diff options
| author | Rene Mayrhofer <rene@mayrhofer.eu.org> | 2009-06-23 11:25:24 +0000 |
|---|---|---|
| committer | Rene Mayrhofer <rene@mayrhofer.eu.org> | 2009-06-23 11:25:24 +0000 |
| commit | 41787e147279ff0695e9d759487266a60b80867b (patch) | |
| tree | 8f28566c8fd7106c80d2536d2df540dbb4499cc5 /src/starter | |
| parent | c3e7f611ea8273c6b3909cb006ade4903a74aad0 (diff) | |
| download | vyos-strongswan-41787e147279ff0695e9d759487266a60b80867b.tar.gz vyos-strongswan-41787e147279ff0695e9d759487266a60b80867b.zip | |
[svn-upgrade] Integrating new upstream version, strongswan (4.3.2)
Diffstat (limited to 'src/starter')
37 files changed, 3402 insertions, 3330 deletions
diff --git a/src/starter/Makefile.am b/src/starter/Makefile.am index 8a9ba54c9..439a7785a 100644 --- a/src/starter/Makefile.am +++ b/src/starter/Makefile.am @@ -5,9 +5,22 @@ starterstroke.h interfaces.c invokepluto.h confread.h interfaces.h args.c \ keywords.c files.h keywords.h cmp.c starter.c cmp.h exec.c invokecharon.c \ exec.h invokecharon.h lex.yy.c loglite.c klips.c klips.h -INCLUDES = -I${linuxdir} -I$(top_srcdir)/src/libfreeswan -I$(top_srcdir)/src/pluto -I$(top_srcdir)/src/whack -I$(top_srcdir)/src/stroke -AM_CFLAGS = -DIPSEC_DIR=\"${ipsecdir}\" -DIPSEC_CONFDIR=\"${confdir}\" -DIPSEC_PIDDIR=\"${piddir}\" -DIPSEC_EAPDIR=\"${eapdir}\" -DDEBUG -starter_LDADD = defs.o $(top_builddir)/src/libfreeswan/libfreeswan.a +INCLUDES = \ +-I${linuxdir} \ +-I$(top_srcdir)/src/libstrongswan \ +-I$(top_srcdir)/src/libfreeswan \ +-I$(top_srcdir)/src/pluto \ +-I$(top_srcdir)/src/whack \ +-I$(top_srcdir)/src/stroke + +AM_CFLAGS = \ +-DIPSEC_DIR=\"${ipsecdir}\" \ +-DIPSEC_CONFDIR=\"${confdir}\" \ +-DIPSEC_PIDDIR=\"${piddir}\" \ +-DIPSEC_EAPDIR=\"${eapdir}\" \ +-DDEBUG + +starter_LDADD = defs.o $(top_builddir)/src/libfreeswan/libfreeswan.a $(top_builddir)/src/libstrongswan/libstrongswan.la EXTRA_DIST = parser.l parser.y keywords.txt ipsec.conf dist_man_MANS = ipsec.conf.5 starter.8 MAINTAINERCLEANFILES = lex.yy.c y.tab.c y.tab.h keywords.c @@ -23,20 +36,20 @@ if USE_CHARON AM_CFLAGS += -DSTART_CHARON endif -lex.yy.c: parser.l parser.y parser.h y.tab.c - $(LEX) --nounput $< +lex.yy.c: $(srcdir)/parser.l $(srcdir)/parser.y $(srcdir)/parser.h + $(LEX) $(srcdir)/parser.l -y.tab.c: parser.y parser.l parser.h - $(YACC) -v -d $< +y.tab.c: $(srcdir)/parser.y $(srcdir)/parser.l $(srcdir)/parser.h + $(YACC) -v -d $(srcdir)/parser.y -y.tab.h: parser.y parser.l parser.h - $(YACC) -v -d $< +y.tab.h: $(srcdir)/parser.y $(srcdir)/parser.l $(srcdir)/parser.h + $(YACC) -v -d $(srcdir)/parser.y -keywords.c: keywords.txt keywords.h - $(GPERF) -C -G -t < $< > $@ +keywords.c: $(srcdir)/keywords.txt $(srcdir)/keywords.h + $(GPERF) -m 10 -C -G -D -t < $(srcdir)/keywords.txt > $@ defs.o: $(PLUTODIR)/defs.c $(PLUTODIR)/defs.h - $(COMPILE) -c -o $@ $< + $(COMPILE) -c -o $@ $(PLUTODIR)/defs.c install-exec-local : test -e "$(DESTDIR)${sysconfdir}/ipsec.d" || $(INSTALL) -o ${ipsecuser} -g ${ipsecgroup} -d "$(DESTDIR)$(sysconfdir)/ipsec.d" || true diff --git a/src/starter/Makefile.in b/src/starter/Makefile.in index 54fd28604..4e6bffdeb 100644 --- a/src/starter/Makefile.in +++ b/src/starter/Makefile.in @@ -1,4 +1,4 @@ -# Makefile.in generated by automake 1.10.1 from Makefile.am. +# Makefile.in generated by automake 1.10.2 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, @@ -56,7 +56,8 @@ am_starter_OBJECTS = y.tab.$(OBJEXT) netkey.$(OBJEXT) \ lex.yy.$(OBJEXT) loglite.$(OBJEXT) klips.$(OBJEXT) starter_OBJECTS = $(am_starter_OBJECTS) starter_DEPENDENCIES = defs.o \ - $(top_builddir)/src/libfreeswan/libfreeswan.a + $(top_builddir)/src/libfreeswan/libfreeswan.a \ + $(top_builddir)/src/libstrongswan/libstrongswan.la DEFAULT_INCLUDES = -I.@am__isrc@ depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles @@ -93,6 +94,7 @@ CPPFLAGS = @CPPFLAGS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ +DLLIB = @DLLIB@ DSYMUTIL = @DSYMUTIL@ DUMPBIN = @DUMPBIN@ ECHO_C = @ECHO_C@ @@ -115,6 +117,9 @@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ +LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@ +LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@ +LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ @@ -126,6 +131,7 @@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ NM = @NM@ NMEDIT = @NMEDIT@ +OBJDUMP = @OBJDUMP@ OBJEXT = @OBJEXT@ OTOOL = @OTOOL@ OTOOL64 = @OTOOL64@ @@ -139,6 +145,8 @@ PATH_SEPARATOR = @PATH_SEPARATOR@ PERL = @PERL@ PKG_CONFIG = @PKG_CONFIG@ RANLIB = @RANLIB@ +RUBY = @RUBY@ +RUBYINCLUDE = @RUBYINCLUDE@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -199,6 +207,7 @@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ piddir = @piddir@ plugindir = @plugindir@ +pluto_plugins = @pluto_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ @@ -210,6 +219,7 @@ srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ xml_CFLAGS = @xml_CFLAGS@ @@ -220,11 +230,18 @@ starterstroke.h interfaces.c invokepluto.h confread.h interfaces.h args.c \ keywords.c files.h keywords.h cmp.c starter.c cmp.h exec.c invokecharon.c \ exec.h invokecharon.h lex.yy.c loglite.c klips.c klips.h -INCLUDES = -I${linuxdir} -I$(top_srcdir)/src/libfreeswan -I$(top_srcdir)/src/pluto -I$(top_srcdir)/src/whack -I$(top_srcdir)/src/stroke +INCLUDES = \ +-I${linuxdir} \ +-I$(top_srcdir)/src/libstrongswan \ +-I$(top_srcdir)/src/libfreeswan \ +-I$(top_srcdir)/src/pluto \ +-I$(top_srcdir)/src/whack \ +-I$(top_srcdir)/src/stroke + AM_CFLAGS = -DIPSEC_DIR=\"${ipsecdir}\" -DIPSEC_CONFDIR=\"${confdir}\" \ -DIPSEC_PIDDIR=\"${piddir}\" -DIPSEC_EAPDIR=\"${eapdir}\" \ -DDEBUG $(am__append_1) $(am__append_2) -starter_LDADD = defs.o $(top_builddir)/src/libfreeswan/libfreeswan.a +starter_LDADD = defs.o $(top_builddir)/src/libfreeswan/libfreeswan.a $(top_builddir)/src/libstrongswan/libstrongswan.la EXTRA_DIST = parser.l parser.y keywords.txt ipsec.conf dist_man_MANS = ipsec.conf.5 starter.8 MAINTAINERCLEANFILES = lex.yy.c y.tab.c y.tab.h keywords.c @@ -238,8 +255,8 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \ - && exit 0; \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ exit 1;; \ esac; \ done; \ @@ -355,8 +372,8 @@ install-man5: $(man5_MANS) $(man_MANS) esac; \ done; \ for i in $$list; do \ - if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \ - else file=$$i; fi; \ + if test -f $$i; then file=$$i; \ + else file=$(srcdir)/$$i; fi; \ ext=`echo $$i | sed -e 's/^.*\\.//'`; \ case "$$ext" in \ 5*) ;; \ @@ -400,8 +417,8 @@ install-man8: $(man8_MANS) $(man_MANS) esac; \ done; \ for i in $$list; do \ - if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \ - else file=$$i; fi; \ + if test -f $$i; then file=$$i; \ + else file=$(srcdir)/$$i; fi; \ ext=`echo $$i | sed -e 's/^.*\\.//'`; \ case "$$ext" in \ 8*) ;; \ @@ -440,7 +457,7 @@ ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ - $(AWK) '{ files[$$0] = 1; nonemtpy = 1; } \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ mkid -fID $$unique tags: TAGS @@ -620,20 +637,20 @@ uninstall-man: uninstall-man5 uninstall-man8 uninstall-man8 -lex.yy.c: parser.l parser.y parser.h y.tab.c - $(LEX) --nounput $< +lex.yy.c: $(srcdir)/parser.l $(srcdir)/parser.y $(srcdir)/parser.h + $(LEX) $(srcdir)/parser.l -y.tab.c: parser.y parser.l parser.h - $(YACC) -v -d $< +y.tab.c: $(srcdir)/parser.y $(srcdir)/parser.l $(srcdir)/parser.h + $(YACC) -v -d $(srcdir)/parser.y -y.tab.h: parser.y parser.l parser.h - $(YACC) -v -d $< +y.tab.h: $(srcdir)/parser.y $(srcdir)/parser.l $(srcdir)/parser.h + $(YACC) -v -d $(srcdir)/parser.y -keywords.c: keywords.txt keywords.h - $(GPERF) -C -G -t < $< > $@ +keywords.c: $(srcdir)/keywords.txt $(srcdir)/keywords.h + $(GPERF) -m 10 -C -G -D -t < $(srcdir)/keywords.txt > $@ defs.o: $(PLUTODIR)/defs.c $(PLUTODIR)/defs.h - $(COMPILE) -c -o $@ $< + $(COMPILE) -c -o $@ $(PLUTODIR)/defs.c install-exec-local : test -e "$(DESTDIR)${sysconfdir}/ipsec.d" || $(INSTALL) -o ${ipsecuser} -g ${ipsecgroup} -d "$(DESTDIR)$(sysconfdir)/ipsec.d" || true diff --git a/src/starter/args.c b/src/starter/args.c index c09bea986..f9d1824d8 100644 --- a/src/starter/args.c +++ b/src/starter/args.c @@ -11,8 +11,6 @@ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. - * - * RCSID $Id: args.c 4612 2008-11-11 06:37:37Z andreas $ */ #include <stddef.h> @@ -33,276 +31,283 @@ /* argument types */ typedef enum { - ARG_NONE, - ARG_ENUM, - ARG_UINT, - ARG_TIME, - ARG_ULNG, - ARG_PCNT, - ARG_STR, - ARG_LST, - ARG_MISC + ARG_NONE, + ARG_ENUM, + ARG_UINT, + ARG_TIME, + ARG_ULNG, + ARG_PCNT, + ARG_STR, + ARG_LST, + ARG_MISC } arg_t; /* various keyword lists */ static const char *LST_bool[] = { - "no", - "yes", - NULL + "no", + "yes", + NULL }; static const char *LST_sendcert[] = { - "always", - "ifasked", - "never", - "yes", - "no", - NULL + "always", + "ifasked", + "never", + "yes", + "no", + NULL }; static const char *LST_unique[] = { - "no", - "yes", - "replace", - "keep", - NULL + "no", + "yes", + "replace", + "keep", + NULL }; static const char *LST_strict[] = { - "no", - "yes", - "ifuri", - NULL + "no", + "yes", + "ifuri", + NULL }; static const char *LST_dpd_action[] = { - "none", - "clear", - "hold", - "restart", - NULL + "none", + "clear", + "hold", + "restart", + NULL }; static const char *LST_startup[] = { - "ignore", - "add", - "route", - "start", - NULL + "ignore", + "add", + "route", + "start", + NULL }; static const char *LST_packetdefault[] = { - "drop", - "reject", - "pass", - NULL + "drop", + "reject", + "pass", + NULL }; static const char *LST_keyexchange[] = { - "ike", - "ikev1", - "ikev2", - NULL + "ike", + "ikev1", + "ikev2", + NULL }; static const char *LST_pfsgroup[] = { - "modp1024", - "modp1536", - "modp2048", - "modp3072", - "modp4096", - "modp6144", - "modp8192", - NULL + "modp1024", + "modp1536", + "modp2048", + "modp3072", + "modp4096", + "modp6144", + "modp8192", + NULL }; static const char *LST_plutodebug[] = { - "none", - "all", - "raw", - "crypt", - "parsing", - "emitting", - "control", - "lifecycle", - "klips", - "dns", - "natt", - "oppo", - "controlmore", - "private", - NULL + "none", + "all", + "raw", + "crypt", + "parsing", + "emitting", + "control", + "lifecycle", + "klips", + "dns", + "natt", + "oppo", + "controlmore", + "private", + NULL }; static const char *LST_klipsdebug[] = { - "tunnel", - "tunnel-xmit", - "pfkey", - "xform", - "eroute", - "spi", - "radij", - "esp", - "ah", - "ipcomp", - "verbose", - "all", - "none", - NULL + "tunnel", + "tunnel-xmit", + "pfkey", + "xform", + "eroute", + "spi", + "radij", + "esp", + "ah", + "ipcomp", + "verbose", + "all", + "none", + NULL }; typedef struct { - arg_t type; - size_t offset; - const char **list; + arg_t type; + size_t offset; + const char **list; } token_info_t; static const token_info_t token_info[] = { - /* config setup keywords */ - { ARG_LST, offsetof(starter_config_t, setup.interfaces), NULL }, - { ARG_STR, offsetof(starter_config_t, setup.dumpdir), NULL }, - { ARG_ENUM, offsetof(starter_config_t, setup.charonstart), LST_bool }, - { ARG_ENUM, offsetof(starter_config_t, setup.plutostart), LST_bool }, - - /* pluto/charon keywords */ - { ARG_LST, offsetof(starter_config_t, setup.plutodebug), LST_plutodebug }, - { ARG_STR, offsetof(starter_config_t, setup.charondebug), NULL }, - { ARG_STR, offsetof(starter_config_t, setup.prepluto), NULL }, - { ARG_STR, offsetof(starter_config_t, setup.postpluto), NULL }, - { ARG_STR, offsetof(starter_config_t, setup.plutostderrlog), NULL }, - { ARG_ENUM, offsetof(starter_config_t, setup.uniqueids), LST_unique }, - { ARG_UINT, offsetof(starter_config_t, setup.overridemtu), NULL }, - { ARG_TIME, offsetof(starter_config_t, setup.crlcheckinterval), NULL }, - { ARG_ENUM, offsetof(starter_config_t, setup.cachecrls), LST_bool }, - { ARG_ENUM, offsetof(starter_config_t, setup.strictcrlpolicy), LST_strict }, - { ARG_ENUM, offsetof(starter_config_t, setup.nocrsend), LST_bool }, - { ARG_ENUM, offsetof(starter_config_t, setup.nat_traversal), LST_bool }, - { ARG_TIME, offsetof(starter_config_t, setup.keep_alive), NULL }, - { ARG_ENUM, offsetof(starter_config_t, setup.force_keepalive), LST_bool }, - { ARG_STR, offsetof(starter_config_t, setup.virtual_private), NULL }, - { ARG_STR, offsetof(starter_config_t, setup.pkcs11module), NULL }, - { ARG_STR, offsetof(starter_config_t, setup.pkcs11initargs), NULL }, - { ARG_ENUM, offsetof(starter_config_t, setup.pkcs11keepstate), LST_bool }, - { ARG_ENUM, offsetof(starter_config_t, setup.pkcs11proxy), LST_bool }, - - /* KLIPS keywords */ - { ARG_LST, offsetof(starter_config_t, setup.klipsdebug), LST_klipsdebug }, - { ARG_ENUM, offsetof(starter_config_t, setup.fragicmp), LST_bool }, - { ARG_STR, offsetof(starter_config_t, setup.packetdefault), LST_packetdefault }, - { ARG_ENUM, offsetof(starter_config_t, setup.hidetos), LST_bool }, - - /* conn section keywords */ - { ARG_STR, offsetof(starter_conn_t, name), NULL }, - { ARG_ENUM, offsetof(starter_conn_t, startup), LST_startup }, - { ARG_ENUM, offsetof(starter_conn_t, keyexchange), LST_keyexchange }, - { ARG_MISC, 0, NULL /* KW_TYPE */ }, - { ARG_MISC, 0, NULL /* KW_PFS */ }, - { ARG_MISC, 0, NULL /* KW_COMPRESS */ }, - { ARG_ENUM, offsetof(starter_conn_t, install_policy), LST_bool }, - { ARG_MISC, 0, NULL /* KW_AUTH */ }, - { ARG_MISC, 0, NULL /* KW_AUTHBY */ }, - { ARG_MISC, 0, NULL /* KW_EAP */ }, - { ARG_STR, offsetof(starter_conn_t, eap_identity), NULL }, - { ARG_MISC, 0, NULL /* KW_MOBIKE */ }, - { ARG_MISC, 0, NULL /* KW_FORCEENCAPS */ }, - { ARG_TIME, offsetof(starter_conn_t, sa_ike_life_seconds), NULL }, - { ARG_TIME, offsetof(starter_conn_t, sa_ipsec_life_seconds), NULL }, - { ARG_TIME, offsetof(starter_conn_t, sa_rekey_margin), NULL }, - { ARG_MISC, 0, NULL /* KW_KEYINGTRIES */ }, - { ARG_PCNT, offsetof(starter_conn_t, sa_rekey_fuzz), NULL }, - { ARG_MISC, 0, NULL /* KW_REKEY */ }, - { ARG_MISC, 0, NULL /* KW_REAUTH */ }, - { ARG_STR, offsetof(starter_conn_t, ike), NULL }, - { ARG_STR, offsetof(starter_conn_t, esp), NULL }, - { ARG_STR, offsetof(starter_conn_t, pfsgroup), LST_pfsgroup }, - { ARG_TIME, offsetof(starter_conn_t, dpd_delay), NULL }, - { ARG_TIME, offsetof(starter_conn_t, dpd_timeout), NULL }, - { ARG_ENUM, offsetof(starter_conn_t, dpd_action), LST_dpd_action }, - { ARG_MISC, 0, NULL /* KW_MODECONFIG */ }, - { ARG_MISC, 0, NULL /* KW_XAUTH */ }, - { ARG_ENUM, offsetof(starter_conn_t, me_mediation), LST_bool }, - { ARG_STR, offsetof(starter_conn_t, me_mediated_by), NULL }, - { ARG_STR, offsetof(starter_conn_t, me_peerid), NULL }, - - /* ca section keywords */ - { ARG_STR, offsetof(starter_ca_t, name), NULL }, - { ARG_ENUM, offsetof(starter_ca_t, startup), LST_startup }, - { ARG_STR, offsetof(starter_ca_t, cacert), NULL }, - { ARG_STR, offsetof(starter_ca_t, ldaphost), NULL }, - { ARG_STR, offsetof(starter_ca_t, ldapbase), NULL }, - { ARG_STR, offsetof(starter_ca_t, crluri), NULL }, - { ARG_STR, offsetof(starter_ca_t, crluri2), NULL }, - { ARG_STR, offsetof(starter_ca_t, ocspuri), NULL }, - { ARG_STR, offsetof(starter_ca_t, ocspuri2), NULL }, - { ARG_STR, offsetof(starter_ca_t, certuribase), NULL }, - - /* end keywords */ - { ARG_MISC, 0, NULL /* KW_HOST */ }, - { ARG_MISC, 0, NULL /* KW_NEXTHOP */ }, - { ARG_STR, offsetof(starter_end_t, subnet), NULL }, - { ARG_MISC, 0, NULL /* KW_SUBNETWITHIN */ }, - { ARG_MISC, 0, NULL /* KW_PROTOPORT */ }, - { ARG_STR, offsetof(starter_end_t, srcip), NULL }, - { ARG_MISC, 0, NULL /* KW_NATIP */ }, - { ARG_ENUM, offsetof(starter_end_t, firewall), LST_bool }, - { ARG_ENUM, offsetof(starter_end_t, hostaccess), LST_bool }, - { ARG_ENUM, offsetof(starter_end_t, allow_any), LST_bool }, - { ARG_STR, offsetof(starter_end_t, updown), NULL }, - { ARG_STR, offsetof(starter_end_t, id), NULL }, - { ARG_STR, offsetof(starter_end_t, rsakey), NULL }, - { ARG_STR, offsetof(starter_end_t, cert), NULL }, - { ARG_ENUM, offsetof(starter_end_t, sendcert), LST_sendcert }, - { ARG_STR, offsetof(starter_end_t, ca), NULL }, - { ARG_STR, offsetof(starter_end_t, groups), NULL }, - { ARG_STR, offsetof(starter_end_t, iface), NULL } + /* config setup keywords */ + { ARG_LST, offsetof(starter_config_t, setup.interfaces), NULL }, + { ARG_STR, offsetof(starter_config_t, setup.dumpdir), NULL }, + { ARG_ENUM, offsetof(starter_config_t, setup.charonstart), LST_bool }, + { ARG_ENUM, offsetof(starter_config_t, setup.plutostart), LST_bool }, + + /* pluto/charon keywords */ + { ARG_LST, offsetof(starter_config_t, setup.plutodebug), LST_plutodebug }, + { ARG_STR, offsetof(starter_config_t, setup.charondebug), NULL }, + { ARG_STR, offsetof(starter_config_t, setup.prepluto), NULL }, + { ARG_STR, offsetof(starter_config_t, setup.postpluto), NULL }, + { ARG_STR, offsetof(starter_config_t, setup.plutostderrlog), NULL }, + { ARG_ENUM, offsetof(starter_config_t, setup.uniqueids), LST_unique }, + { ARG_UINT, offsetof(starter_config_t, setup.overridemtu), NULL }, + { ARG_TIME, offsetof(starter_config_t, setup.crlcheckinterval), NULL }, + { ARG_ENUM, offsetof(starter_config_t, setup.cachecrls), LST_bool }, + { ARG_ENUM, offsetof(starter_config_t, setup.strictcrlpolicy), LST_strict }, + { ARG_ENUM, offsetof(starter_config_t, setup.nocrsend), LST_bool }, + { ARG_ENUM, offsetof(starter_config_t, setup.nat_traversal), LST_bool }, + { ARG_TIME, offsetof(starter_config_t, setup.keep_alive), NULL }, + { ARG_ENUM, offsetof(starter_config_t, setup.force_keepalive), LST_bool }, + { ARG_STR, offsetof(starter_config_t, setup.virtual_private), NULL }, + { ARG_STR, offsetof(starter_config_t, setup.pkcs11module), NULL }, + { ARG_STR, offsetof(starter_config_t, setup.pkcs11initargs), NULL }, + { ARG_ENUM, offsetof(starter_config_t, setup.pkcs11keepstate), LST_bool }, + { ARG_ENUM, offsetof(starter_config_t, setup.pkcs11proxy), LST_bool }, + + /* KLIPS keywords */ + { ARG_LST, offsetof(starter_config_t, setup.klipsdebug), LST_klipsdebug }, + { ARG_ENUM, offsetof(starter_config_t, setup.fragicmp), LST_bool }, + { ARG_STR, offsetof(starter_config_t, setup.packetdefault), LST_packetdefault }, + { ARG_ENUM, offsetof(starter_config_t, setup.hidetos), LST_bool }, + + /* conn section keywords */ + { ARG_STR, offsetof(starter_conn_t, name), NULL }, + { ARG_ENUM, offsetof(starter_conn_t, startup), LST_startup }, + { ARG_ENUM, offsetof(starter_conn_t, keyexchange), LST_keyexchange }, + { ARG_MISC, 0, NULL /* KW_TYPE */ }, + { ARG_MISC, 0, NULL /* KW_PFS */ }, + { ARG_MISC, 0, NULL /* KW_COMPRESS */ }, + { ARG_ENUM, offsetof(starter_conn_t, install_policy), LST_bool }, + { ARG_MISC, 0, NULL /* KW_AUTH */ }, + { ARG_MISC, 0, NULL /* KW_AUTHBY */ }, + { ARG_MISC, 0, NULL /* KW_EAP */ }, + { ARG_STR, offsetof(starter_conn_t, eap_identity), NULL }, + { ARG_MISC, 0, NULL /* KW_MOBIKE */ }, + { ARG_MISC, 0, NULL /* KW_FORCEENCAPS */ }, + { ARG_TIME, offsetof(starter_conn_t, sa_ike_life_seconds), NULL }, + { ARG_TIME, offsetof(starter_conn_t, sa_ipsec_life_seconds), NULL }, + { ARG_TIME, offsetof(starter_conn_t, sa_rekey_margin), NULL }, + { ARG_MISC, 0, NULL /* KW_KEYINGTRIES */ }, + { ARG_PCNT, offsetof(starter_conn_t, sa_rekey_fuzz), NULL }, + { ARG_MISC, 0, NULL /* KW_REKEY */ }, + { ARG_MISC, 0, NULL /* KW_REAUTH */ }, + { ARG_STR, offsetof(starter_conn_t, ike), NULL }, + { ARG_STR, offsetof(starter_conn_t, esp), NULL }, + { ARG_STR, offsetof(starter_conn_t, pfsgroup), LST_pfsgroup }, + { ARG_TIME, offsetof(starter_conn_t, dpd_delay), NULL }, + { ARG_TIME, offsetof(starter_conn_t, dpd_timeout), NULL }, + { ARG_ENUM, offsetof(starter_conn_t, dpd_action), LST_dpd_action }, + { ARG_MISC, 0, NULL /* KW_MODECONFIG */ }, + { ARG_MISC, 0, NULL /* KW_XAUTH */ }, + { ARG_ENUM, offsetof(starter_conn_t, me_mediation), LST_bool }, + { ARG_STR, offsetof(starter_conn_t, me_mediated_by), NULL }, + { ARG_STR, offsetof(starter_conn_t, me_peerid), NULL }, + + /* ca section keywords */ + { ARG_STR, offsetof(starter_ca_t, name), NULL }, + { ARG_ENUM, offsetof(starter_ca_t, startup), LST_startup }, + { ARG_STR, offsetof(starter_ca_t, cacert), NULL }, + { ARG_STR, offsetof(starter_ca_t, ldaphost), NULL }, + { ARG_STR, offsetof(starter_ca_t, ldapbase), NULL }, + { ARG_STR, offsetof(starter_ca_t, crluri), NULL }, + { ARG_STR, offsetof(starter_ca_t, crluri2), NULL }, + { ARG_STR, offsetof(starter_ca_t, ocspuri), NULL }, + { ARG_STR, offsetof(starter_ca_t, ocspuri2), NULL }, + { ARG_STR, offsetof(starter_ca_t, certuribase), NULL }, + + /* end keywords */ + { ARG_MISC, 0, NULL /* KW_HOST */ }, + { ARG_MISC, 0, NULL /* KW_NEXTHOP */ }, + { ARG_STR, offsetof(starter_end_t, subnet), NULL }, + { ARG_MISC, 0, NULL /* KW_SUBNETWITHIN */ }, + { ARG_MISC, 0, NULL /* KW_PROTOPORT */ }, + { ARG_STR, offsetof(starter_end_t, srcip), NULL }, + { ARG_MISC, 0, NULL /* KW_NATIP */ }, + { ARG_ENUM, offsetof(starter_end_t, firewall), LST_bool }, + { ARG_ENUM, offsetof(starter_end_t, hostaccess), LST_bool }, + { ARG_ENUM, offsetof(starter_end_t, allow_any), LST_bool }, + { ARG_STR, offsetof(starter_end_t, updown), NULL }, + { ARG_STR, offsetof(starter_end_t, auth), NULL }, + { ARG_STR, offsetof(starter_end_t, auth2), NULL }, + { ARG_STR, offsetof(starter_end_t, id), NULL }, + { ARG_STR, offsetof(starter_end_t, id2), NULL }, + { ARG_STR, offsetof(starter_end_t, rsakey), NULL }, + { ARG_STR, offsetof(starter_end_t, cert), NULL }, + { ARG_STR, offsetof(starter_end_t, cert2), NULL }, + { ARG_ENUM, offsetof(starter_end_t, sendcert), LST_sendcert }, + { ARG_STR, offsetof(starter_end_t, ca), NULL }, + { ARG_STR, offsetof(starter_end_t, ca2), NULL }, + { ARG_STR, offsetof(starter_end_t, groups), NULL }, + { ARG_STR, offsetof(starter_end_t, iface), NULL } }; static void free_list(char **list) { - char **s; + char **s; - for (s = list; *s; s++) - pfree(*s); - pfree(list); + for (s = list; *s; s++) + { + free(*s); + } + free(list); } char ** new_list(char *value) { - char *val, *b, *e, *end, **ret; - int count; - - val = value ? clone_str(value, "list value") : NULL; - if (!val) - return NULL; - end = val + strlen(val); - for (b = val, count = 0; b < end;) - { - for (e = b; ((*e != ' ') && (*e != '\0')); e++); - *e = '\0'; - if (e != b) - count++; - b = e + 1; - } - if (count == 0) - { - pfree(val); - return NULL; - } - ret = (char **)alloc_bytes((count+1) * sizeof(char *), "list"); - - for (b = val, count = 0; b < end; ) - { - for (e = b; (*e != '\0'); e++); - if (e != b) - ret[count++] = clone_str(b, "list value"); - b = e + 1; - } - ret[count] = NULL; - pfree(val); - return ret; + char *val, *b, *e, *end, **ret; + int count; + + val = value ? clone_str(value) : NULL; + if (!val) + return NULL; + end = val + strlen(val); + for (b = val, count = 0; b < end;) + { + for (e = b; ((*e != ' ') && (*e != '\0')); e++); + *e = '\0'; + if (e != b) + count++; + b = e + 1; + } + if (count == 0) + { + free(val); + return NULL; + } + ret = (char **)malloc((count+1) * sizeof(char *)); + + for (b = val, count = 0; b < end; ) + { + for (e = b; (*e != '\0'); e++); + if (e != b) + ret[count++] = clone_str(b); + b = e + 1; + } + ret[count] = NULL; + free(val); + return ret; } @@ -311,191 +316,199 @@ new_list(char *value) */ bool assign_arg(kw_token_t token, kw_token_t first, kw_list_t *kw, char *base - , bool *assigned) + , bool *assigned) { - char *p = base + token_info[token].offset; - const char **list = token_info[token].list; - - int index = -1; /* used for enumeration arguments */ - - lset_t *seen = (lset_t *)base; /* seen flags are at the top of the struct */ - lset_t f = LELEM(token - first); /* compute flag position of argument */ - - *assigned = FALSE; + char *p = base + token_info[token].offset; + const char **list = token_info[token].list; - DBG(DBG_CONTROLMORE, - DBG_log(" %s=%s", kw->entry->name, kw->value) - ) + int index = -1; /* used for enumeration arguments */ - if (*seen & f) - { - plog("# duplicate '%s' option", kw->entry->name); - return FALSE; - } + lset_t *seen = (lset_t *)base; /* seen flags are at the top of the struct */ + lset_t f = LELEM(token - first); /* compute flag position of argument */ - /* set flag that this argument has been seen */ - *seen |= f; + *assigned = FALSE; - /* is there a keyword list? */ - if (list != NULL && token_info[token].type != ARG_LST) - { - bool match = FALSE; + DBG(DBG_CONTROLMORE, + DBG_log(" %s=%s", kw->entry->name, kw->value) + ) - while (*list != NULL && !match) - { - index++; - match = streq(kw->value, *list++); - } - if (!match) - { - plog("# bad value: %s=%s", kw->entry->name, kw->value); - return FALSE; - } - } - - switch (token_info[token].type) - { - case ARG_NONE: - plog("# option '%s' not supported yet", kw->entry->name); - return FALSE; - case ARG_ENUM: + if (*seen & f) { - int *i = (int *)p; - - if (index < 0) - { - plog("# bad enumeration value: %s=%s (%d)" - , kw->entry->name, kw->value, index); + plog("# duplicate '%s' option", kw->entry->name); return FALSE; - } - *i = index; } - break; - - case ARG_UINT: - { - char *endptr; - u_int *u = (u_int *)p; - *u = strtoul(kw->value, &endptr, 10); + /* set flag that this argument has been seen */ + *seen |= f; - if (*endptr != '\0') - { - plog("# bad integer value: %s=%s", kw->entry->name, kw->value); - return FALSE; - } - } - break; - case ARG_ULNG: - case ARG_PCNT: + /* is there a keyword list? */ + if (list != NULL && token_info[token].type != ARG_LST) { - char *endptr; - unsigned long *l = (unsigned long *)p; + bool match = FALSE; - *l = strtoul(kw->value, &endptr, 10); - - if (token_info[token].type == ARG_ULNG) - { - if (*endptr != '\0') + while (*list != NULL && !match) { - plog("# bad integer value: %s=%s", kw->entry->name, kw->value); - return FALSE; + index++; + match = streq(kw->value, *list++); } - } - else - { - if ((*endptr != '%') || (endptr[1] != '\0') || endptr == kw->value) + if (!match) { - plog("# bad percent value: %s=%s", kw->entry->name, kw->value); - return FALSE; + plog("# bad value: %s=%s", kw->entry->name, kw->value); + return FALSE; } - } - } - break; - case ARG_TIME: - { - char *endptr; - time_t *t = (time_t *)p; - *t = strtoul(kw->value, &endptr, 10); - - /* time in seconds? */ - if (*endptr == '\0' || (*endptr == 's' && endptr[1] == '\0')) + switch (token_info[token].type) + { + case ARG_NONE: + plog("# option '%s' not supported yet", kw->entry->name); + return FALSE; + case ARG_ENUM: + { + if (index < 0) + { + plog("# bad enumeration value: %s=%s (%d)" + , kw->entry->name, kw->value, index); + return FALSE; + } + + if (token_info[token].list == LST_bool) + { + bool *b = (bool *)p; + *b = (index > 0); + } + else + { + int *i = (int *)p; + *i = index; + } + } break; - if (endptr[1] == '\0') - { - if (*endptr == 'm') /* time in minutes? */ + case ARG_UINT: { - *t *= 60; - break; + char *endptr; + u_int *u = (u_int *)p; + + *u = strtoul(kw->value, &endptr, 10); + + if (*endptr != '\0') + { + plog("# bad integer value: %s=%s", kw->entry->name, kw->value); + return FALSE; + } } - if (*endptr == 'h') /* time in hours? */ + break; + case ARG_ULNG: + case ARG_PCNT: { - *t *= 3600; - break; + char *endptr; + unsigned long *l = (unsigned long *)p; + + *l = strtoul(kw->value, &endptr, 10); + + if (token_info[token].type == ARG_ULNG) + { + if (*endptr != '\0') + { + plog("# bad integer value: %s=%s", kw->entry->name, kw->value); + return FALSE; + } + } + else + { + if ((*endptr != '%') || (endptr[1] != '\0') || endptr == kw->value) + { + plog("# bad percent value: %s=%s", kw->entry->name, kw->value); + return FALSE; + } + } + } - if (*endptr == 'd') /* time in days? */ + break; + case ARG_TIME: { - *t *= 3600*24; - break; + char *endptr; + time_t *t = (time_t *)p; + + *t = strtoul(kw->value, &endptr, 10); + + /* time in seconds? */ + if (*endptr == '\0' || (*endptr == 's' && endptr[1] == '\0')) + break; + + if (endptr[1] == '\0') + { + if (*endptr == 'm') /* time in minutes? */ + { + *t *= 60; + break; + } + if (*endptr == 'h') /* time in hours? */ + { + *t *= 3600; + break; + } + if (*endptr == 'd') /* time in days? */ + { + *t *= 3600*24; + break; + } + } + plog("# bad duration value: %s=%s", kw->entry->name, kw->value); + return FALSE; } - } - plog("# bad duration value: %s=%s", kw->entry->name, kw->value); - return FALSE; - } - case ARG_STR: - { - char **cp = (char **)p; - - /* free any existing string */ - pfreeany(*cp); - - /* assign the new string */ - *cp = clone_str(kw->value, "str_value"); - } - break; - case ARG_LST: - { - char ***listp = (char ***)p; - - /* free any existing list */ - if (*listp != NULL) - free_list(*listp); - - /* create a new list and assign values */ - *listp = new_list(kw->value); + case ARG_STR: + { + char **cp = (char **)p; - /* is there a keyword list? */ - if (list != NULL) - { - char ** lst; + /* free any existing string */ + free(*cp); - for (lst = *listp; lst && *lst; lst++) + /* assign the new string */ + *cp = clone_str(kw->value); + } + break; + case ARG_LST: { - bool match = FALSE; - - list = token_info[token].list; - - while (*list != NULL && !match) - { - match = streq(*lst, *list++); - } - if (!match) - { - plog("# bad value: %s=%s", kw->entry->name, *lst); - return FALSE; - } + char ***listp = (char ***)p; + + /* free any existing list */ + if (*listp != NULL) + free_list(*listp); + + /* create a new list and assign values */ + *listp = new_list(kw->value); + + /* is there a keyword list? */ + if (list != NULL) + { + char ** lst; + + for (lst = *listp; lst && *lst; lst++) + { + bool match = FALSE; + + list = token_info[token].list; + + while (*list != NULL && !match) + { + match = streq(*lst, *list++); + } + if (!match) + { + plog("# bad value: %s=%s", kw->entry->name, *lst); + return FALSE; + } + } + } } - } + default: + return TRUE; } - default: - return TRUE; - } - *assigned = TRUE; - return TRUE; + *assigned = TRUE; + return TRUE; } /* @@ -504,37 +517,37 @@ assign_arg(kw_token_t token, kw_token_t first, kw_list_t *kw, char *base void free_args(kw_token_t first, kw_token_t last, char *base) { - kw_token_t token; - - for (token = first; token <= last; token++) - { - char *p = base + token_info[token].offset; + kw_token_t token; - switch (token_info[token].type) + for (token = first; token <= last; token++) { - case ARG_STR: - { - char **cp = (char **)p; + char *p = base + token_info[token].offset; - pfreeany(*cp); - *cp = NULL; - } - break; - case ARG_LST: - { - char ***listp = (char ***)p; - - if (*listp != NULL) + switch (token_info[token].type) { - free_list(*listp); - *listp = NULL; - } - } - break; - default: - break; + case ARG_STR: + { + char **cp = (char **)p; + + free(*cp); + *cp = NULL; + } + break; + case ARG_LST: + { + char ***listp = (char ***)p; + + if (*listp != NULL) + { + free_list(*listp); + *listp = NULL; + } + } + break; + default: + break; + } } - } } /* @@ -543,38 +556,38 @@ free_args(kw_token_t first, kw_token_t last, char *base) void clone_args(kw_token_t first, kw_token_t last, char *base1, char *base2) { - kw_token_t token; + kw_token_t token; - for (token = first; token <= last; token++) - { - if (token_info[token].type == ARG_STR) + for (token = first; token <= last; token++) { - char **cp1 = (char **)(base1 + token_info[token].offset); - char **cp2 = (char **)(base2 + token_info[token].offset); + if (token_info[token].type == ARG_STR) + { + char **cp1 = (char **)(base1 + token_info[token].offset); + char **cp2 = (char **)(base2 + token_info[token].offset); - *cp1 = clone_str(*cp2, "cloned str"); + *cp1 = clone_str(*cp2); + } } - } } static bool cmp_list(char **list1, char **list2) { - if ((list1 == NULL) && (list2 == NULL)) - return TRUE; - if ((list1 == NULL) || (list2 == NULL)) - return FALSE; + if ((list1 == NULL) && (list2 == NULL)) + return TRUE; + if ((list1 == NULL) || (list2 == NULL)) + return FALSE; - for ( ; *list1 && *list2; list1++, list2++) - { - if (strcmp(*list1,*list2) != 0) - return FALSE; - } + for ( ; *list1 && *list2; list1++, list2++) + { + if (strcmp(*list1,*list2) != 0) + return FALSE; + } - if ((*list1 != NULL) || (*list2 != NULL)) - return FALSE; + if ((*list1 != NULL) || (*list2 != NULL)) + return FALSE; - return TRUE; + return TRUE; } /* @@ -583,75 +596,75 @@ cmp_list(char **list1, char **list2) bool cmp_args(kw_token_t first, kw_token_t last, char *base1, char *base2) { - kw_token_t token; - - for (token = first; token <= last; token++) - { - char *p1 = base1 + token_info[token].offset; - char *p2 = base2 + token_info[token].offset; + kw_token_t token; - switch (token_info[token].type) + for (token = first; token <= last; token++) { - case ARG_ENUM: - { - int *i1 = (int *)p1; - int *i2 = (int *)p2; - - if (*i1 != *i2) - return FALSE; - } - break; - case ARG_UINT: - { - u_int *u1 = (u_int *)p1; - u_int *u2 = (u_int *)p2; - - if (*u1 != *u2) - return FALSE; - } - break; - case ARG_ULNG: - case ARG_PCNT: - { - unsigned long *l1 = (unsigned long *)p1; - unsigned long *l2 = (unsigned long *)p2; - - if (*l1 != *l2) - return FALSE; - } - break; - case ARG_TIME: - { - time_t *t1 = (time_t *)p1; - time_t *t2 = (time_t *)p2; - - if (*t1 != *t2) - return FALSE; - } - break; - case ARG_STR: - { - char **cp1 = (char **)p1; - char **cp2 = (char **)p2; - - if (*cp1 == NULL && *cp2 == NULL) - break; - if (*cp1 == NULL || *cp2 == NULL || strcmp(*cp1, *cp2) != 0) - return FALSE; - } - break; - case ARG_LST: - { - char ***listp1 = (char ***)p1; - char ***listp2 = (char ***)p2; - - if (!cmp_list(*listp1, *listp2)) - return FALSE; - } - break; - default: - break; + char *p1 = base1 + token_info[token].offset; + char *p2 = base2 + token_info[token].offset; + + switch (token_info[token].type) + { + case ARG_ENUM: + { + int *i1 = (int *)p1; + int *i2 = (int *)p2; + + if (*i1 != *i2) + return FALSE; + } + break; + case ARG_UINT: + { + u_int *u1 = (u_int *)p1; + u_int *u2 = (u_int *)p2; + + if (*u1 != *u2) + return FALSE; + } + break; + case ARG_ULNG: + case ARG_PCNT: + { + unsigned long *l1 = (unsigned long *)p1; + unsigned long *l2 = (unsigned long *)p2; + + if (*l1 != *l2) + return FALSE; + } + break; + case ARG_TIME: + { + time_t *t1 = (time_t *)p1; + time_t *t2 = (time_t *)p2; + + if (*t1 != *t2) + return FALSE; + } + break; + case ARG_STR: + { + char **cp1 = (char **)p1; + char **cp2 = (char **)p2; + + if (*cp1 == NULL && *cp2 == NULL) + break; + if (*cp1 == NULL || *cp2 == NULL || strcmp(*cp1, *cp2) != 0) + return FALSE; + } + break; + case ARG_LST: + { + char ***listp1 = (char ***)p1; + char ***listp2 = (char ***)p2; + + if (!cmp_list(*listp1, *listp2)) + return FALSE; + } + break; + default: + break; + } } - } - return TRUE; + return TRUE; } diff --git a/src/starter/args.h b/src/starter/args.h index 7bd55bb05..b003784c8 100644 --- a/src/starter/args.h +++ b/src/starter/args.h @@ -11,8 +11,6 @@ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. - * - * RCSID $Id: args.h 3267 2007-10-08 19:57:54Z andreas $ */ #ifndef _ARGS_H_ @@ -23,12 +21,12 @@ extern char **new_list(char *value); extern bool assign_arg(kw_token_t token, kw_token_t first, kw_list_t *kw - , char *base, bool *assigned); + , char *base, bool *assigned); extern void free_args(kw_token_t first, kw_token_t last, char *base); extern void clone_args(kw_token_t first, kw_token_t last, char *base1 - , char *base2); + , char *base2); extern bool cmp_args(kw_token_t first, kw_token_t last, char *base1 - , char *base2); + , char *base2); #endif /* _ARGS_H_ */ diff --git a/src/starter/cmp.c b/src/starter/cmp.c index 5abb8399b..8462a4819 100644 --- a/src/starter/cmp.c +++ b/src/starter/cmp.c @@ -10,8 +10,6 @@ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. - * - * RCSID $Id: cmp.c 3881 2008-04-27 11:04:13Z andreas $ */ #include <string.h> @@ -34,79 +32,79 @@ static bool starter_cmp_end(starter_end_t *c1, starter_end_t *c2) { - if ((c1 == NULL) || (c2 == NULL)) - return FALSE; - - if (c2->dns_failed) - { - c2->addr = c1->addr; - } - else - { - ADDCMP(addr); - } - ADDCMP(nexthop); - VARCMP(has_client); - VARCMP(has_client_wildcard); - VARCMP(has_port_wildcard); - VARCMP(has_natip); - VARCMP(has_virt); - VARCMP(modecfg); - VARCMP(port); - VARCMP(protocol); - - return cmp_args(KW_END_FIRST, KW_END_LAST, (char *)c1, (char *)c2); + if ((c1 == NULL) || (c2 == NULL)) + return FALSE; + + if (c2->dns_failed) + { + c2->addr = c1->addr; + } + else + { + ADDCMP(addr); + } + ADDCMP(nexthop); + VARCMP(has_client); + VARCMP(has_client_wildcard); + VARCMP(has_port_wildcard); + VARCMP(has_natip); + VARCMP(has_virt); + VARCMP(modecfg); + VARCMP(port); + VARCMP(protocol); + + return cmp_args(KW_END_FIRST, KW_END_LAST, (char *)c1, (char *)c2); } bool starter_cmp_conn(starter_conn_t *c1, starter_conn_t *c2) { - if ((c1 == NULL) || (c2 == NULL)) - return FALSE; + if ((c1 == NULL) || (c2 == NULL)) + return FALSE; - VARCMP(policy); - VARCMP(addr_family); - VARCMP(tunnel_addr_family); + VARCMP(policy); + VARCMP(addr_family); + VARCMP(tunnel_addr_family); - if (!starter_cmp_end(&c1->left, &c2->left)) - return FALSE; - if (!starter_cmp_end(&c1->right, &c2->right)) - return FALSE; + if (!starter_cmp_end(&c1->left, &c2->left)) + return FALSE; + if (!starter_cmp_end(&c1->right, &c2->right)) + return FALSE; - return cmp_args(KW_CONN_NAME, KW_CONN_LAST, (char *)c1, (char *)c2); + return cmp_args(KW_CONN_NAME, KW_CONN_LAST, (char *)c1, (char *)c2); } bool starter_cmp_ca(starter_ca_t *c1, starter_ca_t *c2) { - if (c1 == NULL || c2 == NULL) - return FALSE; + if (c1 == NULL || c2 == NULL) + return FALSE; - return cmp_args(KW_CA_NAME, KW_CA_LAST, (char *)c1, (char *)c2); + return cmp_args(KW_CA_NAME, KW_CA_LAST, (char *)c1, (char *)c2); } bool starter_cmp_klips(starter_config_t *c1, starter_config_t *c2) { - if ((c1 == NULL) || (c2 == NULL)) - return FALSE; + if ((c1 == NULL) || (c2 == NULL)) + return FALSE; - return cmp_args(KW_KLIPS_FIRST, KW_KLIPS_LAST, (char *)c1, (char *)c2); + return cmp_args(KW_KLIPS_FIRST, KW_KLIPS_LAST, (char *)c1, (char *)c2); } bool starter_cmp_pluto(starter_config_t *c1, starter_config_t *c2) { - if ((c1 == NULL) || (c2 == NULL)) - return FALSE; + if ((c1 == NULL) || (c2 == NULL)) + return FALSE; - return cmp_args(KW_PLUTO_FIRST, KW_PLUTO_LAST, (char *)c1, (char *)c2); + return cmp_args(KW_PLUTO_FIRST, KW_PLUTO_LAST, (char *)c1, (char *)c2); } bool starter_cmp_defaultroute(defaultroute_t *d1, defaultroute_t *d2) { - if ((d1 == NULL) || (d2 == NULL)) - return FALSE; - return memcmp(d1, d2, sizeof(defaultroute_t)) == 0; + if ((d1 == NULL) || (d2 == NULL)) + return FALSE; + return memcmp(d1, d2, sizeof(defaultroute_t)) == 0; } diff --git a/src/starter/cmp.h b/src/starter/cmp.h index 24bd32ff6..cda6e44b9 100644 --- a/src/starter/cmp.h +++ b/src/starter/cmp.h @@ -10,8 +10,6 @@ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. - * - * RCSID $Id: cmp.h 3267 2007-10-08 19:57:54Z andreas $ */ #ifndef _STARTER_CMP_H_ diff --git a/src/starter/confread.c b/src/starter/confread.c index 855d07b51..5fd2b9fbf 100644 --- a/src/starter/confread.c +++ b/src/starter/confread.c @@ -10,8 +10,6 @@ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. - * - * RCSID $Id: confread.c 5002 2009-03-24 15:02:12Z martin $ */ #include <stddef.h> @@ -34,8 +32,8 @@ /* strings containing a colon are interpreted as an IPv6 address */ #define ip_version(string) (strchr(string, '.') ? AF_INET : AF_INET6) -static const char ike_defaults[] = "aes128-sha-modp2048"; -static const char esp_defaults[] = "aes128-sha1, 3des-md5"; +static const char ike_defaults[] = "aes128-sha1-modp2048,3des-sha1-modp1536"; +static const char esp_defaults[] = "aes128-sha1,3des-sha1"; static const char firewall_defaults[] = "ipsec _updown iptables"; @@ -72,11 +70,11 @@ static void default_values(starter_config_t *cfg) cfg->conn_default.seen = LEMPTY; cfg->conn_default.startup = STARTUP_NO; cfg->conn_default.state = STATE_IGNORE; - cfg->conn_default.policy = POLICY_ENCRYPT | POLICY_TUNNEL | POLICY_RSASIG | + cfg->conn_default.policy = POLICY_ENCRYPT | POLICY_TUNNEL | POLICY_PUBKEY | POLICY_PFS | POLICY_MOBIKE; - cfg->conn_default.ike = clone_str(ike_defaults, "ike_defaults"); - cfg->conn_default.esp = clone_str(esp_defaults, "esp_defaults"); + cfg->conn_default.ike = clone_str(ike_defaults); + cfg->conn_default.esp = clone_str(esp_defaults); cfg->conn_default.sa_ike_life_seconds = OAKLEY_ISAKMP_SA_LIFETIME_DEFAULT; cfg->conn_default.sa_ipsec_life_seconds = PLUTO_SA_LIFE_DURATION_DEFAULT; cfg->conn_default.sa_rekey_margin = SA_REPLACEMENT_MARGIN_DEFAULT; @@ -144,7 +142,7 @@ kw_end(starter_conn_t *conn, starter_end_t *end, kw_token_t token { err_t ugh = NULL; bool assigned = FALSE; - int has_port_wildcard; /* set if port is %any */ + bool has_port_wildcard; /* set if port is %any */ char *name = kw->entry->name; char *value = kw->value; @@ -193,7 +191,7 @@ kw_end(starter_conn_t *conn, starter_end_t *end, kw_token_t token if (streq(value, "%modeconfig") || streq(value, "%modecfg") || streq(value, "%config") || streq(value, "%cfg")) { - pfree(end->srcip); + free(end->srcip); end->srcip = NULL; end->modecfg = TRUE; } @@ -336,7 +334,7 @@ kw_end(starter_conn_t *conn, starter_end_t *end, kw_token_t token plog("# bad subnet: %s=%s [%s]", name, value, ugh); goto err; } - end->subnet = clone_str(value, "subnetwithin"); + end->subnet = clone_str(value); break; } case KW_PROTOPORT: @@ -356,7 +354,7 @@ kw_end(starter_conn_t *conn, starter_end_t *end, kw_token_t token if (cfg->defaultroute.defined) { addrtot(&cfg->defaultroute.addr, 0, buf, sizeof(buf)); - end->srcip = clone_str(buf, "natip"); + end->srcip = clone_str(buf); } else { @@ -375,7 +373,7 @@ kw_end(starter_conn_t *conn, starter_end_t *end, kw_token_t token plog("# bad addr: %s=%s [%s]", name, value, ugh); goto err; } - end->srcip = clone_str(value, "srcip"); + end->srcip = clone_str(value); } end->has_natip = TRUE; conn->policy |= POLICY_TUNNEL; @@ -426,7 +424,7 @@ handle_firewall( const char *label, starter_end_t *end, starter_config_t *cfg) } else { - end->updown = clone_str(firewall_defaults, "firewall_defaults"); + end->updown = clone_str(firewall_defaults); end->firewall = FALSE; } } @@ -467,9 +465,9 @@ load_conn(starter_conn_t *conn, kw_list_t *kw, starter_config_t *cfg) { if (cfg->parse_also) { - also_t *also = alloc_thing(also_t, "also_t"); + also_t *also = malloc_thing(also_t); - also->name = clone_str(kw->value, "also"); + also->name = clone_str(kw->value); also->next = conn->also; conn->also = also; @@ -557,18 +555,16 @@ load_conn(starter_conn_t *conn, kw_list_t *kw, starter_config_t *cfg) /* also handles the cases secret|rsasig and rsasig|secret */ for (;;) { - if (streq(value, "rsa") || streq(value, "rsasig")) + if (streq(value, "rsa") || streq(value, "rsasig") || + streq(value, "ecdsa") || streq(value, "ecdsasig") || + streq(value, "pubkey")) { - conn->policy |= POLICY_RSASIG | POLICY_ENCRYPT; + conn->policy |= POLICY_PUBKEY | POLICY_ENCRYPT; } else if (streq(value, "secret") || streq(value, "psk")) { conn->policy |= POLICY_PSK | POLICY_ENCRYPT; } - else if (streq(value, "ecdsa") || streq(value, "ecdsasig")) - { - conn->policy |= POLICY_ECDSASIG | POLICY_ENCRYPT; - } else if (streq(value, "xauthrsasig")) { conn->policy |= POLICY_XAUTH_RSASIG | POLICY_ENCRYPT; @@ -698,7 +694,7 @@ static void conn_default(char *name, starter_conn_t *conn, starter_conn_t *def) { memcpy(conn, def, sizeof(starter_conn_t)); - conn->name = clone_str(name, "conn name"); + conn->name = clone_str(name); clone_args(KW_CONN_FIRST, KW_CONN_LAST, (char *)conn, (char *)def); clone_args(KW_END_FIRST, KW_END_LAST, (char *)&conn->left, (char *)&def->left); @@ -727,9 +723,9 @@ load_ca(starter_ca_t *ca, kw_list_t *kw, starter_config_t *cfg) { if (cfg->parse_also) { - also_t *also = alloc_thing(also_t, "also_t"); + also_t *also = malloc_thing(also_t); - also->name = clone_str(kw->value, "also"); + also->name = clone_str(kw->value); also->next = ca->also; ca->also = also; @@ -766,7 +762,7 @@ static void ca_default(char *name, starter_ca_t *ca, starter_ca_t *def) { memcpy(ca, def, sizeof(starter_ca_t)); - ca->name = clone_str(name, "ca name"); + ca->name = clone_str(name); clone_args(KW_CA_FIRST, KW_CA_LAST, (char *)ca, (char *)def); } @@ -896,8 +892,8 @@ free_also(also_t *head) also_t *also = head; head = also->next; - pfree(also->name); - pfree(also); + free(also->name); + free(also); } } @@ -942,7 +938,7 @@ confread_free(starter_config_t *cfg) conn = conn->next; confread_free_conn(conn_aux); - pfree(conn_aux); + free(conn_aux); } confread_free_ca(&cfg->ca_default); @@ -953,10 +949,10 @@ confread_free(starter_config_t *cfg) ca = ca->next; confread_free_ca(ca_aux); - pfree(ca_aux); + free(ca_aux); } - pfree(cfg); + free(cfg); } /* @@ -980,7 +976,7 @@ confread_load(const char *file) { return NULL; } - cfg = (starter_config_t *)alloc_thing(starter_config_t, "starter_config_t"); + cfg = malloc_thing(starter_config_t); /* set default values */ default_values(cfg); @@ -1021,7 +1017,7 @@ confread_load(const char *file) DBG(DBG_CONTROL, DBG_log("Loading ca '%s'", sca->name) ) - ca = (starter_ca_t *)alloc_thing(starter_ca_t, "starter_ca_t"); + ca = malloc_thing(starter_ca_t); ca_default(sca->name, ca, &cfg->ca_default); ca->kw = sca->kw; @@ -1092,7 +1088,7 @@ confread_load(const char *file) DBG(DBG_CONTROL, DBG_log("Loading conn '%s'", sconn->name) ) - conn = (starter_conn_t *)alloc_thing(starter_conn_t, "starter_conn_t"); + conn = malloc_thing(starter_conn_t); conn_default(sconn->name, conn, &cfg->conn_default); conn->kw = sconn->kw; diff --git a/src/starter/confread.h b/src/starter/confread.h index 24a8d073e..b20c2e0d3 100644 --- a/src/starter/confread.h +++ b/src/starter/confread.h @@ -11,8 +11,6 @@ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. - * - * RCSID $Id: confread.h 4612 2008-11-11 06:37:37Z andreas $ */ #ifndef _IPSEC_CONFREAD_H_ @@ -20,205 +18,209 @@ #ifndef _FREESWAN_H #include <freeswan.h> -#include "../pluto/constants.h" #endif #include "parser.h" #include "interfaces.h" typedef enum { - STARTUP_NO, - STARTUP_ADD, - STARTUP_ROUTE, - STARTUP_START + STARTUP_NO, + STARTUP_ADD, + STARTUP_ROUTE, + STARTUP_START } startup_t; typedef enum { - STATE_IGNORE, - STATE_TO_ADD, - STATE_ADDED, - STATE_REPLACED, - STATE_INVALID + STATE_IGNORE, + STATE_TO_ADD, + STATE_ADDED, + STATE_REPLACED, + STATE_INVALID } starter_state_t; typedef enum { - KEY_EXCHANGE_IKE, - KEY_EXCHANGE_IKEV1, - KEY_EXCHANGE_IKEV2 + KEY_EXCHANGE_IKE, + KEY_EXCHANGE_IKEV1, + KEY_EXCHANGE_IKEV2 } keyexchange_t; typedef enum { - STRICT_NO, - STRICT_YES, - STRICT_IFURI + STRICT_NO, + STRICT_YES, + STRICT_IFURI } strict_t; typedef struct starter_end starter_end_t; struct starter_end { - lset_t seen; - char *id; - char *rsakey; - char *cert; - char *ca; - char *groups; - char *iface; - ip_address addr; - ip_address nexthop; - char *subnet; - bool has_client; - bool has_client_wildcard; - bool has_port_wildcard; - bool has_natip; - bool has_virt; - bool modecfg; - certpolicy_t sendcert; - bool firewall; - bool hostaccess; - bool allow_any; - bool dns_failed; - char *updown; - u_int16_t port; - u_int8_t protocol; - char *srcip; + lset_t seen; + char *auth; + char *auth2; + char *id; + char *id2; + char *rsakey; + char *cert; + char *cert2; + char *ca; + char *ca2; + char *groups; + char *iface; + ip_address addr; + ip_address nexthop; + char *subnet; + bool has_client; + bool has_client_wildcard; + bool has_port_wildcard; + bool has_natip; + bool has_virt; + bool modecfg; + certpolicy_t sendcert; + bool firewall; + bool hostaccess; + bool allow_any; + bool dns_failed; + char *updown; + u_int16_t port; + u_int8_t protocol; + char *srcip; }; typedef struct also also_t; struct also { - char *name; - bool included; - also_t *next; + char *name; + bool included; + also_t *next; }; typedef struct starter_conn starter_conn_t; struct starter_conn { - lset_t seen; - char *name; - also_t *also; - kw_list_t *kw; - u_int visit; - startup_t startup; - starter_state_t state; - - keyexchange_t keyexchange; - u_int32_t eap_type; - u_int32_t eap_vendor; - char *eap_identity; - lset_t policy; - time_t sa_ike_life_seconds; - time_t sa_ipsec_life_seconds; - time_t sa_rekey_margin; - unsigned long sa_keying_tries; - unsigned long sa_rekey_fuzz; - sa_family_t addr_family; - sa_family_t tunnel_addr_family; - bool install_policy; - starter_end_t left, right; - - unsigned long id; - - char *esp; - char *ike; - char *pfsgroup; - - time_t dpd_delay; - time_t dpd_timeout; - dpd_action_t dpd_action; - int dpd_count; - - bool me_mediation; - char *me_mediated_by; - char *me_peerid; - - starter_conn_t *next; + lset_t seen; + char *name; + also_t *also; + kw_list_t *kw; + u_int visit; + startup_t startup; + starter_state_t state; + + keyexchange_t keyexchange; + u_int32_t eap_type; + u_int32_t eap_vendor; + char *eap_identity; + lset_t policy; + time_t sa_ike_life_seconds; + time_t sa_ipsec_life_seconds; + time_t sa_rekey_margin; + unsigned long sa_keying_tries; + unsigned long sa_rekey_fuzz; + sa_family_t addr_family; + sa_family_t tunnel_addr_family; + bool install_policy; + starter_end_t left, right; + + unsigned long id; + + char *esp; + char *ike; + char *pfsgroup; + + time_t dpd_delay; + time_t dpd_timeout; + dpd_action_t dpd_action; + int dpd_count; + + bool me_mediation; + char *me_mediated_by; + char *me_peerid; + + starter_conn_t *next; }; typedef struct starter_ca starter_ca_t; struct starter_ca { - lset_t seen; - char *name; - also_t *also; - kw_list_t *kw; - u_int visit; - startup_t startup; - starter_state_t state; - - char *cacert; - char *ldaphost; - char *ldapbase; - char *crluri; - char *crluri2; - char *ocspuri; - char *ocspuri2; - char *certuribase; - - bool strict; - - starter_ca_t *next; + lset_t seen; + char *name; + also_t *also; + kw_list_t *kw; + u_int visit; + startup_t startup; + starter_state_t state; + + char *cacert; + char *ldaphost; + char *ldapbase; + char *crluri; + char *crluri2; + char *ocspuri; + char *ocspuri2; + char *certuribase; + + bool strict; + + starter_ca_t *next; }; typedef struct starter_config starter_config_t; struct starter_config { - struct { - lset_t seen; - char **interfaces; - char *dumpdir; - bool charonstart; - bool plutostart; - - /* pluto/charon keywords */ - char **plutodebug; - char *charondebug; - char *prepluto; - char *postpluto; - char *plutostderrlog; - bool uniqueids; - u_int overridemtu; - u_int crlcheckinterval; - bool cachecrls; - strict_t strictcrlpolicy; - bool nocrsend; - bool nat_traversal; - u_int keep_alive; - u_int force_keepalive; - char *virtual_private; - char *pkcs11module; - char *pkcs11initargs; - bool pkcs11keepstate; - bool pkcs11proxy; - - /* KLIPS keywords */ - char **klipsdebug; - bool fragicmp; - char *packetdefault; - bool hidetos; - } setup; - - /* information about the default route */ - defaultroute_t defaultroute; - - /* number of encountered parsing errors */ - u_int err; - u_int non_fatal_err; - - /* do we parse also statements */ - bool parse_also; - - /* ca %default */ - starter_ca_t ca_default; - - /* connections list (without %default) */ - starter_ca_t *ca_first, *ca_last; - - /* conn %default */ - starter_conn_t conn_default; - - /* connections list (without %default) */ - starter_conn_t *conn_first, *conn_last; + struct { + lset_t seen; + char **interfaces; + char *dumpdir; + bool charonstart; + bool plutostart; + + /* pluto/charon keywords */ + char **plutodebug; + char *charondebug; + char *prepluto; + char *postpluto; + char *plutostderrlog; + bool uniqueids; + u_int overridemtu; + u_int crlcheckinterval; + bool cachecrls; + strict_t strictcrlpolicy; + bool nocrsend; + bool nat_traversal; + u_int keep_alive; + u_int force_keepalive; + char *virtual_private; + char *pkcs11module; + char *pkcs11initargs; + bool pkcs11keepstate; + bool pkcs11proxy; + + /* KLIPS keywords */ + char **klipsdebug; + bool fragicmp; + char *packetdefault; + bool hidetos; + } setup; + + /* information about the default route */ + defaultroute_t defaultroute; + + /* number of encountered parsing errors */ + u_int err; + u_int non_fatal_err; + + /* do we parse also statements */ + bool parse_also; + + /* ca %default */ + starter_ca_t ca_default; + + /* connections list (without %default) */ + starter_ca_t *ca_first, *ca_last; + + /* conn %default */ + starter_conn_t conn_default; + + /* connections list (without %default) */ + starter_conn_t *conn_first, *conn_last; }; extern starter_config_t *confread_load(const char *file); diff --git a/src/starter/exec.c b/src/starter/exec.c index eed444c74..d4c4f0657 100644 --- a/src/starter/exec.c +++ b/src/starter/exec.c @@ -10,8 +10,6 @@ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. - * - * RCSID $Id: exec.c 3267 2007-10-08 19:57:54Z andreas $ */ #include <stdlib.h> @@ -37,18 +35,18 @@ int starter_exec(const char *fmt, ...) { - va_list args; - static char buf[BUF_SIZE]; - int r; - - va_start (args, fmt); - vsnprintf(buf, BUF_SIZE-1, fmt, args); - buf[BUF_SIZE - 1] = '\0'; - va_end(args); - r = system(buf); - DBG(DBG_CONTROL, - DBG_log("starter_exec(%s) = %d", buf, r) - ) - return r; + va_list args; + static char buf[BUF_SIZE]; + int r; + + va_start (args, fmt); + vsnprintf(buf, BUF_SIZE-1, fmt, args); + buf[BUF_SIZE - 1] = '\0'; + va_end(args); + r = system(buf); + DBG(DBG_CONTROL, + DBG_log("starter_exec(%s) = %d", buf, r) + ) + return r; } diff --git a/src/starter/exec.h b/src/starter/exec.h index 49d795e1a..6a6414578 100644 --- a/src/starter/exec.h +++ b/src/starter/exec.h @@ -10,8 +10,6 @@ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. - * - * RCSID $Id: exec.h 3267 2007-10-08 19:57:54Z andreas $ */ #ifndef _STARTER_EXEC_H_ diff --git a/src/starter/files.h b/src/starter/files.h index a40574594..ec41c9f2e 100644 --- a/src/starter/files.h +++ b/src/starter/files.h @@ -10,8 +10,6 @@ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. - * - * RCSID $Id: files.h 4618 2008-11-11 09:22:00Z tobias $ */ #ifndef _STARTER_FILES_H_ @@ -19,18 +17,18 @@ #define STARTER_PID_FILE IPSEC_PIDDIR "/starter.pid" -#define PROC_NETKEY "/proc/net/pfkey" -#define PROC_KLIPS "/proc/net/pf_key" -#define PROC_MODULES "/proc/modules" +#define PROC_NETKEY "/proc/net/pfkey" +#define PROC_KLIPS "/proc/net/pf_key" +#define PROC_MODULES "/proc/modules" #define CONFIG_FILE IPSEC_CONFDIR "/ipsec.conf" -#define SECRETS_FILE IPSEC_CONFDIR "/ipsec.secrets" +#define SECRETS_FILE IPSEC_CONFDIR "/ipsec.secrets" #define PLUTO_CMD IPSEC_DIR "/pluto" #define PLUTO_CTL_FILE IPSEC_PIDDIR "/pluto.ctl" #define PLUTO_PID_FILE IPSEC_PIDDIR "/pluto.pid" -#define CHARON_CMD IPSEC_DIR "/charon" +#define CHARON_CMD IPSEC_DIR "/charon" #define CHARON_CTL_FILE IPSEC_PIDDIR "/charon.ctl" #define CHARON_PID_FILE IPSEC_PIDDIR "/charon.pid" diff --git a/src/starter/interfaces.c b/src/starter/interfaces.c index 5cec8a217..034eac317 100644 --- a/src/starter/interfaces.c +++ b/src/starter/interfaces.c @@ -10,20 +10,16 @@ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. - * - * RCSID $Id: interfaces.c 3267 2007-10-08 19:57:54Z andreas $ */ #include <sys/socket.h> #include <sys/ioctl.h> -#include <linux/if.h> #include <stdlib.h> #include <string.h> #include <unistd.h> #include <errno.h> #include <freeswan.h> -#include <ipsec_tunnel.h> #include <constants.h> #include <defs.h> @@ -39,114 +35,114 @@ void get_defaultroute(defaultroute_t *defaultroute) { - FILE *fd; - char line[BUF_LEN]; - bool first = TRUE; + FILE *fd; + char line[BUF_LEN]; + bool first = TRUE; - memset(defaultroute, 0, sizeof(defaultroute_t)); + memset(defaultroute, 0, sizeof(defaultroute_t)); - fd = fopen("/proc/net/route", "r"); + fd = fopen("/proc/net/route", "r"); - if (!fd) - { - plog("could not open 'proc/net/route'"); - return; - } - - while (fgets(line, sizeof(line), fd) != 0) - { - char iface[11]; - char destination[9]; - char gateway[11]; - char flags[5]; - char mask[9]; - - int refcnt; - int use; - int metric; - int items; - - /* proc/net/route returns IP addresses in host order */ - strcpy(gateway, "0h"); - - /* skip the header line */ - if (first) + if (!fd) { - first = FALSE; - continue; + plog("could not open 'proc/net/route'"); + return; } - /* parsing a single line of proc/net/route */ - items = sscanf(line, "%10s\t%8s\t%8s\t%5s\t%d\t%d\t%d\t%8s\t" - , iface, destination, gateway+2, flags, &refcnt, &use, &metric, mask); - if (items < 8) + while (fgets(line, sizeof(line), fd) != 0) { - plog("parsing error while scanning /proc/net/route"); - continue; + char iface[11]; + char destination[9]; + char gateway[11]; + char flags[5]; + char mask[9]; + + int refcnt; + int use; + int metric; + int items; + + /* proc/net/route returns IP addresses in host order */ + strcpy(gateway, "0h"); + + /* skip the header line */ + if (first) + { + first = FALSE; + continue; + } + + /* parsing a single line of proc/net/route */ + items = sscanf(line, "%10s\t%8s\t%8s\t%5s\t%d\t%d\t%d\t%8s\t" + , iface, destination, gateway+2, flags, &refcnt, &use, &metric, mask); + if (items < 8) + { + plog("parsing error while scanning /proc/net/route"); + continue; + } + + /* check for defaultroute (destination 0.0.0.0 and mask 0.0.0.0) */ + if (streq(destination, "00000000") && streq(mask, "00000000")) + { + if (defaultroute->defined) + { + plog("multiple default routes - cannot cope with %%defaultroute!!!"); + defaultroute->defined = FALSE; + fclose(fd); + return; + } + ttoaddr(gateway, strlen(gateway), AF_INET, &defaultroute->nexthop); + strncpy(defaultroute->iface, iface, IFNAMSIZ); + defaultroute->defined = TRUE; + } } + fclose(fd); - /* check for defaultroute (destination 0.0.0.0 and mask 0.0.0.0) */ - if (streq(destination, "00000000") && streq(mask, "00000000")) + if (!defaultroute->defined) { - if (defaultroute->defined) - { - plog("multiple default routes - cannot cope with %%defaultroute!!!"); - defaultroute->defined = FALSE; - fclose(fd); - return; - } - ttoaddr(gateway, strlen(gateway), AF_INET, &defaultroute->nexthop); - strncpy(defaultroute->iface, iface, IFNAMSIZ); - defaultroute->defined = TRUE; + plog("no default route - cannot cope with %%defaultroute!!!"); } - } - fclose(fd); - - if (!defaultroute->defined) - { - plog("no default route - cannot cope with %%defaultroute!!!"); - } - else - { - char addr_buf[20], nexthop_buf[20]; - struct ifreq physreq; - - int sock = socket(AF_INET, SOCK_DGRAM, 0); - - /* determine IP address of iface */ - if (sock < 0) + else { - plog("could not open SOCK_DGRAM socket"); - defaultroute->defined = FALSE; - return; + char addr_buf[20], nexthop_buf[20]; + struct ifreq physreq; + + int sock = socket(AF_INET, SOCK_DGRAM, 0); + + /* determine IP address of iface */ + if (sock < 0) + { + plog("could not open SOCK_DGRAM socket"); + defaultroute->defined = FALSE; + return; + } + memset ((void*)&physreq, 0, sizeof(physreq)); + strncpy(physreq.ifr_name, defaultroute->iface, IFNAMSIZ); + ioctl(sock, SIOCGIFADDR, &physreq); + close(sock); + defaultroute->addr.u.v4 = *((struct sockaddr_in *)&physreq.ifr_addr); + + addrtot(&defaultroute->addr, 0, addr_buf, sizeof(addr_buf)); + addrtot(&defaultroute->nexthop, 0, nexthop_buf, sizeof(nexthop_buf)); + + DBG(DBG_CONTROL, + DBG_log("Default route found: iface=%s, addr=%s, nexthop=%s" + , defaultroute->iface, addr_buf, nexthop_buf) + ) + + /* for backwards-compatibility with the awk shell scripts + * store the defaultroute in /var/run/ipsec.info + */ + fd = fopen(INFO_FILE, "w"); + + if (fd) + { + fprintf(fd, "defaultroutephys=%s\n", defaultroute->iface ); + fprintf(fd, "defaultroutevirt=ipsec0\n"); + fprintf(fd, "defaultrouteaddr=%s\n", addr_buf); + fprintf(fd, "defaultroutenexthop=%s\n", nexthop_buf); + fclose(fd); + } } - memset ((void*)&physreq, 0, sizeof(physreq)); - strncpy(physreq.ifr_name, defaultroute->iface, IFNAMSIZ); - ioctl(sock, SIOCGIFADDR, &physreq); - close(sock); - defaultroute->addr.u.v4 = *((struct sockaddr_in *)&physreq.ifr_addr); - - addrtot(&defaultroute->addr, 0, addr_buf, sizeof(addr_buf)); - addrtot(&defaultroute->nexthop, 0, nexthop_buf, sizeof(nexthop_buf)); - - DBG(DBG_CONTROL, - DBG_log("Default route found: iface=%s, addr=%s, nexthop=%s" - , defaultroute->iface, addr_buf, nexthop_buf) - ) - - /* for backwards-compatibility with the awk shell scripts - * store the defaultroute in /var/run/ipsec.info - */ - fd = fopen(INFO_FILE, "w"); - - if (fd) - { - fprintf(fd, "defaultroutephys=%s\n", defaultroute->iface ); - fprintf(fd, "defaultroutevirt=ipsec0\n"); - fprintf(fd, "defaultrouteaddr=%s\n", addr_buf); - fprintf(fd, "defaultroutenexthop=%s\n", nexthop_buf); - fclose(fd); - } - } - return; + return; } diff --git a/src/starter/interfaces.h b/src/starter/interfaces.h index 299113669..abe4c8f9c 100644 --- a/src/starter/interfaces.h +++ b/src/starter/interfaces.h @@ -10,22 +10,22 @@ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. - * - * RCSID $Id: interfaces.h 3267 2007-10-08 19:57:54Z andreas $ */ #ifndef _STARTER_INTERFACES_H_ #define _STARTER_INTERFACES_H_ -#include <linux/if.h> +#include <sys/types.h> +#include <sys/socket.h> +#include <net/if.h> #include "../pluto/constants.h" typedef struct { - bool defined; - char iface[IFNAMSIZ]; - ip_address addr; - ip_address nexthop; + bool defined; + char iface[IFNAMSIZ]; + ip_address addr; + ip_address nexthop; } defaultroute_t; extern void get_defaultroute(defaultroute_t *defaultroute); diff --git a/src/starter/invokecharon.c b/src/starter/invokecharon.c index dd3f5f018..804467cea 100644 --- a/src/starter/invokecharon.c +++ b/src/starter/invokecharon.c @@ -13,8 +13,6 @@ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. - * - * RCSID $Id: invokecharon.c 5050 2009-03-27 16:14:59Z andreas $ */ #include <sys/types.h> @@ -41,190 +39,197 @@ static int _stop_requested; pid_t starter_charon_pid(void) { - return _charon_pid; + return _charon_pid; } void starter_charon_sigchild(pid_t pid) { - if (pid == _charon_pid) - { - _charon_pid = 0; - if (!_stop_requested) + if (pid == _charon_pid) { - plog("charon has died -- restart scheduled (%dsec)" - , CHARON_RESTART_DELAY); - alarm(CHARON_RESTART_DELAY); // restart in 5 sec + _charon_pid = 0; + if (!_stop_requested) + { + plog("charon has died -- restart scheduled (%dsec)" + , CHARON_RESTART_DELAY); + alarm(CHARON_RESTART_DELAY); // restart in 5 sec + } + unlink(CHARON_PID_FILE); } - unlink(CHARON_PID_FILE); - } } int starter_stop_charon (void) { - int i; - pid_t pid = _charon_pid; + int i; + pid_t pid = _charon_pid; - if (pid) - { - _stop_requested = 1; - - /* be more and more aggressive */ - for (i = 0; i < 50 && (pid = _charon_pid) != 0; i++) + if (pid) { - if (i == 0) - { - kill(pid, SIGINT); - } - else if (i < 40) - { - kill(pid, SIGTERM); - } - else if (i == 40) - { - kill(pid, SIGKILL); - plog("starter_stop_charon(): charon does not respond, sending KILL"); - } - else - { - kill(pid, SIGKILL); - } - usleep(200000); /* sleep for 200 ms */ + _stop_requested = 1; + + /* be more and more aggressive */ + for (i = 0; i < 50 && (pid = _charon_pid) != 0; i++) + { + if (i == 0) + { + kill(pid, SIGINT); + } + else if (i < 40) + { + kill(pid, SIGTERM); + } + else if (i == 40) + { + kill(pid, SIGKILL); + plog("starter_stop_charon(): charon does not respond, sending KILL"); + } + else + { + kill(pid, SIGKILL); + } + usleep(200000); /* sleep for 200 ms */ + } + if (_charon_pid == 0) + { + plog("charon stopped after %d ms", 200*i); + return 0; + } + plog("starter_stop_charon(): can't stop charon !!!"); + return -1; } - if (_charon_pid == 0) + else { - plog("charon stopped after %d ms", 200*i); - return 0; + plog("stater_stop_charon(): charon was not started..."); } - plog("starter_stop_charon(): can't stop charon !!!"); return -1; - } - else - { - plog("stater_stop_charon(): charon was not started..."); - } - return -1; } int -starter_start_charon (starter_config_t *cfg, bool no_fork) +starter_start_charon (starter_config_t *cfg, bool no_fork, bool attach_gdb) { - struct stat stb; - int pid, i; - char buffer[BUF_LEN]; - int argc = 1; - char *arg[] = { - CHARON_CMD, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, - NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, - NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, - NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL - }; - - if (!no_fork) - { - arg[argc++] = "--use-syslog"; - } - - /* parse debug string */ - { - int level; - char type[4]; - char *pos = cfg->setup.charondebug; - char *buf_pos = buffer; - - while (pos && sscanf(pos, "%4s %d,", type, &level) == 2) - { - snprintf(buf_pos, buffer + sizeof(buffer) - buf_pos, "--debug-%s", type); - arg[argc++] = buf_pos; - buf_pos += strlen(buf_pos) + 1; - if (buf_pos >= buffer + sizeof(buffer)) - { - break; - } - snprintf(buf_pos, buffer + sizeof(buffer) - buf_pos, "%d", level); - arg[argc++] = buf_pos; - buf_pos += strlen(buf_pos) + 1; - if (buf_pos >= buffer + sizeof(buffer)) - { - break; - } + struct stat stb; + int pid, i; + char buffer[BUF_LEN]; + int argc = 1; + char *arg[] = { + CHARON_CMD, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, + NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, + NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, + NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL + }; - /* get next */ - pos = strchr(pos, ','); - if (pos) - { - pos++; - } + if (attach_gdb) + { + argc = 0; + arg[argc++] = "/usr/bin/gdb"; + arg[argc++] = "--args"; + arg[argc++] = CHARON_CMD; + } + if (!no_fork) + { + arg[argc++] = "--use-syslog"; } - } - if (_charon_pid) - { - plog("starter_start_charon(): charon already started..."); - return -1; - } - else - { - unlink(CHARON_CTL_FILE); - _stop_requested = 0; - - pid = fork(); - switch (pid) + /* parse debug string */ { - case -1: - plog("can't fork(): %s", strerror(errno)); - return -1; - case 0: - /* child */ - setsid(); - sigprocmask(SIG_SETMASK, 0, NULL); - /* disable glibc's malloc checker, conflicts with leak detective */ - setenv("MALLOC_CHECK_", "0", 1); - execv(arg[0], arg); - plog("can't execv(%s,...): %s", arg[0], strerror(errno)); - exit(1); - default: - /* father */ - _charon_pid = pid; - for (i = 0; i < 500 && _charon_pid; i++) - { - /* wait for charon for a maximum of 500 x 20 ms = 10 s */ - usleep(20000); - if (stat(CHARON_PID_FILE, &stb) == 0) + int level; + char type[4]; + char *pos = cfg->setup.charondebug; + char *buf_pos = buffer; + + while (pos && sscanf(pos, "%4s %d,", type, &level) == 2) { - plog("charon (%d) started after %d ms", _charon_pid, 20*(i+1)); - return 0; + snprintf(buf_pos, buffer + sizeof(buffer) - buf_pos, "--debug-%s", type); + arg[argc++] = buf_pos; + buf_pos += strlen(buf_pos) + 1; + if (buf_pos >= buffer + sizeof(buffer)) + { + break; + } + snprintf(buf_pos, buffer + sizeof(buffer) - buf_pos, "%d", level); + arg[argc++] = buf_pos; + buf_pos += strlen(buf_pos) + 1; + if (buf_pos >= buffer + sizeof(buffer)) + { + break; + } + + /* get next */ + pos = strchr(pos, ','); + if (pos) + { + pos++; + } } - } - if (_charon_pid) - { - /* If charon is started but with no ctl file, stop it */ - plog("charon too long to start... - kill kill"); - for (i = 0; i < 20 && (pid = _charon_pid) != 0; i++) + } + + if (_charon_pid) + { + plog("starter_start_charon(): charon already started..."); + return -1; + } + else + { + unlink(CHARON_CTL_FILE); + _stop_requested = 0; + + pid = fork(); + switch (pid) { - if (i == 0) - { - kill(pid, SIGINT); - } - else if (i < 10) - { - kill(pid, SIGTERM); - } - else - { - kill(pid, SIGKILL); - } - usleep(20000); /* sleep for 20 ms */ + case -1: + plog("can't fork(): %s", strerror(errno)); + return -1; + case 0: + /* child */ + setsid(); + sigprocmask(SIG_SETMASK, 0, NULL); + /* disable glibc's malloc checker, conflicts with leak detective */ + setenv("MALLOC_CHECK_", "0", 1); + execv(arg[0], arg); + plog("can't execv(%s,...): %s", arg[0], strerror(errno)); + exit(1); + default: + /* father */ + _charon_pid = pid; + for (i = 0; i < 500 && _charon_pid; i++) + { + /* wait for charon for a maximum of 500 x 20 ms = 10 s */ + usleep(20000); + if (stat(CHARON_PID_FILE, &stb) == 0) + { + plog("charon (%d) started after %d ms", _charon_pid, 20*(i+1)); + return 0; + } + } + if (_charon_pid) + { + /* If charon is started but with no ctl file, stop it */ + plog("charon too long to start... - kill kill"); + for (i = 0; i < 20 && (pid = _charon_pid) != 0; i++) + { + if (i == 0) + { + kill(pid, SIGINT); + } + else if (i < 10) + { + kill(pid, SIGTERM); + } + else + { + kill(pid, SIGKILL); + } + usleep(20000); /* sleep for 20 ms */ + } + } + else + { + plog("charon refused to be started"); + } + return -1; } - } - else - { - plog("charon refused to be started"); - } - return -1; } - } - return -1; + return -1; } diff --git a/src/starter/invokecharon.h b/src/starter/invokecharon.h index c24d9bdb4..f0f470a8d 100644 --- a/src/starter/invokecharon.h +++ b/src/starter/invokecharon.h @@ -13,8 +13,6 @@ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. - * - * RCSID $Id: invokecharon.h 3267 2007-10-08 19:57:54Z andreas $ */ #ifndef _STARTER_CHARON_H_ @@ -25,7 +23,7 @@ extern void starter_charon_sigchild (pid_t pid); extern pid_t starter_charon_pid (void); extern int starter_stop_charon (void); -extern int starter_start_charon(struct starter_config *cfg, bool debug); +extern int starter_start_charon(struct starter_config *cfg, bool no_fork, bool attach_gdb); #endif /* _STARTER_CHARON_H_ */ diff --git a/src/starter/invokepluto.c b/src/starter/invokepluto.c index edc587124..28bd93c5d 100644 --- a/src/starter/invokepluto.c +++ b/src/starter/invokepluto.c @@ -10,8 +10,6 @@ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. - * - * RCSID $Id: invokepluto.c 5050 2009-03-27 16:14:59Z andreas $ */ #include <sys/types.h> @@ -40,267 +38,277 @@ static int _stop_requested; pid_t starter_pluto_pid(void) { - return _pluto_pid; + return _pluto_pid; } void starter_pluto_sigchild(pid_t pid) { - if (pid == _pluto_pid) - { - _pluto_pid = 0; - if (!_stop_requested) + if (pid == _pluto_pid) { - plog("pluto has died -- restart scheduled (%dsec)" - , PLUTO_RESTART_DELAY); - alarm(PLUTO_RESTART_DELAY); // restart in 5 sec + _pluto_pid = 0; + if (!_stop_requested) + { + plog("pluto has died -- restart scheduled (%dsec)" + , PLUTO_RESTART_DELAY); + alarm(PLUTO_RESTART_DELAY); // restart in 5 sec + } + unlink(PLUTO_PID_FILE); } - unlink(PLUTO_PID_FILE); - } } int starter_stop_pluto (void) { - int i; - pid_t pid = _pluto_pid; - - if (pid) - { - _stop_requested = 1; + int i; + pid_t pid = _pluto_pid; - if (starter_whack_shutdown() == 0) + if (pid) { - for (i = 0; i < 400; i++) - { - usleep(20000); /* sleep for 20 ms */ + _stop_requested = 1; + + if (starter_whack_shutdown() == 0) + { + for (i = 0; i < 400; i++) + { + usleep(20000); /* sleep for 20 ms */ + if (_pluto_pid == 0) + { + plog("pluto stopped after %d ms", 20*(i+1)); + return 0; + } + } + } + /* be more and more aggressive */ + for (i = 0; i < 20 && (pid = _pluto_pid) != 0; i++) + { + + if (i < 10) + { + kill(pid, SIGTERM); + } + if (i == 10) + { + kill(pid, SIGKILL); + plog("starter_stop_pluto(): pluto does not respond, sending KILL"); + } + else + { + kill(pid, SIGKILL); + } + usleep(100000); /* sleep for 100 ms */ + } if (_pluto_pid == 0) { - plog("pluto stopped after %d ms", 20*(i+1)); - return 0; + plog("pluto stopped after %d ms", 8000 + 100*i); + return 0; } - } - } - /* be more and more aggressive */ - for (i = 0; i < 20 && (pid = _pluto_pid) != 0; i++) - { - - if (i < 10) - { - kill(pid, SIGTERM); - } - if (i == 10) - { - kill(pid, SIGKILL); - plog("starter_stop_pluto(): pluto does not respond, sending KILL"); - } - else - { - kill(pid, SIGKILL); - } - usleep(100000); /* sleep for 100 ms */ + plog("starter_stop_pluto(): can't stop pluto !!!"); + return -1; } - if (_pluto_pid == 0) + else { - plog("pluto stopped after %d ms", 8000 + 100*i); - return 0; + plog("stater_stop_pluto(): pluto is not started..."); } - plog("starter_stop_pluto(): can't stop pluto !!!"); return -1; - } - else - { - plog("stater_stop_pluto(): pluto is not started..."); - } - return -1; } #define ADD_DEBUG(v) { \ - for (l = cfg->setup.plutodebug; l && *l; l++) if (streq(*l, v)) \ - arg[argc++] = "--debug-" v; \ - } + for (l = cfg->setup.plutodebug; l && *l; l++) if (streq(*l, v)) \ + arg[argc++] = "--debug-" v; \ + } int -starter_start_pluto (starter_config_t *cfg, bool no_fork) +starter_start_pluto (starter_config_t *cfg, bool no_fork, bool attach_gdb) { - struct stat stb; - int i; - pid_t pid; - char **l; - int argc = 2; - char *arg[] = { - PLUTO_CMD, "--nofork" - , NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL - , NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL - , NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL - , NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL - }; - - printf ("starter_start_pluto entered\n"); + struct stat stb; + int i; + pid_t pid; + char **l; + int argc = 2; + char *arg[] = { + PLUTO_CMD, "--nofork" + , NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL + , NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL + , NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL + , NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL + }; - if (cfg->setup.plutostderrlog || no_fork) - { - arg[argc++] = "--stderrlog"; - } - if (cfg->setup.uniqueids) - { - arg[argc++] = "--uniqueids"; - } - ADD_DEBUG("none") - ADD_DEBUG("all") - ADD_DEBUG("raw") - ADD_DEBUG("crypt") - ADD_DEBUG("parsing") - ADD_DEBUG("emitting") - ADD_DEBUG("control") - ADD_DEBUG("lifecycle") - ADD_DEBUG("klips") - ADD_DEBUG("dns") - ADD_DEBUG("natt") - ADD_DEBUG("oppo") - ADD_DEBUG("controlmore") - ADD_DEBUG("private") - if (cfg->setup.crlcheckinterval > 0) - { - static char buf1[15]; - - arg[argc++] = "--crlcheckinterval"; - snprintf(buf1, sizeof(buf1), "%u", cfg->setup.crlcheckinterval); - arg[argc++] = buf1; - } - if (cfg->setup.cachecrls) - { - arg[argc++] = "--cachecrls"; - } - if (cfg->setup.strictcrlpolicy) - { - arg[argc++] = "--strictcrlpolicy"; - } - if (cfg->setup.nocrsend) - { - arg[argc++] = "--nocrsend"; - } - if (cfg->setup.nat_traversal) - { - arg[argc++] = "--nat_traversal"; - } - if (cfg->setup.force_keepalive) - { - arg[argc++] = "--force_keepalive"; - } - if (cfg->setup.keep_alive) - { - static char buf2[15]; - - arg[argc++] = "--keep_alive"; - snprintf(buf2, sizeof(buf2), "%u", cfg->setup.keep_alive); - arg[argc++] = buf2; - } - if (cfg->setup.virtual_private) - { - arg[argc++] = "--virtual_private"; - arg[argc++] = cfg->setup.virtual_private; - } - if (cfg->setup.pkcs11module) - { - arg[argc++] = "--pkcs11module"; - arg[argc++] = cfg->setup.pkcs11module; - } - if (cfg->setup.pkcs11initargs) - { - arg[argc++] = "--pkcs11initargs"; - arg[argc++] = cfg->setup.pkcs11initargs; - } - if (cfg->setup.pkcs11keepstate) - { - arg[argc++] = "--pkcs11keepstate"; - } - if (cfg->setup.pkcs11proxy) - { - arg[argc++] = "--pkcs11proxy"; - } + printf ("starter_start_pluto entered\n"); + + if (attach_gdb) + { + argc = 0; + arg[argc++] = "/usr/bin/gdb"; + arg[argc++] = "--args"; + arg[argc++] = PLUTO_CMD; + arg[argc++] = "--nofork"; + } + if (cfg->setup.plutostderrlog || no_fork) + { + arg[argc++] = "--stderrlog"; + } + if (cfg->setup.uniqueids) + { + arg[argc++] = "--uniqueids"; + } + ADD_DEBUG("none") + ADD_DEBUG("all") + ADD_DEBUG("raw") + ADD_DEBUG("crypt") + ADD_DEBUG("parsing") + ADD_DEBUG("emitting") + ADD_DEBUG("control") + ADD_DEBUG("lifecycle") + ADD_DEBUG("klips") + ADD_DEBUG("dns") + ADD_DEBUG("natt") + ADD_DEBUG("oppo") + ADD_DEBUG("controlmore") + ADD_DEBUG("private") + if (cfg->setup.crlcheckinterval > 0) + { + static char buf1[15]; - if (_pluto_pid) - { - plog("starter_start_pluto(): pluto already started..."); - return -1; - } - else - { - unlink(PLUTO_CTL_FILE); - _stop_requested = 0; + arg[argc++] = "--crlcheckinterval"; + snprintf(buf1, sizeof(buf1), "%u", cfg->setup.crlcheckinterval); + arg[argc++] = buf1; + } + if (cfg->setup.cachecrls) + { + arg[argc++] = "--cachecrls"; + } + if (cfg->setup.strictcrlpolicy) + { + arg[argc++] = "--strictcrlpolicy"; + } + if (cfg->setup.nocrsend) + { + arg[argc++] = "--nocrsend"; + } + if (cfg->setup.nat_traversal) + { + arg[argc++] = "--nat_traversal"; + } + if (cfg->setup.force_keepalive) + { + arg[argc++] = "--force_keepalive"; + } + if (cfg->setup.keep_alive) + { + static char buf2[15]; - if (cfg->setup.prepluto) - ignore_result(system(cfg->setup.prepluto)); + arg[argc++] = "--keep_alive"; + snprintf(buf2, sizeof(buf2), "%u", cfg->setup.keep_alive); + arg[argc++] = buf2; + } + if (cfg->setup.virtual_private) + { + arg[argc++] = "--virtual_private"; + arg[argc++] = cfg->setup.virtual_private; + } + if (cfg->setup.pkcs11module) + { + arg[argc++] = "--pkcs11module"; + arg[argc++] = cfg->setup.pkcs11module; + } + if (cfg->setup.pkcs11initargs) + { + arg[argc++] = "--pkcs11initargs"; + arg[argc++] = cfg->setup.pkcs11initargs; + } + if (cfg->setup.pkcs11keepstate) + { + arg[argc++] = "--pkcs11keepstate"; + } + if (cfg->setup.pkcs11proxy) + { + arg[argc++] = "--pkcs11proxy"; + } - pid = fork(); - switch (pid) + if (_pluto_pid) + { + plog("starter_start_pluto(): pluto already started..."); + return -1; + } + else { - case -1: - plog("can't fork(): %s", strerror(errno)); - return -1; - case 0: - /* child */ - if (cfg->setup.plutostderrlog) - { - int f = creat(cfg->setup.plutostderrlog, 00644); + unlink(PLUTO_CTL_FILE); + _stop_requested = 0; - /* redirect stderr to file */ - if (f < 0) - { - plog("couldn't open stderr redirection file '%s'", - cfg->setup.plutostderrlog); - } - else - { - dup2(f, 2); - } - } - setsid(); - sigprocmask(SIG_SETMASK, 0, NULL); - execv(arg[0], arg); - plog("can't execv(%s,...): %s", arg[0], strerror(errno)); - exit(1); - default: - /* father */ - _pluto_pid = pid; - for (i = 0; i < 500 && _pluto_pid; i++) - { - /* wait for pluto for a maximum of 500 x 20 ms = 10 s */ - usleep(20000); - if (stat(PLUTO_CTL_FILE, &stb) == 0) - { - plog("pluto (%d) started after %d ms", _pluto_pid, 20*(i+1)); - if (cfg->setup.postpluto) - { - ignore_result(system(cfg->setup.postpluto)); - } - return 0; - } - } - if (_pluto_pid) - { - /* If pluto is started but with no ctl file, stop it */ - plog("pluto too long to start... - kill kill"); - for (i = 0; i < 20 && (pid = _pluto_pid) != 0; i++) + if (cfg->setup.prepluto) + ignore_result(system(cfg->setup.prepluto)); + + pid = fork(); + switch (pid) { - if (i < 10) - { - kill(pid, SIGTERM); - } - else - { - kill(pid, SIGKILL); - } - usleep(20000); /* sleep for 20 ms */ + case -1: + plog("can't fork(): %s", strerror(errno)); + return -1; + case 0: + /* child */ + if (cfg->setup.plutostderrlog) + { + int f = creat(cfg->setup.plutostderrlog, 00644); + + /* redirect stderr to file */ + if (f < 0) + { + plog("couldn't open stderr redirection file '%s'", + cfg->setup.plutostderrlog); + } + else + { + dup2(f, 2); + } + } + setsid(); + sigprocmask(SIG_SETMASK, 0, NULL); + /* disable glibc's malloc checker, conflicts with leak detective */ + setenv("MALLOC_CHECK_", "0", 1); + execv(arg[0], arg); + plog("can't execv(%s,...): %s", arg[0], strerror(errno)); + exit(1); + default: + /* father */ + _pluto_pid = pid; + for (i = 0; i < 500 && _pluto_pid; i++) + { + /* wait for pluto for a maximum of 500 x 20 ms = 10 s */ + usleep(20000); + if (stat(PLUTO_CTL_FILE, &stb) == 0) + { + plog("pluto (%d) started after %d ms", _pluto_pid, 20*(i+1)); + if (cfg->setup.postpluto) + { + ignore_result(system(cfg->setup.postpluto)); + } + return 0; + } + } + if (_pluto_pid) + { + /* If pluto is started but with no ctl file, stop it */ + plog("pluto too long to start... - kill kill"); + for (i = 0; i < 20 && (pid = _pluto_pid) != 0; i++) + { + if (i < 10) + { + kill(pid, SIGTERM); + } + else + { + kill(pid, SIGKILL); + } + usleep(20000); /* sleep for 20 ms */ + } + } + else + { + plog("pluto refused to be started"); + } + return -1; } - } - else - { - plog("pluto refused to be started"); - } - return -1; } - } - return -1; + return -1; } diff --git a/src/starter/invokepluto.h b/src/starter/invokepluto.h index 589a036ee..b0c89b1f1 100644 --- a/src/starter/invokepluto.h +++ b/src/starter/invokepluto.h @@ -10,8 +10,6 @@ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. - * - * RCSID $Id: invokepluto.h 3267 2007-10-08 19:57:54Z andreas $ */ #ifndef _STARTER_PLUTO_H_ @@ -22,7 +20,7 @@ extern void starter_pluto_sigchild (pid_t pid); extern pid_t starter_pluto_pid (void); extern int starter_stop_pluto (void); -extern int starter_start_pluto (struct starter_config *cfg, bool debug); +extern int starter_start_pluto (struct starter_config *cfg, bool no_fork, bool attach_gdb); #endif /* _STARTER_PLUTO_H_ */ diff --git a/src/starter/ipsec.conf.5 b/src/starter/ipsec.conf.5 index 565f15c66..31e676324 100644 --- a/src/starter/ipsec.conf.5 +++ b/src/starter/ipsec.conf.5 @@ -1,5 +1,4 @@ .TH IPSEC.CONF 5 "27 Jun 2007" -.\" RCSID $Id: ipsec.conf.5 5002 2009-03-24 15:02:12Z martin $ .SH NAME ipsec.conf \- IPsec configuration and connections .SH DESCRIPTION @@ -239,27 +238,27 @@ acceptable values are .B secret or .B psk -for shared secrets, +for pre-shared secrets, +.B pubkey +(the default) for public key signatures as well as the synonyms .B rsasig -for RSA digital signatures (the default), -.B secret|rsasig -for either, and +for RSA digital signatures and +.B ecdsasig +for Elliptic Curve DSA signatures. .B never -if negotiation is never to be attempted or accepted (useful for shunt-only conns). -Digital signatures are superior in every way to shared secrets. In IKEv2, the -two ends must not agree on this parameter, it is relevant for the -outbound authentication method only. +can be used if negotiation is never to be attempted or accepted (useful for +shunt-only conns). +Digital signatures are superior in every way to shared secrets. IKEv1 additionally supports the values .B xauthpsk and .B xauthrsasig that will enable eXtended AUTHentication (XAUTH) in addition to IKEv1 main mode based on shared secrets or digital RSA signatures, respectively. -IKEv2 additionally supports the value -.B eap, -which indicates an initiator to request EAP authentication. The EAP method to -use is selected by the server (see -.B eap). +This parameter is deprecated for IKEv2 connections, as two peers do not need +to agree on an authentication method. Use the +.B leftauth +parameter instead to define authentication methods in IKEv2. .TP .B auto what operation, if any, should be done automatically at IPsec startup; @@ -350,25 +349,9 @@ in case of inactivity. This only applies to IKEv1, in IKEv2 the default retransmission timeout applies, as every exchange is used to detect dead peers. .TP .B eap -defines the EAP type to propose as server if the client has -.B authby=eap -selected. Acceptable values are -.B aka -for EAP-AKA, -.B sim -for EAP-SIM, -.B gtc -for EAP-GTC, -.B md5 -for EAP-MD5, and -.B mschapv2 -for EAP-MS-CHAPv2. -Additionally, IANA assigned EAP method numbers are accepted, or a definition -in the form -.B eap=type-vendor -(e.g. -.B eap=7-12345 -) can be used to specify vendor specific EAP types. +defines the EAP type to propose as server if the client requests EAP +authentication. This parameter is deprecated in the favour of +.B leftauth. To forward EAP authentication to a RADIUS server using the EAP-RADIUS plugin, set @@ -509,11 +492,46 @@ and .B no (the default). .TP +.B leftauth +Authentication method to use (local) or require (remote) in this connection. +This parameter is supported in IKEv2 only. Acceptable values are +.B pubkey +for public key authentication (RSA/ECDSA), +.B psk +for pre-shared key authentication and +.B eap +to (require the) use of the Extensible Authentication Protocol. In the case +of +.B eap, +an optional EAP method can be appended. Currently defined methods are +.B eap-aka, eap-sim, eap-gtc, eap-md5 +and +.B eap-mschapv2. +Alternatively, IANA assigned EAP method numbers are accepted. Vendor specific +EAP methods are defined in the form +.B eap-type-vendor +(e.g. +.B eap-7-12345 +). +.TP +.B leftauth2 +Same as +.B leftauth, +but defines an additional authentication exchange. IKEv2 supports multiple +authentication rounds using "Multiple Authentication Exchanges" defined +in RFC4739. This allows, for example, separated authentication +of host and user (IKEv2 only). +.TP .B leftca the distinguished name of a certificate authority which is required to lie in the trust path going from the left participant's certificate up to the root certification authority. .TP +.B leftca2 +Same as +.B leftca, +but for the second authentication round (IKEv2 only). +.TP .B leftcert the path to the left participant's X.509 certificate. The file can be coded either in PEM or DER format. OpenPGP certificates are supported as well. @@ -529,6 +547,11 @@ The left participant's ID can be overriden by specifying a .B leftid value which must be certified by the certificate, though. .TP +.B leftcert2 +Same as +.B leftcert, +but for the second authentication round (IKEv2 only). +.TP .B leftfirewall whether the left participant is doing forwarding-firewalling (including masquerading) using iptables for traffic from \fIleftsubnet\fR, @@ -594,6 +617,11 @@ or a fully-qualified domain name preceded by .B @ (which is used as a literal string and not resolved). .TP +.B leftid2 +identity to use for a second authentication for the left participant +(IKEv2 only); defaults to +.BR leftid . +.TP .B leftnexthop this parameter is not needed any more because the NETKEY IPsec stack does not require explicit routing entries for the traffic to be tunneled. diff --git a/src/starter/keywords.c b/src/starter/keywords.c index e51780dc1..3ca7a92f6 100644 --- a/src/starter/keywords.c +++ b/src/starter/keywords.c @@ -1,6 +1,6 @@ /* C code produced by gperf version 3.0.3 */ -/* Command-line: /usr/bin/gperf -C -G -t */ -/* Computed positions: -k'1-2,$' */ +/* Command-line: /usr/bin/gperf -m 10 -C -G -D -t */ +/* Computed positions: -k'1-2,6,$' */ #if !((' ' == 32) && ('!' == 33) && ('"' == 34) && ('#' == 35) \ && ('%' == 37) && ('&' == 38) && ('\'' == 39) && ('(' == 40) \ @@ -43,8 +43,6 @@ error "gperf generated tables don't work with this execution character set. Plea * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. - * - * RCSID $Id: keywords.txt 4612 2008-11-11 06:37:37Z andreas $ */ #include <string.h> @@ -56,12 +54,12 @@ struct kw_entry { kw_token_t token; }; -#define TOTAL_KEYWORDS 102 +#define TOTAL_KEYWORDS 112 #define MIN_WORD_LENGTH 3 #define MAX_WORD_LENGTH 17 -#define MIN_HASH_VALUE 6 -#define MAX_HASH_VALUE 248 -/* maximum key range = 243, duplicates = 0 */ +#define MIN_HASH_VALUE 13 +#define MAX_HASH_VALUE 200 +/* maximum key range = 188, duplicates = 0 */ #ifdef __GNUC__ __inline @@ -77,198 +75,192 @@ hash (str, len) { static const unsigned char asso_values[] = { - 249, 249, 249, 249, 249, 249, 249, 249, 249, 249, - 249, 249, 249, 249, 249, 249, 249, 249, 249, 249, - 249, 249, 249, 249, 249, 249, 249, 249, 249, 249, - 249, 249, 249, 249, 249, 249, 249, 249, 249, 249, - 249, 249, 249, 249, 249, 249, 249, 249, 249, 25, - 10, 249, 249, 249, 249, 249, 249, 249, 249, 249, - 249, 249, 249, 249, 249, 249, 249, 249, 249, 249, - 249, 249, 249, 249, 249, 249, 249, 249, 249, 249, - 249, 249, 249, 249, 249, 249, 249, 249, 249, 249, - 249, 249, 249, 249, 249, 249, 249, 110, 249, 0, - 100, 5, 75, 65, 90, 0, 249, 60, 10, 15, - 80, 60, 15, 249, 0, 50, 35, 15, 30, 249, - 0, 75, 0, 249, 249, 249, 249, 249, 249, 249, - 249, 249, 249, 249, 249, 249, 249, 249, 249, 249, - 249, 249, 249, 249, 249, 249, 249, 249, 249, 249, - 249, 249, 249, 249, 249, 249, 249, 249, 249, 249, - 249, 249, 249, 249, 249, 249, 249, 249, 249, 249, - 249, 249, 249, 249, 249, 249, 249, 249, 249, 249, - 249, 249, 249, 249, 249, 249, 249, 249, 249, 249, - 249, 249, 249, 249, 249, 249, 249, 249, 249, 249, - 249, 249, 249, 249, 249, 249, 249, 249, 249, 249, - 249, 249, 249, 249, 249, 249, 249, 249, 249, 249, - 249, 249, 249, 249, 249, 249, 249, 249, 249, 249, - 249, 249, 249, 249, 249, 249, 249, 249, 249, 249, - 249, 249, 249, 249, 249, 249, 249, 249, 249, 249, - 249, 249, 249, 249, 249, 249 + 201, 201, 201, 201, 201, 201, 201, 201, 201, 201, + 201, 201, 201, 201, 201, 201, 201, 201, 201, 201, + 201, 201, 201, 201, 201, 201, 201, 201, 201, 201, + 201, 201, 201, 201, 201, 201, 201, 201, 201, 201, + 201, 201, 201, 201, 201, 201, 201, 201, 201, 3, + 42, 201, 201, 201, 201, 201, 201, 201, 201, 201, + 201, 201, 201, 201, 201, 201, 201, 201, 201, 201, + 201, 201, 201, 201, 201, 201, 201, 201, 201, 201, + 201, 201, 201, 201, 201, 201, 201, 201, 201, 201, + 201, 201, 201, 201, 201, 1, 201, 9, 201, 5, + 39, 1, 64, 47, 62, 1, 201, 88, 5, 83, + 39, 30, 21, 201, 1, 10, 6, 44, 14, 201, + 4, 54, 4, 201, 201, 201, 201, 201, 201, 201, + 201, 201, 201, 201, 201, 201, 201, 201, 201, 201, + 201, 201, 201, 201, 201, 201, 201, 201, 201, 201, + 201, 201, 201, 201, 201, 201, 201, 201, 201, 201, + 201, 201, 201, 201, 201, 201, 201, 201, 201, 201, + 201, 201, 201, 201, 201, 201, 201, 201, 201, 201, + 201, 201, 201, 201, 201, 201, 201, 201, 201, 201, + 201, 201, 201, 201, 201, 201, 201, 201, 201, 201, + 201, 201, 201, 201, 201, 201, 201, 201, 201, 201, + 201, 201, 201, 201, 201, 201, 201, 201, 201, 201, + 201, 201, 201, 201, 201, 201, 201, 201, 201, 201, + 201, 201, 201, 201, 201, 201, 201, 201, 201, 201, + 201, 201, 201, 201, 201, 201, 201, 201, 201, 201, + 201, 201, 201, 201, 201, 201 }; - return len + asso_values[(unsigned char)str[1]] + asso_values[(unsigned char)str[0]] + asso_values[(unsigned char)str[len - 1]]; + register int hval = len; + + switch (hval) + { + default: + hval += asso_values[(unsigned char)str[5]]; + /*FALLTHROUGH*/ + case 5: + case 4: + case 3: + case 2: + hval += asso_values[(unsigned char)str[1]]; + /*FALLTHROUGH*/ + case 1: + hval += asso_values[(unsigned char)str[0]]; + break; + } + return hval + asso_values[(unsigned char)str[len - 1]]; } static const struct kw_entry wordlist[] = { - {""}, {""}, {""}, {""}, {""}, {""}, + {"right", KW_RIGHT}, {"crluri", KW_CRLURI}, - {""}, {""}, {""}, {""}, {""}, {""}, {""}, - {"rekeyfuzz", KW_REKEYFUZZ}, - {""}, {""}, - {"crluri2", KW_CRLURI2}, - {""}, {""}, {""}, - {"certuribase", KW_CERTURIBASE}, - {""}, - {"rightfirewall", KW_RIGHTFIREWALL}, - {""}, - {"rightnatip", KW_RIGHTNATIP}, - {"crlcheckinterval", KW_CRLCHECKINTERVAL}, - {"rightnexthop", KW_RIGHTNEXTHOP}, - {"rightsourceip", KW_RIGHTSOURCEIP}, - {""}, {""}, {""}, + {"left", KW_LEFT}, {"crluri1", KW_CRLURI}, - {""}, {""}, {""}, {""}, - {"leftfirewall", KW_LEFTFIREWALL}, - {""}, - {"leftnatip", KW_LEFTNATIP}, - {"right", KW_RIGHT}, - {"leftnexthop", KW_LEFTNEXTHOP}, - {"leftsourceip", KW_LEFTSOURCEIP}, - {""}, + {"certuribase", KW_CERTURIBASE}, + {"leftcert", KW_LEFTCERT,}, {"rightcert", KW_RIGHTCERT}, - {""}, + {"rightca", KW_RIGHTCA}, + {"leftfirewall", KW_LEFTFIREWALL}, + {"leftsendcert", KW_LEFTSENDCERT}, + {"leftprotoport", KW_LEFTPROTOPORT}, + {"leftgroups", KW_LEFTGROUPS}, + {"crlcheckinterval", KW_CRLCHECKINTERVAL}, {"rightsubnet", KW_RIGHTSUBNET}, - {""}, + {"leftca", KW_LEFTCA}, {"rightsendcert", KW_RIGHTSENDCERT}, - {"rightprotoport", KW_RIGHTPROTOPORT}, + {"cacert", KW_CACERT}, + {"eap", KW_EAP}, + {"esp", KW_ESP}, + {"cachecrls", KW_CACHECRLS}, + {"leftnexthop", KW_LEFTNEXTHOP}, {"virtual_private", KW_VIRTUAL_PRIVATE}, - {""}, {""}, {""}, - {"left", KW_LEFT}, - {""}, {""}, {""}, - {"leftcert", KW_LEFTCERT,}, - {""}, - {"leftsubnet", KW_LEFTSUBNET}, - {"rightgroups", KW_RIGHTGROUPS}, - {"leftsendcert", KW_LEFTSENDCERT}, - {"leftprotoport", KW_LEFTPROTOPORT}, - {""}, - {"righthostaccess", KW_RIGHTHOSTACCESS}, - {""}, + {"rightprotoport", KW_RIGHTPROTOPORT}, {"ocspuri", KW_OCSPURI}, - {"ike", KW_IKE}, - {""}, + {"leftnatip", KW_LEFTNATIP}, + {"rightsourceip", KW_RIGHTSOURCEIP}, + {"ocspuri1", KW_OCSPURI}, + {"also", KW_ALSO}, + {"rightid", KW_RIGHTID}, {"plutostart", KW_PLUTOSTART}, - {""}, {""}, - {"esp", KW_ESP}, - {""}, - {"leftgroups", KW_LEFTGROUPS}, - {"ikelifetime", KW_IKELIFETIME}, - {"keylife", KW_KEYLIFE}, - {"ocspuri2", KW_OCSPURI2}, + {"rightid2", KW_RIGHTID2}, + {"compress", KW_COMPRESS}, + {"packetdefault", KW_PACKETDEFAULT}, + {"crluri2", KW_CRLURI2}, + {"rightca2", KW_RIGHTCA2}, + {"leftcert2", KW_LEFTCERT2,}, + {"rightcert2", KW_RIGHTCERT2}, {"lefthostaccess", KW_LEFTHOSTACCESS}, - {"keep_alive", KW_KEEP_ALIVE}, - {"keyexchange", KW_KEYEXCHANGE}, - {""}, - {"prepluto", KW_PREPLUTO}, - {""}, {"rekey", KW_REKEY}, - {"mobike", KW_MOBIKE}, - {""}, - {"rightallowany", KW_RIGHTALLOWANY}, - {"rightrsasigkey", KW_RIGHTRSASIGKEY}, - {""}, - {"rightupdown", KW_RIGHTUPDOWN}, - {"pkcs11module", KW_PKCS11MODULE}, - {"ocspuri1", KW_OCSPURI}, - {""}, - {"pkcs11keepstate", KW_PKCS11KEEPSTATE}, - {"rekeymargin", KW_REKEYMARGIN}, + {"ldapbase", KW_LDAPBASE}, + {"rightauth2", KW_RIGHTAUTH2}, + {"leftca2", KW_LEFTCA2}, + {"type", KW_TYPE}, + {"leftsubnet", KW_LEFTSUBNET}, + {"nat_traversal", KW_NAT_TRAVERSAL}, {"rightsubnetwithin", KW_RIGHTSUBNETWITHIN}, - {"fragicmp", KW_FRAGICMP}, - {""}, - {"plutodebug", KW_PLUTODEBUG}, - {"reauth", KW_REAUTH}, + {"leftsourceip", KW_LEFTSOURCEIP}, + {"rightgroups", KW_RIGHTGROUPS}, + {"rightrsasigkey", KW_RIGHTRSASIGKEY}, + {"rightnatip", KW_RIGHTNATIP}, + {"rightnexthop", KW_RIGHTNEXTHOP}, + {"leftupdown", KW_LEFTUPDOWN}, {"leftallowany", KW_LEFTALLOWANY}, + {"rightallowany", KW_RIGHTALLOWANY}, + {"rekeyfuzz", KW_REKEYFUZZ}, + {"xauth", KW_XAUTH}, + {"rightauth", KW_RIGHTAUTH}, {"leftrsasigkey", KW_LEFTRSASIGKEY}, - {"plutostderrlog", KW_PLUTOSTDERRLOG}, - {"leftupdown", KW_LEFTUPDOWN}, - {"mediated_by", KW_MEDIATED_BY}, - {"rightid", KW_RIGHTID}, - {""}, - {"mediation", KW_MEDIATION}, - {""}, - {"leftsubnetwithin", KW_LEFTSUBNETWITHIN}, - {""}, - {"pfsgroup", KW_PFSGROUP}, - {""}, {""}, - {"overridemtu", KW_OVERRIDEMTU}, - {"rightca", KW_RIGHTCA}, - {"compress", KW_COMPRESS}, - {"type", KW_TYPE}, - {""}, + {"rightfirewall", KW_RIGHTFIREWALL}, + {"ocspuri2", KW_OCSPURI2}, + {"auto", KW_AUTO}, + {"ldaphost", KW_LDAPHOST}, + {"righthostaccess", KW_RIGHTHOSTACCESS}, {"leftid", KW_LEFTID}, + {"strictcrlpolicy", KW_STRICTCRLPOLICY}, {"dumpdir", KW_DUMPDIR}, - {"ldapbase", KW_LDAPBASE}, - {""}, {""}, - {"keyingtries", KW_KEYINGTRIES}, - {""}, {""}, - {"me_peerid", KW_ME_PEERID}, - {""}, - {"leftca", KW_LEFTCA}, - {""}, - {"eap", KW_EAP}, - {""}, {""}, - {"charonstart", KW_CHARONSTART}, - {""}, {""}, - {"pkcs11initargs", KW_PKCS11INITARGS}, - {"interfaces", KW_INTERFACES}, - {""}, {""}, - {"pfs", KW_PFS}, + {"ike", KW_IKE}, + {"leftid2", KW_LEFTID2}, {"postpluto", KW_POSTPLUTO}, - {"klipsdebug", KW_KLIPSDEBUG}, - {""}, - {"hidetos", KW_HIDETOS}, - {""}, {""}, - {"modeconfig", KW_MODECONFIG}, - {"cacert", KW_CACERT}, - {""}, - {"ldaphost", KW_LDAPHOST}, + {"rightupdown", KW_RIGHTUPDOWN}, + {"plutostderrlog", KW_PLUTOSTDERRLOG}, + {"pfs", KW_PFS}, + {"fragicmp", KW_FRAGICMP}, + {"overridemtu", KW_OVERRIDEMTU}, + {"leftauth2", KW_LEFTAUTH2}, {"uniqueids", KW_UNIQUEIDS}, + {"prepluto", KW_PREPLUTO}, + {"leftsubnetwithin", KW_LEFTSUBNETWITHIN}, + {"keyexchange", KW_KEYEXCHANGE}, + {"keep_alive", KW_KEEP_ALIVE}, + {"hidetos", KW_HIDETOS}, {"force_keepalive", KW_FORCE_KEEPALIVE}, - {""}, {""}, {""}, {""}, - {"dpdtimeout", KW_DPDTIMEOUT}, - {"pkcs11proxy", KW_PKCS11PROXY}, - {""}, {""}, {""}, {""}, - {"charondebug", KW_CHARONDEBUG}, - {""}, {"installpolicy", KW_INSTALLPOLICY}, - {"cachecrls", KW_CACHECRLS}, - {""}, {""}, {""}, - {"packetdefault", KW_PACKETDEFAULT}, - {""}, - {"strictcrlpolicy", KW_STRICTCRLPOLICY}, - {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""}, - {"also", KW_ALSO}, - {""}, {""}, {""}, {""}, - {"auto", KW_AUTO}, - {""}, {""}, {""}, {""}, {""}, {""}, + {"dpdaction", KW_DPDACTION}, + {"eap_identity", KW_EAP_IDENTITY}, {"forceencaps", KW_FORCEENCAPS}, - {""}, + {"nocrsend", KW_NOCRSEND}, + {"auth", KW_AUTH}, + {"leftauth", KW_LEFTAUTH}, + {"mobike", KW_MOBIKE}, + {"plutodebug", KW_PLUTODEBUG}, + {"charonstart", KW_CHARONSTART}, + {"interfaces", KW_INTERFACES}, + {"pkcs11module", KW_PKCS11MODULE}, {"dpddelay", KW_DPDDELAY}, - {""}, {""}, {""}, - {"eap_identity", KW_EAP_IDENTITY}, - {""}, - {"dpdaction", KW_DPDACTION}, - {"xauth", KW_XAUTH}, + {"pkcs11keepstate", KW_PKCS11KEEPSTATE}, + {"reauth", KW_REAUTH}, + {"me_peerid", KW_ME_PEERID}, + {"rekeymargin", KW_REKEYMARGIN}, + {"pkcs11initargs", KW_PKCS11INITARGS}, + {"mediation", KW_MEDIATION}, + {"pfsgroup", KW_PFSGROUP}, + {"mediated_by", KW_MEDIATED_BY}, + {"keyingtries", KW_KEYINGTRIES}, + {"dpdtimeout", KW_DPDTIMEOUT}, + {"keylife", KW_KEYLIFE}, + {"charondebug", KW_CHARONDEBUG}, + {"ikelifetime", KW_IKELIFETIME}, {"authby", KW_AUTHBY}, - {""}, {""}, {""}, {""}, {""}, {""}, - {"nat_traversal", KW_NAT_TRAVERSAL}, - {""}, {""}, {""}, {""}, {""}, - {"auth", KW_AUTH}, - {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""}, - {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""}, - {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""}, - {""}, - {"nocrsend", KW_NOCRSEND} + {"pkcs11proxy", KW_PKCS11PROXY}, + {"klipsdebug", KW_KLIPSDEBUG}, + {"modeconfig", KW_MODECONFIG} + }; + +static const short lookup[] = + { + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, 0, 1, -1, 2, 3, -1, 4, + -1, 5, 6, 7, 8, 9, 10, 11, 12, 13, + 14, 15, 16, -1, 17, 18, -1, -1, 19, 20, + 21, -1, -1, 22, 23, 24, 25, 26, 27, 28, + -1, -1, 29, 30, 31, 32, 33, 34, 35, 36, + 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, + 47, 48, 49, -1, 50, -1, 51, 52, 53, 54, + 55, -1, 56, 57, 58, -1, 59, 60, 61, 62, + 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, + 73, 74, -1, 75, 76, 77, 78, -1, -1, 79, + 80, 81, 82, -1, 83, 84, 85, 86, -1, 87, + 88, 89, 90, 91, 92, 93, -1, 94, 95, -1, + -1, -1, 96, 97, -1, 98, 99, -1, 100, -1, + -1, -1, -1, -1, 101, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, 102, -1, 103, -1, 104, + -1, 105, -1, -1, 106, 107, -1, 108, -1, -1, + -1, -1, -1, -1, -1, -1, -1, 109, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, 110, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + 111 }; #ifdef __GNUC__ @@ -288,10 +280,15 @@ in_word_set (str, len) if (key <= MAX_HASH_VALUE && key >= 0) { - register const char *s = wordlist[key].name; + register int index = lookup[key]; + + if (index >= 0) + { + register const char *s = wordlist[index].name; - if (*str == *s && !strcmp (str + 1, s + 1)) - return &wordlist[key]; + if (*str == *s && !strcmp (str + 1, s + 1)) + return &wordlist[index]; + } } } return 0; diff --git a/src/starter/keywords.h b/src/starter/keywords.h index 756c33075..ae9a6d15f 100644 --- a/src/starter/keywords.h +++ b/src/starter/keywords.h @@ -11,177 +11,185 @@ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. - * - * RCSID $Id: keywords.h 4612 2008-11-11 06:37:37Z andreas $ */ #ifndef _KEYWORDS_H_ #define _KEYWORDS_H_ typedef enum { - /* config setup keywords */ - KW_INTERFACES, - KW_DUMPDIR, - KW_CHARONSTART, - KW_PLUTOSTART, - - /* pluto/charon keywords */ - KW_PLUTODEBUG, - KW_CHARONDEBUG, - KW_PREPLUTO, - KW_POSTPLUTO, - KW_PLUTOSTDERRLOG, - KW_UNIQUEIDS, - KW_OVERRIDEMTU, - KW_CRLCHECKINTERVAL, - KW_CACHECRLS, - KW_STRICTCRLPOLICY, - KW_NOCRSEND, - KW_NAT_TRAVERSAL, - KW_KEEP_ALIVE, - KW_FORCE_KEEPALIVE, - KW_VIRTUAL_PRIVATE, - KW_PKCS11MODULE, - KW_PKCS11INITARGS, - KW_PKCS11KEEPSTATE, - KW_PKCS11PROXY, - -#define KW_PLUTO_FIRST KW_PLUTODEBUG -#define KW_PLUTO_LAST KW_PKCS11PROXY - - /* KLIPS keywords */ - KW_KLIPSDEBUG, - KW_FRAGICMP, - KW_PACKETDEFAULT, - KW_HIDETOS, - -#define KW_KLIPS_FIRST KW_KLIPSDEBUG -#define KW_KLIPS_LAST KW_HIDETOS - -#define KW_SETUP_FIRST KW_INTERFACES -#define KW_SETUP_LAST KW_HIDETOS - - /* conn section keywords */ - KW_CONN_NAME, - KW_CONN_SETUP, - KW_KEYEXCHANGE, - KW_TYPE, - KW_PFS, - KW_COMPRESS, - KW_INSTALLPOLICY, - KW_AUTH, - KW_AUTHBY, - KW_EAP, - KW_EAP_IDENTITY, - KW_MOBIKE, - KW_FORCEENCAPS, - KW_IKELIFETIME, - KW_KEYLIFE, - KW_REKEYMARGIN, - KW_KEYINGTRIES, - KW_REKEYFUZZ, - KW_REKEY, - KW_REAUTH, - KW_IKE, - KW_ESP, - KW_PFSGROUP, - KW_DPDDELAY, - KW_DPDTIMEOUT, - KW_DPDACTION, - KW_MODECONFIG, - KW_XAUTH, - KW_MEDIATION, - KW_MEDIATED_BY, - KW_ME_PEERID, - -#define KW_CONN_FIRST KW_CONN_SETUP -#define KW_CONN_LAST KW_ME_PEERID + /* config setup keywords */ + KW_INTERFACES, + KW_DUMPDIR, + KW_CHARONSTART, + KW_PLUTOSTART, + + /* pluto/charon keywords */ + KW_PLUTODEBUG, + KW_CHARONDEBUG, + KW_PREPLUTO, + KW_POSTPLUTO, + KW_PLUTOSTDERRLOG, + KW_UNIQUEIDS, + KW_OVERRIDEMTU, + KW_CRLCHECKINTERVAL, + KW_CACHECRLS, + KW_STRICTCRLPOLICY, + KW_NOCRSEND, + KW_NAT_TRAVERSAL, + KW_KEEP_ALIVE, + KW_FORCE_KEEPALIVE, + KW_VIRTUAL_PRIVATE, + KW_PKCS11MODULE, + KW_PKCS11INITARGS, + KW_PKCS11KEEPSTATE, + KW_PKCS11PROXY, + +#define KW_PLUTO_FIRST KW_PLUTODEBUG +#define KW_PLUTO_LAST KW_PKCS11PROXY + + /* KLIPS keywords */ + KW_KLIPSDEBUG, + KW_FRAGICMP, + KW_PACKETDEFAULT, + KW_HIDETOS, + +#define KW_KLIPS_FIRST KW_KLIPSDEBUG +#define KW_KLIPS_LAST KW_HIDETOS + +#define KW_SETUP_FIRST KW_INTERFACES +#define KW_SETUP_LAST KW_HIDETOS + + /* conn section keywords */ + KW_CONN_NAME, + KW_CONN_SETUP, + KW_KEYEXCHANGE, + KW_TYPE, + KW_PFS, + KW_COMPRESS, + KW_INSTALLPOLICY, + KW_AUTH, + KW_AUTHBY, + KW_EAP, + KW_EAP_IDENTITY, + KW_MOBIKE, + KW_FORCEENCAPS, + KW_IKELIFETIME, + KW_KEYLIFE, + KW_REKEYMARGIN, + KW_KEYINGTRIES, + KW_REKEYFUZZ, + KW_REKEY, + KW_REAUTH, + KW_IKE, + KW_ESP, + KW_PFSGROUP, + KW_DPDDELAY, + KW_DPDTIMEOUT, + KW_DPDACTION, + KW_MODECONFIG, + KW_XAUTH, + KW_MEDIATION, + KW_MEDIATED_BY, + KW_ME_PEERID, + +#define KW_CONN_FIRST KW_CONN_SETUP +#define KW_CONN_LAST KW_ME_PEERID /* ca section keywords */ - KW_CA_NAME, - KW_CA_SETUP, - KW_CACERT, - KW_LDAPHOST, - KW_LDAPBASE, - KW_CRLURI, - KW_CRLURI2, - KW_OCSPURI, - KW_OCSPURI2, - KW_CERTURIBASE, - -#define KW_CA_FIRST KW_CA_SETUP -#define KW_CA_LAST KW_CERTURIBASE + KW_CA_NAME, + KW_CA_SETUP, + KW_CACERT, + KW_LDAPHOST, + KW_LDAPBASE, + KW_CRLURI, + KW_CRLURI2, + KW_OCSPURI, + KW_OCSPURI2, + KW_CERTURIBASE, + +#define KW_CA_FIRST KW_CA_SETUP +#define KW_CA_LAST KW_CERTURIBASE /* end keywords */ - KW_HOST, - KW_NEXTHOP, - KW_SUBNET, - KW_SUBNETWITHIN, - KW_PROTOPORT, - KW_SOURCEIP, - KW_NATIP, - KW_FIREWALL, - KW_HOSTACCESS, - KW_ALLOWANY, - KW_UPDOWN, - KW_ID, - KW_RSASIGKEY, - KW_CERT, - KW_SENDCERT, - KW_CA, - KW_GROUPS, - KW_IFACE, - -#define KW_END_FIRST KW_HOST -#define KW_END_LAST KW_IFACE + KW_HOST, + KW_NEXTHOP, + KW_SUBNET, + KW_SUBNETWITHIN, + KW_PROTOPORT, + KW_SOURCEIP, + KW_NATIP, + KW_FIREWALL, + KW_HOSTACCESS, + KW_ALLOWANY, + KW_UPDOWN, + KW_ID, + KW_RSASIGKEY, + KW_CERT, + KW_SENDCERT, + KW_CA, + KW_GROUPS, + KW_IFACE, + +#define KW_END_FIRST KW_HOST +#define KW_END_LAST KW_IFACE /* left end keywords */ - KW_LEFT, - KW_LEFTNEXTHOP, - KW_LEFTSUBNET, - KW_LEFTSUBNETWITHIN, - KW_LEFTPROTOPORT, - KW_LEFTSOURCEIP, - KW_LEFTNATIP, - KW_LEFTFIREWALL, - KW_LEFTHOSTACCESS, - KW_LEFTALLOWANY, - KW_LEFTUPDOWN, - KW_LEFTID, - KW_LEFTRSASIGKEY, - KW_LEFTCERT, - KW_LEFTSENDCERT, - KW_LEFTCA, - KW_LEFTGROUPS, - -#define KW_LEFT_FIRST KW_LEFT -#define KW_LEFT_LAST KW_LEFTGROUPS + KW_LEFT, + KW_LEFTNEXTHOP, + KW_LEFTSUBNET, + KW_LEFTSUBNETWITHIN, + KW_LEFTPROTOPORT, + KW_LEFTSOURCEIP, + KW_LEFTNATIP, + KW_LEFTFIREWALL, + KW_LEFTHOSTACCESS, + KW_LEFTALLOWANY, + KW_LEFTUPDOWN, + KW_LEFTAUTH, + KW_LEFTAUTH2, + KW_LEFTID, + KW_LEFTID2, + KW_LEFTRSASIGKEY, + KW_LEFTCERT, + KW_LEFTCERT2, + KW_LEFTSENDCERT, + KW_LEFTCA, + KW_LEFTCA2, + KW_LEFTGROUPS, + +#define KW_LEFT_FIRST KW_LEFT +#define KW_LEFT_LAST KW_LEFTGROUPS /* right end keywords */ - KW_RIGHT, - KW_RIGHTNEXTHOP, - KW_RIGHTSUBNET, - KW_RIGHTSUBNETWITHIN, - KW_RIGHTPROTOPORT, - KW_RIGHTSOURCEIP, - KW_RIGHTNATIP, - KW_RIGHTFIREWALL, - KW_RIGHTHOSTACCESS, - KW_RIGHTALLOWANY, - KW_RIGHTUPDOWN, - KW_RIGHTID, - KW_RIGHTRSASIGKEY, - KW_RIGHTCERT, - KW_RIGHTSENDCERT, - KW_RIGHTCA, - KW_RIGHTGROUPS, - -#define KW_RIGHT_FIRST KW_RIGHT -#define KW_RIGHT_LAST KW_RIGHTGROUPS - - /* general section keywords */ - KW_ALSO, - KW_AUTO + KW_RIGHT, + KW_RIGHTNEXTHOP, + KW_RIGHTSUBNET, + KW_RIGHTSUBNETWITHIN, + KW_RIGHTPROTOPORT, + KW_RIGHTSOURCEIP, + KW_RIGHTNATIP, + KW_RIGHTFIREWALL, + KW_RIGHTHOSTACCESS, + KW_RIGHTALLOWANY, + KW_RIGHTUPDOWN, + KW_RIGHTAUTH, + KW_RIGHTAUTH2, + KW_RIGHTID, + KW_RIGHTID2, + KW_RIGHTRSASIGKEY, + KW_RIGHTCERT, + KW_RIGHTCERT2, + KW_RIGHTSENDCERT, + KW_RIGHTCA, + KW_RIGHTCA2, + KW_RIGHTGROUPS, + +#define KW_RIGHT_FIRST KW_RIGHT +#define KW_RIGHT_LAST KW_RIGHTGROUPS + + /* general section keywords */ + KW_ALSO, + KW_AUTO } kw_token_t; diff --git a/src/starter/keywords.txt b/src/starter/keywords.txt index 8dfa03325..66c894850 100644 --- a/src/starter/keywords.txt +++ b/src/starter/keywords.txt @@ -12,8 +12,6 @@ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. - * - * RCSID $Id: keywords.txt 4612 2008-11-11 06:37:37Z andreas $ */ #include <string.h> @@ -104,10 +102,15 @@ lefthostaccess, KW_LEFTHOSTACCESS leftallowany, KW_LEFTALLOWANY leftupdown, KW_LEFTUPDOWN leftid, KW_LEFTID +leftid2, KW_LEFTID2 +leftauth, KW_LEFTAUTH +leftauth2, KW_LEFTAUTH2 leftrsasigkey, KW_LEFTRSASIGKEY leftcert, KW_LEFTCERT, +leftcert2, KW_LEFTCERT2, leftsendcert, KW_LEFTSENDCERT leftca, KW_LEFTCA +leftca2, KW_LEFTCA2 leftgroups, KW_LEFTGROUPS right, KW_RIGHT rightnexthop, KW_RIGHTNEXTHOP @@ -121,10 +124,15 @@ righthostaccess, KW_RIGHTHOSTACCESS rightallowany, KW_RIGHTALLOWANY rightupdown, KW_RIGHTUPDOWN rightid, KW_RIGHTID +rightid2, KW_RIGHTID2 +rightauth, KW_RIGHTAUTH +rightauth2, KW_RIGHTAUTH2 rightrsasigkey, KW_RIGHTRSASIGKEY rightcert, KW_RIGHTCERT +rightcert2, KW_RIGHTCERT2 rightsendcert, KW_RIGHTSENDCERT rightca, KW_RIGHTCA +rightca2, KW_RIGHTCA2 rightgroups, KW_RIGHTGROUPS also, KW_ALSO auto, KW_AUTO diff --git a/src/starter/klips.c b/src/starter/klips.c index 5c8164419..061dee50c 100644 --- a/src/starter/klips.c +++ b/src/starter/klips.c @@ -10,8 +10,6 @@ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. - * - * RCSID $Id: klips.c 4632 2008-11-11 18:37:19Z martin $ */ #include <sys/types.h> @@ -29,54 +27,54 @@ bool starter_klips_init(void) { - struct stat stb; - - if (stat(PROC_KLIPS, &stb) != 0) - { - /* ipsec module makes the pf_key proc interface visible */ - if (stat(PROC_MODULES, &stb) == 0) - { - ignore_result(system("modprobe -qv ipsec")); - } + struct stat stb; - /* now test again */ if (stat(PROC_KLIPS, &stb) != 0) { - DBG(DBG_CONTROL, - DBG_log("kernel appears to lack the KLIPS IPsec stack") - ) - return FALSE; + /* ipsec module makes the pf_key proc interface visible */ + if (stat(PROC_MODULES, &stb) == 0) + { + ignore_result(system("modprobe -qv ipsec")); + } + + /* now test again */ + if (stat(PROC_KLIPS, &stb) != 0) + { + DBG(DBG_CONTROL, + DBG_log("kernel appears to lack the KLIPS IPsec stack") + ) + return FALSE; + } } - } - - /* load crypto algorithm modules */ - ignore_result(system("modprobe -qv ipsec_aes")); - ignore_result(system("modprobe -qv ipsec_blowfish")); - ignore_result(system("modprobe -qv ipsec_sha2")); + + /* load crypto algorithm modules */ + ignore_result(system("modprobe -qv ipsec_aes")); + ignore_result(system("modprobe -qv ipsec_blowfish")); + ignore_result(system("modprobe -qv ipsec_sha2")); - DBG(DBG_CONTROL, - DBG_log("Found KLIPS IPsec stack") - ) - - return TRUE; + DBG(DBG_CONTROL, + DBG_log("Found KLIPS IPsec stack") + ) + + return TRUE; } void starter_klips_cleanup(void) { - if (system("type eroute > /dev/null 2>&1") == 0) - { - ignore_result(system("spi --clear")); - ignore_result(system("eroute --clear")); - } - else if (system("type setkey > /dev/null 2>&1") == 0) - { - ignore_result(system("setkey -F")); - ignore_result(system("setkey -FP")); - } - else - { - plog("WARNING: cannot flush IPsec state/policy database"); - } + if (system("type eroute > /dev/null 2>&1") == 0) + { + ignore_result(system("spi --clear")); + ignore_result(system("eroute --clear")); + } + else if (system("type setkey > /dev/null 2>&1") == 0) + { + ignore_result(system("setkey -F")); + ignore_result(system("setkey -FP")); + } + else + { + plog("WARNING: cannot flush IPsec state/policy database"); + } } diff --git a/src/starter/klips.h b/src/starter/klips.h index 60055b4f1..e93348df1 100644 --- a/src/starter/klips.h +++ b/src/starter/klips.h @@ -10,8 +10,6 @@ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. - * - * RCSID $Id: klips.h 4618 2008-11-11 09:22:00Z tobias $ */ #ifndef _STARTER_KLIPS_H_ diff --git a/src/starter/lex.yy.c b/src/starter/lex.yy.c index 8edb9e3e6..4596c0cc3 100644 --- a/src/starter/lex.yy.c +++ b/src/starter/lex.yy.c @@ -141,7 +141,15 @@ typedef unsigned int flex_uint32_t; /* Size of default input buffer. */ #ifndef YY_BUF_SIZE +#ifdef __ia64__ +/* On IA-64, the buffer size is 16k, not 8k. + * Moreover, YY_BUF_SIZE is 2*YY_READ_BUF_SIZE in the general case. + * Ditto for the __ia64__ case accordingly. + */ +#define YY_BUF_SIZE 32768 +#else #define YY_BUF_SIZE 16384 +#endif /* __ia64__ */ #endif /* The state buf must be large enough to hold one state per character in the main buffer. @@ -479,8 +487,9 @@ int yy_flex_debug = 0; #define YY_MORE_ADJ 0 #define YY_RESTORE_YY_MORE_OFFSET char *yytext; -#line 1 "parser.l" -#line 2 "parser.l" +#line 1 "./parser.l" +#define YY_NO_INPUT 1 +#line 4 "./parser.l" /* FreeS/WAN config file parser (parser.l) * Copyright (C) 2001 Mathieu Lafon - Arkoon Network Security * @@ -493,8 +502,6 @@ char *yytext; * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. - * - * RCSID $Id: parser.l 4632 2008-11-11 18:37:19Z martin $ */ #include <string.h> @@ -505,8 +512,6 @@ char *yytext; #define MAX_INCLUDE_DEPTH 20 -#define YY_NO_INPUT -#define YY_NO_UNPUT extern void yyerror(const char *); extern int yylex (void); @@ -525,94 +530,94 @@ int _parser_y_include (const char *filename); void _parser_y_error(char *b, int size, const char *s) { - extern char *yytext; // was: char yytext[]; + extern char *yytext; // was: char yytext[]; - snprintf(b, size, "%s:%d: %s [%s]", - __parser_y_private.filename[__parser_y_private.stack_ptr], - __parser_y_private.line[__parser_y_private.stack_ptr], - s, yytext); + snprintf(b, size, "%s:%d: %s [%s]", + __parser_y_private.filename[__parser_y_private.stack_ptr], + __parser_y_private.line[__parser_y_private.stack_ptr], + s, yytext); } void _parser_y_init (const char *f) { - memset(&__parser_y_private, 0, sizeof(__parser_y_private)); - __parser_y_private.line[0] = 1; - __parser_y_private.filename[0] = strdup(f); + memset(&__parser_y_private, 0, sizeof(__parser_y_private)); + __parser_y_private.line[0] = 1; + __parser_y_private.filename[0] = strdup(f); } void _parser_y_fini (void) { - unsigned int i; - - for (i = 0; i < MAX_INCLUDE_DEPTH; i++) - { - if (__parser_y_private.filename[i]) - free(__parser_y_private.filename[i]); - if (__parser_y_private.file[i]) - fclose(__parser_y_private.file[i]); - } - memset(&__parser_y_private, 0, sizeof(__parser_y_private)); + unsigned int i; + + for (i = 0; i < MAX_INCLUDE_DEPTH; i++) + { + if (__parser_y_private.filename[i]) + free(__parser_y_private.filename[i]); + if (__parser_y_private.file[i]) + fclose(__parser_y_private.file[i]); + } + memset(&__parser_y_private, 0, sizeof(__parser_y_private)); } int _parser_y_include (const char *filename) { - glob_t files; - int i, ret; - - ret = glob(filename, GLOB_ERR, NULL, &files); - if (ret) - { - const char *err; + glob_t files; + int i, ret; - switch (ret) + ret = glob(filename, GLOB_ERR, NULL, &files); + if (ret) { - case GLOB_NOSPACE: - err = "include files ran out of memory"; - break; - case GLOB_ABORTED: - err = "include files aborted due to read error"; - break; - case GLOB_NOMATCH: - err = "include files found no matches"; - break; - default: - err = "unknown include files error"; - } - yyerror(err); - return 1; - } - - for (i = 0; i < files.gl_pathc; i++) - { - FILE *f; - unsigned int p = __parser_y_private.stack_ptr + 1; + const char *err; - if (p >= MAX_INCLUDE_DEPTH) - { - yyerror("max inclusion depth reached"); - return 1; + switch (ret) + { + case GLOB_NOSPACE: + err = "include files ran out of memory"; + break; + case GLOB_ABORTED: + err = "include files aborted due to read error"; + break; + case GLOB_NOMATCH: + err = "include files found no matches"; + break; + default: + err = "unknown include files error"; + } + yyerror(err); + return 1; } - f = fopen(files.gl_pathv[i], "r"); - if (!f) + for (i = 0; i < files.gl_pathc; i++) { - yyerror("can't open include filename"); - continue; - } + FILE *f; + unsigned int p = __parser_y_private.stack_ptr + 1; - __parser_y_private.stack_ptr++; - __parser_y_private.file[p] = f; - __parser_y_private.stack[p] = YY_CURRENT_BUFFER; - __parser_y_private.line[p] = 1; - __parser_y_private.filename[p] = strdup(files.gl_pathv[i]); + if (p >= MAX_INCLUDE_DEPTH) + { + yyerror("max inclusion depth reached"); + return 1; + } - yy_switch_to_buffer(yy_create_buffer(f,YY_BUF_SIZE)); - } - globfree(&files); - return 0; + f = fopen(files.gl_pathv[i], "r"); + if (!f) + { + yyerror("can't open include filename"); + continue; + } + + __parser_y_private.stack_ptr++; + __parser_y_private.file[p] = f; + __parser_y_private.stack[p] = YY_CURRENT_BUFFER; + __parser_y_private.line[p] = 1; + __parser_y_private.filename[p] = strdup(files.gl_pathv[i]); + + yy_switch_to_buffer(yy_create_buffer(f,YY_BUF_SIZE)); + } + globfree(&files); + return 0; } -#line 616 "lex.yy.c" +#line 621 "lex.yy.c" #define INITIAL 0 @@ -691,7 +696,12 @@ static int input (void ); /* Amount of stuff to slurp up with each read. */ #ifndef YY_READ_BUF_SIZE +#ifdef __ia64__ +/* On IA-64, the buffer size is 16k, not 8k */ +#define YY_READ_BUF_SIZE 16384 +#else #define YY_READ_BUF_SIZE 8192 +#endif /* __ia64__ */ #endif /* Copy whatever the last rule matched to the standard output. */ @@ -795,10 +805,10 @@ YY_DECL register char *yy_cp, *yy_bp; register int yy_act; -#line 135 "parser.l" +#line 133 "./parser.l" -#line 802 "lex.yy.c" +#line 812 "lex.yy.c" if ( !(yy_init) ) { @@ -883,106 +893,106 @@ do_action: /* This label is used only to access EOF actions. */ goto yy_find_action; case YY_STATE_EOF(INITIAL): -#line 137 "parser.l" +#line 135 "./parser.l" { - if (__parser_y_private.filename[__parser_y_private.stack_ptr]) { - free(__parser_y_private.filename[__parser_y_private.stack_ptr]); - __parser_y_private.filename[__parser_y_private.stack_ptr] = NULL; - } - if (__parser_y_private.file[__parser_y_private.stack_ptr]) { - fclose(__parser_y_private.file[__parser_y_private.stack_ptr]); - __parser_y_private.file[__parser_y_private.stack_ptr] = NULL; - yy_delete_buffer (YY_CURRENT_BUFFER); - yy_switch_to_buffer - (__parser_y_private.stack[__parser_y_private.stack_ptr]); - } - if (--__parser_y_private.stack_ptr < 0) { - yyterminate(); - } + if (__parser_y_private.filename[__parser_y_private.stack_ptr]) { + free(__parser_y_private.filename[__parser_y_private.stack_ptr]); + __parser_y_private.filename[__parser_y_private.stack_ptr] = NULL; + } + if (__parser_y_private.file[__parser_y_private.stack_ptr]) { + fclose(__parser_y_private.file[__parser_y_private.stack_ptr]); + __parser_y_private.file[__parser_y_private.stack_ptr] = NULL; + yy_delete_buffer (YY_CURRENT_BUFFER); + yy_switch_to_buffer + (__parser_y_private.stack[__parser_y_private.stack_ptr]); + } + if (--__parser_y_private.stack_ptr < 0) { + yyterminate(); + } } YY_BREAK case 1: YY_RULE_SETUP -#line 154 "parser.l" +#line 152 "./parser.l" return FIRST_SPACES; YY_BREAK case 2: YY_RULE_SETUP -#line 156 "parser.l" +#line 154 "./parser.l" /* ignore spaces in line */ ; YY_BREAK case 3: YY_RULE_SETUP -#line 158 "parser.l" +#line 156 "./parser.l" return EQUAL; YY_BREAK case 4: /* rule 4 can match eol */ YY_RULE_SETUP -#line 160 "parser.l" +#line 158 "./parser.l" { - __parser_y_private.line[__parser_y_private.stack_ptr]++; - return EOL; - } + __parser_y_private.line[__parser_y_private.stack_ptr]++; + return EOL; + } YY_BREAK case 5: YY_RULE_SETUP -#line 165 "parser.l" +#line 163 "./parser.l" return CONFIG; YY_BREAK case 6: YY_RULE_SETUP -#line 166 "parser.l" +#line 164 "./parser.l" return SETUP; YY_BREAK case 7: YY_RULE_SETUP -#line 167 "parser.l" +#line 165 "./parser.l" return CONN; YY_BREAK case 8: YY_RULE_SETUP -#line 168 "parser.l" +#line 166 "./parser.l" return CA; YY_BREAK case 9: YY_RULE_SETUP -#line 169 "parser.l" +#line 167 "./parser.l" return INCLUDE; YY_BREAK case 10: YY_RULE_SETUP -#line 170 "parser.l" +#line 168 "./parser.l" return FILE_VERSION; YY_BREAK case 11: YY_RULE_SETUP -#line 172 "parser.l" +#line 170 "./parser.l" { - yylval.s = strdup(yytext); - return STRING; - } + yylval.s = strdup(yytext); + return STRING; + } YY_BREAK case 12: YY_RULE_SETUP -#line 177 "parser.l" +#line 175 "./parser.l" { - yylval.s = strdup(yytext+1); - if (yylval.s) yylval.s[strlen(yylval.s)-1]='\0'; - return STRING; - } + yylval.s = strdup(yytext+1); + if (yylval.s) yylval.s[strlen(yylval.s)-1]='\0'; + return STRING; + } YY_BREAK case 13: YY_RULE_SETUP -#line 183 "parser.l" +#line 181 "./parser.l" yyerror(yytext); YY_BREAK case 14: YY_RULE_SETUP -#line 185 "parser.l" +#line 183 "./parser.l" ECHO; YY_BREAK -#line 986 "lex.yy.c" +#line 996 "lex.yy.c" case YY_END_OF_BUFFER: { @@ -1704,8 +1714,8 @@ YY_BUFFER_STATE yy_scan_string (yyconst char * yystr ) /** Setup the input buffer state to scan the given bytes. The next call to yylex() will * scan from a @e copy of @a bytes. - * @param bytes the byte buffer to scan - * @param len the number of bytes in the buffer pointed to by @a bytes. + * @param yybytes the byte buffer to scan + * @param _yybytes_len the number of bytes in the buffer pointed to by @a bytes. * * @return the newly allocated buffer state object. */ @@ -1944,13 +1954,13 @@ void yyfree (void * ptr ) #define YYTABLES_NAME "yytables" -#line 185 "parser.l" +#line 183 "./parser.l" int yywrap(void) { - return 1; + return 1; } diff --git a/src/starter/loglite.c b/src/starter/loglite.c index 94d9b79bb..415cf931c 100644 --- a/src/starter/loglite.c +++ b/src/starter/loglite.c @@ -11,8 +11,6 @@ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. - * - * RCSID $Id: loglite.c 3267 2007-10-08 19:57:54Z andreas $ */ #include <stdio.h> @@ -23,7 +21,7 @@ #include <errno.h> #include <string.h> #include <unistd.h> -#include <signal.h> /* used only if MSG_NOSIGNAL not defined */ +#include <signal.h> /* used only if MSG_NOSIGNAL not defined */ #include <libgen.h> #include <sys/stat.h> #include <sys/types.h> @@ -36,118 +34,118 @@ #include <whack.h> bool - log_to_stderr = FALSE, /* should log go to stderr? */ - log_to_syslog = TRUE; /* should log go to syslog? */ + log_to_stderr = FALSE, /* should log go to stderr? */ + log_to_syslog = TRUE; /* should log go to syslog? */ void init_log(const char *program) { - if (log_to_stderr) - setbuf(stderr, NULL); - if (log_to_syslog) - openlog(program, LOG_CONS | LOG_NDELAY | LOG_PID, LOG_AUTHPRIV); + if (log_to_stderr) + setbuf(stderr, NULL); + if (log_to_syslog) + openlog(program, LOG_CONS | LOG_NDELAY | LOG_PID, LOG_AUTHPRIV); } void close_log(void) { - if (log_to_syslog) - closelog(); + if (log_to_syslog) + closelog(); } void plog(const char *message, ...) { - va_list args; - char m[LOG_WIDTH]; /* longer messages will be truncated */ + va_list args; + char m[LOG_WIDTH]; /* longer messages will be truncated */ - va_start(args, message); - vsnprintf(m, sizeof(m), message, args); - va_end(args); + va_start(args, message); + vsnprintf(m, sizeof(m), message, args); + va_end(args); - if (log_to_stderr) - fprintf(stderr, "%s\n", m); - if (log_to_syslog) - syslog(LOG_WARNING, "%s", m); + if (log_to_stderr) + fprintf(stderr, "%s\n", m); + if (log_to_syslog) + syslog(LOG_WARNING, "%s", m); } void loglog(int mess_no, const char *message, ...) { - va_list args; - char m[LOG_WIDTH]; /* longer messages will be truncated */ + va_list args; + char m[LOG_WIDTH]; /* longer messages will be truncated */ - va_start(args, message); - vsnprintf(m, sizeof(m), message, args); - va_end(args); + va_start(args, message); + vsnprintf(m, sizeof(m), message, args); + va_end(args); - if (log_to_stderr) - fprintf(stderr, "%s\n", m); - if (log_to_syslog) - syslog(LOG_WARNING, "%s", m); + if (log_to_stderr) + fprintf(stderr, "%s\n", m); + if (log_to_syslog) + syslog(LOG_WARNING, "%s", m); } void log_errno_routine(int e, const char *message, ...) { - va_list args; - char m[LOG_WIDTH]; /* longer messages will be truncated */ + va_list args; + char m[LOG_WIDTH]; /* longer messages will be truncated */ - va_start(args, message); - vsnprintf(m, sizeof(m), message, args); - va_end(args); + va_start(args, message); + vsnprintf(m, sizeof(m), message, args); + va_end(args); - if (log_to_stderr) - fprintf(stderr, "ERROR: %s. Errno %d: %s\n", m, e, strerror(e)); - if (log_to_syslog) - syslog(LOG_ERR, "ERROR: %s. Errno %d: %s", m, e, strerror(e)); + if (log_to_stderr) + fprintf(stderr, "ERROR: %s. Errno %d: %s\n", m, e, strerror(e)); + if (log_to_syslog) + syslog(LOG_ERR, "ERROR: %s. Errno %d: %s", m, e, strerror(e)); } void exit_log(const char *message, ...) { - va_list args; - char m[LOG_WIDTH]; /* longer messages will be truncated */ - - va_start(args, message); - vsnprintf(m, sizeof(m), message, args); - va_end(args); - - if (log_to_stderr) - fprintf(stderr, "FATAL ERROR: %s\n", m); - if (log_to_syslog) - syslog(LOG_ERR, "FATAL ERROR: %s", m); - exit(1); + va_list args; + char m[LOG_WIDTH]; /* longer messages will be truncated */ + + va_start(args, message); + vsnprintf(m, sizeof(m), message, args); + va_end(args); + + if (log_to_stderr) + fprintf(stderr, "FATAL ERROR: %s\n", m); + if (log_to_syslog) + syslog(LOG_ERR, "FATAL ERROR: %s", m); + exit(1); } void exit_log_errno_routine(int e, const char *message, ...) { - va_list args; - char m[LOG_WIDTH]; /* longer messages will be truncated */ - - va_start(args, message); - vsnprintf(m, sizeof(m), message, args); - va_end(args); - - if (log_to_stderr) - fprintf(stderr, "FATAL ERROR: %s. Errno %d: %s\n", m, e, strerror(e)); - if (log_to_syslog) - syslog(LOG_ERR, "FATAL ERROR: %s. Errno %d: %s", m, e, strerror(e)); - exit(1); + va_list args; + char m[LOG_WIDTH]; /* longer messages will be truncated */ + + va_start(args, message); + vsnprintf(m, sizeof(m), message, args); + va_end(args); + + if (log_to_stderr) + fprintf(stderr, "FATAL ERROR: %s. Errno %d: %s\n", m, e, strerror(e)); + if (log_to_syslog) + syslog(LOG_ERR, "FATAL ERROR: %s. Errno %d: %s", m, e, strerror(e)); + exit(1); } void whack_log(int mess_no, const char *message, ...) { - va_list args; - char m[LOG_WIDTH]; /* longer messages will be truncated */ + va_list args; + char m[LOG_WIDTH]; /* longer messages will be truncated */ - va_start(args, message); - vsnprintf(m, sizeof(m), message, args); - va_end(args); + va_start(args, message); + vsnprintf(m, sizeof(m), message, args); + va_end(args); - fprintf(stderr, "%s\n", m); + fprintf(stderr, "%s\n", m); } /* Build up a diagnostic in a static buffer. @@ -165,16 +163,16 @@ char diag_space[sizeof(diag_space)]; err_t builddiag(const char *fmt, ...) { - static char diag_space[LOG_WIDTH]; /* longer messages will be truncated */ - char t[sizeof(diag_space)]; /* build result here first */ - va_list args; - - va_start(args, fmt); - t[0] = '\0'; /* in case nothing terminates string */ - vsnprintf(t, sizeof(t), fmt, args); - va_end(args); - strcpy(diag_space, t); - return diag_space; + static char diag_space[LOG_WIDTH]; /* longer messages will be truncated */ + char t[sizeof(diag_space)]; /* build result here first */ + va_list args; + + va_start(args, fmt); + t[0] = '\0'; /* in case nothing terminates string */ + vsnprintf(t, sizeof(t), fmt, args); + va_end(args); + strcpy(diag_space, t); + return diag_space; } /* Debugging message support */ @@ -184,29 +182,29 @@ builddiag(const char *fmt, ...) void switch_fail(int n, const char *file_str, unsigned long line_no) { - char buf[30]; + char buf[30]; - snprintf(buf, sizeof(buf), "case %d unexpected", n); - passert_fail(buf, file_str, line_no); + snprintf(buf, sizeof(buf), "case %d unexpected", n); + passert_fail(buf, file_str, line_no); } void passert_fail(const char *pred_str, const char *file_str, unsigned long line_no) { - /* we will get a possibly unplanned prefix. Hope it works */ - loglog(RC_LOG_SERIOUS, "ASSERTION FAILED at %s:%lu: %s", file_str, line_no, pred_str); - abort(); /* exiting correctly doesn't always work */ + /* we will get a possibly unplanned prefix. Hope it works */ + loglog(RC_LOG_SERIOUS, "ASSERTION FAILED at %s:%lu: %s", file_str, line_no, pred_str); + abort(); /* exiting correctly doesn't always work */ } lset_t - base_debugging = DBG_NONE, /* default to reporting nothing */ - cur_debugging = DBG_NONE; + base_debugging = DBG_NONE, /* default to reporting nothing */ + cur_debugging = DBG_NONE; void pexpect_log(const char *pred_str, const char *file_str, unsigned long line_no) { - /* we will get a possibly unplanned prefix. Hope it works */ - loglog(RC_LOG_SERIOUS, "EXPECTATION FAILED at %s:%lu: %s", file_str, line_no, pred_str); + /* we will get a possibly unplanned prefix. Hope it works */ + loglog(RC_LOG_SERIOUS, "EXPECTATION FAILED at %s:%lu: %s", file_str, line_no, pred_str); } /* log a debugging message (prefixed by "| ") */ @@ -214,17 +212,17 @@ pexpect_log(const char *pred_str, const char *file_str, unsigned long line_no) void DBG_log(const char *message, ...) { - va_list args; - char m[LOG_WIDTH]; /* longer messages will be truncated */ + va_list args; + char m[LOG_WIDTH]; /* longer messages will be truncated */ - va_start(args, message); - vsnprintf(m, sizeof(m), message, args); - va_end(args); + va_start(args, message); + vsnprintf(m, sizeof(m), message, args); + va_end(args); - if (log_to_stderr) - fprintf(stderr, "| %s\n", m); - if (log_to_syslog) - syslog(LOG_DEBUG, "| %s", m); + if (log_to_stderr) + fprintf(stderr, "| %s\n", m); + if (log_to_syslog) + syslog(LOG_DEBUG, "| %s", m); } /* dump raw bytes in hex to stderr (for lack of any better destination) */ @@ -232,62 +230,62 @@ DBG_log(const char *message, ...) void DBG_dump(const char *label, const void *p, size_t len) { -# define DUMP_LABEL_WIDTH 20 /* arbitrary modest boundary */ -# define DUMP_WIDTH (4 * (1 + 4 * 3) + 1) - char buf[DUMP_LABEL_WIDTH + DUMP_WIDTH]; - char *bp; - const unsigned char *cp = p; +# define DUMP_LABEL_WIDTH 20 /* arbitrary modest boundary */ +# define DUMP_WIDTH (4 * (1 + 4 * 3) + 1) + char buf[DUMP_LABEL_WIDTH + DUMP_WIDTH]; + char *bp; + const unsigned char *cp = p; - bp = buf; - - if (label != NULL && label[0] != '\0') - { - /* Handle the label. Care must be taken to avoid buffer overrun. */ - size_t llen = strlen(label); + bp = buf; - if (llen + 1 > sizeof(buf)) + if (label != NULL && label[0] != '\0') { - DBG_log("%s", label); + /* Handle the label. Care must be taken to avoid buffer overrun. */ + size_t llen = strlen(label); + + if (llen + 1 > sizeof(buf)) + { + DBG_log("%s", label); + } + else + { + strcpy(buf, label); + if (buf[llen-1] == '\n') + { + buf[llen-1] = '\0'; /* get rid of newline */ + DBG_log("%s", buf); + } + else if (llen < DUMP_LABEL_WIDTH) + { + bp = buf + llen; + } + else + { + DBG_log("%s", buf); + } + } } - else - { - strcpy(buf, label); - if (buf[llen-1] == '\n') - { - buf[llen-1] = '\0'; /* get rid of newline */ - DBG_log("%s", buf); - } - else if (llen < DUMP_LABEL_WIDTH) - { - bp = buf + llen; - } - else - { - DBG_log("%s", buf); - } - } - } - do { - int i, j; - - for (i = 0; len!=0 && i!=4; i++) - { - *bp++ = ' '; - for (j = 0; len!=0 && j!=4; len--, j++) - { - static const char hexdig[] = "0123456789abcdef"; - - *bp++ = ' '; - *bp++ = hexdig[(*cp >> 4) & 0xF]; - *bp++ = hexdig[*cp & 0xF]; - cp++; - } - } - *bp = '\0'; - DBG_log("%s", buf); - bp = buf; - } while (len != 0); + do { + int i, j; + + for (i = 0; len!=0 && i!=4; i++) + { + *bp++ = ' '; + for (j = 0; len!=0 && j!=4; len--, j++) + { + static const char hexdig[] = "0123456789abcdef"; + + *bp++ = ' '; + *bp++ = hexdig[(*cp >> 4) & 0xF]; + *bp++ = hexdig[*cp & 0xF]; + cp++; + } + } + *bp = '\0'; + DBG_log("%s", buf); + bp = buf; + } while (len != 0); # undef DUMP_LABEL_WIDTH # undef DUMP_WIDTH } diff --git a/src/starter/netkey.c b/src/starter/netkey.c index 1490abf29..e0449f0b2 100644 --- a/src/starter/netkey.c +++ b/src/starter/netkey.c @@ -10,8 +10,6 @@ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. - * - * RCSID $Id: netkey.c 4632 2008-11-11 18:37:19Z martin $ */ #include <sys/types.h> @@ -29,57 +27,57 @@ bool starter_netkey_init(void) { - struct stat stb; + struct stat stb; - if (stat(PROC_NETKEY, &stb) != 0) - { - /* af_key module makes the netkey proc interface visible */ - if (stat(PROC_MODULES, &stb) == 0) + if (stat(PROC_NETKEY, &stb) != 0) { - ignore_result(system("modprobe -qv af_key")); + /* af_key module makes the netkey proc interface visible */ + if (stat(PROC_MODULES, &stb) == 0) + { + ignore_result(system("modprobe -qv af_key")); + } + + /* now test again */ + if (stat(PROC_NETKEY, &stb) != 0) + { + DBG(DBG_CONTROL, + DBG_log("kernel appears to lack the native netkey IPsec stack") + ) + return FALSE; + } } - /* now test again */ - if (stat(PROC_NETKEY, &stb) != 0) + /* make sure that all required IPsec modules are loaded */ + if (stat(PROC_MODULES, &stb) == 0) { - DBG(DBG_CONTROL, - DBG_log("kernel appears to lack the native netkey IPsec stack") - ) - return FALSE; + ignore_result(system("modprobe -qv ah4")); + ignore_result(system("modprobe -qv esp4")); + ignore_result(system("modprobe -qv ipcomp")); + ignore_result(system("modprobe -qv xfrm4_tunnel")); + ignore_result(system("modprobe -qv xfrm_user")); } - } - - /* make sure that all required IPsec modules are loaded */ - if (stat(PROC_MODULES, &stb) == 0) - { - ignore_result(system("modprobe -qv ah4")); - ignore_result(system("modprobe -qv esp4")); - ignore_result(system("modprobe -qv ipcomp")); - ignore_result(system("modprobe -qv xfrm4_tunnel")); - ignore_result(system("modprobe -qv xfrm_user")); - } - DBG(DBG_CONTROL, - DBG_log("Found netkey IPsec stack") - ) - return TRUE; + DBG(DBG_CONTROL, + DBG_log("Found netkey IPsec stack") + ) + return TRUE; } void starter_netkey_cleanup(void) { - if (system("ip xfrm state > /dev/null 2>&1") == 0) - { - ignore_result(system("ip xfrm state flush")); - ignore_result(system("ip xfrm policy flush")); - } - else if (system("type setkey > /dev/null 2>&1") == 0) - { - ignore_result(system("setkey -F")); - ignore_result(system("setkey -FP")); - } - else - { - plog("WARNING: cannot flush IPsec state/policy database"); - } + if (system("ip xfrm state > /dev/null 2>&1") == 0) + { + ignore_result(system("ip xfrm state flush")); + ignore_result(system("ip xfrm policy flush")); + } + else if (system("type setkey > /dev/null 2>&1") == 0) + { + ignore_result(system("setkey -F")); + ignore_result(system("setkey -FP")); + } + else + { + plog("WARNING: cannot flush IPsec state/policy database"); + } } diff --git a/src/starter/netkey.h b/src/starter/netkey.h index dc9cacbf8..55f6a7c47 100644 --- a/src/starter/netkey.h +++ b/src/starter/netkey.h @@ -10,8 +10,6 @@ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. - * - * RCSID $Id: netkey.h 3267 2007-10-08 19:57:54Z andreas $ */ #ifndef _STARTER_NETKEY_H_ diff --git a/src/starter/parser.h b/src/starter/parser.h index 3af20b60e..1c6cf20ef 100644 --- a/src/starter/parser.h +++ b/src/starter/parser.h @@ -10,8 +10,6 @@ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. - * - * RCSID $Id: parser.h 3267 2007-10-08 19:57:54Z andreas $ */ #ifndef _IPSEC_PARSER_H_ @@ -22,32 +20,32 @@ typedef struct kw_entry kw_entry_t; struct kw_entry { - char *name; - kw_token_t token; + char *name; + kw_token_t token; }; typedef struct kw_list kw_list_t; struct kw_list { - kw_entry_t *entry; - char *value; - kw_list_t *next; + kw_entry_t *entry; + char *value; + kw_list_t *next; }; typedef struct section_list section_list_t; struct section_list { - char *name; - kw_list_t *kw; - section_list_t *next; + char *name; + kw_list_t *kw; + section_list_t *next; }; typedef struct config_parsed config_parsed_t; struct config_parsed { - kw_list_t *config_setup; - section_list_t *conn_first, *conn_last; - section_list_t *ca_first, *ca_last; + kw_list_t *config_setup; + section_list_t *conn_first, *conn_last; + section_list_t *ca_first, *ca_last; }; config_parsed_t *parser_load_conf (const char *file); diff --git a/src/starter/parser.l b/src/starter/parser.l index e51d655df..5857c0815 100644 --- a/src/starter/parser.l +++ b/src/starter/parser.l @@ -1,3 +1,5 @@ +%option noinput +%option nounput %{ /* FreeS/WAN config file parser (parser.l) * Copyright (C) 2001 Mathieu Lafon - Arkoon Network Security @@ -11,8 +13,6 @@ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. - * - * RCSID $Id: parser.l 4632 2008-11-11 18:37:19Z martin $ */ #include <string.h> @@ -23,8 +23,6 @@ #define MAX_INCLUDE_DEPTH 20 -#define YY_NO_INPUT -#define YY_NO_UNPUT extern void yyerror(const char *); extern int yylex (void); @@ -43,149 +41,149 @@ int _parser_y_include (const char *filename); void _parser_y_error(char *b, int size, const char *s) { - extern char *yytext; // was: char yytext[]; + extern char *yytext; // was: char yytext[]; - snprintf(b, size, "%s:%d: %s [%s]", - __parser_y_private.filename[__parser_y_private.stack_ptr], - __parser_y_private.line[__parser_y_private.stack_ptr], - s, yytext); + snprintf(b, size, "%s:%d: %s [%s]", + __parser_y_private.filename[__parser_y_private.stack_ptr], + __parser_y_private.line[__parser_y_private.stack_ptr], + s, yytext); } void _parser_y_init (const char *f) { - memset(&__parser_y_private, 0, sizeof(__parser_y_private)); - __parser_y_private.line[0] = 1; - __parser_y_private.filename[0] = strdup(f); + memset(&__parser_y_private, 0, sizeof(__parser_y_private)); + __parser_y_private.line[0] = 1; + __parser_y_private.filename[0] = strdup(f); } void _parser_y_fini (void) { - unsigned int i; - - for (i = 0; i < MAX_INCLUDE_DEPTH; i++) - { - if (__parser_y_private.filename[i]) - free(__parser_y_private.filename[i]); - if (__parser_y_private.file[i]) - fclose(__parser_y_private.file[i]); - } - memset(&__parser_y_private, 0, sizeof(__parser_y_private)); -} - -int _parser_y_include (const char *filename) -{ - glob_t files; - int i, ret; - - ret = glob(filename, GLOB_ERR, NULL, &files); - if (ret) - { - const char *err; + unsigned int i; - switch (ret) + for (i = 0; i < MAX_INCLUDE_DEPTH; i++) { - case GLOB_NOSPACE: - err = "include files ran out of memory"; - break; - case GLOB_ABORTED: - err = "include files aborted due to read error"; - break; - case GLOB_NOMATCH: - err = "include files found no matches"; - break; - default: - err = "unknown include files error"; + if (__parser_y_private.filename[i]) + free(__parser_y_private.filename[i]); + if (__parser_y_private.file[i]) + fclose(__parser_y_private.file[i]); } - yyerror(err); - return 1; - } + memset(&__parser_y_private, 0, sizeof(__parser_y_private)); +} - for (i = 0; i < files.gl_pathc; i++) - { - FILE *f; - unsigned int p = __parser_y_private.stack_ptr + 1; +int _parser_y_include (const char *filename) +{ + glob_t files; + int i, ret; - if (p >= MAX_INCLUDE_DEPTH) + ret = glob(filename, GLOB_ERR, NULL, &files); + if (ret) { - yyerror("max inclusion depth reached"); - return 1; + const char *err; + + switch (ret) + { + case GLOB_NOSPACE: + err = "include files ran out of memory"; + break; + case GLOB_ABORTED: + err = "include files aborted due to read error"; + break; + case GLOB_NOMATCH: + err = "include files found no matches"; + break; + default: + err = "unknown include files error"; + } + yyerror(err); + return 1; } - f = fopen(files.gl_pathv[i], "r"); - if (!f) + for (i = 0; i < files.gl_pathc; i++) { - yyerror("can't open include filename"); - continue; + FILE *f; + unsigned int p = __parser_y_private.stack_ptr + 1; + + if (p >= MAX_INCLUDE_DEPTH) + { + yyerror("max inclusion depth reached"); + return 1; + } + + f = fopen(files.gl_pathv[i], "r"); + if (!f) + { + yyerror("can't open include filename"); + continue; + } + + __parser_y_private.stack_ptr++; + __parser_y_private.file[p] = f; + __parser_y_private.stack[p] = YY_CURRENT_BUFFER; + __parser_y_private.line[p] = 1; + __parser_y_private.filename[p] = strdup(files.gl_pathv[i]); + + yy_switch_to_buffer(yy_create_buffer(f, YY_BUF_SIZE)); } - - __parser_y_private.stack_ptr++; - __parser_y_private.file[p] = f; - __parser_y_private.stack[p] = YY_CURRENT_BUFFER; - __parser_y_private.line[p] = 1; - __parser_y_private.filename[p] = strdup(files.gl_pathv[i]); - - yy_switch_to_buffer(yy_create_buffer(f, YY_BUF_SIZE)); - } - globfree(&files); - return 0; + globfree(&files); + return 0; } %} %% -<<EOF>> { - if (__parser_y_private.filename[__parser_y_private.stack_ptr]) { - free(__parser_y_private.filename[__parser_y_private.stack_ptr]); - __parser_y_private.filename[__parser_y_private.stack_ptr] = NULL; - } - if (__parser_y_private.file[__parser_y_private.stack_ptr]) { - fclose(__parser_y_private.file[__parser_y_private.stack_ptr]); - __parser_y_private.file[__parser_y_private.stack_ptr] = NULL; - yy_delete_buffer (YY_CURRENT_BUFFER); - yy_switch_to_buffer - (__parser_y_private.stack[__parser_y_private.stack_ptr]); - } - if (--__parser_y_private.stack_ptr < 0) { - yyterminate(); - } +<<EOF>> { + if (__parser_y_private.filename[__parser_y_private.stack_ptr]) { + free(__parser_y_private.filename[__parser_y_private.stack_ptr]); + __parser_y_private.filename[__parser_y_private.stack_ptr] = NULL; + } + if (__parser_y_private.file[__parser_y_private.stack_ptr]) { + fclose(__parser_y_private.file[__parser_y_private.stack_ptr]); + __parser_y_private.file[__parser_y_private.stack_ptr] = NULL; + yy_delete_buffer (YY_CURRENT_BUFFER); + yy_switch_to_buffer + (__parser_y_private.stack[__parser_y_private.stack_ptr]); + } + if (--__parser_y_private.stack_ptr < 0) { + yyterminate(); + } } -^[\t ]+ return FIRST_SPACES; +^[\t ]+ return FIRST_SPACES; -[\t ]+ /* ignore spaces in line */ ; +[\t ]+ /* ignore spaces in line */ ; -= return EQUAL; += return EQUAL; -\n|#.*\n { - __parser_y_private.line[__parser_y_private.stack_ptr]++; - return EOL; - } +\n|#.*\n { + __parser_y_private.line[__parser_y_private.stack_ptr]++; + return EOL; + } -config return CONFIG; -setup return SETUP; -conn return CONN; -ca return CA; -include return INCLUDE; -version return FILE_VERSION; +config return CONFIG; +setup return SETUP; +conn return CONN; +ca return CA; +include return INCLUDE; +version return FILE_VERSION; -[^\"= \t\n]+ { - yylval.s = strdup(yytext); - return STRING; - } +[^\"= \t\n]+ { + yylval.s = strdup(yytext); + return STRING; + } -\"[^\"\n]*\" { - yylval.s = strdup(yytext+1); - if (yylval.s) yylval.s[strlen(yylval.s)-1]='\0'; - return STRING; - } +\"[^\"\n]*\" { + yylval.s = strdup(yytext+1); + if (yylval.s) yylval.s[strlen(yylval.s)-1]='\0'; + return STRING; + } -. yyerror(yytext); +. yyerror(yytext); %% int yywrap(void) { - return 1; + return 1; } diff --git a/src/starter/parser.y b/src/starter/parser.y index 14148d965..4533228c2 100644 --- a/src/starter/parser.y +++ b/src/starter/parser.y @@ -11,8 +11,6 @@ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. - * - * RCSID $Id: parser.y 3267 2007-10-08 19:57:54Z andreas $ */ #include <stdio.h> @@ -27,7 +25,7 @@ #include "parser.h" #define YYERROR_VERBOSE -#define ERRSTRING_LEN 256 +#define ERRSTRING_LEN 256 /** * Bison @@ -64,220 +62,215 @@ extern kw_entry_t *in_word_set (char *str, unsigned int len); */ config_file: - config_file section_or_include - | /* NULL */ - ; + config_file section_or_include + | /* NULL */ + ; section_or_include: - FILE_VERSION STRING EOL - { - free($2); - } - | CONFIG SETUP EOL - { - _parser_kw = &(_parser_cfg->config_setup); - _parser_kw_last = NULL; - } kw_section - | CONN STRING EOL - { - section_list_t *section = (section_list_t *)alloc_thing(section_list_t - , "section_list_t"); - - section->name = clone_str($2, "conn section name"); - section->kw = NULL; - section->next = NULL; - _parser_kw = &(section->kw); - if (!_parser_cfg->conn_first) - _parser_cfg->conn_first = section; - if (_parser_cfg->conn_last) - _parser_cfg->conn_last->next = section; - _parser_cfg->conn_last = section; - _parser_kw_last = NULL; - free($2); - } kw_section - | CA STRING EOL - { - section_list_t *section = (section_list_t *)alloc_thing(section_list_t - , "section_list_t"); - section->name = clone_str($2, "ca section name"); - section->kw = NULL; - section->next = NULL; - _parser_kw = &(section->kw); - if (!_parser_cfg->ca_first) - _parser_cfg->ca_first = section; - if (_parser_cfg->ca_last) - _parser_cfg->ca_last->next = section; - _parser_cfg->ca_last = section; - _parser_kw_last = NULL; - free($2); - } kw_section - | INCLUDE STRING - { - extern void _parser_y_include (const char *f); - _parser_y_include($2); - free($2); - } EOL - | EOL - ; + FILE_VERSION STRING EOL + { + free($2); + } + | CONFIG SETUP EOL + { + _parser_kw = &(_parser_cfg->config_setup); + _parser_kw_last = NULL; + } kw_section + | CONN STRING EOL + { + section_list_t *section = malloc_thing(section_list_t); + + section->name = clone_str($2); + section->kw = NULL; + section->next = NULL; + _parser_kw = &(section->kw); + if (!_parser_cfg->conn_first) + _parser_cfg->conn_first = section; + if (_parser_cfg->conn_last) + _parser_cfg->conn_last->next = section; + _parser_cfg->conn_last = section; + _parser_kw_last = NULL; + free($2); + } kw_section + | CA STRING EOL + { + section_list_t *section = malloc_thing(section_list_t); + section->name = clone_str($2); + section->kw = NULL; + section->next = NULL; + _parser_kw = &(section->kw); + if (!_parser_cfg->ca_first) + _parser_cfg->ca_first = section; + if (_parser_cfg->ca_last) + _parser_cfg->ca_last->next = section; + _parser_cfg->ca_last = section; + _parser_kw_last = NULL; + free($2); + } kw_section + | INCLUDE STRING + { + extern void _parser_y_include (const char *f); + _parser_y_include($2); + free($2); + } EOL + | EOL + ; kw_section: - FIRST_SPACES statement_kw EOL kw_section - | - ; + FIRST_SPACES statement_kw EOL kw_section + | + ; statement_kw: - STRING EQUAL STRING - { - kw_list_t *new; - kw_entry_t *entry = in_word_set($1, strlen($1)); - - if (entry == NULL) - { - snprintf(errbuf, ERRSTRING_LEN, "unknown keyword '%s'", $1); - yyerror(errbuf); - } - else if (_parser_kw) + STRING EQUAL STRING { - new = (kw_list_t *)alloc_thing(kw_list_t, "kw_list_t"); - new->entry = entry; - new->value = clone_str($3, "kw_list value"); - new->next = NULL; - if (_parser_kw_last) - _parser_kw_last->next = new; - _parser_kw_last = new; - if (!*_parser_kw) - *_parser_kw = new; + kw_list_t *new; + kw_entry_t *entry = in_word_set($1, strlen($1)); + + if (entry == NULL) + { + snprintf(errbuf, ERRSTRING_LEN, "unknown keyword '%s'", $1); + yyerror(errbuf); + } + else if (_parser_kw) + { + new = (kw_list_t *)malloc_thing(kw_list_t); + new->entry = entry; + new->value = clone_str($3); + new->next = NULL; + if (_parser_kw_last) + _parser_kw_last->next = new; + _parser_kw_last = new; + if (!*_parser_kw) + *_parser_kw = new; + } + free($1); + free($3); } - free($1); - free($3); - } - | STRING EQUAL - { - free($1); - } - | - ; + | STRING EQUAL + { + free($1); + } + | + ; %% void yyerror(const char *s) { - if (_save_errors_) - _parser_y_error(parser_errstring, ERRSTRING_LEN, s); + if (_save_errors_) + _parser_y_error(parser_errstring, ERRSTRING_LEN, s); } config_parsed_t * parser_load_conf(const char *file) { - config_parsed_t *cfg = NULL; - int err = 0; - FILE *f; + config_parsed_t *cfg = NULL; + int err = 0; + FILE *f; - extern void _parser_y_init (const char *f); - extern FILE *yyin; + extern void _parser_y_init (const char *f); + extern FILE *yyin; - memset(parser_errstring, 0, ERRSTRING_LEN+1); + memset(parser_errstring, 0, ERRSTRING_LEN+1); - cfg = (config_parsed_t *)alloc_thing(config_parsed_t, "config_parsed_t"); - if (cfg) - { - memset(cfg, 0, sizeof(config_parsed_t)); - f = fopen(file, "r"); - if (f) + cfg = (config_parsed_t *)malloc_thing(config_parsed_t); + if (cfg) { - yyin = f; - _parser_y_init(file); - _save_errors_ = 1; - _parser_cfg = cfg; + memset(cfg, 0, sizeof(config_parsed_t)); + f = fopen(file, "r"); + if (f) + { + yyin = f; + _parser_y_init(file); + _save_errors_ = 1; + _parser_cfg = cfg; + + if (yyparse() !=0 ) + { + if (parser_errstring[0] == '\0') + { + snprintf(parser_errstring, ERRSTRING_LEN, "Unknown error..."); + } + _save_errors_ = 0; + while (yyparse() != 0); + err++; + } + else if (parser_errstring[0] != '\0') + { + err++; + } + else + { + /** + * Config valid + */ + } - if (yyparse() !=0 ) - { - if (parser_errstring[0] == '\0') + fclose(f); + } + else { - snprintf(parser_errstring, ERRSTRING_LEN, "Unknown error..."); + snprintf(parser_errstring, ERRSTRING_LEN, "can't load file '%s'", file); + err++; } - _save_errors_ = 0; - while (yyparse() != 0); - err++; - } - else if (parser_errstring[0] != '\0') - { - err++; - } - else - { - /** - * Config valid - */ - } - - fclose(f); } else { - snprintf(parser_errstring, ERRSTRING_LEN, "can't load file '%s'", file); - err++; + snprintf(parser_errstring, ERRSTRING_LEN, "can't allocate memory"); + err++; } - } - else - { - snprintf(parser_errstring, ERRSTRING_LEN, "can't allocate memory"); - err++; - } - if (err) - { - plog("%s", parser_errstring); + if (err) + { + plog("%s", parser_errstring); - if (cfg) - parser_free_conf(cfg); - cfg = NULL; - } + if (cfg) + parser_free_conf(cfg); + cfg = NULL; + } - return cfg; + return cfg; } static void parser_free_kwlist(kw_list_t *list) { - kw_list_t *elt; + kw_list_t *elt; - while (list) - { - elt = list; - list = list->next; - if (elt->value) - pfree(elt->value); - pfree(elt); - } + while (list) + { + elt = list; + list = list->next; + free(elt->value); + free(elt); + } } void parser_free_conf(config_parsed_t *cfg) { - section_list_t *sec; - if (cfg) - { - parser_free_kwlist(cfg->config_setup); - while (cfg->conn_first) - { - sec = cfg->conn_first; - cfg->conn_first = cfg->conn_first->next; - if (sec->name) - pfree(sec->name); - parser_free_kwlist(sec->kw); - pfree(sec); - } - while (cfg->ca_first) + section_list_t *sec; + if (cfg) { - sec = cfg->ca_first; - cfg->ca_first = cfg->ca_first->next; - if (sec->name) - pfree(sec->name); - parser_free_kwlist(sec->kw); - pfree(sec); + parser_free_kwlist(cfg->config_setup); + while (cfg->conn_first) + { + sec = cfg->conn_first; + cfg->conn_first = cfg->conn_first->next; + free(sec->name); + parser_free_kwlist(sec->kw); + free(sec); + } + while (cfg->ca_first) + { + sec = cfg->ca_first; + cfg->ca_first = cfg->ca_first->next; + free(sec->name); + parser_free_kwlist(sec->kw); + free(sec); + } + free(cfg); } - pfree(cfg); - } } diff --git a/src/starter/starter.c b/src/starter/starter.c index e4ad5286c..2d2f452b5 100644 --- a/src/starter/starter.c +++ b/src/starter/starter.c @@ -10,8 +10,6 @@ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. - * - * RCSID $Id: starter.c 4632 2008-11-11 18:37:19Z martin $ */ #include <sys/types.h> @@ -71,662 +69,666 @@ static unsigned int _action_ = 0; static void fsig(int signal) { - switch (signal) - { - case SIGCHLD: + switch (signal) { - int status; - pid_t pid; - char *name = NULL; - - while ((pid = waitpid(-1, &status, WNOHANG)) > 0) - { - if (pid == starter_pluto_pid()) - name = " (Pluto)"; - if (pid == starter_charon_pid()) - name = " (Charon)"; - if (WIFSIGNALED(status)) - DBG(DBG_CONTROL, - DBG_log("child %d%s has been killed by sig %d\n", - pid, name?name:"", WTERMSIG(status)) - ) - else if (WIFSTOPPED(status)) - DBG(DBG_CONTROL, - DBG_log("child %d%s has been stopped by sig %d\n", - pid, name?name:"", WSTOPSIG(status)) - ) - else if (WIFEXITED(status)) - DBG(DBG_CONTROL, - DBG_log("child %d%s has quit (exit code %d)\n", - pid, name?name:"", WEXITSTATUS(status)) - ) - else - DBG(DBG_CONTROL, - DBG_log("child %d%s has quit", pid, name?name:"") - ) - if (pid == starter_pluto_pid()) - starter_pluto_sigchild(pid); - if (pid == starter_charon_pid()) - starter_charon_sigchild(pid); - } + case SIGCHLD: + { + int status; + pid_t pid; + char *name = NULL; + + while ((pid = waitpid(-1, &status, WNOHANG)) > 0) + { + if (pid == starter_pluto_pid()) + name = " (Pluto)"; + if (pid == starter_charon_pid()) + name = " (Charon)"; + if (WIFSIGNALED(status)) + DBG(DBG_CONTROL, + DBG_log("child %d%s has been killed by sig %d\n", + pid, name?name:"", WTERMSIG(status)) + ) + else if (WIFSTOPPED(status)) + DBG(DBG_CONTROL, + DBG_log("child %d%s has been stopped by sig %d\n", + pid, name?name:"", WSTOPSIG(status)) + ) + else if (WIFEXITED(status)) + DBG(DBG_CONTROL, + DBG_log("child %d%s has quit (exit code %d)\n", + pid, name?name:"", WEXITSTATUS(status)) + ) + else + DBG(DBG_CONTROL, + DBG_log("child %d%s has quit", pid, name?name:"") + ) + if (pid == starter_pluto_pid()) + starter_pluto_sigchild(pid); + if (pid == starter_charon_pid()) + starter_charon_sigchild(pid); + } + } + break; + + case SIGPIPE: + /** ignore **/ + break; + + case SIGALRM: + _action_ |= FLAG_ACTION_START_PLUTO; + _action_ |= FLAG_ACTION_START_CHARON; + break; + + case SIGHUP: + _action_ |= FLAG_ACTION_UPDATE; + break; + + case SIGTERM: + case SIGQUIT: + case SIGINT: + _action_ |= FLAG_ACTION_QUIT; + break; + + case SIGUSR1: + _action_ |= FLAG_ACTION_RELOAD; + _action_ |= FLAG_ACTION_UPDATE; + break; + + default: + plog("fsig(): unknown signal %d -- investigate", signal); + break; } - break; - - case SIGPIPE: - /** ignore **/ - break; - - case SIGALRM: - _action_ |= FLAG_ACTION_START_PLUTO; - _action_ |= FLAG_ACTION_START_CHARON; - break; - - case SIGHUP: - _action_ |= FLAG_ACTION_UPDATE; - break; - - case SIGTERM: - case SIGQUIT: - case SIGINT: - _action_ |= FLAG_ACTION_QUIT; - break; - - case SIGUSR1: - _action_ |= FLAG_ACTION_RELOAD; - _action_ |= FLAG_ACTION_UPDATE; - break; - - default: - plog("fsig(): unknown signal %d -- investigate", signal); - break; - } } static void generate_selfcert() { - struct stat stb; - - /* if ipsec.secrets file is missing then generate RSA default key pair */ - if (stat(SECRETS_FILE, &stb) != 0) - { - mode_t oldmask; - FILE *f; - uid_t uid = 0; - gid_t gid = 0; + struct stat stb; + + /* if ipsec.secrets file is missing then generate RSA default key pair */ + if (stat(SECRETS_FILE, &stb) != 0) + { + mode_t oldmask; + FILE *f; + uid_t uid = 0; + gid_t gid = 0; #ifdef IPSEC_GROUP - { - char buf[1024]; - struct group group, *grp; - - if (getgrnam_r(IPSEC_GROUP, &group, buf, sizeof(buf), &grp) == 0 && - grp) { - gid = grp->gr_gid; + char buf[1024]; + struct group group, *grp; + + if (getgrnam_r(IPSEC_GROUP, &group, buf, sizeof(buf), &grp) == 0 && grp) + { + gid = grp->gr_gid; + } } - } #endif #ifdef IPSEC_USER - { - char buf[1024]; - struct passwd passwd, *pwp; - - if (getpwnam_r(IPSEC_USER, &passwd, buf, sizeof(buf), &pwp) == 0 && - pwp) { - uid = pwp->pw_uid; + char buf[1024]; + struct passwd passwd, *pwp; + + if (getpwnam_r(IPSEC_USER, &passwd, buf, sizeof(buf), &pwp) == 0 && pwp) + { + uid = pwp->pw_uid; + } + } +#endif + setegid(gid); + seteuid(uid); + ignore_result(system("ipsec scepclient --out pkcs1 --out cert-self --quiet")); + seteuid(0); + setegid(0); + + /* ipsec.secrets is root readable only */ + oldmask = umask(0066); + + f = fopen(SECRETS_FILE, "w"); + if (f) + { + fprintf(f, "# /etc/ipsec.secrets - strongSwan IPsec secrets file\n"); + fprintf(f, "\n"); + fprintf(f, ": RSA myKey.der\n"); + fclose(f); } + ignore_result(chown(SECRETS_FILE, uid, gid)); + umask(oldmask); } -#endif - setegid(gid); - seteuid(uid); - ignore_result(system("ipsec scepclient --out pkcs1 --out cert-self --quiet")); - seteuid(0); - setegid(0); - - /* ipsec.secrets is root readable only */ - oldmask = umask(0066); - - f = fopen(SECRETS_FILE, "w"); - if (f) - { - fprintf(f, "# /etc/ipsec.secrets - strongSwan IPsec secrets file\n"); - fprintf(f, "\n"); - fprintf(f, ": RSA myKey.der\n"); - fclose(f); - } - ignore_result(chown(SECRETS_FILE, uid, gid)); - umask(oldmask); - } } static void usage(char *name) { - fprintf(stderr, "Usage: starter [--nofork] [--auto-update <sec>] " - "[--debug|--debug-more|--debug-all]\n"); - exit(LSB_RC_INVALID_ARGUMENT); + fprintf(stderr, "Usage: starter [--nofork] [--auto-update <sec>] " + "[--debug|--debug-more|--debug-all]\n"); + exit(LSB_RC_INVALID_ARGUMENT); } int main (int argc, char **argv) { - starter_config_t *cfg = NULL; - starter_config_t *new_cfg; - starter_conn_t *conn, *conn2; - starter_ca_t *ca, *ca2; - - struct stat stb; - - char *err = NULL; - int i; - int id = 1; - struct timeval tv; - unsigned long auto_update = 0; - time_t last_reload; - bool no_fork = FALSE; - - /* global variables defined in log.h */ - log_to_stderr = TRUE; - base_debugging = DBG_NONE; - - /* parse command line */ - for (i = 1; i < argc; i++) - { - if (streq(argv[i], "--debug")) + starter_config_t *cfg = NULL; + starter_config_t *new_cfg; + starter_conn_t *conn, *conn2; + starter_ca_t *ca, *ca2; + + struct stat stb; + + char *err = NULL; + int i; + int id = 1; + struct timeval tv; + unsigned long auto_update = 0; + time_t last_reload; + bool no_fork = FALSE; + bool attach_gdb = FALSE; + + /* global variables defined in log.h */ + log_to_stderr = TRUE; + base_debugging = DBG_NONE; + + /* parse command line */ + for (i = 1; i < argc; i++) { - base_debugging |= DBG_CONTROL; + if (streq(argv[i], "--debug")) + { + base_debugging |= DBG_CONTROL; + } + else if (streq(argv[i], "--debug-more")) + { + base_debugging |= DBG_CONTROLMORE; + } + else if (streq(argv[i], "--debug-all")) + { + base_debugging |= DBG_ALL; + } + else if (streq(argv[i], "--nofork")) + { + no_fork = TRUE; + } + else if (streq(argv[i], "--attach-gdb")) + { + no_fork = TRUE; + attach_gdb = TRUE; + } + else if (streq(argv[i], "--auto-update") && i+1 < argc) + { + auto_update = atoi(argv[++i]); + if (!auto_update) + usage(argv[0]); + } + else + { + usage(argv[0]); + } } - else if (streq(argv[i], "--debug-more")) + + /* Init */ + init_log("ipsec_starter"); + cur_debugging = base_debugging; + + signal(SIGHUP, fsig); + signal(SIGCHLD, fsig); + signal(SIGPIPE, fsig); + signal(SIGINT, fsig); + signal(SIGTERM, fsig); + signal(SIGQUIT, fsig); + signal(SIGALRM, fsig); + signal(SIGUSR1, fsig); + + plog("Starting strongSwan "VERSION" IPsec [starter]..."); + + /* verify that we can start */ + if (getuid() != 0) { - base_debugging |= DBG_CONTROLMORE; + plog("permission denied (must be superuser)"); + exit(LSB_RC_NOT_ALLOWED); } - else if (streq(argv[i], "--debug-all")) + + if (stat(PLUTO_PID_FILE, &stb) == 0) { - base_debugging |= DBG_ALL; + plog("pluto is already running (%s exists) -- skipping pluto start", PLUTO_PID_FILE); } - else if (streq(argv[i], "--nofork")) + else { - no_fork = TRUE; + _action_ |= FLAG_ACTION_START_PLUTO; } - else if (streq(argv[i], "--auto-update") && i+1 < argc) + if (stat(CHARON_PID_FILE, &stb) == 0) { - auto_update = atoi(argv[++i]); - if (!auto_update) - usage(argv[0]); + plog("charon is already running (%s exists) -- skipping charon start", CHARON_PID_FILE); } else { - usage(argv[0]); + _action_ |= FLAG_ACTION_START_CHARON; } - } - - /* Init */ - init_log("ipsec_starter"); - cur_debugging = base_debugging; - - signal(SIGHUP, fsig); - signal(SIGCHLD, fsig); - signal(SIGPIPE, fsig); - signal(SIGINT, fsig); - signal(SIGTERM, fsig); - signal(SIGQUIT, fsig); - signal(SIGALRM, fsig); - signal(SIGUSR1, fsig); - - plog("Starting strongSwan %s IPsec [starter]...", ipsec_version_code()); - - /* verify that we can start */ - if (getuid() != 0) - { - plog("permission denied (must be superuser)"); - exit(LSB_RC_NOT_ALLOWED); - } - - if (stat(PLUTO_PID_FILE, &stb) == 0) - { - plog("pluto is already running (%s exists) -- skipping pluto start", PLUTO_PID_FILE); - } - else - { - _action_ |= FLAG_ACTION_START_PLUTO; - } - if (stat(CHARON_PID_FILE, &stb) == 0) - { - plog("charon is already running (%s exists) -- skipping charon start", CHARON_PID_FILE); - } - else - { - _action_ |= FLAG_ACTION_START_CHARON; - } - if (stat(DEV_RANDOM, &stb) != 0) - { - plog("unable to start strongSwan IPsec -- no %s!", DEV_RANDOM); - exit(LSB_RC_FAILURE); - } - - if (stat(DEV_URANDOM, &stb)!= 0) - { - plog("unable to start strongSwan IPsec -- no %s!", DEV_URANDOM); - exit(LSB_RC_FAILURE); - } - - cfg = confread_load(CONFIG_FILE); - if (cfg == NULL || cfg->err > 0) - { - plog("unable to start strongSwan -- fatal errors in config"); - if (cfg) + if (stat(DEV_RANDOM, &stb) != 0) { - confread_free(cfg); + plog("unable to start strongSwan IPsec -- no %s!", DEV_RANDOM); + exit(LSB_RC_FAILURE); } - exit(LSB_RC_INVALID_ARGUMENT); - } - /* determine if we have a native netkey IPsec stack */ - if (!starter_netkey_init()) - { - plog("no netkey IPSec stack detected"); - if (!starter_klips_init()) + if (stat(DEV_URANDOM, &stb)!= 0) { - plog("no KLIPS IPSec stack detected"); - exit(LSB_RC_FAILURE); + plog("unable to start strongSwan IPsec -- no %s!", DEV_URANDOM); + exit(LSB_RC_FAILURE); } - } - - last_reload = time(NULL); - - if (stat(STARTER_PID_FILE, &stb) == 0) - { - plog("starter is already running (%s exists) -- no fork done", STARTER_PID_FILE); - exit(LSB_RC_SUCCESS); - } - - generate_selfcert(); - - /* fork if we're not debugging stuff */ - if (!no_fork) - { - log_to_stderr = FALSE; - switch (fork()) + cfg = confread_load(CONFIG_FILE); + if (cfg == NULL || cfg->err > 0) { - case 0: - { - int fnull = open("/dev/null", O_RDWR); - - if (fnull >= 0) + plog("unable to start strongSwan -- fatal errors in config"); + if (cfg) { - dup2(fnull, STDIN_FILENO); - dup2(fnull, STDOUT_FILENO); - dup2(fnull, STDERR_FILENO); - close(fnull); + confread_free(cfg); } - setsid(); - } - break; - case -1: - plog("can't fork: %s", strerror(errno)); - break; - default: - exit(LSB_RC_SUCCESS); + exit(LSB_RC_INVALID_ARGUMENT); } - } - /* save pid file in /var/run/starter.pid */ - { - FILE *fd = fopen(STARTER_PID_FILE, "w"); - - if (fd) + /* determine if we have a native netkey IPsec stack */ + if (!starter_netkey_init()) { - fprintf(fd, "%u\n", getpid()); - fclose(fd); + plog("no netkey IPsec stack detected"); + if (!starter_klips_init()) + { + plog("no KLIPS IPsec stack detected"); + plog("no known IPsec stack detected, ignoring!"); + } } - } - - for (;;) - { - /* - * Stop pluto/charon (if started) and exit - */ - if (_action_ & FLAG_ACTION_QUIT) + + last_reload = time(NULL); + + if (stat(STARTER_PID_FILE, &stb) == 0) { - if (starter_pluto_pid()) - starter_stop_pluto(); - if (starter_charon_pid()) - starter_stop_charon(); - starter_netkey_cleanup(); - confread_free(cfg); - unlink(STARTER_PID_FILE); - unlink(INFO_FILE); -#ifdef LEAK_DETECTIVE - report_leaks(); -#endif /* LEAK_DETECTIVE */ - close_log(); - plog("ipsec starter stopped"); - exit(LSB_RC_SUCCESS); + plog("starter is already running (%s exists) -- no fork done", STARTER_PID_FILE); + exit(LSB_RC_SUCCESS); } + + generate_selfcert(); - /* - * Delete all connections. Will be added below - */ - if (_action_ & FLAG_ACTION_RELOAD) + /* fork if we're not debugging stuff */ + if (!no_fork) { - if (starter_pluto_pid() || starter_charon_pid()) - { - for (conn = cfg->conn_first; conn; conn = conn->next) + log_to_stderr = FALSE; + + switch (fork()) { - if (conn->state == STATE_ADDED) - { - if (starter_charon_pid()) - { - starter_stroke_del_conn(conn); - } - if (starter_pluto_pid()) + case 0: { - starter_whack_del_conn(conn); + int fnull = open("/dev/null", O_RDWR); + + if (fnull >= 0) + { + dup2(fnull, STDIN_FILENO); + dup2(fnull, STDOUT_FILENO); + dup2(fnull, STDERR_FILENO); + close(fnull); + } + setsid(); } - conn->state = STATE_TO_ADD; - } + break; + case -1: + plog("can't fork: %s", strerror(errno)); + break; + default: + exit(LSB_RC_SUCCESS); } - for (ca = cfg->ca_first; ca; ca = ca->next) + } + + /* save pid file in /var/run/starter.pid */ + { + FILE *fd = fopen(STARTER_PID_FILE, "w"); + + if (fd) { - if (ca->state == STATE_ADDED) - { - if (starter_charon_pid()) - { - starter_stroke_del_ca(ca); - } - if (starter_pluto_pid()) - { - starter_whack_del_ca(ca); - } - ca->state = STATE_TO_ADD; - } + fprintf(fd, "%u\n", getpid()); + fclose(fd); } - } - _action_ &= ~FLAG_ACTION_RELOAD; } - /* - * Update configuration - */ - if (_action_ & FLAG_ACTION_UPDATE) + for (;;) { - err = NULL; - DBG(DBG_CONTROL, - DBG_log("Reloading config...") - ); - new_cfg = confread_load(CONFIG_FILE); - - if (new_cfg && (new_cfg->err + new_cfg->non_fatal_err == 0)) - { - /* Switch to new config. New conn will be loaded below */ - if (!starter_cmp_defaultroute(&new_cfg->defaultroute - , &cfg->defaultroute)) + /* + * Stop pluto/charon (if started) and exit + */ + if (_action_ & FLAG_ACTION_QUIT) { - _action_ |= FLAG_ACTION_LISTEN; + if (starter_pluto_pid()) + starter_stop_pluto(); + if (starter_charon_pid()) + starter_stop_charon(); + starter_netkey_cleanup(); + confread_free(cfg); + unlink(STARTER_PID_FILE); + unlink(INFO_FILE); +#ifdef LEAK_DETECTIVE + report_leaks(); +#endif /* LEAK_DETECTIVE */ + close_log(); + plog("ipsec starter stopped"); + exit(LSB_RC_SUCCESS); } - if (!starter_cmp_pluto(cfg, new_cfg)) + /* + * Delete all connections. Will be added below + */ + if (_action_ & FLAG_ACTION_RELOAD) { - plog("Pluto has changed"); - if (starter_pluto_pid()) - starter_stop_pluto(); - _action_ &= ~FLAG_ACTION_LISTEN; - _action_ |= FLAG_ACTION_START_PLUTO; + if (starter_pluto_pid() || starter_charon_pid()) + { + for (conn = cfg->conn_first; conn; conn = conn->next) + { + if (conn->state == STATE_ADDED) + { + if (starter_charon_pid()) + { + starter_stroke_del_conn(conn); + } + if (starter_pluto_pid()) + { + starter_whack_del_conn(conn); + } + conn->state = STATE_TO_ADD; + } + } + for (ca = cfg->ca_first; ca; ca = ca->next) + { + if (ca->state == STATE_ADDED) + { + if (starter_charon_pid()) + { + starter_stroke_del_ca(ca); + } + if (starter_pluto_pid()) + { + starter_whack_del_ca(ca); + } + ca->state = STATE_TO_ADD; + } + } + } + _action_ &= ~FLAG_ACTION_RELOAD; } - else + + /* + * Update configuration + */ + if (_action_ & FLAG_ACTION_UPDATE) { - /* Only reload conn and ca sections if pluto is not killed */ + err = NULL; + DBG(DBG_CONTROL, + DBG_log("Reloading config...") + ); + new_cfg = confread_load(CONFIG_FILE); - /* Look for new connections that are already loaded */ - for (conn = cfg->conn_first; conn; conn = conn->next) - { - if (conn->state == STATE_ADDED) + if (new_cfg && (new_cfg->err + new_cfg->non_fatal_err == 0)) { - for (conn2 = new_cfg->conn_first; conn2; conn2 = conn2->next) - { - if (conn2->state == STATE_TO_ADD && starter_cmp_conn(conn, conn2)) + /* Switch to new config. New conn will be loaded below */ + if (!starter_cmp_defaultroute(&new_cfg->defaultroute + , &cfg->defaultroute)) { - conn->state = STATE_REPLACED; - conn2->state = STATE_ADDED; - conn2->id = conn->id; - break; + _action_ |= FLAG_ACTION_LISTEN; } - } - } - } - /* Remove conn sections that have become unused */ - for (conn = cfg->conn_first; conn; conn = conn->next) - { - if (conn->state == STATE_ADDED) + if (!starter_cmp_pluto(cfg, new_cfg)) + { + plog("Pluto has changed"); + if (starter_pluto_pid()) + starter_stop_pluto(); + _action_ &= ~FLAG_ACTION_LISTEN; + _action_ |= FLAG_ACTION_START_PLUTO; + } + else + { + /* Only reload conn and ca sections if pluto is not killed */ + + /* Look for new connections that are already loaded */ + for (conn = cfg->conn_first; conn; conn = conn->next) + { + if (conn->state == STATE_ADDED) + { + for (conn2 = new_cfg->conn_first; conn2; conn2 = conn2->next) + { + if (conn2->state == STATE_TO_ADD && starter_cmp_conn(conn, conn2)) + { + conn->state = STATE_REPLACED; + conn2->state = STATE_ADDED; + conn2->id = conn->id; + break; + } + } + } + } + + /* Remove conn sections that have become unused */ + for (conn = cfg->conn_first; conn; conn = conn->next) + { + if (conn->state == STATE_ADDED) + { + if (starter_charon_pid()) + { + starter_stroke_del_conn(conn); + } + if (starter_pluto_pid()) + { + starter_whack_del_conn(conn); + } + } + } + + /* Look for new ca sections that are already loaded */ + for (ca = cfg->ca_first; ca; ca = ca->next) + { + if (ca->state == STATE_ADDED) + { + for (ca2 = new_cfg->ca_first; ca2; ca2 = ca2->next) + { + if (ca2->state == STATE_TO_ADD && starter_cmp_ca(ca, ca2)) + { + ca->state = STATE_REPLACED; + ca2->state = STATE_ADDED; + break; + } + } + } + } + + /* Remove ca sections that have become unused */ + for (ca = cfg->ca_first; ca; ca = ca->next) + { + if (ca->state == STATE_ADDED) + { + if (starter_charon_pid()) + { + starter_stroke_del_ca(ca); + } + if (starter_pluto_pid()) + { + starter_whack_del_ca(ca); + } + } + } + } + confread_free(cfg); + cfg = new_cfg; + } + else { - if (starter_charon_pid()) - { - starter_stroke_del_conn(conn); - } - if (starter_pluto_pid()) - { - starter_whack_del_conn(conn); - } + plog("can't reload config file due to errors -- keeping old one"); + if (new_cfg) + { + confread_free(new_cfg); + } } - } + _action_ &= ~FLAG_ACTION_UPDATE; + last_reload = time(NULL); + } - /* Look for new ca sections that are already loaded */ - for (ca = cfg->ca_first; ca; ca = ca->next) - { - if (ca->state == STATE_ADDED) + /* + * Start pluto + */ + if (_action_ & FLAG_ACTION_START_PLUTO) + { + if (cfg->setup.plutostart && !starter_pluto_pid()) { - for (ca2 = new_cfg->ca_first; ca2; ca2 = ca2->next) - { - if (ca2->state == STATE_TO_ADD && starter_cmp_ca(ca, ca2)) + DBG(DBG_CONTROL, + DBG_log("Attempting to start pluto...") + ); + + if (starter_start_pluto(cfg, no_fork, attach_gdb) == 0) + { + starter_whack_listen(); + } + else { - ca->state = STATE_REPLACED; - ca2->state = STATE_ADDED; - break; + /* schedule next try */ + alarm(PLUTO_RESTART_DELAY); } - } } - } + _action_ &= ~FLAG_ACTION_START_PLUTO; - /* Remove ca sections that have become unused */ - for (ca = cfg->ca_first; ca; ca = ca->next) - { - if (ca->state == STATE_ADDED) + for (ca = cfg->ca_first; ca; ca = ca->next) { - if (starter_charon_pid()) - { - starter_stroke_del_ca(ca); - } - if (starter_pluto_pid()) - { - starter_whack_del_ca(ca); - } + if (ca->state == STATE_ADDED) + ca->state = STATE_TO_ADD; } - } - } - confread_free(cfg); - cfg = new_cfg; - } - else - { - plog("can't reload config file due to errors -- keeping old one"); - if (new_cfg) - { - confread_free(new_cfg); - } - } - _action_ &= ~FLAG_ACTION_UPDATE; - last_reload = time(NULL); - } - /* - * Start pluto - */ - if (_action_ & FLAG_ACTION_START_PLUTO) - { - if (cfg->setup.plutostart && !starter_pluto_pid()) - { - DBG(DBG_CONTROL, - DBG_log("Attempting to start pluto...") - ); - - if (starter_start_pluto(cfg, no_fork) == 0) - { - starter_whack_listen(); - } - else - { - /* schedule next try */ - alarm(PLUTO_RESTART_DELAY); + for (conn = cfg->conn_first; conn; conn = conn->next) + { + if (conn->state == STATE_ADDED) + conn->state = STATE_TO_ADD; + } } - } - _action_ &= ~FLAG_ACTION_START_PLUTO; - - for (ca = cfg->ca_first; ca; ca = ca->next) - { - if (ca->state == STATE_ADDED) - ca->state = STATE_TO_ADD; - } - - for (conn = cfg->conn_first; conn; conn = conn->next) - { - if (conn->state == STATE_ADDED) - conn->state = STATE_TO_ADD; - } - } - - /* - * Start charon - */ - if (_action_ & FLAG_ACTION_START_CHARON) - { - if (cfg->setup.charonstart && !starter_charon_pid()) - { - DBG(DBG_CONTROL, - DBG_log("Attempting to start charon...") - ); - if (starter_start_charon(cfg, no_fork)) + + /* + * Start charon + */ + if (_action_ & FLAG_ACTION_START_CHARON) { - /* schedule next try */ - alarm(PLUTO_RESTART_DELAY); + if (cfg->setup.charonstart && !starter_charon_pid()) + { + DBG(DBG_CONTROL, + DBG_log("Attempting to start charon...") + ); + if (starter_start_charon(cfg, no_fork, attach_gdb)) + { + /* schedule next try */ + alarm(PLUTO_RESTART_DELAY); + } + starter_stroke_configure(cfg); + } + _action_ &= ~FLAG_ACTION_START_CHARON; } - starter_stroke_configure(cfg); - } - _action_ &= ~FLAG_ACTION_START_CHARON; - } - - /* - * Tell pluto to reread its interfaces - */ - if (_action_ & FLAG_ACTION_LISTEN) - { - if (starter_pluto_pid()) - { - starter_whack_listen(); - _action_ &= ~FLAG_ACTION_LISTEN; - } - } - /* - * Add stale conn and ca sections - */ - if (starter_pluto_pid() || starter_charon_pid()) - { - for (ca = cfg->ca_first; ca; ca = ca->next) - { - if (ca->state == STATE_TO_ADD) + /* + * Tell pluto to reread its interfaces + */ + if (_action_ & FLAG_ACTION_LISTEN) { - if (starter_charon_pid()) - { - starter_stroke_add_ca(ca); - } - if (starter_pluto_pid()) - { - starter_whack_add_ca(ca); - } - ca->state = STATE_ADDED; + if (starter_pluto_pid()) + { + starter_whack_listen(); + _action_ &= ~FLAG_ACTION_LISTEN; + } } - } - for (conn = cfg->conn_first; conn; conn = conn->next) - { - if (conn->state == STATE_TO_ADD) + /* + * Add stale conn and ca sections + */ + if (starter_pluto_pid() || starter_charon_pid()) { - if (conn->id == 0) - { - /* affect new unique id */ - conn->id = id++; - } - if (starter_charon_pid()) - { - starter_stroke_add_conn(cfg, conn); - } - if (starter_pluto_pid()) - { - starter_whack_add_conn(conn); - } - conn->state = STATE_ADDED; - - if (conn->startup == STARTUP_START) - { - if (conn->keyexchange == KEY_EXCHANGE_IKEV2) + for (ca = cfg->ca_first; ca; ca = ca->next) { - if (starter_charon_pid()) - { - starter_stroke_initiate_conn(conn); - } - } - else - { - if (starter_pluto_pid()) - { - starter_whack_initiate_conn(conn); - } - } - } - else if (conn->startup == STARTUP_ROUTE) - { - if (conn->keyexchange == KEY_EXCHANGE_IKEV2) - { - if (starter_charon_pid()) - { - starter_stroke_route_conn(conn); - } + if (ca->state == STATE_TO_ADD) + { + if (starter_charon_pid()) + { + starter_stroke_add_ca(ca); + } + if (starter_pluto_pid()) + { + starter_whack_add_ca(ca); + } + ca->state = STATE_ADDED; + } } - else + + for (conn = cfg->conn_first; conn; conn = conn->next) { - if (starter_pluto_pid()) - { - starter_whack_route_conn(conn); - } + if (conn->state == STATE_TO_ADD) + { + if (conn->id == 0) + { + /* affect new unique id */ + conn->id = id++; + } + if (starter_charon_pid()) + { + starter_stroke_add_conn(cfg, conn); + } + if (starter_pluto_pid()) + { + starter_whack_add_conn(conn); + } + conn->state = STATE_ADDED; + + if (conn->startup == STARTUP_START) + { + if (conn->keyexchange == KEY_EXCHANGE_IKEV2) + { + if (starter_charon_pid()) + { + starter_stroke_initiate_conn(conn); + } + } + else + { + if (starter_pluto_pid()) + { + starter_whack_initiate_conn(conn); + } + } + } + else if (conn->startup == STARTUP_ROUTE) + { + if (conn->keyexchange == KEY_EXCHANGE_IKEV2) + { + if (starter_charon_pid()) + { + starter_stroke_route_conn(conn); + } + } + else + { + if (starter_pluto_pid()) + { + starter_whack_route_conn(conn); + } + } + } + } } - } } - } - } - /* - * If auto_update activated, when to stop select - */ - if (auto_update) - { - time_t now = time(NULL); + /* + * If auto_update activated, when to stop select + */ + if (auto_update) + { + time_t now = time(NULL); - tv.tv_sec = (now < last_reload + auto_update) - ? (last_reload + auto_update-now) : 0; - tv.tv_usec = 0; - } + tv.tv_sec = (now < last_reload + auto_update) + ? (last_reload + auto_update-now) : 0; + tv.tv_usec = 0; + } - /* - * Wait for something to happen - */ - if (select(0, NULL, NULL, NULL, auto_update ? &tv : NULL) == 0) - { - /* timeout -> auto_update */ - _action_ |= FLAG_ACTION_UPDATE; + /* + * Wait for something to happen + */ + if (select(0, NULL, NULL, NULL, auto_update ? &tv : NULL) == 0) + { + /* timeout -> auto_update */ + _action_ |= FLAG_ACTION_UPDATE; + } } - } - exit(LSB_RC_SUCCESS); + exit(LSB_RC_SUCCESS); } diff --git a/src/starter/starterstroke.c b/src/starter/starterstroke.c index a1339f2a5..054e37fa7 100644 --- a/src/starter/starterstroke.c +++ b/src/starter/starterstroke.c @@ -11,8 +11,6 @@ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. - * - * RCSID $Id: starterstroke.c 4856 2009-02-05 22:13:48Z andreas $ */ #include <sys/types.h> @@ -21,10 +19,10 @@ #include <stddef.h> #include <unistd.h> #include <stdlib.h> +#include <string.h> #include <errno.h> #include <netinet/in.h> #include <arpa/inet.h> -#include <linux/xfrm.h> #include <freeswan.h> @@ -42,6 +40,15 @@ #define IPV6_LEN 16 /** + * Mode of an IPsec SA, must be the same as in charons kernel_ipsec.h + */ +enum ipsec_mode_t { + MODE_TRANSPORT = 1, + MODE_TUNNEL, + MODE_BEET +}; + +/** * Authentication methods, must be the same as in charons authenticator.h */ enum auth_method_t { @@ -68,9 +75,12 @@ static char* push_string(stroke_msg_t *msg, char *string) static int send_stroke_msg (stroke_msg_t *msg) { - struct sockaddr_un ctl_addr = { AF_UNIX, CHARON_CTL_FILE }; + struct sockaddr_un ctl_addr; int byte_count; char buffer[64]; + + ctl_addr.sun_family = AF_UNIX; + strcpy(ctl_addr.sun_path, CHARON_CTL_FILE); /* starter is not called from commandline, and therefore absolutely silent */ msg->output_verbosity = -1; @@ -164,9 +174,14 @@ static void starter_stroke_add_end(stroke_msg_t *msg, stroke_end_t *msg_end, sta { char buffer[INET6_ADDRSTRLEN]; + msg_end->auth = push_string(msg, conn_end->auth); + msg_end->auth2 = push_string(msg, conn_end->auth2); msg_end->id = push_string(msg, conn_end->id); + msg_end->id2 = push_string(msg, conn_end->id2); msg_end->cert = push_string(msg, conn_end->cert); + msg_end->cert2 = push_string(msg, conn_end->cert2); msg_end->ca = push_string(msg, conn_end->ca); + msg_end->ca2 = push_string(msg, conn_end->ca2); msg_end->groups = push_string(msg, conn_end->groups); msg_end->updown = push_string(msg, conn_end->updown); ip_address2string(&conn_end->addr, buffer, sizeof(buffer)); @@ -224,7 +239,7 @@ int starter_stroke_add_conn(starter_config_t *cfg, starter_conn_t *conn) msg.add_conn.name = push_string(&msg, connection_name(conn)); /* PUBKEY is preferred to PSK and EAP */ - if (conn->policy & POLICY_RSASIG || conn->policy & POLICY_ECDSASIG) + if (conn->policy & POLICY_PUBKEY) { msg.add_conn.auth_method = AUTH_PUBKEY; } @@ -242,20 +257,20 @@ int starter_stroke_add_conn(starter_config_t *cfg, starter_conn_t *conn) if (conn->policy & POLICY_TUNNEL) { - msg.add_conn.mode = XFRM_MODE_TUNNEL; + msg.add_conn.mode = MODE_TUNNEL; } else if (conn->policy & POLICY_BEET) { - msg.add_conn.mode = XFRM_MODE_BEET; + msg.add_conn.mode = MODE_BEET; } else if (conn->policy & POLICY_PROXY) { - msg.add_conn.mode = XFRM_MODE_TRANSPORT; + msg.add_conn.mode = MODE_TRANSPORT; msg.add_conn.proxy_mode = TRUE; } else { - msg.add_conn.mode = XFRM_MODE_TRANSPORT; + msg.add_conn.mode = MODE_TRANSPORT; } if (!(conn->policy & POLICY_DONT_REKEY)) diff --git a/src/starter/starterstroke.h b/src/starter/starterstroke.h index e6b9e5504..f9b01c99a 100644 --- a/src/starter/starterstroke.h +++ b/src/starter/starterstroke.h @@ -10,8 +10,6 @@ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. - * - * RCSID $Id: starterstroke.h 3825 2008-04-17 15:01:57Z martin $ */ #ifndef _STARTER_STROKE_H_ diff --git a/src/starter/starterwhack.c b/src/starter/starterwhack.c index 8b7d500b8..44b442ae2 100644 --- a/src/starter/starterwhack.c +++ b/src/starter/starterwhack.c @@ -10,8 +10,6 @@ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. - * - * RCSID $Id: starterwhack.c 3880 2008-04-27 10:49:31Z andreas $ */ #include <sys/types.h> @@ -19,6 +17,7 @@ #include <sys/un.h> #include <stddef.h> #include <unistd.h> +#include <string.h> #include <errno.h> #include <freeswan.h> @@ -32,386 +31,389 @@ #include "confread.h" #include "files.h" -#define ip_version(string) (strchr(string, '.') ? AF_INET : AF_INET6) +#define ip_version(string) (strchr(string, '.') ? AF_INET : AF_INET6) static int pack_str (char **p, char **next, char **roof) { - const char *s = (*p==NULL) ? "" : *p; /* note: NULL becomes ""! */ - size_t len = strlen(s) + 1; - - if ((*roof - *next) < len) - { - return 0; /* not enough space */ - } - else - { - strcpy(*next, s); - *next += len; - *p = NULL; /* don't send pointers on the wire! */ - return 1; - } + const char *s = (*p==NULL) ? "" : *p; /* note: NULL becomes ""! */ + size_t len = strlen(s) + 1; + + if ((*roof - *next) < len) + { + return 0; /* not enough space */ + } + else + { + strcpy(*next, s); + *next += len; + *p = NULL; /* don't send pointers on the wire! */ + return 1; + } } static int send_whack_msg (whack_message_t *msg) { - struct sockaddr_un ctl_addr = { AF_UNIX, PLUTO_CTL_FILE }; - int sock; - ssize_t len; - char *str_next, *str_roof; - - /* pack strings */ - str_next = (char *)msg->string; - str_roof = (char *)&msg->string[sizeof(msg->string)]; - - if (!pack_str(&msg->name, &str_next, &str_roof) - || !pack_str(&msg->left.id, &str_next, &str_roof) - || !pack_str(&msg->left.cert, &str_next, &str_roof) - || !pack_str(&msg->left.ca, &str_next, &str_roof) - || !pack_str(&msg->left.groups, &str_next, &str_roof) - || !pack_str(&msg->left.updown, &str_next, &str_roof) - || !pack_str(&msg->left.virt, &str_next, &str_roof) - || !pack_str(&msg->right.id, &str_next, &str_roof) - || !pack_str(&msg->right.cert, &str_next, &str_roof) - || !pack_str(&msg->right.ca, &str_next, &str_roof) - || !pack_str(&msg->right.groups, &str_next, &str_roof) - || !pack_str(&msg->right.updown, &str_next, &str_roof) - || !pack_str(&msg->right.virt, &str_next, &str_roof) - || !pack_str(&msg->keyid, &str_next, &str_roof) - || !pack_str(&msg->myid, &str_next, &str_roof) - || !pack_str(&msg->cacert, &str_next, &str_roof) - || !pack_str(&msg->ldaphost, &str_next, &str_roof) - || !pack_str(&msg->ldapbase, &str_next, &str_roof) - || !pack_str(&msg->crluri, &str_next, &str_roof) - || !pack_str(&msg->crluri2, &str_next, &str_roof) - || !pack_str(&msg->ocspuri, &str_next, &str_roof) - || !pack_str(&msg->ike, &str_next, &str_roof) - || !pack_str(&msg->esp, &str_next, &str_roof) - || !pack_str(&msg->sc_data, &str_next, &str_roof) - || (str_roof - str_next < msg->keyval.len)) - { - plog("send_wack_msg(): can't pack strings"); - return -1; - } - if (msg->keyval.ptr) - memcpy(str_next, msg->keyval.ptr, msg->keyval.len); - msg->keyval.ptr = NULL; - str_next += msg->keyval.len; - len = str_next - (char *)msg; - - /* connect to pluto ctl */ - sock = socket(AF_UNIX, SOCK_STREAM, 0); - if (sock < 0) - { - plog("socket() failed: %s", strerror(errno)); - return -1; - } - if (connect(sock, (struct sockaddr *)&ctl_addr, - offsetof(struct sockaddr_un, sun_path) + strlen(ctl_addr.sun_path)) < 0) - { - plog("connect(pluto_ctl) failed: %s", strerror(errno)); - close(sock); - return -1; - } + struct sockaddr_un ctl_addr; + int sock; + ssize_t len; + char *str_next, *str_roof; + + ctl_addr.sun_family = AF_UNIX; + strcpy(ctl_addr.sun_path, PLUTO_CTL_FILE); + + /* pack strings */ + str_next = (char *)msg->string; + str_roof = (char *)&msg->string[sizeof(msg->string)]; + + if (!pack_str(&msg->name, &str_next, &str_roof) + || !pack_str(&msg->left.id, &str_next, &str_roof) + || !pack_str(&msg->left.cert, &str_next, &str_roof) + || !pack_str(&msg->left.ca, &str_next, &str_roof) + || !pack_str(&msg->left.groups, &str_next, &str_roof) + || !pack_str(&msg->left.updown, &str_next, &str_roof) + || !pack_str(&msg->left.virt, &str_next, &str_roof) + || !pack_str(&msg->right.id, &str_next, &str_roof) + || !pack_str(&msg->right.cert, &str_next, &str_roof) + || !pack_str(&msg->right.ca, &str_next, &str_roof) + || !pack_str(&msg->right.groups, &str_next, &str_roof) + || !pack_str(&msg->right.updown, &str_next, &str_roof) + || !pack_str(&msg->right.virt, &str_next, &str_roof) + || !pack_str(&msg->keyid, &str_next, &str_roof) + || !pack_str(&msg->myid, &str_next, &str_roof) + || !pack_str(&msg->cacert, &str_next, &str_roof) + || !pack_str(&msg->ldaphost, &str_next, &str_roof) + || !pack_str(&msg->ldapbase, &str_next, &str_roof) + || !pack_str(&msg->crluri, &str_next, &str_roof) + || !pack_str(&msg->crluri2, &str_next, &str_roof) + || !pack_str(&msg->ocspuri, &str_next, &str_roof) + || !pack_str(&msg->ike, &str_next, &str_roof) + || !pack_str(&msg->esp, &str_next, &str_roof) + || !pack_str(&msg->sc_data, &str_next, &str_roof) + || (str_roof - str_next < msg->keyval.len)) + { + plog("send_wack_msg(): can't pack strings"); + return -1; + } + if (msg->keyval.ptr) + memcpy(str_next, msg->keyval.ptr, msg->keyval.len); + msg->keyval.ptr = NULL; + str_next += msg->keyval.len; + len = str_next - (char *)msg; + + /* connect to pluto ctl */ + sock = socket(AF_UNIX, SOCK_STREAM, 0); + if (sock < 0) + { + plog("socket() failed: %s", strerror(errno)); + return -1; + } + if (connect(sock, (struct sockaddr *)&ctl_addr, + offsetof(struct sockaddr_un, sun_path) + strlen(ctl_addr.sun_path)) < 0) + { + plog("connect(pluto_ctl) failed: %s", strerror(errno)); + close(sock); + return -1; + } - /* send message */ - if (write(sock, msg, len) != len) - { - plog("write(pluto_ctl) failed: %s", strerror(errno)); - close(sock); - return -1; - } + /* send message */ + if (write(sock, msg, len) != len) + { + plog("write(pluto_ctl) failed: %s", strerror(errno)); + close(sock); + return -1; + } - /* TODO: read reply */ - close(sock); - return 0; + /* TODO: read reply */ + close(sock); + return 0; } static void init_whack_msg(whack_message_t *msg) { - memset(msg, 0, sizeof(whack_message_t)); - msg->magic = WHACK_MAGIC; + memset(msg, 0, sizeof(whack_message_t)); + msg->magic = WHACK_MAGIC; } static char * connection_name(starter_conn_t *conn) { - /* if connection name is '%auto', create a new name like conn_xxxxx */ - static char buf[32]; - - if (streq(conn->name, "%auto")) - { - sprintf(buf, "conn_%ld", conn->id); - return buf; - } - return conn->name; + /* if connection name is '%auto', create a new name like conn_xxxxx */ + static char buf[32]; + + if (streq(conn->name, "%auto")) + { + sprintf(buf, "conn_%ld", conn->id); + return buf; + } + return conn->name; } static void set_whack_end(whack_end_t *w, starter_end_t *end, sa_family_t family) { - if (end->srcip && end->srcip[0] != '%') - { - int len = 0; - char *pos; + if (end->srcip && end->srcip[0] != '%') + { + int len = 0; + char *pos; + + pos = strchr(end->srcip, '/'); + if (pos) + { + /* use first address only for pluto */ + len = pos - end->srcip; + } + w->has_srcip = !end->has_natip; + ttoaddr(end->srcip, len, ip_version(end->srcip), &w->host_srcip); + } + else + { + anyaddr(AF_INET, &w->host_srcip); + } + + w->id = end->id; + w->cert = end->cert; + w->ca = end->ca; + w->groups = end->groups; + w->host_addr = end->addr; + w->has_client = end->has_client; + + if (family == AF_INET6 && isanyaddr(&end->nexthop)) + { + anyaddr(AF_INET6, &end->nexthop); + } + w->host_nexthop = end->nexthop; - pos = strchr(end->srcip, '/'); - if (pos) + if (w->has_client) { - /* use first address only for pluto */ - len = pos - end->srcip; + char *pos; + int len = 0; + + pos = strchr(end->subnet, ','); + if (pos) + { + len = pos - end->subnet; + } + ttosubnet(end->subnet, len, ip_version(end->subnet), &w->client); } - w->has_srcip = !end->has_natip; - ttoaddr(end->srcip, len, ip_version(end->srcip), &w->host_srcip); - } - else - { - anyaddr(AF_INET, &w->host_srcip); - } - - w->id = end->id; - w->cert = end->cert; - w->ca = end->ca; - w->groups = end->groups; - w->host_addr = end->addr; - w->has_client = end->has_client; - - if (family == AF_INET6 && isanyaddr(&end->nexthop)) - { - anyaddr(AF_INET6, &end->nexthop); - } - w->host_nexthop = end->nexthop; - - if (w->has_client) - { - char *pos; - int len = 0; - - pos = strchr(end->subnet, ','); - if (pos) + else { - len = pos - end->subnet; + if (end->has_virt) + { + w->virt = end->subnet; + } + w->client.addr.u.v4.sin_family = addrtypeof(&w->host_addr); } - ttosubnet(end->subnet, len, ip_version(end->subnet), &w->client); - } - else - { - if (end->has_virt) + + w->has_client_wildcard = end->has_client_wildcard; + w->has_port_wildcard = end->has_port_wildcard; + w->has_natip = end->has_natip; + w->allow_any = end->allow_any && !end->dns_failed; + w->modecfg = end->modecfg; + w->hostaccess = end->hostaccess; + w->sendcert = end->sendcert; + w->updown = end->updown; + w->host_port = IKE_UDP_PORT; + w->port = end->port; + w->protocol = end->protocol; + + if (w->port != 0) { - w->virt = end->subnet; + int port = htons(w->port); + + setportof(port, &w->host_addr); + setportof(port, &w->client.addr); } - w->client.addr.u.v4.sin_family = addrtypeof(&w->host_addr); - } - - w->has_client_wildcard = end->has_client_wildcard; - w->has_port_wildcard = end->has_port_wildcard; - w->has_natip = end->has_natip; - w->allow_any = end->allow_any && !end->dns_failed; - w->modecfg = end->modecfg; - w->hostaccess = end->hostaccess; - w->sendcert = end->sendcert; - w->updown = end->updown; - w->host_port = IKE_UDP_PORT; - w->port = end->port; - w->protocol = end->protocol; - - if (w->port != 0) - { - int port = htons(w->port); - - setportof(port, &w->host_addr); - setportof(port, &w->client.addr); - } } static int starter_whack_add_pubkey (starter_conn_t *conn, starter_end_t *end , const char *lr) { - const char *err; - static char keyspace[1024 + 4]; - whack_message_t msg; - - init_whack_msg(&msg); - - msg.whack_key = TRUE; - msg.pubkey_alg = PUBKEY_ALG_RSA; - if (end->id && end->rsakey) - { - /* special values to ignore */ - if (streq(end->rsakey, "") - || streq(end->rsakey, "%none") - || streq(end->rsakey, "%cert") - || streq(end->rsakey, "0x00")) - { - return 0; - } - msg.keyid = end->id; - err = atobytes(end->rsakey, 0, keyspace, sizeof(keyspace), &msg.keyval.len); - if (err) - { - plog("conn %s/%s: rsakey malformed [%s]", connection_name(conn), lr, err); - return 1; - } - else + const char *err; + static char keyspace[1024 + 4]; + whack_message_t msg; + + init_whack_msg(&msg); + + msg.whack_key = TRUE; + msg.pubkey_alg = PUBKEY_ALG_RSA; + if (end->id && end->rsakey) { - msg.keyval.ptr = keyspace; - return send_whack_msg(&msg); + /* special values to ignore */ + if (streq(end->rsakey, "") + || streq(end->rsakey, "%none") + || streq(end->rsakey, "%cert") + || streq(end->rsakey, "0x00")) + { + return 0; + } + msg.keyid = end->id; + err = atobytes(end->rsakey, 0, keyspace, sizeof(keyspace), &msg.keyval.len); + if (err) + { + plog("conn %s/%s: rsakey malformed [%s]", connection_name(conn), lr, err); + return 1; + } + else + { + msg.keyval.ptr = keyspace; + return send_whack_msg(&msg); + } } - } - return 0; + return 0; } int starter_whack_add_conn(starter_conn_t *conn) { - whack_message_t msg; - int r; - - init_whack_msg(&msg); - - msg.whack_connection = TRUE; - msg.name = connection_name(conn); - - msg.ikev1 = conn->keyexchange != KEY_EXCHANGE_IKEV2; - msg.addr_family = conn->addr_family; - msg.tunnel_addr_family = conn->tunnel_addr_family; - msg.sa_ike_life_seconds = conn->sa_ike_life_seconds; - msg.sa_ipsec_life_seconds = conn->sa_ipsec_life_seconds; - msg.sa_rekey_margin = conn->sa_rekey_margin; - msg.sa_rekey_fuzz = conn->sa_rekey_fuzz; - msg.sa_keying_tries = conn->sa_keying_tries; - msg.policy = conn->policy; - - /* - * Make sure the IKEv2-only policy bits are unset for IKEv1 connections - */ - msg.policy &= ~POLICY_DONT_REAUTH; - msg.policy &= ~POLICY_BEET; - msg.policy &= ~POLICY_MOBIKE; - msg.policy &= ~POLICY_FORCE_ENCAP; - - set_whack_end(&msg.left, &conn->left, conn->addr_family); - set_whack_end(&msg.right, &conn->right, conn->addr_family); - - msg.esp = conn->esp; - msg.ike = conn->ike; - msg.pfsgroup = conn->pfsgroup; - - /* taken from pluto/whack.c */ - if (msg.pfsgroup) - { - char esp_buf[256]; - - snprintf(esp_buf, sizeof (esp_buf), "%s;%s" - , msg.esp ? msg.esp : "" - , msg.pfsgroup ? msg.pfsgroup : ""); - msg.esp = esp_buf; - - DBG(DBG_CONTROL, - DBG_log("Setting --esp=%s", msg.esp) - ) - } - msg.dpd_delay = conn->dpd_delay; - msg.dpd_timeout = conn->dpd_timeout; - msg.dpd_action = conn->dpd_action; + whack_message_t msg; + int r; + + init_whack_msg(&msg); + + msg.whack_connection = TRUE; + msg.name = connection_name(conn); + + msg.ikev1 = conn->keyexchange != KEY_EXCHANGE_IKEV2; + msg.addr_family = conn->addr_family; + msg.tunnel_addr_family = conn->tunnel_addr_family; + msg.sa_ike_life_seconds = conn->sa_ike_life_seconds; + msg.sa_ipsec_life_seconds = conn->sa_ipsec_life_seconds; + msg.sa_rekey_margin = conn->sa_rekey_margin; + msg.sa_rekey_fuzz = conn->sa_rekey_fuzz; + msg.sa_keying_tries = conn->sa_keying_tries; + msg.policy = conn->policy; + + /* + * Make sure the IKEv2-only policy bits are unset for IKEv1 connections + */ + msg.policy &= ~POLICY_DONT_REAUTH; + msg.policy &= ~POLICY_BEET; + msg.policy &= ~POLICY_MOBIKE; + msg.policy &= ~POLICY_FORCE_ENCAP; + + set_whack_end(&msg.left, &conn->left, conn->addr_family); + set_whack_end(&msg.right, &conn->right, conn->addr_family); + + msg.esp = conn->esp; + msg.ike = conn->ike; + msg.pfsgroup = conn->pfsgroup; + + /* taken from pluto/whack.c */ + if (msg.pfsgroup) + { + char esp_buf[256]; + + snprintf(esp_buf, sizeof (esp_buf), "%s;%s" + , msg.esp ? msg.esp : "" + , msg.pfsgroup ? msg.pfsgroup : ""); + msg.esp = esp_buf; + + DBG(DBG_CONTROL, + DBG_log("Setting --esp=%s", msg.esp) + ) + } + msg.dpd_delay = conn->dpd_delay; + msg.dpd_timeout = conn->dpd_timeout; + msg.dpd_action = conn->dpd_action; /* msg.dpd_count = conn->dpd_count; not supported yet by strongSwan */ - r = send_whack_msg(&msg); + r = send_whack_msg(&msg); - if (r == 0 && (conn->policy & POLICY_RSASIG)) - { - r += starter_whack_add_pubkey (conn, &conn->left, "left"); - r += starter_whack_add_pubkey (conn, &conn->right, "right"); - } + if (r == 0 && (conn->policy & POLICY_PUBKEY)) + { + r += starter_whack_add_pubkey (conn, &conn->left, "left"); + r += starter_whack_add_pubkey (conn, &conn->right, "right"); + } - return r; + return r; } int starter_whack_del_conn(starter_conn_t *conn) { - whack_message_t msg; + whack_message_t msg; - init_whack_msg(&msg); - msg.whack_delete = TRUE; - msg.name = connection_name(conn); - return send_whack_msg(&msg); + init_whack_msg(&msg); + msg.whack_delete = TRUE; + msg.name = connection_name(conn); + return send_whack_msg(&msg); } int starter_whack_route_conn(starter_conn_t *conn) { - whack_message_t msg; + whack_message_t msg; - init_whack_msg(&msg); - msg.whack_route = TRUE; - msg.name = connection_name(conn); - return send_whack_msg(&msg); + init_whack_msg(&msg); + msg.whack_route = TRUE; + msg.name = connection_name(conn); + return send_whack_msg(&msg); } int starter_whack_initiate_conn(starter_conn_t *conn) { - whack_message_t msg; + whack_message_t msg; - init_whack_msg(&msg); - msg.whack_initiate = TRUE; - msg.whack_async = TRUE; - msg.name = connection_name(conn); - return send_whack_msg(&msg); + init_whack_msg(&msg); + msg.whack_initiate = TRUE; + msg.whack_async = TRUE; + msg.name = connection_name(conn); + return send_whack_msg(&msg); } int starter_whack_listen(void) { - whack_message_t msg; - init_whack_msg(&msg); - msg.whack_listen = TRUE; - return send_whack_msg(&msg); + whack_message_t msg; + init_whack_msg(&msg); + msg.whack_listen = TRUE; + return send_whack_msg(&msg); } int starter_whack_shutdown(void) { - whack_message_t msg; + whack_message_t msg; - init_whack_msg(&msg); - msg.whack_shutdown = TRUE; - return send_whack_msg(&msg); + init_whack_msg(&msg); + msg.whack_shutdown = TRUE; + return send_whack_msg(&msg); } int starter_whack_add_ca(starter_ca_t *ca) { - whack_message_t msg; + whack_message_t msg; - init_whack_msg(&msg); + init_whack_msg(&msg); - msg.whack_ca = TRUE; - msg.name = ca->name; - msg.cacert = ca->cacert; - msg.ldaphost = ca->ldaphost; - msg.ldapbase = ca->ldapbase; - msg.crluri = ca->crluri; - msg.crluri2 = ca->crluri2; - msg.ocspuri = ca->ocspuri; - msg.whack_strict = ca->strict; + msg.whack_ca = TRUE; + msg.name = ca->name; + msg.cacert = ca->cacert; + msg.ldaphost = ca->ldaphost; + msg.ldapbase = ca->ldapbase; + msg.crluri = ca->crluri; + msg.crluri2 = ca->crluri2; + msg.ocspuri = ca->ocspuri; + msg.whack_strict = ca->strict; - return send_whack_msg(&msg); + return send_whack_msg(&msg); } int starter_whack_del_ca(starter_ca_t *ca) { - whack_message_t msg; + whack_message_t msg; - init_whack_msg(&msg); + init_whack_msg(&msg); - msg.whack_delete = TRUE; - msg.whack_ca = TRUE; - msg.name = ca->name; + msg.whack_delete = TRUE; + msg.whack_ca = TRUE; + msg.name = ca->name; - return send_whack_msg(&msg); + return send_whack_msg(&msg); } diff --git a/src/starter/starterwhack.h b/src/starter/starterwhack.h index 7acc75ec0..d56b02421 100644 --- a/src/starter/starterwhack.h +++ b/src/starter/starterwhack.h @@ -10,8 +10,6 @@ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. - * - * RCSID $Id: starterwhack.h 3267 2007-10-08 19:57:54Z andreas $ */ #ifndef _STARTER_WHACK_H_ diff --git a/src/starter/y.tab.c b/src/starter/y.tab.c index 87abc5c33..b78c1b1f9 100644 --- a/src/starter/y.tab.c +++ b/src/starter/y.tab.c @@ -94,7 +94,7 @@ /* Copy the first part of user declarations. */ -#line 1 "parser.y" +#line 1 "./parser.y" /* strongSwan config file parser (parser.y) * Copyright (C) 2001 Mathieu Lafon - Arkoon Network Security @@ -108,8 +108,6 @@ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. - * - * RCSID $Id: parser.y 3267 2007-10-08 19:57:54Z andreas $ */ #include <stdio.h> @@ -124,7 +122,7 @@ #include "parser.h" #define YYERROR_VERBOSE -#define ERRSTRING_LEN 256 +#define ERRSTRING_LEN 256 /** * Bison @@ -170,10 +168,10 @@ extern kw_entry_t *in_word_set (char *str, unsigned int len); #if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED typedef union YYSTYPE -#line 56 "parser.y" +#line 54 "./parser.y" { char *s; } /* Line 187 of yacc.c. */ -#line 177 "y.tab.c" +#line 175 "y.tab.c" YYSTYPE; # define yystype YYSTYPE /* obsolescent; will be withdrawn */ # define YYSTYPE_IS_DECLARED 1 @@ -186,7 +184,7 @@ typedef union YYSTYPE /* Line 216 of yacc.c. */ -#line 190 "y.tab.c" +#line 188 "y.tab.c" #ifdef short # undef short @@ -474,8 +472,8 @@ static const yytype_int8 yyrhs[] = /* YYRLINE[YYN] -- source line where rule number YYN was defined. */ static const yytype_uint8 yyrline[] = { - 0, 67, 67, 68, 72, 77, 76, 82, 81, 99, - 98, 115, 114, 120, 124, 125, 129, 154, 158 + 0, 65, 65, 66, 70, 75, 74, 80, 79, 96, + 95, 111, 110, 116, 120, 121, 125, 150, 154 }; #endif @@ -1390,106 +1388,104 @@ yyreduce: switch (yyn) { case 4: -#line 73 "parser.y" +#line 71 "./parser.y" { - free((yyvsp[(2) - (3)].s)); - } + free((yyvsp[(2) - (3)].s)); + } break; case 5: -#line 77 "parser.y" +#line 75 "./parser.y" { - _parser_kw = &(_parser_cfg->config_setup); - _parser_kw_last = NULL; - } + _parser_kw = &(_parser_cfg->config_setup); + _parser_kw_last = NULL; + } break; case 7: -#line 82 "parser.y" +#line 80 "./parser.y" { - section_list_t *section = (section_list_t *)alloc_thing(section_list_t - , "section_list_t"); - - section->name = clone_str((yyvsp[(2) - (3)].s), "conn section name"); - section->kw = NULL; - section->next = NULL; - _parser_kw = &(section->kw); - if (!_parser_cfg->conn_first) - _parser_cfg->conn_first = section; - if (_parser_cfg->conn_last) - _parser_cfg->conn_last->next = section; - _parser_cfg->conn_last = section; - _parser_kw_last = NULL; - free((yyvsp[(2) - (3)].s)); - } + section_list_t *section = malloc_thing(section_list_t); + + section->name = clone_str((yyvsp[(2) - (3)].s)); + section->kw = NULL; + section->next = NULL; + _parser_kw = &(section->kw); + if (!_parser_cfg->conn_first) + _parser_cfg->conn_first = section; + if (_parser_cfg->conn_last) + _parser_cfg->conn_last->next = section; + _parser_cfg->conn_last = section; + _parser_kw_last = NULL; + free((yyvsp[(2) - (3)].s)); + } break; case 9: -#line 99 "parser.y" +#line 96 "./parser.y" { - section_list_t *section = (section_list_t *)alloc_thing(section_list_t - , "section_list_t"); - section->name = clone_str((yyvsp[(2) - (3)].s), "ca section name"); - section->kw = NULL; - section->next = NULL; - _parser_kw = &(section->kw); - if (!_parser_cfg->ca_first) - _parser_cfg->ca_first = section; - if (_parser_cfg->ca_last) - _parser_cfg->ca_last->next = section; - _parser_cfg->ca_last = section; - _parser_kw_last = NULL; - free((yyvsp[(2) - (3)].s)); - } + section_list_t *section = malloc_thing(section_list_t); + section->name = clone_str((yyvsp[(2) - (3)].s)); + section->kw = NULL; + section->next = NULL; + _parser_kw = &(section->kw); + if (!_parser_cfg->ca_first) + _parser_cfg->ca_first = section; + if (_parser_cfg->ca_last) + _parser_cfg->ca_last->next = section; + _parser_cfg->ca_last = section; + _parser_kw_last = NULL; + free((yyvsp[(2) - (3)].s)); + } break; case 11: -#line 115 "parser.y" +#line 111 "./parser.y" { - extern void _parser_y_include (const char *f); - _parser_y_include((yyvsp[(2) - (2)].s)); - free((yyvsp[(2) - (2)].s)); - } + extern void _parser_y_include (const char *f); + _parser_y_include((yyvsp[(2) - (2)].s)); + free((yyvsp[(2) - (2)].s)); + } break; case 16: -#line 130 "parser.y" +#line 126 "./parser.y" { - kw_list_t *new; - kw_entry_t *entry = in_word_set((yyvsp[(1) - (3)].s), strlen((yyvsp[(1) - (3)].s))); + kw_list_t *new; + kw_entry_t *entry = in_word_set((yyvsp[(1) - (3)].s), strlen((yyvsp[(1) - (3)].s))); - if (entry == NULL) - { - snprintf(errbuf, ERRSTRING_LEN, "unknown keyword '%s'", (yyvsp[(1) - (3)].s)); - yyerror(errbuf); - } - else if (_parser_kw) - { - new = (kw_list_t *)alloc_thing(kw_list_t, "kw_list_t"); - new->entry = entry; - new->value = clone_str((yyvsp[(3) - (3)].s), "kw_list value"); - new->next = NULL; - if (_parser_kw_last) - _parser_kw_last->next = new; - _parser_kw_last = new; - if (!*_parser_kw) - *_parser_kw = new; + if (entry == NULL) + { + snprintf(errbuf, ERRSTRING_LEN, "unknown keyword '%s'", (yyvsp[(1) - (3)].s)); + yyerror(errbuf); + } + else if (_parser_kw) + { + new = (kw_list_t *)malloc_thing(kw_list_t); + new->entry = entry; + new->value = clone_str((yyvsp[(3) - (3)].s)); + new->next = NULL; + if (_parser_kw_last) + _parser_kw_last->next = new; + _parser_kw_last = new; + if (!*_parser_kw) + *_parser_kw = new; + } + free((yyvsp[(1) - (3)].s)); + free((yyvsp[(3) - (3)].s)); } - free((yyvsp[(1) - (3)].s)); - free((yyvsp[(3) - (3)].s)); - } break; case 17: -#line 155 "parser.y" +#line 151 "./parser.y" { - free((yyvsp[(1) - (2)].s)); - } + free((yyvsp[(1) - (2)].s)); + } break; /* Line 1267 of yacc.c. */ -#line 1493 "y.tab.c" +#line 1489 "y.tab.c" default: break; } YY_SYMBOL_PRINT ("-> $$ =", yyr1[yyn], &yyval, &yyloc); @@ -1703,128 +1699,125 @@ yyreturn: } -#line 161 "parser.y" +#line 157 "./parser.y" void yyerror(const char *s) { - if (_save_errors_) - _parser_y_error(parser_errstring, ERRSTRING_LEN, s); + if (_save_errors_) + _parser_y_error(parser_errstring, ERRSTRING_LEN, s); } config_parsed_t * parser_load_conf(const char *file) { - config_parsed_t *cfg = NULL; - int err = 0; - FILE *f; + config_parsed_t *cfg = NULL; + int err = 0; + FILE *f; - extern void _parser_y_init (const char *f); - extern FILE *yyin; + extern void _parser_y_init (const char *f); + extern FILE *yyin; - memset(parser_errstring, 0, ERRSTRING_LEN+1); + memset(parser_errstring, 0, ERRSTRING_LEN+1); - cfg = (config_parsed_t *)alloc_thing(config_parsed_t, "config_parsed_t"); - if (cfg) - { - memset(cfg, 0, sizeof(config_parsed_t)); - f = fopen(file, "r"); - if (f) + cfg = (config_parsed_t *)malloc_thing(config_parsed_t); + if (cfg) { - yyin = f; - _parser_y_init(file); - _save_errors_ = 1; - _parser_cfg = cfg; - - if (yyparse() !=0 ) - { - if (parser_errstring[0] == '\0') + memset(cfg, 0, sizeof(config_parsed_t)); + f = fopen(file, "r"); + if (f) { - snprintf(parser_errstring, ERRSTRING_LEN, "Unknown error..."); + yyin = f; + _parser_y_init(file); + _save_errors_ = 1; + _parser_cfg = cfg; + + if (yyparse() !=0 ) + { + if (parser_errstring[0] == '\0') + { + snprintf(parser_errstring, ERRSTRING_LEN, "Unknown error..."); + } + _save_errors_ = 0; + while (yyparse() != 0); + err++; + } + else if (parser_errstring[0] != '\0') + { + err++; + } + else + { + /** + * Config valid + */ + } + + fclose(f); + } + else + { + snprintf(parser_errstring, ERRSTRING_LEN, "can't load file '%s'", file); + err++; } - _save_errors_ = 0; - while (yyparse() != 0); - err++; - } - else if (parser_errstring[0] != '\0') - { - err++; - } - else - { - /** - * Config valid - */ - } - - fclose(f); } else { - snprintf(parser_errstring, ERRSTRING_LEN, "can't load file '%s'", file); - err++; + snprintf(parser_errstring, ERRSTRING_LEN, "can't allocate memory"); + err++; } - } - else - { - snprintf(parser_errstring, ERRSTRING_LEN, "can't allocate memory"); - err++; - } - if (err) - { - plog("%s", parser_errstring); + if (err) + { + plog("%s", parser_errstring); - if (cfg) - parser_free_conf(cfg); - cfg = NULL; - } + if (cfg) + parser_free_conf(cfg); + cfg = NULL; + } - return cfg; + return cfg; } static void parser_free_kwlist(kw_list_t *list) { - kw_list_t *elt; + kw_list_t *elt; - while (list) - { - elt = list; - list = list->next; - if (elt->value) - pfree(elt->value); - pfree(elt); - } + while (list) + { + elt = list; + list = list->next; + free(elt->value); + free(elt); + } } void parser_free_conf(config_parsed_t *cfg) { - section_list_t *sec; - if (cfg) - { - parser_free_kwlist(cfg->config_setup); - while (cfg->conn_first) - { - sec = cfg->conn_first; - cfg->conn_first = cfg->conn_first->next; - if (sec->name) - pfree(sec->name); - parser_free_kwlist(sec->kw); - pfree(sec); - } - while (cfg->ca_first) + section_list_t *sec; + if (cfg) { - sec = cfg->ca_first; - cfg->ca_first = cfg->ca_first->next; - if (sec->name) - pfree(sec->name); - parser_free_kwlist(sec->kw); - pfree(sec); + parser_free_kwlist(cfg->config_setup); + while (cfg->conn_first) + { + sec = cfg->conn_first; + cfg->conn_first = cfg->conn_first->next; + free(sec->name); + parser_free_kwlist(sec->kw); + free(sec); + } + while (cfg->ca_first) + { + sec = cfg->ca_first; + cfg->ca_first = cfg->ca_first->next; + free(sec->name); + parser_free_kwlist(sec->kw); + free(sec); + } + free(cfg); } - pfree(cfg); - } } diff --git a/src/starter/y.tab.h b/src/starter/y.tab.h index 1cf56de3a..871de1e97 100644 --- a/src/starter/y.tab.h +++ b/src/starter/y.tab.h @@ -68,7 +68,7 @@ #if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED typedef union YYSTYPE -#line 56 "parser.y" +#line 54 "./parser.y" { char *s; } /* Line 1489 of yacc.c. */ #line 75 "y.tab.h" |