isakmp_cfg.c revision 514ffe2b8b4236d53f584fcd8382dd65bc4df532
1f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh/* $NetBSD: isakmp_cfg.c,v 1.24 2010/09/21 13:14:17 vanhu Exp $ */ 20a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 30a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang/* Id: isakmp_cfg.c,v 1.55 2006/08/22 18:17:17 manubsd Exp */ 40a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 50a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang/* 60a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * Copyright (C) 2004-2006 Emmanuel Dreyfus 70a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * All rights reserved. 80a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * 90a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * Redistribution and use in source and binary forms, with or without 100a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * modification, are permitted provided that the following conditions 110a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * are met: 120a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * 1. Redistributions of source code must retain the above copyright 130a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * notice, this list of conditions and the following disclaimer. 140a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * 2. Redistributions in binary form must reproduce the above copyright 150a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * notice, this list of conditions and the following disclaimer in the 160a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * documentation and/or other materials provided with the distribution. 170a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * 3. Neither the name of the project nor the names of its contributors 180a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * may be used to endorse or promote products derived from this software 190a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * without specific prior written permission. 200a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * 210a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 220a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 230a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 240a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 250a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 260a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 270a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 280a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 290a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 300a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 310a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * SUCH DAMAGE. 320a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang */ 330a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 340a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "config.h" 350a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 360a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include <sys/types.h> 370a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include <sys/param.h> 380a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include <sys/socket.h> 390a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include <sys/queue.h> 400a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 41514ffe2b8b4236d53f584fcd8382dd65bc4df532Chia-chi Yeh#ifndef ANDROID_PATCHED 42f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh#include <utmpx.h> 43514ffe2b8b4236d53f584fcd8382dd65bc4df532Chia-chi Yeh#endif 440a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#if defined(__APPLE__) && defined(__MACH__) 450a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include <util.h> 460a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#endif 470a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 480a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#ifdef __FreeBSD__ 490a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang# include <libutil.h> 500a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#endif 510a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#ifdef __NetBSD__ 520a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang# include <util.h> 530a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#endif 540a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 550a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include <netinet/in.h> 560a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include <arpa/inet.h> 570a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 580a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include <stdlib.h> 590a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include <stdio.h> 600a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include <string.h> 610a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include <errno.h> 620a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#if TIME_WITH_SYS_TIME 630a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang# include <sys/time.h> 640a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang# include <time.h> 650a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#else 660a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang# if HAVE_SYS_TIME_H 670a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang# include <sys/time.h> 680a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang# else 690a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang# include <time.h> 700a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang# endif 710a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#endif 720a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include <netdb.h> 730a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#ifdef HAVE_UNISTD_H 740a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include <unistd.h> 750a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#endif 760a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#if HAVE_STDINT_H 770a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include <stdint.h> 780a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#endif 790a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include <ctype.h> 800a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include <resolv.h> 810a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 820a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#ifdef HAVE_LIBRADIUS 830a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include <sys/utsname.h> 840a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include <radlib.h> 850a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#endif 860a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 870a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "var.h" 880a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "misc.h" 890a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "vmbuf.h" 900a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "plog.h" 910a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "sockmisc.h" 920a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "schedule.h" 930a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "debug.h" 940a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 950a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "isakmp_var.h" 960a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "isakmp.h" 970a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "handler.h" 980a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "evt.h" 990a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "throttle.h" 1000a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "remoteconf.h" 1010a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "crypto_openssl.h" 1020a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "isakmp_inf.h" 1030a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "isakmp_xauth.h" 1040a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "isakmp_unity.h" 1050a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "isakmp_cfg.h" 1060a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "strnames.h" 1070a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "admin.h" 1080a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "privsep.h" 1090a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 1100a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangstruct isakmp_cfg_config isakmp_cfg_config; 1110a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 1120a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangstatic vchar_t *buffer_cat(vchar_t *s, vchar_t *append); 1130a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangstatic vchar_t *isakmp_cfg_net(struct ph1handle *, struct isakmp_data *); 1140a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#if 0 1150a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangstatic vchar_t *isakmp_cfg_void(struct ph1handle *, struct isakmp_data *); 1160a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#endif 1170a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangstatic vchar_t *isakmp_cfg_addr4(struct ph1handle *, 1180a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct isakmp_data *, in_addr_t *); 119f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yehstatic vchar_t *isakmp_cfg_addrnet4(struct ph1handle *, 120f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh struct isakmp_data *, in_addr_t *, in_addr_t *); 1210a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangstatic void isakmp_cfg_getaddr4(struct isakmp_data *, struct in_addr *); 1220a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangstatic vchar_t *isakmp_cfg_addr4_list(struct ph1handle *, 1230a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct isakmp_data *, in_addr_t *, int); 1240a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangstatic void isakmp_cfg_appendaddr4(struct isakmp_data *, 1250a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct in_addr *, int *, int); 1260a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangstatic void isakmp_cfg_getstring(struct isakmp_data *,char *); 1270a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangvoid isakmp_cfg_iplist_to_str(char *, int, void *, int); 1280a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 1290a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#define ISAKMP_CFG_LOGIN 1 1300a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#define ISAKMP_CFG_LOGOUT 2 1310a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangstatic int isakmp_cfg_accounting(struct ph1handle *, int); 1320a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#ifdef HAVE_LIBRADIUS 1330a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangstatic int isakmp_cfg_accounting_radius(struct ph1handle *, int); 1340a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#endif 1350a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 1360a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang/* 1370a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * Handle an ISAKMP config mode packet 1380a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * We expect HDR, HASH, ATTR 1390a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang */ 1400a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangvoid 1410a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangisakmp_cfg_r(iph1, msg) 1420a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct ph1handle *iph1; 1430a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang vchar_t *msg; 1440a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 1450a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct isakmp *packet; 1460a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct isakmp_gen *ph; 1470a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int tlen; 1480a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang char *npp; 1490a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int np; 1500a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang vchar_t *dmsg; 1510a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct isakmp_ivm *ivm; 1520a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 1530a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* Check that the packet is long enough to have a header */ 1540a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (msg->l < sizeof(*packet)) { 1550a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, "Unexpected short packet\n"); 1560a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return; 1570a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 1580a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 1590a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang packet = (struct isakmp *)msg->v; 1600a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 1610a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* Is it encrypted? It should be encrypted */ 1620a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if ((packet->flags & ISAKMP_FLAG_E) == 0) { 1630a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 1640a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "User credentials sent in cleartext!\n"); 1650a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return; 1660a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 1670a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 1680a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* 1690a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * Decrypt the packet. If this is the beginning of a new 1700a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * exchange, reinitialize the IV 1710a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang */ 1720a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (iph1->mode_cfg->ivm == NULL || 1730a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang iph1->mode_cfg->last_msgid != packet->msgid ) 1740a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang iph1->mode_cfg->ivm = 1750a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang isakmp_cfg_newiv(iph1, packet->msgid); 1760a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang ivm = iph1->mode_cfg->ivm; 1770a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 1780a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang dmsg = oakley_do_decrypt(iph1, msg, ivm->iv, ivm->ive); 1790a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (dmsg == NULL) { 1800a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 1810a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "failed to decrypt message\n"); 1820a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return; 1830a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 1840a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 1850a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_DEBUG, LOCATION, NULL, "MODE_CFG packet\n"); 1860a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plogdump(LLV_DEBUG, dmsg->v, dmsg->l); 1870a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 1880a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* Now work with the decrypted packet */ 1890a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang packet = (struct isakmp *)dmsg->v; 1900a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang tlen = dmsg->l - sizeof(*packet); 1910a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang ph = (struct isakmp_gen *)(packet + 1); 1920a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 1930a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang np = packet->np; 1940a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang while ((tlen > 0) && (np != ISAKMP_NPTYPE_NONE)) { 1950a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* Check that the payload header fits in the packet */ 1960a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (tlen < sizeof(*ph)) { 1970a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_WARNING, LOCATION, NULL, 1980a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "Short payload header\n"); 1990a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang goto out; 2000a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 2010a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 2020a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* Check that the payload fits in the packet */ 2030a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (tlen < ntohs(ph->len)) { 2040a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_WARNING, LOCATION, NULL, 2050a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "Short payload\n"); 2060a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang goto out; 2070a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 2080a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 2090a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_DEBUG, LOCATION, NULL, "Seen payload %d\n", np); 2100a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plogdump(LLV_DEBUG, ph, ntohs(ph->len)); 2110a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 2120a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang switch(np) { 2130a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case ISAKMP_NPTYPE_HASH: { 2140a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang vchar_t *check; 2150a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang vchar_t *payload; 2160a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang size_t plen; 2170a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct isakmp_gen *nph; 2180a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 2190a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plen = ntohs(ph->len); 2200a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang nph = (struct isakmp_gen *)((char *)ph + plen); 2210a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plen = ntohs(nph->len); 2220a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 2230a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if ((payload = vmalloc(plen)) == NULL) { 2240a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 2250a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "Cannot allocate memory\n"); 2260a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang goto out; 2270a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 2280a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang memcpy(payload->v, nph, plen); 2290a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 2300a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if ((check = oakley_compute_hash1(iph1, 2310a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang packet->msgid, payload)) == NULL) { 2320a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 2330a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "Cannot compute hash\n"); 2340a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang vfree(payload); 2350a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang goto out; 2360a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 2370a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 2380a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (memcmp(ph + 1, check->v, check->l) != 0) { 2390a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 2400a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "Hash verification failed\n"); 2410a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang vfree(payload); 2420a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang vfree(check); 2430a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang goto out; 2440a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 2450a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang vfree(payload); 2460a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang vfree(check); 2470a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 2480a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 2490a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case ISAKMP_NPTYPE_ATTR: { 2500a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct isakmp_pl_attr *attrpl; 2510a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 2520a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang attrpl = (struct isakmp_pl_attr *)ph; 2530a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang isakmp_cfg_attr_r(iph1, packet->msgid, attrpl); 2540a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 2550a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 2560a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 2570a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang default: 2580a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_WARNING, LOCATION, NULL, 2590a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "Unexpected next payload %d\n", np); 2600a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* Skip to the next payload */ 2610a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 2620a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 2630a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 2640a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* Move to the next payload */ 2650a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang np = ph->np; 2660a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang tlen -= ntohs(ph->len); 2670a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang npp = (char *)ph; 2680a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang ph = (struct isakmp_gen *)(npp + ntohs(ph->len)); 2690a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 2700a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 2710a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangout: 2720a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang vfree(dmsg); 2730a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang} 2740a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 2750a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangint 2760a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangisakmp_cfg_attr_r(iph1, msgid, attrpl) 2770a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct ph1handle *iph1; 2780a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang u_int32_t msgid; 2790a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct isakmp_pl_attr *attrpl; 2800a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 2810a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int type = attrpl->type; 2820a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 2830a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_DEBUG, LOCATION, NULL, 2840a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "Configuration exchange type %s\n", s_isakmp_cfg_ptype(type)); 2850a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang switch (type) { 2860a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case ISAKMP_CFG_ACK: 2870a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* ignore, but this is the time to reinit the IV */ 2880a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang oakley_delivm(iph1->mode_cfg->ivm); 2890a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang iph1->mode_cfg->ivm = NULL; 2900a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return 0; 2910a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 2920a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 2930a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case ISAKMP_CFG_REPLY: 2940a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return isakmp_cfg_reply(iph1, attrpl); 2950a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 2960a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 2970a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case ISAKMP_CFG_REQUEST: 2980a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang iph1->msgid = msgid; 2990a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return isakmp_cfg_request(iph1, attrpl); 3000a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 3010a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 3020a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case ISAKMP_CFG_SET: 3030a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang iph1->msgid = msgid; 3040a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return isakmp_cfg_set(iph1, attrpl); 3050a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 3060a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 3070a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang default: 3080a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_WARNING, LOCATION, NULL, 3090a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "Unepected configuration exchange type %d\n", type); 3100a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return -1; 3110a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 3120a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 3130a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 3140a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return 0; 3150a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang} 3160a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 3170a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangint 3180a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangisakmp_cfg_reply(iph1, attrpl) 3190a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct ph1handle *iph1; 3200a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct isakmp_pl_attr *attrpl; 3210a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 3220a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct isakmp_data *attr; 3230a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int tlen; 3240a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang size_t alen; 3250a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang char *npp; 3260a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int type; 3270a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct sockaddr_in *sin; 3280a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int error; 3290a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 3300a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang tlen = ntohs(attrpl->h.len); 3310a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang attr = (struct isakmp_data *)(attrpl + 1); 3320a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang tlen -= sizeof(*attrpl); 3330a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 3340a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang while (tlen > 0) { 3350a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang type = ntohs(attr->type); 3360a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 3370a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* Handle short attributes */ 3380a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if ((type & ISAKMP_GEN_MASK) == ISAKMP_GEN_TV) { 3390a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang type &= ~ISAKMP_GEN_MASK; 3400a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 3410a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_DEBUG, LOCATION, NULL, 3420a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "Short attribute %s = %d\n", 3430a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang s_isakmp_cfg_type(type), ntohs(attr->lorv)); 3440a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 3450a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang switch (type) { 3460a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case XAUTH_TYPE: 3470a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if ((error = xauth_attr_reply(iph1, 3480a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang attr, ntohs(attrpl->id))) != 0) 3490a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return error; 3500a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 3510a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 3520a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang default: 3530a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_WARNING, LOCATION, NULL, 3540a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "Ignored short attribute %s\n", 3550a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang s_isakmp_cfg_type(type)); 3560a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 3570a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 3580a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 3590a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang tlen -= sizeof(*attr); 3600a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang attr++; 3610a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang continue; 3620a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 3630a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 3640a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang type = ntohs(attr->type); 3650a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang alen = ntohs(attr->lorv); 3660a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 3670a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* Check that the attribute fit in the packet */ 3680a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (tlen < alen) { 3690a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 3700a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "Short attribute %s\n", 3710a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang s_isakmp_cfg_type(type)); 3720a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return -1; 3730a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 3740a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 3750a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_DEBUG, LOCATION, NULL, 3760a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "Attribute %s, len %zu\n", 3770a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang s_isakmp_cfg_type(type), alen); 3780a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 3790a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang switch(type) { 3800a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case XAUTH_TYPE: 3810a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case XAUTH_USER_NAME: 3820a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case XAUTH_USER_PASSWORD: 3830a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case XAUTH_PASSCODE: 3840a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case XAUTH_MESSAGE: 3850a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case XAUTH_CHALLENGE: 3860a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case XAUTH_DOMAIN: 3870a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case XAUTH_STATUS: 3880a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case XAUTH_NEXT_PIN: 3890a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case XAUTH_ANSWER: 3900a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if ((error = xauth_attr_reply(iph1, 3910a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang attr, ntohs(attrpl->id))) != 0) 3920a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return error; 3930a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 3940a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case INTERNAL_IP4_ADDRESS: 3950a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang isakmp_cfg_getaddr4(attr, &iph1->mode_cfg->addr4); 3960a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang iph1->mode_cfg->flags |= ISAKMP_CFG_GOT_ADDR4; 3970a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 3980a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case INTERNAL_IP4_NETMASK: 3990a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang isakmp_cfg_getaddr4(attr, &iph1->mode_cfg->mask4); 4000a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang iph1->mode_cfg->flags |= ISAKMP_CFG_GOT_MASK4; 4010a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 4020a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case INTERNAL_IP4_DNS: 4030a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang isakmp_cfg_appendaddr4(attr, 4040a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang &iph1->mode_cfg->dns4[iph1->mode_cfg->dns4_index], 4050a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang &iph1->mode_cfg->dns4_index, MAXNS); 4060a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang iph1->mode_cfg->flags |= ISAKMP_CFG_GOT_DNS4; 4070a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 4080a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case INTERNAL_IP4_NBNS: 4090a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang isakmp_cfg_appendaddr4(attr, 4100a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang &iph1->mode_cfg->wins4[iph1->mode_cfg->wins4_index], 4110a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang &iph1->mode_cfg->wins4_index, MAXNS); 4120a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang iph1->mode_cfg->flags |= ISAKMP_CFG_GOT_WINS4; 4130a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 4140a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case UNITY_DEF_DOMAIN: 4150a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang isakmp_cfg_getstring(attr, 4160a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang iph1->mode_cfg->default_domain); 4170a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang iph1->mode_cfg->flags |= ISAKMP_CFG_GOT_DEFAULT_DOMAIN; 4180a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 4190a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case UNITY_SPLIT_INCLUDE: 4200a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case UNITY_LOCAL_LAN: 4210a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case UNITY_SPLITDNS_NAME: 4220a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case UNITY_BANNER: 4230a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case UNITY_SAVE_PASSWD: 4240a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case UNITY_NATT_PORT: 4250a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case UNITY_PFS: 4260a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case UNITY_FW_TYPE: 4270a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case UNITY_BACKUP_SERVERS: 4280a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case UNITY_DDNS_HOSTNAME: 4290a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang isakmp_unity_reply(iph1, attr); 4300a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 4310a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case INTERNAL_IP4_SUBNET: 4320a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case INTERNAL_ADDRESS_EXPIRY: 4330a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang default: 4340a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_WARNING, LOCATION, NULL, 4350a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "Ignored attribute %s\n", 4360a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang s_isakmp_cfg_type(type)); 4370a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 4380a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 4390a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 4400a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang npp = (char *)attr; 4410a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang attr = (struct isakmp_data *)(npp + sizeof(*attr) + alen); 4420a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang tlen -= (sizeof(*attr) + alen); 4430a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 4440a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 4450a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* 4460a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * Call the SA up script hook now that we have the configuration 4470a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * It is done at the end of phase 1 if ISAKMP mode config is not 4480a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * requested. 4490a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang */ 4500a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 4510a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if ((iph1->status == PHASE1ST_ESTABLISHED) && 4520a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang iph1->rmconf->mode_cfg) { 453f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh switch (iph1->approval->authmethod) { 454f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh case OAKLEY_ATTR_AUTH_METHOD_XAUTH_PSKEY_I: 4550a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case OAKLEY_ATTR_AUTH_METHOD_HYBRID_RSA_I: 4560a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* Unimplemented */ 4570a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case OAKLEY_ATTR_AUTH_METHOD_HYBRID_DSS_I: 4580a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case OAKLEY_ATTR_AUTH_METHOD_XAUTH_DSSSIG_I: 4590a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case OAKLEY_ATTR_AUTH_METHOD_XAUTH_RSASIG_I: 4600a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case OAKLEY_ATTR_AUTH_METHOD_XAUTH_RSAENC_I: 4610a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case OAKLEY_ATTR_AUTH_METHOD_XAUTH_RSAREV_I: 4620a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang script_hook(iph1, SCRIPT_PHASE1_UP); 4630a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 4640a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang default: 4650a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 4660a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 4670a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 4680a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 4690a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 4700a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#ifdef ENABLE_ADMINPORT 4710a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang { 4720a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang vchar_t *buf; 4730a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 4740a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang alen = ntohs(attrpl->h.len) - sizeof(*attrpl); 4750a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if ((buf = vmalloc(alen)) == NULL) { 4760a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_WARNING, LOCATION, NULL, 4770a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "Cannot allocate memory: %s\n", strerror(errno)); 4780a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } else { 4790a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang memcpy(buf->v, attrpl + 1, buf->l); 480f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh evt_phase1(iph1, EVT_PHASE1_MODE_CFG, buf); 4810a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang vfree(buf); 4820a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 4830a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 4840a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#endif 4850a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 4860a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return 0; 4870a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang} 4880a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 4890a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangint 4900a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangisakmp_cfg_request(iph1, attrpl) 4910a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct ph1handle *iph1; 4920a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct isakmp_pl_attr *attrpl; 4930a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 4940a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct isakmp_data *attr; 4950a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int tlen; 4960a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang size_t alen; 4970a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang char *npp; 4980a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang vchar_t *payload; 4990a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct isakmp_pl_attr *reply; 5000a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang vchar_t *reply_attr; 5010a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int type; 5020a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int error = -1; 5030a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 5040a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if ((payload = vmalloc(sizeof(*reply))) == NULL) { 5050a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, "Cannot allocate memory\n"); 5060a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return -1; 5070a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 5080a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang memset(payload->v, 0, sizeof(*reply)); 5090a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 5100a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang tlen = ntohs(attrpl->h.len); 5110a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang attr = (struct isakmp_data *)(attrpl + 1); 5120a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang tlen -= sizeof(*attrpl); 5130a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 5140a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang while (tlen > 0) { 5150a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang reply_attr = NULL; 5160a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang type = ntohs(attr->type); 5170a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 5180a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* Handle short attributes */ 5190a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if ((type & ISAKMP_GEN_MASK) == ISAKMP_GEN_TV) { 5200a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang type &= ~ISAKMP_GEN_MASK; 5210a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 5220a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_DEBUG, LOCATION, NULL, 5230a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "Short attribute %s = %d\n", 5240a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang s_isakmp_cfg_type(type), ntohs(attr->lorv)); 5250a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 5260a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang switch (type) { 5270a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case XAUTH_TYPE: 5280a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang reply_attr = isakmp_xauth_req(iph1, attr); 5290a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 5300a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang default: 5310a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_WARNING, LOCATION, NULL, 5320a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "Ignored short attribute %s\n", 5330a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang s_isakmp_cfg_type(type)); 5340a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 5350a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 5360a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 5370a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang tlen -= sizeof(*attr); 5380a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang attr++; 5390a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 5400a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (reply_attr != NULL) { 5410a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang payload = buffer_cat(payload, reply_attr); 5420a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang vfree(reply_attr); 5430a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 5440a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 5450a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang continue; 5460a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 5470a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 5480a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang type = ntohs(attr->type); 5490a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang alen = ntohs(attr->lorv); 5500a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 5510a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* Check that