Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src sync with 2/22 code. -B and -Z,
details: https://anonhg.NetBSD.org/src/rev/1b774edebf37
branches: trunk
changeset: 504111:1b774edebf37
user: itojun <itojun%NetBSD.org@localhost>
date: Thu Feb 22 02:33:06 2001 +0000
description:
sync with 2/22 code. -B and -Z,
bundle proposal interpretation, and some other fixes.
XXX WARNS?=0 in racoon/Makefile is necessary to compile yacc-generated files
(static function, generated by yacc, is never used).
diffstat:
crypto/dist/kame/racoon/cfparse.y | 24 ++++++-------------
crypto/dist/kame/racoon/isakmp.c | 11 ++++++--
crypto/dist/kame/racoon/main.c | 41 ++++++++++++++++++++++++++++++----
crypto/dist/kame/racoon/racoon.8 | 12 +++++----
crypto/dist/kame/racoon/racoon.conf.5 | 27 +++++++++++-----------
usr.sbin/racoon/Makefile.inc | 4 ++-
usr.sbin/racoon/racoon/Makefile | 5 ++-
7 files changed, 78 insertions(+), 46 deletions(-)
diffs (truncated from 365 to 300 lines):
diff -r 54b81adfa054 -r 1b774edebf37 crypto/dist/kame/racoon/cfparse.y
--- a/crypto/dist/kame/racoon/cfparse.y Thu Feb 22 02:21:12 2001 +0000
+++ b/crypto/dist/kame/racoon/cfparse.y Thu Feb 22 02:33:06 2001 +0000
@@ -1,4 +1,4 @@
-/* $KAME: cfparse.y,v 1.85 2001/01/29 11:26:50 sakane Exp $ */
+/* $KAME: cfparse.y,v 1.87 2001/02/22 01:11:42 sakane Exp $ */
%{
#include <sys/types.h>
@@ -166,9 +166,6 @@
%token PREFIX PORT PORTANY UL_PROTO ANY
%token PFS_GROUP LIFETIME LIFETYPE UNITTYPE STRENGTH
- /* static sa */
-%token STATICSA STATICSA_STATEMENT
-
%token NUMBER SWITCH BOOLEAN
%token HEXSTRING QUOTEDSTRING ADDRSTRING
%token EOS BOC EOC COMMA
@@ -183,7 +180,7 @@
%type <num> SECLEVELTYPE SECMODETYPE
%type <num> EXCHANGETYPE DOITYPE SITUATIONTYPE
%type <num> CERTTYPE CERT_X509 PROPOSAL_CHECK_LEVEL
-%type <val> QUOTEDSTRING HEXSTRING ADDRSTRING STATICSA_STATEMENT sainfo_id
+%type <val> QUOTEDSTRING HEXSTRING ADDRSTRING sainfo_id
%type <val> identifierstring
%type <spidx> policy_index
%type <saddr> remote_index ike_addrinfo_port
@@ -208,6 +205,7 @@
| sainfo_statement
| remote_statement
| staticsa_statement
+ | special_statement
;
/* path */
@@ -229,6 +227,11 @@
}
;
+ /* special */
+special_statement
+ : COMPLEX_BUNDLE SWITCH EOS { lcconf->complex_bundle = $2; }
+ ;
+
/* include */
include_statement
: INCLUDE QUOTEDSTRING EOS
@@ -1271,17 +1274,6 @@
}
;
- /* static sa */
-staticsa_statement
- : STATICSA STATICSA_STATEMENT
- {
- /* execute static sa */
- /* like system("setkey $2->v"); */
- vfree($2);
- }
- EOS
- ;
-
%%
#if 0
diff -r 54b81adfa054 -r 1b774edebf37 crypto/dist/kame/racoon/isakmp.c
--- a/crypto/dist/kame/racoon/isakmp.c Thu Feb 22 02:21:12 2001 +0000
+++ b/crypto/dist/kame/racoon/isakmp.c Thu Feb 22 02:33:06 2001 +0000
@@ -1,4 +1,4 @@
-/* $KAME: isakmp.c,v 1.125 2001/01/28 17:17:17 itojun Exp $ */
+/* $KAME: isakmp.c,v 1.127 2001/02/02 12:17:23 sakane Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -894,8 +894,11 @@
int error;
iph2 = newph2();
- if (iph2 == NULL)
+ if (iph2 == NULL) {
+ plog(LLV_ERROR, LOCATION, NULL,
+ "failed to allocate phase2 entry.\n");
return -1;
+ }
iph2->ph1 = iph1;
iph2->side = RESPONDER;
@@ -1618,8 +1621,10 @@
if ((ph2exchange[etypesw2(ISAKMP_ETYPE_QUICK)]
[iph2->side]
- [iph2->status])(iph2, NULL) != 0)
+ [iph2->status])(iph2, NULL) != 0) {
+ unbindph12(iph2);
return -1;
+ }
return 0;
}
diff -r 54b81adfa054 -r 1b774edebf37 crypto/dist/kame/racoon/main.c
--- a/crypto/dist/kame/racoon/main.c Thu Feb 22 02:21:12 2001 +0000
+++ b/crypto/dist/kame/racoon/main.c Thu Feb 22 02:33:06 2001 +0000
@@ -1,4 +1,4 @@
-/* $KAME: main.c,v 1.24 2001/01/10 02:58:58 sakane Exp $ */
+/* $KAME: main.c,v 1.29 2001/02/06 15:15:46 sakane Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -32,6 +32,7 @@
#include <sys/types.h>
#include <sys/param.h>
#include <sys/socket.h>
+#include <sys/stat.h>
#include <netinet/in.h>
@@ -44,6 +45,7 @@
#include <unistd.h>
#endif
#include <paths.h>
+#include <err.h>
#include "var.h"
#include "misc.h"
@@ -60,10 +62,12 @@
#include "pfkey.h"
#include "crypto_openssl.h"
#include "random.h"
+#include "backupsa.h"
int f_foreground = 0; /* force running in foreground. */
int f_local = 0; /* local test mode. behave like a wall. */
int vflag = 1; /* for print-isakmp.c */
+static int loading_sa = 0; /* install sa when racoon boots up. */
static char version[] = "@(#)racoon 20001216 sakane%ydc.co.jp@localhost";
@@ -90,6 +94,7 @@
#else
""
#endif
+ "[-B]"
);
printf(" -d: debug level, more -d will generate more debug message.\n");
printf(" -F: run in foreground, do not become daemon.\n");
@@ -104,6 +109,8 @@
printf(" -6: IPv6 mode.\n");
printf(" -4: IPv4 mode.\n");
#endif
+ printf(" -B: install SA to the kernel from the file "
+ "specified by the configuration file.\n");
exit(1);
}
@@ -114,6 +121,13 @@
{
int error;
+ /* don't let anyone read files I write */
+ umask(077);
+ if (umask(077) != 077) {
+ errx(1, "could not set umask");
+ /*NOTREACHED*/
+ }
+
initlcconf();
initrmconf();
oakley_dhinit();
@@ -146,6 +160,15 @@
}
restore_params();
+ /*
+ * install SAs from the specified file. If the file is not specified
+ * by the configuration file, racoon will exit.
+ */
+ if (loading_sa && !f_local) {
+ if (backupsa_from_file() != 0)
+ exit(1);
+ }
+
if (f_foreground)
close(0);
else {
@@ -177,9 +200,11 @@
plog(LLV_ERROR, LOCATION, NULL,
"cannot open %s", pid_file);
}
- if (atexit(cleanup_pidfile) < 0) {
- plog(LLV_ERROR, LOCATION, NULL,
- "cannot register pidfile cleanup");
+ if (!f_local) {
+ if (atexit(cleanup_pidfile) < 0) {
+ plog(LLV_ERROR, LOCATION, NULL,
+ "cannot register pidfile cleanup");
+ }
}
}
@@ -214,7 +239,7 @@
else
pname = *av;
- while ((c = getopt(ac, av, "dFp:a:f:l:vZ"
+ while ((c = getopt(ac, av, "dFp:a:f:l:vZB"
#ifdef YYDEBUG
"y"
#endif
@@ -254,6 +279,9 @@
case 'Z':
/*
* only local test.
+ * To specify -Z option and to choice a appropriate
+ * port number for ISAKMP, you can launch some racoons
+ * on the local host for debug.
* pk_sendadd() on initiator side is always failed
* even if this flag is used. Because there is same
* spi in the SAD which is inserted by pk_sendgetspi()
@@ -275,6 +303,9 @@
lcconf->default_af = AF_INET6;
break;
#endif
+ case 'B':
+ loading_sa++;
+ break;
default:
Usage();
break;
diff -r 54b81adfa054 -r 1b774edebf37 crypto/dist/kame/racoon/racoon.8
--- a/crypto/dist/kame/racoon/racoon.8 Thu Feb 22 02:21:12 2001 +0000
+++ b/crypto/dist/kame/racoon/racoon.8 Thu Feb 22 02:33:06 2001 +0000
@@ -1,4 +1,4 @@
-.\" $KAME: racoon.8,v 1.23 2000/12/16 15:19:00 itojun Exp $
+.\" $KAME: racoon.8,v 1.25 2001/02/22 00:41:38 sakane Exp $
.\"
.\" Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
.\" All rights reserved.
@@ -38,7 +38,7 @@
.Sh SYNOPSIS
.Nm racoon
.Bk -words
-.Op Fl dFv
+.Op Fl dFBv
.Ek
.Bk -words
.Op Fl f Ar configfile
@@ -67,10 +67,14 @@
run
.Nm racoon
in the foreground.
+.It Fl B
+install SA(s) from the file which is specified in
+.Xr racoon.conf 5 .
.It Fl l Ar logfile
use
.Ar logfile
-as the logging file.
+as the logging file instead of
+.Xr syslogd 8 .
.It Fl p Ar isakmp-port
listen for ISAKMP key exchange on port
.Ar isakmp-port
@@ -89,8 +93,6 @@
.Bl -tag -width /etc/racoon.conf -compact
.It Pa /etc/racoon.conf
default configuration file.
-.It Pa /var/log/racoon.log
-default log file.
.El
.\"
.Sh RETURN VALUES
diff -r 54b81adfa054 -r 1b774edebf37 crypto/dist/kame/racoon/racoon.conf.5
--- a/crypto/dist/kame/racoon/racoon.conf.5 Thu Feb 22 02:21:12 2001 +0000
+++ b/crypto/dist/kame/racoon/racoon.conf.5 Thu Feb 22 02:33:06 2001 +0000
@@ -1,4 +1,4 @@
-.\" $KAME: racoon.conf.5,v 1.73 2001/01/26 10:16:26 sakane Exp $
+.\" $KAME: racoon.conf.5,v 1.76 2001/02/22 01:11:42 sakane Exp $
.\"
.\" Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
.\" All rights reserved.
@@ -138,8 +138,16 @@
.Sx Pre-shared key File .
.It Ic path certificate Ar path ;
.Xr racoon 8
-will search this directory if a certificate or certificate request
-is received.
+will search this directory if a certificate or certificate request is received.
+.It Ic path backupsa Ar file ;
+specifies a file to be stored a SA information which is negotiated by racoon.
+.Xr racoon 8
+will install SA(s) from the file with a boot option
+.Fl B .
+The file is increasing because
+.Xr racoon 8
+simply add a SA to the file at the moment.
+You should maintain the file manually.
.El
.\"
.Ss File Include
Home |
Main Index |
Thread Index |
Old Index