ikeadm.c revision 9c2c14ab194d42014417b385d6bf226ba1a37995
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh * CDDL HEADER START
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh * The contents of this file are subject to the terms of the
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh * Common Development and Distribution License (the "License").
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh * You may not use this file except in compliance with the License.
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh * See the License for the specific language governing permissions
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh * and limitations under the License.
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh * When distributing Covered Code, include this CDDL HEADER in each
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh * If applicable, add the following below this CDDL HEADER, with the
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh * fields enclosed by brackets "[]" replaced with your own identifying
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh * information: Portions Copyright [yyyy] [name of copyright owner]
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh * CDDL HEADER END
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh * Copyright 2008 Sun Microsystems, Inc. All rights reserved.
9aed162131f1840d0bc1cd0275f4d7144f3690f0David Hollister * Use is subject to license terms.
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh * These are additional return values for the command line parsing
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh * function (parsecmd()). They are specific to this utility, but
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh * need to share the same space as the IKE_SVC_* defs, without conflicts.
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh * So they're defined relative to the end of that range.
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dhstatic void
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dhstatic void
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh "ikeadm [ -hnp ] cmd obj [cmd-specific options]\n"));
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dhstatic void
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh "\tget debug|priv|stats|p1|rule|preshared|defaults [%s]\n",
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh (void) printf("\tdel p1|rule|preshared %s\n", gettext("identifier"));
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh (void) printf("\tread rule|preshared [%s]\n", gettext("filename"));
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh (void) printf("\twrite rule|preshared %s\n", gettext("filename"));
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh "\thelp [get|set|add|del|dump|flush|read|write|help]\n");
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh (void) printf("\texit %s\n", gettext("exit the program"));
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh (void) printf("\tquit %s\n", gettext("exit the program"));
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dhstatic void
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh gettext("This command gets information from in.iked.\n\n"));
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh (void) printf(gettext("Objects that may be retrieved include:\n"));
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh (void) printf(gettext("\t\t\t local_ip remote_ip OR\n"));
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh (void) printf(gettext("\t\t\t init_cookie resp_cookie\n"));
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh (void) printf(gettext("a phase 1 rule, identified by its label\n"));
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh (void) printf(gettext("a preshared key, identified by\n"));
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh (void) printf(gettext("\t\t\t local_ip remote_ip OR\n"));
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dhstatic void
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh (void) printf(gettext("This command sets values in in.iked.\n\n"));
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh (void) printf(gettext("Objects that may be set include:\n"));
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh gettext("change the privilege level (may only be lowered)\n"));
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dhstatic void
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh gettext("This command adds items to in.iked's tables.\n\n"));
837c1ac4e72b7d86278cca88b1075af557f7d161Stephen Hanson (void) printf(gettext("Objects that may be set include:\n"));
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh gettext("\nObjects may be entered on the command-line, as a\n"));
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh gettext("series of keywords and tokens contained in curly\n"));
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh gettext("braces ('{', '}'); or the name of a file containing\n"));
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh (void) printf(gettext("the object definition may be provided.\n\n"));
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh gettext("For security purposes, preshared keys may only be\n"));
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh gettext("entered on the command-line if ikeadm is running in\n"));
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dhstatic void
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh gettext("This command deletes an item from in.iked's tables.\n\n"));
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh (void) printf(gettext("Objects that may be deleted include:\n"));
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh (void) printf(gettext("\t\t\t local_ip remote_ip OR\n"));
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh (void) printf(gettext("\t\t\t init_cookie resp_cookie\n"));
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh (void) printf(gettext("a phase 1 rule, identified by its label\n"));
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh (void) printf(gettext("a preshared key, identified by\n"));
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh (void) printf(gettext("\t\t\t local_ip remote_ip OR\n"));
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dhstatic void
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh gettext("This command dumps one of in.iked's tables.\n\n"));
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh (void) printf(gettext("Tables that may be dumped include:\n"));
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dhstatic void
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh gettext("This command clears one of in.iked's tables.\n\n"));
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh (void) printf(gettext("Tables that may be flushed include:\n"));
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dhstatic void
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh gettext("This command reads a new configuration file into\n"));
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh gettext("in.iked, discarding the old configuration info.\n\n"));
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh (void) printf(gettext("Sets of data that may be read include:\n"));
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh gettext("A filename may be provided to specify a source file\n"));
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dhstatic void
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh gettext("This command writes in.iked's current configuration\n"));
c3bc407cfbd238a18e4728ad5f36f39cecdb062fdh (void) printf(gettext("Sets of data that may be written include:\n"));
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh gettext("A filename must be provided to specify the file to\n"));
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh (void) printf(gettext("which the information should be written.\n"));
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dhstatic void
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh gettext("This command provides information about commands.\n\n"));
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh gettext("The 'help' command alone provides a list of valid\n"));
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh gettext("commands, along with the valid objects for each.\n"));
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh gettext("'help' followed by a valid command name provides\n"));
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh (void) printf(gettext("further information about that command.\n"));
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh/*PRINTFLIKE1*/
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dhstatic void
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dhikedoor_call(char *reqp, int size, door_desc_t *descp, int ndesc)
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh if ((ndesc > 0) && (descp->d_attributes & DOOR_RELEASE) &&
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh /* callers assume passed fds will be closed no matter what */
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh /* LINTED E_BAD_PTR_CAST_ALIGN */
c3bc407cfbd238a18e4728ad5f36f39cecdb062fdh * Parsing functions
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh/* stolen from ipseckey.c, with a second tier added */
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh static struct cmdtbl {
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh * Parsing functions:
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh * Parse command-line identification info. All return -1 on failure,
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh * or the number of cmd-line args "consumed" on success (though argc
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh * and argv params are not actually modified).
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh return (-1);
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh if (strlcpy(label, argv[0], MAX_LABEL_LEN) >= MAX_LABEL_LEN)
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh return (-1);
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh return (1);
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh * Parse an address off the command line. In the hpp param, either
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh * return a hostent pointer (caller frees) or a pointer to a dummy_he_t
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh * (must also be freed by the caller; both cases are handled by the
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh * macro FREE_HE). The new getipnodebyname() call does the Right Thing
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh * (TM), even with raw addresses (colon-separated IPv6 or dotted decimal
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh * (mostly stolen from ipseckey.c, though some tweaks were made
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh * to better serve our purposes here.)
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dhtypedef struct {
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh return (-1);
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh * Try name->address first. Assume AF_INET6, and
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh * get IPV4s, plus IPv6s iff IPv6 is configured.
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh hp = getipnodebyname(argv[0], AF_INET6, AI_DEFAULT | AI_ALL,
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh * Try a normal address conversion only. malloc a
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh * dummy_he_t to construct a fake hostent. Caller
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh * will know to free this one using free_he().
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh return (-1);
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh return (1);
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh * Free a dummy_he_t structure that was malloc'd in parse_addr().
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh * Unfortunately, callers of parse_addr don't want to know about
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh * dummy_he_t structs, so all they have is a pointer to the struct
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh * hostent; so that's what's passed in. To manage this, we make
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh * the assumption that the struct hostent is the first field in
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh * the dummy_he_t, and therefore a pointer to it is a pointer to
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh * the dummy_he_t.
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dhstatic void
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh if (p->addtl[0])
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh#define FREE_HE(x) \
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dhstatic void
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dhheaddr2sa(char *hea, struct sockaddr_storage *sa, int len)
c3bc407cfbd238a18e4728ad5f36f39cecdb062fdh /* LINTED E_BAD_PTR_CAST_ALIGN */
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh /* LINTED E_BAD_PTR_CAST_ALIGN */
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh sizeof (struct in6_addr));
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh (void) memcpy(&sin->sin_addr, hea, sizeof (struct in_addr));
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh * The possible ident-type keywords that might be used on the command
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh * line. This is a superset of the ones supported by ipseckey, those
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh * in the ike config file, and those in ike.preshared.
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh /* ip, ipv4, and ipv6 are valid for preshared keys... */
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh return (-1);
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh return (1);
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh return (-1);
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh * The sadb_ident_t is malloc'd, since its length varies;
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh * so the caller must free() it when done with the data.
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh return (-1);
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh alloclen = sizeof (sadb_ident_t) + IKEDOORROUNDUP(strlen(argv[1]) + 1);
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh if ((consumed = parse_idtype(argv[0], &idp->sadb_ident_type)) < 0) {
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh return (-1);
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh /* now copy in identity param */
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh return (++consumed);
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh return (-1);
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh if (errno != 0) {
c3bc407cfbd238a18e4728ad5f36f39cecdb062fdh return (-1);
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh return (1);
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dhparse_addr_pr(int argc, char **argv, struct hostent **h1pp,
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh return (-1);
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh return (-1);
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh * The sadb_ident_ts are malloc'd, since their length varies;
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh * so the caller must free() them when done with the data.
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dhparse_ident_pr(int argc, char **argv, sadb_ident_t **id1pp,
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh return (-1);
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh return (-1);
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh return (-1);
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh return (-1);
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh * Preshared key field types...used for parsing preshared keys that
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh * have been entered on the command line. The code to parse preshared
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh * keys (parse_ps, parse_key, parse_psfldid, parse_ikmtype, ...) is
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh * mostly duplicated from in.iked's readps.c.
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh return (-1);
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh return (1);
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh return (-1);
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh return (-1);
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh return (1);
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh return (-1);
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh#define hd2num(hd) (((hd) >= '0' && (hd) <= '9') ? ((hd) - '0') : \
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh (((hd) >= 'a' && (hd) <= 'f') ? ((hd) - 'a' + 10) : ((hd) - 'A' + 10)))
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh /* Have /nn. */
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh /* hexlen is in nibbles */
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh * Adjust hexlen down if user gave us too small of a bit
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh * Allocate. Remember, hexlen is in nibbles.
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh * Read in nibbles. Read in odd-numbered as shifted high.
c3bc407cfbd238a18e4728ad5f36f39cecdb062fdh * (e.g. 123 becomes 0x1230).
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh break; /* out of for loop. */
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh /* zero the remaining bits if we're a non-octet amount. */
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh * the ike_ps_t struct (plus trailing data) will be allocated here,
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh * so it will need to be freed by the caller.
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dhparse_ps(int argc, char **argv, ike_ps_t **presharedpp, int *len)
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh return (-1);
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh /* no space between '{' and first token */
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh if ((argv[argc - 1][strlen(argv[argc - 1]) - 1] == '}') &&
c3bc407cfbd238a18e4728ad5f36f39cecdb062fdh * whack '}' without a space before it or parsers break.
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh * Remember this trailing character for later
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh while ((c < argc) && (argv[c] != NULL) && (argv[c][0] != '}')) {
1b115575fbf0d7a1e3876e6886eaeffbeb8d2e61John Danielson if ((argv[c + 1] == NULL) || (argv[c + 1][0] == '}'))
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh switch (fldid) {
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh /* Make sure the line was terminated with '}' */
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh * make sure we got all the required fields. If no idtype, assume
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh * ip addr; if that translation fails, we'll catch the error then.
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh if (locid == NULL || remid == NULL || keyp == NULL || mtype == 0)
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh /* figure out the size buffer we need */
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh a_locidtotal = IKEDOORROUNDUP(sizeof (sadb_ident_t) + locidlen);
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh a_remidtotal = IKEDOORROUNDUP(sizeof (sadb_ident_t) + remidlen);
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh * this is an ip address, store in the sockaddr field;
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh * we won't use an sadb_ident_t.
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh "match multiple IP addresses"));
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh headdr2sa(loche->h_addr_list[0], &psp->ps_ipaddrs.loc_addr,
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh psp->ps_remoteid_off = psp->ps_localid_off + a_locidtotal;
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh * this is an ip address, store in the sockaddr field;
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh * we won't use an sadb_ident_t.
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh "match multiple IP addresses"));
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh headdr2sa(remhe->h_addr_list[0], &psp->ps_ipaddrs.rem_addr,
c3bc407cfbd238a18e4728ad5f36f39cecdb062fdh /* make sure we have at least 16-bit alignment */
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh sidp = (sadb_ident_t *)((int)psp + psp->ps_remoteid_off);
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh (void) memcpy((uint8_t *)((int)psp + psp->ps_key_off), keyp, keylen);
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh return (c);
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh return (-1);
c3bc407cfbd238a18e4728ad5f36f39cecdb062fdh * Printing functions
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh * A potential point of confusion here is that the ikeadm-specific string-
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh * producing functions do not match the ipsec_util.c versions in style: the
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh * ikeadm-specific functions return a string (and are named foostr), while
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh * the ipsec_util.c functions actually print the string to the file named
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh * in the second arg to the function (and are named dump_foo).
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh * Localization for ikeadm seems more straightforward when complete
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh * phrases are translated rather than: a part of a phrase, a call to
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh * dump_foo(), and more of the phrase. It could also accommodate
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh * non-English grammar more easily.
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dhstatic char *
c3bc407cfbd238a18e4728ad5f36f39cecdb062fdh switch (err) {
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh return (gettext("Not allowed at current privilege level"));
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh return (gettext("One or more duplicate entries ignored"));
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dhstatic char *
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh switch (bit) {
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dhstatic char *
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh switch (priv) {
6745c559e4b531cf336a91f4653445c32ee46693Jesse Butlerstatic char *
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh switch (xchg) {
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dhstatic char *
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh switch (state) {
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dhstatic char *
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh switch (meth) {
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dhstatic char *
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh switch (prf) {
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh return ("HMAC MD5");
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh return ("HMAC SHA1");
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh return ("HMAC SHA256");
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh return ("HMAC SHA384");
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh return ("HMAC SHA512");
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dhstatic char *
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh switch (grp) {
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh (void) snprintf(rtn, MAXLINESIZE, gettext("<unknown %d>"), grp);
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dhstatic void
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh gettext("%s Cookies: Initiator 0x%llx Responder 0x%llx\n"),
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh (void) printf(gettext("%s The local host is the %s.\n"), prefix,
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh hdrp->p1hdr_isinit ? gettext("initiator") : gettext("responder"));
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh (void) printf(gettext("%s ISAKMP version %d.%d; %s exchange\n"), prefix,
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh hdrp->p1hdr_major, hdrp->p1hdr_minor, xchgstr(hdrp->p1hdr_xchg));
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh (void) printf(gettext("%s Current state is %s\n"), prefix,
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh (void) printf(gettext("%s Dead Peer Detection (RFC 3706)"
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh (void) strlcpy(tbuf, gettext("<time conversion failed>"),
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh (void) printf(gettext("\n%s Dead Peer Detection handshake "), prefix);
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh (void) strlcpy(sbuf, gettext("was successful at "), TBUF_SIZE);
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh (void) strlcpy(sbuf, gettext("is in progress."), TBUF_SIZE);
c3bc407cfbd238a18e4728ad5f36f39cecdb062fdhstatic void
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh (void) printf(gettext("%s %u seconds; %u kbytes protected; "),
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh (void) printf(gettext("%u keymat provided.\n"), xfp->p1xf_max_keyuses);
c3bc407cfbd238a18e4728ad5f36f39cecdb062fdhstatic void
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh if (strftime(tbuf, TBUF_SIZE, NULL, localtime(&scratch)) == 0)
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh (void) strlcpy(tbuf, gettext("<time conversion failed>"),
c3bc407cfbd238a18e4728ad5f36f39cecdb062fdh (void) printf(gettext("%s SA was created at %s\n"), prefix, tbuf);
c3bc407cfbd238a18e4728ad5f36f39cecdb062fdh (void) printf(gettext("%s %u kbytes protected; %u keymat provided.\n"),
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dhstatic void
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dhprint_xform(char *prefix, ike_p1_xform_t *xfp, boolean_t print_lifetimes)
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh (void) printf(gettext("%s Authentication method: %s"), prefix,
c3bc407cfbd238a18e4728ad5f36f39cecdb062fdh (void) printf(gettext("(%d..%d)"), xfp->p1xf_encr_low_bits,
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh * High bits is a placeholder for
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh * negotiated algorithm strength
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh (void) printf(gettext("(%d)"), xfp->p1xf_encr_high_bits);
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh (void) printf(gettext("PRF: %s ; "), prfstr(xfp->p1xf_prf));
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh (void) printf(gettext("%s Phase 2 PFS is not used\n"), prefix);
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh "%s Phase 2 PFS is required (Oakley Group: %s)\n"),
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dhstatic void
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dhprint_lifetime(char *prefix, ike_p1_xform_t *xfp, ike_p1_stats_t *sp,
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh * make sure the stats struct we've been passed is as big
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh * as we expect it to be. The usage stats are at the end,
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh * so anything less than the size we expect won't work.
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh (void) printf(gettext("%s %u more bytes can be protected.\n"),
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh (void) printf(gettext("%s Keying material can be provided "
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh exp = (time_t)sp->p1stat_start + (time_t)xfp->p1xf_max_secs;
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh if (strftime(tbuf, TBUF_SIZE, NULL, localtime(&exp)) == 0)
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh * The SA may have expired but still exist because libike
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh * has not freed it yet.
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh "%s SA expires in %lu seconds, at %s\n"),
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh/* used to verify structure lengths... */
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dhstatic void
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dhprint_p1stats(char *prefix, ike_p1_stats_t *sp, int statlen,
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh (void) printf(gettext("%s %u Quick Mode SAs created; "), prefix,
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dhstatic void
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dhprint_errs(char *prefix, ike_p1_errors_t *errp, int errlen)
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh * Don't try to break this one up; it's either all or nothing!
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh errp->p1err_decrypt + errp->p1err_hash + errp->p1err_otherrx);
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh (void) printf(gettext("%u decryption, %u hash, %u other\n"),
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh errp->p1err_decrypt, errp->p1err_hash, errp->p1err_otherrx);
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh (void) printf(gettext("%s %u TX errors\n"), prefix, errp->p1err_tx);
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dhstatic void
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh (void) printf(gettext("%s invalid address range\n"), prefix);
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh if (IN6_ARE_ADDR_EQUAL(&bsin6->sin6_addr, &esin6->sin6_addr))
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh (void) printf(gettext("%s invalid address range\n"), prefix);
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh (void) dump_sockaddr((struct sockaddr *)beg, 0, B_TRUE, stdout, nflag);
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh (void) dump_sockaddr((struct sockaddr *)end, 0, B_TRUE, stdout,
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh * used to tell printing function if info should be identified
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh * as belonging to initiator, responder, or neither
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dhstatic void
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dhprint_addr(char *prefix, struct sockaddr_storage *sa, int init_instr)
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh (void) dump_sockaddr((struct sockaddr *)sa, 0, B_FALSE, stdout, nflag);
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dhstatic void
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh (void) printf(gettext("%s Initiator identity, "), prefix);
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh (void) printf(gettext("%s Responder identity, "), prefix);
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh (void) printf(gettext("uid=%d, type "), idp->sadb_ident_id);
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh canprint = dump_sadb_idtype(idp->sadb_ident_type, stdout, NULL);
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh SADB_64TO8(idp->sadb_ident_len) - sizeof (sadb_ident_t));
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dhstatic void
c3bc407cfbd238a18e4728ad5f36f39cecdb062fdh (void) printf(gettext("%s Identity descriptors:\n"), prefix);
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh for (i = 0; i < icnt; i++) {
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh if (i == 0)
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh for (i = 0; i < ecnt; i++) {
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh if (i == 0)
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dhstatic void
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh switch (p->p1key_type) {
601c90f161ff0319c1b4a2c3362b466043a65d8dSrikanth, Ramana gettext("%s Initialization vector (%d bytes): "),
601c90f161ff0319c1b4a2c3362b466043a65d8dSrikanth, Ramana (void) dump_key((uint8_t *)(p + 1), SADB_8TO1(len),
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dhstatic void
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh * the stat len might be 0; but still make the call
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh * to print_lifetime() to pick up the xform info
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh print_lifetime("LIFTM:", &p1->p1sa_xform, sp, p1->p1sa_stat_len);
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh ep = (ike_p1_errors_t *)((int)(p1) + p1->p1sa_error_off);
c3bc407cfbd238a18e4728ad5f36f39cecdb062fdh lidp = (sadb_ident_t *)((int)(p1) + p1->p1sa_localid_off);
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh ridp = (sadb_ident_t *)((int)(p1) + p1->p1sa_remoteid_off);
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dhstatic void
5c45adf04db8ffdcb5dd969bb5203ff9b17677dbJesse Butler keyp = (uint8_t *)((int)(ps) + ps->ps_key_off);
5c45adf04db8ffdcb5dd969bb5203ff9b17677dbJesse Butler (void) printf(gettext("PSKEY: Pre-shared key (%d bytes): "),
5c45adf04db8ffdcb5dd969bb5203ff9b17677dbJesse Butler (void) dump_key(keyp, ps->ps_key_bits, stdout);
5c45adf04db8ffdcb5dd969bb5203ff9b17677dbJesse Butler * We get *either* and address or an ident, never both. So if
5c45adf04db8ffdcb5dd969bb5203ff9b17677dbJesse Butler * the ident is there, don't try printing an address.
5c45adf04db8ffdcb5dd969bb5203ff9b17677dbJesse Butler print_addr("LOCIP:", &ps->ps_ipaddrs.loc_addr, DONT_PRINT_INIT);
5c45adf04db8ffdcb5dd969bb5203ff9b17677dbJesse Butler print_addr("REMIP:", &ps->ps_ipaddrs.rem_addr, DONT_PRINT_INIT);
5c45adf04db8ffdcb5dd969bb5203ff9b17677dbJesse Butler (void) printf(gettext("GLOBL: Label '%s', key manager cookie %u\n"),
5c45adf04db8ffdcb5dd969bb5203ff9b17677dbJesse Butler (void) printf(gettext("GLOBL: local_idtype="));
5c45adf04db8ffdcb5dd969bb5203ff9b17677dbJesse Butler (void) dump_sadb_idtype(rp->rule_local_idtype, stdout, NULL);
5c45adf04db8ffdcb5dd969bb5203ff9b17677dbJesse Butler (void) printf(gettext(", ike_mode=%s\n"), xchgstr(rp->rule_ike_mode));
5c45adf04db8ffdcb5dd969bb5203ff9b17677dbJesse Butler "GLOBL: p1_nonce_len=%u, p2_nonce_len=%u, p2_pfs=%s (group %u)\n"),
5c45adf04db8ffdcb5dd969bb5203ff9b17677dbJesse Butler (rp->rule_p2_pfs) ? gettext("true") : gettext("false"),
5c45adf04db8ffdcb5dd969bb5203ff9b17677dbJesse Butler gettext("GLOBL: p2_lifetime=%u seconds, p2_softlife=%u seconds\n"),
5c45adf04db8ffdcb5dd969bb5203ff9b17677dbJesse Butler rp->rule_p2_lifetime_secs, rp->rule_p2_softlife_secs);
5c45adf04db8ffdcb5dd969bb5203ff9b17677dbJesse Butler " p2_softlife_kb=%u seconds\n"),
5c45adf04db8ffdcb5dd969bb5203ff9b17677dbJesse Butler rp->rule_p2_lifetime_kb, rp->rule_p2_softlife_kb);
5c45adf04db8ffdcb5dd969bb5203ff9b17677dbJesse Butler (void) printf(gettext("LOCIP: IP address range(s):\n"));
5c45adf04db8ffdcb5dd969bb5203ff9b17677dbJesse Butler lipp = (ike_addr_pr_t *)((int)rp + rp->rule_locip_off);
5c45adf04db8ffdcb5dd969bb5203ff9b17677dbJesse Butler for (i = 0; i < rp->rule_locip_cnt; i++, lipp++) {
601c90f161ff0319c1b4a2c3362b466043a65d8dSrikanth, Ramana if (rp->rule_locid_inclcnt + rp->rule_locid_exclcnt > 0) {
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh if (rp->rule_remid_inclcnt + rp->rule_remid_exclcnt > 0) {
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh (void) printf(gettext("XFRMS: Available Transforms:\n"));
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh (void) printf(gettext("initiator: %10u responder: %10u\n"), \
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dhstatic void
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh * before printing each line, make sure the structure we were
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh * given is big enough to include the fields needed.
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh PRSACNTS(sp->st_init_p1_current, sp->st_resp_p1_current);
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh PRSACNTS(sp->st_init_p1_attempts, sp->st_resp_p1_attempts);
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh PRSACNTS(sp->st_init_p1_noresp + sp->st_init_p1_respfail,
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh (void) printf(gettext("PKCS#11 library linked in from %s\n"),
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dhstatic void
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dhprint_defaults(char *label, char *description, char *unit, boolean_t kbytes,
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh (current != def) ? gettext("config") : gettext("default"),
c3bc407cfbd238a18e4728ad5f36f39cecdb062fdh * Print out defaults used by in.iked, the argument is a buffer containing
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh * two ike_defaults_t's, the first contains the hard coded defaults, the second
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh * contains the actual values used. If these differ, then the defaults have been
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh * changed via a config file entry. Note that "-" indicates this default
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh * is not tunable.
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dhstatic void
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh (void) printf(gettext("\nGlobal defaults. Some values can be"
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh " over-ridden on a per rule basis.\n\n"));
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh gettext("Token:"), gettext("Source:"), gettext("Value:"),
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh print_defaults("p1_lifetime_secs", gettext("phase 1 lifetime"),
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh print_defaults("p1_nonce_len", gettext("phase 1 nonce length"),
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh print_defaults("p2_lifetime_secs", gettext("phase 2 lifetime"),
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh print_defaults("p2_softlife_secs", gettext("phase 2 soft lifetime"),
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh print_defaults("p2_idletime_secs", gettext("phase 2 idle time"),
601c90f161ff0319c1b4a2c3362b466043a65d8dSrikanth, Ramana print_defaults("-", gettext("system phase 2 lifetime"),
601c90f161ff0319c1b4a2c3362b466043a65d8dSrikanth, Ramana gettext("seconds"), B_FALSE, ddp->sys_p2_lifetime_secs,
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh print_defaults("-", gettext("system phase 2 soft lifetime"),
601c90f161ff0319c1b4a2c3362b466043a65d8dSrikanth, Ramana gettext("seconds"), B_FALSE, ddp->sys_p2_softlife_secs,
601c90f161ff0319c1b4a2c3362b466043a65d8dSrikanth, Ramana print_defaults("-", gettext("system phase 2 idle time"),
601c90f161ff0319c1b4a2c3362b466043a65d8dSrikanth, Ramana gettext("seconds"), B_FALSE, ddp->sys_p2_idletime_secs,
601c90f161ff0319c1b4a2c3362b466043a65d8dSrikanth, Ramana print_defaults("p2_lifetime_kb", gettext("phase 2 lifetime"),
601c90f161ff0319c1b4a2c3362b466043a65d8dSrikanth, Ramana gettext("bytes"), B_TRUE, ddp->rule_p2_lifetime_kb,
601c90f161ff0319c1b4a2c3362b466043a65d8dSrikanth, Ramana print_defaults("p2_softlife_kb", gettext("phase 2 soft lifetime"),
601c90f161ff0319c1b4a2c3362b466043a65d8dSrikanth, Ramana gettext("bytes"), B_TRUE, ddp->rule_p2_softlife_kb,
601c90f161ff0319c1b4a2c3362b466043a65d8dSrikanth, Ramana print_defaults("-", gettext("system phase 2 lifetime"),
601c90f161ff0319c1b4a2c3362b466043a65d8dSrikanth, Ramana gettext("bytes"), B_FALSE, ddp->sys_p2_lifetime_bytes,
601c90f161ff0319c1b4a2c3362b466043a65d8dSrikanth, Ramana print_defaults("-", gettext("system phase 2 soft lifetime"),
601c90f161ff0319c1b4a2c3362b466043a65d8dSrikanth, Ramana gettext("bytes"), B_FALSE, ddp->sys_p2_softlife_bytes,
601c90f161ff0319c1b4a2c3362b466043a65d8dSrikanth, Ramana print_defaults("-", gettext("minimum phase 2 lifetime"),
601c90f161ff0319c1b4a2c3362b466043a65d8dSrikanth, Ramana gettext("seconds"), B_FALSE, ddp->rule_p2_minlife,
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh print_defaults("p2_nonce_len", gettext("phase 2 nonce length"),
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh print_defaults("-", gettext("minimum phase 2 soft delta"),
5c45adf04db8ffdcb5dd969bb5203ff9b17677dbJesse Butler print_defaults("max_certs", gettext("max certificates"),
5c45adf04db8ffdcb5dd969bb5203ff9b17677dbJesse Butler " ", B_FALSE, ddp->rule_max_certs, dp->rule_max_certs);
5c45adf04db8ffdcb5dd969bb5203ff9b17677dbJesse Butler print_defaults("-", gettext("IKE port number"),
5c45adf04db8ffdcb5dd969bb5203ff9b17677dbJesse Butler " ", B_FALSE, ddp->rule_ike_port, dp->rule_ike_port);
5c45adf04db8ffdcb5dd969bb5203ff9b17677dbJesse Butler print_defaults("-", gettext("NAT-T port number"),
5c45adf04db8ffdcb5dd969bb5203ff9b17677dbJesse Butler " ", B_FALSE, ddp->rule_natt_port, dp->rule_natt_port);
9aed162131f1840d0bc1cd0275f4d7144f3690f0David Hollister (void) printf(gettext("No debug categories enabled.\n"));
9aed162131f1840d0bc1cd0275f4d7144f3690f0David Hollister (void) printf(gettext("Debug categories enabled:"));
9aed162131f1840d0bc1cd0275f4d7144f3690f0David Hollister for (mask = 1; mask <= D_HIGHBIT; mask <<= 1) {
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh/*PRINTFLIKE2*/
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dhstatic void
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh if ((err != NULL) && (err->ike_err == IKE_ERR_SYS_ERR)) {
5c45adf04db8ffdcb5dd969bb5203ff9b17677dbJesse Butler bail_msg("%s: %s", bailbuf, (err->ike_err_unix == 0) ?
