pax_global_header 0000666 0000000 0000000 00000000064 12216323716 0014515 g ustar 00root root 0000000 0000000 52 comment=93e9be94dee4e562dd8be49facd7e2ab94417f47
src/ 0000775 0000000 0000000 00000000000 12216323716 0011650 5 ustar 00root root 0000000 0000000 src/frontends/ 0000775 0000000 0000000 00000000000 12216323716 0013652 5 ustar 00root root 0000000 0000000 src/frontends/osx/ 0000775 0000000 0000000 00000000000 12216323716 0014463 5 ustar 00root root 0000000 0000000 src/frontends/osx/.gitignore 0000664 0000000 0000000 00000000031 12216323716 0016445 0 ustar 00root root 0000000 0000000 xcuserdata
*.xcworkspace
src/frontends/osx/README.md 0000664 0000000 0000000 00000010310 12216323716 0015735 0 ustar 00root root 0000000 0000000 # strongSwan OS X App #
## Introduction ##
The strongSwan OS X App consists of two components:
* A frontend to configure and control connections
* A privileged helper daemon, controlled using XPC, called charon-xpc
The privileged helper daemon gets installed automatically using SMJobBless
functionality on its first use, and gets started automatically by Launchd when
needed.
charon-xpc is a special build linking statically against strongSwan components.
charon-xpc sources are not part of the official strongSwan distribution. Build
the charon-xpc tarball with:
git archive -o charon-xpc-$(grep AC_INIT configure.ac | \
cut -d '[' -f3 | cut -d ']' -f1).tar.bz2 \
HEAD src/frontends/osx
## Building strongSwan ##
strongSwan on OS X requires the libvstr library. The simplest way to install
it is using MacPorts. It gets statically linked to charon-xpc, hence it is not
needed to run the built App.
Before building the Xcode project, the strongSwan base tree must be built using
a monolithic and static build. This can be achieved on OS X by using:
LDFLAGS="-all_load -L/opt/local/lib" \
CFLAGS="-idirafter /opt/local/include -O2 -Wall -Wno-format -Wno-pointer-sign" \
./configure --enable-monolithic --disable-shared --enable-static \
--disable-defaults \
--enable-openssl --enable-kernel-pfkey --enable-kernel-pfroute \
--enable-eap-mschapv2 --enable-eap-identity --enable-nonce \
--enable-random --enable-pkcs1 --enable-pem --enable-socket-default \
--enable-xauth-generic --enable-keychain --enable-charon \
--enable-ikev1 --enable-ikev2
followed by calling make (no need to make install).
Building charon-xpc using the Xcode project yields a single binary without
any non OS X dependencies.
Both charon-xpc and the App must be code-signed to allow the installation of
the privileged helper. git-grep for "Joe Developer" to change the signing
identity.
## XPC application protocol ##
charon-xpc provides a Mach service under the name _org.strongswan.charon-xpc_.
Clients can connect to this service to control the daemon. All messages
on all connections use the following string dictionary keys/values:
* _type_: XPC message type, currently either
* _rpc_ for a remote procedure call, expects a response
* _event_ for application specific event messages
* _rpc_: defines the name of the RPC function to call (for _type_ = _rpc_)
* _event_: defines a name for the event (for _type_ = _event_)
Additional arguments and return values are specified by the call and can have
any type. Keys are directly attached to the message dictionary.
On the Mach service connection, the following RPC messages are currently
defined:
* string version = get_version()
* _version_: strongSwan version of charon-xpc
* bool success = start_connection(string name, string host, string id,
endpoint channel)
* _success_: TRUE if initiation started successfully
* _name_: connection name to initiate
* _host_: server hostname (and identity)
* _id_: client identity to use
* _channel_: XPC endpoint for this connection
The start_connection() RPC returns just after the initation of the call and
does not wait for the connection to establish. Nonetheless does it have a
return value to indicate if connection initiation could be triggered.
The App passes an (anonymous) XPC endpoint to start_connection(). If the call
succeeds, charon-xpc connects to this endpoint to establish a channel used for
this specific IKE connection.
On this channel, the following RPC calls are currently defined from charon-xpc
to the App:
* string password = get_password(string username)
* _password_: user password returned
* _username_: username to query a password for
And the following from the App to charon-xpc:
* bool success = stop_connection()
* _success_: TRUE if termination of connection initiated
The following events are currently defined from charon-xpc to the App:
* up(): IKE_SA has been established
* down(): IKE_SA has been closed or failed to establish
* child_up(string local_ts, string remote_ts): CHILD_SA has been established
* child_down(string local_ts, string remote_ts): CHILD_SA has been closed
* log(string message): debug log message for this connection
src/frontends/osx/charon-xpc/ 0000775 0000000 0000000 00000000000 12216323716 0016525 5 ustar 00root root 0000000 0000000 src/frontends/osx/charon-xpc/charon-xpc-Info.plist 0000664 0000000 0000000 00000001106 12216323716 0022533 0 ustar 00root root 0000000 0000000
CFBundleIdentifier
org.strongswan.charon-xpc
CFBundleInfoDictionaryVersion
6.0
CFBundleName
charon-xpc
CFBundleVersion
1.0
SMAuthorizedClients
identifier org.strongswan.osx and certificate leaf[subject.CN] = "Joe Developer"
src/frontends/osx/charon-xpc/charon-xpc-Launchd.plist 0000664 0000000 0000000 00000000525 12216323716 0023222 0 ustar 00root root 0000000 0000000
Label
org.strongswan.charon-xpc
MachServices
org.strongswan.charon-xpc
src/frontends/osx/charon-xpc/charon-xpc.c 0000664 0000000 0000000 00000012371 12216323716 0020737 0 ustar 00root root 0000000 0000000 /*
* Copyright (C) 2013 Martin Willi
* Copyright (C) 2013 revosec AG
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
* Free Software Foundation; either version 2 of the License, or (at your
* option) any later version. See .
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*/
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include "xpc_dispatch.h"
/**
* XPC dispatcher class
*/
static xpc_dispatch_t *dispatcher;
/**
* atexit() cleanup for dispatcher
*/
void dispatcher_cleanup()
{
DESTROY_IF(dispatcher);
}
/**
* Loglevel configuration
*/
static level_t levels[DBG_MAX];
/**
* hook in library for debugging messages
*/
extern void (*dbg) (debug_t group, level_t level, char *fmt, ...);
/**
* Logging hook for library logs, using stderr output
*/
static void dbg_stderr(debug_t group, level_t level, char *fmt, ...)
{
va_list args;
if (level <= 1)
{
va_start(args, fmt);
fprintf(stderr, "00[%N] ", debug_names, group);
vfprintf(stderr, fmt, args);
fprintf(stderr, "\n");
va_end(args);
}
}
/**
* Run the daemon and handle unix signals
*/
static int run()
{
sigset_t set;
sigemptyset(&set);
sigaddset(&set, SIGINT);
sigaddset(&set, SIGTERM);
sigprocmask(SIG_BLOCK, &set, NULL);
while (TRUE)
{
int sig;
if (sigwait(&set, &sig))
{
DBG1(DBG_DMN, "error while waiting for a signal");
return 1;
}
switch (sig)
{
case SIGINT:
DBG1(DBG_DMN, "signal of type SIGINT received. Shutting down");
charon->bus->alert(charon->bus, ALERT_SHUTDOWN_SIGNAL, sig);
return 0;
case SIGTERM:
DBG1(DBG_DMN, "signal of type SIGTERM received. Shutting down");
charon->bus->alert(charon->bus, ALERT_SHUTDOWN_SIGNAL, sig);
return 0;
default:
DBG1(DBG_DMN, "unknown signal %d received. Ignored", sig);
break;
}
}
}
/**
* Handle SIGSEGV/SIGILL signals raised by threads
*/
static void segv_handler(int signal)
{
backtrace_t *backtrace;
DBG1(DBG_DMN, "thread %u received %d", thread_current_id(), signal);
backtrace = backtrace_create(2);
backtrace->log(backtrace, NULL, TRUE);
backtrace->destroy(backtrace);
DBG1(DBG_DMN, "killing ourself, received critical signal");
abort();
}
/**
* PF_ROUTE for some reason does not send an event for the first address
* installed after a fresh boot. Fix this by installing a fake tun address
* just to remove it afterwards.
*/
static void fixup_pf_route()
{
tun_device_t *tun;
host_t *host;
tun = tun_device_create(NULL);
if (tun)
{
if (tun->up(tun))
{
host = host_create_from_string("127.0.0.99", 0);
tun->set_address(tun, host, 32);
host->destroy(host);
}
tun->destroy(tun);
}
}
/**
* Main function, starts the daemon.
*/
int main(int argc, char *argv[])
{
struct sigaction action;
struct utsname utsname;
int group;
dbg = dbg_stderr;
atexit(library_deinit);
if (!library_init(NULL))
{
exit(SS_RC_LIBSTRONGSWAN_INTEGRITY);
}
if (lib->integrity)
{
if (!lib->integrity->check_file(lib->integrity, "charon-xpc", argv[0]))
{
exit(SS_RC_DAEMON_INTEGRITY);
}
}
atexit(libhydra_deinit);
if (!libhydra_init("charon-xpc"))
{
exit(SS_RC_INITIALIZATION_FAILED);
}
atexit(libcharon_deinit);
if (!libcharon_init("charon-xpc"))
{
exit(SS_RC_INITIALIZATION_FAILED);
}
for (group = 0; group < DBG_MAX; group++)
{
levels[group] = LEVEL_CTRL;
}
charon->load_loggers(charon, levels, TRUE);
lib->settings->set_default_str(lib->settings, "charon-cmd.port", "0");
lib->settings->set_default_str(lib->settings, "charon-cmd.port_nat_t", "0");
lib->settings->set_default_str(lib->settings,
"charon-cmd.close_ike_on_child_failure", "yes");
if (!charon->initialize(charon,
lib->settings->get_str(lib->settings, "charon-xpc.load",
"random nonce pem pkcs1 openssl kernel-pfkey kernel-pfroute "
"keychain socket-default eap-identity eap-mschapv2 osx-attr")))
{
exit(SS_RC_INITIALIZATION_FAILED);
}
if (uname(&utsname) != 0)
{
memset(&utsname, 0, sizeof(utsname));
}
DBG1(DBG_DMN, "Starting charon-xpc IKE daemon (strongSwan %s, %s %s, %s)",
VERSION, utsname.sysname, utsname.release, utsname.machine);
/* add handler for SEGV and ILL,
* INT, TERM and HUP are handled by sigwait() in run() */
action.sa_handler = segv_handler;
action.sa_flags = 0;
sigemptyset(&action.sa_mask);
sigaddset(&action.sa_mask, SIGINT);
sigaddset(&action.sa_mask, SIGTERM);
sigaddset(&action.sa_mask, SIGHUP);
sigaction(SIGSEGV, &action, NULL);
sigaction(SIGILL, &action, NULL);
sigaction(SIGBUS, &action, NULL);
action.sa_handler = SIG_IGN;
sigaction(SIGPIPE, &action, NULL);
pthread_sigmask(SIG_SETMASK, &action.sa_mask, NULL);
dispatcher = xpc_dispatch_create();
if (!dispatcher)
{
exit(SS_RC_INITIALIZATION_FAILED);
}
atexit(dispatcher_cleanup);
charon->start(charon);
fixup_pf_route();
return run();
}
src/frontends/osx/charon-xpc/xpc_channels.c 0000664 0000000 0000000 00000030236 12216323716 0021342 0 ustar 00root root 0000000 0000000 /*
* Copyright (C) 2013 Martin Willi
* Copyright (C) 2013 revosec AG
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
* Free Software Foundation; either version 2 of the License, or (at your
* option) any later version. See .
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*/
#include "xpc_channels.h"
#include "xpc_logger.h"
#include
#include
#include
#include
typedef struct private_xpc_channels_t private_xpc_channels_t;
/**
* Private data of an xpc_channels_t object.
*/
struct private_xpc_channels_t {
/**
* Public xpc_channels_t interface.
*/
xpc_channels_t public;
/**
* Registered channels, IKE_SA unique ID => entry_t
*/
hashtable_t *channels;
/**
* Lock for channels list
*/
rwlock_t *lock;
/**
* Callback credential set for passwords
*/
callback_cred_t *creds;
};
/**
* Channel entry
*/
typedef struct {
/* XPC channel to App */
xpc_connection_t conn;
/* associated IKE_SA unique identifier */
uintptr_t sa;
/* did we already ask for a password? */
bool passworded;
/* channel specific logger */
xpc_logger_t *logger;
} entry_t;
/**
* Clean up an entry, cancelling connection
*/
static void destroy_entry(entry_t *entry)
{
charon->bus->remove_logger(charon->bus, &entry->logger->logger);
entry->logger->destroy(entry->logger);
xpc_connection_suspend(entry->conn);
xpc_release(entry->conn);
free(entry);
}
/**
* Find an IKE_SA unique identifier by a given XPC channel
*/
static u_int32_t find_ike_sa_by_conn(private_xpc_channels_t *this,
xpc_connection_t conn)
{
enumerator_t *enumerator;
entry_t *entry;
u_int32_t ike_sa = 0;
this->lock->read_lock(this->lock);
enumerator = this->channels->create_enumerator(this->channels);
while (enumerator->enumerate(enumerator, NULL, &entry))
{
if (entry->conn == conn)
{
ike_sa = entry->sa;
break;
}
}
enumerator->destroy(enumerator);
this->lock->unlock(this->lock);
return ike_sa;
}
/**
* Remove an entry for a given XPC connection
*/
static void remove_conn(private_xpc_channels_t *this, xpc_connection_t conn)
{
uintptr_t ike_sa;
entry_t *entry;
ike_sa = find_ike_sa_by_conn(this, conn);
if (ike_sa)
{
this->lock->write_lock(this->lock);
entry = this->channels->remove(this->channels, (void*)ike_sa);
this->lock->unlock(this->lock);
if (entry)
{
destroy_entry(entry);
}
}
}
/**
* Trigger termination of a connection
*/
static void stop_connection(private_xpc_channels_t *this, u_int32_t ike_sa,
xpc_object_t request, xpc_object_t reply)
{
status_t status;
status = charon->controller->terminate_ike(charon->controller, ike_sa,
NULL, NULL, 0);
xpc_dictionary_set_bool(reply, "success", status != NOT_FOUND);
}
/**
* XPC RPC command dispatch table
*/
static struct {
char *name;
void (*handler)(private_xpc_channels_t *this, u_int32_t ike_sa,
xpc_object_t request, xpc_object_t reply);
} commands[] = {
{ "stop_connection", stop_connection },
};
/**
* Handle a request message from App
*/
static void handle(private_xpc_channels_t *this, xpc_connection_t conn,
xpc_object_t request)
{
xpc_object_t reply;
const char *type, *rpc;
bool found = FALSE;
u_int32_t ike_sa;
int i;
type = xpc_dictionary_get_string(request, "type");
if (type)
{
if (streq(type, "rpc"))
{
reply = xpc_dictionary_create_reply(request);
rpc = xpc_dictionary_get_string(request, "rpc");
ike_sa = find_ike_sa_by_conn(this, conn);
if (reply && rpc && ike_sa)
{
for (i = 0; i < countof(commands); i++)
{
if (streq(commands[i].name, rpc))
{
found = TRUE;
commands[i].handler(this, ike_sa, request, reply);
break;
}
}
}
if (!found)
{
DBG1(DBG_CFG, "received invalid XPC rpc command: %s", rpc);
}
if (reply)
{
xpc_connection_send_message(conn, reply);
xpc_release(reply);
}
}
else
{
DBG1(DBG_CFG, "received unknown XPC message type: %s", type);
}
}
else
{
DBG1(DBG_CFG, "received XPC message without a type");
}
}
METHOD(xpc_channels_t, add, void,
private_xpc_channels_t *this, xpc_connection_t conn, u_int32_t ike_sa)
{
entry_t *entry;
INIT(entry,
.conn = conn,
.sa = ike_sa,
.logger = xpc_logger_create(conn),
);
xpc_connection_set_event_handler(entry->conn, ^(xpc_object_t event)
{
if (event == XPC_ERROR_CONNECTION_INVALID ||
event == XPC_ERROR_CONNECTION_INTERRUPTED)
{
remove_conn(this, conn);
}
else if (xpc_get_type(event) == XPC_TYPE_DICTIONARY)
{
handle(this, conn, event);
}
});
entry->logger->set_ike_sa(entry->logger, entry->sa);
charon->bus->add_logger(charon->bus, &entry->logger->logger);
this->lock->write_lock(this->lock);
this->channels->put(this->channels, (void*)entry->sa, entry);
this->lock->unlock(this->lock);
xpc_connection_resume(conn);
}
METHOD(listener_t, alert, bool,
private_xpc_channels_t *this, ike_sa_t *ike_sa, alert_t alert, va_list args)
{
const char *desc;
switch (alert)
{
case ALERT_LOCAL_AUTH_FAILED:
desc = "local-auth";
break;
case ALERT_PEER_AUTH_FAILED:
desc = "remote-auth";
break;
case ALERT_PEER_ADDR_FAILED:
desc = "dns";
break;
case ALERT_PEER_INIT_UNREACHABLE:
desc = "unreachable";
break;
case ALERT_RETRANSMIT_SEND_TIMEOUT:
desc = "timeout";
break;
case ALERT_PROPOSAL_MISMATCH_IKE:
case ALERT_PROPOSAL_MISMATCH_CHILD:
desc = "proposal-mismatch";
break;
case ALERT_TS_MISMATCH:
desc = "ts-mismatch";
break;
default:
return TRUE;
}
if (ike_sa)
{
entry_t *entry;
uintptr_t sa;
sa = ike_sa->get_unique_id(ike_sa);
this->lock->read_lock(this->lock);
entry = this->channels->get(this->channels, (void*)sa);
if (entry)
{
xpc_object_t msg;
msg = xpc_dictionary_create(NULL, NULL, 0);
xpc_dictionary_set_string(msg, "type", "event");
xpc_dictionary_set_string(msg, "event", "alert");
xpc_dictionary_set_string(msg, "alert", desc);
xpc_connection_send_message(entry->conn, msg);
xpc_release(msg);
}
this->lock->unlock(this->lock);
}
return TRUE;
}
METHOD(listener_t, ike_rekey, bool,
private_xpc_channels_t *this, ike_sa_t *old, ike_sa_t *new)
{
entry_t *entry;
uintptr_t sa;
sa = old->get_unique_id(old);
this->lock->write_lock(this->lock);
entry = this->channels->remove(this->channels, (void*)sa);
if (entry)
{
entry->sa = new->get_unique_id(new);
entry->logger->set_ike_sa(entry->logger, entry->sa);
this->channels->put(this->channels, (void*)entry->sa, entry);
}
this->lock->unlock(this->lock);
return TRUE;
}
METHOD(listener_t, ike_state_change, bool,
private_xpc_channels_t *this, ike_sa_t *ike_sa, ike_sa_state_t state)
{
if (state == IKE_CONNECTING)
{
entry_t *entry;
uintptr_t sa;
sa = ike_sa->get_unique_id(ike_sa);
this->lock->read_lock(this->lock);
entry = this->channels->get(this->channels, (void*)sa);
if (entry)
{
xpc_object_t msg;
msg = xpc_dictionary_create(NULL, NULL, 0);
xpc_dictionary_set_string(msg, "type", "event");
xpc_dictionary_set_string(msg, "event", "connecting");
xpc_connection_send_message(entry->conn, msg);
xpc_release(msg);
}
this->lock->unlock(this->lock);
}
return TRUE;
}
METHOD(listener_t, child_updown, bool,
private_xpc_channels_t *this, ike_sa_t *ike_sa,
