5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 *
21 * Copyright 2008 Sun Microsystems, Inc. All rights reserved.
22 * Use is subject to license terms.
23 */
24
25 #pragma ident "%Z%%M% %I% %E% SMI"
26
27 #include <unistd.h>
28 #include <stdio.h>
29 #include <stdarg.h>
30 #include <stdlib.h>
31 #include <sys/sysconf.h>
32 #include <string.h>
33 #include <strings.h>
34 #include <libintl.h>
35 #include <locale.h>
36 #include <ctype.h>
37 #include <time.h>
38 #include <sys/sysmacros.h>
39 #include <sys/stat.h>
40 #include <sys/mman.h>
41 #include <fcntl.h>
42 #include <sys/socket.h>
43 #include <netdb.h>
44 #include <errno.h>
45 #include <assert.h>
46 #include <netinet/in.h>
359 parsecmd(char *cmdstr, char *objstr)
360 {
361 #define MAXOBJS 10
362 struct objtbl {
363 char *obj;
364 int token;
365 };
366 static struct cmdtbl {
367 char *cmd;
368 int null_obj_token;
369 struct objtbl objt[MAXOBJS];
370 } table[] = {
371 {"get", IKE_SVC_ERROR, {
372 {"debug", IKE_SVC_GET_DBG},
373 {"priv", IKE_SVC_GET_PRIV},
374 {"stats", IKE_SVC_GET_STATS},
375 {"p1", IKE_SVC_GET_P1},
376 {"rule", IKE_SVC_GET_RULE},
377 {"preshared", IKE_SVC_GET_PS},
378 {"defaults", IKE_SVC_GET_DEFS},
379 {NULL, IKE_SVC_ERROR},
380 }
381 },
382 {"set", IKE_SVC_ERROR, {
383 {"debug", IKE_SVC_SET_DBG},
384 {"priv", IKE_SVC_SET_PRIV},
385 {NULL, IKE_SVC_ERROR},
386 }
387 },
388 {"add", IKE_SVC_ERROR, {
389 {"rule", IKE_SVC_NEW_RULE},
390 {"preshared", IKE_SVC_NEW_PS},
391 {NULL, IKE_SVC_ERROR},
392 }
393 },
394 {"del", IKE_SVC_ERROR, {
395 {"p1", IKE_SVC_DEL_P1},
396 {"rule", IKE_SVC_DEL_RULE},
397 {"preshared", IKE_SVC_DEL_PS},
398 {NULL, IKE_SVC_ERROR},
399 }
400 },
401 {"dump", IKE_SVC_ERROR, {
402 {"p1", IKE_SVC_DUMP_P1S},
403 {"rule", IKE_SVC_DUMP_RULES},
404 {"preshared", IKE_SVC_DUMP_PS},
405 {NULL, IKE_SVC_ERROR},
406 }
407 },
408 {"flush", IKE_SVC_ERROR, {
409 {"p1", IKE_SVC_FLUSH_P1S},
410 {NULL, IKE_SVC_ERROR},
411 }
412 },
413 {"read", IKE_SVC_ERROR, {
414 {"rule", IKE_SVC_READ_RULES},
415 {"preshared", IKE_SVC_READ_PS},
416 {NULL, IKE_SVC_ERROR},
417 }
418 },
419 {"write", IKE_SVC_ERROR, {
420 {"rule", IKE_SVC_WRITE_RULES},
421 {"preshared", IKE_SVC_WRITE_PS},
422 {NULL, IKE_SVC_ERROR},
423 }
424 },
425 {"help", IKEADM_HELP_GENERAL, {
426 {"get", IKEADM_HELP_GET},
427 {"set", IKEADM_HELP_SET},
428 {"add", IKEADM_HELP_ADD},
429 {"del", IKEADM_HELP_DEL},
430 {"dump", IKEADM_HELP_DUMP},
431 {"flush", IKEADM_HELP_FLUSH},
432 {"read", IKEADM_HELP_READ},
433 {"write", IKEADM_HELP_WRITE},
434 {"help", IKEADM_HELP_HELP},
435 {NULL, IKE_SVC_ERROR},
436 }
437 },
438 {"exit", IKEADM_EXIT, {
439 {NULL, IKE_SVC_ERROR},
440 }
441 },
442 {"quit", IKEADM_EXIT, {
443 {NULL, IKE_SVC_ERROR},
444 }
445 },
446 {"dbg", IKE_SVC_ERROR, {
447 {"rbdump", IKE_SVC_DBG_RBDUMP},
448 {NULL, IKE_SVC_ERROR},
449 }
450 },
451 {NULL, IKE_SVC_ERROR, {
452 {NULL, IKE_SVC_ERROR},
453 }
454 },
455 };
456 struct cmdtbl *ct = table;
457 struct objtbl *ot;
458
459 if (cmdstr == NULL) {
460 return (IKE_SVC_ERROR);
461 }
462
463 while (ct->cmd != NULL && strcmp(ct->cmd, cmdstr) != 0)
464 ct++;
465 ot = ct->objt;
466
467 if (ct->cmd == NULL) {
468 message(gettext("Unrecognized command '%s'"), cmdstr);
469 return (ot->token);
470 }
471
472 if (objstr == NULL) {
473 return (ct->null_obj_token);
474 }
1121
1122 *presharedpp = psp;
1123
1124 return (c);
1125
1126 bail:
1127 if (loche != NULL)
1128 FREE_HE(loche);
1129 if (remhe != NULL)
1130 FREE_HE(remhe);
1131 if (keyp != NULL)
1132 free(keyp);
1133 if (psp != NULL)
1134 free(psp);
1135
1136 *presharedpp = NULL;
1137
1138 return (-1);
1139 }
1140
1141 /* stolen from libdhcputil (dhcp_inittab.c) */
1142 static uint64_t
1143 ike_ntohll(uint64_t nll)
1144 {
1145 #ifdef _LITTLE_ENDIAN
1146 return ((uint64_t)ntohl(nll & 0xffffffff) << 32 | ntohl(nll >> 32));
1147 #else
1148 return (nll);
1149 #endif
1150 }
1151
1152 /*
1153 * Printing functions
1154 *
1155 * A potential point of confusion here is that the ikeadm-specific string-
1156 * producing functions do not match the ipsec_util.c versions in style: the
1157 * ikeadm-specific functions return a string (and are named foostr), while
1158 * the ipsec_util.c functions actually print the string to the file named
1159 * in the second arg to the function (and are named dump_foo).
1160 *
1161 * The reason for this is that in the context of the ikeadm output, it
1162 * seemed like the localization of the text would be more straightforward
1163 * (and could more easily accomodate non-english grammar!) if more complete
1164 * phrases were being translated, rather than a bit of a phrase followed by
1165 * a call to dump_foo() followed by more of the phrase.
1166 */
1167
1168 static char *
1169 errstr(int err)
1170 {
1171 static char rtn[MAXLINESIZE];
1172
1173 switch (err) {
1174 case IKE_ERR_NO_OBJ:
1175 return (gettext("No data returned"));
1176 case IKE_ERR_NO_DESC:
1177 return (gettext("No destination provided"));
1178 case IKE_ERR_ID_INVALID:
1179 return (gettext("Id info invalid"));
1180 case IKE_ERR_LOC_INVALID:
1181 return (gettext("Destination invalid"));
1182 case IKE_ERR_CMD_INVALID:
1183 return (gettext("Command invalid"));
1184 case IKE_ERR_DATA_INVALID:
1185 return (gettext("Supplied data invalid"));
1376 return (gettext("2048-bit MODP (group 14)"));
1377 case IKE_GRP_DESC_MODP_3072:
1378 return (gettext("3072-bit MODP (group 15)"));
1379 case IKE_GRP_DESC_MODP_4096:
1380 return (gettext("4096-bit MODP (group 16)"));
1381 case IKE_GRP_DESC_MODP_6144:
1382 return (gettext("6144-bit MODP (group 17)"));
1383 case IKE_GRP_DESC_MODP_8192:
1384 return (gettext("8192-bit MODP (group 18)"));
1385 default:
1386 (void) snprintf(rtn, MAXLINESIZE, gettext("<unknown %d>"), grp);
1387 return (rtn);
1388 }
1389 }
1390
1391 static void
1392 print_hdr(char *prefix, ike_p1_hdr_t *hdrp)
1393 {
1394 (void) printf(
1395 gettext("%s Cookies: Initiator 0x%llx Responder 0x%llx\n"),
1396 prefix, ike_ntohll(hdrp->p1hdr_cookies.cky_i),
1397 ike_ntohll(hdrp->p1hdr_cookies.cky_r));
1398 (void) printf(gettext("%s The local host is the %s.\n"), prefix,
1399 hdrp->p1hdr_isinit ? gettext("initiator") : gettext("responder"));
1400 (void) printf(gettext("%s ISAKMP version %d.%d; %s exchange\n"), prefix,
1401 hdrp->p1hdr_major, hdrp->p1hdr_minor, xchgstr(hdrp->p1hdr_xchg));
1402 (void) printf(gettext("%s Current state is %s"), prefix,
1403 statestr(hdrp->p1hdr_state));
1404 (void) printf("\n");
1405 }
1406
1407 static void
1408 print_lt_limits(char *prefix, ike_p1_xform_t *xfp)
1409 {
1410 (void) printf(gettext("%s Lifetime limits:\n"), prefix);
1411 (void) printf(gettext("%s %u seconds; %u kbytes protected; "),
1412 prefix, xfp->p1xf_max_secs, xfp->p1xf_max_kbytes);
1413 (void) printf(gettext("%u keymat provided.\n"), xfp->p1xf_max_keyuses);
1414 }
1415
1416 #define LT_USAGE_LEN 16 /* 1 uint64 + 2 uint32s */
1417 static void
|
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 *
21 * Copyright 2008 Sun Microsystems, Inc. All rights reserved.
22 * Use is subject to license terms.
23 */
24
25 #include <unistd.h>
26 #include <stdio.h>
27 #include <stdarg.h>
28 #include <stdlib.h>
29 #include <sys/sysconf.h>
30 #include <string.h>
31 #include <strings.h>
32 #include <libintl.h>
33 #include <locale.h>
34 #include <ctype.h>
35 #include <time.h>
36 #include <sys/sysmacros.h>
37 #include <sys/stat.h>
38 #include <sys/mman.h>
39 #include <fcntl.h>
40 #include <sys/socket.h>
41 #include <netdb.h>
42 #include <errno.h>
43 #include <assert.h>
44 #include <netinet/in.h>
357 parsecmd(char *cmdstr, char *objstr)
358 {
359 #define MAXOBJS 10
360 struct objtbl {
361 char *obj;
362 int token;
363 };
364 static struct cmdtbl {
365 char *cmd;
366 int null_obj_token;
367 struct objtbl objt[MAXOBJS];
368 } table[] = {
369 {"get", IKE_SVC_ERROR, {
370 {"debug", IKE_SVC_GET_DBG},
371 {"priv", IKE_SVC_GET_PRIV},
372 {"stats", IKE_SVC_GET_STATS},
373 {"p1", IKE_SVC_GET_P1},
374 {"rule", IKE_SVC_GET_RULE},
375 {"preshared", IKE_SVC_GET_PS},
376 {"defaults", IKE_SVC_GET_DEFS},
377 {NULL, IKE_SVC_ERROR}
378 }
379 },
380 {"set", IKE_SVC_ERROR, {
381 {"debug", IKE_SVC_SET_DBG},
382 {"priv", IKE_SVC_SET_PRIV},
383 {NULL, IKE_SVC_ERROR}
384 }
385 },
386 {"add", IKE_SVC_ERROR, {
387 {"rule", IKE_SVC_NEW_RULE},
388 {"preshared", IKE_SVC_NEW_PS},
389 {NULL, IKE_SVC_ERROR}
390 }
391 },
392 {"del", IKE_SVC_ERROR, {
393 {"p1", IKE_SVC_DEL_P1},
394 {"rule", IKE_SVC_DEL_RULE},
395 {"preshared", IKE_SVC_DEL_PS},
396 {NULL, IKE_SVC_ERROR}
397 }
398 },
399 {"dump", IKE_SVC_ERROR, {
400 {"p1", IKE_SVC_DUMP_P1S},
401 {"rule", IKE_SVC_DUMP_RULES},
402 {"preshared", IKE_SVC_DUMP_PS},
403 {NULL, IKE_SVC_ERROR}
404 }
405 },
406 {"flush", IKE_SVC_ERROR, {
407 {"p1", IKE_SVC_FLUSH_P1S},
408 {NULL, IKE_SVC_ERROR}
409 }
410 },
411 {"read", IKE_SVC_ERROR, {
412 {"rule", IKE_SVC_READ_RULES},
413 {"preshared", IKE_SVC_READ_PS},
414 {NULL, IKE_SVC_ERROR}
415 }
416 },
417 {"write", IKE_SVC_ERROR, {
418 {"rule", IKE_SVC_WRITE_RULES},
419 {"preshared", IKE_SVC_WRITE_PS},
420 {NULL, IKE_SVC_ERROR}
421 }
422 },
423 {"help", IKEADM_HELP_GENERAL, {
424 {"get", IKEADM_HELP_GET},
425 {"set", IKEADM_HELP_SET},
426 {"add", IKEADM_HELP_ADD},
427 {"del", IKEADM_HELP_DEL},
428 {"dump", IKEADM_HELP_DUMP},
429 {"flush", IKEADM_HELP_FLUSH},
430 {"read", IKEADM_HELP_READ},
431 {"write", IKEADM_HELP_WRITE},
432 {"help", IKEADM_HELP_HELP},
433 {NULL, IKE_SVC_ERROR}
434 }
435 },
436 {"exit", IKEADM_EXIT, {
437 {NULL, IKE_SVC_ERROR}
438 }
439 },
440 {"quit", IKEADM_EXIT, {
441 {NULL, IKE_SVC_ERROR}
442 }
443 },
444 {"dbg", IKE_SVC_ERROR, {
445 {"rbdump", IKE_SVC_DBG_RBDUMP},
446 {NULL, IKE_SVC_ERROR}
447 }
448 },
449 {NULL, IKE_SVC_ERROR, {
450 {NULL, IKE_SVC_ERROR}
451 }
452 }
453 };
454 struct cmdtbl *ct = table;
455 struct objtbl *ot;
456
457 if (cmdstr == NULL) {
458 return (IKE_SVC_ERROR);
459 }
460
461 while (ct->cmd != NULL && strcmp(ct->cmd, cmdstr) != 0)
462 ct++;
463 ot = ct->objt;
464
465 if (ct->cmd == NULL) {
466 message(gettext("Unrecognized command '%s'"), cmdstr);
467 return (ot->token);
468 }
469
470 if (objstr == NULL) {
471 return (ct->null_obj_token);
472 }
1119
1120 *presharedpp = psp;
1121
1122 return (c);
1123
1124 bail:
1125 if (loche != NULL)
1126 FREE_HE(loche);
1127 if (remhe != NULL)
1128 FREE_HE(remhe);
1129 if (keyp != NULL)
1130 free(keyp);
1131 if (psp != NULL)
1132 free(psp);
1133
1134 *presharedpp = NULL;
1135
1136 return (-1);
1137 }
1138
1139 /*
1140 * Printing functions
1141 *
1142 * A potential point of confusion here is that the ikeadm-specific string-
1143 * producing functions do not match the ipsec_util.c versions in style: the
1144 * ikeadm-specific functions return a string (and are named foostr), while
1145 * the ipsec_util.c functions actually print the string to the file named
1146 * in the second arg to the function (and are named dump_foo).
1147 *
1148 * Localization for ikeadm seems more straightforward when complete
1149 * phrases are translated rather than: a part of a phrase, a call to
1150 * dump_foo(), and more of the phrase. It could also accommodate
1151 * non-English grammar more easily.
1152 */
1153
1154 static char *
1155 errstr(int err)
1156 {
1157 static char rtn[MAXLINESIZE];
1158
1159 switch (err) {
1160 case IKE_ERR_NO_OBJ:
1161 return (gettext("No data returned"));
1162 case IKE_ERR_NO_DESC:
1163 return (gettext("No destination provided"));
1164 case IKE_ERR_ID_INVALID:
1165 return (gettext("Id info invalid"));
1166 case IKE_ERR_LOC_INVALID:
1167 return (gettext("Destination invalid"));
1168 case IKE_ERR_CMD_INVALID:
1169 return (gettext("Command invalid"));
1170 case IKE_ERR_DATA_INVALID:
1171 return (gettext("Supplied data invalid"));
1362 return (gettext("2048-bit MODP (group 14)"));
1363 case IKE_GRP_DESC_MODP_3072:
1364 return (gettext("3072-bit MODP (group 15)"));
1365 case IKE_GRP_DESC_MODP_4096:
1366 return (gettext("4096-bit MODP (group 16)"));
1367 case IKE_GRP_DESC_MODP_6144:
1368 return (gettext("6144-bit MODP (group 17)"));
1369 case IKE_GRP_DESC_MODP_8192:
1370 return (gettext("8192-bit MODP (group 18)"));
1371 default:
1372 (void) snprintf(rtn, MAXLINESIZE, gettext("<unknown %d>"), grp);
1373 return (rtn);
1374 }
1375 }
1376
1377 static void
1378 print_hdr(char *prefix, ike_p1_hdr_t *hdrp)
1379 {
1380 (void) printf(
1381 gettext("%s Cookies: Initiator 0x%llx Responder 0x%llx\n"),
1382 prefix, ntohll(hdrp->p1hdr_cookies.cky_i),
1383 ntohll(hdrp->p1hdr_cookies.cky_r));
1384 (void) printf(gettext("%s The local host is the %s.\n"), prefix,
1385 hdrp->p1hdr_isinit ? gettext("initiator") : gettext("responder"));
1386 (void) printf(gettext("%s ISAKMP version %d.%d; %s exchange\n"), prefix,
1387 hdrp->p1hdr_major, hdrp->p1hdr_minor, xchgstr(hdrp->p1hdr_xchg));
1388 (void) printf(gettext("%s Current state is %s"), prefix,
1389 statestr(hdrp->p1hdr_state));
1390 (void) printf("\n");
1391 }
1392
1393 static void
1394 print_lt_limits(char *prefix, ike_p1_xform_t *xfp)
1395 {
1396 (void) printf(gettext("%s Lifetime limits:\n"), prefix);
1397 (void) printf(gettext("%s %u seconds; %u kbytes protected; "),
1398 prefix, xfp->p1xf_max_secs, xfp->p1xf_max_kbytes);
1399 (void) printf(gettext("%u keymat provided.\n"), xfp->p1xf_max_keyuses);
1400 }
1401
1402 #define LT_USAGE_LEN 16 /* 1 uint64 + 2 uint32s */
1403 static void
|