summaryrefslogtreecommitdiff
path: root/src/starter
diff options
context:
space:
mode:
Diffstat (limited to 'src/starter')
-rw-r--r--src/starter/Makefile.am37
-rw-r--r--src/starter/Makefile.in97
-rw-r--r--src/starter/confread.c2
-rw-r--r--src/starter/keywords.c312
-rw-r--r--src/starter/keywords.h6
-rw-r--r--src/starter/keywords.txt6
-rw-r--r--src/starter/netkey.c2
-rw-r--r--src/starter/starter.c28
8 files changed, 265 insertions, 225 deletions
diff --git a/src/starter/Makefile.am b/src/starter/Makefile.am
index c220c2e63..48110dd02 100644
--- a/src/starter/Makefile.am
+++ b/src/starter/Makefile.am
@@ -6,21 +6,20 @@ starterstroke.h confread.h args.c \
keywords.c files.h keywords.h cmp.c starter.c cmp.h invokecharon.c \
invokecharon.h klips.c klips.h
-INCLUDES = \
--I${linux_headers} \
--I$(top_srcdir)/src/libstrongswan \
--I$(top_srcdir)/src/libhydra \
--I$(top_srcdir)/src/stroke
-
-AM_CFLAGS = \
--DIPSEC_DIR=\"${ipsecdir}\" \
--DIPSEC_CONFDIR=\"${sysconfdir}\" \
--DIPSEC_PIDDIR=\"${piddir}\" \
--DIPSEC_EAPDIR=\"${eapdir}\" \
--DDEV_RANDOM=\"${random_device}\" \
--DDEV_URANDOM=\"${urandom_device}\" \
--DPLUGINS=\""${starter_plugins}\"" \
--DDEBUG
+AM_CPPFLAGS = \
+ -I${linux_headers} \
+ -I$(top_srcdir)/src/libstrongswan \
+ -I$(top_srcdir)/src/libhydra \
+ -I$(top_srcdir)/src/stroke \
+ -DIPSEC_DIR=\"${ipsecdir}\" \
+ -DIPSEC_CONFDIR=\"${sysconfdir}\" \
+ -DIPSEC_PIDDIR=\"${piddir}\" \
+ -DIPSEC_EAPDIR=\"${eapdir}\" \
+ -DIPSEC_SCRIPT=\"${ipsec_script}\" \
+ -DDEV_RANDOM=\"${random_device}\" \
+ -DDEV_URANDOM=\"${urandom_device}\" \
+ -DPLUGINS=\""${starter_plugins}\"" \
+ -DDEBUG
AM_YFLAGS = -v -d
@@ -30,18 +29,19 @@ MAINTAINERCLEANFILES = keywords.c
BUILT_SOURCES = parser.h
if USE_CHARON
- AM_CFLAGS += -DSTART_CHARON
+ AM_CPPFLAGS += -DSTART_CHARON
endif
if USE_LOAD_WARNING
- AM_CFLAGS += -DLOAD_WARNING
+ AM_CPPFLAGS += -DLOAD_WARNING
endif
if USE_TOOLS
- AM_CFLAGS += -DGENERATE_SELFCERT
+ AM_CPPFLAGS += -DGENERATE_SELFCERT
endif
keywords.c: $(srcdir)/keywords.txt $(srcdir)/keywords.h
+ $(AM_V_GEN) \
$(GPERF) -m 10 -C -G -D -t < $(srcdir)/keywords.txt > $@
install-exec-local :
@@ -55,4 +55,3 @@ install-exec-local :
test -e "$(DESTDIR)${sysconfdir}/ipsec.d/reqs" || $(INSTALL) -d "$(DESTDIR)$(sysconfdir)/ipsec.d/reqs" || true
test -e "$(DESTDIR)${sysconfdir}/ipsec.d/private" || $(INSTALL) -d -m 750 "$(DESTDIR)$(sysconfdir)/ipsec.d/private" || true
test -e "$(DESTDIR)$(sysconfdir)/ipsec.conf" || $(INSTALL) -m 644 $(srcdir)/ipsec.conf $(DESTDIR)$(sysconfdir)/ipsec.conf || true
-
diff --git a/src/starter/Makefile.in b/src/starter/Makefile.in
index c50d4622b..4b09e5d8c 100644
--- a/src/starter/Makefile.in
+++ b/src/starter/Makefile.in
@@ -67,7 +67,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/macros/with.m4 \
$(top_srcdir)/m4/macros/enable-disable.m4 \
$(top_srcdir)/m4/macros/add-plugin.m4 \
- $(top_srcdir)/configure.in
+ $(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
mkinstalldirs = $(install_sh) -d
@@ -86,26 +86,48 @@ starter_DEPENDENCIES = \
$(top_builddir)/src/libstrongswan/libstrongswan.la \
$(top_builddir)/src/libhydra/libhydra.la $(am__DEPENDENCIES_1) \
$(am__DEPENDENCIES_1)
+AM_V_lt = $(am__v_lt_@AM_V@)
+am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@)
+am__v_lt_0 = --silent
DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
depcomp = $(SHELL) $(top_srcdir)/depcomp