child_sa_t *child_sa, bool up)
{
entry_t *entry;
uintptr_t sa;
sa = ike_sa->get_unique_id(ike_sa);
this->lock->read_lock(this->lock);
entry = this->channels->get(this->channels, (void*)sa);
if (entry)
{
xpc_object_t msg;
linked_list_t *list;
char buf[256];
msg = xpc_dictionary_create(NULL, NULL, 0);
xpc_dictionary_set_string(msg, "type", "event");
if (up)
{
xpc_dictionary_set_string(msg, "event", "child_up");
}
else
{
xpc_dictionary_set_string(msg, "event", "child_down");
}
list = child_sa->get_traffic_selectors(child_sa, TRUE);
snprintf(buf, sizeof(buf), "%#R", list);
xpc_dictionary_set_string(msg, "ts_local", buf);
list = child_sa->get_traffic_selectors(child_sa, FALSE);
snprintf(buf, sizeof(buf), "%#R", list);
xpc_dictionary_set_string(msg, "ts_remote", buf);
xpc_connection_send_message(entry->conn, msg);
xpc_release(msg);
}
this->lock->unlock(this->lock);
return TRUE;
}
METHOD(listener_t, ike_updown, bool,
private_xpc_channels_t *this, ike_sa_t *ike_sa, bool up)
{
xpc_object_t msg;
entry_t *entry;
uintptr_t sa;
sa = ike_sa->get_unique_id(ike_sa);
if (up)
{
this->lock->read_lock(this->lock);
entry = this->channels->get(this->channels, (void*)sa);
if (entry)
{
msg = xpc_dictionary_create(NULL, NULL, 0);
xpc_dictionary_set_string(msg, "type", "event");
xpc_dictionary_set_string(msg, "event", "up");
xpc_connection_send_message(entry->conn, msg);
xpc_release(msg);
}
this->lock->unlock(this->lock);
}
else
{
this->lock->write_lock(this->lock);
entry = this->channels->remove(this->channels, (void*)sa);
this->lock->unlock(this->lock);
if (entry)
{
msg = xpc_dictionary_create(NULL, NULL, 0);
xpc_dictionary_set_string(msg, "type", "event");
xpc_dictionary_set_string(msg, "event", "down");
xpc_connection_send_message(entry->conn, msg);
xpc_release(msg);
xpc_connection_send_barrier(entry->conn, ^() {
destroy_entry(entry);
});
}
}
return TRUE;
}
/**
* Query password from App using XPC channel
*/
static shared_key_t *query_password(xpc_connection_t conn, identification_t *id)
{
char buf[128], *password;
xpc_object_t request, response;
shared_key_t *shared = NULL;
request = xpc_dictionary_create(NULL, NULL, 0);
xpc_dictionary_set_string(request, "type", "rpc");
xpc_dictionary_set_string(request, "rpc", "get_password");
snprintf(buf, sizeof(buf), "%Y", id);
xpc_dictionary_set_string(request, "username", buf);
response = xpc_connection_send_message_with_reply_sync(conn, request);
xpc_release(request);
if (xpc_get_type(response) == XPC_TYPE_DICTIONARY)
{
password = (char*)xpc_dictionary_get_string(response, "password");
if (password)
{
shared = shared_key_create(SHARED_EAP,
chunk_clone(chunk_from_str(password)));
}
}
xpc_release(response);
return shared;
}
/**
* Password query callback
*/
static shared_key_t* password_cb(private_xpc_channels_t *this,
shared_key_type_t type,
identification_t *me, identification_t *other,
id_match_t *match_me, id_match_t *match_other)
{
shared_key_t *shared = NULL;
ike_sa_t *ike_sa;
entry_t *entry;
u_int32_t sa;
switch (type)
{
case SHARED_EAP:
break;
default:
return NULL;
}
ike_sa = charon->bus->get_sa(charon->bus);
if (ike_sa)
{
sa = ike_sa->get_unique_id(ike_sa);
this->lock->read_lock(this->lock);
entry = this->channels->get(this->channels, (void*)sa);
if (entry && !entry->passworded)
{
entry->passworded = TRUE;
shared = query_password(entry->conn, me);
if (shared)
{
if (match_me)
{
*match_me = ID_MATCH_PERFECT;
}
if (match_other)
{
*match_other = ID_MATCH_PERFECT;
}
}
}
this->lock->unlock(this->lock);
}
return shared;
}
METHOD(xpc_channels_t, destroy, void,
private_xpc_channels_t *this)
{
lib->credmgr->remove_set(lib->credmgr, &this->creds->set);
this->creds->destroy(this->creds);
this->channels->destroy(this->channels);
this->lock->destroy(this->lock);
free(this);
}
/**
* See header
*/
xpc_channels_t *xpc_channels_create()
{
private_xpc_channels_t *this;
INIT(this,
.public = {
.listener = {
.alert = _alert,
.ike_updown = _ike_updown,
.ike_rekey = _ike_rekey,
.ike_state_change = _ike_state_change,
.child_updown = _child_updown,
},
.add = _add,
.destroy = _destroy,
},
.channels = hashtable_create(hashtable_hash_ptr,
hashtable_equals_ptr, 4),
.lock = rwlock_create(RWLOCK_TYPE_DEFAULT),
);
this->creds = callback_cred_create_shared(
(callback_cred_shared_cb_t)password_cb, this);
lib->credmgr->add_set(lib->credmgr, &this->creds->set);
return &this->public;
}
src/frontends/osx/charon-xpc/xpc_channels.h 0000664 0000000 0000000 00000002624 12216323716 0021347 0 ustar 00root root 0000000 0000000 /*
* Copyright (C) 2013 Martin Willi
* Copyright (C) 2013 revosec AG
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
* Free Software Foundation; either version 2 of the License, or (at your
* option) any later version. See .
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*/
/**
* @defgroup xpc_channels xpc_channels
* @{ @ingroup xpc
*/
#ifndef XPC_CHANNELS_H_
#define XPC_CHANNELS_H_
#include
#include
typedef struct xpc_channels_t xpc_channels_t;
/**
* XPC to App channel management.
*/
struct xpc_channels_t {
/**
* Implements listener_t.
*/
listener_t listener;
/**
* Associate an IKE_SA unique identifier to an XPC connection.
*
* @param conn XPC connection to channel
* @param ike_sa IKE_SA unique identifier to associate to connection
*/
void (*add)(xpc_channels_t *this, xpc_connection_t conn, u_int32_t ike_sa);
/**
* Destroy a xpc_channels_t.
*/
void (*destroy)(xpc_channels_t *this);
};
/**
* Create a xpc_channels instance.
*/
xpc_channels_t *xpc_channels_create();
#endif /** XPC_CHANNELS_H_ @}*/
src/frontends/osx/charon-xpc/xpc_dispatch.c 0000664 0000000 0000000 00000020335 12216323716 0021345 0 ustar 00root root 0000000 0000000 /*
* Copyright (C) 2013 Martin Willi
* Copyright (C) 2013 revosec AG
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
* Free Software Foundation; either version 2 of the License, or (at your
* option) any later version. See .
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*/
#include "xpc_dispatch.h"
#include "xpc_channels.h"
#include
#include
#include
#include
#include
typedef struct private_xpc_dispatch_t private_xpc_dispatch_t;
/**
* Private data of an xpc_dispatch_t object.
*/
struct private_xpc_dispatch_t {
/**
* Public xpc_dispatch_t interface.
*/
xpc_dispatch_t public;
/**
* XPC service we offer
*/
xpc_connection_t service;
/**
* XPC IKE_SA specific channels to App
*/
xpc_channels_t *channels;
/**
* GCD queue for XPC events
*/
dispatch_queue_t queue;
/**
* Number of active App connections
*/
refcount_t refcount;
/**
* PID of main thread
*/
pid_t pid;
};
/**
* Return version of this helper
*/
static void get_version(private_xpc_dispatch_t *this,
xpc_object_t request, xpc_object_t reply)
{
xpc_dictionary_set_string(reply, "version", PACKAGE_VERSION);
}
/**
* Create peer config with associated ike config
*/
static peer_cfg_t* create_peer_cfg(char *name, char *host)
{
ike_cfg_t *ike_cfg;
peer_cfg_t *peer_cfg;
u_int16_t local_port, remote_port = IKEV2_UDP_PORT;
local_port = charon->socket->get_port(charon->socket, FALSE);
if (local_port != IKEV2_UDP_PORT)
{
remote_port = IKEV2_NATT_PORT;
}
ike_cfg = ike_cfg_create(IKEV2, FALSE, FALSE, "0.0.0.0", FALSE, local_port,
host, FALSE, remote_port, FRAGMENTATION_NO, 0);
ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE));
peer_cfg = peer_cfg_create(name, ike_cfg,
CERT_SEND_IF_ASKED, UNIQUE_REPLACE, 1, /* keyingtries */
36000, 0, /* rekey 10h, reauth none */
600, 600, /* jitter, over 10min */
TRUE, FALSE, /* mobike, aggressive */
30, 0, /* DPD delay, timeout */
FALSE, NULL, NULL); /* mediation */
peer_cfg->add_virtual_ip(peer_cfg, host_create_from_string("0.0.0.0", 0));
return peer_cfg;
}
/**
* Add a single auth cfg of given class to peer cfg
*/
static void add_auth_cfg(peer_cfg_t *peer_cfg, bool local,
char *id, auth_class_t class)
{
auth_cfg_t *auth;
auth = auth_cfg_create();
auth->add(auth, AUTH_RULE_AUTH_CLASS, class);
auth->add(auth, AUTH_RULE_IDENTITY, identification_create_from_string(id));
peer_cfg->add_auth_cfg(peer_cfg, auth, local);
}
/**
* Attach child config to peer config
*/
static child_cfg_t* create_child_cfg(char *name)
{
child_cfg_t *child_cfg;
traffic_selector_t *ts;
lifetime_cfg_t lifetime = {
.time = {
.life = 10800 /* 3h */,
.rekey = 10200 /* 2h50min */,
.jitter = 300 /* 5min */
}
};
child_cfg = child_cfg_create(name, &lifetime,
NULL, FALSE, MODE_TUNNEL, /* updown, hostaccess */
ACTION_NONE, ACTION_NONE, ACTION_NONE, FALSE,
0, 0, NULL, NULL, 0);
child_cfg->add_proposal(child_cfg, proposal_create_from_string(PROTO_ESP,
"aes128gcm8-aes128gcm12-aes128gcm16-"
"aes256gcm8-aes256gcm12-aes256gcm16"));
child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP));
ts = traffic_selector_create_dynamic(0, 0, 65535);
child_cfg->add_traffic_selector(child_cfg, TRUE, ts);
ts = traffic_selector_create_from_string(0, TS_IPV4_ADDR_RANGE,
"0.0.0.0", 0, "255.255.255.255", 65535);
child_cfg->add_traffic_selector(child_cfg, FALSE, ts);
return child_cfg;
}
/**
* Controller initiate callback
*/
static bool initiate_cb(u_int32_t *sa, debug_t group, level_t level,
ike_sa_t *ike_sa, const char *message)
{
if (ike_sa)
{
*sa = ike_sa->get_unique_id(ike_sa);
return FALSE;
}
return TRUE;
}
/**
* Start initiating an IKE connection
*/
void start_connection(private_xpc_dispatch_t *this,
xpc_object_t request, xpc_object_t reply)
{
peer_cfg_t *peer_cfg;
child_cfg_t *child_cfg;
char *name, *id, *host;
bool success = FALSE;
xpc_endpoint_t endpoint;
xpc_connection_t channel;
u_int32_t ike_sa;
name = (char*)xpc_dictionary_get_string(request, "name");
host = (char*)xpc_dictionary_get_string(request, "host");
id = (char*)xpc_dictionary_get_string(request, "id");
endpoint = xpc_dictionary_get_value(request, "channel");
channel = xpc_connection_create_from_endpoint(endpoint);
if (name && id && host && channel)
{
peer_cfg = create_peer_cfg(name, host);
add_auth_cfg(peer_cfg, TRUE, id, AUTH_CLASS_EAP);
add_auth_cfg(peer_cfg, FALSE, host, AUTH_CLASS_ANY);
child_cfg = create_child_cfg(name);
peer_cfg->add_child_cfg(peer_cfg, child_cfg->get_ref(child_cfg));
if (charon->controller->initiate(charon->controller, peer_cfg, child_cfg,
(controller_cb_t)initiate_cb, &ike_sa, 0) == NEED_MORE)
{
this->channels->add(this->channels, channel, ike_sa);
success = TRUE;
}
}
xpc_dictionary_set_bool(reply, "success", success);
}
/**
* XPC RPC command dispatch table
*/
static struct {
char *name;
void (*handler)(private_xpc_dispatch_t *this,
xpc_object_t request, xpc_object_t reply);
} commands[] = {
{ "get_version", get_version },
{ "start_connection", start_connection },
};
/**
* Handle a received XPC request message
*/
static void handle(private_xpc_dispatch_t *this, xpc_object_t request)
{
xpc_connection_t client;
xpc_object_t reply;
const char *type, *rpc;
bool found = FALSE;
int i;
type = xpc_dictionary_get_string(request, "type");
if (type)
{
if (streq(type, "rpc"))
{
reply = xpc_dictionary_create_reply(request);
rpc = xpc_dictionary_get_string(request, "rpc");
if (reply && rpc)
{
for (i = 0; i < countof(commands); i++)
{
if (streq(commands[i].name, rpc))
{
found = TRUE;
commands[i].handler(this, request, reply);
break;
}
}
}
if (!found)
{
DBG1(DBG_CFG, "received invalid XPC rpc command: %s", rpc);
}
if (reply)
{
client = xpc_dictionary_get_remote_connection(request);
xpc_connection_send_message(client, reply);
xpc_release(reply);
}
}
else
{
DBG1(DBG_CFG, "received unknown XPC message type: %s", type);
}
}
else
{
DBG1(DBG_CFG, "received XPC message without a type");
}
}
/**
* Finalizer for client connections
*/
static void cleanup_connection(private_xpc_dispatch_t *this)
{
if (ref_put(&this->refcount))
{
DBG1(DBG_CFG, "no XPC connections, raising SIGTERM");
kill(this->pid, SIGTERM);
}
}
/**
* Set up GCD handler for XPC events
*/
static void set_handler(private_xpc_dispatch_t *this)
{
xpc_connection_set_event_handler(this->service, ^(xpc_object_t conn)
{
xpc_connection_set_event_handler(conn, ^(xpc_object_t event)
{
if (xpc_get_type(event) == XPC_TYPE_DICTIONARY)
{
handle(this, event);
}
});
ref_get(&this->refcount);
xpc_connection_set_context(conn, this);
xpc_connection_set_finalizer_f(conn, (void*)cleanup_connection);
xpc_connection_resume(conn);
});
xpc_connection_resume(this->service);
}
METHOD(xpc_dispatch_t, destroy, void,
private_xpc_dispatch_t *this)
{
charon->bus->remove_listener(charon->bus, &this->channels->listener);
this->channels->destroy(this->channels);
if (this->service)
{
xpc_connection_suspend(this->service);
xpc_release(this->service);
}
free(this);
}
/**
* See header
*/
xpc_dispatch_t *xpc_dispatch_create()
{
private_xpc_dispatch_t *this;
INIT(this,
.public = {
.destroy = _destroy,
},
.channels = xpc_channels_create(),
.queue = dispatch_queue_create("org.strongswan.charon-xpc.q",
DISPATCH_QUEUE_CONCURRENT),
.pid = getpid(),
);
charon->bus->add_listener(charon->bus, &this->channels->listener);
this->service = xpc_connection_create_mach_service(
"org.strongswan.charon-xpc", this->queue,
XPC_CONNECTION_MACH_SERVICE_LISTENER);
if (!this->service)
{
destroy(this);
return NULL;
}
set_handler(this);
return &this->public;
}
src/frontends/osx/charon-xpc/xpc_dispatch.h 0000664 0000000 0000000 00000002044 12216323716 0021347 0 ustar 00root root 0000000 0000000 /*
* Copyright (C) 2013 Martin Willi
* Copyright (C) 2013 revosec AG
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
* Free Software Foundation; either version 2 of the License, or (at your
* option) any later version. See .
