name = aiccu
version = 20070115
-release = 2
+release = 3
groups = System/Daemons
url = http://www.sixxs.net/tools/aiccu/
--- /dev/null
+From bdb25774a216925fd1ca275a6e2b3ccc8e9a0200 Mon Sep 17 00:00:00 2001
+From: Reinier Haasjes <reinier@haasjes.com>
+Date: Fri, 17 Aug 2012 11:29:39 +0200
+Subject: [PATCH 01/10] setup script
+
+ Make setupscript work and add teardownscript setting.
+
+Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
+---
+ common/aiccu.c | 6 +++---
+ unix-console/main.c | 5 +++++
+ 2 files changed, 8 insertions(+), 3 deletions(-)
+
+diff --git a/common/aiccu.c b/common/aiccu.c
+index 9abb334..7697136 100755
+--- a/common/aiccu.c
++++ b/common/aiccu.c
+@@ -212,9 +212,6 @@ bool aiccu_SaveConfig(const char *filename)
+ fprintf(f, "# Try to automatically login and setup the tunnel?\n");
+ fprintf(f, "automatic %s\n", g_aiccu->automatic ? "true" : "false");
+ fprintf(f, "\n");
+- fprintf(f, "# Script to run after setting up the interfaces (default: none)\n");
+- fprintf(f, "%ssetupscript %s\n", g_aiccu->setupscript ? "" : "#", g_aiccu->setupscript ? g_aiccu->setupscript : "<path>");
+- fprintf(f, "\n");
+ fprintf(f, "# TLS Required?\n");
+ fprintf(f, "requiretls %s\n", g_aiccu->requiretls ? "true" : "false");
+ fprintf(f, "\n");
+@@ -231,6 +228,9 @@ bool aiccu_SaveConfig(const char *filename)
+ fprintf(f, "# PID File\n");
+ fprintf(f, "pidfile %s\n", g_aiccu->pidfile);
+ fprintf(f, "\n");
++ fprintf(f, "# Script to run after setting up the interfaces (default: none)\n");
++ fprintf(f, "%ssetupscript %s\n", g_aiccu->setupscript ? "" : "#", g_aiccu->setupscript ? g_aiccu->setupscript : "<path>");
++ fprintf(f, "\n");
+ fprintf(f, "# Make heartbeats (default true)\n");
+ fprintf(f, "# In general you don't want to turn this off\n");
+ fprintf(f, "# Of course only applies to AYIYA and heartbeat tunnels not to static ones\n");
+diff --git a/unix-console/main.c b/unix-console/main.c
+index 8a4d9a9..1e7b4b4 100755
+--- a/unix-console/main.c
++++ b/unix-console/main.c
+@@ -471,6 +471,11 @@ int main(int argc, char *argv[])
+ */
+ if (aiccu_setup(hTunnel, true))
+ {
++ if (g_aiccu->setupscript)
++ {
++ aiccu_exec("%s", g_aiccu->setupscript);
++ }
++
+ /* We need to stay running when doing Heartbeat or AYIYA */
+ if ( strcasecmp(hTunnel->sType, "6in4-heartbeat") == 0 ||
+ strcasecmp(hTunnel->sType, "ayiya") == 0)
+--
+1.8.1
+
--- /dev/null
+From 61a319c224cda0bbd408514bdfdc533285739fec Mon Sep 17 00:00:00 2001
+From: "Barak A. Pearlmutter" <barak+git@cs.nuim.ie>
+Date: Fri, 17 Aug 2012 12:23:06 +0200
+Subject: [PATCH 02/10] gnutls cleanup
+
+Stop ignoring some gnutls return codes.
+
+Rewrite call to depricated gnutls_set_default_priority() to use
+gnutls_priority_set_direct() instead.
+
+Remove call to deprecated routine
+gnutls_certificate_type_set_priority, no changes necessary.
+
+Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
+---
+ common/common.c | 27 +++++++++++++++++----------
+ 1 file changed, 17 insertions(+), 10 deletions(-)
+
+diff --git a/common/common.c b/common/common.c
+index 488c145..d45e567 100755
+--- a/common/common.c
++++ b/common/common.c
+@@ -271,8 +271,6 @@ TLSSOCKET sock_alloc(void);
+ TLSSOCKET sock_alloc(void)
+ {
+ #ifdef AICCU_GNUTLS
+- /* Allow connections to servers that have OpenPGP keys as well */
+- const int cert_type_priority[3] = { GNUTLS_CRT_X509, GNUTLS_CRT_OPENPGP, 0 };
+ int ret;
+ #endif /* AICCU_GNUTLS*/
+
+@@ -289,7 +287,7 @@ TLSSOCKET sock_alloc(void)
+
+ /* Initialize TLS session */
+ ret = gnutls_init(&sock->session, GNUTLS_CLIENT);
+- if (ret != 0)
++ if (ret != GNUTLS_E_SUCCESS)
+ {
+ dolog(LOG_ERR, "TLS Init failed: %s (%d)\n", gnutls_strerror(ret), ret);
+ free(sock);
+@@ -297,15 +295,24 @@ TLSSOCKET sock_alloc(void)
+ }
+
+ /* Use default priorities */
+- gnutls_set_default_priority(sock->session);
+- /* XXX: Return value is not documented in GNUTLS documentation! */
+-
+- gnutls_certificate_type_set_priority(sock->session, cert_type_priority);
+- /* XXX: Return value is not documented in GNUTLS documentation! */
++ ret = gnutls_priority_set_direct(sock->session, "NORMAL", NULL);
++ if (ret != GNUTLS_E_SUCCESS)
++ {
++ dolog(LOG_ERR, "TLS set default priority failed: %s (%d)\n", gnutls_strerror(ret), ret);
++ gnutls_deinit(sock->session);
++ free(sock);
++ return NULL;
++ }
+
+ /* Configure the x509 credentials for the current session */
+- gnutls_credentials_set(sock->session, GNUTLS_CRD_CERTIFICATE, g_aiccu->tls_cred);
+- /* XXX: Return value is not documented in GNUTLS documentation! */
++ ret = gnutls_credentials_set(sock->session, GNUTLS_CRD_CERTIFICATE, g_aiccu->tls_cred);
++ if (ret != GNUTLS_E_SUCCESS)
++ {
++ dolog(LOG_ERR, "TLS credentials set failed: %s (%d)\n", gnutls_strerror(ret), ret);
++ gnutls_deinit(sock->session);
++ free(sock);
++ return NULL;
++ }
+
+ #endif /* AICCU_GNUTLS*/
+
+--
+1.8.1
+
--- /dev/null
+From 523105fb00372d2cb95a1b20aed78115aef4ab9a Mon Sep 17 00:00:00 2001
+From: Norman Rasmussen <norman@rasmussen.co.za>
+Date: Sun, 10 Jan 2010 21:45:55 +0000
+Subject: [PATCH 03/10] allow tunnels
+
+ Allow 'tunnels' mode when there's an already running instance.
+
+Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
+---
+ unix-console/main.c | 30 +++++++++++++++---------------
+ 1 file changed, 15 insertions(+), 15 deletions(-)
+
+diff --git a/unix-console/main.c b/unix-console/main.c
+index 1e7b4b4..375b61c 100755
+--- a/unix-console/main.c
++++ b/unix-console/main.c
+@@ -50,7 +50,7 @@ int sigrunning(int sig)
+ /* Close the file again */
+ fclose(f);
+
+- /* If we can HUP it, it still runs */
++ /* If we can signal it, it still runs */
+ return (pid > 0 && kill(pid, sig) == 0 ? 1 : 0);
+ }
+
+@@ -302,20 +302,6 @@ int main(int argc, char *argv[])
+ return -1;
+ }
+
+-#ifndef _WIN32
+- /* start or stop? */
+- if ( mode != A_TEST &&
+- mode != A_AUTOTEST)
+- {
+- /* Already running? */
+- if (sigrunning(mode == A_STOP ? SIGTERM : 0) == 1)
+- {
+- dolog(LOG_ERR, "Already running instance HUP'ed, exiting\n");
+- return 0;
+- }
+- }
+-#endif
+-
+ /* Verify required parameters */
+ if (!g_aiccu->username || !g_aiccu->password)
+ {
+@@ -331,6 +317,20 @@ int main(int argc, char *argv[])
+ return ret == 0 ? -1 : 0;
+ }
+
++#ifndef _WIN32
++ /* start or stop? */
++ if ( mode != A_TEST &&
++ mode != A_AUTOTEST)
++ {
++ /* Already running? */
++ if (sigrunning(mode == A_STOP ? SIGTERM : 0) == 1)
++ {
++ dolog(LOG_ERR, "Already running instance signaled, exiting\n");
++ return 0;
++ }
++ }
++#endif
++
+ /* Get our tunnel */
+ hTunnel = get_tunnel();
+
+--
+1.8.1
+
--- /dev/null
+From a7a2c3ca751495a36e5ddde5a23f356f56726504 Mon Sep 17 00:00:00 2001
+From: Reinier Haasjes <reinier@haasjes.com>
+Date: Fri, 17 Aug 2012 11:29:39 +0200
+Subject: [PATCH 04/10] skip strip
+
+We handle stripping of the binary through dh_strip, thus remove the
+upstream code handling that, which does not care about our Debian
+build options.
