[Openswan dev] Patch for comment (allows disabling xauth and keeping aggressive)

David McCullough david_mccullough at mcafee.com
Thu Oct 27 00:45:28 EDT 2011 

Hi all,

I have this sitting in my tree from a debug session (interop with another
stack).  For some reason I wanted xauth off but I still needed agressive
mode (I have no idea why the two are tied together in the code).

Can't recall why I wanted the modecfg response unfortunately,  I think is
was to make sure modecfg didn't get used.  Not sure.

Anyway,  if anyone things any of this is useful I'll clean up and commit.

Cheers,
Davidm


diff --git a/programs/pluto/ikev1.c b/programs/pluto/ikev1.c
index 5c5c83d..d48f97e 100644
--- a/programs/pluto/ikev1.c
+++ b/programs/pluto/ikev1.c
@@ -1211,6 +1211,7 @@ process_v1_packet(struct msg_digest **mdp)
 		/* XXX check if we are being a mode config server here */
 		openswan_log("received MODECFG message when in state %s, and we aren't xauth client"
 		     , enum_name(&state_names, st->st_state));
+		SEND_NOTIFICATION(UNSUPPORTED_EXCHANGE_TYPE);
 		return;
 	    }
 	}
diff --git a/programs/pluto/spdb.c b/programs/pluto/spdb.c
index b94e474..39bea06 100644
--- a/programs/pluto/spdb.c
+++ b/programs/pluto/spdb.c
@@ -693,32 +693,32 @@ struct db_sa oakley_sadb[] = {
  * we must actually just agree on what we are going to use.
  */
 
-#if !defined(XAUTH) && defined(AGGRESSIVE)
-#error there is no point in compiling aggressive mode without XAUTH
-#endif
-
 /* tables of transforms, in preference order (select based on AUTH) */
 static struct db_trans oakley_am_trans_psk[] = {
 	{ AD_TR(KEY_IKE, otpsk1536des3sha1) },
     };
 
+#if defined(XAUTH)
 static struct db_trans oakley_am_trans_psk_xauthc[] = {
 	{ AD_TR(KEY_IKE, otpsk1536des3sha1_xauthc) },
     };
 static struct db_trans oakley_am_trans_psk_xauths[] = {
 	{ AD_TR(KEY_IKE, otpsk1536des3sha1_xauths) },
     };
+#endif
 
 static struct db_trans oakley_am_trans_rsasig[] = {
 	{ AD_TR(KEY_IKE, otrsasig1536des3sha1) },
     };
 
+#if defined(XAUTH)
 static struct db_trans oakley_am_trans_rsasig_xauthc[] = {
 	{ AD_TR(KEY_IKE, otrsasig1536des3sha1_xauthc) },
     };
 static struct db_trans oakley_am_trans_rsasig_xauths[] = {
 	{ AD_TR(KEY_IKE, otrsasig1536des3sha1_xauths) },
     };
+#endif
 
 /* array of proposals to be conjoined (can only be one for Oakley) */
 static struct db_prop oakley_am_pc_psk[] =
@@ -727,6 +727,7 @@ static struct db_prop oakley_am_pc_psk[] =
 static struct db_prop oakley_am_pc_rsasig[] =
     { { AD_PR(PROTO_ISAKMP, oakley_am_trans_rsasig) } };
 
+#if defined(XAUTH)
 static struct db_prop oakley_am_pc_psk_xauths[] =
     { { AD_PR(PROTO_ISAKMP, oakley_am_trans_psk_xauths) } };
 
@@ -738,6 +739,7 @@ static struct db_prop oakley_am_pc_psk_xauthc[] =
 
 static struct db_prop oakley_am_pc_rsasig_xauthc[] =
     { { AD_PR(PROTO_ISAKMP, oakley_am_trans_rsasig_xauthc) } };
+#endif
 
 /* array of proposal conjuncts (can only be one) */
 static struct db_prop_conj oakley_am_props_psk[] =
@@ -746,6 +748,7 @@ static struct db_prop_conj oakley_am_props_psk[] =
 static struct db_prop_conj oakley_am_props_rsasig[] =
     { { AD_PC(oakley_am_pc_rsasig) } };
 
+#if defined(XAUTH)
 static struct db_prop_conj oakley_am_props_psk_xauthc[] =
     { { AD_PC(oakley_am_pc_psk_xauthc) } };
 
@@ -757,6 +760,7 @@ static struct db_prop_conj oakley_am_props_psk_xauths[] =
 
 static struct db_prop_conj oakley_am_props_rsasig_xauths[] =
     { { AD_PC(oakley_am_pc_rsasig_xauths) } };
+#endif
 
 /*
  * the sadb entry, subscripted
@@ -769,12 +773,22 @@ struct db_sa oakley_am_sadb[] = {
     { AD_SAp(oakley_am_props_rsasig) },	/* POLICY_RSASIG */
     { AD_NULL }, 	                /* PSK + RSASIG => invalid in AM */
     { AD_NULL },                        /* POLICY_XAUTHSERVER + none */
+#if defined(XAUTH)
     { AD_SAp(oakley_am_props_psk_xauths) },    /* POLICY_XAUTHSERVER + PSK */
     { AD_SAp(oakley_am_props_rsasig_xauths) }, /* POLICY_XAUTHSERVER + RSA */
+#else
+    { AD_NULL },                        /* POLICY_XAUTHSERVER + PSK */
+    { AD_NULL },                        /* POLICY_XAUTHSERVER + RSA */
+#endif
     { AD_NULL },                        /* XAUTHSERVER + RSA+PSK=>invalid */
     { AD_NULL },                        /* POLICY_XAUTHCLIENT + none */
+#if defined(XAUTH)
     { AD_SAp(oakley_am_props_psk_xauthc) },    /* POLICY_XAUTHCLIENT + PSK */
     { AD_SAp(oakley_am_props_rsasig_xauthc)},  /* POLICY_XAUTHCLIENT + RSA */
+#else
+    { AD_NULL },                        /* POLICY_XAUTHCLIENT + PSK */
+    { AD_NULL},                         /* POLICY_XAUTHCLIENT + RSA */
+#endif
     { AD_NULL },                        /* XAUTHCLIENT + RSA+PSK=>invalid */
     { AD_NULL },                        /* XAUTHCLIENT+XAUTHSERVER + none */
     { AD_NULL },                        /* XAUTHCLIENT+XAUTHSERVER + PSK */
diff --git a/programs/pluto/state.h b/programs/pluto/state.h
index 1b7f5d3..61a8bd7 100644
--- a/programs/pluto/state.h
+++ b/programs/pluto/state.h
@@ -74,7 +74,7 @@ struct trans_attrs {
     oakley_hash_t integ_hash;	/* Hash algorithm for integ */
     
     oakley_auth_t auth;		/* Authentication method (RSA,PSK) */
-#ifdef XAUTH
+#if 1 //def XAUTH
     u_int16_t xauth;            /* did we negotiate Extended Authentication? */
 #endif
     u_int16_t                       groupnum;


-- 
David McCullough,      david_mccullough at mcafee.com,  Ph:+61 734352815
McAfee - SnapGear      http://www.mcafee.com         http://www.uCdot.org

More information about the Dev mailing list