admin.c revision 0a1907d434839af6a9cb6329bbde60b237bf53dc
10a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang/* $NetBSD: admin.c,v 1.17.6.2 2008/06/18 07:30:19 mgrooms Exp $ */ 20a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 30a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang/* Id: admin.c,v 1.25 2006/04/06 14:31:04 manubsd Exp */ 40a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 50a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang/* 60a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. 70a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * All rights reserved. 80a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * 90a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * Redistribution and use in source and binary forms, with or without 100a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * modification, are permitted provided that the following conditions 110a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * are met: 120a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * 1. Redistributions of source code must retain the above copyright 130a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * notice, this list of conditions and the following disclaimer. 140a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * 2. Redistributions in binary form must reproduce the above copyright 150a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * notice, this list of conditions and the following disclaimer in the 160a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * documentation and/or other materials provided with the distribution. 170a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * 3. Neither the name of the project nor the names of its contributors 180a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * may be used to endorse or promote products derived from this software 190a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * without specific prior written permission. 200a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * 210a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 220a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 230a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 240a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 250a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 260a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 270a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 280a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 290a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 300a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 310a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * SUCH DAMAGE. 320a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang */ 330a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 340a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "config.h" 350a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 360a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include <sys/types.h> 370a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include <sys/param.h> 380a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include <sys/socket.h> 390a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#ifndef ANDROID_CHANGES 400a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include <sys/signal.h> 410a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#else 420a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#define SIGHUP 1 430a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#endif 440a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include <sys/stat.h> 450a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include <sys/un.h> 460a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 470a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include <net/pfkeyv2.h> 480a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 490a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include <netinet/in.h> 500a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include PATH_IPSEC_H 510a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 520a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 530a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include <stdlib.h> 540a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include <stdio.h> 550a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include <string.h> 560a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include <errno.h> 570a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include <netdb.h> 580a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#ifdef HAVE_UNISTD_H 590a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include <unistd.h> 600a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#endif 610a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#ifdef ENABLE_HYBRID 620a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include <resolv.h> 630a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#endif 640a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 650a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "var.h" 660a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "misc.h" 670a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "vmbuf.h" 680a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "plog.h" 690a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "sockmisc.h" 700a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "debug.h" 710a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 720a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "schedule.h" 730a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "localconf.h" 740a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "remoteconf.h" 750a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "grabmyaddr.h" 760a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "isakmp_var.h" 770a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "isakmp.h" 780a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "oakley.h" 790a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "handler.h" 800a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "evt.h" 810a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "pfkey.h" 820a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "ipsec_doi.h" 830a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "admin.h" 840a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "admin_var.h" 850a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "isakmp_inf.h" 860a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#ifdef ENABLE_HYBRID 870a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "isakmp_cfg.h" 880a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#endif 890a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "session.h" 900a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "gcmalloc.h" 910a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 920a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#ifdef ENABLE_ADMINPORT 930a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangchar *adminsock_path = ADMINSOCK_PATH; 940a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wanguid_t adminsock_owner = 0; 950a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wanggid_t adminsock_group = 0; 960a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangmode_t adminsock_mode = 0600; 970a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 980a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangstatic struct sockaddr_un sunaddr; 990a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangstatic int admin_process __P((int, char *)); 1000a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangstatic int admin_reply __P((int, struct admin_com *, vchar_t *)); 1010a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 1020a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangint 1030a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangadmin_handler() 1040a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 1050a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int so2; 1060a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct sockaddr_storage from; 1070a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang socklen_t fromlen = sizeof(from); 1080a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct admin_com com; 1090a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang char *combuf = NULL; 1100a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int len, error = -1; 1110a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 1120a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang so2 = accept(lcconf->sock_admin, (struct sockaddr *)&from, &fromlen); 1130a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (so2 < 0) { 1140a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 1150a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "failed to accept admin command: %s\n", 1160a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang strerror(errno)); 1170a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return -1; 1180a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 1190a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 1200a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* get buffer length */ 1210a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang while ((len = recv(so2, (char *)&com, sizeof(com), MSG_PEEK)) < 0) { 1220a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (errno == EINTR) 1230a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang continue; 1240a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 