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh gettext("<unknown error>") : strerror(err->ike_err_unix));
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh/*PRINTFLIKE2*/
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dhstatic void
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh if ((err != NULL) && (err->ike_err == IKE_ERR_SYS_ERR)) {
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh * Command functions
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh * Exploit the fact that ike_dbg_t and ike_priv_t have identical
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh * formats in the following two functions.
c3bc407cfbd238a18e4728ad5f36f39cecdb062fdhstatic void
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh switch (cmd) {
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh rtn = ikedoor_call((char *)&req, sizeof (ike_dbg_t), NULL, 0);
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh if ((rtn == NULL) || (rtn->svc_err.cmd == IKE_SVC_ERROR)) {
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dhstatic void
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh switch (cmd) {
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh if (reqlevel == 0) {
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh /* check for a string... */
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh if (reqlevel == 0) {
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh /* check for a string... */
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh rtn = ikedoor_call((char *)&req, sizeof (ike_dbg_t), descp, ndesc);
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh if ((rtn == NULL) || (rtn->svc_err.cmd == IKE_SVC_ERROR)) {
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh gettext("Successfully changed %s level from 0x%x to 0x%x\n"),
c3bc407cfbd238a18e4728ad5f36f39cecdb062fdh (void) printf(gettext("New privilege level 0x%x enables %s\n"),
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dhstatic void
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh rtn = ikedoor_call((char *)&sreq, sizeof (ike_statreq_t), NULL, 0);
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh if ((rtn == NULL) || (rtn->svc_err.cmd == IKE_SVC_ERROR)) {
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh ikeadm_err_exit(&rtn->svc_err, gettext("error getting stats"));
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dhstatic void
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh rtn = ikedoor_call((char *)&dreq, sizeof (ike_defreq_t), NULL, 0);
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh if ((rtn == NULL) || (rtn->svc_err.cmd == IKE_SVC_ERROR)) {
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh * Before printing each line, make sure the structure we were
c3bc407cfbd238a18e4728ad5f36f39cecdb062fdh * given is big enough to include the fields needed.
c3bc407cfbd238a18e4728ad5f36f39cecdb062fdh * Silently bail out of there is a version mismatch.
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dhstatic void
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh switch (cmd) {
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh bail_msg(gettext("unrecognized dump command (%d)"), cmd);
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh if ((rtn == NULL) || (rtn->svc_err.cmd == IKE_SVC_ERROR)) {
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh /* no entries to print */
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh switch (cmd) {
c3bc407cfbd238a18e4728ad5f36f39cecdb062fdh (void) printf(gettext("\nCompleted dump of %s\n"), name);
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dhstatic void
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dhdo_getdel_doorcall(int cmd, int idlen, int idtype, char *idp, char *name)
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh getcmd = ((cmd == IKE_SVC_GET_P1) || (cmd == IKE_SVC_GET_RULE) ||
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh * WARNING: to avoid being redundant, this code takes advantage
c3bc407cfbd238a18e4728ad5f36f39cecdb062fdh * of the fact that the ike_get_t and ike_del_t structures are
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh * identical (only the field names differ, their function and
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh * size are the same). If for some reason those structures
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh * change, this code will need to be re-written to accomodate
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh * that difference.
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh if ((rtnp == NULL) || (rtnp->svc_err.cmd == IKE_SVC_ERROR)) {
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh switch (cmd) {
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh message(gettext("Successfully deleted selected %s."), name);
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dhstatic void
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh switch (cmd) {
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh * The first token must either be an address (or hostname)
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh * or a cookie. We require cookies to be entered as hex
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh * numbers, beginning with 0x; so if our token starts with
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh * that, it's a cookie.
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh * The first token must either be an address or an ident
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh * type. Check for an ident type to determine which it is.
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh bail_msg(gettext("unrecognized get/del command (%d)"), cmd);
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh switch (idtype) {
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh * we might have exploding addrs here; do every possible
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh * combination.
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh * Copy source into target, inserting an escape character ('\') before
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh * any quotes that appear. Return true on success, false on failure.
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh * Return true if the arg following the given keyword should
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh * be in quotes (i.e. is a string), false if not.
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh if ((strncmp(keywd, "label", strlen("label") + 1) == 0) ||
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh (strncmp(keywd, "local_id", strlen("local_id") + 1) == 0) ||
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh (strncmp(keywd, "remote_id", strlen("remote_id") + 1) == 0))
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dhstatic void
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh switch (cmd) {
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh /* We've been given a file to read from */
5c45adf04db8ffdcb5dd969bb5203ff9b17677dbJesse Butler } else if ((argc > 1) && (cmd == IKE_SVC_NEW_PS)) {
5c45adf04db8ffdcb5dd969bb5203ff9b17677dbJesse Butler * This is an alternative to using the tmpfile method
5c45adf04db8ffdcb5dd969bb5203ff9b17677dbJesse Butler * for preshared keys. It means we're duplicating the
5c45adf04db8ffdcb5dd969bb5203ff9b17677dbJesse Butler * parsing effort that happens in readps.c; but it
5c45adf04db8ffdcb5dd969bb5203ff9b17677dbJesse Butler * does avoid having the key sitting in a file.
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh * must be in interactive mode; don't want keys in
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh * the process args.
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh /* parse_ps allocated the ike_ps_t buffer; free it now */
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh * We've been given the item in argv. However, parsing
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh * rules can get more than a little messy, and in.iked
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh * already has a great parser for this stuff! So don't
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh * fool around with trying to do the parsing here. Just
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh * write it out to a tempfile, and send the fd to in.iked.
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh * We could conceivably do this for preshared keys,
c3bc407cfbd238a18e4728ad5f36f39cecdb062fdh * rather than duplicating the parsing effort; but that
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh * would mean the key would be written out to a file,
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh * which isn't such a good idea.
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh /* attempt to use a fairly unpredictable file name... */
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh (void) sprintf(tmpfilepath, "/var/run/%x", (int)gethrtime());
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh /* and make it inaccessible asap */
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh for (i = 0; i < argc; i++) {
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh * We have to do some gyrations with our string here,
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh * to properly handle quotes. There are two issues:
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh * - some of the fields of a rule may have embedded
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh * whitespace, and thus must be quoted on the cmd
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh * line. The shell removes the quotes, and gives
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh * us a single argv string; but we need to put the
c3bc407cfbd238a18e4728ad5f36f39cecdb062fdh * quotes back in when we write the string out to
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh * file. The doquotes boolean is set when we
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh * process a keyword which will be followed by a
b18a19c275d2531444fcd2f66664cbe3c6897f6aJesse Butler * string value (so the NEXT argv element will be
c3bc407cfbd238a18e4728ad5f36f39cecdb062fdh * quoted).
b18a19c275d2531444fcd2f66664cbe3c6897f6aJesse Butler * - there might be a quote character in a field,
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh * that was escaped on the cmdline. The shell
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh * removes the escape char, and leaves the quote
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh * in the string it gives us. We need to put the
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh * escape char back in before writing to file.
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh * check if this is a keyword identifying
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh * a field that needs to be quoted.
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh /* rewind so that the daemon will get the beginning */
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh /* not enough information! */
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh bail_msg(gettext("missing %s description or file name"), name);
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh if ((rtn == NULL) || (rtn->svc_err.cmd == IKE_SVC_ERROR)) {
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dhstatic void
c3bc407cfbd238a18e4728ad5f36f39cecdb062fdh bail_msg(gettext("unrecognized flush command (%d)."), cmd);
c3bc407cfbd238a18e4728ad5f36f39cecdb062fdh rtnp = ikedoor_call((char *)&flush, sizeof (ike_flush_t), NULL, 0);
c3bc407cfbd238a18e4728ad5f36f39cecdb062fdh if ((rtnp == NULL) || (rtnp->svc_err.cmd == IKE_SVC_ERROR)) {
c3bc407cfbd238a18e4728ad5f36f39cecdb062fdh ikeadm_err_exit(&rtnp->svc_err, gettext("error doing flush"));
c3bc407cfbd238a18e4728ad5f36f39cecdb062fdhstatic void
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh switch (cmd) {
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh /* FALLTHRU */
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh /* FALLTHRU */
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh /* for write commands, dest location must be specified */
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh bail_msg(gettext("unrecognized read/write command (%d)."), cmd);
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh rtnp = ikedoor_call((char *)&rw, sizeof (ike_rw_t), descp, ndesc);
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh if ((rtnp == NULL) || (rtnp->svc_err.cmd == IKE_SVC_ERROR)) {
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh * Need to remove the target file in the
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh * case of a failed write command.
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh * argv[0] must be valid if we're writing; we
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh * exit before setting this boolean if not.
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh ikeadm_err_exit(&rtnp->svc_err, gettext("error doing %s"), op);
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh message(gettext("Completed %s of %s configuration information."),
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dhstatic void
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh rtnp = ikedoor_call((char *)&req, sizeof (ike_cmd_t), NULL, 0);
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh if ((rtnp == NULL) || (rtnp->svc_err.cmd == IKE_SVC_ERROR)) {
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh ikeadm_err_exit(&rtnp->svc_err, gettext("error doing flush"));
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh message(gettext("Successfully dumped rulebase; check iked dbg"));
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh/*ARGSUSED*/
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dhstatic void
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dhparseit(int argc, char **argv, char *notused, boolean_t notused_either)
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh /* skip over args specifying command/object */
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh switch (cmd) {
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh#if !defined(TEXT_DOMAIN)
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh switch (ch) {
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh return (0);
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh if (open_door() < 0) {
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh /* no cmd-line args, do interactive mode */
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh return (0);