main(int argc, char *argv[]) { int len; char *infile; EF_PROTECT_FREE=1; EF_FREE_WIPES =1; progname = argv[0]; leak_detective = 1; if(argc > 2 ) { fprintf(stderr, "Usage: %s <whackrecord>\n", progname); exit(10); } /* argv[1] == "-r" */ tool_init_log(); infile = argv[1]; readwhackmsg(infile); report_leaks(); tool_close_log(); exit(0); }
main(int argc, char *argv[]){ int i; struct db_sa *sa1 = NULL; progname = argv[0]; leak_detective = 1; tool_init_log(); for (i = 0; i < elemsof(oakley_sadb); i++) { /* make sure that leak reports and EFence reports get * placed in the right order. */ fflush(stdout); fflush(stderr); printf("\nmain mode oakley: %u\n", i); sa_print(&oakley_sadb[i]); sa1 = sa_copy_sa_first(&oakley_sadb[i]); sa_print(sa1); free_sa(sa1); fflush(stdout); report_leaks(); } tool_close_log(); exit(0); }
main(int argc, char *argv[]){ int i; struct db_sa *gsp = NULL; struct db_sa *sa1 = NULL; struct db_sa *sa2 = NULL; struct alg_info_ike *aii; char err_buf[256]; /* ??? big enough? */ EF_PROTECT_FREE = 1; EF_FREE_WIPES = 1; progname = argv[0]; leak_detective = 1; tool_init_log(); init_crypto(); aii = alg_info_ike_create_from_str("3des", err_buf, sizeof(err_buf)); gsp = oakley_alg_makedb(aii, &oakley_sadb[POLICY_RSASIG >> POLICY_ISAKMP_SHIFT], FALSE); sa_print(gsp); sa_v2_convert(&gsp); sa_v2_print(gsp); tool_close_log(); free_sa(&gsp); exit(0); }
main(int argc, char *argv[]) { int i; struct db_sa *gsp = NULL; struct db_sa *sa1 = NULL; struct db_sa *sa2 = NULL; struct alg_info_ike *aii; err_t ugh; progname = argv[0]; leak_detective=1; tool_init_log(); init_crypto(); aii = alg_info_ike_create_from_str("3des", &ugh); gsp = oakley_alg_makedb(aii , &oakley_sadb[POLICY_RSASIG >> POLICY_ISAKMP_SHIFT] , -1); sa_print(gsp); tool_close_log(); exit(0); }
main(int argc, char *argv[]) { progname = argv[0]; tool_init_log(); /* our enum names */ do_test(&connection_kind_names, 256); do_test(&certpolicy_type_names, 256); /* IETF registry based enum names */ do_test(&version_names, 256); do_test(&doi_names, 256); do_test(&ikev1_payload_names, 256); do_test(&ikev2_payload_names, 256); do_test(&payload_names_ikev1orv2, 256); do_test(&ikev1_exchange_names, 256); do_test(&ikev2_exchange_names, 256); do_test(&exchange_names_ikev1orv2, 256); do_test(&protocol_names, 256); /* why not ikev1_protocol_names ? */ do_test(&ikev2_protocol_names, 256); do_test(&isakmp_transformid_names, 256); do_test(&ah_transformid_names, 256); do_test(&esp_transformid_names, 256); do_test(&ipcomp_transformid_names, 256); do_test(&oakley_attr_names, 256); do_test(&ipsec_attr_names, 256); do_test(&sa_lifetime_names, 256); do_test(&oakley_lifetime_names, 256); do_test(&oakley_auth_names, 256); do_test(&oakley_enc_names, 256); do_test(&oakley_hash_names, 256); do_test(&oakley_group_names, 256); do_test(&ikev1_notify_names, 16384); do_test(&ikev2_notify_names, 16384); do_test(&ikev2_ts_type_names, 256); do_test(&enc_mode_names, 256); do_test(&auth_alg_names, 256); do_test(&xauth_type_names, 256); do_test(&xauth_attr_names, 256); do_test(&attr_msg_type_names, 256); do_test(&ikev2_sec_proto_id_names, 256); do_test(&ikev2_auth_names, 256); do_test(&ikev2_trans_type_encr_names, 256); do_test(&ikev2_trans_type_prf_names, 256); do_test(&ikev2_trans_type_integ_names, 256); do_test(&ikev2_trans_type_esn_names, 256); do_test(&ikev2_trans_type_names, 256); do_test(&ike_cert_type_names, 256); do_test(&ikev2_cert_type_names, 256); do_test(&modecfg_attr_names, 256); do_test(&ike_idtype_names, 256); do_test(&ikev2_idtype_names, 256); report_leaks(); tool_close_log(); exit(0); }
int main(int argc, char *argv[]) { bool recalculate = FALSE; int len; err_t err = NULL; char *infile; char *conn_name; int lineno=0; struct connection *c1 = NULL; #ifdef HAVE_EFENCE EF_PROTECT_FREE=1; #endif progname = argv[0]; leak_detective = 1; if(argc != 3 && argc!=4) { fprintf(stderr, "Usage: %s [-r] <whackrecord> <conn-name>\n", progname); exit(10); } /* skip argv0 */ argc--; argv++; if(strcmp(argv[0], "-r")==0) { recalculate = 1; /* do all crypto */ argc--; argv++; } tool_init_log(); load_oswcrypto(); init_fake_vendorid(); init_fake_secrets(); init_local_interface(); infile = argv[0]; conn_name = argv[1]; cur_debugging = DBG_CONTROL|DBG_CONTROLMORE; if(readwhackmsg(infile) == 0) exit(11); send_packet_setup_pcap("OUTPUT/" TESTNAME ".pcap"); c1 = con_by_name(conn_name, TRUE); assert(c1 != NULL); //list_public_keys(FALSE, FALSE); assert(orient(c1, 500)); show_one_connection(c1, whack_log); kick_adns_connection_lookup(c1, &c1->spd.that, TRUE); report_leaks(); tool_close_log(); exit(0); }
main(int argc, char *argv[]) { int len; err_t err = NULL; char *infile; char *conn_name; int lineno=0; struct starter_config *cfg = NULL; struct starter_conn *conn = NULL; //EF_PROTECT_FREE=1; progname = argv[0]; leak_detective = 1; if(argc < 4) { fprintf(stderr, "Usage: %s <cfgrootdir> <cfgfile> <conn-name>.. \n", progname); exit(10); } /* argv[1] == "-r" */ tool_init_log(); //init_fake_vendorid(); rootdir[0]='\0'; strlcat(rootdir, argv[1], sizeof(rootdir)); starter_use_log(1, 1, 1); cfg = confread_load(argv[2], &err, FALSE, NULL,FALSE); argv+=3; argc-=3; /* load all conns marked as auto=add or better */ for(conn = cfg->conns.tqh_first; conn != NULL; conn = conn->link.tqe_next) { for(; argc>0; argc--, argv++) { conn_name = *argv; printf("processing conn: %s\n", conn_name); if(strcasecmp(conn->name, conn_name)==0) { struct whack_message msg1; if(starter_whack_build_basic_conn(cfg, &msg1, conn)==0) { add_connection(&msg1); } } } } confread_free(cfg); report_leaks(); tool_close_log(); exit(0); }
main(int argc, char *argv[]) { int len; char *infile; char *conn_name; int lineno=0; struct connection *c1; struct state *st; EF_PROTECT_FREE=1; EF_FREE_WIPES =1; progname = argv[0]; leak_detective = 1; if(argc != 3) { fprintf(stderr, "Usage: %s <whackrecord> <conn-name>\n", progname); exit(10); } /* argv[1] == "-r" */ tool_init_log(); init_fake_vendorid(); infile = argv[1]; conn_name = argv[2]; readwhackmsg(infile); send_packet_setup_pcap("parentI1.pcap"); c1 = con_by_name(conn_name, TRUE); show_one_connection(c1); st = sendI1(c1,DBG_EMITTING|DBG_CONTROL|DBG_CONTROLMORE); run_continuation(r); /* now invoke the timer event to cause a re-transmission */ handle_next_timer_event(); /* clean up so that we can see any leaks */ delete_state(st); report_leaks(); tool_close_log(); exit(0); }
int main(int argc, char *argv[]) { int opt = 0; struct starter_config *cfg = NULL; err_t err = NULL; char *confdir = NULL; char *configfile = NULL; struct starter_conn *conn = NULL; progname = argv[0]; tool_init_log(); starter_use_log(verbose, 1, verbose ? 0 : 1); cfg = (struct starter_config *)malloc(sizeof(struct starter_config)); if (!cfg) { fprintf(stderr, "can't allocate mem in %s\n", progname); exit(10); } memset(cfg, 0, sizeof(*cfg)); /** * Set default values */ ipsecconf_default_values(cfg); conn = alloc_add_conn(cfg, "mytestconn", &err); conn->connalias = xstrdup("anotheralias"); conn->options[KBF_DPDDELAY] = 60; conn->options_set[KBF_DPDDELAY] = 1; conn->policy = POLICY_ENCRYPT | POLICY_PFS | POLICY_COMPRESS; conn->left.rsakey1 = "0sabcdabcdabcd"; conn->left.rsakey2 = "0s23489234ba28934243"; conn->left.cert = "/my/cert/file"; ttoaddr("192.168.2.102", 0, AF_INET, &conn->left.sourceip); ttoaddr("192.168.1.101", 0, AF_INET, &conn->left.addr); conn->left.addr_family = AF_INET; conn->left.addrtype = KH_IPADDR; conn->right.addrtype = KH_DEFAULTROUTE; confwrite(cfg, stdout); exit(0); }
