static int
gssapi_get_default_name(struct ph1handle *iph1, int remote, gss_name_t *service)
{
char name[NI_MAXHOST];
struct sockaddr *sa;
gss_buffer_desc name_token;
OM_uint32 min_stat, maj_stat;
sa = remote ? iph1->remote : iph1->local;
if (getnameinfo(sa, sysdep_sa_len(sa), name, NI_MAXHOST, NULL, 0, 0) != 0)
return -1;
name_token.length = asprintf((char **)&name_token.value,
"%s@%s", GSSAPI_DEF_NAME, name);
maj_stat = gss_import_name(&min_stat, &name_token,
GSS_C_NT_HOSTBASED_SERVICE, service);
if (GSS_ERROR(maj_stat)) {
gssapi_error(min_stat, LOCATION, "import name\n");
maj_stat = gss_release_buffer(&min_stat, &name_token);
if (GSS_ERROR(maj_stat))
gssapi_error(min_stat, LOCATION, "release name_token");
return -1;
}
maj_stat = gss_release_buffer(&min_stat, &name_token);
if (GSS_ERROR(maj_stat))
gssapi_error(min_stat, LOCATION, "release name_token");
return 0;
}
int
if_map (int (*func) (char *, struct sockaddr *, void *), void *arg)
{
int err = 0;
#ifdef HAVE_GETIFADDRS
struct ifaddrs *ifap, *ifa;
if (getifaddrs (&ifap) < 0)
return -1;
for (ifa = ifap; ifa; ifa = ifa->ifa_next)
if ((*func) (ifa->ifa_name, ifa->ifa_addr, arg) == -1)
err = -1;
freeifaddrs (ifap);
#else
struct ifconf ifc;
struct ifreq *ifrp;
caddr_t limit, p;
size_t len;
if (siocgifconf (&ifc))
return -1;
limit = ifc.ifc_buf + ifc.ifc_len;
for (p = ifc.ifc_buf; p < limit; p += len)
{
ifrp = (struct ifreq *)p;
if ((*func) (ifrp->ifr_name, &ifrp->ifr_addr, arg) == -1)
err = -1;
len = sizeof ifrp->ifr_name
+ MAX (sysdep_sa_len (&ifrp->ifr_addr), sizeof ifrp->ifr_addr);
}
free (ifc.ifc_buf);
#endif
return err;
}
static void
shortdump(struct sadb_msg *msg)
{
caddr_t mhp[SADB_EXT_MAX + 1];
char buf[NI_MAXHOST], pbuf[NI_MAXSERV];
struct sadb_sa *sa;
struct sadb_address *saddr;
struct sadb_lifetime *lts, *lth, *ltc;
struct sockaddr *s;
u_int t;
time_t cur = time(0);
pfkey_align(msg, mhp);
pfkey_check(mhp);
printf("%02lu%02lu", (u_long)(cur % 3600) / 60, (u_long)(cur % 60));
printf(" %-3s", STR_OR_ID(msg->sadb_msg_satype, satype));
if ((sa = (struct sadb_sa *)mhp[SADB_EXT_SA]) != NULL) {
printf(" %-1s", STR_OR_ID(sa->sadb_sa_state, sastate));
printf(" %08x", (uint32_t)ntohl(sa->sadb_sa_spi));
} else
printf("%-1s %-8s", "?", "?");
lts = (struct sadb_lifetime *)mhp[SADB_EXT_LIFETIME_SOFT];
lth = (struct sadb_lifetime *)mhp[SADB_EXT_LIFETIME_HARD];
ltc = (struct sadb_lifetime *)mhp[SADB_EXT_LIFETIME_CURRENT];
if (lts && lth && ltc) {
if (ltc->sadb_lifetime_addtime == 0)
t = (u_long)0;
else
t = (u_long)(cur - ltc->sadb_lifetime_addtime);
if (t >= 1000)
strlcpy(buf, " big/", sizeof(buf));
else
snprintf(buf, sizeof(buf), " %3lu/", (u_long)t);
printf("%s", buf);
t = (u_long)lth->sadb_lifetime_addtime;
if (t >= 1000)
strlcpy(buf, "big", sizeof(buf));
else
snprintf(buf, sizeof(buf), "%-3lu", (u_long)t);
printf("%s", buf);
} else
printf(" ??\?/???"); /* backslash to avoid trigraph ??/ */
printf(" ");
if ((saddr = (struct sadb_address *)mhp[SADB_EXT_ADDRESS_SRC]) != NULL) {
if (saddr->sadb_address_proto)
printf("%s ", STR_OR_ID(saddr->sadb_address_proto, ipproto));
s = (struct sockaddr *)(saddr + 1);
getnameinfo(s, sysdep_sa_len(s), buf, sizeof(buf),
pbuf, sizeof(pbuf), NI_NUMERICHOST|NI_NUMERICSERV);
if (strcmp(pbuf, "0") != 0)
printf("%s[%s]", buf, pbuf);
else
printf("%s", buf);
} else
printf("?");
printf(" -> ");
if ((saddr = (struct sadb_address *)mhp[SADB_EXT_ADDRESS_DST]) != NULL) {
if (saddr->sadb_address_proto)
printf("%s ", STR_OR_ID(saddr->sadb_address_proto, ipproto));
s = (struct sockaddr *)(saddr + 1);
getnameinfo(s, sysdep_sa_len(s), buf, sizeof(buf),
pbuf, sizeof(pbuf), NI_NUMERICHOST|NI_NUMERICSERV);
if (strcmp(pbuf, "0") != 0)
printf("%s[%s]", buf, pbuf);
else
printf("%s", buf);
} else
printf("?");
printf("\n");
}
// This function fills in policy0 and policylen0 according to the given parameters
// The full implementation can be found in racoon
// direction IPSEC_DIR_INBOUND | IPSEC_DIR_OUTBOUND
int getsadbpolicy(caddr_t *policy0, int *policylen0, int direction,
struct sockaddr *src, struct sockaddr *dst, u_int mode, int cmd)
{
struct sadb_x_policy *xpl;
struct sadb_x_ipsecrequest *xisr;
struct saproto *pr;
caddr_t policy, p;
int policylen;
int xisrlen, src_len, dst_len;
u_int satype;
HIP_DEBUG("\n");
/* get policy buffer size */
policylen = sizeof(struct sadb_x_policy);
if (cmd != SADB_X_SPDDELETE) {
xisrlen = sizeof(*xisr);
xisrlen += (sysdep_sa_len(src) + sysdep_sa_len(dst));
policylen += PFKEY_ALIGN8(xisrlen);
}
/* make policy structure */
policy = malloc(policylen);
if (!policy) {
HIP_ERROR("Cannot allocate memory for policy\n");
return -ENOMEM;
}
xpl = (struct sadb_x_policy *)policy;
xpl->sadb_x_policy_len = PFKEY_UNIT64(policylen);
xpl->sadb_x_policy_exttype = SADB_X_EXT_POLICY;
xpl->sadb_x_policy_type = IPSEC_POLICY_IPSEC;
xpl->sadb_x_policy_dir = direction;
xpl->sadb_x_policy_id = 0;
//xpl->sadb_x_policy_priority = PRIORITY_DEFAULT;
if (cmd == SADB_X_SPDDELETE)
goto end;
xisr = (struct sadb_x_ipsecrequest *)(xpl + 1);
xisr->sadb_x_ipsecrequest_proto = SADB_SATYPE_ESP;
xisr->sadb_x_ipsecrequest_mode = mode;
xisr->sadb_x_ipsecrequest_level = IPSEC_LEVEL_REQUIRE;
xisr->sadb_x_ipsecrequest_reqid = 0;
p = (caddr_t)(xisr + 1);
xisrlen = sizeof(*xisr);
src_len = sysdep_sa_len(src);
dst_len = sysdep_sa_len(dst);
xisrlen += src_len + dst_len;
memcpy(p, src, src_len);
p += src_len;
memcpy(p, dst, dst_len);
p += dst_len;
xisr->sadb_x_ipsecrequest_len = PFKEY_ALIGN8(xisrlen);
end:
*policy0 = policy;
*policylen0 = policylen;
return 0;
}
