diff options
Diffstat (limited to 'ipsec-tools/src/racoon/localconf.c')
-rw-r--r-- | ipsec-tools/src/racoon/localconf.c | 358 |
1 files changed, 358 insertions, 0 deletions
diff --git a/ipsec-tools/src/racoon/localconf.c b/ipsec-tools/src/racoon/localconf.c new file mode 100644 index 00000000..a512953b --- /dev/null +++ b/ipsec-tools/src/racoon/localconf.c @@ -0,0 +1,358 @@ +/* $NetBSD: localconf.c,v 1.7 2008/12/23 14:04:42 tteras Exp $ */ + +/* $KAME: localconf.c,v 1.33 2001/08/09 07:32:19 sakane Exp $ */ + +/* + * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. Neither the name of the project nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "config.h" + +#include <sys/types.h> +#include <sys/param.h> + +#include <stdlib.h> +#include <stdio.h> +#include <string.h> +#include <errno.h> +#include <ctype.h> +#include <err.h> + +#include "var.h" +#include "misc.h" +#include "vmbuf.h" +#include "plog.h" +#include "debug.h" + +#include "localconf.h" +#include "algorithm.h" +#include "admin.h" +#include "privsep.h" +#include "isakmp_var.h" +#include "isakmp.h" +#include "ipsec_doi.h" +#include "grabmyaddr.h" +#include "vendorid.h" +#include "str2val.h" +#include "safefile.h" +#include "admin.h" +#include "gcmalloc.h" + +struct localconf *lcconf; + +static void setdefault __P((void)); + +void +initlcconf() +{ + lcconf = racoon_calloc(1, sizeof(*lcconf)); + if (lcconf == NULL) + errx(1, "failed to allocate local conf."); + + setdefault(); + + lcconf->racoon_conf = LC_DEFAULT_CF; +} + +void +flushlcconf() +{ + int i; + + setdefault(); + myaddr_flush(); + + for (i = 0; i < LC_PATHTYPE_MAX; i++) { + if (lcconf->pathinfo[i]) { + racoon_free(lcconf->pathinfo[i]); + lcconf->pathinfo[i] = NULL; + } + } +} + +static void +setdefault() +{ + lcconf->uid = 0; + lcconf->gid = 0; + lcconf->chroot = NULL; + lcconf->port_isakmp = PORT_ISAKMP; + lcconf->port_isakmp_natt = PORT_ISAKMP_NATT; + lcconf->default_af = AF_INET; + lcconf->pad_random = LC_DEFAULT_PAD_RANDOM; + lcconf->pad_randomlen = LC_DEFAULT_PAD_RANDOMLEN; + lcconf->pad_maxsize = LC_DEFAULT_PAD_MAXSIZE; + lcconf->pad_strict = LC_DEFAULT_PAD_STRICT; + lcconf->pad_excltail = LC_DEFAULT_PAD_EXCLTAIL; + lcconf->retry_counter = LC_DEFAULT_RETRY_COUNTER; + lcconf->retry_interval = LC_DEFAULT_RETRY_INTERVAL; + lcconf->count_persend = LC_DEFAULT_COUNT_PERSEND; + lcconf->secret_size = LC_DEFAULT_SECRETSIZE; + lcconf->retry_checkph1 = LC_DEFAULT_RETRY_CHECKPH1; + lcconf->wait_ph2complete = LC_DEFAULT_WAIT_PH2COMPLETE; + lcconf->strict_address = FALSE; + lcconf->complex_bundle = TRUE; /*XXX FALSE;*/ + lcconf->gss_id_enc = LC_GSSENC_UTF16LE; /* Windows compatibility */ + lcconf->natt_ka_interval = LC_DEFAULT_NATT_KA_INTERVAL; + lcconf->pfkey_buffer_size = LC_DEFAULT_PFKEY_BUFFER_SIZE; +} + +/* + * get PSK by string. + */ +vchar_t * +getpskbyname(id0) + vchar_t *id0; +{ + char *id; + vchar_t *key = NULL; + + id = racoon_calloc(1, 1 + id0->l - sizeof(struct ipsecdoi_id_b)); + if (id == NULL) { + plog(LLV_ERROR, LOCATION, NULL, + "failed to get psk buffer.\n"); + goto end; + } + memcpy(id, id0->v + sizeof(struct ipsecdoi_id_b), + id0->l - sizeof(struct ipsecdoi_id_b)); + id[id0->l - sizeof(struct ipsecdoi_id_b)] = '\0'; + + key = privsep_getpsk(id, id0->l - sizeof(struct ipsecdoi_id_b)); + +end: + if (id) + racoon_free(id); + return key; +} + +/* + * get PSK by address. + */ +vchar_t * +getpskbyaddr(remote) + struct sockaddr *remote; +{ + vchar_t *key = NULL; + char addr[NI_MAXHOST], port[NI_MAXSERV]; + + GETNAMEINFO(remote, addr, port); + + key = privsep_getpsk(addr, strlen(addr)); + + return key; +} + +vchar_t * +getpsk(str, len) + const char *str; + const int len; +{ + FILE *fp; + char buf[1024]; /* XXX how is variable length ? */ + vchar_t *key = NULL; + char *p, *q; + size_t keylen; + char *k = NULL; + + if (safefile(lcconf->pathinfo[LC_PATHTYPE_PSK], 1) == 0) + fp = fopen(lcconf->pathinfo[LC_PATHTYPE_PSK], "r"); + else + fp = NULL; + if (fp == NULL) { + plog(LLV_ERROR, LOCATION, NULL, + "failed to open pre_share_key file %s\n", + lcconf->pathinfo[LC_PATHTYPE_PSK]); + return NULL; + } + + while (fgets(buf, sizeof(buf), fp) != NULL) { + /* comment line */ + if (buf[0] == '#') + continue; + + /* search the end of 1st string. */ + for (p = buf; *p != '\0' && !isspace((int)*p); p++) + ; + if (*p == '\0') + continue; /* no 2nd parameter */ + *p = '\0'; + /* search the 1st of 2nd string. */ + while (isspace((int)*++p)) + ; + if (*p == '\0') + continue; /* no 2nd parameter */ + p--; + if (strncmp(buf, str, len) == 0 && buf[len] == '\0') { + p++; + keylen = 0; + for (q = p; *q != '\0' && *q != '\n'; q++) + keylen++; + *q = '\0'; + + /* fix key if hex string */ + if (strncmp(p, "0x", 2) == 0) { + k = str2val(p + 2, 16, &keylen); + if (k == NULL) { + plog(LLV_ERROR, LOCATION, NULL, + "failed to get psk buffer.\n"); + goto end; + } + p = k; + } + + key = vmalloc(keylen); + if (key == NULL) { + plog(LLV_ERROR, LOCATION, NULL, + "failed to allocate key buffer.\n"); + goto end; + } + memcpy(key->v, p, key->l); + if (k) + racoon_free(k); + goto end; + } + } + +end: + fclose(fp); + return key; +} + +/* + * get a file name of a type specified. + */ +void +getpathname(path, len, type, name) + char *path; + int len, type; + const char *name; +{ + snprintf(path, len, "%s%s%s", + name[0] == '/' ? "" : lcconf->pathinfo[type], + name[0] == '/' ? "" : "/", + name); + + plog(LLV_DEBUG, LOCATION, NULL, "filename: %s\n", path); +} + +#if 0 /* DELETEIT */ +static int lc_doi2idtype[] = { + -1, + -1, + LC_IDENTTYPE_FQDN, + LC_IDENTTYPE_USERFQDN, + -1, + -1, + -1, + -1, + -1, + LC_IDENTTYPE_CERTNAME, + -1, + LC_IDENTTYPE_KEYID, +}; + +/* + * convert DOI value to idtype + * OUT -1 : NG + * other: converted. + */ +int +doi2idtype(idtype) + int idtype; +{ + if (ARRAYLEN(lc_doi2idtype) > idtype) + return lc_doi2idtype[idtype]; + return -1; +} +#endif + +static int lc_sittype2doi[] = { + IPSECDOI_SIT_IDENTITY_ONLY, + IPSECDOI_SIT_SECRECY, + IPSECDOI_SIT_INTEGRITY, +}; + +/* + * convert sittype to DOI value. + * OUT -1 : NG + * other: converted. + */ +int +sittype2doi(sittype) + int sittype; +{ + if (ARRAYLEN(lc_sittype2doi) > sittype) + return lc_sittype2doi[sittype]; + return -1; +} + +static int lc_doitype2doi[] = { + IPSEC_DOI, +}; + +/* + * convert doitype to DOI value. + * OUT -1 : NG + * other: converted. + */ +int +doitype2doi(doitype) + int doitype; +{ + if (ARRAYLEN(lc_doitype2doi) > doitype) + return lc_doitype2doi[doitype]; + return -1; +} + + + +static void +saverestore_params(f) + int f; +{ + static u_int16_t s_port_isakmp; + + /* 0: save, 1: restore */ + if (f) { + lcconf->port_isakmp = s_port_isakmp; + } else { + s_port_isakmp = lcconf->port_isakmp; + } +} + +void +restore_params() +{ + saverestore_params(1); +} + +void +save_params() +{ + saverestore_params(0); +} |