stroke: Allow specifying the ipsec.secrets location in strongswan.conf
[strongswan.git] / src / starter / starter.c
1 /* strongSwan IPsec starter
2 * Copyright (C) 2001-2002 Mathieu Lafon - Arkoon Network Security
3 *
4 * This program is free software; you can redistribute it and/or modify it
5 * under the terms of the GNU General Public License as published by the
6 * Free Software Foundation; either version 2 of the License, or (at your
7 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
8 *
9 * This program is distributed in the hope that it will be useful, but
10 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
11 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
12 * for more details.
13 */
14
15 #define _GNU_SOURCE
16
17 #include <sys/select.h>
18 #include <sys/types.h>
19 #include <sys/wait.h>
20 #include <sys/stat.h>
21 #include <stdlib.h>
22 #include <stdio.h>
23 #include <signal.h>
24 #include <syslog.h>
25 #include <unistd.h>
26 #include <sys/time.h>
27 #include <time.h>
28 #include <string.h>
29 #include <errno.h>
30 #include <fcntl.h>
31 #include <pwd.h>
32 #include <grp.h>
33 #include <pthread.h>
34
35 #include <library.h>
36 #include <hydra.h>
37 #include <utils/backtrace.h>
38 #include <threading/thread.h>
39 #include <utils/debug.h>
40
41 #include "confread.h"
42 #include "files.h"
43 #include "starterstroke.h"
44 #include "invokecharon.h"
45 #include "netkey.h"
46 #include "klips.h"
47 #include "cmp.h"
48
49 #ifndef LOG_AUTHPRIV
50 #define LOG_AUTHPRIV LOG_AUTH
51 #endif
52
53 #define CHARON_RESTART_DELAY 5
54
55 static const char* cmd_default = IPSEC_DIR "/charon";
56 static const char* pid_file_default = IPSEC_PIDDIR "/charon.pid";
57 static const char* starter_pid_file_default = IPSEC_PIDDIR "/starter.pid";
58
59 char *daemon_name = NULL;
60 char *cmd = NULL;
61 char *pid_file = NULL;
62 char *starter_pid_file = NULL;
63
64 static char *config_file = NULL;
65
66 /* logging */
67 static bool log_to_stderr = TRUE;
68 static bool log_to_syslog = TRUE;
69 static level_t current_loglevel = 1;
70
71 /**
72 * logging function for scepclient
73 */
74 static void starter_dbg(debug_t group, level_t level, char *fmt, ...)
75 {
76 char buffer[8192];
77 char *current = buffer, *next;
78 va_list args;
79
80 if (level <= current_loglevel)
81 {
82 if (log_to_stderr)
83 {
84 va_start(args, fmt);
85 vfprintf(stderr, fmt, args);
86 va_end(args);
87 fprintf(stderr, "\n");
88 }
89 if (log_to_syslog)
90 {
91 /* write in memory buffer first */
92 va_start(args, fmt);
93 vsnprintf(buffer, sizeof(buffer), fmt, args);
94 va_end(args);
95
96 /* do a syslog with every line */
97 while (current)
98 {
99 next = strchr(current, '\n');
100 if (next)
101 {
102 *(next++) = '\0';
103 }
104 syslog(LOG_INFO, "%s\n", current);
105 current = next;
106 }
107 }
108 }
109 }
110
111 /**
112 * Initialize logging to stderr/syslog
113 */
114 static void init_log(const char *program)
115 {
116 dbg = starter_dbg;
117
118 if (log_to_stderr)
119 {
120 setbuf(stderr, NULL);
121 }
122 if (log_to_syslog)
123 {
124 openlog(program, LOG_CONS | LOG_NDELAY | LOG_PID, LOG_AUTHPRIV);
125 }
126 }
127
128 /**
129 * Deinitialize logging to syslog
130 */
131 static void close_log()
132 {
133 if (log_to_syslog)
134 {
135 closelog();
136 }
137 }
138
139 /**
140 * Return codes defined by Linux Standard Base Core Specification 3.1
141 * in section 20.2. Init Script Actions
142 */
143 #define LSB_RC_SUCCESS 0 /* success */
144 #define LSB_RC_FAILURE 1 /* generic or unspecified error */
145 #define LSB_RC_INVALID_ARGUMENT 2 /* invalid or excess argument(s) */
146 #define LSB_RC_NOT_IMPLEMENTED 3 /* unimplemented feature (reload) */
147 #define LSB_RC_NOT_ALLOWED 4 /* user had insufficient privilege */
148 #define LSB_RC_NOT_INSTALLED 5 /* program is not installed */
149 #define LSB_RC_NOT_CONFIGURED 6 /* program is not configured */
150 #define LSB_RC_NOT_RUNNING 7 /* program is not running */
151
152 #define FLAG_ACTION_START_PLUTO 0x01
153 #define FLAG_ACTION_UPDATE 0x02
154 #define FLAG_ACTION_RELOAD 0x04
155 #define FLAG_ACTION_QUIT 0x08
156 #define FLAG_ACTION_LISTEN 0x10
157 #define FLAG_ACTION_START_CHARON 0x20
158
159 static unsigned int _action_ = 0;
160
161 /**
162 * Handle signals in the main thread
163 */
164 static void signal_handler(int signal)
165 {
166 switch (signal)
167 {
168 case SIGCHLD:
169 {
170 int status, exit_status = 0;
171 pid_t pid;
172 char *name = NULL;
173
174 while ((pid = waitpid(-1, &status, WNOHANG)) > 0)
175 {
176 if (pid == starter_charon_pid())
177 {
178 if (asprintf(&name, " (%s)", daemon_name) < 0)
179 {
180 name = NULL;
181 }
182 }
183 if (WIFSIGNALED(status))
184 {
185 DBG2(DBG_APP, "child %d%s has been killed by sig %d\n",
186 pid, name?name:"", WTERMSIG(status));
187 }
188 else if (WIFSTOPPED(status))
189 {
190 DBG2(DBG_APP, "child %d%s has been stopped by sig %d\n",
191 pid, name?name:"", WSTOPSIG(status));
192 }
193 else if (WIFEXITED(status))
194 {
195 exit_status = WEXITSTATUS(status);
196 if (exit_status >= SS_RC_FIRST && exit_status <= SS_RC_LAST)
197 {
198 _action_ = FLAG_ACTION_QUIT;
199 }
200 DBG2(DBG_APP, "child %d%s has quit (exit code %d)\n",
201 pid, name?name:"", exit_status);
202 }
203 else
204 {
205 DBG2(DBG_APP, "child %d%s has quit", pid, name?name:"");
206 }
207 if (pid == starter_charon_pid())
208 {
209 starter_charon_sigchild(pid, exit_status);
210 }
211 }
212
213 if (name)
214 {
215 free(name);
216 }
217 }
218 break;
219
220 case SIGALRM:
221 _action_ |= FLAG_ACTION_START_CHARON;
222 break;
223
224 case SIGHUP:
225 _action_ |= FLAG_ACTION_UPDATE;
226 break;
227
228 case SIGTERM:
229 case SIGQUIT:
230 case SIGINT:
231 _action_ |= FLAG_ACTION_QUIT;
232 break;
233
234 case SIGUSR1:
235 _action_ |= FLAG_ACTION_RELOAD;
236 _action_ |= FLAG_ACTION_UPDATE;
237 break;
238
239 default:
240 DBG1(DBG_APP, "fsig(): unknown signal %d -- investigate", signal);
241 break;
242 }
243 }
244
245 /**
246 * Handle fatal signals raised by threads
247 */
248 static void fatal_signal_handler(int signal)
249 {
250 backtrace_t *backtrace;
251
252 DBG1(DBG_APP, "thread %u received %d", thread_current_id(), signal);
253 backtrace = backtrace_create(2);
254 backtrace->log(backtrace, stderr, TRUE);
255 backtrace->destroy(backtrace);
256
257 DBG1(DBG_APP, "killing ourself, received critical signal");
258 abort();
259 }
260
261 #ifdef GENERATE_SELFCERT
262 static void generate_selfcert()
263 {
264 const char *secrets_file;
265 struct stat stb;
266
267 secrets_file = lib->settings->get_str(lib->settings,
268 "charon.plugins.stroke.secrets_file", SECRETS_FILE);
269
270 /* if ipsec.secrets file is missing then generate RSA default key pair */
271 if (stat(secrets_file, &stb) != 0)
272 {
273 mode_t oldmask;
274 FILE *f;
275 uid_t uid = 0;
276 gid_t gid = 0;
277
278 #ifdef IPSEC_GROUP
279 {
280 char buf[1024];
281 struct group group, *grp;
282
283 if (getgrnam_r(IPSEC_GROUP, &group, buf, sizeof(buf), &grp) == 0 && grp)
284 {
285 gid = grp->gr_gid;
286 }
287 }
288 #endif
289 #ifdef IPSEC_USER
290 {
291 char buf[1024];
292 struct passwd passwd, *pwp;
293
294 if (getpwnam_r(IPSEC_USER, &passwd, buf, sizeof(buf), &pwp) == 0 && pwp)
295 {
296 uid = pwp->pw_uid;
297 }
298 }
299 #endif
300 ignore_result(setegid(gid));
301 ignore_result(seteuid(uid));
302 ignore_result(system(IPSEC_SCRIPT " scepclient --out pkcs1 --out cert-self --quiet"));
303 ignore_result(seteuid(0));
304 ignore_result(setegid(0));
305
306 /* ipsec.secrets is root readable only */
307 oldmask = umask(0066);
308
309 f = fopen(secrets_file, "w");
310 if (f)
311 {
312 fprintf(f, "# /etc/ipsec.secrets - strongSwan IPsec secrets file\n");
313 fprintf(f, "\n");
314 fprintf(f, ": RSA myKey.der\n");
315 fclose(f);
316 }
317 ignore_result(chown(secrets_file, uid, gid));
318 umask(oldmask);
319 }
320 }
321 #endif /* GENERATE_SELFCERT */
322
323 static bool check_pid(char *pid_file)
324 {
325 struct stat stb;
326 FILE *pidfile;
327
328 if (stat(pid_file, &stb) == 0)
329 {
330 pidfile = fopen(pid_file, "r");
331 if (pidfile)
332 {
333 char buf[64];
334 pid_t pid = 0;
335 memset(buf, 0, sizeof(buf));
336 if (fread(buf, 1, sizeof(buf), pidfile))
337 {
338 buf[sizeof(buf) - 1] = '\0';
339 pid = atoi(buf);
340 }
341 fclose(pidfile);
342 if (pid && kill(pid, 0) == 0)
343 { /* such a process is running */
344 return TRUE;
345 }
346 }
347 DBG1(DBG_APP, "removing pidfile '%s', process not running", pid_file);
348 unlink(pid_file);
349 }
350 return FALSE;
351 }
352
353 /* Set daemon name and adjust command and pid filenames accordingly */
354 static bool set_daemon_name()
355 {
356 if (!daemon_name)
357 {
358 daemon_name = "charon";
359 }
360
361 if (asprintf(&cmd, IPSEC_DIR"/%s", daemon_name) < 0)
362 {
363 cmd = (char*)cmd_default;
364 }
365
366 if (asprintf(&pid_file, IPSEC_PIDDIR"/%s.pid", daemon_name) < 0)
367 {
368 pid_file = (char*)pid_file_default;
369 }
370
371 if (asprintf(&starter_pid_file, IPSEC_PIDDIR"/starter.%s.pid",
372 daemon_name) < 0)
373 {
374 starter_pid_file = (char*)starter_pid_file_default;
375 }
376
377 return TRUE;
378 }
379
380 static void cleanup()
381 {
382 if (cmd != cmd_default)
383 {
384 free(cmd);
385 }
386
387 if (pid_file != pid_file_default)
388 {
389 free(pid_file);
390 }
391
392 if (starter_pid_file != starter_pid_file_default)
393 {
394 free(starter_pid_file);
395 }
396 }
397
398 static void usage(char *name)
399 {
400 fprintf(stderr, "Usage: starter [--nofork] [--auto-update <sec>]\n"
401 " [--debug|--debug-more|--debug-all|--nolog]\n"
402 " [--attach-gdb] [--daemon <name>]\n"
403 " [--conf <path to ipsec.conf>]\n");
404 exit(LSB_RC_INVALID_ARGUMENT);
405 }
406
407 int main (int argc, char **argv)
408 {
409 starter_config_t *cfg = NULL;
410 starter_config_t *new_cfg;
411 starter_conn_t *conn, *conn2;
412 starter_ca_t *ca, *ca2;
413
414 struct sigaction action;
415 struct stat stb;
416
417 int i;
418 int id = 1;
419 struct timespec ts;
420 unsigned long auto_update = 0;
421 time_t last_reload;
422 bool no_fork = FALSE;
423 bool attach_gdb = FALSE;
424 bool load_warning = FALSE;
425 bool conftest = FALSE;
426
427 library_init(NULL, "starter");
428 atexit(library_deinit);
429
430 libhydra_init();
431 atexit(libhydra_deinit);
432
433 /* parse command line */
434 for (i = 1; i < argc; i++)
435 {
436 if (streq(argv[i], "--debug"))
437 {
438 current_loglevel = 2;
439 }
440 else if (streq(argv[i], "--debug-more"))
441 {
442 current_loglevel = 3;
443 }
444 else if (streq(argv[i], "--debug-all"))
445 {
446 current_loglevel = 4;
447 }
448 else if (streq(argv[i], "--nolog"))
449 {
450 current_loglevel = 0;
451 }
452 else if (streq(argv[i], "--nofork"))
453 {
454 no_fork = TRUE;
455 }
456 else if (streq(argv[i], "--attach-gdb"))
457 {
458 no_fork = TRUE;
459 attach_gdb = TRUE;
460 }
461 else if (streq(argv[i], "--auto-update") && i+1 < argc)
462 {
463 auto_update = atoi(argv[++i]);
464 if (!auto_update)
465 usage(argv[0]);
466 }
467 else if (streq(argv[i], "--daemon") && i+1 < argc)
468 {
469 daemon_name = argv[++i];
470 }
471 else if (streq(argv[i], "--conf") && i+1 < argc)
472 {
473 config_file = argv[++i];
474 }
475 else if (streq(argv[i], "--conftest"))
476 {
477 conftest = TRUE;
478 }
479 else
480 {
481 usage(argv[0]);
482 }
483 }
484
485 if (!set_daemon_name())
486 {
487 DBG1(DBG_APP, "unable to set daemon name");
488 exit(LSB_RC_FAILURE);
489 }
490 if (!config_file)
491 {
492 config_file = CONFIG_FILE;
493 }
494
495 init_log("ipsec_starter");
496
497 if (conftest)
498 {
499 int status = LSB_RC_SUCCESS;
500
501 cfg = confread_load(config_file);
502 if (cfg == NULL || cfg->err > 0)
503 {
504 DBG1(DBG_APP, "config invalid!");
505 status = LSB_RC_INVALID_ARGUMENT;
506 }
507 else
508 {
509 DBG1(DBG_APP, "config OK");
510 }
511 if (cfg)
512 {
513 confread_free(cfg);
514 }
515 cleanup();
516 exit(status);
517 }
518
519 DBG1(DBG_APP, "Starting %sSwan "VERSION" IPsec [starter]...",
520 lib->settings->get_bool(lib->settings,
521 "charon.i_dont_care_about_security_and_use_aggressive_mode_psk",
522 FALSE) ? "weak" : "strong");
523
524 #ifdef LOAD_WARNING
525 load_warning = TRUE;
526 #endif
527
528 if (lib->settings->get_bool(lib->settings, "starter.load_warning", load_warning))
529 {
530 if (lib->settings->get_str(lib->settings, "charon.load", NULL))
531 {
532 DBG1(DBG_APP, "!! Your strongswan.conf contains manual plugin load options for charon.");
533 DBG1(DBG_APP, "!! This is recommended for experts only, see");
534 DBG1(DBG_APP, "!! http://wiki.strongswan.org/projects/strongswan/wiki/PluginLoad");
535 }
536 }
537
538 /* verify that we can start */
539 if (getuid() != 0)
540 {
541 DBG1(DBG_APP, "permission denied (must be superuser)");
542 cleanup();
543 exit(LSB_RC_NOT_ALLOWED);
544 }
545
546 if (check_pid(pid_file))
547 {
548 DBG1(DBG_APP, "%s is already running (%s exists) -- skipping daemon start",
549 daemon_name, pid_file);
550 }
551 else
552 {
553 _action_ |= FLAG_ACTION_START_CHARON;
554 }
555 if (stat(DEV_RANDOM, &stb) != 0)
556 {
557 DBG1(DBG_APP, "unable to start strongSwan IPsec -- no %s!", DEV_RANDOM);
558 cleanup();
559 exit(LSB_RC_FAILURE);
560 }
561
562 if (stat(DEV_URANDOM, &stb)!= 0)
563 {
564 DBG1(DBG_APP, "unable to start strongSwan IPsec -- no %s!", DEV_URANDOM);
565 cleanup();
566 exit(LSB_RC_FAILURE);
567 }
568
569 cfg = confread_load(config_file);
570 if (cfg == NULL || cfg->err > 0)
571 {
572 DBG1(DBG_APP, "unable to start strongSwan -- fatal errors in config");
573 if (cfg)
574 {
575 confread_free(cfg);
576 }
577 cleanup();
578 exit(LSB_RC_INVALID_ARGUMENT);
579 }
580
581 /* determine if we have a native netkey IPsec stack */
582 if (!starter_netkey_init())
583 {
584 DBG1(DBG_APP, "no netkey IPsec stack detected");
585 if (!starter_klips_init())
586 {
587 DBG1(DBG_APP, "no KLIPS IPsec stack detected");
588 DBG1(DBG_APP, "no known IPsec stack detected, ignoring!");
589 }
590 }
591
592 last_reload = time_monotonic(NULL);
593
594 if (check_pid(starter_pid_file))
595 {
596 DBG1(DBG_APP, "starter is already running (%s exists) -- no fork done",
597 starter_pid_file);
598 confread_free(cfg);
599 cleanup();
600 exit(LSB_RC_SUCCESS);
601 }
602
603 #ifdef GENERATE_SELFCERT
604 generate_selfcert();
605 #endif
606
607 /* fork if we're not debugging stuff */
608 if (!no_fork)
609 {
610 log_to_stderr = FALSE;
611
612 switch (fork())
613 {
614 case 0:
615 {
616 int fnull;
617
618 close_log();
619
620 fnull = open("/dev/null", O_RDWR);
621 if (fnull >= 0)
622 {
623 dup2(fnull, STDIN_FILENO);
624 dup2(fnull, STDOUT_FILENO);
625 dup2(fnull, STDERR_FILENO);
626 close(fnull);
627 }
628
629 setsid();
630 init_log("ipsec_starter");
631 }
632 break;
633 case -1:
634 DBG1(DBG_APP, "can't fork: %s", strerror(errno));
635 break;
636 default:
637 confread_free(cfg);
638 cleanup();
639 exit(LSB_RC_SUCCESS);
640 }
641 }
642
643 /* save pid file in /var/run/starter[.daemon_name].pid */
644 {
645 FILE *fd = fopen(starter_pid_file, "w");
646
647 if (fd)
648 {
649 fprintf(fd, "%u\n", getpid());
650 fclose(fd);
651 }
652 }
653
654 /* we handle these signals only in pselect() */
655 memset(&action, 0, sizeof(action));
656 sigemptyset(&action.sa_mask);
657 sigaddset(&action.sa_mask, SIGHUP);
658 sigaddset(&action.sa_mask, SIGINT);
659 sigaddset(&action.sa_mask, SIGTERM);
660 sigaddset(&action.sa_mask, SIGQUIT);
661 sigaddset(&action.sa_mask, SIGALRM);
662 sigaddset(&action.sa_mask, SIGUSR1);
663 pthread_sigmask(SIG_SETMASK, &action.sa_mask, NULL);
664
665 /* install a handler for fatal signals */
666 action.sa_handler = fatal_signal_handler;
667 sigaction(SIGSEGV, &action, NULL);
668 sigaction(SIGILL, &action, NULL);
669 sigaction(SIGBUS, &action, NULL);
670 action.sa_handler = SIG_IGN;
671 sigaction(SIGPIPE, &action, NULL);
672
673 /* install main signal handler */
674 action.sa_handler = signal_handler;
675 sigaction(SIGHUP, &action, NULL);
676 sigaction(SIGINT, &action, NULL);
677 sigaction(SIGTERM, &action, NULL);
678 sigaction(SIGQUIT, &action, NULL);
679 sigaction(SIGALRM, &action, NULL);
680 sigaction(SIGUSR1, &action, NULL);
681 /* this is not blocked above as we want to receive it asynchronously */
682 sigaction(SIGCHLD, &action, NULL);
683
684 /* empty mask for pselect() call below */
685 sigemptyset(&action.sa_mask);
686
687 for (;;)
688 {
689 /*
690 * Stop charon (if started) and exit
691 */
692 if (_action_ & FLAG_ACTION_QUIT)
693 {
694 if (starter_charon_pid())
695 {
696 starter_stop_charon();
697 }
698 starter_netkey_cleanup();
699 confread_free(cfg);
700 unlink(starter_pid_file);
701 cleanup();
702 DBG1(DBG_APP, "ipsec starter stopped");
703 close_log();
704 exit(LSB_RC_SUCCESS);
705 }
706
707 /*
708 * Delete all connections. Will be added below
709 */
710 if (_action_ & FLAG_ACTION_RELOAD)
711 {
712 if (starter_charon_pid())
713 {
714 for (conn = cfg->conn_first; conn; conn = conn->next)
715 {
716 if (conn->state == STATE_ADDED)
717 {
718 if (starter_charon_pid())
719 {
720 if (conn->startup == STARTUP_ROUTE)
721 {
722 starter_stroke_unroute_conn(conn);
723 }
724 starter_stroke_del_conn(conn);
725 }
726 conn->state = STATE_TO_ADD;
727 }
728 }
729 for (ca = cfg->ca_first; ca; ca = ca->next)
730 {
731 if (ca->state == STATE_ADDED)
732 {
733 if (starter_charon_pid())
734 {
735 starter_stroke_del_ca(ca);
736 }
737 ca->state = STATE_TO_ADD;
738 }
739 }
740 }
741 _action_ &= ~FLAG_ACTION_RELOAD;
742 }
743
744 /*
745 * Update configuration
746 */
747 if (_action_ & FLAG_ACTION_UPDATE)
748 {
749 DBG2(DBG_APP, "Reloading config...");
750 new_cfg = confread_load(config_file);
751
752 if (new_cfg && (new_cfg->err == 0))
753 {
754 /* Switch to new config. New conn will be loaded below */
755
756 /* Look for new connections that are already loaded */
757 for (conn = cfg->conn_first; conn; conn = conn->next)
758 {
759 if (conn->state == STATE_ADDED)
760 {
761 for (conn2 = new_cfg->conn_first; conn2; conn2 = conn2->next)
762 {
763 if (conn2->state == STATE_TO_ADD && starter_cmp_conn(conn, conn2))
764 {
765 conn->state = STATE_REPLACED;
766 conn2->state = STATE_ADDED;
767 conn2->id = conn->id;
768 break;
769 }
770 }
771 }
772 }
773
774 /* Remove conn sections that have become unused */
775 for (conn = cfg->conn_first; conn; conn = conn->next)
776 {
777 if (conn->state == STATE_ADDED)
778 {
779 if (starter_charon_pid())
780 {
781 if (conn->startup == STARTUP_ROUTE)
782 {
783 starter_stroke_unroute_conn(conn);
784 }
785 starter_stroke_del_conn(conn);
786 }
787 }
788 }
789
