From: Emmanuel D. <ma...@us...> - 2005-01-22 22:26:55
|
Update of /cvsroot/ipsec-tools/ipsec-tools/src/racoon In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv1105/src/racoon Modified Files: Tag: ipsec-tools-0_5-branch cfparse.y cftoken.l racoon.conf.5 Log Message: From Fred Senault: change "my_identifier login" into "xauth_login" in the config file so that we can introduce Xauth with a pre-shared key later. The back-end was not changed, the goal is to just change the user interface before it gets carved into the stone by the 0.5 release. Index: cftoken.l =================================================================== RCS file: /cvsroot/ipsec-tools/ipsec-tools/src/racoon/cftoken.l,v retrieving revision 1.26 retrieving revision 1.26.2.1 diff -u -d -r1.26 -r1.26.2.1 --- cftoken.l 1 Dec 2004 11:00:16 -0000 1.26 +++ cftoken.l 22 Jan 2005 22:26:46 -0000 1.26.2.1 @@ -270,6 +270,7 @@ <S_RMTS>integrity { YYD; yylval.num = IPSECDOI_SIT_INTEGRITY; return(SITUATIONTYPE); } <S_RMTS>identifier { YYD; yywarn("it is obsoleted. use \"my_identifier\"."); return(IDENTIFIER); } <S_RMTS>my_identifier { YYD; return(MY_IDENTIFIER); } +<S_RMTS>xauth_login { YYD; return(XAUTH_LOGIN); /* formerly identifier type login */ } <S_RMTS>peers_identifier { YYD; return(PEERS_IDENTIFIER); } <S_RMTS>verify_identifier { YYD; return(VERIFY_IDENTIFIER); } <S_RMTS>certificate_type { YYD; return(CERTIFICATE_TYPE); } @@ -440,13 +441,6 @@ address { YYD; yylval.num = IDTYPE_ADDRESS; return(IDENTIFIERTYPE); } asn1dn { YYD; yylval.num = IDTYPE_ASN1DN; return(IDENTIFIERTYPE); } certname { YYD; yywarn("certname will be obsoleted in near future."); yylval.num = IDTYPE_ASN1DN; return(IDENTIFIERTYPE); } -login { -#ifdef ENABLE_HYBRID - YYD; yylval.num = IDTYPE_LOGIN; return(IDENTIFIERTYPE); -#else - yyerror("racoon not configured with --enable-hybrid"); -#endif -} /* units */ B|byte|bytes { YYD; return(UNITTYPE_BYTE); } Index: racoon.conf.5 =================================================================== RCS file: /cvsroot/ipsec-tools/ipsec-tools/src/racoon/racoon.conf.5,v retrieving revision 1.20.2.1 retrieving revision 1.20.2.2 diff -u -d -r1.20.2.1 -r1.20.2.2 --- racoon.conf.5 13 Jan 2005 13:58:02 -0000 1.20.2.1 +++ racoon.conf.5 22 Jan 2005 22:26:46 -0000 1.20.2.2 @@ -315,16 +315,17 @@ is omitted, .Xr racoon 8 will get DN from Subject field in the certificate. -.It Ic my_identifier Ic login Bq Ar string ; -the type is a user login. This is used for client-side Hybrid authentication -and is available only if +.El +.\" +.It Ic xauth_login Ic Bq Ar string ; +specifies the login to use in client-side Hybrid authentication. +It is available only if .Xr racoon 8 has been built with this option. The associated password is looked up in the pre-shared key files, using the login .Ic string as the key id. -.El .\" .It Ic peers_identifier Ar idtype ... ; specifies the peer's identifier to be received. @@ -447,7 +448,7 @@ the peer if you do not specify it(them). They can be individually specified in each proposal. .\" -.It ike_frag Ar (on \(ba off) ; +.It Ic ike_frag (on \(ba off) ; Enable reciever-side IKE fragmentation, if .Xr racoon 8 has been build with @@ -617,8 +618,9 @@ This directive must be defined. .Ar type is one of: -.Ic pre_shared_key, rsasig , gssapi_krb , hybrid_rsa_server, -or hybrid_rsa_client. +.Ic pre_shared_key, rsasig, gssapi_krb, hybrid_rsa_server, +or +.Ic hybrid_rsa_client. .\" .It Ic dh_group Ar group ; define the group used for the Diffie-Hellman exponentiations. Index: cfparse.y =================================================================== RCS file: /cvsroot/ipsec-tools/ipsec-tools/src/racoon/cfparse.y,v retrieving revision 1.30 retrieving revision 1.30.2.1 diff -u -d -r1.30 -r1.30.2.1 --- cfparse.y 1 Dec 2004 11:00:16 -0000 1.30 +++ cfparse.y 22 Jan 2005 22:26:46 -0000 1.30.2.1 @@ -216,6 +216,7 @@ %token GSSAPI_ID %token COMPLEX_BUNDLE %token DPD DPD_DELAY DPD_RETRY DPD_MAXFAIL +%token XAUTH_LOGIN %token PREFIX PORT PORTANY UL_PROTO ANY IKE_FRAG MODE_CFG %token PFS_GROUP LIFETIME LIFETYPE_TIME LIFETYPE_BYTE STRENGTH @@ -1148,6 +1149,20 @@ cur_rmconf->idvtype = $2; } EOS + | XAUTH_LOGIN identifierstring + { +#ifdef ENABLE_HYBRID + /* formerly identifier type login */ + if (set_identifier(&cur_rmconf->idv, IDTYPE_LOGIN, $2) != 0) { + yyerror("failed to set identifer.\n"); + return -1; + } + /* cur_rmconf->use_xauth = 1; */ +#else + yyerror("racoon not configured with --enable-hybrid"); +#endif + } + EOS | PEERS_IDENTIFIER IDENTIFIERTYPE identifierstring { struct idspec *id; |