the attribute fit in the packet */ 5520a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (tlen < alen) { 5530a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 5540a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "Short attribute %s\n", 5550a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang s_isakmp_cfg_type(type)); 5560a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang goto end; 5570a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 5580a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 5590a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_DEBUG, LOCATION, NULL, 5600a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "Attribute %s, len %zu\n", 5610a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang s_isakmp_cfg_type(type), alen); 5620a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 5630a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang switch(type) { 5640a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case INTERNAL_IP4_ADDRESS: 5650a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case INTERNAL_IP4_NETMASK: 5660a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case INTERNAL_IP4_DNS: 5670a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case INTERNAL_IP4_NBNS: 5680a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case INTERNAL_IP4_SUBNET: 5690a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang reply_attr = isakmp_cfg_net(iph1, attr); 5700a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 5710a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 5720a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case XAUTH_TYPE: 5730a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case XAUTH_USER_NAME: 5740a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case XAUTH_USER_PASSWORD: 5750a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case XAUTH_PASSCODE: 5760a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case XAUTH_MESSAGE: 5770a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case XAUTH_CHALLENGE: 5780a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case XAUTH_DOMAIN: 5790a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case XAUTH_STATUS: 5800a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case XAUTH_NEXT_PIN: 5810a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case XAUTH_ANSWER: 5820a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang reply_attr = isakmp_xauth_req(iph1, attr); 5830a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 5840a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 5850a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case APPLICATION_VERSION: 5860a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang reply_attr = isakmp_cfg_string(iph1, 5870a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang attr, ISAKMP_CFG_RACOON_VERSION); 5880a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 5890a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 5900a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case UNITY_BANNER: 5910a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case UNITY_PFS: 5920a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case UNITY_SAVE_PASSWD: 5930a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case UNITY_DEF_DOMAIN: 5940a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case UNITY_DDNS_HOSTNAME: 5950a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case UNITY_FW_TYPE: 5960a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case UNITY_SPLITDNS_NAME: 5970a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case UNITY_SPLIT_INCLUDE: 5980a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case UNITY_LOCAL_LAN: 5990a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case UNITY_NATT_PORT: 6000a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case UNITY_BACKUP_SERVERS: 6010a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang reply_attr = isakmp_unity_req(iph1, attr); 6020a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 6030a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 6040a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case INTERNAL_ADDRESS_EXPIRY: 6050a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang default: 6060a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_WARNING, LOCATION, NULL, 6070a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "Ignored attribute %s\n", 6080a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang s_isakmp_cfg_type(type)); 6090a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 6100a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 6110a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 6120a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang npp = (char *)attr; 6130a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang attr = (struct isakmp_data *)(npp + sizeof(*attr) + alen); 6140a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang tlen -= (sizeof(*attr) + alen); 6150a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 6160a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (reply_attr != NULL) { 6170a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang payload = buffer_cat(payload, reply_attr); 6180a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang vfree(reply_attr); 6190a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 6200a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 6210a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 6220a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 6230a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang reply = (struct isakmp_pl_attr *)payload->v; 6240a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang reply->h.len = htons(payload->l); 6250a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang reply->type = ISAKMP_CFG_REPLY; 6260a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang reply->id = attrpl->id; 6270a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 6280a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_DEBUG, LOCATION, NULL, 6290a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "Sending MODE_CFG REPLY\n"); 6300a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 6310a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang error = isakmp_cfg_send(iph1, payload, 6320a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang ISAKMP_NPTYPE_ATTR, ISAKMP_FLAG_E, 0); 6330a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 6340a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (iph1->status == PHASE1ST_ESTABLISHED) { 635f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh switch (iph1->approval->authmethod) { 6360a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case OAKLEY_ATTR_AUTH_METHOD_XAUTH_PSKEY_R: 6370a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case OAKLEY_ATTR_AUTH_METHOD_HYBRID_RSA_R: 6380a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* Unimplemented */ 6390a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case OAKLEY_ATTR_AUTH_METHOD_HYBRID_DSS_R: 6400a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case OAKLEY_ATTR_AUTH_METHOD_XAUTH_DSSSIG_R: 6410a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case OAKLEY_ATTR_AUTH_METHOD_XAUTH_RSASIG_R: 6420a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case OAKLEY_ATTR_AUTH_METHOD_XAUTH_RSAENC_R: 6430a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case OAKLEY_ATTR_AUTH_METHOD_XAUTH_RSAREV_R: 6440a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang script_hook(iph1, SCRIPT_PHASE1_UP); 6450a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 6460a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang default: 6470a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 6480a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 6490a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 6500a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 6510a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangend: 6520a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang vfree(payload); 6530a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 6540a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return error; 6550a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang} 6560a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 6570a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangint 6580a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangisakmp_cfg_set(iph1, attrpl) 6590a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct ph1handle *iph1; 6600a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct isakmp_pl_attr *attrpl; 6610a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 6620a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct isakmp_data *attr; 6630a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int tlen; 6640a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang size_t alen; 6650a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang char *npp; 6660a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang vchar_t *payload; 6670a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct isakmp_pl_attr *reply; 6680a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang vchar_t *reply_attr; 6690a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int type; 6700a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int error = -1; 6710a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 6720a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if ((payload = vmalloc(sizeof(*reply))) == NULL) { 6730a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, "Cannot allocate memory\n"); 6740a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return -1; 6750a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 6760a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang memset(payload->v, 0, sizeof(*reply)); 6770a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 6780a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang tlen = ntohs(attrpl->h.len); 6790a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang attr = (struct isakmp_data *)(attrpl + 1); 6800a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang tlen -= sizeof(*attrpl); 6810a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 6820a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* 6830a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * We should send ack for the attributes we accepted 6840a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang */ 6850a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang while (tlen > 0) { 6860a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang reply_attr = NULL; 6870a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang type = ntohs(attr->type); 6880a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 6890a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_DEBUG, LOCATION, NULL, 6900a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "Attribute %s\n", 6910a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang s_isakmp_cfg_type(type & ~ISAKMP_GEN_MASK)); 6920a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 6930a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang switch (type & ~ISAKMP_GEN_MASK) { 6940a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case XAUTH_STATUS: 6950a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang reply_attr = isakmp_xauth_set(iph1, attr); 6960a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 6970a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang default: 6980a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_DEBUG, LOCATION, NULL, 6990a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "Unexpected SET attribute %s\n", 7000a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang s_isakmp_cfg_type(type & ~ISAKMP_GEN_MASK)); 7010a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 7020a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 7030a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 7040a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (reply_attr != NULL) { 7050a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang payload = buffer_cat(payload, reply_attr); 7060a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang vfree(reply_attr); 7070a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 7080a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 7090a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* 7100a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * Move to next attribute. If we run out of the packet, 7110a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * tlen becomes negative and we exit. 7120a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang */ 7130a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if ((type & ISAKMP_GEN_MASK) == ISAKMP_GEN_TV) { 7140a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang tlen -= sizeof(*attr); 7150a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang attr++; 7160a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } else { 7170a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang alen = ntohs(attr->lorv); 7180a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang tlen -= (sizeof(*attr) + alen); 7190a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang npp = (char *)attr; 7200a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang attr = (struct isakmp_data *) 7210a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang (npp + sizeof(*attr) + alen); 7220a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 7230a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 7240a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 7250a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang reply = (struct isakmp_pl_attr *)payload->v; 7260a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang reply->h.len = htons(payload->l); 7270a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang reply->type = ISAKMP_CFG_ACK; 7280a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang reply->id = attrpl->id; 7290a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 7300a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_DEBUG, LOCATION, NULL, 7310a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "Sending MODE_CFG ACK\n"); 7320a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 7330a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang error = isakmp_cfg_send(iph1, payload, 7340a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang ISAKMP_NPTYPE_ATTR, ISAKMP_FLAG_E, 0); 7350a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 7360a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (iph1->mode_cfg->flags & ISAKMP_CFG_DELETE_PH1) { 737f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh if (iph1->status == PHASE1ST_ESTABLISHED || 738f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh iph1->status == PHASE1ST_DYING) 7390a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang isakmp_info_send_d1(iph1); 7400a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang remph1(iph1); 7410a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang delph1(iph1); 7420a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang iph1 = NULL; 7430a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 7440a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangend: 7450a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang vfree(payload); 7460a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 7470a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* 7480a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * If required, request ISAKMP mode config information 7490a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang */ 7500a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if ((iph1 != NULL) && (iph1->rmconf->mode_cfg) && (error == 0)) 7510a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang error = isakmp_cfg_getconfig(iph1); 7520a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 7530a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return error; 7540a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang} 7550a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 7560a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 7570a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangstatic vchar_t * 7580a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangbuffer_cat(s, append) 7590a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang vchar_t *s; 7600a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang vchar_t *append; 7610a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 7620a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang vchar_t *new; 7630a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 7640a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang new = vmalloc(s->l + append->l); 7650a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (new == NULL) { 7660a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 7670a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "Cannot allocate memory\n"); 7680a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return s; 7690a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 7700a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 7710a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang memcpy(new->v, s->v, s->l); 7720a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang memcpy(new->v + s->l, append->v, append->l); 7730a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 7740a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang vfree(s); 7750a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return new; 7760a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang} 7770a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 7780a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangstatic vchar_t * 7790a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangisakmp_cfg_net(iph1, attr) 7800a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct ph1handle *iph1; 7810a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct isakmp_data *attr; 7820a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 7830a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int type; 7840a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int confsource; 7850a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang in_addr_t addr4; 7860a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 7870a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang type = ntohs(attr->type); 7880a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 7890a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* 7900a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * Don't give an address to a peer that did not succeed Xauth 7910a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang */ 7920a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (xauth_check(iph1) != 0) { 7930a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 7940a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "Attempt to start phase config whereas Xauth failed\n"); 7950a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return NULL; 7960a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 7970a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 7980a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang confsource = isakmp_cfg_config.confsource; 7990a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* 8000a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * If we have to fall back to a local 8010a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * configuration source, we will jump 8020a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * back to this point. 