diff options
| author | Markus Friedl <markus@cvs.openbsd.org> | 2007-03-16 20:51:02 +0000 |
|---|---|---|
| committer | Markus Friedl <markus@cvs.openbsd.org> | 2007-03-16 20:51:02 +0000 |
| commit | 0651608af8c3d57db9626a1bcc4bf9cdd16b7d9b (patch) | |
| tree | 4769556c8622c436cb4b2e6e839a78fbd29c160f /sbin | |
| parent | c9cf3937b559200a434857f044c1ade90acda964 (diff) | |
move autodetection of the ID type to the parser. this way the
static flows have the correct ID, too. ok hshoexer, reyk
Diffstat (limited to 'sbin')
| -rw-r--r-- | sbin/ipsecctl/ike.c | 22 | ||||
| -rw-r--r-- | sbin/ipsecctl/ipsecctl.h | 5 | ||||
| -rw-r--r-- | sbin/ipsecctl/parse.y | 24 | ||||
| -rw-r--r-- | sbin/ipsecctl/pfkey.c | 6 |
4 files changed, 28 insertions, 29 deletions
diff --git a/sbin/ipsecctl/ike.c b/sbin/ipsecctl/ike.c index 0a7b579be63..bf0233c488c 100644 --- a/sbin/ipsecctl/ike.c +++ b/sbin/ipsecctl/ike.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ike.c,v 1.60 2007/02/19 09:00:46 hshoexer Exp $ */ +/* $OpenBSD: ike.c,v 1.61 2007/03/16 20:51:01 markus Exp $ */ /* * Copyright (c) 2005 Hans-Joerg Hoexer <hshoexer@openbsd.org> * @@ -35,7 +35,6 @@ static void ike_section_general(struct ipsec_rule *, FILE *); static void ike_section_peer(struct ipsec_rule *, FILE *); static void ike_section_ids(struct ipsec_rule *, FILE *); -static int ike_get_id_type(char *); static void ike_section_ipsec(struct ipsec_rule *, FILE *); static int ike_section_p1(struct ipsec_rule *, FILE *); static int ike_section_p2(struct ipsec_rule *, FILE *); @@ -121,8 +120,6 @@ ike_section_ids(struct ipsec_rule *r, FILE *fd) err(1, "ike_section_ids: strdup"); } if (r->auth->srcid) { - int idtype = ike_get_id_type(r->auth->srcid); - if (r->peer) fprintf(fd, SET "[peer-%s]:ID=%s-ID force\n", r->peer->name, r->auth->srcid); @@ -131,40 +128,29 @@ ike_section_ids(struct ipsec_rule *r, FILE *fd) r->auth->srcid); fprintf(fd, SET "[%s-ID]:ID-type=%s force\n", r->auth->srcid, - ike_id_types[idtype]); + ike_id_types[r->auth->srcid_type]); fprintf(fd, SET "[%s-ID]:Name=%s force\n", r->auth->srcid, r->auth->srcid); } if (r->auth->dstid) { - int idtype = ike_get_id_type(r->auth->dstid); - if (r->peer) { fprintf(fd, SET "[peer-%s]:Remote-ID=%s-ID force\n", r->peer->name, r->peer->name); fprintf(fd, SET "[%s-ID]:ID-type=%s force\n", - r->peer->name, ike_id_types[idtype]); + r->peer->name, ike_id_types[r->auth->dstid_type]); fprintf(fd, SET "[%s-ID]:Name=%s force\n", r->peer->name, r->auth->dstid); } else { fprintf(fd, SET "[peer-default]:Remote-ID=default-ID force\n"); fprintf(fd, SET "[default-ID]:ID-type=%s force\n", - ike_id_types[idtype]); + ike_id_types[r->auth->dstid_type]); fprintf(fd, SET "[default-ID]:Name=%s force\n", r->auth->dstid); } } } -static int -ike_get_id_type(char *string) -{ - if (strchr(string, '@')) - return ID_UFQDN; - else - return ID_FQDN; -} - static void ike_section_ipsec(struct ipsec_rule *r, FILE *fd) { diff --git a/sbin/ipsecctl/ipsecctl.h b/sbin/ipsecctl/ipsecctl.h index 789ba2f1bb1..50a19a1ae70 100644 --- a/sbin/ipsecctl/ipsecctl.h +++ b/sbin/ipsecctl/ipsecctl.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ipsecctl.h,v 1.53 2007/01/03 12:17:43 markus Exp $ */ +/* $OpenBSD: ipsecctl.h,v 1.54 2007/03/16 20:51:01 markus Exp $ */ /* * Copyright (c) 2004, 2005 Hans-Joerg Hoexer <hshoexer@openbsd.org> * @@ -118,7 +118,8 @@ struct ipsec_hosts { struct ipsec_auth { char *srcid; char *dstid; - u_int8_t idtype; + u_int8_t srcid_type; + u_int8_t dstid_type; u_int16_t type; }; diff --git a/sbin/ipsecctl/parse.y b/sbin/ipsecctl/parse.y index 7b77a52aa2e..be9f4bcade3 100644 --- a/sbin/ipsecctl/parse.y +++ b/sbin/ipsecctl/parse.y @@ -1,4 +1,4 @@ -/* $OpenBSD: parse.y,v 1.121 2007/02/26 14:40:09 todd Exp $ */ +/* $OpenBSD: parse.y,v 1.122 2007/03/16 20:51:01 markus Exp $ */ /* * Copyright (c) 2002, 2003, 2004 Henning Brauer <henning@openbsd.org> @@ -181,6 +181,7 @@ struct ipsec_rule *create_ike(u_int8_t, struct ipsec_hosts *, struct ike_mode *, u_int8_t, u_int8_t, u_int8_t, char *, char *, struct ike_auth *, char *); int add_sagroup(struct ipsec_rule *); +int get_id_type(char *); struct ipsec_transforms *ipsec_transforms; @@ -1277,6 +1278,14 @@ parsekeyfile(char *filename) return (parsekey(hex, sb.st_size)); } +int +get_id_type(char *string) +{ + if (string && strchr(string, '@')) + return (ID_UFQDN); + return (ID_FQDN); +} + struct ipsec_addr_wrap * host(const char *s) { @@ -1771,7 +1780,8 @@ copyipsecauth(const struct ipsec_auth *auth) asprintf(&newauth->dstid, "%s", auth->dstid) == -1) err(1, "asprintf"); - newauth->idtype = auth->idtype; + newauth->srcid_type = auth->srcid_type; + newauth->dstid_type = auth->dstid_type; newauth->type = auth->type; return (newauth); @@ -2195,8 +2205,8 @@ create_flow(u_int8_t dir, u_int8_t proto, struct ipsec_hosts *hosts, err(1, "create_flow: calloc"); r->auth->srcid = srcid; r->auth->dstid = dstid; - r->auth->idtype = ID_FQDN; /* XXX For now only FQDN. */ - + r->auth->srcid_type = get_id_type(srcid); + r->auth->dstid_type = get_id_type(dstid); return r; errout: @@ -2342,7 +2352,8 @@ reverse_rule(struct ipsec_rule *rule) if (rule->auth->srcid && (reverse->auth->srcid = strdup(rule->auth->srcid)) == NULL) err(1, "reverse_rule: strdup"); - reverse->auth->idtype = rule->auth->idtype; + reverse->auth->srcid_type = rule->auth->srcid_type; + reverse->auth->dstid_type = rule->auth->dstid_type; reverse->auth->type = rule->auth->type; } @@ -2437,7 +2448,8 @@ create_ike(u_int8_t proto, struct ipsec_hosts *hosts, struct ipsec_hosts *peers, err(1, "create_ike: calloc"); r->auth->srcid = srcid; r->auth->dstid = dstid; - r->auth->idtype = ID_FQDN; /* XXX For now only FQDN. */ + r->auth->srcid_type = get_id_type(srcid); + r->auth->dstid_type = get_id_type(dstid); r->ikeauth = calloc(1, sizeof(struct ike_auth)); if (r->ikeauth == NULL) err(1, "create_ike: calloc"); diff --git a/sbin/ipsecctl/pfkey.c b/sbin/ipsecctl/pfkey.c index f3cd4f7efcb..bf5f6fd75bd 100644 --- a/sbin/ipsecctl/pfkey.c +++ b/sbin/ipsecctl/pfkey.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pfkey.c,v 1.47 2006/11/10 14:47:52 hshoexer Exp $ */ +/* $OpenBSD: pfkey.c,v 1.48 2007/03/16 20:51:01 markus Exp $ */ /* * Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org> * Copyright (c) 2003, 2004 Markus Friedl <markus@openbsd.org> @@ -255,7 +255,7 @@ pfkey_flow(int sd, u_int8_t satype, u_int8_t action, u_int8_t direction, if (sa_srcid == NULL) err(1, "pfkey_flow: calloc"); - sa_srcid->sadb_ident_type = auth->idtype; + sa_srcid->sadb_ident_type = auth->srcid_type; sa_srcid->sadb_ident_len = len / 8; sa_srcid->sadb_ident_exttype = SADB_EXT_IDENTITY_SRC; @@ -269,7 +269,7 @@ pfkey_flow(int sd, u_int8_t satype, u_int8_t action, u_int8_t direction, if (sa_dstid == NULL) err(1, "pfkey_flow: calloc"); - sa_dstid->sadb_ident_type = auth->idtype; + sa_dstid->sadb_ident_type = auth->dstid_type; sa_dstid->sadb_ident_len = len / 8; sa_dstid->sadb_ident_exttype = SADB_EXT_IDENTITY_DST; |