Patchwork [OpenWrt-Devel] (resent) allow racoon user authentication from file

login
register
Submitter Markus Stockhausen
Date 2011-11-04 08:55:07
Message ID <web-3791500@collogia.de>
Download mbox | patch
Permalink /patch/1561/
State New
Headers show

Comments

Markus Stockhausen - 2011-11-04 08:55:07
Hello,

As I just discovered I did not sent a svn diff the first time. Attached you will find the
corrected patch version.

Default racoon xauth user authentication is only allowed through /etc/passwd or
external communication (ldap, radius). To enable a local UCI driven user/password
database I wrote a patch that will read them from the startscript-generated file
/var/racoon/xauthuser.txt. But only if it exists. Otherwise authentication falls back
to standard beaviour.

Signed-off-by: Markus Stockhausen < markus /dot/ stockhausen /at/ collogia /dot/ de >
****************************************************************************
Diese E-Mail enthält vertrauliche und/oder rechtlich geschützte
Informationen. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail
irrtümlich erhalten haben, informieren Sie bitte sofort den Absender und
vernichten Sie diese Mail. Das unerlaubte Kopieren sowie die unbefugte
Weitergabe dieser Mail ist nicht gestattet.

Über das Internet versandte E-Mails können unter fremden Namen erstellt oder
manipuliert werden. Deshalb ist diese als E-Mail verschickte Nachricht keine
rechtsverbindliche Willenserklärung.

Collogia
Unternehmensberatung AG
Ubierring 11
D-50678 Köln

Vorstand:
Kadir Akin
Dr. Michael Höhnerbach

Vorsitzender des Aufsichtsrates:
Hans Kristian Langva

Registergericht: Amtsgericht Köln
Registernummer: HRB 52 497

This e-mail may contain confidential and/or privileged information. If you
are not the intended recipient (or have received this e-mail in error)
please notify the sender immediately and destroy this e-mail. Any
unauthorized copying, disclosure or distribution of the material in this
e-mail is strictly forbidden.

e-mails sent over the internet may have been written under a wrong name or
been manipulated. That is why this message sent as an e-mail is not a
legally binding declaration of intention.

Collogia
Unternehmensberatung AG
Ubierring 11
D-50678 Köln

executive board:
Kadir Akin
Dr. Michael Höhnerbach

President of the supervisory board:
Hans Kristian Langva

Registry office: district court Cologne
Register number: HRB 52 497

****************************************************************************

Patch

Index: net/ipsec-tools/patches/006-xauth_user_file.patch
===================================================================
--- net/ipsec-tools/patches/006-xauth_user_file.patch	(revision 0)
+++ net/ipsec-tools/patches/006-xauth_user_file.patch	(revision 0)
@@ -0,0 +1,42 @@ 
+--- a/src/racoon/isakmp_xauth.c
++++ b/src/racoon/isakmp_xauth.c
+@@ -1261,6 +1261,39 @@ xauth_login_system(usr, pwd)
+  	char *usr;
+  	char *pwd;
+  {
++	/* OpenWrt fix: if possible check user from password file */
++	FILE *fp;
++	char line[256];
++	char *linecut;
++	char filename[80];
++	int found;
++	char *fusr;
++	char *fpwd;
++
++	strcpy(filename,"/var/racoon/xauthuser.txt");
++	if ((fp = fopen(filename, "r")) != NULL) {
++		plog(LLV_INFO, LOCATION, NULL,
++			"verifying user from %s\n",filename);
++
++		found = -1;
++		while ( fgets(line, 255, fp) != NULL && found == -1) {
++			if (line[0] != '#') {
++				linecut  = strtok(line,"#\n");
++				fusr = strtok(linecut," \t");
++				fpwd = strtok(NULL," \t");
++
++				if ( fusr && fpwd
++				&& strcmp(fusr,"")!=0 && strcmp(fpwd,"")!=0
++				&& strcmp(fusr,usr)==0 && strcmp(fpwd,pwd)==0)
++				found = 0;
++			}
++		}
++		fclose(fp);
++
++		return found;
++	}
++	/* OpenWrt fix */
++
+  	struct passwd *pw;
+  	char *cryptpwd;
+  	char *syscryptpwd;