8030a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang */ 8040a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangretry_source: 8050a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 8060a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang switch(type) { 8070a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case INTERNAL_IP4_ADDRESS: 8080a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang switch(confsource) { 8090a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#ifdef HAVE_LIBLDAP 8100a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case ISAKMP_CFG_CONF_LDAP: 8110a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (iph1->mode_cfg->flags & ISAKMP_CFG_ADDR4_EXTERN) 8120a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 8130a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_INFO, LOCATION, NULL, 8140a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "No IP from LDAP, using local pool\n"); 8150a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* FALLTHROUGH */ 8160a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang confsource = ISAKMP_CFG_CONF_LOCAL; 8170a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang goto retry_source; 8180a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#endif 8190a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#ifdef HAVE_LIBRADIUS 8200a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case ISAKMP_CFG_CONF_RADIUS: 8210a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if ((iph1->mode_cfg->flags & ISAKMP_CFG_ADDR4_EXTERN) 8220a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang && (iph1->mode_cfg->addr4.s_addr != htonl(-2))) 8230a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* 8240a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * -2 is 255.255.255.254, RADIUS uses that 8250a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * to instruct the NAS to use a local pool 8260a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang */ 8270a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 8280a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_INFO, LOCATION, NULL, 8290a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "No IP from RADIUS, using local pool\n"); 8300a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* FALLTHROUGH */ 8310a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang confsource = ISAKMP_CFG_CONF_LOCAL; 8320a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang goto retry_source; 8330a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#endif 8340a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case ISAKMP_CFG_CONF_LOCAL: 8350a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (isakmp_cfg_getport(iph1) == -1) { 8360a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 8370a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "Port pool depleted\n"); 8380a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 8390a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 8400a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 8410a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang iph1->mode_cfg->addr4.s_addr = 8420a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang htonl(ntohl(isakmp_cfg_config.network4) 8430a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang + iph1->mode_cfg->port); 8440a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang iph1->mode_cfg->flags |= ISAKMP_CFG_ADDR4_LOCAL; 8450a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 8460a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 8470a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang default: 8480a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 8490a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "Unexpected confsource\n"); 8500a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 8510a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 8520a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (isakmp_cfg_accounting(iph1, ISAKMP_CFG_LOGIN) != 0) 8530a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, "Accounting failed\n"); 8540a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 8550a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return isakmp_cfg_addr4(iph1, 8560a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang attr, &iph1->mode_cfg->addr4.s_addr); 8570a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 8580a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 8590a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case INTERNAL_IP4_NETMASK: 8600a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang switch(confsource) { 8610a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#ifdef HAVE_LIBLDAP 8620a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case ISAKMP_CFG_CONF_LDAP: 8630a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (iph1->mode_cfg->flags & ISAKMP_CFG_MASK4_EXTERN) 8640a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 8650a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_INFO, LOCATION, NULL, 8660a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "No mask from LDAP, using local pool\n"); 8670a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* FALLTHROUGH */ 8680a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang confsource = ISAKMP_CFG_CONF_LOCAL; 8690a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang goto retry_source; 8700a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#endif 8710a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#ifdef HAVE_LIBRADIUS 8720a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case ISAKMP_CFG_CONF_RADIUS: 8730a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (iph1->mode_cfg->flags & ISAKMP_CFG_MASK4_EXTERN) 8740a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 8750a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_INFO, LOCATION, NULL, 8760a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "No mask from RADIUS, using local pool\n"); 8770a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* FALLTHROUGH */ 8780a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang confsource = ISAKMP_CFG_CONF_LOCAL; 8790a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang goto retry_source; 8800a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#endif 8810a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case ISAKMP_CFG_CONF_LOCAL: 8820a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang iph1->mode_cfg->mask4.s_addr 8830a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang = isakmp_cfg_config.netmask4; 8840a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang iph1->mode_cfg->flags |= ISAKMP_CFG_MASK4_LOCAL; 8850a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 8860a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 8870a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang default: 8880a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 8890a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "Unexpected confsource\n"); 8900a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 8910a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return isakmp_cfg_addr4(iph1, attr, 8920a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang &iph1->mode_cfg->mask4.s_addr); 8930a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 8940a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 8950a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case INTERNAL_IP4_DNS: 8960a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return isakmp_cfg_addr4_list(iph1, 8970a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang attr, &isakmp_cfg_config.dns4[0], 8980a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang isakmp_cfg_config.dns4_index); 8990a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 9000a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 9010a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case INTERNAL_IP4_NBNS: 9020a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return isakmp_cfg_addr4_list(iph1, 9030a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang attr, &isakmp_cfg_config.nbns4[0], 9040a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang isakmp_cfg_config.nbns4_index); 9050a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 9060a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 9070a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case INTERNAL_IP4_SUBNET: 908f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh if(isakmp_cfg_config.splitnet_count > 0){ 909f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh return isakmp_cfg_addrnet4(iph1, attr, 910f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh &isakmp_cfg_config.splitnet_list->network.addr4.s_addr, 911f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh &isakmp_cfg_config.splitnet_list->network.mask4.s_addr); 912f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh }else{ 913f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh plog(LLV_INFO, LOCATION, NULL, 914f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh "%s requested but no splitnet in configuration\n", 915f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh s_isakmp_cfg_type(type)); 916f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh } 9170a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 9180a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 9190a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang default: 9200a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, "Unexpected type %d\n", type); 9210a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 9220a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 9230a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return NULL; 9240a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang} 9250a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 9260a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#if 0 9270a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangstatic vchar_t * 9280a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangisakmp_cfg_void(iph1, attr) 9290a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct ph1handle *iph1; 9300a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct isakmp_data *attr; 9310a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 9320a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang vchar_t *buffer; 9330a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct isakmp_data *new; 9340a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 9350a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if ((buffer = vmalloc(sizeof(*attr))) == NULL) { 9360a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, "Cannot allocate memory\n"); 9370a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return NULL; 9380a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 9390a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 9400a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang new = (struct isakmp_data *)buffer->v; 9410a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 9420a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang new->type = attr->type; 9430a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang new->lorv = htons(0); 9440a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 9450a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return buffer; 9460a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang} 9470a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#endif 9480a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 9490a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangvchar_t * 9500a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangisakmp_cfg_copy(iph1, attr) 9510a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct ph1handle *iph1; 9520a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct isakmp_data *attr; 9530a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 9540a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang vchar_t *buffer; 9550a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang size_t len = 0; 9560a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 9570a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if ((ntohs(attr->type) & ISAKMP_GEN_MASK) == ISAKMP_GEN_TLV) 9580a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang len = ntohs(attr->lorv); 9590a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 9600a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if ((buffer = vmalloc(sizeof(*attr) + len)) == NULL) { 9610a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, "Cannot allocate memory\n"); 9620a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return NULL; 9630a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 9640a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 9650a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang memcpy(buffer->v, attr, sizeof(*attr) + ntohs(attr->lorv)); 9660a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 9670a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return buffer; 9680a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang} 9690a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 9700a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangvchar_t * 9710a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangisakmp_cfg_short(iph1, attr, value) 9720a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct ph1handle *iph1; 9730a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct isakmp_data *attr; 9740a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int value; 9750a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 9760a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang vchar_t *buffer; 9770a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct isakmp_data *new; 9780a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int type; 9790a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 9800a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if ((buffer = vmalloc(sizeof(*attr))) == NULL) { 9810a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, "Cannot allocate memory\n"); 9820a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return NULL; 9830a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 9840a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 9850a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang new = (struct isakmp_data *)buffer->v; 9860a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang type = ntohs(attr->type) & ~ISAKMP_GEN_MASK; 9870a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 9880a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang new->type = htons(type | ISAKMP_GEN_TV); 9890a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang new->lorv = htons(value); 9900a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 9910a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return buffer; 9920a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang} 9930a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 9940a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangvchar_t * 9950a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangisakmp_cfg_varlen(iph1, attr, string, len) 9960a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct ph1handle *iph1; 9970a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct isakmp_data *attr; 9980a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang char *string; 9990a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang size_t len; 10000a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 10010a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang vchar_t *buffer; 10020a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct isakmp_data *new; 10030a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang char *data; 10040a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 10050a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if ((buffer = vmalloc(sizeof(*attr) + len)) == NULL) { 10060a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, "Cannot allocate memory\n"); 10070a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return NULL; 10080a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 10090a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 10100a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang new = (struct isakmp_data *)buffer->v; 10110a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 10120a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang new->type = attr->type; 10130a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang new->lorv = htons(len); 10140a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang data = (char *)(new + 1); 10150a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 10160a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang memcpy(data, string, len); 10170a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 10180a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return buffer; 10190a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang} 10200a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangvchar_t * 10210a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangisakmp_cfg_string(iph1, attr, string) 10220a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct ph1handle *iph1; 10230a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct isakmp_data *attr; 10240a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang char *string; 10250a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 10260a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang size_t len = strlen(string); 10270a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return isakmp_cfg_varlen(iph1, attr, string, len); 10280a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang} 10290a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 10300a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangstatic vchar_t * 10310a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangisakmp_cfg_addr4(iph1, attr, addr) 10320a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct ph1handle *iph1; 10330a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct isakmp_data *attr; 10340a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang in_addr_t *addr; 10350a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 10360a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang vchar_t *buffer; 10370a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct isakmp_data *new; 10380a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang size_t len; 10390a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 10400a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang len = sizeof(*addr); 10410a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if ((buffer = vmalloc(sizeof(*attr) + len)) == NULL) { 10420a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, "Cannot allocate memory\n"); 10430a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return NULL; 10440a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 10450a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 10460a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang new = (struct isakmp_data *)buffer->v; 10470a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 10480a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang new->type = attr->type; 10490a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang new->lorv = htons(len); 10500a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang memcpy(new + 1, addr, len); 10510a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 10520a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return buffer; 10530a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang} 10540a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 10550a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangstatic vchar_t * 1056f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yehisakmp_cfg_addrnet4(iph1, attr, addr, mask) 1057f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh struct ph1handle *iph1; 1058f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh struct isakmp_data *attr; 1059f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh in_addr_t *addr; 1060f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh in_addr_t *mask; 1061f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh{ 1062f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh vchar_t *buffer; 1063f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh struct isakmp_data *new; 1064f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh size_t len; 1065f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh in_addr_t netbuff[2]; 1066f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh 1067f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh len = sizeof(netbuff); 1068f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh if ((buffer = vmalloc(sizeof(*attr) + len)) == NULL) { 1069f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh plog(LLV_ERROR, LOCATION, NULL, "Cannot allocate memory\n"); 1070f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh return NULL; 1071f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh } 1072f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh 1073f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh new = (struct isakmp_data *)buffer->v; 1074f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh 1075f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh new->type = attr->type; 1076f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh new->lorv = htons(len); 1077f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh netbuff[0]=*addr; 1078f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh netbuff[1]=*mask; 1079f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh memcpy(new + 1, netbuff, len); 1080f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh 1081f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh return buffer; 1082f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh} 1083f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh 1084f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh 1085f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yehstatic vchar_t * 10860a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangisakmp_cfg_addr4_list(iph1, attr, addr, nbr) 10870a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct ph1handle *iph1; 10880a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct isakmp_data *attr; 10890a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang in_addr_t *addr; 10900a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int nbr; 10910a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 10920a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int error = -1; 10930a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang vchar_t *buffer = NULL; 10940a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang vchar_t *bufone = NULL; 10950a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct isakmp_data *new; 10960a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang size_t len; 10970a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int i; 10980a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 10990a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang len = sizeof(*addr); 11000a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if ((buffer = vmalloc(0)) == NULL) { 11010a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, "Cannot allocate memory\n"); 11020a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang goto out; 11030a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 11040a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang for(i = 0; i < nbr; i++) { 11050a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if ((bufone = vmalloc(sizeof(*attr) + len)) == NULL) { 11060a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 11070a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "Cannot allocate memory\n"); 11080a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang goto out; 11090a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 11100a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang new = (struct isakmp_data *)bufone->v; 11110a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang new->type = attr->type; 11120a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang new->lorv = htons(len); 11130a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang memcpy(new + 1, &addr[i], len); 11140a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang new += (len + sizeof(*attr)); 11150a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang buffer = buffer_cat(buffer, bufone); 11160a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang vfree(bufone); 11170a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 11180a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 11190a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang error = 0; 11200a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 11210a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangout: 11220a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if ((error != 0) && (buffer != NULL)) { 11230a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang vfree(buffer); 11240a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang buffer = NULL; 11250a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 11260a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 11270a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return buffer; 11280a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang} 11290a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 11300a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangstruct isakmp_ivm * 11310a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangisakmp_cfg_newiv(iph1, msgid) 11320a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct ph1handle *iph1; 11330a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang u_int32_t msgid; 11340a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 11350a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct isakmp_cfg_state *ics = iph1->mode_cfg; 11360a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 11370a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (ics == NULL) { 11380a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 11390a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "isakmp_cfg_newiv called without mode config state\n"); 11400a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return NULL; 11410a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 11420a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 11430a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (ics->ivm != NULL) 11440a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang oakley_delivm(ics->ivm); 11450a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 11460a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang ics->ivm = oakley_newiv2(iph1, msgid); 11470a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang ics->last_msgid = msgid; 11480a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 11490a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return ics->ivm; 11500a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang} 11510a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 11520a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang/* Derived from isakmp_info_send_common */ 11530a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangint 11540a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangisakmp_cfg_send(iph1, payload, np, flags, new_exchange) 11550a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct ph1handle *iph1; 11560a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang vchar_t *payload; 11570a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang u_int32_t np; 11580a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int flags; 11590a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int new_exchange; 11600a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 11610a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct ph2handle *iph2 = NULL; 11620a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang vchar_t *hash = NULL; 11630a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct isakmp *isakmp; 11640a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct isakmp_gen *gen; 11650a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang char *p; 11660a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int tlen; 11670a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int error = -1; 11680a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct isakmp_cfg_state *ics = iph1->mode_cfg; 11690a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 11700a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* Check if phase 1 is established */ 1171f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh if ((iph1->status < PHASE1ST_ESTABLISHED) || 11720a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang (iph1->local == NULL) || 11730a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang (iph1->remote == NULL)) { 11740a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 11750a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "ISAKMP mode config exchange with immature phase 1\n"); 11760a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang goto end; 11770a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 11780a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 11790a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* add new entry to isakmp status table */ 11800a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang iph2 = newph2(); 11810a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (iph2 == NULL) 11820a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang goto end; 11830a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 11840a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang iph2->dst = dupsaddr(iph1->remote); 11850a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (iph2->dst == NULL) { 11860a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang delph2(iph2); 11870a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang goto end; 11880a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 11890a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang iph2->src = dupsaddr(iph1->local); 11900a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (iph2->src == NULL) { 11910a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang delph2(iph2); 11920a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang goto end; 11930a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 11940a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 11950a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang iph2->side = INITIATOR; 11960a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang iph2->status = PHASE2ST_START; 11970a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 11980a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (new_exchange) 11990a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang iph2->msgid = isakmp_newmsgid2(iph1); 12000a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang else 12010a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang iph2->msgid = iph1->msgid; 12020a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 12030a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* get IV and HASH(1) if skeyid_a was generated. */ 12040a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (iph1->skeyid_a != NULL) { 12050a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (new_exchange) { 12060a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (isakmp_cfg_newiv(iph1, iph2->msgid) == NULL) { 12070a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang delph2(iph2); 12080a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang goto end; 12090a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 12100a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 12110a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 12120a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* generate HASH(1) */ 1213f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh hash = oakley_compute_hash1(iph1, iph2->msgid, payload); 12140a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (hash == NULL) { 12150a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang delph2(iph2); 12160a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang goto end; 12170a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 12180a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 12190a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* initialized total buffer length */ 12200a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang tlen = hash->l; 12210a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang tlen += sizeof(*gen); 12220a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } else { 12230a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* IKE-SA is not established */ 12240a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang hash = NULL; 12250a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 12260a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* initialized total buffer length */ 12270a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang tlen = 0; 12280a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 12290a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if ((flags & ISAKMP_FLAG_A) == 0) 12300a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang iph2->flags = (hash == NULL ? 0 : ISAKMP_FLAG_E); 12310a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang else 12320a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang iph2->flags = (hash == NULL ? 0 : ISAKMP_FLAG_A); 12330a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 12340a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang insph2(iph2); 12350a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang bindph12(iph1, iph2); 12360a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 12370a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang tlen += sizeof(*isakmp) + payload->l; 12380a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 12390a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* create buffer for isakmp payload */ 12400a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang iph2->sendbuf = vmalloc(tlen); 12410a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (iph2->sendbuf == NULL) { 12420a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 12430a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "failed to get buffer to send.\n"); 12440a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang goto err; 12450a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 12460a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 12470a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* create isakmp header */ 12480a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang isakmp = (struct isakmp *)iph2->sendbuf->v; 12490a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang memcpy(&isakmp->i_ck, &iph1->index.i_ck, sizeof(cookie_t)); 12500a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang memcpy(&isakmp->r_ck, &iph1->index.r_ck, sizeof(cookie_t)); 12510a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang isakmp->np = hash == NULL ? (np & 0xff) : ISAKMP_NPTYPE_HASH; 12520a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang isakmp->v = iph1->version; 12530a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang isakmp->etype = ISAKMP_ETYPE_CFG; 12540a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang isakmp->flags = iph2->flags; 12550a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang memcpy(&isakmp->msgid, &iph2->msgid, sizeof(isakmp->msgid)); 12560a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang isakmp->len = htonl(tlen); 12570a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang p = (char *)(isakmp + 1); 12580a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 12590a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* create HASH payload */ 12600a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (hash != NULL) { 12610a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang gen = (struct isakmp_gen *)p; 12620a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang gen->np = np & 0xff; 12630a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang gen->len = htons(sizeof(*gen) + hash->l); 12640a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang p += sizeof(*gen); 12650a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang memcpy(p, hash->v, hash->l); 12660a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang p += hash->l; 12670a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 12680a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 12690a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* add payload */ 12700a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang memcpy(p, payload->v, payload->l); 12710a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang p += payload->l; 12720a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 12730a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#ifdef HAVE_PRINT_ISAKMP_C 12740a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang isakmp_printpacket(iph2->sendbuf, iph1->local, iph1->remote, 1); 12750a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#endif 12760a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 12770a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_DEBUG, LOCATION, NULL, "MODE_CFG packet to send\n"); 12780a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plogdump(LLV_DEBUG, iph2->sendbuf->v, iph2->sendbuf->l); 12790a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 12800a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* encoding */ 12810a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (ISSET(isakmp->flags, ISAKMP_FLAG_E)) { 12820a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang vchar_t *tmp; 12830a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 12840a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang tmp = oakley_do_encrypt(iph2->ph1, iph2->sendbuf, 12850a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang ics->ivm->ive, ics->ivm->iv); 12860a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang VPTRINIT(iph2->sendbuf); 12870a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (tmp == NULL) 12880a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang goto err; 12890a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang iph2->sendbuf = tmp; 12900a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 12910a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 12920a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* HDR*, HASH(1), ATTR */ 12930a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (isakmp_send(iph2->ph1, iph2->sendbuf) < 0) { 12940a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang VPTRINIT(iph2->sendbuf); 12950a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang goto err; 12960a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 12970a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 12980a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_DEBUG, LOCATION, NULL, 12990a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "sendto mode config %s.\n", s_isakmp_nptype(np)); 13000a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 13010a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* 13020a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * XXX We might need to resend the message... 13030a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang */ 13040a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 13050a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang error = 0; 13060a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang VPTRINIT(iph2->sendbuf); 13070a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 13080a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangerr: 13090a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (iph2->sendbuf != NULL) 13100a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang vfree(iph2->sendbuf); 13110a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 13120a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang remph2(iph2); 13130a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang delph2(iph2); 13140a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangend: 13150a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (hash) 13160a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang vfree(hash); 13170a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return error; 13180a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang} 13190a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 13200a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 13210a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangvoid 13220a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangisakmp_cfg_rmstate(iph1) 13230a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct ph1handle *iph1; 13240a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 13250a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct isakmp_cfg_state *state = iph1->mode_cfg; 13260a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 13270a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (isakmp_cfg_accounting(iph1, ISAKMP_CFG_LOGOUT) != 0) 13280a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, "Accounting failed\n"); 13290a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 13300a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (state->flags & ISAKMP_CFG_PORT_ALLOCATED) 13310a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang isakmp_cfg_putport(iph1, state->port); 13320a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 13330a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* Delete the IV if it's still there */ 13340a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if(iph1->mode_cfg->ivm) { 13350a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang oakley_delivm(iph1->mode_cfg->ivm); 13360a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang iph1->mode_cfg->ivm = NULL; 13370a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 13380a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 13390a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* Free any allocated splitnet lists */ 13400a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if(iph1->mode_cfg->split_include != NULL) 13410a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang splitnet_list_free(iph1->mode_cfg->split_include, 13420a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang &iph1->mode_cfg->include_count); 13430a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if(iph1->mode_cfg->split_local != NULL) 13440a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang splitnet_list_free(iph1->mode_cfg->split_local, 13450a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang &iph1->mode_cfg->local_count); 13460a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 13470a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang xauth_rmstate(&state->xauth); 13480a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 13490a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang racoon_free(state); 13500a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang iph1->mode_cfg = NULL; 13510a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 13520a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return; 13530a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang} 13540a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 13550a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangstruct isakmp_cfg_state * 13560a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangisakmp_cfg_mkstate(void) 13570a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 13580a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct isakmp_cfg_state *state; 13590a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 13600a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if ((state = racoon_malloc(sizeof(*state))) == NULL) { 13610a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 13620a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "Cannot allocate memory for mode config state\n"); 13630a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return NULL; 13640a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 13650a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang memset(state, 0, sizeof(*state)); 13660a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 13670a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return state; 13680a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang} 13690a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 13700a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangint 13710a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangisakmp_cfg_getport(iph1) 13720a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct ph1handle *iph1; 13730a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 13740a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang unsigned int i; 13750a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang size_t size = isakmp_cfg_config.pool_size; 13760a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 13770a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (iph1->mode_cfg->flags & ISAKMP_CFG_PORT_ALLOCATED) 13780a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return iph1->mode_cfg->port; 13790a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 13800a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (isakmp_cfg_config.port_pool == NULL) { 13810a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 13820a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "isakmp_cfg_config.port_pool == NULL\n"); 13830a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return -1; 13840a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 13850a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 13860a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang for (i = 0; i < size; i++) { 13870a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (isakmp_cfg_config.port_pool[i].used == 0) 13880a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 13890a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 13900a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 13910a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (i == size) { 13920a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 13930a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "No more addresses available\n"); 13940a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return -1; 13950a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 13960a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 13970a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang isakmp_cfg_config.port_pool[i].used = 1; 13980a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 13990a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_INFO, LOCATION, NULL, "Using port %d\n", i); 14000a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 14010a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang iph1->mode_cfg->flags |= ISAKMP_CFG_PORT_ALLOCATED; 14020a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang iph1->mode_cfg->port = i; 14030a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 14040a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return i; 14050a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang} 14060a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 14070a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangint 14080a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangisakmp_cfg_putport(iph1, index) 14090a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct ph1handle *iph1; 14100a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang unsigned int index; 14110a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 14120a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (isakmp_cfg_config.port_pool == NULL) { 14130a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 14140a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "isakmp_cfg_config.port_pool == NULL\n"); 14150a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return -1; 14160a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 14170a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 14180a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (isakmp_cfg_config.port_pool[index].used == 0) { 14190a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 14200a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "Attempt to release an unallocated address (port %d)\n", 14210a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang index); 14220a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return -1; 14230a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 14240a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 14250a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#ifdef HAVE_LIBPAM 14260a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* Cleanup PAM status associated with the port */ 14270a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (isakmp_cfg_config.authsource == ISAKMP_CFG_AUTH_PAM) 14280a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang privsep_cleanup_pam(index); 14290a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#endif 14300a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang isakmp_cfg_config.port_pool[index].used = 0; 14310a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang iph1->mode_cfg->flags &= ISAKMP_CFG_PORT_ALLOCATED; 14320a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 14330a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_INFO, LOCATION, NULL, "Released port %d\n", index); 14340a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 14350a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return 0; 14360a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang} 14370a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 14380a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#ifdef HAVE_LIBPAM 14390a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangvoid 14400a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangcleanup_pam(port) 14410a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int port; 14420a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 14430a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (isakmp_cfg_config.port_pool[port].pam != NULL) { 14440a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang pam_end(isakmp_cfg_config.port_pool[port].pam, PAM_SUCCESS); 14450a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang isakmp_cfg_config.port_pool[port].pam = NULL; 14460a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 14470a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 14480a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return; 14490a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang} 14500a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#endif 14510a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 14520a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang/* Accounting, only for RADIUS or PAM */ 14530a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangstatic int 14540a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangisakmp_cfg_accounting(iph1, inout) 14550a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct ph1handle *iph1; 14560a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int inout; 14570a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 14580a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#ifdef HAVE_LIBPAM 14590a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (isakmp_cfg_config.accounting == ISAKMP_CFG_ACCT_PAM) 14600a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return privsep_accounting_pam(iph1->mode_cfg->port, 14610a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang inout); 14620a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#endif 14630a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#ifdef HAVE_LIBRADIUS 14640a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (isakmp_cfg_config.accounting == ISAKMP_CFG_ACCT_RADIUS) 14650a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return isakmp_cfg_accounting_radius(iph1, inout); 14660a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#endif 14670a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (isakmp_cfg_config.accounting == ISAKMP_CFG_ACCT_SYSTEM) 14680a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return privsep_accounting_system(iph1->mode_cfg->port, 14690a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang iph1->remote, iph1->mode_cfg->login, inout); 14700a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return 0; 14710a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang} 14720a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 14730a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#ifdef HAVE_LIBPAM 14740a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangint 14750a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangisakmp_cfg_accounting_pam(port, inout) 14760a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int port; 14770a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int inout; 14780a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 14790a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int error = 0; 14800a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang pam_handle_t *pam; 14810a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 14820a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (isakmp_cfg_config.port_pool == NULL) { 14830a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 14840a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "isakmp_cfg_config.port_pool == NULL\n"); 14850a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return -1; 14860a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 14870a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 14880a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang pam = isakmp_cfg_config.port_pool[port].pam; 14890a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (pam == NULL) { 14900a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, "pam handle is NULL\n"); 14910a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return -1; 14920a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 14930a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 14940a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang switch (inout) { 14950a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case ISAKMP_CFG_LOGIN: 14960a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang error = pam_open_session(pam, 0); 14970a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 14980a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case ISAKMP_CFG_LOGOUT: 14990a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang error = pam_close_session(pam, 0); 15000a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang pam_end(pam, error); 15010a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang isakmp_cfg_config.port_pool[port].pam = NULL; 15020a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 15030a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang default: 15040a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, "Unepected inout\n"); 15050a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 15060a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 15070a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 15080a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (error != 0) { 15090a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 15100a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "pam_open_session/pam_close_session failed: %s\n", 15110a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang pam_strerror(pam, error)); 15120a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return -1; 15130a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 15140a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 15150a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return 0; 15160a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang} 15170a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#endif /* HAVE_LIBPAM */ 15180a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 15190a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#ifdef HAVE_LIBRADIUS 15200a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangstatic int 15210a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangisakmp_cfg_accounting_radius(iph1, inout) 15220a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct ph1handle *iph1; 15230a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int inout; 15240a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 15250a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (rad_create_request(radius_acct_state, 15260a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang RAD_ACCOUNTING_REQUEST) != 0) { 15270a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 15280a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "rad_create_request failed: %s\n", 15290a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang rad_strerror(radius_acct_state)); 15300a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return -1; 15310a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 15320a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 15330a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (rad_put_string(radius_acct_state, RAD_USER_NAME, 15340a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang iph1->mode_cfg->login) != 0) { 15350a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 15360a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "rad_put_string failed: %s\n", 15370a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang rad_strerror(radius_acct_state)); 15380a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return -1; 15390a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 15400a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 15410a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang switch (inout) { 15420a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case ISAKMP_CFG_LOGIN: 15430a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang inout = RAD_START; 15440a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 15450a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case ISAKMP_CFG_LOGOUT: 15460a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang inout = RAD_STOP; 15470a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 15480a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang default: 15490a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, "Unepected inout\n"); 15500a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 15510a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 15520a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 15530a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (rad_put_addr(radius_acct_state, 15540a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang RAD_FRAMED_IP_ADDRESS, iph1->mode_cfg->addr4) != 0) { 15550a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 15560a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "rad_put_addr failed: %s\n", 15570a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang rad_strerror(radius_acct_state)); 15580a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return -1; 15590a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 15600a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 15610a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (rad_put_addr(radius_acct_state, 15620a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang RAD_LOGIN_IP_HOST, iph1->mode_cfg->addr4) != 0) { 15630a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 15640a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "rad_put_addr failed: %s\n", 15650a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang rad_strerror(radius_acct_state)); 15660a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return -1; 15670a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 15680a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 15690a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (rad_put_int(radius_acct_state, RAD_ACCT_STATUS_TYPE, inout) != 0) { 15700a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 15710a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "rad_put_int failed: %s\n", 15720a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang rad_strerror(radius_acct_state)); 15730a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return -1; 15740a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 15750a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 15760a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (isakmp_cfg_radius_common(radius_acct_state, 15770a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang iph1->mode_cfg->port) != 0) 15780a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return -1; 15790a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 15800a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (rad_send_request(radius_acct_state) != RAD_ACCOUNTING_RESPONSE) { 15810a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 15820a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "rad_send_request failed: %s\n", 15830a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang rad_strerror(radius_acct_state)); 15840a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return -1; 15850a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 15860a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 15870a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return 0; 15880a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang} 15890a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#endif /* HAVE_LIBRADIUS */ 15900a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 15910a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang/* 15920a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * Attributes common to all RADIUS requests 15930a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang */ 15940a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#ifdef HAVE_LIBRADIUS 15950a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangint 15960a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangisakmp_cfg_radius_common(radius_state, port) 15970a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct rad_handle *radius_state; 15980a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int port; 15990a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 16000a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct utsname name; 16010a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang static struct hostent *host = NULL; 16020a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct in_addr nas_addr; 16030a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 16040a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* 16050a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * Find our own IP by resolving our nodename 16060a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang */ 16070a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (host == NULL) { 16080a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (uname(&name) != 0) { 16090a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 16100a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "uname failed: %s\n", strerror(errno)); 16110a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return -1; 16120a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 16130a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 16140a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if ((host = gethostbyname(name.nodename)) == NULL) { 16150a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 16160a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "gethostbyname failed: %s\n", strerror(errno)); 16170a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return -1; 16180a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 16190a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 16200a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 16210a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang memcpy(&nas_addr, host->h_addr, sizeof(nas_addr)); 16220a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (rad_put_addr(radius_state, RAD_NAS_IP_ADDRESS, nas_addr) != 0) { 16230a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 16240a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "rad_put_addr failed: %s\n", 16250a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang rad_strerror(radius_state)); 16260a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return -1; 16270a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 16280a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 16290a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (rad_put_int(radius_state, RAD_NAS_PORT, port) != 0) { 16300a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 16310a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "rad_put_int failed: %s\n", 16320a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang rad_strerror(radius_state)); 16330a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return -1; 16340a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 16350a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 16360a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (rad_put_int(radius_state, RAD_NAS_PORT_TYPE, RAD_VIRTUAL) != 0) { 16370a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 16380a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "rad_put_int failed: %s\n", 16390a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang rad_strerror(radius_state)); 16400a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return -1; 16410a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 16420a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 16430a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (rad_put_int(radius_state, RAD_SERVICE_TYPE, RAD_FRAMED) != 0) { 16440a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 16450a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "rad_put_int failed: %s\n", 16460a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang rad_strerror(radius_state)); 16470a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return -1; 16480a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 16490a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 16500a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return 0; 16510a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang} 16520a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#endif 16530a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 1654514ffe2b8b4236d53f584fcd8382dd65bc4df532Chia-chi Yeh#ifndef ANDROID_PATCHED 1655514ffe2b8b4236d53f584fcd8382dd65bc4df532Chia-chi Yeh 16560a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang/* 16570a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang Logs the user into the utmp system files. 