systime-fix: Add timeout option to stop waiting for valid system time
A certificate check is forced once the timeout is reached even if the system time appears to be invalid.
This commit is contained in:
parent
1fe71a50f1
commit
c81b87ac26
|
@ -10,3 +10,7 @@ charon.plugins.systime-fix.threshold =
|
|||
|
||||
charon.plugins.systime-fix.threshold_format = %Y
|
||||
**strptime**(3) format used to parse threshold option.
|
||||
|
||||
charon.plugins.systime-fix.timeout = 0s
|
||||
How long to wait for a valid system time if an interval is configured. 0 to
|
||||
recheck indefinitely.
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
/*
|
||||
* Copyright (C) 2013 Tobias Brunner
|
||||
* Hochschule fuer Technik Rapperswil
|
||||
* Copyright (C) 2013-2017 Tobias Brunner
|
||||
* HSR Hochschule fuer Technik Rapperswil
|
||||
*
|
||||
* Copyright (C) 2013 Martin Willi
|
||||
* Copyright (C) 2013 revosec AG
|
||||
|
@ -54,6 +54,11 @@ struct private_systime_fix_plugin_t {
|
|||
*/
|
||||
u_int interval;
|
||||
|
||||
/**
|
||||
* How long to wait for a valid system time, 0 to wait indefinitely
|
||||
*/
|
||||
time_t timeout;
|
||||
|
||||
/**
|
||||
* Timestamp where we start considering system time valid
|
||||
*/
|
||||
|
@ -117,6 +122,23 @@ static bool has_invalid_certs(ike_sa_t *ike_sa)
|
|||
return !valid;
|
||||
}
|
||||
|
||||
/**
|
||||
* Check if we reached the timeout
|
||||
*/
|
||||
static inline bool timeout_reached(private_systime_fix_plugin_t *this)
|
||||
{
|
||||
if (this->timeout == 0)
|
||||
{ /* disabled */
|
||||
return FALSE;
|
||||
}
|
||||
if (this->timeout <= this->interval)
|
||||
{
|
||||
return TRUE;
|
||||
}
|
||||
this->timeout -= this->interval;
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
/**
|
||||
* Check system time, reevaluate certificates
|
||||
*/
|
||||
|
@ -129,14 +151,22 @@ static job_requeue_t check_systime(private_systime_fix_plugin_t *this)
|
|||
|
||||
if (time(NULL) < this->threshold)
|
||||
{
|
||||
DBG2(DBG_CFG, "systime not valid, rechecking in %ds", this->interval);
|
||||
lib->scheduler->schedule_job(lib->scheduler, (job_t*)
|
||||
callback_job_create((callback_job_cb_t)check_systime, this,
|
||||
NULL, NULL), this->interval);
|
||||
return JOB_REQUEUE_NONE;
|
||||
if (!timeout_reached(this))
|
||||
{
|
||||
DBG2(DBG_CFG, "system time not valid, rechecking in %us",
|
||||
this->interval);
|
||||
return JOB_RESCHEDULE(this->interval);
|
||||
}
|
||||
DBG1(DBG_CFG, "timeout reached while waiting for valid system time, "
|
||||
"force rechecking certificates");
|
||||
/* force regular lifetime checks for new connections */
|
||||
lib->credmgr->remove_validator(lib->credmgr,
|
||||
&this->validator->validator);
|
||||
}
|
||||
else
|
||||
{
|
||||
DBG1(DBG_CFG, "system time got valid, rechecking certificates");
|
||||
}
|
||||
|
||||
DBG1(DBG_CFG, "system time got valid, rechecking certificates");
|
||||
|
||||
enumerator = charon->ike_sa_manager->create_enumerator(
|
||||
charon->ike_sa_manager, TRUE);
|
||||
|
@ -225,7 +255,7 @@ static bool plugin_cb(private_systime_fix_plugin_t *this,
|
|||
lib->credmgr->add_validator(lib->credmgr, &this->validator->validator);
|
||||
if (this->interval != 0)
|
||||
{
|
||||
DBG1(DBG_CFG, "starting systime check, interval: %ds",
|
||||
DBG1(DBG_CFG, "starting system time check, interval: %us",
|
||||
this->interval);
|
||||
lib->scheduler->schedule_job(lib->scheduler, (job_t*)
|
||||
callback_job_create((callback_job_cb_t)check_systime,
|
||||
|
@ -275,6 +305,8 @@ plugin_t *systime_fix_plugin_create()
|
|||
},
|
||||
.interval = lib->settings->get_int(lib->settings,
|
||||
"%s.plugins.%s.interval", 0, lib->ns, get_name(this)),
|
||||
.timeout = lib->settings->get_time(lib->settings,
|
||||
"%s.plugins.%s.timeout", 0, lib->ns, get_name(this)),
|
||||
.reauth = lib->settings->get_bool(lib->settings,
|
||||
"%s.plugins.%s.reauth", FALSE, lib->ns, get_name(this)),
|
||||
);
|
||||
|
|
Loading…
Reference in New Issue