+ /* create isakmp CR payload if needed */
+ if (need_cr)
+ plist = isakmp_plist_append(plist,
+ cr, ISAKMP_NPTYPE_CR);
+ break;
+
+ case OAKLEY_ATTR_AUTH_METHOD_RSAENC:
+ case OAKLEY_ATTR_AUTH_METHOD_RSAREV:
+#ifdef ENABLE_HYBRID
+ case OAKLEY_ATTR_AUTH_METHOD_XAUTH_RSAENC_R:
+ case OAKLEY_ATTR_AUTH_METHOD_XAUTH_RSAREV_R:
+#endif
+ break;
+#ifdef HAVE_GSSAPI
+ case OAKLEY_ATTR_AUTH_METHOD_GSSAPI_KRB:
+ /* create buffer to send isakmp payload */
+ gsshash = gssapi_wraphash(iph1);
+ if (gsshash == NULL) {
+ plog(LLV_ERROR, LOCATION, NULL,
+ "failed to generate GSS HASH\n");
+ /*
+ * This is probably due to the GSS
+ * roundtrips not being finished yet.
+ * Return this error in the hope that
+ * a fallback to main mode will be done.
+ */
+ isakmp_info_send_n1(iph1,
+ ISAKMP_NTYPE_INVALID_EXCHANGE_TYPE, NULL);
+ goto end;
+ }
+ if (iph1->approval->gssid != NULL)
+ gss_sa =
+ ipsecdoi_setph1proposal(iph1->approval);
+ else
+ gss_sa = iph1->sa_ret;
+
+ if (gss_sa != iph1->sa_ret)
+ free_gss_sa = 1;
+
+ /* set SA payload to reply */
+ plist = isakmp_plist_append(plist,
+ gss_sa, ISAKMP_NPTYPE_SA);
+
+ /* create isakmp KE payload */
+ plist = isakmp_plist_append(plist,
+ iph1->dhpub, ISAKMP_NPTYPE_KE);
+
+ /* create isakmp NONCE payload */
+ plist = isakmp_plist_append(plist,
+ iph1->nonce, ISAKMP_NPTYPE_NONCE);
+
+ /* create isakmp ID payload */
+ plist = isakmp_plist_append(plist,
+ iph1->id, ISAKMP_NPTYPE_ID);
+
+ /* create GSS payload */
+ gssapi_get_token_to_send(iph1, &gsstoken);
+ plist = isakmp_plist_append(plist,
+ gsstoken, ISAKMP_NPTYPE_GSS);
+
+ /* create isakmp HASH payload */
+ plist = isakmp_plist_append(plist,
+ gsshash, ISAKMP_NPTYPE_HASH);
+
+ /* append vendor id, if needed */
+ break;
+#endif
+ }
projects / apple / ipsec.git / blobdiff