]>
git.ipfire.org Git - thirdparty/strongswan.git/blob - src/starter/starter.c
1 /* strongSwan IPsec starter
2 * Copyright (C) 2001-2002 Mathieu Lafon - Arkoon Network Security
4 * This program is free software; you can redistribute it and/or modify it
5 * under the terms of the GNU General Public License as published by the
6 * Free Software Foundation; either version 2 of the License, or (at your
7 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 * This program is distributed in the hope that it will be useful, but
10 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
11 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
17 #include <sys/select.h>
18 #include <sys/types.h>
36 #include <utils/backtrace.h>
37 #include <threading/thread.h>
38 #include <utils/debug.h>
42 #include "starterstroke.h"
43 #include "invokecharon.h"
49 #define LOG_AUTHPRIV LOG_AUTH
52 #define CHARON_RESTART_DELAY 5
54 static const char* cmd_default
= IPSEC_DIR
"/charon";
55 static const char* pid_file_default
= IPSEC_PIDDIR
"/charon.pid";
56 static const char* starter_pid_file_default
= IPSEC_PIDDIR
"/starter.pid";
58 char *daemon_name
= NULL
;
60 char *pid_file
= NULL
;
61 char *starter_pid_file
= NULL
;
63 static char *config_file
= NULL
;
66 static bool log_to_stderr
= TRUE
;
67 static bool log_to_syslog
= TRUE
;
68 static level_t current_loglevel
= 1;
71 * logging function for scepclient
73 static void starter_dbg(debug_t group
, level_t level
, char *fmt
, ...)
76 char *current
= buffer
, *next
;
79 if (level
<= current_loglevel
)
84 vfprintf(stderr
, fmt
, args
);
86 fprintf(stderr
, "\n");
90 /* write in memory buffer first */
92 vsnprintf(buffer
, sizeof(buffer
), fmt
, args
);
95 /* do a syslog with every line */
98 next
= strchr(current
, '\n');
103 syslog(LOG_INFO
, "%s\n", current
);
111 * Initialize logging to stderr/syslog
113 static void init_log(const char *program
)
119 setbuf(stderr
, NULL
);
123 openlog(program
, LOG_CONS
| LOG_NDELAY
| LOG_PID
, LOG_AUTHPRIV
);
128 * Deinitialize logging to syslog
130 static void close_log()
139 * Return codes defined by Linux Standard Base Core Specification 3.1
140 * in section 20.2. Init Script Actions
142 #define LSB_RC_SUCCESS 0 /* success */
143 #define LSB_RC_FAILURE 1 /* generic or unspecified error */
144 #define LSB_RC_INVALID_ARGUMENT 2 /* invalid or excess argument(s) */
145 #define LSB_RC_NOT_IMPLEMENTED 3 /* unimplemented feature (reload) */
146 #define LSB_RC_NOT_ALLOWED 4 /* user had insufficient privilege */
147 #define LSB_RC_NOT_INSTALLED 5 /* program is not installed */
148 #define LSB_RC_NOT_CONFIGURED 6 /* program is not configured */
149 #define LSB_RC_NOT_RUNNING 7 /* program is not running */
151 #define FLAG_ACTION_START_PLUTO 0x01
152 #define FLAG_ACTION_UPDATE 0x02
153 #define FLAG_ACTION_RELOAD 0x04
154 #define FLAG_ACTION_QUIT 0x08
155 #define FLAG_ACTION_LISTEN 0x10
156 #define FLAG_ACTION_START_CHARON 0x20
158 static unsigned int _action_
= 0;
161 * Handle signals in the main thread
163 static void signal_handler(int signal
)
169 int status
, exit_status
= 0;
173 while ((pid
= waitpid(-1, &status
, WNOHANG
)) > 0)
175 if (pid
== starter_charon_pid())
177 if (asprintf(&name
, " (%s)", daemon_name
) < 0)
182 if (WIFSIGNALED(status
))
184 DBG2(DBG_APP
, "child %d%s has been killed by sig %d\n",
185 pid
, name
?name
:"", WTERMSIG(status
));
187 else if (WIFSTOPPED(status
))
189 DBG2(DBG_APP
, "child %d%s has been stopped by sig %d\n",
190 pid
, name
?name
:"", WSTOPSIG(status
));
192 else if (WIFEXITED(status
))
194 exit_status
= WEXITSTATUS(status
);
195 if (exit_status
>= SS_RC_FIRST
&& exit_status
<= SS_RC_LAST
)
197 _action_
= FLAG_ACTION_QUIT
;
199 DBG2(DBG_APP
, "child %d%s has quit (exit code %d)\n",
200 pid
, name
?name
:"", exit_status
);
204 DBG2(DBG_APP
, "child %d%s has quit", pid
, name
?name
:"");
206 if (pid
== starter_charon_pid())
208 starter_charon_sigchild(pid
, exit_status
);
220 _action_
|= FLAG_ACTION_START_CHARON
;
224 _action_
|= FLAG_ACTION_UPDATE
;
230 _action_
|= FLAG_ACTION_QUIT
;
234 _action_
|= FLAG_ACTION_RELOAD
;
235 _action_
|= FLAG_ACTION_UPDATE
;
239 DBG1(DBG_APP
, "fsig(): unknown signal %d -- investigate", signal
);
245 * Handle fatal signals raised by threads
247 static void fatal_signal_handler(int signal
)
249 backtrace_t
*backtrace
;
251 DBG1(DBG_APP
, "thread %u received %d", thread_current_id(), signal
);
252 backtrace
= backtrace_create(2);
253 backtrace
->log(backtrace
, stderr
, TRUE
);
254 backtrace
->destroy(backtrace
);
256 DBG1(DBG_APP
, "killing ourself, received critical signal");
260 static bool check_pid(char *pid_file
)
265 if (stat(pid_file
, &stb
) == 0)
267 pidfile
= fopen(pid_file
, "r");
272 memset(buf
, 0, sizeof(buf
));
273 if (fread(buf
, 1, sizeof(buf
), pidfile
))
275 buf
[sizeof(buf
) - 1] = '\0';
279 if (pid
&& pid
!= getpid() && kill(pid
, 0) == 0)
280 { /* such a process is running */
284 DBG1(DBG_APP
, "removing pidfile '%s', process not running", pid_file
);
290 /* Set daemon name and adjust command and pid filenames accordingly */
291 static bool set_daemon_name()
295 daemon_name
= "charon";
298 if (asprintf(&cmd
, IPSEC_DIR
"/%s", daemon_name
) < 0)
300 cmd
= (char*)cmd_default
;
303 if (asprintf(&pid_file
, IPSEC_PIDDIR
"/%s.pid", daemon_name
) < 0)
305 pid_file
= (char*)pid_file_default
;
308 if (asprintf(&starter_pid_file
, IPSEC_PIDDIR
"/starter.%s.pid",
311 starter_pid_file
= (char*)starter_pid_file_default
;
317 static void cleanup()
319 if (cmd
!= cmd_default
)
324 if (pid_file
!= pid_file_default
)
329 if (starter_pid_file
!= starter_pid_file_default
)
331 free(starter_pid_file
);
335 static void usage(char *name
)
337 fprintf(stderr
, "Usage: starter [--nofork] [--auto-update <sec>]\n"
338 " [--debug|--debug-more|--debug-all|--nolog]\n"
339 " [--attach-gdb] [--daemon <name>]\n"
340 " [--conf <path to ipsec.conf>]\n");
341 exit(LSB_RC_INVALID_ARGUMENT
);
344 int main (int argc
, char **argv
)
346 starter_config_t
*cfg
= NULL
;
347 starter_config_t
*new_cfg
;
348 starter_conn_t
*conn
, *conn2
;
349 starter_ca_t
*ca
, *ca2
;
351 struct sigaction action
;
357 unsigned long auto_update
= 0;
359 bool no_fork
= FALSE
;
360 bool attach_gdb
= FALSE
;
361 bool load_warning
= FALSE
;
362 bool conftest
= FALSE
;
364 library_init(NULL
, "starter");
365 atexit(library_deinit
);
367 /* parse command line */
368 for (i
= 1; i
< argc
; i
++)
370 if (streq(argv
[i
], "--debug"))
372 current_loglevel
= 2;
374 else if (streq(argv
[i
], "--debug-more"))
376 current_loglevel
= 3;
378 else if (streq(argv
[i
], "--debug-all"))
380 current_loglevel
= 4;
382 else if (streq(argv
[i
], "--nolog"))
384 current_loglevel
= 0;
386 else if (streq(argv
[i
], "--nofork"))
390 else if (streq(argv
[i
], "--attach-gdb"))
395 else if (streq(argv
[i
], "--auto-update") && i
+1 < argc
)
397 auto_update
= atoi(argv
[++i
]);
401 else if (streq(argv
[i
], "--daemon") && i
+1 < argc
)
403 daemon_name
= argv
[++i
];
405 else if (streq(argv
[i
], "--conf") && i
+1 < argc
)
407 config_file
= argv
[++i
];
409 else if (streq(argv
[i
], "--conftest"))
419 if (!set_daemon_name())
421 DBG1(DBG_APP
, "unable to set daemon name");
422 exit(LSB_RC_FAILURE
);
426 config_file
= lib
->settings
->get_str(lib
->settings
,
427 "starter.config_file", CONFIG_FILE
);
430 init_log("ipsec_starter");
434 int status
= LSB_RC_SUCCESS
;
436 cfg
= confread_load(config_file
);
437 if (cfg
== NULL
|| cfg
->err
> 0)
439 DBG1(DBG_APP
, "config invalid!");
440 status
= LSB_RC_INVALID_ARGUMENT
;
444 DBG1(DBG_APP
, "config OK");
454 if (stat(cmd
, &stb
) != 0)
456 DBG1(DBG_APP
, "IKE daemon '%s' not found", cmd
);
458 exit(LSB_RC_FAILURE
);
461 DBG1(DBG_APP
, "Starting %sSwan "VERSION
" IPsec [starter]...",
462 lib
->settings
->get_bool(lib
->settings
,
463 "charon.i_dont_care_about_security_and_use_aggressive_mode_psk",
464 FALSE
) ? "weak" : "strong");
470 if (lib
->settings
->get_bool(lib
->settings
, "starter.load_warning", load_warning
))
472 if (lib
->settings
->get_str(lib
->settings
, "charon.load", NULL
))
474 DBG1(DBG_APP
, "!! Your strongswan.conf contains manual plugin load options for charon.");
475 DBG1(DBG_APP
, "!! This is recommended for experts only, see");
476 DBG1(DBG_APP
, "!! http://wiki.strongswan.org/projects/strongswan/wiki/PluginLoad");
480 #ifndef STARTER_ALLOW_NON_ROOT
481 /* verify that we can start */
484 DBG1(DBG_APP
, "permission denied (must be superuser)");
486 exit(LSB_RC_NOT_ALLOWED
);
490 if (check_pid(pid_file
))
492 DBG1(DBG_APP
, "%s is already running (%s exists) -- skipping daemon start",
493 daemon_name
, pid_file
);
497 _action_
|= FLAG_ACTION_START_CHARON
;
499 if (stat(DEV_RANDOM
, &stb
) != 0)
501 DBG1(DBG_APP
, "unable to start strongSwan IPsec -- no %s!", DEV_RANDOM
);
503 exit(LSB_RC_FAILURE
);
506 if (stat(DEV_URANDOM
, &stb
)!= 0)
508 DBG1(DBG_APP
, "unable to start strongSwan IPsec -- no %s!", DEV_URANDOM
);
510 exit(LSB_RC_FAILURE
);
513 cfg
= confread_load(config_file
);
514 if (cfg
== NULL
|| cfg
->err
> 0)
516 DBG1(DBG_APP
, "unable to start strongSwan -- fatal errors in config");
522 exit(LSB_RC_INVALID_ARGUMENT
);
525 #ifndef SKIP_KERNEL_IPSEC_MODPROBES
526 /* determine if we have a native netkey IPsec stack */
527 if (!starter_netkey_init())
529 DBG1(DBG_APP
, "no netkey IPsec stack detected");
530 if (!starter_klips_init())
532 DBG1(DBG_APP
, "no KLIPS IPsec stack detected");
533 DBG1(DBG_APP
