Merge branch 'starter-kernel-flush'
[strongswan.git] / src / starter / starter.c
1 /* strongSwan IPsec starter
2 * Copyright (C) 2001-2002 Mathieu Lafon - Arkoon Network Security
3 *
4 * This program is free software; you can redistribute it and/or modify it
5 * under the terms of the GNU General Public License as published by the
6 * Free Software Foundation; either version 2 of the License, or (at your
7 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
8 *
9 * This program is distributed in the hope that it will be useful, but
10 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
11 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
12 * for more details.
13 */
14
15 #define _GNU_SOURCE
16
17 #include <sys/select.h>
18 #include <sys/types.h>
19 #include <sys/wait.h>
20 #include <sys/stat.h>
21 #include <stdlib.h>
22 #include <stdio.h>
23 #include <signal.h>
24 #include <syslog.h>
25 #include <unistd.h>
26 #include <sys/time.h>
27 #include <time.h>
28 #include <string.h>
29 #include <errno.h>
30 #include <fcntl.h>
31 #include <pwd.h>
32 #include <grp.h>
33 #include <pthread.h>
34
35 #include <library.h>
36 #include <hydra.h>
37 #include <utils/backtrace.h>
38 #include <threading/thread.h>
39 #include <utils/debug.h>
40
41 #include "confread.h"
42 #include "files.h"
43 #include "starterstroke.h"
44 #include "invokecharon.h"
45 #include "netkey.h"
46 #include "klips.h"
47 #include "cmp.h"
48
49 #ifndef LOG_AUTHPRIV
50 #define LOG_AUTHPRIV LOG_AUTH
51 #endif
52
53 #define CHARON_RESTART_DELAY 5
54
55 static const char* cmd_default = IPSEC_DIR "/charon";
56 static const char* pid_file_default = IPSEC_PIDDIR "/charon.pid";
57 static const char* starter_pid_file_default = IPSEC_PIDDIR "/starter.pid";
58
59 char *daemon_name = NULL;
60 char *cmd = NULL;
61 char *pid_file = NULL;
62 char *starter_pid_file = NULL;
63
64 static char *config_file = NULL;
65
66 /* logging */
67 static bool log_to_stderr = TRUE;
68 static bool log_to_syslog = TRUE;
69 static level_t current_loglevel = 1;
70
71 /**
72 * logging function for scepclient
73 */
74 static void starter_dbg(debug_t group, level_t level, char *fmt, ...)
75 {
76 char buffer[8192];
77 char *current = buffer, *next;
78 va_list args;
79
80 if (level <= current_loglevel)
81 {
82 if (log_to_stderr)
83 {
84 va_start(args, fmt);
85 vfprintf(stderr, fmt, args);
86 va_end(args);
87 fprintf(stderr, "\n");
88 }
89 if (log_to_syslog)
90 {
91 /* write in memory buffer first */
92 va_start(args, fmt);
93 vsnprintf(buffer, sizeof(buffer), fmt, args);
94 va_end(args);
95
96 /* do a syslog with every line */
97 while (current)
98 {
99 next = strchr(current, '\n');
100 if (next)
101 {
102 *(next++) = '\0';
103 }
104 syslog(LOG_INFO, "%s\n", current);
105 current = next;
106 }
107 }
108 }
109 }
110
111 /**
112 * Initialize logging to stderr/syslog
113 */
114 static void init_log(const char *program)
115 {
116 dbg = starter_dbg;
117
118 if (log_to_stderr)
119 {
120 setbuf(stderr, NULL);
121 }
122 if (log_to_syslog)
123 {
124 openlog(program, LOG_CONS | LOG_NDELAY | LOG_PID, LOG_AUTHPRIV);
125 }
126 }
127
128 /**
129 * Deinitialize logging to syslog
130 */
131 static void close_log()
132 {
133 if (log_to_syslog)
134 {
135 closelog();
136 }
137 }
138
139 /**
140 * Return codes defined by Linux Standard Base Core Specification 3.1
141 * in section 20.2. Init Script Actions
142 */
143 #define LSB_RC_SUCCESS 0 /* success */
144 #define LSB_RC_FAILURE 1 /* generic or unspecified error */
145 #define LSB_RC_INVALID_ARGUMENT 2 /* invalid or excess argument(s) */
146 #define LSB_RC_NOT_IMPLEMENTED 3 /* unimplemented feature (reload) */
147 #define LSB_RC_NOT_ALLOWED 4 /* user had insufficient privilege */
148 #define LSB_RC_NOT_INSTALLED 5 /* program is not installed */
149 #define LSB_RC_NOT_CONFIGURED 6 /* program is not configured */
150 #define LSB_RC_NOT_RUNNING 7 /* program is not running */
151
152 #define FLAG_ACTION_START_PLUTO 0x01
153 #define FLAG_ACTION_UPDATE 0x02
154 #define FLAG_ACTION_RELOAD 0x04
155 #define FLAG_ACTION_QUIT 0x08
156 #define FLAG_ACTION_LISTEN 0x10
157 #define FLAG_ACTION_START_CHARON 0x20
158
159 static unsigned int _action_ = 0;
160
161 /**
162 * Handle signals in the main thread
163 */
164 static void signal_handler(int signal)
165 {
166 switch (signal)
167 {
168 case SIGCHLD:
169 {
170 int status, exit_status = 0;
171 pid_t pid;
172 char *name = NULL;
173
174 while ((pid = waitpid(-1, &status, WNOHANG)) > 0)
175 {
176 if (pid == starter_charon_pid())
177 {
178 if (asprintf(&name, " (%s)", daemon_name) < 0)
179 {
180 name = NULL;
181 }
182 }
183 if (WIFSIGNALED(status))
184 {
185 DBG2(DBG_APP, "child %d%s has been killed by sig %d\n",
186 pid, name?name:"", WTERMSIG(status));
187 }
188 else if (WIFSTOPPED(status))
189 {
190 DBG2(DBG_APP, "child %d%s has been stopped by sig %d\n",
191 pid, name?name:"", WSTOPSIG(status));
192 }
193 else if (WIFEXITED(status))
194 {
195 exit_status = WEXITSTATUS(status);
196 if (exit_status >= SS_RC_FIRST && exit_status <= SS_RC_LAST)
197 {
198 _action_ = FLAG_ACTION_QUIT;
199 }
200 DBG2(DBG_APP, "child %d%s has quit (exit code %d)\n",
201 pid, name?name:"", exit_status);
202 }
203 else
204 {
205 DBG2(DBG_APP, "child %d%s has quit", pid, name?name:"");
206 }
207 if (pid == starter_charon_pid())
208 {
209 starter_charon_sigchild(pid, exit_status);
210 }
211 }
212
213 if (name)
214 {
215 free(name);
216 }
217 }
218 break;
219
220 case SIGALRM:
221 _action_ |= FLAG_ACTION_START_CHARON;
222 break;
223
224 case SIGHUP:
225 _action_ |= FLAG_ACTION_UPDATE;
226 break;
227
228 case SIGTERM:
229 case SIGQUIT:
230 case SIGINT:
231 _action_ |= FLAG_ACTION_QUIT;
232 break;
233
234 case SIGUSR1:
235 _action_ |= FLAG_ACTION_RELOAD;
236 _action_ |= FLAG_ACTION_UPDATE;
237 break;
238
239 default:
240 DBG1(DBG_APP, "fsig(): unknown signal %d -- investigate", signal);
241 break;
242 }
243 }
244
245 /**
246 * Handle fatal signals raised by threads
247 */
248 static void fatal_signal_handler(int signal)
249 {
250 backtrace_t *backtrace;
251
252 DBG1(DBG_APP, "thread %u received %d", thread_current_id(), signal);
253 backtrace = backtrace_create(2);
254 backtrace->log(backtrace, stderr, TRUE);
255 backtrace->destroy(backtrace);
256
257 DBG1(DBG_APP, "killing ourself, received critical signal");
258 abort();
259 }
260
261 #ifdef GENERATE_SELFCERT
262 static void generate_selfcert()
263 {
264 const char *secrets_file;
265 struct stat stb;
266
267 secrets_file = lib->settings->get_str(lib->settings,
268 "charon.plugins.stroke.secrets_file", SECRETS_FILE);
269
270 /* if ipsec.secrets file is missing then generate RSA default key pair */
271 if (stat(secrets_file, &stb) != 0)
272 {
273 mode_t oldmask;
274 FILE *f;
275 uid_t uid = 0;
276 gid_t gid = 0;
277
278 #ifdef IPSEC_GROUP
279 {
280 char buf[1024];
281 struct group group, *grp;
282
283 if (getgrnam_r(IPSEC_GROUP, &group, buf, sizeof(buf), &grp) == 0 && grp)
284 {
285 gid = grp->gr_gid;
286 }
287 }
288 #endif
289 #ifdef IPSEC_USER
290 {
291 char buf[1024];
292 struct passwd passwd, *pwp;
293
294 if (getpwnam_r(IPSEC_USER, &passwd, buf, sizeof(buf), &pwp) == 0 && pwp)
295 {
296 uid = pwp->pw_uid;
297 }
298 }
299 #endif
300 ignore_result(setegid(gid));
301 ignore_result(seteuid(uid));
302 ignore_result(system(IPSEC_SCRIPT " scepclient --out pkcs1 --out cert-self --quiet"));
303 ignore_result(seteuid(0));
304 ignore_result(setegid(0));
305
306 /* ipsec.secrets is root readable only */
307 oldmask = umask(0066);
308
309 f = fopen(secrets_file, "w");
310 if (f)
311 {
312 fprintf(f, "# /etc/ipsec.secrets - strongSwan IPsec secrets file\n");
313 fprintf(f, "\n");
314 fprintf(f, ": RSA myKey.der\n");
315 fclose(f);
316 }
317 ignore_result(chown(secrets_file, uid, gid));
318 umask(oldmask);
319 }
320 }
321 #endif /* GENERATE_SELFCERT */
322
323 static bool check_pid(char *pid_file)
324 {
325 struct stat stb;
326 FILE *pidfile;
327
328 if (stat(pid_file, &stb) == 0)
329 {
330 pidfile = fopen(pid_file, "r");
331 if (pidfile)
332 {
333 char buf[64];
334 pid_t pid = 0;
335 memset(buf, 0, sizeof(buf));
336 if (fread(buf, 1, sizeof(buf), pidfile))
337 {
338 buf[sizeof(buf) - 1] = '\0';
339 pid = atoi(buf);
340 }
341 fclose(pidfile);
342 if (pid && kill(pid, 0) == 0)
343 { /* such a process is running */
344 return TRUE;
345 }
346 }
347 DBG1(DBG_APP, "removing pidfile '%s', process not running", pid_file);
348 unlink(pid_file);
349 }
350 return FALSE;
351 }
352
353 /* Set daemon name and adjust command and pid filenames accordingly */
354 static bool set_daemon_name()
355 {
356 if (!daemon_name)
357 {
358 daemon_name = "charon";
359 }
360
361 if (asprintf(&cmd, IPSEC_DIR"/%s", daemon_name) < 0)
362 {
363 cmd = (char*)cmd_default;
364 }
365
366 if (asprintf(&pid_file, IPSEC_PIDDIR"/%s.pid", daemon_name) < 0)
367 {
368 pid_file = (char*)pid_file_default;
369 }
370
371 if (asprintf(&starter_pid_file, IPSEC_PIDDIR"/starter.%s.pid",
372 daemon_name) < 0)
373 {
374 starter_pid_file = (char*)starter_pid_file_default;
375 }
376
377 return TRUE;
378 }
379
380 static void cleanup()
381 {
382 if (cmd != cmd_default)
383 {
384 free(cmd);
385 }
386
387 if (pid_file != pid_file_default)
388 {
389 free(pid_file);
390 }
391
392 if (starter_pid_file != starter_pid_file_default)
393 {
394 free(starter_pid_file);
395 }
396 }
397
398 static void usage(char *name)
399 {
400 fprintf(stderr, "Usage: starter [--nofork] [--auto-update <sec>]\n"
401 " [--debug|--debug-more|--debug-all|--nolog]\n"
402 " [--attach-gdb] [--daemon <name>]\n"
403 " [--conf <path to ipsec.conf>]\n");
404 exit(LSB_RC_INVALID_ARGUMENT);
405 }
406
407 int main (int argc, char **argv)
408 {
409 starter_config_t *cfg = NULL;
410 starter_config_t *new_cfg;
411 starter_conn_t *conn, *conn2;
412 starter_ca_t *ca, *ca2;
413
414 struct sigaction action;
415 struct stat stb;
416
417 int i;
418 int id = 1;
419 struct timespec ts;
420 unsigned long auto_update = 0;
421 time_t last_reload;
422 bool no_fork = FALSE;
423 bool attach_gdb = FALSE;
424 bool load_warning = FALSE;
425 bool conftest = FALSE;
426
427 library_init(NULL, "starter");
428 atexit(library_deinit);
429
430 libhydra_init();
431 atexit(libhydra_deinit);
432
433 /* parse command line */
434 for (i = 1; i < argc; i++)
435 {
436 if (streq(argv[i], "--debug"))
437 {
438 current_loglevel = 2;
439 }
440 else if (streq(argv[i], "--debug-more"))
441 {
442 current_loglevel = 3;
443 }
444 else if (streq(argv[i], "--debug-all"))
445 {
446 current_loglevel = 4;
447 }
448 else if (streq(argv[i], "--nolog"))
449 {
450 current_loglevel = 0;
451 }
452 else if (streq(argv[i], "--nofork"))
453 {
454 no_fork = TRUE;
455 }
456 else if (streq(argv[i], "--attach-gdb"))
457 {
458 no_fork = TRUE;
459 attach_gdb = TRUE;
460 }
461 else if (streq(argv[i], "--auto-update") && i+1 < argc)
462 {
463 auto_update = atoi(argv[++i]);
464 if (!auto_update)
465 usage(argv[0]);
466 }
467 else if (streq(argv[i], "--daemon") && i+1 < argc)
468 {
469 daemon_name = argv[++i];
470 }
471 else if (streq(argv[i], "--conf") && i+1 < argc)
472 {
473 config_file = argv[++i];
474 }
475 else if (streq(argv[i], "--conftest"))
476 {
477 conftest = TRUE;
478 }
479 else
480 {
481 usage(argv[0]);
482 }
483 }
484
485 if (!set_daemon_name())
486 {
487 DBG1(DBG_APP, "unable to set daemon name");
488 exit(LSB_RC_FAILURE);
489 }
490 if (!config_file)
491 {
492 config_file = lib->settings->get_str(lib->settings,
493 "starter.config_file", CONFIG_FILE);
494 }
495
496 init_log("ipsec_starter");
497
498 if (conftest)
499 {
500 int status = LSB_RC_SUCCESS;
501
502 cfg = confread_load(config_file);
503 if (cfg == NULL || cfg->err > 0)
504 {
505 DBG1(DBG_APP, "config invalid!");
506 status = LSB_RC_INVALID_ARGUMENT;
507 }
508 else
509 {
510 DBG1(DBG_APP, "config OK");
511 }
512 if (cfg)
513 {
514 confread_free(cfg);
515 }
516 cleanup();
517 exit(status);
518 }
519
520 if (stat(cmd, &stb) != 0)
521 {
522 DBG1(DBG_APP, "IKE daemon '%s' not found", cmd);
523 cleanup();
524 exit(LSB_RC_FAILURE);
525 }
526
527 DBG1(DBG_APP, "Starting %sSwan "VERSION" IPsec [starter]...",
528 lib->settings->get_bool(lib->settings,
529 "charon.i_dont_care_about_security_and_use_aggressive_mode_psk",
530 FALSE) ? "weak" : "strong");
531
532 #ifdef LOAD_WARNING
533 load_warning = TRUE;
534 #endif
535
536 if (lib->settings->get_bool(lib->settings, "starter.load_warning", load_warning))
