Annotation of embedaddon/ipsec-tools/src/racoon/dnssec.c, revision 1.1.1.1
1.1 misho 1: /* $NetBSD: dnssec.c,v 1.5 2009/03/12 10:57:26 tteras Exp $ */
2:
3: /* $KAME: dnssec.c,v 1.2 2001/08/05 18:46:07 itojun Exp $ */
4:
5: /*
6: * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
7: * All rights reserved.
8: *
9: * Redistribution and use in source and binary forms, with or without
10: * modification, are permitted provided that the following conditions
11: * are met:
12: * 1. Redistributions of source code must retain the above copyright
13: * notice, this list of conditions and the following disclaimer.
14: * 2. Redistributions in binary form must reproduce the above copyright
15: * notice, this list of conditions and the following disclaimer in the
16: * documentation and/or other materials provided with the distribution.
17: * 3. Neither the name of the project nor the names of its contributors
18: * may be used to endorse or promote products derived from this software
19: * without specific prior written permission.
20: *
21: * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
22: * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23: * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24: * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
25: * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26: * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27: * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28: * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29: * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30: * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31: * SUCH DAMAGE.
32: */
33:
34: #include "config.h"
35:
36: #include <sys/types.h>
37: #include <sys/param.h>
38: #include <stdlib.h>
39: #include <string.h>
40:
41: #include "var.h"
42: #include "vmbuf.h"
43: #include "misc.h"
44: #include "plog.h"
45: #include "debug.h"
46:
47: #include "isakmp_var.h"
48: #include "isakmp.h"
49: #include "ipsec_doi.h"
50: #include "oakley.h"
51: #include "netdb_dnssec.h"
52: #include "strnames.h"
53: #include "dnssec.h"
54: #include "gcmalloc.h"
55:
56: extern int h_errno;
57:
58: vchar_t *
59: dnssec_getcert(id)
60: vchar_t *id;
61: {
62: vchar_t *cert = NULL;
63: struct certinfo *res = NULL;
64: struct ipsecdoi_id_b *id_b;
65: int type;
66: char *name = NULL;
67: int namelen;
68: int error;
69:
70: id_b = (struct ipsecdoi_id_b *)id->v;
71:
72: namelen = id->l - sizeof(*id_b);
73: name = racoon_malloc(namelen + 1);
74: if (!name) {
75: plog(LLV_ERROR, LOCATION, NULL,
76: "failed to get buffer.\n");
77: return NULL;
78: }
79: memcpy(name, id_b + 1, namelen);
80: name[namelen] = '\0';
81:
82: switch (id_b->type) {
83: case IPSECDOI_ID_FQDN:
84: error = getcertsbyname(name, &res);
85: if (error != 0) {
86: plog(LLV_ERROR, LOCATION, NULL,
87: "getcertsbyname(\"%s\") failed.\n", name);
88: goto err;
89: }
90: break;
91: case IPSECDOI_ID_IPV4_ADDR:
92: case IPSECDOI_ID_IPV6_ADDR:
93: /* XXX should be processed to query PTR ? */
94: default:
95: plog(LLV_ERROR, LOCATION, NULL,
96: "inpropper ID type passed %s "
97: "though getcert method is dnssec.\n",
98: s_ipsecdoi_ident(id_b->type));
99: goto err;
100: }
101:
102: /* check response */
103: if (res->ci_next != NULL) {
104: plog(LLV_WARNING, LOCATION, NULL,
105: "not supported multiple CERT RR.\n");
106: }
107: switch (res->ci_type) {
108: case DNSSEC_TYPE_PKIX:
109: /* XXX is it enough condition to set this type ? */
110: type = ISAKMP_CERT_X509SIGN;
111: break;
112: default:
113: plog(LLV_ERROR, LOCATION, NULL,
114: "not supported CERT RR type %d.\n", res->ci_type);
115: goto err;
116: }
117:
118: /* create cert holder */
119: cert = vmalloc(res->ci_certlen + 1);
120: if (cert == NULL) {
121: plog(LLV_ERROR, LOCATION, NULL,
122: "failed to get cert buffer.\n");
123: goto err;
124: }
125: cert->v[0] = type;
126: memcpy(&cert->v[1], res->ci_cert, res->ci_certlen);
127:
128: plog(LLV_DEBUG, LOCATION, NULL, "created CERT payload:\n");
129: plogdump(LLV_DEBUG, cert->v, cert->l);
130:
131: err:
132: if (name)
133: racoon_free(name);
134: if (res)
135: freecertinfo(res);
136: return cert;
137: }
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to dnssec.c CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / ipsec-tools / src / racoon