commit 8e2b65ebf597a4d48daa3308aa032962110ad8f6 Author: Shea Levy Date: Tue Sep 30 15:14:47 2014 -0400 Allow specifying the ipsec.conf location in strongswan.conf diff --git a/conf/options/starter.opt b/conf/options/starter.opt index 4e6574d..6d7162a 100644 --- a/conf/options/starter.opt +++ b/conf/options/starter.opt @@ -3,3 +3,6 @@ starter.load = starter.load_warning = yes Disable charon plugin load option warning. + +starter.config_file = ${sysconfdir}/ipsec.conf + Location of the ipsec.conf conf file diff --git a/src/starter/starter.c b/src/starter/starter.c index 5c84593..1f365cc 100644 --- a/src/starter/starter.c +++ b/src/starter/starter.c @@ -488,7 +488,8 @@ int main (int argc, char **argv) } if (!config_file) { - config_file = CONFIG_FILE; + config_file = lib->settings->get_str(lib->settings, "starter.config_file", + CONFIG_FILE); } init_log("ipsec_starter"); commit 8b839cec684e26ed96f3d891b3ae3565558b2cff Author: Shea Levy Date: Tue Sep 30 15:11:03 2014 -0400 Allow specifying the ipsec.secrets location in strongswan.conf diff --git a/conf/plugins/stroke.opt b/conf/plugins/stroke.opt index 2cfc2c6..b3ca2b7 100644 --- a/conf/plugins/stroke.opt +++ b/conf/plugins/stroke.opt @@ -11,5 +11,8 @@ charon.plugins.stroke.prevent_loglevel_changes = no charon.plugins.stroke.socket = unix://${piddir}/charon.ctl Socket provided by the stroke plugin. +charon.plugins.stroke.secrets_file = ${sysconfdir}/ipsec.secrets + Location of the ipsec.secrets conf file + charon.plugins.stroke.timeout = 0 Timeout in ms for any stroke command. Use 0 to disable the timeout. diff --git a/src/libcharon/plugins/stroke/stroke_cred.c b/src/libcharon/plugins/stroke/stroke_cred.c index f908219..673e492 100644 --- a/src/libcharon/plugins/stroke/stroke_cred.c +++ b/src/libcharon/plugins/stroke/stroke_cred.c @@ -67,6 +67,7 @@ struct private_stroke_cred_t { /** * credentials */ + char *secrets_file; mem_cred_t *creds; /** @@ -1297,7 +1298,7 @@ METHOD(stroke_cred_t, reread, void, if (msg->reread.flags & REREAD_SECRETS) { DBG1(DBG_CFG, "rereading secrets"); - load_secrets(this, NULL, SECRETS_FILE, 0, prompt); + load_secrets(this, NULL, this->secrets_file, 0, prompt); } if (msg->reread.flags & REREAD_CACERTS) { @@ -1370,6 +1371,9 @@ stroke_cred_t *stroke_cred_create() .cachecrl = _cachecrl, .destroy = _destroy, }, + .secrets_file = lib->settings->get_str(lib->settings, + "%s.plugins.stroke.secrets_file", SECRETS_FILE, + lib->ns), .creds = mem_cred_create(), ); @@ -1380,7 +1384,7 @@ stroke_cred_t *stroke_cred_create() FALSE, lib->ns); load_certs(this); - load_secrets(this, NULL, SECRETS_FILE, 0, NULL); + load_secrets(this, NULL, this->secrets_file, 0, NULL); return &this->public; } diff --git a/src/starter/starter.c b/src/starter/starter.c index 71f33ae..5c84593 100644 --- a/src/starter/starter.c +++ b/src/starter/starter.c @@ -263,8 +263,11 @@ static void generate_selfcert() { struct stat stb; + const char *secrets_file = lib->settings->get_str(lib->settings, + "charon.plugins.stroke.secrets_file", SECRETS_FILE); + /* if ipsec.secrets file is missing then generate RSA default key pair */ - if (stat(SECRETS_FILE, &stb) != 0) + if (stat(secrets_file, &stb) != 0) { mode_t oldmask; FILE *f; @@ -302,7 +305,7 @@ static void generate_selfcert() /* ipsec.secrets is root readable only */ oldmask = umask(0066); - f = fopen(SECRETS_FILE, "w"); + f = fopen(secrets_file, "w"); if (f) { fprintf(f, "# /etc/ipsec.secrets - strongSwan IPsec secrets file\n"); @@ -310,7 +313,7 @@ static void generate_selfcert() fprintf(f, ": RSA myKey.der\n"); fclose(f); } - ignore_result(chown(SECRETS_FILE, uid, gid)); + ignore_result(chown(secrets_file, uid, gid)); umask(oldmask); } } commit 5f2ca3b99b40c47a9b59c7cc75655e5dd041787e Author: Shea Levy Date: Tue Sep 30 14:31:50 2014 -0400 Allow specifying the path to strongswan.conf in the STRONGSWAN_CONF env var diff -Naur a/src/libstrongswan/library.c b/src/libstrongswan/library.c --- a/src/libstrongswan/library.c 2014-06-05 03:50:30.000000000 -0400 +++ b/src/libstrongswan/library.c 2014-09-30 15:25:27.927757711 -0400 @@ -307,7 +307,7 @@ #ifdef STRONGSWAN_CONF if (!settings) { - settings = STRONGSWAN_CONF; + settings = getenv("STRONGSWAN_CONF") ?: STRONGSWAN_CONF; } #endif this->public.settings = settings_create(settings);