diff options
author | Claudio Jeker <claudio@cvs.openbsd.org> | 2006-04-24 20:18:04 +0000 |
---|---|---|
committer | Claudio Jeker <claudio@cvs.openbsd.org> | 2006-04-24 20:18:04 +0000 |
commit | 28100580167e3898a45606af96841eb236ff97ce (patch) | |
tree | 94b12234ce5a299ef3d35513536efe47aacc6015 | |
parent | b073eac299215a2c87e8bd2b3d24727678ae6010 (diff) |
Fix parser to match current behaviour and make auth-type et al. part of the
global and per area defaults. With this it is now possible to define one
set of auth-md keys and use them in every defined interface. OK norby@
-rw-r--r-- | usr.sbin/ospfd/auth.c | 55 | ||||
-rw-r--r-- | usr.sbin/ospfd/interface.c | 6 | ||||
-rw-r--r-- | usr.sbin/ospfd/ospfd.h | 5 | ||||
-rw-r--r-- | usr.sbin/ospfd/ospfe.h | 9 | ||||
-rw-r--r-- | usr.sbin/ospfd/parse.y | 41 |
5 files changed, 70 insertions, 46 deletions
diff --git a/usr.sbin/ospfd/auth.c b/usr.sbin/ospfd/auth.c index 8a1c1d88d34..02f70a54783 100644 --- a/usr.sbin/ospfd/auth.c +++ b/usr.sbin/ospfd/auth.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth.c,v 1.9 2006/03/08 15:35:07 claudio Exp $ */ +/* $OpenBSD: auth.c,v 1.10 2006/04/24 20:18:03 claudio Exp $ */ /* * Copyright (c) 2004, 2005 Esben Norby <norby@openbsd.org> @@ -28,6 +28,8 @@ #include "log.h" #include "ospfe.h" +struct auth_md *md_list_find(struct auth_md_head *, u_int8_t); + int auth_validate(void *buf, u_int16_t len, struct iface *iface, struct nbr *nbr) { @@ -71,8 +73,8 @@ auth_validate(void *buf, u_int16_t len, struct iface *iface, struct nbr *nbr) * (iface->auth_keyid). This allows for key rotation to new * keys without taking down the network. */ - if ((md = md_list_find(iface, ospf_hdr->auth_key.crypt.keyid)) - == NULL) { + if ((md = md_list_find(&iface->auth_md_list, + ospf_hdr->auth_key.crypt.keyid)) == NULL) { log_debug("auth_validate: keyid %d not configured, " "interface %s", ospf_hdr->auth_key.crypt.keyid, iface->name); @@ -170,7 +172,8 @@ auth_gen(struct buf *buf, struct iface *iface) iface->crypt_seq_num++; /* insert plaintext key */ - if ((md = md_list_find(iface, iface->auth_keyid)) == NULL) { + if ((md = md_list_find(&iface->auth_md_list, + iface->auth_keyid)) == NULL) { log_debug("auth_validate: keyid %d not configured, " "interface %s", iface->auth_keyid, iface->name); return (-1); @@ -197,17 +200,11 @@ auth_gen(struct buf *buf, struct iface *iface) /* md list */ void -md_list_init(struct iface *iface) +md_list_add(struct auth_md_head *head, u_int8_t keyid, char *key) { - TAILQ_INIT(&iface->auth_md_list); -} - -void -md_list_add(struct iface *iface, u_int8_t keyid, char *key) -{ - struct auth_md *m, *md; + struct auth_md *md; - if ((md = md_list_find(iface, keyid)) != NULL) { + if ((md = md_list_find(head, keyid)) != NULL) { /* update key */ strncpy(md->key, key, sizeof(md->key)); return; @@ -218,33 +215,43 @@ md_list_add(struct iface *iface, u_int8_t keyid, char *key) md->keyid = keyid; strncpy(md->key, key, sizeof(md->key)); + TAILQ_INSERT_TAIL(head, md, entry); +} - TAILQ_FOREACH(m, &iface->auth_md_list, entry) { - if (m->keyid > keyid) { - TAILQ_INSERT_BEFORE(m, md, entry); - return; - } +void +md_list_copy(struct auth_md_head *to, struct auth_md_head *from) +{ + struct auth_md *m, *md; + + TAILQ_INIT(to); + + TAILQ_FOREACH(m, from, entry) { + if ((md = calloc(1, sizeof(struct auth_md))) == NULL) + fatalx("md_list_add"); + + md->keyid = m->keyid; + strncpy(md->key, m->key, sizeof(md->key)); + TAILQ_INSERT_TAIL(to, md, entry); } - TAILQ_INSERT_TAIL(&iface->auth_md_list, md, entry); } void -md_list_clr(struct iface *iface) +md_list_clr(struct auth_md_head *head) { struct auth_md *m; - while ((m = TAILQ_FIRST(&iface->auth_md_list)) != NULL) { - TAILQ_REMOVE(&iface->auth_md_list, m, entry); + while ((m = TAILQ_FIRST(head)) != NULL) { + TAILQ_REMOVE(head, m, entry); free(m); } } struct auth_md * -md_list_find(struct iface *iface, u_int8_t keyid) +md_list_find(struct auth_md_head *head, u_int8_t keyid) { struct auth_md *m; - TAILQ_FOREACH(m, &iface->auth_md_list, entry) + TAILQ_FOREACH(m, head, entry) if (m->keyid == keyid) return (m); diff --git a/usr.sbin/ospfd/interface.c b/usr.sbin/ospfd/interface.c index f3162e7aa23..f18f93246a0 100644 --- a/usr.sbin/ospfd/interface.c +++ b/usr.sbin/ospfd/interface.c @@ -1,4 +1,4 @@ -/* $OpenBSD: interface.c,v 1.50 2006/04/16 11:40:54 henning Exp $ */ +/* $OpenBSD: interface.c,v 1.51 2006/04/24 20:18:03 claudio Exp $ */ /* * Copyright (c) 2005 Claudio Jeker <claudio@openbsd.org> @@ -162,7 +162,7 @@ if_new(struct kif *kif) LIST_INIT(&iface->nbr_list); TAILQ_INIT(&iface->ls_ack_list); - md_list_init(iface); + TAILQ_INIT(&iface->auth_md_list); iface->crypt_seq_num = arc4random() & 0x0fffffff; @@ -241,7 +241,7 @@ if_del(struct iface *iface) nbr_del(nbr); ls_ack_list_clr(iface); - md_list_clr(iface); + md_list_clr(&iface->auth_md_list); free(iface); } diff --git a/usr.sbin/ospfd/ospfd.h b/usr.sbin/ospfd/ospfd.h index a128365cd4f..d15b711a0c4 100644 --- a/usr.sbin/ospfd/ospfd.h +++ b/usr.sbin/ospfd/ospfd.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ospfd.h,v 1.55 2006/04/20 17:04:30 claudio Exp $ */ +/* $OpenBSD: ospfd.h,v 1.56 2006/04/24 20:18:03 claudio Exp $ */ /* * Copyright (c) 2004 Esben Norby <norby@openbsd.org> @@ -309,6 +309,7 @@ struct auth_md { /* lsa list used in RDE and OE */ TAILQ_HEAD(lsa_head, lsa_entry); +TAILQ_HEAD(auth_md_head, auth_md); struct iface { LIST_ENTRY(iface) entry; @@ -317,7 +318,7 @@ struct iface { struct event lsack_tx_timer; LIST_HEAD(, nbr) nbr_list; - TAILQ_HEAD(, auth_md) auth_md_list; + struct auth_md_head auth_md_list; struct lsa_head ls_ack_list; char name[IF_NAMESIZE]; diff --git a/usr.sbin/ospfd/ospfe.h b/usr.sbin/ospfd/ospfe.h index 96a072506c7..4f01ee52dd6 100644 --- a/usr.sbin/ospfd/ospfe.h +++ b/usr.sbin/ospfd/ospfe.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ospfe.h,v 1.27 2006/03/13 09:36:06 claudio Exp $ */ +/* $OpenBSD: ospfe.h,v 1.28 2006/04/24 20:18:03 claudio Exp $ */ /* * Copyright (c) 2004, 2005 Esben Norby <norby@openbsd.org> @@ -97,10 +97,9 @@ struct nbr { int auth_validate(void *buf, u_int16_t len, struct iface *, struct nbr *); int auth_gen(struct buf *, struct iface *); -void md_list_init(struct iface *); -void md_list_add(struct iface *, u_int8_t, char *); -void md_list_clr(struct iface *); -struct auth_md *md_list_find(struct iface *, u_int8_t); +void md_list_add(struct auth_md_head *, u_int8_t, char *); +void md_list_copy(struct auth_md_head *, struct auth_md_head *); +void md_list_clr(struct auth_md_head *); /* database.c */ int send_db_description(struct nbr *); diff --git