📄 pgpnetconfig.c
字号:
PGPError err = kPGPError_NoErr;
PGPSize size;
PGPUInt32 u, uNumProposals;
PGPikeTransform* pIke;
PGPNetPrefIKEProposalEntry* prefEntry;
uNumProposals =
pPNConfig->IkeIkeProposalPrefs.u.ikeProposals.numTransforms;
if (uNumProposals > 0)
{
size = uNumProposals * sizeof(PGPNetPrefIKEProposalEntry);
prefEntry = PGPNewData (PGPGetContextMemoryMgr (context),
size, kPGPMemoryMgrFlags_Clear);
if (prefEntry)
{
pIke = pPNConfig->IkeIkeProposalPrefs.u.ikeProposals.t;
for (u=0; u<uNumProposals; u++)
{
prefEntry[u].authMethod = pIke[u].authMethod;
prefEntry[u].hash = pIke[u].hash;
prefEntry[u].cipher = pIke[u].cipher;
prefEntry[u].groupID = pIke[u].groupID;
}
err = PGPSetNetIKEProposalPrefs (
prefref, prefEntry, uNumProposals);
PGPFreeData (prefEntry);
}
else
err = kPGPError_OutOfMemory;
}
return err;
}
// ______________________________________________
//
// load IPSEC proposal prefs into structure used by IKE
PGPError
PGPnetGetIpsecProposalPrefs (
PGPContextRef context,
PGPPrefRef prefref,
PPNCONFIG pPNConfig)
{
PGPError err = kPGPError_NoErr;
PGPSize size;
PGPUInt32 u, uNumProposals;
PGPipsecTransform* pIpsec;
PGPNetPrefIPSECProposalEntry* prefEntry;
err = PGPGetPrefNumber (
prefref, kPGPnetPrefIPSECGroupID,
&pPNConfig->IkeIpsecGroupID); CKERR;
err = PGPGetNetIPSECProposalPrefs (
prefref, &prefEntry, &uNumProposals); CKERR;
pPNConfig->IkeIpsecProposalPrefs.pref = kPGPike_PF_IPSECProposals;
pPNConfig->
IkeIpsecProposalPrefs.u.ipsecProposals.numTransforms = uNumProposals;
if (uNumProposals > 0)
{
size = uNumProposals * sizeof(PGPipsecTransform);
pPNConfig->IkeIpsecProposalPrefs.u.ipsecProposals.t =
PGPNewData (PGPGetContextMemoryMgr (context),
size, kPGPMemoryMgrFlags_Clear);
if (pPNConfig->IkeIpsecProposalPrefs.u.ipsecProposals.t)
{
pIpsec = pPNConfig->IkeIpsecProposalPrefs.u.ipsecProposals.t;
for (u=0; u<uNumProposals; u++)
{
pIpsec[u].useESP = prefEntry[u].useESP;
pIpsec[u].esp.cipher = prefEntry[u].espCipher;
pIpsec[u].esp.authAttr = prefEntry[u].espHash;
pIpsec[u].useAH = prefEntry[u].useAH;
pIpsec[u].ah.authAlg = prefEntry[u].ahAuthAlg;
pIpsec[u].ah.authAttr = prefEntry[u].ahHash;
pIpsec[u].useIPCOMP = prefEntry[u].useIPCOMP;
pIpsec[u].ipcomp.compAlg = prefEntry[u].ipcomp;
pIpsec[u].groupID = pPNConfig->IkeIpsecGroupID;
}
}
else
err = kPGPError_OutOfMemory;
PGPDisposePrefData (prefref, prefEntry);
}
done :
return err;
}
// ______________________________________________
//
// save IPSEC proposal prefs from structure used by IKE
static PGPError
sSetIpsecProposalPrefs (
PGPContextRef context,
PGPPrefRef prefref,
PPNCONFIG pPNConfig)
{
PGPError err = kPGPError_NoErr;
PGPSize size;
PGPUInt32 u, uNumProposals;
PGPipsecTransform* pIpsec;
PGPNetPrefIPSECProposalEntry* prefEntry;
uNumProposals =
pPNConfig->IkeIpsecProposalPrefs.u.ipsecProposals.numTransforms;
if (uNumProposals > 0)
{
size = uNumProposals * sizeof(PGPNetPrefIPSECProposalEntry);
prefEntry = PGPNewData (PGPGetContextMemoryMgr (context),
size, kPGPMemoryMgrFlags_Clear);
if (prefEntry)
{
pIpsec = pPNConfig->IkeIpsecProposalPrefs.u.ipsecProposals.t;
for (u=0; u<uNumProposals; u++)
{
prefEntry[u].useESP = pIpsec[u].useESP;
prefEntry[u].espCipher = pIpsec[u].esp.cipher;
prefEntry[u].espHash = pIpsec[u].esp.authAttr;
prefEntry[u].useAH = pIpsec[u].useAH;
prefEntry[u].ahAuthAlg = pIpsec[u].ah.authAlg;
prefEntry[u].ahHash = pIpsec[u].ah.authAttr;
prefEntry[u].useIPCOMP = pIpsec[u].useIPCOMP;
prefEntry[u].ipcomp = pIpsec[u].ipcomp.compAlg;
}
err = PGPSetNetIPSECProposalPrefs (
prefref, prefEntry, uNumProposals);
PGPFreeData (prefEntry);
}
else
err = kPGPError_OutOfMemory;
}
return err;
}
// ______________________________________________
//
// get preferences file reference
PGPError
PGPnetOpenPrefs (
PGPMemoryMgrRef memmgr,
PGPPrefRef* pprefref)
{
CHAR szPath[MAX_PATH];
PGPError err;
PFLFileSpecRef fileref;
PGPPrefRef prefref;
err = PGPnetGetPrefsFullPath (szPath, sizeof(szPath)); CKERR;
err = PFLNewFileSpecFromFullPath (memmgr, szPath, &fileref); CKERR;
err = PGPOpenPrefFile (fileref, netDefaults,
netDefaultsSize, &prefref);
if ((err == kPGPError_FileOpFailed) ||
(err == kPGPError_FileNotFound))
{
err = PFLFileSpecCreate (fileref);
pgpAssert (IsntPGPError (err));
err = PGPOpenPrefFile (fileref, netDefaults,
netDefaultsSize, &prefref);
pgpAssert (IsntPGPError (err));
}
if (fileref)
PFLFreeFileSpec (fileref);
if (IsPGPError (err))
{
if (PGPPrefRefIsValid (prefref))
PGPClosePrefFile (prefref);
}
else
*pprefref = prefref;
done:
return err;
}
// _______________________________________
//
// Save and close down client preferences file
PGPError
PGPnetClosePrefs (
PGPPrefRef prefref,
PGPBoolean bSave)
{
PGPError err;
if (bSave)
{
err = PGPSavePrefFile (prefref);
pgpAssert (IsntPGPError(err));
}
err = PGPClosePrefFile (prefref);
pgpAssert (IsntPGPError(err));
return err;
}
// ____________________________________
//
// load configuration information from prefs file
PGPError
PGPnetLoadConfiguration (
PGPContextRef context,
PPNCONFIG pPNConfig)
{
PGPPrefRef prefref = kInvalidPGPPrefRef;
PGPNetPrefHostEntry* pHostList = NULL;
PGPError err;
pgpFillMemory(pPNConfig, sizeof(PNCONFIG), '\0');
err = PGPnetOpenPrefs (PGPGetContextMemoryMgr (context), &prefref);
CKERR;
// get booleans
err = PGPGetPrefBoolean (prefref,
kPGPNetPrefEnablePGPnet,
&pPNConfig->bPGPnetEnabled); CKERR;
err = PGPGetPrefBoolean (prefref,
kPGPNetPrefAllowUnconfiguredHosts,
&pPNConfig->bAllowUnconfigHost); CKERR;
err = PGPGetPrefBoolean (prefref,
kPGPNetPrefRequireSecure,
&pPNConfig->bRequireSecure); CKERR;
err = PGPGetPrefBoolean (prefref,
kPGPNetPrefRequireValidKey,
&pPNConfig->bRequireValidKey); CKERR;
err = PGPGetPrefBoolean (prefref,
kPGPNetPrefEnablePassphraseCache,
&pPNConfig->bCachePassphrases); CKERR;
err = PGPGetPrefBoolean (prefref,
kPGPNetPrefExpertMode,
&pPNConfig->bExpertMode); CKERR;
err = PGPGetPrefBoolean (prefref,
kPGPNetPrefFirstExecution,
&pPNConfig->bFirstExecution); CKERR;
err = PGPGetPrefBoolean (prefref,
kPGPNetPrefWarnReSharedSecret,
&pPNConfig->bWarnReSharedSecret); CKERR;
err = PGPGetPrefBoolean (prefref,
kPGPNetPrefEnableIKEKByteExpiration,
&pPNConfig->bIkeKByteExpiration); CKERR;
err = PGPGetPrefBoolean (prefref,
kPGPNetPrefEnableIKETimeExpiration,
&pPNConfig->bIkeTimeExpiration); CKERR;
err = PGPGetPrefBoolean (prefref,
kPGPNetPrefEnableIPSECKByteExpiration,
&pPNConfig->bIpsecKByteExpiration); CKERR;
err = PGPGetPrefBoolean (prefref,
kPGPNetPrefEnableIPSECTimeExpiration,
&pPNConfig->bIpsecTimeExpiration); CKERR;
// get numbers
err = PGPGetPrefNumber (prefref,
kPGPNetPrefIKEKByteExpiration,
&pPNConfig->uIkeKByteExpiration); CKERR;
err = PGPGetPrefNumber (prefref,
kPGPNetPrefIKETimeExpiration,
&pPNConfig->uIkeTimeExpiration); CKERR;
err = PGPGetPrefNumber (prefref,
kPGPNetPrefIPSECKByteExpiration,
&pPNConfig->uIpsecKByteExpiration); CKERR;
err = PGPGetPrefNumber (prefref,
kPGPNetPrefIPSECTimeExpiration,
&pPNConfig->uIpsecTimeExpiration); CKERR;
// get PGP Authentication keyid
err = PGPGetPrefNumber (prefref,
kPGPNetPrefPGPAuthKeyAlgorithm,
&pPNConfig->uPGPAuthKeyAlg); CKERR;
if (pPNConfig->uPGPAuthKeyAlg != kPGPPublicKeyAlgorithm_Invalid)
{
err = PGPGetPrefStringBuffer (prefref,
kPGPNetPrefPGPAuthKeyID,
kPGPMaxExportedKeyIDSize,
pPNConfig->expkeyidPGPAuthKey); CKERR;
}
// get X509 Authentication keyid
err = PGPGetPrefNumber (prefref,
kPGPNetPrefX509AuthKeyAlgorithm,
&pPNConfig->uX509AuthKeyAlg); CKERR;
if (pPNConfig->uX509AuthKeyAlg != kPGPPublicKeyAlgorithm_Invalid)
{
PGPByte* pbyte;
PGPSize size;
err = PGPGetPrefData (prefref,
kPGPNetPrefX509AuthKeyID,
&size,
&pbyte); CKERR;
if (IsntPGPError (err) && pbyte)
{
pgpCopyMemory (pbyte, pPNConfig->expkeyidX509AuthKey, size);
PGPDisposePrefData (prefref, pbyte);
}
err = PGPGetPrefData (prefref,
kPGPNetPrefX509AuthCertIASN,
&pPNConfig->uX509AuthCertIASNLength,
&pPNConfig->pX509AuthCertIASN); CKERR;
}
// fill host entry structure
err = PGPGetNetHostPrefs (prefref,
&pHostList,
&pPNConfig->uHostCount); CKERR;
err = sConvertHostListFromStorage (context,
pPNConfig, pHostList); CKERR;
// fill in IKE prefs structures
err = PGPnetGetIkeAlgorithmPrefs (context, prefref, pPNConfig); CKERR;
err = PGPnetGetIkeProposalPrefs (context, prefref, pPNConfig); CKERR;
err = PGPnetGetIpsecProposalPrefs (context, prefref, pPNConfig); CKERR;
err = sComputeIkeExpirationPrefs (context, pPNConfig); CKERR;
done:
if (pHostList)
PGPDisposePrefData (prefref, pHostList);
if (PGPPrefRefIsValid (prefref))
PGPnetClosePrefs (prefref, FALSE);
return err;
}
// ____________________________________
//
// free all the points in the config structure
PGPError
PGPnetFreeConfiguration (
PPNCONFIG pPNConfig)
{
// if host list exists, dispose of it
if (pPNConfig->pHostList)
{
PGPFreeData (pPNConfig->pHostList);
pPNConfig->pHostList = NULL;
}
// if X509 AuthCert IASN exists, dispose of it
if (pPNConfig->pX509AuthCertIASN)
{
PGPFreeData (pPNConfig->pX509AuthCertIASN);
pPNConfig->pX509AuthCertIASN = NULL;
}
// dispose of IKE prefs proposal arrays
if (pPNConfig->IkeIkeProposalPrefs.u.ikeProposals.t)
{
PGPFreeData (pPNConfig->IkeIkeProposalPrefs.u.ikeProposals.t);
pPNConfig->IkeIkeProposalPrefs.u.ikeProposals.t = NULL;
}
if (pPNConfig->IkeIpsecProposalPrefs.u.ipsecProposals.t)
{
PGPFreeData (pPNConfig->IkeIpsecProposalPrefs.u.ipsecProposals.t);
pPNConfig->IkeIpsecProposalPrefs.u.ipsecProposals.t = NULL;
}
return kPGPError_NoErr;
}
// ____________________________________
//
// reload configuration information from prefs file
PGPError
PGPnetReloadConfiguration (
PGPContextRef context,
PPNCONFIG pPNConfig)
{
PGPError err;
err = PGPnetFreeConfiguration (pPNConfig);
if (IsntPGPError (err))
err = PGPnetLoadConfiguration (context, pPNConfig);
return err;
}
// ____________________________________
//
// save configuration information to prefs file
PGPError
PGPnetSaveConfiguration (
PGPContextRef context,
PPNCONFIG pPNConfig)
{
PGPNetPrefHostEntry* pHostList = NULL;
PGPPrefRef prefref;
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -