[Midnightbsd-cvs] mports [15420] trunk/security: Add ipsec-tools to MidnightBSD based on the FreeBSD port.
laffer1 at midnightbsd.org
laffer1 at midnightbsd.org
Sun Sep 8 16:37:54 EDT 2013
Revision: 15420
http://svnweb.midnightbsd.org/mports/?rev=15420
Author: laffer1
Date: 2013-09-08 16:37:52 -0400 (Sun, 08 Sep 2013)
Log Message:
-----------
Add ipsec-tools to MidnightBSD based on the FreeBSD port.
Modified Paths:
--------------
trunk/security/Makefile
Added Paths:
-----------
trunk/security/ipsec-tools/
trunk/security/ipsec-tools/Makefile
trunk/security/ipsec-tools/distinfo
trunk/security/ipsec-tools/files/
trunk/security/ipsec-tools/files/patch8-utmp.diff
trunk/security/ipsec-tools/files/racoon.in
trunk/security/ipsec-tools/pkg-descr
trunk/security/ipsec-tools/pkg-plist
Modified: trunk/security/Makefile
===================================================================
--- trunk/security/Makefile 2013-09-07 13:01:54 UTC (rev 15419)
+++ trunk/security/Makefile 2013-09-08 20:37:52 UTC (rev 15420)
@@ -22,6 +22,7 @@
SUBDIR += gnutls
SUBDIR += gpgme
SUBDIR += gsasl
+SUBDIR += ipsec-tools
SUBDIR += krb5
SUBDIR += kwalletcli
SUBDIR += l0phtcrack
Added: trunk/security/ipsec-tools/Makefile
===================================================================
--- trunk/security/ipsec-tools/Makefile (rev 0)
+++ trunk/security/ipsec-tools/Makefile 2013-09-08 20:37:52 UTC (rev 15420)
@@ -0,0 +1,185 @@
+# $MidnightBSD$
+
+PORTNAME= ipsec-tools
+PORTVERSION= 0.8.0
+CATEGORIES= security
+MASTER_SITES= SF
+
+MAINTAINER= ports at MidnightBSD.org
+COMMENT= KAME racoon IKE daemon, ipsec-tools version
+
+LICENSE= unknown
+
+CONFLICTS= racoon-[0-9]*
+
+USE_RC_SUBR= racoon
+USE_OPENSSL= yes
+USE_BZIP2= yes
+
+USE_AUTOTOOLS= libtool
+GNU_CONFIGURE= yes
+USE_LDCONFIG= yes
+CONFIGURE_ARGS= --enable-shared --sysconfdir=${PREFIX}/etc/racoon \
+ --localstatedir=${STATEDIR:S/\/racoon//} \
+ --with-pkgversion=freebsd-${PORTVERSION}
+
+STATEDIR= /var/db/racoon
+SUB_LIST+= STATEDIR=${STATEDIR}
+PLIST_SUB+= STATEDIR=${STATEDIR}
+
+OPTIONS_DEFINE= DEBUG IPV6 ADMINPORT STATS DPD NATT NATTF FRAG HYBRID PAM \
+ RADIUS LDAP GSSAPI SAUNSPEC RC5 IDEA DOCS
+OPTIONS_DEFAULT= DEBUG DPD NATT FRAG HYBRID
+
+ADMINPORT_DESC= Enable Admin port
+STATS_DESC= Statistics logging function
+DPD_DESC= Dead Peer Detection
+NATT_DESC= NAT-Traversal (kernel-patch required)
+NATTF_DESC= require NAT-Traversal (fail without kernel-patch)
+FRAG_DESC= IKE fragmentation payload support
+HYBRID_DESC= Hybrid, Xauth and Mode-cfg support
+SAUNSPEC_DESC= Unspecified SA mode
+RC5_DESC= RC5 encryption (patented)
+IDEA_DESC= IDEA encryption (patented)
+PAM_DESC= PAM authentication (Xauth server)
+RADIUS_DESC= Radius authentication (Xauth server)
+LDAP_DESC= LDAP authentication (Xauth server)
+
+MAN3= ipsec_set_policy.3 ipsec_strerror.3
+MAN5= racoon.conf.5
+MAN8= racoon.8 racoonctl.8 setkey.8 plainrsa-gen.8
+
+PORTDOCS= *
+
+.include <bsd.port.pre.mk>
+
+.if ${OSVERSION} < 4000
+EXTRA_PATCHES= ${FILESDIR}/patch8-utmp.diff
+.endif
+
+.if ${PORT_OPTIONS:MDEBUG}
+CONFIGURE_ARGS+= --enable-debug
+.else
+CONFIGURE_ARGS+= --disable-debug
+.endif
+
+.if ${PORT_OPTIONS:MIPV6}
+CONFIGURE_ARGS+= --enable-ipv6
+.else
+CONFIGURE_ARGS+= --disable-ipv6
+.endif
+
+.if ${PORT_OPTIONS:MADMINPORT}
+CONFIGURE_ARGS+= --enable-adminport
+.else
+CONFIGURE_ARGS+= --disable-adminport
+.endif
+
+.if ${PORT_OPTIONS:MSTATS}
+CONFIGURE_ARGS+= --enable-stats
+.else
+CONFIGURE_ARGS+= --disable-stats
+.endif
+
+.if ${PORT_OPTIONS:MDPD}
+CONFIGURE_ARGS+= --enable-dpd
+.else
+CONFIGURE_ARGS+= --disable-dpd
+.endif
+
+.if ${PORT_OPTIONS:MNATT}
+. if ${PORT_OPTIONS:MNATTF}
+CONFIGURE_ARGS+= --enable-natt=yes
+. else
+CONFIGURE_ARGS+= --enable-natt=kernel
+. endif
+.else
+CONFIGURE_ARGS+= --disable-natt
+.endif
+
+.if ${PORT_OPTIONS:MFRAG}
+CONFIGURE_ARGS+= --enable-frag
+.else
+CONFIGURE_ARGS+= --disable-frag
+.endif
+
+.if ${PORT_OPTIONS:MHYBRID}
+CONFIGURE_ARGS+= --enable-hybrid
+.else
+CONFIGURE_ARGS+= --disable-hybrid
+.endif
+
+.if ${PORT_OPTIONS:MPAM}
+CONFIGURE_ARGS+= --with-libpam
+.else
+CONFIGURE_ARGS+= --without-libpam
+.endif
+
+.if ${PORT_OPTIONS:MGSSAPI}
+USES+= iconv
+CFLAGS+= -I${LOCALBASE}/include
+LDFLAGS+= -L${LOCALBASE}/lib
+CONFIGURE_ARGS+= --enable-gssapi
+.else
+CONFIGURE_ARGS+= --disable-gssapi
+.endif
+
+.if ${PORT_OPTIONS:MRADIUS}
+CONFIGURE_ARGS+= --with-libradius
+.else
+CONFIGURE_ARGS+= --without-libradius
+.endif
+
+.if ${PORT_OPTIONS:MLDAP}
+USE_OPENLDAP= YES
+CONFIGURE_ARGS+= --with-libldap=${LOCALBASE}
+.else
+CONFIGURE_ARGS+= --without-libldap
+.endif
+
+.if ${PORT_OPTIONS:MSAUNSPEC}
+CONFIGURE_ARGS+= --enable-samode-unspec
+.else
+CONFIGURE_ARGS+= --disable-samode-unspec
+.endif
+
+.if ${PORT_OPTIONS:MRC5}
+CONFIGURE_ARGS+= --enable-rc5
+.else
+CONFIGURE_ARGS+= --disable-rc5
+.endif
+
+.if ${PORT_OPTIONS:MIDEA}
+CONFIGURE_ARGS+= --enable-idea
+.else
+CONFIGURE_ARGS+= --disable-idea
+.endif
+
+.if ${OSVERSION} < 4000
+.if ${PORT_OPTIONS:MNATT}
+pre-configure:
+ @${ECHO_MSG} "===> -------------------------------------------------------------------------"
+ @${ECHO_MSG} "===> ATTENTION: You need a kernel patch to enable NAT-Traversal functionality!"
+ @${ECHO_MSG} "===> latest known patch for FreeBSD 7 is available here:"
+ @${ECHO_MSG} "===> http://people.freebsd.org/~bz/20110123-01-stable7-natt.diff"
+ @${ECHO_MSG} "===> You might possibly have to do some steps manually if it fails to apply."
+ @${ECHO_MSG} "===> -------------------------------------------------------------------------"
+ @sleep 3
+.endif
+.endif
+
+post-install:
+ @${MKDIR} ${PREFIX}/etc/racoon
+ @if [ -z `/sbin/sysctl -a | ${GREP} -q ipsec && ${ECHO_CMD} ipsec` ]; then \
+ ${ECHO_MSG} "WARNING: IPsec feature is disabled on this host"; \
+ ${ECHO_MSG} " You must build the kernel if you want to run racoon on the host"; \
+ fi ;
+ @${MKDIR} ${EXAMPLESDIR}
+ @${RM} -f ${WRKSRC}/src/racoon/samples/*.in
+ @${CP} -r ${WRKSRC}/src/racoon/samples/* ${EXAMPLESDIR}
+.if ${PORT_OPTIONS:MDOCS}
+ @${MKDIR} ${DOCSDIR}
+ @${INSTALL_DATA} ${WRKSRC}/src/racoon/doc/* ${DOCSDIR}
+.endif
+
+.include <bsd.port.post.mk>
Added: trunk/security/ipsec-tools/distinfo
===================================================================
--- trunk/security/ipsec-tools/distinfo (rev 0)
+++ trunk/security/ipsec-tools/distinfo 2013-09-08 20:37:52 UTC (rev 15420)
@@ -0,0 +1,2 @@
+SHA256 (ipsec-tools-0.8.0.tar.bz2) = 2359a24aa8eda9ca7043fc47950c8e6b7f58a07c5d5ad316aa7de2bc5e3a8717
+SIZE (ipsec-tools-0.8.0.tar.bz2) = 809297
Added: trunk/security/ipsec-tools/files/patch8-utmp.diff
===================================================================
--- trunk/security/ipsec-tools/files/patch8-utmp.diff (rev 0)
+++ trunk/security/ipsec-tools/files/patch8-utmp.diff 2013-09-08 20:37:52 UTC (rev 15420)
@@ -0,0 +1,69 @@
+--- src/racoon/isakmp_cfg.c 21 Sep 2010 13:14:17 -0000 1.24
++++ src/racoon/isakmp_cfg.c 4 Aug 2010 09:16:58 -0000 1.23
+@@ -38,7 +38,7 @@
+ #include <sys/socket.h>
+ #include <sys/queue.h>
+
+-#include <utmpx.h>
++#include <utmp.h>
+ #if defined(__APPLE__) && defined(__MACH__)
+ #include <util.h>
+ #endif
+@@ -1661,7 +1661,8 @@ isakmp_cfg_accounting_system(port, raddr
+ int inout;
+ {
+ int error = 0;
+- struct utmpx ut;
++ struct utmp ut;
++ char term[UT_LINESIZE];
+ char addr[NI_MAXHOST];
+
+ if (usr == NULL || usr[0]=='\0') {
+@@ -1670,33 +1671,36 @@ isakmp_cfg_accounting_system(port, raddr
+ return -1;
+ }
+
+- memset(&ut, 0, sizeof ut);
+- gettimeofday((struct timeval *)&ut.ut_tv, NULL);
+- snprintf(ut.ut_id, sizeof ut.ut_id, TERMSPEC, port);
++ sprintf(term, TERMSPEC, port);
+
+ switch (inout) {
+ case ISAKMP_CFG_LOGIN:
+- ut.ut_type = USER_PROCESS;
+- strncpy(ut.ut_user, usr, sizeof ut.ut_user);
++ strncpy(ut.ut_name, usr, UT_NAMESIZE);
++ ut.ut_name[UT_NAMESIZE - 1] = '\0';
++
++ strncpy(ut.ut_line, term, UT_LINESIZE);
++ ut.ut_line[UT_LINESIZE - 1] = '\0';
+
+ GETNAMEINFO_NULL(raddr, addr);
+- strncpy(ut.ut_host, addr, sizeof ut.ut_host);
++ strncpy(ut.ut_host, addr, UT_HOSTSIZE);
++ ut.ut_host[UT_HOSTSIZE - 1] = '\0';
+
++ ut.ut_time = time(NULL);
++
+ plog(LLV_INFO, LOCATION, NULL,
+ "Accounting : '%s' logging on '%s' from %s.\n",
+- ut.ut_user, ut.ut_id, addr);
++ ut.ut_name, ut.ut_line, ut.ut_host);
+
+- pututxline(&ut);
++ login(&ut);
+
+ break;
+ case ISAKMP_CFG_LOGOUT:
+- ut.ut_type = DEAD_PROCESS;
+
+ plog(LLV_INFO, LOCATION, NULL,
+ "Accounting : '%s' unlogging from '%s'.\n",
+- usr, ut.ut_id);
++ usr, term);
+
+- pututxline(&ut);
++ logout(term);
+
+ break;
+ default:
Added: trunk/security/ipsec-tools/files/racoon.in
===================================================================
--- trunk/security/ipsec-tools/files/racoon.in (rev 0)
+++ trunk/security/ipsec-tools/files/racoon.in 2013-09-08 20:37:52 UTC (rev 15420)
@@ -0,0 +1,52 @@
+#!/bin/sh
+
+# $FreeBSD$
+#
+# PROVIDE: racoon
+# REQUIRE: LOGIN
+# KEYWORD: shutdown
+#
+# Define these racoon_* variables in one of these files:
+# /etc/rc.conf
+# /etc/rc.conf.local
+# /etc/rc.conf.d/racoon
+#
+# DO NOT CHANGE THESE DEFAULT VALUES HERE
+
+. /etc/rc.subr
+
+name="racoon"
+rcvar=racoon_enable
+
+load_rc_config $name
+
+racoon_enable=${racoon_enable:-"NO"} # Disable by default
+racoon_create_dirs=${racoon_create_dirs:-"NO"} # Create $required_dirs
+#racoon_flags="" # Flags to racoon program
+
+command="%%PREFIX%%/sbin/${name}"
+pidfile="/var/run/${name}.pid"
+
+start_precmd="${name}_prestart"
+stop_postcmd="${name}_cleanup"
+
+socketfile="%%STATEDIR%%/${name}.sock"
+required_files="%%PREFIX%%/etc/${name}/${name}.conf"
+required_dirs="%%STATEDIR%%"
+
+racoon_cleanup()
+{
+ /bin/rm -f ${pidfile}
+ /bin/rm -f ${socketfile}
+}
+
+racoon_prestart()
+{
+ racoon_cleanup
+
+ if checkyesno "${name}_create_dirs"; then
+ /bin/mkdir -p $required_dirs
+ fi
+}
+
+run_rc_command "$1"
Added: trunk/security/ipsec-tools/pkg-descr
===================================================================
--- trunk/security/ipsec-tools/pkg-descr (rev 0)
+++ trunk/security/ipsec-tools/pkg-descr 2013-09-08 20:37:52 UTC (rev 15420)
@@ -0,0 +1,24 @@
+racoon speaks IKE (ISAKMP/Oakley) key management protocol, to
+establish security association with other hosts.
+
+This is the IPSec-tools version of racoon.
+
+Enchancements:
+- Support of NAT-T and IKE fragmentation.
+- Support of many authentication algorithms.
+- Tons of bugfixes.
+
+Known issues:
+- Non-threaded implementation. Simultaneous key negotiation performance
+ should be improved.
+- Cannot negotiate keys for per-socket policy.
+- Cryptic configuration syntax - blame IPsec specification too...
+- Needs more documentation.
+
+Design choice, not a bug:
+- racoon negotiate IPsec keys only. It does not negotiate policy. Policy must
+ be configured into the kernel separately from racoon. If you want to
+ support roaming clients, you may need to have a mechanism to put policy
+ for the roaming client after phase 1 finishes.
+
+WWW: http://ipsec-tools.sourceforge.net/
Added: trunk/security/ipsec-tools/pkg-plist
===================================================================
--- trunk/security/ipsec-tools/pkg-plist (rev 0)
+++ trunk/security/ipsec-tools/pkg-plist 2013-09-08 20:37:52 UTC (rev 15420)
@@ -0,0 +1,53 @@
+sbin/plainrsa-gen
+sbin/racoon
+sbin/racoonctl
+sbin/setkey
+include/libipsec/libpfkey.h
+include/racoon/admin.h
+include/racoon/evt.h
+include/racoon/gcmalloc.h
+include/racoon/ipsec_doi.h
+include/racoon/isakmp.h
+include/racoon/isakmp_cfg.h
+include/racoon/isakmp_unity.h
+include/racoon/isakmp_var.h
+include/racoon/isakmp_xauth.h
+include/racoon/misc.h
+include/racoon/racoonctl.h
+include/racoon/schedule.h
+include/racoon/sockmisc.h
+include/racoon/var.h
+include/racoon/vmbuf.h
+lib/libipsec.a
+lib/libipsec.la
+lib/libipsec.so
+lib/libipsec.so.0
+lib/libracoon.a
+lib/libracoon.la
+lib/libracoon.so
+lib/libracoon.so.0
+%%EXAMPLESDIR%%/psk.txt
+%%EXAMPLESDIR%%/psk.txt.sample
+%%EXAMPLESDIR%%/racoon.conf
+%%EXAMPLESDIR%%/racoon.conf.sample
+%%EXAMPLESDIR%%/racoon.conf.sample-gssapi
+%%EXAMPLESDIR%%/racoon.conf.sample-inherit
+%%EXAMPLESDIR%%/racoon.conf.sample-natt
+%%EXAMPLESDIR%%/racoon.conf.sample-plainrsa
+%%EXAMPLESDIR%%/roadwarrior/README
+%%EXAMPLESDIR%%/roadwarrior/client/phase1-down.sh
+%%EXAMPLESDIR%%/roadwarrior/client/phase1-up.sh
+%%EXAMPLESDIR%%/roadwarrior/client/racoon.conf
+%%EXAMPLESDIR%%/roadwarrior/server/racoon.conf
+%%EXAMPLESDIR%%/roadwarrior/server/racoon.conf-radius
+ at exec mkdir -p %D/etc/racoon
+ at dirrmtry etc/racoon
+ at dirrm include/racoon
+ at dirrm include/libipsec
+ at dirrm %%EXAMPLESDIR%%/roadwarrior/server
+ at dirrm %%EXAMPLESDIR%%/roadwarrior/client
+ at dirrm %%EXAMPLESDIR%%/roadwarrior
+ at dirrm %%EXAMPLESDIR%%
+ at cwd /
+ at exec mkdir -p %%STATEDIR%%
+ at dirrmtry %%STATEDIR%%
More information about the Midnightbsd-cvs
mailing list