]> git.saurik.com Git - apple/network_cmds.git/blob - racoon.tproj/main.c
projects / apple / network_cmds.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
network_cmds-176.4.1.tar.gz
[apple/network_cmds.git] / racoon.tproj / main.c
1 /* $KAME: main.c,v 1.48 2002/11/20 02:06:07 itojun Exp $ */
2
3 /*
4 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
5 * All rights reserved.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
9 * are met:
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 * 3. Neither the name of the project nor the names of its contributors
16 * may be used to endorse or promote products derived from this software
17 * without specific prior written permission.
18 *
19 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
20 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
23 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
24 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
25 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
26 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
27 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
28 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29 * SUCH DAMAGE.
30 */
31
32 #include <sys/types.h>
33 #include <sys/param.h>
34 #include <sys/socket.h>
35 #include <sys/stat.h>
36 #include <sys/random.h>
37 #include <sys/sysctl.h>
38
39 #include <netinet/in.h>
40
41 #include <stdlib.h>
42 #include <stdio.h>
43 #include <string.h>
44 #include <errno.h>
45 #include <limits.h>
46 #ifdef HAVE_UNISTD_H
47 #include <unistd.h>
48 #endif
49 #include <paths.h>
50 #include <err.h>
51
52 /*
53 * If we're using a debugging malloc library, this may define our
54 * wrapper stubs.
55 */
56 #define RACOON_MAIN_PROGRAM
57 #include "gcmalloc.h"
58
59 #include "var.h"
60 #include "misc.h"
61 #include "vmbuf.h"
62 #include "plog.h"
63 #include "debug.h"
64
65 #include "cfparse.h"
66 #include "isakmp_var.h"
67 #include "remoteconf.h"
68 #include "localconf.h"
69 #include "session.h"
70 #include "oakley.h"
71 #include "pfkey.h"
72 #include "crypto_openssl.h"
73 #include "backupsa.h"
74 #ifndef HAVE_ARC4RANDOM
75 #include "arc4random.h"
76 #endif
77
78 int f_foreground = 0; /* force running in foreground. */
79 int f_local = 0; /* local test mode. behave like a wall. */
80 int vflag = 1; /* for print-isakmp.c */
81 static int loading_sa = 0; /* install sa when racoon boots up. */
82
83 #define RACOON_VERSION "20001216 sakane@kame.net"
84 #ifdef RACOON_PKG_VERSION
85 static char version0[] = "@(#)package version " RACOON_PKG_VERSION ;
86 static char version[] = "@(#)internal version " RACOON_VERSION ;
87 #else
88 static char version[] = "@(#)racoon 20001216 " RACOON_VERSION ;
89 #endif
90 static pid_t racoon_pid = 0;
91
92 int main __P((int, char **));
93 static void usage __P((void));
94 static void parse __P((int, char **));
95 static void restore_params __P((void));
96 static void save_params __P((void));
97 static void saverestore_params __P((int));
98 static void cleanup_pidfile __P((void));
99
100 void
101 usage()
102 {
103 printf("usage: racoon [-BdFv%s] %s[-f (file)] [-l (file)] [-p (port)]\n",
104 #ifdef INET6
105 "46",
106 #else
107 "",
108 #endif
109 #ifdef ENABLE_ADMINPORT
110 "[-a (port)] "
111 #else
112 ""
113 #endif
114 );
115 printf(" -B: install SA to the kernel from the file "
116 "specified by the configuration file.\n");
117 printf(" -d: debug level, more -d will generate more debug message.\n");
118 printf(" -F: run in foreground, do not become daemon.\n");
119 printf(" -v: be more verbose\n");
120 #ifdef INET6
121 printf(" -4: IPv4 mode.\n");
122 printf(" -6: IPv6 mode.\n");
123 #endif
124 #ifdef ENABLE_ADMINPORT
125 printf(" -a: port number for admin port.\n");
126 #endif
127 printf(" -f: pathname for configuration file.\n");
128 printf(" -l: pathname for log file.\n");
129 printf(" -p: port number for isakmp (default: %d).\n", PORT_ISAKMP);
130 exit(1);
131 }
132
133 extern int cfparse(void);
134
135 int
136 main(ac, av)
137 int ac;
138 char **av;
139 {
140 int error;
141
142 if (geteuid() != 0) {
143 errx(1, "must be root to invoke this program.");
144 /* NOTREACHED*/
145 }
146
147 /*
148 * Don't let anyone read files I write. Although some files (such as
149 * the PID file) can be other readable, we dare to use the global mask,
150 * because racoon uses fopen(3), which can't specify the permission
151 * at the creation time.
152 */
153 umask(077);
154 if (umask(077) != 077) {
155 errx(1, "could not set umask");
156 /* NOTREACHED*/
157 }
158
159 #ifdef DEBUG_RECORD_MALLOCATION
160 DRM_init();
161 #endif
162
163 initlcconf();
164 initrmconf();
165 oakley_dhinit();
166 eay_init_error();
167
168 parse(ac, av);
169
170 ploginit();
171 (void)arc4random(); /* XXX test if random number is available */
172
173 #ifdef RACOON_PKG_VERSION
174 plog(LLV_INFO, LOCATION, NULL, "%s\n", version0);
175 #endif
176 plog(LLV_INFO, LOCATION, NULL, "%s\n", version);
177 plog(LLV_INFO, LOCATION, NULL, "@(#)"
178 "This product linked %s (http://www.openssl.org/)"
179 "\n", eay_version());
180
181 if (pfkey_init() < 0) {
182 errx(1, "something error happened "
183 "while pfkey initializing.");
184 /* NOTREACHED*/
185 }
186
187 /*
188 * in order to prefer the parameters by command line,
189 * saving some parameters before parsing configuration file.
190 */
191 save_params();
192 error = cfparse();
193 if (error != 0)
194 errx(1, "failed to parse configuration file.");
195 restore_params();
196
197 #ifdef IKE_NAT_T
198 /* Tell the kernel which port to use for UDP encapsulation */
199 {
200 int udp_port = PORT_ISAKMP_NATT;
201 if (sysctlbyname("net.inet.ipsec.esp_port", NULL, NULL, &udp_port, sizeof(udp_port)) != 0)
202 errx(1, "couldn't set net.inet.ipsec.esp_port to %d. (%s)",
203 udp_port, strerror(errno));
204 }
205 #endif
206
207 /*
208 * install SAs from the specified file. If the file is not specified
209 * by the configuration file, racoon will exit.
210 */
211 if (loading_sa && !f_local) {
212 if (backupsa_from_file() != 0)
213 errx(1, "something error happened "
214 "SA recovering.");
215 }
216
217 if (f_foreground)
218 close(0);
219 else {
220 const char *pid_file = _PATH_VARRUN "racoon.pid";
221 FILE *fp;
222
223 if (daemon(0, 0) < 0) {
224 errx(1, "failed to be daemon. (%s)",
225 strerror(errno));
226 }
227 /*
228 * In case somebody has started inetd manually, we need to
229 * clear the logname, so that old servers run as root do not
230 * get the user's logname..
231 */
232 if (setlogin("") < 0) {
233 plog(LLV_ERROR, LOCATION, NULL,
234 "cannot clear logname: %s\n", strerror(errno));
235 /* no big deal if it fails.. */
236 }
237 racoon_pid = getpid();
238 fp = fopen(pid_file, "w");
239 if (fp) {
240 if (fchmod(fileno(fp),
241 S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH) == -1) {
242 syslog(LOG_ERR, "%s", strerror(errno));
243 fclose(fp);
244 exit(1);
245 }
246 fprintf(fp, "%ld\n", (long)racoon_pid);
247 fclose(fp);
248 } else {
249 plog(LLV_ERROR, LOCATION, NULL,
250 "cannot open %s", pid_file);
251 }
252 if (!f_local) {
253 if (atexit(cleanup_pidfile) < 0) {
254 plog(LLV_ERROR, LOCATION, NULL,
255 "cannot register pidfile cleanup");
256 }
257 }
258 }
259
260 session();
261
262 exit(0);
263 }
264
265 static void
266 cleanup_pidfile()
267 {
268 pid_t p = getpid();
269
270 /* if it's not child process, clean everything */
271 if (racoon_pid == p) {
272 const char *pid_file = _PATH_VARRUN "racoon.pid";
273
274 (void) unlink(pid_file);
275 }
276 }
277
278 static void
279 parse(ac, av)
280 int ac;
281 char **av;
282 {
283 extern char *optarg;
284 extern int optind;
285 int c;
286 #ifdef YYDEBUG
287 extern int yydebug;
288 #endif
289
290 pname = strrchr(*av, '/');
291 if (pname)
292 pname++;
293 else
294 pname = *av;
295
296 while ((c = getopt(ac, av, "dFp:a:f:l:vZB"
297 #ifdef YYDEBUG
298 "y"
299 #endif
300 #ifdef INET6
301 "46"
302 #endif
303 )) != -1) {
304 switch (c) {
305 case 'd':
306 loglevel++;
307 break;
308 case 'F':
309 printf("Foreground mode.\n");
310 f_foreground = 1;
311 break;
312 case 'p':
313 lcconf->port_isakmp = atoi(optarg);
314 break;
315 case 'a':
316 #ifdef ENABLE_ADMINPORT
317 lcconf->port_admin = atoi(optarg);
318 break;
319 #else
320 fprintf(stderr, "%s: the option is disabled "
321 "in the configuration\n", pname);
322 exit(1);
323 #endif
324 case 'f':
325 lcconf->racoon_conf = optarg;
326 break;
327 case 'l':
328 plogset(optarg);
329 break;
330 case 'v':
331 vflag++;
332 break;
333 case 'Z':
334 /*
335 * only local test.
336 * To specify -Z option and to choice a appropriate
337 * port number for ISAKMP, you can launch some racoons
338 * on the local host for debug.
339 * pk_sendadd() on initiator side is always failed
340 * even if this flag is used. Because there is same
341 * spi in the SAD which is inserted by pk_sendgetspi()
342 * on responder side.
343 */
344 printf("Local test mode.\n");
345 f_local = 1;
346 break;
347 #ifdef YYDEBUG
348 case 'y':
349 yydebug = 1;
350 break;
351 #endif
352 #ifdef INET6
353 case '4':
354 lcconf->default_af = AF_INET;
355 break;
356 case '6':
357 lcconf->default_af = AF_INET6;
358 break;
359 #endif
360 case 'B':
361 loading_sa++;
362 break;
363 default:
364 usage();
365 /* NOTREACHED */
366 }
367 }
368 ac -= optind;
369 av += optind;
370
371 if (ac != 0) {
372 usage();
373 /* NOTREACHED */
374 }
375
376 return;
377 }
378
379 static void
380 restore_params()
381 {
382 saverestore_params(1);
383 }
384
385 static void
386 save_params()
387 {
388 saverestore_params(0);
389 }
390
391 static void
392 saverestore_params(f)
393 int f;
394 {
395 static u_int16_t s_port_isakmp;
396 #ifdef ENABLE_ADMINPORT
397 static u_int16_t s_port_admin;
398 #endif
399
400 /* 0: save, 1: restore */
401 if (f) {
402 lcconf->port_isakmp = s_port_isakmp;
403 #ifdef ENABLE_ADMINPORT
404 lcconf->port_admin = s_port_admin;
405 #endif
406 } else {
407 s_port_isakmp = lcconf->port_isakmp;
408 #ifdef ENABLE_ADMINPORT
409 s_port_admin = lcconf->port_admin;
410 #endif
411 }
412 }
mirror of network_cmds