src - OpenBSD base system

diff options


context:
space:
mode:

author	Niels Provos <provos@cvs.openbsd.org>	1997-07-22 11:18:27 +0000
committer	Niels Provos <provos@cvs.openbsd.org>	1997-07-22 11:18:27 +0000
commit	fe986c82719369723c381542f56608ddf2f122ab (patch)
tree	f75f7b807e82380a5887904da811e30bcd0080d2 /sbin
parent	fa79aa45758f5d39df3dec3f6773a2299f799321 (diff)

make startkey grok more, make users grok more + tiny protocol fixes.

Diffstat (limited to 'sbin')

-rw-r--r--

sbin/ipsec/photurisd/api.c

-rw-r--r--

sbin/ipsec/photurisd/config.c

263

-rw-r--r--

sbin/ipsec/photurisd/config.h

-rw-r--r--

sbin/ipsec/photurisd/handle_cookie_request.c

-rw-r--r--

sbin/ipsec/photurisd/handle_value_request.c

-rw-r--r--

sbin/ipsec/photurisd/photuris_cookie_response.c

-rw-r--r--

sbin/ipsec/photurisd/photurisd.1

-rw-r--r--

sbin/ipsec/photurisd/schedule.c

-rw-r--r--

sbin/ipsec/photurisd/server.c

-rw-r--r--

sbin/ipsec/startkey/Makefile

-rw-r--r--

sbin/ipsec/startkey/startkey.c

11 files changed, 248 insertions, 189 deletions

diff --git a/sbin/ipsec/photurisd/api.c b/sbin/ipsec/photurisd/api.c
index 219f7b5c028..8bde65d4369 100644
--- a/sbin/ipsec/photurisd/api.c
+++ b/sbin/ipsec/photurisd/api.c

@@ -37,7 +37,7 @@

#ifndef lint

-static char rcsid[] = "$Id: api.c,v 1.1 1997/07/18 22:48:50 provos Exp $";

+static char rcsid[] = "$Id: api.c,v 1.2 1997/07/22 11:18:19 provos Exp $";

#endif

#define _API_C_

@@ -52,6 +52,7 @@ static char rcsid[] = "$Id: api.c,v 1.1 1997/07/18 22:48:50 provos Exp $";

#include <string.h>

#include "state.h"

#include "photuris.h"

+#include "config.h"

#include "api.h"

#include "errlog.h"

#include "buffer.h"

@@ -85,43 +86,29 @@ process_api(int fd, int sendsock)

if (!sz)

return;

- if (addresses != (char **) NULL)

+ /* Set up a new state object */

+ if ((st = state_new()) == NULL) {

+ log_error(1, "state_new() in process_api()");

+ return;

+ }

+ startup_parse(st, buffer);

+ if (addresses != (char **) NULL && strlen(st->address))

for (i = 0; i<num_ifs; i++) {

if (addresses[i] == (char *)NULL)

continue;

- if (!strcmp(addresses[i], buffer)) {

+ if (!strcmp(addresses[i], st->address)) {

/* XXX Code to notify kernel of failure here */

log_error(0, "discarded request to initiate KES with localhost");

+ state_value_reset(st);

+ free(st);

return;

}

- if (inet_addr(buffer) == -1) {

- /* XXX Code to notify kernel of failure */

- log_error(0, "invalid destination IP address: %s", buffer);

- return;

- }

-#ifdef DEBUG

- printf("[Initiating KES with %s]\n", buffer);

-#endif

- /* Set up a new state object */

- if ((st = state_new()) == NULL) {

- log_error(1, "state_new() in process_api()");

- return;

- }

- /* Default options */

- st->flags |= IPSEC_OPT_ENC | IPSEC_OPT_AUTH;

- if (start_exchange(sendsock, st, buffer, global_port) == -1) {

- log_error(0, "start_exchange in process_api()");

- state_value_reset(st);

- return;

- }

+ startup_end(st);

- state_insert(st);

#ifdef DEBUG

printf("API finished.\n");

#endif

diff --git a/sbin/ipsec/photurisd/config.c b/sbin/ipsec/photurisd/config.c
index 24d68d9888c..4576e8b405d 100644
--- a/sbin/ipsec/photurisd/config.c
+++ b/sbin/ipsec/photurisd/config.c

@@ -33,7 +33,7 @@

#ifndef lint

-static char rcsid[] = "$Id: config.c,v 1.1 1997/07/18 22:48:49 provos Exp $";

+static char rcsid[] = "$Id: config.c,v 1.2 1997/07/22 11:18:21 provos Exp $";

#endif

#define _CONFIG_C_

@@ -142,6 +142,8 @@ init_attributes(void)

if (ob == NULL && (ob = attrib_new()) == NULL)

crit_error(1, "attribute_new() in init_attributes()");

+ else

+ def_flag = 1;

if (!strcmp(p, "AT_AH_ATTRIB")) {

attrib[0] = AT_AH_ATTRIB;

@@ -432,10 +434,137 @@ init_times(void)

return 0;

}

+void

+startup_parse(struct stateob *st, char *p2)

+ char *p, *p3;

+ while((p=strsep(&p2, " ")) != NULL) {

+ if ((p3 = strchr(p, '=')) == NULL) {

+ log_error(0, "missing = in %s in startup_parse()", p);

+ continue;

+ }

+ if (strlen(++p3) == 0) {

+ log_error(0, "option missing after %s in startup_parse()", p);

+ continue;

+ }

+ if (!strncmp(p, OPT_DST, strlen(OPT_DST))) {

+ if (inet_addr(p3) == -1) {

+ log_error(0, "invalid destination IP address: %s", p3);

+ continue;

+ }

+ strncpy(st->address, p3, 15);

+ st->address[15] = '\0';

+ } else if (!strncmp(p, OPT_PORT, strlen(OPT_PORT))) {

+ if ((st->port = atoi(p3)) == 0) {

+ log_error(0, "invalid port number: %s", p3);

+ continue;

+ }

+ } else if (!strncmp(p, OPT_USER, strlen(OPT_USER))) {

+ struct passwd *pwd;

+ if ((st->user = strdup(p3)) == NULL) {

+ log_error(1, "strdup() in startup_parse()");

+ continue;

+ }

+ if ((pwd = getpwnam(st->user)) == NULL) {

+ log_error(1, "getpwnam() in startup_parse()");

+ continue;

+ }

+ } else if (!strncmp(p, OPT_OPTIONS, strlen(OPT_OPTIONS))) {

+ while((p = strsep(&p3, ",")) != NULL) {

+ if(!strcmp(p, OPT_ENC))

+ st->flags |= IPSEC_OPT_ENC;

+ else if(!strcmp(p, OPT_AUTH))

+ st->flags |= IPSEC_OPT_AUTH;

+ else {

+ log_error(0, "Unkown options %s in startup_parse()", p);

+ continue;

+ }

+ } else if (!strncmp(p, OPT_TSRC, strlen(OPT_TSRC))) {

+ p = strsep(&p3, "/");

+ if (p == NULL || p3 == NULL) {

+ log_error(0, "tsrc missing addr/mask in startup_parse()");

+ continue;

+ }

+ if ((st->isrc = inet_addr(p)) == -1) {

+ log_error(0, "invalid tsrc addr %s in startup_parse()",

+ p);

+ continue;

+ }

+ if ((st->ismask = inet_addr(p3)) == -1 &&

+ strcmp(p3, "255.255.255.255")) {

+ log_error(0, "invalid tsrc mask %s in startup_parse()",

+ p3);

+ st->isrc = -1;

+ continue;

+ }

+ } else if (!strncmp(p, OPT_TDST, strlen(OPT_TDST))) {

+ p = strsep(&p3, "/");

+ if (p == NULL || p3 == NULL) {

+ log_error(0, "tdst missing addr/mask in startup_parse()");

+ continue;

+ }

+ if ((st->idst = inet_addr(p)) == -1) {

+ log_error(0, "invalid tdst addr %s in startup_parse()", p);

+ continue;

+ }

+ if ((st->idmask = inet_addr(p3)) == -1 &&

+ strcmp(p3, "255.255.255.255")) {

+ log_error(0, "invalid tdst mask %s in startup_parse()", p3);

+ st->idst = -1;

+ continue;

+ }

+void

+startup_end(struct stateob *st)

+ if (!strlen(st->address)) {

+ log_error(0, "no destination given in startup_end()");

