support of PKCS#11 init arguments required by NSS softoken, patch contributed by...
[strongswan.git] / src / starter / invokepluto.c
index 1b11b4a..5ea47f6 100644 (file)
@@ -187,6 +187,11 @@ starter_start_pluto (starter_config_t *cfg, bool debug)
        arg[argc++] = "--pkcs11module";
        arg[argc++] = cfg->setup.pkcs11module;
     }
+    if (cfg->setup.pkcs11initargs)
+    {
+       arg[argc++] = "--pkcs11initargs";
+       arg[argc++] = cfg->setup.pkcs11initargs;
+    }
     if (cfg->setup.pkcs11keepstate)
     {
        arg[argc++] = "--pkcs11keepstate";
@@ -216,7 +221,11 @@ starter_start_pluto (starter_config_t *cfg, bool debug)
            FILE *f;
 
            plog("no %s file, generating RSA key", SECRETS_FILE);
+           seteuid(IPSEC_UID);
+           setegid(IPSEC_GID);
            system("ipsec scepclient --out pkcs1 --out cert-self --quiet");
+           seteuid(0);
+           setegid(0);
 
            /* ipsec.secrets is root readable only */
            oldmask = umask(0066);
@@ -229,6 +238,7 @@ starter_start_pluto (starter_config_t *cfg, bool debug)
                fprintf(f, ": RSA myKey.der\n");
                fclose(f);
            }
+           chown(SECRETS_FILE, IPSEC_UID, IPSEC_GID);
            umask(oldmask);
        }