more cleanup; send SPI needed message if we have state but no SPI on

acquire.

7 files changed, 143 insertions, 135 deletions

diff --git a/sbin/photurisd/handle_cookie_response.c b/sbin/photurisd/handle_cookie_response.c
index 2b20115b624..b815e2a3cc8 100644
--- a/sbin/photurisd/handle_cookie_response.c
+++ b/sbin/photurisd/handle_cookie_response.c
@@ -34,7 +34,7 @@
  */
 
 #ifndef lint
-static char rcsid[] = "$Id: handle_cookie_response.c,v 1.3 2000/12/11 21:21:17 provos Exp $";
+static char rcsid[] = "$Id: handle_cookie_response.c,v 1.4 2000/12/15 02:42:08 provos Exp $";
 #endif
 
 #include <stdio.h>
@@ -68,12 +68,7 @@ handle_cookie_response(u_char *packet, int size,
 	header = (struct cookie_response *) packet;
 
 	/* Take multi home hosts into account */
-	st = state_root();
-	while(st != NULL) {
-	     if (!bcmp(header->icookie,st->icookie,COOKIE_SIZE))
-		  break;
-	     st = st->next;
-	}
+	st = state_find_icookie(header->icookie);
 	if (st == NULL)
 	     return -1;    /* Silently discard - XXX log perhaps ? */
 		
diff --git a/sbin/photurisd/kernel.c b/sbin/photurisd/kernel.c
index c8fbd122697..4cd37fd5b81 100644
--- a/sbin/photurisd/kernel.c
+++ b/sbin/photurisd/kernel.c
@@ -39,7 +39,7 @@
  */
 
 #ifndef lint
-static char rcsid[] = "$Id: kernel.c,v 1.17 2000/12/15 01:58:27 provos Exp $";
+static char rcsid[] = "$Id: kernel.c,v 1.18 2000/12/15 02:42:08 provos Exp $";
 #endif
 
 #include <time.h>
@@ -1359,7 +1359,7 @@ kernel_request_sa(struct sadb_msg *sadb)
 	st = state_find(dstbuf);
 
 	tm = time(NULL);
-	while (st != NULL && (st->lifetime <= tm || st->phase >= SPI_UPDATE))
+	while (st != NULL && (st->lifetime <= tm || st->phase < SPI_UPDATE))
 		st = state_find_next(st, dstbuf);
 
 	if (st == NULL) {
@@ -1393,10 +1393,30 @@ kernel_request_sa(struct sadb_msg *sadb)
 		} else
 			state_insert(st);
 	} else {
+		struct sockaddr_in sin;
+
 		/* 
 		 * We need different attributes for this exchange, send
 		 * an SPI_NEEDED message.
 		 */
+
+		packet_size = PACKET_BUFFER_SIZE; 
+		if (photuris_spi_needed(st, packet_buffer, &packet_size,
+					st->uSPIattrib,
+					st->uSPIattribsize) == -1) {
+			log_print(__FUNCTION__": photuris_spi_update()");
+			return (-1);
+		}
+
+		/* Send the packet */
+		sin.sin_port = htons(st->port); 
+		sin.sin_family = AF_INET; 
+		sin.sin_addr.s_addr = inet_addr(st->address);
+		    
+		if (sendto(global_socket, packet_buffer, packet_size, 0,
+			   (struct sockaddr *)&sin, sizeof(sin)) != packet_size) {
+			log_error(__FUNCTION__": sendto()");
+		}
 	}
 
 	return (0);
diff --git a/sbin/photurisd/photuris_cookie_request.c b/sbin/photurisd/photuris_cookie_request.c
index 41038583ab1..10f2824381f 100644
--- a/sbin/photurisd/photuris_cookie_request.c
+++ b/sbin/photurisd/photuris_cookie_request.c
@@ -34,7 +34,7 @@
  */
 
 #ifndef lint
-static char rcsid[] = "$Id: photuris_cookie_request.c,v 1.1 1998/11/14 23:37:26 deraadt Exp $";
+static char rcsid[] = "$Id: photuris_cookie_request.c,v 1.2 2000/12/15 02:42:08 provos Exp $";
 #endif
 
 #include <stdio.h>
@@ -62,14 +62,13 @@ photuris_cookie_request(struct stateob *st, u_char *buffer, int *size)
 	*size = COOKIE_REQUEST_PACKET_SIZE;	/* fixed size */
 	
 	if (st->counter == 0) {
-	     prev_st = state_find(st->address);
 	     old_st = NULL;
-	     while (prev_st != NULL) {
+	     for (prev_st = state_find(st->address); prev_st;
+		  prev_st = TAILQ_NEXT(prev_st, next)) {
 		  if (prev_st->lifetime >= timeout) {
 		       timeout = prev_st->lifetime;
 		       old_st = prev_st;
 		  }
-		  prev_st = prev_st->next;
 	     }
 	     
 	     /* Check if we have an exchange going already */
diff --git a/sbin/photurisd/photurisd.c b/sbin/photurisd/photurisd.c
index ab6c29d3576..e8982d7c8c9 100644
--- a/sbin/photurisd/photurisd.c
+++ b/sbin/photurisd/photurisd.c
@@ -32,7 +32,7 @@
  */
 
 #ifndef lint 
-static char rcsid[] = "$Id: photurisd.c,v 1.7 2000/12/14 23:28:58 provos Exp $";
+static char rcsid[] = "$Id: photurisd.c,v 1.8 2000/12/15 02:42:09 provos Exp $";
 #endif 
 
 #define _PHOTURIS_C_
@@ -163,6 +163,7 @@ main(int argc, char **argv)
      argv += optind;
      
      spi_init();
+     state_init();
 
      init_vars();
 
diff --git a/sbin/photurisd/schedule.c b/sbin/photurisd/schedule.c
index 4d3f655404f..0594f27e84b 100644
--- a/sbin/photurisd/schedule.c
+++ b/sbin/photurisd/schedule.c
@@ -35,7 +35,7 @@
  */
 
 #ifndef lint
-static char rcsid[] = "$Id: schedule.c,v 1.3 2000/12/15 01:06:51 provos Exp $";
+static char rcsid[] = "$Id: schedule.c,v 1.4 2000/12/15 02:42:09 provos Exp $";
 #endif
 
 #define _SCHEDULE_C_
@@ -197,10 +197,6 @@ schedule_process(int sock)
 	  remove = 0;
 	  switch(tmp->event) {
 	  case REKEY:
-#ifdef DEBUG
-	       if (state_root() != NULL)
-		    printf("Resetting secrets\n");
-#endif
 	       reset_secret();
 	       tmp->tm = time(NULL) + REKEY_TIMEOUT;
 	       break;
diff --git a/sbin/photurisd/state.c b/sbin/photurisd/state.c
index f7f16b3548f..17d792cedd4 100644
--- a/sbin/photurisd/state.c
+++ b/sbin/photurisd/state.c
@@ -32,78 +32,63 @@
  * functions for handling states
  */
 
-#define _STATE_C_
+#include <sys/types.h>
+#include <sys/queue.h>
 
-#ifdef DEBUG
-#include <stdio.h>
-#endif
 #include <stdlib.h>
 #include <string.h>
 #include <time.h>
 #include <sys/time.h>
+
+#define _STATE_C_
+
 #include "photuris.h"
 #include "state.h"
 #include "schedule.h"
 #include "log.h"
 
-static struct stateob *stateob = NULL;
+TAILQ_HEAD(statelist, stateob) statehead;
+
+void
+state_init(void)
+{
+	TAILQ_INIT(&statehead);
+}
 
 int
 state_insert(struct stateob *ob)
 {
-     struct stateob *tmp;
+	TAILQ_INSERT_TAIL(&statehead, ob, next);
 
-     ob->next = NULL;
-
-     if(stateob == NULL) {
-	  stateob = ob;
-	  return 1;
-     }
-     
-     tmp=stateob;
-     while(tmp->next!=NULL)
-	  tmp = tmp->next;
-
-     tmp->next = ob;
-     return 1;
+	return (1);
 }
 
 int
 state_unlink(struct stateob *ob)
 {
-     struct stateob *tmp;
-     if(stateob == ob) {
-	  stateob = ob->next;
-	  free(ob);
-	  return 1;
-     }
+	TAILQ_REMOVE(&statehead, ob, next);
 
-     for(tmp=stateob; tmp!=NULL; tmp=tmp->next) {
-	  if(tmp->next==ob) {
-	       tmp->next=ob->next;
-	       free(ob);
-	       return 1;
-	  }
-     }
-     return 0;
+	return (1);
 }
 
 int 
 state_save_verification(struct stateob *st, u_int8_t *buf, u_int16_t len)
 {
-     if (st->verification == NULL || len > st->versize) {
-	  if (st->verification != NULL)
-	       free(st->verification);
-
-	  if ((st->verification = calloc(len, sizeof(u_int8_t))) == NULL) {
-	       log_error("calloc() in state_save_verification()");
-	       return -1;
-	  }
-     }
+	if (st->verification == NULL || len > st->versize) {
+		if (st->verification != NULL)
+			free(st->verification);
+
+		st->verification = calloc(len, sizeof(u_int8_t));
+		if (st->verification == NULL) {
+			log_error(__FUNCTION__": calloc()");
+			return (-1);
+		}
+	}
+
+	bcopy(buf, st->verification, len);
+	st->versize = len;
 
-     bcopy(buf, st->verification, len);
-     st->versize = len;
-     return 0;
+	return (0);
 }
 
 
@@ -114,36 +99,38 @@ state_save_verification(struct stateob *st, u_int8_t *buf, u_int16_t len)
 void
 state_copy_flags(struct stateob *src, struct stateob *dst)
 {
-     dst->initiator = src->initiator;
+	dst->initiator = src->initiator;
      
-     if (src->user != NULL)
-	  dst->user = strdup(src->user);
+	if (src->user != NULL)
+		dst->user = strdup(src->user);
 
-     dst->flags = src->flags;
+	dst->flags = src->flags;
 
-     strncpy(dst->address, src->address, sizeof(src->address)-1);
-     dst->address[sizeof(dst->address)-1] = 0;
+	strncpy(dst->address, src->address, sizeof(src->address)-1);
+	dst->address[sizeof(dst->address)-1] = 0;
 
-     dst->lifetime = src->lifetime;
-     dst->exchange_lifetime = src->exchange_lifetime;
-     dst->spi_lifetime = src->spi_lifetime;
+	dst->lifetime = src->lifetime;
+	dst->exchange_lifetime = src->exchange_lifetime;
+	dst->spi_lifetime = src->spi_lifetime;
 }
 
 struct stateob *
 state_new(void)
 {
-     struct stateob *p;
+	struct stateob *p;
 
-     if((p = calloc(1, sizeof(struct stateob)))==NULL)
-	  return NULL;
+	if((p = calloc(1, sizeof(struct stateob)))==NULL) {
+		log_error(__FUNCTION__": calloc");
+		return (NULL);
+	}
 
-     p->modulus = BN_new();
-     p->generator = BN_new();
+	p->modulus = BN_new();
+	p->generator = BN_new();
   
-     p->exchange_lifetime = exchange_lifetime;
-     p->spi_lifetime = spi_lifetime;
+	p->exchange_lifetime = exchange_lifetime;
+	p->spi_lifetime = spi_lifetime;
 
-     return p;
+	return (p);
 }
 
 int
@@ -202,7 +189,7 @@ state_value_reset(struct stateob *ob)
      if (ob->packet != NULL)
 	  free(ob->packet);
 
-     return 1;
+     return (1);
 }
 
 /* 
@@ -210,86 +197,92 @@ state_value_reset(struct stateob *ob)
  */
 
 struct stateob *
-state_root(void)
-{
-     return stateob;
-}
-
-struct stateob *
 state_find(char *address)
 {
-     struct stateob *tmp = stateob;
-     while (tmp != NULL) {
-          if (address == NULL || !strcmp(address, tmp->address))
-	       return tmp;
-	  tmp = tmp->next;
-     }
-     return NULL;
+	struct stateob *tmp;
+
+	for (tmp = TAILQ_FIRST(&statehead); tmp; tmp = TAILQ_NEXT(tmp, next)) {
+		if (address == NULL || !strcmp(address, tmp->address))
+			break;
+	}
+
+	return (tmp);
 }
 
 struct stateob * 
 state_find_next(struct stateob *prev, char *address) 
 { 
-     struct stateob *tmp = prev->next; 
-     while(tmp!=NULL) { 
-          if(address == NULL || !strcmp(address, tmp->address)) 
-               return tmp; 
-          tmp = tmp->next; 
+     struct stateob *tmp; 
+
+     for (tmp = TAILQ_NEXT(prev, next); tmp; tmp = TAILQ_NEXT(tmp, next)) {
+	     if (address == NULL || !strcmp(address, tmp->address)) 
+		     break;
      } 
-     return NULL; 
+
+     return (tmp); 
 } 
 
+struct stateob *
+state_find_icookie(u_int8_t *cookie)
+{
+	struct stateob *tmp;
+
+	for (tmp = TAILQ_FIRST(&statehead); tmp; tmp = TAILQ_NEXT(tmp, next)) {
+		if (!bcmp(tmp->icookie, cookie, COOKIE_SIZE))
+			break;
+	}
+
+	return (tmp);
+}
 
 struct stateob * 
 state_find_cookies(char *address, u_int8_t *icookie, u_int8_t *rcookie) 
 {
      struct stateob *tmp;
 
