Added a small libcharon wrapper intended to directly host the nm plugin.
For this reason it reclaims the --enable-nm configure option.
This commit is contained in:
parent
94b48e071a
commit
1c7a733e36
96
configure.in
96
configure.in
|
@ -190,7 +190,7 @@ ARG_ENABL_SET([addrblock], [enables RFC 3779 address block constraint suppo
|
|||
ARG_ENABL_SET([uci], [enable OpenWRT UCI configuration plugin.])
|
||||
ARG_ENABL_SET([android], [enable Android specific plugin.])
|
||||
ARG_ENABL_SET([maemo], [enable Maemo specific plugin.])
|
||||
ARG_ENABL_SET([nm], [enable NetworkManager plugin.])
|
||||
ARG_ENABL_SET([nm], [enable NetworkManager backend.])
|
||||
ARG_ENABL_SET([ha], [enable high availability cluster plugin.])
|
||||
ARG_ENABL_SET([whitelist], [enable peer identity whitelisting plugin.])
|
||||
ARG_ENABL_SET([certexpire], [enable CSV export of expiration dates of used certificates.])
|
||||
|
@ -798,6 +798,7 @@ pki_plugins=
|
|||
scripts_plugins=
|
||||
manager_plugins=
|
||||
medsrv_plugins=
|
||||
nm_plugins=
|
||||
|
||||
# location specific lists for checksumming,
|
||||
# for src/libcharon, src/pluto, src/libhydra and src/libstrongswan
|
||||
|
@ -807,60 +808,60 @@ h_plugins=
|
|||
s_plugins=
|
||||
|
||||
ADD_PLUGIN([test-vectors], [s charon pluto openac scepclient pki])
|
||||
ADD_PLUGIN([curl], [s charon pluto scepclient scripts])
|
||||
ADD_PLUGIN([soup], [s charon pluto scripts])
|
||||
ADD_PLUGIN([ldap], [s charon pluto scepclient scripts])
|
||||
ADD_PLUGIN([curl], [s charon pluto scepclient scripts nm])
|
||||
ADD_PLUGIN([soup], [s charon pluto scripts nm])
|
||||
ADD_PLUGIN([ldap], [s charon pluto scepclient scripts nm])
|
||||
ADD_PLUGIN([mysql], [s charon pluto pool manager medsrv attest])
|
||||
ADD_PLUGIN([sqlite], [s charon pluto pool manager medsrv attest])
|
||||
ADD_PLUGIN([pkcs11], [s charon pki])
|
||||
ADD_PLUGIN([aes], [s charon pluto openac scepclient pki scripts])
|
||||
ADD_PLUGIN([des], [s charon pluto openac scepclient pki scripts])
|
||||
ADD_PLUGIN([blowfish], [s charon pluto openac scepclient pki scripts])
|
||||
ADD_PLUGIN([sha1], [s charon pluto openac scepclient pki scripts medsrv attest])
|
||||
ADD_PLUGIN([sha2], [s charon pluto openac scepclient pki scripts medsrv attest])
|
||||
ADD_PLUGIN([md4], [s charon openac manager scepclient pki])
|
||||
ADD_PLUGIN([md5], [s charon pluto openac scepclient pki scripts attest])
|
||||
ADD_PLUGIN([random], [s charon pluto openac scepclient pki scripts medsrv attest])
|
||||
ADD_PLUGIN([x509], [s charon pluto openac scepclient pki scripts attest])
|
||||
ADD_PLUGIN([revocation], [s charon])
|
||||
ADD_PLUGIN([constraints], [s charon])
|
||||
ADD_PLUGIN([pkcs11], [s charon pki nm])
|
||||
ADD_PLUGIN([aes], [s charon pluto openac scepclient pki scripts nm])
|
||||
ADD_PLUGIN([des], [s charon pluto openac scepclient pki scripts nm])
|
||||
ADD_PLUGIN([blowfish], [s charon pluto openac scepclient pki scripts nm])
|
||||
ADD_PLUGIN([sha1], [s charon pluto openac scepclient pki scripts medsrv attest nm])
|
||||
ADD_PLUGIN([sha2], [s charon pluto openac scepclient pki scripts medsrv attest nm])
|
||||
ADD_PLUGIN([md4], [s charon openac manager scepclient pki nm])
|
||||
ADD_PLUGIN([md5], [s charon pluto openac scepclient pki scripts attest nm])
|
||||
ADD_PLUGIN([random], [s charon pluto openac scepclient pki scripts medsrv attest nm])
|
||||
ADD_PLUGIN([x509], [s charon pluto openac scepclient pki scripts attest nm])
|
||||
ADD_PLUGIN([revocation], [s charon nm])
|
||||
ADD_PLUGIN([constraints], [s charon nm])
|
||||
ADD_PLUGIN([pubkey], [s charon])
|
||||
ADD_PLUGIN([pkcs1], [s charon pluto openac scepclient pki scripts manager medsrv attest])
|
||||
ADD_PLUGIN([pkcs8], [s charon pluto openac scepclient pki scripts manager medsrv attest])
|
||||
ADD_PLUGIN([pkcs1], [s charon pluto openac scepclient pki scripts manager medsrv attest nm])
|
||||
ADD_PLUGIN([pkcs8], [s charon pluto openac scepclient pki scripts manager medsrv attest nm])
|
||||
ADD_PLUGIN([pgp], [s charon pluto])
|
||||
ADD_PLUGIN([dnskey], [s pluto])
|
||||
ADD_PLUGIN([pem], [s charon pluto openac scepclient pki scripts manager medsrv attest])
|
||||
ADD_PLUGIN([pem], [s charon pluto openac scepclient pki scripts manager medsrv attest nm])
|
||||
ADD_PLUGIN([padlock], [s charon])
|
||||
ADD_PLUGIN([openssl], [s charon pluto openac scepclient pki scripts manager medsrv attest])
|
||||
ADD_PLUGIN([gcrypt], [s charon pluto openac scepclient pki scripts manager medsrv attest])
|
||||
ADD_PLUGIN([af-alg], [s charon pluto openac scepclient pki scripts medsrv attest])
|
||||
ADD_PLUGIN([fips-prf], [s charon])
|
||||
ADD_PLUGIN([gmp], [s charon pluto openac scepclient pki scripts manager medsrv attest])
|
||||
ADD_PLUGIN([agent], [s charon])
|
||||
ADD_PLUGIN([xcbc], [s charon])
|
||||
ADD_PLUGIN([cmac], [s charon])
|
||||
ADD_PLUGIN([hmac], [s charon pluto scripts])
|
||||
ADD_PLUGIN([ctr], [s charon scripts])
|
||||
ADD_PLUGIN([ccm], [s charon scripts])
|
||||
ADD_PLUGIN([gcm], [s charon scripts])
|
||||
ADD_PLUGIN([openssl], [s charon pluto openac scepclient pki scripts manager medsrv attest nm])
|
||||
ADD_PLUGIN([gcrypt], [s charon pluto openac scepclient pki scripts manager medsrv attest nm])
|
||||
ADD_PLUGIN([af-alg], [s charon pluto openac scepclient pki scripts medsrv attest nm])
|
||||
ADD_PLUGIN([fips-prf], [s charon nm])
|
||||
ADD_PLUGIN([gmp], [s charon pluto openac scepclient pki scripts manager medsrv attest nm])
|
||||
ADD_PLUGIN([agent], [s charon nm])
|
||||
ADD_PLUGIN([xcbc], [s charon nm])
|
||||
ADD_PLUGIN([cmac], [s charon nm])
|
||||
ADD_PLUGIN([hmac], [s charon pluto scripts nm])
|
||||
ADD_PLUGIN([ctr], [s charon scripts nm])
|
||||
ADD_PLUGIN([ccm], [s charon scripts nm])
|
||||
ADD_PLUGIN([gcm], [s charon scripts nm])
|
||||
ADD_PLUGIN([xauth], [p pluto])
|
||||
ADD_PLUGIN([attr], [h charon pluto])
|
||||
ADD_PLUGIN([attr-sql], [h charon pluto])
|
||||
ADD_PLUGIN([load-tester], [c charon])
|
||||
ADD_PLUGIN([kernel-pfkey], [h charon pluto starter])
|
||||
ADD_PLUGIN([kernel-pfroute], [h charon pluto starter])
|
||||
ADD_PLUGIN([kernel-pfkey], [h charon pluto starter nm])
|
||||
ADD_PLUGIN([kernel-pfroute], [h charon pluto starter nm])
|
||||
ADD_PLUGIN([kernel-klips], [h charon pluto starter])
|
||||
ADD_PLUGIN([kernel-netlink], [h charon pluto starter])
|
||||
ADD_PLUGIN([kernel-netlink], [h charon pluto starter nm])
|
||||
ADD_PLUGIN([resolve], [h charon pluto])
|
||||
ADD_PLUGIN([socket-default], [c charon])
|
||||
ADD_PLUGIN([socket-raw], [c charon])
|
||||
ADD_PLUGIN([socket-default], [c charon nm])
|
||||
ADD_PLUGIN([socket-raw], [c charon nm])
|
||||
ADD_PLUGIN([socket-dynamic], [c charon])
|
||||
ADD_PLUGIN([farp], [c charon])
|
||||
ADD_PLUGIN([stroke], [c charon])
|
||||
ADD_PLUGIN([smp], [c charon])
|
||||
ADD_PLUGIN([sql], [c charon])
|
||||
ADD_PLUGIN([updown], [c charon])
|
||||
ADD_PLUGIN([eap-identity], [c charon])
|
||||
ADD_PLUGIN([eap-identity], [c charon nm])
|
||||
ADD_PLUGIN([eap-sim], [c charon])
|
||||
ADD_PLUGIN([eap-sim-file], [c charon])
|
||||
ADD_PLUGIN([eap-sim-pcsc], [c charon])
|
||||
|
@ -869,13 +870,13 @@ ADD_PLUGIN([eap-aka-3gpp2], [c charon])
|
|||
ADD_PLUGIN([eap-simaka-sql], [c charon])
|
||||
ADD_PLUGIN([eap-simaka-pseudonym], [c charon])
|
||||
ADD_PLUGIN([eap-simaka-reauth], [c charon])
|
||||
ADD_PLUGIN([eap-md5], [c charon])
|
||||
ADD_PLUGIN([eap-gtc], [c charon])
|
||||
ADD_PLUGIN([eap-mschapv2], [c charon])
|
||||
ADD_PLUGIN([eap-md5], [c charon nm])
|
||||
ADD_PLUGIN([eap-gtc], [c charon nm])
|
||||
ADD_PLUGIN([eap-mschapv2], [c charon nm])
|
||||
ADD_PLUGIN([eap-radius], [c charon])
|
||||
ADD_PLUGIN([eap-tls], [c charon])
|
||||
ADD_PLUGIN([eap-ttls], [c charon])
|
||||
ADD_PLUGIN([eap-peap], [c charon])
|
||||
ADD_PLUGIN([eap-tls], [c charon nm])
|
||||
ADD_PLUGIN([eap-ttls], [c charon nm])
|
||||
ADD_PLUGIN([eap-peap], [c charon nm])
|
||||
ADD_PLUGIN([eap-tnc], [c charon])
|
||||
ADD_PLUGIN([xauth-generic], [c charon])
|
||||
ADD_PLUGIN([xauth-eap], [c charon])
|
||||
|
@ -915,6 +916,7 @@ AC_SUBST(pki_plugins)
|
|||
AC_SUBST(scripts_plugins)
|
||||
AC_SUBST(manager_plugins)
|
||||
AC_SUBST(medsrv_plugins)
|
||||
AC_SUBST(nm_plugins)
|
||||
|
||||
AC_SUBST(c_plugins)
|
||||
AC_SUBST(p_plugins)
|
||||
|
@ -1061,12 +1063,13 @@ AM_CONDITIONAL(USE_IKEV2, test x$ikev2 = xtrue)
|
|||
AM_CONDITIONAL(USE_THREADS, test x$threads = xtrue)
|
||||
AM_CONDITIONAL(USE_ADNS, test x$adns = xtrue)
|
||||
AM_CONDITIONAL(USE_CHARON, test x$charon = xtrue)
