From: Reto Guadagnini <rguadagn@hsr.ch>
Date: Fri, 8 Jun 2012 15:15:09 +0000 (+0200)
Subject: ipseckey: Added "enable" option for the IPSECKEY plugin to strongswan.conf
X-Git-Tag: 5.0.3dr2~2^2~9
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=932717fbde194bba61a0cbea304fb7c0ded0368d;p=thirdparty%2Fstrongswan.git

ipseckey: Added "enable" option for the IPSECKEY plugin to strongswan.conf
---

diff --git a/man/strongswan.conf.5.in b/man/strongswan.conf.5.in
index feffcfb531..b3902e211a 100644
--- a/man/strongswan.conf.5.in
+++ b/man/strongswan.conf.5.in
@@ -568,6 +568,9 @@ Request peer authentication based on a client certificate
 .TP
 .BR charon.plugins.ha.segment_count " [1]"
 
+.TP
+.BR charon.plugins.ipseckey.enable " [no]"
+Enable the fetching of IPSECKEY RRs from the DNS
 .TP
 .BR charon.plugins.led.activity_led
 
diff --git a/src/libcharon/plugins/ipseckey/ipseckey_plugin.c b/src/libcharon/plugins/ipseckey/ipseckey_plugin.c
index 563c366332..6f0f10507b 100644
--- a/src/libcharon/plugins/ipseckey/ipseckey_plugin.c
+++ b/src/libcharon/plugins/ipseckey/ipseckey_plugin.c
@@ -40,6 +40,11 @@ struct private_ipseckey_plugin_t {
 	 * credential set
 	 */
 	ipseckey_cred_t *cred;
+
+	/**
+	 * IPSECKEY based authentication enabled
+	 */
+	bool enabled;
 };
 
 METHOD(plugin_t, get_name, char*,
@@ -51,7 +56,10 @@ METHOD(plugin_t, get_name, char*,
 METHOD(plugin_t, destroy, void,
 	private_ipseckey_plugin_t *this)
 {
-	lib->credmgr->remove_set(lib->credmgr, &this->cred->set);
+	if (this->enabled)
+	{
+		lib->credmgr->remove_set(lib->credmgr, &this->cred->set);
+	}
 	this->res->destroy(this->res);
 	DESTROY_IF(this->cred);
 	free(this);
@@ -73,6 +81,8 @@ plugin_t *ipseckey_plugin_create()
 			},
 		},
 		.res = lib->resolver->create(lib->resolver),
+		.enabled = lib->settings->get_bool(lib->settings,
+								"charon.plugins.ipseckey.enable", FALSE),
 	);
 
 	if (!this->res)
@@ -83,8 +93,11 @@ plugin_t *ipseckey_plugin_create()
 		return NULL;
 	}
 
-	this->cred = ipseckey_cred_create(this->res);
-	lib->credmgr->add_set(lib->credmgr, &this->cred->set);
+	if (this->enabled)
+	{
+		this->cred = ipseckey_cred_create(this->res);
+		lib->credmgr->add_set(lib->credmgr, &this->cred->set);
+	}
 
 	return &this->public.plugin;
 }