📄 openswan-2.4.0-secureclient.diff
字号:
+static struct db_attr otrsasig1024des3shaCP_xauthc[] = {+ { OAKLEY_ENCRYPTION_ALGORITHM, OAKLEY_3DES_CBC },+ { OAKLEY_HASH_ALGORITHM, OAKLEY_SHA },+ { OAKLEY_AUTHENTICATION_METHOD, HybridInitRSA },+ { OAKLEY_GROUP_DESCRIPTION, OAKLEY_GROUP_MODP1024 },+ }; static struct db_attr otpsk1024des3sha[] = { { OAKLEY_ENCRYPTION_ALGORITHM, OAKLEY_3DES_CBC },@@ -320,6 +334,8 @@ #ifdef XAUTH static struct db_trans oakley_trans_rsasig_xauthc[] = {+ { KEY_IKE, AD(otrsasig1024des3md5CP_xauthc) },+ { KEY_IKE, AD(otrsasig1024des3shaCP_xauthc) }, { KEY_IKE, AD(otrsasig1536des3md5_xauthc) }, { KEY_IKE, AD(otrsasig1536des3sha_xauthc) }, { KEY_IKE, AD(otrsasig1024des3sha_xauthc) },diff -urN openswan-2.4.0/programs/pluto/spdb_struct.c openswan-2.4.0-OpenSClient/programs/pluto/spdb_struct.c--- openswan-2.4.0/programs/pluto/spdb_struct.c 2005-08-27 02:29:15.000000000 +0200+++ openswan-2.4.0-OpenSClient/programs/pluto/spdb_struct.c 2005-09-26 16:51:13.000000000 +0200@@ -873,6 +873,7 @@ } break; #ifdef XAUTH+ case HybridInitRSA: case XAUTHInitRSA: if(!xauth_init) {diff -urN openswan-2.4.0/programs/pluto/whack.c openswan-2.4.0-OpenSClient/programs/pluto/whack.c--- openswan-2.4.0/programs/pluto/whack.c 2005-07-26 04:11:23.000000000 +0200+++ openswan-2.4.0-OpenSClient/programs/pluto/whack.c 2005-09-26 16:51:13.000000000 +0200@@ -121,6 +121,7 @@ #ifdef XAUTH+ " [--cpsc]" " [--xauthserver]" " [--xauthclient]" #endif@@ -414,6 +415,7 @@ CD_DUMMY, /* same order as POLICY_* 17 -- was XAUTH */ CD_MODECFGPULL, /* same order as POLICY_* 18 */ CD_AGGRESSIVE, /* same order as POLICY_* 19 */+ CD_CPSC, /* same order as POLICY_* 20 */ CD_TUNNELIPV4, CD_TUNNELIPV6, CD_CONNIPV4,@@ -606,6 +608,7 @@ { "dpdtimeout", required_argument, NULL, CD_DPDTIMEOUT + OO + NUMERIC_ARG }, { "dpdaction", required_argument, NULL, CD_DPDACTION + OO }, #ifdef XAUTH+ { "cpsc", no_argument, NULL, CD_CPSC + OO }, { "xauth", no_argument, NULL, END_XAUTHSERVER + OO }, { "xauthserver", no_argument, NULL, END_XAUTHSERVER + OO }, { "xauthclient", no_argument, NULL, END_XAUTHCLIENT + OO },@@ -1260,6 +1263,11 @@ continue; #ifdef XAUTH+ case CD_CPSC: /* --cpsc */+ msg.policy |= POLICY_CPSC;+ printf("\nXXX: CPSC\n");+ continue;+ case END_XAUTHSERVER: /* --xauthserver */ msg.right.xauth_server = TRUE; continue;@@ -1268,6 +1276,7 @@ msg.right.xauth_client = TRUE; continue; #else+ case CD_CPSC: case END_XAUTHSERVER: case END_XAUTHCLIENT: diag("pluto is not built with