X-Git-Url: https://git.proxmox.com/?a=blobdiff_plain;f=NetworkPkg%2FApplication%2FIpsecConfig%2FPolicyEntryOperation.c;h=7ecb8adc629a5c9a7c96c22e694037da7da25a9c;hb=f75a7f568e6d0944327970b3f3f2dafd9bba76b1;hp=d8330bcce095c682411a6a51ec8832e4c7ca31a5;hpb=76389e18c04833a87811550ed6db06f1790aacde;p=mirror_edk2.git
diff --git a/NetworkPkg/Application/IpsecConfig/PolicyEntryOperation.c b/NetworkPkg/Application/IpsecConfig/PolicyEntryOperation.c
index d8330bcce0..7ecb8adc62 100644
--- a/NetworkPkg/Application/IpsecConfig/PolicyEntryOperation.c
+++ b/NetworkPkg/Application/IpsecConfig/PolicyEntryOperation.c
@@ -1,7 +1,7 @@
/** @file
The implementation of policy entry operation function in IpSecConfig application.
- Copyright (c) 2009 - 2011, Intel Corporation. All rights reserved.
+ Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
@@ -271,7 +271,7 @@ CreateSpdEntry (
//
ValueStr = ShellCommandLineGetValue (ParamPackage, L"--name");
if (ValueStr != NULL) {
- UnicodeStrToAsciiStr (ValueStr, (CHAR8 *) (*Data)->Name);
+ UnicodeStrToAsciiStrS (ValueStr, (CHAR8 *) (*Data)->Name, sizeof ((*Data)->Name));
*Mask |= NAME;
}
@@ -784,7 +784,8 @@ CreateSadEntry (
if (ValueStr != NULL ) {
(*Data)->AlgoInfo.EspAlgoInfo.EncKeyLength = EncKeyLength;
AsciiStr = AllocateZeroPool (EncKeyLength + 1);
- UnicodeStrToAsciiStr (ValueStr, AsciiStr);
+ ASSERT (AsciiStr != NULL);
+ UnicodeStrToAsciiStrS (ValueStr, AsciiStr, EncKeyLength + 1);
CopyMem ((*Data)->AlgoInfo.EspAlgoInfo.EncKey, AsciiStr, EncKeyLength);
FreePool (AsciiStr);
*Mask |= ENCRYPT_KEY;
@@ -813,7 +814,8 @@ CreateSadEntry (
if (ValueStr != NULL) {
(*Data)->AlgoInfo.EspAlgoInfo.AuthKeyLength = AuthKeyLength;
AsciiStr = AllocateZeroPool (AuthKeyLength + 1);
- UnicodeStrToAsciiStr (ValueStr, AsciiStr);
+ ASSERT (AsciiStr != NULL);
+ UnicodeStrToAsciiStrS (ValueStr, AsciiStr, AuthKeyLength + 1);
CopyMem ((*Data)->AlgoInfo.EspAlgoInfo.AuthKey, AsciiStr, AuthKeyLength);
FreePool (AsciiStr);
*Mask |= AUTH_KEY;
@@ -913,7 +915,7 @@ CreateSadEntry (
}
//
- // Convert user imput from string to integer, and fill in the DestAddress in EFI_IPSEC_SA_ID.
+ // Convert user input from string to integer, and fill in the DestAddress in EFI_IPSEC_SA_ID.
//
ValueStr = ShellCommandLineGetValue (ParamPackage, L"--tunnel-source");
if (ValueStr != NULL) {
@@ -934,10 +936,28 @@ CreateSadEntry (
*Mask |= SOURCE;
}
}
+
+ //
+ // If it is TunnelMode, then check if the tunnel-source and --tunnel-dest are set
+ //
+ if ((*Data)->Mode == EfiIPsecTunnel) {
+ if ((*Mask & (DEST|SOURCE)) != (DEST|SOURCE)) {
+ ShellPrintHiiEx (
+ -1,
+ -1,
+ NULL,
+ STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_ONE_OF_PARAMETERS),
+ mHiiHandle,
+ mAppName,
+ L"--tunnel-source --tunnel-dest"
+ );
+ ReturnStatus = EFI_INVALID_PARAMETER;
+ }
+ }
ReturnStatus = CreateSpdSelector ((*Data)->SpdSelector, ParamPackage, Mask);
if (CreateNew) {
- if ((*Mask & (SPI | IPSEC_PROTO )) != (SPI | IPSEC_PROTO )) {
+ if ((*Mask & (SPI|IPSEC_PROTO|LOCAL|REMOTE)) != (SPI|IPSEC_PROTO|LOCAL|REMOTE)) {
ShellPrintHiiEx (
-1,
-1,
@@ -945,7 +965,7 @@ CreateSadEntry (
STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_ONE_OF_PARAMETERS),
mHiiHandle,
mAppName,
- L"--spi --ipsec-proto --dest"
+ L"--spi --ipsec-proto --local --remote"
);
ReturnStatus = EFI_INVALID_PARAMETER;
} else {
@@ -974,7 +994,7 @@ CreateSadEntry (
ReturnStatus = EFI_INVALID_PARAMETER;
}
} else {
- if ((*Mask & ENCRYPT_ALGO) == 0) {
+ if ((*Mask & (ENCRYPT_ALGO|AUTH_ALGO)) != (ENCRYPT_ALGO|AUTH_ALGO) ) {
ShellPrintHiiEx (
-1,
-1,
@@ -982,7 +1002,7 @@ CreateSadEntry (
STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_PARAMETER),
mHiiHandle,
mAppName,
- L"--encrypt-algo"
+ L"--encrypt-algo --auth-algo"
);
ReturnStatus = EFI_INVALID_PARAMETER;
} else if ((*Data)->AlgoInfo.EspAlgoInfo.EncAlgoId != IPSEC_EALG_NONE && (*Mask & ENCRYPT_KEY) == 0) {
@@ -996,6 +1016,17 @@ CreateSadEntry (
L"--encrypt-key"
);
ReturnStatus = EFI_INVALID_PARAMETER;
+ } else if ((*Data)->AlgoInfo.EspAlgoInfo.AuthAlgoId != IPSEC_AALG_NONE && (*Mask & AUTH_KEY) == 0) {
+ ShellPrintHiiEx (
+ -1,
+ -1,
+ NULL,
+ STRING_TOKEN (STR_IPSEC_CONFIG_MISSING_PARAMETER),
+ mHiiHandle,
+ mAppName,
+ L"--auth-key"
+ );
+ ReturnStatus = EFI_INVALID_PARAMETER;
}
}
}
@@ -1073,7 +1104,7 @@ CreatePadEntry (
ValueStr = ShellCommandLineGetValue (ParamPackage, L"--peer-id");
if (ValueStr != NULL) {
(*PadId)->PeerIdValid = TRUE;
- StrnCpy ((CHAR16 *) (*PadId)->Id.PeerId, ValueStr, ARRAY_SIZE ((*PadId)->Id.PeerId) - 1);
+ StrnCpyS ((CHAR16 *) (*PadId)->Id.PeerId, MAX_PEERID_LEN / sizeof (CHAR16), ValueStr, MAX_PEERID_LEN / sizeof (CHAR16) - 1);
*Mask |= PEER_ID;
}
@@ -1367,8 +1398,10 @@ CombineSpdEntry (
//
// Process Data
//
+ OldData->SaIdCount = 0;
+
if ((Mask & NAME) != 0) {
- AsciiStrCpy ((CHAR8 *) OldData->Name, (CHAR8 *) NewData->Name);
+ AsciiStrCpyS ((CHAR8 *) OldData->Name, MAX_PEERID_LEN, (CHAR8 *) NewData->Name);
}
if ((Mask & PACKET_FLAG) != 0) {
@@ -1831,37 +1864,30 @@ EditOperatePolicyEntry (
&CreateNew
);
if (!EFI_ERROR (Status)) {
+ //
+ // If the Selector already existed, this Entry will be updated by set data.
+ //
+ Status = mIpSecConfig->SetData (
+ mIpSecConfig,
+ Context->DataType,
+ Context->Selector, /// New created selector.
+ Data, /// Old date which has been modified, need to be set data.
+ Selector
+ );
+ ASSERT_EFI_ERROR (Status);
+
if (CreateNew) {
//
- // Insert new entry before old entry
+ // Edit the entry to a new one. So, we need delete the old entry.
//
Status = mIpSecConfig->SetData (
mIpSecConfig,
Context->DataType,
- Context->Selector,
- Data,
- Selector
- );
- ASSERT_EFI_ERROR (Status);
- //
- // Delete old entry
- //
- Status = mIpSecConfig->SetData (
- mIpSecConfig,
- Context->DataType,
- Selector,
- NULL,
+ Selector, /// Old selector.
+ NULL, /// NULL means to delete this Entry specified by Selector.
NULL
);
ASSERT_EFI_ERROR (Status);
- } else {
- Status = mIpSecConfig->SetData (
- mIpSecConfig,
- Context->DataType,
- Context->Selector,
- Data,
- NULL
- );
}
}