created pluto and scepclient now use libstrongswan-lite
authorAndreas Steffen <andreas.steffen@strongswan.org>
Sat, 18 Apr 2009 14:50:31 +0000 (14:50 -0000)
committerAndreas Steffen <andreas.steffen@strongswan.org>
Sat, 18 Apr 2009 14:50:31 +0000 (14:50 -0000)
20 files changed:
src/libstrongswan/Makefile.am
src/pluto/Makefile.am
src/pluto/ac.c
src/pluto/asn1.c
src/pluto/ca.c
src/pluto/crl.c
src/pluto/defs.c
src/pluto/defs.h
src/pluto/fetch.c
src/pluto/kernel.c
src/pluto/keys.c
src/pluto/library.c
src/pluto/library.h
src/pluto/ocsp.c
src/pluto/pgp.c
src/pluto/plutomain.c
src/pluto/smartcard.c
src/pluto/x509.c
src/scepclient/Makefile.am
src/scepclient/scepclient.c

index 1d0f837..b9c6bac 100644 (file)
@@ -1,4 +1,4 @@
-lib_LTLIBRARIES = libstrongswan.la
+lib_LTLIBRARIES = libstrongswan.la libstrongswan-lite.la
 
 if USE_INTEGRITY_TEST
   libstrongswan_la_SOURCES = \
@@ -56,13 +56,27 @@ plugins/plugin_loader.c plugins/plugin_loader.h plugins/plugin.h
 
 libstrongswan_la_LIBADD = -lpthread -ldl
 
+libstrongswan_lite_la_SOURCES = \
+chunk.c chunk.h \
+debug.c debug.h \
+asn1/oid.c asn1/oid.h \
+printf_hook.c printf_hook.h \
+settings.c settings.h \
+utils.c utils.h \
+utils/enumerator.c utils/enumerator.h \
+utils/linked_list.c utils/linked_list.h
+
 INCLUDES = -I$(top_srcdir)/src/libstrongswan
 AM_CFLAGS = -DIPSEC_DIR=\"${ipsecdir}\" \
                        -DIPSEC_PLUGINDIR=\"${plugindir}\"
 
 if USE_LEAK_DETECTIVE
   AM_CFLAGS += -DLEAK_DETECTIVE
-  libstrongswan_la_SOURCES += utils/leak_detective.c utils/leak_detective.h
+  libstrongswan_la_SOURCES += \
+    utils/leak_detective.c utils/leak_detective.h
+  libstrongswan_lite_la_SOURCES += \
+    utils/leak_detective.c utils/leak_detective.h \
+    utils/backtrace.c utils/backtrace.h 
 endif
 
 if USE_LOCK_PROFILER
index 2194cda..c2126ab 100644 (file)
@@ -90,49 +90,21 @@ AM_CFLAGS = \
 -DPLUTO -DKLIPS -DDEBUG
 
 pluto_LDADD = \
-oid.o debug.o linked_list.o enumerator.o settings.o utils.o chunk.o \
+$(LIBSTRONGSWANDIR)/libstrongswan-lite.la \ 
 $(LIBFREESWANDIR)/libfreeswan.a \
 $(LIBCRYPTODIR)/libcrypto.a \
 -lgmp -lresolv -lpthread -ldl
 
-if USE_LEAK_DETECTIVE
-  AM_CFLAGS += -DLEAK_DETECTIVE
-  pluto_LDADD += backtrace.o leak_detective.o
-endif
-
 _pluto_adns_LDADD = \
 $(LIBFREESWANDIR)/libfreeswan.a \
 -lresolv -ldl
 
 dist_man_MANS = pluto.8 ipsec.secrets.5
 
-# Copy functions from libstrongswan
-oid.o :        $(LIBSTRONGSWANDIR)/asn1/oid.c $(LIBSTRONGSWANDIR)/asn1/oid.h
-               $(COMPILE) -c -o $@ $<
-
-debug.o : $(LIBSTRONGSWANDIR)/debug.c $(LIBSTRONGSWANDIR)/debug.h
-               $(COMPILE) -c -o $@ $<
-
-backtrace.o : $(LIBSTRONGSWANDIR)/utils/backtrace.c $(LIBSTRONGSWANDIR)/utils/backtrace.h
-               $(COMPILE) -c -o $@ $<
-
-leak_detective.o : $(LIBSTRONGSWANDIR)/utils/leak_detective.c $(LIBSTRONGSWANDIR)/utils/leak_detective.h
-               $(COMPILE) -c -o $@ $<
-
-linked_list.o : $(LIBSTRONGSWANDIR)/utils/linked_list.c $(LIBSTRONGSWANDIR)/utils/linked_list.h
-               $(COMPILE) -c -o $@ $<
-
-enumerator.o : $(LIBSTRONGSWANDIR)/utils/enumerator.c $(LIBSTRONGSWANDIR)/utils/enumerator.h
-               $(COMPILE) -c -o $@ $<
-
-settings.o : $(LIBSTRONGSWANDIR)/settings.c $(LIBSTRONGSWANDIR)/settings.h
-               $(COMPILE) -c -o $@ $<
-
-utils.o : $(LIBSTRONGSWANDIR)/utils.c $(LIBSTRONGSWANDIR)/utils.h
-               $(COMPILE) -c -o $@ $<
-
-chunk.o : $(LIBSTRONGSWANDIR)/chunk.c $(LIBSTRONGSWANDIR)/chunk.h
-               $(COMPILE) -c -o $@ $<
+# This compile option activates the memory leak detective
+if USE_LEAK_DETECTIVE
+  AM_CFLAGS += -DLEAK_DETECTIVE
+endif
 
 # This compile option activates the sending of a strongSwan VID
 if USE_VENDORID
index fadfa9e..d7aca06 100644 (file)
@@ -746,9 +746,9 @@ check_ac_validity(const x509acert_t *ac)
 
     time(&current_time);
     DBG(DBG_CONTROL | DBG_PARSING,
-       DBG_log("  not before  : %s", timetoa(&ac->notBefore, TRUE));
-       DBG_log("  current time: %s", timetoa(&current_time, TRUE));
-       DBG_log("  not after   : %s", timetoa(&ac->notAfter, TRUE));
+       DBG_log("  not before  : %T", &ac->notBefore, TRUE);
+       DBG_log("  current time: %T", &current_time, TRUE);
+       DBG_log("  not after   : %T", &ac->notAfter, TRUE);
     )
 
     if (current_time < ac->notBefore)
@@ -917,7 +917,7 @@ list_acerts(bool utc)
     {
        u_char buf[BUF_LEN];
 
-       whack_log(RC_COMMENT, "%s",timetoa(&ac->installed, utc));
+       whack_log(RC_COMMENT, "%T", &ac->installed, utc);
        if (ac->entityName.ptr != NULL)
        {
            dntoa(buf, BUF_LEN, ac->entityName);
@@ -944,11 +944,11 @@ list_acerts(bool utc)
        datatot(ac->serialNumber.ptr, ac->serialNumber.len, ':'
            , buf, BUF_LEN);
        whack_log(RC_COMMENT, "       serial:    %s", buf);
-       whack_log(RC_COMMENT, "       validity:  not before %s %s",
-               timetoa(&ac->notBefore, utc),
+       whack_log(RC_COMMENT, "       validity:  not before %T %s",
+               &ac->notBefore, utc,
                (ac->notBefore < now)?"ok":"fatal (not valid yet)");
-       whack_log(RC_COMMENT, "                  not after  %s %s",
-               timetoa(&ac->notAfter, utc),
+       whack_log(RC_COMMENT, "                  not after  %T %s",
+               &ac->notAfter, utc,
                check_expiry(ac->notAfter, ACERT_WARNING_INTERVAL, TRUE));
        if (ac->authKeyID.ptr != NULL)
        {
@@ -986,8 +986,7 @@ list_groups(bool utc)
     {
        ietfAttr_t *attr = list->attr;
 
-       whack_log(RC_COMMENT, "%s, count: %d", timetoa(&attr->installed, utc),
-               attr->count);
+       whack_log(RC_COMMENT, "%T, count: %d", &attr->installed, utc, attr->count);
        
        switch (attr->kind)
        {
index d00a24d..3d4852c 100644 (file)
@@ -544,7 +544,7 @@ debug_asn1_simple_object(chunk_t object, asn1_t type, u_int cond)
     case ASN1_GENERALIZEDTIME:
        DBG(DBG_PARSING,
            time_t time = asn1totime(&object, type);
-           DBG_log("  '%s'", timetoa(&time, TRUE));
+           DBG_log("  '%T'", &time, TRUE);
        )
        return;
     default:
index 0c07082..72398a4 100644 (file)
@@ -661,11 +661,11 @@ list_ca_infos(bool utc)
 
