sync with 2/22 code. -B and -Z,
bundle proposal interpretation, and some other fixes. XXX WARNS?=0 in racoon/Makefile is necessary to compile yacc-generated files (static function, generated by yacc, is never used).
This commit is contained in:
parent
98857d7198
commit
a5316a5fa5
|
@ -1,4 +1,4 @@
|
|||
/* $KAME: cfparse.y,v 1.85 2001/01/29 11:26:50 sakane Exp $ */
|
||||
/* $KAME: cfparse.y,v 1.87 2001/02/22 01:11:42 sakane Exp $ */
|
||||
|
||||
%{
|
||||
#include <sys/types.h>
|
||||
|
@ -166,9 +166,6 @@ static int expand_isakmpspec __P((int, int, int *,
|
|||
%token PREFIX PORT PORTANY UL_PROTO ANY
|
||||
%token PFS_GROUP LIFETIME LIFETYPE UNITTYPE STRENGTH
|
||||
|
||||
/* static sa */
|
||||
%token STATICSA STATICSA_STATEMENT
|
||||
|
||||
%token NUMBER SWITCH BOOLEAN
|
||||
%token HEXSTRING QUOTEDSTRING ADDRSTRING
|
||||
%token EOS BOC EOC COMMA
|
||||
|
@ -183,7 +180,7 @@ static int expand_isakmpspec __P((int, int, int *,
|
|||
%type <num> SECLEVELTYPE SECMODETYPE
|
||||
%type <num> EXCHANGETYPE DOITYPE SITUATIONTYPE
|
||||
%type <num> CERTTYPE CERT_X509 PROPOSAL_CHECK_LEVEL
|
||||
%type <val> QUOTEDSTRING HEXSTRING ADDRSTRING STATICSA_STATEMENT sainfo_id
|
||||
%type <val> QUOTEDSTRING HEXSTRING ADDRSTRING sainfo_id
|
||||
%type <val> identifierstring
|
||||
%type <spidx> policy_index
|
||||
%type <saddr> remote_index ike_addrinfo_port
|
||||
|
@ -208,6 +205,7 @@ statement
|
|||
| sainfo_statement
|
||||
| remote_statement
|
||||
| staticsa_statement
|
||||
| special_statement
|
||||
;
|
||||
|
||||
/* path */
|
||||
|
@ -229,6 +227,11 @@ path_statement
|
|||
}
|
||||
;
|
||||
|
||||
/* special */
|
||||
special_statement
|
||||
: COMPLEX_BUNDLE SWITCH EOS { lcconf->complex_bundle = $2; }
|
||||
;
|
||||
|
||||
/* include */
|
||||
include_statement
|
||||
: INCLUDE QUOTEDSTRING EOS
|
||||
|
@ -1271,17 +1274,6 @@ isakmpproposal_spec
|
|||
}
|
||||
;
|
||||
|
||||
/* static sa */
|
||||
staticsa_statement
|
||||
: STATICSA STATICSA_STATEMENT
|
||||
{
|
||||
/* execute static sa */
|
||||
/* like system("setkey $2->v"); */
|
||||
vfree($2);
|
||||
}
|
||||
EOS
|
||||
;
|
||||
|
||||
%%
|
||||
|
||||
#if 0
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $KAME: isakmp.c,v 1.125 2001/01/28 17:17:17 itojun Exp $ */
|
||||
/* $KAME: isakmp.c,v 1.127 2001/02/02 12:17:23 sakane Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
|
||||
|
@ -894,8 +894,11 @@ isakmp_ph2begin_r(iph1, msg)
|
|||
int error;
|
||||
|
||||
iph2 = newph2();
|
||||
if (iph2 == NULL)
|
||||
if (iph2 == NULL) {
|
||||
plog(LLV_ERROR, LOCATION, NULL,
|
||||
"failed to allocate phase2 entry.\n");
|
||||
return -1;
|
||||
}
|
||||
|
||||
iph2->ph1 = iph1;
|
||||
iph2->side = RESPONDER;
|
||||
|
@ -1618,8 +1621,10 @@ isakmp_post_acquire(iph2)
|
|||
|
||||
if ((ph2exchange[etypesw2(ISAKMP_ETYPE_QUICK)]
|
||||
[iph2->side]
|
||||
[iph2->status])(iph2, NULL) != 0)
|
||||
[iph2->status])(iph2, NULL) != 0) {
|
||||
unbindph12(iph2);
|
||||
return -1;
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $KAME: main.c,v 1.24 2001/01/10 02:58:58 sakane Exp $ */
|
||||
/* $KAME: main.c,v 1.29 2001/02/06 15:15:46 sakane Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
|
||||
|
@ -32,6 +32,7 @@
|
|||
#include <sys/types.h>
|
||||
#include <sys/param.h>
|
||||
#include <sys/socket.h>
|
||||
#include <sys/stat.h>
|
||||
|
||||
#include <netinet/in.h>
|
||||
|
||||
|
@ -44,6 +45,7 @@
|
|||
#include <unistd.h>
|
||||
#endif
|
||||
#include <paths.h>
|
||||
#include <err.h>
|
||||
|
||||
#include "var.h"
|
||||
#include "misc.h"