am__depfiles_maybe = depfiles
am__mv = mv -f
COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
- --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
- $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \
+ $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \
+ $(AM_CFLAGS) $(CFLAGS)
+AM_V_CC = $(am__v_CC_@AM_V@)
+am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@)
+am__v_CC_0 = @echo " CC " $@;
+AM_V_at = $(am__v_at_@AM_V@)
+am__v_at_ = $(am__v_at_@AM_DEFAULT_V@)
+am__v_at_0 = @
CCLD = $(CC)
-LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
- --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
- $(LDFLAGS) -o $@
+LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
+ $(AM_LDFLAGS) $(LDFLAGS) -o $@
+AM_V_CCLD = $(am__v_CCLD_@AM_V@)
+am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@)
+am__v_CCLD_0 = @echo " CCLD " $@;
LEXCOMPILE = $(LEX) $(AM_LFLAGS) $(LFLAGS)
-LTLEXCOMPILE = $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
- --mode=compile $(LEX) $(AM_LFLAGS) $(LFLAGS)
+LTLEXCOMPILE = $(LIBTOOL) $(AM_V_lt) $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=compile $(LEX) $(AM_LFLAGS) $(LFLAGS)
+AM_V_LEX = $(am__v_LEX_@AM_V@)
+am__v_LEX_ = $(am__v_LEX_@AM_DEFAULT_V@)
+am__v_LEX_0 = @echo " LEX " $@;
YLWRAP = $(top_srcdir)/ylwrap
YACCCOMPILE = $(YACC) $(AM_YFLAGS) $(YFLAGS)
-LTYACCCOMPILE = $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
- --mode=compile $(YACC) $(AM_YFLAGS) $(YFLAGS)
+LTYACCCOMPILE = $(LIBTOOL) $(AM_V_lt) $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=compile $(YACC) $(AM_YFLAGS) $(YFLAGS)
+AM_V_YACC = $(am__v_YACC_@AM_V@)
+am__v_YACC_ = $(am__v_YACC_@AM_DEFAULT_V@)
+am__v_YACC_0 = @echo " YACC " $@;
+AM_V_GEN = $(am__v_GEN_@AM_V@)
+am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@)
+am__v_GEN_0 = @echo " GEN " $@;
SOURCES = $(starter_SOURCES)
DIST_SOURCES = $(starter_SOURCES)
am__can_run_installinfo = \
@@ -119,6 +141,7 @@ DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
+AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
@@ -131,6 +154,8 @@ CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
CHECK_CFLAGS = @CHECK_CFLAGS@
CHECK_LIBS = @CHECK_LIBS@
+COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
+COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
CPPFLAGS = @CPPFLAGS@
CYGPATH_W = @CYGPATH_W@
@@ -146,6 +171,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
@@ -154,6 +180,7 @@ INSTALL_DATA = @INSTALL_DATA@
INSTALL_PROGRAM = @INSTALL_PROGRAM@
INSTALL_SCRIPT = @INSTALL_SCRIPT@
INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LCOV = @LCOV@
LD = @LD@
LDFLAGS = @LDFLAGS@
LEX = @LEX@
@@ -200,6 +227,7 @@ SET_MAKE = @SET_MAKE@
SHELL = @SHELL@
SOCKLIB = @SOCKLIB@
STRIP = @STRIP@
+UNWINDLIB = @UNWINDLIB@
VERSION = @VERSION@
YACC = @YACC@
YFLAGS = @YFLAGS@
@@ -228,6 +256,7 @@ charon_natt_port = @charon_natt_port@
charon_plugins = @charon_plugins@
charon_udp_port = @charon_udp_port@
clearsilver_LIBS = @clearsilver_LIBS@
+cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
dbusservicedir = @dbusservicedir@
@@ -312,15 +341,12 @@ starterstroke.h confread.h args.c \
keywords.c files.h keywords.h cmp.c starter.c cmp.h invokecharon.c \
invokecharon.h klips.c klips.h
-INCLUDES = \
--I${linux_headers} \
--I$(top_srcdir)/src/libstrongswan \
--I$(top_srcdir)/src/libhydra \