537 {
538 if (lib->settings->get_str(lib->settings, "charon.load", NULL))
539 {
540 DBG1(DBG_APP, "!! Your strongswan.conf contains manual plugin load options for charon.");
541 DBG1(DBG_APP, "!! This is recommended for experts only, see");
542 DBG1(DBG_APP, "!! http://wiki.strongswan.org/projects/strongswan/wiki/PluginLoad");
543 }
544 }
545
546 /* verify that we can start */
547 if (getuid() != 0)
548 {
549 DBG1(DBG_APP, "permission denied (must be superuser)");
550 cleanup();
551 exit(LSB_RC_NOT_ALLOWED);
552 }
553
554 if (check_pid(pid_file))
555 {
556 DBG1(DBG_APP, "%s is already running (%s exists) -- skipping daemon start",
557 daemon_name, pid_file);
558 }
559 else
560 {
561 _action_ |= FLAG_ACTION_START_CHARON;
562 }
563 if (stat(DEV_RANDOM, &stb) != 0)
564 {
565 DBG1(DBG_APP, "unable to start strongSwan IPsec -- no %s!", DEV_RANDOM);
566 cleanup();
567 exit(LSB_RC_FAILURE);
568 }
569
570 if (stat(DEV_URANDOM, &stb)!= 0)
571 {
572 DBG1(DBG_APP, "unable to start strongSwan IPsec -- no %s!", DEV_URANDOM);
573 cleanup();
574 exit(LSB_RC_FAILURE);
575 }
576
577 cfg = confread_load(config_file);
578 if (cfg == NULL || cfg->err > 0)
579 {
580 DBG1(DBG_APP, "unable to start strongSwan -- fatal errors in config");
581 if (cfg)
582 {
583 confread_free(cfg);
584 }
585 cleanup();
586 exit(LSB_RC_INVALID_ARGUMENT);
587 }
588
589 /* determine if we have a native netkey IPsec stack */
590 if (!starter_netkey_init())
591 {
592 DBG1(DBG_APP, "no netkey IPsec stack detected");
593 if (!starter_klips_init())
594 {
595 DBG1(DBG_APP, "no KLIPS IPsec stack detected");
596 DBG1(DBG_APP, "no known IPsec stack detected, ignoring!");
597 }
598 }
599
600 last_reload = time_monotonic(NULL);
601
602 if (check_pid(starter_pid_file))
603 {
604 DBG1(DBG_APP, "starter is already running (%s exists) -- no fork done",
605 starter_pid_file);
606 confread_free(cfg);
607 cleanup();
608 exit(LSB_RC_SUCCESS);
609 }
610
611 #ifdef GENERATE_SELFCERT
612 generate_selfcert();
613 #endif
614
615 /* fork if we're not debugging stuff */
616 if (!no_fork)
617 {
618 log_to_stderr = FALSE;
619
620 switch (fork())
621 {
622 case 0:
623 {
624 int fnull;
625
626 close_log();
627
628 fnull = open("/dev/null", O_RDWR);
629 if (fnull >= 0)
630 {
631 dup2(fnull, STDIN_FILENO);
632 dup2(fnull, STDOUT_FILENO);
633 dup2(fnull, STDERR_FILENO);
634 close(fnull);
635 }
636
637 setsid();
638 init_log("ipsec_starter");
639 }
640 break;
641 case -1:
642 DBG1(DBG_APP, "can't fork: %s", strerror(errno));
643 break;
644 default:
645 confread_free(cfg);
646 cleanup();
647 exit(LSB_RC_SUCCESS);
648 }
649 }
650
651 /* save pid file in /var/run/starter[.daemon_name].pid */
652 {
653 FILE *fd = fopen(starter_pid_file, "w");
654
655 if (fd)
656 {
657 fprintf(fd, "%u\n", getpid());
658 fclose(fd);
659 }
660 }
661
662 /* we handle these signals only in pselect() */
663 memset(&action, 0, sizeof(action));
664 sigemptyset(&action.sa_mask);
665 sigaddset(&action.sa_mask, SIGHUP);
666 sigaddset(&action.sa_mask, SIGINT);
667 sigaddset(&action.sa_mask, SIGTERM);
