]> git.saurik.com Git - apple/ipsec.git/blobdiff - ipsec-tools/racoon/localconf.c
projects / apple / ipsec.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
ipsec-146.1.tar.gz
[apple/ipsec.git] / ipsec-tools / racoon / localconf.c
diff --git a/ipsec-tools/racoon/localconf.c b/ipsec-tools/racoon/localconf.c
index 7b2c5baffd6c1a5e622e86e6d979a7a4293db5a3..5a1af0986f265e1bdb02283c1c4d4c779d79141f 100644 (file)
--- a/ipsec-tools/racoon/localconf.c
+++ b/ipsec-tools/racoon/localconf.c
@@ -62,14 +62,12 @@
 #include "gcmalloc.h"
 #include "session.h"
 
 #include "gcmalloc.h"
 #include "session.h"
 
-#ifdef __APPLE__
 #include <CoreFoundation/CoreFoundation.h>
 #if HAVE_SECURITY_FRAMEWORK
 #include <Security/Security.h>
 #else
 typedef void * SecKeychainRef;
 #endif
 #include <CoreFoundation/CoreFoundation.h>
 #if HAVE_SECURITY_FRAMEWORK
 #include <Security/Security.h>
 #else
 typedef void * SecKeychainRef;
 #endif
-#endif
 
 struct localconf *lcconf;
 
 
 struct localconf *lcconf;
 
@@ -152,6 +150,8 @@ getpskbyname(id0)
        char *id;
        vchar_t *key = NULL;
 
        char *id;
        vchar_t *key = NULL;
 
+       plog(LLV_DEBUG, LOCATION, NULL, "Getting pre-shared key by name.\n");
+
        id = racoon_calloc(1, 1 + id0->l - sizeof(struct ipsecdoi_id_b));
        if (id == NULL) {
                plog(LLV_ERROR, LOCATION, NULL,
        id = racoon_calloc(1, 1 + id0->l - sizeof(struct ipsecdoi_id_b));
        if (id == NULL) {
                plog(LLV_ERROR, LOCATION, NULL,
@@ -162,7 +162,11 @@ getpskbyname(id0)
                id0->l - sizeof(struct ipsecdoi_id_b));
        id[id0->l - sizeof(struct ipsecdoi_id_b)] = '\0';
 
                id0->l - sizeof(struct ipsecdoi_id_b));
        id[id0->l - sizeof(struct ipsecdoi_id_b)] = '\0';
 
+#ifdef HAVE_OPENSSL
        key = privsep_getpsk(id, id0->l - sizeof(struct ipsecdoi_id_b));
        key = privsep_getpsk(id, id0->l - sizeof(struct ipsecdoi_id_b));
+#else
+       key = getpsk(id, id0->l - sizeof(struct ipsecdoi_id_b));
+#endif
 
 end:
        if (id)
 
 end:
        if (id)
@@ -170,7 +174,7 @@ end:
        return key;
 }
 
        return key;
 }
 
-#if defined(__APPLE__) && HAVE_KEYCHAIN
+#if HAVE_KEYCHAIN
 /*
  * get PSK from keyChain.
  */
 /*
  * get PSK from keyChain.
  */
@@ -184,6 +188,8 @@ getpskfromkeychain(const char *name, u_int8_t etype, int secrettype, vchar_t *id
        OSStatus status;
        char serviceName[] = "com.apple.net.racoon";
 
        OSStatus status;
        char serviceName[] = "com.apple.net.racoon";
 
+       plog(LLV_DEBUG, LOCATION, NULL, "Getting pre-shared key from keychain.\n");
+
        status = SecKeychainSetPreferenceDomain(kSecPreferencesDomainSystem);
        if (status != noErr) {
                plog(LLV_ERROR, LOCATION, NULL,
        status = SecKeychainSetPreferenceDomain(kSecPreferencesDomainSystem);
        if (status != noErr) {
                plog(LLV_ERROR, LOCATION, NULL,
@@ -202,7 +208,7 @@ getpskfromkeychain(const char *name, u_int8_t etype, int secrettype, vchar_t *id
        if (secrettype == SECRETTYPE_KEYCHAIN_BY_ID && etype == ISAKMP_ETYPE_AGG) {
                /* try looking up based on peers id */
                
        if (secrettype == SECRETTYPE_KEYCHAIN_BY_ID && etype == ISAKMP_ETYPE_AGG) {
                /* try looking up based on peers id */
                
-               char* peer_id;
+               char* peer_id = NULL;
                int idlen = id_p->l - sizeof(struct ipsecdoi_id_b);
                u_int8_t id_type = ((struct ipsecdoi_id_b *)(id_p->v))->type;
 
                int idlen = id_p->l - sizeof(struct ipsecdoi_id_b);
                u_int8_t id_type = ((struct ipsecdoi_id_b *)(id_p->v))->type;
 
@@ -221,7 +227,7 @@ getpskfromkeychain(const char *name, u_int8_t etype, int secrettype, vchar_t *id
                        case IPSECDOI_ID_FQDN:
                        case IPSECDOI_ID_USER_FQDN:
                        case IPSECDOI_ID_KEY_ID:
                        case IPSECDOI_ID_FQDN:
                        case IPSECDOI_ID_USER_FQDN:
                        case IPSECDOI_ID_KEY_ID:
-                               peer_id = racoon_malloc(idlen);
+                               peer_id = racoon_malloc(1 + idlen);
                                if (peer_id == NULL)
                                        goto end;
                                memcpy(peer_id, id_p->v + sizeof(struct ipsecdoi_id_b), idlen);
                                if (peer_id == NULL)
                                        goto end;
                                memcpy(peer_id, id_p->v + sizeof(struct ipsecdoi_id_b), idlen);
@@ -254,7 +260,8 @@ getpskfromkeychain(const char *name, u_int8_t etype, int secrettype, vchar_t *id
                                                                &cur_password_len,
                                                                &cur_password,
                                                                NULL);
                                                                &cur_password_len,
                                                                &cur_password,
                                                                NULL);
-       
+               if (peer_id)
+                       racoon_free(peer_id);
                if (status == noErr)
                        goto end;
                /* otherwise fall through to use the default value */
                if (status == noErr)
                        goto end;
                /* otherwise fall through to use the default value */
@@ -302,14 +309,12 @@ no_id:
 end:
 
         if (cur_password) {
 end:
 
         if (cur_password) {
-                key = vmalloc(cur_password_len + 1);
+                key = vmalloc(cur_password_len);
                 if (key == NULL) {
                         plog(LLV_ERROR, LOCATION, NULL,
                                 "failed to allocate key buffer.\n");
                 if (key == NULL) {
                         plog(LLV_ERROR, LOCATION, NULL,
                                 "failed to allocate key buffer.\n");
-                } else {
-                                       memcpy(key->v, cur_password, key->l);
-                                       key->v[cur_password_len] = 0;
-                }
+                } else
+                                       memcpy(key->v, cur_password, cur_password_len);
                        free(cur_password);
         }
         
                        free(cur_password);
         }
         
@@ -330,9 +335,15 @@ getpskbyaddr(remote)
        vchar_t *key = NULL;
        char addr[NI_MAXHOST], port[NI_MAXSERV];
 
        vchar_t *key = NULL;
        char addr[NI_MAXHOST], port[NI_MAXSERV];
 
+       plog(LLV_DEBUG, LOCATION, NULL, "Getting pre-shared key by addr.\n");
+
        GETNAMEINFO(remote, addr, port);
 
        GETNAMEINFO(remote, addr, port);
 
+#ifdef HAVE_OPENSSL
        key = privsep_getpsk(addr, strlen(addr));
        key = privsep_getpsk(addr, strlen(addr));
+#else
+       key = getpsk(addr, strlen(addr));
+#endif
 
        return key;
 }
 
        return key;
 }
@@ -348,6 +359,8 @@ getpsk(str, len)
        char *p, *q;
        size_t keylen;
        char *k = NULL;
        char *p, *q;
        size_t keylen;
        char *k = NULL;
+       
+       plog(LLV_DEBUG, LOCATION, NULL, "Getting pre-shared key from file.\n");
 
        if (safefile(lcconf->pathinfo[LC_PATHTYPE_PSK], 1) == 0)
                fp = fopen(lcconf->pathinfo[LC_PATHTYPE_PSK], "r");
 
        if (safefile(lcconf->pathinfo[LC_PATHTYPE_PSK], 1) == 0)
                fp = fopen(lcconf->pathinfo[LC_PATHTYPE_PSK], "r");
mirror of ipsec