/*
* Parse OpenPGP public key packet defined in section 5.5.2 of RFC 2440
*/
static bool
parse_pgp_pubkey_packet(chunk_t *packet, pgpcert_t *cert)
{
u_char version = pgp_version(packet);
if (version < 3 || version > 4)
{
libreswan_log("PGP packet version V%d not supported", version);
return FALSE;
}
/* creation date - 4 bytes */
cert->created = (time_t)pgp_size(packet, 4);
DBG(DBG_PARSING,
char tbuf[TIMETOA_BUF];
DBG_log("L3 - created:");
DBG_log(" %s", timetoa(&cert->created, TRUE, tbuf, sizeof(tbuf)))
)
if (version == 3)
{
/* validity in days - 2 bytes */
cert->until = (time_t)pgp_size(packet, 2);
/* validity of 0 days means that the key never expires */
if (cert->until > 0)
cert->until = cert->created + 24*3600*cert->until;
DBG(DBG_PARSING,
char tbuf[TIMETOA_BUF];
DBG_log("L3 - until:");
DBG_log(" %s", timetoa(&cert->until, TRUE, tbuf, sizeof(tbuf))));
}
//Completely renumbers and rewrites the lease list from current membory.
void ReorderLeases()
{
int i;
AsyncSaveKey (TFTPD32_DHCP_KEY,
KEY_LEASE_NUMLEASES,
& nAllocatedIP,
sizeof(nAllocatedIP),
REG_DWORD,
szTftpd32IniFile);
for(i = 0; i < nAllocatedIP; ++i)
{
char key [_MAX_PATH];
char* macaddr = haddrtoa(tFirstIP[i]->sMacAddr, 6, ':');
char* addr = inet_ntoa(tFirstIP[i]->dwIP);
char* alloc = timetoa(tFirstIP[i]->tAllocated);
char* renew = timetoa(tFirstIP[i]->tRenewed);
tFirstIP[i]->dwAllocNum = i;
if (sSettings.bPersLeases)
{
sprintf(key, "%s%d%s", KEY_LEASE_PREFIX, i, KEY_LEASE_MAC);
SaveKey(TFTPD32_DHCP_KEY, key, macaddr, strlen(macaddr) + 1, REG_SZ, szTftpd32IniFile);
sprintf(key, "%s%d%s", KEY_LEASE_PREFIX, i, KEY_LEASE_IP);
SaveKey(TFTPD32_DHCP_KEY, key, addr, strlen(addr) + 1, REG_SZ, szTftpd32IniFile);
sprintf(key, "%s%d%s", KEY_LEASE_PREFIX, i, KEY_LEASE_ALLOC);
SaveKey(TFTPD32_DHCP_KEY, key, alloc, strlen(alloc) + 1, REG_SZ, szTftpd32IniFile);
sprintf(key, "%s%d%s", KEY_LEASE_PREFIX, i, KEY_LEASE_RENEW);
AsyncSaveKey(TFTPD32_DHCP_KEY, key, renew, strlen(renew) + 1, REG_SZ, szTftpd32IniFile);
}
}
}
bool KCalls::SetLine(int Line, const CALL *Info)
{
int i = 0;
changeItemPart(statetoa(Info->stat), Line, i++);
changeItemPart(directiontoa(Info->dialin), Line, i++);
changeItemPart(emptytoa(Info->num[_ME(Info)]), Line, i++);
changeItemPart(emptytoa(Info->alias[_ME(Info)]), Line, i++);
changeItemPart(emptytoa(Info->num[_OTHER(Info)]), Line, i++);
changeItemPart(emptytoa(Info->vorwahl[_OTHER(Info)]), Line, i++);
changeItemPart(emptytoa(Info->rufnummer[_OTHER(Info)]), Line, i++);
changeItemPart(emptytoa(Info->alias[_OTHER(Info)]), Line, i++);
changeItemPart(emptytoa(Info->area[_OTHER(Info)]), Line, i++);
changeItemPart(timetoa(Info->connect), Line, i++);
changeItemPart(durationtoa(Info->t_duration), Line, i++);
changeItemPart(MsgHdl::ltoa(Info->aoce), Line, i++);
changeItemPart(Info->money, Line, i++);
changeItemPart(Info->currency, Line, i++);
changeItemPart(Byte2Str((double) Info->ibytes, NO_DIR), Line, i++);
changeItemPart(Byte2Str((double) Info->obytes, NO_DIR), Line, i++);
changeItemPart(Byte2Str(Info->ibps, GET_BPS|NO_DIR), Line, i++);
changeItemPart(Byte2Str(Info->obps, GET_BPS|NO_DIR), Line, i++);
changeItemPart(Info->msg, Line, i++);
return TRUE;
}
/* Checks if the current certificate is revoked. It goes through the
* list of revoked certificates of the corresponding crl. If the
* certificate is found in the list, TRUE is returned
*/
bool x509_check_revocation(const x509crl_t *crl, chunk_t serial)
{
revokedCert_t *revokedCert = crl->revokedCertificates;
char tbuf[TIMETOA_BUF];
DBG(DBG_X509,
DBG_dump_chunk("serial number:", serial)
)
while(revokedCert != NULL)
{
/* compare serial numbers */
if (revokedCert->userCertificate.len == serial.len &&
memcmp(revokedCert->userCertificate.ptr, serial.ptr, serial.len) == 0)
{
openswan_log("certificate was revoked on %s",
timetoa(&revokedCert->revocationDate, TRUE, tbuf, sizeof(tbuf)));
return TRUE;
}
revokedCert = revokedCert->next;
}
DBG(DBG_X509,
DBG_log("certificate not revoked")
)
return FALSE;
}
//Zero tRenewed
void ZeroRenewTime(struct LL_IP* pCur)
{
char* t;
char key [_MAX_PATH];
sprintf(key, "%s%d%s", KEY_LEASE_PREFIX, pCur->dwAllocNum, KEY_LEASE_RENEW);
pCur->tRenewed = 0;
t = timetoa(pCur->tRenewed);
if (sSettings.bPersLeases)
AsyncSaveKey(TFTPD32_DHCP_KEY, key, t, strlen(t) + 1, REG_SZ, szTftpd32IniFile);
}
gchar *nf_get_store_dir(gchar *name)
{
time_buf_t tbuf;
gchar **dir;
gchar *str;
timetoa(tbuf, time(NULL));
dir = mbb_session_var_get_data(nf_store_var);
str = g_strdup_printf("%s%s.%s", *dir, name, tbuf);
return str;
}
/* x509.c SEAM */
static void
list_x509cert_chain(const char *caption, x509cert_t* cert, u_char auth_flags
, bool utc)
{
bool first = TRUE;
time_t tnow;
/* determine the current time */
time(&tnow);
while (cert != NULL)
{
if (auth_flags == AUTH_NONE || (auth_flags & cert->authority_flags))
{
unsigned keysize;
char keyid[KEYID_BUF];
char buf[ASN1_BUF_LEN];
char tbuf[TIMETOA_BUF];
cert_t c;
c.type = CERT_X509_SIGNATURE;
c.u.x509 = cert;
if (first)
{
DBG_log( " ");
DBG_log( "List of X.509 %s Certificates:", caption);
DBG_log( " ");
first = FALSE;
}
DBG_log( "NOW, count: %d", cert->count);
dntoa(buf, ASN1_BUF_LEN, cert->subject);
DBG_log( " subject: '%s'", buf);
dntoa(buf, ASN1_BUF_LEN, cert->issuer);
DBG_log( " issuer: '%s'", buf);
datatot(cert->serialNumber.ptr, cert->serialNumber.len, ':'
, buf, ASN1_BUF_LEN);
DBG_log( " serial: %s", buf);
form_keyid(cert->publicExponent, cert->modulus, keyid, &keysize);
DBG_log( " pubkey: %4d RSA Key %s"
, 8*keysize, keyid);
DBG_log( " validity: not before %s %s",
timetoa(&cert->notBefore, utc, tbuf, sizeof(tbuf)),
(cert->notBefore < tnow)?"ok":"fatal (not valid yet)");
DBG_log( " not after %s %s",
timetoa(&cert->notAfter, utc, tbuf, sizeof(tbuf)),
check_expiry(cert->notAfter, CA_CERT_WARNING_INTERVAL, TRUE));
if (cert->subjectKeyID.ptr != NULL)
{
datatot(cert->subjectKeyID.ptr, cert->subjectKeyID.len, ':'
, buf, ASN1_BUF_LEN);
DBG_log( " subjkey: %s", buf);
}
if (cert->authKeyID.ptr != NULL)
{
datatot(cert->authKeyID.ptr, cert->authKeyID.len, ':'
, buf, ASN1_BUF_LEN);
DBG_log( " authkey: %s", buf);
}
if (cert->authKeySerialNumber.ptr != NULL)
{
datatot(cert->authKeySerialNumber.ptr, cert->authKeySerialNumber.len
, ':', buf, ASN1_BUF_LEN);
DBG_log( " aserial: %s", buf);
}
}
cert = cert->next;
}
}
