]> git.saurik.com Git - apple/ipsec.git/blobdiff - ipsec-tools/racoon/main.c
ipsec-286.1.1.tar.gz
[apple/ipsec.git] / ipsec-tools / racoon / main.c
index 84e1beb0a32c573f1673fa5871f28a2e95b1694d..631b86c9828dbe93b7a5507ff80b27633507ded0 100644 (file)
 #include "pfkey.h"
 #include "policy.h"
 #include "crypto_openssl.h"
-#include "backupsa.h"
 #include "vendorid.h"
 
 #include <CoreFoundation/CoreFoundation.h>
-#include <SystemConfiguration/SystemConfiguration.h>
-#ifndef TARGET_OS_EMBEDDED
-#include <sandbox.h>
-#endif // !TARGET_OS_EMBEDDED
 #include "power_mgmt.h"
+#include "preferences.h"
 
 //#include "package_version.h"
 
 int f_local = 0;       /* local test mode.  behave like a wall. */
 int vflag = 1;         /* for print-isakmp.c */
-static int loading_sa = 0;     /* install sa when racoon boots up. */
 static int dump_config = 0;    /* dump parsed config file. */
 static int exec_done = 0;      /* we've already been exec'd */
 
@@ -103,37 +98,35 @@ static char version[] = "@(#)" TOP_PACKAGE_STRING " (" TOP_PACKAGE_URL ")";
 static char version[] = "@(#) racoon / IPsec-tools";
 #endif /* TOP_PACKAGE */
 
-int main __P((int, char **));
-static void usage __P((void));
-static void parse __P((int, char **));
-static void restore_params __P((void));
-static void save_params __P((void));
-static void saverestore_params __P((int));
-static void cleanup_pidfile __P((void));
-int launchedbylaunchd __P((void));
+int main (int, char **);
+static void usage (void);
+static void parse (int, char **);
+static void restore_params (void);
+static void save_params (void);
+static void saverestore_params (int);
+static void cleanup_pidfile (void);
+#if 0 // <rdar://problem/9286626>
+int launchedbylaunchd (void);
+#endif
 
 pid_t racoon_pid = 0;
+int   launchdlaunched = 0;
 int print_pid = 1;     /* for racoon only */
-char  logFileStr[MAXPATHLEN+1];
+
 
 void
 usage()
 {
-       printf("usage: racoon [-BdFvs%s] %s[-f (file)] [-l (file)] [-p (port)]\n",
+       printf("usage: racoon [-BdDFvs%s] %s[-f (file)] [-l (file)] [-p (port)]\n",
 #ifdef INET6
                "46",
 #else
                "",
 #endif
-#ifdef ENABLE_ADMINPORT
-               "[-a (port)] "
-#else
                ""
-#endif
                );
-       printf("   -B: install SA to the kernel from the file "
-               "specified by the configuration file.\n");
        printf("   -d: debug level, more -d will generate more debug message.\n");
+       printf("   -D: started by LaunchD (implies daemon mode).\n");
        printf("   -C: dump parsed config file.\n");
        printf("   -L: include location in debug messages\n");
        printf("   -F: run in foreground, do not become daemon.\n");
@@ -142,9 +135,6 @@ usage()
 #ifdef INET6
        printf("   -4: IPv4 mode.\n");
        printf("   -6: IPv6 mode.\n");
-#endif
-#ifdef ENABLE_ADMINPORT
-       printf("   -a: port number for admin port.\n");
 #endif
        printf("   -f: pathname for configuration file.\n");
        printf("   -l: pathname for log file.\n");
@@ -159,21 +149,17 @@ main(ac, av)
        char **av;
 {
        int error;
-#ifndef TARGET_OS_EMBEDDED
-       char *sb_errorbuf = NULL;
-#endif // !TARGET_OS_EMBEDDED
-
-#ifndef TARGET_OS_EMBEDDED
-       if (sandbox_init("racoon", SANDBOX_NAMED, &sb_errorbuf) == -1) {
-               if (sb_errorbuf) {
-                       syslog(LOG_ERR, "sandbox_init failed: %s\n", sb_errorbuf);
-                       sandbox_free_error(sb_errorbuf);
-                       sb_errorbuf = NULL;
-               } else {
-                       syslog(LOG_ERR, "sandbox_init failed\n");
-               }
-       }
-#endif // !TARGET_OS_EMBEDDED
+
+       /*
+        * Check IPSec plist
+        */
+       prefsinit();
+       ploginit();
+
+       /* 
+        * racoon is not sandboxed on Mac OS.
+        * On embedded, racoon is sandboxed with a seatbelt-profiles entitlement.
+        */
 
        if (geteuid() != 0) {
                errx(1, "must be root to invoke this program.");
@@ -192,12 +178,6 @@ main(ac, av)
                /* NOTREACHED*/
        }
 
-#ifdef DEBUG_RECORD_MALLOCATION
-       DRM_init();
-#endif
-
-       logFileStr[0] = 0;
-
 #ifdef HAVE_OPENSSL
        eay_init();
 #endif
@@ -208,90 +188,23 @@ main(ac, av)
        compute_vendorids();
 
        parse(ac, av);
-       plogmtxinit();
-
-       /*
-        * Check IPSec plist
-        */
-       {
-               SCPreferencesRef        prefs = NULL;
-               CFPropertyListRef       globals;
-               CFStringRef                     logFileRef;
-               CFNumberRef                     debugLevelRef;
-               
-               int                                     level = 0;
-               
-               logFileStr[0] = 0;
-                  
-           if ((prefs = SCPreferencesCreate(0, CFSTR("racoon"), CFSTR("com.apple.ipsec.plist"))) == NULL)
-                       goto skip;
-               globals = SCPreferencesGetValue(prefs, CFSTR("Global"));
-               if (!globals || (CFGetTypeID(globals) != CFDictionaryGetTypeID()))
-                       goto skip;
-               debugLevelRef = CFDictionaryGetValue(globals, CFSTR("DebugLevel"));
-               if (!debugLevelRef || (CFGetTypeID(debugLevelRef) != CFNumberGetTypeID()))
-                       goto skip;
-               CFNumberGetValue(debugLevelRef, kCFNumberSInt32Type, &level);
-               switch (level)
-               {
-                       case 0:
-                               loglevel = 5;
-                               goto skip;
-                               break;
-                       case 1:
-                               loglevel = 6;
-                               break;
-                       case 2:
-                               loglevel = 7;
-                               break;
-                       default:
-                               break; /* invalid - ignore */
-               }
-               
-               logFileRef = CFDictionaryGetValue(globals, CFSTR("DebugLogfile"));
-               if (!logFileRef || (CFGetTypeID(logFileRef) != CFStringGetTypeID())) {  
-                       goto skip;
-               }
-               CFStringGetCString(logFileRef, logFileStr, MAXPATHLEN, kCFStringEncodingMacRoman);
-skip:
-               if (prefs)
-                       CFRelease(prefs);
-       }
-       
-       if (logFileStr[0])
-                       plogset(logFileStr);
-       else    
-               if (lcconf->logfile_param)
-                       plogset(lcconf->logfile_param);                 
-
-       ploginit();
 
-       plog(LLV_INFO, LOCATION, NULL, "***** racoon started: pid=%d  started by: %d\n", getpid(), getppid());
-       plog(LLV_INFO, LOCATION, NULL, "%s\n", version);
+       plog(ASL_LEVEL_INFO, "***** racoon started: pid=%d  started by: %d, launchdlaunched %d\n", getpid(), getppid(), launchdlaunched);
+       plog(ASL_LEVEL_INFO, "%s\n", version);
 #ifdef HAVE_OPENSSL
-       plog(LLV_INFO, LOCATION, NULL, "@(#)"
+       plog(ASL_LEVEL_INFO, "@(#)"
            "This product linked %s (http://www.openssl.org/)"
            "\n", eay_version());
 #endif
-       plog(LLV_INFO, LOCATION, NULL, "Reading configuration from \"%s\"\n", 
+       plog(ASL_LEVEL_INFO, "Reading configuration from \"%s\"\n", 
            lcconf->racoon_conf);
 
+    //%%%%% this sould probably be moved to session()
        if (pfkey_init() < 0) {
-               errx(1, "something error happened "
-                       "while pfkey initializing.");
+               errx(1, "failed to initialize pfkey.\n");
                /* NOTREACHED*/
        }
 
-#ifdef ENABLE_HYBRID
-       if (isakmp_cfg_init(ISAKMP_CFG_INIT_COLD))
-               errx(1, "could not initialize ISAKMP mode config structures");
-#endif
-
-#ifdef HAVE_LIBLDAP
-       if (xauth_ldap_init() != 0)
-               errx(1, "could not initialize libldap");
-#endif
-
        /*
         * in order to prefer the parameters by command line,
         * saving some parameters before parsing configuration file.
@@ -303,7 +216,7 @@ skip:
        restore_params();
        
        if (lcconf->logfile_param == NULL && logFileStr[0] == 0)
-               plogreset(lcconf->pathinfo[LC_PATHTYPE_LOGFILE]);
+               plogresetfile(lcconf->pathinfo[LC_PATHTYPE_LOGFILE]);
                
 #ifdef ENABLE_NATT
        /* Tell the kernel which port to use for UDP encapsulation */
@@ -315,12 +228,6 @@ skip:
        }
 #endif
 
-#ifdef HAVE_LIBRADIUS
-       if (xauth_radius_init() != 0) {
-               errx(1, "could not initialize libradius");
-               /* NOTREACHED*/
-       }
-#endif
 
 #ifdef ENABLE_HYBRID
        if(isakmp_cfg_config.network4 && isakmp_cfg_config.pool_size == 0)
@@ -335,28 +242,23 @@ skip:
         * install SAs from the specified file.  If the file is not specified
         * by the configuration file, racoon will exit.
         */
-       if (loading_sa && !f_local) {
-               if (backupsa_from_file() != 0)
-                       errx(1, "something error happened "
-                               "SA recovering.");
-       }
 
        if (f_foreground)
                close(0);
        else {
-               if ( !exec_done && launchedbylaunchd() ){
-                       plog(LLV_INFO, LOCATION, NULL,
+               if ( !exec_done && launchdlaunched ){
+                       plog(ASL_LEVEL_INFO, 
                                 "racoon launched by launchd.\n");
                        exec_done = 1;
                        if (atexit(cleanup_pidfile) < 0) {
-                               plog(LLV_ERROR, LOCATION, NULL,
+                               plog(ASL_LEVEL_ERR, 
                                         "cannot register pidfile cleanup");
                        }
                }else {
                
                        if (exec_done) {
                                if (atexit(cleanup_pidfile) < 0) {
-                                       plog(LLV_ERROR, LOCATION, NULL,
+                                       plog(ASL_LEVEL_ERR, 
                                                "cannot register pidfile cleanup");
                                }
                        } else {
@@ -367,7 +269,7 @@ skip:
                                int     i;
                                
                                if (ac > MAX_EXEC_ARGS) {
-                                       plog(LLV_ERROR, LOCATION, NULL,
+                                       plog(ASL_LEVEL_ERR, 
                                                "too many arguments.\n");
                                        exit(1);
                                }
@@ -381,12 +283,12 @@ skip:
                                 * when launched by setuid process
                                 */
                                if (setuid(0)) {
-                                       plog(LLV_ERROR, LOCATION, NULL,
+                                       plog(ASL_LEVEL_ERR, 
                                                "cannot set uid.\n");
                                        exit(1);
                                }
                                if (setgid(0)) {
-                                       plog(LLV_ERROR, LOCATION, NULL,
+                                       plog(ASL_LEVEL_ERR, 
                                                "cannot set gid.\n");
                                        exit(1);
                                }
@@ -399,35 +301,26 @@ skip:
                                args[ac+1] = 0;
                                
                                execve(PATHRACOON, args, env);
-                               plog(LLV_ERROR, LOCATION, NULL,
+                               plog(ASL_LEVEL_ERR, 
                                                "failed to exec racoon. (%s)", strerror(errno));
                                exit(1);
                        }
                }
        }
-
+    
+    
+    /* start the session */
        session();
-       
-       exit(0);
 }
 
-
+#if 0 // <rdar://problem/9286626>
 int
 launchedbylaunchd(){
-       int             launchdlaunched = 1;
        launch_data_t checkin_response = NULL;
-       launch_data_t checkin_request = NULL;
-       
-       /* check in with launchd */
-       if ((checkin_request = launch_data_new_string(LAUNCH_KEY_CHECKIN)) == NULL) {
-               plog(LLV_ERROR, LOCATION, NULL,
-                        "launch_data_new_string fails.\n");
-               launchdlaunched = 0;
-               goto done;
-       }
-       if ((checkin_response = launch_msg(checkin_request)) == NULL) {
+    
+       if ((checkin_response = launch_socket_service_check_in()) == NULL) {
                plog(LLV_ERROR, LOCATION, NULL,
-                        "launch_msg fails.\n");
+                        "launch_socket_service_check_in fails.\n");
                launchdlaunched = 0;
                goto done;
        }
@@ -437,15 +330,14 @@ launchedbylaunchd(){
                launchdlaunched = 0;
                goto done;
        }
-       
+       launchdlaunched = 1;
 done:
        /* clean up before we leave */
-       if ( checkin_request )
-               launch_data_free(checkin_request);
        if ( checkin_response )
                launch_data_free(checkin_response);
        return launchdlaunched;
 }
+#endif
 
 static void
 cleanup_pidfile()
@@ -486,12 +378,7 @@ parse(ac, av)
        else
                pname = *av;
 
-#if 0  /* for debugging */
-       loglevel += 2;
-       plogset("/tmp/racoon.log");
-#endif
-
-       while ((c = getopt(ac, av, "dLFp:P:a:f:l:vsZBCx"
+       while ((c = getopt(ac, av, "dDLFp:P:a:f:l:vsZBCx"
 #ifdef YYDEBUG
                        "y"
 #endif
@@ -501,12 +388,23 @@ parse(ac, av)
                        )) != -1) {
                switch (c) {
                case 'd':
-                       loglevel++;
+                       plogsetlevel(ASL_LEVEL_DEBUG);
+                       break;
+               case 'D':
+                       if (f_foreground) {
+                               fprintf(stderr, "-D and -F are mutually exclusive\n");
+                               exit(1);
+                       }
+                       launchdlaunched = 1;
                        break;
                case 'L':
                        print_location = 1;
                        break;
                case 'F':
+                       if (launchdlaunched) {
+                               fprintf(stderr, "-D and -F are mutually exclusive\n");
+                               exit(1);
+                       }
                        printf("Foreground mode.\n");
                        f_foreground = 1;
                        break;
@@ -517,14 +415,9 @@ parse(ac, av)
                        lcconf->port_isakmp_natt = atoi(optarg);
                        break;
                case 'a':
-#ifdef ENABLE_ADMINPORT
-                       lcconf->port_admin = atoi(optarg);
-                       break;
-#else
                        fprintf(stderr, "%s: the option is disabled "
                            "in the configuration\n", pname);
                        exit(1);
-#endif
                case 'f':
                        lcconf->racoon_conf = optarg;
                        break;
@@ -567,9 +460,6 @@ parse(ac, av)
                        lcconf->default_af = AF_INET6;
                        break;
 #endif
-               case 'B':
-                       loading_sa++;
-                       break;
                case 'C':
                        dump_config++;
                        break;
@@ -606,20 +496,11 @@ saverestore_params(f)
        int f;
 {
        static u_int16_t s_port_isakmp;
-#ifdef ENABLE_ADMINPORT
-       static u_int16_t s_port_admin;
-#endif
 
        /* 0: save, 1: restore */
        if (f) {
                lcconf->port_isakmp = s_port_isakmp;
-#ifdef ENABLE_ADMINPORT
-               lcconf->port_admin = s_port_admin;
-#endif
        } else {
                s_port_isakmp = lcconf->port_isakmp;
-#ifdef ENABLE_ADMINPORT
-               s_port_admin = lcconf->port_admin;
-#endif
        }
 }