+ state_value_reset(st);

+ free(st);

+ return;

+ }

+ if (st->port == 0)

+ st->port = global_port;

+ if (st->flags == 0)

+ st->flags = IPSEC_OPT_ENC | IPSEC_OPT_AUTH;

+ if (st->isrc != -1 && st->idst != -1 && st->isrc && st->idst)

+ st->flags |= IPSEC_OPT_TUNNEL;

+#ifdef DEBUG

+ printf("Starting exchange with: %s:%d and options:",

+ st->address, st->port);

+ if (st->flags & IPSEC_OPT_ENC)

+ printf("%s ", OPT_ENC);

+ if (st->flags & IPSEC_OPT_AUTH)

+ printf("%s ", OPT_AUTH);

+ if (st->flags & IPSEC_OPT_TUNNEL)

+ printf("(tunnel mode) ");

+ else

+ printf("(transport mode) ");

+ if (st->user != NULL)

+ printf("for user %s", st->user);

+ printf("\n");

+#endif

+ if (start_exchange(global_socket, st,

+ st->address, st->port) == -1) {

+ log_error(0, "start_exchange in startup_end()");

+ state_value_reset(st);

+ free(st);

+ } else

+ state_insert(st);

int

init_startup(void)

{

- char *p, *p2, *p3;

+ char *p, *p2;

struct stateob *st = NULL;

#ifdef DEBUG

@@ -447,47 +576,12 @@ init_startup(void)

p2 = config_get("");

/* We read a newline or end of file */

if((p2 == NULL || strlen(p2) == 0) && st != NULL) {

- if (st->address == NULL) {

- log_error(0, "no destination given in init_startip()");

- state_value_reset(st);

- st = NULL;

- if (p2 != NULL)

- continue;

- else

- break;

- }

- if (st->port == 0)

- st->port = global_port;

- if (st->flags == 0)

- st->flags = IPSEC_OPT_ENC | IPSEC_OPT_AUTH;

- if (st->isrc != -1 && st->idst != -1 &&

- st->isrc && st->idst)

- st->flags |= IPSEC_OPT_TUNNEL;

-#ifdef DEBUG

- printf("Starting exchange with: %s:%d and options:",

- st->address, st->port);

- if (st->flags & IPSEC_OPT_ENC)

- printf("%s ", OPT_ENC);

- if (st->flags & IPSEC_OPT_AUTH)

- printf("%s ", OPT_AUTH);

- if (st->flags & IPSEC_OPT_TUNNEL)

- printf("(tunnel mode) ");

+ startup_end(st);

+ st = NULL;

+ if (p2 != NULL)

+ continue;

else

- printf("(transport mode) ");

- if (st->user != NULL)

- printf("for user %s", st->user);

- printf("\n");

-#endif

- if (start_exchange(global_socket, st,

- st->address, st->port) == -1) {

- log_error(0, "start_exchange in init_startup()");

- state_value_reset(st);

- st = NULL;

- } else {

- state_insert(st);

- st = NULL;

- }

+ break;

}

if (p2 == NULL)

break;

@@ -497,89 +591,8 @@ init_startup(void)

if (st == NULL && ((st = state_new()) == NULL))

crit_error(0, "state_new() in init_startup()");

- while((p=strsep(&p2, " ")) != NULL) {

- if ((p3 = strchr(p, '=')) == NULL) {

- log_error(0, "missing = in %s in init_startup()", p);

- continue;

- }

- if (strlen(++p3) == 0) {

- log_error(0, "option missing after %s in init_startup()",

- p);

- continue;

- }

- if (!strncmp(p, OPT_DST, strlen(OPT_DST))) {

- if (inet_addr(p3) == -1) {

- log_error(0, "invalid destination IP address: %s",

- p3);

- continue;

- }

- strncpy(st->address, p3, 15);

- st->address[15] = '\0';

- } else if (!strncmp(p, OPT_PORT, strlen(OPT_PORT))) {

- if ((st->port = atoi(p3)) == 0) {

- log_error(0, "invalid port number: %s", p3);

- continue;

- }

- } else if (!strncmp(p, OPT_USER, strlen(OPT_USER))) {

- struct passwd *pwd;

- if ((st->user = strdup(p3)) == NULL) {

- log_error(1, "strdup() in init_startup()");

