X-Git-Url: https://git.saurik.com/apple/ipsec.git/blobdiff_plain/d1e348cfd503b08e7d34b7683d23aae209af0a71..6b88cae0d0da46a0b1b6418a44da86af3e4527c3:/ipsec-tools/racoon/localconf.c

diff --git a/ipsec-tools/racoon/localconf.c b/ipsec-tools/racoon/localconf.c
index 7b2c5ba..317baaa 100644
--- a/ipsec-tools/racoon/localconf.c
+++ b/ipsec-tools/racoon/localconf.c
@@ -49,8 +49,6 @@
 
 #include "localconf.h"
 #include "algorithm.h"
-#include "admin.h"
-#include "privsep.h"
 #include "isakmp_var.h"
 #include "isakmp.h"
 #include "ipsec_doi.h"
@@ -58,22 +56,18 @@
 #include "vendorid.h"
 #include "str2val.h"
 #include "safefile.h"
-#include "admin.h"
 #include "gcmalloc.h"
 #include "session.h"
 
-#ifdef __APPLE__
 #include <CoreFoundation/CoreFoundation.h>
 #if HAVE_SECURITY_FRAMEWORK
 #include <Security/Security.h>
-#else
-typedef void * SecKeychainRef;
-#endif
 #endif
 
 struct localconf *lcconf;
+struct localconf *saved_lcconf;
 
-static void setdefault __P((void));
+static void setdefault (void);
 
 void
 initlcconf()
@@ -101,7 +95,7 @@ flushlcconf()
 			lcconf->pathinfo[i] = NULL;
 		}
 	}
-	for (i = 0; i < LC_IDENTTYPE_MAX; i++) {
+	for (i = 0; i < IDTYPE_MAX; i++) {
 		if (lcconf->ident[i])
 			vfree(lcconf->ident[i]);
 		lcconf->ident[i] = NULL;
@@ -117,7 +111,6 @@ setdefault()
 {
 	lcconf->uid = 0;
 	lcconf->gid = 0;
-	lcconf->chroot = NULL;
 	lcconf->autograbaddr = 1;
 	lcconf->port_isakmp = PORT_ISAKMP;
 	lcconf->port_isakmp_natt = PORT_ISAKMP_NATT;
@@ -135,13 +128,31 @@ setdefault()
 	lcconf->wait_ph2complete = LC_DEFAULT_WAIT_PH2COMPLETE;
 	lcconf->strict_address = FALSE;
 	lcconf->complex_bundle = TRUE; /*XXX FALSE;*/
-	lcconf->gss_id_enc = LC_GSSENC_UTF16LE; /* Windows compatibility */
 	lcconf->natt_ka_interval = LC_DEFAULT_NATT_KA_INTERVAL;
 	lcconf->auto_exit_delay = 0;
 	lcconf->auto_exit_state &= ~LC_AUTOEXITSTATE_SET;
 	lcconf->auto_exit_state |= LC_AUTOEXITSTATE_CLIENT;				/* always auto exit as default */
 }
 
+
+void
+savelcconf(void) 
+{
+    saved_lcconf = lcconf;
+    lcconf = NULL;
+    initlcconf();
+}
+
+void
+restorelcconf(void)
+{
+    flushlcconf();
+    racoon_free(lcconf);
+    lcconf = saved_lcconf;
+    saved_lcconf = NULL;
+}
+
+
 /*
  * get PSK by string.
  */
@@ -152,9 +163,11 @@ getpskbyname(id0)
 	char *id;
 	vchar_t *key = NULL;
 
+	plog(ASL_LEVEL_DEBUG, "Getting pre-shared key by name.\n");
+
 	id = racoon_calloc(1, 1 + id0->l - sizeof(struct ipsecdoi_id_b));
 	if (id == NULL) {
-		plog(LLV_ERROR, LOCATION, NULL,
+		plog(ASL_LEVEL_ERR, 
 			"failed to get psk buffer.\n");
 		goto end;
 	}
@@ -162,7 +175,7 @@ getpskbyname(id0)
 		id0->l - sizeof(struct ipsecdoi_id_b));
 	id[id0->l - sizeof(struct ipsecdoi_id_b)] = '\0';
 
-	key = privsep_getpsk(id, id0->l - sizeof(struct ipsecdoi_id_b));
+	key = getpsk(id, id0->l - sizeof(struct ipsecdoi_id_b));
 
 end:
 	if (id)
@@ -170,7 +183,7 @@ end:
 	return key;
 }
 
-#if defined(__APPLE__) && HAVE_KEYCHAIN
+#if HAVE_KEYCHAIN
 /*
  * get PSK from keyChain.
  */
@@ -184,9 +197,11 @@ getpskfromkeychain(const char *name, u_int8_t etype, int secrettype, vchar_t *id
 	OSStatus status;
 	char serviceName[] = "com.apple.net.racoon";
 
+	plog(ASL_LEVEL_DEBUG, "Getting pre-shared key from keychain.\n");
+
 	status = SecKeychainSetPreferenceDomain(kSecPreferencesDomainSystem);
 	if (status != noErr) {
-		plog(LLV_ERROR, LOCATION, NULL,
+		plog(ASL_LEVEL_ERR, 
 			"failed to set system keychain domain.\n");
 		goto end;
 	}
@@ -194,7 +209,7 @@ getpskfromkeychain(const char *name, u_int8_t etype, int secrettype, vchar_t *id
 	status = SecKeychainCopyDomainDefault(kSecPreferencesDomainSystem,
 					      &keychain);
 	if (status != noErr) {
-		plog(LLV_ERROR, LOCATION, NULL,
+		plog(ASL_LEVEL_ERR, 
 			"failed to get system keychain domain.\n");
 		goto end;
 	}
@@ -202,9 +217,9 @@ getpskfromkeychain(const char *name, u_int8_t etype, int secrettype, vchar_t *id
 	if (secrettype == SECRETTYPE_KEYCHAIN_BY_ID && etype == ISAKMP_ETYPE_AGG) {
 		/* try looking up based on peers id */
 		
-		char* peer_id;
+		char* peer_id = NULL;
 		int idlen = id_p->l - sizeof(struct ipsecdoi_id_b);
-		u_int8_t id_type = ((struct ipsecdoi_id_b *)(id_p->v))->type;
+		u_int8_t id_type = (ALIGNED_CAST(struct ipsecdoi_id_b *)(id_p->v))->type;
 
 		switch (id_type) {
 			case IPSECDOI_ID_IPV4_ADDR:
@@ -221,12 +236,12 @@ getpskfromkeychain(const char *name, u_int8_t etype, int secrettype, vchar_t *id
 			case IPSECDOI_ID_FQDN:
 			case IPSECDOI_ID_USER_FQDN:
 			case IPSECDOI_ID_KEY_ID:
-				peer_id = racoon_malloc(idlen);
+				peer_id = racoon_malloc(1 + idlen);
 				if (peer_id == NULL)
 					goto end;
 				memcpy(peer_id, id_p->v + sizeof(struct ipsecdoi_id_b), idlen);
 				*(peer_id + idlen) = '\0';
-				plog(LLV_ERROR, LOCATION, NULL,
+				plog(ASL_LEVEL_ERR, 
 					"getting shared secret from keychain using %s.\n", peer_id);
 
 				break;
@@ -254,7 +269,8 @@ getpskfromkeychain(const char *name, u_int8_t etype, int secrettype, vchar_t *id
 								&cur_password_len,
 								&cur_password,
 								NULL);
-	
+		if (peer_id)
+			racoon_free(peer_id);
 		if (status == noErr)
 			goto end;
 		/* otherwise fall through to use the default value */
@@ -295,21 +311,19 @@ no_id:
 			break;
 
 		default :
-			plog(LLV_ERROR, LOCATION, NULL,
-				"failed to get preshared key from system keychain (error %d).\n", status);
+			plog(ASL_LEVEL_ERR, 
+				"failed to get preshared key from system keychain (error %ld).\n", (long)status);
 	}
 
 end:
 
         if (cur_password) {
-                key = vmalloc(cur_password_len + 1);
+                key = vmalloc(cur_password_len);
                 if (key == NULL) {
-                        plog(LLV_ERROR, LOCATION, NULL,
+                        plog(ASL_LEVEL_ERR, 
                                 "failed to allocate key buffer.\n");
-                } else {
-					memcpy(key->v, cur_password, key->l);
-					key->v[cur_password_len] = 0;
-                }
+                } else
+					memcpy(key->v, cur_password, cur_password_len);
 			free(cur_password);
         }
         
@@ -325,14 +339,16 @@ end:
  */
 vchar_t *
 getpskbyaddr(remote)
-	struct sockaddr *remote;
+	struct sockaddr_storage *remote;
 {
 	vchar_t *key = NULL;
 	char addr[NI_MAXHOST], port[NI_MAXSERV];
 
-	GETNAMEINFO(remote, addr, port);
+	plog(ASL_LEVEL_DEBUG, "Getting pre-shared key by addr.\n");
 
-	key = privsep_getpsk(addr, strlen(addr));
+	GETNAMEINFO((struct sockaddr *)remote, addr, port);
+
+	key = getpsk(addr, strlen(addr));
 
 	return key;
 }
@@ -348,13 +364,15 @@ getpsk(str, len)
 	char *p, *q;
 	size_t keylen;
 	char *k = NULL;
+	
+	plog(ASL_LEVEL_DEBUG, "Getting pre-shared key from file.\n");
 
 	if (safefile(lcconf->pathinfo[LC_PATHTYPE_PSK], 1) == 0)
 		fp = fopen(lcconf->pathinfo[LC_PATHTYPE_PSK], "r");
 	else
 		fp = NULL;
 	if (fp == NULL) {
-		plog(LLV_ERROR, LOCATION, NULL,
+		plog(ASL_LEVEL_ERR, 
 			"failed to open pre_share_key file %s\n",
 			lcconf->pathinfo[LC_PATHTYPE_PSK]);
 		return NULL;
@@ -388,7 +406,7 @@ getpsk(str, len)
 			if (strncmp(p, "0x", 2) == 0) {
 				k = str2val(p + 2, 16, &keylen);
 				if (k == NULL) {
-					plog(LLV_ERROR, LOCATION, NULL,
+					plog(ASL_LEVEL_ERR, 
 						"failed to get psk buffer.\n");
 					goto end;
 				}
@@ -397,7 +415,7 @@ getpsk(str, len)
 
 			key = vmalloc(keylen);
 			if (key == NULL) {
-				plog(LLV_ERROR, LOCATION, NULL,
+				plog(ASL_LEVEL_ERR, 
 					"failed to allocate key buffer.\n");
 				goto end;
 			}
@@ -427,7 +445,7 @@ getpathname(path, len, type, name)
 		name[0] == '/' ? "" : "/",
 		name);
 
-	plog(LLV_DEBUG, LOCATION, NULL, "filename: %s\n", path);
+	plog(ASL_LEVEL_DEBUG, "filename: %s\n", path);
 }
 
 #if 0 /* DELETEIT */