From: Emmanuel D. <ma...@us...> - 2005-09-23 14:29:54
|
Update of /cvsroot/ipsec-tools/ipsec-tools/src/racoon In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv30744/src/racoon Modified Files: Tag: ipsec-tools-0_6-branch isakmp_agg.c isakmp_base.c isakmp_cfg.c isakmp_ident.c racoon.conf.5 Log Message: From Matthias Scheler <mat...@ta...> enable the use of ISAKMP mode config without Xauth. Index: isakmp_agg.c =================================================================== RCS file: /cvsroot/ipsec-tools/ipsec-tools/src/racoon/isakmp_agg.c,v retrieving revision 1.20.2.1 retrieving revision 1.20.2.2 diff -u -d -r1.20.2.1 -r1.20.2.2 --- isakmp_agg.c 9 Apr 2005 22:32:06 -0000 1.20.2.1 +++ isakmp_agg.c 23 Sep 2005 14:29:45 -0000 1.20.2.2 @@ -111,7 +111,7 @@ vchar_t *cr = NULL, *gsstoken = NULL; int error = -1; #ifdef ENABLE_NATT - vchar_t *vid_natt[MAX_NATT_VID_COUNT]; + vchar_t *vid_natt[MAX_NATT_VID_COUNT] = { NULL }; int i; #endif #ifdef ENABLE_HYBRID @@ -250,11 +250,12 @@ plist = isakmp_plist_append(plist, vid_frag, ISAKMP_NPTYPE_VID); #endif #ifdef ENABLE_NATT - /* set VID payload for NAT-T if NAT-T support allowed in the config file */ + /* + * set VID payload for NAT-T if NAT-T + * support allowed in the config file + */ if (iph1->rmconf->nat_traversal) plist = isakmp_plist_append_natt_vids(plist, vid_natt); - else - vid_natt[0]=NULL; #endif #ifdef ENABLE_HYBRID if (vid_xauth) Index: isakmp_cfg.c =================================================================== RCS file: /cvsroot/ipsec-tools/ipsec-tools/src/racoon/isakmp_cfg.c,v retrieving revision 1.26.2.5 retrieving revision 1.26.2.6 diff -u -d -r1.26.2.5 -r1.26.2.6 --- isakmp_cfg.c 10 May 2005 09:45:46 -0000 1.26.2.5 +++ isakmp_cfg.c 23 Sep 2005 14:29:45 -0000 1.26.2.6 @@ -728,6 +728,12 @@ /* FALLTHROUGH */ #endif case ISAKMP_CFG_CONF_LOCAL: + if (isakmp_cfg_getport(iph1) == -1) { + plog(LLV_ERROR, LOCATION, NULL, + "Port pool depleted\n"); + break; + } + iph1->mode_cfg->addr4.s_addr = htonl(ntohl(isakmp_cfg_config.network4) + iph1->mode_cfg->port); @@ -1155,6 +1161,9 @@ unsigned int i; size_t size = isakmp_cfg_config.pool_size; + if (iph1->mode_cfg->flags & ISAKMP_CFG_PORT_ALLOCATED) + return iph1->mode_cfg->port; + if (isakmp_cfg_config.port_pool == NULL) { plog(LLV_ERROR, LOCATION, NULL, "isakmp_cfg_config.port_pool == NULL\n"); Index: isakmp_base.c =================================================================== RCS file: /cvsroot/ipsec-tools/ipsec-tools/src/racoon/isakmp_base.c,v retrieving revision 1.11 retrieving revision 1.11.4.1 diff -u -d -r1.11 -r1.11.4.1 --- isakmp_base.c 22 Nov 2004 17:21:31 -0000 1.11 +++ isakmp_base.c 23 Sep 2005 14:29:45 -0000 1.11.4.1 @@ -97,7 +97,7 @@ struct payload_list *plist = NULL; int error = -1; #ifdef ENABLE_NATT - vchar_t *vid_natt[MAX_NATT_VID_COUNT]; + vchar_t *vid_natt[MAX_NATT_VID_COUNT] = { NULL }; int i, vid_natt_i = 0; #endif #ifdef ENABLE_FRAG Index: racoon.conf.5 =================================================================== RCS file: /cvsroot/ipsec-tools/ipsec-tools/src/racoon/racoon.conf.5,v retrieving revision 1.27.2.8 retrieving revision 1.27.2.9 diff -u -d -r1.27.2.8 -r1.27.2.9 --- racoon.conf.5 7 Jul 2005 14:55:58 -0000 1.27.2.8 +++ racoon.conf.5 23 Sep 2005 14:29:45 -0000 1.27.2.9 @@ -478,9 +478,6 @@ .\" .It Ic mode_cfg (on \(ba off) ; Gather network information through ISAKMP mode configuration. -This only works if -.Ic hybrid_rsa_client -is the approved proposal. Default is off. .\" .It Ic peers_certfile ( dnssec | Ar certfile ) ; @@ -937,15 +934,12 @@ Defines the information to return for remote hosts' ISAKMP mode config requests. Also defines the authentication source for remote peers -authenticating through Xauth/hybrid auth. +authenticating through hybrid auth. .Pp -This section is currently only useful if you selected the -.Ic hybrid_rsa_server -authentication method. The following are valid statements: .Bl -tag -width Ds -compact .It Ic auth_source (system \(ba radius \(ba pam) ; -Specify the source for authentication of users through Xauth/hybrid auth. +Specify the source for authentication of users through hybrid auth. .Ar system means to use the Unix user database. This is the default. @@ -961,8 +955,8 @@ .Xr racoon 8 was built with libpam support. .It Ic conf_source (local \(ba radius) ; -Specify the source for IP addresses and netmask of users authenticated -through Xauth/hybrid auth. +Specify the source for IP addresses and netmask allocated through ISAKMP +mode config. .Ar local means to use the local IP pool defined by the .Ic network4 @@ -978,7 +972,7 @@ .Xr radius.conf 5 . RADIUS configuration requires RADIUS authentication. .It Ic accounting (none \(ba radius \(ba pam) ; -Enable or disable accounting. +Enable or disable accounting for Xauth logins and logouts. Default is .Ar none , which disable accounting. @@ -1000,7 +994,7 @@ through RADIUS. .Ic conf_source selects the local pool or the RADIUS configuration, but in both -configuration, you cannot have more than +configurations, you cannot have more than .Ar size users connected at the same time. The default is 255. Index: isakmp_ident.c =================================================================== RCS file: /cvsroot/ipsec-tools/ipsec-tools/src/racoon/isakmp_ident.c,v retrieving revision 1.13 retrieving revision 1.13.2.1 diff -u -d -r1.13 -r1.13.2.1 --- isakmp_ident.c 29 Jan 2005 16:34:25 -0000 1.13 +++ isakmp_ident.c 23 Sep 2005 14:29:45 -0000 1.13.2.1 @@ -101,7 +101,7 @@ struct payload_list *plist = NULL; int error = -1; #ifdef ENABLE_NATT - vchar_t *vid_natt[MAX_NATT_VID_COUNT]; + vchar_t *vid_natt[MAX_NATT_VID_COUNT] = { NULL }; int i; #endif #ifdef ENABLE_DPD @@ -135,8 +135,6 @@ /* set VID payload for NAT-T if NAT-T support allowed in the config file */ if (iph1->rmconf->nat_traversal) plist = isakmp_plist_append_natt_vids(plist, vid_natt); - else - vid_natt[0]=NULL; #endif #ifdef ENABLE_DPD if(iph1->rmconf->dpd){ |