int main(int argc, char *argv[]) { int i; struct db_sa *sa1 = NULL; struct db_sa *sa2 = NULL; progname = argv[0]; leak_detective=1; tool_init_log(); for(i=0; i < elemsof(oakley_sadb); i++) { printf("\nmain mode oakley: %u\n", i); sa_print(&oakley_sadb[i]); sa1 = sa_copy_sa(&oakley_sadb[i], 0); if(sa2 != NULL) { free_sa(sa2); } sa2 = sa_copy_sa(sa1, 0); free_sa(sa1); printf("copy 2\n"); sa_print(sa2); } for(i=0; i < elemsof(oakley_am_sadb); i++) { printf("\naggr mode oakley: %u\n", i); sa_print(&oakley_am_sadb[i]); sa1 = sa_copy_sa(&oakley_am_sadb[i], 0); if(sa2 != NULL) { free_sa(sa2); } sa2 = sa_copy_sa(sa1, 0); free_sa(sa1); printf("copy 2\n"); sa_print(sa2); } if(sa2 != NULL) free_sa(sa2); report_leaks(); tool_close_log(); exit(0); }
main(int argc, char *argv[]) { int i; struct db_sa *gsp = NULL; struct db_sa *sa1 = NULL; struct db_sa *sa2 = NULL; struct alg_info_esp *aii; char err_buf[100]; EF_PROTECT_FREE = 1; EF_FREE_WIPES = 1; EF_PROTECT_BELOW = 1; progname = argv[0]; leak_detective = 1; tool_init_log(); init_crypto(); { int algo; for (algo = 1; algo <= K_SADB_EALG_MAX; algo++) esp_ealg[(algo)].sadb_alg_id = (algo); } { int algo; for (algo = 1; algo <= K_SADB_AALG_MAX; algo++) esp_aalg[(algo)].sadb_alg_id = (algo); } esp_ealg_num = 10; esp_aalg_num = 10; aii = alg_info_esp_create_from_str("aes128-sha1", &err_buf, sizeof(err_buf)); gsp = kernel_alg_makedb(POLICY_ENCRYPT | POLICY_AUTHENTICATE, aii, TRUE); sa_print(gsp); gsp = sa_v2_convert(gsp); sa_v2_print(gsp); tool_close_log(); free_sa(gsp); exit(0); }
int main(int argc, char *argv[]) { int len; char *infile; char *conn_name; int lineno=0; int regression = 0; struct connection *c1; struct state *st; #ifdef HAVE_EFENCE EF_PROTECT_FREE=1; #endif progname = argv[0]; leak_detective = 1; if(argc != 3 && argc!=4) { fprintf(stderr, "Usage: %s [-r] <whackrecord>\n", progname); exit(10); } /* skip argv0 */ argc--; argv++; if(strcmp(argv[0], "-r")==0) { regression = 1; argc--; argv++; } tool_init_log(); load_oswcrypto(); init_fake_vendorid(); init_fake_secrets(); init_local_interface(); infile = argv[0]; cur_debugging = DBG_CONTROL|DBG_CONTROLMORE; if(readwhackmsg(infile) == 0) exit(11); hostpair_list(); report_leaks(); tool_close_log(); exit(0); }
int main(int argc, char *argv[]) { int i; struct id one; progname = argv[0]; tool_init_log(); t1(); t2(); t3(); t4(); t5(); t6(); report_leaks(); tool_close_log(); exit(0); }
main(int argc, char *argv[]){ int i; struct db_sa *gsp = NULL; struct db_sa *sa1 = NULL; struct db_sa *sa2 = NULL; progname = argv[0]; leak_detective = 1; tool_init_log(); for (i = 0; i < elemsof(oakley_sadb); i++) { gsp = sa_copy_sa(&oakley_empty, 0); printf("\nmain mode oakley: %u\n", i); //sa_print(&oakley_sadb[i]); sa1 = sa_copy_sa(&oakley_sadb[i], 0); sa2 = sa_merge_proposals(gsp, sa1); printf("sa1:\n"); sa_print(sa1); printf("gsp:\n"); sa_print(gsp); printf("sa2:\n"); sa_print(sa2); free_sa(sa1); free_sa(sa2); free_sa(gsp); report_leaks(); } tool_close_log(); exit(0); }
int main(int argc, char *argv[]) { int opt = 0; int all = 0; int search = 0; int typeexport = 0; int checkconfig = 0; int listroute=0, liststart=0; struct starter_config *cfg = NULL; err_t err = NULL; char *confdir = NULL; char *configfile = NULL; char *varprefix = ""; int exit_status = 0; struct starter_conn *conn = NULL; char *defaultroute = NULL; char *defaultnexthop = NULL; char *ctlbase = NULL; bool resolvip = FALSE; #if 0 /* efence settings */ extern int EF_PROTECT_BELOW; extern int EF_PROTECT_FREE; EF_PROTECT_BELOW=1; EF_PROTECT_FREE=1; #endif progname = argv[0]; rootdir[0]='\0'; tool_init_log(); while((opt = getopt_long(argc, argv, "", longopts, 0)) != EOF) { switch(opt) { case 'h': /* usage: */ usage(); break; case 'a': all=1; break; case 'D': verbose++; break; case 'W': warningsarefatal++; break; case 'S': search++; break; case 'T': typeexport++; break; case 'K': checkconfig++; break; case 'C': configfile = clone_str(optarg, "config file name"); break; case 'c': ctlbase = clone_str(optarg, "control base"); break; case 'A': all=1; break; case 'r': listroute=1; break; case 's': liststart=1; break; case 'P': varprefix=optarg; break; case 'R': printf("setting rootdir=%s\n", optarg); strncat(rootdir, optarg, sizeof(rootdir)-1); break; case 'd': defaultroute=optarg; break; case 'n': defaultnexthop=optarg; break; default: usage(); } } /* if nothing to add, then complain */ if(optind == argc && !all && !listroute && !liststart && !search && !typeexport && !checkconfig) { usage(); } if(verbose > 3) { extern int yydebug; yydebug=1; } /* find config file */ confdir = getenv(IPSEC_CONFDIR_VAR); if(confdir == NULL) { confdir = IPSEC_CONFDIR; } if(!configfile) { configfile = alloc_bytes(strlen(confdir)+sizeof("/ipsec.conf")+2,"conf file"); /* calculate default value for configfile */ configfile[0]='\0'; strcpy(configfile, confdir); if(configfile[strlen(configfile)-1]!='/') { strcat(configfile, "/"); } strcat(configfile, "ipsec.conf"); } if(verbose) { printf("opening file: %s\n", configfile); } starter_use_log (verbose, 1, verbose ? 0 : 1); err = NULL; /* reset to no error */ resolvip=TRUE; /* default to looking up names */ if(typeexport || checkconfig || listroute || liststart || search) { /* but not if we have no use for them... might cause delays too! */ resolvip=FALSE; } cfg = confread_load(configfile, &err, resolvip, ctlbase,typeexport); if(cfg == NULL) { fprintf(stderr, "can not load config '%s': %s\n", configfile, err); exit(3); } else if(checkconfig) { confread_free(cfg); exit(0); } if(defaultroute) { err_t e; char b[ADDRTOT_BUF]; e = ttoaddr(defaultroute, strlen(defaultroute), AF_INET, &cfg->dr); if(e) { printf("ignoring invalid defaultroute: %s\n", e); defaultroute = NULL; /* exit(4); */ } else if(verbose) { addrtot(&cfg->dr, 0, b, sizeof(b)); printf("default route is: %s\n", b); } } if(defaultnexthop) { err_t e; char b[ADDRTOT_BUF]; e = ttoaddr(defaultnexthop, strlen(defaultnexthop), AF_INET, &cfg->dnh); if(e) { printf("ignoring invalid defaultnexthop: %s\n", e); defaultnexthop = NULL; /* exit(4); */ } else if(verbose) { addrtot(&cfg->dnh, 0, b, sizeof(b)); printf("default nexthop is: %s\n", b); } } if(all) { if(verbose) { printf("loading all conns:"); } /* load all conns marked as auto=add or better */ for(conn = cfg->conns.tqh_first; conn != NULL; conn = conn->link.tqe_next) { if (conn->desired_state == STARTUP_ADD || conn->desired_state == STARTUP_START || conn->desired_state == STARTUP_ROUTE) { if(verbose) printf(" %s", conn->name); starter_whack_add_conn(cfg, conn); } } if(verbose) printf("\n"); } else if(listroute) { if(verbose) { printf("listing all conns marked as auto=start\n"); } /* list all conns marked as auto=route or start or better */ for(conn = cfg->conns.tqh_first; conn != NULL; conn = conn->link.tqe_next) { if (conn->desired_state == STARTUP_START || conn->desired_state == STARTUP_ROUTE) { printf("%s ", conn->name); } } printf("\n"); } else if(liststart) { /* list all conns marked as auto=start */ for(conn = cfg->conns.tqh_first; conn != NULL; conn = conn->link.tqe_next) { if (conn->desired_state == STARTUP_START) { printf("%s ", conn->name); } } printf("\n"); } else if(search) { char *sep=""; if((argc-optind) < 2 ) { printf("%s_confreadstatus=failed\n", varprefix); confread_free(cfg); exit(3); } printf("%s_confreadstatus=\n", varprefix); printf("%s_confreadnames=\"",varprefix); /* find conn names that have value set */ for(conn = cfg->conns.tqh_first; conn != NULL; conn = conn->link.tqe_next) { /* we recognize a limited set of values */ if(strcasecmp(argv[optind],"auto")==0 && strcasecmp(argv[optind+1],"manual")==0) { if(conn->manualkey) { printf("%s%s", sep, conn->name); sep=" "; } } } printf("\"\n"); confread_free(cfg); exit(0); } else if(typeexport) { struct keyword_def *kd; printf("export %sconfreadstatus=''\n", varprefix); for(kd=ipsec_conf_keywords_v2; kd->keyname != NULL; kd++) { if((kd->validity & kv_config)==0) continue; switch(kd->type) { case kt_string: case kt_filename: case kt_dirname: case kt_loose_enum: if(cfg->setup.strings[kd->field]) { printf("export %s%s='%s'\n", varprefix, kd->keyname, cfg->setup.strings[kd->field]); } break; case kt_bool: printf("export %s%s='%s'\n", varprefix, kd->keyname, cfg->setup.options[kd->field] ? "yes" : "no"); break; case kt_list: printf("export %s%s='", varprefix, kd->keyname); confwrite_list(stdout, "", cfg->setup.options[kd->field], kd); printf("'\n"); break; case kt_obsolete: printf("# obsolete option '%s%s' ignored\n", varprefix, kd->keyname); break; default: if(cfg->setup.options[kd->field] || cfg->setup.options_set[kd->field]) { printf("export %s%s='%d'\n", varprefix, kd->keyname, cfg->setup.options[kd->field]); } break; } } confread_free(cfg); exit(0); } else { /* load named conns, regardless of their state */ int connum; if(verbose) { printf("loading named conns:"); } for(connum = optind; connum<argc; connum++) { char *connname = argv[connum]; if(verbose) { printf(" %s", connname); } for(conn = cfg->conns.tqh_first; conn != NULL; conn = conn->link.tqe_next) { /* yes, let's make it case-insensitive */ if(strcasecmp(conn->name, connname)==0) { if(conn->state == STATE_ADDED) { printf("\nconn %s already added\n", conn->name); } else if(conn->state == STATE_FAILED) { printf("\nconn %s did not load properly\n", conn->name); } else { exit_status = starter_whack_add_conn(cfg, conn); conn->state = STATE_ADDED; } break; } } if(conn == NULL) { /* only if we don't find it, do we now look for aliases */ for(conn = cfg->conns.tqh_first; conn != NULL; conn = conn->link.tqe_next) { if(conn->strings_set[KSF_CONNALIAS] && osw_alias_cmp(connname , conn->strings[KSF_CONNALIAS])) { if(conn->state == STATE_ADDED) { printf("\nalias: %s conn %s already added\n", connname, conn->name); } else if(conn->state == STATE_FAILED) { printf("\nalias: %s conn %s did not load properly\n", connname, conn->name); } else { exit_status = starter_whack_add_conn(cfg, conn); conn->state = STATE_ADDED; } break; } } } if(conn == NULL) { exit_status++; if(!verbose) { printf("conn '%s': not found (tried aliases)\n", connname); } else { printf("(notfound)"); } } } if(verbose) printf("\n"); } confread_free(cfg); exit(exit_status); }
int main(int argc, char *argv[]) { int opt = 0; struct starter_config *cfg = NULL; err_t err = NULL; char *confdir = NULL; char *configfile = NULL; struct starter_conn *conn = NULL; progname = argv[0]; rootdir[0] = '\0'; rootdir2[0] = '\0'; tool_init_log(); while ((opt = getopt_long(argc, argv, "", longopts, 0)) != EOF) { switch (opt) { case 'h': /* usage: */ usage(); break; case 'D': verbose++; lex_verbosity++; break; case 'C': configfile = clone_str(optarg, "config file name"); break; case 'R': printf("#setting rootdir=%s\n", optarg); jam_str(rootdir, sizeof(rootdir), optarg); break; case 'S': printf("#setting rootdir2=%s\n", optarg); jam_str(rootdir2, sizeof(rootdir2), optarg); break; case '?': exit(5); default: fprintf(stderr, "%s: getopt returned %d\n", progname, opt); exit(6); } } if (optind != argc) { fprintf(stderr,"%s: unexpected arguments\n", progname); exit(4); } /* find config file */ if (confdir == NULL) confdir = IPSEC_CONFDIR; if (configfile == NULL) { /* ??? see code clone in programs/addconn/addconn.c */ configfile = alloc_bytes(strlen(confdir) + sizeof("/ipsec.conf"), "conf file"); /* calculate default value for configfile */ strcpy(configfile, confdir); /* safe: see allocation above */ if (configfile[0] != '\0' && configfile[strlen(configfile) - 1] != '/') strcat(configfile, "/"); /* safe: see allocation above */ strcat(configfile, "ipsec.conf"); /* safe: see allocation above */ } if (verbose > 3) { yydebug = 1; } if (verbose) printf("opening file: %s\n", configfile); starter_use_log(verbose != 0, TRUE, verbose == 0); cfg = confread_load(configfile, &err, FALSE, NULL, FALSE); if (cfg == NULL) { fprintf(stderr, "%s: config file \"%s\" cannot be loaded: %s\n", progname, configfile, err); exit(3); } /* load all conns marked as auto=add or better */ for (conn = cfg->conns.tqh_first; conn != NULL; conn = conn->link.tqe_next) printf("#conn %s loaded\n", conn->name); confwrite(cfg, stdout); confread_free(cfg); exit(0); }
int main(int argc, char *argv[]) { int opt = 0; struct starter_config *cfg = NULL; err_t err = NULL; char *confdir = NULL; char *configfile = NULL; struct starter_conn *conn = NULL; progname = argv[0]; rootdir[0] = '\0'; tool_init_log(); while ((opt = getopt_long(argc, argv, "", longopts, 0)) != EOF) { switch (opt) { case 'h': //usage: usage(); break; case 'D': verbose++; break; case 'W': warningsarefatal++; break; case 'C': configfile = clone_str(optarg, "config file name"); break; case 'R': printf("#setting rootdir=%s\n", optarg); strncat(rootdir, optarg, sizeof(rootdir)); break; case 'S': printf("#setting rootdir2=%s\n", optarg); strncat(rootdir2, optarg, sizeof(rootdir2)); break; } } /* find config file */ if (confdir == NULL) confdir = IPSEC_CONFDIR; if (!configfile) { configfile = alloc_bytes(strlen( confdir) + sizeof("/ipsec.conf") + 2, "conf file"); /* calculate default value for configfile */ configfile[0] = '\0'; strcpy(configfile, confdir); if (configfile[strlen(configfile) - 1] != '/') strcat(configfile, "/"); strcat(configfile, "ipsec.conf"); } if (verbose) printf("opening file: %s\n", configfile); starter_use_log(verbose, 1, verbose ? 0 : 1); cfg = confread_load(configfile, &err, NULL); if (!cfg) { printf("config file: %s can not be loaded: %s\n", configfile, err); exit(3); } /* load all conns marked as auto=add or better */ for (conn = cfg->conns.tqh_first; conn != NULL; conn = conn->link.tqe_next) { /* basic case, nothing special to synthize! */ if (!conn->left.strings_set[KSCF_SUBNETS] && !conn->right.strings_set[KSCF_SUBNETS]) continue; starter_permutate_conns(starter_print_connname, cfg, conn); } exit(0); }
int main(int argc UNUSED, char *argv[]) { tool_init_log(argv[0]); /* * Need to ensure that NSS is initialized before calling * ike_alg_init(). Some sanity checks require a working NSS. */ lsw_nss_buf_t err; if (!lsw_nss_setup(NULL, 0, NULL, err)) { fprintf(stderr, "unexpected %s\n", err); exit(1); } ike_alg_init(); /* esp= */ fprintf(stdout, "\n---- ESP tests that should succeed ----\n"); do_test("aes_gcm_a-128-null", PROTO_IPSEC_ESP); do_test("3des-sha1;modp1024", PROTO_IPSEC_ESP); do_test("3des-sha1;modp1536", PROTO_IPSEC_ESP); do_test("3des-sha1;modp2048", PROTO_IPSEC_ESP); do_test("3des-sha1;dh22", PROTO_IPSEC_ESP); do_test("3des-sha1;dh23", PROTO_IPSEC_ESP); do_test("3des-sha1;dh24", PROTO_IPSEC_ESP); do_test("3des-sha1", PROTO_IPSEC_ESP); do_test("null-sha1", PROTO_IPSEC_ESP); do_test("aes", PROTO_IPSEC_ESP); do_test("aes_cbc", PROTO_IPSEC_ESP); do_test("aes-sha", PROTO_IPSEC_ESP); do_test("aes-sha1", PROTO_IPSEC_ESP); do_test("aes-sha2", PROTO_IPSEC_ESP); do_test("aes-sha256", PROTO_IPSEC_ESP); do_test("aes-sha384", PROTO_IPSEC_ESP); do_test("aes-sha512", PROTO_IPSEC_ESP); do_test("aes128-sha1", PROTO_IPSEC_ESP); do_test("aes128-aes_xcbc", PROTO_IPSEC_ESP); do_test("aes192-sha1", PROTO_IPSEC_ESP); do_test("aes256-sha1", PROTO_IPSEC_ESP); do_test("aes256-sha", PROTO_IPSEC_ESP); do_test("aes256-sha2", PROTO_IPSEC_ESP); do_test("aes256-sha2_256", PROTO_IPSEC_ESP); do_test("aes256-sha2_384", PROTO_IPSEC_ESP); do_test("aes256-sha2_512", PROTO_IPSEC_ESP); do_test("camellia", PROTO_IPSEC_ESP); do_test("camellia128", PROTO_IPSEC_ESP); do_test("camellia192", PROTO_IPSEC_ESP); do_test("camellia256", PROTO_IPSEC_ESP); do_test("aes_ccm_a-128-null", PROTO_IPSEC_ESP); do_test("aes_ccm_a-192-null", PROTO_IPSEC_ESP); do_test("aes_ccm_a-256-null", PROTO_IPSEC_ESP); do_test("aes_ccm_b-128-null", PROTO_IPSEC_ESP); do_test("aes_ccm_b-192-null", PROTO_IPSEC_ESP); do_test("aes_ccm_b-256-null", PROTO_IPSEC_ESP); do_test("aes_ccm_c-128-null", PROTO_IPSEC_ESP); do_test("aes_ccm_c-192-null", PROTO_IPSEC_ESP); do_test("aes_ccm_c-256-null", PROTO_IPSEC_ESP); do_test("aes_gcm_a-128-null", PROTO_IPSEC_ESP); do_test("aes_gcm_a-192-null", PROTO_IPSEC_ESP); do_test("aes_gcm_a-256-null", PROTO_IPSEC_ESP); do_test("aes_gcm_b-128-null", PROTO_IPSEC_ESP); do_test("aes_gcm_b-192-null", PROTO_IPSEC_ESP); do_test("aes_gcm_b-256-null", PROTO_IPSEC_ESP); do_test("aes_gcm_c-128-null", PROTO_IPSEC_ESP); do_test("aes_gcm_c-192-null", PROTO_IPSEC_ESP); do_test("aes_gcm_c-256-null", PROTO_IPSEC_ESP); do_test("aes_ccm-null", PROTO_IPSEC_ESP); do_test("aes_gcm-null", PROTO_IPSEC_ESP); do_test("aes_ccm-256-null", PROTO_IPSEC_ESP); do_test("aes_gcm-192-null", PROTO_IPSEC_ESP); #if 0 /* these are caught using "aliasing" and rewritten to the above syntax */ do_test("aes_ccm_8-128-null", PROTO_IPSEC_ESP); do_test("aes_ccm_8-192-null", PROTO_IPSEC_ESP); do_test("aes_ccm_8-256-null", PROTO_IPSEC_ESP); do_test("aes_ccm_12-128-null", PROTO_IPSEC_ESP); do_test("aes_ccm_12-192-null", PROTO_IPSEC_ESP); do_test("aes_ccm_12-256-null", PROTO_IPSEC_ESP); do_test("aes_ccm_16-128-null", PROTO_IPSEC_ESP); do_test("aes_ccm_16-192-null", PROTO_IPSEC_ESP); do_test("aes_ccm_16-256-null", PROTO_IPSEC_ESP); do_test("aes_gcm_8-128-null", PROTO_IPSEC_ESP); do_test("aes_gcm_8-192-null", PROTO_IPSEC_ESP); do_test("aes_gcm_8-256-null", PROTO_IPSEC_ESP); do_test("aes_gcm_12-128-null", PROTO_IPSEC_ESP); do_test("aes_gcm_12-192-null", PROTO_IPSEC_ESP); do_test("aes_gcm_12-256-null", PROTO_IPSEC_ESP); do_test("aes_gcm_16-128-null", PROTO_IPSEC_ESP); do_test("aes_gcm_16-192-null", PROTO_IPSEC_ESP); do_test("aes_gcm_16-256-null", PROTO_IPSEC_ESP); #endif /* other */ do_test("aes_ctr", PROTO_IPSEC_ESP); do_test("aesctr", PROTO_IPSEC_ESP); do_test("aes_ctr128", PROTO_IPSEC_ESP); do_test("aes_ctr192", PROTO_IPSEC_ESP); do_test("aes_ctr256", PROTO_IPSEC_ESP); do_test("serpent", PROTO_IPSEC_ESP); do_test("twofish", PROTO_IPSEC_ESP); do_test("mars", PROTO_IPSEC_ESP); /* * should this be supported - for now man page says not * do_test("modp1536", PROTO_IPSEC_ESP); */ fprintf(stdout, "\n---- ESP tests that should fail----\n"); do_test("3des168-sha1", PROTO_IPSEC_ESP); /* should get rejected */ do_test("3des-null", PROTO_IPSEC_ESP); /* should get rejected */ do_test("aes128-null", PROTO_IPSEC_ESP); /* should get rejected */ do_test("aes224-sha1", PROTO_IPSEC_ESP); /* should get rejected */ do_test("aes512-sha1", PROTO_IPSEC_ESP); /* should get rejected */ do_test("aes-sha1555", PROTO_IPSEC_ESP); /* should get rejected */ do_test("camellia666-sha1", PROTO_IPSEC_ESP); /* should get rejected */ do_test("blowfish", PROTO_IPSEC_ESP); /* obsoleted */ do_test("des-sha1", PROTO_IPSEC_ESP); /* obsoleted */ do_test("aes_ctr666", PROTO_IPSEC_ESP); /* bad key size */ do_test("aes128-sha2_128", PROTO_IPSEC_ESP); /* _128 does not exist */ do_test("aes256-sha2_256-4096", PROTO_IPSEC_ESP); /* double keysize */ do_test("aes256-sha2_256-128", PROTO_IPSEC_ESP); /* now what?? */ do_test("vanitycipher", PROTO_IPSEC_ESP); do_test("ase-sah", PROTO_IPSEC_ESP); /* should get rejected */ do_test("aes-sah1", PROTO_IPSEC_ESP); /* should get rejected */ do_test("id3", PROTO_IPSEC_ESP); /* should be rejected; idXXX removed */ do_test("aes-id3", PROTO_IPSEC_ESP); /* should be rejected; idXXX removed */ do_test("aes_gcm-md5", PROTO_IPSEC_ESP); /* AEAD must have auth null */ /* ah= */ fprintf(stdout, "\n---- AH tests that should succeed ----\n"); do_test("md5", PROTO_IPSEC_AH); do_test("sha", PROTO_IPSEC_AH); do_test("sha1", PROTO_IPSEC_AH); do_test("sha2", PROTO_IPSEC_AH); do_test("sha256", PROTO_IPSEC_AH); do_test("sha384", PROTO_IPSEC_AH); do_test("sha512", PROTO_IPSEC_AH); do_test("sha2_256", PROTO_IPSEC_AH); do_test("sha2_384", PROTO_IPSEC_AH); do_test("sha2_512", PROTO_IPSEC_AH); do_test("aes_xcbc", PROTO_IPSEC_AH); do_test("ripemd", PROTO_IPSEC_AH); fprintf(stdout, "\n---- AH tests that should fail ----\n"); do_test("aes-sha1", PROTO_IPSEC_AH); do_test("vanityhash1", PROTO_IPSEC_AH); do_test("aes_gcm_c-256", PROTO_IPSEC_AH); do_test("id3", PROTO_IPSEC_AH); /* should be rejected; idXXX removed */ do_test("3des", PROTO_IPSEC_AH); do_test("null", PROTO_IPSEC_AH); do_test("aes_gcm", PROTO_IPSEC_AH); do_test("aes_ccm", PROTO_IPSEC_AH); /* ike= */ fprintf(stdout, "\n---- IKE tests that should succeed ----\n"); do_test("3des-sha1", PROTO_ISAKMP); fprintf(stdout, "\n---- IKE tests that should fail ----\n"); do_test("id2", PROTO_ISAKMP); /* should be rejected; idXXX removed */ do_test("3des-id2", PROTO_ISAKMP); /* should be rejected; idXXX removed */ fflush(NULL); report_leaks(); lsw_nss_shutdown(); tool_close_log(); exit(0); }
main(int argc, char *argv[]) { int len; char *infile; char *conn_name; int lineno = 0; struct connection *c1; pcap_t *pt; char eb1[256]; EF_PROTECT_BELOW = 1; EF_PROTECT_FREE = 1; EF_FREE_WIPES = 1; progname = argv[0]; leak_detective = 1; init_crypto(); if (argc != 4) { fprintf(stderr, "Usage: %s <whackrecord> <conn-name> <pcapin>\n", progname); exit(10); } /* argv[1] == "-r" */ tool_init_log(); init_fake_vendorid(); infile = argv[1]; conn_name = argv[2]; readwhackmsg(infile); send_packet_setup_pcap("parentR1.pcap"); c1 = con_by_name(conn_name, TRUE); show_one_connection(c1); pt = pcap_open_offline(argv[3], eb1); if (!pt) { perror(argv[3]); exit(50); } cur_debugging = DBG_EMITTING | DBG_CONTROL | DBG_CONTROLMORE; pcap_dispatch(pt, 1, recv_pcap_packet, NULL); { struct state *st; /* find st involved */ st = state_with_serialno(1); delete_state(st); } report_leaks(); tool_close_log(); exit(0); }
