kame racoon 2003/7/12. lots of lots of stability fixes.
This commit is contained in:
parent
0a65bfefd2
commit
dc30725eaf
4
crypto/dist/kame/racoon/admin.c
vendored
4
crypto/dist/kame/racoon/admin.c
vendored
@ -1,4 +1,4 @@
|
||||
/* $KAME: admin.c,v 1.23 2001/06/01 10:12:55 sakane Exp $ */
|
||||
/* $KAME: admin.c,v 1.24 2003/05/29 08:59:51 sakane Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
|
||||
@ -345,7 +345,7 @@ admin_process(so2, combuf)
|
||||
"%s\n", saddrwop2str(remote));
|
||||
|
||||
/* begin ident mode */
|
||||
if (isakmp_ph1begin_i(rmconf, remote) < 0) {
|
||||
if (isakmp_ph1begin_i(rmconf, remote, local) < 0) {
|
||||
com->ac_errno = -1;
|
||||
break;
|
||||
}
|
||||
|
553
crypto/dist/kame/racoon/configure
vendored
553
crypto/dist/kame/racoon/configure
vendored
File diff suppressed because it is too large
Load Diff
18
crypto/dist/kame/racoon/configure.in
vendored
18
crypto/dist/kame/racoon/configure.in
vendored
@ -322,6 +322,7 @@ main()
|
||||
memset(&hints, 0, sizeof(hints));
|
||||
hints.ai_family = AF_UNSPEC;
|
||||
hints.ai_flags = passive ? AI_PASSIVE : 0;
|
||||
hints.ai_protocol = IPPROTO_TCP;
|
||||
hints.ai_socktype = SOCK_STREAM;
|
||||
if ((gaierr = getaddrinfo(NULL, "54321", &hints, &aitop)) != 0) {
|
||||
(void)gai_strerror(gaierr);
|
||||
@ -656,11 +657,20 @@ AC_CHECK_HEADER(openssl/rijndael.h, [], [
|
||||
])
|
||||
|
||||
dnl checking sha2
|
||||
AC_SUBST(CRYPTOBJS)
|
||||
AC_CHECK_HEADER(openssl/sha2.h, [], [
|
||||
AC_MSG_CHECKING(sha2 support)
|
||||
AC_EGREP_CPP(yes, [#include <openssl/opensslv.h>
|
||||
#if OPENSSL_VERSION_NUMBER >= 0x0090602fL
|
||||
yes
|
||||
#endif],
|
||||
[AC_MSG_RESULT(no)
|
||||
echo "WARNING: sha2 does not work."],
|
||||
[AC_MSG_RESULT(yes)
|
||||
AC_SUBST(CRYPTOBJS)
|
||||
AC_DEFINE(WITH_SHA2)
|
||||
AC_CHECK_HEADER(openssl/sha2.h, [], [
|
||||
CPPFLAGS="$CPPFLAGS -I./missing"
|
||||
CRYPTOBJS="$CRYPTOBJS sha2.o"
|
||||
])
|
||||
CRYPTOBJS="$CRYPTOBJS sha2.o"])]
|
||||
)
|
||||
|
||||
dnl Checks for typedefs, structures, and compiler characteristics.
