sigwaitinfo() may fail with EINTR if interrupted by an unblocked signal not in the set
[strongswan.git] / src / charon / charon.c
index 3386688..4c2a9a4 100644 (file)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2006-2010 Tobias Brunner
+ * Copyright (C) 2006-2012 Tobias Brunner
  * Copyright (C) 2005-2009 Martin Willi
  * Copyright (C) 2006 Daniel Roethlisberger
  * Copyright (C) 2005 Jan Hutter
  */
 
 #include <stdio.h>
-#ifdef HAVE_PRCTL
-#include <sys/prctl.h>
-#endif
-#define _POSIX_PTHREAD_SEMANTICS /* for two param sigwait on OpenSolaris */
 #include <signal.h>
-#undef _POSIX_PTHREAD_SEMANTICS
 #include <pthread.h>
 #include <sys/stat.h>
 #include <sys/types.h>
+#include <sys/utsname.h>
 #include <unistd.h>
 #include <getopt.h>
-#include <pwd.h>
-#include <grp.h>
+#include <fcntl.h>
+#include <errno.h>
 
 #include <hydra.h>
 #include <daemon.h>
 #include <utils/backtrace.h>
 #include <threading/thread.h>
 
+#ifdef ANDROID
+#include <private/android_filesystem_config.h> /* for AID_VPN */
+#endif
+
 /**
  * PID file, in which charon stores its process id
  */
 #define PID_FILE IPSEC_PIDDIR "/charon.pid"
 
 /**
+ * Default user and group
+ */
+#ifndef IPSEC_USER
+#define IPSEC_USER NULL
+#endif
+
+#ifndef IPSEC_GROUP
+#define IPSEC_GROUP NULL
+#endif
+
+/**
+ * Global reference to PID file (required to truncate, if undeletable)
+ */
+static FILE *pidfile = NULL;
+
+/**
+ * Log levels as defined via command line arguments
+ */
+static level_t levels[DBG_MAX];
+
+/**
+ * Whether to only use syslog when logging
+ */
+static bool use_syslog = FALSE;
+
+/**
  * hook in library for debugging messages
  */
 extern void (*dbg) (debug_t group, level_t level, char *fmt, ...);
@@ -72,7 +98,7 @@ static void run()
 {
        sigset_t set;
 
-       /* handle SIGINT, SIGHUP ans SIGTERM in this handler */
+       /* handle SIGINT, SIGHUP and SIGTERM in this handler */
        sigemptyset(&set);
        sigaddset(&set, SIGINT);
        sigaddset(&set, SIGHUP);
@@ -82,19 +108,32 @@ static void run()
        while (TRUE)
        {
                int sig;
-               int error;
 
-               error = sigwait(&set, &sig);
-               if (error)
+               sig = sigwaitinfo(&set, NULL);
+               if (sig == -1)
                {
-                       DBG1(DBG_DMN, "error %d while waiting for a signal", error);
+                       if (errno == EINTR)
+                       {       /* ignore signals we didn't wait for */
+                               continue;
+                       }
+                       DBG1(DBG_DMN, "waiting for signal failed: %s", strerror(errno));
                        return;
                }
                switch (sig)
                {
                        case SIGHUP:
                        {
-                               DBG1(DBG_DMN, "signal of type SIGHUP received. Ignored");
+                               DBG1(DBG_DMN, "signal of type SIGHUP received. Reloading "
+                                        "configuration");
+                               if (lib->settings->load_files(lib->settings, lib->conf, FALSE))
+                               {
+                                       charon->load_loggers(charon, levels, !use_syslog);
+                                       lib->plugins->reload(lib->plugins, NULL);
+                               }
+                               else
+                               {
+                                       DBG1(DBG_DMN, "reloading config failed, keeping old");
+                               }
                                break;
                        }
                        case SIGINT:
@@ -109,74 +148,29 @@ static void run()
                                charon->bus->alert(charon->bus, ALERT_SHUTDOWN_SIGNAL, sig);
                                return;
                        }
-                       default:
-                       {
-                               DBG1(DBG_DMN, "unknown signal %d received. Ignored", sig);
-                               break;
-                       }
                }
        }
 }
 
 /**
- * drop daemon capabilities
+ * lookup UID and GID
  */
-static bool drop_capabilities()
+static bool lookup_uid_gid()
 {
-#ifdef HAVE_PRCTL
-       prctl(PR_SET_KEEPCAPS, 1, 0, 0, 0);
-#endif
+       char *name;
 
-       if (setgid(charon->gid) != 0)
-       {
-               DBG1(DBG_DMN, "change to unprivileged group failed");
-               return FALSE;
-       }
-       if (setuid(charon->uid) != 0)
+       name = lib->settings->get_str(lib->settings, "charon.user", IPSEC_USER);
+       if (name && !lib->caps->resolve_uid(lib->caps, name))
        {
-               DBG1(DBG_DMN, "change to unprivileged user failed");
                return FALSE;
        }
-       if (!charon->drop_capabilities(charon))
+       name = lib->settings->get_str(lib->settings, "charon.group", IPSEC_GROUP);
+       if (name && !lib->caps->resolve_gid(lib->caps, name))
        {
-               DBG1(DBG_DMN, "unable to drop daemon capabilities");
                return FALSE;
        }
-       return TRUE;
-}
-
-/**
- * lookup UID and GID
- */
-static bool lookup_uid_gid()
-{
-#ifdef IPSEC_USER
-       {
-               char buf[1024];
-               struct passwd passwd, *pwp;
-
-               if (getpwnam_r(IPSEC_USER, &passwd, buf, sizeof(buf), &pwp) != 0 ||
-                       pwp == NULL)
-               {
-                       DBG1(DBG_DMN, "resolving user '"IPSEC_USER"' failed");
-                       return FALSE;
-               }
-               charon->uid = pwp->pw_uid;
-       }
-#endif
-#ifdef IPSEC_GROUP
-       {
-               char buf[1024];
-               struct group group, *grp;
-
-               if (getgrnam_r(IPSEC_GROUP, &group, buf, sizeof(buf), &grp) != 0 ||
-                       grp == NULL)
-               {
-                       DBG1(DBG_DMN, "resolving group '"IPSEC_GROUP"' failed");
-                       return FALSE;
-               }
-               charon->gid = grp->gr_gid;
-       }
+#ifdef ANDROID
+       lib->caps->set_uid(lib->caps, AID_VPN);
 #endif
        return TRUE;
 }
@@ -190,6 +184,7 @@ static void segv_handler(int signal)
 
        DBG1(DBG_DMN, "thread %u received %d", thread_current_id(), signal);
        backtrace = backtrace_create(2);
+       backtrace->log(backtrace, NULL, TRUE);
        backtrace->log(backtrace, stderr, TRUE);
        backtrace->destroy(backtrace);
 
@@ -203,22 +198,22 @@ static void segv_handler(int signal)
 static bool check_pidfile()
 {
        struct stat stb;
-       FILE *file;
 
        if (stat(PID_FILE, &stb) == 0)
        {
-               file = fopen(PID_FILE, "r");
-               if (file)
+               pidfile = fopen(PID_FILE, "r");
+               if (pidfile)
                {
                        char buf[64];
                        pid_t pid = 0;
 
                        memset(buf, 0, sizeof(buf));
-                       if (fread(buf, 1, sizeof(buf), file))
+                       if (fread(buf, 1, sizeof(buf), pidfile))
                        {
+                               buf[sizeof(buf) - 1] = '\0';
                                pid = atoi(buf);
                        }
-                       fclose(file);
+                       fclose(pidfile);
                        if (pid && kill(pid, 0) == 0)
                        {       /* such a process is running */
                                return TRUE;
@@ -229,17 +224,44 @@ static bool check_pidfile()
        }
 
        /* create new pidfile */
-       file = fopen(PID_FILE, "w");
-       if (file)
+       pidfile = fopen(PID_FILE, "w");
+       if (pidfile)
        {
-               fprintf(file, "%d\n", getpid());
-               ignore_result(fchown(fileno(file), charon->uid, charon->gid));
-               fclose(file);
+               int fd;
+
+               fd = fileno(pidfile);
+               if (fd == -1 || fcntl(fd, F_SETFD, FD_CLOEXEC) == -1)
+               {
+                       DBG1(DBG_LIB, "setting FD_CLOEXEC for '"PID_FILE"' failed: %s",
+                                strerror(errno));
+               }
+               ignore_result(fchown(fileno(pidfile),
+                                                        lib->caps->get_uid(lib->caps),
+                                                        lib->caps->get_gid(lib->caps)));
+               fprintf(pidfile, "%d\n", getpid());
+               fflush(pidfile);
        }
        return FALSE;
 }
 
 /**
+ * Delete/truncate the PID file
+ */
+static void unlink_pidfile()
+{
+       /* because unlinking the PID file may fail, we truncate it to ensure the
+        * daemon can be properly restarted.  one probable cause for this is the
+        * combination of not running as root and the effective user lacking
+        * permissions on the parent dir(s) of the PID file */
+       if (pidfile)
+       {
+               ignore_result(ftruncate(fileno(pidfile), 0));
+               fclose(pidfile);
+       }
+       unlink(PID_FILE);
+}
+
+/**
  * print command line usage and exit
  */
 static void usage(const char *msg)
@@ -253,7 +275,7 @@ static void usage(const char *msg)
                                        "         [--version]\n"
                                        "         [--use-syslog]\n"
                                        "         [--debug-<type> <level>]\n"
-                                       "           <type>:  log context type (dmn|mgr|ike|chd|job|cfg|knl|net|enc|lib)\n"
+                                       "           <type>:  log context type (dmn|mgr|ike|chd|job|cfg|knl|net|asn|enc|tnc|imc|imv|pts|tls|esp|lib)\n"
                                        "           <level>: log verbosity (-1 = silent, 0 = audit, 1 = control,\n"
                                        "                                    2 = controlmore, 3 = raw, 4 = private)\n"
                                        "\n"
@@ -266,15 +288,14 @@ static void usage(const char *msg)
 int main(int argc, char *argv[])
 {
        struct sigaction action;
-       bool use_syslog = FALSE;
-       level_t levels[DBG_MAX];
        int group, status = SS_RC_INITIALIZATION_FAILED;
+       struct utsname utsname;
 
        /* logging for library during initialization, as we have no bus yet */
        dbg = dbg_stderr;
 
        /* initialize library */
-       if (!library_init(NULL))
+       if (!library_init(NULL, "charon"))
        {
                library_deinit();
                exit(SS_RC_LIBSTRONGSWAN_INTEGRITY);
@@ -288,7 +309,7 @@ int main(int argc, char *argv[])
                exit(SS_RC_DAEMON_INTEGRITY);
        }
 
-       if (!libhydra_init("charon"))
+       if (!libhydra_init())
        {
                dbg_stderr(DBG_DMN, 1, "initialization failed - aborting charon");
                libhydra_deinit();
@@ -324,7 +345,14 @@ int main(int argc, char *argv[])
                        { "debug-cfg", required_argument, &group, DBG_CFG },
                        { "debug-knl", required_argument, &group, DBG_KNL },
                        { "debug-net", required_argument, &group, DBG_NET },
+                       { "debug-asn", required_argument, &group, DBG_ASN },
                        { "debug-enc", required_argument, &group, DBG_ENC },
+                       { "debug-tnc", required_argument, &group, DBG_TNC },
+                       { "debug-imc", required_argument, &group, DBG_IMC },
+                       { "debug-imv", required_argument, &group, DBG_IMV },
+                       { "debug-pts", required_argument, &group, DBG_PTS },
+                       { "debug-tls", required_argument, &group, DBG_TLS },
+                       { "debug-esp", required_argument, &group, DBG_ESP },
                        { "debug-lib", required_argument, &group, DBG_LIB },
                        { 0,0,0,0 }
                };
@@ -363,28 +391,46 @@ int main(int argc, char *argv[])
                goto deinit;
        }
 
+       charon->load_loggers(charon, levels, !use_syslog);
+
+       if (uname(&utsname) != 0)
+       {
+               memset(&utsname, 0, sizeof(utsname));
+       }
+       DBG1(DBG_DMN, "Starting IKE charon daemon (strongSwan "VERSION", %s %s, %s)",
+                 utsname.sysname, utsname.release, utsname.machine);
+       if (lib->integrity)
+       {
+               DBG1(DBG_DMN, "integrity tests enabled:");
+               DBG1(DBG_DMN, "lib    'libstrongswan': passed file and segment integrity tests");
+               DBG1(DBG_DMN, "lib    'libhydra': passed file and segment integrity tests");
+               DBG1(DBG_DMN, "lib    'libcharon': passed file and segment integrity tests");
+               DBG1(DBG_DMN, "daemon 'charon': passed file integrity test");
+       }
+
        /* initialize daemon */
-       if (!charon->initialize(charon, use_syslog, levels))
+       if (!charon->initialize(charon,
+                               lib->settings->get_str(lib->settings, "charon.load", PLUGINS)))
        {
                DBG1(DBG_DMN, "initialization failed - aborting charon");
                goto deinit;
        }
+       lib->plugins->status(lib->plugins, LEVEL_CTRL);
 
        if (check_pidfile())
        {
                DBG1(DBG_DMN, "charon already running (\""PID_FILE"\" exists)");
-               status = -1;
                goto deinit;
        }
 
-       if (!drop_capabilities())
+       if (!lib->caps->drop(lib->caps))
        {
                DBG1(DBG_DMN, "capability dropping failed - aborting charon");
                goto deinit;
        }
 
        /* add handler for SEGV and ILL,
-        * INT, TERM and HUP are handled by sigwait() in run() */
+        * INT, TERM and HUP are handled by sigwaitinfo() in run() */
        action.sa_handler = segv_handler;
        action.sa_flags = 0;
        sigemptyset(&action.sa_mask);
@@ -406,7 +452,7 @@ int main(int argc, char *argv[])
        run();
 
        /* normal termination, cleanup and exit */
-       unlink(PID_FILE);
+       unlink_pidfile();
        status = 0;
 
 deinit:
@@ -415,4 +461,3 @@ deinit:
        library_deinit();
        return status;
 }
-