projects / strongswan.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
fix of the bug fix, courtesy of Robert Varga
[strongswan.git] / src / starter / starter.c
1 /* strongSwan IPsec starter
2 * Copyright (C) 2001-2002 Mathieu Lafon - Arkoon Network Security
3 *
4 * This program is free software; you can redistribute it and/or modify it
5 * under the terms of the GNU General Public License as published by the
6 * Free Software Foundation; either version 2 of the License, or (at your
7 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
8 *
9 * This program is distributed in the hope that it will be useful, but
10 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
11 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
12 * for more details.
13 *
14 * RCSID $Id: starter.c,v 1.23 2006/02/15 18:37:46 as Exp $
15 */
16
17 #include <sys/types.h>
18 #include <sys/wait.h>
19 #include <sys/stat.h>
20 #include <stdlib.h>
21 #include <stdio.h>
22 #include <signal.h>
23 #include <unistd.h>
24 #include <sys/time.h>
25 #include <time.h>
26 #include <string.h>
27 #include <errno.h>
28 #include <fcntl.h>
29
30 #include <freeswan.h>
31
32 #include "../pluto/constants.h"
33 #include "../pluto/defs.h"
34 #include "../pluto/log.h"
35
36 #include "confread.h"
37 #include "files.h"
38 #include "starterwhack.h"
39 #include "starterstroke.h"
40 #include "invokepluto.h"
41 #include "invokecharon.h"
42 #include "netkey.h"
43 #include "cmp.h"
44 #include "interfaces.h"
45
46 #define FLAG_ACTION_START_PLUTO 0x01
47 #define FLAG_ACTION_UPDATE 0x02
48 #define FLAG_ACTION_RELOAD 0x04
49 #define FLAG_ACTION_QUIT 0x08
50 #define FLAG_ACTION_LISTEN 0x10
51 #define FLAG_ACTION_START_CHARON 0x20
52
53 static unsigned int _action_ = 0;
54
55 static void
56 fsig(int signal)
57 {
58 switch (signal)
59 {
60 case SIGCHLD:
61 {
62 int status;
63 pid_t pid;
64 char *name = NULL;
65
66 while ((pid = waitpid(-1, &status, WNOHANG)) > 0)
67 {
68 if (pid == starter_pluto_pid())
69 name = " (Pluto)";
70 if (pid == starter_charon_pid())
71 name = " (Charon)";
72 if (WIFSIGNALED(status))
73 DBG(DBG_CONTROL,
74 DBG_log("child %d%s has been killed by sig %d\n",
75 pid, name?name:"", WTERMSIG(status))
76 )
77 else if (WIFSTOPPED(status))
78 DBG(DBG_CONTROL,
79 DBG_log("child %d%s has been stopped by sig %d\n",
80 pid, name?name:"", WSTOPSIG(status))
81 )
82 else if (WIFEXITED(status))
83 DBG(DBG_CONTROL,
84 DBG_log("child %d%s has quit (exit code %d)\n",
85 pid, name?name:"", WEXITSTATUS(status))
86 )
87 else
88 DBG(DBG_CONTROL,
89 DBG_log("child %d%s has quit", pid, name?name:"")
90 )
91 if (pid == starter_pluto_pid())
92 starter_pluto_sigchild(pid);
93 if (pid == starter_charon_pid())
94 starter_charon_sigchild(pid);
95 }
96 }
97 break;
98
99 case SIGPIPE:
100 /** ignore **/
101 break;
102
103 case SIGALRM:
104 _action_ |= FLAG_ACTION_START_PLUTO;
105 _action_ |= FLAG_ACTION_START_CHARON;
106 break;
107
108 case SIGHUP:
109 _action_ |= FLAG_ACTION_UPDATE;
110 break;
111
112 case SIGTERM:
113 case SIGQUIT:
114 case SIGINT:
115 _action_ |= FLAG_ACTION_QUIT;
116 break;
117
118 case SIGUSR1:
119 _action_ |= FLAG_ACTION_RELOAD;
120 _action_ |= FLAG_ACTION_UPDATE;
121 break;
122
123 default:
124 plog("fsig(): unknown signal %d -- investigate", signal);
125 break;
126 }
127 }
128
129 static void
130 usage(char *name)
131 {
132 fprintf(stderr, "Usage: starter [--nofork] [--auto-update <sec>] "
133 "[--debug|--debug-more|--debug-all]\n");
134 exit(1);
135 }
136
137 int main (int argc, char **argv)
138 {
139 starter_config_t *cfg = NULL;
140 starter_config_t *new_cfg;
141 starter_conn_t *conn, *conn2;
142 starter_ca_t *ca, *ca2;
143
144 struct stat stb;
145
146 char *err = NULL;
147 int i;
148 int id = 1;
149 struct timeval tv;
150 unsigned long auto_update = 0;
151 time_t last_reload;
152 bool no_fork = FALSE;
153
154 /* global variables defined in log.h */
155 log_to_stderr = TRUE;
156 base_debugging = DBG_NONE;
157
158 /* parse command line */
159 for (i = 1; i < argc; i++)
160 {
161 if (streq(argv[i], "--debug"))
162 {
163 base_debugging |= DBG_CONTROL;
164 }
165 else if (streq(argv[i], "--debug-more"))
166 {
167 base_debugging |= DBG_CONTROLMORE;
168 }
169 else if (streq(argv[i], "--debug-all"))
170 {
171 base_debugging |= DBG_ALL;
172 }
173 else if (streq(argv[i], "--nofork"))
174 {
175 no_fork = TRUE;
176 }
177 else if (streq(argv[i], "--auto-update") && i+1 < argc)
178 {
179 auto_update = atoi(argv[++i]);
180 if (!auto_update)
181 usage(argv[0]);
182 }
183 else
184 {
185 usage(argv[0]);
186 }
187 }
188
189 /* Init */
190 init_log("ipsec_starter");
191 cur_debugging = base_debugging;
192
193 signal(SIGHUP, fsig);
194 signal(SIGCHLD, fsig);
195 signal(SIGPIPE, fsig);
196 signal(SIGINT, fsig);
197 signal(SIGTERM, fsig);
198 signal(SIGQUIT, fsig);
199 signal(SIGALRM, fsig);
200 signal(SIGUSR1, fsig);
201
202 plog("Starting strongSwan %s IPsec [starter]...", ipsec_version_code());
203
204 /* verify that we can start */
205 if (getuid() != 0)
206 {
207 plog("permission denied (must be superuser)");
208 exit(1);
209 }
210
211 if (stat(PLUTO_PID_FILE, &stb) == 0)
212 {
213 plog("pluto is already running (%s exists) -- skipping pluto start", PLUTO_PID_FILE);
214 }
215 else
216 {
217 _action_ |= FLAG_ACTION_START_PLUTO;
218 }
219 if (stat(CHARON_PID_FILE, &stb) == 0)
220 {
221 plog("charon is already running (%s exists) -- skipping charon start", CHARON_PID_FILE);
222 }
223 else
224 {
225 _action_ |= FLAG_ACTION_START_CHARON;
226 }
227 if (stat(DEV_RANDOM, &stb) != 0)
228 {
229 plog("unable to start strongSwan IPsec -- no %s!", DEV_RANDOM);
230 exit(1);
231 }
232
233 if (stat(DEV_URANDOM, &stb)!= 0)
234 {
235 plog("unable to start strongSwan IPsec -- no %s!", DEV_URANDOM);
236 exit(1);
237 }
238
239 cfg = confread_load(CONFIG_FILE);
240 if (cfg == NULL || cfg->err > 0)
241 {
242 plog("unable to start strongSwan -- fatal errors in config");
243 if (cfg)
244 {
245 confread_free(cfg);
246 }
247 exit(1);
248 }
249
250 /* determine if we have a native netkey IPsec stack */
251 if (!starter_netkey_init())
252 {
253 plog("no netkey IPSec stack detected");
254 exit(1);
255 }
256
257 last_reload = time(NULL);
258
259 if (stat(STARTER_PID_FILE, &stb) == 0)
260 {
261 plog("starter is already running (%s exists) -- no fork done", STARTER_PID_FILE);
262 exit(0);
263 }
264
265 /* fork if we're not debugging stuff */
266 if (!no_fork)
267 {
268 log_to_stderr = FALSE;
269
270 switch (fork())
271 {
272 case 0:
273 {
274 int fnull = open("/dev/null", O_RDWR);
275
276 if (fnull >= 0)
277 {
278 dup2(fnull, STDIN_FILENO);
279 dup2(fnull, STDOUT_FILENO);
280 dup2(fnull, STDERR_FILENO);
281 close(fnull);
282 }
283 setsid();
284 }
285 break;
286 case -1:
287 plog("can't fork: %s", strerror(errno));
288 break;
289 default:
290 exit(0);
291 }
292 }
293
294 /* save pid file in /var/run/starter.pid */
295 {
296 FILE *fd = fopen(STARTER_PID_FILE, "w");
297
298 if (fd)
299 {
300 fprintf(fd, "%u\n", getpid());
301 fclose(fd);
302 }
303 }
304
305 for (;;)
306 {
307 /*
308 * Stop pluto/charon (if started) and exit
309 */
310 if (_action_ & FLAG_ACTION_QUIT)
311 {
312 if (starter_pluto_pid())
313 starter_stop_pluto();
314 if (starter_charon_pid())
315 starter_stop_charon();
316 starter_netkey_cleanup();
317 confread_free(cfg);
318 unlink(STARTER_PID_FILE);
319 unlink(INFO_FILE);
320 #ifdef LEAK_DETECTIVE
321 report_leaks();
322 #endif /* LEAK_DETECTIVE */
323 close_log();
324 plog("ipsec starter stopped");
325 exit(0);
326 }
327
328 /*
329 * Delete all connections. Will be added below
330 */
331 if (_action_ & FLAG_ACTION_RELOAD)
332 {
333 if (starter_pluto_pid() || starter_charon_pid())
334 {
335 for (conn = cfg->conn_first; conn; conn = conn->next)
336 {
337 if (conn->state == STATE_ADDED)
338 {
339 if (starter_charon_pid())
340 {
341 starter_stroke_del_conn(conn);
342 }
343 if (starter_pluto_pid())
344 {
345 starter_whack_del_conn(conn);
346 }
347 conn->state = STATE_TO_ADD;
348 }
349 }
350 for (ca = cfg->ca_first; ca; ca = ca->next)
351 {
352 if (ca->state == STATE_ADDED)
353 {
354 if (starter_charon_pid())
355 {
356 starter_stroke_del_ca(ca);
357 }
358 if (starter_pluto_pid())
359 {
360 starter_whack_del_ca(ca);
361 }
362 ca->state = STATE_TO_ADD;
363 }
364 }
365 }
366 _action_ &= ~FLAG_ACTION_RELOAD;
367 }
368
369 /*
370 * Update configuration
371 */
372 if (_action_ & FLAG_ACTION_UPDATE)
373 {
374 err = NULL;
375 DBG(DBG_CONTROL,
376 DBG_log("Reloading config...")
377 );
378 new_cfg = confread_load(CONFIG_FILE);
379
380 if (new_cfg->err + new_cfg->non_fatal_err == 0)
381 {
382 /* Switch to new config. New conn will be loaded below */
383 if (!starter_cmp_defaultroute(&new_cfg->defaultroute
384 , &cfg->defaultroute))
385 {
386 _action_ |= FLAG_ACTION_LISTEN;
387 }
388
389 if (!starter_cmp_pluto(cfg, new_cfg))
390 {
391 plog("Pluto has changed");
392 if (starter_pluto_pid())
393 starter_stop_pluto();
394 _action_ &= ~FLAG_ACTION_LISTEN;
395 _action_ |= FLAG_ACTION_START_PLUTO;
396 }
397 else
398 {
399 /* Only reload conn and ca sections if pluto is not killed */
400
401 /* Look for new connections that are already loaded */
402 for (conn = cfg->conn_first; conn; conn = conn->next)
403 {
404 if (conn->state == STATE_ADDED)
405 {
406 for (conn2 = new_cfg->conn_first; conn2; conn2 = conn2->next)
407 {
408 if (conn2->state == STATE_TO_ADD && starter_cmp_conn(conn, conn2))
409 {
410 conn->state = STATE_REPLACED;
411 conn2->state = STATE_ADDED;
412 conn2->id = conn->id;
413 break;
414 }
415 }
416 }
417 }
418
419 /* Remove conn sections that have become unused */
420 for (conn = cfg->conn_first; conn; conn = conn->next)
421 {
422 if (conn->state == STATE_ADDED)
423 {
424 if (starter_charon_pid())
425 {
426 starter_stroke_del_conn(conn);
427 }
428 if (starter_pluto_pid())
429 {
430 starter_whack_del_conn(conn);
431 }
432 }
433 }
434
435 /* Look for new ca sections that are already loaded */
436 for (ca = cfg->ca_first; ca; ca = ca->next)
437 {
438 if (ca->state == STATE_ADDED)
439 {
440 for (ca2 = new_cfg->ca_first; ca2; ca2 = ca2->next)
441 {
442 if (ca2->state == STATE_TO_ADD && starter_cmp_ca(ca, ca2))
443 {
444 ca->state = STATE_REPLACED;
445 ca2->state = STATE_ADDED;
446 break;
447 }
448 }
449 }
450 }
451
452 /* Remove ca sections that have become unused */
453 for (ca = cfg->ca_first; ca; ca = ca->next)
454 {
455 if (ca->state == STATE_ADDED)
456 {
457 if (starter_charon_pid())
458 {
459 starter_stroke_del_ca(ca);
460 }
461 if (starter_pluto_pid())
462 {
463 starter_whack_del_ca(ca);
464 }
465 }
466 }
467 }
468 confread_free(cfg);
469 cfg = new_cfg;
470 }
471 else
472 {
473 plog("can't reload config file due to errors -- keeping old one");
474 confread_free(new_cfg);
475 }
476 _action_ &= ~FLAG_ACTION_UPDATE;
477 last_reload = time(NULL);
478 }
479
480 /*
481 * Start pluto
482 */
483 if (_action_ & FLAG_ACTION_START_PLUTO)
484 {
485 if (cfg->setup.plutostart && !starter_pluto_pid())
486 {
487 DBG(DBG_CONTROL,
488 DBG_log("Attempting to start pluto...")
489 );
490
491 if (starter_start_pluto(cfg, no_fork) == 0)
492 {
493 starter_whack_listen();
494 }
495 else
496 {
497 /* schedule next try */
498 alarm(PLUTO_RESTART_DELAY);
499 }
500 }
501 _action_ &= ~FLAG_ACTION_START_PLUTO;
502
503 for (ca = cfg->ca_first; ca; ca = ca->next)
504 {
505 if (ca->state == STATE_ADDED)
506 ca->state = STATE_TO_ADD;
507 }
508
509 for (conn = cfg->conn_first; conn; conn = conn->next)
510 {
511 if (conn->state == STATE_ADDED)
512 conn->state = STATE_TO_ADD;
513 }
514 }
515
516 /*
517 * Start charon
518 */
519 if (_action_ & FLAG_ACTION_START_CHARON)
520 {
521 if (cfg->setup.charonstart && !starter_charon_pid())
522 {
523 DBG(DBG_CONTROL,
524 DBG_log("Attempting to start charon...")
525 );
526 if (starter_start_charon(cfg, no_fork))
527 {
528 /* schedule next try */
529 alarm(PLUTO_RESTART_DELAY);
530 }
531 }
532 _action_ &= ~FLAG_ACTION_START_CHARON;
533 }
534
535 /*
536 * Tell pluto to reread its interfaces
537 */
538 if (_action_ & FLAG_ACTION_LISTEN)
539 {
540 if (starter_pluto_pid())
541 {
542 starter_whack_listen();
543 _action_ &= ~FLAG_ACTION_LISTEN;
544 }
545 }
546
547 /*
548 * Add stale conn and ca sections
549 */
550 if (starter_pluto_pid() || starter_charon_pid())
551 {
552 for (ca = cfg->ca_first; ca; ca = ca->next)
553 {
554 if (ca->state == STATE_TO_ADD)
555 {
556 if (starter_charon_pid())
557 {
558 starter_stroke_add_ca(ca);
559 }
560 if (starter_pluto_pid())
561 {
562 starter_whack_add_ca(ca);
563 }
564 ca->state = STATE_ADDED;
565 }
566 }
567
568 for (conn = cfg->conn_first; conn; conn = conn->next)
569 {
570 if (conn->state == STATE_TO_ADD)
571 {
572 if (conn->id == 0)
573 {
574 /* affect new unique id */
575 conn->id = id++;
576 }
577 if (starter_charon_pid())
578 {
579 starter_stroke_add_conn(conn);
580 }
581 if (starter_pluto_pid())
582 {
583 starter_whack_add_conn(conn);
584 }
585 conn->state = STATE_ADDED;
586
587 if (conn->startup == STARTUP_START)
588 {
589 if (conn->keyexchange == KEY_EXCHANGE_IKEV2)
590 {
591 if (starter_charon_pid())
592 {
593 starter_stroke_initiate_conn(conn);
594 }
595 }
596 else
597 {
598 if (starter_pluto_pid())
599 {
600 starter_whack_initiate_conn(conn);
601 }
602 }
603 }
604 else if (conn->startup == STARTUP_ROUTE)
605 {
606 if (conn->keyexchange == KEY_EXCHANGE_IKEV2)
607 {
608 if (starter_charon_pid())
609 {
610 starter_stroke_route_conn(conn);
611 }
612 }
613 else
614 {
615 if (starter_pluto_pid())
616 {
617 starter_whack_route_conn(conn);
618 }
619 }
620 }
621 }
622 }
623 }
624
625 /*
626 * If auto_update activated, when to stop select
627 */
628 if (auto_update)
629 {
630 time_t now = time(NULL);
631
632 tv.tv_sec = (now < last_reload + auto_update)
633 ? (last_reload + auto_update-now) : 0;
634 tv.tv_usec = 0;
635 }
636
637 /*
638 * Wait for something to happen
639 */
640 if (select(0, NULL, NULL, NULL, auto_update ? &tv : NULL) == 0)
641 {
642 /* timeout -> auto_update */
643 _action_ |= FLAG_ACTION_UPDATE;
644 }
645 }
646
647 return 0;
648 }
649
strongSwan - IPsec VPN