From: Apple Date: Wed, 15 Feb 2006 01:39:45 +0000 (+0000) Subject: network_cmds-245.12.tar.gz X-Git-Tag: mac-os-x-1046ppc^0 X-Git-Url: https://git.saurik.com/apple/network_cmds.git/commitdiff_plain/c688725629e05b86c13cf47e9756dd332fa510c6 network_cmds-245.12.tar.gz --- diff --git a/racoon.tproj/cftoken.l b/racoon.tproj/cftoken.l index 2a465c7..d9f15bb 100644 --- a/racoon.tproj/cftoken.l +++ b/racoon.tproj/cftoken.l @@ -336,6 +336,7 @@ vendor_id { YYD; yywarn("it is obsoleted."); return(VENDORID); } user_fqdn { YYD; yylval.num = IDTYPE_USERFQDN; return(IDENTIFIERTYPE); } fqdn { YYD; yylval.num = IDTYPE_FQDN; return(IDENTIFIERTYPE); } keyid { YYD; yylval.num = IDTYPE_KEYID; return(IDENTIFIERTYPE); } +keyid_use { YYD; yylval.num = IDTYPE_KEYIDUSE; return(IDENTIFIERTYPE); } address { YYD; yylval.num = IDTYPE_ADDRESS; return(IDENTIFIERTYPE); } asn1dn { YYD; yylval.num = IDTYPE_ASN1DN; return(IDENTIFIERTYPE); } certname { YYD; yywarn("certname will be obsoleted in near future."); yylval.num = IDTYPE_ASN1DN; return(IDENTIFIERTYPE); } diff --git a/racoon.tproj/ipsec_doi.c b/racoon.tproj/ipsec_doi.c index 0b49274..26567af 100644 --- a/racoon.tproj/ipsec_doi.c +++ b/racoon.tproj/ipsec_doi.c @@ -3192,6 +3192,7 @@ ipsecdoi_setid1(iph1) ident = getidval(iph1->rmconf->idvtype, iph1->rmconf->idv); break; case IDTYPE_KEYID: + case IDTYPE_KEYIDUSE: id_b.type = IPSECDOI_ID_KEY_ID; ident = getidval(iph1->rmconf->idvtype, iph1->rmconf->idv); break; @@ -3319,6 +3320,7 @@ set_identifier(vpp, type, value) switch (type) { case IDTYPE_FQDN: case IDTYPE_USERFQDN: + case IDTYPE_KEYIDUSE: /* length is adjusted since QUOTEDSTRING teminates NULL. */ new = vmalloc(value->l - 1); if (new == NULL) diff --git a/racoon.tproj/ipsec_doi.h b/racoon.tproj/ipsec_doi.h index 1b53b5d..aabd681 100644 --- a/racoon.tproj/ipsec_doi.h +++ b/racoon.tproj/ipsec_doi.h @@ -180,6 +180,7 @@ struct ipsecdoi_pl_id { #define IDTYPE_KEYID 2 #define IDTYPE_ADDRESS 3 #define IDTYPE_ASN1DN 4 +#define IDTYPE_KEYIDUSE 5 /* shared secret type, it's internal use. */ #define SECRETTYPE_USE 0 diff --git a/racoon.tproj/isakmp_agg.c b/racoon.tproj/isakmp_agg.c index bcad805..2f1ebc5 100644 --- a/racoon.tproj/isakmp_agg.c +++ b/racoon.tproj/isakmp_agg.c @@ -457,18 +457,7 @@ agg_i2recv(iph1, msg) pa->type != ISAKMP_NPTYPE_NONE; pa++) { - if (pa->type == ISAKMP_NPTYPE_NATD_RFC || - pa->type == ISAKMP_NPTYPE_NATD_DRAFT || - pa->type == ISAKMP_NPTYPE_NATD_BADDRAFT) - { - if (pa->type != iph1->natd_payload_type) { - plog(LLV_ERROR, LOCATION, iph1->remote, - "ignore the packet, " - "received unexpected natd payload type %d.\n", - pa->type); - goto end; - } - + if (pa->type == iph1->natd_payload_type) { natd_match_t match = natd_matches(iph1, pa->ptr); iph1->natt_flags |= natt_natd_received; if ((match & natd_match_local) != 0) @@ -1388,15 +1377,7 @@ agg_r2recv(iph1, msg0) case ISAKMP_NPTYPE_NATD_DRAFT: case ISAKMP_NPTYPE_NATD_BADDRAFT: #ifdef IKE_NAT_T - if (pa->type != iph1->natd_payload_type) { - plog(LLV_ERROR, LOCATION, iph1->remote, - "ignore the packet, " - "received unexpected natd payload type %d.\n", - pa->type); - goto end; - } - - { + if (pa->type == iph1->natd_payload_type) { natd_match_t match = natd_matches(iph1, pa->ptr); iph1->natt_flags |= natt_natd_received; if ((match & natd_match_local) != 0) diff --git a/racoon.tproj/isakmp_ident.c b/racoon.tproj/isakmp_ident.c index 6ed424f..e5c46c2 100644 --- a/racoon.tproj/isakmp_ident.c +++ b/racoon.tproj/isakmp_ident.c @@ -441,17 +441,9 @@ ident_i3recv(iph1, msg) case ISAKMP_NPTYPE_NATD_DRAFT: case ISAKMP_NPTYPE_NATD_BADDRAFT: #ifdef IKE_NAT_T - { - natd_match_t match; - if (pa->type != iph1->natd_payload_type) { - plog(LLV_ERROR, LOCATION, iph1->remote, - "ignore the packet, " - "received unexpected natd payload type %d.\n", - pa->type); - goto end; - } - match = natd_matches(iph1, pa->ptr); + if (pa->type == iph1->natd_payload_type) { + natd_match_t match = natd_matches(iph1, pa->ptr); iph1->natt_flags |= natt_natd_received; if ((match & natd_match_local) != 0) iph1->natt_flags |= natt_no_local_nat; @@ -1098,17 +1090,8 @@ ident_r2recv(iph1, msg) case ISAKMP_NPTYPE_NATD_DRAFT: case ISAKMP_NPTYPE_NATD_BADDRAFT: #ifdef IKE_NAT_T - { - natd_match_t match; - - if (pa->type != iph1->natd_payload_type) { - plog(LLV_ERROR, LOCATION, iph1->remote, - "ignore the packet, " - "received unexpected natd payload type %d.\n", - pa->type); - goto end; - } - match = natd_matches(iph1, pa->ptr); + if (pa->type == iph1->natd_payload_type) { + natd_match_t match = natd_matches(iph1, pa->ptr); iph1->natt_flags |= natt_natd_received; if ((match & natd_match_local) != 0) iph1->natt_flags |= natt_no_local_nat;