Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/net-dialup/openl2tp
diff options
context:
space:
mode:
authorAndrew Savchenko <bircoph@gmail.com>2010-11-10 19:08:01 +0300
committerAndrew Savchenko <bircoph@gmail.com>2010-11-10 19:08:01 +0300
commitb61ee9528908ab302bfb17afb3e96cc30889d441 (patch)
treed7f4923f9a3aa00127ab5ac025ddb441bfa87399 /net-dialup/openl2tp
parentopenl2tpd: new config example (diff)
downloadbircoph-b61ee9528908ab302bfb17afb3e96cc30889d441.tar.gz
bircoph-b61ee9528908ab302bfb17afb3e96cc30889d441.tar.bz2
bircoph-b61ee9528908ab302bfb17afb3e96cc30889d441.zip
openl2tpd: fix pppd auth args
Apply upstream patch to fix ppp auth args passing.
Diffstat (limited to 'net-dialup/openl2tp')
-rw-r--r--net-dialup/openl2tp/ChangeLog4
-rw-r--r--net-dialup/openl2tp/Manifest4
-rw-r--r--net-dialup/openl2tp/files/openl2tp-1.7-ppp_auth_args.patch108
-rw-r--r--net-dialup/openl2tp/openl2tp-1.7-r1.ebuild150
4 files changed, 265 insertions, 1 deletions
diff --git a/net-dialup/openl2tp/ChangeLog b/net-dialup/openl2tp/ChangeLog
index 97cdcec..7e10cf4 100644
--- a/net-dialup/openl2tp/ChangeLog
+++ b/net-dialup/openl2tp/ChangeLog
@@ -3,6 +3,10 @@
# $Header: $
10 Nov 2010; Andrew Savchenko <bircoph@gmail.com>
+ +files/openl2tp-1.7-ppp_auth_args.patch:
+ Apply upstream patch to fix ppp auth args passing.
+
+ 10 Nov 2010; Andrew Savchenko <bircoph@gmail.com>
files/openl2tpd.conf.sample:
Update sample config file with more reliable and practically
verified defaults.
diff --git a/net-dialup/openl2tp/Manifest b/net-dialup/openl2tp/Manifest
index 3f32bbe..8e45f00 100644
--- a/net-dialup/openl2tp/Manifest
+++ b/net-dialup/openl2tp/Manifest
@@ -1,12 +1,14 @@
AUX openl2tp-1.7-l2tpconfig.patch 621 RMD160 ca821f3336fcc35336e2bd857ac92700d1e37c5e SHA1 e116771492724db3543e5cfb35bd88b4812aeebe SHA256 f7176518baad226d276006fa3d0c877b5ebab982266ffaef954f6d72dcf1bb8a
AUX openl2tp-1.7-ldflags.patch 2318 RMD160 32b38b8dbf8b0e29855b6571f261ca6c42c762ce SHA1 33667dc4204ab6047654329118a8fad8e43ae4f4 SHA256 786a1178aaa774e75a9b1a2c76a9a9b18bb62791ba4e66d0edac4442b9f460ab
AUX openl2tp-1.7-man.patch 1345 RMD160 4103470fbaaebba1cfa232aaaf2a042b77e61e7f SHA1 4f1a05616a3f4faf4cc75ff5e2a64e4329cf1d15 SHA256 6752ee913ca7fae689408da9bc1148dd302cc5a97a18c7c0b9280d12e9f933c3
+AUX openl2tp-1.7-ppp_auth_args.patch 5002 RMD160 60e6edece7c3a1e9b6d7568b2756f8d5baab720d SHA1 8bc053573075e80dc039dc4fa81b9cfb5db5fd64 SHA256 fc8e52d9bd35c9d4224f7fd46fa19ffe03f27f0f9d5404d1f9d913c1069d5ffd
AUX openl2tp-1.7-pppd.patch 847 RMD160 734323993b668fe510ebbde78c1d04f2224be208 SHA1 731aaddf60cfc6cd9162221fb2ade4307e49fe3c SHA256 0a2c32f5f14ed6376557c810010afa2a29f88fc7445afc6fc03b5abea0b25482
