stop strongswan if integrity check of libstrongswan or daemon fails
authorAndreas Steffen <andreas.steffen@strongswan.org>
Fri, 17 Jul 2009 18:33:19 +0000 (20:33 +0200)
committerAndreas Steffen <andreas.steffen@strongswan.org>
Fri, 17 Jul 2009 18:33:19 +0000 (20:33 +0200)
src/charon/daemon.c
src/libstrongswan/utils.h
src/pluto/plutomain.c
src/starter/invokecharon.c
src/starter/invokecharon.h
src/starter/invokepluto.c
src/starter/invokepluto.h
src/starter/starter.c

index 92dc88f..fe8f96f 100644 (file)
@@ -676,7 +676,7 @@ int main(int argc, char *argv[])
        if (!library_init(STRONGSWAN_CONF))
        {
                library_deinit();
-               exit(-1);
+               exit(SS_RC_LIBSTRONGSWAN_INTEGRITY);
        }
        
        if (lib->integrity &&
@@ -684,7 +684,7 @@ int main(int argc, char *argv[])
        {
                dbg_stderr(1, "integrity check of charon failed");
                library_deinit();
-               exit(-1);
+               exit(SS_RC_DAEMON_INTEGRITY);
        }
        
        lib->printf_hook->add_handler(lib->printf_hook, 'R',
index debd014..56f7b70 100644 (file)
 #include <enum.h>
 
 /**
+ * strongSwan program return codes
+ */
+#define SS_RC_LIBSTRONGSWAN_INTEGRITY  64
+#define SS_RC_DAEMON_INTEGRITY                 65
+
+/**
  * Number of bits in a byte
  */
 #define BITS_PER_BYTE 8
index e034967..6590caf 100644 (file)
@@ -263,14 +263,14 @@ int main(int argc, char **argv)
        if (!library_init(STRONGSWAN_CONF))
        {
                library_deinit();
-               abort();
+               exit(SS_RC_LIBSTRONGSWAN_INTEGRITY);
        }
        if (lib->integrity &&
                !lib->integrity->check_file(lib->integrity, "pluto", argv[0]))
        {
                fprintf(stderr, "integrity check of pluto failed\n");
                library_deinit();
-               abort();
+               exit(SS_RC_DAEMON_INTEGRITY);
        }
        options = options_create();
 
index 804467c..bd15ac1 100644 (file)
 static int _charon_pid = 0;
 static int _stop_requested;
 
-pid_t
-starter_charon_pid(void)
+pid_t starter_charon_pid(void)
 {
        return _charon_pid;
 }
 
-void
-starter_charon_sigchild(pid_t pid)
+void starter_charon_sigchild(pid_t pid, int status)
 {
-               if (pid == _charon_pid)
+       if (pid == _charon_pid)
        {
-                               _charon_pid = 0;
+               _charon_pid = 0;
+               if (status == SS_RC_LIBSTRONGSWAN_INTEGRITY ||
+                       status == SS_RC_DAEMON_INTEGRITY)
+               {
+                       plog("charon has quit: integrity test of %s failed",
+                                 (status == 64) ? "libstrongswan" : "charon");
+                       _stop_requested = 1;
+               }
                if (!_stop_requested)
                {
                        plog("charon has died -- restart scheduled (%dsec)"
@@ -58,8 +63,7 @@ starter_charon_sigchild(pid_t pid)
        }
 }
 
-int
-starter_stop_charon (void)
+int starter_stop_charon (void)
 {
        int i;
        pid_t pid = _charon_pid;
@@ -106,8 +110,7 @@ starter_stop_charon (void)
 }
 
 
-int
-starter_start_charon (starter_config_t *cfg, bool no_fork, bool attach_gdb)
+int starter_start_charon (starter_config_t *cfg, bool no_fork, bool attach_gdb)
 {
        struct stat stb;
        int pid, i;
index f0f470a..aaf913c 100644 (file)
@@ -20,7 +20,7 @@
 
 #define CHARON_RESTART_DELAY    5
 
-extern void starter_charon_sigchild (pid_t pid);
+extern void starter_charon_sigchild (pid_t pid, int status);
 extern pid_t starter_charon_pid (void);
 extern int starter_stop_charon (void);
 extern int starter_start_charon(struct starter_config *cfg, bool no_fork, bool attach_gdb);
index 28bd93c..5ca1b45 100644 (file)
@@ -42,11 +42,18 @@ starter_pluto_pid(void)
 }
 
 void
-starter_pluto_sigchild(pid_t pid)
+starter_pluto_sigchild(pid_t pid, int status)
 {
        if (pid == _pluto_pid)
        {
                _pluto_pid = 0;
+               if (status == SS_RC_LIBSTRONGSWAN_INTEGRITY ||
+                       status == SS_RC_DAEMON_INTEGRITY)
+               {
+                       plog("pluto has quit: integrity test of %s failed",
+                                 (status == 64) ? "libstrongswan" : "pluto");
+                       _stop_requested = 1;
+               }
                if (!_stop_requested)
                {
                        plog("pluto has died -- restart scheduled (%dsec)"
index b0c89b1..c87f50c 100644 (file)
@@ -17,7 +17,7 @@
 
 #define PLUTO_RESTART_DELAY    5
 
-extern void starter_pluto_sigchild (pid_t pid);
+extern void starter_pluto_sigchild (pid_t pid, int status);
 extern pid_t starter_pluto_pid (void);
 extern int starter_stop_pluto (void);
 extern int starter_start_pluto (struct starter_config *cfg, bool no_fork, bool attach_gdb);
index 24ce940..b642272 100644 (file)
 
 static unsigned int _action_ = 0;
 
-static void
-fsig(int signal)
+static void fsig(int signal)
 {
        switch (signal)
        {
                case SIGCHLD:
                {
-                       int status;
+                       int status, exit_status = 0;
                        pid_t pid;
                        char *name = NULL;
 
@@ -103,9 +102,15 @@ fsig(int signal)
                                }
                                else if (WIFEXITED(status))
                                {
+                                       exit_status =  WEXITSTATUS(status);
+                                       if (exit_status == SS_RC_LIBSTRONGSWAN_INTEGRITY ||
+                                               exit_status == SS_RC_DAEMON_INTEGRITY)
+                                       {
+                                               _action_ =  FLAG_ACTION_QUIT;
+                                       }
                                        DBG(DBG_CONTROL,
                                                DBG_log("child %d%s has quit (exit code %d)\n",
-                                                               pid, name?name:"", WEXITSTATUS(status))
+                                                               pid, name?name:"", exit_status)
                                           )
                                }
                                else
@@ -116,11 +121,11 @@ fsig(int signal)
                                }
                                if (pid == starter_pluto_pid())
                                {
-                                       starter_pluto_sigchild(pid);
+                                       starter_pluto_sigchild(pid, exit_status);
                                }
                                if (pid == starter_charon_pid())
                                {
-                                       starter_charon_sigchild(pid);
+                                       starter_charon_sigchild(pid, exit_status);
                                }
                        }
                }
@@ -212,8 +217,7 @@ static void generate_selfcert()
                }
 }
 
-static void
-usage(char *name)
+static void usage(char *name)
 {
        fprintf(stderr, "Usage: starter [--nofork] [--auto-update <sec>] "
                        "[--debug|--debug-more|--debug-all]\n");
@@ -408,9 +412,13 @@ int main (int argc, char **argv)
                if (_action_ & FLAG_ACTION_QUIT)
                {
                        if (starter_pluto_pid())
+                       {
                                starter_stop_pluto();
+                       }
                        if (starter_charon_pid())
+                       {
                                starter_stop_charon();
+                       }
                        starter_netkey_cleanup();
                        confread_free(cfg);
                        unlink(STARTER_PID_FILE);