summaryrefslogtreecommitdiff
path: root/src/libcharon/plugins/systime_fix
diff options
context:
space:
mode:
authorYves-Alexis Perez <corsac@corsac.net>2017-11-21 10:22:31 +0100
committerYves-Alexis Perez <corsac@corsac.net>2017-11-21 10:22:31 +0100
commite1d78dc2faaa06e7c3f71ef674a71e4de2f0758e (patch)
treeae0c8b5f4cd8289d0797882ea18969f33ea59a1e /src/libcharon/plugins/systime_fix
parent11d6b62db969bdd808d0f56706cb18f113927a31 (diff)
downloadvyos-strongswan-e1d78dc2faaa06e7c3f71ef674a71e4de2f0758e.tar.gz
vyos-strongswan-e1d78dc2faaa06e7c3f71ef674a71e4de2f0758e.zip
New upstream version 5.6.1
Diffstat (limited to 'src/libcharon/plugins/systime_fix')
-rw-r--r--src/libcharon/plugins/systime_fix/Makefile.in2
-rw-r--r--src/libcharon/plugins/systime_fix/systime_fix_plugin.c52
2 files changed, 44 insertions, 10 deletions
diff --git a/src/libcharon/plugins/systime_fix/Makefile.in b/src/libcharon/plugins/systime_fix/Makefile.in
index 278eaa17b..0667d359c 100644
--- a/src/libcharon/plugins/systime_fix/Makefile.in
+++ b/src/libcharon/plugins/systime_fix/Makefile.in
@@ -247,9 +247,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/src/libcharon/plugins/systime_fix/systime_fix_plugin.c b/src/libcharon/plugins/systime_fix/systime_fix_plugin.c
index c1594b0b2..3209c91dc 100644
--- a/src/libcharon/plugins/systime_fix/systime_fix_plugin.c
+++ b/src/libcharon/plugins/systime_fix/systime_fix_plugin.c
@@ -1,6 +1,6 @@
/*
- * Copyright (C) 2013 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * Copyright (C) 2013-2017 Tobias Brunner
+ * HSR Hochschule fuer Technik Rapperswil
*
* Copyright (C) 2013 Martin Willi
* Copyright (C) 2013 revosec AG
@@ -55,6 +55,11 @@ struct private_systime_fix_plugin_t {
u_int interval;
/**
+ * How long to wait for a valid system time, 0 to wait indefinitely
+ */
+ time_t timeout;
+
+ /**
* Timestamp where we start considering system time valid
*/
time_t threshold;
@@ -118,6 +123,23 @@ static bool has_invalid_certs(ike_sa_t *ike_sa)
}
/**
+ * Check if we reached the timeout
+ */
+static inline bool timeout_reached(private_systime_fix_plugin_t *this)
+{
+ if (this->timeout == 0)
+ { /* disabled */
+ return FALSE;
+ }
+ if (this->timeout <= this->interval)
+ {
+ return TRUE;
+ }
+ this->timeout -= this->interval;
+ return FALSE;
+}
+
+/**
* Check system time, reevaluate certificates
*/
static job_requeue_t check_systime(private_systime_fix_plugin_t *this)
@@ -129,15 +151,23 @@ static job_requeue_t check_systime(private_systime_fix_plugin_t *this)
if (time(NULL) < this->threshold)
{
- DBG2(DBG_CFG, "systime not valid, rechecking in %ds", this->interval);
- lib->scheduler->schedule_job(lib->scheduler, (job_t*)
- callback_job_create((callback_job_cb_t)check_systime, this,
- NULL, NULL), this->interval);
- return JOB_REQUEUE_NONE;
+ if (!timeout_reached(this))
+ {
+ DBG2(DBG_CFG, "system time not valid, rechecking in %us",
+ this->interval);
+ return JOB_RESCHEDULE(this->interval);
+ }
+ DBG1(DBG_CFG, "timeout reached while waiting for valid system time, "
+ "force rechecking certificates");
+ /* force regular lifetime checks for new connections */
+ lib->credmgr->remove_validator(lib->credmgr,
+ &this->validator->validator);
+ }
+ else
+ {
+ DBG1(DBG_CFG, "system time got valid, rechecking certificates");
}
- DBG1(DBG_CFG, "system time got valid, rechecking certificates");
-
enumerator = charon->ike_sa_manager->create_enumerator(
charon->ike_sa_manager, TRUE);
while (enumerator->enumerate(enumerator, &ike_sa))
@@ -225,7 +255,7 @@ static bool plugin_cb(private_systime_fix_plugin_t *this,
lib->credmgr->add_validator(lib->credmgr, &this->validator->validator);
if (this->interval != 0)
{
- DBG1(DBG_CFG, "starting systime check, interval: %ds",
+ DBG1(DBG_CFG, "starting system time check, interval: %us",
this->interval);
lib->scheduler->schedule_job(lib->scheduler, (job_t*)
callback_job_create((callback_job_cb_t)check_systime,
@@ -275,6 +305,8 @@ plugin_t *systime_fix_plugin_create()
},
.interval = lib->settings->get_int(lib->settings,
"%s.plugins.%s.interval", 0, lib->ns, get_name(this)),
+ .timeout = lib->settings->get_time(lib->settings,
+ "%s.plugins.%s.timeout", 0, lib->ns, get_name(this)),
.reauth = lib->settings->get_bool(lib->settings,
"%s.plugins.%s.reauth", FALSE, lib->ns, get_name(this)),
);