-/* $OpenBSD: ca.c,v 1.98 2024/01/15 15:29:00 tobhe Exp $ */
+/* $OpenBSD: ca.c,v 1.99 2024/01/24 10:09:07 tobhe Exp $ */
/*
* Copyright (c) 2010-2013 Reyk Floeter <reyk@openbsd.org>
int ca_dispatch_parent(int, struct privsep_proc *, struct imsg *);
int ca_dispatch_ikev2(int, struct privsep_proc *, struct imsg *);
int ca_dispatch_control(int, struct privsep_proc *, struct imsg *);
-void ca_store_info(struct iked *, const char *, X509_STORE *);
+void ca_store_info(struct iked *, struct imsg *, const char *, X509_STORE *);
static struct privsep_proc procs[] = {
{ "parent", PROC_PARENT, ca_dispatch_parent },
switch (imsg->hdr.type) {
case IMSG_CTL_SHOW_CERTSTORE:
- ca_store_info(env, "CA", store->ca_cas);
- ca_store_info(env, "CERT", store->ca_certs);
+ ca_store_info(env, imsg, "CA", store->ca_cas);
+ ca_store_info(env, imsg, "CERT", store->ca_certs);
/* Send empty reply to indicate end of information. */
- proc_compose(&env->sc_ps, PROC_CONTROL, IMSG_CTL_SHOW_CERTSTORE,
- NULL, 0);
+ proc_compose_imsg(&env->sc_ps, PROC_CONTROL, -1,
+ IMSG_CTL_SHOW_CERTSTORE, imsg->hdr.peerid,
+ -1, NULL, 0);
break;
default:
return (-1);
}
void
-ca_store_info(struct iked *env, const char *msg, X509_STORE *ctx)
+ca_store_info(struct iked *env, struct imsg *imsg, const char *msg, X509_STORE *ctx)
{
STACK_OF(X509_OBJECT) *h;
X509_OBJECT *xo;
OPENSSL_free(name);
if (buflen == -1)
continue;
- proc_compose(&env->sc_ps, PROC_CONTROL, IMSG_CTL_SHOW_CERTSTORE,
- buf, buflen + 1);
+ proc_compose_imsg(&env->sc_ps, PROC_CONTROL, -1,
+ IMSG_CTL_SHOW_CERTSTORE, imsg->hdr.peerid,
+ -1, buf, buflen + 1);
free(buf);
}
}
-/* $OpenBSD: control.c,v 1.37 2023/03/08 04:43:06 guenther Exp $ */
+/* $OpenBSD: control.c,v 1.38 2024/01/24 10:09:07 tobhe Exp $ */
/*
* Copyright (c) 2010-2013 Reyk Floeter <reyk@openbsd.org>
#define CONTROL_BACKLOG 5
struct ctl_connlist ctl_conns = TAILQ_HEAD_INITIALIZER(ctl_conns);
+uint32_t ctl_peerid;
void
control_accept(int, short, void *);
void control_dispatch_imsg(int, short, void *);
void control_dispatch_parent(int, short, void *);
void control_imsg_forward(struct imsg *);
+void control_imsg_forward_peerid(struct imsg *);
void control_run(struct privsep *, struct privsep_proc *, void *);
int control_dispatch_ikev2(int, struct privsep_proc *, struct imsg *);
int control_dispatch_ca(int, struct privsep_proc *, struct imsg *);
socklen_t len;
struct sockaddr_un s_un;
struct ctl_conn *c;
+ struct ctl_conn *other;
event_add(&cs->cs_ev, NULL);
if ((event & EV_TIMEOUT))
c->iev.handler, c->iev.data);
event_add(&c->iev.ev, NULL);
+ /* O(n^2), but n is small */
+ c->peerid = ctl_peerid++;
+ TAILQ_FOREACH(other, &ctl_conns, entry)
+ if (c->peerid == other->peerid)
+ c->peerid = ctl_peerid++;
+
TAILQ_INSERT_TAIL(&ctl_conns, c, entry);
}
control_imsg_forward(&imsg);
+ /* record peerid of connection for reply */
+ imsg.hdr.peerid = c->peerid;
+
switch (imsg.hdr.type) {
case IMSG_CTL_NOTIFY:
if (c->flags & CTL_CONN_NOTIFY) {
case IMSG_CTL_SHOW_SA:
case IMSG_CTL_SHOW_STATS:
proc_forward_imsg(&env->sc_ps, &imsg, PROC_IKEV2, -1);
- c->flags |= CTL_CONN_NOTIFY;
break;
case IMSG_CTL_SHOW_CERTSTORE:
proc_forward_imsg(&env->sc_ps, &imsg, PROC_CERT, -1);
- c->flags |= CTL_CONN_NOTIFY;
break;
default:
log_debug("%s: error handling imsg %d",
imsg->hdr.len - IMSG_HEADER_SIZE);
}
+void
+control_imsg_forward_peerid(struct imsg *imsg)
+{
+ struct ctl_conn *c;
+
+ TAILQ_FOREACH(c, &ctl_conns, entry)
+ if (c->peerid == imsg->hdr.peerid)
+ imsg_compose_event(&c->iev, imsg->hdr.type,
+ 0, imsg->hdr.pid, -1, imsg->data,
+ imsg->hdr.len - IMSG_HEADER_SIZE);
+}
+
int
control_dispatch_ikev2(int fd, struct privsep_proc *p, struct imsg *imsg)
{
switch (imsg->hdr.type) {
case IMSG_CTL_SHOW_SA:
case IMSG_CTL_SHOW_STATS:
- control_imsg_forward(imsg);
+ control_imsg_forward_peerid(imsg);
return (0);
default:
break;
{
switch (imsg->hdr.type) {
case IMSG_CTL_SHOW_CERTSTORE:
- control_imsg_forward(imsg);
+ control_imsg_forward_peerid(imsg);
return (0);
default:
break;
-/* $OpenBSD: ikev2.c,v 1.382 2024/01/15 21:37:58 jan Exp $ */
+/* $OpenBSD: ikev2.c,v 1.383 2024/01/24 10:09:07 tobhe Exp $ */
/*
* Copyright (c) 2019 Tobias Heider <tobias.heider@stusta.de>
#include "chap_ms.h"
#include "version.h"
-void ikev2_info(struct iked *, int);
-void ikev2_info_sa(struct iked *, int, const char *, struct iked_sa *);
-void ikev2_info_csa(struct iked *, int, const char *, struct iked_childsa *);
-void ikev2_info_flow(struct iked *, int, const char *, struct iked_flow *);
+void ikev2_info(struct iked *, struct imsg *, int);
+void ikev2_info_sa(struct iked *, struct imsg *, int, const char *,
+ struct iked_sa *);
+void ikev2_info_csa(struct iked *, struct imsg *, int, const char *,
+ struct iked_childsa *);
+void ikev2_info_flow(struct iked *, struct imsg *, int, const char *,
+ struct iked_flow *);
void ikev2_log_established(struct iked_sa *);
void ikev2_log_proposal(struct iked_sa *, struct iked_proposals *);
void ikev2_log_cert_info(const char *, struct iked_id *);
struct iked_message *);
void ikev2_ctl_reset_id(struct iked *, struct imsg *, unsigned int);
-void ikev2_ctl_show_sa(struct iked *);
-void ikev2_ctl_show_stats(struct iked *);
+void ikev2_ctl_show_sa(struct iked *, struct imsg *);
+void ikev2_ctl_show_stats(struct iked *, struct imsg *);
static struct privsep_proc procs[] = {
{ "parent", PROC_PARENT, ikev2_dispatch_parent },
ikev2_ctl_reset_id(env, imsg, imsg->hdr.type);
break;
case IMSG_CTL_SHOW_SA:
- ikev2_ctl_show_sa(env);
+ ikev2_ctl_show_sa(env, imsg);
break;
case IMSG_CTL_SHOW_STATS:
- ikev2_ctl_show_stats(env);
+ ikev2_ctl_show_stats(env, imsg);
break;
default:
return (-1);
}
void
-ikev2_ctl_show_sa(struct iked *env)
+ikev2_ctl_show_sa(struct iked *env, struct imsg *imsg)
{
- ikev2_info(env, 0);
+ ikev2_info(env, imsg, 0);
}
void
-ikev2_ctl_show_stats(struct iked *env)
+ikev2_ctl_show_stats(struct iked *env, struct imsg *imsg)
{
- proc_compose(&env->sc_ps, PROC_CONTROL, IMSG_CTL_SHOW_STATS,
+ proc_compose_imsg(&env->sc_ps, PROC_CONTROL, -1,
+ IMSG_CTL_SHOW_STATS, imsg->hdr.peerid, -1,
&env->sc_stats, sizeof(env->sc_stats));
}
}
void
-ikev2_info_sa(struct iked *env, int dolog, const char *msg, struct iked_sa *sa)
+ikev2_info_sa(struct iked *env, struct imsg *imsg, int dolog, const char *msg,
+ struct iked_sa *sa)
{
char idstr[IKED_ID_SIZE];
char *buf;
buf[buflen - 1] = '\0';
log_debug("%s", buf);
} else
- proc_compose(&env->sc_ps, PROC_CONTROL, IMSG_CTL_SHOW_SA,
+ proc_compose_imsg(&env->sc_ps, PROC_CONTROL, -1,
+ IMSG_CTL_SHOW_SA, imsg->hdr.peerid, -1,
buf, buflen + 1);
free(buf);
}
void
-ikev2_info_csa(struct iked *env, int dolog, const char *msg, struct iked_childsa *csa)
+ikev2_info_csa(struct iked *env, struct imsg *imsg, int dolog, const char *msg,
+ struct iked_childsa *csa)
{
char *buf;
int buflen;
buf[buflen - 1] = '\0';
log_debug("%s", buf);
} else
- proc_compose(&env->sc_ps, PROC_CONTROL, IMSG_CTL_SHOW_SA,
+ proc_compose_imsg(&env->sc_ps, PROC_CONTROL, -1,
+ IMSG_CTL_SHOW_SA, imsg->hdr.peerid, -1,
buf, buflen + 1);
free(buf);
}
void
-ikev2_info_flow(struct iked *env, int dolog, const char *msg, struct iked_flow *flow)
+ikev2_info_flow(struct iked *env, struct imsg *imsg, int dolog, const char *msg,
+ struct iked_flow *flow)
{
char prenat_mask[10];
char *buf;
buf[buflen - 1] = '\0';
log_debug("%s", buf);
} else
- proc_compose(&env->sc_ps, PROC_CONTROL, IMSG_CTL_SHOW_SA,
+ proc_compose_imsg(&env->sc_ps, PROC_CONTROL, -1,
+ IMSG_CTL_SHOW_SA, imsg->hdr.peerid, -1,
buf, buflen + 1);
free(buf);
}
void
-ikev2_info(struct iked *env, int dolog)
+ikev2_info(struct iked *env, struct imsg *imsg, int dolog)
{
struct iked_sa *sa;
struct iked_childsa *csa, *ipcomp;
log_debug("%s: called", __func__);
RB_FOREACH(sa, iked_sas, &env->sc_sas) {
- ikev2_info_sa(env, dolog, "iked_sas", sa);
+ ikev2_info_sa(env, imsg, dolog, "iked_sas", sa);
TAILQ_FOREACH(csa, &sa->sa_childsas, csa_entry) {
- ikev2_info_csa(env, dolog, " sa_childsas", csa);
+ ikev2_info_csa(env, imsg, dolog, " sa_childsas", csa);
if ((ipcomp = csa->csa_bundled) != NULL)
- ikev2_info_csa(env, dolog, " ",
+ ikev2_info_csa(env, imsg, dolog, " ",
ipcomp);
}
TAILQ_FOREACH(flow, &sa->sa_flows, flow_entry) {
- ikev2_info_flow(env, dolog, " sa_flows", flow);
+ ikev2_info_flow(env, imsg, dolog, " sa_flows", flow);
}
}
RB_FOREACH(csa, iked_activesas, &env->sc_activesas) {
- ikev2_info_csa(env, dolog, "iked_activesas", csa);
+ ikev2_info_csa(env, imsg, dolog, "iked_activesas", csa);
if ((ipcomp = csa->csa_bundled) != NULL)
- ikev2_info_csa(env, dolog, " ", ipcomp);
+ ikev2_info_csa(env, imsg, dolog, " ", ipcomp);
}
RB_FOREACH(flow, iked_flows, &env->sc_activeflows) {
- ikev2_info_flow(env, dolog, "iked_flows", flow);
+ ikev2_info_flow(env, imsg, dolog, "iked_flows", flow);
}
RB_FOREACH(sa, iked_dstid_sas, &env->sc_dstid_sas) {
- ikev2_info_sa(env, dolog, "iked_dstid_sas", sa);
+ ikev2_info_sa(env, imsg, dolog, "iked_dstid_sas", sa);
}
if (dolog)
return;
/* Send empty reply to indicate end of information. */
- proc_compose(&env->sc_ps, PROC_CONTROL, IMSG_CTL_SHOW_SA, NULL, 0);
+ proc_compose_imsg(&env->sc_ps, PROC_CONTROL, -1, IMSG_CTL_SHOW_SA,
+ imsg->hdr.peerid, -1, NULL, 0);
}
const char *
projects / openbsd / commitdiff