📄 vpn.c
字号:
#ifdef USR_CCA/* * * Copyright (c) 1996 U.S. Robotics, Access Corp. * All rights reserved. * * Permission to copy, display, distribute and make derivative works * from this material in whole or in part for any purpose is granted * provided that the above copyright notice and this paragraph are * duplicated in all copies. THIS SOFTWARE IS PROVIDED "AS IS" AND * WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES INCLUDING, WITHOUT * LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS * FOR A PARTICULAR PURPOSE. * * If providing code not subject to a copyright please indicate that the * code has been dedicated to the public. * *//* * Copyright [C] The Regents of the University of Michigan and Merit Network, * Inc. 1992, 1993, 1994, 1995, 1996, 1997, 1998 All Rights Reserved * * Permission to use, copy, and modify this software and its documentation * for any purpose and without fee is hereby granted, provided: * * 1) that the above copyright notice and this permission notice appear in all * copies of the software and derivative works or modified versions thereof, * * 2) that both the copyright notice and this permission and disclaimer notice * appear in all supporting documentation, and * * 3) that all derivative works made from this material are returned to the * Regents of the University of Michigan and Merit Network, Inc. with * permission to copy, to display, to distribute, and to make derivative * works from the provided material in whole or in part for any purpose. * * Users of this code are requested to notify Merit Network, Inc. of such use * by sending email to aaa-admin@merit.edu * * Please also use aaa-admin@merit.edu to inform Merit Network, Inc of any * derivative works. * * Distribution of this software or derivative works or the associated * documentation is not allowed without an additional license. * * Licenses for other uses are available on an individually negotiated * basis. Contact aaa-license@merit.edu for more information. * * THIS SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER * EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION WARRANTIES OF * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE REGENTS OF THE * UNIVERSITY OF MICHIGAN AND MERIT NETWORK, INC. DO NOT WARRANT THAT THE * FUNCTIONS CONTAINED IN THE SOFTWARE WILL MEET LICENSEE'S REQUIREMENTS OR * THAT OPERATION WILL BE UNINTERRUPTED OR ERROR FREE. The Regents of the * University of Michigan and Merit Network, Inc. shall not be liable for any * special, indirect, incidental or consequential damages with respect to any * claim by Licensee or any third party arising from use of the software. * * Merit AAA Server Support * Merit Network, Inc. * 4251 Plymouth Road, Suite C. * Ann Arbor, Michigan, USA 48105-2785 * * attn: John Vollbrecht * voice: 734-764-9430 * fax: 734-647-3185 * email: aaa-admin@merit.edu * */static char rcsid[] = "$Id: vpn.c,v 1.1.1.1 2001/08/10 20:49:29 bonze Exp $";
/***************************************************************************** * * vpn.c - VPN related functions * ****************************************************************************/#include <sys/param.h>#include <sys/types.h>#include <sys/socket.h>#include <netinet/in.h>#include <arpa/inet.h>#include <sys/ioctl.h>#include <sys/file.h>#include <sys/time.h>#include <sys/file.h>#include <sys/wait.h>#include <sys/stat.h>#if defined(sys5)#include <sys/sysmacros.h>#endif /* sys5 */#include <net/if.h>#include <stdio.h>#include <stdlib.h>#include <netdb.h>#include <fcntl.h>#include <errno.h>#include <memory.h>#include <signal.h>#include <syslog.h>#include <string.h>#include "radius.h"extern int debug_flag;static int add_vpn_gateway PROTO((AUTH_REQ *, VPN_ROUTER *));static void gen_gw_vector PROTO((char *, char *, char *, char *));
/*********************************************************************** * * Function: parse_vpn * * Purpose: Get the filter name and the VPN data from current line * of the authfile. It sets all those parameters not * found to zero. * ************************************************************************/intparse_vpn (word, vpn_id, vpn_router, router_type, vpn_name, type)char *word;UINT4 *vpn_id;VPN_ROUTER **vpn_router;int *router_type;char **vpn_name;int type; /* Authentication Type */{ char count; char *temp; char *x; char *func = "parse_vpn"; if (strcmp (word, VPN) == 0) { /* Should expect to see VPN id, Neighbor/Gateway, Name on this line */ if ((temp = strtok (NULL, " \t\n\r")) == NULL) { return 1; } /* Convert the string to a number - the VPN ID */ x = temp; count = 0; for ( ; *x ; x++) { if (!isdigit(*x)) { count = 1; break; } } if (count) { logit (LOG_DAEMON, LOG_ERR, "%s: Invalid VPN_ID", func); return 1; } else { *vpn_id = atoi (temp); } if ((temp = strtok (NULL, " \t\n\r")) == NULL) { if (type == AA_RAD) { logit (LOG_DAEMON, LOG_INFO,"%s: Missing VPN Neighbor/Gateway info. for VPN %d. Assuming the Remote server will supply this information", func, *vpn_id); *router_type = PW_USR_VPN_GATEWAY; *vpn_router = (VPN_ROUTER *) NULL; *vpn_name = NULL; return 0; } else /* Local VPN type must have a VPN neighbor/gateway defined */ { logit (LOG_DAEMON, LOG_ERR, "%s: Missing VPN Neighbor/Gateway for Local-VPN %d", func, *vpn_id); return 1; } } else if (strcmp (temp, VPN_NEIGHBOR) == 0) { *router_type = PW_USR_VPN_NEIGHBOR; } else if (strcmp (temp, VPN_GATEWAY) == 0) { *router_type = PW_USR_VPN_GATEWAY; } else if (strcmp (temp, VPN_NAME) == 0) { if (type == AA_RAD) { logit (LOG_DAEMON, LOG_INFO,"%s: Missing VPN Neighbor/Gateway info. for VPN %d. Assuming the Remote server will supply this information", func, *vpn_id); *router_type = PW_USR_VPN_GATEWAY; *vpn_router = (VPN_ROUTER *) NULL; *vpn_name = strtok (NULL, " \t\n\r"); return 0; } else /* Local VPN type must have a VPN neighbor/gateway defined */ { logit (LOG_DAEMON, LOG_ERR, "%s: Missing VPN Neighbor/Gateway for Local-VPN %d", func, *vpn_id); return 1; } } else /* something strange */ { logit (LOG_DAEMON, LOG_ERR, "%s: Invalid entry in authfile for VPN %d", func, *vpn_id); return 1; } /* * We can get here only if VPN Gateways/Neighbor are defined * in the authfile */ return parse_rtr (*router_type, vpn_router, vpn_name); } /* end if (strcmp (type, VPN) == 0) */ else if (strcmp (word, VPN_GATEWAY) == 0 && type == AA_LOCAL_VPN) { /* List of Realm Gateways */ *router_type = GATEWAYS_ONLY; return parse_rtr (*router_type, vpn_router, vpn_name); } else /* Error */ { return 1; }} /* end of parse_vpn () */
/****************************************************************************** * * Function: parse_rtr * * Purpose: Parse the VPN Gateway/Neighbor information * *****************************************************************************/intparse_rtr (type, vpn_router, vpn_name)int type;VPN_ROUTER **vpn_router;char **vpn_name;{ int count = 0; int count2; int xx; UINT4 ipaddr; char *temp; char *temp2; char *temp3; char *x; VPN_ROUTER *rtr; VPN_ROUTER **neigh_ptr; struct in_addr addr; char *func = "parse_rtr"; neigh_ptr = vpn_router; temp = strtok (NULL, " \t\n\r"); if (type == PW_USR_VPN_GATEWAY || type == GATEWAYS_ONLY) { while (temp != NULL && strcmp (temp, VPN_NAME) != 0) { temp2 = strdup (temp); count2 = strlen (temp); temp += count2 + 1; if (temp2[count2 - 1] == ':') { /* Detecting errors of type '1.1.1.1:' */ temp2[count2 - 1] = '\0'; logit (LOG_DAEMON, LOG_ERR, "%s: Error in authfile. Missing Tunnel-Refresh for %s", func, temp2); free_vpn_rtr (vpn_router); return (1); } temp3 = strtok (temp2, ":"); /* * if ((ipaddr = get_ipaddr (temp3)) != 0) { */ if ((rtr = (VPN_ROUTER *) malloc (sizeof (VPN_ROUTER))) == (VPN_ROUTER *) NULL) { logit (LOG_DAEMON, LOG_ALERT, "%s: FATAL out of memory", func); abort (); } rtr->hostname = strdup (temp3); /* rtr->ipaddr = ipaddr; */ rtr->next = (VPN_ROUTER *) NULL; *neigh_ptr = rtr; neigh_ptr = &(*neigh_ptr)->next; count++; if ((temp3 = strtok (NULL, "")) != NULL) { x = temp3; count2 = 0; for (; *x; x++) { if (!isdigit (*x)) { count2 = 1; break; } } if (count2) { addr.s_addr = ipaddr; logit (LOG_DAEMON, LOG_INFO, "%s: Error in authfile. Gateway %s has invalid Tunnel Refresh specified.", func, inet_ntoa (addr)); free_vpn_rtr (vpn_router); free (temp2); return (1); } else { /* t_ref = atoi (temp3); if (t_ref > USHRT_MAX) { logit (LOG_DAEMON, LOG_ERR, "%s: Tunnel Refresh must be less than %d", func, USHRT_MAX); free_vpn_rtr (vpn_router); free (temp2); return (1); } xx = sizeof (int) - 1; for (i = TUNNEL_REF_LEN - 1; i >= 0; i++) { rtr->tunnel_refresh[i] = (char *) &t_ref[xx]; xx--; } */ rtr->tunnel_refresh = atoi (temp3); rtr->tunnel_present = TRUE; } } else /* No Tunnel Refresh specified */ { rtr->tunnel_present = FALSE; } /*} * end if (ipaddr = get_ipaddr (........) * else * Something wrong with this entry * { free_vpn_rtr (vpn_router); free (temp2); logit (LOG_DAEMON, LOG_ERR, "%s: Error in authfile entry at %s", func, temp3); return (1); } */ free (temp2); temp2 = temp; temp = NULL; temp = strtok (temp2, " \t\n\r"); } /* end while loop */ } /* end if (*router_type == VPN_GATEWAY) */ else /* router_type == VPN_NEIGHBOR */ { /*if ((ipaddr = get_ipaddr (temp)) != 0) {*/ if ((rtr = (VPN_ROUTER *) malloc (sizeof (VPN_ROUTER))) == (VPN_ROUTER *) NULL) { logit (LOG_DAEMON, LOG_ALERT, "%s: FATAL out of memory", func); abort (); } /* rtr->ipaddr = ipaddr; */ if (insert_client (temp, "", "", 0, CE_NEIGHBOR, (VENDOR_LIST *) NULL, VER1) < 0) { logit (LOG_DAEMON, LOG_ERR, "%s: Problem parsing authfile at '%s'", func, temp); return (1); } rtr->hostname = strdup (temp); rtr->next = (VPN_ROUTER *) NULL; rtr->tunnel_present = FALSE; *neigh_ptr = rtr; count++; temp = strtok (NULL, " \t\n\r"); } /* else { logit (LOG_DAEMON, LOG_ERR, "%s: Error in authfile at '%s'", func, temp); return (1); } } * end else [ *router_type == VPN_NEIGHBOR] */ if (count == 0) { logit (LOG_DAEMON, LOG_ERR, "%s: Missing VPN Neighbor/Gateway Information in authfile", func); return 1; } if (temp != NULL && strcmp (temp, VPN_NAME) == 0) { *vpn_name = strtok (NULL, " \t\n\r"); } else { *vpn_name = NULL; } return 0;} /* end of parse_rtr () */
/***************************************************************************** * * Function: free_vpn_rtr * * Purpose: Frees the link list of VPN_ROUTER structures * *****************************************************************************/voidfree_vpn_rtr (vpn_router)VPN_ROUTER **vpn_router;{ VPN_ROUTER *x;⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -