ipsec-tools: back-port handle_vendorid() from 0.8.0 to 0.7.3.
Bug: 6338286
Change-Id: I65ce229c1bb0122a268a23a2a908b30679a9e999
diff --git a/src/racoon/isakmp_agg.c b/src/racoon/isakmp_agg.c
index 0d43883..d9b89d9 100644
--- a/src/racoon/isakmp_agg.c
+++ b/src/racoon/isakmp_agg.c
@@ -425,34 +425,7 @@
goto end;
break;
case ISAKMP_NPTYPE_VID:
- vid_numeric = check_vendorid(pa->ptr);
-#ifdef ENABLE_NATT
- if (iph1->rmconf->nat_traversal &&
- natt_vendorid(vid_numeric))
- natt_handle_vendorid(iph1, vid_numeric);
-#endif
-#ifdef ENABLE_HYBRID
- switch (vid_numeric) {
- case VENDORID_XAUTH:
- iph1->mode_cfg->flags |=
- ISAKMP_CFG_VENDORID_XAUTH;
- break;
-
- case VENDORID_UNITY:
- iph1->mode_cfg->flags |=
- ISAKMP_CFG_VENDORID_UNITY;
- break;
- default:
- break;
- }
-#endif
-#ifdef ENABLE_DPD
- if (vid_numeric == VENDORID_DPD && iph1->rmconf->dpd) {
- iph1->dpd_support=1;
- plog(LLV_DEBUG, LOCATION, NULL,
- "remote supports DPD\n");
- }
-#endif
+ handle_vendorid(iph1, pa->ptr);
break;
case ISAKMP_NPTYPE_N:
isakmp_check_notify(pa->ptr, iph1);
@@ -860,37 +833,7 @@
goto end;
break;
case ISAKMP_NPTYPE_VID:
- vid_numeric = check_vendorid(pa->ptr);
-
-#ifdef ENABLE_NATT
- if (iph1->rmconf->nat_traversal &&
- natt_vendorid(vid_numeric)) {
- natt_handle_vendorid(iph1, vid_numeric);
- break;
- }
-#endif
-#ifdef ENABLE_HYBRID
- switch (vid_numeric) {
- case VENDORID_XAUTH:
- iph1->mode_cfg->flags |=
- ISAKMP_CFG_VENDORID_XAUTH;
- break;
-
- case VENDORID_UNITY:
- iph1->mode_cfg->flags |=
- ISAKMP_CFG_VENDORID_UNITY;
- break;
- default:
- break;
- }
-#endif
-#ifdef ENABLE_DPD
- if (vid_numeric == VENDORID_DPD && iph1->rmconf->dpd) {
- iph1->dpd_support=1;
- plog(LLV_DEBUG, LOCATION, NULL,
- "remote supports DPD\n");
- }
-#endif
+ vid_numeric = handle_vendorid(iph1, pa->ptr);
#ifdef ENABLE_FRAG
if ((vid_numeric == VENDORID_FRAG) &&
(vendorid_frag_cap(pa->ptr) & VENDORID_FRAG_AGG))
@@ -1418,7 +1361,7 @@
iph1->pl_hash = (struct isakmp_pl_hash *)pa->ptr;
break;
case ISAKMP_NPTYPE_VID:
- (void)check_vendorid(pa->ptr);
+ handle_vendorid(iph1, pa->ptr);
break;
case ISAKMP_NPTYPE_CERT:
if (oakley_savecert(iph1, pa->ptr) < 0)
diff --git a/src/racoon/isakmp_base.c b/src/racoon/isakmp_base.c
index 3ac0b72..308c3e3 100644
--- a/src/racoon/isakmp_base.c
+++ b/src/racoon/isakmp_base.c
@@ -342,34 +342,7 @@
goto end;
break;
case ISAKMP_NPTYPE_VID:
- vid_numeric = check_vendorid(pa->ptr);
-#ifdef ENABLE_NATT
- if (iph1->rmconf->nat_traversal && natt_vendorid(vid_numeric))
- natt_handle_vendorid(iph1, vid_numeric);
-#endif
-#ifdef ENABLE_HYBRID
- switch (vid_numeric) {
- case VENDORID_XAUTH:
- iph1->mode_cfg->flags |=
- ISAKMP_CFG_VENDORID_XAUTH;
- break;
-
- case VENDORID_UNITY:
- iph1->mode_cfg->flags |=
- ISAKMP_CFG_VENDORID_UNITY;
- break;
-
- default:
- break;
- }
-#endif
-#ifdef ENABLE_DPD
- if (vid_numeric == VENDORID_DPD && iph1->rmconf->dpd) {
- iph1->dpd_support=1;
- plog(LLV_DEBUG, LOCATION, NULL,
- "remote supports DPD\n");
- }
-#endif
+ handle_vendorid(iph1, pa->ptr);
break;
default:
/* don't send information, see ident_r1recv() */
@@ -654,7 +627,7 @@
goto end;
break;
case ISAKMP_NPTYPE_VID:
- (void)check_vendorid(pa->ptr);
+ handle_vendorid(iph1, pa->ptr);
break;
#ifdef ENABLE_NATT
@@ -863,39 +836,12 @@
goto end;
break;
case ISAKMP_NPTYPE_VID:
- vid_numeric = check_vendorid(pa->ptr);
-#ifdef ENABLE_NATT
- if (iph1->rmconf->nat_traversal && natt_vendorid(vid_numeric))
- natt_handle_vendorid(iph1, vid_numeric);
-#endif
+ vid_numeric = handle_vendorid(iph1, pa->ptr);
#ifdef ENABLE_FRAG
if ((vid_numeric == VENDORID_FRAG) &&
(vendorid_frag_cap(pa->ptr) & VENDORID_FRAG_BASE))
iph1->frag = 1;
#endif
-#ifdef ENABLE_HYBRID
- switch (vid_numeric) {
- case VENDORID_XAUTH:
- iph1->mode_cfg->flags |=
- ISAKMP_CFG_VENDORID_XAUTH;
- break;
-
- case VENDORID_UNITY:
- iph1->mode_cfg->flags |=
- ISAKMP_CFG_VENDORID_UNITY;
- break;
-
- default:
- break;
- }
-#endif
-#ifdef ENABLE_DPD
- if (vid_numeric == VENDORID_DPD && iph1->rmconf->dpd) {
- iph1->dpd_support=1;
- plog(LLV_DEBUG, LOCATION, NULL,
- "remote supports DPD\n");
- }
-#endif
break;
default:
/* don't send information, see ident_r1recv() */
@@ -1171,7 +1117,7 @@
goto end;
break;
case ISAKMP_NPTYPE_VID:
- (void)check_vendorid(pa->ptr);
+ handle_vendorid(iph1, pa->ptr);
break;
#ifdef ENABLE_NATT
diff --git a/src/racoon/isakmp_ident.c b/src/racoon/isakmp_ident.c
index 1e00dc4..c3f71b3 100644
--- a/src/racoon/isakmp_ident.c
+++ b/src/racoon/isakmp_ident.c
@@ -299,31 +299,7 @@
switch (pa->type) {
case ISAKMP_NPTYPE_VID:
- vid_numeric = check_vendorid(pa->ptr);
-#ifdef ENABLE_NATT
- if (iph1->rmconf->nat_traversal && natt_vendorid(vid_numeric))
- natt_handle_vendorid(iph1, vid_numeric);
-#endif
-#ifdef ENABLE_HYBRID
- switch (vid_numeric) {
- case VENDORID_XAUTH:
- iph1->mode_cfg->flags |=
- ISAKMP_CFG_VENDORID_XAUTH;
- break;
-
- case VENDORID_UNITY:
- iph1->mode_cfg->flags |=
- ISAKMP_CFG_VENDORID_UNITY;
- break;
-
- default:
- break;
- }
-#endif
-#ifdef ENABLE_DPD
- if (vid_numeric == VENDORID_DPD && iph1->rmconf->dpd)
- iph1->dpd_support=1;
-#endif
+ handle_vendorid(iph1, pa->ptr);
break;
default:
/* don't send information, see ident_r1recv() */
@@ -485,7 +461,7 @@
goto end;
break;
case ISAKMP_NPTYPE_VID:
- (void)check_vendorid(pa->ptr);
+ handle_vendorid(iph1, pa->ptr);
break;
case ISAKMP_NPTYPE_CR:
if (oakley_savecr(iph1, pa->ptr) < 0)
@@ -754,7 +730,7 @@
break;
#endif
case ISAKMP_NPTYPE_VID:
- (void)check_vendorid(pa->ptr);
+ handle_vendorid(iph1, pa->ptr);
break;
case ISAKMP_NPTYPE_N:
isakmp_check_notify(pa->ptr, iph1);
@@ -921,36 +897,12 @@
switch (pa->type) {
case ISAKMP_NPTYPE_VID:
- vid_numeric = check_vendorid(pa->ptr);
-#ifdef ENABLE_NATT
- if (iph1->rmconf->nat_traversal && natt_vendorid(vid_numeric))
- natt_handle_vendorid(iph1, vid_numeric);
-#endif
+ vid_numeric = handle_vendorid(iph1, pa->ptr);
#ifdef ENABLE_FRAG
if ((vid_numeric == VENDORID_FRAG) &&
(vendorid_frag_cap(pa->ptr) & VENDORID_FRAG_IDENT))
iph1->frag = 1;
#endif
-#ifdef ENABLE_HYBRID
- switch (vid_numeric) {
- case VENDORID_XAUTH:
- iph1->mode_cfg->flags |=
- ISAKMP_CFG_VENDORID_XAUTH;
- break;
-
- case VENDORID_UNITY:
- iph1->mode_cfg->flags |=
- ISAKMP_CFG_VENDORID_UNITY;
- break;
-
- default:
- break;
- }
-#endif
-#ifdef ENABLE_DPD
- if (vid_numeric == VENDORID_DPD && iph1->rmconf->dpd)
- iph1->dpd_support=1;
-#endif
break;
default:
/*
@@ -1203,7 +1155,7 @@
goto end;
break;
case ISAKMP_NPTYPE_VID:
- (void)check_vendorid(pa->ptr);
+ handle_vendorid(iph1, pa->ptr);
break;
case ISAKMP_NPTYPE_CR:
plog(LLV_WARNING, LOCATION, iph1->remote,
@@ -1453,7 +1405,7 @@
break;
#endif
case ISAKMP_NPTYPE_VID:
- (void)check_vendorid(pa->ptr);
+ handle_vendorid(iph1, pa->ptr);
break;
case ISAKMP_NPTYPE_N:
isakmp_check_notify(pa->ptr, iph1);
diff --git a/src/racoon/isakmp_newg.c b/src/racoon/isakmp_newg.c
index 211e632..85b91b9 100644
--- a/src/racoon/isakmp_newg.c
+++ b/src/racoon/isakmp_newg.c
@@ -120,7 +120,7 @@
sa = (struct isakmp_pl_sa *)pa->ptr;
break;
case ISAKMP_NPTYPE_VID:
- (void)check_vendorid(pa->ptr);
+ handle_vendorid(iph1, pa->ptr);
break;
default:
isakmp_info_send_n1(iph1, ISAKMP_NTYPE_INVALID_PAYLOAD_TYPE, NULL);
diff --git a/src/racoon/vendorid.c b/src/racoon/vendorid.c
index 82ddfe4..96c87a3 100644
--- a/src/racoon/vendorid.c
+++ b/src/racoon/vendorid.c
@@ -53,6 +53,15 @@
#include "isakmp.h"
#include "vendorid.h"
#include "crypto_openssl.h"
+#include "handler.h"
+#include "remoteconf.h"
+#ifdef ENABLE_NATT
+#include "nattraversal.h"
+#endif
+#ifdef ENABLE_HYBRID
+#include "isakmp_xauth.h"
+#include "isakmp_cfg.h"
+#endif
static struct vendor_id all_vendor_ids[] = {
{ VENDORID_IPSEC_TOOLS, "IPSec-Tools" },
@@ -238,6 +247,42 @@
return (VENDORID_UNKNOWN);
}
+int
+handle_vendorid(struct ph1handle *iph1, struct isakmp_gen *gen)
+{
+ int vid_numeric;
+
+ vid_numeric = check_vendorid(gen);
+ if (vid_numeric == VENDORID_UNKNOWN)
+ return vid_numeric;
+
+#ifdef ENABLE_NATT
+ if (natt_vendorid(vid_numeric))
+ natt_handle_vendorid(iph1, vid_numeric);
+#endif
+#ifdef ENABLE_HYBRID
+ switch (vid_numeric) {
+ case VENDORID_XAUTH:
+ iph1->mode_cfg->flags |= ISAKMP_CFG_VENDORID_XAUTH;
+ break;
+ case VENDORID_UNITY:
+ iph1->mode_cfg->flags |= ISAKMP_CFG_VENDORID_UNITY;
+ break;
+ default:
+ break;
+ }
+#endif
+#ifdef ENABLE_DPD
+ if (vid_numeric == VENDORID_DPD &&
+ (iph1->rmconf == NULL || iph1->rmconf->dpd)) {
+ iph1->dpd_support = 1;
+ plog(LLV_DEBUG, LOCATION, NULL, "remote supports DPD\n");
+ }
+#endif
+
+ return vid_numeric;
+}
+
static vchar_t *
vendorid_fixup(vendorid, vidhash)
int vendorid;
diff --git a/src/racoon/vendorid.h b/src/racoon/vendorid.h
index 7e2dcda..7060c7e 100644
--- a/src/racoon/vendorid.h
+++ b/src/racoon/vendorid.h
@@ -98,7 +98,7 @@
};
vchar_t *set_vendorid __P((int));
-int check_vendorid __P((struct isakmp_gen *));
+int handle_vendorid __P((struct ph1handle *, struct isakmp_gen *));
void compute_vendorids __P((void));
const char *vid_string_by_id __P((int id));