Attachment #68372 for bug #94681




		if ((k in s) && s[k] != "yes" && s[k] != "no")
			fail("parameter " v(k) " must be \"yes\" or \"no\"")
	}
	function defaultconn(k, val) {
		if (!(k in s))
			s[k] = val
	}

		if (!seensome)
			fail("internal error, output called inappropriately")

		defaultconn("type", "tunnel")
		type_flags = ""
		t = s["type"]
		if (t == "tunnel") {

		} else
			fail("unknown type " v(t))

		defaultconn("failureshunt", "none")
		t = s["failureshunt"]
		if (t == "passthrough")
			type_flags = type_flags " --failpass";

			nexthopset("right", drnexthop)
		}

		defaultconn("keyexchange", "ike")
		if (s["keyexchange"] != "ike")
			fail("only know how to do keyexchange=ike")
		defaultconn("auth", "esp")
		if (("auth" in s) && s["auth"] != "esp" && s["auth"] != "ah")
			fail("only know how to do auth=esp or auth=ah")

		yesno("pfs")
		defaultconn("pfs", "yes")

 		yesno("aggrmode")
 		defaultconn("aggrmode", "no")

                duration("dpddelay")
                duration("dpdtimeout")
                if(("dpddelay" in s) && !("dpdtimeout" in s))
                        defaultconn("dpdtimeout",120)
                if(!("dpddelay" in s) && ("dpdtimeout" in s))
                        defaultconn("dpddelay",30)
                defaultconn("dpdaction","hold")

		yesno("forceencaps")
		defaultconn("forceencaps", "no")
		yesno("xauth")
		defaultconn("xauth", "no")
		yesno("xauthserver")
		defaultconn("xauthserver", "no")
		yesno("xauthclient")
		defaultconn("xauthclient", "no")
		yesno("modecfgserver")
		defaultconn("modecfgserver", "no")
		yesno("modecfgclient")
		defaultconn("modecfgclient", "no")

		yesno("modecfgpull")
		defaultconn("modecfgpull", "no")

		yesno("compress")
		defaultconn("compress", "no")
		defaultconn("keylife", "8h")
		duration("keylife")
		yesno("rekey")
		defaultconn("rekey", "yes")
		defaultconn("rekeymargin", "9m")
		duration("rekeymargin")
		defaultconn("keyingtries", "%forever")
		if (s["keyingtries"] == "%forever")
			s["keyingtries"] = 0
		integer("keyingtries")

			integer("rekeyfuzz")
		}
		duration("ikelifetime")
		defaultconn("disablearrivalcheck", "no")

		defaultconn("leftsendcert", "always")
		defaultconn("rightsendcert", "always")

		defaultconn("leftnexthop", "%direct")
		defaultconn("rightnexthop", "%direct")
		if (s["leftnexthop"] == s["left"])
			fail("left and leftnexthop must not be the same")
		if (s["rightnexthop"] == s["right"])

			s["rightnexthop"] = drnexthop
		}

		defaultconn("leftupdown", "ipsec _updown")
		defaultconn("rightupdown", "ipsec _updown")
		defaultconn("authby", "rsasig")
		t = s["authby"]
		if (t == "rsasig" || t == "secret|rsasig" || t == "rsasig|secret") {
			authtype = "--rsasig"
			type_flags = "--encrypt " type_flags
			if (!("leftcert" in s)) {
				defaultconn("leftrsasigkey", "%dnsondemand")
				if (id("left") == "%any" &&
				    !(s["leftrsasigkey"] == "%cert" ||
				      s["leftrsasigkey"] == "0x00") )
					fail("ID " v(id("left")) " cannot have RSA key")
			}
			if (!("rightcert" in s)) {
				defaultconn("rightrsasigkey", "%dnsondemand")
				if (id("right") == "%any" &&
				    !(s["rightrsasigkey"] == "%cert" ||
				      s["rightrsasigkey"] == "0x00") )

		settings = type_flags

                # BEGIN IPv6
                defaultconn("connaddrfamily", "ipv4")
                if (s["connaddrfamily"] == "ipv6") {
                        settings = settings " --ipv6"
                } else if (s["connaddrfamily"] != "ipv4") {




