1*7c478bd9Sstevel@tonic-gate /* 2*7c478bd9Sstevel@tonic-gate * CDDL HEADER START 3*7c478bd9Sstevel@tonic-gate * 4*7c478bd9Sstevel@tonic-gate * The contents of this file are subject to the terms of the 5*7c478bd9Sstevel@tonic-gate * Common Development and Distribution License, Version 1.0 only 6*7c478bd9Sstevel@tonic-gate * (the "License"). You may not use this file except in compliance 7*7c478bd9Sstevel@tonic-gate * with the License. 8*7c478bd9Sstevel@tonic-gate * 9*7c478bd9Sstevel@tonic-gate * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 10*7c478bd9Sstevel@tonic-gate * or http://www.opensolaris.org/os/licensing. 11*7c478bd9Sstevel@tonic-gate * See the License for the specific language governing permissions 12*7c478bd9Sstevel@tonic-gate * and limitations under the License. 13*7c478bd9Sstevel@tonic-gate * 14*7c478bd9Sstevel@tonic-gate * When distributing Covered Code, include this CDDL HEADER in each 15*7c478bd9Sstevel@tonic-gate * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 16*7c478bd9Sstevel@tonic-gate * If applicable, add the following below this CDDL HEADER, with the 17*7c478bd9Sstevel@tonic-gate * fields enclosed by brackets "[]" replaced with your own identifying 18*7c478bd9Sstevel@tonic-gate * information: Portions Copyright [yyyy] [name of copyright owner] 19*7c478bd9Sstevel@tonic-gate * 20*7c478bd9Sstevel@tonic-gate * CDDL HEADER END 21*7c478bd9Sstevel@tonic-gate */ 22*7c478bd9Sstevel@tonic-gate /* 23*7c478bd9Sstevel@tonic-gate * Copyright 2003 Sun Microsystems, Inc. All rights reserved. 24*7c478bd9Sstevel@tonic-gate * Use is subject to license terms. 25*7c478bd9Sstevel@tonic-gate */ 26*7c478bd9Sstevel@tonic-gate 27*7c478bd9Sstevel@tonic-gate #pragma ident "%Z%%M% %I% %E% SMI" 28*7c478bd9Sstevel@tonic-gate 29*7c478bd9Sstevel@tonic-gate #include <sys/types.h> 30*7c478bd9Sstevel@tonic-gate #include <sys/errno.h> 31*7c478bd9Sstevel@tonic-gate #include <sys/stat.h> 32*7c478bd9Sstevel@tonic-gate #include <ipsec_util.h> 33*7c478bd9Sstevel@tonic-gate #include <netdb.h> 34*7c478bd9Sstevel@tonic-gate #include <fcntl.h> 35*7c478bd9Sstevel@tonic-gate #include <unistd.h> 36*7c478bd9Sstevel@tonic-gate #include <synch.h> 37*7c478bd9Sstevel@tonic-gate #include <string.h> 38*7c478bd9Sstevel@tonic-gate #include <strings.h> 39*7c478bd9Sstevel@tonic-gate #include <stdlib.h> 40*7c478bd9Sstevel@tonic-gate #include <unistd.h> 41*7c478bd9Sstevel@tonic-gate #include <syslog.h> 42*7c478bd9Sstevel@tonic-gate 43*7c478bd9Sstevel@tonic-gate /* Globals... */ 44*7c478bd9Sstevel@tonic-gate static rwlock_t proto_rw = DEFAULTRWLOCK; /* Protects cached algorithm list. */ 45*7c478bd9Sstevel@tonic-gate static time_t proto_last_update; 46*7c478bd9Sstevel@tonic-gate static ipsec_proto_t *protos; 47*7c478bd9Sstevel@tonic-gate static int num_protos; 48*7c478bd9Sstevel@tonic-gate 49*7c478bd9Sstevel@tonic-gate void 50*7c478bd9Sstevel@tonic-gate _clean_trash(ipsec_proto_t *proto, int num) 51*7c478bd9Sstevel@tonic-gate { 52*7c478bd9Sstevel@tonic-gate int alg_offset; 53*7c478bd9Sstevel@tonic-gate 54*7c478bd9Sstevel@tonic-gate if (proto == NULL) 55*7c478bd9Sstevel@tonic-gate return; 56*7c478bd9Sstevel@tonic-gate 57*7c478bd9Sstevel@tonic-gate while (num-- != 0) { 58*7c478bd9Sstevel@tonic-gate free(proto[num].proto_name); 59*7c478bd9Sstevel@tonic-gate free(proto[num].proto_pkg); 60*7c478bd9Sstevel@tonic-gate for (alg_offset = 0; alg_offset < proto[num].proto_numalgs; 61*7c478bd9Sstevel@tonic-gate alg_offset++) 62*7c478bd9Sstevel@tonic-gate freeipsecalgent(proto[num].proto_algs[alg_offset]); 63*7c478bd9Sstevel@tonic-gate free(proto[num].proto_algs); 64*7c478bd9Sstevel@tonic-gate for (alg_offset = 0; alg_offset < proto[num].proto_algs_npkgs; 65*7c478bd9Sstevel@tonic-gate alg_offset++) 66*7c478bd9Sstevel@tonic-gate free(proto[num].proto_algs_pkgs[alg_offset].pkg_name); 67*7c478bd9Sstevel@tonic-gate free(proto[num].proto_algs_pkgs); 68*7c478bd9Sstevel@tonic-gate } 69*7c478bd9Sstevel@tonic-gate 70*7c478bd9Sstevel@tonic-gate free(proto); 71*7c478bd9Sstevel@tonic-gate } 72*7c478bd9Sstevel@tonic-gate 73*7c478bd9Sstevel@tonic-gate static const char *pipechar = "|"; 74*7c478bd9Sstevel@tonic-gate static const char *comma = ","; 75*7c478bd9Sstevel@tonic-gate static const char *dash = "-"; 76*7c478bd9Sstevel@tonic-gate static const char *slash = "/"; 77*7c478bd9Sstevel@tonic-gate 78*7c478bd9Sstevel@tonic-gate /* 79*7c478bd9Sstevel@tonic-gate * Returns >= 0 if success (and > 0 means "increment"). 80*7c478bd9Sstevel@tonic-gate * Returns -1 if failure. 81*7c478bd9Sstevel@tonic-gate */ 82*7c478bd9Sstevel@tonic-gate static int 83*7c478bd9Sstevel@tonic-gate build_keysizes(int **sizep, char *input_string) 84*7c478bd9Sstevel@tonic-gate { 85*7c478bd9Sstevel@tonic-gate char *lasts, *token; 86*7c478bd9Sstevel@tonic-gate int *key_sizes = NULL, num_sizes, key_low, key_high, key_default; 87*7c478bd9Sstevel@tonic-gate int key_increment = 0; 88*7c478bd9Sstevel@tonic-gate 89*7c478bd9Sstevel@tonic-gate /* 90*7c478bd9Sstevel@tonic-gate * Okay, let's check the format of the key string. It'll be either: 91*7c478bd9Sstevel@tonic-gate * 92*7c478bd9Sstevel@tonic-gate * enumeration: size1,size2...,sizeN 93*7c478bd9Sstevel@tonic-gate * range: defaultSize/sizeLow-sizeHi,increment 94*7c478bd9Sstevel@tonic-gate * 95*7c478bd9Sstevel@tonic-gate * In the case of an enumeration, the default key size is the 96*7c478bd9Sstevel@tonic-gate * first one in the list. 97*7c478bd9Sstevel@tonic-gate */ 98*7c478bd9Sstevel@tonic-gate 99*7c478bd9Sstevel@tonic-gate if (strchr(input_string, '/') != NULL) { 100*7c478bd9Sstevel@tonic-gate /* key sizes specified by range */ 101*7c478bd9Sstevel@tonic-gate 102*7c478bd9Sstevel@tonic-gate /* default */ 103*7c478bd9Sstevel@tonic-gate token = strtok_r(input_string, slash, &lasts); 104*7c478bd9Sstevel@tonic-gate if (token == NULL || (key_default = atoi(token)) == 0) 105*7c478bd9Sstevel@tonic-gate return (-1); 106*7c478bd9Sstevel@tonic-gate 107*7c478bd9Sstevel@tonic-gate /* low */ 108*7c478bd9Sstevel@tonic-gate token = strtok_r(NULL, dash, &lasts); 109*7c478bd9Sstevel@tonic-gate if (token == NULL || (key_low = atoi(token)) == 0) 110*7c478bd9Sstevel@tonic-gate return (-1); 111*7c478bd9Sstevel@tonic-gate 112*7c478bd9Sstevel@tonic-gate /* high */ 113*7c478bd9Sstevel@tonic-gate token = strtok_r(NULL, comma, &lasts); 114*7c478bd9Sstevel@tonic-gate if (token == NULL || (key_high = atoi(token)) == 0 || 115*7c478bd9Sstevel@tonic-gate key_high <= key_low) 116*7c478bd9Sstevel@tonic-gate return (-1); 117*7c478bd9Sstevel@tonic-gate 118*7c478bd9Sstevel@tonic-gate /* increment */ 119*7c478bd9Sstevel@tonic-gate token = strtok_r(NULL, "", &lasts); 120*7c478bd9Sstevel@tonic-gate if (token == NULL || (key_increment = atoi(token)) == 0) 121*7c478bd9Sstevel@tonic-gate return (-1); 122*7c478bd9Sstevel@tonic-gate 123*7c478bd9Sstevel@tonic-gate key_sizes = (int *)malloc(LIBIPSEC_ALGS_KEY_NUM_VAL * 124*7c478bd9Sstevel@tonic-gate sizeof (int)); 125*7c478bd9Sstevel@tonic-gate if (key_sizes == NULL) 126*7c478bd9Sstevel@tonic-gate return (-1); 127*7c478bd9Sstevel@tonic-gate 128*7c478bd9Sstevel@tonic-gate key_sizes[LIBIPSEC_ALGS_KEY_DEF_IDX] = key_default; 129*7c478bd9Sstevel@tonic-gate key_sizes[LIBIPSEC_ALGS_KEY_MIN_IDX] = key_low; 130*7c478bd9Sstevel@tonic-gate key_sizes[LIBIPSEC_ALGS_KEY_MAX_IDX] = key_high; 131*7c478bd9Sstevel@tonic-gate key_sizes[LIBIPSEC_ALGS_KEY_MAX_IDX + 1] = 0; 132*7c478bd9Sstevel@tonic-gate } else { 133*7c478bd9Sstevel@tonic-gate /* key sizes specified by enumeration */ 134*7c478bd9Sstevel@tonic-gate 135*7c478bd9Sstevel@tonic-gate key_sizes = (int *)malloc(sizeof (int)); 136*7c478bd9Sstevel@tonic-gate if (key_sizes == NULL) 137*7c478bd9Sstevel@tonic-gate return (-1); 138*7c478bd9Sstevel@tonic-gate num_sizes = 0; 139*7c478bd9Sstevel@tonic-gate 140*7c478bd9Sstevel@tonic-gate token = strtok_r(input_string, comma, &lasts); 141*7c478bd9Sstevel@tonic-gate if (token == NULL || key_sizes == NULL) 142*7c478bd9Sstevel@tonic-gate return (-1); 143*7c478bd9Sstevel@tonic-gate *key_sizes = 0; 144*7c478bd9Sstevel@tonic-gate do { 145*7c478bd9Sstevel@tonic-gate int *nks; 146*7c478bd9Sstevel@tonic-gate 147*7c478bd9Sstevel@tonic-gate nks = (int *)realloc(key_sizes, 148*7c478bd9Sstevel@tonic-gate sizeof (int) * ((++num_sizes) + 1)); 149*7c478bd9Sstevel@tonic-gate if (nks == NULL) { 150*7c478bd9Sstevel@tonic-gate free(key_sizes); 151*7c478bd9Sstevel@tonic-gate return (-1); 152*7c478bd9Sstevel@tonic-gate } 153*7c478bd9Sstevel@tonic-gate key_sizes = nks; 154*7c478bd9Sstevel@tonic-gate /* Can't check for atoi() == 0 here... */ 155*7c478bd9Sstevel@tonic-gate key_sizes[num_sizes - 1] = atoi(token); 156*7c478bd9Sstevel@tonic-gate key_sizes[num_sizes] = 0; 157*7c478bd9Sstevel@tonic-gate } while ((token = strtok_r(NULL, comma, &lasts)) != NULL); 158*7c478bd9Sstevel@tonic-gate } 159*7c478bd9Sstevel@tonic-gate 160*7c478bd9Sstevel@tonic-gate *sizep = key_sizes; 161*7c478bd9Sstevel@tonic-gate 162*7c478bd9Sstevel@tonic-gate return (key_increment); 163*7c478bd9Sstevel@tonic-gate } 164*7c478bd9Sstevel@tonic-gate 165*7c478bd9Sstevel@tonic-gate /* 166*7c478bd9Sstevel@tonic-gate * Find the execution mode corresponding to the given string. 167*7c478bd9Sstevel@tonic-gate * Returns 0 on success, -1 on failure. 168*7c478bd9Sstevel@tonic-gate */ 169*7c478bd9Sstevel@tonic-gate int 170*7c478bd9Sstevel@tonic-gate _str_to_ipsec_exec_mode(char *str, ipsecalgs_exec_mode_t *exec_mode) 171*7c478bd9Sstevel@tonic-gate { 172*7c478bd9Sstevel@tonic-gate if (strcmp(str, "sync") == 0) { 173*7c478bd9Sstevel@tonic-gate *exec_mode = LIBIPSEC_ALGS_EXEC_SYNC; 174*7c478bd9Sstevel@tonic-gate return (0); 175*7c478bd9Sstevel@tonic-gate } else if (strcmp(str, "async") == 0) { 176*7c478bd9Sstevel@tonic-gate *exec_mode = LIBIPSEC_ALGS_EXEC_ASYNC; 177*7c478bd9Sstevel@tonic-gate return (0); 178*7c478bd9Sstevel@tonic-gate } 179*7c478bd9Sstevel@tonic-gate 180*7c478bd9Sstevel@tonic-gate return (-1); 181*7c478bd9Sstevel@tonic-gate } 182*7c478bd9Sstevel@tonic-gate 183*7c478bd9Sstevel@tonic-gate /* 184*7c478bd9Sstevel@tonic-gate * Given a file pointer, read all the text from the file and convert it into 185*7c478bd9Sstevel@tonic-gate * a bunch of ipsec_proto_t's, each with an array of struct ipsecalgent 186*7c478bd9Sstevel@tonic-gate * pointers - one for each algorithm. 187*7c478bd9Sstevel@tonic-gate */ 188*7c478bd9Sstevel@tonic-gate static ipsec_proto_t * 189*7c478bd9Sstevel@tonic-gate build_list(FILE *f, int *num) 190*7c478bd9Sstevel@tonic-gate { 191*7c478bd9Sstevel@tonic-gate char line[1024]; 192*7c478bd9Sstevel@tonic-gate char *token, *lasts, *alg_names, *ef_name, *key_string, *block_string; 193*7c478bd9Sstevel@tonic-gate char *proto_name; 194*7c478bd9Sstevel@tonic-gate ipsec_proto_t *rc = NULL, *new_proto = NULL; 195*7c478bd9Sstevel@tonic-gate int *block_sizes, *key_sizes; 196*7c478bd9Sstevel@tonic-gate int rc_num = 0, key_increment; 197*7c478bd9Sstevel@tonic-gate int new_num, alg_num, num_sizes; 198*7c478bd9Sstevel@tonic-gate struct ipsecalgent *curalg, **newalglist; 199*7c478bd9Sstevel@tonic-gate char cur_pkg[1024]; 200*7c478bd9Sstevel@tonic-gate boolean_t doing_pkg = B_FALSE; 201*7c478bd9Sstevel@tonic-gate ipsecalgs_exec_mode_t exec_mode; 202*7c478bd9Sstevel@tonic-gate char diag_buf[128]; 203*7c478bd9Sstevel@tonic-gate 204*7c478bd9Sstevel@tonic-gate diag_buf[0] = '\0'; 205*7c478bd9Sstevel@tonic-gate 206*7c478bd9Sstevel@tonic-gate while (fgets(line, sizeof (line), f) != NULL) { 207*7c478bd9Sstevel@tonic-gate if (strncasecmp(line, LIBIPSEC_ALGS_LINE_PROTO, 208*7c478bd9Sstevel@tonic-gate sizeof (LIBIPSEC_ALGS_LINE_PROTO) - 1) != 0 && 209*7c478bd9Sstevel@tonic-gate strncasecmp(line, LIBIPSEC_ALGS_LINE_ALG, 210*7c478bd9Sstevel@tonic-gate sizeof (LIBIPSEC_ALGS_LINE_ALG) - 1) != 0 && 211*7c478bd9Sstevel@tonic-gate strncasecmp(line, LIBIPSEC_ALGS_LINE_PKGSTART, 212*7c478bd9Sstevel@tonic-gate sizeof (LIBIPSEC_ALGS_LINE_PKGSTART) - 1) != 0 && 213*7c478bd9Sstevel@tonic-gate strncasecmp(line, LIBIPSEC_ALGS_LINE_PKGEND, 214*7c478bd9Sstevel@tonic-gate sizeof (LIBIPSEC_ALGS_LINE_PKGEND) - 1) != 0) { 215*7c478bd9Sstevel@tonic-gate if ((token = strtok_r(line, " \t\n", &lasts)) == NULL || 216*7c478bd9Sstevel@tonic-gate token[0] == '#') { 217*7c478bd9Sstevel@tonic-gate continue; 218*7c478bd9Sstevel@tonic-gate } else { 219*7c478bd9Sstevel@tonic-gate snprintf(diag_buf, sizeof (diag_buf), 220*7c478bd9Sstevel@tonic-gate "non-recognized start of line"); 221*7c478bd9Sstevel@tonic-gate goto bail; 222*7c478bd9Sstevel@tonic-gate } 223*7c478bd9Sstevel@tonic-gate } 224*7c478bd9Sstevel@tonic-gate 225*7c478bd9Sstevel@tonic-gate if (strncasecmp(line, LIBIPSEC_ALGS_LINE_PROTO, 226*7c478bd9Sstevel@tonic-gate sizeof (LIBIPSEC_ALGS_LINE_PROTO) - 1) == 0) { 227*7c478bd9Sstevel@tonic-gate /* current line defines a new protocol */ 228*7c478bd9Sstevel@tonic-gate 229*7c478bd9Sstevel@tonic-gate /* skip the protocol token */ 230*7c478bd9Sstevel@tonic-gate token = strtok_r(line, pipechar, &lasts); 231*7c478bd9Sstevel@tonic-gate 232*7c478bd9Sstevel@tonic-gate /* protocol number */ 233*7c478bd9Sstevel@tonic-gate token = strtok_r(NULL, pipechar, &lasts); 234*7c478bd9Sstevel@tonic-gate if (token == NULL || (new_num = atoi(token)) == 0) { 235*7c478bd9Sstevel@tonic-gate snprintf(diag_buf, sizeof (diag_buf), 236*7c478bd9Sstevel@tonic-gate "invalid protocol number"); 237*7c478bd9Sstevel@tonic-gate goto bail; 238*7c478bd9Sstevel@tonic-gate } 239*7c478bd9Sstevel@tonic-gate 240*7c478bd9Sstevel@tonic-gate /* protocol name */ 241*7c478bd9Sstevel@tonic-gate token = strtok_r(NULL, pipechar, &lasts); 242*7c478bd9Sstevel@tonic-gate if (token == NULL) { 243*7c478bd9Sstevel@tonic-gate snprintf(diag_buf, sizeof (diag_buf), 244*7c478bd9Sstevel@tonic-gate "cannot read protocol name"); 245*7c478bd9Sstevel@tonic-gate goto bail; 246*7c478bd9Sstevel@tonic-gate } 247*7c478bd9Sstevel@tonic-gate proto_name = token; 248*7c478bd9Sstevel@tonic-gate 249*7c478bd9Sstevel@tonic-gate /* execution mode */ 250*7c478bd9Sstevel@tonic-gate token = strtok_r(NULL, pipechar, &lasts); 251*7c478bd9Sstevel@tonic-gate if (token == NULL) { 252*7c478bd9Sstevel@tonic-gate snprintf(diag_buf, sizeof (diag_buf), 253*7c478bd9Sstevel@tonic-gate "cannot read execution mode"); 254*7c478bd9Sstevel@tonic-gate goto bail; 255*7c478bd9Sstevel@tonic-gate } 256*7c478bd9Sstevel@tonic-gate /* remove trailing '\n' */ 257*7c478bd9Sstevel@tonic-gate token[strlen(token) - 1] = '\0'; 258*7c478bd9Sstevel@tonic-gate if (_str_to_ipsec_exec_mode(token, &exec_mode) != 0) { 259*7c478bd9Sstevel@tonic-gate snprintf(diag_buf, sizeof (diag_buf), 260*7c478bd9Sstevel@tonic-gate "invalid execution mode: \"%s\"", token); 261*7c478bd9Sstevel@tonic-gate goto bail; 262*7c478bd9Sstevel@tonic-gate } 263*7c478bd9Sstevel@tonic-gate 264*7c478bd9Sstevel@tonic-gate /* initialize protocol structure */ 265*7c478bd9Sstevel@tonic-gate rc_num++; 266*7c478bd9Sstevel@tonic-gate new_proto = (ipsec_proto_t *)realloc(rc, 267*7c478bd9Sstevel@tonic-gate sizeof (ipsec_proto_t) * rc_num); 268*7c478bd9Sstevel@tonic-gate rc = new_proto; 269*7c478bd9Sstevel@tonic-gate if (new_proto == NULL) 270*7c478bd9Sstevel@tonic-gate goto bail; 271*7c478bd9Sstevel@tonic-gate new_proto += (rc_num - 1); 272*7c478bd9Sstevel@tonic-gate new_proto->proto_num = new_num; 273*7c478bd9Sstevel@tonic-gate new_proto->proto_algs = NULL; 274*7c478bd9Sstevel@tonic-gate new_proto->proto_numalgs = 0; 275*7c478bd9Sstevel@tonic-gate new_proto->proto_name = strdup(proto_name); 276*7c478bd9Sstevel@tonic-gate if (new_proto->proto_name == NULL) 277*7c478bd9Sstevel@tonic-gate goto bail; 278*7c478bd9Sstevel@tonic-gate new_proto->proto_exec_mode = exec_mode; 279*7c478bd9Sstevel@tonic-gate 280*7c478bd9Sstevel@tonic-gate if (doing_pkg) { 281*7c478bd9Sstevel@tonic-gate /* record proto as being part of current pkg */ 282*7c478bd9Sstevel@tonic-gate new_proto->proto_pkg = strdup(cur_pkg); 283*7c478bd9Sstevel@tonic-gate if (new_proto->proto_pkg == NULL) 284*7c478bd9Sstevel@tonic-gate goto bail; 285*7c478bd9Sstevel@tonic-gate } else { 286*7c478bd9Sstevel@tonic-gate new_proto->proto_pkg = NULL; 287*7c478bd9Sstevel@tonic-gate } 288*7c478bd9Sstevel@tonic-gate 289*7c478bd9Sstevel@tonic-gate new_proto->proto_algs_pkgs = NULL; 290*7c478bd9Sstevel@tonic-gate new_proto->proto_algs_npkgs = 0; 291*7c478bd9Sstevel@tonic-gate 292*7c478bd9Sstevel@tonic-gate } else if (strncasecmp(line, LIBIPSEC_ALGS_LINE_ALG, 293*7c478bd9Sstevel@tonic-gate sizeof (LIBIPSEC_ALGS_LINE_ALG) - 1) == 0) { 294*7c478bd9Sstevel@tonic-gate /* current line defines a new algorithm */ 295*7c478bd9Sstevel@tonic-gate 296*7c478bd9Sstevel@tonic-gate /* skip the algorithm token */ 297*7c478bd9Sstevel@tonic-gate token = strtok_r(line, pipechar, &lasts); 298*7c478bd9Sstevel@tonic-gate 299*7c478bd9Sstevel@tonic-gate /* protocol number */ 300*7c478bd9Sstevel@tonic-gate token = strtok_r(NULL, pipechar, &lasts); 301*7c478bd9Sstevel@tonic-gate if (token == NULL || (new_num = atoi(token)) == 0) { 302*7c478bd9Sstevel@tonic-gate snprintf(diag_buf, sizeof (diag_buf), 303*7c478bd9Sstevel@tonic-gate "invalid algorithm number"); 304*7c478bd9Sstevel@tonic-gate goto bail; 305*7c478bd9Sstevel@tonic-gate } 306*7c478bd9Sstevel@tonic-gate 307*7c478bd9Sstevel@tonic-gate /* We can be O(N) for now. There aren't that many. */ 308*7c478bd9Sstevel@tonic-gate for (new_proto = rc; new_proto < (rc + new_num); 309*7c478bd9Sstevel@tonic-gate new_proto++) 310*7c478bd9Sstevel@tonic-gate if (new_proto->proto_num == new_num) 311*7c478bd9Sstevel@tonic-gate break; 312*7c478bd9Sstevel@tonic-gate if (new_proto == (rc + new_num)) { 313*7c478bd9Sstevel@tonic-gate snprintf(diag_buf, sizeof (diag_buf), 314*7c478bd9Sstevel@tonic-gate "invalid protocol number %d for algorithm", 315*7c478bd9Sstevel@tonic-gate new_num); 316*7c478bd9Sstevel@tonic-gate goto bail; 317*7c478bd9Sstevel@tonic-gate } 318*7c478bd9Sstevel@tonic-gate 319*7c478bd9Sstevel@tonic-gate /* algorithm number */ 320*7c478bd9Sstevel@tonic-gate token = strtok_r(NULL, pipechar, &lasts); 321*7c478bd9Sstevel@tonic-gate if (token == NULL) { 322*7c478bd9Sstevel@tonic-gate snprintf(diag_buf, sizeof (diag_buf), 323*7c478bd9Sstevel@tonic-gate "cannot read algorithm number"); 324*7c478bd9Sstevel@tonic-gate goto bail; 325*7c478bd9Sstevel@tonic-gate } 326*7c478bd9Sstevel@tonic-gate /* Can't check for 0 here. */ 327*7c478bd9Sstevel@tonic-gate alg_num = atoi(token); 328*7c478bd9Sstevel@tonic-gate 329*7c478bd9Sstevel@tonic-gate /* algorithm names */ 330*7c478bd9Sstevel@tonic-gate token = strtok_r(NULL, pipechar, &lasts); 331*7c478bd9Sstevel@tonic-gate if (token == NULL) { 332*7c478bd9Sstevel@tonic-gate snprintf(diag_buf, sizeof (diag_buf), 333*7c478bd9Sstevel@tonic-gate "cannot read algorithm number"); 334*7c478bd9Sstevel@tonic-gate goto bail; 335*7c478bd9Sstevel@tonic-gate } 336*7c478bd9Sstevel@tonic-gate alg_names = token; 337*7c478bd9Sstevel@tonic-gate 338*7c478bd9Sstevel@tonic-gate /* mechanism name */ 339*7c478bd9Sstevel@tonic-gate token = strtok_r(NULL, pipechar, &lasts); 340*7c478bd9Sstevel@tonic-gate if (token == NULL) { 341*7c478bd9Sstevel@tonic-gate snprintf(diag_buf, sizeof (diag_buf), 342*7c478bd9Sstevel@tonic-gate "cannot read mechanism name for alg %d " 343*7c478bd9Sstevel@tonic-gate "(proto %d)", alg_num, 344*7c478bd9Sstevel@tonic-gate new_proto->proto_num); 345*7c478bd9Sstevel@tonic-gate goto bail; 346*7c478bd9Sstevel@tonic-gate } 347*7c478bd9Sstevel@tonic-gate ef_name = token; 348*7c478bd9Sstevel@tonic-gate 349*7c478bd9Sstevel@tonic-gate /* key sizes */ 350*7c478bd9Sstevel@tonic-gate token = strtok_r(NULL, pipechar, &lasts); 351*7c478bd9Sstevel@tonic-gate if (token == NULL) { 352*7c478bd9Sstevel@tonic-gate snprintf(diag_buf, sizeof (diag_buf), 353*7c478bd9Sstevel@tonic-gate "cannot read key sizes for alg %d " 354*7c478bd9Sstevel@tonic-gate "(proto %d)", alg_num, 355*7c478bd9Sstevel@tonic-gate new_proto->proto_num); 356*7c478bd9Sstevel@tonic-gate goto bail; 357*7c478bd9Sstevel@tonic-gate } 358*7c478bd9Sstevel@tonic-gate key_string = token; 359*7c478bd9Sstevel@tonic-gate 360*7c478bd9Sstevel@tonic-gate /* block sizes */ 361*7c478bd9Sstevel@tonic-gate token = strtok_r(NULL, pipechar, &lasts); 362*7c478bd9Sstevel@tonic-gate if (token == NULL) { 363*7c478bd9Sstevel@tonic-gate snprintf(diag_buf, sizeof (diag_buf), 364*7c478bd9Sstevel@tonic-gate "cannot read mechanism name for alg %d " 365*7c478bd9Sstevel@tonic-gate "(proto %d)", alg_num, 366*7c478bd9Sstevel@tonic-gate new_proto->proto_num); 367*7c478bd9Sstevel@tonic-gate goto bail; 368*7c478bd9Sstevel@tonic-gate } 369*7c478bd9Sstevel@tonic-gate block_string = token; 370*7c478bd9Sstevel@tonic-gate 371*7c478bd9Sstevel@tonic-gate /* extract key sizes */ 372*7c478bd9Sstevel@tonic-gate key_increment = build_keysizes(&key_sizes, key_string); 373*7c478bd9Sstevel@tonic-gate if (key_increment == -1) { 374*7c478bd9Sstevel@tonic-gate snprintf(diag_buf, sizeof (diag_buf), 375*7c478bd9Sstevel@tonic-gate "invalid key sizes for alg %d (proto %d)", 376*7c478bd9Sstevel@tonic-gate alg_num, new_proto->proto_num); 377*7c478bd9Sstevel@tonic-gate goto bail; 378*7c478bd9Sstevel@tonic-gate } 379*7c478bd9Sstevel@tonic-gate 380*7c478bd9Sstevel@tonic-gate /* extract block sizes */ 381*7c478bd9Sstevel@tonic-gate block_sizes = (int *)malloc(sizeof (int)); 382*7c478bd9Sstevel@tonic-gate if (block_sizes == NULL) { 383*7c478bd9Sstevel@tonic-gate free(key_sizes); 384*7c478bd9Sstevel@tonic-gate goto bail; 385*7c478bd9Sstevel@tonic-gate } 386*7c478bd9Sstevel@tonic-gate num_sizes = 0; 387*7c478bd9Sstevel@tonic-gate token = strtok_r(block_string, comma, &lasts); 388*7c478bd9Sstevel@tonic-gate if (token == NULL) { 389*7c478bd9Sstevel@tonic-gate snprintf(diag_buf, sizeof (diag_buf), 390*7c478bd9Sstevel@tonic-gate "invalid block sizes for alg %d (proto %d)", 391*7c478bd9Sstevel@tonic-gate alg_num, new_proto->proto_num); 392*7c478bd9Sstevel@tonic-gate free(key_sizes); 393*7c478bd9Sstevel@tonic-gate goto bail; 394*7c478bd9Sstevel@tonic-gate } 395*7c478bd9Sstevel@tonic-gate *block_sizes = 0; 396*7c478bd9Sstevel@tonic-gate do { 397*7c478bd9Sstevel@tonic-gate int *nbk; 398*7c478bd9Sstevel@tonic-gate 399*7c478bd9Sstevel@tonic-gate nbk = (int *)realloc(block_sizes, 400*7c478bd9Sstevel@tonic-gate sizeof (int) * ((++num_sizes) + 1)); 401*7c478bd9Sstevel@tonic-gate if (nbk == NULL) { 402*7c478bd9Sstevel@tonic-gate free(key_sizes); 403*7c478bd9Sstevel@tonic-gate free(block_sizes); 404*7c478bd9Sstevel@tonic-gate goto bail; 405*7c478bd9Sstevel@tonic-gate } 406*7c478bd9Sstevel@tonic-gate block_sizes = nbk; 407*7c478bd9Sstevel@tonic-gate /* Can't check for 0 here... */ 408*7c478bd9Sstevel@tonic-gate block_sizes[num_sizes - 1] = atoi(token); 409*7c478bd9Sstevel@tonic-gate block_sizes[num_sizes] = 0; 410*7c478bd9Sstevel@tonic-gate } while ((token = strtok_r(NULL, comma, &lasts)) != 411*7c478bd9Sstevel@tonic-gate NULL); 412*7c478bd9Sstevel@tonic-gate 413*7c478bd9Sstevel@tonic-gate /* Allocate a new struct ipsecalgent. */ 414*7c478bd9Sstevel@tonic-gate curalg = (struct ipsecalgent *)calloc( 415*7c478bd9Sstevel@tonic-gate sizeof (struct ipsecalgent), 1); 416*7c478bd9Sstevel@tonic-gate if (curalg == NULL) { 417*7c478bd9Sstevel@tonic-gate free(key_sizes); 418*7c478bd9Sstevel@tonic-gate free(block_sizes); 419*7c478bd9Sstevel@tonic-gate goto bail; 420*7c478bd9Sstevel@tonic-gate } 421*7c478bd9Sstevel@tonic-gate curalg->a_proto_num = new_num; 422*7c478bd9Sstevel@tonic-gate curalg->a_alg_num = alg_num; 423*7c478bd9Sstevel@tonic-gate curalg->a_block_sizes = block_sizes; 424*7c478bd9Sstevel@tonic-gate curalg->a_key_sizes = key_sizes; 425*7c478bd9Sstevel@tonic-gate curalg->a_key_increment = key_increment; 426*7c478bd9Sstevel@tonic-gate if ((curalg->a_mech_name = strdup(ef_name)) == NULL) { 427*7c478bd9Sstevel@tonic-gate freeipsecalgent(curalg); 428*7c478bd9Sstevel@tonic-gate goto bail; 429*7c478bd9Sstevel@tonic-gate } 430*7c478bd9Sstevel@tonic-gate /* Set names. */ 431*7c478bd9Sstevel@tonic-gate curalg->a_names = (char **)malloc(sizeof (char *)); 432*7c478bd9Sstevel@tonic-gate num_sizes = 0; /* Recycle "sizes" */ 433*7c478bd9Sstevel@tonic-gate token = strtok_r(alg_names, comma, &lasts); 434*7c478bd9Sstevel@tonic-gate if (curalg->a_names == NULL || token == NULL) { 435*7c478bd9Sstevel@tonic-gate freeipsecalgent(curalg); 436*7c478bd9Sstevel@tonic-gate goto bail; 437*7c478bd9Sstevel@tonic-gate } 438*7c478bd9Sstevel@tonic-gate do { 439*7c478bd9Sstevel@tonic-gate char **nnames; 440*7c478bd9Sstevel@tonic-gate 441*7c478bd9Sstevel@tonic-gate nnames = (char **)realloc(curalg->a_names, 442*7c478bd9Sstevel@tonic-gate sizeof (char *) * ((++num_sizes) + 1)); 443*7c478bd9Sstevel@tonic-gate if (nnames == NULL) { 444*7c478bd9Sstevel@tonic-gate freeipsecalgent(curalg); 445*7c478bd9Sstevel@tonic-gate goto bail; 