stop strongswan if integrity check of libstrongswan or daemon fails

author: Andreas Steffen <andreas.steffen@strongswan.org> 2009-07-17 20:33:19 +0200
committer: Andreas Steffen <andreas.steffen@strongswan.org> 2009-07-17 20:33:19 +0200
commit: eab241fb5614e464f4d799836098293959a6d2d9 (patch)
tree: 4d5344b8c91d12f26ca33cfe3879c4433d640c7a
parent: 6b04ba288d6a618d249a9bb3399a65b3297d9f5f (diff)
download: strongswan-eab241fb5614e464f4d799836098293959a6d2d9.tar.bz2
strongswan-eab241fb5614e464f4d799836098293959a6d2d9.tar.xz
8 files changed, 49 insertions, 25 deletions
diff --git a/src/charon/daemon.c b/src/charon/daemon.c
index 92dc88f81..fe8f96fe2 100644
--- a/src/charon/daemon.c
+++ b/src/charon/daemon.c
@@ -676,7 +676,7 @@ int main(int argc, char *argv[])
 	if (!library_init(STRONGSWAN_CONF))
 	{
 		library_deinit();
-		exit(-1);
+		exit(SS_RC_LIBSTRONGSWAN_INTEGRITY);
 	}
 	
 	if (lib->integrity &&
@@ -684,7 +684,7 @@ int main(int argc, char *argv[])
 	{
 		dbg_stderr(1, "integrity check of charon failed");
 		library_deinit();
-		exit(-1);
+		exit(SS_RC_DAEMON_INTEGRITY);
 	}
 	
 	lib->printf_hook->add_handler(lib->printf_hook, 'R',
diff --git a/src/libstrongswan/utils.h b/src/libstrongswan/utils.h
index debd0145b..56f7b7095 100644
--- a/src/libstrongswan/utils.h
+++ b/src/libstrongswan/utils.h
@@ -29,6 +29,12 @@
 #include <enum.h>
 
 /**
+ * strongSwan program return codes
+ */
+#define SS_RC_LIBSTRONGSWAN_INTEGRITY	64
+#define SS_RC_DAEMON_INTEGRITY			65
+
+/**
  * Number of bits in a byte
  */
 #define BITS_PER_BYTE 8
diff --git a/src/pluto/plutomain.c b/src/pluto/plutomain.c
index e03496796..6590cafe2 100644
--- a/src/pluto/plutomain.c
+++ b/src/pluto/plutomain.c
@@ -263,14 +263,14 @@ int main(int argc, char **argv)
 	if (!library_init(STRONGSWAN_CONF))
 	{
 		library_deinit();
-		abort();
+		exit(SS_RC_LIBSTRONGSWAN_INTEGRITY);
 	}
 	if (lib->integrity &&
 		!lib->integrity->check_file(lib->integrity, "pluto", argv[0]))
 	{
 		fprintf(stderr, "integrity check of pluto failed\n");
 		library_deinit();
-		abort();
+		exit(SS_RC_DAEMON_INTEGRITY);
 	}
 	options = options_create();
 
diff --git a/src/starter/invokecharon.c b/src/starter/invokecharon.c
index 804467cea..bd15ac148 100644
--- a/src/starter/invokecharon.c
+++ b/src/starter/invokecharon.c
@@ -36,18 +36,23 @@
 static int _charon_pid = 0;
 static int _stop_requested;
 
-pid_t
-starter_charon_pid(void)
+pid_t starter_charon_pid(void)
 {
 	return _charon_pid;
 }
 
-void
-starter_charon_sigchild(pid_t pid)
+void starter_charon_sigchild(pid_t pid, int status)
 {
-		if (pid == _charon_pid)
+	if (pid == _charon_pid)
 	{
-				_charon_pid = 0;
+		_charon_pid = 0;
+		if (status == SS_RC_LIBSTRONGSWAN_INTEGRITY ||
+			status == SS_RC_DAEMON_INTEGRITY)
+		{
+			plog("charon has quit: integrity test of %s failed",
+				  (status == 64) ? "libstrongswan" : "charon");
+			_stop_requested = 1;
+		}
 		if (!_stop_requested)
 		{
 			plog("charon has died -- restart scheduled (%dsec)"
@@ -58,8 +63,7 @@ starter_charon_sigchild(pid_t pid)
 	}
 }
 
-int
-starter_stop_charon (void)
+int starter_stop_charon (void)
 {
 	int i;
 	pid_t pid = _charon_pid;
@@ -106,8 +110,7 @@ starter_stop_charon (void)
 }
 
 
-int
-starter_start_charon (starter_config_t *cfg, bool no_fork, bool attach_gdb)
+int starter_start_charon (starter_config_t *cfg, bool no_fork, bool attach_gdb)
 {
 	struct stat stb;
 	int pid, i;
diff --git a/src/starter/invokecharon.h b/src/starter/invokecharon.h
index f0f470a8d..aaf913c9b 100644
--- a/src/starter/invokecharon.h
+++ b/src/starter/invokecharon.h
@@ -20,7 +20,7 @@
 
 #define CHARON_RESTART_DELAY    5
 
-extern void starter_charon_sigchild (pid_t pid);
+extern void starter_charon_sigchild (pid_t pid, int status);
 extern pid_t starter_charon_pid (void);
 extern int starter_stop_charon (void);
 extern int starter_start_charon(struct starter_config *cfg, bool no_fork, bool attach_gdb);
diff --git a/src/starter/invokepluto.c b/src/starter/invokepluto.c
index 28bd93c5d..5ca1b45ab 100644
--- a/src/starter/invokepluto.c
+++ b/src/starter/invokepluto.c
@@ -42,11 +42,18 @@ starter_pluto_pid(void)
 }
 
 void
-starter_pluto_sigchild(pid_t pid)
+starter_pluto_sigchild(pid_t pid, int status)
 {
 	if (pid == _pluto_pid)
 	{
 		_pluto_pid = 0;
+		if (status == SS_RC_LIBSTRONGSWAN_INTEGRITY ||
+			status == SS_RC_DAEMON_INTEGRITY)
+		{
+			plog("pluto has quit: integrity test of %s failed",
+				  (status == 64) ? "libstrongswan" : "pluto");
+			_stop_requested = 1;
+		}
 		if (!_stop_requested)
 		{
 			plog("pluto has died -- restart scheduled (%dsec)"
diff --git a/src/starter/invokepluto.h b/src/starter/invokepluto.h
index b0c89b1f1..c87f50c2a 100644
--- a/src/starter/invokepluto.h
+++ b/src/starter/invokepluto.h
@@ -17,7 +17,7 @@
 
 #define PLUTO_RESTART_DELAY    5
 
-extern void starter_pluto_sigchild (pid_t pid);
+extern void starter_pluto_sigchild (pid_t pid, int status);
 extern pid_t starter_pluto_pid (void);
 extern int starter_stop_pluto (void);
 extern int starter_start_pluto (struct starter_config *cfg, bool no_fork, bool attach_gdb);
diff --git a/src/starter/starter.c b/src/starter/starter.c
index 24ce940cd..b64227238 100644
--- a/src/starter/starter.c
+++ b/src/starter/starter.c
@@ -66,14 +66,13 @@
 
 static unsigned int _action_ = 0;
 
-static void
-fsig(int signal)
+static void fsig(int signal)
 {
 	switch (signal)
 	{
 		case SIGCHLD:
 		{
-			int status;
+			int status, exit_status = 0;
 			pid_t pid;
 			char *name = NULL;
 
@@ -103,9 +102,15 @@ fsig(int signal)
 				}
 				else if (WIFEXITED(status))
 				{
+					exit_status =  WEXITSTATUS(status);
+					if (exit_status == SS_RC_LIBSTRONGSWAN_INTEGRITY ||
+						exit_status == SS_RC_DAEMON_INTEGRITY)
+					{
+						_action_ =  FLAG_ACTION_QUIT;
+					}
 					DBG(DBG_CONTROL,
 						DBG_log("child %d%s has quit (exit code %d)\n",
-								pid, name?name:"", WEXITSTATUS(status))
+								pid, name?name:"", exit_status)
 					   )
 				}
 				else
@@ -116,11 +121,11 @@ fsig(int signal)
 				}
 				if (pid == starter_pluto_pid())
 				{
-					starter_pluto_sigchild(pid);
+					starter_pluto_sigchild(pid, exit_status);
 				}
 				if (pid == starter_charon_pid())
 				{
-					starter_charon_sigchild(pid);
+					starter_charon_sigchild(pid, exit_status);
 				}
 			}
 		}
@@ -212,8 +217,7 @@ static void generate_selfcert()
 		}
 }
 
-static void
-usage(char *name)
+static void usage(char *name)
 {
 	fprintf(stderr, "Usage: starter [--nofork] [--auto-update <sec>] "
 			"[--debug|--debug-more|--debug-all]\n");
@@ -408,9 +412,13 @@ int main (int argc, char **argv)
 		if (_action_ & FLAG_ACTION_QUIT)
 		{
 			if (starter_pluto_pid())
+			{
 				starter_stop_pluto();
+			}
 			if (starter_charon_pid())
+			{
 				starter_stop_charon();
+			}
 			starter_netkey_cleanup();
 			confread_free(cfg);
 			unlink(STARTER_PID_FILE);
author	Andreas Steffen <andreas.steffen@strongswan.org>	2009-07-17 20:33:19 +0200
committer	Andreas Steffen <andreas.steffen@strongswan.org>	2009-07-17 20:33:19 +0200
commit	eab241fb5614e464f4d799836098293959a6d2d9 (patch)
tree	4d5344b8c91d12f26ca33cfe3879c4433d640c7a
parent	6b04ba288d6a618d249a9bb3399a65b3297d9f5f (diff)
download	strongswan-eab241fb5614e464f4d799836098293959a6d2d9.tar.bz2 strongswan-eab241fb5614e464f4d799836098293959a6d2d9.tar.xz