X-Git-Url: https://git.saurik.com/apple/ipsec.git/blobdiff_plain/e8d9021d008d9729f3dfcdc16bb03a990513b007..e627a751fc4d26304657fc20440abb72632b1e6e:/ipsec-tools/racoon/localconf.c

diff --git a/ipsec-tools/racoon/localconf.c b/ipsec-tools/racoon/localconf.c
index 5a1af09..317baaa 100644
--- a/ipsec-tools/racoon/localconf.c
+++ b/ipsec-tools/racoon/localconf.c
@@ -49,8 +49,6 @@
 
 #include "localconf.h"
 #include "algorithm.h"
-#include "admin.h"
-#include "privsep.h"
 #include "isakmp_var.h"
 #include "isakmp.h"
 #include "ipsec_doi.h"
@@ -58,20 +56,18 @@
 #include "vendorid.h"
 #include "str2val.h"
 #include "safefile.h"
-#include "admin.h"
 #include "gcmalloc.h"
 #include "session.h"
 
 #include <CoreFoundation/CoreFoundation.h>
 #if HAVE_SECURITY_FRAMEWORK
 #include <Security/Security.h>
-#else
-typedef void * SecKeychainRef;
 #endif
 
 struct localconf *lcconf;
+struct localconf *saved_lcconf;
 
-static void setdefault __P((void));
+static void setdefault (void);
 
 void
 initlcconf()
@@ -99,7 +95,7 @@ flushlcconf()
 			lcconf->pathinfo[i] = NULL;
 		}
 	}
-	for (i = 0; i < LC_IDENTTYPE_MAX; i++) {
+	for (i = 0; i < IDTYPE_MAX; i++) {
 		if (lcconf->ident[i])
 			vfree(lcconf->ident[i]);
 		lcconf->ident[i] = NULL;
@@ -115,7 +111,6 @@ setdefault()
 {
 	lcconf->uid = 0;
 	lcconf->gid = 0;
-	lcconf->chroot = NULL;
 	lcconf->autograbaddr = 1;
 	lcconf->port_isakmp = PORT_ISAKMP;
 	lcconf->port_isakmp_natt = PORT_ISAKMP_NATT;
@@ -133,13 +128,31 @@ setdefault()
 	lcconf->wait_ph2complete = LC_DEFAULT_WAIT_PH2COMPLETE;
 	lcconf->strict_address = FALSE;
 	lcconf->complex_bundle = TRUE; /*XXX FALSE;*/
-	lcconf->gss_id_enc = LC_GSSENC_UTF16LE; /* Windows compatibility */
 	lcconf->natt_ka_interval = LC_DEFAULT_NATT_KA_INTERVAL;
 	lcconf->auto_exit_delay = 0;
 	lcconf->auto_exit_state &= ~LC_AUTOEXITSTATE_SET;
 	lcconf->auto_exit_state |= LC_AUTOEXITSTATE_CLIENT;				/* always auto exit as default */
 }
 
+
+void
+savelcconf(void) 
+{
+    saved_lcconf = lcconf;
+    lcconf = NULL;
+    initlcconf();
+}
+
+void
+restorelcconf(void)
+{
+    flushlcconf();
+    racoon_free(lcconf);
+    lcconf = saved_lcconf;
+    saved_lcconf = NULL;
+}
+
+
 /*
  * get PSK by string.
  */
@@ -150,11 +163,11 @@ getpskbyname(id0)
 	char *id;
 	vchar_t *key = NULL;
 
-	plog(LLV_DEBUG, LOCATION, NULL, "Getting pre-shared key by name.\n");
+	plog(ASL_LEVEL_DEBUG, "Getting pre-shared key by name.\n");
 
 	id = racoon_calloc(1, 1 + id0->l - sizeof(struct ipsecdoi_id_b));
 	if (id == NULL) {
-		plog(LLV_ERROR, LOCATION, NULL,
+		plog(ASL_LEVEL_ERR, 
 			"failed to get psk buffer.\n");
 		goto end;
 	}
@@ -162,11 +175,7 @@ getpskbyname(id0)
 		id0->l - sizeof(struct ipsecdoi_id_b));
 	id[id0->l - sizeof(struct ipsecdoi_id_b)] = '\0';
 
-#ifdef HAVE_OPENSSL
-	key = privsep_getpsk(id, id0->l - sizeof(struct ipsecdoi_id_b));
-#else
 	key = getpsk(id, id0->l - sizeof(struct ipsecdoi_id_b));
-#endif
 
 end:
 	if (id)
@@ -188,11 +197,11 @@ getpskfromkeychain(const char *name, u_int8_t etype, int secrettype, vchar_t *id
 	OSStatus status;
 	char serviceName[] = "com.apple.net.racoon";
 
