starter: Migrated logging to libstrongswan.
[strongswan.git] / src / starter / starter.c
1 /* strongSwan IPsec starter
2 * Copyright (C) 2001-2002 Mathieu Lafon - Arkoon Network Security
3 *
4 * This program is free software; you can redistribute it and/or modify it
5 * under the terms of the GNU General Public License as published by the
6 * Free Software Foundation; either version 2 of the License, or (at your
7 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
8 *
9 * This program is distributed in the hope that it will be useful, but
10 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
11 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
12 * for more details.
13 */
14
15 #include <sys/select.h>
16 #include <sys/types.h>
17 #include <sys/wait.h>
18 #include <sys/stat.h>
19 #include <stdlib.h>
20 #include <stdio.h>
21 #include <signal.h>
22 #include <syslog.h>
23 #include <unistd.h>
24 #include <sys/time.h>
25 #include <time.h>
26 #include <string.h>
27 #include <errno.h>
28 #include <fcntl.h>
29 #include <pwd.h>
30 #include <grp.h>
31 #include <pthread.h>
32
33 #include <freeswan.h>
34 #include <library.h>
35 #include <hydra.h>
36 #include <utils/backtrace.h>
37 #include <threading/thread.h>
38 #include <debug.h>
39
40 #include "../pluto/constants.h"
41 #include "../pluto/defs.h"
42
43 #include "confread.h"
44 #include "files.h"
45 #include "starterwhack.h"
46 #include "starterstroke.h"
47 #include "invokepluto.h"
48 #include "invokecharon.h"
49 #include "netkey.h"
50 #include "klips.h"
51 #include "cmp.h"
52 #include "interfaces.h"
53
54 #ifndef LOG_AUTHPRIV
55 #define LOG_AUTHPRIV LOG_AUTH
56 #endif
57
58 /* logging */
59 static bool log_to_stderr = TRUE;
60 static bool log_to_syslog = TRUE;
61 static level_t current_loglevel = 1;
62
63 /**
64 * logging function for scepclient
65 */
66 static void starter_dbg(debug_t group, level_t level, char *fmt, ...)
67 {
68 char buffer[8192];
69 char *current = buffer, *next;
70 va_list args;
71
72 if (level <= current_loglevel)
73 {
74 if (log_to_stderr)
75 {
76 va_start(args, fmt);
77 vfprintf(stderr, fmt, args);
78 va_end(args);
79 fprintf(stderr, "\n");
80 }
81 if (log_to_syslog)
82 {
83 /* write in memory buffer first */
84 va_start(args, fmt);
85 vsnprintf(buffer, sizeof(buffer), fmt, args);
86 va_end(args);
87
88 /* do a syslog with every line */
89 while (current)
90 {
91 next = strchr(current, '\n');
92 if (next)
93 {
94 *(next++) = '\0';
95 }
96 syslog(LOG_INFO, "%s\n", current);
97 current = next;
98 }
99 }
100 }
101 }
102
103 /**
104 * Initialize logging to stderr/syslog
105 */
106 static void init_log(const char *program)
107 {
108 dbg = starter_dbg;
109
110 if (log_to_stderr)
111 {
112 setbuf(stderr, NULL);
113 }
114 if (log_to_syslog)
115 {
116 openlog(program, LOG_CONS | LOG_NDELAY | LOG_PID, LOG_AUTHPRIV);
117 }
118 }
119
120 /**
121 * Deinitialize logging to syslog
122 */
123 static void close_log()
124 {
125 if (log_to_syslog)
126 {
127 closelog();
128 }
129 }
130
131 /**
