ipsec-tools/racoon/sainfo.c

   1 /*      $KAME: sainfo.c,v 1.16 2003/06/27 07:32:39 sakane Exp $ */
   2
   3 /*
   4  * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
   5  * All rights reserved.
   6  *
   7  * Redistribution and use in source and binary forms, with or without
   8  * modification, are permitted provided that the following conditions
   9  * are met:
  10  * 1. Redistributions of source code must retain the above copyright
  11  *    notice, this list of conditions and the following disclaimer.
  12  * 2. Redistributions in binary form must reproduce the above copyright
  13  *    notice, this list of conditions and the following disclaimer in the
  14  *    documentation and/or other materials provided with the distribution.
  15  * 3. Neither the name of the project nor the names of its contributors
  16  *    may be used to endorse or promote products derived from this software
  17  *    without specific prior written permission.
  18  *
  19  * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
  20  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  21  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  22  * ARE DISCLAIMED.  IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
  23  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  24  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  25  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  26  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  27  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  28  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  29  * SUCH DAMAGE.
  30  */
  31
  32 #include "config.h"
  33
  34 #include <sys/param.h>
  35 #include <sys/types.h>
  36 #include <sys/socket.h>
  37 #include <sys/queue.h>
  38
  39 #include <netinet/in.h>
  40 #include <netinet/in.h>
  41 #ifdef HAVE_NETINET6_IPSEC
  42 #  include <netinet6/ipsec.h>
  43 #else
  44 #  include <netinet/ipsec.h>
  45 #endif
  46
  47 #include <stdlib.h>
  48 #include <stdio.h>
  49 #include <string.h>
  50 #include <errno.h>
  51
  52 #include "var.h"
  53 #include "misc.h"
  54 #include "vmbuf.h"
  55 #include "plog.h"
  56 #include "sockmisc.h"
  57 #include "debug.h"
  58
  59 #include "localconf.h"
  60 #include "isakmp_var.h"
  61 #include "isakmp.h"
  62 #include "ipsec_doi.h"
  63 #include "oakley.h"
  64 #include "handler.h"
  65 #include "algorithm.h"
  66 #include "sainfo.h"
  67 #include "gcmalloc.h"
  68
  69 static LIST_HEAD(_sitree, sainfo) sitree;
  70
  71 /* %%%
  72  * modules for ipsec sa info
  73  */
  74 /*
  75  * return matching entry.
  76  * no matching entry found and if there is anonymous entry, return it.
  77  * else return NULL.
  78  * XXX by each data type, should be changed to compare the buffer.
  79  * First pass is for sainfo from a specified peer, second for others.
  80  */
  81 struct sainfo *
  82 getsainfo(src, dst, peer, use_nat_addr)
  83         const vchar_t *src, *dst, *peer;
  84         int use_nat_addr;
  85 {
  86         struct sainfo *s = NULL;
  87         struct sainfo *anonymous = NULL;
  88         int pass = 1;
  89
  90         if (use_nat_addr && lcconf->ext_nat_id == NULL)
  91                 return NULL;
  92
  93         if (peer == NULL)
  94                 pass = 2;
  95     again:
  96         LIST_FOREACH(s, &sitree, chain) {
  97                 if (s->id_i != NULL) {
  98                         if (pass == 2)
  99                                 continue;
 100                         if (memcmp(peer->v, s->id_i->v, s->id_i->l) != 0)
 101                                 continue;
 102                 } else if (pass == 1)
 103                         continue;
 104                 if (s->idsrc == NULL) {
 105                         anonymous = s;
 106                         continue;
 107                 }
 108
 109                 /* anonymous ? */
 110                 if (src == NULL) {
 111                         if (anonymous != NULL)
 112                                 break;
 113                         continue;
 114                 }
 115
 116                 if (memcmp(src->v, s->idsrc->v, s->idsrc->l) == 0) {
 117                         if (use_nat_addr) {
 118                                 if (memcmp(lcconf->ext_nat_id->v, s->iddst->v, s->iddst->l) == 0)
 119                                         return s;
 120                         } else if (memcmp(dst->v, s->iddst->v, s->iddst->l) == 0)
 121                                 return s;
 122                 }
 123         }
 124
 125         if (anonymous) {
 126                 plog(LLV_DEBUG, LOCATION, NULL,
 127                         "anonymous sainfo selected.\n");
 128         } else if (pass == 1) {
 129                 pass = 2;
 130                 goto again;
 131         }
 132
 133         return anonymous;
 134 }
 135
 136 struct sainfo *
 137 newsainfo()
 138 {
 139         struct sainfo *new;
 140
 141         new = racoon_calloc(1, sizeof(*new));
 142         if (new == NULL)
 143                 return NULL;
 144
 145         new->lifetime = IPSECDOI_ATTR_SA_LD_SEC_DEFAULT;
 146         new->lifebyte = IPSECDOI_ATTR_SA_LD_KB_MAX;
 147
 148         return new;
 149 }
 150
 151 void
 152 delsainfo(si)
 153         struct sainfo *si;
 154 {
 155         int i;
 156
 157         for (i = 0; i < MAXALGCLASS; i++)
 158                 delsainfoalg(si->algs[i]);
 159
 160         if (si->idsrc)
 161                 vfree(si->idsrc);
 162         if (si->iddst)
 163                 vfree(si->iddst);
 164
 165         racoon_free(si);
 166 }
 167
 168 void
 169 inssainfo(new)
 170         struct sainfo *new;
 171 {
 172         LIST_INSERT_HEAD(&sitree, new, chain);
 173 }
 174
 175 void
 176 remsainfo(si)
 177         struct sainfo *si;
 178 {
 179         LIST_REMOVE(si, chain);
 180 }
 181
 182 void
 183 flushsainfo()
 184 {
 185         struct sainfo *s, *next;
 186
 187         for (s = LIST_FIRST(&sitree); s; s = next) {
 188                 next = LIST_NEXT(s, chain);
 189                 remsainfo(s);
 190                 delsainfo(s);
 191         }
 192 }
 193
 194 void
 195 initsainfo()
 196 {
 197         LIST_INIT(&sitree);
 198 }
 199
 200 struct sainfoalg *
 201 newsainfoalg()
 202 {
 203         struct sainfoalg *new;
 204
 205         new = racoon_calloc(1, sizeof(*new));
 206         if (new == NULL)
 207                 return NULL;
 208
 209         return new;
 210 }
 211
 212 void
 213 delsainfoalg(alg)
 214         struct sainfoalg *alg;
 215 {
 216         struct sainfoalg *a, *next;
 217
 218         for (a = alg; a; a = next) {
 219                 next = a->next;
 220                 racoon_free(a);
 221         }
 222 }
 223
 224 void
 225 inssainfoalg(head, new)
 226         struct sainfoalg **head;
 227         struct sainfoalg *new;
 228 {
 229         struct sainfoalg *a;
 230
 231         for (a = *head; a && a->next; a = a->next)
 232                 ;
 233         if (a)
 234                 a->next = new;
 235         else
 236                 *head = new;
 237 }
 238
 239 const char *
 240 sainfo2str(si)
 241         const struct sainfo *si;
 242 {
 243         static char buf[256];
 244
 245         if (si->idsrc == NULL)
 246                 snprintf(buf, sizeof(buf), "anonymous");
 247         else {
 248                 snprintf(buf, sizeof(buf), "%s", ipsecdoi_id2str(si->idsrc));
 249                 snprintf(buf + strlen(buf), sizeof(buf) - strlen(buf),
 250                         " %s", ipsecdoi_id2str(si->iddst));
 251         }
 252
 253         if (si->id_i != NULL)
 254                 snprintf(buf + strlen(buf), sizeof(buf) - strlen(buf),
 255                         " from %s", ipsecdoi_id2str(si->id_i));
 256
 257         return buf;
 258 }