Merge branch 'enable-fragmentation'
[strongswan.git] / src / starter / starter.c
1 /* strongSwan IPsec starter
2 * Copyright (C) 2001-2002 Mathieu Lafon - Arkoon Network Security
3 *
4 * This program is free software; you can redistribute it and/or modify it
5 * under the terms of the GNU General Public License as published by the
6 * Free Software Foundation; either version 2 of the License, or (at your
7 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
8 *
9 * This program is distributed in the hope that it will be useful, but
10 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
11 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
12 * for more details.
13 */
14
15 #define _GNU_SOURCE
16
17 #include <sys/select.h>
18 #include <sys/types.h>
19 #include <sys/wait.h>
20 #include <sys/stat.h>
21 #include <stdlib.h>
22 #include <stdio.h>
23 #include <signal.h>
24 #include <syslog.h>
25 #include <unistd.h>
26 #include <sys/time.h>
27 #include <time.h>
28 #include <string.h>
29 #include <errno.h>
30 #include <fcntl.h>
31 #include <pwd.h>
32 #include <grp.h>
33 #include <pthread.h>
34
35 #include <library.h>
36 #include <utils/backtrace.h>
37 #include <threading/thread.h>
38 #include <utils/debug.h>
39
40 #include "confread.h"
41 #include "files.h"
42 #include "starterstroke.h"
43 #include "invokecharon.h"
44 #include "netkey.h"
45 #include "klips.h"
46 #include "cmp.h"
47
48 #ifndef LOG_AUTHPRIV
49 #define LOG_AUTHPRIV LOG_AUTH
50 #endif
51
52 #define CHARON_RESTART_DELAY 5
53
54 static const char* cmd_default = IPSEC_DIR "/charon";
55 static const char* pid_file_default = IPSEC_PIDDIR "/charon.pid";
56 static const char* starter_pid_file_default = IPSEC_PIDDIR "/starter.pid";
57
58 char *daemon_name = NULL;
59 char *cmd = NULL;
60 char *pid_file = NULL;
61 char *starter_pid_file = NULL;
62
63 static char *config_file = NULL;
64
65 /* logging */
66 static bool log_to_stderr = TRUE;
67 static bool log_to_syslog = TRUE;
68 static level_t current_loglevel = 1;
69
70 /**
71 * logging function for scepclient
72 */
73 static void starter_dbg(debug_t group, level_t level, char *fmt, ...)
74 {
75 char buffer[8192];
76 char *current = buffer, *next;
77 va_list args;
78
79 if (level <= current_loglevel)
80 {
81 if (log_to_stderr)
82 {
83 va_start(args, fmt);
84 vfprintf(stderr, fmt, args);
85 va_end(args);
86 fprintf(stderr, "\n");
87 }
88 if (log_to_syslog)
89 {
90 /* write in memory buffer first */
91 va_start(args, fmt);
92 vsnprintf(buffer, sizeof(buffer), fmt, args);
93 va_end(args);
94
95 /* do a syslog with every line */
96 while (current)
97 {
98 next = strchr(current, '\n');
99 if (next)
100 {
101 *(next++) = '\0';
102 }
103 syslog(LOG_INFO, "%s\n", current);
104 current = next;
105 }
106 }
107 }
108 }
109
110 /**
111 * Initialize logging to stderr/syslog
112 */
113 static void init_log(const char *program)
114 {
115 dbg = starter_dbg;
116
117 if (log_to_stderr)
118 {
119 setbuf(stderr, NULL);
120 }
121 if (log_to_syslog)
122 {
123 openlog(program, LOG_CONS | LOG_NDELAY | LOG_PID, LOG_AUTHPRIV);
124 }
125 }
