void
initlcconf()
{
lcconf = racoon_calloc(1, sizeof(*lcconf));
if (lcconf == NULL)
errx(1, "failed to allocate local conf.");
setdefault();
lcconf->racoon_conf = LC_DEFAULT_CF;
}
void
initlcconf()
{
if (lcconf == NULL) {
lcconf = racoon_calloc(1, sizeof(*lcconf));
if (lcconf == NULL)
errx(1, "failed to allocate local conf.");
// Important: assure all pointers within lcconf to be NULL.
memset(lcconf, 0, sizeof(*lcconf));
}
setdefault();
lcconf->racoon_conf = LC_DEFAULT_CF;
}
vchar_t *
vmalloc(size_t size)
{
vchar_t *var;
if ((var = (vchar_t *)racoon_malloc(sizeof(*var))) == NULL)
return NULL;
var->l = size;
if (size == 0) {
var->v = NULL;
} else {
var->v = (caddr_t)racoon_calloc(1, size);
if (var->v == NULL) {
(void)racoon_free(var);
return NULL;
}
}
return var;
}
static int
gssapi_init(struct ph1handle *iph1)
{
struct gssapi_ph1_state *gps;
gss_buffer_desc id_token, cred_token;
gss_buffer_t cred = &cred_token;
gss_name_t princ, canon_princ;
OM_uint32 maj_stat, min_stat;
gps = racoon_calloc(1, sizeof (struct gssapi_ph1_state));
if (gps == NULL) {
plog(LLV_ERROR, LOCATION, NULL, "racoon_calloc failed\n");
return -1;
}
gps->gss_context = GSS_C_NO_CONTEXT;
gps->gss_cred = GSS_C_NO_CREDENTIAL;
gssapi_set_state(iph1, gps);
if (iph1->rmconf->proposal->gssid != NULL) {
id_token.length = iph1->rmconf->proposal->gssid->l;
id_token.value = iph1->rmconf->proposal->gssid->v;
maj_stat = gss_import_name(&min_stat, &id_token, GSS_C_NO_OID,
&princ);
if (GSS_ERROR(maj_stat)) {
gssapi_error(min_stat, LOCATION, "import name\n");
gssapi_free_state(iph1);
return -1;
}
} else
gssapi_get_default_name(iph1, 0, &princ);
maj_stat = gss_canonicalize_name(&min_stat, princ, GSS_C_NO_OID,
&canon_princ);
if (GSS_ERROR(maj_stat)) {
gssapi_error(min_stat, LOCATION, "canonicalize name\n");
maj_stat = gss_release_name(&min_stat, &princ);
if (GSS_ERROR(maj_stat))
gssapi_error(min_stat, LOCATION, "release princ\n");
gssapi_free_state(iph1);
return -1;
}
maj_stat = gss_release_name(&min_stat, &princ);
if (GSS_ERROR(maj_stat))
gssapi_error(min_stat, LOCATION, "release princ\n");
maj_stat = gss_export_name(&min_stat, canon_princ, cred);
if (GSS_ERROR(maj_stat)) {
gssapi_error(min_stat, LOCATION, "export name\n");
maj_stat = gss_release_name(&min_stat, &canon_princ);
if (GSS_ERROR(maj_stat))
gssapi_error(min_stat, LOCATION,
"release canon_princ\n");
gssapi_free_state(iph1);
return -1;
}
#if 0
/*
* XXXJRT Did this debug message ever work? This is a GSS name
* blob at this point.
*/
plog(LLV_DEBUG, LOCATION, NULL, "will try to acquire '%.*s' creds\n",
cred->length, cred->value);
#endif
maj_stat = gss_release_buffer(&min_stat, cred);
if (GSS_ERROR(maj_stat))
gssapi_error(min_stat, LOCATION, "release cred buffer\n");
maj_stat = gss_acquire_cred(&min_stat, canon_princ, GSS_C_INDEFINITE,
GSS_C_NO_OID_SET, GSS_C_BOTH, &gps->gss_cred, NULL, NULL);
if (GSS_ERROR(maj_stat)) {
gssapi_error(min_stat, LOCATION, "acquire cred\n");
maj_stat = gss_release_name(&min_stat, &canon_princ);
if (GSS_ERROR(maj_stat))
gssapi_error(min_stat, LOCATION,
"release canon_princ\n");
gssapi_free_state(iph1);
return -1;
}
maj_stat = gss_release_name(&min_stat, &canon_princ);
if (GSS_ERROR(maj_stat))
gssapi_error(min_stat, LOCATION, "release canon_princ\n");
return 0;
}
/* get local address against the destination. */
struct sockaddr *
getlocaladdr(struct sockaddr *remote, struct sockaddr *hint, int lport)
{
struct sockaddr *local;
socklen_t local_len = sizeof(struct sockaddr_storage);
int s; /* for dummy connection */
extern struct rcf_interface *rcf_interface_head;
if (hint && hint->sa_family == remote->sa_family) {
local = rcs_sadup(hint);
goto got;
}
/* allocate buffer */
if ((local = racoon_calloc(1, local_len)) == NULL) {
plog(PLOG_INTERR, PLOGLOC, NULL,
"failed to get address buffer.\n");
goto err;
}
/* get real interface received packet */
if ((s = socket(remote->sa_family, SOCK_DGRAM, 0)) < 0) {
plog(PLOG_INTERR, PLOGLOC, NULL,
"socket (%s)\n", strerror(errno));
goto err;
}
if ((rcf_interface_head->application_bypass != RCT_BOOL_OFF) &&
(setsockopt_bypass(s, remote->sa_family) < 0)) {
close(s);
goto err;
}
if (connect(s, remote, SOCKADDR_LEN(remote)) < 0) {
plog(PLOG_INTERR, PLOGLOC, NULL,
"connect (%s)\n", strerror(errno));
close(s);
goto err;
}
if (getsockname(s, local, &local_len) < 0) {
plog(PLOG_INTERR, PLOGLOC, NULL,
"getsockname (%s)\n", strerror(errno));
close(s);
goto err;
}
close(s);
got:
/* specify local port */
local->sa_family = remote->sa_family;
switch (remote->sa_family) {
case AF_INET:
((struct sockaddr_in *)local)->sin_port = htons(lport);
break;
#ifdef INET6
case AF_INET6:
((struct sockaddr_in6 *)local)->sin6_port = htons(lport);
break;
#endif
default:
plog(PLOG_INTERR, PLOGLOC, NULL,
"getlocaladdr: unexpected address family (%d)\n",
remote->sa_family);
goto err;
}
return local;
err:
if (local != NULL)
racoon_free(local);
return NULL;
}