[vpnc-devel] vpnc-nortel with group password authentication

Antonio Borneo borneo.antonio at gmail.com
Fri Sep 12 11:34:31 CEST 2008 

Zingo,
I agree with you; sorry for my mistake; I got lost in svn history.

After digging back (better) in svn history I got the original commit
of this part of code at rev. 167.
Diff between rev 166 and 167 has the fragment reported below, that is
exactly the code me and Francois want to fix.
This commit is form Matt Chapman, the first support for Nortel in vpnc.
I have put Matt in copy.

Later on, this part of code was reviewed by Vladimir Buell (added in
copy, too) around the macro NORTELVPN_XAUTHTYPE_AS_REQUEST (rev 286
and 287), code dropped later on.

I believe this part of code needs a fix, and I'm available to work on
it, to support at the same time:
- Matt's original handshake, as today in vpnc
- Vladimir's enhancement, around NORTELVPN_XAUTHTYPE_AS_REQUEST
- issue found by Francois and me.

Would be valuable having a vpnc dump (with "--debug 3", to skip
sensible info) form Matt and Vladimir, or from someone else that can
login in a Nortel server with unmodified vpnc.
Just the part between messages "S5 do_phase2_xauth" and "S6
do_phase2_config" should be enough.
I can provide similar log by my side.

Best Regards,
Antonio Borneo

--
Fragment form diff rev. 167 vs. 166

@@ -1501,8 +1529,8 @@
                                        memset(pass, 0, na->u.lots.length);
                                } else {
                                        struct isakmp_attribute *na;
-                                       na =
new_isakmp_attribute(ap->type, reply_attr);
-                                       reply_attr = na;
+                                       na = reply_attr->next =
new_isakmp_attribute(ISAKMP_XAUTH_ATTRIB_PASSCODE, /* reply_attr */
NULL);
+                                       /* reply_attr = na; */
                                        na->u.lots.length =
strlen(config[CONFIG_XAUTH_PASSWORD]);
                                        na->u.lots.data =
xallocc(na->u.lots.length);
                                        memcpy(na->u.lots.data,
config[CONFIG_XAUTH_PASSWORD],
@@ -1513,6 +1541,8 @@
                                ;
                        }

+               reply_attr =
new_isakmp_attribute_16(ISAKMP_XAUTH_ATTRIB_TYPE, 5, reply_attr);
+
                /* Send the response.  */
                rp = new_isakmp_payload(ISAKMP_PAYLOAD_MODECFG_ATTR);
                rp->u.modecfg.type = ISAKMP_MODECFG_CFG_REPLY;

More information about the vpnc-devel mailing list