446*7c478bd9Sstevel@tonic-gate } 447*7c478bd9Sstevel@tonic-gate curalg->a_names = nnames; 448*7c478bd9Sstevel@tonic-gate curalg->a_names[num_sizes] = NULL; 449*7c478bd9Sstevel@tonic-gate curalg->a_names[num_sizes - 1] = 450*7c478bd9Sstevel@tonic-gate strdup(token); 451*7c478bd9Sstevel@tonic-gate if (curalg->a_names[num_sizes - 1] == NULL) { 452*7c478bd9Sstevel@tonic-gate freeipsecalgent(curalg); 453*7c478bd9Sstevel@tonic-gate goto bail; 454*7c478bd9Sstevel@tonic-gate } 455*7c478bd9Sstevel@tonic-gate } while ((token = strtok_r(NULL, comma, &lasts)) != 456*7c478bd9Sstevel@tonic-gate NULL); 457*7c478bd9Sstevel@tonic-gate 458*7c478bd9Sstevel@tonic-gate if (doing_pkg) { 459*7c478bd9Sstevel@tonic-gate /* record alg as being part of current pkg */ 460*7c478bd9Sstevel@tonic-gate int npkgs = new_proto->proto_algs_npkgs; 461*7c478bd9Sstevel@tonic-gate 462*7c478bd9Sstevel@tonic-gate new_proto->proto_algs_pkgs = realloc( 463*7c478bd9Sstevel@tonic-gate new_proto->proto_algs_pkgs, 464*7c478bd9Sstevel@tonic-gate (npkgs + 1) * sizeof (ipsecalgs_pkg_t)); 465*7c478bd9Sstevel@tonic-gate if (new_proto->proto_algs_pkgs == NULL) 466*7c478bd9Sstevel@tonic-gate goto bail; 467*7c478bd9Sstevel@tonic-gate 468*7c478bd9Sstevel@tonic-gate new_proto->proto_algs_pkgs[npkgs].alg_num = 469*7c478bd9Sstevel@tonic-gate curalg->a_alg_num; 470*7c478bd9Sstevel@tonic-gate new_proto->proto_algs_pkgs[npkgs].pkg_name = 471*7c478bd9Sstevel@tonic-gate strdup(cur_pkg); 472*7c478bd9Sstevel@tonic-gate if (new_proto->proto_algs_pkgs[npkgs].pkg_name 473*7c478bd9Sstevel@tonic-gate == NULL) 474*7c478bd9Sstevel@tonic-gate goto bail; 475*7c478bd9Sstevel@tonic-gate 476*7c478bd9Sstevel@tonic-gate new_proto->proto_algs_npkgs = npkgs + 1; 477*7c478bd9Sstevel@tonic-gate } 478*7c478bd9Sstevel@tonic-gate 479*7c478bd9Sstevel@tonic-gate /* add new alg to protocol */ 480*7c478bd9Sstevel@tonic-gate newalglist = realloc(new_proto->proto_algs, 481*7c478bd9Sstevel@tonic-gate (new_proto->proto_numalgs + 1) * 482*7c478bd9Sstevel@tonic-gate sizeof (struct ipsecalgent *)); 483*7c478bd9Sstevel@tonic-gate if (newalglist == NULL) { 484*7c478bd9Sstevel@tonic-gate freeipsecalgent(curalg); 485*7c478bd9Sstevel@tonic-gate goto bail; 486*7c478bd9Sstevel@tonic-gate } 487*7c478bd9Sstevel@tonic-gate newalglist[new_proto->proto_numalgs] = curalg; 488*7c478bd9Sstevel@tonic-gate new_proto->proto_numalgs++; 489*7c478bd9Sstevel@tonic-gate new_proto->proto_algs = newalglist; 490*7c478bd9Sstevel@tonic-gate 491*7c478bd9Sstevel@tonic-gate } else if (strncasecmp(line, LIBIPSEC_ALGS_LINE_PKGSTART, 492*7c478bd9Sstevel@tonic-gate sizeof (LIBIPSEC_ALGS_LINE_PKGSTART) - 1) == 0) { 493*7c478bd9Sstevel@tonic-gate /* start of package delimiter */ 494*7c478bd9Sstevel@tonic-gate if (doing_pkg) { 495*7c478bd9Sstevel@tonic-gate snprintf(diag_buf, sizeof (diag_buf), 496*7c478bd9Sstevel@tonic-gate "duplicate package start delimiters"); 497*7c478bd9Sstevel@tonic-gate goto bail; 498*7c478bd9Sstevel@tonic-gate } 499*7c478bd9Sstevel@tonic-gate (void) strncpy(cur_pkg, line + 500*7c478bd9Sstevel@tonic-gate (sizeof (LIBIPSEC_ALGS_LINE_PKGSTART) - 1), 501*7c478bd9Sstevel@tonic-gate sizeof (cur_pkg)); 502*7c478bd9Sstevel@tonic-gate /* remove trailing '\n' */ 503*7c478bd9Sstevel@tonic-gate cur_pkg[strlen(cur_pkg) - 1] = '\0'; 504*7c478bd9Sstevel@tonic-gate doing_pkg = B_TRUE; 505*7c478bd9Sstevel@tonic-gate 506*7c478bd9Sstevel@tonic-gate } else { 507*7c478bd9Sstevel@tonic-gate /* end of package delimiter */ 508*7c478bd9Sstevel@tonic-gate char tmp_pkg[1024]; 509*7c478bd9Sstevel@tonic-gate 510*7c478bd9Sstevel@tonic-gate if (!doing_pkg) { 511*7c478bd9Sstevel@tonic-gate snprintf(diag_buf, sizeof (diag_buf), 512*7c478bd9Sstevel@tonic-gate "end package delimiter without start"); 513*7c478bd9Sstevel@tonic-gate goto bail; 514*7c478bd9Sstevel@tonic-gate } 515*7c478bd9Sstevel@tonic-gate /* 516*7c478bd9Sstevel@tonic-gate * Get specified pkg name, fail if it doesn't match 517*7c478bd9Sstevel@tonic-gate * the package specified by the last # Begin. 518*7c478bd9Sstevel@tonic-gate */ 519*7c478bd9Sstevel@tonic-gate (void) strncpy(tmp_pkg, line + 520*7c478bd9Sstevel@tonic-gate (sizeof (LIBIPSEC_ALGS_LINE_PKGEND) - 1), 521*7c478bd9Sstevel@tonic-gate sizeof (tmp_pkg)); 522*7c478bd9Sstevel@tonic-gate /* remove trailing '\n' */ 523*7c478bd9Sstevel@tonic-gate tmp_pkg[strlen(tmp_pkg) - 1] = '\0'; 524*7c478bd9Sstevel@tonic-gate if (strncmp(cur_pkg, tmp_pkg, sizeof (cur_pkg)) != 0) 525*7c478bd9Sstevel@tonic-gate goto bail; 526*7c478bd9Sstevel@tonic-gate doing_pkg = B_FALSE; 527*7c478bd9Sstevel@tonic-gate } 528*7c478bd9Sstevel@tonic-gate } 529*7c478bd9Sstevel@tonic-gate 530*7c478bd9Sstevel@tonic-gate *num = rc_num; 531*7c478bd9Sstevel@tonic-gate return (rc); 532*7c478bd9Sstevel@tonic-gate 533*7c478bd9Sstevel@tonic-gate bail: 534*7c478bd9Sstevel@tonic-gate if (strlen(diag_buf) > 0) { 535*7c478bd9Sstevel@tonic-gate syslog(LOG_ERR, "possibly corrupt %s file: %s\n", 536*7c478bd9Sstevel@tonic-gate INET_IPSECALGSFILE, diag_buf); 537*7c478bd9Sstevel@tonic-gate } 538*7c478bd9Sstevel@tonic-gate _clean_trash(rc, rc_num); 539*7c478bd9Sstevel@tonic-gate return (NULL); 540*7c478bd9Sstevel@tonic-gate } 541*7c478bd9Sstevel@tonic-gate 542*7c478bd9Sstevel@tonic-gate /* 543*7c478bd9Sstevel@tonic-gate * If alg_context is NULL, update the library's cached copy of 544*7c478bd9Sstevel@tonic-gate * INET_IPSECALGSFILE. If alg_context is non-NULL, hang a 545*7c478bd9Sstevel@tonic-gate * library-internal representation of a cached copy. The latter is useful 546*7c478bd9Sstevel@tonic-gate * for routines in libipsecutil that _write_ the contents out. 547*7c478bd9Sstevel@tonic-gate */ 548*7c478bd9Sstevel@tonic-gate void 549*7c478bd9Sstevel@tonic-gate _build_internal_algs(ipsec_proto_t **alg_context, int *alg_nums) 550*7c478bd9Sstevel@tonic-gate { 551*7c478bd9Sstevel@tonic-gate FILE *f = NULL; 552*7c478bd9Sstevel@tonic-gate int fd, rc, trash_num; 553*7c478bd9Sstevel@tonic-gate ipsec_proto_t *new_protos = NULL, *trash; 554*7c478bd9Sstevel@tonic-gate time_t filetime; 555*7c478bd9Sstevel@tonic-gate struct stat statbuf; 556*7c478bd9Sstevel@tonic-gate 557*7c478bd9Sstevel@tonic-gate /* 558*7c478bd9Sstevel@tonic-gate * Construct new_protos from the file. 559*7c478bd9Sstevel@tonic-gate */ 560*7c478bd9Sstevel@tonic-gate if (alg_context == NULL) { 561*7c478bd9Sstevel@tonic-gate /* 562*7c478bd9Sstevel@tonic-gate * Check the time w/o holding the lock. This is just a 563*7c478bd9Sstevel@tonic-gate * cache reality check. We'll do it again for real if this 564*7c478bd9Sstevel@tonic-gate * surface check fails. 