|
||||
|
@ -60,10 +62,12 @@
|
|||
#include "pfkey.h"
|
||||
#include "crypto_openssl.h"
|
||||
#include "random.h"
|
||||
#include "backupsa.h"
|
||||
|
||||
int f_foreground = 0; /* force running in foreground. */
|
||||
int f_local = 0; /* local test mode. behave like a wall. */
|
||||
int vflag = 1; /* for print-isakmp.c */
|
||||
static int loading_sa = 0; /* install sa when racoon boots up. */
|
||||
|
||||
static char version[] = "@(#)racoon 20001216 sakane@ydc.co.jp";
|
||||
|
||||
|
@ -90,6 +94,7 @@ Usage()
|
|||
#else
|
||||
""
|
||||
#endif
|
||||
"[-B]"
|
||||
);
|
||||
printf(" -d: debug level, more -d will generate more debug message.\n");
|
||||
printf(" -F: run in foreground, do not become daemon.\n");
|
||||
|
@ -104,6 +109,8 @@ Usage()
|
|||
printf(" -6: IPv6 mode.\n");
|
||||
printf(" -4: IPv4 mode.\n");
|
||||
#endif
|
||||
printf(" -B: install SA to the kernel from the file "
|
||||
"specified by the configuration file.\n");
|
||||
exit(1);
|
||||
}
|
||||
|
||||
|
@ -114,6 +121,13 @@ main(ac, av)
|
|||
{
|
||||
int error;
|
||||
|
||||
/* don't let anyone read files I write */
|
||||
umask(077);
|
||||
if (umask(077) != 077) {
|
||||
errx(1, "could not set umask");
|
||||
/*NOTREACHED*/
|
||||
}
|
||||
|
||||
initlcconf();
|
||||
initrmconf();
|
||||
oakley_dhinit();
|
||||
|
@ -146,6 +160,15 @@ main(ac, av)
|
|||
}
|
||||
restore_params();
|
||||
|
||||
/*
|
||||
* install SAs from the specified file. If the file is not specified
|
||||
* by the configuration file, racoon will exit.
|
||||
*/
|
||||
if (loading_sa && !f_local) {
|
||||
if (backupsa_from_file() != 0)
|
||||
exit(1);
|
||||
}
|
||||
|
||||
if (f_foreground)
|
||||
close(0);
|
||||
else {
|
||||
|
@ -177,9 +200,11 @@ main(ac, av)
|
|||
plog(LLV_ERROR, LOCATION, NULL,
|
||||
"cannot open %s", pid_file);
|
||||
}
|
||||
if (atexit(cleanup_pidfile) < 0) {
|
||||
plog(LLV_ERROR, LOCATION, NULL,
|
||||
"cannot register pidfile cleanup");
|
||||
if (!f_local) {
|
||||
if (atexit(cleanup_pidfile) < 0) {
|
||||
plog(LLV_ERROR, LOCATION, NULL,
|
||||
"cannot register pidfile cleanup");
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -214,7 +239,7 @@ parse(ac, av)
|
|||
else
|
||||
pname = *av;
|
||||
|
||||
while ((c = getopt(ac, av, "dFp:a:f:l:vZ"
|
||||
while ((c = getopt(ac, av, "dFp:a:f:l:vZB"
|
||||
#ifdef YYDEBUG
|
||||
"y"
|
||||
#endif
|
||||
|
@ -254,6 +279,9 @@ parse(ac, av)
|
|||
case 'Z':
|
||||
/*
|
||||
* only local test.
|
||||
* To specify -Z option and to choice a appropriate
|
||||
* port number for ISAKMP, you can launch some racoons
|
||||
* on the local host for debug.
|
||||
* pk_sendadd() on initiator side is always failed
|
||||
* even if this flag is used. Because there is same
|
||||
* spi in the SAD which is inserted by pk_sendgetspi()
|
||||
|
@ -275,6 +303,9 @@ parse(ac, av)
|
|||
lcconf->default_af = AF_INET6;
|
||||
break;
|
||||
#endif
|
||||
case 'B':
|
||||
loading_sa++;
|
||||
break;
|
||||
default:
|
||||
Usage();
|
||||
break;
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
.\" $KAME: racoon.8,v 1.23 2000/12/16 15:19:00 itojun Exp $
|
||||
.\" $KAME: racoon.8,v 1.25 2001/02/22 00:41:38 sakane Exp $
|
||||
.\"
|
||||
.\" Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
|
||||
.\" All rights reserved.
|
||||
|
@ -38,7 +38,7 @@
|
|||
.Sh SYNOPSIS
|
||||
.Nm racoon
|
||||
.Bk -words
|
||||
.Op Fl dFv
|
||||
.Op Fl dFBv
|
||||
.Ek
|
||||
.Bk -words
|
||||
.Op Fl f Ar configfile
|
||||
|
@ -67,10 +67,14 @@ as the configuration file instead of the default.
|
|||
run
|
||||
.Nm racoon
|
||||
in the foreground.
|
||||
.It Fl B
|
||||
install SA(s) from the file which is specified in
|
||||
.Xr racoon.conf 5 .
|
||||
.It Fl l Ar logfile
|
||||
use
|
||||
.Ar logfile
|
||||
as the logging file.
|
||||
as the logging file instead of
|
||||
.Xr syslogd 8 .
|
||||
.It Fl p Ar isakmp-port
|
||||
listen for ISAKMP key exchange on port
|
||||
.Ar isakmp-port
|
||||
|
@ -89,8 +93,6 @@ at
|
|||
.Bl -tag -width /etc/racoon.conf -compact
|
||||
.It Pa /etc/racoon.conf
|
||||
default configuration file.
|
||||
.It Pa /var/log/racoon.log
|
||||
default log file.
|
||||
.El
|
||||
.\"
|
||||
.Sh RETURN VALUES
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
.\" $KAME: racoon.conf.5,v 1.73 2001/01/26 10:16:26 sakane Exp $
|
||||
.\" $KAME: racoon.conf.5,v 1.76 2001/02/22 01:11:42 sakane Exp $
|
||||
.\"
|
||||
.\" Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
|
||||
.\" All rights reserved.
|
||||
|
@ -138,8 +138,16 @@ See
|
|||
.Sx Pre-shared key File .
|
||||
.It Ic path certificate Ar path ;
|
||||
.Xr racoon 8
|
||||
will search this directory if a certificate or certificate request
|
||||
is received.
|
||||
will search this directory if a certificate or certificate request is received.
|
||||
.It Ic path backupsa Ar file ;
|
||||
specifies a file to be stored a SA information which is negotiated by racoon.
|
||||
.Xr racoon 8
|
||||
will install SA(s) from the file with a boot option
|
||||
.Fl B .
|
||||
The file is increasing because
|
||||
.Xr racoon 8
|
||||
simply add a SA to the file at the moment.
|
||||
You should maintain the file manually.
|
||||
.El
|
||||
.\"
|
||||
.Ss File Include
|
||||
|
@ -563,6 +571,8 @@ and
|
|||
.Ic debug2 .
|
||||
The default is
|
||||
.Ic notify .
|
||||
If you put too high logging level on slower machines,
|
||||
IKE negotiation can fail due to timing constraint changes.
|
||||
.El
|
||||
.\"
|
||||
.Ss Specifying the way to pad
|
||||
|
@ -591,17 +601,6 @@ The default is off.
|
|||
.El
|
||||
.El
|
||||
.\"
|
||||
.Ss Static SA configuration
|
||||
.Bl -tag -width Ds -compact
|
||||
.It Ic static_sa Ar parameters
|
||||
specifies static SA.
|
||||
This
|
||||
.Ar parameters
|
||||
will be passed to
|
||||
.Xr setkey 8 .
|
||||
Not yet.
|
||||
.El
|
||||
.\"
|
||||
.Ss Pre-shared key File
|
||||
Pre-shared key file defines a pair of the identifier and the shared secret key
|
||||
which are used at Pre-shared key authentication method in phase 1.
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
# $NetBSD: Makefile.inc,v 1.2 2000/12/29 03:16:40 itojun Exp $
|
||||
# $NetBSD: Makefile.inc,v 1.3 2001/02/22 02:33:06 itojun Exp $
|
||||
|
||||
# point top of your KAME tree by ${KAMEROOT}
|
||||
LIBPFKEYSRCDIR= ${.CURDIR}/../../../crypto/dist/kame/libipsec
|
||||
|
@ -13,4 +13,6 @@ BINDIR?= /sbin
|
|||
LDSTATIC?= -static
|
||||
.endif
|
||||
|
||||
DBG= -g
|
||||
|
||||
.include "../Makefile.inc"
|
||||
|
|
|
@ -1,7 +1,8 @@
|
|||
# $NetBSD: Makefile,v 1.3 2001/01/03 15:57:00 itojun Exp $
|
||||
# $NetBSD: Makefile,v 1.4 2001/02/22 02:33:06 itojun Exp $
|
||||
|
||||
.include <bsd.own.mk>
|
||||
|
||||
WARNS?= 0
|
||||
PROG= racoon
|
||||
SRCS= main.c session.c isakmp.c handler.c random.c \
|
||||
isakmp_ident.c isakmp_agg.c isakmp_base.c \
|
||||
|
@ -11,7 +12,7 @@ SRCS= main.c session.c isakmp.c handler.c random.c \
|
|||
policy.c localconf.c remoteconf.c crypto_openssl.c algorithm.c \
|
||||
cfparse.c cftoken.c strnames.c \
|
||||
vmbuf.c plog.c logger.c schedule.c str2val.c misc.c sockmisc.c \
|
||||
proposal.c sainfo.c vendorid.c safefile.c
|
||||
proposal.c sainfo.c vendorid.c safefile.c backupsa.c
|
||||
|
||||
MAN= racoon.8 racoon.conf.5
|
||||
|
||||
|
|
Loading…
Reference in New Issue