ike_phase_1.c: Merge with EOM 1.8

message.c: Merge with EOM 1.135
message.h: Merge with EOM 1.48
sa.c: Merge with EOM 1.97
sa.h: Merge with EOM 1.53

author: angelos
Complete policy work; tested for the shared-key case. Documentation needed.

5 files changed, 47 insertions, 16 deletions

diff --git a/sbin/isakmpd/ike_phase_1.c b/sbin/isakmpd/ike_phase_1.c
index 13c1f1656d5..c6d81ed6875 100644
--- a/sbin/isakmpd/ike_phase_1.c
+++ b/sbin/isakmpd/ike_phase_1.c
@@ -1,5 +1,5 @@
-/*	$OpenBSD: ike_phase_1.c,v 1.6 1999/07/17 21:54:39 niklas Exp $	*/
-/*	$EOM: ike_phase_1.c,v 1.7 1999/07/17 20:44:10 niklas Exp $	*/
+/*	$OpenBSD: ike_phase_1.c,v 1.7 1999/08/26 22:27:51 niklas Exp $	*/
+/*	$EOM: ike_phase_1.c,v 1.8 1999/08/18 00:44:55 angelos Exp $	*/
 
 /*
  * Copyright (c) 1999 Niklas Hallqvist.  All rights reserved.
@@ -63,7 +63,8 @@
 #include "util.h"
 
 static int attribute_unacceptable (u_int16_t, u_int8_t *, u_int16_t, void *);
-static int ike_phase_1_validate_prop (struct exchange *, struct sa *);
+static int ike_phase_1_validate_prop (struct exchange *, struct sa *,
+				      struct sa *);
 
 /* Offer a set of transforms to the responder in the MSG message.  */
 int
@@ -978,7 +979,8 @@ struct validation_state {
 
 /* Validate a proposal inside SA according to EXCHANGE's policy.  */
 static int
-ike_phase_1_validate_prop (struct exchange *exchange, struct sa *sa)
+ike_phase_1_validate_prop (struct exchange *exchange, struct sa *sa,
+			   struct sa *isakmp_sa)
 {
   struct conf_list *conf, *tags;
   struct conf_list_node *xf, *tag;
diff --git a/sbin/isakmpd/message.c b/sbin/isakmpd/message.c
index 13932571e69..a1482c2ac5a 100644
--- a/sbin/isakmpd/message.c
+++ b/sbin/isakmpd/message.c
@@ -1,5 +1,5 @@
-/*	$OpenBSD: message.c,v 1.21 1999/05/14 20:10:11 niklas Exp $	*/
-/*	$EOM: message.c,v 1.134 1999/05/14 20:09:49 niklas Exp $	*/
+/*	$OpenBSD: message.c,v 1.22 1999/08/26 22:27:51 niklas Exp $	*/
+/*	$EOM: message.c,v 1.135 1999/08/18 00:44:56 angelos Exp $	*/
 
 /*
  * Copyright (c) 1998, 1999 Niklas Hallqvist.  All rights reserved.
@@ -1551,7 +1551,8 @@ step_transform (struct payload *tp, struct payload **propp,
  */
 int
 message_negotiate_sa (struct message *msg,
-		      int (*validate) (struct exchange *, struct sa *))
+		      int (*validate) (struct exchange *, struct sa *,
+				       struct sa *))
 {
   struct payload *tp, *propp, *sap, *next_tp = 0, *next_propp, *next_sap;
   struct payload *saved_tp = 0, *saved_propp = 0, *saved_sap = 0;
@@ -1657,7 +1658,7 @@ message_negotiate_sa (struct message *msg,
 	   */
 	  if (suite_ok_so_far)
 	    {
-	      if (!validate || validate (exchange, sa))
+	      if (!validate || validate (exchange, sa, msg->isakmp_sa))
 		{
 		  log_debug (LOG_MESSAGE, 30,
 			     "message_negotiate_sa: proposal %d succeeded",
diff --git a/sbin/isakmpd/message.h b/sbin/isakmpd/message.h
index 73144011dd0..95d0a440950 100644
--- a/sbin/isakmpd/message.h
+++ b/sbin/isakmpd/message.h
@@ -1,5 +1,5 @@
-/*	$OpenBSD: message.h,v 1.10 1999/05/01 22:58:03 niklas Exp $	*/
-/*	$EOM: message.h,v 1.47 1999/05/01 22:36:34 niklas Exp $	*/
+/*	$OpenBSD: message.h,v 1.11 1999/08/26 22:27:51 niklas Exp $	*/
+/*	$EOM: message.h,v 1.48 1999/08/18 00:44:57 angelos Exp $	*/
 
 /*
  * Copyright (c) 1998, 1999 Niklas Hallqvist.  All rights reserved.
@@ -169,7 +169,8 @@ extern u_int8_t *message_copy (struct message *, size_t, size_t *);
 extern void message_drop (struct message *, int, struct proto *, int, int);
 extern void message_free (struct message *);
 extern int message_negotiate_sa (struct message *,
-				 int (*) (struct exchange *, struct sa *));
+				 int (*) (struct exchange *, struct sa *,
+					  struct sa *));
 extern int message_recv (struct message *);
 extern int message_register_post_send (struct message *,
 				       void (*) (struct message *));
diff --git a/sbin/isakmpd/sa.c b/sbin/isakmpd/sa.c
index 79fbefa2143..68e694ebabf 100644
--- a/sbin/isakmpd/sa.c
+++ b/sbin/isakmpd/sa.c
@@ -1,5 +1,5 @@
-/*	$OpenBSD: sa.c,v 1.22 1999/07/07 22:10:11 niklas Exp $	*/
-/*	$EOM: sa.c,v 1.96 1999/06/06 17:12:40 ho Exp $	*/
+/*	$OpenBSD: sa.c,v 1.23 1999/08/26 22:27:51 niklas Exp $	*/
+/*	$EOM: sa.c,v 1.97 1999/08/18 00:44:57 angelos Exp $	*/
 
 /*
  * Copyright (c) 1998, 1999 Niklas Hallqvist.  All rights reserved.
@@ -50,6 +50,7 @@
 #include "timer.h"
 #include "transport.h"
 #include "util.h"
+#include "cert.h"
 
 /* Initial number of bits from the cookies used as hash.  */
 #define INITIAL_BUCKET_BITS 6
@@ -456,7 +457,8 @@ void
 sa_release (struct sa *sa)
 {
   struct proto *proto;
-
+  struct cert_handler *handler;
+  
   log_debug (LOG_SA, 80, "sa_release: SA %p had %d references",
 	     sa, sa->refcnt);
 
@@ -473,6 +475,18 @@ sa_release (struct sa *sa)
 	sa->doi->free_sa_data (sa->data);
       free (sa->data);
     }
+  if (sa->id_i)
+    free (sa->id_i);
+  if (sa->id_r)
+    free (sa->id_r);
+  if (sa->recv_cert)
+    {
+	handler = cert_get (sa->recv_certtype);
+	if (handler)
+	  handler->cert_free (sa->recv_cert);
+	else if (sa->recv_certtype == ISAKMP_CERTENC_NONE)
+	  free (sa->recv_cert);
+    }
   if (sa->name)
     free (sa->name);
   if (sa->keystate)
diff --git a/sbin/isakmpd/sa.h b/sbin/isakmpd/sa.h
index ffb30cea15a..8a505cfea8d 100644
--- a/sbin/isakmpd/sa.h
+++ b/sbin/isakmpd/sa.h
@@ -1,5 +1,5 @@
-/*	$OpenBSD: sa.h,v 1.13 1999/06/02 06:31:22 niklas Exp $	*/
-/*	$EOM: sa.h,v 1.52 1999/05/29 15:11:07 ho Exp $	*/
+/*	$OpenBSD: sa.h,v 1.14 1999/08/26 22:27:51 niklas Exp $	*/
+/*	$EOM: sa.h,v 1.53 1999/08/18 00:44:57 angelos Exp $	*/
 
 /*
  * Copyright (c) 1998, 1999 Niklas Hallqvist.  All rights reserved.
@@ -133,6 +133,19 @@ struct sa {
   int key_length;
   struct keystate *keystate;
 
+  /* IDs from Phase 1 */
+  u_int8_t *id_i;
+  size_t id_i_len;
+  u_int8_t *id_r;
+  size_t id_r_len;
+
+  /* Set if we were the initiator of the SA/exchange in Phase 1 */
+  int initiator;
+
+  /* Certs or other information from Phase 1 */  
+  int recv_certtype, recv_certlen;
+  void *recv_cert;
+    
   /* DOI-specific opaque data.  */
   void *data;