From 2e65569534da4bf6605143bd482f670bdedf86d1 Mon Sep 17 00:00:00 2001 From: Andreas Steffen Date: Sun, 19 Apr 2009 19:32:51 +0000 Subject: [PATCH] already had the correct formatting --- src/starter/starterstroke.c | 494 ++++++++++++++++++------------------ 1 file changed, 247 insertions(+), 247 deletions(-) diff --git a/src/starter/starterstroke.c b/src/starter/starterstroke.c index 620281511..a695feb46 100644 --- a/src/starter/starterstroke.c +++ b/src/starter/starterstroke.c @@ -38,327 +38,327 @@ #include "confread.h" #include "files.h" -#define IPV4_LEN 4 -#define IPV6_LEN 16 +#define IPV4_LEN 4 +#define IPV6_LEN 16 /** * Authentication methods, must be the same as in charons authenticator.h */ enum auth_method_t { - AUTH_PUBKEY = 1, - AUTH_PSK = 2, - AUTH_EAP = 3 + AUTH_PUBKEY = 1, + AUTH_PSK = 2, + AUTH_EAP = 3 }; static char* push_string(stroke_msg_t *msg, char *string) { - unsigned long string_start = msg->length; + unsigned long string_start = msg->length; - if (string == NULL || msg->length + strlen(string) >= sizeof(stroke_msg_t)) - { - return NULL; - } - else - { - msg->length += strlen(string) + 1; - strcpy((char*)msg + string_start, string); - return (char*)string_start; - } + if (string == NULL || msg->length + strlen(string) >= sizeof(stroke_msg_t)) + { + return NULL; + } + else + { + msg->length += strlen(string) + 1; + strcpy((char*)msg + string_start, string); + return (char*)string_start; + } } static int send_stroke_msg (stroke_msg_t *msg) { - struct sockaddr_un ctl_addr = { AF_UNIX, CHARON_CTL_FILE }; - int byte_count; - char buffer[64]; - - /* starter is not called from commandline, and therefore absolutely silent */ - msg->output_verbosity = -1; + struct sockaddr_un ctl_addr = { AF_UNIX, CHARON_CTL_FILE }; + int byte_count; + char buffer[64]; + + /* starter is not called from commandline, and therefore absolutely silent */ + msg->output_verbosity = -1; - int sock = socket(AF_UNIX, SOCK_STREAM, 0); - - if (sock < 0) - { - plog("socket() failed: %s", strerror(errno)); - return -1; - } - if (connect(sock, (struct sockaddr *)&ctl_addr, offsetof(struct sockaddr_un, sun_path) + strlen(ctl_addr.sun_path)) < 0) - { - plog("connect(charon_ctl) failed: %s", strerror(errno)); - close(sock); - return -1; - } - - /* send message */ - if (write(sock, msg, msg->length) != msg->length) - { - plog("write(charon_ctl) failed: %s", strerror(errno)); - close(sock); - return -1; - } - while ((byte_count = read(sock, buffer, sizeof(buffer)-1)) > 0) - { - buffer[byte_count] = '\0'; - plog("%s", buffer); - } - if (byte_count < 0) - { - plog("read() failed: %s", strerror(errno)); - } + int sock = socket(AF_UNIX, SOCK_STREAM, 0); + if (sock < 0) + { + plog("socket() failed: %s", strerror(errno)); + return -1; + } + if (connect(sock, (struct sockaddr *)&ctl_addr, offsetof(struct sockaddr_un, sun_path) + strlen(ctl_addr.sun_path)) < 0) + { + plog("connect(charon_ctl) failed: %s", strerror(errno)); close(sock); - return 0; + return -1; + } + + /* send message */ + if (write(sock, msg, msg->length) != msg->length) + { + plog("write(charon_ctl) failed: %s", strerror(errno)); + close(sock); + return -1; + } + while ((byte_count = read(sock, buffer, sizeof(buffer)-1)) > 0) + { + buffer[byte_count] = '\0'; + plog("%s", buffer); + } + if (byte_count < 0) + { + plog("read() failed: %s", strerror(errno)); + } + + close(sock); + return 0; } static char* connection_name(starter_conn_t *conn) { - /* if connection name is '%auto', create a new name like conn_xxxxx */ - static char buf[32]; + /* if connection name is '%auto', create a new name like conn_xxxxx */ + static char buf[32]; - if (streq(conn->name, "%auto")) - { - sprintf(buf, "conn_%ld", conn->id); - return buf; - } - return conn->name; + if (streq(conn->name, "%auto")) + { + sprintf(buf, "conn_%ld", conn->id); + return buf; + } + return conn->name; } static void ip_address2string(ip_address *addr, char *buffer, size_t len) { - switch (((struct sockaddr*)addr)->sa_family) + switch (((struct sockaddr*)addr)->sa_family) + { + case AF_INET6: { - case AF_INET6: - { - struct sockaddr_in6* sin6 = (struct sockaddr_in6*)addr; - u_int8_t zeroes[IPV6_LEN]; + struct sockaddr_in6* sin6 = (struct sockaddr_in6*)addr; + u_int8_t zeroes[IPV6_LEN]; - memset(zeroes, 0, IPV6_LEN); - if (memcmp(zeroes, &(sin6->sin6_addr.s6_addr), IPV6_LEN) && - inet_ntop(AF_INET6, &sin6->sin6_addr, buffer, len)) - { - return; - } - snprintf(buffer, len, "%%any6"); - break; - } - case AF_INET: - { - struct sockaddr_in* sin = (struct sockaddr_in*)addr; - u_int8_t zeroes[IPV4_LEN]; - - memset(zeroes, 0, IPV4_LEN); - if (memcmp(zeroes, &(sin->sin_addr.s_addr), IPV4_LEN) && - inet_ntop(AF_INET, &sin->sin_addr, buffer, len)) - { - return; - } - /* fall through to default */ - } - default: - snprintf(buffer, len, "%%any"); - break; + memset(zeroes, 0, IPV6_LEN); + if (memcmp(zeroes, &(sin6->sin6_addr.s6_addr), IPV6_LEN) && + inet_ntop(AF_INET6, &sin6->sin6_addr, buffer, len)) + { + return; + } + snprintf(buffer, len, "%%any6"); + break; } + case AF_INET: + { + struct sockaddr_in* sin = (struct sockaddr_in*)addr; + u_int8_t zeroes[IPV4_LEN]; + + memset(zeroes, 0, IPV4_LEN); + if (memcmp(zeroes, &(sin->sin_addr.s_addr), IPV4_LEN) && + inet_ntop(AF_INET, &sin->sin_addr, buffer, len)) + { + return; + } + /* fall through to default */ + } + default: + snprintf(buffer, len, "%%any"); + break; + } } static void starter_stroke_add_end(stroke_msg_t *msg, stroke_end_t *msg_end, starter_end_t *conn_end) { - char buffer[INET6_ADDRSTRLEN]; - - msg_end->auth = push_string(msg, conn_end->auth); - msg_end->auth2 = push_string(msg, conn_end->auth2); - msg_end->id = push_string(msg, conn_end->id); - msg_end->id2 = push_string(msg, conn_end->id2); - msg_end->cert = push_string(msg, conn_end->cert); - msg_end->cert2 = push_string(msg, conn_end->cert2); - msg_end->ca = push_string(msg, conn_end->ca); - msg_end->ca2 = push_string(msg, conn_end->ca2); - msg_end->groups = push_string(msg, conn_end->groups); - msg_end->updown = push_string(msg, conn_end->updown); - ip_address2string(&conn_end->addr, buffer, sizeof(buffer)); - msg_end->address = push_string(msg, buffer); - msg_end->subnets = push_string(msg, conn_end->subnet); - msg_end->sendcert = conn_end->sendcert; - msg_end->hostaccess = conn_end->hostaccess; - msg_end->tohost = !conn_end->has_client; - msg_end->protocol = conn_end->protocol; - msg_end->port = conn_end->port; - if (conn_end->srcip) + char buffer[INET6_ADDRSTRLEN]; + + msg_end->auth = push_string(msg, conn_end->auth); + msg_end->auth2 = push_string(msg, conn_end->auth2); + msg_end->id = push_string(msg, conn_end->id); + msg_end->id2 = push_string(msg, conn_end->id2); + msg_end->cert = push_string(msg, conn_end->cert); + msg_end->cert2 = push_string(msg, conn_end->cert2); + msg_end->ca = push_string(msg, conn_end->ca); + msg_end->ca2 = push_string(msg, conn_end->ca2); + msg_end->groups = push_string(msg, conn_end->groups); + msg_end->updown = push_string(msg, conn_end->updown); + ip_address2string(&conn_end->addr, buffer, sizeof(buffer)); + msg_end->address = push_string(msg, buffer); + msg_end->subnets = push_string(msg, conn_end->subnet); + msg_end->sendcert = conn_end->sendcert; + msg_end->hostaccess = conn_end->hostaccess; + msg_end->tohost = !conn_end->has_client; + msg_end->protocol = conn_end->protocol; + msg_end->port = conn_end->port; + if (conn_end->srcip) + { + if (conn_end->srcip[0] == '%') + { /* %poolname, strip % */ + msg_end->sourceip_size = 0; + msg_end->sourceip = push_string(msg, conn_end->srcip + 1); + } + else { - if (conn_end->srcip[0] == '%') - { /* %poolname, strip % */ - msg_end->sourceip_size = 0; - msg_end->sourceip = push_string(msg, conn_end->srcip + 1); + char *pos = strchr(conn_end->srcip, '/'); + if (pos) + { /* CIDR subnet definition */ + snprintf(buffer, pos - conn_end->srcip + 1, "%s", conn_end->srcip); + msg_end->sourceip = push_string(msg, buffer); + msg_end->sourceip_size = atoi(pos + 1); + } + else + { /* a single address */ + msg_end->sourceip = push_string(msg, conn_end->srcip); + if (strchr(conn_end->srcip, ':')) + { /* IPv6 */ + msg_end->sourceip_size = 128; } else - { - char *pos = strchr(conn_end->srcip, '/'); - if (pos) - { /* CIDR subnet definition */ - snprintf(buffer, pos - conn_end->srcip + 1, "%s", conn_end->srcip); - msg_end->sourceip = push_string(msg, buffer); - msg_end->sourceip_size = atoi(pos + 1); - } - else - { /* a single address */ - msg_end->sourceip = push_string(msg, conn_end->srcip); - if (strchr(conn_end->srcip, ':')) - { /* IPv6 */ - msg_end->sourceip_size = 128; - } - else - { /* IPv4 */ - msg_end->sourceip_size = 32; - } - } + { /* IPv4 */ + msg_end->sourceip_size = 32; } + } } - else if (conn_end->modecfg) - { - msg_end->sourceip_size = 1; - } + } + else if (conn_end->modecfg) + { + msg_end->sourceip_size = 1; + } } int starter_stroke_add_conn(starter_config_t *cfg, starter_conn_t *conn) { - stroke_msg_t msg; + stroke_msg_t msg; - memset(&msg, 0, sizeof(msg)); - msg.type = STR_ADD_CONN; - msg.length = offsetof(stroke_msg_t, buffer); - msg.add_conn.ikev2 = conn->keyexchange == KEY_EXCHANGE_IKEV2; - msg.add_conn.name = push_string(&msg, connection_name(conn)); - - /* PUBKEY is preferred to PSK and EAP */ - if (conn->policy & POLICY_RSASIG || conn->policy & POLICY_ECDSASIG) - { - msg.add_conn.auth_method = AUTH_PUBKEY; - } - else if (conn->policy & POLICY_PSK) - { - msg.add_conn.auth_method = AUTH_PSK; - } - else - { - msg.add_conn.auth_method = AUTH_EAP; - } - msg.add_conn.eap_type = conn->eap_type; - msg.add_conn.eap_vendor = conn->eap_vendor; - msg.add_conn.eap_identity = push_string(&msg, conn->eap_identity); - - if (conn->policy & POLICY_TUNNEL) - { - msg.add_conn.mode = XFRM_MODE_TUNNEL; - } - else if (conn->policy & POLICY_BEET) - { - msg.add_conn.mode = XFRM_MODE_BEET; - } - else if (conn->policy & POLICY_PROXY) - { - msg.add_conn.mode = XFRM_MODE_TRANSPORT; - msg.add_conn.proxy_mode = TRUE; - } - else - { - msg.add_conn.mode = XFRM_MODE_TRANSPORT; - } + memset(&msg, 0, sizeof(msg)); + msg.type = STR_ADD_CONN; + msg.length = offsetof(stroke_msg_t, buffer); + msg.add_conn.ikev2 = conn->keyexchange == KEY_EXCHANGE_IKEV2; + msg.add_conn.name = push_string(&msg, connection_name(conn)); + + /* PUBKEY is preferred to PSK and EAP */ + if (conn->policy & POLICY_RSASIG || conn->policy & POLICY_ECDSASIG) + { + msg.add_conn.auth_method = AUTH_PUBKEY; + } + else if (conn->policy & POLICY_PSK) + { + msg.add_conn.auth_method = AUTH_PSK; + } + else + { + msg.add_conn.auth_method = AUTH_EAP; + } + msg.add_conn.eap_type = conn->eap_type; + msg.add_conn.eap_vendor = conn->eap_vendor; + msg.add_conn.eap_identity = push_string(&msg, conn->eap_identity); + + if (conn->policy & POLICY_TUNNEL) + { + msg.add_conn.mode = XFRM_MODE_TUNNEL; + } + else if (conn->policy & POLICY_BEET) + { + msg.add_conn.mode = XFRM_MODE_BEET; + } + else if (conn->policy & POLICY_PROXY) + { + msg.add_conn.mode = XFRM_MODE_TRANSPORT; + msg.add_conn.proxy_mode = TRUE; + } + else + { + msg.add_conn.mode = XFRM_MODE_TRANSPORT; + } - if (!(conn->policy & POLICY_DONT_REKEY)) - { - msg.add_conn.rekey.reauth = (conn->policy & POLICY_DONT_REAUTH) == LEMPTY; - msg.add_conn.rekey.ipsec_lifetime = conn->sa_ipsec_life_seconds; - msg.add_conn.rekey.ike_lifetime = conn->sa_ike_life_seconds; - msg.add_conn.rekey.margin = conn->sa_rekey_margin; - msg.add_conn.rekey.tries = conn->sa_keying_tries; - msg.add_conn.rekey.fuzz = conn->sa_rekey_fuzz; - } - msg.add_conn.mobike = conn->policy & POLICY_MOBIKE; - msg.add_conn.force_encap = conn->policy & POLICY_FORCE_ENCAP; - msg.add_conn.ipcomp = conn->policy & POLICY_COMPRESS; - msg.add_conn.install_policy = conn->install_policy; - msg.add_conn.crl_policy = cfg->setup.strictcrlpolicy; - msg.add_conn.unique = cfg->setup.uniqueids; - msg.add_conn.algorithms.ike = push_string(&msg, conn->ike); - msg.add_conn.algorithms.esp = push_string(&msg, conn->esp); - msg.add_conn.dpd.delay = conn->dpd_delay; - msg.add_conn.dpd.action = conn->dpd_action; - msg.add_conn.ikeme.mediation = conn->me_mediation; - msg.add_conn.ikeme.mediated_by = push_string(&msg, conn->me_mediated_by); - msg.add_conn.ikeme.peerid = push_string(&msg, conn->me_peerid); + if (!(conn->policy & POLICY_DONT_REKEY)) + { + msg.add_conn.rekey.reauth = (conn->policy & POLICY_DONT_REAUTH) == LEMPTY; + msg.add_conn.rekey.ipsec_lifetime = conn->sa_ipsec_life_seconds; + msg.add_conn.rekey.ike_lifetime = conn->sa_ike_life_seconds; + msg.add_conn.rekey.margin = conn->sa_rekey_margin; + msg.add_conn.rekey.tries = conn->sa_keying_tries; + msg.add_conn.rekey.fuzz = conn->sa_rekey_fuzz; + } + msg.add_conn.mobike = conn->policy & POLICY_MOBIKE; + msg.add_conn.force_encap = conn->policy & POLICY_FORCE_ENCAP; + msg.add_conn.ipcomp = conn->policy & POLICY_COMPRESS; + msg.add_conn.install_policy = conn->install_policy; + msg.add_conn.crl_policy = cfg->setup.strictcrlpolicy; + msg.add_conn.unique = cfg->setup.uniqueids; + msg.add_conn.algorithms.ike = push_string(&msg, conn->ike); + msg.add_conn.algorithms.esp = push_string(&msg, conn->esp); + msg.add_conn.dpd.delay = conn->dpd_delay; + msg.add_conn.dpd.action = conn->dpd_action; + msg.add_conn.ikeme.mediation = conn->me_mediation; + msg.add_conn.ikeme.mediated_by = push_string(&msg, conn->me_mediated_by); + msg.add_conn.ikeme.peerid = push_string(&msg, conn->me_peerid); - starter_stroke_add_end(&msg, &msg.add_conn.me, &conn->left); - starter_stroke_add_end(&msg, &msg.add_conn.other, &conn->right); + starter_stroke_add_end(&msg, &msg.add_conn.me, &conn->left); + starter_stroke_add_end(&msg, &msg.add_conn.other, &conn->right); - return