summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--sbin/isakmpd/conf.c222
1 files changed, 118 insertions, 104 deletions
diff --git a/sbin/isakmpd/conf.c b/sbin/isakmpd/conf.c
index 0258ee07ab2..89b63e93300 100644
--- a/sbin/isakmpd/conf.c
+++ b/sbin/isakmpd/conf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: conf.c,v 1.64 2004/04/15 18:53:56 deraadt Exp $ */
+/* $OpenBSD: conf.c,v 1.65 2004/04/15 20:20:55 deraadt Exp $ */
/* $EOM: conf.c,v 1.48 2000/12/04 02:04:29 angelos Exp $ */
/*
@@ -138,7 +138,7 @@ conf_remove_now(char *section, char *tag)
&& strcasecmp(cb->tag, tag) == 0) {
LIST_REMOVE(cb, link);
LOG_DBG((LOG_MISC, 95, "[%s]:%s->%s removed", section, tag,
- cb->value));
+ cb->value));
free(cb->section);
free(cb->tag);
free(cb->value);
@@ -161,7 +161,7 @@ conf_remove_section_now(char *section)
unseen = 0;
LIST_REMOVE(cb, link);
LOG_DBG((LOG_MISC, 95, "[%s]:%s->%s removed", section, cb->tag,
- cb->value));
+ cb->value));
free(cb->section);
free(cb->tag);
free(cb->value);
@@ -186,13 +186,13 @@ conf_set_now(char *section, char *tag, char *value, int override,
else if (conf_get_str(section, tag)) {
if (!is_default)
log_print("conf_set_now: duplicate tag [%s]:%s, ignoring...\n",
- section, tag);
+ section, tag);
return 1;
}
node = calloc(1, sizeof *node);
if (!node) {
log_error("conf_set_now: calloc (1, %lu) failed", (unsigned long) sizeof
- *node);
+ *node);
return 1;
}
node->section = strdup(section);
@@ -202,7 +202,7 @@ conf_set_now(char *section, char *tag, char *value, int override,
LIST_INSERT_HEAD(&conf_bindings[conf_hash(section)], node, link);
LOG_DBG((LOG_MISC, 95, "conf_set_now: [%s]:%s->%s", node->section, node->tag,
- node->value));
+ node->value));
return 0;
}
@@ -234,14 +234,14 @@ conf_parse_line(int trans, char *line, size_t sz)
free(section);
if (i == sz) {
log_print("conf_parse_line: %d:"
- "non-matched ']', ignoring until next section", ln);
+ "non-matched ']', ignoring until next section", ln);
section = 0;
return;
}
section = malloc(i);
if (!section) {
log_print("conf_parse_line: %d: malloc (%lu) failed", ln,
- (unsigned long) i);
+ (unsigned long) i);
return;
}
strlcpy(section, line + 1, i);
@@ -252,8 +252,8 @@ conf_parse_line(int trans, char *line, size_t sz)
if (line[i] == '=') {
/* If no section, we are ignoring the lines. */
if (!section) {
- log_print("conf_parse_line: %d: ignoring line due to no section",
- ln);
+ log_print("conf_parse_line: %d: ignoring line "
+ "due to no section", ln);
return;
}
line[strcspn(line, " \t=")] = '\0';
@@ -269,8 +269,6 @@ conf_parse_line(int trans, char *line, size_t sz)
i = strspn(line, " \t");
if (line[i])
log_print("conf_parse_line: %d: syntax error", ln);
-
- return;
}
/* Parse the mapped configuration file. */
@@ -438,35 +436,46 @@ conf_load_defaults(int tr)
CONF_DFLT_PHASE1_TRANSFORMS, 0, 1);
/* Main modes */
- for (enc = 0; mm_enc[enc]; enc++)
- for (hash = 0; mm_hash[hash]; hash++)
- for (auth = 0; mm_auth[auth]; auth++)
- for (group = 0; dh_group_p[group]; group++) { /* special */
- snprintf(sect, sizeof sect, "%s-%s%s%s", mm_enc_p[enc],
- mm_hash[hash], dh_group_p[group], mm_auth_p[auth]);
+ for (enc = 0; mm_enc[enc]; enc++) {
+ for (hash = 0; mm_hash[hash]; hash++) {
+ for (auth = 0; mm_auth[auth]; auth++) {
+ for (group = 0; dh_group_p[group]; group++) {
+ /* special */
+ snprintf(sect, sizeof sect, "%s-%s%s%s",
+ mm_enc_p[enc], mm_hash[hash],
+ dh_group_p[group], mm_auth_p[auth]);
#if 0
if (!conf_find_trans_xf(1, sect))
continue;
#endif
- LOG_DBG((LOG_MISC, 90, "conf_load_defaults : main mode %s",
- sect));
+ LOG_DBG((LOG_MISC, 90,
+ "conf_load_defaults : main mode %s",
+ sect));
- conf_set(tr, sect, "ENCRYPTION_ALGORITHM", mm_enc[enc], 0, 1);
+ conf_set(tr, sect, "ENCRYPTION_ALGORITHM",
+ mm_enc[enc], 0, 1);
if (strcmp(mm_enc[enc], "BLOWFISH_CBC") == 0)
- conf_set(tr, sect, "KEY_LENGTH", CONF_DFLT_VAL_BLF_KEYLEN, 0,
- 1);
+ conf_set(tr, sect, "KEY_LENGTH",
+ CONF_DFLT_VAL_BLF_KEYLEN, 0, 1);
- conf_set(tr, sect, "HASH_ALGORITHM", mm_hash[hash], 0, 1);
- conf_set(tr, sect, "AUTHENTICATION_METHOD", mm_auth[auth], 0, 1);
+ conf_set(tr, sect, "HASH_ALGORITHM",
+ mm_hash[hash], 0, 1);
+ conf_set(tr, sect, "AUTHENTICATION_METHOD",
+ mm_auth[auth], 0, 1);
/* XXX Always DH group 2 (MODP_1024) */
conf_set(tr, sect, "GROUP_DESCRIPTION",
- dh_group[group < group_max ? group : 1], 0, 1);
+ dh_group[group < group_max ? group : 1],
+ 0, 1);
- conf_set(tr, sect, "Life", CONF_DFLT_TAG_LIFE_MAIN_MODE, 0, 1);
+ conf_set(tr, sect, "Life",
+ CONF_DFLT_TAG_LIFE_MAIN_MODE, 0, 1);
}
+ }
+ }
+ }
/* Setup a default Phase 1 entry */
conf_set(tr, "Phase 1", "Default", "Default-phase-1", 0, 1);
@@ -479,98 +488,104 @@ conf_load_defaults(int tr)
conf_set(tr, "Default-phase-1", "ID", dflt, 0, 1);
/* Quick modes */
- for (enc = 0; qm_enc[enc]; enc++)
- for (proto = 0; proto < 2; proto++)
- for (mode = 0; mode < 2; mode++)
- for (pfs = 0; pfs < 2; pfs++)
- for (hash = 0; qm_hash[hash]; hash++)
- for (group = 0; dh_group_p[group]; group++)
- if ((proto == 1 && strcmp(qm_hash[hash], "NONE") == 0)) /* AH */
+ for (enc = 0; qm_enc[enc]; enc++) {
+ for (proto = 0; proto < 2; proto++) {
+ for (mode = 0; mode < 2; mode++) {
+ for (pfs = 0; pfs < 2; pfs++) {
+ for (hash = 0; qm_hash[hash]; hash++) {
+ for (group = 0; dh_group_p[group];
+ group++) {
+ char tmp[CONF_MAX];
+
+ if ((proto == 1 &&
+ strcmp(qm_hash[hash],
+ "NONE") == 0)) /* AH */
continue;
- else {
- char tmp[CONF_MAX];
- snprintf(tmp, sizeof tmp, "QM-%s%s%s%s%s%s", PROTO(proto),
- MODE_p(mode), qm_enc_p[enc], qm_hash_p[hash],
- PFS(pfs), dh_group_p[group]);
+ snprintf(tmp, sizeof tmp,
+ "QM-%s%s%s%s%s%s",
+ PROTO(proto),
+ MODE_p(mode),
+ qm_enc_p[enc],
+ qm_hash_p[hash],
+ PFS(pfs),
+ dh_group_p[group]);
- strlcpy(sect, tmp, CONF_MAX);
- strlcat(sect, "-SUITE", CONF_MAX);
+ strlcpy(sect, tmp, CONF_MAX);
+ strlcat(sect, "-SUITE",
+ CONF_MAX);
#if 0
- if (!conf_find_trans_xf(2, sect))
- continue;
+ if (!conf_find_trans_xf(2, sect))
+ continue;
#endif
- LOG_DBG((LOG_MISC, 90, "conf_load_defaults : quick mode %s",
- sect));
+ LOG_DBG((LOG_MISC, 90,
+ "conf_load_defaults : quick mode %s",
+ sect));
- conf_set(tr, sect, "Protocols", tmp, 0, 1);
+ conf_set(tr, sect, "Protocols",
+ tmp, 0, 1);
- snprintf(sect, sizeof sect, "IPSEC_%s", PROTO(proto));
- conf_set(tr, tmp, "PROTOCOL_ID", sect, 0, 1);
+ snprintf(sect, sizeof sect,
+ "IPSEC_%s", PROTO(proto));
+ conf_set(tr, tmp, "PROTOCOL_ID",
+ sect, 0, 1);
- strlcpy(sect, tmp, CONF_MAX);
- strlcat(sect, "-XF", CONF_MAX);
- conf_set(tr, tmp, "Transforms", sect, 0, 1);
+ strlcpy(sect, tmp, CONF_MAX);
+ strlcat(sect, "-XF", CONF_MAX);
+ conf_set(tr, tmp, "Transforms",
+ sect, 0, 1);
- /*
- * XXX For
- * now,
- * defaults
- * contain
- * one xf per
- * protocol.
- */
+ /*
+ * XXX For now, defaults
+ * contain one xf per protocol.
+ */
+
+ conf_set(tr, sect,
+ "TRANSFORM_ID",
+ qm_enc[enc], 0, 1);
+
+ if (strcmp(qm_enc[enc],
+ "BLOWFISH") == 0)
+ conf_set(tr, sect,
+ "KEY_LENGTH",
+ CONF_DFLT_VAL_BLF_KEYLEN,
+ 0, 1);
+
+ conf_set(tr, sect,
+ "ENCAPSULATION_MODE",
+ MODE(mode), 0, 1);
+
+ if (strcmp(qm_hash[hash], "NONE")) {
+ conf_set(tr, sect, "AUTHENTICATION_ALGORITHM",
+ qm_hash[hash], 0, 1);
- conf_set(tr, sect, "TRANSFORM_ID", qm_enc[enc], 0, 1);
-
- if (strcmp(qm_enc[enc], "BLOWFISH") == 0)
- conf_set(tr, sect, "KEY_LENGTH", CONF_DFLT_VAL_BLF_KEYLEN,
- 0, 1);
-
- conf_set(tr, sect, "ENCAPSULATION_MODE", MODE(mode), 0, 1);
-
- if (strcmp(qm_hash[hash], "NONE")) {
- conf_set(tr, sect, "AUTHENTICATION_ALGORITHM",
- qm_hash[hash], 0, 1);
-
- /*
- * XXX
- *
- * Ano
- * the
- * r
- * sho
- * rtc
- * ut
- * --
- * to
- * kee
- * p
- * len
- * gth
- *
- * dow
- * n.
- */
- if (pfs)
- conf_set(tr, sect, "GROUP_DESCRIPTION",
- dh_group[group < group_max ? group : 1], 0,
- 1);
- }
/*
* XXX
- * Lifetimes
- * depending
- * on
- * enc/auth
- * strength?
+ *
+ * Another shortcut:
+ * to keep length down
*/
- conf_set(tr, sect, "Life", CONF_DFLT_TAG_LIFE_QUICK_MODE, 0,
- 1);
+ if (pfs)
+ conf_set(tr, sect, "GROUP_DESCRIPTION",
+ dh_group[group < group_max ? group : 1],
+ 0, 1);
}
- return;
+ /*
+ * XXX
+ * Lifetimes depending
+ * on enc/auth strength?
+ */
+ conf_set(tr, sect, "Life", CONF_DFLT_TAG_LIFE_QUICK_MODE, 0,
+ 1);
+
+ }
+ }
+ }
+ }
+ }
+ }
}
void
@@ -1139,5 +1154,4 @@ mem_fail:
free(dnode->s);
free(dnode);
}
- return;
}