Google Git
Sign in
cos / mirrors / cros / chromiumos / overlays / chromiumos-overlay / 6d185aeeeb67133487280eb1af24b58990b1188d / . / net-misc / strongswan / files / strongswan-4.6.3-ignore-peer-id-check.patch
blob: a9ea58a01e761efc9d5bc40cbee5649275c68fc6 [file] [log] [blame]
diff -rupN strongswan-4.6.3/src/pluto/ipsec_doi.c strongswan-4.6.3.patched/src/pluto/ipsec_doi.c
--- strongswan-4.6.3/src/pluto/ipsec_doi.c 2011-10-14 08:41:07.000000000 -0700
+++ strongswan-4.6.3.patched/src/pluto/ipsec_doi.c 2012-05-08 11:01:16.921003004 -0700
@@ -112,6 +112,8 @@ enum endpoint {
EP_REMOTE = 1 << 1,
};
+extern bool ignore_peer_id_check;
+
/* create output HDR as replica of input HDR */
void echo_hdr(struct msg_digest *md, bool enc, u_int8_t np)
{
@@ -2429,7 +2431,15 @@ static bool switch_connection(struct msg
loglog(RC_LOG_SERIOUS,
"we require peer to have ID '%Y', but peer declares '%Y'",
c->spd.that.id, peer);
- return FALSE;
+ if (ignore_peer_id_check)
+ {
+ loglog(RC_LOG_SERIOUS,
+ "ignore peer ID mismatch");
+ }
+ else
+ {
+ return FALSE;
+ }
}
if (c->spd.that.ca)
diff -rupN strongswan-4.6.3/src/pluto/plutomain.c strongswan-4.6.3.patched/src/pluto/plutomain.c
--- strongswan-4.6.3/src/pluto/plutomain.c 2012-03-19 23:37:09.000000000 -0700
+++ strongswan-4.6.3.patched/src/pluto/plutomain.c 2012-05-08 11:01:16.921003004 -0700
@@ -256,6 +256,8 @@ bool pkcs11_keep_state = FALSE;
/* by default pluto does not allow pkcs11 proxy access via whack */
bool pkcs11_proxy = FALSE;
+bool ignore_peer_id_check = FALSE;
+
/* argument string to pass to PKCS#11 module.
* Not used for compliant modules, just for NSS softoken
*/
@@ -339,6 +341,7 @@ int main(int argc, char **argv)
{ "disable_port_floating", no_argument, NULL, '4' },
{ "debug-natt", no_argument, NULL, '5' },
{ "virtual_private", required_argument, NULL, '6' },
+ { "ignorepeeridcheck", no_argument, NULL, '7' },
#ifdef DEBUG
{ "debug-none", no_argument, NULL, 'N' },
{ "debug-all", no_argument, NULL, 'A' },
@@ -539,6 +542,9 @@ int main(int argc, char **argv)
case '6': /* --virtual_private */
virtual_private = optarg;
continue;
+ case '7': /* --ignorepeeridcheck */
+ ignore_peer_id_check = TRUE;
+ continue;
default:
#ifdef DEBUG
diff -rupN strongswan-4.6.3/src/starter/args.c strongswan-4.6.3.patched/src/starter/args.c
--- strongswan-4.6.3/src/starter/args.c 2012-04-12 00:28:28.000000000 -0700
+++ strongswan-4.6.3.patched/src/starter/args.c 2012-05-08 11:01:16.921003004 -0700
@@ -189,6 +189,7 @@ static const token_info_t token_info[] =
{ ARG_STR, offsetof(starter_config_t, setup.pkcs11initargs), NULL },
{ ARG_ENUM, offsetof(starter_config_t, setup.pkcs11keepstate), LST_bool },
{ ARG_ENUM, offsetof(starter_config_t, setup.pkcs11proxy), LST_bool },
+ { ARG_ENUM, offsetof(starter_config_t, setup.ignorepeeridcheck), LST_bool },
