ipsec-164.9.tar.gz

[apple/ipsec.git] / ipsec-tools / racoon / isakmp_xauth.c

diff --git a/ipsec-tools/racoon/isakmp_xauth.c b/ipsec-tools/racoon/isakmp_xauth.c
index aeb5aa869debe582b5d56c216430d534edc5a90b..955a062c77d9d70467a54d6d6f1a106e30566aaa 100644 (file)
--- a/ipsec-tools/racoon/isakmp_xauth.c
+++ b/ipsec-tools/racoon/isakmp_xauth.c
@@ -277,7 +277,11 @@ xauth_attr_reply(iph1, attr, id)
 
                switch (isakmp_cfg_config.authsource) {
                case ISAKMP_CFG_AUTH_SYSTEM:
+#ifdef HAVE_OPENSSL
                        res = privsep_xauth_login_system(usr, pwd);
+#else
+                       res = xauth_login_system(usr, pwd);
+#endif
                        break;
 #ifdef HAVE_LIBRADIUS
                case ISAKMP_CFG_AUTH_RADIUS:
@@ -318,7 +322,7 @@ xauth_attr_reply(iph1, attr, id)
                if (throttle_delay > 0) {
                        char *str;
 
-                       str = saddrwop2str(iph1->remote);
+                       str = saddrwop2str((struct sockaddr *)iph1->remote);
 
                        plog(LLV_ERROR, LOCATION, NULL, 
                            "Throttling in action for %s: delay %lds\n",
@@ -382,6 +386,12 @@ xauth_reply(iph1, port, id, res)
        struct xauth_state *xst = &iph1->mode_cfg->xauth;
        char *usr = xst->authdata.generic.usr;
 
+       if (iph1->is_dying) {
+               plog(LLV_INFO, LOCATION, NULL, 
+                        "dropped login for user \"%s\"\n", usr);
+               return -1;
+       }
+
        if (res != 0) {
                if (port != -1)
                        isakmp_cfg_putport(iph1, port);
@@ -395,8 +405,7 @@ xauth_reply(iph1, port, id, res)
                /* Delete Phase 1 SA */
                if (iph1->status == PHASE1ST_ESTABLISHED)
                        isakmp_info_send_d1(iph1);
-               remph1(iph1);
-               delph1(iph1);
+               isakmp_ph1expire(iph1);
 
                return -1;
        }
@@ -635,7 +644,7 @@ PAM_conv(msg_count, msg, rsp, dontcare)
 int
 xauth_login_pam(port, raddr, usr, pwd)
        int port;
-       struct sockaddr *raddr;
+       struct sockaddr_storage *raddr;
        char *usr;
        char *pwd;
 {
@@ -1579,7 +1588,6 @@ isakmp_xauth_set(iph1, attr)
 {
        int type;
        vchar_t *buffer = NULL;
-       char *data;
        struct xauth_state *xst;
        size_t dlen = 0;
        char* mraw = NULL;
@@ -1652,6 +1660,8 @@ isakmp_xauth_set(iph1, attr)
                                ((struct sockaddr_in*)iph1->remote)->sin_addr.s_addr, 0, NULL);
 
                        iph1->mode_cfg->flags |= ISAKMP_CFG_DELETE_PH1;
+
+                       IPSECLOGASLMSG("IPSec Extended Authentication Failed.\n");
                } else {
                        IPSECSESSIONTRACEREVENT(iph1->parent_session,
                                                                        IPSECSESSIONEVENTCODE_IKEV1_XAUTH_SUCC,
@@ -1662,6 +1672,8 @@ isakmp_xauth_set(iph1, attr)
             if (iph1->is_rekey) {
                 xst->status = XAUTHST_OK;
             }
+
+                       IPSECLOGASLMSG("IPSec Extended Authentication Passed.\n");
                }