/* Release a reference to SA. */ void sa_release(struct sa *sa) { struct cert_handler *handler; struct proto *proto; LOG_DBG((LOG_SA, 80, "sa_release: SA %p had %d references", sa, sa->refcnt)); if (--sa->refcnt) return; LOG_DBG((LOG_SA, 60, "sa_release: freeing SA %p", sa)); while ((proto = TAILQ_FIRST(&sa->protos)) != 0) proto_free(proto); if (sa->data) { if (sa->doi && sa->doi->free_sa_data) sa->doi->free_sa_data(sa->data); free(sa->data); } free(sa->id_i); free(sa->id_r); if (sa->recv_cert) { handler = cert_get(sa->recv_certtype); if (handler) handler->cert_free(sa->recv_cert); } if (sa->sent_cert) { handler = cert_get(sa->sent_certtype); if (handler) handler->cert_free(sa->sent_cert); } if (sa->recv_key) key_free(sa->recv_keytype, ISAKMP_KEYTYPE_PUBLIC, sa->recv_key); free(sa->keynote_key); /* This is just a string */ if (sa->policy_id != -1) kn_close(sa->policy_id); free(sa->name); free(sa->keystate); if (sa->nat_t_keepalive) timer_remove_event(sa->nat_t_keepalive); if (sa->dpd_event) timer_remove_event(sa->dpd_event); if (sa->transport) transport_release(sa->transport); free(sa->tag); free(sa); }
int make_decision(int sessionid) { #define NUM_RETURN_VALUES 2 char *returnvalues[NUM_RETURN_VALUES]; int i,j; /* Set the return values for this application -- just "false" and "true" */ returnvalues[0] = "false"; returnvalues[1] = "true"; /* Just do the query. */ j = kn_do_query(sessionid, returnvalues, NUM_RETURN_VALUES); if (j == -1) { switch (j) { case ERROR_MEMORY: fprintf(stderr, "Out of memory while performing authorization " "query.\n"); break; case ERROR_NOTFOUND: fprintf(stderr, "Session %d not found while performing " "authorization query.\n", sessionid); break; default: fprintf(stderr, "Unspecified error %d (shouldn't happen) " "while performing authorization query.\n", keynote_errno); break; } } else { fprintf(stdout, "Return value is [%s]\n", returnvalues[j]); } /* Destroy the session, freeing all allocated memory. */ kn_close(sessionid); return(j); }
/* * Simple API for doing a single KeyNote query. */ int kn_query(struct environment *env, char **retvalues, int numval, char **trusted, int *trustedlen, int numtrusted, char **untrusted, int *untrustedlen, int numuntrusted, char **authorizers, int numauthorizers) { struct environment *en; int sessid, i, serrno; keynote_errno = 0; if ((sessid = kn_init()) == -1) return -1; /* Action set */ for (en = env; en != (struct environment *) NULL; en = en->env_next) if (kn_add_action(sessid, en->env_name, en->env_value, en->env_flags) == -1) { serrno = keynote_errno; kn_close(sessid); keynote_errno = serrno; return -1; } /* Locally trusted assertions */ for (i = 0; i < numtrusted; i++) if ((kn_add_assertion(sessid, trusted[i], trustedlen[i], ASSERT_FLAG_LOCAL) == -1) && (keynote_errno == ERROR_MEMORY)) { serrno = keynote_errno; kn_close(sessid); keynote_errno = serrno; return -1; } /* Untrusted assertions */ for (i = 0; i < numuntrusted; i++) if ((kn_add_assertion(sessid, untrusted[i], untrustedlen[i], 0) == -1) && (keynote_errno == ERROR_MEMORY)) { serrno = keynote_errno; kn_close(sessid); keynote_errno = serrno; return -1; } /* Authorizers */ for (i = 0; i < numauthorizers; i++) if (kn_add_authorizer(sessid, authorizers[i]) == -1) { serrno = keynote_errno; kn_close(sessid); keynote_errno = serrno; return -1; } i = kn_do_query(sessid, retvalues, numval); serrno = keynote_errno; kn_close(sessid); if (serrno) keynote_errno = serrno; return i; }