Annotation of embedaddon/strongswan/src/libcharon/sa/ikev2/tasks/ike_vendor.c, revision 1.1.1.2
1.1 misho 1: /*
2: * Copyright (C) 2009 Martin Willi
3: * HSR Hochschule fuer Technik Rapperswil
4: *
5: * This program is free software; you can redistribute it and/or modify it
6: * under the terms of the GNU General Public License as published by the
7: * Free Software Foundation; either version 2 of the License, or (at your
8: * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9: *
10: * This program is distributed in the hope that it will be useful, but
11: * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12: * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13: * for more details.
14: */
15:
16: /*
17: * Copyright (C) 2016 secunet Security Networks AG
18: * Copyright (C) 2016 Thomas Egerer
19: *
20: * Permission is hereby granted, free of charge, to any person obtaining a copy
21: * of this software and associated documentation files (the "Software"), to deal
22: * in the Software without restriction, including without limitation the rights
23: * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
24: * copies of the Software, and to permit persons to whom the Software is
25: * furnished to do so, subject to the following conditions:
26: *
27: * The above copyright notice and this permission notice shall be included in
28: * all copies or substantial portions of the Software.
29: *
30: * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
31: * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
32: * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
33: * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
34: * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
35: * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
36: * THE SOFTWARE.
37: */
38:
39: #include "ike_vendor.h"
40:
41: #include <daemon.h>
42: #include <encoding/payloads/vendor_id_payload.h>
43:
44: typedef struct private_ike_vendor_t private_ike_vendor_t;
45:
46: /**
47: * Private data of an ike_vendor_t object.
48: */
49: struct private_ike_vendor_t {
50:
51: /**
52: * Public ike_vendor_t interface.
53: */
54: ike_vendor_t public;
55:
56: /**
57: * Associated IKE_SA
58: */
59: ike_sa_t *ike_sa;
60:
61: /**
62: * Are we the initiator of this task
63: */
64: bool initiator;
65: };
66:
67: /**
68: * Vendor ID database entry
69: */
70: typedef struct {
71: /* Description */
72: char *desc;
73: /* extension flag negotiated with vendor ID, if any */
74: ike_extension_t extension;
75: /* Value from strongswan.conf, whether to send vendor ID */
76: char *setting;
77: /* length of vendor ID string, 0 for NULL terminated */
78: int len;
79: /* vendor ID string */
80: char *id;
81: } vid_data_t;
82:
83: /**
84: * Get the data of a vendor ID as a chunk
85: */
86: static chunk_t get_vid_data(vid_data_t *data)
87: {
88: return chunk_create(data->id, data->len ?: strlen(data->id));
89: }
90:
91: /**
92: * IKEv2 Vendor ID database entry
93: */
94: static vid_data_t vids[] = {
95: /* strongSwan MD5("strongSwan") */
96: { "strongSwan", EXT_STRONGSWAN, "send_vendor_id", 16,
97: "\x88\x2f\xe5\x6d\x6f\xd2\x0d\xbc\x22\x51\x61\x3b\x2e\xbe\x5b\xeb"},
98: { "Cisco Delete Reason", 0, NULL, 0,
99: "CISCO-DELETE-REASON" },
1.1.1.2 ! misho 100: { "Cisco FlexVPN Supported", 0, "cisco_flexvpn", 0,
1.1 misho 101: "FLEXVPN-SUPPORTED" },
102: { "Cisco Copyright (c) 2009", 0, NULL, 0,
103: "CISCO(COPYRIGHT)&Copyright (c) 2009 Cisco Systems, Inc." },
104: { "FRAGMENTATION", 0, NULL, 16,
105: "\x40\x48\xb7\xd5\x6e\xbc\xe8\x85\x25\xe7\xde\x7f\x00\xd6\xc2\xd3"},
106: { "MS NT5 ISAKMPOAKLEY v7", 0, NULL, 20,
107: "\x1e\x2b\x51\x69\x05\x99\x1c\x7d\x7c\x96\xfc\xbf\xb5\x87\xe4\x61\x00\x00\x00\x07"},
108: { "MS NT5 ISAKMPOAKLEY v8", 0, NULL, 20,
109: "\x1e\x2b\x51\x69\x05\x99\x1c\x7d\x7c\x96\xfc\xbf\xb5\x87\xe4\x61\x00\x00\x00\x08"},
110: { "MS NT5 ISAKMPOAKLEY v9", 0, NULL, 20,
111: "\x1e\x2b\x51\x69\x05\x99\x1c\x7d\x7c\x96\xfc\xbf\xb5\x87\xe4\x61\x00\x00\x00\x09"},
112: { "MS-Negotiation Discovery Capable", 0, NULL, 16,
113: "\xfb\x1d\xe3\xcd\xf3\x41\xb7\xea\x16\xb7\xe5\xbe\x08\x55\xf1\x20"},
114: { "Vid-Initial-Contact", 0, NULL, 16,
115: "\x26\x24\x4d\x38\xed\xdb\x61\xb3\x17\x2a\x36\xe3\xd0\xcf\xb8\x19"},
116: };
117:
118: METHOD(task_t, build, status_t,
119: private_ike_vendor_t *this, message_t *message)
120: {
121: vendor_id_payload_t *vid;
122: bool send_vid;
123: int i;
124:
125: for (i = 0; i < countof(vids); i++)
126: {
127: send_vid = FALSE;
128:
129: if (vids[i].setting)
130: {
131: send_vid = lib->settings->get_bool(lib->settings, "%s.%s", send_vid,
132: lib->ns, vids[i].setting);
133: }
134: if (send_vid)
135: {
136: DBG2(DBG_IKE, "sending %s vendor ID", vids[i].desc);
137: vid = vendor_id_payload_create_data(PLV2_VENDOR_ID,
138: chunk_clone(get_vid_data(&vids[i])));
139: message->add_payload(message, &vid->payload_interface);
140: }
141: }
142:
143: return this->initiator ? NEED_MORE : SUCCESS;
144: }
145:
146: METHOD(task_t, process, status_t,
147: private_ike_vendor_t *this, message_t *message)
148: {
149: enumerator_t *enumerator;
150: payload_t *payload;
151: int i;
152:
153: enumerator = message->create_payload_enumerator(message);
154: while (enumerator->enumerate(enumerator, &payload))
155: {
156: if (payload->get_type(payload) == PLV2_VENDOR_ID)
157: {
158: vendor_id_payload_t *vid;
159: chunk_t data;
160: bool found = FALSE;
161:
162: vid = (vendor_id_payload_t*)payload;
163: data = vid->get_data(vid);
164:
165: for (i = 0; i < countof(vids); i++)
166: {
167: if (chunk_equals(get_vid_data(&vids[i]), data))
168: {
169: DBG1(DBG_IKE, "received %s vendor ID", vids[i].desc);
170: if (vids[i].extension)
171: {
172: this->ike_sa->enable_extension(this->ike_sa,
173: vids[i].extension);
174: }
175: found = TRUE;
176: break;
177: }
178: }
179: if (!found)
180: {
181: DBG1(DBG_ENC, "received unknown vendor ID: %#B", &data);
182: }
183: }
184: }
185: enumerator->destroy(enumerator);
186:
187: return this->initiator ? SUCCESS : NEED_MORE;
188: }
189:
190: METHOD(task_t, migrate, void,
191: private_ike_vendor_t *this, ike_sa_t *ike_sa)
192: {
193: this->ike_sa = ike_sa;
194: }
195:
196: METHOD(task_t, get_type, task_type_t,
197: private_ike_vendor_t *this)
198: {
199: return TASK_IKE_VENDOR;
200: }
201:
202: METHOD(task_t, destroy, void,
203: private_ike_vendor_t *this)
204: {
205: free(this);
206: }
207:
208: /**
209: * See header
210: */
211: ike_vendor_t *ike_vendor_create(ike_sa_t *ike_sa, bool initiator)
212: {
213: private_ike_vendor_t *this;
214:
215: INIT(this,
216: .public = {
217: .task = {
218: .build = _build,
219: .process = _process,
220: .migrate = _migrate,
221: .get_type = _get_type,
222: .destroy = _destroy,
223: },
224: },
225: .initiator = initiator,
226: .ike_sa = ike_sa,
227: );
228:
229: return &this->public;
230: }
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>