Hello,
As I just discovered I did not sent a svn diff the first time. Attached you
will find the
corrected patch version.
Default racoon xauth user authentication is only allowed through /etc/passwd or
external communication (ldap, radius). To enable a local UCI driven
user/password
database I wrote a patch that will read them from the startscript-generated file
/var/racoon/xauthuser.txt. But only if it exists. Otherwise authentication
falls back
to standard beaviour.
Signed-off-by: Markus Stockhausen < markus /dot/ stockhausen /at/ collogia /dot/
de >
Index: net/ipsec-tools/patches/006-xauth_user_file.patch
===================================================================
--- net/ipsec-tools/patches/006-xauth_user_file.patch (revision 0)
+++ net/ipsec-tools/patches/006-xauth_user_file.patch (revision 0)
@@ -0,0 +1,42 @@
+--- a/src/racoon/isakmp_xauth.c
++++ b/src/racoon/isakmp_xauth.c
+@@ -1261,6 +1261,39 @@ xauth_login_system(usr, pwd)
+ char *usr;
+ char *pwd;
+ {
++ /* OpenWrt fix: if possible check user from password file */
++ FILE *fp;
++ char line[256];
++ char *linecut;
++ char filename[80];
++ int found;
++ char *fusr;
++ char *fpwd;
++
++ strcpy(filename,"/var/racoon/xauthuser.txt");
++ if ((fp = fopen(filename, "r")) != NULL) {
++ plog(LLV_INFO, LOCATION, NULL,
++ "verifying user from %s\n",filename);
++
++ found = -1;
++ while ( fgets(line, 255, fp) != NULL && found == -1) {
++ if (line[0] != '#') {
++ linecut = strtok(line,"#\n");
++ fusr = strtok(linecut," \t");
++ fpwd = strtok(NULL," \t");
++
++ if ( fusr && fpwd
++ && strcmp(fusr,"")!=0 && strcmp(fpwd,"")!=0
++ && strcmp(fusr,usr)==0 && strcmp(fpwd,pwd)==0)
++ found = 0;
++ }
++ }
++ fclose(fp);
++
++ return found;
++ }
++ /* OpenWrt fix */
++
+ struct passwd *pw;
+ char *cryptpwd;
+ char *syscryptpwd;****************************************************************************
Diese E-Mail enthält vertrauliche und/oder rechtlich geschützte
Informationen. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail
irrtümlich erhalten haben, informieren Sie bitte sofort den Absender und
vernichten Sie diese Mail. Das unerlaubte Kopieren sowie die unbefugte
Weitergabe dieser Mail ist nicht gestattet.
Ãber das Internet versandte E-Mails können unter fremden Namen erstellt oder
manipuliert werden. Deshalb ist diese als E-Mail verschickte Nachricht keine
rechtsverbindliche Willenserklärung.
Collogia
Unternehmensberatung AG
Ubierring 11
D-50678 Köln
Vorstand:
Kadir Akin
Dr. Michael Höhnerbach
Vorsitzender des Aufsichtsrates:
Hans Kristian Langva
Registergericht: Amtsgericht Köln
Registernummer: HRB 52 497
This e-mail may contain confidential and/or privileged information. If you
are not the intended recipient (or have received this e-mail in error)
please notify the sender immediately and destroy this e-mail. Any
unauthorized copying, disclosure or distribution of the material in this
e-mail is strictly forbidden.
e-mails sent over the internet may have been written under a wrong name or
been manipulated. That is why this message sent as an e-mail is not a
legally binding declaration of intention.
Collogia
Unternehmensberatung AG
Ubierring 11
D-50678 Köln
executive board:
Kadir Akin
Dr. Michael Höhnerbach
President of the supervisory board:
Hans Kristian Langva
Registry office: district court Cologne
Register number: HRB 52 497
****************************************************************************
_______________________________________________
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
