Menu
▾
▴
[Astlinux-commits] SF.net SVN: astlinux:[5514] branches/1.0
|
From: <abe...@us...> - 2012-04-15 06:25:10
|
Revision: 5514
http://astlinux.svn.sourceforge.net/astlinux/?rev=5514&view=rev
Author: abelbeck
Date: 2012-04-15 05:25:23 +0000 (Sun, 15 Apr 2012)
Log Message:
-----------
ipsec mobile, add patch to racoon to allow XAuth user/pass from a text file, generated from IPSECM_XAUTH_USER_PASS variable
The patch was submitted to OpenWRT by birnenschnitzel:
https://dev.openwrt.org/ticket/10291
Modified Paths:
--------------
branches/1.0/package/ipsec-tools/racoon-ipsec
branches/1.0/project/astlinux/target_skeleton/etc/group
branches/1.0/project/astlinux/target_skeleton/etc/gshadow
branches/1.0/project/astlinux/target_skeleton/etc/passwd
branches/1.0/project/astlinux/target_skeleton/etc/shadow
branches/1.0/project/astlinux/target_skeleton/etc/shadow-
branches/1.0/project/astlinux/target_skeleton/stat/etc/rc.conf
Added Paths:
-----------
branches/1.0/package/ipsec-tools/ipsec-tools-xauth-user-pass.patch
Added: branches/1.0/package/ipsec-tools/ipsec-tools-xauth-user-pass.patch
===================================================================
--- branches/1.0/package/ipsec-tools/ipsec-tools-xauth-user-pass.patch (rev 0)
+++ branches/1.0/package/ipsec-tools/ipsec-tools-xauth-user-pass.patch 2012-04-15 05:25:23 UTC (rev 5514)
@@ -0,0 +1,42 @@
+--- ipsec-tools-0.8.0/src/racoon/isakmp_xauth.c.orig 2011-03-14 16:50:36.000000000 +0100
++++ ipsec-tools-0.8.0/src/racoon/isakmp_xauth.c 2011-10-27 09:45:08.000000000 +0200
+@@ -1261,6 +1261,39 @@
+ char *usr;
+ char *pwd;
+ {
++ /* OpenWrt fix: if possible check user from password file */
++ FILE *fp;
++ char line[256];
++ char *linecut;
++ char filename[80];
++ int found;
++ char *fusr;
++ char *fpwd;
++
++ strcpy(filename,"/tmp/etc/xauthuser.txt");
++ if ((fp = fopen(filename, "r")) != NULL) {
++ plog(LLV_INFO, LOCATION, NULL,
++ "verifying user from %s\n",filename);
++
++ found = -1;
++ while ( fgets(line, 255, fp) != NULL && found == -1) {
++ if (line[0] != '#') {
++ linecut = strtok(line,"#\n");
++ fusr = strtok(linecut," \t");
++ fpwd = strtok(NULL," \t");
++
++ if ( fusr && fpwd
++ && strcmp(fusr,"")!=0 && strcmp(fpwd,"")!=0
++ && strcmp(fusr,usr)==0 && strcmp(fpwd,pwd)==0)
++ found = 0;
++ }
++ }
++ fclose(fp);
++
++ return found;
++ }
++ /* OpenWrt fix */
++
+ struct passwd *pw;
+ char *cryptpwd;
+ char *syscryptpwd;
Modified: branches/1.0/package/ipsec-tools/racoon-ipsec
===================================================================
--- branches/1.0/package/ipsec-tools/racoon-ipsec 2012-04-14 22:19:25 UTC (rev 5513)
+++ branches/1.0/package/ipsec-tools/racoon-ipsec 2012-04-15 05:25:23 UTC (rev 5514)
@@ -241,7 +241,7 @@
gen_ipsecmobile()
{
- local auth method IFS
+ local user pass auth method IFS
p1_encrypt="$IPSECM_P1_CYPHER"
p1_hash="$IPSECM_P1_HASH"
@@ -268,6 +268,20 @@
if [ "$IPSECM_AUTH_METHOD" = "xauth_rsa_server" ]; then
method="xauth_rsa_server"
+
+ echo "# Secrets for authenticating XAuth
+# Automatically generated by $prog; do not edit!
+#" > /tmp/etc/xauthuser.txt
+ IFS=$'\n'
+ for i in $IPSECM_XAUTH_USER_PASS; do
+ user="$(echo "$i" | awk -F' ' '{ print $1; }')"
+ pass="$(echo "$i" | awk -F' ' '{ print $2; }')"
+ if [ -n "$user" -a -n "$pass" ]; then
+ echo "$user $pass" >> /tmp/etc/xauthuser.txt
+ fi
+ done
+ chmod 600 /tmp/etc/xauthuser.txt
+
IFS=' '
for name in IPSECM_XAUTH_POOLBASE IPSECM_XAUTH_POOLMASK IPSECM_XAUTH_POOLSIZE; do
if [ -z "${!name}" ]; then
@@ -275,6 +289,7 @@
return 1
fi
done
+ unset IFS
else
method="rsasig"
fi
@@ -631,7 +646,7 @@
if [ -f /tmp/etc/racoon_bad_config ]; then
echo "$prog failed to start due to configuration errors." 1>&2
- rm -f /tmp/etc/racoon.conf /tmp/etc/psk.txt /tmp/etc/tunnel.sh /tmp/etc/racoon_bad_config
+ rm -f /tmp/etc/racoon.conf /tmp/etc/psk.txt /tmp/etc/tunnel.sh /tmp/etc/xauthuser.txt /tmp/etc/racoon_bad_config
rm -rf /tmp/etc/certificate
exit 1
@@ -686,7 +701,7 @@
setkey -F
setkey -FP
- rm -f /tmp/etc/psk.txt /tmp/etc/racoon.conf /tmp/etc/tunnel.sh
+ rm -f /tmp/etc/psk.txt /tmp/etc/racoon.conf /tmp/etc/tunnel.sh /tmp/etc/xauthuser.txt
rm -rf /tmp/etc/certificate
## Hangs with linux 2.6.35
Modified: branches/1.0/project/astlinux/target_skeleton/etc/group
===================================================================
--- branches/1.0/project/astlinux/target_skeleton/etc/group 2012-04-14 22:19:25 UTC (rev 5513)
+++ branches/1.0/project/astlinux/target_skeleton/etc/group 2012-04-15 05:25:23 UTC (rev 5514)
@@ -12,6 +12,5 @@
audio:x:29:
video:x:44:
users:x:100:
-ipsec:x:901:
zabbix:x:906:
nobody:x:65535:
Modified: branches/1.0/project/astlinux/target_skeleton/etc/gshadow
===================================================================
--- branches/1.0/project/astlinux/target_skeleton/etc/gshadow 2012-04-14 22:19:25 UTC (rev 5513)
+++ branches/1.0/project/astlinux/target_skeleton/etc/gshadow 2012-04-15 05:25:23 UTC (rev 5514)
@@ -1,4 +1,3 @@
root:*::
users:*::
ftp:*::
-ipsec:!::
Modified: branches/1.0/project/astlinux/target_skeleton/etc/passwd
===================================================================
--- branches/1.0/project/astlinux/target_skeleton/etc/passwd 2012-04-14 22:19:25 UTC (rev 5513)
+++ branches/1.0/project/astlinux/target_skeleton/etc/passwd 2012-04-15 05:25:23 UTC (rev 5514)
@@ -1,6 +1,5 @@
root:x:0:0:root:/root:/bin/sh
sshd:x:22:22:sshd:/dev/null:/bin/false
ftp:x:21:21:ftp user:/home/ftp:/bin/false
-ipsec:x:901:901:IPsec XAuth:/dev/null:/bin/false
zabbix:x:906:906:Zabbix User:/dev/null:/bin/false
nobody:x:1000:1000:no one:/dev/null:/bin/false
Modified: branches/1.0/project/astlinux/target_skeleton/etc/shadow
===================================================================
--- branches/1.0/project/astlinux/target_skeleton/etc/shadow 2012-04-14 22:19:25 UTC (rev 5513)
+++ branches/1.0/project/astlinux/target_skeleton/etc/shadow 2012-04-15 05:25:23 UTC (rev 5514)
@@ -1,6 +1,5 @@
root:$1$$axJeFIpwicqOTwFpuoUAs1:12215:0:99999:7:::
sshd:!:0:0:99999:7:::
ftp:!:0:0:99999:7:::
-ipsec:!:0:0:99999:7:::
zabbix:!:0:0:99999:7:::
nobody:!:0:0:99999:7:::
Modified: branches/1.0/project/astlinux/target_skeleton/etc/shadow-
===================================================================
--- branches/1.0/project/astlinux/target_skeleton/etc/shadow- 2012-04-14 22:19:25 UTC (rev 5513)
+++ branches/1.0/project/astlinux/target_skeleton/etc/shadow- 2012-04-15 05:25:23 UTC (rev 5514)
@@ -1,5 +1,5 @@
root:$1$$axJeFIpwicqOTwFpuoUAs1:12215:0:99999:7:::
sshd:!:0:0:99999:7:::
ftp:!:0:0:99999:7:::
-zabbix:!:0:99999:7:::
-nobody:!:0:99999:7:::
+zabbix:!:0:0:99999:7:::
+nobody:!:0:0:99999:7:::
Modified: branches/1.0/project/astlinux/target_skeleton/stat/etc/rc.conf
===================================================================
--- branches/1.0/project/astlinux/target_skeleton/stat/etc/rc.conf 2012-04-14 22:19:25 UTC (rev 5513)
+++ branches/1.0/project/astlinux/target_skeleton/stat/etc/rc.conf 2012-04-15 05:25:23 UTC (rev 5514)
@@ -590,6 +590,11 @@
#IPSECM_XAUTH_WINS="" # space separated list of local MS WINS servers, rarely needed
#IPSECM_XAUTH_DOMAIN="" # Default DNS domain pushed to client
#IPSECM_XAUTH_SAVE_PASSWD="no" # "no" or "yes", defaults to "no"
+## Authentication - multi-line, space separated
+#IPSECM_XAUTH_USER_PASS="
+#username1 password1
+#username2 password2
+#"
##
#IPSECM_CERT_KEYSIZE="1024" # "1024" or "2048", defaults to "1024"
#IPSECM_CERT_DNSNAME="" # DNS name (or IP address) of public interface, required by iOS devices
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
