summaryrefslogtreecommitdiff
path: root/src/charon
diff options
context:
space:
mode:
Diffstat (limited to 'src/charon')
-rw-r--r--src/charon/Android.mk3
-rw-r--r--src/charon/Makefile.am5
-rw-r--r--src/charon/Makefile.in19
-rw-r--r--src/charon/charon.c103
4 files changed, 58 insertions, 72 deletions
diff --git a/src/charon/Android.mk b/src/charon/Android.mk
index eb7eca9dd..1dd27d534 100644
--- a/src/charon/Android.mk
+++ b/src/charon/Android.mk
@@ -13,7 +13,8 @@ LOCAL_C_INCLUDES += \
$(strongswan_PATH)/src/libcharon \
$(strongswan_PATH)/src/libstrongswan
-LOCAL_CFLAGS := $(strongswan_CFLAGS)
+LOCAL_CFLAGS := $(strongswan_CFLAGS) \
+ -DPLUGINS='"$(strongswan_CHARON_PLUGINS)"'
LOCAL_MODULE := charon
diff --git a/src/charon/Makefile.am b/src/charon/Makefile.am
index 6481947f1..0ca15cb10 100644
--- a/src/charon/Makefile.am
+++ b/src/charon/Makefile.am
@@ -3,6 +3,8 @@ ipsec_PROGRAMS = charon
charon_SOURCES = \
charon.c
+charon.o : $(top_builddir)/config.status
+
INCLUDES = \
-I$(top_srcdir)/src/libstrongswan \
-I$(top_srcdir)/src/libhydra \
@@ -10,7 +12,8 @@ INCLUDES = \
AM_CFLAGS = \
-DIPSEC_DIR=\"${ipsecdir}\" \
- -DIPSEC_PIDDIR=\"${piddir}\"
+ -DIPSEC_PIDDIR=\"${piddir}\" \
+ -DPLUGINS=\""${charon_plugins}\""
charon_LDADD = \
$(top_builddir)/src/libstrongswan/libstrongswan.la \
diff --git a/src/charon/Makefile.in b/src/charon/Makefile.in
index 5da167dfd..d8109bb7f 100644
--- a/src/charon/Makefile.in
+++ b/src/charon/Makefile.in
@@ -50,6 +50,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
CONFIG_CLEAN_VPATH_FILES =
am__installdirs = "$(DESTDIR)$(ipsecdir)"
@@ -62,7 +63,7 @@ charon_DEPENDENCIES = \
$(top_builddir)/src/libhydra/libhydra.la \
$(top_builddir)/src/libcharon/libcharon.la \
$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1)
-DEFAULT_INCLUDES = -I.@am__isrc@
+DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
depcomp = $(SHELL) $(top_srcdir)/depcomp
am__depfiles_maybe = depfiles
am__mv = mv -f
@@ -88,6 +89,7 @@ AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
AWK = @AWK@
+BFDLIB = @BFDLIB@
BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
@@ -182,11 +184,14 @@ build_os = @build_os@
build_vendor = @build_vendor@
builddir = @builddir@
c_plugins = @c_plugins@
+charon_natt_port = @charon_natt_port@
+charon_plugins = @charon_plugins@
+charon_udp_port = @charon_udp_port@
clearsilver_LIBS = @clearsilver_LIBS@
datadir = @datadir@
datarootdir = @datarootdir@
dbusservicedir = @dbusservicedir@
-default_pkcs11 = @default_pkcs11@
+dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
exec_prefix = @exec_prefix@
@@ -203,11 +208,12 @@ imcvdir = @imcvdir@
includedir = @includedir@
infodir = @infodir@
install_sh = @install_sh@
+ipsec_script = @ipsec_script@
+ipsec_script_upper = @ipsec_script_upper@
ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
-libcharon_plugins = @libcharon_plugins@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -223,6 +229,7 @@ mkdir_p = @mkdir_p@
nm_CFLAGS = @nm_CFLAGS@
nm_LIBS = @nm_LIBS@
nm_ca_dir = @nm_ca_dir@
+nm_plugins = @nm_plugins@
oldincludedir = @oldincludedir@
openac_plugins = @openac_plugins@
p_plugins = @p_plugins@
@@ -232,7 +239,6 @@ pdfdir = @pdfdir@
piddir = @piddir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
-pluto_plugins = @pluto_plugins@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
@@ -270,7 +276,8 @@ INCLUDES = \
AM_CFLAGS = \
-DIPSEC_DIR=\"${ipsecdir}\" \
- -DIPSEC_PIDDIR=\"${piddir}\"
+ -DIPSEC_PIDDIR=\"${piddir}\" \
+ -DPLUGINS=\""${charon_plugins}\""
charon_LDADD = \
$(top_builddir)/src/libstrongswan/libstrongswan.la \
@@ -597,6 +604,8 @@ uninstall-am: uninstall-ipsecPROGRAMS
tags uninstall uninstall-am uninstall-ipsecPROGRAMS
+charon.o : $(top_builddir)/config.status
+
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
.NOEXPORT:
diff --git a/src/charon/charon.c b/src/charon/charon.c
index 6dbb0b592..bd36c72f4 100644
--- a/src/charon/charon.c
+++ b/src/charon/charon.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2006-2010 Tobias Brunner
+ * Copyright (C) 2006-2012 Tobias Brunner
* Copyright (C) 2005-2009 Martin Willi
* Copyright (C) 2006 Daniel Roethlisberger
* Copyright (C) 2005 Jan Hutter
@@ -17,21 +17,17 @@
*/
#include <stdio.h>
-#ifdef HAVE_PRCTL
-#include <sys/prctl.h>
-#endif
#define _POSIX_PTHREAD_SEMANTICS /* for two param sigwait on OpenSolaris */
#include <signal.h>
#undef _POSIX_PTHREAD_SEMANTICS
#include <pthread.h>
#include <sys/stat.h>
#include <sys/types.h>
+#include <sys/utsname.h>
#include <syslog.h>
#include <errno.h>
#include <unistd.h>
#include <getopt.h>
-#include <pwd.h>
-#include <grp.h>
#include <hydra.h>
#include <daemon.h>
@@ -143,67 +139,24 @@ static void run()
}
/**
- * drop daemon capabilities
- */
-static bool drop_capabilities()
-{
-#ifdef HAVE_PRCTL
- prctl(PR_SET_KEEPCAPS, 1, 0, 0, 0);
-#endif
-
- if (setgid(charon->gid) != 0)
- {
- DBG1(DBG_DMN, "change to unprivileged group failed");
- return FALSE;
- }
- if (setuid(charon->uid) != 0)
- {
- DBG1(DBG_DMN, "change to unprivileged user failed");
- return FALSE;
- }
- if (!charon->drop_capabilities(charon))
- {
- DBG1(DBG_DMN, "unable to drop daemon capabilities");
- return FALSE;
- }
- return TRUE;
-}
-
-/**
* lookup UID and GID
*/
static bool lookup_uid_gid()
{
#ifdef IPSEC_USER
+ if (!charon->caps->resolve_uid(charon->caps, IPSEC_USER))
{
- char buf[1024];
- struct passwd passwd, *pwp;
-
- if (getpwnam_r(IPSEC_USER, &passwd, buf, sizeof(buf), &pwp) != 0 ||
- pwp == NULL)
- {
- DBG1(DBG_DMN, "resolving user '"IPSEC_USER"' failed");
- return FALSE;
- }
- charon->uid = pwp->pw_uid;
+ return FALSE;
}
#endif
#ifdef IPSEC_GROUP
+ if (!charon->caps->resolve_gid(charon->caps, IPSEC_GROUP))
{
- char buf[1024];
- struct group group, *grp;
-
- if (getgrnam_r(IPSEC_GROUP, &group, buf, sizeof(buf), &grp) != 0 ||
- grp == NULL)
- {
- DBG1(DBG_DMN, "resolving group '"IPSEC_GROUP"' failed");
- return FALSE;
- }
- charon->gid = grp->gr_gid;
+ return FALSE;
}
#endif
#ifdef ANDROID
- charon->uid = AID_VPN;
+ charon->caps->set_uid(charon->caps, AID_VPN);
#endif
return TRUE;
}
@@ -259,7 +212,9 @@ static bool check_pidfile()
pidfile = fopen(PID_FILE, "w");
if (pidfile)
{
- ignore_result(fchown(fileno(pidfile), charon->uid, charon->gid));
+ ignore_result(fchown(fileno(pidfile),
+ charon->caps->get_uid(charon->caps),
+ charon->caps->get_gid(charon->caps)));
fprintf(pidfile, "%d\n", getpid());
fflush(pidfile);
}
@@ -335,7 +290,7 @@ static void initialize_loggers(bool use_stderr, level_t levels[])
facility, debug_lower_names, group));
}
charon->sys_loggers->insert_last(charon->sys_loggers, sys_logger);
- charon->bus->add_listener(charon->bus, &sys_logger->listener);
+ charon->bus->add_logger(charon->bus, &sys_logger->logger);
}
enumerator->destroy(enumerator);
@@ -385,7 +340,7 @@ static void initialize_loggers(bool use_stderr, level_t levels[])
filename, debug_lower_names, group));
}
charon->file_loggers->insert_last(charon->file_loggers, file_logger);
- charon->bus->add_listener(charon->bus, &file_logger->listener);
+ charon->bus->add_logger(charon->bus, &file_logger->logger);
}
enumerator->destroy(enumerator);
@@ -395,11 +350,9 @@ static void initialize_loggers(bool use_stderr, level_t levels[])
{
/* set up default stdout file_logger */
file_logger = file_logger_create(stdout, NULL, FALSE);
- charon->bus->add_listener(charon->bus, &file_logger->listener);
charon->file_loggers->insert_last(charon->file_loggers, file_logger);
/* set up default daemon sys_logger */
sys_logger = sys_logger_create(LOG_DAEMON, FALSE);
- charon->bus->add_listener(charon->bus, &sys_logger->listener);
charon->sys_loggers->insert_last(charon->sys_loggers, sys_logger);
for (group = 0; group < DBG_MAX; group++)
{
@@ -409,12 +362,14 @@ static void initialize_loggers(bool use_stderr, level_t levels[])
file_logger->set_level(file_logger, group, levels[group]);
}
}
+ charon->bus->add_logger(charon->bus, &file_logger->logger);
+ charon->bus->add_logger(charon->bus, &sys_logger->logger);
/* set up default auth sys_logger */
sys_logger = sys_logger_create(LOG_AUTHPRIV, FALSE);
- charon->bus->add_listener(charon->bus, &sys_logger->listener);
- charon->sys_loggers->insert_last(charon->sys_loggers, sys_logger);
sys_logger->set_level(sys_logger, DBG_ANY, LEVEL_AUDIT);
+ charon->sys_loggers->insert_last(charon->sys_loggers, sys_logger);
+ charon->bus->add_logger(charon->bus, &sys_logger->logger);
}
}
@@ -432,7 +387,7 @@ static void usage(const char *msg)
" [--version]\n"
" [--use-syslog]\n"
" [--debug-<type> <level>]\n"
- " <type>: log context type (dmn|mgr|ike|chd|job|cfg|knl|net|asn|enc|tnc|imc|imv|pts|tls|lib)\n"
+ " <type>: log context type (dmn|mgr|ike|chd|job|cfg|knl|net|asn|enc|tnc|imc|imv|pts|tls|esp|lib)\n"
" <level>: log verbosity (-1 = silent, 0 = audit, 1 = control,\n"
" 2 = controlmore, 3 = raw, 4 = private)\n"
"\n"
@@ -448,6 +403,7 @@ int main(int argc, char *argv[])
bool use_syslog = FALSE;
level_t levels[DBG_MAX];
int group, status = SS_RC_INITIALIZATION_FAILED;
+ struct utsname utsname;
/* logging for library during initialization, as we have no bus yet */
dbg = dbg_stderr;
@@ -475,7 +431,7 @@ int main(int argc, char *argv[])
exit(SS_RC_INITIALIZATION_FAILED);
}
- if (!libcharon_init())
+ if (!libcharon_init("charon"))
{
dbg_stderr(DBG_DMN, 1, "initialization failed - aborting charon");
goto deinit;
@@ -510,6 +466,7 @@ int main(int argc, char *argv[])
{ "debug-imv", required_argument, &group, DBG_IMV },
{ "debug-pts", required_argument, &group, DBG_PTS },
{ "debug-tls", required_argument, &group, DBG_TLS },
+ { "debug-esp", required_argument, &group, DBG_ESP },
{ "debug-lib", required_argument, &group, DBG_LIB },
{ 0,0,0,0 }
};
@@ -550,8 +507,24 @@ int main(int argc, char *argv[])
initialize_loggers(!use_syslog, levels);
+ if (uname(&utsname) != 0)
+ {
+ memset(&utsname, 0, sizeof(utsname));
+ }
+ DBG1(DBG_DMN, "Starting IKE charon daemon (strongSwan "VERSION", %s %s, %s)",
+ utsname.sysname, utsname.release, utsname.machine);
+ if (lib->integrity)
+ {
+ DBG1(DBG_DMN, "integrity tests enabled:");
+ DBG1(DBG_DMN, "lib 'libstrongswan': passed file and segment integrity tests");
+ DBG1(DBG_DMN, "lib 'libhydra': passed file and segment integrity tests");
+ DBG1(DBG_DMN, "lib 'libcharon': passed file and segment integrity tests");
+ DBG1(DBG_DMN, "daemon 'charon': passed file integrity test");
+ }
+
/* initialize daemon */
- if (!charon->initialize(charon))
+ if (!charon->initialize(charon,
+ lib->settings->get_str(lib->settings, "charon.load", PLUGINS)))
{
DBG1(DBG_DMN, "initialization failed - aborting charon");
goto deinit;
@@ -564,7 +537,7 @@ int main(int argc, char *argv[])
goto deinit;
}
- if (!drop_capabilities())
+ if (!charon->caps->drop(charon->caps))
{
DBG1(DBG_DMN, "capability dropping failed - aborting charon");
goto deinit;