+
+Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
+---
+ unix-console/Makefile | 5 -----
+ 1 file changed, 5 deletions(-)
+
+diff --git a/unix-console/Makefile b/unix-console/Makefile
+index d5e5c07..f746cac 100755
+--- a/unix-console/Makefile
++++ b/unix-console/Makefile
+@@ -145,11 +145,6 @@ all: aiccu
+
+ aiccu: $(OBJS) ${SRCS} ${INCS}
+ $(CC) $(CFLAGS) $(LDFLAGS) -o $@ $(OBJS)
+-ifeq ($(shell echo $(CFLAGS) | grep -c "DEBUG"),0)
+-ifeq ($(shell echo "$(RPM_OPT_FLAGS)" | wc -c),1)
+- strip $@
+-endif
+-endif
+
+ clean:
+ $(RM) -f $(OBJS) aiccu
+--
+1.8.1
+
--- /dev/null
+From 431ff599307eec2e9fa5eaf52cece9094bac05fa Mon Sep 17 00:00:00 2001
+From: Reinier Haasjes <reinier@haasjes.com>
+Date: Fri, 17 Aug 2012 11:29:39 +0200
+Subject: [PATCH 05/10] binutils gold
+
+Make aiccu compile with ld.gold
+
+Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
+---
+ unix-console/Makefile | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/unix-console/Makefile b/unix-console/Makefile
+index f746cac..5db5337 100755
+--- a/unix-console/Makefile
++++ b/unix-console/Makefile
+@@ -144,7 +144,7 @@ endif
+ all: aiccu
+
+ aiccu: $(OBJS) ${SRCS} ${INCS}
+- $(CC) $(CFLAGS) $(LDFLAGS) -o $@ $(OBJS)
++ $(CC) $(CFLAGS) -o $@ $(OBJS) $(LDFLAGS)
+
+ clean:
+ $(RM) -f $(OBJS) aiccu
+--
+1.8.1
+
--- /dev/null
+From ddeba48a677bfcede8018a74188569bb9a6ac280 Mon Sep 17 00:00:00 2001
+From: Reinier Haasjes <reinier@haasjes.com>
+Date: Fri, 17 Aug 2012 11:29:39 +0200
+Subject: [PATCH 06/10] spelling error
+
+Fix some spelling errors to satisfy lintian
+
+Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
+---
+ common/aiccu_test.c | 2 +-
+ common/common.c | 2 +-
+ common/tic.c | 6 +++---
+ 3 files changed, 5 insertions(+), 5 deletions(-)
+
+diff --git a/common/aiccu_test.c b/common/aiccu_test.c
+index 25bbdb2..2ac3c86 100755
+--- a/common/aiccu_test.c
++++ b/common/aiccu_test.c
+@@ -133,7 +133,7 @@ void aiccu_os_test(struct TIC_Tunnel *hTunnel, bool automatic)
+ printf("### This confirms the reachability of the other side of the tunnel\n");
+ printf("### If it doesn't reply then check your interface and routing tables\n");
+ printf("### Don't forget to check your firewall of course\n");
+- printf("### If the previous test was succesful then this could be both\n");
++ printf("### If the previous test was successful then this could be both\n");
+ printf("### a firewalling and a routing/interface problem\n");
+ printf("\n");
+ system_arg(PING6, PINGCOUNT, hTunnel->sIPv6_POP);
+diff --git a/common/common.c b/common/common.c
+index d45e567..116897f 100755
+--- a/common/common.c
++++ b/common/common.c
+@@ -491,7 +491,7 @@ bool sock_gotls(TLSSOCKET sock)
+ return false;
+ }
+
+- dolog(LOG_DEBUG, "TLS Handshake completed succesfully\n");
++ dolog(LOG_DEBUG, "TLS Handshake completed successfully\n");
+
+ sock->tls_active = true;
+ return true;
+diff --git a/common/tic.c b/common/tic.c
+index e0d70fe..6009d99 100755
+--- a/common/tic.c
++++ b/common/tic.c
+@@ -517,8 +517,8 @@ struct TIC_Tunnel *tic_GetTunnel(struct TIC_conf *tic, const char *sId)
+ struct in6_addr ipv6_ll, ipv6_local;
+ char ll[100];
+
+- /* Log that the fetch was succesful */
+- dolog(LOG_INFO, "Succesfully retrieved tunnel information for %s\n", sId);
++ /* Log that the fetch was successful */
++ dolog(LOG_INFO, "Successfully retrieved tunnel information for %s\n", sId);
+
+ /*
+ * Some TUN/TAP devices don't have any
+@@ -652,7 +652,7 @@ struct TIC_POP *tic_GetPOP(struct TIC_conf *tic, const char *sId)
+ /* All went okay? */
+ if (buf[0] == '2' && buf[1] == '0' && buf[2] == '2')
+ {
+- dolog(LOG_INFO, "Succesfully retrieved POP information for %s\n", sId);
++ dolog(LOG_INFO, "Successfully retrieved POP information for %s\n", sId);
+ return pop;
+ }
+
+--
+1.8.1
+
--- /dev/null
+From 28ad9c07d7e39b8c76174142696e10e8922a4871 Mon Sep 17 00:00:00 2001
+From: Norman Rasmussen <norman@rasmussen.co.za>
+Date: Sun, 10 Jan 2010 21:43:44 +0000
+Subject: [PATCH 07/10] syslog openlog
+
+ Initialize syslog so that we log with our PID as DAEMON.
