Annotation of embedaddon/strongswan/src/libcharon/sa/ikev2/tasks/ike_vendor.c, revision 1.1
1.1 ! misho 1: /*
! 2: * Copyright (C) 2009 Martin Willi
! 3: * HSR Hochschule fuer Technik Rapperswil
! 4: *
! 5: * This program is free software; you can redistribute it and/or modify it
! 6: * under the terms of the GNU General Public License as published by the
! 7: * Free Software Foundation; either version 2 of the License, or (at your
! 8: * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
! 9: *
! 10: * This program is distributed in the hope that it will be useful, but
! 11: * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
! 12: * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
! 13: * for more details.
! 14: */
! 15:
! 16: /*
! 17: * Copyright (C) 2016 secunet Security Networks AG
! 18: * Copyright (C) 2016 Thomas Egerer
! 19: *
! 20: * Permission is hereby granted, free of charge, to any person obtaining a copy
! 21: * of this software and associated documentation files (the "Software"), to deal
! 22: * in the Software without restriction, including without limitation the rights
! 23: * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
! 24: * copies of the Software, and to permit persons to whom the Software is
! 25: * furnished to do so, subject to the following conditions:
! 26: *
! 27: * The above copyright notice and this permission notice shall be included in
! 28: * all copies or substantial portions of the Software.
! 29: *
! 30: * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
! 31: * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
! 32: * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
! 33: * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
! 34: * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
! 35: * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
! 36: * THE SOFTWARE.
! 37: */
! 38:
! 39: #include "ike_vendor.h"
! 40:
! 41: #include <daemon.h>
! 42: #include <encoding/payloads/vendor_id_payload.h>
! 43:
! 44: typedef struct private_ike_vendor_t private_ike_vendor_t;
! 45:
! 46: /**
! 47: * Private data of an ike_vendor_t object.
! 48: */
! 49: struct private_ike_vendor_t {
! 50:
! 51: /**
! 52: * Public ike_vendor_t interface.
! 53: */
! 54: ike_vendor_t public;
! 55:
! 56: /**
! 57: * Associated IKE_SA
! 58: */
! 59: ike_sa_t *ike_sa;
! 60:
! 61: /**
! 62: * Are we the initiator of this task
! 63: */
! 64: bool initiator;
! 65: };
! 66:
! 67: /**
! 68: * Vendor ID database entry
! 69: */
! 70: typedef struct {
! 71: /* Description */
! 72: char *desc;
! 73: /* extension flag negotiated with vendor ID, if any */
! 74: ike_extension_t extension;
! 75: /* Value from strongswan.conf, whether to send vendor ID */
! 76: char *setting;
! 77: /* length of vendor ID string, 0 for NULL terminated */
! 78: int len;
! 79: /* vendor ID string */
! 80: char *id;
! 81: } vid_data_t;
! 82:
! 83: /**
! 84: * Get the data of a vendor ID as a chunk
! 85: */
! 86: static chunk_t get_vid_data(vid_data_t *data)
! 87: {
! 88: return chunk_create(data->id, data->len ?: strlen(data->id));
! 89: }
! 90:
! 91: /**
! 92: * IKEv2 Vendor ID database entry
! 93: */
! 94: static vid_data_t vids[] = {
! 95: /* strongSwan MD5("strongSwan") */
! 96: { "strongSwan", EXT_STRONGSWAN, "send_vendor_id", 16,
! 97: "\x88\x2f\xe5\x6d\x6f\xd2\x0d\xbc\x22\x51\x61\x3b\x2e\xbe\x5b\xeb"},
! 98: { "Cisco Delete Reason", 0, NULL, 0,
! 99: "CISCO-DELETE-REASON" },
! 100: { "Cisco FlexVPN Supported", 0, NULL, 0,
! 101: "FLEXVPN-SUPPORTED" },
! 102: { "Cisco Copyright (c) 2009", 0, NULL, 0,
! 103: "CISCO(COPYRIGHT)&Copyright (c) 2009 Cisco Systems, Inc." },
