int test_1 (char *address, char *port, int ok) { struct sockaddr *sa; #ifdef DEBUG struct sockaddr_in *sai; struct sockaddr_in6 *sai6; int i; #endif int rv; printf ("test_1 (\"%s\", \"%s\") ", address, port); rv = text2sockaddr (address, port, &sa) == ok; printf (rv ? "OK" : "FAIL"); printf ("\n"); #ifdef DEBUG printf ("af %d len %d ", sa->sa_family, sa->sa_len); if (sa->sa_family == AF_INET) { sai = (struct sockaddr_in *)sa; printf ("addr %08x port %d\n", ntohl (sai->sin_addr.s_addr), ntohs (sai->sin_port)); } else { sai6 = (struct sockaddr_in6 *)sa; printf ("addr "); for (i = 0; i < sizeof sai6->sin6_addr; i++) printf ("%02x", sai6->sin6_addr.s6_addr[i]); printf (" port %d\n", ntohs (sai6->sin6_port)); } #endif return rv; }
/* Receive ID. */ int ike_phase_1_recv_ID (struct message *msg) { struct exchange *exchange = msg->exchange; struct payload *payload; char header[80], *rs = 0, *rid = 0, *p; int initiator = exchange->initiator; u_int8_t **id, id_type; size_t *id_len, sz; struct sockaddr *sa; payload = TAILQ_FIRST (&msg->payload[ISAKMP_PAYLOAD_ID]); if (exchange->name) rs = conf_get_str (exchange->name, "Remote-ID"); if (rs) { sz = ipsec_id_size (rs, &id_type); if (sz == -1) { log_print ("ike_phase_1_recv_ID: could not handle specified " "Remote-ID [%s]", rs); return -1; } rid = malloc (sz); if (!rid) { log_error ("ike_phase_1_recv_ID: malloc (%lu) failed", (unsigned long)sz); return -1; } switch (id_type) { case IPSEC_ID_IPV4_ADDR: case IPSEC_ID_IPV6_ADDR: p = conf_get_str (rs, "Address"); if (!p) { log_print ("ike_phase_1_recv_ID: " "failed to get Address in Remote-ID section [%s]", rs); free (rid); return -1; } if (text2sockaddr (p, 0, &sa) == -1) { log_print ("ike_phase_1_recv_ID: failed to parse address %s", p); free (rid); return -1; } if ((id_type == IPSEC_ID_IPV4_ADDR && sa->sa_family != AF_INET) || (id_type == IPSEC_ID_IPV6_ADDR && sa->sa_family != AF_INET6)) { log_print ("ike_phase_1_recv_ID: " "address %s not of expected family", p); free (rid); free (sa); return -1; } memcpy (rid, sockaddr_addrdata (sa), sockaddr_addrlen (sa)); free (sa); break; case IPSEC_ID_FQDN: case IPSEC_ID_USER_FQDN: case IPSEC_ID_KEY_ID: p = conf_get_str (rs, "Name"); if (!p) { log_print ("ike_phase_1_recv_ID: " "failed to get Name in Remote-ID section [%s]", rs); free (rid); return -1; } memcpy (rid, p, sz); break; default: log_print ("ike_phase_1_recv_ID: unsupported ID type %d", id_type); free (rid); return -1; } /* Compare expected/desired and received remote ID */ if (bcmp (rid, payload->p + ISAKMP_ID_DATA_OFF, sz)) { free (rid); log_print ("ike_phase_1_recv_ID: " "received remote ID other than expected %s", p); return -1; } free (rid); } /* Choose the right fields to fill in */ id = initiator ? &exchange->id_r : &exchange->id_i; id_len = initiator ? &exchange->id_r_len : &exchange->id_i_len; *id_len = GET_ISAKMP_GEN_LENGTH (payload->p) - ISAKMP_GEN_SZ; *id = malloc (*id_len); if (!*id) { log_error ("ike_phase_1_recv_ID: malloc (%lu) failed", (unsigned long)*id_len); return -1; } memcpy (*id, payload->p + ISAKMP_GEN_SZ, *id_len); snprintf (header, sizeof header, "ike_phase_1_recv_ID: %s", constant_name (ipsec_id_cst, GET_ISAKMP_ID_TYPE (payload->p))); LOG_DBG_BUF ((LOG_NEGOTIATION, 40, header, payload->p + ISAKMP_ID_DATA_OFF, *id_len + ISAKMP_GEN_SZ - ISAKMP_ID_DATA_OFF)); payload->flags |= PL_MARK; return 0; }
int ike_phase_1_send_ID(struct message *msg) { struct exchange *exchange = msg->exchange; u_int8_t *buf; char header[80]; ssize_t sz; struct sockaddr *src; int initiator = exchange->initiator; u_int8_t **id; size_t *id_len; char *my_id = 0, *data; u_int8_t id_type; sa_family_t af = 0; /* Choose the right fields to fill-in. */ id = initiator ? &exchange->id_i : &exchange->id_r; id_len = initiator ? &exchange->id_i_len : &exchange->id_r_len; if (exchange->name) my_id = conf_get_str(exchange->name, "ID"); if (!my_id) my_id = conf_get_str("General", "Default-phase-1-ID"); msg->transport->vtbl->get_src(msg->transport, &src); sz = my_id ? ipsec_id_size(my_id, &id_type) : sockaddr_addrlen(src); if (sz == -1) return -1; sz += ISAKMP_ID_DATA_OFF; buf = malloc(sz); if (!buf) { log_error("ike_phase_1_send_ID: malloc (%lu) failed", (unsigned long)sz); return -1; } SET_IPSEC_ID_PROTO(buf + ISAKMP_ID_DOI_DATA_OFF, 0); SET_IPSEC_ID_PORT(buf + ISAKMP_ID_DOI_DATA_OFF, 0); if (my_id) { SET_ISAKMP_ID_TYPE(buf, id_type); switch (id_type) { case IPSEC_ID_IPV4_ADDR: case IPSEC_ID_IPV4_ADDR_SUBNET: af = AF_INET; break; case IPSEC_ID_IPV6_ADDR: case IPSEC_ID_IPV6_ADDR_SUBNET: af = AF_INET6; break; } switch (id_type) { case IPSEC_ID_IPV4_ADDR: case IPSEC_ID_IPV6_ADDR: data = conf_get_str(my_id, "Address"); if (!data) { log_print("ike_phase_1_send_ID: section %s " "has no \"Address\" tag", my_id); free(buf); return -1; } if (text2sockaddr(data, NULL, &src, af, 0)) { log_error("ike_phase_1_send_ID: " "text2sockaddr() failed"); free(buf); return -1; } memcpy(buf + ISAKMP_ID_DATA_OFF, sockaddr_addrdata(src), sockaddr_addrlen(src)); free(src); break; case IPSEC_ID_IPV4_ADDR_SUBNET: case IPSEC_ID_IPV6_ADDR_SUBNET: /* Network */ data = conf_get_str(my_id, "Network"); if (!data) { log_print("ike_phase_1_send_ID: section %s " "has no \"Network\" tag", my_id); free(buf); return -1; } if (text2sockaddr(data, NULL, &src, af, 0)) { log_error("ike_phase_1_send_ID: " "text2sockaddr() failed"); free(buf); return -1; } memcpy(buf + ISAKMP_ID_DATA_OFF, sockaddr_addrdata(src), sockaddr_addrlen(src)); free(src); /* Netmask */ data = conf_get_str(my_id, "Netmask"); if (!data) { log_print("ike_phase_1_send_ID: section %s " "has no \"Netmask\" tag", my_id); free(buf); return -1; } if (text2sockaddr(data, NULL, &src, af, 1)) { log_error("ike_phase_1_send_ID: " "text2sockaddr() failed"); free(buf); return -1; } memcpy(buf + ISAKMP_ID_DATA_OFF + sockaddr_addrlen(src), sockaddr_addrdata(src), sockaddr_addrlen(src)); free(src); break; case IPSEC_ID_FQDN: case IPSEC_ID_USER_FQDN: case IPSEC_ID_KEY_ID: data = conf_get_str(my_id, "Name"); if (!data) { log_print("ike_phase_1_send_ID: section %s " "has no \"Name\" tag", my_id); free(buf); return -1; } memcpy(buf + ISAKMP_ID_DATA_OFF, data, sz - ISAKMP_ID_DATA_OFF); break; default: log_print("ike_phase_1_send_ID: " "unsupported ID type %d", id_type); free(buf); return -1; } } else { switch (src->sa_family) { case AF_INET: SET_ISAKMP_ID_TYPE(buf, IPSEC_ID_IPV4_ADDR); break; case AF_INET6: SET_ISAKMP_ID_TYPE(buf, IPSEC_ID_IPV6_ADDR); break; } /* Already in network byteorder. */ memcpy(buf + ISAKMP_ID_DATA_OFF, sockaddr_addrdata(src), sockaddr_addrlen(src)); } if (message_add_payload(msg, ISAKMP_PAYLOAD_ID, buf, sz, 1)) { free(buf); return -1; } *id_len = sz - ISAKMP_GEN_SZ; *id = malloc(*id_len); if (!*id) { log_error("ike_phase_1_send_ID: malloc (%lu) failed", (unsigned long)*id_len); return -1; } memcpy(*id, buf + ISAKMP_GEN_SZ, *id_len); snprintf(header, sizeof header, "ike_phase_1_send_ID: %s", constant_name(ipsec_id_cst, GET_ISAKMP_ID_TYPE(buf))); LOG_DBG_BUF((LOG_NEGOTIATION, 40, header, buf + ISAKMP_ID_DATA_OFF, sz - ISAKMP_ID_DATA_OFF)); return 0; }