main(int argc, char *argv[]){ int len; char *infile; char *conn_name; int lineno = 0; struct connection *c1; pcap_t *pt; char eb1[256]; struct state *st; EF_PROTECT_FREE = 1; EF_FREE_WIPES = 1; progname = argv[0]; printf("Started %s\n", progname); leak_detective = 1; pluto_shared_secrets_file = "../../../baseconfigs/west/etc/ipsec.secrets"; lsw_init_ipsecdir("../../../baseconfigs/west/etc/ipsec.d"); lsw_init_rootdir("../../../baseconfigs/west"); init_crypto(); init_seam_kernelalgs(); load_authcerts("CA cert", "../../../baseconfigs/west/etc/ipsec.d/cacerts", AUTH_CA); if (argc != 4) { fprintf(stderr, "Usage: %s <whackrecord> <conn-name> <pcapin>\n", progname); exit(10); } /* argv[1] == "-r" */ tool_init_log(); init_fake_vendorid(); infile = argv[1]; conn_name = argv[2]; load_preshared_secrets(NULL_FD); readwhackmsg(infile); send_packet_setup_pcap("parentI2x509.pcap"); pt = pcap_open_offline(argv[3], eb1); if (!pt) { perror(argv[3]); exit(50); } c1 = con_by_name(conn_name, TRUE); show_one_connection(c1); /* now, send the I1 packet, really just so that we are in the right * state to receive the R1 packet and process it. */ st = sendI1(c1, 0); cur_debugging = DBG_EMITTING | DBG_CONTROL | DBG_CONTROLMORE | DBG_PARSING | DBG_PRIVATE | DBG_CRYPT; pcap_dispatch(pt, 1, recv_pcap_packet1, NULL); { struct state *st; /* find st involved */ st = state_with_serialno(1); delete_state(st); /* find st involved */ st = state_with_serialno(2); if (st) delete_state(st); } report_leaks(); tool_close_log(); exit(0); }
int main(int argc, char *argv[]) { err_t err = NULL; struct addrinfo hints, *result1, *result2; unsigned char buffer1[1024]; unsigned int buffer1_len = sizeof(buffer1); unsigned int serial_size; int i,s; #ifdef HAVE_EFENCE EF_PROTECT_FREE=1; #endif initproctitle(argc, argv); progname = argv[0]; leak_detective = 1; tool_init_log(); cur_debugging |= DBG_DNS; zero(&hints); hints.ai_family = AF_UNSPEC; /* Allow IPv4 or IPv6 */ hints.ai_socktype = SOCK_DGRAM; /* Datagram socket */ hints.ai_flags = AI_PASSIVE; /* For wildcard IP address */ hints.ai_protocol = 0; /* Any protocol */ hints.ai_canonname = NULL; hints.ai_addr = NULL; hints.ai_next = NULL; if(argc==1) { printf("usage: %s [name]...\n", progname); exit(10); } for(i=1; i < argc; i++) { DBG_log("looking up: %s\n", argv[i]); s = getaddrinfo(argv[i], NULL, &hints, &result1); if(s!=0) { printf("lookup: %s a/aaaa lookup error: %s\n" , argv[i], gai_strerror(s)); continue; } /* sort things so they come out consistently */ result1 = sort_addr_info(result1); dump_addr_info(result1); /* now serialize it into the buffer */ serial_size = serialize_addr_info(result1, buffer1, buffer1_len); freeaddrinfo(result1); DBG_log("serialized size=%u\n", serial_size); result2 = deserialize_addr_info(buffer1, serial_size); dump_addr_info(result2); osw_freeaddrinfo(result2); } report_leaks(); tool_close_log(); exit(0); }
int main(int argc, char *argv[]) { struct ifreq ifr; struct ipsectunnelconf shc; int s; int c; int argcount = argc; int createdelete = 0; char virtname[64]; struct stat sts; memset(&ifr, 0, sizeof(ifr)); memset(&shc, 0, sizeof(shc)); virtname[0]='\0'; progname = argv[0]; tool_init_log(); while((c = getopt_long_only(argc, argv, ""/*"adchvV:P:l:+:"*/, longopts, 0)) != EOF) { switch(c) { case 'g': debug = 1; argcount--; break; case 'a': check_conflict(shc.cf_cmd, createdelete); shc.cf_cmd = IPSEC_SET_DEV; break; case 'd': check_conflict(shc.cf_cmd, createdelete); shc.cf_cmd = IPSEC_DEL_DEV; break; case 'c': check_conflict(shc.cf_cmd, createdelete); shc.cf_cmd = IPSEC_CLR_DEV; break; case 'h': usage(progname); break; case 'v': if(optarg) { fprintf(stderr, "%s: warning; '-v' and '--version' options don't expect arguments, arg '%s' found, perhaps unintended.\n", progname, optarg); } fprintf(stdout, "%s, use ipsec --version instead\n", progname); exit(1); break; case 'C': check_conflict(shc.cf_cmd, createdelete); createdelete = SADB_X_PLUMBIF; strncat(virtname, optarg, sizeof(virtname)-1); break; case 'D': check_conflict(shc.cf_cmd, createdelete); createdelete = SADB_X_UNPLUMBIF; strncat(virtname, optarg, sizeof(virtname)-1); break; case 'V': strncpy(ifr.ifr_name, optarg, sizeof(ifr.ifr_name)); break; case 'P': strncpy(shc.cf_name, optarg, sizeof(shc.cf_name)); break; case 'l': progname = malloc(strlen(argv[0]) + 10 /* update this when changing the sprintf() */ + strlen(optarg)); sprintf(progname, "%s --label %s", argv[0], optarg); argcount -= 2; break; case '+': /* optionsfrom */ optionsfrom(optarg, &argc, &argv, optind, stderr); /* no return on error */ break; default: usage(progname); break; } } if ( ((stat ("/proc/net/pfkey", &sts)) == 0) ) { fprintf(stderr, "%s: NETKEY does not support virtual interfaces.\n",progname); exit(1); } if(argcount == 1) { int ret = 1; if ((stat ("/proc/net/ipsec_tncfg", &sts)) != 0) { fprintf(stderr, "%s: No tncfg - no IPsec support in kernel (are the modules loaded?)\n", progname); } else { ret = system("cat /proc/net/ipsec_tncfg"); ret = ret != -1 && WIFEXITED(ret) ? WEXITSTATUS(ret) : 1; } exit(ret); } /* overlay our struct ipsectunnel onto ifr.ifr_ifru union (hope it fits!) */ if (sizeof(ifr.ifr_ifru) < sizeof(shc)) { fprintf(stderr, "%s: Internal error: struct ipsectunnelconf won't fit inside struct ifreq\n", progname); exit(1); } memcpy(&ifr.ifr_ifru.ifru_newname, &shc, sizeof(shc)); /* are we creating/deleting a virtual (mastXXX/ipsecXXX) interface? */ if(createdelete) { exit(createdelete_virtual(createdelete, virtname)); } switch(shc.cf_cmd) { case IPSEC_SET_DEV: if(!shc.cf_name[0]) { fprintf(stderr, "%s: physical I/F parameter missing.\n", progname); exit(1); } case IPSEC_DEL_DEV: if(!ifr.ifr_name[0]) { fprintf(stderr, "%s: virtual I/F parameter missing.\n", progname); exit(1); } break; case IPSEC_CLR_DEV: strncpy(ifr.ifr_name, "ipsec0", sizeof(ifr.ifr_name)); break; default: fprintf(stderr, "%s: exactly one of '--attach', '--detach' or '--clear' options must be specified.\n" "Try %s --help' for usage information.\n", progname, progname); exit(1); } s=safe_socket(AF_INET, SOCK_DGRAM,0); if(s==-1) { fprintf(stderr, "%s: Socket creation failed -- ", progname); switch(errno) { case EACCES: if(getuid()==0) fprintf(stderr, "Root denied permission!?!\n"); else fprintf(stderr, "Run as root user.\n"); break; case EPROTONOSUPPORT: fprintf(stderr, "Internet Protocol not enabled"); break; case EMFILE: case ENFILE: case ENOBUFS: fprintf(stderr, "Insufficient system resources.\n"); break; case ENODEV: fprintf(stderr, "No such device. Is the virtual device valid? Is the ipsec module linked into the kernel or loaded as a module?\n"); break; default: fprintf(stderr, "Unknown socket error %d.\n", errno); } exit(1); } if(ioctl(s, shc.cf_cmd, &ifr)==-1) { switch (shc.cf_cmd) { case IPSEC_SET_DEV: fprintf(stderr, "%s: Socket ioctl failed on attach -- ", progname); switch(errno) { case EINVAL: fprintf(stderr, "Invalid argument, check kernel log messages for specifics.\n"); break; case ENODEV: fprintf(stderr, "No such device. Is the virtual device valid? Is the ipsec module linked into the kernel or loaded as a module?\n"); break; case ENXIO: fprintf(stderr, "No such device. Is the physical device valid?\n"); break; case EBUSY: fprintf(stderr, "Device busy. Virtual device %s is already attached to a physical device -- Use detach first.\n", ifr.ifr_name); break; default: fprintf(stderr, "Unknown socket error %d.\n", errno); } exit(1); case IPSEC_DEL_DEV: fprintf(stderr, "%s: Socket ioctl failed on detach -- ", progname); switch(errno) { case EINVAL: fprintf(stderr, "Invalid argument, check kernel log messages for specifics.\n"); break; case ENODEV: fprintf(stderr, "No such device. Is the virtual device valid? The ipsec module may not be linked into the kernel or loaded as a module.\n"); break; case ENXIO: fprintf(stderr, "Device requested is not linked to any physical device.\n"); break; default: fprintf(stderr, "Unknown socket error %d.\n", errno); } exit(1); case IPSEC_CLR_DEV: fprintf(stderr, "%s: Socket ioctl failed on clear -- ", progname); switch(errno) { case EINVAL: fprintf(stderr, "Invalid argument, check kernel log messages for specifics.\n"); break; case ENODEV: fprintf(stderr, "Failed. Is the ipsec module linked into the kernel or loaded as a module?.\n"); break; default: fprintf(stderr, "Unknown socket error %d.\n", errno); } exit(1); default: fprintf(stderr, "%s: Socket ioctl failed on unknown operation %u -- %s", progname, (unsigned) shc.cf_cmd, strerror(errno)); exit(1); } } exit(0); }
int main(int argc, char *argv[]) { int opt = 0; int textout = 1; int whackout = 0; /* if true, write whack messages */ char *whackfile = NULL; struct starter_config *cfg = NULL; err_t err = NULL; char *confdir = NULL; char *configfile = NULL; struct starter_conn *conn = NULL; progname = argv[0]; rootdir[0]='\0'; tool_init_log(); while((opt = getopt_long(argc, argv, "", longopts, 0)) != EOF) { switch(opt) { case 'h': /* usage: */ usage(); break; case 'T': textout = 1; break; case 'w': whackfile = clone_str(optarg, "output file name"); whackout = 1; textout = 0; break; case 'D': verbose++; break; case 'W': warningsarefatal++; break; case 'C': configfile = clone_str(optarg, "config file name"); break; case 'R': if(verbose) printf("#setting rootdir=%s\n", optarg); strlcat(rootdir, optarg, sizeof(rootdir)); break; case 'S': if(verbose) printf("#setting rootdir2=%s\n", optarg); rootdir2[0]='\0'; strlcat(rootdir2, optarg, sizeof(rootdir2)); break; } } /* find config file */ confdir = getenv(IPSEC_CONFDIR_VAR); if(confdir == NULL) { confdir = IPSEC_CONFDIR; } if(!configfile) { configfile = alloc_bytes(strlen(confdir)+sizeof("/ipsec.conf")+2,"conf file"); /* calculate default value for configfile */ configfile[0]='\0'; strcpy(configfile, confdir); if(configfile[strlen(configfile)-1]!='/') { strcat(configfile, "/"); } strcat(configfile, "ipsec.conf"); } if(verbose > 3) { extern int yydebug; yydebug=1; } if(verbose) { printf("opening file: %s\n", configfile); } starter_use_log (verbose, 1, verbose ? 0 : 1); cfg = confread_load(configfile, &err, FALSE, NULL,FALSE); if(!cfg) { printf("config file: %s can not be loaded: %s\n", configfile, err); exit(3); } if(textout) { /* load all conns marked as auto=add or better */ for(conn = cfg->conns.tqh_first; conn != NULL; conn = conn->link.tqe_next) { printf("#conn %s loaded\n", conn->name); } confwrite(cfg, stdout); } if(whackout && whackfile!=NULL) { if(!openwhackrecordfile(whackfile)) { perror(whackfile); exit(5); } /* use file writer above */ cfg->send_whack_msg = send_whack_msg_to_file; /* load all conns marked as auto=add or better, and save them. */ argv+=optind; argc-=optind; for(; argc>0; argc--, argv++) { char *conn_name = *argv; for(conn = cfg->conns.tqh_first; conn != NULL; conn = conn->link.tqe_next) { if(verbose) { printf("processing conn: %s vs %s\n", conn_name, conn->name); } if(strcasecmp(conn->name, conn_name)==0) { if(starter_whack_add_conn(cfg, conn) != 0) { fprintf(stderr, "failed to load conn: %s\n", conn_name); } } } } } confread_free(cfg); exit(0); }
main(int argc, char *argv[]) { int len; char *infile; char *conn_name; int lineno=0; int regression = 0; struct connection *c1; struct state *st; #ifdef HAVE_EFENCE EF_PROTECT_FREE=1; #endif progname = argv[0]; leak_detective = 1; /* skip argv0 */ argc--; argv++; if(strcmp(argv[0], "-r")==0) { regression = 1; argc--; argv++; } if(argc != 4) { fprintf(stderr, "Usage: %s [-r] <whackrecord> <conn-name> <pcapfile> <pcapout>\n", progname); exit(10); } tool_init_log(); init_crypto(); load_oswcrypto(); init_fake_vendorid(); init_parker_interface(); infile = argv[0]; conn_name = argv[1]; cur_debugging = DBG_CONTROL|DBG_CONTROLMORE; if(readwhackmsg(infile) == 0) exit(10); /* input packets */ recv_pcap_setup(argv[2]); /* output first packets to /dev/null */ send_packet_setup_pcap("/dev/null"); c1 = con_by_name(conn_name, TRUE); assert(c1 != NULL); assert(orient(c1, 500)); show_one_connection(c1); st = sendI1(c1, DBG_CONTROL, regression == 0); /* now accept the reply packet */ cur_debugging = DBG_CONTROL|DBG_PARSING; /* now output interesting packet to capture file */ send_packet_setup_pcap(argv[3]); pcap_dispatch(pt, 1, recv_pcap_packet, NULL); pcap_close(pt); recv_pcap_setup(argv[2]); pcap_dispatch(pt, 1, recv_pcap_packet, NULL); /* dump the delete message that comes out */ send_packet_setup_pcap("/dev/null"); delete_connection(c1, TRUE); st = state_with_serialno(1); if(st!=NULL) { free_state(st); } report_leaks(); tool_close_log(); exit(0); }
int main(int argc, char *argv[]) { int opt = 0; int autoall = 0; int configsetup = 0; int checkconfig = 0; char *export = "export"; /* display export before the foo=bar or not */ int listroute = 0, liststart = 0, listignore = 0, listadd = 0, listall = 0, dolist = 0, liststack = 0; struct starter_config *cfg = NULL; err_t err = NULL; char *confdir = NULL; char *configfile = NULL; char *varprefix = ""; int exit_status = 0; struct starter_conn *conn = NULL; char *ctlbase = NULL; bool resolvip = TRUE; /* default to looking up names */ #if 0 /* efence settings */ extern int EF_PROTECT_BELOW; extern int EF_PROTECT_FREE; EF_PROTECT_BELOW = 1; EF_PROTECT_FREE = 1; #endif progname = argv[0]; rootdir[0] = '\0'; tool_init_log(); while ((opt = getopt_long(argc, argv, "", longopts, 0)) != EOF) { switch (opt) { case 'h': /* usage: */ usage(); break; case 'a': autoall = 1; break; case 'D': verbose++; lex_verbosity++; break; case 'T': configsetup++; break; case 'K': checkconfig++; break; case 'N': export = ""; break; case 'C': configfile = clone_str(optarg, "config file name"); break; case 'c': ctlbase = clone_str(optarg, "control base"); break; case 'L': listadd = 1; dolist = 1; break; case 'r': listroute = 1; dolist = 1; break; case 's': liststart = 1; dolist = 1; break; case 'S': liststack = 1; dolist = 1; break; case 'i': listignore = 1; dolist = 1; break; case 'A': listall = 1; dolist = 1; break; case 'P': varprefix = optarg; break; case 'R': printf("setting rootdir=%s\n", optarg); jam_str(rootdir, sizeof(rootdir), optarg); break; case 'd': case 'n': printf("Warning: options --defaultroute and --defaultroutenexthop are obsolete and were ignored\n"); break; default: usage(); } } /* if nothing to add, then complain */ if (optind == argc && !autoall && !dolist && !configsetup && !checkconfig) usage(); if (verbose > 3) { yydebug = 1; } /* find config file */ if (confdir == NULL) confdir = IPSEC_CONFDIR; if (configfile == NULL) { /* ??? see code clone in programs/readwriteconf/readwriteconf.c */ configfile = alloc_bytes(strlen(confdir) + sizeof("/ipsec.conf"), "conf file"); /* calculate default value for configfile */ strcpy(configfile, confdir); /* safe: see allocation above */ if (configfile[0] != '\0' && configfile[strlen(configfile) - 1] != '/') strcat(configfile, "/"); /* safe: see allocation above */ strcat(configfile, "ipsec.conf"); /* safe: see allocation above */ } if (verbose) printf("opening file: %s\n", configfile); starter_use_log(verbose != 0, TRUE, verbose == 0); err = NULL; /* reset to no error */ if (configsetup || checkconfig || dolist) { /* skip if we have no use for them... causes delays */ resolvip = FALSE; } cfg = confread_load(configfile, &err, resolvip, ctlbase, configsetup); if (cfg == NULL) { fprintf(stderr, "cannot load config '%s': %s\n", configfile, err); exit(3); } else if (checkconfig) { confread_free(cfg); exit(0); } if (autoall) { if (verbose) printf("loading all conns according to their auto= settings\n"); /* * Load all conns marked as auto=add or better. * First, do the auto=route and auto=add conns to quickly * get routes in place, then do auto=start as these can be * slower. * This mimics behaviour of the old _plutoload */ if (verbose) printf(" Pass #1: Loading auto=add, auto=route and auto=start connections\n"); for (conn = cfg->conns.tqh_first; conn != NULL; conn = conn->link.tqe_next) { if (conn->desired_state == STARTUP_ADD || conn->desired_state == STARTUP_ONDEMAND || conn->desired_state == STARTUP_START) { if (verbose) printf(" %s", conn->name); starter_whack_add_conn(cfg, conn); } } /* * We loaded all connections. Now tell pluto to listen, * then route the conns and resolve default route. */ starter_whack_listen(cfg); if (verbose) printf(" Pass #2: Routing auto=route and auto=start connections\n"); for (conn = cfg->conns.tqh_first; conn != NULL; conn = conn->link.tqe_next) { if (conn->desired_state == STARTUP_ADD || conn->desired_state == STARTUP_ONDEMAND || conn->desired_state == STARTUP_START) { if (verbose) printf(" %s", conn->name); resolve_defaultroute(conn); if (conn->desired_state == STARTUP_ONDEMAND || conn->desired_state == STARTUP_START) { starter_whack_route_conn(cfg, conn); } } } if (verbose) printf(" Pass #3: Initiating auto=start connections\n"); for (conn = cfg->conns.tqh_first; conn != NULL; conn = conn->link.tqe_next) { if (conn->desired_state == STARTUP_START) { if (verbose) printf(" %s", conn->name); starter_whack_initiate_conn(cfg, conn); } } if (verbose) printf("\n"); } else { /* load named conns, regardless of their state */ int connum; if (verbose) printf("loading named conns:"); for (connum = optind; connum < argc; connum++) { char *connname = argv[connum]; if (verbose) printf(" %s", connname); for (conn = cfg->conns.tqh_first; conn != NULL; conn = conn->link.tqe_next) { if (streq(conn->name, connname)) { if (conn->state == STATE_ADDED) { printf("\nconn %s already added\n", conn->name); } else if (conn->state == STATE_FAILED) { printf("\nconn %s did not load properly\n", conn->name); } else { resolve_defaultroute(conn); exit_status = starter_whack_add_conn( cfg, conn); conn->state = STATE_ADDED; } break; } } if (conn == NULL) { /* * only if we don't find it, do we now look * for aliases */ for (conn = cfg->conns.tqh_first; conn != NULL; conn = conn->link.tqe_next) { if (conn->strings_set[KSF_CONNALIAS] && lsw_alias_cmp(connname, conn-> strings[KSF_CONNALIAS] )) { if (conn->state == STATE_ADDED) { printf("\nalias: %s conn %s already added\n", connname, conn->name); } else if (conn->state == STATE_FAILED) { printf("\nalias: %s conn %s did not load properly\n", connname, conn->name); } else { resolve_defaultroute( conn); exit_status = starter_whack_add_conn( cfg, conn); conn->state = STATE_ADDED; } break; } } } if (conn == NULL) { exit_status++; if (!verbose) { printf("conn '%s': not found (tried aliases)\n", connname); } else { printf(" (notfound)\n"); } } } } if (listall) { if (verbose) printf("listing all conns\n"); for (conn = cfg->conns.tqh_first; conn != NULL; conn = conn->link.tqe_next) printf("%s ", conn->name); printf("\n"); } else { if (listadd) { if (verbose) printf("listing all conns marked as auto=add\n"); /* list all conns marked as auto=add */ for (conn = cfg->conns.tqh_first; conn != NULL; conn = conn->link.tqe_next) { if (conn->desired_state == STARTUP_ADD) printf("%s ", conn->name); } } if (listroute) { if (verbose) printf("listing all conns marked as auto=route and auto=start\n"); /* * list all conns marked as auto=route or start or * better */ for (conn = cfg->conns.tqh_first; conn != NULL; conn = conn->link.tqe_next) { if (conn->desired_state == STARTUP_START || conn->desired_state == STARTUP_ONDEMAND) printf("%s ", conn->name); } } if (liststart && !listroute) { if (verbose) printf("listing all conns marked as auto=start\n"); /* list all conns marked as auto=start */ for (conn = cfg->conns.tqh_first; conn != NULL; conn = conn->link.tqe_next) { if (conn->desired_state == STARTUP_START) printf("%s ", conn->name); } } if (listignore) { if (verbose) printf("listing all conns marked as auto=ignore\n"); /* list all conns marked as auto=start */ for (conn = cfg->conns.tqh_first; conn != NULL; conn = conn->link.tqe_next) { if (conn->desired_state == STARTUP_IGNORE) printf("%s ", conn->name); } printf("\n"); } } if (liststack) { const struct keyword_def *kd; for (kd = ipsec_conf_keywords_v2; kd->keyname != NULL; kd++) { if (strstr(kd->keyname, "protostack")) { if (cfg->setup.strings[kd->field]) printf("%s\n", cfg->setup.strings[kd->field]); else /* implicit default */ printf("netkey\n"); } } confread_free(cfg); exit(0); } if (configsetup) { const struct keyword_def *kd; printf("%s %sconfreadstatus=''\n", export, varprefix); for (kd = ipsec_conf_keywords_v2; kd->keyname != NULL; kd++) { if ((kd->validity & kv_config) == 0) continue; switch (kd->type) { case kt_string: case kt_filename: case kt_dirname: case kt_loose_enum: if (cfg->setup.strings[kd->field]) { printf("%s %s%s='%s'\n", export, varprefix, kd->keyname, cfg->setup.strings[kd->field]); } break; case kt_bool: printf("%s %s%s='%s'\n", export, varprefix, kd->keyname, cfg->setup.options[kd->field] ? "yes" : "no"); break; case kt_list: printf("%s %s%s='", export, varprefix, kd->keyname); confwrite_list(stdout, "", cfg->setup.options[kd->field], kd); printf("'\n"); break; case kt_obsolete: printf("# obsolete option '%s%s' ignored\n", varprefix, kd->keyname); break; default: if (cfg->setup.options[kd->field] || cfg->setup.options_set[kd->field]) { printf("%s %s%s='%d'\n", export, varprefix, kd->keyname, cfg->setup.options[kd->field]); } break; } }
main(int argc, char *argv[]) { int len; char *infile; char *conn_name; int lineno=0; int regression = 0; struct connection *c1; struct state *st; #ifdef HAVE_EFENCE EF_PROTECT_FREE=1; #endif progname = argv[0]; leak_detective = 1; if(argc != 3 && argc!=4) { fprintf(stderr, "Usage: %s [-r] <whackrecord> <conn-name>\n", progname); exit(10); } /* skip argv0 */ argc--; argv++; if(strcmp(argv[0], "-r")==0) { regression = 1; argc--; argv++; } tool_init_log(); load_oswcrypto(); init_fake_vendorid(); init_fake_secrets(); init_local_interface(); infile = argv[0]; conn_name = argv[1]; cur_debugging = DBG_CONTROL|DBG_CONTROLMORE; if(readwhackmsg(infile) == 0) exit(11); send_packet_setup_pcap("OUTPUT/" TESTNAME ".pcap"); c1 = con_by_name(conn_name, TRUE); assert(c1 != NULL); //list_public_keys(FALSE, FALSE); #ifndef SKIP_ORIENT_ASSERT assert(orient(c1, 500)); #endif show_one_connection(c1); #ifndef SKIP_INITIATE /* do calculation if not -r for regression */ st = sendI1(c1, DBG_EMITTING|DBG_CONTROL|DBG_CONTROLMORE, regression == 0); st = state_with_serialno(1); if(st!=NULL) { delete_state(st); free_state(st); } #endif delete_connection(c1, TRUE); report_leaks(); tool_close_log(); exit(0); }
