From 9efd7d7e90031657a87072cf422823a01e270c9c Mon Sep 17 00:00:00 2001 From: Tobias Brunner Date: Thu, 21 Jul 2022 13:19:56 +0200 Subject: [PATCH] eap: Print vendor (PEN) names for vendor-specific EAP methods --- src/libcharon/encoding/message.c | 3 +- .../plugins/eap_dynamic/eap_dynamic.c | 12 +++---- .../plugins/eap_peap/eap_peap_peer.c | 8 ++--- .../plugins/eap_peap/eap_peap_server.c | 4 +-- .../plugins/eap_ttls/eap_ttls_peer.c | 8 ++--- .../plugins/eap_ttls/eap_ttls_server.c | 4 +-- src/libcharon/plugins/vici/vici_config.c | 2 +- .../ikev2/authenticators/eap_authenticator.c | 31 ++++++++-------- src/libstrongswan/pen/pen.c | 35 +++++++++++++++++++ src/libstrongswan/pen/pen.h | 5 +++ src/libstrongswan/plugins/plugin_feature.c | 4 +-- 11 files changed, 79 insertions(+), 37 deletions(-) diff --git a/src/libcharon/encoding/message.c b/src/libcharon/encoding/message.c index 89882ac685..4494f23fd3 100644 --- a/src/libcharon/encoding/message.c +++ b/src/libcharon/encoding/message.c @@ -1344,7 +1344,8 @@ static char* get_string(private_message_t *this, char *buf, int len) { if (vendor) { - snprintf(method, sizeof(method), "/%d-%d", type, vendor); + snprintf(method, sizeof(method), "/%d-%N", type, + pen_short_names, vendor); } else { diff --git a/src/libcharon/plugins/eap_dynamic/eap_dynamic.c b/src/libcharon/plugins/eap_dynamic/eap_dynamic.c index 2654e18f38..5ecb187f70 100644 --- a/src/libcharon/plugins/eap_dynamic/eap_dynamic.c +++ b/src/libcharon/plugins/eap_dynamic/eap_dynamic.c @@ -93,8 +93,8 @@ static eap_method_t *load_method(private_eap_dynamic_t *this, { if (vendor) { - DBG1(DBG_IKE, "loading vendor specific EAP method %d-%d failed", - type, vendor); + DBG1(DBG_IKE, "loading vendor specific EAP method %d-%N failed", + type, pen_names, vendor); } else { @@ -135,9 +135,9 @@ static void select_method(private_eap_dynamic_t *this) { if (entry->vendor) { - DBG2(DBG_IKE, "proposed vendor specific EAP method %d-%d " + DBG2(DBG_IKE, "proposed vendor specific EAP method %d-%N " "not supported by %s, skipped", entry->type, - entry->vendor, who); + pen_names, entry->vendor, who); } else { @@ -157,8 +157,8 @@ static void select_method(private_eap_dynamic_t *this) } if (entry->vendor) { - DBG1(DBG_IKE, "vendor specific EAP method %d-%d selected", - entry->type, entry->vendor); + DBG1(DBG_IKE, "vendor specific EAP method %d-%N selected", + entry->type, pen_names, entry->vendor); } else { diff --git a/src/libcharon/plugins/eap_peap/eap_peap_peer.c b/src/libcharon/plugins/eap_peap/eap_peap_peer.c index 1350b7876a..eed40c0a7a 100644 --- a/src/libcharon/plugins/eap_peap/eap_peap_peer.c +++ b/src/libcharon/plugins/eap_peap/eap_peap_peer.c @@ -137,8 +137,8 @@ METHOD(tls_application_t, process, status_t, { if (received_vendor) { - DBG1(DBG_IKE, "server requested vendor specific EAP method %d-%d " - "(id 0x%02X)", received_type, received_vendor, + DBG1(DBG_IKE, "server requested vendor specific EAP method %d-%N " + "(id 0x%02X)", received_type, pen_names, received_vendor, in->get_identifier(in)); } else @@ -175,8 +175,8 @@ METHOD(tls_application_t, process, status_t, default: if (vendor) { - DBG1(DBG_IKE, "vendor specific EAP method %d-%d failed", - type, vendor); + DBG1(DBG_IKE, "vendor specific EAP method %d-%N failed", + type, pen_names, vendor); } else { diff --git a/src/libcharon/plugins/eap_peap/eap_peap_server.c b/src/libcharon/plugins/eap_peap/eap_peap_server.c index f27325df20..c5d97a16a1 100644 --- a/src/libcharon/plugins/eap_peap/eap_peap_server.c +++ b/src/libcharon/plugins/eap_peap/eap_peap_server.c @@ -317,8 +317,8 @@ METHOD(tls_application_t, process, status_t, default: if (vendor) { - DBG1(DBG_IKE, "vendor specific EAP method %d-%d failed", - type, vendor); + DBG1(DBG_IKE, "vendor specific EAP method %d-%N failed", + type, pen_names, vendor); } else { diff --git a/src/libcharon/plugins/eap_ttls/eap_ttls_peer.c b/src/libcharon/plugins/eap_ttls/eap_ttls_peer.c index 33e53556cd..4c8d338044 100644 --- a/src/libcharon/plugins/eap_ttls/eap_ttls_peer.c +++ b/src/libcharon/plugins/eap_ttls/eap_ttls_peer.c @@ -185,8 +185,8 @@ METHOD(tls_application_t, process, status_t, { if (received_vendor) { - DBG1(DBG_IKE, "server requested vendor specific EAP method %d-%d " - "(id 0x%02X)", received_type, received_vendor, + DBG1(DBG_IKE, "server requested vendor specific EAP method %d-%N " + "(id 0x%02X)", received_type, pen_names, received_vendor, in->get_identifier(in)); } else @@ -224,8 +224,8 @@ METHOD(tls_application_t, process, status_t, default: if (vendor) { - DBG1(DBG_IKE, "vendor specific EAP method %d-%d failed", - type, vendor); + DBG1(DBG_IKE, "vendor specific EAP method %d-%N failed", + type, pen_names, vendor); } else { diff --git a/src/libcharon/plugins/eap_ttls/eap_ttls_server.c b/src/libcharon/plugins/eap_ttls/eap_ttls_server.c index dce59a5539..d7279ce8c9 100644 --- a/src/libcharon/plugins/eap_ttls/eap_ttls_server.c +++ b/src/libcharon/plugins/eap_ttls/eap_ttls_server.c @@ -292,8 +292,8 @@ METHOD(tls_application_t, process, status_t, default: if (vendor) { - DBG1(DBG_IKE, "vendor specific EAP method %d-%d failed", - type, vendor); + DBG1(DBG_IKE, "vendor specific EAP method %d-%N failed", + type, pen_names, vendor); } else { diff --git a/src/libcharon/plugins/vici/vici_config.c b/src/libcharon/plugins/vici/vici_config.c index ab382eca5b..0c061d4b2d 100644 --- a/src/libcharon/plugins/vici/vici_config.c +++ b/src/libcharon/plugins/vici/vici_config.c @@ -370,7 +370,7 @@ static void log_auth(auth_cfg_t *auth) DBG2(DBG_CFG, " eap-type = %N", eap_type_names, v.u); break; case AUTH_RULE_EAP_VENDOR: - DBG2(DBG_CFG, " eap-vendor = %u", v.u); + DBG2(DBG_CFG, " eap-vendor = %N", pen_names, v.u); break; case AUTH_RULE_XAUTH_BACKEND: DBG2(DBG_CFG, " xauth = %s", v.str); diff --git a/src/libcharon/sa/ikev2/authenticators/eap_authenticator.c b/src/libcharon/sa/ikev2/authenticators/eap_authenticator.c index ffc41ef3d6..976ed623d3 100644 --- a/src/libcharon/sa/ikev2/authenticators/eap_authenticator.c +++ b/src/libcharon/sa/ikev2/authenticators/eap_authenticator.c @@ -203,8 +203,8 @@ static eap_payload_t* server_initiate_eap(private_eap_authenticator_t *this, type = this->method->get_type(this->method, &vendor); if (vendor) { - DBG1(DBG_IKE, "initiating EAP vendor type %d-%d method (id 0x%02X)", - type, vendor, out->get_identifier(out)); + DBG1(DBG_IKE, "initiating EAP vendor type %d-%N method (id 0x%02X)", + type, pen_names, vendor, out->get_identifier(out)); } else { @@ -218,8 +218,8 @@ static eap_payload_t* server_initiate_eap(private_eap_authenticator_t *this, } if (vendor) { - DBG1(DBG_IKE, "%s EAP vendor type %d-%d method failed", - action, type, vendor); + DBG1(DBG_IKE, "%s EAP vendor type %d-%N method failed", + action, type, pen_names, vendor); } else { @@ -320,8 +320,8 @@ static eap_payload_t* server_process_eap(private_eap_authenticator_t *this, } if (vendor) { - DBG1(DBG_IKE, "EAP vendor specific method %d-%d succeeded, " - "%sMSK established", type, vendor, + DBG1(DBG_IKE, "EAP vendor specific method %d-%N succeeded, " + "%sMSK established", type, pen_names, vendor, this->msk.ptr ? "" : "no "); } else @@ -340,8 +340,8 @@ failure: type = this->method->get_type(this->method, &vendor); if (vendor) { - DBG1(DBG_IKE, "EAP vendor specific method %d-%d failed for " - "peer %Y", type, vendor, + DBG1(DBG_IKE, "EAP vendor specific method %d-%N failed for " + "peer %Y", type, pen_names, vendor, this->ike_sa->get_other_id(this->ike_sa)); } else @@ -403,8 +403,8 @@ static eap_payload_t* client_process_eap(private_eap_authenticator_t *this, { if (vendor) { - DBG1(DBG_IKE, "server requested vendor specific EAP method %d-%d ", - "(id 0x%02X)", type, vendor, in->get_identifier(in)); + DBG1(DBG_IKE, "server requested vendor specific EAP method %d-%N ", + "(id 0x%02X)", type, pen_names, vendor, in->get_identifier(in)); } else { @@ -419,8 +419,8 @@ static eap_payload_t* client_process_eap(private_eap_authenticator_t *this, { if (conf_vendor) { - DBG1(DBG_IKE, "requesting EAP method %d-%d, sending EAP_NAK", - conf_type, conf_vendor); + DBG1(DBG_IKE, "requesting EAP method %d-%N, sending EAP_NAK", + conf_type, pen_names, conf_vendor); } else { @@ -448,7 +448,8 @@ static eap_payload_t* client_process_eap(private_eap_authenticator_t *this, if (vendor) { - DBG1(DBG_IKE, "vendor specific EAP method %d-%d failed", type, vendor); + DBG1(DBG_IKE, "vendor specific EAP method %d-%N failed", type, + pen_names, vendor); } else { @@ -693,8 +694,8 @@ METHOD(authenticator_t, process_client, status_t, type = this->method->get_type(this->method, &vendor); if (vendor) { - DBG1(DBG_IKE, "EAP vendor specific method %d-%d succeeded, " - "%sMSK established", type, vendor, + DBG1(DBG_IKE, "EAP vendor specific method %d-%N succeeded, " + "%sMSK established", type, pen_names, vendor, this->msk.ptr ? "" : "no "); } else diff --git a/src/libstrongswan/pen/pen.c b/src/libstrongswan/pen/pen.c index d6f12ddd9a..f9c524103e 100644 --- a/src/libstrongswan/pen/pen.c +++ b/src/libstrongswan/pen/pen.c @@ -50,3 +50,38 @@ ENUM_NEXT(pen_names, PEN_UNASSIGNED, PEN_RESERVED, PEN_OPENPTS, "Unassigned", "Reserved"); ENUM_END(pen_names, PEN_RESERVED); + +ENUM_BEGIN(pen_short_names, PEN_IETF, PEN_IETF, + "IETF"); +ENUM_NEXT(pen_short_names, PEN_IBM, PEN_IBM, PEN_IETF, + "IBM"); +ENUM_NEXT(pen_short_names, PEN_MICROSOFT, PEN_MICROSOFT, PEN_IBM, + "MS"); +ENUM_NEXT(pen_short_names, PEN_REDHAT, PEN_REDHAT, PEN_MICROSOFT, + "RH"); +ENUM_NEXT(pen_short_names, PEN_PWG, PEN_PWG, PEN_REDHAT, + "PWG"); +ENUM_NEXT(pen_short_names, PEN_ALTIGA, PEN_ALTIGA, PEN_PWG, + "ALT"); +ENUM_NEXT(pen_short_names, PEN_OSC, PEN_OSC, PEN_ALTIGA, + "OSC"); +ENUM_NEXT(pen_short_names, PEN_DEBIAN, PEN_DEBIAN, PEN_OSC, + "DEB"); +ENUM_NEXT(pen_short_names, PEN_GOOGLE, PEN_GOOGLE, PEN_DEBIAN, + "GOO"); +ENUM_NEXT(pen_short_names, PEN_TCG, PEN_TCG, PEN_GOOGLE, + "TCG"); +ENUM_NEXT(pen_short_names, PEN_CANONICAL, PEN_CANONICAL, PEN_TCG, + "CAN"); +ENUM_NEXT(pen_short_names, PEN_FEDORA, PEN_FEDORA, PEN_CANONICAL, + "FED"); +ENUM_NEXT(pen_short_names, PEN_FHH, PEN_FHH, PEN_FEDORA, + "FHH"); +ENUM_NEXT(pen_short_names, PEN_ITA, PEN_ITA, PEN_FHH, + "ITA"); +ENUM_NEXT(pen_short_names, PEN_OPENPTS, PEN_OPENPTS, PEN_ITA, + "PTS"); +ENUM_NEXT(pen_short_names, PEN_UNASSIGNED, PEN_RESERVED, PEN_OPENPTS, + "UNAS", + "RES"); +ENUM_END(pen_short_names, PEN_RESERVED); diff --git a/src/libstrongswan/pen/pen.h b/src/libstrongswan/pen/pen.h index 6b409669a0..23b3212aff 100644 --- a/src/libstrongswan/pen/pen.h +++ b/src/libstrongswan/pen/pen.h @@ -107,4 +107,9 @@ static inline bool pen_type_is(pen_type_t pen_type, */ extern enum_name_t *pen_names; +/** + * short enum names for pen_t. + */ +extern enum_name_t *pen_short_names; + #endif /** PEN_H_ @}*/ diff --git a/src/libstrongswan/plugins/plugin_feature.c b/src/libstrongswan/plugins/plugin_feature.c index 075230ab00..96bbb9a890 100644 --- a/src/libstrongswan/plugins/plugin_feature.c +++ b/src/libstrongswan/plugins/plugin_feature.c @@ -412,8 +412,8 @@ char* plugin_feature_get_string(plugin_feature_t *feature) case FEATURE_EAP_SERVER: case FEATURE_EAP_PEER: if (feature->arg.eap.vendor && - asprintf(&str, "%N:%d-%d", plugin_feature_names, feature->type, - feature->arg.eap.type, feature->arg.eap.vendor) > 0) + asprintf(&str, "%N:%d-%N", plugin_feature_names, feature->type, + feature->arg.eap.type, pen_names, feature->arg.eap.vendor) > 0) { return str; }