XAUTH support");diff -urN openswan-2.4.0/programs/pluto/xauth.c openswan-2.4.0-OpenSClient/programs/pluto/xauth.c--- openswan-2.4.0/programs/pluto/xauth.c 2005-07-26 04:11:23.000000000 +0200+++ openswan-2.4.0-OpenSClient/programs/pluto/xauth.c 2005-09-26 16:51:13.000000000 +0200@@ -394,7 +394,7 @@ out_raw(&mask,4,&attrval,"IP4_mask"); } break;-+#if 0 case INTERNAL_IP4_SUBNET: { char mask[4],bits[8]={0x00,0x80,0xc0,0xe0,0xf0,0xf8,0xfc,0xfe};@@ -414,7 +414,7 @@ } break;- +#endif case INTERNAL_IP4_DNS: len = addrbytesptr(&ia.dns[dns_idx++], &byte_ptr); out_raw(byte_ptr,len,&attrval,"IP4_dns");@@ -492,7 +492,8 @@ } } -#define MODECFG_SET_ITEM ( LELEM(INTERNAL_IP4_ADDRESS) | LELEM(INTERNAL_IP4_SUBNET) | LELEM(INTERNAL_IP4_NBNS) | LELEM(INTERNAL_IP4_DNS) )+//#define MODECFG_SET_ITEM ( LELEM(INTERNAL_IP4_ADDRESS) | LELEM(INTERNAL_IP4_SUBNET) | LELEM(INTERNAL_IP4_NBNS) | LELEM(INTERNAL_IP4_DNS) )+#define MODECFG_SET_ITEM ( LELEM(INTERNAL_IP4_ADDRESS) | LELEM(INTERNAL_IP4_NBNS) | LELEM(INTERNAL_IP4_DNS) ) modecfg_resp(st ,MODECFG_SET_ITEM@@ -1386,7 +1387,7 @@ case INTERNAL_IP4_ADDRESS: case INTERNAL_IP4_NETMASK: case INTERNAL_IP4_DNS:- case INTERNAL_IP4_SUBNET:+// case INTERNAL_IP4_SUBNET: case INTERNAL_IP4_NBNS: resp |= LELEM(attr.isaat_af_type); break;@@ -1519,7 +1520,7 @@ case INTERNAL_IP4_NETMASK: case INTERNAL_IP4_DNS:- case INTERNAL_IP4_SUBNET:+// case INTERNAL_IP4_SUBNET: case INTERNAL_IP4_NBNS: resp |= LELEM(attr.isaat_af_type); break;@@ -1626,7 +1627,7 @@ case INTERNAL_IP4_ADDRESS: case INTERNAL_IP4_NETMASK: case INTERNAL_IP4_DNS:- case INTERNAL_IP4_SUBNET:+// case INTERNAL_IP4_SUBNET: case INTERNAL_IP4_NBNS: resp |= LELEM(attr.isaat_af_type); break;@@ -1695,7 +1696,7 @@ case INTERNAL_IP4_NETMASK: case INTERNAL_IP4_DNS:- case INTERNAL_IP4_SUBNET:+// case INTERNAL_IP4_SUBNET: case INTERNAL_IP4_NBNS: resp |= LELEM(attr.isaat_af_type); break;@@ -1784,12 +1785,18 @@ switch(attr_type) { case XAUTH_TYPE:+ if (st->st_connection->policy & POLICY_CPSC)+ attr.isaat_af_type = CPSC_TYPE | ISAKMP_ATTR_AF_TV;+ else attr.isaat_af_type = attr_type | ISAKMP_ATTR_AF_TV; attr.isaat_lv = XAUTH_TYPE_GENERIC; out_struct(&attr, &isakmp_xauth_attribute_desc, &strattr, NULL); break; case XAUTH_USER_NAME:+ if (st->st_connection->policy & POLICY_CPSC)+ attr.isaat_af_type = CPSC_USER_NAME | ISAKMP_ATTR_AF_TLV;+ else attr.isaat_af_type = attr_type | ISAKMP_ATTR_AF_TLV; out_struct(&attr, &isakmp_xauth_attribute_desc, &strattr, &attrval); if(st->st_whack_sock == -1)@@ -1818,6 +1825,9 @@ break; case XAUTH_USER_PASSWORD:+ if (st->st_connection->policy & POLICY_CPSC)+ attr.isaat_af_type = CPSC_USER_PASSWORD | ISAKMP_ATTR_AF_TLV;+ else attr.isaat_af_type = attr_type | ISAKMP_ATTR_AF_TLV; out_struct(&attr, &isakmp_xauth_attribute_desc, &strattr, &attrval); if(st->st_whack_sock == -1)@@ -1981,18 +1991,23 @@ switch(attr.isaat_af_type & ISAKMP_ATTR_RTYPE_MASK ) {+ case CPSC_STATUS: case XAUTH_STATUS: got_status = TRUE; status = attr.isaat_lv; break; + case CPSC_MESSAGE: case XAUTH_MESSAGE: if(len > 80) len=80; memcpy(msgbuf, dat, len); msgbuf[len]='\0'; loglog(RC_LOG_SERIOUS, "XAUTH: Bad Message: %s", msgbuf); break;- + + case CPSC_TYPE:+ attr.isaat_af_type = XAUTH_TYPE;+ case XAUTH_TYPE: type = val; if(type != XAUTH_TYPE_GENERIC)@@ -2003,6 +2018,14 @@ xauth_resp |= XAUTHLELEM(attr.isaat_af_type); break; + case CPSC_USER_NAME:+ attr.isaat_af_type = XAUTH_USER_NAME;+ goto cp_hybrid_common;++ case CPSC_USER_PASSWORD:+ attr.isaat_af_type = XAUTH_USER_PASSWORD;+cp_hybrid_common:+ case XAUTH_USER_NAME: case XAUTH_USER_PASSWORD: xauth_resp |= XAUTHLELEM(attr.isaat_af_type);@@ -2011,7 +2034,7 @@ case INTERNAL_IP4_ADDRESS: case INTERNAL_IP4_NETMASK: case INTERNAL_IP4_DNS:- case INTERNAL_IP4_SUBNET:+// case INTERNAL_IP4_SUBNET: case INTERNAL_IP4_NBNS: xauth_resp |= LELEM(attr.isaat_af_type); break;@@ -2081,8 +2104,10 @@ } /* reset the message ID */+ if (!(st->st_connection->policy & POLICY_CPSC)) { st->st_msgid_phase15b = st->st_msgid_phase15; st->st_msgid_phase15 = 0;+ } DBG(DBG_CONTROLMORE, DBG_log("xauth_inI0(STF_OK)")); return STF_OK;@@ -2137,6 +2162,9 @@ attr_type = XAUTH_TYPE; /* ISAKMP attr out */+ if (st->st_connection->policy & POLICY_CPSC)+ attr.isaat_af_type = CPSC_STATUS | ISAKMP_ATTR_AF_TV;+ else attr.isaat_af_type = XAUTH_STATUS | ISAKMP_ATTR_AF_TV; attr.isaat_lv = 1; out_struct(&attr, &isakmp_xauth_attribute_desc, &strattr, &attrval);@@ -2225,6 +2253,8 @@ switch(attr.isaat_af_type & ISAKMP_ATTR_RTYPE_MASK ) {+ case CPSC_STATUS:+ attr.isaat_af_type = XAUTH_STATUS; case XAUTH_STATUS: xauth_resp |= XAUTHLELEM(attr.isaat_af_type); got_status = TRUE;@@ -2246,6 +2276,9 @@ { /* oops, something seriously wrong */ openswan_log("did not get status attribute in xauth_inI1, looking for new challenge.");+ if (st->st_connection->policy & POLICY_CPSC)+ st->st_state = STATE_CPSC_I0;+ else st->st_state = STATE_XAUTH_I0; return xauth_inI0(md); }⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -