diff options
author | Theo de Raadt <deraadt@cvs.openbsd.org> | 2005-04-04 19:31:12 +0000 |
---|---|---|
committer | Theo de Raadt <deraadt@cvs.openbsd.org> | 2005-04-04 19:31:12 +0000 |
commit | 951e7f7220700caf006252bb33e657350546ecc9 (patch) | |
tree | 5b6aae228d1ad71f164276367d05609a00c4d3a4 /sbin/isakmpd | |
parent | 30fc5c7ac6ab1ad281eba61de637bc714773d1a1 (diff) |
spacing; ok cloder
Diffstat (limited to 'sbin/isakmpd')
-rw-r--r-- | sbin/isakmpd/conf.c | 6 | ||||
-rw-r--r-- | sbin/isakmpd/connection.c | 6 | ||||
-rw-r--r-- | sbin/isakmpd/dnssec.c | 4 | ||||
-rw-r--r-- | sbin/isakmpd/dpd.c | 16 | ||||
-rw-r--r-- | sbin/isakmpd/exchange.c | 48 | ||||
-rw-r--r-- | sbin/isakmpd/if.c | 6 | ||||
-rw-r--r-- | sbin/isakmpd/ike_phase_1.c | 6 | ||||
-rw-r--r-- | sbin/isakmpd/ike_quick_mode.c | 109 | ||||
-rw-r--r-- | sbin/isakmpd/ipsec.c | 56 | ||||
-rw-r--r-- | sbin/isakmpd/isakmp_cfg.c | 4 | ||||
-rw-r--r-- | sbin/isakmpd/isakmpd.c | 16 | ||||
-rw-r--r-- | sbin/isakmpd/log.c | 4 | ||||
-rw-r--r-- | sbin/isakmpd/math_2n.c | 4 | ||||
-rw-r--r-- | sbin/isakmpd/message.c | 34 | ||||
-rw-r--r-- | sbin/isakmpd/monitor.c | 14 | ||||
-rw-r--r-- | sbin/isakmpd/nat_traversal.c | 10 | ||||
-rw-r--r-- | sbin/isakmpd/pf_key_v2.c | 49 | ||||
-rw-r--r-- | sbin/isakmpd/policy.c | 72 | ||||
-rw-r--r-- | sbin/isakmpd/sa.c | 17 | ||||
-rw-r--r-- | sbin/isakmpd/sa.h | 4 | ||||
-rw-r--r-- | sbin/isakmpd/transport.c | 29 | ||||
-rw-r--r-- | sbin/isakmpd/udp.c | 11 | ||||
-rw-r--r-- | sbin/isakmpd/udp_encap.c | 4 | ||||
-rw-r--r-- | sbin/isakmpd/ui.c | 5 | ||||
-rw-r--r-- | sbin/isakmpd/util.c | 19 | ||||
-rw-r--r-- | sbin/isakmpd/virtual.c | 5 |
26 files changed, 263 insertions, 295 deletions
diff --git a/sbin/isakmpd/conf.c b/sbin/isakmpd/conf.c index d74f993f524..93f4f2278a8 100644 --- a/sbin/isakmpd/conf.c +++ b/sbin/isakmpd/conf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: conf.c,v 1.76 2005/03/15 20:33:07 moritz Exp $ */ +/* $OpenBSD: conf.c,v 1.77 2005/04/04 19:31:11 deraadt Exp $ */ /* $EOM: conf.c,v 1.48 2000/12/04 02:04:29 angelos Exp $ */ /* @@ -693,8 +693,8 @@ conf_get_str(char *section, char *tag) return cb->value; } LOG_DBG((LOG_MISC, 95, - "conf_get_str: configuration value not found [%s]:%s", section, - tag)); + "conf_get_str: configuration value not found [%s]:%s", section, + tag)); return 0; } diff --git a/sbin/isakmpd/connection.c b/sbin/isakmpd/connection.c index 94373ad25bc..9a0dad325e2 100644 --- a/sbin/isakmpd/connection.c +++ b/sbin/isakmpd/connection.c @@ -1,4 +1,4 @@ -/* $OpenBSD: connection.c,v 1.29 2004/06/14 09:55:41 ho Exp $ */ +/* $OpenBSD: connection.c,v 1.30 2005/04/04 19:31:11 deraadt Exp $ */ /* $EOM: connection.c,v 1.28 2000/11/23 12:21:18 niklas Exp $ */ /* @@ -110,7 +110,7 @@ connection_init(void) * XXX This code (i.e. the attribute lookup) seems * like a likely candidate for factoring out into a * function of its own. - */ + */ attrs = conf_get_list(conn->field, "Flags"); if (attrs) for (attr = TAILQ_FIRST(&attrs->fields); attr; @@ -220,7 +220,7 @@ connection_passive_lookup_by_ids(u_int8_t *id1, u_int8_t *id2) /* * If both IDs match what we have saved, return the name. * Don't bother in which order they are. - */ + */ if ((compare_ids(id1, conn->local_id, conn->local_sz) == 0 && compare_ids(id2, conn->remote_id, conn->remote_sz) == 0) || (compare_ids(id1, conn->remote_id, conn->remote_sz) == 0 && diff --git a/sbin/isakmpd/dnssec.c b/sbin/isakmpd/dnssec.c index 95b721028ac..7b2a7c1c332 100644 --- a/sbin/isakmpd/dnssec.c +++ b/sbin/isakmpd/dnssec.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dnssec.c,v 1.21 2005/02/27 13:12:12 hshoexer Exp $ */ +/* $OpenBSD: dnssec.c,v 1.22 2005/04/04 19:31:11 deraadt Exp $ */ /* * Copyright (c) 2001 Håkan Olsson. All rights reserved. @@ -136,7 +136,7 @@ dns_get_key(int type, struct message *msg, int *keylen) /* * Some special handling here. We want to convert the ID * 'user@host.domain' string into 'user._ipsec.host.domain.'. - */ + */ if ((id_len + sizeof(DNS_UFQDN_SEPARATOR)) >= sizeof name) return 0; /* Look for the '@' separator. */ diff --git a/sbin/isakmpd/dpd.c b/sbin/isakmpd/dpd.c index 56b09d335d1..9b646822d7c 100644 --- a/sbin/isakmpd/dpd.c +++ b/sbin/isakmpd/dpd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dpd.c,v 1.9 2005/02/24 16:16:46 markus Exp $ */ +/* $OpenBSD: dpd.c,v 1.10 2005/04/04 19:31:11 deraadt Exp $ */ /* * Copyright (c) 2004 Håkan Olsson. All rights reserved. @@ -131,11 +131,10 @@ dpd_check_vendor_payload(struct message *msg, struct payload *p) } p->flags |= PL_MARK; } - return; } /* - * All incoming DPD Notify messages enter here. Message has been validated. + * All incoming DPD Notify messages enter here. Message has been validated. */ void dpd_handle_notify(struct message *msg, struct payload *p) @@ -233,7 +232,7 @@ dpd_timer_reset(struct sa *sa, u_int32_t time_passed, enum dpd_tstate mode) default: break; } - if (!sa->dpd_event) + if (!sa->dpd_event) log_print("dpd_timer_reset: timer_add_event failed"); } @@ -257,7 +256,7 @@ struct dpd_args { /* Helper function for dpd_event(). */ static int -dpd_check_time(struct sa *sa, void *v_arg) +dpd_check_time(struct sa *sa, void *v_arg) { struct dpd_args *args = v_arg; struct sockaddr *dst; @@ -289,10 +288,9 @@ dpd_check_time(struct sa *sa, void *v_arg) args->interval = (u_int32_t)(tv.tv_sec - ksa->last_used); return 1; } - return 0; } - + /* Called by the timer. */ static void dpd_event(void *v_sa) @@ -365,8 +363,8 @@ dpd_check_event(void *v_sa) dpd_timer_reset(isakmp_sa, 0, DPD_TIMER_CHECK); return; } - - /* + + /* * Peer is considered dead. Delete all SAs created under isakmp_sa. */ LOG_DBG((LOG_MESSAGE, 10, "dpd_check_event: peer is dead, " diff --git a/sbin/isakmpd/exchange.c b/sbin/isakmpd/exchange.c index a5298e37ca2..3749c1d72a3 100644 --- a/sbin/isakmpd/exchange.c +++ b/sbin/isakmpd/exchange.c @@ -1,4 +1,4 @@ -/* $OpenBSD: exchange.c,v 1.111 2005/03/10 17:19:08 cloder Exp $ */ +/* $OpenBSD: exchange.c,v 1.112 2005/04/04 19:31:11 deraadt Exp $ */ /* $EOM: exchange.c,v 1.143 2000/12/04 00:02:25 angelos Exp $ */ /* @@ -190,7 +190,7 @@ exchange_script(struct exchange *exchange) return script_transaction; #endif default: - if (exchange->type >= ISAKMP_EXCH_DOI_MIN + if (exchange->type >= ISAKMP_EXCH_DOI_MIN #if 0 /* always true; silence GCC3 warning */ && exchange->type <= ISAKMP_EXCH_DOI_MAX #endif @@ -259,7 +259,7 @@ exchange_handle_leftover_payloads(struct message *msg) i == ISAKMP_PAYLOAD_TRANSFORM) continue; for (p = payload_first(msg, i); p; - p = TAILQ_NEXT(p, link)) { + p = TAILQ_NEXT(p, link)) { if (p->flags & PL_MARK) continue; if (!doi->handle_leftover_payload || @@ -289,9 +289,9 @@ exchange_run(struct message *msg) while (!done) { /* - * It's our turn if we're either the initiator on an even step, - * or the responder on an odd step of the dialogue. - */ + * It's our turn if we're either the initiator on an even step, + * or the responder on an odd step of the dialogue. + */ if (exchange->initiator ^ (exchange->step % 2)) { done = 1; if (exchange->step) @@ -308,7 +308,7 @@ exchange_run(struct message *msg) * the SA at his side so we need to do that * too, i.e. implement automatic SA teardown * after a certain amount of inactivity. - */ + */ log_print("exchange_run: doi->%s (%p) failed", exchange->initiator ? "initiator" : "responder", msg); @@ -323,7 +323,7 @@ exchange_run(struct message *msg) * than "on-demand", i.e. if we see * retransmits of the last message of the peer * later. - */ + */ msg->flags |= MSG_LAST; if (exchange->step > 0) { if (exchange->last_sent) @@ -336,7 +336,7 @@ exchange_run(struct message *msg) * finalization, like telling our application * the SA is ready to be used, or issuing a * CONNECTED notify if we set the COMMIT bit. - */ + */ message_register_post_send(msg, exchange_finalize); @@ -362,17 +362,17 @@ exchange_run(struct message *msg) /* Feed the message to the DOI. */ if (handler(msg)) { /* - * Trust the peer to retransmit. + * Trust the peer to retransmit. * XXX We have to implement SA aging * with automatic teardown. - */ + */ message_free(msg); return; } /* * Go over the yet unhandled payloads and feed * them to DOI for handling. - */ + */ exchange_handle_leftover_payloads(msg); /* @@ -380,7 +380,7 @@ exchange_run(struct message *msg) * been processing an incoming message, record * that message as the one to do duplication * tests against. - */ + */ if (exchange->last_received) message_free(exchange->last_received); exchange->last_received = msg; @@ -460,7 +460,7 @@ exchange_lookup_from_icookie(u_int8_t *cookie) for (i = 0; i <= bucket_mask; i++) for (exchange = LIST_FIRST(&exchange_tab[i]); exchange; - exchange = LIST_NEXT(exchange, link)) + exchange = LIST_NEXT(exchange, link)) if (memcmp(exchange->cookies, cookie, ISAKMP_HDR_ICOOKIE_LEN) == 0 && exchange->phase == 1) @@ -481,7 +481,7 @@ exchange_lookup_by_name(char *name, int phase) for (i = 0; i <= bucket_mask; i++) for (exchange = LIST_FIRST(&exchange_tab[i]); exchange; - exchange = LIST_NEXT(exchange, link)) { + exchange = LIST_NEXT(exchange, link)) { LOG_DBG((LOG_EXCHANGE, 90, "exchange_lookup_by_name: %s == %s && %d == %d?", name, exchange->name ? exchange->name : @@ -596,7 +596,7 @@ exchange_lookup(u_int8_t *msg, int phase2) exchange->message_id, ISAKMP_HDR_MESSAGE_ID_LEN) != 0) || (!phase2 && !zero_test(msg + ISAKMP_HDR_MESSAGE_ID_OFF, ISAKMP_HDR_MESSAGE_ID_LEN))); - exchange = LIST_NEXT(exchange, link)) + exchange = LIST_NEXT(exchange, link)) ; return exchange; @@ -859,7 +859,7 @@ exchange_establish_p1(struct transport *t, u_int8_t type, u_int32_t doi, * Don't install a transport into this SA as it will be an * INADDR_ANY address in the local end, which is not good at * all. Let the reply packet install the transport instead. - */ + */ sa_create(exchange, 0); msg->isakmp_sa = TAILQ_FIRST(&exchange->sa_list); if (!msg->isakmp_sa) { @@ -1011,8 +1011,8 @@ exchange_setup_p1(struct message *msg, u_int32_t doi) type = GET_ISAKMP_HDR_EXCH_TYPE(msg->iov[0].iov_base); if (type != ISAKMP_EXCH_INFO) { /* - * Find out our inbound phase 1 mode. - */ + * Find out our inbound phase 1 mode. + */ t->vtbl->get_dst(t, &dst); if (sockaddr2text(dst, &str, 0) == -1) return 0; @@ -1024,7 +1024,7 @@ exchange_setup_p1(struct message *msg, u_int32_t doi) * returning the call. However, we will need to * continue responding if our phase 1 exchange is * still waiting for step 1 (i.e still half-open). - */ + */ if (exchange_lookup_active(name, 1)) return 0; } else { @@ -1092,7 +1092,7 @@ exchange_setup_p1(struct message *msg, u_int32_t doi) #ifdef USE_ISAKMP_CFG if (name && (flags = conf_get_list(name, "Flags")) != NULL) { for (flag = TAILQ_FIRST(&flags->fields); flag; - flag = TAILQ_NEXT(flag, link)) + flag = TAILQ_NEXT(flag, link)) if (strcasecmp(flag->field, "ikecfg") == 0) { struct exchange_finalization_node *node; @@ -1539,7 +1539,7 @@ exchange_nonce(struct exchange *exchange, int peer, size_t nonce_sz, if (nonce_sz < 8 || nonce_sz > 256) { /* - * RFC2409, ch 5: The length of nonce payload MUST be + * RFC2409, ch 5: The length of nonce payload MUST be * between 8 and 256 bytes inclusive. * XXX I'm assuming the generic payload header is not included. */ @@ -1786,7 +1786,7 @@ exchange_establish(char *name, void (*finalize)(struct exchange *, void *, * be application-specific information that won't get * cleaned up, since no error signalling will be done. * This is the case with dynamic SAs and PFKEY. - */ + */ exchange_establish(peer, exchange_establish_finalize, name); exchange = exchange_lookup_by_name(peer, 1); @@ -1794,7 +1794,7 @@ exchange_establish(char *name, void (*finalize)(struct exchange *, void *, * If the exchange was correctly initialized, add the * original finalization routine; otherwise, call it * directly. - */ + */ if (exchange) exchange_add_finalization(exchange, finalize, arg); diff --git a/sbin/isakmpd/if.c b/sbin/isakmpd/if.c index b9cf927478a..a54b60a4c77 100644 --- a/sbin/isakmpd/if.c +++ b/sbin/isakmpd/if.c @@ -1,4 +1,4 @@ -/* $OpenBSD: if.c,v 1.22 2004/06/14 09:55:41 ho Exp $ */ +/* $OpenBSD: if.c,v 1.23 2005/04/04 19:31:11 deraadt Exp $ */ /* $EOM: if.c,v 1.12 1999/10/01 13:45:20 niklas Exp $ */ /* @@ -77,7 +77,7 @@ siocgifconf(struct ifconf *ifcp) /* * Allocate a larger buffer each time around the loop and get * the network interfaces configurations into it. - */ + */ new_buf = realloc(buf, len); if (!new_buf) { log_error("siocgifconf: realloc (%p, %d) failed", buf, @@ -96,7 +96,7 @@ siocgifconf(struct ifconf *ifcp) * If there is place for another ifreq we can be sure that the * buffer was big enough, otherwise double the size and try * again. - */ + */ if (len - ifcp->ifc_len >= sizeof(struct ifreq)) break; len *= 2; diff --git a/sbin/isakmpd/ike_phase_1.c b/sbin/isakmpd/ike_phase_1.c index e430ee5744d..cf2fd1440c2 100644 --- a/sbin/isakmpd/ike_phase_1.c +++ b/sbin/isakmpd/ike_phase_1.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ike_phase_1.c,v 1.58 2005/01/29 17:07:55 hshoexer Exp $ */ +/* $OpenBSD: ike_phase_1.c,v 1.59 2005/04/04 19:31:11 deraadt Exp $ */ /* $EOM: ike_phase_1.c,v 1.31 2000/12/11 23:47:56 niklas Exp $ */ /* @@ -734,7 +734,7 @@ ike_phase_1_post_exchange_KE_NONCE(struct message *msg) prf->Final(key, prf->prfctx); for (len = prf->blocksize, p = key; len < exchange->key_length; - len += prf->blocksize, p += prf->blocksize) { + len += prf->blocksize, p += prf->blocksize) { prf->Init(prf->prfctx); prf->Update(prf->prfctx, p, prf->blocksize); prf->Final(p + prf->blocksize, prf->prfctx); @@ -1199,7 +1199,7 @@ ike_phase_1_validate_prop(struct exchange *exchange, struct sa *sa, * we have, they do not provide? */ for (node = LIST_FIRST(&vs.attrs); - node; node = next_node) { + node; node = next_node) { next_node = LIST_NEXT(node, link); if (node->type == diff --git a/sbin/isakmpd/ike_quick_mode.c b/sbin/isakmpd/ike_quick_mode.c index 3d719a6d69c..a40a54cb949 100644 --- a/sbin/isakmpd/ike_quick_mode.c +++ b/sbin/isakmpd/ike_quick_mode.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ike_quick_mode.c,v 1.90 2005/03/22 12:43:39 hshoexer Exp $ */ +/* $OpenBSD: ike_quick_mode.c,v 1.91 2005/04/04 19:31:11 deraadt Exp $ */ /* $EOM: ike_quick_mode.c,v 1.139 2001/01/26 10:43:17 niklas Exp $ */ /* @@ -168,7 +168,7 @@ check_policy(struct exchange *exchange, struct sa *sa, struct sa *isakmp_sa) /* * For shared keys, just duplicate the passphrase with the * appropriate prefix tag. - */ + */ nprinc = 3; principal = calloc(nprinc, sizeof *principal); if (!principal) { @@ -609,12 +609,11 @@ initiator_send_HASH_SA_NONCE(struct message *msg) /* * Life durations are special, we should be * able to specify several, one per type. - */ + */ life_conf = conf_get_list(xf->field, "Life"); if (life_conf) { for (life = TAILQ_FIRST(&life_conf->fields); - life; - life = TAILQ_NEXT(life, link)) { + life; life = TAILQ_NEXT(life, link)) { attribute_set_constant( life->field, "LIFE_TYPE", ipsec_duration_cst, @@ -650,7 +649,7 @@ initiator_send_HASH_SA_NONCE(struct message *msg) } attribute_set_constant(xf->field, "ENCAPSULATION_MODE", ipsec_encap_cst, - IPSEC_ATTR_ENCAPSULATION_MODE, &attr); + IPSEC_ATTR_ENCAPSULATION_MODE, &attr); if (proto_id != IPSEC_PROTO_IPCOMP) { attribute_set_constant(xf->field, @@ -714,7 +713,7 @@ initiator_send_HASH_SA_NONCE(struct message *msg) * description is specified, it is * specified for all transforms * equally. - */ + */ attr = (u_int8_t *)conf_get_str(xf->field, "GROUP_DESCRIPTION"); @@ -736,7 +735,7 @@ initiator_send_HASH_SA_NONCE(struct message *msg) /* * Get SPI from application. * XXX Should we care about unknown constants? - */ + */ protocol_num = constant_value(ipsec_proto_cst, protocol_id); spi = doi->get_spi(&spi_sz, protocol_num, msg); @@ -855,8 +854,8 @@ initiator_send_HASH_SA_NONCE(struct message *msg) saved_nextp_prop = msg->nextp; for (xf_no = 0; xf_no < transform_cnt[i]; xf_no++) { if (message_add_payload(msg, ISAKMP_PAYLOAD_TRANSFORM, - transform[i][xf_no], - transform_len[i][xf_no], update_nextp)) + transform[i][xf_no], + transform_len[i][xf_no], update_nextp)) goto bail_out; update_nextp = 1; transform[i][xf_no] = 0; @@ -959,7 +958,7 @@ initiator_send_HASH_SA_NONCE(struct message *msg) return -1; } memcpy(id + ISAKMP_ID_DATA_OFF, sockaddr_addrdata(src), - sockaddr_addrlen(src)); + sockaddr_addrlen(src)); LOG_DBG_BUF((LOG_NEGOTIATION, 90, "initiator_send_HASH_SA_NONCE: IDic", id, sz)); @@ -1002,7 +1001,7 @@ bail_out: free(proposal[i]); if (transform[i]) { for (xf_no = 0; xf_no < transform_cnt[i]; - xf_no++) + xf_no++) if (transform[i][xf_no]) free(transform[i][xf_no]); free(transform[i]); @@ -1150,9 +1149,9 @@ initiator_recv_HASH_SA_NONCE(struct message *msg) * peers, without any constraints on the protocol or port * numbers allowed, unless client identifiers are specified * in Quick Mode. - * + * * -- Michael Paddon (mwp@aba.net.au) - */ + */ ie->flags = IPSEC_EXCH_FLAG_NO_ID; @@ -1209,19 +1208,19 @@ initiator_recv_HASH_SA_NONCE(struct message *msg) return -1; } memcpy(ie->id_ci + ISAKMP_ID_DATA_OFF, sockaddr_addrdata(src), - sockaddr_addrlen(src)); + sockaddr_addrlen(src)); memcpy(ie->id_cr + ISAKMP_ID_DATA_OFF, sockaddr_addrdata(dst), - sockaddr_addrlen(dst)); + sockaddr_addrlen(dst)); } /* Build the protection suite in our SA. */ for (xf = payload_first(msg, ISAKMP_PAYLOAD_TRANSFORM); xf; - xf = TAILQ_NEXT(xf, link)) { + xf = TAILQ_NEXT(xf, link)) { /* * XXX We could check that the proposal each transform * belongs to is unique. - */ + */ if (sa_add_transform(sa, xf, exchange->initiator, &proto)) return -1; @@ -1285,7 +1284,7 @@ initiator_send_HASH(struct message *msg) buf = malloc(ISAKMP_HASH_SZ + hash->hashsize); if (!buf) { log_error("initiator_send_HASH: malloc (%lu) failed", - ISAKMP_HASH_SZ + (unsigned long)hash->hashsize); + ISAKMP_HASH_SZ + (unsigned long)hash->hashsize); return -1; } if (message_add_payload(msg, ISAKMP_PAYLOAD_HASH, buf, @@ -1295,7 +1294,7 @@ initiator_send_HASH(struct message *msg) } /* Allocate the prf and start calculating our HASH(3). XXX Share? */ LOG_DBG_BUF((LOG_NEGOTIATION, 90, "initiator_send_HASH: SKEYID_a", - isa->skeyid_a, isa->skeyid_len)); + isa->skeyid_a, isa->skeyid_len)); prf = prf_alloc(isa->prf_type, isa->hash, isa->skeyid_a, isa->skeyid_len); if (!prf) @@ -1344,9 +1343,9 @@ post_quick_mode(struct message *msg) * per protocol. */ for (sa = TAILQ_FIRST(&exchange->sa_list); sa; - sa = TAILQ_NEXT(sa, next)) { + sa = TAILQ_NEXT(sa, next)) { for (proto = TAILQ_FIRST(&sa->protos); proto; - proto = TAILQ_NEXT(proto, link)) { + proto = TAILQ_NEXT(proto, link)) { if (proto->proto == IPSEC_PROTO_IPCOMP) continue; @@ -1355,7 +1354,7 @@ post_quick_mode(struct message *msg) /* * There are two SAs for each SA negotiation, * incoming and outcoing. - */ + */ for (i = 0; i < 2; i++) { prf = prf_alloc(isa->prf_type, isa->hash, isa->skeyid_d, isa->skeyid_len); @@ -1370,7 +1369,7 @@ post_quick_mode(struct message *msg) * material buffer to a multiple of the PRF's * blocksize as it is generated in chunks of * that blocksize. - */ + */ iproto->keymat[i] = malloc(((ie->keymat_len + prf->blocksize - 1) / prf->blocksize) * prf->blocksize); @@ -1386,7 +1385,7 @@ post_quick_mode(struct message *msg) } for (keymat = iproto->keymat[i]; keymat < iproto->keymat[i] + ie->keymat_len; - keymat += prf->blocksize) { + keymat += prf->blocksize) { prf->Init(prf->prfctx); if (keymat != iproto->keymat[i]) { @@ -1491,7 +1490,7 @@ responder_recv_HASH_SA_NONCE(struct message *msg) my_hash = malloc(hash_len - ISAKMP_GEN_SZ); if (!my_hash) { log_error("responder_recv_HASH_SA_NONCE: malloc (%lu) failed", - (unsigned long)hash_len - ISAKMP_GEN_SZ); + (unsigned long)hash_len - ISAKMP_GEN_SZ); goto cleanup; } /* @@ -1506,21 +1505,21 @@ responder_recv_HASH_SA_NONCE(struct message *msg) goto cleanup; prf->Init(prf->prfctx); LOG_DBG_BUF((LOG_NEGOTIATION, 90, - "responder_recv_HASH_SA_NONCE: message_id", - exchange->message_id, ISAKMP_HDR_MESSAGE_ID_LEN)); + "responder_recv_HASH_SA_NONCE: message_id", + exchange->message_id, ISAKMP_HDR_MESSAGE_ID_LEN)); prf->Update(prf->prfctx, exchange->message_id, ISAKMP_HDR_MESSAGE_ID_LEN); LOG_DBG_BUF((LOG_NEGOTIATION, 90, - "responder_recv_HASH_SA_NONCE: message after HASH", - hash + hash_len, - msg->iov[0].iov_len - ISAKMP_HDR_SZ - hash_len)); + "responder_recv_HASH_SA_NONCE: message after HASH", + hash + hash_len, + msg->iov[0].iov_len - ISAKMP_HDR_SZ - hash_len)); prf->Update(prf->prfctx, hash + hash_len, - msg->iov[0].iov_len - ISAKMP_HDR_SZ - hash_len); + msg->iov[0].iov_len - ISAKMP_HDR_SZ - hash_len); prf->Final(my_hash, prf->prfctx); prf_free(prf); LOG_DBG_BUF((LOG_NEGOTIATION, 90, - "responder_recv_HASH_SA_NONCE: computed HASH(1)", my_hash, - hash_len - ISAKMP_GEN_SZ)); + "responder_recv_HASH_SA_NONCE: computed HASH(1)", my_hash, + hash_len - ISAKMP_GEN_SZ)); if (memcmp(hash + ISAKMP_GEN_SZ, my_hash, hash_len - ISAKMP_GEN_SZ) != 0) { message_drop(msg, ISAKMP_NOTIFY_INVALID_HASH_INFORMATION, 0, @@ -1584,9 +1583,9 @@ responder_recv_HASH_SA_NONCE(struct message *msg) * peers, without any constraints on the protocol or port * numbers allowed, unless client identifiers are specified * in Quick Mode. - * + * * -- Michael Paddon (mwp@aba.net.au) - */ + */ ie->flags = IPSEC_EXCH_FLAG_NO_ID; @@ -1628,9 +1627,9 @@ responder_recv_HASH_SA_NONCE(struct message *msg) } memcpy(ie->id_cr + ISAKMP_ID_DATA_OFF, sockaddr_addrdata(src), - sockaddr_addrlen(src)); + sockaddr_addrlen(src)); memcpy(ie->id_ci + ISAKMP_ID_DATA_OFF, sockaddr_addrdata(dst), - sockaddr_addrlen(dst)); + sockaddr_addrlen(dst)); } #ifdef USE_POLICY @@ -1647,9 +1646,9 @@ responder_recv_HASH_SA_NONCE(struct message *msg) #endif /* USE_POLICY */ for (sa = TAILQ_FIRST(&exchange->sa_list); sa; - sa = TAILQ_NEXT(sa, next)) { + sa = TAILQ_NEXT(sa, next)) { for (proto = TAILQ_FIRST(&sa->protos); proto; - proto = TAILQ_NEXT(proto, link)) { + proto = TAILQ_NEXT(proto, link)) { /* * XXX we need to have some attributes per proto, not * all per SA. @@ -1708,7 +1707,7 @@ next_sa: * description we should notify our peer, but this * should probably be done by the attribute * validation. Is it? - */ + */ goto cleanup; } } @@ -1746,9 +1745,9 @@ next_sa: strncmp("yes", conf_get_str("General", "Use-Keynote"), 3)) { log_print("responder_recv_HASH_SA_NONCE: peer proposed " "invalid phase 2 IDs: %s", - (exchange->doi->decode_ids("initiator id %s, responder" - " id %s", ie->id_ci, ie->id_ci_sz, ie->id_cr, - ie->id_cr_sz, 1))); + (exchange->doi->decode_ids("initiator id %s, responder" + " id %s", ie->id_ci, ie->id_ci_sz, ie->id_cr, + ie->id_cr_sz, 1))); message_drop(msg, ISAKMP_NOTIFY_NO_PROPOSAL_CHOSEN, 0, 1, 0); goto cleanup; } @@ -1758,7 +1757,7 @@ next_sa: cleanup: /* Remove all potential protocols that have been added to the SAs. */ for (sa = TAILQ_FIRST(&exchange->sa_list); sa; - sa = TAILQ_NEXT(sa, next)) + sa = TAILQ_NEXT(sa, next)) while ((proto = TAILQ_FIRST(&sa->protos)) != 0) proto_free(proto); if (my_hash) @@ -1864,8 +1863,8 @@ responder_send_HASH_SA_NONCE(struct message *msg) return -1; prf->Init(prf->prfctx); LOG_DBG_BUF((LOG_NEGOTIATION, 90, - "responder_send_HASH_SA_NONCE: message_id", - exchange->message_id, ISAKMP_HDR_MESSAGE_ID_LEN)); + "responder_send_HASH_SA_NONCE: message_id", + exchange->message_id, ISAKMP_HDR_MESSAGE_ID_LEN)); prf->Update(prf->prfctx, exchange->message_id, ISAKMP_HDR_MESSAGE_ID_LEN); LOG_DBG_BUF((LOG_NEGOTIATION, 90, "responder_send_HASH_SA_NONCE: " @@ -1879,7 +1878,7 @@ responder_send_HASH_SA_NONCE(struct message *msg) "responder_send_HASH_SA_NONCE: payload %d after HASH(2)", i - 1); LOG_DBG_BUF((LOG_NEGOTIATION, 90, header, msg->iov[i].iov_base, - msg->iov[i].iov_len)); + msg->iov[i].iov_len)); prf->Update(prf->prfctx, msg->iov[i].iov_base, msg->iov[i].iov_len); } @@ -1910,7 +1909,7 @@ gen_g_xy(struct message *msg) return; } if (dh_create_shared(ie->group, ie->g_xy, - exchange->initiator ? ie->g_xr : ie->g_xi)) { + exchange->initiator ? ie->g_xr : ie->g_xi)) { log_print("gen_g_xy: dh_create_shared failed"); return; } @@ -1944,7 +1943,7 @@ responder_recv_HASH(struct message *msg) LOG_DBG((LOG_NEGOTIATION, 90, "responder_recv_HASH: " "isakmp_sa %p isa %p", isakmp_sa, isa)); LOG_DBG_BUF((LOG_NEGOTIATION, 90, "responder_recv_HASH: SKEYID_a", - isa->skeyid_a, isa->skeyid_len)); + isa->skeyid_a, isa->skeyid_len)); prf = prf_alloc(isa->prf_type, isa->hash, isa->skeyid_a, isa->skeyid_len); if (!prf) @@ -1952,20 +1951,20 @@ responder_recv_HASH(struct message *msg) prf->Init(prf->prfctx); prf->Update(prf->prfctx, (unsigned char *)"\0", 1); LOG_DBG_BUF((LOG_NEGOTIATION, 90, "responder_recv_HASH: message_id", - exchange->message_id, ISAKMP_HDR_MESSAGE_ID_LEN)); + exchange->message_id, ISAKMP_HDR_MESSAGE_ID_LEN)); prf->Update(prf->prfctx, exchange->message_id, ISAKMP_HDR_MESSAGE_ID_LEN); LOG_DBG_BUF((LOG_NEGOTIATION, 90, "responder_recv_HASH: NONCE_I_b", - exchange->nonce_i, exchange->nonce_i_len)); + exchange->nonce_i, exchange->nonce_i_len)); prf->Update(prf->prfctx, exchange->nonce_i, exchange->nonce_i_len); LOG_DBG_BUF((LOG_NEGOTIATION, 90, "responder_recv_HASH: NONCE_R_b", - exchange->nonce_r, exchange->nonce_r_len)); + exchange->nonce_r, exchange->nonce_r_len)); prf->Update(prf->prfctx, exchange->nonce_r, exchange->nonce_r_len); prf->Final(my_hash, prf->prfctx); prf_free(prf); LOG_DBG_BUF((LOG_NEGOTIATION, 90, - "responder_recv_HASH: computed HASH(3)", my_hash, - hash_len - ISAKMP_GEN_SZ)); + "responder_recv_HASH: computed HASH(3)", my_hash, + hash_len - ISAKMP_GEN_SZ)); if (memcmp(hash + ISAKMP_GEN_SZ, my_hash, hash_len - ISAKMP_GEN_SZ) != 0) { message_drop(msg, ISAKMP_NOTIFY_INVALID_HASH_INFORMATION, 0, diff --git a/sbin/isakmpd/ipsec.c b/sbin/isakmpd/ipsec.c index 724640c373c..1475fba5f70 100644 --- a/sbin/isakmpd/ipsec.c +++ b/sbin/isakmpd/ipsec.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ipsec.c,v 1.109 2005/04/04 18:40:45 hshoexer Exp $ */ +/* $OpenBSD: ipsec.c,v 1.110 2005/04/04 19:31:11 deraadt Exp $ */ /* $EOM: ipsec.c,v 1.143 2000/12/11 23:57:42 niklas Exp $ */ /* @@ -337,7 +337,7 @@ ipsec_finalize_exchange(struct message *msg) /* * Tell the application(s) about the SPIs and key * material. - */ + */ for (sa = TAILQ_FIRST(&exchange->sa_list); sa; sa = TAILQ_NEXT(sa, next)) { isa = sa->data; @@ -426,7 +426,7 @@ ipsec_finalize_exchange(struct message *msg) * If this is not an SA acquired by the * kernel, it needs to have a SPD entry * (a.k.a. flow) set up. - */ + */ if (!(sa->flags & SA_FLAG_ONDEMAND || conf_get_str("General", "Acquire-Only") || acquire_only) @@ -871,15 +871,15 @@ ipsec_validate_key_information(u_int8_t *buf, size_t sz) static int ipsec_validate_notification(u_int16_t type) { - return type < IPSEC_NOTIFY_RESPONDER_LIFETIME - || type > IPSEC_NOTIFY_INITIAL_CONTACT ? -1 : 0; + return type < IPSEC_NOTIFY_RESPONDER_LIFETIME || + type > IPSEC_NOTIFY_INITIAL_CONTACT ? -1 : 0; } static int ipsec_validate_proto(u_int8_t proto) { - return proto < IPSEC_PROTO_IPSEC_AH - || proto > IPSEC_PROTO_IPCOMP ? -1 : 0; + return proto < IPSEC_PROTO_IPSEC_AH || + proto > IPSEC_PROTO_IPCOMP ? -1 : 0; } static int @@ -907,21 +907,21 @@ ipsec_validate_transform_id(u_int8_t proto, u_int8_t transform_id) * As no unexpected protocols can occur, we just tie the * default case to the first case, in orer to silence a GCC * warning. - */ + */ default: case ISAKMP_PROTO_ISAKMP: return transform_id != IPSEC_TRANSFORM_KEY_IKE; case IPSEC_PROTO_IPSEC_AH: - return transform_id < IPSEC_AH_MD5 - || transform_id > IPSEC_AH_DES ? -1 : 0; + return transform_id < IPSEC_AH_MD5 || + transform_id > IPSEC_AH_DES ? -1 : 0; case IPSEC_PROTO_IPSEC_ESP: - return transform_id < IPSEC_ESP_DES_IV64 - || (transform_id > IPSEC_ESP_AES_128_CTR - && transform_id < IPSEC_ESP_AES_MARS) - || transform_id > IPSEC_ESP_AES_TWOFISH ? -1 : 0; + return transform_id < IPSEC_ESP_DES_IV64 || + (transform_id > IPSEC_ESP_AES_128_CTR && + transform_id < IPSEC_ESP_AES_MARS) || + transform_id > IPSEC_ESP_AES_TWOFISH ? -1 : 0; case IPSEC_PROTO_IPCOMP: - return transform_id < IPSEC_IPCOMP_OUI - || transform_id > IPSEC_IPCOMP_V42BIS ? -1 : 0; + return transform_id < IPSEC_IPCOMP_OUI || + transform_id > IPSEC_IPCOMP_V42BIS ? -1 : 0; } } @@ -934,12 +934,12 @@ ipsec_initiator(struct message *msg) /* Check that the SA is coherent with the IKE rules. */ if (exchange->type != ISAKMP_EXCH_TRANSACTION && ((exchange->phase == 1 && - exchange->type != ISAKMP_EXCH_ID_PROT && - exchange->type != ISAKMP_EXCH_AGGRESSIVE && - exchange->type != ISAKMP_EXCH_INFO) - || (exchange->phase == 2 && - exchange->type != IKE_EXCH_QUICK_MODE && - exchange->type != ISAKMP_EXCH_INFO))) { + exchange->type != ISAKMP_EXCH_ID_PROT && + exchange->type != ISAKMP_EXCH_AGGRESSIVE && + exchange->type != ISAKMP_EXCH_INFO) + || (exchange->phase == 2 && + exchange->type != IKE_EXCH_QUICK_MODE && + exchange->type != ISAKMP_EXCH_INFO))) { log_print("ipsec_initiator: unsupported exchange type %d " "in phase %d", exchange->type, exchange->phase); return -1; @@ -1086,7 +1086,7 @@ ipsec_responder(struct message *msg) /* * If any DELETEs are in here, let the logic of leftover * payloads deal with them. - */ + */ return 0; case IKE_EXCH_QUICK_MODE: @@ -1181,7 +1181,7 @@ ipsec_is_attribute_incompatible(u_int16_t type, u_int8_t *value, u_int16_t len, /* * Our crypto routines only allows key-lengths which * are multiples of an octet. - */ + */ return dv % 8 != 0; case IKE_ATTR_FIELD_SIZE: return 1; @@ -1631,14 +1631,14 @@ ipsec_handle_leftover_payload(struct message *msg, u_int8_t type, * Permit INITIAL-CONTACT if * - this is not an AGGRESSIVE mode exchange * - it is protected by an ISAKMP SA - * + * * XXX Instead of the first condition above, we could * XXX permit this only for phase 2. In the last * XXX packet of main-mode, this payload, while * XXX encrypted, is not part of the hash digest. As * XXX we currently send our own INITIAL-CONTACTs at * XXX this point, this too would need to be changed. - */ + */ if (msg->exchange->type == ISAKMP_EXCH_AGGRESSIVE) { log_print("ipsec_handle_leftover_payload: got " "INITIAL-CONTACT in AGGRESSIVE mode"); @@ -1661,7 +1661,7 @@ ipsec_handle_leftover_payload(struct message *msg, u_int8_t type, * SA that is ready. Exchanges will timeout * themselves and then the non-ready SAs will * disappear too. - */ + */ msg->transport->vtbl->get_dst(msg->transport, &dst); while ((sa = sa_lookup_by_peer(dst, sysdep_sa_len(dst))) != 0) { @@ -1672,7 +1672,7 @@ ipsec_handle_leftover_payload(struct message *msg, u_int8_t type, * the SA from the list to avoid an endless * loop, but keep a reference so it won't * disappear meanwhile. - */ + */ if (sa == msg->isakmp_sa) { sa_reference(sa); sa_remove(sa); diff --git a/sbin/isakmpd/isakmp_cfg.c b/sbin/isakmpd/isakmp_cfg.c index 222d0c679a2..e19ded0def4 100644 --- a/sbin/isakmpd/isakmp_cfg.c +++ b/sbin/isakmpd/isakmp_cfg.c @@ -1,4 +1,4 @@ -/* $OpenBSD: isakmp_cfg.c,v 1.34 2004/08/08 19:11:06 deraadt Exp $ */ +/* $OpenBSD: isakmp_cfg.c,v 1.35 2005/04/04 19:31:11 deraadt Exp $ */ /* * Copyright (c) 2001 Niklas Hallqvist. All rights reserved. @@ -239,7 +239,7 @@ cfg_initiator_send_ATTR(struct message *msg) /* * We can continue, but this indicates a configuration error * that the user probably will want to correct. - */ + */ free(id_string); return 0; } diff --git a/sbin/isakmpd/isakmpd.c b/sbin/isakmpd/isakmpd.c index 72f8e489ff6..2e889b9770f 100644 --- a/sbin/isakmpd/isakmpd.c +++ b/sbin/isakmpd/isakmpd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: isakmpd.c,v 1.74 2005/03/22 17:27:59 cloder Exp $ */ +/* $OpenBSD: isakmpd.c,v 1.75 2005/04/04 19:31:11 deraadt Exp $ */ /* $EOM: isakmpd.c,v 1.54 2000/10/05 09:28:22 niklas Exp $ */ /* @@ -163,7 +163,7 @@ parse_args(int argc, char *argv[]) if (sscanf(optarg, "%d=%d", &cls, &level) != 2) { if (sscanf(optarg, "A=%d", &level) == 1) { for (cls = 0; cls < LOG_ENDCLASS; - cls++) + cls++) log_debug_cmd(cls, level); } else log_print("parse_args: -D argument " @@ -317,7 +317,7 @@ daemon_shutdown(void) log_print("isakmpd: shutting down..."); /* - * Delete all active SAs. First IPsec SAs, then ISAKMPD. + * Delete all active SAs. First IPsec SAs, then ISAKMPD. * Each DELETE is another (outgoing) message. */ while ((sa = sa_find(phase2_sa_check, NULL))) @@ -331,7 +331,7 @@ daemon_shutdown(void) /* * When the prioritized transport sendq:s are empty, i.e all * the DELETE notifications have been sent, we can shutdown. - */ + */ #ifdef USE_DEBUG log_packet_stop(); @@ -490,7 +490,7 @@ main(int argc, char *argv[]) * and if someone set 'sigtermed' (SIGTERM, SIGINT or via the * UI), this indicates we should start a controlled shutdown * of the daemon. - * + * * Note: Since _one_ message is sent per iteration of this * enclosing while-loop, and we want to send a number of * DELETE notifications, we must loop atleast this number of @@ -498,7 +498,7 @@ main(int argc, char *argv[]) * the DELETEs, all other calls just increments the * 'sigtermed' variable until it reaches a "safe" value, and * the daemon exits. - */ + */ if (sigtermed) daemon_shutdown(); @@ -513,7 +513,7 @@ main(int argc, char *argv[]) * XXX Some day we might want to deal with an abstract * application class instead, with many instantiations * possible. - */ + */ if (!app_none && app_socket >= 0) { FD_SET(app_socket, rfds); if (app_socket + 1 > n) @@ -539,7 +539,7 @@ main(int argc, char *argv[]) * condition time to resolve without letting * this process eat up all available CPU * we sleep for a short while. - */ + */ sleep(1); } } else if (n) { diff --git a/sbin/isakmpd/log.c b/sbin/isakmpd/log.c index b4abd320148..aeffda7d569 100644 --- a/sbin/isakmpd/log.c +++ b/sbin/isakmpd/log.c @@ -1,4 +1,4 @@ -/* $OpenBSD: log.c,v 1.51 2005/02/27 13:12:12 hshoexer Exp $ */ +/* $OpenBSD: log.c,v 1.52 2005/04/04 19:31:11 deraadt Exp $ */ /* $EOM: log.c,v 1.30 2000/09/29 08:19:23 niklas Exp $ */ /* @@ -424,7 +424,7 @@ log_packet_init(char *newname) /* Sanity checks. */ if ((st.st_mode & S_IFMT) != S_IFREG) { log_print("log_packet_init: existing capture file is " - "not a regular file"); + "not a regular file"); return; } if ((st.st_mode & (S_IRWXG | S_IRWXO)) != 0) { diff --git a/sbin/isakmpd/math_2n.c b/sbin/isakmpd/math_2n.c index 47efd79ce5f..9f416cd5d43 100644 --- a/sbin/isakmpd/math_2n.c +++ b/sbin/isakmpd/math_2n.c @@ -1,4 +1,4 @@ -/* $OpenBSD: math_2n.c,v 1.17 2005/02/27 13:12:12 hshoexer Exp $ */ +/* $OpenBSD: math_2n.c,v 1.18 2005/04/04 19:31:11 deraadt Exp $ */ /* $EOM: math_2n.c,v 1.15 1999/04/20 09:23:30 niklas Exp $ */ /* @@ -219,7 +219,7 @@ b2n_set_str(b2n_ptr n, char *str) tmp = 0; for (j = (i == 0 ? ((len - 1) % CHUNK_BYTES) + 1 : CHUNK_BYTES); - j > 0; j--) { + j > 0; j--) { tmp <<= 8; tmp |= (hex2int(str[w]) << 4) | hex2int(str[w + 1]); w += 2; diff --git a/sbin/isakmpd/message.c b/sbin/isakmpd/message.c index cd313a2a54f..d5087c2cc20 100644 --- a/sbin/isakmpd/message.c +++ b/sbin/isakmpd/message.c @@ -1,4 +1,4 @@ -/* $OpenBSD: message.c,v 1.98 2005/03/05 12:35:03 ho Exp $ */ +/* $OpenBSD: message.c,v 1.99 2005/04/04 19:31:11 deraadt Exp $ */ /* $EOM: message.c,v 1.156 2000/10/10 12:36:39 provos Exp $ */ /* @@ -241,7 +241,7 @@ message_free(struct message *msg) if (msg->payload) { for (i = 0; i < payload_index_max; i++) for (payload = payload_first(msg, i); payload; - payload = next) { + payload = next) { next = TAILQ_NEXT(payload, link); free(payload); } @@ -321,7 +321,7 @@ message_parse_payloads(struct message *msg, struct payload *p, u_int8_t next, } /* * Decode and validate the payload length field. - */ + */ len = GET_ISAKMP_GEN_LENGTH(buf); if (message_payload_sz(payload) == 0) { @@ -360,7 +360,7 @@ message_parse_payloads(struct message *msg, struct payload *p, u_int8_t next, /* * Check if the current payload is one of the accepted ones at * this stage. - */ + */ if (!ISSET(payload, accepted_payloads)) { log_print("message_parse_payloads: payload type %s " "unexpected", constant_name(isakmp_payload_cst, @@ -680,7 +680,7 @@ message_validate_hash(struct message *msg, struct payload *p) /* If no SKEYID_a, we can not do anything (should not happen). */ if (!isa->skeyid_a) goto invalid; - + /* Allocate the prf and start calculating our HASH(1). */ LOG_DBG_BUF((LOG_MISC, 90, "message_validate_hash: SKEYID_a", isa->skeyid_a, isa->skeyid_len)); @@ -870,7 +870,7 @@ message_validate_notify(struct message *msg, struct payload *p) } /* Validate the SPI. XXX Just ISAKMP for now. */ - if (proto == ISAKMP_PROTO_ISAKMP && + if (proto == ISAKMP_PROTO_ISAKMP && GET_ISAKMP_NOTIFY_SPI_SZ(p->p) == ISAKMP_HDR_COOKIES_LEN && msg->isakmp_sa && memcmp(p->p + ISAKMP_NOTIFY_SPI_OFF, msg->isakmp_sa->cookies, @@ -1234,13 +1234,13 @@ message_recv(struct message *msg) * This might be a retransmission of a former ISAKMP SA setup * message. If so, just drop it. * XXX Must we really look in both the SA and exchange pools? - */ + */ if (exchange_lookup_from_icookie(buf + ISAKMP_HDR_ICOOKIE_OFF) || sa_lookup_from_icookie(buf + ISAKMP_HDR_ICOOKIE_OFF)) { /* * XXX Later we should differentiate between * retransmissions and potential replay attacks. - */ + */ LOG_DBG((LOG_MESSAGE, 90, "message_recv: dropping setup for existing SA")); message_free(msg); @@ -1255,7 +1255,7 @@ message_recv(struct message *msg) * If we cannot find an ISAKMP SA out of the cookies, this is * either a responder's first reply, and we need to upgrade * our exchange, or it's just plain invalid cookies. - */ + */ if (!msg->isakmp_sa) { msg->exchange = exchange_lookup_from_icookie(buf + ISAKMP_HDR_ICOOKIE_OFF); @@ -1359,7 +1359,7 @@ message_recv(struct message *msg) /* * XXX Very likely redundant, look at the else clause of the * if (setup_isakmp_sa) statement above. - */ + */ msg->exchange = exchange_lookup(buf, 0); if (!msg->exchange) { log_print("message_recv: phase 1 message after " @@ -1715,7 +1715,7 @@ message_send_delete(struct sa *sa) /* * XXX We ought to setup an ISAKMP SA with our peer here and * send the DELETE over that one. - */ + */ return; } args.discr = 'D'; @@ -1782,7 +1782,7 @@ message_send_info(struct message *msg) sz = ISAKMP_DELETE_SPI_OFF + args->u.d.nspis * args->spi_sz; break; } - + buf = calloc(1, sz); if (!buf) { log_error("message_send_info: calloc (1, %lu) failed", @@ -2031,7 +2031,7 @@ message_check_duplicate(struct message *msg) * Retransmit if the previos sent message was the last * of an exchange, otherwise just wait for the * ordinary retransmission. - */ + */ if (exchange->last_sent && (exchange->last_sent->flags & MSG_LAST)) message_send(exchange->last_sent); @@ -2140,7 +2140,7 @@ retry_transform: /* * Figure out if we will be looking at a new protocol proposal * inside the current protection suite. - */ + */ if (next_tp && propp != next_propp && sap == next_sap && (GET_ISAKMP_PROP_NO(propp->p) == GET_ISAKMP_PROP_NO(next_propp->p))) { @@ -2182,7 +2182,7 @@ retry_transform: /* * Check if the suite we just considered was OK, if so * we check it against the accepted ones. - */ + */ if (suite_ok_so_far) { if (!validate || validate(exchange, sa, msg->isakmp_sa)) { @@ -2230,7 +2230,7 @@ retry_transform: * seeing we just turn down one of the offers, * can we? I suggest renaming message_drop to * something else. - */ + */ log_print("message_negotiate_sa: no " "compatible proposal found"); message_drop(msg, @@ -2373,7 +2373,7 @@ message_add_sa_payload(struct message *msg) * Add the payloads. As this is a SA, we need to recompute the * lengths of the payloads containing others. We also need to * reset these payload's "next payload type" field. - */ + */ if (message_add_payload(msg, ISAKMP_PAYLOAD_SA, sa_buf, sa_len, 1)) goto cleanup; diff --git a/sbin/isakmpd/monitor.c b/sbin/isakmpd/monitor.c index 873de7ee643..ba14f16ba0e 100644 --- a/sbin/isakmpd/monitor.c +++ b/sbin/isakmpd/monitor.c @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor.c,v 1.36 2005/03/11 12:39:55 hshoexer Exp $ */ +/* $OpenBSD: monitor.c,v 1.37 2005/04/04 19:31:11 deraadt Exp $ */ /* * Copyright (c) 2003 Håkan Olsson. All rights reserved. @@ -181,7 +181,6 @@ monitor_ui_init(void) errout: log_error("monitor_ui_init: problem talking to privileged process"); - return; } int @@ -491,8 +490,6 @@ monitor_init_done(void) { if (m_write_int32(m_state.s, MONITOR_INIT_DONE)) log_print("monitor_init_done: read/write error"); - - return; } /* @@ -552,7 +549,7 @@ monitor_loop(int debug) /* * Currently, there is no need for us to hang around if the * child is in the process of shutting down. - */ + */ if (sigtermed) { m_priv_increase_state(STATE_QUIT); kill(m_state.pid, SIGTERM); @@ -680,7 +677,6 @@ m_priv_ui_init(int s) errout: log_error("m_priv_ui_init: read/write operation failed"); - return; } /* Privileged: called by monitor_loop. */ @@ -710,7 +706,6 @@ m_priv_pfkey_open(int s) errout: log_error("m_priv_pfkey_open: read/write operation failed"); - return; } /* Privileged: called by monitor_loop. */ @@ -763,7 +758,6 @@ m_priv_getfd(int s) errout: log_error("m_priv_getfd: read/write operation failed"); - return; } /* Privileged: called by monitor_loop. */ @@ -802,7 +796,6 @@ m_priv_getsocket(int s) errout: log_error("m_priv_getsocket: read/write operation failed"); - return; } /* Privileged: called by monitor_loop. */ @@ -862,7 +855,6 @@ errout: free(optval); if (sock >= 0) close(sock); - return; } /* Privileged: called by monitor_loop. */ @@ -920,7 +912,6 @@ errout: free(name); if (sock >= 0) close(sock); - return; } /* @@ -1123,5 +1114,4 @@ m_priv_test_state(int state) if (cur_state != state) log_print("m_priv_test_state: Illegal state: %d != %d", (int)cur_state, state); - return; } diff --git a/sbin/isakmpd/nat_traversal.c b/sbin/isakmpd/nat_traversal.c index 53cd1ad77f2..db4aebc12bc 100644 --- a/sbin/isakmpd/nat_traversal.c +++ b/sbin/isakmpd/nat_traversal.c @@ -1,4 +1,4 @@ -/* $OpenBSD: nat_traversal.c,v 1.10 2005/03/05 12:22:40 ho Exp $ */ +/* $OpenBSD: nat_traversal.c,v 1.11 2005/04/04 19:31:11 deraadt Exp $ */ /* * Copyright (c) 2004 Håkan Olsson. All rights reserved. @@ -159,7 +159,6 @@ nat_t_add_vendor_payload(struct message *msg, char *hash) free(buf); return -1; } - return 0; } @@ -172,11 +171,9 @@ nat_t_add_vendor_payloads(struct message *msg) if (!nat_t_hashes) if (nat_t_setup_hashes()) return 0; /* XXX should this be an error? */ - while (nat_t_hashes[i]) if (nat_t_add_vendor_payload(msg, nat_t_hashes[i++])) return -1; - return 0; } @@ -218,8 +215,6 @@ nat_t_check_vendor_payload(struct message *msg, struct payload *p) p->flags |= PL_MARK; return; } - - return; } /* Generate the NAT-D payload hash : HASH(CKY-I | CKY-R | IP | Port). */ @@ -257,7 +252,6 @@ nat_t_generate_nat_d_hash(struct message *msg, struct sockaddr *sa, hash->Update(hash->ctx, sockaddr_addrdata(sa), sockaddr_addrlen(sa)); hash->Update(hash->ctx, (unsigned char *)&port, sizeof port); hash->Final(res, hash->ctx); - return res; } @@ -291,7 +285,6 @@ nat_t_add_nat_d(struct message *msg, struct sockaddr *sa) free(buf); return -1; } - return 0; } @@ -309,7 +302,6 @@ nat_t_exchange_add_nat_d(struct message *msg) msg->transport->vtbl->get_src(msg->transport, &sa); if (nat_t_add_nat_d(msg, sa)) return -1; - return 0; } diff --git a/sbin/isakmpd/pf_key_v2.c b/sbin/isakmpd/pf_key_v2.c index 9271c69f64a..9dc78bce4ed 100644 --- a/sbin/isakmpd/pf_key_v2.c +++ b/sbin/isakmpd/pf_key_v2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf_key_v2.c,v 1.155 2005/03/02 12:49:51 hshoexer Exp $ */ +/* $OpenBSD: pf_key_v2.c,v 1.156 2005/04/04 19:31:11 deraadt Exp $ */ /* $EOM: pf_key_v2.c,v 1.79 2000/12/12 00:33:19 niklas Exp $ */ /* @@ -135,7 +135,7 @@ static u_int8_t *pf_key_v2_convert_id(u_int8_t *, int, size_t *, int *); #endif static struct pf_key_v2_msg *pf_key_v2_call(struct pf_key_v2_msg *); static struct pf_key_v2_node *pf_key_v2_find_ext(struct pf_key_v2_msg *, - u_int16_t); + u_int16_t); static void pf_key_v2_notify(struct pf_key_v2_msg *); static struct pf_key_v2_msg *pf_key_v2_read(u_int32_t); static u_int32_t pf_key_v2_seq(void); @@ -827,7 +827,7 @@ pf_key_v2_get_kernel_sa(u_int8_t *spi, size_t spi_sz, u_int8_t proto, (unsigned long)sizeof *ssa); goto cleanup; } - + ssa->sadb_sa_exttype = SADB_EXT_SA; ssa->sadb_sa_len = sizeof *ssa / PF_KEY_V2_CHUNK; memcpy(&ssa->sadb_sa_spi, spi, sizeof ssa->sadb_sa_spi); @@ -884,7 +884,7 @@ pf_key_v2_get_kernel_sa(u_int8_t *spi, size_t spi_sz, u_int8_t proto, ext = pf_key_v2_find_ext(ret, SADB_EXT_SA); if (!ext) goto cleanup; - + ssa = (struct sadb_sa *)ext; ksa.spi = ssa->sadb_sa_spi; ksa.wnd = ssa->sadb_sa_replay; @@ -907,7 +907,7 @@ pf_key_v2_get_kernel_sa(u_int8_t *spi, size_t spi_sz, u_int8_t proto, ksa.soft_timeout = life->sadb_lifetime_addtime; ksa.soft_first_use = life->sadb_lifetime_usetime; } - + ext = pf_key_v2_find_ext(ret, SADB_EXT_LIFETIME_HARD); if (ext) { life = (struct sadb_lifetime *)ext->seg; @@ -917,7 +917,7 @@ pf_key_v2_get_kernel_sa(u_int8_t *spi, size_t spi_sz, u_int8_t proto, ksa.exp_first_use = life->sadb_lifetime_usetime; } -#if defined (SADB_X_EXT_LIFETIME_LASTUSE) +#if defined (SADB_X_EXT_LIFETIME_LASTUSE) ext = pf_key_v2_find_ext(ret, SADB_X_EXT_LIFETIME_LASTUSE); if (ext) { life = (struct sadb_lifetime *)ext->seg; @@ -932,7 +932,7 @@ pf_key_v2_get_kernel_sa(u_int8_t *spi, size_t spi_sz, u_int8_t proto, sa->sa_family == AF_INET ? sizeof(struct sockaddr_in) : sizeof(struct sockaddr_in6)); } - + ext = pf_key_v2_find_ext(ret, SADB_EXT_ADDRESS_DST); if (ext) { sa = (struct sockaddr *)ext->seg; @@ -963,7 +963,7 @@ pf_key_v2_get_kernel_sa(u_int8_t *spi, size_t spi_sz, u_int8_t proto, spi_sz)); return &ksa; - + cleanup: if (addr) free (addr); @@ -1361,7 +1361,7 @@ pf_key_v2_set_spi(struct sa *sa, struct proto *proto, int incoming, life->sadb_lifetime_usetime = 0; #endif if (pf_key_v2_msg_add(update, (struct sadb_ext *) life, - PF_KEY_V2_NODE_MALLOCED) == -1) + PF_KEY_V2_NODE_MALLOCED) == -1) goto cleanup; life = 0; @@ -2043,7 +2043,7 @@ pf_key_v2_flow(struct sockaddr *laddr, struct sockaddr *lmask, pf_key_v2_setup_sockaddr(addr + 1, dst, 0, 0, 0); #endif if (pf_key_v2_msg_add(flow, (struct sadb_ext *) addr, - PF_KEY_V2_NODE_MALLOCED) == -1) + PF_KEY_V2_NODE_MALLOCED) == -1) goto cleanup; addr = 0; } @@ -2056,7 +2056,7 @@ pf_key_v2_flow(struct sockaddr *laddr, struct sockaddr *lmask, addr->sadb_address_reserved = 0; pf_key_v2_setup_sockaddr(addr + 1, laddr, 0, sport, 0); if (pf_key_v2_msg_add(flow, (struct sadb_ext *) addr, - PF_KEY_V2_NODE_MALLOCED) == -1) + PF_KEY_V2_NODE_MALLOCED) == -1) goto cleanup; addr = 0; @@ -2068,7 +2068,7 @@ pf_key_v2_flow(struct sockaddr *laddr, struct sockaddr *lmask, addr->sadb_address_reserved = 0; pf_key_v2_setup_sockaddr(addr + 1, lmask, 0, sport ? 0xffff : 0, 0); if (pf_key_v2_msg_add(flow, (struct sadb_ext *) addr, - PF_KEY_V2_NODE_MALLOCED) == -1) + PF_KEY_V2_NODE_MALLOCED) == -1) goto cleanup; addr = 0; @@ -2080,7 +2080,7 @@ pf_key_v2_flow(struct sockaddr *laddr, struct sockaddr *lmask, addr->sadb_address_reserved = 0; pf_key_v2_setup_sockaddr(addr + 1, raddr, 0, dport, 0); if (pf_key_v2_msg_add(flow, (struct sadb_ext *) addr, - PF_KEY_V2_NODE_MALLOCED) == -1) + PF_KEY_V2_NODE_MALLOCED) == -1) goto cleanup; addr = 0; @@ -2092,7 +2092,7 @@ pf_key_v2_flow(struct sockaddr *laddr, struct sockaddr *lmask, addr->sadb_address_reserved = 0; pf_key_v2_setup_sockaddr(addr + 1, rmask, 0, dport ? 0xffff : 0, 0); if (pf_key_v2_msg_add(flow, (struct sadb_ext *) addr, - PF_KEY_V2_NODE_MALLOCED) == -1) + PF_KEY_V2_NODE_MALLOCED) == -1) goto cleanup; addr = 0; @@ -2228,7 +2228,7 @@ cleanup: break; } if (pf_key_v2_msg_add(flow, (struct sadb_ext *) addr, - PF_KEY_V2_NODE_MALLOCED) == -1) + PF_KEY_V2_NODE_MALLOCED) == -1) goto cleanup; addr = 0; @@ -2262,7 +2262,7 @@ cleanup: break; } if (pf_key_v2_msg_add(flow, (struct sadb_ext *) addr, - PF_KEY_V2_NODE_MALLOCED) == -1) + PF_KEY_V2_NODE_MALLOCED) == -1) goto cleanup; addr = 0; @@ -2401,7 +2401,7 @@ pf_key_v2_convert_id(u_int8_t *id, int idlen, size_t *reslen, int *idtype) switch (id[0]) { case IPSEC_ID_FQDN: res = calloc(idlen - ISAKMP_ID_DATA_OFF + ISAKMP_GEN_SZ, - sizeof(u_int8_t)); + sizeof(u_int8_t)); if (!res) return 0; @@ -2414,7 +2414,7 @@ pf_key_v2_convert_id(u_int8_t *id, int idlen, size_t *reslen, int *idtype) case IPSEC_ID_USER_FQDN: res = calloc(idlen - ISAKMP_ID_DATA_OFF + ISAKMP_GEN_SZ, - sizeof(u_int8_t)); + sizeof(u_int8_t)); if (!res) return 0; @@ -2427,7 +2427,7 @@ pf_key_v2_convert_id(u_int8_t *id, int idlen, size_t *reslen, int *idtype) case IPSEC_ID_IPV4_ADDR: /* XXX CONNECTION ? */ if (inet_ntop(AF_INET, id + ISAKMP_ID_DATA_OFF - ISAKMP_GEN_SZ, - addrbuf, ADDRESS_MAX) == NULL) + addrbuf, ADDRESS_MAX) == NULL) return 0; *reslen = strlen(addrbuf) + 3; strlcat(addrbuf, "/32", ADDRESS_MAX + 5); @@ -3098,9 +3098,8 @@ pf_key_v2_acquire(struct pf_key_v2_msg *pmsg) struct sadb_comb *scmb = 0; struct sadb_prop *sprp = 0; struct sadb_ident *srcident = 0, *dstident = 0; - char dstbuf[ADDRESS_MAX], srcbuf[ADDRESS_MAX], *peer = 0, - *conn = 0; - char confname[120]; + char dstbuf[ADDRESS_MAX], srcbuf[ADDRESS_MAX], *peer = 0; + char confname[120], *conn = 0; char *srcid = 0, *dstid = 0, *prefstring = 0; int slen, af, afamily, masklen, buflen; struct sockaddr *smask, *sflow, *dmask, *dflow; @@ -3551,8 +3550,8 @@ pf_key_v2_acquire(struct pf_key_v2_msg *pmsg) default: LOG_DBG((LOG_SYSDEP, 20, - "pf_key_v2_acquire: invalid source ID type %d", - srcident->sadb_ident_type)); + "pf_key_v2_acquire: invalid source ID type %d", + srcident->sadb_ident_type)); goto fail; } @@ -4211,7 +4210,7 @@ pf_key_v2_handler(int fd) */ if (ioctl(pf_key_v2_socket, FIONREAD, &n) == -1) { log_error("pf_key_v2_handler: ioctl (%d, FIONREAD, &n) failed", - pf_key_v2_socket); + pf_key_v2_socket); return; } if (!n) diff --git a/sbin/isakmpd/policy.c b/sbin/isakmpd/policy.c index 01d7a59200f..a38348427b4 100644 --- a/sbin/isakmpd/policy.c +++ b/sbin/isakmpd/policy.c @@ -1,4 +1,4 @@ -/* $OpenBSD: policy.c,v 1.80 2005/03/03 15:06:55 hshoexer Exp $ */ +/* $OpenBSD: policy.c,v 1.81 2005/04/04 19:31:11 deraadt Exp $ */ /* $EOM: policy.c,v 1.49 2000/10/24 13:33:39 niklas Exp $ */ /* @@ -428,7 +428,7 @@ policy_callback(char *name) if (len == 2) snprintf(esp_life_kbytes, sizeof