• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*	$NetBSD: isakmp_cfg.c,v 1.12.6.4 2008/11/27 15:25:20 vanhu Exp $	*/
2 
3 /* Id: isakmp_cfg.c,v 1.55 2006/08/22 18:17:17 manubsd Exp */
4 
5 /*
6  * Copyright (C) 2004-2006 Emmanuel Dreyfus
7  * All rights reserved.
8  *
9  * Redistribution and use in source and binary forms, with or without
10  * modification, are permitted provided that the following conditions
11  * are met:
12  * 1. Redistributions of source code must retain the above copyright
13  *    notice, this list of conditions and the following disclaimer.
14  * 2. Redistributions in binary form must reproduce the above copyright
15  *    notice, this list of conditions and the following disclaimer in the
16  *    documentation and/or other materials provided with the distribution.
17  * 3. Neither the name of the project nor the names of its contributors
18  *    may be used to endorse or promote products derived from this software
19  *    without specific prior written permission.
20  *
21  * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
22  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24  * ARE DISCLAIMED.  IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
25  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31  * SUCH DAMAGE.
32  */
33 
34 #include "config.h"
35 
36 #include <sys/types.h>
37 #include <sys/param.h>
38 #include <sys/socket.h>
39 #include <sys/queue.h>
40 
41 #ifndef ANDROID_PATCHED
42 #include <utmp.h>
43 #endif
44 #if defined(__APPLE__) && defined(__MACH__)
45 #include <util.h>
46 #endif
47 
48 #ifdef __FreeBSD__
49 # include <libutil.h>
50 #endif
51 #ifdef __NetBSD__
52 #  include <util.h>
53 #endif
54 
55 #include <netinet/in.h>
56 #include <arpa/inet.h>
57 
58 #include <stdlib.h>
59 #include <stdio.h>
60 #include <string.h>
61 #include <errno.h>
62 #if TIME_WITH_SYS_TIME
63 # include <sys/time.h>
64 # include <time.h>
65 #else
66 # if HAVE_SYS_TIME_H
67 #  include <sys/time.h>
68 # else
69 #  include <time.h>
70 # endif
71 #endif
72 #include <netdb.h>
73 #ifdef HAVE_UNISTD_H
74 #include <unistd.h>
75 #endif
76 #if HAVE_STDINT_H
77 #include <stdint.h>
78 #endif
79 #include <ctype.h>
80 #include <resolv.h>
81 
82 #ifdef HAVE_LIBRADIUS
83 #include <sys/utsname.h>
84 #include <radlib.h>
85 #endif
86 
87 #include "var.h"
88 #include "misc.h"
89 #include "vmbuf.h"
90 #include "plog.h"
91 #include "sockmisc.h"
92 #include "schedule.h"
93 #include "debug.h"
94 
95 #include "isakmp_var.h"
96 #include "isakmp.h"
97 #include "handler.h"
98 #include "evt.h"
99 #include "throttle.h"
100 #include "remoteconf.h"
101 #include "crypto_openssl.h"
102 #include "isakmp_inf.h"
103 #include "isakmp_xauth.h"
104 #include "isakmp_unity.h"
105 #include "isakmp_cfg.h"
106 #include "strnames.h"
107 #include "admin.h"
108 #include "privsep.h"
109 
110 struct isakmp_cfg_config isakmp_cfg_config;
111 
112 static vchar_t *buffer_cat(vchar_t *s, vchar_t *append);
113 static vchar_t *isakmp_cfg_net(struct ph1handle *, struct isakmp_data *);
114 #if 0
115 static vchar_t *isakmp_cfg_void(struct ph1handle *, struct isakmp_data *);
116 #endif
117 static vchar_t *isakmp_cfg_addr4(struct ph1handle *,
118 				 struct isakmp_data *, in_addr_t *);
119 static void isakmp_cfg_getaddr4(struct isakmp_data *, struct in_addr *);
120 static vchar_t *isakmp_cfg_addr4_list(struct ph1handle *,
121 				      struct isakmp_data *, in_addr_t *, int);
122 static void isakmp_cfg_appendaddr4(struct isakmp_data *,
123 				   struct in_addr *, int *, int);
124 static void isakmp_cfg_getstring(struct isakmp_data *,char *);
125 void isakmp_cfg_iplist_to_str(char *, int, void *, int);
126 
127 #define ISAKMP_CFG_LOGIN	1
128 #define ISAKMP_CFG_LOGOUT	2
129 static int isakmp_cfg_accounting(struct ph1handle *, int);
130 #ifdef HAVE_LIBRADIUS
131 static int isakmp_cfg_accounting_radius(struct ph1handle *, int);
132 #endif
133 
134 /*
135  * Handle an ISAKMP config mode packet
136  * We expect HDR, HASH, ATTR
137  */
138 void
isakmp_cfg_r(iph1,msg)139 isakmp_cfg_r(iph1, msg)
140 	struct ph1handle *iph1;
141 	vchar_t *msg;
142 {
143 	struct isakmp *packet;
144 	struct isakmp_gen *ph;
145 	int tlen;
146 	char *npp;
147 	int np;
148 	vchar_t *dmsg;
149 	struct isakmp_ivm *ivm;
150 
151 	/* Check that the packet is long enough to have a header */
152 	if (msg->l < sizeof(*packet)) {
153 	     plog(LLV_ERROR, LOCATION, NULL, "Unexpected short packet\n");
154 	     return;
155 	}
156 
157 	packet = (struct isakmp *)msg->v;
158 
159 	/* Is it encrypted? It should be encrypted */
160 	if ((packet->flags & ISAKMP_FLAG_E) == 0) {
161 		plog(LLV_ERROR, LOCATION, NULL,
162 		    "User credentials sent in cleartext!\n");
163 		return;
164 	}
165 
166 	/*
167 	 * Decrypt the packet. If this is the beginning of a new
168 	 * exchange, reinitialize the IV
169 	 */
170 	if (iph1->mode_cfg->ivm == NULL ||
171 	    iph1->mode_cfg->last_msgid != packet->msgid )
172 		iph1->mode_cfg->ivm =
173 		    isakmp_cfg_newiv(iph1, packet->msgid);
174 	ivm = iph1->mode_cfg->ivm;
175 
176 	dmsg = oakley_do_decrypt(iph1, msg, ivm->iv, ivm->ive);
177 	if (dmsg == NULL) {
178 		plog(LLV_ERROR, LOCATION, NULL,
179 		    "failed to decrypt message\n");
180 		return;
181 	}
182 
183 	plog(LLV_DEBUG, LOCATION, NULL, "MODE_CFG packet\n");
184 	plogdump(LLV_DEBUG, dmsg->v, dmsg->l);
185 
186 	/* Now work with the decrypted packet */
187 	packet = (struct isakmp *)dmsg->v;
188 	tlen = dmsg->l - sizeof(*packet);
189 	ph = (struct isakmp_gen *)(packet + 1);
190 
191 	np = packet->np;
192 	while ((tlen > 0) && (np != ISAKMP_NPTYPE_NONE)) {
193 		/* Check that the payload header fits in the packet */
194 		if (tlen < sizeof(*ph)) {
195 			 plog(LLV_WARNING, LOCATION, NULL,
196 			      "Short payload header\n");
197 			 goto out;
198 		}
199 
200 		/* Check that the payload fits in the packet */
201 		if (tlen < ntohs(ph->len)) {
202 			plog(LLV_WARNING, LOCATION, NULL,
203 			      "Short payload\n");
204 			goto out;
205 		}
206 
207 		plog(LLV_DEBUG, LOCATION, NULL, "Seen payload %d\n", np);
208 		plogdump(LLV_DEBUG, ph, ntohs(ph->len));
209 
210 		switch(np) {
211 		case ISAKMP_NPTYPE_HASH: {
212 			vchar_t *check;
213 			vchar_t *payload;
214 			size_t plen;
215 			struct isakmp_gen *nph;
216 
217 			plen = ntohs(ph->len);
218 			nph = (struct isakmp_gen *)((char *)ph + plen);
219 			plen = ntohs(nph->len);
220 
221 			if ((payload = vmalloc(plen)) == NULL) {
222 				plog(LLV_ERROR, LOCATION, NULL,
223 				    "Cannot allocate memory\n");
224 				goto out;
225 			}
226 			memcpy(payload->v, nph, plen);
227 
228 			if ((check = oakley_compute_hash1(iph1,
229 			    packet->msgid, payload)) == NULL) {
230 				plog(LLV_ERROR, LOCATION, NULL,
231 				    "Cannot compute hash\n");
232 				vfree(payload);
233 				goto out;
234 			}
235 
236 			if (memcmp(ph + 1, check->v, check->l) != 0) {
237 				plog(LLV_ERROR, LOCATION, NULL,
238 				    "Hash verification failed\n");
239 				vfree(payload);
240 				vfree(check);
241 				goto out;
242 			}
243 			vfree(payload);
244 			vfree(check);
245 			break;
246 		}
247 		case ISAKMP_NPTYPE_ATTR: {
248 			struct isakmp_pl_attr *attrpl;
249 
250 			attrpl = (struct isakmp_pl_attr *)ph;
251 			isakmp_cfg_attr_r(iph1, packet->msgid, attrpl);
252 
253 			break;
254 		}
255 		default:
256 			 plog(LLV_WARNING, LOCATION, NULL,
257 			      "Unexpected next payload %d\n", np);
258 			 /* Skip to the next payload */
259 			 break;
260 		}
261 
262 		/* Move to the next payload */
263 		np = ph->np;
264 		tlen -= ntohs(ph->len);
265 		npp = (char *)ph;
266 		ph = (struct isakmp_gen *)(npp + ntohs(ph->len));
267 	}
268 
269 out:
270 	vfree(dmsg);
271 }
272 
273 int
isakmp_cfg_attr_r(iph1,msgid,attrpl)274 isakmp_cfg_attr_r(iph1, msgid, attrpl)
275 	struct ph1handle *iph1;
276 	u_int32_t msgid;
277 	struct isakmp_pl_attr *attrpl;
278 {
279 	int type = attrpl->type;
280 
281 	plog(LLV_DEBUG, LOCATION, NULL,
282 	     "Configuration exchange type %s\n", s_isakmp_cfg_ptype(type));
283 	switch (type) {
284 	case ISAKMP_CFG_ACK:
285 		/* ignore, but this is the time to reinit the IV */
286 		oakley_delivm(iph1->mode_cfg->ivm);
287 		iph1->mode_cfg->ivm = NULL;
288 		return 0;
289 		break;
290 
291 	case ISAKMP_CFG_REPLY:
292 		return isakmp_cfg_reply(iph1, attrpl);
293 		break;
294 
295 	case ISAKMP_CFG_REQUEST:
296 		iph1->msgid = msgid;
297 		return isakmp_cfg_request(iph1, attrpl);
298 		break;
299 
300 	case ISAKMP_CFG_SET:
301 		iph1->msgid = msgid;
302 		return isakmp_cfg_set(iph1, attrpl);
303 		break;
304 
305 	default:
306 		plog(LLV_WARNING, LOCATION, NULL,
307 		     "Unepected configuration exchange type %d\n", type);
308 		return -1;
309 		break;
310 	}
311 
312 	return 0;
313 }
314 
315 int
isakmp_cfg_reply(iph1,attrpl)316 isakmp_cfg_reply(iph1, attrpl)
317 	struct ph1handle *iph1;
318 	struct isakmp_pl_attr *attrpl;
319 {
320 	struct isakmp_data *attr;
321 	int tlen;
322 	size_t alen;
323 	char *npp;
324 	int type;
325 	struct sockaddr_in *sin;
326 	int error;
327 
328 	tlen = ntohs(attrpl->h.len);
329 	attr = (struct isakmp_data *)(attrpl + 1);
330 	tlen -= sizeof(*attrpl);
331 
332 	while (tlen > 0) {
333 		type = ntohs(attr->type);
334 
335 		/* Handle short attributes */
336 		if ((type & ISAKMP_GEN_MASK) == ISAKMP_GEN_TV) {
337 			type &= ~ISAKMP_GEN_MASK;
338 
339 			plog(LLV_DEBUG, LOCATION, NULL,
340 			     "Short attribute %s = %d\n",
341 			     s_isakmp_cfg_type(type), ntohs(attr->lorv));
342 
343 			switch (type) {
344 			case XAUTH_TYPE:
345 				if ((error = xauth_attr_reply(iph1,
346 				    attr, ntohs(attrpl->id))) != 0)
347 					return error;
348 				break;
349 
350 			default:
351 				plog(LLV_WARNING, LOCATION, NULL,
352 				     "Ignored short attribute %s\n",
353 				     s_isakmp_cfg_type(type));
354 				break;
355 			}
356 
357 			tlen -= sizeof(*attr);
358 			attr++;
359 			continue;
360 		}
361 
362 		type = ntohs(attr->type);
363 		alen = ntohs(attr->lorv);
364 
365 		/* Check that the attribute fit in the packet */
366 		if (tlen < alen) {
367 			plog(LLV_ERROR, LOCATION, NULL,
368 			     "Short attribute %s\n",
369 			     s_isakmp_cfg_type(type));
370 			return -1;
371 		}
372 
373 		plog(LLV_DEBUG, LOCATION, NULL,
374 		     "Attribute %s, len %zu\n",
375 		     s_isakmp_cfg_type(type), alen);
376 
377 		switch(type) {
378 		case XAUTH_TYPE:
379 		case XAUTH_USER_NAME:
380 		case XAUTH_USER_PASSWORD:
381 		case XAUTH_PASSCODE:
382 		case XAUTH_MESSAGE:
383 		case XAUTH_CHALLENGE:
384 		case XAUTH_DOMAIN:
385 		case XAUTH_STATUS:
386 		case XAUTH_NEXT_PIN:
387 		case XAUTH_ANSWER:
388 			if ((error = xauth_attr_reply(iph1,
389 			    attr, ntohs(attrpl->id))) != 0)
390 				return error;
391 			break;
392 		case INTERNAL_IP4_ADDRESS:
393 			isakmp_cfg_getaddr4(attr, &iph1->mode_cfg->addr4);
394 			iph1->mode_cfg->flags |= ISAKMP_CFG_GOT_ADDR4;
395 			break;
396 		case INTERNAL_IP4_NETMASK:
397 			isakmp_cfg_getaddr4(attr, &iph1->mode_cfg->mask4);
398 			iph1->mode_cfg->flags |= ISAKMP_CFG_GOT_MASK4;
399 			break;
400 		case INTERNAL_IP4_DNS:
401 			isakmp_cfg_appendaddr4(attr,
402 			    &iph1->mode_cfg->dns4[iph1->mode_cfg->dns4_index],
403 			    &iph1->mode_cfg->dns4_index, MAXNS);
404 			iph1->mode_cfg->flags |= ISAKMP_CFG_GOT_DNS4;
405 			break;
406 		case INTERNAL_IP4_NBNS:
407 			isakmp_cfg_appendaddr4(attr,
408 			    &iph1->mode_cfg->wins4[iph1->mode_cfg->wins4_index],
409 			    &iph1->mode_cfg->wins4_index, MAXNS);
410 			iph1->mode_cfg->flags |= ISAKMP_CFG_GOT_WINS4;
411 			break;
412 		case UNITY_DEF_DOMAIN:
413 			isakmp_cfg_getstring(attr,
414 			    iph1->mode_cfg->default_domain);
415 			iph1->mode_cfg->flags |= ISAKMP_CFG_GOT_DEFAULT_DOMAIN;
416 			break;
417 		case UNITY_SPLIT_INCLUDE:
418 		case UNITY_LOCAL_LAN:
419 		case UNITY_SPLITDNS_NAME:
420 		case UNITY_BANNER:
421 		case UNITY_SAVE_PASSWD:
422 		case UNITY_NATT_PORT:
423 		case UNITY_PFS:
424 		case UNITY_FW_TYPE:
425 		case UNITY_BACKUP_SERVERS:
426 		case UNITY_DDNS_HOSTNAME:
427 			isakmp_unity_reply(iph1, attr);
428 			break;
429 		case INTERNAL_IP4_SUBNET:
430 		case INTERNAL_ADDRESS_EXPIRY:
431 		default:
432 			plog(LLV_WARNING, LOCATION, NULL,
433 			     "Ignored attribute %s\n",
434 			     s_isakmp_cfg_type(type));
435 			break;
436 		}
437 
438 		npp = (char *)attr;
439 		attr = (struct isakmp_data *)(npp + sizeof(*attr) + alen);
440 		tlen -= (sizeof(*attr) + alen);
441 	}
442 
443 	/*
444 	 * Call the SA up script hook now that we have the configuration
445 	 * It is done at the end of phase 1 if ISAKMP mode config is not
446 	 * requested.
447 	 */
448 
449 	if ((iph1->status == PHASE1ST_ESTABLISHED) &&
450 	    iph1->rmconf->mode_cfg) {
451 		switch (AUTHMETHOD(iph1)) {
452 		case FICTIVE_AUTH_METHOD_XAUTH_PSKEY_I:
453 		case OAKLEY_ATTR_AUTH_METHOD_HYBRID_RSA_I:
454 		/* Unimplemented */
455 		case OAKLEY_ATTR_AUTH_METHOD_HYBRID_DSS_I:
456 		case OAKLEY_ATTR_AUTH_METHOD_XAUTH_DSSSIG_I:
457 		case OAKLEY_ATTR_AUTH_METHOD_XAUTH_RSASIG_I:
458 		case OAKLEY_ATTR_AUTH_METHOD_XAUTH_RSAENC_I:
459 		case OAKLEY_ATTR_AUTH_METHOD_XAUTH_RSAREV_I:
460 			script_hook(iph1, SCRIPT_PHASE1_UP);
461 			break;
462 		default:
463 			break;
464 		}
465 	}
466 
467 
468 #ifdef ENABLE_ADMINPORT
469 	{
470 		vchar_t *buf;
471 
472 		alen = ntohs(attrpl->h.len) - sizeof(*attrpl);
473 		if ((buf = vmalloc(alen)) == NULL) {
474 			plog(LLV_WARNING, LOCATION, NULL,
475 			    "Cannot allocate memory: %s\n", strerror(errno));
476 		} else {
477 			memcpy(buf->v, attrpl + 1, buf->l);
478 			EVT_PUSH(iph1->local, iph1->remote,
479 			    EVTT_ISAKMP_CFG_DONE, buf);
480 			vfree(buf);
481 		}
482 	}
483 #endif
484 
485 	return 0;
486 }
487 
488 int
isakmp_cfg_request(iph1,attrpl)489 isakmp_cfg_request(iph1, attrpl)
490 	struct ph1handle *iph1;
491 	struct isakmp_pl_attr *attrpl;
492 {
493 	struct isakmp_data *attr;
494 	int tlen;
495 	size_t alen;
496 	char *npp;
497 	vchar_t *payload;
498 	struct isakmp_pl_attr *reply;
499 	vchar_t *reply_attr;
500 	int type;
501 	int error = -1;
502 
503 	if ((payload = vmalloc(sizeof(*reply))) == NULL) {
504 		plog(LLV_ERROR, LOCATION, NULL, "Cannot allocate memory\n");
505 		return -1;
506 	}
507 	memset(payload->v, 0, sizeof(*reply));
508 
509 	tlen = ntohs(attrpl->h.len);
510 	attr = (struct isakmp_data *)(attrpl + 1);
511 	tlen -= sizeof(*attrpl);
512 
513 	while (tlen > 0) {
514 		reply_attr = NULL;
515 		type = ntohs(attr->type);
516 
517 		/* Handle short attributes */
518 		if ((type & ISAKMP_GEN_MASK) == ISAKMP_GEN_TV) {
519 			type &= ~ISAKMP_GEN_MASK;
520 
521 			plog(LLV_DEBUG, LOCATION, NULL,
522 			     "Short attribute %s = %d\n",
523 			     s_isakmp_cfg_type(type), ntohs(attr->lorv));
524 
525 			switch (type) {
526 			case XAUTH_TYPE:
527 				reply_attr = isakmp_xauth_req(iph1, attr);
528 				break;
529 			default:
530 				plog(LLV_WARNING, LOCATION, NULL,
531 				     "Ignored short attribute %s\n",
532 				     s_isakmp_cfg_type(type));
533 				break;
534 			}
535 
536 			tlen -= sizeof(*attr);
537 			attr++;
538 
539 			if (reply_attr != NULL) {
540 				payload = buffer_cat(payload, reply_attr);
541 				vfree(reply_attr);
542 			}
543 
544 			continue;
545 		}
546 
547 		type = ntohs(attr->type);
548 		alen = ntohs(attr->lorv);
549 
550 		/* Check that the attribute fit in the packet */
551 		if (tlen < alen) {
552 			plog(LLV_ERROR, LOCATION, NULL,
553 			     "Short attribute %s\n",
554 			     s_isakmp_cfg_type(type));
555 			goto end;
556 		}
557 
558 		plog(LLV_DEBUG, LOCATION, NULL,
559 		     "Attribute %s, len %zu\n",
560 		     s_isakmp_cfg_type(type), alen);
561 
562 		switch(type) {
563 		case INTERNAL_IP4_ADDRESS:
564 		case INTERNAL_IP4_NETMASK:
565 		case INTERNAL_IP4_DNS:
566 		case INTERNAL_IP4_NBNS:
567 		case INTERNAL_IP4_SUBNET:
568 			reply_attr = isakmp_cfg_net(iph1, attr);
569 			break;
570 
571 		case XAUTH_TYPE:
572 		case XAUTH_USER_NAME:
573 		case XAUTH_USER_PASSWORD:
574 		case XAUTH_PASSCODE:
575 		case XAUTH_MESSAGE:
576 		case XAUTH_CHALLENGE:
577 		case XAUTH_DOMAIN:
578 		case XAUTH_STATUS:
579 		case XAUTH_NEXT_PIN:
580 		case XAUTH_ANSWER:
581 			reply_attr = isakmp_xauth_req(iph1, attr);
582 			break;
583 
584 		case APPLICATION_VERSION:
585 			reply_attr = isakmp_cfg_string(iph1,
586 			    attr, ISAKMP_CFG_RACOON_VERSION);
587 			break;
588 
589 		case UNITY_BANNER:
590 		case UNITY_PFS:
591 		case UNITY_SAVE_PASSWD:
592 		case UNITY_DEF_DOMAIN:
593 		case UNITY_DDNS_HOSTNAME:
594 		case UNITY_FW_TYPE:
595 		case UNITY_SPLITDNS_NAME:
596 		case UNITY_SPLIT_INCLUDE:
597 		case UNITY_LOCAL_LAN:
598 		case UNITY_NATT_PORT:
599 		case UNITY_BACKUP_SERVERS:
600 			reply_attr = isakmp_unity_req(iph1, attr);
601 			break;
602 
603 		case INTERNAL_ADDRESS_EXPIRY:
604 		default:
605 			plog(LLV_WARNING, LOCATION, NULL,
606 			     "Ignored attribute %s\n",
607 			     s_isakmp_cfg_type(type));
608 			break;
609 		}
610 
611 		npp = (char *)attr;
612 		attr = (struct isakmp_data *)(npp + sizeof(*attr) + alen);
613 		tlen -= (sizeof(*attr) + alen);
614 
615 		if (reply_attr != NULL) {
616 			payload = buffer_cat(payload, reply_attr);
617 			vfree(reply_attr);
618 		}
619 
620 	}
621 
622 	reply = (struct isakmp_pl_attr *)payload->v;
623 	reply->h.len = htons(payload->l);
624 	reply->type = ISAKMP_CFG_REPLY;
625 	reply->id = attrpl->id;
626 
627 	plog(LLV_DEBUG, LOCATION, NULL,
628 		    "Sending MODE_CFG REPLY\n");
629 
630 	error = isakmp_cfg_send(iph1, payload,
631 	    ISAKMP_NPTYPE_ATTR, ISAKMP_FLAG_E, 0);
632 
633 	if (iph1->status == PHASE1ST_ESTABLISHED) {
634 		switch (AUTHMETHOD(iph1)) {
635 		case OAKLEY_ATTR_AUTH_METHOD_XAUTH_PSKEY_R:
636 		case OAKLEY_ATTR_AUTH_METHOD_HYBRID_RSA_R:
637 		/* Unimplemented */
638 		case OAKLEY_ATTR_AUTH_METHOD_HYBRID_DSS_R:
639 		case OAKLEY_ATTR_AUTH_METHOD_XAUTH_DSSSIG_R:
640 		case OAKLEY_ATTR_AUTH_METHOD_XAUTH_RSASIG_R:
641 		case OAKLEY_ATTR_AUTH_METHOD_XAUTH_RSAENC_R:
642 		case OAKLEY_ATTR_AUTH_METHOD_XAUTH_RSAREV_R:
643 			script_hook(iph1, SCRIPT_PHASE1_UP);
644 			break;
645 		default:
646 			break;
647 		}
648 	}
649 
650 end:
651 	vfree(payload);
652 
653 	return error;
654 }
655 
656 int
isakmp_cfg_set(iph1,attrpl)657 isakmp_cfg_set(iph1, attrpl)
658 	struct ph1handle *iph1;
659 	struct isakmp_pl_attr *attrpl;
660 {
661 	struct isakmp_data *attr;
662 	int tlen;
663 	size_t alen;
664 	char *npp;
665 	vchar_t *payload;
666 	struct isakmp_pl_attr *reply;
667 	vchar_t *reply_attr;
668 	int type;
669 	int error = -1;
670 
671 	if ((payload = vmalloc(sizeof(*reply))) == NULL) {
672 		plog(LLV_ERROR, LOCATION, NULL, "Cannot allocate memory\n");
673 		return -1;
674 	}
675 	memset(payload->v, 0, sizeof(*reply));
676 
677 	tlen = ntohs(attrpl->h.len);
678 	attr = (struct isakmp_data *)(attrpl + 1);
679 	tlen -= sizeof(*attrpl);
680 
681 	/*
682 	 * We should send ack for the attributes we accepted
683 	 */
684 	while (tlen > 0) {
685 		reply_attr = NULL;
686 		type = ntohs(attr->type);
687 
688 		plog(LLV_DEBUG, LOCATION, NULL,
689 		     "Attribute %s\n",
690 		     s_isakmp_cfg_type(type & ~ISAKMP_GEN_MASK));
691 
692 		switch (type & ~ISAKMP_GEN_MASK) {
693 		case XAUTH_STATUS:
694 			reply_attr = isakmp_xauth_set(iph1, attr);
695 			break;
696 		default:
697 			plog(LLV_DEBUG, LOCATION, NULL,
698 			     "Unexpected SET attribute %s\n",
699 		     	     s_isakmp_cfg_type(type & ~ISAKMP_GEN_MASK));
700 			break;
701 		}
702 
703 		if (reply_attr != NULL) {
704 			payload = buffer_cat(payload, reply_attr);
705 			vfree(reply_attr);
706 		}
707 
708 		/*
709 		 * Move to next attribute. If we run out of the packet,
710 		 * tlen becomes negative and we exit.
711 		 */
712 		if ((type & ISAKMP_GEN_MASK) == ISAKMP_GEN_TV) {
713 			tlen -= sizeof(*attr);
714 			attr++;
715 		} else {
716 			alen = ntohs(attr->lorv);
717 			tlen -= (sizeof(*attr) + alen);
718 			npp = (char *)attr;
719 			attr = (struct isakmp_data *)
720 			    (npp + sizeof(*attr) + alen);
721 		}
722 	}
723 
724 	reply = (struct isakmp_pl_attr *)payload->v;
725 	reply->h.len = htons(payload->l);
726 	reply->type = ISAKMP_CFG_ACK;
727 	reply->id = attrpl->id;
728 
729 	plog(LLV_DEBUG, LOCATION, NULL,
730 		     "Sending MODE_CFG ACK\n");
731 
732 	error = isakmp_cfg_send(iph1, payload,
733 	    ISAKMP_NPTYPE_ATTR, ISAKMP_FLAG_E, 0);
734 
735 	if (iph1->mode_cfg->flags & ISAKMP_CFG_DELETE_PH1) {
736 		if (iph1->status == PHASE1ST_ESTABLISHED)
737 			isakmp_info_send_d1(iph1);
738 		remph1(iph1);
739 		delph1(iph1);
740 		iph1 = NULL;
741 	}
742 end:
743 	vfree(payload);
744 
745 	/*
746 	 * If required, request ISAKMP mode config information
747 	 */
748 	if ((iph1 != NULL) && (iph1->rmconf->mode_cfg) && (error == 0))
749 		error = isakmp_cfg_getconfig(iph1);
750 
751 	return error;
752 }
753 
754 
755 static vchar_t *
buffer_cat(s,append)756 buffer_cat(s, append)
757 	vchar_t *s;
758 	vchar_t *append;
759 {
760 	vchar_t *new;
761 
762 	new = vmalloc(s->l + append->l);
763 	if (new == NULL) {
764 		plog(LLV_ERROR, LOCATION, NULL,
765 		    "Cannot allocate memory\n");
766 		return s;
767 	}
768 
769 	memcpy(new->v, s->v, s->l);
770 	memcpy(new->v + s->l, append->v, append->l);
771 
772 	vfree(s);
773 	return new;
774 }
775 
776 static vchar_t *
isakmp_cfg_net(iph1,attr)777 isakmp_cfg_net(iph1, attr)
778 	struct ph1handle *iph1;
779 	struct isakmp_data *attr;
780 {
781 	int type;
782 	int confsource;
783 	in_addr_t addr4;
784 
785 	type = ntohs(attr->type);
786 
787 	/*
788 	 * Don't give an address to a peer that did not succeed Xauth
789 	 */
790 	if (xauth_check(iph1) != 0) {
791 		plog(LLV_ERROR, LOCATION, NULL,
792 		    "Attempt to start phase config whereas Xauth failed\n");
793 		return NULL;
794 	}
795 
796 	confsource = isakmp_cfg_config.confsource;
797 	/*
798 	 * If we have to fall back to a local
799 	 * configuration source, we will jump
800 	 * back to this point.
801 	 */
802 retry_source:
803 
804 	switch(type) {
805 	case INTERNAL_IP4_ADDRESS:
806 		switch(confsource) {
807 #ifdef HAVE_LIBLDAP
808 		case ISAKMP_CFG_CONF_LDAP:
809 			if (iph1->mode_cfg->flags & ISAKMP_CFG_ADDR4_EXTERN)
810 			    break;
811 			plog(LLV_INFO, LOCATION, NULL,
812 			    "No IP from LDAP, using local pool\n");
813 			/* FALLTHROUGH */
814 			confsource = ISAKMP_CFG_CONF_LOCAL;
815 			goto retry_source;
816 #endif
817 #ifdef HAVE_LIBRADIUS
818 		case ISAKMP_CFG_CONF_RADIUS:
819 			if ((iph1->mode_cfg->flags & ISAKMP_CFG_ADDR4_EXTERN)
820 			    && (iph1->mode_cfg->addr4.s_addr != htonl(-2)))
821 			    /*
822 			     * -2 is 255.255.255.254, RADIUS uses that
823 			     * to instruct the NAS to use a local pool
824 			     */
825 			    break;
826 			plog(LLV_INFO, LOCATION, NULL,
827 			    "No IP from RADIUS, using local pool\n");
828 			/* FALLTHROUGH */
829 			confsource = ISAKMP_CFG_CONF_LOCAL;
830 			goto retry_source;
831 #endif
832 		case ISAKMP_CFG_CONF_LOCAL:
833 			if (isakmp_cfg_getport(iph1) == -1) {
834 				plog(LLV_ERROR, LOCATION, NULL,
835 				    "Port pool depleted\n");
836 				break;
837 			}
838 
839 			iph1->mode_cfg->addr4.s_addr =
840 			    htonl(ntohl(isakmp_cfg_config.network4)
841 			    + iph1->mode_cfg->port);
842 			iph1->mode_cfg->flags |= ISAKMP_CFG_ADDR4_LOCAL;
843 			break;
844 
845 		default:
846 			plog(LLV_ERROR, LOCATION, NULL,
847 			    "Unexpected confsource\n");
848 		}
849 
850 		if (isakmp_cfg_accounting(iph1, ISAKMP_CFG_LOGIN) != 0)
851 			plog(LLV_ERROR, LOCATION, NULL, "Accounting failed\n");
852 
853 		return isakmp_cfg_addr4(iph1,
854 		    attr, &iph1->mode_cfg->addr4.s_addr);
855 		break;
856 
857 	case INTERNAL_IP4_NETMASK:
858 		switch(confsource) {
859 #ifdef HAVE_LIBLDAP
860 		case ISAKMP_CFG_CONF_LDAP:
861 			if (iph1->mode_cfg->flags & ISAKMP_CFG_MASK4_EXTERN)
862 				break;
863 			plog(LLV_INFO, LOCATION, NULL,
864 			    "No mask from LDAP, using local pool\n");
865 			/* FALLTHROUGH */
866 			confsource = ISAKMP_CFG_CONF_LOCAL;
867 			goto retry_source;
868 #endif
869 #ifdef HAVE_LIBRADIUS
870 		case ISAKMP_CFG_CONF_RADIUS:
871 			if (iph1->mode_cfg->flags & ISAKMP_CFG_MASK4_EXTERN)
872 				break;
873 			plog(LLV_INFO, LOCATION, NULL,
874 			    "No mask from RADIUS, using local pool\n");
875 			/* FALLTHROUGH */
876 			confsource = ISAKMP_CFG_CONF_LOCAL;
877 			goto retry_source;
878 #endif
879 		case ISAKMP_CFG_CONF_LOCAL:
880 			iph1->mode_cfg->mask4.s_addr
881 			    = isakmp_cfg_config.netmask4;
882 			iph1->mode_cfg->flags |= ISAKMP_CFG_MASK4_LOCAL;
883 			break;
884 
885 		default:
886 			plog(LLV_ERROR, LOCATION, NULL,
887 			    "Unexpected confsource\n");
888 		}
889 		return isakmp_cfg_addr4(iph1, attr,
890 		    &iph1->mode_cfg->mask4.s_addr);
891 		break;
892 
893 	case INTERNAL_IP4_DNS:
894 		return isakmp_cfg_addr4_list(iph1,
895 		    attr, &isakmp_cfg_config.dns4[0],
896 		    isakmp_cfg_config.dns4_index);
897 		break;
898 
899 	case INTERNAL_IP4_NBNS:
900 		return isakmp_cfg_addr4_list(iph1,
901 		    attr, &isakmp_cfg_config.nbns4[0],
902 		    isakmp_cfg_config.nbns4_index);
903 		break;
904 
905 	case INTERNAL_IP4_SUBNET:
906 		return isakmp_cfg_addr4(iph1,
907 		    attr, &isakmp_cfg_config.network4);
908 		break;
909 
910 	default:
911 		plog(LLV_ERROR, LOCATION, NULL, "Unexpected type %d\n", type);
912 		break;
913 	}
914 	return NULL;
915 }
916 
917 #if 0
918 static vchar_t *
919 isakmp_cfg_void(iph1, attr)
920 	struct ph1handle *iph1;
921 	struct isakmp_data *attr;
922 {
923 	vchar_t *buffer;
924 	struct isakmp_data *new;
925 
926 	if ((buffer = vmalloc(sizeof(*attr))) == NULL) {
927 		plog(LLV_ERROR, LOCATION, NULL, "Cannot allocate memory\n");
928 		return NULL;
929 	}
930 
931 	new = (struct isakmp_data *)buffer->v;
932 
933 	new->type = attr->type;
934 	new->lorv = htons(0);
935 
936 	return buffer;
937 }
938 #endif
939 
940 vchar_t *
isakmp_cfg_copy(iph1,attr)941 isakmp_cfg_copy(iph1, attr)
942 	struct ph1handle *iph1;
943 	struct isakmp_data *attr;
944 {
945 	vchar_t *buffer;
946 	size_t len = 0;
947 
948 	if ((ntohs(attr->type) & ISAKMP_GEN_MASK) == ISAKMP_GEN_TLV)
949 		len = ntohs(attr->lorv);
950 
951 	if ((buffer = vmalloc(sizeof(*attr) + len)) == NULL) {
952 		plog(LLV_ERROR, LOCATION, NULL, "Cannot allocate memory\n");
953 		return NULL;
954 	}
955 
956 	memcpy(buffer->v, attr, sizeof(*attr) + ntohs(attr->lorv));
957 
958 	return buffer;
959 }
960 
961 vchar_t *
isakmp_cfg_short(iph1,attr,value)962 isakmp_cfg_short(iph1, attr, value)
963 	struct ph1handle *iph1;
964 	struct isakmp_data *attr;
965 	int value;
966 {
967 	vchar_t *buffer;
968 	struct isakmp_data *new;
969 	int type;
970 
971 	if ((buffer = vmalloc(sizeof(*attr))) == NULL) {
972 		plog(LLV_ERROR, LOCATION, NULL, "Cannot allocate memory\n");
973 		return NULL;
974 	}
975 
976 	new = (struct isakmp_data *)buffer->v;
977 	type = ntohs(attr->type) & ~ISAKMP_GEN_MASK;
978 
979 	new->type = htons(type | ISAKMP_GEN_TV);
980 	new->lorv = htons(value);
981 
982 	return buffer;
983 }
984 
985 vchar_t *
isakmp_cfg_varlen(iph1,attr,string,len)986 isakmp_cfg_varlen(iph1, attr, string, len)
987 	struct ph1handle *iph1;
988 	struct isakmp_data *attr;
989 	char *string;
990 	size_t len;
991 {
992 	vchar_t *buffer;
993 	struct isakmp_data *new;
994 	char *data;
995 
996 	if ((buffer = vmalloc(sizeof(*attr) + len)) == NULL) {
997 		plog(LLV_ERROR, LOCATION, NULL, "Cannot allocate memory\n");
998 		return NULL;
999 	}
1000 
1001 	new = (struct isakmp_data *)buffer->v;
1002 
1003 	new->type = attr->type;
1004 	new->lorv = htons(len);
1005 	data = (char *)(new + 1);
1006 
1007 	memcpy(data, string, len);
1008 
1009 	return buffer;
1010 }
1011 vchar_t *
isakmp_cfg_string(iph1,attr,string)1012 isakmp_cfg_string(iph1, attr, string)
1013 	struct ph1handle *iph1;
1014 	struct isakmp_data *attr;
1015 	char *string;
1016 {
1017 	size_t len = strlen(string);
1018 	return isakmp_cfg_varlen(iph1, attr, string, len);
1019 }
1020 
1021 static vchar_t *
isakmp_cfg_addr4(iph1,attr,addr)1022 isakmp_cfg_addr4(iph1, attr, addr)
1023 	struct ph1handle *iph1;
1024 	struct isakmp_data *attr;
1025 	in_addr_t *addr;
1026 {
1027 	vchar_t *buffer;
1028 	struct isakmp_data *new;
1029 	size_t len;
1030 
1031 	len = sizeof(*addr);
1032 	if ((buffer = vmalloc(sizeof(*attr) + len)) == NULL) {
1033 		plog(LLV_ERROR, LOCATION, NULL, "Cannot allocate memory\n");
1034 		return NULL;
1035 	}
1036 
1037 	new = (struct isakmp_data *)buffer->v;
1038 
1039 	new->type = attr->type;
1040 	new->lorv = htons(len);
1041 	memcpy(new + 1, addr, len);
1042 
1043 	return buffer;
1044 }
1045 
1046 static vchar_t *
isakmp_cfg_addr4_list(iph1,attr,addr,nbr)1047 isakmp_cfg_addr4_list(iph1, attr, addr, nbr)
1048 	struct ph1handle *iph1;
1049 	struct isakmp_data *attr;
1050 	in_addr_t *addr;
1051 	int nbr;
1052 {
1053 	int error = -1;
1054 	vchar_t *buffer = NULL;
1055 	vchar_t *bufone = NULL;
1056 	struct isakmp_data *new;
1057 	size_t len;
1058 	int i;
1059 
1060 	len = sizeof(*addr);
1061 	if ((buffer = vmalloc(0)) == NULL) {
1062 		plog(LLV_ERROR, LOCATION, NULL, "Cannot allocate memory\n");
1063 		goto out;
1064 	}
1065 	for(i = 0; i < nbr; i++) {
1066 		if ((bufone = vmalloc(sizeof(*attr) + len)) == NULL) {
1067 			plog(LLV_ERROR, LOCATION, NULL,
1068 			    "Cannot allocate memory\n");
1069 			goto out;
1070 		}
1071 		new = (struct isakmp_data *)bufone->v;
1072 		new->type = attr->type;
1073 		new->lorv = htons(len);
1074 		memcpy(new + 1, &addr[i], len);
1075 		new += (len + sizeof(*attr));
1076 		buffer = buffer_cat(buffer, bufone);
1077 		vfree(bufone);
1078 	}
1079 
1080 	error = 0;
1081 
1082 out:
1083 	if ((error != 0) && (buffer != NULL)) {
1084 		vfree(buffer);
1085 		buffer = NULL;
1086 	}
1087 
1088 	return buffer;
1089 }
1090 
1091 struct isakmp_ivm *
isakmp_cfg_newiv(iph1,msgid)1092 isakmp_cfg_newiv(iph1, msgid)
1093 	struct ph1handle *iph1;
1094 	u_int32_t msgid;
1095 {
1096 	struct isakmp_cfg_state *ics = iph1->mode_cfg;
1097 
1098 	if (ics == NULL) {
1099 		plog(LLV_ERROR, LOCATION, NULL,
1100 		    "isakmp_cfg_newiv called without mode config state\n");
1101 		return NULL;
1102 	}
1103 
1104 	if (ics->ivm != NULL)
1105 		oakley_delivm(ics->ivm);
1106 
1107 	ics->ivm = oakley_newiv2(iph1, msgid);
1108 	ics->last_msgid = msgid;
1109 
1110 	return ics->ivm;
1111 }
1112 
1113 /* Derived from isakmp_info_send_common */
1114 int
isakmp_cfg_send(iph1,payload,np,flags,new_exchange)1115 isakmp_cfg_send(iph1, payload, np, flags, new_exchange)
1116 	struct ph1handle *iph1;
1117 	vchar_t *payload;
1118 	u_int32_t np;
1119 	int flags;
1120 	int new_exchange;
1121 {
1122 	struct ph2handle *iph2 = NULL;
1123 	vchar_t *hash = NULL;
1124 	struct isakmp *isakmp;
1125 	struct isakmp_gen *gen;
1126 	char *p;
1127 	int tlen;
1128 	int error = -1;
1129 	struct isakmp_cfg_state *ics = iph1->mode_cfg;
1130 
1131 	/* Check if phase 1 is established */
1132 	if ((iph1->status != PHASE1ST_ESTABLISHED) ||
1133 	    (iph1->local == NULL) ||
1134 	    (iph1->remote == NULL)) {
1135 		plog(LLV_ERROR, LOCATION, NULL,
1136 		    "ISAKMP mode config exchange with immature phase 1\n");
1137 		goto end;
1138 	}
1139 
1140 	/* add new entry to isakmp status table */
1141 	iph2 = newph2();
1142 	if (iph2 == NULL)
1143 		goto end;
1144 
1145 	iph2->dst = dupsaddr(iph1->remote);
1146 	if (iph2->dst == NULL) {
1147 		delph2(iph2);
1148 		goto end;
1149 	}
1150 	iph2->src = dupsaddr(iph1->local);
1151 	if (iph2->src == NULL) {
1152 		delph2(iph2);
1153 		goto end;
1154 	}
1155 
1156 #if (!defined(ENABLE_NATT)) || (defined(BROKEN_NATT))
1157 	if (set_port(iph2->dst, 0) == NULL ||
1158 	    set_port(iph2->src, 0) == NULL) {
1159 		plog(LLV_ERROR, LOCATION, NULL,
1160 		     "invalid family: %d\n", iph1->remote->sa_family);
1161 		delph2(iph2);
1162 		goto end;
1163 	}
1164 #endif
1165 	iph2->ph1 = iph1;
1166 	iph2->side = INITIATOR;
1167 	iph2->status = PHASE2ST_START;
1168 
1169 	if (new_exchange)
1170 		iph2->msgid = isakmp_newmsgid2(iph1);
1171 	else
1172 		iph2->msgid = iph1->msgid;
1173 
1174 	/* get IV and HASH(1) if skeyid_a was generated. */
1175 	if (iph1->skeyid_a != NULL) {
1176 		if (new_exchange) {
1177 			if (isakmp_cfg_newiv(iph1, iph2->msgid) == NULL) {
1178 				delph2(iph2);
1179 				goto end;
1180 			}
1181 		}
1182 
1183 		/* generate HASH(1) */
1184 		hash = oakley_compute_hash1(iph2->ph1, iph2->msgid, payload);
1185 		if (hash == NULL) {
1186 			delph2(iph2);
1187 			goto end;
1188 		}
1189 
1190 		/* initialized total buffer length */
1191 		tlen = hash->l;
1192 		tlen += sizeof(*gen);
1193 	} else {
1194 		/* IKE-SA is not established */
1195 		hash = NULL;
1196 
1197 		/* initialized total buffer length */
1198 		tlen = 0;
1199 	}
1200 	if ((flags & ISAKMP_FLAG_A) == 0)
1201 		iph2->flags = (hash == NULL ? 0 : ISAKMP_FLAG_E);
1202 	else
1203 		iph2->flags = (hash == NULL ? 0 : ISAKMP_FLAG_A);
1204 
1205 	insph2(iph2);
1206 	bindph12(iph1, iph2);
1207 
1208 	tlen += sizeof(*isakmp) + payload->l;
1209 
1210 	/* create buffer for isakmp payload */
1211 	iph2->sendbuf = vmalloc(tlen);
1212 	if (iph2->sendbuf == NULL) {
1213 		plog(LLV_ERROR, LOCATION, NULL,
1214 			"failed to get buffer to send.\n");
1215 		goto err;
1216 	}
1217 
1218 	/* create isakmp header */
1219 	isakmp = (struct isakmp *)iph2->sendbuf->v;
1220 	memcpy(&isakmp->i_ck, &iph1->index.i_ck, sizeof(cookie_t));
1221 	memcpy(&isakmp->r_ck, &iph1->index.r_ck, sizeof(cookie_t));
1222 	isakmp->np = hash == NULL ? (np & 0xff) : ISAKMP_NPTYPE_HASH;
1223 	isakmp->v = iph1->version;
1224 	isakmp->etype = ISAKMP_ETYPE_CFG;
1225 	isakmp->flags = iph2->flags;
1226 	memcpy(&isakmp->msgid, &iph2->msgid, sizeof(isakmp->msgid));
1227 	isakmp->len = htonl(tlen);
1228 	p = (char *)(isakmp + 1);
1229 
1230 	/* create HASH payload */
1231 	if (hash != NULL) {
1232 		gen = (struct isakmp_gen *)p;
1233 		gen->np = np & 0xff;
1234 		gen->len = htons(sizeof(*gen) + hash->l);
1235 		p += sizeof(*gen);
1236 		memcpy(p, hash->v, hash->l);
1237 		p += hash->l;
1238 	}
1239 
1240 	/* add payload */
1241 	memcpy(p, payload->v, payload->l);
1242 	p += payload->l;
1243 
1244 #ifdef HAVE_PRINT_ISAKMP_C
1245 	isakmp_printpacket(iph2->sendbuf, iph1->local, iph1->remote, 1);
1246 #endif
1247 
1248 	plog(LLV_DEBUG, LOCATION, NULL, "MODE_CFG packet to send\n");
1249 	plogdump(LLV_DEBUG, iph2->sendbuf->v, iph2->sendbuf->l);
1250 
1251 	/* encoding */
1252 	if (ISSET(isakmp->flags, ISAKMP_FLAG_E)) {
1253 		vchar_t *tmp;
1254 
1255 		tmp = oakley_do_encrypt(iph2->ph1, iph2->sendbuf,
1256 			ics->ivm->ive, ics->ivm->iv);
1257 		VPTRINIT(iph2->sendbuf);
1258 		if (tmp == NULL)
1259 			goto err;
1260 		iph2->sendbuf = tmp;
1261 	}
1262 
1263 	/* HDR*, HASH(1), ATTR */
1264 	if (isakmp_send(iph2->ph1, iph2->sendbuf) < 0) {
1265 		VPTRINIT(iph2->sendbuf);
1266 		goto err;
1267 	}
1268 
1269 	plog(LLV_DEBUG, LOCATION, NULL,
1270 		"sendto mode config %s.\n", s_isakmp_nptype(np));
1271 
1272 	/*
1273 	 * XXX We might need to resend the message...
1274 	 */
1275 
1276 	error = 0;
1277 	VPTRINIT(iph2->sendbuf);
1278 
1279 err:
1280 	if (iph2->sendbuf != NULL)
1281 		vfree(iph2->sendbuf);
1282 
1283 	unbindph12(iph2);
1284 	remph2(iph2);
1285 	delph2(iph2);
1286 end:
1287 	if (hash)
1288 		vfree(hash);
1289 	return error;
1290 }
1291 
1292 
1293 void
isakmp_cfg_rmstate(iph1)1294 isakmp_cfg_rmstate(iph1)
1295 	struct ph1handle *iph1;
1296 {
1297 	struct isakmp_cfg_state *state = iph1->mode_cfg;
1298 
1299 	if (isakmp_cfg_accounting(iph1, ISAKMP_CFG_LOGOUT) != 0)
1300 		plog(LLV_ERROR, LOCATION, NULL, "Accounting failed\n");
1301 
1302 	if (state->flags & ISAKMP_CFG_PORT_ALLOCATED)
1303 		isakmp_cfg_putport(iph1, state->port);
1304 
1305 	/* Delete the IV if it's still there */
1306 	if(iph1->mode_cfg->ivm) {
1307 		oakley_delivm(iph1->mode_cfg->ivm);
1308 		iph1->mode_cfg->ivm = NULL;
1309 	}
1310 
1311 	/* Free any allocated splitnet lists */
1312 	if(iph1->mode_cfg->split_include != NULL)
1313 		splitnet_list_free(iph1->mode_cfg->split_include,
1314 			&iph1->mode_cfg->include_count);
1315 	if(iph1->mode_cfg->split_local != NULL)
1316 		splitnet_list_free(iph1->mode_cfg->split_local,
1317 			&iph1->mode_cfg->local_count);
1318 
1319 	xauth_rmstate(&state->xauth);
1320 
1321 	racoon_free(state);
1322 	iph1->mode_cfg = NULL;
1323 
1324 	return;
1325 }
1326 
1327 struct isakmp_cfg_state *
isakmp_cfg_mkstate(void)1328 isakmp_cfg_mkstate(void)
1329 {
1330 	struct isakmp_cfg_state *state;
1331 
1332 	if ((state = racoon_malloc(sizeof(*state))) == NULL) {
1333 		plog(LLV_ERROR, LOCATION, NULL,
1334 		    "Cannot allocate memory for mode config state\n");
1335 		return NULL;
1336 	}
1337 	memset(state, 0, sizeof(*state));
1338 
1339 	return state;
1340 }
1341 
1342 int
isakmp_cfg_getport(iph1)1343 isakmp_cfg_getport(iph1)
1344 	struct ph1handle *iph1;
1345 {
1346 	unsigned int i;
1347 	size_t size = isakmp_cfg_config.pool_size;
1348 
1349 	if (iph1->mode_cfg->flags & ISAKMP_CFG_PORT_ALLOCATED)
1350 		return iph1->mode_cfg->port;
1351 
1352 	if (isakmp_cfg_config.port_pool == NULL) {
1353 		plog(LLV_ERROR, LOCATION, NULL,
1354 		    "isakmp_cfg_config.port_pool == NULL\n");
1355 		return -1;
1356 	}
1357 
1358 	for (i = 0; i < size; i++) {
1359 		if (isakmp_cfg_config.port_pool[i].used == 0)
1360 			break;
1361 	}
1362 
1363 	if (i == size) {
1364 		plog(LLV_ERROR, LOCATION, NULL,
1365 		    "No more addresses available\n");
1366 			return -1;
1367 	}
1368 
1369 	isakmp_cfg_config.port_pool[i].used = 1;
1370 
1371 	plog(LLV_INFO, LOCATION, NULL, "Using port %d\n", i);
1372 
1373 	iph1->mode_cfg->flags |= ISAKMP_CFG_PORT_ALLOCATED;
1374 	iph1->mode_cfg->port = i;
1375 
1376 	return i;
1377 }
1378 
1379 int
isakmp_cfg_putport(iph1,index)1380 isakmp_cfg_putport(iph1, index)
1381 	struct ph1handle *iph1;
1382 	unsigned int index;
1383 {
1384 	if (isakmp_cfg_config.port_pool == NULL) {
1385 		plog(LLV_ERROR, LOCATION, NULL,
1386 		    "isakmp_cfg_config.port_pool == NULL\n");
1387 		return -1;
1388 	}
1389 
1390 	if (isakmp_cfg_config.port_pool[index].used == 0) {
1391 		plog(LLV_ERROR, LOCATION, NULL,
1392 		    "Attempt to release an unallocated address (port %d)\n",
1393 		    index);
1394 		return -1;
1395 	}
1396 
1397 #ifdef HAVE_LIBPAM
1398 	/* Cleanup PAM status associated with the port */
1399 	if (isakmp_cfg_config.authsource == ISAKMP_CFG_AUTH_PAM)
1400 		privsep_cleanup_pam(index);
1401 #endif
1402 	isakmp_cfg_config.port_pool[index].used = 0;
1403 	iph1->mode_cfg->flags &= ISAKMP_CFG_PORT_ALLOCATED;
1404 
1405 	plog(LLV_INFO, LOCATION, NULL, "Released port %d\n", index);
1406 
1407 	return 0;
1408 }
1409 
1410 #ifdef HAVE_LIBPAM
1411 void
cleanup_pam(port)1412 cleanup_pam(port)
1413 	int port;
1414 {
1415 	if (isakmp_cfg_config.port_pool[port].pam != NULL) {
1416 		pam_end(isakmp_cfg_config.port_pool[port].pam, PAM_SUCCESS);
1417 		isakmp_cfg_config.port_pool[port].pam = NULL;
1418 	}
1419 
1420 	return;
1421 }
1422 #endif
1423 
1424 /* Accounting, only for RADIUS or PAM */
1425 static int
isakmp_cfg_accounting(iph1,inout)1426 isakmp_cfg_accounting(iph1, inout)
1427 	struct ph1handle *iph1;
1428 	int inout;
1429 {
1430 #ifdef HAVE_LIBPAM
1431 	if (isakmp_cfg_config.accounting == ISAKMP_CFG_ACCT_PAM)
1432 		return privsep_accounting_pam(iph1->mode_cfg->port,
1433 		    inout);
1434 #endif
1435 #ifdef HAVE_LIBRADIUS
1436 	if (isakmp_cfg_config.accounting == ISAKMP_CFG_ACCT_RADIUS)
1437 		return isakmp_cfg_accounting_radius(iph1, inout);
1438 #endif
1439 	if (isakmp_cfg_config.accounting == ISAKMP_CFG_ACCT_SYSTEM)
1440 		return privsep_accounting_system(iph1->mode_cfg->port,
1441 			iph1->remote, iph1->mode_cfg->login, inout);
1442 	return 0;
1443 }
1444 
1445 #ifdef HAVE_LIBPAM
1446 int
isakmp_cfg_accounting_pam(port,inout)1447 isakmp_cfg_accounting_pam(port, inout)
1448 	int port;
1449 	int inout;
1450 {
1451 	int error = 0;
1452 	pam_handle_t *pam;
1453 
1454 	if (isakmp_cfg_config.port_pool == NULL) {
1455 		plog(LLV_ERROR, LOCATION, NULL,
1456 		    "isakmp_cfg_config.port_pool == NULL\n");
1457 		return -1;
1458 	}
1459 
1460 	pam = isakmp_cfg_config.port_pool[port].pam;
1461 	if (pam == NULL) {
1462 		plog(LLV_ERROR, LOCATION, NULL, "pam handle is NULL\n");
1463 		return -1;
1464 	}
1465 
1466 	switch (inout) {
1467 	case ISAKMP_CFG_LOGIN:
1468 		error = pam_open_session(pam, 0);
1469 		break;
1470 	case ISAKMP_CFG_LOGOUT:
1471 		error = pam_close_session(pam, 0);
1472 		pam_end(pam, error);
1473 		isakmp_cfg_config.port_pool[port].pam = NULL;
1474 		break;
1475 	default:
1476 		plog(LLV_ERROR, LOCATION, NULL, "Unepected inout\n");
1477 		break;
1478 	}
1479 
1480 	if (error != 0) {
1481 		plog(LLV_ERROR, LOCATION, NULL,
1482 		    "pam_open_session/pam_close_session failed: %s\n",
1483 		    pam_strerror(pam, error));
1484 		return -1;
1485         }
1486 
1487 	return 0;
1488 }
1489 #endif /* HAVE_LIBPAM */
1490 
1491 #ifdef HAVE_LIBRADIUS
1492 static int
isakmp_cfg_accounting_radius(iph1,inout)1493 isakmp_cfg_accounting_radius(iph1, inout)
1494 	struct ph1handle *iph1;
1495 	int inout;
1496 {
1497 	/* For first time use, initialize Radius */
1498 	if (radius_acct_state == NULL) {
1499 		if ((radius_acct_state = rad_acct_open()) == NULL) {
1500 			plog(LLV_ERROR, LOCATION, NULL,
1501 			    "Cannot init librradius\n");
1502 			return -1;
1503 		}
1504 
1505 		if (rad_config(radius_acct_state, NULL) != 0) {
1506 			 plog(LLV_ERROR, LOCATION, NULL,
1507 			     "Cannot open librarius config file: %s\n",
1508 			     rad_strerror(radius_acct_state));
1509 			  rad_close(radius_acct_state);
1510 			  radius_acct_state = NULL;
1511 			  return -1;
1512 		}
1513 	}
1514 
1515 	if (rad_create_request(radius_acct_state,
1516 	    RAD_ACCOUNTING_REQUEST) != 0) {
1517 		plog(LLV_ERROR, LOCATION, NULL,
1518 		    "rad_create_request failed: %s\n",
1519 		    rad_strerror(radius_acct_state));
1520 		return -1;
1521 	}
1522 
1523 	if (rad_put_string(radius_acct_state, RAD_USER_NAME,
1524 	    iph1->mode_cfg->login) != 0) {
1525 		plog(LLV_ERROR, LOCATION, NULL,
1526 		    "rad_put_string failed: %s\n",
1527 		    rad_strerror(radius_acct_state));
1528 		return -1;
1529 	}
1530 
1531 	switch (inout) {
1532 	case ISAKMP_CFG_LOGIN:
1533 		inout = RAD_START;
1534 		break;
1535 	case ISAKMP_CFG_LOGOUT:
1536 		inout = RAD_STOP;
1537 		break;
1538 	default:
1539 		plog(LLV_ERROR, LOCATION, NULL, "Unepected inout\n");
1540 		break;
1541 	}
1542 
1543 	if (rad_put_addr(radius_acct_state,
1544 	    RAD_FRAMED_IP_ADDRESS, iph1->mode_cfg->addr4) != 0) {
1545 		plog(LLV_ERROR, LOCATION, NULL,
1546 		    "rad_put_addr failed: %s\n",
1547 		    rad_strerror(radius_acct_state));
1548 		return -1;
1549 	}
1550 
1551 	if (rad_put_addr(radius_acct_state,
1552 	    RAD_LOGIN_IP_HOST, iph1->mode_cfg->addr4) != 0) {
1553 		plog(LLV_ERROR, LOCATION, NULL,
1554 		    "rad_put_addr failed: %s\n",
1555 		    rad_strerror(radius_acct_state));
1556 		return -1;
1557 	}
1558 
1559 	if (rad_put_int(radius_acct_state, RAD_ACCT_STATUS_TYPE, inout) != 0) {
1560 		plog(LLV_ERROR, LOCATION, NULL,
1561 		    "rad_put_int failed: %s\n",
1562 		    rad_strerror(radius_acct_state));
1563 		return -1;
1564 	}
1565 
1566 	if (isakmp_cfg_radius_common(radius_acct_state,
1567 	    iph1->mode_cfg->port) != 0)
1568 		return -1;
1569 
1570 	if (rad_send_request(radius_acct_state) != RAD_ACCOUNTING_RESPONSE) {
1571 		plog(LLV_ERROR, LOCATION, NULL,
1572 		    "rad_send_request failed: %s\n",
1573 		    rad_strerror(radius_acct_state));
1574 		return -1;
1575 	}
1576 
1577 	return 0;
1578 }
1579 #endif /* HAVE_LIBRADIUS */
1580 
1581 /*
1582  * Attributes common to all RADIUS requests
1583  */
1584 #ifdef HAVE_LIBRADIUS
1585 int
isakmp_cfg_radius_common(radius_state,port)1586 isakmp_cfg_radius_common(radius_state, port)
1587 	struct rad_handle *radius_state;
1588 	int port;
1589 {
1590 	struct utsname name;
1591 	static struct hostent *host = NULL;
1592 	struct in_addr nas_addr;
1593 
1594 	/*
1595 	 * Find our own IP by resolving our nodename
1596 	 */
1597 	if (host == NULL) {
1598 		if (uname(&name) != 0) {
1599 			plog(LLV_ERROR, LOCATION, NULL,
1600 			    "uname failed: %s\n", strerror(errno));
1601 			return -1;
1602 		}
1603 
1604 		if ((host = gethostbyname(name.nodename)) == NULL) {
1605 			plog(LLV_ERROR, LOCATION, NULL,
1606 			    "gethostbyname failed: %s\n", strerror(errno));
1607 			return -1;
1608 		}
1609 	}
1610 
1611 	memcpy(&nas_addr, host->h_addr, sizeof(nas_addr));
1612 	if (rad_put_addr(radius_state, RAD_NAS_IP_ADDRESS, nas_addr) != 0) {
1613 		plog(LLV_ERROR, LOCATION, NULL,
1614 		    "rad_put_addr failed: %s\n",
1615 		    rad_strerror(radius_state));
1616 		return -1;
1617 	}
1618 
1619 	if (rad_put_int(radius_state, RAD_NAS_PORT, port) != 0) {
1620 		plog(LLV_ERROR, LOCATION, NULL,
1621 		    "rad_put_int failed: %s\n",
1622 		    rad_strerror(radius_state));
1623 		return -1;
1624 	}
1625 
1626 	if (rad_put_int(radius_state, RAD_NAS_PORT_TYPE, RAD_VIRTUAL) != 0) {
1627 		plog(LLV_ERROR, LOCATION, NULL,
1628 		    "rad_put_int failed: %s\n",
1629 		    rad_strerror(radius_state));
1630 		return -1;
1631 	}
1632 
1633 	if (rad_put_int(radius_state, RAD_SERVICE_TYPE, RAD_FRAMED) != 0) {
1634 		plog(LLV_ERROR, LOCATION, NULL,
1635 		    "rad_put_int failed: %s\n",
1636 		    rad_strerror(radius_state));
1637 		return -1;
1638 	}
1639 
1640 	return 0;
1641 }
1642 #endif
1643 
1644 #ifndef ANDROID_PATCHED
1645 
1646 /*
1647 	Logs the user into the utmp system files.
1648 */
1649 
1650 int
isakmp_cfg_accounting_system(port,raddr,usr,inout)1651 isakmp_cfg_accounting_system(port, raddr, usr, inout)
1652 	int port;
1653 	struct sockaddr *raddr;
1654 	char *usr;
1655 	int inout;
1656 {
1657 	int error = 0;
1658 	struct utmp ut;
1659 	char term[UT_LINESIZE];
1660 	char addr[NI_MAXHOST];
1661 
1662 	if (usr == NULL || usr[0]=='\0') {
1663 		plog(LLV_ERROR, LOCATION, NULL,
1664 			"system accounting : no login found\n");
1665 		return -1;
1666 	}
1667 
1668 	sprintf(term, TERMSPEC, port);
1669 
1670 	switch (inout) {
1671 	case ISAKMP_CFG_LOGIN:
1672 		strncpy(ut.ut_name, usr, UT_NAMESIZE);
1673 		ut.ut_name[UT_NAMESIZE - 1] = '\0';
1674 
1675 		strncpy(ut.ut_line, term, UT_LINESIZE);
1676 		ut.ut_line[UT_LINESIZE - 1] = '\0';
1677 
1678 		GETNAMEINFO_NULL(raddr, addr);
1679 		strncpy(ut.ut_host, addr, UT_HOSTSIZE);
1680 		ut.ut_host[UT_HOSTSIZE - 1] = '\0';
1681 
1682 		ut.ut_time = time(NULL);
1683 
1684 		plog(LLV_INFO, LOCATION, NULL,
1685 			"Accounting : '%s' logging on '%s' from %s.\n",
1686 			ut.ut_name, ut.ut_line, ut.ut_host);
1687 
1688 		login(&ut);
1689 
1690 		break;
1691 	case ISAKMP_CFG_LOGOUT:
1692 
1693 		plog(LLV_INFO, LOCATION, NULL,
1694 			"Accounting : '%s' unlogging from '%s'.\n",
1695 			usr, term);
1696 
1697 		logout(term);
1698 
1699 		break;
1700 	default:
1701 		plog(LLV_ERROR, LOCATION, NULL, "Unepected inout\n");
1702 		break;
1703 	}
1704 
1705 	return 0;
1706 }
1707 
1708 #endif
1709 
1710 int
isakmp_cfg_getconfig(iph1)1711 isakmp_cfg_getconfig(iph1)
1712 	struct ph1handle *iph1;
1713 {
1714 	vchar_t *buffer;
1715 	struct isakmp_pl_attr *attrpl;
1716 	struct isakmp_data *attr;
1717 	size_t len;
1718 	int error;
1719 	int attrcount;
1720 	int i;
1721 	int attrlist[] = {
1722 		INTERNAL_IP4_ADDRESS,
1723 		INTERNAL_IP4_NETMASK,
1724 		INTERNAL_IP4_DNS,
1725 		INTERNAL_IP4_NBNS,
1726 		UNITY_BANNER,
1727 		UNITY_DEF_DOMAIN,
1728 		UNITY_SPLITDNS_NAME,
1729 		UNITY_SPLIT_INCLUDE,
1730 		UNITY_LOCAL_LAN,
1731 		APPLICATION_VERSION,
1732 	};
1733 
1734 	attrcount = sizeof(attrlist) / sizeof(*attrlist);
1735 	len = sizeof(*attrpl) + sizeof(*attr) * attrcount;
1736 
1737 	if ((buffer = vmalloc(len)) == NULL) {
1738 		plog(LLV_ERROR, LOCATION, NULL, "Cannot allocate memory\n");
1739 		return -1;
1740 	}
1741 
1742 	attrpl = (struct isakmp_pl_attr *)buffer->v;
1743 	attrpl->h.len = htons(len);
1744 	attrpl->type = ISAKMP_CFG_REQUEST;
1745 	attrpl->id = htons((u_int16_t)(eay_random() & 0xffff));
1746 
1747 	attr = (struct isakmp_data *)(attrpl + 1);
1748 
1749 	for (i = 0; i < attrcount; i++) {
1750 		attr->type = htons(attrlist[i]);
1751 		attr->lorv = htons(0);
1752 		attr++;
1753 	}
1754 
1755 	plog(LLV_DEBUG, LOCATION, NULL,
1756 		    "Sending MODE_CFG REQUEST\n");
1757 
1758 	error = isakmp_cfg_send(iph1, buffer,
1759 	    ISAKMP_NPTYPE_ATTR, ISAKMP_FLAG_E, 1);
1760 
1761 	vfree(buffer);
1762 
1763 	return error;
1764 }
1765 
1766 static void
isakmp_cfg_getaddr4(attr,ip)1767 isakmp_cfg_getaddr4(attr, ip)
1768 	struct isakmp_data *attr;
1769 	struct in_addr *ip;
1770 {
1771 	size_t alen = ntohs(attr->lorv);
1772 	in_addr_t *addr;
1773 
1774 	if (alen != sizeof(*ip)) {
1775 		plog(LLV_ERROR, LOCATION, NULL, "Bad IPv4 address len\n");
1776 		return;
1777 	}
1778 
1779 	addr = (in_addr_t *)(attr + 1);
1780 	ip->s_addr = *addr;
1781 
1782 	return;
1783 }
1784 
1785 static void
isakmp_cfg_appendaddr4(attr,ip,num,max)1786 isakmp_cfg_appendaddr4(attr, ip, num, max)
1787 	struct isakmp_data *attr;
1788 	struct in_addr *ip;
1789 	int *num;
1790 	int max;
1791 {
1792 	size_t alen = ntohs(attr->lorv);
1793 	in_addr_t *addr;
1794 
1795 	if (alen != sizeof(*ip)) {
1796 		plog(LLV_ERROR, LOCATION, NULL, "Bad IPv4 address len\n");
1797 		return;
1798 	}
1799 	if (*num == max) {
1800 		plog(LLV_ERROR, LOCATION, NULL, "Too many addresses given\n");
1801 		return;
1802 	}
1803 
1804 	addr = (in_addr_t *)(attr + 1);
1805 	ip->s_addr = *addr;
1806 	(*num)++;
1807 
1808 	return;
1809 }
1810 
1811 static void
isakmp_cfg_getstring(attr,str)1812 isakmp_cfg_getstring(attr, str)
1813 	struct isakmp_data *attr;
1814 	char *str;
1815 {
1816 	size_t alen = ntohs(attr->lorv);
1817 	char *src;
1818 	src = (char *)(attr + 1);
1819 
1820 	memcpy(str, src, (alen > MAXPATHLEN ? MAXPATHLEN : alen));
1821 
1822 	return;
1823 }
1824 
1825 #define IP_MAX 40
1826 
1827 void
isakmp_cfg_iplist_to_str(dest,count,addr,withmask)1828 isakmp_cfg_iplist_to_str(dest, count, addr, withmask)
1829 	char *dest;
1830 	int count;
1831 	void *addr;
1832 	int withmask;
1833 {
1834 	int i;
1835 	int p;
1836 	int l;
1837 	struct unity_network tmp;
1838 	for(i = 0, p = 0; i < count; i++) {
1839 		if(withmask == 1)
1840 			l = sizeof(struct unity_network);
1841 		else
1842 			l = sizeof(struct in_addr);
1843 		memcpy(&tmp, addr, l);
1844 #if defined(ANDROID_CHANGES)
1845 		addr = ((uint8_t*) addr) + l;
1846 #else
1847 		addr += l;
1848 #endif
1849 		if((uint32_t)tmp.addr4.s_addr == 0)
1850 			break;
1851 
1852 		inet_ntop(AF_INET, &tmp.addr4, dest + p, IP_MAX);
1853 		p += strlen(dest + p);
1854 		if(withmask == 1) {
1855 			dest[p] = '/';
1856 			p++;
1857 			inet_ntop(AF_INET, &tmp.mask4, dest + p, IP_MAX);
1858 			p += strlen(dest + p);
1859 		}
1860 		dest[p] = ' ';
1861 		p++;
1862 	}
1863 	if(p > 0)
1864 		dest[p-1] = '\0';
1865 	else
1866 		dest[0] = '\0';
1867 }
1868 
1869 int
isakmp_cfg_setenv(iph1,envp,envc)1870 isakmp_cfg_setenv(iph1, envp, envc)
1871 	struct ph1handle *iph1;
1872 	char ***envp;
1873 	int *envc;
1874 {
1875 	char addrstr[IP_MAX];
1876 	char addrlist[IP_MAX * MAXNS + MAXNS];
1877 	char *splitlist = addrlist;
1878 	char *splitlist_cidr;
1879 	char defdom[MAXPATHLEN + 1];
1880 	int cidr, tmp;
1881 	char cidrstr[4];
1882 	int i, p;
1883 	int test;
1884 
1885 	plog(LLV_DEBUG, LOCATION, NULL, "Starting a script.\n");
1886 
1887 	/*
1888 	 * Internal IPv4 address, either if
1889 	 * we are a client or a server.
1890 	 */
1891 	if ((iph1->mode_cfg->flags & ISAKMP_CFG_GOT_ADDR4) ||
1892 #ifdef HAVE_LIBLDAP
1893 	    (iph1->mode_cfg->flags & ISAKMP_CFG_ADDR4_EXTERN) ||
1894 #endif
1895 #ifdef HAVE_LIBRADIUS
1896 	    (iph1->mode_cfg->flags & ISAKMP_CFG_ADDR4_EXTERN) ||
1897 #endif
1898 	    (iph1->mode_cfg->flags & ISAKMP_CFG_ADDR4_LOCAL)) {
1899 		inet_ntop(AF_INET, &iph1->mode_cfg->addr4,
1900 		    addrstr, IP_MAX);
1901 	} else
1902 		addrstr[0] = '\0';
1903 
1904 	if (script_env_append(envp, envc, "INTERNAL_ADDR4", addrstr) != 0) {
1905 		plog(LLV_ERROR, LOCATION, NULL, "Cannot set INTERNAL_ADDR4\n");
1906 		return -1;
1907 	}
1908 
1909 	if (iph1->mode_cfg->xauth.authdata.generic.usr != NULL) {
1910 		if (script_env_append(envp, envc, "XAUTH_USER",
1911 		    iph1->mode_cfg->xauth.authdata.generic.usr) != 0) {
1912 			plog(LLV_ERROR, LOCATION, NULL,
1913 			    "Cannot set XAUTH_USER\n");
1914 			return -1;
1915 		}
1916 	}
1917 
1918 	/* Internal IPv4 mask */
1919 	if (iph1->mode_cfg->flags & ISAKMP_CFG_GOT_MASK4)
1920 		inet_ntop(AF_INET, &iph1->mode_cfg->mask4,
1921 		    addrstr, IP_MAX);
1922 	else
1923 		addrstr[0] = '\0';
1924 
1925 	/*
1926 	 * During several releases, documentation adverised INTERNAL_NETMASK4
1927 	 * while code was using INTERNAL_MASK4. We now do both.
1928 	 */
1929 
1930 	if (script_env_append(envp, envc, "INTERNAL_MASK4", addrstr) != 0) {
1931 		plog(LLV_ERROR, LOCATION, NULL, "Cannot set INTERNAL_MASK4\n");
1932 		return -1;
1933 	}
1934 
1935 	if (script_env_append(envp, envc, "INTERNAL_NETMASK4", addrstr) != 0) {
1936 		plog(LLV_ERROR, LOCATION, NULL,
1937 		    "Cannot set INTERNAL_NETMASK4\n");
1938 		return -1;
1939 	}
1940 
1941 	tmp = ntohl(iph1->mode_cfg->mask4.s_addr);
1942 	for (cidr = 0; tmp != 0; cidr++)
1943 		tmp <<= 1;
1944 	snprintf(cidrstr, 3, "%d", cidr);
1945 
1946 	if (script_env_append(envp, envc, "INTERNAL_CIDR4", cidrstr) != 0) {
1947 		plog(LLV_ERROR, LOCATION, NULL, "Cannot set INTERNAL_CIDR4\n");
1948 		return -1;
1949 	}
1950 
1951 	/* Internal IPv4 DNS */
1952 	if (iph1->mode_cfg->flags & ISAKMP_CFG_GOT_DNS4) {
1953 		/* First Internal IPv4 DNS (for compatibilty with older code */
1954 		inet_ntop(AF_INET, &iph1->mode_cfg->dns4[0],
1955 		    addrstr, IP_MAX);
1956 
1957 		/* Internal IPv4 DNS - all */
1958 		isakmp_cfg_iplist_to_str(addrlist, iph1->mode_cfg->dns4_index,
1959 			(void *)iph1->mode_cfg->dns4, 0);
1960 	} else {
1961 		addrstr[0] = '\0';
1962 		addrlist[0] = '\0';
1963 	}
1964 
1965 	if (script_env_append(envp, envc, "INTERNAL_DNS4", addrstr) != 0) {
1966 		plog(LLV_ERROR, LOCATION, NULL, "Cannot set INTERNAL_DNS4\n");
1967 		return -1;
1968 	}
1969 	if (script_env_append(envp, envc, "INTERNAL_DNS4_LIST", addrlist) != 0) {
1970 		plog(LLV_ERROR, LOCATION, NULL,
1971 		    "Cannot set INTERNAL_DNS4_LIST\n");
1972 		return -1;
1973 	}
1974 
1975 	/* Internal IPv4 WINS */
1976 	if (iph1->mode_cfg->flags & ISAKMP_CFG_GOT_WINS4) {
1977 		/*
1978 		 * First Internal IPv4 WINS
1979 		 * (for compatibilty with older code
1980 		 */
1981 		inet_ntop(AF_INET, &iph1->mode_cfg->wins4[0],
1982 		    addrstr, IP_MAX);
1983 
1984 		/* Internal IPv4 WINS - all */
1985 		isakmp_cfg_iplist_to_str(addrlist, iph1->mode_cfg->wins4_index,
1986 			(void *)iph1->mode_cfg->wins4, 0);
1987 	} else {
1988 		addrstr[0] = '\0';
1989 		addrlist[0] = '\0';
1990 	}
1991 
1992 	if (script_env_append(envp, envc, "INTERNAL_WINS4", addrstr) != 0) {
1993 		plog(LLV_ERROR, LOCATION, NULL,
1994 		    "Cannot set INTERNAL_WINS4\n");
1995 		return -1;
1996 	}
1997 	if (script_env_append(envp, envc,
1998 	    "INTERNAL_WINS4_LIST", addrlist) != 0) {
1999 		plog(LLV_ERROR, LOCATION, NULL,
2000 		    "Cannot set INTERNAL_WINS4_LIST\n");
2001 		return -1;
2002 	}
2003 
2004 	/* Deault domain */
2005 	if(iph1->mode_cfg->flags & ISAKMP_CFG_GOT_DEFAULT_DOMAIN)
2006 		strncpy(defdom,
2007 		    iph1->mode_cfg->default_domain,
2008 		    MAXPATHLEN + 1);
2009 	else
2010 		defdom[0] = '\0';
2011 
2012 	if (script_env_append(envp, envc, "DEFAULT_DOMAIN", defdom) != 0) {
2013 		plog(LLV_ERROR, LOCATION, NULL,
2014 		    "Cannot set DEFAULT_DOMAIN\n");
2015 		return -1;
2016 	}
2017 
2018 	/* Split networks */
2019 	if (iph1->mode_cfg->flags & ISAKMP_CFG_GOT_SPLIT_INCLUDE) {
2020 		splitlist =
2021 		    splitnet_list_2str(iph1->mode_cfg->split_include, NETMASK);
2022 		splitlist_cidr =
2023 		    splitnet_list_2str(iph1->mode_cfg->split_include, CIDR);
2024 	} else {
2025 		splitlist = addrlist;
2026 		splitlist_cidr = addrlist;
2027 		addrlist[0] = '\0';
2028 	}
2029 
2030 	if (script_env_append(envp, envc, "SPLIT_INCLUDE", splitlist) != 0) {
2031 		plog(LLV_ERROR, LOCATION, NULL, "Cannot set SPLIT_INCLUDE\n");
2032 		return -1;
2033 	}
2034 	if (script_env_append(envp, envc,
2035 	    "SPLIT_INCLUDE_CIDR", splitlist_cidr) != 0) {
2036 		plog(LLV_ERROR, LOCATION, NULL,
2037 		     "Cannot set SPLIT_INCLUDE_CIDR\n");
2038 		return -1;
2039 	}
2040 	if (splitlist != addrlist)
2041 		racoon_free(splitlist);
2042 	if (splitlist_cidr != addrlist)
2043 		racoon_free(splitlist_cidr);
2044 
2045 	if (iph1->mode_cfg->flags & ISAKMP_CFG_GOT_SPLIT_LOCAL) {
2046 		splitlist =
2047 		    splitnet_list_2str(iph1->mode_cfg->split_local, NETMASK);
2048 		splitlist_cidr =
2049 		    splitnet_list_2str(iph1->mode_cfg->split_local, CIDR);
2050 	} else {
2051 		splitlist = addrlist;
2052 		splitlist_cidr = addrlist;
2053 		addrlist[0] = '\0';
2054 	}
2055 
2056 	if (script_env_append(envp, envc, "SPLIT_LOCAL", splitlist) != 0) {
2057 		plog(LLV_ERROR, LOCATION, NULL, "Cannot set SPLIT_LOCAL\n");
2058 		return -1;
2059 	}
2060 	if (script_env_append(envp, envc,
2061 	    "SPLIT_LOCAL_CIDR", splitlist_cidr) != 0) {
2062 		plog(LLV_ERROR, LOCATION, NULL,
2063 		     "Cannot set SPLIT_LOCAL_CIDR\n");
2064 		return -1;
2065 	}
2066 	if (splitlist != addrlist)
2067 		racoon_free(splitlist);
2068 	if (splitlist_cidr != addrlist)
2069 		racoon_free(splitlist_cidr);
2070 
2071 	return 0;
2072 }
2073 
2074 int
isakmp_cfg_resize_pool(size)2075 isakmp_cfg_resize_pool(size)
2076 	int size;
2077 {
2078 	struct isakmp_cfg_port *new_pool;
2079 	size_t len;
2080 	int i;
2081 
2082 	if (size == isakmp_cfg_config.pool_size)
2083 		return 0;
2084 
2085 	plog(LLV_INFO, LOCATION, NULL,
2086 	    "Resize address pool from %zu to %d\n",
2087 	    isakmp_cfg_config.pool_size, size);
2088 
2089 	/* If a pool already exists, check if we can shrink it */
2090 	if ((isakmp_cfg_config.port_pool != NULL) &&
2091 	    (size < isakmp_cfg_config.pool_size)) {
2092 		for (i = isakmp_cfg_config.pool_size-1; i >= size; --i) {
2093 			if (isakmp_cfg_config.port_pool[i].used) {
2094 				plog(LLV_ERROR, LOCATION, NULL,
2095 				    "resize pool from %zu to %d impossible "
2096 				    "port %d is in use\n",
2097 				    isakmp_cfg_config.pool_size, size, i);
2098 				size = i;
2099 				break;
2100 			}
2101 		}
2102 	}
2103 
2104 	len = size * sizeof(*isakmp_cfg_config.port_pool);
2105 	new_pool = racoon_realloc(isakmp_cfg_config.port_pool, len);
2106 	if (new_pool == NULL) {
2107 		plog(LLV_ERROR, LOCATION, NULL,
2108 		    "resize pool from %zu to %d impossible: %s",
2109 		    isakmp_cfg_config.pool_size, size, strerror(errno));
2110 		return -1;
2111 	}
2112 
2113 	/* If size increase, intialize correctly the new records */
2114 	if (size > isakmp_cfg_config.pool_size) {
2115 		size_t unit;
2116 		size_t old_size;
2117 
2118 		unit =  sizeof(*isakmp_cfg_config.port_pool);
2119 		old_size = isakmp_cfg_config.pool_size;
2120 
2121 		bzero((char *)new_pool + (old_size * unit),
2122 		    (size - old_size) * unit);
2123 	}
2124 
2125 	isakmp_cfg_config.port_pool = new_pool;
2126 	isakmp_cfg_config.pool_size = size;
2127 
2128 	return 0;
2129 }
2130 
2131 int
isakmp_cfg_init(cold)2132 isakmp_cfg_init(cold)
2133 	int cold;
2134 {
2135 	int i;
2136 	int error;
2137 
2138 	isakmp_cfg_config.network4 = (in_addr_t)0x00000000;
2139 	isakmp_cfg_config.netmask4 = (in_addr_t)0x00000000;
2140 	for (i = 0; i < MAXNS; i++)
2141 		isakmp_cfg_config.dns4[i] = (in_addr_t)0x00000000;
2142 	isakmp_cfg_config.dns4_index = 0;
2143 	for (i = 0; i < MAXWINS; i++)
2144 		isakmp_cfg_config.nbns4[i] = (in_addr_t)0x00000000;
2145 	isakmp_cfg_config.nbns4_index = 0;
2146 	if (cold == ISAKMP_CFG_INIT_COLD)
2147 		isakmp_cfg_config.port_pool = NULL;
2148 	isakmp_cfg_config.authsource = ISAKMP_CFG_AUTH_SYSTEM;
2149 	isakmp_cfg_config.groupsource = ISAKMP_CFG_GROUP_SYSTEM;
2150 	if (cold == ISAKMP_CFG_INIT_COLD) {
2151 		if (isakmp_cfg_config.grouplist != NULL) {
2152 			for (i = 0; i < isakmp_cfg_config.groupcount; i++)
2153 				racoon_free(isakmp_cfg_config.grouplist[i]);
2154 			racoon_free(isakmp_cfg_config.grouplist);
2155 		}
2156 	}
2157 	isakmp_cfg_config.grouplist = NULL;
2158 	isakmp_cfg_config.groupcount = 0;
2159 	isakmp_cfg_config.confsource = ISAKMP_CFG_CONF_LOCAL;
2160 	isakmp_cfg_config.accounting = ISAKMP_CFG_ACCT_NONE;
2161 	if (cold == ISAKMP_CFG_INIT_COLD)
2162 		isakmp_cfg_config.pool_size = 0;
2163 	isakmp_cfg_config.auth_throttle = THROTTLE_PENALTY;
2164 	strlcpy(isakmp_cfg_config.default_domain, ISAKMP_CFG_DEFAULT_DOMAIN,
2165 	    MAXPATHLEN);
2166 	strlcpy(isakmp_cfg_config.motd, ISAKMP_CFG_MOTD, MAXPATHLEN);
2167 
2168 	if (cold != ISAKMP_CFG_INIT_COLD )
2169 		if (isakmp_cfg_config.splitnet_list != NULL)
2170 			splitnet_list_free(isakmp_cfg_config.splitnet_list,
2171 				&isakmp_cfg_config.splitnet_count);
2172 	isakmp_cfg_config.splitnet_list = NULL;
2173 	isakmp_cfg_config.splitnet_count = 0;
2174 	isakmp_cfg_config.splitnet_type = 0;
2175 
2176 	isakmp_cfg_config.pfs_group = 0;
2177 	isakmp_cfg_config.save_passwd = 0;
2178 
2179 	if (cold != ISAKMP_CFG_INIT_COLD )
2180 		if (isakmp_cfg_config.splitdns_list != NULL)
2181 			racoon_free(isakmp_cfg_config.splitdns_list);
2182 	isakmp_cfg_config.splitdns_list = NULL;
2183 	isakmp_cfg_config.splitdns_len = 0;
2184 
2185 #if 0
2186 	if (cold == ISAKMP_CFG_INIT_COLD) {
2187 		if ((error = isakmp_cfg_resize_pool(ISAKMP_CFG_MAX_CNX)) != 0)
2188 			return error;
2189 	}
2190 #endif
2191 
2192 	return 0;
2193 }
2194 
2195