📄 pgpnetkernelworker.cpp
字号:
pSADiedMsg = (PGPnetSADiedMsg*)¤tMsg->message;
if (pSADiedMsg)
doSADied(pSADiedMsg->spi);
break;
}
case PGPnetMessageError:
{
debugMsg(__LINE__, "Got Error from Kernel");
PGPnetErrorMsg * pErrorMsg = 0;
pErrorMsg = (PGPnetErrorMsg*)¤tMsg->message;
if (pErrorMsg) {
CPGPnetAppLog::instance()->logPGPEvent(
pErrorMsg->errorCode,
pErrorMsg->ipAddress,
__FILE__,
__LINE__);
}
break;
}
case PGPnetMessageRASdisconnect:
debugMsg(__LINE__, "Received RAS event");
// put onto IKE Queue
g_IKEQueue.startWriting();
g_IKEQueue.data().push(
CPGPnetQueueElement(0, 0, kPGPike_MT_SAKillAll, 0));
g_IKEQueue.stopWriting();
g_IKEQueue.setEvent();
break;
case PGPnetMessageReserved:
default:
debugMsg(__LINE__, "Message Type not supported");
break;
}
}
debugMsg(__LINE__, "<< processKernelEvent");
}
void
CPGPnetKernelWorker::doSADied(PGPipsecSPI spi)
{
debugMsg(__LINE__, ">> doSADied(%d)", spi);
g_SAarray.startReading();
PGPikeSA* pSA = g_SAarray.data().findSA(spi, sizeof(PGPipsecSPI));
g_SAarray.stopReading();
if (!pSA)
return;
// put a copy of the *pointer* onto IKE queue
g_IKEQueue.startWriting();
g_IKEQueue.data().push(CPGPnetQueueElement(
sizeof(PGPikeSA*),
&pSA,
kPGPike_MT_SADied,
pSA->ipAddress));
g_IKEQueue.stopWriting();
g_IKEQueue.setEvent();
debugMsg(__LINE__, "<< doSADied(%d)", spi);
}
void
CPGPnetKernelWorker::doSARekey(PGPipsecSPI spi)
{
debugMsg(__LINE__, ">> doSARekey(%d)", spi);
g_SAarray.startReading();
PGPikeSA* pSA = g_SAarray.data().findSA(spi, sizeof(PGPipsecSPI));
g_SAarray.stopReading();
if (!pSA)
return;
// put a copy of the *pointer* onto IKE queue
g_IKEQueue.startWriting();
g_IKEQueue.data().push(CPGPnetQueueElement(
sizeof(PGPikeSA*),
&pSA,
kPGPike_MT_SARekey,
pSA->ipAddress));
g_IKEQueue.stopWriting();
g_IKEQueue.setEvent();
debugMsg(__LINE__, "<< doSARekey(%d)", spi);
}
void
CPGPnetKernelWorker::doSARequest(PGPUInt32 ipAddress,
PGPUInt32 ipAddrStart,
PGPUInt32 ipMaskEnd)
{
PGPNetHostEntry *host = 0;
debugMsg(__LINE__, ">> doSARequest(%s,%s,%s)", inet_ntoa(*((struct in_addr *) &ipAddress)),
inet_ntoa(*((struct in_addr *) &ipAddrStart)),
inet_ntoa(*((struct in_addr *) &ipMaskEnd)));
g_pConfig->startReading();
host = g_pConfig->data().findHost(ipAddress);
if (host) {
doSARequest(host, ipAddress, ipAddrStart, ipMaskEnd);
g_pConfig->stopReading();
} else {
g_pConfig->stopReading();
PGPikeMTSASetup tS;
pgpClearMemory(&tS, sizeof(PGPikeMTSASetup));
tS.approved = TRUE;
tS.doi = kPGPike_DOI_IPSEC;
tS.localIPAddress = getLocalIP(); // XXX error check
tS.ipAddress = ipAddress;
// trying to talk to an unconfigured host, must be transport mode
tS.u.ipsec.packetMode = kPGPike_PM_Transport;
g_IKEQueue.startWriting();
g_IKEQueue.data().push(
CPGPnetQueueElement(sizeof(tS), &tS, kPGPike_MT_SARequest, 0));
g_IKEQueue.stopWriting();
g_IKEQueue.setEvent();
}
debugMsg(__LINE__, "<< doSARequest(%s,%s,%s)", inet_ntoa(*((struct in_addr *) &ipAddress)),
inet_ntoa(*((struct in_addr *) &ipAddrStart)),
inet_ntoa(*((struct in_addr *) &ipMaskEnd)));}
void
CPGPnetKernelWorker::doSARequest(PGPNetHostEntry *host,
PGPUInt32 ipAddress,
PGPUInt32 ipAddrStart,
PGPUInt32 ipMaskEnd)
{
if (!host)
return;
debugMsg(__LINE__, ">> doSARequest(%s,%s,%s)", inet_ntoa(*((struct in_addr *) &ipAddress)),
inet_ntoa(*((struct in_addr *) &ipAddrStart)),
inet_ntoa(*((struct in_addr *) &ipMaskEnd)));
PGPikeMTSASetup tS;
pgpClearMemory(&tS, sizeof(PGPikeMTSASetup));
tS.approved = TRUE;
tS.doi = kPGPike_DOI_IPSEC;
tS.localIPAddress = getLocalIP(); // XXX error check
tS.ipAddress = ipAddress;
if (host->hostType == kPGPnetSecureGateway) {
tS.u.ipsec.packetMode = kPGPike_PM_Tunnel;
tS.u.ipsec.destIsRange = FALSE;
tS.u.ipsec.ipAddrStart = ipAddrStart;
tS.u.ipsec.ipMaskEnd = ipMaskEnd;
debugMsg(__LINE__, "Asking for Tunnel SA: %s, %s, %s",
inet_ntoa(*((struct in_addr *) &host->ipAddress)),
inet_ntoa(*((struct in_addr *) &ipAddrStart)),
inet_ntoa(*((struct in_addr *) &ipMaskEnd)));
} else if (host->hostType == kPGPnetSecureHost) {
tS.u.ipsec.packetMode = kPGPike_PM_Transport;
}
if (host->sharedSecret) {
// this is freed in IKEworker::processQueue()
PGPUInt32 secretSize = strlen(host->sharedSecret);
tS.sharedKey = new PGPByte[secretSize+1]; // w/ null
pgpCopyMemory(host->sharedSecret /*src*/,
tS.sharedKey /*dest*/,
secretSize+1); // w/ null
tS.sharedKeySize = secretSize; // w/o null
} else {
tS.sharedKey = 0;
tS.sharedKeySize = 0;
}
tS.u.ipsec.idType = (PGPipsecIdentity)host->identityType;
if (tS.u.ipsec.idType == kPGPike_ID_IPV4_Addr) {
tS.u.ipsec.idDataSize = sizeof(PGPUInt32);
// this is freed in IKEworker::processQueue()
tS.u.ipsec.idData = (PGPByte*) PGPNewData(
PGPGetContextMemoryMgr(g_Context),
tS.u.ipsec.idDataSize,
kPGPMemoryMgrFlags_Clear); // XXX error check
pgpCopyMemory(&(host->identityIPAddress) /*src*/,
tS.u.ipsec.idData /*dest*/,
tS.u.ipsec.idDataSize);
} else if (tS.u.ipsec.idType == kPGPike_ID_DER_ASN1_DN) {
// this is freed in IKEworker::processQueue();
PGPError err = PGPCreateDistinguishedName(g_Context,
host->identity,
&tS.u.ipsec.idData,
&tS.u.ipsec.idDataSize); // XXX error check
} else {
tS.u.ipsec.idDataSize = strlen((char*)host->identity);
// this is freed in IKEworker::processQueue()
tS.u.ipsec.idData = (PGPByte*) PGPNewData(
PGPGetContextMemoryMgr(g_Context),
tS.u.ipsec.idDataSize + 1, // include null terminator
kPGPMemoryMgrFlags_Clear); // XXX error check
pgpCopyMemory(host->identity /*src*/,
tS.u.ipsec.idData /*dest*/,
tS.u.ipsec.idDataSize + 1); // w/ null
}
g_IKEQueue.startWriting();
g_IKEQueue.data().push(
CPGPnetQueueElement(sizeof(tS), &tS, kPGPike_MT_SARequest, 0));
g_IKEQueue.stopWriting();
g_IKEQueue.setEvent();
debugMsg(__LINE__, "<< doSARequest(%s,%s,%s)", inet_ntoa(*((struct in_addr *) &ipAddress)),
inet_ntoa(*((struct in_addr *) &ipAddrStart)),
inet_ntoa(*((struct in_addr *) &ipMaskEnd)));
}
PGPInt32
CPGPnetKernelWorker::getMacName()
{
debugMsg(__LINE__, ">> getMacName");
if (g_platformID == VER_PLATFORM_WIN32_WINDOWS) {
m_MacName = "PgpMac";
return ERROR_SUCCESS;
} else if (g_platformID == VER_PLATFORM_WIN32_NT) {
// look for name of driver in registry
char *tmpString = 0;
DWORD dwSize = 0;
PGPInt32 ret = 0;
std::string sKey;
HKEY hKey;
if (g_isWAN) {
sKey =
"SYSTEM\\CurrentControlSet\\Services\\NdisWanPgpMacMp\\Linkage";
} else {
sKey = "SYSTEM\\CurrentControlSet\\Services\\PgpMacMp\\Linkage";
}
debugMsg(__LINE__, "Looking for name in (%s)", sKey.c_str());
ret = RegOpenKeyEx(HKEY_LOCAL_MACHINE,sKey.c_str(),0,KEY_READ,&hKey);
if (ret == ERROR_SUCCESS) {
ret = RegQueryValueEx(hKey, "Export", 0, 0, 0, &dwSize);
tmpString = new char[dwSize];
ret = RegQueryValueEx(hKey,
"Export",
0,
0,
(PGPByte*)tmpString,
&dwSize);
RegCloseKey(hKey);
if (ret != ERROR_SUCCESS) {
debugMsg(__LINE__, "Unable to query key: %d", GetLastError());
m_MacName = "PgpMacMP2";
} else {
m_MacName = strrchr(tmpString, '\\');
m_MacName.erase(m_MacName.begin());
}
} else {
debugMsg(__LINE__, "Unable to open key: %d", GetLastError());
m_MacName = "PgpMacMP2";
}
delete [] tmpString;
debugMsg(__LINE__, "<< getMacName(%d)", ret);
return ret;
}
debugMsg(__LINE__, "<< getMacName(0)");
return 0;
}
PGPUInt32
CPGPnetKernelWorker::getLocalIP()
{
debugMsg(__LINE__, "<< getLocalIP");
if (g_isWAN && g_platformID == VER_PLATFORM_WIN32_NT) {
char *tmpString = 0;
DWORD dwSize = 0;
HKEY hKey;
PGPInt32 ret;
std::string sKey =
"SOFTWARE\\Network Associates\\PGP\\PGPnet";
std::string adapterNum, realMac;
// Step One: Get AdapterNum
ret = RegOpenKeyEx(HKEY_LOCAL_MACHINE,sKey.c_str(),0,KEY_READ,&hKey);
if (ret != ERROR_SUCCESS)
goto error;
ret = RegQueryValueEx(hKey, "AdapterNum", 0, 0, 0, &dwSize);
tmpString = new char[dwSize];
ret = RegQueryValueEx(hKey,
"AdapterNum",
0,
0,
(PGPByte*)tmpString,
&dwSize);
RegCloseKey(hKey);
if (ret != ERROR_SUCCESS) {
delete [] tmpString;
goto error;
}
adapterNum = tmpString;
// Step Two: Get RealMac
delete [] tmpString;
sKey = "SYSTEM\\CurrentControlSet\\Services\\NdisWanPgpMacMp";
sKey += adapterNum + "\\Parameters";
ret = RegOpenKeyEx(HKEY_LOCAL_MACHINE,sKey.c_str(),0,KEY_READ,&hKey);
if (ret != ERROR_SUCCESS)
goto error;
ret = RegQueryValueEx(hKey, "RealMac", 0, 0, 0, &dwSize);
tmpString = new char[dwSize];
ret = RegQueryValueEx(hKey,
"RealMac",
0,
0,
(PGPByte*)tmpString,
&dwSize);
RegCloseKey(hKey);
if (ret != ERROR_SUCCESS) {
delete [] tmpString;
goto error;
}
realMac = strrchr(tmpString, '\\');
realMac.erase(realMac.begin());
// Step Three: Get DhcpIpAddress
delete [] tmpString;
sKey = "SYSTEM\\CurrentControlSet\\Services\\";
sKey += realMac + "\\Parameters\\Tcpip";
ret = RegOpenKeyEx(HKEY_LOCAL_MACHINE,sKey.c_str(),0,KEY_READ,&hKey);
if (ret != ERROR_SUCCESS)
goto error;
ret = RegQueryValueEx(hKey, "DhcpIPAddress", 0, 0, 0, &dwSize);
tmpString = new char[dwSize];
ret = RegQueryValueEx(hKey,
"DhcpIPAddress",
0,
0,
(PGPByte*)tmpString,
&dwSize);
RegCloseKey(hKey);
if (ret != ERROR_SUCCESS) {
delete [] tmpString;
goto error;
}
// Step Four: Convert string to PGPUInt32
g_localIP = inet_addr(tmpString);
delete [] tmpString;
return g_localIP;
}
// All other instances query driver
DWORD dwBytesReturned;
dwBytesReturned = 0;
debugMsg(__LINE__, "Sending OID_PGP_LOCALIP");
if (!sendKernelRequest(OID_PGP_LOCALIP, &g_localIP,
sizeof(g_localIP), &dwBytesReturned)
|| dwBytesReturned != sizeof(g_localIP))
{
debugMsg(__LINE__, "OID_PGP_LOCALIP failed - Unexpected size=%d or errorCode=%d\n",
dwBytesReturned,
GetLastError());
}
debugMsg(__LINE__, "<< getLocalIP(%s)", inet_ntoa(*((struct in_addr *) &g_localIP)));
return g_localIP;
error:
debugMsg(__LINE__, "<< getLocalIP(%s)", inet_ntoa(*((struct in_addr *) &g_localIP)));
g_localIP = 0;
return g_localIP;
}⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -