diff options
| author | Andreas Steffen <andreas.steffen@strongswan.org> | 2009-04-19 19:22:31 +0000 |
|---|---|---|
| committer | Andreas Steffen <andreas.steffen@strongswan.org> | 2009-04-19 19:22:31 +0000 |
| commit | 9d53cc5d4366a0d1ac3f4a906920fe66751e813d (patch) | |
| tree | d11cce3f023dea9107697fe797c04d58c14836f8 /src/starter | |
| parent | 3d7a244b5470e104539580c7bc489d7b581430eb (diff) | |
| download | strongswan-9d53cc5d4366a0d1ac3f4a906920fe66751e813d.tar.bz2 strongswan-9d53cc5d4366a0d1ac3f4a906920fe66751e813d.tar.xz | |
already had the correct formatting
Diffstat (limited to 'src/starter')
| -rw-r--r-- | src/starter/confread.c | 1724 |
1 files changed, 862 insertions, 862 deletions
diff --git a/src/starter/confread.c b/src/starter/confread.c index 58223dadf..cc7138a99 100644 --- a/src/starter/confread.c +++ b/src/starter/confread.c @@ -32,7 +32,7 @@ #include "interfaces.h" /* strings containing a colon are interpreted as an IPv6 address */ -#define ip_version(string) (strchr(string, '.') ? AF_INET : AF_INET6) +#define ip_version(string) (strchr(string, '.') ? AF_INET : AF_INET6) static const char ike_defaults[] = "aes128-sha-modp2048"; static const char esp_defaults[] = "aes128-sha1, 3des-md5"; @@ -41,353 +41,353 @@ static const char firewall_defaults[] = "ipsec _updown iptables"; static void default_values(starter_config_t *cfg) { - if (cfg == NULL) - return; - - memset(cfg, 0, sizeof(struct starter_config)); - - /* is there enough space for all seen flags? */ - assert(KW_SETUP_LAST - KW_SETUP_FIRST < - sizeof(cfg->setup.seen) * BITS_PER_BYTE); - assert(KW_CONN_LAST - KW_CONN_FIRST < - sizeof(cfg->conn_default.seen) * BITS_PER_BYTE); - assert(KW_END_LAST - KW_END_FIRST < - sizeof(cfg->conn_default.right.seen) * BITS_PER_BYTE); - assert(KW_CA_LAST - KW_CA_FIRST < - sizeof(cfg->ca_default.seen) * BITS_PER_BYTE); - - cfg->setup.seen = LEMPTY; - cfg->setup.fragicmp = TRUE; - cfg->setup.hidetos = TRUE; - cfg->setup.uniqueids = TRUE; - cfg->setup.interfaces = new_list("%defaultroute"); + if (cfg == NULL) + return; + + memset(cfg, 0, sizeof(struct starter_config)); + + /* is there enough space for all seen flags? */ + assert(KW_SETUP_LAST - KW_SETUP_FIRST < + sizeof(cfg->setup.seen) * BITS_PER_BYTE); + assert(KW_CONN_LAST - KW_CONN_FIRST < + sizeof(cfg->conn_default.seen) * BITS_PER_BYTE); + assert(KW_END_LAST - KW_END_FIRST < + sizeof(cfg->conn_default.right.seen) * BITS_PER_BYTE); + assert(KW_CA_LAST - KW_CA_FIRST < + sizeof(cfg->ca_default.seen) * BITS_PER_BYTE); + + cfg->setup.seen = LEMPTY; + cfg->setup.fragicmp = TRUE; + cfg->setup.hidetos = TRUE; + cfg->setup.uniqueids = TRUE; + cfg->setup.interfaces = new_list("%defaultroute"); #ifdef START_CHARON - cfg->setup.charonstart = TRUE; + cfg->setup.charonstart = TRUE; #endif #ifdef START_PLUTO - cfg->setup.plutostart = TRUE; + cfg->setup.plutostart = TRUE; #endif - cfg->conn_default.seen = LEMPTY; - cfg->conn_default.startup = STARTUP_NO; - cfg->conn_default.state = STATE_IGNORE; - cfg->conn_default.policy = POLICY_ENCRYPT | POLICY_TUNNEL | POLICY_RSASIG | - POLICY_PFS | POLICY_MOBIKE; - - cfg->conn_default.ike = clone_str(ike_defaults); - cfg->conn_default.esp = clone_str(esp_defaults); - cfg->conn_default.sa_ike_life_seconds = OAKLEY_ISAKMP_SA_LIFETIME_DEFAULT; - cfg->conn_default.sa_ipsec_life_seconds = PLUTO_SA_LIFE_DURATION_DEFAULT; - cfg->conn_default.sa_rekey_margin = SA_REPLACEMENT_MARGIN_DEFAULT; - cfg->conn_default.sa_rekey_fuzz = SA_REPLACEMENT_FUZZ_DEFAULT; - cfg->conn_default.sa_keying_tries = SA_REPLACEMENT_RETRIES_DEFAULT; - cfg->conn_default.addr_family = AF_INET; - cfg->conn_default.tunnel_addr_family = AF_INET; - cfg->conn_default.install_policy = TRUE; - cfg->conn_default.dpd_delay = 30; /* seconds */ - cfg->conn_default.dpd_timeout = 150; /* seconds */ - - cfg->conn_default.left.seen = LEMPTY; - cfg->conn_default.right.seen = LEMPTY; - - cfg->conn_default.left.sendcert = CERT_SEND_IF_ASKED; - cfg->conn_default.right.sendcert = CERT_SEND_IF_ASKED; - - anyaddr(AF_INET, &cfg->conn_default.left.addr); - anyaddr(AF_INET, &cfg->conn_default.left.nexthop); - anyaddr(AF_INET, &cfg->conn_default.right.addr); - anyaddr(AF_INET, &cfg->conn_default.right.nexthop); - - cfg->ca_default.seen = LEMPTY; + cfg->conn_default.seen = LEMPTY; + cfg->conn_default.startup = STARTUP_NO; + cfg->conn_default.state = STATE_IGNORE; + cfg->conn_default.policy = POLICY_ENCRYPT | POLICY_TUNNEL | POLICY_RSASIG | + POLICY_PFS | POLICY_MOBIKE; + + cfg->conn_default.ike = clone_str(ike_defaults); + cfg->conn_default.esp = clone_str(esp_defaults); + cfg->conn_default.sa_ike_life_seconds = OAKLEY_ISAKMP_SA_LIFETIME_DEFAULT; + cfg->conn_default.sa_ipsec_life_seconds = PLUTO_SA_LIFE_DURATION_DEFAULT; + cfg->conn_default.sa_rekey_margin = SA_REPLACEMENT_MARGIN_DEFAULT; + cfg->conn_default.sa_rekey_fuzz = SA_REPLACEMENT_FUZZ_DEFAULT; + cfg->conn_default.sa_keying_tries = SA_REPLACEMENT_RETRIES_DEFAULT; + cfg->conn_default.addr_family = AF_INET; + cfg->conn_default.tunnel_addr_family = AF_INET; + cfg->conn_default.install_policy = TRUE; + cfg->conn_default.dpd_delay = 30; /* seconds */ + cfg->conn_default.dpd_timeout = 150; /* seconds */ + + cfg->conn_default.left.seen = LEMPTY; + cfg->conn_default.right.seen = LEMPTY; + + cfg->conn_default.left.sendcert = CERT_SEND_IF_ASKED; + cfg->conn_default.right.sendcert = CERT_SEND_IF_ASKED; + + anyaddr(AF_INET, &cfg->conn_default.left.addr); + anyaddr(AF_INET, &cfg->conn_default.left.nexthop); + anyaddr(AF_INET, &cfg->conn_default.right.addr); + anyaddr(AF_INET, &cfg->conn_default.right.nexthop); + + cfg->ca_default.seen = LEMPTY; } #define KW_POLICY_FLAG(sy, sn, fl) \ - if (streq(kw->value, sy)) { conn->policy |= fl; } \ - else if (streq(kw->value, sn)) { conn->policy &= ~fl; } \ - else { plog("# bad policy value: %s=%s", kw->entry->name, kw->value); cfg->err++; } + if (streq(kw->value, sy)) { conn->policy |= fl; } \ + else if (streq(kw->value, sn)) { conn->policy &= ~fl; } \ + else { plog("# bad policy value: %s=%s", kw->entry->name, kw->value); cfg->err++; } static void load_setup(starter_config_t *cfg, config_parsed_t *cfgp) { - kw_list_t *kw; - - DBG(DBG_CONTROL, - DBG_log("Loading config setup") - ) + kw_list_t *kw; - for (kw = cfgp->config_setup; kw; kw = kw->next) - { - bool assigned = FALSE; + DBG(DBG_CONTROL, + DBG_log("Loading config setup") + ) - kw_token_t token = kw->entry->token; + for (kw = cfgp->config_setup; kw; kw = kw->next) + { + bool assigned = FALSE; - if (token < KW_SETUP_FIRST || token > KW_SETUP_LAST) - { - plog("# unsupported keyword '%s' in config setup", kw->entry->name); - cfg->err++; - continue; - } + kw_token_t token = kw->entry->token; + + if (token < KW_SETUP_FIRST || token > KW_SETUP_LAST) + { + plog("# unsupported keyword '%s' in config setup", kw->entry->name); + cfg->err++; + continue; + } - if (!assign_arg(token, KW_SETUP_FIRST, kw, (char *)cfg, &assigned)) - { - plog(" bad argument value in config setup"); - cfg->err++; - continue; - } + if (!assign_arg(token, KW_SETUP_FIRST, kw, (char *)cfg, &assigned)) + { + plog(" bad argument value in config setup"); + cfg->err++; + continue; } + } } static void kw_end(starter_conn_t *conn, starter_end_t *end, kw_token_t token - , kw_list_t *kw, char *conn_name, starter_config_t *cfg) + , kw_list_t *kw, char *conn_name, starter_config_t *cfg) { - err_t ugh = NULL; - bool assigned = FALSE; - int has_port_wildcard; /* set if port is %any */ + err_t ugh = NULL; + bool assigned = FALSE; + int has_port_wildcard; /* set if port is %any */ + + char *name = kw->entry->name; + char *value = kw->value; + + if (!assign_arg(token, KW_END_FIRST, kw, (char *)end, &assigned)) + goto err; + + /* post processing of some keywords that were assigned automatically */ + switch (token) + { + case KW_SUBNET: + if ((strlen(value) >= 6 && strncmp(value,"vhost:",6) == 0) + || (strlen(value) >= 5 && strncmp(value,"vnet:",5) == 0)) + { + /* used by pluto only */ + end->has_virt = TRUE; + } + else + { + ip_subnet net; + char *pos; + int len = 0; + + end->has_client = TRUE; + conn->tunnel_addr_family = ip_version(value); + + pos = strchr(value, ','); + if (pos) + { + len = pos - value; + } + ugh = ttosubnet(value, len, ip_version(value), &net); + if (ugh != NULL) + { + plog("# bad subnet: %s=%s [%s]", name, value, ugh); + goto err; + } + } + break; + case KW_SOURCEIP: + if (end->has_natip) + { + plog("# natip and sourceip cannot be defined at the same time"); + goto err; + } + if (streq(value, "%modeconfig") || streq(value, "%modecfg") || + streq(value, "%config") || streq(value, "%cfg")) + { + free(end->srcip); + end->srcip = NULL; + end->modecfg = TRUE; + } + else + { + ip_address addr; + ip_subnet net; + + conn->tunnel_addr_family = ip_version(value); + if (strchr(value, '/')) + { /* CIDR notation, address pool */ + ugh = ttosubnet(value, 0, conn->tunnel_addr_family, &net); + } + else if (value[0] != '%') + { /* old style fixed srcip, a %poolname otherwise */ + ugh = ttoaddr(value, 0, conn->tunnel_addr_family, &addr); + } + if (ugh != NULL) + { + plog("# bad addr: %s=%s [%s]", name, value, ugh); + goto err; + } + } + conn->policy |= POLICY_TUNNEL; + break; + case KW_SENDCERT: + if (end->sendcert == CERT_YES_SEND) + { + end->sendcert = CERT_ALWAYS_SEND; + } + else if (end->sendcert == CERT_NO_SEND) + { + end->sendcert = CERT_NEVER_SEND; + } + break; + default: + break; + } - char *name = kw->entry->name; - char *value = kw->value; + if (assigned) + return; - if (!assign_arg(token, KW_END_FIRST, kw, (char *)end, &assigned)) + /* individual processing of keywords that were not assigned automatically */ + switch (token) + { + case KW_HOST: + if (streq(value, "%defaultroute")) + { + if (cfg->defaultroute.defined) + { + end->addr = cfg->defaultroute.addr; + end->nexthop = cfg->defaultroute.nexthop; + } + else + { + plog("# default route not known: %s=%s", name, value); goto err; + } + } + else if (streq(value, "%any") || streq(value, "%any4")) + { + anyaddr(conn->addr_family, &end->addr); + } + else if (streq(value, "%any6")) + { + conn->addr_family = AF_INET6; + anyaddr(conn->addr_family, &end->addr); + } + else if (streq(value, "%group")) + { + ip_address any; - /* post processing of some keywords that were assigned automatically */ - switch (token) + conn->policy |= POLICY_GROUP | POLICY_TUNNEL; + anyaddr(conn->addr_family, &end->addr); + anyaddr(conn->tunnel_addr_family, &any); + end->has_client = TRUE; + } + else { - case KW_SUBNET: - if ((strlen(value) >= 6 && strncmp(value,"vhost:",6) == 0) - || (strlen(value) >= 5 && strncmp(value,"vnet:",5) == 0)) + /* check for allow_any prefix */ + if (value[0] == '%') + { + end->allow_any = TRUE; + value++; + } + conn->addr_family = ip_version(value); + ugh = ttoaddr(value, 0, conn->addr_family, &end->addr); + if (ugh != NULL) + { + plog("# bad addr: %s=%s [%s]", name, value, ugh); + if (streq(ugh, "does not look numeric and name lookup failed")) { - /* used by pluto only */ - end->has_virt = TRUE; + end->dns_failed = TRUE; + anyaddr(conn->addr_family, &end->addr); } else { - ip_subnet net; - char *pos; - int len = 0; - - end->has_client = TRUE; - conn->tunnel_addr_family = ip_version(value); - - pos = strchr(value, ','); - if (pos) - { - len = pos - value; - } - ugh = ttosubnet(value, len, ip_version(value), &net); - if (ugh != NULL) - { - plog("# bad subnet: %s=%s [%s]", name, value, ugh); - goto err; - } - } - break; - case KW_SOURCEIP: - if (end->has_natip) - { - plog("# natip and sourceip cannot be defined at the same time"); - goto err; - } - if (streq(value, "%modeconfig") || streq(value, "%modecfg") || - streq(value, "%config") || streq(value, "%cfg")) - { - free(end->srcip); - end->srcip = NULL; - end->modecfg = TRUE; - } - else - { - ip_address addr; - ip_subnet net; - - conn->tunnel_addr_family = ip_version(value); - if (strchr(value, '/')) - { /* CIDR notation, address pool */ - ugh = ttosubnet(value, 0, conn->tunnel_addr_family, &net); - } - else if (value[0] != '%') - { /* old style fixed srcip, a %poolname otherwise */ - ugh = ttoaddr(value, 0, conn->tunnel_addr_family, &addr); - } - if (ugh != NULL) - { - plog("# bad addr: %s=%s [%s]", name, value, ugh); - goto err; - } - } - conn->policy |= POLICY_TUNNEL; - break; - case KW_SENDCERT: - if (end->sendcert == CERT_YES_SEND) - { - end->sendcert = CERT_ALWAYS_SEND; + goto err; } - else if (end->sendcert == CERT_NO_SEND) - { - end->sendcert = CERT_NEVER_SEND; - } - break; - default: - break; + } } - - if (assigned) - return; - - /* individual processing of keywords that were not assigned automatically */ - switch (token) + break; + case KW_NEXTHOP: + if (streq(value, "%defaultroute")) { - case KW_HOST: - if (streq(value, "%defaultroute")) - { - if (cfg->defaultroute.defined) - { - end->addr = cfg->defaultroute.addr; - end->nexthop = cfg->defaultroute.nexthop; - } - else - { - plog("# default route not known: %s=%s", name, value); - goto err; - } - } - else if (streq(value, "%any") || streq(value, "%any4")) - { - anyaddr(conn->addr_family, &end->addr); - } - else if (streq(value, "%any6")) - { - conn->addr_family = AF_INET6; - anyaddr(conn->addr_family, &end->addr); - } - else if (streq(value, "%group")) - { - ip_address any; + if (cfg->defaultroute.defined) + end->nexthop = cfg->defaultroute.nexthop; + else + { + plog("# default route not known: %s=%s", name, value); + goto err; + } + } + else if (streq(value, "%direct")) + { + ugh = anyaddr(conn->addr_family, &end->nexthop); + } + else + { + conn->addr_family = ip_version(value); + ugh = ttoaddr(value, 0, conn->addr_family, &end->nexthop); + } + if (ugh != NULL) + { + plog("# bad addr: %s=%s [%s]", name, value, ugh); + goto err; + } + break; + case KW_SUBNETWITHIN: + { + ip_subnet net; + + end->has_client = TRUE; + end->has_client_wildcard = TRUE; + conn->tunnel_addr_family = ip_version(value); - conn->policy |= POLICY_GROUP | POLICY_TUNNEL; - anyaddr(conn->addr_family, &end->addr); - anyaddr(conn->tunnel_addr_family, &any); - end->has_client = TRUE; - } - else - { - /* check for allow_any prefix */ - if (value[0] == '%') - { - end->allow_any = TRUE; - value++; - } - conn->addr_family = ip_version(value); - ugh = ttoaddr(value, 0, conn->addr_family, &end->addr); - if (ugh != NULL) - { - plog("# bad addr: %s=%s [%s]", name, value, ugh); - if (streq(ugh, "does not look numeric and name lookup failed")) - { - end->dns_failed = TRUE; - anyaddr(conn->addr_family, &end->addr); - } - else - { - goto err; - } - } - } - break; - case KW_NEXTHOP: - if (streq(value, "%defaultroute")) - { - if (cfg->defaultroute.defined) - end->nexthop = cfg->defaultroute.nexthop; - else - { - plog("# default route not known: %s=%s", name, value); - goto err; - } - } - else if (streq(value, "%direct")) - { - ugh = anyaddr(conn->addr_family, &end->nexthop); - } - else - { - conn->addr_family = ip_version(value); - ugh = ttoaddr(value, 0, conn->addr_family, &end->nexthop); - } - if (ugh != NULL) - { - plog("# bad addr: %s=%s [%s]", name, value, ugh); - goto err; - } - break; - case KW_SUBNETWITHIN: + ugh = ttosubnet(value, 0, ip_version(value), &net); + if (ugh != NULL) { - ip_subnet net; - - end->has_client = TRUE; - end->has_client_wildcard = TRUE; - conn->tunnel_addr_family = ip_version(value); - - ugh = ttosubnet(value, 0, ip_version(value), &net); - if (ugh != NULL) - { - plog("# bad subnet: %s=%s [%s]", name, value, ugh); - goto err; - } - end->subnet = clone_str(value); - break; + plog("# bad subnet: %s=%s [%s]", name, value, ugh); + goto err; } - case KW_PROTOPORT: - ugh = ttoprotoport(value, 0, &end->protocol, &end->port, &has_port_wildcard); - end->has_port_wildcard = has_port_wildcard; - break; - case KW_NATIP: - if (end->srcip) - { - plog("# natip and sourceip cannot be defined at the same time"); - goto err; - } - if (streq(value, "%defaultroute")) - { - char buf[64]; - - if (cfg->defaultroute.defined) - { - addrtot(&cfg->defaultroute.addr, 0, buf, sizeof(buf)); - end->srcip = clone_str(buf); - } - else - { - plog("# default route not known: %s=%s", name, value); - goto err; - } - } - else - { - ip_address addr; - - conn->tunnel_addr_family = ip_version(value); - ugh = ttoaddr(value, 0, conn->tunnel_addr_family, &addr); - if (ugh != NULL) - { - plog("# bad addr: %s=%s [%s]", name, value, ugh); - goto err; - } - end->srcip = clone_str(value); - } - end->has_natip = TRUE; - conn->policy |= POLICY_TUNNEL; - break; - default: - break; + end->subnet = clone_str(value); + break; + } + case KW_PROTOPORT: + ugh = ttoprotoport(value, 0, &end->protocol, &end->port, &has_port_wildcard); + end->has_port_wildcard = has_port_wildcard; + break; + case KW_NATIP: + if (end->srcip) + { + plog("# natip and sourceip cannot be defined at the same time"); + goto err; } - return; + if (streq(value, "%defaultroute")) + { + char buf[64]; + + if (cfg->defaultroute.defined) + { + addrtot(&cfg->defaultroute.addr, 0, buf, sizeof(buf)); + end->srcip = clone_str(buf); + } + else + { + plog("# default route not known: %s=%s", name, value); + goto err; + } + } + else + { + ip_address addr; + + conn->tunnel_addr_family = ip_version(value); + ugh = ttoaddr(value, 0, conn->tunnel_addr_family, &addr); + if (ugh != NULL) + { + plog("# bad addr: %s=%s [%s]", name, value, ugh); + goto err; + } + end->srcip = clone_str(value); + } + end->has_natip = TRUE; + conn->policy |= POLICY_TUNNEL; + break; + default: + break; + } + return; err: - plog(" bad argument value in conn '%s'", conn_name); - cfg->err++; + plog(" bad argument value in conn '%s'", conn_name); + cfg->err++; } /* @@ -396,19 +396,19 @@ err: static void handle_dns_failure( const char *label, starter_end_t *end, starter_config_t *cfg) { - if (end->dns_failed) + if (end->dns_failed) + { + if (end->allow_any) { - if (end->allow_any) - { - plog("# fallback to %s=%%any due to '%%' prefix or %sallowany=yes", - label, label); - } - else - { - /* declare an error */ - cfg->err++; - } + plog("# fallback to %s=%%any due to '%%' prefix or %sallowany=yes", + label, label); } + else + { + /* declare an error */ + cfg->err++; + } + } } /* @@ -417,19 +417,19 @@ handle_dns_failure( const char *label, starter_end_t *end, starter_config_t *cfg static void handle_firewall( const char *label, starter_end_t *end, starter_config_t *cfg) { - if (end->firewall && (end->seen & LELEM(KW_FIREWALL - KW_END_FIRST))) + if (end->firewall && (end->seen & LELEM(KW_FIREWALL - KW_END_FIRST))) + { + if (end->updown != NULL) { - if (end->updown != NULL) - { - plog("# cannot have both %sfirewall and %supdown", label, label); - cfg->err++; - } - else - { - end->updown = clone_str(firewall_defaults); - end->firewall = FALSE; - } + plog("# cannot have both %sfirewall and %supdown", label, label); + cfg->err++; + } + else + { + end->updown = clone_str(firewall_defaults); + end->firewall = FALSE; } + } } /* @@ -438,257 +438,257 @@ handle_firewall( const char *label, starter_end_t *end, starter_config_t *cfg) static void load_conn(starter_conn_t *conn, kw_list_t *kw, starter_config_t *cfg) { - char *conn_name = (conn->name == NULL)? "%default":conn->name; + char *conn_name = (conn->name == NULL)? "%default":conn->name; - for ( ; kw; kw = kw->next) + for ( ; kw; kw = kw->next) + { + bool assigned = FALSE; + + kw_token_t token = kw->entry->token; + + if (token >= KW_LEFT_FIRST && token <= KW_LEFT_LAST) + { + kw_end(conn, &conn->left, token - KW_LEFT_FIRST + KW_END_FIRST + , kw, conn_name, cfg); + continue; + } + else if (token >= KW_RIGHT_FIRST && token <= KW_RIGHT_LAST) { - bool assigned = FALSE; + kw_end(conn, &conn->right, token - KW_RIGHT_FIRST + KW_END_FIRST + , kw, conn_name, cfg); + continue; + } - kw_token_t token = kw->entry->token; + if (token == KW_AUTO) + { + token = KW_CONN_SETUP; + } + else if (token == KW_ALSO) + { + if (cfg->parse_also) + { + also_t *also = malloc_thing(also_t); - if (token >= KW_LEFT_FIRST && token <= KW_LEFT_LAST) - { - kw_end(conn, &conn->left, token - KW_LEFT_FIRST + KW_END_FIRST - , kw, conn_name, cfg); - continue; - } - else if (token >= KW_RIGHT_FIRST && token <= KW_RIGHT_LAST) - { - kw_end(conn, &conn->right, token - KW_RIGHT_FIRST + KW_END_FIRST - , kw, conn_name, cfg); - continue; - } + also->name = clone_str(kw->value); + also->next = conn->also; + conn->also = also; - if (token == KW_AUTO) - { - token = KW_CONN_SETUP; - } - else if (token == KW_ALSO) - { - if (cfg->parse_also) - { - also_t *also = malloc_thing(also_t); - - also->name = clone_str(kw->value); - also->next = conn->also; - conn->also = also; - - DBG(DBG_CONTROL, - DBG_log(" also=%s", kw->value) - ) - } - continue; - } + DBG(DBG_CONTROL, + DBG_log(" also=%s", kw->value) + ) + } + continue; + } - if (token < KW_CONN_FIRST || token > KW_CONN_LAST) - { - plog("# unsupported keyword '%s' in conn '%s'" - , kw->entry->name, conn_name); - cfg->err++; - continue; - } + if (token < KW_CONN_FIRST || token > KW_CONN_LAST) + { + plog("# unsupported keyword '%s' in conn '%s'" + , kw->entry->name, conn_name); + cfg->err++; + continue; + } + + if (!assign_arg(token, KW_CONN_FIRST, kw, (char *)conn, &assigned)) + { + plog(" bad argument value in conn '%s'", conn_name); + cfg->err++; + continue; + } - if (!assign_arg(token, KW_CONN_FIRST, kw, (char *)conn, &assigned)) + if (assigned) + continue; + + switch (token) + { + case KW_TYPE: + conn->policy &= ~(POLICY_TUNNEL | POLICY_SHUNT_MASK); + if (streq(kw->value, "tunnel")) + { + conn->policy |= POLICY_TUNNEL; + } + else if (streq(kw->value, "beet")) + { + conn->policy |= POLICY_BEET; + } + else if (streq(kw->value, "transport_proxy")) + { + conn->policy |= POLICY_PROXY; + } + else if (streq(kw->value, "passthrough") || streq(kw->value, "pass")) + { + conn->policy |= POLICY_SHUNT_PASS; + } + else if (streq(kw->value, "drop")) + { + conn->policy |= POLICY_SHUNT_DROP; + } + else if (streq(kw->value, "reject")) + { + conn->policy |= POLICY_SHUNT_REJECT; + } + else if (strcmp(kw->value, "transport") != 0) + { + plog("# bad policy value: %s=%s", kw->entry->name, kw->value); + cfg->err++; + } + break; + case KW_PFS: + KW_POLICY_FLAG("yes", "no", POLICY_PFS) + break; + case KW_COMPRESS: + KW_POLICY_FLAG("yes", "no", POLICY_COMPRESS) + break; + case KW_AUTH: + KW_POLICY_FLAG("ah", "esp", POLICY_AUTHENTICATE) + break; + case KW_AUTHBY: + conn->policy &= ~(POLICY_ID_AUTH_MASK | POLICY_ENCRYPT); + + if (!(streq(kw->value, "never") || streq(kw->value, "eap"))) + { + char *value = kw->value; + char *second = strchr(kw->value, '|'); + + if (second != NULL) { - plog(" bad argument value in conn '%s'", conn_name); - cfg->err++; - continue; + *second = '\0'; } - if (assigned) - continue; - - switch (token) + /* also handles the cases secret|rsasig and rsasig|secret */ + for (;;) { - case KW_TYPE: - conn->policy &= ~(POLICY_TUNNEL | POLICY_SHUNT_MASK); - if (streq(kw->value, "tunnel")) - { - conn->policy |= POLICY_TUNNEL; - } - else if (streq(kw->value, "beet")) - { - conn->policy |= POLICY_BEET; - } - else if (streq(kw->value, "transport_proxy")) - { - conn->policy |= POLICY_PROXY; - } - else if (streq(kw->value, "passthrough") || streq(kw->value, "pass")) - { - conn->policy |= POLICY_SHUNT_PASS; - } - else if (streq(kw->value, "drop")) - { - conn->policy |= POLICY_SHUNT_DROP; - } - else if (streq(kw->value, "reject")) - { - conn->policy |= POLICY_SHUNT_REJECT; - } - else if (strcmp(kw->value, "transport") != 0) - { - plog("# bad policy value: %s=%s", kw->entry->name, kw->value); - cfg->err++; - } - break; - case KW_PFS: - KW_POLICY_FLAG("yes", "no", POLICY_PFS) + if (streq(value, "rsa") || streq(value, "rsasig")) + { + conn->policy |= POLICY_RSASIG | POLICY_ENCRYPT; + } + else if (streq(value, "secret") || streq(value, "psk")) + { + conn->policy |= POLICY_PSK | POLICY_ENCRYPT; + } + else if (streq(value, "ecdsa") || streq(value, "ecdsasig")) + { + conn->policy |= POLICY_ECDSASIG | POLICY_ENCRYPT; + } + else if (streq(value, "xauthrsasig")) + { + conn->policy |= POLICY_XAUTH_RSASIG | POLICY_ENCRYPT; + } + else if (streq(value, "xauthpsk")) + { + conn->policy |= POLICY_XAUTH_PSK | POLICY_ENCRYPT; + } + else + { + plog("# bad policy value: %s=%s", kw->entry->name, kw->value); + cfg->err++; break; - case KW_COMPRESS: - KW_POLICY_FLAG("yes", "no", POLICY_COMPRESS) - break; - case KW_AUTH: - KW_POLICY_FLAG("ah", "esp", POLICY_AUTHENTICATE) - break; - case KW_AUTHBY: - conn->policy &= ~(POLICY_ID_AUTH_MASK | POLICY_ENCRYPT); - - if (!(streq(kw->value, "never") || streq(kw->value, "eap"))) - { - char *value = kw->value; - char *second = strchr(kw->value, '|'); - - if (second != NULL) - { - *second = '\0'; - } - - /* also handles the cases secret|rsasig and rsasig|secret */ - for (;;) - { - if (streq(value, "rsa") || streq(value, "rsasig")) - { - conn->policy |= POLICY_RSASIG | POLICY_ENCRYPT; - } - else if (streq(value, "secret") || streq(value, "psk")) - { - conn->policy |= POLICY_PSK | POLICY_ENCRYPT; - } - else if (streq(value, "ecdsa") || streq(value, "ecdsasig")) - { - conn->policy |= POLICY_ECDSASIG | POLICY_ENCRYPT; - } - else if (streq(value, "xauthrsasig")) - { - conn->policy |= POLICY_XAUTH_RSASIG | POLICY_ENCRYPT; - } - else if (streq(value, "xauthpsk")) - { - conn->policy |= POLICY_XAUTH_PSK | POLICY_ENCRYPT; - } - else - { - plog("# bad policy value: %s=%s", kw->entry->name, kw->value); - cfg->err++; - break; - } - if (second == NULL) - { - break; - } - value = second; - second = NULL; /* traverse the loop no more than twice */ - } - } + } + if (second == NULL) + { break; - case KW_EAP: + } + value = second; + second = NULL; /* traverse the loop no more than twice */ + } + } + break; + case KW_EAP: + { + char *sep; + + /* check for vendor-type format */ + sep = strchr(kw->value, '-'); + if (sep) + { + *(sep++) = '\0'; + conn->eap_type = atoi(kw->value); + conn->eap_vendor = atoi(sep); + if (conn->eap_type == 0 || conn->eap_vendor == 0) { - char *sep; - - /* check for vendor-type format */ - sep = strchr(kw->value, '-'); - if (sep) - { - *(sep++) = '\0'; - conn->eap_type = atoi(kw->value); - conn->eap_vendor = atoi(sep); - if (conn->eap_type == 0 || conn->eap_vendor == 0) - { - plog("# invalid EAP type: %s=%s", kw->entry->name, kw->value); - cfg->err++; - } - break; - } - if (streq(kw->value, "aka")) - { - conn->eap_type = 23; - } - else if (streq(kw->value, "sim")) - { - conn->eap_type = 18; - } - else if (streq(kw->value, "md5")) - { - conn->eap_type = 4; - } - else if (streq(kw->value, "gtc")) - { - conn->eap_type = 6; - } - else if (streq(kw->value, "mschapv2")) - { - conn->eap_type = 26; - } - else if (streq(kw->value, "radius")) - { /* pseudo-type */ - conn->eap_type = 253; - } - else - { - conn->eap_type = atoi(kw->value); - if (conn->eap_type == 0) - { - plog("# unknown EAP type: %s=%s", kw->entry->name, kw->value); - cfg->err++; - } - } - break; + plog("# invalid EAP type: %s=%s", kw->entry->name, kw->value); + cfg->err++; } - case KW_KEYINGTRIES: - if (streq(kw->value, "%forever")) - { - conn->sa_keying_tries = 0; - } - else - { - char *endptr; - - conn->sa_keying_tries = strtoul(kw->value, &endptr, 10); - if (*endptr != '\0') - { - plog("# bad integer value: %s=%s", kw->entry->name, kw->value); - cfg->err++; - } - } - break; - case KW_REKEY: - KW_POLICY_FLAG("no", "yes", POLICY_DONT_REKEY) - break; - case KW_REAUTH: - KW_POLICY_FLAG("no", "yes", POLICY_DONT_REAUTH) - break; - case KW_MOBIKE: - KW_POLICY_FLAG("yes", "no", POLICY_MOBIKE) - break; - case KW_FORCEENCAPS: - KW_POLICY_FLAG("yes", "no", POLICY_FORCE_ENCAP) - break; - case KW_MODECONFIG: - KW_POLICY_FLAG("push", "pull", POLICY_MODECFG_PUSH) - break; - case KW_XAUTH: - KW_POLICY_FLAG("server", "client", POLICY_XAUTH_SERVER) - break; - default: - break; + break; + } + if (streq(kw->value, "aka")) + { + conn->eap_type = 23; + } + else if (streq(kw->value, "sim")) + { + conn->eap_type = 18; + } + else if (streq(kw->value, "md5")) + { + conn->eap_type = 4; + } + else if (streq(kw->value, "gtc")) + { + conn->eap_type = 6; + } + else if (streq(kw->value, "mschapv2")) + { + conn->eap_type = 26; + } + else if (streq(kw->value, "radius")) + { /* pseudo-type */ + conn->eap_type = 253; + } + else + { + conn->eap_type = atoi(kw->value); + if (conn->eap_type == 0) + { + plog("# unknown EAP type: %s=%s", kw->entry->name, kw->value); + cfg->err++; } + } + break; } + case KW_KEYINGTRIES: + if (streq(kw->value, "%forever")) + { + conn->sa_keying_tries = 0; + } + else + { + char *endptr; + + conn->sa_keying_tries = strtoul(kw->value, &endptr, 10); + if (*endptr != '\0') + { + plog("# bad integer value: %s=%s", kw->entry->name, kw->value); + cfg->err++; + } + } + break; + case KW_REKEY: + KW_POLICY_FLAG("no", "yes", POLICY_DONT_REKEY) + break; + case KW_REAUTH: + KW_POLICY_FLAG("no", "yes", POLICY_DONT_REAUTH) + break; + case KW_MOBIKE: + KW_POLICY_FLAG("yes", "no", POLICY_MOBIKE) + break; + case KW_FORCEENCAPS: + KW_POLICY_FLAG("yes", "no", POLICY_FORCE_ENCAP) + break; + case KW_MODECONFIG: + KW_POLICY_FLAG("push", "pull", POLICY_MODECFG_PUSH) + break; + case KW_XAUTH: + KW_POLICY_FLAG("server", "client", POLICY_XAUTH_SERVER) + break; + default: + break; + } + } - handle_dns_failure("left", &conn->left, cfg); - handle_dns_failure("right", &conn->right, cfg); - handle_firewall("left", &conn->left, cfg); - handle_firewall("right", &conn->right, cfg); + handle_dns_failure("left", &conn->left, cfg); + handle_dns_failure("right", &conn->right, cfg); + handle_firewall("left", &conn->left, cfg); + handle_firewall("right", &conn->right, cfg); } /* @@ -697,12 +697,12 @@ load_conn(starter_conn_t *conn, kw_list_t *kw, starter_config_t *cfg) static void conn_default(char *name, starter_conn_t *conn, starter_conn_t *def) { - memcpy(conn, def, sizeof(starter_conn_t)); - conn->name = clone_str(name); + memcpy(conn, def, sizeof(starter_conn_t)); + conn->name = clone_str(name); - clone_args(KW_CONN_FIRST, KW_CONN_LAST, (char *)conn, (char *)def); - clone_args(KW_END_FIRST, KW_END_LAST, (char *)&conn->left, (char *)&def->left); - clone_args(KW_END_FIRST, KW_END_LAST, (char *)&conn->right, (char *)&def->right); + clone_args(KW_CONN_FIRST, KW_CONN_LAST, (char *)conn, (char *)def); + clone_args(KW_END_FIRST, KW_END_LAST, (char *)&conn->left, (char *)&def->left); + clone_args(KW_END_FIRST, KW_END_LAST, (char *)&conn->right, (char *)&def->right); } /* @@ -711,52 +711,52 @@ conn_default(char *name, starter_conn_t *conn, starter_conn_t *def) static void load_ca(starter_ca_t *ca, kw_list_t *kw, starter_config_t *cfg) { - char *ca_name = (ca->name == NULL)? "%default":ca->name; + char *ca_name = (ca->name == NULL)? "%default":ca->name; - for ( ; kw; kw = kw->next) - { - bool assigned = FALSE; + for ( ; kw; kw = kw->next) + { + bool assigned = FALSE; - kw_token_t token = kw->entry->token; + kw_token_t token = kw->entry->token; - if (token == KW_AUTO) - { - token = KW_CA_SETUP; - } - else if (token == KW_ALSO) - { - if (cfg->parse_also) - { - also_t *also = malloc_thing(also_t); + if (token == KW_AUTO) + { + token = KW_CA_SETUP; + } + else if (token == KW_ALSO) + { + if (cfg->parse_also) + { + also_t *also = malloc_thing(also_t); - also->name = clone_str(kw->value); - also->next = ca->also; - ca->also = also; + also->name = clone_str(kw->value); + also->next = ca->also; + ca->also = also; - DBG(DBG_CONTROL, - DBG_log(" also=%s", kw->value) - ) - } - continue; - } + DBG(DBG_CONTROL, + DBG_log(" also=%s", kw->value) + ) + } + continue; + } - if (token < KW_CA_FIRST || token > KW_CA_LAST) - { - plog("# unsupported keyword '%s' in ca '%s'", kw->entry->name, ca_name); - cfg->err++; - continue; - } + if (token < KW_CA_FIRST || token > KW_CA_LAST) + { + plog("# unsupported keyword '%s' in ca '%s'", kw->entry->name, ca_name); + cfg->err++; + continue; + } - if (!assign_arg(token, KW_CA_FIRST, kw, (char *)ca, &assigned)) - { - plog(" bad argument value in ca '%s'", ca_name); - cfg->err++; - } + if (!assign_arg(token, KW_CA_FIRST, kw, (char *)ca, &assigned)) + { + plog(" bad argument value in ca '%s'", ca_name); + cfg->err++; } + } - /* treat 'route' and 'start' as 'add' */ - if (ca->startup != STARTUP_NO) - ca->startup = STARTUP_ADD; + /* treat 'route' and 'start' as 'add' */ + if (ca->startup != STARTUP_NO) + ca->startup = STARTUP_ADD; } /* @@ -765,10 +765,10 @@ load_ca(starter_ca_t *ca, kw_list_t *kw, starter_config_t *cfg) static void ca_default(char *name, starter_ca_t *ca, starter_ca_t *def) { - memcpy(ca, def, sizeof(starter_ca_t)); - ca->name = clone_str(name); + memcpy(ca, def, sizeof(starter_ca_t)); + ca->name = clone_str(name); - clone_args(KW_CA_FIRST, KW_CA_LAST, (char *)ca, (char *)def); + clone_args(KW_CA_FIRST, KW_CA_LAST, (char *)ca, (char *)def); } static kw_list_t* @@ -777,25 +777,25 @@ find_also_conn(const char* name, starter_conn_t *conn, starter_config_t *cfg); static void load_also_conns(starter_conn_t *conn, also_t *also, starter_config_t *cfg) { - while (also != NULL) - { - kw_list_t *kw = find_also_conn(also->name, conn, cfg); + while (also != NULL) + { + kw_list_t *kw = find_also_conn(also->name, conn, cfg); - if (kw == NULL) - { - plog(" conn '%s' cannot include '%s'", conn->name, also->name); - } - else - { - DBG(DBG_CONTROL, - DBG_log("conn '%s' includes '%s'", conn->name, also->name) - ) - /* only load if no error occurred in the first round */ - if (cfg->err == 0) - load_conn(conn, kw, cfg); - } - also = also->next; + if (kw == NULL) + { + plog(" conn '%s' cannot include '%s'", conn->name, also->name); + } + else + { + DBG(DBG_CONTROL, + DBG_log("conn '%s' includes '%s'", conn->name, also->name) + ) + /* only load if no error occurred in the first round */ + if (cfg->err == 0) + load_conn(conn, kw, cfg); } + also = also->next; + } } /* @@ -804,28 +804,28 @@ load_also_conns(starter_conn_t *conn, also_t *also, starter_config_t *cfg) static kw_list_t* find_also_conn(const char* name, starter_conn_t *conn, starter_config_t *cfg) { - starter_conn_t *c = cfg->conn_first; + starter_conn_t *c = cfg->conn_first; - while (c != NULL) + while (c != NULL) + { + if (streq(name, c->name)) { - if (streq(name, c->name)) - { - if (conn->visit == c->visit) - { - plog("# detected also loop"); - cfg->err++; - return NULL; - } - c->visit = conn->visit; - load_also_conns(conn, c->also, cfg); - return c->kw; - } - c = c->next; + if (conn->visit == c->visit) + { + plog("# detected also loop"); + cfg->err++; + return NULL; + } + c->visit = conn->visit; + load_also_conns(conn, c->also, cfg); + return c->kw; } + c = c->next; + } - plog("# also '%s' not found", name); - cfg->err++; - return NULL; + plog("# also '%s' not found", name); + cfg->err++; + return NULL; } static kw_list_t* @@ -834,25 +834,25 @@ find_also_ca(const char* name, starter_ca_t *ca, starter_config_t *cfg); static void load_also_cas(starter_ca_t *ca, also_t *also, starter_config_t *cfg) { - while (also != NULL) - { - kw_list_t *kw = find_also_ca(also->name, ca, cfg); + while (also != NULL) + { + kw_list_t *kw = find_also_ca(also->name, ca, cfg); - if (kw == NULL) - { - plog(" ca '%s' cannot include '%s'", ca->name, also->name); - } - else - { - DBG(DBG_CONTROL, - DBG_log("ca '%s' includes '%s'", ca->name, also->name) - ) - /* only load if no error occurred in the first round */ - if (cfg->err == 0) - load_ca(ca, kw, cfg); - } - also = also->next; + if (kw == NULL) + { + plog(" ca '%s' cannot include '%s'", ca->name, also->name); } + else + { + DBG(DBG_CONTROL, + DBG_log("ca '%s' includes '%s'", ca->name, also->name) + ) + /* only load if no error occurred in the first round */ + if (cfg->err == 0) + load_ca(ca, kw, cfg); + } + also = also->next; + } } /* @@ -861,28 +861,28 @@ load_also_cas(starter_ca_t *ca, also_t *also, starter_config_t *cfg) static kw_list_t* find_also_ca(const char* name, starter_ca_t *ca, starter_config_t *cfg) { - starter_ca_t *c = cfg->ca_first; + starter_ca_t *c = cfg->ca_first; - while (c != NULL) + while (c != NULL) + { + if (streq(name, c->name)) { - if (streq(name, c->name)) - { - if (ca->visit == c->visit) - { - plog("# detected also loop"); - cfg->err++; - return NULL; - } - c->visit = ca->visit; - load_also_cas(ca, c->also, cfg); - return c->kw; - } - c = c->next; + if (ca->visit == c->visit) + { + plog("# detected also loop"); + cfg->err++; + return NULL; + } + c->visit = ca->visit; + load_also_cas(ca, c->also, cfg); + return c->kw; } + c = c->next; + } - plog("# also '%s' not found", name); - cfg->err++; - return NULL; + plog("# also '%s' not found", name); + cfg->err++; + return NULL; } /* @@ -891,14 +891,14 @@ find_also_ca(const char* name, starter_ca_t *ca, starter_config_t *cfg) static void free_also(also_t *head) { - while (head != NULL) - { - also_t *also = head; - - head = also->next; - free(also->name); - free(also); - } + while (head != NULL) + { + also_t *also = head; + + head = also->next; + free(also->name); + free(also); + } } /* @@ -907,10 +907,10 @@ free_also(also_t *head) static void confread_free_conn(starter_conn_t *conn) { - free_args(KW_END_FIRST, KW_END_LAST, (char *)&conn->left); - free_args(KW_END_FIRST, KW_END_LAST, (char *)&conn->right); - free_args(KW_CONN_NAME, KW_CONN_LAST, (char *)conn); - free_also(conn->also); + free_args(KW_END_FIRST, KW_END_LAST, (char *)&conn->left); + free_args(KW_END_FIRST, KW_END_LAST, (char *)&conn->right); + free_args(KW_CONN_NAME, KW_CONN_LAST, (char *)conn); + free_also(conn->also); } /* @@ -919,8 +919,8 @@ confread_free_conn(starter_conn_t *conn) static void confread_free_ca(starter_ca_t *ca) { - free_args(KW_CA_NAME, KW_CA_LAST, (char *)ca); - free_also(ca->also); + free_args(KW_CA_NAME, KW_CA_LAST, (char *)ca); + free_also(ca->also); } /* @@ -929,34 +929,34 @@ confread_free_ca(starter_ca_t *ca) void confread_free(starter_config_t *cfg) { - starter_conn_t *conn = cfg->conn_first; - starter_ca_t *ca = cfg->ca_first; + starter_conn_t *conn = cfg->conn_first; + starter_ca_t *ca = cfg->ca_first; - free_args(KW_SETUP_FIRST, KW_SETUP_LAST, (char *)cfg); + free_args(KW_SETUP_FIRST, KW_SETUP_LAST, (char *)cfg); - confread_free_conn(&cfg->conn_default); + confread_free_conn(&cfg->conn_default); - while (conn != NULL) - { - starter_conn_t *conn_aux = conn; + while (conn != NULL) + { + starter_conn_t *conn_aux = conn; - conn = conn->next; - confread_free_conn(conn_aux); - free(conn_aux); - } + conn = conn->next; + confread_free_conn(conn_aux); + free(conn_aux); + } - confread_free_ca(&cfg->ca_default); + confread_free_ca(&cfg->ca_default); - while (ca != NULL) - { - starter_ca_t *ca_aux = ca; + while (ca != NULL) + { + starter_ca_t *ca_aux = ca; - ca = ca->next; - confread_free_ca(ca_aux); - free(ca_aux); - } + ca = ca->next; + confread_free_ca(ca_aux); + free(ca_aux); + } - free(cfg); + free(cfg); } /* @@ -965,188 +965,188 @@ confread_free(starter_config_t *cfg) starter_config_t * confread_load(const char *file) { - starter_config_t *cfg = NULL; - config_parsed_t *cfgp; - section_list_t *sconn, *sca; - starter_conn_t *conn; - starter_ca_t *ca; - - u_int total_err; - u_int visit = 0; - - /* load IPSec configuration file */ - cfgp = parser_load_conf(file); - if (!cfgp) - { - return NULL; - } - cfg = malloc_thing(starter_config_t); + starter_config_t *cfg = NULL; + config_parsed_t *cfgp; + section_list_t *sconn, *sca; + starter_conn_t *conn; + starter_ca_t *ca; + + u_int total_err; + u_int visit = 0; + + /* load IPSec configuration file */ + cfgp = parser_load_conf(file); + if (!cfgp) + { + return NULL; + } + cfg = malloc_thing(starter_config_t); - /* set default values */ - default_values(cfg); + /* set default values */ + default_values(cfg); - /* determine default route */ - get_defaultroute(&cfg->defaultroute); + /* determine default route */ + get_defaultroute(&cfg->defaultroute); - /* load config setup section */ - load_setup(cfg, cfgp); + /* load config setup section */ + load_setup(cfg, cfgp); - /* in the first round parse also statements */ - cfg->parse_also = TRUE; + /* in the first round parse also statements */ + cfg->parse_also = TRUE; - /* find %default ca section */ - for (sca = cfgp->ca_first; sca; sca = sca->next) + /* find %default ca section */ + for (sca = cfgp->ca_first; sca; sca = sca->next) + { + if (streq(sca->name, "%default")) { - if (streq(sca->name, "%default")) - { - DBG(DBG_CONTROL, - DBG_log("Loading ca %%default") - ) - load_ca(&cfg->ca_default, sca->kw, cfg); - } + DBG(DBG_CONTROL, + DBG_log("Loading ca %%default") + ) + load_ca(&cfg->ca_default, sca->kw, cfg); } + } - /* parameters defined in ca %default sections can be overloads */ - cfg->ca_default.seen = LEMPTY; + /* parameters defined in ca %default sections can be overloads */ + cfg->ca_default.seen = LEMPTY; - /* load other ca sections */ - for (sca = cfgp->ca_first; sca; sca = sca->next) - { - u_int previous_err; + /* load other ca sections */ + for (sca = cfgp->ca_first; sca; sca = sca->next) + { + u_int previous_err; - /* skip %default ca section */ - if (streq(sca->name, "%default")) - continue; + /* skip %default ca section */ + if (streq(sca->name, "%default")) + continue; - DBG(DBG_CONTROL, - DBG_log("Loading ca '%s'", sca->name) - ) - ca = malloc_thing(starter_ca_t); + DBG(DBG_CONTROL, + DBG_log("Loading ca '%s'", sca->name) + ) + ca = malloc_thing(starter_ca_t); - ca_default(sca->name, ca, &cfg->ca_default); - ca->kw = sca->kw; - ca->next = NULL; + ca_default(sca->name, ca, &cfg->ca_default); + ca->kw = sca->kw; + ca->next = NULL; - previous_err = cfg->err; - load_ca(ca, ca->kw, cfg); - if (cfg->err > previous_err) - { - /* errors occurred - free the ca */ - confread_free_ca(ca); - cfg->non_fatal_err += cfg->err - previous_err; - cfg->err = previous_err; - } - else - { - /* success - insert the ca into the chained list */ - if (cfg->ca_last) - cfg->ca_last->next = ca; - cfg->ca_last = ca; - if (!cfg->ca_first) - cfg->ca_first = ca; - } + previous_err = cfg->err; + load_ca(ca, ca->kw, cfg); + if (cfg->err > previous_err) + { + /* errors occurred - free the ca */ + confread_free_ca(ca); + cfg->non_fatal_err += cfg->err - previous_err; + cfg->err = previous_err; } - - for (ca = cfg->ca_first; ca; ca = ca->next) + else { - also_t *also = ca->also; - - while (also != NULL) - { - kw_list_t *kw = find_also_ca(also->name, cfg->ca_first, cfg); + /* success - insert the ca into the chained list */ + if (cfg->ca_last) + cfg->ca_last->next = ca; + cfg->ca_last = ca; + if (!cfg->ca_first) + cfg->ca_first = ca; + } + } - load_ca(ca, kw, cfg); - also = also->next; - } + for (ca = cfg->ca_first; ca; ca = ca->next) + { + also_t *also = ca->also; + + while (also != NULL) + { + kw_list_t *kw = find_also_ca(also->name, cfg->ca_first, cfg); - if (ca->startup != STARTUP_NO) - ca->state = STATE_TO_ADD; + load_ca(ca, kw, cfg); + also = also->next; } - /* find %default conn sections */ - for (sconn = cfgp->conn_first; sconn; sconn = sconn->next) + if (ca->startup != STARTUP_NO) + ca->state = STATE_TO_ADD; + } + + /* find %default conn sections */ + for (sconn = cfgp->conn_first; sconn; sconn = sconn->next) + { + if (streq(sconn->name, "%default")) { - if (streq(sconn->name, "%default")) - { - DBG(DBG_CONTROL, - DBG_log("Loading conn %%default") - ) - load_conn(&cfg->conn_default, sconn->kw, cfg); - } + DBG(DBG_CONTROL, + DBG_log("Loading conn %%default") + ) + load_conn(&cfg->conn_default, sconn->kw, cfg); } + } - /* parameter defined in conn %default sections can be overloaded */ - cfg->conn_default.seen = LEMPTY; - cfg->conn_default.right.seen = LEMPTY; - cfg->conn_default.left.seen = LEMPTY; + /* parameter defined in conn %default sections can be overloaded */ + cfg->conn_default.seen = LEMPTY; + cfg->conn_default.right.seen = LEMPTY; + cfg->conn_default.left.seen = LEMPTY; - /* load other conn sections */ - for (sconn = cfgp->conn_first; sconn; sconn = sconn->next) - { - u_int previous_err; - - /* skip %default conn section */ - if (streq(sconn->name, "%default")) - continue; + /* load other conn sections */ + for (sconn = cfgp->conn_first; sconn; sconn = sconn->next) + { + u_int previous_err; + + /* skip %default conn section */ + if (streq(sconn->name, "%default")) + continue; - DBG(DBG_CONTROL, - DBG_log("Loading conn '%s'", sconn->name) - ) - conn = malloc_thing(starter_conn_t); - - conn_default(sconn->name, conn, &cfg->conn_default); - conn->kw = sconn->kw; - conn->next = NULL; - - previous_err = cfg->err; - load_conn(conn, conn->kw, cfg); - if (cfg->err > previous_err) - { - /* error occurred - free the conn */ - confread_free_conn(conn); - cfg->non_fatal_err += cfg->err - previous_err; - cfg->err = previous_err; - } - else - { - /* success - insert the conn into the chained list */ - if (cfg->conn_last) - cfg->conn_last->next = conn; - cfg->conn_last = conn; - if (!cfg->conn_first) - cfg->conn_first = conn; - } + DBG(DBG_CONTROL, + DBG_log("Loading conn '%s'", sconn->name) + ) + conn = malloc_thing(starter_conn_t); + + conn_default(sconn->name, conn, &cfg->conn_default); + conn->kw = sconn->kw; + conn->next = NULL; + + previous_err = cfg->err; + load_conn(conn, conn->kw, cfg); + if (cfg->err > previous_err) + { + /* error occurred - free the conn */ + confread_free_conn(conn); + cfg->non_fatal_err += cfg->err - previous_err; + cfg->err = previous_err; } + else + { + /* success - insert the conn into the chained list */ + if (cfg->conn_last) + cfg->conn_last->next = conn; + cfg->conn_last = conn; + if (!cfg->conn_first) + cfg->conn_first = conn; + } + } - /* in the second round do not parse also statements */ - cfg->parse_also = FALSE; + /* in the second round do not parse also statements */ + cfg->parse_also = FALSE; - for (ca = cfg->ca_first; ca; ca = ca->next) - { - ca->visit = ++visit; - load_also_cas(ca, ca->also, cfg); + for (ca = cfg->ca_first; ca; ca = ca->next) + { + ca->visit = ++visit; + load_also_cas(ca, ca->also, cfg); - if (ca->startup != STARTUP_NO) - ca->state = STATE_TO_ADD; - } + if (ca->startup != STARTUP_NO) + ca->state = STATE_TO_ADD; + } - for (conn = cfg->conn_first; conn; conn = conn->next) - { - conn->visit = ++visit; - load_also_conns(conn, conn->also, cfg); + for (conn = cfg->conn_first; conn; conn = conn->next) + { + conn->visit = ++visit; + load_also_conns(conn, conn->also, cfg); - if (conn->startup != STARTUP_NO) - conn->state = STATE_TO_ADD; - } + if (conn->startup != STARTUP_NO) + conn->state = STATE_TO_ADD; + } - parser_free_conf(cfgp); + parser_free_conf(cfgp); - total_err = cfg->err + cfg->non_fatal_err; - if (total_err > 0) - { - plog("### %d parsing error%s (%d fatal) ###" - , total_err, (total_err > 1)?"s":"", cfg->err); - } + total_err = cfg->err + cfg->non_fatal_err; + if (total_err > 0) + { + plog("### %d parsing error%s (%d fatal) ###" + , total_err, (total_err > 1)?"s":"", cfg->err); + } - return cfg; + return cfg; } |