diff options
Diffstat (limited to 'programs/starter')
| -rw-r--r-- | programs/starter/args.c | 3 | ||||
| -rw-r--r-- | programs/starter/confread.c | 13 | ||||
| -rw-r--r-- | programs/starter/keywords.c | 14 | ||||
| -rw-r--r-- | programs/starter/keywords.h | 5 | ||||
| -rw-r--r-- | programs/starter/keywords.txt | 3 |
5 files changed, 25 insertions, 13 deletions
diff --git a/programs/starter/args.c b/programs/starter/args.c index 2b2853a20..9dece2dfb 100644 --- a/programs/starter/args.c +++ b/programs/starter/args.c @@ -12,7 +12,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * RCSID $Id: args.c,v 1.10 2006/10/19 14:58:30 as Exp $ + * RCSID $Id: args.c,v 1.11 2007/01/11 21:27:27 as Exp $ */ #include <stddef.h> @@ -192,6 +192,7 @@ static const token_info_t token_info[] = { ARG_TIME, offsetof(starter_conn_t, dpd_timeout), NULL }, { ARG_ENUM, offsetof(starter_conn_t, dpd_action), LST_dpd_action }, { ARG_MISC, 0, NULL /* KW_MODECONFIG */ }, + { ARG_MISC, 0, NULL /* KW_XAUTH */ }, /* ca section keywords */ { ARG_STR, offsetof(starter_ca_t, name), NULL }, diff --git a/programs/starter/confread.c b/programs/starter/confread.c index edd041ab4..63010685b 100644 --- a/programs/starter/confread.c +++ b/programs/starter/confread.c @@ -11,7 +11,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * RCSID $Id: confread.c,v 1.39 2006/10/19 14:58:30 as Exp $ + * RCSID $Id: confread.c,v 1.40 2007/01/11 21:27:27 as Exp $ */ #include <stddef.h> @@ -418,7 +418,7 @@ load_conn(starter_conn_t *conn, kw_list_t *kw, starter_config_t *cfg) KW_POLICY_FLAG("ah", "esp", POLICY_AUTHENTICATE) break; case KW_AUTHBY: - conn->policy &= ~(POLICY_RSASIG | POLICY_PSK | POLICY_ENCRYPT); + conn->policy &= ~(POLICY_ID_AUTH_MASK | POLICY_ENCRYPT); if (strcmp(kw->value, "never") != 0) { @@ -433,8 +433,12 @@ load_conn(starter_conn_t *conn, kw_list_t *kw, starter_config_t *cfg) { if (streq(value, "rsasig")) conn->policy |= POLICY_RSASIG | POLICY_ENCRYPT; - else if (streq(value, "secret")) + else if (streq(value, "secret") || streq(value, "psk")) conn->policy |= POLICY_PSK | POLICY_ENCRYPT; + else if (streq(value, "xauthrsasig")) + conn->policy |= POLICY_XAUTH_RSASIG | POLICY_ENCRYPT; + else if (streq(value, "xauthpsk")) + conn->policy |= POLICY_XAUTH_PSK | POLICY_ENCRYPT; else { plog("# bad policy value: %s=%s", kw->entry->name, kw->value); @@ -454,6 +458,9 @@ load_conn(starter_conn_t *conn, kw_list_t *kw, starter_config_t *cfg) case KW_MODECONFIG: KW_POLICY_FLAG("push", "pull", POLICY_MODECFG_PUSH) break; + case KW_XAUTH: + KW_POLICY_FLAG("server", "client", POLICY_XAUTH_SERVER) + break; default: break; } diff --git a/programs/starter/keywords.c b/programs/starter/keywords.c index 75be0a542..b06ee3c0c 100644 --- a/programs/starter/keywords.c +++ b/programs/starter/keywords.c @@ -44,7 +44,7 @@ error "gperf generated tables don't work with this execution character set. Plea * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * RCSID $Id: keywords.c,v 1.8 2006/10/19 14:58:30 as Exp $ + * RCSID $Id: keywords.c,v 1.9 2007/01/11 21:29:28 as Exp $ */ #include <string.h> @@ -56,7 +56,7 @@ struct kw_entry { kw_token_t token; }; -#define TOTAL_KEYWORDS 80 +#define TOTAL_KEYWORDS 81 #define MIN_WORD_LENGTH 3 #define MAX_WORD_LENGTH 17 #define MIN_HASH_VALUE 9 @@ -87,7 +87,7 @@ hash (str, len) 157, 157, 157, 157, 157, 157, 157, 157, 157, 157, 157, 157, 157, 157, 157, 157, 157, 157, 157, 157, 157, 157, 157, 157, 157, 157, 157, 90, 157, 60, - 50, 25, 0, 10, 5, 65, 157, 65, 70, 5, + 50, 25, 0, 10, 30, 65, 157, 65, 70, 5, 0, 75, 35, 157, 10, 20, 5, 70, 157, 157, 157, 55, 0, 157, 157, 157, 157, 157, 157, 157, 157, 157, 157, 157, 157, 157, 157, 157, 157, 157, @@ -114,7 +114,7 @@ static const struct kw_entry wordlist[] = {"leftupdown", KW_LEFTUPDOWN}, {""}, {""}, {"leftcert", KW_LEFTCERT,}, - {"auth", KW_AUTH}, + {""}, {"leftsubnet", KW_LEFTSUBNET}, {"leftsubnetwithin", KW_LEFTSUBNETWITHIN}, {"leftsendcert", KW_LEFTSENDCERT}, @@ -135,7 +135,9 @@ static const struct kw_entry wordlist[] = {"compress", KW_COMPRESS}, {"lefthostaccess", KW_LEFTHOSTACCESS}, {"interfaces", KW_INTERFACES}, - {""}, {""}, {""}, {""}, {""}, + {""}, {""}, {""}, + {"auth", KW_AUTH}, + {""}, {"rightgroups", KW_RIGHTGROUPS}, {""}, {"pfs", KW_PFS}, @@ -198,7 +200,7 @@ static const struct kw_entry wordlist[] = {"crluri2", KW_CRLURI2}, {"ldaphost", KW_LDAPHOST}, {"postpluto", KW_POSTPLUTO}, - {""}, + {"xauth", KW_XAUTH}, {"overridemtu", KW_OVERRIDEMTU}, {"rightca", KW_RIGHTCA}, {"prepluto", KW_PREPLUTO}, diff --git a/programs/starter/keywords.h b/programs/starter/keywords.h index be3aabf3b..4356b4947 100644 --- a/programs/starter/keywords.h +++ b/programs/starter/keywords.h @@ -12,7 +12,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * RCSID $Id: keywords.h,v 1.9 2006/10/19 14:57:56 as Exp $ + * RCSID $Id: keywords.h,v 1.10 2007/01/11 21:27:27 as Exp $ */ #ifndef _KEYWORDS_H_ @@ -77,9 +77,10 @@ typedef enum { KW_DPDTIMEOUT, KW_DPDACTION, KW_MODECONFIG, + KW_XAUTH, #define KW_CONN_FIRST KW_CONN_SETUP -#define KW_CONN_LAST KW_MODECONFIG +#define KW_CONN_LAST KW_XAUTH /* ca section keywords */ KW_CA_NAME, diff --git a/programs/starter/keywords.txt b/programs/starter/keywords.txt index fc9e49e47..6ad2d5fce 100644 --- a/programs/starter/keywords.txt +++ b/programs/starter/keywords.txt @@ -13,7 +13,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * RCSID $Id: keywords.txt,v 1.7 2006/10/19 14:57:56 as Exp $ + * RCSID $Id: keywords.txt,v 1.8 2007/01/11 21:27:51 as Exp $ */ #include <string.h> @@ -66,6 +66,7 @@ dpddelay, KW_DPDDELAY dpdtimeout, KW_DPDTIMEOUT dpdaction, KW_DPDACTION modeconfig, KW_MODECONFIG +xauth, KW_XAUTH cacert, KW_CACERT ldaphost, KW_LDAPHOST ldapbase, KW_LDAPBASE |