/* Release a reference to SA. */
void
sa_release(struct sa *sa)
{
struct cert_handler *handler;
struct proto *proto;
LOG_DBG((LOG_SA, 80, "sa_release: SA %p had %d references",
sa, sa->refcnt));
if (--sa->refcnt)
return;
LOG_DBG((LOG_SA, 60, "sa_release: freeing SA %p", sa));
while ((proto = TAILQ_FIRST(&sa->protos)) != 0)
proto_free(proto);
if (sa->data) {
if (sa->doi && sa->doi->free_sa_data)
sa->doi->free_sa_data(sa->data);
free(sa->data);
}
free(sa->id_i);
free(sa->id_r);
if (sa->recv_cert) {
handler = cert_get(sa->recv_certtype);
if (handler)
handler->cert_free(sa->recv_cert);
}
if (sa->sent_cert) {
handler = cert_get(sa->sent_certtype);
if (handler)
handler->cert_free(sa->sent_cert);
}
if (sa->recv_key)
key_free(sa->recv_keytype, ISAKMP_KEYTYPE_PUBLIC,
sa->recv_key);
free(sa->keynote_key); /* This is just a string */
if (sa->policy_id != -1)
kn_close(sa->policy_id);
free(sa->name);
free(sa->keystate);
if (sa->nat_t_keepalive)
timer_remove_event(sa->nat_t_keepalive);
if (sa->dpd_event)
timer_remove_event(sa->dpd_event);
if (sa->transport)
transport_release(sa->transport);
free(sa->tag);
free(sa);
}
int
make_decision(int sessionid)
{
#define NUM_RETURN_VALUES 2
char *returnvalues[NUM_RETURN_VALUES];
int i,j;
/* Set the return values for this application -- just "false" and "true" */
returnvalues[0] = "false";
returnvalues[1] = "true";
/* Just do the query. */
j = kn_do_query(sessionid, returnvalues, NUM_RETURN_VALUES);
if (j == -1)
{
switch (j)
{
case ERROR_MEMORY:
fprintf(stderr, "Out of memory while performing authorization "
"query.\n");
break;
case ERROR_NOTFOUND:
fprintf(stderr, "Session %d not found while performing "
"authorization query.\n", sessionid);
break;
default:
fprintf(stderr, "Unspecified error %d (shouldn't happen) "
"while performing authorization query.\n",
keynote_errno);
break;
}
}
else
{
fprintf(stdout, "Return value is [%s]\n", returnvalues[j]);
}
/* Destroy the session, freeing all allocated memory. */
kn_close(sessionid);
return(j);
}
/*
* Simple API for doing a single KeyNote query.
*/
int
kn_query(struct environment *env, char **retvalues, int numval,
char **trusted, int *trustedlen, int numtrusted,
char **untrusted, int *untrustedlen, int numuntrusted,
char **authorizers, int numauthorizers)
{
struct environment *en;
int sessid, i, serrno;
keynote_errno = 0;
if ((sessid = kn_init()) == -1)
return -1;
/* Action set */
for (en = env; en != (struct environment *) NULL; en = en->env_next)
if (kn_add_action(sessid, en->env_name, en->env_value,
en->env_flags) == -1)
{
serrno = keynote_errno;
kn_close(sessid);
keynote_errno = serrno;
return -1;
}
/* Locally trusted assertions */
for (i = 0; i < numtrusted; i++)
if ((kn_add_assertion(sessid, trusted[i], trustedlen[i],
ASSERT_FLAG_LOCAL) == -1) && (keynote_errno == ERROR_MEMORY))
{
serrno = keynote_errno;
kn_close(sessid);
keynote_errno = serrno;
return -1;
}
/* Untrusted assertions */
for (i = 0; i < numuntrusted; i++)
if ((kn_add_assertion(sessid, untrusted[i], untrustedlen[i], 0) == -1)
&& (keynote_errno == ERROR_MEMORY))
{
serrno = keynote_errno;
kn_close(sessid);
keynote_errno = serrno;
return -1;
}
/* Authorizers */
for (i = 0; i < numauthorizers; i++)
if (kn_add_authorizer(sessid, authorizers[i]) == -1)
{
serrno = keynote_errno;
kn_close(sessid);
keynote_errno = serrno;
return -1;
}
i = kn_do_query(sessid, retvalues, numval);
serrno = keynote_errno;
kn_close(sessid);
if (serrno)
keynote_errno = serrno;
return i;
}
