1c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh/* $NetBSD: isakmp_cfg.c,v 1.12.6.4 2008/11/27 15:25:20 vanhu Exp $ */ 20a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 30a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang/* Id: isakmp_cfg.c,v 1.55 2006/08/22 18:17:17 manubsd Exp */ 40a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 50a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang/* 60a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * Copyright (C) 2004-2006 Emmanuel Dreyfus 70a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * All rights reserved. 80a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * 90a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * Redistribution and use in source and binary forms, with or without 100a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * modification, are permitted provided that the following conditions 110a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * are met: 120a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * 1. Redistributions of source code must retain the above copyright 130a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * notice, this list of conditions and the following disclaimer. 140a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * 2. Redistributions in binary form must reproduce the above copyright 150a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * notice, this list of conditions and the following disclaimer in the 160a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * documentation and/or other materials provided with the distribution. 170a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * 3. Neither the name of the project nor the names of its contributors 180a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * may be used to endorse or promote products derived from this software 190a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * without specific prior written permission. 200a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * 210a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 220a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 230a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 240a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 250a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 260a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 270a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 280a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 290a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 300a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 310a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * SUCH DAMAGE. 320a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang */ 330a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 340a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "config.h" 350a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 360a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include <sys/types.h> 370a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include <sys/param.h> 380a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include <sys/socket.h> 390a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include <sys/queue.h> 400a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 41514ffe2b8b4236d53f584fcd8382dd65bc4df532Chia-chi Yeh#ifndef ANDROID_PATCHED 42c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh#include <utmp.h> 43514ffe2b8b4236d53f584fcd8382dd65bc4df532Chia-chi Yeh#endif 440a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#if defined(__APPLE__) && defined(__MACH__) 450a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include <util.h> 460a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#endif 470a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 480a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#ifdef __FreeBSD__ 490a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang# include <libutil.h> 500a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#endif 510a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#ifdef __NetBSD__ 520a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang# include <util.h> 530a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#endif 540a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 550a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include <netinet/in.h> 560a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include <arpa/inet.h> 570a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 580a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include <stdlib.h> 590a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include <stdio.h> 600a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include <string.h> 610a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include <errno.h> 620a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#if TIME_WITH_SYS_TIME 630a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang# include <sys/time.h> 640a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang# include <time.h> 650a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#else 660a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang# if HAVE_SYS_TIME_H 670a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang# include <sys/time.h> 680a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang# else 690a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang# include <time.h> 700a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang# endif 710a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#endif 720a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include <netdb.h> 730a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#ifdef HAVE_UNISTD_H 740a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include <unistd.h> 750a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#endif 760a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#if HAVE_STDINT_H 770a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include <stdint.h> 780a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#endif 790a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include <ctype.h> 800a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include <resolv.h> 810a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 820a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#ifdef HAVE_LIBRADIUS 830a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include <sys/utsname.h> 840a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include <radlib.h> 850a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#endif 860a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 870a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "var.h" 880a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "misc.h" 890a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "vmbuf.h" 900a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "plog.h" 910a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "sockmisc.h" 920a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "schedule.h" 930a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "debug.h" 940a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 950a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "isakmp_var.h" 960a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "isakmp.h" 970a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "handler.h" 980a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "evt.h" 990a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "throttle.h" 1000a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "remoteconf.h" 1010a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "crypto_openssl.h" 1020a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "isakmp_inf.h" 1030a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "isakmp_xauth.h" 1040a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "isakmp_unity.h" 1050a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "isakmp_cfg.h" 1060a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "strnames.h" 1070a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "admin.h" 1080a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "privsep.h" 1090a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 1100a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangstruct isakmp_cfg_config isakmp_cfg_config; 1110a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 1120a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangstatic vchar_t *buffer_cat(vchar_t *s, vchar_t *append); 1130a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangstatic vchar_t *isakmp_cfg_net(struct ph1handle *, struct isakmp_data *); 1140a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#if 0 1150a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangstatic vchar_t *isakmp_cfg_void(struct ph1handle *, struct isakmp_data *); 1160a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#endif 1170a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangstatic vchar_t *isakmp_cfg_addr4(struct ph1handle *, 1180a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct isakmp_data *, in_addr_t *); 1190a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangstatic void isakmp_cfg_getaddr4(struct isakmp_data *, struct in_addr *); 1200a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangstatic vchar_t *isakmp_cfg_addr4_list(struct ph1handle *, 1210a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct isakmp_data *, in_addr_t *, int); 1220a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangstatic void isakmp_cfg_appendaddr4(struct isakmp_data *, 1230a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct in_addr *, int *, int); 1240a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangstatic void isakmp_cfg_getstring(struct isakmp_data *,char *); 1250a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangvoid isakmp_cfg_iplist_to_str(char *, int, void *, int); 1260a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 1270a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#define ISAKMP_CFG_LOGIN 1 1280a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#define ISAKMP_CFG_LOGOUT 2 1290a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangstatic int isakmp_cfg_accounting(struct ph1handle *, int); 1300a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#ifdef HAVE_LIBRADIUS 1310a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangstatic int isakmp_cfg_accounting_radius(struct ph1handle *, int); 1320a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#endif 1330a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 1340a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang/* 1350a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * Handle an ISAKMP config mode packet 1360a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * We expect HDR, HASH, ATTR 1370a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang */ 1380a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangvoid 1390a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangisakmp_cfg_r(iph1, msg) 1400a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct ph1handle *iph1; 1410a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang vchar_t *msg; 1420a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 1430a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct isakmp *packet; 1440a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct isakmp_gen *ph; 1450a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int tlen; 1460a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang char *npp; 1470a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int np; 1480a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang vchar_t *dmsg; 1490a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct isakmp_ivm *ivm; 1500a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 1510a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* Check that the packet is long enough to have a header */ 1520a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (msg->l < sizeof(*packet)) { 1530a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, "Unexpected short packet\n"); 1540a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return; 1550a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 1560a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 1570a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang packet = (struct isakmp *)msg->v; 1580a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 1590a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* Is it encrypted? It should be encrypted */ 1600a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if ((packet->flags & ISAKMP_FLAG_E) == 0) { 1610a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 1620a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "User credentials sent in cleartext!\n"); 1630a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return; 1640a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 1650a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 1660a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* 1670a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * Decrypt the packet. If this is the beginning of a new 1680a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * exchange, reinitialize the IV 1690a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang */ 1700a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (iph1->mode_cfg->ivm == NULL || 1710a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang iph1->mode_cfg->last_msgid != packet->msgid ) 1720a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang iph1->mode_cfg->ivm = 1730a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang isakmp_cfg_newiv(iph1, packet->msgid); 1740a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang ivm = iph1->mode_cfg->ivm; 1750a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 1760a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang dmsg = oakley_do_decrypt(iph1, msg, ivm->iv, ivm->ive); 1770a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (dmsg == NULL) { 1780a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 1790a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "failed to decrypt message\n"); 1800a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return; 1810a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 1820a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 1830a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_DEBUG, LOCATION, NULL, "MODE_CFG packet\n"); 1840a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plogdump(LLV_DEBUG, dmsg->v, dmsg->l); 1850a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 1860a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* Now work with the decrypted packet */ 1870a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang packet = (struct isakmp *)dmsg->v; 1880a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang tlen = dmsg->l - sizeof(*packet); 1890a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang ph = (struct isakmp_gen *)(packet + 1); 1900a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 1910a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang np = packet->np; 1920a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang while ((tlen > 0) && (np != ISAKMP_NPTYPE_NONE)) { 1930a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* Check that the payload header fits in the packet */ 1940a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (tlen < sizeof(*ph)) { 1950a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_WARNING, LOCATION, NULL, 1960a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "Short payload header\n"); 1970a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang goto out; 1980a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 1990a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 2000a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* Check that the payload fits in the packet */ 2010a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (tlen < ntohs(ph->len)) { 2020a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_WARNING, LOCATION, NULL, 2030a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "Short payload\n"); 2040a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang goto out; 2050a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 2060a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 2070a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_DEBUG, LOCATION, NULL, "Seen payload %d\n", np); 2080a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plogdump(LLV_DEBUG, ph, ntohs(ph->len)); 2090a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 2100a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang switch(np) { 2110a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case ISAKMP_NPTYPE_HASH: { 2120a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang vchar_t *check; 2130a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang vchar_t *payload; 2140a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang size_t plen; 2150a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct isakmp_gen *nph; 2160a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 2170a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plen = ntohs(ph->len); 2180a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang nph = (struct isakmp_gen *)((char *)ph + plen); 2190a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plen = ntohs(nph->len); 2200a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 2210a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if ((payload = vmalloc(plen)) == NULL) { 2220a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 2230a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "Cannot allocate memory\n"); 2240a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang goto out; 2250a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 2260a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang memcpy(payload->v, nph, plen); 2270a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 2280a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if ((check = oakley_compute_hash1(iph1, 2290a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang packet->msgid, payload)) == NULL) { 2300a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 2310a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "Cannot compute hash\n"); 2320a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang vfree(payload); 2330a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang goto out; 2340a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 2350a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 2360a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (memcmp(ph + 1, check->v, check->l) != 0) { 2370a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 2380a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "Hash verification failed\n"); 2390a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang vfree(payload); 2400a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang vfree(check); 2410a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang goto out; 2420a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 2430a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang vfree(payload); 2440a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang vfree(check); 2450a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 2460a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 2470a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case ISAKMP_NPTYPE_ATTR: { 2480a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct isakmp_pl_attr *attrpl; 2490a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 2500a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang attrpl = (struct isakmp_pl_attr *)ph; 2510a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang isakmp_cfg_attr_r(iph1, packet->msgid, attrpl); 2520a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 2530a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 2540a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 2550a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang default: 2560a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_WARNING, LOCATION, NULL, 2570a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "Unexpected next payload %d\n", np); 2580a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* Skip to the next payload */ 2590a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 2600a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 2610a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 2620a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* Move to the next payload */ 2630a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang np = ph->np; 2640a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang tlen -= ntohs(ph->len); 2650a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang npp = (char *)ph; 2660a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang ph = (struct isakmp_gen *)(npp + ntohs(ph->len)); 2670a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 2680a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 2690a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangout: 2700a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang vfree(dmsg); 2710a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang} 2720a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 2730a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangint 2740a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangisakmp_cfg_attr_r(iph1, msgid, attrpl) 2750a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct ph1handle *iph1; 