]> git.saurik.com Git - apple/network_cmds.git/blob - racoon.tproj/main.c
projects / apple / network_cmds.git / blob
? search:


109f96d1844143b5c9664a2dc72bcd5302ae1825
[apple/network_cmds.git] / racoon.tproj / main.c
1 /* $KAME: main.c,v 1.43 2001/11/16 04:34:57 sakane Exp $ */
2
3 /*
4 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
5 * All rights reserved.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
9 * are met:
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 * 3. Neither the name of the project nor the names of its contributors
16 * may be used to endorse or promote products derived from this software
17 * without specific prior written permission.
18 *
19 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
20 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
23 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
24 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
25 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
26 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
27 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
28 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29 * SUCH DAMAGE.
30 */
31
32 #include <sys/types.h>
33 #include <sys/param.h>
34 #include <sys/socket.h>
35 #include <sys/stat.h>
36 #include <sys/random.h>
37
38 #include <netinet/in.h>
39
40 #include <stdlib.h>
41 #include <stdio.h>
42 #include <string.h>
43 #include <errno.h>
44 #include <limits.h>
45 #ifdef HAVE_UNISTD_H
46 #include <unistd.h>
47 #endif
48 #include <paths.h>
49 #include <err.h>
50
51 /*
52 * If we're using a debugging malloc library, this may define our
53 * wrapper stubs.
54 */
55 #define RACOON_MAIN_PROGRAM
56 #include "gcmalloc.h"
57
58 #include "var.h"
59 #include "misc.h"
60 #include "vmbuf.h"
61 #include "plog.h"
62 #include "debug.h"
63
64 #include "cfparse.h"
65 #include "isakmp_var.h"
66 #include "remoteconf.h"
67 #include "localconf.h"
68 #include "session.h"
69 #include "oakley.h"
70 #include "pfkey.h"
71 #include "crypto_openssl.h"
72 #include "backupsa.h"
73
74 int f_foreground = 0; /* force running in foreground. */
75 int f_local = 0; /* local test mode. behave like a wall. */
76 int vflag = 1; /* for print-isakmp.c */
77 static int loading_sa = 0; /* install sa when racoon boots up. */
78
79 #define RACOON_VERSION "20001216 sakane@kame.net"
80 #ifdef RACOON_PKG_VERSION
81 static char version0[] = "@(#)package version " RACOON_PKG_VERSION ;
82 static char version[] = "@(#)internal version " RACOON_VERSION ;
83 #else
84 static char version[] = "@(#)racoon 20001216 " RACOON_VERSION ;
85 #endif
86 static pid_t racoon_pid = 0;
87
88 int main __P((int, char **));
89 static void usage __P((void));
90 static void parse __P((int, char **));
91 static void restore_params __P((void));
92 static void save_params __P((void));
93 static void saverestore_params __P((int));
94 static void cleanup_pidfile __P((void));
95
96 void
97 usage()
98 {
99 printf("usage: racoon [-BdFv%s] %s[-f (file)] [-l (file)] [-p (port)]\n",
100 #ifdef INET6
101 "46",
102 #else
103 "",
104 #endif
105 #ifdef ENABLE_ADMINPORT
106 "[-a (port)] "
107 #else
108 ""
109 #endif
110 );
111 printf(" -B: install SA to the kernel from the file "
112 "specified by the configuration file.\n");
113 printf(" -d: debug level, more -d will generate more debug message.\n");
114 printf(" -F: run in foreground, do not become daemon.\n");
115 printf(" -v: be more verbose\n");
116 #ifdef INET6
117 printf(" -4: IPv4 mode.\n");
118 printf(" -6: IPv6 mode.\n");
119 #endif
120 #ifdef ENABLE_ADMINPORT
121 printf(" -a: port number for admin port.\n");
122 #endif
123 printf(" -f: pathname for configuration file.\n");
124 printf(" -l: pathname for log file.\n");
125 printf(" -p: port number for isakmp (default: %d).\n", PORT_ISAKMP);
126 exit(1);
127 }
128
129 int
130 main(ac, av)
131 int ac;
132 char **av;
133 {
134 int error;
135
136 if (geteuid() != 0) {
137 errx(1, "must be root to invoke this program.");
138 /* NOTREACHED*/
139 }
140
141 /*
142 * Don't let anyone read files I write. Although some files (such as
143 * the PID file) can be other readable, we dare to use the global mask,
144 * because racoon uses fopen(3), which can't specify the permission
145 * at the creation time.
146 */
147 umask(077);
148 if (umask(077) != 077) {
149 errx(1, "could not set umask");
150 /* NOTREACHED*/
151 }
152
153 #ifdef DEBUG_RECORD_MALLOCATION
154 DRM_init();
155 #endif
156
157 initlcconf();
158 initrmconf();
159 oakley_dhinit();
160 eay_init_error();
161
162 parse(ac, av);
163
164 ploginit();
165
166 #ifdef RACOON_PKG_VERSION
167 plog(LLV_INFO, LOCATION, NULL, "%s\n", version0);
168 #endif
169 plog(LLV_INFO, LOCATION, NULL, "%s\n", version);
170 plog(LLV_INFO, LOCATION, NULL, "@(#)"
171 "This product linked %s (http://www.openssl.org/)"
172 "\n", eay_version());
173
174 if (pfkey_init() < 0) {
175 errx(1, "something error happened "
176 "while pfkey initializing.");
177 /* NOTREACHED*/
178 }
179
180 /*
181 * in order to prefer the parameters by command line,
182 * saving some parameters before parsing configuration file.
183 */
184 save_params();
185 error = cfparse();
186 if (error != 0)
187 errx(1, "failed to parse configuration file.");
188 restore_params();
189
190 /*
191 * install SAs from the specified file. If the file is not specified
192 * by the configuration file, racoon will exit.
193 */
194 if (loading_sa && !f_local) {
195 if (backupsa_from_file() != 0)
196 errx(1, "something error happened "
197 "SA recovering.");
198 }
199
200 if (f_foreground)
201 close(0);
202 else {
203 const char *pid_file = _PATH_VARRUN "racoon.pid";
204 FILE *fp;
205
206 if (daemon(0, 0) < 0) {
207 errx(1, "failed to be daemon. (%s)",
208 strerror(errno));
209 }
210 /*
211 * In case somebody has started inetd manually, we need to
212 * clear the logname, so that old servers run as root do not
213 * get the user's logname..
214 */
215 if (setlogin("") < 0) {
216 plog(LLV_ERROR, LOCATION, NULL,
217 "cannot clear logname: %s\n", strerror(errno));
218 /* no big deal if it fails.. */
219 }
220 racoon_pid = getpid();
221 fp = fopen(pid_file, "w");
222 if (fp) {
223 if (fchmod(fileno(fp),
224 S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH) == -1) {
225 syslog(LOG_ERR, "%s", strerror(errno));
226 fclose(fp);
227 exit(1);
228 }
229 fprintf(fp, "%ld\n", (long)racoon_pid);
230 fclose(fp);
231 } else {
232 plog(LLV_ERROR, LOCATION, NULL,
233 "cannot open %s", pid_file);
234 }
235 if (!f_local) {
236 if (atexit(cleanup_pidfile) < 0) {
237 plog(LLV_ERROR, LOCATION, NULL,
238 "cannot register pidfile cleanup");
239 }
240 }
241 }
242
243 session();
244
245 exit(0);
246 }
247
248 static void
249 cleanup_pidfile()
250 {
251 pid_t p = getpid();
252
253 /* if it's not child process, clean everything */
254 if (racoon_pid == p) {
255 const char *pid_file = _PATH_VARRUN "racoon.pid";
256
257 (void) unlink(pid_file);
258 }
259 }
260
261 static void
262 parse(ac, av)
263 int ac;
264 char **av;
265 {
266 extern char *optarg;
267 extern int optind;
268 int c;
269 #ifdef YYDEBUG
270 extern int yydebug;
271 #endif
272
273 pname = strrchr(*av, '/');
274 if (pname)
275 pname++;
276 else
277 pname = *av;
278
279 while ((c = getopt(ac, av, "dFp:a:f:l:vZB"
280 #ifdef YYDEBUG
281 "y"
282 #endif
283 #ifdef INET6
284 "46"
285 #endif
286 )) != -1) {
287 switch (c) {
288 case 'd':
289 loglevel++;
290 break;
291 case 'F':
292 printf("Foreground mode.\n");
293 f_foreground = 1;
294 break;
295 case 'p':
296 lcconf->port_isakmp = atoi(optarg);
297 break;
298 case 'a':
299 #ifdef ENABLE_ADMINPORT
300 lcconf->port_admin = atoi(optarg);
301 break;
302 #else
303 fprintf(stderr, "%s: the option is disabled "
304 "in the configuration\n", pname);
305 exit(1);
306 #endif
307 case 'f':
308 lcconf->racoon_conf = optarg;
309 break;
310 case 'l':
311 plogset(optarg);
312 break;
313 case 'v':
314 vflag++;
315 break;
316 case 'Z':
317 /*
318 * only local test.
319 * To specify -Z option and to choice a appropriate
320 * port number for ISAKMP, you can launch some racoons
321 * on the local host for debug.
322 * pk_sendadd() on initiator side is always failed
323 * even if this flag is used. Because there is same
324 * spi in the SAD which is inserted by pk_sendgetspi()
325 * on responder side.
326 */
327 printf("Local test mode.\n");
328 f_local = 1;
329 break;
330 #ifdef YYDEBUG
331 case 'y':
332 yydebug = 1;
333 break;
334 #endif
335 #ifdef INET6
336 case '4':
337 lcconf->default_af = AF_INET;
338 break;
339 case '6':
340 lcconf->default_af = AF_INET6;
341 break;
342 #endif
343 case 'B':
344 loading_sa++;
345 break;
346 default:
347 usage();
348 /* NOTREACHED */
349 }
350 }
351 ac -= optind;
352 av += optind;
353
354 if (ac != 0) {
355 usage();
356 /* NOTREACHED */
357 }
358
359 return;
360 }
361
362 static void
363 restore_params()
364 {
365 saverestore_params(1);
366 }
367
368 static void
369 save_params()
370 {
371 saverestore_params(0);
372 }
373
374 static void
375 saverestore_params(f)
376 int f;
377 {
378 static u_int16_t s_port_isakmp;
379 #ifdef ENABLE_ADMINPORT
380 static u_int16_t s_port_admin;
381 #endif
382
383 /* 0: save, 1: restore */
384 if (f) {
385 lcconf->port_isakmp = s_port_isakmp;
386 #ifdef ENABLE_ADMINPORT
387 lcconf->port_admin = s_port_admin;
388 #endif
389 } else {
390 s_port_isakmp = lcconf->port_isakmp;
391 #ifdef ENABLE_ADMINPORT
392 s_port_admin = lcconf->port_admin;
393 #endif
394 }
395 }
mirror of network_cmds