diff options
Diffstat (limited to 'src/starter')
-rw-r--r-- | src/starter/Android.mk | 4 | ||||
-rw-r--r-- | src/starter/Makefile.in | 35 | ||||
-rw-r--r-- | src/starter/args.c | 17 | ||||
-rw-r--r-- | src/starter/cmp.c | 4 | ||||
-rw-r--r-- | src/starter/confread.c | 39 | ||||
-rw-r--r-- | src/starter/confread.h | 5 | ||||
-rw-r--r-- | src/starter/files.h | 8 | ||||
-rw-r--r-- | src/starter/invokecharon.c | 37 | ||||
-rw-r--r-- | src/starter/keywords.c | 91 | ||||
-rw-r--r-- | src/starter/keywords.h | 2 | ||||
-rw-r--r-- | src/starter/keywords.txt | 1 | ||||
-rw-r--r-- | src/starter/starter.c | 108 | ||||
-rw-r--r-- | src/starter/starterstroke.c | 5 |
13 files changed, 257 insertions, 99 deletions
diff --git a/src/starter/Android.mk b/src/starter/Android.mk index c7e81d284..91575c9ba 100644 --- a/src/starter/Android.mk +++ b/src/starter/Android.mk @@ -2,13 +2,15 @@ LOCAL_PATH := $(call my-dir) include $(CLEAR_VARS) # copy-n-paste from Makefile.am (update for LEX/YACC) -LOCAL_SRC_FILES := \ +starter_SOURCES := \ parser.c lexer.c ipsec-parser.h netkey.c args.h netkey.h \ starterstroke.c confread.c \ starterstroke.h confread.h args.c \ keywords.c files.h keywords.h cmp.c starter.c cmp.h invokecharon.c \ invokecharon.h klips.c klips.h +LOCAL_SRC_FILES := $(filter %.c,$(starter_SOURCES)) + # build starter ---------------------------------------------------------------- LOCAL_C_INCLUDES += \ diff --git a/src/starter/Makefile.in b/src/starter/Makefile.in index b2c86384e..2e43f7000 100644 --- a/src/starter/Makefile.in +++ b/src/starter/Makefile.in @@ -1,4 +1,4 @@ -# Makefile.in generated by automake 1.11.3 from Makefile.am. +# Makefile.in generated by automake 1.11.6 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, @@ -16,6 +16,23 @@ @SET_MAKE@ VPATH = @srcdir@ +am__make_dryrun = \ + { \ + am__dry=no; \ + case $$MAKEFLAGS in \ + *\\[\ \ ]*) \ + echo 'am--echo: ; @echo "AM" OK' | $(MAKE) -f - 2>/dev/null \ + | grep '^AM OK$$' >/dev/null || am__dry=yes;; \ + *) \ + for am__flg in $$MAKEFLAGS; do \ + case $$am__flg in \ + *=*|--*) ;; \ + *n*) am__dry=yes; break;; \ + esac; \ + done;; \ + esac; \ + test $$am__dry = yes; \ + } pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ @@ -91,6 +108,11 @@ LTYACCCOMPILE = $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=compile $(YACC) $(AM_YFLAGS) $(YFLAGS) SOURCES = $(starter_SOURCES) DIST_SOURCES = $(starter_SOURCES) +am__can_run_installinfo = \ + case $$AM_UPDATE_INFO_DIR in \ + n|no|NO) false;; \ + *) (install-info --version) >/dev/null 2>&1;; \ + esac ETAGS = etags CTAGS = ctags DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) @@ -107,6 +129,8 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ +CHECK_CFLAGS = @CHECK_CFLAGS@ +CHECK_LIBS = @CHECK_LIBS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CYGPATH_W = @CYGPATH_W@ @@ -123,6 +147,7 @@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ GPERF = @GPERF@ +GPRBUILD = @GPRBUILD@ GREP = @GREP@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ @@ -191,8 +216,6 @@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ -axis2c_CFLAGS = @axis2c_CFLAGS@ -axis2c_LIBS = @axis2c_LIBS@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ @@ -248,7 +271,6 @@ nm_ca_dir = @nm_ca_dir@ nm_plugins = @nm_plugins@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ -p_plugins = @p_plugins@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ @@ -343,8 +365,11 @@ $(ACLOCAL_M4): $(am__aclocal_m4_deps) $(am__aclocal_m4_deps): install-ipsecPROGRAMS: $(ipsec_PROGRAMS) @$(NORMAL_INSTALL) - test -z "$(ipsecdir)" || $(MKDIR_P) "$(DESTDIR)$(ipsecdir)" @list='$(ipsec_PROGRAMS)'; test -n "$(ipsecdir)" || list=; \ + if test -n "$$list"; then \ + echo " $(MKDIR_P) '$(DESTDIR)$(ipsecdir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(ipsecdir)" || exit 1; \ + fi; \ for p in $$list; do echo "$$p $$p"; done | \ sed 's/$(EXEEXT)$$//' | \ while read p p1; do if test -f $$p || test -f $$p1; \ diff --git a/src/starter/args.c b/src/starter/args.c index 390062a99..5fbf51856 100644 --- a/src/starter/args.c +++ b/src/starter/args.c @@ -33,6 +33,7 @@ typedef enum { ARG_TIME, ARG_ULNG, ARG_ULLI, + ARG_UBIN, ARG_PCNT, ARG_STR, ARG_LST, @@ -146,6 +147,7 @@ static const token_info_t token_info[] = { ARG_MISC, 0, NULL /* KW_MOBIKE */ }, { ARG_MISC, 0, NULL /* KW_FORCEENCAPS */ }, { ARG_ENUM, offsetof(starter_conn_t, fragmentation), LST_fragmentation }, + { ARG_UBIN, offsetof(starter_conn_t, ikedscp), NULL }, { ARG_TIME, offsetof(starter_conn_t, sa_ike_life_seconds), NULL }, { ARG_TIME, offsetof(starter_conn_t, sa_ipsec_life_seconds), NULL }, { ARG_TIME, offsetof(starter_conn_t, sa_rekey_margin), NULL }, @@ -399,6 +401,21 @@ bool assign_arg(kw_token_t token, kw_token_t first, kw_list_t *kw, char *base, } } break; + case ARG_UBIN: + { + char *endptr; + u_int *u = (u_int *)p; + + *u = strtoul(kw->value, &endptr, 2); + + if (*endptr != '\0') + { + DBG1(DBG_APP, "# bad binary value: %s=%s", kw->entry->name, + kw->value); + return FALSE; + } + } + break; case ARG_TIME: { char *endptr; diff --git a/src/starter/cmp.c b/src/starter/cmp.c index aaba7b11d..cea864a4a 100644 --- a/src/starter/cmp.c +++ b/src/starter/cmp.c @@ -27,7 +27,8 @@ static bool starter_cmp_end(starter_end_t *c1, starter_end_t *c2) return FALSE; VARCMP(modecfg); - VARCMP(port); + VARCMP(from_port); + VARCMP(to_port); VARCMP(protocol); return cmp_args(KW_END_FIRST, KW_END_LAST, (char *)c1, (char *)c2); @@ -63,4 +64,3 @@ bool starter_cmp_ca(starter_ca_t *c1, starter_ca_t *c2) return cmp_args(KW_CA_NAME, KW_CA_LAST, (char *)c1, (char *)c2); } - diff --git a/src/starter/confread.c b/src/starter/confread.c index fecb998df..f0f05b036 100644 --- a/src/starter/confread.c +++ b/src/starter/confread.c @@ -142,6 +142,9 @@ static void default_values(starter_config_t *cfg) cfg->conn_default.left.ikeport = 500; cfg->conn_default.right.ikeport = 500; + cfg->conn_default.left.to_port = 0xffff; + cfg->conn_default.right.to_port = 0xffff; + cfg->ca_default.seen = SEEN_NONE; } @@ -187,7 +190,7 @@ static void load_setup(starter_config_t *cfg, config_parsed_t *cfgp) /* verify the executables are actually available */ #ifdef START_CHARON cfg->setup.charonstart = cfg->setup.charonstart && - daemon_exists("charon", CHARON_CMD); + daemon_exists(daemon_name, cmd); #else cfg->setup.charonstart = FALSE; #endif @@ -292,24 +295,46 @@ static void kw_end(starter_conn_t *conn, starter_end_t *end, kw_token_t token, } if (streq(port, "%any")) { - end->port = 0; + end->from_port = 0; + end->to_port = 0xffff; } - else + else if (streq(port, "%opaque")) + { + end->from_port = 0xffff; + end->to_port = 0; + } + else if (*port) { svc = getservbyname(port, NULL); if (svc) { - end->port = ntohs(svc->s_port); + end->from_port = end->to_port = ntohs(svc->s_port); } else { p = strtol(port, &endptr, 0); - if ((*port && *endptr) || p < 0 || p > 0xffff) + if (p < 0 || p > 0xffff) + { + DBG1(DBG_APP, "# bad port: %s=%s", name, port); + goto err; + } + end->from_port = p; + if (*endptr == '-') + { + port = endptr + 1; + p = strtol(port, &endptr, 0); + if (p < 0 || p > 0xffff) + { + DBG1(DBG_APP, "# bad port: %s=%s", name, port); + goto err; + } + } + end->to_port = p; + if (*endptr) { - DBG1(DBG_APP, "# bad port: %s=%s", name, value); + DBG1(DBG_APP, "# bad port: %s=%s", name, port); goto err; } - end->port = (u_int16_t)p; } } if (sep) diff --git a/src/starter/confread.h b/src/starter/confread.h index a0f6234f9..0690bed4e 100644 --- a/src/starter/confread.h +++ b/src/starter/confread.h @@ -115,7 +115,8 @@ struct starter_end { bool hostaccess; bool allow_any; char *updown; - u_int16_t port; + u_int16_t from_port; + u_int16_t to_port; u_int8_t protocol; char *sourceip; char *dns; @@ -148,6 +149,7 @@ struct starter_conn { ipsec_mode_t mode; bool proxy_mode; fragmentation_t fragmentation; + u_int ikedscp; sa_option_t options; time_t sa_ike_life_seconds; time_t sa_ipsec_life_seconds; @@ -246,4 +248,3 @@ extern starter_config_t *confread_load(const char *file); extern void confread_free(starter_config_t *cfg); #endif /* _IPSEC_CONFREAD_H_ */ - diff --git a/src/starter/files.h b/src/starter/files.h index 96b76fdf1..76cdaa986 100644 --- a/src/starter/files.h +++ b/src/starter/files.h @@ -15,8 +15,6 @@ #ifndef _STARTER_FILES_H_ #define _STARTER_FILES_H_ -#define STARTER_PID_FILE IPSEC_PIDDIR "/starter.pid" - #define PROC_NETKEY "/proc/net/pfkey" #define PROC_KLIPS "/proc/net/pf_key" #define PROC_MODULES "/proc/modules" @@ -24,9 +22,11 @@ #define CONFIG_FILE IPSEC_CONFDIR "/ipsec.conf" #define SECRETS_FILE IPSEC_CONFDIR "/ipsec.secrets" -#define CHARON_CMD IPSEC_DIR "/charon" #define CHARON_CTL_FILE IPSEC_PIDDIR "/charon.ctl" -#define CHARON_PID_FILE IPSEC_PIDDIR "/charon.pid" + +extern char *daemon_name; +extern char *cmd; +extern char *pid_file; #define DYNIP_DIR IPSEC_PIDDIR "/dynip" diff --git a/src/starter/invokecharon.c b/src/starter/invokecharon.c index 1c93381f7..d981f6c17 100644 --- a/src/starter/invokecharon.c +++ b/src/starter/invokecharon.c @@ -46,22 +46,22 @@ void starter_charon_sigchild(pid_t pid, int status) if (status == SS_RC_LIBSTRONGSWAN_INTEGRITY || status == SS_RC_DAEMON_INTEGRITY) { - DBG1(DBG_APP, "charon has quit: integrity test of %s failed", - (status == 64) ? "libstrongswan" : "charon"); + DBG1(DBG_APP, "%s has quit: integrity test of %s failed", + daemon_name, (status == 64) ? "libstrongswan" : daemon_name); _stop_requested = 1; } else if (status == SS_RC_INITIALIZATION_FAILED) { - DBG1(DBG_APP, "charon has quit: initialization failed"); + DBG1(DBG_APP, "%s has quit: initialization failed", daemon_name); _stop_requested = 1; } if (!_stop_requested) { - DBG1(DBG_APP, "charon has died -- restart scheduled (%dsec)", - CHARON_RESTART_DELAY); + DBG1(DBG_APP, "%s has died -- restart scheduled (%dsec)", + daemon_name, CHARON_RESTART_DELAY); alarm(CHARON_RESTART_DELAY); // restart in 5 sec } - unlink(CHARON_PID_FILE); + unlink(pid_file); } } @@ -88,7 +88,8 @@ int starter_stop_charon (void) else if (i == 40) { kill(pid, SIGKILL); - DBG1(DBG_APP, "starter_stop_charon(): charon does not respond, sending KILL"); + DBG1(DBG_APP, "starter_stop_charon(): %s does not respond, sending KILL", + daemon_name); } else { @@ -98,15 +99,15 @@ int starter_stop_charon (void) } if (_charon_pid == 0) { - DBG1(DBG_APP, "charon stopped after %d ms", 200*i); + DBG1(DBG_APP, "%s stopped after %d ms", daemon_name, 200*i); return 0; } - DBG1(DBG_APP, "starter_stop_charon(): can't stop charon !!!"); + DBG1(DBG_APP, "starter_stop_charon(): can't stop %s !!!", daemon_name); return -1; } else { - DBG1(DBG_APP, "stater_stop_charon(): charon was not started..."); + DBG1(DBG_APP, "stater_stop_charon(): %s was not started...", daemon_name); } return -1; } @@ -119,7 +120,7 @@ int starter_start_charon (starter_config_t *cfg, bool no_fork, bool attach_gdb) char buffer[BUF_LEN]; int argc = 1; char *arg[] = { - CHARON_CMD, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, + cmd, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL @@ -130,7 +131,7 @@ int starter_start_charon (starter_config_t *cfg, bool no_fork, bool attach_gdb) argc = 0; arg[argc++] = "/usr/bin/gdb"; arg[argc++] = "--args"; - arg[argc++] = CHARON_CMD; + arg[argc++] = cmd; } if (!no_fork) { @@ -172,7 +173,8 @@ int starter_start_charon (starter_config_t *cfg, bool no_fork, bool attach_gdb) if (_charon_pid) { - DBG1(DBG_APP, "starter_start_charon(): charon already started..."); + DBG1(DBG_APP, "starter_start_charon(): %s already started...", + daemon_name); return -1; } else @@ -203,9 +205,9 @@ int starter_start_charon (starter_config_t *cfg, bool no_fork, bool attach_gdb) { /* wait for charon for a maximum of 500 x 20 ms = 10 s */ usleep(20000); - if (stat(CHARON_PID_FILE, &stb) == 0) + if (stat(pid_file, &stb) == 0) { - DBG1(DBG_APP, "charon (%d) started after %d ms", + DBG1(DBG_APP, "%s (%d) started after %d ms", daemon_name, _charon_pid, 20*(i+1)); return 0; } @@ -213,7 +215,8 @@ int starter_start_charon (starter_config_t *cfg, bool no_fork, bool attach_gdb) if (_charon_pid) { /* If charon is started but with no ctl file, stop it */ - DBG1(DBG_APP, "charon too long to start... - kill kill"); + DBG1(DBG_APP, "%s too long to start... - kill kill", + daemon_name); for (i = 0; i < 20 && (pid = _charon_pid) != 0; i++) { if (i == 0) @@ -233,7 +236,7 @@ int starter_start_charon (starter_config_t *cfg, bool no_fork, bool attach_gdb) } else { - DBG1(DBG_APP, "charon refused to be started"); + DBG1(DBG_APP, "%s refused to be started", daemon_name); } return -1; } diff --git a/src/starter/keywords.c b/src/starter/keywords.c index b75ff1395..3692c2cdd 100644 --- a/src/starter/keywords.c +++ b/src/starter/keywords.c @@ -54,7 +54,7 @@ struct kw_entry { kw_token_t token; }; -#define TOTAL_KEYWORDS 135 +#define TOTAL_KEYWORDS 136 #define MIN_WORD_LENGTH 3 #define MAX_WORD_LENGTH 17 #define MIN_HASH_VALUE 10 @@ -79,15 +79,15 @@ hash (str, len) 260, 260, 260, 260, 260, 260, 260, 260, 260, 260, 260, 260, 260, 260, 260, 260, 260, 260, 260, 260, 260, 260, 260, 260, 260, 260, 260, 260, 260, 260, - 260, 260, 260, 260, 260, 260, 260, 260, 260, 15, + 260, 260, 260, 260, 260, 260, 260, 260, 260, 8, 99, 260, 260, 260, 260, 260, 260, 260, 260, 260, 260, 260, 260, 260, 260, 260, 260, 260, 260, 260, 260, 260, 260, 260, 260, 260, 260, 260, 260, 260, 260, 260, 260, 260, 260, 260, 260, 260, 260, 260, - 260, 260, 260, 260, 260, 11, 260, 11, 2, 80, - 55, 6, 3, 2, 114, 2, 260, 83, 70, 6, - 22, 81, 51, 7, 14, 2, 7, 122, 2, 260, - 260, 43, 19, 260, 260, 260, 260, 260, 260, 260, + 260, 260, 260, 260, 260, 4, 260, 11, 4, 80, + 55, 6, 3, 2, 114, 2, 260, 114, 70, 33, + 22, 81, 51, 7, 14, 2, 7, 122, 8, 260, + 260, 43, 4, 260, 260, 260, 260, 260, 260, 260, 260, 260, 260, 260, 260, 260, 260, 260, 260, 260, 260, 260, 260, 260, 260, 260, 260, 260, 260, 260, 260, 260, 260, 260, 260, 260, 260, 260, 260, 260, @@ -163,8 +163,8 @@ static const struct kw_entry wordlist[] = {"rightrsasigkey", KW_RIGHTRSASIGKEY}, {"rightprotoport", KW_RIGHTPROTOPORT}, {"leftnexthop", KW_LEFT_DEPRECATED}, - {"strictcrlpolicy", KW_STRICTCRLPOLICY}, {"me_peerid", KW_ME_PEERID}, + {"strictcrlpolicy", KW_STRICTCRLPOLICY}, {"inactivity", KW_INACTIVITY}, {"rightnexthop", KW_RIGHT_DEPRECATED}, {"rightfirewall", KW_RIGHTFIREWALL}, @@ -172,55 +172,52 @@ static const struct kw_entry wordlist[] = {"leftupdown", KW_LEFTUPDOWN}, {"leftfirewall", KW_LEFTFIREWALL}, {"crluri", KW_CRLURI}, - {"ike", KW_IKE}, {"mediation", KW_MEDIATION}, {"rightcert", KW_RIGHTCERT}, - {"mobike", KW_MOBIKE}, + {"crluri1", KW_CRLURI}, {"rightca", KW_RIGHTCA}, - {"compress", KW_COMPRESS}, + {"mobike", KW_MOBIKE}, {"type", KW_TYPE}, {"ocspuri", KW_OCSPURI}, {"lefthostaccess", KW_LEFTHOSTACCESS}, {"esp", KW_ESP}, - {"crluri1", KW_CRLURI}, - {"ikelifetime", KW_IKELIFETIME}, - {"leftikeport", KW_LEFTIKEPORT}, {"cacert", KW_CACERT}, - {"mark", KW_MARK}, + {"ocspuri1", KW_OCSPURI}, {"rightid2", KW_RIGHTID2}, {"forceencaps", KW_FORCEENCAPS}, {"nat_traversal", KW_SETUP_DEPRECATED}, {"eap", KW_CONN_DEPRECATED}, {"rightgroups2", KW_RIGHTGROUPS2}, {"packetdefault", KW_SETUP_DEPRECATED}, - {"ocspuri1", KW_OCSPURI}, - {"rekeyfuzz", KW_REKEYFUZZ}, + {"force_keepalive", KW_SETUP_DEPRECATED}, {"mark_out", KW_MARK_OUT}, {"mediated_by", KW_MEDIATED_BY}, {"leftcert2", KW_LEFTCERT2}, {"rightauth2", KW_RIGHTAUTH2}, {"leftid", KW_LEFTID}, {"leftca2", KW_LEFTCA2}, - {"force_keepalive", KW_SETUP_DEPRECATED}, - {"rekeymargin", KW_REKEYMARGIN}, - {"dpdtimeout", KW_DPDTIMEOUT}, + {"ike", KW_IKE}, + {"compress", KW_COMPRESS}, {"aaa_identity", KW_AAA_IDENTITY}, {"leftgroups2", KW_LEFTGROUPS2}, {"leftallowany", KW_LEFTALLOWANY}, {"righthostaccess", KW_RIGHTHOSTACCESS}, - {"rekey", KW_REKEY}, + {"rekeyfuzz", KW_REKEYFUZZ}, {"rightauth", KW_RIGHTAUTH}, {"klipsdebug", KW_SETUP_DEPRECATED}, + {"ikelifetime", KW_IKELIFETIME}, + {"leftikeport", KW_LEFTIKEPORT}, {"rightcertpolicy", KW_RIGHTCERTPOLICY}, - {"overridemtu", KW_SETUP_DEPRECATED}, + {"mark", KW_MARK}, {"dpdaction", KW_DPDACTION}, {"pfsgroup", KW_PFS_DEPRECATED}, {"keyexchange", KW_KEYEXCHANGE}, {"hidetos", KW_SETUP_DEPRECATED}, {"leftsubnet", KW_LEFTSUBNET}, + {"overridemtu", KW_SETUP_DEPRECATED}, {"installpolicy", KW_INSTALLPOLICY}, - {"dumpdir", KW_SETUP_DEPRECATED}, {"leftsourceip", KW_LEFTSOURCEIP}, + {"dpdtimeout", KW_DPDTIMEOUT}, {"also", KW_ALSO}, {"rightupdown", KW_RIGHTUPDOWN}, {"charondebug", KW_CHARONDEBUG}, @@ -228,35 +225,39 @@ static const struct kw_entry wordlist[] = {"fragicmp", KW_SETUP_DEPRECATED}, {"charonstart", KW_SETUP_DEPRECATED}, {"tfc", KW_TFC}, + {"rekey", KW_REKEY}, {"leftsubnetwithin", KW_LEFTSUBNET}, {"leftid2", KW_LEFTID2}, {"eap_identity", KW_EAP_IDENTITY}, {"crlcheckinterval", KW_SETUP_DEPRECATED}, + {"dumpdir", KW_SETUP_DEPRECATED}, {"cachecrls", KW_CACHECRLS}, + {"rekeymargin", KW_REKEYMARGIN}, {"rightca2", KW_RIGHTCA2}, {"crluri2", KW_CRLURI2}, {"rightcert2", KW_RIGHTCERT2}, - {"pkcs11initargs", KW_PKCS11_DEPRECATED}, - {"closeaction", KW_CLOSEACTION}, - {"pkcs11module", KW_PKCS11_DEPRECATED}, - {"pkcs11keepstate", KW_PKCS11_DEPRECATED}, {"xauth_identity", KW_XAUTH_IDENTITY}, + {"closeaction", KW_CLOSEACTION}, {"ocspuri2", KW_OCSPURI2}, {"plutostderrlog", KW_SETUP_DEPRECATED}, {"plutostart", KW_SETUP_DEPRECATED}, {"auto", KW_AUTO}, + {"pkcs11initargs", KW_PKCS11_DEPRECATED}, + {"pkcs11module", KW_PKCS11_DEPRECATED}, {"authby", KW_AUTHBY}, + {"pkcs11keepstate", KW_PKCS11_DEPRECATED}, {"dpddelay", KW_DPDDELAY}, {"modeconfig", KW_MODECONFIG}, {"nocrsend", KW_SETUP_DEPRECATED}, {"prepluto", KW_SETUP_DEPRECATED}, - {"pkcs11proxy", KW_PKCS11_DEPRECATED}, {"leftauth2", KW_LEFTAUTH2}, {"postpluto", KW_SETUP_DEPRECATED}, {"auth", KW_AUTH}, {"reauth", KW_REAUTH}, {"xauth", KW_XAUTH}, {"leftauth", KW_LEFTAUTH}, + {"pkcs11proxy", KW_PKCS11_DEPRECATED}, + {"ikedscp", KW_IKEDSCP,}, {"plutodebug", KW_SETUP_DEPRECATED} }; @@ -270,24 +271,24 @@ static const short lookup[] = -1, 21, -1, -1, -1, -1, 22, -1, -1, 23, 24, -1, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, -1, 37, 38, 39, -1, -1, - -1, -1, -1, -1, -1, -1, 40, 41, 42, 43, - 44, 45, 46, 47, 48, -1, -1, -1, 49, 50, - 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, - 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, - 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, - -1, -1, 81, 82, 83, 84, -1, 85, 86, 87, - -1, -1, 88, 89, 90, 91, 92, 93, 94, -1, - 95, 96, -1, 97, -1, -1, -1, 98, -1, 99, - 100, -1, 101, -1, 102, 103, 104, -1, -1, 105, - 106, -1, 107, -1, -1, -1, 108, -1, -1, -1, - -1, -1, 109, -1, -1, -1, -1, -1, -1, -1, - -1, 110, 111, 112, 113, 114, 115, -1, -1, 116, - -1, 117, -1, 118, -1, -1, -1, -1, -1, -1, - 119, 120, -1, -1, 121, -1, -1, -1, -1, -1, - -1, 122, -1, -1, -1, -1, -1, 123, -1, 124, - 125, 126, 127, -1, -1, -1, -1, -1, -1, 128, - -1, -1, -1, 129, -1, -1, -1, 130, -1, -1, - -1, 131, 132, 133, -1, -1, -1, -1, -1, 134 + 40, -1, -1, -1, -1, -1, 41, -1, 42, 43, + 44, 45, 46, 47, 48, -1, -1, -1, -1, 49, + 50, 51, 52, 53, 54, 55, 56, 57, -1, -1, + -1, 58, 59, 60, 61, 62, 63, 64, 65, -1, + 66, 67, 68, 69, 70, 71, 72, -1, -1, 73, + 74, -1, 75, 76, 77, 78, 79, -1, 80, 81, + 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, + 92, -1, -1, 93, -1, -1, 94, 95, -1, 96, + 97, -1, 98, -1, 99, 100, 101, -1, 102, 103, + 104, -1, 105, -1, -1, -1, 106, -1, 107, -1, + -1, -1, 108, -1, -1, -1, 109, -1, -1, -1, + -1, 110, 111, 112, 113, 114, -1, -1, -1, -1, + -1, -1, -1, 115, -1, -1, -1, -1, -1, -1, + 116, 117, -1, -1, 118, -1, -1, -1, 119, -1, + 120, 121, -1, 122, -1, -1, -1, 123, -1, 124, + 125, 126, -1, -1, -1, -1, -1, -1, -1, 127, + -1, -1, -1, 128, -1, -1, -1, 129, -1, -1, + -1, 130, 131, 132, -1, -1, 133, -1, 134, 135 }; #ifdef __GNUC__ diff --git a/src/starter/keywords.h b/src/starter/keywords.h index f776f33c9..4a96a418c 100644 --- a/src/starter/keywords.h +++ b/src/starter/keywords.h @@ -43,6 +43,7 @@ typedef enum { KW_MOBIKE, KW_FORCEENCAPS, KW_FRAGMENTATION, + KW_IKEDSCP, KW_IKELIFETIME, KW_KEYLIFE, KW_REKEYMARGIN, @@ -186,4 +187,3 @@ typedef enum { } kw_token_t; #endif /* _KEYWORDS_H_ */ - diff --git a/src/starter/keywords.txt b/src/starter/keywords.txt index 1f1641287..cd964b0e3 100644 --- a/src/starter/keywords.txt +++ b/src/starter/keywords.txt @@ -41,6 +41,7 @@ aaa_identity, KW_AAA_IDENTITY mobike, KW_MOBIKE forceencaps, KW_FORCEENCAPS fragmentation, KW_FRAGMENTATION +ikedscp, KW_IKEDSCP, ikelifetime, KW_IKELIFETIME lifetime, KW_KEYLIFE keylife, KW_KEYLIFE diff --git a/src/starter/starter.c b/src/starter/starter.c index ae6863fd7..917e52d68 100644 --- a/src/starter/starter.c +++ b/src/starter/starter.c @@ -12,6 +12,8 @@ * for more details. */ +#define _GNU_SOURCE + #include <sys/select.h> #include <sys/types.h> #include <sys/wait.h> @@ -50,6 +52,15 @@ #define CHARON_RESTART_DELAY 5 +static const char* cmd_default = IPSEC_DIR "/charon"; +static const char* pid_file_default = IPSEC_PIDDIR "/charon.pid"; +static const char* starter_pid_file_default = IPSEC_PIDDIR "/starter.pid"; + +char *daemon_name = NULL; +char *cmd = NULL; +char *pid_file = NULL; +char *starter_pid_file = NULL; + /* logging */ static bool log_to_stderr = TRUE; static bool log_to_syslog = TRUE; @@ -162,7 +173,10 @@ static void signal_handler(int signal) { if (pid == starter_charon_pid()) { - name = " (Charon)"; + if (asprintf(&name, " (%s)", daemon_name) < 0) + { + name = NULL; + } } if (WIFSIGNALED(status)) { @@ -193,6 +207,11 @@ static void signal_handler(int signal) starter_charon_sigchild(pid, exit_status); } } + + if (name) + { + free(name); + } } break; @@ -325,11 +344,56 @@ static bool check_pid(char *pid_file) return FALSE; } +/* Set daemon name and adjust command and pid filenames accordingly */ +static bool set_daemon_name() +{ + if (!daemon_name) + { + daemon_name = "charon"; + } + + if (asprintf(&cmd, IPSEC_DIR"/%s", daemon_name) < 0) + { + cmd = (char*)cmd_default; + } + + if (asprintf(&pid_file, IPSEC_PIDDIR"/%s.pid", daemon_name) < 0) + { + pid_file = (char*)pid_file_default; + } + + if (asprintf(&starter_pid_file, IPSEC_PIDDIR"/starter.%s.pid", + daemon_name) < 0) + { + starter_pid_file = (char*)starter_pid_file_default; + } + + return TRUE; +} + +static void cleanup() +{ + if (cmd != cmd_default) + { + free(cmd); + } + + if (pid_file != pid_file_default) + { + free(pid_file); + } + + if (starter_pid_file != starter_pid_file_default) + { + free(starter_pid_file); + } +} + static void usage(char *name) { fprintf(stderr, "Usage: starter [--nofork] [--auto-update <sec>]\n" " [--debug|--debug-more|--debug-all|--nolog]\n" - " [--attach-gdb]\n"); + " [--attach-gdb] [--daemon <name>]\n"); exit(LSB_RC_INVALID_ARGUMENT); } @@ -392,12 +456,22 @@ int main (int argc, char **argv) if (!auto_update) usage(argv[0]); } + else if (streq(argv[i], "--daemon") && i+1 < argc) + { + daemon_name = argv[++i]; + } else { usage(argv[0]); } } + if (!set_daemon_name()) + { + DBG1(DBG_APP, "unable to set daemon name"); + exit(LSB_RC_FAILURE); + } + init_log("ipsec_starter"); DBG1(DBG_APP, "Starting %sSwan "VERSION" IPsec [starter]...", @@ -423,13 +497,14 @@ int main (int argc, char **argv) if (getuid() != 0) { DBG1(DBG_APP, "permission denied (must be superuser)"); + cleanup(); exit(LSB_RC_NOT_ALLOWED); } - if (check_pid(CHARON_PID_FILE)) + if (check_pid(pid_file)) { - DBG1(DBG_APP, "charon is already running (%s exists) -- skipping charon start", - CHARON_PID_FILE); + DBG1(DBG_APP, "%s is already running (%s exists) -- skipping daemon start", + daemon_name, pid_file); } else { @@ -438,12 +513,14 @@ int main (int argc, char **argv) if (stat(DEV_RANDOM, &stb) != 0) { DBG1(DBG_APP, "unable to start strongSwan IPsec -- no %s!", DEV_RANDOM); + cleanup(); exit(LSB_RC_FAILURE); } if (stat(DEV_URANDOM, &stb)!= 0) { DBG1(DBG_APP, "unable to start strongSwan IPsec -- no %s!", DEV_URANDOM); + cleanup(); exit(LSB_RC_FAILURE); } @@ -455,6 +532,7 @@ int main (int argc, char **argv) { confread_free(cfg); } + cleanup(); exit(LSB_RC_INVALID_ARGUMENT); } @@ -471,11 +549,12 @@ int main (int argc, char **argv) last_reload = time_monotonic(NULL); - if (check_pid(STARTER_PID_FILE)) + if (check_pid(starter_pid_file)) { DBG1(DBG_APP, "starter is already running (%s exists) -- no fork done", - STARTER_PID_FILE); + starter_pid_file); confread_free(cfg); + cleanup(); exit(LSB_RC_SUCCESS); } @@ -515,13 +594,14 @@ int main (int argc, char **argv) break; default: confread_free(cfg); + cleanup(); exit(LSB_RC_SUCCESS); } } - /* save pid file in /var/run/starter.pid */ + /* save pid file in /var/run/starter[.daemon_name].pid */ { - FILE *fd = fopen(STARTER_PID_FILE, "w"); + FILE *fd = fopen(starter_pid_file, "w"); if (fd) { @@ -576,7 +656,8 @@ int main (int argc, char **argv) } starter_netkey_cleanup(); confread_free(cfg); - unlink(STARTER_PID_FILE); + unlink(starter_pid_file); + cleanup(); DBG1(DBG_APP, "ipsec starter stopped"); close_log(); exit(LSB_RC_SUCCESS); @@ -709,13 +790,13 @@ int main (int argc, char **argv) } /* - * Start charon + * Start daemon */ if (_action_ & FLAG_ACTION_START_CHARON) { if (cfg->setup.charonstart && !starter_charon_pid()) { - DBG2(DBG_APP, "Attempting to start charon..."); + DBG2(DBG_APP, "Attempting to start %s...", daemon_name); if (starter_start_charon(cfg, no_fork, attach_gdb)) { /* schedule next try */ @@ -807,7 +888,8 @@ int main (int argc, char **argv) /* * Wait for something to happen */ - if (pselect(0, NULL, NULL, NULL, auto_update ? &ts : NULL, + if (!_action_ && + pselect(0, NULL, NULL, NULL, auto_update ? &ts : NULL, &action.sa_mask) == 0) { /* timeout -> auto_update */ diff --git a/src/starter/starterstroke.c b/src/starter/starterstroke.c index 4f9e8fb14..cc447c41f 100644 --- a/src/starter/starterstroke.c +++ b/src/starter/starterstroke.c @@ -146,7 +146,8 @@ static void starter_stroke_add_end(stroke_msg_t *msg, stroke_end_t *msg_end, sta msg_end->tohost = !conn_end->subnet; msg_end->allow_any = conn_end->allow_any; msg_end->protocol = conn_end->protocol; - msg_end->port = conn_end->port; + msg_end->from_port = conn_end->from_port; + msg_end->to_port = conn_end->to_port; } int starter_stroke_add_conn(starter_config_t *cfg, starter_conn_t *conn) @@ -181,6 +182,7 @@ int starter_stroke_add_conn(starter_config_t *cfg, starter_conn_t *conn) msg.add_conn.mobike = conn->options & SA_OPTION_MOBIKE; msg.add_conn.force_encap = conn->options & SA_OPTION_FORCE_ENCAP; msg.add_conn.fragmentation = conn->fragmentation; + msg.add_conn.ikedscp = conn->ikedscp; msg.add_conn.ipcomp = conn->options & SA_OPTION_COMPRESS; msg.add_conn.install_policy = conn->install_policy; msg.add_conn.aggressive = conn->aggressive; @@ -330,4 +332,3 @@ int starter_stroke_configure(starter_config_t *cfg) } return 0; } - |