generation of default key
[strongswan.git] / src / starter / invokecharon.c
1 /* strongSwan charon launcher
2 * Copyright (C) 2001-2002 Mathieu Lafon - Arkoon Network Security
3 * Copyright (C) 2006 Martin Willi - Hochschule fuer Technik Rapperswil
4 *
5 * Ported from invokepluto.c to fit charons needs.
6 *
7 * This program is free software; you can redistribute it and/or modify it
8 * under the terms of the GNU General Public License as published by the
9 * Free Software Foundation; either version 2 of the License, or (at your
10 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
11 *
12 * This program is distributed in the hope that it will be useful, but
13 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
14 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
15 * for more details.
16 *
17 * RCSID $Id: invokecharon.c $
18 */
19
20 #include <sys/types.h>
21 #include <sys/stat.h>
22 #include <unistd.h>
23 #include <signal.h>
24 #include <string.h>
25 #include <stdlib.h>
26 #include <errno.h>
27
28 #include <freeswan.h>
29
30 #include "../pluto/constants.h"
31 #include "../pluto/defs.h"
32 #include "../pluto/log.h"
33
34 #include "confread.h"
35 #include "invokecharon.h"
36 #include "files.h"
37
38 static int _charon_pid = 0;
39 static int _stop_requested;
40
41 pid_t
42 starter_charon_pid(void)
43 {
44 return _charon_pid;
45 }
46
47 void
48 starter_charon_sigchild(pid_t pid)
49 {
50 if (pid == _charon_pid)
51 {
52 _charon_pid = 0;
53 if (!_stop_requested)
54 {
55 plog("charon has died -- restart scheduled (%dsec)"
56 , CHARON_RESTART_DELAY);
57 alarm(CHARON_RESTART_DELAY); // restart in 5 sec
58 }
59 unlink(CHARON_PID_FILE);
60 }
61 }
62
63 int
64 starter_stop_charon (void)
65 {
66 pid_t pid;
67 int i;
68
69 pid = _charon_pid;
70 if (pid)
71 {
72 _stop_requested = 1;
73
74 /* be more and more aggressive */
75 for (i = 0; i < 20 && (pid = _charon_pid) != 0; i++)
76 {
77 if (i == 0)
78 kill(pid, SIGINT);
79 else if (i < 10)
80 kill(pid, SIGTERM);
81 else
82 kill(pid, SIGKILL);
83 usleep(20000);
84 }
85 if (_charon_pid == 0)
86 return 0;
87 plog("starter_stop_charon(): can't stop charon !!!");
88 return -1;
89 }
90 else
91 {
92 plog("stater_stop_charon(): charon is not started...");
93 }
94 return -1;
95 }
96
97
98 int
99 starter_start_charon (starter_config_t *cfg, bool debug)
100 {
101 int pid, i;
102 struct stat stb;
103 int argc = 1;
104 char *arg[] = {
105 CHARON_CMD, NULL, NULL, NULL
106 };
107
108 if (!debug)
109 {
110 arg[argc++] = "--use-syslog";
111 }
112 if (cfg->setup.strictcrlpolicy)
113 {
114 arg[argc++] = "--strictcrlpolicy";
115 }
116
117 if (_charon_pid)
118 {
119 plog("starter_start_charon(): charon already started...");
120 return -1;
121 }
122 else
123 {
124 unlink(CHARON_CTL_FILE);
125 _stop_requested = 0;
126
127 /* if ipsec.secrets file is missing then generate RSA default key pair */
128 if (stat(SECRETS_FILE, &stb) != 0)
129 {
130 mode_t oldmask;
131 FILE *f;
132
133 plog("no %s file, generating RSA key", SECRETS_FILE);
134 system("ipsec scepclient --out pkcs1 --out cert-self --quiet");
135
136 /* ipsec.secrets is root readable only */
137 oldmask = umask(0066);
138
139 f = fopen(SECRETS_FILE, "w");
140 if (f)
141 {
142 fprintf(f, "# /etc/ipsec.secrets - strongSwan IPsec secrets file\n");
143 fprintf(f, "\n");
144 fprintf(f, ": RSA myKey.der\n");
145 fclose(f);
146 }
147 umask(oldmask);
148 }
149
150 pid = fork();
151 switch (pid)
152 {
153 case -1:
154 plog("can't fork(): %s", strerror(errno));
155 return -1;
156 case 0:
157 /* child */
158 setsid();
159 sigprocmask(SIG_SETMASK, 0, NULL);
160 execv(arg[0], arg);
161 plog("can't execv(%s,...): %s", arg[0], strerror(errno));
162 exit(1);
163 default:
164 /* father */
165 _charon_pid = pid;
166 for (i = 0; i < 50 && _charon_pid; i++)
167 {
168 /* wait for charon */
169 usleep(20000);
170 if (stat(CHARON_PID_FILE, &stb) == 0)
171 {
172 DBG(DBG_CONTROL,
173 DBG_log("charon (%d) started", _charon_pid)
174 )
175 return 0;
176 }
177 }
178 if (_charon_pid)
179 {
180 /* If charon is started but with no ctl file, stop it */
181 plog("charon too long to start... - kill kill");
182 for (i = 0; i < 20 && (pid = _charon_pid) != 0; i++)
183 {
184 if (i == 0)
185 kill(pid, SIGINT);
186 else if (i < 10)
187 kill(pid, SIGTERM);
188 else
189 kill(pid, SIGKILL);
190 usleep(20000);
191 }
192 }
193 else
194 {
195 plog("charon refused to be started");
196 }
197 return -1;
198 }
199 }
200 return -1;
201 }