AUX openl2tp-1.7-werror.patch 1602 RMD160 77c73e8d5bb89e1d1288e79db80339f0b42eeae8 SHA1 c4915b6f30dc43881a51d4ce5b8d61519429b18f SHA256 259d0291bfa64d4b33c77f2bf534006202259d4ec1105af8a9d1d857eebca1a7
AUX openl2tpd.conf.sample 681 RMD160 c36361ea26c675263d90673933c32e1cd5664f38 SHA1 fe9022987dc009794b92577e58d2cf25b1e23f43 SHA256 333d2f4b4babf2a408d7ea7602871712d8a8337d9cd1bf885bc1b6e49b34528f
AUX openl2tpd.confd 627 RMD160 c98ef7bdcca067cab855b43f4c28d7db5651dbee SHA1 ab72ca17e0f3b1d8839bc1a644c11f160529bc9d SHA256 9bea610cf2614bdd6c2f371987f98f8c9b854dd8332d33647505c895ae9a7314
AUX openl2tpd.initd 1408 RMD160 38cbf38472df1a1493bc2be0cf8c55b17c8f1510 SHA1 76891770505f8927b1df0ead0648f3b5861e5da7 SHA256 946a0e8b7341e2d346b9b4814a3b1ed8519ee9b6db9bf0e91f7c7cabbf1f2c48
DIST openl2tp-1.7.tar.gz 501698 RMD160 5a85297060338fc24230582fc3674638d1778634 SHA1 f79e5229b8501664e98bac8229a6d8547b43467b SHA256 f6ae19e19340144ba28c31c55f4667fb180b61ee76ccef2bf63fa62f297ca9da
+EBUILD openl2tp-1.7-r1.ebuild 4199 RMD160 0ded02ee0bacd2cb4066cd2e94098ca9478fcd92 SHA1 72ce525c15515501d1c42713c2d5f7d56e3e9293 SHA256 d5bb3d35647cd46088dc0e38510456bcd5c7d49b901953fbdd870e07a7d40a99
EBUILD openl2tp-1.7.ebuild 4023 RMD160 2cda1a5a433446f75057727a5152660fa07b8144 SHA1 367b57a117e106d4eefb657450ca1788c88a9b6b SHA256 ff06cb9413037def2eb2f81e63bb31d92827ca643c2f8e3d460e1d198610eda8
-MISC ChangeLog 492 RMD160 0579561c6002ed9fa1a221ef0eb24b929c0f03a3 SHA1 2cd3a8b8f6f26c2038acdf291d2e5b576be19c38 SHA256 c3ae85d0321019c32b6c59e4b6f1115cfe84d9aaae0644e0a9ec1c8829e6d22c
+MISC ChangeLog 641 RMD160 d948c5d67f65389c3000e043132fff182434bd88 SHA1 22eb2d934c05b77ac61381c380882dbd8bb15d3c SHA256 5080caad454250c8b8fd5f1575fcbaa5783d91a505ff8f947151ea530a497a65
MISC metadata.xml 762 RMD160 416cd2087fe041e02046f07bb6c1677908542c37 SHA1 302dc937814f7d4c32ad16c0300020794f519c0e SHA256 e765957111816f91553fd3db2fef165babdd02ee82d923da6f5b455b684afd72
diff --git a/net-dialup/openl2tp/files/openl2tp-1.7-ppp_auth_args.patch b/net-dialup/openl2tp/files/openl2tp-1.7-ppp_auth_args.patch
new file mode 100644
index 0000000..fd2e683
--- /dev/null
+++ b/net-dialup/openl2tp/files/openl2tp-1.7-ppp_auth_args.patch
@@ -0,0 +1,108 @@
+In ppp_unix_params_to_argv (ppp_unix.c:168) when the refuse-*
+arguments to pppd are determined, only the value of flags2 is
+considered. However, in l 2tp_parse_ppp_profile_arg
+(l2tp_config.c:3273) where the values are parsed, the flags2 field is
+used only to indicate that the field value for the opt ion has been
+set. This has the effect that if a user sets auth_mschapv2=ye s in
+openl2tpd.conf refuse-mschapv2 will be passed to pppd (since L2TP_API_
+PPP_PROFILE_FLAG_AUTH_REFUSE_MSCHAPV2 is set in flags2, but the
+auth_refuse _mschapv2 field is set to 0). I have attached a patch
+which corrects this behavior to consider the value of the field when
+determining whether to add the argument to pppd. (kevinoid@users.sf.net)
+
+--- openl2tp-1.7.orig/plugins/ppp_unix.c 2008-08-05 10:33:49.000000000 -0600
++++ openl2tp-1.7/plugins/ppp_unix.c 2010-04-04 14:25:34.964151271 -0600
+@@ -285,19 +285,24 @@
+ }
+
+ /* ppp auth options */
+- if (params->flags2 & L2TP_API_PPP_PROFILE_FLAG_AUTH_REFUSE_EAP) {
++ if ((params->flags2 & L2TP_API_PPP_PROFILE_FLAG_AUTH_REFUSE_EAP) &&
++ params->auth_refuse_eap) {
+ argv[arg++] = "refuse-eap";
+ }
+- if (params->flags2 & L2TP_API_PPP_PROFILE_FLAG_AUTH_REFUSE_MSCHAPV2) {
++ if ((params->flags2 & L2TP_API_PPP_PROFILE_FLAG_AUTH_REFUSE_MSCHAPV2) &&
++ params->auth_refuse_mschapv2) {
+ argv[arg++] = "refuse-mschap-v2";
+ }
+- if (params->flags2 & L2TP_API_PPP_PROFILE_FLAG_AUTH_REFUSE_MSCHAP) {
++ if ((params->flags2 & L2TP_API_PPP_PROFILE_FLAG_AUTH_REFUSE_MSCHAP) &&
++ params->auth_refuse_mschap) {
+ argv[arg++] = "refuse-mschap";
+ }
+- if (params->flags2 & L2TP_API_PPP_PROFILE_FLAG_AUTH_REFUSE_CHAP) {
++ if ((params->flags2 & L2TP_API_PPP_PROFILE_FLAG_AUTH_REFUSE_CHAP) &&
++ params->auth_refuse_chap) {
+ argv[arg++] = "refuse-chap";
+ }
+- if (params->flags2 & L2TP_API_PPP_PROFILE_FLAG_AUTH_REFUSE_PAP) {
++ if ((params->flags2 & L2TP_API_PPP_PROFILE_FLAG_AUTH_REFUSE_PAP) &&
++ params->auth_refuse_pap) {
+ argv[arg++] = "refuse-pap";
+ }
+
+@@ -313,25 +318,53 @@
+ L2TP_API_PPP_PROFILE_FLAG_AUTH_REFUSE_MSCHAP |
+ L2TP_API_PPP_PROFILE_FLAG_AUTH_REFUSE_CHAP |
+ L2TP_API_PPP_PROFILE_FLAG_AUTH_REFUSE_PAP);
+- if (auth_flags == (L2TP_API_PPP_PROFILE_FLAG_AUTH_REFUSE_EAP |
++ if ((auth_flags & ~L2TP_API_PPP_PROFILE_FLAG_AUTH_REFUSE_PAP) ==
++ (L2TP_API_PPP_PROFILE_FLAG_AUTH_REFUSE_EAP |
+ L2TP_API_PPP_PROFILE_FLAG_AUTH_REFUSE_MSCHAPV2 |
+ L2TP_API_PPP_PROFILE_FLAG_AUTH_REFUSE_MSCHAP |
+- L2TP_API_PPP_PROFILE_FLAG_AUTH_REFUSE_CHAP)) {
++ L2TP_API_PPP_PROFILE_FLAG_AUTH_REFUSE_CHAP) &&
++ params->auth_refuse_eap &&
++ params->auth_refuse_mschapv2 &&
++ params->auth_refuse_mschap &&
++ params->auth_refuse_chap &&
++ (!(auth_flags & L2TP_API_PPP_PROFILE_FLAG_AUTH_REFUSE_PAP) ||
++ !params->auth_refuse_pap)) {
+ argv[arg++] = "require-pap";
+- } else if (auth_flags == (L2TP_API_PPP_PROFILE_FLAG_AUTH_REFUSE_EAP |
++ } else if ((auth_flags & ~L2TP_API_PPP_PROFILE_FLAG_AUTH_REFUSE_CHAP) ==
++ (L2TP_API_PPP_PROFILE_FLAG_AUTH_REFUSE_EAP |
+ L2TP_API_PPP_PROFILE_FLAG_AUTH_REFUSE_MSCHAPV2 |
+ L2TP_API_PPP_PROFILE_FLAG_AUTH_REFUSE_MSCHAP |
+- L2TP_API_PPP_PROFILE_FLAG_AUTH_REFUSE_PAP)) {
++ L2TP_API_PPP_PROFILE_FLAG_AUTH_REFUSE_PAP) &&
++ params->auth_refuse_eap &&
++ params->auth_refuse_mschapv2 &&
++ params->auth_refuse_mschap &&
++ params->auth_refuse_pap &&
++ (!(auth_flags & L2TP_API_PPP_PROFILE_FLAG_AUTH_REFUSE_CHAP) ||
++ !params->auth_refuse_chap)) {
+ argv[arg++] = "require-chap";
+- } else if (auth_flags == (L2TP_API_PPP_PROFILE_FLAG_AUTH_REFUSE_EAP |
++ } else if ((auth_flags & ~L2TP_API_PPP_PROFILE_FLAG_AUTH_REFUSE_MSCHAP) ==
++ (L2TP_API_PPP_PROFILE_FLAG_AUTH_REFUSE_EAP |
+ L2TP_API_PPP_PROFILE_FLAG_AUTH_REFUSE_MSCHAPV2 |
+ L2TP_API_PPP_PROFILE_FLAG_AUTH_REFUSE_CHAP |
+- L2TP_API_PPP_PROFILE_FLAG_AUTH_REFUSE_PAP)) {
++ L2TP_API_PPP_PROFILE_FLAG_AUTH_REFUSE_PAP) &&
++ params->auth_refuse_eap &&
++ params->auth_refuse_mschapv2 &&
++ params->auth_refuse_chap &&
++ params->auth_refuse_pap &&
++ (!(auth_flags & L2TP_API_PPP_PROFILE_FLAG_AUTH_REFUSE_MSCHAP) ||
++ !params->auth_refuse_mschap)) {
+ argv[arg++] = "require-mschap";
+- } else if (auth_flags == (L2TP_API_PPP_PROFILE_FLAG_AUTH_REFUSE_EAP |
++ } else if ((auth_flags & ~L2TP_API_PPP_PROFILE_FLAG_AUTH_REFUSE_MSCHAPV2) ==
++ (L2TP_API_PPP_PROFILE_FLAG_AUTH_REFUSE_EAP |
+ L2TP_API_PPP_PROFILE_FLAG_AUTH_REFUSE_MSCHAP |
+ L2TP_API_PPP_PROFILE_FLAG_AUTH_REFUSE_CHAP |
+- L2TP_API_PPP_PROFILE_FLAG_AUTH_REFUSE_PAP)) {
++ L2TP_API_PPP_PROFILE_FLAG_AUTH_REFUSE_PAP) &&
++ params->auth_refuse_eap &&
++ params->auth_refuse_mschap &&
++ params->auth_refuse_chap &&
++ params->auth_refuse_pap &&
++ (!(auth_flags & L2TP_API_PPP_PROFILE_FLAG_AUTH_REFUSE_MSCHAPV2) ||
++ !params->auth_refuse_mschapv2)) {
+ argv[arg++] = "require-mschap-v2";
+ }
+
+
+
diff --git a/net-dialup/openl2tp/openl2tp-1.7-r1.ebuild b/net-dialup/openl2tp/openl2tp-1.7-r1.ebuild
new file mode 100644
index 0000000..c33b3ea
--- /dev/null
+++ b/net-dialup/openl2tp/openl2tp-1.7-r1.ebuild
@@ -0,0 +1,150 @@
+# Copyright 1999-2010 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: $
+
+EAPI=3
+
+inherit eutils linux-info
+
+DESCRIPTION="Userspace tools for kernel L2TP implementation."
+HOMEPAGE="http://openl2tp.sourceforge.net"
+SRC_URI="mirror://sourceforge/openl2tp/${P}.tar.gz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~amd64 ~x86"
+IUSE="doc +client pppd rpc server -stats"
+
+CDEPEND="net-dialup/ppp
+ sys-libs/readline
+ "
+DEPEND="${CDEPEND}
+ sys-devel/bison
+ sys-devel/flex
+ "
+RDEPEND="${CDEPEND}
+ rpc? ( || (
+ net-nds/rpcbind
+ net-nds/portmap
+ ) )"
+
+CONFIG_CHECK="~PPPOL2TP"
+
+pkg_setup() {
+ # check for sane USE flags
+ if ! use server && ! use client; then
+ eerror
+ eerror "You have disabled both server and client parts!"
+ eerror "At least one of them must be enabled. ;)"
+ eerror
+ die "bad USE flags"
+ fi
+ # kernel requirements
+ linux-info_pkg_setup
+ if kernel_is -lt 2 6 23; then
+ eerror
+ eerror "Your kernel is too old. At least 2.6.23 is required to work with this program."
+ eerror
+ die "kernel is too old"
+ fi
+}
+
+src_prepare() {
+ # disable -Werror, as warnings may occur on different CFLAGS
+ epatch "${FILESDIR}/${P}-werror.patch"
+ # use system LDFLAGS
+ epatch "${FILESDIR}/${P}-ldflags.patch"
+ # let ebuild to control pppd plugins support
+ epatch "${FILESDIR}/${P}-pppd.patch"
+ # do not gzip man pages, let portage to compress them
+ epatch "${FILESDIR}/${P}-man.patch"
+ # install l2tpconfig to /usr/sbin with 0700 permissions
+ # to make it at least a bit more secure
+ epatch "${FILESDIR}/${P}-l2tpconfig.patch"
+ # apply upstream patch for pppd auth args fix:
+ # ftp://ftp.openl2tp.org/releases/openl2tp-1.7/openl2tp-fix_ppp_auth_args.patch
+ epatch "${FILESDIR}/${P}-ppp_auth_args.patch"
+}
+
+src_configure() {
+ myconf="" # not local, should be used at src_compile()
+
+ use client || myconf+="L2TP_FEATURE_LAC_SUPPORT=n \
+ L2TP_FEATURE_LAIC_SUPPORT=n \
+ L2TP_FEATURE_LAOC_SUPPORT=n "
+
+ use server || myconf+="L2TP_FEATURE_LNS_SUPPORT=n \
+ L2TP_FEATURE_LNIC_SUPPORT=n \
+ L2TP_FEATURE_LNOC_SUPPORT=n "
+
+ use rpc || myconf+="L2TP_FEATURE_RPC_MANAGEMENT=n "
+
+ use stats && myconf+="L2TP_FEATURE_LOCAL_STAT_FILE=y "
+
+ # pppd plugin is only needed for pppd < 2.4.5
+ unset PPPD_SUBDIR
+ if use pppd; then
+ export PPPD_VERSION=$( gawk '{
+ if ($2=="VERSION") {
+ gsub("\"","",$3);
+ print $3
+ }
+ }' /usr/include/pppd/patchlevel.h ) || die "gawk failed"
+ einfo "Building for pppd version $PPPD_VERSION"
+
+ # convert version to comparable format
+ local ver=$( echo $PPPD_VERSION | gawk -F "." '{
+ print lshift($1,16) + lshift($2,8) + $3
+ }' )
+ if [[ $ver -lt $(( (2<<16) + (4<<8) + 5)) ]]; then
+ export PPPD_SUBDIR="pppd"
+ else
+ ewarn
+ ewarn "openl2tp plugins are already integrated in >=net-dialup/ppp-2.4.5"
+ fi
+ fi
+}
+
+src_compile() {
+ # upstream use OPT_CFLAGS for optimizations
+ export OPT_CFLAGS=${CFLAGS}
+ emake ${myconf} || die "emake failed"
+}
+
+src_install() {
+ emake ${myconf} DESTDIR="${D}" install || die "emake install failed"
+ dodoc CHANGES INSTALL README
+
+ if use doc; then
+ dodoc doc/*.txt "${FILESDIR}"/openl2tpd.conf.sample
+ newdoc plugins/README README.plugins
+ use pppd && newdoc pppd/README README.pppd
+ docinto ipsec
+ dodoc ipsec/*
+ fi
+
+ newinitd "${FILESDIR}"/openl2tpd.initd openl2tpd
+ # init.d script is quite different for RPC and non-RPC versions.
+ use rpc || sed -i s/userpc=\"yes\"/userpc=\"no\"/ "${D}/etc/init.d/openl2tpd" || die "sed failed"
+ newconfd "${FILESDIR}"/openl2tpd.confd openl2tpd
+}
+
+pkg_postinst() {
+ if use rpc; then
+ ewarn
+ ewarn "RPC control does not provide any auth checks for control connection."
+ ewarn "By default localhost only is allowed and l2tpconfig is installed"
+ ewarn "accessible only by root, but local users may install or compile binary"
+ ewarn "on they own if not prohibited by system administrator."
+ ewarn
+ ewarn "Therefore DO NOT USE RPC IN INSECURE ENVIRONMENTS!"
+ else
+ ewarn
+ ewarn "Without RPC support you won't be able to use l2tpconfig."
+ fi
+ if use stats; then
+ ewarn
+ ewarn "To enable status files openl2tpd must be started with -S option."
+ ewarn "Upstream warns about runtime overhead with status files enabled."
+ fi
+}