Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/netbsd-2-0]: src Apply patch (requested by itojun in ticket #505):
details: https://anonhg.NetBSD.org/src/rev/66eee69aa188
branches: netbsd-2-0
changeset: 561452:66eee69aa188
user: tron <tron%NetBSD.org@localhost>
date: Thu Jun 17 12:38:09 2004 +0000
description:
Apply patch (requested by itojun in ticket #505):
version 20040617a, includes important fix about cert handling
diffstat:
crypto/dist/kame/racoon/Makefile.in | 21 +-
crypto/dist/kame/racoon/algorithm.c | 4 +-
crypto/dist/kame/racoon/auth_gssapi.h | 92 +
crypto/dist/kame/racoon/cfparse.y | 20 +-
crypto/dist/kame/racoon/cftoken.l | 4 +-
crypto/dist/kame/racoon/configure | 528 +++---
crypto/dist/kame/racoon/configure.in | 14 +-
crypto/dist/kame/racoon/crypto_openssl.c | 142 +-
crypto/dist/kame/racoon/crypto_openssl.h | 6 +-
crypto/dist/kame/racoon/dhgroup.h | 4 +-
crypto/dist/kame/racoon/eaytest.c | 26 +-
crypto/dist/kame/racoon/grabmyaddr.c | 11 +-
crypto/dist/kame/racoon/gssapi.c | 6 +-
crypto/dist/kame/racoon/gssapi.h | 92 -
crypto/dist/kame/racoon/handler.c | 8 +-
crypto/dist/kame/racoon/ipsec_doi.c | 111 +-
crypto/dist/kame/racoon/isakmp.c | 59 +-
crypto/dist/kame/racoon/isakmp_agg.c | 137 +-
crypto/dist/kame/racoon/isakmp_base.c | 88 +-
crypto/dist/kame/racoon/isakmp_ident.c | 118 +-
crypto/dist/kame/racoon/isakmp_inf.c | 17 +-
crypto/dist/kame/racoon/isakmp_quick.c | 4 +-
crypto/dist/kame/racoon/isakmp_var.h | 12 +-
crypto/dist/kame/racoon/kmpstat.c | 54 +-
crypto/dist/kame/racoon/missing/crypto/sha2/sha2.c | 4 +-
crypto/dist/kame/racoon/oakley.c | 52 +-
crypto/dist/kame/racoon/oakley.h | 12 +-
crypto/dist/kame/racoon/pfkey.c | 18 +-
crypto/dist/kame/racoon/print-isakmp.c | 1392 ++++++++++++++++++++
crypto/dist/kame/racoon/proposal.c | 6 +-
crypto/dist/kame/racoon/racoon.conf.5 | 21 +-
crypto/dist/kame/racoon/session.c | 4 +-
crypto/dist/kame/racoon/sockmisc.c | 10 +-
crypto/dist/kame/racoon/strnames.c | 4 +-
crypto/dist/kame/racoon/tcpdump/addrtoname.h | 46 +
crypto/dist/kame/racoon/tcpdump/extract.h | 98 +
crypto/dist/kame/racoon/tcpdump/interface.h | 330 ++++
crypto/dist/kame/racoon/tcpdump/ipsec_doi.h | 151 ++
crypto/dist/kame/racoon/tcpdump/isakmp.h | 378 +++++
crypto/dist/kame/racoon/tcpdump/oakley.h | 126 +
usr.sbin/racoon/Makefile | 2 +-
usr.sbin/racoon/Makefile.inc | 4 +-
usr.sbin/racoon/libpfkey/Makefile | 9 +-
usr.sbin/racoon/racoon/Makefile | 2 +-
44 files changed, 3438 insertions(+), 809 deletions(-)
diffs (truncated from 7608 to 300 lines):
diff -r 090866d66dd1 -r 66eee69aa188 crypto/dist/kame/racoon/Makefile.in
--- a/crypto/dist/kame/racoon/Makefile.in Thu Jun 17 09:29:41 2004 +0000
+++ b/crypto/dist/kame/racoon/Makefile.in Thu Jun 17 12:38:09 2004 +0000
@@ -1,4 +1,4 @@
-# $KAME: Makefile.in,v 1.40 2003/08/19 09:09:15 itojun Exp $
+# $KAME: Makefile.in,v 1.43 2004/06/17 02:42:53 itojun Exp $
@SET_MAKE@
srcdir= @srcdir@
@@ -32,6 +32,10 @@
proposal.o sainfo.o cfparse.o cftoken.o strnames.o \
vmbuf.o plog.o logger.o schedule.o str2val.o misc.o sockmisc.o \
safefile.o backupsa.o @LIBOBJS@ @CRYPTOBJS@ @DEBUGRMOBJS@
+
+EAYTESTOBJS= eaytest.o crypto_openssl_test.o misc.o vmbuf.o str2val.o \
+ @CRYPTOBJS@ @DEBUGRMOBJS@
+
# under samples
CONF= psk.txt racoon.conf
@@ -40,26 +44,19 @@
racoon: $(OBJS)
$(CC) $(LDFLAGS) -o $@ $(OBJS) $(LIBS)
-racoonctl: kmpstat.o misc_noplog.o vmbuf.o str2val.o
- $(CC) $(LDFLAGS) -o $@ kmpstat.o misc_noplog.o vmbuf.o str2val.o \
+racoonctl: kmpstat.o misc.o vmbuf.o str2val.o
+ $(CC) $(LDFLAGS) -o $@ kmpstat.o misc.o vmbuf.o str2val.o \
$(LIBS) @DEBUGRMOBJS@
pfkey: dummy.o
$(CC) $(LDFLAGS) -o $@ dummy.o
-eaytest: eaytest.o crypto_openssl_test.o misc_noplog.o vmbuf.o str2val.o
- $(CC) $(LDFLAGS) -o $@ eaytest.o crypto_openssl_test.o misc_noplog.o \
- vmbuf.o str2val.o $(LIBS) @CRYPTOBJS@ @DEBUGRMOBJS@
+eaytest: $(EAYTESTOBJS)
+ $(CC) $(LDFLAGS) -o $@ $(EAYTESTOBJS) $(LIBS)
# special object rules
crypto_openssl_test.o: crypto_openssl.c
$(CC) $(CFLAGS) -DEAYDEBUG -o crypto_openssl_test.o -c crypto_openssl.c
-misc_noplog.o: misc.c
- $(CC) -DNOUSE_PLOG -o misc_noplog.o -c misc.c
-
-# extra
-print-isakmp.o: $(srcdir)/../tcpdump/print-isakmp.c
- $(CC) $(CFLAGS) -c $(srcdir)/../tcpdump/$*.c
# missing/*.c
strdup.o: $(srcdir)/missing/strdup.c
diff -r 090866d66dd1 -r 66eee69aa188 crypto/dist/kame/racoon/algorithm.c
--- a/crypto/dist/kame/racoon/algorithm.c Thu Jun 17 09:29:41 2004 +0000
+++ b/crypto/dist/kame/racoon/algorithm.c Thu Jun 17 12:38:09 2004 +0000
@@ -1,4 +1,4 @@
-/* $KAME: algorithm.c,v 1.28 2003/07/12 08:44:44 itojun Exp $ */
+/* $KAME: algorithm.c,v 1.29 2003/10/21 07:18:03 itojun Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -30,7 +30,7 @@
*/
#include <sys/cdefs.h>
-__RCSID("$NetBSD: algorithm.c,v 1.6 2003/10/21 03:06:55 fvdl Exp $");
+__RCSID("$NetBSD: algorithm.c,v 1.6.2.1 2004/06/17 12:38:09 tron Exp $");
#include <sys/param.h>
#include <sys/types.h>
diff -r 090866d66dd1 -r 66eee69aa188 crypto/dist/kame/racoon/auth_gssapi.h
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/crypto/dist/kame/racoon/auth_gssapi.h Thu Jun 17 12:38:09 2004 +0000
@@ -0,0 +1,92 @@
+/* $KAME: auth_gssapi.h,v 1.1 2004/03/18 00:27:56 sakane Exp $ */
+
+/*
+ * Copyright 2000 Wasabi Systems, Inc.
+ * All rights reserved.
+ *
+ * This software was written by Frank van der Linden of Wasabi Systems
+ * for Zembu Labs, Inc. http://www.zembu.com/
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by Wasabi Systems for
+ * Zembu Labs, Inc. http://www.zembu.com/
+ * 4. The name of Wasabi Systems, Inc. may not be used to endorse
+ * or promote products derived from this software without specific prior
+ * written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY WASABI SYSTEMS, INC. ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL WASABI SYSTEMS, INC
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifdef __FreeBSD__
+#include <gssapi.h>
+#else
+#include <gssapi/gssapi.h>
+#endif
+
+#define GSSAPI_DEF_NAME "ike"
+
+struct ph1handle;
+struct isakmpsa;
+
+struct gssapi_ph1_state {
+ int gsscnt; /* # of token we're working on */
+ int gsscnt_p; /* # of token we're working on */
+
+ gss_buffer_desc gss[3]; /* gss-api tokens. */
+ /* NOTE: XXX this restricts the max # */
+ /* to 3. More should never happen */
+
+ gss_buffer_desc gss_p[3];
+
+ gss_ctx_id_t gss_context; /* context for gss_init_sec_context */
+
+ OM_uint32 gss_status; /* retval from gss_init_sec_context */
+ gss_cred_id_t gss_cred; /* acquired credentials */
+
+ int gss_flags;
+#define GSSFLAG_ID_SENT 0x0001
+#define GSSFLAG_ID_RCVD 0x0001
+};
+
+#define gssapi_get_state(ph) \
+ ((struct gssapi_ph1_state *)((ph)->gssapi_state))
+
+#define gssapi_set_state(ph, st) \
+ (ph)->gssapi_state = (st)
+
+#define gssapi_more_tokens(ph) \
+ ((gssapi_get_state(ph)->gss_status & GSS_S_CONTINUE_NEEDED) != 0)
+
+int gssapi_get_itoken __P((struct ph1handle *, int *));
+int gssapi_get_rtoken __P((struct ph1handle *, int *));
+int gssapi_save_received_token __P((struct ph1handle *, vchar_t *));
+int gssapi_get_token_to_send __P((struct ph1handle *, vchar_t **));
+int gssapi_get_itokens __P((struct ph1handle *, vchar_t **));
+int gssapi_get_rtokens __P((struct ph1handle *, vchar_t **));
+vchar_t *gssapi_wraphash __P((struct ph1handle *));
+vchar_t *gssapi_unwraphash __P((struct ph1handle *));
+void gssapi_set_id_sent __P((struct ph1handle *));
+int gssapi_id_sent __P((struct ph1handle *));
+void gssapi_set_id_rcvd __P((struct ph1handle *));
+int gssapi_id_rcvd __P((struct ph1handle *));
+void gssapi_free_state __P((struct ph1handle *));
+vchar_t *gssapi_get_default_id __P((struct ph1handle *));
diff -r 090866d66dd1 -r 66eee69aa188 crypto/dist/kame/racoon/cfparse.y
--- a/crypto/dist/kame/racoon/cfparse.y Thu Jun 17 09:29:41 2004 +0000
+++ b/crypto/dist/kame/racoon/cfparse.y Thu Jun 17 12:38:09 2004 +0000
@@ -1,4 +1,4 @@
-/* $KAME: cfparse.y,v 1.118 2003/07/12 09:34:48 itojun Exp $ */
+/* $KAME: cfparse.y,v 1.121 2004/03/27 03:27:45 suz Exp $ */
%{
/*
@@ -31,7 +31,7 @@
*/
#include <sys/cdefs.h>
-__RCSID("$NetBSD: cfparse.y,v 1.19 2003/08/26 03:31:51 itojun Exp $");
+__RCSID("$NetBSD: cfparse.y,v 1.19.2.1 2004/06/17 12:38:09 tron Exp $");
#include <sys/types.h>
#include <sys/param.h>
@@ -76,7 +76,7 @@
#include "strnames.h"
#include "gcmalloc.h"
#ifdef HAVE_GSSAPI
-#include "gssapi.h"
+#include "auth_gssapi.h"
#endif
#include "vendorid.h"
@@ -115,6 +115,19 @@
OAKLEY_ATTR_GRP_DESC_EC2N155,
OAKLEY_ATTR_GRP_DESC_EC2N185,
OAKLEY_ATTR_GRP_DESC_MODP1536,
+ 0,
+ 0,
+ 0,
+ 0,
+ 0,
+ 0,
+ 0,
+ 0,
+ OAKLEY_ATTR_GRP_DESC_MODP2048,
+ OAKLEY_ATTR_GRP_DESC_MODP3072,
+ OAKLEY_ATTR_GRP_DESC_MODP4096,
+ OAKLEY_ATTR_GRP_DESC_MODP6144,
+ OAKLEY_ATTR_GRP_DESC_MODP8192
};
static struct remoteconf *cur_rmconf;
@@ -1428,6 +1441,7 @@
flushph1();
flushrmconf();
cleanprhead();
+ flushsainfo();
clean_tmpalgtype();
yycf_init_buffer();
diff -r 090866d66dd1 -r 66eee69aa188 crypto/dist/kame/racoon/cftoken.l
--- a/crypto/dist/kame/racoon/cftoken.l Thu Jun 17 09:29:41 2004 +0000
+++ b/crypto/dist/kame/racoon/cftoken.l Thu Jun 17 12:38:09 2004 +0000
@@ -1,4 +1,4 @@
-/* $KAME: cftoken.l,v 1.72 2003/07/12 09:34:48 itojun Exp $ */
+/* $KAME: cftoken.l,v 1.73 2003/10/21 07:18:03 itojun Exp $ */
%{
/*
@@ -31,7 +31,7 @@
*/
#include <sys/cdefs.h>
-__RCSID("$NetBSD: cftoken.l,v 1.13 2003/10/21 03:06:55 fvdl Exp $");
+__RCSID("$NetBSD: cftoken.l,v 1.13.2.1 2004/06/17 12:38:09 tron Exp $");
#include <sys/types.h>
#include <sys/param.h>
diff -r 090866d66dd1 -r 66eee69aa188 crypto/dist/kame/racoon/configure
--- a/crypto/dist/kame/racoon/configure Thu Jun 17 09:29:41 2004 +0000
+++ b/crypto/dist/kame/racoon/configure Thu Jun 17 12:38:09 2004 +0000
@@ -38,6 +38,8 @@
ac_help="$ac_help
--with-dmalloc=DIR specify Dmalloc directory"
ac_help="$ac_help
+ --with-tcpdump use tcpdump decoder on debugging"
+ac_help="$ac_help
--enable-ipv6 Enable ipv6 (with ipv4) support
--disable-ipv6 Disable ipv6 support"
ac_help="$ac_help
@@ -562,7 +564,7 @@
# Extract the first word of "gcc", so it can be a program name with args.
set dummy gcc; ac_word=$2
echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
-echo "configure:566: checking for $ac_word" >&5
+echo "configure:568: checking for $ac_word" >&5
if eval "test \"`echo '$''{'ac_cv_prog_CC'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
else
@@ -592,7 +594,7 @@
# Extract the first word of "cc", so it can be a program name with args.
set dummy cc; ac_word=$2
echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
-echo "configure:596: checking for $ac_word" >&5
+echo "configure:598: checking for $ac_word" >&5
if eval "test \"`echo '$''{'ac_cv_prog_CC'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
else
@@ -643,7 +645,7 @@
# Extract the first word of "cl", so it can be a program name with args.
set dummy cl; ac_word=$2
echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
-echo "configure:647: checking for $ac_word" >&5
+echo "configure:649: checking for $ac_word" >&5
if eval "test \"`echo '$''{'ac_cv_prog_CC'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
else
@@ -675,7 +677,7 @@
fi
echo $ac_n "checking whether the C compiler ($CC $CFLAGS $LDFLAGS) works""... $ac_c" 1>&6
-echo "configure:679: checking whether the C compiler ($CC $CFLAGS $LDFLAGS) works" >&5
+echo "configure:681: checking whether the C compiler ($CC $CFLAGS $LDFLAGS) works" >&5
ac_ext=c
# CFLAGS is not in ac_cpp because -g, -O, etc. are not valid cpp options.
@@ -686,12 +688,12 @@
cat > conftest.$ac_ext << EOF
-#line 690 "configure"
+#line 692 "configure"
#include "confdefs.h"
main(){return(0);}
EOF
-if { (eval echo configure:695: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:697: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
ac_cv_prog_cc_works=yes
# If we can't run a trivial program, we are probably using a cross compiler.
Home |
Main Index |
Thread Index |
Old Index