diff options
Diffstat (limited to 'src/starter')
-rw-r--r-- | src/starter/Makefile.am | 37 | ||||
-rw-r--r-- | src/starter/Makefile.in | 97 | ||||
-rw-r--r-- | src/starter/confread.c | 2 | ||||
-rw-r--r-- | src/starter/keywords.c | 312 | ||||
-rw-r--r-- | src/starter/keywords.h | 6 | ||||
-rw-r--r-- | src/starter/keywords.txt | 6 | ||||
-rw-r--r-- | src/starter/netkey.c | 2 | ||||
-rw-r--r-- | src/starter/starter.c | 28 |
8 files changed, 265 insertions, 225 deletions
diff --git a/src/starter/Makefile.am b/src/starter/Makefile.am index c220c2e63..48110dd02 100644 --- a/src/starter/Makefile.am +++ b/src/starter/Makefile.am @@ -6,21 +6,20 @@ starterstroke.h confread.h args.c \ keywords.c files.h keywords.h cmp.c starter.c cmp.h invokecharon.c \ invokecharon.h klips.c klips.h -INCLUDES = \ --I${linux_headers} \ --I$(top_srcdir)/src/libstrongswan \ --I$(top_srcdir)/src/libhydra \ --I$(top_srcdir)/src/stroke - -AM_CFLAGS = \ --DIPSEC_DIR=\"${ipsecdir}\" \ --DIPSEC_CONFDIR=\"${sysconfdir}\" \ --DIPSEC_PIDDIR=\"${piddir}\" \ --DIPSEC_EAPDIR=\"${eapdir}\" \ --DDEV_RANDOM=\"${random_device}\" \ --DDEV_URANDOM=\"${urandom_device}\" \ --DPLUGINS=\""${starter_plugins}\"" \ --DDEBUG +AM_CPPFLAGS = \ + -I${linux_headers} \ + -I$(top_srcdir)/src/libstrongswan \ + -I$(top_srcdir)/src/libhydra \ + -I$(top_srcdir)/src/stroke \ + -DIPSEC_DIR=\"${ipsecdir}\" \ + -DIPSEC_CONFDIR=\"${sysconfdir}\" \ + -DIPSEC_PIDDIR=\"${piddir}\" \ + -DIPSEC_EAPDIR=\"${eapdir}\" \ + -DIPSEC_SCRIPT=\"${ipsec_script}\" \ + -DDEV_RANDOM=\"${random_device}\" \ + -DDEV_URANDOM=\"${urandom_device}\" \ + -DPLUGINS=\""${starter_plugins}\"" \ + -DDEBUG AM_YFLAGS = -v -d @@ -30,18 +29,19 @@ MAINTAINERCLEANFILES = keywords.c BUILT_SOURCES = parser.h if USE_CHARON - AM_CFLAGS += -DSTART_CHARON + AM_CPPFLAGS += -DSTART_CHARON endif if USE_LOAD_WARNING - AM_CFLAGS += -DLOAD_WARNING + AM_CPPFLAGS += -DLOAD_WARNING endif if USE_TOOLS - AM_CFLAGS += -DGENERATE_SELFCERT + AM_CPPFLAGS += -DGENERATE_SELFCERT endif keywords.c: $(srcdir)/keywords.txt $(srcdir)/keywords.h + $(AM_V_GEN) \ $(GPERF) -m 10 -C -G -D -t < $(srcdir)/keywords.txt > $@ install-exec-local : @@ -55,4 +55,3 @@ install-exec-local : test -e "$(DESTDIR)${sysconfdir}/ipsec.d/reqs" || $(INSTALL) -d "$(DESTDIR)$(sysconfdir)/ipsec.d/reqs" || true test -e "$(DESTDIR)${sysconfdir}/ipsec.d/private" || $(INSTALL) -d -m 750 "$(DESTDIR)$(sysconfdir)/ipsec.d/private" || true test -e "$(DESTDIR)$(sysconfdir)/ipsec.conf" || $(INSTALL) -m 644 $(srcdir)/ipsec.conf $(DESTDIR)$(sysconfdir)/ipsec.conf || true - diff --git a/src/starter/Makefile.in b/src/starter/Makefile.in index c50d4622b..4b09e5d8c 100644 --- a/src/starter/Makefile.in +++ b/src/starter/Makefile.in @@ -67,7 +67,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/macros/with.m4 \ $(top_srcdir)/m4/macros/enable-disable.m4 \ $(top_srcdir)/m4/macros/add-plugin.m4 \ - $(top_srcdir)/configure.in + $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d @@ -86,26 +86,48 @@ starter_DEPENDENCIES = \ $(top_builddir)/src/libstrongswan/libstrongswan.la \ $(top_builddir)/src/libhydra/libhydra.la $(am__DEPENDENCIES_1) \ $(am__DEPENDENCIES_1) +AM_V_lt = $(am__v_lt_@AM_V@) +am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) +am__v_lt_0 = --silent DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ - --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ - $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \ + $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \ + $(AM_CFLAGS) $(CFLAGS) +AM_V_CC = $(am__v_CC_@AM_V@) +am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@) +am__v_CC_0 = @echo " CC " $@; +AM_V_at = $(am__v_at_@AM_V@) +am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) +am__v_at_0 = @ CCLD = $(CC) -LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ - --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ - $(LDFLAGS) -o $@ +LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ + $(AM_LDFLAGS) $(LDFLAGS) -o $@ +AM_V_CCLD = $(am__v_CCLD_@AM_V@) +am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) +am__v_CCLD_0 = @echo " CCLD " $@; LEXCOMPILE = $(LEX) $(AM_LFLAGS) $(LFLAGS) -LTLEXCOMPILE = $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ - --mode=compile $(LEX) $(AM_LFLAGS) $(LFLAGS) +LTLEXCOMPILE = $(LIBTOOL) $(AM_V_lt) $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=compile $(LEX) $(AM_LFLAGS) $(LFLAGS) +AM_V_LEX = $(am__v_LEX_@AM_V@) +am__v_LEX_ = $(am__v_LEX_@AM_DEFAULT_V@) +am__v_LEX_0 = @echo " LEX " $@; YLWRAP = $(top_srcdir)/ylwrap YACCCOMPILE = $(YACC) $(AM_YFLAGS) $(YFLAGS) -LTYACCCOMPILE = $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ - --mode=compile $(YACC) $(AM_YFLAGS) $(YFLAGS) +LTYACCCOMPILE = $(LIBTOOL) $(AM_V_lt) $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=compile $(YACC) $(AM_YFLAGS) $(YFLAGS) +AM_V_YACC = $(am__v_YACC_@AM_V@) +am__v_YACC_ = $(am__v_YACC_@AM_DEFAULT_V@) +am__v_YACC_0 = @echo " YACC " $@; +AM_V_GEN = $(am__v_GEN_@AM_V@) +am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) +am__v_GEN_0 = @echo " GEN " $@; SOURCES = $(starter_SOURCES) DIST_SOURCES = $(starter_SOURCES) am__can_run_installinfo = \ @@ -119,6 +141,7 @@ DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ +AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ @@ -131,6 +154,8 @@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ CHECK_CFLAGS = @CHECK_CFLAGS@ CHECK_LIBS = @CHECK_LIBS@ +COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ +COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CYGPATH_W = @CYGPATH_W@ @@ -146,6 +171,7 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GENHTML = @GENHTML@ GPERF = @GPERF@ GPRBUILD = @GPRBUILD@ GREP = @GREP@ @@ -154,6 +180,7 @@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LCOV = @LCOV@ LD = @LD@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ @@ -200,6 +227,7 @@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ SOCKLIB = @SOCKLIB@ STRIP = @STRIP@ +UNWINDLIB = @UNWINDLIB@ VERSION = @VERSION@ YACC = @YACC@ YFLAGS = @YFLAGS@ @@ -228,6 +256,7 @@ charon_natt_port = @charon_natt_port@ charon_plugins = @charon_plugins@ charon_udp_port = @charon_udp_port@ clearsilver_LIBS = @clearsilver_LIBS@ +cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ dbusservicedir = @dbusservicedir@ @@ -312,15 +341,12 @@ starterstroke.h confread.h args.c \ keywords.c files.h keywords.h cmp.c starter.c cmp.h invokecharon.c \ invokecharon.h klips.c klips.h -INCLUDES = \ --I${linux_headers} \ --I$(top_srcdir)/src/libstrongswan \ --I$(top_srcdir)/src/libhydra \ --I$(top_srcdir)/src/stroke - -AM_CFLAGS = -DIPSEC_DIR=\"${ipsecdir}\" \ - -DIPSEC_CONFDIR=\"${sysconfdir}\" -DIPSEC_PIDDIR=\"${piddir}\" \ - -DIPSEC_EAPDIR=\"${eapdir}\" -DDEV_RANDOM=\"${random_device}\" \ +AM_CPPFLAGS = -I${linux_headers} -I$(top_srcdir)/src/libstrongswan \ + -I$(top_srcdir)/src/libhydra -I$(top_srcdir)/src/stroke \ + -DIPSEC_DIR=\"${ipsecdir}\" -DIPSEC_CONFDIR=\"${sysconfdir}\" \ + -DIPSEC_PIDDIR=\"${piddir}\" -DIPSEC_EAPDIR=\"${eapdir}\" \ + -DIPSEC_SCRIPT=\"${ipsec_script}\" \ + -DDEV_RANDOM=\"${random_device}\" \ -DDEV_URANDOM=\"${urandom_device}\" \ -DPLUGINS=\""${starter_plugins}\"" -DDEBUG $(am__append_1) \ $(am__append_2) $(am__append_3) @@ -415,7 +441,7 @@ parser.h: parser.c @if test ! -f $@; then $(MAKE) $(AM_MAKEFLAGS) parser.c; else :; fi starter$(EXEEXT): $(starter_OBJECTS) $(starter_DEPENDENCIES) $(EXTRA_starter_DEPENDENCIES) @rm -f starter$(EXEEXT) - $(LINK) $(starter_OBJECTS) $(starter_LDADD) $(LIBS) + $(AM_V_CCLD)$(LINK) $(starter_OBJECTS) $(starter_LDADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) @@ -436,31 +462,31 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/starterstroke.Po@am__quote@ .c.o: -@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(COMPILE) -c $< +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c $< .c.obj: -@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: -@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $< .l.c: - $(am__skiplex) $(SHELL) $(YLWRAP) $< $(LEX_OUTPUT_ROOT).c $@ -- $(LEXCOMPILE) + $(AM_V_LEX)$(am__skiplex) $(SHELL) $(YLWRAP) $< $(LEX_OUTPUT_ROOT).c $@ -- $(LEXCOMPILE) .y.c: - $(am__skipyacc) $(SHELL) $(YLWRAP) $< y.tab.c $@ y.tab.h $*.h y.output $*.output -- $(YACCCOMPILE) + $(AM_V_YACC)$(am__skipyacc) $(SHELL) $(YLWRAP) $< y.tab.c $@ y.tab.h $*.h y.output $*.output -- $(YACCCOMPILE) mostlyclean-libtool: -rm -f *.lo @@ -683,6 +709,7 @@ uninstall-am: uninstall-ipsecPROGRAMS keywords.c: $(srcdir)/keywords.txt $(srcdir)/keywords.h + $(AM_V_GEN) \ $(GPERF) -m 10 -C -G -D -t < $(srcdir)/keywords.txt > $@ install-exec-local : diff --git a/src/starter/confread.c b/src/starter/confread.c index f0f05b036..2fb022692 100644 --- a/src/starter/confread.c +++ b/src/starter/confread.c @@ -38,7 +38,7 @@ static const char ike_defaults[] = "aes128-sha1-modp2048,3des-sha1-modp1536"; static const char esp_defaults[] = "aes128-sha1,3des-sha1"; -static const char firewall_defaults[] = "ipsec _updown iptables"; +static const char firewall_defaults[] = IPSEC_SCRIPT " _updown iptables"; static bool daemon_exists(char *daemon, char *path) { diff --git a/src/starter/keywords.c b/src/starter/keywords.c index 3692c2cdd..20ec1501d 100644 --- a/src/starter/keywords.c +++ b/src/starter/keywords.c @@ -54,12 +54,12 @@ struct kw_entry { kw_token_t token; }; -#define TOTAL_KEYWORDS 136 +#define TOTAL_KEYWORDS 138 #define MIN_WORD_LENGTH 3 #define MAX_WORD_LENGTH 17 -#define MIN_HASH_VALUE 10 -#define MAX_HASH_VALUE 259 -/* maximum key range = 250, duplicates = 0 */ +#define MIN_HASH_VALUE 9 +#define MAX_HASH_VALUE 257 +/* maximum key range = 249, duplicates = 0 */ #ifdef __GNUC__ __inline @@ -75,32 +75,32 @@ hash (str, len) { static const unsigned short asso_values[] = { - 260, 260, 260, 260, 260, 260, 260, 260, 260, 260, - 260, 260, 260, 260, 260, 260, 260, 260, 260, 260, - 260, 260, 260, 260, 260, 260, 260, 260, 260, 260, - 260, 260, 260, 260, 