eap: Print vendor (PEN) names for vendor-specific EAP methods

2025-10-03 00:00:24 -04:00 · 2022-07-21 13:19:56 +02:00 · 2022-07-21 13:19:56 +02:00 · 9efd7d7e90
commit 9efd7d7e90
parent f6e6fcd2f6
11 changed files with 79 additions and 37 deletions
--- a/src/libcharon/encoding/message.c
+++ b/src/libcharon/encoding/message.c
@ -1344,7 +1344,8 @@ static char* get_string(private_message_t *this, char *buf, int len)
 			{
 				if (vendor)
 				{
-					snprintf(method, sizeof(method), "/%d-%d", type, vendor);
+					snprintf(method, sizeof(method), "/%d-%N", type,
+							 pen_short_names, vendor);
 				}
 				else
 				{
--- a/src/libcharon/plugins/eap_dynamic/eap_dynamic.c
+++ b/src/libcharon/plugins/eap_dynamic/eap_dynamic.c
@ -93,8 +93,8 @@ static eap_method_t *load_method(private_eap_dynamic_t *this,
 	{
 		if (vendor)
 		{
-			DBG1(DBG_IKE, "loading vendor specific EAP method %d-%d failed",
-				 type, vendor);
+			DBG1(DBG_IKE, "loading vendor specific EAP method %d-%N failed",
+				 type, pen_names, vendor);
 		}
 		else
 		{
@ -135,9 +135,9 @@ static void select_method(private_eap_dynamic_t *this)
 			{
 				if (entry->vendor)
 				{
-					DBG2(DBG_IKE, "proposed vendor specific EAP method %d-%d "
+					DBG2(DBG_IKE, "proposed vendor specific EAP method %d-%N "
 						 "not supported by %s, skipped", entry->type,
-						  entry->vendor, who);
+						  pen_names, entry->vendor, who);
 				}
 				else
 				{
@ -157,8 +157,8 @@ static void select_method(private_eap_dynamic_t *this)
 			}
 			if (entry->vendor)
 			{
-				DBG1(DBG_IKE, "vendor specific EAP method %d-%d selected",
-					 entry->type, entry->vendor);
+				DBG1(DBG_IKE, "vendor specific EAP method %d-%N selected",
+					 entry->type, pen_names, entry->vendor);
 			}
 			else
 			{
--- a/src/libcharon/plugins/eap_peap/eap_peap_peer.c
+++ b/src/libcharon/plugins/eap_peap/eap_peap_peer.c
@ -137,8 +137,8 @@ METHOD(tls_application_t, process, status_t,
 	{
 		if (received_vendor)
 		{
-			DBG1(DBG_IKE, "server requested vendor specific EAP method %d-%d "
-						  "(id 0x%02X)", received_type, received_vendor,
+			DBG1(DBG_IKE, "server requested vendor specific EAP method %d-%N "
+						  "(id 0x%02X)", received_type, pen_names, received_vendor,
 						   in->get_identifier(in));
 		}
 		else
@ -175,8 +175,8 @@ METHOD(tls_application_t, process, status_t,
 		default:
 			if (vendor)
 			{
-				DBG1(DBG_IKE, "vendor specific EAP method %d-%d failed",
-							   type, vendor);
+				DBG1(DBG_IKE, "vendor specific EAP method %d-%N failed",
+							   type, pen_names, vendor);
 			}
 			else
 			{
--- a/src/libcharon/plugins/eap_peap/eap_peap_server.c
+++ b/src/libcharon/plugins/eap_peap/eap_peap_server.c
@ -317,8 +317,8 @@ METHOD(tls_application_t, process, status_t,
 		default:
 			if (vendor)
 			{
-				DBG1(DBG_IKE, "vendor specific EAP method %d-%d failed",
-							   type, vendor);
+				DBG1(DBG_IKE, "vendor specific EAP method %d-%N failed",
+							   type, pen_names, vendor);
 			}
 			else
 			{
--- a/src/libcharon/plugins/eap_ttls/eap_ttls_peer.c
+++ b/src/libcharon/plugins/eap_ttls/eap_ttls_peer.c
@ -185,8 +185,8 @@ METHOD(tls_application_t, process, status_t,
 	{
 		if (received_vendor)
 		{
-			DBG1(DBG_IKE, "server requested vendor specific EAP method %d-%d "
-						  "(id 0x%02X)", received_type, received_vendor,
+			DBG1(DBG_IKE, "server requested vendor specific EAP method %d-%N "
