2 /* $KAME: localconf.c,v 1.33 2001/08/09 07:32:19 sakane Exp $ */
5 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 * 3. Neither the name of the project nor the names of its contributors
17 * may be used to endorse or promote products derived from this software
18 * without specific prior written permission.
20 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
33 #include <sys/types.h>
34 #include <sys/param.h>
49 #include "localconf.h"
50 #include "algorithm.h"
51 #include "isakmp_var.h"
53 #include "ipsec_doi.h"
54 #include "grabmyaddr.h"
61 #include <CoreFoundation/CoreFoundation.h>
62 #include <Security/Security.h>
64 struct localconf
*lcconf
;
66 static void setdefault
__P((void));
71 lcconf
= racoon_calloc(1, sizeof(*lcconf
));
73 errx(1, "failed to allocate local conf.");
77 lcconf
->racoon_conf
= LC_DEFAULT_CF
;
86 clear_myaddr(&lcconf
->myaddrs
);
87 for (i
= 0; i
< LC_PATHTYPE_MAX
; i
++) {
88 if (lcconf
->pathinfo
[i
]) {
89 racoon_free(lcconf
->pathinfo
[i
]);
90 lcconf
->pathinfo
[i
] = NULL
;
93 for (i
= 0; i
< LC_IDENTTYPE_MAX
; i
++) {
95 vfree(lcconf
->ident
[i
]);
96 lcconf
->ident
[i
] = NULL
;
103 lcconf
->autograbaddr
= 1;
104 lcconf
->port_isakmp
= PORT_ISAKMP
;
105 lcconf
->default_af
= AF_INET
;
106 lcconf
->pad_random
= LC_DEFAULT_PAD_RANDOM
;
107 lcconf
->pad_randomlen
= LC_DEFAULT_PAD_RANDOMLEN
;
108 lcconf
->pad_maxsize
= LC_DEFAULT_PAD_MAXSIZE
;
109 lcconf
->pad_strict
= LC_DEFAULT_PAD_STRICT
;
110 lcconf
->pad_excltail
= LC_DEFAULT_PAD_EXCLTAIL
;
111 lcconf
->retry_counter
= LC_DEFAULT_RETRY_COUNTER
;
112 lcconf
->retry_interval
= LC_DEFAULT_RETRY_INTERVAL
;
113 lcconf
->count_persend
= LC_DEFAULT_COUNT_PERSEND
;
114 lcconf
->secret_size
= LC_DEFAULT_SECRETSIZE
;
115 lcconf
->retry_checkph1
= LC_DEFAULT_RETRY_CHECKPH1
;
116 lcconf
->wait_ph2complete
= LC_DEFAULT_WAIT_PH2COMPLETE
;
117 lcconf
->strict_address
= FALSE
;
118 lcconf
->complex_bundle
= TRUE
; /*XXX FALSE;*/
131 id
= racoon_calloc(1, 1 + id0
->l
- sizeof(struct ipsecdoi_id_b
));
133 plog(LLV_ERROR
, LOCATION
, NULL
,
134 "failed to get psk buffer.\n");
137 memcpy(id
, id0
->v
+ sizeof(struct ipsecdoi_id_b
),
138 id0
->l
- sizeof(struct ipsecdoi_id_b
));
139 id
[id0
->l
- sizeof(struct ipsecdoi_id_b
)] = '\0';
141 key
= getpsk(id
, id0
->l
- sizeof(struct ipsecdoi_id_b
));
150 * get PSK from keyChain.
