Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/crypto/dist/ipsec-tools When altering the lifetime, don't mo...
details: https://anonhg.NetBSD.org/src/rev/b1c21eca9c25
branches: trunk
changeset: 581002:b1c21eca9c25
user: manu <manu%NetBSD.org@localhost>
date: Fri May 20 00:54:55 2005 +0000
description:
When altering the lifetime, don't modify to configured proposal, duplicate
it instead.
diffstat:
crypto/dist/ipsec-tools/ChangeLog | 7 ++
crypto/dist/ipsec-tools/src/racoon/handler.c | 7 ++-
crypto/dist/ipsec-tools/src/racoon/ipsec_doi.c | 63 ++++++++++++++----------
crypto/dist/ipsec-tools/src/racoon/remoteconf.c | 30 +++++++++++-
crypto/dist/ipsec-tools/src/racoon/remoteconf.h | 4 +-
5 files changed, 82 insertions(+), 29 deletions(-)
diffs (207 lines):
diff -r 60ec05559f47 -r b1c21eca9c25 crypto/dist/ipsec-tools/ChangeLog
--- a/crypto/dist/ipsec-tools/ChangeLog Thu May 19 21:16:29 2005 +0000
+++ b/crypto/dist/ipsec-tools/ChangeLog Fri May 20 00:54:55 2005 +0000
@@ -1,3 +1,10 @@
+2005-05-20 Emmanuel Dreyfus <manu%netbsd.org@localhost>
+
+ From Larry Baird <lab%gta.com@localhost>
+ * src/racoon/{handler.c|ipsec_doi.c|remoteconf.h|remoteconf.c}: When
+ altering lifetime, duplicate the proposal instead of modifying
+ the configured one.
+
2005-05-13 Emmanuel Dreyfus <manu%netbsd.org@localhost>
* src/racoon/isakmp.c: For acquire messages, when NAT-T is in use,
diff -r 60ec05559f47 -r b1c21eca9c25 crypto/dist/ipsec-tools/src/racoon/handler.c
--- a/crypto/dist/ipsec-tools/src/racoon/handler.c Thu May 19 21:16:29 2005 +0000
+++ b/crypto/dist/ipsec-tools/src/racoon/handler.c Fri May 20 00:54:55 2005 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: handler.c,v 1.3 2005/05/08 08:57:26 manu Exp $ */
+/* $NetBSD: handler.c,v 1.4 2005/05/20 00:54:55 manu Exp $ */
/* Id: handler.c,v 1.13 2004/11/21 19:36:26 manubsd Exp */
@@ -286,6 +286,11 @@
iph1->local = NULL;
}
+ if (iph1->approval) {
+ delisakmpsa(iph1->approval);
+ iph1->approval = NULL;
+ }
+
#ifdef ENABLE_HYBRID
if (iph1->mode_cfg)
isakmp_cfg_rmstate(iph1);
diff -r 60ec05559f47 -r b1c21eca9c25 crypto/dist/ipsec-tools/src/racoon/ipsec_doi.c
--- a/crypto/dist/ipsec-tools/src/racoon/ipsec_doi.c Thu May 19 21:16:29 2005 +0000
+++ b/crypto/dist/ipsec-tools/src/racoon/ipsec_doi.c Fri May 20 00:54:55 2005 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: ipsec_doi.c,v 1.4 2005/05/10 09:23:36 manu Exp $ */
+/* $NetBSD: ipsec_doi.c,v 1.5 2005/05/20 00:54:55 manu Exp $ */
/* Id: ipsec_doi.c,v 1.26.2.1 2005/02/17 13:19:18 vanhu Exp */
@@ -215,7 +215,10 @@
int prophlen;
int i;
- iph1->approval = NULL;
+ if (iph1->approval) {
+ delisakmpsa(iph1->approval);
+ iph1->approval = NULL;
+ }
for (i = 0; i < MAXPROPPAIRLEN; i++) {
if (pair[i] == NULL)
@@ -306,8 +309,10 @@
#endif
newsa = get_sabyproppair(p, iph1);
- if (newsa == NULL)
+ if (newsa == NULL) {
+ delisakmpsa(iph1->approval);
iph1->approval = NULL;
+ }
return newsa;
}
@@ -392,8 +397,6 @@
tsap->encklen == s->encklen) {
switch(check_level) {
case PROP_CHECK_OBEY:
- s->lifetime = tsap->lifetime;
- s->lifebyte = tsap->lifebyte;
goto found;
break;
@@ -401,9 +404,6 @@
if ((tsap->lifetime > s->lifetime) ||
(tsap->lifebyte > s->lifebyte))
continue;
-
- s->lifetime = tsap->lifetime;
- s->lifebyte = tsap->lifebyte;
goto found;
break;
@@ -434,6 +434,31 @@
found:
if (tsap->dhgrp != NULL)
oakley_dhgrp_free(tsap->dhgrp);
+
+ if ((s = dupisakmpsa(s)) != NULL) {
+ switch(check_level) {
+ case PROP_CHECK_OBEY:
+ s->lifetime = tsap->lifetime;
+ s->lifebyte = tsap->lifebyte;
+ break;
+
+ case PROP_CHECK_STRICT:
+ s->lifetime = tsap->lifetime;
+ s->lifebyte = tsap->lifebyte;
+ break;
+
+ case PROP_CHECK_CLAIM:
+ if (tsap->lifetime < s->lifetime)
+ s->lifetime = tsap->lifetime;
+ if (tsap->lifebyte < s->lifebyte)
+ s->lifebyte = tsap->lifebyte;
+ break;
+
+ default:
+ break;
+ }
+ }
+
return s;
}
@@ -4124,24 +4149,10 @@
fixup_initiator_sa(match, received)
struct isakmpsa *match, *received;
{
- struct isakmpsa *newsa;
-
- if (received->gssid == NULL)
- return match;
-
- newsa = newisakmpsa();
- memcpy(newsa, match, sizeof *newsa);
-
- if (match->dhgrp != NULL) {
- newsa->dhgrp = racoon_calloc(1, sizeof(struct dhgroup));
- memcpy(newsa->dhgrp, match->dhgrp, sizeof (struct dhgroup));
- }
- newsa->next = NULL;
- newsa->rmconf = NULL;
-
- newsa->gssid = vdup(received->gssid);
-
- return newsa;
+ if (received->gssid != NULL)
+ match->gssid = vdup(received->gssid);
+
+ return match;
}
#endif
diff -r 60ec05559f47 -r b1c21eca9c25 crypto/dist/ipsec-tools/src/racoon/remoteconf.c
--- a/crypto/dist/ipsec-tools/src/racoon/remoteconf.c Thu May 19 21:16:29 2005 +0000
+++ b/crypto/dist/ipsec-tools/src/racoon/remoteconf.c Fri May 20 00:54:55 2005 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: remoteconf.c,v 1.2 2005/05/08 08:57:26 manu Exp $ */
+/* $NetBSD: remoteconf.c,v 1.3 2005/05/20 00:54:55 manu Exp $ */
/* Id: remoteconf.c,v 1.26.2.2 2005/03/16 23:18:43 manubsd Exp */
@@ -668,3 +668,31 @@
return (size - 2);
}
+
+struct isakmpsa *
+dupisakmpsa(sa)
+ struct isakmpsa *sa;
+{
+ struct isakmpsa *res = NULL;
+
+ if (sa == NULL)
+ return NULL;
+
+ res = newisakmpsa();
+ if(res == NULL)
+ return NULL;
+
+ *res = *sa;
+#ifdef HAVE_GSSAPI
+ /*
+ * XXX gssid
+ */
+#endif
+ res->next=NULL;
+
+ if (sa->dhgrp != NULL)
+ oakley_setdhgroup(sa->dh_group, &(res->dhgrp));
+
+ return res;
+
+}
diff -r 60ec05559f47 -r b1c21eca9c25 crypto/dist/ipsec-tools/src/racoon/remoteconf.h
--- a/crypto/dist/ipsec-tools/src/racoon/remoteconf.h Thu May 19 21:16:29 2005 +0000
+++ b/crypto/dist/ipsec-tools/src/racoon/remoteconf.h Fri May 20 00:54:55 2005 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: remoteconf.h,v 1.1.1.2 2005/02/23 14:54:27 manu Exp $ */
+/* $NetBSD: remoteconf.h,v 1.2 2005/05/20 00:54:55 manu Exp $ */
/* Id: remoteconf.h,v 1.19 2005/01/07 14:22:32 manubsd Exp */
@@ -165,6 +165,8 @@
void *data));
extern struct isakmpsa *newisakmpsa __P((void));
+extern struct isakmpsa *dupisakmpsa __P((struct isakmpsa *));
+
extern void insisakmpsa __P((struct isakmpsa *, struct remoteconf *));
extern void dumprmconf __P((void));
Home |
Main Index |
Thread Index |
Old Index