summaryrefslogtreecommitdiff
path: root/src/starter/starter.c
diff options
context:
space:
mode:
authorYves-Alexis Perez <corsac@corsac.net>2012-06-28 21:16:07 +0200
committerYves-Alexis Perez <corsac@corsac.net>2012-06-28 21:16:07 +0200
commitb34738ed08c2227300d554b139e2495ca5da97d6 (patch)
tree62f33b52820f2e49f0e53c0f8c636312037c8054 /src/starter/starter.c
parent0a9d51a49042a68daa15b0c74a2b7f152f52606b (diff)
downloadvyos-strongswan-b34738ed08c2227300d554b139e2495ca5da97d6.tar.gz
vyos-strongswan-b34738ed08c2227300d554b139e2495ca5da97d6.zip
Imported Upstream version 4.6.4
Diffstat (limited to 'src/starter/starter.c')
-rw-r--r--src/starter/starter.c142
1 files changed, 96 insertions, 46 deletions
diff --git a/src/starter/starter.c b/src/starter/starter.c
index fcef2f7ff..44e21431c 100644
--- a/src/starter/starter.c
+++ b/src/starter/starter.c
@@ -29,6 +29,7 @@
#include <freeswan.h>
#include <library.h>
+#include <hydra.h>
#include "../pluto/constants.h"
#include "../pluto/defs.h"
@@ -161,60 +162,92 @@ static void fsig(int signal)
}
}
+#ifdef GENERATE_SELFCERT
static void generate_selfcert()
{
struct stat stb;
- /* if ipsec.secrets file is missing then generate RSA default key pair */
- if (stat(SECRETS_FILE, &stb) != 0)
- {
- mode_t oldmask;
- FILE *f;
- uid_t uid = 0;
- gid_t gid = 0;
+ /* if ipsec.secrets file is missing then generate RSA default key pair */
+ if (stat(SECRETS_FILE, &stb) != 0)
+ {
+ mode_t oldmask;
+ FILE *f;
+ uid_t uid = 0;
+ gid_t gid = 0;
#ifdef IPSEC_GROUP
- {
- char buf[1024];
- struct group group, *grp;
+ {
+ char buf[1024];
+ struct group group, *grp;
- if (getgrnam_r(IPSEC_GROUP, &group, buf, sizeof(buf), &grp) == 0 && grp)
- {
- gid = grp->gr_gid;
- }
+ if (getgrnam_r(IPSEC_GROUP, &group, buf, sizeof(buf), &grp) == 0 && grp)
+ {
+ gid = grp->gr_gid;
}
+ }
#endif
#ifdef IPSEC_USER
- {
- char buf[1024];
- struct passwd passwd, *pwp;
+ {
+ char buf[1024];
+ struct passwd passwd, *pwp;
- if (getpwnam_r(IPSEC_USER, &passwd, buf, sizeof(buf), &pwp) == 0 && pwp)
- {
- uid = pwp->pw_uid;
- }
+ if (getpwnam_r(IPSEC_USER, &passwd, buf, sizeof(buf), &pwp) == 0 && pwp)
+ {
+ uid = pwp->pw_uid;
}
+ }
#endif
- setegid(gid);
- seteuid(uid);
- ignore_result(system("ipsec scepclient --out pkcs1 --out cert-self --quiet"));
- seteuid(0);
- setegid(0);
+ setegid(gid);
+ seteuid(uid);
+ ignore_result(system("ipsec scepclient --out pkcs1 --out cert-self --quiet"));
+ seteuid(0);
+ setegid(0);
+
+ /* ipsec.secrets is root readable only */
+ oldmask = umask(0066);
+
+ f = fopen(SECRETS_FILE, "w");
+ if (f)
+ {
+ fprintf(f, "# /etc/ipsec.secrets - strongSwan IPsec secrets file\n");
+ fprintf(f, "\n");
+ fprintf(f, ": RSA myKey.der\n");
+ fclose(f);
+ }
+ ignore_result(chown(SECRETS_FILE, uid, gid));
+ umask(oldmask);
+ }
+}
+#endif /* GENERATE_SELFCERT */
- /* ipsec.secrets is root readable only */
- oldmask = umask(0066);
+static bool check_pid(char *pid_file)
+{
+ struct stat stb;
+ FILE *pidfile;
- f = fopen(SECRETS_FILE, "w");
- if (f)
+ if (stat(pid_file, &stb) == 0)
+ {
+ pidfile = fopen(pid_file, "r");
+ if (pidfile)
+ {
+ char buf[64];
+ pid_t pid = 0;
+ memset(buf, 0, sizeof(buf));
+ if (fread(buf, 1, sizeof(buf), pidfile))
{
- fprintf(f, "# /etc/ipsec.secrets - strongSwan IPsec secrets file\n");
- fprintf(f, "\n");
- fprintf(f, ": RSA myKey.der\n");
- fclose(f);
+ buf[sizeof(buf) - 1] = '\0';
+ pid = atoi(buf);
+ }
+ fclose(pidfile);
+ if (pid && kill(pid, 0) == 0)
+ { /* such a process is running */
+ return TRUE;
}
- ignore_result(chown(SECRETS_FILE, uid, gid));
- umask(oldmask);
}
+ plog("removing pidfile '%s', process not running", pid_file);
+ unlink(pid_file);
+ }
+ return FALSE;
}
static void usage(char *name)
@@ -233,7 +266,6 @@ int main (int argc, char **argv)
struct stat stb;
- char *err = NULL;
int i;
int id = 1;
struct timeval tv;
@@ -250,6 +282,9 @@ int main (int argc, char **argv)
library_init(NULL);
atexit(library_deinit);
+ libhydra_init("starter");
+ atexit(libhydra_deinit);
+
/* parse command line */
for (i = 1; i < argc; i++)
{
@@ -323,17 +358,19 @@ int main (int argc, char **argv)
exit(LSB_RC_NOT_ALLOWED);
}
- if (stat(PLUTO_PID_FILE, &stb) == 0)
+ if (check_pid(PLUTO_PID_FILE))
{
- plog("pluto is already running (%s exists) -- skipping pluto start", PLUTO_PID_FILE);
+ plog("pluto is already running (%s exists) -- skipping pluto start",
+ PLUTO_PID_FILE);
}
else
{
_action_ |= FLAG_ACTION_START_PLUTO;
}
- if (stat(CHARON_PID_FILE, &stb) == 0)
+ if (check_pid(CHARON_PID_FILE))
{
- plog("charon is already running (%s exists) -- skipping charon start", CHARON_PID_FILE);
+ plog("charon is already running (%s exists) -- skipping charon start",
+ CHARON_PID_FILE);
}
else
{
@@ -375,14 +412,17 @@ int main (int argc, char **argv)
last_reload = time_monotonic(NULL);
- if (stat(STARTER_PID_FILE, &stb) == 0)
+ if (check_pid(STARTER_PID_FILE))
{
- plog("starter is already running (%s exists) -- no fork done", STARTER_PID_FILE);
+ plog("starter is already running (%s exists) -- no fork done",
+ STARTER_PID_FILE);
confread_free(cfg);
exit(LSB_RC_SUCCESS);
}
+#ifdef GENERATE_SELFCERT
generate_selfcert();
+#endif
/* fork if we're not debugging stuff */
if (!no_fork)
@@ -393,8 +433,11 @@ int main (int argc, char **argv)
{
case 0:
{
- int fnull = open("/dev/null", O_RDWR);
+ int fnull;
+ closefrom(3);
+
+ fnull = open("/dev/null", O_RDWR);
if (fnull >= 0)
{
dup2(fnull, STDIN_FILENO);
@@ -402,6 +445,7 @@ int main (int argc, char **argv)
dup2(fnull, STDERR_FILENO);
close(fnull);
}
+
setsid();
}
break;
@@ -425,6 +469,13 @@ int main (int argc, char **argv)
}
}
+ /* load plugins */
+ if (!lib->plugins->load(lib->plugins, NULL,
+ lib->settings->get_str(lib->settings, "starter.load", PLUGINS)))
+ {
+ exit(LSB_RC_FAILURE);
+ }
+
for (;;)
{
/*
@@ -443,8 +494,8 @@ int main (int argc, char **argv)
starter_netkey_cleanup();
confread_free(cfg);
unlink(STARTER_PID_FILE);
- unlink(INFO_FILE);
plog("ipsec starter stopped");
+ lib->plugins->unload(lib->plugins);
close_log();
exit(LSB_RC_SUCCESS);
}
@@ -495,7 +546,6 @@ int main (int argc, char **argv)
*/
if (_action_ & FLAG_ACTION_UPDATE)
{
- err = NULL;
DBG(DBG_CONTROL,
DBG_log("Reloading config...")
);