[apple/ipsec.git] / ipsec-tools / racoon / isakmp_unity.c

/*	$NetBSD: isakmp_unity.c,v 1.7 2006/10/09 06:17:20 manu Exp $	*/

/* Id: isakmp_unity.c,v 1.10 2006/07/31 04:49:23 manubsd Exp */

/*
 * Copyright (C) 2004 Emmanuel Dreyfus
 * All rights reserved.
 * 
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. Neither the name of the project nor the names of its contributors
 *    may be used to endorse or promote products derived from this software
 *    without specific prior written permission.
 * 
 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 */

#include "config.h"

#include <sys/types.h>
#include <sys/param.h>
#include <sys/socket.h>
#include <sys/queue.h>

#include <netinet/in.h>
#include <arpa/inet.h>

#include <stdlib.h>
#include <stdio.h>
#include <fcntl.h>
#include <string.h>
#include <errno.h>
#if TIME_WITH_SYS_TIME
# include <sys/time.h>
# include <time.h>
#else
# if HAVE_SYS_TIME_H
#  include <sys/time.h>
# else
#  include <time.h>
# endif
#endif
#include <netdb.h>
#ifdef HAVE_UNISTD_H
#include <unistd.h>
#endif
#include <ctype.h>

#include "var.h"
#include "misc.h"
#include "vmbuf.h"
#include "plog.h"
#include "sockmisc.h"
#include "schedule.h"
#include "debug.h"

#include "isakmp_var.h"
#include "isakmp.h"
#include "handler.h"
#include "isakmp_xauth.h"
#include "isakmp_unity.h"
#include "isakmp_cfg.h"
#include "strnames.h"

static vchar_t *isakmp_cfg_split (phase1_handle_t *, 
    struct isakmp_data *, struct unity_netentry*,int);

vchar_t *
isakmp_unity_req(iph1, attr)
	phase1_handle_t *iph1;
	struct isakmp_data *attr;
{
	int type;
	vchar_t *reply_attr = NULL;

	if ((iph1->mode_cfg->flags & ISAKMP_CFG_VENDORID_UNITY) == 0) {
		plog(ASL_LEVEL_ERR, 
		    "Unity mode config request but the peer "
		    "did not declare itself as  unity compliant\n");
		return NULL;
	}

	type = ntohs(attr->type);

	/* Handle short attributes */
	if ((type & ISAKMP_GEN_MASK) == ISAKMP_GEN_TV) {
		type &= ~ISAKMP_GEN_MASK;

		plog(ASL_LEVEL_DEBUG, 
		     "Short attribute %s = %d\n", 
		     s_isakmp_cfg_type(type), ntohs(attr->lorv));

		switch (type) {
		default:
			plog(ASL_LEVEL_DEBUG, 
			     "Ignored short attribute %s\n",
			     s_isakmp_cfg_type(type));
			break;
		}

		return reply_attr;
	}

	switch(type) {
	case UNITY_BANNER: {
#define MAXMOTD 65536
		char buf[MAXMOTD + 1];
		int fd;
		char *filename = &isakmp_cfg_config.motd[0];
		int len;

		if ((fd = open(filename, O_RDONLY, 0)) == -1) {
			plog(ASL_LEVEL_ERR, 
			    "Cannot open \"%s\"\n", filename);
			return NULL;
		}

		if ((len = read(fd, buf, MAXMOTD)) == -1) {
			plog(ASL_LEVEL_ERR, 
			    "Cannot read \"%s\"\n", filename);
			close(fd);
			return NULL;
		}
		close(fd);

		buf[len] = '\0';
		reply_attr = isakmp_cfg_string(iph1, attr, buf);

		break;
	}

	case UNITY_PFS:
		reply_attr = isakmp_cfg_short(iph1, attr, 
		    isakmp_cfg_config.pfs_group);
		break;

	case UNITY_SAVE_PASSWD:
		reply_attr = isakmp_cfg_short(iph1, attr, 
		    isakmp_cfg_config.save_passwd);
		break;

	case UNITY_DDNS_HOSTNAME:
		reply_attr = isakmp_cfg_copy(iph1, attr);
		break;

	case UNITY_DEF_DOMAIN:
		reply_attr = isakmp_cfg_string(iph1, 
		    attr, isakmp_cfg_config.default_domain);
		break;

	case UNITY_SPLIT_INCLUDE:
		if(isakmp_cfg_config.splitnet_type == UNITY_SPLIT_INCLUDE)
			reply_attr = isakmp_cfg_split(iph1, attr,
			isakmp_cfg_config.splitnet_list,
			isakmp_cfg_config.splitnet_count);
		else
			return NULL;
		break;
	case UNITY_LOCAL_LAN:
		if(isakmp_cfg_config.splitnet_type == UNITY_LOCAL_LAN)
			reply_attr = isakmp_cfg_split(iph1, attr,
			isakmp_cfg_config.splitnet_list,
			isakmp_cfg_config.splitnet_count);
		else
			return NULL;
		break;
	case UNITY_SPLITDNS_NAME:
		reply_attr = isakmp_cfg_varlen(iph1, attr,
				isakmp_cfg_config.splitdns_list,
				isakmp_cfg_config.splitdns_len);
		break;
	case UNITY_FW_TYPE:
	case UNITY_NATT_PORT:
	case UNITY_BACKUP_SERVERS:
	default:
		plog(ASL_LEVEL_DEBUG, 
		     "Ignored attribute %s\n", s_isakmp_cfg_type(type));
		return NULL;
		break;
	}

	return reply_attr;
}

void
isakmp_unity_reply(iph1, attr)
	phase1_handle_t *iph1;
	struct isakmp_data *attr;
{
	int type = ntohs(attr->type);
	int alen = ntohs(attr->lorv);

	type &= ~ISAKMP_GEN_MASK;
	
	struct unity_network *network = (struct unity_network *)(attr + 1);
	int index = 0;
	int count = 0;

	switch(type) {
	case UNITY_SPLIT_INCLUDE:
	{
		if ((iph1->mode_cfg->flags & ISAKMP_CFG_GOT_SPLIT_INCLUDE) == 0) {
			if (alen)
				count = alen / sizeof(struct unity_network);

			for(;index < count; index++)
				splitnet_list_add(
					&iph1->mode_cfg->split_include,
					&network[index],
					&iph1->mode_cfg->include_count);

			iph1->mode_cfg->flags |= ISAKMP_CFG_GOT_SPLIT_INCLUDE;
		}
		break;
	}
	case UNITY_LOCAL_LAN:
	{
		if ((iph1->mode_cfg->flags & ISAKMP_CFG_GOT_SPLIT_LOCAL) == 0) {
			if (alen)
				count = alen / sizeof(struct unity_network);

			for(;index < count; index++)
				splitnet_list_add(
					&iph1->mode_cfg->split_local,
					&network[index],
					&iph1->mode_cfg->local_count);

			iph1->mode_cfg->flags |= ISAKMP_CFG_GOT_SPLIT_LOCAL;
		}
		break;
	}
	case UNITY_PFS:
	{
		break;
	}
	case UNITY_SPLITDNS_NAME:
	case UNITY_BANNER:
	case UNITY_SAVE_PASSWD:
	case UNITY_NATT_PORT:
	case UNITY_FW_TYPE:
	case UNITY_BACKUP_SERVERS:
	case UNITY_DDNS_HOSTNAME:
	default:
		plog(ASL_LEVEL_WARNING, 
		     "Ignored attribute %s\n",
		     s_isakmp_cfg_type(type));
		break;
	}
	return;
}

static vchar_t *
isakmp_cfg_split(iph1, attr, netentry, count)
	phase1_handle_t *iph1;
	struct isakmp_data *attr;
	struct unity_netentry *netentry;
	int count;
{
	vchar_t *buffer;
	struct isakmp_data *new;
	struct unity_network * network;
	size_t len;
	int index = 0;

	char tmp1[40];
	char tmp2[40];

	len = sizeof(struct unity_network) * count;
	if ((buffer = vmalloc(sizeof(*attr) + len)) == NULL) {
		plog(ASL_LEVEL_ERR, "Cannot allocate memory\n");
		return NULL;
	}

	new = (struct isakmp_data *)buffer->v;
	new->type = attr->type;
	new->lorv = htons(len);

	network = (struct unity_network *)(new + 1);
	for (; index < count; index++) {

		memcpy(&network[index],
			&netentry->network,
			sizeof(struct unity_network));

		inet_ntop(AF_INET, &netentry->network.addr4, tmp1, 40);
		inet_ntop(AF_INET, &netentry->network.mask4, tmp2, 40);
		plog(ASL_LEVEL_DEBUG, "splitnet: %s/%s\n", tmp1, tmp2);

		netentry = netentry->next;
	}

	return buffer;
}

int  splitnet_list_add(list, network, count)
	struct unity_netentry ** list;
	struct unity_network * network;
	int *count;
{
	struct unity_netentry * newentry;

	/*
	 * allocate new netentry and copy
         * new splitnet network data
	 */
	newentry = (struct unity_netentry *)
		racoon_malloc(sizeof(struct unity_netentry));
	if (newentry == NULL)
		return -1;

	memcpy(&newentry->network,network,
		sizeof(struct unity_network));
	newentry->next = NULL;

	/*
	 * locate the last netentry in our
	 * splitnet list and add our entry
	 */
	if (*list == NULL)
		*list = newentry;
	else {
		struct unity_netentry * tmpentry = *list;
		while (tmpentry->next != NULL)
			tmpentry = tmpentry->next;
		tmpentry->next = newentry;
	}

	(*count)++;

	return 0;
}

void splitnet_list_free(list, count)
	struct unity_netentry * list;
	int *count;
{
	struct unity_netentry * netentry = list;
	struct unity_netentry * delentry;

	*count = 0;

	while (netentry != NULL) {
		delentry = netentry;
		netentry = netentry->next;
		racoon_free(delentry);
	}
}

char * splitnet_list_2str(list)
	struct unity_netentry * list;
{
	struct unity_netentry * netentry;
	char tmp1[40];
	char tmp2[40];
	char * str;
	int len;
	int print_len;
	int rc;

	/* determine string length */
	len = 0;
	netentry = list;
	while (netentry != NULL) {

		inet_ntop(AF_INET, &netentry->network.addr4, tmp1, 40);
		inet_ntop(AF_INET, &netentry->network.mask4, tmp2, 40);
		len += strlen(tmp1);
		len += strlen(tmp2);
		len += 2;

		netentry = netentry->next;
	}

	/* allocate network list string */
	str = racoon_malloc(len);
	if (str == NULL)
		return NULL;

	/* create network list string */
	str[0] = 0;
	print_len = 0;
	netentry = list;
	while (netentry != NULL && print_len < len) {

		inet_ntop(AF_INET, &netentry->network.addr4, tmp1, 40);
		inet_ntop(AF_INET, &netentry->network.mask4, tmp2, 40);

		rc = snprintf(str+print_len, len-print_len, "%s/%s ", tmp1, tmp2);
		if (rc < 0) {
			// failure -> exit loop
			break;
		}
		print_len += rc;

		netentry = netentry->next;
	}

	return str;
}
Commit	Line	Data
d1e348cf A	1	/* $NetBSD: isakmp_unity.c,v 1.7 2006/10/09 06:17:20 manu Exp $ */
	2
	3	/* Id: isakmp_unity.c,v 1.10 2006/07/31 04:49:23 manubsd Exp */
52b7d2ce A	4
	5	/*
	6	* Copyright (C) 2004 Emmanuel Dreyfus
	7	* All rights reserved.
	8	*
	9	* Redistribution and use in source and binary forms, with or without
	10	* modification, are permitted provided that the following conditions
	11	* are met:
	12	* 1. Redistributions of source code must retain the above copyright
	13	* notice, this list of conditions and the following disclaimer.
	14	* 2. Redistributions in binary form must reproduce the above copyright
	15	* notice, this list of conditions and the following disclaimer in the
	16	* documentation and/or other materials provided with the distribution.
	17	* 3. Neither the name of the project nor the names of its contributors
	18	* may be used to endorse or promote products derived from this software
	19	* without specific prior written permission.
	20	*
	21	* THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
	22	* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
	23	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
	24	* ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
	25	* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
	26	* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
	27	* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
	28	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
	29	* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
	30	* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
	31	* SUCH DAMAGE.
	32	*/
	33
	34	#include "config.h"
	35
	36	#include <sys/types.h>
	37	#include <sys/param.h>
	38	#include <sys/socket.h>
	39	#include <sys/queue.h>
	40
	41	#include <netinet/in.h>
	42	#include <arpa/inet.h>
	43
	44	#include <stdlib.h>
	45	#include <stdio.h>
	46	#include <fcntl.h>
	47	#include <string.h>
	48	#include <errno.h>
	49	#if TIME_WITH_SYS_TIME
	50	# include <sys/time.h>
	51	# include <time.h>
	52	#else
	53	# if HAVE_SYS_TIME_H
	54	# include <sys/time.h>
	55	# else
	56	# include <time.h>
	57	# endif
	58	#endif
	59	#include <netdb.h>
	60	#ifdef HAVE_UNISTD_H
	61	#include <unistd.h>
	62	#endif
	63	#include <ctype.h>
	64
	65	#include "var.h"
	66	#include "misc.h"
	67	#include "vmbuf.h"
68	#include "plog.h"
69	#include "sockmisc.h"
70	#include "schedule.h"
71	#include "debug.h"
72
73	#include "isakmp_var.h"
74	#include "isakmp.h"
75	#include "handler.h"
76	#include "isakmp_xauth.h"
77	#include "isakmp_unity.h"
78	#include "isakmp_cfg.h"
79	#include "strnames.h"
80
65c25746	81	static vchar_t isakmp_cfg_split (phase1_handle_t ,
d1e348cf A	82	struct isakmp_data , struct unity_netentry,int);
d1e348cf A	83
52b7d2ce A	84	vchar_t *
52b7d2ce A	85	isakmp_unity_req(iph1, attr)
65c25746	86	phase1_handle_t *iph1;
52b7d2ce A	87	struct isakmp_data *attr;
	88	{
	89	int type;
	90	vchar_t *reply_attr = NULL;
	91
	92	if ((iph1->mode_cfg->flags & ISAKMP_CFG_VENDORID_UNITY) == 0) {
65c25746	93	plog(ASL_LEVEL_ERR,
52b7d2ce A	94	"Unity mode config request but the peer "
	95	"did not declare itself as unity compliant\n");
	96	return NULL;
	97	}
	98
	99	type = ntohs(attr->type);
	100
	101	/* Handle short attributes */
	102	if ((type & ISAKMP_GEN_MASK) == ISAKMP_GEN_TV) {
	103	type &= ~ISAKMP_GEN_MASK;
	104
65c25746	105	plog(ASL_LEVEL_DEBUG,
d1e348cf A	106	"Short attribute %s = %d\n",
d1e348cf A	107	s_isakmp_cfg_type(type), ntohs(attr->lorv));
52b7d2ce A	108
	109	switch (type) {
	110	default:
65c25746	111	plog(ASL_LEVEL_DEBUG,
d1e348cf A	112	"Ignored short attribute %s\n",
d1e348cf A	113	s_isakmp_cfg_type(type));
52b7d2ce A	114	break;
	115	}
	116
	117	return reply_attr;
	118	}
	119
	120	switch(type) {
	121	case UNITY_BANNER: {
	122	#define MAXMOTD 65536
	123	char buf[MAXMOTD + 1];
	124	int fd;
	125	char *filename = &isakmp_cfg_config.motd[0];
d1e348cf	126	int len;
52b7d2ce A	127
52b7d2ce A	128	if ((fd = open(filename, O_RDONLY, 0)) == -1) {
65c25746	129	plog(ASL_LEVEL_ERR,
52b7d2ce A	130	"Cannot open \"%s\"\n", filename);
	131	return NULL;
	132	}
	133
	134	if ((len = read(fd, buf, MAXMOTD)) == -1) {
65c25746	135	plog(ASL_LEVEL_ERR,
52b7d2ce A	136	"Cannot read \"%s\"\n", filename);
	137	close(fd);
	138	return NULL;
	139	}
	140	close(fd);
	141
	142	buf[len] = '\0';
	143	reply_attr = isakmp_cfg_string(iph1, attr, buf);
	144
	145	break;
	146	}
	147
	148	case UNITY_PFS:
	149	reply_attr = isakmp_cfg_short(iph1, attr,
	150	isakmp_cfg_config.pfs_group);
	151	break;
	152
	153	case UNITY_SAVE_PASSWD:
	154	reply_attr = isakmp_cfg_short(iph1, attr,
	155	isakmp_cfg_config.save_passwd);
	156	break;
	157
	158	case UNITY_DDNS_HOSTNAME:
	159	reply_attr = isakmp_cfg_copy(iph1, attr);
	160	break;
	161
	162	case UNITY_DEF_DOMAIN:
d1e348cf A	163	reply_attr = isakmp_cfg_string(iph1,
	164	attr, isakmp_cfg_config.default_domain);
	165	break;
	166
52b7d2ce	167	case UNITY_SPLIT_INCLUDE:
d1e348cf A	168	if(isakmp_cfg_config.splitnet_type == UNITY_SPLIT_INCLUDE)
	169	reply_attr = isakmp_cfg_split(iph1, attr,
	170	isakmp_cfg_config.splitnet_list,
	171	isakmp_cfg_config.splitnet_count);
	172	else
	173	return NULL;
	174	break;
	175	case UNITY_LOCAL_LAN:
	176	if(isakmp_cfg_config.splitnet_type == UNITY_LOCAL_LAN)
	177	reply_attr = isakmp_cfg_split(iph1, attr,
	178	isakmp_cfg_config.splitnet_list,
	179	isakmp_cfg_config.splitnet_count);
	180	else
	181	return NULL;
	182	break;
	183	case UNITY_SPLITDNS_NAME:
	184	reply_attr = isakmp_cfg_varlen(iph1, attr,
	185	isakmp_cfg_config.splitdns_list,
	186	isakmp_cfg_config.splitdns_len);
	187	break;
	188	case UNITY_FW_TYPE:
52b7d2ce A	189	case UNITY_NATT_PORT:
	190	case UNITY_BACKUP_SERVERS:
	191	default:
65c25746	192	plog(ASL_LEVEL_DEBUG,
d1e348cf	193	"Ignored attribute %s\n", s_isakmp_cfg_type(type));
52b7d2ce A	194	return NULL;
	195	break;
	196	}
	197
	198	return reply_attr;
	199	}
	200
d1e348cf A	201	void
d1e348cf A	202	isakmp_unity_reply(iph1, attr)
65c25746	203	phase1_handle_t *iph1;
d1e348cf A	204	struct isakmp_data *attr;
	205	{
	206	int type = ntohs(attr->type);
	207	int alen = ntohs(attr->lorv);
	208
	209	type &= ~ISAKMP_GEN_MASK;
	210
	211	struct unity_network network = (struct unity_network )(attr + 1);
	212	int index = 0;
	213	int count = 0;
	214
	215	switch(type) {
	216	case UNITY_SPLIT_INCLUDE:
	217	{
	218	if ((iph1->mode_cfg->flags & ISAKMP_CFG_GOT_SPLIT_INCLUDE) == 0) {
	219	if (alen)
	220	count = alen / sizeof(struct unity_network);
	221
	222	for(;index < count; index++)
	223	splitnet_list_add(
	224	&iph1->mode_cfg->split_include,
	225	&network[index],
	226	&iph1->mode_cfg->include_count);
	227
	228	iph1->mode_cfg->flags \|= ISAKMP_CFG_GOT_SPLIT_INCLUDE;
	229	}
	230	break;
	231	}
	232	case UNITY_LOCAL_LAN:
	233	{
	234	if ((iph1->mode_cfg->flags & ISAKMP_CFG_GOT_SPLIT_LOCAL) == 0) {
	235	if (alen)
	236	count = alen / sizeof(struct unity_network);
	237
	238	for(;index < count; index++)
	239	splitnet_list_add(
	240	&iph1->mode_cfg->split_local,
	241	&network[index],
	242	&iph1->mode_cfg->local_count);
	243
	244	iph1->mode_cfg->flags \|= ISAKMP_CFG_GOT_SPLIT_LOCAL;
	245	}
	246	break;
	247	}
	248	case UNITY_PFS:
	249	{
	250	break;
	251	}
	252	case UNITY_SPLITDNS_NAME:
	253	case UNITY_BANNER:
	254	case UNITY_SAVE_PASSWD:
	255	case UNITY_NATT_PORT:
	256	case UNITY_FW_TYPE:
	257	case UNITY_BACKUP_SERVERS:
	258	case UNITY_DDNS_HOSTNAME:
	259	default:
65c25746	260	plog(ASL_LEVEL_WARNING,
d1e348cf A	261	"Ignored attribute %s\n",
	262	s_isakmp_cfg_type(type));
	263	break;
	264	}
	265	return;
	266	}
	267
	268	static vchar_t *
	269	isakmp_cfg_split(iph1, attr, netentry, count)
65c25746	270	phase1_handle_t *iph1;
d1e348cf A	271	struct isakmp_data *attr;
	272	struct unity_netentry *netentry;
	273	int count;
	274	{
	275	vchar_t *buffer;
	276	struct isakmp_data *new;
	277	struct unity_network * network;
	278	size_t len;
	279	int index = 0;
	280
	281	char tmp1[40];
	282	char tmp2[40];
	283
	284	len = sizeof(struct unity_network) * count;
	285	if ((buffer = vmalloc(sizeof(*attr) + len)) == NULL) {
65c25746	286	plog(ASL_LEVEL_ERR, "Cannot allocate memory\n");
d1e348cf A	287	return NULL;
	288	}
	289
	290	new = (struct isakmp_data *)buffer->v;
	291	new->type = attr->type;
	292	new->lorv = htons(len);
	293
	294	network = (struct unity_network *)(new + 1);
	295	for (; index < count; index++) {
	296
	297	memcpy(&network[index],
	298	&netentry->network,
	299	sizeof(struct unity_network));
	300
	301	inet_ntop(AF_INET, &netentry->network.addr4, tmp1, 40);
	302	inet_ntop(AF_INET, &netentry->network.mask4, tmp2, 40);
65c25746	303	plog(ASL_LEVEL_DEBUG, "splitnet: %s/%s\n", tmp1, tmp2);
d1e348cf A	304
	305	netentry = netentry->next;
	306	}
	307
	308	return buffer;
	309	}
	310
	311	int splitnet_list_add(list, network, count)
	312	struct unity_netentry ** list;
	313	struct unity_network * network;
	314	int *count;
	315	{
	316	struct unity_netentry * newentry;
	317
	318	/*
	319	* allocate new netentry and copy
	320	* new splitnet network data
	321	*/
	322	newentry = (struct unity_netentry *)
	323	racoon_malloc(sizeof(struct unity_netentry));
	324	if (newentry == NULL)
	325	return -1;
	326
	327	memcpy(&newentry->network,network,
	328	sizeof(struct unity_network));
	329	newentry->next = NULL;
	330
	331	/*
	332	* locate the last netentry in our
	333	* splitnet list and add our entry
	334	*/
	335	if (*list == NULL)
	336	*list = newentry;
	337	else {
	338	struct unity_netentry * tmpentry = *list;
	339	while (tmpentry->next != NULL)
	340	tmpentry = tmpentry->next;
	341	tmpentry->next = newentry;
	342	}
	343
	344	(*count)++;
	345
	346	return 0;
	347	}
52b7d2ce	348
d1e348cf A	349	void splitnet_list_free(list, count)
	350	struct unity_netentry * list;
	351	int *count;
	352	{
	353	struct unity_netentry * netentry = list;
	354	struct unity_netentry * delentry;
	355
	356	*count = 0;
	357
	358	while (netentry != NULL) {
	359	delentry = netentry;
	360	netentry = netentry->next;
	361	racoon_free(delentry);
	362	}
	363	}
	364
	365	char * splitnet_list_2str(list)
	366	struct unity_netentry * list;
	367	{
	368	struct unity_netentry * netentry;
	369	char tmp1[40];
	370	char tmp2[40];
	371	char * str;
	372	int len;
	373	int print_len;
	374	int rc;
	375
	376	/* determine string length */
	377	len = 0;
	378	netentry = list;
	379	while (netentry != NULL) {
	380
	381	inet_ntop(AF_INET, &netentry->network.addr4, tmp1, 40);
	382	inet_ntop(AF_INET, &netentry->network.mask4, tmp2, 40);
	383	len += strlen(tmp1);
	384	len += strlen(tmp2);
	385	len += 2;
	386
	387	netentry = netentry->next;
	388	}
	389
	390	/* allocate network list string */
	391	str = racoon_malloc(len);
	392	if (str == NULL)
	393	return NULL;
	394
	395	/* create network list string */
	396	str[0] = 0;
	397	print_len = 0;
	398	netentry = list;
	399	while (netentry != NULL && print_len < len) {
	400
	401	inet_ntop(AF_INET, &netentry->network.addr4, tmp1, 40);
	402	inet_ntop(AF_INET, &netentry->network.mask4, tmp2, 40);
	403
	404	rc = snprintf(str+print_len, len-print_len, "%s/%s ", tmp1, tmp2);
	405	if (rc < 0) {
	406	// failure -> exit loop
	407	break;
	408	}
	409	print_len += rc;
	410
	411	netentry = netentry->next;
	412	}
413
414	return str;
415	}