diff options
| author | Theo de Raadt <deraadt@cvs.openbsd.org> | 2004-04-15 18:39:31 +0000 |
|---|---|---|
| committer | Theo de Raadt <deraadt@cvs.openbsd.org> | 2004-04-15 18:39:31 +0000 |
| commit | b1ac98abf9e700f03d5aa5f97c06dab605d6da06 (patch) | |
| tree | c08a9624b4a539b85c5650bcf09528d13eb2d039 /sbin/isakmpd/sysdep | |
| parent | aeca45bc7d867b71e9600c7108674fae5db8ff9c (diff) | |
partial move to KNF. More to come. This has happened because there
are a raft of source code auditors who are willing to help improve this
code only if this is done, and hey, isakmpd does need our standard
auditing process. ok ho hshoexer
Diffstat (limited to 'sbin/isakmpd/sysdep')
| -rw-r--r-- | sbin/isakmpd/sysdep/openbsd/keynote_compat.c | 16 | ||||
| -rw-r--r-- | sbin/isakmpd/sysdep/openbsd/sysdep.c | 250 |
2 files changed, 129 insertions, 137 deletions
diff --git a/sbin/isakmpd/sysdep/openbsd/keynote_compat.c b/sbin/isakmpd/sysdep/openbsd/keynote_compat.c index ce3f1003fea..a4643750fed 100644 --- a/sbin/isakmpd/sysdep/openbsd/keynote_compat.c +++ b/sbin/isakmpd/sysdep/openbsd/keynote_compat.c @@ -1,4 +1,4 @@ -/* $OpenBSD: keynote_compat.c,v 1.5 2003/06/03 14:53:11 ho Exp $ */ +/* $OpenBSD: keynote_compat.c,v 1.6 2004/04/15 18:39:30 deraadt Exp $ */ /* $EOM: keynote_compat.c,v 1.1 2000/10/15 19:18:26 niklas Exp $ */ /* @@ -42,7 +42,7 @@ * in April-May 1998 * * Copyright (C) 1998, 1999 by Angelos D. Keromytis. - * + * * Permission to use, copy, and modify this software without fee * is hereby granted, provided that this entire notice is included in * all copies of any software which is or includes a copy or @@ -60,23 +60,23 @@ #include <keynote.h> extern void keynote_free_key(void *, int); -extern char *keynote_get_private_key (char *); +extern char *keynote_get_private_key(char *); /* * Exportable front-end to keynote_get_private_key(). */ char * -_kn_get_string (char *buf) +_kn_get_string(char *buf) { - return keynote_get_private_key (buf); + return keynote_get_private_key(buf); } /* * Free a key. */ void -_kn_free_key (struct keynote_deckey *dc) +_kn_free_key(struct keynote_deckey *dc) { - if (dc) - keynote_free_key (dc->dec_key, dc->dec_algorithm); + if (dc) + keynote_free_key(dc->dec_key, dc->dec_algorithm); } diff --git a/sbin/isakmpd/sysdep/openbsd/sysdep.c b/sbin/isakmpd/sysdep/openbsd/sysdep.c index 6d3b03e791e..f51393a2e34 100644 --- a/sbin/isakmpd/sysdep/openbsd/sysdep.c +++ b/sbin/isakmpd/sysdep/openbsd/sysdep.c @@ -1,5 +1,5 @@ -/* $OpenBSD: sysdep.c,v 1.25 2003/06/03 14:53:11 ho Exp $ */ -/* $EOM: sysdep.c,v 1.9 2000/12/04 04:46:35 angelos Exp $ */ +/* $OpenBSD: sysdep.c,v 1.26 2004/04/15 18:39:30 deraadt Exp $ */ +/* $EOM: sysdep.c,v 1.9 2000/12/04 04:46:35 angelos Exp $ */ /* * Copyright (c) 1998, 1999 Niklas Hallqvist. All rights reserved. @@ -55,33 +55,33 @@ #endif /* NEED_SYSDEP_APP */ #include "log.h" -extern char *__progname; +extern char *__progname; /* * An as strong as possible random number generator, reverting to a * deterministic pseudo-random one if regrand is set. */ u_int32_t -sysdep_random () +sysdep_random() { - if (!regrand) - return arc4random (); - else - return random(); + if (!regrand) + return arc4random(); + else + return random(); } /* Return the basename of the command used to invoke us. */ char * -sysdep_progname () +sysdep_progname() { - return __progname; + return __progname; } /* Return the length of the sockaddr struct. */ u_int8_t -sysdep_sa_len (struct sockaddr *sa) +sysdep_sa_len(struct sockaddr *sa) { - return sa->sa_len; + return sa->sa_len; } /* As regress/ use this file I protect the sysdep_app_* stuff like this. */ @@ -91,9 +91,9 @@ sysdep_sa_len (struct sockaddr *sa) * for communication. We return a file descriptor useable to select(2) on. */ int -sysdep_app_open () +sysdep_app_open() { - return KEY_API(open) (); + return KEY_API(open)(); } /* @@ -101,16 +101,16 @@ sysdep_app_open () * gets called. FD is the file descriptor causing the alarm. */ void -sysdep_app_handler (int fd) +sysdep_app_handler(int fd) { - KEY_API (handler) (fd); + KEY_API(handler)(fd); } /* Check that the connection named NAME is active, or else make it active. */ void -sysdep_connection_check (char *name) +sysdep_connection_check(char *name) { - KEY_API (connection_check) (name); + KEY_API(connection_check)(name); } /* @@ -118,144 +118,136 @@ sysdep_connection_check (char *name) * SRC, SRCLEN, DST & DSTLEN. Stash the SPI size in SZ. */ u_int8_t * -sysdep_ipsec_get_spi (size_t *sz, u_int8_t proto, struct sockaddr *src, - struct sockaddr *dst, u_int32_t seq) +sysdep_ipsec_get_spi(size_t *sz, u_int8_t proto, struct sockaddr *src, + struct sockaddr *dst, u_int32_t seq) { - if (app_none) - { - *sz = IPSEC_SPI_SIZE; - /* XXX should be random instead I think. */ - return (u_int8_t *)strdup ("\x12\x34\x56\x78"); - } - return KEY_API (get_spi) (sz, proto, src, dst, seq); + if (app_none) { + *sz = IPSEC_SPI_SIZE; + /* XXX should be random instead I think. */ + return (u_int8_t *)strdup("\x12\x34\x56\x78"); + } + return KEY_API(get_spi)(sz, proto, src, dst, seq); } /* Force communication on socket FD to go in the clear. */ int -sysdep_cleartext (int fd, int af) +sysdep_cleartext(int fd, int af) { - int level, sw; - struct { - int ip_proto; /* IP protocol */ - int auth_level; - int esp_trans_level; - int esp_network_level; - int ipcomp_level; - } optsw[] = - { - { - IPPROTO_IP, - IP_AUTH_LEVEL, - IP_ESP_TRANS_LEVEL, - IP_ESP_NETWORK_LEVEL, + int level, sw; + struct { + int ip_proto; /* IP protocol */ + int auth_level; + int esp_trans_level; + int esp_network_level; + int ipcomp_level; + } optsw[] = { + { + IPPROTO_IP, + IP_AUTH_LEVEL, + IP_ESP_TRANS_LEVEL, + IP_ESP_NETWORK_LEVEL, #ifdef IP_IPCOMP_LEVEL - IP_IPCOMP_LEVEL + IP_IPCOMP_LEVEL #else - 0 + 0 #endif - }, - { - IPPROTO_IPV6, - IPV6_AUTH_LEVEL, - IPV6_ESP_TRANS_LEVEL, - IPV6_ESP_NETWORK_LEVEL, + }, { + IPPROTO_IPV6, + IPV6_AUTH_LEVEL, + IPV6_ESP_TRANS_LEVEL, + IPV6_ESP_NETWORK_LEVEL, #ifdef IPV6_IPCOMP_LEVEL - IPV6_IPCOMP_LEVEL + IPV6_IPCOMP_LEVEL #else - 0 + 0 #endif - }, - }; - - if (app_none) - return 0; - - switch (af) - { - case AF_INET: - sw = 0; - break; - case AF_INET6: - sw = 1; - break; - default: - log_print ("sysdep_cleartext: unsupported protocol family %d", af); - return -1; - } - - /* - * Need to bypass system security policy, so I can send and - * receive key management datagrams in the clear. - */ - level = IPSEC_LEVEL_BYPASS; - if (monitor_setsockopt (fd, optsw[sw].ip_proto, optsw[sw].auth_level, - (char *)&level, sizeof level) == -1) - { - log_error ("sysdep_cleartext: " - "setsockopt (%d, %d, IP_AUTH_LEVEL, ...) failed", fd, - optsw[sw].ip_proto); - return -1; - } - if (monitor_setsockopt (fd, optsw[sw].ip_proto, optsw[sw].esp_trans_level, - (char *)&level, sizeof level) == -1) - { - log_error ("sysdep_cleartext: " - "setsockopt (%d, %d, IP_ESP_TRANS_LEVEL, ...) failed", fd, - optsw[sw].ip_proto); - return -1; - } - if (monitor_setsockopt (fd, optsw[sw].ip_proto, optsw[sw].esp_network_level, - (char *)&level, sizeof level) == -1) - { - log_error("sysdep_cleartext: " - "setsockopt (%d, %d, IP_ESP_NETWORK_LEVEL, ...) failed", fd, - optsw[sw].ip_proto); - return -1; - } - if (optsw[sw].ipcomp_level - && monitor_setsockopt (fd, optsw[sw].ip_proto, optsw[sw].ipcomp_level, - (char *)&level, sizeof level) == -1 - && errno != ENOPROTOOPT) - { - log_error("sysdep_cleartext: " - "setsockopt (%d, %d, IP_IPCOMP_LEVEL, ...) failed,", fd, - optsw[sw].ip_proto); - return -1; - } - return 0; + }, + }; + + if (app_none) + return 0; + + switch (af) { + case AF_INET: + sw = 0; + break; + case AF_INET6: + sw = 1; + break; + default: + log_print("sysdep_cleartext: unsupported protocol family %d", af); + return -1; + } + + /* + * Need to bypass system security policy, so I can send and + * receive key management datagrams in the clear. + */ + level = IPSEC_LEVEL_BYPASS; + if (monitor_setsockopt(fd, optsw[sw].ip_proto, optsw[sw].auth_level, + (char *) &level, sizeof level) == -1) { + log_error("sysdep_cleartext: " + "setsockopt (%d, %d, IP_AUTH_LEVEL, ...) failed", fd, + optsw[sw].ip_proto); + return -1; + } + if (monitor_setsockopt(fd, optsw[sw].ip_proto, optsw[sw].esp_trans_level, + (char *) &level, sizeof level) == -1) { + log_error("sysdep_cleartext: " + "setsockopt (%d, %d, IP_ESP_TRANS_LEVEL, ...) failed", fd, + optsw[sw].ip_proto); + return -1; + } + if (monitor_setsockopt(fd, optsw[sw].ip_proto, optsw[sw].esp_network_level, + (char *) &level, sizeof level) == -1) { + log_error("sysdep_cleartext: " + "setsockopt (%d, %d, IP_ESP_NETWORK_LEVEL, ...) failed", fd, + optsw[sw].ip_proto); + return -1; + } + if (optsw[sw].ipcomp_level && + monitor_setsockopt(fd, optsw[sw].ip_proto, optsw[sw].ipcomp_level, + (char *) &level, sizeof level) == -1 && + errno != ENOPROTOOPT) { + log_error("sysdep_cleartext: " + "setsockopt (%d, %d, IP_IPCOMP_LEVEL, ...) failed,", fd, + optsw[sw].ip_proto); + return -1; + } + return 0; } int -sysdep_ipsec_delete_spi (struct sa *sa, struct proto *proto, int incoming) +sysdep_ipsec_delete_spi(struct sa *sa, struct proto *proto, int incoming) { - if (app_none) - return 0; - return KEY_API (delete_spi) (sa, proto, incoming); + if (app_none) + return 0; + return KEY_API(delete_spi)(sa, proto, incoming); } int -sysdep_ipsec_enable_sa (struct sa *sa, struct sa *isakmp_sa) +sysdep_ipsec_enable_sa(struct sa *sa, struct sa *isakmp_sa) { - if (app_none) - return 0; - return KEY_API (enable_sa) (sa, isakmp_sa); + if (app_none) + return 0; + return KEY_API(enable_sa)(sa, isakmp_sa); } int -sysdep_ipsec_group_spis (struct sa *sa, struct proto *proto1, - struct proto *proto2, int incoming) +sysdep_ipsec_group_spis(struct sa *sa, struct proto *proto1, + struct proto *proto2, int incoming) { - if (app_none) - return 0; - return KEY_API (group_spis) (sa, proto1, proto2, incoming); + if (app_none) + return 0; + return KEY_API(group_spis)(sa, proto1, proto2, incoming); } int -sysdep_ipsec_set_spi (struct sa *sa, struct proto *proto, int incoming, - struct sa *isakmp_sa) +sysdep_ipsec_set_spi(struct sa *sa, struct proto *proto, int incoming, + struct sa *isakmp_sa) { - if (app_none) - return 0; - return KEY_API (set_spi) (sa, proto, incoming, isakmp_sa); + if (app_none) + return 0; + return KEY_API(set_spi) (sa,proto, incoming, isakmp_sa); } #endif |