2760a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang u_int32_t msgid; 2770a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct isakmp_pl_attr *attrpl; 2780a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 2790a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int type = attrpl->type; 2800a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 2810a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_DEBUG, LOCATION, NULL, 2820a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "Configuration exchange type %s\n", s_isakmp_cfg_ptype(type)); 2830a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang switch (type) { 2840a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case ISAKMP_CFG_ACK: 2850a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* ignore, but this is the time to reinit the IV */ 2860a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang oakley_delivm(iph1->mode_cfg->ivm); 2870a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang iph1->mode_cfg->ivm = NULL; 2880a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return 0; 2890a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 2900a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 2910a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case ISAKMP_CFG_REPLY: 2920a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return isakmp_cfg_reply(iph1, attrpl); 2930a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 2940a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 2950a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case ISAKMP_CFG_REQUEST: 2960a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang iph1->msgid = msgid; 2970a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return isakmp_cfg_request(iph1, attrpl); 2980a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 2990a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 3000a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case ISAKMP_CFG_SET: 3010a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang iph1->msgid = msgid; 3020a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return isakmp_cfg_set(iph1, attrpl); 3030a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 3040a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 3050a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang default: 3060a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_WARNING, LOCATION, NULL, 3070a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "Unepected configuration exchange type %d\n", type); 3080a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return -1; 3090a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 3100a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 3110a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 3120a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return 0; 3130a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang} 3140a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 3150a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangint 3160a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangisakmp_cfg_reply(iph1, attrpl) 3170a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct ph1handle *iph1; 3180a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct isakmp_pl_attr *attrpl; 3190a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 3200a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct isakmp_data *attr; 3210a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int tlen; 3220a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang size_t alen; 3230a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang char *npp; 3240a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int type; 3250a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct sockaddr_in *sin; 3260a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int error; 3270a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 3280a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang tlen = ntohs(attrpl->h.len); 3290a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang attr = (struct isakmp_data *)(attrpl + 1); 3300a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang tlen -= sizeof(*attrpl); 3310a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 3320a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang while (tlen > 0) { 3330a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang type = ntohs(attr->type); 3340a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 3350a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* Handle short attributes */ 3360a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if ((type & ISAKMP_GEN_MASK) == ISAKMP_GEN_TV) { 3370a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang type &= ~ISAKMP_GEN_MASK; 3380a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 3390a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_DEBUG, LOCATION, NULL, 3400a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "Short attribute %s = %d\n", 3410a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang s_isakmp_cfg_type(type), ntohs(attr->lorv)); 3420a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 3430a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang switch (type) { 3440a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case XAUTH_TYPE: 3450a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if ((error = xauth_attr_reply(iph1, 3460a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang attr, ntohs(attrpl->id))) != 0) 3470a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return error; 3480a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 3490a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 3500a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang default: 3510a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_WARNING, LOCATION, NULL, 3520a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "Ignored short attribute %s\n", 3530a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang s_isakmp_cfg_type(type)); 3540a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 3550a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 3560a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 3570a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang tlen -= sizeof(*attr); 3580a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang attr++; 3590a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang continue; 3600a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 3610a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 3620a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang type = ntohs(attr->type); 3630a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang alen = ntohs(attr->lorv); 3640a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 3650a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* Check that the attribute fit in the packet */ 3660a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (tlen < alen) { 3670a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 3680a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "Short attribute %s\n", 3690a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang s_isakmp_cfg_type(type)); 3700a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return -1; 3710a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 3720a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 3730a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_DEBUG, LOCATION, NULL, 3740a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "Attribute %s, len %zu\n", 3750a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang s_isakmp_cfg_type(type), alen); 3760a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 3770a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang switch(type) { 3780a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case XAUTH_TYPE: 3790a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case XAUTH_USER_NAME: 3800a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case XAUTH_USER_PASSWORD: 3810a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case XAUTH_PASSCODE: 3820a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case XAUTH_MESSAGE: 3830a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case XAUTH_CHALLENGE: 3840a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case XAUTH_DOMAIN: 3850a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case XAUTH_STATUS: 3860a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case XAUTH_NEXT_PIN: 3870a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case XAUTH_ANSWER: 3880a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if ((error = xauth_attr_reply(iph1, 3890a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang attr, ntohs(attrpl->id))) != 0) 3900a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return error; 3910a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 3920a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case INTERNAL_IP4_ADDRESS: 3930a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang isakmp_cfg_getaddr4(attr, &iph1->mode_cfg->addr4); 3940a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang iph1->mode_cfg->flags |= ISAKMP_CFG_GOT_ADDR4; 3950a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 3960a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case INTERNAL_IP4_NETMASK: 3970a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang isakmp_cfg_getaddr4(attr, &iph1->mode_cfg->mask4); 3980a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang iph1->mode_cfg->flags |= ISAKMP_CFG_GOT_MASK4; 3990a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 4000a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case INTERNAL_IP4_DNS: 4010a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang isakmp_cfg_appendaddr4(attr, 4020a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang &iph1->mode_cfg->dns4[iph1->mode_cfg->dns4_index], 4030a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang &iph1->mode_cfg->dns4_index, MAXNS); 4040a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang iph1->mode_cfg->flags |= ISAKMP_CFG_GOT_DNS4; 4050a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 4060a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case INTERNAL_IP4_NBNS: 4070a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang isakmp_cfg_appendaddr4(attr, 4080a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang &iph1->mode_cfg->wins4[iph1->mode_cfg->wins4_index], 4090a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang &iph1->mode_cfg->wins4_index, MAXNS); 4100a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang iph1->mode_cfg->flags |= ISAKMP_CFG_GOT_WINS4; 4110a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 4120a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case UNITY_DEF_DOMAIN: 4130a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang isakmp_cfg_getstring(attr, 4140a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang iph1->mode_cfg->default_domain); 4150a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang iph1->mode_cfg->flags |= ISAKMP_CFG_GOT_DEFAULT_DOMAIN; 4160a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 4170a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case UNITY_SPLIT_INCLUDE: 4180a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case UNITY_LOCAL_LAN: 4190a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case UNITY_SPLITDNS_NAME: 4200a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case UNITY_BANNER: 4210a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case UNITY_SAVE_PASSWD: 4220a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case UNITY_NATT_PORT: 4230a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case UNITY_PFS: 4240a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case UNITY_FW_TYPE: 4250a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case UNITY_BACKUP_SERVERS: 4260a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case UNITY_DDNS_HOSTNAME: 4270a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang isakmp_unity_reply(iph1, attr); 4280a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 4290a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case INTERNAL_IP4_SUBNET: 4300a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case INTERNAL_ADDRESS_EXPIRY: 4310a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang default: 4320a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_WARNING, LOCATION, NULL, 4330a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "Ignored attribute %s\n", 4340a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang s_isakmp_cfg_type(type)); 4350a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 4360a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 4370a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 4380a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang npp = (char *)attr; 4390a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang attr = (struct isakmp_data *)(npp + sizeof(*attr) + alen); 4400a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang tlen -= (sizeof(*attr) + alen); 4410a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 4420a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 4430a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* 4440a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * Call the SA up script hook now that we have the configuration 4450a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * It is done at the end of phase 1 if ISAKMP mode config is not 4460a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * requested. 4470a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang */ 4480a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 4490a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if ((iph1->status == PHASE1ST_ESTABLISHED) && 4500a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang iph1->rmconf->mode_cfg) { 451c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh switch (AUTHMETHOD(iph1)) { 452c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh case FICTIVE_AUTH_METHOD_XAUTH_PSKEY_I: 4530a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case OAKLEY_ATTR_AUTH_METHOD_HYBRID_RSA_I: 4540a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* Unimplemented */ 4550a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case OAKLEY_ATTR_AUTH_METHOD_HYBRID_DSS_I: 4560a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case OAKLEY_ATTR_AUTH_METHOD_XAUTH_DSSSIG_I: 4570a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case OAKLEY_ATTR_AUTH_METHOD_XAUTH_RSASIG_I: 4580a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case OAKLEY_ATTR_AUTH_METHOD_XAUTH_RSAENC_I: 4590a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case OAKLEY_ATTR_AUTH_METHOD_XAUTH_RSAREV_I: 4600a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang script_hook(iph1, SCRIPT_PHASE1_UP); 4610a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 4620a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang default: 4630a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 4640a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 4650a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 4660a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 4670a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 4680a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#ifdef ENABLE_ADMINPORT 4690a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang { 4700a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang vchar_t *buf; 4710a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 4720a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang alen = ntohs(attrpl->h.len) - sizeof(*attrpl); 4730a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if ((buf = vmalloc(alen)) == NULL) { 4740a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_WARNING, LOCATION, NULL, 4750a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "Cannot allocate memory: %s\n", strerror(errno)); 4760a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } else { 4770a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang memcpy(buf->v, attrpl + 1, buf->l); 478c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh EVT_PUSH(iph1->local, iph1->remote, 479c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh EVTT_ISAKMP_CFG_DONE, buf); 4800a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang vfree(buf); 4810a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 4820a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 4830a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#endif 4840a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 4850a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return 0; 4860a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang} 4870a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 4880a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangint 4890a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangisakmp_cfg_request(iph1, attrpl) 4900a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct ph1handle *iph1; 4910a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct isakmp_pl_attr *attrpl; 4920a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 4930a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct isakmp_data *attr; 4940a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int tlen; 4950a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang size_t alen; 4960a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang char *npp; 4970a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang vchar_t *payload; 4980a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct isakmp_pl_attr *reply; 4990a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang vchar_t *reply_attr; 5000a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int type; 5010a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int error = -1; 5020a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 5030a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if ((payload = vmalloc(sizeof(*reply))) == NULL) { 5040a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, "Cannot allocate memory\n"); 5050a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return -1; 5060a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 5070a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang memset(payload->v, 0, sizeof(*reply)); 5080a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 5090a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang tlen = ntohs(attrpl->h.len); 5100a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang attr = (struct isakmp_data *)(attrpl + 1); 5110a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang tlen -= sizeof(*attrpl); 5120a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 5130a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang while (tlen > 0) { 5140a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang reply_attr = NULL; 5150a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang type = ntohs(attr->type); 5160a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 5170a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* Handle short attributes */ 5180a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if ((type & ISAKMP_GEN_MASK) == ISAKMP_GEN_TV) { 5190a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang type &= ~ISAKMP_GEN_MASK; 5200a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 5210a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_DEBUG, LOCATION, NULL, 5220a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "Short attribute %s = %d\n", 5230a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang s_isakmp_cfg_type(type), ntohs(attr->lorv)); 5240a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 5250a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang switch (type) { 5260a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case XAUTH_TYPE: 5270a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang reply_attr = isakmp_xauth_req(iph1, attr); 5280a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 5290a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang default: 5300a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_WARNING, LOCATION, NULL, 5310a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "Ignored short attribute %s\n", 5320a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang s_isakmp_cfg_type(type)); 5330a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 5340a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 5350a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 5360a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang tlen -= sizeof(*attr); 5370a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang attr++; 5380a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 5390a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (reply_attr != NULL) { 5400a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang payload = buffer_cat(payload, reply_attr); 5410a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang vfree(reply_attr); 5420a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 5430a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 5440a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang continue; 5450a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 5460a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 5470a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang type = ntohs(attr->type); 5480a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang alen = ntohs(attr->lorv); 5490a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 5500a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* Check that the attribute fit in the packet */ 5510a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (tlen < alen) { 5520a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 5530a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "Short attribute %s\n", 5540a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang s_isakmp_cfg_type(type)); 5550a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang goto end; 5560a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 5570a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 5580a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_DEBUG, LOCATION, NULL, 5590a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "Attribute %s, len %zu\n", 5600a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang s_isakmp_cfg_type(type), alen); 5610a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 5620a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang switch(type) { 5630a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case INTERNAL_IP4_ADDRESS: 5640a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case INTERNAL_IP4_NETMASK: 5650a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case INTERNAL_IP4_DNS: 5660a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case INTERNAL_IP4_NBNS: 5670a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case INTERNAL_IP4_SUBNET: 5680a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang reply_attr = isakmp_cfg_net(iph1, attr); 5690a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 5700a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 5710a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case XAUTH_TYPE: 5720a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case XAUTH_USER_NAME: 5730a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case XAUTH_USER_PASSWORD: 5740a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case XAUTH_PASSCODE: 5750a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case XAUTH_MESSAGE: 5760a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case XAUTH_CHALLENGE: 5770a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case XAUTH_DOMAIN: 5780a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case XAUTH_STATUS: 5790a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case XAUTH_NEXT_PIN: 5800a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case XAUTH_ANSWER: 5810a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang reply_attr = isakmp_xauth_req(iph1, attr); 5820a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 5830a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 5840a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case APPLICATION_VERSION: 5850a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang reply_attr = isakmp_cfg_string(iph1, 5860a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang attr, ISAKMP_CFG_RACOON_VERSION); 5870a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 5880a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 5890a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case UNITY_BANNER: 5900a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case UNITY_PFS: 5910a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case UNITY_SAVE_PASSWD: 5920a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case UNITY_DEF_DOMAIN: 5930a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case UNITY_DDNS_HOSTNAME: 5940a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case UNITY_FW_TYPE: 5950a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case UNITY_SPLITDNS_NAME: 5960a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case UNITY_SPLIT_INCLUDE: 5970a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case UNITY_LOCAL_LAN: 5980a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case UNITY_NATT_PORT: 5990a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case UNITY_BACKUP_SERVERS: 6000a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang reply_attr = isakmp_unity_req(iph1, attr); 6010a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 6020a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 6030a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case INTERNAL_ADDRESS_EXPIRY: 6040a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang default: 6050a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_WARNING, LOCATION, NULL, 6060a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "Ignored attribute %s\n", 6070a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang s_isakmp_cfg_type(type)); 6080a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 6090a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 6100a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 6110a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang npp = (char *)attr; 6120a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang attr = (struct isakmp_data *)(npp + sizeof(*attr) + alen); 6130a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang tlen -= (sizeof(*attr) + alen); 6140a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 6150a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (reply_attr != NULL) { 6160a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang payload = buffer_cat(payload, reply_attr); 6170a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang vfree(reply_attr); 6180a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 6190a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 6200a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 6210a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 6220a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang reply = (struct isakmp_pl_attr *)payload->v; 6230a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang reply->h.len = htons(payload->l); 6240a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang reply->type = ISAKMP_CFG_REPLY; 6250a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang reply->id = attrpl->id; 6260a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 6270a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_DEBUG, LOCATION, NULL, 6280a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "Sending MODE_CFG REPLY\n"); 6290a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 6300a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang error = isakmp_cfg_send(iph1, payload, 6310a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang ISAKMP_NPTYPE_ATTR, ISAKMP_FLAG_E, 0); 6320a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 6330a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (iph1->status == PHASE1ST_ESTABLISHED) { 634c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh switch (AUTHMETHOD(iph1)) { 6350a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case OAKLEY_ATTR_AUTH_METHOD_XAUTH_PSKEY_R: 6360a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case OAKLEY_ATTR_AUTH_METHOD_HYBRID_RSA_R: 6370a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* Unimplemented */ 6380a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case OAKLEY_ATTR_AUTH_METHOD_HYBRID_DSS_R: 6390a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case OAKLEY_ATTR_AUTH_METHOD_XAUTH_DSSSIG_R: 6400a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case OAKLEY_ATTR_AUTH_METHOD_XAUTH_RSASIG_R: 6410a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case OAKLEY_ATTR_AUTH_METHOD_XAUTH_RSAENC_R: 6420a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case OAKLEY_ATTR_AUTH_METHOD_XAUTH_RSAREV_R: 6430a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang script_hook(iph1, SCRIPT_PHASE1_UP); 6440a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 6450a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang default: 6460a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 6470a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 6480a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 6490a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 6500a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangend: 6510a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang vfree(payload); 6520a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 6530a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return error; 6540a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang} 6550a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 6560a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangint 6570a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangisakmp_cfg_set(iph1, attrpl) 6580a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct ph1handle *iph1; 6590a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct isakmp_pl_attr *attrpl; 6600a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 6610a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct isakmp_data *attr; 6620a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int tlen; 6630a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang size_t alen; 6640a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang char *npp; 6650a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang vchar_t *payload; 6660a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct isakmp_pl_attr *reply; 6670a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang vchar_t *reply_attr; 6680a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int type; 6690a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int error = -1; 6700a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 6710a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if ((payload = vmalloc(sizeof(*reply))) == NULL) { 6720a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, "Cannot allocate memory\n"); 6730a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return -1; 6740a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 6750a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang memset(payload->v, 0, sizeof(*reply)); 6760a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 6770a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang tlen = ntohs(attrpl->h.len); 6780a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang attr = (struct isakmp_data *)(attrpl + 1); 6790a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang tlen -= sizeof(*attrpl); 6800a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 6810a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* 6820a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * We should send ack for the attributes we accepted 6830a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang */ 6840a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang while (tlen > 0) { 6850a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang reply_attr = NULL; 6860a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang type = ntohs(attr->type); 6870a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 6880a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_DEBUG, LOCATION, NULL, 6890a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "Attribute %s\n", 6900a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang s_isakmp_cfg_type(type & ~ISAKMP_GEN_MASK)); 6910a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 6920a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang switch (type & ~ISAKMP_GEN_MASK) { 6930a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case XAUTH_STATUS: 6940a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang reply_attr = isakmp_xauth_set(iph1, attr); 6950a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 6960a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang default: 6970a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_DEBUG, LOCATION, NULL, 6980a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "Unexpected SET attribute %s\n", 6990a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang s_isakmp_cfg_type(type & ~ISAKMP_GEN_MASK)); 7000a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 7010a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 7020a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 7030a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (reply_attr != NULL) { 7040a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang payload = buffer_cat(payload, reply_attr); 7050a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang vfree(reply_attr); 7060a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 7070a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 7080a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* 7090a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * Move to next attribute. If we run out of the packet, 7100a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * tlen becomes negative and we exit. 7110a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang */ 7120a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if ((type & ISAKMP_GEN_MASK) == ISAKMP_GEN_TV) { 7130a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang tlen -= sizeof(*attr); 7140a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang attr++; 7150a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } else { 7160a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang alen = ntohs(attr->lorv); 7170a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang tlen -= (sizeof(*attr) + alen); 7180a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang npp = (char *)attr; 7190a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang attr = (struct isakmp_data *) 7200a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang (npp + sizeof(*attr) + alen); 7210a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 7220a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 7230a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 7240a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang reply = (struct isakmp_pl_attr *)payload->v; 7250a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang reply->h.len = htons(payload->l); 7260a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang reply->type = ISAKMP_CFG_ACK; 7270a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang reply->id = attrpl->id; 7280a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 7290a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_DEBUG, LOCATION, NULL, 7300a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "Sending MODE_CFG ACK\n"); 7310a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 7320a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang error = isakmp_cfg_send(iph1, payload, 7330a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang ISAKMP_NPTYPE_ATTR, ISAKMP_FLAG_E, 0); 7340a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 7350a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (iph1->mode_cfg->flags & ISAKMP_CFG_DELETE_PH1) { 736c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh if (iph1->status == PHASE1ST_ESTABLISHED) 7370a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang isakmp_info_send_d1(iph1); 7380a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang remph1(iph1); 7390a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang delph1(iph1); 7400a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang iph1 = NULL; 7410a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 7420a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangend: 7430a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang vfree(payload); 7440a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 7450a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* 7460a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * If required, request ISAKMP mode config information 7470a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang */ 7480a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if ((iph1 != NULL) && (iph1->rmconf->mode_cfg) && (error == 0)) 7490a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang error = isakmp_cfg_getconfig(iph1); 7500a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 7510a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return error; 7520a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang} 7530a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 7540a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 7550a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangstatic vchar_t * 7560a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangbuffer_cat(s, append) 7570a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang vchar_t *s; 7580a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang vchar_t *append; 7590a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 7600a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang vchar_t *new; 7610a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 7620a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang new = vmalloc(s->l + append->l); 7630a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (new == NULL) { 7640a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 7650a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "Cannot allocate memory\n"); 7660a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return s; 7670a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 7680a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 7690a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang memcpy(new->v, s->v, s->l); 7700a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang memcpy(new->v + s->l, append->v, append->l); 7710a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 7720a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang vfree(s); 7730a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return new; 7740a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang} 7750a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 7760a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangstatic vchar_t * 7770a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangisakmp_cfg_net(iph1, attr) 7780a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct ph1handle *iph1; 7790a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct isakmp_data *attr; 7800a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 7810a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int type; 7820a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int confsource; 7830a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang in_addr_t addr4; 7840a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 7850a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang type = ntohs(attr->type); 7860a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 7870a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* 7880a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * Don't give an address to a peer that did not succeed Xauth 7890a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang */ 7900a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (xauth_check(iph1) != 0) { 7910a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 7920a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "Attempt to start phase config whereas Xauth failed\n"); 7930a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return NULL; 7940a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 7950a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 7960a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang confsource = isakmp_cfg_config.confsource; 7970a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* 7980a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * If we have to fall back to a local 7990a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * configuration source, we will jump 8000a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * back to this point. 8010a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang */ 8020a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangretry_source: 8030a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 8040a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang switch(type) { 8050a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case INTERNAL_IP4_ADDRESS: 8060a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang switch(confsource) { 8070a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#ifdef HAVE_LIBLDAP 8080a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case ISAKMP_CFG_CONF_LDAP: 8090a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (iph1->mode_cfg->flags & ISAKMP_CFG_ADDR4_EXTERN) 8100a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 8110a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_INFO, LOCATION, NULL, 8120a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "No IP from LDAP, using local pool\n"); 8130a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* FALLTHROUGH */ 8140a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang confsource = ISAKMP_CFG_CONF_LOCAL; 8150a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang goto retry_source; 8160a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#endif 8170a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#ifdef HAVE_LIBRADIUS 8180a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case ISAKMP_CFG_CONF_RADIUS: 8190a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if ((iph1->mode_cfg->flags & ISAKMP_CFG_ADDR4_EXTERN) 8200a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang && (iph1->mode_cfg->addr4.s_addr != htonl(-2))) 8210a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* 8220a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * -2 is 255.255.255.254, RADIUS uses that 8230a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * to instruct the NAS to use a local pool 8240a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang */ 8250a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 8260a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_INFO, LOCATION, NULL, 8270a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "No IP from RADIUS, using local pool\n"); 8280a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* FALLTHROUGH */ 8290a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang confsource = ISAKMP_CFG_CONF_LOCAL; 8300a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang goto retry_source; 8310a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#endif 8320a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case ISAKMP_CFG_CONF_LOCAL: 8330a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (isakmp_cfg_getport(iph1) == -1) { 8340a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 8350a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "Port pool depleted\n"); 8360a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 8370a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 8380a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 8390a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang iph1->mode_cfg->addr4.s_addr = 8400a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang htonl(ntohl(isakmp_cfg_config.network4) 8410a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang + iph1->mode_cfg->port); 8420a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang iph1->mode_cfg->flags |= ISAKMP_CFG_ADDR4_LOCAL; 8430a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 8440a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 8450a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang default: 8460a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 8470a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "Unexpected confsource\n"); 8480a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 8490a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 8500a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (isakmp_cfg_accounting(iph1, ISAKMP_CFG_LOGIN) != 0) 8510a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, "Accounting failed\n"); 8520a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 8530a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return isakmp_cfg_addr4(iph1, 8540a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang attr, &iph1->mode_cfg->addr4.s_addr); 8550a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 8560a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 8570a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case INTERNAL_IP4_NETMASK: 8580a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang switch(confsource) { 8590a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#ifdef HAVE_LIBLDAP 8600a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case ISAKMP_CFG_CONF_LDAP: 8610a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (iph1->mode_cfg->flags & ISAKMP_CFG_MASK4_EXTERN) 8620a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 8630a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_INFO, LOCATION, NULL, 8640a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "No mask from LDAP, using local pool\n"); 8650a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* FALLTHROUGH */ 8660a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang confsource = ISAKMP_CFG_CONF_LOCAL; 8670a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang goto retry_source; 8680a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#endif 8690a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#ifdef HAVE_LIBRADIUS 8700a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case ISAKMP_CFG_CONF_RADIUS: 8710a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (iph1->mode_cfg->flags & ISAKMP_CFG_MASK4_EXTERN) 8720a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 8730a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_INFO, LOCATION, NULL, 8740a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "No mask from RADIUS, using local pool\n"); 8750a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* FALLTHROUGH */ 8760a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang confsource = ISAKMP_CFG_CONF_LOCAL; 8770a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang goto retry_source; 8780a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#endif 8790a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case ISAKMP_CFG_CONF_LOCAL: 8800a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang iph1->mode_cfg->mask4.s_addr 8810a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang = isakmp_cfg_config.netmask4; 8820a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang iph1->mode_cfg->flags |= ISAKMP_CFG_MASK4_LOCAL; 8830a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 8840a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 8850a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang default: 8860a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 8870a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "Unexpected confsource\n"); 8880a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 8890a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return isakmp_cfg_addr4(iph1, attr, 8900a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang &iph1->mode_cfg->mask4.s_addr); 8910a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 8920a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 8930a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case INTERNAL_IP4_DNS: 8940a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return isakmp_cfg_addr4_list(iph1, 8950a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang attr, &isakmp_cfg_config.dns4[0], 8960a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang isakmp_cfg_config.dns4_index); 8970a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 8980a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 8990a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case INTERNAL_IP4_NBNS: 9000a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return isakmp_cfg_addr4_list(iph1, 9010a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang attr, &isakmp_cfg_config.nbns4[0], 9020a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang isakmp_cfg_config.nbns4_index); 9030a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 9040a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 9050a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case INTERNAL_IP4_SUBNET: 906c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh return isakmp_cfg_addr4(iph1, 907c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh attr, &isakmp_cfg_config.network4); 9080a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 9090a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 9100a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang default: 9110a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, "Unexpected type %d\n", type); 9120a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 9130a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 9140a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return NULL; 9150a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang} 9160a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 9170a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#if 0 9180a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangstatic vchar_t * 9190a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangisakmp_cfg_void(iph1, attr) 9200a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct ph1handle *iph1; 9210a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct isakmp_data *attr; 9220a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 9230a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang vchar_t *buffer; 9240a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct isakmp_data *new; 9250a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 9260a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if ((buffer = vmalloc(sizeof(*attr))) == NULL) { 9270a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, "Cannot allocate memory\n"); 9280a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return NULL; 9290a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 9300a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 9310a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang new = (struct isakmp_data *)buffer->v; 9320a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 9330a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang new->type = attr->type; 9340a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang new->lorv = htons(0); 9350a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 9360a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return buffer; 9370a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang} 9380a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#endif 9390a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 9400a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangvchar_t * 9410a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangisakmp_cfg_copy(iph1, attr) 9420a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct ph1handle *iph1; 9430a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct isakmp_data *attr; 9440a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 9450a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang vchar_t *buffer; 9460a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang size_t len = 0; 9470a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 9480a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if ((ntohs(attr->type) & ISAKMP_GEN_MASK) == ISAKMP_GEN_TLV) 9490a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang len = ntohs(attr->lorv); 9500a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 9510a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if ((buffer = vmalloc(sizeof(*attr) + len)) == NULL) { 9520a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, "Cannot allocate memory\n"); 9530a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return NULL; 9540a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 9550a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 9560a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang memcpy(buffer->v, attr, sizeof(*attr) + ntohs(attr->lorv)); 9570a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 9580a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return buffer; 9590a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang} 9600a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 9610a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangvchar_t * 9620a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangisakmp_cfg_short(iph1, attr, value) 9630a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct ph1handle *iph1; 9640a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct isakmp_data *attr; 9650a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int value; 9660a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 9670a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang vchar_t *buffer; 9680a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct isakmp_data *new; 9690a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int type; 9700a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 9710a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if ((buffer = vmalloc(sizeof(*attr))) == NULL) { 9720a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, "Cannot allocate memory\n"); 9730a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return NULL; 9740a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 9750a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 9760a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang new = (struct isakmp_data *)buffer->v; 9770a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang type = ntohs(attr->type) & ~ISAKMP_GEN_MASK; 9780a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 9790a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang new->type = htons(type | ISAKMP_GEN_TV); 9800a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang new->lorv = htons(value); 9810a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 9820a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return buffer; 9830a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang} 9840a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 9850a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangvchar_t * 9860a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangisakmp_cfg_varlen(iph1, attr, string, len) 9870a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct ph1handle *iph1; 9880a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct isakmp_data *attr; 9890a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang char *string; 9900a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang size_t len; 9910a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 9920a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang vchar_t *buffer; 9930a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct isakmp_data *new; 9940a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang char *data; 9950a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 9960a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if ((buffer = vmalloc(sizeof(*attr) + len)) == NULL) { 9970a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, "Cannot allocate memory\n"); 9980a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return NULL; 9990a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 10000a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 10010a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang new = (struct isakmp_data *)buffer->v; 10020a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 10030a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang new->type = attr->type; 10040a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang new->lorv = htons(len); 10050a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang data = (char *)(new + 1); 10060a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 10070a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang memcpy(data, string, len); 10080a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 10090a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return buffer; 10100a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang} 10110a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangvchar_t * 10120a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangisakmp_cfg_string(iph1, attr, string) 10130a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct ph1handle *iph1; 10140a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct isakmp_data *attr; 10150a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang char *string; 10160a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 10170a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang size_t len = strlen(string); 10180a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return isakmp_cfg_varlen(iph1, attr, string, len); 10190a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang} 10200a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 10210a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangstatic vchar_t * 10220a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangisakmp_cfg_addr4(iph1, attr, addr) 10230a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct ph1handle *iph1; 10240a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct isakmp_data *attr; 10250a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang in_addr_t *addr; 10260a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 10270a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang vchar_t *buffer; 10280a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct isakmp_data *new; 10290a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang size_t len; 10300a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 10310a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang len = sizeof(*addr); 10320a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if ((buffer = vmalloc(sizeof(*attr) + len)) == NULL) { 10330a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, "Cannot allocate memory\n"); 10340a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return NULL; 10350a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 10360a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 10370a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang new = (struct isakmp_data *)buffer->v; 10380a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 10390a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang new->type = attr->type; 10400a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang new->lorv = htons(len); 10410a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang memcpy(new + 1, addr, len); 10420a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 10430a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return buffer; 10440a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang} 10450a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 10460a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangstatic vchar_t * 10470a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangisakmp_cfg_addr4_list(iph1, attr, addr, nbr) 10480a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct ph1handle *iph1; 10490a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct isakmp_data *attr; 10500a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang in_addr_t *addr; 10510a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int nbr; 10520a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 10530a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int error = -1; 10540a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang vchar_t *buffer = NULL; 10550a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang vchar_t *bufone = NULL; 10560a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct isakmp_data *new; 10570a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang size_t len; 10580a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int i; 10590a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 10600a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang len = sizeof(*addr); 10610a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if ((buffer = vmalloc(0)) == NULL) { 10620a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, "Cannot allocate memory\n"); 10630a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang goto out; 10640a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 10650a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang for(i = 0; i < nbr; i++) { 10660a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if ((bufone = vmalloc(sizeof(*attr) + len)) == NULL) { 10670a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 10680a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "Cannot allocate memory\n"); 10690a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang goto out; 10700a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 10710a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang new = (struct isakmp_data *)bufone->v; 10720a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang new->type = attr->type; 10730a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang new->lorv = htons(len); 10740a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang memcpy(new + 1, &addr[i], len); 10750a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang new += (len + sizeof(*attr)); 10760a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang buffer = buffer_cat(buffer, bufone); 10770a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang vfree(bufone); 10780a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 10790a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 10800a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang error = 0; 10810a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 10820a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangout: 10830a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if ((error != 0) && (buffer != NULL)) { 10840a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang vfree(buffer); 10850a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang buffer = NULL; 10860a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 10870a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 10880a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return buffer; 10890a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang} 10900a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 10910a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangstruct isakmp_ivm * 10920a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangisakmp_cfg_newiv(iph1, msgid) 10930a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct ph1handle *iph1; 10940a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang u_int32_t msgid; 10950a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 10960a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct isakmp_cfg_state *ics = iph1->mode_cfg; 10970a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 10980a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (ics == NULL) { 10990a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 11000a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "isakmp_cfg_newiv called without mode config state\n"); 11010a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return NULL; 11020a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 11030a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 11040a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (ics->ivm != NULL) 11050a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang oakley_delivm(ics->ivm); 11060a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 11070a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang ics->ivm = oakley_newiv2(iph1, msgid); 11080a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang ics->last_msgid = msgid; 11090a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 11100a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return ics->ivm; 11110a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang} 11120a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 11130a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang/* Derived from isakmp_info_send_common */ 11140a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangint 11150a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangisakmp_cfg_send(iph1, payload, np, flags, new_exchange) 11160a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct ph1handle *iph1; 11170a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang vchar_t *payload; 11180a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang u_int32_t np; 11190a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int flags; 11200a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int new_exchange; 11210a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 11220a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct ph2handle *iph2 = NULL; 11230a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang vchar_t *hash = NULL; 11240a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct isakmp *isakmp; 11250a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct isakmp_gen *gen; 11260a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang char *p; 11270a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int tlen; 11280a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int error = -1; 11290a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct isakmp_cfg_state *ics = iph1->mode_cfg; 11300a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 11310a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* Check if phase 1 is established */ 1132c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh if ((iph1->status != PHASE1ST_ESTABLISHED) || 11330a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang (iph1->local == NULL) || 11340a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang (iph1->remote == NULL)) { 11350a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 11360a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "ISAKMP mode config exchange with immature phase 1\n"); 11370a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang goto end; 11380a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 11390a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 11400a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* add new entry to isakmp status table */ 11410a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang iph2 = newph2(); 11420a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (iph2 == NULL) 11430a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang goto end; 11440a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 11450a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang iph2->dst = dupsaddr(iph1->remote); 11460a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (iph2->dst == NULL) { 11470a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang delph2(iph2); 11480a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang goto end; 11490a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 11500a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang iph2->src = dupsaddr(iph1->local); 11510a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (iph2->src == NULL) { 11520a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang delph2(iph2); 11530a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang goto end; 11540a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 11550a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 1156c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh#if (!defined(ENABLE_NATT)) || (defined(BROKEN_NATT)) 1157c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh if (set_port(iph2->dst, 0) == NULL || 1158c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh set_port(iph2->src, 0) == NULL) { 1159c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh plog(LLV_ERROR, LOCATION, NULL, 1160c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh "invalid family: %d\n", iph1->remote->sa_family); 1161c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh delph2(iph2); 1162c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh goto end; 1163c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh } 1164c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh#endif 1165c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh iph2->ph1 = iph1; 11660a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang iph2->side = INITIATOR; 11670a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang iph2->status = PHASE2ST_START; 11680a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 11690a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (new_exchange) 11700a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang iph2->msgid = isakmp_newmsgid2(iph1); 11710a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang else 11720a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang iph2->msgid = iph1->msgid; 11730a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 11740a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* get IV and HASH(1) if skeyid_a was generated. */ 11750a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (iph1->skeyid_a != NULL) { 11760a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (new_exchange) { 11770a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (isakmp_cfg_newiv(iph1, iph2->msgid) == NULL) { 11780a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang delph2(iph2); 11790a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang goto end; 11800a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 11810a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 11820a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 11830a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* generate HASH(1) */ 1184c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh hash = oakley_compute_hash1(iph2->ph1, iph2->msgid, payload); 11850a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (hash == NULL) { 11860a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang delph2(iph2); 11870a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang goto end; 11880a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 11890a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 11900a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* initialized total buffer length */ 11910a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang tlen = hash->l; 11920a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang tlen += sizeof(*gen); 11930a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } else { 11940a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* IKE-SA is not established */ 11950a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang hash = NULL; 11960a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 11970a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* initialized total buffer length */ 11980a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang tlen = 0; 11990a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 12000a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if ((flags & ISAKMP_FLAG_A) == 0) 12010a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang iph2->flags = (hash == NULL ? 0 : ISAKMP_FLAG_E); 12020a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang else 12030a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang iph2->flags = (hash == NULL ? 0 : ISAKMP_FLAG_A); 12040a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 12050a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang insph2(iph2); 12060a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang bindph12(iph1, iph2); 12070a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 12080a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang tlen += sizeof(*isakmp) + payload->l; 12090a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 12100a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* create buffer for isakmp payload */ 12110a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang iph2->sendbuf = vmalloc(tlen); 12120a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (iph2->sendbuf == NULL) { 12130a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 12140a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "failed to get buffer to send.\n"); 12150a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang goto err; 12160a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 12170a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 12180a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* create isakmp header */ 12190a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang isakmp = (struct isakmp *)iph2->sendbuf->v; 12200a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang memcpy(&isakmp->i_ck, &iph1->index.i_ck, sizeof(cookie_t)); 12210a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang memcpy(&isakmp->r_ck, &iph1->index.r_ck, sizeof(cookie_t)); 12220a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang isakmp->np = hash == NULL ? (np & 0xff) : ISAKMP_NPTYPE_HASH; 12230a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang isakmp->v = iph1->version; 12240a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang isakmp->etype = ISAKMP_ETYPE_CFG; 12250a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang isakmp->flags = iph2->flags; 12260a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang memcpy(&isakmp->msgid, &iph2->msgid, sizeof(isakmp->msgid)); 12270a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang isakmp->len = htonl(tlen); 12280a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang p = (char *)(isakmp + 1); 12290a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 12300a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* create HASH payload */ 12310a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (hash != NULL) { 12320a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang gen = (struct isakmp_gen *)p; 12330a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang gen->np = np & 0xff; 12340a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang gen->len = htons(sizeof(*gen) + hash->l); 12350a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang p += sizeof(*gen); 12360a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang memcpy(p, hash->v, hash->l); 12370a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang p += hash->l; 12380a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 12390a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 12400a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* add payload */ 12410a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang memcpy(p, payload->v, payload->l); 12420a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang p += payload->l; 12430a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 12440a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#ifdef HAVE_PRINT_ISAKMP_C 12450a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang isakmp_printpacket(iph2->sendbuf, iph1->local, iph1->remote, 1); 12460a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#endif 12470a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 12480a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_DEBUG, LOCATION, NULL, "MODE_CFG packet to send\n"); 12490a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plogdump(LLV_DEBUG, iph2->sendbuf->v, iph2->sendbuf->l); 12500a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 12510a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* encoding */ 12520a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (ISSET(isakmp->flags, ISAKMP_FLAG_E)) { 12530a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang vchar_t *tmp; 12540a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 12550a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang tmp = oakley_do_encrypt(iph2->ph1, iph2->sendbuf, 12560a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang ics->ivm->ive, ics->ivm->iv); 12570a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang VPTRINIT(iph2->sendbuf); 12580a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (tmp == NULL) 12590a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang goto err; 12600a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang iph2->sendbuf = tmp; 12610a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 12620a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 12630a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* HDR*, HASH(1), ATTR */ 12640a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (isakmp_send(iph2->ph1, iph2->sendbuf) < 0) { 12650a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang VPTRINIT(iph2->sendbuf); 12660a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang goto err; 12670a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 12680a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 12690a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_DEBUG, LOCATION, NULL, 12700a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "sendto mode config %s.\n", s_isakmp_nptype(np)); 12710a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 12720a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* 12730a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * XXX We might need to resend the message... 12740a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang */ 12750a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 12760a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang error = 0; 12770a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang VPTRINIT(iph2->sendbuf); 12780a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 12790a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangerr: 12800a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (iph2->sendbuf != NULL) 12810a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang vfree(iph2->sendbuf); 12820a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 1283c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh unbindph12(iph2); 12840a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang remph2(iph2); 12850a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang delph2(iph2); 12860a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangend: 12870a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (hash) 12880a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang vfree(hash); 12890a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return error; 12900a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang} 12910a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 12920a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 12930a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangvoid 12940a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangisakmp_cfg_rmstate(iph1) 12950a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct ph1handle *iph1; 12960a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 12970a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct isakmp_cfg_state *state = iph1->mode_cfg; 12980a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 12990a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (isakmp_cfg_accounting(iph1, ISAKMP_CFG_LOGOUT) != 0) 13000a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, "Accounting failed\n"); 13010a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 13020a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (state->flags & ISAKMP_CFG_PORT_ALLOCATED) 13030a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang isakmp_cfg_putport(iph1, state->port); 13040a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 13050a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* Delete the IV if it's still there */ 13060a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if(iph1->mode_cfg->ivm) { 13070a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang oakley_delivm(iph1->mode_cfg->ivm); 13080a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang iph1->mode_cfg->ivm = NULL; 13090a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 13100a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 13110a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* Free any allocated splitnet lists */ 13120a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if(iph1->mode_cfg->split_include != NULL) 13130a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang splitnet_list_free(iph1->mode_cfg->split_include, 13140a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang &iph1->mode_cfg->include_count); 13150a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if(iph1->mode_cfg->split_local != NULL) 13160a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang splitnet_list_free(iph1->mode_cfg->split_local, 13170a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang &iph1->mode_cfg->local_count); 13180a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 13190a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang xauth_rmstate(&state->xauth); 13200a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 13210a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang racoon_free(state); 13220a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang iph1->mode_cfg = NULL; 13230a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 13240a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return; 13250a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang} 13260a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 13270a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangstruct isakmp_cfg_state * 13280a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangisakmp_cfg_mkstate(void) 13290a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 13300a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct isakmp_cfg_state *state; 13310a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 13320a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if ((state = racoon_malloc(sizeof(*state))) == NULL) { 13330a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 13340a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "Cannot allocate memory for mode config state\n"); 13350a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return NULL; 13360a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 13370a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang memset(state, 0, sizeof(*state)); 13380a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 13390a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return state; 13400a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang} 13410a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 13420a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangint 13430a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangisakmp_cfg_getport(iph1) 13440a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct ph1handle *iph1; 13450a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 13460a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang unsigned int i; 13470a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang size_t size = isakmp_cfg_config.pool_size; 13480a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 13490a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (iph1->mode_cfg->flags & ISAKMP_CFG_PORT_ALLOCATED) 13500a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return iph1->mode_cfg->port; 13510a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 13520a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (isakmp_cfg_config.port_pool == NULL) { 13530a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 13540a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "isakmp_cfg_config.port_pool == NULL\n"); 13550a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return -1; 13560a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 13570a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 13580a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang for (i = 0; i < size; i++) { 13590a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (isakmp_cfg_config.port_pool[i].used == 0) 13600a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 13610a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 13620a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 13630a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (i == size) { 13640a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 13650a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "No more addresses available\n"); 13660a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return -1; 13670a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 13680a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 13690a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang isakmp_cfg_config.port_pool[i].used = 1; 13700a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 13710a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_INFO, LOCATION, NULL, "Using port %d\n", i); 13720a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 13730a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang iph1->mode_cfg->flags |= ISAKMP_CFG_PORT_ALLOCATED; 13740a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang iph1->mode_cfg->port = i; 13750a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 13760a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return i; 13770a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang} 13780a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 13790a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangint 13800a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangisakmp_cfg_putport(iph1, index) 13810a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct ph1handle *iph1; 13820a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang unsigned int index; 13830a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 13840a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (isakmp_cfg_config.port_pool == NULL) { 13850a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 13860a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "isakmp_cfg_config.port_pool == NULL\n"); 13870a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return -1; 13880a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 13890a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 13900a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (isakmp_cfg_config.port_pool[index].used == 0) { 13910a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 13920a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "Attempt to release an unallocated address (port %d)\n", 13930a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang index); 13940a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return -1; 13950a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 13960a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 13970a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#ifdef HAVE_LIBPAM 13980a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* Cleanup PAM status associated with the port */ 13990a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (isakmp_cfg_config.authsource == ISAKMP_CFG_AUTH_PAM) 14000a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang privsep_cleanup_pam(index); 14010a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#endif 14020a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang isakmp_cfg_config.port_pool[index].used = 0; 14030a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang iph1->mode_cfg->flags &= ISAKMP_CFG_PORT_ALLOCATED; 14040a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 14050a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_INFO, LOCATION, NULL, "Released port %d\n", index); 14060a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 14070a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return 0; 14080a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang} 14090a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 14100a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#ifdef HAVE_LIBPAM 14110a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangvoid 14120a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangcleanup_pam(port) 14130a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int port; 14140a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 14150a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (isakmp_cfg_config.port_pool[port].pam != NULL) { 14160a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang pam_end(isakmp_cfg_config.port_pool[port].pam, PAM_SUCCESS); 14170a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang isakmp_cfg_config.port_pool[port].pam = NULL; 14180a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 14190a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 14200a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return; 14210a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang} 14220a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#endif 14230a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 14240a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang/* Accounting, only for RADIUS or PAM */ 14250a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangstatic int 14260a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangisakmp_cfg_accounting(iph1, inout) 14270a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct ph1handle *iph1; 14280a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int inout; 14290a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 14300a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#ifdef HAVE_LIBPAM 14310a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (isakmp_cfg_config.accounting == ISAKMP_CFG_ACCT_PAM) 14320a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return privsep_accounting_pam(iph1->mode_cfg->port, 14330a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang inout); 14340a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#endif 14350a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#ifdef HAVE_LIBRADIUS 14360a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (isakmp_cfg_config.accounting == ISAKMP_CFG_ACCT_RADIUS) 14370a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return isakmp_cfg_accounting_radius(iph1, inout); 14380a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#endif 14390a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (isakmp_cfg_config.accounting == ISAKMP_CFG_ACCT_SYSTEM) 14400a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return privsep_accounting_system(iph1->mode_cfg->port, 14410a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang iph1->remote, iph1->mode_cfg->login, inout); 14420a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return 0; 14430a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang} 14440a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 14450a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#ifdef HAVE_LIBPAM 14460a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangint 14470a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangisakmp_cfg_accounting_pam(port, inout) 14480a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int port; 14490a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int inout; 14500a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 14510a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int error = 0; 14520a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang pam_handle_t *pam; 14530a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 14540a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (isakmp_cfg_config.port_pool == NULL) { 14550a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 14560a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "isakmp_cfg_config.port_pool == NULL\n"); 14570a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return -1; 14580a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 14590a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 14600a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang pam = isakmp_cfg_config.port_pool[port].pam; 14610a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (pam == NULL) { 14620a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, "pam handle is NULL\n"); 14630a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return -1; 14640a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 14650a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 14660a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang switch (inout) { 14670a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case ISAKMP_CFG_LOGIN: 14680a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang error = pam_open_session(pam, 0); 14690a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 14700a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case ISAKMP_CFG_LOGOUT: 14710a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang error = pam_close_session(pam, 0); 14720a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang pam_end(pam, error); 14730a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang isakmp_cfg_config.port_pool[port].pam = NULL; 14740a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 14750a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang default: 14760a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, "Unepected inout\n"); 14770a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 14780a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 14790a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 14800a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (error != 0) { 14810a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 14820a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "pam_open_session/pam_close_session failed: %s\n", 14830a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang pam_strerror(pam, error)); 14840a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return -1; 14850a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 14860a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 14870a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return 0; 14880a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang} 14890a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#endif /* HAVE_LIBPAM */ 14900a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 14910a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#ifdef HAVE_LIBRADIUS 14920a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangstatic int 14930a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangisakmp_cfg_accounting_radius(iph1, inout) 14940a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct ph1handle *iph1; 14950a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int inout; 14960a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 1497c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh /* For first time use, initialize Radius */ 1498c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh if (radius_acct_state == NULL) { 1499c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh if ((radius_acct_state = rad_acct_open()) == NULL) { 1500c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh plog(LLV_ERROR, LOCATION, NULL, 1501c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh "Cannot init librradius\n"); 1502c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh return -1; 1503c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh } 1504c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh 1505c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh if (rad_config(radius_acct_state, NULL) != 0) { 1506c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh plog(LLV_ERROR, LOCATION, NULL, 1507c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh "Cannot open librarius config file: %s\n", 1508c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh rad_strerror(radius_acct_state)); 1509c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh rad_close(radius_acct_state); 1510c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh radius_acct_state = NULL; 1511c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh return -1; 1512c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh } 1513c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh } 1514c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh 15150a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (rad_create_request(radius_acct_state, 15160a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang RAD_ACCOUNTING_REQUEST) != 0) { 15170a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 15180a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "rad_create_request failed: %s\n", 15190a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang rad_strerror(radius_acct_state)); 15200a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return -1; 15210a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 15220a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 15230a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (rad_put_string(radius_acct_state, RAD_USER_NAME, 15240a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang iph1->mode_cfg->login) != 0) { 15250a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 15260a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "rad_put_string failed: %s\n", 15270a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang rad_strerror(radius_acct_state)); 15280a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return -1; 15290a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 15300a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 15310a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang switch (inout) { 15320a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case ISAKMP_CFG_LOGIN: 15330a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang inout = RAD_START; 15340a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 15350a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case ISAKMP_CFG_LOGOUT: 15360a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang inout = RAD_STOP; 15370a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 15380a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang default: 15390a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, "Unepected inout\n"); 15400a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 15410a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 15420a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 15430a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (rad_put_addr(radius_acct_state, 15440a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang RAD_FRAMED_IP_ADDRESS, iph1->mode_cfg->addr4) != 0) { 15450a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 15460a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "rad_put_addr failed: %s\n", 15470a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang rad_strerror(radius_acct_state)); 15480a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return -1; 15490a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 15500a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 15510a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (rad_put_addr(radius_acct_state, 15520a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang RAD_LOGIN_IP_HOST, iph1->mode_cfg->addr4) != 0) { 15530a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 15540a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "rad_put_addr failed: %s\n", 15550a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang rad_strerror(radius_acct_state)); 15560a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return -1; 15570a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 15580a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 15590a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (rad_put_int(radius_acct_state, RAD_ACCT_STATUS_TYPE, inout) != 0) { 15600a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 15610a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "rad_put_int failed: %s\n", 15620a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang rad_strerror(radius_acct_state)); 15630a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return -1; 15640a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 15650a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 15660a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (isakmp_cfg_radius_common(radius_acct_state, 15670a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang iph1->mode_cfg->port) != 0) 15680a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return -1; 15690a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 15700a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (rad_send_request(radius_acct_state) != RAD_ACCOUNTING_RESPONSE) { 15710a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 15720a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "rad_send_request failed: %s\n", 15730a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang rad_strerror(radius_acct_state)); 15740a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return -1; 15750a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 15760a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 15770a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return 0; 15780a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang} 15790a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#endif /* HAVE_LIBRADIUS */ 15800a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 15810a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang/* 15820a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * Attributes common to all RADIUS requests 15830a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang */ 15840a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#ifdef HAVE_LIBRADIUS 15850a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangint 15860a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangisakmp_cfg_radius_common(radius_state, port) 15870a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct rad_handle *radius_state; 15880a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int port; 15890a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 15900a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct utsname name; 15910a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang static struct hostent *host = NULL; 15920a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct in_addr nas_addr; 15930a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 15940a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* 15950a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * Find our own IP by resolving our nodename 15960a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang */ 15970a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (host == NULL) { 15980a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (uname(&name) != 0) { 15990a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 16000a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "uname failed: %s\n", strerror(errno)); 16010a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return -1; 16020a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 16030a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 16040a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if ((host = gethostbyname(name.nodename)) == NULL) { 16050a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 16060a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "gethostbyname failed: %s\n", strerror(errno)); 16070a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return -1; 16080a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 16090a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 16100a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 16110a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang memcpy(&nas_addr, host->h_addr, sizeof(nas_addr)); 16120a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (rad_put_addr(radius_state, RAD_NAS_IP_ADDRESS, nas_addr) != 0) { 16130a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 16140a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "rad_put_addr failed: %s\n", 16150a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang rad_strerror(radius_state)); 16160a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return -1; 16170a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 16180a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 16190a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (rad_put_int(radius_state, RAD_NAS_PORT, port) != 0) { 16200a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 16210a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "rad_put_int failed: %s\n", 16220a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang rad_strerror(radius_state)); 16230a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return -1; 16240a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 16250a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 16260a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (rad_put_int(radius_state, RAD_NAS_PORT_TYPE, RAD_VIRTUAL) != 0) { 16270a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 16280a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "rad_put_int failed: %s\n", 16290a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang rad_strerror(radius_state)); 16300a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return -1; 16310a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 16320a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 16330a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (rad_put_int(radius_state, RAD_SERVICE_TYPE, RAD_FRAMED) != 0) { 16340a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 16350a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "rad_put_int failed: %s\n", 16360a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang rad_strerror(radius_state)); 16370a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return -1; 16380a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 16390a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 16400a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return 0; 16410a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang} 16420a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#endif 16430a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 1644514ffe2b8b4236d53f584fcd8382dd65bc4df532Chia-chi Yeh#ifndef ANDROID_PATCHED 1645514ffe2b8b4236d53f584fcd8382dd65bc4df532Chia-chi Yeh 16460a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang/* 16470a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang Logs the user into the utmp system files. 16480a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang*/ 16490a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 16500a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangint 16510a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangisakmp_cfg_accounting_system(port, raddr, usr, inout) 16520a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int port; 16530a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct sockaddr *raddr; 16540a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang char *usr; 16550a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int inout; 16560a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 16570a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int error = 0; 1658c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh struct utmp ut; 1659c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh char term[UT_LINESIZE]; 16600a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang char addr[NI_MAXHOST]; 16610a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 16620a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (usr == NULL || usr[0]=='\0') { 16630a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 16640a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "system accounting : no login found\n"); 16650a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return -1; 16660a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 16670a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 1668c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh sprintf(term, TERMSPEC, port); 16690a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 16700a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang switch (inout) { 16710a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case ISAKMP_CFG_LOGIN: 1672c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh strncpy(ut.ut_name, usr, UT_NAMESIZE); 1673c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh ut.ut_name[UT_NAMESIZE - 1] = '\0'; 1674c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh 1675c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh strncpy(ut.ut_line, term, UT_LINESIZE); 1676c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh ut.ut_line[UT_LINESIZE - 1] = '\0'; 16770a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 16780a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang GETNAMEINFO_NULL(raddr, addr); 1679c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh strncpy(ut.ut_host, addr, UT_HOSTSIZE); 1680c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh ut.ut_host[UT_HOSTSIZE - 1] = '\0'; 16810a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 1682c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh ut.ut_time = time(NULL); 1683c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh 16840a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_INFO, LOCATION, NULL, 16850a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "Accounting : '%s' logging on '%s' from %s.\n", 1686c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh ut.ut_name, ut.ut_line, ut.ut_host); 16870a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 1688c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh login(&ut); 16890a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 16900a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 16910a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case ISAKMP_CFG_LOGOUT: 16920a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 16930a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_INFO, LOCATION, NULL, 16940a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "Accounting : '%s' unlogging from '%s'.\n", 1695c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh usr, term); 16960a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 1697c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh logout(term); 16980a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 16990a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 17000a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang default: 17010a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, "Unepected inout\n"); 17020a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 17030a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 17040a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 17050a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return 0; 17060a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang} 17070a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 1708514ffe2b8b4236d53f584fcd8382dd65bc4df532Chia-chi Yeh#endif 1709514ffe2b8b4236d53f584fcd8382dd65bc4df532Chia-chi Yeh 17100a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangint 17110a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangisakmp_cfg_getconfig(iph1) 17120a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct ph1handle *iph1; 17130a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 17140a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang vchar_t *buffer; 17150a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct isakmp_pl_attr *attrpl; 17160a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct isakmp_data *attr; 17170a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang size_t len; 17180a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int error; 17190a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int attrcount; 17200a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int i; 17210a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int attrlist[] = { 17220a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang INTERNAL_IP4_ADDRESS, 17230a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang INTERNAL_IP4_NETMASK, 17240a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang INTERNAL_IP4_DNS, 17250a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang INTERNAL_IP4_NBNS, 17260a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang UNITY_BANNER, 17270a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang UNITY_DEF_DOMAIN, 17280a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang UNITY_SPLITDNS_NAME, 17290a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang UNITY_SPLIT_INCLUDE, 17300a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang UNITY_LOCAL_LAN, 17310a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang APPLICATION_VERSION, 17320a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang }; 17330a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 17340a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang attrcount = sizeof(attrlist) / sizeof(*attrlist); 17350a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang len = sizeof(*attrpl) + sizeof(*attr) * attrcount; 17360a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 17370a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if ((buffer = vmalloc(len)) == NULL) { 17380a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, "Cannot allocate memory\n"); 17390a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return -1; 17400a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 17410a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 17420a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang attrpl = (struct isakmp_pl_attr *)buffer->v; 17430a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang attrpl->h.len = htons(len); 17440a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang attrpl->type = ISAKMP_CFG_REQUEST; 17450a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang attrpl->id = htons((u_int16_t)(eay_random() & 0xffff)); 17460a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 17470a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang attr = (struct isakmp_data *)(attrpl + 1); 17480a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 17490a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang for (i = 0; i < attrcount; i++) { 17500a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang attr->type = htons(attrlist[i]); 17510a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang attr->lorv = htons(0); 17520a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang attr++; 17530a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 17540a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 17550a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_DEBUG, LOCATION, NULL, 17560a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "Sending MODE_CFG REQUEST\n"); 17570a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 17580a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang error = isakmp_cfg_send(iph1, buffer, 17590a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang ISAKMP_NPTYPE_ATTR, ISAKMP_FLAG_E, 1); 17600a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 17610a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang vfree(buffer); 17620a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 17630a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return error; 17640a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang} 17650a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 17660a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangstatic void 17670a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangisakmp_cfg_getaddr4(attr, ip) 17680a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct isakmp_data *attr; 17690a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct in_addr *ip; 17700a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 17710a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang size_t alen = ntohs(attr->lorv); 17720a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang in_addr_t *addr; 17730a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 17740a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (alen != sizeof(*ip)) { 17750a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, "Bad IPv4 address len\n"); 17760a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return; 17770a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 17780a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 17790a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang addr = (in_addr_t *)(attr + 1); 17800a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang ip->s_addr = *addr; 17810a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 17820a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return; 17830a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang} 17840a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 17850a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangstatic void 17860a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangisakmp_cfg_appendaddr4(attr, ip, num, max) 17870a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct isakmp_data *attr; 17880a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct in_addr *ip; 17890a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int *num; 17900a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int max; 17910a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 17920a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang size_t alen = ntohs(attr->lorv); 17930a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang in_addr_t *addr; 17940a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 17950a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (alen != sizeof(*ip)) { 17960a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, "Bad IPv4 address len\n"); 17970a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return; 17980a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 17990a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (*num == max) { 18000a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, "Too many addresses given\n"); 18010a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return; 18020a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 18030a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 18040a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang addr = (in_addr_t *)(attr + 1); 18050a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang ip->s_addr = *addr; 18060a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang (*num)++; 18070a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 18080a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return; 18090a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang} 18100a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 18110a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangstatic void 18120a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangisakmp_cfg_getstring(attr, str) 18130a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct isakmp_data *attr; 18140a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang char *str; 18150a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 18160a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang size_t alen = ntohs(attr->lorv); 18170a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang char *src; 18180a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang src = (char *)(attr + 1); 18190a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 18200a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang memcpy(str, src, (alen > MAXPATHLEN ? MAXPATHLEN : alen)); 18210a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 18220a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return; 18230a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang} 18240a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 18250a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#define IP_MAX 40 18260a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 18270a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangvoid 18280a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangisakmp_cfg_iplist_to_str(dest, count, addr, withmask) 18290a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang char *dest; 18300a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int count; 18310a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang void *addr; 18320a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int withmask; 18330a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 18340a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int i; 18350a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int p; 18360a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int l; 18370a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct unity_network tmp; 18380a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang for(i = 0, p = 0; i < count; i++) { 18390a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if(withmask == 1) 18400a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang l = sizeof(struct unity_network); 18410a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang else 18420a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang l = sizeof(struct in_addr); 18430a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang memcpy(&tmp, addr, l); 18440a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang addr += l; 18450a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if((uint32_t)tmp.addr4.s_addr == 0) 18460a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 18470a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 18480a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang inet_ntop(AF_INET, &tmp.addr4, dest + p, IP_MAX); 18490a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang p += strlen(dest + p); 18500a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if(withmask == 1) { 18510a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang dest[p] = '/'; 18520a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang p++; 18530a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang inet_ntop(AF_INET, &tmp.mask4, dest + p, IP_MAX); 18540a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang p += strlen(dest + p); 18550a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 18560a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang dest[p] = ' '; 18570a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang p++; 18580a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 18590a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if(p > 0) 18600a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang dest[p-1] = '\0'; 18610a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang else 18620a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang dest[0] = '\0'; 18630a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang} 18640a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 18650a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangint 18660a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangisakmp_cfg_setenv(iph1, envp, envc) 18670a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct ph1handle *iph1; 18680a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang char ***envp; 18690a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int *envc; 18700a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 18710a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang char addrstr[IP_MAX]; 18720a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang char addrlist[IP_MAX * MAXNS + MAXNS]; 18730a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang char *splitlist = addrlist; 1874981eda8baa70ed21c0db173d4a5d2d7fe12e4212Chia-chi Yeh char *splitlist_cidr; 18750a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang char defdom[MAXPATHLEN + 1]; 18760a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int cidr, tmp; 18770a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang char cidrstr[4]; 18780a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int i, p; 18790a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int test; 18800a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 18810a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_DEBUG, LOCATION, NULL, "Starting a script.\n"); 18820a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 18830a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* 18840a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * Internal IPv4 address, either if 18850a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * we are a client or a server. 18860a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang */ 18870a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if ((iph1->mode_cfg->flags & ISAKMP_CFG_GOT_ADDR4) || 18880a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#ifdef HAVE_LIBLDAP 18890a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang (iph1->mode_cfg->flags & ISAKMP_CFG_ADDR4_EXTERN) || 18900a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#endif 18910a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#ifdef HAVE_LIBRADIUS 18920a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang (iph1->mode_cfg->flags & ISAKMP_CFG_ADDR4_EXTERN) || 18930a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#endif 18940a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang (iph1->mode_cfg->flags & ISAKMP_CFG_ADDR4_LOCAL)) { 18950a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang inet_ntop(AF_INET, &iph1->mode_cfg->addr4, 18960a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang addrstr, IP_MAX); 18970a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } else 18980a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang addrstr[0] = '\0'; 18990a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 19000a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (script_env_append(envp, envc, "INTERNAL_ADDR4", addrstr) != 0) { 19010a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, "Cannot set INTERNAL_ADDR4\n"); 19020a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return -1; 19030a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 19040a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 19050a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (iph1->mode_cfg->xauth.authdata.generic.usr != NULL) { 19060a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (script_env_append(envp, envc, "XAUTH_USER", 19070a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang iph1->mode_cfg->xauth.authdata.generic.usr) != 0) { 19080a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 19090a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "Cannot set XAUTH_USER\n"); 19100a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return -1; 19110a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 19120a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 19130a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 19140a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* Internal IPv4 mask */ 19150a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (iph1->mode_cfg->flags & ISAKMP_CFG_GOT_MASK4) 19160a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang inet_ntop(AF_INET, &iph1->mode_cfg->mask4, 19170a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang addrstr, IP_MAX); 19180a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang else 19190a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang addrstr[0] = '\0'; 19200a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 19210a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* 19220a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * During several releases, documentation adverised INTERNAL_NETMASK4 19230a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * while code was using INTERNAL_MASK4. We now do both. 19240a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang */ 19250a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 19260a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (script_env_append(envp, envc, "INTERNAL_MASK4", addrstr) != 0) { 19270a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, "Cannot set INTERNAL_MASK4\n"); 19280a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return -1; 19290a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 19300a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 19310a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (script_env_append(envp, envc, "INTERNAL_NETMASK4", addrstr) != 0) { 19320a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 19330a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "Cannot set INTERNAL_NETMASK4\n"); 19340a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return -1; 19350a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 19360a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 19370a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang tmp = ntohl(iph1->mode_cfg->mask4.s_addr); 19380a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang for (cidr = 0; tmp != 0; cidr++) 19390a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang tmp <<= 1; 19400a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang snprintf(cidrstr, 3, "%d", cidr); 19410a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 19420a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (script_env_append(envp, envc, "INTERNAL_CIDR4", cidrstr) != 0) { 19430a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, "Cannot set INTERNAL_CIDR4\n"); 19440a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return -1; 19450a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 19460a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 19470a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* Internal IPv4 DNS */ 19480a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (iph1->mode_cfg->flags & ISAKMP_CFG_GOT_DNS4) { 19490a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* First Internal IPv4 DNS (for compatibilty with older code */ 19500a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang inet_ntop(AF_INET, &iph1->mode_cfg->dns4[0], 19510a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang addrstr, IP_MAX); 19520a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 19530a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* Internal IPv4 DNS - all */ 19540a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang isakmp_cfg_iplist_to_str(addrlist, iph1->mode_cfg->dns4_index, 19550a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang (void *)iph1->mode_cfg->dns4, 0); 19560a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } else { 19570a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang addrstr[0] = '\0'; 19580a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang addrlist[0] = '\0'; 19590a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 19600a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 19610a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (script_env_append(envp, envc, "INTERNAL_DNS4", addrstr) != 0) { 19620a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, "Cannot set INTERNAL_DNS4\n"); 19630a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return -1; 19640a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 19650a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (script_env_append(envp, envc, "INTERNAL_DNS4_LIST", addrlist) != 0) { 19660a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 19670a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "Cannot set INTERNAL_DNS4_LIST\n"); 19680a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return -1; 19690a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 19700a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 19710a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* Internal IPv4 WINS */ 19720a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (iph1->mode_cfg->flags & ISAKMP_CFG_GOT_WINS4) { 19730a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* 19740a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * First Internal IPv4 WINS 19750a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * (for compatibilty with older code 19760a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang */ 19770a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang inet_ntop(AF_INET, &iph1->mode_cfg->wins4[0], 19780a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang addrstr, IP_MAX); 19790a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 19800a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* Internal IPv4 WINS - all */ 19810a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang isakmp_cfg_iplist_to_str(addrlist, iph1->mode_cfg->wins4_index, 19820a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang (void *)iph1->mode_cfg->wins4, 0); 19830a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } else { 19840a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang addrstr[0] = '\0'; 19850a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang addrlist[0] = '\0'; 19860a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 19870a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 19880a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (script_env_append(envp, envc, "INTERNAL_WINS4", addrstr) != 0) { 19890a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 19900a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "Cannot set INTERNAL_WINS4\n"); 19910a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return -1; 19920a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 19930a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (script_env_append(envp, envc, 19940a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "INTERNAL_WINS4_LIST", addrlist) != 0) { 19950a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 19960a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "Cannot set INTERNAL_WINS4_LIST\n"); 19970a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return -1; 19980a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 19990a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 20000a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* Deault domain */ 20010a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if(iph1->mode_cfg->flags & ISAKMP_CFG_GOT_DEFAULT_DOMAIN) 20020a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang strncpy(defdom, 20030a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang iph1->mode_cfg->default_domain, 20040a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang MAXPATHLEN + 1); 20050a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang else 20060a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang defdom[0] = '\0'; 20070a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 20080a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (script_env_append(envp, envc, "DEFAULT_DOMAIN", defdom) != 0) { 20090a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 20100a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "Cannot set DEFAULT_DOMAIN\n"); 20110a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return -1; 20120a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 20130a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 20140a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* Split networks */ 2015981eda8baa70ed21c0db173d4a5d2d7fe12e4212Chia-chi Yeh if (iph1->mode_cfg->flags & ISAKMP_CFG_GOT_SPLIT_INCLUDE) { 2016981eda8baa70ed21c0db173d4a5d2d7fe12e4212Chia-chi Yeh splitlist = 2017981eda8baa70ed21c0db173d4a5d2d7fe12e4212Chia-chi Yeh splitnet_list_2str(iph1->mode_cfg->split_include, NETMASK); 2018981eda8baa70ed21c0db173d4a5d2d7fe12e4212Chia-chi Yeh splitlist_cidr = 2019981eda8baa70ed21c0db173d4a5d2d7fe12e4212Chia-chi Yeh splitnet_list_2str(iph1->mode_cfg->split_include, CIDR); 2020981eda8baa70ed21c0db173d4a5d2d7fe12e4212Chia-chi Yeh } else { 20210a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang splitlist = addrlist; 2022981eda8baa70ed21c0db173d4a5d2d7fe12e4212Chia-chi Yeh splitlist_cidr = addrlist; 20230a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang addrlist[0] = '\0'; 20240a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 20250a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 20260a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (script_env_append(envp, envc, "SPLIT_INCLUDE", splitlist) != 0) { 20270a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, "Cannot set SPLIT_INCLUDE\n"); 20280a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return -1; 20290a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 2030981eda8baa70ed21c0db173d4a5d2d7fe12e4212Chia-chi Yeh if (script_env_append(envp, envc, 2031981eda8baa70ed21c0db173d4a5d2d7fe12e4212Chia-chi Yeh "SPLIT_INCLUDE_CIDR", splitlist_cidr) != 0) { 2032981eda8baa70ed21c0db173d4a5d2d7fe12e4212Chia-chi Yeh plog(LLV_ERROR, LOCATION, NULL, 2033981eda8baa70ed21c0db173d4a5d2d7fe12e4212Chia-chi Yeh "Cannot set SPLIT_INCLUDE_CIDR\n"); 2034981eda8baa70ed21c0db173d4a5d2d7fe12e4212Chia-chi Yeh return -1; 2035981eda8baa70ed21c0db173d4a5d2d7fe12e4212Chia-chi Yeh } 20360a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (splitlist != addrlist) 20370a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang racoon_free(splitlist); 2038981eda8baa70ed21c0db173d4a5d2d7fe12e4212Chia-chi Yeh if (splitlist_cidr != addrlist) 2039981eda8baa70ed21c0db173d4a5d2d7fe12e4212Chia-chi Yeh racoon_free(splitlist_cidr); 2040981eda8baa70ed21c0db173d4a5d2d7fe12e4212Chia-chi Yeh 2041981eda8baa70ed21c0db173d4a5d2d7fe12e4212Chia-chi Yeh if (iph1->mode_cfg->flags & ISAKMP_CFG_GOT_SPLIT_LOCAL) { 2042981eda8baa70ed21c0db173d4a5d2d7fe12e4212Chia-chi Yeh splitlist = 2043981eda8baa70ed21c0db173d4a5d2d7fe12e4212Chia-chi Yeh splitnet_list_2str(iph1->mode_cfg->split_local, NETMASK); 2044981eda8baa70ed21c0db173d4a5d2d7fe12e4212Chia-chi Yeh splitlist_cidr = 2045981eda8baa70ed21c0db173d4a5d2d7fe12e4212Chia-chi Yeh splitnet_list_2str(iph1->mode_cfg->split_local, CIDR); 2046981eda8baa70ed21c0db173d4a5d2d7fe12e4212Chia-chi Yeh } else { 20470a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang splitlist = addrlist; 2048981eda8baa70ed21c0db173d4a5d2d7fe12e4212Chia-chi Yeh splitlist_cidr = addrlist; 20490a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang addrlist[0] = '\0'; 20500a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 20510a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 20520a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (script_env_append(envp, envc, "SPLIT_LOCAL", splitlist) != 0) { 20530a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, "Cannot set SPLIT_LOCAL\n"); 20540a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return -1; 20550a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 2056981eda8baa70ed21c0db173d4a5d2d7fe12e4212Chia-chi Yeh if (script_env_append(envp, envc, 2057981eda8baa70ed21c0db173d4a5d2d7fe12e4212Chia-chi Yeh "SPLIT_LOCAL_CIDR", splitlist_cidr) != 0) { 2058981eda8baa70ed21c0db173d4a5d2d7fe12e4212Chia-chi Yeh plog(LLV_ERROR, LOCATION, NULL, 2059981eda8baa70ed21c0db173d4a5d2d7fe12e4212Chia-chi Yeh "Cannot set SPLIT_LOCAL_CIDR\n"); 2060981eda8baa70ed21c0db173d4a5d2d7fe12e4212Chia-chi Yeh return -1; 2061981eda8baa70ed21c0db173d4a5d2d7fe12e4212Chia-chi Yeh } 20620a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (splitlist != addrlist) 20630a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang racoon_free(splitlist); 2064981eda8baa70ed21c0db173d4a5d2d7fe12e4212Chia-chi Yeh if (splitlist_cidr != addrlist) 2065981eda8baa70ed21c0db173d4a5d2d7fe12e4212Chia-chi Yeh racoon_free(splitlist_cidr); 2066981eda8baa70ed21c0db173d4a5d2d7fe12e4212Chia-chi Yeh 20670a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return 0; 20680a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang} 20690a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 20700a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangint 20710a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangisakmp_cfg_resize_pool(size) 20720a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int size; 20730a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 20740a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct isakmp_cfg_port *new_pool; 20750a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang size_t len; 20760a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int i; 20770a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 20780a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (size == isakmp_cfg_config.pool_size) 20790a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return 0; 20800a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 20810a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_INFO, LOCATION, NULL, 20820a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "Resize address pool from %zu to %d\n", 20830a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang isakmp_cfg_config.pool_size, size); 20840a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 20850a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* If a pool already exists, check if we can shrink it */ 20860a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if ((isakmp_cfg_config.port_pool != NULL) && 20870a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang (size < isakmp_cfg_config.pool_size)) { 20881c71527b277e2dc256262da2ed2169c566c5bf4dChia-chi Yeh for (i = isakmp_cfg_config.pool_size-1; i >= size; --i) { 20890a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (isakmp_cfg_config.port_pool[i].used) { 20900a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 20910a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "resize pool from %zu to %d impossible " 20920a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "port %d is in use\n", 20930a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang isakmp_cfg_config.pool_size, size, i); 20940a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang size = i; 20950a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 20960a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 20970a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 20980a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 20990a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 21000a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang len = size * sizeof(*isakmp_cfg_config.port_pool); 21010a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang new_pool = racoon_realloc(isakmp_cfg_config.port_pool, len); 21020a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (new_pool == NULL) { 21030a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 21040a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "resize pool from %zu to %d impossible: %s", 21050a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang isakmp_cfg_config.pool_size, size, strerror(errno)); 21060a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return -1; 21070a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 21080a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 21090a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* If size increase, intialize correctly the new records */ 21100a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (size > isakmp_cfg_config.pool_size) { 21110a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang size_t unit; 21120a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang size_t old_size; 21130a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 21140a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang unit = sizeof(*isakmp_cfg_config.port_pool); 21150a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang old_size = isakmp_cfg_config.pool_size; 21160a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 21170a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang bzero((char *)new_pool + (old_size * unit), 21180a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang (size - old_size) * unit); 21190a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 21200a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 21210a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang isakmp_cfg_config.port_pool = new_pool; 21220a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang isakmp_cfg_config.pool_size = size; 21230a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 21240a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return 0; 21250a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang} 21260a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 21270a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangint 21280a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangisakmp_cfg_init(cold) 21290a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int cold; 21300a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 21310a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int i; 21320a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int error; 21330a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 21340a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang isakmp_cfg_config.network4 = (in_addr_t)0x00000000; 21350a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang isakmp_cfg_config.netmask4 = (in_addr_t)0x00000000; 21360a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang for (i = 0; i < MAXNS; i++) 21370a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang isakmp_cfg_config.dns4[i] = (in_addr_t)0x00000000; 21380a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang isakmp_cfg_config.dns4_index = 0; 21390a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang for (i = 0; i < MAXWINS; i++) 21400a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang isakmp_cfg_config.nbns4[i] = (in_addr_t)0x00000000; 21410a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang isakmp_cfg_config.nbns4_index = 0; 21420a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (cold == ISAKMP_CFG_INIT_COLD) 21430a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang isakmp_cfg_config.port_pool = NULL; 21440a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang isakmp_cfg_config.authsource = ISAKMP_CFG_AUTH_SYSTEM; 21450a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang isakmp_cfg_config.groupsource = ISAKMP_CFG_GROUP_SYSTEM; 21460a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (cold == ISAKMP_CFG_INIT_COLD) { 21470a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (isakmp_cfg_config.grouplist != NULL) { 21480a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang for (i = 0; i < isakmp_cfg_config.groupcount; i++) 21490a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang racoon_free(isakmp_cfg_config.grouplist[i]); 21500a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang racoon_free(isakmp_cfg_config.grouplist); 21510a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 21520a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 21530a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang isakmp_cfg_config.grouplist = NULL; 21540a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang isakmp_cfg_config.groupcount = 0; 21550a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang isakmp_cfg_config.confsource = ISAKMP_CFG_CONF_LOCAL; 21560a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang isakmp_cfg_config.accounting = ISAKMP_CFG_ACCT_NONE; 21570a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (cold == ISAKMP_CFG_INIT_COLD) 21580a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang isakmp_cfg_config.pool_size = 0; 21590a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang isakmp_cfg_config.auth_throttle = THROTTLE_PENALTY; 21600a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang strlcpy(isakmp_cfg_config.default_domain, ISAKMP_CFG_DEFAULT_DOMAIN, 21610a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang MAXPATHLEN); 21620a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang strlcpy(isakmp_cfg_config.motd, ISAKMP_CFG_MOTD, MAXPATHLEN); 21630a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 21640a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (cold != ISAKMP_CFG_INIT_COLD ) 21650a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (isakmp_cfg_config.splitnet_list != NULL) 21660a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang splitnet_list_free(isakmp_cfg_config.splitnet_list, 21670a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang &isakmp_cfg_config.splitnet_count); 21680a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang isakmp_cfg_config.splitnet_list = NULL; 21690a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang isakmp_cfg_config.splitnet_count = 0; 21700a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang isakmp_cfg_config.splitnet_type = 0; 21710a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 21720a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang isakmp_cfg_config.pfs_group = 0; 21730a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang isakmp_cfg_config.save_passwd = 0; 21740a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 21750a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (cold != ISAKMP_CFG_INIT_COLD ) 21760a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (isakmp_cfg_config.splitdns_list != NULL) 21770a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang racoon_free(isakmp_cfg_config.splitdns_list); 21780a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang isakmp_cfg_config.splitdns_list = NULL; 21790a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang isakmp_cfg_config.splitdns_len = 0; 21800a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 21811c71527b277e2dc256262da2ed2169c566c5bf4dChia-chi Yeh#if 0 21820a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (cold == ISAKMP_CFG_INIT_COLD) { 21830a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if ((error = isakmp_cfg_resize_pool(ISAKMP_CFG_MAX_CNX)) != 0) 21840a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return error; 21850a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 21861c71527b277e2dc256262da2ed2169c566c5bf4dChia-chi Yeh#endif 21870a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 21880a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return 0; 21890a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang} 21900a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 2191