Date: Mon, 1 Jul 2019 04:49:33 +0000 (UTC) From: Eugene Grosbein <eugen@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r505537 - in head/security/ipsec-tools: . files Message-ID: <201907010449.x614nXbT084815@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: eugen Date: Mon Jul 1 04:49:33 2019 New Revision: 505537 URL: https://svnweb.freebsd.org/changeset/ports/505537 Log: security/ipsec-tools: fix aggressive mode tunnels with wildcard-psk config Wilcard patch exposures existing bug where agressive tunnels using ip addresses for identification were not matching the entry in the PSK file, due to the identifier not being cast to a 'xxx.xxx.xxx.xxx' notation. PR: 203308 Submitted by: andywhite@gmail.com (based on) Added: head/security/ipsec-tools/files/wildcard-psk-oakley.c.diff (contents, props changed) Modified: head/security/ipsec-tools/Makefile Modified: head/security/ipsec-tools/Makefile ============================================================================== --- head/security/ipsec-tools/Makefile Mon Jul 1 03:32:39 2019 (r505536) +++ head/security/ipsec-tools/Makefile Mon Jul 1 04:49:33 2019 (r505537) @@ -8,7 +8,7 @@ PORTNAME= ipsec-tools PORTVERSION= 0.8.2 -PORTREVISION= 9 +PORTREVISION= 10 CATEGORIES= security MASTER_SITES= SF @@ -77,8 +77,8 @@ LDAP_CONFIGURE_OFF= --without-libldap SAUNSPEC_CONFIGURE_ENABLE= samode-unspec RC5_CONFIGURE_ENABLE= rc5 IDEA_CONFIGURE_ENABLE= idea -WCPSKEY_EXTRA_PATCHES= ${FILESDIR}/wildcard-psk.diff NATT_EXTRA_PATCHES= ${FILESDIR}/natt.diff +WCPSKEY_EXTRA_PATCHES= ${FILESDIR}/wildcard-psk.diff ${FILESDIR}/wildcard-psk-oakley.c.diff .include <bsd.port.pre.mk> Added: head/security/ipsec-tools/files/wildcard-psk-oakley.c.diff ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/ipsec-tools/files/wildcard-psk-oakley.c.diff Mon Jul 1 04:49:33 2019 (r505537) @@ -0,0 +1,22 @@ +--- src/racoon/oakley.c.orig 2012-08-29 18:35:09.000000000 +0700 ++++ src/racoon/oakley.c 2019-07-01 11:03:18.864245000 +0700 +@@ -2400,7 +2400,19 @@ oakley_skeyid(iph1) + case OAKLEY_ATTR_AUTH_METHOD_XAUTH_PSKEY_R: + #endif + if (iph1->etype != ISAKMP_ETYPE_IDENT) { ++ struct ipsecdoi_id_b *id_b; ++ ++ id_b = (struct ipsecdoi_id_b *)iph1->id_p->v; ++ if (id_b->type != IPSECDOI_ID_IPV4_ADDR && ++ id_b->type != IPSECDOI_ID_IPV6_ADDR) + iph1->authstr = getpskbyname(iph1->id_p); ++ else { ++ struct sockaddr addr; ++ u_int16_t ul_proto; ++ u_int8_t prefix; ++ if (!ipsecdoi_id2sockaddr(iph1->id_p, &addr, &prefix, &ul_proto)) ++ iph1->authstr = getpskbyaddr(&addr); ++ } + if (iph1->authstr == NULL) { + if (iph1->rmconf->verify_identifier) { + plog(LLV_ERROR, LOCATION, iph1->remote,
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201907010449.x614nXbT084815>