summaryrefslogtreecommitdiff
path: root/src/starter/starter.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/starter/starter.c')
-rw-r--r--src/starter/starter.c67
1 files changed, 65 insertions, 2 deletions
diff --git a/src/starter/starter.c b/src/starter/starter.c
index bc2e8f1df..6ff0ac29c 100644
--- a/src/starter/starter.c
+++ b/src/starter/starter.c
@@ -11,7 +11,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * RCSID $Id: starter.c 3369 2007-11-28 17:02:12Z andreas $
+ * RCSID $Id: starter.c 3914 2008-05-08 10:58:04Z martin $
*/
#include <sys/types.h>
@@ -26,6 +26,8 @@
#include <string.h>
#include <errno.h>
#include <fcntl.h>
+#include <pwd.h>
+#include <grp.h>
#include <freeswan.h>
@@ -139,6 +141,64 @@ fsig(int signal)
}
}
+static void generate_selfcert()
+{
+ struct stat stb;
+
+ /* if ipsec.secrets file is missing then generate RSA default key pair */
+ if (stat(SECRETS_FILE, &stb) != 0)
+ {
+ mode_t oldmask;
+ FILE *f;
+ uid_t uid = 0;
+ gid_t gid = 0;
+
+#ifdef IPSEC_GROUP
+ {
+ char buf[1024];
+ struct group group, *grp;
+
+ if (getgrnam_r(IPSEC_GROUP, &group, buf, sizeof(buf), &grp) == 0 &&
+ grp)
+ {
+ gid = grp->gr_gid;
+ }
+ }
+#endif
+#ifdef IPSEC_USER
+ {
+ char buf[1024];
+ struct passwd passwd, *pwp;
+
+ if (getpwnam_r(IPSEC_USER, &passwd, buf, sizeof(buf), &pwp) == 0 &&
+ pwp)
+ {
+ uid = pwp->pw_uid;
+ }
+ }
+#endif
+ setegid(gid);
+ seteuid(uid);
+ system("ipsec scepclient --out pkcs1 --out cert-self --quiet");
+ seteuid(0);
+ setegid(0);
+
+ /* ipsec.secrets is root readable only */
+ oldmask = umask(0066);
+
+ f = fopen(SECRETS_FILE, "w");
+ if (f)
+ {
+ fprintf(f, "# /etc/ipsec.secrets - strongSwan IPsec secrets file\n");
+ fprintf(f, "\n");
+ fprintf(f, ": RSA myKey.der\n");
+ fclose(f);
+ }
+ chown(SECRETS_FILE, uid, gid);
+ umask(oldmask);
+ }
+}
+
static void
usage(char *name)
{
@@ -274,6 +334,8 @@ int main (int argc, char **argv)
plog("starter is already running (%s exists) -- no fork done", STARTER_PID_FILE);
exit(LSB_RC_SUCCESS);
}
+
+ generate_selfcert();
/* fork if we're not debugging stuff */
if (!no_fork)
@@ -541,6 +603,7 @@ int main (int argc, char **argv)
/* schedule next try */
alarm(PLUTO_RESTART_DELAY);
}
+ starter_stroke_configure(cfg);
}
_action_ &= ~FLAG_ACTION_START_CHARON;
}
@@ -589,7 +652,7 @@ int main (int argc, char **argv)
}
if (starter_charon_pid())
{
- starter_stroke_add_conn(conn);
+ starter_stroke_add_conn(cfg, conn);
}
if (starter_pluto_pid())
{