GCC Code Coverage Report
Directory: ./ Exec Total Coverage
File: sbin/isakmpd/sysdep/openbsd/sysdep.c Lines: 0 32 0.0 %
Date: 2017-11-13 Branches: 0 17 0.0 %

Line Branch Exec Source
1
/* $OpenBSD: sysdep.c,v 1.36 2014/01/22 03:09:31 deraadt Exp $	 */
2
/* $EOM: sysdep.c,v 1.9 2000/12/04 04:46:35 angelos Exp $	 */
3
4
/*
5
 * Copyright (c) 1998, 1999 Niklas Hallqvist.  All rights reserved.
6
 *
7
 * Redistribution and use in source and binary forms, with or without
8
 * modification, are permitted provided that the following conditions
9
 * are met:
10
 * 1. Redistributions of source code must retain the above copyright
11
 *    notice, this list of conditions and the following disclaimer.
12
 * 2. Redistributions in binary form must reproduce the above copyright
13
 *    notice, this list of conditions and the following disclaimer in the
14
 *    documentation and/or other materials provided with the distribution.
15
 *
16
 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
17
 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
18
 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
19
 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
20
 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
21
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
22
 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
23
 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
24
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
25
 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
26
 */
27
28
/*
29
 * This code was written under funding by Ericsson Radio Systems.
30
 */
31
32
#include <sys/types.h>
33
#include <sys/socket.h>
34
#include <netinet/in.h>
35
#include <arpa/inet.h>
36
#include <stdlib.h>
37
#include <string.h>
38
#include <errno.h>
39
40
#include "app.h"
41
#include "log.h"
42
#include "monitor.h"
43
#include "util.h"
44
45
46
/* Force communication on socket FD to go in the clear.  */
47
int
48
sysdep_cleartext(int fd, int af)
49
{
50
	int level, sw;
51
	struct {
52
		int             ip_proto;	/* IP protocol */
53
		int             auth_level;
54
		int             esp_trans_level;
55
		int             esp_network_level;
56
		int             ipcomp_level;
57
	} optsw[] = {
58
	    {
59
		IPPROTO_IP,
60
		IP_AUTH_LEVEL,
61
		IP_ESP_TRANS_LEVEL,
62
		IP_ESP_NETWORK_LEVEL,
63
#ifdef IP_IPCOMP_LEVEL
64
		IP_IPCOMP_LEVEL
65
#else
66
		0
67
#endif
68
	    }, {
69
		IPPROTO_IPV6,
70
		IPV6_AUTH_LEVEL,
71
		IPV6_ESP_TRANS_LEVEL,
72
		IPV6_ESP_NETWORK_LEVEL,
73
#ifdef IPV6_IPCOMP_LEVEL
74
		IPV6_IPCOMP_LEVEL
75
#else
76
		0
77
#endif
78
	    },
79
	};
80
81
	if (app_none)
82
		return 0;
83
84
	switch (af) {
85
	case AF_INET:
86
		sw = 0;
87
		break;
88
	case AF_INET6:
89
		sw = 1;
90
		break;
91
	default:
92
		log_print("sysdep_cleartext: unsupported protocol family %d", af);
93
		return -1;
94
	}
95
96
	/*
97
         * Need to bypass system security policy, so I can send and
98
         * receive key management datagrams in the clear.
99
         */
100
	level = IPSEC_LEVEL_BYPASS;
101
	if (monitor_setsockopt(fd, optsw[sw].ip_proto, optsw[sw].auth_level,
102
	    (char *) &level, sizeof level) == -1) {
103
		log_error("sysdep_cleartext: "
104
		    "setsockopt (%d, %d, IP_AUTH_LEVEL, ...) failed", fd,
105
		    optsw[sw].ip_proto);
106
		return -1;
107
	}
108
	if (monitor_setsockopt(fd, optsw[sw].ip_proto, optsw[sw].esp_trans_level,
109
	    (char *) &level, sizeof level) == -1) {
110
		log_error("sysdep_cleartext: "
111
		    "setsockopt (%d, %d, IP_ESP_TRANS_LEVEL, ...) failed", fd,
112
		    optsw[sw].ip_proto);
113
		return -1;
114
	}
115
	if (monitor_setsockopt(fd, optsw[sw].ip_proto, optsw[sw].esp_network_level,
116
	    (char *) &level, sizeof level) == -1) {
117
		log_error("sysdep_cleartext: "
118
		    "setsockopt (%d, %d, IP_ESP_NETWORK_LEVEL, ...) failed", fd,
119
		    optsw[sw].ip_proto);
120
		return -1;
121
	}
122
	if (optsw[sw].ipcomp_level &&
123
	    monitor_setsockopt(fd, optsw[sw].ip_proto, optsw[sw].ipcomp_level,
124
	    (char *) &level, sizeof level) == -1 &&
125
	    errno != ENOPROTOOPT) {
126
		log_error("sysdep_cleartext: "
127
		    "setsockopt (%d, %d, IP_IPCOMP_LEVEL, ...) failed,", fd,
128
		    optsw[sw].ip_proto);
129
		return -1;
130
	}
131
	return 0;
132
}