Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Leap:42.2
novell-ipsec-tools
novell-ipsec-tools_plugins-support-core.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File novell-ipsec-tools_plugins-support-core.patch of Package novell-ipsec-tools
Index: ipsec-tools-0.7.3/src/plugin_frame/common.h =================================================================== --- /dev/null +++ ipsec-tools-0.7.3/src/plugin_frame/common.h @@ -0,0 +1,160 @@ + +/************************************************************************************ +* Copyright (c) 2005, Novell Inc., * +* All rights reserved. * +* * +* Redistribution and use in source and binary forms, with or without * +* modification, are permitted provided that the following conditions * +* are met: * +* 1. Redistributions of source code must retain the above copyright * +* notice, this list of conditions and the following disclaimer. * +* 2. Redistributions in binary form must reproduce the above copyright * +* notice, this list of conditions and the following disclaimer in the * +* documentation and/or other materials provided with the distribution. * +* 3. Neither the name of the Novell nor the names of its contributors * +* may be used to endorse or promote products derived from this software * +* without specific prior written permission. * +* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND * +* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * +* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * +* ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE * +* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * +* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * +* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * +* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * +* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * +* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * +* SUCH DAMAGE. * +*************************************************************************************/ + +#ifndef __TPIKE_COMMON_H__ +#define __TPIKE_COMMON_H__ + +/****************NOTES ************************ +1. Multiple plugins will be stored in the struct pluginlist with priority. +2. A Global priv data for each plugin (in addition to the hook point specific priv data) that will be opaque to framework. +3. Register Handler returns ALREADYREGISTERED if someother plugins has registered. +4. Before registering the plugin should check for dependencies with other plugins using isPluginRegisterted, +*************************************************/ + +#include <sys/types.h> + +/* Defines */ + +/* DataTypes */ +#define TPIKE_DTYPE_STRUCTISAKMPGEN 0x0001 +#define TPIKE_DTYPE_STRUCTISAKMPDATA 0x0002 +#define TPIKE_DTYPE_STRUCTVCHAR 0x0004 +#define TPIKE_DTYPE_STRUCTPAYLOADLIST 0x0008 +#define TPIKE_DTYPE_INT32PT 0x0010 +#define TPIKE_DTYPE_STRUCTIPH1 0x0020 +#define TPIKE_DTYPE_STRUCTNATTOPTIONS 0x0040 + +//Payload types +#define PRIVATE_NATTVID_PAYLOAD_TYPE 0x0001 +#define PRIVATE_VID_PAYLOAD_TYPE 0x0002 + +//#define STRUCTIPH1 0x0010 +//#define STRUCTIPH2 0x0020 +//#define STRUCTCADDRT 0x0040 + +/* Types */ +#define PAYLOAD_TYPE 0x01 +#define ATTRIBUTE_TYPE 0x02 +#define NATT_OPTIONS_TYPE 0x03 + +#define IS_REKEYREQ_TYPE 0x04 +#define IS_PLECHECK_TYPE 0x05 + +#define PFKEY_MSG_TYPE 0x06 +#define IKE_NEGO_STATE_TYPE 0x07 + + +/* Attribute types */ +#define IKE_ATTRIB_TYPE 0x01 +#define CONFIG_ATTRIB_TYPE 0x02 +#define IPSEC_ATTRIB_TYPE 0x03 +#define ISAKMP_ATTRIB_TYPE 0x04 +#define CONFIG_ATTRIB_ACK_TYPE 0x05 + +#if 0 +/* Attribute types */ +#define IKEATTR_TYPE 0x01 +#define CFGATTR_TYPE 0x02 +#endif + +/* Data Structures */ + +/*TV */ +typedef struct tv +{ + int type; + void *val; +}TV; + +struct tvarr { + int noofvals; + struct tv tv[1]; +}; + +/* Updated Hookpoint */ +struct hookpoint { + u_int8_t type; + u_int8_t payloadtype; /*If type==payload => payload type as defined, else 0 */ + u_int8_t subtype; /* Config attr => SET/ACK/REQ/REP/PrivType. Payload => SubType */ + u_int32_t position; /* ijk */ + u_int8_t isoptional; + /*Identifying the payload/ike attr type */ + u_int32_t keylen; + void *key; /*Payload =>, attribute etc. */ +}; + +/* Updated Handler Info */ +struct handlerinfo { + char *plugin_name; + void *hprivdata; /*Plug-in's priv data */ + u_int32_t datatypein; /* Flag logical OR of IN DataTypes defiend above */ + u_int32_t datatypeout; /* Flag logical OR of OUT DataTypes defiend above */ + int (*callback)(void *, void *, void *, void **); /* Prototype will be int func(void *gprivdata, void *hprivdata, void *INARRAY, void **OUTARRAY); */ +}; + +typedef int (*plugin_init)(void *gprivdata, void *hprivdata, + void *inarray, void **outarray); +typedef int (*plugin_getdata)(int inlen, char *inbuf, + int *outlen, char **outbuf); + +/* Consumed by plugin */ +u_int8_t tpike_is_plugin_registered(char *plugin_name); +int tpike_register_handler(struct hookpoint *, + struct handlerinfo *); +int tpike_deregister_handlers(char *plugin_name); + +/* Consumed by Racoon */ +int tpike_gethook_handlerinfo(struct hookpoint *hp, + int absolutepos, struct handlerinfo **hi, + int *incount, void **tv); +int tpike_dispatch_generic(struct hookpoint *hp, void *in, void **out); +int tpike_pack_in(void **inarr, u_int32_t noofparams, ...); +int tpike_pack_out(void *outarr, u_int32_t noofparams, ...); + +/* Consumed by adminport */ +int tpike_register_plugin(short ver, const char *pluginso, char *pluginname, void *cp); +int tpike_plugin_getdata(short ver, char *pluginname, int inlen, char *inbuf, + int *outlen, char **outbuf); +int tpike_deregister_plugin_all(); + + +/* Helper macro to make the 'hookpoint'. Consumed by racoon alone. */ +#define mk_hookpoint(typ, pratype, prasubtype, pos, optional, klen, keyval, hp) \ + { \ + hp->type = (typ); hp->payloadtype = (pratype); hp->subtype = (prasubtype); hp->position = (pos); \ + hp->keylen = (klen); \ + if (hp->keylen == 0) \ + hp->key = 0; \ + else { \ + hp->key = vmalloc(hp->keylen); \ + if (hp->key && (keyval)) memcpy(hp->key, (keyval), (klen)); else hp->keylen = 0; \ + }\ + } + +#endif Index: ipsec-tools-0.7.3/src/plugin_frame/dispatch.c =================================================================== --- /dev/null +++ ipsec-tools-0.7.3/src/plugin_frame/dispatch.c @@ -0,0 +1,140 @@ + +/************************************************************************************ +* Copyright (c) 2005, Novell Inc., * +* All rights reserved. * +* * +* Redistribution and use in source and binary forms, with or without * +* modification, are permitted provided that the following conditions * +* are met: * +* 1. Redistributions of source code must retain the above copyright * +* notice, this list of conditions and the following disclaimer. * +* 2. Redistributions in binary form must reproduce the above copyright * +* notice, this list of conditions and the following disclaimer in the * +* documentation and/or other materials provided with the distribution. * +* 3. Neither the name of the Novell nor the names of its contributors * +* may be used to endorse or promote products derived from this software * +* without specific prior written permission. * +* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND * +* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * +* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * +* ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE * +* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * +* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * +* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * +* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * +* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * +* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * +* SUCH DAMAGE. * +*************************************************************************************/ + +#include <stdio.h> +#include <stdlib.h> +#include <stdarg.h> +#include "common.h" +#include "framework.h" +#include "error.h" +#include "hashtable.h" + +int get_hook_handler_info(struct hookpoint *hp, int absolutepos, struct handlerinfo **hi, int *incount, void **tv) +{ + int status = TPIKE_ERR_HASH_MATCH_NOT_FOUND; + + status = get_handler_match_in_hash_bucket(hp, hi); + + // *incount = getType((*hi)->DataTypeToBeSent, tv); //return value? + + return status; +} + +#if 0 +int getType (u_int32_t dataTypeMask, TV *tvl) +{ + int i = 0; + u_int32_t j = 1; + while (j != 0x80000000 ){ + if ( dataTypeMask & j ) + { + tvl[i].t = j; + tvl[i].v = NULL; + i++; + } + j<<=1; + } + return i; +} +#endif + +int tpike_dispatch_generic(struct hookpoint *hp, void *in, void **out) +{ + struct handlerinfo *hi; + int status; + struct plugininfo *plugin; + + if ((status = get_handler_match_in_hash_bucket(hp, &hi)) == TPIKE_STATUS_SUCCESS) { + // TODO: Validate that the minimum input arguments are present + // TODO: Validate that the output arguments are sufficient + if (hi->callback) { + // Obtain gpriv data + plugin = get_plugin_info(hi->plugin_name); + + if(!plugin) + return TPIKE_ERR_PLUGIN_NOT_REGISTERED; + + status = (*(hi->callback))(plugin->gprivdata, hi->hprivdata, in, out); + return status; + } + else + return TPIKE_ERR_HASH_MATCH_NOT_FOUND; + } + return status; +} + +int tpike_pack_in(void **inarr, u_int32_t noofparams, ...) +{ + int i; + struct tvarr *in; + va_list(ap); + + if (noofparams == 0) /* no parameters to pass, send NULL */ + return TPIKE_STATUS_SUCCESS; + + va_start(ap, noofparams); + if (((*inarr) = malloc(sizeof(struct tvarr) + (noofparams - 1) * (sizeof(struct tv)))) == NULL) + return TPIKE_ERR_MEM_ALLOC_FAILED; + in = (*inarr); + + in->noofvals = noofparams; + for (i = 0; i < noofparams; i++) + { + in->tv[i].type = va_arg(ap, int); + in->tv[i].val = va_arg(ap, void *); + } + return TPIKE_STATUS_SUCCESS; +} + +int tpike_pack_out(void *outarr, u_int32_t noofparams, ...) +{ + int i, j; + int type, found = 0; + struct tvarr *out = (struct tvarr *)(outarr); + va_list(ap); + + va_start(ap, noofparams); + for (i = 0; i < noofparams; i++) + { + type = va_arg(ap, int); + found = 0; + for (j = 0; j < out->noofvals; j++) + { + if (type == out->tv[i].type) + { + *(va_arg(ap, void **)) = out->tv[i].val; + found = 1; + break; + } + if (!found) + return TPIKE_ERR_PLUGIN_ARG_MISMATCH; + } + } + return TPIKE_STATUS_SUCCESS; +} Index: ipsec-tools-0.7.3/src/plugin_frame/error.h =================================================================== --- /dev/null +++ ipsec-tools-0.7.3/src/plugin_frame/error.h @@ -0,0 +1,53 @@ + +/************************************************************************************ +* Copyright (c) 2005, Novell Inc., * +* All rights reserved. * +* * +* Redistribution and use in source and binary forms, with or without * +* modification, are permitted provided that the following conditions * +* are met: * +* 1. Redistributions of source code must retain the above copyright * +* notice, this list of conditions and the following disclaimer. * +* 2. Redistributions in binary form must reproduce the above copyright * +* notice, this list of conditions and the following disclaimer in the * +* documentation and/or other materials provided with the distribution. * +* 3. Neither the name of the Novell nor the names of its contributors * +* may be used to endorse or promote products derived from this software * +* without specific prior written permission. * +* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND * +* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * +* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * +* ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE * +* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * +* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * +* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * +* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * +* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * +* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * +* SUCH DAMAGE. * +*************************************************************************************/ + +#ifndef _PLUGIN_ERROR_H +#define _PLUGIN_ERROR_H + +#define TPIKE_STATUS_SUCCESS 0x00000000 +#define PLUGIN_FRAME_STATUS_SUCCESS 0x00000000 + +/* Framework errors start at 0xFFFFFFFF (-1) */ +#define TPIKE_ERR_HASH_TABLE_OVERFLOW 0xFFFFFFFF +#define TPIKE_ERR_MEM_ALLOC_FAILED 0xFFFFFFFE +#define TPIKE_ERR_PLUGIN_NOT_REGISTERED 0xFFFFFFFD +#define TPIKE_ERR_HOOK_ALREADY_REGISTERED 0xFFFFFFFC +#define TPIKE_ERR_PLUGIN_REGISTRATION_FAILURE 0xFFFFFFFB +#define TPIKE_ERR_SYM_LOAD_FAILURE 0xFFFFFFFA +#define TPIKE_ERR_HASH_MATCH_NOT_FOUND 0xFFFFFFF9 +#define TPIKE_ERR_SO_LOAD_FAILURE 0xFFFFFFF8 +#define TPIKE_ERR_PLUGIN_ARG_MISMATCH 0xFFFFFFF9 + +/* Generic plugin errors start at 0xFFFFFF00 (-255) */ +#define TPIKE_ERR_PLUGIN_GENERIC 0xFFFFFF00 +#define TPIKE_ERR_PLUGIN_MEM_ALLOC_FAILED 0xFFFFFE00 + +#define TPIKE_OK(x) ((x) == TPIKE_STATUS_SUCCESS) + +#endif /* _PLUGIN_ERROR_H */ Index: ipsec-tools-0.7.3/src/plugin_frame/framework.h =================================================================== --- /dev/null +++ ipsec-tools-0.7.3/src/plugin_frame/framework.h @@ -0,0 +1,87 @@ + +/************************************************************************************ +* Copyright (c) 2005, Novell Inc., * +* All rights reserved. * +* * +* Redistribution and use in source and binary forms, with or without * +* modification, are permitted provided that the following conditions * +* are met: * +* 1. Redistributions of source code must retain the above copyright * +* notice, this list of conditions and the following disclaimer. * +* 2. Redistributions in binary form must reproduce the above copyright * +* notice, this list of conditions and the following disclaimer in the * +* documentation and/or other materials provided with the distribution. * +* 3. Neither the name of the Novell nor the names of its contributors * +* may be used to endorse or promote products derived from this software * +* without specific prior written permission. * +* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND * +* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * +* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * +* ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE * +* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * +* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * +* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * +* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * +* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * +* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * +* SUCH DAMAGE. * +*************************************************************************************/ + +#ifndef __TPIKE_FRAMEWORK__ +#define __TPIKE_FRAMEWORK__ + +/****************NOTES ************************ +1. Multiple plugins will be stored in the struct pluginlist with priority. +2. A Global priv data for each plugin (in addition to the hook point specific priv data) that will be opaque to framework. +3. Register Handler returns ALREADYREGISTERED if someother plugins has registered. +4. Before registering the plugin should check for dependencies with other plugins using isPluginRegisterted, +*************************************************/ + +#include <sys/types.h> +#include <stdlib.h> + +/* Defines */ + +#if 0 +/* Types */ +#define PAYLOAD_TYPE 0x01 +#define ATTRIBUTE_TYPE 0x02 + +/* Attribute types */ +#define IKE_ATTRIB_TYPE 0x01 +#define CONFIG_ATTRIB_TYPE 0x02 +#endif + +typedef int (tpike_plugin_init_func_t)(short ver, void *cp, void **privdata); +typedef int (tpike_plugin_getdata_func_t)(short version, void *gpdata, int inlen, char *inbuf, int *outlen, char **outbuf); +typedef int (tpike_plugin_deregister_func_t)(void *privdata); +/* Data Structures */ + +/* Structure handling multiple plugins */ +struct plugininfo { + char *plugin_name; /* Got thru' adminport */ + void *gprivdata; /* Global (common to whole plugin) priv data */ + void *so_handle; + + tpike_plugin_init_func_t *init_fn; + tpike_plugin_getdata_func_t *getdata_fn; + tpike_plugin_deregister_func_t *deregister_fn; + + struct plugininfo *next; +}; + + + +/* Functions to be implemented by Framework for framework only!*/ +struct plugininfo *get_plugin_info(char *plugin_name); + + +/*Updated Register Handler */ + +/*Consumed by plugin */ +struct plugininfo *get_registered_plugin(char *); +struct plugininfo *add_plugin_to_list(char *); +void remove_plugin_from_list(char *); +void free_plugin_info_all(struct plugininfo *); + +#endif Index: ipsec-tools-0.7.3/src/plugin_frame/hashtable.c =================================================================== --- /dev/null +++ ipsec-tools-0.7.3/src/plugin_frame/hashtable.c @@ -0,0 +1,384 @@ + +/************************************************************************************ + * Copyright (c) 2005, Novell Inc., * + * All rights reserved. * + * * + * Redistribution and use in source and binary forms, with or without * + * modification, are permitted provided that the following conditions * + * are met: * + * 1. Redistributions of source code must retain the above copyright * + * notice, this list of conditions and the following disclaimer. * + * 2. Redistributions in binary form must reproduce the above copyright * + * notice, this list of conditions and the following disclaimer in the * + * documentation and/or other materials provided with the distribution. * + * 3. Neither the name of the Novell nor the names of its contributors * + * may be used to endorse or promote products derived from this software * + * without specific prior written permission. * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND * + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * + * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE * + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * + * SUCH DAMAGE. * + *************************************************************************************/ + +#include <stdio.h> +#include <string.h> +#include <malloc.h> +#include <sys/types.h> + +#include "config.h" +#include "misc.h" + +#include "position.h" +#include "hashtable.h" +#include "common.h" +#include "framework.h" +#include "error.h" + +static int get_hash_index(struct hookpoint *hp); + +void init_hash_table() +{ + int i; + + for(i = 0; i < MAX_TURN_HASH_SIZE; i++) + turnhash[i] = NULL; +} + +void clear_hash_table() +{ + int i; + struct hookdata *hd, *temp = NULL; + + for(i = 0; i < MAX_TURN_HASH_SIZE; i++) + { + for(hd = turnhash[i]; hd; hd = temp) + { + if(hd->hi) + free(hd->hi); + if(hd->hp) + { + if(hd->hp->keylen) + free(hd->hp->key); + free(hd->hp); + } + temp = hd->next; + free(hd); + } + turnhash[i] = NULL; + } +} + +int dump_hash(void) +{ + int i; + struct hookdata *hd; + struct hookpoint *hp; + for (i = 0; i < MAX_TURN_HASH_SIZE; i++) + { + if (!(hd = turnhash[i])) + continue; +#if 0 + plog(LLV_DEBUG2, LOCATION, NULL, "Hash Bucket: %d\n", i); +#else + printf("Hash Bucket: %d\n", i); +#endif + + while (hd) + { + hp = hd->hp; +#if 0 + plog(LLV_DEBUG2, LOCATION, NULL, "\n--------- Entry Info ---------\n"); +#else + printf("\n--------- Entry Info ---------\n"); +#endif + printf( "type = 0x%x, payloadtype = 0x%x, AttrOrPayloadSubtype = 0x%x, \ + Exchange = 0x%x, Message Index = 0x%x, Payload1 = 0x%x, Payload2 = 0x%x, \ + Keylen = 0x%x callback:%p\n", + (unsigned int) hp->type, + (unsigned int) hp->payloadtype, + (unsigned int) hp->subtype, + GET_EXCH(hp->position), + GET_MIDX(hp->position), + GET_PAYLOAD_1(hp->position), + GET_PAYLOAD_2(hp->position), + hp->keylen, + hd->hi->callback); + hd = hd->next; + } + } + return 0; +} + +static int get_hash_index(struct hookpoint *hp) +{ + u_int32_t hash_index = 0, temp = 0; + size_t i; + + // For incoming paths: Mode(i), Position(j), type, payloadtype, Key are used for hashing + // For outgoing paths: Mode(i), Position(j), type, payloadtype, AttrOrPayloadSubtype are used for hashing + + + if ((temp = GET_EXCH(hp->position)) != ISAKMP_ETYPE_ALL) { + hash_index |= SET_EXCH(temp); + } + if ((temp = GET_MIDX(hp->position)) != TPIKE_MIDX_ANY) { + hash_index |= SET_MIDX(temp); + } + if (hp->type == PAYLOAD_TYPE) { + hash_index ^= (hp->type ^ hp->payloadtype ^ hp->subtype); + } + else { + hash_index ^= (hp->type ^ hp->payloadtype ^ ((hp->payloadtype == CONFIG_ATTRIB_TYPE)?hp->subtype:0)); + } + if (GET_MIDX(hp->position) & TPIKE_MIDX_RECEIVE) { + for (i = 0; (i + 3) <= hp->keylen; i+=sizeof(u_int32_t)) { + temp ^= (((char *)(hp->key))[i] << 24) | + (((char *)(hp->key))[i + 1] << 16) | + (((char *)(hp->key))[i + 2] << 8) | + (((char *)(hp->key))[i + 3]); + } + for (; i < hp->keylen; i++) + temp |= ((char *)(hp->key))[i]; + } + hash_index ^= temp; + hash_index = hash_index % MAX_TURN_HASH_PRIME_SIZE; + return hash_index; +} + +/* TODO -Ramu : As of now the only wild card handled is etype. Extend/Rewrite this to others also */ +static int get_handler_match_wild_card(struct hookpoint *hp, struct handlerinfo **hi ) +{ + struct hookdata *hd; + u_int16_t hash_index = 0; + int status = TPIKE_ERR_HASH_MATCH_NOT_FOUND; + int etype = 0; + int is_all_phases_checked = 0; + *hi = NULL; + + /*Logic: Considering only wild cards are etypes. For generic stuff this logic may be too narrow. + * 1. Determine whether the etype belongs to the class of phase1 or phase2. + * 2. Depending on 1 check either phase1 bucket or phase2 bucket. + * 3. If no match found in both these buckets check all phases bucket. + */ + etype = GET_EXCH(hp->position); + + if(etype == ISAKMP_ETYPE_IDENT || etype == ISAKMP_ETYPE_AGG || etype == ISAKMP_ETYPE_BASE || etype == ISAKMP_ETYPE_ALLPHASE1){ + // etype = ISAKMP_ETYPE_ALLPHASE1; + hash_index = MAX_TURN_HASH_PRIME_SIZE; + + } + else + if(etype == ISAKMP_ETYPE_QUICK || etype == ISAKMP_ETYPE_ALLPHASE2) + //etype = ISAKMP_ETYPE_ALLPHASE2; + hash_index = MAX_TURN_HASH_PRIME_SIZE + 1; + else //all phases + hash_index = MAX_TURN_HASH_PRIME_SIZE + 2; + +wildcardloop: + + hd = turnhash[hash_index]; + + /* As of now i am scanning for REKEYREQ_TYPE alone. Extend this for all other types */ + while(hd) + { + if(hd->hp && !memcmp(hd->hp, hp, sizeof(hd->hp->type) + sizeof(hd->hp->payloadtype) + sizeof(hd->hp->subtype) /*+ sizeof(u_int16_t)*/)) + { + /* TODO: As this is always put into fixed buckets we need to check the position (and other variable params) also while matching. */ + if (GET_MIDX (hp->position) == GET_MIDX(hd->hp->position) && + hd->hi->callback){ + (*hi) = hd->hi; + status = TPIKE_STATUS_SUCCESS; + break; + } + } + hd = hd->next; + } + + if(status != TPIKE_STATUS_SUCCESS && is_all_phases_checked == 0 && hash_index != MAX_TURN_HASH_PRIME_SIZE + 2){ + /* Check in ALL phases bucket */ + hash_index = MAX_TURN_HASH_PRIME_SIZE + 2; + is_all_phases_checked = 1; + goto wildcardloop; //TODO: Remove this goto. + + } + return status; +} + +int get_handler_match_in_hash_bucket(struct hookpoint *hp, struct handlerinfo **hi ) +{ + struct hookdata *hd; + u_int16_t hash_index = 0; + int status = TPIKE_ERR_HASH_MATCH_NOT_FOUND; + + *hi = NULL; + + //compute hash index + hash_index = get_hash_index(hp); + printf("Hash index in get_handler_match = %d\n",hash_index); + //sanity check + if(hash_index > MAX_TURN_HASH_SIZE - 1) + return TPIKE_ERR_HASH_TABLE_OVERFLOW; + + hd = turnhash[hash_index]; + + while(hd) + { + /* + if(hd->hp && !memcmp(hd->hp, hp, sizeof(struct hookpoint) - sizeof(void *) -sizeof(hd->hp->keylen) - sizeof(hd->hp->isoptional) - sizeof(u_int16_t))) + */ + if(hd->hp && !memcmp(hd->hp, hp, sizeof(hd->hp->type) + sizeof(hd->hp->payloadtype) + sizeof(hd->hp->subtype) /*+ sizeof(u_int16_t)*/)) + { + if(hp->payloadtype == CONFIG_ATTRIB_TYPE && hp->subtype == 3 /* SET */){ + if((hd->hp->keylen == hp->keylen) && (memcmp(hp->key, hd->hp->key, (size_t) hd->hp->keylen) == 0)){ + if(hd->hi->callback){ + (*hi) = hd->hi; + status = TPIKE_STATUS_SUCCESS; + break; + } + + } + } + else{ + + if(hd->hi->callback){ + (*hi) = hd->hi; + status = TPIKE_STATUS_SUCCESS; + break; + } + } + } + hd = hd->next; + } + + if(status != TPIKE_STATUS_SUCCESS) + status = get_handler_match_wild_card(hp,hi); + + return status; + +} + +u_int32_t insert_in_hash_bucket(struct hookpoint *hp, struct handlerinfo *hi, struct plugininfo *plugin) +{ + int hash_index = 0; + int status = TPIKE_STATUS_SUCCESS; + struct hookdata *hd = NULL; + struct handlerinfo *hi_already = NULL; + + //compute hash index + + /* TODO - Ramu: As of now handle wildcards by assigning one bucket for allphase1, one for allphase2 and one for allphases. Later change them to take other params also. */ + + switch(GET_EXCH(hp->position)){ + + case ISAKMP_ETYPE_ALLPHASE1: + + hash_index = MAX_TURN_HASH_PRIME_SIZE; + break; + + case ISAKMP_ETYPE_ALLPHASE2: + + hash_index = MAX_TURN_HASH_PRIME_SIZE + 1; + break; + + case ISAKMP_ETYPE_ALL: + + hash_index = MAX_TURN_HASH_PRIME_SIZE + 2; + break; + + default: /* Not a wild card case */ + hash_index = get_hash_index(hp); + } + + + //sanity check + if(hash_index < 0 || hash_index > MAX_TURN_HASH_SIZE - 1) + { + status = TPIKE_ERR_HASH_TABLE_OVERFLOW; + goto end_func; + } +#if 0 + plog(LLV_DEBUG2, LOCATION, NULL, "Inserting in %d\n",hash_index); +#else + printf("Inserting in %d\n",hash_index); +#endif + + /* FIX: + * + * 'hi' was used as second param which gets destroyed after + * the call to this function (becomes NULL as it is the first time + * insertion. So passing a temperory handlerinfo + * to check if it is already inserted + * + */ + + if(get_handler_match_in_hash_bucket(hp, &hi_already) == 0 ) + { + status = TPIKE_ERR_HOOK_ALREADY_REGISTERED; + goto end_func; + } + + if((hd = (struct hookdata *)malloc(sizeof(struct hookdata))) == NULL) + { + status = TPIKE_ERR_MEM_ALLOC_FAILED; + goto end_func; + } + + hd->hi = (struct handlerinfo *)malloc(sizeof(struct handlerinfo)); + if(hd->hi && hi ) + memcpy(hd->hi, hi, sizeof(struct handlerinfo));//TODO: For hprivdata, we need the length of the data, so that we malloc and copy the priv data locally + else + { + status = TPIKE_ERR_MEM_ALLOC_FAILED; + goto end_func; + } + + hd->hp = (struct hookpoint *)malloc(sizeof(struct hookpoint)); + if(hd->hp && hp) + memcpy(hd->hp, hp, sizeof(struct hookpoint));//TODO: For KEY, we need the length of the data, so that we malloc and copy the priv data locally + else + { + status = TPIKE_ERR_MEM_ALLOC_FAILED; + goto end_func; + } + if(hd->hp->keylen){ + // NOTE: KEY LEN IS COPIED IN PRV MEMCPY + hd->hp->key = malloc(hd->hp->keylen); + memcpy(hd->hp->key,hp->key,hd->hp->keylen); + } + hd->plugin = plugin; // back pointer to plugin + + hd->next = turnhash[hash_index]; + + turnhash[hash_index] = hd; + +end_func: + if(status != TPIKE_STATUS_SUCCESS) + { + //cleanup all that we've malloced + if (hd) + { + if(hd->hi) + { + free(hd->hi); + hd->hi = NULL; + } + if(hd->hp) + { + free(hd->hp); + hd->hp = NULL; + } + if(hd) + { + free(hd); + } + } + } + return status; +} Index: ipsec-tools-0.7.3/src/plugin_frame/hashtable.h =================================================================== --- /dev/null +++ ipsec-tools-0.7.3/src/plugin_frame/hashtable.h @@ -0,0 +1,57 @@ + +/************************************************************************************ +* Copyright (c) 2005, Novell Inc., * +* All rights reserved. * +* * +* Redistribution and use in source and binary forms, with or without * +* modification, are permitted provided that the following conditions * +* are met: * +* 1. Redistributions of source code must retain the above copyright * +* notice, this list of conditions and the following disclaimer. * +* 2. Redistributions in binary form must reproduce the above copyright * +* notice, this list of conditions and the following disclaimer in the * +* documentation and/or other materials provided with the distribution. * +* 3. Neither the name of the Novell nor the names of its contributors * +* may be used to endorse or promote products derived from this software * +* without specific prior written permission. * +* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND * +* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * +* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * +* ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE * +* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * +* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * +* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * +* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * +* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * +* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * +* SUCH DAMAGE. * +*************************************************************************************/ + +#ifndef __TPIKE_HASHTABLE_H__ +#define __TPIKE_HASHTABLE_H__ + +/*Hash Table for Hook Point Info*/ +#include <sys/types.h> + +#define MAX_TURN_HASH_PRIME_SIZE 553 +#define MAX_TURN_HASH_SIZE MAX_TURN_HASH_PRIME_SIZE + 3 /* bucket 553 for all phase1, bucket 554 for all phase 2 and bucket 555 for all phases */ + +struct hookdata { + struct handlerinfo *hi; + struct hookpoint *hp; + struct plugininfo *plugin; + struct hookdata *next; +}; + +/* Global Hash Table */ +struct hookdata *turnhash[MAX_TURN_HASH_SIZE]; + +/* Functions for the Hash Table */ +void init_hash_table(); +void clear_hash_table(); +u_int32_t insert_in_hash_bucket(struct hookpoint *, struct handlerinfo *, struct plugininfo *plugin); +int get_handler_match_in_hash_bucket(struct hookpoint *, struct handlerinfo **); + +int dump_hash(void); + +#endif Index: ipsec-tools-0.7.3/src/plugin_frame/position.h =================================================================== --- /dev/null +++ ipsec-tools-0.7.3/src/plugin_frame/position.h @@ -0,0 +1,175 @@ + +/************************************************************************************ +* Copyright (c) 2005, Novell Inc., * +* All rights reserved. * +* * +* Redistribution and use in source and binary forms, with or without * +* modification, are permitted provided that the following conditions * +* are met: * +* 1. Redistributions of source code must retain the above copyright * +* notice, this list of conditions and the following disclaimer. * +* 2. Redistributions in binary form must reproduce the above copyright * +* notice, this list of conditions and the following disclaimer in the * +* documentation and/or other materials provided with the distribution. * +* 3. Neither the name of the Novell nor the names of its contributors * +* may be used to endorse or promote products derived from this software * +* without specific prior written permission. * +* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND * +* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * +* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * +* ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE * +* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * +* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * +* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * +* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * +* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * +* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * +* SUCH DAMAGE. * +*************************************************************************************/ + +/* +The paylaod state will be defined as follows: + +u_int32_t payload_state = i|j|k1|k2 + +i- 0ne byte +j - One byte +k1 -One byte +k2 - One byte + +i- exchange type +j- Message index +k1- after payload +k2- before payload +*/ + +/*'i' - exchange type is defined as in RFC as follows: u_int8_t*/ + +#define ISAKMP_ETYPE_BASE 1 /* Base */ +#define ISAKMP_ETYPE_IDENT 2 /* Identity Proteciton */ +/*#define ISAKMP_ETYPE_AUTH 3*/ /* Authentication Only */ +#define ISAKMP_ETYPE_AGG 4 /* Aggressive */ +#define ISAKMP_ETYPE_INFO 5 /* Informational */ +#define ISAKMP_ETYPE_CFG 6 /* Mode config */ +#define ISAKMP_ETYPE_QUICK 32/* Quick Mode */ +#define ISAKMP_ETYPE_ALLPHASE1 0xfd +#define ISAKMP_ETYPE_ALLPHASE2 0xfe +#define ISAKMP_ETYPE_ALL 0xff + +/*'j' - Message Index - u_int8_t*/ +/* +MSb: +Initiator - 0 +Responsder - 1 + +Next bit: +Recv: 0 +Send: 1 + +Next 6 bits: +Message Index +*/ + +#define TPIKE_MIDX_INITIATOR 0x10 +#define TPIKE_MIDX_RESPONDER 0x20 +#define TPIKE_MIDX_RECEIVE 0x40 +#define TPIKE_MIDX_SEND 0x80 +#define TPIKE_MIDX_ANY 0x00 + +#define TPIKE_MAX_MESSAGE 16 + +#define ONE 1 + +/*Initiator */ + +#define INITIATOR_RECIEVE TPIKE_MIDX_INITIATOR|TPIKE_MIDX_RECEIVE +#define INITIATOR_SEND TPIKE_MIDX_INITIATOR|TPIKE_MIDX_SEND + +/*Responder*/ +#define RESPONDER_RECEIVE TPIKE_MIDX_RESPONDER|TPIKE_MIDX_RECEIVE +#define RESPONDER_SEND TPIKE_MIDX_RESPONDER|TPIKE_MIDX_SEND|(ONE) + +/*Initiator */ + +#define INITIATOR_RECIEVE_ONE INITIATOR_RECIEVE|ONE +#define INITIATOR_SEND_ONE INITIATOR_SEND|ONE + +#define INITIATOR_RECIEVE_TWO INITIATOR_RECIEVE|(ONE<<1) +#define INITIATOR_SEND_TWO INITIATOR_SEND|(ONE<<1) + +#define INITIATOR_RCVD_THREE INITIATOR_RECIEVE|(ONE<<2) +#define INITIATOR_SEND_THREE INITIATOR_SEND|(ONE<<2) + +/*Responder*/ +#define RESPONDER_RCVD_ONE RESPONDER_RECEIVE|(ONE) +#define RESPONDER_SEND_ONE RESPONDER_SEND|(ONE) + +#define RESPONDER_RCVD_TWO RESPONDER_RECEIVE|(ONE<<1) +#define RESPONDER_SEND_TWO RESPONDER_SEND|(ONE<<1) + +#define RESPONDER_RCVD_THREE RESPONDER_RECEIVE|(ONE<<2) +#define RESPONDER_SEND_THREE RESPONDER_SEND|(ONE<<2) + +/* + +'k1' (is payload after) - u_int8_t +'k2' (is payload before) - u_int8_t + +Wild card positions +k1=k2=0 => First Payload in message +k1=k2=0xff => Any, Last Payload in Message + +Relative position +k1=0,k2=x => before payload x , where x- payload type defined below +k1=x,k2=0 => after payload x , where x- payload type defined below +k1=x,k2=y => after payload x and before payload y, where x,y - payload types defined below. + +Absolute position +k1=k2=i => at absolute 'ith' payload. 1<=i<=0xfe + +*/ + +#define ISAKMP_NPTYPE_SA 1 /* Security Association */ +#define ISAKMP_NPTYPE_P 2 /* Proposal */ +#define ISAKMP_NPTYPE_T 3 /* Transform */ +#define ISAKMP_NPTYPE_KE 4 /* Key Exchange */ +#define ISAKMP_NPTYPE_ID 5 /* Identification */ +#define ISAKMP_NPTYPE_CERT 6 /* Certificate */ +#define ISAKMP_NPTYPE_CR 7 /* Certificate Request */ +#define ISAKMP_NPTYPE_HASH 8 /* Hash */ +#define ISAKMP_NPTYPE_SIG 9 /* Signature */ +#define ISAKMP_NPTYPE_NONCE 10 /* Nonce */ +#define ISAKMP_NPTYPE_N 11 /* Notification */ +#define ISAKMP_NPTYPE_D 12 /* Delete */ +#define ISAKMP_NPTYPE_VID 13 /* Vendor ID */ +#define ISAKMP_NPTYPE_ATTR 14 /* Attribute */ + +#define ISAKMP_NPTYPE_NATD_BADDRAFT 15 /* NAT Discovery */ +#define ISAKMP_NPTYPE_NATOA_BADDRAFT 16 /* NAT Original Address */ + +#define ISAKMP_NPTYPE_NATD_RFC 20 /* NAT Discovery */ +#define ISAKMP_NPTYPE_NATOA_RFC 21 /* NAT Original Address */ + +/* 128 - 255 -Private Payloads */ + + +#define ISAKMP_NPTYPE_NATD_DRAFT 130 /* NAT Discovery */ +#define ISAKMP_NPTYPE_NATOA_DRAFT 131 /* NAT Original Address */ +#define ISAKMP_NPTYPE_FRAG 132 /* IKE fragmentation payload */ + +#define GET_EXCH(x) ((((u_int32_t) (x) & 0xff000000) >> 24)) +#define SET_EXCH(x) (((u_int32_t)(x) << 24)) +#define GET_MIDX(x) ((((u_int32_t)(x) & 0x00ff0000) >> 16)) +#define SET_MIDX(x) (((u_int32_t) (x) << 16)) +#define GET_PAYLOAD_1(x) (((u_int32_t) (x) & 0x0000ff00) >> 8) +#define GET_PAYLOAD_2(y) ((u_int32_t) (y) & 0xff) +#define SET_PAYLOADS(x, y) ((((u_int32_t) (x) << 8) | (y))) + +#define MAKE_POS2(exch, j, payload1, payload2) \ + (u_int32_t) (((exch) << 24) | \ + (j << 16) | \ + ((payload1) << 8) | \ + ((payload2))) + +#define MAKE_POS(exch, initorresp, sendorrecv, messageno, payload1, payload2) \ + ( (u_int32_t) MAKE_POS2(exch, ((initorresp)|(sendorrecv)|(messageno)) , payload1, payload2) ) Index: ipsec-tools-0.7.3/src/plugin_frame/registration.c =================================================================== --- /dev/null +++ ipsec-tools-0.7.3/src/plugin_frame/registration.c @@ -0,0 +1,357 @@ + +/************************************************************************************ + * Copyright (c) 2005, Novell Inc., * + * All rights reserved. * + * * + * Redistribution and use in source and binary forms, with or without * + * modification, are permitted provided that the following conditions * + * are met: * + * 1. Redistributions of source code must retain the above copyright * + * notice, this list of conditions and the following disclaimer. * + * 2. Redistributions in binary form must reproduce the above copyright * + * notice, this list of conditions and the following disclaimer in the * + * documentation and/or other materials provided with the distribution. * + * 3. Neither the name of the Novell nor the names of its contributors * + * may be used to endorse or promote products derived from this software * + * without specific prior written permission. * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND * + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * + * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE * + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * + * SUCH DAMAGE. * + *************************************************************************************/ + +#include <stdio.h> +#include <sys/types.h> +#include <string.h> +#include <dlfcn.h> + +#include "config.h" +/* Framework headers */ +#include "common.h" +#include "framework.h" +#include "hashtable.h" +#include "error.h" + +/* Racoon headers for logging */ +#include "plog.h" +#include "misc.h" + +/* Global plugininfo list */ +struct plugininfo *plugin_info = NULL; + + +struct plugininfo *get_plugin_info(char *plugin_name) +{ + struct plugininfo *temp; + + temp = plugin_info; + while(temp != NULL) { + if(strcmp(temp->plugin_name, plugin_name) == 0) + return temp; + temp = temp->next; + } + return NULL; +} + +/************************************************************************************************************ +Function - is_plugin_registered +Input - plugin name +Output - pointer to the plugin +Description - This will search for the plugin in the pluginInfo list based on the plugin name. +************************************************************************************************************/ + +u_int8_t is_plugin_registered(char *plugin_name) +{ + if(get_plugin_info(plugin_name)) + return 1; + + return 0; +} + +/************************************************************************************************************ +Function - addPluginToList +Input - plugin name +Output - pointer to the plugin +Description - This will add the plugin in the pluginInfo list based on the plugin name. +************************************************************************************************************/ +struct plugininfo *add_plugin_to_list(char *plugin_name) +{ + struct plugininfo *newinfo, *temp; + int plugin_len = 0; + + if(plugin_name == NULL) + return NULL; + + newinfo = (struct plugininfo *)malloc(sizeof(struct plugininfo)); + if(newinfo == NULL) + return NULL; + + memset(newinfo,0,sizeof(newinfo)); + + plugin_len = strlen(plugin_name); + + newinfo->plugin_name = (char *)malloc(plugin_len + 1); + if(newinfo->plugin_name == NULL) //malloc failed + return NULL; + + memset(newinfo->plugin_name, 0, plugin_len + 1); + strncpy(newinfo->plugin_name, plugin_name, plugin_len); + + newinfo->gprivdata = NULL; + newinfo->so_handle = NULL; + newinfo->next = NULL; + + //add to end of list + temp = plugin_info; + if(!temp) + { + plugin_info = newinfo; + } + else + { + while(temp->next) + { + temp = temp->next; + } + temp->next = newinfo; + } + return newinfo; +} + + +/* *****************************************************************************/ +/* Function - removePluginFromList */ +/* Input - plugin name */ +/* Output - */ +/* Description - This will remove the plugin in the pluginInfo list */ +/* based on the plugin name */ +/* ******************************************************************************/ +void remove_plugin_from_list(char *plugin_name) +{ + struct plugininfo *toremove, *temp; + + if(!strcmp(plugin_info->plugin_name, plugin_name)) + { + toremove = plugin_info; + plugin_info = plugin_info->next; + //deep free plugin info + free_plugin_info_all(toremove); + free(toremove); + } + else + { + temp = plugin_info; + while(temp->next) + { + if(!strcmp(temp->next->plugin_name, plugin_name)) + { + toremove = temp->next; + temp->next = temp->next->next; + //deep free plugin info + free_plugin_info_all(toremove); + free(toremove); + } + temp = temp->next; + } + } + +} + +void free_plugin_info_all(struct plugininfo *plugin) +{ + if(plugin->plugin_name) + free(plugin->plugin_name); + /* Plugin would have freed the private data by now */ + /* + // No need to free so_handle as it never got allocated (9.3 racoon crash on disconnect problem fix ) + if(plugin->so_handle) + free(plugin->so_handle); + */ +} + +/*************************************************************************** + * Function - registerHandler + * Input - plugin name, hookpoint, handlerinfo + * Output - success or failure or already registered + * Description - This function will be called by the IKE plugin for each + * hookpoint to register the handlerinfo. + **************************************************************************/ +int tpike_register_handler(struct hookpoint *hp, struct handlerinfo *hi) +{ + int status; + struct plugininfo *plugin; + + if((plugin = get_plugin_info(hi->plugin_name)) == NULL) + return TPIKE_ERR_PLUGIN_NOT_REGISTERED; + + // update the handlerInfo for each hookpoint to have a backpointer to the plugin. + //handlerInfo->plugin = plugin; + + //insert in hash table + status = insert_in_hash_bucket(hp, hi, plugin); + + return status; +} + +int tpike_deregister_handlers(char *plugin_name) +{ + /* just clean up the hash_table. +TODO: Maintain a chain of handlers for each plugin, +clean up only the handlers registered by this plugin +*/ + clear_hash_table (); + return 0; +} + +int tpike_deregister_plugin_all() +{ + struct plugininfo *plugin = NULL; + char sym_name[256]; + char *plugin_name = NULL; + int retval = TPIKE_ERR_PLUGIN_GENERIC; + int (*deregister_fn)(void *) = NULL; + + //de-register all plugins + plugin = plugin_info; + + while(plugin) + { + if (!plugin->so_handle) + return TPIKE_ERR_SO_LOAD_FAILURE; + + plugin_name = plugin->plugin_name; + + sprintf(sym_name, "turnpike_%s_deregister", plugin_name); + if (!(deregister_fn = dlsym(plugin->so_handle, sym_name))) + return TPIKE_ERR_SYM_LOAD_FAILURE; + + plugin->deregister_fn = deregister_fn; + + /* plugin's deregister function will clean-up private data + and deregister handlers */ + retval = (*deregister_fn)(plugin->gprivdata); + + /* plugin's IKE .so related clean-up is over, unload the .so */ + if(retval == TPIKE_STATUS_SUCCESS) + retval = dlclose(plugin->so_handle); + + plugin = plugin->next; + + /* remove the plugin from the framework's plugin list */ + if(!retval) + { + remove_plugin_from_list(plugin_name); + } + } + return retval; +} + +int tpike_register_plugin(short ver, const char *pluginso, char *pluginname, void *cp) +{ + char sym_name[256] = "\0"; + void *so_handle = NULL; + tpike_plugin_init_func_t *plugin_init_fn = NULL; + struct plugininfo *plugin = NULL; + +#if 0 + plog(LLV_DEBUG2, LOCATION, NULL, "about to call so: %s plugin name is :%s \n",pluginso, pluginname); +#else + printf("about to call so: %s plugin name is :%s \n",pluginso, pluginname); +#endif + if (is_plugin_registered(pluginname) == 0 ) + { + //Add this plugin to my plugin list + plugin = add_plugin_to_list(pluginname); //(plugin name) + if(plugin == NULL) + return TPIKE_ERR_PLUGIN_REGISTRATION_FAILURE; + } + else + { + plugin = get_plugin_info(pluginname); + } + + //load plugin. + if (!plugin) + return TPIKE_ERR_PLUGIN_REGISTRATION_FAILURE; + + sprintf(sym_name, "turnpike_%s_init", pluginname); + + //so_handle = dlopen(pluginso, RTLD_LAZY); + if (!plugin->so_handle) + plugin->so_handle = dlopen(pluginso, RTLD_GLOBAL | RTLD_LAZY); + + if (plugin->so_handle){ +#if 0 + plog(LLV_DEBUG, LOCATION, NULL, "Opened so: %s -- Searching for symbol %s\n",pluginso, sym_name); +#else + printf("Opened so: %s -- Searching for symbol %s\n",pluginso, sym_name); + +#endif + + plugin_init_fn = dlsym(plugin->so_handle, sym_name); + } + else + { +#if 0 + plog(LLV_ERROR, LOCATION, NULL, "Failed opening so:%s, dlopen returned error:%s\n", pluginso, dlerror()); +#else + printf( "Failed opening so:%s, dlopen returned error:%s\n", pluginso, dlerror()); + +#endif + //remove plugin from plugin list + remove_plugin_from_list(pluginname); + return TPIKE_ERR_SO_LOAD_FAILURE; + } + +#if 0 + plog(LLV_DEBUG2, LOCATION, NULL, "About to call init at memory location %x with cp %x and plugin %x\n", plugin_init_fn, cp, plugin); +#else + printf("About to call init at memory location %p with cp %p and plugin %p\n", plugin_init_fn, + cp, plugin); + +#endif + + if(plugin_init_fn){ + (*plugin_init_fn)(ver, cp, &(plugin->gprivdata)); //(short, void *cp, void **gp) + plugin->init_fn = plugin_init_fn; + } + else + { + //remove plugin from plugin list + // Commenting for debugging + remove_plugin_from_list(pluginname); + return TPIKE_ERR_SYM_LOAD_FAILURE; + } +#ifndef NODEBUG + dump_hash(); +#endif + + return 0; +} + +int tpike_plugin_getdata(short ver, char *pluginname, int inlen, char *inbuf, + int *outlen, char **outbuf) +{ + struct plugininfo *plugin = NULL; + char sym_name[256]; + tpike_plugin_getdata_func_t *getdata_fn = NULL; + + if ((plugin = get_plugin_info(pluginname)) == NULL) + return TPIKE_ERR_PLUGIN_NOT_REGISTERED; + + if (!plugin->so_handle) + return TPIKE_ERR_SO_LOAD_FAILURE; + sprintf(sym_name, "turnpike_%s_getdata", pluginname); + if (!(getdata_fn = dlsym(plugin->so_handle, sym_name))) + return TPIKE_ERR_SYM_LOAD_FAILURE; + plugin->getdata_fn = getdata_fn; + return (int) ((*getdata_fn)(ver, plugin->gprivdata, inlen, inbuf, outlen, outbuf)); +} + Index: ipsec-tools-0.7.3/src/plugin_frame/Makefile.am =================================================================== --- /dev/null +++ ipsec-tools-0.7.3/src/plugin_frame/Makefile.am @@ -0,0 +1,17 @@ +include_plugin_framedir = ${includedir}/plugin_frame + +noinst_LTLIBRARIES = libplugin_frame.la + +INCLUDES=-I${srcdir}/../racoon/ -I${srcdir}/../libipsec/ +AM_CFLAGS = -D_GNU_SOURCE @GLIBC_BUGS@ -DSYSCONFDIR=\"${sysconfdir}\" \ + -DADMINPORTDIR=\"${adminsockdir}\" + +libplugin_frame_la_SOURCES = \ + hashtable.c registration.c dispatch.c + +libplugin_framedir = $(includedir)/plugin_frame + +include_plugin_frame_HEADERS= \ + hashtable.h common.h framework.h error.h position.h + +libplugin_frame_la_LDFLAGS = -version-info 1:0:0 -static Index: ipsec-tools-0.7.3/src/Makefile.am =================================================================== --- ipsec-tools-0.7.3.orig/src/Makefile.am +++ ipsec-tools-0.7.3/src/Makefile.am @@ -1,3 +1,3 @@ -SUBDIRS = @INCLUDE_GLIBC@ libipsec setkey racoon +SUBDIRS = @INCLUDE_GLIBC@ plugin_frame libipsec setkey racoon -DIST_SUBDIRS = include-glibc libipsec setkey racoon +DIST_SUBDIRS = include-glibc plugin_frame libipsec setkey racoon Index: ipsec-tools-0.7.3/src/racoon/admin.h =================================================================== --- ipsec-tools-0.7.3.orig/src/racoon/admin.h +++ ipsec-tools-0.7.3/src/racoon/admin.h @@ -77,11 +77,22 @@ struct admin_com { */ #define ADMIN_ESTABLISH_SA_PSK 0x0203 +/* 0x03xx is used for supporting plugin_frame features*/ +#define ADMIN_PUSH_PHASE1CONFIG 0x0301 +#define ADMIN_PUSH_PHASE1PROPOSAL 0x0302 +#define ADMIN_PUSH_PHASE2CONFIG 0x0303 +#define ADMIN_DISCONNECT_DST 0x0304 +#define ADMIN_REPARSE_RACOON_CONF 0x0305 +#define ADMIN_REPLACE_SAINFO 0x0306 +#define ADMIN_SET_VENDOR_CONFIG_DATA 0x0307 +#define ADMIN_GET_VENDOR_PRIV_DATA 0X0308 + /* * user login follows */ #define ADMIN_LOGOUT_USER 0x0205 /* Delete SA for a given Xauth user */ + /* * Range 0x08xx is reserved for privilege separation, see privsep.h */ @@ -93,6 +104,11 @@ struct admin_com { #define ADMIN_PROTO_ESP 0x0202 #define ADMIN_PROTO_INTERNAL 0x0301 +/* the value of policy action for supporting plugin_frame features*/ +#define ACTION_ENCRYPT 0x0000 +#define ACTION_DENY 0x0001 +#define ACTION_BYPASS 0x0002 + struct admin_com_indexes { u_int8_t prefs; u_int8_t prefd; @@ -109,6 +125,89 @@ struct admin_com_psk { /* Followed by id and key */ }; +struct peer_identifier { + u_int8_t id_type; + u_int16_t id_len; + char idv[1]; +}; + +struct admin_com_ph1config { + struct sockaddr_storage dst; + u_int8_t mode; /* exchange type*/ + u_int8_t verify_cert; + u_int8_t verify_identifier; + u_int8_t my_identifier_type; + u_int16_t my_identifier_len; + u_int16_t num_peer_identifier; + char id[1]; + /* id[1] format:my_identifier followed by peer_identifier struct(s)*/ +}; + +struct admin_com_ph1proposal { + u_int8_t encryption_algo; + u_int8_t hash_algo; + u_int8_t auth_method; + u_int8_t dh_group; +}; + +struct admin_com_ph1proposal_list{ + struct sockaddr_storage dst; + u_int8_t num_proposal; /* number of proposals being sent */ + struct admin_com_ph1proposal ph1proposal[1];/* if num_proposal > 1, */ + /*this will be a list of proposals */ +}; + +struct admin_com_ph2_ikeattrib { + u_int8_t pfs_group; + u_int8_t encryption_algorithm; + u_int8_t authentication_algorithm; + u_int8_t compression_algorithm; + u_int32_t lifetime; +}; + +struct admin_com_ph2policy { + struct sockaddr_storage dst_addr; + u_int8_t dst_prefixlen; + u_int8_t upperspec; + u_int8_t direction; + u_int8_t action; + u_int8_t protocol; + u_int8_t mode; +}; + +struct admin_com_ph2config { + struct sockaddr_storage src_end_point; + struct sockaddr_storage dst_end_point; + short num_ph2_policies; + char pad; + char policy[1]; +}; + +typedef struct { + int addrtype; /* Use IPSECDOI_ID_xxxx_xxxx types. eg. IPSECDOI_ID_IPV4_ADDR */ + union { + struct sockaddr_storage addr; + struct { + struct sockaddr_storage laddr; + struct sockaddr_storage haddr; + } range; + } addrt; +} admin_com_addrinfo; + +struct admin_com_replace_sainfo{ + admin_com_addrinfo old_src_addr; + admin_com_addrinfo old_dst_addr; + admin_com_addrinfo new_src_addr; + admin_com_addrinfo new_dst_addr; + struct sockaddr_storage peeraddr; +}; + + extern int admin2pfkey_proto __P((u_int)); +#define POLICY_STR_LEN 512 + +/* TEMPORARY STUFF for supporting plugin_frame */ +extern int add_default_policy_to_SPD(int); + #endif /* _ADMIN_H */ Index: ipsec-tools-0.7.3/src/racoon/admin.c =================================================================== --- ipsec-tools-0.7.3.orig/src/racoon/admin.c +++ ipsec-tools-0.7.3/src/racoon/admin.c @@ -5,7 +5,7 @@ /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -17,7 +17,7 @@ * 3. Neither the name of the project nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -40,6 +40,7 @@ #include <sys/stat.h> #include <sys/un.h> +#include <arpa/inet.h> #include <net/pfkeyv2.h> #include <netinet/in.h> @@ -85,16 +86,37 @@ #include "session.h" #include "gcmalloc.h" +#include "algorithm.h" +#include "sainfo.h" + +#ifdef PLUGINS_SUPPORT +#include "plugin_frame/common.h" +#endif + +#include "cfparse_proto.h" + #ifdef ENABLE_ADMINPORT char *adminsock_path = ADMINSOCK_PATH; uid_t adminsock_owner = 0; gid_t adminsock_group = 0; mode_t adminsock_mode = 0600; +static const char *protocol[] = { + "esp", "ah", "ipcomp" +}; + +static const char *mode[] = { + "tunnel", "transport" +}; + static struct sockaddr_un sunaddr; static int admin_process __P((int, char *)); static int admin_reply __P((int, struct admin_com *, vchar_t *)); +static void isakmp_flush_sa __P((struct ph1handle *, char *, char *)); +int add_policy_to_SPD __P((struct sockaddr_storage *, + struct sockaddr_storage *, struct admin_com_ph2policy *)); + int admin_handler() { @@ -166,7 +188,7 @@ admin_handler() /* * main child's process. */ -static int +int admin_process(so2, combuf) int so2; char *combuf; @@ -177,6 +199,7 @@ admin_process(so2, combuf) vchar_t *key = NULL; int idtype = 0; int error = -1; + int i = 0; com->ac_errno = 0; @@ -210,7 +233,7 @@ out2: case ADMIN_SHOW_EVT: /* It's not really an error, don't force racoonctl to quit */ if ((buf = evt_dump()) == NULL) - com->ac_errno = 0; + com->ac_errno = 0; break; case ADMIN_SHOW_SA: @@ -290,7 +313,7 @@ out2: STRDUP_FATAL(rem); if ((iph1 = getph1byaddrwop(src, dst)) == NULL) { - plog(LLV_ERROR, LOCATION, NULL, + plog(LLV_ERROR, LOCATION, NULL, "phase 1 for %s -> %s not found\n", loc, rem); } else { if (iph1->status == PHASE1ST_ESTABLISHED) @@ -320,7 +343,7 @@ out2: user[len] = 0; found = purgeph1bylogin(user); - plog(LLV_INFO, LOCATION, NULL, + plog(LLV_INFO, LOCATION, NULL, "deleted %d SA for user \"%s\"\n", found, user); break; @@ -339,7 +362,7 @@ out2: rem = racoon_strdup(saddrwop2str(dst)); STRDUP_FATAL(rem); - plog(LLV_INFO, LOCATION, NULL, + plog(LLV_INFO, LOCATION, NULL, "Flushing all SAs for peer %s\n", rem); while ((iph1 = getph1bydstaddrwop(dst)) != NULL) { @@ -365,14 +388,14 @@ out2: com->ac_cmd = ADMIN_ESTABLISH_SA; acp = (struct admin_com_psk *) - ((char *)com + sizeof(*com) + + ((char *)com + sizeof(*com) + sizeof(struct admin_com_indexes)); idtype = acp->id_type; if ((id = vmalloc(acp->id_len)) == NULL) { plog(LLV_ERROR, LOCATION, NULL, - "cannot allocate memory: %s\n", + "cannot allocate memory: %s\n", strerror(errno)); break; } @@ -381,7 +404,7 @@ out2: if ((key = vmalloc(acp->key_len)) == NULL) { plog(LLV_ERROR, LOCATION, NULL, - "cannot allocate memory: %s\n", + "cannot allocate memory: %s\n", strerror(errno)); vfree(id); id = NULL; @@ -455,7 +478,7 @@ out2: rmconf->xauth->pass = key; } #endif - + plog(LLV_INFO, LOCATION, NULL, "accept a request to establish IKE-SA: " "%s\n", saddrwop2str(remote)); @@ -481,6 +504,626 @@ out1: } } break; +#ifdef ENABLE_AP_CLIENTMODE + case ADMIN_PUSH_PHASE1CONFIG: + { + struct sockaddr *dst = NULL; + struct remoteconf *remoteconf = NULL, *new_rmconf = NULL; + struct admin_com_ph1config *ph1ptr = NULL; + struct idspec *id = NULL; + vchar_t *my_id = NULL; + vchar_t *peer_id_val = NULL; + +#if 0 + cfreparse(); +#endif + + ph1ptr = (struct admin_com_ph1config *) + ((caddr_t)com + sizeof(*com)); + + dst = (struct sockaddr *)&ph1ptr->dst; + + remoteconf = getrmconf(dst); + + if(!remoteconf || remoteconf->remote->sa_family == AF_UNSPEC){ + /* we've hit the anonymous remote configuration */ + remoteconf = new_rmconf = newrmconf(); + if(remoteconf == NULL){ + plog(LLV_ERROR, LOCATION, NULL, + "Failed to get new remoteconf\n"); + goto out; + } + remoteconf->remote = (struct sockaddr *) + racoon_calloc(1,sizeof(struct sockaddr)); + if(remoteconf->remote == NULL){ + plog(LLV_ERROR, LOCATION, NULL, + "Failed to allocate for remote IPAddr\n"); + delrmconf(remoteconf); + goto out; + } + memcpy(remoteconf->remote, dst, sizeof(struct sockaddr)); + } + + if(remoteconf->etypes == NULL){ + remoteconf->etypes = (struct etypes *)racoon_calloc + (1,sizeof(struct etypes)); + if(remoteconf->etypes == NULL){ + plog(LLV_ERROR, LOCATION, NULL, + "Failed to allocate for exchange type list\n"); + delrmconf(remoteconf); + goto out; + } + } + + remoteconf->etypes->type = ph1ptr->mode; + remoteconf->proposal = NULL; + remoteconf->verify_cert = ph1ptr->verify_cert; +#if 0 + //changes to be made - begin + remoteconf->certtype = ISAKMP_CERT_X509SIGN; + remoteconf->mycertfile = strdup("usercert.pem"); + remoteconf->myprivfile = strdup("userkeyunenc.pem"); + //changes to be made - end + + + remoteconf->certtype = ph1ptr->certtype; + strcpy(remoteconf->mycertfile, ph1ptr->mycertfile); + strcpy(remoteconf->myprivfile,ph1ptr->myprivfile); + strcpy(remoteconf->peerscertfile,ph1ptr->peerscertfile); +#endif + /* my Identifier */ + remoteconf->idvtype = ph1ptr->my_identifier_type; + if(ph1ptr->my_identifier_len > 0){ + /* populate my_identifier's value */ + if ((my_id = vmalloc(ph1ptr->my_identifier_len)) + == NULL) { + plog(LLV_ERROR, LOCATION, NULL, + "cannot allocate memory: %s\n", + strerror(errno)); + delrmconf(remoteconf); + goto out; + } + memcpy(my_id->v, ph1ptr->id, my_id->l); + + if(set_identifier(&remoteconf->idv, + remoteconf->idvtype, my_id) != 0){ + plog(LLV_ERROR, LOCATION, NULL, + "Failed to set my identifier\n"); + + vfree(my_id); + delrmconf(remoteconf); + goto out; + } + } + + /* peer Identifiers */ + remoteconf->verify_identifier = ph1ptr->verify_identifier; + + if(remoteconf->verify_identifier == TRUE){ + int i = 0, peer_id_hdrlen = 0; + struct peer_identifier *peer_id = + (struct peer_identifier *) + (ph1ptr->id+ph1ptr->my_identifier_len); + + peer_id_hdrlen = sizeof(struct peer_identifier); + + for( ; i < ph1ptr->num_peer_identifier ; + i++, peer_id += peer_id_hdrlen + peer_id->id_len - 1){ + id = newidspec(); + if (id == NULL) { + plog(LLV_ERROR, LOCATION, NULL, + "failed to allocate idspec\n"); + delrmconf(remoteconf); + vfree(my_id); + racoon_free(id); + goto out; + } + + /* populate peer_identifier's value */ + if ((peer_id_val = vmalloc(peer_id->id_len)) == NULL) { + plog(LLV_ERROR, LOCATION, NULL, + "cannot allocate memory: %s\n", + strerror(errno)); + racoon_free(id); + vfree(my_id); + delrmconf(remoteconf); + goto out; + } + memcpy(peer_id_val->v, peer_id->idv, peer_id_val->l); + + if (set_identifier + (&id->id, peer_id->id_type, peer_id_val) != 0){ + plog(LLV_ERROR, LOCATION, NULL, + "failed to set identifer\n"); + vfree(peer_id_val); + racoon_free(id); + vfree(my_id); + delrmconf(remoteconf); + goto out; + } + id->idtype = peer_id->id_type; + genlist_append (remoteconf->idvl_p, id); + } + } + if (new_rmconf) + insrmconf(remoteconf); + } + break; + case ADMIN_PUSH_PHASE1PROPOSAL: + { + struct admin_com_ph1proposal_list *ph1_proposal_list = NULL; + struct admin_com_ph1proposal *ph1_proposal = NULL; + struct sockaddr *dst = NULL; + struct remoteconf *remoteconf = NULL; + struct proposalspec *prspec = NULL; + struct isakmpsa *new_proposal = NULL; + int i = 0; + + ph1_proposal_list = + (struct admin_com_ph1proposal_list *) + ((caddr_t)com + sizeof(*com)); + + ph1_proposal = ph1_proposal_list->ph1proposal; + dst = (struct sockaddr *)&ph1_proposal_list->dst; + + remoteconf = getrmconf_strict(dst,0); + if(!remoteconf || remoteconf->remote->sa_family == AF_UNSPEC){ + /* we've hit the anonymous remote configuration */ + plog(LLV_ERROR, LOCATION, NULL, + "Failed to get remoteconf for %s\n", + saddr2str(dst)); + goto out; + } + + /* Got the corresponding remoteconf. Add the policies */ + for (i = 0;i<ph1_proposal_list->num_proposal; + i++, ph1_proposal++){ + new_proposal = newisakmpsa(); + if (new_proposal == NULL){ + plog(LLV_ERROR, LOCATION, NULL, + "Failed to allocate new isakmpsa\n"); + goto out; + } + new_proposal->lifetime = oakley_get_defaultlifetime(); + new_proposal->enctype = ph1_proposal->encryption_algo; + new_proposal->authmethod = ph1_proposal->auth_method; + new_proposal->hashtype = ph1_proposal->hash_algo; + new_proposal->dh_group = ph1_proposal->dh_group; + + insisakmpsa(new_proposal, remoteconf); + } + + /* DH group settting if aggressive mode is there. */ + if (check_etypeok(remoteconf, ISAKMP_ETYPE_AGG) != NULL) { + struct isakmpsa *p; + int b = 0; + + /* DH group */ + for (p = remoteconf->proposal; p; p = p->next) { + if (b == 0 || (b && b == p->dh_group)) { + b = p->dh_group; + continue; + } + plog(LLV_ERROR, LOCATION, NULL, + "DH group must be equal " + "in all proposals " + "when aggressive mode is " + "used\n"); + goto out; + } + remoteconf->dh_group = b; + + if (remoteconf->dh_group == 0) { + plog(LLV_ERROR, LOCATION, NULL, + "DH group must be set in the proposal\n"); + goto out; + } + + /* DH group settting if PFS is required. */ + if (oakley_setdhgroup(remoteconf->dh_group, + &remoteconf->dhgrp) < 0) { + plog(LLV_ERROR, LOCATION, NULL, + "failed to set DH value.\n"); + goto out; + } + } + } + break; + case ADMIN_PUSH_PHASE2CONFIG: + { + struct admin_com_ph2config *ph2ptr = NULL; + struct admin_com_ph2policy *ph2policy = NULL; + struct admin_com_ph2_ikeattrib *ph2ikeattrib = NULL; + struct sainfo *new_sainfo = NULL, + *check = NULL, + *old_sainfo = NULL; + struct sockaddr_storage *src_end_point = NULL, + *dst_end_point = NULL; + struct sainfoalg *alg = NULL; + struct sockaddr *dst_addr = NULL; + vchar_t *s_id = NULL, *d_id = NULL; + short num_ph2_policies = 0; + int i = 0, sa_count = 0; + int encalgtype = 0, hmacalgtype = 0; + + + ph2ptr = (struct admin_com_ph2config *) + ((caddr_t)com + sizeof(*com)); + ph2policy = (struct admin_com_ph2policy *)(ph2ptr->policy); + + for(; i < ph2ptr->num_ph2_policies; i++, ph2policy++){ + /* push policy to SPD */ + if (add_policy_to_SPD + (&ph2ptr->src_end_point, &ph2ptr->dst_end_point, + ph2policy) == -1) + continue; + } + + } + break; + case ADMIN_DISCONNECT_DST: + { + struct ph1handle *iph1; + struct sockaddr *dst; + char *loc, *rem; + int pfkey_proto, pfkey_so;; + + dst = (struct sockaddr *) + &((struct admin_com_indexes *) + ((caddr_t)com + sizeof(*com)))->dst; + + if ((rem = strdup(saddrwop2str(dst))) == NULL) { + plog(LLV_ERROR, LOCATION, NULL, + "failed to allocate memory\n"); + break; + } + + plog(LLV_INFO, LOCATION, NULL, + "Flushing all SA for peer %s\n", rem); + + while ((iph1 = getph1bydstaddrwop(dst)) != NULL) { + if ((loc = strdup(saddrwop2str(iph1->local))) == NULL){ + plog(LLV_ERROR, LOCATION, NULL, + "failed to allocate memory\n"); + break; + } + + /* flush all SAs associated with this connection */ + if((pfkey_so = pfkey_open()) < 0){ + plog(LLV_ERROR, LOCATION, NULL, + "pfkey_open failed\n"); + } + else { + //pfkey_proto = admin2pfkey_proto(com->ac_proto); + //struct sockaddr_in sa_dst, sa_src; + if(pfkey_send_spdflush(pfkey_so) == -1){ + plog(LLV_ERROR, LOCATION, NULL, + "pfkey_send_spdflush failed\n"); + } + if(pfkey_send_flush( + pfkey_so, SADB_SATYPE_UNSPEC) == -1){ + plog(LLV_ERROR, LOCATION, NULL, + "pfkey_send_sadflush failed\n"); + } + /* sa_dst.sin_family = AF_INET; + sa_dst.sin_addr.s_addr = ((struct sockaddr_in *)(iph1->remote))->sin_addr.s_addr; + sa_dst.sin_port = 0; + + sa_src.sin_family = AF_INET; + sa_src.sin_addr.s_addr = ((struct sockaddr_in *)(iph1->local))->sin_addr.s_addr; + sa_src.sin_port = 0; + + if (pfkey_send_delete_all(pfkey_so, + pfkey_proto, IPSEC_MODE_TUNNEL, + (struct sockaddr *)&sa_src, (struct sockaddr *)&sa_dst) == -1) { + plog(LLV_ERROR, LOCATION, NULL, + "delete_all %s -> %s failed \n", + rem, loc + ); + } + */ + pfkey_close(pfkey_so); + } + isakmp_flush_sa(iph1, loc, rem); + + racoon_free(loc); + } + racoon_free(rem); +#ifdef PLUGINS_SUPPORT + tpike_deregister_plugin_all(); +#endif + } + break; + case ADMIN_REPARSE_RACOON_CONF: + { + int file_name_len; + char conf_file_name[512]; + struct stat finfo; + caddr_t recvd_data = NULL; + + /* Get the params */ + recvd_data = (caddr_t)com + sizeof(*com); + file_name_len = *((int *)(recvd_data)); + recvd_data += sizeof(int); + + if (file_name_len >= sizeof(conf_file_name)) + goto out; + + memcpy(conf_file_name, + (char *)(recvd_data), file_name_len); + + conf_file_name[file_name_len] = '\0'; + + /* Check for File security */ + if (stat(conf_file_name, &finfo) != 0){ + plog(LLV_ERROR, LOCATION, NULL, + "stat failed for file %s : %s\n", + conf_file_name, strerror(errno)); + goto out; + } + /* Checking to see if the file has the same owner or group + * as adminsock + */ + if ((finfo.st_uid != adminsock_owner) && + (finfo.st_gid != adminsock_group)) { + plog(LLV_ERROR, LOCATION, NULL, + "Group for the conf file %s does not match" + "with the group of admin port(%d:%d)\n", + conf_file_name, finfo.st_gid, adminsock_group); + goto out; + } + + + /* Verify that the file does not give more + * permissions than what is allowed for adminsock + */ + mode_t curr_mode = finfo.st_mode & ~S_IFMT; + + if ((curr_mode & adminsock_mode) != curr_mode) { + plog(LLV_ERROR, LOCATION, NULL, + "File does not have correct permissions. " + "Expected : %d Has : %d\n", + adminsock_mode, (curr_mode & S_IRWXU)); + goto out; + } + setracoonconf(conf_file_name); + kill (getpid(), SIGHUP); + } + break; + case ADMIN_REPLACE_SAINFO: + { + struct admin_com_replace_sainfo *ap_replace_sai = NULL; + struct sainfo *old_sainfo = NULL, *new_sainfo = NULL; + admin_com_addrinfo *src = NULL, *dst = NULL; + struct sockaddr_in *temp_addr; + vchar_t *s_id = NULL, *d_id = NULL, *p_id = NULL, *temp_id = NULL, + *new_s_id = NULL, *new_d_id = NULL; + int sa_count = 0; + int remoteid = 0; + int new_remoteid = 0; + struct remoteconf *conf = NULL; /// get the remoteid + + ap_replace_sai = (struct admin_com_replace_sainfo *) + ((caddr_t)com + sizeof(*com)); + + s_id = get_ipsecdoi_id(&(ap_replace_sai->old_src_addr), + IPSEC_ULPROTO_ANY); + + d_id = get_ipsecdoi_id(&(ap_replace_sai->old_dst_addr), IPSEC_ULPROTO_ANY); + + p_id = ipsecdoi_sockaddr2id((struct sockaddr *)&(ap_replace_sai->peeraddr), + sizeof(struct in_addr), + IPSEC_ULPROTO_ANY); + ipsecdoi_idtype2doi(p_id); + + src = &(ap_replace_sai->new_src_addr); + dst = &(ap_replace_sai->new_dst_addr); + + + new_s_id = get_ipsecdoi_id(src, IPSEC_ULPROTO_ANY); + new_d_id = get_ipsecdoi_id(dst, IPSEC_ULPROTO_ANY); + + + temp_addr = (struct sockaddr_in *)&(ap_replace_sai->old_src_addr.addrt.addr); + printf("Old src addr : %x\n", + temp_addr->sin_addr.s_addr + ); + temp_addr = (struct sockaddr_in *)&(ap_replace_sai->old_dst_addr.addrt.addr); + printf("Old dst addr : %x\n", + temp_addr->sin_addr.s_addr + ); + + temp_addr = (struct sockaddr_in *)&(ap_replace_sai->new_src_addr.addrt.addr); + printf("New src addr : %x\n", + temp_addr->sin_addr.s_addr + ); + + temp_addr = (struct sockaddr_in *)&(ap_replace_sai->new_dst_addr.addrt.addr); + printf("New dst addr : %x\n", + temp_addr->sin_addr.s_addr + ); + + /// how to get the remote addr? + conf = getrmconf((struct sockaddr *)&(ap_replace_sai->old_dst_addr.addrt.addr)); + if (conf != NULL) { + remoteid = conf->ph1id; + plog(LLV_DEBUG, LOCATION, NULL, "Get remoteid success(%d).\n", remoteid); + } else { + plog(LLV_DEBUG, LOCATION, NULL, "Warning: no valid rmconf !\n"); + remoteid = 0; + } + + /// how to get the remote addr? + conf = getrmconf((struct sockaddr *)&(ap_replace_sai->new_dst_addr.addrt.addr)); + if (conf != NULL) { + new_remoteid = conf->ph1id; + plog(LLV_DEBUG, LOCATION, NULL, "Get new_remoteid success(%d).\n", remoteid); + } else { + plog(LLV_DEBUG, LOCATION, NULL, "Warning: no valid rmconf !\n"); + new_remoteid = 0; + } + + do { + sa_count++; + // getsainfo(loc, rmt, peer, remoteid) + old_sainfo = getsainfo(s_id, d_id, NULL, remoteid); + + if (old_sainfo && old_sainfo->idsrc){ + /* Corressponding Entry found. + * Allocate a new sa_info struct + * copy the new addresses + * delete the old one and insert the new one + */ + new_sainfo = dupsainfo(old_sainfo); + if (new_sainfo == NULL) { + plog(LLV_ERROR, LOCATION, NULL, + "failed to allocate sainfo\n"); + if (sa_count == 2){ + /* Remove already added policy */ + new_sainfo = + getsainfo(new_s_id, new_d_id, p_id, new_remoteid); + if ((new_sainfo) && + (new_sainfo->idsrc != NULL)){ + /* Not an anonymous entry */ + remsainfo(new_sainfo); + delsainfo(new_sainfo); + } + } + goto out; + } + new_sainfo->idsrc = new_s_id; + new_sainfo->iddst = new_d_id; + + inssainfo(new_sainfo); + remsainfo(old_sainfo); + delsainfo(old_sainfo); + } + else{ + /* + plog(LLV_ERROR, LOCATION, NULL, + "No matching sa_info found. Src(%s):Dst(%s)", + saddr2str((struct sockaddr *)&(src->addrt.addr)), saddr2str((struct sockaddr *)&(dst->addrt.addr))); + */ + plog(LLV_ERROR, LOCATION, NULL, + "No matching sa_info found...\n"); + goto out; + } + + //Repeat for the opposite direction + temp_id = s_id; + s_id = d_id; + d_id = temp_id; + + temp_id = new_s_id; + new_s_id = vdup(new_d_id); + new_d_id = vdup(temp_id); + + } while (sa_count < 2); + } + break; + case ADMIN_GET_VENDOR_PRIV_DATA: + { + caddr_t vendor_conf_opq_data = NULL; + + vendor_conf_opq_data = (caddr_t)com + sizeof(*com); +#ifdef PLUGINS_SUPPORT + { + size_t *gw_type_len = NULL; + size_t *inbuf_len = NULL; + int outbuf_len = 0; + char gw_type[128]; + caddr_t inbuf = NULL, outbuf = NULL; + caddr_t plugin_private_data = NULL; + short *ver = NULL; + + /* + * The private data structure is as follows: + * Version + + * Gateway type in LV Format + + * Private data to be passed on to the IKE Plugin in LV Format + */ + + /* Version */ + ver = (short *)vendor_conf_opq_data; + vendor_conf_opq_data += sizeof(short); + + /* Gateway Type in LV format */ + gw_type_len = (size_t *)vendor_conf_opq_data; + vendor_conf_opq_data += sizeof(size_t); + + memcpy(gw_type, (char *)vendor_conf_opq_data, + *gw_type_len); + gw_type[*gw_type_len] = '\0'; + vendor_conf_opq_data += *gw_type_len; + + /* Length of private data */ + inbuf_len = (size_t *)vendor_conf_opq_data; + vendor_conf_opq_data += sizeof(size_t); + inbuf = vendor_conf_opq_data; + + tpike_plugin_getdata(*ver, gw_type, *inbuf_len, inbuf, + &outbuf_len, &outbuf); + + for (i = 0; i < sizeof(u_int32_t) * 2; i++) + plog(LLV_DEBUG, LOCATION, NULL, "0x%2x ", *(((char *)outbuf) + i)); + plog(LLV_DEBUG, LOCATION, NULL, "\n"); + + buf = vmalloc(outbuf_len); + if (buf == NULL) + com->ac_errno = -1; + else + memcpy(buf->v, outbuf, outbuf_len); + + } +#endif + } + break; + case ADMIN_SET_VENDOR_CONFIG_DATA : + { + caddr_t vendor_conf_opq_data = NULL; + + vendor_conf_opq_data = (caddr_t)com + sizeof(*com); + +#ifdef PLUGINS_SUPPORT + { + size_t *gw_type_len = NULL, *plugin_so_len = NULL; + char plugin_so[256] = {'\0'}, gw_type[128] = {'\0'}; + caddr_t plugin_private_data = NULL; + short *ver = NULL; + /* + * The Private data structure is as follows: + * Version no(short) + + * Length of the Gateway type string(int) + + * Gateway type string (char *)+ + * Length of Plugin so name string(int) + + * Name of the plugin so(char *) + + * Private Data to be passed on to the IKE plugin(void *) + */ + + /* Get Version info */ + ver = (short *)vendor_conf_opq_data; + vendor_conf_opq_data += sizeof(short); + + /* Gateway type in LV format */ + gw_type_len = (size_t *)vendor_conf_opq_data; + vendor_conf_opq_data += sizeof(size_t); + memcpy(gw_type, (char *)vendor_conf_opq_data, *gw_type_len); + gw_type[*gw_type_len] = '\0'; + vendor_conf_opq_data += *gw_type_len; + + /* Plugin so name in LV format */ + plugin_so_len = (size_t *)vendor_conf_opq_data; + vendor_conf_opq_data += sizeof(size_t); + memcpy(plugin_so, (char *)vendor_conf_opq_data, *plugin_so_len ); + plugin_so[*plugin_so_len] = '\0'; + vendor_conf_opq_data += *plugin_so_len; + + tpike_register_plugin(*ver,plugin_so,gw_type,vendor_conf_opq_data); + } +#endif + } + break; +#endif default: plog(LLV_ERROR, LOCATION, NULL, @@ -589,17 +1232,17 @@ admin_init() } if (chown(sunaddr.sun_path, adminsock_owner, adminsock_group) != 0) { - plog(LLV_ERROR, LOCATION, NULL, - "chown(%s, %d, %d): %s\n", - sunaddr.sun_path, adminsock_owner, + plog(LLV_ERROR, LOCATION, NULL, + "chown(%s, %d, %d): %s\n", + sunaddr.sun_path, adminsock_owner, adminsock_group, strerror(errno)); (void)close(lcconf->sock_admin); return -1; } if (chmod(sunaddr.sun_path, adminsock_mode) != 0) { - plog(LLV_ERROR, LOCATION, NULL, - "chmod(%s, 0%03o): %s\n", + plog(LLV_ERROR, LOCATION, NULL, + "chmod(%s, 0%03o): %s\n", sunaddr.sun_path, adminsock_mode, strerror(errno)); (void)close(lcconf->sock_admin); return -1; @@ -624,5 +1267,153 @@ admin_close() close(lcconf->sock_admin); return 0; } + +#ifdef ENABLE_AP_CLIENTMODE +int +add_policy_to_SPD(src_end_point, dst_end_point, policy) + struct sockaddr_storage *src_end_point; + struct sockaddr_storage *dst_end_point; + struct admin_com_ph2policy *policy; +{ + char outpolicystr[POLICY_STR_LEN], inpolicystr[POLICY_STR_LEN]; + char *policyout = NULL, *policyin = NULL; + char *local_ip_addr = NULL, *remote_ip_addr = NULL; + + struct sockaddr srcaddr; + struct sockaddr dstaddr; + struct sockaddr *addr = NULL; + + addr = (struct sockaddr *)src_end_point; + local_ip_addr = strdup(saddrwop2str(addr)); + + addr = (struct sockaddr *)dst_end_point; + remote_ip_addr = strdup(saddrwop2str(addr)); + + /* end-points and policy for outbound trafic */ + switch(policy->action){ + case ACTION_ENCRYPT: + sprintf(outpolicystr, "out ipsec %s/%s/%s-%s/unique", + protocol[policy->protocol], mode[policy->mode], + local_ip_addr,remote_ip_addr); + sprintf(inpolicystr, "in ipsec %s/%s/%s-%s/unique", + protocol[policy->protocol], mode[policy->mode], + remote_ip_addr,local_ip_addr); + break; + case ACTION_BYPASS: + sprintf(outpolicystr, "out none"); + sprintf(inpolicystr, "in none"); + break; + case ACTION_DENY: + sprintf(outpolicystr, "out discard"); + sprintf(inpolicystr, "in discard"); + break; + default: + plog(LLV_ERROR, LOCATION, NULL, "Unknown policy action\n"); + } + /* set outbound policy */ + policyout = ipsec_set_policy(outpolicystr, strlen(outpolicystr)); + /* set inbound policy */ + policyin = ipsec_set_policy(inpolicystr, strlen(inpolicystr)); + + racoon_free(local_ip_addr); + racoon_free(remote_ip_addr); + + /* Add the policy to SPD */ + bzero(&srcaddr, sizeof(struct sockaddr)); + bzero(&dstaddr, sizeof(struct sockaddr)); + + memcpy(&srcaddr, (struct sockaddr *)src_end_point, + sizeof(struct sockaddr)); + memcpy(&dstaddr, (struct sockaddr *)&policy->dst_addr, + sizeof(struct sockaddr)); + pfkey_add_policy_to_SPD(&srcaddr, 32, &dstaddr, policy->dst_prefixlen, + policy->upperspec, policyin, policyout,0); + return 0; +} +#endif #endif +static void +isakmp_flush_sa(iph1, loc, rem) + struct ph1handle *iph1; + char *loc; + char *rem; +{ + plog(LLV_INFO, LOCATION, NULL, + "Flushing SA for %s -> %s\n", loc, rem); + + if (iph1->status == PHASE1ST_ESTABLISHED) + isakmp_info_send_d1(iph1); + + remph1(iph1); + delph1(iph1); + + return; +} + +/* + * Temporary stuff being done for VPN Client for NLD + * IMPORTANT: To be removed as soon as the fix is available + * in gui plugin and plugin so + */ + +//static LIST_HEAD(_ph1tree_, ph1handle) ph1tree; +extern LIST_HEAD(_ph1tree_, ph1handle) ph1tree; +int +add_default_policy_to_SPD(src_addr) + int src_addr; +{ + struct ph1handle *p = NULL; + struct sockaddr srcaddr; + struct sockaddr dstaddr; + + char outpolicystr[POLICY_STR_LEN], inpolicystr[POLICY_STR_LEN]; + char *policyout = NULL, *policyin = NULL; + char *local_ip_addr = NULL, *remote_ip_addr = NULL; + + plog(LLV_INFO, LOCATION, NULL, + "call add_default_policy_to_SPD(%08x).\n", src_addr); + + p = LIST_FIRST(&ph1tree); + + local_ip_addr = strdup(saddrwop2str(p->local)); + remote_ip_addr = strdup(saddrwop2str(p->remote)); + + /* end-points and policy for outbound trafic + Action is always ENCRYPT + */ +#if 0 + sprintf(outpolicystr, "out ipsec esp/tunnel/%s-%s/unique", + local_ip_addr,remote_ip_addr); + sprintf(inpolicystr, "in ipsec esp/tunnel/%s-%s/unique", + remote_ip_addr, local_ip_addr); +#else + sprintf(outpolicystr, "out ipsec esp/tunnel/%s-%s/require", + local_ip_addr,remote_ip_addr); + sprintf(inpolicystr, "in ipsec esp/tunnel/%s-%s/require", + remote_ip_addr, local_ip_addr); + +#endif + /* set outbound policy */ + policyout = ipsec_set_policy(outpolicystr, strlen(outpolicystr)); + /* set inbound policy */ + policyin = ipsec_set_policy(inpolicystr, strlen(inpolicystr)); + + racoon_free(local_ip_addr); + racoon_free(remote_ip_addr); + + /* Add the policy to SPD */ + bzero(&srcaddr, sizeof(struct sockaddr)); + bzero(&dstaddr, sizeof(struct sockaddr)); + + ((struct sockaddr_in *)(&srcaddr))->sin_family = AF_INET; + ((struct sockaddr_in *)(&srcaddr))->sin_addr.s_addr = (src_addr); + + ((struct sockaddr_in *)(&dstaddr))->sin_family = AF_INET; + ((struct sockaddr_in *)(&dstaddr))->sin_addr.s_addr = INADDR_ANY; + + pfkey_add_policy_to_SPD(&srcaddr, 32, &dstaddr, 0/*policy->dst_prefixlen*/, + 0 , policyin, policyout,0); + EVT_PUSH(0, 0, EVTT_ISAKMP_CFG_DONE, NULL); + return 0; +} Index: ipsec-tools-0.7.3/src/racoon/algorithm.h =================================================================== --- ipsec-tools-0.7.3.orig/src/racoon/algorithm.h +++ ipsec-tools-0.7.3/src/racoon/algorithm.h @@ -213,4 +213,6 @@ extern const char *alg_oakley_hashdef_na extern const char *alg_oakley_dhdef_name __P((int)); extern const char *alg_oakley_authdef_name __P((int)); +extern int algdoi2type(int, int); + #endif /* _ALGORITHM_H */ Index: ipsec-tools-0.7.3/src/racoon/algorithm.c =================================================================== --- ipsec-tools-0.7.3.orig/src/racoon/algorithm.c +++ ipsec-tools-0.7.3/src/racoon/algorithm.c @@ -955,3 +955,20 @@ algclass2doi(class) /*NOTREACHED*/ return -1; } + +int +algdoi2type(class, doi) + int class, doi; +{ + int res = -1; + + switch (class) { + case algclass_ipsec_enc: + res = ((struct enc_algorithm*)alg_ipsec_encdef(doi))->type; + break; + case algclass_ipsec_auth: + res = ((struct hmac_algorithm*)alg_ipsec_hmacdef(doi))->type; + break; + } + return res; +} Index: ipsec-tools-0.7.3/src/racoon/cfparse_proto.h =================================================================== --- ipsec-tools-0.7.3.orig/src/racoon/cfparse_proto.h +++ ipsec-tools-0.7.3/src/racoon/cfparse_proto.h @@ -39,4 +39,6 @@ extern int yyparse __P((void)); extern int cfparse __P((void)); extern int cfreparse __P((void)); +extern int cfreparse_withfname __P((char *fname)); + #endif /* _CFPARSE_PROTO_H */ Index: ipsec-tools-0.7.3/src/racoon/cfparse.y =================================================================== --- ipsec-tools-0.7.3.orig/src/racoon/cfparse.y +++ ipsec-tools-0.7.3/src/racoon/cfparse.y @@ -1220,7 +1220,7 @@ sainfo_id : IDENTIFIERTYPE ADDRSTRING prefix port ul_proto { char portbuf[10]; - struct sockaddr *saddr; + struct sockaddr *saddr = NULL; if (($5 == IPPROTO_ICMP || $5 == IPPROTO_ICMPV6) && ($4 != IPSEC_PORT_ANY || $4 != IPSEC_PORT_ANY)) { @@ -1630,13 +1630,14 @@ remote_specs_block /* DH group */ for (p = cur_rmconf->proposal; p; p = p->next) { if (b == 0 || (b && b == p->dh_group)) { + yywarn("b=%d, dh_group=%d\n", b, p->dh_group); b = p->dh_group; continue; } yyerror("DH group must be equal " "in all proposals " "when aggressive mode is " - "used.\n"); + "used.%d != %d\n", b, p->dh_group); return -1; } cur_rmconf->dh_group = b; @@ -2276,7 +2277,7 @@ set_isakmp_proposal(rmconf, prspec) struct secprotospec *s; int prop_no = 1; int trns_no = 1; - int32_t types[MAXALGCLASS]; + u_int32_t types[MAXALGCLASS]; p = prspec; if (p->next != 0) { @@ -2334,7 +2335,7 @@ set_isakmp_proposal(rmconf, prspec) /* expanding spspec */ clean_tmpalgtype(); - trns_no = expand_isakmpspec(prop_no, trns_no, types, + trns_no = expand_isakmpspec(prop_no, trns_no, (int *)types, algclass_isakmp_enc, algclass_isakmp_ameth + 1, s->lifetime ? s->lifetime : p->lifetime, s->lifebyte ? s->lifebyte : p->lifebyte, @@ -2556,6 +2557,64 @@ cfreparse() return(cfparse()); } +#ifdef ENABLE_AP_CLIENTMODE +int +cfparse_withfname(conf_fname) + char *conf_fname; +{ + int error; + + yycf_init_buffer(); + + if (yycf_switch_buffer(conf_fname) != 0) + return -1; + + error = yyparse(); + if (error != 0) { + if (yyerrorcount) { + plog(LLV_ERROR, LOCATION, NULL, + "fatal parse failure (%d errors)\n", + yyerrorcount); + } else { + plog(LLV_ERROR, LOCATION, NULL, + "fatal parse failure.\n"); + } + return -1; + } + + if (error == 0 && yyerrorcount) { + plog(LLV_ERROR, LOCATION, NULL, + "parse error is nothing, but yyerrorcount is %d.\n", + yyerrorcount); + exit(1); + } + + yycf_clean_buffer(); + + plog(LLV_DEBUG2, LOCATION, NULL, "parse successed.\n"); + + return 0; +} + +int +cfreparse_withfname(conf_fname) + char *conf_fname; +{ + flushph2(); + flushph1(); + flushrmconf(); + flushsainfo(); + clean_tmpalgtype(); + yycf_init_buffer(); + + if (yycf_switch_buffer(conf_fname) != 0) + return -1; + + return(cfparse_withfname(conf_fname)); +} + +#endif + #ifdef ENABLE_ADMINPORT static void adminsock_conf(path, owner, group, mode_dec) Index: ipsec-tools-0.7.3/src/racoon/handler.c =================================================================== --- ipsec-tools-0.7.3.orig/src/racoon/handler.c +++ ipsec-tools-0.7.3/src/racoon/handler.c @@ -81,7 +81,12 @@ #include "gssapi.h" #endif +#if 0 static LIST_HEAD(_ph1tree_, ph1handle) ph1tree; +#else +LIST_HEAD(_ph1tree_, ph1handle) ph1tree; +#endif + static LIST_HEAD(_ph2tree_, ph2handle) ph2tree; static LIST_HEAD(_ctdtree_, contacted) ctdtree; static LIST_HEAD(_rcptree_, recvdpkt) rcptree;
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor
