![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to main.c CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / ipsec-tools / src / racoon|
Return to main.c CVS log | Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / ipsec-tools / src / racoon |
1.1 misho 1: /* $NetBSD: main.c,v 1.12 2009/01/26 18:13:06 tteras Exp $ */
2:
3: /* Id: main.c,v 1.25 2006/06/20 20:31:34 manubsd Exp */
4:
5: /*
6: * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
7: * All rights reserved.
8: *
9: * Redistribution and use in source and binary forms, with or without
10: * modification, are permitted provided that the following conditions
11: * are met:
12: * 1. Redistributions of source code must retain the above copyright
13: * notice, this list of conditions and the following disclaimer.
14: * 2. Redistributions in binary form must reproduce the above copyright
15: * notice, this list of conditions and the following disclaimer in the
16: * documentation and/or other materials provided with the distribution.
17: * 3. Neither the name of the project nor the names of its contributors
18: * may be used to endorse or promote products derived from this software
19: * without specific prior written permission.
20: *
21: * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
22: * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23: * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24: * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
25: * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26: * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27: * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28: * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29: * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30: * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31: * SUCH DAMAGE.
32: */
33:
34: #include "config.h"
35:
36: #include <sys/types.h>
37: #include <sys/param.h>
38: #include <sys/socket.h>
39: #include <sys/stat.h>
40:
41: #include <netinet/in.h>
42:
43: #include <stdlib.h>
44: #include <stdio.h>
45: #include <string.h>
46: #include <errno.h>
47: #include <limits.h>
48: #ifdef HAVE_UNISTD_H
49: #include <unistd.h>
50: #endif
51: #include <paths.h>
52: #include <err.h>
53:
54: /*
55: * If we're using a debugging malloc library, this may define our
56: * wrapper stubs.
57: */
58: #define RACOON_MAIN_PROGRAM
59: #include "gcmalloc.h"
60:
61: #include "var.h"
62: #include "misc.h"
63: #include "vmbuf.h"
64: #include "plog.h"
65: #include "debug.h"
66:
67: #include "cfparse_proto.h"
68: #include "isakmp_var.h"
69: #include "remoteconf.h"
70: #include "localconf.h"
71: #include "session.h"
72: #include "oakley.h"
73: #include "pfkey.h"
74: #include "policy.h"
75: #include "crypto_openssl.h"
76: #include "backupsa.h"
77: #include "vendorid.h"
78:
79: #include "package_version.h"
80:
81: int dump_config = 0; /* dump parsed config file. */
82: int f_local = 0; /* local test mode. behave like a wall. */
83: int vflag = 1; /* for print-isakmp.c */
84: static int loading_sa = 0; /* install sa when racoon boots up. */
85:
86: #ifdef TOP_PACKAGE
87: static char version[] = "@(#)" TOP_PACKAGE_STRING " (" TOP_PACKAGE_URL ")";
88: #else /* TOP_PACKAGE */
89: static char version[] = "@(#) racoon / IPsec-tools";
90: #endif /* TOP_PACKAGE */
91:
92: static void
93: print_version()
94: {
95: printf("%s\n"
96: "\n"
97: "Compiled with:\n"
98: "- %s (http://www.openssl.org/)\n"
99: #ifdef INET6
100: "- IPv6 support\n"
101: #endif
102: #ifdef ENABLE_DPD
103: "- Dead Peer Detection\n"
104: #endif
105: #ifdef ENABLE_FRAG
106: "- IKE fragmentation\n"
107: #endif
108: #ifdef ENABLE_HYBRID
109: "- Hybrid authentication\n"
110: #endif
111: #ifdef ENABLE_GSSAPI
112: "- GSS-API authentication\n"
113: #endif
114: #ifdef ENABLE_NATT
115: "- NAT Traversal\n"
116: #endif
117: #ifdef ENABLE_STATS
118: "- Timing statistics\n"
119: #endif
120: #ifdef ENABLE_ADMINPORT
121: "- Admin port\n"
122: #endif
123: #ifdef HAVE_CLOCK_MONOTONIC
124: "- Monotonic clock\n"
125: #endif
126: #ifdef HAVE_SECCTX
127: "- Security context\n"
128: #endif
129: "\n",
130: version,
131: eay_version());
132: exit(0);
133: }
134:
135: static void
136: usage()
137: {
138: printf("usage: racoon [-BdFv"
139: #ifdef INET6
140: "46"
141: #endif
142: "] [-f (file)] [-l (file)] [-p (port)] [-P (natt port)]\n"
143: " -B: install SA to the kernel from the file "
144: "specified by the configuration file.\n"
145: " -d: debug level, more -d will generate more debug message.\n"
146: " -C: dump parsed config file.\n"
147: " -L: include location in debug messages\n"
148: " -F: run in foreground, do not become daemon.\n"
149: " -v: be more verbose\n"
150: " -V: print version and exit\n"
151: #ifdef INET6
152: " -4: IPv4 mode.\n"
153: " -6: IPv6 mode.\n"
154: #endif
155: " -f: pathname for configuration file.\n"
156: " -l: pathname for log file.\n"
157: " -p: port number for isakmp (default: %d).\n"
158: " -P: port number for NAT-T (default: %d).\n"
159: "\n",
160: PORT_ISAKMP, PORT_ISAKMP_NATT);
161: exit(1);
162: }
163:
164: static void
165: parse(ac, av)
166: int ac;
167: char **av;
168: {
169: extern char *optarg;
170: extern int optind;
171: int c;
172: #ifdef YYDEBUG
173: extern int yydebug;
174: #endif
175:
176: pname = strrchr(*av, '/');
177: if (pname)
178: pname++;
179: else
180: pname = *av;
181:
182: while ((c = getopt(ac, av, "dLFp:P:f:l:vVZBC"
183: #ifdef YYDEBUG
184: "y"
185: #endif
186: #ifdef INET6
187: "46"
188: #endif
189: )) != -1) {
190: switch (c) {
191: case 'd':
192: loglevel++;
193: break;
194: case 'L':
195: print_location = 1;
196: break;
197: case 'F':
198: printf("Foreground mode.\n");
199: f_foreground = 1;
200: break;
201: case 'p':
202: lcconf->port_isakmp = atoi(optarg);
203: break;
204: case 'P':
205: lcconf->port_isakmp_natt = atoi(optarg);
206: break;
207: case 'f':
208: lcconf->racoon_conf = optarg;
209: break;
210: case 'l':
211: plogset(optarg);
212: break;
213: case 'v':
214: vflag++;
215: break;
216: case 'V':
217: print_version();
218: break;
219: case 'Z':
220: /*
221: * only local test.
222: * To specify -Z option and to choice a appropriate
223: * port number for ISAKMP, you can launch some racoons
224: * on the local host for debug.
225: * pk_sendadd() on initiator side is always failed
226: * even if this flag is used. Because there is same
227: * spi in the SAD which is inserted by pk_sendgetspi()
228: * on responder side.
229: */
230: printf("Local test mode.\n");
231: f_local = 1;
232: break;
233: #ifdef YYDEBUG
234: case 'y':
235: yydebug = 1;
236: break;
237: #endif
238: #ifdef INET6
239: case '4':
240: lcconf->default_af = AF_INET;
241: break;
242: case '6':
243: lcconf->default_af = AF_INET6;
244: break;
245: #endif
246: case 'B':
247: loading_sa++;
248: break;
249: case 'C':
250: dump_config++;
251: break;
252: default:
253: usage();
254: /* NOTREACHED */
255: }
256: }
257: ac -= optind;
258: av += optind;
259:
260: if (ac != 0) {
261: usage();
262: /* NOTREACHED */
263: }
264: }
265:
266: int
267: main(ac, av)
268: int ac;
269: char **av;
270: {
271: int error;
272:
273: initlcconf();
274: parse(ac, av);
275:
276: if (geteuid() != 0) {
277: errx(1, "must be root to invoke this program.");
278: /* NOTREACHED*/
279: }
280:
281: /*
282: * Don't let anyone read files I write. Although some files (such as
283: * the PID file) can be other readable, we dare to use the global mask,
284: * because racoon uses fopen(3), which can't specify the permission
285: * at the creation time.
286: */
287: umask(077);
288: if (umask(077) != 077) {
289: errx(1, "could not set umask");
290: /* NOTREACHED*/
291: }
292:
293: #ifdef DEBUG_RECORD_MALLOCATION
294: DRM_init();
295: #endif
296:
297: #ifdef HAVE_SECCTX
298: init_avc();
299: #endif
300: eay_init();
301: initrmconf();
302: oakley_dhinit();
303: compute_vendorids();
304:
305: ploginit();
306:
307: plog(LLV_INFO, LOCATION, NULL, "%s\n", version);
308: plog(LLV_INFO, LOCATION, NULL, "@(#)"
309: "This product linked %s (http://www.openssl.org/)"
310: "\n", eay_version());
311: plog(LLV_INFO, LOCATION, NULL, "Reading configuration from \"%s\"\n",
312: lcconf->racoon_conf);
313:
314: /*
315: * install SAs from the specified file. If the file is not specified
316: * by the configuration file, racoon will exit.
317: */
318: if (loading_sa && !f_local) {
319: if (backupsa_from_file() != 0)
320: errx(1, "something error happened "
321: "SA recovering.");
322: }
323:
324: if (f_foreground)
325: close(0);
326: else {
327: if (daemon(0, 0) < 0) {
328: errx(1, "failed to be daemon. (%s)",
329: strerror(errno));
330: }
331: #ifndef __linux__
332: /*
333: * In case somebody has started inetd manually, we need to
334: * clear the logname, so that old servers run as root do not
335: * get the user's logname..
336: */
337: if (setlogin("") < 0) {
338: plog(LLV_ERROR, LOCATION, NULL,
339: "cannot clear logname: %s\n", strerror(errno));
340: /* no big deal if it fails.. */
341: }
342: #endif
343: }
344:
345: session();
346:
347: return 0;
348: }
349: