CVS commit: src/crypto/dist/ipsec-tools

Thu, 20 Jun 2013 08:42:03 -0700 

Module Name:    src
Committed By:   christos
Date:           Thu Jun 20 15:41:18 UTC 2013

Modified Files:
        src/crypto/dist/ipsec-tools: configure.ac
        src/crypto/dist/ipsec-tools/src/racoon: localconf.c racoon.conf.5

Log Message:
Add an option --enable-wildcard-match to enable wildcard matching and explain
why we might want it and why it is a bad idea in general that's why it is
not enabled by default. ok tteras@, manu@


To generate a diff of this commit:
cvs rdiff -u -r1.13 -r1.14 src/crypto/dist/ipsec-tools/configure.ac
cvs rdiff -u -r1.8 -r1.9 src/crypto/dist/ipsec-tools/src/racoon/localconf.c
cvs rdiff -u -r1.66 -r1.67 \
    src/crypto/dist/ipsec-tools/src/racoon/racoon.conf.5

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: src/crypto/dist/ipsec-tools/configure.ac
diff -u src/crypto/dist/ipsec-tools/configure.ac:1.13 src/crypto/dist/ipsec-tools/configure.ac:1.14
--- src/crypto/dist/ipsec-tools/configure.ac:1.13	Tue Jan  8 07:42:31 2013
+++ src/crypto/dist/ipsec-tools/configure.ac	Thu Jun 20 11:41:18 2013
@@ -105,6 +105,14 @@ case "$host_os" in
     ;;
 esac
 
+AH_TEMPLATE(ENABLE_WILDCARD_MATCH, [Enable wildcard matching in pre-shared-key file])
+AC_ARG_ENABLE([wildcard-match],
+[--enable-wildcard-match	Enable wildcard matching in pre-shared-key file],
+[case "${enableval}" in
+(yes)	AC_DEFINE(ENABLE_WILDCARD_MATCH);;
+(no)	;;
+(*)	AC_MSG_ERROR(bad value ${enableval} for --enable-wildcard-match);;
+esac],[])
 ### Some basic toolchain checks
 
 # Checks for header files.

Index: src/crypto/dist/ipsec-tools/src/racoon/localconf.c
diff -u src/crypto/dist/ipsec-tools/src/racoon/localconf.c:1.8 src/crypto/dist/ipsec-tools/src/racoon/localconf.c:1.9
--- src/crypto/dist/ipsec-tools/src/racoon/localconf.c:1.8	Sun Jan  1 10:29:28 2012
+++ src/crypto/dist/ipsec-tools/src/racoon/localconf.c	Thu Jun 20 11:41:18 2013
@@ -1,4 +1,4 @@
-/*	$NetBSD: localconf.c,v 1.8 2012/01/01 15:29:28 tteras Exp $	*/
+/*	$NetBSD: localconf.c,v 1.9 2013/06/20 15:41:18 christos Exp $	*/
 
 /*	$KAME: localconf.c,v 1.33 2001/08/09 07:32:19 sakane Exp $	*/
 
@@ -247,7 +247,11 @@ getpsk(str, len)
 		if (*p == '\0')
 			continue;	/* no 2nd parameter */
 		p--;
-		if (strncmp(buf, str, len) == 0 && buf[len] == '\0') {
+		if (
+#ifdef ENABLE_WILDCARD_MATCH
+		    strncmp(buf, "*", 2) == 0 ||
+#endif
+		    (strncmp(buf, str, len) == 0 && buf[len] == '\0')) {
 			p++;
 			keylen = 0;
 			for (q = p; *q != '\0' && *q != '\n'; q++)

Index: src/crypto/dist/ipsec-tools/src/racoon/racoon.conf.5
diff -u src/crypto/dist/ipsec-tools/src/racoon/racoon.conf.5:1.66 src/crypto/dist/ipsec-tools/src/racoon/racoon.conf.5:1.67
--- src/crypto/dist/ipsec-tools/src/racoon/racoon.conf.5:1.66	Fri Nov 30 03:19:01 2012
+++ src/crypto/dist/ipsec-tools/src/racoon/racoon.conf.5	Thu Jun 20 11:41:18 2013
@@ -1,4 +1,4 @@
-.\"	$NetBSD: racoon.conf.5,v 1.66 2012/11/30 08:19:01 wiz Exp $
+.\"	$NetBSD: racoon.conf.5,v 1.67 2013/06/20 15:41:18 christos Exp $
 .\"
 .\"	Id: racoon.conf.5,v 1.54 2006/08/22 18:17:17 manubsd Exp
 .\"
@@ -29,7 +29,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.Dd November 29, 2012
+.Dd June 17, 2013
 .Dt RACOON.CONF 5
 .Os
 .\"
@@ -1468,6 +1468,32 @@ Note that the file must be owned by the 
 .Xr racoon 8
 .Pq usually the privileged user ,
 and must not be accessible by others.
+.Pp
+If configured with
+.Dv ENABLE_WILDCARD_MATCH ,
+this implementation allows a wildcard key
+.Dq * .
+This is allowed for the special case of a single user connecting to
+a gateway using an iPhone.
+On an iPhone, L2TP over IPSEC only supports
+main mode with pre-shared keys (no certificates).
+Unfortunately racoon
+only supports pre-shared-key lookup by address when identity protection
+is used, and since the iPhone does not have a specific IP address, we
+don't know what key to put in the pre-shared key file. 
+.Pp
+Sharing the connection with more than one user is strongly discouraged
+because any user can pretend to be the server since they know the pre-shared
+key.
+This means that any user can steal the traffic of any other user, by
+spoofing DNS which is not trivial but easy.
+Even worse, the malicious user will be able to then steal any other
+authentication data (CHAP/XAUTH etc.) that another user will supply
+to the compromised server, because it assumes that phase 1 is secured
+by the pre-shared key.
+.Pp
+In summary, never use wildcard keys if your gateway is hosting more than
+one user.
 .\"
 .Sh EXAMPLES
 The following shows how the remote directive should be configured.

Reply via email to