diff options
| author | Rene Mayrhofer <rene@mayrhofer.eu.org> | 2009-04-01 20:13:30 +0000 |
|---|---|---|
| committer | Rene Mayrhofer <rene@mayrhofer.eu.org> | 2009-04-01 20:13:30 +0000 |
| commit | c3e7f611ea8273c6b3909cb006ade4903a74aad0 (patch) | |
| tree | a5ae5b5059f98c0e5366d61b1b19cd9e70162f9f /src/starter | |
| parent | 7a229aeb240cc750546f55ad089022f0ca7dc44f (diff) | |
| download | vyos-strongswan-c3e7f611ea8273c6b3909cb006ade4903a74aad0.tar.gz vyos-strongswan-c3e7f611ea8273c6b3909cb006ade4903a74aad0.zip | |
[svn-upgrade] Integrating new upstream version, strongswan (4.2.14)
Diffstat (limited to 'src/starter')
| -rw-r--r-- | src/starter/Makefile.am | 8 | ||||
| -rw-r--r-- | src/starter/Makefile.in | 6 | ||||
| -rw-r--r-- | src/starter/confread.c | 11 | ||||
| -rw-r--r-- | src/starter/invokecharon.c | 4 | ||||
| -rw-r--r-- | src/starter/invokepluto.c | 44 | ||||
| -rw-r--r-- | src/starter/ipsec.conf.5 | 14 |
6 files changed, 68 insertions, 19 deletions
diff --git a/src/starter/Makefile.am b/src/starter/Makefile.am index 78320b4c7..8a9ba54c9 100644 --- a/src/starter/Makefile.am +++ b/src/starter/Makefile.am @@ -15,6 +15,14 @@ MAINTAINERCLEANFILES = lex.yy.c y.tab.c y.tab.h keywords.c PLUTODIR=$(top_srcdir)/src/pluto SCEPCLIENTDIR=$(top_srcdir)/src/scepclient +if USE_PLUTO + AM_CFLAGS += -DSTART_PLUTO +endif + +if USE_CHARON + AM_CFLAGS += -DSTART_CHARON +endif + lex.yy.c: parser.l parser.y parser.h y.tab.c $(LEX) --nounput $< diff --git a/src/starter/Makefile.in b/src/starter/Makefile.in index 1301b931d..54fd28604 100644 --- a/src/starter/Makefile.in +++ b/src/starter/Makefile.in @@ -33,6 +33,8 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ ipsec_PROGRAMS = starter$(EXEEXT) +@USE_PLUTO_TRUE@am__append_1 = -DSTART_PLUTO +@USE_CHARON_TRUE@am__append_2 = -DSTART_CHARON subdir = src/starter DIST_COMMON = README $(dist_man_MANS) $(srcdir)/Makefile.am \ $(srcdir)/Makefile.in @@ -219,7 +221,9 @@ keywords.c files.h keywords.h cmp.c starter.c cmp.h exec.c invokecharon.c \ exec.h invokecharon.h lex.yy.c loglite.c klips.c klips.h INCLUDES = -I${linuxdir} -I$(top_srcdir)/src/libfreeswan -I$(top_srcdir)/src/pluto -I$(top_srcdir)/src/whack -I$(top_srcdir)/src/stroke -AM_CFLAGS = -DIPSEC_DIR=\"${ipsecdir}\" -DIPSEC_CONFDIR=\"${confdir}\" -DIPSEC_PIDDIR=\"${piddir}\" -DIPSEC_EAPDIR=\"${eapdir}\" -DDEBUG +AM_CFLAGS = -DIPSEC_DIR=\"${ipsecdir}\" -DIPSEC_CONFDIR=\"${confdir}\" \ + -DIPSEC_PIDDIR=\"${piddir}\" -DIPSEC_EAPDIR=\"${eapdir}\" \ + -DDEBUG $(am__append_1) $(am__append_2) starter_LDADD = defs.o $(top_builddir)/src/libfreeswan/libfreeswan.a EXTRA_DIST = parser.l parser.y keywords.txt ipsec.conf dist_man_MANS = ipsec.conf.5 starter.8 diff --git a/src/starter/confread.c b/src/starter/confread.c index d0d1f4ed8..855d07b51 100644 --- a/src/starter/confread.c +++ b/src/starter/confread.c @@ -11,7 +11,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * RCSID $Id: confread.c 4882 2009-02-18 19:57:15Z tobias $ + * RCSID $Id: confread.c 5002 2009-03-24 15:02:12Z martin $ */ #include <stddef.h> @@ -61,8 +61,13 @@ static void default_values(starter_config_t *cfg) cfg->setup.hidetos = TRUE; cfg->setup.uniqueids = TRUE; cfg->setup.interfaces = new_list("%defaultroute"); + +#ifdef START_CHARON cfg->setup.charonstart = TRUE; +#endif +#ifdef START_PLUTO cfg->setup.plutostart = TRUE; +#endif cfg->conn_default.seen = LEMPTY; cfg->conn_default.startup = STARTUP_NO; @@ -625,6 +630,10 @@ load_conn(starter_conn_t *conn, kw_list_t *kw, starter_config_t *cfg) { conn->eap_type = 26; } + else if (streq(kw->value, "radius")) + { /* pseudo-type */ + conn->eap_type = 253; + } else { conn->eap_type = atoi(kw->value); diff --git a/src/starter/invokecharon.c b/src/starter/invokecharon.c index 8028bbe54..dd3f5f018 100644 --- a/src/starter/invokecharon.c +++ b/src/starter/invokecharon.c @@ -14,7 +14,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * RCSID $Id: invokecharon.c 4833 2009-01-13 06:50:55Z andreas $ + * RCSID $Id: invokecharon.c 5050 2009-03-27 16:14:59Z andreas $ */ #include <sys/types.h> @@ -216,7 +216,7 @@ starter_start_charon (starter_config_t *cfg, bool no_fork) { kill(pid, SIGKILL); } - usleep(20000); + usleep(20000); /* sleep for 20 ms */ } } else diff --git a/src/starter/invokepluto.c b/src/starter/invokepluto.c index e18d6e38d..edc587124 100644 --- a/src/starter/invokepluto.c +++ b/src/starter/invokepluto.c @@ -11,7 +11,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * RCSID $Id: invokepluto.c 4632 2008-11-11 18:37:19Z martin $ + * RCSID $Id: invokepluto.c 5050 2009-03-27 16:14:59Z andreas $ */ #include <sys/types.h> @@ -62,33 +62,49 @@ starter_pluto_sigchild(pid_t pid) int starter_stop_pluto (void) { - pid_t pid; int i; + pid_t pid = _pluto_pid; - pid = _pluto_pid; if (pid) { _stop_requested = 1; + if (starter_whack_shutdown() == 0) { - for (i = 0; i < 20; i++) + for (i = 0; i < 400; i++) { - usleep(20000); + usleep(20000); /* sleep for 20 ms */ if (_pluto_pid == 0) + { + plog("pluto stopped after %d ms", 20*(i+1)); return 0; + } } } /* be more and more aggressive */ for (i = 0; i < 20 && (pid = _pluto_pid) != 0; i++) { + if (i < 10) + { kill(pid, SIGTERM); + } + if (i == 10) + { + kill(pid, SIGKILL); + plog("starter_stop_pluto(): pluto does not respond, sending KILL"); + } else + { kill(pid, SIGKILL); - usleep(20000); + } + usleep(100000); /* sleep for 100 ms */ } if (_pluto_pid == 0) + { + plog("pluto stopped after %d ms", 8000 + 100*i); return 0; + } plog("starter_stop_pluto(): can't stop pluto !!!"); return -1; } @@ -248,17 +264,17 @@ starter_start_pluto (starter_config_t *cfg, bool no_fork) default: /* father */ _pluto_pid = pid; - for (i = 0; i < 50 && _pluto_pid; i++) + for (i = 0; i < 500 && _pluto_pid; i++) { - /* wait for pluto */ + /* wait for pluto for a maximum of 500 x 20 ms = 10 s */ usleep(20000); if (stat(PLUTO_CTL_FILE, &stb) == 0) { - DBG(DBG_CONTROL, - DBG_log("pluto (%d) started", _pluto_pid) - ) + plog("pluto (%d) started after %d ms", _pluto_pid, 20*(i+1)); if (cfg->setup.postpluto) + { ignore_result(system(cfg->setup.postpluto)); + } return 0; } } @@ -269,10 +285,14 @@ starter_start_pluto (starter_config_t *cfg, bool no_fork) for (i = 0; i < 20 && (pid = _pluto_pid) != 0; i++) { if (i < 10) + { kill(pid, SIGTERM); + } else + { kill(pid, SIGKILL); - usleep(20000); + } + usleep(20000); /* sleep for 20 ms */ } } else diff --git a/src/starter/ipsec.conf.5 b/src/starter/ipsec.conf.5 index 9ad03eb60..565f15c66 100644 --- a/src/starter/ipsec.conf.5 +++ b/src/starter/ipsec.conf.5 @@ -1,5 +1,5 @@ .TH IPSEC.CONF 5 "27 Jun 2007" -.\" RCSID $Id: ipsec.conf.5 4890 2009-02-19 22:12:04Z andreas $ +.\" RCSID $Id: ipsec.conf.5 5002 2009-03-24 15:02:12Z martin $ .SH NAME ipsec.conf \- IPsec configuration and connections .SH DESCRIPTION @@ -369,6 +369,10 @@ in the form (e.g. .B eap=7-12345 ) can be used to specify vendor specific EAP types. + +To forward EAP authentication to a RADIUS server using the EAP-RADIUS plugin, +set +.B eap=radius .TP .B eap_identity defines the identity the client uses to reply to a EAP Identity request. @@ -936,9 +940,11 @@ and whether to start the IKEv2 Charon daemon or not. Accepted values are .B yes -(the default) or .BR no . +The default is +.B yes +if starter was compiled with IKEv2 support. .TP .B dumpdir in what directory should things started by \fBipsec starter\fR @@ -951,9 +957,11 @@ This feature is currently not yet supported by \fBipsec starter\fR. whether to start the IKEv1 Pluto daemon or not. Accepted values are .B yes -(the default) or .BR no . +The default is +.B yes +if starter was compiled with IKEv1 support. .TP .B strictcrlpolicy defines if a fresh CRL must be available in order for the peer authentication based |