1 files changed, 29 insertions, 33 deletions

diff --git a/src/starter/confread.c b/src/starter/confread.c
index 855d07b51..5fd2b9fbf 100644
--- a/src/starter/confread.c
+++ b/src/starter/confread.c
@@ -10,8 +10,6 @@
  * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
  * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  * for more details.
- *
- * RCSID $Id: confread.c 5002 2009-03-24 15:02:12Z martin $
  */
 
 #include <stddef.h>
@@ -34,8 +32,8 @@
 /* strings containing a colon are interpreted as an IPv6 address */
 #define ip_version(string)	(strchr(string, '.') ? AF_INET : AF_INET6)
 
-static const char ike_defaults[] = "aes128-sha-modp2048";
-static const char esp_defaults[] = "aes128-sha1, 3des-md5";
+static const char ike_defaults[] = "aes128-sha1-modp2048,3des-sha1-modp1536";
+static const char esp_defaults[] = "aes128-sha1,3des-sha1";
 
 static const char firewall_defaults[] = "ipsec _updown iptables";
 
@@ -72,11 +70,11 @@ static void default_values(starter_config_t *cfg)
 	cfg->conn_default.seen    = LEMPTY;
 	cfg->conn_default.startup = STARTUP_NO;
 	cfg->conn_default.state   = STATE_IGNORE;
-	cfg->conn_default.policy  = POLICY_ENCRYPT | POLICY_TUNNEL | POLICY_RSASIG |
+	cfg->conn_default.policy  = POLICY_ENCRYPT | POLICY_TUNNEL | POLICY_PUBKEY |
 								POLICY_PFS | POLICY_MOBIKE;
 
-	cfg->conn_default.ike                   = clone_str(ike_defaults, "ike_defaults");
-	cfg->conn_default.esp                   = clone_str(esp_defaults, "esp_defaults");
+	cfg->conn_default.ike                   = clone_str(ike_defaults);
+	cfg->conn_default.esp                   = clone_str(esp_defaults);
 	cfg->conn_default.sa_ike_life_seconds   = OAKLEY_ISAKMP_SA_LIFETIME_DEFAULT;
 	cfg->conn_default.sa_ipsec_life_seconds = PLUTO_SA_LIFE_DURATION_DEFAULT;
 	cfg->conn_default.sa_rekey_margin       = SA_REPLACEMENT_MARGIN_DEFAULT;
@@ -144,7 +142,7 @@ kw_end(starter_conn_t *conn, starter_end_t *end, kw_token_t token
 {
 	err_t ugh = NULL;
 	bool assigned = FALSE;
-	int has_port_wildcard;        /* set if port is %any */
+	bool has_port_wildcard;        /* set if port is %any */
 
 	char *name  = kw->entry->name;
 	char *value = kw->value;
@@ -193,7 +191,7 @@ kw_end(starter_conn_t *conn, starter_end_t *end, kw_token_t token
 		if (streq(value, "%modeconfig") || streq(value, "%modecfg") ||
 			streq(value, "%config") || streq(value, "%cfg"))
 		{
-			pfree(end->srcip);
+			free(end->srcip);
 			end->srcip = NULL;
 			end->modecfg = TRUE;
 		}
@@ -336,7 +334,7 @@ kw_end(starter_conn_t *conn, starter_end_t *end, kw_token_t token
 			plog("# bad subnet: %s=%s [%s]", name, value, ugh);
 			goto err;
 		}
-		end->subnet = clone_str(value, "subnetwithin");
+		end->subnet = clone_str(value);
 		break;
 	}
 	case KW_PROTOPORT:
@@ -356,7 +354,7 @@ kw_end(starter_conn_t *conn, starter_end_t *end, kw_token_t token
 			if (cfg->defaultroute.defined)
 			{
 				addrtot(&cfg->defaultroute.addr, 0, buf, sizeof(buf));
-				end->srcip = clone_str(buf, "natip");
+				end->srcip = clone_str(buf);
 			}
 			else
 			{
@@ -375,7 +373,7 @@ kw_end(starter_conn_t *conn, starter_end_t *end, kw_token_t token
 				plog("# bad addr: %s=%s [%s]", name, value, ugh);
 				goto err;
 			}
-			end->srcip = clone_str(value, "srcip");
+			end->srcip = clone_str(value);
 		}
 		end->has_natip = TRUE;
 		conn->policy |= POLICY_TUNNEL;
@@ -426,7 +424,7 @@ handle_firewall( const char *label, starter_end_t *end, starter_config_t *cfg)
 		}
 		else
 		{
-			end->updown = clone_str(firewall_defaults, "firewall_defaults");
+			end->updown = clone_str(firewall_defaults);
 			end->firewall = FALSE;
 		}
 	}
@@ -467,9 +465,9 @@ load_conn(starter_conn_t *conn, kw_list_t *kw, starter_config_t *cfg)
 		{
 			if (cfg->parse_also)
 			{
-				also_t *also = alloc_thing(also_t, "also_t");
+				also_t *also = malloc_thing(also_t);
 
