diff options
author | Rene Mayrhofer <rene@mayrhofer.eu.org> | 2009-10-21 11:18:20 +0000 |
---|---|---|
committer | Rene Mayrhofer <rene@mayrhofer.eu.org> | 2009-10-21 11:18:20 +0000 |
commit | a9b7f8d4a4a4202facd9690580b38542e7933f00 (patch) | |
tree | d82a9d506c62cff257e5292845b68df3ca5c60dc /src/starter | |
parent | 12263dccbbb6747d53b97333c3d6f0f17e1bffea (diff) | |
download | vyos-strongswan-a9b7f8d4a4a4202facd9690580b38542e7933f00.tar.gz vyos-strongswan-a9b7f8d4a4a4202facd9690580b38542e7933f00.zip |
- New upstream release.
- Don't disable internal crypto plugins, pluto expects to find them in
some cases.
- Enable integrity checking.
Diffstat (limited to 'src/starter')
-rw-r--r-- | src/starter/Makefile.am | 22 | ||||
-rw-r--r-- | src/starter/Makefile.in | 31 | ||||
-rw-r--r-- | src/starter/args.c | 68 | ||||
-rw-r--r-- | src/starter/interfaces.c | 4 | ||||
-rw-r--r-- | src/starter/invokecharon.c | 28 | ||||
-rw-r--r-- | src/starter/invokecharon.h | 2 | ||||
-rw-r--r-- | src/starter/invokepluto.c | 14 | ||||
-rw-r--r-- | src/starter/invokepluto.h | 2 | ||||
-rw-r--r-- | src/starter/keywords.h | 5 | ||||
-rw-r--r-- | src/starter/loglite.c | 4 | ||||
-rw-r--r-- | src/starter/starter.c | 39 |
11 files changed, 158 insertions, 61 deletions
diff --git a/src/starter/Makefile.am b/src/starter/Makefile.am index 439a7785a..3355b3afb 100644 --- a/src/starter/Makefile.am +++ b/src/starter/Makefile.am @@ -20,7 +20,7 @@ AM_CFLAGS = \ -DIPSEC_EAPDIR=\"${eapdir}\" \ -DDEBUG -starter_LDADD = defs.o $(top_builddir)/src/libfreeswan/libfreeswan.a $(top_builddir)/src/libstrongswan/libstrongswan.la +starter_LDADD = defs.o $(top_builddir)/src/libfreeswan/libfreeswan.a $(top_builddir)/src/libstrongswan/libstrongswan.la $(SOCKLIB) EXTRA_DIST = parser.l parser.y keywords.txt ipsec.conf dist_man_MANS = ipsec.conf.5 starter.8 MAINTAINERCLEANFILES = lex.yy.c y.tab.c y.tab.h keywords.c @@ -52,14 +52,14 @@ defs.o: $(PLUTODIR)/defs.c $(PLUTODIR)/defs.h $(COMPILE) -c -o $@ $(PLUTODIR)/defs.c install-exec-local : - test -e "$(DESTDIR)${sysconfdir}/ipsec.d" || $(INSTALL) -o ${ipsecuser} -g ${ipsecgroup} -d "$(DESTDIR)$(sysconfdir)/ipsec.d" || true - test -e "$(DESTDIR)${sysconfdir}/ipsec.d/cacerts" || $(INSTALL) -o ${ipsecuser} -g ${ipsecgroup} -d "$(DESTDIR)$(sysconfdir)/ipsec.d/cacerts" || true - test -e "$(DESTDIR)${sysconfdir}/ipsec.d/ocspcerts" || $(INSTALL) -o ${ipsecuser} -g ${ipsecgroup} -d "$(DESTDIR)$(sysconfdir)/ipsec.d/ocspcerts" || true - test -e "$(DESTDIR)${sysconfdir}/ipsec.d/certs" || $(INSTALL) -o ${ipsecuser} -g ${ipsecgroup} -d "$(DESTDIR)$(sysconfdir)/ipsec.d/certs" || true - test -e "$(DESTDIR)${sysconfdir}/ipsec.d/acerts" || $(INSTALL) -o ${ipsecuser} -g ${ipsecgroup} -d "$(DESTDIR)$(sysconfdir)/ipsec.d/acerts" || true - test -e "$(DESTDIR)${sysconfdir}/ipsec.d/aacerts" || $(INSTALL) -o ${ipsecuser} -g ${ipsecgroup} -d "$(DESTDIR)$(sysconfdir)/ipsec.d/aacerts" || true - test -e "$(DESTDIR)${sysconfdir}/ipsec.d/crls" || $(INSTALL) -o ${ipsecuser} -g ${ipsecgroup} -d "$(DESTDIR)$(sysconfdir)/ipsec.d/crls" || true - test -e "$(DESTDIR)${sysconfdir}/ipsec.d/reqs" || $(INSTALL) -o ${ipsecuser} -g ${ipsecgroup} -d "$(DESTDIR)$(sysconfdir)/ipsec.d/reqs" || true - test -e "$(DESTDIR)${sysconfdir}/ipsec.d/private" || $(INSTALL) -o ${ipsecuser} -g ${ipsecgroup} -d -m 750 "$(DESTDIR)$(sysconfdir)/ipsec.d/private" || true - test -e "$(DESTDIR)$(sysconfdir)/ipsec.conf" || $(INSTALL) -o ${ipsecuser} -g ${ipsecgroup} -m 644 ipsec.conf $(DESTDIR)$(sysconfdir)/ipsec.conf || true + test -e "$(DESTDIR)${sysconfdir}/ipsec.d" || $(INSTALL) -o ${ipsecuid} -g ${ipsecgid} -d "$(DESTDIR)$(sysconfdir)/ipsec.d" || true + test -e "$(DESTDIR)${sysconfdir}/ipsec.d/cacerts" || $(INSTALL) -o ${ipsecuid} -g ${ipsecgid} -d "$(DESTDIR)$(sysconfdir)/ipsec.d/cacerts" || true + test -e "$(DESTDIR)${sysconfdir}/ipsec.d/ocspcerts" || $(INSTALL) -o ${ipsecuid} -g ${ipsecgid} -d "$(DESTDIR)$(sysconfdir)/ipsec.d/ocspcerts" || true + test -e "$(DESTDIR)${sysconfdir}/ipsec.d/certs" || $(INSTALL) -o ${ipsecuid} -g ${ipsecgid} -d "$(DESTDIR)$(sysconfdir)/ipsec.d/certs" || true + test -e "$(DESTDIR)${sysconfdir}/ipsec.d/acerts" || $(INSTALL) -o ${ipsecuid} -g ${ipsecgid} -d "$(DESTDIR)$(sysconfdir)/ipsec.d/acerts" || true + test -e "$(DESTDIR)${sysconfdir}/ipsec.d/aacerts" || $(INSTALL) -o ${ipsecuid} -g ${ipsecgid} -d "$(DESTDIR)$(sysconfdir)/ipsec.d/aacerts" || true + test -e "$(DESTDIR)${sysconfdir}/ipsec.d/crls" || $(INSTALL) -o ${ipsecuid} -g ${ipsecgid} -d "$(DESTDIR)$(sysconfdir)/ipsec.d/crls" || true + test -e "$(DESTDIR)${sysconfdir}/ipsec.d/reqs" || $(INSTALL) -o ${ipsecuid} -g ${ipsecgid} -d "$(DESTDIR)$(sysconfdir)/ipsec.d/reqs" || true + test -e "$(DESTDIR)${sysconfdir}/ipsec.d/private" || $(INSTALL) -o ${ipsecuid} -g ${ipsecgid} -d -m 750 "$(DESTDIR)$(sysconfdir)/ipsec.d/private" || true + test -e "$(DESTDIR)$(sysconfdir)/ipsec.conf" || $(INSTALL) -o ${ipsecuid} -g ${ipsecgid} -m 644 $(srcdir)/ipsec.conf $(DESTDIR)$(sysconfdir)/ipsec.conf || true diff --git a/src/starter/Makefile.in b/src/starter/Makefile.in index 4e6bffdeb..a839c20b1 100644 --- a/src/starter/Makefile.in +++ b/src/starter/Makefile.in @@ -55,9 +55,11 @@ am_starter_OBJECTS = y.tab.$(OBJEXT) netkey.$(OBJEXT) \ starter.$(OBJEXT) exec.$(OBJEXT) invokecharon.$(OBJEXT) \ lex.yy.$(OBJEXT) loglite.$(OBJEXT) klips.$(OBJEXT) starter_OBJECTS = $(am_starter_OBJECTS) +am__DEPENDENCIES_1 = starter_DEPENDENCIES = defs.o \ $(top_builddir)/src/libfreeswan/libfreeswan.a \ - $(top_builddir)/src/libstrongswan/libstrongswan.la + $(top_builddir)/src/libstrongswan/libstrongswan.la \ + $(am__DEPENDENCIES_1) DEFAULT_INCLUDES = -I.@am__isrc@ depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles @@ -80,12 +82,14 @@ ETAGS = etags CTAGS = ctags DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ +ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AR = @AR@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ +BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ @@ -150,6 +154,7 @@ RUBYINCLUDE = @RUBYINCLUDE@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ +SOCKLIB = @SOCKLIB@ STRIP = @STRIP@ VERSION = @VERSION@ YACC = @YACC@ @@ -190,7 +195,9 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ ipsecuser = @ipsecuser@ libdir = @libdir@ libexecdir = @libexecdir@ @@ -241,7 +248,7 @@ INCLUDES = \ AM_CFLAGS = -DIPSEC_DIR=\"${ipsecdir}\" -DIPSEC_CONFDIR=\"${confdir}\" \ -DIPSEC_PIDDIR=\"${piddir}\" -DIPSEC_EAPDIR=\"${eapdir}\" \ -DDEBUG $(am__append_1) $(am__append_2) -starter_LDADD = defs.o $(top_builddir)/src/libfreeswan/libfreeswan.a $(top_builddir)/src/libstrongswan/libstrongswan.la +starter_LDADD = defs.o $(top_builddir)/src/libfreeswan/libfreeswan.a $(top_builddir)/src/libstrongswan/libstrongswan.la $(SOCKLIB) EXTRA_DIST = parser.l parser.y keywords.txt ipsec.conf dist_man_MANS = ipsec.conf.5 starter.8 MAINTAINERCLEANFILES = lex.yy.c y.tab.c y.tab.h keywords.c @@ -653,16 +660,16 @@ defs.o: $(PLUTODIR)/defs.c $(PLUTODIR)/defs.h $(COMPILE) -c -o $@ $(PLUTODIR)/defs.c install-exec-local : - test -e "$(DESTDIR)${sysconfdir}/ipsec.d" || $(INSTALL) -o ${ipsecuser} -g ${ipsecgroup} -d "$(DESTDIR)$(sysconfdir)/ipsec.d" || true - test -e "$(DESTDIR)${sysconfdir}/ipsec.d/cacerts" || $(INSTALL) -o ${ipsecuser} -g ${ipsecgroup} -d "$(DESTDIR)$(sysconfdir)/ipsec.d/cacerts" || true - test -e "$(DESTDIR)${sysconfdir}/ipsec.d/ocspcerts" || $(INSTALL) -o ${ipsecuser} -g ${ipsecgroup} -d "$(DESTDIR)$(sysconfdir)/ipsec.d/ocspcerts" || true - test -e "$(DESTDIR)${sysconfdir}/ipsec.d/certs" || $(INSTALL) -o ${ipsecuser} -g ${ipsecgroup} -d "$(DESTDIR)$(sysconfdir)/ipsec.d/certs" || true - test -e "$(DESTDIR)${sysconfdir}/ipsec.d/acerts" || $(INSTALL) -o ${ipsecuser} -g ${ipsecgroup} -d "$(DESTDIR)$(sysconfdir)/ipsec.d/acerts" || true - test -e "$(DESTDIR)${sysconfdir}/ipsec.d/aacerts" || $(INSTALL) -o ${ipsecuser} -g ${ipsecgroup} -d "$(DESTDIR)$(sysconfdir)/ipsec.d/aacerts" || true - test -e "$(DESTDIR)${sysconfdir}/ipsec.d/crls" || $(INSTALL) -o ${ipsecuser} -g ${ipsecgroup} -d "$(DESTDIR)$(sysconfdir)/ipsec.d/crls" || true - test -e "$(DESTDIR)${sysconfdir}/ipsec.d/reqs" || $(INSTALL) -o ${ipsecuser} -g ${ipsecgroup} -d "$(DESTDIR)$(sysconfdir)/ipsec.d/reqs" || true - test -e "$(DESTDIR)${sysconfdir}/ipsec.d/private" || $(INSTALL) -o ${ipsecuser} -g ${ipsecgroup} -d -m 750 "$(DESTDIR)$(sysconfdir)/ipsec.d/private" || true - test -e "$(DESTDIR)$(sysconfdir)/ipsec.conf" || $(INSTALL) -o ${ipsecuser} -g ${ipsecgroup} -m 644 ipsec.conf $(DESTDIR)$(sysconfdir)/ipsec.conf || true + test -e "$(DESTDIR)${sysconfdir}/ipsec.d" || $(INSTALL) -o ${ipsecuid} -g ${ipsecgid} -d "$(DESTDIR)$(sysconfdir)/ipsec.d" || true + test -e "$(DESTDIR)${sysconfdir}/ipsec.d/cacerts" || $(INSTALL) -o ${ipsecuid} -g ${ipsecgid} -d "$(DESTDIR)$(sysconfdir)/ipsec.d/cacerts" || true + test -e "$(DESTDIR)${sysconfdir}/ipsec.d/ocspcerts" || $(INSTALL) -o ${ipsecuid} -g ${ipsecgid} -d "$(DESTDIR)$(sysconfdir)/ipsec.d/ocspcerts" || true + test -e "$(DESTDIR)${sysconfdir}/ipsec.d/certs" || $(INSTALL) -o ${ipsecuid} -g ${ipsecgid} -d "$(DESTDIR)$(sysconfdir)/ipsec.d/certs" || true + test -e "$(DESTDIR)${sysconfdir}/ipsec.d/acerts" || $(INSTALL) -o ${ipsecuid} -g ${ipsecgid} -d "$(DESTDIR)$(sysconfdir)/ipsec.d/acerts" || true + test -e "$(DESTDIR)${sysconfdir}/ipsec.d/aacerts" || $(INSTALL) -o ${ipsecuid} -g ${ipsecgid} -d "$(DESTDIR)$(sysconfdir)/ipsec.d/aacerts" || true + test -e "$(DESTDIR)${sysconfdir}/ipsec.d/crls" || $(INSTALL) -o ${ipsecuid} -g ${ipsecgid} -d "$(DESTDIR)$(sysconfdir)/ipsec.d/crls" || true + test -e "$(DESTDIR)${sysconfdir}/ipsec.d/reqs" || $(INSTALL) -o ${ipsecuid} -g ${ipsecgid} -d "$(DESTDIR)$(sysconfdir)/ipsec.d/reqs" || true + test -e "$(DESTDIR)${sysconfdir}/ipsec.d/private" || $(INSTALL) -o ${ipsecuid} -g ${ipsecgid} -d -m 750 "$(DESTDIR)$(sysconfdir)/ipsec.d/private" || true + test -e "$(DESTDIR)$(sysconfdir)/ipsec.conf" || $(INSTALL) -o ${ipsecuid} -g ${ipsecgid} -m 644 $(srcdir)/ipsec.conf $(DESTDIR)$(sysconfdir)/ipsec.conf || true # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff --git a/src/starter/args.c b/src/starter/args.c index f9d1824d8..990d7588b 100644 --- a/src/starter/args.c +++ b/src/starter/args.c @@ -261,8 +261,7 @@ static const token_info_t token_info[] = { ARG_STR, offsetof(starter_end_t, iface), NULL } }; -static void -free_list(char **list) +static void free_list(char **list) { char **s; @@ -273,22 +272,25 @@ free_list(char **list) free(list); } -char ** -new_list(char *value) +char** new_list(char *value) { char *val, *b, *e, *end, **ret; int count; val = value ? clone_str(value) : NULL; if (!val) + { return NULL; + } end = val + strlen(val); for (b = val, count = 0; b < end;) { for (e = b; ((*e != ' ') && (*e != '\0')); e++); *e = '\0'; if (e != b) + { count++; + } b = e + 1; } if (count == 0) @@ -302,7 +304,9 @@ new_list(char *value) { for (e = b; (*e != '\0'); e++); if (e != b) + { ret[count++] = clone_str(b); + } b = e + 1; } ret[count] = NULL; @@ -314,9 +318,8 @@ new_list(char *value) /* * assigns an argument value to a struct field */ -bool -assign_arg(kw_token_t token, kw_token_t first, kw_list_t *kw, char *base - , bool *assigned) +bool assign_arg(kw_token_t token, kw_token_t first, kw_list_t *kw, char *base, + bool *assigned) { char *p = base + token_info[token].offset; const char **list = token_info[token].list; @@ -435,8 +438,9 @@ assign_arg(kw_token_t token, kw_token_t first, kw_list_t *kw, char *base /* time in seconds? */ if (*endptr == '\0' || (*endptr == 's' && endptr[1] == '\0')) + { break; - + } if (endptr[1] == '\0') { if (*endptr == 'm') /* time in minutes? */ @@ -475,8 +479,9 @@ assign_arg(kw_token_t token, kw_token_t first, kw_list_t *kw, char *base /* free any existing list */ if (*listp != NULL) + { free_list(*listp); - + } /* create a new list and assign values */ *listp = new_list(kw->value); @@ -514,8 +519,7 @@ assign_arg(kw_token_t token, kw_token_t first, kw_list_t *kw, char *base /* * frees all dynamically allocated arguments in a struct */ -void -free_args(kw_token_t first, kw_token_t last, char *base) +void free_args(kw_token_t first, kw_token_t last, char *base) { kw_token_t token; @@ -553,8 +557,7 @@ free_args(kw_token_t first, kw_token_t last, char *base) /* * clone all dynamically allocated arguments in a struct */ -void -clone_args(kw_token_t first, kw_token_t last, char *base1, char *base2) +void clone_args(kw_token_t first, kw_token_t last, char *base1, char *base2) { kw_token_t token; @@ -570,22 +573,29 @@ clone_args(kw_token_t first, kw_token_t last, char *base1, char *base2) } } -static bool -cmp_list(char **list1, char **list2) +static bool cmp_list(char **list1, char **list2) { if ((list1 == NULL) && (list2 == NULL)) + { return TRUE; + } if ((list1 == NULL) || (list2 == NULL)) + { return FALSE; + } for ( ; *list1 && *list2; list1++, list2++) { if (strcmp(*list1,*list2) != 0) + { return FALSE; + } } if ((*list1 != NULL) || (*list2 != NULL)) + { return FALSE; + } return TRUE; } @@ -593,8 +603,7 @@ cmp_list(char **list1, char **list2) /* * compare all arguments in a struct */ -bool -cmp_args(kw_token_t first, kw_token_t last, char *base1, char *base2) +bool cmp_args(kw_token_t first, kw_token_t last, char *base1, char *base2) { kw_token_t token; @@ -606,12 +615,25 @@ cmp_args(kw_token_t first, kw_token_t last, char *base1, char *base2) switch (token_info[token].type) { case ARG_ENUM: + if (token_info[token].list == LST_bool) + { + bool *b1 = (bool *)p1; + bool *b2 = (bool *)p2; + + if (*b1 != *b2) + { + return FALSE; + } + } + else { int *i1 = (int *)p1; int *i2 = (int *)p2; if (*i1 != *i2) + { return FALSE; + } } break; case ARG_UINT: @@ -620,7 +642,9 @@ cmp_args(kw_token_t first, kw_token_t last, char *base1, char *base2) u_int *u2 = (u_int *)p2; if (*u1 != *u2) + { return FALSE; + } } break; case ARG_ULNG: @@ -630,7 +654,9 @@ cmp_args(kw_token_t first, kw_token_t last, char *base1, char *base2) unsigned long *l2 = (unsigned long *)p2; if (*l1 != *l2) + { return FALSE; + } } break; case ARG_TIME: @@ -639,7 +665,9 @@ cmp_args(kw_token_t first, kw_token_t last, char *base1, char *base2) time_t *t2 = (time_t *)p2; if (*t1 != *t2) + { return FALSE; + } } break; case ARG_STR: @@ -648,9 +676,13 @@ cmp_args(kw_token_t first, kw_token_t last, char *base1, char *base2) char **cp2 = (char **)p2; if (*cp1 == NULL && *cp2 == NULL) + { break; + } if (*cp1 == NULL || *cp2 == NULL || strcmp(*cp1, *cp2) != 0) + { return FALSE; + } } break; case ARG_LST: @@ -659,7 +691,9 @@ cmp_args(kw_token_t first, kw_token_t last, char *base1, char *base2) char ***listp2 = (char ***)p2; if (!cmp_list(*listp1, *listp2)) + { return FALSE; + } } break; default: diff --git a/src/starter/interfaces.c b/src/starter/interfaces.c index 034eac317..3fff65be7 100644 --- a/src/starter/interfaces.c +++ b/src/starter/interfaces.c @@ -14,6 +14,10 @@ #include <sys/socket.h> #include <sys/ioctl.h> +#ifdef HAVE_SYS_SOCKIO_H +#include <sys/sockio.h> +#endif + #include <stdlib.h> #include <string.h> #include <unistd.h> diff --git a/src/starter/invokecharon.c b/src/starter/invokecharon.c index 804467cea..1eb2a0332 100644 --- a/src/starter/invokecharon.c +++ b/src/starter/invokecharon.c @@ -36,18 +36,28 @@ static int _charon_pid = 0; static int _stop_requested; -pid_t -starter_charon_pid(void) +pid_t starter_charon_pid(void) { return _charon_pid; } -void -starter_charon_sigchild(pid_t pid) +void starter_charon_sigchild(pid_t pid, int status) { - if (pid == _charon_pid) + if (pid == _charon_pid) { - _charon_pid = 0; + _charon_pid = 0; + if (status == SS_RC_LIBSTRONGSWAN_INTEGRITY || + status == SS_RC_DAEMON_INTEGRITY) + { + plog("charon has quit: integrity test of %s failed", + (status == 64) ? "libstrongswan" : "charon"); + _stop_requested = 1; + } + else if (status == SS_RC_INITIALIZATION_FAILED) + { + plog("charon has quit: initialization failed"); + _stop_requested = 1; + } if (!_stop_requested) { plog("charon has died -- restart scheduled (%dsec)" @@ -58,8 +68,7 @@ starter_charon_sigchild(pid_t pid) } } -int -starter_stop_charon (void) +int starter_stop_charon (void) { int i; pid_t pid = _charon_pid; @@ -106,8 +115,7 @@ starter_stop_charon (void) } -int -starter_start_charon (starter_config_t *cfg, bool no_fork, bool attach_gdb) +int starter_start_charon (starter_config_t *cfg, bool no_fork, bool attach_gdb) { struct stat stb; int pid, i; diff --git a/src/starter/invokecharon.h b/src/starter/invokecharon.h index f0f470a8d..aaf913c9b 100644 --- a/src/starter/invokecharon.h +++ b/src/starter/invokecharon.h @@ -20,7 +20,7 @@ #define CHARON_RESTART_DELAY 5 -extern void starter_charon_sigchild (pid_t pid); +extern void starter_charon_sigchild (pid_t pid, int status); extern pid_t starter_charon_pid (void); extern int starter_stop_charon (void); extern int starter_start_charon(struct starter_config *cfg, bool no_fork, bool attach_gdb); diff --git a/src/starter/invokepluto.c b/src/starter/invokepluto.c index 28bd93c5d..08fb0657a 100644 --- a/src/starter/invokepluto.c +++ b/src/starter/invokepluto.c @@ -42,11 +42,23 @@ starter_pluto_pid(void) } void -starter_pluto_sigchild(pid_t pid) +starter_pluto_sigchild(pid_t pid, int status) { if (pid == _pluto_pid) { _pluto_pid = 0; + if (status == SS_RC_LIBSTRONGSWAN_INTEGRITY || + status == SS_RC_DAEMON_INTEGRITY) + { + plog("pluto has quit: integrity test of %s failed", + (status == 64) ? "libstrongswan" : "pluto"); + _stop_requested = 1; + } + else if (status == SS_RC_INITIALIZATION_FAILED) + { + plog("pluto has quit: initialization failed"); + _stop_requested = 1; + } if (!_stop_requested) { plog("pluto has died -- restart scheduled (%dsec)" diff --git a/src/starter/invokepluto.h b/src/starter/invokepluto.h index b0c89b1f1..c87f50c2a 100644 --- a/src/starter/invokepluto.h +++ b/src/starter/invokepluto.h @@ -17,7 +17,7 @@ #define PLUTO_RESTART_DELAY 5 -extern void starter_pluto_sigchild (pid_t pid); +extern void starter_pluto_sigchild (pid_t pid, int status); extern pid_t starter_pluto_pid (void); extern int starter_stop_pluto (void); extern int starter_start_pluto (struct starter_config *cfg, bool no_fork, bool attach_gdb); diff --git a/src/starter/keywords.h b/src/starter/keywords.h index ae9a6d15f..3a115d15d 100644 --- a/src/starter/keywords.h +++ b/src/starter/keywords.h @@ -122,11 +122,16 @@ typedef enum { KW_HOSTACCESS, KW_ALLOWANY, KW_UPDOWN, + KW_AUTH1, + KW_AUTH2, KW_ID, + KW_ID2, KW_RSASIGKEY, KW_CERT, + KW_CERT2, KW_SENDCERT, KW_CA, + KW_CA2, KW_GROUPS, KW_IFACE, diff --git a/src/starter/loglite.c b/src/starter/loglite.c index 415cf931c..c88b33bfd 100644 --- a/src/starter/loglite.c +++ b/src/starter/loglite.c @@ -33,6 +33,10 @@ #include <log.h> #include <whack.h> +#ifndef LOG_AUTHPRIV +#define LOG_AUTHPRIV LOG_AUTH +#endif + bool log_to_stderr = FALSE, /* should log go to stderr? */ log_to_syslog = TRUE; /* should log go to syslog? */ diff --git a/src/starter/starter.c b/src/starter/starter.c index 2d2f452b5..b675ccf1c 100644 --- a/src/starter/starter.c +++ b/src/starter/starter.c @@ -66,46 +66,66 @@ static unsigned int _action_ = 0; -static void -fsig(int signal) +static void fsig(int signal) { switch (signal) { case SIGCHLD: { - int status; + int status, exit_status = 0; pid_t pid; char *name = NULL; while ((pid = waitpid(-1, &status, WNOHANG)) > 0) { if (pid == starter_pluto_pid()) + { name = " (Pluto)"; + } if (pid == starter_charon_pid()) + { name = " (Charon)"; + } if (WIFSIGNALED(status)) + { DBG(DBG_CONTROL, DBG_log("child %d%s has been killed by sig %d\n", pid, name?name:"", WTERMSIG(status)) ) + } else if (WIFSTOPPED(status)) + { DBG(DBG_CONTROL, DBG_log("child %d%s has been stopped by sig %d\n", pid, name?name:"", WSTOPSIG(status)) ) + } else if (WIFEXITED(status)) + { + exit_status = WEXITSTATUS(status); + if (exit_status >= SS_RC_FIRST && exit_status <= SS_RC_LAST) + { + _action_ = FLAG_ACTION_QUIT; + } DBG(DBG_CONTROL, DBG_log("child %d%s has quit (exit code %d)\n", - pid, name?name:"", WEXITSTATUS(status)) + pid, name?name:"", exit_status) ) + } else + { DBG(DBG_CONTROL, DBG_log("child %d%s has quit", pid, name?name:"") ) + } if (pid == starter_pluto_pid()) - starter_pluto_sigchild(pid); + { + starter_pluto_sigchild(pid, exit_status); + } if (pid == starter_charon_pid()) - starter_charon_sigchild(pid); + { + starter_charon_sigchild(pid, exit_status); + } } } break; @@ -196,8 +216,7 @@ static void generate_selfcert() } } -static void -usage(char *name) +static void usage(char *name) { fprintf(stderr, "Usage: starter [--nofork] [--auto-update <sec>] " "[--debug|--debug-more|--debug-all]\n"); @@ -392,9 +411,13 @@ int main (int argc, char **argv) if (_action_ & FLAG_ACTION_QUIT) { if (starter_pluto_pid()) + { starter_stop_pluto(); + } if (starter_charon_pid()) + { starter_stop_charon(); + } starter_netkey_cleanup(); confread_free(cfg); unlink(STARTER_PID_FILE); |