[src/trunk]: src/crypto/dist/ipsec-tools/src/racoon From Maik Broemme: export...

[tteras <tteras%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/d05f80e76643
branches:  trunk
changeset: 747073:d05f80e76643
user:      tteras <tteras%NetBSD.org@localhost>
date:      Tue Sep 01 09:24:21 2009 +0000

description:
>From Maik Broemme: export ISAKMP SA identity as REMOTE_ID for phase1 up
script (trac #313).

diffstat:

 crypto/dist/ipsec-tools/src/racoon/isakmp.c      |  12 +++++++++++-
 crypto/dist/ipsec-tools/src/racoon/racoon.conf.5 |   4 +++-
 2 files changed, 14 insertions(+), 2 deletions(-)

diffs (44 lines):

diff -r 93b58b458f4a -r d05f80e76643 crypto/dist/ipsec-tools/src/racoon/isakmp.c
--- a/crypto/dist/ipsec-tools/src/racoon/isakmp.c       Mon Aug 31 20:48:14 2009 +0000
+++ b/crypto/dist/ipsec-tools/src/racoon/isakmp.c       Tue Sep 01 09:24:21 2009 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: isakmp.c,v 1.58 2009/07/03 06:41:46 tteras Exp $       */
+/*     $NetBSD: isakmp.c,v 1.59 2009/09/01 09:24:21 tteras Exp $       */
 
 /* Id: isakmp.c,v 1.74 2006/05/07 21:32:59 manubsd Exp */
 
@@ -3140,6 +3140,16 @@
                }
        }
 
+       /* Peer identity. */
+       if (iph1->id_p != NULL) {
+               if (script_env_append(&envp, &envc, "REMOTE_ID",
+                                     ipsecdoi_id2str(iph1->id_p)) != 0) {
+                       plog(LLV_ERROR, LOCATION, NULL,
+                            "Cannot set REMOTE_ID\n");
+                       goto out;
+               }
+       }
+
        if (privsep_script_exec(iph1->rmconf->script[script]->v, 
            script, envp) != 0) 
                plog(LLV_ERROR, LOCATION, NULL, 
diff -r 93b58b458f4a -r d05f80e76643 crypto/dist/ipsec-tools/src/racoon/racoon.conf.5
--- a/crypto/dist/ipsec-tools/src/racoon/racoon.conf.5  Mon Aug 31 20:48:14 2009 +0000
+++ b/crypto/dist/ipsec-tools/src/racoon/racoon.conf.5  Tue Sep 01 09:24:21 2009 +0000
@@ -1,4 +1,4 @@
-.\"    $NetBSD: racoon.conf.5,v 1.56 2009/05/04 22:28:30 wiz Exp $
+.\"    $NetBSD: racoon.conf.5,v 1.57 2009/09/01 09:24:21 tteras Exp $
 .\"
 .\"    Id: racoon.conf.5,v 1.54 2006/08/22 18:17:17 manubsd Exp
 .\"
@@ -625,6 +625,8 @@
 The remote address of the phase 1 SA.
 .It Ev REMOTE_PORT
 The remote port used for IKE for the phase 1 SA.
+.It Ev REMOTE_ID
+The remote identity received in IKE for the phase 1 SA.
 .El
 The following variables are only set if
 .Ic mode_cfg