565*7c478bd9Sstevel@tonic-gate */ 566*7c478bd9Sstevel@tonic-gate if (stat(INET_IPSECALGSFILE, &statbuf) == -1 || 567*7c478bd9Sstevel@tonic-gate (statbuf.st_mtime < proto_last_update && 568*7c478bd9Sstevel@tonic-gate protos != NULL)) 569*7c478bd9Sstevel@tonic-gate return; 570*7c478bd9Sstevel@tonic-gate rw_wrlock(&proto_rw); 571*7c478bd9Sstevel@tonic-gate } 572*7c478bd9Sstevel@tonic-gate 573*7c478bd9Sstevel@tonic-gate fd = open(INET_IPSECALGSFILE, O_RDONLY); 574*7c478bd9Sstevel@tonic-gate if (fd != -1) { 575*7c478bd9Sstevel@tonic-gate f = fdopen(fd, "r"); 576*7c478bd9Sstevel@tonic-gate if (f == NULL) { 577*7c478bd9Sstevel@tonic-gate close(fd); 578*7c478bd9Sstevel@tonic-gate } else { 579*7c478bd9Sstevel@tonic-gate rc = fstat(fd, &statbuf); 580*7c478bd9Sstevel@tonic-gate if (rc != -1) { 581*7c478bd9Sstevel@tonic-gate /* 582*7c478bd9Sstevel@tonic-gate * Update if the file is newer than our 583*7c478bd9Sstevel@tonic-gate * last cached copy. 584*7c478bd9Sstevel@tonic-gate */ 585*7c478bd9Sstevel@tonic-gate filetime = statbuf.st_mtime; 586*7c478bd9Sstevel@tonic-gate if (alg_context != NULL || 587*7c478bd9Sstevel@tonic-gate filetime > proto_last_update) 588*7c478bd9Sstevel@tonic-gate new_protos = build_list(f, &rc); 589*7c478bd9Sstevel@tonic-gate } 590*7c478bd9Sstevel@tonic-gate } 591*7c478bd9Sstevel@tonic-gate } 592*7c478bd9Sstevel@tonic-gate 593*7c478bd9Sstevel@tonic-gate if (alg_context == NULL) { 594*7c478bd9Sstevel@tonic-gate /* 595*7c478bd9Sstevel@tonic-gate * If we have failed anywhere above, new_protoss will be NULL. 596*7c478bd9Sstevel@tonic-gate * This way, the previous cached protos will still be intact. 597*7c478bd9Sstevel@tonic-gate */ 598*7c478bd9Sstevel@tonic-gate if (new_protos != NULL) { 599*7c478bd9Sstevel@tonic-gate proto_last_update = filetime; 600*7c478bd9Sstevel@tonic-gate trash = protos; 601*7c478bd9Sstevel@tonic-gate trash_num = num_protos; 602*7c478bd9Sstevel@tonic-gate protos = new_protos; 603*7c478bd9Sstevel@tonic-gate num_protos = rc; 604*7c478bd9Sstevel@tonic-gate } else { 605*7c478bd9Sstevel@tonic-gate /* 606*7c478bd9Sstevel@tonic-gate * Else the original protocols and algorithms lists 607*7c478bd9Sstevel@tonic-gate * remains the same. 608*7c478bd9Sstevel@tonic-gate */ 609*7c478bd9Sstevel@tonic-gate trash = NULL; 610*7c478bd9Sstevel@tonic-gate } 611*7c478bd9Sstevel@tonic-gate rw_unlock(&proto_rw); 612*7c478bd9Sstevel@tonic-gate _clean_trash(trash, trash_num); 613*7c478bd9Sstevel@tonic-gate } else { 614*7c478bd9Sstevel@tonic-gate /* 615*7c478bd9Sstevel@tonic-gate * Assume caller has done the appropriate locking, 616*7c478bd9Sstevel@tonic-gate * cleanup, etc. And if new_protos is NULL, it's the caller's 617*7c478bd9Sstevel@tonic-gate * problem. 618*7c478bd9Sstevel@tonic-gate */ 619*7c478bd9Sstevel@tonic-gate *alg_context = new_protos; 620*7c478bd9Sstevel@tonic-gate *alg_nums = rc; 621*7c478bd9Sstevel@tonic-gate } 622*7c478bd9Sstevel@tonic-gate 623*7c478bd9Sstevel@tonic-gate /* Since f is read-only, can avoid all of the failures... */ 624*7c478bd9Sstevel@tonic-gate if (f != NULL) 625*7c478bd9Sstevel@tonic-gate (void) fclose(f); 626*7c478bd9Sstevel@tonic-gate } 627*7c478bd9Sstevel@tonic-gate 628*7c478bd9Sstevel@tonic-gate /* 629*7c478bd9Sstevel@tonic-gate * Assume input is 0-terminated. 630*7c478bd9Sstevel@tonic-gate */ 631*7c478bd9Sstevel@tonic-gate static int * 632*7c478bd9Sstevel@tonic-gate duplicate_intarr(int *orig) 633*7c478bd9Sstevel@tonic-gate { 634*7c478bd9Sstevel@tonic-gate size_t allocsize = sizeof (int); 635*7c478bd9Sstevel@tonic-gate int *iwalker = orig; 636*7c478bd9Sstevel@tonic-gate 637*7c478bd9Sstevel@tonic-gate if (orig == NULL) 638*7c478bd9Sstevel@tonic-gate return (NULL); 639*7c478bd9Sstevel@tonic-gate 640*7c478bd9Sstevel@tonic-gate while (*iwalker != 0) { 641*7c478bd9Sstevel@tonic-gate allocsize += sizeof (int); 642*7c478bd9Sstevel@tonic-gate iwalker++; 643*7c478bd9Sstevel@tonic-gate } 644*7c478bd9Sstevel@tonic-gate 645*7c478bd9Sstevel@tonic-gate iwalker = malloc(allocsize); 646*7c478bd9Sstevel@tonic-gate if (iwalker != NULL) 647*7c478bd9Sstevel@tonic-gate memcpy(iwalker, orig, allocsize); 648*7c478bd9Sstevel@tonic-gate 649*7c478bd9Sstevel@tonic-gate return (iwalker); 650*7c478bd9Sstevel@tonic-gate } 651*7c478bd9Sstevel@tonic-gate 652*7c478bd9Sstevel@tonic-gate /* 653*7c478bd9Sstevel@tonic-gate * Assume input is NULL terminated. 654*7c478bd9Sstevel@tonic-gate */ 655*7c478bd9Sstevel@tonic-gate static char ** 656*7c478bd9Sstevel@tonic-gate duplicate_strarr(char **orig) 657*7c478bd9Sstevel@tonic-gate { 658*7c478bd9Sstevel@tonic-gate int i; 659*7c478bd9Sstevel@tonic-gate char **swalker; 660*7c478bd9Sstevel@tonic-gate char **newbie; 661*7c478bd9Sstevel@tonic-gate 662*7c478bd9Sstevel@tonic-gate if (orig == NULL) 663*7c478bd9Sstevel@tonic-gate return (NULL); 664*7c478bd9Sstevel@tonic-gate 665*7c478bd9Sstevel@tonic-gate /* count number of elements in source array */ 666*7c478bd9Sstevel@tonic-gate for (swalker = orig; *swalker != NULL; swalker++); 667*7c478bd9Sstevel@tonic-gate 668*7c478bd9Sstevel@tonic-gate /* use calloc() to get NULL-initialization */ 669*7c478bd9Sstevel@tonic-gate newbie = calloc(swalker - orig + 1, sizeof (char *)); 670*7c478bd9Sstevel@tonic-gate 671*7c478bd9Sstevel@tonic-gate if (newbie != NULL) { 672*7c478bd9Sstevel@tonic-gate /* do the copy */ 673*7c478bd9Sstevel@tonic-gate for (i = 0; orig[i] != NULL; i++) { 674*7c478bd9Sstevel@tonic-gate newbie[i] = strdup(orig[i]); 675*7c478bd9Sstevel@tonic-gate if (newbie[i] == NULL) { 676*7c478bd9Sstevel@tonic-gate for (swalker = newbie; *swalker != NULL; 677*7c478bd9Sstevel@tonic-gate swalker++) 678*7c478bd9Sstevel@tonic-gate free(*swalker); 679*7c478bd9Sstevel@tonic-gate free(newbie); 680*7c478bd9Sstevel@tonic-gate return (NULL); 681*7c478bd9Sstevel@tonic-gate } 682*7c478bd9Sstevel@tonic-gate } 683*7c478bd9Sstevel@tonic-gate } 684*7c478bd9Sstevel@tonic-gate 685*7c478bd9Sstevel@tonic-gate return (newbie); 686*7c478bd9Sstevel@tonic-gate } 687*7c478bd9Sstevel@tonic-gate 688*7c478bd9Sstevel@tonic-gate struct ipsecalgent * 689*7c478bd9Sstevel@tonic-gate _duplicate_alg(struct ipsecalgent *orig) 690*7c478bd9Sstevel@tonic-gate { 691*7c478bd9Sstevel@tonic-gate struct ipsecalgent *rc; 692*7c478bd9Sstevel@tonic-gate 693*7c478bd9Sstevel@tonic-gate /* use calloc() to get NULL-initialization. */ 694*7c478bd9Sstevel@tonic-gate rc = calloc(1, sizeof (struct ipsecalgent)); 695*7c478bd9Sstevel@tonic-gate if (rc == NULL) 696*7c478bd9Sstevel@tonic-gate return (NULL); 697*7c478bd9Sstevel@tonic-gate 698*7c478bd9Sstevel@tonic-gate rc->a_proto_num = orig->a_proto_num; 699*7c478bd9Sstevel@tonic-gate rc->a_alg_num = orig->a_alg_num; 700*7c478bd9Sstevel@tonic-gate rc->a_key_increment = orig->a_key_increment; 701*7c478bd9Sstevel@tonic-gate rc->a_mech_name = strdup(orig->a_mech_name); 702*7c478bd9Sstevel@tonic-gate rc->a_block_sizes = duplicate_intarr(orig->a_block_sizes); 703*7c478bd9Sstevel@tonic-gate rc->a_key_sizes = duplicate_intarr(orig->a_key_sizes); 704*7c478bd9Sstevel@tonic-gate rc->a_names = duplicate_strarr(orig->a_names); 705*7c478bd9Sstevel@tonic-gate 706*7c478bd9Sstevel@tonic-gate if (rc->a_mech_name == NULL || rc->a_block_sizes == NULL || 707*7c478bd9Sstevel@tonic-gate rc->a_key_sizes == NULL || rc->a_names == NULL) { 708*7c478bd9Sstevel@tonic-gate freeipsecalgent(rc); 709*7c478bd9Sstevel@tonic-gate return (NULL); 710*7c478bd9Sstevel@tonic-gate } 711*7c478bd9Sstevel@tonic-gate 712*7c478bd9Sstevel@tonic-gate return (rc); 713*7c478bd9Sstevel@tonic-gate } 714*7c478bd9Sstevel@tonic-gate 715*7c478bd9Sstevel@tonic-gate /* 716*7c478bd9Sstevel@tonic-gate * Assume the rwlock is held for reading. 717*7c478bd9Sstevel@tonic-gate */ 718*7c478bd9Sstevel@tonic-gate static ipsec_proto_t * 719*7c478bd9Sstevel@tonic-gate findprotobynum(int proto_num) 720*7c478bd9Sstevel@tonic-gate { 721*7c478bd9Sstevel@tonic-gate int i; 722*7c478bd9Sstevel@tonic-gate 723*7c478bd9Sstevel@tonic-gate for (i = 0; i < num_protos; i++) { 724*7c478bd9Sstevel@tonic-gate if (protos[i].proto_num == proto_num) 725*7c478bd9Sstevel@tonic-gate return (protos + i); 726*7c478bd9Sstevel@tonic-gate } 727*7c478bd9Sstevel@tonic-gate 728*7c478bd9Sstevel@tonic-gate return (NULL); 729*7c478bd9Sstevel@tonic-gate } 730*7c478bd9Sstevel@tonic-gate 731*7c478bd9Sstevel@tonic-gate static ipsec_proto_t * 732*7c478bd9Sstevel@tonic-gate findprotobyname(const char *name) 733*7c478bd9Sstevel@tonic-gate { 734*7c478bd9Sstevel@tonic-gate int i; 735*7c478bd9Sstevel@tonic-gate 736*7c478bd9Sstevel@tonic-gate if (name == NULL) 737*7c478bd9Sstevel@tonic-gate return (NULL); 738*7c478bd9Sstevel@tonic-gate 739*7c478bd9Sstevel@tonic-gate for (i = 0; i < num_protos; i++) { 740*7c478bd9Sstevel@tonic-gate /* Can use strcasecmp because our proto_name is bounded. */ 741*7c478bd9Sstevel@tonic-gate if (strcasecmp(protos[i].proto_name, name) == 0) 742*7c478bd9Sstevel@tonic-gate return (protos + i); 743*7c478bd9Sstevel@tonic-gate } 744*7c478bd9Sstevel@tonic-gate 745*7c478bd9Sstevel@tonic-gate return (NULL); 746*7c478bd9Sstevel@tonic-gate } 747*7c478bd9Sstevel@tonic-gate 748*7c478bd9Sstevel@tonic-gate int * 749*7c478bd9Sstevel@tonic-gate _real_getipsecprotos(int *nentries) 750*7c478bd9Sstevel@tonic-gate { 751*7c478bd9Sstevel@tonic-gate int *rc, i; 752*7c478bd9Sstevel@tonic-gate 753*7c478bd9Sstevel@tonic-gate if (nentries == NULL) 754*7c478bd9Sstevel@tonic-gate return (NULL); 755*7c478bd9Sstevel@tonic-gate 756*7c478bd9Sstevel@tonic-gate _build_internal_algs(NULL, NULL); 757*7c478bd9Sstevel@tonic-gate 758*7c478bd9Sstevel@tonic-gate rw_rdlock(&proto_rw); 759*7c478bd9Sstevel@tonic-gate *nentries = num_protos; 760*7c478bd9Sstevel@tonic-gate /* 761*7c478bd9Sstevel@tonic-gate * Allocate 1 byte if there are no protocols so a non-NULL return 762*7c478bd9Sstevel@tonic-gate * happens. 763*7c478bd9Sstevel@tonic-gate */ 764*7c478bd9Sstevel@tonic-gate rc = malloc((num_protos == 0) ? 1 : num_protos * sizeof (int)); 765*7c478bd9Sstevel@tonic-gate if (rc != NULL) { 766*7c478bd9Sstevel@tonic-gate for (i = 0; i < num_protos; i++) 767*7c478bd9Sstevel@tonic-gate rc[i] = protos[i].proto_num; 768*7c478bd9Sstevel@tonic-gate } 769*7c478bd9Sstevel@tonic-gate rw_unlock(&proto_rw); 770*7c478bd9Sstevel@tonic-gate return (rc); 771*7c478bd9Sstevel@tonic-gate } 772*7c478bd9Sstevel@tonic-gate 773*7c478bd9Sstevel@tonic-gate int * 774*7c478bd9Sstevel@tonic-gate _real_getipsecalgs(int *nentries, int proto_num) 775*7c478bd9Sstevel@tonic-gate { 776*7c478bd9Sstevel@tonic-gate int *rc = NULL, i; 777*7c478bd9Sstevel@tonic-gate ipsec_proto_t *proto; 778*7c478bd9Sstevel@tonic-gate 779*7c478bd9Sstevel@tonic-gate if (nentries == NULL) 780*7c478bd9Sstevel@tonic-gate return (NULL); 781*7c478bd9Sstevel@tonic-gate 782*7c478bd9Sstevel@tonic-gate _build_internal_algs(NULL, NULL); 783*7c478bd9Sstevel@tonic-gate 784*7c478bd9Sstevel@tonic-gate rw_rdlock(&proto_rw); 785*7c478bd9Sstevel@tonic-gate proto = findprotobynum(proto_num); 786*7c478bd9Sstevel@tonic-gate if (proto != NULL) { 787*7c478bd9Sstevel@tonic-gate *nentries = proto->proto_numalgs; 788*7c478bd9Sstevel@tonic-gate /* 789*7c478bd9Sstevel@tonic-gate * Allocate 1 byte if there are no algorithms so a non-NULL 790*7c478bd9Sstevel@tonic-gate * return happens. 791*7c478bd9Sstevel@tonic-gate */ 792*7c478bd9Sstevel@tonic-gate rc = malloc((proto->proto_numalgs == 0) ? 1 : 793*7c478bd9Sstevel@tonic-gate proto->proto_numalgs * sizeof (int)); 794*7c478bd9Sstevel@tonic-gate if (rc != NULL) { 795*7c478bd9Sstevel@tonic-gate for (i = 0; i < proto->proto_numalgs; i++) 796*7c478bd9Sstevel@tonic-gate rc[i] = proto->proto_algs[i]->a_alg_num; 797*7c478bd9Sstevel@tonic-gate } 798*7c478bd9Sstevel@tonic-gate } 799*7c478bd9Sstevel@tonic-gate rw_unlock(&proto_rw); 800*7c478bd9Sstevel@tonic-gate return (rc); 801*7c478bd9Sstevel@tonic-gate } 802*7c478bd9Sstevel@tonic-gate 803*7c478bd9Sstevel@tonic-gate struct ipsecalgent * 804*7c478bd9Sstevel@tonic-gate getipsecalgbyname(const char *name, int proto_num, int *errnop) 805*7c478bd9Sstevel@tonic-gate { 806*7c478bd9Sstevel@tonic-gate ipsec_proto_t *proto; 807*7c478bd9Sstevel@tonic-gate struct ipsecalgent *rc = NULL; 808*7c478bd9Sstevel@tonic-gate int i, my_errno = ENOENT; 809*7c478bd9Sstevel@tonic-gate char **name_check; 810*7c478bd9Sstevel@tonic-gate 811*7c478bd9Sstevel@tonic-gate _build_internal_algs(NULL, NULL); 812*7c478bd9Sstevel@tonic-gate if (name == NULL) { 813*7c478bd9Sstevel@tonic-gate my_errno = EFAULT; 814*7c478bd9Sstevel@tonic-gate goto bail; 815*7c478bd9Sstevel@tonic-gate } 816*7c478bd9Sstevel@tonic-gate 817*7c478bd9Sstevel@tonic-gate rw_rdlock(&proto_rw); 818*7c478bd9Sstevel@tonic-gate proto = findprotobynum(proto_num); 819*7c478bd9Sstevel@tonic-gate if (proto != NULL) { 820*7c478bd9Sstevel@tonic-gate for (i = 0; i < proto->proto_numalgs; i++) { 821*7c478bd9Sstevel@tonic-gate for (name_check = proto->proto_algs[i]->a_names; 822*7c478bd9Sstevel@tonic-gate *name_check != NULL; name_check++) { 823*7c478bd9Sstevel@tonic-gate /* 824*7c478bd9Sstevel@tonic-gate * Can use strcasecmp because our name_check 825*7c478bd9Sstevel@tonic-gate * is bounded. 826*7c478bd9Sstevel@tonic-gate */ 827*7c478bd9Sstevel@tonic-gate if (strcasecmp(*name_check, name) == 0) { 828*7c478bd9Sstevel@tonic-gate /* found match */ 829*7c478bd9Sstevel@tonic-gate rc = _duplicate_alg( 830*7c478bd9Sstevel@tonic-gate proto->proto_algs[i]); 831*7c478bd9Sstevel@tonic-gate my_errno = (rc == NULL) ? ENOMEM : 0; 832*7c478bd9Sstevel@tonic-gate rw_unlock(&proto_rw); 833*7c478bd9Sstevel@tonic-gate goto bail; 834*7c478bd9Sstevel@tonic-gate } 835*7c478bd9Sstevel@tonic-gate } 836*7c478bd9Sstevel@tonic-gate } 837*7c478bd9Sstevel@tonic-gate } else { 838*7c478bd9Sstevel@tonic-gate my_errno = EINVAL; 839*7c478bd9Sstevel@tonic-gate } 840*7c478bd9Sstevel@tonic-gate 841*7c478bd9Sstevel@tonic-gate rw_unlock(&proto_rw); 842*7c478bd9Sstevel@tonic-gate bail: 843*7c478bd9Sstevel@tonic-gate if (errnop != NULL) 844*7c478bd9Sstevel@tonic-gate *errnop = my_errno; 845*7c478bd9Sstevel@tonic-gate return (rc); 846*7c478bd9Sstevel@tonic-gate } 847*7c478bd9Sstevel@tonic-gate 848*7c478bd9Sstevel@tonic-gate struct ipsecalgent * 849*7c478bd9Sstevel@tonic-gate getipsecalgbynum(int alg_num, int proto_num, int *errnop) 850*7c478bd9Sstevel@tonic-gate { 851*7c478bd9Sstevel@tonic-gate ipsec_proto_t *proto; 852*7c478bd9Sstevel@tonic-gate struct ipsecalgent *rc = NULL; 853*7c478bd9Sstevel@tonic-gate int i, my_errno = ENOENT; 854*7c478bd9Sstevel@tonic-gate 855*7c478bd9Sstevel@tonic-gate _build_internal_algs(NULL, NULL); 856*7c478bd9Sstevel@tonic-gate 857*7c478bd9Sstevel@tonic-gate rw_rdlock(&proto_rw); 858*7c478bd9Sstevel@tonic-gate 859*7c478bd9Sstevel@tonic-gate proto = findprotobynum(proto_num); 860*7c478bd9Sstevel@tonic-gate if (proto != NULL) { 861*7c478bd9Sstevel@tonic-gate for (i = 0; i < proto->proto_numalgs; i++) { 862*7c478bd9Sstevel@tonic-gate if (proto->proto_algs[i]->a_alg_num == alg_num) { 863*7c478bd9Sstevel@tonic-gate rc = _duplicate_alg(proto->proto_algs[i]); 864*7c478bd9Sstevel@tonic-gate my_errno = (rc == NULL) ? ENOMEM : 0; 865*7c478bd9Sstevel@tonic-gate break; 866*7c478bd9Sstevel@tonic-gate } 867*7c478bd9Sstevel@tonic-gate } 868*7c478bd9Sstevel@tonic-gate } else { 869*7c478bd9Sstevel@tonic-gate my_errno = EINVAL; 870*7c478bd9Sstevel@tonic-gate } 871*7c478bd9Sstevel@tonic-gate 872*7c478bd9Sstevel@tonic-gate rw_unlock(&proto_rw); 873*7c478bd9Sstevel@tonic-gate if (errnop != NULL) 874*7c478bd9Sstevel@tonic-gate *errnop = my_errno; 875*7c478bd9Sstevel@tonic-gate return (rc); 876*7c478bd9Sstevel@tonic-gate } 877*7c478bd9Sstevel@tonic-gate 878*7c478bd9Sstevel@tonic-gate int 879*7c478bd9Sstevel@tonic-gate getipsecprotobyname(const char *proto_name) 880*7c478bd9Sstevel@tonic-gate { 881*7c478bd9Sstevel@tonic-gate int rc = -1; 882*7c478bd9Sstevel@tonic-gate ipsec_proto_t *proto; 883*7c478bd9Sstevel@tonic-gate 884*7c478bd9Sstevel@tonic-gate _build_internal_algs(NULL, NULL); 885*7c478bd9Sstevel@tonic-gate 886*7c478bd9Sstevel@tonic-gate rw_rdlock(&proto_rw); 887*7c478bd9Sstevel@tonic-gate proto = findprotobyname(proto_name); 888*7c478bd9Sstevel@tonic-gate if (proto != NULL) 889*7c478bd9Sstevel@tonic-gate rc = proto->proto_num; 890*7c478bd9Sstevel@tonic-gate rw_unlock(&proto_rw); 891*7c478bd9Sstevel@tonic-gate return (rc); 892*7c478bd9Sstevel@tonic-gate } 893*7c478bd9Sstevel@tonic-gate 894*7c478bd9Sstevel@tonic-gate char * 895*7c478bd9Sstevel@tonic-gate getipsecprotobynum(int proto_num) 896*7c478bd9Sstevel@tonic-gate { 897*7c478bd9Sstevel@tonic-gate ipsec_proto_t *proto; 898*7c478bd9Sstevel@tonic-gate char *rc = NULL; 899*7c478bd9Sstevel@tonic-gate 900*7c478bd9Sstevel@tonic-gate _build_internal_algs(NULL, NULL); 901*7c478bd9Sstevel@tonic-gate 902*7c478bd9Sstevel@tonic-gate rw_rdlock(&proto_rw); 903*7c478bd9Sstevel@tonic-gate proto = findprotobynum(proto_num); 904*7c478bd9Sstevel@tonic-gate if (proto != NULL) 905*7c478bd9Sstevel@tonic-gate rc = strdup(proto->proto_name); 906*7c478bd9Sstevel@tonic-gate 907*7c478bd9Sstevel@tonic-gate rw_unlock(&proto_rw); 908*7c478bd9Sstevel@tonic-gate return (rc); 909*7c478bd9Sstevel@tonic-gate } 910*7c478bd9Sstevel@tonic-gate 911*7c478bd9Sstevel@tonic-gate void 912*7c478bd9Sstevel@tonic-gate freeipsecalgent(struct ipsecalgent *ptr) 913*7c478bd9Sstevel@tonic-gate { 914*7c478bd9Sstevel@tonic-gate char **walker; 915*7c478bd9Sstevel@tonic-gate 916*7c478bd9Sstevel@tonic-gate if (ptr == NULL) 917*7c478bd9Sstevel@tonic-gate return; 918*7c478bd9Sstevel@tonic-gate 919*7c478bd9Sstevel@tonic-gate if (ptr->a_names != NULL) { 920*7c478bd9Sstevel@tonic-gate for (walker = ptr->a_names; *walker != NULL; walker++) 921*7c478bd9Sstevel@tonic-gate free(*walker); 922*7c478bd9Sstevel@tonic-gate } 923*7c478bd9Sstevel@tonic-gate 924*7c478bd9Sstevel@tonic-gate /* 925*7c478bd9Sstevel@tonic-gate * Remember folks, free(NULL) works. 926*7c478bd9Sstevel@tonic-gate */ 927*7c478bd9Sstevel@tonic-gate free(ptr->a_names); 928*7c478bd9Sstevel@tonic-gate free(ptr->a_mech_name); 929*7c478bd9Sstevel@tonic-gate free(ptr->a_block_sizes); 930*7c478bd9Sstevel@tonic-gate free(ptr->a_key_sizes); 931*7c478bd9Sstevel@tonic-gate free(ptr); 932*7c478bd9Sstevel@tonic-gate } 933