diff options
| -rw-r--r-- | configure.in | 12 | ||||
| -rw-r--r-- | src/pluto/Makefile.am | 5 | ||||
| -rw-r--r-- | src/pluto/ipsec_doi.c | 33 |
3 files changed, 41 insertions, 9 deletions
diff --git a/configure.in b/configure.in index 8a69981af..6e0b5dfbb 100644 --- a/configure.in +++ b/configure.in @@ -234,6 +234,18 @@ AC_ARG_ENABLE( AM_CONDITIONAL(USE_VENDORID, test x$vendor_id = xtrue) AC_ARG_ENABLE( + [xauth-vid], + AS_HELP_STRING([--disable-xauth-vid],[disable the sending of the XAUTH vendor ID (default is NO).]), + [if test x$enableval = xyes; then + xauth_vid=true + else + xauth_vid=false + fi], + xauth_vid=true +) +AM_CONDITIONAL(USE_XAUTH_VID, test x$xauth_vid = xtrue) + +AC_ARG_ENABLE( [uml], AS_HELP_STRING([--enable-uml],[build the UML test framework (default is NO).]), [if test x$enableval = xyes; then diff --git a/src/pluto/Makefile.am b/src/pluto/Makefile.am index 336bbdfea..4519ef7bb 100644 --- a/src/pluto/Makefile.am +++ b/src/pluto/Makefile.am @@ -107,6 +107,11 @@ if USE_VENDORID AM_CFLAGS += -DVENDORID endif +# This compile option activates the sending of the XAUTH VID +if USE_XAUTH_VID + AM_CFLAGS += -DXAUTH_VID +endif + # This compile option activates the support of the Cisco VPN client if USE_CISCO_QUIRKS AM_CFLAGS += -DCISCO_QUIRKS diff --git a/src/pluto/ipsec_doi.c b/src/pluto/ipsec_doi.c index 1183f9c88..14aec4495 100644 --- a/src/pluto/ipsec_doi.c +++ b/src/pluto/ipsec_doi.c @@ -80,6 +80,15 @@ #endif /* !VENDORID */ /* + * are we sending an XAUTH VID? + */ +#ifdef XAUTH_VID +#define SEND_XAUTH_VID 1 +#else /* !XAUTH_VID */ +#define SEND_XAUTH_VID 0 +#endif /* !XAUTH_VID */ + +/* * are we sending a Cisco Unity VID? */ #ifdef CISCO_QUIRKS @@ -899,7 +908,7 @@ main_outI1(int whack_sock, struct connection *c, struct state *predecessor vids_to_send++; if (c->spd.this.cert.type == CERT_PGP) vids_to_send++; - /* always send XAUTH Vendor ID */ + if (SEND_XAUTH_VID) vids_to_send++; /* always send DPD Vendor ID */ vids_to_send++; @@ -993,11 +1002,14 @@ main_outI1(int whack_sock, struct connection *c, struct state *predecessor } /* Announce our ability to do eXtended AUTHentication to the peer */ - if (!out_vendorid(vids_to_send-- ? ISAKMP_NEXT_VID : ISAKMP_NEXT_NONE - , &rbody, VID_MISC_XAUTH)) + if (SEND_XAUTH_VID) { - reset_cur_state(); - return STF_INTERNAL_ERROR; + if (!out_vendorid(vids_to_send-- ? ISAKMP_NEXT_VID : ISAKMP_NEXT_NONE + , &rbody, VID_MISC_XAUTH)) + { + reset_cur_state(); + return STF_INTERNAL_ERROR; + } } /* Announce our ability to do Dead Peer Detection to the peer */ @@ -3114,7 +3126,7 @@ main_inI1_outR1(struct msg_digest *md) vids_to_send++; if (md->openpgp) vids_to_send++; - /* always send XAUTH Vendor ID */ + if (SEND_XAUTH_VID) vids_to_send++; /* always send DPD Vendor ID */ vids_to_send++; @@ -3182,10 +3194,13 @@ main_inI1_outR1(struct msg_digest *md) } /* Announce our ability to do eXtended AUTHentication to the peer */ - if (!out_vendorid(vids_to_send-- ? ISAKMP_NEXT_VID : ISAKMP_NEXT_NONE - , &md->rbody, VID_MISC_XAUTH)) + if (SEND_XAUTH_VID) { - return STF_INTERNAL_ERROR; + if (!out_vendorid(vids_to_send-- ? ISAKMP_NEXT_VID : ISAKMP_NEXT_NONE + , &md->rbody, VID_MISC_XAUTH)) + { + return STF_INTERNAL_ERROR; + } } /* Announce our ability to do Dead Peer Detection to the peer */ |