|
||||
AC_C_CONST
|
||||
|
31
crypto/dist/kame/racoon/crypto_openssl.h
vendored
31
crypto/dist/kame/racoon/crypto_openssl.h
vendored
@ -1,4 +1,4 @@
|
||||
/* $KAME: crypto_openssl.h,v 1.25 2002/04/25 09:48:32 sakane Exp $ */
|
||||
/* $KAME: crypto_openssl.h,v 1.28 2003/06/29 04:46:14 sakane Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
|
||||
@ -31,15 +31,18 @@
|
||||
|
||||
#ifdef HAVE_SIGNING_C
|
||||
/* X509 Certificate */
|
||||
#define GENT_OTHERNAME 0
|
||||
#define GENT_EMAIL 1
|
||||
#define GENT_DNS 2
|
||||
#define GENT_X400 3
|
||||
#define GENT_DIRNAME 4
|
||||
#define GENT_EDIPARTY 5
|
||||
#define GENT_URI 6
|
||||
#define GENT_IPADD 7
|
||||
#define GENT_RID 8
|
||||
|
||||
#include <openssl/x509v3.h>
|
||||
|
||||
#define GENT_OTHERNAME GEN_OTHERNAME
|
||||
#define GENT_EMAIL GEN_EMAIL
|
||||
#define GENT_DNS GEN_DNS
|
||||
#define GENT_X400 GEN_X400
|
||||
#define GENT_DIRNAME GEN_DIRNAME
|
||||
#define GENT_EDIPARTY GEN_EDIPARTY
|
||||
#define GENT_URI GEN_URI
|
||||
#define GENT_IPADD GEN_IPADD
|
||||
#define GENT_RID GEN_RID
|
||||
|
||||
extern vchar_t *eay_str2asn1dn __P((char *, int));
|
||||
extern int eay_cmp_asn1dn __P((vchar_t *, vchar_t *));
|
||||
@ -114,6 +117,7 @@ extern int eay_kpdk_hashlen __P((void));
|
||||
extern int eay_twofish_keylen __P((int));
|
||||
|
||||
/* hash */
|
||||
#if defined(WITH_SHA2)
|
||||
/* HMAC SHA2 */
|
||||
extern vchar_t *eay_hmacsha2_512_one __P((vchar_t *, vchar_t *));
|
||||
extern caddr_t eay_hmacsha2_512_init __P((vchar_t *));
|
||||
@ -127,6 +131,7 @@ extern vchar_t *eay_hmacsha2_256_one __P((vchar_t *, vchar_t *));
|
||||
extern caddr_t eay_hmacsha2_256_init __P((vchar_t *));
|
||||
extern void eay_hmacsha2_256_update __P((caddr_t, vchar_t *));
|
||||
extern vchar_t *eay_hmacsha2_256_final __P((caddr_t));
|
||||
#endif
|
||||
/* HMAC SHA1 */
|
||||
extern vchar_t *eay_hmacsha1_one __P((vchar_t *, vchar_t *));
|
||||
extern caddr_t eay_hmacsha1_init __P((vchar_t *));
|
||||
@ -138,23 +143,29 @@ extern caddr_t eay_hmacmd5_init __P((vchar_t *));
|
||||
extern void eay_hmacmd5_update __P((caddr_t, vchar_t *));
|
||||
extern vchar_t *eay_hmacmd5_final __P((caddr_t));
|
||||
|
||||
#if defined(WITH_SHA2)
|
||||
/* SHA2 functions */
|
||||
extern caddr_t eay_sha2_512_init __P((void));
|
||||
extern void eay_sha2_512_update __P((caddr_t, vchar_t *));
|
||||
extern vchar_t *eay_sha2_512_final __P((caddr_t));
|
||||
extern vchar_t *eay_sha2_512_one __P((vchar_t *));
|
||||
#endif
|
||||
extern int eay_sha2_512_hashlen __P((void));
|
||||
|
||||
#if defined(WITH_SHA2)
|
||||
extern caddr_t eay_sha2_384_init __P((void));
|
||||
extern void eay_sha2_384_update __P((caddr_t, vchar_t *));
|
||||
extern vchar_t *eay_sha2_384_final __P((caddr_t));
|
||||
extern vchar_t *eay_sha2_384_one __P((vchar_t *));
|
||||
#endif
|
||||
extern int eay_sha2_384_hashlen __P((void));
|
||||
|
||||
#if defined(WITH_SHA2)
|
||||
extern caddr_t eay_sha2_256_init __P((void));
|
||||
extern void eay_sha2_256_update __P((caddr_t, vchar_t *));
|
||||
extern vchar_t *eay_sha2_256_final __P((caddr_t));
|
||||
extern vchar_t *eay_sha2_256_one __P((vchar_t *));
|
||||
#endif
|
||||
extern int eay_sha2_256_hashlen __P((void));
|
||||
|
||||
/* SHA functions */
|
||||
|
4
crypto/dist/kame/racoon/doc/question
vendored
4
crypto/dist/kame/racoon/doc/question
vendored
@ -1,4 +1,6 @@
|
||||
$KAME: question,v 1.27 2000/10/04 17:41:07 itojun Exp $
|
||||
$KAME: question,v 1.28 2003/05/23 05:13:03 sakane Exp $
|
||||
|
||||
This was sent to Kivinen and Paul at 20-Sep-2000.
|
||||
|
||||
Q: how may policy matters are. can we interoperate ?
|
||||
|
||||
|
4
crypto/dist/kame/racoon/ipsec_doi.h
vendored
4
crypto/dist/kame/racoon/ipsec_doi.h
vendored
@ -1,4 +1,4 @@
|
||||
/* $KAME: ipsec_doi.h,v 1.34 2001/08/16 06:20:35 itojun Exp $ */
|
||||
/* $KAME: ipsec_doi.h,v 1.35 2003/06/27 07:32:38 sakane Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
|
||||
@ -198,7 +198,7 @@ extern const char *ipsecdoi_id2str __P((const vchar_t *));
|
||||
|
||||
extern vchar_t *ipsecdoi_setph1proposal __P((struct isakmpsa *));
|
||||
extern int ipsecdoi_setph2proposal __P((struct ph2handle *));
|
||||
extern int ipsecdoi_transportmode __P((struct ph2handle *));
|
||||
extern int ipsecdoi_transportmode __P((struct saprop *));
|
||||
extern int ipsecdoi_get_defaultlifetime __P((void));
|
||||
extern int ipsecdoi_checkalgtypes __P((int, int, int, int));
|
||||
extern int ipproto2doi __P((int));
|
||||
|
5
crypto/dist/kame/racoon/isakmp_var.h
vendored
5
crypto/dist/kame/racoon/isakmp_var.h
vendored
@ -1,4 +1,4 @@
|
||||
/* $KAME: isakmp_var.h,v 1.20 2001/12/12 15:29:14 sakane Exp $ */
|
||||
/* $KAME: isakmp_var.h,v 1.21 2003/05/29 08:59:51 sakane Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
|
||||
@ -54,7 +54,8 @@ struct isakmp_pl_ke; /* XXX */
|
||||
struct isakmp_pl_nonce; /* XXX */
|
||||
|
||||
extern int isakmp_handler __P((int));
|
||||
extern int isakmp_ph1begin_i __P((struct remoteconf *, struct sockaddr *));
|
||||
extern int isakmp_ph1begin_i __P((struct remoteconf *, struct sockaddr *,
|
||||
struct sockaddr *));
|
||||
|
||||
extern vchar_t *isakmp_parsewoh __P((int, struct isakmp_gen *, int));
|
||||
extern vchar_t *isakmp_parse __P((vchar_t *));
|
||||
|
4
crypto/dist/kame/racoon/oakley.h
vendored
4
crypto/dist/kame/racoon/oakley.h
vendored
@ -1,4 +1,4 @@
|
||||
/* $KAME: oakley.h,v 1.28 2001/12/12 18:23:42 sakane Exp $ */
|
||||
/* $KAME: oakley.h,v 1.29 2003/06/27 12:02:41 sakane Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
|
||||
@ -46,9 +46,11 @@
|
||||
#define OAKLEY_ATTR_HASH_ALG_MD5 1
|
||||
#define OAKLEY_ATTR_HASH_ALG_SHA 2
|
||||
#define OAKLEY_ATTR_HASH_ALG_TIGER 3
|
||||
#if defined(WITH_SHA2)
|
||||
#define OAKLEY_ATTR_HASH_ALG_SHA2_256 4
|
||||
#define OAKLEY_ATTR_HASH_ALG_SHA2_384 5
|
||||
#define OAKLEY_ATTR_HASH_ALG_SHA2_512 6
|
||||
#endif
|
||||
/* 65001 - 65535 Private Use */
|
||||
#define OAKLEY_ATTR_AUTH_METHOD 3 /* B */
|
||||
#define OAKLEY_ATTR_AUTH_METHOD_PSKEY 1
|
||||
|
111
crypto/dist/kame/racoon/pfkey.c
vendored
111
crypto/dist/kame/racoon/pfkey.c
vendored
@ -1,4 +1,4 @@
|
||||
/* $KAME: pfkey.c,v 1.134 2002/06/04 05:20:27 itojun Exp $ */
|
||||
/* $KAME: pfkey.c,v 1.138 2003/06/30 11:01:18 sakane Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
|
||||
@ -765,13 +765,30 @@ int
|
||||
pk_sendgetspi(iph2)
|
||||
struct ph2handle *iph2;
|
||||
{
|
||||
struct sockaddr *src = NULL, *dst = NULL;
|
||||
u_int satype, mode;
|
||||
struct saprop *pp;
|
||||
struct saproto *pr;
|
||||
int proxy = 0;
|
||||
|
||||
pp = iph2->side == INITIATOR
|
||||
? iph2->proposal
|
||||
: iph2->approval;
|
||||
if (iph2->side == INITIATOR) {
|
||||
pp = iph2->proposal;
|
||||
proxy = iph2->ph1->rmconf->support_proxy;
|
||||
} else {
|
||||
pp = iph2->approval;
|
||||
if (iph2->sainfo && iph2->sainfo->id_i)
|
||||
proxy = 1;
|
||||
}
|
||||
|
||||
/* for mobile IPv6 */
|
||||
if (proxy && iph2->src_id && iph2->dst_id &&
|
||||
ipsecdoi_transportmode(pp)) {
|
||||
src = iph2->src_id;
|
||||
dst = iph2->dst_id;
|
||||
} else {
|
||||
src = iph2->src;
|
||||
dst = iph2->dst;
|
||||
}
|
||||
|
||||
for (pr = pp->head; pr != NULL; pr = pr->next) {
|
||||
|
||||
@ -794,8 +811,8 @@ pk_sendgetspi(iph2)
|
||||
lcconf->sock_pfkey,
|
||||
satype,
|
||||
mode,
|
||||
iph2->dst, /* src of SA */
|
||||
iph2->src, /* dst of SA */
|
||||
dst, /* src of SA */
|
||||
src, /* dst of SA */
|
||||
0, 0, pr->reqid_in, iph2->seq) < 0) {
|
||||
plog(LLV_ERROR, LOCATION, NULL,
|
||||
"ipseclib failed send getspi (%s)\n",
|
||||
@ -804,7 +821,7 @@ pk_sendgetspi(iph2)
|
||||
}
|
||||
plog(LLV_DEBUG, LOCATION, NULL,
|
||||
"pfkey GETSPI sent: %s\n",
|
||||
sadbsecas2str(iph2->dst, iph2->src, satype, 0, mode));
|
||||
sadbsecas2str(dst, src, satype, 0, mode));
|
||||
}
|
||||
|
||||
return 0;
|
||||
@ -920,6 +937,7 @@ pk_sendupdate(iph2)
|
||||
int e_type, e_keylen, a_type, a_keylen, flags;
|
||||
u_int satype, mode;
|
||||
u_int64_t lifebyte = 0;
|
||||
int proxy = 0;
|
||||
|
||||
/* sanity check */
|
||||
if (iph2->approval == NULL) {
|
||||
@ -927,8 +945,14 @@ pk_sendupdate(iph2)
|
||||
"no approvaled SAs found.\n");
|
||||
}
|
||||
|
||||
if (iph2->side == INITIATOR)
|
||||
proxy = iph2->ph1->rmconf->support_proxy;
|
||||
else if (iph2->sainfo && iph2->sainfo->id_i)
|
||||
proxy = 1;
|
||||
|
||||
/* for mobile IPv6 */
|
||||
if (iph2->ph1->rmconf->support_mip6 && iph2->src_id && iph2->dst_id) {
|
||||
if (proxy && iph2->src_id && iph2->dst_id &&
|
||||
ipsecdoi_transportmode(iph2->approval)) {
|
||||
src = iph2->src_id;
|
||||
dst = iph2->dst_id;
|
||||
} else {
|
||||
@ -977,8 +1001,8 @@ pk_sendupdate(iph2)
|
||||
lcconf->sock_pfkey,
|
||||
satype,
|
||||
mode,
|
||||
iph2->dst,
|
||||
iph2->src,
|
||||
dst,
|
||||
src,
|
||||
pr->spi,
|
||||
pr->reqid_in,
|
||||
4, /* XXX static size of window */
|
||||
@ -1001,7 +1025,7 @@ pk_sendupdate(iph2)
|
||||
* But it is impossible because there is not key in the
|
||||
* information from the kernel.
|
||||
*/
|
||||
if (backupsa_to_file(satype, mode, iph2->dst, iph2->src,
|
||||
if (backupsa_to_file(satype, mode, dst, src,
|
||||
pr->spi, pr->reqid_in, 4,
|
||||
pr->keymat->v,
|
||||
e_type, e_keylen, a_type, a_keylen, flags,
|
||||
@ -1010,12 +1034,12 @@ pk_sendupdate(iph2)
|
||||
iph2->seq) < 0) {
|
||||
plog(LLV_ERROR, LOCATION, NULL,
|
||||
"backuped SA failed: %s\n",
|
||||
sadbsecas2str(iph2->dst, iph2->src,
|
||||
sadbsecas2str(dst, src,
|
||||
satype, pr->spi, mode));
|
||||
}
|
||||
plog(LLV_DEBUG, LOCATION, NULL,
|
||||
"backuped SA: %s\n",
|
||||
sadbsecas2str(iph2->dst, iph2->src,
|
||||
sadbsecas2str(dst, src,
|
||||
satype, pr->spi, mode));
|
||||
}
|
||||
|
||||
@ -1136,6 +1160,10 @@ pk_recvupdate(mhp)
|
||||
/* count up */
|
||||
iph2->ph1->ph2cnt++;
|
||||
|
||||
/* turn off schedule */
|
||||
if (iph2->scr)
|
||||
SCHED_KILL(iph2->scr);
|
||||
|
||||
/*
|
||||
* since we are going to reuse the phase2 handler, we need to
|
||||
* remain it and refresh all the references between ph1 and ph2 to use.
|
||||
@ -1161,6 +1189,7 @@ pk_sendadd(iph2)
|
||||
int e_type, e_keylen, a_type, a_keylen, flags;
|
||||
u_int satype, mode;
|
||||
u_int64_t lifebyte = 0;
|
||||
int proxy = 0;
|
||||
|
||||
/* sanity check */
|
||||
if (iph2->approval == NULL) {
|
||||
@ -1168,8 +1197,14 @@ pk_sendadd(iph2)
|
||||
"no approvaled SAs found.\n");
|
||||
}
|
||||
|
||||
if (iph2->side == INITIATOR)
|
||||
proxy = iph2->ph1->rmconf->support_proxy;
|
||||
else if (iph2->sainfo && iph2->sainfo->id_i)
|
||||
proxy = 1;
|
||||
|
||||
/* for mobile IPv6 */
|
||||
if (iph2->ph1->rmconf->support_mip6 && iph2->src_id && iph2->dst_id) {
|
||||
if (proxy && iph2->src_id && iph2->dst_id &&
|
||||
ipsecdoi_transportmode(iph2->approval)) {
|
||||
src = iph2->src_id;
|
||||
dst = iph2->dst_id;
|
||||
} else {
|
||||
@ -1218,8 +1253,8 @@ pk_sendadd(iph2)
|
||||
lcconf->sock_pfkey,
|
||||
satype,
|
||||
mode,
|
||||
iph2->src,
|
||||
iph2->dst,
|
||||
src,
|
||||
dst,
|
||||
pr->spi_p,
|
||||
pr->reqid_out,
|
||||
4, /* XXX static size of window */
|
||||
@ -1242,7 +1277,7 @@ pk_sendadd(iph2)
|
||||
* But it is impossible because there is not key in the
|
||||
* information from the kernel.
