diff options
| author | Rene Mayrhofer <rene@mayrhofer.eu.org> | 2009-10-21 11:14:02 +0000 |
|---|---|---|
| committer | Rene Mayrhofer <rene@mayrhofer.eu.org> | 2009-10-21 11:14:02 +0000 |
| commit | 7410d3c6d6a9a1cd7aa55083c938946af6ff9498 (patch) | |
| tree | 3291beffa55649f9be28b4a98a7d503d334fbcf2 /src/openac/openac.c | |
| parent | 41787e147279ff0695e9d759487266a60b80867b (diff) | |
| download | vyos-strongswan-7410d3c6d6a9a1cd7aa55083c938946af6ff9498.tar.gz vyos-strongswan-7410d3c6d6a9a1cd7aa55083c938946af6ff9498.zip | |
[svn-upgrade] Integrating new upstream version, strongswan (4.3.4)
Diffstat (limited to 'src/openac/openac.c')
| -rwxr-xr-x | src/openac/openac.c | 37 |
1 files changed, 15 insertions, 22 deletions
diff --git a/src/openac/openac.c b/src/openac/openac.c index 3686c07ac..a8f75e093 100755 --- a/src/openac/openac.c +++ b/src/openac/openac.c @@ -40,11 +40,6 @@ #include <credentials/keys/private_key.h> #include <utils/optionsfrom.h> -#ifdef INTEGRITY_TEST -#include <fips/fips.h> -#include <fips_signature.h> -#endif /* INTEGRITY_TEST */ - #define OPENAC_PATH IPSEC_CONFDIR "/openac" #define OPENAC_SERIAL IPSEC_CONFDIR "/openac/serial" @@ -223,15 +218,16 @@ static void openac_dbg(int level, char *fmt, ...) if (level <= debug_level) { - va_start(args, fmt); - if (!stderr_quiet) { + va_start(args, fmt); vfprintf(stderr, fmt, args); fprintf(stderr, "\n"); + va_end(args); } /* write in memory buffer first */ + va_start(args, fmt); vsnprintf(buffer, sizeof(buffer), fmt, args); va_end(args); @@ -287,7 +283,18 @@ int main(int argc, char **argv) openlog("openac", 0, LOG_AUTHPRIV); /* initialize library */ - library_init(STRONGSWAN_CONF); + if (!library_init(STRONGSWAN_CONF)) + { + library_deinit(); + exit(SS_RC_LIBSTRONGSWAN_INTEGRITY); + } + if (lib->integrity && + !lib->integrity->check_file(lib->integrity, "openac", argv[0])) + { + fprintf(stderr, "integrity check of openac failed\n"); + library_deinit(); + exit(SS_RC_DAEMON_INTEGRITY); + } lib->plugins->load(lib->plugins, IPSEC_PLUGINDIR, lib->settings->get_str(lib->settings, "openac.load", PLUGINS)); @@ -482,20 +489,6 @@ int main(int argc, char **argv) DBG1("starting openac (strongSwan Version %s)", VERSION); -#ifdef INTEGRITY_TEST - DBG1("integrity test of libstrongswan code"); - if (fips_verify_hmac_signature(hmac_key, hmac_signature)) - { - DBG1(" integrity test passed"); - } - else - { - DBG1(" integrity test failed"); - status = 3; - goto end; - } -#endif /* INTEGRITY_TEST */ - /* load the signer's RSA private key */ if (keyfile != NULL) { |