! 104: { "FRAGMENTATION", 0, NULL, 16,
! 105: "\x40\x48\xb7\xd5\x6e\xbc\xe8\x85\x25\xe7\xde\x7f\x00\xd6\xc2\xd3"},
! 106: { "MS NT5 ISAKMPOAKLEY v7", 0, NULL, 20,
! 107: "\x1e\x2b\x51\x69\x05\x99\x1c\x7d\x7c\x96\xfc\xbf\xb5\x87\xe4\x61\x00\x00\x00\x07"},
! 108: { "MS NT5 ISAKMPOAKLEY v8", 0, NULL, 20,
! 109: "\x1e\x2b\x51\x69\x05\x99\x1c\x7d\x7c\x96\xfc\xbf\xb5\x87\xe4\x61\x00\x00\x00\x08"},
! 110: { "MS NT5 ISAKMPOAKLEY v9", 0, NULL, 20,
! 111: "\x1e\x2b\x51\x69\x05\x99\x1c\x7d\x7c\x96\xfc\xbf\xb5\x87\xe4\x61\x00\x00\x00\x09"},
! 112: { "MS-Negotiation Discovery Capable", 0, NULL, 16,
! 113: "\xfb\x1d\xe3\xcd\xf3\x41\xb7\xea\x16\xb7\xe5\xbe\x08\x55\xf1\x20"},
! 114: { "Vid-Initial-Contact", 0, NULL, 16,
! 115: "\x26\x24\x4d\x38\xed\xdb\x61\xb3\x17\x2a\x36\xe3\xd0\xcf\xb8\x19"},
! 116: };
! 117:
! 118: METHOD(task_t, build, status_t,
! 119: private_ike_vendor_t *this, message_t *message)
! 120: {
! 121: vendor_id_payload_t *vid;
! 122: bool send_vid;
! 123: int i;
! 124:
! 125: for (i = 0; i < countof(vids); i++)
! 126: {
! 127: send_vid = FALSE;
! 128:
! 129: if (vids[i].setting)
! 130: {
! 131: send_vid = lib->settings->get_bool(lib->settings, "%s.%s", send_vid,
! 132: lib->ns, vids[i].setting);
! 133: }
! 134: if (send_vid)
! 135: {
! 136: DBG2(DBG_IKE, "sending %s vendor ID", vids[i].desc);
! 137: vid = vendor_id_payload_create_data(PLV2_VENDOR_ID,
! 138: chunk_clone(get_vid_data(&vids[i])));
! 139: message->add_payload(message, &vid->payload_interface);
! 140: }
! 141: }
! 142:
! 143: return this->initiator ? NEED_MORE : SUCCESS;
! 144: }
! 145:
! 146: METHOD(task_t, process, status_t,
! 147: private_ike_vendor_t *this, message_t *message)
! 148: {
! 149: enumerator_t *enumerator;
! 150: payload_t *payload;
! 151: int i;
! 152:
! 153: enumerator = message->create_payload_enumerator(message);
! 154: while (enumerator->enumerate(enumerator, &payload))
! 155: {
! 156: if (payload->get_type(payload) == PLV2_VENDOR_ID)
! 157: {
! 158: vendor_id_payload_t *vid;
! 159: chunk_t data;
! 160: bool found = FALSE;
! 161:
! 162: vid = (vendor_id_payload_t*)payload;
! 163: data = vid->get_data(vid);
! 164:
! 165: for (i = 0; i < countof(vids); i++)
! 166: {
! 167: if (chunk_equals(get_vid_data(&vids[i]), data))
! 168: {
! 169: DBG1(DBG_IKE, "received %s vendor ID", vids[i].desc);
! 170: if (vids[i].extension)
! 171: {
! 172: this->ike_sa->enable_extension(this->ike_sa,
! 173: vids[i].extension);
! 174: }
! 175: found = TRUE;
! 176: break;
! 177: }
! 178: }
! 179: if (!found)
! 180: {
! 181: DBG1(DBG_ENC, "received unknown vendor ID: %#B", &data);
! 182: }
! 183: }
! 184: }
! 185: enumerator->destroy(enumerator);
! 186:
! 187: return this->initiator ? SUCCESS : NEED_MORE;
! 188: }
! 189:
! 190: METHOD(task_t, migrate, void,
! 191: private_ike_vendor_t *this, ike_sa_t *ike_sa)
! 192: {
! 193: this->ike_sa = ike_sa;
! 194: }
! 195:
! 196: METHOD(task_t, get_type, task_type_t,
! 197: private_ike_vendor_t *this)
! 198: {
! 199: return TASK_IKE_VENDOR;
! 200: }
! 201:
! 202: METHOD(task_t, destroy, void,
! 203: private_ike_vendor_t *this)
! 204: {
! 205: free(this);
! 206: }
! 207:
! 208: /**
! 209: * See header
! 210: */
! 211: ike_vendor_t *ike_vendor_create(ike_sa_t *ike_sa, bool initiator)
! 212: {
! 213: private_ike_vendor_t *this;
! 214:
! 215: INIT(this,
! 216: .public = {
! 217: .task = {
! 218: .build = _build,
! 219: .process = _process,
! 220: .migrate = _migrate,
! 221: .get_type = _get_type,
! 222: .destroy = _destroy,
! 223: },
! 224: },
! 225: .initiator = initiator,
! 226: .ike_sa = ike_sa,
! 227: );
! 228:
! 229: return &this->public;
! 230: }
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>