|
||||
AM_CONDITIONAL(USE_NM, test x$nm = xtrue)
|
||||
AM_CONDITIONAL(USE_TOOLS, test x$tools = xtrue)
|
||||
AM_CONDITIONAL(USE_SCRIPTS, test x$scripts = xtrue)
|
||||
AM_CONDITIONAL(USE_CONFTEST, test x$conftest = xtrue)
|
||||
AM_CONDITIONAL(USE_LIBSTRONGSWAN, test x$charon = xtrue -o x$pluto = xtrue -o x$tools = xtrue -o x$conftest = xtrue -o x$fast = xtrue -o x$imcv = xtrue)
|
||||
AM_CONDITIONAL(USE_LIBHYDRA, test x$charon = xtrue -o x$pluto = xtrue)
|
||||
AM_CONDITIONAL(USE_LIBCHARON, test x$charon = xtrue -o x$conftest = xtrue)
|
||||
AM_CONDITIONAL(USE_LIBSTRONGSWAN, test x$charon = xtrue -o x$pluto = xtrue -o x$tools = xtrue -o x$conftest = xtrue -o x$fast = xtrue -o x$imcv = xtrue -o x$nm = xtrue)
|
||||
AM_CONDITIONAL(USE_LIBHYDRA, test x$charon = xtrue -o x$pluto = xtrue -o x$nm = xtrue)
|
||||
AM_CONDITIONAL(USE_LIBCHARON, test x$charon = xtrue -o x$conftest = xtrue -o x$nm = xtrue)
|
||||
AM_CONDITIONAL(USE_LIBTNCIF, test x$tnc_tnccs = xtrue -o x$imcv = xtrue)
|
||||
AM_CONDITIONAL(USE_LIBTNCCS, test x$tnc_tnccs = xtrue)
|
||||
AM_CONDITIONAL(USE_FILE_CONFIG, test x$pluto = xtrue -o x$stroke = xtrue)
|
||||
|
@ -1175,6 +1178,7 @@ AC_OUTPUT(
|
|||
src/pluto/plugins/xauth/Makefile
|
||||
src/whack/Makefile
|
||||
src/charon/Makefile
|
||||
src/charon-nm/Makefile
|
||||
src/libcharon/Makefile
|
||||
src/libcharon/plugins/eap_aka/Makefile
|
||||
src/libcharon/plugins/eap_aka_3gpp2/Makefile
|
||||
|
|
|
@ -56,6 +56,10 @@ if USE_CHARON
|
|||
SUBDIRS += charon
|
||||
endif
|
||||
|
||||
if USE_NM
|
||||
SUBDIRS += charon-nm
|
||||
endif
|
||||
|
||||
if USE_STROKE
|
||||
SUBDIRS += stroke
|
||||
endif
|
||||
|
|
|
@ -0,0 +1,20 @@
|
|||
ipsec_PROGRAMS = charon-nm
|
||||
|
||||
charon_nm_SOURCES = \
|
||||
charon-nm.c
|
||||
|
||||
INCLUDES = \
|
||||
-I$(top_srcdir)/src/libstrongswan \
|
||||
-I$(top_srcdir)/src/libhydra \
|
||||
-I$(top_srcdir)/src/libcharon
|
||||
|
||||
AM_CFLAGS = \
|
||||
-DIPSEC_DIR=\"${ipsecdir}\" \
|
||||
-DIPSEC_PIDDIR=\"${piddir}\" \
|
||||
-DPLUGINS=\""${nm_plugins}\""
|
||||
|
||||
charon_nm_LDADD = \
|
||||
$(top_builddir)/src/libstrongswan/libstrongswan.la \
|
||||
$(top_builddir)/src/libhydra/libhydra.la \
|
||||
$(top_builddir)/src/libcharon/libcharon.la \
|
||||
-lm $(PTHREADLIB) $(DLLIB)
|
|
@ -0,0 +1,308 @@
|
|||
/*
|
||||
* Copyright (C) 2012 Tobias Brunner
|
||||
* Hochschule fuer Technik Rapperswil
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify it
|
||||
* under the terms of the GNU General Public License as published by the
|
||||
* Free Software Foundation; either version 2 of the License, or (at your
|
||||
* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful, but
|
||||
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
|
||||
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
||||
* for more details.
|
||||
*/
|
||||
|
||||
#include <stdio.h>
|
||||
#include <syslog.h>
|
||||
#include <signal.h>
|
||||
#include <sys/types.h>
|
||||
#include <unistd.h>
|
||||
#include <pwd.h>
|
||||
#include <grp.h>
|
||||
#ifdef HAVE_PRCTL
|
||||
#include <sys/prctl.h>
|
||||
#endif
|
||||
|
||||
#include <hydra.h>
|
||||
#include <daemon.h>
|
||||
|
||||
#include <library.h>
|
||||
#include <utils/backtrace.h>
|
||||
#include <threading/thread.h>
|
||||
|
||||
/**
|
||||
* Hook in library for debugging messages
|
||||
*/
|
||||
extern void (*dbg) (debug_t group, level_t level, char *fmt, ...);
|
||||
|
||||
/**
|
||||
* Simple logging hook for library logs, using syslog output
|
||||
*/
|
||||
static void dbg_syslog(debug_t group, level_t level, char *fmt, ...)
|
||||
{
|
||||
if (level <= 1)
|
||||
{
|
||||
char buffer[8192], groupstr[4];
|
||||
va_list args;
|
||||
|
||||
va_start(args, fmt);
|
||||
/* write in memory buffer first */
|
||||
vsnprintf(buffer, sizeof(buffer), fmt, args);
|
||||
/* cache group name */
|
||||
snprintf(groupstr, sizeof(groupstr), "%N", debug_names, group);
|
||||
syslog(LOG_DAEMON|LOG_INFO, "00[%s] %s", groupstr, buffer);
|
||||
va_end(args);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Run the daemon and handle unix signals
|
||||
*/
|
||||
static void run()
|
||||
{
|
||||
sigset_t set;
|
||||
|
||||
/* handle SIGINT and SIGTERM in this handler */
|
||||
sigemptyset(&set);
|
||||
sigaddset(&set, SIGINT);
|
||||
sigaddset(&set, SIGTERM);
|
||||
sigprocmask(SIG_BLOCK, &set, NULL);
|
||||
|
||||
while (TRUE)
|
||||
{
|
||||
int sig;
|
||||
int error;
|
||||
|
||||
error = sigwait(&set, &sig);
|
||||
if (error)
|
||||
{
|
||||
DBG1(DBG_DMN, "error %d while waiting for a signal", error);
|
||||
return;
|
||||
}
|
||||
switch (sig)
|
||||
{
|
||||
case SIGINT:
|
||||
{
|
||||
DBG1(DBG_DMN, "signal of type SIGINT received. Shutting down");
|
||||
charon->bus->alert(charon->bus, ALERT_SHUTDOWN_SIGNAL, sig);
|
||||
return;
|
||||
}
|
||||
case SIGTERM:
|
||||
{
|
||||
DBG1(DBG_DMN, "signal of type SIGTERM received. Shutting down");
|
||||
charon->bus->alert(charon->bus, ALERT_SHUTDOWN_SIGNAL, sig);
|
||||
return;
|
||||
}
|
||||
default:
|
||||
{
|
||||
DBG1(DBG_DMN, "unknown signal %d received. Ignored", sig);
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Handle SIGSEGV/SIGILL signals raised by threads
|
||||
*/
|
||||
static void segv_handler(int signal)
|
||||
{
|
||||
backtrace_t *backtrace;
|
||||
|
||||
DBG1(DBG_DMN, "thread %u received %d", thread_current_id(), signal);
|
||||
backtrace = backtrace_create(2);
|
||||
backtrace->log(backtrace, stderr, TRUE);
|
||||
backtrace->destroy(backtrace);
|
||||
|
||||
DBG1(DBG_DMN, "killing ourself, received critical signal");
|
||||
abort();
|
||||
}
|
||||
|
||||
/**
|
||||
* Initialize logging to syslog
|
||||
*/
|
||||
static void initialize_logger()
|
||||
{
|
||||
sys_logger_t *sys_logger;
|
||||
debug_t group;
|
||||
level_t def;
|
||||
|
||||
sys_logger = sys_logger_create(LOG_DAEMON, FALSE);
|
||||
def = lib->settings->get_int(lib->settings,
|
||||
"charon-nm.syslog.default", 1);
|
||||
for (group = 0; group < DBG_MAX; group++)
|
||||
{
|
||||
sys_logger->set_level(sys_logger, group,
|
||||
lib->settings->get_int(lib->settings, "charon-nm.syslog.%N", def,
|
||||
debug_lower_names, group));
|
||||
}
|
||||
charon->sys_loggers->insert_last(charon->sys_loggers, sys_logger);
|
||||
charon->bus->add_logger(charon->bus, &sys_logger->logger);
|
||||
}
|
||||
|
||||
/**
|
||||
* Lookup UID and GID
|
||||
*/
|
||||
static bool lookup_uid_gid()
|
||||
{
|
||||
#ifdef IPSEC_USER
|
||||
{
|
||||
char buf[1024];
|
||||
struct passwd passwd, *pwp;
|
||||
|
||||
if (getpwnam_r(IPSEC_USER, &passwd, buf, sizeof(buf), &pwp) != 0 ||
|
||||
pwp == NULL)
|
||||
{
|
||||
DBG1(DBG_DMN, "resolving user '"IPSEC_USER"' failed");
|
||||
return FALSE;
|
||||
}
|
||||
charon->uid = pwp->pw_uid;
|
||||
}
|
||||
#endif
|
||||
#ifdef IPSEC_GROUP
|
||||
{
|
||||
char buf[1024];
|
||||
struct group group, *grp;
|
||||
|
||||
if (getgrnam_r(IPSEC_GROUP, &group, buf, sizeof(buf), &grp) != 0 ||
|
||||
grp == NULL)
|
||||
{
|
||||
DBG1(DBG_DMN, "resolving group '"IPSEC_GROUP"' failed");
|
||||
return FALSE;
|
||||
}
|
||||
charon->gid = grp->gr_gid;
|
||||
}
|
||||
#endif
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
/**
|
||||
* Drop process capabilities
|
||||
*/
|
||||
static bool drop_capabilities()
|
||||
{
|
||||
#ifdef HAVE_PRCTL
|
||||
prctl(PR_SET_KEEPCAPS, 1, 0, 0, 0);
|
||||
#endif
|
||||
|
||||
if (setgid(charon->gid) != 0)
|
||||
{
|
||||
DBG1(DBG_DMN, "change to unprivileged group failed");
|
||||
return FALSE;
|
||||
}
|
||||
if (setuid(charon->uid) != 0)
|
||||
{
|
||||
DBG1(DBG_DMN, "change to unprivileged user failed");
|
||||
return FALSE;
|
||||
}
|
||||
if (!charon->drop_capabilities(charon))
|
||||
{
|
||||
DBG1(DBG_DMN, "unable to drop daemon capabilities");
|
||||
return FALSE;
|
||||
}
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
/**
|
||||
* Main function, starts NetworkManager backend.
|
||||
*/
|
||||
int main(int argc, char *argv[])
|
||||
{
|
||||
struct sigaction action;
|
||||
int status = SS_RC_INITIALIZATION_FAILED;
|
||||
|
||||
/* logging for library during initialization, as we have no bus yet */
|
||||
dbg = dbg_syslog;
|
||||
|
||||
/* initialize library */
|
||||
if (!library_init(NULL))
|
||||
{
|
||||
library_deinit();
|
||||
exit(SS_RC_LIBSTRONGSWAN_INTEGRITY);
|
||||
}
|
||||
|
||||
if (lib->integrity &&
|
||||
!lib->integrity->check_file(lib->integrity, "charon-nm", argv[0]))
|
||||
{
|
||||
dbg_syslog(DBG_DMN, 1, "integrity check of charon-nm failed");
|
||||
library_deinit();
|
||||
exit(SS_RC_DAEMON_INTEGRITY);
|
||||
}
|
||||
|
||||
if (!libhydra_init("charon-nm"))
|
||||
{
|
||||
dbg_syslog(DBG_DMN, 1, "initialization failed - aborting charon-nm");
|
||||
libhydra_deinit();
|
||||
library_deinit();
|
||||
exit(SS_RC_INITIALIZATION_FAILED);
|
||||
}
|
||||
|
||||
if (!libcharon_init())
|
||||
{
|
||||
dbg_syslog(DBG_DMN, 1, "initialization failed - aborting charon-nm");
|
||||
goto deinit;
|
||||
}
|
||||
|
||||
if (!lookup_uid_gid())
|
||||
{
|
||||
dbg_syslog(DBG_DMN, 1, "invalid uid/gid - aborting charon-nm");
|
||||
goto deinit;
|
||||
}
|
||||
|
||||
initialize_logger();
|
||||
|
||||
DBG1(DBG_DMN, "Starting charon NetworkManager backend (strongSwan "VERSION")");
|
||||
if (lib->integrity)
|
||||
{
|
||||
DBG1(DBG_DMN, "integrity tests enabled:");
|
||||
DBG1(DBG_DMN, "lib 'libstrongswan': passed file and segment integrity tests");
|
||||
DBG1(DBG_DMN, "lib 'libhydra': passed file and segment integrity tests");
|
||||
DBG1(DBG_DMN, "lib 'libcharon': passed file and segment integrity tests");
|
||||
DBG1(DBG_DMN, "daemon 'charon-nm': passed file integrity test");
|
||||
}
|
||||
|
||||
/* initialize daemon */
|
||||
if (!charon->initialize(charon,
|
||||
lib->settings->get_str(lib->settings, "charon-nm.load", PLUGINS)))
|
||||
{
|
||||
DBG1(DBG_DMN, "initialization failed - aborting charon-nm");
|
||||
goto deinit;
|
||||
}
|
||||
|
||||
if (!drop_capabilities())
|
||||
{
|
||||
DBG1(DBG_DMN, "capability dropping failed - aborting charon-nm");
|
||||
goto deinit;
|
||||
}
|
||||
|
||||
/* add handler for SEGV and ILL,
|
||||
* INT and TERM are handled by sigwait() in run() */
|
||||
action.sa_handler = segv_handler;
|
||||
action.sa_flags = 0;
|
||||
sigemptyset(&action.sa_mask);
|
||||
sigaddset(&action.sa_mask, SIGINT);
|
||||
sigaddset(&action.sa_mask, SIGTERM);
|
||||
sigaction(SIGSEGV, &action, NULL);
|
||||
sigaction(SIGILL, &action, NULL);
|
||||
sigaction(SIGBUS, &action, NULL);
|
||||
action.sa_handler = SIG_IGN;
|
||||
sigaction(SIGPIPE, &action, NULL);
|
||||
|
||||
pthread_sigmask(SIG_SETMASK, &action.sa_mask, NULL);
|
||||
|
||||
/* start daemon (i.e. the threads in the thread-pool) */
|
||||
charon->start(charon);
|
||||
|
||||
/* main thread goes to run loop */
|
||||
run();
|
||||
|
||||
status = 0;
|
||||
|
||||
deinit:
|
||||
libcharon_deinit();
|
||||
libhydra_deinit();
|
||||
library_deinit();
|
||||
return status;
|
||||
}
|
||||
|
Loading…
Reference in New Issue