send_stroke_msg(&msg); + return send_stroke_msg(&msg); } int starter_stroke_del_conn(starter_conn_t *conn) { - stroke_msg_t msg; + stroke_msg_t msg; - msg.type = STR_DEL_CONN; - msg.length = offsetof(stroke_msg_t, buffer); - msg.del_conn.name = push_string(&msg, connection_name(conn)); - return send_stroke_msg(&msg); + msg.type = STR_DEL_CONN; + msg.length = offsetof(stroke_msg_t, buffer); + msg.del_conn.name = push_string(&msg, connection_name(conn)); + return send_stroke_msg(&msg); } int starter_stroke_route_conn(starter_conn_t *conn) { - stroke_msg_t msg; + stroke_msg_t msg; - msg.type = STR_ROUTE; - msg.length = offsetof(stroke_msg_t, buffer); - msg.route.name = push_string(&msg, connection_name(conn)); - return send_stroke_msg(&msg); + msg.type = STR_ROUTE; + msg.length = offsetof(stroke_msg_t, buffer); + msg.route.name = push_string(&msg, connection_name(conn)); + return send_stroke_msg(&msg); } int starter_stroke_initiate_conn(starter_conn_t *conn) { - stroke_msg_t msg; + stroke_msg_t msg; - msg.type = STR_INITIATE; - msg.length = offsetof(stroke_msg_t, buffer); - msg.initiate.name = push_string(&msg, connection_name(conn)); - return send_stroke_msg(&msg); + msg.type = STR_INITIATE; + msg.length = offsetof(stroke_msg_t, buffer); + msg.initiate.name = push_string(&msg, connection_name(conn)); + return send_stroke_msg(&msg); } int starter_stroke_add_ca(starter_ca_t *ca) { - stroke_msg_t msg; + stroke_msg_t msg; - msg.type = STR_ADD_CA; - msg.length = offsetof(stroke_msg_t, buffer); - msg.add_ca.name = push_string(&msg, ca->name); - msg.add_ca.cacert = push_string(&msg, ca->cacert); - msg.add_ca.crluri = push_string(&msg, ca->crluri); - msg.add_ca.crluri2 = push_string(&msg, ca->crluri2); - msg.add_ca.ocspuri = push_string(&msg, ca->ocspuri); - msg.add_ca.ocspuri2 = push_string(&msg, ca->ocspuri2); - msg.add_ca.certuribase = push_string(&msg, ca->certuribase); - return send_stroke_msg(&msg); + msg.type = STR_ADD_CA; + msg.length = offsetof(stroke_msg_t, buffer); + msg.add_ca.name = push_string(&msg, ca->name); + msg.add_ca.cacert = push_string(&msg, ca->cacert); + msg.add_ca.crluri = push_string(&msg, ca->crluri); + msg.add_ca.crluri2 = push_string(&msg, ca->crluri2); + msg.add_ca.ocspuri = push_string(&msg, ca->ocspuri); + msg.add_ca.ocspuri2 = push_string(&msg, ca->ocspuri2); + msg.add_ca.certuribase = push_string(&msg, ca->certuribase); + return send_stroke_msg(&msg); } int starter_stroke_del_ca(starter_ca_t *ca) { - stroke_msg_t msg; + stroke_msg_t msg; - msg.type = STR_DEL_CA; - msg.length = offsetof(stroke_msg_t, buffer); - msg.del_ca.name = push_string(&msg, ca->name); - return send_stroke_msg(&msg); + msg.type = STR_DEL_CA; + msg.length = offsetof(stroke_msg_t, buffer); + msg.del_ca.name = push_string(&msg, ca->name); + return send_stroke_msg(&msg); } int starter_stroke_configure(starter_config_t *cfg) { - stroke_msg_t msg; - - if (cfg->setup.cachecrls) - { - msg.type = STR_CONFIG; - msg.length = offsetof(stroke_msg_t, buffer); - msg.config.cachecrl = 1; - return send_stroke_msg(&msg); - } - return 0; + stroke_msg_t msg; + + if (cfg->setup.cachecrls) + { + msg.type = STR_CONFIG; + msg.length = offsetof(stroke_msg_t, buffer); + msg.config.cachecrl = 1; + return send_stroke_msg(&msg); + } + return 0; }