        /* strictpolicy per CA not supported yet
         *
-       whack_log(RC_COMMENT, "%s, \"%s\", strictcrlpolicy: %s"
-               , timetoa(&ca->installed, utc), ca->name
+       whack_log(RC_COMMENT, "%T, \"%s\", strictcrlpolicy: %s"
+               , &ca->installed, utc, ca->name
                , ca->strictcrlpolicy? "yes":"no");
        */
-       whack_log(RC_COMMENT, "%s, \"%s\"", timetoa(&ca->installed, utc), ca->name);
+       whack_log(RC_COMMENT, "%T, \"%s\"", &ca->installed, utc, ca->name);
        dntoa(buf, BUF_LEN, ca->authName);
        whack_log(RC_COMMENT, "       authname: '%s'", buf);
        if (ca->ldaphost != NULL)
index be3310e..1119d4a 100644 (file)
@@ -677,8 +677,7 @@ verify_by_crl(const x509cert_t *cert, time_t *until, time_t *revocationDate
            {
                fetch_req_t *req;
 
-               plog("crl update is overdue since %s"
-                   , timetoa(until, TRUE));
+               plog("crl update is overdue since %T", until, TRUE);
 
                /* try to fetch a crl update */
                req = build_crl_fetch_request(crl->issuer
@@ -738,8 +737,8 @@ list_crls(bool utc, bool strict)
            revokedCert = revokedCert->next;
         }
 
-       whack_log(RC_COMMENT, "%s, revoked certs: %d",
-               timetoa(&crl->installed, utc), revoked);
+       whack_log(RC_COMMENT, "%T, revoked certs: %d",
+               &crl->installed, utc, revoked);
        dntoa(buf, BUF_LEN, crl->issuer);
        whack_log(RC_COMMENT, "       issuer:   '%s'", buf);
        if (crl->crlNumber.ptr != NULL)
@@ -750,10 +749,10 @@ list_crls(bool utc, bool strict)
        }
        list_distribution_points(crl->distributionPoints);
 
-       whack_log(RC_COMMENT, "       updates:   this %s",
-               timetoa(&crl->thisUpdate, utc));
-       whack_log(RC_COMMENT, "                  next %s %s",
-               timetoa(&crl->nextUpdate, utc),
+       whack_log(RC_COMMENT, "       updates:   this %T",
+               &crl->thisUpdate, utc);
+       whack_log(RC_COMMENT, "                  next %T %s",
+               &crl->nextUpdate, utc,
                check_expiry(crl->nextUpdate, CRL_WARNING_INTERVAL, strict));
        if (crl->authKeyID.ptr != NULL)
        {
index 79c8192..2b88d73 100644 (file)
@@ -143,36 +143,6 @@ write_chunk(const char *filename, const char *label, chunk_t ch
     }
 }
 
-/* Names of the months */
-
-static const char* months[] = {
-    "Jan", "Feb", "Mar", "Apr", "May", "Jun",
-    "Jul", "Aug", "Sep", "Oct", "Nov", "Dec"
-};
-
-
-/*
- *  Display a date either in local or UTC time
- */
-char*
-timetoa(const time_t *time, bool utc)
-{
-    static char buf[TIMETOA_BUF];
-
-    if (*time == UNDEFINED_TIME)
-       sprintf(buf, "--- -- --:--:--%s----", (utc)?" UTC ":" ");
-    else
-    {
-       struct tm *t = (utc)? gmtime(time) : localtime(time);
-
-       sprintf(buf, "%s %02d %02d:%02d:%02d%s%04d",
-           months[t->tm_mon], t->tm_mday, t->tm_hour, t->tm_min, t->tm_sec,
-           (utc)?" UTC ":" ", t->tm_year + 1900
-       );
-    }
-    return buf;
-}
-
 /*  checks if the expiration date has been reached and
  *  warns during the warning_interval of the imminent
  *  expiry. strict=TRUE declares a fatal error,
index 2d19d73..8887481 100644 (file)
@@ -67,9 +67,6 @@ extern void mv_chunk(u_char **pos, chunk_t content);
 extern bool write_chunk(const char *filename, const char *label, chunk_t ch
     ,mode_t mask, bool force);
 
-/* display a date either in local or UTC time */
-extern char* timetoa(const time_t *time, bool utc);
-
 /* warns a predefined interval before expiry */
 extern const char* check_expiry(time_t expiration_date,
     int warning_interval, bool strict);
index 64e67c0..ecffe76 100644 (file)
@@ -1043,8 +1043,8 @@ list_crl_fetch_requests(bool utc)
     {
        u_char buf[BUF_LEN];
 
-       whack_log(RC_COMMENT, "%s, trials: %d"
-           , timetoa(&req->installed, utc), req->trials);
+       whack_log(RC_COMMENT, "%T, trials: %d"
+           , &req->installed, utc, req->trials);
        dntoa(buf, BUF_LEN, req->issuer);
        whack_log(RC_COMMENT, "       issuer:   '%s'", buf);
        if (req->authKeyID.ptr != NULL)
index 4dcad1f..9a3715e 100644 (file)
@@ -2282,7 +2282,7 @@ get_sa_info(struct state *st, bool inbound, u_int *bytes, time_t *use_time)
        if (!kernel_ops->get_policy(&sa, inbound, use_time))
            return FALSE;
        DBG(DBG_KLIPS,
-           DBG_log("  use_time: %s", timetoa(use_time, FALSE))
+           DBG_log("  use_time: %T", use_time, FALSE)
        )
     }
     return TRUE;
index 2d51b52..1e0bbc3 100644 (file)
@@ -1528,14 +1528,12 @@ void list_public_keys(bool utc)
        if (key->alg == PUBKEY_ALG_RSA)
        {
            char buf[BUF_LEN];
-           char expires_buf[TIMETOA_BUF];
 
            idtoa(&key->id, buf, BUF_LEN);
-           strcpy(expires_buf, timetoa(&key->until_time, utc));
-           whack_log(RC_COMMENT, "%s, %4d RSA Key %s, until %s %s",
-
-               timetoa(&key->installed_time, utc), 8*key->u.rsa.k, key->u.rsa.keyid,
-               expires_buf,
+           whack_log(RC_COMMENT, "%T, %4d RSA Key %s, until %T %s",
+               &key->installed_time, utc,
+               8*key->u.rsa.k, key->u.rsa.keyid,
+               &key->until_time, utc,
                check_expiry(key->until_time, PUBKEY_WARNING_INTERVAL, TRUE));
            whack_log(RC_COMMENT,"       %s '%s'",
                enum_show(&ident_names, key->id.kind), buf);
index b8f406a..29e57e1 100644 (file)
@@ -21,6 +21,7 @@
 #include <stdlib.h>
 
 #include <utils.h>
+#include <chunk.h>
 #ifdef LEAK_DETECTIVE
 #include <utils/leak_detective.h>
 #endif
@@ -58,6 +59,7 @@ void library_deinit()
        private_library_t *this = (private_library_t*)lib;
 
        this->public.settings->destroy(this->public.settings);
+       this->public.printf_hook->destroy(this->public.printf_hook);
        
 #ifdef LEAK_DETECTIVE
        if (this->detective)
@@ -74,6 +76,7 @@ void library_deinit()
  */
 void library_init(char *settings)
 {
+       printf_hook_t *pfh;
        private_library_t *this = malloc_thing(private_library_t);
        lib = &this->public;
        
@@ -83,6 +86,21 @@ void library_init(char *settings)
        this->detective = leak_detective_create();
 #endif /* LEAK_DETECTIVE */
 
+       pfh = printf_hook_create();
+       this->public.printf_hook = pfh;
+       
+       pfh->add_handler(pfh, 'b', mem_printf_hook,
+                                        PRINTF_HOOK_ARGTYPE_POINTER, PRINTF_HOOK_ARGTYPE_INT,
+                                        PRINTF_HOOK_ARGTYPE_END);
+       pfh->add_handler(pfh, 'B', chunk_printf_hook,
+                                        PRINTF_HOOK_ARGTYPE_POINTER, PRINTF_HOOK_ARGTYPE_END);
+       pfh->add_handler(pfh, 'T', time_printf_hook,
+                                        PRINTF_HOOK_ARGTYPE_POINTER, PRINTF_HOOK_ARGTYPE_INT,
+                                        PRINTF_HOOK_ARGTYPE_END);
+       pfh->add_handler(pfh, 'V', time_delta_printf_hook,
+                                        PRINTF_HOOK_ARGTYPE_POINTER, PRINTF_HOOK_ARGTYPE_POINTER,
+                                        PRINTF_HOOK_ARGTYPE_END);
+
        this->public.settings = settings_create(settings);
 }
 
index f4b5702..921c5f2 100644 (file)
@@ -27,6 +27,12 @@ typedef struct library_t library_t;
  * Libstrongswan library context, contains library relevant globals.
  */
 struct library_t {
+
+       /**
+        * Printf hook registering facility
+        */
+       printf_hook_t *printf_hook;
+       
        /**
         * various settings loaded from settings file
         */
index b706dc9..256c447 100644 (file)
@@ -615,7 +615,7 @@ list_ocsp_locations(ocsp_location_t *location, bool requests, bool utc
            {
                char thisUpdate[TIMETOA_BUF];
 
-               strcpy(thisUpdate, timetoa(&certinfo->thisUpdate, utc));
+               snprintf(thisUpdate, TIMETOA_BUF, "%T", &certinfo->thisUpdate, utc);
 
                if (requests)
                {
@@ -629,8 +629,8 @@ list_ocsp_locations(ocsp_location_t *location, bool requests, bool utc
                }
                else
                {
-                   whack_log(RC_COMMENT, "%s, until %s %s", thisUpdate
-                       , timetoa(&certinfo->nextUpdate, utc)
+                   whack_log(RC_COMMENT, "%s, until %T %s", thisUpdate
+                       , &certinfo->nextUpdate, utc
                        , check_expiry(certinfo->nextUpdate, OCSP_WARNING_INTERVAL, strict));
                }
                datatot(certinfo->serialNumber.ptr, certinfo->serialNumber.len, ':'
index a5c6d22..a3efdad 100644 (file)
@@ -195,7 +195,7 @@ parse_pgp_pubkey_packet(chunk_t *packet, pgpcert_t *cert)
     cert->created = (time_t)pgp_size(packet, 4);
     DBG(DBG_PARSING,
        DBG_log("L3 - created:");
-       DBG_log("  %s", timetoa(&cert->created, TRUE))
+       DBG_log("  %T", &cert->created, TRUE)
     )
 
     if (version == 3)
@@ -209,7 +209,7 @@ parse_pgp_pubkey_packet(chunk_t *packet, pgpcert_t *cert)
 
        DBG(DBG_PARSING,
            DBG_log("L3 - until:");
-           DBG_log("  %s", timetoa(&cert->until, TRUE));
+           DBG_log("  %T", &cert->until, TRUE);
        )
     }
 
@@ -403,7 +403,7 @@ parse_pgp_signature_packet(chunk_t *packet, pgpcert_t *cert)
     created = (time_t)pgp_size(packet, 4);
     DBG(DBG_PARSING,
        DBG_log("L3 - created:");
-       DBG_log("  %s", timetoa(&cert->created, TRUE))
+       DBG_log("  %T", &cert->created, TRUE)
     )
 
     /* key ID of signer - 8 bytes */
@@ -633,14 +633,14 @@ list_pgp_end_certs(bool utc)
        c.type = CERT_PGP;
        c.u.pgp = cert;
 
-       whack_log(RC_COMMENT, "%s, count: %d", timetoa(&cert->installed, utc), cert->count);
+       whack_log(RC_COMMENT, "%T, count: %d", &cert->installed, utc), cert->count;
        datatot(cert->fingerprint, PGP_FINGERPRINT_SIZE, 'x', buf, BUF_LEN);
        whack_log(RC_COMMENT, "       fingerprint:  %s", buf);
        form_keyid(cert->publicExponent, cert->modulus, buf, &keysize);
        whack_log(RC_COMMENT, "       pubkey:   %4d RSA Key %s%s", 8*keysize, buf,
                (has_private_key(c))? ", has private key" : "");
-       whack_log(RC_COMMENT, "       created:  %s", timetoa(&cert->created, utc));
-       whack_log(RC_COMMENT, "       until:    %s %s", timetoa(&cert->until, utc),
+       whack_log(RC_COMMENT, "       created:  %T", &cert->created, utc);
+       whack_log(RC_COMMENT, "       until:    %T %s", &cert->until, utc,
                check_expiry(cert->until, CA_CERT_WARNING_INTERVAL, TRUE));
        cert = cert->next;
     }
index e03f76b..75f4cab 100644 (file)
@@ -1,6 +1,7 @@
 /* Pluto main program
  * Copyright (C) 1997 Angelos D. Keromytis.
  * Copyright (C) 1998-2001  D. Hugh Redelmeier.
+ * Copyright (C) 2009 Andreas Steffen
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
@@ -17,6 +18,7 @@
 
