summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorClaudio Jeker <claudio@cvs.openbsd.org>2006-04-24 20:18:04 +0000
committerClaudio Jeker <claudio@cvs.openbsd.org>2006-04-24 20:18:04 +0000
commit28100580167e3898a45606af96841eb236ff97ce (patch)
tree94b12234ce5a299ef3d35513536efe47aacc6015
parentb073eac299215a2c87e8bd2b3d24727678ae6010 (diff)
Fix parser to match current behaviour and make auth-type et al. part of the
global and per area defaults. With this it is now possible to define one set of auth-md keys and use them in every defined interface. OK norby@
-rw-r--r--usr.sbin/ospfd/auth.c55
-rw-r--r--usr.sbin/ospfd/interface.c6
-rw-r--r--usr.sbin/ospfd/ospfd.h5
-rw-r--r--usr.sbin/ospfd/ospfe.h9
-rw-r--r--usr.sbin/ospfd/parse.y41
5 files changed, 70 insertions, 46 deletions
diff --git a/usr.sbin/ospfd/auth.c b/usr.sbin/ospfd/auth.c
index 8a1c1d88d34..02f70a54783 100644
--- a/usr.sbin/ospfd/auth.c
+++ b/usr.sbin/ospfd/auth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth.c,v 1.9 2006/03/08 15:35:07 claudio Exp $ */
+/* $OpenBSD: auth.c,v 1.10 2006/04/24 20:18:03 claudio Exp $ */
/*
* Copyright (c) 2004, 2005 Esben Norby <norby@openbsd.org>
@@ -28,6 +28,8 @@
#include "log.h"
#include "ospfe.h"
+struct auth_md *md_list_find(struct auth_md_head *, u_int8_t);
+
int
auth_validate(void *buf, u_int16_t len, struct iface *iface, struct nbr *nbr)
{
@@ -71,8 +73,8 @@ auth_validate(void *buf, u_int16_t len, struct iface *iface, struct nbr *nbr)
* (iface->auth_keyid). This allows for key rotation to new
* keys without taking down the network.
*/
- if ((md = md_list_find(iface, ospf_hdr->auth_key.crypt.keyid))
- == NULL) {
+ if ((md = md_list_find(&iface->auth_md_list,
+ ospf_hdr->auth_key.crypt.keyid)) == NULL) {
log_debug("auth_validate: keyid %d not configured, "
"interface %s", ospf_hdr->auth_key.crypt.keyid,
iface->name);
@@ -170,7 +172,8 @@ auth_gen(struct buf *buf, struct iface *iface)
iface->crypt_seq_num++;
/* insert plaintext key */
- if ((md = md_list_find(iface, iface->auth_keyid)) == NULL) {
+ if ((md = md_list_find(&iface->auth_md_list,
+ iface->auth_keyid)) == NULL) {
log_debug("auth_validate: keyid %d not configured, "
"interface %s", iface->auth_keyid, iface->name);
return (-1);
@@ -197,17 +200,11 @@ auth_gen(struct buf *buf, struct iface *iface)
/* md list */
void
-md_list_init(struct iface *iface)
+md_list_add(struct auth_md_head *head, u_int8_t keyid, char *key)
{
- TAILQ_INIT(&iface->auth_md_list);
-}
-
-void
-md_list_add(struct iface *iface, u_int8_t keyid, char *key)
-{
- struct auth_md *m, *md;
+ struct auth_md *md;
- if ((md = md_list_find(iface, keyid)) != NULL) {
+ if ((md = md_list_find(head, keyid)) != NULL) {
/* update key */
strncpy(md->key, key, sizeof(md->key));
return;
@@ -218,33 +215,43 @@ md_list_add(struct iface *iface, u_int8_t keyid, char *key)
md->keyid = keyid;
strncpy(md->key, key, sizeof(md->key));
+ TAILQ_INSERT_TAIL(head, md, entry);
+}
- TAILQ_FOREACH(m, &iface->auth_md_list, entry) {
- if (m->keyid > keyid) {
- TAILQ_INSERT_BEFORE(m, md, entry);
- return;
- }
+void
+md_list_copy(struct auth_md_head *to, struct auth_md_head *from)
+{
+ struct auth_md *m, *md;
+
+ TAILQ_INIT(to);
+
+ TAILQ_FOREACH(m, from, entry) {
+ if ((md = calloc(1, sizeof(struct auth_md))) == NULL)
+ fatalx("md_list_add");
+
+ md->keyid = m->keyid;
+ strncpy(md->key, m->key, sizeof(md->key));
+ TAILQ_INSERT_TAIL(to, md, entry);
}
- TAILQ_INSERT_TAIL(&iface->auth_md_list, md, entry);
}
void
-md_list_clr(struct iface *iface)
+md_list_clr(struct auth_md_head *head)
{
struct auth_md *m;
- while ((m = TAILQ_FIRST(&iface->auth_md_list)) != NULL) {
- TAILQ_REMOVE(&iface->auth_md_list, m, entry);
+ while ((m = TAILQ_FIRST(head)) != NULL) {
+ TAILQ_REMOVE(head, m, entry);
free(m);
}
}
struct auth_md *
-md_list_find(struct iface *iface, u_int8_t keyid)
+md_list_find(struct auth_md_head *head, u_int8_t keyid)
{
struct auth_md *m;
- TAILQ_FOREACH(m, &iface->auth_md_list, entry)
+ TAILQ_FOREACH(m, head, entry)
if (m->keyid == keyid)
return (m);
diff --git a/usr.sbin/ospfd/interface.c b/usr.sbin/ospfd/interface.c
index f3162e7aa23..f18f93246a0 100644
--- a/usr.sbin/ospfd/interface.c
+++ b/usr.sbin/ospfd/interface.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: interface.c,v 1.50 2006/04/16 11:40:54 henning Exp $ */
+/* $OpenBSD: interface.c,v 1.51 2006/04/24 20:18:03 claudio Exp $ */
/*
* Copyright (c) 2005 Claudio Jeker <claudio@openbsd.org>
@@ -162,7 +162,7 @@ if_new(struct kif *kif)
LIST_INIT(&iface->nbr_list);
TAILQ_INIT(&iface->ls_ack_list);
- md_list_init(iface);
+ TAILQ_INIT(&iface->auth_md_list);
iface->crypt_seq_num = arc4random() & 0x0fffffff;
@@ -241,7 +241,7 @@ if_del(struct iface *iface)
nbr_del(nbr);
ls_ack_list_clr(iface);
- md_list_clr(iface);
+ md_list_clr(&iface->auth_md_list);
free(iface);
}
diff --git a/usr.sbin/ospfd/ospfd.h b/usr.sbin/ospfd/ospfd.h
index a128365cd4f..d15b711a0c4 100644
--- a/usr.sbin/ospfd/ospfd.h
+++ b/usr.sbin/ospfd/ospfd.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ospfd.h,v 1.55 2006/04/20 17:04:30 claudio Exp $ */
+/* $OpenBSD: ospfd.h,v 1.56 2006/04/24 20:18:03 claudio Exp $ */
/*
* Copyright (c) 2004 Esben Norby <norby@openbsd.org>
@@ -309,6 +309,7 @@ struct auth_md {
/* lsa list used in RDE and OE */
TAILQ_HEAD(lsa_head, lsa_entry);
+TAILQ_HEAD(auth_md_head, auth_md);
struct iface {
LIST_ENTRY(iface) entry;
@@ -317,7 +318,7 @@ struct iface {
struct event lsack_tx_timer;
LIST_HEAD(, nbr) nbr_list;
- TAILQ_HEAD(, auth_md) auth_md_list;
+ struct auth_md_head auth_md_list;
struct lsa_head ls_ack_list;
char name[IF_NAMESIZE];
diff --git a/usr.sbin/ospfd/ospfe.h b/usr.sbin/ospfd/ospfe.h
index 96a072506c7..4f01ee52dd6 100644
--- a/usr.sbin/ospfd/ospfe.h
+++ b/usr.sbin/ospfd/ospfe.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ospfe.h,v 1.27 2006/03/13 09:36:06 claudio Exp $ */
+/* $OpenBSD: ospfe.h,v 1.28 2006/04/24 20:18:03 claudio Exp $ */
/*
* Copyright (c) 2004, 2005 Esben Norby <norby@openbsd.org>
@@ -97,10 +97,9 @@ struct nbr {
int auth_validate(void *buf, u_int16_t len, struct iface *,
struct nbr *);
int auth_gen(struct buf *, struct iface *);
-void md_list_init(struct iface *);
-void md_list_add(struct iface *, u_int8_t, char *);
-void md_list_clr(struct iface *);
-struct auth_md *md_list_find(struct iface *, u_int8_t);
+void md_list_add(struct auth_md_head *, u_int8_t, char *);
+void md_list_copy(struct auth_md_head *, struct auth_md_head *);
+void md_list_clr(struct auth_md_head *);
/* database.c */
int send_db_description(struct nbr *);
diff --git a/usr.sbin/ospfd/parse.y b/usr.sbin/ospfd/parse.y
index a7887687c3e..a10ba21eb02 100644
--- a/usr.sbin/ospfd/parse.y
+++ b/usr.sbin/ospfd/parse.y
@@ -1,4 +1,4 @@
-/* $OpenBSD: parse.y,v 1.28 2006/04/20 17:04:30 claudio Exp $ */
+/* $OpenBSD: parse.y,v 1.29 2006/04/24 20:18:03 claudio Exp $ */
/*
* Copyright (c) 2004, 2005 Esben Norby <norby@openbsd.org>
@@ -64,11 +64,15 @@ int check_file_secrecy(int fd, const char *fname);
u_int32_t get_rtr_id(void);
struct config_defaults {
+ char auth_key[MAX_SIMPLE_AUTH_LEN];
+ struct auth_md_head md_list;
u_int32_t dead_interval;
u_int16_t transmit_delay;
u_int16_t hello_interval;
u_int16_t rxmt_interval;
u_int16_t metric;
+ enum auth_type auth_type;
+ u_int8_t auth_keyid;
u_int8_t priority;
};
@@ -243,7 +247,7 @@ authmd : AUTHMD number STRING {
free($3);
YYERROR;
}
- md_list_add(iface, $2, $3);
+ md_list_add(&defs->md_list, $2, $3);
free($3);
}
@@ -253,7 +257,7 @@ authmdkeyid : AUTHMDKEYID number {
"(%d-%d)", MIN_MD_ID, MAX_MD_ID);
YYERROR;
}
- iface->auth_keyid = $2;
+ defs->auth_keyid = $2;
}
authtype : AUTHTYPE STRING {
@@ -271,7 +275,7 @@ authtype : AUTHTYPE STRING {
YYERROR;
}
free($2);
- iface->auth_type = type;
+ defs->auth_type = type;
}
;
@@ -282,8 +286,8 @@ authkey : AUTHKEY STRING {
free($2);
YYERROR;
}
- strncpy(iface->auth_key, $2,
- sizeof(iface->auth_key));
+ strncpy(defs->auth_key, $2,
+ sizeof(defs->auth_key));
free($2);
}
;
@@ -339,6 +343,11 @@ defaults : METRIC number {
}
defs->rxmt_interval = $2;
}
+ | authtype
+ | authkey
+ | authmdkeyid
+ | authmd
+ ;
optnl : '\n' optnl
|
@@ -358,9 +367,11 @@ area : AREA STRING {
area = conf_get_area(id);
memcpy(&areadefs, defs, sizeof(areadefs));
+ md_list_copy(&areadefs.md_list, &defs->md_list);
defs = &areadefs;
} '{' optnl areaopts_l '}' {
area = NULL;
+ md_list_clr(&defs->md_list);
defs = &globaldefs;
}
;
@@ -390,6 +401,7 @@ interface : INTERFACE STRING {
iface, entry);
memcpy(&ifacedefs, defs, sizeof(ifacedefs));
+ md_list_copy(&ifacedefs.md_list, &defs->md_list);
defs = &ifacedefs;
} interface_block {
iface->dead_interval = defs->dead_interval;
@@ -398,7 +410,12 @@ interface : INTERFACE STRING {
iface->rxmt_interval = defs->rxmt_interval;
iface->metric = defs->metric;
iface->priority = defs->priority;
-
+ iface->auth_type = defs->auth_type;
+ iface->auth_keyid = defs->auth_keyid;
+ memcpy(iface->auth_key, defs->auth_key,
+ sizeof(iface->auth_key));
+ md_list_copy(&iface->auth_md_list, &defs->md_list);
+ md_list_clr(&defs->md_list);
iface = NULL;
/* interface is always part of an area */
defs = &areadefs;
@@ -414,11 +431,7 @@ interfaceopts_l : interfaceopts_l interfaceoptsl
| interfaceoptsl
;
-interfaceoptsl : authmd nl
- | authkey nl
- | authmdkeyid nl
- | authtype nl
- | PASSIVE nl { iface->passive = 1; }
+interfaceoptsl : PASSIVE nl { iface->passive = 1; }
| defaults nl
;
@@ -690,6 +703,7 @@ parse_config(char *filename, int opts)
bzero(&globaldefs, sizeof(globaldefs));
defs = &globaldefs;
+ TAILQ_INIT(&defs->md_list);
defs->dead_interval = DEFAULT_RTR_DEAD_TIME;
defs->transmit_delay = DEFAULT_TRANSMIT_DELAY;
defs->hello_interval = DEFAULT_HELLO_INTERVAL;
@@ -737,6 +751,9 @@ parse_config(char *filename, int opts)
}
}
+ /* free global config defaults */
+ md_list_clr(&globaldefs.md_list);
+
if (errors) {
clear_config(conf);
return (NULL);