From: mpi Date: Mon, 15 Jan 2018 09:54:48 +0000 (+0000) Subject: Spacing, no object change. X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=2f1aa25b0f696ec888d7fe80b22e760eed552d21;p=openbsd Spacing, no object change. --- diff --git a/sbin/isakmpd/connection.c b/sbin/isakmpd/connection.c index 4a280ce757a..2860f8b4404 100644 --- a/sbin/isakmpd/connection.c +++ b/sbin/isakmpd/connection.c @@ -1,4 +1,4 @@ -/* $OpenBSD: connection.c,v 1.40 2018/01/04 14:21:00 mpi Exp $ */ +/* $OpenBSD: connection.c,v 1.41 2018/01/15 09:54:48 mpi Exp $ */ /* $EOM: connection.c,v 1.28 2000/11/23 12:21:18 niklas Exp $ */ /* @@ -91,7 +91,7 @@ connection_init(void) * Passive connections normally include: all "active" connections that * are not flagged "Active-Only", plus all connections listed in * the 'Passive-Connections' list. - */ + */ TAILQ_INIT(&connections); TAILQ_INIT(&connections_passive); diff --git a/sbin/isakmpd/crypto.c b/sbin/isakmpd/crypto.c index eab9856276a..e4154612d1d 100644 --- a/sbin/isakmpd/crypto.c +++ b/sbin/isakmpd/crypto.c @@ -1,4 +1,4 @@ -/* $OpenBSD: crypto.c,v 1.34 2018/01/04 14:21:00 mpi Exp $ */ +/* $OpenBSD: crypto.c,v 1.35 2018/01/15 09:54:48 mpi Exp $ */ /* $EOM: crypto.c,v 1.32 2000/03/07 20:08:51 niklas Exp $ */ /* @@ -301,7 +301,7 @@ crypto_decrypt(struct keystate *ks, u_int8_t *buf, u_int16_t len) /* * XXX There is controversy about the correctness of updating the IV * like this. - */ + */ memcpy(ks->liv, buf + len - ks->xf->blocksize, ks->xf->blocksize); ks->xf->decrypt(ks, buf, len); LOG_DBG_BUF((LOG_CRYPTO, 70, "crypto_decrypt: after decryption", buf, diff --git a/sbin/isakmpd/dnssec.c b/sbin/isakmpd/dnssec.c index 53377829fa0..57614829519 100644 --- a/sbin/isakmpd/dnssec.c +++ b/sbin/isakmpd/dnssec.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dnssec.c,v 1.26 2018/01/04 14:21:00 mpi Exp $ */ +/* $OpenBSD: dnssec.c,v 1.27 2018/01/15 09:54:48 mpi Exp $ */ /* * Copyright (c) 2001 Håkan Olsson. All rights reserved. @@ -191,7 +191,7 @@ dns_get_key(int type, struct message *msg, int *keylen) * Find a key with the wanted algorithm, if any. * XXX If there are several keys present, we currently only find the * first. - */ + */ for (i = 0; i < rr->rri_nrdatas && key_rr.datalen == 0; i++) { key_rr.flags = ntohs((u_int16_t) * rr->rri_rdatas[i].rdi_data); key_rr.protocol = *(rr->rri_rdatas[i].rdi_data + 2); diff --git a/sbin/isakmpd/exchange.c b/sbin/isakmpd/exchange.c index 6d6416ea957..1aa8c519c74 100644 --- a/sbin/isakmpd/exchange.c +++ b/sbin/isakmpd/exchange.c @@ -1,4 +1,4 @@ -/* $OpenBSD: exchange.c,v 1.141 2018/01/04 14:21:00 mpi Exp $ */ +/* $OpenBSD: exchange.c,v 1.142 2018/01/15 09:54:48 mpi Exp $ */ /* $EOM: exchange.c,v 1.143 2000/12/04 00:02:25 angelos Exp $ */ /* @@ -550,7 +550,7 @@ exchange_lookup(u_int8_t *msg, int phase2) * 16 at a time, and then masking, should do. Doing it this way means * we can validate cookies very fast thus delimiting the effects of * "Denial of service"-attacks using packet flooding. - */ + */ for (i = 0; i < ISAKMP_HDR_COOKIES_LEN; i += 2) { cp = msg + ISAKMP_HDR_COOKIES_OFF + i; /* Doing it this way avoids alignment problems. */ @@ -593,7 +593,7 @@ exchange_create(int phase, int initiator, int doi, int type) /* * We want the exchange zeroed for exchange_free to be able to find * out what fields have been filled-in. - */ + */ exchange = calloc(1, sizeof *exchange); if (!exchange) { log_error("exchange_create: calloc (1, %lu) failed", @@ -928,7 +928,7 @@ exchange_establish_p2(struct sa *isakmp_sa, u_int8_t type, char *name, /* * Do not create SA's for informational exchanges. * XXX How to handle new group mode? - */ + */ if (exchange->type != ISAKMP_EXCH_INFO && exchange->type != ISAKMP_EXCH_TRANSACTION) { /* XXX Number of SAs should come from the args structure. */ @@ -970,7 +970,7 @@ exchange_setup_p1(struct message *msg, u_int32_t doi) /* * Unless this is an informational exchange, look up our policy for * this peer. - */ + */ type = GET_ISAKMP_HDR_EXCH_TYPE(msg->iov[0].iov_base); if (type != ISAKMP_EXCH_INFO) { /* @@ -1341,7 +1341,7 @@ exchange_finalize(struct message *msg) * * XXX The decision should really be based on if a SA was installed * successfully. - */ + */ for (sa = TAILQ_FIRST(&exchange->sa_list); sa; sa = TAILQ_NEXT(sa, next)) { /* Move over the name to the SA. */ @@ -1396,7 +1396,7 @@ exchange_finalize(struct message *msg) * ISAKMP SA structure for future initialization of phase 2 exchanges' * keystates. Also save the Phase 1 ID and authentication * information. - */ + */ if (exchange->phase == 1 && msg->isakmp_sa) { msg->isakmp_sa->keystate = exchange->keystate; exchange->keystate = 0; @@ -1462,7 +1462,7 @@ exchange_finalize(struct message *msg) * it can hurt us if we have short lifetimes on the SAs and we try * to call exchange_report, where the SA list will be walked and * references to freed SAs can occur. - */ + */ while (TAILQ_FIRST(&exchange->sa_list)) { sa = TAILQ_FIRST(&exchange->sa_list); @@ -1675,7 +1675,7 @@ exchange_add_certs(struct message *msg) * Note: A 'return -1' breaks X509-auth interop in the responder case * with some IPsec clients that send CERTREQs early (such as * the SSH Sentinel). - */ + */ if (!id) return 0; @@ -1761,7 +1761,7 @@ exchange_establish(char *name, void (*finalize)(struct exchange *, void *, /* * First of all, never try to establish anything if another exchange * of the same kind is running. - */ + */ exchange = exchange_lookup_by_name(name, phase); if (exchange) { LOG_DBG((LOG_EXCHANGE, 40, diff --git a/sbin/isakmpd/exchange.h b/sbin/isakmpd/exchange.h index d0db9038721..1ce6c75e326 100644 --- a/sbin/isakmpd/exchange.h +++ b/sbin/isakmpd/exchange.h @@ -1,4 +1,4 @@ -/* $OpenBSD: exchange.h,v 1.36 2018/01/04 14:21:00 mpi Exp $ */ +/* $OpenBSD: exchange.h,v 1.37 2018/01/15 09:54:48 mpi Exp $ */ /* $EOM: exchange.h,v 1.28 2000/09/28 12:54:28 niklas Exp $ */ /* @@ -72,7 +72,7 @@ struct exchange { * has been run to its end, successfully. The 2nd argument is true * if the finalization hook is called due to the exchange not running * to its end normally. - */ + */ void (*finalize)(struct exchange *, void *, int); void *finalize_arg; @@ -82,13 +82,13 @@ struct exchange { /* * The event that will occur when it has taken too long time to try to * run the exchange and which will trigger auto-destruction. - */ + */ struct event *death; /* * Both initiator and responder cookies. * XXX For code clarity we might split this into two fields. - */ + */ u_int8_t cookies[ISAKMP_HDR_COOKIES_LEN]; /* The message ID signifying phase 2 exchanges. */ @@ -115,7 +115,7 @@ struct exchange { /* * A "program counter" into the script that validate message contents * for this exchange. - */ + */ int16_t *exch_pc; /* The last message received, used for checking for duplicates. */ @@ -127,13 +127,13 @@ struct exchange { /* * If some message is queued up for sending, we want to be able to * remove it from the queue, when the exchange is deleted. - */ + */ struct message *in_transit; /* * Initiator's & responder's nonces respectively, with lengths. * XXX Should this be in the DOI-specific parts instead? - */ + */ u_int8_t *nonce_i; size_t nonce_i_len; u_int8_t *nonce_r; @@ -187,7 +187,7 @@ struct exchange { * we don't pass it to the kernel, to avoid revealing such information * to processes (processes either already know it, or have no business * knowing it). - */ + */ int recv_certtype, recv_keytype; void *recv_cert; /* Certificate received from peer, * native format */ diff --git a/sbin/isakmpd/ike_aggressive.c b/sbin/isakmpd/ike_aggressive.c index 5edcb651d43..f1ab0fc7290 100644 --- a/sbin/isakmpd/ike_aggressive.c +++ b/sbin/isakmpd/ike_aggressive.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ike_aggressive.c,v 1.12 2018/01/04 14:21:00 mpi Exp $ */ +/* $OpenBSD: ike_aggressive.c,v 1.13 2018/01/15 09:54:48 mpi Exp $ */ /* $EOM: ike_aggressive.c,v 1.4 2000/01/31 22:33:45 niklas Exp $ */ /* @@ -119,7 +119,7 @@ initiator_send_AUTH(struct message *msg) * INITIAL-CONTACT in phase 1, thus contradicting what we learned * above. I will bring this up in the IPsec list. For now we don't * do INITIAL-CONTACT at all when using aggressive mode. - */ + */ return 0; } diff --git a/sbin/isakmpd/ike_auth.c b/sbin/isakmpd/ike_auth.c index 5e2a1a3b41d..776ac32b143 100644 --- a/sbin/isakmpd/ike_auth.c +++ b/sbin/isakmpd/ike_auth.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ike_auth.c,v 1.115 2018/01/04 14:21:00 mpi Exp $ */ +/* $OpenBSD: ike_auth.c,v 1.116 2018/01/15 09:54:48 mpi Exp $ */ /* $EOM: ike_auth.c,v 1.59 2000/11/21 00:21:31 angelos Exp $ */ /* @@ -348,7 +348,7 @@ pre_shared_gen_skeyid(struct exchange *exchange, size_t *sz) * case in Aggressive mode), try to find the preshared key in the * section of the initiator's Phase 1 ID. This allows us to do * mobile user support with preshared keys. - */ + */ if (!exchange->initiator && exchange->id_i) { switch (exchange->id_i[0]) { case IPSEC_ID_IPV4_ADDR: @@ -387,7 +387,7 @@ pre_shared_gen_skeyid(struct exchange *exchange, size_t *sz) /* * Get the pre-shared key for our peer. This will work even if the key * has been passed to us through a mechanism like PFKEYv2. - */ + */ key = ike_auth_get_key(IKE_AUTH_PRE_SHARED, exchange->name, (char *)buf, &keylen); free(buf); @@ -587,7 +587,7 @@ rsa_sig_decode_hash(struct message *msg) * XXX Assume we should use the same kind of certification as the * remote... moreover, just use the first CERT payload to decide what * to use. - */ + */ p = payload_first(msg, ISAKMP_PAYLOAD_CERT); if (!p) handler = cert_get(ISAKMP_CERTENC_KEYNOTE); @@ -601,7 +601,7 @@ rsa_sig_decode_hash(struct message *msg) /* * We need the policy session initialized now, so we can add * credentials etc. - */ + */ exchange->policy_id = kn_init(); if (exchange->policy_id == -1) { log_print("rsa_sig_decode_hash: failed to initialize policy " @@ -640,7 +640,7 @@ rsa_sig_decode_hash(struct message *msg) * Walk over potential CERT payloads in this message. * XXX I believe this is the wrong spot for this. CERTs can appear * anytime. - */ + */ TAILQ_FOREACH(p, &msg->payload[ISAKMP_PAYLOAD_CERT], link) { p->flags |= PL_MARK; diff --git a/sbin/isakmpd/ike_main_mode.c b/sbin/isakmpd/ike_main_mode.c index 6592e0666f5..fb47e2d138f 100644 --- a/sbin/isakmpd/ike_main_mode.c +++ b/sbin/isakmpd/ike_main_mode.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ike_main_mode.c,v 1.18 2018/01/04 14:21:00 mpi Exp $ */ +/* $OpenBSD: ike_main_mode.c,v 1.19 2018/01/15 09:54:48 mpi Exp $ */ /* $EOM: ike_main_mode.c,v 1.77 1999/04/25 22:12:34 niklas Exp $ */ /* @@ -102,7 +102,7 @@ responder_send_KE_NONCE(struct message *msg) /* * Calculate DH values & key material in parallel with the message * going on a roundtrip over the wire. - */ + */ message_register_post_send(msg, (void (*)(struct message *))ike_phase_1_post_exchange_KE_NONCE); diff --git a/sbin/isakmpd/ike_quick_mode.c b/sbin/isakmpd/ike_quick_mode.c index dc3c027006d..286f5c7de57 100644 --- a/sbin/isakmpd/ike_quick_mode.c +++ b/sbin/isakmpd/ike_quick_mode.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ike_quick_mode.c,v 1.113 2018/01/04 14:21:00 mpi Exp $ */ +/* $OpenBSD: ike_quick_mode.c,v 1.114 2018/01/15 09:54:48 mpi Exp $ */ /* $EOM: ike_quick_mode.c,v 1.139 2001/01/26 10:43:17 niklas Exp $ */ /* @@ -302,7 +302,7 @@ check_policy(struct exchange *exchange, struct sa *sa, struct sa *isakmp_sa) * Add the authorizer (who is requesting the SA/ID); * this may be a public or a secret key, depending on * what mode of authentication we used in Phase 1. - */ + */ for (i = 0; i < nprinc; i++) { LOG_DBG((LOG_POLICY, 40, "check_policy: " "adding authorizer [%s]", principal[i])); @@ -366,7 +366,7 @@ policydone: * XXX Currently, check_policy() is only called from * message_negotiate_sa(), and so this log message reflects this. * Change to something better? - */ + */ if (result == 0) log_print("check_policy: negotiated SA failed policy check"); @@ -374,7 +374,7 @@ policydone: * Given that we have only 2 return values from policy (true/false) * we can just return the query result directly (no pre-processing * needed). - */ + */ return result; } @@ -845,7 +845,7 @@ initiator_send_HASH_SA_NONCE(struct message *msg) * Add the payloads. As this is a SA, we need to recompute the * lengths of the payloads containing others. We also need to * reset these payload's "next payload type" field. - */ + */ if (message_add_payload(msg, ISAKMP_PAYLOAD_SA, sa_buf, sa_len, 1)) goto bail_out; SET_ISAKMP_GEN_LENGTH(sa_buf, sa_len + proposals_len); @@ -878,7 +878,7 @@ initiator_send_HASH_SA_NONCE(struct message *msg) /* * Save SA payload body in ie->sa_i_b, length ie->sa_i_b_len. - */ + */ ie->sa_i_b = message_copy(msg, ISAKMP_GEN_SZ, &ie->sa_i_b_len); if (!ie->sa_i_b) goto bail_out; @@ -886,7 +886,7 @@ initiator_send_HASH_SA_NONCE(struct message *msg) /* * Generate a nonce, and add it to the message. * XXX I want a better way to specify the nonce's size. - */ + */ if (exchange_gen_nonce(msg, 16)) return -1; @@ -1096,7 +1096,7 @@ initiator_recv_HASH_SA_NONCE(struct message *msg) * transform should be given. * * XXX Currently we only support negotiating one SA per quick mode run. - */ + */ if (TAILQ_NEXT(sa_p, link)) { log_print("initiator_recv_HASH_SA_NONCE: " "multiple SA payloads in quick mode not supported yet"); @@ -1364,7 +1364,7 @@ post_quick_mode(struct message *msg) /* * Loop over all SA negotiations and do both an in- and an outgoing SA * per protocol. - */ + */ for (sa = TAILQ_FIRST(&exchange->sa_list); sa; sa = TAILQ_NEXT(sa, next)) { for (proto = TAILQ_FIRST(&sa->protos); proto; @@ -1520,7 +1520,7 @@ responder_recv_HASH_SA_NONCE(struct message *msg) /* * Check the payload's integrity. * XXX Share with ipsec_fill_in_hash? - */ + */ LOG_DBG_BUF((LOG_NEGOTIATION, 90, "responder_recv_HASH_SA_NONCE: " "SKEYID_a", isa->skeyid_a, isa->skeyid_len)); prf = prf_alloc(isa->prf_type, isa->hash, isa->skeyid_a, @@ -1759,7 +1759,7 @@ next_sa: /* * Try to find and set the connection name on the exchange. - */ + */ /* * Check for accepted identities as well as lookup the connection @@ -1767,7 +1767,7 @@ next_sa: * * When not using policies make sure the peer proposes sane IDs. * Otherwise this is done by KeyNote. - */ + */ name = connection_passive_lookup_by_ids(ie->id_ci, ie->id_cr); if (name) { exchange->name = strdup(name); diff --git a/sbin/isakmpd/init.c b/sbin/isakmpd/init.c index 4f2e889724b..69392b8a435 100644 --- a/sbin/isakmpd/init.c +++ b/sbin/isakmpd/init.c @@ -1,4 +1,4 @@ -/* $OpenBSD: init.c,v 1.42 2018/01/04 14:21:00 mpi Exp $ */ +/* $OpenBSD: init.c,v 1.43 2018/01/15 09:54:48 mpi Exp $ */ /* $EOM: init.c,v 1.25 2000/03/30 14:27:24 ho Exp $ */ /* @@ -110,7 +110,7 @@ reinit(void) * User-initiated SIGHUP's maybe "authorizes" a wait until * next connection-check. * XXX This means we discard exchange->last_msg, is this really ok? - */ + */ /* Reread config file. */ conf_reinit(); @@ -129,14 +129,14 @@ reinit(void) /* * Rescan interfaces (call reinit() in all transports). - */ + */ transport_reinit(); /* * XXX "These" (non-existent) reinitializations should not be done. * cookie_reinit (); * ui_reinit (); - */ + */ sa_reinit(); } diff --git a/sbin/isakmpd/ipsec.c b/sbin/isakmpd/ipsec.c index 92bb178488a..0fb0b5913f9 100644 --- a/sbin/isakmpd/ipsec.c +++ b/sbin/isakmpd/ipsec.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ipsec.c,v 1.149 2018/01/04 14:21:00 mpi Exp $ */ +/* $OpenBSD: ipsec.c,v 1.150 2018/01/15 09:54:48 mpi Exp $ */ /* $EOM: ipsec.c,v 1.143 2000/12/11 23:57:42 niklas Exp $ */ /* @@ -832,7 +832,7 @@ ipsec_get_keystate(struct message *msg) * For phase 2 when no SA yet is setup we need to hash the IV used by * the ISAKMP SA concatenated with the message ID, and use that as an * IV for further cryptographic operations. - */ + */ if (!msg->isakmp_sa->keystate) { log_print("ipsec_get_keystate: no keystate in ISAKMP SA %p", msg->isakmp_sa); @@ -1206,7 +1206,7 @@ ipsec_responder(struct message *msg) /* * XXX So far we don't accept any proposals for exchanges we don't * support. - */ + */ if (payload_first(msg, ISAKMP_PAYLOAD_SA)) { message_drop(msg, ISAKMP_NOTIFY_NO_PROPOSAL_CHOSEN, 0, 1, 0); return -1; @@ -1560,7 +1560,7 @@ ipsec_decode_transform(struct message *msg, struct sa *sa, struct proto *proto, /* * If no pseudo-random function was negotiated, it's HMAC. * XXX As PRF_HMAC currently is zero, this is a no-op. - */ + */ if (!ie->prf_type) ie->prf_type = PRF_HMAC; } @@ -2348,7 +2348,7 @@ ipsec_add_contact(struct message *msg) /* * XXX There are better algorithms for already mostly-sorted data like * this, but only qsort is standard. I will someday do this inline. - */ + */ qsort(contacts, contact_cnt, sizeof *contacts, addr_cmp); return 0; } @@ -2521,7 +2521,7 @@ ipsec_id_string(u_int8_t *id, size_t id_len) * XXX Real ugly way of making the offsets correct. Be aware that id * now will point before the actual buffer and cannot be dereferenced * without an offset larger than or equal to ISAKM_GEN_SZ. - */ + */ id -= ISAKMP_GEN_SZ; /* This is the actual length of the ID data field. */ @@ -2531,7 +2531,7 @@ ipsec_id_string(u_int8_t *id, size_t id_len) * Conservative allocation. * XXX I think the ASN1 DN case can be thought through to give a better * estimate. - */ + */ size = MAXIMUM(sizeof "ipv6/ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff", sizeof "asn1_dn/" + id_len); buf = malloc(size); diff --git a/sbin/isakmpd/isakmp_cfg.c b/sbin/isakmpd/isakmp_cfg.c index 972d0cf6370..7c09e799d06 100644 --- a/sbin/isakmpd/isakmp_cfg.c +++ b/sbin/isakmpd/isakmp_cfg.c @@ -1,4 +1,4 @@ -/* $OpenBSD: isakmp_cfg.c,v 1.40 2018/01/04 14:21:00 mpi Exp $ */ +/* $OpenBSD: isakmp_cfg.c,v 1.41 2018/01/15 09:54:48 mpi Exp $ */ /* * Copyright (c) 2001 Niklas Hallqvist. All rights reserved. @@ -262,7 +262,7 @@ cfg_initiator_send_ATTR(struct message *msg) /* * Use the bitstring built previously to collect the right * parameters for attrp. - */ + */ for (bit = 0; bit < CFG_ATTR_BIT_MAX; bit++) if (bit_test(attrbits, bit)) { attr = attrp + off; diff --git a/sbin/isakmpd/isakmpd.c b/sbin/isakmpd/isakmpd.c index a1d955ae06a..d4cc5f73cf5 100644 --- a/sbin/isakmpd/isakmpd.c +++ b/sbin/isakmpd/isakmpd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: isakmpd.c,v 1.106 2018/01/04 14:21:00 mpi Exp $ */ +/* $OpenBSD: isakmpd.c,v 1.107 2018/01/15 09:54:48 mpi Exp $ */ /* $EOM: isakmpd.c,v 1.54 2000/10/05 09:28:22 niklas Exp $ */ /* @@ -286,7 +286,7 @@ set_slave_signals(void) /* * Do a clean daemon shutdown on TERM/INT. These signals must be * initialized before monitor_init(). INT is only used with '-d'. - */ + */ signal(SIGTERM, daemon_shutdown_now); if (debug == 1) /* i.e '-dd' will skip this. */ signal(SIGINT, daemon_shutdown_now); diff --git a/sbin/isakmpd/log.c b/sbin/isakmpd/log.c index bc826383e9d..5a0df1df5e9 100644 --- a/sbin/isakmpd/log.c +++ b/sbin/isakmpd/log.c @@ -1,4 +1,4 @@ -/* $OpenBSD: log.c,v 1.63 2018/01/04 14:21:00 mpi Exp $ */ +/* $OpenBSD: log.c,v 1.64 2018/01/15 09:54:48 mpi Exp $ */ /* $EOM: log.c,v 1.30 2000/09/29 08:19:23 niklas Exp $ */ /* @@ -233,7 +233,7 @@ log_debug(int cls, int level, const char *fmt, ...) /* * If we are not debugging this class, or the level is too low, just * return. - */ + */ if (cls >= 0 && (log_level[cls] == 0 || level > log_level[cls])) return; va_start(ap, fmt); @@ -251,7 +251,7 @@ log_debug_buf(int cls, int level, const char *header, const u_int8_t *buf, /* * If we are not debugging this class, or the level is too low, just * return. - */ + */ if (cls >= 0 && (log_level[cls] == 0 || level > log_level[cls])) return; diff --git a/sbin/isakmpd/message.h b/sbin/isakmpd/message.h index 686948ce265..822eeb8cd2b 100644 --- a/sbin/isakmpd/message.h +++ b/sbin/isakmpd/message.h @@ -1,4 +1,4 @@ -/* $OpenBSD: message.h,v 1.28 2018/01/04 14:21:00 mpi Exp $ */ +/* $OpenBSD: message.h,v 1.29 2018/01/15 09:54:48 mpi Exp $ */ /* $EOM: message.h,v 1.51 2000/10/10 12:36:39 provos Exp $ */ /* @@ -56,7 +56,7 @@ struct payload { /* * A pointer to the parent payload, used for proposal and transform * payloads. - */ + */ struct payload *context; /* Payload flags described below. */ @@ -90,13 +90,13 @@ struct message { /* * This is the transport the message either arrived on or will be sent * to. - */ + */ struct transport *transport; /* * This is the ISAKMP SA protecting this message. * XXX Needs to be redone to some keystate pointer or something. - */ + */ struct sa *isakmp_sa; /* This is the exchange where this message appears. */ @@ -109,7 +109,7 @@ struct message { * will be one payload, after encryption segment 0 will be the * unencrypted header, and segment 1 will be the encrypted payloads, * all of them. - */ + */ struct iovec *iov; /* The segment count. */ @@ -134,13 +134,13 @@ struct message { /* * Extra baggage needed to travel with the message. Used transiently * in context sensitive ways. - */ + */ void *extra; /* * Hooks for stuff needed to be done after the message has gone out to * the wire. - */ + */ TAILQ_HEAD(post_send_head, post_send) post_send; }; diff --git a/sbin/isakmpd/monitor.c b/sbin/isakmpd/monitor.c index c3f521f38b2..37cd7eac918 100644 --- a/sbin/isakmpd/monitor.c +++ b/sbin/isakmpd/monitor.c @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor.c,v 1.75 2018/01/04 14:21:00 mpi Exp $ */ +/* $OpenBSD: monitor.c,v 1.76 2018/01/15 09:54:48 mpi Exp $ */ /* * Copyright (c) 2003 Håkan Olsson. All rights reserved. @@ -692,7 +692,7 @@ m_priv_local_sanitize_path(char *path, size_t pmax, int flags) * We only permit paths starting with * /etc/isakmpd/ (read only) * /var/run/ (rw) - */ + */ if (realpath(path, new_path) == NULL || realpath("/var/run", var_run) == NULL) { diff --git a/sbin/isakmpd/policy.c b/sbin/isakmpd/policy.c index e3da6a5053b..6a717cd4660 100644 --- a/sbin/isakmpd/policy.c +++ b/sbin/isakmpd/policy.c @@ -1,4 +1,4 @@ -/* $OpenBSD: policy.c,v 1.98 2018/01/04 14:21:00 mpi Exp $ */ +/* $OpenBSD: policy.c,v 1.99 2018/01/15 09:54:48 mpi Exp $ */ /* $EOM: policy.c,v 1.49 2000/10/24 13:33:39 niklas Exp $ */ /* @@ -231,7 +231,7 @@ policy_callback(char *name) /* * If dirty is set, this is the first request for an attribute, so * populate our value cache. - */ + */ if (dirty) { ie = policy_exchange->data; diff --git a/sbin/isakmpd/sa.h b/sbin/isakmpd/sa.h index 2364e61db2c..f9769b44384 100644 --- a/sbin/isakmpd/sa.h +++ b/sbin/isakmpd/sa.h @@ -1,4 +1,4 @@ -/* $OpenBSD: sa.h,v 1.53 2018/01/04 14:21:00 mpi Exp $ */ +/* $OpenBSD: sa.h,v 1.54 2018/01/15 09:54:48 mpi Exp $ */ /* $EOM: sa.h,v 1.58 2000/10/10 12:39:01 provos Exp $ */ /* @@ -77,7 +77,7 @@ struct proto { /* * The chosen transform, only valid while the incoming SA payload that * held it is available for duplicate testing. - */ + */ struct payload *chosen; /* The chosen transform's ID. */ @@ -107,7 +107,7 @@ struct sa { /* * When several SA's are being negotiated in one message we connect * them through this link. - */ + */ TAILQ_ENTRY(sa) next; /* @@ -164,14 +164,14 @@ struct sa { /* * The key used to authenticate phase 1, in printable format, used * only by KeyNote. - */ + */ char *keynote_key; /* * Certificates or other information from Phase 1; these are copied * from the exchange, so look at exchange.h for an explanation of * their use. - */ + */ int recv_certtype, recv_keytype; /* Certificate received from peer, native format. */ void *recv_cert; @@ -181,7 +181,7 @@ struct sa { /* * Certificates or other information we used to authenticate to the * peer, Phase 1. - */ + */ int sent_certtype; /* Certificate (to be) sent to peer, native format. */ void *sent_cert; diff --git a/sbin/isakmpd/sysdep/openbsd/sysdep.c b/sbin/isakmpd/sysdep/openbsd/sysdep.c index 8090a265ba0..8f28040c20e 100644 --- a/sbin/isakmpd/sysdep/openbsd/sysdep.c +++ b/sbin/isakmpd/sysdep/openbsd/sysdep.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sysdep.c,v 1.37 2018/01/04 14:21:00 mpi Exp $ */ +/* $OpenBSD: sysdep.c,v 1.38 2018/01/15 09:54:48 mpi Exp $ */ /* $EOM: sysdep.c,v 1.9 2000/12/04 04:46:35 angelos Exp $ */ /* @@ -96,7 +96,7 @@ sysdep_cleartext(int fd, int af) /* * Need to bypass system security policy, so I can send and * receive key management datagrams in the clear. - */ + */ level = IPSEC_LEVEL_BYPASS; if (monitor_setsockopt(fd, optsw[sw].ip_proto, optsw[sw].auth_level, (char *) &level, sizeof level) == -1) { diff --git a/sbin/isakmpd/transport.h b/sbin/isakmpd/transport.h index ecbe38129e5..7105e42ec7c 100644 --- a/sbin/isakmpd/transport.h +++ b/sbin/isakmpd/transport.h @@ -1,4 +1,4 @@ -/* $OpenBSD: transport.h,v 1.21 2018/01/04 14:21:00 mpi Exp $ */ +/* $OpenBSD: transport.h,v 1.22 2018/01/15 09:54:48 mpi Exp $ */ /* $EOM: transport.h,v 1.16 2000/07/17 18:57:59 provos Exp $ */ /* @@ -78,7 +78,7 @@ struct transport_vtbl { /* * Read a message from the transport's incoming pipe and start * handling it. - */ + */ void (*handle_message) (struct transport *); /* Send a message through the outgoing pipe. */ @@ -87,18 +87,18 @@ struct transport_vtbl { /* * Fill out a sockaddr structure with the transport's destination end's * address info. - */ + */ void (*get_dst) (struct transport *, struct sockaddr **); /* * Fill out a sockaddr structure with the transport's source end's * address info. - */ + */ void (*get_src) (struct transport *, struct sockaddr **); /* * Return a string with decoded src and dst information - */ + */ char *(*decode_ids) (struct transport *); /* @@ -126,7 +126,7 @@ struct transport { * Prioritized send queue. Messages in this queue will be transmitted * before the normal sendq, they will also all be transmitted prior * to a daemon shutdown. Currently only used for DELETE notifications. - */ + */ struct msg_head prio_sendq; /* Flags describing the transport. */