summaryrefslogtreecommitdiff
path: root/sbin
diff options
context:
space:
mode:
Diffstat (limited to 'sbin')
-rw-r--r--sbin/ipsec/photurisd/kernel.c24
-rw-r--r--sbin/ipsec/photurisd/kernel.h3
-rw-r--r--sbin/ipsec/photurisd/server.c5
3 files changed, 29 insertions, 3 deletions
diff --git a/sbin/ipsec/photurisd/kernel.c b/sbin/ipsec/photurisd/kernel.c
index cb20313f93a..f4c29ebad52 100644
--- a/sbin/ipsec/photurisd/kernel.c
+++ b/sbin/ipsec/photurisd/kernel.c
@@ -29,7 +29,7 @@
*/
#ifndef lint
-static char rcsid[] = "$Id: kernel.c,v 1.6 1998/03/07 08:48:18 provos Exp $";
+static char rcsid[] = "$Id: kernel.c,v 1.7 1998/03/16 20:49:50 provos Exp $";
#endif
#include <sys/param.h>
@@ -156,6 +156,28 @@ kernel_get_socket(void)
return sd;
}
+void
+kernel_set_socket_policy(int sd)
+{
+ u_char level;
+
+ /*
+ * Need to bypass system security policy, so I can send and
+ * receive key management datagrams in the clear.
+ */
+
+ level = IPSEC_LEVEL_BYPASS; /* Did I mention I'm privileged? */
+ if (setsockopt(sd, IPPROTO_IP, IP_AUTH_LEVEL, (char *)&level,
+ sizeof (u_char)) == -1)
+ crit_error(1, "setsockopt: can not bypass ipsec authentication policy");
+ if (setsockopt(sd, IPPROTO_IP, IP_ESP_TRANS_LEVEL,
+ (char *)&level, sizeof (u_char)) == -1)
+ crit_error(1, "setsockopt: can not bypass ipsec esp transport policy");
+ if (setsockopt(sd, IPPROTO_IP, IP_ESP_NETWORK_LEVEL,
+ (char *)&level, sizeof (u_char)) == -1)
+ crit_error(1, "setsockopt: can not bypass ipsec esp network policy");
+}
+
int
kernel_xf_set(struct encap_msghdr *em)
{
diff --git a/sbin/ipsec/photurisd/kernel.h b/sbin/ipsec/photurisd/kernel.h
index d30ceb6b7af..625b2fdb426 100644
--- a/sbin/ipsec/photurisd/kernel.h
+++ b/sbin/ipsec/photurisd/kernel.h
@@ -27,7 +27,7 @@
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
-/* $Id: kernel.h,v 1.4 1998/03/04 11:43:33 provos Exp $ */
+/* $Id: kernel.h,v 1.5 1998/03/16 20:49:51 provos Exp $ */
/*
* kernel.h:
* security paramter index creation.
@@ -81,5 +81,6 @@ EXTERN int kernel_insert_spi(struct spiob *SPI);
EXTERN int kernel_unlink_spi(struct spiob *ospi);
EXTERN int init_kernel(void);
EXTERN int kernel_get_socket(void);
+EXTERN void kernel_set_socket_policy(int sd);
#endif /* _KERNEL_H */
diff --git a/sbin/ipsec/photurisd/server.c b/sbin/ipsec/photurisd/server.c
index c3062d19ffd..4010799a6e0 100644
--- a/sbin/ipsec/photurisd/server.c
+++ b/sbin/ipsec/photurisd/server.c
@@ -35,7 +35,7 @@
*/
#ifndef lint
-static char rcsid[] = "$Id: server.c,v 1.3 1998/03/04 11:43:52 provos Exp $";
+static char rcsid[] = "$Id: server.c,v 1.4 1998/03/16 20:49:53 provos Exp $";
#endif
#define _SERVER_C_
@@ -193,6 +193,9 @@ init_server(void)
crit_error(1, "socket() in init_server()");
setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, (void *)&on,
sizeof(on));
+#ifdef IPSEC
+ kernel_set_socket_policy(sock);
+#endif
sockets[i] = sock;
#ifdef DEBUG
generated by cgit v1.2.3 (git 2.25.1) at 2025-01-06 12:33:52 +0000