 #include <stdio.h>
 #include <stdlib.h>
+#include <syslog.h>
 #include <unistd.h>
 #include <ctype.h>
 #include <errno.h>
@@ -39,6 +41,7 @@
 
 #include <freeswan.h>
 #include <library.h>
+#include <debug.h>
 
 #include <pfkeyv2.h>
 #include <pfkey.h>
@@ -188,8 +191,7 @@ fill_lock(int lockfd, pid_t pid)
     return ok;
 }
 
-static void
-delete_lock(void)
+static void delete_lock(void)
 {
     if (pluto_lock_created)
     {
@@ -198,6 +200,48 @@ delete_lock(void)
     }
 }
 
+static int debug_level = 1;
+
+/**
+ * pluto dbg function
+ */
+static void pluto_dbg(int level, char *fmt, ...)
+{
+    int priority = LOG_INFO;
+    char buffer[8192];
+    char *current = buffer, *next;
+    va_list args;
+       
+    if (level <= debug_level)
+    {
+       va_start(args, fmt);
+
+       if (log_to_stderr)
+       {
+           vfprintf(stderr, fmt, args);
+           fprintf(stderr, "\n");
+       }
+       if (log_to_syslog)
+       {
+           /* write in memory buffer first */
+           vsnprintf(buffer, sizeof(buffer), fmt, args);
+
+           /* do a syslog with every line */
+           while (current)
+           {
+               next = strchr(current, '\n');
+               if (next)
+               {
+                   *(next++) = '\0';
+               }
+               syslog(priority, "%s\n", current);
+               current = next;
+           }
+       }
+       va_end(args);
+    }
+}
+
 /* by default pluto sends certificate requests to its peers */
 bool no_cr_send = FALSE;
 
@@ -506,9 +550,13 @@ main(int argc, char **argv)
     /* select between logging methods */
 
     if (log_to_stderr_desired)
+    {
        log_to_syslog = FALSE;
+    }
     else
+    {
        log_to_stderr = FALSE;
+    }
 
     /* set the logging function of pfkey debugging */
 #ifdef DEBUG
@@ -597,6 +645,9 @@ main(int argc, char **argv)
            abort();
     }
 
+    /* enable pluto debugging hook */
+    dbg = pluto_dbg;
+
     init_constants();
     init_log("pluto");
 
index f2f2860..6e882ad 100644 (file)
@@ -1939,8 +1939,8 @@ scx_list(bool utc)
 
     while (sc != NULL)
     {
-       whack_log(RC_COMMENT, "%s, #%d, count: %d"
-           , timetoa(&sc->last_load, utc)
+       whack_log(RC_COMMENT, "%T, #%d, count: %d"
+           , &sc->last_load, utc
            , sc->number
            , sc->count);
        whack_log(RC_COMMENT, "       %s, session %s, logged %s, has %s"
index f849be7..1d2bfe6 100644 (file)
@@ -2104,9 +2104,9 @@ check_validity(const x509cert_t *cert, time_t *until)
 
     time(&current_time);
     DBG(DBG_CONTROL | DBG_PARSING ,
-       DBG_log("  not before  : %s", timetoa(&cert->notBefore, TRUE));
-       DBG_log("  current time: %s", timetoa(&current_time, TRUE));
-       DBG_log("  not after   : %s", timetoa(&cert->notAfter, TRUE));
+       DBG_log("  not before  : %T", &cert->notBefore, TRUE);
+       DBG_log("  current time: %T", &current_time, TRUE);
+       DBG_log("  not after   : %T", &cert->notAfter, TRUE);
     )
 
     if (cert->notAfter < *until)
@@ -2245,8 +2245,8 @@ verify_x509cert(const x509cert_t *cert, bool strict, time_t *until)
                }
                break;
            case CERT_REVOKED:
-               plog("certificate was revoked on %s, reason: %s"
-                   , timetoa(&revocationDate, TRUE)
+               plog("certificate was revoked on %T, reason: %s"
+                   , &revocationDate, TRUE
                    , enum_name(&crl_reason_names, revocationReason));
                remove_x509_public_key(cert);
                return FALSE;
@@ -2303,7 +2303,7 @@ list_x509cert_chain(const char *caption, x509cert_t* cert, u_char auth_flags
                first = FALSE;
            }
 
-           whack_log(RC_COMMENT, "%s, count: %d", timetoa(&cert->installed, utc),
+           whack_log(RC_COMMENT, "%T, count: %d", &cert->installed, utc,
                cert->count);
            dntoa(buf, BUF_LEN, cert->subject);
            whack_log(RC_COMMENT, "       subject:  '%s'", buf);
@@ -2317,11 +2317,11 @@ list_x509cert_chain(const char *caption, x509cert_t* cert, u_char auth_flags
                , 8*keysize, keyid
                , cert->smartcard ? ", on smartcard" :
                (has_private_key(c)? ", has private key" : ""));
-           whack_log(RC_COMMENT, "       validity:  not before %s %s",
-               timetoa(&cert->notBefore, utc),
+           whack_log(RC_COMMENT, "       validity:  not before %T %s",
+               &cert->notBefore, utc,
                (cert->notBefore < now)?"ok":"fatal (not valid yet)");
-           whack_log(RC_COMMENT, "                  not after  %s %s",
-               timetoa(&cert->notAfter, utc),
+           whack_log(RC_COMMENT, "                  not after  %T %s",
+               &cert->notAfter, utc,
                check_expiry(cert->notAfter, CA_CERT_WARNING_INTERVAL, TRUE));
            if (cert->subjectKeyID.ptr != NULL)
            {
index 76d7f1a..6681407 100644 (file)
@@ -15,17 +15,27 @@ INCLUDES = \
 -I$(LIBCRYPTODIR) \
 -I$(WHACKDIR)
 
-AM_CFLAGS = -DDEBUG -DNO_PLUTO -DIPSEC_CONFDIR=\"${confdir}\"
+AM_CFLAGS = \
+-DIPSEC_CONFDIR=\"${confdir}\" \
+-DSTRONGSWAN_CONF=\"${strongswan_conf}\" \
+-DDEBUG -DNO_PLUTO
 
 LIBFREESWANBUILDDIR=$(top_builddir)/src/libfreeswan
 LIBCRYPTOBUILDDIR=$(top_builddir)/src/libcrypto
 
-scepclient_LDADD = debug.o utils.o chunk.o \
-                   asn1.o ca.o crl.o certs.o constants.o defs.o fetch.o id.o \
-                   keys.o lex.o md2.o md5.o mp_defs.o ocsp.o oid.o pem.o pgp.o \
-                   pkcs1.o pkcs7.o rnd.o sha1.o smartcard.o x509.o \
-                   $(LIBFREESWANBUILDDIR)/libfreeswan.a $(LIBCRYPTOBUILDDIR)/libcrypto.a \
-                   -lgmp
+scepclient_LDADD = \
+asn1.o ca.o crl.o certs.o constants.o defs.o fetch.o id.o keys.o \
+lex.o library.o md2.o md5.o mp_defs.o ocsp.o pem.o pgp.o pkcs1.o \
+pkcs7.o rnd.o sha1.o smartcard.o x509.o \
+$(LIBSTRONGSWANDIR)/libstrongswan-lite.la \
+$(LIBFREESWANBUILDDIR)/libfreeswan.a \
+$(LIBCRYPTOBUILDDIR)/libcrypto.a \
+-lgmp
+
+# This compile option activates the memory leak detective
+if USE_LEAK_DETECTIVE
+  AM_CFLAGS += -DLEAK_DETECTIVE
+endif
 
