[apple/ipsec.git] / ipsec-tools / racoon / main.c

/* $Id: main.c,v 1.14.2.3 2005/11/06 17:18:26 monas Exp $ */

/*
 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
 * All rights reserved.
 * 
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. Neither the name of the project nor the names of its contributors
 *    may be used to endorse or promote products derived from this software
 *    without specific prior written permission.
 * 
 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 */

#include "config.h"

#include <sys/types.h>
#include <sys/param.h>
#include <sys/socket.h>
#include <sys/stat.h>
#include <sys/sysctl.h>

#include <netinet/in.h>

#include <stdlib.h>
#include <stdio.h>
#include <string.h>
#include <errno.h>
#include <limits.h>
#ifdef HAVE_UNISTD_H
#include <unistd.h>
#endif
#include <paths.h>
#include <err.h>

/*
 * If we're using a debugging malloc library, this may define our
 * wrapper stubs.
 */
#define	RACOON_MAIN_PROGRAM
#include "gcmalloc.h"

#include "var.h"
#include "misc.h"
#include "vmbuf.h"
#include "plog.h"
#include "debug.h"

#include "cfparse_proto.h"
#include "isakmp_var.h"
#ifdef HAVE_LIBRADIUS
#include "isakmp.h"
#include "isakmp_xauth.h"
#endif
#include "remoteconf.h"
#include "localconf.h"
#include "session.h"
#include "oakley.h"
#include "pfkey.h"
#include "crypto_openssl.h"
#include "backupsa.h"
#include "vendorid.h"

//#include "package_version.h"

int f_local = 0;	/* local test mode.  behave like a wall. */
int vflag = 1;		/* for print-isakmp.c */
static int loading_sa = 0;	/* install sa when racoon boots up. */
static int dump_config = 0;	/* dump parsed config file. */
static int exec_done = 0;	/* we've already been exec'd */

#ifdef TOP_PACKAGE
static char version[] = "@(#)" TOP_PACKAGE_STRING " (" TOP_PACKAGE_URL ")";
#else /* TOP_PACKAGE */
static char version[] = "@(#) racoon / IPsec-tools";
#endif /* TOP_PACKAGE */

int main __P((int, char **));
static void usage __P((void));
static void parse __P((int, char **));
static void restore_params __P((void));
static void save_params __P((void));
static void saverestore_params __P((int));
static void cleanup_pidfile __P((void));

pid_t racoon_pid = 0;
int print_pid = 1;	/* for racoon only */

void
usage()
{
	printf("usage: racoon [-BdFve%s] %s[-f (file)] [-l (file)] [-p (port)]\n",
#ifdef INET6
		"46",
#else
		"",
#endif
#ifdef ENABLE_ADMINPORT
		"[-a (port)] "
#else
		""
#endif
		);
	printf("   -B: install SA to the kernel from the file "
		"specified by the configuration file.\n");
	printf("   -d: debug level, more -d will generate more debug message.\n");
	printf("   -C: dump parsed config file.\n");
	printf("   -L: include location in debug messages\n");
	printf("   -F: run in foreground, do not become daemon.\n");
	printf("   -v: be more verbose\n");
	printf("   -e: enable auto exit\n");
#ifdef INET6
	printf("   -4: IPv4 mode.\n");
	printf("   -6: IPv6 mode.\n");
#endif
#ifdef ENABLE_ADMINPORT
	printf("   -a: port number for admin port.\n");
#endif
	printf("   -f: pathname for configuration file.\n");
	printf("   -l: pathname for log file.\n");
	printf("   -p: port number for isakmp (default: %d).\n", PORT_ISAKMP);
	printf("   -P: port number for NAT-T (default: %d).\n", PORT_ISAKMP_NATT);
	exit(1);
}

int
main(ac, av)
	int ac;
	char **av;
{
	int error;

	if (geteuid() != 0) {
		errx(1, "must be root to invoke this program.");
		/* NOTREACHED*/
	}

	/*
	 * Don't let anyone read files I write.  Although some files (such as
	 * the PID file) can be other readable, we dare to use the global mask,
	 * because racoon uses fopen(3), which can't specify the permission
	 * at the creation time.
	 */
	umask(077);
	if (umask(077) != 077) {
		errx(1, "could not set umask");
		/* NOTREACHED*/
	}

#ifdef DEBUG_RECORD_MALLOCATION
	DRM_init();
#endif

	eay_init();
	initlcconf();
	initrmconf();
	oakley_dhinit();
	compute_vendorids();

	parse(ac, av);
	if (lcconf->logfile_param)
		plogset(lcconf->logfile_param);
	ploginit();

	plog(LLV_INFO, LOCATION, NULL, "***** racoon started: pid=%d  started by: %d\n", getpid(), getppid());
	plog(LLV_INFO, LOCATION, NULL, "%s\n", version);
	plog(LLV_INFO, LOCATION, NULL, "@(#)"
	    "This product linked %s (http://www.openssl.org/)"
	    "\n", eay_version());

	if (pfkey_init() < 0) {
		errx(1, "something error happened "
			"while pfkey initializing.");
		/* NOTREACHED*/
	}

	/*
	 * in order to prefer the parameters by command line,
	 * saving some parameters before parsing configuration file.
	 */
	save_params();
	error = cfparse();
	if (error != 0)
		errx(1, "failed to parse configuration file.");
	restore_params();
	if (lcconf->logfile_param == NULL)
		plogreset(lcconf->pathinfo[LC_PATHTYPE_LOGFILE]);
		
#ifdef ENABLE_NATT
	/* Tell the kernel which port to use for UDP encapsulation */
	{
		int udp_port = PORT_ISAKMP_NATT;
		if (sysctlbyname("net.inet.ipsec.esp_port", NULL, NULL, &udp_port, sizeof(udp_port)) != 0)
			errx(1, "couldn't set net.inet.ipsec.esp_port to %d. (%s)",
				udp_port, strerror(errno));
	}
#endif

#ifdef HAVE_LIBRADIUS
	if (xauth_radius_init() != 0) {
		errx(1, "could not initialize libradius");
		/* NOTREACHED*/
	}
#endif

	if (dump_config)
		dumprmconf ();

	/*
	 * install SAs from the specified file.  If the file is not specified
	 * by the configuration file, racoon will exit.
	 */
	if (loading_sa && !f_local) {
		if (backupsa_from_file() != 0)
			errx(1, "something error happened "
				"SA recovering.");
	}

	if (f_foreground)
		close(0);
	else if (exec_done) {
		if (atexit(cleanup_pidfile) < 0) {
			plog(LLV_ERROR, LOCATION, NULL,
				"cannot register pidfile cleanup");
		}
	} else {
		#define MAX_EXEC_ARGS 32
		
		char *args[MAX_EXEC_ARGS + 1];
		char *env[1] = {0};	
		int	i;
		
		if (ac > MAX_EXEC_ARGS) {
			plog(LLV_ERROR, LOCATION, NULL,
				"too many arguments.\n");
			exit(1);
		}
		
		if (daemon(0, 0) < 0) {
			errx(1, "failed to be daemon. (%s)",
				strerror(errno));
		}
		
		/* Radar 5129006 - Prevent non-root user from killing racoon
		 * when launched by setuid process
		 */
		if (setuid(0)) {
			plog(LLV_ERROR, LOCATION, NULL,
				"cannot set uid.\n");
			exit(1);
		}
		if (setgid(0)) {
			plog(LLV_ERROR, LOCATION, NULL,
				"cannot set gid.\n");
			exit(1);
		}
		
		/* setup args to re-exec - for CoreFoundation issues */
		args[0] = PATHRACOON;	
		for (i = 1; i < ac; i++)
			args[i] = *(av + i);
		args[ac] = "-x";		/* tells racoon its been exec'd */
		args[ac+1] = 0;
		
		execve(PATHRACOON, args, env);
		plog(LLV_ERROR, LOCATION, NULL,
				"failed to exec racoon. (%s)", strerror(errno));
		exit(1);
	}

	session();
	
	exit(0);
}


static void
cleanup_pidfile()
{
	char pid_file[MAXPATHLEN];
	pid_t p = getpid();

	/* if it's not child process, clean everything */
	if (racoon_pid == p) {
		if (lcconf->pathinfo[LC_PATHTYPE_PIDFILE] == NULL) 
			strlcpy(pid_file, _PATH_VARRUN "racoon.pid", MAXPATHLEN);
		else if (lcconf->pathinfo[LC_PATHTYPE_PIDFILE][0] == '/') 
			strlcpy(pid_file, lcconf->pathinfo[LC_PATHTYPE_PIDFILE], MAXPATHLEN);
		else {
			strlcat(pid_file, _PATH_VARRUN, MAXPATHLEN);
			strlcat(pid_file, lcconf->pathinfo[LC_PATHTYPE_PIDFILE], MAXPATHLEN);
		}
		(void) unlink(pid_file);
	}
}


static void
parse(ac, av)
	int ac;
	char **av;
{
	extern char *optarg;
	extern int optind;
	int c;
#ifdef YYDEBUG
	extern int yydebug;
#endif

	pname = strrchr(*av, '/');
	if (pname)
		pname++;
	else
		pname = *av;

#if 0	/* for debugging */
	loglevel += 2;
	plogset("/tmp/racoon.log");
#endif

	while ((c = getopt(ac, av, "dLFp:P:a:f:l:veZBCx"
#ifdef YYDEBUG
			"y"
#endif
#ifdef INET6
			"46"
#endif
			)) != -1) {
		switch (c) {
		case 'd':
			loglevel++;
			break;
		case 'L':
			print_location = 1;
			break;
		case 'F':
			printf("Foreground mode.\n");
			f_foreground = 1;
			break;
		case 'p':
			lcconf->port_isakmp = atoi(optarg);
			break;
		case 'P':
			lcconf->port_isakmp_natt = atoi(optarg);
			break;
		case 'a':
#ifdef ENABLE_ADMINPORT
			lcconf->port_admin = atoi(optarg);
			break;
#else
			fprintf(stderr, "%s: the option is disabled "
			    "in the configuration\n", pname);
			exit(1);
#endif
		case 'f':
			lcconf->racoon_conf = optarg;
			break;
		case 'l':
			lcconf->logfile_param = optarg;
			break;
		case 'v':
			vflag++;
			break;
		case 'e':
			lcconf->auto_exit_state |= LC_AUTOEXITSTATE_CLIENT;
			break;
		case 'x':
			exec_done = 1;
			break;
		case 'Z':
			/*
			 * only local test.
			 * To specify -Z option and to choice a appropriate
			 * port number for ISAKMP, you can launch some racoons
			 * on the local host for debug.
			 * pk_sendadd() on initiator side is always failed
			 * even if this flag is used.  Because there is same
			 * spi in the SAD which is inserted by pk_sendgetspi()
			 * on responder side.
			 */
			printf("Local test mode.\n");
			f_local = 1;
			break;
#ifdef YYDEBUG
		case 'y':
			yydebug = 1;
			break;
#endif
#ifdef INET6
		case '4':
			lcconf->default_af = AF_INET;
			break;
		case '6':
			lcconf->default_af = AF_INET6;
			break;
#endif
		case 'B':
			loading_sa++;
			break;
		case 'C':
			dump_config++;
			break;
		default:
			usage();
			/* NOTREACHED */
		}
	}
	ac -= optind;
	av += optind;

	if (ac != 0) {
		usage();
		/* NOTREACHED */
	}

	return;
}

static void
restore_params()
{
	saverestore_params(1);
}

static void
save_params()
{
	saverestore_params(0);
}

static void
saverestore_params(f)
	int f;
{
	static u_int16_t s_port_isakmp;
#ifdef ENABLE_ADMINPORT
	static u_int16_t s_port_admin;
#endif

	/* 0: save, 1: restore */
	if (f) {
		lcconf->port_isakmp = s_port_isakmp;
#ifdef ENABLE_ADMINPORT
		lcconf->port_admin = s_port_admin;
#endif
	} else {
		s_port_isakmp = lcconf->port_isakmp;
#ifdef ENABLE_ADMINPORT
		s_port_admin = lcconf->port_admin;
#endif
	}
}
Commit	Line	Data
52b7d2ce A	1	/* $Id: main.c,v 1.14.2.3 2005/11/06 17:18:26 monas Exp $ */
	2
	3	/*
	4	* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
	5	* All rights reserved.
	6	*
	7	* Redistribution and use in source and binary forms, with or without
	8	* modification, are permitted provided that the following conditions
	9	* are met:
	10	* 1. Redistributions of source code must retain the above copyright
	11	* notice, this list of conditions and the following disclaimer.
	12	* 2. Redistributions in binary form must reproduce the above copyright
	13	* notice, this list of conditions and the following disclaimer in the
	14	* documentation and/or other materials provided with the distribution.
	15	* 3. Neither the name of the project nor the names of its contributors
	16	* may be used to endorse or promote products derived from this software
	17	* without specific prior written permission.
	18	*
	19	* THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
	20	* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
	21	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
	22	* ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
	23	* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
	24	* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
	25	* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
	26	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
	27	* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
	28	* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
	29	* SUCH DAMAGE.
	30	*/
	31
	32	#include "config.h"
	33
	34	#include <sys/types.h>
	35	#include <sys/param.h>
	36	#include <sys/socket.h>
	37	#include <sys/stat.h>
	38	#include <sys/sysctl.h>
	39
	40	#include <netinet/in.h>
	41
	42	#include <stdlib.h>
	43	#include <stdio.h>
	44	#include <string.h>
	45	#include <errno.h>
	46	#include <limits.h>
	47	#ifdef HAVE_UNISTD_H
	48	#include <unistd.h>
	49	#endif
	50	#include <paths.h>
	51	#include <err.h>
	52
	53	/*
	54	* If we're using a debugging malloc library, this may define our
	55	* wrapper stubs.
	56	*/
	57	#define RACOON_MAIN_PROGRAM
	58	#include "gcmalloc.h"
	59
	60	#include "var.h"
	61	#include "misc.h"
	62	#include "vmbuf.h"
	63	#include "plog.h"
	64	#include "debug.h"
65
66	#include "cfparse_proto.h"
67	#include "isakmp_var.h"
68	#ifdef HAVE_LIBRADIUS
69	#include "isakmp.h"
70	#include "isakmp_xauth.h"
71	#endif
72	#include "remoteconf.h"
73	#include "localconf.h"
74	#include "session.h"
75	#include "oakley.h"
76	#include "pfkey.h"
77	#include "crypto_openssl.h"
78	#include "backupsa.h"
79	#include "vendorid.h"
80
81	//#include "package_version.h"
82
83	int f_local = 0; /* local test mode. behave like a wall. */
84	int vflag = 1; /* for print-isakmp.c */
85	static int loading_sa = 0; /* install sa when racoon boots up. */
86	static int dump_config = 0; /* dump parsed config file. */
87	static int exec_done = 0; /* we've already been exec'd */
88
89	#ifdef TOP_PACKAGE
90	static char version[] = "@(#)" TOP_PACKAGE_STRING " (" TOP_PACKAGE_URL ")";
91	#else /* TOP_PACKAGE */
92	static char version[] = "@(#) racoon / IPsec-tools";
93	#endif /* TOP_PACKAGE */
94
95	int main __P((int, char **));
96	static void usage __P((void));
97	static void parse __P((int, char **));
98	static void restore_params __P((void));
99	static void save_params __P((void));
100	static void saverestore_params __P((int));
101	static void cleanup_pidfile __P((void));
102
103	pid_t racoon_pid = 0;
104	int print_pid = 1; /* for racoon only */
105
106	void
107	usage()
108	{
109	printf("usage: racoon [-BdFve%s] %s[-f (file)] [-l (file)] [-p (port)]\n",
110	#ifdef INET6
111	"46",
112	#else
113	"",
114	#endif
115	#ifdef ENABLE_ADMINPORT
116	"[-a (port)] "
117	#else
118	""
119	#endif
120	);
121	printf(" -B: install SA to the kernel from the file "
122	"specified by the configuration file.\n");
123	printf(" -d: debug level, more -d will generate more debug message.\n");
124	printf(" -C: dump parsed config file.\n");
125	printf(" -L: include location in debug messages\n");
126	printf(" -F: run in foreground, do not become daemon.\n");
127	printf(" -v: be more verbose\n");
128	printf(" -e: enable auto exit\n");
129	#ifdef INET6
130	printf(" -4: IPv4 mode.\n");
131	printf(" -6: IPv6 mode.\n");
132	#endif
133	#ifdef ENABLE_ADMINPORT
134	printf(" -a: port number for admin port.\n");
135	#endif
136	printf(" -f: pathname for configuration file.\n");
137	printf(" -l: pathname for log file.\n");
138	printf(" -p: port number for isakmp (default: %d).\n", PORT_ISAKMP);
139	printf(" -P: port number for NAT-T (default: %d).\n", PORT_ISAKMP_NATT);
140	exit(1);
141	}
142
143	int
144	main(ac, av)
145	int ac;
146	char **av;
147	{
148	int error;
149
150	if (geteuid() != 0) {
151	errx(1, "must be root to invoke this program.");
152	/* NOTREACHED*/
153	}
154
155	/*
156	* Don't let anyone read files I write. Although some files (such as
157	* the PID file) can be other readable, we dare to use the global mask,
158	* because racoon uses fopen(3), which can't specify the permission
159	* at the creation time.
160	*/
161	umask(077);
162	if (umask(077) != 077) {
163	errx(1, "could not set umask");
164	/* NOTREACHED*/
165	}
166
167	#ifdef DEBUG_RECORD_MALLOCATION
168	DRM_init();
169	#endif
170
171	eay_init();
172	initlcconf();
173	initrmconf();
174	oakley_dhinit();
175	compute_vendorids();
176
177	parse(ac, av);
178	if (lcconf->logfile_param)
179	plogset(lcconf->logfile_param);
180	ploginit();
181
182	plog(LLV_INFO, LOCATION, NULL, "***** racoon started: pid=%d started by: %d\n", getpid(), getppid());
183	plog(LLV_INFO, LOCATION, NULL, "%s\n", version);
184	plog(LLV_INFO, LOCATION, NULL, "@(#)"
185	"This product linked %s (http://www.openssl.org/)"
186	"\n", eay_version());
187
188	if (pfkey_init() < 0) {
189	errx(1, "something error happened "
190	"while pfkey initializing.");
191	/* NOTREACHED*/
192	}
193
194	/*
195	* in order to prefer the parameters by command line,
196	* saving some parameters before parsing configuration file.
197	*/
198	save_params();
199	error = cfparse();
200	if (error != 0)
201	errx(1, "failed to parse configuration file.");
202	restore_params();
203	if (lcconf->logfile_param == NULL)
204	plogreset(lcconf->pathinfo[LC_PATHTYPE_LOGFILE]);
205
206	#ifdef ENABLE_NATT
207	/* Tell the kernel which port to use for UDP encapsulation */
208	{
209	int udp_port = PORT_ISAKMP_NATT;
210	if (sysctlbyname("net.inet.ipsec.esp_port", NULL, NULL, &udp_port, sizeof(udp_port)) != 0)
211	errx(1, "couldn't set net.inet.ipsec.esp_port to %d. (%s)",
212	udp_port, strerror(errno));
213	}
214	#endif
215
216	#ifdef HAVE_LIBRADIUS
217	if (xauth_radius_init() != 0) {
218	errx(1, "could not initialize libradius");
219	/* NOTREACHED*/
220	}
221	#endif
222
223	if (dump_config)
224	dumprmconf ();
225
226	/*
227	* install SAs from the specified file. If the file is not specified
228	* by the configuration file, racoon will exit.
229	*/
230	if (loading_sa && !f_local) {
231	if (backupsa_from_file() != 0)
232	errx(1, "something error happened "
233	"SA recovering.");
234	}
235
236	if (f_foreground)
237	close(0);
238	else if (exec_done) {
239	if (atexit(cleanup_pidfile) < 0) {
240	plog(LLV_ERROR, LOCATION, NULL,
241	"cannot register pidfile cleanup");
242	}
243	} else {
244	#define MAX_EXEC_ARGS 32
245
246	char *args[MAX_EXEC_ARGS + 1];
247	char *env[1] = {0};
248	int i;
249
250	if (ac > MAX_EXEC_ARGS) {
251	plog(LLV_ERROR, LOCATION, NULL,
252	"too many arguments.\n");
253	exit(1);
254	}
255
256	if (daemon(0, 0) < 0) {
257	errx(1, "failed to be daemon. (%s)",
258	strerror(errno));
259	}
260
261	/* Radar 5129006 - Prevent non-root user from killing racoon
262	* when launched by setuid process
263	*/
264	if (setuid(0)) {
265	plog(LLV_ERROR, LOCATION, NULL,
266	"cannot set uid.\n");
267	exit(1);
268	}
269	if (setgid(0)) {
270	plog(LLV_ERROR, LOCATION, NULL,
271	"cannot set gid.\n");
272	exit(1);
273	}
274
275	/* setup args to re-exec - for CoreFoundation issues */
276	args[0] = PATHRACOON;
277	for (i = 1; i < ac; i++)
278	args[i] = *(av + i);
279	args[ac] = "-x"; /* tells racoon its been exec'd */
280	args[ac+1] = 0;
281
282	execve(PATHRACOON, args, env);
283	plog(LLV_ERROR, LOCATION, NULL,
284	"failed to exec racoon. (%s)", strerror(errno));
285	exit(1);
286	}
287
288	session();
289
290	exit(0);
291	}
292
293
294	static void
295	cleanup_pidfile()
296	{
297	char pid_file[MAXPATHLEN];
298	pid_t p = getpid();
299
300	/* if it's not child process, clean everything */
301	if (racoon_pid == p) {
302	if (lcconf->pathinfo[LC_PATHTYPE_PIDFILE] == NULL)
303	strlcpy(pid_file, _PATH_VARRUN "racoon.pid", MAXPATHLEN);
304	else if (lcconf->pathinfo[LC_PATHTYPE_PIDFILE][0] == '/')
305	strlcpy(pid_file, lcconf->pathinfo[LC_PATHTYPE_PIDFILE], MAXPATHLEN);
306	else {
307	strlcat(pid_file, _PATH_VARRUN, MAXPATHLEN);
308	strlcat(pid_file, lcconf->pathinfo[LC_PATHTYPE_PIDFILE], MAXPATHLEN);
309	}
310	(void) unlink(pid_file);
311	}
312	}
313
314
315	static void
316	parse(ac, av)
317	int ac;
318	char **av;
319	{
320	extern char *optarg;
321	extern int optind;
322	int c;
323	#ifdef YYDEBUG
324	extern int yydebug;
325	#endif
326
327	pname = strrchr(*av, '/');
328	if (pname)
329	pname++;
330	else
331	pname = *av;
332
333	#if 0 /* for debugging */
334	loglevel += 2;
335	plogset("/tmp/racoon.log");
336	#endif
337
338	while ((c = getopt(ac, av, "dLFp:P:a:f:l:veZBCx"
339	#ifdef YYDEBUG
340	"y"
341	#endif
342	#ifdef INET6
343	"46"
344	#endif
345	)) != -1) {
346	switch (c) {
347	case 'd':
348	loglevel++;
349	break;
350	case 'L':
351	print_location = 1;
352	break;
353	case 'F':
354	printf("Foreground mode.\n");
355	f_foreground = 1;
356	break;
357	case 'p':
358	lcconf->port_isakmp = atoi(optarg);
359	break;
360	case 'P':
361	lcconf->port_isakmp_natt = atoi(optarg);
362	break;
363	case 'a':
364	#ifdef ENABLE_ADMINPORT
365	lcconf->port_admin = atoi(optarg);
366	break;
367	#else
368	fprintf(stderr, "%s: the option is disabled "
369	"in the configuration\n", pname);
370	exit(1);
371	#endif
372	case 'f':
373	lcconf->racoon_conf = optarg;
374	break;
375	case 'l':
376	lcconf->logfile_param = optarg;
377	break;
378	case 'v':
379	vflag++;
380	break;
381	case 'e':
382	lcconf->auto_exit_state \|= LC_AUTOEXITSTATE_CLIENT;
383	break;
384	case 'x':
385	exec_done = 1;
386	break;
387	case 'Z':
388	/*
389	* only local test.
390	* To specify -Z option and to choice a appropriate
391	* port number for ISAKMP, you can launch some racoons
392	* on the local host for debug.
393	* pk_sendadd() on initiator side is always failed
394	* even if this flag is used. Because there is same
395	* spi in the SAD which is inserted by pk_sendgetspi()
396	* on responder side.
397	*/
398	printf("Local test mode.\n");
399	f_local = 1;
400	break;
401	#ifdef YYDEBUG
402	case 'y':
403	yydebug = 1;
404	break;
405	#endif
406	#ifdef INET6
407	case '4':
408	lcconf->default_af = AF_INET;
409	break;
410	case '6':
411	lcconf->default_af = AF_INET6;
412	break;
413	#endif
414	case 'B':
415	loading_sa++;
416	break;
417	case 'C':
418	dump_config++;
419	break;
420	default:
421	usage();
422	/* NOTREACHED */
423	}
424	}
425	ac -= optind;
426	av += optind;
427
428	if (ac != 0) {
429	usage();
430	/* NOTREACHED */
431	}
432
433	return;
434	}
435
436	static void
437	restore_params()
438	{
439	saverestore_params(1);
440	}
441
442	static void
443	save_params()
444	{
445	saverestore_params(0);
446	}
447
448	static void
449	saverestore_params(f)
450	int f;
451	{
452	static u_int16_t s_port_isakmp;
453	#ifdef ENABLE_ADMINPORT
454	static u_int16_t s_port_admin;
455	#endif
456
457	/* 0: save, 1: restore */
458	if (f) {
459	lcconf->port_isakmp = s_port_isakmp;
460	#ifdef ENABLE_ADMINPORT
461	lcconf->port_admin = s_port_admin;
462	#endif
463	} else {
464	s_port_isakmp = lcconf->port_isakmp;
465	#ifdef ENABLE_ADMINPORT
466	s_port_admin = lcconf->port_admin;
467	#endif
468	}
469	}