📄 pgpnetconfig.c
字号:
// save numbers
err = PGPSetPrefNumber (prefref,
kPGPnetPrefUnconfiguredMode,
pPNConfig->uUnconfiguredMode); CKERR;
err = PGPSetPrefNumber (prefref,
kPGPNetPrefIKEKByteExpiration,
pPNConfig->uIkeKByteExpiration); CKERR;
err = PGPSetPrefNumber (prefref,
kPGPNetPrefIKETimeExpiration,
pPNConfig->uIkeTimeExpiration); CKERR;
err = PGPSetPrefNumber (prefref,
kPGPNetPrefIPSECKByteExpiration,
pPNConfig->uIpsecKByteExpiration); CKERR;
err = PGPSetPrefNumber (prefref,
kPGPNetPrefIPSECTimeExpiration,
pPNConfig->uIpsecTimeExpiration); CKERR;
err = PGPSetPrefNumber (prefref,
kPGPnetPrefIPSECGroupID,
pPNConfig->IkeIpsecGroupID); CKERR;
err = PGPSetPrefNumber (prefref,
kPGPnetPrefBlockMinutes,
pPNConfig->uBlockMinutes); CKERR;
err = PGPSetPrefNumber (prefref,
kPGPnetPrefFirewallRuleSet,
pPNConfig->uRuleSet); CKERR;
err = PGPSetPrefNumber (prefref,
kPGPNetPrefTrustSubnetOption,
pPNConfig->uSubnetTrustOption); CKERR;
// save strings
err = PGPSetPrefString (prefref,
kPGPNetPrefAttackNotifyEmail,
pPNConfig->szEmailAddress); CKERR;
err = PGPSetPrefString (prefref,
kPGPNetPrefAttackNotifySMTPServer,
pPNConfig->szMailServer); CKERR;
// save keyrings
err = PGPSetPrefString (prefref,
kPGPNetPrefPublicKeyringFile,
pPNConfig->szPublicKeyringFile);
err = PGPSetPrefString (prefref,
kPGPNetPrefPrivateKeyringFile,
pPNConfig->szPrivateKeyringFile);
// save PGP authentication key info
if (pPNConfig->bUsePGPAuthKey)
{
err = PGPSetPrefData (prefref,
kPGPNetPrefPGPAuthKeyID,
sizeof(PGPKeyID),
&pPNConfig->keyidPGPAuth);
}
// save X509 authentication key info
if (pPNConfig->bUseX509AuthKey)
{
err = PGPSetPrefData (prefref,
kPGPNetPrefX509AuthKeyID,
sizeof(PGPKeyID),
&pPNConfig->keyidX509Auth);
if (pPNConfig->uX509AuthCertIASNLength > 0)
{
err = PGPSetPrefData (prefref,
kPGPNetPrefX509AuthCertIASN,
pPNConfig->uX509AuthCertIASNLength,
pPNConfig->pX509AuthCertIASN);
}
}
// save host list
err = PGPSetNetHostPrefs (prefref,
pPNConfig->pHostList,
pPNConfig->uHostCount); CKERR;
// save blocked host list
err = PGPSetNetBlockedPrefs (prefref,
pPNConfig->pBlockedList,
pPNConfig->uBlockedCount); CKERR;
// save trusted host list
err = PGPSetNetTrustedPrefs (prefref,
pPNConfig->pTrustedList,
pPNConfig->uTrustedCount); CKERR;
// save firewall rule list
if (pPNConfig->uRuleSet == kPGPNetFirewallRuleSet_Custom)
{
err = PGPSetNetFirewallRulePrefs (prefref,
pPNConfig->pRuleList,
pPNConfig->uRuleCount); CKERR;
}
// save IKE prefs
err = sSetIkeAlgorithmPrefs (prefref, pPNConfig); CKERR;
err = sSetIkeProposalPrefs (context, prefref, pPNConfig); CKERR;
err = sSetIpsecProposalPrefs (context, prefref, pPNConfig); CKERR;
done:
return err;
}
PGPError
PGPnetSaveKnownConfig (
PGPContextRef context,
PGPPrefRef prefref,
PPNKNOWNCONFIG pPNKnownConfig)
{
PGPError err;
if (!PGPPrefRefIsValid (prefref))
return kPGPError_BadParams;
err = PGPSetNetKnownRuleSet (prefref,
kPGPNetPrefAutoRuleArray,
