diff options
author | Yves-Alexis Perez <corsac@corsac.net> | 2017-11-21 10:22:31 +0100 |
---|---|---|
committer | Yves-Alexis Perez <corsac@corsac.net> | 2017-11-21 10:22:31 +0100 |
commit | e1d78dc2faaa06e7c3f71ef674a71e4de2f0758e (patch) | |
tree | ae0c8b5f4cd8289d0797882ea18969f33ea59a1e /src/libcharon/plugins/systime_fix | |
parent | 11d6b62db969bdd808d0f56706cb18f113927a31 (diff) | |
download | vyos-strongswan-e1d78dc2faaa06e7c3f71ef674a71e4de2f0758e.tar.gz vyos-strongswan-e1d78dc2faaa06e7c3f71ef674a71e4de2f0758e.zip |
New upstream version 5.6.1
Diffstat (limited to 'src/libcharon/plugins/systime_fix')
-rw-r--r-- | src/libcharon/plugins/systime_fix/Makefile.in | 2 | ||||
-rw-r--r-- | src/libcharon/plugins/systime_fix/systime_fix_plugin.c | 52 |
2 files changed, 44 insertions, 10 deletions
diff --git a/src/libcharon/plugins/systime_fix/Makefile.in b/src/libcharon/plugins/systime_fix/Makefile.in index 278eaa17b..0667d359c 100644 --- a/src/libcharon/plugins/systime_fix/Makefile.in +++ b/src/libcharon/plugins/systime_fix/Makefile.in @@ -247,9 +247,11 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +FUZZING_LDFLAGS = @FUZZING_LDFLAGS@ GEM = @GEM@ GENHTML = @GENHTML@ GPERF = @GPERF@ +GPERF_LEN_TYPE = @GPERF_LEN_TYPE@ GPRBUILD = @GPRBUILD@ GREP = @GREP@ INSTALL = @INSTALL@ diff --git a/src/libcharon/plugins/systime_fix/systime_fix_plugin.c b/src/libcharon/plugins/systime_fix/systime_fix_plugin.c index c1594b0b2..3209c91dc 100644 --- a/src/libcharon/plugins/systime_fix/systime_fix_plugin.c +++ b/src/libcharon/plugins/systime_fix/systime_fix_plugin.c @@ -1,6 +1,6 @@ /* - * Copyright (C) 2013 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * Copyright (C) 2013-2017 Tobias Brunner + * HSR Hochschule fuer Technik Rapperswil * * Copyright (C) 2013 Martin Willi * Copyright (C) 2013 revosec AG @@ -55,6 +55,11 @@ struct private_systime_fix_plugin_t { u_int interval; /** + * How long to wait for a valid system time, 0 to wait indefinitely + */ + time_t timeout; + + /** * Timestamp where we start considering system time valid */ time_t threshold; @@ -118,6 +123,23 @@ static bool has_invalid_certs(ike_sa_t *ike_sa) } /** + * Check if we reached the timeout + */ +static inline bool timeout_reached(private_systime_fix_plugin_t *this) +{ + if (this->timeout == 0) + { /* disabled */ + return FALSE; + } + if (this->timeout <= this->interval) + { + return TRUE; + } + this->timeout -= this->interval; + return FALSE; +} + +/** * Check system time, reevaluate certificates */ static job_requeue_t check_systime(private_systime_fix_plugin_t *this) @@ -129,15 +151,23 @@ static job_requeue_t check_systime(private_systime_fix_plugin_t *this) if (time(NULL) < this->threshold) { - DBG2(DBG_CFG, "systime not valid, rechecking in %ds", this->interval); - lib->scheduler->schedule_job(lib->scheduler, (job_t*) - callback_job_create((callback_job_cb_t)check_systime, this, - NULL, NULL), this->interval); - return JOB_REQUEUE_NONE; + if (!timeout_reached(this)) + { + DBG2(DBG_CFG, "system time not valid, rechecking in %us", + this->interval); + return JOB_RESCHEDULE(this->interval); + } + DBG1(DBG_CFG, "timeout reached while waiting for valid system time, " + "force rechecking certificates"); + /* force regular lifetime checks for new connections */ + lib->credmgr->remove_validator(lib->credmgr, + &this->validator->validator); + } + else + { + DBG1(DBG_CFG, "system time got valid, rechecking certificates"); } - DBG1(DBG_CFG, "system time got valid, rechecking certificates"); - enumerator = charon->ike_sa_manager->create_enumerator( charon->ike_sa_manager, TRUE); while (enumerator->enumerate(enumerator, &ike_sa)) @@ -225,7 +255,7 @@ static bool plugin_cb(private_systime_fix_plugin_t *this, lib->credmgr->add_validator(lib->credmgr, &this->validator->validator); if (this->interval != 0) { - DBG1(DBG_CFG, "starting systime check, interval: %ds", + DBG1(DBG_CFG, "starting system time check, interval: %us", this->interval); lib->scheduler->schedule_job(lib->scheduler, (job_t*) callback_job_create((callback_job_cb_t)check_systime, @@ -275,6 +305,8 @@ plugin_t *systime_fix_plugin_create() }, .interval = lib->settings->get_int(lib->settings, "%s.plugins.%s.interval", 0, lib->ns, get_name(this)), + .timeout = lib->settings->get_time(lib->settings, + "%s.plugins.%s.timeout", 0, lib->ns, get_name(this)), .reauth = lib->settings->get_bool(lib->settings, "%s.plugins.%s.reauth", FALSE, lib->ns, get_name(this)), ); |