summaryrefslogtreecommitdiff
path: root/src/charon/daemon.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/charon/daemon.c')
-rw-r--r--src/charon/daemon.c46
1 files changed, 27 insertions, 19 deletions
diff --git a/src/charon/daemon.c b/src/charon/daemon.c
index c646ef9b4..0689c448e 100644
--- a/src/charon/daemon.c
+++ b/src/charon/daemon.c
@@ -20,7 +20,9 @@
#ifdef HAVE_PRCTL
#include <sys/prctl.h>
#endif
+#define _POSIX_PTHREAD_SEMANTICS /* for two param sigwait on OpenSolaris */
#include <signal.h>
+#undef _POSIX_PTHREAD_SEMANTICS
#include <pthread.h>
#include <sys/stat.h>
#include <sys/types.h>
@@ -42,10 +44,9 @@
#include <config/traffic_selector.h>
#include <config/proposal.h>
-#ifdef INTEGRITY_TEST
-#include <fips/fips.h>
-#include <fips/fips_signature.h>
-#endif /* INTEGRITY_TEST */
+#ifndef LOG_AUTHPRIV /* not defined on OpenSolaris */
+#define LOG_AUTHPRIV LOG_AUTH
+#endif
typedef struct private_daemon_t private_daemon_t;
@@ -469,6 +470,13 @@ static bool initialize(private_daemon_t *this, bool syslog, level_t levels[])
DBG1(DBG_DMN, "Starting IKEv2 charon daemon (strongSwan "VERSION")");
+ if (lib->integrity)
+ {
+ DBG1(DBG_DMN, "integrity tests enabled:");
+ DBG1(DBG_DMN, "lib 'libstrongswan': passed file and segment integrity tests");
+ DBG1(DBG_DMN, "daemon 'charon': passed file integrity test");
+ }
+
/* load secrets, ca certificates and crls */
this->public.processor = processor_create();
this->public.scheduler = scheduler_create();
@@ -487,19 +495,6 @@ static bool initialize(private_daemon_t *this, bool syslog, level_t levels[])
lib->settings->get_str(lib->settings, "charon.load", PLUGINS));
print_plugins();
-
-#ifdef INTEGRITY_TEST
- DBG1(DBG_DMN, "integrity test of libstrongswan code");
- if (fips_verify_hmac_signature(hmac_key, hmac_signature))
- {
- DBG1(DBG_DMN, " integrity test passed");
- }
- else
- {
- DBG1(DBG_DMN, " integrity test failed");
- return FALSE;
- }
-#endif /* INTEGRITY_TEST */
this->public.ike_sa_manager = ike_sa_manager_create();
if (this->public.ike_sa_manager == NULL)
@@ -686,7 +681,20 @@ int main(int argc, char *argv[])
dbg = dbg_stderr;
/* initialize library */
- library_init(STRONGSWAN_CONF);
+ if (!library_init(STRONGSWAN_CONF))
+ {
+ library_deinit();
+ exit(SS_RC_LIBSTRONGSWAN_INTEGRITY);
+ }
+
+ if (lib->integrity &&
+ !lib->integrity->check_file(lib->integrity, "charon", argv[0]))
+ {
+ dbg_stderr(1, "integrity check of charon failed");
+ library_deinit();
+ exit(SS_RC_DAEMON_INTEGRITY);
+ }
+
lib->printf_hook->add_handler(lib->printf_hook, 'R',
traffic_selector_printf_hook,
PRINTF_HOOK_ARGTYPE_POINTER,
@@ -757,7 +765,7 @@ int main(int argc, char *argv[])
{
DBG1(DBG_DMN, "initialization failed - aborting charon");
destroy(private_charon);
- exit(-1);
+ exit(SS_RC_INITIALIZATION_FAILED);
}
if (check_pidfile())