+
+Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
+---
+ common/aiccu.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/common/aiccu.c b/common/aiccu.c
+index 7697136..4bc7c97 100755
+--- a/common/aiccu.c
++++ b/common/aiccu.c
+@@ -58,6 +58,9 @@ bool aiccu_InitConfig()
+ int ret;
+ #define CAFILE "ca.pem"
+ #endif
++#ifndef _WIN32
++ openlog(NULL, LOG_PID, LOG_DAEMON);
++#endif
+ /* Allocate & Initialize */
+ g_aiccu = (struct AICCU_conf *)malloc(sizeof(*g_aiccu));
+ if (!g_aiccu) return false;
+--
+1.8.1
+
--- /dev/null
+From b09989995d1a7d3804e57d63d3d9d19236a1c8c7 Mon Sep 17 00:00:00 2001
+From: Reinier Haasjes <reinier@haasjes.com>
+Date: Fri, 17 Aug 2012 11:29:39 +0200
+Subject: [PATCH 08/10] no quiet gcc
+
+It's better for us to see gcc output in the build log to ease debugging.
+Quiet builds make that much harder.
+
+Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
+---
+ unix-console/Makefile | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/unix-console/Makefile b/unix-console/Makefile
+index 5db5337..4764a6f 100755
+--- a/unix-console/Makefile
++++ b/unix-console/Makefile
+@@ -26,7 +26,7 @@ CWARNS += -W -Wall -Wshadow -Wpointer-arith -Wcast-align -Wwrite-strings -Waggre
+
+ #CFLAGS += $(CWARNS) -D_GNU_SOURCE -D_DEBUG -g3 -O0
+ CFLAGS += $(CWARNS) -D_GNU_SOURCE
+-CC = @gcc
++CC = gcc
+ RM = rm
+
+ # Add -O3 when nothing is specified yet
+--
+1.8.1
+
--- /dev/null
+From 5cb2a912237fca41e50e8c651772bd32d5ff324b Mon Sep 17 00:00:00 2001
+From: Stefan Schantl <stefan.schantl@ipfire.org>
+Date: Wed, 26 Aug 2015 18:34:20 +0000
+Subject: [PATCH 09/10] Revert "setup script"
+
+This reverts commit bdb25774a216925fd1ca275a6e2b3ccc8e9a0200.
+
+Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
+---
+ common/aiccu.c | 6 +++---
+ unix-console/main.c | 5 -----
+ 2 files changed, 3 insertions(+), 8 deletions(-)
+
+diff --git a/common/aiccu.c b/common/aiccu.c
+index 4bc7c97..75aadc8 100755
+--- a/common/aiccu.c
++++ b/common/aiccu.c
+@@ -215,6 +215,9 @@ bool aiccu_SaveConfig(const char *filename)
+ fprintf(f, "# Try to automatically login and setup the tunnel?\n");
+ fprintf(f, "automatic %s\n", g_aiccu->automatic ? "true" : "false");
+ fprintf(f, "\n");
++ fprintf(f, "# Script to run after setting up the interfaces (default: none)\n");
++ fprintf(f, "%ssetupscript %s\n", g_aiccu->setupscript ? "" : "#", g_aiccu->setupscript ? g_aiccu->setupscript : "<path>");
++ fprintf(f, "\n");
+ fprintf(f, "# TLS Required?\n");
+ fprintf(f, "requiretls %s\n", g_aiccu->requiretls ? "true" : "false");
+ fprintf(f, "\n");
+@@ -231,9 +234,6 @@ bool aiccu_SaveConfig(const char *filename)
+ fprintf(f, "# PID File\n");
+ fprintf(f, "pidfile %s\n", g_aiccu->pidfile);
+ fprintf(f, "\n");
+- fprintf(f, "# Script to run after setting up the interfaces (default: none)\n");
+- fprintf(f, "%ssetupscript %s\n", g_aiccu->setupscript ? "" : "#", g_aiccu->setupscript ? g_aiccu->setupscript : "<path>");
+- fprintf(f, "\n");
+ fprintf(f, "# Make heartbeats (default true)\n");
+ fprintf(f, "# In general you don't want to turn this off\n");
+ fprintf(f, "# Of course only applies to AYIYA and heartbeat tunnels not to static ones\n");
+diff --git a/unix-console/main.c b/unix-console/main.c
+index 375b61c..388d988 100755
+--- a/unix-console/main.c
++++ b/unix-console/main.c
+@@ -471,11 +471,6 @@ int main(int argc, char *argv[])
+ */
+ if (aiccu_setup(hTunnel, true))
+ {
+- if (g_aiccu->setupscript)
+- {
+- aiccu_exec("%s", g_aiccu->setupscript);
+- }
+-
+ /* We need to stay running when doing Heartbeat or AYIYA */
+ if ( strcasecmp(hTunnel->sType, "6in4-heartbeat") == 0 ||
+ strcasecmp(hTunnel->sType, "ayiya") == 0)
+--
+1.8.1
+
--- /dev/null
+From 0268def7364007f78ad0d0411d57e277fd1d1a84 Mon Sep 17 00:00:00 2001
+From: Stefan Schantl <stefan.schantl@ipfire.org>
+Date: Wed, 26 Aug 2015 18:58:56 +0000
+Subject: [PATCH 10/10] Add setup script functionality to Linux client
+
+Environment variables are set to pass information about
+the tunnel to the called script.
+
+Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
+Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
+---
+ common/aiccu_linux.c | 27 +++++++++++++++++++++++++++
+ 1 file changed, 27 insertions(+)
+
+diff --git a/common/aiccu_linux.c b/common/aiccu_linux.c
+index b86ad67..f8257bd 100755
+--- a/common/aiccu_linux.c
++++ b/common/aiccu_linux.c
+@@ -41,6 +41,8 @@ bool aiccu_os_install(void)
+
+ bool aiccu_os_setup(struct TIC_Tunnel *hTunnel)
+ {
++ char buffer[1024];
++
+ if (hTunnel->uses_tundev == 0)
+ {
+ aiccu_exec(
+@@ -91,6 +93,24 @@ bool aiccu_os_setup(struct TIC_Tunnel *hTunnel)
+ g_aiccu->ipv6_interface);
+ }
+
++ if (g_aiccu->setupscript)
++ {
++ setenv("ACTION", "up", 1);
++ setenv("TUNNEL_TYPE", hTunnel->sType, 1);
++ setenv("INTERFACE", g_aiccu->ipv6_interface, 1);
++ setenv("REMOTE_ADDRESS", hTunnel->sIPv6_POP, 1);
++
++ snprintf(buffer, sizeof(buffer), "%s/%u",
++ hTunnel->sIPv6_Local, hTunnel->nIPv6_PrefixLength);
++ setenv("LOCAL_ADDRESS", buffer, 1);
++ setenv("LINK_LOCAL_ADDRESS", hTunnel->sIPv6_LinkLocal, 1);
++
++ snprintf(buffer, sizeof(buffer), "%u", hTunnel->nMTU);
++ setenv("MTU", buffer, 1);
++
++ aiccu_exec("%s", g_aiccu->setupscript);
++ }
++
+ return true;
+ }
+
+@@ -118,5 +138,12 @@ void aiccu_os_delete(struct TIC_Tunnel *hTunnel)
+ "ip tunnel del %s",
+ g_aiccu->ipv6_interface);
+ }
++
++ {
++ setenv("ACTION", "down", 1);
++ setenv("INTERFACE", g_aiccu->ipv6_interface, 1);
++
++ aiccu_exec("%s", g_aiccu->setupscript);
++ }
+ }
+
+--
+1.8.1
+