static int unpack_entry(MDB_val *data, struct entry *entry)
{
uint32_t len = 0;
void *val = NULL;
char *stream = data->mv_data;
val = unpack_bin(&stream, &len);
memcpy(&entry->data.type, val, sizeof(uint16_t));
knot_rdataset_t *rrs = &entry->data.rrs;
val = unpack_bin(&stream, &len);
memcpy(&rrs->rr_count, val, sizeof(uint16_t));
rrs->data = unpack_bin(&stream, &len);
entry->threat_code = unpack_str(&stream);
entry->syslog_ip = unpack_str(&stream);
return KNOT_EOK;
}
int
msa_recv_pkt(msa_pkt_t *pkt, int sfd)
{
byte_t *dt = 0;
byte_t st_u = 0;
size_t st_sz = 0, id_sz = 0, sz_sz = 0;
unsigned int id_u = 0, sz_u = 0;
assert(sfd >= 0);
st_sz = sizeof(byte_t);
id_sz = sizeof(int);
sz_sz = sizeof(int);
dt = malloc(st_sz);
msa_recv_all(sfd, dt, st_sz);
st_u = unpack_byte(dt);
pkt->st = st_u;
free(dt); dt = 0;
dt = malloc(id_sz);
msa_recv_all(sfd, dt, id_sz);
id_u = unpack_int(dt);
pkt->id = id_u;
free(dt); dt = 0;
dt = malloc(sz_sz);
msa_recv_all(sfd, dt, sz_sz);
sz_u = unpack_int(dt);
pkt->sz = sz_u;
free(dt); dt = 0;
if (sz_u != 0) {
dt = malloc(sz_u * sizeof(char));
msa_recv_all(sfd, dt, sz_u * sizeof(char));
pkt->da = unpack_str(dt, sz_u * sizeof(char));
free(dt); dt = 0;
} else {
pkt->da = 0;
}
return 0; /* do some error checking? */
}
/**
* Unpack a message whack received
*
* @param wp The whack message
* @return err_t
*/
err_t unpack_whack_msg (struct whackpacker *wp)
{
err_t ugh = NULL;
if (wp->str_next > wp->str_roof)
{
ugh = builddiag("ignoring truncated message from whack: got %d bytes; expected %u"
, (int) wp->n, (unsigned) sizeof(wp->msg));
}
if (!unpack_str(wp, &wp->msg->name) /* string 1 */
|| !unpack_str(wp, &wp->msg->left.id) /* string 2 */
|| !unpack_str(wp, &wp->msg->left.cert) /* string 3 */
|| !unpack_str(wp, &wp->msg->left.ca) /* string 4 */
|| !unpack_str(wp, &wp->msg->left.groups) /* string 5 */
|| !unpack_str(wp, &wp->msg->left.updown) /* string 6 */
#ifdef VIRTUAL_IP
|| !unpack_str(wp,&wp->msg->left.virt) /* string 7 */
#endif
|| !unpack_str(wp, &wp->msg->right.id) /* string 8 */
|| !unpack_str(wp, &wp->msg->right.cert) /* string 9 */
|| !unpack_str(wp, &wp->msg->right.ca) /* string 10 */
|| !unpack_str(wp, &wp->msg->right.groups)/* string 11 */
|| !unpack_str(wp, &wp->msg->right.updown)/* string 12 */
#ifdef VIRTUAL_IP
|| !unpack_str(wp, &wp->msg->right.virt) /* string 13 */
#endif
|| !unpack_str(wp, &wp->msg->keyid) /* string 14 */
|| !unpack_str(wp, &wp->msg->myid) /* string 15 */
|| !unpack_str(wp, &wp->msg->ike) /* string 16 */
|| !unpack_str(wp, &wp->msg->esp) /* string 17 */
|| wp->str_roof - wp->str_next != (ptrdiff_t)wp->msg->keyval.len) /* check chunk */
{
ugh = "message from whack contains bad string";
}
return ugh;
}
//-------------------------------------------------------------------------
