summaryrefslogtreecommitdiff
path: root/src/starter
diff options
context:
space:
mode:
authorRene Mayrhofer <rene@mayrhofer.eu.org>2009-10-21 11:18:20 +0000
committerRene Mayrhofer <rene@mayrhofer.eu.org>2009-10-21 11:18:20 +0000
commita9b7f8d4a4a4202facd9690580b38542e7933f00 (patch)
treed82a9d506c62cff257e5292845b68df3ca5c60dc /src/starter
parent12263dccbbb6747d53b97333c3d6f0f17e1bffea (diff)
downloadvyos-strongswan-a9b7f8d4a4a4202facd9690580b38542e7933f00.tar.gz
vyos-strongswan-a9b7f8d4a4a4202facd9690580b38542e7933f00.zip
- New upstream release.
- Don't disable internal crypto plugins, pluto expects to find them in some cases. - Enable integrity checking.
Diffstat (limited to 'src/starter')
-rw-r--r--src/starter/Makefile.am22
-rw-r--r--src/starter/Makefile.in31
-rw-r--r--src/starter/args.c68
-rw-r--r--src/starter/interfaces.c4
-rw-r--r--src/starter/invokecharon.c28
-rw-r--r--src/starter/invokecharon.h2
-rw-r--r--src/starter/invokepluto.c14
-rw-r--r--src/starter/invokepluto.h2
-rw-r--r--src/starter/keywords.h5
-rw-r--r--src/starter/loglite.c4
-rw-r--r--src/starter/starter.c39
11 files changed, 158 insertions, 61 deletions
diff --git a/src/starter/Makefile.am b/src/starter/Makefile.am
index 439a7785a..3355b3afb 100644
--- a/src/starter/Makefile.am
+++ b/src/starter/Makefile.am
@@ -20,7 +20,7 @@ AM_CFLAGS = \
-DIPSEC_EAPDIR=\"${eapdir}\" \
-DDEBUG
-starter_LDADD = defs.o $(top_builddir)/src/libfreeswan/libfreeswan.a $(top_builddir)/src/libstrongswan/libstrongswan.la
+starter_LDADD = defs.o $(top_builddir)/src/libfreeswan/libfreeswan.a $(top_builddir)/src/libstrongswan/libstrongswan.la $(SOCKLIB)
EXTRA_DIST = parser.l parser.y keywords.txt ipsec.conf
dist_man_MANS = ipsec.conf.5 starter.8
MAINTAINERCLEANFILES = lex.yy.c y.tab.c y.tab.h keywords.c
@@ -52,14 +52,14 @@ defs.o: $(PLUTODIR)/defs.c $(PLUTODIR)/defs.h
$(COMPILE) -c -o $@ $(PLUTODIR)/defs.c
install-exec-local :
- test -e "$(DESTDIR)${sysconfdir}/ipsec.d" || $(INSTALL) -o ${ipsecuser} -g ${ipsecgroup} -d "$(DESTDIR)$(sysconfdir)/ipsec.d" || true
- test -e "$(DESTDIR)${sysconfdir}/ipsec.d/cacerts" || $(INSTALL) -o ${ipsecuser} -g ${ipsecgroup} -d "$(DESTDIR)$(sysconfdir)/ipsec.d/cacerts" || true
- test -e "$(DESTDIR)${sysconfdir}/ipsec.d/ocspcerts" || $(INSTALL) -o ${ipsecuser} -g ${ipsecgroup} -d "$(DESTDIR)$(sysconfdir)/ipsec.d/ocspcerts" || true
- test -e "$(DESTDIR)${sysconfdir}/ipsec.d/certs" || $(INSTALL) -o ${ipsecuser} -g ${ipsecgroup} -d "$(DESTDIR)$(sysconfdir)/ipsec.d/certs" || true
- test -e "$(DESTDIR)${sysconfdir}/ipsec.d/acerts" || $(INSTALL) -o ${ipsecuser} -g ${ipsecgroup} -d "$(DESTDIR)$(sysconfdir)/ipsec.d/acerts" || true
- test -e "$(DESTDIR)${sysconfdir}/ipsec.d/aacerts" || $(INSTALL) -o ${ipsecuser} -g ${ipsecgroup} -d "$(DESTDIR)$(sysconfdir)/ipsec.d/aacerts" || true
- test -e "$(DESTDIR)${sysconfdir}/ipsec.d/crls" || $(INSTALL) -o ${ipsecuser} -g ${ipsecgroup} -d "$(DESTDIR)$(sysconfdir)/ipsec.d/crls" || true
- test -e "$(DESTDIR)${sysconfdir}/ipsec.d/reqs" || $(INSTALL) -o ${ipsecuser} -g ${ipsecgroup} -d "$(DESTDIR)$(sysconfdir)/ipsec.d/reqs" || true
- test -e "$(DESTDIR)${sysconfdir}/ipsec.d/private" || $(INSTALL) -o ${ipsecuser} -g ${ipsecgroup} -d -m 750 "$(DESTDIR)$(sysconfdir)/ipsec.d/private" || true
- test -e "$(DESTDIR)$(sysconfdir)/ipsec.conf" || $(INSTALL) -o ${ipsecuser} -g ${ipsecgroup} -m 644 ipsec.conf $(DESTDIR)$(sysconfdir)/ipsec.conf || true
+ test -e "$(DESTDIR)${sysconfdir}/ipsec.d" || $(INSTALL) -o ${ipsecuid} -g ${ipsecgid} -d "$(DESTDIR)$(sysconfdir)/ipsec.d" || true
+ test -e "$(DESTDIR)${sysconfdir}/ipsec.d/cacerts" || $(INSTALL) -o ${ipsecuid} -g ${ipsecgid} -d "$(DESTDIR)$(sysconfdir)/ipsec.d/cacerts" || true
+ test -e "$(DESTDIR)${sysconfdir}/ipsec.d/ocspcerts" || $(INSTALL) -o ${ipsecuid} -g ${ipsecgid} -d "$(DESTDIR)$(sysconfdir)/ipsec.d/ocspcerts" || true
+ test -e "$(DESTDIR)${sysconfdir}/ipsec.d/certs" || $(INSTALL) -o ${ipsecuid} -g ${ipsecgid} -d "$(DESTDIR)$(sysconfdir)/ipsec.d/certs" || true
+ test -e "$(DESTDIR)${sysconfdir}/ipsec.d/acerts" || $(INSTALL) -o ${ipsecuid} -g ${ipsecgid} -d "$(DESTDIR)$(sysconfdir)/ipsec.d/acerts" || true
+ test -e "$(DESTDIR)${sysconfdir}/ipsec.d/aacerts" || $(INSTALL) -o ${ipsecuid} -g ${ipsecgid} -d "$(DESTDIR)$(sysconfdir)/ipsec.d/aacerts" || true
+ test -e "$(DESTDIR)${sysconfdir}/ipsec.d/crls" || $(INSTALL) -o ${ipsecuid} -g ${ipsecgid} -d "$(DESTDIR)$(sysconfdir)/ipsec.d/crls" || true
+ test -e "$(DESTDIR)${sysconfdir}/ipsec.d/reqs" || $(INSTALL) -o ${ipsecuid} -g ${ipsecgid} -d "$(DESTDIR)$(sysconfdir)/ipsec.d/reqs" || true
+ test -e "$(DESTDIR)${sysconfdir}/ipsec.d/private" || $(INSTALL) -o ${ipsecuid} -g ${ipsecgid} -d -m 750 "$(DESTDIR)$(sysconfdir)/ipsec.d/private" || true
+ test -e "$(DESTDIR)$(sysconfdir)/ipsec.conf" || $(INSTALL) -o ${ipsecuid} -g ${ipsecgid} -m 644 $(srcdir)/ipsec.conf $(DESTDIR)$(sysconfdir)/ipsec.conf || true
diff --git a/src/starter/Makefile.in b/src/starter/Makefile.in
index 4e6bffdeb..a839c20b1 100644
--- a/src/starter/Makefile.in
+++ b/src/starter/Makefile.in
@@ -55,9 +55,11 @@ am_starter_OBJECTS = y.tab.$(OBJEXT) netkey.$(OBJEXT) \
starter.$(OBJEXT) exec.$(OBJEXT) invokecharon.$(OBJEXT) \
lex.yy.$(OBJEXT) loglite.$(OBJEXT) klips.$(OBJEXT)
starter_OBJECTS = $(am_starter_OBJECTS)
+am__DEPENDENCIES_1 =
starter_DEPENDENCIES = defs.o \
$(top_builddir)/src/libfreeswan/libfreeswan.a \
- $(top_builddir)/src/libstrongswan/libstrongswan.la
+ $(top_builddir)/src/libstrongswan/libstrongswan.la \
+ $(am__DEPENDENCIES_1)
DEFAULT_INCLUDES = -I.@am__isrc@
depcomp = $(SHELL) $(top_srcdir)/depcomp
am__depfiles_maybe = depfiles
@@ -80,12 +82,14 @@ ETAGS = etags
CTAGS = ctags
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
+ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AR = @AR@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
AWK = @AWK@
+BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
@@ -150,6 +154,7 @@ RUBYINCLUDE = @RUBYINCLUDE@
SED = @SED@
SET_MAKE = @SET_MAKE@
SHELL = @SHELL@
+SOCKLIB = @SOCKLIB@
STRIP = @STRIP@
VERSION = @VERSION@
YACC = @YACC@
@@ -190,7 +195,9 @@ includedir = @includedir@
infodir = @infodir@
install_sh = @install_sh@
ipsecdir = @ipsecdir@
+ipsecgid = @ipsecgid@
ipsecgroup = @ipsecgroup@
+ipsecuid = @ipsecuid@
ipsecuser = @ipsecuser@
libdir = @libdir@
libexecdir = @libexecdir@
@@ -241,7 +248,7 @@ INCLUDES = \
AM_CFLAGS = -DIPSEC_DIR=\"${ipsecdir}\" -DIPSEC_CONFDIR=\"${confdir}\" \
-DIPSEC_PIDDIR=\"${piddir}\" -DIPSEC_EAPDIR=\"${eapdir}\" \
-DDEBUG $(am__append_1) $(am__append_2)
-starter_LDADD = defs.o $(top_builddir)/src/libfreeswan/libfreeswan.a $(top_builddir)/src/libstrongswan/libstrongswan.la
+starter_LDADD = defs.o $(top_builddir)/src/libfreeswan/libfreeswan.a $(top_builddir)/src/libstrongswan/libstrongswan.la $(SOCKLIB)
EXTRA_DIST = parser.l parser.y keywords.txt ipsec.conf
dist_man_MANS = ipsec.conf.5 starter.8
MAINTAINERCLEANFILES = lex.yy.c y.tab.c y.tab.h keywords.c
@@ -653,16 +660,16 @@ defs.o: $(PLUTODIR)/defs.c $(PLUTODIR)/defs.h
$(COMPILE) -c -o $@ $(PLUTODIR)/defs.c
install-exec-local :
- test -e "$(DESTDIR)${sysconfdir}/ipsec.d" || $(INSTALL) -o ${ipsecuser} -g ${ipsecgroup} -d "$(DESTDIR)$(sysconfdir)/ipsec.d" || true
- test -e "$(DESTDIR)${sysconfdir}/ipsec.d/cacerts" || $(INSTALL) -o ${ipsecuser} -g ${ipsecgroup} -d "$(DESTDIR)$(sysconfdir)/ipsec.d/cacerts" || true
- test -e "$(DESTDIR)${sysconfdir}/ipsec.d/ocspcerts" || $(INSTALL) -o ${ipsecuser} -g ${ipsecgroup} -d "$(DESTDIR)$(sysconfdir)/ipsec.d/ocspcerts" || true
- test -e "$(DESTDIR)${sysconfdir}/ipsec.d/certs" || $(INSTALL) -o ${ipsecuser} -g ${ipsecgroup} -d "$(DESTDIR)$(sysconfdir)/ipsec.d/certs" || true
- test -e "$(DESTDIR)${sysconfdir}/ipsec.d/acerts" || $(INSTALL) -o ${ipsecuser} -g ${ipsecgroup} -d "$(DESTDIR)$(sysconfdir)/ipsec.d/acerts" || true
- test -e "$(DESTDIR)${sysconfdir}/ipsec.d/aacerts" || $(INSTALL) -o ${ipsecuser} -g ${ipsecgroup} -d "$(DESTDIR)$(sysconfdir)/ipsec.d/aacerts" || true
- test -e "$(DESTDIR)${sysconfdir}/ipsec.d/crls" || $(INSTALL) -o ${ipsecuser} -g ${ipsecgroup} -d "$(DESTDIR)$(sysconfdir)/ipsec.d/crls" || true
- test -e "$(DESTDIR)${sysconfdir}/ipsec.d/reqs" || $(INSTALL) -o ${ipsecuser} -g ${ipsecgroup} -d "$(DESTDIR)$(sysconfdir)/ipsec.d/reqs" || true
- test -e "$(DESTDIR)${sysconfdir}/ipsec.d/private" || $(INSTALL) -o ${ipsecuser} -g ${ipsecgroup} -d -m 750 "$(DESTDIR)$(sysconfdir)/ipsec.d/private" || true
- test -e "$(DESTDIR)$(sysconfdir)/ipsec.conf" || $(INSTALL) -o ${ipsecuser} -g ${ipsecgroup} -m 644 ipsec.conf $(DESTDIR)$(sysconfdir)/ipsec.conf || true
+ test -e "$(DESTDIR)${sysconfdir}/ipsec.d" || $(INSTALL) -o ${ipsecuid} -g ${ipsecgid} -d "$(DESTDIR)$(sysconfdir)/ipsec.d" || true
+ test -e "$(DESTDIR)${sysconfdir}/ipsec.d/cacerts" || $(INSTALL) -o ${ipsecuid} -g ${ipsecgid} -d "$(DESTDIR)$(sysconfdir)/ipsec.d/cacerts" || true
+ test -e "$(DESTDIR)${sysconfdir}/ipsec.d/ocspcerts" || $(INSTALL) -o ${ipsecuid} -g ${ipsecgid} -d "$(DESTDIR)$(sysconfdir)/ipsec.d/ocspcerts" || true
+ test -e "$(DESTDIR)${sysconfdir}/ipsec.d/certs" || $(INSTALL) -o ${ipsecuid} -g ${ipsecgid} -d "$(DESTDIR)$(sysconfdir)/ipsec.d/certs" || true
+ test -e "$(DESTDIR)${sysconfdir}/ipsec.d/acerts" || $(INSTALL) -o ${ipsecuid} -g ${ipsecgid} -d "$(DESTDIR)$(sysconfdir)/ipsec.d/acerts" || true
+ test -e "$(DESTDIR)${sysconfdir}/ipsec.d/aacerts" || $(INSTALL) -o ${ipsecuid} -g ${ipsecgid} -d "$(DESTDIR)$(sysconfdir)/ipsec.d/aacerts" || true
+ test -e "$(DESTDIR)${sysconfdir}/ipsec.d/crls" || $(INSTALL) -o ${ipsecuid} -g ${ipsecgid} -d "$(DESTDIR)$(sysconfdir)/ipsec.d/crls" || true
+ test -e "$(DESTDIR)${sysconfdir}/ipsec.d/reqs" || $(INSTALL) -o ${ipsecuid} -g ${ipsecgid} -d "$(DESTDIR)$(sysconfdir)/ipsec.d/reqs" || true
+ test -e "$(DESTDIR)${sysconfdir}/ipsec.d/private" || $(INSTALL) -o ${ipsecuid} -g ${ipsecgid} -d -m 750 "$(DESTDIR)$(sysconfdir)/ipsec.d/private" || true
+ test -e "$(DESTDIR)$(sysconfdir)/ipsec.conf" || $(INSTALL) -o ${ipsecuid} -g ${ipsecgid} -m 644 $(srcdir)/ipsec.conf $(DESTDIR)$(sysconfdir)/ipsec.conf || true
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
.NOEXPORT:
diff --git a/src/starter/args.c b/src/starter/args.c
index f9d1824d8..990d7588b 100644
--- a/src/starter/args.c
+++ b/src/starter/args.c
@@ -261,8 +261,7 @@ static const token_info_t token_info[] =
{ ARG_STR, offsetof(starter_end_t, iface), NULL }
};
-static void
-free_list(char **list)
+static void free_list(char **list)
{
char **s;
@@ -273,22 +272,25 @@ free_list(char **list)
free(list);
}
-char **
-new_list(char *value)
+char** new_list(char *value)
{
char *val, *b, *e, *end, **ret;
int count;
val = value ? clone_str(value) : NULL;
if (!val)
+ {
return NULL;
+ }
end = val + strlen(val);
for (b = val, count = 0; b < end;)
{
for (e = b; ((*e != ' ') && (*e != '\0')); e++);
*e = '\0';
if (e != b)
+ {
count++;
+ }
b = e + 1;
}
if (count == 0)
@@ -302,7 +304,9 @@ new_list(char *value)
{
for (e = b; (*e != '\0'); e++);
if (e != b)
+ {
ret[count++] = clone_str(b);
+ }
b = e + 1;
}
ret[count] = NULL;
@@ -314,9 +318,8 @@ new_list(char *value)
/*
* assigns an argument value to a struct field
*/
-bool
-assign_arg(kw_token_t token, kw_token_t first, kw_list_t *kw, char *base
- , bool *assigned)
+bool assign_arg(kw_token_t token, kw_token_t first, kw_list_t *kw, char *base,
+ bool *assigned)
{
char *p = base + token_info[token].offset;
const char **list = token_info[token].list;
@@ -435,8 +438,9 @@ assign_arg(kw_token_t token, kw_token_t first, kw_list_t *kw, char *base
/* time in seconds? */
if (*endptr == '\0' || (*endptr == 's' && endptr[1] == '\0'))
+ {
break;
-
+ }
if (endptr[1] == '\0')
{
if (*endptr == 'm') /* time in minutes? */
@@ -475,8 +479,9 @@ assign_arg(kw_token_t token, kw_token_t first, kw_list_t *kw, char *base
/* free any existing list */
if (*listp != NULL)
+ {
free_list(*listp);
-
+ }
/* create a new list and assign values */
*listp = new_list(kw->value);
@@ -514,8 +519,7 @@ assign_arg(kw_token_t token, kw_token_t first, kw_list_t *kw, char *base
/*
* frees all dynamically allocated arguments in a struct
*/
-void
-free_args(kw_token_t first, kw_token_t last, char *base)
+void free_args(kw_token_t first, kw_token_t last, char *base)
{
kw_token_t token;
@@ -553,8 +557,7 @@ free_args(kw_token_t first, kw_token_t last, char *base)
/*
* clone all dynamically allocated arguments in a struct
*/
-void
-clone_args(kw_token_t first, kw_token_t last, char *base1, char *base2)
+void clone_args(kw_token_t first, kw_token_t last, char *base1, char *base2)
{
kw_token_t token;
@@ -570,22 +573,29 @@ clone_args(kw_token_t first, kw_token_t last, char *base1, char *base2)
}
}
-static bool
-cmp_list(char **list1, char **list2)
+static bool cmp_list(char **list1, char **list2)
{
if ((list1 == NULL) && (list2 == NULL))
+ {
return TRUE;
+ }
if ((list1 == NULL) || (list2 == NULL))
+ {
return FALSE;
+ }
for ( ; *list1 && *list2; list1++, list2++)
{
if (strcmp(*list1,*list2) != 0)
+ {
return FALSE;
+ }
}
if ((*list1 != NULL) || (*list2 != NULL))
+ {
return FALSE;
+ }
return TRUE;
}
@@ -593,8 +603,7 @@ cmp_list(char **list1, char **list2)
/*
* compare all arguments in a struct
*/
-bool
-cmp_args(kw_token_t first, kw_token_t last, char *base1, char *base2)
+bool cmp_args(kw_token_t first, kw_token_t last, char *base1, char *base2)
{
kw_token_t token;
@@ -606,12 +615,25 @@ cmp_args(kw_token_t first, kw_token_t last, char *base1, char *base2)
switch (token_info[token].type)
{
case ARG_ENUM:
+ if (token_info[token].list == LST_bool)
+ {
+ bool *b1 = (bool *)p1;
+ bool *b2 = (bool *)p2;
+
+ if (*b1 != *b2)
+ {
+ return FALSE;
+ }
+ }
+ else
{
int *i1 = (int *)p1;
int *i2 = (int *)p2;
if (*i1 != *i2)
+ {
return FALSE;
+ }
}
break;
case ARG_UINT:
@@ -620,7 +642,9 @@ cmp_args(kw_token_t first, kw_token_t last, char *base1, char *base2)
u_int *u2 = (u_int *)p2;
if (*u1 != *u2)
+ {
return FALSE;
+ }
}
break;
case ARG_ULNG:
@@ -630,7 +654,9 @@ cmp_args(kw_token_t first, kw_token_t last, char *base1, char *base2)
unsigned long *l2 = (unsigned long *)p2;
if (*l1 != *l2)
+ {
return FALSE;
+ }
}
break;
case ARG_TIME:
@@ -639,7 +665,9 @@ cmp_args(kw_token_t first, kw_token_t last, char *base1, char *base2)
time_t *t2 = (time_t *)p2;
if (*t1 != *t2)
+ {
return FALSE;
+ }
}
break;
case ARG_STR:
@@ -648,9 +676,13 @@ cmp_args(kw_token_t first, kw_token_t last, char *base1, char *base2)
char **cp2 = (char **)p2;
if (*cp1 == NULL && *cp2 == NULL)
+ {
break;
+ }
if (*cp1 == NULL || *cp2 == NULL || strcmp(*cp1, *cp2) != 0)
+ {
return FALSE;
+ }
}
break;
case ARG_LST:
@@ -659,7 +691,9 @@ cmp_args(kw_token_t first, kw_token_t last, char *base1, char *base2)
char ***listp2 = (char ***)p2;
if (!cmp_list(*listp1, *listp2))
+ {
return FALSE;
+ }
}
break;
default:
diff --git a/src/starter/interfaces.c b/src/starter/interfaces.c
index 034eac317..3fff65be7 100644
--- a/src/starter/interfaces.c
+++ b/src/starter/interfaces.c
@@ -14,6 +14,10 @@
#include <sys/socket.h>
#include <sys/ioctl.h>
+#ifdef HAVE_SYS_SOCKIO_H
+#include <sys/sockio.h>
+#endif
+
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
diff --git a/src/starter/invokecharon.c b/src/starter/invokecharon.c
index 804467cea..1eb2a0332 100644
--- a/src/starter/invokecharon.c
+++ b/src/starter/invokecharon.c
@@ -36,18 +36,28 @@
static int _charon_pid = 0;
static int _stop_requested;
-pid_t
-starter_charon_pid(void)
+pid_t starter_charon_pid(void)
{
return _charon_pid;
}
-void
-starter_charon_sigchild(pid_t pid)
+void starter_charon_sigchild(pid_t pid, int status)
{
- if (pid == _charon_pid)
+ if (pid == _charon_pid)
{
- _charon_pid = 0;
+ _charon_pid = 0;
+ if (status == SS_RC_LIBSTRONGSWAN_INTEGRITY ||
+ status == SS_RC_DAEMON_INTEGRITY)
+ {
+ plog("charon has quit: integrity test of %s failed",
+ (status == 64) ? "libstrongswan" : "charon");
+ _stop_requested = 1;
+ }
+ else if (status == SS_RC_INITIALIZATION_FAILED)
+ {
+ plog("charon has quit: initialization failed");
+ _stop_requested = 1;
+ }
if (!_stop_requested)
{
plog("charon has died -- restart scheduled (%dsec)"
@@ -58,8 +68,7 @@ starter_charon_sigchild(pid_t pid)
}
}
-int
-starter_stop_charon (void)
+int starter_stop_charon (void)
{
int i;
pid_t pid = _charon_pid;
@@ -106,8 +115,7 @@ starter_stop_charon (void)
}
-int
-starter_start_charon (starter_config_t *cfg, bool no_fork, bool attach_gdb)
+int starter_start_charon (starter_config_t *cfg, bool no_fork, bool attach_gdb)
{
struct stat stb;
int pid, i;
diff --git a/src/starter/invokecharon.h b/src/starter/invokecharon.h
index f0f470a8d..aaf913c9b 100644
--- a/src/starter/invokecharon.h
+++ b/src/starter/invokecharon.h
@@ -20,7 +20,7 @@
#define CHARON_RESTART_DELAY 5
-extern void starter_charon_sigchild (pid_t pid);
+extern void starter_charon_sigchild (pid_t pid, int status);
extern pid_t starter_charon_pid (void);
extern int starter_stop_charon (void);
extern int starter_start_charon(struct starter_config *cfg, bool no_fork, bool attach_gdb);
diff --git a/src/starter/invokepluto.c b/src/starter/invokepluto.c
index 28bd93c5d..08fb0657a 100644
--- a/src/starter/invokepluto.c
+++ b/src/starter/invokepluto.c
@@ -42,11 +42,23 @@ starter_pluto_pid(void)
}
void
-starter_pluto_sigchild(pid_t pid)
+starter_pluto_sigchild(pid_t pid, int status)
{
if (pid == _pluto_pid)
{
_pluto_pid = 0;
+ if (status == SS_RC_LIBSTRONGSWAN_INTEGRITY ||
+ status == SS_RC_DAEMON_INTEGRITY)
+ {
+ plog("pluto has quit: integrity test of %s failed",
+ (status == 64) ? "libstrongswan" : "pluto");
+ _stop_requested = 1;
+ }
+ else if (status == SS_RC_INITIALIZATION_FAILED)
+ {
+ plog("pluto has quit: initialization failed");
+ _stop_requested = 1;
+ }
if (!_stop_requested)
{
plog("pluto has died -- restart scheduled (%dsec)"
diff --git a/src/starter/invokepluto.h b/src/starter/invokepluto.h
index b0c89b1f1..c87f50c2a 100644
--- a/src/starter/invokepluto.h
+++ b/src/starter/invokepluto.h
@@ -17,7 +17,7 @@
#define PLUTO_RESTART_DELAY 5
-extern void starter_pluto_sigchild (pid_t pid);
+extern void starter_pluto_sigchild (pid_t pid, int status);
extern pid_t starter_pluto_pid (void);
extern int starter_stop_pluto (void);
extern int starter_start_pluto (struct starter_config *cfg, bool no_fork, bool attach_gdb);
diff --git a/src/starter/keywords.h b/src/starter/keywords.h
index ae9a6d15f..3a115d15d 100644
--- a/src/starter/keywords.h
+++ b/src/starter/keywords.h
@@ -122,11 +122,16 @@ typedef enum {
KW_HOSTACCESS,
KW_ALLOWANY,
KW_UPDOWN,
+ KW_AUTH1,
+ KW_AUTH2,
KW_ID,
+ KW_ID2,
KW_RSASIGKEY,
KW_CERT,
+ KW_CERT2,
KW_SENDCERT,
KW_CA,
+ KW_CA2,
KW_GROUPS,
KW_IFACE,
diff --git a/src/starter/loglite.c b/src/starter/loglite.c
index 415cf931c..c88b33bfd 100644
--- a/src/starter/loglite.c
+++ b/src/starter/loglite.c
@@ -33,6 +33,10 @@
#include <log.h>
#include <whack.h>
+#ifndef LOG_AUTHPRIV
+#define LOG_AUTHPRIV LOG_AUTH
+#endif
+
bool
log_to_stderr = FALSE, /* should log go to stderr? */
log_to_syslog = TRUE; /* should log go to syslog? */
diff --git a/src/starter/starter.c b/src/starter/starter.c
index 2d2f452b5..b675ccf1c 100644
--- a/src/starter/starter.c
+++ b/src/starter/starter.c
@@ -66,46 +66,66 @@
static unsigned int _action_ = 0;
-static void
-fsig(int signal)
+static void fsig(int signal)
{
switch (signal)
{
case SIGCHLD:
{
- int status;
+ int status, exit_status = 0;
pid_t pid;
char *name = NULL;
while ((pid = waitpid(-1, &status, WNOHANG)) > 0)
{
if (pid == starter_pluto_pid())
+ {
name = " (Pluto)";
+ }
if (pid == starter_charon_pid())
+ {
name = " (Charon)";
+ }
if (WIFSIGNALED(status))
+ {
DBG(DBG_CONTROL,
DBG_log("child %d%s has been killed by sig %d\n",
pid, name?name:"", WTERMSIG(status))
)
+ }
else if (WIFSTOPPED(status))
+ {
DBG(DBG_CONTROL,
DBG_log("child %d%s has been stopped by sig %d\n",
pid, name?name:"", WSTOPSIG(status))
)
+ }
else if (WIFEXITED(status))
+ {
+ exit_status = WEXITSTATUS(status);
+ if (exit_status >= SS_RC_FIRST && exit_status <= SS_RC_LAST)
+ {
+ _action_ = FLAG_ACTION_QUIT;
+ }
DBG(DBG_CONTROL,
DBG_log("child %d%s has quit (exit code %d)\n",
- pid, name?name:"", WEXITSTATUS(status))
+ pid, name?name:"", exit_status)
)
+ }
else
+ {
DBG(DBG_CONTROL,
DBG_log("child %d%s has quit", pid, name?name:"")
)
+ }
if (pid == starter_pluto_pid())
- starter_pluto_sigchild(pid);
+ {
+ starter_pluto_sigchild(pid, exit_status);
+ }
if (pid == starter_charon_pid())
- starter_charon_sigchild(pid);
+ {
+ starter_charon_sigchild(pid, exit_status);
+ }
}
}
break;
@@ -196,8 +216,7 @@ static void generate_selfcert()
}
}
-static void
-usage(char *name)
+static void usage(char *name)
{
fprintf(stderr, "Usage: starter [--nofork] [--auto-update <sec>] "
"[--debug|--debug-more|--debug-all]\n");
@@ -392,9 +411,13 @@ int main (int argc, char **argv)
if (_action_ & FLAG_ACTION_QUIT)
{
if (starter_pluto_pid())
+ {
starter_stop_pluto();
+ }
if (starter_charon_pid())
+ {
starter_stop_charon();
+ }
starter_netkey_cleanup();
confread_free(cfg);
unlink(STARTER_PID_FILE);