Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/crypto/dist/ipsec-tools/src/racoon Updated ipsec-tools:
details: https://anonhg.NetBSD.org/src/rev/4305a17efc91
branches: trunk
changeset: 574915:4305a17efc91
user: manu <manu%NetBSD.org@localhost>
date: Wed Mar 16 23:52:42 2005 +0000
description:
Updated ipsec-tools:
2005-03-16 Emmanuel Dreyfus <manu%netbsd.org@localhost>
* src/racoon/{cftoken.l|localconf.h|privsep.c|racoon.conf.5}
src/racoon/remoteconf.c: When running in privsep mode, check that
private key and script paths match those given in the path section.
2005-03-15 Emmanuel Dreyfus <manu%netbsd.org@localhost>
* src/racoon/{isakmp_cfg|isakmp_cfg.h|isakmp_xauth.c}: initialize
RADIUS accounting at startup
* src/racoon/privsep.c: fix minor bug in PAM cleanup
* src/racoon/isakmp_cfg.c: only call cleanup_pam if PAM is used
2005-03-14 Emmanuel Dreyfus <manu%netbsd.org@localhost>
* configure.ac: handle correctly dynamic libradius
* src/racoon/cfparse.y: correctly initialize address pool
diffstat:
crypto/dist/ipsec-tools/src/racoon/isakmp_cfg.c | 49 ++++++++--------
crypto/dist/ipsec-tools/src/racoon/isakmp_cfg.h | 3 +-
crypto/dist/ipsec-tools/src/racoon/isakmp_xauth.c | 64 ++++++++++++++--------
crypto/dist/ipsec-tools/src/racoon/localconf.h | 7 +-
4 files changed, 70 insertions(+), 53 deletions(-)
diffs (284 lines):
diff -r 6683e41368bf -r 4305a17efc91 crypto/dist/ipsec-tools/src/racoon/isakmp_cfg.c
--- a/crypto/dist/ipsec-tools/src/racoon/isakmp_cfg.c Wed Mar 16 23:52:16 2005 +0000
+++ b/crypto/dist/ipsec-tools/src/racoon/isakmp_cfg.c Wed Mar 16 23:52:42 2005 +0000
@@ -1,6 +1,6 @@
-/* $NetBSD: isakmp_cfg.c,v 1.1.1.2 2005/02/23 14:54:19 manu Exp $ */
+/* $NetBSD: isakmp_cfg.c,v 1.1.1.3 2005/03/16 23:52:42 manu Exp $ */
-/* Id: isakmp_cfg.c,v 1.26 2005/02/10 02:02:56 manubsd Exp */
+/* Id: isakmp_cfg.c,v 1.26.2.1 2005/03/16 00:13:38 manubsd Exp */
/*
* Copyright (C) 2004 Emmanuel Dreyfus
@@ -1200,7 +1200,8 @@
#ifdef HAVE_LIBPAM
/* Cleanup PAM status associated with the port */
- privsep_cleanup_pam(index);
+ if (isakmp_cfg_config.authsource == ISAKMP_CFG_AUTH_PAM)
+ privsep_cleanup_pam(index);
#endif
isakmp_cfg_config.port_pool[index].used = 0;
iph1->mode_cfg->flags &= ISAKMP_CFG_PORT_ALLOCATED;
@@ -1294,38 +1295,37 @@
struct ph1handle *iph1;
int inout;
{
- static struct rad_handle *radius_state = NULL;
-
/* For first time use, initialize Radius */
- if (radius_state == NULL) {
- if ((radius_state = rad_acct_open()) == NULL) {
+ if (radius_acct_state == NULL) {
+ if ((radius_acct_state = rad_acct_open()) == NULL) {
plog(LLV_ERROR, LOCATION, NULL,
"Cannot init librradius\n");
return -1;
}
- if (rad_config(radius_state, NULL) != 0) {
+ if (rad_config(radius_acct_state, NULL) != 0) {
plog(LLV_ERROR, LOCATION, NULL,
"Cannot open librarius config file: %s\n",
- rad_strerror(radius_state));
- rad_close(radius_state);
- radius_state = NULL;
+ rad_strerror(radius_acct_state));
+ rad_close(radius_acct_state);
+ radius_acct_state = NULL;
return -1;
}
}
- if (rad_create_request(radius_state, RAD_ACCOUNTING_REQUEST) != 0) {
+ if (rad_create_request(radius_acct_state,
+ RAD_ACCOUNTING_REQUEST) != 0) {
plog(LLV_ERROR, LOCATION, NULL,
"rad_create_request failed: %s\n",
- rad_strerror(radius_state));
+ rad_strerror(radius_acct_state));
return -1;
}
- if (rad_put_string(radius_state, RAD_USER_NAME,
+ if (rad_put_string(radius_acct_state, RAD_USER_NAME,
iph1->mode_cfg->login) != 0) {
plog(LLV_ERROR, LOCATION, NULL,
"rad_put_string failed: %s\n",
- rad_strerror(radius_state));
+ rad_strerror(radius_acct_state));
return -1;
}
@@ -1341,36 +1341,37 @@
break;
}
- if (rad_put_addr(radius_state,
+ if (rad_put_addr(radius_acct_state,
RAD_FRAMED_IP_ADDRESS, iph1->mode_cfg->addr4) != 0) {
plog(LLV_ERROR, LOCATION, NULL,
"rad_put_addr failed: %s\n",
- rad_strerror(radius_state));
+ rad_strerror(radius_acct_state));
return -1;
}
- if (rad_put_addr(radius_state,
+ if (rad_put_addr(radius_acct_state,
RAD_LOGIN_IP_HOST, iph1->mode_cfg->addr4) != 0) {
plog(LLV_ERROR, LOCATION, NULL,
"rad_put_addr failed: %s\n",
- rad_strerror(radius_state));
+ rad_strerror(radius_acct_state));
return -1;
}
- if (rad_put_int(radius_state, RAD_ACCT_STATUS_TYPE, inout) != 0) {
+ if (rad_put_int(radius_acct_state, RAD_ACCT_STATUS_TYPE, inout) != 0) {
plog(LLV_ERROR, LOCATION, NULL,
"rad_put_int failed: %s\n",
- rad_strerror(radius_state));
+ rad_strerror(radius_acct_state));
return -1;
}
- if (isakmp_cfg_radius_common(radius_state, iph1->mode_cfg->port) != 0)
+ if (isakmp_cfg_radius_common(radius_acct_state,
+ iph1->mode_cfg->port) != 0)
return -1;
- if (rad_send_request(radius_state) != RAD_ACCOUNTING_RESPONSE) {
+ if (rad_send_request(radius_acct_state) != RAD_ACCOUNTING_RESPONSE) {
plog(LLV_ERROR, LOCATION, NULL,
"rad_send_request failed: %s\n",
- rad_strerror(radius_state));
+ rad_strerror(radius_acct_state));
return -1;
}
diff -r 6683e41368bf -r 4305a17efc91 crypto/dist/ipsec-tools/src/racoon/isakmp_cfg.h
--- a/crypto/dist/ipsec-tools/src/racoon/isakmp_cfg.h Wed Mar 16 23:52:16 2005 +0000
+++ b/crypto/dist/ipsec-tools/src/racoon/isakmp_cfg.h Wed Mar 16 23:52:42 2005 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: isakmp_cfg.h,v 1.1.1.2 2005/02/23 14:54:19 manu Exp $ */
+/* $NetBSD: isakmp_cfg.h,v 1.1.1.3 2005/03/16 23:52:42 manu Exp $ */
/* $KAME$ */
@@ -162,6 +162,7 @@
#ifdef HAVE_LIBRADIUS
struct rad_handle;
+extern struct rad_handle *radius_acct_state;
int isakmp_cfg_radius_common(struct rad_handle *, int);
#endif
diff -r 6683e41368bf -r 4305a17efc91 crypto/dist/ipsec-tools/src/racoon/isakmp_xauth.c
--- a/crypto/dist/ipsec-tools/src/racoon/isakmp_xauth.c Wed Mar 16 23:52:16 2005 +0000
+++ b/crypto/dist/ipsec-tools/src/racoon/isakmp_xauth.c Wed Mar 16 23:52:42 2005 +0000
@@ -1,6 +1,6 @@
-/* $NetBSD: isakmp_xauth.c,v 1.1.1.3 2005/03/14 08:14:31 manu Exp $ */
+/* $NetBSD: isakmp_xauth.c,v 1.1.1.4 2005/03/16 23:52:55 manu Exp $ */
-/* Id: isakmp_xauth.c,v 1.17.2.2 2005/03/09 14:12:31 manubsd Exp */
+/* Id: isakmp_xauth.c,v 1.17.2.3 2005/03/16 00:13:38 manubsd Exp */
/*
* Copyright (C) 2004 Emmanuel Dreyfus
@@ -90,7 +90,8 @@
#ifdef HAVE_LIBRADIUS
#include <radlib.h>
-static struct rad_handle *radius_state = NULL;
+struct rad_handle *radius_auth_state = NULL;
+struct rad_handle *radius_acct_state = NULL;
#endif
#ifdef HAVE_LIBPAM
@@ -425,26 +426,39 @@
int
xauth_radius_init(void)
{
- /* If it's not required in the config, don't initialize it */
- if ((isakmp_cfg_config.authsource != ISAKMP_CFG_AUTH_RADIUS) &&
- (isakmp_cfg_config.accounting != ISAKMP_CFG_ACCT_RADIUS) &&
- (isakmp_cfg_config.confsource != ISAKMP_CFG_CONF_RADIUS))
- return 0;
-
/* For first time use, initialize Radius */
- if (radius_state == NULL) {
- if ((radius_state = rad_auth_open()) == NULL) {
+ if ((isakmp_cfg_config.authsource == ISAKMP_CFG_AUTH_RADIUS) &&
+ (radius_auth_state == NULL)) {
+ if ((radius_auth_state = rad_auth_open()) == NULL) {
plog(LLV_ERROR, LOCATION, NULL,
"Cannot init libradius\n");
return -1;
}
- if (rad_config(radius_state, NULL) != 0) {
+ if (rad_config(radius_auth_state, NULL) != 0) {
plog(LLV_ERROR, LOCATION, NULL,
"Cannot open librarius config file: %s\n",
- rad_strerror(radius_state));
- rad_close(radius_state);
- radius_state = NULL;
+ rad_strerror(radius_auth_state));
+ rad_close(radius_auth_state);
+ radius_auth_state = NULL;
+ return -1;
+ }
+ }
+
+ if ((isakmp_cfg_config.accounting == ISAKMP_CFG_ACCT_RADIUS) &&
+ (radius_acct_state == NULL)) {
+ if ((radius_acct_state = rad_auth_open()) == NULL) {
+ plog(LLV_ERROR, LOCATION, NULL,
+ "Cannot init libradius\n");
+ return -1;
+ }
+
+ if (rad_config(radius_acct_state, NULL) != 0) {
+ plog(LLV_ERROR, LOCATION, NULL,
+ "Cannot open librarius config file: %s\n",
+ rad_strerror(radius_acct_state));
+ rad_close(radius_acct_state);
+ radius_acct_state = NULL;
return -1;
}
}
@@ -463,33 +477,33 @@
size_t len;
int type;
- if (rad_create_request(radius_state, RAD_ACCESS_REQUEST) != 0) {
+ if (rad_create_request(radius_auth_state, RAD_ACCESS_REQUEST) != 0) {
plog(LLV_ERROR, LOCATION, NULL,
"rad_create_request failed: %s\n",
- rad_strerror(radius_state));
+ rad_strerror(radius_auth_state));
return -1;
}
- if (rad_put_string(radius_state, RAD_USER_NAME, usr) != 0) {
+ if (rad_put_string(radius_auth_state, RAD_USER_NAME, usr) != 0) {
plog(LLV_ERROR, LOCATION, NULL,
"rad_put_string failed: %s\n",
- rad_strerror(radius_state));
+ rad_strerror(radius_auth_state));
return -1;
}
- if (rad_put_string(radius_state, RAD_USER_PASSWORD, pwd) != 0) {
+ if (rad_put_string(radius_auth_state, RAD_USER_PASSWORD, pwd) != 0) {
plog(LLV_ERROR, LOCATION, NULL,
"rad_put_string failed: %s\n",
- rad_strerror(radius_state));
+ rad_strerror(radius_auth_state));
return -1;
}
- if (isakmp_cfg_radius_common(radius_state, iph1->mode_cfg->port) != 0)
+ if (isakmp_cfg_radius_common(radius_auth_state, iph1->mode_cfg->port) != 0)
return -1;
- switch (res = rad_send_request(radius_state)) {
+ switch (res = rad_send_request(radius_auth_state)) {
case RAD_ACCESS_ACCEPT:
- while ((type = rad_get_attr(radius_state, &data, &len)) != 0) {
+ while ((type = rad_get_attr(radius_auth_state, &data, &len)) != 0) {
switch (type) {
case RAD_FRAMED_IP_ADDRESS:
iph1->mode_cfg->addr4 = rad_cvt_addr(data);
@@ -520,7 +534,7 @@
case -1:
plog(LLV_ERROR, LOCATION, NULL,
"rad_send_request failed: %s\n",
- rad_strerror(radius_state));
+ rad_strerror(radius_auth_state));
return -1;
break;
default:
diff -r 6683e41368bf -r 4305a17efc91 crypto/dist/ipsec-tools/src/racoon/localconf.h
--- a/crypto/dist/ipsec-tools/src/racoon/localconf.h Wed Mar 16 23:52:16 2005 +0000
+++ b/crypto/dist/ipsec-tools/src/racoon/localconf.h Wed Mar 16 23:52:42 2005 +0000
@@ -1,6 +1,6 @@
-/* $NetBSD: localconf.h,v 1.1.1.3 2005/02/24 20:53:34 manu Exp $ */
+/* $NetBSD: localconf.h,v 1.1.1.4 2005/03/16 23:52:56 manu Exp $ */
-/* Id: localconf.h,v 1.9.2.1 2005/02/24 18:31:56 manubsd Exp */
+/* Id: localconf.h,v 1.9.2.2 2005/03/16 23:18:43 manubsd Exp */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -42,7 +42,8 @@
#define LC_PATHTYPE_PSK 1
#define LC_PATHTYPE_CERT 2
#define LC_PATHTYPE_BACKUPSA 3
-#define LC_PATHTYPE_MAX 4
+#define LC_PATHTYPE_SCRIPT 4
+#define LC_PATHTYPE_MAX 5
#define LC_DEFAULT_PAD_MAXSIZE 20
#define LC_DEFAULT_PAD_RANDOM TRUE
Home |
Main Index |
Thread Index |
Old Index