New upstream version 5.5.1

6 files changed, 11 insertions, 81 deletions

diff --git a/src/starter/Makefile.am b/src/starter/Makefile.am
index 873c20ace..a3c58126e 100644
--- a/src/starter/Makefile.am
+++ b/src/starter/Makefile.am
@@ -39,7 +39,7 @@ starter_LDADD = \
 	libstarter.la \
 	$(SOCKLIB) $(PTHREADLIB) $(ATOMICLIB)
 
-EXTRA_DIST = keywords.txt ipsec.conf Android.mk
+EXTRA_DIST = keywords.txt ipsec.conf ipsec.secrets Android.mk
 MAINTAINERCLEANFILES = keywords.c
 BUILT_SOURCES = keywords.c parser/parser.h
 
@@ -47,10 +47,6 @@ if USE_LOAD_WARNING
   AM_CPPFLAGS += -DLOAD_WARNING
 endif
 
-if USE_SCEPCLIENT
-  AM_CPPFLAGS += -DGENERATE_SELFCERT
-endif
-
 keywords.c:	$(srcdir)/keywords.txt $(srcdir)/keywords.h
 		$(AM_V_GEN) \
 		$(GPERF) -m 10 -C -G -D -t < $(srcdir)/keywords.txt > $@
@@ -66,3 +62,4 @@ install-exec-local :
 		test -e "$(DESTDIR)${sysconfdir}/ipsec.d/reqs" || $(INSTALL) -d "$(DESTDIR)$(sysconfdir)/ipsec.d/reqs" || true
 		test -e "$(DESTDIR)${sysconfdir}/ipsec.d/private" || $(INSTALL) -d -m 750 "$(DESTDIR)$(sysconfdir)/ipsec.d/private" || true
 		test -e "$(DESTDIR)$(sysconfdir)/ipsec.conf" || $(INSTALL) -m 644 $(srcdir)/ipsec.conf $(DESTDIR)$(sysconfdir)/ipsec.conf || true
+		test -e "$(DESTDIR)$(sysconfdir)/ipsec.secrets" || $(INSTALL) -m 600 $(srcdir)/ipsec.secrets $(DESTDIR)$(sysconfdir)/ipsec.secrets || true
diff --git a/src/starter/Makefile.in b/src/starter/Makefile.in
index 19753de4f..4cc0ab54e 100644
--- a/src/starter/Makefile.in
+++ b/src/starter/Makefile.in
@@ -91,7 +91,6 @@ build_triplet = @build@
 host_triplet = @host@
 ipsec_PROGRAMS = starter$(EXEEXT)
 @USE_LOAD_WARNING_TRUE@am__append_1 = -DLOAD_WARNING
-@USE_SCEPCLIENT_TRUE@am__append_2 = -DGENERATE_SELFCERT
 subdir = src/starter
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
@@ -396,7 +395,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
 cmd_plugins = @cmd_plugins@
 datadir = @datadir@
 datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
 dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
@@ -430,8 +428,6 @@ libiptc_LIBS = @libiptc_LIBS@
 linux_headers = @linux_headers@
 localedir = @localedir@
 localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
 manager_plugins = @manager_plugins@
 mandir = @mandir@
 medsrv_plugins = @medsrv_plugins@
@@ -485,6 +481,8 @@ target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
 urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
@@ -509,8 +507,7 @@ AM_CPPFLAGS = -I${linux_headers} -I$(top_srcdir)/src/libstrongswan \
 	-DIPSEC_SCRIPT=\"${ipsec_script}\" \
 	-DDEV_RANDOM=\"${random_device}\" \
 	-DDEV_URANDOM=\"${urandom_device}\" \
-	-DPLUGINS=\""${starter_plugins}\"" -DDEBUG $(am__append_1) \
-	$(am__append_2)
+	-DPLUGINS=\""${starter_plugins}\"" -DDEBUG $(am__append_1)
 AM_CFLAGS = \
 	@COVERAGE_CFLAGS@
 
@@ -521,7 +518,7 @@ starter_LDADD = \
 	libstarter.la \
 	$(SOCKLIB) $(PTHREADLIB) $(ATOMICLIB)
 
-EXTRA_DIST = keywords.txt ipsec.conf Android.mk
+EXTRA_DIST = keywords.txt ipsec.conf ipsec.secrets Android.mk
 MAINTAINERCLEANFILES = keywords.c
 BUILT_SOURCES = keywords.c parser/parser.h
 all: $(BUILT_SOURCES)
@@ -1007,6 +1004,7 @@ install-exec-local :
 		test -e "$(DESTDIR)${sysconfdir}/ipsec.d/reqs" || $(INSTALL) -d "$(DESTDIR)$(sysconfdir)/ipsec.d/reqs" || true
 		test -e "$(DESTDIR)${sysconfdir}/ipsec.d/private" || $(INSTALL) -d -m 750 "$(DESTDIR)$(sysconfdir)/ipsec.d/private" || true
 		test -e "$(DESTDIR)$(sysconfdir)/ipsec.conf" || $(INSTALL) -m 644 $(srcdir)/ipsec.conf $(DESTDIR)$(sysconfdir)/ipsec.conf || true
+		test -e "$(DESTDIR)$(sysconfdir)/ipsec.secrets" || $(INSTALL) -m 600 $(srcdir)/ipsec.secrets $(DESTDIR)$(sysconfdir)/ipsec.secrets || true
 
 # Tell versions [3.59,3.63) of GNU make to not export all variables.
 # Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/src/starter/confread.c b/src/starter/confread.c
index 33924b065..3fb750e51 100644
--- a/src/starter/confread.c
+++ b/src/starter/confread.c
@@ -222,6 +222,7 @@ static void conn_defaults(starter_conn_t *conn)
 	conn->dpd_delay             =  30; /* seconds */
 	conn->dpd_timeout           = 150; /* seconds */
 	conn->replay_window         = SA_REPLAY_WINDOW_DEFAULT;
+	conn->fragmentation         = FRAGMENTATION_YES;
 
 	conn->left.sendcert = CERT_SEND_IF_ASKED;
 	conn->right.sendcert = CERT_SEND_IF_ASKED;
diff --git a/src/starter/ipsec.secrets b/src/starter/ipsec.secrets
new file mode 100644
index 000000000..dae7709a1
--- /dev/null
+++ b/src/starter/ipsec.secrets
@@ -0,0 +1 @@
+# ipsec.secrets - strongSwan IPsec secrets file
diff --git a/src/starter/starter.c b/src/starter/starter.c
index 45c28d3cc..51a42a504 100644
--- a/src/starter/starter.c
+++ b/src/starter/starter.c
@@ -257,68 +257,6 @@ static void fatal_signal_handler(int signal)
 	abort();
 }
 
-#ifdef GENERATE_SELFCERT
-static void generate_selfcert()
-{
-	const char *secrets_file;
-	struct stat stb;
-
-	secrets_file = lib->settings->get_str(lib->settings,
-							"charon.plugins.stroke.secrets_file", SECRETS_FILE);
-
-	/* if ipsec.secrets file is missing then generate RSA default key pair */
-	if (stat(secrets_file, &stb) != 0)
-	{
-		mode_t oldmask;
-		FILE *f;
-		uid_t uid = 0;
-		gid_t gid = 0;
-
-#ifdef IPSEC_GROUP
-		{
-			char buf[1024];
-			struct group group, *grp;
-
-			if (getgrnam_r(IPSEC_GROUP, &group, buf, sizeof(buf), &grp) == 0 &&	grp)
-			{
-				gid = grp->gr_gid;
-			}
-		}
-#endif
-#ifdef IPSEC_USER
-		{
-			char buf[1024];
-			struct passwd passwd, *pwp;
-
-			if (getpwnam_r(IPSEC_USER, &passwd, buf, sizeof(buf), &pwp) == 0 &&	pwp)
-			{
-				uid = pwp->pw_uid;
-			}
-		}
-#endif
-		ignore_result(setegid(gid));
-		ignore_result(seteuid(uid));
-		ignore_result(system(IPSEC_SCRIPT " scepclient --out pkcs1 --out cert-self --quiet"));
-		ignore_result(seteuid(0));
-		ignore_result(setegid(0));
-
-		/* ipsec.secrets is root readable only */
-		oldmask = umask(0066);
-
-		f = fopen(secrets_file, "w");
-		if (f)
-		{
-			fprintf(f, "# /etc/ipsec.secrets - strongSwan IPsec secrets file\n");
-			fprintf(f, "\n");
-			fprintf(f, ": RSA myKey.der\n");
-			fclose(f);
-		}
-		ignore_result(chown(secrets_file, uid, gid));
-		umask(oldmask);
-	}
-}
-#endif /* GENERATE_SELFCERT */
-
 static bool check_pid(char *pid_file)
 {
 	struct stat stb;
@@ -604,10 +542,6 @@ int main (int argc, char **argv)
 		exit(LSB_RC_SUCCESS);
 	}
 
-#ifdef GENERATE_SELFCERT
-	generate_selfcert();
-#endif
-
 	/* fork if we're not debugging stuff */
 	if (!no_fork)
 	{
diff --git a/src/starter/tests/Makefile.in b/src/starter/tests/Makefile.in
index 25e3e7488..46d200f95 100644
--- a/src/starter/tests/Makefile.in
+++ b/src/starter/tests/Makefile.in
@@ -347,7 +347,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
 cmd_plugins = @cmd_plugins@
 datadir = @datadir@
 datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
 dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
@@ -381,8 +380,6 @@ libiptc_LIBS = @libiptc_LIBS@
 linux_headers = @linux_headers@
 localedir = @localedir@
 localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
 manager_plugins = @manager_plugins@
 mandir = @mandir@
 medsrv_plugins = @medsrv_plugins@
@@ -436,6 +433,8 @@ target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
 urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@