-     tmp = state_find(address);
-     while(tmp!=NULL) {
+     
+     for (tmp = state_find(address); tmp;
+	  tmp = state_find_next(tmp, address)) {
 	  if (!bcmp(tmp->icookie, icookie, COOKIE_SIZE) && 
 	      (rcookie == NULL || !bcmp(tmp->rcookie, rcookie, COOKIE_SIZE)))
-	       return tmp;
-	  tmp = state_find_next(tmp, address);
+		  break;
      }
 
-     return NULL;
+     return (tmp);
 }
 
 void
-state_cleanup()
+state_cleanup(void)
 {
      struct stateob *p;
-     struct stateob *tmp = stateob;
-     while(tmp!=NULL) {
-	  p = tmp;
-	  tmp = tmp->next;
-	  state_value_reset(p);
-	  free(p);
+
+     while ((p = TAILQ_FIRST(&statehead))) {
+	     TAILQ_REMOVE(&statehead, p, next);
+
+	     state_value_reset(p);
+	     free(p);
      }
-     stateob = NULL;
 }
 
 void
 state_expire(void)
 {
-     struct stateob *tmp = stateob, *p;
-     time_t tm;
-
-     tm = time(NULL);
-     while (tmp != NULL) {
-	  if ((tmp->retries < max_retries || tmp->resource) &&
-	      (tmp->lifetime == -1 || tmp->lifetime > tm)) {
-	       tmp = tmp->next;
-	       continue;
-	  }
-#ifdef DEBUG
-	  printf("Expiring state to %s in phase %d\n",
-		tmp->address, tmp->phase);
-#endif
-	  p = tmp;
-	  tmp = tmp->next;
-	  state_value_reset(p);
-	  state_unlink(p);
-     }
+	struct stateob *tmp, *next;
+	time_t tm;
+
+	tm = time(NULL);
+	for (tmp = TAILQ_FIRST(&statehead); tmp; tmp = next) {
+		next = TAILQ_NEXT(tmp, next);
+
+		if ((tmp->retries < max_retries || tmp->resource) &&
+		    (tmp->lifetime == -1 || tmp->lifetime > tm))
+			continue;
+
+		LOG_DBG((LOG_MISC, 35, __FUNCTION__
+			 ": Expiring state to %s in phase %d\n",
+			 tmp->address, tmp->phase));
+
+		state_value_reset(tmp);
+		state_unlink(tmp);
+	}
 }
diff --git a/sbin/photurisd/state.h b/sbin/photurisd/state.h
index f33b37dda8e..e05fab9890b 100644
--- a/sbin/photurisd/state.h
+++ b/sbin/photurisd/state.h
@@ -27,7 +27,7 @@
  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
-/* $Id: state.h,v 1.4 2000/12/11 20:32:15 provos Exp $ */
+/* $Id: state.h,v 1.5 2000/12/15 02:42:09 provos Exp $ */
 /*
  * state.h: 
  * state object
@@ -36,6 +36,7 @@
 #ifndef _STATE_H_
 #define _STATE_H_
 
+#include <sys/queue.h>
 #include <sys/socket.h>
 #include <netinet/in.h>
 #include <ssl/bn.h>
@@ -57,7 +58,7 @@
 #define IPSEC_NOTIFY		0x1000  /* State created by kernel notify */
 
 struct stateob {
-  struct stateob *next;            /* Linked list */
+  TAILQ_ENTRY(stateob) next;	   /* Linked list */
 
   int initiator;                   /* Boolean */
   int phase;                       /* Actual phase in the exchange */
@@ -136,6 +137,8 @@ struct stateob {
 };
 
 /* Prototypes */
+void state_init(void);
+
 int state_insert(struct stateob *);
 int state_unlink(struct stateob *);
 struct stateob *state_new(void);
@@ -143,6 +146,7 @@ int state_value_reset(struct stateob *);
 struct stateob *state_root(void);
 struct stateob *state_find(char *);
 struct stateob *state_find_next(struct stateob *, char *);
+struct stateob *state_find_icookie(u_int8_t *);
 struct stateob *state_find_cookies(char *, u_int8_t *, u_int8_t *);
 int state_save_verification(struct stateob *st, u_int8_t *buf, u_int16_t len);
 void state_copy_flags(struct stateob *src, struct stateob *dst);