main(int argc, char *argv[]){ int len; char *infile; char *conn_name; int lineno = 0; struct connection *c1; struct state *st; EF_PROTECT_FREE = 1; EF_FREE_WIPES = 1; progname = argv[0]; leak_detective = 1; if (argc != 3) { fprintf(stderr, "Usage: %s <whackrecord> <conn-name>\n", progname); exit(10); } /* argv[1] == "-r" */ tool_init_log(); init_fake_vendorid(); infile = argv[1]; conn_name = argv[2]; readwhackmsg(infile); send_packet_setup_pcap("parentI1.pcap"); c1 = con_by_name(conn_name, TRUE); c1->sa_keying_tries = 0; /* for this test case, make retries infinite */ maximum_retransmissions_initial = 2; show_one_connection(c1); st = sendI1(c1, DBG_EMITTING | DBG_CONTROL | DBG_CONTROLMORE | DBG_WHACKWATCH); run_continuation(r); /* after three-retransmits, we fallback to trying IKEv1, if necessary */ handle_next_timer_event(); run_continuation(r); handle_next_timer_event(); run_continuation(r); handle_next_timer_event(); run_continuation(r); handle_next_timer_event(); run_continuation(r); handle_next_timer_event(); run_continuation(r); handle_next_timer_event(); run_continuation(r); handle_next_timer_event(); run_continuation(r); handle_next_timer_event(); run_continuation(r); handle_next_timer_event(); run_continuation(r); /* after three more retransmits, we go back to IKEv2 */ handle_next_timer_event(); run_continuation(r); handle_next_timer_event(); run_continuation(r); handle_next_timer_event(); run_continuation(r); /* as the state will have been renewed, it's hard to clean up */ report_leaks(); tool_close_log(); exit(0); }
int main(int argc, char *argv[]) { bool recalculate = FALSE; int len; err_t e; err_t err = NULL; char *infile; char *conn_name; int lineno=0; struct connection *c1 = NULL; struct id moon, cassidy; struct adns_continuation *cr1 = NULL; #ifdef HAVE_EFENCE EF_PROTECT_FREE=1; #endif initproctitle(argc, argv); progname = argv[0]; leak_detective = 1; if(argc != 3 && argc!=4) { fprintf(stderr, "Usage: %s [-r] <whackrecord> <conn-name>\n", progname); exit(10); } /* skip argv0 */ argc--; argv++; if(strcmp(argv[0], "-r")==0) { recalculate = 1; /* do all crypto */ argc--; argv++; } tool_init_log(); cur_debugging |= DBG_DNS; init_adns(); { int r; struct sigaction act; act.sa_handler = &childhandler; act.sa_flags = SA_RESTART; r = sigaction(SIGCHLD, &act, NULL); passert(r == 0); } reset_globals(); /* setup a query */ cr1 = alloc_thing(struct adns_continuation, "moon lookup"); moon.kind = ID_FQDN; strtochunk(moon.name, "moon.testing.openswan.org", "dns name"); e = start_adns_query(&moon, NULL, ns_t_key, moon_continue, cr1); freeanychunk(moon.name); process_dns_results(); #if 0 cr1 = alloc_thing(struct adns_continuation, "cassidy lookup"); cassidy.kind = ID_FQDN; strtochunk(cassidy.name, "cassidy.sandelman.ca", "dns name 2"); e = start_adns_query(&cassidy, NULL, ns_t_key, cassidy_continue, cr1); freeanychunk(cassidy.name); process_dns_results(); #endif /* re-use cassidy */ cr1 = alloc_thing(struct adns_continuation, "cassidy A lookup"); e = start_adns_hostname(AF_UNSPEC, "cassidy.sandelman.ca", cassidy_host_continue, cr1); process_dns_results(); stop_adns(); report_leaks(); tool_close_log(); exit(0); }
/* - main - mostly argument parsing */ int main(int argc, char *argv[]) { log_to_stderr = FALSE; tool_init_log("ipsec rsasigkey"); int opt; int nbits = 0; int seedbits = DEFAULT_SEED_BITS; while ((opt = getopt_long(argc, argv, "", opts, NULL)) != EOF) switch (opt) { case 'n': case 'p': fprintf(stderr, "%s: --noopt and --rounds options have been obsoleted - ignored\n", progname); break; case 'v': /* verbose description */ log_to_stderr = TRUE; break; case 'r': fprintf(stderr, "%s: Warning: --random is obsoleted for --seeddev. It no longer specifies the random device used for obtaining random key material", progname); /* FALLTHROUGH */ case 'S': /* nonstandard random device for seed */ device = optarg; break; case 'H': /* set hostname for output */ { size_t full_len = strlen(optarg); bool oflow = sizeof(outputhostname) - 1 < full_len; size_t copy_len = oflow ? sizeof(outputhostname) - 1 : full_len; memcpy(outputhostname, optarg, copy_len); outputhostname[copy_len] = '\0'; } break; case 'h': /* help */ printf("Usage:\t%s\n", usage); exit(0); break; case 'V': /* version */ printf("%s %s\n", progname, ipsec_version_code()); exit(0); break; case 'c': /* obsoleted by --nssdir|-d */ case 'd': /* -d is used for nssdirdir with nss tools */ lsw_conf_nssdir(optarg); break; case 'P': /* token authentication password */ lsw_conf_nsspassword(optarg); break; case 's': /* seed bits */ seedbits = atoi(optarg); if (PK11_IsFIPS()) { if (seedbits < DEFAULT_SEED_BITS) { fprintf(stderr, "%s: FIPS mode does not allow < %d seed bits\n", progname, DEFAULT_SEED_BITS); exit(1); } } break; case '?': default: printf("Usage:\t%s\n", usage); exit(2); } if (outputhostname[0] == '\0') { if (gethostname(outputhostname, sizeof(outputhostname)) < 0) { fprintf(stderr, "%s: gethostname failed (%s)\n", progname, strerror(errno)); exit(1); } } /* * RSA-PSS requires keysize to be a multiple of 8 bits * (see PCS#1 v2.1). * We require a multiple of 16. (??? why?) */ if (argv[optind] == NULL) { /* default keysize: a multiple of 16 in [3072,4096) */ srand(time(NULL)); nbits = 3072 + 16 * (rand() % (1024 / 16)); } else { unsigned long u; err_t ugh = ttoulb(argv[optind], 0, 10, INT_MAX, &u); if (ugh != NULL) { fprintf(stderr, "%s: keysize specification is malformed: %s\n", progname, ugh); exit(1); } nbits = u; } if (nbits < MIN_KEYBIT ) { fprintf(stderr, "%s: requested RSA key size (%d) is too small - use %d or more\n", progname, nbits, MIN_KEYBIT); exit(1); } else if (nbits > MAXBITS) { fprintf(stderr, "%s: requested RSA key size (%d) is too large - (max %d)\n", progname, nbits, MAXBITS); exit(1); } else if (nbits % (BITS_PER_BYTE * 2) != 0) { fprintf(stderr, "%s: requested RSA key size (%d) is not a multiple of %d\n", progname, nbits, (int)BITS_PER_BYTE * 2); exit(1); } /* * Don't fetch the config options until after they have been * processed, and really are "constant". */ const struct lsw_conf_options *oco = lsw_init_options(); rsasigkey(nbits, seedbits, oco); exit(0); }
main(int argc, char *argv[]){ int len; char *infile; FILE *idfile; char idbuf[256]; int lineno = 0; EF_PROTECT_FREE = 1; EF_FREE_WIPES = 1; lsw_init_rootdir("../../../baseconfigs/all"); progname = argv[0]; leak_detective = 1; if (argc != 3 ) { fprintf(stderr, "Usage: %s <whackrecord> <idfile>\n", progname); exit(10); } /* argv[1] == "-r" */ tool_init_log(); infile = argv[1]; readwhackmsg(infile); idfile = fopen(argv[2], "r"); if (!idfile) { perror(argv[2]); exit(11); } cur_debugging = DBG_CONTROL | DBG_CONTROLMORE; while (fgets(idbuf, sizeof(idbuf), idfile) != NULL) { struct state *st1; struct connection *nc; struct id peer_id; int aggrmode, initiate; char id1[256]; /* ignore comments */ if (idbuf[0] == '#') continue; st1 = new_state(); sscanf(idbuf, "%s %u %u", id1, &initiate, &aggrmode); /* set it to the first connection, there may be only one?? */ st1->st_connection = connections; /* safe: from new_state */ st1->st_oakley.auth = OAKLEY_RSA_SIG; passert(connections != NULL); atoid(id1, &peer_id, TRUE); nc = refine_host_connection(st1, &peer_id, initiate, aggrmode); printf("%u: %s -> conn: %s\n", ++lineno, id1, nc ? nc->name : "<none>"); } report_leaks(); tool_close_log(); exit(0); }