| blob | 032b696bcc2e0ec5d43d3a122fd3cc62c90e1c4e |
1 diff --git a/src/racoon/isakmp_cfg.c b/src/racoon/isakmp_cfg.c
2 index 0ec30ee..b260e56 100644
3 --- a/src/racoon/isakmp_cfg.c
4 +++ b/src/racoon/isakmp_cfg.c
5 @@ -498,6 +498,8 @@ isakmp_cfg_request(iph1, attrpl)
6 vchar_t *reply_attr;
7 int type;
8 int error = -1;
9 + int cpsc_request = 0;
10 + int cpsc_handled = 0;
12 if ((payload = vmalloc(sizeof(*reply))) == NULL) {
13 plog(LLV_ERROR, LOCATION, NULL, "Cannot allocate memory\n");
14 @@ -525,6 +527,11 @@ isakmp_cfg_request(iph1, attrpl)
15 case XAUTH_TYPE:
16 reply_attr = isakmp_xauth_req(iph1, attr);
17 break;
18 + case XAUTH_CPSC_TYPE:
19 + cpsc_request = 1;
20 + iph1->mode_cfg->flags |= ISAKMP_CFG_VENDORID_XAUTH;
21 + reply_attr = isakmp_xauth_req(iph1, attr);
22 + break;
23 default:
24 plog(LLV_WARNING, LOCATION, NULL,
25 "Ignored short attribute %s\n",
26 @@ -558,53 +565,70 @@ isakmp_cfg_request(iph1, attrpl)
27 "Attribute %s, len %zu\n",
28 s_isakmp_cfg_type(type), alen);
30 - switch(type) {
31 - case INTERNAL_IP4_ADDRESS:
32 - case INTERNAL_IP4_NETMASK:
33 - case INTERNAL_IP4_DNS:
34 - case INTERNAL_IP4_NBNS:
35 - case INTERNAL_IP4_SUBNET:
36 - reply_attr = isakmp_cfg_net(iph1, attr);
37 - break;
38 + cpsc_handled = 0;
39 + if (cpsc_request) {
40 + switch(type) {
41 + case XAUTH_CPSC_TYPE:
42 + case XAUTH_CPSC_USER_NAME:
43 + case XAUTH_CPSC_USER_PASSWORD:
44 + case XAUTH_CPSC_MESSAGE:
45 + case XAUTH_CPSC_CHALLENGE:
46 + case XAUTH_CPSC_STATUS:
47 + reply_attr = isakmp_xauth_req(iph1, attr);
48 + cpsc_handled = 1;
49 + break;
50 + }
51 + }
52 +
53 + if (!cpsc_handled) {
54 + switch(type) {
55 + case INTERNAL_IP4_ADDRESS:
56 + case INTERNAL_IP4_NETMASK:
57 + case INTERNAL_IP4_DNS:
58 + case INTERNAL_IP4_NBNS:
59 + case INTERNAL_IP4_SUBNET:
60 + reply_attr = isakmp_cfg_net(iph1, attr);
61 + break;
63 - case XAUTH_TYPE:
64 - case XAUTH_USER_NAME:
65 - case XAUTH_USER_PASSWORD:
66 - case XAUTH_PASSCODE:
67 - case XAUTH_MESSAGE:
68 - case XAUTH_CHALLENGE:
69 - case XAUTH_DOMAIN:
70 - case XAUTH_STATUS:
71 - case XAUTH_NEXT_PIN:
72 - case XAUTH_ANSWER:
73 - reply_attr = isakmp_xauth_req(iph1, attr);
74 - break;
75 + case XAUTH_TYPE:
76 + case XAUTH_USER_NAME:
77 + case XAUTH_USER_PASSWORD:
78 + case XAUTH_PASSCODE:
79 + case XAUTH_MESSAGE:
80 + case XAUTH_CHALLENGE:
81 + case XAUTH_DOMAIN:
82 + case XAUTH_STATUS:
83 + case XAUTH_NEXT_PIN:
84 + case XAUTH_ANSWER:
85 + reply_attr = isakmp_xauth_req(iph1, attr);
86 + break;
88 - case APPLICATION_VERSION:
89 - reply_attr = isakmp_cfg_string(iph1,
90 - attr, ISAKMP_CFG_RACOON_VERSION);
91 - break;
92 + case APPLICATION_VERSION:
93 + reply_attr = isakmp_cfg_string(iph1,
94 + attr, ISAKMP_CFG_RACOON_VERSION);
95 + break;
97 - case UNITY_BANNER:
98 - case UNITY_PFS:
99 - case UNITY_SAVE_PASSWD:
100 - case UNITY_DEF_DOMAIN:
101 - case UNITY_DDNS_HOSTNAME:
102 - case UNITY_FW_TYPE:
103 - case UNITY_SPLITDNS_NAME:
104 - case UNITY_SPLIT_INCLUDE:
105 - case UNITY_LOCAL_LAN:
106 - case UNITY_NATT_PORT:
107 - case UNITY_BACKUP_SERVERS:
108 - reply_attr = isakmp_unity_req(iph1, attr);
109 - break;
110 + case UNITY_BANNER:
111 + case UNITY_PFS:
112 + case UNITY_SAVE_PASSWD:
113 + case UNITY_DEF_DOMAIN:
114 + case UNITY_DDNS_HOSTNAME:
115 + case UNITY_FW_TYPE:
116 + case UNITY_SPLITDNS_NAME:
117 + case UNITY_SPLIT_INCLUDE:
118 + case UNITY_LOCAL_LAN:
119 + case UNITY_NATT_PORT:
120 + case UNITY_BACKUP_SERVERS:
121 + reply_attr = isakmp_unity_req(iph1, attr);
122 + break;
124 - case INTERNAL_ADDRESS_EXPIRY:
125 - default:
126 - plog(LLV_WARNING, LOCATION, NULL,
127 - "Ignored attribute %s\n",
128 - s_isakmp_cfg_type(type));
129 - break;
130 + case INTERNAL_ADDRESS_EXPIRY:
131 + default:
132 + plog(LLV_WARNING, LOCATION, NULL,
133 + "Ignored attribute %s\n",
134 + s_isakmp_cfg_type(type));
135 + break;
136 + }
137 }
139 npp = (char *)attr;
140 @@ -690,6 +714,8 @@ isakmp_cfg_set(iph1, attrpl)
142 switch (type & ~ISAKMP_GEN_MASK) {
143 case XAUTH_STATUS:
144 + case XAUTH_CPSC_STATUS:
145 + case XAUTH_CPSC_MESSAGE:
146 reply_attr = isakmp_xauth_set(iph1, attr);
147 break;
148 default:
149 @@ -1730,9 +1756,25 @@ isakmp_cfg_getconfig(iph1)
150 UNITY_LOCAL_LAN,
151 APPLICATION_VERSION,
152 };
153 + int attrlen[] = {
154 + 4,
155 + 4,
156 + 4,
157 + 4,
158 + 0,
159 + 0,
160 + 0,
161 + 0,
162 + 0,
163 + 0,
164 + };
166 attrcount = sizeof(attrlist) / sizeof(*attrlist);
167 len = sizeof(*attrpl) + sizeof(*attr) * attrcount;
168 +
169 + for (i = 0; i < attrcount; i++) {
170 + len += attrlen[i];
171 + }
173 if ((buffer = vmalloc(len)) == NULL) {
174 plog(LLV_ERROR, LOCATION, NULL, "Cannot allocate memory\n");
175 @@ -1748,8 +1790,9 @@ isakmp_cfg_getconfig(iph1)
177 for (i = 0; i < attrcount; i++) {
178 attr->type = htons(attrlist[i]);
179 - attr->lorv = htons(0);
180 + attr->lorv = htons(attrlen[i]);
181 attr++;
182 + attr = (struct isakmp_data *) ((char*) attr + attrlen[i]);
183 }
185 plog(LLV_DEBUG, LOCATION, NULL,
186 diff --git a/src/racoon/isakmp_xauth.c b/src/racoon/isakmp_xauth.c
187 index 853caaa..f592e87 100644
188 --- a/src/racoon/isakmp_xauth.c
189 +++ b/src/racoon/isakmp_xauth.c
190 @@ -1468,6 +1468,7 @@ isakmp_xauth_req(iph1, attr)
191 /* Sanity checks */
192 switch(type) {
193 case XAUTH_TYPE:
194 + case XAUTH_CPSC_TYPE:
195 if ((ntohs(attr->type) & ISAKMP_GEN_TV) == 0) {
196 plog(LLV_ERROR, LOCATION, NULL,
197 "Unexpected long XAUTH_TYPE attribute\n");
198 @@ -1485,6 +1486,7 @@ isakmp_xauth_req(iph1, attr)
199 break;
201 case XAUTH_USER_NAME:
202 + case XAUTH_CPSC_USER_NAME:
203 if (!iph1->rmconf->xauth || !iph1->rmconf->xauth->login) {
204 plog(LLV_ERROR, LOCATION, NULL, "Xauth performed "
205 "with no login supplied\n");
206 @@ -1495,6 +1497,7 @@ isakmp_xauth_req(iph1, attr)
207 iph1->rmconf->xauth->state |= XAUTH_SENT_USERNAME;
208 break;
210 + case XAUTH_CPSC_USER_PASSWORD:
211 case XAUTH_USER_PASSWORD:
212 if (!iph1->rmconf->xauth || !iph1->rmconf->xauth->login)
213 return NULL;
214 @@ -1532,6 +1535,7 @@ isakmp_xauth_req(iph1, attr)
216 break;
217 case XAUTH_MESSAGE:
218 + case XAUTH_CPSC_MESSAGE:
219 if ((ntohs(attr->type) & ISAKMP_GEN_TV) == 0) {
220 dlen = ntohs(attr->lorv);
221 if (dlen > 0) {
222 @@ -1575,6 +1579,7 @@ isakmp_xauth_req(iph1, attr)
224 switch(type) {
225 case XAUTH_USER_NAME:
226 + case XAUTH_CPSC_USER_NAME:
227 /*
228 * iph1->rmconf->xauth->login->v is valid,
229 * we just checked it in the previous switch case
230 @@ -1582,6 +1587,7 @@ isakmp_xauth_req(iph1, attr)
231 memcpy(data, iph1->rmconf->xauth->login->v, dlen);
232 break;
233 case XAUTH_USER_PASSWORD:
234 + case XAUTH_CPSC_USER_PASSWORD:
235 memcpy(data, pwd->v, dlen);
236 break;
237 default:
238 @@ -1618,6 +1624,7 @@ isakmp_xauth_set(iph1, attr)
240 switch(type) {
241 case XAUTH_STATUS:
242 + case XAUTH_CPSC_STATUS:
243 /*
244 * We should only receive ISAKMP mode_cfg SET XAUTH_STATUS
245 * when running as a client (initiator).
246 @@ -1656,6 +1663,7 @@ isakmp_xauth_set(iph1, attr)
247 /* We acknowledge it */
248 break;
249 case XAUTH_MESSAGE:
250 + case XAUTH_CPSC_MESSAGE:
251 if ((ntohs(attr->type) & ISAKMP_GEN_TV) == 0) {
252 dlen = ntohs(attr->lorv);
253 if (dlen > 0) {
254 @@ -1672,7 +1680,7 @@ isakmp_xauth_set(iph1, attr)
255 racoon_free(mdata);
256 }
257 }
258 -
259 + return NULL;
260 default:
261 plog(LLV_WARNING, LOCATION, NULL,
262 "Ignored attribute %s\n", s_isakmp_cfg_type(type));
263 diff --git a/src/racoon/isakmp_xauth.h b/src/racoon/isakmp_xauth.h
264 index f9e778f..5aaed5d 100644
265 --- a/src/racoon/isakmp_xauth.h
266 +++ b/src/racoon/isakmp_xauth.h
267 @@ -58,6 +58,16 @@
268 #define XAUTH_STATUS_FAIL 0
269 #define XAUTH_STATUS_OK 1
271 +/* ISAKMP mode config attribute types specific to CPSC */
272 +#define XAUTH_CPSC_TYPE 13
273 +#define XAUTH_CPSC_USER_NAME 14
274 +#define XAUTH_CPSC_USER_PASSWORD 15
275 +#define XAUTH_CPSC_PASSCODE 16
276 +#define XAUTH_CPSC_MESSAGE 17
277 +#define XAUTH_CPSC_CHALLENGE 18
278 +#define XAUTH_CPSC_DOMAIN 19
279 +#define XAUTH_CPSC_STATUS 20
280 +
281 /* For phase 1 Xauth status */
282 struct xauth_state {
283 int status; /* authentication status, used only on server side */