132 * Return codes defined by Linux Standard Base Core Specification 3.1
133 * in section 20.2. Init Script Actions
134 */
135 #define LSB_RC_SUCCESS 0 /* success */
136 #define LSB_RC_FAILURE 1 /* generic or unspecified error */
137 #define LSB_RC_INVALID_ARGUMENT 2 /* invalid or excess argument(s) */
138 #define LSB_RC_NOT_IMPLEMENTED 3 /* unimplemented feature (reload) */
139 #define LSB_RC_NOT_ALLOWED 4 /* user had insufficient privilege */
140 #define LSB_RC_NOT_INSTALLED 5 /* program is not installed */
141 #define LSB_RC_NOT_CONFIGURED 6 /* program is not configured */
142 #define LSB_RC_NOT_RUNNING 7 /* program is not running */
143
144 #define FLAG_ACTION_START_PLUTO 0x01
145 #define FLAG_ACTION_UPDATE 0x02
146 #define FLAG_ACTION_RELOAD 0x04
147 #define FLAG_ACTION_QUIT 0x08
148 #define FLAG_ACTION_LISTEN 0x10
149 #define FLAG_ACTION_START_CHARON 0x20
150
151 static unsigned int _action_ = 0;
152
153 /**
154 * Handle signals in the main thread
155 */
156 static void signal_handler(int signal)
157 {
158 switch (signal)
159 {
160 case SIGCHLD:
161 {
162 int status, exit_status = 0;
163 pid_t pid;
164 char *name = NULL;
165
166 while ((pid = waitpid(-1, &status, WNOHANG)) > 0)
167 {
168 if (pid == starter_pluto_pid())
169 {
170 name = " (Pluto)";
171 }
172 if (pid == starter_charon_pid())
173 {
174 name = " (Charon)";
175 }
176 if (WIFSIGNALED(status))
177 {
178 DBG2(DBG_APP, "child %d%s has been killed by sig %d\n",
179 pid, name?name:"", WTERMSIG(status));
180 }
181 else if (WIFSTOPPED(status))
182 {
183 DBG2(DBG_APP, "child %d%s has been stopped by sig %d\n",
184 pid, name?name:"", WSTOPSIG(status));
185 }
186 else if (WIFEXITED(status))
187 {
188 exit_status = WEXITSTATUS(status);
189 if (exit_status >= SS_RC_FIRST && exit_status <= SS_RC_LAST)
190 {
191 _action_ = FLAG_ACTION_QUIT;
192 }
193 DBG2(DBG_APP, "child %d%s has quit (exit code %d)\n",
194 pid, name?name:"", exit_status);
195 }
196 else
197 {
198 DBG2(DBG_APP, "child %d%s has quit", pid, name?name:"");
199 }
200 if (pid == starter_pluto_pid())
201 {
202 starter_pluto_sigchild(pid, exit_status);
203 }
204 if (pid == starter_charon_pid())
205 {
206 starter_charon_sigchild(pid, exit_status);
207 }
208 }
209 }
210 break;
211
212 case SIGALRM:
213 _action_ |= FLAG_ACTION_START_PLUTO;
214 _action_ |= FLAG_ACTION_START_CHARON;
215 break;
216
217 case SIGHUP:
218 _action_ |= FLAG_ACTION_UPDATE;
219 break;
220
221 case SIGTERM:
222 case SIGQUIT:
223 case SIGINT:
224 _action_ |= FLAG_ACTION_QUIT;
225 break;
226
227 case SIGUSR1:
228 _action_ |= FLAG_ACTION_RELOAD;
229 _action_ |= FLAG_ACTION_UPDATE;
230 break;
231
232 default:
233 DBG1(DBG_APP, "fsig(): unknown signal %d -- investigate", signal);
234 break;
235 }
236 }
237
238 /**
239 * Handle fatal signals raised by threads
240 */
241 static void fatal_signal_handler(int signal)
242 {
243 backtrace_t *backtrace;
244
245 DBG1(DBG_APP, "thread %u received %d", thread_current_id(), signal);
246 backtrace = backtrace_create(2);
247 backtrace->log(backtrace, stderr, TRUE);
248 backtrace->destroy(backtrace);
249
250 DBG1(DBG_APP, "killing ourself, received critical signal");
251 abort();
252 }
253
254 #ifdef GENERATE_SELFCERT
255 static void generate_selfcert()
256 {
257 struct stat stb;
258
259 /* if ipsec.secrets file is missing then generate RSA default key pair */
260 if (stat(SECRETS_FILE, &stb) != 0)
261 {
262 mode_t oldmask;
263 FILE *f;
264 uid_t uid = 0;
265 gid_t gid = 0;
266
267 #ifdef IPSEC_GROUP
268 {
269 char buf[1024];
270 struct group group, *grp;
271
272 if (getgrnam_r(IPSEC_GROUP, &group, buf, sizeof(buf), &grp) == 0 && grp)
273 {
274 gid = grp->gr_gid;
275 }
276 }
277 #endif
278 #ifdef IPSEC_USER
279 {
280 char buf[1024];
281 struct passwd passwd, *pwp;
282
283 if (getpwnam_r(IPSEC_USER, &passwd, buf, sizeof(buf), &pwp) == 0 && pwp)
284 {
285 uid = pwp->pw_uid;
286 }
287 }
288 #endif
289 setegid(gid);
290 seteuid(uid);
291 ignore_result(system("ipsec scepclient --out pkcs1 --out cert-self --quiet"));
292 seteuid(0);
293 setegid(0);
294
295 /* ipsec.secrets is root readable only */
296 oldmask = umask(0066);
297
298 f = fopen(SECRETS_FILE, "w");
299 if (f)
300 {
301 fprintf(f, "# /etc/ipsec.secrets - strongSwan IPsec secrets file\n");
302 fprintf(f, "\n");
303 fprintf(f, ": RSA myKey.der\n");
304 fclose(f);
305 }
306 ignore_result(chown(SECRETS_FILE, uid, gid));
307 umask(oldmask);
308 }
309 }
310 #endif /* GENERATE_SELFCERT */
311
312 static bool check_pid(char *pid_file)
313 {
314 struct stat stb;
315 FILE *pidfile;
316
317 if (stat(pid_file, &stb) == 0)
318 {
319 pidfile = fopen(pid_file, "r");
320 if (pidfile)
321 {
322 char buf[64];
323 pid_t pid = 0;
324 memset(buf, 0, sizeof(buf));
325 if (fread(buf, 1, sizeof(buf), pidfile))
326 {
327 buf[sizeof(buf) - 1] = '\0';
328 pid = atoi(buf);
329 }
330 fclose(pidfile);
331 if (pid && kill(pid, 0) == 0)
332 { /* such a process is running */
333 return TRUE;
334 }
335 }
336 DBG1(DBG_APP, "removing pidfile '%s', process not running", pid_file);
337 unlink(pid_file);
338 }
339 return FALSE;
340 }
341
342 static void usage(char *name)
343 {
344 fprintf(stderr, "Usage: starter [--nofork] [--auto-update <sec>] "
345 "[--debug|--debug-more|--debug-all]\n");
346 exit(LSB_RC_INVALID_ARGUMENT);
347 }
348
349 int main (int argc, char **argv)
350 {
351 starter_config_t *cfg = NULL;
352 starter_config_t *new_cfg;
353 starter_conn_t *conn, *conn2;
354 starter_ca_t *ca, *ca2;
355
356 struct sigaction action;
357 struct stat stb;
358
359 int i;
360 int id = 1;
361 struct timespec ts;
362 unsigned long auto_update = 0;
363 time_t last_reload;
364 bool no_fork = FALSE;
365 bool attach_gdb = FALSE;
366 bool load_warning = FALSE;
367
368 library_init(NULL);
369 atexit(library_deinit);
370
371 libhydra_init("starter");
372 atexit(libhydra_deinit);
373
374 /* parse command line */
375 for (i = 1; i < argc; i++)
376 {
377 if (streq(argv[i], "--debug"))
378 {
379 current_loglevel = 2;
380 }
381 else if (streq(argv[i], "--debug-more"))
382 {
383 current_loglevel = 3;
384 }
385 else if (streq(argv[i], "--debug-all"))
386 {
387 current_loglevel = 4;
388 }
389 else if (streq(argv[i], "--nofork"))
390 {
391 no_fork = TRUE;
392 }
393 else if (streq(argv[i], "--attach-gdb"))
394 {
395 no_fork = TRUE;
396 attach_gdb = TRUE;
397 }
398 else if (streq(argv[i], "--auto-update") && i+1 < argc)
399 {
400 auto_update = atoi(argv[++i]);
401 if (!auto_update)
402 usage(argv[0]);
403 }
404 else
405 {
406 usage(argv[0]);
407 }
408 }
409
410 init_log("ipsec_starter");
411
412 DBG1(DBG_APP, "Starting strongSwan "VERSION" IPsec [starter]...");
413
414 #ifdef LOAD_WARNING
415 load_warning = TRUE;
416 #endif
417
418 if (lib->settings->get_bool(lib->settings, "starter.load_warning", load_warning))
419 {
420 if (lib->settings->get_str(lib->settings, "charon.load", NULL) ||
421 lib->settings->get_str(lib->settings, "pluto.load", NULL))
422 {
423 DBG1(DBG_APP, "!! Your strongswan.conf contains manual plugin load options for");
424 DBG1(DBG_APP, "!! pluto and/or charon. This is recommended for experts only, see");
425 DBG1(DBG_APP, "!! http://wiki.strongswan.org/projects/strongswan/wiki/PluginLoad");
426 }
427 }
428
429 /* verify that we can start */
430 if (getuid() != 0)
431 {
432 DBG1(DBG_APP, "permission denied (must be superuser)");
433 exit(LSB_RC_NOT_ALLOWED);
434 }
435
436 if (check_pid(PLUTO_PID_FILE))
437 {
438 DBG1(DBG_APP, "pluto is already running (%s exists) -- skipping pluto start",
439 PLUTO_PID_FILE);
440 }
441 else
442 {
443 _action_ |= FLAG_ACTION_START_PLUTO;
444 }
445 if (check_pid(CHARON_PID_FILE))
446 {
447 DBG1(DBG_APP, "charon is already running (%s exists) -- skipping charon start",
448 CHARON_PID_FILE);
449 }
450 else
451 {
452 _action_ |= FLAG_ACTION_START_CHARON;
453 }
454 if (stat(DEV_RANDOM, &stb) != 0)
455 {
456 DBG1(DBG_APP, "unable to start strongSwan IPsec -- no %s!", DEV_RANDOM);
457 exit(LSB_RC_FAILURE);
458 }
459
460 if (stat(DEV_URANDOM, &stb)!= 0)
461 {
462 DBG1(DBG_APP, "unable to start strongSwan IPsec -- no %s!", DEV_URANDOM);
463 exit(LSB_RC_FAILURE);
464 }
465
466 cfg = confread_load(CONFIG_FILE);
467 if (cfg == NULL || cfg->err > 0)
468 {
469 DBG1(DBG_APP, "unable to start strongSwan -- fatal errors in config");
470 if (cfg)
471 {
472 confread_free(cfg);
473 }
474 exit(LSB_RC_INVALID_ARGUMENT);
475 }
476
477 /* determine if we have a native netkey IPsec stack */
478 if (!starter_netkey_init())
479 {
480 DBG1(DBG_APP, "no netkey IPsec stack detected");
481 if (!starter_klips_init())
482 {
483 DBG1(DBG_APP, "no KLIPS IPsec stack detected");
484 DBG1(DBG_APP, "no known IPsec stack detected, ignoring!");
485 }
486 }
487
488 last_reload = time_monotonic(NULL);
489
490 if (check_pid(STARTER_PID_FILE))
491 {
492 DBG1(DBG_APP, "starter is already running (%s exists) -- no fork done",
493 STARTER_PID_FILE);
494 confread_free(cfg);
495 exit(LSB_RC_SUCCESS);
496 }
497
498 #ifdef GENERATE_SELFCERT
499 generate_selfcert();
500 #endif
501
502 /* fork if we're not debugging stuff */
503 if (!no_fork)
504 {
505 log_to_stderr = FALSE;
506
507 switch (fork())
508 {
509 case 0:
510 {
511 int fnull;
512
513 close_log();
514 closefrom(3);
515
516 fnull = open("/dev/null", O_RDWR);
517 if (fnull >= 0)
518 {
519 dup2(fnull, STDIN_FILENO);
520 dup2(fnull, STDOUT_FILENO);
521 dup2(fnull, STDERR_FILENO);
522 close(fnull);
523 }
524
525 setsid();
526 init_log("ipsec_starter");
527 }
528 break;
529 case -1:
530 DBG1(DBG_APP, "can't fork: %s", strerror(errno));
531 break;
532 default:
533 confread_free(cfg);
534 exit(LSB_RC_SUCCESS);
535 }
536 }
537
538 /* save pid file in /var/run/starter.pid */
539 {
540 FILE *fd = fopen(STARTER_PID_FILE, "w");
541
542 if (fd)
543 {
544 fprintf(fd, "%u\n", getpid());
545 fclose(fd);
546 }
547 }
548
549 /* load plugins */
550 if (!lib->plugins->load(lib->plugins, NULL,
551 lib->settings->get_str(lib->settings, "starter.load", PLUGINS)))
552 {
553 exit(LSB_RC_FAILURE);
554 }
555
556 /* we handle these signals only in pselect() */
557 memset(&action, 0, sizeof(action));
558 sigemptyset(&action.sa_mask);
559 sigaddset(&action.sa_mask, SIGHUP);
560 sigaddset(&action.sa_mask, SIGINT);
561 sigaddset(&action.sa_mask, SIGTERM);
562 sigaddset(&action.sa_mask, SIGQUIT);
563 sigaddset(&action.sa_mask, SIGALRM);
564 sigaddset(&action.sa_mask, SIGUSR1);
565 pthread_sigmask(SIG_SETMASK, &action.sa_mask, NULL);
566
567 /* install a handler for fatal signals */
568 action.sa_handler = fatal_signal_handler;
569 sigaction(SIGSEGV, &action, NULL);
570 sigaction(SIGILL, &action, NULL);
571 sigaction(SIGBUS, &action, NULL);
572 action.sa_handler = SIG_IGN;
573 sigaction(SIGPIPE, &action, NULL);
574
575 /* install main signal handler */
576 action.sa_handler = signal_handler;
577 sigaction(SIGHUP, &action, NULL);
578 sigaction(SIGINT, &action, NULL);
579 sigaction(SIGTERM, &action, NULL);
580 sigaction(SIGQUIT, &action, NULL);
581 sigaction(SIGALRM, &action, NULL);
582 sigaction(SIGUSR1, &action, NULL);
583 /* this is not blocked above as we want to receive it asynchronously */
584 sigaction(SIGCHLD, &action, NULL);
585
586 /* empty mask for pselect() call below */
587 sigemptyset(&action.sa_mask);
588
589 for (;;)
590 {
591 /*
592 * Stop pluto/charon (if started) and exit
593 */
594 if (_action_ & FLAG_ACTION_QUIT)
595 {
596 if (starter_pluto_pid())
597 {
598 starter_stop_pluto();
599 }
600 if (starter_charon_pid())
601 {
602 starter_stop_charon();
603 }
604 starter_netkey_cleanup();
605 confread_free(cfg);
606 unlink(STARTER_PID_FILE);
607 DBG1(DBG_APP, "ipsec starter stopped");
608 lib->plugins->unload(lib->plugins);
609 close_log();
610 exit(LSB_RC_SUCCESS);
611 }
612
613 /*
614 * Delete all connections. Will be added below
615 */
616 if (_action_ & FLAG_ACTION_RELOAD)
617 {
618 if (starter_pluto_pid() || starter_charon_pid())
619 {
620 for (conn = cfg->conn_first; conn; conn = conn->next)
621 {
622 if (conn->state == STATE_ADDED)
623 {
624 if (starter_charon_pid())
625 {
626 starter_stroke_del_conn(conn);
627 }
628 if (starter_pluto_pid())
629 {
630 starter_whack_del_conn(conn);
631 }
632 conn->state = STATE_TO_ADD;
633 }
634 }
635 for (ca = cfg->ca_first; ca; ca = ca->next)
636 {
637 if (ca->state == STATE_ADDED)
638 {
639 if (starter_charon_pid())
640 {
641 starter_stroke_del_ca(ca);
642 }
643 if (starter_pluto_pid())
644 {
645 starter_whack_del_ca(ca);
646 }
647 ca->state = STATE_TO_ADD;
648 }
649 }
650 }
651 _action_ &= ~FLAG_ACTION_RELOAD;
652 }
653
654 /*
655 * Update configuration
656 */
657 if (_action_ & FLAG_ACTION_UPDATE)
658 {
659 DBG2(DBG_APP, "Reloading config...");
660 new_cfg = confread_load(CONFIG_FILE);
661
662 if (new_cfg && (new_cfg->err + new_cfg->non_fatal_err == 0))
663 {
664 /* Switch to new config. New conn will be loaded below */
665 if (!starter_cmp_defaultroute(&new_cfg->defaultroute
666 , &cfg->defaultroute))
667 {
668 _action_ |= FLAG_ACTION_LISTEN;
669 }
670
671 if (!starter_cmp_pluto(cfg, new_cfg))
672 {
673 DBG1(DBG_APP, "Pluto has changed");
674 if (starter_pluto_pid())
675 starter_stop_pluto();
676 _action_ &= ~FLAG_ACTION_LISTEN;
677 _action_ |= FLAG_ACTION_START_PLUTO;
678 }
679 else
680 {
681 /* Only reload conn and ca sections if pluto is not killed */
682
683 /* Look for new connections that are already loaded */
684 for (conn = cfg->conn_first; conn; conn = conn->next)
685 {
686 if (conn->state == STATE_ADDED)
687 {
688 for (conn2 = new_cfg->conn_first; conn2; conn2 = conn2->next)
689 {
690 if (conn2->state == STATE_TO_ADD && starter_cmp_conn(conn, conn2))
691 {
692 conn->state = STATE_REPLACED;
693 conn2->state = STATE_ADDED;
694 conn2->id = conn->id;
695 break;
696 }
697 }
698 }
699 }
700
701 /* Remove conn sections that have become unused */
702 for (conn = cfg->conn_first; conn; conn = conn->next)
703 {
704 if (conn->state == STATE_ADDED)
705 {
706 if (starter_charon_pid())
707 {
708 starter_stroke_del_conn(conn);
709 }
710 if (starter_pluto_pid())
711 {
712 starter_whack_del_conn(conn);
713 }
714 }
715 }
716
717 /* Look for new ca sections that are already loaded */
718 for (ca = cfg->ca_first; ca; ca = ca->next)
719 {
720 if (ca->state == STATE_ADDED)
721 {
722 for (ca2 = new_cfg->ca_first; ca2; ca2 = ca2->next)
723 {
724 if (ca2->state == STATE_TO_ADD && starter_cmp_ca(ca, ca2))
725 {
726 ca->state = STATE_REPLACED;
727 ca2->state = STATE_ADDED;
728 break;
729 }
730 }
731 }
732 }
733
734 /* Remove ca sections that have become unused */
735 for (ca = cfg->ca_first; ca; ca = ca->next)
736 {
737 if (ca->state == STATE_ADDED)
738 {
739 if (starter_charon_pid())
740 {
741 starter_stroke_del_ca(ca);
742 }
743 if (starter_pluto_pid())
744 {
745 starter_whack_del_ca(ca);
746 }
747 }
748 }
749 }
750 confread_free(cfg);
751 cfg = new_cfg;
752 }
753 else
754 {
755 DBG1(DBG_APP, "can't reload config file due to errors -- keeping old one");
756 if (new_cfg)
757 {
758 confread_free(new_cfg);
759 }
760 }
761 _action_ &= ~FLAG_ACTION_UPDATE;
762 last_reload = time_monotonic(NULL);
763 }
764
765 /*
766 * Start pluto
767 */
768 if (_action_ & FLAG_ACTION_START_PLUTO)
769 {
770 if (cfg->setup.plutostart && !starter_pluto_pid())
771 {
772 DBG2(DBG_APP, "Attempting to start pluto...");
773
774 if (starter_start_pluto(cfg, no_fork, attach_gdb) == 0)
775 {
776 starter_whack_listen();
777 }
778 else
779 {
780 /* schedule next try */
781 alarm(PLUTO_RESTART_DELAY);
782 }
783 }
784 _action_ &= ~FLAG_ACTION_START_PLUTO;
785
786 for (ca = cfg->ca_first; ca; ca = ca->next)
787 {
788 if (ca->state == STATE_ADDED)
789 ca->state = STATE_TO_ADD;
790 }
791
792 for (conn = cfg->conn_first; conn; conn = conn->next)
793 {
794 if (conn->state == STATE_ADDED)
795 conn->state = STATE_TO_ADD;
796 }
797 }
798
799 /*
800 * Start charon
801 */
802 if (_action_ & FLAG_ACTION_START_CHARON)
803 {
804 if (cfg->setup.charonstart && !starter_charon_pid())
805 {
806 DBG2(DBG_APP, "Attempting to start charon...");
807 if (starter_start_charon(cfg, no_fork, attach_gdb))
808 {
809 /* schedule next try */
810 alarm(PLUTO_RESTART_DELAY);
811 }
812 starter_stroke_configure(cfg);
813 }
814 _action_ &= ~FLAG_ACTION_START_CHARON;
815 }
816
817 /*
818 * Tell pluto to reread its interfaces
819 */
820 if (_action_ & FLAG_ACTION_LISTEN)
821 {
822 if (starter_pluto_pid())
823 {
824 starter_whack_listen();
825 _action_ &= ~FLAG_ACTION_LISTEN;
826 }
827 }
828
829 /*
830 * Add stale conn and ca sections
831 */
832 if (starter_pluto_pid() || starter_charon_pid())
833 {
834 for (ca = cfg->ca_first; ca; ca = ca->next)
835 {
836 if (ca->state == STATE_TO_ADD)
837 {
838 if (starter_charon_pid())
839 {
840 starter_stroke_add_ca(ca);
841 }
842 if (starter_pluto_pid())
843 {
844 starter_whack_add_ca(ca);
845 }
846 ca->state = STATE_ADDED;
847 }
848 }
849
850 for (conn = cfg->conn_first; conn; conn = conn->next)
851 {
852 if (conn->state == STATE_TO_ADD)
853 {
854 if (conn->id == 0)
855 {
856 /* affect new unique id */
857 conn->id = id++;
858 }
859 if (starter_charon_pid())
860 {
861 starter_stroke_add_conn(cfg, conn);
862 }
863 if (starter_pluto_pid())
864 {
865 starter_whack_add_conn(conn);
866 }
867 conn->state = STATE_ADDED;
868
869 if (conn->startup == STARTUP_START)
870 {
871 if (starter_charon_pid())
872 {
873 starter_stroke_initiate_conn(conn);
874 }
875 if (conn->keyexchange == KEY_EXCHANGE_IKEV1)
876 {
877 if (starter_pluto_pid())
878 {
879 starter_whack_initiate_conn(conn);
880 }
881 }
882 }
883 else if (conn->startup == STARTUP_ROUTE)
884 {
885 if (starter_charon_pid())
886 {
887 starter_stroke_route_conn(conn);
888 }
889 if (conn->keyexchange == KEY_EXCHANGE_IKEV1)
890 {
891 if (starter_pluto_pid())
892 {
893 starter_whack_route_conn(conn);
894 }
895 }
896 }
897 }
898 }
899 }
900
901 /*
902 * If auto_update activated, when to stop select
903 */
904 if (auto_update)
905 {
906 time_t now = time_monotonic(NULL);
907
908 ts.tv_sec = (now < last_reload + auto_update) ?
909 (last_reload + auto_update - now) : 0;
910 ts.tv_nsec = 0;
911 }
912
913 /*
914 * Wait for something to happen
915 */
916 if (pselect(0, NULL, NULL, NULL, auto_update ? &ts : NULL,
917 &action.sa_mask) == 0)
918 {
919 /* timeout -> auto_update */
920 _action_ |= FLAG_ACTION_UPDATE;
921 }
922 }
923 exit(LSB_RC_SUCCESS);
924 }
925