- continue;

- }

- if ((pwd = getpwnam(st->user)) == NULL) {

- log_error(1, "getpwnam() in init_startup()");

- continue;

- }

- } else if (!strncmp(p, OPT_OPTIONS, strlen(OPT_OPTIONS))) {

- while((p = strsep(&p3, ",")) != NULL) {

- if(!strcmp(p, OPT_ENC))

- st->flags |= IPSEC_OPT_ENC;

- else if(!strcmp(p, OPT_AUTH))

- st->flags |= IPSEC_OPT_AUTH;

- else {

- log_error(0, "Unkown options %s in init_startup()",

- p);

- continue;

- }

- } else if (!strncmp(p, OPT_TSRC, strlen(OPT_TSRC))) {

- p = strsep(&p3, "/");

- if (p == NULL || p3 == NULL) {

- log_error(0, "tsrc missing addr/mask in init_startup()");

- continue;

- }

- if ((st->isrc = inet_addr(p)) == -1) {

- log_error(0, "invalid tsrc addr %s in init_startup()",

- p);

- continue;

- }

- if ((st->ismask = inet_addr(p3)) == -1 &&

- strcmp(p3, "255.255.255.255")) {

- log_error(0, "invalid tsrc mask %s in init_startup()",

- p3);

- st->isrc = -1;

- continue;

- }

- } else if (!strncmp(p, OPT_TDST, strlen(OPT_TDST))) {

- p = strsep(&p3, "/");

- if (p == NULL || p3 == NULL) {

- log_error(0, "tdst missing addr/mask in init_startup()");

- continue;

- }

- if ((st->idst = inet_addr(p)) == -1) {

- log_error(0, "invalid tdst addr %s in init_startup()",

- p);

- continue;

- }

- if ((st->idmask = inet_addr(p3)) == -1 &&

- strcmp(p3, "255.255.255.255")) {

- log_error(0, "invalid tdst mask %s in init_startup()",

- p3);

- st->idst = -1;

- continue;

- }

+ startup_parse(st, p2);

}

close_config_file();

diff --git a/sbin/ipsec/photurisd/config.h b/sbin/ipsec/photurisd/config.h
index 78e700a242d..669348d7c86 100644
--- a/sbin/ipsec/photurisd/config.h
+++ b/sbin/ipsec/photurisd/config.h

@@ -27,7 +27,7 @@

* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF

* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

-/* $Id: config.h,v 1.1 1997/07/18 22:48:50 provos Exp $ */

+/* $Id: config.h,v 1.2 1997/07/22 11:18:21 provos Exp $ */

* config.h:

* handling config

@@ -106,6 +106,8 @@ EXTERN int init_moduli(int);

EXTERN int init_schemes(void);

EXTERN int init_attributes(void);

EXTERN int init_times(void);

+EXTERN void startup_parse(struct stateob *st, char *line);

+EXTERN void startup_end(struct stateob *st);

EXTERN int init_startup(void);

EXTERN int init_signals(void);

diff --git a/sbin/ipsec/photurisd/handle_cookie_request.c b/sbin/ipsec/photurisd/handle_cookie_request.c
index 10d736b7dd2..eb5019dcb2e 100644
--- a/sbin/ipsec/photurisd/handle_cookie_request.c
+++ b/sbin/ipsec/photurisd/handle_cookie_request.c

@@ -34,7 +34,7 @@

#ifndef lint

-static char rcsid[] = "$Id: handle_cookie_request.c,v 1.1 1997/07/18 22:48:50 provos Exp $";

+static char rcsid[] = "$Id: handle_cookie_request.c,v 1.2 1997/07/22 11:18:22 provos Exp $";

#endif

#include <stdio.h>

@@ -69,7 +69,7 @@ handle_cookie_request(u_char *packet, int size,

header = (struct cookie_request *) packet;

if ((prev_st=state_find(address)) != NULL) {

- int exceeded = 1;

+ int exceeded = 1, match = 0;

st = prev_st;

@@ -80,20 +80,20 @@ handle_cookie_request(u_char *packet, int size,

tm = time(NULL);

while(prev_st != NULL) {

- if ((!prev_st->initiator &&

- !bcmp(prev_st->rcookie, header->rcookie, COOKIE_SIZE))||

- (prev_st->initiator &&

- !bcmp(prev_st->icookie, header->rcookie, COOKIE_SIZE)))

- break;

if (prev_st->lifetime > tm)

exceeded = 0;

if (prev_st->lifetime > st->lifetime)

st = prev_st;

+ if ((!prev_st->initiator &&

+ !bcmp(prev_st->rcookie, header->rcookie, COOKIE_SIZE))||

+ (prev_st->initiator &&

+ !bcmp(prev_st->icookie, header->rcookie, COOKIE_SIZE)))

+ match = 1;

prev_st = state_find_next(prev_st, address);

}

- if (prev_st == NULL && !exceeded) {

+ if (!match && !exceeded) {

packet_size = PACKET_BUFFER_SIZE;

photuris_error_message(st, packet_buffer, &packet_size,

header->icookie, header->rcookie,

@@ -107,8 +107,8 @@ handle_cookie_request(u_char *packet, int size,

bcopy(header->icookie, icookie, COOKIE_SIZE);

packet_size = PACKET_BUFFER_SIZE;

- if (photuris_cookie_response(prev_st != NULL &&

- prev_st->lifetime < tm ? prev_st : NULL,

+ if (photuris_cookie_response(st != NULL &&

+ st->lifetime > tm ? st : NULL,

packet_buffer, &packet_size,

icookie, header->counter,

address, port,

diff --git a/sbin/ipsec/photurisd/handle_value_request.c b/sbin/ipsec/photurisd/handle_value_request.c
index 4c6d5a28f30..c16ac7d17b4 100644
--- a/sbin/ipsec/photurisd/handle_value_request.c
+++ b/sbin/ipsec/photurisd/handle_value_request.c

@@ -34,7 +34,7 @@

#ifndef lint

-static char rcsid[] = "$Id: handle_value_request.c,v 1.1 1997/07/18 22:48:50 provos Exp $";

+static char rcsid[] = "$Id: handle_value_request.c,v 1.2 1997/07/22 11:18:23 provos Exp $";

#endif

#include <stdio.h>

@@ -54,6 +54,7 @@ static char rcsid[] = "$Id: handle_value_request.c,v 1.1 1997/07/18 22:48:50 pro

#include "packet.h"

#include "exchange.h"

#include "secrets.h"

+#include "server.h"

#include "errlog.h"

int

@@ -81,7 +82,7 @@ handle_value_request(u_char *packet, int size,

tempst.initiator = 0; /* We are the Responder */

bcopy(header->icookie, tempst.icookie, COOKIE_SIZE);

strncpy(tempst.address, address, 15);

- tempst.port = port;

+ tempst.port = global_port;

tempst.counter = header->counter;

cookie_generate(&tempst, rcookie, COOKIE_SIZE);

diff --git a/sbin/ipsec/photurisd/photuris_cookie_response.c b/sbin/ipsec/photurisd/photuris_cookie_response.c
index ca65553138e..0a8230dc600 100644
--- a/sbin/ipsec/photurisd/photuris_cookie_response.c
+++ b/sbin/ipsec/photurisd/photuris_cookie_response.c

@@ -34,7 +34,7 @@

#ifndef lint

-static char rcsid[] = "$Id: photuris_cookie_response.c,v 1.1 1997/07/18 22:48:49 provos Exp $";

+static char rcsid[] = "$Id: photuris_cookie_response.c,v 1.2 1997/07/22 11:18:23 provos Exp $";

#endif

#include <stdio.h>

@@ -44,6 +44,7 @@ static char rcsid[] = "$Id: photuris_cookie_response.c,v 1.1 1997/07/18 22:48:49

#include "packets.h"

#include "state.h"

#include "cookie.h"

+#include "server.h"

/* XXX - on value_request receive we need to set the responder schemes */

@@ -70,7 +71,7 @@ photuris_cookie_response(struct stateob *st, u_char *buffer, int *size,

tempst.initiator = 0; /* We are the Responder */

bcopy(icookie, tempst.icookie, COOKIE_SIZE);

strncpy(tempst.address, address, 15);

- tempst.port = port;

+ tempst.port = global_port;

bcopy(tempst.icookie, header->icookie, COOKIE_SIZE);

diff --git a/sbin/ipsec/photurisd/photurisd.1 b/sbin/ipsec/photurisd/photurisd.1
index bcbc0322d09..a7a3bfe114c 100644
--- a/sbin/ipsec/photurisd/photurisd.1
+++ b/sbin/ipsec/photurisd/photurisd.1

@@ -1,4 +1,4 @@

-.\" $OpenBSD: photurisd.1,v 1.3 1997/07/19 12:07:52 provos Exp $

+.\" $OpenBSD: photurisd.1,v 1.4 1997/07/22 11:18:24 provos Exp $

.\"

@@ -76,7 +76,38 @@ looks for its startup files. The default is

The file

.Pa photuris.conf

contains the moduli for the DH exchange and the actual exchange

-schemes used to establish a shared secret.

+schemes used to establish a shared secret. The following keywords are

+understood:

+.Bl -tag -width exchange -offset indent

+.It modulus

+This keyword is followed by the numeric generator and modulus. Those two

+values describe the group in which exchange values for the

+.Nm Diffie-Hellmann

+key exchange are generated. The modulus needs to be a

+.Nm safe prime .

+.It exchange

+The supported exchange schemes are specified here with. The scheme is followed

+either by zero or the number of bits of the modulus to be used with this

+scheme. If zero is specified the given scheme acts as modifier to the base

+scheme. The base scheme is

+.Nm DH_G_2_MD5

+(generator of two and MD5 identification). Extended schemes are

+.Nm DH_G_2_DES_MD5

+and

+.Nm DH_G_2_3DES_SHA1 .

+An exchange can only be configured if an apropriate modulus has be given

+before.

+.It config

+This is used to configure the LifeTimes of SPIs and exchanges. The configurable

+values are:

+.Nm exchange_max_retries ,

+.Nm exchange_retransmit_timeout ,

+.Nm exchange_timeout ,

+.Nm exchange_lifetime

+and

+.Nm spi_lifetime .

+They are followed by an integer.

+.El

.Pp

The file

.Pa attributes.conf

@@ -103,8 +134,8 @@ and

.Nm user

are understood in the

.Pa photuris.startup

-file. The values are as follow:

-.Bl -tag -width options -offser indent

+file. The values are as follows:

+.Bl -tag -width options -offset indent

.It dst

The destination IP address with which the exchange is to be established.

.It port

@@ -145,7 +176,8 @@ tdst=134.100.106.0/255.255.255.255

.Xr startkey 1 .

.Sh HISTORY

The photuris keymanagement protocol is described in the internet draft

-.Nm draft-simpson-photuris .

-This implementation appeared in

+.Nm draft-simpson-photuris

+by the authors Phil Karn and William Allen Simpson.

+This implementation was done 1997 by Niels Provos and appeared in

.Bx Open

2.1.

diff --git a/sbin/ipsec/photurisd/schedule.c b/sbin/ipsec/photurisd/schedule.c
index bd81cd8c0d1..793be76a5af 100644
--- a/sbin/ipsec/photurisd/schedule.c
+++ b/sbin/ipsec/photurisd/schedule.c

@@ -35,7 +35,7 @@

#ifndef lint

-static char rcsid[] = "$Id: schedule.c,v 1.1 1997/07/18 22:48:50 provos Exp $";

+static char rcsid[] = "$Id: schedule.c,v 1.2 1997/07/22 11:18:24 provos Exp $";

#endif

#define _SCHEDULE_C_

@@ -204,18 +204,18 @@ schedule_process(int sock)

tmp->tm = time(NULL) + REKEY_TIMEOUT;

break;

case MODULUS:

-#ifdef DEBUG

+#ifdef DEBUG2

printf("Checking moduli\n");

#endif

mod_check_prime(MOD_PRIME_ITER, MOD_PRIME_TIME);

tmp->tm = time(NULL) + MODULUS_TIMEOUT;

break;

case CLEANUP:

-#ifdef DEBUG

+#ifdef DEBUG2

printf("Cleaning up states\n");

#endif

state_expire();

-#ifdef DEBUG

+#ifdef DEBUG2

printf("Cleaning up SPI's\n");

#endif

spi_expire();

diff --git a/sbin/ipsec/photurisd/server.c b/sbin/ipsec/photurisd/server.c
index fa88abaa90f..e2228260b2c 100644
--- a/sbin/ipsec/photurisd/server.c
+++ b/sbin/ipsec/photurisd/server.c

@@ -35,7 +35,7 @@

#ifndef lint

-static char rcsid[] = "$Id: server.c,v 1.1 1997/07/18 22:48:50 provos Exp $";

+static char rcsid[] = "$Id: server.c,v 1.2 1997/07/22 11:18:25 provos Exp $";

#endif

#define _SERVER_C_

@@ -240,7 +240,7 @@ server(void)

timeout.tv_usec = 0;

timeout.tv_sec = schedule_next();

-#ifdef DEBUG

+#ifdef DEBUG2

printf("Sleeping for %ld seconds\n", timeout.tv_sec);

#endif

diff --git a/sbin/ipsec/startkey/Makefile b/sbin/ipsec/startkey/Makefile
index 4bc5d3051ea..87f7eed127a 100644
--- a/sbin/ipsec/startkey/Makefile
+++ b/sbin/ipsec/startkey/Makefile

@@ -1,7 +1,7 @@

PROG= startkey

SRCS= startkey.c

-NOMAN=

CFLAGS+= -I${.CURDIR}/../photurisd

+MAN= startkey.1

.include <bsd.prog.mk>

diff --git a/sbin/ipsec/startkey/startkey.c b/sbin/ipsec/startkey/startkey.c
index 3f34c9ecadc..3265268de7e 100644
--- a/sbin/ipsec/startkey/startkey.c
+++ b/sbin/ipsec/startkey/startkey.c

@@ -31,10 +31,11 @@

#ifndef lint

-static char rcsid[] = "$Id: startkey.c,v 1.1 1997/07/18 22:50:23 provos Exp $";

+static char rcsid[] = "$Id: startkey.c,v 1.2 1997/07/22 11:18:26 provos Exp $";

#endif

#include <stdio.h>

+#include <stdlib.h>

#include <fcntl.h>

#include <sys/types.h>

#include <sys/socket.h>

@@ -46,8 +47,8 @@ static char rcsid[] = "$Id: startkey.c,v 1.1 1997/07/18 22:50:23 provos Exp $";

void

usage(char *name)

{

- fprintf(stderr, "Usage: %s [-d dir] <ip address>\n", name);

- exit();

+ fprintf(stderr, "Usage: %s [-d dir] <options...>\n", name);

+ exit(0);

}

@@ -59,7 +60,9 @@ int

main(int argc, char **argv)

{

int fd, ch;

- char *dir = PHOTURIS_DIR;

+ int i, len;

+ char *dir = PHOTURIS_DIR, *buffer;

while ((ch = getopt(argc, argv, "d:")) != -1)

switch((char)ch) {

@@ -70,12 +73,19 @@ main(int argc, char **argv)

usage(argv[0]);

}

- if (argc - optind != 1)

+ if (argc - optind < 1)

usage(argv[0]);

argc -= optind;

argv += optind;

+ for (len=0, i=0; i<argc; i++) {

+ if (strchr(argv[i], '=') == NULL) {

+ fprintf(stderr, "missing = in %s\n", argv[i]);

+ exit(-1);

+ }

+ len += strlen(argv[i])+1;

+ }

if (chdir(dir) == -1) {

fprintf(stderr, "Can't change dir to %s\n", dir);

@@ -83,18 +93,31 @@ main(int argc, char **argv)

}

fd = open(PHOTURIS_FIFO, O_WRONLY | O_NONBLOCK, 0);

if (fd == -1)

{

perror("open()");

exit(-1);

}

+ if ((buffer = calloc(len, sizeof(char))) == NULL) {

+ perror("calloc()");

+ exit(-1);

+ }

- if (write(fd, argv[0], strlen(argv[0])) != strlen(argv[0]))

+ for (i=0; i<argc; i++) {

+ strcpy(buffer+strlen(buffer), argv[i]);

+ strcat(buffer, " ");

+ }

+ if (write(fd, buffer, strlen(buffer)) != strlen(buffer))

{

- perror("write()");

- exit(-1);

+ perror("write()");

+ exit(-1);

}

+ free(buffer);

close(fd);

exit(0);