-				also->name = clone_str(kw->value, "also");
+				also->name = clone_str(kw->value);
 				also->next = conn->also;
 				conn->also = also;
 
@@ -557,18 +555,16 @@ load_conn(starter_conn_t *conn, kw_list_t *kw, starter_config_t *cfg)
 				/* also handles the cases secret|rsasig and rsasig|secret */
 				for (;;)
 				{
-					if (streq(value, "rsa") || streq(value, "rsasig"))
+					if (streq(value, "rsa")   || streq(value, "rsasig")   ||
+						streq(value, "ecdsa") || streq(value, "ecdsasig") ||
+						streq(value, "pubkey"))
 					{
-						conn->policy |= POLICY_RSASIG | POLICY_ENCRYPT;
+						conn->policy |= POLICY_PUBKEY | POLICY_ENCRYPT;
 					}
 					else if (streq(value, "secret") || streq(value, "psk"))
 					{
 						conn->policy |= POLICY_PSK | POLICY_ENCRYPT;
 					}
-					else if (streq(value, "ecdsa") || streq(value, "ecdsasig"))
-					{
-						conn->policy |= POLICY_ECDSASIG | POLICY_ENCRYPT;
-					}
 					else if (streq(value, "xauthrsasig"))
 					{
 						conn->policy |= POLICY_XAUTH_RSASIG | POLICY_ENCRYPT;
@@ -698,7 +694,7 @@ static void
 conn_default(char *name, starter_conn_t *conn, starter_conn_t *def)
 {
 	memcpy(conn, def, sizeof(starter_conn_t));
-	conn->name = clone_str(name, "conn name");
+	conn->name = clone_str(name);
 
 	clone_args(KW_CONN_FIRST, KW_CONN_LAST, (char *)conn, (char *)def);
 	clone_args(KW_END_FIRST, KW_END_LAST, (char *)&conn->left, (char *)&def->left);
@@ -727,9 +723,9 @@ load_ca(starter_ca_t *ca, kw_list_t *kw, starter_config_t *cfg)
 		{
 			if (cfg->parse_also)
 			{
-				also_t *also = alloc_thing(also_t, "also_t");
+				also_t *also = malloc_thing(also_t);
 
-				also->name = clone_str(kw->value, "also");
+				also->name = clone_str(kw->value);
 				also->next = ca->also;
 				ca->also = also;
 
@@ -766,7 +762,7 @@ static void
 ca_default(char *name, starter_ca_t *ca, starter_ca_t *def)
 {
 	memcpy(ca, def, sizeof(starter_ca_t));
-	ca->name = clone_str(name, "ca name");
+	ca->name = clone_str(name);
 
 	clone_args(KW_CA_FIRST, KW_CA_LAST, (char *)ca, (char *)def);
 }
@@ -896,8 +892,8 @@ free_also(also_t *head)
 		also_t *also = head;
 
 		head = also->next;
-		pfree(also->name);
-		pfree(also);
+		free(also->name);
+		free(also);
 	}
 }
 
@@ -942,7 +938,7 @@ confread_free(starter_config_t *cfg)
 
 		conn = conn->next;
 		confread_free_conn(conn_aux);
-		pfree(conn_aux);
+		free(conn_aux);
 	}
 
 	confread_free_ca(&cfg->ca_default);
@@ -953,10 +949,10 @@ confread_free(starter_config_t *cfg)
 
 		ca = ca->next;
 		confread_free_ca(ca_aux);
-		pfree(ca_aux);
+		free(ca_aux);
 	}
 
-	pfree(cfg);
+	free(cfg);
 }
 
 /*
@@ -980,7 +976,7 @@ confread_load(const char *file)
 	{
 		return NULL;
 	}
-	cfg = (starter_config_t *)alloc_thing(starter_config_t, "starter_config_t");
+	cfg = malloc_thing(starter_config_t);
 
 	/* set default values */
 	default_values(cfg);
@@ -1021,7 +1017,7 @@ confread_load(const char *file)
 		DBG(DBG_CONTROL,
 			DBG_log("Loading ca '%s'", sca->name)
 		)
-		ca = (starter_ca_t *)alloc_thing(starter_ca_t, "starter_ca_t");
+		ca = malloc_thing(starter_ca_t);
 
 		ca_default(sca->name, ca, &cfg->ca_default);
 		ca->kw =  sca->kw;
@@ -1092,7 +1088,7 @@ confread_load(const char *file)
 		DBG(DBG_CONTROL,
 			DBG_log("Loading conn '%s'", sconn->name)
 		)
-		conn = (starter_conn_t *)alloc_thing(starter_conn_t, "starter_conn_t");
+		conn = malloc_thing(starter_conn_t);
 
 		conn_default(sconn->name, conn, &cfg->conn_default);
 		conn->kw =  sconn->kw;