static int gssapi_get_default_name(struct ph1handle *iph1, int remote, gss_name_t *service) { char name[NI_MAXHOST]; struct sockaddr *sa; gss_buffer_desc name_token; OM_uint32 min_stat, maj_stat; sa = remote ? iph1->remote : iph1->local; if (getnameinfo(sa, sysdep_sa_len(sa), name, NI_MAXHOST, NULL, 0, 0) != 0) return -1; name_token.length = asprintf((char **)&name_token.value, "%s@%s", GSSAPI_DEF_NAME, name); maj_stat = gss_import_name(&min_stat, &name_token, GSS_C_NT_HOSTBASED_SERVICE, service); if (GSS_ERROR(maj_stat)) { gssapi_error(min_stat, LOCATION, "import name\n"); maj_stat = gss_release_buffer(&min_stat, &name_token); if (GSS_ERROR(maj_stat)) gssapi_error(min_stat, LOCATION, "release name_token"); return -1; } maj_stat = gss_release_buffer(&min_stat, &name_token); if (GSS_ERROR(maj_stat)) gssapi_error(min_stat, LOCATION, "release name_token"); return 0; }
int if_map (int (*func) (char *, struct sockaddr *, void *), void *arg) { int err = 0; #ifdef HAVE_GETIFADDRS struct ifaddrs *ifap, *ifa; if (getifaddrs (&ifap) < 0) return -1; for (ifa = ifap; ifa; ifa = ifa->ifa_next) if ((*func) (ifa->ifa_name, ifa->ifa_addr, arg) == -1) err = -1; freeifaddrs (ifap); #else struct ifconf ifc; struct ifreq *ifrp; caddr_t limit, p; size_t len; if (siocgifconf (&ifc)) return -1; limit = ifc.ifc_buf + ifc.ifc_len; for (p = ifc.ifc_buf; p < limit; p += len) { ifrp = (struct ifreq *)p; if ((*func) (ifrp->ifr_name, &ifrp->ifr_addr, arg) == -1) err = -1; len = sizeof ifrp->ifr_name + MAX (sysdep_sa_len (&ifrp->ifr_addr), sizeof ifrp->ifr_addr); } free (ifc.ifc_buf); #endif return err; }
static void shortdump(struct sadb_msg *msg) { caddr_t mhp[SADB_EXT_MAX + 1]; char buf[NI_MAXHOST], pbuf[NI_MAXSERV]; struct sadb_sa *sa; struct sadb_address *saddr; struct sadb_lifetime *lts, *lth, *ltc; struct sockaddr *s; u_int t; time_t cur = time(0); pfkey_align(msg, mhp); pfkey_check(mhp); printf("%02lu%02lu", (u_long)(cur % 3600) / 60, (u_long)(cur % 60)); printf(" %-3s", STR_OR_ID(msg->sadb_msg_satype, satype)); if ((sa = (struct sadb_sa *)mhp[SADB_EXT_SA]) != NULL) { printf(" %-1s", STR_OR_ID(sa->sadb_sa_state, sastate)); printf(" %08x", (uint32_t)ntohl(sa->sadb_sa_spi)); } else printf("%-1s %-8s", "?", "?"); lts = (struct sadb_lifetime *)mhp[SADB_EXT_LIFETIME_SOFT]; lth = (struct sadb_lifetime *)mhp[SADB_EXT_LIFETIME_HARD]; ltc = (struct sadb_lifetime *)mhp[SADB_EXT_LIFETIME_CURRENT]; if (lts && lth && ltc) { if (ltc->sadb_lifetime_addtime == 0) t = (u_long)0; else t = (u_long)(cur - ltc->sadb_lifetime_addtime); if (t >= 1000) strlcpy(buf, " big/", sizeof(buf)); else snprintf(buf, sizeof(buf), " %3lu/", (u_long)t); printf("%s", buf); t = (u_long)lth->sadb_lifetime_addtime; if (t >= 1000) strlcpy(buf, "big", sizeof(buf)); else snprintf(buf, sizeof(buf), "%-3lu", (u_long)t); printf("%s", buf); } else printf(" ??\?/???"); /* backslash to avoid trigraph ??/ */ printf(" "); if ((saddr = (struct sadb_address *)mhp[SADB_EXT_ADDRESS_SRC]) != NULL) { if (saddr->sadb_address_proto) printf("%s ", STR_OR_ID(saddr->sadb_address_proto, ipproto)); s = (struct sockaddr *)(saddr + 1); getnameinfo(s, sysdep_sa_len(s), buf, sizeof(buf), pbuf, sizeof(pbuf), NI_NUMERICHOST|NI_NUMERICSERV); if (strcmp(pbuf, "0") != 0) printf("%s[%s]", buf, pbuf); else printf("%s", buf); } else printf("?"); printf(" -> "); if ((saddr = (struct sadb_address *)mhp[SADB_EXT_ADDRESS_DST]) != NULL) { if (saddr->sadb_address_proto) printf("%s ", STR_OR_ID(saddr->sadb_address_proto, ipproto)); s = (struct sockaddr *)(saddr + 1); getnameinfo(s, sysdep_sa_len(s), buf, sizeof(buf), pbuf, sizeof(pbuf), NI_NUMERICHOST|NI_NUMERICSERV); if (strcmp(pbuf, "0") != 0) printf("%s[%s]", buf, pbuf); else printf("%s", buf); } else printf("?"); printf("\n"); }
// This function fills in policy0 and policylen0 according to the given parameters // The full implementation can be found in racoon // direction IPSEC_DIR_INBOUND | IPSEC_DIR_OUTBOUND int getsadbpolicy(caddr_t *policy0, int *policylen0, int direction, struct sockaddr *src, struct sockaddr *dst, u_int mode, int cmd) { struct sadb_x_policy *xpl; struct sadb_x_ipsecrequest *xisr; struct saproto *pr; caddr_t policy, p; int policylen; int xisrlen, src_len, dst_len; u_int satype; HIP_DEBUG("\n"); /* get policy buffer size */ policylen = sizeof(struct sadb_x_policy); if (cmd != SADB_X_SPDDELETE) { xisrlen = sizeof(*xisr); xisrlen += (sysdep_sa_len(src) + sysdep_sa_len(dst)); policylen += PFKEY_ALIGN8(xisrlen); } /* make policy structure */ policy = malloc(policylen); if (!policy) { HIP_ERROR("Cannot allocate memory for policy\n"); return -ENOMEM; } xpl = (struct sadb_x_policy *)policy; xpl->sadb_x_policy_len = PFKEY_UNIT64(policylen); xpl->sadb_x_policy_exttype = SADB_X_EXT_POLICY; xpl->sadb_x_policy_type = IPSEC_POLICY_IPSEC; xpl->sadb_x_policy_dir = direction; xpl->sadb_x_policy_id = 0; //xpl->sadb_x_policy_priority = PRIORITY_DEFAULT; if (cmd == SADB_X_SPDDELETE) goto end; xisr = (struct sadb_x_ipsecrequest *)(xpl + 1); xisr->sadb_x_ipsecrequest_proto = SADB_SATYPE_ESP; xisr->sadb_x_ipsecrequest_mode = mode; xisr->sadb_x_ipsecrequest_level = IPSEC_LEVEL_REQUIRE; xisr->sadb_x_ipsecrequest_reqid = 0; p = (caddr_t)(xisr + 1); xisrlen = sizeof(*xisr); src_len = sysdep_sa_len(src); dst_len = sysdep_sa_len(dst); xisrlen += src_len + dst_len; memcpy(p, src, src_len); p += src_len; memcpy(p, dst, dst_len); p += dst_len; xisr->sadb_x_ipsecrequest_len = PFKEY_ALIGN8(xisrlen); end: *policy0 = policy; *policylen0 = policylen; return 0; }