/* KLIPS keywords */
{ ARG_LST, offsetof(starter_config_t, setup.klipsdebug), LST_klipsdebug },
diff -rupN strongswan-4.6.3/src/starter/confread.h strongswan-4.6.3.patched/src/starter/confread.h
--- strongswan-4.6.3/src/starter/confread.h 2012-04-12 00:28:28.000000000 -0700
+++ strongswan-4.6.3.patched/src/starter/confread.h 2012-05-08 11:01:16.921003004 -0700
@@ -210,6 +210,7 @@ struct starter_config {
char *pkcs11initargs;
bool pkcs11keepstate;
bool pkcs11proxy;
+ bool ignorepeeridcheck;
/* KLIPS keywords */
char **klipsdebug;
diff -rupN strongswan-4.6.3/src/starter/invokepluto.c strongswan-4.6.3.patched/src/starter/invokepluto.c
--- strongswan-4.6.3/src/starter/invokepluto.c 2012-03-19 23:37:09.000000000 -0700
+++ strongswan-4.6.3.patched/src/starter/invokepluto.c 2012-05-08 11:01:16.921003004 -0700
@@ -238,6 +238,10 @@ starter_start_pluto (starter_config_t *c
{
arg[argc++] = "--pkcs11proxy";
}
+ if (cfg->setup.ignorepeeridcheck)
+ {
+ arg[argc++] = "--ignorepeeridcheck";
+ }
if (_pluto_pid)
{
diff -rupN strongswan-4.6.3/src/starter/keywords.c strongswan-4.6.3.patched/src/starter/keywords.c
--- strongswan-4.6.3/src/starter/keywords.c 2012-04-12 00:29:32.000000000 -0700
+++ strongswan-4.6.3.patched/src/starter/keywords.c 2012-05-08 11:01:16.921003004 -0700
@@ -54,7 +54,7 @@ struct kw_entry {
kw_token_t token;
};
-#define TOTAL_KEYWORDS 131
+#define TOTAL_KEYWORDS 132
#define MIN_WORD_LENGTH 3
#define MAX_WORD_LENGTH 17
#define MIN_HASH_VALUE 9
@@ -79,15 +79,15 @@ hash (str, len)
247, 247, 247, 247, 247, 247, 247, 247, 247, 247,
247, 247, 247, 247, 247, 247, 247, 247, 247, 247,
247, 247, 247, 247, 247, 247, 247, 247, 247, 247,
- 247, 247, 247, 247, 247, 247, 247, 247, 247, 12,
+ 247, 247, 247, 247, 247, 247, 247, 247, 247, 0,
126, 247, 247, 247, 247, 247, 247, 247, 247, 247,
247, 247, 247, 247, 247, 247, 247, 247, 247, 247,
247, 247, 247, 247, 247, 247, 247, 247, 247, 247,
247, 247, 247, 247, 247, 247, 247, 247, 247, 247,
- 247, 247, 247, 247, 247, 51, 247, 11, 1, 92,
- 43, 0, 6, 0, 110, 0, 247, 120, 56, 37,
+ 247, 247, 247, 247, 247, 20, 247, 11, 3, 92,
+ 43, 0, 6, 0, 110, 0, 247, 132, 56, 57,
27, 72, 43, 1, 16, 0, 5, 75, 1, 247,
- 247, 11, 5, 247, 247, 247, 247, 247, 247, 247,
+ 247, 11, 4, 247, 247, 247, 247, 247, 247, 247,
247, 247, 247, 247, 247, 247, 247, 247, 247, 247,
247, 247, 247, 247, 247, 247, 247, 247, 247, 247,
247, 247, 247, 247, 247, 247, 247, 247, 247, 247,
@@ -164,12 +164,14 @@ static const struct kw_entry wordlist[]
{"marginpackets", KW_MARGINPACKETS},
{"leftnatip", KW_LEFTNATIP},
{"mediated_by", KW_MEDIATED_BY},
+ {"me_peerid", KW_ME_PEERID},
{"ldapbase", KW_LDAPBASE},
{"leftfirewall", KW_LEFTFIREWALL},
{"rightfirewall", KW_RIGHTFIREWALL},
{"crluri", KW_CRLURI},
- {"mobike", KW_MOBIKE},
+ {"crluri1", KW_CRLURI},
{"rightnatip", KW_RIGHTNATIP},
