From: Emmanuel D. <ma...@us...> - 2006-07-20 19:22:54
|
Update of /cvsroot/ipsec-tools/ipsec-tools/src/racoon In directory sc8-pr-cvs2.sourceforge.net:/tmp/cvs-serv17101/src/racoon Modified Files: cfparse.y cftoken.l isakmp_cfg.c isakmp_cfg.h isakmp_unity.c racoon.conf.5 Log Message: >From Matthew Grooms <mg...@sh...> Split DNS support (server side) Index: isakmp_cfg.h =================================================================== RCS file: /cvsroot/ipsec-tools/ipsec-tools/src/racoon/isakmp_cfg.h,v retrieving revision 1.18 retrieving revision 1.19 diff -u -d -r1.18 -r1.19 --- isakmp_cfg.h 24 Jun 2006 07:40:23 -0000 1.18 +++ isakmp_cfg.h 20 Jul 2006 19:22:50 -0000 1.19 @@ -106,6 +106,8 @@ struct unity_addrlist splitnet[MAXSPLIT]; int split_net_type; int split_index; + char *splitdns_list; + int splitdns_len; int pfs_group; int save_passwd; }; @@ -199,12 +201,13 @@ struct isakmp_cfg_state *isakmp_cfg_mkstate(void); vchar_t *isakmp_cfg_copy(struct ph1handle *, struct isakmp_data *); vchar_t *isakmp_cfg_short(struct ph1handle *, struct isakmp_data *, int); +vchar_t *isakmp_cfg_varlen(struct ph1handle *, struct isakmp_data *, char *, size_t); vchar_t *isakmp_cfg_string(struct ph1handle *, struct isakmp_data *, char *); int isakmp_cfg_getconfig(struct ph1handle *); int isakmp_cfg_setenv(struct ph1handle *, char ***, int *); int isakmp_cfg_resize_pool(int); -int isakmp_cfg_getport(struct ph1handle *); +int isakmp_cfg_getport(struct ph1handle *); int isakmp_cfg_putport(struct ph1handle *, unsigned int); int isakmp_cfg_init(int); #define ISAKMP_CFG_INIT_COLD 1 Index: isakmp_cfg.c =================================================================== RCS file: /cvsroot/ipsec-tools/ipsec-tools/src/racoon/isakmp_cfg.c,v retrieving revision 1.52 retrieving revision 1.53 diff -u -d -r1.52 -r1.53 --- isakmp_cfg.c 13 Jul 2006 22:35:42 -0000 1.52 +++ isakmp_cfg.c 20 Jul 2006 19:22:50 -0000 1.53 @@ -979,17 +979,16 @@ } vchar_t * -isakmp_cfg_string(iph1, attr, string) +isakmp_cfg_varlen(iph1, attr, string, len) struct ph1handle *iph1; struct isakmp_data *attr; char *string; + size_t len; { vchar_t *buffer; struct isakmp_data *new; - size_t len; char *data; - len = strlen(string); if ((buffer = vmalloc(sizeof(*attr) + len)) == NULL) { plog(LLV_ERROR, LOCATION, NULL, "Cannot allocate memory\n"); return NULL; @@ -1005,6 +1004,15 @@ return buffer; } +vchar_t * +isakmp_cfg_string(iph1, attr, string) + struct ph1handle *iph1; + struct isakmp_data *attr; + char *string; +{ + size_t len = strlen(string); + return isakmp_cfg_varlen(iph1, attr, string, len); +} static vchar_t * isakmp_cfg_addr4(iph1, attr, addr) @@ -2105,6 +2113,12 @@ isakmp_cfg_config.pfs_group = 0; isakmp_cfg_config.save_passwd = 0; + if (cold != ISAKMP_CFG_INIT_COLD ) + if( isakmp_cfg_config.splitdns_list != NULL ) + racoon_free( isakmp_cfg_config.splitdns_list ); + isakmp_cfg_config.splitdns_list = NULL; + isakmp_cfg_config.splitdns_len = 0; + if (cold == ISAKMP_CFG_INIT_COLD) { if ((error = isakmp_cfg_resize_pool(ISAKMP_CFG_MAX_CNX)) != 0) return error; Index: isakmp_unity.c =================================================================== RCS file: /cvsroot/ipsec-tools/ipsec-tools/src/racoon/isakmp_unity.c,v retrieving revision 1.8 retrieving revision 1.9 diff -u -d -r1.8 -r1.9 --- isakmp_unity.c 30 Oct 2005 10:28:38 -0000 1.8 +++ isakmp_unity.c 20 Jul 2006 19:22:50 -0000 1.9 @@ -179,8 +179,12 @@ else return NULL; break; - case UNITY_FW_TYPE: case UNITY_SPLITDNS_NAME: + reply_attr = isakmp_cfg_varlen(iph1, attr, + isakmp_cfg_config.splitdns_list, + isakmp_cfg_config.splitdns_len); + break; + case UNITY_FW_TYPE: case UNITY_NATT_PORT: case UNITY_BACKUP_SERVERS: default: Index: cfparse.y =================================================================== RCS file: /cvsroot/ipsec-tools/ipsec-tools/src/racoon/cfparse.y,v retrieving revision 1.63 retrieving revision 1.64 diff -u -d -r1.63 -r1.64 --- cfparse.y 9 Jul 2006 17:19:37 -0000 1.63 +++ cfparse.y 20 Jul 2006 19:22:50 -0000 1.64 @@ -200,7 +200,7 @@ %token MODECFG CFG_NET4 CFG_MASK4 CFG_DNS4 CFG_NBNS4 CFG_DEFAULT_DOMAIN %token CFG_AUTH_SOURCE CFG_SYSTEM CFG_RADIUS CFG_PAM CFG_LDAP CFG_LOCAL CFG_NONE %token CFG_ACCOUNTING CFG_CONF_SOURCE CFG_MOTD CFG_POOL_SIZE CFG_AUTH_THROTTLE -%token CFG_SPLIT_NETWORK CFG_SPLIT_LOCAL CFG_SPLIT_INCLUDE +%token CFG_SPLIT_NETWORK CFG_SPLIT_LOCAL CFG_SPLIT_INCLUDE CFG_SPLIT_DNS %token CFG_PFS_GROUP CFG_SAVE_PASSWD /* timer */ @@ -706,6 +706,13 @@ #endif } EOS + | CFG_SPLIT_DNS splitdnslist + { +#ifndef ENABLE_HYBRID + yyerror("racoon not configured with --enable-hybrid"); +#endif + } + EOS | CFG_DEFAULT_DOMAIN QUOTEDSTRING { #ifdef ENABLE_HYBRID @@ -964,6 +971,40 @@ } ; +splitdnslist + : splitdns + | splitdns COMMA splitdnslist + ; +splitdns + : QUOTEDSTRING + { +#ifdef ENABLE_HYBRID + struct isakmp_cfg_config *icc = &isakmp_cfg_config; + + if (!icc->splitdns_len) + { + icc->splitdns_list = racoon_malloc($1->l); + if(icc->splitdns_list == NULL) + yyerror("error allocating splitdns list buffer"); + memcpy(icc->splitdns_list,$1->v,$1->l); + icc->splitdns_len = $1->l; + } + else + { + int len = icc->splitdns_len + $1->l + 1; + icc->splitdns_list = racoon_realloc(icc->splitdns_list,len); + if(icc->splitdns_list == NULL) + yyerror("error allocating splitdns list buffer"); + icc->splitdns_list[icc->splitdns_len] = ','; + memcpy(icc->splitdns_list + icc->splitdns_len + 1, $1->v, $1->l); + icc->splitdns_len = len; + } + vfree($1); +#else + yyerror("racoon not configured with --enable-hybrid"); +#endif + } + ; /* timer */ Index: cftoken.l =================================================================== RCS file: /cvsroot/ipsec-tools/ipsec-tools/src/racoon/cftoken.l,v retrieving revision 1.51 retrieving revision 1.52 diff -u -d -r1.51 -r1.52 --- cftoken.l 9 Jul 2006 17:19:37 -0000 1.51 +++ cftoken.l 20 Jul 2006 19:22:50 -0000 1.52 @@ -256,6 +256,7 @@ <S_CFG>split_network { YYD; return(CFG_SPLIT_NETWORK); } <S_CFG>local_lan { YYD; return(CFG_SPLIT_LOCAL); } <S_CFG>include { YYD; return(CFG_SPLIT_INCLUDE); } +<S_CFG>split_dns { YYD; return(CFG_SPLIT_DNS); } <S_CFG>pfs_group { YYD; return(CFG_PFS_GROUP); } <S_CFG>save_passwd { YYD; return(CFG_SAVE_PASSWD); } <S_CFG>{comma} { YYD; return(COMMA); } Index: racoon.conf.5 =================================================================== RCS file: /cvsroot/ipsec-tools/ipsec-tools/src/racoon/racoon.conf.5,v retrieving revision 1.51 retrieving revision 1.52 diff -u -d -r1.51 -r1.52 --- racoon.conf.5 9 Jul 2006 17:19:38 -0000 1.51 +++ racoon.conf.5 20 Jul 2006 19:22:50 -0000 1.52 @@ -1137,6 +1137,11 @@ is used, everything will pass through the tunnel but those destinations. .It Ic default_domain Ar domain ; The default DNS domain to send. +.It Ic split_dns Ar "domain", ... +The split dns configuration to send, in quoted domain name strings. This list can +be used to describe a list of domain names for which a peer should query a modecfg +assigned dns server. DNS queries for all other domains would be handled locally. +(Cisco VPN client only). .It Ic banner Ar path ; The path of a file displayed on the client at connection time. Default is |