diff options
Diffstat (limited to 'src/starter/starter.c')
-rw-r--r-- | src/starter/starter.c | 67 |
1 files changed, 65 insertions, 2 deletions
diff --git a/src/starter/starter.c b/src/starter/starter.c index bc2e8f1df..6ff0ac29c 100644 --- a/src/starter/starter.c +++ b/src/starter/starter.c @@ -11,7 +11,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * RCSID $Id: starter.c 3369 2007-11-28 17:02:12Z andreas $ + * RCSID $Id: starter.c 3914 2008-05-08 10:58:04Z martin $ */ #include <sys/types.h> @@ -26,6 +26,8 @@ #include <string.h> #include <errno.h> #include <fcntl.h> +#include <pwd.h> +#include <grp.h> #include <freeswan.h> @@ -139,6 +141,64 @@ fsig(int signal) } } +static void generate_selfcert() +{ + struct stat stb; + + /* if ipsec.secrets file is missing then generate RSA default key pair */ + if (stat(SECRETS_FILE, &stb) != 0) + { + mode_t oldmask; + FILE *f; + uid_t uid = 0; + gid_t gid = 0; + +#ifdef IPSEC_GROUP + { + char buf[1024]; + struct group group, *grp; + + if (getgrnam_r(IPSEC_GROUP, &group, buf, sizeof(buf), &grp) == 0 && + grp) + { + gid = grp->gr_gid; + } + } +#endif +#ifdef IPSEC_USER + { + char buf[1024]; + struct passwd passwd, *pwp; + + if (getpwnam_r(IPSEC_USER, &passwd, buf, sizeof(buf), &pwp) == 0 && + pwp) + { + uid = pwp->pw_uid; + } + } +#endif + setegid(gid); + seteuid(uid); + system("ipsec scepclient --out pkcs1 --out cert-self --quiet"); + seteuid(0); + setegid(0); + + /* ipsec.secrets is root readable only */ + oldmask = umask(0066); + + f = fopen(SECRETS_FILE, "w"); + if (f) + { + fprintf(f, "# /etc/ipsec.secrets - strongSwan IPsec secrets file\n"); + fprintf(f, "\n"); + fprintf(f, ": RSA myKey.der\n"); + fclose(f); + } + chown(SECRETS_FILE, uid, gid); + umask(oldmask); + } +} + static void usage(char *name) { @@ -274,6 +334,8 @@ int main (int argc, char **argv) plog("starter is already running (%s exists) -- no fork done", STARTER_PID_FILE); exit(LSB_RC_SUCCESS); } + + generate_selfcert(); /* fork if we're not debugging stuff */ if (!no_fork) @@ -541,6 +603,7 @@ int main (int argc, char **argv) /* schedule next try */ alarm(PLUTO_RESTART_DELAY); } + starter_stroke_configure(cfg); } _action_ &= ~FLAG_ACTION_START_CHARON; } @@ -589,7 +652,7 @@ int main (int argc, char **argv) } if (starter_charon_pid()) { - starter_stroke_add_conn(conn); + starter_stroke_add_conn(cfg, conn); } if (starter_pluto_pid()) { |