[Ipsec-tools-commits] ipsec-tools/src/racoon handler.c,1.19,1.20 ipsec_doi.c,1.35,1.36

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

Update of /cvsroot/ipsec-tools/ipsec-tools/src/racoon
In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv25553/src/racoon

Modified Files:
	handler.c ipsec_doi.c 
Log Message:
From Larry Baird <la...@gt...>: 
When altering lifetime, duplicate the proposal instead of modifying 
the configured one.


Index: ipsec_doi.c
===================================================================
RCS file: /cvsroot/ipsec-tools/ipsec-tools/src/racoon/ipsec_doi.c,v
retrieving revision 1.35
retrieving revision 1.36
diff -u -d -r1.35 -r1.36

--- ipsec_doi.c	8 May 2005 17:58:25 -0000	1.35
+++ ipsec_doi.c	20 May 2005 00:15:06 -0000	1.36
@@ -213,7 +213,10 @@
 	int prophlen;
 	int i;
 
-	iph1->approval = NULL;
+	if (iph1->approval) {
+		delisakmpsa(iph1->approval);
+		iph1->approval = NULL;
+	}
 
 	for (i = 0; i < MAXPROPPAIRLEN; i++) {
 		if (pair[i] == NULL)
@@ -301,15 +304,12 @@
 		plog(LLV_DEBUG, LOCATION, NULL, "GIr is %.*s\n",
 		    iph1->gi_r->l, iph1->gi_r->v);
 #else
-	iph1->approval = dupisakmpsa(sa);
-	if (iph1->approval == NULL)
-		return NULL;
+	iph1->approval = sa;
 #endif
 	if(iph1->approval) {
 		plog(LLV_DEBUG, LOCATION, NULL, "agreed on %s auth.\n",
 		    s_oakley_attr_method(iph1->approval->authmethod));
 	}
-	
 
 	newsa = get_sabyproppair(p, iph1);
 	if (newsa == NULL){
@@ -400,8 +400,6 @@
 		    tsap->encklen == s->encklen) {
 			switch(check_level) {
 			case PROP_CHECK_OBEY:
-				s->lifetime = tsap->lifetime;
-				s->lifebyte = tsap->lifebyte;
 				goto found;
 				break;
 
@@ -409,9 +407,6 @@
 				if ((tsap->lifetime > s->lifetime) ||
 				    (tsap->lifebyte > s->lifebyte))
 					continue;
-
-				s->lifetime = tsap->lifetime;
-				s->lifebyte = tsap->lifebyte;
 				goto found;
 				break;
 
@@ -444,6 +439,30 @@
 		oakley_dhgrp_free(tsap->dhgrp);
 		tsap->dhgrp = NULL;
 	}
+
+	if ((s = dupisakmpsa(s)) != NULL) {
+		switch(check_level) {
+		case PROP_CHECK_OBEY:
+			s->lifetime = tsap->lifetime;
+			s->lifebyte = tsap->lifebyte;
+			break;
+
+		case PROP_CHECK_STRICT:
+			s->lifetime = tsap->lifetime;
+			s->lifebyte = tsap->lifebyte;
+			break;
+
+		case PROP_CHECK_CLAIM:
+			if (tsap->lifetime < s->lifetime)
+				s->lifetime = tsap->lifetime;
+			if (tsap->lifebyte < s->lifebyte)
+				s->lifebyte = tsap->lifebyte;
+			break;
+
+		default:
+			break;
+		}
+	}
 	return s;
 }
 
@@ -4178,24 +4197,10 @@
 fixup_initiator_sa(match, received)
 	struct isakmpsa *match, *received;
 {
-	struct isakmpsa *newsa;
-
-	if (received->gssid == NULL)
-		return match;
-
-	newsa = newisakmpsa();
-	memcpy(newsa, match, sizeof *newsa);
-
-	if (match->dhgrp != NULL) {
-		newsa->dhgrp = racoon_calloc(1, sizeof(struct dhgroup));
-		memcpy(newsa->dhgrp, match->dhgrp, sizeof (struct dhgroup));
-	}
-	newsa->next = NULL;
-	newsa->rmconf = NULL;
-
-	newsa->gssid = vdup(received->gssid);
+	if (received->gssid != NULL)
+		match->gssid = vdup(received->gssid);
 
-	return newsa;
+	return match;
 }
 #endif
 

Index: handler.c
===================================================================
RCS file: /cvsroot/ipsec-tools/ipsec-tools/src/racoon/handler.c,v
retrieving revision 1.19
retrieving revision 1.20
diff -u -d -r1.19 -r1.20
--- handler.c	17 May 2005 14:50:25 -0000	1.19
+++ handler.c	20 May 2005 00:15:05 -0000	1.20
@@ -289,6 +289,10 @@
 		racoon_free(iph1->local);
 		iph1->local = NULL;
 	}
+	if (iph1->approval) {
+		delisakmpsa(iph1->approval);
+		iph1->approval = NULL;
+	}
 
 #ifdef ENABLE_HYBRID
 	if (iph1->mode_cfg)