 # This compile option activates smartcard support
 if USE_SMARTCARD
@@ -41,15 +51,6 @@ endif
 
 dist_man_MANS = scepclient.8
 
-debug.o : $(LIBSTRONGSWANDIR)/debug.c $(LIBSTRONGSWANDIR)/debug.h
-               $(COMPILE) -c -o $@ $<
-
-utils.o : $(LIBSTRONGSWANDIR)/utils.c $(LIBSTRONGSWANDIR)/utils.h
-               $(COMPILE) -c -o $@ $<
-
-chunk.o : $(LIBSTRONGSWANDIR)/chunk.c $(LIBSTRONGSWANDIR)/chunk.h
-               $(COMPILE) -c -o $@ $<
-
 asn1.o :       $(PLUTODIR)/asn1.c $(PLUTODIR)/asn1.h
                $(COMPILE) $(INCLUDES) -c -o $@ $<
 
@@ -83,6 +84,9 @@ keys.o :      $(PLUTODIR)/keys.c $(PLUTODIR)/keys.h
 lex.o :                $(PLUTODIR)/lex.c $(PLUTODIR)/lex.h
                $(COMPILE) $(INCLUDES) -c -o $@ $<
 
+library.o :    $(PLUTODIR)/library.c $(PLUTODIR)/library.h
+               $(COMPILE) $(INCLUDES) -c -o $@ $<
+
 md2.o :                $(PLUTODIR)/md2.c $(PLUTODIR)/md2.h
                $(COMPILE) $(INCLUDES) -c -o $@ $<
 
@@ -92,9 +96,6 @@ md5.o :               $(PLUTODIR)/md5.c $(PLUTODIR)/md5.h
 ocsp.o :       $(PLUTODIR)/ocsp.c $(PLUTODIR)/ocsp.h
                $(COMPILE) $(INCLUDES) -c -o $@ $<
 
-oid.o :                $(LIBSTRONGSWANDIR)/asn1/oid.c $(LIBSTRONGSWANDIR)/asn1/oid.h
-               $(COMPILE) -c -o $@ $<
-
 pem.o :                $(PLUTODIR)/pem.c $(PLUTODIR)/pem.h
                $(COMPILE) $(INCLUDES) -c -o $@ $<
 
index 7d1c2e5..564f1d7 100644 (file)
@@ -27,6 +27,7 @@
 #include <stdarg.h>
 #include <stdio.h>
 #include <stdlib.h>
+#include <syslog.h>
 #include <string.h>
 #include <getopt.h>
 #include <ctype.h>
@@ -35,6 +36,8 @@
 #include <gmp.h>
 
 #include <freeswan.h>
+#include <library.h>
+#include <debug.h>
 #include <asn1/oid.h>
 
 #include "../pluto/constants.h"
@@ -167,6 +170,7 @@ exit_scepclient(err_t message, ...)
     free_x509cert(x509_ca_enc);
     free_x509cert(x509_ca_sig);
     pkcs10_free(pkcs10);
+    library_deinit();
     close_log();
 
     /* print any error message to stderr */
@@ -262,6 +266,47 @@ usage(const char *message)
     exit_scepclient(message);
 }
 
+static int debug_level = 1;
+
+/**
+ * @brief scepclient dbg function
+ */
+static void scepclient_dbg(int level, char *fmt, ...)
+{
+    int priority = LOG_INFO;
+    char buffer[8192];
+    char *current = buffer, *next;
+    va_list args;
+       
+    if (level <= debug_level)
+    {
+       va_start(args, fmt);
+
+       if (log_to_stderr)
+       {
+           vfprintf(stderr, fmt, args);
+           fprintf(stderr, "\n");
+       }
+       if (log_to_syslog)
+       {
+           /* write in memory buffer first */
+           vsnprintf(buffer, sizeof(buffer), fmt, args);
+
+           /* do a syslog with every line */
+           while (current)
+           {
+               next = strchr(current, '\n');
+               if (next)
+               {
+                   *(next++) = '\0';
+               }
+               syslog(priority, "%s\n", current);
+               current = next;
+           }
+       }
+       va_end(args);
+    }
+}
 /**
  * @brief main of scepclient
  *
@@ -359,6 +404,8 @@ int main(int argc, char **argv)
     scep_response     = chunk_empty;
     log_to_stderr     = TRUE;
 
+    library_init(STRONGSWAN_CONF);
+
     for (;;)
     {
        static const struct option long_opts[] = {
@@ -706,6 +753,9 @@ int main(int argc, char **argv)
        break;
     }
 
+    /* enable scepclient bugging hook */
+    dbg = scepclient_dbg;
+
     init_log("scepclient");
     cur_debugging = base_debugging;
     init_rnd_pool();