Index: openswan-2.4.8/programs/loggerfix =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 +++ openswan-2.4.8/programs/loggerfix 2007-06-04 13:22:50.209222320 +0200 @@ -0,0 +1,5 @@ +#!/bin/sh +# use filename instead of /dev/null to log, but dont log to flash or ram +# pref. log to nfs mount +echo "$*" >> /dev/null +exit 0 Index: openswan-2.4.8/programs/look/look.in =================================================================== --- openswan-2.4.8.orig/programs/look/look.in 2007-06-04 13:22:49.874273240 +0200 +++ openswan-2.4.8/programs/look/look.in 2007-06-04 13:22:50.209222320 +0200 @@ -84,7 +84,7 @@ then pat="$pat|$defaultroutephys\$|$defaultroutevirt\$" else - for i in `echo "$IPSECinterfaces" | sed 's/=/ /'` + for i in `echo "$IPSECinterfaces" | tr '=' ' '` do pat="$pat|$i\$" done Index: openswan-2.4.8/programs/_plutorun/_plutorun.in =================================================================== --- openswan-2.4.8.orig/programs/_plutorun/_plutorun.in 2007-06-04 13:22:49.880272328 +0200 +++ openswan-2.4.8/programs/_plutorun/_plutorun.in 2007-06-04 13:22:50.209222320 +0200 @@ -147,7 +147,7 @@ exit 1 fi else - if test ! -w "`dirname $stderrlog`" + if test ! -w "`echo $stderrlog | sed -r 's/(^.*\/)(.*$)/\1/'`" then echo Cannot write to directory to create \"$stderrlog\". exit 1 Index: openswan-2.4.8/programs/_realsetup/_realsetup.in =================================================================== --- openswan-2.4.8.orig/programs/_realsetup/_realsetup.in 2007-06-04 13:22:49.888271112 +0200 +++ openswan-2.4.8/programs/_realsetup/_realsetup.in 2007-06-04 13:22:50.210222168 +0200 @@ -232,7 +232,7 @@ # misc pre-Pluto setup - perform test -d `dirname $subsyslock` "&&" touch $subsyslock + perform test -d `echo $subsyslock | sed -r 's/(^.*\/)(.*$)/\1/'` "&&" touch $subsyslock "&&" rm -f $subsyslock if test " $IPSECforwardcontrol" = " yes" then Index: openswan-2.4.8/programs/send-pr/send-pr.in =================================================================== --- openswan-2.4.8.orig/programs/send-pr/send-pr.in 2007-06-04 13:22:49.894270200 +0200 +++ openswan-2.4.8/programs/send-pr/send-pr.in 2007-06-04 13:22:50.210222168 +0200 @@ -402,7 +402,7 @@ else if [ "$fieldname" != "Category" ] then - values=`${BINDIR}/query-pr --valid-values $fieldname | sed ':a;N;$!ba;s/\n/ /g' | sed 's/ *$//g;s/ / | /g;s/^/[ /;s/$/ ]/;'` + values=`${BINDIR}/query-pr --valid-values $fieldname | tr '\n' ' ' | sed 's/ *$//g;s/ / | /g;s/^/[ /;s/$/ ]/;'` valslen=`echo "$values" | wc -c` else values="choose from a category listed above" @@ -414,7 +414,7 @@ else desc="<${values} (one line)>"; fi - dpat=`echo "$desc" | sed 's/[][*+^$|\()&/]/./g'` + dpat=`echo "$desc" | tr '\]\[*+^$|\()&/' '............'` echo "/^>${fieldname}:/ s/${dpat}//" >> $FIXFIL fi echo "${fmtname}${desc}" >> $file @@ -425,7 +425,7 @@ desc=" $default_val"; else desc=" <`${BINDIR}/query-pr --field-description $fieldname` (multiple lines)>"; - dpat=`echo "$desc" | sed 's/[][*+^$|\()&/]/./g'` + dpat=`echo "$desc" | tr '\]\[*+^$|\()&/' '............'` echo "s/^${dpat}//" >> $FIXFIL fi echo "${fmtname}" >> $file; @@ -437,7 +437,7 @@ desc="${default_val}" else desc="<`${BINDIR}/query-pr --field-description $fieldname` (one line)>" - dpat=`echo "$desc" | sed 's/[][*+^$|\()&/]/./g'` + dpat=`echo "$desc" | tr '\]\[*+^$|\()&/' '............'` echo "/^>${fieldname}:/ s/${dpat}//" >> $FIXFIL fi echo "${fmtname}${desc}" >> $file Index: openswan-2.4.8/programs/setup/setup.in =================================================================== --- openswan-2.4.8.orig/programs/setup/setup.in 2007-06-04 13:22:49.902268984 +0200 +++ openswan-2.4.8/programs/setup/setup.in 2007-06-04 13:22:50.210222168 +0200 @@ -117,12 +117,21 @@ # do it case "$1" in start|--start|stop|--stop|_autostop|_autostart) - if test " `id -u`" != " 0" + if [ "x${USER}" != "xroot" ] then echo "permission denied (must be superuser)" | logger -s -p $IPSECsyslog -t ipsec_setup 2>&1 exit 1 fi + # make sure all required directories exist + if [ ! -d /var/run/pluto ] + then + mkdir -p /var/run/pluto + fi + if [ ! -d /var/lock/subsys ] + then + mkdir -p /var/lock/subsys + fi tmp=/var/run/pluto/ipsec_setup.st outtmp=/var/run/pluto/ipsec_setup.out ( Index: openswan-2.4.8/programs/showhostkey/showhostkey.in =================================================================== --- openswan-2.4.8.orig/programs/showhostkey/showhostkey.in 2007-06-04 13:22:49.908268072 +0200 +++ openswan-2.4.8/programs/showhostkey/showhostkey.in 2007-06-04 13:22:50.214221560 +0200 @@ -63,7 +63,7 @@ exit 1 fi -host="`hostname --fqdn`" +host="`cat /proc/sys/kernel/hostname`" awk ' BEGIN { inkey = 0 @@ -81,7 +81,7 @@ os = "[ \t]*" x = "[^ \t]+" oc = "(#.