1c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh/* $NetBSD: admin.c,v 1.17.6.3 2009/04/20 13:32:57 tteras Exp $ */ 20a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 30a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang/* Id: admin.c,v 1.25 2006/04/06 14:31:04 manubsd Exp */ 40a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 50a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang/* 60a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. 70a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * All rights reserved. 8c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh * 90a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * Redistribution and use in source and binary forms, with or without 100a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * modification, are permitted provided that the following conditions 110a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * are met: 120a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * 1. Redistributions of source code must retain the above copyright 130a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * notice, this list of conditions and the following disclaimer. 140a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * 2. Redistributions in binary form must reproduce the above copyright 150a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * notice, this list of conditions and the following disclaimer in the 160a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * documentation and/or other materials provided with the distribution. 170a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * 3. Neither the name of the project nor the names of its contributors 180a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * may be used to endorse or promote products derived from this software 190a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * without specific prior written permission. 20c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh * 210a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 220a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 230a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 240a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 250a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 260a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 270a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 280a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 290a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 300a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 310a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * SUCH DAMAGE. 320a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang */ 330a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 340a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "config.h" 350a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 360a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include <sys/types.h> 370a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include <sys/param.h> 380a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include <sys/socket.h> 390a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include <sys/signal.h> 400a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include <sys/stat.h> 410a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include <sys/un.h> 420a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 430a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include <net/pfkeyv2.h> 440a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 450a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include <netinet/in.h> 460a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include PATH_IPSEC_H 470a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 480a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 490a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include <stdlib.h> 500a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include <stdio.h> 510a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include <string.h> 520a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include <errno.h> 530a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include <netdb.h> 540a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#ifdef HAVE_UNISTD_H 550a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include <unistd.h> 560a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#endif 570a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#ifdef ENABLE_HYBRID 580a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include <resolv.h> 590a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#endif 600a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 610a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "var.h" 620a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "misc.h" 630a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "vmbuf.h" 640a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "plog.h" 650a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "sockmisc.h" 660a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "debug.h" 670a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 680a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "schedule.h" 690a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "localconf.h" 700a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "remoteconf.h" 710a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "grabmyaddr.h" 720a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "isakmp_var.h" 730a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "isakmp.h" 740a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "oakley.h" 750a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "handler.h" 760a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "evt.h" 770a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "pfkey.h" 780a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "ipsec_doi.h" 790a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "admin.h" 800a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "admin_var.h" 810a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "isakmp_inf.h" 820a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#ifdef ENABLE_HYBRID 830a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "isakmp_cfg.h" 840a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#endif 850a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "session.h" 860a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "gcmalloc.h" 870a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 880a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#ifdef ENABLE_ADMINPORT 890a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangchar *adminsock_path = ADMINSOCK_PATH; 900a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wanguid_t adminsock_owner = 0; 910a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wanggid_t adminsock_group = 0; 920a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangmode_t adminsock_mode = 0600; 930a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 940a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangstatic struct sockaddr_un sunaddr; 950a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangstatic int admin_process __P((int, char *)); 96c91307af2622f6625525f3c1f9c954376df950adChia-chi Yehstatic int admin_reply __P((int, struct admin_com *, vchar_t *)); 970a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 98c91307af2622f6625525f3c1f9c954376df950adChia-chi Yehint 99c91307af2622f6625525f3c1f9c954376df950adChia-chi Yehadmin_handler() 1000a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 1010a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int so2; 1020a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct sockaddr_storage from; 1030a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang socklen_t fromlen = sizeof(from); 1040a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct admin_com com; 1050a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang char *combuf = NULL; 1060a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int len, error = -1; 1070a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 1080a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang so2 = accept(lcconf->sock_admin, (struct sockaddr *)&from, &fromlen); 1090a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (so2 < 0) { 1100a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 1110a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "failed to accept admin command: %s\n", 1120a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang strerror(errno)); 1130a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return -1; 1140a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 1150a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 1160a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* get buffer length */ 1170a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang while ((len = recv(so2, (char *)&com, sizeof(com), MSG_PEEK)) < 0) { 1180a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (errno == EINTR) 1190a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang continue; 1200a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 1210a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "failed to recv admin command: %s\n", 1220a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang strerror(errno)); 1230a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang goto end; 1240a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 1250a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 1260a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* sanity check */ 1270a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (len < sizeof(com)) { 1280a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 1290a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "invalid header length of admin command\n"); 1300a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang goto end; 1310a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 1320a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 1330a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* get buffer to receive */ 1340a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if ((combuf = racoon_malloc(com.ac_len)) == 0) { 1350a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 1360a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "failed to alloc buffer for admin command\n"); 1370a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang goto end; 1380a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 1390a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 1400a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* get real data */ 1410a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang while ((len = recv(so2, combuf, com.ac_len, 0)) < 0) { 1420a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (errno == EINTR) 1430a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang continue; 1440a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 1450a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "failed to recv admin command: %s\n", 1460a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang strerror(errno)); 1470a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang goto end; 1480a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 1490a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 150c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh if (com.ac_cmd == ADMIN_RELOAD_CONF) { 151c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh /* reload does not work at all! */ 152c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh signal_handler(SIGHUP); 153c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh goto end; 154f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh } 155f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh 156c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh error = admin_process(so2, combuf); 157c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh 158c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh end: 159c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh (void)close(so2); 1600a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (combuf) 1610a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang racoon_free(combuf); 1620a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 1630a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return error; 1640a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang} 1650a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 1660a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang/* 1670a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * main child's process. 1680a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang */ 1690a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangstatic int 1700a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangadmin_process(so2, combuf) 1710a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int so2; 1720a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang char *combuf; 1730a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 1740a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct admin_com *com = (struct admin_com *)combuf; 1750a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang vchar_t *buf = NULL; 1760a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang vchar_t *id = NULL; 1770a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang vchar_t *key = NULL; 1780a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int idtype = 0; 179c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh int error = -1; 1800a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 181c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh com->ac_errno = 0; 1820a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 1830a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang switch (com->ac_cmd) { 1840a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case ADMIN_RELOAD_CONF: 185c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh /* don't entered because of proccessing it in other place. */ 186c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh plog(LLV_ERROR, LOCATION, NULL, "should never reach here\n"); 187c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh goto out; 1880a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 189c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh case ADMIN_SHOW_SCHED: 190c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh { 1910a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang caddr_t p = NULL; 1920a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int len; 1930a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 194c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh com->ac_errno = -1; 195c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh 196c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh if (sched_dump(&p, &len) == -1) 197c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh goto out2; 198c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh 199c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh if ((buf = vmalloc(len)) == NULL) 200c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh goto out2; 201c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh 202c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh memcpy(buf->v, p, len); 203c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh 204c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh com->ac_errno = 0; 205c91307af2622f6625525f3c1f9c954376df950adChia-chi Yehout2: 206c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh racoon_free(p); 2070a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 2080a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 2090a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 2100a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case ADMIN_SHOW_EVT: 211c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh /* It's not really an error, don't force racoonctl to quit */ 212c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh if ((buf = evt_dump()) == NULL) 213c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh com->ac_errno = 0; 2140a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 2150a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 2160a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case ADMIN_SHOW_SA: 217c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh case ADMIN_FLUSH_SA: 218c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh { 2190a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang switch (com->ac_proto) { 2200a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case ADMIN_PROTO_ISAKMP: 221c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh switch (com->ac_cmd) { 222c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh case ADMIN_SHOW_SA: 223c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh buf = dumpph1(); 224c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh if (buf == NULL) 225c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh com->ac_errno = -1; 226c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh break; 227c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh case ADMIN_FLUSH_SA: 228c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh flushph1(); 229c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh break; 230c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh } 2310a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 2320a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case ADMIN_PROTO_IPSEC: 2330a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case ADMIN_PROTO_AH: 234c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh case ADMIN_PROTO_ESP: 235c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh switch (com->ac_cmd) { 236c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh case ADMIN_SHOW_SA: 237c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh { 238c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh u_int p; 239c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh p = admin2pfkey_proto(com->ac_proto); 240c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh if (p == -1) 241c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh goto out; 2420a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang buf = pfkey_dump_sadb(p); 2430a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (buf == NULL) 244c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh com->ac_errno = -1; 245c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh } 246c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh break; 247c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh case ADMIN_FLUSH_SA: 248c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh pfkey_flush_sadb(com->ac_proto); 249c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh break; 250c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh } 2510a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 252f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh 253c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh case ADMIN_PROTO_INTERNAL: 254c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh switch (com->ac_cmd) { 255c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh case ADMIN_SHOW_SA: 256c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh buf = NULL; /*XXX dumpph2(&error);*/ 257c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh if (buf == NULL) 258c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh com->ac_errno = error; 259c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh break; 260c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh case ADMIN_FLUSH_SA: 261c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh /*XXX flushph2();*/ 262c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh com->ac_errno = 0; 263c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh break; 264c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh } 265f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh break; 2660a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 2670a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang default: 268c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh /* ignore */ 269c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh com->ac_errno = -1; 2700a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 271c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh } 2720a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 2730a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 2740a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case ADMIN_DELETE_SA: { 275c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh struct ph1handle *iph1; 276c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh struct sockaddr *dst; 277c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh struct sockaddr *src; 2780a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang char *loc, *rem; 2790a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 280c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh src = (struct sockaddr *) 2810a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang &((struct admin_com_indexes *) 2820a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang ((caddr_t)com + sizeof(*com)))->src; 283c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh dst = (struct sockaddr *) 2840a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang &((struct admin_com_indexes *) 2850a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang ((caddr_t)com + sizeof(*com)))->dst; 2860a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 287c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh loc = racoon_strdup(saddrwop2str(src)); 288c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh rem = racoon_strdup(saddrwop2str(dst)); 2890a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang STRDUP_FATAL(loc); 2900a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang STRDUP_FATAL(rem); 2910a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 292c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh if ((iph1 = getph1byaddrwop(src, dst)) == NULL) { 293c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh plog(LLV_ERROR, LOCATION, NULL, 294c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh "phase 1 for %s -> %s not found\n", loc, rem); 295c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh } else { 296c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh if (iph1->status == PHASE1ST_ESTABLISHED) 297c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh isakmp_info_send_d1(iph1); 298c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh purge_remote(iph1); 299c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh } 3000a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 3010a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang racoon_free(loc); 3020a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang racoon_free(rem); 303c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh 3040a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 3050a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 3060a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 3070a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#ifdef ENABLE_HYBRID 3080a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case ADMIN_LOGOUT_USER: { 3090a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct ph1handle *iph1; 3101c71527b277e2dc256262da2ed2169c566c5bf4dChia-chi Yeh char user[LOGINLEN+1]; 311c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh int found = 0, len = com->ac_len - sizeof(com); 3120a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 3131c71527b277e2dc256262da2ed2169c566c5bf4dChia-chi Yeh if (len > LOGINLEN) { 3140a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 3150a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "malformed message (login too long)\n"); 3160a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 3170a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 3180a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 3191c71527b277e2dc256262da2ed2169c566c5bf4dChia-chi Yeh memcpy(user, (char *)(com + 1), len); 3201c71527b277e2dc256262da2ed2169c566c5bf4dChia-chi Yeh user[len] = 0; 3211c71527b277e2dc256262da2ed2169c566c5bf4dChia-chi Yeh 3220a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang found = purgeph1bylogin(user); 323c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh plog(LLV_INFO, LOCATION, NULL, 3240a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "deleted %d SA for user \"%s\"\n", found, user); 3250a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 3260a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 3270a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 3280a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#endif 3290a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 3300a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case ADMIN_DELETE_ALL_SA_DST: { 3310a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct ph1handle *iph1; 3320a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct sockaddr *dst; 3330a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang char *loc, *rem; 3340a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 3350a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang dst = (struct sockaddr *) 3360a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang &((struct admin_com_indexes *) 3370a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang ((caddr_t)com + sizeof(*com)))->dst; 3380a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 3390a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang rem = racoon_strdup(saddrwop2str(dst)); 3400a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang STRDUP_FATAL(rem); 3410a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 342c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh plog(LLV_INFO, LOCATION, NULL, 3430a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "Flushing all SAs for peer %s\n", rem); 3440a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 345c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh while ((iph1 = getph1bydstaddrwop(dst)) != NULL) { 3460a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang loc = racoon_strdup(saddrwop2str(iph1->local)); 3470a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang STRDUP_FATAL(loc); 3480a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 349c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh if (iph1->status == PHASE1ST_ESTABLISHED) 3500a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang isakmp_info_send_d1(iph1); 3510a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang purge_remote(iph1); 3520a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 3530a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang racoon_free(loc); 3540a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 355c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh 356f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh racoon_free(rem); 357c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh 3580a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 3590a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 3600a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 3610a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case ADMIN_ESTABLISH_SA_PSK: { 3620a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct admin_com_psk *acp; 3630a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang char *data; 3640a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 365c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh com->ac_cmd = ADMIN_ESTABLISH_SA; 366c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh 3670a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang acp = (struct admin_com_psk *) 368c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh ((char *)com + sizeof(*com) + 3690a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang sizeof(struct admin_com_indexes)); 3700a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 3710a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang idtype = acp->id_type; 3720a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 3730a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if ((id = vmalloc(acp->id_len)) == NULL) { 3740a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 375c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh "cannot allocate memory: %s\n", 3760a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang strerror(errno)); 3770a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 3780a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 3790a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang data = (char *)(acp + 1); 3800a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang memcpy(id->v, data, id->l); 3810a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 3820a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if ((key = vmalloc(acp->key_len)) == NULL) { 3830a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 384c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh "cannot allocate memory: %s\n", 3850a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang strerror(errno)); 3860a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang vfree(id); 3870a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang id = NULL; 3880a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 3890a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 3900a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang data = (char *)(data + acp->id_len); 3910a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang memcpy(key->v, data, key->l); 3920a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 3930a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* FALLTHROUGH */ 394c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh case ADMIN_ESTABLISH_SA: 395c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh { 3960a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct sockaddr *dst; 3970a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct sockaddr *src; 398c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh src = (struct sockaddr *) 399c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh &((struct admin_com_indexes *) 400c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh ((caddr_t)com + sizeof(*com)))->src; 401c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh dst = (struct sockaddr *) 402c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh &((struct admin_com_indexes *) 403c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh ((caddr_t)com + sizeof(*com)))->dst; 4040a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 4050a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang switch (com->ac_proto) { 4060a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case ADMIN_PROTO_ISAKMP: { 4070a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct remoteconf *rmconf; 408c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh struct sockaddr *remote = NULL; 409c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh struct sockaddr *local = NULL; 4100a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang u_int16_t port; 4110a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 412c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh com->ac_errno = -1; 4130a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 4140a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* search appropreate configuration */ 415c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh rmconf = getrmconf(dst); 4160a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (rmconf == NULL) { 4170a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 4180a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "no configuration found " 4190a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "for %s\n", saddrwop2str(dst)); 420c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh goto out1; 4210a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 4220a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 423c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh /* get remote IP address and port number. */ 424c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh if ((remote = dupsaddr(dst)) == NULL) 425c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh goto out1; 426c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh 427c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh port = extract_port(rmconf->remote); 428c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh if (set_port(remote, port) == NULL) 429c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh goto out1; 430c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh 431c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh /* get local address */ 432c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh if ((local = dupsaddr(src)) == NULL) 433c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh goto out1; 434c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh 435c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh port = getmyaddrsport(local); 436c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh if (set_port(local, port) == NULL) 437c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh goto out1; 438c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh 4390a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#ifdef ENABLE_HYBRID 4400a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* Set the id and key */ 4410a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (id && key) { 4420a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (xauth_rmconf_used(&rmconf->xauth) == -1) 443c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh goto out1; 4440a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 4450a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (rmconf->xauth->login != NULL) { 4460a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang vfree(rmconf->xauth->login); 4470a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang rmconf->xauth->login = NULL; 4480a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 4490a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (rmconf->xauth->pass != NULL) { 4500a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang vfree(rmconf->xauth->pass); 4510a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang rmconf->xauth->pass = NULL; 4520a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 4530a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 4540a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang rmconf->xauth->login = id; 4550a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang rmconf->xauth->pass = key; 4560a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 4570a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#endif 458c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh 4590a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_INFO, LOCATION, NULL, 4600a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "accept a request to establish IKE-SA: " 461c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh "%s\n", saddrwop2str(remote)); 4620a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 4630a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* begin ident mode */ 464c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh if (isakmp_ph1begin_i(rmconf, remote, local) < 0) 465c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh goto out1; 466c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh 467c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh com->ac_errno = 0; 468c91307af2622f6625525f3c1f9c954376df950adChia-chi Yehout1: 469c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh if (local != NULL) 470c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh racoon_free(local); 471c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh if (remote != NULL) 472c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh racoon_free(remote); 4730a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 4740a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 4750a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case ADMIN_PROTO_AH: 476c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh case ADMIN_PROTO_ESP: 4770a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 4780a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang default: 4790a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* ignore */ 480c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh com->ac_errno = -1; 4810a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 482c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh } 4830a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 4840a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 4850a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang default: 4860a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 4870a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "invalid command: %d\n", com->ac_cmd); 488c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh com->ac_errno = -1; 4890a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 4900a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 491c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh if ((error = admin_reply(so2, com, buf)) != 0) 4920a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang goto out; 4930a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 494c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh error = 0; 4950a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangout: 4960a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (buf != NULL) 4970a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang vfree(buf); 4980a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 4990a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return error; 5000a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang} 5010a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 5020a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangstatic int 503c91307af2622f6625525f3c1f9c954376df950adChia-chi Yehadmin_reply(so, combuf, buf) 504c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh int so; 505c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh struct admin_com *combuf; 5060a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang vchar_t *buf; 5070a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 5080a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int tlen; 5090a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang char *retbuf = NULL; 5100a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 5110a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (buf != NULL) 5120a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang tlen = sizeof(*combuf) + buf->l; 5130a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang else 5140a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang tlen = sizeof(*combuf); 5150a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 5160a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang retbuf = racoon_calloc(1, tlen); 5170a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (retbuf == NULL) { 5180a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 5190a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "failed to allocate admin buffer\n"); 5200a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return -1; 5210a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 5220a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 523c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh memcpy(retbuf, combuf, sizeof(*combuf)); 524c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh ((struct admin_com *)retbuf)->ac_len = tlen; 5250a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 5260a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (buf != NULL) 5270a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang memcpy(retbuf + sizeof(*combuf), buf->v, buf->l); 5280a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 5290a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang tlen = send(so, retbuf, tlen, 0); 5300a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang racoon_free(retbuf); 5310a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (tlen < 0) { 5320a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 5330a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "failed to send admin command: %s\n", 5340a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang strerror(errno)); 5350a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return -1; 5360a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 5370a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 5380a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return 0; 5390a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang} 5400a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 5410a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang/* ADMIN_PROTO -> SADB_SATYPE */ 5420a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangint 5430a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangadmin2pfkey_proto(proto) 5440a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang u_int proto; 5450a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 5460a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang switch (proto) { 5470a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case ADMIN_PROTO_IPSEC: 5480a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return SADB_SATYPE_UNSPEC; 5490a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case ADMIN_PROTO_AH: 5500a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return SADB_SATYPE_AH; 5510a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case ADMIN_PROTO_ESP: 5520a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return SADB_SATYPE_ESP; 5530a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang default: 5540a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 5550a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "unsupported proto for admin: %d\n", proto); 5560a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return -1; 5570a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 5580a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /*NOTREACHED*/ 5590a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang} 5600a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 5610a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangint 5620a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangadmin_init() 5630a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 5640a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (adminsock_path == NULL) { 5650a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang lcconf->sock_admin = -1; 5660a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return 0; 5670a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 5680a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 5690a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang memset(&sunaddr, 0, sizeof(sunaddr)); 5700a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang sunaddr.sun_family = AF_UNIX; 5710a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang snprintf(sunaddr.sun_path, sizeof(sunaddr.sun_path), 5720a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "%s", adminsock_path); 5730a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 5740a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang lcconf->sock_admin = socket(AF_UNIX, SOCK_STREAM, 0); 5750a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (lcconf->sock_admin == -1) { 5760a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 5770a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "socket: %s\n", strerror(errno)); 5780a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return -1; 5790a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 5800a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 5810a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang unlink(sunaddr.sun_path); 5820a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (bind(lcconf->sock_admin, (struct sockaddr *)&sunaddr, 5830a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang sizeof(sunaddr)) != 0) { 5840a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 5850a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "bind(sockname:%s): %s\n", 5860a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang sunaddr.sun_path, strerror(errno)); 5870a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang (void)close(lcconf->sock_admin); 5880a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return -1; 5890a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 5900a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 5910a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (chown(sunaddr.sun_path, adminsock_owner, adminsock_group) != 0) { 592c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh plog(LLV_ERROR, LOCATION, NULL, 593c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh "chown(%s, %d, %d): %s\n", 594c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh sunaddr.sun_path, adminsock_owner, 5950a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang adminsock_group, strerror(errno)); 5960a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang (void)close(lcconf->sock_admin); 5970a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return -1; 5980a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 5990a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 6000a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (chmod(sunaddr.sun_path, adminsock_mode) != 0) { 601c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh plog(LLV_ERROR, LOCATION, NULL, 602c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh "chmod(%s, 0%03o): %s\n", 6030a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang sunaddr.sun_path, adminsock_mode, strerror(errno)); 6040a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang (void)close(lcconf->sock_admin); 6050a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return -1; 6060a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 6070a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 6080a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (listen(lcconf->sock_admin, 5) != 0) { 6090a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 6100a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "listen(sockname:%s): %s\n", 6110a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang sunaddr.sun_path, strerror(errno)); 6120a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang (void)close(lcconf->sock_admin); 6130a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return -1; 6140a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 6150a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_DEBUG, LOCATION, NULL, 616c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh "open %s as racoon management.\n", sunaddr.sun_path); 6170a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 6180a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return 0; 6190a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang} 6200a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 6210a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangint 6220a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangadmin_close() 6230a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 6240a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang close(lcconf->sock_admin); 6250a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return 0; 6260a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang} 627f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh#endif 628c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh 629