Added some debug statements
authorAndreas Steffen <andreas.steffen@strongswan.org>
Fri, 9 Aug 2013 13:21:33 +0000 (15:21 +0200)
committerAndreas Steffen <andreas.steffen@strongswan.org>
Thu, 15 Aug 2013 21:34:22 +0000 (23:34 +0200)
src/libpttls/pt_tls.c
src/libpttls/pt_tls.h
src/libpttls/pt_tls_client.c
src/libpttls/pt_tls_server.c

index 034bf6c..b59ef7c 100644 (file)
@@ -16,7 +16,7 @@
 #include "pt_tls.h"
 
 #include <utils/debug.h>
-
+#include <pen/pen.h>
 /**
  * Described in header.
  */
@@ -42,6 +42,26 @@ void libpttls_init(void)
  *  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
  */
 
+ENUM(pt_tls_message_type_names, PT_TLS_EXPERIMENTAL, PT_TLS_ERROR,
+       "Experimental",
+       "Version Request",
+       "Version Response",
+       "SASL Mechanisms",
+       "SASL Mechanism Selection",
+       "SASL Authentication Data",
+       "SASL Result",
+       "PB-TNC Batch",
+       "PT-TLS Error"
+);
+
+ENUM(pt_tls_sasl_result_names, PT_TLS_SASL_RESULT_SUCCESS,
+                                                          PT_TLS_SASL_RESULT_MECH_FAILURE,
+       "Success",
+       "Failure",
+       "Abort",
+       "Mechanism Failure"
+);
+
 /**
  * Read a chunk of data from TLS, returning a reader for it
  */
@@ -95,6 +115,19 @@ bio_reader_t* pt_tls_read(tls_socket_t *tls, u_int32_t *vendor,
                DBG1(DBG_TNC, "received short PT-TLS header (%d bytes)", len);
                return NULL;
        }
+
+       if (*vendor == PEN_IETF)
+       {
+               DBG2(DBG_TNC, "received PT-TLS message #%d of type '%N' (%d bytes)",
+                                         *identifier, pt_tls_message_type_names, *type, len);
+       }
+       else
+       {
+               DBG2(DBG_TNC, "received PT-TLS message #%d of unknown type "
+                                         "0x%06x/0x%08x (%d bytes)",
+                                         *identifier, *vendor, *type, len);
+       }
+
        return read_tls(tls, len - PT_TLS_HEADER_LEN);
 }
 
@@ -120,6 +153,9 @@ bool pt_tls_write(tls_socket_t *tls, bio_writer_t *writer,
        header->write_data(header, data);
        writer->destroy(writer);
 
+       DBG2(DBG_TNC, "sending PT-TLS message #%d of type '%N' (%d bytes)",
+                                  identifier, pt_tls_message_type_names, type, len);
+
        data = header->get_buf(header);
        len = tls->write(tls, data.ptr, data.len);
        header->destroy(header);
index 0f1f124..f7ea75b 100644 (file)
@@ -61,6 +61,8 @@ enum pt_tls_message_type_t {
        PT_TLS_ERROR = 8,
 };
 
+extern enum_name_t *pt_tls_message_type_names;
+
 /**
  * Result code for a single SASL mechansim, as sent in PT_TLS_SASL_RESULT
  */
@@ -71,6 +73,8 @@ enum pt_tls_sasl_result_t {
        PT_TLS_SASL_RESULT_MECH_FAILURE = 3,
 };
 
+extern enum_name_t *pt_tls_sasl_result_names;
+
 /**
  * Client authentication to require as PT-TLS server.
  */
index 76dd5ee..6df3235 100644 (file)
@@ -203,14 +203,15 @@ static status_t do_sasl(private_pt_tls_client_t *this, sasl_mechanism_t *sasl)
                                        reader->destroy(reader);
                                        return FAILED;
                                }
+                               DBG1(DBG_TNC, "received SASL %N result",
+                                        pt_tls_sasl_result_names, result);
+
                                switch (result)
                                {
                                        case PT_TLS_SASL_RESULT_ABORT:
-                                               DBG1(DBG_TNC, "received SASL abort result");
                                                reader->destroy(reader);
                                                return FAILED;
                                        case PT_TLS_SASL_RESULT_SUCCESS:
-                                               DBG1(DBG_TNC, "received SASL success result");
                                                switch (sasl->process(sasl, reader->peek(reader)))
                                                {
                                                        case SUCCESS:
@@ -226,7 +227,6 @@ static status_t do_sasl(private_pt_tls_client_t *this, sasl_mechanism_t *sasl)
                                                break;
                                        case PT_TLS_SASL_RESULT_MECH_FAILURE:
                                        case PT_TLS_SASL_RESULT_FAILURE:
-                                               DBG1(DBG_TNC, "received SASL failure result");
                                                /* non-fatal failure, try again */
                                                reader->destroy(reader);
                                                return NEED_MORE;
index 2796e0d..33d9715 100644 (file)
@@ -472,6 +472,7 @@ METHOD(pt_tls_server_t, handle, status_t,
        switch (this->state)
        {
                case PT_TLS_SERVER_VERSION:
+                       DBG1(DBG_TNC, "entering PT-TLS negotiation phase");
                        if (!negotiate_version(this))
                        {
                                return FAILED;
@@ -480,6 +481,7 @@ METHOD(pt_tls_server_t, handle, status_t,
                        this->state = PT_TLS_SERVER_AUTH;
                        /* fall through to next state */
                case PT_TLS_SERVER_AUTH:
+                       DBG1(DBG_TNC, "doing SASL client authentication");
                        if (!authenticate(this))
                        {
                                return FAILED;
@@ -487,6 +489,7 @@ METHOD(pt_tls_server_t, handle, status_t,
                        this->state = PT_TLS_SERVER_TNCCS;
                        break;
                case PT_TLS_SERVER_TNCCS:
+                       DBG1(DBG_TNC, "entering PT-TLS data transport phase");
                        if (!assess(this, (tls_t*)this->tnccs))
                        {
                                return FAILED;