replaced --with-gid/uid by --with-group/user

using named users, groups
fixed capability dropping in pluto

1 files changed, 1 insertions, 29 deletions

diff --git a/src/starter/invokecharon.c b/src/starter/invokecharon.c
index 477be1faa..ade71fc56 100644
--- a/src/starter/invokecharon.c
+++ b/src/starter/invokecharon.c
@@ -103,8 +103,8 @@ starter_stop_charon (void)
 int
 starter_start_charon (starter_config_t *cfg, bool debug)
 {
-    int pid, i;
     struct stat stb;
+    int pid, i;
     char buffer[BUF_LEN];
     int argc = 1;
     char *arg[] = {
@@ -159,34 +159,6 @@ starter_start_charon (starter_config_t *cfg, bool debug)
 	unlink(CHARON_CTL_FILE);
 	_stop_requested = 0;
 
-	/* if ipsec.secrets file is missing then generate RSA default key pair */
-	if (stat(SECRETS_FILE, &stb) != 0)
-	{
-	    mode_t oldmask;
-	    FILE *f;
-
-	    plog("no %s file, generating RSA key", SECRETS_FILE);
-	    seteuid(IPSEC_UID);
-	    setegid(IPSEC_GID);
-	    system("ipsec scepclient --out pkcs1 --out cert-self --quiet");
-	    seteuid(0);
-	    setegid(0);
-
-	    /* ipsec.secrets is root readable only */
-	    oldmask = umask(0066);
-
-	    f = fopen(SECRETS_FILE, "w");
-	    if (f)
-	    {
-		fprintf(f, "# /etc/ipsec.secrets - strongSwan IPsec secrets file\n");
-		fprintf(f, "\n");
-		fprintf(f, ": RSA myKey.der\n");
-		fclose(f);
-	    }
-	    chown(SECRETS_FILE, IPSEC_UID, IPSEC_GID);
-	    umask(oldmask);
-	}
-
 	pid = fork();
 	switch (pid)
 	{