Add an option --enable-wildcard-match to enable wildcard matching and explain

why we might want it and why it is a bad idea in general that's why it is
not enabled by default. ok tteras@, manu@

crypto/dist/ipsec-tools/configure.ac

@@ -105,6 +105,14 @@ case "$host_os" in
     ;;
 esac
 
+AH_TEMPLATE(ENABLE_WILDCARD_MATCH, [Enable wildcard matching in pre-shared-key file])
+AC_ARG_ENABLE([wildcard-match],
+[--enable-wildcard-match	Enable wildcard matching in pre-shared-key file],
+[case "${enableval}" in
+(yes)	AC_DEFINE(ENABLE_WILDCARD_MATCH);;
+(no)	;;
+(*)	AC_MSG_ERROR(bad value ${enableval} for --enable-wildcard-match);;
+esac],[])
 ### Some basic toolchain checks
 
 # Checks for header files.

crypto/dist/ipsec-tools/src/racoon/localconf.c

@@ -1,4 +1,4 @@
-/*	$NetBSD: localconf.c,v 1.8 2012/01/01 15:29:28 tteras Exp $	*/
+/*	$NetBSD: localconf.c,v 1.9 2013/06/20 15:41:18 christos Exp $	*/
 
 /*	$KAME: localconf.c,v 1.33 2001/08/09 07:32:19 sakane Exp $	*/
 
@@ -247,7 +247,11 @@ getpsk(str, len)
 		if (*p == '\0')
 			continue;	/* no 2nd parameter */
 		p--;
-		if (strncmp(buf, str, len) == 0 && buf[len] == '\0') {
+		if (
+#ifdef ENABLE_WILDCARD_MATCH
+		    strncmp(buf, "*", 2) == 0 ||
+#endif
+		    (strncmp(buf, str, len) == 0 && buf[len] == '\0')) {
 			p++;
 			keylen = 0;
 			for (q = p; *q != '\0' && *q != '\n'; q++)

crypto/dist/ipsec-tools/src/racoon/racoon.conf.5

@@ -1,4 +1,4 @@
-.\"	$NetBSD: racoon.conf.5,v 1.66 2012/11/30 08:19:01 wiz Exp $
+.\"	$NetBSD: racoon.conf.5,v 1.67 2013/06/20 15:41:18 christos Exp $
 .\"
 .\"	Id: racoon.conf.5,v 1.54 2006/08/22 18:17:17 manubsd Exp
 .\"
@@ -29,7 +29,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.Dd November 29, 2012
+.Dd June 17, 2013
 .Dt RACOON.CONF 5
 .Os
 .\"
@@ -1468,6 +1468,32 @@ Note that the file must be owned by the user ID running
 .Xr racoon 8
 .Pq usually the privileged user ,
 and must not be accessible by others.
+.Pp
+If configured with
+.Dv ENABLE_WILDCARD_MATCH ,
+this implementation allows a wildcard key
+.Dq * .
+This is allowed for the special case of a single user connecting to
+a gateway using an iPhone.
+On an iPhone, L2TP over IPSEC only supports
+main mode with pre-shared keys (no certificates).
+Unfortunately racoon
+only supports pre-shared-key lookup by address when identity protection
+is used, and since the iPhone does not have a specific IP address, we
+don't know what key to put in the pre-shared key file. 
+.Pp
+Sharing the connection with more than one user is strongly discouraged
+because any user can pretend to be the server since they know the pre-shared
+key.
+This means that any user can steal the traffic of any other user, by
+spoofing DNS which is not trivial but easy.
+Even worse, the malicious user will be able to then steal any other
+authentication data (CHAP/XAUTH etc.) that another user will supply
+to the compromised server, because it assumes that phase 1 is secured
+by the pre-shared key.
+.Pp
+In summary, never use wildcard keys if your gateway is hosting more than
+one user.
 .\"
 .Sh EXAMPLES
 The following shows how the remote directive should be configured.