+						  "(id 0x%02X)", received_type, pen_names, received_vendor,
 						   in->get_identifier(in));
 		}
 		else
@ -224,8 +224,8 @@ METHOD(tls_application_t, process, status_t,
 		default:
 			if (vendor)
 			{
-				DBG1(DBG_IKE, "vendor specific EAP method %d-%d failed",
-							   type, vendor);
+				DBG1(DBG_IKE, "vendor specific EAP method %d-%N failed",
+							   type, pen_names, vendor);
 			}
 			else
 			{
--- a/src/libcharon/plugins/eap_ttls/eap_ttls_server.c
+++ b/src/libcharon/plugins/eap_ttls/eap_ttls_server.c
@ -292,8 +292,8 @@ METHOD(tls_application_t, process, status_t,
 		default:
 			if (vendor)
 			{
-				DBG1(DBG_IKE, "vendor specific EAP method %d-%d failed",
-							   type, vendor);
+				DBG1(DBG_IKE, "vendor specific EAP method %d-%N failed",
+							   type, pen_names, vendor);
 			}
 			else
 			{
--- a/src/libcharon/plugins/vici/vici_config.c
+++ b/src/libcharon/plugins/vici/vici_config.c
@ -370,7 +370,7 @@ static void log_auth(auth_cfg_t *auth)
 				DBG2(DBG_CFG, "   eap-type = %N", eap_type_names, v.u);
 				break;
 			case AUTH_RULE_EAP_VENDOR:
-				DBG2(DBG_CFG, "   eap-vendor = %u", v.u);
+				DBG2(DBG_CFG, "   eap-vendor = %N", pen_names, v.u);
 				break;
 			case AUTH_RULE_XAUTH_BACKEND:
 				DBG2(DBG_CFG, "   xauth = %s", v.str);
--- a/src/libcharon/sa/ikev2/authenticators/eap_authenticator.c
+++ b/src/libcharon/sa/ikev2/authenticators/eap_authenticator.c
@ -203,8 +203,8 @@ static eap_payload_t* server_initiate_eap(private_eap_authenticator_t *this,
 			type = this->method->get_type(this->method, &vendor);
 			if (vendor)
 			{
-				DBG1(DBG_IKE, "initiating EAP vendor type %d-%d method (id 0x%02X)",
-					 type, vendor, out->get_identifier(out));
+				DBG1(DBG_IKE, "initiating EAP vendor type %d-%N method (id 0x%02X)",
+					 type, pen_names, vendor, out->get_identifier(out));
 			}
 			else
 			{
@ -218,8 +218,8 @@ static eap_payload_t* server_initiate_eap(private_eap_authenticator_t *this,
 	}
 	if (vendor)
 	{
-		DBG1(DBG_IKE, "%s EAP vendor type %d-%d method failed",
-					  action, type,	vendor);
+		DBG1(DBG_IKE, "%s EAP vendor type %d-%N method failed",
+					  action, type,	pen_names, vendor);
 	}
 	else
 	{
@ -320,8 +320,8 @@ static eap_payload_t* server_process_eap(private_eap_authenticator_t *this,
 			}
 			if (vendor)
 			{
-				DBG1(DBG_IKE, "EAP vendor specific method %d-%d succeeded, "
-					 "%sMSK established", type, vendor,
+				DBG1(DBG_IKE, "EAP vendor specific method %d-%N succeeded, "
+					 "%sMSK established", type, pen_names, vendor,
 					 this->msk.ptr ? "" : "no ");
 			}
 			else
@ -340,8 +340,8 @@ failure:
 			type = this->method->get_type(this->method, &vendor);
 			if (vendor)
 			{
-				DBG1(DBG_IKE, "EAP vendor specific method %d-%d failed for "
-					 "peer %Y", type, vendor,
+				DBG1(DBG_IKE, "EAP vendor specific method %d-%N failed for "
+					 "peer %Y", type, pen_names, vendor,
 					 this->ike_sa->get_other_id(this->ike_sa));
 			}
 			else
@ -403,8 +403,8 @@ static eap_payload_t* client_process_eap(private_eap_authenticator_t *this,
 	{
 		if (vendor)
 		{
-			DBG1(DBG_IKE, "server requested vendor specific EAP method %d-%d ",
-						  "(id 0x%02X)", type, vendor, in->get_identifier(in));
+			DBG1(DBG_IKE, "server requested vendor specific EAP method %d-%N ",
+				 "(id 0x%02X)", type, pen_names, vendor, in->get_identifier(in));