153 getpskfromkeychain(const char *name
)
155 SecKeychainRef keychain
= NULL
;
157 void *cur_password
= NULL
;
158 UInt32 cur_password_len
= 0;
160 char serviceName
[] = "com.apple.net.racoon";
162 status
= SecKeychainSetPreferenceDomain(kSecPreferencesDomainSystem
);
163 if (status
!= noErr
) {
164 plog(LLV_ERROR
, LOCATION
, NULL
,
165 "failed to set system keychain domain.\n");
169 status
= SecKeychainCopyDomainDefault(kSecPreferencesDomainSystem
,
171 if (status
!= noErr
) {
172 plog(LLV_ERROR
, LOCATION
, NULL
,
173 "failed to get system keychain domain.\n");
177 status
= SecKeychainFindGenericPassword(keychain
,
191 case errSecItemNotFound
:
195 plog(LLV_ERROR
, LOCATION
, NULL
,
196 "failed to get preshared key from system keychain (error %d).\n", status
);
202 key
= vmalloc(cur_password_len
+ 1);
204 plog(LLV_ERROR
, LOCATION
, NULL
,
205 "failed to allocate key buffer.\n");
208 memcpy(key
->v
, cur_password
, key
->l
);
209 key
->v
[cur_password_len
] = 0;
221 * get PSK by address.
225 struct sockaddr
*remote
;
228 char addr
[NI_MAXHOST
], port
[NI_MAXSERV
];
230 GETNAMEINFO(remote
, addr
, port
);
232 key
= getpsk(addr
, strlen(addr
));
243 char buf
[1024]; /* XXX how is variable length ? */
249 if (safefile(lcconf
->pathinfo
[LC_PATHTYPE_PSK
], 1) == 0)
250 fp
= fopen(lcconf
->pathinfo
[LC_PATHTYPE_PSK
], "r");
254 plog(LLV_ERROR
, LOCATION
, NULL
,
255 "failed to open pre_share_key file %s\n",
256 lcconf
->pathinfo
[LC_PATHTYPE_PSK
]);
260 while (fgets(buf
, sizeof(buf
), fp
) != NULL
) {
265 /* search the end of 1st string. */
266 for (p
= buf
; *p
!= '\0' && !isspace(*p
); p
++)
269 continue; /* no 2nd parameter */
271 /* search the 1st of 2nd string. */
272 while (isspace(*++p
))
275 continue; /* no 2nd parameter */
278 if (strncmp(buf
, str
, len
) == 0 && buf
[len
] == '\0') {
281 for (q
= p
; *q
!= '\0' && *q
!= '\n'; q
++)
285 /* fix key if hex string */
286 if (strncmp(p
, "0x", 2) == 0) {
287 k
= str2val(p
+ 2, 16, &keylen
);
289 plog(LLV_ERROR
, LOCATION
, NULL
,
290 "failed to get psk buffer.\n");
296 key
= vmalloc(keylen
);
298 plog(LLV_ERROR
, LOCATION
, NULL
,
299 "failed to allocate key buffer.\n");
302 memcpy(key
->v
, p
, key
->l
);
315 * get a file name of a type specified.
318 getpathname(path
, len
, type
, name
)
323 snprintf(path
, len
, "%s%s%s",
324 name
[0] == '/' ? "" : lcconf
->pathinfo
[type
],
325 name
[0] == '/' ? "" : "/",
328 plog(LLV_DEBUG
, LOCATION
, NULL
, "filename: %s\n", path
);
332 static int lc_doi2idtype
[] = {
336 LC_IDENTTYPE_USERFQDN
,
342 LC_IDENTTYPE_CERTNAME
,
348 * convert DOI value to idtype
356 if (ARRAYLEN(lc_doi2idtype
) > idtype
)
357 return lc_doi2idtype
[idtype
];
362 static int lc_sittype2doi
[] = {
363 IPSECDOI_SIT_IDENTITY_ONLY
,
364 IPSECDOI_SIT_SECRECY
,
365 IPSECDOI_SIT_INTEGRITY
,
369 * convert sittype to DOI value.
377 if (ARRAYLEN(lc_sittype2doi
) > sittype
)
378 return lc_sittype2doi
[sittype
];
382 static int lc_doitype2doi
[] = {
387 * convert doitype to DOI value.
395 if (ARRAYLEN(lc_doitype2doi
) > doitype
)
396 return lc_doitype2doi
[doitype
];