[Ipsec-tools-commits] ipsec-tools/src/racoon handler.c,1.19,1.20 ipsec_doi.c,1.35,1.36
Brought to you by:
mit_warlord,
netbsd
From: Emmanuel D. <ma...@us...> - 2005-05-20 00:15:21
|
Update of /cvsroot/ipsec-tools/ipsec-tools/src/racoon In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv25553/src/racoon Modified Files: handler.c ipsec_doi.c Log Message: From Larry Baird <la...@gt...>: When altering lifetime, duplicate the proposal instead of modifying the configured one. Index: ipsec_doi.c =================================================================== RCS file: /cvsroot/ipsec-tools/ipsec-tools/src/racoon/ipsec_doi.c,v retrieving revision 1.35 retrieving revision 1.36 diff -u -d -r1.35 -r1.36 --- ipsec_doi.c 8 May 2005 17:58:25 -0000 1.35 +++ ipsec_doi.c 20 May 2005 00:15:06 -0000 1.36 @@ -213,7 +213,10 @@ int prophlen; int i; - iph1->approval = NULL; + if (iph1->approval) { + delisakmpsa(iph1->approval); + iph1->approval = NULL; + } for (i = 0; i < MAXPROPPAIRLEN; i++) { if (pair[i] == NULL) @@ -301,15 +304,12 @@ plog(LLV_DEBUG, LOCATION, NULL, "GIr is %.*s\n", iph1->gi_r->l, iph1->gi_r->v); #else - iph1->approval = dupisakmpsa(sa); - if (iph1->approval == NULL) - return NULL; + iph1->approval = sa; #endif if(iph1->approval) { plog(LLV_DEBUG, LOCATION, NULL, "agreed on %s auth.\n", s_oakley_attr_method(iph1->approval->authmethod)); } - newsa = get_sabyproppair(p, iph1); if (newsa == NULL){ @@ -400,8 +400,6 @@ tsap->encklen == s->encklen) { switch(check_level) { case PROP_CHECK_OBEY: - s->lifetime = tsap->lifetime; - s->lifebyte = tsap->lifebyte; goto found; break; @@ -409,9 +407,6 @@ if ((tsap->lifetime > s->lifetime) || (tsap->lifebyte > s->lifebyte)) continue; - - s->lifetime = tsap->lifetime; - s->lifebyte = tsap->lifebyte; goto found; break; @@ -444,6 +439,30 @@ oakley_dhgrp_free(tsap->dhgrp); tsap->dhgrp = NULL; } + + if ((s = dupisakmpsa(s)) != NULL) { + switch(check_level) { + case PROP_CHECK_OBEY: + s->lifetime = tsap->lifetime; + s->lifebyte = tsap->lifebyte; + break; + + case PROP_CHECK_STRICT: + s->lifetime = tsap->lifetime; + s->lifebyte = tsap->lifebyte; + break; + + case PROP_CHECK_CLAIM: + if (tsap->lifetime < s->lifetime) + s->lifetime = tsap->lifetime; + if (tsap->lifebyte < s->lifebyte) + s->lifebyte = tsap->lifebyte; + break; + + default: + break; + } + } return s; } @@ -4178,24 +4197,10 @@ fixup_initiator_sa(match, received) struct isakmpsa *match, *received; { - struct isakmpsa *newsa; - - if (received->gssid == NULL) - return match; - - newsa = newisakmpsa(); - memcpy(newsa, match, sizeof *newsa); - - if (match->dhgrp != NULL) { - newsa->dhgrp = racoon_calloc(1, sizeof(struct dhgroup)); - memcpy(newsa->dhgrp, match->dhgrp, sizeof (struct dhgroup)); - } - newsa->next = NULL; - newsa->rmconf = NULL; - - newsa->gssid = vdup(received->gssid); + if (received->gssid != NULL) + match->gssid = vdup(received->gssid); - return newsa; + return match; } #endif Index: handler.c =================================================================== RCS file: /cvsroot/ipsec-tools/ipsec-tools/src/racoon/handler.c,v retrieving revision 1.19 retrieving revision 1.20 diff -u -d -r1.19 -r1.20 --- handler.c 17 May 2005 14:50:25 -0000 1.19 +++ handler.c 20 May 2005 00:15:05 -0000 1.20 @@ -289,6 +289,10 @@ racoon_free(iph1->local); iph1->local = NULL; } + if (iph1->approval) { + delisakmpsa(iph1->approval); + iph1->approval = NULL; + } #ifdef ENABLE_HYBRID if (iph1->mode_cfg) |