Beispiel #1
0
int test_1 (char *address, char *port, int ok)
{
  struct sockaddr *sa;
#ifdef DEBUG
  struct sockaddr_in *sai;
  struct sockaddr_in6 *sai6;
  int i;
#endif
  int rv;

  printf ("test_1 (\"%s\", \"%s\") ", address, port);
  rv = text2sockaddr (address, port, &sa) == ok;
  printf (rv ? "OK" : "FAIL");
  printf ("\n");

#ifdef DEBUG
  printf ("af %d len %d ", sa->sa_family, sa->sa_len);
  if (sa->sa_family == AF_INET)
    {
      sai = (struct sockaddr_in *)sa;
      printf ("addr %08x port %d\n", ntohl (sai->sin_addr.s_addr),
	      ntohs (sai->sin_port));
    }
  else
    {
      sai6 = (struct sockaddr_in6 *)sa;
      printf ("addr ");
      for (i = 0; i < sizeof sai6->sin6_addr; i++)
	printf ("%02x", sai6->sin6_addr.s6_addr[i]);
      printf (" port %d\n", ntohs (sai6->sin6_port));
    }
#endif
  return rv;
}
Beispiel #2
0
/* Receive ID.  */
int
ike_phase_1_recv_ID (struct message *msg)
{
    struct exchange *exchange = msg->exchange;
    struct payload *payload;
    char header[80], *rs = 0, *rid = 0, *p;
    int initiator = exchange->initiator;
    u_int8_t **id, id_type;
    size_t *id_len, sz;
    struct sockaddr *sa;

    payload = TAILQ_FIRST (&msg->payload[ISAKMP_PAYLOAD_ID]);

    if (exchange->name)
        rs = conf_get_str (exchange->name, "Remote-ID");

    if (rs)
    {
        sz = ipsec_id_size (rs, &id_type);
        if (sz == -1)
        {
            log_print ("ike_phase_1_recv_ID: could not handle specified "
                       "Remote-ID [%s]", rs);
            return -1;
        }

        rid = malloc (sz);
        if (!rid)
        {
            log_error ("ike_phase_1_recv_ID: malloc (%lu) failed",
                       (unsigned long)sz);
            return -1;
        }

        switch (id_type)
        {
        case IPSEC_ID_IPV4_ADDR:
        case IPSEC_ID_IPV6_ADDR:
            p = conf_get_str (rs, "Address");
            if (!p)
            {
                log_print ("ike_phase_1_recv_ID: "
                           "failed to get Address in Remote-ID section [%s]",
                           rs);
                free (rid);
                return -1;
            }

            if (text2sockaddr (p, 0, &sa) == -1)
            {
                log_print ("ike_phase_1_recv_ID: failed to parse address %s", p);
                free (rid);
                return -1;
            }

            if ((id_type == IPSEC_ID_IPV4_ADDR && sa->sa_family != AF_INET)
                    || (id_type == IPSEC_ID_IPV6_ADDR && sa->sa_family != AF_INET6))
            {
                log_print ("ike_phase_1_recv_ID: "
                           "address %s not of expected family", p);
                free (rid);
                free (sa);
                return -1;
            }

            memcpy (rid, sockaddr_addrdata (sa), sockaddr_addrlen (sa));
            free (sa);
            break;

        case IPSEC_ID_FQDN:
        case IPSEC_ID_USER_FQDN:
        case IPSEC_ID_KEY_ID:
            p = conf_get_str (rs, "Name");
            if (!p)
            {
                log_print ("ike_phase_1_recv_ID: "
                           "failed to get Name in Remote-ID section [%s]", rs);
                free (rid);
                return -1;
            }

            memcpy (rid, p, sz);
            break;

        default:
            log_print ("ike_phase_1_recv_ID: unsupported ID type %d", id_type);
            free (rid);
            return -1;
        }

        /* Compare expected/desired and received remote ID */
        if (bcmp (rid, payload->p + ISAKMP_ID_DATA_OFF, sz))
        {
            free (rid);
            log_print ("ike_phase_1_recv_ID: "
                       "received remote ID other than expected %s", p);
            return -1;
        }

        free (rid);
    }

    /* Choose the right fields to fill in */
    id = initiator ? &exchange->id_r : &exchange->id_i;
    id_len = initiator ? &exchange->id_r_len : &exchange->id_i_len;

    *id_len = GET_ISAKMP_GEN_LENGTH (payload->p) - ISAKMP_GEN_SZ;
    *id = malloc (*id_len);
    if (!*id)
    {
        log_error ("ike_phase_1_recv_ID: malloc (%lu) failed",
                   (unsigned long)*id_len);
        return -1;
    }
    memcpy (*id, payload->p + ISAKMP_GEN_SZ, *id_len);
    snprintf (header, sizeof header, "ike_phase_1_recv_ID: %s",
              constant_name (ipsec_id_cst, GET_ISAKMP_ID_TYPE (payload->p)));
    LOG_DBG_BUF ((LOG_NEGOTIATION, 40, header, payload->p + ISAKMP_ID_DATA_OFF,
                  *id_len + ISAKMP_GEN_SZ - ISAKMP_ID_DATA_OFF));
    payload->flags |= PL_MARK;

    return 0;
}
int
ike_phase_1_send_ID(struct message *msg)
{
	struct exchange *exchange = msg->exchange;
	u_int8_t       *buf;
	char            header[80];
	ssize_t         sz;
	struct sockaddr *src;
	int             initiator = exchange->initiator;
	u_int8_t      **id;
	size_t         *id_len;
	char           *my_id = 0, *data;
	u_int8_t        id_type;
	sa_family_t	af = 0;

	/* Choose the right fields to fill-in.  */
	id = initiator ? &exchange->id_i : &exchange->id_r;
	id_len = initiator ? &exchange->id_i_len : &exchange->id_r_len;

	if (exchange->name)
		my_id = conf_get_str(exchange->name, "ID");

	if (!my_id)
		my_id = conf_get_str("General", "Default-phase-1-ID");

	msg->transport->vtbl->get_src(msg->transport, &src);
	sz = my_id ? ipsec_id_size(my_id, &id_type) : sockaddr_addrlen(src);
	if (sz == -1)
		return -1;

	sz += ISAKMP_ID_DATA_OFF;
	buf = malloc(sz);
	if (!buf) {
		log_error("ike_phase_1_send_ID: malloc (%lu) failed",
			  (unsigned long)sz);
		return -1;
	}
	SET_IPSEC_ID_PROTO(buf + ISAKMP_ID_DOI_DATA_OFF, 0);
	SET_IPSEC_ID_PORT(buf + ISAKMP_ID_DOI_DATA_OFF, 0);
	if (my_id) {
		SET_ISAKMP_ID_TYPE(buf, id_type);
		switch (id_type) {
		case IPSEC_ID_IPV4_ADDR:
		case IPSEC_ID_IPV4_ADDR_SUBNET:
			af = AF_INET;
			break;
		case IPSEC_ID_IPV6_ADDR:
		case IPSEC_ID_IPV6_ADDR_SUBNET:
			af = AF_INET6;
			break;
		}
		switch (id_type) {
		case IPSEC_ID_IPV4_ADDR:
		case IPSEC_ID_IPV6_ADDR:
			data = conf_get_str(my_id, "Address");
			if (!data) {
				log_print("ike_phase_1_send_ID: section %s "
				    "has no \"Address\" tag", my_id);
				free(buf);
				return -1;
			}
			if (text2sockaddr(data, NULL, &src, af, 0)) {
				log_error("ike_phase_1_send_ID: "
				    "text2sockaddr() failed");
				free(buf);
				return -1;
			}
			memcpy(buf + ISAKMP_ID_DATA_OFF,
			    sockaddr_addrdata(src), sockaddr_addrlen(src));
			free(src);
			break;

		case IPSEC_ID_IPV4_ADDR_SUBNET:
		case IPSEC_ID_IPV6_ADDR_SUBNET:
			/* Network */
			data = conf_get_str(my_id, "Network");
			if (!data) {
				log_print("ike_phase_1_send_ID: section %s "
				    "has no \"Network\" tag", my_id);
				free(buf);
				return -1;
			}
			if (text2sockaddr(data, NULL, &src, af, 0)) {
				log_error("ike_phase_1_send_ID: "
				    "text2sockaddr() failed");
				free(buf);
				return -1;
			}
			memcpy(buf + ISAKMP_ID_DATA_OFF,
			    sockaddr_addrdata(src), sockaddr_addrlen(src));
			free(src);
			/* Netmask */
			data = conf_get_str(my_id, "Netmask");
			if (!data) {
				log_print("ike_phase_1_send_ID: section %s "
				    "has no \"Netmask\" tag", my_id);
				free(buf);
				return -1;
			}
			if (text2sockaddr(data, NULL, &src, af, 1)) {
				log_error("ike_phase_1_send_ID: "
				    "text2sockaddr() failed");
				free(buf);
				return -1;
			}
			memcpy(buf + ISAKMP_ID_DATA_OFF +
			    sockaddr_addrlen(src), sockaddr_addrdata(src),
			    sockaddr_addrlen(src));
			free(src);
			break;

		case IPSEC_ID_FQDN:
		case IPSEC_ID_USER_FQDN:
		case IPSEC_ID_KEY_ID:
			data = conf_get_str(my_id, "Name");
			if (!data) {
				log_print("ike_phase_1_send_ID: section %s "
				    "has no \"Name\" tag", my_id);
				free(buf);
				return -1;
			}
			memcpy(buf + ISAKMP_ID_DATA_OFF, data,
			    sz - ISAKMP_ID_DATA_OFF);
			break;

		default:
			log_print("ike_phase_1_send_ID: "
			    "unsupported ID type %d", id_type);
			free(buf);
			return -1;
		}
	} else {
		switch (src->sa_family) {
		case AF_INET:
			SET_ISAKMP_ID_TYPE(buf, IPSEC_ID_IPV4_ADDR);
			break;
		case AF_INET6:
			SET_ISAKMP_ID_TYPE(buf, IPSEC_ID_IPV6_ADDR);
			break;
		}
		/* Already in network byteorder.  */
		memcpy(buf + ISAKMP_ID_DATA_OFF, sockaddr_addrdata(src),
		    sockaddr_addrlen(src));
	}

	if (message_add_payload(msg, ISAKMP_PAYLOAD_ID, buf, sz, 1)) {
		free(buf);
		return -1;
	}
	*id_len = sz - ISAKMP_GEN_SZ;
	*id = malloc(*id_len);
	if (!*id) {
		log_error("ike_phase_1_send_ID: malloc (%lu) failed",
		    (unsigned long)*id_len);
		return -1;
	}
	memcpy(*id, buf + ISAKMP_GEN_SZ, *id_len);
	snprintf(header, sizeof header, "ike_phase_1_send_ID: %s",
	    constant_name(ipsec_id_cst, GET_ISAKMP_ID_TYPE(buf)));
	LOG_DBG_BUF((LOG_NEGOTIATION, 40, header, buf + ISAKMP_ID_DATA_OFF,
	    sz - ISAKMP_ID_DATA_OFF));
	return 0;
}