diff options
author | Yves-Alexis Perez <corsac@corsac.net> | 2012-06-28 21:16:07 +0200 |
---|---|---|
committer | Yves-Alexis Perez <corsac@corsac.net> | 2012-06-28 21:16:07 +0200 |
commit | a3b482a8facde4b453ad821bfe40effbe3d17903 (patch) | |
tree | 636f02074b05b7473f5db1fe60fa2bceb0094a62 /src/starter/starter.c | |
parent | d816a1afbd841e9943bb439fe4e110b7c4970550 (diff) | |
parent | b34738ed08c2227300d554b139e2495ca5da97d6 (diff) | |
download | vyos-strongswan-a3b482a8facde4b453ad821bfe40effbe3d17903.tar.gz vyos-strongswan-a3b482a8facde4b453ad821bfe40effbe3d17903.zip |
Merge tag 'upstream/4.6.4'
Upstream version 4.6.4
Diffstat (limited to 'src/starter/starter.c')
-rw-r--r-- | src/starter/starter.c | 142 |
1 files changed, 96 insertions, 46 deletions
diff --git a/src/starter/starter.c b/src/starter/starter.c index fcef2f7ff..44e21431c 100644 --- a/src/starter/starter.c +++ b/src/starter/starter.c @@ -29,6 +29,7 @@ #include <freeswan.h> #include <library.h> +#include <hydra.h> #include "../pluto/constants.h" #include "../pluto/defs.h" @@ -161,60 +162,92 @@ static void fsig(int signal) } } +#ifdef GENERATE_SELFCERT static void generate_selfcert() { struct stat stb; - /* if ipsec.secrets file is missing then generate RSA default key pair */ - if (stat(SECRETS_FILE, &stb) != 0) - { - mode_t oldmask; - FILE *f; - uid_t uid = 0; - gid_t gid = 0; + /* if ipsec.secrets file is missing then generate RSA default key pair */ + if (stat(SECRETS_FILE, &stb) != 0) + { + mode_t oldmask; + FILE *f; + uid_t uid = 0; + gid_t gid = 0; #ifdef IPSEC_GROUP - { - char buf[1024]; - struct group group, *grp; + { + char buf[1024]; + struct group group, *grp; - if (getgrnam_r(IPSEC_GROUP, &group, buf, sizeof(buf), &grp) == 0 && grp) - { - gid = grp->gr_gid; - } + if (getgrnam_r(IPSEC_GROUP, &group, buf, sizeof(buf), &grp) == 0 && grp) + { + gid = grp->gr_gid; } + } #endif #ifdef IPSEC_USER - { - char buf[1024]; - struct passwd passwd, *pwp; + { + char buf[1024]; + struct passwd passwd, *pwp; - if (getpwnam_r(IPSEC_USER, &passwd, buf, sizeof(buf), &pwp) == 0 && pwp) - { - uid = pwp->pw_uid; - } + if (getpwnam_r(IPSEC_USER, &passwd, buf, sizeof(buf), &pwp) == 0 && pwp) + { + uid = pwp->pw_uid; } + } #endif - setegid(gid); - seteuid(uid); - ignore_result(system("ipsec scepclient --out pkcs1 --out cert-self --quiet")); - seteuid(0); - setegid(0); + setegid(gid); + seteuid(uid); + ignore_result(system("ipsec scepclient --out pkcs1 --out cert-self --quiet")); + seteuid(0); + setegid(0); + + /* ipsec.secrets is root readable only */ + oldmask = umask(0066); + + f = fopen(SECRETS_FILE, "w"); + if (f) + { + fprintf(f, "# /etc/ipsec.secrets - strongSwan IPsec secrets file\n"); + fprintf(f, "\n"); + fprintf(f, ": RSA myKey.der\n"); + fclose(f); + } + ignore_result(chown(SECRETS_FILE, uid, gid)); + umask(oldmask); + } +} +#endif /* GENERATE_SELFCERT */ - /* ipsec.secrets is root readable only */ - oldmask = umask(0066); +static bool check_pid(char *pid_file) +{ + struct stat stb; + FILE *pidfile; - f = fopen(SECRETS_FILE, "w"); - if (f) + if (stat(pid_file, &stb) == 0) + { + pidfile = fopen(pid_file, "r"); + if (pidfile) + { + char buf[64]; + pid_t pid = 0; + memset(buf, 0, sizeof(buf)); + if (fread(buf, 1, sizeof(buf), pidfile)) { - fprintf(f, "# /etc/ipsec.secrets - strongSwan IPsec secrets file\n"); - fprintf(f, "\n"); - fprintf(f, ": RSA myKey.der\n"); - fclose(f); + buf[sizeof(buf) - 1] = '\0'; + pid = atoi(buf); + } + fclose(pidfile); + if (pid && kill(pid, 0) == 0) + { /* such a process is running */ + return TRUE; } - ignore_result(chown(SECRETS_FILE, uid, gid)); - umask(oldmask); } + plog("removing pidfile '%s', process not running", pid_file); + unlink(pid_file); + } + return FALSE; } static void usage(char *name) @@ -233,7 +266,6 @@ int main (int argc, char **argv) struct stat stb; - char *err = NULL; int i; int id = 1; struct timeval tv; @@ -250,6 +282,9 @@ int main (int argc, char **argv) library_init(NULL); atexit(library_deinit); + libhydra_init("starter"); + atexit(libhydra_deinit); + /* parse command line */ for (i = 1; i < argc; i++) { @@ -323,17 +358,19 @@ int main (int argc, char **argv) exit(LSB_RC_NOT_ALLOWED); } - if (stat(PLUTO_PID_FILE, &stb) == 0) + if (check_pid(PLUTO_PID_FILE)) { - plog("pluto is already running (%s exists) -- skipping pluto start", PLUTO_PID_FILE); + plog("pluto is already running (%s exists) -- skipping pluto start", + PLUTO_PID_FILE); } else { _action_ |= FLAG_ACTION_START_PLUTO; } - if (stat(CHARON_PID_FILE, &stb) == 0) + if (check_pid(CHARON_PID_FILE)) { - plog("charon is already running (%s exists) -- skipping charon start", CHARON_PID_FILE); + plog("charon is already running (%s exists) -- skipping charon start", + CHARON_PID_FILE); } else { @@ -375,14 +412,17 @@ int main (int argc, char **argv) last_reload = time_monotonic(NULL); - if (stat(STARTER_PID_FILE, &stb) == 0) + if (check_pid(STARTER_PID_FILE)) { - plog("starter is already running (%s exists) -- no fork done", STARTER_PID_FILE); + plog("starter is already running (%s exists) -- no fork done", + STARTER_PID_FILE); confread_free(cfg); exit(LSB_RC_SUCCESS); } +#ifdef GENERATE_SELFCERT generate_selfcert(); +#endif /* fork if we're not debugging stuff */ if (!no_fork) @@ -393,8 +433,11 @@ int main (int argc, char **argv) { case 0: { - int fnull = open("/dev/null", O_RDWR); + int fnull; + closefrom(3); + + fnull = open("/dev/null", O_RDWR); if (fnull >= 0) { dup2(fnull, STDIN_FILENO); @@ -402,6 +445,7 @@ int main (int argc, char **argv) dup2(fnull, STDERR_FILENO); close(fnull); } + setsid(); } break; @@ -425,6 +469,13 @@ int main (int argc, char **argv) } } + /* load plugins */ + if (!lib->plugins->load(lib->plugins, NULL, + lib->settings->get_str(lib->settings, "starter.load", PLUGINS))) + { + exit(LSB_RC_FAILURE); + } + for (;;) { /* @@ -443,8 +494,8 @@ int main (int argc, char **argv) starter_netkey_cleanup(); confread_free(cfg); unlink(STARTER_PID_FILE); - unlink(INFO_FILE); plog("ipsec starter stopped"); + lib->plugins->unload(lib->plugins); close_log(); exit(LSB_RC_SUCCESS); } @@ -495,7 +546,6 @@ int main (int argc, char **argv) */ if (_action_ & FLAG_ACTION_UPDATE) { - err = NULL; DBG(DBG_CONTROL, DBG_log("Reloading config...") ); |