126
127 /**
128 * Deinitialize logging to syslog
129 */
130 static void close_log()
131 {
132 if (log_to_syslog)
133 {
134 closelog();
135 }
136 }
137
138 /**
139 * Return codes defined by Linux Standard Base Core Specification 3.1
140 * in section 20.2. Init Script Actions
141 */
142 #define LSB_RC_SUCCESS 0 /* success */
143 #define LSB_RC_FAILURE 1 /* generic or unspecified error */
144 #define LSB_RC_INVALID_ARGUMENT 2 /* invalid or excess argument(s) */
145 #define LSB_RC_NOT_IMPLEMENTED 3 /* unimplemented feature (reload) */
146 #define LSB_RC_NOT_ALLOWED 4 /* user had insufficient privilege */
147 #define LSB_RC_NOT_INSTALLED 5 /* program is not installed */
148 #define LSB_RC_NOT_CONFIGURED 6 /* program is not configured */
149 #define LSB_RC_NOT_RUNNING 7 /* program is not running */
150
151 #define FLAG_ACTION_START_PLUTO 0x01
152 #define FLAG_ACTION_UPDATE 0x02
153 #define FLAG_ACTION_RELOAD 0x04
154 #define FLAG_ACTION_QUIT 0x08
155 #define FLAG_ACTION_LISTEN 0x10
156 #define FLAG_ACTION_START_CHARON 0x20
157
158 static unsigned int _action_ = 0;
159
160 /**
161 * Handle signals in the main thread
162 */
163 static void signal_handler(int signal)
164 {
165 switch (signal)
166 {
167 case SIGCHLD:
168 {
169 int status, exit_status = 0;
170 pid_t pid;
171 char *name = NULL;
172
173 while ((pid = waitpid(-1, &status, WNOHANG)) > 0)
174 {
175 if (pid == starter_charon_pid())
176 {
177 if (asprintf(&name, " (%s)", daemon_name) < 0)
178 {
179 name = NULL;
180 }
181 }
182 if (WIFSIGNALED(status))
183 {
184 DBG2(DBG_APP, "child %d%s has been killed by sig %d\n",
185 pid, name?name:"", WTERMSIG(status));
186 }
187 else if (WIFSTOPPED(status))
188 {
189 DBG2(DBG_APP, "child %d%s has been stopped by sig %d\n",
190 pid, name?name:"", WSTOPSIG(status));
191 }
192 else if (WIFEXITED(status))
193 {
194 exit_status = WEXITSTATUS(status);
195 if (exit_status >= SS_RC_FIRST && exit_status <= SS_RC_LAST)
196 {
197 _action_ = FLAG_ACTION_QUIT;
198 }
199 DBG2(DBG_APP, "child %d%s has quit (exit code %d)\n",
200 pid, name?name:"", exit_status);
201 }
202 else
203 {
204 DBG2(DBG_APP, "child %d%s has quit", pid, name?name:"");
205 }
206 if (pid == starter_charon_pid())
207 {
208 starter_charon_sigchild(pid, exit_status);
209 }
210 }
211
212 if (name)
213 {
214 free(name);
215 }
216 }
217 break;
218
219 case SIGALRM:
220 _action_ |= FLAG_ACTION_START_CHARON;
221 break;
222
223 case SIGHUP:
224 _action_ |= FLAG_ACTION_UPDATE;
225 break;
226
227 case SIGTERM:
228 case SIGQUIT:
229 case SIGINT:
230 _action_ |= FLAG_ACTION_QUIT;
231 break;
232
233 case SIGUSR1:
234 _action_ |= FLAG_ACTION_RELOAD;
235 _action_ |= FLAG_ACTION_UPDATE;
236 break;
237
238 default:
239 DBG1(DBG_APP, "fsig(): unknown signal %d -- investigate", signal);
240 break;
241 }
242 }
243
244 /**
245 * Handle fatal signals raised by threads
246 */
247 static void fatal_signal_handler(int signal)
248 {
249 backtrace_t *backtrace;
250
251 DBG1(DBG_APP, "thread %u received %d", thread_current_id(), signal);
252 backtrace = backtrace_create(2);
253 backtrace->log(backtrace, stderr, TRUE);
254 backtrace->destroy(backtrace);
255
256 DBG1(DBG_APP, "killing ourself, received critical signal");
257 abort();
258 }
259
260 #ifdef GENERATE_SELFCERT
261 static void generate_selfcert()
262 {
263 const char *secrets_file;
264 struct stat stb;
265
266 secrets_file = lib->settings->get_str(lib->settings,
267 "charon.plugins.stroke.secrets_file", SECRETS_FILE);
268
269 /* if ipsec.secrets file is missing then generate RSA default key pair */
270 if (stat(secrets_file, &stb) != 0)
271 {
272 mode_t oldmask;
273 FILE *f;
274 uid_t uid = 0;
275 gid_t gid = 0;
276
277 #ifdef IPSEC_GROUP
278 {
279 char buf[1024];
280 struct group group, *grp;
281
282 if (getgrnam_r(IPSEC_GROUP, &group, buf, sizeof(buf), &grp) == 0 && grp)
283 {
284 gid = grp->gr_gid;
285 }
286 }
287 #endif
288 #ifdef IPSEC_USER
289 {
290 char buf[1024];
291 struct passwd passwd, *pwp;
292
293 if (getpwnam_r(IPSEC_USER, &passwd, buf, sizeof(buf), &pwp) == 0 && pwp)
294 {
295 uid = pwp->pw_uid;
296 }
297 }
298 #endif
299 ignore_result(setegid(gid));
300 ignore_result(seteuid(uid));
301 ignore_result(system(IPSEC_SCRIPT " scepclient --out pkcs1 --out cert-self --quiet"));
302 ignore_result(seteuid(0));
303 ignore_result(setegid(0));
304
305 /* ipsec.secrets is root readable only */
306 oldmask = umask(0066);
307
308 f = fopen(secrets_file, "w");
309 if (f)
310 {
311 fprintf(f, "# /etc/ipsec.secrets - strongSwan IPsec secrets file\n");
312 fprintf(f, "\n");
313 fprintf(f, ": RSA myKey.der\n");
314 fclose(f);
315 }
316 ignore_result(chown(secrets_file, uid, gid));
317 umask(oldmask);
318 }
319 }
320 #endif /* GENERATE_SELFCERT */
321
322 static bool check_pid(char *pid_file)
323 {
324 struct stat stb;
325 FILE *pidfile;
326
327 if (stat(pid_file, &stb) == 0)
328 {
329 pidfile = fopen(pid_file, "r");
330 if (pidfile)
331 {
332 char buf[64];
333 pid_t pid = 0;
334 memset(buf, 0, sizeof(buf));
335 if (fread(buf, 1, sizeof(buf), pidfile))
336 {
337 buf[sizeof(buf) - 1] = '\0';
338 pid = atoi(buf);
339 }
340 fclose(pidfile);
341 if (pid && kill(pid, 0) == 0)
342 { /* such a process is running */
343 return TRUE;
344 }
345 }
346 DBG1(DBG_APP, "removing pidfile '%s', process not running", pid_file);
347 unlink(pid_file);
348 }
349 return FALSE;
350 }
351
352 /* Set daemon name and adjust command and pid filenames accordingly */
353 static bool set_daemon_name()
354 {
355 if (!daemon_name)
356 {
357 daemon_name = "charon";
358 }
359
360 if (asprintf(&cmd, IPSEC_DIR"/%s", daemon_name) < 0)
361 {
362 cmd = (char*)cmd_default;
363 }
364
365 if (asprintf(&pid_file, IPSEC_PIDDIR"/%s.pid", daemon_name) < 0)
366 {
367 pid_file = (char*)pid_file_default;
368 }
369
370 if (asprintf(&starter_pid_file, IPSEC_PIDDIR"/starter.%s.pid",
371 daemon_name) < 0)
372 {
373 starter_pid_file = (char*)starter_pid_file_default;
374 }
375
376 return TRUE;
377 }
378
379 static void cleanup()
380 {
381 if (cmd != cmd_default)
382 {
383 free(cmd);
384 }
385
386 if (pid_file != pid_file_default)
387 {
388 free(pid_file);
389 }
390
391 if (starter_pid_file != starter_pid_file_default)
392 {
393 free(starter_pid_file);
394 }
395 }
396
397 static void usage(char *name)
398 {
399 fprintf(stderr, "Usage: starter [--nofork] [--auto-update <sec>]\n"
400 " [--debug|--debug-more|--debug-all|--nolog]\n"
401 " [--attach-gdb] [--daemon <name>]\n"
402 " [--conf <path to ipsec.conf>]\n");
403 exit(LSB_RC_INVALID_ARGUMENT);
404 }
405
406 int main (int argc, char **argv)
407 {
408 starter_config_t *cfg = NULL;
409 starter_config_t *new_cfg;
410 starter_conn_t *conn, *conn2;
411 starter_ca_t *ca, *ca2;
412
413 struct sigaction action;
414 struct stat stb;
415
416 int i;
417 int id = 1;
418 struct timespec ts;
419 unsigned long auto_update = 0;
420 time_t last_reload;
421 bool no_fork = FALSE;
422 bool attach_gdb = FALSE;
423 bool load_warning = FALSE;
424 bool conftest = FALSE;
425
426 library_init(NULL, "starter");
427 atexit(library_deinit);
428
429 /* parse command line */
430 for (i = 1; i < argc; i++)
431 {
432 if (streq(argv[i], "--debug"))
433 {
434 current_loglevel = 2;
435 }
436 else if (streq(argv[i], "--debug-more"))
437 {
438 current_loglevel = 3;
439 }
440 else if (streq(argv[i], "--debug-all"))
441 {
442 current_loglevel = 4;
443 }
444 else if (streq(argv[i], "--nolog"))
445 {
446 current_loglevel = 0;
447 }
448 else if (streq(argv[i], "--nofork"))
449 {
450 no_fork = TRUE;
451 }
452 else if (streq(argv[i], "--attach-gdb"))
453 {
454 no_fork = TRUE;
455 attach_gdb = TRUE;
456 }
457 else if (streq(argv[i], "--auto-update") && i+1 < argc)
458 {
459 auto_update = atoi(argv[++i]);
460 if (!auto_update)
461 usage(argv[0]);
462 }
463 else if (streq(argv[i], "--daemon") && i+1 < argc)
464 {
465 daemon_name = argv[++i];
466 }
467 else if (streq(argv[i], "--conf") && i+1 < argc)
468 {
469 config_file = argv[++i];
470 }
471 else if (streq(argv[i], "--conftest"))
472 {
473 conftest = TRUE;
474 }
475 else
476 {
477 usage(argv[0]);
478 }
479 }
480
481 if (!set_daemon_name())
482 {
483 DBG1(DBG_APP, "unable to set daemon name");
484 exit(LSB_RC_FAILURE);
485 }
486 if (!config_file)
487 {
488 config_file = lib->settings->get_str(lib->settings,
489 "starter.config_file", CONFIG_FILE);
490 }
491
492 init_log("ipsec_starter");
493
494 if (conftest)
495 {
496 int status = LSB_RC_SUCCESS;
497
498 cfg = confread_load(config_file);
499 if (cfg == NULL || cfg->err > 0)
500 {
501 DBG1(DBG_APP, "config invalid!");
502 status = LSB_RC_INVALID_ARGUMENT;
503 }
504 else
505 {
506 DBG1(DBG_APP, "config OK");
507 }
508 if (cfg)
509 {
510 confread_free(cfg);
511 }
512 cleanup();
513 exit(status);
514 }
515
516 if (stat(cmd, &stb) != 0)
517 {
518 DBG1(DBG_APP, "IKE daemon '%s' not found", cmd);
519 cleanup();
520 exit(LSB_RC_FAILURE);
521 }
522
523 DBG1(DBG_APP, "Starting %sSwan "VERSION" IPsec [starter]...",
524 lib->settings->get_bool(lib->settings,
525 "charon.i_dont_care_about_security_and_use_aggressive_mode_psk",
526 FALSE) ? "weak" : "strong");
527
528 #ifdef LOAD_WARNING
529 load_warning = TRUE;
530 #endif
531
532 if (lib->settings->get_bool(lib->settings, "starter.load_warning", load_warning))
533 {
534 if (lib->settings->get_str(lib->settings, "charon.load", NULL))
535 {
536 DBG1(DBG_APP, "!! Your strongswan.conf contains manual plugin load options for charon.");
537 DBG1(DBG_APP, "!! This is recommended for experts only, see");
538 DBG1(DBG_APP, "!! http://wiki.strongswan.org/projects/strongswan/wiki/PluginLoad");
539 }
540 }
541
542 /* verify that we can start */
543 if (getuid() != 0)
544 {
545 DBG1(DBG_APP, "permission denied (must be superuser)");
546 cleanup();
547 exit(LSB_RC_NOT_ALLOWED);
548 }
549
550 if (check_pid(pid_file))
551 {
552 DBG1(DBG_APP, "%s is already running (%s exists) -- skipping daemon start",
553 daemon_name, pid_file);
554 }
555 else
556 {
557 _action_ |= FLAG_ACTION_START_CHARON;
558 }
559 if (stat(DEV_RANDOM, &stb) != 0)
560 {
561 DBG1(DBG_APP, "unable to start strongSwan IPsec -- no %s!", DEV_RANDOM);
562 cleanup();
563 exit(LSB_RC_FAILURE);
564 }
565
566 if (stat(DEV_URANDOM, &stb)!= 0)
567 {
568 DBG1(DBG_APP, "unable to start strongSwan IPsec -- no %s!", DEV_URANDOM);
569 cleanup();
570 exit(LSB_RC_FAILURE);
571 }
572
573 cfg = confread_load(config_file);
574 if (cfg == NULL || cfg->err > 0)
575 {
576 DBG1(DBG_APP, "unable to start strongSwan -- fatal errors in config");
577 if (cfg)
578 {
579 confread_free(cfg);
580 }
581 cleanup();
582 exit(LSB_RC_INVALID_ARGUMENT);
583 }
584
585 /* determine if we have a native netkey IPsec stack */
586 if (!starter_netkey_init())
587 {
588 DBG1(DBG_APP, "no netkey IPsec stack detected");
589 if (!starter_klips_init())
590 {
591 DBG1(DBG_APP, "no KLIPS IPsec stack detected");
592 DBG1(DBG_APP, "no known IPsec stack detected, ignoring!");
593 }
594 }
595
596 last_reload = time_monotonic(NULL);
597
598 if (check_pid(starter_pid_file))
599 {
600 DBG1(DBG_APP, "starter is already running (%s exists) -- no fork done",
601 starter_pid_file);
602 confread_free(cfg);
603 cleanup();
604 exit(LSB_RC_SUCCESS);
605 }
606
607 #ifdef GENERATE_SELFCERT
608 generate_selfcert();
609 #endif
610
611 /* fork if we're not debugging stuff */
612 if (!no_fork)
613 {
614 log_to_stderr = FALSE;
615
616 switch (fork())
617 {
618 case 0:
619 {
620 int fnull;
621
622 close_log();
623
624 fnull = open("/dev/null", O_RDWR);
625 if (fnull >= 0)
626 {
627 dup2(fnull, STDIN_FILENO);
628 dup2(fnull, STDOUT_FILENO);
629 dup2(fnull, STDERR_FILENO);
630 close(fnull);
631 }
632
633 setsid();
634 init_log("ipsec_starter");
635 }
636 break;
637 case -1:
638 DBG1(DBG_APP, "can't fork: %s", strerror(errno));
639 break;
640 default:
641 confread_free(cfg);
642 cleanup();
643 exit(LSB_RC_SUCCESS);
644 }
645 }
646
647 /* save pid file in /var/run/starter[.daemon_name].pid */
648 {
649 FILE *fd = fopen(starter_pid_file, "w");
650
651 if (fd)
652 {
653 fprintf(fd, "%u\n", getpid());
654 fclose(fd);
655 }
656 }
657
658 /* we handle these signals only in pselect() */
659 memset(&action, 0, sizeof(action));
660 sigemptyset(&action.sa_mask);
661 sigaddset(&action.sa_mask, SIGHUP);
662 sigaddset(&action.sa_mask, SIGINT);
663 sigaddset(&action.sa_mask, SIGTERM);
664 sigaddset(&action.sa_mask, SIGQUIT);
665 sigaddset(&action.sa_mask, SIGALRM);
666 sigaddset(&action.sa_mask, SIGUSR1);
667 pthread_sigmask(SIG_SETMASK, &action.sa_mask, NULL);
668
669 /* install a handler for fatal signals */
670 action.sa_handler = fatal_signal_handler;
671 sigaction(SIGSEGV, &action, NULL);
672 sigaction(SIGILL, &action, NULL);
673 sigaction(SIGBUS, &action, NULL);
674 action.sa_handler = SIG_IGN;
675 sigaction(SIGPIPE, &action, NULL);
676
677 /* install main signal handler */
678 action.sa_handler = signal_handler;
679 sigaction(SIGHUP, &action, NULL);
680 sigaction(SIGINT, &action, NULL);
681 sigaction(SIGTERM, &action, NULL);
682 sigaction(SIGQUIT, &action, NULL);
683 sigaction(SIGALRM, &action, NULL);
684 sigaction(SIGUSR1, &action, NULL);
685 /* this is not blocked above as we want to receive it asynchronously */
686 sigaction(SIGCHLD, &action, NULL);
687
688 /* empty mask for pselect() call below */
689 sigemptyset(&action.sa_mask);
690
691 for (;;)
692 {
693 /*
694 * Stop charon (if started) and exit
695 */
696 if (_action_ & FLAG_ACTION_QUIT)
697 {
698 if (starter_charon_pid())
699 {
700 starter_stop_charon();
701 }
702 confread_free(cfg);
703 unlink(starter_pid_file);
704 cleanup();
705 DBG1(DBG_APP, "ipsec starter stopped");
706 close_log();
707 exit(LSB_RC_SUCCESS);
708 }
709
710 /*
711 * Delete all connections. Will be added below
712 */
713 if (_action_ & FLAG_ACTION_RELOAD)
714 {
715 if (starter_charon_pid())
716 {
717 for (conn = cfg->conn_first; conn; conn = conn->next)
718 {
719 if (conn->state == STATE_ADDED)
720 {
721 if (starter_charon_pid())
722 {
723 if (conn->startup == STARTUP_ROUTE)
724 {
725 starter_stroke_unroute_conn(conn);
726 }
727 starter_stroke_del_conn(conn);
728 }
729 conn->state = STATE_TO_ADD;
730 }
731 }
732 for (ca = cfg->ca_first; ca; ca = ca->next)
733 {
734 if (ca->state == STATE_ADDED)
735 {
736 if (starter_charon_pid())
737 {
738 starter_stroke_del_ca(ca);
739 }
740 ca->state = STATE_TO_ADD;
741 }
742 }
743 }
744 _action_ &= ~FLAG_ACTION_RELOAD;
745 }
746
747 /*
748 * Update configuration
749 */
750 if (_action_ & FLAG_ACTION_UPDATE)
751 {
752 DBG2(DBG_APP, "Reloading config...");
753 new_cfg = confread_load(config_file);
754
755 if (new_cfg && (new_cfg->err == 0))
756 {
757 /* Switch to new config. New conn will be loaded below */
758
759 /* Look for new connections that are already loaded */
760 for (conn = cfg->conn_first; conn; conn = conn->next)
761 {
762 if (conn->state == STATE_ADDED)
763 {
764 for (conn2 = new_cfg->conn_first; conn2; conn2 = conn2->next)
765 {
766 if (conn2->state == STATE_TO_ADD && starter_cmp_conn(conn, conn2))
767 {
768 conn->state = STATE_REPLACED;
769 conn2->state = STATE_ADDED;
770 conn2->id = conn->id;
771 break;
772 }
773 }
774 }
775 }
776
777 /* Remove conn sections that have become unused */
778 for (conn = cfg->conn_first; conn; conn = conn->next)
779 {
780 if (conn->state == STATE_ADDED)
781 {
782 if (starter_charon_pid())
783 {
784 if (conn->startup == STARTUP_ROUTE)
785 {
786 starter_stroke_unroute_conn(conn);
787 }
788 starter_stroke_del_conn(conn);
789 }
790 }
791 }
792
793 /* Look for new ca sections that are already loaded */
794 for (ca = cfg->ca_first; ca; ca = ca->next)
795 {
796 if (ca->state == STATE_ADDED)
797 {
798 for (ca2 = new_cfg->ca_first; ca2; ca2 = ca2->next)
799 {
800 if (ca2->state == STATE_TO_ADD && starter_cmp_ca(ca, ca2))
801 {
802 ca->state = STATE_REPLACED;
803 ca2->state = STATE_ADDED;
804 break;
805 }
806 }
807 }
808 }
809
810 /* Remove ca sections that have become unused */
811 for (ca = cfg->ca_first; ca; ca = ca->next)
812 {
813 if (ca->state == STATE_ADDED)
814 {
815 if (starter_charon_pid())
816 {
817 starter_stroke_del_ca(ca);
818 }
819 }
820 }
821 confread_free(cfg);
822 cfg = new_cfg;
823 }
824 else
825 {
826 DBG1(DBG_APP, "can't reload config file due to errors -- keeping old one");
827 if (new_cfg)
828 {
829 confread_free(new_cfg);
830 }
831 }
832 _action_ &= ~FLAG_ACTION_UPDATE;
833 last_reload = time_monotonic(NULL);
834 }
835
836 /*
837 * Start daemon
838 */
839 if (_action_ & FLAG_ACTION_START_CHARON)
840 {
841 if (!starter_charon_pid())
842 {
843 DBG2(DBG_APP, "Attempting to start %s...", daemon_name);
844 if (starter_start_charon(cfg, no_fork, attach_gdb))
845 {
846 /* schedule next try */
847 alarm(CHARON_RESTART_DELAY);
848 }
849 starter_stroke_configure(cfg);
850 }
851 _action_ &= ~FLAG_ACTION_START_CHARON;
852
853 for (ca = cfg->ca_first; ca; ca = ca->next)
854 {
855 if (ca->state == STATE_ADDED)
856 {
857 ca->state = STATE_TO_ADD;
858 }
859 }
860
861 for (conn = cfg->conn_first; conn; conn = conn->next)
862 {
863 if (conn->state == STATE_ADDED)
864 {
865 conn->state = STATE_TO_ADD;
866 }
867 }
868 }
869
870 /*
871 * Add stale conn and ca sections
872 */
873 if (starter_charon_pid())
874 {
875 for (ca = cfg->ca_first; ca; ca = ca->next)
876 {
877 if (ca->state == STATE_TO_ADD)
878 {
879 if (starter_charon_pid())
880 {
881 starter_stroke_add_ca(ca);
882 }
883 ca->state = STATE_ADDED;
884 }
885 }
886
887 for (conn = cfg->conn_first; conn; conn = conn->next)
888 {
889 if (conn->state == STATE_TO_ADD)
890 {
891 if (conn->id == 0)
892 {
893 /* affect new unique id */
894 conn->id = id++;
895 }
896 if (starter_charon_pid())
897 {
898 starter_stroke_add_conn(cfg, conn);
899 }
900 conn->state = STATE_ADDED;
901
902 if (conn->startup == STARTUP_START)
903 {
904 if (starter_charon_pid())
905 {
906 starter_stroke_initiate_conn(conn);
907 }
908 }
909 else if (conn->startup == STARTUP_ROUTE)
910 {
911 if (starter_charon_pid())
912 {
913 starter_stroke_route_conn(conn);
914 }
915 }
916 }
917 }
918 }
919
920 /*
921 * If auto_update activated, when to stop select
922 */
923 if (auto_update)
924 {
925 time_t now = time_monotonic(NULL);
926
927 ts.tv_sec = (now < last_reload + auto_update) ?
928 (last_reload + auto_update - now) : 0;
929 ts.tv_nsec = 0;
930 }
931
932 /*
933 * Wait for something to happen
934 */
935 if (!_action_ &&
936 pselect(0, NULL, NULL, NULL, auto_update ? &ts : NULL,
937 &action.sa_mask) == 0)
938 {
939 /* timeout -> auto_update */
940 _action_ |= FLAG_ACTION_UPDATE;
941 }
942 }
943 exit(LSB_RC_SUCCESS);
944 }