Add isakmpd, OpenBSD's IKE daemon

SVN-Revision: 4741
2024-12-20 06:08:08 +00:00 · 2006-09-03 17:43:25 +00:00 · 2006-09-03 17:43:25 +00:00 · 25df40c90a
commit 25df40c90a
parent 760f4a9690
3 changed files with 336 additions and 0 deletions
--- a/openwrt/package/isakmpd/Makefile
+++ b/openwrt/package/isakmpd/Makefile
@ -0,0 +1,50 @@
 # 
 # Copyright (C) 2006 OpenWrt.org
 #
 # This is free software, licensed under the GNU General Public License v2.
 # See /LICENSE for more information.
 #
 # $Id: Makefile 4619 2006-08-22 09:50:02Z florian $
 include $(TOPDIR)/rules.mk
 PKG_NAME:=isakmpd
 PKG_VERSION:=20040115cvs
 PKG_RELEASE:=1
 PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
 PKG_SOURCE_URL:=@SF/isakmpd
 PKG_MD5SUM:=9f59b10d57cfed5e95743255f1c1620d
 PKG_CAT:=bzcat
 PKG_INSTALL_DIR:=$(PKG_BUILD_DIR)/ipkg-install
 include $(INCLUDE_DIR)/package.mk
 include $(INCLUDE_DIR)/kernel.mk
 define Package/isakmpd
 SECTION:=base
 CATEGORY:=Network
 DEPENDS:=@LINUX_2_6 +libopenssl +keynote +libgmp
 TITLE:=IPsec management tools
 DESCRIPTION:=IPsec management tools
 URL:=http://isakmpd.sourceforge.net/
 endef
 define Build/Compile
 	$(call Build/Compile/Default,LINUX_DIR="$(LINUX_DIR)" \
 		STAGING_DIR="$(STAGING_DIR)" \
 		DESTDIR="$(PKG_INSTALL_DIR)")
 	$(MAKE) -C $(PKG_BUILD_DIR) \
 		DESTDIR="$(PKG_INSTALL_DIR)" \
 		INSTALL="install -c" \
 		install-bin
 endef
 define Package/isakmpd/install
 	install -d -m0755 $(1)/usr/sbin
 	$(CP) $(PKG_INSTALL_DIR)/* $(1)/
 endef
 $(eval $(call BuildPackage,isakmpd))
--- a/openwrt/package/isakmpd/patches/01-standardize.patch
+++ b/openwrt/package/isakmpd/patches/01-standardize.patch
@ -0,0 +1,132 @@
 diff -urN isakmpd/GNUmakefile isakmpd.new/GNUmakefile
 --- isakmpd/GNUmakefile	2004-01-16 13:36:32.000000000 +0100
 +++ isakmpd.new/GNUmakefile	2006-09-03 17:33:03.000000000 +0200
@@ -40,12 +40,12 @@
 # integrated, freebsd/netbsd means FreeBSD/NetBSD with KAME IPsec.
 # darwin means MacOS X 10.2 and later with KAME IPsec. linux means Linux-2.5
 # and later with native IPSec support.
 -OS=		openbsd
 +#OS=		openbsd
 #OS=		netbsd
 #OS=		freebsd
 #OS=		freeswan
 #OS=		darwin
 -#OS=		linux
 +OS=		linux
 .CURDIR:=	$(shell pwd)
 VPATH=		${.CURDIR}/sysdep/${OS}
@@ -53,11 +53,11 @@
 PROG=		isakmpd
 ifndef BINDIR
 -BINDIR=		/sbin
 -endif
 -ifndef LDSTATIC
 -LDSTATIC=	-static
 +BINDIR=		/usr/sbin
 endif
 +#ifndef LDSTATIC
 +#LDSTATIC=	-static
 +#endif
 SRCS=		app.c attribute.c cert.c connection.c \
 		constants.c conf.c cookie.c crypto.c dh.c doi.c exchange.c \
@@ -154,7 +154,7 @@
 ifdef USE_KEYNOTE
 USE_LIBCRYPTO=	yes
 -LDADD+=		-lkeynote -lm