	# if searching, seen is set of sectionnames which match
	# if not searching, seen is set of parameter names found
	seen[""] = ""
	defaultconn[""] = ""
	usesdefault[""] = ""
	orientation = 1
}

			output(o_section, sn)

			# do not accept anything from conn %default
			for (i in defaultconn)
				delete defaultconn[i]

			output(o_parm, orient("left"), "%defaultroute")
			output(o_parm, orient("leftid"), "%myid")

		if (!usesdefault[sectionname])
			fail("duplicated parameter " bq search eq)
		usesdefault[sectionname] = 0
	} else if (search in defaultconn)
		fail("duplicated parameter " bq search eq)
	if (rest in wanted) {	# a hit
		if (indefault)
			defaultconn[search] = rest
		else
			searchfound(sectionname)
	} else {

		fail("white space within non-quoted parameter " bq name eq)
}
indefault {
	if (name in defaultconn)
		fail("duplicated default parameter " bq name eq)
	defaultconn[name] = value
	next
}
{

	if (!optional && !searching && unseen != "")
		fail("did not find " type " section(s) " bq substr(unseen, 2) eq)
	if (!searching) {
		for (name in defaultconn)
			if (!(name in seen))
				output(o_parm, name, defaultconn[name])
	} else {
		if (defaultconn[search] in wanted)
			for (name in usesdefault)
				if (usesdefault[name])
					seen[name] = 1




		if ((k in s) && s[k] != "yes" && s[k] != "no")
			fail("parameter \"" k "\" must be \"yes\" or \"no\"")
	}
	function defaultconn(k, v) {
		if (!(k in s))
			s[k] = v
	}

	#########
	if (failed)
		exit 1
	defaultconn("type", "tunnel")
	type = s["type"]
	shunt = 0
	if (type == "transport") {

	}

	leftsub = ("leftsubnet" in s) ? 1 : 0
	defaultconn("leftsubnet", s["left"] "/32")
	rightsub = ("rightsubnet" in s) ? 1 : 0
	defaultconn("rightsubnet", s["right"] "/32")
	integer("espreplay_window")
	if (("espreplay_window" in s) && s["espreplay_window"] == 0)
		delete s["espreplay_window"]

	netfix("left")
	netfix("right")

	defaultconn("leftnexthop", s["right"])
	defaultconn("rightnexthop", s["left"])
	if (s["leftnexthop"] == s["left"])
		fail("left and leftnexthop must not be the same")
	if (s["rightnexthop"] == s["right"])

Return to bug 94681

Lines 220-226 Link Here

(-)openswan-2.3.0.orig/programs/auto/auto.in (-33 / +33 lines)
220	if ((k in s) && s[k] != "yes" && s[k] != "no")	220	if ((k in s) && s[k] != "yes" && s[k] != "no")
221	fail("parameter " v(k) " must be \"yes\" or \"no\"")	221	fail("parameter " v(k) " must be \"yes\" or \"no\"")
222	}	222	}
223	function default(k, val) {	223	function defaultconn(k, val) {
224	if (!(k in s))	224	if (!(k in s))
225	s[k] = val	225	s[k] = val
226	}	226	}
Lines 313-319 Link Here
313	if (!seensome)	313	if (!seensome)
314	fail("internal error, output called inappropriately")	314	fail("internal error, output called inappropriately")
315		315
316	default("type", "tunnel")	316	defaultconn("type", "tunnel")
317	type_flags = ""	317	type_flags = ""
318	t = s["type"]	318	t = s["type"]
319	if (t == "tunnel") {	319	if (t == "tunnel") {
Lines 335-341 Link Here
335	} else	335	} else
336	fail("unknown type " v(t))	336	fail("unknown type " v(t))
337		337
338	default("failureshunt", "none")	338	defaultconn("failureshunt", "none")
339	t = s["failureshunt"]	339	t = s["failureshunt"]
340	if (t == "passthrough")	340	if (t == "passthrough")
341	type_flags = type_flags " --failpass";	341	type_flags = type_flags " --failpass";
Lines 362-413 Link Here
362	nexthopset("right", drnexthop)	362	nexthopset("right", drnexthop)
363	}	363	}
364		364
365	default("keyexchange", "ike")	365	defaultconn("keyexchange", "ike")
366	if (s["keyexchange"] != "ike")	366	if (s["keyexchange"] != "ike")
367	fail("only know how to do keyexchange=ike")	367	fail("only know how to do keyexchange=ike")
368	default("auth", "esp")	368	defaultconn("auth", "esp")
369	if (("auth" in s) && s["auth"] != "esp" && s["auth"] != "ah")	369	if (("auth" in s) && s["auth"] != "esp" && s["auth"] != "ah")
370	fail("only know how to do auth=esp or auth=ah")	370	fail("only know how to do auth=esp or auth=ah")
371		371
372	yesno("pfs")	372	yesno("pfs")
373	default("pfs", "yes")	373	defaultconn("pfs", "yes")
374		374
375	yesno("aggrmode")	375	yesno("aggrmode")
376	default("aggrmode", "no")	376	defaultconn("aggrmode", "no")
377		377
378	duration("dpddelay")	378	duration("dpddelay")
379	duration("dpdtimeout")	379	duration("dpdtimeout")
380	if(("dpddelay" in s) && !("dpdtimeout" in s))	380	if(("dpddelay" in s) && !("dpdtimeout" in s))
381	default("dpdtimeout",120)	381	defaultconn("dpdtimeout",120)
382	if(!("dpddelay" in s) && ("dpdtimeout" in s))	382	if(!("dpddelay" in s) && ("dpdtimeout" in s))
383	default("dpddelay",30)	383	defaultconn("dpddelay",30)
384	default("dpdaction","hold")	384	defaultconn("dpdaction","hold")
385		385
386	yesno("forceencaps")	386	yesno("forceencaps")
387	default("forceencaps", "no")	387	defaultconn("forceencaps", "no")
388	yesno("xauth")	388	yesno("xauth")
389	default("xauth", "no")	389	defaultconn("xauth", "no")
390	yesno("xauthserver")	390	yesno("xauthserver")
391	default("xauthserver", "no")	391	defaultconn("xauthserver", "no")
392	yesno("xauthclient")	392	yesno("xauthclient")
393	default("xauthclient", "no")	393	defaultconn("xauthclient", "no")
394	yesno("modecfgserver")	394	yesno("modecfgserver")
395	default("modecfgserver", "no")	395	defaultconn("modecfgserver", "no")
396	yesno("modecfgclient")	396	yesno("modecfgclient")
397	default("modecfgclient", "no")	397	defaultconn("modecfgclient", "no")
398		398
399	yesno("modecfgpull")	399	yesno("modecfgpull")
400	default("modecfgpull", "no")	400	defaultconn("modecfgpull", "no")
401		401
402	yesno("compress")	402	yesno("compress")
403	default("compress", "no")	403	defaultconn("compress", "no")
404	default("keylife", "8h")	404	defaultconn("keylife", "8h")
405	duration("keylife")	405	duration("keylife")
406	yesno("rekey")	406	yesno("rekey")
407	default("rekey", "yes")	407	defaultconn("rekey", "yes")
408	default("rekeymargin", "9m")	408	defaultconn("rekeymargin", "9m")
409	duration("rekeymargin")	409	duration("rekeymargin")
410	default("keyingtries", "%forever")	410	defaultconn("keyingtries", "%forever")
411	if (s["keyingtries"] == "%forever")	411	if (s["keyingtries"] == "%forever")
412	s["keyingtries"] = 0	412	s["keyingtries"] = 0
413	integer("keyingtries")	413	integer("keyingtries")
Lines 419-431 Link Here
419	integer("rekeyfuzz")	419	integer("rekeyfuzz")
420	}	420	}
421	duration("ikelifetime")	421	duration("ikelifetime")
422	default("disablearrivalcheck", "no")	422	defaultconn("disablearrivalcheck", "no")
423		423
424	default("leftsendcert", "always")	424	defaultconn("leftsendcert", "always")
425	default("rightsendcert", "always")	425	defaultconn("rightsendcert", "always")
426		426
427	default("leftnexthop", "%direct")	427	defaultconn("leftnexthop", "%direct")
428	default("rightnexthop", "%direct")	428	defaultconn("rightnexthop", "%direct")
429	if (s["leftnexthop"] == s["left"])	429	if (s["leftnexthop"] == s["left"])
430	fail("left and leftnexthop must not be the same")	430	fail("left and leftnexthop must not be the same")
431	if (s["rightnexthop"] == s["right"])	431	if (s["rightnexthop"] == s["right"])
Lines 441-462 Link Here
441	s["rightnexthop"] = drnexthop	441	s["rightnexthop"] = drnexthop
442	}	442	}
443		443
444	default("leftupdown", "ipsec _updown")	444	defaultconn("leftupdown", "ipsec _updown")
445	default("rightupdown", "ipsec _updown")	445	defaultconn("rightupdown", "ipsec _updown")
446	default("authby", "rsasig")	446	defaultconn("authby", "rsasig")
447	t = s["authby"]	447	t = s["authby"]
448	if (t == "rsasig" \|\| t == "secret\|rsasig" \|\| t == "rsasig\|secret") {	448	if (t == "rsasig" \|\| t == "secret\|rsasig" \|\| t == "rsasig\|secret") {
449	authtype = "--rsasig"	449	authtype = "--rsasig"
450	type_flags = "--encrypt " type_flags	450	type_flags = "--encrypt " type_flags
451	if (!("leftcert" in s)) {	451	if (!("leftcert" in s)) {
452	default("leftrsasigkey", "%dnsondemand")	452	defaultconn("leftrsasigkey", "%dnsondemand")
453	if (id("left") == "%any" &&	453	if (id("left") == "%any" &&
454	!(s["leftrsasigkey"] == "%cert" \|\|	454	!(s["leftrsasigkey"] == "%cert" \|\|
455	s["leftrsasigkey"] == "0x00") )	455	s["leftrsasigkey"] == "0x00") )
456	fail("ID " v(id("left")) " cannot have RSA key")	456	fail("ID " v(id("left")) " cannot have RSA key")
457	}	457	}
458	if (!("rightcert" in s)) {	458	if (!("rightcert" in s)) {
459	default("rightrsasigkey", "%dnsondemand")	459	defaultconn("rightrsasigkey", "%dnsondemand")
460	if (id("right") == "%any" &&	460	if (id("right") == "%any" &&
461	!(s["rightrsasigkey"] == "%cert" \|\|	461	!(s["rightrsasigkey"] == "%cert" \|\|
462	s["rightrsasigkey"] == "0x00") )	462	s["rightrsasigkey"] == "0x00") )
Lines 476-482 Link Here
476	settings = type_flags	476	settings = type_flags
477		477
478	# BEGIN IPv6	478	# BEGIN IPv6
479	default("connaddrfamily", "ipv4")	479	defaultconn("connaddrfamily", "ipv4")
480	if (s["connaddrfamily"] == "ipv6") {	480	if (s["connaddrfamily"] == "ipv6") {
481	settings = settings " --ipv6"	481	settings = settings " --ipv6"
482	} else if (s["connaddrfamily"] != "ipv4") {	482	} else if (s["connaddrfamily"] != "ipv4") {

Lines 181-187 Link Here

(-)openswan-2.3.0.orig/programs/_confread/_confread.in (-10 / +10 lines)
181	# if searching, seen is set of sectionnames which match	181	# if searching, seen is set of sectionnames which match
182	# if not searching, seen is set of parameter names found	182	# if not searching, seen is set of parameter names found
183	seen[""] = ""	183	seen[""] = ""
184	default[""] = ""	184	defaultconn[""] = ""
185	usesdefault[""] = ""	185	usesdefault[""] = ""
186	orientation = 1	186	orientation = 1
187	}	187	}
Lines 286-293 Link Here
286	output(o_section, sn)	286	output(o_section, sn)
287		287
288	# do not accept anything from conn %default	288	# do not accept anything from conn %default
289	for (i in default)	289	for (i in defaultconn)
290	delete default[i]	290	delete defaultconn[i]
291		291
292	output(o_parm, orient("left"), "%defaultroute")	292	output(o_parm, orient("left"), "%defaultroute")
293	output(o_parm, orient("leftid"), "%myid")	293	output(o_parm, orient("leftid"), "%myid")
Lines 425-435 Link Here
425	if (!usesdefault[sectionname])	425	if (!usesdefault[sectionname])
426	fail("duplicated parameter " bq search eq)	426	fail("duplicated parameter " bq search eq)
427	usesdefault[sectionname] = 0	427	usesdefault[sectionname] = 0
428	} else if (search in default)	428	} else if (search in defaultconn)
429	fail("duplicated parameter " bq search eq)	429	fail("duplicated parameter " bq search eq)
430	if (rest in wanted) { # a hit	430	if (rest in wanted) { # a hit
431	if (indefault)	431	if (indefault)
432	default[search] = rest	432	defaultconn[search] = rest
433	else	433	else
434	searchfound(sectionname)	434	searchfound(sectionname)
435	} else {	435	} else {
Lines 491-499 Link Here
491	fail("white space within non-quoted parameter " bq name eq)	491	fail("white space within non-quoted parameter " bq name eq)
492	}	492	}
493	indefault {	493	indefault {
494	if (name in default)	494	if (name in defaultconn)
495	fail("duplicated default parameter " bq name eq)	495	fail("duplicated default parameter " bq name eq)
496	default[name] = value	496	defaultconn[name] = value
497	next	497	next
498	}	498	}
499	{	499	{
Lines 565-575 Link Here
565	if (!optional && !searching && unseen != "")	565	if (!optional && !searching && unseen != "")
566	fail("did not find " type " section(s) " bq substr(unseen, 2) eq)	566	fail("did not find " type " section(s) " bq substr(unseen, 2) eq)
567	if (!searching) {	567	if (!searching) {
568	for (name in default)	568	for (name in defaultconn)
569	if (!(name in seen))	569	if (!(name in seen))
570	output(o_parm, name, default[name])	570	output(o_parm, name, defaultconn[name])
571	} else {	571	} else {
572	if (default[search] in wanted)	572	if (defaultconn[search] in wanted)
573	for (name in usesdefault)	573	for (name in usesdefault)
574	if (usesdefault[name])	574	if (usesdefault[name])
575	seen[name] = 1	575	seen[name] = 1

Lines 210-216 Link Here

(-)openswan-2.3.0.orig/programs/manual/manual.in (-6 / +6 lines)
210	if ((k in s) && s[k] != "yes" && s[k] != "no")	210	if ((k in s) && s[k] != "yes" && s[k] != "no")
211	fail("parameter \"" k "\" must be \"yes\" or \"no\"")	211	fail("parameter \"" k "\" must be \"yes\" or \"no\"")
212	}	212	}
213	function default(k, v) {	213	function defaultconn(k, v) {
214	if (!(k in s))	214	if (!(k in s))
215	s[k] = v	215	s[k] = v
216	}	216	}
Lines 323-329 Link Here
323	#########	323	#########
324	if (failed)	324	if (failed)
325	exit 1	325	exit 1
326	default("type", "tunnel")	326	defaultconn("type", "tunnel")
327	type = s["type"]	327	type = s["type"]
328	shunt = 0	328	shunt = 0
329	if (type == "transport") {	329	if (type == "transport") {
Lines 364-372 Link Here
364	}	364	}
365		365
366	leftsub = ("leftsubnet" in s) ? 1 : 0	366	leftsub = ("leftsubnet" in s) ? 1 : 0
367	default("leftsubnet", s["left"] "/32")	367	defaultconn("leftsubnet", s["left"] "/32")
368	rightsub = ("rightsubnet" in s) ? 1 : 0	368	rightsub = ("rightsubnet" in s) ? 1 : 0
369	default("rightsubnet", s["right"] "/32")	369	defaultconn("rightsubnet", s["right"] "/32")
370	integer("espreplay_window")	370	integer("espreplay_window")
371	if (("espreplay_window" in s) && s["espreplay_window"] == 0)	371	if (("espreplay_window" in s) && s["espreplay_window"] == 0)
372	delete s["espreplay_window"]	372	delete s["espreplay_window"]
Lines 376-383 Link Here
376	netfix("left")	376	netfix("left")
377	netfix("right")	377	netfix("right")
378		378
379	default("leftnexthop", s["right"])	379	defaultconn("leftnexthop", s["right"])
380	default("rightnexthop", s["left"])	380	defaultconn("rightnexthop", s["left"])
381	if (s["leftnexthop"] == s["left"])	381	if (s["leftnexthop"] == s["left"])
382	fail("left and leftnexthop must not be the same")	382	fail("left and leftnexthop must not be the same")
383	if (s["rightnexthop"] == s["right"])	383	if (s["rightnexthop"] == s["right"])