|
||||
*/
|
||||
if (backupsa_to_file(satype, mode, iph2->src, iph2->dst,
|
||||
if (backupsa_to_file(satype, mode, src, dst,
|
||||
pr->spi_p, pr->reqid_out, 4,
|
||||
pr->keymat_p->v,
|
||||
e_type, e_keylen, a_type, a_keylen, flags,
|
||||
@ -1251,12 +1286,12 @@ pk_sendadd(iph2)
|
||||
iph2->seq) < 0) {
|
||||
plog(LLV_ERROR, LOCATION, NULL,
|
||||
"backuped SA failed: %s\n",
|
||||
sadbsecas2str(iph2->src, iph2->dst,
|
||||
sadbsecas2str(src, dst,
|
||||
satype, pr->spi_p, mode));
|
||||
}
|
||||
plog(LLV_DEBUG, LOCATION, NULL,
|
||||
"backuped SA: %s\n",
|
||||
sadbsecas2str(iph2->src, iph2->dst,
|
||||
sadbsecas2str(src, dst,
|
||||
satype, pr->spi_p, mode));
|
||||
}
|
||||
|
||||
@ -1468,7 +1503,7 @@ pk_recvacquire(mhp)
|
||||
/* ignore if type is not IPSEC_POLICY_IPSEC */
|
||||
if (xpl->sadb_x_policy_type != IPSEC_POLICY_IPSEC) {
|
||||
plog(LLV_DEBUG, LOCATION, NULL,
|
||||
"ignore SPDGET message. type is not IPsec.\n");
|
||||
"ignore ACQUIRE message. type is not IPsec.\n");
|
||||
return 0;
|
||||
}
|
||||
|
||||
@ -1600,7 +1635,7 @@ pk_recvacquire(mhp)
|
||||
delph2(iph2[n]);
|
||||
return -1;
|
||||
}
|
||||
iph2[n]->sainfo = getsainfo(idsrc, iddst);
|
||||
iph2[n]->sainfo = getsainfo(idsrc, iddst, NULL);
|
||||
vfree(idsrc);
|
||||
vfree(iddst);
|
||||
if (iph2[n]->sainfo == NULL) {
|
||||
@ -1880,12 +1915,44 @@ static int
|
||||
pk_recvspdupdate(mhp)
|
||||
caddr_t *mhp;
|
||||
{
|
||||
struct sadb_address *saddr, *daddr;
|
||||
struct sadb_x_policy *xpl;
|
||||
struct policyindex spidx;
|
||||
struct secpolicy *sp;
|
||||
|
||||
/* sanity check */
|
||||
if (mhp[0] == NULL) {
|
||||
if (mhp[0] == NULL
|
||||
|| mhp[SADB_EXT_ADDRESS_SRC] == NULL
|
||||
|| mhp[SADB_EXT_ADDRESS_DST] == NULL
|
||||
|| mhp[SADB_X_EXT_POLICY] == NULL) {
|
||||
plog(LLV_ERROR, LOCATION, NULL,
|
||||
"inappropriate sadb spdupdate message passed.\n");
|
||||
return -1;
|
||||
}
|
||||
saddr = (struct sadb_address *)mhp[SADB_EXT_ADDRESS_SRC];
|
||||
daddr = (struct sadb_address *)mhp[SADB_EXT_ADDRESS_DST];
|
||||
xpl = (struct sadb_x_policy *)mhp[SADB_X_EXT_POLICY];
|
||||
|
||||
KEY_SETSECSPIDX(xpl->sadb_x_policy_dir,
|
||||
saddr + 1,
|
||||
daddr + 1,
|
||||
saddr->sadb_address_prefixlen,
|
||||
daddr->sadb_address_prefixlen,
|
||||
saddr->sadb_address_proto,
|
||||
&spidx);
|
||||
|
||||
sp = getsp(&spidx);
|
||||
if (sp == NULL) {
|
||||
plog(LLV_ERROR, LOCATION, NULL,
|
||||
"such policy does not already exist: %s\n",
|
||||
spidx2str(&spidx));
|
||||
} else {
|
||||
remsp(sp);
|
||||
delsp(sp);
|
||||
}
|
||||
|
||||
if (addnewsp(mhp) < 0)
|
||||
return -1;
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
4
crypto/dist/kame/racoon/remoteconf.c
vendored
4
crypto/dist/kame/racoon/remoteconf.c
vendored
@ -1,4 +1,4 @@
|
||||
/* $KAME: remoteconf.c,v 1.29 2001/12/07 08:39:39 sakane Exp $ */
|
||||
/* $KAME: remoteconf.c,v 1.30 2003/06/27 07:32:39 sakane Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
|
||||
@ -162,7 +162,7 @@ newrmconf()
|
||||
new->getcert_method = ISAKMP_GETCERT_PAYLOAD;
|
||||
new->send_cert = TRUE;
|
||||
new->send_cr = TRUE;
|
||||
new->support_mip6 = FALSE;
|
||||
new->support_proxy = FALSE;
|
||||
new->gen_policy = FALSE;
|
||||
new->retry_counter = lcconf->retry_counter;
|
||||
new->retry_interval = lcconf->retry_interval;
|
||||
|
4
crypto/dist/kame/racoon/remoteconf.h
vendored
4
crypto/dist/kame/racoon/remoteconf.h
vendored
@ -1,4 +1,4 @@
|
||||
/* $KAME: remoteconf.h,v 1.27 2001/12/07 08:39:39 sakane Exp $ */
|
||||
/* $KAME: remoteconf.h,v 1.28 2003/06/27 07:32:39 sakane Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
|
||||
@ -65,7 +65,7 @@ struct remoteconf {
|
||||
int nonce_size; /* the number of bytes of nonce */
|
||||
int keepalive; /* XXX may not use */
|
||||
int passive; /* never initiate */
|
||||
int support_mip6; /* support mip6 */
|
||||
int support_proxy; /* support mip6/proxy */
|
||||
int gen_policy; /* generate policy if no policy found */
|
||||
int ini_contact; /* initial contact */
|
||||
int pcheck_level; /* level of propocl checking */
|
||||
|
36
crypto/dist/kame/racoon/sainfo.c
vendored
36
crypto/dist/kame/racoon/sainfo.c
vendored
@ -1,4 +1,4 @@
|
||||
/* $KAME: sainfo.c,v 1.15 2001/11/16 04:12:59 sakane Exp $ */
|
||||
/* $KAME: sainfo.c,v 1.16 2003/06/27 07:32:39 sakane Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
|
||||
@ -70,15 +70,27 @@ static LIST_HEAD(_sitree, sainfo) sitree;
|
||||
* no matching entry found and if there is anonymous entry, return it.
|
||||
* else return NULL.
|
||||
* XXX by each data type, should be changed to compare the buffer.
|
||||
* First pass is for sainfo from a specified peer, second for others.
|
||||
*/
|
||||
struct sainfo *
|
||||
getsainfo(src, dst)
|
||||
const vchar_t *src, *dst;
|
||||
getsainfo(src, dst, peer)
|
||||
const vchar_t *src, *dst, *peer;
|
||||
{
|
||||
struct sainfo *s = NULL;
|
||||
struct sainfo *anonymous = NULL;
|
||||
int pass = 1;
|
||||
|
||||
if (peer == NULL)
|
||||
pass = 2;
|
||||
again:
|
||||
LIST_FOREACH(s, &sitree, chain) {
|
||||
if (s->id_i != NULL) {
|
||||
if (pass == 2)
|
||||
continue;
|
||||
if (memcmp(peer->v, s->id_i->v, s->id_i->l) != 0)
|
||||
continue;
|
||||
} else if (pass == 1)
|
||||
continue;
|
||||
if (s->idsrc == NULL) {
|
||||
anonymous = s;
|
||||
continue;
|
||||
@ -99,7 +111,11 @@ getsainfo(src, dst)
|
||||
if (anonymous) {
|
||||
plog(LLV_DEBUG, LOCATION, NULL,
|
||||
"anonymous sainfo selected.\n");
|
||||
} else if (pass == 1) {
|
||||
pass = 2;
|
||||
goto again;
|
||||
}
|
||||
|
||||
return anonymous;
|
||||
}
|
||||
|
||||
@ -112,7 +128,6 @@ newsainfo()
|
||||
if (new == NULL)
|
||||
return NULL;
|
||||
|
||||
new->idvtype = IDTYPE_ADDRESS;
|
||||
new->lifetime = IPSECDOI_ATTR_SA_LD_SEC_DEFAULT;
|
||||
new->lifebyte = IPSECDOI_ATTR_SA_LD_KB_MAX;
|
||||
|
||||
@ -214,11 +229,16 @@ sainfo2str(si)
|
||||
static char buf[256];
|
||||
|
||||
if (si->idsrc == NULL)
|
||||
return "anonymous";
|
||||
snprintf(buf, sizeof(buf), "anonymous");
|
||||
else {
|
||||
snprintf(buf, sizeof(buf), "%s", ipsecdoi_id2str(si->idsrc));
|
||||
snprintf(buf + strlen(buf), sizeof(buf) - strlen(buf),
|
||||
" %s", ipsecdoi_id2str(si->iddst));
|
||||
}
|
||||
|
||||
snprintf(buf, sizeof(buf), "%s", ipsecdoi_id2str(si->idsrc));
|
||||
snprintf(buf + strlen(buf), sizeof(buf) - strlen(buf),
|
||||
" %s", ipsecdoi_id2str(si->iddst));
|
||||
if (si->id_i != NULL)
|
||||
snprintf(buf + strlen(buf), sizeof(buf) - strlen(buf),
|
||||
" from %s", ipsecdoi_id2str(si->id_i));
|
||||
|
||||
return buf;
|
||||
}
|
||||
|
8
crypto/dist/kame/racoon/sainfo.h
vendored
8
crypto/dist/kame/racoon/sainfo.h
vendored
@ -1,4 +1,4 @@
|
||||
/* $KAME: sainfo.h,v 1.7 2000/10/11 19:54:08 sakane Exp $ */
|
||||
/* $KAME: sainfo.h,v 1.8 2003/06/27 07:32:39 sakane Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
|
||||
@ -44,8 +44,7 @@ struct sainfo {
|
||||
time_t lifetime;
|
||||
int lifebyte;
|
||||
int pfs_group; /* only use when pfs is required. */
|
||||
int idvtype; /* my identifier type */
|
||||
vchar_t *idv; /* my identifier */
|
||||
vchar_t *id_i; /* identifier of the authorized initiator */
|
||||
struct sainfoalg *algs[MAXALGCLASS];
|
||||
|
||||
LIST_ENTRY(sainfo) chain;
|
||||
@ -58,7 +57,8 @@ struct sainfoalg {
|
||||
struct sainfoalg *next;
|
||||
};
|
||||
|
||||
extern struct sainfo *getsainfo __P((const vchar_t *, const vchar_t *));
|
||||
extern struct sainfo *getsainfo __P((const vchar_t *,
|
||||
const vchar_t *, const vchar_t *));
|
||||
extern struct sainfo *newsainfo __P((void));
|
||||
extern void delsainfo __P((struct sainfo *));
|
||||
extern void inssainfo __P((struct sainfo *));
|
||||
|
Loading…
Reference in New Issue
Block a user