5 files changed, 221 insertions, 20 deletions

diff --git a/security/ipsec-tools/Makefile b/security/ipsec-tools/Makefile
index 8c338af3315c..dd8c96cd4099 100644
--- a/security/ipsec-tools/Makefile
+++ b/security/ipsec-tools/Makefile
@@ -4,15 +4,14 @@
 #
 # $FreeBSD$
 
-# TODO: - configurable --enable-xxx
-#       - libipsec issue ?
+# TODO: - libipsec issue ?
 #       - cleanup...
 #       - SYSCONFDIR
 #       - $LOCALBASE/sbin/setkey Vs /usr/sbin/setkey
 
 PORTNAME=	ipsec-tools
 PORTVERSION=	0.6.5
-PORTREVISION=	1
+PORTREVISION=	2
 CATEGORIES=	security net
 MASTER_SITES=	${MASTER_SITE_SOURCEFORGE}
 MASTER_SITE_SUBDIR=	ipsec-tools
@@ -26,22 +25,142 @@ USE_RC_SUBR=	racoon.sh
 USE_OPENSSL=	yes
 USE_BZIP2=	yes
 
-WRKSRC=		${WRKDIR}/${DISTNAME}
 GNU_CONFIGURE=	yes
 INSTALLS_SHLIB=	yes
-LDFLAGS=	-L${LOCALBASE}/lib
 CONFIGURE_TARGET=	--build=${MACHINE_ARCH}-portbld-freebsd${OSREL}
-CONFIGURE_ARGS=	--enable-debug --enable-dpd --enable-natt=kernel \
-		--enable-frag --enable-ipv6 --enable-shared \
-		--sysconfdir=${PREFIX}/etc/racoon \
+CONFIGURE_ARGS=	--enable-shared --sysconfdir=${PREFIX}/etc/racoon \
+		--localstatedir=${STATEDIR:S/\/racoon//} \
 		--with-pkgversion=freebsd-${PORTVERSION}
 
+STATEDIR=	${DESTDIR}/var/db/racoon
+SUB_LIST+=	STATEDIR=${STATEDIR}
+PLIST_SUB+=	STATEDIR=${STATEDIR}
+
+OPTIONS=	DEBUG		"enable Debug support" on \
+		IPV6		"enable IPV6 support" on \
+		ADMINPORT	"enable Admin port" off \
+		STATS		"enable Statistics logging function" off \
+		DPD		"enable Dead Peer Detection" on \
+		NATT		"enable NAT-Traversal (kernel-patch required)" on \
+		FRAG		"enable IKE fragmentation payload support" on \
+		HYBRID		"enable Hybrid Mode-cfg and Xauth support" off \
+		PAM		"enable PAM authentication" off \
+		GSSAPI		"enable GSS-API authentication" off \
+		RADIUS		"enable Radius authentication" off \
+		SAUNSPEC	"enable Unspecified SA mode" off \
+		RC5		"enable RC5 encryption (patented)" off \
+		IDEA		"enable IDEA encryption (patented)" off
+
 MAN3=		ipsec_set_policy.3 ipsec_strerror.3
 MAN5=		racoon.conf.5
 MAN8=		racoon.8 racoonctl.8 setkey.8 plainrsa-gen.8
 
 PORTDOCS=	*
 
+.include <bsd.port.pre.mk>
+
+.ifdef(WITH_DEBUG)
+CONFIGURE_ARGS+=	--enable-debug
+.else
+CONFIGURE_ARGS+=	--disable-debug
+.endif
+
+.ifdef(WITH_IPV6)
+CONFIGURE_ARGS+=	--enable-ipv6
+.else
+CONFIGURE_ARGS+=	--disable-ipv6
+.endif
+
+.ifdef(WITH_ADMINPORT)
+CONFIGURE_ARGS+=	--enable-adminport
+.else
+CONFIGURE_ARGS+=	--disable-adminport
+.endif
+
+.ifdef(WITH_STATS)
+CONFIGURE_ARGS+=	--enable-stats
+.else
+CONFIGURE_ARGS+=	--disable-stats
+.endif
+
+.ifdef(WITH_DPD)
+CONFIGURE_ARGS+=	--enable-dpd
+.else
+CONFIGURE_ARGS+=	--disable-dpd
+.endif
+
+.ifdef(WITH_NATT)
+CONFIGURE_ARGS+=	--enable-natt=kernel
+.else
+CONFIGURE_ARGS+=	--disable-natt
+.endif
+
+.ifdef(WITH_FRAG)
+CONFIGURE_ARGS+=	--enable-frag
+.else
+CONFIGURE_ARGS+=	--disable-frag
+.endif
+
+.ifdef(WITH_HYBRID)
+CONFIGURE_ARGS+=	--enable-hybrid
+.else
+CONFIGURE_ARGS+=	--disable-hybrid
+.endif
+
+.ifdef(WITH_PAM)
+CONFIGURE_ARGS+=	--with-libpam
+.else
+CONFIGURE_ARGS+=	--without-libpam
+.endif
+
+.ifdef(WITH_GSSAPI)
+USE_ICONV=	yes
+CFLAGS+=	-I${LOCALBASE}/include
+LDFLAGS+=	-L${LOCALBASE}/lib
+CONFIGURE_ARGS+=	--enable-gssapi
+.else
+CONFIGURE_ARGS+=	--disable-gssapi
+.endif
+
+.ifdef(WITH_RADIUS)
+CONFIGURE_ARGS+=	--with-libradius
+.else
+CONFIGURE_ARGS+=	--without-libradius
+.endif
+
+.ifdef(WITH_SAUNSPEC)
+CONFIGURE_ARGS+=	--enable-samode-unspec
+.else
+CONFIGURE_ARGS+=	--disable-samode-unspec
+.endif
+
+.ifdef(WITH_RC5)
+CONFIGURE_ARGS+=	--enable-rc5
+.else
+CONFIGURE_ARGS+=	--disable-rc5
+.endif
+
+.ifdef(WITH_IDEA)
+CONFIGURE_ARGS+=	--enable-idea
+.else
+CONFIGURE_ARGS+=	--disable-idea
+.endif
+
+.ifdef(WITH_NATT)
+pre-configure:
+	@${ECHO_MSG} "===> -------------------------------------------------------------------------"
+	@${ECHO_MSG} "===> ATTENTION: You need a kernel patch to enable NAT-Traversal functionality!"
+	@${ECHO_MSG} "===> You can download the patch here:"
+. if ${OSVERSION} < 500000
+	@${ECHO_MSG} "===>     http://ipsec-tools.sf.net/freebsd_nat-t.diff"
+. else
+	@${ECHO_MSG} "===>     http://ipsec-tools.sf.net/freebsd6-natt.diff"
+. endif
+	@${ECHO_MSG} "===> You might possibly have to do some steps manually if it fails to apply."
+	@${ECHO_MSG} "===> -------------------------------------------------------------------------"
+	@sleep 3
+.endif
+
 post-install:
 	@if [ -z `/sbin/sysctl -a | ${GREP} -q ipsec && ${ECHO_CMD} ipsec` ]; then \
 	    ${ECHO_MSG} "WARNING: IPsec feature is disabled on this host"; \
@@ -55,4 +174,4 @@ post-install:
 	@${INSTALL_DATA} ${WRKSRC}/src/racoon/doc/* ${DOCSDIR}
 .endif
 
-.include <bsd.port.mk>
+.include <bsd.port.post.mk>
diff --git a/security/ipsec-tools/files/patch-configure b/security/ipsec-tools/files/patch-configure
new file mode 100644
index 000000000000..ce675f9cf664
--- /dev/null
+++ b/security/ipsec-tools/files/patch-configure
@@ -0,0 +1,77 @@
+--- configure.orig	Wed Apr 26 15:28:47 2006
++++ configure	Wed Apr 26 15:28:56 2006
+@@ -25122,6 +25122,74 @@
+ fi
+ 
+ 
++	echo "$as_me:$LINENO: checking for iconv_open in -liconv" >&5
++echo $ECHO_N "checking for iconv_open in -liconv... $ECHO_C" >&6
++if test "${ac_cv_lib_iconv_iconv_open+set}" = set; then
++  echo $ECHO_N "(cached) $ECHO_C" >&6
++else
++  ac_check_lib_save_LIBS=$LIBS
++LIBS="-liconv  $LIBS"
++cat >conftest.$ac_ext <<_ACEOF
++/* confdefs.h.  */
++_ACEOF
++cat confdefs.h >>conftest.$ac_ext
++cat >>conftest.$ac_ext <<_ACEOF
++/* end confdefs.h.  */
++
++/* Override any gcc2 internal prototype to avoid an error.  */
++#ifdef __cplusplus
++extern "C"
++#endif
++/* We use char because int might match the return type of a gcc2
++   builtin and then its argument prototype would still apply.  */
++char iconv_open ();
++int
++main ()
++{
++iconv_open ();
++  ;
++  return 0;
++}
++_ACEOF
++rm -f conftest.$ac_objext conftest$ac_exeext
++if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
++  (eval $ac_link) 2>conftest.er1
++  ac_status=$?
++  grep -v '^ *+' conftest.er1 >conftest.err
++  rm -f conftest.er1
++  cat conftest.err >&5
++  echo "$as_me:$LINENO: \$? = $ac_status" >&5
++  (exit $ac_status); } &&
++	 { ac_try='test -z "$ac_c_werror_flag"
++			 || test ! -s conftest.err'
++  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
++  (eval $ac_try) 2>&5
++  ac_status=$?
++  echo "$as_me:$LINENO: \$? = $ac_status" >&5
++  (exit $ac_status); }; } &&
++	 { ac_try='test -s conftest$ac_exeext'
++  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
++  (eval $ac_try) 2>&5
++  ac_status=$?
++  echo "$as_me:$LINENO: \$? = $ac_status" >&5
++  (exit $ac_status); }; }; then
++  ac_cv_lib_iconv_iconv_open=yes
++else
++  echo "$as_me: failed program was:" >&5
++sed 's/^/| /' conftest.$ac_ext >&5
++
++ac_cv_lib_iconv_iconv_open=no
++fi
++rm -f conftest.err conftest.$ac_objext \
++      conftest$ac_exeext conftest.$ac_ext
++LIBS=$ac_check_lib_save_LIBS
++fi
++echo "$as_me:$LINENO: result: $ac_cv_lib_iconv_iconv_open" >&5
++echo "${ECHO_T}$ac_cv_lib_iconv_iconv_open" >&6
++if test $ac_cv_lib_iconv_iconv_open = yes; then
++  LIBS="$LIBS -liconv"
++fi
++
+ 	echo "$as_me:$LINENO: checking if iconv second argument needs const" >&5
+ echo $ECHO_N "checking if iconv second argument needs const... $ECHO_C" >&6
+ 	saved_CFLAGS=$CFLAGS
diff --git a/security/ipsec-tools/files/racoon.sh.in b/security/ipsec-tools/files/racoon.sh.in
index c97d1bb1521a..7940c2d765b6 100644
--- a/security/ipsec-tools/files/racoon.sh.in
+++ b/security/ipsec-tools/files/racoon.sh.in
@@ -29,13 +29,17 @@ prefix=%%PREFIX%%
 
 name="racoon"
 rcvar=`set_rcvar`
-command="${prefix}/sbin/racoon"
-pidfile="/var/run/racoon.pid"
-required_files="${prefix}/etc/racoon/racoon.conf"
-stop_postcmd="racoon_poststop"
-
-racoon_poststop() {
+command="${prefix}/sbin/${name}"
+pidfile="/var/run/${name}.pid"
+socketfile="%%STATEDIR%%/${name}.sock"
+required_files="${prefix}/etc/${name}/${name}.conf"
+required_dirs="%%STATEDIR%%"
+start_precmd="racoon_cleanup"
+stop_postcmd="racoon_cleanup"
+
+racoon_cleanup() {
 	/bin/rm -f ${pidfile}
+	/bin/rm -f ${socketfile}
 }
 
 load_rc_config $name
diff --git a/security/ipsec-tools/pkg-descr b/security/ipsec-tools/pkg-descr
index aa93b1aac635..ce207c8d2667 100644
--- a/security/ipsec-tools/pkg-descr
+++ b/security/ipsec-tools/pkg-descr
@@ -4,8 +4,7 @@ establish security association with other hosts.
 This is the IPSec-tools version of racoon.
 
 Enchancements:
-- Support of NAT-T.
-- Support of IKE fragmentation.
+- Support of NAT-T and IKE fragmentation.
 - Support of many authentication algorithms.
 - Tons of bugfixes.
 
diff --git a/security/ipsec-tools/pkg-plist b/security/ipsec-tools/pkg-plist
index 509a5c89993e..30a492b8a3ce 100644
--- a/security/ipsec-tools/pkg-plist
+++ b/security/ipsec-tools/pkg-plist
@@ -1,4 +1,6 @@
+sbin/plainrsa-gen
 sbin/racoon
+sbin/racoonctl
 sbin/setkey
 include/libipsec/libpfkey.h
 include/racoon/admin.h
@@ -24,8 +26,6 @@ lib/libracoon.a
 lib/libracoon.la
 lib/libracoon.so
 lib/libracoon.so.0
-sbin/plainrsa-gen
-sbin/racoonctl
 %%EXAMPLESDIR%%/psk.txt
 %%EXAMPLESDIR%%/psk.txt.sample
 %%EXAMPLESDIR%%/racoon.conf
@@ -47,4 +47,6 @@ sbin/racoonctl
 @dirrm %%EXAMPLESDIR%%/roadwarrior/client
 @dirrm %%EXAMPLESDIR%%/roadwarrior
 @dirrm %%EXAMPLESDIR%%
-@dirrmtry var/racoon
+@cwd /
+@exec mkdir -p %%STATEDIR%%
+@dirrmtry %%STATEDIR%%