--I$(top_srcdir)/src/stroke
-
-AM_CFLAGS = -DIPSEC_DIR=\"${ipsecdir}\" \
- -DIPSEC_CONFDIR=\"${sysconfdir}\" -DIPSEC_PIDDIR=\"${piddir}\" \
- -DIPSEC_EAPDIR=\"${eapdir}\" -DDEV_RANDOM=\"${random_device}\" \
+AM_CPPFLAGS = -I${linux_headers} -I$(top_srcdir)/src/libstrongswan \
+ -I$(top_srcdir)/src/libhydra -I$(top_srcdir)/src/stroke \
+ -DIPSEC_DIR=\"${ipsecdir}\" -DIPSEC_CONFDIR=\"${sysconfdir}\" \
+ -DIPSEC_PIDDIR=\"${piddir}\" -DIPSEC_EAPDIR=\"${eapdir}\" \
+ -DIPSEC_SCRIPT=\"${ipsec_script}\" \
+ -DDEV_RANDOM=\"${random_device}\" \
-DDEV_URANDOM=\"${urandom_device}\" \
-DPLUGINS=\""${starter_plugins}\"" -DDEBUG $(am__append_1) \
$(am__append_2) $(am__append_3)
@@ -415,7 +441,7 @@ parser.h: parser.c
@if test ! -f $@; then $(MAKE) $(AM_MAKEFLAGS) parser.c; else :; fi
starter$(EXEEXT): $(starter_OBJECTS) $(starter_DEPENDENCIES) $(EXTRA_starter_DEPENDENCIES)
@rm -f starter$(EXEEXT)
- $(LINK) $(starter_OBJECTS) $(starter_LDADD) $(LIBS)
+ $(AM_V_CCLD)$(LINK) $(starter_OBJECTS) $(starter_LDADD) $(LIBS)
mostlyclean-compile:
-rm -f *.$(OBJEXT)
@@ -436,31 +462,31 @@ distclean-compile:
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/starterstroke.Po@am__quote@
.c.o:
-@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(COMPILE) -c $<
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c $<
.c.obj:
-@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'`
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'`
.c.lo:
-@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $<
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $<
.l.c:
- $(am__skiplex) $(SHELL) $(YLWRAP) $< $(LEX_OUTPUT_ROOT).c $@ -- $(LEXCOMPILE)
+ $(AM_V_LEX)$(am__skiplex) $(SHELL) $(YLWRAP) $< $(LEX_OUTPUT_ROOT).c $@ -- $(LEXCOMPILE)
.y.c:
- $(am__skipyacc) $(SHELL) $(YLWRAP) $< y.tab.c $@ y.tab.h $*.h y.output $*.output -- $(YACCCOMPILE)
+ $(AM_V_YACC)$(am__skipyacc) $(SHELL) $(YLWRAP) $< y.tab.c $@ y.tab.h $*.h y.output $*.output -- $(YACCCOMPILE)
mostlyclean-libtool:
-rm -f *.lo
@@ -683,6 +709,7 @@ uninstall-am: uninstall-ipsecPROGRAMS
keywords.c: $(srcdir)/keywords.txt $(srcdir)/keywords.h
+ $(AM_V_GEN) \
$(GPERF) -m 10 -C -G -D -t < $(srcdir)/keywords.txt > $@
install-exec-local :
diff --git a/src/starter/confread.c b/src/starter/confread.c
index f0f05b036..2fb022692 100644
--- a/src/starter/confread.c
+++ b/src/starter/confread.c
@@ -38,7 +38,7 @@
static const char ike_defaults[] = "aes128-sha1-modp2048,3des-sha1-modp1536";
static const char esp_defaults[] = "aes128-sha1,3des-sha1";
-static const char firewall_defaults[] = "ipsec _updown iptables";
+static const char firewall_defaults[] = IPSEC_SCRIPT " _updown iptables";
static bool daemon_exists(char *daemon, char *path)
{
diff --git a/src/starter/keywords.c b/src/starter/keywords.c
index 3692c2cdd..20ec1501d 100644
--- a/src/starter/keywords.c
+++ b/src/starter/keywords.c
@@ -54,12 +54,12 @@ struct kw_entry {
kw_token_t token;
};
-#define TOTAL_KEYWORDS 136
+#define TOTAL_KEYWORDS 138
#define MIN_WORD_LENGTH 3
#define MAX_WORD_LENGTH 17
-#define MIN_HASH_VALUE 10
-#define MAX_HASH_VALUE 259
-/* maximum key range = 250, duplicates = 0 */
+#define MIN_HASH_VALUE 9
+#define MAX_HASH_VALUE 257
+/* maximum key range = 249, duplicates = 0 */
#ifdef __GNUC__
__inline
@@ -75,32 +75,32 @@ hash (str, len)
{
static const unsigned short asso_values[] =
{
- 260, 260, 260, 260, 260, 260, 260, 260, 260, 260,
- 260, 260, 260, 260, 260, 260, 260, 260, 260, 260,
- 260, 260, 260, 260, 260, 260, 260, 260, 260, 260,
- 260, 260, 260, 260, 260, 260, 260, 260, 260, 260,
- 260, 260, 260, 260, 260, 260, 260, 260, 260, 8,
- 99, 260, 260, 260, 260, 260, 260, 260, 260, 260,
- 260, 260, 260, 260, 260, 260, 260, 260, 260, 260,
- 260, 260, 260, 260, 260, 260, 260, 260, 260, 260,
- 260, 260, 260, 260, 260, 260, 260, 260, 260, 260,
- 260, 260, 260, 260, 260, 4, 260, 11, 4, 80,
- 55, 6, 3, 2, 114, 2, 260, 114, 70, 33,
- 22, 81, 51, 7, 14, 2, 7, 122, 8, 260,
- 260, 43, 4, 260, 260, 260, 260, 260, 260, 260,
- 260, 260, 260, 260, 260, 260, 260, 260, 260, 260,
- 260, 260, 260, 260, 260, 260, 260, 260, 260, 260,
- 260, 260, 260, 260, 260, 260, 260, 260, 260, 260,
- 260, 260, 260, 260, 260, 260, 260, 260, 260, 260,
- 260, 260, 260, 260, 260, 260, 260, 260, 260, 260,
- 260, 260, 260, 260, 260, 260, 260, 260, 260, 260,
- 260, 260, 260, 260, 260, 260, 260, 260, 260, 260,
- 260, 260, 260, 260, 260, 260, 260, 260, 260, 260,
- 260, 260, 260, 260, 260, 260, 260, 260, 260, 260,
- 260, 260, 260, 260, 260, 260, 260, 260, 260, 260,
- 260, 260, 260, 260, 260, 260, 260, 260, 260, 260,
- 260, 260, 260, 260, 260, 260, 260, 260, 260, 260,
- 260, 260, 260, 260, 260, 260
+ 258, 258, 258, 258, 258, 258, 258, 258, 258, 258,
+ 258, 258, 258, 258, 258, 258, 258, 258, 258, 258,
+ 258, 258, 258, 258, 258, 258, 258, 258, 258, 258,
+ 258, 258, 258, 258, 258, 258, 258, 258, 258, 258,
+ 258, 258, 258, 258, 258, 258, 258, 258, 258, 14,
+ 129, 258, 258, 258, 258, 258, 258, 258, 258, 258,
+ 258, 258, 258, 258, 258, 258, 258, 258, 258, 258,
+ 258, 258, 258, 258, 258, 258, 258, 258, 258, 258,
+ 258, 258, 258, 258, 258, 258, 258, 258, 258, 258,
+ 258, 258, 258, 258, 258, 3, 258, 31, 1, 83,
+ 50, 5, 4, 1, 60, 1, 258, 121, 62, 5,
+ 33, 51, 41, 2, 22, 1, 25, 103, 1, 258,
+ 258, 8, 2, 258, 258, 258, 258, 258, 258, 258,
+ 258, 258, 258, 258, 258, 258, 258, 258, 258, 258,
+ 258, 258, 258, 258, 258, 258, 258, 258, 258, 258,
+ 258, 258, 258, 258, 258, 258, 258, 258, 258, 258,
+ 258, 258, 258, 258, 258, 258, 258, 258, 258, 258,
+ 258, 258, 258, 258, 258, 258, 258, 258, 258, 258,
+ 258, 258, 258, 258, 258, 258, 258, 258, 258, 258,
+ 258, 258, 258, 258, 258, 258, 258, 258, 258, 258,
+ 258, 258, 258, 258, 258, 258, 258, 258, 258, 258,
+ 258, 258, 258, 258, 258, 258, 258, 258, 258, 258,
+ 258, 258, 258, 258, 258, 258, 258, 258, 258, 258,
+ 258, 258, 258, 258, 258, 258, 258, 258, 258, 258,
+ 258, 258, 258, 258, 258, 258, 258, 258, 258, 258,
+ 258, 258, 258, 258, 258, 258
};
register int hval = len;
@@ -124,171 +124,173 @@ hash (str, len)
static const struct kw_entry wordlist[] =
{
{"pfs", KW_PFS_DEPRECATED},
- {"right", KW_RIGHT},
{"rightgroups", KW_RIGHTGROUPS},
- {"left", KW_LEFT},
- {"lifetime", KW_KEYLIFE},
{"aggressive", KW_AGGRESSIVE},
+ {"lifetime", KW_KEYLIFE},
+ {"rightsigkey", KW_RIGHTSIGKEY},
+ {"lifebytes", KW_LIFEBYTES},
+ {"keyingtries", KW_KEYINGTRIES},
+ {"leftsigkey", KW_LEFTSIGKEY},
+ {"keylife", KW_KEYLIFE},
+ {"leftrsasigkey", KW_LEFTSIGKEY},
+ {"right", KW_RIGHT},
+ {"leftcertpolicy", KW_LEFTCERTPOLICY},
+ {"left", KW_LEFT},
{"rightsubnet", KW_RIGHTSUBNET},
{"rightikeport", KW_RIGHTIKEPORT},
{"rightsendcert", KW_RIGHTSENDCERT},
- {"lifepackets", KW_LIFEPACKETS},
- {"leftcert", KW_LEFTCERT},
- {"leftsendcert", KW_LEFTSENDCERT},
{"leftgroups", KW_LEFTGROUPS},
- {"leftca", KW_LEFTCA},
- {"keep_alive", KW_SETUP_DEPRECATED},
- {"leftdns", KW_LEFTDNS},
+ {"rightrsasigkey", KW_RIGHTSIGKEY},
+ {"leftcert", KW_LEFTCERT},
+ {"lifepackets", KW_LIFEPACKETS},
{"uniqueids", KW_UNIQUEIDS},
- {"leftprotoport", KW_LEFTPROTOPORT},
- {"interfaces", KW_SETUP_DEPRECATED},
+ {"leftdns", KW_LEFTDNS},
+ {"leftsendcert", KW_LEFTSENDCERT},
{"rightsubnetwithin", KW_RIGHTSUBNET},
- {"virtual_private", KW_SETUP_DEPRECATED},
- {"certuribase", KW_CERTURIBASE},
- {"mark_in", KW_MARK_IN},
- {"lifebytes", KW_LIFEBYTES},
- {"marginbytes", KW_MARGINBYTES},
- {"marginpackets", KW_MARGINPACKETS},
- {"margintime", KW_REKEYMARGIN},
- {"keyingtries", KW_KEYINGTRIES},
- {"keylife", KW_KEYLIFE},
- {"fragmentation", KW_FRAGMENTATION},
- {"leftrsasigkey", KW_LEFTRSASIGKEY},
+ {"rightallowany", KW_RIGHTALLOWANY},
+ {"keep_alive", KW_SETUP_DEPRECATED},
+ {"rightsourceip", KW_RIGHTSOURCEIP},
+ {"type", KW_TYPE},
{"rightid", KW_RIGHTID},
{"rightdns", KW_RIGHTDNS},
- {"rightsourceip", KW_RIGHTSOURCEIP},
- {"rightallowany", KW_RIGHTALLOWANY},
- {"leftcertpolicy", KW_LEFTCERTPOLICY},
{"reqid", KW_REQID},
- {"rightrsasigkey", KW_RIGHTRSASIGKEY},
- {"rightprotoport", KW_RIGHTPROTOPORT},
+ {"certuribase", KW_CERTURIBASE},
{"leftnexthop", KW_LEFT_DEPRECATED},
+ {"mobike", KW_MOBIKE},
+ {"leftprotoport", KW_LEFTPROTOPORT},
+ {"compress", KW_COMPRESS},
{"me_peerid", KW_ME_PEERID},
- {"strictcrlpolicy", KW_STRICTCRLPOLICY},
- {"inactivity", KW_INACTIVITY},
- {"rightnexthop", KW_RIGHT_DEPRECATED},
+ {"interfaces", KW_SETUP_DEPRECATED},
+ {"virtual_private", KW_SETUP_DEPRECATED},
+ {"lefthostaccess", KW_LEFTHOSTACCESS},
+ {"leftca", KW_LEFTCA},
+ {"righthostaccess", KW_RIGHTHOSTACCESS},
{"rightfirewall", KW_RIGHTFIREWALL},
- {"ldapbase", KW_CA_DEPRECATED},
- {"leftupdown", KW_LEFTUPDOWN},
+ {"rightprotoport", KW_RIGHTPROTOPORT},
+ {"inactivity", KW_INACTIVITY},
{"leftfirewall", KW_LEFTFIREWALL},
- {"crluri", KW_CRLURI},
- {"mediation", KW_MEDIATION},
- {"rightcert", KW_RIGHTCERT},
- {"crluri1", KW_CRLURI},
- {"rightca", KW_RIGHTCA},
- {"mobike", KW_MOBIKE},
- {"type", KW_TYPE},
- {"ocspuri", KW_OCSPURI},
- {"lefthostaccess", KW_LEFTHOSTACCESS},
{"esp", KW_ESP},
- {"cacert", KW_CACERT},
- {"ocspuri1", KW_OCSPURI},
- {"rightid2", KW_RIGHTID2},
+ {"rightnexthop", KW_RIGHT_DEPRECATED},
{"forceencaps", KW_FORCEENCAPS},
- {"nat_traversal", KW_SETUP_DEPRECATED},
- {"eap", KW_CONN_DEPRECATED},
- {"rightgroups2", KW_RIGHTGROUPS2},
- {"packetdefault", KW_SETUP_DEPRECATED},
+ {"leftallowany", KW_LEFTALLOWANY},
+ {"crluri", KW_CRLURI},
+ {"leftupdown", KW_LEFTUPDOWN},
+ {"mark_in", KW_MARK_IN},
+ {"strictcrlpolicy", KW_STRICTCRLPOLICY},
{"force_keepalive", KW_SETUP_DEPRECATED},
- {"mark_out", KW_MARK_OUT},
+ {"marginbytes", KW_MARGINBYTES},
{"mediated_by", KW_MEDIATED_BY},
- {"leftcert2", KW_LEFTCERT2},
- {"rightauth2", KW_RIGHTAUTH2},
- {"leftid", KW_LEFTID},
- {"leftca2", KW_LEFTCA2},
- {"ike", KW_IKE},
- {"compress", KW_COMPRESS},
- {"aaa_identity", KW_AAA_IDENTITY},
- {"leftgroups2", KW_LEFTGROUPS2},
- {"leftallowany", KW_LEFTALLOWANY},
- {"righthostaccess", KW_RIGHTHOSTACCESS},
- {"rekeyfuzz", KW_REKEYFUZZ},
+ {"marginpackets", KW_MARGINPACKETS},
+ {"margintime", KW_REKEYMARGIN},
{"rightauth", KW_RIGHTAUTH},
- {"klipsdebug", KW_SETUP_DEPRECATED},
- {"ikelifetime", KW_IKELIFETIME},
- {"leftikeport", KW_LEFTIKEPORT},
- {"rightcertpolicy", KW_RIGHTCERTPOLICY},
- {"mark", KW_MARK},
- {"dpdaction", KW_DPDACTION},
+ {"fragmentation", KW_FRAGMENTATION},
{"pfsgroup", KW_PFS_DEPRECATED},
- {"keyexchange", KW_KEYEXCHANGE},
+ {"crluri1", KW_CRLURI},
+ {"rightcertpolicy", KW_RIGHTCERTPOLICY},
{"hidetos", KW_SETUP_DEPRECATED},
- {"leftsubnet", KW_LEFTSUBNET},
- {"overridemtu", KW_SETUP_DEPRECATED},
- {"installpolicy", KW_INSTALLPOLICY},
+ {"keyexchange", KW_KEYEXCHANGE},
{"leftsourceip", KW_LEFTSOURCEIP},
- {"dpdtimeout", KW_DPDTIMEOUT},
+ {"ocspuri", KW_OCSPURI},
+ {"leftid", KW_LEFTID},
+ {"eap", KW_CONN_DEPRECATED},
+ {"installpolicy", KW_INSTALLPOLICY},
{"also", KW_ALSO},
- {"rightupdown", KW_RIGHTUPDOWN},
+ {"rightcert", KW_RIGHTCERT},
+ {"overridemtu", KW_SETUP_DEPRECATED},
+ {"mediation", KW_MEDIATION},
+ {"rightca", KW_RIGHTCA},
+ {"klipsdebug", KW_SETUP_DEPRECATED},
+ {"ldapbase", KW_CA_DEPRECATED},
+ {"ocspuri1", KW_OCSPURI},
+ {"dpdtimeout", KW_DPDTIMEOUT},
+ {"aaa_identity", KW_AAA_IDENTITY},
+ {"ike", KW_IKE},
{"charondebug", KW_CHARONDEBUG},
- {"ldaphost", KW_CA_DEPRECATED},
- {"fragicmp", KW_SETUP_DEPRECATED},
- {"charonstart", KW_SETUP_DEPRECATED},
- {"tfc", KW_TFC},
+ {"mark_out", KW_MARK_OUT},
+ {"dumpdir", KW_SETUP_DEPRECATED},
{"rekey", KW_REKEY},
- {"leftsubnetwithin", KW_LEFTSUBNET},
- {"leftid2", KW_LEFTID2},
+ {"rightid2", KW_RIGHTID2},
+ {"rekeyfuzz", KW_REKEYFUZZ},
{"eap_identity", KW_EAP_IDENTITY},
+ {"rightgroups2", KW_RIGHTGROUPS2},
+ {"ikelifetime", KW_IKELIFETIME},
+ {"leftsubnet", KW_LEFTSUBNET},
+ {"rightupdown", KW_RIGHTUPDOWN},
+ {"authby", KW_AUTHBY},
+ {"leftcert2", KW_LEFTCERT2},
+ {"nat_traversal", KW_SETUP_DEPRECATED},
+ {"dpdaction", KW_DPDACTION},
+ {"xauth_identity", KW_XAUTH_IDENTITY},
+ {"charonstart", KW_SETUP_DEPRECATED},
+ {"leftsubnetwithin", KW_LEFTSUBNET},
+ {"reauth", KW_REAUTH},
+ {"modeconfig", KW_MODECONFIG},
+ {"ldaphost", KW_CA_DEPRECATED},
+ {"leftikeport", KW_LEFTIKEPORT},
{"crlcheckinterval", KW_SETUP_DEPRECATED},
- {"dumpdir", KW_SETUP_DEPRECATED},
- {"cachecrls", KW_CACHECRLS},
+ {"dpddelay", KW_DPDDELAY},
+ {"cacert", KW_CACERT},
+ {"leftgroups2", KW_LEFTGROUPS2},
+ {"rightauth2", KW_RIGHTAUTH2},
+ {"tfc", KW_TFC},
+ {"postpluto", KW_SETUP_DEPRECATED},
{"rekeymargin", KW_REKEYMARGIN},
- {"rightca2", KW_RIGHTCA2},
- {"crluri2", KW_CRLURI2},
- {"rightcert2", KW_RIGHTCERT2},
- {"xauth_identity", KW_XAUTH_IDENTITY},
- {"closeaction", KW_CLOSEACTION},
- {"ocspuri2", KW_OCSPURI2},
+ {"leftca2", KW_LEFTCA2},
+ {"packetdefault", KW_SETUP_DEPRECATED},
+ {"mark", KW_MARK},
+ {"leftauth", KW_LEFTAUTH},
{"plutostderrlog", KW_SETUP_DEPRECATED},
- {"plutostart", KW_SETUP_DEPRECATED},
{"auto", KW_AUTO},
- {"pkcs11initargs", KW_PKCS11_DEPRECATED},
- {"pkcs11module", KW_PKCS11_DEPRECATED},
- {"authby", KW_AUTHBY},
- {"pkcs11keepstate", KW_PKCS11_DEPRECATED},
- {"dpddelay", KW_DPDDELAY},
- {"modeconfig", KW_MODECONFIG},
- {"nocrsend", KW_SETUP_DEPRECATED},
+ {"fragicmp", KW_SETUP_DEPRECATED},
+ {"closeaction", KW_CLOSEACTION},
{"prepluto", KW_SETUP_DEPRECATED},
- {"leftauth2", KW_LEFTAUTH2},
- {"postpluto", KW_SETUP_DEPRECATED},
{"auth", KW_AUTH},
- {"reauth", KW_REAUTH},
+ {"leftid2", KW_LEFTID2},
+ {"nocrsend", KW_SETUP_DEPRECATED},
{"xauth", KW_XAUTH},
- {"leftauth", KW_LEFTAUTH},
+ {"plutostart", KW_SETUP_DEPRECATED},
+ {"cachecrls", KW_CACHECRLS},
+ {"crluri2", KW_CRLURI2},
+ {"rightca2", KW_RIGHTCA2},
+ {"rightcert2", KW_RIGHTCERT2},
+ {"plutodebug", KW_SETUP_DEPRECATED},
+ {"pkcs11initargs", KW_PKCS11_DEPRECATED},
+ {"pkcs11module", KW_PKCS11_DEPRECATED},
{"pkcs11proxy", KW_PKCS11_DEPRECATED},
- {"ikedscp", KW_IKEDSCP,},
- {"plutodebug", KW_SETUP_DEPRECATED}
+ {"pkcs11keepstate", KW_PKCS11_DEPRECATED},
+ {"ocspuri2", KW_OCSPURI2},
+ {"leftauth2", KW_LEFTAUTH2},
+ {"ikedscp", KW_IKEDSCP,}
};
static const short lookup[] =
{
+ -1, -1, -1, -1, -1, -1, -1, -1, -1, 0,
+ -1, -1, -1, -1, -1, 1, -1, -1, 2, 3,
+ -1, -1, 4, 5, -1, -1, 6, -1, 7, 8,
+ -1, 9, 10, -1, -1, -1, 11, -1, 12, 13,
+ 14, 15, 16, -1, -1, -1, 17, 18, 19, 20,
+ 21, 22, -1, 23, 24, -1, 25, 26, 27, -1,
+ 28, 29, 30, -1, -1, 31, 32, -1, 33, 34,
+ 35, -1, 36, 37, 38, 39, -1, 40, 41, -1,
+ -1, 42, 43, 44, 45, -1, 46, -1, 47, -1,
+ 48, 49, 50, 51, 52, 53, 54, -1, 55, 56,
+ 57, 58, 59, -1, 60, 61, 62, -1, 63, -1,
+ 64, -1, 65, 66, 67, 68, 69, 70, 71, 72,
+ -1, 73, 74, 75, 76, 77, -1, -1, 78, -1,
+ -1, 79, 80, -1, 81, -1, 82, 83, 84, 85,
+ 86, 87, 88, -1, 89, -1, 90, 91, -1, 92,
+ 93, -1, 94, 95, -1, -1, -1, -1, 96, 97,
+ 98, 99, 100, 101, -1, 102, 103, 104, -1, 105,
+ 106, 107, 108, 109, 110, 111, 112, 113, 114, -1,
+ 115, 116, -1, 117, -1, 118, -1, -1, 119, 120,
+ -1, -1, 121, -1, -1, 122, -1, 123, -1, 124,
+ -1, 125, -1, -1, -1, -1, -1, 126, -1, -1,
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
- 0, -1, -1, -1, -1, -1, 1, -1, -1, 2,
- 3, 4, 5, -1, 6, 7, 8, -1, -1, 9,
- 10, -1, -1, -1, 11, 12, -1, 13, -1, 14,
- 15, 16, -1, 17, 18, 19, -1, -1, 20, -1,
- -1, 21, -1, -1, -1, -1, 22, -1, -1, 23,
- 24, -1, 25, 26, 27, 28, 29, 30, 31, 32,
- 33, 34, 35, 36, -1, 37, 38, 39, -1, -1,
- 40, -1, -1, -1, -1, -1, 41, -1, 42, 43,
- 44, 45, 46, 47, 48, -1, -1, -1, -1, 49,
- 50, 51, 52, 53, 54, 55, 56, 57, -1, -1,
- -1, 58, 59, 60, 61, 62, 63, 64, 65, -1,
- 66, 67, 68, 69, 70, 71, 72, -1, -1, 73,
- 74, -1, 75, 76, 77, 78, 79, -1, 80, 81,
- 82, 83, 84, 85, 86, 87, 88, 89, 90, 91,
- 92, -1, -1, 93, -1, -1, 94, 95, -1, 96,
- 97, -1, 98, -1, 99, 100, 101, -1, 102, 103,
- 104, -1, 105, -1, -1, -1, 106, -1, 107, -1,
- -1, -1, 108, -1, -1, -1, 109, -1, -1, -1,
- -1, 110, 111, 112, 113, 114, -1, -1, -1, -1,
- -1, -1, -1, 115, -1, -1, -1, -1, -1, -1,
- 116, 117, -1, -1, 118, -1, -1, -1, 119, -1,
- 120, 121, -1, 122, -1, -1, -1, 123, -1, 124,
- 125, 126, -1, -1, -1, -1, -1, -1, -1, 127,
- -1, -1, -1, 128, -1, -1, -1, 129, -1, -1,
- -1, 130, 131, 132, -1, -1, 133, -1, 134, 135
+ -1, 127, 128, -1, 129, -1, 130, -1, -1, -1,
+ -1, -1, -1, 131, -1, 132, -1, 133, 134, -1,
+ -1, -1, -1, 135, -1, -1, -1, -1, -1, -1,
+ 136, -1, -1, -1, -1, -1, -1, 137
};
#ifdef __GNUC__
diff --git a/src/starter/keywords.h b/src/starter/keywords.h
index 4a96a418c..83ce4a7dd 100644
--- a/src/starter/keywords.h
+++ b/src/starter/keywords.h
@@ -108,7 +108,7 @@ typedef enum {
KW_AUTH2,
KW_ID,
KW_ID2,
- KW_RSASIGKEY,
+ KW_SIGKEY,
KW_CERT,
KW_CERT2,
KW_CERTPOLICY,
@@ -137,7 +137,7 @@ typedef enum {
KW_LEFTAUTH2,
KW_LEFTID,
KW_LEFTID2,
- KW_LEFTRSASIGKEY,
+ KW_LEFTSIGKEY,
KW_LEFTCERT,
KW_LEFTCERT2,
KW_LEFTCERTPOLICY,
@@ -166,7 +166,7 @@ typedef enum {
KW_RIGHTAUTH2,
KW_RIGHTID,
KW_RIGHTID2,
- KW_RIGHTRSASIGKEY,
+ KW_RIGHTSIGKEY,
KW_RIGHTCERT,
KW_RIGHTCERT2,
KW_RIGHTCERTPOLICY,
diff --git a/src/starter/keywords.txt b/src/starter/keywords.txt
index cd964b0e3..20d35ded0 100644
--- a/src/starter/keywords.txt
+++ b/src/starter/keywords.txt
@@ -96,7 +96,8 @@ leftauth, KW_LEFTAUTH
leftauth2, KW_LEFTAUTH2
leftid, KW_LEFTID
leftid2, KW_LEFTID2
-leftrsasigkey, KW_LEFTRSASIGKEY
+leftsigkey, KW_LEFTSIGKEY
+leftrsasigkey, KW_LEFTSIGKEY
leftcert, KW_LEFTCERT
leftcert2, KW_LEFTCERT2
leftcertpolicy, KW_LEFTCERTPOLICY
@@ -120,7 +121,8 @@ rightauth, KW_RIGHTAUTH
rightauth2, KW_RIGHTAUTH2
rightid, KW_RIGHTID
rightid2, KW_RIGHTID2
-rightrsasigkey, KW_RIGHTRSASIGKEY
+rightsigkey, KW_RIGHTSIGKEY
+rightrsasigkey, KW_RIGHTSIGKEY
rightcert, KW_RIGHTCERT
rightcert2, KW_RIGHTCERT2
rightcertpolicy, KW_RIGHTCERTPOLICY
diff --git a/src/starter/netkey.c b/src/starter/netkey.c
index 921a220db..2b500bab4 100644
--- a/src/starter/netkey.c
+++ b/src/starter/netkey.c
@@ -58,7 +58,7 @@ bool starter_netkey_init(void)
void starter_netkey_cleanup(void)
{
- if (!lib->plugins->load(lib->plugins, NULL,
+ if (!lib->plugins->load(lib->plugins,
lib->settings->get_str(lib->settings, "starter.load", PLUGINS)))
{
DBG1(DBG_APP, "unable to load kernel plugins");
diff --git a/src/starter/starter.c b/src/starter/starter.c
index 917e52d68..06eb142bd 100644
--- a/src/starter/starter.c
+++ b/src/starter/starter.c
@@ -61,6 +61,8 @@ char *cmd = NULL;
char *pid_file = NULL;
char *starter_pid_file = NULL;
+static char *config_file = NULL;
+
/* logging */
static bool log_to_stderr = TRUE;
static bool log_to_syslog = TRUE;
@@ -291,11 +293,11 @@ static void generate_selfcert()
}
}
#endif
- setegid(gid);
- seteuid(uid);
- ignore_result(system("ipsec scepclient --out pkcs1 --out cert-self --quiet"));
- seteuid(0);
- setegid(0);
+ ignore_result(setegid(gid));
+ ignore_result(seteuid(uid));
+ ignore_result(system(IPSEC_SCRIPT " scepclient --out pkcs1 --out cert-self --quiet"));
+ ignore_result(seteuid(0));
+ ignore_result(setegid(0));
/* ipsec.secrets is root readable only */
oldmask = umask(0066);
@@ -393,7 +395,8 @@ static void usage(char *name)
{
fprintf(stderr, "Usage: starter [--nofork] [--auto-update <sec>]\n"
" [--debug|--debug-more|--debug-all|--nolog]\n"
- " [--attach-gdb] [--daemon <name>]\n");
+ " [--attach-gdb] [--daemon <name>]\n"
+ " [--conf <path to ipsec.conf>]\n");
exit(LSB_RC_INVALID_ARGUMENT);
}
@@ -460,6 +463,10 @@ int main (int argc, char **argv)
{
daemon_name = argv[++i];
}
+ else if (streq(argv[i], "--conf") && i+1 < argc)
+ {
+ config_file = argv[++i];
+ }
else
{
usage(argv[0]);
@@ -471,6 +478,10 @@ int main (int argc, char **argv)
DBG1(DBG_APP, "unable to set daemon name");
exit(LSB_RC_FAILURE);
}
+ if (!config_file)
+ {
+ config_file = CONFIG_FILE;
+ }
init_log("ipsec_starter");
@@ -524,7 +535,7 @@ int main (int argc, char **argv)
exit(LSB_RC_FAILURE);
}
- cfg = confread_load(CONFIG_FILE);
+ cfg = confread_load(config_file);
if (cfg == NULL || cfg->err > 0)
{
DBG1(DBG_APP, "unable to start strongSwan -- fatal errors in config");
@@ -706,7 +717,7 @@ int main (int argc, char **argv)
if (_action_ & FLAG_ACTION_UPDATE)
{
DBG2(DBG_APP, "Reloading config...");
- new_cfg = confread_load(CONFIG_FILE);
+ new_cfg = confread_load(config_file);
if (new_cfg && (new_cfg->err == 0))
{
@@ -898,4 +909,3 @@ int main (int argc, char **argv)
}
exit(LSB_RC_SUCCESS);
}
-
generated by cgit v1.2.3 (git 2.39.1) at 2024-09-20 15:36:17 +0000