- New upstream release.

- Don't disable internal crypto plugins, pluto expects to find them in some cases. - Enable integrity checking.
author: Rene Mayrhofer <rene@mayrhofer.eu.org> 2009-10-21 11:18:20 +0000
committer: Rene Mayrhofer <rene@mayrhofer.eu.org> 2009-10-21 11:18:20 +0000
commit: a9b7f8d4a4a4202facd9690580b38542e7933f00 (patch)
tree: d82a9d506c62cff257e5292845b68df3ca5c60dc /src/starter
parent: 12263dccbbb6747d53b97333c3d6f0f17e1bffea (diff)
download: vyos-strongswan-a9b7f8d4a4a4202facd9690580b38542e7933f00.tar.gz
vyos-strongswan-a9b7f8d4a4a4202facd9690580b38542e7933f00.zip
11 files changed, 158 insertions, 61 deletions
diff --git a/src/starter/Makefile.am b/src/starter/Makefile.am
index 439a7785a..3355b3afb 100644
--- a/src/starter/Makefile.am
+++ b/src/starter/Makefile.am
@@ -20,7 +20,7 @@ AM_CFLAGS = \
 -DIPSEC_EAPDIR=\"${eapdir}\" \
 -DDEBUG
 
-starter_LDADD = defs.o $(top_builddir)/src/libfreeswan/libfreeswan.a $(top_builddir)/src/libstrongswan/libstrongswan.la
+starter_LDADD = defs.o $(top_builddir)/src/libfreeswan/libfreeswan.a $(top_builddir)/src/libstrongswan/libstrongswan.la $(SOCKLIB)
 EXTRA_DIST = parser.l parser.y keywords.txt ipsec.conf
 dist_man_MANS = ipsec.conf.5 starter.8
 MAINTAINERCLEANFILES = lex.yy.c y.tab.c y.tab.h keywords.c
@@ -52,14 +52,14 @@ defs.o:		$(PLUTODIR)/defs.c $(PLUTODIR)/defs.h
 		$(COMPILE) -c -o $@ $(PLUTODIR)/defs.c
 
 install-exec-local :	
-		test -e "$(DESTDIR)${sysconfdir}/ipsec.d" || $(INSTALL) -o ${ipsecuser} -g ${ipsecgroup} -d "$(DESTDIR)$(sysconfdir)/ipsec.d" || true
-		test -e "$(DESTDIR)${sysconfdir}/ipsec.d/cacerts" || $(INSTALL) -o ${ipsecuser} -g ${ipsecgroup} -d "$(DESTDIR)$(sysconfdir)/ipsec.d/cacerts" || true
-		test -e "$(DESTDIR)${sysconfdir}/ipsec.d/ocspcerts" || $(INSTALL) -o ${ipsecuser} -g ${ipsecgroup} -d "$(DESTDIR)$(sysconfdir)/ipsec.d/ocspcerts" || true
-		test -e "$(DESTDIR)${sysconfdir}/ipsec.d/certs" || $(INSTALL) -o ${ipsecuser} -g ${ipsecgroup} -d "$(DESTDIR)$(sysconfdir)/ipsec.d/certs" || true
-		test -e "$(DESTDIR)${sysconfdir}/ipsec.d/acerts" || $(INSTALL) -o ${ipsecuser} -g ${ipsecgroup} -d "$(DESTDIR)$(sysconfdir)/ipsec.d/acerts" || true
-		test -e "$(DESTDIR)${sysconfdir}/ipsec.d/aacerts" || $(INSTALL) -o ${ipsecuser} -g ${ipsecgroup} -d "$(DESTDIR)$(sysconfdir)/ipsec.d/aacerts" || true
-		test -e "$(DESTDIR)${sysconfdir}/ipsec.d/crls" || $(INSTALL) -o ${ipsecuser} -g ${ipsecgroup} -d "$(DESTDIR)$(sysconfdir)/ipsec.d/crls" || true
-		test -e "$(DESTDIR)${sysconfdir}/ipsec.d/reqs" || $(INSTALL) -o ${ipsecuser} -g ${ipsecgroup} -d "$(DESTDIR)$(sysconfdir)/ipsec.d/reqs" || true
-		test -e "$(DESTDIR)${sysconfdir}/ipsec.d/private" || $(INSTALL) -o ${ipsecuser} -g ${ipsecgroup} -d -m 750 "$(DESTDIR)$(sysconfdir)/ipsec.d/private" || true
-		test -e "$(DESTDIR)$(sysconfdir)/ipsec.conf" || $(INSTALL) -o ${ipsecuser} -g ${ipsecgroup} -m 644 ipsec.conf $(DESTDIR)$(sysconfdir)/ipsec.conf || true
+		test -e "$(DESTDIR)${sysconfdir}/ipsec.d" || $(INSTALL) -o ${ipsecuid} -g ${ipsecgid} -d "$(DESTDIR)$(sysconfdir)/ipsec.d" || true
+		test -e "$(DESTDIR)${sysconfdir}/ipsec.d/cacerts" || $(INSTALL) -o ${ipsecuid} -g ${ipsecgid} -d "$(DESTDIR)$(sysconfdir)/ipsec.d/cacerts" || true
+		test -e "$(DESTDIR)${sysconfdir}/ipsec.d/ocspcerts" || $(INSTALL) -o ${ipsecuid} -g ${ipsecgid} -d "$(DESTDIR)$(sysconfdir)/ipsec.d/ocspcerts" || true
+		test -e "$(DESTDIR)${sysconfdir}/ipsec.d/certs" || $(INSTALL) -o ${ipsecuid} -g ${ipsecgid} -d "$(DESTDIR)$(sysconfdir)/ipsec.d/certs" || true
+		test -e "$(DESTDIR)${sysconfdir}/ipsec.d/acerts" || $(INSTALL) -o ${ipsecuid} -g ${ipsecgid} -d "$(DESTDIR)$(sysconfdir)/ipsec.d/acerts" || true
+		test -e "$(DESTDIR)${sysconfdir}/ipsec.d/aacerts" || $(INSTALL) -o ${ipsecuid} -g ${ipsecgid} -d "$(DESTDIR)$(sysconfdir)/ipsec.d/aacerts" || true
+		test -e "$(DESTDIR)${sysconfdir}/ipsec.d/crls" || $(INSTALL) -o ${ipsecuid} -g ${ipsecgid} -d "$(DESTDIR)$(sysconfdir)/ipsec.d/crls" || true
+		test -e "$(DESTDIR)${sysconfdir}/ipsec.d/reqs" || $(INSTALL) -o ${ipsecuid} -g ${ipsecgid} -d "$(DESTDIR)$(sysconfdir)/ipsec.d/reqs" || true
+		test -e "$(DESTDIR)${sysconfdir}/ipsec.d/private" || $(INSTALL) -o ${ipsecuid} -g ${ipsecgid} -d -m 750 "$(DESTDIR)$(sysconfdir)/ipsec.d/private" || true
+		test -e "$(DESTDIR)$(sysconfdir)/ipsec.conf" || $(INSTALL) -o ${ipsecuid} -g ${ipsecgid} -m 644 $(srcdir)/ipsec.conf $(DESTDIR)$(sysconfdir)/ipsec.conf || true
 
diff --git a/src/starter/Makefile.in b/src/starter/Makefile.in
index 4e6bffdeb..a839c20b1 100644
--- a/src/starter/Makefile.in
+++ b/src/starter/Makefile.in
@@ -55,9 +55,11 @@ am_starter_OBJECTS = y.tab.$(OBJEXT) netkey.$(OBJEXT) \
 	starter.$(OBJEXT) exec.$(OBJEXT) invokecharon.$(OBJEXT) \
 	lex.yy.$(OBJEXT) loglite.$(OBJEXT) klips.$(OBJEXT)
 starter_OBJECTS = $(am_starter_OBJECTS)
+am__DEPENDENCIES_1 =
 starter_DEPENDENCIES = defs.o \
 	$(top_builddir)/src/libfreeswan/libfreeswan.a \
-	$(top_builddir)/src/libstrongswan/libstrongswan.la
+	$(top_builddir)/src/libstrongswan/libstrongswan.la \
+	$(am__DEPENDENCIES_1)
 DEFAULT_INCLUDES = -I.@am__isrc@
 depcomp = $(SHELL) $(top_srcdir)/depcomp
 am__depfiles_maybe = depfiles
@@ -80,12 +82,14 @@ ETAGS = etags
 CTAGS = ctags
 DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
 ACLOCAL = @ACLOCAL@
+ALLOCA = @ALLOCA@
 AMTAR = @AMTAR@
 AR = @AR@
 AUTOCONF = @AUTOCONF@
 AUTOHEADER = @AUTOHEADER@
 AUTOMAKE = @AUTOMAKE@
 AWK = @AWK@
+BTLIB = @BTLIB@
 CC = @CC@
 CCDEPMODE = @CCDEPMODE@
 CFLAGS = @CFLAGS@
@@ -150,6 +154,7 @@ RUBYINCLUDE = @RUBYINCLUDE@
 SED = @SED@
 SET_MAKE = @SET_MAKE@
 SHELL = @SHELL@
+SOCKLIB = @SOCKLIB@
 STRIP = @STRIP@
 VERSION = @VERSION@
 YACC = @YACC@
@@ -190,7 +195,9 @@ includedir = @includedir@
 infodir = @infodir@
 install_sh = @install_sh@
 ipsecdir = @ipsecdir@
+ipsecgid = @ipsecgid@
 ipsecgroup = @ipsecgroup@
+ipsecuid = @ipsecuid@
 ipsecuser = @ipsecuser@
 libdir = @libdir@
 libexecdir = @libexecdir@
@@ -241,7 +248,7 @@ INCLUDES = \
 AM_CFLAGS = -DIPSEC_DIR=\"${ipsecdir}\" -DIPSEC_CONFDIR=\"${confdir}\" \
 	-DIPSEC_PIDDIR=\"${piddir}\" -DIPSEC_EAPDIR=\"${eapdir}\" \
 	-DDEBUG $(am__append_1) $(am__append_2)
-starter_LDADD = defs.o $(top_builddir)/src/libfreeswan/libfreeswan.a $(top_builddir)/src/libstrongswan/libstrongswan.la
+starter_LDADD = defs.o $(top_builddir)/src/libfreeswan/libfreeswan.a $(top_builddir)/src/libstrongswan/libstrongswan.la $(SOCKLIB)
 EXTRA_DIST = parser.l parser.y keywords.txt ipsec.conf
 dist_man_MANS = ipsec.conf.5 starter.8
 MAINTAINERCLEANFILES = lex.yy.c y.tab.c y.tab.h keywords.c
@@ -653,16 +660,16 @@ defs.o:		$(PLUTODIR)/defs.c $(PLUTODIR)/defs.h
 		$(COMPILE) -c -o $@ $(PLUTODIR)/defs.c
 
 install-exec-local :	
-		test -e "$(DESTDIR)${sysconfdir}/ipsec.d" || $(INSTALL) -o ${ipsecuser} -g ${ipsecgroup} -d "$(DESTDIR)$(sysconfdir)/ipsec.d" || true
-		test -e "$(DESTDIR)${sysconfdir}/ipsec.d/cacerts" || $(INSTALL) -o ${ipsecuser} -g ${ipsecgroup} -d "$(DESTDIR)$(sysconfdir)/ipsec.d/cacerts" || true
-		test -e "$(DESTDIR)${sysconfdir}/ipsec.d/ocspcerts" || $(INSTALL) -o ${ipsecuser} -g ${ipsecgroup} -d "$(DESTDIR)$(sysconfdir)/ipsec.d/ocspcerts" || true
-		test -e "$(DESTDIR)${sysconfdir}/ipsec.d/certs" || $(INSTALL) -o ${ipsecuser} -g ${ipsecgroup} -d "$(DESTDIR)$(sysconfdir)/ipsec.d/certs" || true
-		test -e "$(DESTDIR)${sysconfdir}/ipsec.d/acerts" || $(INSTALL) -o ${ipsecuser} -g ${ipsecgroup} -d "$(DESTDIR)$(sysconfdir)/ipsec.d/acerts" || true
-		test -e "$(DESTDIR)${sysconfdir}/ipsec.d/aacerts" || $(INSTALL) -o ${ipsecuser} -g ${ipsecgroup} -d "$(DESTDIR)$(sysconfdir)/ipsec.d/aacerts" || true
-		test -e "$(DESTDIR)${sysconfdir}/ipsec.d/crls" || $(INSTALL) -o ${ipsecuser} -g ${ipsecgroup} -d "$(DESTDIR)$(sysconfdir)/ipsec.d/crls" || true
-		test -e "$(DESTDIR)${sysconfdir}/ipsec.d/reqs" || $(INSTALL) -o ${ipsecuser} -g ${ipsecgroup} -d "$(DESTDIR)$(sysconfdir)/ipsec.d/reqs" || true
-		test -e "$(DESTDIR)${sysconfdir}/ipsec.d/private" || $(INSTALL) -o ${ipsecuser} -g ${ipsecgroup} -d -m 750 "$(DESTDIR)$(sysconfdir)/ipsec.d/private" || true
-		test -e "$(DESTDIR)$(sysconfdir)/ipsec.conf" || $(INSTALL) -o ${ipsecuser} -g ${ipsecgroup} -m 644 ipsec.conf $(DESTDIR)$(sysconfdir)/ipsec.conf || true
+		test -e "$(DESTDIR)${sysconfdir}/ipsec.d" || $(INSTALL) -o ${ipsecuid} -g ${ipsecgid} -d "$(DESTDIR)$(sysconfdir)/ipsec.d" || true
+		test -e "$(DESTDIR)${sysconfdir}/ipsec.d/cacerts" || $(INSTALL) -o ${ipsecuid} -g ${ipsecgid} -d "$(DESTDIR)$(sysconfdir)/ipsec.d/cacerts" || true
+		test -e "$(DESTDIR)${sysconfdir}/ipsec.d/ocspcerts" || $(INSTALL) -o ${ipsecuid} -g ${ipsecgid} -d "$(DESTDIR)$(sysconfdir)/ipsec.d/ocspcerts" || true
+		test -e "$(DESTDIR)${sysconfdir}/ipsec.d/certs" || $(INSTALL) -o ${ipsecuid} -g ${ipsecgid} -d "$(DESTDIR)$(sysconfdir)/ipsec.d/certs" || true
+		test -e "$(DESTDIR)${sysconfdir}/ipsec.d/acerts" || $(INSTALL) -o ${ipsecuid} -g ${ipsecgid} -d "$(DESTDIR)$(sysconfdir)/ipsec.d/acerts" || true
+		test -e "$(DESTDIR)${sysconfdir}/ipsec.d/aacerts" || $(INSTALL) -o ${ipsecuid} -g ${ipsecgid} -d "$(DESTDIR)$(sysconfdir)/ipsec.d/aacerts" || true
+		test -e "$(DESTDIR)${sysconfdir}/ipsec.d/crls" || $(INSTALL) -o ${ipsecuid} -g ${ipsecgid} -d "$(DESTDIR)$(sysconfdir)/ipsec.d/crls" || true
+		test -e "$(DESTDIR)${sysconfdir}/ipsec.d/reqs" || $(INSTALL) -o ${ipsecuid} -g ${ipsecgid} -d "$(DESTDIR)$(sysconfdir)/ipsec.d/reqs" || true
+		test -e "$(DESTDIR)${sysconfdir}/ipsec.d/private" || $(INSTALL) -o ${ipsecuid} -g ${ipsecgid} -d -m 750 "$(DESTDIR)$(sysconfdir)/ipsec.d/private" || true
+		test -e "$(DESTDIR)$(sysconfdir)/ipsec.conf" || $(INSTALL) -o ${ipsecuid} -g ${ipsecgid} -m 644 $(srcdir)/ipsec.conf $(DESTDIR)$(sysconfdir)/ipsec.conf || true
 # Tell versions [3.59,3.63) of GNU make to not export all variables.
 # Otherwise a system limit (for SysV at least) may be exceeded.
 .NOEXPORT:
diff --git a/src/starter/args.c b/src/starter/args.c
index f9d1824d8..990d7588b 100644
--- a/src/starter/args.c
+++ b/src/starter/args.c
@@ -261,8 +261,7 @@ static const token_info_t token_info[] =
 	{ ARG_STR,  offsetof(starter_end_t, iface), NULL                               }
 };
 
-static void
-free_list(char **list)
+static void free_list(char **list)
 {
 	char **s;
 
@@ -273,22 +272,25 @@ free_list(char **list)
 	free(list);
 }
 
-char **
-new_list(char *value)
+char** new_list(char *value)
 {
 	char *val, *b, *e, *end, **ret;
 	int count;
 
 	val = value ? clone_str(value) : NULL;
 	if (!val)
+	{
 		return NULL;
+	}
 	end = val + strlen(val);
 	for (b = val, count = 0; b < end;)
 	{
 		for (e = b; ((*e != ' ') && (*e != '\0')); e++);
 		*e = '\0';
 		if (e != b)
+		{
 			count++;
+		}
 		b = e + 1;
 	}
 	if (count == 0)
@@ -302,7 +304,9 @@ new_list(char *value)
 	{
 		for (e = b; (*e != '\0'); e++);
 		if (e != b)
+		{
 			ret[count++] = clone_str(b);
+		}
 		b = e + 1;
 	}
 	ret[count] = NULL;
@@ -314,9 +318,8 @@ new_list(char *value)
 /*
  * assigns an argument value to a struct field
  */
-bool
-assign_arg(kw_token_t token, kw_token_t first, kw_list_t *kw, char *base
-	, bool *assigned)
+bool assign_arg(kw_token_t token, kw_token_t first, kw_list_t *kw, char *base,
+				bool *assigned)
 {
 	char *p = base + token_info[token].offset;
 	const char **list = token_info[token].list;
@@ -435,8 +438,9 @@ assign_arg(kw_token_t token, kw_token_t first, kw_list_t *kw, char *base
 
 			/* time in seconds? */
 			if (*endptr == '\0' || (*endptr == 's' && endptr[1] == '\0'))
+			{
 				break;
-
+			}
 			if (endptr[1] == '\0')
 			{
 				if (*endptr == 'm')  /* time in minutes? */
@@ -475,8 +479,9 @@ assign_arg(kw_token_t token, kw_token_t first, kw_list_t *kw, char *base
 
 			/* free any existing list */
 			if (*listp != NULL)
+			{
 				free_list(*listp);
-
+			}
 			/* create a new list and assign values */
 			*listp = new_list(kw->value);
 
@@ -514,8 +519,7 @@ assign_arg(kw_token_t token, kw_token_t first, kw_list_t *kw, char *base
 /*
  *  frees all dynamically allocated arguments in a struct
  */
-void
-free_args(kw_token_t first, kw_token_t last, char *base)
+void free_args(kw_token_t first, kw_token_t last, char *base)
 {
 	kw_token_t token;
 
@@ -553,8 +557,7 @@ free_args(kw_token_t first, kw_token_t last, char *base)
 /*
  *  clone all dynamically allocated arguments in a struct
  */
-void
-clone_args(kw_token_t first, kw_token_t last, char *base1, char *base2)
+void clone_args(kw_token_t first, kw_token_t last, char *base1, char *base2)
 {
 	kw_token_t token;
 
@@ -570,22 +573,29 @@ clone_args(kw_token_t first, kw_token_t last, char *base1, char *base2)
 	}
 }
 
-static bool
-cmp_list(char **list1, char **list2)
+static bool cmp_list(char **list1, char **list2)
 {
 	if ((list1 == NULL) && (list2 == NULL))
+	{
 		return TRUE;
+	}
 	if ((list1 == NULL) || (list2 == NULL))
+	{
 		return FALSE;
+	}
 
 	for ( ; *list1 && *list2; list1++, list2++)
 	{
 		if (strcmp(*list1,*list2) != 0)
+		{
 			return FALSE;
+		}
 	}
 
 	if ((*list1 != NULL) || (*list2 != NULL))
+	{
 		return FALSE;
+	}
 
 	return TRUE;
 }
@@ -593,8 +603,7 @@ cmp_list(char **list1, char **list2)
 /*
  *  compare all arguments in a struct
  */
-bool
-cmp_args(kw_token_t first, kw_token_t last, char *base1, char *base2)
+bool cmp_args(kw_token_t first, kw_token_t last, char *base1, char *base2)
 {
 	kw_token_t token;
 
@@ -606,12 +615,25 @@ cmp_args(kw_token_t first, kw_token_t last, char *base1, char *base2)
 		switch (token_info[token].type)
 		{
 		case ARG_ENUM:
+			if (token_info[token].list == LST_bool)
+			{
+				bool *b1 = (bool *)p1;
+				bool *b2 = (bool *)p2;
+
+				if (*b1 != *b2)
+				{
+					return FALSE;
+				}
+			}
+			else
 			{
 				int *i1 = (int *)p1;
 				int *i2 = (int *)p2;
 
 				if (*i1 != *i2)
+				{
 					return FALSE;
+				}
 			}
 			break;
 		case ARG_UINT:
@@ -620,7 +642,9 @@ cmp_args(kw_token_t first, kw_token_t last, char *base1, char *base2)
 				u_int *u2 = (u_int *)p2;
 
 				if (*u1 != *u2)
+				{
 					return FALSE;
+				}
 			}
 			break;
 		case ARG_ULNG:
@@ -630,7 +654,9 @@ cmp_args(kw_token_t first, kw_token_t last, char *base1, char *base2)
 				unsigned long *l2 = (unsigned long *)p2;
 
 				if (*l1 != *l2)
+				{
 					return FALSE;
+				}
 			}
 			break;
 		case ARG_TIME:
@@ -639,7 +665,9 @@ cmp_args(kw_token_t first, kw_token_t last, char *base1, char *base2)
 				time_t *t2 = (time_t *)p2;
 
 				if (*t1 != *t2)
+				{
 					return FALSE;
+				}
 			}
 			break;
 		case ARG_STR:
@@ -648,9 +676,13 @@ cmp_args(kw_token_t first, kw_token_t last, char *base1, char *base2)
 				char **cp2 = (char **)p2;
 
 				if (*cp1 == NULL && *cp2 == NULL)
+				{
 					break;
+				}
 				if (*cp1 == NULL || *cp2 == NULL || strcmp(*cp1, *cp2) != 0)
+				{
 					return FALSE;
+				}
 			}
 			break;
 		case ARG_LST:
@@ -659,7 +691,9 @@ cmp_args(kw_token_t first, kw_token_t last, char *base1, char *base2)
 				char ***listp2 = (char ***)p2;
 
 				if (!cmp_list(*listp1, *listp2))
+				{
 					return FALSE;
+				}
 			}
 			break;
 		default:
diff --git a/src/starter/interfaces.c b/src/starter/interfaces.c
index 034eac317..3fff65be7 100644
--- a/src/starter/interfaces.c
+++ b/src/starter/interfaces.c
@@ -14,6 +14,10 @@
 
 #include <sys/socket.h>
 #include <sys/ioctl.h>
+#ifdef HAVE_SYS_SOCKIO_H
+#include <sys/sockio.h>
+#endif
+
 #include <stdlib.h>
 #include <string.h>
 #include <unistd.h>
diff --git a/src/starter/invokecharon.c b/src/starter/invokecharon.c
index 804467cea..1eb2a0332 100644
--- a/src/starter/invokecharon.c
+++ b/src/starter/invokecharon.c
@@ -36,18 +36,28 @@
 static int _charon_pid = 0;
 static int _stop_requested;
 
-pid_t
-starter_charon_pid(void)
+pid_t starter_charon_pid(void)
 {
 	return _charon_pid;
 }
 
-void
-starter_charon_sigchild(pid_t pid)
+void starter_charon_sigchild(pid_t pid, int status)
 {
-		if (pid == _charon_pid)
+	if (pid == _charon_pid)
 	{
-				_charon_pid = 0;
+		_charon_pid = 0;
+		if (status == SS_RC_LIBSTRONGSWAN_INTEGRITY ||
+			status == SS_RC_DAEMON_INTEGRITY)
+		{
+			plog("charon has quit: integrity test of %s failed",
+				  (status == 64) ? "libstrongswan" : "charon");
+			_stop_requested = 1;
+		}
+		else if (status == SS_RC_INITIALIZATION_FAILED)
+		{
+			plog("charon has quit: initialization failed");
+			_stop_requested = 1;
+		}
 		if (!_stop_requested)
 		{
 			plog("charon has died -- restart scheduled (%dsec)"
@@ -58,8 +68,7 @@ starter_charon_sigchild(pid_t pid)
 	}
 }
 
-int
-starter_stop_charon (void)
+int starter_stop_charon (void)
 {
 	int i;
 	pid_t pid = _charon_pid;
@@ -106,8 +115,7 @@ starter_stop_charon (void)
 }
 
 
-int
-starter_start_charon (starter_config_t *cfg, bool no_fork, bool attach_gdb)
+int starter_start_charon (starter_config_t *cfg, bool no_fork, bool attach_gdb)
 {
 	struct stat stb;
 	int pid, i;
diff --git a/src/starter/invokecharon.h b/src/starter/invokecharon.h
index f0f470a8d..aaf913c9b 100644
--- a/src/starter/invokecharon.h
+++ b/src/starter/invokecharon.h
@@ -20,7 +20,7 @@
 
 #define CHARON_RESTART_DELAY    5
 
-extern void starter_charon_sigchild (pid_t pid);
+extern void starter_charon_sigchild (pid_t pid, int status);
 extern pid_t starter_charon_pid (void);
 extern int starter_stop_charon (void);
 extern int starter_start_charon(struct starter_config *cfg, bool no_fork, bool attach_gdb);
diff --git a/src/starter/invokepluto.c b/src/starter/invokepluto.c
index 28bd93c5d..08fb0657a 100644
--- a/src/starter/invokepluto.c
+++ b/src/starter/invokepluto.c
@@ -42,11 +42,23 @@ starter_pluto_pid(void)
 }
 
 void
-starter_pluto_sigchild(pid_t pid)
+starter_pluto_sigchild(pid_t pid, int status)
 {
 	if (pid == _pluto_pid)
 	{
 		_pluto_pid = 0;
+		if (status == SS_RC_LIBSTRONGSWAN_INTEGRITY ||
+			status == SS_RC_DAEMON_INTEGRITY)
+		{
+			plog("pluto has quit: integrity test of %s failed",
+				  (status == 64) ? "libstrongswan" : "pluto");
+			_stop_requested = 1;
+		}
+		else if (status == SS_RC_INITIALIZATION_FAILED)
+		{
+			plog("pluto has quit: initialization failed");
+			_stop_requested = 1;
+		}
 		if (!_stop_requested)
 		{
 			plog("pluto has died -- restart scheduled (%dsec)"
diff --git a/src/starter/invokepluto.h b/src/starter/invokepluto.h
index b0c89b1f1..c87f50c2a 100644
--- a/src/starter/invokepluto.h
+++ b/src/starter/invokepluto.h
@@ -17,7 +17,7 @@
 
 #define PLUTO_RESTART_DELAY    5
 
-extern void starter_pluto_sigchild (pid_t pid);
+extern void starter_pluto_sigchild (pid_t pid, int status);
 extern pid_t starter_pluto_pid (void);
 extern int starter_stop_pluto (void);
 extern int starter_start_pluto (struct starter_config *cfg, bool no_fork, bool attach_gdb);
diff --git a/src/starter/keywords.h b/src/starter/keywords.h
index ae9a6d15f..3a115d15d 100644
--- a/src/starter/keywords.h
+++ b/src/starter/keywords.h
@@ -122,11 +122,16 @@ typedef enum {
 	KW_HOSTACCESS,
 	KW_ALLOWANY,
 	KW_UPDOWN,
+	KW_AUTH1,
+	KW_AUTH2,
 	KW_ID,
+	KW_ID2,
 	KW_RSASIGKEY,
 	KW_CERT,
+	KW_CERT2,
 	KW_SENDCERT,
 	KW_CA,
+	KW_CA2,
 	KW_GROUPS,
 	KW_IFACE,
 
diff --git a/src/starter/loglite.c b/src/starter/loglite.c
index 415cf931c..c88b33bfd 100644
--- a/src/starter/loglite.c
+++ b/src/starter/loglite.c
@@ -33,6 +33,10 @@
 #include <log.h>
 #include <whack.h>
 
+#ifndef LOG_AUTHPRIV
+#define LOG_AUTHPRIV LOG_AUTH
+#endif
+
 bool
 	log_to_stderr = FALSE,      /* should log go to stderr? */
 	log_to_syslog = TRUE;       /* should log go to syslog? */
diff --git a/src/starter/starter.c b/src/starter/starter.c
index 2d2f452b5..b675ccf1c 100644
--- a/src/starter/starter.c
+++ b/src/starter/starter.c
@@ -66,46 +66,66 @@
 
 static unsigned int _action_ = 0;
 
-static void
-fsig(int signal)
+static void fsig(int signal)
 {
 	switch (signal)
 	{
 		case SIGCHLD:
 		{
-			int status;
+			int status, exit_status = 0;
 			pid_t pid;
 			char *name = NULL;
 
 			while ((pid = waitpid(-1, &status, WNOHANG)) > 0)
 			{
 				if (pid == starter_pluto_pid())
+				{
 					name = " (Pluto)";
+				}
 				if (pid == starter_charon_pid())
+				{
 					name = " (Charon)";
+				}
 				if (WIFSIGNALED(status))
+				{
 					DBG(DBG_CONTROL,
 						DBG_log("child %d%s has been killed by sig %d\n",
 								pid, name?name:"", WTERMSIG(status))
 					   )
+				}
 				else if (WIFSTOPPED(status))
+				{
 					DBG(DBG_CONTROL,
 						DBG_log("child %d%s has been stopped by sig %d\n",
 								pid, name?name:"", WSTOPSIG(status))
 					   )
+				}
 				else if (WIFEXITED(status))
+				{
+					exit_status =  WEXITSTATUS(status);
+					if (exit_status >= SS_RC_FIRST && exit_status <= SS_RC_LAST)
+					{
+						_action_ =  FLAG_ACTION_QUIT;
+					}
 					DBG(DBG_CONTROL,
 						DBG_log("child %d%s has quit (exit code %d)\n",
-								pid, name?name:"", WEXITSTATUS(status))
+								pid, name?name:"", exit_status)
 					   )
+				}
 				else
+				{
 					DBG(DBG_CONTROL,
 						DBG_log("child %d%s has quit", pid, name?name:"")
 					   )
+				}
 				if (pid == starter_pluto_pid())
-					starter_pluto_sigchild(pid);
+				{
+					starter_pluto_sigchild(pid, exit_status);
+				}
 				if (pid == starter_charon_pid())
-					starter_charon_sigchild(pid);
+				{
+					starter_charon_sigchild(pid, exit_status);
+				}
 			}
 		}
 		break;
@@ -196,8 +216,7 @@ static void generate_selfcert()
 		}
 }
 
-static void
-usage(char *name)
+static void usage(char *name)
 {
 	fprintf(stderr, "Usage: starter [--nofork] [--auto-update <sec>] "
 			"[--debug|--debug-more|--debug-all]\n");
@@ -392,9 +411,13 @@ int main (int argc, char **argv)
 		if (_action_ & FLAG_ACTION_QUIT)
 		{
 			if (starter_pluto_pid())
+			{
 				starter_stop_pluto();
+			}
 			if (starter_charon_pid())
+			{
 				starter_stop_charon();
+			}
 			starter_netkey_cleanup();
 			confread_free(cfg);
 			unlink(STARTER_PID_FILE);
author	Rene Mayrhofer <rene@mayrhofer.eu.org>	2009-10-21 11:18:20 +0000
committer	Rene Mayrhofer <rene@mayrhofer.eu.org>	2009-10-21 11:18:20 +0000
commit	a9b7f8d4a4a4202facd9690580b38542e7933f00 (patch)
tree	d82a9d506c62cff257e5292845b68df3ca5c60dc /src/starter
parent	12263dccbbb6747d53b97333c3d6f0f17e1bffea (diff)
download	vyos-strongswan-a9b7f8d4a4a4202facd9690580b38542e7933f00.tar.gz vyos-strongswan-a9b7f8d4a4a4202facd9690580b38542e7933f00.zip