← Back to branch summary

~ubuntu-branches/ubuntu/maverick/strongswan/maverick

« back to all changes in this revision

Viewing changes to src/charon/plugins/load_tester/load_tester_config.c

  • Committer: Bazaar Package Importer
  • Author(s): Rene Mayrhofer
  • Date: 2009-04-01 22:17:52 UTC
  • mfrom: (1.1.8 upstream)
  • Revision ID: james.westby@ubuntu.com-20090401221752-eozrk0ctabblo94z
http://bugs.debian.org/521950
* New upstream release, which incorporates the fix. Removed dpatch for it.
  Closes: #521950: CVE-2009-0790: DoS
* New support for EAP RADIUS authentication, enabled for this package.

Show diffs side-by-side

added added

removed removed

Lines of Context:
src/charon/plugins/load_tester/load_tester_config.c
35
35
         * peer config
36
36
         */
37
37
        peer_cfg_t *peer_cfg;
 
38
        
 
39
        /**
 
40
         * virtual IP, if any
 
41
         */
 
42
        host_t *vip;
 
43
        
 
44
        /**
 
45
         * Remote address
 
46
         */
 
47
        char *remote;
 
48
        
 
49
        /**
 
50
         * IP address pool
 
51
         */
 
52
        char *pool;
 
53
        
 
54
        /**
 
55
         * IKE proposal
 
56
         */
 
57
        proposal_t *proposal;
 
58
        
 
59
        /**
 
60
         * Authentication method to use
 
61
         */
 
62
        auth_class_t class;
 
63
        
 
64
        /**
 
65
         * incremental numbering of generated configs
 
66
         */
 
67
        u_int num;
38
68
};
39
69
 
40
70
/**
 
71
 * Generate a new initiator config, num = 0 for responder config
 
72
 */
 
73
static peer_cfg_t* generate_config(private_load_tester_config_t *this, uint num)
 
74
{
 
75
        ike_cfg_t *ike_cfg;
 
76
        child_cfg_t *child_cfg;
 
77
        peer_cfg_t *peer_cfg;
 
78
        traffic_selector_t *ts;
 
79
        auth_info_t *auth;
 
80
        identification_t *local, *remote;
 
81
        proposal_t *proposal;
 
82
        char buf[128];
 
83
        
 
84
        if (num)
 
85
        {       /* initiator */
 
86
                snprintf(buf, sizeof(buf), "CN=cli-%d, OU=load-test, O=strongSwan", num);
 
87
                local = identification_create_from_string(buf);
 
88
                snprintf(buf, sizeof(buf), "CN=srv, OU=load-test, O=strongSwan", num);
 
89
                remote = identification_create_from_string(buf);
 
90
        }
 
91
        else
 
92
        {       /* responder */
 
93
                local = identification_create_from_string(
 
94
                                                                                "CN=srv, OU=load-test, O=strongSwan");
 
95
                remote = identification_create_from_string(
 
96
                                                                                "CN=*, OU=load-test, O=strongSwan");
 
97
        }
 
98
        
 
99
        ike_cfg = ike_cfg_create(FALSE, FALSE, "0.0.0.0", this->remote);
 
100
        ike_cfg->add_proposal(ike_cfg, this->proposal->clone(this->proposal));
 
101
        peer_cfg = peer_cfg_create("load-test", 2, ike_cfg, local, remote,
 
102
                        CERT_SEND_IF_ASKED, UNIQUE_NO, 1, 0, 0, /* keytries, rekey, reauth */
 
103
                        0, 0, FALSE, 0, /* jitter, overtime, mobike, dpddelay */
 
104
                        this->vip ? this->vip->clone(this->vip) : NULL,
 
105
                        this->pool, FALSE, NULL, NULL);
 
106
        auth = peer_cfg->get_auth(peer_cfg);
 
107
        auth->add_item(auth, AUTHN_AUTH_CLASS, &this->class);
 
108
        child_cfg = child_cfg_create("load-test", 600, 400, 100, NULL, TRUE,
 
109
                                                                 MODE_TUNNEL, ACTION_NONE, ACTION_NONE, FALSE);
 
110
        proposal = proposal_create_from_string(PROTO_ESP, "aes128-sha1");
 
111
        child_cfg->add_proposal(child_cfg, proposal);
 
112
        ts = traffic_selector_create_dynamic(0, 0, 65535);
 
113
        child_cfg->add_traffic_selector(child_cfg, TRUE, ts);
 
114
        ts = traffic_selector_create_dynamic(0, 0, 65535);
 
115
        child_cfg->add_traffic_selector(child_cfg, FALSE, ts);
 
116
        peer_cfg->add_child_cfg(peer_cfg, child_cfg);
 
117
        return peer_cfg;
 
118
}
 
119
 
 
120
/**
41
121
 * Implementation of backend_t.create_peer_cfg_enumerator.
42
122
 */
43
123
static enumerator_t* create_peer_cfg_enumerator(private_load_tester_config_t *this,
67
147
{
68
148
        if (streq(name, "load-test"))
69
149
        {
70
 
                return this->peer_cfg->get_ref(this->peer_cfg);;
 
150
                return generate_config(this, this->num++);
71
151
        }
72
152
        return NULL;
73
153
}
78
158
static void destroy(private_load_tester_config_t *this)
79
159
{
80
160
        this->peer_cfg->destroy(this->peer_cfg);
 
161
        DESTROY_IF(this->proposal);
 
162
        DESTROY_IF(this->vip);
81
163
        free(this);
82
164
}
83
165
 
87
169
load_tester_config_t *load_tester_config_create()
88
170
{
89
171
        private_load_tester_config_t *this = malloc_thing(private_load_tester_config_t);
90
 
        ike_cfg_t *ike_cfg;
91
 
        child_cfg_t *child_cfg;
92
 
        proposal_t *proposal;
93
 
        traffic_selector_t *ts;
94
 
        auth_info_t *auth;
95
 
        auth_class_t class;
96
 
        char *remote, *pool;
97
 
        host_t *vip = NULL;
 
172
        char *authstr;
98
173
        
99
174
        this->public.backend.create_peer_cfg_enumerator = (enumerator_t*(*)(backend_t*, identification_t *me, identification_t *other))create_peer_cfg_enumerator;
100
175
        this->public.backend.create_ike_cfg_enumerator = (enumerator_t*(*)(backend_t*, host_t *me, host_t *other))create_ike_cfg_enumerator;
101
176
        this->public.backend.get_peer_cfg_by_name = (peer_cfg_t* (*)(backend_t*,char*))get_peer_cfg_by_name;
102
177
        this->public.destroy = (void(*)(load_tester_config_t*))destroy;
103
178
        
 
179
        this->vip = NULL;
104
180
        if (lib->settings->get_bool(lib->settings,
105
181
                                "charon.plugins.load_tester.request_virtual_ip", FALSE))
106
182
        {
107
 
                vip = host_create_from_string("0.0.0.0", 0);
 
183
                this->vip = host_create_from_string("0.0.0.0", 0);
108
184
        }
109
 
        pool = lib->settings->get_str(lib->settings,
 
185
        this->pool = lib->settings->get_str(lib->settings,
110
186
                                "charon.plugins.load_tester.pool", NULL);
111
 
        remote = lib->settings->get_str(lib->settings, 
 
187
        this->remote = lib->settings->get_str(lib->settings, 
112
188
                                "charon.plugins.load_tester.remote", "127.0.0.1");
113
 
        ike_cfg = ike_cfg_create(TRUE, FALSE, "0.0.0.0", remote);
114
 
        proposal = proposal_create_from_string(PROTO_IKE,
 
189
                                
 
190
        this->proposal = proposal_create_from_string(PROTO_IKE,
115
191
                        lib->settings->get_str(lib->settings,
116
192
                                "charon.plugins.load_tester.proposal", "aes128-sha1-modp768"));
117
 
        if (!proposal)
 
193
        if (!this->proposal)
118
194
        {       /* fallback */
119
 
                proposal = proposal_create_from_string(PROTO_IKE, "aes128-sha1-modp768");
120
 
        }
121
 
        ike_cfg->add_proposal(ike_cfg, proposal);
122
 
        this->peer_cfg = peer_cfg_create("load-test", 2, ike_cfg,
123
 
                        identification_create_from_string("load-test@strongswan.org"),
124
 
                        identification_create_from_string("load-test@strongswan.org"),
125
 
                        CERT_SEND_IF_ASKED, UNIQUE_NO, 1, 0, 0, /* keytries, rekey, reauth */
126
 
                        0, 0, TRUE, 60, /* jitter, overtime, mobike, dpddelay */
127
 
                        vip, pool, FALSE, NULL, NULL);
128
 
        auth = this->peer_cfg->get_auth(this->peer_cfg);
129
 
        class = AUTH_CLASS_PUBKEY;
130
 
        auth->add_item(auth, AUTHN_AUTH_CLASS, &class);
131
 
        child_cfg = child_cfg_create("load-test", 600, 400, 100, NULL, TRUE,
132
 
                                                                 MODE_TUNNEL, ACTION_NONE, ACTION_NONE, FALSE);
133
 
        proposal = proposal_create_from_string(PROTO_ESP, "aes128-sha1");
134
 
        child_cfg->add_proposal(child_cfg, proposal);
135
 
        ts = traffic_selector_create_dynamic(0, 0, 65535);
136
 
        child_cfg->add_traffic_selector(child_cfg, TRUE, ts);
137
 
        ts = traffic_selector_create_dynamic(0, 0, 65535);
138
 
        child_cfg->add_traffic_selector(child_cfg, FALSE, ts);
139
 
        this->peer_cfg->add_child_cfg(this->peer_cfg, child_cfg);
 
195
                this->proposal = proposal_create_from_string(PROTO_IKE,
 
196
                                                                                                         "aes128-sha1-modp768");
 
197
        }
 
198
        authstr = lib->settings->get_str(lib->settings,
 
199
                                                                "charon.plugins.load_tester.auth", "pubkey");
 
200
        if (streq(authstr, "psk"))
 
201
        {
 
202
                this->class = AUTH_CLASS_PSK;
 
203
        }
 
204
        else
 
205
        {
 
206
                this->class = AUTH_CLASS_PUBKEY;
 
207
        }
 
208
        
 
209
        this->num = 1;
 
210
        this->peer_cfg = generate_config(this, 0);
140
211
        
141
212
        return &this->public;
142
213
}