260, 260, 260, 260, 260, 260, - 260, 260, 260, 260, 260, 260, 260, 260, 260, 8, - 99, 260, 260, 260, 260, 260, 260, 260, 260, 260, - 260, 260, 260, 260, 260, 260, 260, 260, 260, 260, - 260, 260, 260, 260, 260, 260, 260, 260, 260, 260, - 260, 260, 260, 260, 260, 260, 260, 260, 260, 260, - 260, 260, 260, 260, 260, 4, 260, 11, 4, 80, - 55, 6, 3, 2, 114, 2, 260, 114, 70, 33, - 22, 81, 51, 7, 14, 2, 7, 122, 8, 260, - 260, 43, 4, 260, 260, 260, 260, 260, 260, 260, - 260, 260, 260, 260, 260, 260, 260, 260, 260, 260, - 260, 260, 260, 260, 260, 260, 260, 260, 260, 260, - 260, 260, 260, 260, 260, 260, 260, 260, 260, 260, - 260, 260, 260, 260, 260, 260, 260, 260, 260, 260, - 260, 260, 260, 260, 260, 260, 260, 260, 260, 260, - 260, 260, 260, 260, 260, 260, 260, 260, 260, 260, - 260, 260, 260, 260, 260, 260, 260, 260, 260, 260, - 260, 260, 260, 260, 260, 260, 260, 260, 260, 260, - 260, 260, 260, 260, 260, 260, 260, 260, 260, 260, - 260, 260, 260, 260, 260, 260, 260, 260, 260, 260, - 260, 260, 260, 260, 260, 260, 260, 260, 260, 260, - 260, 260, 260, 260, 260, 260, 260, 260, 260, 260, - 260, 260, 260, 260, 260, 260 + 258, 258, 258, 258, 258, 258, 258, 258, 258, 258, + 258, 258, 258, 258, 258, 258, 258, 258, 258, 258, + 258, 258, 258, 258, 258, 258, 258, 258, 258, 258, + 258, 258, 258, 258, 258, 258, 258, 258, 258, 258, + 258, 258, 258, 258, 258, 258, 258, 258, 258, 14, + 129, 258, 258, 258, 258, 258, 258, 258, 258, 258, + 258, 258, 258, 258, 258, 258, 258, 258, 258, 258, + 258, 258, 258, 258, 258, 258, 258, 258, 258, 258, + 258, 258, 258, 258, 258, 258, 258, 258, 258, 258, + 258, 258, 258, 258, 258, 3, 258, 31, 1, 83, + 50, 5, 4, 1, 60, 1, 258, 121, 62, 5, + 33, 51, 41, 2, 22, 1, 25, 103, 1, 258, + 258, 8, 2, 258, 258, 258, 258, 258, 258, 258, + 258, 258, 258, 258, 258, 258, 258, 258, 258, 258, + 258, 258, 258, 258, 258, 258, 258, 258, 258, 258, + 258, 258, 258, 258, 258, 258, 258, 258, 258, 258, + 258, 258, 258, 258, 258, 258, 258, 258, 258, 258, + 258, 258, 258, 258, 258, 258, 258, 258, 258, 258, + 258, 258, 258, 258, 258, 258, 258, 258, 258, 258, + 258, 258, 258, 258, 258, 258, 258, 258, 258, 258, + 258, 258, 258, 258, 258, 258, 258, 258, 258, 258, + 258, 258, 258, 258, 258, 258, 258, 258, 258, 258, + 258, 258, 258, 258, 258, 258, 258, 258, 258, 258, + 258, 258, 258, 258, 258, 258, 258, 258, 258, 258, + 258, 258, 258, 258, 258, 258, 258, 258, 258, 258, + 258, 258, 258, 258, 258, 258 }; register int hval = len; @@ -124,171 +124,173 @@ hash (str, len) static const struct kw_entry wordlist[] = { {"pfs", KW_PFS_DEPRECATED}, - {"right", KW_RIGHT}, {"rightgroups", KW_RIGHTGROUPS}, - {"left", KW_LEFT}, - {"lifetime", KW_KEYLIFE}, {"aggressive", KW_AGGRESSIVE}, + {"lifetime", KW_KEYLIFE}, + {"rightsigkey", KW_RIGHTSIGKEY}, + {"lifebytes", KW_LIFEBYTES}, + {"keyingtries", KW_KEYINGTRIES}, + {"leftsigkey", KW_LEFTSIGKEY}, + {"keylife", KW_KEYLIFE}, + {"leftrsasigkey", KW_LEFTSIGKEY}, + {"right", KW_RIGHT}, + {"leftcertpolicy", KW_LEFTCERTPOLICY}, + {"left", KW_LEFT}, {"rightsubnet", KW_RIGHTSUBNET}, {"rightikeport", KW_RIGHTIKEPORT}, {"rightsendcert", KW_RIGHTSENDCERT}, - {"lifepackets", KW_LIFEPACKETS}, - {"leftcert", KW_LEFTCERT}, - {"leftsendcert", KW_LEFTSENDCERT}, {"leftgroups", KW_LEFTGROUPS}, - {"leftca", KW_LEFTCA}, - {"keep_alive", KW_SETUP_DEPRECATED}, - {"leftdns", KW_LEFTDNS}, + {"rightrsasigkey", KW_RIGHTSIGKEY}, + {"leftcert", KW_LEFTCERT}, + {"lifepackets", KW_LIFEPACKETS}, {"uniqueids", KW_UNIQUEIDS}, - {"leftprotoport", KW_LEFTPROTOPORT}, - {"interfaces", KW_SETUP_DEPRECATED}, + {"leftdns", KW_LEFTDNS}, + {"leftsendcert", KW_LEFTSENDCERT}, {"rightsubnetwithin", KW_RIGHTSUBNET}, - {"virtual_private", KW_SETUP_DEPRECATED}, - {"certuribase", KW_CERTURIBASE}, - {"mark_in", KW_MARK_IN}, - {"lifebytes", KW_LIFEBYTES}, - {"marginbytes", KW_MARGINBYTES}, - {"marginpackets", KW_MARGINPACKETS}, - {"margintime", KW_REKEYMARGIN}, - {"keyingtries", KW_KEYINGTRIES}, - {"keylife", KW_KEYLIFE}, - {"fragmentation", KW_FRAGMENTATION}, - {"leftrsasigkey", KW_LEFTRSASIGKEY}, + {"rightallowany", KW_RIGHTALLOWANY}, + {"keep_alive", KW_SETUP_DEPRECATED}, + {"rightsourceip", KW_RIGHTSOURCEIP}, + {"type", KW_TYPE}, {"rightid", KW_RIGHTID}, {"rightdns", KW_RIGHTDNS}, - {"rightsourceip", KW_RIGHTSOURCEIP}, - {"rightallowany", KW_RIGHTALLOWANY}, - {"leftcertpolicy", KW_LEFTCERTPOLICY}, {"reqid", KW_REQID}, - {"rightrsasigkey", KW_RIGHTRSASIGKEY}, - {"rightprotoport", KW_RIGHTPROTOPORT}, + {"certuribase", KW_CERTURIBASE}, {"leftnexthop", KW_LEFT_DEPRECATED}, + {"mobike", KW_MOBIKE}, + {"leftprotoport", KW_LEFTPROTOPORT}, + {"compress", KW_COMPRESS}, {"me_peerid", KW_ME_PEERID}, - {"strictcrlpolicy", KW_STRICTCRLPOLICY}, - {"inactivity", KW_INACTIVITY}, - {"rightnexthop", KW_RIGHT_DEPRECATED}, + {"interfaces", KW_SETUP_DEPRECATED}, + {"virtual_private", KW_SETUP_DEPRECATED}, + {"lefthostaccess", KW_LEFTHOSTACCESS}, + {"leftca", KW_LEFTCA}, + {"righthostaccess", KW_RIGHTHOSTACCESS}, {"rightfirewall", KW_RIGHTFIREWALL}, - {"ldapbase", KW_CA_DEPRECATED}, - {"leftupdown", KW_LEFTUPDOWN}, + {"rightprotoport", KW_RIGHTPROTOPORT}, + {"inactivity", KW_INACTIVITY}, {"leftfirewall", KW_LEFTFIREWALL}, - {"crluri", KW_CRLURI}, - {"mediation", KW_MEDIATION}, - {"rightcert", KW_RIGHTCERT}, - {"crluri1", KW_CRLURI}, - {"rightca", KW_RIGHTCA}, - {"mobike", KW_MOBIKE}, - {"type", KW_TYPE}, - {"ocspuri", KW_OCSPURI}, - {"lefthostaccess", KW_LEFTHOSTACCESS}, {"esp", KW_ESP}, - {"cacert", KW_CACERT}, - {"ocspuri1", KW_OCSPURI}, - {"rightid2", KW_RIGHTID2}, + {"rightnexthop", KW_RIGHT_DEPRECATED}, {"forceencaps", KW_FORCEENCAPS}, - {"nat_traversal", KW_SETUP_DEPRECATED}, - {"eap", KW_CONN_DEPRECATED}, - {"rightgroups2", KW_RIGHTGROUPS2}, - {"packetdefault", KW_SETUP_DEPRECATED}, + {"leftallowany", KW_LEFTALLOWANY}, + {"crluri", KW_CRLURI}, + {"leftupdown", KW_LEFTUPDOWN}, + {"mark_in", KW_MARK_IN}, + {"strictcrlpolicy", KW_STRICTCRLPOLICY}, {"force_keepalive", KW_SETUP_DEPRECATED}, - {"mark_out", KW_MARK_OUT}, + {"marginbytes", KW_MARGINBYTES}, {"mediated_by", KW_MEDIATED_BY}, - {"leftcert2", KW_LEFTCERT2}, - {"rightauth2", KW_RIGHTAUTH2}, - {"leftid", KW_LEFTID}, - {"leftca2", KW_LEFTCA2}, - {"ike", KW_IKE}, - {"compress", KW_COMPRESS}, - {"aaa_identity", KW_AAA_IDENTITY}, - {"leftgroups2", KW_LEFTGROUPS2}, - {"leftallowany", KW_LEFTALLOWANY}, - {"righthostaccess", KW_RIGHTHOSTACCESS}, - {"rekeyfuzz", KW_REKEYFUZZ}, + {"marginpackets", KW_MARGINPACKETS}, + {"margintime", KW_REKEYMARGIN}, {"rightauth", KW_RIGHTAUTH}, - {"klipsdebug", KW_SETUP_DEPRECATED}, - {"ikelifetime", KW_IKELIFETIME}, - {"leftikeport", KW_LEFTIKEPORT}, - {"rightcertpolicy", KW_RIGHTCERTPOLICY}, - {"mark", KW_MARK}, - {"dpdaction", KW_DPDACTION}, + {"fragmentation", KW_FRAGMENTATION}, {"pfsgroup", KW_PFS_DEPRECATED}, - {"keyexchange", KW_KEYEXCHANGE}, + {"crluri1", KW_CRLURI}, + {"rightcertpolicy", KW_RIGHTCERTPOLICY}, {"hidetos", KW_SETUP_DEPRECATED}, - {"leftsubnet", KW_LEFTSUBNET}, - {"overridemtu", KW_SETUP_DEPRECATED}, - {"installpolicy", KW_INSTALLPOLICY}, + {"keyexchange", KW_KEYEXCHANGE}, {"leftsourceip", KW_LEFTSOURCEIP}, - {"dpdtimeout", KW_DPDTIMEOUT}, + {"ocspuri", KW_OCSPURI}, + {"leftid", KW_LEFTID}, + {"eap", KW_CONN_DEPRECATED}, + {"installpolicy", KW_INSTALLPOLICY}, {"also", KW_ALSO}, - {"rightupdown", KW_RIGHTUPDOWN}, + {"rightcert", KW_RIGHTCERT}, + {"overridemtu", KW_SETUP_DEPRECATED}, + {"mediation", KW_MEDIATION}, + {"rightca", KW_RIGHTCA}, + {"klipsdebug", KW_SETUP_DEPRECATED}, + {"ldapbase", KW_CA_DEPRECATED}, + {"ocspuri1", KW_OCSPURI}, + {"dpdtimeout", KW_DPDTIMEOUT}, + {"aaa_identity", KW_AAA_IDENTITY}, + {"ike", KW_IKE}, {"charondebug", KW_CHARONDEBUG}, - {"ldaphost", KW_CA_DEPRECATED}, - {"fragicmp", KW_SETUP_DEPRECATED}, - {"charonstart", KW_SETUP_DEPRECATED}, - {"tfc", KW_TFC}, + {"mark_out", KW_MARK_OUT}, + {"dumpdir", KW_SETUP_DEPRECATED}, {"rekey", KW_REKEY}, - {"leftsubnetwithin", KW_LEFTSUBNET}, - {"leftid2", KW_LEFTID2}, + {"rightid2", KW_RIGHTID2}, + {"rekeyfuzz", KW_REKEYFUZZ}, {"eap_identity", KW_EAP_IDENTITY}, + {"rightgroups2", KW_RIGHTGROUPS2}, + {"ikelifetime", KW_IKELIFETIME}, + {"leftsubnet", KW_LEFTSUBNET}, + {"rightupdown", KW_RIGHTUPDOWN}, + {"authby", KW_AUTHBY}, + {"leftcert2", KW_LEFTCERT2}, + {"nat_traversal", KW_SETUP_DEPRECATED}, + {"dpdaction", KW_DPDACTION}, + {"xauth_identity", KW_XAUTH_IDENTITY}, + {"charonstart", KW_SETUP_DEPRECATED}, + {"leftsubnetwithin", KW_LEFTSUBNET}, + {"reauth", KW_REAUTH}, + {"modeconfig", KW_MODECONFIG}, + {"ldaphost", KW_CA_DEPRECATED}, + {"leftikeport", KW_LEFTIKEPORT}, {"crlcheckinterval", KW_SETUP_DEPRECATED}, - {"dumpdir", KW_SETUP_DEPRECATED}, - {"cachecrls", KW_CACHECRLS}, + {"dpddelay", KW_DPDDELAY}, + {"cacert", KW_CACERT}, + {"leftgroups2", KW_LEFTGROUPS2}, + {"rightauth2", KW_RIGHTAUTH2}, + {"tfc", KW_TFC}, + {"postpluto", KW_SETUP_DEPRECATED}, {"rekeymargin", KW_REKEYMARGIN}, - {"rightca2", KW_RIGHTCA2}, - {"crluri2", KW_CRLURI2}, - {"rightcert2", KW_RIGHTCERT2}, - {"xauth_identity", KW_XAUTH_IDENTITY}, - {"closeaction", KW_CLOSEACTION}, - {"ocspuri2", KW_OCSPURI2}, + {"leftca2", KW_LEFTCA2}, + {"packetdefault", KW_SETUP_DEPRECATED}, + {"mark", KW_MARK}, + {"leftauth", KW_LEFTAUTH}, {"plutostderrlog", KW_SETUP_DEPRECATED}, - {"plutostart", KW_SETUP_DEPRECATED}, {"auto", KW_AUTO}, - {"pkcs11initargs", KW_PKCS11_DEPRECATED}, - {"pkcs11module", KW_PKCS11_DEPRECATED}, - {"authby", KW_AUTHBY}, - {"pkcs11keepstate", KW_PKCS11_DEPRECATED}, - {"dpddelay", KW_DPDDELAY}, - {"modeconfig", KW_MODECONFIG}, - {"nocrsend", KW_SETUP_DEPRECATED}, + {"fragicmp", KW_SETUP_DEPRECATED}, + {"closeaction", KW_CLOSEACTION}, {"prepluto", KW_SETUP_DEPRECATED}, - {"leftauth2", KW_LEFTAUTH2}, - {"postpluto", KW_SETUP_DEPRECATED}, {"auth", KW_AUTH}, - {"reauth", KW_REAUTH}, + {"leftid2", KW_LEFTID2}, + {"nocrsend", KW_SETUP_DEPRECATED}, {"xauth", KW_XAUTH}, - {"leftauth", KW_LEFTAUTH}, + {"plutostart", KW_SETUP_DEPRECATED}, + {"cachecrls", KW_CACHECRLS}, + {"crluri2", KW_CRLURI2}, + {"rightca2", KW_RIGHTCA2}, + {"rightcert2", KW_RIGHTCERT2}, + {"plutodebug", KW_SETUP_DEPRECATED}, + {"pkcs11initargs", KW_PKCS11_DEPRECATED}, + {"pkcs11module", KW_PKCS11_DEPRECATED}, {"pkcs11proxy", KW_PKCS11_DEPRECATED}, - {"ikedscp", KW_IKEDSCP,}, - {"plutodebug", KW_SETUP_DEPRECATED} + {"pkcs11keepstate", KW_PKCS11_DEPRECATED}, + {"ocspuri2", KW_OCSPURI2}, + {"leftauth2", KW_LEFTAUTH2}, + {"ikedscp", KW_IKEDSCP,} }; static const short lookup[] = { + -1, -1, -1, -1, -1, -1, -1, -1, -1, 0, + -1, -1, -1, -1, -1, 1, -1, -1, 2, 3, + -1, -1, 4, 5, -1, -1, 6, -1, 7, 8, + -1, 9, 10, -1, -1, -1, 11, -1, 12, 13, + 14, 15, 16, -1, -1, -1, 17, 18, 19, 20, + 21, 22, -1, 23, 24, -1, 25, 26, 27, -1, + 28, 29, 30, -1, -1, 31, 32, -1, 33, 34, + 35, -1, 36, 37, 38, 39, -1, 40, 41, -1, + -1, 42, 43, 44, 45, -1, 46, -1, 47, -1, + 48, 49, 50, 51, 52, 53, 54, -1, 55, 56, + 57, 58, 59, -1, 60, 61, 62, -1, 63, -1, + 64, -1, 65, 66, 67, 68, 69, 70, 71, 72, + -1, 73, 74, 75, 76, 77, -1, -1, 78, -1, + -1, 79, 80, -1, 81, -1, 82, 83, 84, 85, + 86, 87, 88, -1, 89, -1, 90, 91, -1, 92, + 93, -1, 94, 95, -1, -1, -1, -1, 96, 97, + 98, 99, 100, 101, -1, 102, 103, 104, -1, 105, + 106, 107, 108, 109, 110, 111, 112, 113, 114, -1, + 115, 116, -1, 117, -1, 118, -1, -1, 119, 120, + -1, -1, 121, -1, -1, 122, -1, 123, -1, 124, + -1, 125, -1, -1, -1, -1, -1, 126, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - 0, -1, -1, -1, -1, -1, 1, -1, -1, 2, - 3, 4, 5, -1, 6, 7, 8, -1, -1, 9, - 10, -1, -1, -1, 11, 12, -1, 13, -1, 14, - 15, 16, -1, 17, 18, 19, -1, -1, 20, -1, - -1, 21, -1, -1, -1, -1, 22, -1, -1, 23, - 24, -1, 25, 26, 27, 28, 29, 30, 31, 32, - 33, 34, 35, 36, -1, 37, 38, 39, -1, -1, - 40, -1, -1, -1, -1, -1, 41, -1, 42, 43, - 44, 45, 46, 47, 48, -1, -1, -1, -1, 49, - 50, 51, 52, 53, 54, 55, 56, 57, -1, -1, - -1, 58, 59, 60, 61, 62, 63, 64, 65, -1, - 66, 67, 68, 69, 70, 71, 72, -1, -1, 73, - 74, -1, 75, 76, 77, 78, 79, -1, 80, 81, - 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, - 92, -1, -1, 93, -1, -1, 94, 95, -1, 96, - 97, -1, 98, -1, 99, 100, 101, -1, 102, 103, - 104, -1, 105, -1, -1, -1, 106, -1, 107, -1, - -1, -1, 108, -1, -1, -1, 109, -1, -1, -1, - -1, 110, 111, 112, 113, 114, -1, -1, -1, -1, - -1, -1, -1, 115, -1, -1, -1, -1, -1, -1, - 116, 117, -1, -1, 118, -1, -1, -1, 119, -1, - 120, 121, -1, 122, -1, -1, -1, 123, -1, 124, - 125, 126, -1, -1, -1, -1, -1, -1, -1, 127, - -1, -1, -1, 128, -1, -1, -1, 129, -1, -1, - -1, 130, 131, 132, -1, -1, 133, -1, 134, 135 + -1, 127, 128, -1, 129, -1, 130, -1, -1, -1, + -1, -1, -1, 131, -1, 132, -1, 133, 134, -1, + -1, -1, -1, 135, -1, -1, -1, -1, -1, -1, + 136, -1, -1, -1, -1, -1, -1, 137 }; #ifdef __GNUC__ diff --git a/src/starter/keywords.h b/src/starter/keywords.h index 4a96a418c..83ce4a7dd 100644 --- a/src/starter/keywords.h +++ b/src/starter/keywords.h @@ -108,7 +108,7 @@ typedef enum { KW_AUTH2, KW_ID, KW_ID2, - KW_RSASIGKEY, + KW_SIGKEY, KW_CERT, KW_CERT2, KW_CERTPOLICY, @@ -137,7 +137,7 @@ typedef enum { KW_LEFTAUTH2, KW_LEFTID, KW_LEFTID2, - KW_LEFTRSASIGKEY, + KW_LEFTSIGKEY, KW_LEFTCERT, KW_LEFTCERT2, KW_LEFTCERTPOLICY, @@ -166,7 +166,7 @@ typedef enum { KW_RIGHTAUTH2, KW_RIGHTID, KW_RIGHTID2, - KW_RIGHTRSASIGKEY, + KW_RIGHTSIGKEY, KW_RIGHTCERT, KW_RIGHTCERT2, KW_RIGHTCERTPOLICY, diff --git a/src/starter/keywords.txt b/src/starter/keywords.txt index cd964b0e3..20d35ded0 100644 --- a/src/starter/keywords.txt +++ b/src/starter/keywords.txt @@ -96,7 +96,8 @@ leftauth, KW_LEFTAUTH leftauth2, KW_LEFTAUTH2 leftid, KW_LEFTID leftid2, KW_LEFTID2 -leftrsasigkey, KW_LEFTRSASIGKEY +leftsigkey, KW_LEFTSIGKEY +leftrsasigkey, KW_LEFTSIGKEY leftcert, KW_LEFTCERT leftcert2, KW_LEFTCERT2 leftcertpolicy, KW_LEFTCERTPOLICY @@ -120,7 +121,8 @@ rightauth, KW_RIGHTAUTH rightauth2, KW_RIGHTAUTH2 rightid, KW_RIGHTID rightid2, KW_RIGHTID2 -rightrsasigkey, KW_RIGHTRSASIGKEY +rightsigkey, KW_RIGHTSIGKEY +rightrsasigkey, KW_RIGHTSIGKEY rightcert, KW_RIGHTCERT rightcert2, KW_RIGHTCERT2 rightcertpolicy, KW_RIGHTCERTPOLICY diff --git a/src/starter/netkey.c b/src/starter/netkey.c index 921a220db..2b500bab4 100644 --- a/src/starter/netkey.c +++ b/src/starter/netkey.c @@ -58,7 +58,7 @@ bool starter_netkey_init(void) void starter_netkey_cleanup(void) { - if (!lib->plugins->load(lib->plugins, NULL, + if (!lib->plugins->load(lib->plugins, lib->settings->get_str(lib->settings, "starter.load", PLUGINS))) { DBG1(DBG_APP, "unable to load kernel plugins"); diff --git a/src/starter/starter.c b/src/starter/starter.c index 917e52d68..06eb142bd 100644 --- a/src/starter/starter.c +++ b/src/starter/starter.c @@ -61,6 +61,8 @@ char *cmd = NULL; char *pid_file = NULL; char *starter_pid_file = NULL; +static char *config_file = NULL; + /* logging */ static bool log_to_stderr = TRUE; static bool log_to_syslog = TRUE; @@ -291,11 +293,11 @@ static void generate_selfcert() } } #endif - setegid(gid); - seteuid(uid); - ignore_result(system("ipsec scepclient --out pkcs1 --out cert-self --quiet")); - seteuid(0); - setegid(0); + ignore_result(setegid(gid)); + ignore_result(seteuid(uid)); + ignore_result(system(IPSEC_SCRIPT " scepclient --out pkcs1 --out cert-self --quiet")); + ignore_result(seteuid(0)); + ignore_result(setegid(0)); /* ipsec.secrets is root readable only */ oldmask = umask(0066); @@ -393,7 +395,8 @@ static void usage(char *name) { fprintf(stderr, "Usage: starter [--nofork] [--auto-update <sec>]\n" " [--debug|--debug-more|--debug-all|--nolog]\n" - " [--attach-gdb] [--daemon <name>]\n"); + " [--attach-gdb] [--daemon <name>]\n" + " [--conf <path to ipsec.conf>]\n"); exit(LSB_RC_INVALID_ARGUMENT); } @@ -460,6 +463,10 @@ int main (int argc, char **argv) { daemon_name = argv[++i]; } + else if (streq(argv[i], "--conf") && i+1 < argc) + { + config_file = argv[++i]; + } else { usage(argv[0]); @@ -471,6 +478,10 @@ int main (int argc, char **argv) DBG1(DBG_APP, "unable to set daemon name"); exit(LSB_RC_FAILURE); } + if (!config_file) + { + config_file = CONFIG_FILE; + } init_log("ipsec_starter"); @@ -524,7 +535,7 @@ int main (int argc, char **argv) exit(LSB_RC_FAILURE); } - cfg = confread_load(CONFIG_FILE); + cfg = confread_load(config_file); if (cfg == NULL || cfg->err > 0) { DBG1(DBG_APP, "unable to start strongSwan -- fatal errors in config"); @@ -706,7 +717,7 @@ int main (int argc, char **argv) if (_action_ & FLAG_ACTION_UPDATE) { DBG2(DBG_APP, "Reloading config..."); - new_cfg = confread_load(CONFIG_FILE); + new_cfg = confread_load(config_file); if (new_cfg && (new_cfg->err == 0)) { @@ -898,4 +909,3 @@ int main (int argc, char **argv) } exit(LSB_RC_SUCCESS); } - |