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*/
/**
* @defgroup xpc_dispatch xpc_dispatch
* @{ @ingroup xpc
*/
#ifndef XPC_DISPATCH_H_
#define XPC_DISPATCH_H_
typedef struct xpc_dispatch_t xpc_dispatch_t;
/**
* XPC dispatcher to control the daemon.
*/
struct xpc_dispatch_t {
/**
* Destroy a xpc_dispatch_t.
*/
void (*destroy)(xpc_dispatch_t *this);
};
/**
* Create a xpc_dispatch instance.
*/
xpc_dispatch_t *xpc_dispatch_create();
#endif /** XPC_DISPATCH_H_ @}*/
src/frontends/osx/charon-xpc/xpc_logger.c 0000664 0000000 0000000 00000004073 12216323716 0021026 0 ustar 00root root 0000000 0000000 /*
* Copyright (C) 2013 Martin Willi
* Copyright (C) 2013 revosec AG
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
* Free Software Foundation; either version 2 of the License, or (at your
* option) any later version. See .
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*/
#include "xpc_logger.h"
typedef struct private_xpc_logger_t private_xpc_logger_t;
/**
* Private data of an xpc_logger_t object.
*/
struct private_xpc_logger_t {
/**
* Public xpc_logger_t interface.
*/
xpc_logger_t public;
/**
* XPC channel to send logging messages to
*/
xpc_connection_t conn;
/**
* IKE_SA we log for
*/
u_int32_t ike_sa;
};
METHOD(logger_t, log_, void,
private_xpc_logger_t *this, debug_t group, level_t level, int thread,
ike_sa_t* ike_sa, const char *message)
{
if (ike_sa && ike_sa->get_unique_id(ike_sa) == this->ike_sa)
{
xpc_object_t msg;
msg = xpc_dictionary_create(NULL, NULL, 0);
xpc_dictionary_set_string(msg, "type", "event");
xpc_dictionary_set_string(msg, "event", "log");
xpc_dictionary_set_string(msg, "message", message);
xpc_connection_send_message(this->conn, msg);
xpc_release(msg);
}
}
METHOD(logger_t, get_level, level_t,
private_xpc_logger_t *this, debug_t group)
{
return LEVEL_CTRL;
}
METHOD(xpc_logger_t, set_ike_sa, void,
private_xpc_logger_t *this, u_int32_t ike_sa)
{
this->ike_sa = ike_sa;
}
METHOD(xpc_logger_t, destroy, void,
private_xpc_logger_t *this)
{
free(this);
}
/**
* See header
*/
xpc_logger_t *xpc_logger_create(xpc_connection_t conn)
{
private_xpc_logger_t *this;
INIT(this,
.public = {
.logger = {
.log = _log_,
.get_level = _get_level,
},
.set_ike_sa = _set_ike_sa,
.destroy = _destroy,
},
.conn = conn,
);
return &this->public;
}
src/frontends/osx/charon-xpc/xpc_logger.h 0000664 0000000 0000000 00000002604 12216323716 0021031 0 ustar 00root root 0000000 0000000 /*
* Copyright (C) 2013 Martin Willi
* Copyright (C) 2013 revosec AG
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
* Free Software Foundation; either version 2 of the License, or (at your
* option) any later version. See .
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*/
/**
* @defgroup xpc_logger xpc_logger
* @{ @ingroup xpc
*/
#ifndef XPC_LOGGER_H_
#define XPC_LOGGER_H_
#include
#include
typedef struct xpc_logger_t xpc_logger_t;
/**
* Connection specific logger over XPC.
*/
struct xpc_logger_t {
/**
* Implements logger_t.
*/
logger_t logger;
/**
* Set the IKE_SA unique identifier this logger logs for.
*
* @param ike_sa IKE_SA unique identifier
*/
void (*set_ike_sa)(xpc_logger_t *this, u_int32_t ike_sa);
/**
* Destroy a xpc_logger_t.
*/
void (*destroy)(xpc_logger_t *this);
};
/**
* Create a xpc_logger instance.
*
* @param conn XPC connection to send logging events to
* @return XPC logger
*/
xpc_logger_t *xpc_logger_create(xpc_connection_t conn);
#endif /** XPC_LOGGER_H_ @}*/
src/frontends/osx/strongSwan.xcodeproj/ 0000775 0000000 0000000 00000000000 12216323716 0020624 5 ustar 00root root 0000000 0000000 src/frontends/osx/strongSwan.xcodeproj/project.pbxproj 0000664 0000000 0000000 00000031237 12216323716 0023706 0 ustar 00root root 0000000 0000000 // !$*UTF8*$!
{
archiveVersion = 1;
classes = {
};
objectVersion = 46;
objects = {
/* Begin PBXBuildFile section */
5B74989217311B200041971E /* xpc_channels.c in Sources */ = {isa = PBXBuildFile; fileRef = 5B74989117311B200041971E /* xpc_channels.c */; };
5B7498B8173275D10041971E /* xpc_logger.c in Sources */ = {isa = PBXBuildFile; fileRef = 5B7498B7173275D10041971E /* xpc_logger.c */; };
5BD1CCD71726DB4000587077 /* charon-xpc.c in Sources */ = {isa = PBXBuildFile; fileRef = 5BD1CCD61726DB4000587077 /* charon-xpc.c */; };
5BF60F31173405A000E5D608 /* CoreFoundation.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 5BD1CCD31726DB4000587077 /* CoreFoundation.framework */; };
5BF60F33173405AC00E5D608 /* Security.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 5BD1CCF21727DE3E00587077 /* Security.framework */; };
5BF60F3E1734070A00E5D608 /* xpc_dispatch.c in Sources */ = {isa = PBXBuildFile; fileRef = 5B74984C172AA3550041971E /* xpc_dispatch.c */; };
5BF60F631743C57500E5D608 /* SystemConfiguration.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 5BF60F621743C57500E5D608 /* SystemConfiguration.framework */; };
/* End PBXBuildFile section */
/* Begin PBXFileReference section */
5B74984C172AA3550041971E /* xpc_dispatch.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = xpc_dispatch.c; sourceTree = ""; };
5B74984E172AA3670041971E /* xpc_dispatch.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = xpc_dispatch.h; sourceTree = ""; };
5B74989017311AFC0041971E /* xpc_channels.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = xpc_channels.h; sourceTree = ""; };
5B74989117311B200041971E /* xpc_channels.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = xpc_channels.c; sourceTree = ""; };
5B7498B7173275D10041971E /* xpc_logger.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = xpc_logger.c; sourceTree = ""; };
5B7498B9173275DD0041971E /* xpc_logger.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = xpc_logger.h; sourceTree = ""; };
5BD1CCD31726DB4000587077 /* CoreFoundation.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = CoreFoundation.framework; path = System/Library/Frameworks/CoreFoundation.framework; sourceTree = SDKROOT; };
5BD1CCD61726DB4000587077 /* charon-xpc.c */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.c; path = "charon-xpc.c"; sourceTree = ""; };
5BD1CCE01726DCD000587077 /* charon-xpc-Launchd.plist */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.plist.xml; path = "charon-xpc-Launchd.plist"; sourceTree = ""; };
5BD1CCE11726DD9900587077 /* charon-xpc-Info.plist */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.plist.xml; path = "charon-xpc-Info.plist"; sourceTree = ""; };
5BD1CCEA1727CCA400587077 /* README.md */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; path = README.md; sourceTree = ""; };
5BD1CCEC1727D7AF00587077 /* ServiceManagement.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = ServiceManagement.framework; path = System/Library/Frameworks/ServiceManagement.framework; sourceTree = SDKROOT; };
5BD1CCF21727DE3E00587077 /* Security.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = Security.framework; path = System/Library/Frameworks/Security.framework; sourceTree = SDKROOT; };
5BF60F621743C57500E5D608 /* SystemConfiguration.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = SystemConfiguration.framework; path = System/Library/Frameworks/SystemConfiguration.framework; sourceTree = SDKROOT; };
/* End PBXFileReference section */
/* Begin PBXFrameworksBuildPhase section */
5BD1CCCE1726DB4000587077 /* Frameworks */ = {
isa = PBXFrameworksBuildPhase;
buildActionMask = 2147483647;
files = (
5BF60F631743C57500E5D608 /* SystemConfiguration.framework in Frameworks */,
5BF60F31173405A000E5D608 /* CoreFoundation.framework in Frameworks */,
5BF60F33173405AC00E5D608 /* Security.framework in Frameworks */,
);
runOnlyForDeploymentPostprocessing = 0;
};
/* End PBXFrameworksBuildPhase section */
/* Begin PBXGroup section */
5BD1CCA11726DB0100587077 = {
isa = PBXGroup;
children = (
5BD1CCEA1727CCA400587077 /* README.md */,
5BD1CCD51726DB4000587077 /* charon-xpc */,
5BD1CCAF1726DB0100587077 /* Frameworks */,
5BD1CCAD1726DB0100587077 /* Products */,
);
sourceTree = "";
};
5BD1CCAD1726DB0100587077 /* Products */ = {
isa = PBXGroup;
children = (
5BD1CCD11726DB4000587077 /* org.strongswan.charon-xpc */,
);
name = Products;
sourceTree = "";
};
5BD1CCAF1726DB0100587077 /* Frameworks */ = {
isa = PBXGroup;
children = (
5BF60F621743C57500E5D608 /* SystemConfiguration.framework */,
5BD1CCF21727DE3E00587077 /* Security.framework */,
5BD1CCEC1727D7AF00587077 /* ServiceManagement.framework */,
5BD1CCD31726DB4000587077 /* CoreFoundation.framework */,
);
name = Frameworks;
sourceTree = "";
};
5BD1CCD51726DB4000587077 /* charon-xpc */ = {
isa = PBXGroup;
children = (
5BD1CCD61726DB4000587077 /* charon-xpc.c */,
5BD1CCE01726DCD000587077 /* charon-xpc-Launchd.plist */,
5BD1CCE11726DD9900587077 /* charon-xpc-Info.plist */,
5B74984C172AA3550041971E /* xpc_dispatch.c */,
5B74984E172AA3670041971E /* xpc_dispatch.h */,
5B74989017311AFC0041971E /* xpc_channels.h */,
5B74989117311B200041971E /* xpc_channels.c */,
5B7498B7173275D10041971E /* xpc_logger.c */,
5B7498B9173275DD0041971E /* xpc_logger.h */,
);
path = "charon-xpc";
sourceTree = "";
};
/* End PBXGroup section */
/* Begin PBXNativeTarget section */
5BD1CCD01726DB4000587077 /* charon-xpc */ = {
isa = PBXNativeTarget;
buildConfigurationList = 5BD1CCDA1726DB4000587077 /* Build configuration list for PBXNativeTarget "charon-xpc" */;
buildPhases = (
5BD1CCCD1726DB4000587077 /* Sources */,
5BD1CCCE1726DB4000587077 /* Frameworks */,
);
buildRules = (
);
dependencies = (
);
name = "charon-xpc";
