diff options
Diffstat (limited to 'src/charon')
-rw-r--r-- | src/charon/Android.mk | 3 | ||||
-rw-r--r-- | src/charon/Makefile.am | 5 | ||||
-rw-r--r-- | src/charon/Makefile.in | 19 | ||||
-rw-r--r-- | src/charon/charon.c | 103 |
4 files changed, 58 insertions, 72 deletions
diff --git a/src/charon/Android.mk b/src/charon/Android.mk index eb7eca9dd..1dd27d534 100644 --- a/src/charon/Android.mk +++ b/src/charon/Android.mk @@ -13,7 +13,8 @@ LOCAL_C_INCLUDES += \ $(strongswan_PATH)/src/libcharon \ $(strongswan_PATH)/src/libstrongswan -LOCAL_CFLAGS := $(strongswan_CFLAGS) +LOCAL_CFLAGS := $(strongswan_CFLAGS) \ + -DPLUGINS='"$(strongswan_CHARON_PLUGINS)"' LOCAL_MODULE := charon diff --git a/src/charon/Makefile.am b/src/charon/Makefile.am index 6481947f1..0ca15cb10 100644 --- a/src/charon/Makefile.am +++ b/src/charon/Makefile.am @@ -3,6 +3,8 @@ ipsec_PROGRAMS = charon charon_SOURCES = \ charon.c +charon.o : $(top_builddir)/config.status + INCLUDES = \ -I$(top_srcdir)/src/libstrongswan \ -I$(top_srcdir)/src/libhydra \ @@ -10,7 +12,8 @@ INCLUDES = \ AM_CFLAGS = \ -DIPSEC_DIR=\"${ipsecdir}\" \ - -DIPSEC_PIDDIR=\"${piddir}\" + -DIPSEC_PIDDIR=\"${piddir}\" \ + -DPLUGINS=\""${charon_plugins}\"" charon_LDADD = \ $(top_builddir)/src/libstrongswan/libstrongswan.la \ diff --git a/src/charon/Makefile.in b/src/charon/Makefile.in index 5da167dfd..d8109bb7f 100644 --- a/src/charon/Makefile.in +++ b/src/charon/Makefile.in @@ -50,6 +50,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d +CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = CONFIG_CLEAN_VPATH_FILES = am__installdirs = "$(DESTDIR)$(ipsecdir)" @@ -62,7 +63,7 @@ charon_DEPENDENCIES = \ $(top_builddir)/src/libhydra/libhydra.la \ $(top_builddir)/src/libcharon/libcharon.la \ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) -DEFAULT_INCLUDES = -I.@am__isrc@ +DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles am__mv = mv -f @@ -88,6 +89,7 @@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ +BFDLIB = @BFDLIB@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ @@ -182,11 +184,14 @@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ c_plugins = @c_plugins@ +charon_natt_port = @charon_natt_port@ +charon_plugins = @charon_plugins@ +charon_udp_port = @charon_udp_port@ clearsilver_LIBS = @clearsilver_LIBS@ datadir = @datadir@ datarootdir = @datarootdir@ dbusservicedir = @dbusservicedir@ -default_pkcs11 = @default_pkcs11@ +dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ @@ -203,11 +208,12 @@ imcvdir = @imcvdir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ +ipsec_script = @ipsec_script@ +ipsec_script_upper = @ipsec_script_upper@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ -libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ libexecdir = @libexecdir@ linux_headers = @linux_headers@ @@ -223,6 +229,7 @@ mkdir_p = @mkdir_p@ nm_CFLAGS = @nm_CFLAGS@ nm_LIBS = @nm_LIBS@ nm_ca_dir = @nm_ca_dir@ +nm_plugins = @nm_plugins@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ p_plugins = @p_plugins@ @@ -232,7 +239,6 @@ pdfdir = @pdfdir@ piddir = @piddir@ pki_plugins = @pki_plugins@ plugindir = @plugindir@ -pluto_plugins = @pluto_plugins@ pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ @@ -270,7 +276,8 @@ INCLUDES = \ AM_CFLAGS = \ -DIPSEC_DIR=\"${ipsecdir}\" \ - -DIPSEC_PIDDIR=\"${piddir}\" + -DIPSEC_PIDDIR=\"${piddir}\" \ + -DPLUGINS=\""${charon_plugins}\"" charon_LDADD = \ $(top_builddir)/src/libstrongswan/libstrongswan.la \ @@ -597,6 +604,8 @@ uninstall-am: uninstall-ipsecPROGRAMS tags uninstall uninstall-am uninstall-ipsecPROGRAMS +charon.o : $(top_builddir)/config.status + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff --git a/src/charon/charon.c b/src/charon/charon.c index 6dbb0b592..bd36c72f4 100644 --- a/src/charon/charon.c +++ b/src/charon/charon.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2006-2010 Tobias Brunner + * Copyright (C) 2006-2012 Tobias Brunner * Copyright (C) 2005-2009 Martin Willi * Copyright (C) 2006 Daniel Roethlisberger * Copyright (C) 2005 Jan Hutter @@ -17,21 +17,17 @@ */ #include <stdio.h> -#ifdef HAVE_PRCTL -#include <sys/prctl.h> -#endif #define _POSIX_PTHREAD_SEMANTICS /* for two param sigwait on OpenSolaris */ #include <signal.h> #undef _POSIX_PTHREAD_SEMANTICS #include <pthread.h> #include <sys/stat.h> #include <sys/types.h> +#include <sys/utsname.h> #include <syslog.h> #include <errno.h> #include <unistd.h> #include <getopt.h> -#include <pwd.h> -#include <grp.h> #include <hydra.h> #include <daemon.h> @@ -143,67 +139,24 @@ static void run() } /** - * drop daemon capabilities - */ -static bool drop_capabilities() -{ -#ifdef HAVE_PRCTL - prctl(PR_SET_KEEPCAPS, 1, 0, 0, 0); -#endif - - if (setgid(charon->gid) != 0) - { - DBG1(DBG_DMN, "change to unprivileged group failed"); - return FALSE; - } - if (setuid(charon->uid) != 0) - { - DBG1(DBG_DMN, "change to unprivileged user failed"); - return FALSE; - } - if (!charon->drop_capabilities(charon)) - { - DBG1(DBG_DMN, "unable to drop daemon capabilities"); - return FALSE; - } - return TRUE; -} - -/** * lookup UID and GID */ static bool lookup_uid_gid() { #ifdef IPSEC_USER + if (!charon->caps->resolve_uid(charon->caps, IPSEC_USER)) { - char buf[1024]; - struct passwd passwd, *pwp; - - if (getpwnam_r(IPSEC_USER, &passwd, buf, sizeof(buf), &pwp) != 0 || - pwp == NULL) - { - DBG1(DBG_DMN, "resolving user '"IPSEC_USER"' failed"); - return FALSE; - } - charon->uid = pwp->pw_uid; + return FALSE; } #endif #ifdef IPSEC_GROUP + if (!charon->caps->resolve_gid(charon->caps, IPSEC_GROUP)) { - char buf[1024]; - struct group group, *grp; - - if (getgrnam_r(IPSEC_GROUP, &group, buf, sizeof(buf), &grp) != 0 || - grp == NULL) - { - DBG1(DBG_DMN, "resolving group '"IPSEC_GROUP"' failed"); - return FALSE; - } - charon->gid = grp->gr_gid; + return FALSE; } #endif #ifdef ANDROID - charon->uid = AID_VPN; + charon->caps->set_uid(charon->caps, AID_VPN); #endif return TRUE; } @@ -259,7 +212,9 @@ static bool check_pidfile() pidfile = fopen(PID_FILE, "w"); if (pidfile) { - ignore_result(fchown(fileno(pidfile), charon->uid, charon->gid)); + ignore_result(fchown(fileno(pidfile), + charon->caps->get_uid(charon->caps), + charon->caps->get_gid(charon->caps))); fprintf(pidfile, "%d\n", getpid()); fflush(pidfile); } @@ -335,7 +290,7 @@ static void initialize_loggers(bool use_stderr, level_t levels[]) facility, debug_lower_names, group)); } charon->sys_loggers->insert_last(charon->sys_loggers, sys_logger); - charon->bus->add_listener(charon->bus, &sys_logger->listener); + charon->bus->add_logger(charon->bus, &sys_logger->logger); } enumerator->destroy(enumerator); @@ -385,7 +340,7 @@ static void initialize_loggers(bool use_stderr, level_t levels[]) filename, debug_lower_names, group)); } charon->file_loggers->insert_last(charon->file_loggers, file_logger); - charon->bus->add_listener(charon->bus, &file_logger->listener); + charon->bus->add_logger(charon->bus, &file_logger->logger); } enumerator->destroy(enumerator); @@ -395,11 +350,9 @@ static void initialize_loggers(bool use_stderr, level_t levels[]) { /* set up default stdout file_logger */ file_logger = file_logger_create(stdout, NULL, FALSE); - charon->bus->add_listener(charon->bus, &file_logger->listener); charon->file_loggers->insert_last(charon->file_loggers, file_logger); /* set up default daemon sys_logger */ sys_logger = sys_logger_create(LOG_DAEMON, FALSE); - charon->bus->add_listener(charon->bus, &sys_logger->listener); charon->sys_loggers->insert_last(charon->sys_loggers, sys_logger); for (group = 0; group < DBG_MAX; group++) { @@ -409,12 +362,14 @@ static void initialize_loggers(bool use_stderr, level_t levels[]) file_logger->set_level(file_logger, group, levels[group]); } } + charon->bus->add_logger(charon->bus, &file_logger->logger); + charon->bus->add_logger(charon->bus, &sys_logger->logger); /* set up default auth sys_logger */ sys_logger = sys_logger_create(LOG_AUTHPRIV, FALSE); - charon->bus->add_listener(charon->bus, &sys_logger->listener); - charon->sys_loggers->insert_last(charon->sys_loggers, sys_logger); sys_logger->set_level(sys_logger, DBG_ANY, LEVEL_AUDIT); + charon->sys_loggers->insert_last(charon->sys_loggers, sys_logger); + charon->bus->add_logger(charon->bus, &sys_logger->logger); } } @@ -432,7 +387,7 @@ static void usage(const char *msg) " [--version]\n" " [--use-syslog]\n" " [--debug-<type> <level>]\n" - " <type>: log context type (dmn|mgr|ike|chd|job|cfg|knl|net|asn|enc|tnc|imc|imv|pts|tls|lib)\n" + " <type>: log context type (dmn|mgr|ike|chd|job|cfg|knl|net|asn|enc|tnc|imc|imv|pts|tls|esp|lib)\n" " <level>: log verbosity (-1 = silent, 0 = audit, 1 = control,\n" " 2 = controlmore, 3 = raw, 4 = private)\n" "\n" @@ -448,6 +403,7 @@ int main(int argc, char *argv[]) bool use_syslog = FALSE; level_t levels[DBG_MAX]; int group, status = SS_RC_INITIALIZATION_FAILED; + struct utsname utsname; /* logging for library during initialization, as we have no bus yet */ dbg = dbg_stderr; @@ -475,7 +431,7 @@ int main(int argc, char *argv[]) exit(SS_RC_INITIALIZATION_FAILED); } - if (!libcharon_init()) + if (!libcharon_init("charon")) { dbg_stderr(DBG_DMN, 1, "initialization failed - aborting charon"); goto deinit; @@ -510,6 +466,7 @@ int main(int argc, char *argv[]) { "debug-imv", required_argument, &group, DBG_IMV }, { "debug-pts", required_argument, &group, DBG_PTS }, { "debug-tls", required_argument, &group, DBG_TLS }, + { "debug-esp", required_argument, &group, DBG_ESP }, { "debug-lib", required_argument, &group, DBG_LIB }, { 0,0,0,0 } }; @@ -550,8 +507,24 @@ int main(int argc, char *argv[]) initialize_loggers(!use_syslog, levels); + if (uname(&utsname) != 0) + { + memset(&utsname, 0, sizeof(utsname)); + } + DBG1(DBG_DMN, "Starting IKE charon daemon (strongSwan "VERSION", %s %s, %s)", + utsname.sysname, utsname.release, utsname.machine); + if (lib->integrity) + { + DBG1(DBG_DMN, "integrity tests enabled:"); + DBG1(DBG_DMN, "lib 'libstrongswan': passed file and segment integrity tests"); + DBG1(DBG_DMN, "lib 'libhydra': passed file and segment integrity tests"); + DBG1(DBG_DMN, "lib 'libcharon': passed file and segment integrity tests"); + DBG1(DBG_DMN, "daemon 'charon': passed file integrity test"); + } + /* initialize daemon */ - if (!charon->initialize(charon)) + if (!charon->initialize(charon, + lib->settings->get_str(lib->settings, "charon.load", PLUGINS))) { DBG1(DBG_DMN, "initialization failed - aborting charon"); goto deinit; @@ -564,7 +537,7 @@ int main(int argc, char *argv[]) goto deinit; } - if (!drop_capabilities()) + if (!charon->caps->drop(charon->caps)) { DBG1(DBG_DMN, "capability dropping failed - aborting charon"); goto deinit; |