X-Git-Url: https://git.saurik.com/apple/ipsec.git/blobdiff_plain/05434fec7cb5667469bfde135b4d0a93524a9bc0..476121220b14176dcbf5f70f47b9ef8e38f8b389:/ipsec-tools/racoon/localconf.c diff --git a/ipsec-tools/racoon/localconf.c b/ipsec-tools/racoon/localconf.c index 381d1e8..7b2c5ba 100644 --- a/ipsec-tools/racoon/localconf.c +++ b/ipsec-tools/racoon/localconf.c @@ -64,7 +64,11 @@ #ifdef __APPLE__ #include +#if HAVE_SECURITY_FRAMEWORK #include +#else +typedef void * SecKeychainRef; +#endif #endif struct localconf *lcconf; @@ -81,6 +85,7 @@ initlcconf() setdefault(); lcconf->sock_vpncontrol = -1; /* not to be done during flush */ lcconf->racoon_conf = LC_DEFAULT_CF; + TAILQ_INIT(&lcconf->saved_msg_queue); } void @@ -134,6 +139,7 @@ setdefault() lcconf->natt_ka_interval = LC_DEFAULT_NATT_KA_INTERVAL; lcconf->auto_exit_delay = 0; lcconf->auto_exit_state &= ~LC_AUTOEXITSTATE_SET; + lcconf->auto_exit_state |= LC_AUTOEXITSTATE_CLIENT; /* always auto exit as default */ } /* @@ -164,7 +170,7 @@ end: return key; } -#ifdef __APPLE__ +#if defined(__APPLE__) && HAVE_KEYCHAIN /* * get PSK from keyChain. */ @@ -209,7 +215,7 @@ getpskfromkeychain(const char *name, u_int8_t etype, int secrettype, vchar_t *id case IPSECDOI_ID_IPV6_ADDR_RANGE: case IPSECDOI_ID_DER_ASN1_DN: case IPSECDOI_ID_DER_ASN1_GN: - goto end; + goto no_id; break; case IPSECDOI_ID_FQDN: @@ -238,11 +244,23 @@ getpskfromkeychain(const char *name, u_int8_t etype, int secrettype, vchar_t *id &cur_password, NULL); + /* try find it using using only the peer id. */ + if (status == errSecItemNotFound) + status = SecKeychainFindGenericPassword(keychain, + idlen, + peer_id, + 0, + 0, + &cur_password_len, + &cur_password, + NULL); + if (status == noErr) goto end; /* otherwise fall through to use the default value */ } +no_id: /* use the value in remote config sharedsecret field this is either the value specified for lookup or the default when lookup by id fails. @@ -481,3 +499,5 @@ doitype2doi(doitype) return -1; } + +