productName = "charon-xpc";
productReference = 5BD1CCD11726DB4000587077 /* org.strongswan.charon-xpc */;
productType = "com.apple.product-type.tool";
};
/* End PBXNativeTarget section */
/* Begin PBXProject section */
5BD1CCA31726DB0100587077 /* Project object */ = {
isa = PBXProject;
attributes = {
LastUpgradeCheck = 0450;
ORGANIZATIONNAME = "revosec AG";
};
buildConfigurationList = 5BD1CCA61726DB0100587077 /* Build configuration list for PBXProject "strongSwan" */;
compatibilityVersion = "Xcode 3.2";
developmentRegion = English;
hasScannedForEncodings = 0;
knownRegions = (
en,
);
mainGroup = 5BD1CCA11726DB0100587077;
productRefGroup = 5BD1CCAD1726DB0100587077 /* Products */;
projectDirPath = "";
projectRoot = "";
targets = (
5BD1CCD01726DB4000587077 /* charon-xpc */,
);
};
/* End PBXProject section */
/* Begin PBXSourcesBuildPhase section */
5BD1CCCD1726DB4000587077 /* Sources */ = {
isa = PBXSourcesBuildPhase;
buildActionMask = 2147483647;
files = (
5BD1CCD71726DB4000587077 /* charon-xpc.c in Sources */,
5B74989217311B200041971E /* xpc_channels.c in Sources */,
5BF60F3E1734070A00E5D608 /* xpc_dispatch.c in Sources */,
5B7498B8173275D10041971E /* xpc_logger.c in Sources */,
);
runOnlyForDeploymentPostprocessing = 0;
};
/* End PBXSourcesBuildPhase section */
/* Begin XCBuildConfiguration section */
5BD1CCC81726DB0200587077 /* Debug */ = {
isa = XCBuildConfiguration;
buildSettings = {
ALWAYS_SEARCH_USER_PATHS = NO;
ARCHS = "$(ARCHS_STANDARD_64_BIT)";
CLANG_CXX_LANGUAGE_STANDARD = "gnu++0x";
CLANG_CXX_LIBRARY = "libc++";
CLANG_WARN_EMPTY_BODY = YES;
CLANG_WARN__DUPLICATE_METHOD_MATCH = YES;
COPY_PHASE_STRIP = NO;
GCC_C_LANGUAGE_STANDARD = gnu99;
GCC_DYNAMIC_NO_PIC = NO;
GCC_ENABLE_OBJC_EXCEPTIONS = YES;
GCC_OPTIMIZATION_LEVEL = 0;
GCC_PREPROCESSOR_DEFINITIONS = (
"DEBUG=1",
"$(inherited)",
);
GCC_SYMBOLS_PRIVATE_EXTERN = NO;
GCC_WARN_64_TO_32_BIT_CONVERSION = YES;
GCC_WARN_ABOUT_RETURN_TYPE = YES;
GCC_WARN_UNINITIALIZED_AUTOS = YES;
GCC_WARN_UNUSED_VARIABLE = YES;
MACOSX_DEPLOYMENT_TARGET = 10.8;
ONLY_ACTIVE_ARCH = YES;
SDKROOT = macosx;
};
name = Debug;
};
5BD1CCC91726DB0200587077 /* Release */ = {
isa = XCBuildConfiguration;
buildSettings = {
ALWAYS_SEARCH_USER_PATHS = NO;
ARCHS = "$(ARCHS_STANDARD_64_BIT)";
CLANG_CXX_LANGUAGE_STANDARD = "gnu++0x";
CLANG_CXX_LIBRARY = "libc++";
CLANG_WARN_EMPTY_BODY = YES;
CLANG_WARN__DUPLICATE_METHOD_MATCH = YES;
COPY_PHASE_STRIP = YES;
DEBUG_INFORMATION_FORMAT = "dwarf-with-dsym";
GCC_C_LANGUAGE_STANDARD = gnu99;
GCC_ENABLE_OBJC_EXCEPTIONS = YES;
GCC_WARN_64_TO_32_BIT_CONVERSION = YES;
GCC_WARN_ABOUT_RETURN_TYPE = YES;
GCC_WARN_UNINITIALIZED_AUTOS = YES;
GCC_WARN_UNUSED_VARIABLE = YES;
MACOSX_DEPLOYMENT_TARGET = 10.8;
SDKROOT = macosx;
};
name = Release;
};
5BD1CCDB1726DB4000587077 /* Debug */ = {
isa = XCBuildConfiguration;
buildSettings = {
CODE_SIGN_IDENTITY = "Joe Developer";
GCC_WARN_64_TO_32_BIT_CONVERSION = NO;
GCC_WARN_ABOUT_POINTER_SIGNEDNESS = NO;
HEADER_SEARCH_PATHS = (
/usr/include,
../../libstrongswan,
../../libcharon,
../../libhydra,
/opt/local/include,
);
INFOPLIST_FILE = "charon-xpc/charon-xpc-Info.plist";
INSTALL_PATH = /;
LIBRARY_SEARCH_PATHS = (
/usr/lib,
../../libstrongswan/.libs,
../../libcharon/.libs,
../../libhydra/.libs,
/opt/local/lib,
);
OTHER_CFLAGS = (
"-include",
../../../config.h,
"-DVSTR_COMPILE_INLINE=0",
);
OTHER_LDFLAGS = (
"-lcrypto",
/opt/local/lib/libvstr.a,
"-force_load",
../../libstrongswan/.libs/libstrongswan.a,
"-force_load",
../../libhydra/.libs/libhydra.a,
"-force_load",
../../libcharon/.libs/libcharon.a,
"-sectcreate",
__TEXT,
__info_plist,
"charon-xpc/charon-xpc-Info.plist",
"-sectcreate",
__TEXT,
__launchd_plist,
"charon-xpc/charon-xpc-Launchd.plist",
);
PRODUCT_NAME = "org.strongswan.charon-xpc";
PROVISIONING_PROFILE = "";
STRIP_STYLE = "non-global";
};
name = Debug;
};
5BD1CCDC1726DB4000587077 /* Release */ = {
isa = XCBuildConfiguration;
buildSettings = {
CODE_SIGN_IDENTITY = "Joe Developer";
COPY_PHASE_STRIP = YES;
GCC_WARN_64_TO_32_BIT_CONVERSION = NO;
GCC_WARN_ABOUT_POINTER_SIGNEDNESS = NO;
HEADER_SEARCH_PATHS = (
/usr/include,
../../libstrongswan,
../../libcharon,
../../libhydra,
/opt/local/include,
);
INFOPLIST_FILE = "charon-xpc/charon-xpc-Info.plist";
INSTALL_PATH = /;
LIBRARY_SEARCH_PATHS = (
/usr/lib,
../../libstrongswan/.libs,
../../libcharon/.libs,
../../libhydra/.libs,
/opt/local/lib,
);
OTHER_CFLAGS = (
"-include",
../../../config.h,
"-DVSTR_COMPILE_INLINE=0",
);
OTHER_LDFLAGS = (
"-lcrypto",
/opt/local/lib/libvstr.a,
"-force_load",
../../libstrongswan/.libs/libstrongswan.a,
"-force_load",
../../libhydra/.libs/libhydra.a,
"-force_load",
../../libcharon/.libs/libcharon.a,
"-sectcreate",
__TEXT,
__info_plist,
"charon-xpc/charon-xpc-Info.plist",
"-sectcreate",
__TEXT,
__launchd_plist,
"charon-xpc/charon-xpc-Launchd.plist",
);
PRODUCT_NAME = "org.strongswan.charon-xpc";
PROVISIONING_PROFILE = "";
STRIP_STYLE = "non-global";
};
name = Release;
};
/* End XCBuildConfiguration section */
/* Begin XCConfigurationList section */
5BD1CCA61726DB0100587077 /* Build configuration list for PBXProject "strongSwan" */ = {
isa = XCConfigurationList;
buildConfigurations = (
5BD1CCC81726DB0200587077 /* Debug */,
5BD1CCC91726DB0200587077 /* Release */,
);
defaultConfigurationIsVisible = 0;
defaultConfigurationName = Release;
};
5BD1CCDA1726DB4000587077 /* Build configuration list for PBXNativeTarget "charon-xpc" */ = {
isa = XCConfigurationList;
buildConfigurations = (
5BD1CCDB1726DB4000587077 /* Debug */,
5BD1CCDC1726DB4000587077 /* Release */,
);
defaultConfigurationIsVisible = 0;
defaultConfigurationName = Release;
};
/* End XCConfigurationList section */
};
rootObject = 5BD1CCA31726DB0100587077 /* Project object */;
}