esp_life_kbytes, "%u", - decode_16(value)); + decode_16(value)); else snprintf(esp_life_kbytes, sizeof esp_life_kbytes, "%u", @@ -713,9 +713,9 @@ policy_callback(char *name) net = decode_32(id + ISAKMP_ID_DATA_OFF - ISAKMP_GEN_SZ); my_inet_ntop4(&net, remote_id_addr_upper, - sizeof remote_id_addr_upper - 1, 1); + sizeof remote_id_addr_upper - 1, 1); my_inet_ntop4(&net, remote_id_addr_lower, - sizeof remote_id_addr_lower - 1, 1); + sizeof remote_id_addr_lower - 1, 1); remote_id = strdup(remote_id_addr_upper); if (!remote_id) { log_error("policy_callback: " @@ -922,8 +922,8 @@ policy_callback(char *name) } /* Does it contain any non-printable characters ? */ for (i = 0; - i < id_sz - ISAKMP_ID_DATA_OFF + ISAKMP_GEN_SZ; - i++) + i < id_sz - ISAKMP_ID_DATA_OFF + ISAKMP_GEN_SZ; + i++) if (!isprint(*(id + ISAKMP_ID_DATA_OFF - ISAKMP_GEN_SZ + i))) break; @@ -937,7 +937,7 @@ policy_callback(char *name) /* Non-printable characters, convert to hex */ for (i = 0; i < id_sz - ISAKMP_ID_DATA_OFF + ISAKMP_GEN_SZ; - i++) { + i++) { remote_id[2 * i] = hextab[*(id + ISAKMP_ID_DATA_OFF - ISAKMP_GEN_SZ) >> 4]; remote_id[2 * i + 1] = hextab[*(id + @@ -1231,7 +1231,7 @@ policy_callback(char *name) * characters ? */ for (i = 0; - i < idremotesz - ISAKMP_ID_DATA_OFF; i++) + i < idremotesz - ISAKMP_ID_DATA_OFF; i++) if (!isprint(*(idremote + ISAKMP_ID_DATA_OFF + i))) break; @@ -1243,8 +1243,8 @@ policy_callback(char *name) } /* Non-printable characters, convert to hex */ for (i = 0; - i < idremotesz - ISAKMP_ID_DATA_OFF; - i++) { + i < idremotesz - ISAKMP_ID_DATA_OFF; + i++) { remote_filter[2 * i] = hextab[*(idremote + ISAKMP_ID_DATA_OFF) >> 4]; @@ -1307,9 +1307,9 @@ policy_callback(char *name) goto bad; } memcpy(remote_filter_addr_upper, addr, - sizeof remote_filter_addr_upper); + sizeof remote_filter_addr_upper); memcpy(remote_filter_addr_lower, addr, - sizeof remote_filter_addr_lower); + sizeof remote_filter_addr_lower); free(addr); remote_filter = strdup(remote_filter_addr_upper); if (!remote_filter) { @@ -1327,9 +1327,9 @@ policy_callback(char *name) net = decode_32(idlocal + ISAKMP_ID_DATA_OFF); my_inet_ntop4(&net, local_filter_addr_upper, - sizeof local_filter_addr_upper - 1, 1); + sizeof local_filter_addr_upper - 1, 1); my_inet_ntop4(&net, local_filter_addr_lower, - sizeof local_filter_addr_upper - 1, 1); + sizeof local_filter_addr_upper - 1, 1); local_filter = strdup(local_filter_addr_upper); if (!local_filter) { log_error("policy_callback: " @@ -1344,11 +1344,11 @@ policy_callback(char *name) net = decode_32(idlocal + ISAKMP_ID_DATA_OFF); my_inet_ntop4(&net, local_filter_addr_lower, - sizeof local_filter_addr_lower - 1, 1); + sizeof local_filter_addr_lower - 1, 1); net = decode_32(idlocal + ISAKMP_ID_DATA_OFF + 4); my_inet_ntop4(&net, local_filter_addr_upper, - sizeof local_filter_addr_upper - 1, 1); + sizeof local_filter_addr_upper - 1, 1); len = strlen(local_filter_addr_upper) + strlen(local_filter_addr_lower) + 2; local_filter = calloc(len, sizeof(char)); @@ -1373,12 +1373,12 @@ policy_callback(char *name) ISAKMP_ID_DATA_OFF + 4); net &= subnet; my_inet_ntop4(&net, local_filter_addr_lower, - sizeof local_filter_addr_lower - 1, 1); + sizeof local_filter_addr_lower - 1, 1); net |= ~subnet; my_inet_ntop4(&net, local_filter_addr_upper, - sizeof local_filter_addr_upper - 1, 1); - len = strlen(local_filter_addr_upper) - + strlen(local_filter_addr_lower) + 2; + sizeof local_filter_addr_upper - 1, 1); + len = strlen(local_filter_addr_upper) + + strlen(local_filter_addr_lower) + 2; local_filter = calloc(len, sizeof(char)); if (!local_filter) { log_error("policy_callback: " @@ -1396,8 +1396,8 @@ policy_callback(char *name) case IPSEC_ID_IPV6_ADDR: local_filter_type = "IPv6 address"; my_inet_ntop6(idlocal + ISAKMP_ID_DATA_OFF, - local_filter_addr_upper, - sizeof local_filter_addr_upper - 1); + local_filter_addr_upper, + sizeof local_filter_addr_upper - 1); strlcpy(local_filter_addr_lower, local_filter_addr_upper, sizeof local_filter_addr_lower); @@ -1414,8 +1414,8 @@ policy_callback(char *name) local_filter_type = "IPv6 range"; my_inet_ntop6(idlocal + ISAKMP_ID_DATA_OFF, - local_filter_addr_lower, - sizeof local_filter_addr_lower - 1); + local_filter_addr_lower, + sizeof local_filter_addr_lower - 1); my_inet_ntop6(idlocal + ISAKMP_ID_DATA_OFF + 16, local_filter_addr_upper, @@ -1499,8 +1499,7 @@ policy_callback(char *name) memcpy(local_filter, idlocal + ISAKMP_ID_DATA_OFF, idlocalsz - ISAKMP_ID_DATA_OFF); - local_filter[idlocalsz - ISAKMP_ID_DATA_OFF] - = '\0'; + local_filter[idlocalsz - ISAKMP_ID_DATA_OFF] = '\0'; break; case IPSEC_ID_USER_FQDN: @@ -1517,8 +1516,7 @@ policy_callback(char *name) memcpy(local_filter, idlocal + ISAKMP_ID_DATA_OFF, idlocalsz - ISAKMP_ID_DATA_OFF); - local_filter[idlocalsz - ISAKMP_ID_DATA_OFF] - = '\0'; + local_filter[idlocalsz - ISAKMP_ID_DATA_OFF] = '\0'; break; case IPSEC_ID_DER_ASN1_DN: @@ -1549,7 +1547,7 @@ policy_callback(char *name) log_error("policy_callback: " "calloc (%lu, %lu) failed", 2 * ((unsigned long)idlocalsz - - ISAKMP_ID_DATA_OFF) + 1, + ISAKMP_ID_DATA_OFF) + 1, (unsigned long)sizeof(char)); goto bad; } @@ -1558,7 +1556,7 @@ policy_callback(char *name) * characters ? */ for (i = 0; - i < idlocalsz - ISAKMP_ID_DATA_OFF; i++) + i < idlocalsz - ISAKMP_ID_DATA_OFF; i++) if (!isprint(*(idlocal + ISAKMP_ID_DATA_OFF + i))) break; @@ -1570,13 +1568,13 @@ policy_callback(char *name) } /* Non-printable characters, convert to hex */ for (i = 0; - i < idlocalsz - ISAKMP_ID_DATA_OFF; i++) { - local_filter[2 * i] - = hextab[*(idlocal + - ISAKMP_ID_DATA_OFF) >> 4]; - local_filter[2 * i + 1] - = hextab[*(idlocal + - ISAKMP_ID_DATA_OFF) & 0xF]; + i < idlocalsz - ISAKMP_ID_DATA_OFF; i++) { + local_filter[2 * i] = + hextab[*(idlocal + + ISAKMP_ID_DATA_OFF) >> 4]; + local_filter[2 * i + 1] = + hextab[*(idlocal + + ISAKMP_ID_DATA_OFF) & 0xF]; } break; diff --git a/sbin/isakmpd/sa.c b/sbin/isakmpd/sa.c index ebc1b2e811e..0ac7b554bc1 100644 --- a/sbin/isakmpd/sa.c +++ b/sbin/isakmpd/sa.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sa.c,v 1.90 2005/02/27 13:12:12 hshoexer Exp $ */ +/* $OpenBSD: sa.c,v 1.91 2005/04/04 19:31:11 deraadt Exp $ */ /* $EOM: sa.c,v 1.112 2000/12/12 00:22:52 niklas Exp $ */ /* @@ -976,9 +976,9 @@ sa_add_transform(struct sa *sa, struct payload *xf, int initiator, * selected proposal to make this lookup easier. Most vendors * follow this. One noted exception is the CiscoPIX (and * perhaps other Cisco products). - * + * * We start by matching on the proposal number, as before. - */ + */ for (proto = TAILQ_FIRST(&sa->protos); proto && proto->no != GET_ISAKMP_PROP_NO(prop->p); proto = TAILQ_NEXT(proto, link)) @@ -986,13 +986,12 @@ sa_add_transform(struct sa *sa, struct payload *xf, int initiator, /* * If we did not find a match, search through all proposals * and xforms. - */ + */ if (!proto || sa_validate_proto_xf(proto, xf, sa->phase) != 0) for (proto = TAILQ_FIRST(&sa->protos); - proto && sa_validate_proto_xf(proto, xf, - sa->phase) != 0; - proto = TAILQ_NEXT(proto, link)) - ; + proto && sa_validate_proto_xf(proto, xf, sa->phase) != 0; + proto = TAILQ_NEXT(proto, link)) + ; } if (!proto) return -1; @@ -1100,7 +1099,7 @@ sa_soft_expire(void *v_sa) /* * Start to watch the use of this SA, so a renegotiation can * happen as soon as it is shown to be alive. - */ + */ sa->flags |= SA_FLAG_FADING; } diff --git a/sbin/isakmpd/sa.h b/sbin/isakmpd/sa.h index 9d5590027e7..d86123e357b 100644 --- a/sbin/isakmpd/sa.h +++ b/sbin/isakmpd/sa.h @@ -1,4 +1,4 @@ -/* $OpenBSD: sa.h,v 1.43 2005/03/04 16:20:07 hshoexer Exp $ */ +/* $OpenBSD: sa.h,v 1.44 2005/04/04 19:31:11 deraadt Exp $ */ /* $EOM: sa.h,v 1.58 2000/10/10 12:39:01 provos Exp $ */ /* @@ -289,7 +289,7 @@ struct sa_kinfo { u_int64_t exp_timeout; u_int64_t soft_timeout; - + u_int64_t first_use; u_int64_t established; u_int64_t soft_first_use; diff --git a/sbin/isakmpd/transport.c b/sbin/isakmpd/transport.c index 023e819f37c..49706b5fe1a 100644 --- a/sbin/isakmpd/transport.c +++ b/sbin/isakmpd/transport.c @@ -1,4 +1,4 @@ -/* $OpenBSD: transport.c,v 1.30 2004/08/08 19:11:06 deraadt Exp $ */ +/* $OpenBSD: transport.c,v 1.31 2005/04/04 19:31:11 deraadt Exp $ */ /* $EOM: transport.c,v 1.43 2000/10/10 12:36:39 provos Exp $ */ /* @@ -58,7 +58,7 @@ transport_reinit(void) struct transport_vtbl *method; for (method = LIST_FIRST(&transport_method_list); method; - method = LIST_NEXT(method, link)) + method = LIST_NEXT(method, link)) if (method->reinit) method->reinit(); } @@ -127,8 +127,8 @@ transport_report(void) for (t = LIST_FIRST(&transport_list); t; t = LIST_NEXT(t, link)) { LOG_DBG((LOG_REPORT, 0, - "transport_report: transport %p flags %x refcnt %d", t, - t->flags, t->refcnt)); + "transport_report: transport %p flags %x refcnt %d", t, + t->flags, t->refcnt)); /* XXX Report sth on the virtual transport? */ t->vtbl->report(t); @@ -141,12 +141,12 @@ transport_report(void) if ((v->encap_is_active && v->encap == t) || (!v->encap_is_active && v->main == t)) { for (msg = TAILQ_FIRST(&t->virtual->prio_sendq); msg; - msg = TAILQ_NEXT(msg, link)) + msg = TAILQ_NEXT(msg, link)) message_dump_raw("udp_report(prio)", msg, LOG_REPORT); for (msg = TAILQ_FIRST(&t->virtual->sendq); msg; - msg = TAILQ_NEXT(msg, link)) + msg = TAILQ_NEXT(msg, link)) message_dump_raw("udp_report", msg, LOG_REPORT); } @@ -302,7 +302,7 @@ transport_send_messages(fd_set * fds) * We disregard the potential error message here, * hoping that the retransmit will go better. * XXX Consider a retry/fatal error discriminator. - */ + */ t->virtual->vtbl->send_message(msg, 0); msg->xmits++; @@ -310,16 +310,15 @@ transport_send_messages(fd_set * fds) * This piece of code has been proven to be quite * delicate. Think twice for before altering. * Here's an outline: - * + * * If this message is not the one which finishes an * exchange, check if we have reached the number of * retransmit before queuing it up for another. - * + * * If it is a finishing message we still may have to * keep it around for an on-demand retransmit when * seeing a duplicate of our peer's previous message. - * - */ + */ if ((msg->flags & MSG_LAST) == 0) { if (msg->xmits > conf_get_num("General", "retransmits", RETRANSMIT_DEFAULT)) { @@ -357,7 +356,7 @@ transport_send_messages(fd_set * fds) /* * XXX Calculate from round trip * timings and a backoff func. - */ + */ expiry = msg->xmits * 2 + 5; expiration.tv_sec += expiry; LOG_DBG((LOG_TRANSPORT, 30, @@ -388,7 +387,7 @@ transport_send_messages(fd_set * fds) * after the post-send function. But as the post-send * function may remove the exchange, we need to * remember this fact here. - */ + */ ok_to_drop_message = exchange->last_sent == 0; /* @@ -398,7 +397,7 @@ transport_send_messages(fd_set * fds) * the job. Note that a post-send function may take * away the exchange we belong to, but only if no * retransmits are possible. - */ + */ if (msg->xmits == 1) message_post_send(msg); @@ -424,7 +423,7 @@ transport_create(char *name, char *addr) struct transport_vtbl *method; for (method = LIST_FIRST(&transport_method_list); method; - method = LIST_NEXT(method, link)) + method = LIST_NEXT(method, link)) if (strcmp(method->name, name) == 0) return (*method->create) (addr); return 0; diff --git a/sbin/isakmpd/udp.c b/sbin/isakmpd/udp.c index c0dd30f22be..75b27510b7a 100644 --- a/sbin/isakmpd/udp.c +++ b/sbin/isakmpd/udp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: udp.c,v 1.84 2005/03/05 12:21:34 ho Exp $ */ +/* $OpenBSD: udp.c,v 1.85 2005/04/04 19:31:11 deraadt Exp $ */ /* $EOM: udp.c,v 1.57 2001/01/26 10:09:57 niklas Exp $ */ /* @@ -316,10 +316,9 @@ udp_create(char *name) if (addr_list) { for (addr_node = TAILQ_FIRST(&addr_list->fields); - addr_node; addr_node = TAILQ_NEXT(addr_node, link)) + addr_node; addr_node = TAILQ_NEXT(addr_node, link)) if (text2sockaddr(addr_node->field, - port_str, &addr, 0, 0) - == 0) { + port_str, &addr, 0, 0) == 0) { v = virtual_listen_lookup(addr); free(addr); if (v) { @@ -428,7 +427,7 @@ udp_handle_message(struct transport *t) /* * Make a specialized UDP transport structure out of the incoming * transport and the address information we got from recvfrom(2). - */ + */ t = t->virtual->vtbl->clone(t->virtual, (struct sockaddr *)&from); if (!t) return; @@ -454,7 +453,7 @@ udp_send_message(struct message *msg, struct transport *t) /* * Sending on connected sockets requires that no destination address is * given, or else EISCONN will occur. - */ + */ m.msg_name = (caddr_t) u->dst; m.msg_namelen = sysdep_sa_len(u->dst); m.msg_iov = msg->iov; diff --git a/sbin/isakmpd/udp_encap.c b/sbin/isakmpd/udp_encap.c index 806484e3fc9..4385af323e3 100644 --- a/sbin/isakmpd/udp_encap.c +++ b/sbin/isakmpd/udp_encap.c @@ -1,4 +1,4 @@ -/* $OpenBSD: udp_encap.c,v 1.12 2005/03/05 12:21:35 ho Exp $ */ +/* $OpenBSD: udp_encap.c,v 1.13 2005/04/04 19:31:11 deraadt Exp $ */ /* * Copyright (c) 1998, 1999, 2001 Niklas Hallqvist. All rights reserved. @@ -277,7 +277,7 @@ udp_encap_create(char *name) if (addr_list) { for (addr_node = TAILQ_FIRST(&addr_list->fields); - addr_node; addr_node = TAILQ_NEXT(addr_node, link)) + addr_node; addr_node = TAILQ_NEXT(addr_node, link)) if (text2sockaddr(addr_node->field, port_str, &addr, 0, 0) == 0) { v = virtual_listen_lookup(addr); diff --git a/sbin/isakmpd/ui.c b/sbin/isakmpd/ui.c index 71678731cf1..33fb7546f61 100644 --- a/sbin/isakmpd/ui.c +++ b/sbin/isakmpd/ui.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ui.c,v 1.42 2004/08/08 19:11:06 deraadt Exp $ */ +/* $OpenBSD: ui.c,v 1.43 2005/04/04 19:31:11 deraadt Exp $ */ /* $EOM: ui.c,v 1.43 2000/10/05 09:25:12 niklas Exp $ */ /* @@ -324,7 +324,6 @@ ui_debug(char *cmd) } } log_print("ui_debug: command \"%s\" malformed", cmd); - return; } static void @@ -505,7 +504,7 @@ ui_handler(void) /* * When we find a newline, cut off the line and feed it to the * command processor. Then move the rest up-front. - */ + */ if (*p == '\n') { *p = '\0'; ui_handle_command(buf); diff --git a/sbin/isakmpd/util.c b/sbin/isakmpd/util.c index d621f9b61ba..4b8c40951bc 100644 --- a/sbin/isakmpd/util.c +++ b/sbin/isakmpd/util.c @@ -1,4 +1,4 @@ -/* $OpenBSD: util.c,v 1.52 2005/03/10 21:39:21 hshoexer Exp $ */ +/* $OpenBSD: util.c,v 1.53 2005/04/04 19:31:11 deraadt Exp $ */ /* $EOM: util.c,v 1.23 2000/11/23 12:22:08 niklas Exp $ */ /* @@ -265,7 +265,7 @@ text2sockaddr(char *address, char *port, struct sockaddr **sa, sa_family_t af, */ if (!strcmp(address, "default")) { fd = socket(PF_ROUTE, SOCK_RAW, af); - + bzero(buf, sizeof(buf)); rtm = (struct rt_msghdr *)buf; @@ -273,7 +273,7 @@ text2sockaddr(char *address, char *port, struct sockaddr **sa, sa_family_t af, rtm->rtm_type = RTM_GET; rtm->rtm_flags = RTF_UP; rtm->rtm_addrs = RTA_DST; - rtm->rtm_seq = seq = arc4random(); + rtm->rtm_seq = seq = arc4random(); /* default destination */ sa2 = (struct sockaddr *)(rtm + 1); @@ -327,10 +327,10 @@ text2sockaddr(char *address, char *port, struct sockaddr **sa, sa_family_t af, np = if_indextoname(rtm->rtm_index, ifname); if (np == NULL) return (-1); - } + } } #endif /* USE_DEFAULT_ROUTE */ - + if (getifaddrs(&ifap) != 0) return (-1); @@ -339,18 +339,18 @@ text2sockaddr(char *address, char *port, struct sockaddr **sa, sa_family_t af, case AF_INET: for (ifa = ifap; ifa; ifa = ifa->ifa_next) if (!strcmp(ifa->ifa_name, np) && - ifa->ifa_addr != NULL && + ifa->ifa_addr != NULL && ifa->ifa_addr->sa_family == AF_INET) break; break; case AF_INET6: for (ifa = ifap; ifa; ifa = ifa->ifa_next) { if (!strcmp(ifa->ifa_name, np) && - ifa->ifa_addr != NULL && + ifa->ifa_addr != NULL && ifa->ifa_addr->sa_family == AF_INET6) { if (IN6_IS_ADDR_LINKLOCAL( &((struct sockaddr_in6 *) - ifa->ifa_addr)->sin6_addr) && + ifa->ifa_addr)->sin6_addr) && llifa == NULL) llifa = ifa; else @@ -362,12 +362,11 @@ text2sockaddr(char *address, char *port, struct sockaddr **sa, sa_family_t af, } break; } - + if (ifa) { if (netmask) memcpy(&tmp_sas, ifa->ifa_netmask, sysdep_sa_len(ifa->ifa_netmask)); - else memcpy(&tmp_sas, ifa->ifa_addr, sysdep_sa_len(ifa->ifa_addr)); diff --git a/sbin/isakmpd/virtual.c b/sbin/isakmpd/virtual.c index 714a81c22f9..7653a3817b9 100644 --- a/sbin/isakmpd/virtual.c +++ b/sbin/isakmpd/virtual.c @@ -1,4 +1,4 @@ -/* $OpenBSD: virtual.c,v 1.13 2005/03/05 12:21:35 ho Exp $ */ +/* $OpenBSD: virtual.c,v 1.14 2005/04/04 19:31:11 deraadt Exp $ */ /* * Copyright (c) 2004 Håkan Olsson. All rights reserved. @@ -136,8 +136,6 @@ virtual_init(void) (struct virtual_transport *)default_transport6, link); transport_reference(default_transport6); } - - return; } struct virtual_transport * @@ -601,7 +599,6 @@ virtual_remove(struct transport *t) static void virtual_report(struct transport *t) { - return; } static void |