]>
Commit | Line | Data |
---|---|---|
52923c9a | 1 | diff -Naur strongswan-2.7.0/Makefile.inc strongswan-2.7.0-patched/Makefile.inc |
8cd73fe5 | 2 | --- strongswan-2.7.0/Makefile.inc 2006-01-25 18:23:15.000000000 +0100 |
52923c9a | 3 | +++ strongswan-2.7.0-patched/Makefile.inc 2006-04-28 08:56:38.000000000 +0200 |
8bc96e08 MW |
4 | @@ -84,6 +84,8 @@ |
5 | FINALLIBDIR=$(INC_USRLOCAL)/lib/ipsec | |
6 | LIBDIR=$(DESTDIR)$(FINALLIBDIR) | |
7 | ||
8 | +# sharedlibdir is where shared libraries go | |
9 | +SHAREDLIBDIR=$(DESTDIR)$(INC_USRLOCAL)/lib | |
10 | ||
11 | # where the appropriate manpage tree is located | |
12 | # location within INC_USRLOCAL | |
13 | @@ -284,6 +286,9 @@ | |
14 | # include PKCS11-based smartcard support | |
15 | USE_SMARTCARD?=false | |
16 | ||
17 | +# support IKEv2 via charon | |
18 | +USE_IKEV2?=true | |
19 | + | |
20 | # Default PKCS11 library | |
21 | # Uncomment this line if using OpenSC <= 0.9.6 | |
22 | PKCS11_DEFAULT_LIB=\"/usr/lib/pkcs11/opensc-pkcs11.so\" | |
52923c9a | 23 | diff -Naur strongswan-2.7.0/programs/Makefile strongswan-2.7.0-patched/programs/Makefile |
8cd73fe5 | 24 | --- strongswan-2.7.0/programs/Makefile 2006-04-17 13:04:45.000000000 +0200 |
52923c9a | 25 | +++ strongswan-2.7.0-patched/programs/Makefile 2006-04-28 08:56:38.000000000 +0200 |
8bc96e08 MW |
26 | @@ -32,6 +32,10 @@ |
27 | SUBDIRS+=showpolicy | |
28 | endif | |
29 | ||
30 | +ifeq ($(USE_IKEV2),true) | |
31 | +SUBDIRS+=charon | |
32 | +endif | |
33 | + | |
34 | def: | |
35 | @echo "Please read doc/intro.html or INSTALL before running make" | |
36 | @false | |
52923c9a | 37 | diff -Naur strongswan-2.7.0/programs/ipsec/ipsec.in strongswan-2.7.0-patched/programs/ipsec/ipsec.in |
8cd73fe5 | 38 | --- strongswan-2.7.0/programs/ipsec/ipsec.in 2006-03-09 21:09:33.000000000 +0100 |
52923c9a | 39 | +++ strongswan-2.7.0-patched/programs/ipsec/ipsec.in 2006-04-28 08:56:38.000000000 +0200 |
8cd73fe5 MW |
40 | @@ -26,6 +26,7 @@ |
41 | export IPSEC_DIR IPSEC_CONFS IPSEC_LIBDIR IPSEC_EXECDIR | |
42 | ||
43 | IPSEC_STARTER_PID="/var/run/starter.pid" | |
44 | +IPSEC_CHARON_PID="/var/run/charon.pid" | |
45 | ||
46 | # standardize PATH, and export it for everything else's benefit | |
47 | PATH="${IPSEC_SBINDIR}":/sbin:/usr/sbin:/usr/local/bin:/bin:/usr/bin | |
48 | @@ -123,6 +124,10 @@ | |
8bc96e08 MW |
49 | down) |
50 | shift | |
51 | $IPSEC_EXECDIR/whack --name "$1" --terminate | |
8cd73fe5 | 52 | + if test -e $IPSEC_CHARON_PID |
8bc96e08 MW |
53 | + then |
54 | + $IPSEC_EXECDIR/stroke down "$1" | |
55 | + fi | |
56 | exit 0 | |
57 | ;; | |
58 | listalgs|listpubkeys|listcerts|listcacerts|\ | |
8cd73fe5 | 59 | @@ -134,6 +139,10 @@ |
8bc96e08 MW |
60 | op="$1" |
61 | shift | |
62 | $IPSEC_EXECDIR/whack "$@" "--$op" | |
f1e87b90 | 63 | + if test -e $IPSEC_CHARON_PID |
8bc96e08 MW |
64 | + then |
65 | + $IPSEC_EXECDIR/stroke "$op" | |
66 | + fi | |
67 | exit 0 | |
68 | ;; | |
69 | ready) | |
8cd73fe5 | 70 | @@ -180,8 +189,16 @@ |
8bc96e08 MW |
71 | if test $# -eq 0 |
72 | then | |
73 | $IPSEC_EXECDIR/whack "--$op" | |
f1e87b90 | 74 | + if test -e $IPSEC_CHARON_PID |
8bc96e08 | 75 | + then |
f1e87b90 | 76 | + $IPSEC_EXECDIR/stroke "$op" |
8bc96e08 MW |
77 | + fi |
78 | else | |
79 | $IPSEC_EXECDIR/whack --name "$1" "--$op" | |
8cd73fe5 | 80 | + if test -e $IPSEC_CHARON_PID |
8bc96e08 | 81 | + then |
f1e87b90 | 82 | + $IPSEC_EXECDIR/stroke "$op" "$1" |
8bc96e08 MW |
83 | + fi |
84 | fi | |
85 | exit 0 | |
86 | ;; | |
8cd73fe5 | 87 | @@ -198,6 +215,10 @@ |
8bc96e08 MW |
88 | up) |
89 | shift | |
90 | $IPSEC_EXECDIR/whack --name "$1" --initiate | |
8cd73fe5 | 91 | + if test -e $IPSEC_CHARON_PID |
8bc96e08 MW |
92 | + then |
93 | + $IPSEC_EXECDIR/stroke up "$1" | |
94 | + fi | |
95 | exit 0 | |
96 | ;; | |
97 | update) | |
52923c9a | 98 | diff -Naur strongswan-2.7.0/programs/pluto/Makefile strongswan-2.7.0-patched/programs/pluto/Makefile |
8cd73fe5 | 99 | --- strongswan-2.7.0/programs/pluto/Makefile 2006-01-25 18:22:19.000000000 +0100 |
52923c9a | 100 | +++ strongswan-2.7.0-patched/programs/pluto/Makefile 2006-04-28 08:56:38.000000000 +0200 |
8bc96e08 MW |
101 | @@ -170,6 +170,11 @@ |
102 | LIBSPLUTO+= -ldl | |
103 | endif | |
104 | ||
105 | +# enable IKEv2 support | |
106 | +ifeq ($(USE_IKEV2),true) | |
107 | + DEFINES+= -DIKEV2 | |
108 | +endif | |
109 | + | |
110 | # This compile option activates the leak detective | |
111 | ifeq ($(USE_LEAK_DETECTIVE),true) | |
112 | DEFINES+= -DLEAK_DETECTIVE | |
52923c9a | 113 | diff -Naur strongswan-2.7.0/programs/pluto/demux.c strongswan-2.7.0-patched/programs/pluto/demux.c |
8cd73fe5 | 114 | --- strongswan-2.7.0/programs/pluto/demux.c 2005-02-18 22:08:59.000000000 +0100 |
52923c9a MW |
115 | +++ strongswan-2.7.0-patched/programs/pluto/demux.c 2006-04-28 08:56:13.000000000 +0200 |
116 | @@ -1196,6 +1196,21 @@ | |
117 | } | |
118 | #endif | |
119 | ||
120 | +#ifdef IKEV2 | |
121 | +#define IKEV2_VERSION_OFFSET 17 | |
122 | +#define IKEV2_VERSION 0x20 | |
123 | + | |
124 | + /* ignore IKEv2 packets - they will be handled by charon */ | |
125 | + if (pbs_room(&md->packet_pbs) > IKEV2_VERSION_OFFSET | |
126 | + && md->packet_pbs.start[IKEV2_VERSION_OFFSET] == IKEV2_VERSION) | |
127 | + { | |
128 | + DBG(DBG_CONTROLMORE, | |
129 | + DBG_log(" ignoring IKEv2 packet") | |
130 | + ) | |
131 | + return FALSE; | |
132 | + } | |
133 | +#endif /* IKEV2 */ | |
134 | + | |
135 | return TRUE; | |
136 | } | |
137 | ||
138 | @@ -1229,6 +1244,7 @@ | |
8bc96e08 MW |
139 | if (md->packet_pbs.roof - md->packet_pbs.cur >= (ptrdiff_t)isakmp_hdr_desc.size) |
140 | { | |
141 | struct isakmp_hdr *hdr = (struct isakmp_hdr *)md->packet_pbs.cur; | |
52923c9a | 142 | + |
8bc96e08 MW |
143 | if ((hdr->isa_version >> ISA_MAJ_SHIFT) != ISAKMP_MAJOR_VERSION) |
144 | { | |
145 | SEND_NOTIFICATION(INVALID_MAJOR_VERSION); | |
52923c9a | 146 | diff -Naur strongswan-2.7.0/programs/starter/Makefile strongswan-2.7.0-patched/programs/starter/Makefile |
8cd73fe5 | 147 | --- strongswan-2.7.0/programs/starter/Makefile 2006-02-17 20:34:02.000000000 +0100 |
52923c9a | 148 | +++ strongswan-2.7.0-patched/programs/starter/Makefile 2006-04-28 08:56:38.000000000 +0200 |
8bc96e08 MW |
149 | @@ -34,6 +34,11 @@ |
150 | DEFINES+= -DLEAK_DETECTIVE | |
151 | endif | |
152 | ||
153 | +# Enable charon support | |
154 | +ifeq ($(USE_IKEV2),true) | |
155 | + DEFINES+= -DIKEV2 | |
156 | +endif | |
157 | + | |
158 | INCLUDES=-I${FREESWANDIR}/linux/include | |
159 | CFLAGS=$(DEFINES) $(INCLUDES) -Wall | |
160 | CFLAGS+=-DIPSEC_EXECDIR=\"${FINALLIBEXECDIR}\" -DIPSEC_CONFDDIR=\"${FINALCONFDDIR}\" | |
161 | @@ -46,6 +51,11 @@ | |
162 | starterwhack.o klips.o netkey.o interfaces.o exec.o cmp.o confread.o \ | |
163 | loglite.o ${PLUTO_OBJS} | |
164 | ||
165 | +# Build charon-only objs | |
166 | +ifeq ($(USE_IKEV2),true) | |
167 | + OBJS+= invokecharon.o starterstroke.o | |
168 | +endif | |
169 | + | |
170 | DISTSRC=$(OBJS:.o=.c) | |
171 | DISTSRC+=cmp.h confread.h confwrite.h exec.h files.h interfaces.h klips.h netkey.h | |
172 | DISTSRC+=parser.h args.h invokepluto.h starterwhack.h keywords.h keywords.txt | |
52923c9a | 173 | diff -Naur strongswan-2.7.0/programs/starter/args.c strongswan-2.7.0-patched/programs/starter/args.c |
8cd73fe5 | 174 | --- strongswan-2.7.0/programs/starter/args.c 2006-04-17 12:32:36.000000000 +0200 |
52923c9a | 175 | +++ strongswan-2.7.0-patched/programs/starter/args.c 2006-04-28 08:56:38.000000000 +0200 |
8bc96e08 MW |
176 | @@ -86,6 +86,10 @@ |
177 | ||
178 | static const char *LST_keyexchange[] = { | |
179 | "ike", | |
180 | +#ifdef IKEV2 | |
181 | + "ikev1", | |
182 | + "ikev2", | |
183 | +#endif /* IKEV2 */ | |
184 | NULL | |
185 | }; | |
186 | ||
52923c9a | 187 | diff -Naur strongswan-2.7.0/programs/starter/files.h strongswan-2.7.0-patched/programs/starter/files.h |
8cd73fe5 | 188 | --- strongswan-2.7.0/programs/starter/files.h 2006-02-04 19:52:58.000000000 +0100 |
52923c9a | 189 | +++ strongswan-2.7.0-patched/programs/starter/files.h 2006-04-28 08:56:38.000000000 +0200 |
8bc96e08 MW |
190 | @@ -37,8 +37,15 @@ |
191 | #define SECRETS_FILE IPSEC_CONFDIR"/ipsec.secrets" | |
192 | ||
193 | #define PLUTO_CMD IPSEC_EXECDIR"/pluto" | |
194 | -#define CTL_FILE DEFAULT_CTLBASE CTL_SUFFIX | |
195 | -#define PID_FILE DEFAULT_CTLBASE PID_SUFFIX | |
196 | +#define PLUTO_CTL_FILE DEFAULT_CTLBASE CTL_SUFFIX | |
197 | +#define PLUTO_PID_FILE DEFAULT_CTLBASE PID_SUFFIX | |
198 | + | |
199 | +#ifdef IKEV2 | |
200 | +#define CHARON_CMD IPSEC_EXECDIR"/charon" | |
201 | +#define CHARON_BASE "/var/run/charon" | |
202 | +#define CHARON_CTL_FILE CHARON_BASE CTL_SUFFIX | |
203 | +#define CHARON_PID_FILE CHARON_BASE PID_SUFFIX | |
204 | +#endif /* IKEV2 */ | |
205 | ||
206 | #define DYNIP_DIR "/var/run/dynip" | |
207 | #define INFO_FILE "/var/run/ipsec.info" | |
52923c9a | 208 | diff -Naur strongswan-2.7.0/programs/starter/invokecharon.c strongswan-2.7.0-patched/programs/starter/invokecharon.c |
8cd73fe5 | 209 | --- strongswan-2.7.0/programs/starter/invokecharon.c 1970-01-01 01:00:00.000000000 +0100 |
52923c9a | 210 | +++ strongswan-2.7.0-patched/programs/starter/invokecharon.c 2006-04-28 08:56:38.000000000 +0200 |
8bc96e08 MW |
211 | @@ -0,0 +1,174 @@ |
212 | +/* strongSwan charon launcher | |
213 | + * Copyright (C) 2001-2002 Mathieu Lafon - Arkoon Network Security | |
214 | + * Copyright (C) 2006 Martin Willi - Hochschule fuer Technik Rapperswil | |
215 | + * | |
216 | + * Ported from invokepluto.c to fit charons needs. | |
217 | + * | |
218 | + * This program is free software; you can redistribute it and/or modify it | |
219 | + * under the terms of the GNU General Public License as published by the | |
220 | + * Free Software Foundation; either version 2 of the License, or (at your | |
221 | + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. | |
222 | + * | |
223 | + * This program is distributed in the hope that it will be useful, but | |
224 | + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
225 | + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License | |
226 | + * for more details. | |
227 | + * | |
228 | + * RCSID $Id: invokecharon.c $ | |
229 | + */ | |
230 | + | |
231 | +#include <sys/types.h> | |
232 | +#include <sys/stat.h> | |
233 | +#include <unistd.h> | |
234 | +#include <signal.h> | |
235 | +#include <string.h> | |
236 | +#include <stdlib.h> | |
237 | +#include <errno.h> | |
238 | + | |
239 | +#include <freeswan.h> | |
240 | + | |
241 | +#include "../pluto/constants.h" | |
242 | +#include "../pluto/defs.h" | |
243 | +#include "../pluto/log.h" | |
244 | + | |
245 | +#include "confread.h" | |
246 | +#include "invokecharon.h" | |
247 | +#include "files.h" | |
248 | + | |
249 | +static int _charon_pid = 0; | |
250 | +static int _stop_requested; | |
251 | + | |
252 | +pid_t | |
253 | +starter_charon_pid(void) | |
254 | +{ | |
255 | + return _charon_pid; | |
256 | +} | |
257 | + | |
258 | +void | |
259 | +starter_charon_sigchild(pid_t pid) | |
260 | +{ | |
261 | + if (pid == _charon_pid) | |
262 | + { | |
263 | + _charon_pid = 0; | |
264 | + if (!_stop_requested) | |
265 | + { | |
266 | + plog("charon has died -- restart scheduled (%dsec)" | |
267 | + , CHARON_RESTART_DELAY); | |
268 | + alarm(CHARON_RESTART_DELAY); // restart in 5 sec | |
269 | + } | |
270 | + unlink(CHARON_PID_FILE); | |
271 | + } | |
272 | +} | |
273 | + | |
274 | +int | |
275 | +starter_stop_charon (void) | |
276 | +{ | |
277 | + pid_t pid; | |
278 | + int i; | |
279 | + | |
280 | + pid = _charon_pid; | |
281 | + if (pid) | |
282 | + { | |
283 | + _stop_requested = 1; | |
284 | + | |
285 | + /* be more and more aggressive */ | |
286 | + for (i = 0; i < 20 && (pid = _charon_pid) != 0; i++) | |
287 | + { | |
288 | + if (i == 0) | |
289 | + kill(pid, SIGINT); | |
290 | + else if (i < 10) | |
291 | + kill(pid, SIGTERM); | |
292 | + else | |
293 | + kill(pid, SIGKILL); | |
294 | + usleep(20000); | |
295 | + } | |
296 | + if (_charon_pid == 0) | |
297 | + return 0; | |
298 | + plog("starter_stop_charon(): can't stop charon !!!"); | |
299 | + return -1; | |
300 | + } | |
301 | + else | |
302 | + { | |
303 | + plog("stater_stop_charon(): charon is not started..."); | |
304 | + } | |
305 | + return -1; | |
306 | +} | |
