Have an enum for rmconf_match_type() return values to make the code a bit

more readable.
2009-08-19 12:20:02 +00:00 · 2009-08-19 12:20:02 +00:00 · 95f3bd08bb
parent df47c10aca
commit 95f3bd08bb
1 changed files with 31 additions and 22 deletions
--- a/crypto/dist/ipsec-tools/src/racoon/remoteconf.c
+++ b/crypto/dist/ipsec-tools/src/racoon/remoteconf.c
@ -1,4 +1,4 @@
-/*	$NetBSD: remoteconf.c,v 1.15 2009/07/03 06:41:47 tteras Exp $	*/
+/*	$NetBSD: remoteconf.c,v 1.16 2009/08/19 12:20:02 tteras Exp $	*/

 /* Id: remoteconf.c,v 1.38 2006/05/06 15:52:44 manubsd Exp */

@ -182,6 +182,15 @@ rmconf_match_etype_and_approval(rmconf, etype, approval)
 	return 0;
 }

+enum rmconf_match_t {
+	MATCH_NONE = 0,
+	MATCH_ANONYMOUS,
+	MATCH_ADDRESS,
+	MATCH_SA,
+	MATCH_IDENTITY,
+	MATCH_AUTH_IDENTITY,
+};
+
 static int
 rmconf_match_type(rmsel, rmconf)
 	struct rmconfselector *rmsel;
@ -192,19 +201,19 @@ rmconf_match_type(rmsel, rmconf)
 	/* No match at all: unwanted anonymous */
 	if ((rmsel->flags & GETRMCONF_F_NO_ANONYMOUS) &&
 	    rmconf->remote->sa_family == AF_UNSPEC)
-		return 0;
+		return MATCH_NONE;

 	if ((rmsel->flags & GETRMCONF_F_NO_PASSIVE) && rmconf->passive)
-		return 0;
+		return MATCH_NONE;

 	/* Check address */
 	if (rmsel->remote != NULL) {
 		if (rmconf->remote->sa_family != AF_UNSPEC) {
 			if (cmpsaddr(rmsel->remote, rmconf->remote) != 0)
-				return 0;
+				return MATCH_NONE;

 			/* Address matched */
-			ret = 2;
+			ret = MATCH_ADDRESS;
 		}
 	}

@ -212,22 +221,22 @@ rmconf_match_type(rmsel, rmconf)
 	if (rmsel->etype != ISAKMP_ETYPE_NONE) {
 		if (rmconf_match_etype_and_approval(rmconf, rmsel->etype,
 						    rmsel->approval) != 0)
-			return 0;
-		ret = 3;
+			return MATCH_NONE;
+		ret = MATCH_SA;
 	}

 	/* Check identity */
 	if (rmsel->identity != NULL && rmconf->verify_identifier) {
 		if (rmconf_match_identity(rmconf, rmsel->identity) != 0)
-			return 0;
-		ret = 4;
+			return MATCH_NONE;
+		ret = MATCH_IDENTITY;
 	}

 	/* Check certificate request */
 	if (rmsel->certificate_request != NULL) {
 		if (oakley_get_certtype(rmsel->certificate_request) !=
 		    oakley_get_certtype(rmconf->mycert))
-			return 0;
+			return MATCH_NONE;

 		if (rmsel->certificate_request->l > 1) {
 			vchar_t *issuer;
@ -237,15 +246,15 @@ rmconf_match_type(rmsel, rmconf)
 			    memcmp(rmsel->certificate_request->v + 1,
 				   issuer->v, issuer->l) != 0) {
 				vfree(issuer);
-				return 0;
+				return MATCH_NONE;
 			}
 			vfree(issuer);
 		} else {
 			if (!rmconf->match_empty_cr)
-				return 0;
+				return MATCH_NONE;
 		}

-		ret = 5;
+		ret = MATCH_AUTH_IDENTITY;
 	}

 	return ret;
@ -316,7 +325,7 @@ rmconf_find(rmconf, ctx)

 		if (match_type == fctx->match_type) {
 			/* Duplicate exact match, something is wrong */
-			if (match_type >= 5)
+			if (match_type >= MATCH_AUTH_IDENTITY)
 				return 1;

 			/* Otherwise just remember that this is ambiguous match */