From: Emmanuel D. <ma...@us...> - 2005-06-19 22:37:57
|
Update of /cvsroot/ipsec-tools/ipsec-tools/src/racoon In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv15367/src/racoon Modified Files: admin.c admin.h handler.c handler.h racoonctl.c racoonctl.h Log Message: Add a logout-user command to racoonctl to enable kicking all SA for a given Xauth user. Index: admin.h =================================================================== RCS file: /cvsroot/ipsec-tools/ipsec-tools/src/racoon/admin.h,v retrieving revision 1.10 retrieving revision 1.11 diff -u -d -r1.10 -r1.11 --- admin.h 30 Dec 2004 13:45:49 -0000 1.10 +++ admin.h 19 Jun 2005 22:37:47 -0000 1.11 @@ -76,6 +76,11 @@ #define ADMIN_ESTABLISH_SA_PSK 0x0203 /* + * user login follows + */ +#define ADMIN_LOGOUT_USER 0x0205 /* Delete SA for a given Xauth user */ + +/* * Range 0x08xx is reserved for privilege separation, see privsep.h */ Index: handler.h =================================================================== RCS file: /cvsroot/ipsec-tools/ipsec-tools/src/racoon/handler.h,v retrieving revision 1.17 retrieving revision 1.18 diff -u -d -r1.17 -r1.18 --- handler.h 7 May 2005 14:45:30 -0000 1.17 +++ handler.h 19 Jun 2005 22:37:47 -0000 1.18 @@ -428,6 +428,10 @@ extern struct ph1handle *getph1byaddrwop __P((struct sockaddr *, struct sockaddr *)); extern struct ph1handle *getph1bydstaddrwop __P((struct sockaddr *)); +#ifdef ENABLE_HYBRID +struct ph1handle *getph1bylogin __P((char *)); +int purgeph1bylogin __P((char *)); +#endif extern vchar_t *dumpph1 __P((void)); extern struct ph1handle *newph1 __P((void)); extern void delph1 __P((struct ph1handle *)); Index: racoonctl.h =================================================================== RCS file: /cvsroot/ipsec-tools/ipsec-tools/src/racoon/racoonctl.h,v retrieving revision 1.2 retrieving revision 1.3 diff -u -d -r1.2 -r1.3 --- racoonctl.h 30 Dec 2004 11:08:32 -0000 1.2 +++ racoonctl.h 19 Jun 2005 22:37:47 -0000 1.3 @@ -33,7 +33,7 @@ #define _RACOONCTL_H /* bumped on any change to the interface */ -#define RACOONCTL_INTERFACE 20041230 +#define RACOONCTL_INTERFACE 20050619 extern u_int32_t racoonctl_interface; /* bumped when introducing changes that break backward compatibility */ Index: racoonctl.c =================================================================== RCS file: /cvsroot/ipsec-tools/ipsec-tools/src/racoon/racoonctl.c,v retrieving revision 1.5 retrieving revision 1.6 diff -u -d -r1.5 -r1.6 --- racoonctl.c 25 Apr 2005 22:19:40 -0000 1.5 +++ racoonctl.c 19 Jun 2005 22:37:47 -0000 1.6 @@ -95,6 +95,9 @@ static vchar_t *f_vpnc __P((int, char **)); static vchar_t *f_vpnd __P((int, char **)); static vchar_t *f_getevt __P((int, char **)); +#ifdef ENABLE_HYBRID +static vchar_t *f_logoutusr __P((int, char **)); +#endif struct cmd_tag { vchar_t *(*func) __P((int, char **)); @@ -119,6 +122,10 @@ { f_vpnd, ADMIN_DELETE_ALL_SA_DST,"vd" }, { f_getevt, ADMIN_SHOW_EVT, "show-event" }, { f_getevt, ADMIN_SHOW_EVT, "se" }, +#ifdef ENABLE_HYBRID + { f_logoutusr, ADMIN_LOGOUT_USER, "logout-user" }, + { f_logoutusr, ADMIN_LOGOUT_USER, "lu" }, +#endif { NULL, 0, NULL }, }; @@ -801,6 +808,39 @@ return f_deleteallsadst(nac, nav); } +#ifdef ENABLE_HYBRID +static vchar_t * +f_logoutusr(ac, av) + int ac; + char **av; +{ + vchar_t *buf, *index; + struct admin_com *head; + char *user; + + /* need username */ + if (ac < 1) + errx(1, "insufficient arguments"); + user = av[0]; + if ((user == NULL) || (strlen(user) > LOGINLEN)) + errx(1, "bad login (too long?)"); + + buf = vmalloc(sizeof(*head) + strlen(user) + 1); + if (buf == NULL) + return NULL; + + head = (struct admin_com *)buf->v; + head->ac_len = buf->l; + head->ac_cmd = ADMIN_LOGOUT_USER; + head->ac_errno = 0; + head->ac_proto = 0; + + strncpy((char *)(head + 1), user, LOGINLEN); + + return buf; +} +#endif /* ENABLE_HYBRID */ + static int get_proto(str) Index: handler.c =================================================================== RCS file: /cvsroot/ipsec-tools/ipsec-tools/src/racoon/handler.c,v retrieving revision 1.21 retrieving revision 1.22 diff -u -d -r1.21 -r1.22 --- handler.c 7 Jun 2005 12:22:11 -0000 1.21 +++ handler.c 19 Jun 2005 22:37:47 -0000 1.22 @@ -114,6 +114,7 @@ return NULL; } + /* * search for isakmp handler by i_ck in index. */ @@ -1450,3 +1451,41 @@ return 1; } +#ifdef ENABLE_HYBRID +struct ph1handle * +getph1bylogin(login) + char *login; +{ + struct ph1handle *p; + + LIST_FOREACH(p, &ph1tree, chain) { + if (p->mode_cfg == NULL) + continue; + if (strncmp(p->mode_cfg->login, login, LOGINLEN) == 0) + return p; + } + + return NULL; +} + +int +purgeph1bylogin(login) + char *login; +{ + struct ph1handle *p; + int found = 0; + + LIST_FOREACH(p, &ph1tree, chain) { + if (p->mode_cfg == NULL) + continue; + if (strncmp(p->mode_cfg->login, login, LOGINLEN) == 0) { + if (p->status == PHASE1ST_ESTABLISHED) + isakmp_info_send_d1(p); + purge_remote(p); + found++; + } + } + + return found; +} +#endif Index: admin.c =================================================================== RCS file: /cvsroot/ipsec-tools/ipsec-tools/src/racoon/admin.c,v retrieving revision 1.21 retrieving revision 1.22 diff -u -d -r1.21 -r1.22 --- admin.c 23 May 2005 21:05:14 -0000 1.21 +++ admin.c 19 Jun 2005 22:37:47 -0000 1.22 @@ -56,6 +56,9 @@ #ifdef HAVE_UNISTD_H #include <unistd.h> #endif +#ifdef ENABLE_HYBRID +#include <resolv.h> +#endif #include "var.h" #include "misc.h" @@ -78,6 +81,9 @@ #include "admin.h" #include "admin_var.h" #include "isakmp_inf.h" +#ifdef ENABLE_HYBRID +#include "isakmp_cfg.h" +#endif #include "session.h" #include "gcmalloc.h" @@ -304,6 +310,27 @@ break; } +#ifdef ENABLE_HYBRID + case ADMIN_LOGOUT_USER: { + struct ph1handle *iph1; + char *user; + int found = 0; + + if (com->ac_len > sizeof(com) + LOGINLEN + 1) { + plog(LLV_ERROR, LOCATION, NULL, + "malformed message (login too long)\n"); + break; + } + + user = (char *)(com + 1); + found = purgeph1bylogin(user); + plog(LLV_INFO, LOCATION, NULL, + "deleted %d SA for user \"%s\"\n", found, user); + + break; + } +#endif + case ADMIN_DELETE_ALL_SA_DST: { struct ph1handle *iph1; struct sockaddr *dst; |