+ {"mobike", KW_MOBIKE},
{"rightnexthop", KW_RIGHTNEXTHOP},
{"mediation", KW_MEDIATION},
{"leftallowany", KW_LEFTALLOWANY},
@@ -177,14 +179,12 @@ static const struct kw_entry wordlist[]
{"overridemtu", KW_OVERRIDEMTU},
{"aaa_identity", KW_AAA_IDENTITY},
{"esp", KW_ESP},
- {"crluri1", KW_CRLURI},
{"lefthostaccess", KW_LEFTHOSTACCESS},
{"leftsubnet", KW_LEFTSUBNET},
{"leftid", KW_LEFTID},
{"forceencaps", KW_FORCEENCAPS},
{"eap", KW_EAP},
{"nat_traversal", KW_NAT_TRAVERSAL},
- {"me_peerid", KW_ME_PEERID},
{"rightcert", KW_RIGHTCERT},
{"installpolicy", KW_INSTALLPOLICY},
{"authby", KW_AUTHBY},
@@ -194,50 +194,50 @@ static const struct kw_entry wordlist[]
{"rightupdown", KW_RIGHTUPDOWN},
{"keyexchange", KW_KEYEXCHANGE},
{"ocspuri", KW_OCSPURI},
- {"compress", KW_COMPRESS},
+ {"ocspuri1", KW_OCSPURI},
{"rightcertpolicy", KW_RIGHTCERTPOLICY},
{"cacert", KW_CACERT},
{"eap_identity", KW_EAP_IDENTITY},
{"hidetos", KW_HIDETOS},
- {"ike", KW_IKE},
+ {"force_keepalive", KW_FORCE_KEEPALIVE},
{"leftsubnetwithin", KW_LEFTSUBNETWITHIN},
{"righthostaccess", KW_RIGHTHOSTACCESS},
{"packetdefault", KW_PACKETDEFAULT},
{"dpdaction", KW_DPDACTION},
- {"ocspuri1", KW_OCSPURI},
{"pfsgroup", KW_PFSGROUP},
{"rightauth", KW_RIGHTAUTH},
+ {"xauth_identity", KW_XAUTH_IDENTITY},
{"also", KW_ALSO},
{"leftsourceip", KW_LEFTSOURCEIP},
{"rightid2", KW_RIGHTID2},
- {"dumpdir", KW_DUMPDIR},
- {"rekey", KW_REKEY},
- {"ikelifetime", KW_IKELIFETIME},
- {"dpdtimeout", KW_DPDTIMEOUT},
+ {"ike", KW_IKE},
+ {"compress", KW_COMPRESS},
{"ldaphost", KW_LDAPHOST},
- {"rekeyfuzz", KW_REKEYFUZZ},
{"leftcert2", KW_LEFTCERT2},
- {"leftikeport", KW_LEFTIKEPORT},
{"crlcheckinterval", KW_CRLCHECKINTERVAL},
{"plutostderrlog", KW_PLUTOSTDERRLOG},
{"plutostart", KW_PLUTOSTART},
{"rightauth2", KW_RIGHTAUTH2},
+ {"rekey", KW_REKEY},
+ {"ikelifetime", KW_IKELIFETIME},
{"leftca2", KW_LEFTCA2},
- {"mark", KW_MARK},
- {"force_keepalive", KW_FORCE_KEEPALIVE},
+ {"rekeyfuzz", KW_REKEYFUZZ},
+ {"leftikeport", KW_LEFTIKEPORT},
+ {"dumpdir", KW_DUMPDIR},
{"auto", KW_AUTO},
+ {"dpdtimeout", KW_DPDTIMEOUT},
{"charondebug", KW_CHARONDEBUG},
{"dpddelay", KW_DPDDELAY},
- {"xauth_identity", KW_XAUTH_IDENTITY},
+ {"mark", KW_MARK},
{"charonstart", KW_CHARONSTART},
{"fragicmp", KW_FRAGICMP},
{"prepluto", KW_PREPLUTO},
+ {"ignorepeeridcheck", KW_IGNOREPEERIDCHECK},
{"closeaction", KW_CLOSEACTION},
{"leftid2", KW_LEFTID2},
{"plutodebug", KW_PLUTODEBUG},
{"tfc", KW_TFC},
{"auth", KW_AUTH},
- {"rekeymargin", KW_REKEYMARGIN},
{"modeconfig", KW_MODECONFIG},
{"leftauth", KW_LEFTAUTH},
{"xauth", KW_XAUTH},
@@ -247,6 +247,7 @@ static const struct kw_entry wordlist[]
{"nocrsend", KW_NOCRSEND},
{"leftauth2", KW_LEFTAUTH2},
{"rightca2", KW_RIGHTCA2},
+ {"rekeymargin", KW_REKEYMARGIN},
{"rightcert2", KW_RIGHTCERT2},
{"pkcs11module", KW_PKCS11MODULE},
{"reauth", KW_REAUTH},
@@ -265,24 +266,24 @@ static const short lookup[] =
21, 22, 23, 24, 25, -1, -1, -1, 26, 27,
28, -1, 29, -1, -1, -1, 30, -1, 31, 32,
33, 34, 35, -1, 36, 37, -1, 38, -1, 39,
- 40, -1, -1, 41, 42, 43, -1, -1, 44, 45,
- 46, -1, 47, -1, 48, 49, 50, 51, 52, 53,
- -1, 54, 55, -1, -1, -1, 56, -1, 57, 58,
- 59, 60, -1, 61, -1, -1, 62, 63, 64, 65,
- 66, -1, 67, 68, 69, 70, -1, 71, 72, 73,
- 74, -1, 75, 76, 77, 78, 79, 80, 81, 82,
- 83, -1, 84, 85, 86, 87, 88, 89, 90, 91,
- 92, 93, 94, -1, 95, 96, 97, 98, -1, -1,
- 99, 100, -1, -1, 101, -1, 102, -1, -1, 103,
- -1, 104, 105, -1, 106, -1, -1, -1, -1, -1,
- 107, 108, -1, -1, -1, -1, -1, 109, -1, -1,
- -1, -1, 110, -1, 111, -1, -1, -1, -1, -1,
- -1, -1, -1, 112, 113, 114, -1, 115, -1, 116,
+ 40, -1, 41, 42, 43, 44, -1, -1, 45, 46,
+ 47, 48, 49, -1, 50, 51, 52, 53, 54, 55,
+ -1, -1, 56, -1, -1, -1, 57, -1, 58, 59,
+ 60, 61, -1, -1, -1, -1, 62, 63, 64, 65,
+ 66, -1, 67, 68, 69, 70, 71, -1, 72, 73,
+ 74, -1, 75, 76, 77, 78, 79, 80, -1, 81,
+ 82, 83, 84, 85, 86, 87, -1, 88, -1, 89,
+ -1, 90, -1, -1, 91, 92, 93, 94, 95, 96,
+ 97, 98, -1, -1, 99, 100, 101, -1, 102, 103,
+ -1, 104, -1, 105, 106, -1, -1, -1, -1, -1,
+ 107, 108, -1, -1, -1, -1, 109, 110, -1, -1,
+ -1, -1, 111, -1, 112, -1, -1, -1, -1, -1,
+ -1, -1, -1, 113, 114, -1, -1, 115, -1, 116,
-1, 117, -1, -1, 118, 119, -1, -1, -1, 120,
-1, -1, -1, -1, -1, 121, 122, -1, -1, -1,
- -1, -1, -1, -1, -1, -1, 123, -1, 124, -1,
- -1, -1, -1, -1, -1, -1, 125, 126, 127, 128,
- -1, -1, 129, -1, -1, -1, 130
+ -1, -1, -1, -1, -1, -1, 123, 124, 125, -1,
+ -1, -1, -1, -1, -1, -1, 126, 127, 128, 129,
+ -1, -1, 130, -1, -1, -1, 131
};
#ifdef __GNUC__
diff -rupN strongswan-4.6.3/src/starter/keywords.h strongswan-4.6.3.patched/src/starter/keywords.h
--- strongswan-4.6.3/src/starter/keywords.h 2012-04-12 00:28:28.000000000 -0700
+++ strongswan-4.6.3.patched/src/starter/keywords.h 2012-05-08 11:01:16.921003004 -0700
@@ -43,9 +43,10 @@ typedef enum {
KW_PKCS11INITARGS,
KW_PKCS11KEEPSTATE,
KW_PKCS11PROXY,
+ KW_IGNOREPEERIDCHECK,
#define KW_PLUTO_FIRST KW_PLUTODEBUG
-#define KW_PLUTO_LAST KW_PKCS11PROXY
+#define KW_PLUTO_LAST KW_IGNOREPEERIDCHECK
/* KLIPS keywords */
KW_KLIPSDEBUG,
@@ -218,4 +219,3 @@ typedef enum {
} kw_token_t;
#endif /* _KEYWORDS_H_ */
-
diff -rupN strongswan-4.6.3/src/starter/keywords.txt strongswan-4.6.3.patched/src/starter/keywords.txt
--- strongswan-4.6.3/src/starter/keywords.txt 2012-04-12 00:28:28.000000000 -0700
+++ strongswan-4.6.3.patched/src/starter/keywords.txt 2012-05-08 11:01:16.921003004 -0700
@@ -56,6 +56,7 @@ pkcs11module, KW_PKCS11MODULE
pkcs11initargs, KW_PKCS11INITARGS
pkcs11keepstate, KW_PKCS11KEEPSTATE
pkcs11proxy, KW_PKCS11PROXY
+ignorepeeridcheck, KW_IGNOREPEERIDCHECK
keyexchange, KW_KEYEXCHANGE
type, KW_TYPE
pfs, KW_PFS