ims-volte-vowifi
/
strongswan
9
0
Fork 0
Code Pull Requests Releases Activity

already had the correct formatting

This commit is contained in:
Andreas Steffen 2009-04-19 19:32:51 +00:00
parent 65607eb370
commit 2e65569534
1 changed files with 247 additions and 247 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

494
src/starter/starterstroke.c
View File

@ -38,327 +38,327 @@
#include "confread.h"
#include "files.h"
#define IPV4_LEN 4
#define IPV6_LEN 16
#define IPV4_LEN 4
#define IPV6_LEN 16
/**
* Authentication methods, must be the same as in charons authenticator.h
*/
enum auth_method_t {
AUTH_PUBKEY = 1,
AUTH_PSK = 2,
AUTH_EAP = 3
AUTH_PUBKEY = 1,
AUTH_PSK = 2,
AUTH_EAP = 3
};
static char* push_string(stroke_msg_t *msg, char *string)
{
unsigned long string_start = msg->length;
unsigned long string_start = msg->length;
if (string == NULL || msg->length + strlen(string) >= sizeof(stroke_msg_t))
{
return NULL;
}
else
{
msg->length += strlen(string) + 1;
strcpy((char*)msg + string_start, string);
return (char*)string_start;
}
if (string == NULL || msg->length + strlen(string) >= sizeof(stroke_msg_t))
{
return NULL;
}
else
{
msg->length += strlen(string) + 1;
strcpy((char*)msg + string_start, string);
return (char*)string_start;
}
}
static int send_stroke_msg (stroke_msg_t *msg)
{
struct sockaddr_un ctl_addr = { AF_UNIX, CHARON_CTL_FILE };
int byte_count;
char buffer[64];
/* starter is not called from commandline, and therefore absolutely silent */
msg->output_verbosity = -1;
struct sockaddr_un ctl_addr = { AF_UNIX, CHARON_CTL_FILE };
int byte_count;
char buffer[64];
/* starter is not called from commandline, and therefore absolutely silent */
msg->output_verbosity = -1;
int sock = socket(AF_UNIX, SOCK_STREAM, 0);
if (sock < 0)
{
plog("socket() failed: %s", strerror(errno));
return -1;
}
if (connect(sock, (struct sockaddr *)&ctl_addr, offsetof(struct sockaddr_un, sun_path) + strlen(ctl_addr.sun_path)) < 0)
{
plog("connect(charon_ctl) failed: %s", strerror(errno));
close(sock);
return -1;
}
/* send message */
if (write(sock, msg, msg->length) != msg->length)
{
plog("write(charon_ctl) failed: %s", strerror(errno));
close(sock);
return -1;
}
while ((byte_count = read(sock, buffer, sizeof(buffer)-1)) > 0)
{
buffer[byte_count] = '\0';
plog("%s", buffer);
}
if (byte_count < 0)
{
plog("read() failed: %s", strerror(errno));
}
int sock = socket(AF_UNIX, SOCK_STREAM, 0);
if (sock < 0)
{
plog("socket() failed: %s", strerror(errno));
return -1;
}
if (connect(sock, (struct sockaddr *)&ctl_addr, offsetof(struct sockaddr_un, sun_path) + strlen(ctl_addr.sun_path)) < 0)
{
plog("connect(charon_ctl) failed: %s", strerror(errno));
close(sock);
return 0;
return -1;
}
/* send message */
if (write(sock, msg, msg->length) != msg->length)
{
plog("write(charon_ctl) failed: %s", strerror(errno));
close(sock);
return -1;
}
while ((byte_count = read(sock, buffer, sizeof(buffer)-1)) > 0)
{
buffer[byte_count] = '\0';
plog("%s", buffer);
}
if (byte_count < 0)
{
plog("read() failed: %s", strerror(errno));
}
close(sock);
return 0;
}
static char* connection_name(starter_conn_t *conn)
{
/* if connection name is '%auto', create a new name like conn_xxxxx */
