]> git.saurik.com Git - apple/network_cmds.git/commitdiff
projects / apple / network_cmds.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 3daef39)
network_cmds-245.11.tar.gz mac-os-x-1045x86 v245.11
authorApple <opensource@apple.com>
Wed, 18 Jan 2006 23:21:26 +0000 (23:21 +0000)
committerApple <opensource@apple.com>
Wed, 18 Jan 2006 23:21:26 +0000 (23:21 +0000)
netstat.tproj/if.c patch | blob | blame | history
racoon.tproj/isakmp.c patch | blob | blame | history
racoon.tproj/isakmp_agg.c patch | blob | blame | history
racoon.tproj/isakmp_ident.c patch | blob | blame | history
racoon.tproj/oakley.c patch | blob | blame | history

diff --git a/netstat.tproj/if.c b/netstat.tproj/if.c
index ecee15d5753a15b988935bce103b8793a45894a0..49fab945c11ca5c1c75cbf709145eef9cf8260a4 100644 (file)
--- a/netstat.tproj/if.c
+++ b/netstat.tproj/if.c
@@ -36,7 +36,7 @@
 static char sccsid[] = "@(#)if.c       8.3 (Berkeley) 4/28/95";
 */
 static const char rcsid[] =
-       "$Id: if.c,v 1.6 2005/01/25 00:10:05 lindak Exp $";
+       "$Id: if.c,v 1.6.40.1 2006/01/10 05:26:27 lindak Exp $";
 #endif /* not lint */
 
 #include <sys/types.h>
@@ -380,7 +380,7 @@ intpr(void (*pfunc)(char *))
                                memcpy(&mask, rti_info[RTAX_NETMASK], ((struct sockaddr_in *)rti_info[RTAX_NETMASK])->sin_len);
                                
                                printf("%-13.13s ", netname(sin->sin_addr.s_addr & mask.sin_addr.s_addr,
-                                   mask.sin_addr.s_addr));
+                                   ntohl(mask.sin_addr.s_addr)));
 
                                printf("%-15.15s ",
                                    routename(sin->sin_addr.s_addr));
diff --git a/racoon.tproj/isakmp.c b/racoon.tproj/isakmp.c
index 48c296769ce9952866c88ba50bf8bdc3c52e2eaf..900a0520c307b6c3c67c9af87990a594ed4a95a7 100644 (file)
--- a/racoon.tproj/isakmp.c
+++ b/racoon.tproj/isakmp.c
@@ -194,7 +194,7 @@ isakmp_handler(so_isakmp)
        /* reject if the size is toooo big */
        if (ntohl(isakmp.len) > 0xffff) {
                plog(LLV_ERROR, LOCATION, NULL,
-                       "the length of the isakmp header is too big.\n");
+                       "the length in the isakmp header is too big.\n");
                if ((len = recvfrom(so_isakmp, (char *)&isakmp, sizeof(isakmp),
                            0, (struct sockaddr *)&remote, &remote_len)) < 0) {
                        plog(LLV_ERROR, LOCATION, NULL,
@@ -318,6 +318,32 @@ isakmp_natt_handler(so_isakmp)
                        "failed to receive isakmp packet\n");
                goto end;
        }
+
+
+       /* check isakmp header length */
+       if (len < sizeof(temp_buffer)) {
+               plog(LLV_ERROR, LOCATION, (struct sockaddr *)&remote,
+                       "packet shorter than isakmp header size.\n");
+               /* dummy receive */
+               if ((len = recvfrom(so_isakmp, (char *)temp_buffer, sizeof(temp_buffer),
+                       0, (struct sockaddr *)&remote, &remote_len)) < 0) {
+                       plog(LLV_ERROR, LOCATION, NULL,
+                               "failed to receive isakmp packet\n");
+               }
+               goto end;
+       }
+
+       /* reject if the size is toooo big */
+       if (ntohl(isakmp->len) > 0xffff) {
+               plog(LLV_ERROR, LOCATION, NULL,
+                       "the length in the isakmp header is too big.\n");
+               if ((len = recvfrom(so_isakmp, (char *)temp_buffer, sizeof(temp_buffer),
+                       0, (struct sockaddr *)&remote, &remote_len)) < 0) {
+                       plog(LLV_ERROR, LOCATION, NULL,
+                               "failed to receive isakmp packet\n");
+               }
+               goto end;
+       }
        
        /* remove the four bytes of zeros on nat traversal port */
        if (*(u_long*)temp_buffer != 0L)
@@ -325,18 +351,11 @@ isakmp_natt_handler(so_isakmp)
                /*
                 * This is a UDP encapsulated IPSec packet,
                 * we should drop it.
-                *
-                * TBD: Need a way to read the packet.
                 * The kernel intercepts these packets on Mac OS X
-                * but not all kernels will handle this the same way.
+                * so we should not get here.
                 */
-               goto end;
-       }
-
-       /* check isakmp header length */
-       if (len < sizeof(temp_buffer)) {
                plog(LLV_ERROR, LOCATION, (struct sockaddr *)&remote,
-                       "packet shorter than isakmp header size.\n");
+                       "invalid packet - expected non-ESP marker.\n");
                /* dummy receive */
                if ((len = recvfrom(so_isakmp, (char *)temp_buffer, sizeof(temp_buffer),
                            0, (struct sockaddr *)&remote, &remote_len)) < 0) {
diff --git a/racoon.tproj/isakmp_agg.c b/racoon.tproj/isakmp_agg.c
index 7d31b9f3e0034535287d1e286c86971600a44d0c..bcad8051ee5d2a6d93baf4aed9f877fe41aa5a74 100644 (file)
--- a/racoon.tproj/isakmp_agg.c
+++ b/racoon.tproj/isakmp_agg.c
@@ -420,7 +420,11 @@ agg_i2recv(iph1, msg)
        natt_select_type(iph1);
        
        /* payload existency check */
-       /* XXX to be checked each authentication method. */
+       if (iph1->dhpub_p == NULL || iph1->nonce_p == NULL) {
+               plog(LLV_ERROR, LOCATION, iph1->remote,
+                       "required payloads missing from isakmp message.\n");
+               goto end;
+       }
 
        /* verify identifier */
        if (ipsecdoi_checkid1(iph1) != 0) {
@@ -705,10 +709,17 @@ agg_i2send(iph1, msg)
 
 #ifdef IKE_NAT_T
        if (natd_type) {
-               if (iph1->local_natd)
-                       p = set_isakmp_payload(p, iph1->local_natd, natd_type);
-               if (iph1->remote_natd)
-                       p = set_isakmp_payload(p, iph1->remote_natd, ISAKMP_NPTYPE_NONE);
+               if ((iph1->natt_flags & NATT_TYPE_MASK) == natt_type_apple) {
+                       if (iph1->local_natd)
+                               p = set_isakmp_payload(p, iph1->local_natd, natd_type);
+                       if (iph1->remote_natd)
+                               p = set_isakmp_payload(p, iph1->remote_natd, ISAKMP_NPTYPE_NONE);
+               } else {
+                       if (iph1->remote_natd)
+                               p = set_isakmp_payload(p, iph1->remote_natd, natd_type);
+                       if (iph1->local_natd)
+                               p = set_isakmp_payload(p, iph1->local_natd, ISAKMP_NPTYPE_NONE);
+               }
        }
 #endif
 
@@ -847,7 +858,11 @@ agg_r1recv(iph1, msg)
        }
 
        /* payload existency check */
-       /* XXX to be checked each authentication method. */
+       if (iph1->dhpub_p == NULL || iph1->nonce_p == NULL) {
+               plog(LLV_ERROR, LOCATION, iph1->remote,
+                       "required payloads missing from isakmp message.\n");
+               goto end;
+       }
 
        /* verify identifier */
        if (ipsecdoi_checkid1(iph1) != 0) {
@@ -1155,10 +1170,17 @@ agg_r1send(iph1, msg)
 #ifdef IKE_NAT_T
                if (nattvid) {
                        p = set_isakmp_payload(p, nattvid, iph1->natd_payload_type);
-                       if (iph1->local_natd)
-                               p = set_isakmp_payload(p, iph1->local_natd, iph1->natd_payload_type);
-                       if (iph1->remote_natd)
-                               p = set_isakmp_payload(p, iph1->remote_natd, ISAKMP_NPTYPE_NONE);
+                       if ((iph1->natt_flags & NATT_TYPE_MASK) == natt_type_apple) {
+                               if (iph1->local_natd)
+                                       p = set_isakmp_payload(p, iph1->local_natd, iph1->natd_payload_type);
+                               if (iph1->remote_natd)
+                                       p = set_isakmp_payload(p, iph1->remote_natd, ISAKMP_NPTYPE_NONE);
+                       } else {
+                               if (iph1->remote_natd)
+                                       p = set_isakmp_payload(p, iph1->remote_natd, iph1->natd_payload_type);
+                               if (iph1->local_natd)
+                                       p = set_isakmp_payload(p, iph1->local_natd, ISAKMP_NPTYPE_NONE);
+                       }
                }
 #endif
                break;
@@ -1242,10 +1264,17 @@ agg_r1send(iph1, msg)
 #ifdef IKE_NAT_T
        if (nattvid) {
                p = set_isakmp_payload(p, nattvid, iph1->natd_payload_type);
-               if (iph1->local_natd)
-                       p = set_isakmp_payload(p, iph1->local_natd, iph1->natd_payload_type);
-               if (iph1->remote_natd)
-                       p = set_isakmp_payload(p, iph1->remote_natd, ISAKMP_NPTYPE_NONE);
+               if ((iph1->natt_flags & NATT_TYPE_MASK) == natt_type_apple) {
+                       if (iph1->local_natd)
+                               p = set_isakmp_payload(p, iph1->local_natd, iph1->natd_payload_type);
+                       if (iph1->remote_natd)
+                               p = set_isakmp_payload(p, iph1->remote_natd, ISAKMP_NPTYPE_NONE);
+               } else {
+                       if (iph1->remote_natd)
+                               p = set_isakmp_payload(p, iph1->remote_natd, iph1->natd_payload_type);
+                       if (iph1->local_natd)
+                               p = set_isakmp_payload(p, iph1->local_natd, ISAKMP_NPTYPE_NONE);
+               }               
        }
 #endif
 
diff --git a/racoon.tproj/isakmp_ident.c b/racoon.tproj/isakmp_ident.c
index ca55619129ca50d3c357a221d748f9a1bc155ba3..6ed424f31c7a443a394b00bf7ba88ff1313d943c 100644 (file)
--- a/racoon.tproj/isakmp_ident.c
+++ b/racoon.tproj/isakmp_ident.c
@@ -1649,10 +1649,17 @@ ident_ir2mx(iph1)
 
 #ifdef IKE_NAT_T
        if (natd_type) {
-               if (iph1->local_natd)
-                       p = set_isakmp_payload(p, iph1->local_natd, natd_type);
-               if (iph1->remote_natd)
-                       p = set_isakmp_payload(p, iph1->remote_natd, ISAKMP_NPTYPE_NONE);
+               if ((iph1->natt_flags & NATT_TYPE_MASK) == natt_type_apple) {
+                       if (iph1->local_natd)
+                               p = set_isakmp_payload(p, iph1->local_natd, natd_type);
+                       if (iph1->remote_natd)
+                               p = set_isakmp_payload(p, iph1->remote_natd, ISAKMP_NPTYPE_NONE);
+               } else {
+                       if (iph1->remote_natd)
+                               p = set_isakmp_payload(p, iph1->remote_natd, natd_type);
+                       if (iph1->local_natd)
+                               p = set_isakmp_payload(p, iph1->local_natd, ISAKMP_NPTYPE_NONE);
+               }
        }
 #endif
        error = 0;
diff --git a/racoon.tproj/oakley.c b/racoon.tproj/oakley.c
index 8d1a475045ee426a769f07f3a3142d4ac4323cf0..3c7cb819baef0c38bdd54295b2cb08c8d6cd6a5e 100644 (file)
--- a/racoon.tproj/oakley.c
+++ b/racoon.tproj/oakley.c
@@ -2099,14 +2099,14 @@ oakley_skeyid(iph1)
 
        /* SKEYID */
        switch(iph1->approval->authmethod) {
-       case OAKLEY_ATTR_AUTH_METHOD_PSKEY:     
-               if (iph1->nonce_p == NULL) {
-                       plog(LLV_ERROR, LOCATION, NULL,
-                               "no nonce payload received from peer.\n");
-                       goto end;
-               }
-        /* if we have a preshared key defined, just use it */
-       if (iph1->rmconf->shared_secret) {
+       case OAKLEY_ATTR_AUTH_METHOD_PSKEY:
+                               if (iph1->nonce_p == NULL) {
+                                       plog(LLV_ERROR, LOCATION, NULL,
+                                               "no nonce payload received from peer.\n");
+                                       goto end;
+                               }
+                /* if we have a preshared key defined, just use it */
+                if (iph1->rmconf->shared_secret) {
 
                        switch (iph1->rmconf->secrettype) {
                                case SECRETTYPE_KEY:
mirror of network_cmds