bool varser_t::deserialize(VARIANT &var, const uchar **in, const uchar * const end)
{
var.vt = unpack_dw(in, end);
if ( (var.vt & VT_BYREF) == VT_BYREF
|| (var.vt & VT_ARRAY) == VT_ARRAY )
{
return false;
}
bool ok = false;
switch ( var.vt )
{
case VT_EMPTY: // = 0x0000,
case VT_NULL: // = 0x0001,
break;
case VT_I2: // = 0x0002,
case VT_UI2: // = 0x0012,
var.uiVal = unpack_dw(in, end);
ok = true;
break;
case VT_I4: // = 0x0003,
case VT_UI4: // = 0x0013,
var.ulVal = unpack_dd(in, end);
ok = true;
break;
case VT_R4: // = 0x0004,
{
uint32 res = unpack_dd(in, end);
var.fltVal = *(FLOAT*)&res;
ok = true;
}
break;
case VT_R8: // = 0x0005,
{
uint64 res = unpack_dq(in, end);
var.dblVal = *(DOUBLE*)&res;
ok = true;
}
break;
case VT_CY: // = 0x0006,
case VT_DATE: // = 0x0007,
break;
case VT_BSTR: // = 0x0008,
{
uint32 bcnt = unpack_dd(in, end);
uint8 *raw = (uint8 *) qalloc(bcnt + 4 + 2); // +2 for terminating null character.
if ( raw != NULL )
{
* (uint32*) raw = bcnt;
raw += 4;
extract_memory(in, end, raw, bcnt);
raw[bcnt] = '\0';
raw[bcnt+1] = '\0';
var.bstrVal = raw;
ok = true;
}
}
break;
case VT_LPSTR: // = 0x001E,
case VT_LPWSTR: // = 0x001F,
{
char *tmp = qstrdup(unpack_str(in, end));
var.byref = tmp;
ok = true;
}
break;
case VT_DISPATCH: // = 0x0009,
case VT_ERROR: // = 0x000A,
case VT_BOOL: // = 0x000B,
case VT_VARIANT: // = 0x000C,
case VT_UNKNOWN: // = 0x000D,
case VT_DECIMAL: // = 0x000E,
case VT_I1: // = 0x0010,
case VT_UI1: // = 0x0011,
var.bVal = unpack_db(in, end);
ok = true;
break;
case VT_I8: // = 0x0014,
case VT_UI8: // = 0x0015,
var.ullVal = unpack_dq(in, end);
ok = true;
break;
case VT_INT: // = 0x0016,
case VT_UINT: // = 0x0017,
case VT_HRESULT: // = 0x0019,
var.uintVal = unpack_dd(in, end);
ok = true;
break;
case VT_VOID: // = 0x0018,
case VT_PTR: // = 0x001A,
case VT_SAFEARRAY: // = 0x001B,
case VT_CARRAY: // = 0x001C,
case VT_USERDEFINED: // = 0x001D,
case VT_RECORD: // = 0x0024,
case VT_INT_PTR: // = 0x0025,
case VT_UINT_PTR: // = 0x0026,
break;
default: break;
}
return ok;
}
/* Handle a kernel request. Supposedly, there's a message in
* the kernelsock socket.
*/
void
whack_handle(int whackctlfd)
{
struct whack_message msg;
struct sockaddr_un whackaddr;
int whackaddrlen = sizeof(whackaddr);
int whackfd = accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen);
ssize_t n;
if (whackfd < 0)
{
log_errno((e, "accept() failed in whack_handle()"));
return;
}
n = read(whackfd, &msg, sizeof(msg));
if (n == -1)
{
log_errno((e, "read() failed in whack_handle()"));
close(whackfd);
return;
}
whack_log_fd = whackfd;
/* sanity check message */
{
err_t ugh = NULL;
next_str = msg.string;
str_roof = (char *)&msg + n;
if (next_str > str_roof)
{
ugh = builddiag("truncated message from whack: got %d bytes; expected %d. Message ignored."
, n, (int) sizeof(msg));
}
else if (msg.magic != WHACK_MAGIC)
{
ugh = builddiag("message from whack has bad magic %d; should be %d; probably wrong version. Message ignored"
, msg.magic, WHACK_MAGIC);
}
else if (!unpack_str(&msg.name) /* string 1 */
|| !unpack_str(&msg.left.id) /* string 2 */
|| !unpack_str(&msg.left.cert) /* string 3 */
|| !unpack_str(&msg.left.updown) /* string 4 */
#ifdef VIRTUAL_IP
|| !unpack_str(&msg.left.virt)
#endif
|| !unpack_str(&msg.right.id) /* string 5 */
|| !unpack_str(&msg.right.cert) /* string 6 */
|| !unpack_str(&msg.right.updown) /* string 7 */
#ifdef VIRTUAL_IP
|| !unpack_str(&msg.right.virt)
#endif
|| !unpack_str(&msg.keyid) /* string 8 */
|| !unpack_str(&msg.ike) /* string 9 */
|| !unpack_str(&msg.esp) /* string 10 */
|| !unpack_str(&msg.dnshostname) /* string 11 */
|| str_roof - next_str != (ptrdiff_t)msg.keyval.len) /* check chunk */
{
ugh = "message from whack contains bad string";
}
else
{
msg.keyval.ptr = next_str; /* grab chunk */
}
if (ugh != NULL)
{
loglog(RC_BADWHACKMESSAGE, "%s", ugh);
whack_log_fd = NULL_FD;
close(whackfd);
return;
}
}
if (msg.whack_options)
{
#ifdef DEBUG
if (msg.name == NULL)
{
/* we do a two-step so that if either old or new would
* cause the message to print, it will be printed.
*/
cur_debugging |= msg.debugging;
DBG(DBG_CONTROL
, DBG_log("base debugging = %s"
, bitnamesof(debug_bit_names, msg.debugging)));
cur_debugging = base_debugging = msg.debugging;
}
else if (!msg.whack_connection)
{
struct connection *c = con_by_name(msg.name, TRUE);
if (c != NULL)
{
c->extra_debugging = msg.debugging;
DBG(DBG_CONTROL
, DBG_log("\"%s\" extra_debugging = %s"
, c->name
, bitnamesof(debug_bit_names, c->extra_debugging)));
}
}
#endif
}
/* Deleting combined with adding a connection works as replace.
* To make this more useful, in only this combination,
* delete will silently ignore the lack of the connection.
*/
if (msg.whack_delete)
{
struct connection *c = con_by_name(msg.name, !msg.whack_connection);
/* note: this is a "while" because road warrior
* leads to multiple connections with the same name.
*/
for (; c != NULL; c = con_by_name(msg.name, FALSE))
delete_connection(c);
}
if (msg.whack_deletestate)
{
struct state *st = state_with_serialno(msg.whack_deletestateno);
if (st == NULL)
{
loglog(RC_UNKNOWN_NAME, "no state #%lu to delete"
, msg.whack_deletestateno);
}
else
{
delete_state(st);
}
}
if (msg.whack_connection)
add_connection(&msg);
/* process "listen" before any operation that could require it */
if (msg.whack_listen)
{
log("listening for IKE messages");
listening = TRUE;
find_ifaces();
load_preshared_secrets();
}
if (msg.whack_unlisten)
{
log("no longer listening for IKE messages");
listening = FALSE;
}
if (msg.whack_reread & REREAD_SECRETS)
{
load_preshared_secrets();
}
if (msg.whack_reread & REREAD_MYCERT)
{
load_mycert();
}
if (msg.whack_reread & REREAD_CACERTS)
{
load_cacerts();
}
if (msg.whack_reread & REREAD_CRLS)
{
load_crls();
}
