Fix bug when using hybrid auth in client mode
make xauth_login work again add safety checks
This commit is contained in:
parent
7b343ec65a
commit
c557aaf18f
|
@ -1,3 +1,10 @@
|
|||
2005-08-26 Emmanuel Dreyfus <manu@netbsd.org>
|
||||
|
||||
* src/racoon/cfparse.y: handle xauth_login correctly
|
||||
* src/racoon/isakmp.c: catch internal error
|
||||
* src/raccon/isakmp_agg.c: fix racoon as Xauth client
|
||||
* src/raccon/{isakmp_agg.c|isakmp_base.c}: Proposal safety checks
|
||||
|
||||
2005-08-23 Emmanuel Dreyfus <manu@netbsd.org>
|
||||
|
||||
* src/racoon/{isakmp_agg.c|isakmp_ident.c|isakmp_base.c}: Correctly
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $NetBSD: cfparse.y,v 1.7 2005/09/24 22:45:51 christos Exp $ */
|
||||
/* $NetBSD: cfparse.y,v 1.8 2005/09/26 16:24:57 manu Exp $ */
|
||||
|
||||
/* Id: cfparse.y,v 1.37.2.4 2005/05/10 09:45:45 manubsd Exp */
|
||||
|
||||
|
@ -1263,6 +1263,7 @@ remote_spec
|
|||
{
|
||||
#ifdef ENABLE_HYBRID
|
||||
/* formerly identifier type login */
|
||||
cur_rmconf->idvtype = IDTYPE_LOGIN;
|
||||
if (set_identifier(&cur_rmconf->idv, IDTYPE_LOGIN, $2) != 0) {
|
||||
yyerror("failed to set identifer.\n");
|
||||
return -1;
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $NetBSD: isakmp.c,v 1.9 2005/08/20 00:57:06 manu Exp $ */
|
||||
/* $NetBSD: isakmp.c,v 1.10 2005/09/26 16:24:57 manu Exp $ */
|
||||
|
||||
/* Id: isakmp.c,v 1.34.2.19 2005/08/11 14:58:51 vanhu Exp */
|
||||
|
||||
|
@ -2853,13 +2853,21 @@ isakmp_plist_append (struct payload_list *plist, vchar_t *payload, int payload_t
|
|||
vchar_t *
|
||||
isakmp_plist_set_all (struct payload_list **plist, struct ph1handle *iph1)
|
||||
{
|
||||
struct payload_list *ptr = *plist, *first;
|
||||
struct payload_list *ptr, *first;
|
||||
size_t tlen = sizeof (struct isakmp), n = 0;
|
||||
vchar_t *buf;
|
||||
char *p;
|
||||
|
||||
if (plist == NULL) {
|
||||
plog(LLV_ERROR, LOCATION, NULL,
|
||||
"in isakmp_plist_set_all: plist == NULL\n");
|
||||
return NULL;
|
||||
}
|
||||
|
||||
/* Seek to the first item. */
|
||||
while (ptr->prev) ptr = ptr->prev;
|
||||
ptr = *plist;
|
||||
while (ptr->prev)
|
||||
ptr = ptr->prev;
|
||||
first = ptr;
|
||||
|
||||
/* Compute the whole length. */
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $NetBSD: isakmp_agg.c,v 1.5 2005/09/23 14:22:27 manu Exp $ */
|
||||
/* $NetBSD: isakmp_agg.c,v 1.6 2005/09/26 16:24:57 manu Exp $ */
|
||||
|
||||
/* Id: isakmp_agg.c,v 1.20.2.1 2005/04/09 22:32:06 manubsd Exp */
|
||||
|
||||
|
@ -650,6 +650,10 @@ agg_i2send(iph1, msg)
|
|||
|
||||
switch (iph1->approval->authmethod) {
|
||||
case OAKLEY_ATTR_AUTH_METHOD_PSKEY:
|
||||
#ifdef ENABLE_HYBRID
|
||||
case OAKLEY_ATTR_AUTH_METHOD_HYBRID_RSA_R:
|
||||
case OAKLEY_ATTR_AUTH_METHOD_HYBRID_DSS_R:
|
||||
#endif
|
||||
/* set HASH payload */
|
||||
plist = isakmp_plist_append(plist, iph1->hash, ISAKMP_NPTYPE_HASH);
|
||||
break;
|
||||
|
@ -695,6 +699,11 @@ agg_i2send(iph1, msg)
|
|||
plist = isakmp_plist_append(plist, gsshash, ISAKMP_NPTYPE_HASH);
|
||||
break;
|
||||
#endif
|
||||
default:
|
||||
plog(LLV_ERROR, LOCATION, NULL, "invalid authmethod %d\n",
|
||||
iph1->approval->authmethod);
|
||||
goto end;
|
||||
break;
|
||||
}
|
||||
|
||||
#ifdef ENABLE_NATT
|
||||
|
@ -1205,6 +1214,11 @@ agg_r1send(iph1, msg)
|
|||
|
||||
break;
|
||||
#endif
|
||||
default:
|
||||
plog(LLV_ERROR, LOCATION, NULL, "Invalid authmethod %d\n",
|
||||
iph1->approval->authmethod);
|
||||
goto end;
|
||||
break;
|
||||
}
|
||||
|
||||
#ifdef ENABLE_NATT
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $NetBSD: isakmp_base.c,v 1.3 2005/09/23 14:22:27 manu Exp $ */
|
||||
/* $NetBSD: isakmp_base.c,v 1.4 2005/09/26 16:24:57 manu Exp $ */
|
||||
|
||||
/* $KAME: isakmp_base.c,v 1.49 2003/11/13 02:30:20 sakane Exp $ */
|
||||
|
||||
|
@ -427,6 +427,11 @@ base_i2send(iph1, msg)
|
|||
case OAKLEY_ATTR_AUTH_METHOD_RSAENC:
|
||||
case OAKLEY_ATTR_AUTH_METHOD_RSAREV:
|
||||
break;
|
||||
default:
|
||||
plog(LLV_ERROR, LOCATION, NULL, "invalid authmethod %d\n",
|
||||
iph1->approval->authmethod);
|
||||
goto end;
|
||||
break;
|
||||
}
|
||||
|
||||
#ifdef ENABLE_NATT
|
||||
|
@ -1126,6 +1131,11 @@ base_r2send(iph1, msg)
|
|||
case OAKLEY_ATTR_AUTH_METHOD_RSAENC:
|
||||
case OAKLEY_ATTR_AUTH_METHOD_RSAREV:
|
||||
break;
|
||||
default:
|
||||
plog(LLV_ERROR, LOCATION, NULL, "invalid authmethod %d\n",
|
||||
iph1->approval->authmethod);
|
||||
goto end;
|
||||
break;
|
||||
}
|
||||
|
||||
#ifdef ENABLE_NATT
|
||||
|
|
Loading…
Reference in New Issue