|
version 1.1.1.1, 2012/02/21 22:39:10
|
version 1.1.1.2, 2014/06/15 16:37:11
|
|
Line 1
|
Line 1
|
| /* $NetBSD: cfparse.y,v 1.42 2011/03/14 15:50:36 vanhu Exp $ */ | /* $NetBSD: cfparse.y,v 1.42.2.1 2012/08/29 08:42:24 tteras Exp $ */ |
| |
|
| /* Id: cfparse.y,v 1.66 2006/08/22 18:17:17 manubsd Exp */ |
/* Id: cfparse.y,v 1.66 2006/08/22 18:17:17 manubsd Exp */ |
| |
|
|
Line 172 static int load_x509(const char *file, char **filename
|
Line 172 static int load_x509(const char *file, char **filename
|
| return 0; |
return 0; |
| } |
} |
| |
|
| |
static int process_rmconf() |
| |
{ |
| |
|
| |
/* check a exchange mode */ |
| |
if (cur_rmconf->etypes == NULL) { |
| |
yyerror("no exchange mode specified.\n"); |
| |
return -1; |
| |
} |
| |
|
| |
if (cur_rmconf->idvtype == IDTYPE_UNDEFINED) |
| |
cur_rmconf->idvtype = IDTYPE_ADDRESS; |
| |
|
| |
if (cur_rmconf->idvtype == IDTYPE_ASN1DN) { |
| |
if (cur_rmconf->mycertfile) { |
| |
if (cur_rmconf->idv) |
| |
yywarn("Both CERT and ASN1 ID " |
| |
"are set. Hope this is OK.\n"); |
| |
/* TODO: Preparse the DN here */ |
| |
} else if (cur_rmconf->idv) { |
| |
/* OK, using asn1dn without X.509. */ |
| |
} else { |
| |
yyerror("ASN1 ID not specified " |
| |
"and no CERT defined!\n"); |
| |
return -1; |
| |
} |
| |
} |
| |
|
| |
if (duprmconf_finish(cur_rmconf)) |
| |
return -1; |
| |
|
| |
if (set_isakmp_proposal(cur_rmconf) != 0) |
| |
return -1; |
| |
|
| |
/* DH group settting if aggressive mode is there. */ |
| |
if (check_etypeok(cur_rmconf, (void*) ISAKMP_ETYPE_AGG)) { |
| |
struct isakmpsa *p; |
| |
int b = 0; |
| |
|
| |
/* DH group */ |
| |
for (p = cur_rmconf->proposal; p; p = p->next) { |
| |
if (b == 0 || (b && b == p->dh_group)) { |
| |
b = p->dh_group; |
| |
continue; |
| |
} |
| |
yyerror("DH group must be equal " |
| |
"in all proposals " |
| |
"when aggressive mode is " |
| |
"used.\n"); |
| |
return -1; |
| |
} |
| |
cur_rmconf->dh_group = b; |
| |
|
| |
if (cur_rmconf->dh_group == 0) { |
| |
yyerror("DH group must be set in the proposal.\n"); |
| |
return -1; |
| |
} |
| |
|
| |
/* DH group settting if PFS is required. */ |
| |
if (oakley_setdhgroup(cur_rmconf->dh_group, |
| |
&cur_rmconf->dhgrp) < 0) { |
| |
yyerror("failed to set DH value.\n"); |
| |
return -1; |
| |
} |
| |
} |
| |
|
| |
insrmconf(cur_rmconf); |
| |
|
| |
return 0; |
| |
} |
| |
|
| %} |
%} |
| |
|
| %union { |
%union { |
|
Line 1643 remote_statement
|
Line 1713 remote_statement
|
| vfree($2); |
vfree($2); |
| vfree($4); |
vfree($4); |
| } |
} |
| remote_specs_block | remote_specs_inherit_block |
| | REMOTE QUOTEDSTRING |
| REMOTE QUOTEDSTRING |
| { |
{ |
| struct remoteconf *new; |
struct remoteconf *new; |
|
Line 1686 remote_statement
|
Line 1756 remote_statement
|
| new->remote = $2; |
new->remote = $2; |
| cur_rmconf = new; |
cur_rmconf = new; |
| } |
} |
| remote_specs_block | remote_specs_inherit_block |
| | REMOTE remote_index |
| REMOTE remote_index |
| { |
{ |
| struct remoteconf *new; |
struct remoteconf *new; |
|
Line 1703 remote_statement
|
Line 1773 remote_statement
|
| remote_specs_block |
remote_specs_block |
| ; |
; |
| |
|
| |
remote_specs_inherit_block |
| |
: remote_specs_block |
| |
| EOS /* inheritance without overriding any settings */ |
| |
{ |
| |
if (process_rmconf() != 0) |
| |
return -1; |
| |
} |
| |
; |
| |
|
| remote_specs_block |
remote_specs_block |
| : BOC remote_specs EOC |
: BOC remote_specs EOC |
| { |
{ |
| /* check a exchange mode */ | if (process_rmconf() != 0) |
| if (cur_rmconf->etypes == NULL) { | |
| yyerror("no exchange mode specified.\n"); | |
| return -1; |
return -1; |
| } |
|
| |
|
| if (cur_rmconf->idvtype == IDTYPE_UNDEFINED) |
|
| cur_rmconf->idvtype = IDTYPE_ADDRESS; |
|
| |
|
| if (cur_rmconf->idvtype == IDTYPE_ASN1DN) { |
|
| if (cur_rmconf->mycertfile) { |
|
| if (cur_rmconf->idv) |
|
| yywarn("Both CERT and ASN1 ID " |
|
| "are set. Hope this is OK.\n"); |
|
| /* TODO: Preparse the DN here */ |
|
| } else if (cur_rmconf->idv) { |
|
| /* OK, using asn1dn without X.509. */ |
|
| } else { |
|
| yyerror("ASN1 ID not specified " |
|
| "and no CERT defined!\n"); |
|
| return -1; |
|
| } |
|
| } |
|
| |
|
| if (duprmconf_finish(cur_rmconf)) |
|
| return -1; |
|
| |
|
| #if 0 |
|
| /* this pointer copy will never happen, because duprmconf_shallow |
|
| * already copied all pointers. |
|
| */ |
|
| if (cur_rmconf->spspec == NULL && |
|
| cur_rmconf->inherited_from != NULL) { |
|
| cur_rmconf->spspec = cur_rmconf->inherited_from->spspec; |
|
| } |
|
| #endif |
|
| if (set_isakmp_proposal(cur_rmconf) != 0) |
|
| return -1; |
|
| |
|
| /* DH group settting if aggressive mode is there. */ |
|
| if (check_etypeok(cur_rmconf, (void*) ISAKMP_ETYPE_AGG)) { |
|
| struct isakmpsa *p; |
|
| int b = 0; |
|
| |
|
| /* DH group */ |
|
| for (p = cur_rmconf->proposal; p; p = p->next) { |
|
| if (b == 0 || (b && b == p->dh_group)) { |
|
| b = p->dh_group; |
|
| continue; |
|
| } |
|
| yyerror("DH group must be equal " |
|
| "in all proposals " |
|
| "when aggressive mode is " |
|
| "used.\n"); |
|
| return -1; |
|
| } |
|
| cur_rmconf->dh_group = b; |
|
| |
|
| if (cur_rmconf->dh_group == 0) { |
|
| yyerror("DH group must be set in the proposal.\n"); |
|
| return -1; |
|
| } |
|
| |
|
| /* DH group settting if PFS is required. */ |
|
| if (oakley_setdhgroup(cur_rmconf->dh_group, |
|
| &cur_rmconf->dhgrp) < 0) { |
|
| yyerror("failed to set DH value.\n"); |
|
| return -1; |
|
| } |
|
| } |
|
| |
|
| insrmconf(cur_rmconf); |
|
| } |
} |
| ; |
; |
| remote_index |
remote_index |
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to cfparse.y CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / ipsec-tools / src / racoon