307 | + | |
308 | + | |
309 | +int | |
310 | +starter_start_charon (starter_config_t *cfg, bool debug) | |
311 | +{ | |
312 | + int pid, i; | |
313 | + struct stat stb; | |
314 | + int argc = 1; | |
315 | + char *arg[] = { | |
316 | + CHARON_CMD, NULL, NULL, | |
317 | + }; | |
318 | + | |
319 | + if (!debug) | |
320 | + { | |
321 | + arg[argc++] = "--use-syslog"; | |
322 | + } | |
323 | + | |
324 | + if (_charon_pid) | |
325 | + { | |
326 | + plog("starter_start_charon(): charon already started..."); | |
327 | + return -1; | |
328 | + } | |
329 | + else | |
330 | + { | |
331 | + unlink(CHARON_CTL_FILE); | |
332 | + _stop_requested = 0; | |
333 | + | |
334 | + pid = fork(); | |
335 | + switch (pid) | |
336 | + { | |
337 | + case -1: | |
338 | + plog("can't fork(): %s", strerror(errno)); | |
339 | + return -1; | |
340 | + case 0: | |
341 | + /* child */ | |
342 | + setsid(); | |
343 | + sigprocmask(SIG_SETMASK, 0, NULL); | |
344 | + execv(arg[0], arg); | |
345 | + plog("can't execv(%s,...): %s", arg[0], strerror(errno)); | |
346 | + exit(1); | |
347 | + default: | |
348 | + /* father */ | |
349 | + _charon_pid = pid; | |
350 | + for (i = 0; i < 50 && _charon_pid; i++) | |
351 | + { | |
352 | + /* wait for charon */ | |
353 | + usleep(20000); | |
354 | + if (stat(CHARON_PID_FILE, &stb) == 0) | |
355 | + { | |
356 | + DBG(DBG_CONTROL, | |
357 | + DBG_log("charon (%d) started", _charon_pid) | |
358 | + ) | |
359 | + return 0; | |
360 | + } | |
361 | + } | |
362 | + if (_charon_pid) | |
363 | + { | |
364 | + /* If charon is started but with no ctl file, stop it */ | |
365 | + plog("charon too long to start... - kill kill"); | |
366 | + for (i = 0; i < 20 && (pid = _charon_pid) != 0; i++) | |
367 | + { | |
368 | + if (i == 0) | |
369 | + kill(pid, SIGINT); | |
370 | + else if (i < 10) | |
371 | + kill(pid, SIGTERM); | |
372 | + else | |
373 | + kill(pid, SIGKILL); | |
374 | + usleep(20000); | |
375 | + } | |
376 | + } | |
377 | + else | |
378 | + { | |
379 | + plog("charon refused to be started"); | |
380 | + } | |
381 | + return -1; | |
382 | + } | |
383 | + } | |
384 | + return -1; | |
385 | +} | |
52923c9a | 386 | diff -Naur strongswan-2.7.0/programs/starter/invokecharon.h strongswan-2.7.0-patched/programs/starter/invokecharon.h |
8cd73fe5 | 387 | --- strongswan-2.7.0/programs/starter/invokecharon.h 1970-01-01 01:00:00.000000000 +0100 |
52923c9a | 388 | +++ strongswan-2.7.0-patched/programs/starter/invokecharon.h 2006-04-28 08:56:38.000000000 +0200 |
8bc96e08 MW |
389 | @@ -0,0 +1,31 @@ |
390 | +/* strongSwan charon launcher | |
391 | + * Copyright (C) 2001-2002 Mathieu Lafon - Arkoon Network Security | |
392 | + * Copyright (C) 2006 Martin Willi - Hochschule fuer Technik Rapperswil | |
393 | + * | |
394 | + * Ported from invokepluto.h to fit charons needs. | |
395 | + * | |
396 | + * This program is free software; you can redistribute it and/or modify it | |
397 | + * under the terms of the GNU General Public License as published by the | |
398 | + * Free Software Foundation; either version 2 of the License, or (at your | |
399 | + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. | |
400 | + * | |
401 | + * This program is distributed in the hope that it will be useful, but | |
402 | + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
403 | + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License | |
404 | + * for more details. | |
405 | + * | |
406 | + * RCSID $Id: invokecharon.h $ | |
407 | + */ | |
408 | + | |
409 | +#ifndef _STARTER_CHARON_H_ | |
410 | +#define _STARTER_CHARON_H_ | |
411 | + | |
412 | +#define CHARON_RESTART_DELAY 5 | |
413 | + | |
414 | +extern void starter_charon_sigchild (pid_t pid); | |
415 | +extern pid_t starter_charon_pid (void); | |
416 | +extern int starter_stop_charon (void); | |
417 | +extern int starter_start_charon(struct starter_config *cfg, bool debug); | |
418 | + | |
419 | +#endif /* _STARTER_CHARON_H_ */ | |
420 | + | |
52923c9a | 421 | diff -Naur strongswan-2.7.0/programs/starter/invokepluto.c strongswan-2.7.0-patched/programs/starter/invokepluto.c |
8cd73fe5 | 422 | --- strongswan-2.7.0/programs/starter/invokepluto.c 2006-02-17 22:41:50.000000000 +0100 |
52923c9a | 423 | +++ strongswan-2.7.0-patched/programs/starter/invokepluto.c 2006-04-28 08:56:38.000000000 +0200 |
8bc96e08 MW |
424 | @@ -54,7 +54,7 @@ |
425 | , PLUTO_RESTART_DELAY); | |
426 | alarm(PLUTO_RESTART_DELAY); // restart in 5 sec | |
427 | } | |
428 | - unlink(PID_FILE); | |
429 | + unlink(PLUTO_PID_FILE); | |
430 | } | |
431 | } | |
432 | ||
433 | @@ -203,7 +203,7 @@ | |
434 | } | |
435 | else | |
436 | { | |
437 | - unlink(CTL_FILE); | |
438 | + unlink(PLUTO_CTL_FILE); | |
439 | _stop_requested = 0; | |
440 | ||
441 | if (cfg->setup.prepluto) | |
442 | @@ -252,7 +252,7 @@ | |
443 | { | |
444 | /* wait for pluto */ | |
445 | usleep(20000); | |
446 | - if (stat(CTL_FILE, &stb) == 0) | |
447 | + if (stat(PLUTO_CTL_FILE, &stb) == 0) | |
448 | { | |
449 | DBG(DBG_CONTROL, | |
450 | DBG_log("pluto (%d) started", _pluto_pid) | |
52923c9a | 451 | diff -Naur strongswan-2.7.0/programs/starter/starter.c strongswan-2.7.0-patched/programs/starter/starter.c |
8cd73fe5 | 452 | --- strongswan-2.7.0/programs/starter/starter.c 2006-02-15 19:37:46.000000000 +0100 |
52923c9a | 453 | +++ strongswan-2.7.0-patched/programs/starter/starter.c 2006-04-28 08:56:38.000000000 +0200 |
8bc96e08 MW |
454 | @@ -37,6 +37,7 @@ |
455 | #include "files.h" | |
456 | #include "starterwhack.h" | |
457 | #include "invokepluto.h" | |
458 | +#include "invokecharon.h" | |
459 | #include "klips.h" | |
460 | #include "netkey.h" | |
461 | #include "cmp.h" | |
462 | @@ -47,6 +48,9 @@ | |
463 | #define FLAG_ACTION_RELOAD 0x04 | |
464 | #define FLAG_ACTION_QUIT 0x08 | |
465 | #define FLAG_ACTION_LISTEN 0x10 | |
466 | +#ifdef IKEV2 | |
467 | +#define FLAG_ACTION_START_CHARON 0x20 | |
468 | +#endif /* IKEV2 */ | |
469 | ||
470 | static unsigned int _action_ = 0; | |
471 | ||
472 | @@ -65,6 +69,10 @@ | |
473 | { | |
474 | if (pid == starter_pluto_pid()) | |
475 | name = " (Pluto)"; | |
476 | +#ifdef IKEV2 | |
477 | + if (pid == starter_charon_pid()) | |
478 | + name = " (Charon)"; | |
479 | +#endif /* IKEV2 */ | |
480 | if (WIFSIGNALED(status)) | |
481 | DBG(DBG_CONTROL, | |
482 | DBG_log("child %d%s has been killed by sig %d\n", | |
483 | @@ -87,6 +95,10 @@ | |
484 | ||
485 | if (pid == starter_pluto_pid()) | |
486 | starter_pluto_sigchild(pid); | |
487 | +#ifdef IKEV2 | |
488 | + if (pid == starter_charon_pid()) | |
489 | + starter_charon_sigchild(pid); | |
490 | +#endif /* IKEV2 */ | |
491 | } | |
492 | } | |
493 | break; | |
494 | @@ -97,6 +109,9 @@ | |
495 | ||
496 | case SIGALRM: | |
497 | _action_ |= FLAG_ACTION_START_PLUTO; | |
498 | +#ifdef IKEV2 | |
499 | + _action_ |= FLAG_ACTION_START_CHARON; | |
500 | +#endif /* IKEV2 */ | |
501 | break; | |
502 | ||
503 | case SIGHUP: | |
504 | @@ -193,6 +208,9 @@ | |
505 | signal(SIGQUIT, fsig); | |
506 | signal(SIGALRM, fsig); | |
507 | signal(SIGUSR1, fsig); | |
508 | + | |
509 | + | |
510 | + plog("Starting strongSwan IPsec %s [starter]...", ipsec_version_code()); | |
511 | ||
512 | /* verify that we can start */ | |
513 | if (getuid() != 0) | |
514 | @@ -201,12 +219,24 @@ | |
515 | exit(1); | |
516 | } | |
517 | ||
518 | - if (stat(PID_FILE, &stb) == 0) | |
519 | + if (stat(PLUTO_PID_FILE, &stb) == 0) | |
520 | { | |
521 | - plog("pluto is already running (%s exists) -- aborting", PID_FILE); | |
522 | - exit(1); | |
523 | + plog("pluto is already running (%s exists) -- skipping pluto start", PLUTO_PID_FILE); | |
524 | } | |
525 | - | |
526 | + else | |
527 | + { | |
528 | + _action_ |= FLAG_ACTION_START_PLUTO; | |
529 | + } | |
530 | +#ifdef IKEV2 | |
531 | + if (stat(CHARON_PID_FILE, &stb) == 0) | |
532 | + { | |
533 | + plog("charon is already running (%s exists) -- skipping charon start", CHARON_PID_FILE); | |
534 | + } | |
535 | + else | |
536 | + { | |
537 | + _action_ |= FLAG_ACTION_START_CHARON; | |
538 | + } | |
539 | +#endif /* IKEV2 */ | |
540 | if (stat(DEV_RANDOM, &stb) != 0) | |
541 | { | |
542 | plog("unable to start strongSwan IPsec -- no %s!", DEV_RANDOM); | |
543 | @@ -247,7 +277,11 @@ | |
544 | ||
545 | last_reload = time(NULL); | |
546 | ||
547 | - plog("Starting strongSwan IPsec %s [starter]...", ipsec_version_code()); | |
548 | + if (stat(MY_PID_FILE, &stb) == 0) | |
549 | + { | |
550 | + plog("starter is already running (%s exists) -- no fork done", MY_PID_FILE); | |
551 | + exit(0); | |
552 | + } | |
553 | ||
554 | /* fork if we're not debugging stuff */ | |
555 | if (!no_fork) | |
556 | @@ -296,17 +330,19 @@ | |
557 | , &cfg->defaultroute); | |
558 | } | |
559 | ||
560 | - _action_ = FLAG_ACTION_START_PLUTO; | |
561 | - | |
562 | for (;;) | |
563 | { | |
564 | /* | |
565 | - * Stop pluto (if started) and exit | |
566 | - */ | |
567 | + * Stop pluto/charon (if started) and exit | |
568 | + */ | |
569 | if (_action_ & FLAG_ACTION_QUIT) | |
570 | { | |
571 | if (starter_pluto_pid()) | |
572 | starter_stop_pluto(); | |
573 | +#ifdef IKEV2 | |
574 | + if (starter_charon_pid()) | |
575 | + starter_stop_charon(); | |
576 | +#endif IKEV2 | |
577 | if (has_netkey) | |
578 | starter_netkey_cleanup(); | |
579 | else | |
580 | @@ -337,6 +373,9 @@ | |
581 | if (conn->state == STATE_ADDED) | |
582 | { | |
583 | starter_whack_del_conn(conn); | |
584 | +#ifdef IKEV2 | |
585 | + starter_stroke_del_conn(conn); | |
586 | +#endif /* IKEV2 */ | |
587 | conn->state = STATE_TO_ADD; | |
588 | } | |
589 | } | |
590 | @@ -427,6 +466,9 @@ | |
591 | { | |
592 | if (conn->state == STATE_ADDED) | |
593 | starter_whack_del_conn(conn); | |
594 | +#ifdef IKEV2 | |
595 | + starter_stroke_del_conn(conn); | |
596 | +#endif /* IKEV2 */ | |
597 | } | |
598 | ||
599 | /* Look for new ca sections that are already loaded */ | |
600 | @@ -502,6 +544,27 @@ | |
601 | conn->state = STATE_TO_ADD; | |
602 | } | |
603 | } | |
604 | + | |
605 | +#ifdef IKEV2 | |
606 | + /* | |
607 | + * Start charon | |
608 | + */ | |
609 | + if (_action_ & FLAG_ACTION_START_CHARON) | |
610 | + { | |
611 | + if (starter_charon_pid() == 0) | |
612 | + { | |
613 | + DBG(DBG_CONTROL, | |
614 | + DBG_log("Attempting to start charon...") | |
615 | + ) | |
616 | + if (starter_start_charon(cfg, no_fork) != 0) | |
617 | + { | |
618 | + /* schedule next try */ | |
619 | + alarm(PLUTO_RESTART_DELAY); | |
620 | + } | |
621 | + } | |
622 | + _action_ &= ~FLAG_ACTION_START_CHARON; | |
623 | + } | |
624 | +#endif /* IKEV2 */ | |
625 | ||
626 | /* | |
627 | * Tell pluto to reread its interfaces | |
628 | @@ -536,11 +599,36 @@ | |
629 | conn->id = id++; | |
630 | } | |
631 | starter_whack_add_conn(conn); | |
632 | +#ifdef IKEV2 | |
633 | + starter_stroke_add_conn(conn); | |
634 | +#endif /* IKEV2 */ | |
635 | conn->state = STATE_ADDED; | |
636 | if (conn->startup == STARTUP_START) | |
637 | - starter_whack_initiate_conn(conn); | |
638 | + { | |
639 | +#ifdef IKEV2 | |
640 | + if (conn->keyexchange == 2) | |
641 | + { | |
642 | + starter_stroke_initiate_conn(conn); | |
643 | + } | |
644 | + else | |
645 | +#endif /* IKEV2 */ | |
646 | + { | |
647 | + starter_whack_initiate_conn(conn); | |
648 | + } | |
649 | + } | |
650 | else if (conn->startup == STARTUP_ROUTE) | |
651 | - starter_whack_route_conn(conn); | |
652 | + { | |
653 | +#ifdef IKEV2 | |
654 | + if (conn->keyexchange == 2) | |
655 | + { | |
656 | + starter_stroke_route_conn(conn); | |
657 | + } | |
658 | + else | |
659 | +#endif /* IKEV2 */ | |
660 | + { | |
661 | + starter_whack_route_conn(conn); | |
662 | + } | |
663 | + } | |
664 | } | |
665 | } | |
666 | } | |
52923c9a | 667 | diff -Naur strongswan-2.7.0/programs/starter/starterstroke.c strongswan-2.7.0-patched/programs/starter/starterstroke.c |
8cd73fe5 | 668 | --- strongswan-2.7.0/programs/starter/starterstroke.c 1970-01-01 01:00:00.000000000 +0100 |
52923c9a | 669 | +++ strongswan-2.7.0-patched/programs/starter/starterstroke.c 2006-04-28 08:56:38.000000000 +0200 |
8bc96e08 MW |
670 | @@ -0,0 +1,161 @@ |
671 | +/* Stroke for charon is the counterpart to whack from pluto | |
672 | + * Copyright (C) 2006 Martin Willi - Hochschule fuer Technik Rapperswil | |
673 | + * | |
674 | + * This program is free software; you can redistribute it and/or modify it | |
675 | + * under the terms of the GNU General Public License as published by the | |
676 | + * Free Software Foundation; either version 2 of the License, or (at your | |
677 | + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. | |
678 | + * | |
679 | + * This program is distributed in the hope that it will be useful, but | |
680 | + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
681 | + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License | |
682 | + * for more details. | |
683 | + * | |
684 | + * RCSID $Id: starterstroke.c $ | |
685 | + */ | |
686 | + | |
687 | +#include <sys/types.h> | |
688 | +#include <sys/socket.h> | |
689 | +#include <sys/un.h> | |
690 | +#include <linux/stddef.h> | |
691 | +#include <unistd.h> | |
692 | +#include <stdlib.h> | |
693 | +#include <errno.h> | |
694 | +#include <netinet/in.h> | |
695 | +#include <arpa/inet.h> | |
696 | + | |
697 | +#include <freeswan.h> | |
698 | + | |
699 | +#include "../pluto/constants.h" | |
700 | +#include "../pluto/defs.h" | |
701 | +#include "../pluto/log.h" | |
702 | + | |
703 | +#include "../charon/stroke/stroke.h" | |
704 | + | |
705 | +#include "starterstroke.h" | |
706 | +#include "confread.h" | |
707 | +#include "files.h" | |
708 | + | |
709 | +static char* push_string(stroke_msg_t **strm, char *string) | |
710 | +{ | |
711 | + stroke_msg_t *stroke_msg; | |
712 | + size_t string_length; | |
713 | + | |
714 | + if (string == NULL) | |
715 | + { | |
716 | + return NULL; | |
717 | + } | |
718 | + stroke_msg = *strm; | |
719 | + string_length = strlen(string) + 1; | |
720 | + stroke_msg->length += string_length; | |
721 | + | |
722 | + stroke_msg = realloc(stroke_msg, stroke_msg->length); | |
723 | + strcpy((char*)stroke_msg + stroke_msg->length - string_length, string); | |
724 | + | |
725 | + *strm = stroke_msg; | |
726 | + return (char*)(u_int)stroke_msg->length - string_length; | |
727 | +} | |
728 | + | |
729 | +static int | |
730 | +send_stroke_msg (stroke_msg_t *msg) | |
731 | +{ | |
732 | + struct sockaddr_un ctl_addr = { AF_UNIX, CHARON_CTL_FILE }; | |
733 | + int sock; | |
734 | + | |
735 | + sock = socket(AF_UNIX, SOCK_STREAM, 0); | |
736 | + if (sock < 0) | |
737 | + { | |
738 | + plog("socket() failed: %s", strerror(errno)); | |
739 | + return -1; | |
740 | + } | |
741 | + if (connect(sock, (struct sockaddr *)&ctl_addr, | |
742 | + offsetof(struct sockaddr_un, sun_path) + strlen(ctl_addr.sun_path)) < 0) | |
743 | + { | |
744 | + plog("connect(charon_ctl) failed: %s", strerror(errno)); | |
745 | + close(sock); | |
746 | + return -1; | |
747 | + } | |
748 | + | |
749 | + /* send message */ | |
750 | + if (write(sock, msg, msg->length) != msg->length) | |
751 | + { | |
752 | + plog("write(charon_ctl) failed: %s", strerror(errno)); | |
753 | + close(sock); | |
754 | + return -1; | |
755 | + } | |
756 | + | |
757 | + close(sock); | |
758 | + return 0; | |
759 | +} | |
760 | + | |
761 | +static char * | |
762 | +connection_name(starter_conn_t *conn) | |
763 | +{ | |
764 | + /* if connection name is '%auto', create a new name like conn_xxxxx */ | |
765 | + static char buf[32]; | |
766 | + | |
767 | + if (streq(conn->name, "%auto")) | |
768 | + { | |
769 | + sprintf(buf, "conn_%ld", conn->id); | |
770 | + return buf; | |
771 | + } | |
772 | + return conn->name; | |
773 | +} | |
774 | + | |
775 | + | |
776 | +int starter_stroke_add_conn(starter_conn_t *conn) | |
777 | +{ | |
778 | + stroke_msg_t *msg = malloc(sizeof(stroke_msg_t)); | |
779 | + int res; | |
780 | + | |
781 | + msg->length = sizeof(stroke_msg_t); | |
782 | + msg->type = STR_ADD_CONN; | |
783 | + | |
784 | + msg->add_conn.name = push_string(&msg, connection_name(conn)); | |
785 | + | |
786 | + msg->add_conn.me.id = push_string(&msg, conn->left.id); | |
787 | + msg->add_conn.me.cert = push_string(&msg, conn->left.cert); | |
788 | + msg->add_conn.me.address = push_string(&msg, inet_ntoa(conn->left.addr.u.v4.sin_addr)); | |
789 | + msg->add_conn.me.subnet = push_string(&msg, inet_ntoa(conn->left.subnet.addr.u.v4.sin_addr)); | |
790 | + msg->add_conn.me.subnet_mask = conn->left.subnet.maskbits; | |
791 | + | |
792 | + msg->add_conn.other.id = push_string(&msg, conn->right.id); | |
793 | + msg->add_conn.other.cert = push_string(&msg, conn->right.cert); | |
794 | + msg->add_conn.other.address = push_string(&msg, inet_ntoa(conn->right.addr.u.v4.sin_addr)); | |
795 | + msg->add_conn.other.subnet = push_string(&msg, inet_ntoa(conn->right.subnet.addr.u.v4.sin_addr)); | |
796 | + msg->add_conn.other.subnet_mask = conn->right.subnet.maskbits; | |
797 | + | |
798 | + res = send_stroke_msg(msg); | |
799 | + free(msg); | |
800 | + return res; | |
801 | +} | |
802 | + | |
803 | +int starter_stroke_del_conn(starter_conn_t *conn) | |
804 | +{ | |
805 | + return 0; | |
806 | +} | |
807 | +int starter_stroke_route_conn(starter_conn_t *conn) | |
808 | +{ | |
809 | + stroke_msg_t *msg = malloc(sizeof(stroke_msg_t)); | |
810 | + int res; | |
811 | + | |
812 | + msg->length = sizeof(stroke_msg_t); | |
813 | + msg->type = STR_INSTALL; | |
814 | + msg->install.name = push_string(&msg, connection_name(conn)); | |
815 | + res = send_stroke_msg(msg); | |
816 | + free(msg); | |
817 | + return res; | |
818 | +} | |
819 | + | |
820 | +int starter_stroke_initiate_conn(starter_conn_t *conn) | |
821 | +{ | |
822 | + stroke_msg_t *msg = malloc(sizeof(stroke_msg_t)); | |
823 | + int res; | |
824 | + | |
825 | + msg->length = sizeof(stroke_msg_t); | |
826 | + msg->type = STR_INITIATE; | |
827 | + msg->initiate.name = push_string(&msg, connection_name(conn)); | |
828 | + res = send_stroke_msg(msg); | |
829 | + free(msg); | |
830 | + return res; | |
831 | +} | |
52923c9a | 832 | diff -Naur strongswan-2.7.0/programs/starter/starterstroke.h strongswan-2.7.0-patched/programs/starter/starterstroke.h |
8cd73fe5 | 833 | --- strongswan-2.7.0/programs/starter/starterstroke.h 1970-01-01 01:00:00.000000000 +0100 |
52923c9a | 834 | +++ strongswan-2.7.0-patched/programs/starter/starterstroke.h 2006-04-28 08:56:38.000000000 +0200 |
8bc96e08 MW |
835 | @@ -0,0 +1,27 @@ |
836 | +/* Stroke for charon is the counterpart to whack from pluto | |
837 | + * Copyright (C) 2006 Martin Willi - Hochschule fuer Technik Rapperswil | |
838 | + * | |
839 | + * This program is free software; you can redistribute it and/or modify it | |
840 | + * under the terms of the GNU General Public License as published by the | |
841 | + * Free Software Foundation; either version 2 of the License, or (at your | |
842 | + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. | |
843 | + * | |
844 | + * This program is distributed in the hope that it will be useful, but | |
845 | + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
846 | + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License | |
847 | + * for more details. | |
848 | + * | |
849 | + * RCSID $Id: starterstroke.h $ | |
850 | + */ | |
851 | + | |
852 | +#ifndef _STARTER_STROKE_H_ | |
853 | +#define _STARTER_STROKE_H_ | |
854 | + | |
855 | +#include "confread.h" | |
856 | + | |
857 | +extern int starter_stroke_add_conn(starter_conn_t *conn); | |
858 | +extern int starter_stroke_del_conn(starter_conn_t *conn); | |
859 | +extern int starter_stroke_route_conn(starter_conn_t *conn); | |
860 | +extern int starter_stroke_initiate_conn(starter_conn_t *conn); | |
861 | + | |
862 | +#endif /* _STARTER_STROKE_H_ */ | |
52923c9a | 863 | diff -Naur strongswan-2.7.0/programs/starter/starterwhack.c strongswan-2.7.0-patched/programs/starter/starterwhack.c |
8cd73fe5 | 864 | --- strongswan-2.7.0/programs/starter/starterwhack.c 2006-04-17 12:32:36.000000000 +0200 |
52923c9a | 865 | +++ strongswan-2.7.0-patched/programs/starter/starterwhack.c 2006-04-28 08:56:38.000000000 +0200 |
8bc96e08 MW |
866 | @@ -54,7 +54,7 @@ |
867 | static int | |
868 | send_whack_msg (whack_message_t *msg) | |
869 | { | |
870 | - struct sockaddr_un ctl_addr = { AF_UNIX, CTL_FILE }; | |
871 | + struct sockaddr_un ctl_addr = { AF_UNIX, PLUTO_CTL_FILE }; | |
872 | int sock; | |
873 | ssize_t len; | |
874 | char *str_next, *str_roof; |