diff options
| author | Niklas Hallqvist <niklas@cvs.openbsd.org> | 2001-08-22 08:49:01 +0000 |
|---|---|---|
| committer | Niklas Hallqvist <niklas@cvs.openbsd.org> | 2001-08-22 08:49:01 +0000 |
| commit | c4989786c89544c02be4742a8af7a05ee6a3f7e6 (patch) | |
| tree | c993c3b2f586a0e41ab05301a0058441379cebf4 /sbin | |
| parent | 2812b90215c83b1365c41a1b4f48cb6fdc04033d (diff) | |
Add ipsec_id_string, a function for converting IDs to on epossible
string form, to be used for IKE mode config and raw key selection by ID.
Not yet used though.
Diffstat (limited to 'sbin')
| -rw-r--r-- | sbin/isakmpd/ipsec.c | 73 | ||||
| -rw-r--r-- | sbin/isakmpd/ipsec.h | 3 |
2 files changed, 74 insertions, 2 deletions
diff --git a/sbin/isakmpd/ipsec.c b/sbin/isakmpd/ipsec.c index 12db0d79fa6..52f59de00a8 100644 --- a/sbin/isakmpd/ipsec.c +++ b/sbin/isakmpd/ipsec.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ipsec.c,v 1.54 2001/07/06 14:37:11 ho Exp $ */ +/* $OpenBSD: ipsec.c,v 1.55 2001/08/22 08:49:00 niklas Exp $ */ /* $EOM: ipsec.c,v 1.143 2000/12/11 23:57:42 niklas Exp $ */ /* @@ -2270,3 +2270,74 @@ ipsec_id_size (char *section, u_int8_t *id) *id, type); return -1; } + +/* + * Generate a string version of the ID. + */ +char * +ipsec_id_string (u_int8_t *id, size_t id_len) +{ + /* XXX Guess at a maximum length. */ + char buf[256]; + char *addrstr = 0; + size_t len; + + /* XXX real ugly way of making the offsets correct. */ + id -= ISAKMP_GEN_SZ; + + switch (GET_ISAKMP_ID_TYPE (id)) + { + case IPSEC_ID_IPV4_ADDR: + if (id_len < sizeof (struct in_addr)) + goto fail; + util_ntoa (&addrstr, AF_INET, id + ISAKMP_ID_DATA_OFF); + if (!addrstr) + goto fail; + if (snprintf (buf, sizeof buf, "ipv4/%s", addrstr) > sizeof buf - 1) + goto fail; + break; + + case IPSEC_ID_IPV6_ADDR: + if (id_len < sizeof (struct in6_addr)) + goto fail; + util_ntoa (&addrstr, AF_INET6, id + ISAKMP_ID_DATA_OFF); + if (!addrstr) + goto fail; + if (snprintf (buf, sizeof buf, "ipv6/%s", addrstr) > sizeof buf - 1) + goto fail; + break; + + case IPSEC_ID_FQDN: + case IPSEC_ID_USER_FQDN: + /* Statically resolvable, should be optimized away by the compiler. */ + if (sizeof buf < sizeof "ufqdn/") + goto fail; + strcpy (buf, + GET_ISAKMP_ID_TYPE (id) == IPSEC_ID_FQDN ? "fqdn/" : "ufqdn/"); + len = strlen(buf); + + /* Id is not NULL-terminated. */ + id_len -= ISAKMP_ID_DATA_OFF; + if (id_len > sizeof buf - len - 1) + goto fail; + + memcpy (buf + len, id + ISAKMP_ID_DATA_OFF, id_len); + *(buf + len + id_len) = '\0'; + break; + + default: + /* Unknown type. */ + LOG_DBG ((LOG_MISC, 10, "id_string: unknown identity type %d\n", + GET_ISAKMP_ID_TYPE (id))); + goto fail; + } + + if (addrstr) + free (addrstr); + return strdup (buf); + + fail: + if (addrstr) + free (addrstr); + return 0; +} diff --git a/sbin/isakmpd/ipsec.h b/sbin/isakmpd/ipsec.h index 76571f0a20e..3b6b94bef14 100644 --- a/sbin/isakmpd/ipsec.h +++ b/sbin/isakmpd/ipsec.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ipsec.h,v 1.18 2001/07/01 20:43:39 niklas Exp $ */ +/* $OpenBSD: ipsec.h,v 1.19 2001/08/22 08:49:00 niklas Exp $ */ /* $EOM: ipsec.h,v 1.42 2000/12/03 07:58:20 angelos Exp $ */ /* @@ -161,6 +161,7 @@ extern int ipsec_gen_g_x (struct message *); extern int ipsec_get_id (char *, int *, struct sockaddr **, struct sockaddr **, u_int8_t *, u_int16_t *); extern ssize_t ipsec_id_size (char *, u_int8_t *); +extern char *ipsec_id_string (u_int8_t *, size_t); extern void ipsec_init (void); extern int ipsec_initial_contact (struct message *msg); extern int ipsec_is_attribute_incompatible (u_int16_t, u_int8_t *, u_int16_t, |