Import initial strongswan 2.7.0 version into SVN.

6 files changed, 383 insertions, 0 deletions

diff --git a/lib/libipsecpolicy/.cvsignore b/lib/libipsecpolicy/.cvsignore
new file mode 100644
index 000000000..17435c875
--- /dev/null
+++ b/lib/libipsecpolicy/.cvsignore
@@ -0,0 +1 @@
+version.c
diff --git a/lib/libipsecpolicy/Makefile b/lib/libipsecpolicy/Makefile
new file mode 100644
index 000000000..a23fa5d04
--- /dev/null
+++ b/lib/libipsecpolicy/Makefile
@@ -0,0 +1,96 @@
+# FreeS/WAN library
+# Copyright (C) 2003	Michael Richardson	<mcr@freeswan.org>
+# 
+# This program is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by the
+# Free Software Foundation; either version 2 of the License, or (at your
+# option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+# 
+# This program is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+# or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+# for more details.
+#
+# RCSID $Id: Makefile,v 1.1 2004/03/15 20:35:24 as Exp $
+
+
+FREESWANSRCDIR=../..
+
+include ${FREESWANSRCDIR}/Makefile.inc
+include ${FREESWANSRCDIR}/Makefile.ver
+
+
+MANDIR=$(MANTREE)/man3
+
+SRCS=policyquery.c cgipolicy.c
+
+OBJS=${SRCS:.c=.o} version.o
+
+KLIPSD=${FREESWANSRCDIR}/linux/include
+
+LIB=libipsecpolicy.a
+# Original flags
+CFLAGS=-I. -I${KLIPSD} -I${FREESWANSRCDIR} $(USERCOMPILE)
+CFLAGS+= -Wall
+CFLAGS+= -Wpointer-arith
+CFLAGS+= -Wcast-qual
+CFLAGS+= -Wstrict-prototypes
+CFLAGS+= -Wbad-function-cast 
+
+MANS=
+
+.PHONY:	all install clean l t lt tar check depend checkprograms
+
+all:	$(LIB) 
+programs: $(LIB)
+
+install:
+	@mkdir -p $(MANDIR)
+	@for f in $(MANS) ; \
+	do \
+		$(INSTALL) $(INSTMANFLAGS) $(SRCDIR)/$$f $(MANDIR)/ipsec_$$f || exit 1 ; \
+	done
+	@$(FREESWANSRCDIR)/packaging/utils/manlink $(foreach man, $(MANS), ${SRCDIR}/$(man)) | \
+	while read from to; \
+	do \
+		ln -s -f ipsec_$$from $(MANDIR)/$$to; \
+	done
+
+
+install_file_list:
+	@for f in $(MANS) ; \
+	do \
+		echo $(MANDIR)/ipsec_$$f;\
+	done;
+	@$(FREESWANSRCDIR)/packaging/utils/manlink $(foreach man, $(MANS), ${SRCDIR}/$(man)) | \
+	while read from to; \
+	do \
+		echo $(MANDIR)/$$to; \
+	done
+
+$(LIB):	$(OBJS)
+	$(AR) $(ARFLAGS) $(LIB) $(OBJS)
+
+$(OBJS):	$(HDRS)
+
+# build version.c using version number from Makefile.ver
+version.c:	version.in.c ${FREESWANSRCDIR}/Makefile.ver
+	sed '/"/s/xxx/$(IPSECVERSION)/' version.in.c >$@
+
+clean:
+	rm -f $(LIB) *.o try* core *.core $(EXTHDRS) $(EXTLIBS) version.c
+
+
+tar:	clean
+	tar -cvf /tmp/lib.tar Makefile [a-z]*
+
+check:
+	echo no checks in lib right now.
+
+depend:
+	makedepend -Y -- $(CFLAGS) -- $(SRCS)
+
+checkprograms:
+
+# DO NOT DELETE
+
diff --git a/lib/libipsecpolicy/cgipolicy.c b/lib/libipsecpolicy/cgipolicy.c
new file mode 100644
index 000000000..d28243e85
--- /dev/null
+++ b/lib/libipsecpolicy/cgipolicy.c
@@ -0,0 +1,77 @@
+/* routines that interface with pluto to get policy information
+ * Copyright (C) 2003       Michael Richardson <mcr@freeswan.org>
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ *
+ * RCSID $Id: cgipolicy.c,v 1.1 2004/03/15 20:35:24 as Exp $
+ */
+
+#include <stddef.h>
+#include <string.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <errno.h>
+#include <wait.h>
+#include <unistd.h>
+#include <fcntl.h>
+
+#include <sys/socket.h>
+#include <sys/un.h>
+#include <netinet/in.h>
+#include <arpa/inet.h>
+
+#include <freeswan.h>
+#include <freeswan/ipsec_policy.h>
+
+#include "libipsecpolicy.h"
+
+/*
+ * this version is appropriate for when one is called from a perl CGI,
+ * running under Apache. It extracts the appropriate things out of standard 
+ * CGI environment variables, namely: 
+ *   $SERVER_ADDR  us
+ *   $REMOTE_ADDR  them
+ */
+
+err_t ipsec_policy_cgilookup(struct ipsec_policy_cmd_query *result)
+{
+  err_t ret;
+  char *us, *them;
+
+  /* clear it all out */
+  memset(result, 0, sizeof(*result));
+
+  /* setup it up */
+  result->head.ipm_version = IPSEC_POLICY_MSG_REVISION;
+  result->head.ipm_msg_len = sizeof(*result);
+  result->head.ipm_msg_type = IPSEC_CMD_QUERY_HOSTPAIR;
+  result->head.ipm_msg_seq = ipsec_policy_seq();
+
+
+  us   = getenv("SERVER_ADDR");
+  them = getenv("REMOTE_ADDR");
+  if(!us || !them) {
+    return "$SERVER_ADDR and $REMOTE_ADDR must be set";
+  }
+
+  ret = ttoaddr(us, 0, AF_INET, &result->query_local);
+  if(ret != NULL) {
+    return ret;
+  }
+
+  ret = ttoaddr(them, 0, AF_INET, &result->query_remote);
+  if(ret != NULL) {
+    return ret;
+  }
+  
+  return ipsec_policy_sendrecv((unsigned char *)result, sizeof(*result));
+}
+
diff --git a/lib/libipsecpolicy/libipsecpolicy.h b/lib/libipsecpolicy/libipsecpolicy.h
new file mode 100644
index 000000000..2c4ebdc0c
--- /dev/null
+++ b/lib/libipsecpolicy/libipsecpolicy.h
@@ -0,0 +1,4 @@
+
+extern u_int32_t ipsec_policy_seq(void);
+
+
diff --git a/lib/libipsecpolicy/policyquery.c b/lib/libipsecpolicy/policyquery.c
new file mode 100644
index 000000000..6555bdc08
--- /dev/null
+++ b/lib/libipsecpolicy/policyquery.c
@@ -0,0 +1,167 @@
+/* routines that interface with pluto to get policy information
+ * Copyright (C) 2003       Michael Richardson <mcr@freeswan.org>
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ *
+ * RCSID $Id: policyquery.c,v 1.1 2004/03/15 20:35:25 as Exp $
+ */
+
+#include <stddef.h>
+#include <string.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <errno.h>
+#include <wait.h>
+#include <unistd.h>
+#include <fcntl.h>
+
+#include <sys/socket.h>
+#include <sys/un.h>
+#include <netinet/in.h>
+#include <arpa/inet.h>
+
+#include <freeswan.h>
+#include <freeswan/ipsec_policy.h>
+
+#include "libipsecpolicy.h"
+
+static int policy_query_socket = -1;
+static u_int32_t policy_seq = 1;
+
+u_int32_t ipsec_policy_seq(void)
+{
+  return ++policy_seq;
+}
+
+err_t ipsec_policy_init(void)
+{
+  struct sockaddr_un sn;
+
+  if(policy_query_socket != -1) {
+    return NULL;
+  }
+
+  policy_query_socket = socket(PF_UNIX, SOCK_STREAM, 0);
+  if(policy_query_socket == -1) {
+    return "failed to open policy socket";
+  }
+
+  /* now connect it */
+  sn.sun_family = AF_UNIX;
+  strcpy(sn.sun_path, IPSEC_POLICY_SOCKET);
+  
+  if(connect(policy_query_socket, (struct sockaddr *)&sn, sizeof(sn)) != 0) {
+    int saveerrno = errno;
+    close(policy_query_socket);
+    policy_query_socket=-1;
+    errno = saveerrno;
+    return "failed to connect policy socket";
+  }
+
+  /* okay, I think we are done */
+  return NULL;
+}
+
+err_t ipsec_policy_final(void)
+{
+  if(policy_query_socket != -1) {
+    close(policy_query_socket);
+    policy_query_socket = -1;
+  }
+  
+  return NULL;
+}
+
+err_t ipsec_policy_readmsg(int policysock,
+			   unsigned char *buf,
+			   size_t buflen)
+{
+  struct ipsec_policy_msg_head ipmh;
+
+  if(read(policysock, &ipmh, sizeof(ipmh))
+     != sizeof(ipmh)) {
+    return "read failed";
+  }
+
+  /* got the header, sanitize it, and find out how much more to read */
+  switch(ipmh.ipm_version) {
+  case IPSEC_POLICY_MSG_REVISION:
+    break;
+    
+  default:
+    /* XXX go deal with older versions, error for now */
+    fprintf(stderr, "Bad magic header: %u\n", ipmh.ipm_version);
+    return "bad policy msg version magic";
+  }
+
+  if(ipmh.ipm_msg_len > buflen) {
+    return "buffer too small for this message";
+  }
+
+  buflen = ipmh.ipm_msg_len;
+  memcpy(buf, &ipmh, sizeof(ipmh));
+  buf += sizeof(ipmh);
+  buflen -= sizeof(ipmh);
+
+  if(read(policysock, buf, buflen) != buflen) {
+    return "short read from socket";
+  }
+  
+  return NULL;
+}
+
+err_t ipsec_policy_sendrecv(unsigned char *buf,
+			    size_t buflen)
+{
+  err_t ret;
+  ipsec_policy_init();
+
+  if(write(policy_query_socket, buf, buflen)
+     != buflen) {
+    return "write failed";
+  }
+
+  ret = ipsec_policy_readmsg(policy_query_socket,
+			     buf, buflen);
+  
+  ipsec_policy_final();
+  
+  return ret;
+}
+
+
+err_t ipsec_policy_lookup(int fd, struct ipsec_policy_cmd_query *result)
+{
+  int len;
+
+  /* clear it out */
+  memset(result, 0, sizeof(*result));
+
+  /* setup it up */
+  result->head.ipm_version = IPSEC_POLICY_MSG_REVISION;
+  result->head.ipm_msg_len = sizeof(*result);
+  result->head.ipm_msg_type = IPSEC_CMD_QUERY_HOSTPAIR;
+  result->head.ipm_msg_seq = ipsec_policy_seq();
+  
+  /* suck out the data on the sockets */
+  len = sizeof(result->query_local);
+  if(getsockname(fd, (struct sockaddr *)&result->query_local, &len) != 0) {
+    return "getsockname failed";
+  }
+
+  len = sizeof(result->query_remote);
+  if(getpeername(fd, (struct sockaddr *)&result->query_remote, &len) != 0) {
+    return "getpeername failed";
+  }
+
+  return ipsec_policy_sendrecv((unsigned char *)result, sizeof(*result));
+}
+
diff --git a/lib/libipsecpolicy/version.in.c b/lib/libipsecpolicy/version.in.c
new file mode 100644
index 000000000..304c58c0c
--- /dev/null
+++ b/lib/libipsecpolicy/version.in.c
@@ -0,0 +1,38 @@
+/*
+ * libipsecpolicy version information
+ * Copyright (C) 2003   Michael Richardson <mcr@freeswan.org>
+ * 
+ * This library is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Library General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/lgpl.txt>.
+ * 
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Library General Public
+ * License for more details.
+ *
+ * RCSID $Id: version.in.c,v 1.1 2004/03/15 20:35:25 as Exp $
+ */
+
+#define	V	"xxx"		/* substituted in by Makefile */
+static const char ipsecpolicy_number[] = V;
+static const char ipsecpolicy_string[] = "Linux FreeS/WAN policylib " V;
+
+/*
+ - ipsec_version_code - return IPsec version number/code, as string
+ */
+const char *
+ipsec_version_code(void)
+{
+	return ipsecpolicy_number;
+}
+
+/*
+ - ipsec_version_string - return full version string
+ */
+const char *
+ipsec_version_string(void)
+{
+	return ipsecpolicy_string;
+}