, "no known IPsec stack detected, ignoring!");
538 last_reload
= time_monotonic(NULL
);
540 if (check_pid(starter_pid_file
))
542 DBG1(DBG_APP
, "starter is already running (%s exists) -- no fork done",
546 exit(LSB_RC_SUCCESS
);
549 /* fork if we're not debugging stuff */
552 log_to_stderr
= FALSE
;
562 fnull
= open("/dev/null", O_RDWR
);
565 dup2(fnull
, STDIN_FILENO
);
566 dup2(fnull
, STDOUT_FILENO
);
567 dup2(fnull
, STDERR_FILENO
);
572 init_log("ipsec_starter");
576 DBG1(DBG_APP
, "can't fork: %s", strerror(errno
));
581 exit(LSB_RC_SUCCESS
);
585 /* save pid file in /var/run/starter[.daemon_name].pid */
587 FILE *fd
= fopen(starter_pid_file
, "w");
591 fprintf(fd
, "%u\n", getpid());
596 /* we handle these signals only in pselect() */
597 memset(&action
, 0, sizeof(action
));
598 sigemptyset(&action
.sa_mask
);
599 sigaddset(&action
.sa_mask
, SIGHUP
);
600 sigaddset(&action
.sa_mask
, SIGINT
);
601 sigaddset(&action
.sa_mask
, SIGTERM
);
602 sigaddset(&action
.sa_mask
, SIGQUIT
);
603 sigaddset(&action
.sa_mask
, SIGALRM
);
604 sigaddset(&action
.sa_mask
, SIGUSR1
);
605 pthread_sigmask(SIG_SETMASK
, &action
.sa_mask
, NULL
);
607 /* install a handler for fatal signals */
608 action
.sa_handler
= fatal_signal_handler
;
609 sigaction(SIGSEGV
, &action
, NULL
);
610 sigaction(SIGILL
, &action
, NULL
);
611 sigaction(SIGBUS
, &action
, NULL
);
612 action
.sa_handler
= SIG_IGN
;
613 sigaction(SIGPIPE
, &action
, NULL
);
615 /* install main signal handler */
616 action
.sa_handler
= signal_handler
;
617 sigaction(SIGHUP
, &action
, NULL
);
618 sigaction(SIGINT
, &action
, NULL
);
619 sigaction(SIGTERM
, &action
, NULL
);
620 sigaction(SIGQUIT
, &action
, NULL
);
621 sigaction(SIGALRM
, &action
, NULL
);
622 sigaction(SIGUSR1
, &action
, NULL
);
623 /* this is not blocked above as we want to receive it asynchronously */
624 sigaction(SIGCHLD
, &action
, NULL
);
626 /* empty mask for pselect() call below */
627 sigemptyset(&action
.sa_mask
);
632 * Stop charon (if started) and exit
634 if (_action_
& FLAG_ACTION_QUIT
)
636 if (starter_charon_pid())
638 starter_stop_charon();
641 unlink(starter_pid_file
);
643 DBG1(DBG_APP
, "ipsec starter stopped");
645 exit(LSB_RC_SUCCESS
);
649 * Delete all connections. Will be added below
651 if (_action_
& FLAG_ACTION_RELOAD
)
653 _action_
&= ~FLAG_ACTION_RELOAD
;
654 if (starter_charon_pid())
656 for (conn
= cfg
->conn_first
; conn
; conn
= conn
->next
)
658 if (conn
->state
== STATE_ADDED
)
660 if (starter_charon_pid())
662 if (conn
->startup
== STARTUP_ROUTE
)
664 starter_stroke_unroute_conn(conn
);
666 starter_stroke_del_conn(conn
);
668 conn
->state
= STATE_TO_ADD
;
671 for (ca
= cfg
->ca_first
; ca
; ca
= ca
->next
)
673 if (ca
->state
== STATE_ADDED
)
675 if (starter_charon_pid())
677 starter_stroke_del_ca(ca
);
679 ca
->state
= STATE_TO_ADD
;
686 * Update configuration
688 if (_action_
& FLAG_ACTION_UPDATE
)
690 _action_
&= ~FLAG_ACTION_UPDATE
;
691 DBG2(DBG_APP
, "Reloading config...");
692 new_cfg
= confread_load(config_file
);
694 if (new_cfg
&& (new_cfg
->err
== 0))
696 /* Switch to new config. New conn will be loaded below */
698 /* Look for new connections that are already loaded */
699 for (conn
= cfg
->conn_first
; conn
; conn
= conn
->next
)
701 if (conn
->state
== STATE_ADDED
)
703 for (conn2
= new_cfg
->conn_first
; conn2
; conn2
= conn2
->next
)
705 if (conn2
->state
== STATE_TO_ADD
&& starter_cmp_conn(conn
, conn2
))
707 conn
->state
= STATE_REPLACED
;
708 conn2
->state
= STATE_ADDED
;
709 conn2
->id
= conn
->id
;
716 /* Remove conn sections that have become unused */
717 for (conn
= cfg
->conn_first
; conn
; conn
= conn
->next
)
719 if (conn
->state
== STATE_ADDED
)
721 if (starter_charon_pid())
723 if (conn
->startup
== STARTUP_ROUTE
)
725 starter_stroke_unroute_conn(conn
);
727 starter_stroke_del_conn(conn
);
732 /* Look for new ca sections that are already loaded */
733 for (ca
= cfg
->ca_first
; ca
; ca
= ca
->next
)
735 if (ca
->state
== STATE_ADDED
)
737 for (ca2
= new_cfg
->ca_first
; ca2
; ca2
= ca2
->next
)
739 if (ca2
->state
== STATE_TO_ADD
&& starter_cmp_ca(ca
, ca2
))
741 ca
->state
= STATE_REPLACED
;
742 ca2
->state
= STATE_ADDED
;
749 /* Remove ca sections that have become unused */
750 for (ca
= cfg
->ca_first
; ca
; ca
= ca
->next
)
752 if (ca
->state
== STATE_ADDED
)
754 if (starter_charon_pid())
756 starter_stroke_del_ca(ca
);
765 DBG1(DBG_APP
, "can't reload config file due to errors -- keeping old one");
768 confread_free(new_cfg
);
771 last_reload
= time_monotonic(NULL
);
777 if (_action_
& FLAG_ACTION_START_CHARON
)
779 _action_
&= ~FLAG_ACTION_START_CHARON
;
780 if (!starter_charon_pid())
782 DBG2(DBG_APP
, "Attempting to start %s...", daemon_name
);
783 if (starter_start_charon(cfg
, no_fork
, attach_gdb
))
785 /* schedule next try */
786 alarm(CHARON_RESTART_DELAY
);
788 starter_stroke_configure(cfg
);
791 for (ca
= cfg
->ca_first
; ca
; ca
= ca
->next
)
793 if (ca
->state
== STATE_ADDED
)
795 ca
->state
= STATE_TO_ADD
;
799 for (conn
= cfg
->conn_first
; conn
; conn
= conn
->next
)
801 if (conn
->state
== STATE_ADDED
)
803 conn
->state
= STATE_TO_ADD
;
809 * Add stale conn and ca sections
811 if (starter_charon_pid())
813 for (ca
= cfg
->ca_first
; ca
; ca
= ca
->next
)
815 if (ca
->state
== STATE_TO_ADD
)
817 if (starter_charon_pid())
819 starter_stroke_add_ca(ca
);
821 ca
->state
= STATE_ADDED
;
825 for (conn
= cfg
->conn_first
; conn
; conn
= conn
->next
)
827 if (conn
->state
== STATE_TO_ADD
)
831 /* affect new unique id */
834 if (starter_charon_pid())
836 starter_stroke_add_conn(cfg
, conn
);
838 conn
->state
= STATE_ADDED
;
840 if (conn
->startup
== STARTUP_START
)
842 if (starter_charon_pid())
844 starter_stroke_initiate_conn(conn
);
847 else if (conn
->startup
== STARTUP_ROUTE
)
849 if (starter_charon_pid())
851 starter_stroke_route_conn(conn
);
859 * If auto_update activated, when to stop select
863 time_t now
= time_monotonic(NULL
);
865 ts
.tv_sec
= (now
< last_reload
+ auto_update
) ?
866 (last_reload
+ auto_update
- now
) : 0;
871 * Wait for something to happen
874 pselect(0, NULL
, NULL
, NULL
, auto_update
? &ts
: NULL
,
875 &action
.sa_mask
) == 0)
877 /* timeout -> auto_update */
878 _action_
|= FLAG_ACTION_UPDATE
;
881 exit(LSB_RC_SUCCESS
);