pPNKnownConfig->pAutoRuleList,
pPNKnownConfig->uAutoRuleCount); CKERR;
err = PGPSetNetKnownRuleSet (prefref,
kPGPNetPrefKnownRuleArray,
pPNKnownConfig->pKnownRuleList,
pPNKnownConfig->uKnownRuleCount); CKERR;
err = PGPSetNetKnownRuleSet (prefref,
kPGPNetPrefSmartRuleArray,
pPNKnownConfig->pSmartRuleList,
pPNKnownConfig->uSmartRuleCount); CKERR;
done:
return err;
}
// ____________________________________
//
// open the keyring files specified in the PNCONFIG structure
PGPError
PGPnetOpenKeyrings (
PGPContextRef context,
PPNCONFIG pPNConfig,
UINT uOpenFlags,
PGPKeyDBRef* pkeydb)
{
PGPError err = kPGPError_FileNotFound;
PGPFileSpecRef filerefPriv = NULL;
PGPFileSpecRef filerefPub = NULL;
if ((lstrlen (pPNConfig->szPublicKeyringFile) > 0) &&
(lstrlen (pPNConfig->szPrivateKeyringFile) > 0))
{
err = PGPNewFileSpecFromFullPath (context,
pPNConfig->szPublicKeyringFile, &filerefPub);
if (IsPGPError (err))
return err;
err = PGPNewFileSpecFromFullPath (context,
pPNConfig->szPrivateKeyringFile, &filerefPriv);
if (IsPGPError (err))
return err;
err = PGPOpenKeyDBFile (context, uOpenFlags,
filerefPub, filerefPriv, pkeydb);
PGPFreeFileSpec (filerefPub);
PGPFreeFileSpec (filerefPriv);
}
return err;
}
// ____________________________________
//
// load configuration information from prefs file
PGPError
PGPnetAddPromiscuousHostToConfiguration (
PGPContextRef context,
PPNCONFIG pPNConfig,
PGPUInt32 uIPAddressHost,
PGPUInt32 uIPAddressLocal,
PGPKeyDBObjRef keyAuth,
PGPKeyDBObjRef sigAuth)
{
PGPError err = kPGPError_NoErr;
PGPSize size;
PGPNetPrefHostEntry* pNewList;
PGPUInt32 u;
size = pPNConfig->uHostCount * sizeof (PGPNetPrefHostEntry);
pNewList = PGPNewData (PGPPeekContextMemoryMgr (context),
size + sizeof (PGPNetPrefHostEntry),
kPGPMemoryMgrFlags_Clear);
if (pNewList)
{
// copy old list to new
if (pPNConfig->pHostList)
pgpCopyMemory (pPNConfig->pHostList, pNewList, size);
// fill in new list element
u = pPNConfig->uHostCount;
pNewList[u].hostType = kPGPnetSecureHost;
pNewList[u].ipAddrStart = uIPAddressHost;
pNewList[u].ipMaskEnd = 0xFFFFFFFF;
pNewList[u].childOf = -1;
strcpy (pNewList[u].hostName, "Untitled Host");
pNewList[u].sharedSecret[0] = '\0';
pNewList[u].useAuthKeyR = FALSE;
pNewList[u].authCertIASNLengthR = 0;
if (PGPKeyDBObjRefIsValid (keyAuth))
{
err = PGPGetKeyID (keyAuth, &pNewList[u].authKeyIDR); CKERR;
if (PGPKeyDBObjRefIsValid (sigAuth))
{
PGPGetKeyDBObjDataProperty (sigAuth,
kPGPSigProperty_X509IASN, NULL, 0,
&pNewList[u].authCertIASNLengthR);
if (pNewList[u].authCertIASNLengthR > 0)
{
err = PGPGetKeyDBObjDataProperty (sigAuth,
kPGPSigProperty_X509IASN,
pNewList[u].authCertIASNR,
sizeof(pNewList[u].authCertIASNR),
&pNewList[u].authCertIASNLengthR);
CKERR;
}
}
}
}
else
err = kPGPError_OutOfMemory;
done :
if (IsntPGPError (err))
{
if (pPNConfig->pHostList)
PGPFreeData (pPNConfig->pHostList);
pPNConfig->pHostList = pNewList;
pPNConfig->uHostCount++;
}
return err;
}
// ____________________________________
//
// get authentication key and sig refs from keyset
PGPError
PGPnetGetConfiguredAuthKeys (
PGPContextRef context,
PPNCONFIG pPNConfig,
PGPKeyDBRef keydb,
PGPKeyDBObjRef* pkeyPGP,
PGPKeyDBObjRef* psigX509)
{
PGPKeyListRef keylist = kInvalidPGPKeyListRef;
PGPKeyIterRef keyiter = kInvalidPGPKeyIterRef;
PGPKeySetRef keysetX509 = kInvalidPGPKeySetRef;
PGPKeyDBObjRef key = kInvalidPGPKeyDBObjRef;
PGPKeyDBObjRef keyX509 = kInvalidPGPKeyDBObjRef;
PGPKeyDBObjRef userid = kInvalidPGPKeyDBObjRef;
PGPKeyDBObjRef sig = kInvalidPGPKeyDBObjRef;
PGPError err = kPGPError_NoErr;
PGPByte* pIASN = NULL;
PGPBoolean bPGPKeyNotFound = FALSE;
PGPSize size;
PGPValidatePtr (pkeyPGP);
PGPValidatePtr (psigX509);
*pkeyPGP = kInvalidPGPKeyDBObjRef;
*psigX509 = kInvalidPGPKeyDBObjRef;
if (!PGPKeyDBRefIsValid (keydb))
return kPGPError_BadParams;
// get PGP key ref
if (pPNConfig->bUsePGPAuthKey)
{
err = PGPFindKeyByKeyID (keydb, &pPNConfig->keyidPGPAuth, pkeyPGP);
// if key is missing, we still want to look for X.509 key
if (err == kPGPError_ItemNotFound)
{
err = kPGPError_NoErr;
bPGPKeyNotFound = TRUE;
}
CKERR;
}
// get X.509 key
if (pPNConfig->bUseX509AuthKey &&
pPNConfig->pX509AuthCertIASN)
{
err = PGPFindKeyByKeyID (keydb, &pPNConfig->keyidX509Auth, &keyX509);
}
// get X.509 sig
if (PGPKeyDBObjRefIsValid (keyX509))
{
err = PGPNewOneKeySet (keyX509, &keysetX509); CKERR;
err = PGPOrderKeySet (keysetX509,
kPGPKeyOrdering_Any, FALSE, &keylist); CKERR;
err = PGPNewKeyIter (keylist, &keyiter); CKERR;
err = PGPKeyIterNextKeyDBObj (keyiter,
kPGPKeyDBObjType_Key, &key); CKERR;
err = PGPKeyIterNextKeyDBObj (keyiter,
kPGPKeyDBObjType_UserID, &userid); CKERR;
while (userid)
{
PGPKeyIterNextKeyDBObj (keyiter,
kPGPKeyDBObjType_Signature, &sig);
while ( PGPKeyDBObjRefIsValid (sig) &&
!PGPKeyDBObjRefIsValid (*psigX509))
{
size = 0;
PGPGetKeyDBObjDataProperty (sig,
kPGPSigProperty_X509IASN, NULL, 0, &size);
if (size == pPNConfig->uX509AuthCertIASNLength)
{
pIASN = PGPNewData (
PGPPeekContextMemoryMgr (context),
size, kPGPMemoryMgrFlags_Clear);
if (pIASN)
{
err = PGPGetKeyDBObjDataProperty (sig,
kPGPSigProperty_X509IASN, pIASN,
size, &size); CKERR;
if (pgpMemoryEqual (pIASN,
pPNConfig->pX509AuthCertIASN, size))
{
*psigX509 = sig;
}
PGPFreeData (pIASN);
pIASN = NULL;
}
}
PGPKeyIterNextKeyDBObj (keyiter,
kPGPKeyDBObjType_Signature, &sig);
}
PGPKeyIterNextKeyDBObj (keyiter,
kPGPKeyDBObjType_UserID, &userid);
}
}
done :
if (pIASN != NULL)
PGPFreeData (pIASN);
if (PGPKeySetRefIsValid (keysetX509))
PGPFreeKeySet (keysetX509);
if (PGPKeyIterRefIsValid (keyiter))
PGPFreeKeyIter (keyiter);
if (PGPKeyListRefIsValid (keylist))
PGPFreeKeyList (keylist);
if (IsntPGPError (err) && (bPGPKeyNotFound))
err = kPGPError_ItemNotFound;
return err;
}
// ____________________________________
//
// get host authentication key and sig refs from keyset
PGPError
PGPnetGetConfiguredHostAuthKeys (
PGPContextRef context,
PGPNetPrefHostEntry* pHost,
PGPKeyDBRef keydb,
PGPBoolean bLocal,
PGPKeyDBObjRef* pkey,
PGPKeyDBObjRef* psig)
{
PGPKeyListRef keylist = kInvalidPGPKeyListRef;
PGPKeyIterRef keyiter = kInvalidPGPKeyIterRef;
PGPKeySetRef keysetX509 = kInvalidPGPKeySetRef;
PGPKeyDBObjRef key = kInvalidPGPKeyDBObjRef;
PGPKeyDBObjRef userid = kInvalidPGPKeyDBObjRef;
PGPKeyDBObjRef sig = kInvalidPGPKeyDBObjRef;
PGPError err = kPGPError_NoErr;
PGPByte* pIASN = NULL;
PGPSize sizeIASN;
PGPByte* pHostIASN;
PGPSize sizeHostIASN;
PGPValidatePtr (pkey);
PGPValidatePtr (psig);
*pkey = kInvalidPGPKeyDBObjRef;
*psig = kInvalidPGPKeyDBObjRef;
// if no authentication key, just return
if (bLocal)
{
// if no authentication key, just return
if (!pHost->useAuthKeyL)
goto done;
// first get key ref
err = PGPFindKeyByKeyID (keydb, &pHost->authKeyIDL, pkey); CKERR;
// if no IASN, must be PGP key
if (pHost->authCertIASNLengthL == 0)
goto done;
sizeHostIASN = pHost->authCertIASNLengthL;
pHostIASN = pHost->authCertIASNL;
}
else
{
// if no authentication key, just return
if (!pHost->useAuthKeyR)
goto done;
// first get key ref
err = PGPFindKeyByKeyID (keydb, &pHost->authKeyIDR, pkey); CKERR;
// if no IASN, must be PGP key
if (pHost->authCertIASNLengthR == 0)
goto done;
sizeHostIASN = pHost->authCertIASNLengthR;
pHostIASN = pHost->authCertIASNR;
}
if (PGPKeyDBObjRefIsValid (*pkey))
{
err = PGPNewOneKeySet (*pkey, &keysetX509); CKERR;
err = PGPOrderKeySet (keysetX509,
kPGPKeyOrdering_Any, FALSE, &keylist); CKERR;
err = PGPNewKeyIter (keylist, &keyiter); CKERR;
err = PGPKeyIterNextKeyDBObj (keyiter,
kPGPKeyDBObjType_Key, &key); CKERR;
err = PGPKeyIterNextKeyDBObj (keyiter,
kPGPKeyDBObjType_UserID, &userid); CKERR;
while (userid)
{
PGPKeyIterNextKeyDBObj (keyiter,
kPGPKeyDBObjType_Signature, &sig);
while ( PGPKeyDBObjRefIsValid (sig) &&
!PGPKeyDBObjRefIsValid (*psig))
{
sizeIASN = 0;
PGPGetKeyDBObjDataProperty (sig,
kPGPSigProperty_X509IASN, NULL, 0, &sizeIASN);
if (sizeIASN == sizeHostIASN)
{
pIASN = PGPNewData (
PGPPeekContextMemoryMgr (context),
sizeIASN, kPGPMemoryMgrFlags_Clear);
if (pIASN)
{
err = PGPGetKeyDBObjDataProperty (sig,
kPGPSigProperty_X509IASN, pIASN,
sizeIASN, &sizeIASN); CKERR;
if (pgpMemoryEqual (pIASN, pHostIASN, sizeIASN))
*psig = sig;
PGPFreeData (pIASN);
pIASN = NULL;
}
}
PGPKeyIterNextKeyDBObj (keyiter,
kPGPKeyDBObjType_Signature, &sig);
}
PGPKeyIterNextKeyDBObj (keyiter,
kPGPKeyDBObjType_UserID, &userid);
}
if (!PGPKeyDBObjRefIsValid (*psig))
err = kPGPError_ItemNotFound;
}
done :
if (pIASN != NULL)
PGPFreeData (pIASN);
if (PGPKeySetRefIsValid (keysetX509))
PGPFreeKeySet (keysetX509);
if (PGPKeyIterRefIsValid (keyiter))
PGPFreeKeyIter (keyiter);
if (PGPKeyListRefIsValid (keylist))
PGPFreeKeyList (keylist);
return err;
}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -