-/* $Id: isakmp_unity.c,v 1.5.4.1 2005/05/10 09:45:46 manubsd Exp $ */
+/* $NetBSD: isakmp_unity.c,v 1.7 2006/10/09 06:17:20 manu Exp $ */
+
+/* Id: isakmp_unity.c,v 1.10 2006/07/31 04:49:23 manubsd Exp */
/*
* Copyright (C) 2004 Emmanuel Dreyfus
#include <unistd.h>
#endif
#include <ctype.h>
+#include <resolv.h>
#include "var.h"
#include "misc.h"
#include "isakmp_cfg.h"
#include "strnames.h"
+static vchar_t *isakmp_cfg_split (phase1_handle_t *,
+ struct isakmp_data *, struct unity_netentry*,int);
+
vchar_t *
isakmp_unity_req(iph1, attr)
- struct ph1handle *iph1;
+ phase1_handle_t *iph1;
struct isakmp_data *attr;
{
int type;
vchar_t *reply_attr = NULL;
if ((iph1->mode_cfg->flags & ISAKMP_CFG_VENDORID_UNITY) == 0) {
- plog(LLV_ERROR, LOCATION, NULL,
+ plog(ASL_LEVEL_ERR,
"Unity mode config request but the peer "
"did not declare itself as unity compliant\n");
return NULL;
if ((type & ISAKMP_GEN_MASK) == ISAKMP_GEN_TV) {
type &= ~ISAKMP_GEN_MASK;
- plog(LLV_DEBUG, LOCATION, NULL,
- "Short attribute %d = %d\n",
- type, ntohs(attr->lorv));
+ plog(ASL_LEVEL_DEBUG,
+ "Short attribute %s = %d\n",
+ s_isakmp_cfg_type(type), ntohs(attr->lorv));
switch (type) {
default:
- plog(LLV_DEBUG, LOCATION, NULL,
- "Ignored short attribute %d\n", type);
+ plog(ASL_LEVEL_DEBUG,
+ "Ignored short attribute %s\n",
+ s_isakmp_cfg_type(type));
break;
}
char buf[MAXMOTD + 1];
int fd;
char *filename = &isakmp_cfg_config.motd[0];
- size_t len;
+ int len;
if ((fd = open(filename, O_RDONLY, 0)) == -1) {
- plog(LLV_ERROR, LOCATION, NULL,
+ plog(ASL_LEVEL_ERR,
"Cannot open \"%s\"\n", filename);
return NULL;
}
if ((len = read(fd, buf, MAXMOTD)) == -1) {
- plog(LLV_ERROR, LOCATION, NULL,
+ plog(ASL_LEVEL_ERR,
"Cannot read \"%s\"\n", filename);
close(fd);
return NULL;
break;
case UNITY_DEF_DOMAIN:
- case UNITY_FW_TYPE:
- case UNITY_SPLITDNS_NAME:
+ reply_attr = isakmp_cfg_string(iph1,
+ attr, isakmp_cfg_config.default_domain);
+ break;
+
case UNITY_SPLIT_INCLUDE:
+ if(isakmp_cfg_config.splitnet_type == UNITY_SPLIT_INCLUDE)
+ reply_attr = isakmp_cfg_split(iph1, attr,
+ isakmp_cfg_config.splitnet_list,
+ isakmp_cfg_config.splitnet_count);
+ else
+ return NULL;
+ break;
+ case UNITY_LOCAL_LAN:
+ if(isakmp_cfg_config.splitnet_type == UNITY_LOCAL_LAN)
+ reply_attr = isakmp_cfg_split(iph1, attr,
+ isakmp_cfg_config.splitnet_list,
+ isakmp_cfg_config.splitnet_count);
+ else
+ return NULL;
+ break;
+ case UNITY_SPLITDNS_NAME:
+ reply_attr = isakmp_cfg_varlen(iph1, attr,
+ isakmp_cfg_config.splitdns_list,
+ isakmp_cfg_config.splitdns_len);
+ break;
+ case UNITY_FW_TYPE:
case UNITY_NATT_PORT:
case UNITY_BACKUP_SERVERS:
default:
- plog(LLV_DEBUG, LOCATION, NULL,
- "Ignored attribute %d\n", type);
+ plog(ASL_LEVEL_DEBUG,
+ "Ignored attribute %s\n", s_isakmp_cfg_type(type));
return NULL;
break;
}
return reply_attr;
}
+void
+isakmp_unity_reply(iph1, attr)
+ phase1_handle_t *iph1;
+ struct isakmp_data *attr;
+{
+ int type = ntohs(attr->type);
+ int alen = ntohs(attr->lorv);
+
+ type &= ~ISAKMP_GEN_MASK;
+
+ struct unity_network *network = (struct unity_network *)(attr + 1);
+ int index = 0;
+ int count = 0;
+
+ switch(type) {
+ case UNITY_SPLIT_INCLUDE:
+ {
+ if ((iph1->mode_cfg->flags & ISAKMP_CFG_GOT_SPLIT_INCLUDE) == 0) {
+ if (alen)
+ count = alen / sizeof(struct unity_network);
+
+ for(;index < count; index++)
+ splitnet_list_add(
+ &iph1->mode_cfg->split_include,
+ &network[index],
+ &iph1->mode_cfg->include_count);
+
+ iph1->mode_cfg->flags |= ISAKMP_CFG_GOT_SPLIT_INCLUDE;
+ }
+ break;
+ }
+ case UNITY_LOCAL_LAN:
+ {
+ if ((iph1->mode_cfg->flags & ISAKMP_CFG_GOT_SPLIT_LOCAL) == 0) {
+ if (alen)
+ count = alen / sizeof(struct unity_network);
+
+ for(;index < count; index++)
+ splitnet_list_add(
+ &iph1->mode_cfg->split_local,
+ &network[index],
+ &iph1->mode_cfg->local_count);
+
+ iph1->mode_cfg->flags |= ISAKMP_CFG_GOT_SPLIT_LOCAL;
+ }
+ break;
+ }
+ case UNITY_PFS:
+ {
+ break;
+ }
+ case UNITY_SPLITDNS_NAME:
+ case UNITY_BANNER:
+ case UNITY_SAVE_PASSWD:
+ case UNITY_NATT_PORT:
+ case UNITY_FW_TYPE:
+ case UNITY_BACKUP_SERVERS:
+ case UNITY_DDNS_HOSTNAME:
+ default:
+ plog(ASL_LEVEL_WARNING,
+ "Ignored attribute %s\n",
+ s_isakmp_cfg_type(type));
+ break;
+ }
+ return;
+}
+
+static vchar_t *
+isakmp_cfg_split(iph1, attr, netentry, count)
+ phase1_handle_t *iph1;
+ struct isakmp_data *attr;
+ struct unity_netentry *netentry;
+ int count;
+{
+ vchar_t *buffer;
+ struct isakmp_data *new;
+ struct unity_network * network;
+ size_t len;
+ int index = 0;
+
+ char tmp1[40];
+ char tmp2[40];
+
+ len = sizeof(struct unity_network) * count;
+ if ((buffer = vmalloc(sizeof(*attr) + len)) == NULL) {
+ plog(ASL_LEVEL_ERR, "Cannot allocate memory\n");
+ return NULL;
+ }
+
+ new = (struct isakmp_data *)buffer->v;
+ new->type = attr->type;
+ new->lorv = htons(len);
+
+ network = (struct unity_network *)(new + 1);
+ for (; index < count; index++) {
+
+ memcpy(&network[index],
+ &netentry->network,
+ sizeof(struct unity_network));
+
+ inet_ntop(AF_INET, &netentry->network.addr4, tmp1, 40);
+ inet_ntop(AF_INET, &netentry->network.mask4, tmp2, 40);
+ plog(ASL_LEVEL_DEBUG, "splitnet: %s/%s\n", tmp1, tmp2);
+
+ netentry = netentry->next;
+ }
+
+ return buffer;
+}
+
+int splitnet_list_add(list, network, count)
+ struct unity_netentry ** list;
+ struct unity_network * network;
+ int *count;
+{
+ struct unity_netentry * newentry;
+
+ /*
+ * allocate new netentry and copy
+ * new splitnet network data
+ */
+ newentry = (struct unity_netentry *)
+ racoon_malloc(sizeof(struct unity_netentry));
+ if (newentry == NULL)
+ return -1;
+
+ memcpy(&newentry->network,network,
+ sizeof(struct unity_network));
+ newentry->next = NULL;
+
+ /*
+ * locate the last netentry in our
+ * splitnet list and add our entry
+ */
+ if (*list == NULL)
+ *list = newentry;
+ else {
+ struct unity_netentry * tmpentry = *list;
+ while (tmpentry->next != NULL)
+ tmpentry = tmpentry->next;
+ tmpentry->next = newentry;
+ }
+
+ (*count)++;
+
+ return 0;
+}
+
+void splitnet_list_free(list, count)
+ struct unity_netentry * list;
+ int *count;
+{
+ struct unity_netentry * netentry = list;
+ struct unity_netentry * delentry;
+
+ *count = 0;
+
+ while (netentry != NULL) {
+ delentry = netentry;
+ netentry = netentry->next;
+ racoon_free(delentry);
+ }
+}
+
+char * splitnet_list_2str(list)
+ struct unity_netentry * list;
+{
+ struct unity_netentry * netentry;
+ char tmp1[40];
+ char tmp2[40];
+ char * str;
+ int len;
+ int print_len;
+ int rc;
+
+ /* determine string length */
+ len = 0;
+ netentry = list;
+ while (netentry != NULL) {
+
+ inet_ntop(AF_INET, &netentry->network.addr4, tmp1, 40);
+ inet_ntop(AF_INET, &netentry->network.mask4, tmp2, 40);
+ len += strlen(tmp1);
+ len += strlen(tmp2);
+ len += 2;
+
+ netentry = netentry->next;
+ }
+
+ /* allocate network list string */
+ str = racoon_malloc(len);
+ if (str == NULL)
+ return NULL;
+ /* create network list string */
+ str[0] = 0;
+ print_len = 0;
+ netentry = list;
+ while (netentry != NULL && print_len < len) {
+
+ inet_ntop(AF_INET, &netentry->network.addr4, tmp1, 40);
+ inet_ntop(AF_INET, &netentry->network.mask4, tmp2, 40);
+
+ rc = snprintf(str+print_len, len-print_len, "%s/%s ", tmp1, tmp2);
+ if (rc < 0) {
+ // failure -> exit loop
+ break;
+ }
+ print_len += rc;
+
+ netentry = netentry->next;
+ }
+
+ return str;
+}
projects / apple / ipsec.git / blobdiff