if (msg.whack_list & LIST_PUBKEYS)
{
list_public_keys(msg.whack_utc);
}
if (msg.whack_list & LIST_CERTS)
{
list_certs(msg.whack_utc);
}
if (msg.whack_list & LIST_CACERTS)
{
list_cacerts(msg.whack_utc);
}
if (msg.whack_list & LIST_CRLS)
{
list_crls(msg.whack_utc);
}
if (msg.whack_key)
{
/* add a public key */
struct id keyid;
err_t ugh = atoid(msg.keyid, &keyid);
if (ugh != NULL)
{
loglog(RC_BADID, "bad --keyid \"%s\": %s", msg.keyid, ugh);
}
else
{
if (!msg.whack_addkey)
delete_public_keys(&keyid, msg.pubkey_alg);
if (msg.keyval.len == 0)
{
struct key_add_continuation *kc
= alloc_thing(struct key_add_continuation
, "key add continuation");
int wfd = dup_any(whackfd);
kc->whack_fd = wfd;
ugh = start_adns_query(&keyid
, NULL
, T_KEY
, key_add_continue
, &kc->ac);
if (ugh != NULL)
{
key_add_ugh(&keyid, ugh);
close_any(wfd);
}
}
else
{
ugh = add_public_key(&keyid, DAL_LOCAL, msg.pubkey_alg
, &msg.keyval, &pubkeys);
if (ugh != NULL)
loglog(RC_LOG_SERIOUS, "%s", ugh);
}
}
}
/**
* Unpack a message whack received
*
* @param wp The whack message
* @return err_t
*/
err_t unpack_whack_msg (struct whackpacker *wp)
{
err_t ugh = NULL;
if (wp->str_next > wp->str_roof)
{
ugh = builddiag("ignoring truncated message from whack: got %d bytes; expected %u"
, (int) wp->n, (unsigned) sizeof(wp->msg));
}
if (!unpack_str(wp, &wp->msg->name) /* string 1 */
|| !unpack_str(wp, &wp->msg->left.id) /* string 2 */
|| !unpack_str(wp, &wp->msg->left.cert) /* string 3 */
|| !unpack_str(wp, &wp->msg->left.ca) /* string 4 */
|| !unpack_str(wp, &wp->msg->left.groups) /* string 5 */
|| !unpack_str(wp, &wp->msg->left.updown) /* string 6 */
|| !unpack_str(wp, &wp->msg->left.virt) /* string 7 */
|| !unpack_str(wp, &wp->msg->right.id) /* string 8 */
|| !unpack_str(wp, &wp->msg->right.cert) /* string 9 */
|| !unpack_str(wp, &wp->msg->right.ca) /* string 10 */
|| !unpack_str(wp, &wp->msg->right.groups)/* string 11 */
|| !unpack_str(wp, &wp->msg->right.updown)/* string 12 */
|| !unpack_str(wp, &wp->msg->right.virt) /* string 13 */
|| !unpack_str(wp, &wp->msg->keyid) /* string 14 */
|| !unpack_str(wp, &wp->msg->myid) /* string 15 */
|| !unpack_str(wp, &wp->msg->ike) /* string 16 */
|| !unpack_str(wp, &wp->msg->esp) /* string 17 */
|| !unpack_str(wp, &wp->msg->tpmeval) /* string 18 */
|| !unpack_str(wp, &wp->msg->left.xauth_name) /* string 19 */
|| !unpack_str(wp, &wp->msg->right.xauth_name) /* string 20 */
|| !unpack_str(wp, &wp->msg->connalias) /* string 21 */
|| !unpack_str(wp, &wp->msg->left.host_addr_name) /* string 22 */
|| !unpack_str(wp, &wp->msg->right.host_addr_name) /* string 23 */
|| !unpack_str(wp, &wp->msg->string1) /* string 24 */
|| !unpack_str(wp, &wp->msg->string2) /* string 25 */
|| !unpack_str(wp, &wp->msg->string3) /* string 26 */
|| !unpack_str(wp, &wp->msg->dnshostname) /* string 27 ? */
|| wp->str_roof - wp->str_next != (ptrdiff_t)wp->msg->keyval.len) /* check chunk */
{
ugh = "message from whack contains bad string";
}
return ugh;
}
