From 175a5890da1fc943fb85ed8895c055977ae6949d Mon Sep 17 00:00:00 2001
From: Henning Brauer <henning@cvs.openbsd.org>
Date: Wed, 28 Apr 2004 01:36:57 +0000
Subject: prevent multiple auth methods to be specified

---
 usr.sbin/bgpd/parse.y | 18 +++++++++++++++++-
 1 file changed, 17 insertions(+), 1 deletion(-)

(limited to 'usr.sbin/bgpd/parse.y')

diff --git a/usr.sbin/bgpd/parse.y b/usr.sbin/bgpd/parse.y
index f70545d1abb..3856d48178f 100644
--- a/usr.sbin/bgpd/parse.y
+++ b/usr.sbin/bgpd/parse.y
@@ -1,4 +1,4 @@
-/*	$OpenBSD: parse.y,v 1.93 2004/04/28 00:38:39 henning Exp $ */
+/*	$OpenBSD: parse.y,v 1.94 2004/04/28 01:36:56 henning Exp $ */
 
 /*
  * Copyright (c) 2002, 2003, 2004 Henning Brauer <henning@openbsd.org>
@@ -507,6 +507,10 @@ peeropts	: REMOTEAS asnumber	{
 			curpeer->conf.max_prefix = $2;
 		}
 		| TCP MD5SIG PASSWORD string {
+			if (curpeer->conf.auth.method) {
+				yyerror("auth method cannot be redefined");
+				YYERROR;
+			}
 			if (strlcpy(curpeer->conf.auth.md5key, $4,
 			    sizeof(curpeer->conf.auth.md5key)) >=
 			    sizeof(curpeer->conf.auth.md5key)) {
@@ -522,6 +526,10 @@ peeropts	: REMOTEAS asnumber	{
 			unsigned	i;
 			char		s[3];
 
+			if (curpeer->conf.auth.method) {
+				yyerror("auth method cannot be redefined");
+				YYERROR;
+			}
 			if (strlen($4) / 2 >=
 			    sizeof(curpeer->conf.auth.md5key)) {
 				yyerror("key too long");
@@ -551,6 +559,10 @@ peeropts	: REMOTEAS asnumber	{
 			free($4);
 		}
 		| IPSEC IKE {
+			if (curpeer->conf.auth.method) {
+				yyerror("auth method cannot be redefined");
+				YYERROR;
+			}
 			curpeer->conf.auth.method = AUTH_IPSEC_IKE;
 		}
 		| IPSEC ESP inout SPI number STRING STRING encspec {
@@ -559,6 +571,10 @@ peeropts	: REMOTEAS asnumber	{
 			u_int32_t	auth_alg;
 			u_int8_t	keylen;
 
+			if (curpeer->conf.auth.method) {
+				yyerror("auth method cannot be redefined");
+				YYERROR;
+			}
 			curpeer->conf.auth.method = AUTH_IPSEC_MANUAL_ESP;
 
 			if (!strcmp($6, "sha1")) {
-- 
cgit v1.2.3