 +LDADD+=		-L${LIBKEYNOTEDIR} -lkeynote -lm
 DPADD+=		${LIBKEYNOTE} ${LIBM}
 POLICY=		policy.c
 CFLAGS+=	-DUSE_KEYNOTE
@@ -238,3 +238,16 @@
 realcleandepend:
 	rm -f .depend tags
 +
 +# Install rules
 +install: install-bin install-man
 +
 +install-bin: isakmpd
 +	-mkdir -p $(DESTDIR)$(BINDIR)
 +	$(INSTALL) $(INSTALL_OPTS) -m 755 isakmpd $(DESTDIR)$(BINDIR)
 +
 +install-man:
 +	-mkdir -p $(DESTDIR)$(MANDIR)/man8
 +	$(INSTALL) $(INSTALL_OPTS) -m 444 isakmpd.8 $(DESTDIR)$(MANDIR)/man8
 +	-mkdir -p $(DESTDIR)$(MANDIR)/man5
 +	$(INSTALL) $(INSTALL_OPTS) -m 444 isakmpd.conf.5 isakmpd.policy.5 $(DESTDIR)$(MANDIR)/man5
 diff -urN isakmpd/samples/Makefile isakmpd.new/samples/Makefile
 --- isakmpd/samples/Makefile	2003-06-03 16:39:50.000000000 +0200
 +++ isakmpd.new/samples/Makefile	2006-09-03 17:07:24.000000000 +0200
@@ -26,7 +26,7 @@
 #
 FILES=		VPN-* policy singlehost-*
 -TARGETDIR=	/usr/share/ipsec/isakmpd
 +TARGETDIR=	/usr/share/isakmpd/samples
 # The mkdir below is for installation on OpenBSD pre 2.7
 install:
 diff -urN isakmpd/sysdep/linux/GNUmakefile.sysdep isakmpd.new/sysdep/linux/GNUmakefile.sysdep
 --- isakmpd/sysdep/linux/GNUmakefile.sysdep	2004-01-16 13:36:42.000000000 +0100
 +++ isakmpd.new/sysdep/linux/GNUmakefile.sysdep	2006-09-03 17:16:48.000000000 +0200
@@ -25,18 +25,20 @@
 # THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 #
 -LIBGMP:=	/usr/lib/libgmp.a
 -LIBCRYPTO:=	/usr/lib/libcrypto.a
 +LIBGMP:=	-lgmp
 +LIBCRYPTO:=	-lcrypto
 LIBSYSDEPDIR:=	${.CURDIR}/sysdep/common/libsysdep
 LIBSYSDEP:=	${LIBSYSDEPDIR}/libsysdep.a
 -LDADD+=		-lgmp ${LIBSYSDEP} ${LIBCRYPTO}
 +LIBKEYNOTEDIR:=	$(STAGING_DIR)/usr/include
 +
 +LDADD+=		-lgmp ${LIBSYSDEP} ${LIBCRYPTO} -L$(STAGING_DIR)/usr/lib
 DPADD+=		${LIBGMP} ${LIBSYSDEP}
 CFLAGS+=	-DHAVE_GETNAMEINFO -DUSE_OLD_SOCKADDR -DHAVE_PCAP \
 		-DNEED_SYSDEP_APP -DMP_FLAVOUR=MP_FLAVOUR_GMP \
 -		-I/usr/src/linux/include -I${.CURDIR}/sysdep/common \
 -		-I/usr/include/openssl
 +		-I$(LINUX_DIR)/include -I${.CURDIR}/sysdep/common \
 +		-I$(STAGING_DIR)/usr/include/openssl -I${LIBKEYNOTEDIR}
 FEATURES=	debug tripledes blowfish cast ec aggressive x509 policy
@@ -50,7 +52,7 @@
 # hack libsysdep.a dependenc
 ${LIBSYSDEPDIR}/.depend ${LIBSYSDEP}:
 	cd ${LIBSYSDEPDIR} && \
 -		${MAKE} --no-print-directory ${MAKEFLAGS} \
 +		${MAKE} --no-print-directory \
 			CFLAGS="${CFLAGS}" MKDEP="${MKDEP}" ${MAKECMDGOALS}
 ifeq ($(findstring clean,$(MAKECMDGOALS)),clean)
 diff -urN isakmpd/x509.c isakmpd.new/x509.c
 --- isakmpd/x509.c	2004-01-06 01:09:19.000000000 +0100
 +++ isakmpd.new/x509.c	2006-09-03 17:07:24.000000000 +0200
@@ -969,14 +969,14 @@
    * trust.
    */
   X509_STORE_CTX_init (&csc, x509_cas, cert, NULL);
 -#if OPENSSL_VERSION_NUMBER >= 0x00907000L
 -  /* XXX See comment in x509_read_crls_from_dir.  */
 -  if (x509_cas->flags & X509_V_FLAG_CRL_CHECK)
 +//#if OPENSSL_VERSION_NUMBER >= 0x00907000L
 +    /* XXX See comment in x509_read_crls_from_dir.  */
 +   /*if (x509_cas->flags & X509_V_FLAG_CRL_CHECK)
     {
       X509_STORE_CTX_set_flags (&csc, X509_V_FLAG_CRL_CHECK);
       X509_STORE_CTX_set_flags (&csc, X509_V_FLAG_CRL_CHECK_ALL);
     }
 -#endif
 +#endif */
   res = X509_verify_cert (&csc);
   err = csc.error;
   X509_STORE_CTX_cleanup (&csc);
--- a/openwrt/package/isakmpd/patches/02-openssl_hashes.patch
+++ b/openwrt/package/isakmpd/patches/02-openssl_hashes.patch
@ -0,0 +1,154 @@
 diff -urN isakmpd/GNUmakefile isakmpd.new/GNUmakefile
 --- isakmpd/GNUmakefile	2006-09-01 19:29:05.000000000 +0200
 +++ isakmpd.new/GNUmakefile	2006-09-01 19:29:28.000000000 +0200
@@ -75,13 +75,14 @@
 		isakmp_fld.c isakmp_fld.h
 MAN=		isakmpd.8 isakmpd.conf.5 isakmpd.policy.5
 -CFLAGS+=	-O2 ${DEBUG} -Wall -DNEED_SYSDEP_APP \
 +CFLAGS+=	${DEBUG} -Wall -DNEED_SYSDEP_APP \
 		-I${.CURDIR} -I${.CURDIR}/sysdep/${OS} -I. \
 # Different debugging & profiling suggestions
 # Include symbolic debugging info
 DEBUG=		-g
 +CFLAGS+=	-g
 # Do execution time profiles
 #CFLAGS+=	-pg
@@ -172,6 +173,14 @@
 CFLAGS+=        -DUSE_RAWKEY
 endif
 +ifdef USE_OPENSSL_MD5
 +CFLAGS+=	-DUSE_OPENSSL_MD5
 +endif
 +
 +ifdef USE_OPENSSL_SHA1
 +CFLAGS+=	-DUSE_OPENSSL_SHA1
 +endif
 +
 SRCS+=		${IPSEC_SRCS} ${X509} ${POLICY} ${EC} ${AGGRESSIVE} ${DNSSEC} \
 		$(ISAKMP_CFG)
 CFLAGS+=	${IPSEC_CFLAGS}
 diff -urN isakmpd/sysdep/common/libsysdep/GNUmakefile isakmpd.new/sysdep/common/libsysdep/GNUmakefile
 --- isakmpd/sysdep/common/libsysdep/GNUmakefile	2003-06-03 16:52:06.000000000 +0200
 +++ isakmpd.new/sysdep/common/libsysdep/GNUmakefile	2006-09-01 19:29:28.000000000 +0200
@@ -31,10 +31,18 @@
 .CURDIR:=	$(shell pwd)
 LIB=		sysdep
 -SRCS=		arc4random.c blowfish.c cast.c md5.c sha1.c strlcat.c strlcpy.c
 +SRCS=		arc4random.c blowfish.c cast.c strlcat.c strlcpy.c
 NOMAN=
 CFLAGS+=	-I${.CURDIR}/.. -I/usr/include/machine
 +ifeq (,$(findstring USE_OPENSSL_MD5,$(CFLAGS)))
 +SRCS+=md5.c
 +endif
 +
 +ifeq (,$(findstring USE_OPENSSL_SHA1,$(CFLAGS)))
 +SRCS+=sha1.c
 +endif
 +
 lib${LIB}.a: ${SRCS:%.c=%.o}
 	ar cq $@ ${SRCS:%.c=%.o}
 diff -urN isakmpd/sysdep/common/libsysdep/md5.c isakmpd.new/sysdep/common/libsysdep/md5.c
 --- isakmpd/sysdep/common/libsysdep/md5.c	2002-06-14 23:34:58.000000000 +0200
 +++ isakmpd.new/sysdep/common/libsysdep/md5.c	2006-09-01 19:29:28.000000000 +0200
@@ -5,6 +5,8 @@
  * changes to accommodate it in the kernel by ji.
  */
 +#ifndef USE_OPENSSL_MD5
 +
 /* MD5C.C - RSA Data Security, Inc., MD5 message-digest algorithm
  */
@@ -390,3 +392,4 @@
 #endif
 #endif
 +#endif /* USE_OPENSSL_MD5 */
 diff -urN isakmpd/sysdep/common/libsysdep/sha1.c isakmpd.new/sysdep/common/libsysdep/sha1.c
 --- isakmpd/sysdep/common/libsysdep/sha1.c	2001-01-28 23:38:48.000000000 +0100
 +++ isakmpd.new/sysdep/common/libsysdep/sha1.c	2006-09-01 19:29:28.000000000 +0200
@@ -1,5 +1,7 @@
 /*	$OpenBSD: sha1.c,v 1.2 2001/01/28 22:38:48 niklas Exp $	*/
 +#ifndef USE_OPENSSL_SHA1
 +
 /*
 SHA-1 in C
 By Steve Reid <steve@edmweb.com>
@@ -171,3 +173,5 @@
     SHA1Transform(context->state, context->buffer);
 #endif
 }
 +
 +#endif /* USE_OPENSSL_SHA1 */
 diff -urN isakmpd/sysdep/common/md5.h isakmpd.new/sysdep/common/md5.h
 --- isakmpd/sysdep/common/md5.h	2001-01-28 23:38:47.000000000 +0100
 +++ isakmpd.new/sysdep/common/md5.h	2006-09-01 19:29:28.000000000 +0200
@@ -1,5 +1,15 @@
 /*	$OpenBSD: md5.h,v 1.2 2001/01/28 22:38:47 niklas Exp $	*/
 +#ifdef USE_OPENSSL_MD5
 +
 +#include <openssl/md5.h>
 +
 +#define MD5Init		MD5_Init
 +#define	MD5Update	MD5_Update
 +#define	MD5Final	MD5_Final
 +
 +#else	/* USE_OPENSSL_MD5 */
 +
 /* GLOBAL.H - RSAREF types and constants
  */
@@ -71,3 +81,5 @@
 void MD5Final PROTO_LIST ((unsigned char [16], MD5_CTX *));
 #define _MD5_H_
 +
 +#endif	/* USE_OPENSSL_MD5 */
 diff -urN isakmpd/sysdep/common/sha1.h isakmpd.new/sysdep/common/sha1.h
 --- isakmpd/sysdep/common/sha1.h	2001-01-28 23:38:47.000000000 +0100
 +++ isakmpd.new/sysdep/common/sha1.h	2006-09-01 19:29:28.000000000 +0200
@@ -1,5 +1,16 @@
 /*	$OpenBSD: sha1.h,v 1.2 2001/01/28 22:38:47 niklas Exp $	*/
 +#ifdef USE_OPENSSL_SHA1
 +
 +#include <openssl/sha.h>
 +
 +typedef SHA_CTX SHA1_CTX;
 +#define	SHA1Init	SHA1_Init
 +#define	SHA1Update	SHA1_Update
 +#define	SHA1Final	SHA1_Final
 +
 +#else	/* USE_OPENSSL_SHA1 */
 +
 /*
 SHA-1 in C
 By Steve Reid <steve@edmweb.com>
@@ -16,3 +27,5 @@
 void SHA1Init(SHA1_CTX* context);
 void SHA1Update(SHA1_CTX* context, unsigned char* data, unsigned int len);
 void SHA1Final(unsigned char digest[20], SHA1_CTX* context);
 +
 +#endif	/* USE_OPENSSL_SHA1 */
 diff -urN isakmpd/sysdep/linux/GNUmakefile.sysdep isakmpd.new/sysdep/linux/GNUmakefile.sysdep
 --- isakmpd/sysdep/linux/GNUmakefile.sysdep	2006-09-01 19:29:05.000000000 +0200
 +++ isakmpd.new/sysdep/linux/GNUmakefile.sysdep	2006-09-01 19:29:29.000000000 +0200
@@ -48,6 +48,8 @@
 USE_LIBCRYPO=	defined
 HAVE_DLOPEN=	defined
 USE_KEYNOTE=	defined
 +USE_OPENSSL_MD5=	defined
 +USE_OPENSSL_SHA1=	defined
 # hack libsysdep.a dependenc
 ${LIBSYSDEPDIR}/.depend ${LIBSYSDEP}: