Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/crypto/dist/kame Update racoon from today's KAME sources. I...
details: https://anonhg.NetBSD.org/src/rev/94f695148c7f
branches: trunk
changeset: 503046:94f695148c7f
user: thorpej <thorpej%NetBSD.org@localhost>
date: Tue Jan 30 02:04:39 2001 +0000
description:
Update racoon from today's KAME sources. Includes memory leak
fixes in the GSSAPI support code.
diffstat:
crypto/dist/kame/libipsec/libpfkey.h | 4 +-
crypto/dist/kame/racoon/doc/racoonquestion.sh | 36 ++
crypto/dist/kame/racoon/gssapi.c | 316 +++++++++++++++++--------
crypto/dist/kame/racoon/gssapi.h | 16 +-
crypto/dist/kame/racoon/pfkey.h | 3 +-
crypto/dist/kame/racoon/sockmisc.c | 43 +++-
crypto/dist/kame/racoon/sockmisc.h | 3 +-
7 files changed, 303 insertions(+), 118 deletions(-)
diffs (truncated from 715 to 300 lines):
diff -r 22facf5d51ef -r 94f695148c7f crypto/dist/kame/libipsec/libpfkey.h
--- a/crypto/dist/kame/libipsec/libpfkey.h Tue Jan 30 01:32:56 2001 +0000
+++ b/crypto/dist/kame/libipsec/libpfkey.h Tue Jan 30 02:04:39 2001 +0000
@@ -1,4 +1,4 @@
-/* $KAME: libpfkey.h,v 1.4 2000/12/27 11:38:10 sakane Exp $ */
+/* $KAME: libpfkey.h,v 1.5 2001/01/29 10:29:58 sakane Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -29,10 +29,12 @@
* SUCH DAMAGE.
*/
+struct sadb_msg;
extern void pfkey_sadump __P((struct sadb_msg *));
extern void pfkey_spdump __P((struct sadb_msg *));
struct sockaddr;
+struct sadb_alg;
int ipsec_check_keylen __P((u_int, u_int, u_int));
int ipsec_check_keylen2 __P((u_int, u_int, u_int));
int ipsec_get_keylen __P((u_int, u_int, struct sadb_alg *));
diff -r 22facf5d51ef -r 94f695148c7f crypto/dist/kame/racoon/doc/racoonquestion.sh
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/crypto/dist/kame/racoon/doc/racoonquestion.sh Tue Jan 30 02:04:39 2001 +0000
@@ -0,0 +1,36 @@
+#! /bin/sh
+
+# $KAME: racoonquestion.sh,v 1.1 2001/01/27 05:46:22 itojun Exp $
+
+# sends question about racoon to sakane.
+# % racoonquestion logfile conffile
+#
+# caveat: the script will tell everything about your system, and every secret
+# keys, to sakane.
+
+if [ $# != 2 ]; then
+ echo usage: sendracoonquestion logfile conffile
+ exit 1
+fi
+if [ -e /tmp/racoonbug ]; then
+ echo fatal: clean /tmp/racoonbug first.
+ exit 1
+fi
+if [ `whoami` != root ]; then
+ echo fatal: must be a root to invoke this.
+ exit 1
+fi
+
+# do not let others read the result
+umask 0077
+mkdir /tmp/racoonbug || exit 1
+setkey -DP > /tmp/racoonbug/spd.$$
+setkey -D > /tmp/racoonbug/sad.$$
+ifconfig -a > /tmp/racoonbug/ifconfig.$$
+netstat -rn >/tmp/racoonbug/netstat.$$
+cp $1 /tmp/racoonbug/logfile.$$
+cp $2 /tmp/racoonbug/conffile.$$
+cd /tmp/racoonbug
+shar spd.$$ sad.$$ ifconfig.$$ netstat.$$ logfile.$$ conffile.$$ | mail sakane%kame.net@localhost
+cd /tmp
+/bin/rm -fr /tmp/racoonbug
diff -r 22facf5d51ef -r 94f695148c7f crypto/dist/kame/racoon/gssapi.c
--- a/crypto/dist/kame/racoon/gssapi.c Tue Jan 30 01:32:56 2001 +0000
+++ b/crypto/dist/kame/racoon/gssapi.c Tue Jan 30 02:04:39 2001 +0000
@@ -1,4 +1,4 @@
-/* $KAME: gssapi.c,v 1.4 2000/12/15 15:26:29 itojun Exp $ */
+/* $KAME: gssapi.c,v 1.17 2001/01/29 23:42:57 thorpej Exp $ */
/*
* Copyright 2000 Wasabi Systems, Inc.
@@ -69,13 +69,7 @@
#include "gssapi.h"
-gss_cred_id_t gss_racoon_cred;
-
-static int gssapi_init(struct ph1handle *);
-static int gssapi_get_default_name(struct ph1handle *, int, gss_name_t *);
-
-
-void
+static void
gssapi_error(OM_uint32 status_code, const char *where,
const char *fmt, ...)
{
@@ -100,6 +94,67 @@
} while (message_context != 0);
}
+/*
+ * vmbufs and gss_buffer_descs are really just the same on NetBSD, but
+ * this is to be portable.
+ */
+static int
+gssapi_vm2gssbuf(vchar_t *vmbuf, gss_buffer_t gsstoken)
+{
+
+ gsstoken->value = malloc(vmbuf->l);
+ if (gsstoken->value == NULL)
+ return -1;
+ memcpy(gsstoken->value, vmbuf->v, vmbuf->l);
+ gsstoken->length = vmbuf->l;
+
+ return 0;
+}
+
+static int
+gssapi_gss2vmbuf(gss_buffer_t gsstoken, vchar_t **vmbuf)
+{
+
+ *vmbuf = vmalloc(gsstoken->length);
+ if (*vmbuf == NULL)
+ return -1;
+ memcpy((*vmbuf)->v, gsstoken->value, gsstoken->length);
+ (*vmbuf)->l = gsstoken->length;
+
+ return 0;
+}
+
+static int
+gssapi_get_default_name(struct ph1handle *iph1, int remote, gss_name_t *service)
+{
+ char name[NI_MAXHOST];
+ struct sockaddr *sa;
+ gss_buffer_desc name_token;
+ OM_uint32 min_stat, maj_stat;
+
+ sa = remote ? iph1->remote : iph1->local;
+
+ if (getnameinfo(sa, sa->sa_len, name, NI_MAXHOST, NULL, 0, 0) != 0)
+ return -1;
+
+ name_token.length = asprintf((char **)&name_token.value,
+ "%s@%s", GSSAPI_DEF_NAME, name);
+ maj_stat = gss_import_name(&min_stat, &name_token,
+ GSS_C_NT_HOSTBASED_SERVICE, service);
+ if (GSS_ERROR(maj_stat)) {
+ gssapi_error(maj_stat, LOCATION, "import name\n");
+ maj_stat = gss_release_buffer(&min_stat, &name_token);
+ if (GSS_ERROR(maj_stat))
+ gssapi_error(maj_stat, LOCATION, "release name_token");
+ return -1;
+ }
+ maj_stat = gss_release_buffer(&min_stat, &name_token);
+ if (GSS_ERROR(maj_stat))
+ gssapi_error(maj_stat, LOCATION, "release name_token");
+
+ return 0;
+}
+
static int
gssapi_init(struct ph1handle *iph1)
{
@@ -116,6 +171,9 @@
}
gps->gss_context = GSS_C_NO_CONTEXT;
gps->gss_cred = GSS_C_NO_CREDENTIAL;
+
+ gssapi_set_state(iph1, gps);
+
if (iph1->rmconf->proposal->gssid != NULL) {
id_token.length = iph1->rmconf->proposal->gssid->l;
id_token.value = iph1->rmconf->proposal->gssid->v;
@@ -123,6 +181,7 @@
&princ);
if (GSS_ERROR(maj_stat)) {
gssapi_error(maj_stat, LOCATION, "import name\n");
+ gssapi_free_state(iph1);
return -1;
}
} else
@@ -130,26 +189,49 @@
maj_stat = gss_canonicalize_name(&min_stat, princ, GSS_C_NO_OID,
&canon_princ);
+ if (GSS_ERROR(maj_stat)) {
+ gssapi_error(maj_stat, LOCATION, "canonicalize name\n");
+ maj_stat = gss_release_name(&min_stat, &princ);
+ if (GSS_ERROR(maj_stat))
+ gssapi_error(maj_stat, LOCATION, "release princ\n");
+ gssapi_free_state(iph1);
+ return -1;
+ }
+ maj_stat = gss_release_name(&min_stat, &princ);
+ if (GSS_ERROR(maj_stat))
+ gssapi_error(maj_stat, LOCATION, "release princ\n");
maj_stat = gss_export_name(&min_stat, canon_princ, cred);
+ if (GSS_ERROR(maj_stat)) {
+ gssapi_error(maj_stat, LOCATION, "export name\n");
+ maj_stat = gss_release_name(&min_stat, &canon_princ);
+ if (GSS_ERROR(maj_stat))
+ gssapi_error(maj_stat, LOCATION,
+ "release canon_princ\n");
+ gssapi_free_state(iph1);
+ return -1;
+ }
plog(LLV_DEBUG, LOCATION, NULL, "will try to acquire '%*s' creds\n",
cred->length, cred->value);
+ maj_stat = gss_release_buffer(&min_stat, cred);
+ if (GSS_ERROR(maj_stat))
+ gssapi_error(maj_stat, LOCATION, "release cred buffer\n");
+ maj_stat = gss_acquire_cred(&min_stat, canon_princ, GSS_C_INDEFINITE,
+ GSS_C_NO_OID_SET, GSS_C_BOTH, &gps->gss_cred, NULL, NULL);
if (GSS_ERROR(maj_stat)) {
- gssapi_error(maj_stat, LOCATION, "export name\n");
+ gssapi_error(maj_stat, LOCATION, "acquire cred\n");
+ maj_stat = gss_release_name(&min_stat, &canon_princ);
+ if (GSS_ERROR(maj_stat))
+ gssapi_error(maj_stat, LOCATION,
+ "release canon_princ\n");
+ gssapi_free_state(iph1);
return -1;
}
-
- maj_stat = gss_acquire_cred(&min_stat, princ, GSS_C_INDEFINITE,
- GSS_C_NO_OID_SET, GSS_C_BOTH, &gps->gss_cred, NULL, NULL);
- if (GSS_ERROR(maj_stat)) {
- gssapi_error(maj_stat, LOCATION,
- "acquire cred\n");
- return -1;
- }
-
- iph1->gssapi_state = gps;
+ maj_stat = gss_release_name(&min_stat, &canon_princ);
+ if (GSS_ERROR(maj_stat))
+ gssapi_error(maj_stat, LOCATION, "release canon_princ\n");
return 0;
}
@@ -163,10 +245,10 @@
OM_uint32 maj_stat, min_stat;
gss_name_t partner;
- if (iph1->gssapi_state == NULL)
- gssapi_init(iph1);
+ if (gssapi_get_state(iph1) == NULL && gssapi_init(iph1) < 0)
+ return -1;
- gps = iph1->gssapi_state;
+ gps = gssapi_get_state(iph1);
empty.length = 0;
empty.value = NULL;
@@ -200,8 +282,14 @@
if (GSS_ERROR(gps->gss_status)) {
gssapi_error(gps->gss_status, LOCATION, "init_sec_context\n");
+ maj_stat = gss_release_name(&min_stat, &partner);
+ if (GSS_ERROR(maj_stat))
+ gssapi_error(maj_stat, LOCATION, "release name\n");
return -1;
}
+ maj_stat = gss_release_name(&min_stat, &partner);
+ if (GSS_ERROR(maj_stat))
+ gssapi_error(maj_stat, LOCATION, "release name\n");
plog(LLV_DEBUG, LOCATION, NULL, "gss_init_sec_context status %x\n",
gps->gss_status);
@@ -227,10 +315,10 @@
OM_uint32 min_stat, maj_stat;
gss_name_t client_name;
- if (iph1->gssapi_state == NULL)
- gssapi_init(iph1);
+ if (gssapi_get_state(iph1) == NULL && gssapi_init(iph1) < 0)
+ return -1;
- gps = iph1->gssapi_state;
+ gps = gssapi_get_state(iph1);
rtoken = &gps->gss_p[gps->gsscnt_p - 1];
itoken = &gps->gss[gps->gsscnt];
@@ -245,9 +333,24 @@
}
maj_stat = gss_display_name(&min_stat, client_name, &name_token, NULL);
+ if (GSS_ERROR(maj_stat)) {
+ gssapi_error(maj_stat, LOCATION, "gss_display_name\n");
+ maj_stat = gss_release_name(&min_stat, &client_name);
+ if (GSS_ERROR(maj_stat))
+ gssapi_error(maj_stat, LOCATION,
+ "release client_name\n");
+ return -1;
+ }
+ maj_stat = gss_release_name(&min_stat, &client_name);
+ if (GSS_ERROR(maj_stat))
+ gssapi_error(maj_stat, LOCATION, "release client_name\n");
+
plog(LLV_DEBUG, LOCATION, NULL,
"gss_accept_sec_context: other side is %s\n",
name_token.value);
+ maj_stat = gss_release_buffer(&min_stat, &name_token);
+ if (GSS_ERROR(maj_stat))
+ gssapi_error(maj_stat, LOCATION, "release name buffer\n");
if (itoken->length != 0)
Home |
Main Index |
Thread Index |
Old Index