From 8b80ab5a6950ce6515f477624794defd7531642a Mon Sep 17 00:00:00 2001 From: Rene Mayrhofer Date: Wed, 29 Oct 2008 11:11:01 +0000 Subject: [svn-upgrade] Integrating new upstream version, strongswan (4.2.8) --- src/starter/Makefile.in | 2 + src/starter/args.c | 3 +- src/starter/confread.c | 9 +- src/starter/confread.h | 3 +- src/starter/invokecharon.c | 52 ++++++----- src/starter/ipsec.conf.5 | 18 +++- src/starter/keywords.c | 206 +++++++++++++++++++++++--------------------- src/starter/keywords.h | 3 +- src/starter/keywords.txt | 3 +- src/starter/starter.c | 9 +- src/starter/starterstroke.c | 3 +- 11 files changed, 181 insertions(+), 130 deletions(-) (limited to 'src/starter') diff --git a/src/starter/Makefile.in b/src/starter/Makefile.in index 03bb318a5..4150a60e7 100644 --- a/src/starter/Makefile.in +++ b/src/starter/Makefile.in @@ -191,6 +191,8 @@ localedir = @localedir@ localstatedir = @localstatedir@ mandir = @mandir@ mkdir_p = @mkdir_p@ +nm_CFLAGS = @nm_CFLAGS@ +nm_LIBS = @nm_LIBS@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ piddir = @piddir@ diff --git a/src/starter/args.c b/src/starter/args.c index 8a0262d8d..7af3b6310 100644 --- a/src/starter/args.c +++ b/src/starter/args.c @@ -12,7 +12,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * RCSID $Id: args.c 3932 2008-05-12 10:05:49Z andreas $ + * RCSID $Id: args.c 4276 2008-08-22 10:44:51Z martin $ */ #include @@ -202,6 +202,7 @@ static const token_info_t token_info[] = { ARG_MISC, 0, NULL /* KW_AUTH */ }, { ARG_MISC, 0, NULL /* KW_AUTHBY */ }, { ARG_MISC, 0, NULL /* KW_EAP */ }, + { ARG_STR, offsetof(starter_conn_t, eap_identity), NULL }, { ARG_MISC, 0, NULL /* KW_MOBIKE */ }, { ARG_MISC, 0, NULL /* KW_FORCEENCAPS */ }, { ARG_TIME, offsetof(starter_conn_t, sa_ike_life_seconds), NULL }, diff --git a/src/starter/confread.c b/src/starter/confread.c index df9be43bb..959a98b77 100644 --- a/src/starter/confread.c +++ b/src/starter/confread.c @@ -11,7 +11,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * RCSID $Id: confread.c 4051 2008-06-10 09:08:27Z tobias $ + * RCSID $Id: confread.c 4269 2008-08-21 12:10:07Z martin $ */ #include @@ -588,6 +588,10 @@ load_conn(starter_conn_t *conn, kw_list_t *kw, starter_config_t *cfg) { conn->eap_type = 4; } + else if (streq(kw->value, "gtc")) + { + conn->eap_type = 6; + } else { conn->eap_type = atoi(kw->value); @@ -931,8 +935,9 @@ confread_load(const char *file) /* load IPSec configuration file */ cfgp = parser_load_conf(file); if (!cfgp) + { return NULL; - + } cfg = (starter_config_t *)alloc_thing(starter_config_t, "starter_config_t"); /* set default values */ diff --git a/src/starter/confread.h b/src/starter/confread.h index 41f02476f..2c6e45984 100644 --- a/src/starter/confread.h +++ b/src/starter/confread.h @@ -12,7 +12,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * RCSID $Id: confread.h 3932 2008-05-12 10:05:49Z andreas $ + * RCSID $Id: confread.h 4276 2008-08-22 10:44:51Z martin $ */ #ifndef _IPSEC_CONFREAD_H_ @@ -105,6 +105,7 @@ struct starter_conn { keyexchange_t keyexchange; u_int32_t eap_type; u_int32_t eap_vendor; + char *eap_identity; lset_t policy; time_t sa_ike_life_seconds; time_t sa_ipsec_life_seconds; diff --git a/src/starter/invokecharon.c b/src/starter/invokecharon.c index 849a0af32..96baa4773 100644 --- a/src/starter/invokecharon.c +++ b/src/starter/invokecharon.c @@ -14,7 +14,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * RCSID $Id: invokecharon.c 3928 2008-05-11 07:59:00Z andreas $ + * RCSID $Id: invokecharon.c 4243 2008-08-01 10:35:59Z andreas $ */ #include @@ -63,38 +63,46 @@ starter_charon_sigchild(pid_t pid) int starter_stop_charon (void) { - pid_t pid; int i; + pid_t pid = _charon_pid; - pid = _charon_pid; if (pid) { _stop_requested = 1; /* be more and more aggressive */ - for (i = 0; i < 20 && (pid = _charon_pid) != 0; i++) + for (i = 0; i < 50 && (pid = _charon_pid) != 0; i++) { - if (i == 0) - kill(pid, SIGINT); - else if (i < 10) - kill(pid, SIGTERM); - else if (i == 10) + if (i == 0) { - kill(pid, SIGKILL); - plog("starter_stop_charon(): charon does not respond, sending KILL"); + kill(pid, SIGINT); + } + else if (i < 40) + { + kill(pid, SIGTERM); + } + else if (i == 40) + { + kill(pid, SIGKILL); + plog("starter_stop_charon(): charon does not respond, sending KILL"); } else - kill(pid, SIGKILL); - usleep(200000); + { + kill(pid, SIGKILL); + } + usleep(200000); /* sleep for 200 ms */ } if (_charon_pid == 0) + { + plog("charon stopped after %d ms", 200*i); return 0; + } plog("starter_stop_charon(): can't stop charon !!!"); return -1; } else { - plog("stater_stop_charon(): charon is not started..."); + plog("stater_stop_charon(): charon was not started..."); } return -1; } @@ -177,15 +185,13 @@ starter_start_charon (starter_config_t *cfg, bool no_fork) default: /* father */ _charon_pid = pid; - for (i = 0; i < 50 && _charon_pid; i++) + for (i = 0; i < 500 && _charon_pid; i++) { - /* wait for charon */ + /* wait for charon for a maximum of 500 x 20 ms = 10 s */ usleep(20000); if (stat(CHARON_PID_FILE, &stb) == 0) { - DBG(DBG_CONTROL, - DBG_log("charon (%d) started", _charon_pid) - ) + plog("charon (%d) started after %d ms", _charon_pid, 20*(i+1)); return 0; } } @@ -195,12 +201,18 @@ starter_start_charon (starter_config_t *cfg, bool no_fork) plog("charon too long to start... - kill kill"); for (i = 0; i < 20 && (pid = _charon_pid) != 0; i++) { - if (i == 0) + if (i == 0) + { kill(pid, SIGINT); + } else if (i < 10) + { kill(pid, SIGTERM); + } else + { kill(pid, SIGKILL); + } usleep(20000); } } diff --git a/src/starter/ipsec.conf.5 b/src/starter/ipsec.conf.5 index bf8bcc0d2..40ff27d0b 100644 --- a/src/starter/ipsec.conf.5 +++ b/src/starter/ipsec.conf.5 @@ -1,5 +1,5 @@ .TH IPSEC.CONF 5 "27 Jun 2007" -.\" RCSID $Id: ipsec.conf.5 3934 2008-05-12 12:46:30Z andreas $ +.\" RCSID $Id: ipsec.conf.5 4360 2008-09-30 12:36:58Z martin $ .SH NAME ipsec.conf \- IPsec configuration and connections .SH DESCRIPTION @@ -366,6 +366,14 @@ in the form .B eap=7-12345 ) can be used to specify vendor specific EAP types. .TP +.B eap_identity +defines the identity the client uses to reply to a EAP Identity request. +If defined on the EAP server, the defined identity will be used as peer +identity during EAP authentication. The special value +.B %identity +uses the EAP Identity method to ask the client for a EAP identity. If not +defined, the IKEv2 identity will be used as EAP identity. +.TP .B esp ESP encryption/authentication algorithm to be used for the connection, e.g. @@ -678,8 +686,8 @@ enables the IKEv2 MOBIKE protocol defined by RFC 4555. Accepted values are .BR no . If set to .BR no , -the IKEv2 charon daemon will not actively propose MOBIKE but will still -accept and support the protocol as a responder. +the IKEv2 charon daemon will not actively propose MOBIKE as initiator and +ignore the MOBIKE_SUPPORTED notify as responder. .TP .B modeconfig defines which mode is used to assign a virtual IP. @@ -706,6 +714,10 @@ PFS is enforced by defining a Diffie-Hellman modp group in the .B esp parameter. .TP +.B pfsgroup +defines a Diffie-Hellman group for perfect forward secrecy in IKEv1 Quick Mode +differing from the DH group used for IKEv1 Main Mode (IKEv1 only). +.TP .B reauth whether rekeying of an IKE_SA should also reauthenticate the peer. In IKEv1, reauthentication is always done. In IKEv2, a value of diff --git a/src/starter/keywords.c b/src/starter/keywords.c index b96019d83..35c17b9b5 100644 --- a/src/starter/keywords.c +++ b/src/starter/keywords.c @@ -44,7 +44,7 @@ error "gperf generated tables don't work with this execution character set. Plea * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * RCSID $Id: keywords.txt 3928 2008-05-11 07:59:00Z andreas $ + * RCSID $Id: keywords.txt 4276 2008-08-22 10:44:51Z martin $ */ #include @@ -56,12 +56,12 @@ struct kw_entry { kw_token_t token; }; -#define TOTAL_KEYWORDS 100 +#define TOTAL_KEYWORDS 101 #define MIN_WORD_LENGTH 3 #define MAX_WORD_LENGTH 17 #define MIN_HASH_VALUE 6 -#define MAX_HASH_VALUE 263 -/* maximum key range = 258, duplicates = 0 */ +#define MAX_HASH_VALUE 248 +/* maximum key range = 243, duplicates = 0 */ #ifdef __GNUC__ __inline @@ -75,34 +75,34 @@ hash (str, len) register const char *str; register unsigned int len; { - static const unsigned short asso_values[] = + static const unsigned char asso_values[] = { - 264, 264, 264, 264, 264, 264, 264, 264, 264, 264, - 264, 264, 264, 264, 264, 264, 264, 264, 264, 264, - 264, 264, 264, 264, 264, 264, 264, 264, 264, 264, - 264, 264, 264, 264, 264, 264, 264, 264, 264, 264, - 264, 264, 264, 264, 264, 264, 264, 264, 264, 10, - 0, 264, 264, 264, 264, 264, 264, 264, 264, 264, - 264, 264, 264, 264, 264, 264, 264, 264, 264, 264, - 264, 264, 264, 264, 264, 264, 264, 264, 264, 264, - 264, 264, 264, 264, 264, 264, 264, 264, 264, 264, - 264, 264, 264, 264, 264, 264, 264, 15, 264, 0, - 100, 5, 90, 85, 60, 0, 264, 60, 10, 55, - 80, 75, 15, 264, 0, 50, 35, 5, 25, 264, - 10, 75, 0, 264, 264, 264, 264, 264, 264, 264, - 264, 264, 264, 264, 264, 264, 264, 264, 264, 264, - 264, 264, 264, 264, 264, 264, 264, 264, 264, 264, - 264, 264, 264, 264, 264, 264, 264, 264, 264, 264, - 264, 264, 264, 264, 264, 264, 264, 264, 264, 264, - 264, 264, 264, 264, 264, 264, 264, 264, 264, 264, - 264, 264, 264, 264, 264, 264, 264, 264, 264, 264, - 264, 264, 264, 264, 264, 264, 264, 264, 264, 264, - 264, 264, 264, 264, 264, 264, 264, 264, 264, 264, - 264, 264, 264, 264, 264, 264, 264, 264, 264, 264, - 264, 264, 264, 264, 264, 264, 264, 264, 264, 264, - 264, 264, 264, 264, 264, 264, 264, 264, 264, 264, - 264, 264, 264, 264, 264, 264, 264, 264, 264, 264, - 264, 264, 264, 264, 264, 264 + 249, 249, 249, 249, 249, 249, 249, 249, 249, 249, + 249, 249, 249, 249, 249, 249, 249, 249, 249, 249, + 249, 249, 249, 249, 249, 249, 249, 249, 249, 249, + 249, 249, 249, 249, 249, 249, 249, 249, 249, 249, + 249, 249, 249, 249, 249, 249, 249, 249, 249, 25, + 10, 249, 249, 249, 249, 249, 249, 249, 249, 249, + 249, 249, 249, 249, 249, 249, 249, 249, 249, 249, + 249, 249, 249, 249, 249, 249, 249, 249, 249, 249, + 249, 249, 249, 249, 249, 249, 249, 249, 249, 249, + 249, 249, 249, 249, 249, 249, 249, 110, 249, 0, + 100, 5, 75, 65, 90, 0, 249, 60, 10, 15, + 80, 60, 15, 249, 0, 50, 35, 15, 30, 249, + 0, 75, 0, 249, 249, 249, 249, 249, 249, 249, + 249, 249, 249, 249, 249, 249, 249, 249, 249, 249, + 249, 249, 249, 249, 249, 249, 249, 249, 249, 249, + 249, 249, 249, 249, 249, 249, 249, 249, 249, 249, + 249, 249, 249, 249, 249, 249, 249, 249, 249, 249, + 249, 249, 249, 249, 249, 249, 249, 249, 249, 249, + 249, 249, 249, 249, 249, 249, 249, 249, 249, 249, + 249, 249, 249, 249, 249, 249, 249, 249, 249, 249, + 249, 249, 249, 249, 249, 249, 249, 249, 249, 249, + 249, 249, 249, 249, 249, 249, 249, 249, 249, 249, + 249, 249, 249, 249, 249, 249, 249, 249, 249, 249, + 249, 249, 249, 249, 249, 249, 249, 249, 249, 249, + 249, 249, 249, 249, 249, 249, 249, 249, 249, 249, + 249, 249, 249, 249, 249, 249 }; return len + asso_values[(unsigned char)str[1]] + asso_values[(unsigned char)str[0]] + asso_values[(unsigned char)str[len - 1]]; } @@ -111,40 +111,39 @@ static const struct kw_entry wordlist[] = { {""}, {""}, {""}, {""}, {""}, {""}, {"crluri", KW_CRLURI}, - {"crluri2", KW_CRLURI2}, - {""}, {""}, {""}, {""}, {""}, {""}, + {""}, {""}, {""}, {""}, {""}, {""}, {""}, {"rekeyfuzz", KW_REKEYFUZZ}, {""}, {""}, - {"crluri1", KW_CRLURI}, + {"crluri2", KW_CRLURI2}, {""}, {""}, {""}, {"certuribase", KW_CERTURIBASE}, - {"rightca", KW_RIGHTCA}, + {""}, {"rightfirewall", KW_RIGHTFIREWALL}, {""}, {"rightnatip", KW_RIGHTNATIP}, {"crlcheckinterval", KW_CRLCHECKINTERVAL}, {"rightnexthop", KW_RIGHTNEXTHOP}, {"rightsourceip", KW_RIGHTSOURCEIP}, - {""}, {""}, {""}, {""}, {""}, {""}, {""}, - {"leftca", KW_LEFTCA}, + {""}, {""}, {""}, + {"crluri1", KW_CRLURI}, + {""}, {""}, {""}, {""}, {"leftfirewall", KW_LEFTFIREWALL}, - {"eap", KW_EAP}, + {""}, {"leftnatip", KW_LEFTNATIP}, {"right", KW_RIGHT}, {"leftnexthop", KW_LEFTNEXTHOP}, {"leftsourceip", KW_LEFTSOURCEIP}, {""}, {"rightcert", KW_RIGHTCERT}, - {"virtual_private", KW_VIRTUAL_PRIVATE}, + {""}, {"rightsubnet", KW_RIGHTSUBNET}, {""}, {"rightsendcert", KW_RIGHTSENDCERT}, {"rightprotoport", KW_RIGHTPROTOPORT}, - {""}, {""}, {""}, {""}, + {"virtual_private", KW_VIRTUAL_PRIVATE}, + {""}, {""}, {""}, {"left", KW_LEFT}, - {""}, - {"cacert", KW_CACERT}, - {""}, + {""}, {""}, {""}, {"leftcert", KW_LEFTCERT,}, {""}, {"leftsubnet", KW_LEFTSUBNET}, @@ -153,29 +152,30 @@ static const struct kw_entry wordlist[] = {"leftprotoport", KW_LEFTPROTOPORT}, {""}, {"righthostaccess", KW_RIGHTHOSTACCESS}, - {""}, {""}, + {""}, + {"ocspuri", KW_OCSPURI}, {"ike", KW_IKE}, {""}, {"plutostart", KW_PLUTOSTART}, - {"reauth", KW_REAUTH}, - {""}, + {""}, {""}, {"esp", KW_ESP}, - {"cachecrls", KW_CACHECRLS}, + {""}, {"leftgroups", KW_LEFTGROUPS}, {"ikelifetime", KW_IKELIFETIME}, {"keylife", KW_KEYLIFE}, - {"packetdefault", KW_PACKETDEFAULT}, + {"ocspuri2", KW_OCSPURI2}, {"lefthostaccess", KW_LEFTHOSTACCESS}, {"keep_alive", KW_KEEP_ALIVE}, {"keyexchange", KW_KEYEXCHANGE}, - {"ocspuri", KW_OCSPURI}, - {"ocspuri2", KW_OCSPURI2}, - {"auth", KW_AUTH}, + {""}, + {"prepluto", KW_PREPLUTO}, + {""}, {"rekey", KW_REKEY}, - {""}, {""}, + {"mobike", KW_MOBIKE}, + {""}, {"rightallowany", KW_RIGHTALLOWANY}, {"rightrsasigkey", KW_RIGHTRSASIGKEY}, - {"xauth", KW_XAUTH}, + {""}, {"rightupdown", KW_RIGHTUPDOWN}, {"pkcs11module", KW_PKCS11MODULE}, {"ocspuri1", KW_OCSPURI}, @@ -183,78 +183,90 @@ static const struct kw_entry wordlist[] = {"pkcs11keepstate", KW_PKCS11KEEPSTATE}, {"rekeymargin", KW_REKEYMARGIN}, {"rightsubnetwithin", KW_RIGHTSUBNETWITHIN}, - {"prepluto", KW_PREPLUTO}, - {"auto", KW_AUTO}, + {"fragicmp", KW_FRAGICMP}, {""}, - {"authby", KW_AUTHBY}, + {"plutodebug", KW_PLUTODEBUG}, + {"reauth", KW_REAUTH}, {"leftallowany", KW_LEFTALLOWANY}, {"leftrsasigkey", KW_LEFTRSASIGKEY}, - {"also", KW_ALSO}, + {"plutostderrlog", KW_PLUTOSTDERRLOG}, {"leftupdown", KW_LEFTUPDOWN}, - {"charonstart", KW_CHARONSTART}, + {"mediated_by", KW_MEDIATED_BY}, {"rightid", KW_RIGHTID}, - {""}, {""}, {""}, + {""}, + {"mediation", KW_MEDIATION}, + {""}, {"leftsubnetwithin", KW_LEFTSUBNETWITHIN}, - {"dumpdir", KW_DUMPDIR}, - {"fragicmp", KW_FRAGICMP}, + {""}, + {"pfsgroup", KW_PFSGROUP}, {""}, {""}, {"overridemtu", KW_OVERRIDEMTU}, - {"hidetos", KW_HIDETOS}, - {"nat_traversal", KW_NAT_TRAVERSAL}, + {"rightca", KW_RIGHTCA}, + {"compress", KW_COMPRESS}, {"type", KW_TYPE}, - {"plutodebug", KW_PLUTODEBUG}, - {"leftid", KW_LEFTID}, {""}, + {"leftid", KW_LEFTID}, + {"dumpdir", KW_DUMPDIR}, {"ldapbase", KW_LDAPBASE}, - {"plutostderrlog", KW_PLUTOSTDERRLOG}, - {""}, + {""}, {""}, {"keyingtries", KW_KEYINGTRIES}, + {""}, {""}, + {"me_peerid", KW_ME_PEERID}, {""}, - {"pfsgroup", KW_PFSGROUP}, - {""}, {""}, {""}, {""}, - {"compress", KW_COMPRESS}, - {""}, {""}, {""}, {""}, {""}, + {"leftca", KW_LEFTCA}, + {""}, + {"eap", KW_EAP}, + {""}, {""}, + {"charonstart", KW_CHARONSTART}, + {""}, {""}, {"pkcs11initargs", KW_PKCS11INITARGS}, {"interfaces", KW_INTERFACES}, - {"mobike", KW_MOBIKE}, {""}, {""}, - {"uniqueids", KW_UNIQUEIDS}, + {"pfs", KW_PFS}, + {"postpluto", KW_POSTPLUTO}, + {"klipsdebug", KW_KLIPSDEBUG}, {""}, - {"mediated_by", KW_MEDIATED_BY}, - {""}, {""}, - {"mediation", KW_MEDIATION}, - {""}, {""}, {""}, - {"ldaphost", KW_LDAPHOST}, + {"hidetos", KW_HIDETOS}, {""}, {""}, - {"charondebug", KW_CHARONDEBUG}, - {""}, - {"pfs", KW_PFS}, + {"modeconfig", KW_MODECONFIG}, + {"cacert", KW_CACERT}, {""}, + {"ldaphost", KW_LDAPHOST}, + {"uniqueids", KW_UNIQUEIDS}, + {"force_keepalive", KW_FORCE_KEEPALIVE}, + {""}, {""}, {""}, {""}, {"dpdtimeout", KW_DPDTIMEOUT}, {"pkcs11proxy", KW_PKCS11PROXY}, - {""}, {""}, {""}, - {"klipsdebug", KW_KLIPSDEBUG}, - {""}, {""}, {""}, - {"me_peerid", KW_ME_PEERID}, {""}, {""}, {""}, {""}, - {"postpluto", KW_POSTPLUTO}, - {"strictcrlpolicy", KW_STRICTCRLPOLICY}, - {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""}, - {"force_keepalive", KW_FORCE_KEEPALIVE}, - {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""}, + {"charondebug", KW_CHARONDEBUG}, + {""}, {""}, + {"cachecrls", KW_CACHECRLS}, {""}, {""}, {""}, + {"packetdefault", KW_PACKETDEFAULT}, + {""}, + {"strictcrlpolicy", KW_STRICTCRLPOLICY}, + {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""}, + {"also", KW_ALSO}, + {""}, {""}, {""}, {""}, + {"auto", KW_AUTO}, + {""}, {""}, {""}, {""}, {""}, {""}, + {"forceencaps", KW_FORCEENCAPS}, + {""}, {"dpddelay", KW_DPDDELAY}, - {""}, {""}, {""}, {""}, {""}, + {""}, {""}, {""}, + {"eap_identity", KW_EAP_IDENTITY}, + {""}, {"dpdaction", KW_DPDACTION}, - {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""}, - {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""}, - {""}, {""}, - {"modeconfig", KW_MODECONFIG}, - {"forceencaps", KW_FORCEENCAPS}, - {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""}, + {"xauth", KW_XAUTH}, + {"authby", KW_AUTHBY}, + {""}, {""}, {""}, {""}, {""}, {""}, + {"nat_traversal", KW_NAT_TRAVERSAL}, + {""}, {""}, {""}, {""}, {""}, + {"auth", KW_AUTH}, {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""}, + {""}, {"nocrsend", KW_NOCRSEND} }; diff --git a/src/starter/keywords.h b/src/starter/keywords.h index 39b544267..1efa5dc2b 100644 --- a/src/starter/keywords.h +++ b/src/starter/keywords.h @@ -12,7 +12,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * RCSID $Id: keywords.h 3928 2008-05-11 07:59:00Z andreas $ + * RCSID $Id: keywords.h 4276 2008-08-22 10:44:51Z martin $ */ #ifndef _KEYWORDS_H_ @@ -71,6 +71,7 @@ typedef enum { KW_AUTH, KW_AUTHBY, KW_EAP, + KW_EAP_IDENTITY, KW_MOBIKE, KW_FORCEENCAPS, KW_IKELIFETIME, diff --git a/src/starter/keywords.txt b/src/starter/keywords.txt index d0435d1c7..29bd404b5 100644 --- a/src/starter/keywords.txt +++ b/src/starter/keywords.txt @@ -13,7 +13,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * RCSID $Id: keywords.txt 3928 2008-05-11 07:59:00Z andreas $ + * RCSID $Id: keywords.txt 4276 2008-08-22 10:44:51Z martin $ */ #include @@ -50,6 +50,7 @@ keep_alive, KW_KEEP_ALIVE force_keepalive, KW_FORCE_KEEPALIVE virtual_private, KW_VIRTUAL_PRIVATE eap, KW_EAP +eap_identity, KW_EAP_IDENTITY mobike, KW_MOBIKE forceencaps, KW_FORCEENCAPS pkcs11module, KW_PKCS11MODULE diff --git a/src/starter/starter.c b/src/starter/starter.c index 6ff0ac29c..61f21d88c 100644 --- a/src/starter/starter.c +++ b/src/starter/starter.c @@ -11,7 +11,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * RCSID $Id: starter.c 3914 2008-05-08 10:58:04Z martin $ + * RCSID $Id: starter.c 4140 2008-07-02 05:51:49Z andreas $ */ #include @@ -452,7 +452,7 @@ int main (int argc, char **argv) ); new_cfg = confread_load(CONFIG_FILE); - if (new_cfg->err + new_cfg->non_fatal_err == 0) + if (new_cfg && (new_cfg->err + new_cfg->non_fatal_err == 0)) { /* Switch to new config. New conn will be loaded below */ if (!starter_cmp_defaultroute(&new_cfg->defaultroute @@ -546,7 +546,10 @@ int main (int argc, char **argv) else { plog("can't reload config file due to errors -- keeping old one"); - confread_free(new_cfg); + if (new_cfg) + { + confread_free(new_cfg); + } } _action_ &= ~FLAG_ACTION_UPDATE; last_reload = time(NULL); diff --git a/src/starter/starterstroke.c b/src/starter/starterstroke.c index ffd5d28a6..4ee73128b 100644 --- a/src/starter/starterstroke.c +++ b/src/starter/starterstroke.c @@ -12,7 +12,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * RCSID $Id: starterstroke.c 4100 2008-06-24 13:36:10Z martin $ + * RCSID $Id: starterstroke.c 4276 2008-08-22 10:44:51Z martin $ */ #include @@ -227,6 +227,7 @@ int starter_stroke_add_conn(starter_config_t *cfg, starter_conn_t *conn) } msg.add_conn.eap_type = conn->eap_type; msg.add_conn.eap_vendor = conn->eap_vendor; + msg.add_conn.eap_identity = push_string(&msg, conn->eap_identity); if (conn->policy & POLICY_TUNNEL) { -- cgit v1.2.3