]> git.saurik.com Git - apple/network_cmds.git/blob - racoon.tproj/localconf.c
projects / apple / network_cmds.git / blob
? search:


dbb42a299eb4a7fece56a9667d2ee1b411cec334
[apple/network_cmds.git] / racoon.tproj / localconf.c
1 /* $KAME: localconf.c,v 1.32 2001/06/01 08:26:05 sakane Exp $ */
2
3 /*
4 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
5 * All rights reserved.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
9 * are met:
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 * 3. Neither the name of the project nor the names of its contributors
16 * may be used to endorse or promote products derived from this software
17 * without specific prior written permission.
18 *
19 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
20 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
23 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
24 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
25 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
26 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
27 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
28 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29 * SUCH DAMAGE.
30 */
31
32 #include <sys/types.h>
33 #include <sys/param.h>
34
35 #include <stdlib.h>
36 #include <stdio.h>
37 #include <string.h>
38 #include <errno.h>
39 #include <ctype.h>
40 #include <err.h>
41
42 #include "var.h"
43 #include "misc.h"
44 #include "vmbuf.h"
45 #include "plog.h"
46 #include "debug.h"
47
48 #include "localconf.h"
49 #include "algorithm.h"
50 #include "isakmp_var.h"
51 #include "isakmp.h"
52 #include "ipsec_doi.h"
53 #include "grabmyaddr.h"
54 #include "vendorid.h"
55 #include "str2val.h"
56 #include "safefile.h"
57 #include "admin.h"
58 #include "gcmalloc.h"
59
60 struct localconf *lcconf;
61
62 static void setdefault __P((void));
63 static vchar_t *getpsk __P((const char *, const int));
64
65 void
66 initlcconf()
67 {
68 lcconf = racoon_calloc(1, sizeof(*lcconf));
69 if (lcconf == NULL)
70 errx(1, "failed to allocate local conf.");
71
72 setdefault();
73
74 lcconf->racoon_conf = LC_DEFAULT_CF;
75 }
76
77 void
78 flushlcconf()
79 {
80 int i;
81
82 setdefault();
83 clear_myaddr(&lcconf->myaddrs);
84 for (i = 0; i < LC_PATHTYPE_MAX; i++) {
85 if (lcconf->pathinfo[i]) {
86 racoon_free(lcconf->pathinfo[i]);
87 lcconf->pathinfo[i] = NULL;
88 }
89 }
90 for (i = 0; i < LC_IDENTTYPE_MAX; i++) {
91 if (lcconf->ident[i])
92 vfree(lcconf->ident[i]);
93 lcconf->ident[i] = NULL;
94 }
95 }
96
97 static void
98 setdefault()
99 {
100 lcconf->autograbaddr = 1;
101 lcconf->port_isakmp = PORT_ISAKMP;
102 lcconf->default_af = AF_INET;
103 lcconf->pad_random = LC_DEFAULT_PAD_RANDOM;
104 lcconf->pad_randomlen = LC_DEFAULT_PAD_RANDOMLEN;
105 lcconf->pad_maxsize = LC_DEFAULT_PAD_MAXSIZE;
106 lcconf->pad_strict = LC_DEFAULT_PAD_STRICT;
107 lcconf->pad_excltail = LC_DEFAULT_PAD_EXCLTAIL;
108 lcconf->retry_counter = LC_DEFAULT_RETRY_COUNTER;
109 lcconf->retry_interval = LC_DEFAULT_RETRY_INTERVAL;
110 lcconf->count_persend = LC_DEFAULT_COUNT_PERSEND;
111 lcconf->secret_size = LC_DEFAULT_SECRETSIZE;
112 lcconf->retry_checkph1 = LC_DEFAULT_RETRY_CHECKPH1;
113 lcconf->wait_ph2complete = LC_DEFAULT_WAIT_PH2COMPLETE;
114 lcconf->strict_address = FALSE;
115 lcconf->complex_bundle = TRUE; /*XXX FALSE;*/
116 }
117
118 /*
119 * get PSK by string.
120 */
121 vchar_t *
122 getpskbyname(id0)
123 vchar_t *id0;
124 {
125 char *id;
126 vchar_t *key = NULL;
127
128 id = racoon_calloc(1, 1 + id0->l - sizeof(struct ipsecdoi_id_b));
129 if (id == NULL) {
130 plog(LLV_ERROR, LOCATION, NULL,
131 "failed to get psk buffer.\n");
132 goto end;
133 }
134 memcpy(id, id0->v + sizeof(struct ipsecdoi_id_b),
135 id0->l - sizeof(struct ipsecdoi_id_b));
136 id[id0->l - sizeof(struct ipsecdoi_id_b)] = '\0';
137
138 key = getpsk(id, id0->l - sizeof(struct ipsecdoi_id_b));
139
140 end:
141 if (id)
142 racoon_free(id);
143 return key;
144 }
145
146 /*
147 * get PSK by address.
148 */
149 vchar_t *
150 getpskbyaddr(remote)
151 struct sockaddr *remote;
152 {
153 vchar_t *key = NULL;
154 char addr[NI_MAXHOST], port[NI_MAXSERV];
155
156 GETNAMEINFO(remote, addr, port);
157
158 key = getpsk(addr, strlen(addr));
159
160 return key;
161 }
162
163 static vchar_t *
164 getpsk(str, len)
165 const char *str;
166 const int len;
167 {
168 FILE *fp;
169 char buf[1024]; /* XXX how is variable length ? */
170 vchar_t *key = NULL;
171 char *p, *q;
172 size_t keylen;
173 char *k = NULL;
174
175 if (safefile(lcconf->pathinfo[LC_PATHTYPE_PSK], 1) == 0)
176 fp = fopen(lcconf->pathinfo[LC_PATHTYPE_PSK], "r");
177 else
178 fp = NULL;
179 if (fp == NULL) {
180 plog(LLV_ERROR, LOCATION, NULL,
181 "failed to open pre_share_key file %s\n",
182 lcconf->pathinfo[LC_PATHTYPE_PSK]);
183 return NULL;
184 }
185
186 while (fgets(buf, sizeof(buf), fp) != NULL) {
187 /* comment line */
188 if (buf[0] == '#')
189 continue;
190
191 /* search the end of 1st string. */
192 for (p = buf; *p != '\0' && !isspace(*p); p++)
193 ;
194 if (*p == '\0')
195 continue; /* no 2nd parameter */
196 *p = '\0';
197 /* search the 1st of 2nd string. */
198 while (isspace(*++p))
199 ;
200 if (*p == '\0')
201 continue; /* no 2nd parameter */
202 p--;
203 if (strncmp(buf, str, len) == 0 && buf[len] == '\0') {
204 p++;
205 keylen = 0;
206 for (q = p; *q != '\0' && *q != '\n'; q++)
207 keylen++;
208 *q = '\0';
209
210 /* fix key if hex string */
211 if (strncmp(p, "0x", 2) == 0) {
212 k = str2val(p + 2, 16, &keylen);
213 if (k == NULL) {
214 plog(LLV_ERROR, LOCATION, NULL,
215 "failed to get psk buffer.\n");
216 goto end;
217 }
218 p = k;
219 }
220
221 key = vmalloc(keylen);
222 if (key == NULL) {
223 plog(LLV_ERROR, LOCATION, NULL,
224 "failed to allocate key buffer.\n");
225 goto end;
226 }
227 memcpy(key->v, p, key->l);
228 if (k)
229 racoon_free(k);
230 goto end;
231 }
232 }
233
234 end:
235 fclose(fp);
236 return key;
237 }
238
239 /*
240 * get a file name of a type specified.
241 */
242 void
243 getpathname(path, len, type, name)
244 char *path;
245 int len, type;
246 const char *name;
247 {
248 snprintf(path, len, "%s%s%s",
249 name[0] == '/' ? "" : lcconf->pathinfo[type],
250 name[0] == '/' ? "" : "/",
251 name);
252
253 plog(LLV_DEBUG, LOCATION, NULL, "filename: %s\n", path);
254 }
255
256 #if 0 /* DELETEIT */
257 static int lc_doi2idtype[] = {
258 -1,
259 -1,
260 LC_IDENTTYPE_FQDN,
261 LC_IDENTTYPE_USERFQDN,
262 -1,
263 -1,
264 -1,
265 -1,
266 -1,
267 LC_IDENTTYPE_CERTNAME,
268 -1,
269 LC_IDENTTYPE_KEYID,
270 };
271
272 /*
273 * convert DOI value to idtype
274 * OUT -1 : NG
275 * other: converted.
276 */
277 int
278 doi2idtype(idtype)
279 int idtype;
280 {
281 if (ARRAYLEN(lc_doi2idtype) > idtype)
282 return lc_doi2idtype[idtype];
283 return -1;
284 }
285 #endif
286
287 static int lc_sittype2doi[] = {
288 IPSECDOI_SIT_IDENTITY_ONLY,
289 IPSECDOI_SIT_SECRECY,
290 IPSECDOI_SIT_INTEGRITY,
291 };
292
293 /*
294 * convert sittype to DOI value.
295 * OUT -1 : NG
296 * other: converted.
297 */
298 int
299 sittype2doi(sittype)
300 int sittype;
301 {
302 if (ARRAYLEN(lc_sittype2doi) > sittype)
303 return lc_sittype2doi[sittype];
304 return -1;
305 }
306
307 static int lc_doitype2doi[] = {
308 IPSEC_DOI,
309 };
310
311 /*
312 * convert doitype to DOI value.
313 * OUT -1 : NG
314 * other: converted.
315 */
316 int
317 doitype2doi(doitype)
318 int doitype;
319 {
320 if (ARRAYLEN(lc_doitype2doi) > doitype)
321 return lc_doitype2doi[doitype];
322 return -1;
323 }
324
mirror of network_cmds