668 sigaddset(&action.sa_mask, SIGQUIT);
669 sigaddset(&action.sa_mask, SIGALRM);
670 sigaddset(&action.sa_mask, SIGUSR1);
671 pthread_sigmask(SIG_SETMASK, &action.sa_mask, NULL);
672
673 /* install a handler for fatal signals */
674 action.sa_handler = fatal_signal_handler;
675 sigaction(SIGSEGV, &action, NULL);
676 sigaction(SIGILL, &action, NULL);
677 sigaction(SIGBUS, &action, NULL);
678 action.sa_handler = SIG_IGN;
679 sigaction(SIGPIPE, &action, NULL);
680
681 /* install main signal handler */
682 action.sa_handler = signal_handler;
683 sigaction(SIGHUP, &action, NULL);
684 sigaction(SIGINT, &action, NULL);
685 sigaction(SIGTERM, &action, NULL);
686 sigaction(SIGQUIT, &action, NULL);
687 sigaction(SIGALRM, &action, NULL);
688 sigaction(SIGUSR1, &action, NULL);
689 /* this is not blocked above as we want to receive it asynchronously */
690 sigaction(SIGCHLD, &action, NULL);
691
692 /* empty mask for pselect() call below */
693 sigemptyset(&action.sa_mask);
694
695 for (;;)
696 {
697 /*
698 * Stop charon (if started) and exit
699 */
700 if (_action_ & FLAG_ACTION_QUIT)
701 {
702 if (starter_charon_pid())
703 {
704 starter_stop_charon();
705 }
706 confread_free(cfg);
707 unlink(starter_pid_file);
708 cleanup();
709 DBG1(DBG_APP, "ipsec starter stopped");
710 close_log();
711 exit(LSB_RC_SUCCESS);
712 }
713
714 /*
715 * Delete all connections. Will be added below
716 */
717 if (_action_ & FLAG_ACTION_RELOAD)
718 {
719 if (starter_charon_pid())
720 {
721 for (conn = cfg->conn_first; conn; conn = conn->next)
722 {
723 if (conn->state == STATE_ADDED)
724 {
725 if (starter_charon_pid())
726 {
727 if (conn->startup == STARTUP_ROUTE)
728 {
729 starter_stroke_unroute_conn(conn);
730 }
731 starter_stroke_del_conn(conn);
732 }
733 conn->state = STATE_TO_ADD;
734 }
735 }
736 for (ca = cfg->ca_first; ca; ca = ca->next)
737 {
738 if (ca->state == STATE_ADDED)
739 {
740 if (starter_charon_pid())
741 {
742 starter_stroke_del_ca(ca);
743 }
744 ca->state = STATE_TO_ADD;
745 }
746 }
747 }
748 _action_ &= ~FLAG_ACTION_RELOAD;
749 }
750
751 /*
752 * Update configuration
753 */
754 if (_action_ & FLAG_ACTION_UPDATE)
755 {
756 DBG2(DBG_APP, "Reloading config...");
757 new_cfg = confread_load(config_file);
758
759 if (new_cfg && (new_cfg->err == 0))
760 {
761 /* Switch to new config. New conn will be loaded below */
762
763 /* Look for new connections that are already loaded */
764 for (conn = cfg->conn_first; conn; conn = conn->next)
765 {
766 if (conn->state == STATE_ADDED)
767 {
768 for (conn2 = new_cfg->conn_first; conn2; conn2 = conn2->next)
769 {
770 if (conn2->state == STATE_TO_ADD && starter_cmp_conn(conn, conn2))
771 {
772 conn->state = STATE_REPLACED;
773 conn2->state = STATE_ADDED;
774 conn2->id = conn->id;
775 break;
776 }
777 }
778 }
779 }
780
781 /* Remove conn sections that have become unused */
782 for (conn = cfg->conn_first; conn; conn = conn->next)
783 {
784 if (conn->state == STATE_ADDED)
785 {
786 if (starter_charon_pid())
787 {
788 if (conn->startup == STARTUP_ROUTE)
789 {
790 starter_stroke_unroute_conn(conn);
791 }
792 starter_stroke_del_conn(conn);
793 }
794 }
795 }
796
797 /* Look for new ca sections that are already loaded */
798 for (ca = cfg->ca_first; ca; ca = ca->next)
799 {
800 if (ca->state == STATE_ADDED)
801 {
802 for (ca2 = new_cfg->ca_first; ca2; ca2 = ca2->next)
803 {
804 if (ca2->state == STATE_TO_ADD && starter_cmp_ca(ca, ca2))
805 {
806 ca->state = STATE_REPLACED;
807 ca2->state = STATE_ADDED;
808 break;
809 }
810 }
811 }
812 }
813
814 /* Remove ca sections that have become unused */
815 for (ca = cfg->ca_first; ca; ca = ca->next)
816 {
817 if (ca->state == STATE_ADDED)
818 {
819 if (starter_charon_pid())
820 {
821 starter_stroke_del_ca(ca);
822 }
823 }
824 }
825 confread_free(cfg);
826 cfg = new_cfg;
827 }
828 else
829 {
830 DBG1(DBG_APP, "can't reload config file due to errors -- keeping old one");
831 if (new_cfg)
832 {
833 confread_free(new_cfg);
834 }
835 }
836 _action_ &= ~FLAG_ACTION_UPDATE;
837 last_reload = time_monotonic(NULL);
838 }
839
840 /*
841 * Start daemon
842 */
843 if (_action_ & FLAG_ACTION_START_CHARON)
844 {
845 if (!starter_charon_pid())
846 {
847 DBG2(DBG_APP, "Attempting to start %s...", daemon_name);
848 if (starter_start_charon(cfg, no_fork, attach_gdb))
849 {
850 /* schedule next try */
851 alarm(CHARON_RESTART_DELAY);
852 }
853 starter_stroke_configure(cfg);
854 }
855 _action_ &= ~FLAG_ACTION_START_CHARON;
856
857 for (ca = cfg->ca_first; ca; ca = ca->next)
858 {
859 if (ca->state == STATE_ADDED)
860 {
861 ca->state = STATE_TO_ADD;
862 }
863 }
864
865 for (conn = cfg->conn_first; conn; conn = conn->next)
866 {
867 if (conn->state == STATE_ADDED)
868 {
869 conn->state = STATE_TO_ADD;
870 }
871 }
872 }
873
874 /*
875 * Add stale conn and ca sections
876 */
877 if (starter_charon_pid())
878 {
879 for (ca = cfg->ca_first; ca; ca = ca->next)
880 {
881 if (ca->state == STATE_TO_ADD)
882 {
883 if (starter_charon_pid())
884 {
885 starter_stroke_add_ca(ca);
886 }
887 ca->state = STATE_ADDED;
888 }
889 }
890
891 for (conn = cfg->conn_first; conn; conn = conn->next)
892 {
893 if (conn->state == STATE_TO_ADD)
894 {
895 if (conn->id == 0)
896 {
897 /* affect new unique id */
898 conn->id = id++;
899 }
900 if (starter_charon_pid())
901 {
902 starter_stroke_add_conn(cfg, conn);
903 }
904 conn->state = STATE_ADDED;
905
906 if (conn->startup == STARTUP_START)
907 {
908 if (starter_charon_pid())
909 {
910 starter_stroke_initiate_conn(conn);
911 }
912 }
913 else if (conn->startup == STARTUP_ROUTE)
914 {
915 if (starter_charon_pid())
916 {
917 starter_stroke_route_conn(conn);
918 }
919 }
920 }
921 }
922 }
923
924 /*
925 * If auto_update activated, when to stop select
926 */
927 if (auto_update)
928 {
929 time_t now = time_monotonic(NULL);
930
931 ts.tv_sec = (now < last_reload + auto_update) ?
932 (last_reload + auto_update - now) : 0;
933 ts.tv_nsec = 0;
934 }
935
936 /*
937 * Wait for something to happen
938 */
939 if (!_action_ &&
940 pselect(0, NULL, NULL, NULL, auto_update ? &ts : NULL,
941 &action.sa_mask) == 0)
942 {
943 /* timeout -> auto_update */
944 _action_ |= FLAG_ACTION_UPDATE;
945 }
946 }
947 exit(LSB_RC_SUCCESS);
948 }