static char buf[32];
/* if connection name is '%auto', create a new name like conn_xxxxx */
static char buf[32];
if (streq(conn->name, "%auto"))
{
sprintf(buf, "conn_%ld", conn->id);
return buf;
}
return conn->name;
if (streq(conn->name, "%auto"))
{
sprintf(buf, "conn_%ld", conn->id);
return buf;
}
return conn->name;
}
static void ip_address2string(ip_address *addr, char *buffer, size_t len)
{
switch (((struct sockaddr*)addr)->sa_family)
switch (((struct sockaddr*)addr)->sa_family)
{
case AF_INET6:
{
case AF_INET6:
{
struct sockaddr_in6* sin6 = (struct sockaddr_in6*)addr;
u_int8_t zeroes[IPV6_LEN];
struct sockaddr_in6* sin6 = (struct sockaddr_in6*)addr;
u_int8_t zeroes[IPV6_LEN];
memset(zeroes, 0, IPV6_LEN);
if (memcmp(zeroes, &(sin6->sin6_addr.s6_addr), IPV6_LEN) &&
inet_ntop(AF_INET6, &sin6->sin6_addr, buffer, len))
{
return;
}
snprintf(buffer, len, "%%any6");
break;
}
case AF_INET:
{
struct sockaddr_in* sin = (struct sockaddr_in*)addr;
u_int8_t zeroes[IPV4_LEN];
memset(zeroes, 0, IPV4_LEN);
if (memcmp(zeroes, &(sin->sin_addr.s_addr), IPV4_LEN) &&
inet_ntop(AF_INET, &sin->sin_addr, buffer, len))
{
return;
}
/* fall through to default */
}
default:
snprintf(buffer, len, "%%any");
break;
memset(zeroes, 0, IPV6_LEN);
if (memcmp(zeroes, &(sin6->sin6_addr.s6_addr), IPV6_LEN) &&
inet_ntop(AF_INET6, &sin6->sin6_addr, buffer, len))
{
return;
}
snprintf(buffer, len, "%%any6");
break;
}
case AF_INET:
{
struct sockaddr_in* sin = (struct sockaddr_in*)addr;
u_int8_t zeroes[IPV4_LEN];
memset(zeroes, 0, IPV4_LEN);
if (memcmp(zeroes, &(sin->sin_addr.s_addr), IPV4_LEN) &&
inet_ntop(AF_INET, &sin->sin_addr, buffer, len))
{
return;
}
/* fall through to default */
}
default:
snprintf(buffer, len, "%%any");
break;
}
}
static void starter_stroke_add_end(stroke_msg_t *msg, stroke_end_t *msg_end, starter_end_t *conn_end)
{
char buffer[INET6_ADDRSTRLEN];
msg_end->auth = push_string(msg, conn_end->auth);
msg_end->auth2 = push_string(msg, conn_end->auth2);
msg_end->id = push_string(msg, conn_end->id);
msg_end->id2 = push_string(msg, conn_end->id2);
msg_end->cert = push_string(msg, conn_end->cert);
msg_end->cert2 = push_string(msg, conn_end->cert2);
msg_end->ca = push_string(msg, conn_end->ca);
msg_end->ca2 = push_string(msg, conn_end->ca2);
msg_end->groups = push_string(msg, conn_end->groups);
msg_end->updown = push_string(msg, conn_end->updown);
ip_address2string(&conn_end->addr, buffer, sizeof(buffer));
msg_end->address = push_string(msg, buffer);
msg_end->subnets = push_string(msg, conn_end->subnet);
msg_end->sendcert = conn_end->sendcert;
msg_end->hostaccess = conn_end->hostaccess;
msg_end->tohost = !conn_end->has_client;
msg_end->protocol = conn_end->protocol;
msg_end->port = conn_end->port;
if (conn_end->srcip)
char buffer[INET6_ADDRSTRLEN];
msg_end->auth = push_string(msg, conn_end->auth);
msg_end->auth2 = push_string(msg, conn_end->auth2);
msg_end->id = push_string(msg, conn_end->id);
msg_end->id2 = push_string(msg, conn_end->id2);
msg_end->cert = push_string(msg, conn_end->cert);
msg_end->cert2 = push_string(msg, conn_end->cert2);
msg_end->ca = push_string(msg, conn_end->ca);
