From: VANHULLEBUS Y. <va...@us...> - 2006-08-11 16:06:33
|
Update of /cvsroot/ipsec-tools/ipsec-tools/src/racoon In directory sc8-pr-cvs2.sourceforge.net:/tmp/cvs-serv17739/src/racoon Modified Files: ipsec_doi.c ipsec_doi.h Log Message: fixed and public ipsecdoi_id2str() Index: ipsec_doi.c =================================================================== RCS file: /cvsroot/ipsec-tools/ipsec-tools/src/racoon/ipsec_doi.c,v retrieving revision 1.53 retrieving revision 1.54 diff -u -d -r1.53 -r1.54 --- ipsec_doi.c 23 May 2006 20:28:29 -0000 1.53 +++ ipsec_doi.c 11 Aug 2006 16:06:30 -0000 1.54 @@ -4081,16 +4081,195 @@ /* * make printable string from ID payload except of general header. */ -const char * +char * ipsecdoi_id2str(id) const vchar_t *id; { - static char buf[256]; +#define BUFLEN 512 + char * ret = NULL; + int len = 0; + char *dat; + static char buf[BUFLEN]; + struct ipsecdoi_id_b *id_b = (struct ipsecdoi_id_b *)id->v; + struct sockaddr saddr; + u_int plen = 0; - /* XXX */ - buf[0] = '\0'; + switch (id_b->type) { + case IPSECDOI_ID_IPV4_ADDR: + case IPSECDOI_ID_IPV4_ADDR_SUBNET: + case IPSECDOI_ID_IPV4_ADDR_RANGE: - return buf; + saddr.sa_len = sizeof(struct sockaddr_in); + saddr.sa_family = AF_INET; + ((struct sockaddr_in *)&saddr)->sin_port = IPSEC_PORT_ANY; + memcpy(&((struct sockaddr_in *)&saddr)->sin_addr, + id->v + sizeof(*id_b), sizeof(struct in_addr)); + break; +#ifdef INET6 + case IPSECDOI_ID_IPV6_ADDR: + case IPSECDOI_ID_IPV6_ADDR_SUBNET: + case IPSECDOI_ID_IPV6_ADDR_RANGE: + + saddr.sa_len = sizeof(struct sockaddr_in6); + saddr.sa_family = AF_INET6; + ((struct sockaddr_in6 *)&saddr)->sin6_port = IPSEC_PORT_ANY; + memcpy(&((struct sockaddr_in6 *)&saddr)->sin6_addr, + id->v + sizeof(*id_b), sizeof(struct in6_addr)); + break; +#endif + } + + switch (id_b->type) { + case IPSECDOI_ID_IPV4_ADDR: +#ifdef INET6 + case IPSECDOI_ID_IPV6_ADDR: +#endif + len = snprintf( buf, BUFLEN, "%s", saddrwop2str(&saddr)); + break; + + case IPSECDOI_ID_IPV4_ADDR_SUBNET: +#ifdef INET6 + case IPSECDOI_ID_IPV6_ADDR_SUBNET: +#endif + { + u_char *p; + u_int max; + int alen = sizeof(struct in_addr); + + switch (id_b->type) { + case IPSECDOI_ID_IPV4_ADDR_SUBNET: + alen = sizeof(struct in_addr); + break; +#ifdef INET6 + case IPSECDOI_ID_IPV6_ADDR_SUBNET: + alen = sizeof(struct in6_addr); + break; +#endif + } + + /* sanity check */ + if (id->l < alen) { + len = 0; + break; + } + + /* get subnet mask length */ + plen = 0; + max = alen <<3; + + p = (unsigned char *) id->v + + sizeof(struct ipsecdoi_id_b) + + alen; + + for (; *p == 0xff; p++) { + if (plen >= max) + break; + plen += 8; + } + + if (plen < max) { + u_int l = 0; + u_char b = ~(*p); + + while (b) { + b >>= 1; + l++; + } + + l = 8 - l; + plen += l; + } + + len = snprintf( buf, BUFLEN, "%s/%i", saddrwop2str(&saddr), plen); + } + break; + + case IPSECDOI_ID_IPV4_ADDR_RANGE: + + len = snprintf( buf, BUFLEN, "%s-", saddrwop2str(&saddr)); + + saddr.sa_len = sizeof(struct sockaddr_in); + saddr.sa_family = AF_INET; + ((struct sockaddr_in *)&saddr)->sin_port = IPSEC_PORT_ANY; + memcpy(&((struct sockaddr_in *)&saddr)->sin_addr, + id->v + sizeof(*id_b) + sizeof(struct in_addr), + sizeof(struct in_addr)); + + len += snprintf( buf + len, BUFLEN - len, "%s", saddrwop2str(&saddr)); + + break; + +#ifdef INET6 + case IPSECDOI_ID_IPV6_ADDR_RANGE: + + len = snprintf( buf, BUFLEN, "%s-", saddrwop2str(&saddr)); + + saddr.sa_len = sizeof(struct sockaddr_in6); + saddr.sa_family = AF_INET6; + ((struct sockaddr_in6 *)&saddr)->sin6_port = IPSEC_PORT_ANY; + memcpy(&((struct sockaddr_in6 *)&saddr)->sin6_addr, + id->v + sizeof(*id_b) + sizeof(struct in6_addr), + sizeof(struct in6_addr)); + + len += snprintf( buf + len, BUFLEN - len, "%s", saddrwop2str(&saddr)); + + break; +#endif + + case IPSECDOI_ID_FQDN: + case IPSECDOI_ID_USER_FQDN: + len = id->l - sizeof(*id_b); + if (len > BUFLEN) + len = BUFLEN; + memcpy(buf, id->v + sizeof(*id_b), len); + break; + + case IPSECDOI_ID_DER_ASN1_DN: + case IPSECDOI_ID_DER_ASN1_GN: + { + dat = id->v + sizeof(*id_b); + len = id->l - sizeof(*id_b); + + X509_NAME *xn = NULL; + if (d2i_X509_NAME(&xn, (void*) &dat, len) != NULL) { + BIO *bio = BIO_new(BIO_s_mem()); + X509_NAME_print_ex(bio, xn, 0, 0); + len = BIO_get_mem_data(bio, &dat); + if (len > BUFLEN) + len = BUFLEN; + memcpy(buf,dat,len); + BIO_free(bio); + X509_NAME_free(xn); + } else { + plog(LLV_ERROR, LOCATION, NULL, + "unable to extract asn1dn from id\n"); + + len = sprintf(buf, "<ASN1-DN>"); + } + + break; + } + + /* currently unhandled id types */ + case IPSECDOI_ID_KEY_ID: + len = sprintf( buf, "<KEY-ID>"); + break; + + default: + plog(LLV_ERROR, LOCATION, NULL, + "unknown ID type %d\n", id_b->type); + } + + if (!len) + len = sprintf( buf, "<?>"); + + ret = racoon_malloc(len+1); + if (ret != NULL) { + memcpy(ret,buf,len); + ret[len]=0; + } + + return ret; } /* Index: ipsec_doi.h =================================================================== RCS file: /cvsroot/ipsec-tools/ipsec-tools/src/racoon/ipsec_doi.h,v retrieving revision 1.14 retrieving revision 1.15 diff -u -d -r1.14 -r1.15 --- ipsec_doi.h 3 May 2006 21:53:56 -0000 1.14 +++ ipsec_doi.h 11 Aug 2006 16:06:30 -0000 1.15 @@ -213,7 +213,7 @@ extern vchar_t *ipsecdoi_sockaddr2id __P((struct sockaddr *, u_int, u_int)); extern int ipsecdoi_id2sockaddr __P((vchar_t *, struct sockaddr *, u_int8_t *, u_int16_t *)); -extern const char *ipsecdoi_id2str __P((const vchar_t *)); +extern char *ipsecdoi_id2str __P((const vchar_t *)); extern vchar_t *ipsecdoi_sockrange2id __P(( struct sockaddr *, struct sockaddr *, u_int)); |