1250a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "failed to recv admin command: %s\n", 1260a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang strerror(errno)); 1270a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang goto end; 1280a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 1290a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 1300a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* sanity check */ 1310a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (len < sizeof(com)) { 1320a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 1330a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "invalid header length of admin command\n"); 1340a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang goto end; 1350a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 1360a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 1370a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* get buffer to receive */ 1380a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if ((combuf = racoon_malloc(com.ac_len)) == 0) { 1390a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 1400a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "failed to alloc buffer for admin command\n"); 1410a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang goto end; 1420a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 1430a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 1440a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* get real data */ 1450a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang while ((len = recv(so2, combuf, com.ac_len, 0)) < 0) { 1460a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (errno == EINTR) 1470a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang continue; 1480a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 1490a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "failed to recv admin command: %s\n", 1500a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang strerror(errno)); 1510a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang goto end; 1520a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 1530a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 1540a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (com.ac_cmd == ADMIN_RELOAD_CONF) { 1550a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* reload does not work at all! */ 1560a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang signal_handler(SIGHUP); 1570a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang goto end; 1580a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 1590a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 1600a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang error = admin_process(so2, combuf); 1610a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 1620a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang end: 1630a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang (void)close(so2); 1640a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (combuf) 1650a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang racoon_free(combuf); 1660a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 1670a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return error; 1680a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang} 1690a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 1700a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang/* 1710a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * main child's process. 1720a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang */ 1730a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangstatic int 1740a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangadmin_process(so2, combuf) 1750a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int so2; 1760a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang char *combuf; 1770a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 1780a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct admin_com *com = (struct admin_com *)combuf; 1790a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang vchar_t *buf = NULL; 1800a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang vchar_t *id = NULL; 1810a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang vchar_t *key = NULL; 1820a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int idtype = 0; 1830a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int error = -1; 1840a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 1850a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang com->ac_errno = 0; 1860a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 1870a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang switch (com->ac_cmd) { 1880a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case ADMIN_RELOAD_CONF: 1890a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* don't entered because of proccessing it in other place. */ 1900a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, "should never reach here\n"); 1910a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang goto out; 1920a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 1930a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case ADMIN_SHOW_SCHED: 1940a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang { 1950a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang caddr_t p = NULL; 1960a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int len; 1970a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 1980a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang com->ac_errno = -1; 1990a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 2000a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (sched_dump(&p, &len) == -1) 2010a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang goto out2; 2020a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 2030a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if ((buf = vmalloc(len)) == NULL) 2040a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang goto out2; 2050a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 2060a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang memcpy(buf->v, p, len); 2070a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 2080a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang com->ac_errno = 0; 2090a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangout2: 2100a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang racoon_free(p); 2110a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 2120a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 2130a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 2140a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case ADMIN_SHOW_EVT: 2150a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* It's not really an error, don't force racoonctl to quit */ 2160a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if ((buf = evt_dump()) == NULL) 2170a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang com->ac_errno = 0; 2180a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 2190a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 2200a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case ADMIN_SHOW_SA: 2210a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case ADMIN_FLUSH_SA: 2220a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang { 2230a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang switch (com->ac_proto) { 2240a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case ADMIN_PROTO_ISAKMP: 2250a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang switch (com->ac_cmd) { 2260a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case ADMIN_SHOW_SA: 2270a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang buf = dumpph1(); 2280a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (buf == NULL) 2290a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang com->ac_errno = -1; 2300a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 2310a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case ADMIN_FLUSH_SA: 2320a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang flushph1(); 2330a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 2340a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 2350a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 2360a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case ADMIN_PROTO_IPSEC: 2370a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case ADMIN_PROTO_AH: 2380a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case ADMIN_PROTO_ESP: 2390a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang switch (com->ac_cmd) { 2400a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case ADMIN_SHOW_SA: 2410a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang { 2420a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang u_int p; 2430a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang p = admin2pfkey_proto(com->ac_proto); 2440a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (p == -1) 2450a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang goto out; 2460a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang buf = pfkey_dump_sadb(p); 2470a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (buf == NULL) 2480a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang com->ac_errno = -1; 2490a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 2500a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 2510a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case ADMIN_FLUSH_SA: 2520a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang pfkey_flush_sadb(com->ac_proto); 2530a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 2540a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 2550a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 2560a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 2570a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case ADMIN_PROTO_INTERNAL: 2580a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang switch (com->ac_cmd) { 2590a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case ADMIN_SHOW_SA: 2600a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang buf = NULL; /*XXX dumpph2(&error);*/ 2610a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (buf == NULL) 2620a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang com->ac_errno = error; 2630a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 2640a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case ADMIN_FLUSH_SA: 2650a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /*XXX flushph2();*/ 2660a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang com->ac_errno = 0; 2670a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 2680a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 2690a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 2700a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 2710a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang default: 2720a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* ignore */ 2730a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang com->ac_errno = -1; 2740a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 2750a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 2760a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 2770a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 2780a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case ADMIN_DELETE_SA: { 2790a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct ph1handle *iph1; 2800a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct sockaddr *dst; 2810a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct sockaddr *src; 2820a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang char *loc, *rem; 2830a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 2840a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang src = (struct sockaddr *) 2850a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang &((struct admin_com_indexes *) 2860a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang ((caddr_t)com + sizeof(*com)))->src; 2870a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang dst = (struct sockaddr *) 2880a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang &((struct admin_com_indexes *) 2890a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang ((caddr_t)com + sizeof(*com)))->dst; 2900a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 2910a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang loc = racoon_strdup(saddrwop2str(src)); 2920a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang rem = racoon_strdup(saddrwop2str(dst)); 2930a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang STRDUP_FATAL(loc); 2940a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang STRDUP_FATAL(rem); 2950a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 2960a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if ((iph1 = getph1byaddrwop(src, dst)) == NULL) { 2970a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 2980a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "phase 1 for %s -> %s not found\n", loc, rem); 2990a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } else { 3000a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (iph1->status == PHASE1ST_ESTABLISHED) 3010a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang isakmp_info_send_d1(iph1); 3020a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang purge_remote(iph1); 3030a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 3040a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 3050a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang racoon_free(loc); 3060a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang racoon_free(rem); 3070a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 3080a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 3090a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 3100a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 3110a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#ifdef ENABLE_HYBRID 3120a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case ADMIN_LOGOUT_USER: { 3130a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct ph1handle *iph1; 3140a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang char *user; 3150a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int found = 0; 3160a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 3170a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (com->ac_len > sizeof(com) + LOGINLEN + 1) { 3180a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 3190a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "malformed message (login too long)\n"); 3200a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 3210a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 3220a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 3230a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang user = (char *)(com + 1); 3240a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang found = purgeph1bylogin(user); 3250a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_INFO, LOCATION, NULL, 3260a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "deleted %d SA for user \"%s\"\n", found, user); 3270a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 3280a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 3290a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 3300a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#endif 3310a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 3320a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case ADMIN_DELETE_ALL_SA_DST: { 3330a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct ph1handle *iph1; 3340a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct sockaddr *dst; 3350a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang char *loc, *rem; 3360a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 3370a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang dst = (struct sockaddr *) 3380a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang &((struct admin_com_indexes *) 3390a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang ((caddr_t)com + sizeof(*com)))->dst; 3400a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 3410a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang rem = racoon_strdup(saddrwop2str(dst)); 3420a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang STRDUP_FATAL(rem); 3430a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 3440a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_INFO, LOCATION, NULL, 3450a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "Flushing all SAs for peer %s\n", rem); 3460a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 3470a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang while ((iph1 = getph1bydstaddrwop(dst)) != NULL) { 3480a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang loc = racoon_strdup(saddrwop2str(iph1->local)); 3490a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang STRDUP_FATAL(loc); 3500a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 3510a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (iph1->status == PHASE1ST_ESTABLISHED) 3520a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang isakmp_info_send_d1(iph1); 3530a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang purge_remote(iph1); 3540a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 3550a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang racoon_free(loc); 3560a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 3570a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 3580a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang racoon_free(rem); 3590a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 3600a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 3610a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 3620a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 3630a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case ADMIN_ESTABLISH_SA_PSK: { 3640a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct admin_com_psk *acp; 3650a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang char *data; 3660a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 3670a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang com->ac_cmd = ADMIN_ESTABLISH_SA; 3680a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 3690a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang acp = (struct admin_com_psk *) 3700a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang ((char *)com + sizeof(*com) + 3710a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang sizeof(struct admin_com_indexes)); 3720a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 3730a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang idtype = acp->id_type; 3740a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 3750a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if ((id = vmalloc(acp->id_len)) == NULL) { 3760a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 3770a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "cannot allocate memory: %s\n", 3780a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang strerror(errno)); 3790a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 3800a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 3810a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang data = (char *)(acp + 1); 3820a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang memcpy(id->v, data, id->l); 3830a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 3840a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if ((key = vmalloc(acp->key_len)) == NULL) { 3850a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 3860a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "cannot allocate memory: %s\n", 3870a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang strerror(errno)); 3880a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang vfree(id); 3890a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang id = NULL; 3900a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 3910a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 3920a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang data = (char *)(data + acp->id_len); 3930a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang memcpy(key->v, data, key->l); 3940a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 3950a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* FALLTHROUGH */ 3960a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case ADMIN_ESTABLISH_SA: 3970a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang { 3980a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct sockaddr *dst; 3990a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct sockaddr *src; 4000a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang src = (struct sockaddr *) 4010a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang &((struct admin_com_indexes *) 4020a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang ((caddr_t)com + sizeof(*com)))->src; 4030a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang dst = (struct sockaddr *) 4040a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang &((struct admin_com_indexes *) 4050a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang ((caddr_t)com + sizeof(*com)))->dst; 4060a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 4070a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang switch (com->ac_proto) { 4080a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case ADMIN_PROTO_ISAKMP: { 4090a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct remoteconf *rmconf; 4100a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct sockaddr *remote = NULL; 4110a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct sockaddr *local = NULL; 4120a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang u_int16_t port; 4130a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 4140a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang com->ac_errno = -1; 4150a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 4160a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* search appropreate configuration */ 4170a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang rmconf = getrmconf(dst); 4180a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (rmconf == NULL) { 4190a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 4200a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "no configuration found " 4210a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "for %s\n", saddrwop2str(dst)); 4220a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang goto out1; 4230a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 4240a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 4250a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* get remote IP address and port number. */ 4260a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if ((remote = dupsaddr(dst)) == NULL) 4270a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang goto out1; 4280a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 4290a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang port = extract_port(rmconf->remote); 4300a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (set_port(remote, port) == NULL) 4310a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang goto out1; 4320a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 4330a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* get local address */ 4340a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if ((local = dupsaddr(src)) == NULL) 4350a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang goto out1; 4360a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 4370a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang port = getmyaddrsport(local); 4380a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (set_port(local, port) == NULL) 4390a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang goto out1; 4400a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 4410a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#ifdef ENABLE_HYBRID 4420a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* Set the id and key */ 4430a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (id && key) { 4440a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (xauth_rmconf_used(&rmconf->xauth) == -1) 4450a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang goto out1; 4460a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 4470a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (rmconf->xauth->login != NULL) { 4480a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang vfree(rmconf->xauth->login); 4490a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang rmconf->xauth->login = NULL; 4500a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 4510a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (rmconf->xauth->pass != NULL) { 4520a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang vfree(rmconf->xauth->pass); 4530a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang rmconf->xauth->pass = NULL; 4540a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 4550a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 4560a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang rmconf->xauth->login = id; 4570a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang rmconf->xauth->pass = key; 4580a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 4590a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#endif 4600a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 4610a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_INFO, LOCATION, NULL, 4620a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "accept a request to establish IKE-SA: " 4630a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "%s\n", saddrwop2str(remote)); 4640a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 4650a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* begin ident mode */ 4660a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (isakmp_ph1begin_i(rmconf, remote, local) < 0) 4670a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang goto out1; 4680a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 4690a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang com->ac_errno = 0; 4700a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangout1: 4710a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (local != NULL) 4720a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang racoon_free(local); 4730a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (remote != NULL) 4740a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang racoon_free(remote); 4750a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 4760a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 4770a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case ADMIN_PROTO_AH: 4780a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case ADMIN_PROTO_ESP: 4790a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 4800a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang default: 4810a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* ignore */ 4820a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang com->ac_errno = -1; 4830a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 4840a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 4850a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 4860a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 4870a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang default: 4880a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 4890a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "invalid command: %d\n", com->ac_cmd); 4900a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang com->ac_errno = -1; 4910a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 4920a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 4930a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if ((error = admin_reply(so2, com, buf)) != 0) 4940a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang goto out; 4950a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 4960a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang error = 0; 4970a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangout: 4980a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (buf != NULL) 4990a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang vfree(buf); 5000a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 5010a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return error; 5020a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang} 5030a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 5040a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangstatic int 5050a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangadmin_reply(so, combuf, buf) 5060a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int so; 5070a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct admin_com *combuf; 5080a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang vchar_t *buf; 5090a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 5100a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int tlen; 5110a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang char *retbuf = NULL; 5120a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 5130a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (buf != NULL) 5140a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang tlen = sizeof(*combuf) + buf->l; 5150a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang else 5160a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang tlen = sizeof(*combuf); 5170a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 5180a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang retbuf = racoon_calloc(1, tlen); 5190a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (retbuf == NULL) { 5200a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 5210a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "failed to allocate admin buffer\n"); 5220a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return -1; 5230a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 5240a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 5250a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang memcpy(retbuf, combuf, sizeof(*combuf)); 5260a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang ((struct admin_com *)retbuf)->ac_len = tlen; 5270a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 5280a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (buf != NULL) 5290a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang memcpy(retbuf + sizeof(*combuf), buf->v, buf->l); 5300a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 5310a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang tlen = send(so, retbuf, tlen, 0); 5320a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang racoon_free(retbuf); 5330a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (tlen < 0) { 5340a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 5350a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "failed to send admin command: %s\n", 5360a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang strerror(errno)); 5370a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return -1; 5380a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 5390a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 5400a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return 0; 5410a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang} 5420a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 5430a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang/* ADMIN_PROTO -> SADB_SATYPE */ 5440a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangint 5450a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangadmin2pfkey_proto(proto) 5460a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang u_int proto; 5470a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 5480a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang switch (proto) { 5490a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case ADMIN_PROTO_IPSEC: 5500a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return SADB_SATYPE_UNSPEC; 5510a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case ADMIN_PROTO_AH: 5520a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return SADB_SATYPE_AH; 5530a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case ADMIN_PROTO_ESP: 5540a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return SADB_SATYPE_ESP; 5550a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang default: 5560a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 5570a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "unsupported proto for admin: %d\n", proto); 5580a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return -1; 5590a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 5600a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /*NOTREACHED*/ 5610a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang} 5620a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 5630a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangint 5640a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangadmin_init() 5650a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 5660a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (adminsock_path == NULL) { 5670a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang lcconf->sock_admin = -1; 5680a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return 0; 5690a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 5700a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 5710a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang memset(&sunaddr, 0, sizeof(sunaddr)); 5720a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang sunaddr.sun_family = AF_UNIX; 5730a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang snprintf(sunaddr.sun_path, sizeof(sunaddr.sun_path), 5740a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "%s", adminsock_path); 5750a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 5760a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang lcconf->sock_admin = socket(AF_UNIX, SOCK_STREAM, 0); 5770a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (lcconf->sock_admin == -1) { 5780a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 5790a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "socket: %s\n", strerror(errno)); 5800a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return -1; 5810a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 5820a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 5830a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang unlink(sunaddr.sun_path); 5840a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (bind(lcconf->sock_admin, (struct sockaddr *)&sunaddr, 5850a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang sizeof(sunaddr)) != 0) { 5860a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 5870a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "bind(sockname:%s): %s\n", 5880a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang sunaddr.sun_path, strerror(errno)); 5890a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang (void)close(lcconf->sock_admin); 5900a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return -1; 5910a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 5920a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 5930a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (chown(sunaddr.sun_path, adminsock_owner, adminsock_group) != 0) { 5940a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 5950a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "chown(%s, %d, %d): %s\n", 5960a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang sunaddr.sun_path, adminsock_owner, 5970a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang adminsock_group, strerror(errno)); 5980a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang (void)close(lcconf->sock_admin); 5990a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return -1; 6000a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 6010a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 6020a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (chmod(sunaddr.sun_path, adminsock_mode) != 0) { 6030a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 6040a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "chmod(%s, 0%03o): %s\n", 6050a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang sunaddr.sun_path, adminsock_mode, strerror(errno)); 6060a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang (void)close(lcconf->sock_admin); 6070a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return -1; 6080a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 6090a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 6100a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (listen(lcconf->sock_admin, 5) != 0) { 6110a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 6120a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "listen(sockname:%s): %s\n", 6130a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang sunaddr.sun_path, strerror(errno)); 6140a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang (void)close(lcconf->sock_admin); 6150a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return -1; 6160a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 6170a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_DEBUG, LOCATION, NULL, 6180a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "open %s as racoon management.\n", sunaddr.sun_path); 6190a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 6200a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return 0; 6210a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang} 6220a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 6230a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangint 6240a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangadmin_close() 6250a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 6260a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang close(lcconf->sock_admin); 6270a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return 0; 6280a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang} 6290a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#endif 630