Annotation of embedaddon/ipsec-tools/src/racoon/dnssec.c, revision 1.1
1.1 ! misho 1: /* $NetBSD: dnssec.c,v 1.5 2009/03/12 10:57:26 tteras Exp $ */
! 2:
! 3: /* $KAME: dnssec.c,v 1.2 2001/08/05 18:46:07 itojun Exp $ */
! 4:
! 5: /*
! 6: * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
! 7: * All rights reserved.
! 8: *
! 9: * Redistribution and use in source and binary forms, with or without
! 10: * modification, are permitted provided that the following conditions
! 11: * are met:
! 12: * 1. Redistributions of source code must retain the above copyright
! 13: * notice, this list of conditions and the following disclaimer.
! 14: * 2. Redistributions in binary form must reproduce the above copyright
! 15: * notice, this list of conditions and the following disclaimer in the
! 16: * documentation and/or other materials provided with the distribution.
! 17: * 3. Neither the name of the project nor the names of its contributors
! 18: * may be used to endorse or promote products derived from this software
! 19: * without specific prior written permission.
! 20: *
! 21: * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
! 22: * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
! 23: * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
! 24: * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
! 25: * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
! 26: * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
! 27: * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
! 28: * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
! 29: * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
! 30: * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
! 31: * SUCH DAMAGE.
! 32: */
! 33:
! 34: #include "config.h"
! 35:
! 36: #include <sys/types.h>
! 37: #include <sys/param.h>
! 38: #include <stdlib.h>
! 39: #include <string.h>
! 40:
! 41: #include "var.h"
! 42: #include "vmbuf.h"
! 43: #include "misc.h"
! 44: #include "plog.h"
! 45: #include "debug.h"
! 46:
! 47: #include "isakmp_var.h"
! 48: #include "isakmp.h"
! 49: #include "ipsec_doi.h"
! 50: #include "oakley.h"
! 51: #include "netdb_dnssec.h"
! 52: #include "strnames.h"
! 53: #include "dnssec.h"
! 54: #include "gcmalloc.h"
! 55:
! 56: extern int h_errno;
! 57:
! 58: vchar_t *
! 59: dnssec_getcert(id)
! 60: vchar_t *id;
! 61: {
! 62: vchar_t *cert = NULL;
! 63: struct certinfo *res = NULL;
! 64: struct ipsecdoi_id_b *id_b;
! 65: int type;
! 66: char *name = NULL;
! 67: int namelen;
! 68: int error;
! 69:
! 70: id_b = (struct ipsecdoi_id_b *)id->v;
! 71:
! 72: namelen = id->l - sizeof(*id_b);
! 73: name = racoon_malloc(namelen + 1);
! 74: if (!name) {
! 75: plog(LLV_ERROR, LOCATION, NULL,
! 76: "failed to get buffer.\n");
! 77: return NULL;
! 78: }
! 79: memcpy(name, id_b + 1, namelen);
! 80: name[namelen] = '\0';
! 81:
! 82: switch (id_b->type) {
! 83: case IPSECDOI_ID_FQDN:
! 84: error = getcertsbyname(name, &res);
! 85: if (error != 0) {
! 86: plog(LLV_ERROR, LOCATION, NULL,
! 87: "getcertsbyname(\"%s\") failed.\n", name);
! 88: goto err;
! 89: }
! 90: break;
! 91: case IPSECDOI_ID_IPV4_ADDR:
! 92: case IPSECDOI_ID_IPV6_ADDR:
! 93: /* XXX should be processed to query PTR ? */
! 94: default:
! 95: plog(LLV_ERROR, LOCATION, NULL,
! 96: "inpropper ID type passed %s "
! 97: "though getcert method is dnssec.\n",
! 98: s_ipsecdoi_ident(id_b->type));
! 99: goto err;
! 100: }
! 101:
! 102: /* check response */
! 103: if (res->ci_next != NULL) {
! 104: plog(LLV_WARNING, LOCATION, NULL,
! 105: "not supported multiple CERT RR.\n");
! 106: }
! 107: switch (res->ci_type) {
! 108: case DNSSEC_TYPE_PKIX:
! 109: /* XXX is it enough condition to set this type ? */
! 110: type = ISAKMP_CERT_X509SIGN;
! 111: break;
! 112: default:
! 113: plog(LLV_ERROR, LOCATION, NULL,
! 114: "not supported CERT RR type %d.\n", res->ci_type);
! 115: goto err;
! 116: }
! 117:
! 118: /* create cert holder */
! 119: cert = vmalloc(res->ci_certlen + 1);
! 120: if (cert == NULL) {
! 121: plog(LLV_ERROR, LOCATION, NULL,
! 122: "failed to get cert buffer.\n");
! 123: goto err;
! 124: }
! 125: cert->v[0] = type;
! 126: memcpy(&cert->v[1], res->ci_cert, res->ci_certlen);
! 127:
! 128: plog(LLV_DEBUG, LOCATION, NULL, "created CERT payload:\n");
! 129: plogdump(LLV_DEBUG, cert->v, cert->l);
! 130:
! 131: err:
! 132: if (name)
! 133: racoon_free(name);
! 134: if (res)
! 135: freecertinfo(res);
! 136: return cert;
! 137: }
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to dnssec.c CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / ipsec-tools / src / racoon