*)?" - suffix = ":" os "[rR][sS][aA]" os "{" os oc "$" + suffix = ":" os "[rR][sS][aA]" os "[{]" os oc "$" if (id == "") { pat = "^" suffix printid = "default" Index: openswan-2.4.8/programs/starter/klips.c =================================================================== --- openswan-2.4.8.orig/programs/starter/klips.c 2007-06-04 13:22:49.914267160 +0200 +++ openswan-2.4.8/programs/starter/klips.c 2007-06-04 13:22:50.214221560 +0200 @@ -83,7 +83,7 @@ if (stat(PROC_MODULES,&stb)==0) { unsetenv("MODPATH"); unsetenv("MODULECONF"); - system("depmod -a >/dev/null 2>&1 && modprobe ipsec"); + system("depmod -a >/dev/null 2>&1 && insmod ipsec"); } if (stat(PROC_IPSECVERSION,&stb)==0) { _klips_module_loaded = 1; Index: openswan-2.4.8/programs/starter/netkey.c =================================================================== --- openswan-2.4.8.orig/programs/starter/netkey.c 2007-06-04 13:22:49.920266248 +0200 +++ openswan-2.4.8/programs/starter/netkey.c 2007-06-04 13:22:50.214221560 +0200 @@ -75,7 +75,7 @@ if (stat(PROC_MODULES,&stb)==0) { unsetenv("MODPATH"); unsetenv("MODULECONF"); - system("depmod -a >/dev/null 2>&1 && modprobe xfrm4_tunnel esp4 ah4 af_key"); + system("depmod -a >/dev/null 2>&1 && insmod xfrm4_tunnel esp4 ah4 af_key"); } if (stat(PROC_NETKEY,&stb)==0) { _netkey_module_loaded = 1; Index: openswan-2.4.8/programs/_startklips/_startklips.in =================================================================== --- openswan-2.4.8.orig/programs/_startklips/_startklips.in 2007-06-04 13:22:49.928265032 +0200 +++ openswan-2.4.8/programs/_startklips/_startklips.in 2007-06-04 13:22:50.215221408 +0200 @@ -272,16 +272,16 @@ echo "FATAL ERROR: Both KLIPS and NETKEY IPsec code is present in kernel" exit fi -if test ! -f $ipsecversion && test ! -f $netkey && modprobe -qn ipsec +if test ! -f $ipsecversion && test ! -f $netkey then # statically compiled KLIPS/NETKEY not found; but there seems to be an ipsec module - modprobe ipsec 2> /dev/null + insmod -q ipsec 2> /dev/null fi -if test ! -f $ipsecversion && test ! -f $netkey && modprobe -qn af_key +if test ! -f $ipsecversion && test ! -f $netkey then # netkey should work then - modprobe af_key 2> /dev/null + insmod -q af_key 2> /dev/null fi if test ! -f $ipsecversion && test ! -f $netkey then @@ -294,27 +294,27 @@ # modules shared between klips and netkey if test -f $modules then - # we modprobe hw_random so ipsec verify can complain about not using it - modprobe -q hw_random 2> /dev/null + # we insmod hw_random so ipsec verify can complain about not using it + insmod -q hw_random 2> /dev/null # padlock must load before aes module - modprobe -q padlock 2> /dev/null + insmod -q padlock 2> /dev/null # load the most common ciphers/algo's - modprobe -q sha256 2> /dev/null - modprobe -q sha1 2> /dev/null - modprobe -q md5 2> /dev/null - modprobe -q des 2> /dev/null - modprobe -q aes 2> /dev/null + insmod -q sha256 2> /dev/null + insmod -q sha1 2> /dev/null + insmod -q md5 2> /dev/null + insmod -q des 2> /dev/null + insmod -q aes 2> /dev/null if test -f $netkey then klips=false - modprobe -q ah4 2> /dev/null - modprobe -q esp4 2> /dev/null - modprobe -q ipcomp 2> /dev/null + insmod -q ah4 2> /dev/null + insmod -q esp4 2> /dev/null + insmod -q ipcomp 2> /dev/null # xfrm4_tunnel is needed by ipip and ipcomp - modprobe -q xfrm4_tunnel 2> /dev/null + insmod -q xfrm4_tunnel 2> /dev/null # xfrm_user contains netlink support for IPsec - modprobe -q xfrm_user 2> /dev/null + insmod -q xfrm_user 2> /dev/null fi if test ! -f $ipsecversion && $klips @@ -327,7 +327,7 @@ fi unset MODPATH MODULECONF # no user overrides! depmod -a >/dev/null 2>&1 - modprobe -v ipsec + insmod -v ipsec if test ! -f $ipsecversion then echo "kernel appears to lack IPsec support (neither CONFIG_KLIPS or CONFIG_NET_KEY are set)"