aboutsummaryrefslogtreecommitdiffstats
path: root/src/starter/invokecharon.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/starter/invokecharon.c')
-rw-r--r--src/starter/invokecharon.c5
1 files changed, 5 insertions, 0 deletions
diff --git a/src/starter/invokecharon.c b/src/starter/invokecharon.c
index 422e4788b..48cb4151b 100644
--- a/src/starter/invokecharon.c
+++ b/src/starter/invokecharon.c
@@ -181,7 +181,11 @@ starter_start_charon (starter_config_t *cfg, bool debug)
FILE *f;
plog("no %s file, generating RSA key", SECRETS_FILE);
+ seteuid(IPSEC_UID);
+ setegid(IPSEC_GID);
system("ipsec scepclient --out pkcs1 --out cert-self --quiet");
+ seteuid(0);
+ setegid(0);
/* ipsec.secrets is root readable only */
oldmask = umask(0066);
@@ -194,6 +198,7 @@ starter_start_charon (starter_config_t *cfg, bool debug)
fprintf(f, ": RSA myKey.der\n");
fclose(f);
}
+ chown(SECRETS_FILE, IPSEC_UID, IPSEC_GID);
umask(oldmask);
}
generated by cgit v1.2.3 (git 2.25.1) at 2025-02-27 00:24:23 +0000