-	plog(LLV_DEBUG, LOCATION, NULL, "Getting pre-shared key from keychain.\n");
+	plog(ASL_LEVEL_DEBUG, "Getting pre-shared key from keychain.\n");
 
 	status = SecKeychainSetPreferenceDomain(kSecPreferencesDomainSystem);
 	if (status != noErr) {
-		plog(LLV_ERROR, LOCATION, NULL,
+		plog(ASL_LEVEL_ERR, 
 			"failed to set system keychain domain.\n");
 		goto end;
 	}
@@ -200,7 +209,7 @@ getpskfromkeychain(const char *name, u_int8_t etype, int secrettype, vchar_t *id
 	status = SecKeychainCopyDomainDefault(kSecPreferencesDomainSystem,
 					      &keychain);
 	if (status != noErr) {
-		plog(LLV_ERROR, LOCATION, NULL,
+		plog(ASL_LEVEL_ERR, 
 			"failed to get system keychain domain.\n");
 		goto end;
 	}
@@ -210,7 +219,7 @@ getpskfromkeychain(const char *name, u_int8_t etype, int secrettype, vchar_t *id
 		
 		char* peer_id = NULL;
 		int idlen = id_p->l - sizeof(struct ipsecdoi_id_b);
-		u_int8_t id_type = ((struct ipsecdoi_id_b *)(id_p->v))->type;
+		u_int8_t id_type = (ALIGNED_CAST(struct ipsecdoi_id_b *)(id_p->v))->type;
 
 		switch (id_type) {
 			case IPSECDOI_ID_IPV4_ADDR:
@@ -232,7 +241,7 @@ getpskfromkeychain(const char *name, u_int8_t etype, int secrettype, vchar_t *id
 					goto end;
 				memcpy(peer_id, id_p->v + sizeof(struct ipsecdoi_id_b), idlen);
 				*(peer_id + idlen) = '\0';
-				plog(LLV_ERROR, LOCATION, NULL,
+				plog(ASL_LEVEL_ERR, 
 					"getting shared secret from keychain using %s.\n", peer_id);
 
 				break;
@@ -302,8 +311,8 @@ no_id:
 			break;
 
 		default :
-			plog(LLV_ERROR, LOCATION, NULL,
-				"failed to get preshared key from system keychain (error %d).\n", status);
+			plog(ASL_LEVEL_ERR, 
+				"failed to get preshared key from system keychain (error %ld).\n", (long)status);
 	}
 
 end:
@@ -311,7 +320,7 @@ end:
         if (cur_password) {
                 key = vmalloc(cur_password_len);
                 if (key == NULL) {
-                        plog(LLV_ERROR, LOCATION, NULL,
+                        plog(ASL_LEVEL_ERR, 
                                 "failed to allocate key buffer.\n");
                 } else
 					memcpy(key->v, cur_password, cur_password_len);
@@ -330,20 +339,16 @@ end:
  */
 vchar_t *
 getpskbyaddr(remote)
-	struct sockaddr *remote;
+	struct sockaddr_storage *remote;
 {
 	vchar_t *key = NULL;
 	char addr[NI_MAXHOST], port[NI_MAXSERV];
 
-	plog(LLV_DEBUG, LOCATION, NULL, "Getting pre-shared key by addr.\n");
+	plog(ASL_LEVEL_DEBUG, "Getting pre-shared key by addr.\n");
 
-	GETNAMEINFO(remote, addr, port);
+	GETNAMEINFO((struct sockaddr *)remote, addr, port);
 
-#ifdef HAVE_OPENSSL
-	key = privsep_getpsk(addr, strlen(addr));
-#else
 	key = getpsk(addr, strlen(addr));
-#endif
 
 	return key;
 }
@@ -360,14 +365,14 @@ getpsk(str, len)
 	size_t keylen;
 	char *k = NULL;
 	
-	plog(LLV_DEBUG, LOCATION, NULL, "Getting pre-shared key from file.\n");
+	plog(ASL_LEVEL_DEBUG, "Getting pre-shared key from file.\n");
 
 	if (safefile(lcconf->pathinfo[LC_PATHTYPE_PSK], 1) == 0)
 		fp = fopen(lcconf->pathinfo[LC_PATHTYPE_PSK], "r");
 	else
 		fp = NULL;
 	if (fp == NULL) {
-		plog(LLV_ERROR, LOCATION, NULL,
+		plog(ASL_LEVEL_ERR, 
 			"failed to open pre_share_key file %s\n",
 			lcconf->pathinfo[LC_PATHTYPE_PSK]);
 		return NULL;
@@ -401,7 +406,7 @@ getpsk(str, len)
 			if (strncmp(p, "0x", 2) == 0) {
 				k = str2val(p + 2, 16, &keylen);
 				if (k == NULL) {
-					plog(LLV_ERROR, LOCATION, NULL,
+					plog(ASL_LEVEL_ERR, 
 						"failed to get psk buffer.\n");
 					goto end;
 				}
@@ -410,7 +415,7 @@ getpsk(str, len)
 
 			key = vmalloc(keylen);
 			if (key == NULL) {
-				plog(LLV_ERROR, LOCATION, NULL,
+				plog(ASL_LEVEL_ERR, 
 					"failed to allocate key buffer.\n");
 				goto end;
 			}
@@ -440,7 +445,7 @@ getpathname(path, len, type, name)
 		name[0] == '/' ? "" : "/",
 		name);
 
-	plog(LLV_DEBUG, LOCATION, NULL, "filename: %s\n", path);
+	plog(ASL_LEVEL_DEBUG, "filename: %s\n", path);
 }
 
 #if 0 /* DELETEIT */