diff options
Diffstat (limited to 'src/charon/daemon.c')
-rw-r--r-- | src/charon/daemon.c | 46 |
1 files changed, 27 insertions, 19 deletions
diff --git a/src/charon/daemon.c b/src/charon/daemon.c index c646ef9b4..0689c448e 100644 --- a/src/charon/daemon.c +++ b/src/charon/daemon.c @@ -20,7 +20,9 @@ #ifdef HAVE_PRCTL #include <sys/prctl.h> #endif +#define _POSIX_PTHREAD_SEMANTICS /* for two param sigwait on OpenSolaris */ #include <signal.h> +#undef _POSIX_PTHREAD_SEMANTICS #include <pthread.h> #include <sys/stat.h> #include <sys/types.h> @@ -42,10 +44,9 @@ #include <config/traffic_selector.h> #include <config/proposal.h> -#ifdef INTEGRITY_TEST -#include <fips/fips.h> -#include <fips/fips_signature.h> -#endif /* INTEGRITY_TEST */ +#ifndef LOG_AUTHPRIV /* not defined on OpenSolaris */ +#define LOG_AUTHPRIV LOG_AUTH +#endif typedef struct private_daemon_t private_daemon_t; @@ -469,6 +470,13 @@ static bool initialize(private_daemon_t *this, bool syslog, level_t levels[]) DBG1(DBG_DMN, "Starting IKEv2 charon daemon (strongSwan "VERSION")"); + if (lib->integrity) + { + DBG1(DBG_DMN, "integrity tests enabled:"); + DBG1(DBG_DMN, "lib 'libstrongswan': passed file and segment integrity tests"); + DBG1(DBG_DMN, "daemon 'charon': passed file integrity test"); + } + /* load secrets, ca certificates and crls */ this->public.processor = processor_create(); this->public.scheduler = scheduler_create(); @@ -487,19 +495,6 @@ static bool initialize(private_daemon_t *this, bool syslog, level_t levels[]) lib->settings->get_str(lib->settings, "charon.load", PLUGINS)); print_plugins(); - -#ifdef INTEGRITY_TEST - DBG1(DBG_DMN, "integrity test of libstrongswan code"); - if (fips_verify_hmac_signature(hmac_key, hmac_signature)) - { - DBG1(DBG_DMN, " integrity test passed"); - } - else - { - DBG1(DBG_DMN, " integrity test failed"); - return FALSE; - } -#endif /* INTEGRITY_TEST */ this->public.ike_sa_manager = ike_sa_manager_create(); if (this->public.ike_sa_manager == NULL) @@ -686,7 +681,20 @@ int main(int argc, char *argv[]) dbg = dbg_stderr; /* initialize library */ - library_init(STRONGSWAN_CONF); + if (!library_init(STRONGSWAN_CONF)) + { + library_deinit(); + exit(SS_RC_LIBSTRONGSWAN_INTEGRITY); + } + + if (lib->integrity && + !lib->integrity->check_file(lib->integrity, "charon", argv[0])) + { + dbg_stderr(1, "integrity check of charon failed"); + library_deinit(); + exit(SS_RC_DAEMON_INTEGRITY); + } + lib->printf_hook->add_handler(lib->printf_hook, 'R', traffic_selector_printf_hook, PRINTF_HOOK_ARGTYPE_POINTER, @@ -757,7 +765,7 @@ int main(int argc, char *argv[]) { DBG1(DBG_DMN, "initialization failed - aborting charon"); destroy(private_charon); - exit(-1); + exit(SS_RC_INITIALIZATION_FAILED); } if (check_pidfile()) |