790 /* Look for new ca sections that are already loaded */
791 for (ca = cfg->ca_first; ca; ca = ca->next)
792 {
793 if (ca->state == STATE_ADDED)
794 {
795 for (ca2 = new_cfg->ca_first; ca2; ca2 = ca2->next)
796 {
797 if (ca2->state == STATE_TO_ADD && starter_cmp_ca(ca, ca2))
798 {
799 ca->state = STATE_REPLACED;
800 ca2->state = STATE_ADDED;
801 break;
802 }
803 }
804 }
805 }
806
807 /* Remove ca sections that have become unused */
808 for (ca = cfg->ca_first; ca; ca = ca->next)
809 {
810 if (ca->state == STATE_ADDED)
811 {
812 if (starter_charon_pid())
813 {
814 starter_stroke_del_ca(ca);
815 }
816 }
817 }
818 confread_free(cfg);
819 cfg = new_cfg;
820 }
821 else
822 {
823 DBG1(DBG_APP, "can't reload config file due to errors -- keeping old one");
824 if (new_cfg)
825 {
826 confread_free(new_cfg);
827 }
828 }
829 _action_ &= ~FLAG_ACTION_UPDATE;
830 last_reload = time_monotonic(NULL);
831 }
832
833 /*
834 * Start daemon
835 */
836 if (_action_ & FLAG_ACTION_START_CHARON)
837 {
838 if (cfg->setup.charonstart && !starter_charon_pid())
839 {
840 DBG2(DBG_APP, "Attempting to start %s...", daemon_name);
841 if (starter_start_charon(cfg, no_fork, attach_gdb))
842 {
843 /* schedule next try */
844 alarm(CHARON_RESTART_DELAY);
845 }
846 starter_stroke_configure(cfg);
847 }
848 _action_ &= ~FLAG_ACTION_START_CHARON;
849
850 for (ca = cfg->ca_first; ca; ca = ca->next)
851 {
852 if (ca->state == STATE_ADDED)
853 {
854 ca->state = STATE_TO_ADD;
855 }
856 }
857
858 for (conn = cfg->conn_first; conn; conn = conn->next)
859 {
860 if (conn->state == STATE_ADDED)
861 {
862 conn->state = STATE_TO_ADD;
863 }
864 }
865 }
866
867 /*
868 * Add stale conn and ca sections
869 */
870 if (starter_charon_pid())
871 {
872 for (ca = cfg->ca_first; ca; ca = ca->next)
873 {
874 if (ca->state == STATE_TO_ADD)
875 {
876 if (starter_charon_pid())
877 {
878 starter_stroke_add_ca(ca);
879 }
880 ca->state = STATE_ADDED;
881 }
882 }
883
884 for (conn = cfg->conn_first; conn; conn = conn->next)
885 {
886 if (conn->state == STATE_TO_ADD)
887 {
888 if (conn->id == 0)
889 {
890 /* affect new unique id */
891 conn->id = id++;
892 }
893 if (starter_charon_pid())
894 {
895 starter_stroke_add_conn(cfg, conn);
896 }
897 conn->state = STATE_ADDED;
898
899 if (conn->startup == STARTUP_START)
900 {
901 if (starter_charon_pid())
902 {
903 starter_stroke_initiate_conn(conn);
904 }
905 }
906 else if (conn->startup == STARTUP_ROUTE)
907 {
908 if (starter_charon_pid())
909 {
910 starter_stroke_route_conn(conn);
911 }
912 }
913 }
914 }
915 }
916
917 /*
918 * If auto_update activated, when to stop select
919 */
920 if (auto_update)
921 {
922 time_t now = time_monotonic(NULL);
923
924 ts.tv_sec = (now < last_reload + auto_update) ?
925 (last_reload + auto_update - now) : 0;
926 ts.tv_nsec = 0;
927 }
928
929 /*
930 * Wait for something to happen
931 */
932 if (!_action_ &&
933 pselect(0, NULL, NULL, NULL, auto_update ? &ts : NULL,
934 &action.sa_mask) == 0)
935 {
936 /* timeout -> auto_update */
937 _action_ |= FLAG_ACTION_UPDATE;
938 }
939 }
940 exit(LSB_RC_SUCCESS);
941 }