msg_end->ca2 = push_string(msg, conn_end->ca2);
msg_end->groups = push_string(msg, conn_end->groups);
msg_end->updown = push_string(msg, conn_end->updown);
ip_address2string(&conn_end->addr, buffer, sizeof(buffer));
msg_end->address = push_string(msg, buffer);
msg_end->subnets = push_string(msg, conn_end->subnet);
msg_end->sendcert = conn_end->sendcert;
msg_end->hostaccess = conn_end->hostaccess;
msg_end->tohost = !conn_end->has_client;
msg_end->protocol = conn_end->protocol;
msg_end->port = conn_end->port;
if (conn_end->srcip)
{
if (conn_end->srcip[0] == '%')
{ /* %poolname, strip % */
msg_end->sourceip_size = 0;
msg_end->sourceip = push_string(msg, conn_end->srcip + 1);
}
else
{
if (conn_end->srcip[0] == '%')
{ /* %poolname, strip % */
msg_end->sourceip_size = 0;
msg_end->sourceip = push_string(msg, conn_end->srcip + 1);
char *pos = strchr(conn_end->srcip, '/');
if (pos)
{ /* CIDR subnet definition */
snprintf(buffer, pos - conn_end->srcip + 1, "%s", conn_end->srcip);
msg_end->sourceip = push_string(msg, buffer);
msg_end->sourceip_size = atoi(pos + 1);
}
else
{ /* a single address */
msg_end->sourceip = push_string(msg, conn_end->srcip);
if (strchr(conn_end->srcip, ':'))
{ /* IPv6 */
msg_end->sourceip_size = 128;
}
else
{
char *pos = strchr(conn_end->srcip, '/');
if (pos)
{ /* CIDR subnet definition */
snprintf(buffer, pos - conn_end->srcip + 1, "%s", conn_end->srcip);
msg_end->sourceip = push_string(msg, buffer);
msg_end->sourceip_size = atoi(pos + 1);
}
else
{ /* a single address */
msg_end->sourceip = push_string(msg, conn_end->srcip);
if (strchr(conn_end->srcip, ':'))
{ /* IPv6 */
msg_end->sourceip_size = 128;
}
else
{ /* IPv4 */
msg_end->sourceip_size = 32;
}
}
{ /* IPv4 */
msg_end->sourceip_size = 32;
}
}
}
else if (conn_end->modecfg)
{
msg_end->sourceip_size = 1;
}
}
else if (conn_end->modecfg)
{
msg_end->sourceip_size = 1;
}
}
int starter_stroke_add_conn(starter_config_t *cfg, starter_conn_t *conn)
{
stroke_msg_t msg;
stroke_msg_t msg;
memset(&msg, 0, sizeof(msg));
msg.type = STR_ADD_CONN;
msg.length = offsetof(stroke_msg_t, buffer);
msg.add_conn.ikev2 = conn->keyexchange == KEY_EXCHANGE_IKEV2;
msg.add_conn.name = push_string(&msg, connection_name(conn));
/* PUBKEY is preferred to PSK and EAP */
if (conn->policy & POLICY_RSASIG || conn->policy & POLICY_ECDSASIG)
{
msg.add_conn.auth_method = AUTH_PUBKEY;
}
else if (conn->policy & POLICY_PSK)
{
msg.add_conn.auth_method = AUTH_PSK;
}
else
{
msg.add_conn.auth_method = AUTH_EAP;
}
msg.add_conn.eap_type = conn->eap_type;
msg.add_conn.eap_vendor = conn->eap_vendor;
msg.add_conn.eap_identity = push_string(&msg, conn->eap_identity);
if (conn->policy & POLICY_TUNNEL)
{
msg.add_conn.mode = XFRM_MODE_TUNNEL;
}
else if (conn->policy & POLICY_BEET)
{
msg.add_conn.mode = XFRM_MODE_BEET;
}
else if (conn->policy & POLICY_PROXY)
{
msg.add_conn.mode = XFRM_MODE_TRANSPORT;
msg.add_conn.proxy_mode = TRUE;
}
else
{
msg.add_conn.mode = XFRM_MODE_TRANSPORT;
}
memset(&msg, 0, sizeof(msg));
msg.type = STR_ADD_CONN;
msg.length = offsetof(stroke_msg_t, buffer);
msg.add_conn.ikev2 = conn->keyexchange == KEY_EXCHANGE_IKEV2;
msg.add_conn.name = push_string(&msg, connection_name(conn));
/* PUBKEY is preferred to PSK and EAP */
if (conn->policy & POLICY_RSASIG || conn->policy & POLICY_ECDSASIG)
{
msg.add_conn.auth_method = AUTH_PUBKEY;
}
else if (conn->policy & POLICY_PSK)
{
msg.add_conn.auth_method = AUTH_PSK;
}
else
{
msg.add_conn.auth_method = AUTH_EAP;
}
msg.add_conn.eap_type = conn->eap_type;
msg.add_conn.eap_vendor = conn->eap_vendor;
msg.add_conn.eap_identity = push_string(&msg, conn->eap_identity);
if (conn->policy & POLICY_TUNNEL)
{
msg.add_conn.mode = XFRM_MODE_TUNNEL;
}
else if (conn->policy & POLICY_BEET)
{
msg.add_conn.mode = XFRM_MODE_BEET;
}
else if (conn->policy & POLICY_PROXY)
{
msg.add_conn.mode = XFRM_MODE_TRANSPORT;
msg.add_conn.proxy_mode = TRUE;
}
else
{
msg.add_conn.mode = XFRM_MODE_TRANSPORT;
}
if (!(conn->policy & POLICY_DONT_REKEY))
{
msg.add_conn.rekey.reauth = (conn->policy & POLICY_DONT_REAUTH) == LEMPTY;
msg.add_conn.rekey.ipsec_lifetime = conn->sa_ipsec_life_seconds;
msg.add_conn.rekey.ike_lifetime = conn->sa_ike_life_seconds;
msg.add_conn.rekey.margin = conn->sa_rekey_margin;
msg.add_conn.rekey.tries = conn->sa_keying_tries;
msg.add_conn.rekey.fuzz = conn->sa_rekey_fuzz;
}
msg.add_conn.mobike = conn->policy & POLICY_MOBIKE;
msg.add_conn.force_encap = conn->policy & POLICY_FORCE_ENCAP;
msg.add_conn.ipcomp = conn->policy & POLICY_COMPRESS;
msg.add_conn.install_policy = conn->install_policy;
msg.add_conn.crl_policy = cfg->setup.strictcrlpolicy;
msg.add_conn.unique = cfg->setup.uniqueids;
msg.add_conn.algorithms.ike = push_string(&msg, conn->ike);
msg.add_conn.algorithms.esp = push_string(&msg, conn->esp);
msg.add_conn.dpd.delay = conn->dpd_delay;
msg.add_conn.dpd.action = conn->dpd_action;
msg.add_conn.ikeme.mediation = conn->me_mediation;
msg.add_conn.ikeme.mediated_by = push_string(&msg, conn->me_mediated_by);
msg.add_conn.ikeme.peerid = push_string(&msg, conn->me_peerid);
if (!(conn->policy & POLICY_DONT_REKEY))
{
msg.add_conn.rekey.reauth = (conn->policy & POLICY_DONT_REAUTH) == LEMPTY;
msg.add_conn.rekey.ipsec_lifetime = conn->sa_ipsec_life_seconds;
msg.add_conn.rekey.ike_lifetime = conn->sa_ike_life_seconds;
msg.add_conn.rekey.margin = conn->sa_rekey_margin;
msg.add_conn.rekey.tries = conn->sa_keying_tries;
msg.add_conn.rekey.fuzz = conn->sa_rekey_fuzz;
}
msg.add_conn.mobike = conn->policy & POLICY_MOBIKE;
msg.add_conn.force_encap = conn->policy & POLICY_FORCE_ENCAP;
msg.add_conn.ipcomp = conn->policy & POLICY_COMPRESS;
msg.add_conn.install_policy = conn->install_policy;
msg.add_conn.crl_policy = cfg->setup.strictcrlpolicy;
msg.add_conn.unique = cfg->setup.uniqueids;
msg.add_conn.algorithms.ike = push_string(&msg, conn->ike);
msg.add_conn.algorithms.esp = push_string(&msg, conn->esp);
msg.add_conn.dpd.delay = conn->dpd_delay;
msg.add_conn.dpd.action = conn->dpd_action;
msg.add_conn.ikeme.mediation = conn->me_mediation;
msg.add_conn.ikeme.mediated_by = push_string(&msg, conn->me_mediated_by);
msg.add_conn.ikeme.peerid = push_string(&msg, conn->me_peerid);
starter_stroke_add_end(&msg, &msg.add_conn.me, &conn->left);
starter_stroke_add_end(&msg, &msg.add_conn.other, &conn->right);
starter_stroke_add_end(&msg, &msg.add_conn.me, &conn->left);
starter_stroke_add_end(&msg, &msg.add_conn.other, &conn->right);
return send_stroke_msg(&msg);
return send_stroke_msg(&msg);
}
int starter_stroke_del_conn(starter_conn_t *conn)
{
stroke_msg_t msg;
stroke_msg_t msg;
msg.type = STR_DEL_CONN;
msg.length = offsetof(stroke_msg_t, buffer);
msg.del_conn.name = push_string(&msg, connection_name(conn));
return send_stroke_msg(&msg);
msg.type = STR_DEL_CONN;
msg.length = offsetof(stroke_msg_t, buffer);
msg.del_conn.name = push_string(&msg, connection_name(conn));
return send_stroke_msg(&msg);
}
int starter_stroke_route_conn(starter_conn_t *conn)
{
stroke_msg_t msg;
stroke_msg_t msg;
msg.type = STR_ROUTE;
msg.length = offsetof(stroke_msg_t, buffer);
msg.route.name = push_string(&msg, connection_name(conn));
return send_stroke_msg(&msg);
msg.type = STR_ROUTE;
msg.length = offsetof(stroke_msg_t, buffer);
msg.route.name = push_string(&msg, connection_name(conn));
return send_stroke_msg(&msg);
}
int starter_stroke_initiate_conn(starter_conn_t *conn)
{
stroke_msg_t msg;
stroke_msg_t msg;
msg.type = STR_INITIATE;
msg.length = offsetof(stroke_msg_t, buffer);
msg.initiate.name = push_string(&msg, connection_name(conn));
return send_stroke_msg(&msg);
msg.type = STR_INITIATE;
msg.length = offsetof(stroke_msg_t, buffer);
msg.initiate.name = push_string(&msg, connection_name(conn));
return send_stroke_msg(&msg);
}
int starter_stroke_add_ca(starter_ca_t *ca)
{
stroke_msg_t msg;
stroke_msg_t msg;
msg.type = STR_ADD_CA;
msg.length = offsetof(stroke_msg_t, buffer);
msg.add_ca.name = push_string(&msg, ca->name);
msg.add_ca.cacert = push_string(&msg, ca->cacert);
msg.add_ca.crluri = push_string(&msg, ca->crluri);
msg.add_ca.crluri2 = push_string(&msg, ca->crluri2);
msg.add_ca.ocspuri = push_string(&msg, ca->ocspuri);
msg.add_ca.ocspuri2 = push_string(&msg, ca->ocspuri2);
msg.add_ca.certuribase = push_string(&msg, ca->certuribase);
return send_stroke_msg(&msg);
msg.type = STR_ADD_CA;
msg.length = offsetof(stroke_msg_t, buffer);
msg.add_ca.name = push_string(&msg, ca->name);
msg.add_ca.cacert = push_string(&msg, ca->cacert);
msg.add_ca.crluri = push_string(&msg, ca->crluri);
msg.add_ca.crluri2 = push_string(&msg, ca->crluri2);
msg.add_ca.ocspuri = push_string(&msg, ca->ocspuri);
msg.add_ca.ocspuri2 = push_string(&msg, ca->ocspuri2);
msg.add_ca.certuribase = push_string(&msg, ca->certuribase);
return send_stroke_msg(&msg);
}
int starter_stroke_del_ca(starter_ca_t *ca)
{
stroke_msg_t msg;
stroke_msg_t msg;
msg.type = STR_DEL_CA;
msg.length = offsetof(stroke_msg_t, buffer);
msg.del_ca.name = push_string(&msg, ca->name);
return send_stroke_msg(&msg);
msg.type = STR_DEL_CA;
msg.length = offsetof(stroke_msg_t, buffer);
msg.del_ca.name = push_string(&msg, ca->name);
return send_stroke_msg(&msg);
}
int starter_stroke_configure(starter_config_t *cfg)
{
stroke_msg_t msg;
if (cfg->setup.cachecrls)
{
msg.type = STR_CONFIG;
msg.length = offsetof(stroke_msg_t, buffer);
msg.config.cachecrl = 1;
return send_stroke_msg(&msg);
}
return 0;
stroke_msg_t msg;
if (cfg->setup.cachecrls)
{
msg.type = STR_CONFIG;
msg.length = offsetof(stroke_msg_t, buffer);
msg.config.cachecrl = 1;
return send_stroke_msg(&msg);
}
return 0;
}