diff options
author | Rene Mayrhofer <rene@mayrhofer.eu.org> | 2008-07-09 21:02:41 +0000 |
---|---|---|
committer | Rene Mayrhofer <rene@mayrhofer.eu.org> | 2008-07-09 21:02:41 +0000 |
commit | db67c87db3c9089ea8d2e14f617bf3d9e2af261f (patch) | |
tree | 665c0caea83d34c11c1517c4c57137bb58cba6fb /src/pluto | |
parent | 1c088a8b6237ec67f63c23f97a0f2dc4e99af869 (diff) | |
download | vyos-strongswan-db67c87db3c9089ea8d2e14f617bf3d9e2af261f.tar.gz vyos-strongswan-db67c87db3c9089ea8d2e14f617bf3d9e2af261f.zip |
[svn-upgrade] Integrating new upstream version, strongswan (4.2.4)
Diffstat (limited to 'src/pluto')
-rw-r--r-- | src/pluto/Makefile.am | 11 | ||||
-rw-r--r-- | src/pluto/Makefile.in | 51 | ||||
-rw-r--r-- | src/pluto/ac.c | 12 | ||||
-rw-r--r-- | src/pluto/alg/ike_alg_aes.c | 2 | ||||
-rw-r--r-- | src/pluto/alg_info.c | 12 | ||||
-rw-r--r-- | src/pluto/connections.c | 6 | ||||
-rw-r--r-- | src/pluto/connections.h | 4 | ||||
-rw-r--r-- | src/pluto/constants.c | 22 | ||||
-rw-r--r-- | src/pluto/constants.h | 5 | ||||
-rw-r--r-- | src/pluto/crl.c | 4 | ||||
-rw-r--r-- | src/pluto/demux.c | 4 | ||||
-rw-r--r-- | src/pluto/fetch.c | 4 | ||||
-rw-r--r-- | src/pluto/ike_alg.c | 5 | ||||
-rw-r--r-- | src/pluto/ipsec_doi.c | 13 | ||||
-rw-r--r-- | src/pluto/kernel.c | 22 | ||||
-rw-r--r-- | src/pluto/kernel_netlink.c | 31 | ||||
-rw-r--r-- | src/pluto/keys.c | 10 | ||||
-rw-r--r-- | src/pluto/log.c | 32 | ||||
-rw-r--r-- | src/pluto/modecfg.c | 13 | ||||
-rw-r--r-- | src/pluto/plutomain.c | 40 | ||||
-rw-r--r-- | src/pluto/smartcard.c | 10 | ||||
-rw-r--r-- | src/pluto/spdb.c | 16 | ||||
-rw-r--r-- | src/pluto/vendor.c | 9 | ||||
-rw-r--r-- | src/pluto/vendor.h | 26 | ||||
-rw-r--r-- | src/pluto/xauth.c | 4 | ||||
-rw-r--r-- | src/pluto/xauth.h | 13 |
26 files changed, 228 insertions, 153 deletions
diff --git a/src/pluto/Makefile.am b/src/pluto/Makefile.am index 69902ad8f..156b81018 100644 --- a/src/pluto/Makefile.am +++ b/src/pluto/Makefile.am @@ -123,12 +123,19 @@ if USE_NAT_TRANSPORT endif # This compile option activates dynamic URL fetching using libcurl -if USE_LIBCURL +if USE_CURL pluto_LDADD += -lcurl + AM_CFLAGS += -DLIBCURL endif # This compile option activates dynamic LDAP CRL fetching -if USE_LIBLDAP +if USE_LDAP pluto_LDADD += -lldap -llber + AM_CFLAGS += -DLIBLDAP +endif + +# This compile option activates smartcard support +if USE_SMARTCARD + AM_CFLAGS += -DSMARTCARD endif diff --git a/src/pluto/Makefile.in b/src/pluto/Makefile.in index a9ae01d65..42017641c 100644 --- a/src/pluto/Makefile.in +++ b/src/pluto/Makefile.in @@ -1,8 +1,8 @@ -# Makefile.in generated by automake 1.10 from Makefile.am. +# Makefile.in generated by automake 1.10.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006 Free Software Foundation, Inc. +# 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -51,10 +51,15 @@ ipsec_PROGRAMS = pluto$(EXEEXT) _pluto_adns$(EXEEXT) @USE_NAT_TRANSPORT_TRUE@am__append_4 = -DI_KNOW_TRANSPORT_MODE_HAS_SECURITY_CONCERN_BUT_I_WANT_IT # This compile option activates dynamic URL fetching using libcurl -@USE_LIBCURL_TRUE@am__append_5 = -lcurl +@USE_CURL_TRUE@am__append_5 = -lcurl +@USE_CURL_TRUE@am__append_6 = -DLIBCURL # This compile option activates dynamic LDAP CRL fetching -@USE_LIBLDAP_TRUE@am__append_6 = -lldap -llber +@USE_LDAP_TRUE@am__append_7 = -lldap -llber +@USE_LDAP_TRUE@am__append_8 = -DLIBLDAP + +# This compile option activates smartcard support +@USE_SMARTCARD_TRUE@am__append_9 = -DSMARTCARD subdir = src/pluto DIST_COMMON = $(dist_man_MANS) $(srcdir)/Makefile.am \ $(srcdir)/Makefile.in TODO @@ -138,6 +143,7 @@ CXXFLAGS = @CXXFLAGS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ +DSYMUTIL = @DSYMUTIL@ ECHO = @ECHO@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ @@ -167,6 +173,7 @@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ +NMEDIT = @NMEDIT@ OBJEXT = @OBJEXT@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ @@ -197,7 +204,6 @@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ -backenddir = @backenddir@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ @@ -208,12 +214,11 @@ builddir = @builddir@ confdir = @confdir@ datadir = @datadir@ datarootdir = @datarootdir@ -dbus_CFLAGS = @dbus_CFLAGS@ -dbus_LIBS = @dbus_LIBS@ docdir = @docdir@ dvidir = @dvidir@ -eapdir = @eapdir@ exec_prefix = @exec_prefix@ +gtk_CFLAGS = @gtk_CFLAGS@ +gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -223,12 +228,12 @@ htmldir = @htmldir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ -interfacedir = @interfacedir@ ipsecdir = @ipsecdir@ -ipsecgid = @ipsecgid@ -ipsecuid = @ipsecuid@ +ipsecgroup = @ipsecgroup@ +ipsecuser = @ipsecuser@ libdir = @libdir@ libexecdir = @libexecdir@ +libstrongswan_plugins = @libstrongswan_plugins@ linuxdir = @linuxdir@ localedir = @localedir@ localstatedir = @localstatedir@ @@ -241,10 +246,12 @@ plugindir = @plugindir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +resolv_conf = @resolv_conf@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ simreader = @simreader@ srcdir = @srcdir@ +strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ top_builddir = @top_builddir@ @@ -328,10 +335,11 @@ AM_CFLAGS = -DIPSEC_DIR=\"${ipsecdir}\" -DIPSEC_CONFDIR=\"${confdir}\" \ -DSHARED_SECRETS_FILE=\"${confdir}/ipsec.secrets\" \ -DKERNEL26_SUPPORT -DKERNEL26_HAS_KAME_DUPLICATES -DPLUTO \ -DKLIPS -DDEBUG -DTHREADS $(am__append_1) $(am__append_2) \ - $(am__append_3) $(am__append_4) + $(am__append_3) $(am__append_4) $(am__append_6) \ + $(am__append_8) $(am__append_9) pluto_LDADD = oid.o $(LIBFREESWANDIR)/libfreeswan.a \ $(LIBCRYPTODIR)/libcrypto.a -lgmp -lresolv -lpthread -ldl \ - $(am__append_5) $(am__append_6) + $(am__append_5) $(am__append_7) _pluto_adns_LDADD = \ $(LIBFREESWANDIR)/libfreeswan.a \ -lresolv -ldl @@ -379,8 +387,8 @@ install-ipsecPROGRAMS: $(ipsec_PROGRAMS) || test -f $$p1 \ ; then \ f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \ - echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(ipsecPROGRAMS_INSTALL) '$$p' '$(DESTDIR)$(ipsecdir)/$$f'"; \ - $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(ipsecPROGRAMS_INSTALL) "$$p" "$(DESTDIR)$(ipsecdir)/$$f" || exit 1; \ + echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(ipsecPROGRAMS_INSTALL) '$$p' '$(DESTDIR)$(ipsecdir)/$$f'"; \ + $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(ipsecPROGRAMS_INSTALL) "$$p" "$(DESTDIR)$(ipsecdir)/$$f" || exit 1; \ else :; fi; \ done @@ -681,8 +689,8 @@ ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ - $(AWK) ' { files[$$0] = 1; } \ - END { for (i in files) print i; }'`; \ + $(AWK) '{ files[$$0] = 1; nonemtpy = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ mkid -fID $$unique tags: TAGS @@ -694,8 +702,8 @@ TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ - $(AWK) ' { files[$$0] = 1; } \ - END { for (i in files) print i; }'`; \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ @@ -705,13 +713,12 @@ ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) tags=; \ - here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ - $(AWK) ' { files[$$0] = 1; } \ - END { for (i in files) print i; }'`; \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ test -z "$(CTAGS_ARGS)$$tags$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ $$tags $$unique diff --git a/src/pluto/ac.c b/src/pluto/ac.c index 43ebf91d9..77e0b40bb 100644 --- a/src/pluto/ac.c +++ b/src/pluto/ac.c @@ -12,7 +12,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * RCSID $Id: ac.c 3253 2007-10-06 21:39:00Z andreas $ + * RCSID $Id: ac.c 3686 2008-03-28 11:48:14Z martin $ */ #include <stdlib.h> @@ -599,16 +599,6 @@ parse_ac(chunk_t blob, x509acert_t *ac) } /* - * compare two X.509 attribute certificates by comparing their signatures - */ -static bool -same_x509acert(x509acert_t *a, x509acert_t *b) -{ - return a->signature.len == b->signature.len && - memcmp(a->signature.ptr, b->signature.ptr, b->signature.len) == 0; -} - -/* * release an ietfAttribute, free it if count reaches zero */ static void diff --git a/src/pluto/alg/ike_alg_aes.c b/src/pluto/alg/ike_alg_aes.c index 44de09b4c..c635af723 100644 --- a/src/pluto/alg/ike_alg_aes.c +++ b/src/pluto/alg/ike_alg_aes.c @@ -34,7 +34,7 @@ do_aes(u_int8_t *buf, size_t buf_len, u_int8_t *key, size_t key_size, u_int8_t * memcpy(new_iv=iv_bak, (char*) buf + buf_len - AES_CBC_BLOCK_SIZE , AES_CBC_BLOCK_SIZE); - AES_cbc_encrypt(&aes_ctx, buf, buf, buf_len, iv, enc); + SS_AES_cbc_encrypt(&aes_ctx, buf, buf, buf_len, iv, enc); if (enc) new_iv = (char*) buf + buf_len-AES_CBC_BLOCK_SIZE; diff --git a/src/pluto/alg_info.c b/src/pluto/alg_info.c index 145e492d4..cd02d2358 100644 --- a/src/pluto/alg_info.c +++ b/src/pluto/alg_info.c @@ -12,7 +12,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * RCSID $Id: alg_info.c 3253 2007-10-06 21:39:00Z andreas $ + * RCSID $Id: alg_info.c 3846 2008-04-18 17:01:45Z andreas $ */ #include <stddef.h> @@ -96,8 +96,8 @@ alg_info_esp_sadb2aa(int sadb_aalg) int auth = 0; switch(sadb_aalg) { - case SADB_AALG_MD5_HMAC: - case SADB_AALG_SHA1_HMAC: + case SADB_AALG_MD5HMAC: + case SADB_AALG_SHA1HMAC: auth = sadb_aalg - 1; break; /* since they are the same ... :) */ @@ -195,7 +195,11 @@ aalg_getbyname_esp(const char *const str, int len) /* interpret 'SHA' as 'SHA1' */ if (strncasecmp("SHA", str, len) == 0) - return enum_search(&auth_alg_names, "AUTH_ALGORITHM_HMAC_SHA1"); + return AUTH_ALGORITHM_HMAC_SHA1; + + /* interpret 'AESXCBC' as 'AES_XCBC_MAC' */ + if (strncasecmp("AESXCBC", str, len) == 0) + return AUTH_ALGORITHM_AES_XCBC_MAC; ret = enum_search_prefix(&auth_alg_names,"AUTH_ALGORITHM_HMAC_", str ,len); if (ret >= 0) diff --git a/src/pluto/connections.c b/src/pluto/connections.c index 8fbf969b6..13a004794 100644 --- a/src/pluto/connections.c +++ b/src/pluto/connections.c @@ -11,7 +11,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * RCSID $Id: connections.c 3361 2007-11-21 23:42:27Z andreas $ + * RCSID $Id: connections.c 3686 2008-03-28 11:48:14Z martin $ */ #include <string.h> @@ -2354,7 +2354,7 @@ initiate_opportunistic_body(struct find_oppo_bundle *b * DNS query (if any). It also selects the kind of the next step. * The second chunk initiates the next DNS query (if any). */ - enum find_oppo_step next_step; + enum find_oppo_step next_step = fos_myid_ip_txt; err_t ugh = ac_ugh; char mycredentialstr[BUF_LEN]; char cib[CONN_INST_BUF]; @@ -3279,7 +3279,7 @@ refine_host_connection(const struct state *st, const struct id *peer_id struct connection *d; struct connection *best_found = NULL; u_int16_t auth = st->st_oakley.auth; - lset_t auth_policy; + lset_t auth_policy = POLICY_PSK; const chunk_t *psk = NULL; bool wcpip; /* wildcard Peer IP? */ int best_prio = PRIO_NO_MATCH_FOUND; diff --git a/src/pluto/connections.h b/src/pluto/connections.h index 3000f888a..b11565296 100644 --- a/src/pluto/connections.h +++ b/src/pluto/connections.h @@ -11,7 +11,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * RCSID $Id: connections.h 3252 2007-10-06 21:24:50Z andreas $ + * RCSID $Id: connections.h 4024 2008-05-29 07:49:47Z andreas $ */ #ifndef _CONNECTIONS_H @@ -186,7 +186,7 @@ struct connection { char *log_file_name; /* name of log file */ FILE *log_file; /* possibly open FILE */ - CIRCLEQ_ENTRY(connection) log_link; /* linked list of open conns */ + TAILQ_ENTRY(connection) log_link; /* linked list of open conns */ bool log_file_err; /* only bitch once */ struct spd_route spd; diff --git a/src/pluto/constants.c b/src/pluto/constants.c index 93e430957..ca548afab 100644 --- a/src/pluto/constants.c +++ b/src/pluto/constants.c @@ -11,7 +11,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * RCSID $Id: constants.c 3252 2007-10-06 21:24:50Z andreas $ + * RCSID $Id: constants.c 3839 2008-04-18 11:25:37Z andreas $ */ /* @@ -377,11 +377,13 @@ static const char *const ah_transform_name[] = { "AH_SHA2_256", "AH_SHA2_384", "AH_SHA2_512", - "AH_RIPEMD" + "AH_RIPEMD", + "AH_AES_XCBC_MAC", + "AH_RSA" }; enum_names ah_transformid_names = - { AH_MD5, AH_RIPEMD, ah_transform_name, NULL }; + { AH_MD5, AH_RSA, ah_transform_name, NULL }; /* IPsec ESP transform values */ @@ -401,7 +403,13 @@ static const char *const esp_transform_name[] = { "ESP_AES-CTR", "ESP_AES-CCM_8", "ESP_AES-CCM_12", - "ESP_AES-CCM_16" + "ESP_AES-CCM_16", + "ESP_UNASSIGNED_17", + "ESP_AES_GCM_8", + "ESP_AES_GCM_12", + "ESP_AES_GCM_16", + "ESP_SEED_CBC", + "ESP_CAMELLIA" }; /* @@ -417,7 +425,7 @@ enum_names esp_transformid_names_high = { ESP_SERPENT, ESP_TWOFISH, esp_transform_name_high, NULL }; enum_names esp_transformid_names = - { ESP_DES_IV64, ESP_AES_CCM_16, esp_transform_name, &esp_transformid_names_high }; + { ESP_DES_IV64, ESP_CAMELLIA, esp_transform_name, &esp_transformid_names_high }; /* IPCOMP transform values */ @@ -684,6 +692,8 @@ static const char *const auth_alg_name[] = { "AUTH_ALGORITHM_HMAC_SHA2_384", "AUTH_ALGORITHM_HMAC_SHA2_512", "AUTH_ALGORITHM_HMAC_RIPEMD", + "AUTH_ALGORITHM_AES_XCBC_MAC", + "AUTH_ALGORITHM_SIG_RSA" }; static const char *const extended_auth_alg_name[] = { @@ -694,7 +704,7 @@ enum_names extended_auth_alg_names = { AUTH_ALGORITHM_NULL, AUTH_ALGORITHM_NULL, extended_auth_alg_name, NULL }; enum_names auth_alg_names = - { AUTH_ALGORITHM_HMAC_MD5, AUTH_ALGORITHM_HMAC_RIPEMD, auth_alg_name + { AUTH_ALGORITHM_HMAC_MD5, AUTH_ALGORITHM_SIG_RSA, auth_alg_name , &extended_auth_alg_names }; /* From draft-beaulieu-ike-xauth */ diff --git a/src/pluto/constants.h b/src/pluto/constants.h index ddfe76293..e6357164f 100644 --- a/src/pluto/constants.h +++ b/src/pluto/constants.h @@ -13,7 +13,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * RCSID $Id: constants.h 3252 2007-10-06 21:24:50Z andreas $ + * RCSID $Id: constants.h 4051 2008-06-10 09:08:27Z tobias $ */ #ifndef _CONSTANTS_H @@ -877,6 +877,7 @@ extern const char *prettypolicy(lset_t policy); #define POLICY_BEET LELEM(22) /* bound end2end tunnel, IKEv2 */ #define POLICY_MOBIKE LELEM(23) /* enable MOBIKE for IKEv2 */ #define POLICY_FORCE_ENCAP LELEM(24) /* force UDP encapsulation (IKEv2) */ +#define POLICY_ECDSASIG LELEM(25) /* ecdsa signature (IKEv2) */ /* Any IPsec policy? If not, a connection description * is only for ISAKMP SA, not IPSEC SA. (A pun, I admit.) @@ -992,6 +993,8 @@ extern enum_names auth_alg_names, extended_auth_alg_names; #define AUTH_ALGORITHM_HMAC_SHA2_384 6 #define AUTH_ALGORITHM_HMAC_SHA2_512 7 #define AUTH_ALGORITHM_HMAC_RIPEMD 8 +#define AUTH_ALGORITHM_AES_XCBC_MAC 9 +#define AUTH_ALGORITHM_SIG_RSA 10 #define AUTH_ALGORITHM_NULL 251 /* Oakley Lifetime Type attribute diff --git a/src/pluto/crl.c b/src/pluto/crl.c index 8998207c2..6e1093661 100644 --- a/src/pluto/crl.c +++ b/src/pluto/crl.c @@ -11,7 +11,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * RCSID $Id: crl.c 3252 2007-10-06 21:24:50Z andreas $ + * RCSID $Id: crl.c 3686 2008-03-28 11:48:14Z martin $ */ #include <stdlib.h> @@ -406,7 +406,7 @@ parse_x509crl(chunk_t blob, u_int level0, x509crl_t *crl) asn1_ctx_t ctx; bool critical; chunk_t extnID; - chunk_t userCertificate; + chunk_t userCertificate = empty_chunk; chunk_t object; u_int level; int objectID = 0; diff --git a/src/pluto/demux.c b/src/pluto/demux.c index 9bc889b4b..04728a4a8 100644 --- a/src/pluto/demux.c +++ b/src/pluto/demux.c @@ -12,7 +12,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * RCSID $Id: demux.c 3252 2007-10-06 21:24:50Z andreas $ + * RCSID $Id: demux.c 3686 2008-03-28 11:48:14Z martin $ */ /* Ordering Constraints on Payloads @@ -2167,7 +2167,7 @@ complete_state_transition(struct msg_digest **mdp, stf_status result) /* Schedule for whatever timeout is specified */ { - time_t delay; + time_t delay = UNDEFINED_TIME; enum event_type kind = smc->timeout_event; bool agreed_time = FALSE; struct connection *c = st->st_connection; diff --git a/src/pluto/fetch.c b/src/pluto/fetch.c index c0bf3fed6..cd8b58df2 100644 --- a/src/pluto/fetch.c +++ b/src/pluto/fetch.c @@ -12,7 +12,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * RCSID $Id: fetch.c 3252 2007-10-06 21:24:50Z andreas $ + * RCSID $Id: fetch.c 3686 2008-03-28 11:48:14Z martin $ */ #include <stdlib.h> @@ -825,7 +825,9 @@ fetch_thread(void *arg) void init_fetch(void) { +#if defined(LIBCURL) || defined (THREADS) int status; +#endif #ifdef LIBCURL /* init curl */ diff --git a/src/pluto/ike_alg.c b/src/pluto/ike_alg.c index 52f2c5c80..6759059fa 100644 --- a/src/pluto/ike_alg.c +++ b/src/pluto/ike_alg.c @@ -11,7 +11,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * RCSID $Id: ike_alg.c 3252 2007-10-06 21:24:50Z andreas $ + * RCSID $Id: ike_alg.c 3686 2008-03-28 11:48:14Z martin $ */ #include <stdio.h> @@ -521,9 +521,6 @@ ike_alg_test(void) for (a = ike_alg_base[IKE_ALG_ENCRYPT]; a != NULL; a = a->algo_next) { - - struct encrypt_desc *desc = (struct encrypt_desc*)a; - plog(" %s self-test not available", enum_name(&oakley_enc_names, a->algo_id)); } diff --git a/src/pluto/ipsec_doi.c b/src/pluto/ipsec_doi.c index 852b2e73e..88536e6d6 100644 --- a/src/pluto/ipsec_doi.c +++ b/src/pluto/ipsec_doi.c @@ -12,7 +12,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * RCSID $Id: ipsec_doi.c 3252 2007-10-06 21:24:50Z andreas $ + * RCSID $Id: ipsec_doi.c 3686 2008-03-28 11:48:14Z martin $ */ #include <stdio.h> @@ -952,7 +952,6 @@ main_outI1(int whack_sock, struct connection *c, struct state *predecessor /* SA out */ { u_char *sa_start = rbody.cur; - lset_t auth_policy = policy & POLICY_ID_AUTH_MASK; if (!out_sa(&rbody, &oakley_sadb, st, TRUE , vids_to_send-- ? ISAKMP_NEXT_VID : ISAKMP_NEXT_NONE)) @@ -2800,7 +2799,7 @@ compute_proto_keymat(struct state *st , u_int8_t protoid , struct ipsec_proto_info *pi) { - size_t needed_len; /* bytes of keying material needed */ + size_t needed_len = 0; /* bytes of keying material needed */ /* Add up the requirements for keying material * (It probably doesn't matter if we produce too much!) @@ -3754,7 +3753,7 @@ main_id_and_auth(struct msg_digest *md struct key_continuation *nkc = alloc_thing(struct key_continuation, "key continuation"); enum key_oppo_step step_done = kc == NULL? kos_null : kc->step; - err_t ugh; + err_t ugh = NULL; /* Record that state is used by a suspended md */ passert(st->st_suspended_md == NULL); @@ -4308,7 +4307,7 @@ report_verify_failure(struct verify_oppo_bundle *b, err_t ugh) char fgwb[ADDRTOT_BUF] , cb[ADDRTOT_BUF]; ip_address client; - err_t which; + err_t which = NULL; switch (b->step) { @@ -4384,7 +4383,7 @@ quick_inI1_outR1_start_query(struct verify_oppo_bundle *b , *our_id /* needed for myid playing */ , our_id_space; /* ephemeral: no need for unshare_id_content */ ip_address client; - err_t ugh; + err_t ugh = NULL; /* Record that state is used by a suspended md */ b->step = next_step; /* not just vc->b.step */ @@ -4495,7 +4494,7 @@ quick_inI1_outR1_process_answer(struct verify_oppo_bundle *b , struct state *p1st) { struct connection *c = p1st->st_connection; - enum verify_oppo_step next_step; + enum verify_oppo_step next_step = vos_our_client; err_t ugh = NULL; DBG(DBG_CONTROL, diff --git a/src/pluto/kernel.c b/src/pluto/kernel.c index 5f31d5ca3..d42ac3372 100644 --- a/src/pluto/kernel.c +++ b/src/pluto/kernel.c @@ -12,7 +12,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * RCSID $Id: kernel.c 3252 2007-10-06 21:24:50Z andreas $ + * RCSID $Id: kernel.c 3846 2008-04-18 17:01:45Z andreas $ */ #include <stddef.h> @@ -1827,30 +1827,30 @@ setup_half_ipsec_sa(struct state *st, bool inbound) static const struct esp_info esp_info[] = { { ESP_NULL, AUTH_ALGORITHM_HMAC_MD5, 0, HMAC_MD5_KEY_LEN, - SADB_EALG_NULL, SADB_AALG_MD5_HMAC }, + SADB_EALG_NULL, SADB_AALG_MD5HMAC }, { ESP_NULL, AUTH_ALGORITHM_HMAC_SHA1, 0, HMAC_SHA1_KEY_LEN, - SADB_EALG_NULL, SADB_AALG_SHA1_HMAC }, + SADB_EALG_NULL, SADB_AALG_SHA1HMAC }, { ESP_DES, AUTH_ALGORITHM_NONE, DES_CBC_BLOCK_SIZE, 0, - SADB_EALG_DES_CBC, SADB_AALG_NONE }, + SADB_EALG_DESCBC, SADB_AALG_NONE }, { ESP_DES, AUTH_ALGORITHM_HMAC_MD5, DES_CBC_BLOCK_SIZE, HMAC_MD5_KEY_LEN, - SADB_EALG_DES_CBC, SADB_AALG_MD5_HMAC }, + SADB_EALG_DESCBC, SADB_AALG_MD5HMAC }, { ESP_DES, AUTH_ALGORITHM_HMAC_SHA1, DES_CBC_BLOCK_SIZE, - HMAC_SHA1_KEY_LEN, SADB_EALG_DES_CBC, SADB_AALG_SHA1_HMAC }, + HMAC_SHA1_KEY_LEN, SADB_EALG_DESCBC, SADB_AALG_SHA1HMAC }, { ESP_3DES, AUTH_ALGORITHM_NONE, DES_CBC_BLOCK_SIZE * 3, 0, - SADB_EALG_3DES_CBC, SADB_AALG_NONE }, + SADB_EALG_3DESCBC, SADB_AALG_NONE }, { ESP_3DES, AUTH_ALGORITHM_HMAC_MD5, DES_CBC_BLOCK_SIZE * 3, HMAC_MD5_KEY_LEN, - SADB_EALG_3DES_CBC, SADB_AALG_MD5_HMAC }, + SADB_EALG_3DESCBC, SADB_AALG_MD5HMAC }, { ESP_3DES, AUTH_ALGORITHM_HMAC_SHA1, DES_CBC_BLOCK_SIZE * 3, HMAC_SHA1_KEY_LEN, - SADB_EALG_3DES_CBC, SADB_AALG_SHA1_HMAC }, + SADB_EALG_3DESCBC, SADB_AALG_SHA1HMAC }, }; u_int8_t natt_type = 0; @@ -1976,11 +1976,11 @@ setup_half_ipsec_sa(struct state *st, bool inbound) switch (st->st_ah.attrs.auth) { case AUTH_ALGORITHM_HMAC_MD5: - authalg = SADB_AALG_MD5_HMAC; + authalg = SADB_AALG_MD5HMAC; break; case AUTH_ALGORITHM_HMAC_SHA1: - authalg = SADB_AALG_SHA1_HMAC; + authalg = SADB_AALG_SHA1HMAC; break; default: diff --git a/src/pluto/kernel_netlink.c b/src/pluto/kernel_netlink.c index abdb603de..4269de66e 100644 --- a/src/pluto/kernel_netlink.c +++ b/src/pluto/kernel_netlink.c @@ -11,7 +11,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * RCSID $Id: kernel_netlink.c 3252 2007-10-06 21:24:50Z andreas $ + * RCSID $Id: kernel_netlink.c 3850 2008-04-18 20:01:49Z andreas $ */ #if defined(linux) && defined(KERNEL26_SUPPORT) @@ -83,12 +83,13 @@ static sparse_names xfrm_type_names = { /* Authentication algorithms */ static sparse_names aalg_list = { { SADB_X_AALG_NULL, "digest_null" }, - { SADB_AALG_MD5_HMAC, "md5" }, - { SADB_AALG_SHA1_HMAC, "sha1" }, - { SADB_AALG_SHA2_256_HMAC, "sha256" }, - { SADB_AALG_SHA2_384_HMAC, "sha384" }, - { SADB_AALG_SHA2_512_HMAC, "sha512" }, - { SADB_AALG_RIPEMD_160_HMAC, "ripemd160" }, + { SADB_AALG_MD5HMAC, "md5" }, + { SADB_AALG_SHA1HMAC, "sha1" }, + { SADB_X_AALG_SHA2_256HMAC, "sha256" }, + { SADB_X_AALG_SHA2_384HMAC, "sha384" }, + { SADB_X_AALG_SHA2_512HMAC, "sha512" }, + { SADB_X_AALG_RIPEMD160HMAC, "ripemd160" }, + { SADB_X_AALG_AES_XCBC_MAC, "xcbc(aes)"}, { SADB_X_AALG_NULL, "null" }, { 0, sparse_end } }; @@ -96,14 +97,14 @@ static sparse_names aalg_list = { /* Encryption algorithms */ static sparse_names ealg_list = { { SADB_EALG_NULL, "cipher_null" }, - { SADB_EALG_DES_CBC, "des" }, - { SADB_EALG_3DES_CBC, "des3_ede" }, - { SADB_EALG_IDEA_CBC, "idea" }, - { SADB_EALG_CAST_CBC, "cast128" }, - { SADB_EALG_BLOWFISH_CBC, "blowfish" }, - { SADB_EALG_AES_CBC, "aes" }, - { SADB_X_EALG_SERPENT_CBC, "serpent" }, - { SADB_X_EALG_TWOFISH_CBC, "twofish" }, + { SADB_EALG_DESCBC, "des" }, + { SADB_EALG_3DESCBC, "des3_ede" }, + { SADB_X_EALG_CASTCBC, "cast128" }, + { SADB_X_EALG_BLOWFISHCBC, "blowfish" }, + { SADB_X_EALG_AESCBC, "aes" }, + { SADB_X_EALG_CAMELLIACBC, "cbc(camellia)" }, + { SADB_X_EALG_SERPENTCBC, "serpent" }, + { SADB_X_EALG_TWOFISHCBC, "twofish" }, { 0, sparse_end } }; diff --git a/src/pluto/keys.c b/src/pluto/keys.c index eab9dfc4a..1aed7a63f 100644 --- a/src/pluto/keys.c +++ b/src/pluto/keys.c @@ -11,7 +11,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * RCSID $Id: keys.c 3252 2007-10-06 21:24:50Z andreas $ + * RCSID $Id: keys.c 3738 2008-04-02 19:04:45Z andreas $ */ #include <stddef.h> @@ -83,7 +83,7 @@ static pubkey_t* allocate_RSA_public_key(const cert_t cert) { pubkey_t *pk = alloc_thing(pubkey_t, "pubkey"); - chunk_t e, n; + chunk_t e = empty_chunk, n = empty_chunk; switch (cert.type) { @@ -335,7 +335,7 @@ get_x509_private_key(const x509cert_t *cert) { secret_t *s; const RSA_private_key_t *pri = NULL; - const cert_t c = {CERT_X509_SIGNATURE, {cert}}; + const cert_t c = {CERT_X509_SIGNATURE, {(x509cert_t*)cert}}; pubkey_t *pubkey = allocate_RSA_public_key(c); @@ -647,7 +647,7 @@ xauth_get_secret(xauth_t *xauth_secret) * find a matching secret */ static bool -xauth_verify_secret(const char *conn_name, const xauth_t *xauth_secret) +xauth_verify_secret(const xauth_peer_t *peer, const xauth_t *xauth_secret) { bool found = FALSE; secret_t *s; @@ -1473,7 +1473,7 @@ add_pgp_public_key(pgpcert_t *cert , time_t until void remove_x509_public_key(const x509cert_t *cert) { - const cert_t c = {CERT_X509_SIGNATURE, {cert}}; + const cert_t c = {CERT_X509_SIGNATURE, {(x509cert_t*)cert}}; pubkey_list_t *p, **pp; pubkey_t *revoked_pk; diff --git a/src/pluto/log.c b/src/pluto/log.c index ca0576b69..0fb5f1d25 100644 --- a/src/pluto/log.c +++ b/src/pluto/log.c @@ -12,7 +12,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * RCSID $Id: log.c 3252 2007-10-06 21:24:50Z andreas $ + * RCSID $Id: log.c 4024 2008-05-29 07:49:47Z andreas $ */ #include <stdio.h> @@ -65,7 +65,7 @@ const char *base_perpeer_logdir = PERPEERLOGDIR; static int perpeer_count = 0; /* from sys/queue.h */ -static CIRCLEQ_HEAD(,connection) perpeer_list; +static TAILQ_HEAD(perpeer, connection) perpeer_list; /* Context for logging. @@ -88,19 +88,19 @@ init_log(const char *program) if (log_to_syslog) openlog(program, LOG_CONS | LOG_NDELAY | LOG_PID, LOG_AUTHPRIV); - CIRCLEQ_INIT(&perpeer_list); + TAILQ_INIT(&perpeer_list); } void close_peerlog(void) { - /* end of circular queue is given by pointer to "HEAD" - * BUT if the queue is not initialized, this won't be true - * so we must guard by test perpeer_list.cqh_first != NULL - */ - if (perpeer_list.cqh_first != NULL) - while (perpeer_list.cqh_first != (void *)&perpeer_list) - perpeer_logclose(perpeer_list.cqh_first); + /* exit if the queue has not been initialized */ + if (TAILQ_LAST(&perpeer_list, perpeer) == NULL) + return; + + /* end of queue is given by pointer to "HEAD" */ + while (TAILQ_LAST(&perpeer_list, perpeer) != (void *)&perpeer_list) + perpeer_logclose(TAILQ_LAST(&perpeer_list, perpeer)); } void @@ -231,7 +231,7 @@ perpeer_logclose(struct connection *c) { passert(perpeer_count > 0); - CIRCLEQ_REMOVE(&perpeer_list, c, log_link); + TAILQ_REMOVE(&perpeer_list, c, log_link); perpeer_count--; fclose(c->log_file); c->log_file=NULL; @@ -366,13 +366,13 @@ open_peerlog(struct connection *c) while (perpeer_count >= MAX_PEERLOG_COUNT) { /* can not be NULL because perpeer_count > 0 */ - passert(perpeer_list.cqh_last != (void *)&perpeer_list); + passert(TAILQ_LAST(&perpeer_list, perpeer) != (void *)&perpeer_list); - perpeer_logclose(perpeer_list.cqh_last); + perpeer_logclose(TAILQ_LAST(&perpeer_list, perpeer)); } /* insert this into the list */ - CIRCLEQ_INSERT_HEAD(&perpeer_list, c, log_link); + TAILQ_INSERT_HEAD(&perpeer_list, c, log_link); passert(c->log_file != NULL); perpeer_count++; } @@ -406,8 +406,8 @@ peerlog(const char *prefix, const char *m) fprintf(cur_connection->log_file, "%s %s%s\n", datebuf, prefix, m); /* now move it to the front of the list */ - CIRCLEQ_REMOVE(&perpeer_list, cur_connection, log_link); - CIRCLEQ_INSERT_HEAD(&perpeer_list, cur_connection, log_link); + TAILQ_REMOVE(&perpeer_list, cur_connection, log_link); + TAILQ_INSERT_HEAD(&perpeer_list, cur_connection, log_link); } } diff --git a/src/pluto/modecfg.c b/src/pluto/modecfg.c index b7f8aef93..93624588a 100644 --- a/src/pluto/modecfg.c +++ b/src/pluto/modecfg.c @@ -14,7 +14,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * RCSID $Id: modecfg.c 3252 2007-10-06 21:24:50Z andreas $ + * RCSID $Id: modecfg.c 3738 2008-04-02 19:04:45Z andreas $ * * This code originally written by Colubris Networks, Inc. * Extraction of patch and porting to 1.99 codebases by Xelerance Corporation @@ -967,6 +967,12 @@ xauth_inR1(struct msg_digest *md) } else { + xauth_peer_t peer; + + peer.conn_name = st->st_connection->name; + addrtot(&md->sender, 0, peer.ip_address, sizeof(peer.ip_address)); + idtoa(&md->st->st_connection->spd.that.id, peer.id, sizeof(peer.id)); + DBG(DBG_CONTROL, DBG_log("peer xauth user name is '%.*s'" , ia.xauth_secret.user_name.len @@ -977,9 +983,8 @@ xauth_inR1(struct msg_digest *md) , ia.xauth_secret.user_password.len , ia.xauth_secret.user_password.ptr) ) - /* verify the user credentials using a plugn function */ - st->st_xauth.status = xauth_module.verify_secret(st->st_connection->name - , &ia.xauth_secret); + /* verify the user credentials using a plugin function */ + st->st_xauth.status = xauth_module.verify_secret(&peer, &ia.xauth_secret); plog("extended authentication %s", st->st_xauth.status? "was successful":"failed"); } diff --git a/src/pluto/plutomain.c b/src/pluto/plutomain.c index fccd2e461..5662c5c41 100644 --- a/src/pluto/plutomain.c +++ b/src/pluto/plutomain.c @@ -12,7 +12,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * RCSID $Id: plutomain.c 3253 2007-10-06 21:39:00Z andreas $ + * RCSID $Id: plutomain.c 3914 2008-05-08 10:58:04Z martin $ */ #include <stdio.h> @@ -31,6 +31,8 @@ #include <sys/queue.h> #include <linux/capability.h> #include <sys/prctl.h> +#include <pwd.h> +#include <grp.h> #include <freeswan.h> @@ -617,19 +619,43 @@ main(int argc, char **argv) init_fetch(); /* drop unneeded capabilities and change UID/GID */ +#ifdef _LINUX_CAPABILITY_VERSION_1 + hdr.version = _LINUX_CAPABILITY_VERSION_1; +#else hdr.version = _LINUX_CAPABILITY_VERSION; +#endif hdr.pid = 0; data.inheritable = data.effective = data.permitted = 1<<CAP_NET_ADMIN | 1<<CAP_NET_BIND_SERVICE; prctl(PR_SET_KEEPCAPS, 1); + +#ifdef IPSEC_GROUP + { + struct group group, *grp; + char buf[1024]; -# if IPSEC_GID - setgid(IPSEC_GID); -# endif -# if IPSEC_UID - setuid(IPSEC_UID); -# endif + if (getgrnam_r(IPSEC_GROUP, &group, buf, sizeof(buf), &grp) != 0 || + grp == NULL || setgid(grp->gr_gid) != 0) + { + plog("unable to change daemon group"); + abort(); + } + } +#endif +#ifdef IPSEC_USER + { + struct passwd passwd, *pwp; + char buf[1024]; + + if (getpwnam_r(IPSEC_USER, &passwd, buf, sizeof(buf), &pwp) != 0 || + pwp == NULL || setuid(pwp->pw_uid) != 0) + { + plog("unable to change daemon user"); + abort(); + } + } +#endif if (capset(&hdr, &data)) { plog("unable to drop root privileges"); diff --git a/src/pluto/smartcard.c b/src/pluto/smartcard.c index c46e3cf9a..937c3f93a 100644 --- a/src/pluto/smartcard.c +++ b/src/pluto/smartcard.c @@ -18,7 +18,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * RCSID $Id: smartcard.c 3252 2007-10-06 21:24:50Z andreas $ + * RCSID $Id: smartcard.c 3686 2008-03-28 11:48:14Z martin $ */ #include <stdio.h> @@ -701,7 +701,7 @@ void scx_init(const char* module, const char *init_args) { #ifdef SMARTCARD - CK_C_INITIALIZE_ARGS args = { .pReserved = init_args, }; + CK_C_INITIALIZE_ARGS args = { .pReserved = (char *)init_args, }; CK_RV rv; if (scx_initialized) @@ -1442,7 +1442,7 @@ scx_encrypt(smartcard_t *sc, const u_char *in, size_t inlen if (rv == CKR_FUNCTION_NOT_SUPPORTED) { RSA_public_key_t rsa; - chunk_t plain_text = {in, inlen}; + chunk_t plain_text = {(u_char*)in, inlen}; chunk_t cipher_text; DBG(DBG_CONTROL, @@ -1496,7 +1496,7 @@ scx_encrypt(smartcard_t *sc, const u_char *in, size_t inlen DBG(DBG_CONTROL, DBG_log("doing RSA encryption on smartcard") ) - rv = pkcs11_functions->C_Encrypt(sc->session, in, inlen + rv = pkcs11_functions->C_Encrypt(sc->session, (u_char*)in, inlen , out, &len); if (rv != CKR_OK) { @@ -1570,7 +1570,7 @@ scx_decrypt(smartcard_t *sc, const u_char *in, size_t inlen return FALSE; } - rv = pkcs11_functions->C_Decrypt(sc->session, in, inlen + rv = pkcs11_functions->C_Decrypt(sc->session, (u_char*)in, inlen , out, &len); if (rv != CKR_OK) { diff --git a/src/pluto/spdb.c b/src/pluto/spdb.c index 7003b127a..9d1bf8843 100644 --- a/src/pluto/spdb.c +++ b/src/pluto/spdb.c @@ -11,7 +11,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * RCSID $Id: spdb.c 3252 2007-10-06 21:24:50Z andreas $ + * RCSID $Id: spdb.c 3845 2008-04-18 17:00:30Z andreas $ */ #include <stdio.h> @@ -296,9 +296,9 @@ out_sa(pb_stream *outs struct db_prop *p = &pc->props[pn]; pb_stream proposal_pbs; struct isakmp_proposal proposal; - struct_desc *trans_desc; - struct_desc *attr_desc; - enum_names **attr_val_descs; + struct_desc *trans_desc = NULL; + struct_desc *attr_desc = NULL; + enum_names **attr_val_descs = NULL; int tn; bool tunnel_mode; @@ -1166,6 +1166,8 @@ parse_isakmp_sa_body(u_int32_t ipsecdoisit case OAKLEY_GROUP_ORDER | ISAKMP_ATTR_AF_TLV: #endif default: + /* fix compiler warning */ + memset(&ta, 0, sizeof(ta)); ugh = "unsupported OAKLEY attribute"; break; } @@ -1761,7 +1763,9 @@ parse_ipsec_sa_body( { int propno = next_proposal.isap_proposal; pb_stream ah_prop_pbs, esp_prop_pbs, ipcomp_prop_pbs; - struct isakmp_proposal ah_proposal, esp_proposal, ipcomp_proposal; + struct isakmp_proposal ah_proposal = {0, 0, 0, 0, 0, 0, 0}; + struct isakmp_proposal esp_proposal = {0, 0, 0, 0, 0, 0, 0}; + struct isakmp_proposal ipcomp_proposal = {0, 0, 0, 0, 0, 0, 0}; ipsec_spi_t ah_spi = 0; ipsec_spi_t esp_spi = 0; ipsec_spi_t ipcomp_cpi = 0; @@ -2054,7 +2058,7 @@ parse_ipsec_sa_body( /* set default key length for AES encryption */ if (!esp_attrs.key_len && esp_attrs.transid == ESP_AES) { - esp_attrs.key_len = 128 / BITS_PER_BYTE; + esp_attrs.key_len = 128; /* bits */ } if (!kernel_alg_esp_enc_ok(esp_attrs.transid, esp_attrs.key_len diff --git a/src/pluto/vendor.c b/src/pluto/vendor.c index c31a4195b..3b779ed24 100644 --- a/src/pluto/vendor.c +++ b/src/pluto/vendor.c @@ -11,7 +11,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * RCSID $Id: vendor.c 3472 2008-02-14 21:26:21Z andreas $ + * RCSID $Id: vendor.c 4016 2008-05-25 10:35:39Z andreas $ */ #include <stdlib.h> @@ -206,7 +206,12 @@ static struct vid_struct _vid_tab[] = { /* * strongSwan */ - DEC_MD5_VID(STRONGSWAN, "strongSwan 4.1.11") + DEC_MD5_VID(STRONGSWAN, "strongSwan 4.2.4") + DEC_MD5_VID(STRONGSWAN_4_2_3, "strongSwan 4.2.3") + DEC_MD5_VID(STRONGSWAN_4_2_2, "strongSwan 4.2.2") + DEC_MD5_VID(STRONGSWAN_4_2_1, "strongSwan 4.2.1") + DEC_MD5_VID(STRONGSWAN_4_2_0, "strongSwan 4.2.0") + DEC_MD5_VID(STRONGSWAN_4_1_11,"strongSwan 4.1.11") DEC_MD5_VID(STRONGSWAN_4_1_10,"strongSwan 4.1.10") DEC_MD5_VID(STRONGSWAN_4_1_9, "strongSwan 4.1.9") DEC_MD5_VID(STRONGSWAN_4_1_8, "strongSwan 4.1.8") diff --git a/src/pluto/vendor.h b/src/pluto/vendor.h index 03d2fde77..c1d8870bc 100644 --- a/src/pluto/vendor.h +++ b/src/pluto/vendor.h @@ -11,7 +11,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * RCSID $Id: vendor.h 3413 2007-12-24 18:07:55Z andreas $ + * RCSID $Id: vendor.h 4016 2008-05-25 10:35:39Z andreas $ */ #ifndef _VENDOR_H_ @@ -114,17 +114,23 @@ enum known_vendorid { VID_STRONGSWAN_4_1_8 = 96, VID_STRONGSWAN_4_1_9 = 97, VID_STRONGSWAN_4_1_10 = 98, + VID_STRONGSWAN_4_1_11 = 99, + + VID_STRONGSWAN_4_2_0 =100, + VID_STRONGSWAN_4_2_1 =101, + VID_STRONGSWAN_4_2_2 =102, + VID_STRONGSWAN_4_2_3 =103, /* 101 - 200 : NAT-Traversal */ - VID_NATT_STENBERG_01 =101, - VID_NATT_STENBERG_02 =102, - VID_NATT_HUTTUNEN =103, - VID_NATT_HUTTUNEN_ESPINUDP =104, - VID_NATT_IETF_00 =105, - VID_NATT_IETF_02_N =106, - VID_NATT_IETF_02 =107, - VID_NATT_IETF_03 =108, - VID_NATT_RFC =109, + VID_NATT_STENBERG_01 =151, + VID_NATT_STENBERG_02 =152, + VID_NATT_HUTTUNEN =153, + VID_NATT_HUTTUNEN_ESPINUDP =154, + VID_NATT_IETF_00 =155, + VID_NATT_IETF_02_N =156, + VID_NATT_IETF_02 =157, + VID_NATT_IETF_03 =158, + VID_NATT_RFC =159, /* 201 - 300 : Misc */ VID_MISC_XAUTH =201, diff --git a/src/pluto/xauth.c b/src/pluto/xauth.c index 0188b1950..8f4dc2460 100644 --- a/src/pluto/xauth.c +++ b/src/pluto/xauth.c @@ -12,7 +12,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * RCSID $Id: xauth.c 3252 2007-10-06 21:24:50Z andreas $ + * RCSID $Id: xauth.c 3738 2008-04-02 19:04:45Z andreas $ */ #include <dlfcn.h> @@ -44,7 +44,7 @@ xauth_init(void) DBG_log("xauth module: found get_secret() function"); } ) - xauth_module.verify_secret = (bool (*) (const char*, const xauth_t*)) + xauth_module.verify_secret = (bool (*) (const xauth_peer_t*, const xauth_t*)) dlsym(xauth_module.handle, "verify_secret"); DBG(DBG_CONTROL, if (xauth_module.verify_secret != NULL) diff --git a/src/pluto/xauth.h b/src/pluto/xauth.h index 277340ab0..fd7e5399f 100644 --- a/src/pluto/xauth.h +++ b/src/pluto/xauth.h @@ -12,17 +12,26 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * RCSID $Id: xauth.h 3252 2007-10-06 21:24:50Z andreas $ + * RCSID $Id: xauth.h 3738 2008-04-02 19:04:45Z andreas $ */ #ifndef _XAUTH_H #define _XAUTH_H +#include <freeswan.h> +#include "defs.h" + /* XAUTH credentials */ struct chunk_t; typedef struct { + char *conn_name; + char id[BUF_LEN]; + char ip_address[ADDRTOT_BUF]; +} xauth_peer_t; + +typedef struct { chunk_t user_name; chunk_t user_password; } xauth_t; @@ -30,7 +39,7 @@ typedef struct { typedef struct { void *handle; bool (*get_secret) (xauth_t *xauth_secret); - bool (*verify_secret) (const char *conn_name, const xauth_t *xauth_secret); + bool (*verify_secret) (const xauth_peer_t *peer, const xauth_t *xauth_secret); } xauth_module_t; extern xauth_module_t xauth_module; |