146 lines
4.4 KiB
Diff
146 lines
4.4 KiB
Diff
|
commit 8e2b65ebf597a4d48daa3308aa032962110ad8f6
|
||
|
Author: Shea Levy <shea@shealevy.com>
|
||
|
Date: Tue Sep 30 15:14:47 2014 -0400
|
||
|
|
||
|
Allow specifying the ipsec.conf location in strongswan.conf
|
||
|
|
||
|
diff --git a/conf/options/starter.opt b/conf/options/starter.opt
|
||
|
index 4e6574d..6d7162a 100644
|
||
|
--- a/conf/options/starter.opt
|
||
|
+++ b/conf/options/starter.opt
|
||
|
@@ -3,3 +3,6 @@ starter.load =
|
||
|
|
||
|
starter.load_warning = yes
|
||
|
Disable charon plugin load option warning.
|
||
|
+
|
||
|
+starter.config_file = ${sysconfdir}/ipsec.conf
|
||
|
+ Location of the ipsec.conf conf file
|
||
|
diff --git a/src/starter/starter.c b/src/starter/starter.c
|
||
|
index 5c84593..1f365cc 100644
|
||
|
--- a/src/starter/starter.c
|
||
|
+++ b/src/starter/starter.c
|
||
|
@@ -488,7 +488,8 @@ int main (int argc, char **argv)
|
||
|
}
|
||
|
if (!config_file)
|
||
|
{
|
||
|
- config_file = CONFIG_FILE;
|
||
|
+ config_file = lib->settings->get_str(lib->settings, "starter.config_file",
|
||
|
+ CONFIG_FILE);
|
||
|
}
|
||
|
|
||
|
init_log("ipsec_starter");
|
||
|
|
||
|
commit 8b839cec684e26ed96f3d891b3ae3565558b2cff
|
||
|
Author: Shea Levy <shea@shealevy.com>
|
||
|
Date: Tue Sep 30 15:11:03 2014 -0400
|
||
|
|
||
|
Allow specifying the ipsec.secrets location in strongswan.conf
|
||
|
|
||
|
diff --git a/conf/plugins/stroke.opt b/conf/plugins/stroke.opt
|
||
|
index 2cfc2c6..b3ca2b7 100644
|
||
|
--- a/conf/plugins/stroke.opt
|
||
|
+++ b/conf/plugins/stroke.opt
|
||
|
@@ -11,5 +11,8 @@ charon.plugins.stroke.prevent_loglevel_changes = no
|
||
|
charon.plugins.stroke.socket = unix://${piddir}/charon.ctl
|
||
|
Socket provided by the stroke plugin.
|
||
|
|
||
|
+charon.plugins.stroke.secrets_file = ${sysconfdir}/ipsec.secrets
|
||
|
+ Location of the ipsec.secrets conf file
|
||
|
+
|
||
|
charon.plugins.stroke.timeout = 0
|
||
|
Timeout in ms for any stroke command. Use 0 to disable the timeout.
|
||
|
diff --git a/src/libcharon/plugins/stroke/stroke_cred.c b/src/libcharon/plugins/stroke/stroke_cred.c
|
||
|
index f908219..673e492 100644
|
||
|
--- a/src/libcharon/plugins/stroke/stroke_cred.c
|
||
|
+++ b/src/libcharon/plugins/stroke/stroke_cred.c
|
||
|
@@ -67,6 +67,7 @@ struct private_stroke_cred_t {
|
||
|
/**
|
||
|
* credentials
|
||
|
*/
|
||
|
+ char *secrets_file;
|
||
|
mem_cred_t *creds;
|
||
|
|
||
|
/**
|
||
|
@@ -1297,7 +1298,7 @@ METHOD(stroke_cred_t, reread, void,
|
||
|
if (msg->reread.flags & REREAD_SECRETS)
|
||
|
{
|
||
|
DBG1(DBG_CFG, "rereading secrets");
|
||
|
- load_secrets(this, NULL, SECRETS_FILE, 0, prompt);
|
||
|
+ load_secrets(this, NULL, this->secrets_file, 0, prompt);
|
||
|
}
|
||
|
if (msg->reread.flags & REREAD_CACERTS)
|
||
|
{
|
||
|
@@ -1370,6 +1371,9 @@ stroke_cred_t *stroke_cred_create()
|
||
|
.cachecrl = _cachecrl,
|
||
|
.destroy = _destroy,
|
||
|
},
|
||
|
+ .secrets_file = lib->settings->get_str(lib->settings,
|
||
|
+ "%s.plugins.stroke.secrets_file", SECRETS_FILE,
|
||
|
+ lib->ns),
|
||
|
.creds = mem_cred_create(),
|
||
|
);
|
||
|
|
||
|
@@ -1380,7 +1384,7 @@ stroke_cred_t *stroke_cred_create()
|
||
|
FALSE, lib->ns);
|
||
|
|
||
|
load_certs(this);
|
||
|
- load_secrets(this, NULL, SECRETS_FILE, 0, NULL);
|
||
|
+ load_secrets(this, NULL, this->secrets_file, 0, NULL);
|
||
|
|
||
|
return &this->public;
|
||
|
}
|
||
|
diff --git a/src/starter/starter.c b/src/starter/starter.c
|
||
|
index 71f33ae..5c84593 100644
|
||
|
--- a/src/starter/starter.c
|
||
|
+++ b/src/starter/starter.c
|
||
|
@@ -263,8 +263,11 @@ static void generate_selfcert()
|
||
|
{
|
||
|
struct stat stb;
|
||
|
|
||
|
+ const char *secrets_file = lib->settings->get_str(lib->settings,
|
||
|
+ "charon.plugins.stroke.secrets_file", SECRETS_FILE);
|
||
|
+
|
||
|
/* if ipsec.secrets file is missing then generate RSA default key pair */
|
||
|
- if (stat(SECRETS_FILE, &stb) != 0)
|
||
|
+ if (stat(secrets_file, &stb) != 0)
|
||
|
{
|
||
|
mode_t oldmask;
|
||
|
FILE *f;
|
||
|
@@ -302,7 +305,7 @@ static void generate_selfcert()
|
||
|
/* ipsec.secrets is root readable only */
|
||
|
oldmask = umask(0066);
|
||
|
|
||
|
- f = fopen(SECRETS_FILE, "w");
|
||
|
+ f = fopen(secrets_file, "w");
|
||
|
if (f)
|
||
|
{
|
||
|
fprintf(f, "# /etc/ipsec.secrets - strongSwan IPsec secrets file\n");
|
||
|
@@ -310,7 +313,7 @@ static void generate_selfcert()
|
||
|
fprintf(f, ": RSA myKey.der\n");
|
||
|
fclose(f);
|
||
|
}
|
||
|
- ignore_result(chown(SECRETS_FILE, uid, gid));
|
||
|
+ ignore_result(chown(secrets_file, uid, gid));
|
||
|
umask(oldmask);
|
||
|
}
|
||
|
}
|
||
|
|
||
|
commit 5f2ca3b99b40c47a9b59c7cc75655e5dd041787e
|
||
|
Author: Shea Levy <shea@shealevy.com>
|
||
|
Date: Tue Sep 30 14:31:50 2014 -0400
|
||
|
|
||
|
Allow specifying the path to strongswan.conf in the STRONGSWAN_CONF env var
|
||
|
|
||
|
diff -Naur a/src/libstrongswan/library.c b/src/libstrongswan/library.c
|
||
|
--- a/src/libstrongswan/library.c 2014-06-05 03:50:30.000000000 -0400
|
||
|
+++ b/src/libstrongswan/library.c 2014-09-30 15:25:27.927757711 -0400
|
||
|
@@ -307,7 +307,7 @@
|
||
|
#ifdef STRONGSWAN_CONF
|
||
|
if (!settings)
|
||
|
{
|
||
|
- settings = STRONGSWAN_CONF;
|
||
|
+ settings = getenv("STRONGSWAN_CONF") ?: STRONGSWAN_CONF;
|
||
|
}
|
||
|
#endif
|
||
|
this->public.settings = settings_create(settings);
|