16580a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang*/ 16590a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 16600a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangint 16610a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangisakmp_cfg_accounting_system(port, raddr, usr, inout) 16620a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int port; 16630a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct sockaddr *raddr; 16640a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang char *usr; 16650a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int inout; 16660a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 16670a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int error = 0; 1668f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh struct utmpx ut; 16690a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang char addr[NI_MAXHOST]; 16700a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 16710a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (usr == NULL || usr[0]=='\0') { 16720a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 16730a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "system accounting : no login found\n"); 16740a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return -1; 16750a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 16760a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 1677f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh memset(&ut, 0, sizeof ut); 1678f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh gettimeofday((struct timeval *)&ut.ut_tv, NULL); 1679f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh snprintf(ut.ut_id, sizeof ut.ut_id, TERMSPEC, port); 16800a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 16810a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang switch (inout) { 16820a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case ISAKMP_CFG_LOGIN: 1683f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh ut.ut_type = USER_PROCESS; 1684f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh strncpy(ut.ut_user, usr, sizeof ut.ut_user); 16850a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 16860a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang GETNAMEINFO_NULL(raddr, addr); 1687f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh strncpy(ut.ut_host, addr, sizeof ut.ut_host); 16880a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 16890a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_INFO, LOCATION, NULL, 16900a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "Accounting : '%s' logging on '%s' from %s.\n", 1691f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh ut.ut_user, ut.ut_id, addr); 16920a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 1693f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh pututxline(&ut); 16940a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 16950a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 16960a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case ISAKMP_CFG_LOGOUT: 1697f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh ut.ut_type = DEAD_PROCESS; 16980a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 16990a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_INFO, LOCATION, NULL, 17000a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "Accounting : '%s' unlogging from '%s'.\n", 1701f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh usr, ut.ut_id); 17020a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 1703f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh pututxline(&ut); 17040a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 17050a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 17060a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang default: 17070a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, "Unepected inout\n"); 17080a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 17090a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 17100a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 17110a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return 0; 17120a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang} 17130a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 1714514ffe2b8b4236d53f584fcd8382dd65bc4df532Chia-chi Yeh#endif 1715514ffe2b8b4236d53f584fcd8382dd65bc4df532Chia-chi Yeh 17160a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangint 17170a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangisakmp_cfg_getconfig(iph1) 17180a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct ph1handle *iph1; 17190a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 17200a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang vchar_t *buffer; 17210a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct isakmp_pl_attr *attrpl; 17220a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct isakmp_data *attr; 17230a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang size_t len; 17240a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int error; 17250a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int attrcount; 17260a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int i; 17270a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int attrlist[] = { 17280a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang INTERNAL_IP4_ADDRESS, 17290a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang INTERNAL_IP4_NETMASK, 17300a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang INTERNAL_IP4_DNS, 17310a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang INTERNAL_IP4_NBNS, 17320a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang UNITY_BANNER, 17330a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang UNITY_DEF_DOMAIN, 17340a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang UNITY_SPLITDNS_NAME, 17350a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang UNITY_SPLIT_INCLUDE, 17360a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang UNITY_LOCAL_LAN, 17370a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang APPLICATION_VERSION, 17380a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang }; 17390a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 17400a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang attrcount = sizeof(attrlist) / sizeof(*attrlist); 17410a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang len = sizeof(*attrpl) + sizeof(*attr) * attrcount; 17420a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 17430a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if ((buffer = vmalloc(len)) == NULL) { 17440a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, "Cannot allocate memory\n"); 17450a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return -1; 17460a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 17470a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 17480a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang attrpl = (struct isakmp_pl_attr *)buffer->v; 17490a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang attrpl->h.len = htons(len); 17500a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang attrpl->type = ISAKMP_CFG_REQUEST; 17510a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang attrpl->id = htons((u_int16_t)(eay_random() & 0xffff)); 17520a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 17530a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang attr = (struct isakmp_data *)(attrpl + 1); 17540a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 17550a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang for (i = 0; i < attrcount; i++) { 17560a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang attr->type = htons(attrlist[i]); 17570a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang attr->lorv = htons(0); 17580a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang attr++; 17590a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 17600a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 17610a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_DEBUG, LOCATION, NULL, 17620a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "Sending MODE_CFG REQUEST\n"); 17630a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 17640a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang error = isakmp_cfg_send(iph1, buffer, 17650a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang ISAKMP_NPTYPE_ATTR, ISAKMP_FLAG_E, 1); 17660a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 17670a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang vfree(buffer); 17680a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 17690a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return error; 17700a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang} 17710a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 17720a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangstatic void 17730a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangisakmp_cfg_getaddr4(attr, ip) 17740a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct isakmp_data *attr; 17750a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct in_addr *ip; 17760a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 17770a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang size_t alen = ntohs(attr->lorv); 17780a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang in_addr_t *addr; 17790a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 17800a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (alen != sizeof(*ip)) { 17810a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, "Bad IPv4 address len\n"); 17820a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return; 17830a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 17840a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 17850a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang addr = (in_addr_t *)(attr + 1); 17860a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang ip->s_addr = *addr; 17870a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 17880a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return; 17890a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang} 17900a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 17910a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangstatic void 17920a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangisakmp_cfg_appendaddr4(attr, ip, num, max) 17930a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct isakmp_data *attr; 17940a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct in_addr *ip; 17950a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int *num; 17960a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int max; 17970a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 17980a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang size_t alen = ntohs(attr->lorv); 17990a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang in_addr_t *addr; 18000a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 18010a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (alen != sizeof(*ip)) { 18020a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, "Bad IPv4 address len\n"); 18030a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return; 18040a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 18050a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (*num == max) { 18060a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, "Too many addresses given\n"); 18070a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return; 18080a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 18090a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 18100a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang addr = (in_addr_t *)(attr + 1); 18110a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang ip->s_addr = *addr; 18120a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang (*num)++; 18130a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 18140a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return; 18150a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang} 18160a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 18170a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangstatic void 18180a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangisakmp_cfg_getstring(attr, str) 18190a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct isakmp_data *attr; 18200a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang char *str; 18210a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 18220a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang size_t alen = ntohs(attr->lorv); 18230a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang char *src; 18240a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang src = (char *)(attr + 1); 18250a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 18260a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang memcpy(str, src, (alen > MAXPATHLEN ? MAXPATHLEN : alen)); 18270a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 18280a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return; 18290a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang} 18300a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 18310a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#define IP_MAX 40 18320a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 18330a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangvoid 18340a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangisakmp_cfg_iplist_to_str(dest, count, addr, withmask) 18350a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang char *dest; 18360a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int count; 18370a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang void *addr; 18380a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int withmask; 18390a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 18400a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int i; 18410a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int p; 18420a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int l; 18430a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct unity_network tmp; 18440a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang for(i = 0, p = 0; i < count; i++) { 18450a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if(withmask == 1) 18460a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang l = sizeof(struct unity_network); 18470a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang else 18480a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang l = sizeof(struct in_addr); 18490a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang memcpy(&tmp, addr, l); 18500a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang addr += l; 18510a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if((uint32_t)tmp.addr4.s_addr == 0) 18520a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 18530a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 18540a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang inet_ntop(AF_INET, &tmp.addr4, dest + p, IP_MAX); 18550a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang p += strlen(dest + p); 18560a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if(withmask == 1) { 18570a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang dest[p] = '/'; 18580a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang p++; 18590a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang inet_ntop(AF_INET, &tmp.mask4, dest + p, IP_MAX); 18600a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang p += strlen(dest + p); 18610a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 18620a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang dest[p] = ' '; 18630a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang p++; 18640a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 18650a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if(p > 0) 18660a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang dest[p-1] = '\0'; 18670a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang else 18680a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang dest[0] = '\0'; 18690a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang} 18700a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 18710a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangint 18720a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangisakmp_cfg_setenv(iph1, envp, envc) 18730a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct ph1handle *iph1; 18740a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang char ***envp; 18750a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int *envc; 18760a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 18770a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang char addrstr[IP_MAX]; 18780a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang char addrlist[IP_MAX * MAXNS + MAXNS]; 18790a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang char *splitlist = addrlist; 1880f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh char *splitlist_cidr; 18810a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang char defdom[MAXPATHLEN + 1]; 18820a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int cidr, tmp; 18830a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang char cidrstr[4]; 18840a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int i, p; 18850a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int test; 18860a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 18870a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_DEBUG, LOCATION, NULL, "Starting a script.\n"); 18880a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 18890a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* 18900a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * Internal IPv4 address, either if 18910a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * we are a client or a server. 18920a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang */ 18930a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if ((iph1->mode_cfg->flags & ISAKMP_CFG_GOT_ADDR4) || 18940a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#ifdef HAVE_LIBLDAP 18950a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang (iph1->mode_cfg->flags & ISAKMP_CFG_ADDR4_EXTERN) || 18960a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#endif 18970a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#ifdef HAVE_LIBRADIUS 18980a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang (iph1->mode_cfg->flags & ISAKMP_CFG_ADDR4_EXTERN) || 18990a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#endif 19000a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang (iph1->mode_cfg->flags & ISAKMP_CFG_ADDR4_LOCAL)) { 19010a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang inet_ntop(AF_INET, &iph1->mode_cfg->addr4, 19020a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang addrstr, IP_MAX); 19030a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } else 19040a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang addrstr[0] = '\0'; 19050a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 19060a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (script_env_append(envp, envc, "INTERNAL_ADDR4", addrstr) != 0) { 19070a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, "Cannot set INTERNAL_ADDR4\n"); 19080a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return -1; 19090a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 19100a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 19110a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (iph1->mode_cfg->xauth.authdata.generic.usr != NULL) { 19120a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (script_env_append(envp, envc, "XAUTH_USER", 19130a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang iph1->mode_cfg->xauth.authdata.generic.usr) != 0) { 19140a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 19150a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "Cannot set XAUTH_USER\n"); 19160a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return -1; 19170a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 19180a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 19190a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 19200a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* Internal IPv4 mask */ 19210a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (iph1->mode_cfg->flags & ISAKMP_CFG_GOT_MASK4) 19220a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang inet_ntop(AF_INET, &iph1->mode_cfg->mask4, 19230a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang addrstr, IP_MAX); 19240a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang else 19250a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang addrstr[0] = '\0'; 19260a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 19270a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* 19280a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * During several releases, documentation adverised INTERNAL_NETMASK4 19290a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * while code was using INTERNAL_MASK4. We now do both. 19300a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang */ 19310a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 19320a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (script_env_append(envp, envc, "INTERNAL_MASK4", addrstr) != 0) { 19330a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, "Cannot set INTERNAL_MASK4\n"); 19340a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return -1; 19350a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 19360a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 19370a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (script_env_append(envp, envc, "INTERNAL_NETMASK4", addrstr) != 0) { 19380a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 19390a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "Cannot set INTERNAL_NETMASK4\n"); 19400a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return -1; 19410a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 19420a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 19430a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang tmp = ntohl(iph1->mode_cfg->mask4.s_addr); 19440a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang for (cidr = 0; tmp != 0; cidr++) 19450a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang tmp <<= 1; 19460a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang snprintf(cidrstr, 3, "%d", cidr); 19470a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 19480a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (script_env_append(envp, envc, "INTERNAL_CIDR4", cidrstr) != 0) { 19490a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, "Cannot set INTERNAL_CIDR4\n"); 19500a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return -1; 19510a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 19520a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 19530a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* Internal IPv4 DNS */ 19540a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (iph1->mode_cfg->flags & ISAKMP_CFG_GOT_DNS4) { 19550a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* First Internal IPv4 DNS (for compatibilty with older code */ 19560a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang inet_ntop(AF_INET, &iph1->mode_cfg->dns4[0], 19570a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang addrstr, IP_MAX); 19580a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 19590a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* Internal IPv4 DNS - all */ 19600a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang isakmp_cfg_iplist_to_str(addrlist, iph1->mode_cfg->dns4_index, 19610a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang (void *)iph1->mode_cfg->dns4, 0); 19620a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } else { 19630a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang addrstr[0] = '\0'; 19640a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang addrlist[0] = '\0'; 19650a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 19660a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 19670a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (script_env_append(envp, envc, "INTERNAL_DNS4", addrstr) != 0) { 19680a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, "Cannot set INTERNAL_DNS4\n"); 19690a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return -1; 19700a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 19710a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (script_env_append(envp, envc, "INTERNAL_DNS4_LIST", addrlist) != 0) { 19720a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 19730a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "Cannot set INTERNAL_DNS4_LIST\n"); 19740a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return -1; 19750a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 19760a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 19770a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* Internal IPv4 WINS */ 19780a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (iph1->mode_cfg->flags & ISAKMP_CFG_GOT_WINS4) { 19790a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* 19800a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * First Internal IPv4 WINS 19810a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * (for compatibilty with older code 19820a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang */ 19830a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang inet_ntop(AF_INET, &iph1->mode_cfg->wins4[0], 19840a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang addrstr, IP_MAX); 19850a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 19860a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* Internal IPv4 WINS - all */ 19870a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang isakmp_cfg_iplist_to_str(addrlist, iph1->mode_cfg->wins4_index, 19880a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang (void *)iph1->mode_cfg->wins4, 0); 19890a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } else { 19900a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang addrstr[0] = '\0'; 19910a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang addrlist[0] = '\0'; 19920a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 19930a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 19940a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (script_env_append(envp, envc, "INTERNAL_WINS4", addrstr) != 0) { 19950a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 19960a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "Cannot set INTERNAL_WINS4\n"); 19970a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return -1; 19980a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 19990a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (script_env_append(envp, envc, 20000a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "INTERNAL_WINS4_LIST", addrlist) != 0) { 20010a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 20020a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "Cannot set INTERNAL_WINS4_LIST\n"); 20030a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return -1; 20040a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 20050a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 20060a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* Deault domain */ 20070a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if(iph1->mode_cfg->flags & ISAKMP_CFG_GOT_DEFAULT_DOMAIN) 20080a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang strncpy(defdom, 20090a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang iph1->mode_cfg->default_domain, 20100a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang MAXPATHLEN + 1); 20110a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang else 20120a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang defdom[0] = '\0'; 20130a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 20140a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (script_env_append(envp, envc, "DEFAULT_DOMAIN", defdom) != 0) { 20150a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 20160a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "Cannot set DEFAULT_DOMAIN\n"); 20170a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return -1; 20180a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 20190a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 20200a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* Split networks */ 2021f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh if (iph1->mode_cfg->flags & ISAKMP_CFG_GOT_SPLIT_INCLUDE) { 2022f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh splitlist = 2023f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh splitnet_list_2str(iph1->mode_cfg->split_include, NETMASK); 2024f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh splitlist_cidr = 2025f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh splitnet_list_2str(iph1->mode_cfg->split_include, CIDR); 2026f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh } else { 20270a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang splitlist = addrlist; 2028f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh splitlist_cidr = addrlist; 20290a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang addrlist[0] = '\0'; 20300a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 20310a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 20320a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (script_env_append(envp, envc, "SPLIT_INCLUDE", splitlist) != 0) { 20330a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, "Cannot set SPLIT_INCLUDE\n"); 20340a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return -1; 20350a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 2036f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh if (script_env_append(envp, envc, 2037f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh "SPLIT_INCLUDE_CIDR", splitlist_cidr) != 0) { 2038f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh plog(LLV_ERROR, LOCATION, NULL, 2039f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh "Cannot set SPLIT_INCLUDE_CIDR\n"); 2040f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh return -1; 2041f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh } 20420a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (splitlist != addrlist) 20430a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang racoon_free(splitlist); 2044f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh if (splitlist_cidr != addrlist) 2045f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh racoon_free(splitlist_cidr); 2046f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh 2047f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh if (iph1->mode_cfg->flags & ISAKMP_CFG_GOT_SPLIT_LOCAL) { 2048f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh splitlist = 2049f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh splitnet_list_2str(iph1->mode_cfg->split_local, NETMASK); 2050f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh splitlist_cidr = 2051f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh splitnet_list_2str(iph1->mode_cfg->split_local, CIDR); 2052f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh } else { 20530a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang splitlist = addrlist; 2054f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh splitlist_cidr = addrlist; 20550a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang addrlist[0] = '\0'; 20560a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 20570a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 20580a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (script_env_append(envp, envc, "SPLIT_LOCAL", splitlist) != 0) { 20590a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, "Cannot set SPLIT_LOCAL\n"); 20600a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return -1; 20610a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 2062f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh if (script_env_append(envp, envc, 2063f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh "SPLIT_LOCAL_CIDR", splitlist_cidr) != 0) { 2064f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh plog(LLV_ERROR, LOCATION, NULL, 2065f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh "Cannot set SPLIT_LOCAL_CIDR\n"); 2066f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh return -1; 2067f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh } 20680a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (splitlist != addrlist) 20690a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang racoon_free(splitlist); 2070f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh if (splitlist_cidr != addrlist) 2071f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh racoon_free(splitlist_cidr); 20720a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 20730a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return 0; 20740a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang} 20750a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 20760a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangint 20770a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangisakmp_cfg_resize_pool(size) 20780a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int size; 20790a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 20800a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct isakmp_cfg_port *new_pool; 20810a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang size_t len; 20820a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int i; 20830a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 20840a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (size == isakmp_cfg_config.pool_size) 20850a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return 0; 20860a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 20870a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_INFO, LOCATION, NULL, 20880a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "Resize address pool from %zu to %d\n", 20890a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang isakmp_cfg_config.pool_size, size); 20900a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 20910a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* If a pool already exists, check if we can shrink it */ 20920a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if ((isakmp_cfg_config.port_pool != NULL) && 20930a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang (size < isakmp_cfg_config.pool_size)) { 20941c71527b277e2dc256262da2ed2169c566c5bf4dChia-chi Yeh for (i = isakmp_cfg_config.pool_size-1; i >= size; --i) { 20950a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (isakmp_cfg_config.port_pool[i].used) { 20960a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 20970a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "resize pool from %zu to %d impossible " 20980a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "port %d is in use\n", 20990a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang isakmp_cfg_config.pool_size, size, i); 21000a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang size = i; 21010a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 21020a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 21030a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 21040a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 21050a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 21060a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang len = size * sizeof(*isakmp_cfg_config.port_pool); 21070a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang new_pool = racoon_realloc(isakmp_cfg_config.port_pool, len); 21080a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (new_pool == NULL) { 21090a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 21100a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "resize pool from %zu to %d impossible: %s", 21110a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang isakmp_cfg_config.pool_size, size, strerror(errno)); 21120a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return -1; 21130a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 21140a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 21150a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* If size increase, intialize correctly the new records */ 21160a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (size > isakmp_cfg_config.pool_size) { 21170a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang size_t unit; 21180a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang size_t old_size; 21190a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 21200a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang unit = sizeof(*isakmp_cfg_config.port_pool); 21210a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang old_size = isakmp_cfg_config.pool_size; 21220a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 21230a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang bzero((char *)new_pool + (old_size * unit), 21240a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang (size - old_size) * unit); 21250a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 21260a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 21270a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang isakmp_cfg_config.port_pool = new_pool; 21280a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang isakmp_cfg_config.pool_size = size; 21290a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 21300a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return 0; 21310a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang} 21320a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 21330a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangint 21340a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangisakmp_cfg_init(cold) 21350a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int cold; 21360a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 21370a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int i; 21380a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int error; 21390a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 21400a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang isakmp_cfg_config.network4 = (in_addr_t)0x00000000; 21410a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang isakmp_cfg_config.netmask4 = (in_addr_t)0x00000000; 21420a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang for (i = 0; i < MAXNS; i++) 21430a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang isakmp_cfg_config.dns4[i] = (in_addr_t)0x00000000; 21440a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang isakmp_cfg_config.dns4_index = 0; 21450a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang for (i = 0; i < MAXWINS; i++) 21460a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang isakmp_cfg_config.nbns4[i] = (in_addr_t)0x00000000; 21470a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang isakmp_cfg_config.nbns4_index = 0; 21480a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (cold == ISAKMP_CFG_INIT_COLD) 21490a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang isakmp_cfg_config.port_pool = NULL; 21500a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang isakmp_cfg_config.authsource = ISAKMP_CFG_AUTH_SYSTEM; 21510a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang isakmp_cfg_config.groupsource = ISAKMP_CFG_GROUP_SYSTEM; 21520a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (cold == ISAKMP_CFG_INIT_COLD) { 21530a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (isakmp_cfg_config.grouplist != NULL) { 21540a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang for (i = 0; i < isakmp_cfg_config.groupcount; i++) 21550a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang racoon_free(isakmp_cfg_config.grouplist[i]); 21560a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang racoon_free(isakmp_cfg_config.grouplist); 21570a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 21580a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 21590a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang isakmp_cfg_config.grouplist = NULL; 21600a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang isakmp_cfg_config.groupcount = 0; 21610a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang isakmp_cfg_config.confsource = ISAKMP_CFG_CONF_LOCAL; 21620a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang isakmp_cfg_config.accounting = ISAKMP_CFG_ACCT_NONE; 21630a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (cold == ISAKMP_CFG_INIT_COLD) 21640a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang isakmp_cfg_config.pool_size = 0; 21650a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang isakmp_cfg_config.auth_throttle = THROTTLE_PENALTY; 21660a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang strlcpy(isakmp_cfg_config.default_domain, ISAKMP_CFG_DEFAULT_DOMAIN, 21670a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang MAXPATHLEN); 21680a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang strlcpy(isakmp_cfg_config.motd, ISAKMP_CFG_MOTD, MAXPATHLEN); 21690a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 21700a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (cold != ISAKMP_CFG_INIT_COLD ) 21710a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (isakmp_cfg_config.splitnet_list != NULL) 21720a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang splitnet_list_free(isakmp_cfg_config.splitnet_list, 21730a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang &isakmp_cfg_config.splitnet_count); 21740a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang isakmp_cfg_config.splitnet_list = NULL; 21750a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang isakmp_cfg_config.splitnet_count = 0; 21760a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang isakmp_cfg_config.splitnet_type = 0; 21770a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 21780a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang isakmp_cfg_config.pfs_group = 0; 21790a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang isakmp_cfg_config.save_passwd = 0; 21800a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 21810a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (cold != ISAKMP_CFG_INIT_COLD ) 21820a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (isakmp_cfg_config.splitdns_list != NULL) 21830a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang racoon_free(isakmp_cfg_config.splitdns_list); 21840a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang isakmp_cfg_config.splitdns_list = NULL; 21850a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang isakmp_cfg_config.splitdns_len = 0; 21860a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 21871c71527b277e2dc256262da2ed2169c566c5bf4dChia-chi Yeh#if 0 21880a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (cold == ISAKMP_CFG_INIT_COLD) { 21890a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if ((error = isakmp_cfg_resize_pool(ISAKMP_CFG_MAX_CNX)) != 0) 21900a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return error; 21910a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 21921c71527b277e2dc256262da2ed2169c566c5bf4dChia-chi Yeh#endif 21930a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 21940a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return 0; 21950a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang} 21960a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 2197