diff options
| author | tobhe <tobhe@cvs.openbsd.org> | 2020-03-24 19:14:54 +0000 |
|---|---|---|
| committer | tobhe <tobhe@cvs.openbsd.org> | 2020-03-24 19:14:54 +0000 |
| commit | b0f7f5a052a59e8c6ef333ce9b8216e988597bb6 (patch) | |
| tree | 3bba58398c4671ded3c7084ffcc4f82fd6b5b3b3 | |
| parent | 20b0adcae84dfbe01ef18dd51eb218b7b88630c7 (diff) | |
Add ikev2_print_static_id() to print static IDs in log_debug() output.
ok markus@
| -rw-r--r-- | sbin/iked/ca.c | 9 | ||||
| -rw-r--r-- | sbin/iked/iked.h | 3 | ||||
| -rw-r--r-- | sbin/iked/ikev2.c | 25 |
3 files changed, 32 insertions, 5 deletions
diff --git a/sbin/iked/ca.c b/sbin/iked/ca.c index 2c5c36f37bd..0f3aed1f480 100644 --- a/sbin/iked/ca.c +++ b/sbin/iked/ca.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ca.c,v 1.51 2020/03/24 19:11:46 tobhe Exp $ */ +/* $OpenBSD: ca.c,v 1.52 2020/03/24 19:14:53 tobhe Exp $ */ /* * Copyright (c) 2010-2013 Reyk Floeter <reyk@openbsd.org> @@ -444,6 +444,7 @@ ca_getreq(struct iked *env, struct imsg *imsg) X509 *ca = NULL, *cert = NULL; struct ibuf *buf; struct iked_static_id id; + char idstr[IKED_ID_SIZE]; ptr = (uint8_t *)imsg->data; len = IMSG_DATA_SIZE(imsg); @@ -503,8 +504,10 @@ ca_getreq(struct iked *env, struct imsg *imsg) /* If there is no matching certificate use local raw pubkey */ if (cert == NULL) { - log_debug("%s: no valid local certificate found", - SPI_SH(&sh, __func__)); + if (ikev2_print_static_id(&id, idstr, sizeof(idstr)) == -1) + return (-1); + log_debug("%s: no valid local certificate found for %s", + SPI_SH(&sh, __func__), idstr); if (store->ca_pubkey.id_buf == NULL) return (-1); buf = ibuf_dup(store->ca_pubkey.id_buf); diff --git a/sbin/iked/iked.h b/sbin/iked/iked.h index 785d6039c77..6decfacdeb7 100644 --- a/sbin/iked/iked.h +++ b/sbin/iked/iked.h @@ -1,4 +1,4 @@ -/* $OpenBSD: iked.h,v 1.136 2020/03/10 18:54:52 tobhe Exp $ */ +/* $OpenBSD: iked.h,v 1.137 2020/03/24 19:14:53 tobhe Exp $ */ /* * Copyright (c) 2019 Tobias Heider <tobias.heider@stusta.de> @@ -892,6 +892,7 @@ void ikev2_disable_rekeying(struct iked *, struct iked_sa *); int ikev2_rekey_sa(struct iked *, struct iked_spi *); int ikev2_drop_sa(struct iked *, struct iked_spi *); int ikev2_print_id(struct iked_id *, char *, size_t); +int ikev2_print_static_id(struct iked_static_id *, char *, size_t); const char *ikev2_ikesa_info(uint64_t, const char *msg); #define SPI_IH(hdr) ikev2_ikesa_info(betoh64((hdr)->ike_ispi), NULL) diff --git a/sbin/iked/ikev2.c b/sbin/iked/ikev2.c index 92d501cd879..dfafd4d3b0b 100644 --- a/sbin/iked/ikev2.c +++ b/sbin/iked/ikev2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ikev2.c,v 1.201 2020/03/24 18:57:25 tobhe Exp $ */ +/* $OpenBSD: ikev2.c,v 1.202 2020/03/24 19:14:53 tobhe Exp $ */ /* * Copyright (c) 2019 Tobias Heider <tobias.heider@stusta.de> @@ -5951,6 +5951,29 @@ done: } int +ikev2_print_static_id(struct iked_static_id *id, char *idstr, size_t idstrlen) +{ + struct iked_id idp; + int ret = -1; + + bzero(&idp, sizeof(idp)); + if ((idp.id_buf = ibuf_new(id->id_data, id->id_length)) == NULL) { + bzero(&idstr, sizeof(idstr)); + return (-1); + } + idp.id_type = id->id_type; + idp.id_offset = id->id_offset; + if (ikev2_print_id(&idp, idstr, sizeof(idstr)) == -1) { + bzero(&idstr, sizeof(idstr)); + goto done; + } + ret = 0; + done: + ibuf_release(idp.id_buf); + return (ret); +} + +int ikev2_print_id(struct iked_id *id, char *idstr, size_t idstrlen) { uint8_t buf[BUFSIZ], *ptr; |