a/usr.sbin/ospfd/parse.y b/usr.sbin/ospfd/parse.y index a7887687c3e..a10ba21eb02 100644 --- a/usr.sbin/ospfd/parse.y +++ b/usr.sbin/ospfd/parse.y @@ -1,4 +1,4 @@ -/* $OpenBSD: parse.y,v 1.28 2006/04/20 17:04:30 claudio Exp $ */ +/* $OpenBSD: parse.y,v 1.29 2006/04/24 20:18:03 claudio Exp $ */ /* * Copyright (c) 2004, 2005 Esben Norby <norby@openbsd.org> @@ -64,11 +64,15 @@ int check_file_secrecy(int fd, const char *fname); u_int32_t get_rtr_id(void); struct config_defaults { + char auth_key[MAX_SIMPLE_AUTH_LEN]; + struct auth_md_head md_list; u_int32_t dead_interval; u_int16_t transmit_delay; u_int16_t hello_interval; u_int16_t rxmt_interval; u_int16_t metric; + enum auth_type auth_type; + u_int8_t auth_keyid; u_int8_t priority; }; @@ -243,7 +247,7 @@ authmd : AUTHMD number STRING { free($3); YYERROR; } - md_list_add(iface, $2, $3); + md_list_add(&defs->md_list, $2, $3); free($3); } @@ -253,7 +257,7 @@ authmdkeyid : AUTHMDKEYID number { "(%d-%d)", MIN_MD_ID, MAX_MD_ID); YYERROR; } - iface->auth_keyid = $2; + defs->auth_keyid = $2; } authtype : AUTHTYPE STRING { @@ -271,7 +275,7 @@ authtype : AUTHTYPE STRING { YYERROR; } free($2); - iface->auth_type = type; + defs->auth_type = type; } ; @@ -282,8 +286,8 @@ authkey : AUTHKEY STRING { free($2); YYERROR; } - strncpy(iface->auth_key, $2, - sizeof(iface->auth_key)); + strncpy(defs->auth_key, $2, + sizeof(defs->auth_key)); free($2); } ; @@ -339,6 +343,11 @@ defaults : METRIC number { } defs->rxmt_interval = $2; } + | authtype + | authkey + | authmdkeyid + | authmd + ; optnl : '\n' optnl | @@ -358,9 +367,11 @@ area : AREA STRING { area = conf_get_area(id); memcpy(&areadefs, defs, sizeof(areadefs)); + md_list_copy(&areadefs.md_list, &defs->md_list); defs = &areadefs; } '{' optnl areaopts_l '}' { area = NULL; + md_list_clr(&defs->md_list); defs = &globaldefs; } ; @@ -390,6 +401,7 @@ interface : INTERFACE STRING { iface, entry); memcpy(&ifacedefs, defs, sizeof(ifacedefs)); + md_list_copy(&ifacedefs.md_list, &defs->md_list); defs = &ifacedefs; } interface_block { iface->dead_interval = defs->dead_interval; @@ -398,7 +410,12 @@ interface : INTERFACE STRING { iface->rxmt_interval = defs->rxmt_interval; iface->metric = defs->metric; iface->priority = defs->priority; - + iface->auth_type = defs->auth_type; + iface->auth_keyid = defs->auth_keyid; + memcpy(iface->auth_key, defs->auth_key, + sizeof(iface->auth_key)); + md_list_copy(&iface->auth_md_list, &defs->md_list); + md_list_clr(&defs->md_list); iface = NULL; /* interface is always part of an area */ defs = &areadefs; @@ -414,11 +431,7 @@ interfaceopts_l : interfaceopts_l interfaceoptsl | interfaceoptsl ; -interfaceoptsl : authmd nl - | authkey nl - | authmdkeyid nl - | authtype nl - | PASSIVE nl { iface->passive = 1; } +interfaceoptsl : PASSIVE nl { iface->passive = 1; } | defaults nl ; @@ -690,6 +703,7 @@ parse_config(char *filename, int opts) bzero(&globaldefs, sizeof(globaldefs)); defs = &globaldefs; + TAILQ_INIT(&defs->md_list); defs->dead_interval = DEFAULT_RTR_DEAD_TIME; defs->transmit_delay = DEFAULT_TRANSMIT_DELAY; defs->hello_interval = DEFAULT_HELLO_INTERVAL; @@ -737,6 +751,9 @@ parse_config(char *filename, int opts) } } + /* free global config defaults */ + md_list_clr(&globaldefs.md_list); + if (errors) { clear_config(conf); return (NULL); |