makefile
SUBDIRS += openac scepclient
endif
-if USE_UML
+if USE_DUMM
SUBDIRS += dumm
endif
credentials/sets/cert_cache.c credentials/sets/cert_cache.h \
credentials/credential_set.h
+INCLUDES = -I${linuxdir} -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon
+AM_CFLAGS = -rdynamic -DIPSEC_DIR=\"${ipsecdir}\" \
+ -DIPSEC_PIDDIR=\"${piddir}\" -DIPSEC_PLUGINDIR=\"${plugindir}\"
+charon_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la -lpthread -lm -ldl
+
+# compile options
+#################
+
# Use RAW socket if pluto gets built
if USE_PLUTO
charon_SOURCES += network/socket-raw.c
endif
if USE_ME
+ AM_CFLAGS += -DME
charon_SOURCES += encoding/payloads/endpoint_notify.c encoding/payloads/endpoint_notify.h \
processing/jobs/initiate_mediation_job.c processing/jobs/initiate_mediation_job.h \
processing/jobs/mediation_job.c processing/jobs/mediation_job.h \
sa/tasks/ike_me.c sa/tasks/ike_me.h
endif
-INCLUDES = -I${linuxdir} -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon
-AM_CFLAGS = -rdynamic -DIPSEC_DIR=\"${ipsecdir}\" \
- -DIPSEC_PIDDIR=\"${piddir}\" -DIPSEC_PLUGINDIR=\"${plugindir}\"
-charon_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la -lpthread -lm -ldl
+if USE_INTEGRITY_TEST
+ AM_CFLAGS += -DINTEGRITY_TEST
+endif
+
+if USE_SELF_TEST
+ AM_CFLAGS += -DSELF_TEST
+endif
# build optional plugins
########################
SUBDIRS += plugins/stroke
endif
-if USE_LIBDBUS
- SUBDIRS += plugins/dbus
-endif
-
-if USE_LIBXML
- SUBDIRS += plugins/xml
+if USE_SMP
+ SUBDIRS += plugins/smp
endif
if USE_SQL
--- /dev/null
+
+INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon ${xml_CFLAGS}
+
+AM_CFLAGS = -rdynamic -DIPSEC_PIDDIR=\"${piddir}\"
+
+plugin_LTLIBRARIES = libcharon-smp.la
+libcharon_smp_la_SOURCES = smp.h smp.c
+libcharon_smp_la_LDFLAGS = -module
+libcharon_smp_la_LIBADD = ${xml_LIBS}
+
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+
+<!-- strongSwan Managment Protocol (SMP) V1.0 -->
+
+<!--
+ Copyright (C) 2007 Martin Willi
+ Copyright (C) 2006 Andreas Eigenmann, Joël Stillhart
+ Hochschule fuer Technik Rapperswil
+
+ This program is free software; you can redistribute it and/or modify it
+ under the terms of the GNU General Public License as published by the
+ Free Software Foundation; either version 2 of the License, or (at your
+ option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+
+ This program is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ for more details.
+-->
+
+<grammar xmlns="http://relaxng.org/ns/structure/1.0"
+ datatypeLibrary="http://www.w3.org/2001/XMLSchema-datatypes"
+ ns="http://www.strongswan.org/smp/1.0">
+ <!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -->
+ <!-- Message -->
+ <!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -->
+ <start>
+ <element name="message">
+ <choice>
+ <group>
+ <attribute name="type">
+ <value>request</value>
+ </attribute>
+ <optional>
+ <element name="query">
+ <optional>
+ <ref name="QueryRequestIkesa"/>
+ </optional>
+ <optional>
+ <ref name="QueryRequestConfig"/>
+ </optional>
+ <!-- others -->
+ </element>
+ </optional>
+ <optional>
+ <element name="control">
+ <optional>
+ <ref name="ControlRequestIkeTerminate"/>
+ </optional>
+ <optional>
+ <ref name="ControlRequestChildTerminate"/>
+ </optional>
+ <optional>
+ <ref name="ControlRequestIkeInitiate"/>
+ </optional>
+ <optional>
+ <ref name="ControlRequestChildInitiate"/>
+ </optional>
+ <!-- others -->
+ </element>
+ </optional>
+ <!-- others -->
+ </group>
+ <group>
+ <attribute name="type">
+ <value>response</value>
+ </attribute>
+ <choice>
+ <element name="error">
+ <attribute name="code">
+ <data type="nonNegativeInteger"/>
+ </attribute>
+ <data type="string"/>
+ </element>
+ <group>
+ <optional>
+ <element name="query">
+ <optional>
+ <ref name="QueryResponseIkesa"/>
+ </optional>
+ <optional>
+ <ref name="QueryResponseConfig"/>
+ </optional>
+ <!-- others -->
+ </element>
+ </optional>
+ <optional>
+ <element name="control">
+ <optional>
+ <ref name="ControlResponse"/>
+ </optional>
+ <!-- others -->
+ </element>
+ </optional>
+ <!-- others -->
+ </group>
+ </choice>
+ </group>
+ </choice>
+ </element>
+ </start>
+ <!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -->
+ <!-- Query -->
+ <!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -->
+ <define name="QueryRequestIkesa">
+ <element name="ikesalist">
+ <empty/>
+ </element>
+ </define>
+ <define name="QueryResponseIkesa">
+ <element name="ikesalist">
+ <zeroOrMore>
+ <element name="ikesa">
+ <element name="id">
+ <data type="positiveInteger"/>
+ </element>
+ <element name="status">
+ <choice>
+ <value type="string">created</value>
+ <value type="string">connecting</value>
+ <value type="string">established</value>
+ <value type="string">rekeying</value>
+ <value type="string">deleting</value>
+ </choice>
+ </element>
+ <element name="role">
+ <choice>
+ <value type="string">initiator</value>
+ <value type="string">responder</value>
+ </choice>
+ </element>
+ <element name="peerconfig">
+ <data type="string"/>
+ </element>
+ <element name="lifetime">
+ <data type="integer"/>
+ </element>
+ <element name="rekeytime">
+ <data type="integer"/>
+ </element>
+ <element name="local">
+ <ref name="ikeEnd"/>
+ </element>
+ <element name="remote">
+ <ref name="ikeEnd"/>
+ </element>
+ <element name="childsalist">
+ <zeroOrMore>
+ <element name="childsa">
+ <ref name="childsa"/>
+ </element>
+ </zeroOrMore>
+ </element>
+ </element>
+ </zeroOrMore>
+ </element>
+ </define>
+ <define name="ikeEnd">
+ <element name="spi">
+ <data type="hexBinary" />
+ </element>
+ <element name="identification">
+ <ref name="identification"/>
+ </element>
+ <element name="address">
+ <ref name="address"/>
+ </element>
+ <element name="port">
+ <data type="nonNegativeInteger">
+ <param name="maxInclusive">65535</param>
+ </data>
+ </element>
+ <optional>
+ <element name="nat">
+ <data type="boolean"/>
+ </element>
+ </optional>
+ </define>
+ <define name="childsa">
+ <element name="reqid">
+ <data type="nonNegativeInteger"/>
+ </element>
+ <element name="lifetime">
+ <data type="integer"/>
+ </element>
+ <element name="rekeytime">
+ <data type="integer"/>
+ </element>
+ <element name="local">
+ <ref name="childEnd"/>
+ </element>
+ <element name="remote">
+ <ref name="childEnd"/>
+ </element>
+ </define>
+ <define name="childEnd">
+ <element name="spi">
+ <element name="networks">
+ <ref name="networks">
+ </element>
+ </define>
+ <define name="QueryRequestConfig">
+ <element name="configlist">
+ <empty/>
+ </element>
+ </define>
+ <define name="QueryResponseConfig">
+ <element name="configlist">
+ <zeroOrMore>
+ <element name="peerconfig">
+ <element name="name">
+ <data type="string"/>
+ </element>
+ <element name="local">
+ <ref name="identification"/>
+ </element>
+ <element name="remote">
+ <ref name="identification"/>
+ </element>
+ <element name="ikeconfig">
+ <ref name="ikeconfig"/>
+ </element>
+ <element name="childconfiglist">
+ <zeroOrMore>
+ <element name="childconfig">
+ <ref name="childconfig"/>
+ </element>
+ </zeroOrMore>
+ </element>
+ </element>
+ </zeroOrMore>
+ </element>
+ </define>
+ <define name="ikeconfig">
+ <element name="local">
+ <ref name="address"/>
+ </element>
+ <element name="remote">
+ <ref name="address"/>
+ </element>
+ </define>
+ <define name="childconfig">
+ <element name="name">
+ <data type="string"/>
+ </element>
+ <element name="local">
+ <ref name="networks">
+ </element>
+ <element name="remote">
+ <ref name="networks">
+ </element>
+ </define>
+ <!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -->
+ <!-- Control -->
+ <!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -->
+ <define name="ControlRequestIkeTerminate">
+ <element name="ikesaterminate">
+ <data type="positiveInteger"/>
+ </element>
+ </define>
+ <define name="ControlRequestChildTerminate">
+ <element name="childsaterminate">
+ <data type="positiveInteger"/>
+ </element>
+ </define>
+ <define name="ControlRequestIkeInitiate">
+ <element name="ikesainitiate">
+ <data type="string"/>
+ </element>
+ </define>
+ <define name="ControlRequestChildInitiate">
+ <element name="childsainitiate">
+ <data type="string"/>
+ </element>
+ </define>
+ <define name="QueryResponse">
+ <element name="status">
+ <data type="nonNegativeInteger"/>
+ </element>
+ <element name="log">
+ <zeroOrMore>
+ <element name="item">
+ <attribute name="level">
+ <data type="nonNegativeInteger">
+ </attribute>
+ <attribute name="thread">
+ <data type="nonNegativeInteger">
+ </attribute>
+ <attribute name="source">
+ <data type="string">
+ </attribute>
+ <data type="string"/>
+ <element>
+ </zeroOrMore>
+ </element>
+ </define>
+ <!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -->
+ <!-- identification and address -->
+ <!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -->
+ <define name="identification">
+ <choice>
+ <group>
+ <attribute name="type">
+ <value>any</value>
+ </attribute>
+ <empty/>
+ </group>
+ <group>
+ <attribute name="type">
+ <value>ipv4</value>
+ </attribute>
+ <ref name="ipv4"/>
+ </group>
+ <group>
+ <attribute name="type">
+ <value>ipv6</value>
+ </attribute>
+ <ref name="ipv6"/>
+ </group>
+ <group>
+ <attribute name="type">
+ <value>fqdn</value>
+ </attribute>
+ <ref name="fqdn"/>
+ </group>
+ <group>
+ <attribute name="type">
+ <value>email</value>
+ </attribute>
+ <ref name="email"/>
+ </group>
+ <group>
+ <attribute name="type">
+ <value>asn1gn</value>
+ </attribute>
+ <data type="string"/>
+ </group>
+ <group>
+ <attribute name="type">
+ <value>asn1dn</value>
+ </attribute>
+ <data type="string"/>
+ </group>
+ <group>
+ <attribute name="type">
+ <value>keyid</value>
+ </attribute>
+ <data type="base64Binary"/>
+ </group>
+ </choice>
+ </define>
+ <define name="address">
+ <choice>
+ <group>
+ <attribute name="type">
+ <value>ipv4</value>
+ </attribute>
+ <ref name="ipv4"/>
+ </group>
+ <group>
+ <attribute name="type">
+ <value>ipv6</value>
+ </attribute>
+ <ref name="ipv6"/>
+ </group>
+ </choice>
+ </define>
+ <define name="ipv4">
+ <data type="string">
+ <param name="pattern">(([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))?</param>
+ </data>
+ </define>
+ <define name="ipv6">
+ <data type="string">
+ <param name="pattern">([0-9a-fA-F]{1,4}:|:){1,7}([0-9a-fA-F]{1,4}|:)(/([0-9]|[1-9][0-9]|1[0-1][0-9]|12[0-8]))?</param>
+ </data>
+ </define>
+ <define name="fqdn">
+ <data type="string">
+ <param name="pattern">[a-z0-9\-](\.[a-z0-9\-]+)*</param>
+ </data>
+ </define>
+ <define name="email">
+ <data type="string">
+ <param name="pattern">[a-zA-Z0-9_\-\.]+@(([a-z0-9\-](\.[a-z0-9\-]+)*)|(([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5]))</param>
+ </data>
+ </define>
+ <define name="networks">
+ <zeroOrMore>
+ <element name="network">
+ <optional>
+ <attribute name="protocol"/>
+ </optional>
+ <optional>
+ <attribute name="port"/>
+ </optional>
+ </element>
+ </zeroOrMore>
+ </define>
+</grammar>
--- /dev/null
+/*
+ * Copyright (C) 2007 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ *
+ * $Id$
+ */
+
+#include <stdlib.h>
+
+#include "smp.h"
+
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <sys/socket.h>
+#include <sys/un.h>
+#include <unistd.h>
+#include <errno.h>
+#include <pthread.h>
+#include <signal.h>
+#include <libxml/xmlreader.h>
+#include <libxml/xmlwriter.h>
+
+#include <library.h>
+#include <daemon.h>
+#include <processing/jobs/callback_job.h>
+
+
+typedef struct private_smp_t private_smp_t;
+
+/**
+ * Private data of an smp_t object.
+ */
+struct private_smp_t {
+
+ /**
+ * Public part of smp_t object.
+ */
+ smp_t public;
+
+ /**
+ * XML unix socket fd
+ */
+ int socket;
+
+ /**
+ * job accepting stroke messages
+ */
+ callback_job_t *job;
+};
+
+ENUM(ike_sa_state_lower_names, IKE_CREATED, IKE_DELETING,
+ "created",
+ "connecting",
+ "established",
+ "rekeying",
+ "deleting",
+);
+
+/**
+ * write a bool into element
+ */
+static void write_bool(xmlTextWriterPtr writer, char *element, bool val)
+{
+ xmlTextWriterWriteElement(writer, element, val ? "true" : "false");
+}
+
+/**
+ * write a identification_t into element
+ */
+static void write_id(xmlTextWriterPtr writer, char *element, identification_t *id)
+{
+ xmlTextWriterStartElement(writer, element);
+ switch (id->get_type(id))
+ {
+ {
+ char *type = "";
+ while (TRUE)
+ {
+ case ID_ANY:
+ type = "any";
+ break;
+ case ID_IPV4_ADDR:
+ type = "ipv4";
+ break;
+ case ID_IPV6_ADDR:
+ type = "ipv6";
+ break;
+ case ID_FQDN:
+ type = "fqdn";
+ break;
+ case ID_RFC822_ADDR:
+ type = "email";
+ break;
+ case ID_DER_ASN1_DN:
+ type = "asn1dn";
+ break;
+ case ID_DER_ASN1_GN:
+ type = "asn1gn";
+ break;
+ }
+ xmlTextWriterWriteAttribute(writer, "type", type);
+ xmlTextWriterWriteFormatString(writer, "%D", id);
+ break;
+ }
+ default:
+ /* TODO: base64 keyid */
+ xmlTextWriterWriteAttribute(writer, "type", "keyid");
+ break;
+ }
+ xmlTextWriterEndElement(writer);
+}
+
+/**
+ * write a host_t address into an element
+ */
+static void write_address(xmlTextWriterPtr writer, char *element, host_t *host)
+{
+ xmlTextWriterStartElement(writer, element);
+ xmlTextWriterWriteAttribute(writer, "type",
+ host->get_family(host) == AF_INET ? "ipv4" : "ipv6");
+ if (host->is_anyaddr(host))
+ { /* do not use %any for XML */
+ xmlTextWriterWriteFormatString(writer, "%s",
+ host->get_family(host) == AF_INET ? "0.0.0.0" : "::");
+ }
+ else
+ {
+ xmlTextWriterWriteFormatString(writer, "%H", host);
+ }
+ xmlTextWriterEndElement(writer);
+}
+
+/**
+ * write networks element
+ */
+static void write_networks(xmlTextWriterPtr writer, char *element,
+ linked_list_t *list)
+{
+ iterator_t *iterator;
+ traffic_selector_t *ts;
+
+ xmlTextWriterStartElement(writer, element);
+ iterator = list->create_iterator(list, TRUE);
+ while (iterator->iterate(iterator, (void**)&ts))
+ {
+ xmlTextWriterStartElement(writer, "network");
+ xmlTextWriterWriteAttribute(writer, "type",
+ ts->get_type(ts) == TS_IPV4_ADDR_RANGE ? "ipv4" : "ipv6");
+ xmlTextWriterWriteFormatString(writer, "%R", ts);
+ xmlTextWriterEndElement(writer);
+ }
+ iterator->destroy(iterator);
+ xmlTextWriterEndElement(writer);
+}
+
+/**
+ * write a childEnd
+ */
+static void write_childend(xmlTextWriterPtr writer, child_sa_t *child, bool local)
+{
+ linked_list_t *list;
+
+ xmlTextWriterWriteFormatElement(writer, "spi", "%lx",
+ htonl(child->get_spi(child, local)));
+ list = child->get_traffic_selectors(child, local);
+ write_networks(writer, "networks", list);
+}
+
+/**
+ * write a child_sa_t
+ */
+static void write_child(xmlTextWriterPtr writer, child_sa_t *child)
+{
+ mode_t mode;
+ encryption_algorithm_t encr;
+ integrity_algorithm_t int_algo;
+ size_t encr_len, int_len;
+ u_int32_t rekey, use_in, use_out, use_fwd;
+ child_cfg_t *config;
+
+ config = child->get_config(child);
+ child->get_stats(child, &mode, &encr, &encr_len, &int_algo, &int_len,
+ &rekey, &use_in, &use_out, &use_fwd);
+
+ xmlTextWriterStartElement(writer, "childsa");
+ xmlTextWriterWriteFormatElement(writer, "reqid", "%d", child->get_reqid(child));
+ xmlTextWriterWriteFormatElement(writer, "childconfig", "%s",
+ config->get_name(config));
+ xmlTextWriterStartElement(writer, "local");
+ write_childend(writer, child, TRUE);
+ xmlTextWriterEndElement(writer);
+ xmlTextWriterStartElement(writer, "remote");
+ write_childend(writer, child, FALSE);
+ xmlTextWriterEndElement(writer);
+ xmlTextWriterEndElement(writer);
+}
+
+/**
+ * process a ikesalist query request message
+ */
+static void request_query_ikesa(xmlTextReaderPtr reader, xmlTextWriterPtr writer)
+{
+ iterator_t *iterator;
+ ike_sa_t *ike_sa;
+
+ /* <ikesalist> */
+ xmlTextWriterStartElement(writer, "ikesalist");
+
+ iterator = charon->ike_sa_manager->create_iterator(charon->ike_sa_manager);
+ while (iterator->iterate(iterator, (void**)&ike_sa))
+ {
+ ike_sa_id_t *id;
+ host_t *local, *remote;
+ iterator_t *children;
+ child_sa_t *child_sa;
+
+ id = ike_sa->get_id(ike_sa);
+
+ xmlTextWriterStartElement(writer, "ikesa");
+ xmlTextWriterWriteFormatElement(writer, "id", "%d",
+ ike_sa->get_unique_id(ike_sa));
+ xmlTextWriterWriteFormatElement(writer, "status", "%N",
+ ike_sa_state_lower_names, ike_sa->get_state(ike_sa));
+ xmlTextWriterWriteElement(writer, "role",
+ id->is_initiator(id) ? "initiator" : "responder");
+ xmlTextWriterWriteElement(writer, "peerconfig", ike_sa->get_name(ike_sa));
+
+ /* <local> */
+ local = ike_sa->get_my_host(ike_sa);
+ xmlTextWriterStartElement(writer, "local");
+ xmlTextWriterWriteFormatElement(writer, "spi", "%.16llx",
+ id->is_initiator(id) ? id->get_initiator_spi(id)
+ : id->get_responder_spi(id));
+ write_id(writer, "identification", ike_sa->get_my_id(ike_sa));
+ write_address(writer, "address", local);
+ xmlTextWriterWriteFormatElement(writer, "port", "%d",
+ local->get_port(local));
+ if (ike_sa->supports_extension(ike_sa, EXT_NATT))
+ {
+ write_bool(writer, "nat", ike_sa->has_condition(ike_sa, COND_NAT_HERE));
+ }
+ xmlTextWriterEndElement(writer);
+ /* </local> */
+
+ /* <remote> */
+ remote = ike_sa->get_other_host(ike_sa);
+ xmlTextWriterStartElement(writer, "remote");
+ xmlTextWriterWriteFormatElement(writer, "spi", "%.16llx",
+ id->is_initiator(id) ? id->get_responder_spi(id)
+ : id->get_initiator_spi(id));
+ write_id(writer, "identification", ike_sa->get_other_id(ike_sa));
+ write_address(writer, "address", remote);
+ xmlTextWriterWriteFormatElement(writer, "port", "%d",
+ remote->get_port(remote));
+ if (ike_sa->supports_extension(ike_sa, EXT_NATT))
+ {
+ write_bool(writer, "nat", ike_sa->has_condition(ike_sa, COND_NAT_THERE));
+ }
+ xmlTextWriterEndElement(writer);
+ /* </remote> */
+
+ /* <childsalist> */
+ xmlTextWriterStartElement(writer, "childsalist");
+ children = ike_sa->create_child_sa_iterator(ike_sa);
+ while (children->iterate(children, (void**)&child_sa))
+ {
+ write_child(writer, child_sa);
+ }
+ children->destroy(children);
+ /* </childsalist> */
+ xmlTextWriterEndElement(writer);
+
+ /* </ikesa> */
+ xmlTextWriterEndElement(writer);
+ }
+ iterator->destroy(iterator);
+
+ /* </ikesalist> */
+ xmlTextWriterEndElement(writer);
+}
+
+/**
+ * process a configlist query request message
+ */
+static void request_query_config(xmlTextReaderPtr reader, xmlTextWriterPtr writer)
+{
+ enumerator_t *enumerator;
+ peer_cfg_t *peer_cfg;
+
+ /* <configlist> */
+ xmlTextWriterStartElement(writer, "configlist");
+
+ enumerator = charon->backends->create_peer_cfg_enumerator(charon->backends);
+ while (enumerator->enumerate(enumerator, (void**)&peer_cfg))
+ {
+ enumerator_t *children;
+ child_cfg_t *child_cfg;
+ ike_cfg_t *ike_cfg;
+ linked_list_t *list;
+
+ if (peer_cfg->get_ike_version(peer_cfg) != 2)
+ { /* only IKEv2 connections yet */
+ continue;
+ }
+
+ /* <peerconfig> */
+ xmlTextWriterStartElement(writer, "peerconfig");
+ xmlTextWriterWriteElement(writer, "name", peer_cfg->get_name(peer_cfg));
+ write_id(writer, "local", peer_cfg->get_my_id(peer_cfg));
+ write_id(writer, "remote", peer_cfg->get_other_id(peer_cfg));
+
+ /* <ikeconfig> */
+ ike_cfg = peer_cfg->get_ike_cfg(peer_cfg);
+ xmlTextWriterStartElement(writer, "ikeconfig");
+ write_address(writer, "local", ike_cfg->get_my_host(ike_cfg));
+ write_address(writer, "remote", ike_cfg->get_other_host(ike_cfg));
+ xmlTextWriterEndElement(writer);
+ /* </ikeconfig> */
+
+ /* <childconfiglist> */
+ xmlTextWriterStartElement(writer, "childconfiglist");
+ children = peer_cfg->create_child_cfg_enumerator(peer_cfg);
+ while (children->enumerate(children, &child_cfg))
+ {
+ /* <childconfig> */
+ xmlTextWriterStartElement(writer, "childconfig");
+ xmlTextWriterWriteElement(writer, "name",
+ child_cfg->get_name(child_cfg));
+ list = child_cfg->get_traffic_selectors(child_cfg, TRUE, NULL, NULL);
+ write_networks(writer, "local", list);
+ list->destroy_offset(list, offsetof(traffic_selector_t, destroy));
+ list = child_cfg->get_traffic_selectors(child_cfg, FALSE, NULL, NULL);
+ write_networks(writer, "remote", list);
+ list->destroy_offset(list, offsetof(traffic_selector_t, destroy));
+ xmlTextWriterEndElement(writer);
+ /* </childconfig> */
+ }
+ children->destroy(children);
+ /* </childconfiglist> */
+ xmlTextWriterEndElement(writer);
+ /* </peerconfig> */
+ xmlTextWriterEndElement(writer);
+ }
+ enumerator->destroy(enumerator);
+ /* </configlist> */
+ xmlTextWriterEndElement(writer);
+}
+
+/**
+ * callback which logs to a XML writer
+ */
+static bool xml_callback(xmlTextWriterPtr writer, signal_t signal, level_t level,
+ ike_sa_t* ike_sa, char* format, va_list args)
+{
+ if (level <= 1)
+ {
+ /* <item> */
+ xmlTextWriterStartElement(writer, "item");
+ xmlTextWriterWriteFormatAttribute(writer, "level", "%d", level);
+ xmlTextWriterWriteFormatAttribute(writer, "source", "%N", signal_names, signal);
+ xmlTextWriterWriteFormatAttribute(writer, "thread", "%u", pthread_self());
+ xmlTextWriterWriteVFormatString(writer, format, args);
+ xmlTextWriterEndElement(writer);
+ /* </item> */
+ }
+ return TRUE;
+}
+
+/**
+ * process a *terminate control request message
+ */
+static void request_control_terminate(xmlTextReaderPtr reader,
+ xmlTextWriterPtr writer, bool ike)
+{
+ if (xmlTextReaderRead(reader) &&
+ xmlTextReaderNodeType(reader) == XML_READER_TYPE_TEXT)
+ {
+ const char *str;
+ u_int32_t id;
+ status_t status;
+
+ str = xmlTextReaderConstValue(reader);
+ if (str == NULL || !(id = atoi(str)))
+ {
+ DBG1(DBG_CFG, "error parsing XML id string");
+ return;
+ }
+ DBG1(DBG_CFG, "terminating %s_SA %d", ike ? "IKE" : "CHILD", id);
+
+ /* <log> */
+ xmlTextWriterStartElement(writer, "log");
+ if (ike)
+ {
+ status = charon->controller->terminate_ike(
+ charon->controller, id,
+ (controller_cb_t)xml_callback, writer);
+ }
+ else
+ {
+ status = charon->controller->terminate_child(
+ charon->controller, id,
+ (controller_cb_t)xml_callback, writer);
+ }
+ /* </log> */
+ xmlTextWriterEndElement(writer);
+ xmlTextWriterWriteFormatElement(writer, "status", "%d", status);
+ }
+}
+
+/**
+ * process a *initiate control request message
+ */
+static void request_control_initiate(xmlTextReaderPtr reader,
+ xmlTextWriterPtr writer, bool ike)
+{
+ if (xmlTextReaderRead(reader) &&
+ xmlTextReaderNodeType(reader) == XML_READER_TYPE_TEXT)
+ {
+ const char *str;
+ status_t status = FAILED;
+ peer_cfg_t *peer;
+ child_cfg_t *child = NULL;
+ enumerator_t *enumerator;
+
+ str = xmlTextReaderConstValue(reader);
+ if (str == NULL)
+ {
+ DBG1(DBG_CFG, "error parsing XML config name string");
+ return;
+ }
+ DBG1(DBG_CFG, "initiating %s_SA %s", ike ? "IKE" : "CHILD", str);
+
+ /* <log> */
+ xmlTextWriterStartElement(writer, "log");
+ peer = charon->backends->get_peer_cfg_by_name(charon->backends, (char*)str);
+ if (peer)
+ {
+ enumerator = peer->create_child_cfg_enumerator(peer);
+ if (ike)
+ {
+ if (!enumerator->enumerate(enumerator, &child))
+ {
+ child = NULL;
+ }
+ child->get_ref(child);
+ }
+ else
+ {
+ while (enumerator->enumerate(enumerator, &child))
+ {
+ if (streq(child->get_name(child), str))
+ {
+ child->get_ref(child);
+ break;
+ }
+ child = NULL;
+ }
+ }
+ enumerator->destroy(enumerator);
+ if (child)
+ {
+ status = charon->controller->initiate(charon->controller,
+ peer, child, (controller_cb_t)xml_callback,
+ writer);
+ }
+ else
+ {
+ peer->destroy(peer);
+ }
+ }
+ /* </log> */
+ xmlTextWriterEndElement(writer);
+ xmlTextWriterWriteFormatElement(writer, "status", "%d", status);
+ }
+}
+
+/**
+ * process a query request
+ */
+static void request_query(xmlTextReaderPtr reader, xmlTextWriterPtr writer)
+{
+ /* <query> */
+ xmlTextWriterStartElement(writer, "query");
+ while (xmlTextReaderRead(reader))
+ {
+ if (xmlTextReaderNodeType(reader) == XML_READER_TYPE_ELEMENT)
+ {
+ if (streq(xmlTextReaderConstName(reader), "ikesalist"))
+ {
+ request_query_ikesa(reader, writer);
+ break;
+ }
+ if (streq(xmlTextReaderConstName(reader), "configlist"))
+ {
+ request_query_config(reader, writer);
+ break;
+ }
+ }
+ }
+ /* </query> */
+ xmlTextWriterEndElement(writer);
+}
+
+/**
+ * process a control request
+ */
+static void request_control(xmlTextReaderPtr reader, xmlTextWriterPtr writer)
+{
+ /* <control> */
+ xmlTextWriterStartElement(writer, "control");
+ while (xmlTextReaderRead(reader))
+ {
+ if (xmlTextReaderNodeType(reader) == XML_READER_TYPE_ELEMENT)
+ {
+ if (streq(xmlTextReaderConstName(reader), "ikesaterminate"))
+ {
+ request_control_terminate(reader, writer, TRUE);
+ break;
+ }
+ if (streq(xmlTextReaderConstName(reader), "childsaterminate"))
+ {
+ request_control_terminate(reader, writer, FALSE);
+ break;
+ }
+ if (streq(xmlTextReaderConstName(reader), "ikesainitiate"))
+ {
+ request_control_initiate(reader, writer, TRUE);
+ break;
+ }
+ if (streq(xmlTextReaderConstName(reader), "childsainitiate"))
+ {
+ request_control_initiate(reader, writer, FALSE);
+ break;
+ }
+ }
+ }
+ /* </control> */
+ xmlTextWriterEndElement(writer);
+}
+
+/**
+ * process a request message
+ */
+static void request(xmlTextReaderPtr reader, char *id, int fd)
+{
+ xmlTextWriterPtr writer;
+
+ writer = xmlNewTextWriter(xmlOutputBufferCreateFd(fd, NULL));
+ if (writer == NULL)
+ {
+ DBG1(DBG_CFG, "opening SMP XML writer failed");
+ return;
+ }
+
+ xmlTextWriterStartDocument(writer, NULL, NULL, NULL);
+ /* <message xmlns="http://www.strongswan.org/smp/1.0"
+ id="id" type="response"> */
+ xmlTextWriterStartElement(writer, "message");
+ xmlTextWriterWriteAttribute(writer, "xmlns",
+ "http://www.strongswan.org/smp/1.0");
+ xmlTextWriterWriteAttribute(writer, "id", id);
+ xmlTextWriterWriteAttribute(writer, "type", "response");
+
+ while (xmlTextReaderRead(reader))
+ {
+ if (xmlTextReaderNodeType(reader) == XML_READER_TYPE_ELEMENT)
+ {
+ if (streq(xmlTextReaderConstName(reader), "query"))
+ {
+ request_query(reader, writer);
+ break;
+ }
+ if (streq(xmlTextReaderConstName(reader), "control"))
+ {
+ request_control(reader, writer);
+ break;
+ }
+ }
+ }
+ /* </message> and close document */
+ xmlTextWriterEndDocument(writer);
+ xmlFreeTextWriter(writer);
+}
+
+/**
+ * cleanup helper function for open file descriptors
+ */
+static void closefdp(int *fd)
+{
+ close(*fd);
+}
+
+/**
+ * read from a opened connection and process it
+ */
+static job_requeue_t process(int *fdp)
+{
+ int oldstate, fd = *fdp;
+ char buffer[4096];
+ size_t len;
+ xmlTextReaderPtr reader;
+ char *id = NULL, *type = NULL;
+
+ pthread_cleanup_push((void*)closefdp, (void*)&fd);
+ pthread_setcancelstate(PTHREAD_CANCEL_ENABLE, &oldstate);
+ len = read(fd, buffer, sizeof(buffer));
+ pthread_setcancelstate(oldstate, NULL);
+ pthread_cleanup_pop(0);
+ if (len <= 0)
+ {
+ close(fd);
+ DBG2(DBG_CFG, "SMP XML connection closed");
+ return JOB_REQUEUE_NONE;
+ }
+ DBG3(DBG_CFG, "got XML request: %b", buffer, len);
+
+ reader = xmlReaderForMemory(buffer, len, NULL, NULL, 0);
+ if (reader == NULL)
+ {
+ DBG1(DBG_CFG, "opening SMP XML reader failed");
+ return JOB_REQUEUE_FAIR;;
+ }
+
+ /* read message type and id */
+ while (xmlTextReaderRead(reader))
+ {
+ if (xmlTextReaderNodeType(reader) == XML_READER_TYPE_ELEMENT &&
+ streq(xmlTextReaderConstName(reader), "message"))
+ {
+ id = xmlTextReaderGetAttribute(reader, "id");
+ type = xmlTextReaderGetAttribute(reader, "type");
+ break;
+ }
+ }
+
+ /* process message */
+ if (id && type)
+ {
+ if (streq(type, "request"))
+ {
+ request(reader, id, fd);
+ }
+ else
+ {
+ /* response(reader, id) */
+ }
+ }
+ xmlFreeTextReader(reader);
+ return JOB_REQUEUE_FAIR;;
+}
+
+/**
+ * accept from XML socket and create jobs to process connections
+ */
+static job_requeue_t dispatch(private_smp_t *this)
+{
+ struct sockaddr_un strokeaddr;
+ int oldstate, fd, *fdp, strokeaddrlen = sizeof(strokeaddr);
+ callback_job_t *job;
+
+ /* wait for connections, but allow thread to terminate */
+ pthread_setcancelstate(PTHREAD_CANCEL_ENABLE, &oldstate);
+ fd = accept(this->socket, (struct sockaddr *)&strokeaddr, &strokeaddrlen);
+ pthread_setcancelstate(oldstate, NULL);
+
+ if (fd < 0)
+ {
+ DBG1(DBG_CFG, "accepting SMP XML socket failed: %s", strerror(errno));
+ sleep(1);
+ return JOB_REQUEUE_FAIR;;
+ }
+
+ fdp = malloc_thing(int);
+ *fdp = fd;
+ job = callback_job_create((callback_job_cb_t)process, fdp, free, this->job);
+ charon->processor->queue_job(charon->processor, (job_t*)job);
+
+ return JOB_REQUEUE_DIRECT;
+}
+
+/**
+ * Implementation of itnerface_t.destroy.
+ */
+static void destroy(private_smp_t *this)
+{
+ this->job->cancel(this->job);
+ close(this->socket);
+ free(this);
+}
+
+/*
+ * Described in header file
+ */
+plugin_t *plugin_create()
+{
+ struct sockaddr_un unix_addr = { AF_UNIX, IPSEC_PIDDIR "/charon.xml"};
+ private_smp_t *this = malloc_thing(private_smp_t);
+ mode_t old;
+
+ this->public.plugin.destroy = (void (*)(plugin_t*))destroy;
+
+ /* set up unix socket */
+ this->socket = socket(AF_UNIX, SOCK_STREAM, 0);
+ if (this->socket == -1)
+ {
+ DBG1(DBG_CFG, "could not create XML socket");
+ free(this);
+ return NULL;
+ }
+
+ unlink(unix_addr.sun_path);
+ old = umask(~(S_IRWXU | S_IRWXG));
+ if (bind(this->socket, (struct sockaddr *)&unix_addr, sizeof(unix_addr)) < 0)
+ {
+ DBG1(DBG_CFG, "could not bind XML socket: %s", strerror(errno));
+ close(this->socket);
+ free(this);
+ return NULL;
+ }
+ umask(old);
+ if (chown(unix_addr.sun_path, IPSEC_UID, IPSEC_GID) != 0)
+ {
+ DBG1(DBG_CFG, "changing XML socket permissions failed: %s", strerror(errno));
+ }
+
+ if (listen(this->socket, 5) < 0)
+ {
+ DBG1(DBG_CFG, "could not listen on XML socket: %s", strerror(errno));
+ close(this->socket);
+ free(this);
+ return NULL;
+ }
+
+ this->job = callback_job_create((callback_job_cb_t)dispatch, this, NULL, NULL);
+ charon->processor->queue_job(charon->processor, (job_t*)this->job);
+
+ return &this->public.plugin;
+}
+
--- /dev/null
+/*
+ * Copyright (C) 2007-2008 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ *
+ * $Id$
+ */
+
+/**
+ * @defgroup smp smp
+ * @ingroup cplugins
+ *
+ * @defgroup smp_i smp
+ * @{ @ingroup smp
+ */
+
+#ifndef SMP_H_
+#define SMP_H_
+
+#include <plugins/plugin.h>
+
+typedef struct smp_t smp_t;
+
+/**
+ * SMP configuration and control interface.
+ *
+ * The SMP interface uses a socket and a to communicate. The syntax is strict
+ * XML, defined in the schema.xml specification.
+ */
+struct smp_t {
+
+ /**
+ * implements the plugin interface.
+ */
+ plugin_t plugin;
+};
+
+/**
+ * Create a smp plugin instance.
+ */
+plugin_t *plugin_create();
+
+#endif /* XML_H_ @}*/
*local = TRUE;
/* FALL */
case TS_REMOTE_DYNAMIC:
- ts = traffic_selector_create_dynamic(protocol, type,
+ ts = traffic_selector_create_dynamic(protocol,
start_port, end_port);
break;
default:
+++ /dev/null
-
-INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon ${xml_CFLAGS}
-
-AM_CFLAGS = -rdynamic -DIPSEC_PIDDIR=\"${piddir}\"
-
-plugin_LTLIBRARIES = libcharon-xml.la
-libcharon_xml_la_SOURCES = xml.h xml.c
-libcharon_xml_la_LDFLAGS = -module
-libcharon_xml_la_LIBADD = ${xml_LIBS}
-
+++ /dev/null
-<?xml version="1.0" encoding="UTF-8"?>
-
-<!-- strongSwan Managment Protocol (SMP) V1.0 -->
-
-<!--
- Copyright (C) 2007 Martin Willi
- Copyright (C) 2006 Andreas Eigenmann, Joël Stillhart
- Hochschule fuer Technik Rapperswil
-
- This program is free software; you can redistribute it and/or modify it
- under the terms of the GNU General Public License as published by the
- Free Software Foundation; either version 2 of the License, or (at your
- option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
-
- This program is distributed in the hope that it will be useful, but
- WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- for more details.
--->
-
-<grammar xmlns="http://relaxng.org/ns/structure/1.0"
- datatypeLibrary="http://www.w3.org/2001/XMLSchema-datatypes"
- ns="http://www.strongswan.org/smp/1.0">
- <!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -->
- <!-- Message -->
- <!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -->
- <start>
- <element name="message">
- <choice>
- <group>
- <attribute name="type">
- <value>request</value>
- </attribute>
- <optional>
- <element name="query">
- <optional>
- <ref name="QueryRequestIkesa"/>
- </optional>
- <optional>
- <ref name="QueryRequestConfig"/>
- </optional>
- <!-- others -->
- </element>
- </optional>
- <optional>
- <element name="control">
- <optional>
- <ref name="ControlRequestIkeTerminate"/>
- </optional>
- <optional>
- <ref name="ControlRequestChildTerminate"/>
- </optional>
- <optional>
- <ref name="ControlRequestIkeInitiate"/>
- </optional>
- <optional>
- <ref name="ControlRequestChildInitiate"/>
- </optional>
- <!-- others -->
- </element>
- </optional>
- <!-- others -->
- </group>
- <group>
- <attribute name="type">
- <value>response</value>
- </attribute>
- <choice>
- <element name="error">
- <attribute name="code">
- <data type="nonNegativeInteger"/>
- </attribute>
- <data type="string"/>
- </element>
- <group>
- <optional>
- <element name="query">
- <optional>
- <ref name="QueryResponseIkesa"/>
- </optional>
- <optional>
- <ref name="QueryResponseConfig"/>
- </optional>
- <!-- others -->
- </element>
- </optional>
- <optional>
- <element name="control">
- <optional>
- <ref name="ControlResponse"/>
- </optional>
- <!-- others -->
- </element>
- </optional>
- <!-- others -->
- </group>
- </choice>
- </group>
- </choice>
- </element>
- </start>
- <!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -->
- <!-- Query -->
- <!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -->
- <define name="QueryRequestIkesa">
- <element name="ikesalist">
- <empty/>
- </element>
- </define>
- <define name="QueryResponseIkesa">
- <element name="ikesalist">
- <zeroOrMore>
- <element name="ikesa">
- <element name="id">
- <data type="positiveInteger"/>
- </element>
- <element name="status">
- <choice>
- <value type="string">created</value>
- <value type="string">connecting</value>
- <value type="string">established</value>
- <value type="string">rekeying</value>
- <value type="string">deleting</value>
- </choice>
- </element>
- <element name="role">
- <choice>
- <value type="string">initiator</value>
- <value type="string">responder</value>
- </choice>
- </element>
- <element name="peerconfig">
- <data type="string"/>
- </element>
- <element name="lifetime">
- <data type="integer"/>
- </element>
- <element name="rekeytime">
- <data type="integer"/>
- </element>
- <element name="local">
- <ref name="ikeEnd"/>
- </element>
- <element name="remote">
- <ref name="ikeEnd"/>
- </element>
- <element name="childsalist">
- <zeroOrMore>
- <element name="childsa">
- <ref name="childsa"/>
- </element>
- </zeroOrMore>
- </element>
- </element>
- </zeroOrMore>
- </element>
- </define>
- <define name="ikeEnd">
- <element name="spi">
- <data type="hexBinary" />
- </element>
- <element name="identification">
- <ref name="identification"/>
- </element>
- <element name="address">
- <ref name="address"/>
- </element>
- <element name="port">
- <data type="nonNegativeInteger">
- <param name="maxInclusive">65535</param>
- </data>
- </element>
- <optional>
- <element name="nat">
- <data type="boolean"/>
- </element>
- </optional>
- </define>
- <define name="childsa">
- <element name="reqid">
- <data type="nonNegativeInteger"/>
- </element>
- <element name="lifetime">
- <data type="integer"/>
- </element>
- <element name="rekeytime">
- <data type="integer"/>
- </element>
- <element name="local">
- <ref name="childEnd"/>
- </element>
- <element name="remote">
- <ref name="childEnd"/>
- </element>
- </define>
- <define name="childEnd">
- <element name="spi">
- <element name="networks">
- <ref name="networks">
- </element>
- </define>
- <define name="QueryRequestConfig">
- <element name="configlist">
- <empty/>
- </element>
- </define>
- <define name="QueryResponseConfig">
- <element name="configlist">
- <zeroOrMore>
- <element name="peerconfig">
- <element name="name">
- <data type="string"/>
- </element>
- <element name="local">
- <ref name="identification"/>
- </element>
- <element name="remote">
- <ref name="identification"/>
- </element>
- <element name="ikeconfig">
- <ref name="ikeconfig"/>
- </element>
- <element name="childconfiglist">
- <zeroOrMore>
- <element name="childconfig">
- <ref name="childconfig"/>
- </element>
- </zeroOrMore>
- </element>
- </element>
- </zeroOrMore>
- </element>
- </define>
- <define name="ikeconfig">
- <element name="local">
- <ref name="address"/>
- </element>
- <element name="remote">
- <ref name="address"/>
- </element>
- </define>
- <define name="childconfig">
- <element name="name">
- <data type="string"/>
- </element>
- <element name="local">
- <ref name="networks">
- </element>
- <element name="remote">
- <ref name="networks">
- </element>
- </define>
- <!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -->
- <!-- Control -->
- <!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -->
- <define name="ControlRequestIkeTerminate">
- <element name="ikesaterminate">
- <data type="positiveInteger"/>
- </element>
- </define>
- <define name="ControlRequestChildTerminate">
- <element name="childsaterminate">
- <data type="positiveInteger"/>
- </element>
- </define>
- <define name="ControlRequestIkeInitiate">
- <element name="ikesainitiate">
- <data type="string"/>
- </element>
- </define>
- <define name="ControlRequestChildInitiate">
- <element name="childsainitiate">
- <data type="string"/>
- </element>
- </define>
- <define name="QueryResponse">
- <element name="status">
- <data type="nonNegativeInteger"/>
- </element>
- <element name="log">
- <zeroOrMore>
- <element name="item">
- <attribute name="level">
- <data type="nonNegativeInteger">
- </attribute>
- <attribute name="thread">
- <data type="nonNegativeInteger">
- </attribute>
- <attribute name="source">
- <data type="string">
- </attribute>
- <data type="string"/>
- <element>
- </zeroOrMore>
- </element>
- </define>
- <!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -->
- <!-- identification and address -->
- <!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -->
- <define name="identification">
- <choice>
- <group>
- <attribute name="type">
- <value>any</value>
- </attribute>
- <empty/>
- </group>
- <group>
- <attribute name="type">
- <value>ipv4</value>
- </attribute>
- <ref name="ipv4"/>
- </group>
- <group>
- <attribute name="type">
- <value>ipv6</value>
- </attribute>
- <ref name="ipv6"/>
- </group>
- <group>
- <attribute name="type">
- <value>fqdn</value>
- </attribute>
- <ref name="fqdn"/>
- </group>
- <group>
- <attribute name="type">
- <value>email</value>
- </attribute>
- <ref name="email"/>
- </group>
- <group>
- <attribute name="type">
- <value>asn1gn</value>
- </attribute>
- <data type="string"/>
- </group>
- <group>
- <attribute name="type">
- <value>asn1dn</value>
- </attribute>
- <data type="string"/>
- </group>
- <group>
- <attribute name="type">
- <value>keyid</value>
- </attribute>
- <data type="base64Binary"/>
- </group>
- </choice>
- </define>
- <define name="address">
- <choice>
- <group>
- <attribute name="type">
- <value>ipv4</value>
- </attribute>
- <ref name="ipv4"/>
- </group>
- <group>
- <attribute name="type">
- <value>ipv6</value>
- </attribute>
- <ref name="ipv6"/>
- </group>
- </choice>
- </define>
- <define name="ipv4">
- <data type="string">
- <param name="pattern">(([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))?</param>
- </data>
- </define>
- <define name="ipv6">
- <data type="string">
- <param name="pattern">([0-9a-fA-F]{1,4}:|:){1,7}([0-9a-fA-F]{1,4}|:)(/([0-9]|[1-9][0-9]|1[0-1][0-9]|12[0-8]))?</param>
- </data>
- </define>
- <define name="fqdn">
- <data type="string">
- <param name="pattern">[a-z0-9\-](\.[a-z0-9\-]+)*</param>
- </data>
- </define>
- <define name="email">
- <data type="string">
- <param name="pattern">[a-zA-Z0-9_\-\.]+@(([a-z0-9\-](\.[a-z0-9\-]+)*)|(([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5]))</param>
- </data>
- </define>
- <define name="networks">
- <zeroOrMore>
- <element name="network">
- <optional>
- <attribute name="protocol"/>
- </optional>
- <optional>
- <attribute name="port"/>
- </optional>
- </element>
- </zeroOrMore>
- </define>
-</grammar>
+++ /dev/null
-/*
- * Copyright (C) 2007 Martin Willi
- * Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- *
- * $Id$
- */
-
-#include <stdlib.h>
-
-#include "xml.h"
-
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <sys/socket.h>
-#include <sys/un.h>
-#include <unistd.h>
-#include <errno.h>
-#include <pthread.h>
-#include <signal.h>
-#include <libxml/xmlreader.h>
-#include <libxml/xmlwriter.h>
-
-#include <library.h>
-#include <daemon.h>
-#include <processing/jobs/callback_job.h>
-
-
-typedef struct private_xml_t private_xml_t;
-
-/**
- * Private data of an xml_t object.
- */
-struct private_xml_t {
-
- /**
- * Public part of xml_t object.
- */
- xml_t public;
-
- /**
- * XML unix socket fd
- */
- int socket;
-
- /**
- * job accepting stroke messages
- */
- callback_job_t *job;
-};
-
-ENUM(ike_sa_state_lower_names, IKE_CREATED, IKE_DELETING,
- "created",
- "connecting",
- "established",
- "rekeying",
- "deleting",
-);
-
-/**
- * write a bool into element
- */
-static void write_bool(xmlTextWriterPtr writer, char *element, bool val)
-{
- xmlTextWriterWriteElement(writer, element, val ? "true" : "false");
-}
-
-/**
- * write a identification_t into element
- */
-static void write_id(xmlTextWriterPtr writer, char *element, identification_t *id)
-{
- xmlTextWriterStartElement(writer, element);
- switch (id->get_type(id))
- {
- {
- char *type = "";
- while (TRUE)
- {
- case ID_ANY:
- type = "any";
- break;
- case ID_IPV4_ADDR:
- type = "ipv4";
- break;
- case ID_IPV6_ADDR:
- type = "ipv6";
- break;
- case ID_FQDN:
- type = "fqdn";
- break;
- case ID_RFC822_ADDR:
- type = "email";
- break;
- case ID_DER_ASN1_DN:
- type = "asn1dn";
- break;
- case ID_DER_ASN1_GN:
- type = "asn1gn";
- break;
- }
- xmlTextWriterWriteAttribute(writer, "type", type);
- xmlTextWriterWriteFormatString(writer, "%D", id);
- break;
- }
- default:
- /* TODO: base64 keyid */
- xmlTextWriterWriteAttribute(writer, "type", "keyid");
- break;
- }
- xmlTextWriterEndElement(writer);
-}
-
-/**
- * write a host_t address into an element
- */
-static void write_address(xmlTextWriterPtr writer, char *element, host_t *host)
-{
- xmlTextWriterStartElement(writer, element);
- xmlTextWriterWriteAttribute(writer, "type",
- host->get_family(host) == AF_INET ? "ipv4" : "ipv6");
- if (host->is_anyaddr(host))
- { /* do not use %any for XML */
- xmlTextWriterWriteFormatString(writer, "%s",
- host->get_family(host) == AF_INET ? "0.0.0.0" : "::");
- }
- else
- {
- xmlTextWriterWriteFormatString(writer, "%H", host);
- }
- xmlTextWriterEndElement(writer);
-}
-
-/**
- * write networks element
- */
-static void write_networks(xmlTextWriterPtr writer, char *element,
- linked_list_t *list)
-{
- iterator_t *iterator;
- traffic_selector_t *ts;
-
- xmlTextWriterStartElement(writer, element);
- iterator = list->create_iterator(list, TRUE);
- while (iterator->iterate(iterator, (void**)&ts))
- {
- xmlTextWriterStartElement(writer, "network");
- xmlTextWriterWriteAttribute(writer, "type",
- ts->get_type(ts) == TS_IPV4_ADDR_RANGE ? "ipv4" : "ipv6");
- xmlTextWriterWriteFormatString(writer, "%R", ts);
- xmlTextWriterEndElement(writer);
- }
- iterator->destroy(iterator);
- xmlTextWriterEndElement(writer);
-}
-
-/**
- * write a childEnd
- */
-static void write_childend(xmlTextWriterPtr writer, child_sa_t *child, bool local)
-{
- linked_list_t *list;
-
- xmlTextWriterWriteFormatElement(writer, "spi", "%lx",
- htonl(child->get_spi(child, local)));
- list = child->get_traffic_selectors(child, local);
- write_networks(writer, "networks", list);
-}
-
-/**
- * write a child_sa_t
- */
-static void write_child(xmlTextWriterPtr writer, child_sa_t *child)
-{
- mode_t mode;
- encryption_algorithm_t encr;
- integrity_algorithm_t int_algo;
- size_t encr_len, int_len;
- u_int32_t rekey, use_in, use_out, use_fwd;
- child_cfg_t *config;
-
- config = child->get_config(child);
- child->get_stats(child, &mode, &encr, &encr_len, &int_algo, &int_len,
- &rekey, &use_in, &use_out, &use_fwd);
-
- xmlTextWriterStartElement(writer, "childsa");
- xmlTextWriterWriteFormatElement(writer, "reqid", "%d", child->get_reqid(child));
- xmlTextWriterWriteFormatElement(writer, "childconfig", "%s",
- config->get_name(config));
- xmlTextWriterStartElement(writer, "local");
- write_childend(writer, child, TRUE);
- xmlTextWriterEndElement(writer);
- xmlTextWriterStartElement(writer, "remote");
- write_childend(writer, child, FALSE);
- xmlTextWriterEndElement(writer);
- xmlTextWriterEndElement(writer);
-}
-
-/**
- * process a ikesalist query request message
- */
-static void request_query_ikesa(xmlTextReaderPtr reader, xmlTextWriterPtr writer)
-{
- iterator_t *iterator;
- ike_sa_t *ike_sa;
-
- /* <ikesalist> */
- xmlTextWriterStartElement(writer, "ikesalist");
-
- iterator = charon->ike_sa_manager->create_iterator(charon->ike_sa_manager);
- while (iterator->iterate(iterator, (void**)&ike_sa))
- {
- ike_sa_id_t *id;
- host_t *local, *remote;
- iterator_t *children;
- child_sa_t *child_sa;
-
- id = ike_sa->get_id(ike_sa);
-
- xmlTextWriterStartElement(writer, "ikesa");
- xmlTextWriterWriteFormatElement(writer, "id", "%d",
- ike_sa->get_unique_id(ike_sa));
- xmlTextWriterWriteFormatElement(writer, "status", "%N",
- ike_sa_state_lower_names, ike_sa->get_state(ike_sa));
- xmlTextWriterWriteElement(writer, "role",
- id->is_initiator(id) ? "initiator" : "responder");
- xmlTextWriterWriteElement(writer, "peerconfig", ike_sa->get_name(ike_sa));
-
- /* <local> */
- local = ike_sa->get_my_host(ike_sa);
- xmlTextWriterStartElement(writer, "local");
- xmlTextWriterWriteFormatElement(writer, "spi", "%.16llx",
- id->is_initiator(id) ? id->get_initiator_spi(id)
- : id->get_responder_spi(id));
- write_id(writer, "identification", ike_sa->get_my_id(ike_sa));
- write_address(writer, "address", local);
- xmlTextWriterWriteFormatElement(writer, "port", "%d",
- local->get_port(local));
- if (ike_sa->supports_extension(ike_sa, EXT_NATT))
- {
- write_bool(writer, "nat", ike_sa->has_condition(ike_sa, COND_NAT_HERE));
- }
- xmlTextWriterEndElement(writer);
- /* </local> */
-
- /* <remote> */
- remote = ike_sa->get_other_host(ike_sa);
- xmlTextWriterStartElement(writer, "remote");
- xmlTextWriterWriteFormatElement(writer, "spi", "%.16llx",
- id->is_initiator(id) ? id->get_responder_spi(id)
- : id->get_initiator_spi(id));
- write_id(writer, "identification", ike_sa->get_other_id(ike_sa));
- write_address(writer, "address", remote);
- xmlTextWriterWriteFormatElement(writer, "port", "%d",
- remote->get_port(remote));
- if (ike_sa->supports_extension(ike_sa, EXT_NATT))
- {
- write_bool(writer, "nat", ike_sa->has_condition(ike_sa, COND_NAT_THERE));
- }
- xmlTextWriterEndElement(writer);
- /* </remote> */
-
- /* <childsalist> */
- xmlTextWriterStartElement(writer, "childsalist");
- children = ike_sa->create_child_sa_iterator(ike_sa);
- while (children->iterate(children, (void**)&child_sa))
- {
- write_child(writer, child_sa);
- }
- children->destroy(children);
- /* </childsalist> */
- xmlTextWriterEndElement(writer);
-
- /* </ikesa> */
- xmlTextWriterEndElement(writer);
- }
- iterator->destroy(iterator);
-
- /* </ikesalist> */
- xmlTextWriterEndElement(writer);
-}
-
-/**
- * process a configlist query request message
- */
-static void request_query_config(xmlTextReaderPtr reader, xmlTextWriterPtr writer)
-{
- enumerator_t *enumerator;
- peer_cfg_t *peer_cfg;
-
- /* <configlist> */
- xmlTextWriterStartElement(writer, "configlist");
-
- enumerator = charon->backends->create_peer_cfg_enumerator(charon->backends);
- while (enumerator->enumerate(enumerator, (void**)&peer_cfg))
- {
- enumerator_t *children;
- child_cfg_t *child_cfg;
- ike_cfg_t *ike_cfg;
- linked_list_t *list;
-
- if (peer_cfg->get_ike_version(peer_cfg) != 2)
- { /* only IKEv2 connections yet */
- continue;
- }
-
- /* <peerconfig> */
- xmlTextWriterStartElement(writer, "peerconfig");
- xmlTextWriterWriteElement(writer, "name", peer_cfg->get_name(peer_cfg));
- write_id(writer, "local", peer_cfg->get_my_id(peer_cfg));
- write_id(writer, "remote", peer_cfg->get_other_id(peer_cfg));
-
- /* <ikeconfig> */
- ike_cfg = peer_cfg->get_ike_cfg(peer_cfg);
- xmlTextWriterStartElement(writer, "ikeconfig");
- write_address(writer, "local", ike_cfg->get_my_host(ike_cfg));
- write_address(writer, "remote", ike_cfg->get_other_host(ike_cfg));
- xmlTextWriterEndElement(writer);
- /* </ikeconfig> */
-
- /* <childconfiglist> */
- xmlTextWriterStartElement(writer, "childconfiglist");
- children = peer_cfg->create_child_cfg_enumerator(peer_cfg);
- while (children->enumerate(children, &child_cfg))
- {
- /* <childconfig> */
- xmlTextWriterStartElement(writer, "childconfig");
- xmlTextWriterWriteElement(writer, "name",
- child_cfg->get_name(child_cfg));
- list = child_cfg->get_traffic_selectors(child_cfg, TRUE, NULL, NULL);
- write_networks(writer, "local", list);
- list->destroy_offset(list, offsetof(traffic_selector_t, destroy));
- list = child_cfg->get_traffic_selectors(child_cfg, FALSE, NULL, NULL);
- write_networks(writer, "remote", list);
- list->destroy_offset(list, offsetof(traffic_selector_t, destroy));
- xmlTextWriterEndElement(writer);
- /* </childconfig> */
- }
- children->destroy(children);
- /* </childconfiglist> */
- xmlTextWriterEndElement(writer);
- /* </peerconfig> */
- xmlTextWriterEndElement(writer);
- }
- enumerator->destroy(enumerator);
- /* </configlist> */
- xmlTextWriterEndElement(writer);
-}
-
-/**
- * callback which logs to a XML writer
- */
-static bool xml_callback(xmlTextWriterPtr writer, signal_t signal, level_t level,
- ike_sa_t* ike_sa, char* format, va_list args)
-{
- if (level <= 1)
- {
- /* <item> */
- xmlTextWriterStartElement(writer, "item");
- xmlTextWriterWriteFormatAttribute(writer, "level", "%d", level);
- xmlTextWriterWriteFormatAttribute(writer, "source", "%N", signal_names, signal);
- xmlTextWriterWriteFormatAttribute(writer, "thread", "%u", pthread_self());
- xmlTextWriterWriteVFormatString(writer, format, args);
- xmlTextWriterEndElement(writer);
- /* </item> */
- }
- return TRUE;
-}
-
-/**
- * process a *terminate control request message
- */
-static void request_control_terminate(xmlTextReaderPtr reader,
- xmlTextWriterPtr writer, bool ike)
-{
- if (xmlTextReaderRead(reader) &&
- xmlTextReaderNodeType(reader) == XML_READER_TYPE_TEXT)
- {
- const char *str;
- u_int32_t id;
- status_t status;
-
- str = xmlTextReaderConstValue(reader);
- if (str == NULL || !(id = atoi(str)))
- {
- DBG1(DBG_CFG, "error parsing XML id string");
- return;
- }
- DBG1(DBG_CFG, "terminating %s_SA %d", ike ? "IKE" : "CHILD", id);
-
- /* <log> */
- xmlTextWriterStartElement(writer, "log");
- if (ike)
- {
- status = charon->controller->terminate_ike(
- charon->controller, id,
- (controller_cb_t)xml_callback, writer);
- }
- else
- {
- status = charon->controller->terminate_child(
- charon->controller, id,
- (controller_cb_t)xml_callback, writer);
- }
- /* </log> */
- xmlTextWriterEndElement(writer);
- xmlTextWriterWriteFormatElement(writer, "status", "%d", status);
- }
-}
-
-/**
- * process a *initiate control request message
- */
-static void request_control_initiate(xmlTextReaderPtr reader,
- xmlTextWriterPtr writer, bool ike)
-{
- if (xmlTextReaderRead(reader) &&
- xmlTextReaderNodeType(reader) == XML_READER_TYPE_TEXT)
- {
- const char *str;
- status_t status = FAILED;
- peer_cfg_t *peer;
- child_cfg_t *child = NULL;
- enumerator_t *enumerator;
-
- str = xmlTextReaderConstValue(reader);
- if (str == NULL)
- {
- DBG1(DBG_CFG, "error parsing XML config name string");
- return;
- }
- DBG1(DBG_CFG, "initiating %s_SA %s", ike ? "IKE" : "CHILD", str);
-
- /* <log> */
- xmlTextWriterStartElement(writer, "log");
- peer = charon->backends->get_peer_cfg_by_name(charon->backends, (char*)str);
- if (peer)
- {
- enumerator = peer->create_child_cfg_enumerator(peer);
- if (ike)
- {
- if (!enumerator->enumerate(enumerator, &child))
- {
- child = NULL;
- }
- child->get_ref(child);
- }
- else
- {
- while (enumerator->enumerate(enumerator, &child))
- {
- if (streq(child->get_name(child), str))
- {
- child->get_ref(child);
- break;
- }
- child = NULL;
- }
- }
- enumerator->destroy(enumerator);
- if (child)
- {
- status = charon->controller->initiate(charon->controller,
- peer, child, (controller_cb_t)xml_callback,
- writer);
- }
- else
- {
- peer->destroy(peer);
- }
- }
- /* </log> */
- xmlTextWriterEndElement(writer);
- xmlTextWriterWriteFormatElement(writer, "status", "%d", status);
- }
-}
-
-/**
- * process a query request
- */
-static void request_query(xmlTextReaderPtr reader, xmlTextWriterPtr writer)
-{
- /* <query> */
- xmlTextWriterStartElement(writer, "query");
- while (xmlTextReaderRead(reader))
- {
- if (xmlTextReaderNodeType(reader) == XML_READER_TYPE_ELEMENT)
- {
- if (streq(xmlTextReaderConstName(reader), "ikesalist"))
- {
- request_query_ikesa(reader, writer);
- break;
- }
- if (streq(xmlTextReaderConstName(reader), "configlist"))
- {
- request_query_config(reader, writer);
- break;
- }
- }
- }
- /* </query> */
- xmlTextWriterEndElement(writer);
-}
-
-/**
- * process a control request
- */
-static void request_control(xmlTextReaderPtr reader, xmlTextWriterPtr writer)
-{
- /* <control> */
- xmlTextWriterStartElement(writer, "control");
- while (xmlTextReaderRead(reader))
- {
- if (xmlTextReaderNodeType(reader) == XML_READER_TYPE_ELEMENT)
- {
- if (streq(xmlTextReaderConstName(reader), "ikesaterminate"))
- {
- request_control_terminate(reader, writer, TRUE);
- break;
- }
- if (streq(xmlTextReaderConstName(reader), "childsaterminate"))
- {
- request_control_terminate(reader, writer, FALSE);
- break;
- }
- if (streq(xmlTextReaderConstName(reader), "ikesainitiate"))
- {
- request_control_initiate(reader, writer, TRUE);
- break;
- }
- if (streq(xmlTextReaderConstName(reader), "childsainitiate"))
- {
- request_control_initiate(reader, writer, FALSE);
- break;
- }
- }
- }
- /* </control> */
- xmlTextWriterEndElement(writer);
-}
-
-/**
- * process a request message
- */
-static void request(xmlTextReaderPtr reader, char *id, int fd)
-{
- xmlTextWriterPtr writer;
-
- writer = xmlNewTextWriter(xmlOutputBufferCreateFd(fd, NULL));
- if (writer == NULL)
- {
- DBG1(DBG_CFG, "opening SMP XML writer failed");
- return;
- }
-
- xmlTextWriterStartDocument(writer, NULL, NULL, NULL);
- /* <message xmlns="http://www.strongswan.org/smp/1.0"
- id="id" type="response"> */
- xmlTextWriterStartElement(writer, "message");
- xmlTextWriterWriteAttribute(writer, "xmlns",
- "http://www.strongswan.org/smp/1.0");
- xmlTextWriterWriteAttribute(writer, "id", id);
- xmlTextWriterWriteAttribute(writer, "type", "response");
-
- while (xmlTextReaderRead(reader))
- {
- if (xmlTextReaderNodeType(reader) == XML_READER_TYPE_ELEMENT)
- {
- if (streq(xmlTextReaderConstName(reader), "query"))
- {
- request_query(reader, writer);
- break;
- }
- if (streq(xmlTextReaderConstName(reader), "control"))
- {
- request_control(reader, writer);
- break;
- }
- }
- }
- /* </message> and close document */
- xmlTextWriterEndDocument(writer);
- xmlFreeTextWriter(writer);
-}
-
-/**
- * cleanup helper function for open file descriptors
- */
-static void closefdp(int *fd)
-{
- close(*fd);
-}
-
-/**
- * read from a opened connection and process it
- */
-static job_requeue_t process(int *fdp)
-{
- int oldstate, fd = *fdp;
- char buffer[4096];
- size_t len;
- xmlTextReaderPtr reader;
- char *id = NULL, *type = NULL;
-
- pthread_cleanup_push((void*)closefdp, (void*)&fd);
- pthread_setcancelstate(PTHREAD_CANCEL_ENABLE, &oldstate);
- len = read(fd, buffer, sizeof(buffer));
- pthread_setcancelstate(oldstate, NULL);
- pthread_cleanup_pop(0);
- if (len <= 0)
- {
- close(fd);
- DBG2(DBG_CFG, "SMP XML connection closed");
- return JOB_REQUEUE_NONE;
- }
- DBG3(DBG_CFG, "got XML request: %b", buffer, len);
-
- reader = xmlReaderForMemory(buffer, len, NULL, NULL, 0);
- if (reader == NULL)
- {
- DBG1(DBG_CFG, "opening SMP XML reader failed");
- return JOB_REQUEUE_FAIR;;
- }
-
- /* read message type and id */
- while (xmlTextReaderRead(reader))
- {
- if (xmlTextReaderNodeType(reader) == XML_READER_TYPE_ELEMENT &&
- streq(xmlTextReaderConstName(reader), "message"))
- {
- id = xmlTextReaderGetAttribute(reader, "id");
- type = xmlTextReaderGetAttribute(reader, "type");
- break;
- }
- }
-
- /* process message */
- if (id && type)
- {
- if (streq(type, "request"))
- {
- request(reader, id, fd);
- }
- else
- {
- /* response(reader, id) */
- }
- }
- xmlFreeTextReader(reader);
- return JOB_REQUEUE_FAIR;;
-}
-
-/**
- * accept from XML socket and create jobs to process connections
- */
-static job_requeue_t dispatch(private_xml_t *this)
-{
- struct sockaddr_un strokeaddr;
- int oldstate, fd, *fdp, strokeaddrlen = sizeof(strokeaddr);
- callback_job_t *job;
-
- /* wait for connections, but allow thread to terminate */
- pthread_setcancelstate(PTHREAD_CANCEL_ENABLE, &oldstate);
- fd = accept(this->socket, (struct sockaddr *)&strokeaddr, &strokeaddrlen);
- pthread_setcancelstate(oldstate, NULL);
-
- if (fd < 0)
- {
- DBG1(DBG_CFG, "accepting SMP XML socket failed: %s", strerror(errno));
- sleep(1);
- return JOB_REQUEUE_FAIR;;
- }
-
- fdp = malloc_thing(int);
- *fdp = fd;
- job = callback_job_create((callback_job_cb_t)process, fdp, free, this->job);
- charon->processor->queue_job(charon->processor, (job_t*)job);
-
- return JOB_REQUEUE_DIRECT;
-}
-
-/**
- * Implementation of itnerface_t.destroy.
- */
-static void destroy(private_xml_t *this)
-{
- this->job->cancel(this->job);
- close(this->socket);
- free(this);
-}
-
-/*
- * Described in header file
- */
-plugin_t *plugin_create()
-{
- struct sockaddr_un unix_addr = { AF_UNIX, IPSEC_PIDDIR "/charon.xml"};
- private_xml_t *this = malloc_thing(private_xml_t);
- mode_t old;
-
- this->public.plugin.destroy = (void (*)(plugin_t*))destroy;
-
- /* set up unix socket */
- this->socket = socket(AF_UNIX, SOCK_STREAM, 0);
- if (this->socket == -1)
- {
- DBG1(DBG_CFG, "could not create XML socket");
- free(this);
- return NULL;
- }
-
- unlink(unix_addr.sun_path);
- old = umask(~(S_IRWXU | S_IRWXG));
- if (bind(this->socket, (struct sockaddr *)&unix_addr, sizeof(unix_addr)) < 0)
- {
- DBG1(DBG_CFG, "could not bind XML socket: %s", strerror(errno));
- close(this->socket);
- free(this);
- return NULL;
- }
- umask(old);
- if (chown(unix_addr.sun_path, IPSEC_UID, IPSEC_GID) != 0)
- {
- DBG1(DBG_CFG, "changing XML socket permissions failed: %s", strerror(errno));
- }
-
- if (listen(this->socket, 5) < 0)
- {
- DBG1(DBG_CFG, "could not listen on XML socket: %s", strerror(errno));
- close(this->socket);
- free(this);
- return NULL;
- }
-
- this->job = callback_job_create((callback_job_cb_t)dispatch, this, NULL, NULL);
- charon->processor->queue_job(charon->processor, (job_t*)this->job);
-
- return &this->public.plugin;
-}
-
+++ /dev/null
-/*
- * Copyright (C) 2007-2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- *
- * $Id$
- */
-
-/**
- * @defgroup xml xml
- * @ingroup cplugins
- *
- * @defgroup xml_i xml
- * @{ @ingroup xml
- */
-
-#ifndef XML_H_
-#define XML_H_
-
-#include <plugins/plugin.h>
-
-typedef struct xml_t xml_t;
-
-/**
- * XML configuration and control interface.
- *
- * The XML interface uses a socket and a to communicate. The syntax is strict
- * XML, defined in the schema.xml specification.
- */
-struct xml_t {
-
- /**
- * implements the plugin interface.
- */
- plugin_t plugin;
-};
-
-/**
- * Create a xml plugin instance.
- */
-plugin_t *plugin_create();
-
-#endif /* XML_H_ @}*/
AM_CFLAGS += -DLIBLDAP
endif
+# This compile option activates smartcard support
+if USE_SMARTCARD
+ AM_CFLAGS += -DSMARTCARD
+endif
+
# This compile option activates smartcard support
if USE_SMARTCARD
+ AM_CFLAGS += -DSMARTCARD
scepclient_LDADD += -ldl
endif
+# This compile option activates dynamic URL fetching using libcurl
+if USE_CURL
+ AM_CFLAGS += -DLIBCURL
+ scepclient_LDADD += -lcurl
+endif
+
dist_man_MANS = scepclient.8
asn1.o : $(PLUTODIR)/asn1.c $(PLUTODIR)/asn1.h