 		}
 		else
 		{
@ -419,8 +419,8 @@ static eap_payload_t* client_process_eap(private_eap_authenticator_t *this,
 		{
 			if (conf_vendor)
 			{
-				DBG1(DBG_IKE, "requesting EAP method %d-%d, sending EAP_NAK",
-					 conf_type, conf_vendor);
+				DBG1(DBG_IKE, "requesting EAP method %d-%N, sending EAP_NAK",
+					 conf_type, pen_names, conf_vendor);
 			}
 			else
 			{
@ -448,7 +448,8 @@ static eap_payload_t* client_process_eap(private_eap_authenticator_t *this,

 	if (vendor)
 	{
-		DBG1(DBG_IKE, "vendor specific EAP method %d-%d failed", type, vendor);
+		DBG1(DBG_IKE, "vendor specific EAP method %d-%N failed", type,
+			 pen_names, vendor);
 	}
 	else
 	{
@ -693,8 +694,8 @@ METHOD(authenticator_t, process_client, status_t,
 				type = this->method->get_type(this->method, &vendor);
 				if (vendor)
 				{
-					DBG1(DBG_IKE, "EAP vendor specific method %d-%d succeeded, "
-						 "%sMSK established", type, vendor,
+					DBG1(DBG_IKE, "EAP vendor specific method %d-%N succeeded, "
+						 "%sMSK established", type, pen_names, vendor,
 						 this->msk.ptr ? "" : "no ");
 				}
 				else
--- a/src/libstrongswan/pen/pen.c
+++ b/src/libstrongswan/pen/pen.c
@ -50,3 +50,38 @@ ENUM_NEXT(pen_names, PEN_UNASSIGNED, PEN_RESERVED, PEN_OPENPTS,
 	"Unassigned",
 	"Reserved");
 ENUM_END(pen_names, PEN_RESERVED);
+
+ENUM_BEGIN(pen_short_names, PEN_IETF, PEN_IETF,
+	"IETF");
+ENUM_NEXT(pen_short_names, PEN_IBM, PEN_IBM, PEN_IETF,
+	"IBM");
+ENUM_NEXT(pen_short_names, PEN_MICROSOFT, PEN_MICROSOFT, PEN_IBM,
+	"MS");
+ENUM_NEXT(pen_short_names, PEN_REDHAT, PEN_REDHAT, PEN_MICROSOFT,
+	"RH");
+ENUM_NEXT(pen_short_names, PEN_PWG, PEN_PWG, PEN_REDHAT,
+	"PWG");
+ENUM_NEXT(pen_short_names, PEN_ALTIGA, PEN_ALTIGA, PEN_PWG,
+	"ALT");
+ENUM_NEXT(pen_short_names, PEN_OSC, PEN_OSC, PEN_ALTIGA,
+	"OSC");
+ENUM_NEXT(pen_short_names, PEN_DEBIAN, PEN_DEBIAN, PEN_OSC,
+	"DEB");
+ENUM_NEXT(pen_short_names, PEN_GOOGLE, PEN_GOOGLE, PEN_DEBIAN,
+	"GOO");
+ENUM_NEXT(pen_short_names, PEN_TCG, PEN_TCG, PEN_GOOGLE,
+	"TCG");
+ENUM_NEXT(pen_short_names, PEN_CANONICAL, PEN_CANONICAL, PEN_TCG,
+	"CAN");
+ENUM_NEXT(pen_short_names, PEN_FEDORA, PEN_FEDORA, PEN_CANONICAL,
+	"FED");
+ENUM_NEXT(pen_short_names, PEN_FHH, PEN_FHH, PEN_FEDORA,
+	"FHH");
+ENUM_NEXT(pen_short_names, PEN_ITA, PEN_ITA, PEN_FHH,
+	"ITA");
+ENUM_NEXT(pen_short_names, PEN_OPENPTS, PEN_OPENPTS, PEN_ITA,
+	"PTS");
+ENUM_NEXT(pen_short_names, PEN_UNASSIGNED, PEN_RESERVED, PEN_OPENPTS,
+	"UNAS",
+	"RES");
+ENUM_END(pen_short_names, PEN_RESERVED);
--- a/src/libstrongswan/pen/pen.h
+++ b/src/libstrongswan/pen/pen.h
@ -107,4 +107,9 @@ static inline bool pen_type_is(pen_type_t pen_type,
 */
 extern enum_name_t *pen_names;

+/**
+ * short enum names for pen_t.
+ */
+extern enum_name_t *pen_short_names;
+
 #endif /** PEN_H_ @}*/
--- a/src/libstrongswan/plugins/plugin_feature.c
+++ b/src/libstrongswan/plugins/plugin_feature.c
@ -412,8 +412,8 @@ char* plugin_feature_get_string(plugin_feature_t *feature)
 		case FEATURE_EAP_SERVER:
 		case FEATURE_EAP_PEER:
 			if (feature->arg.eap.vendor &&
-				asprintf(&str, "%N:%d-%d", plugin_feature_names, feature->type,
-					feature->arg.eap.type, feature->arg.eap.vendor) > 0)
+				asprintf(&str, "%N:%d-%N", plugin_feature_names, feature->type,
+					feature->arg.eap.type, pen_names, feature->arg.eap.vendor) > 0)
 			{
 				return str;
 			}