racoon patches

["Stephen Degler" <stephen%degler.net@localhost>]

Hello,

Please review these patches.  I'm running -current and anonymous sainfo's
broke for me.  The first patch fixes this.  As I read the code the 1.6
change to sainfo.c made it impossible for the anonymous sainfo to be
selected.

Patch number two I ran into debugging the problem.  cfparse.y permits one
to specify the peer as an address (in the sainfo FROM clause), but then
botches
filling out id_i.

Please review and let me know if its ok to commit.  Or should these just
be forwarded to ipsec-tools?

skd

Index: sainfo.c
===================================================================
RCS file: /cvsroot/src/crypto/dist/ipsec-tools/src/racoon/sainfo.c,v
retrieving revision 1.6
diff -u -u -r1.6 sainfo.c
--- sainfo.c    19 Oct 2006 09:35:51 -0000      1.6
+++ sainfo.c    11 Nov 2006 04:07:48 -0000
@@ -131,6 +131,11 @@
                if(s->remoteid != remoteid)
                        continue;
 
+               if (s->idsrc == NULL && s->iddst == NULL) {
+                       anonymous = s;
+                       continue;
+               }
+
                if (s->id_i != NULL) {
                        if (pass == 2)
                                continue;
@@ -138,10 +143,6 @@
                                continue;
                } else if (pass == 1)
                        continue;
-               if (s->idsrc == NULL && s->iddst == NULL) {
-                       anonymous = s;
-                       continue;
-               }
 
                /* anonymous ? */
                if (loc == NULL) {

Index: cfparse.y
===================================================================
RCS file: /cvsroot/src/crypto/dist/ipsec-tools/src/racoon/cfparse.y,v
retrieving revision 1.17
diff -u -u -r1.17 cfparse.y
--- cfparse.y   22 Oct 2006 15:10:31 -0000      1.17
+++ cfparse.y   11 Nov 2006 04:06:55 -0000
@@ -1346,20 +1346,29 @@
                                yyerror("failed to set identifer.\n");
                                return -1;
                        }
-                       cur_sainfo->id_i = vmalloc(sizeof(*id_b) + idv->l);
-                       if (cur_sainfo->id_i == NULL) {
-                               yyerror("failed to allocate identifier");
-                               return -1;
+                       if ( $2 == IDTYPE_ADDRESS ) {
+                               cur_sainfo->id_i = 
+                                       ipsecdoi_sockaddr2id((struct sockaddr 
*)idv->v,
+                                                            -1, 
+                                                            IPSEC_ULPROTO_ANY);
                        }
+                       else {
+                               cur_sainfo->id_i = 
+                                       vmalloc(sizeof(*id_b) + idv->l);
+                               if (cur_sainfo->id_i == NULL) {
+                                       yyerror("failed to allocate 
identifier");
+                                       return -1;
+                               }
+                               id_b = (struct ipsecdoi_id_b 
*)cur_sainfo->id_i->v;
+                               id_b->type = idtype2doi($2);
 
-                       id_b = (struct ipsecdoi_id_b *)cur_sainfo->id_i->v;
-                       id_b->type = idtype2doi($2);
-
-                       id_b->proto_id = 0;
-                       id_b->port = 0;
+                               id_b->proto_id = 0;
+                               id_b->port = 0;
 
-                       memcpy(cur_sainfo->id_i->v + sizeof(*id_b),
-                              idv->v, idv->l);
+                               memcpy(cur_sainfo->id_i->v + sizeof(*id_b),
+                                      idv->v, idv->l);
+                               vfree(idv);
+                       }
                        vfree(idv);
                }
        |       GROUP QUOTEDSTRING