re-introduced the XAUTH_VID compile option

diff --git a/configure.in b/configure.in
index 8a69981..6e0b5df 100644 (file)
--- a/configure.in
+++ b/configure.in
@@ -234,6 +234,18 @@ AC_ARG_ENABLE(
 AM_CONDITIONAL(USE_VENDORID, test x$vendor_id = xtrue)
 
 AC_ARG_ENABLE(
+    [xauth-vid],
+    AS_HELP_STRING([--disable-xauth-vid],[disable the sending of the XAUTH vendor ID (default is NO).]),
+    [if test x$enableval = xyes; then
+        xauth_vid=true
+     else
+        xauth_vid=false
+    fi],
+    xauth_vid=true
+)
+AM_CONDITIONAL(USE_XAUTH_VID, test x$xauth_vid = xtrue)
+
+AC_ARG_ENABLE(
     [uml],
     AS_HELP_STRING([--enable-uml],[build the UML test framework (default is NO).]),
     [if test x$enableval = xyes; then

diff --git a/src/pluto/Makefile.am b/src/pluto/Makefile.am
index 336bbdf..4519ef7 100644 (file)
--- a/src/pluto/Makefile.am
+++ b/src/pluto/Makefile.am
@@ -107,6 +107,11 @@ if USE_VENDORID
   AM_CFLAGS += -DVENDORID
 endif
 
+# This compile option activates the sending of the XAUTH VID
+if USE_XAUTH_VID
+  AM_CFLAGS += -DXAUTH_VID
+endif
+
 # This compile option activates the support of the Cisco VPN client
 if USE_CISCO_QUIRKS
   AM_CFLAGS += -DCISCO_QUIRKS

diff --git a/src/pluto/ipsec_doi.c b/src/pluto/ipsec_doi.c
index 1183f9c..14aec44 100644 (file)
--- a/src/pluto/ipsec_doi.c
+++ b/src/pluto/ipsec_doi.c
@@ -80,6 +80,15 @@
 #endif /* !VENDORID */
 
 /*
+ * are we sending an XAUTH VID?
+ */
+#ifdef XAUTH_VID
+#define SEND_XAUTH_VID 1
+#else /* !XAUTH_VID */
+#define SEND_XAUTH_VID 0
+#endif /* !XAUTH_VID */
+
+/*
  * are we sending a Cisco Unity VID?
  */
 #ifdef CISCO_QUIRKS
@@ -899,7 +908,7 @@ main_outI1(int whack_sock, struct connection *c, struct state *predecessor
        vids_to_send++;
     if (c->spd.this.cert.type == CERT_PGP)
        vids_to_send++;
-    /* always send XAUTH Vendor ID */
+    if (SEND_XAUTH_VID)
        vids_to_send++;
     /* always send DPD Vendor ID */
        vids_to_send++;
@@ -993,11 +1002,14 @@ main_outI1(int whack_sock, struct connection *c, struct state *predecessor
     }
 
     /* Announce our ability to do eXtended AUTHentication to the peer */
-    if (!out_vendorid(vids_to_send-- ? ISAKMP_NEXT_VID : ISAKMP_NEXT_NONE
-    , &rbody, VID_MISC_XAUTH))
+    if (SEND_XAUTH_VID)
     {
-       reset_cur_state();
-       return STF_INTERNAL_ERROR;
+       if (!out_vendorid(vids_to_send-- ? ISAKMP_NEXT_VID : ISAKMP_NEXT_NONE
+       , &rbody, VID_MISC_XAUTH))
+       {
+           reset_cur_state();
+           return STF_INTERNAL_ERROR;
+       }
     }
 
     /* Announce our ability to do Dead Peer Detection to the peer */
@@ -3114,7 +3126,7 @@ main_inI1_outR1(struct msg_digest *md)
        vids_to_send++;
     if (md->openpgp)
        vids_to_send++;
-    /* always send XAUTH Vendor ID */
+    if (SEND_XAUTH_VID)
        vids_to_send++;
     /* always send DPD Vendor ID */
        vids_to_send++;
@@ -3182,10 +3194,13 @@ main_inI1_outR1(struct msg_digest *md)
     }
 
     /* Announce our ability to do eXtended AUTHentication to the peer */
-    if (!out_vendorid(vids_to_send-- ? ISAKMP_NEXT_VID : ISAKMP_NEXT_NONE
-    , &md->rbody, VID_MISC_XAUTH))
+    if (SEND_XAUTH_VID)
     {
-       return STF_INTERNAL_ERROR;
+       if (!out_vendorid(vids_to_send-- ? ISAKMP_NEXT_VID : ISAKMP_NEXT_NONE
+       , &md->rbody, VID_MISC_XAUTH))
+       {
+           return STF_INTERNAL_ERROR;
+       }
     }
 
     /* Announce our ability to do Dead Peer Detection to the peer */