diff -uNrp openswan-2.6.28.xauth/programs/pluto/connections.c openswan-2.6.28/programs/pluto/connections.c
--- openswan-2.6.28.xauth/programs/pluto/connections.c 2010-07-29 14:45:59.000000000 -0400
+++ openswan-2.6.28/programs/pluto/connections.c 2012-10-15 09:26:26.478771881 -0400
@@ -319,6 +319,11 @@ delete_connection(struct connection *c,
set_debugging(old_cur_debugging);
#endif
pfreeany(c->name);
+#ifdef XAUTH
+ pfreeany(c->cisco_dns_info);
+ pfreeany(c->cisco_domain_info);
+ pfreeany(c->cisco_banner);
+#endif
#ifdef DYNAMICDNS
pfreeany(c->dnshostname);
#endif /* DYNAMICDNS */
@@ -756,6 +761,12 @@ unshare_connection_strings(struct connec
c->name = clone_str(c->name, "connection name");
+#ifdef XAUTH
+ c->cisco_dns_info = clone_str(c->cisco_dns_info, "connection cisco_dns_info");
+ c->cisco_domain_info = clone_str(c->cisco_domain_info, "connection cisco_domain_info");
+ c->cisco_banner = clone_str(c->cisco_banner, "connection cisco_banner");
+#endif
+
#ifdef DYNAMICDNS
c->dnshostname = clone_str(c->dnshostname, "connection dnshostname");
#endif /* DYNAMICDNS */
@@ -1197,7 +1208,13 @@ add_connection(const struct whack_messag
c->name = wm->name;
c->connalias = wm->connalias;
+#ifdef XAUTH
+ c->cisco_dns_info = NULL;
+ c->cisco_domain_info = NULL;
+ c->cisco_banner = NULL;
+#endif
#ifdef DYNAMICDNS
+ c->dnshostname = NULL;
if (wm->dnshostname)
c->dnshostname = wm->dnshostname;
#endif /* DYNAMICDNS */
@@ -1302,11 +1319,6 @@ add_connection(const struct whack_messag
/* Cisco interop: remote peer type */
c->remotepeertype=wm->remotepeertype;
- /* Initializing Cisco dns and domain info */
- if (c->remotepeertype == CISCO) {
- c->cisco_dns_info[0] ='\0';
- c->cisco_domain_info[0] ='\0';
- }
/* Network Manager support */
#ifdef HAVE_NM
diff -uNrp openswan-2.6.28.xauth/programs/pluto/connections.h openswan-2.6.28/programs/pluto/connections.h
--- openswan-2.6.28.xauth/programs/pluto/connections.h 2010-07-29 14:45:59.000000000 -0400
+++ openswan-2.6.28/programs/pluto/connections.h 2012-10-15 09:26:26.478771881 -0400
@@ -259,15 +259,17 @@ struct connection {
#ifdef DYNAMICDNS
char *dnshostname;
#endif /* DYNAMICDNS */
+#ifdef XAUTH
#ifdef MODECFG
ip_address modecfg_dns1;
ip_address modecfg_dns2;
ip_address modecfg_wins1;
ip_address modecfg_wins2;
#endif
- char cisco_dns_info[50];
- char cisco_domain_info[50];
- char server_banner[500];
+ char *cisco_dns_info;
+ char *cisco_domain_info;
+ char *cisco_banner;
+#endif /* XAUTH */
u_int8_t metric; /* metric for tunnel routes */
#ifdef HAVE_STATSD
u_int32_t statsval; /* track what we have told statsd */
diff -uNrp openswan-2.6.28.xauth/programs/pluto/kernel.c openswan-2.6.28/programs/pluto/kernel.c
--- openswan-2.6.28.xauth/programs/pluto/kernel.c 2010-07-29 14:45:59.000000000 -0400
+++ openswan-2.6.28/programs/pluto/kernel.c 2012-10-15 09:26:26.478771881 -0400
@@ -421,11 +421,15 @@ fmt_common_shell_out(char *buf, int blen
"PLUTO_STACK='%s' "
"%s " /* possible metric */
"PLUTO_CONN_POLICY='%s' "
- "%s " /* XAUTH username */
- "%s " /* PLUTO_MY_SRCIP */
+#ifdef XAUTH
+ "%s " /* XAUTH username - if any */
+#endif
+ "%s " /* PLUTO_MY_SRCIP - if any */
+#ifdef XAUTH
"PLUTO_CISCO_DNS_INFO='%s' "
"PLUTO_CISCO_DOMAIN_INFO='%s' "
"PLUTO_PEER_BANNER='%s' "
+#endif
#ifdef HAVE_NM
"PLUTO_NM_CONFIGURED='%u' "
#endif
@@ -451,11 +455,15 @@ fmt_common_shell_out(char *buf, int blen
, kernel_ops->kern_name
, metric_str
, prettypolicy(c->policy)
+#ifdef XAUTH
, secure_xauth_username_str
+#endif
, srcip_str
+#ifdef XAUTH
, c->cisco_dns_info
, c->cisco_domain_info
- , c->server_banner
+ , c->cisco_banner
+#endif
#ifdef HAVE_NM
, c->nmconfigured
#endif
diff -uNrp openswan-2.6.28.xauth/programs/pluto/xauth.c openswan-2.6.28/programs/pluto/xauth.c
--- openswan-2.6.28.xauth/programs/pluto/xauth.c 2010-07-29 14:45:59.000000000 -0400
+++ openswan-2.6.28/programs/pluto/xauth.c 2012-10-15 09:26:26.478771881 -0400
@@ -39,6 +39,8 @@
#include <openswan.h>
#include <openswan/ipsec_policy.h>
+#include "oswalloc.h"
+
#include "sysdep.h"
#include "oswconf.h"
#include "constants.h"
@@ -1626,6 +1628,39 @@ modecfg_inI2(struct msg_digest *md)
return STF_OK;
}
+/* Auxillary function for modecfg_inR1() */
+static char *
+cisco_stringify(pb_stream *pbs, const char *attr_name)
+{
+ char strbuf[500]; /* Cisco maximum unknown - arbitrary choice */
+ size_t len = pbs_left(pbs);
+
+ if (len > sizeof(strbuf)-1)
+ len = sizeof(strbuf)-1;
+
+ memcpy(strbuf, pbs->cur, len);
+ strbuf[len] = '\0';
+ /* ' is poison to the way this string will be used
+ * in system() and hence shell. Remove any.
+ */
+ {
+ char *s = strbuf;
+
+ for (;;)
+ {
+ s = strchr(s, '\'');
+ if (s == NULL)
+ break;
+ *s = '?';
+ }
+ }
+ (void)sanitize_string(strbuf, sizeof(strbuf));
+ DBG(DBG_CONTROL, DBG_log("Received Cisco %s: %s", attr_name, strbuf));
+ return clone_str(strbuf, attr_name);
+}
+
+
+
/** STATE_MODE_CFG_R1:
* HDR*, HASH, ATTR(SET=IP) --> HDR*, HASH, ATTR(ACK,OK)
*
@@ -1639,7 +1674,6 @@ modecfg_inR1(struct msg_digest *md)
pb_stream *attrs = &md->chain[ISAKMP_NEXT_ATTR]->pbs;
int resp = LEMPTY;
struct payload_digest *p;
- bool first_dns_flag = TRUE;
DBG(DBG_CONTROL, DBG_log("modecfg_inR1"));
openswan_log("received mode cfg reply");
@@ -1791,14 +1825,31 @@ modecfg_inR1(struct msg_digest *md)
addrtot(&a, 0, caddr, sizeof(caddr));
openswan_log("Received DNS %s, len=%zd", caddr, strlen(caddr));
- if (first_dns_flag) {
- strcpy(st->st_connection->cisco_dns_info, caddr);
- first_dns_flag = 0;
- }
- else {
- strcat(st->st_connection->cisco_dns_info, " ");
- strcat(st->st_connection->cisco_dns_info, caddr);
- }
+
+ {
+ struct connection *c = st->st_connection;
+ char *old = c->cisco_dns_info;
+
+ if (old == NULL)
+ {
+ c->cisco_dns_info = clone_str(caddr, "cisco_dns_info");
+ }
+ else
+ {
+ /* concatenate new IP address string on end of
+ * existing string, separated by ' '.
+ */
+ size_t sz_old = strlen(old);
+ size_t sz_added = strlen(caddr) + 1;
+ char *new = alloc_bytes(sz_old + 1 + sz_added, "cisco_dns_info+");
+
+ memcpy(new, old, sz_old);
+ *(new + sz_old) =' ';
+ memcpy(new + sz_old + 1, caddr, sz_added);
+ c->cisco_dns_info = new;
+ pfree(old);
+ }
+ }
DBG_log("Cisco DNS info: %s, len=%zd", st->st_connection->cisco_dns_info, strlen(st->st_connection->cisco_dns_info));
}
@@ -1812,28 +1863,15 @@ modecfg_inR1(struct msg_digest *md)
break;
case CISCO_BANNER:
- {
- DBG_dump("Received cisco banner: ", strattr.cur, pbs_left(&strattr));
- strncpy(st->st_connection->server_banner, strattr.cur, pbs_left(&strattr));
- st->st_connection->server_banner[pbs_left(&strattr)]='\0';
- DBG_log("Cisco banner: %s", st->st_connection->server_banner);
- resp |= LELEM(attr.isaat_af_type);
- }
- break;
+ st->st_connection->cisco_banner = cisco_stringify(&strattr,"Cisco Banner");
+ resp |= LELEM(attr.isaat_af_type);
+ break;
case CISCO_DEF_DOMAIN:
- {
- char tmp[50];
- DBG_dump("Received cisco def domain: ", strattr.cur, pbs_left(&strattr));
- strncpy(tmp, strattr.cur, pbs_left(&strattr));
- tmp[pbs_left(&strattr)]='\0';
- DBG_log("Cisco defined domain: %s", tmp);
- strcpy(st->st_connection->cisco_domain_info, tmp);
- DBG_log("Cisco defined domain: %s", st->st_connection->cisco_domain_info);
- resp |= LELEM(attr.isaat_af_type);
- }
- break;
+ st->st_connection->cisco_domain_info = cisco_stringify(&strattr,"Cisco Domain");
+ resp |= LELEM(attr.isaat_af_type);
+ break;
case CISCO_SPLIT_INC:
{
