X-Git-Url: https://git.saurik.com/apple/ipsec.git/blobdiff_plain/476121220b14176dcbf5f70f47b9ef8e38f8b389..85f41bec1acc617e559a0eb4ae1c926b61c3169f:/ipsec-tools/racoon/isakmp_xauth.c

diff --git a/ipsec-tools/racoon/isakmp_xauth.c b/ipsec-tools/racoon/isakmp_xauth.c
index 4cf6c49..955a062 100644
--- a/ipsec-tools/racoon/isakmp_xauth.c
+++ b/ipsec-tools/racoon/isakmp_xauth.c
@@ -277,7 +277,11 @@ xauth_attr_reply(iph1, attr, id)
 
 		switch (isakmp_cfg_config.authsource) {
 		case ISAKMP_CFG_AUTH_SYSTEM:
+#ifdef HAVE_OPENSSL
 			res = privsep_xauth_login_system(usr, pwd);
+#else
+			res = xauth_login_system(usr, pwd);
+#endif
 			break;
 #ifdef HAVE_LIBRADIUS
 		case ISAKMP_CFG_AUTH_RADIUS:
@@ -318,7 +322,7 @@ xauth_attr_reply(iph1, attr, id)
 		if (throttle_delay > 0) {
 			char *str;
 
-			str = saddrwop2str(iph1->remote);
+			str = saddrwop2str((struct sockaddr *)iph1->remote);
 
 			plog(LLV_ERROR, LOCATION, NULL, 
 			    "Throttling in action for %s: delay %lds\n",
@@ -382,6 +386,12 @@ xauth_reply(iph1, port, id, res)
 	struct xauth_state *xst = &iph1->mode_cfg->xauth;
 	char *usr = xst->authdata.generic.usr;
 
+	if (iph1->is_dying) {
+		plog(LLV_INFO, LOCATION, NULL, 
+			 "dropped login for user \"%s\"\n", usr);
+		return -1;
+	}
+
 	if (res != 0) {
 		if (port != -1)
 			isakmp_cfg_putport(iph1, port);
@@ -634,7 +644,7 @@ PAM_conv(msg_count, msg, rsp, dontcare)
 int
 xauth_login_pam(port, raddr, usr, pwd)
 	int port;
-	struct sockaddr *raddr;
+	struct sockaddr_storage *raddr;
 	char *usr;
 	char *pwd;
 {
@@ -1578,7 +1588,6 @@ isakmp_xauth_set(iph1, attr)
 {
 	int type;
 	vchar_t *buffer = NULL;
-	char *data;
 	struct xauth_state *xst;
 	size_t dlen = 0;
 	char* mraw = NULL;
@@ -1651,6 +1660,8 @@ isakmp_xauth_set(iph1, attr)
 				((struct sockaddr_in*)iph1->remote)->sin_addr.s_addr, 0, NULL);
 
 			iph1->mode_cfg->flags |= ISAKMP_CFG_DELETE_PH1;
+
+			IPSECLOGASLMSG("IPSec Extended Authentication Failed.\n");
 		} else {
 			IPSECSESSIONTRACEREVENT(iph1->parent_session,
 									IPSECSESSIONEVENTCODE_IKEV1_XAUTH_SUCC,
@@ -1661,6 +1672,8 @@ isakmp_xauth_set(iph1, attr)
             if (iph1->is_rekey) {
                 xst->status = XAUTHST_OK;
             }
+
+			IPSECLOGASLMSG("IPSec Extended Authentication Passed.\n");
 		}