diff options
| author | Martin Willi <martin@strongswan.org> | 2006-04-20 07:06:39 +0000 |
|---|---|---|
| committer | Martin Willi <martin@strongswan.org> | 2006-04-20 07:06:39 +0000 |
| commit | 8bc96e08cb0c613edc35bcc6c3e8028b4db9e0aa (patch) | |
| tree | 01f156479d22c765f0d99df0a5c4a07bcfe2c3f5 /Source | |
| parent | ec6582ccaa59e38cb83650c7c6b8312dc9768e87 (diff) | |
| download | strongswan-8bc96e08cb0c613edc35bcc6c3e8028b4db9e0aa.tar.bz2 strongswan-8bc96e08cb0c613edc35bcc6c3e8028b4db9e0aa.tar.xz | |
- fixed log-to-syslog behavior
- added patch against strongswan-2.6.4
Diffstat (limited to 'Source')
| -rw-r--r-- | Source/Makefile | 2 | ||||
| -rw-r--r-- | Source/charon/daemon.c | 11 | ||||
| -rwxr-xr-x | Source/lib/crypto/x509.c | 2 | ||||
| -rw-r--r-- | Source/lib/utils/leak_detective.c | 79 | ||||
| -rw-r--r-- | Source/lib/utils/logger.c | 2 | ||||
| -rw-r--r-- | Source/lib/utils/logger_manager.h | 4 | ||||
| -rw-r--r-- | Source/patches/strongswan-2.6.4.patch | 852 | ||||
| -rw-r--r-- | Source/scripts/alice-key.der | bin | 0 -> 1190 bytes | |||
| -rw-r--r-- | Source/scripts/alice.der | bin | 0 -> 764 bytes | |||
| -rw-r--r-- | Source/scripts/bob-key.der | bin | 0 -> 1187 bytes | |||
| -rw-r--r-- | Source/scripts/bob.der | bin | 0 -> 759 bytes | |||
| -rwxr-xr-x | Source/scripts/daemon-loop.sh | 13 | ||||
| -rwxr-xr-x | Source/scripts/deleteline | 9 | ||||
| -rwxr-xr-x | Source/scripts/replace | 9 | ||||
| -rwxr-xr-x | Source/scripts/to-alice.sh | 28 | ||||
| -rwxr-xr-x | Source/scripts/to-bob.sh | 19 |
16 files changed, 1015 insertions, 15 deletions
diff --git a/Source/Makefile b/Source/Makefile index 40308cacb..9d51ea9a9 100644 --- a/Source/Makefile +++ b/Source/Makefile @@ -71,10 +71,12 @@ $(BINNAMESTROKE) : build_dir $(BINNAMELIB) $(BUILD_DIR)stroke.o install : $(BINNAMECHARON) $(BINNAMESTROKE) $(INSTALL) $(INSTBINFLAGS) $(BINNAMECHARON) $(BINNAMESTROKE) $(LIBEXECDIR) + $(INSTALL) $(INSTBINFLAGS) $(BINNAMELIB) $(SHAREDLIBDIR) install_file_list: @echo $(LIBEXECDIR)/charon @echo $(LIBEXECDIR)/stroke + @echo $(SHAREDLIBDIR)/libstrongswan.so clean : rm -fR $(BUILD_DIR) diff --git a/Source/charon/daemon.c b/Source/charon/daemon.c index d7265531d..376a09979 100644 --- a/Source/charon/daemon.c +++ b/Source/charon/daemon.c @@ -27,6 +27,7 @@ #include <sys/types.h> #include <unistd.h> #include <execinfo.h> +#include <string.h> #include "daemon.h" @@ -332,6 +333,16 @@ int main(int argc, char *argv[]) private_daemon_t *private_charon; FILE *pid_file; struct stat stb; + int i; + + /* trivial argument parsing */ + for (i = 1; i < argc; i++) + { + if (strcmp(argv[i], "--use-syslog") == 0) + { + logger_manager->set_output(logger_manager, ALL_LOGGERS, NULL); + } + } private_charon = daemon_create(); charon = (daemon_t*)private_charon; diff --git a/Source/lib/crypto/x509.c b/Source/lib/crypto/x509.c index 1f2e72932..2b99b2d03 100755 --- a/Source/lib/crypto/x509.c +++ b/Source/lib/crypto/x509.c @@ -1638,6 +1638,8 @@ x509_t *x509_create_from_chunk(chunk_t chunk) this->subjectAltName = NULL; this->crlDistributionPoints = NULL; + logger = logger_manager->get_logger(logger_manager, ASN1); + if (!parse_x509cert(chunk, 0, this)) { destroy(this); diff --git a/Source/lib/utils/leak_detective.c b/Source/lib/utils/leak_detective.c index 0d90820ee..319f80513 100644 --- a/Source/lib/utils/leak_detective.c +++ b/Source/lib/utils/leak_detective.c @@ -20,7 +20,6 @@ */ #include <stddef.h> -#include <pthread.h> #include <string.h> #include <stdio.h> #include <malloc.h> @@ -31,6 +30,9 @@ #include <arpa/inet.h> #include <dlfcn.h> #include <unistd.h> +#include <syslog.h> +#define __USE_GNU +#include <pthread.h> #include "leak_detective.h" @@ -108,13 +110,22 @@ memory_header_t first_header = { * standard hooks, used to temparily remove hooking */ void *old_malloc_hook, *old_realloc_hook, *old_free_hook; +static bool installed = FALSE; /** * Mutex to exclusivly uninstall hooks, access heap list */ -pthread_mutex_t mutex = PTHREAD_MUTEX_INITIALIZER; +pthread_mutex_t mutex = PTHREAD_RECURSIVE_MUTEX_INITIALIZER_NP; -void (*__malloc_initialize_hook) (void) = install_hooks; +/** + * Setup leak detective at malloc initialization + */ +void setup_leak_detective() +{ + logger = logger_manager->get_logger(logger_manager, LEAK_DETECT); + install_hooks(); +} +void (*__malloc_initialize_hook) (void) = setup_leak_detective; /** * log stack frames queried by backtrace() @@ -141,13 +152,16 @@ void log_stack_frames(void **stack_frames, int stack_frame_count) */ void install_hooks() { - logger = logger_manager->get_logger(logger_manager, LEAK_DETECT); - old_malloc_hook = __malloc_hook; - old_realloc_hook = __realloc_hook; - old_free_hook = __free_hook; - __malloc_hook = malloc_hook; - __realloc_hook = realloc_hook; - __free_hook = free_hook; + if (!installed) + { + old_malloc_hook = __malloc_hook; + old_realloc_hook = __realloc_hook; + old_free_hook = __free_hook; + __malloc_hook = malloc_hook; + __realloc_hook = realloc_hook; + __free_hook = free_hook; + installed = TRUE; + } } /** @@ -155,8 +169,13 @@ void install_hooks() */ void uninstall_hooks() { - __malloc_hook = old_malloc_hook; - __free_hook = old_free_hook; + if (installed) + { + __malloc_hook = old_malloc_hook; + __free_hook = old_free_hook; + __realloc_hook = old_realloc_hook; + installed = FALSE; + } } /** @@ -270,12 +289,17 @@ void __attribute__ ((destructor)) report_leaks() memory_header_t *hdr; int leaks = 0; + /* reaquire a logger is necessary, this will force ((destructor)) + * order to work correctly */ + logger = logger_manager->get_logger(logger_manager, LEAK_DETECT); + for (hdr = first_header.next; hdr != NULL; hdr = hdr->next) { logger->log(logger, ERROR, "Leak (%d bytes at %p)", hdr->bytes, hdr + 1); log_stack_frames(hdr->stack_frames, hdr->stack_frame_count); leaks++; } + switch (leaks) { case 0: @@ -402,4 +426,35 @@ time_t mktime(struct tm *tm) return result; } +void vsyslog (int __pri, __const char *__fmt, __gnuc_va_list __ap) +{ + void (*_vsyslog) (int __pri, __const char *__fmt, __gnuc_va_list __ap); + void *handle; + + pthread_mutex_lock(&mutex); + uninstall_hooks(); + + handle = dlopen("libc.so.6", RTLD_LAZY); + if (handle == NULL) + { + install_hooks(); + pthread_mutex_unlock(&mutex); + kill(getpid(), SIGSEGV); + } + _vsyslog = dlsym(handle, "vsyslog"); + + if (_vsyslog == NULL) + { + dlclose(handle); + install_hooks(); + pthread_mutex_unlock(&mutex); + kill(getpid(), SIGSEGV); + } + _vsyslog(__pri, __fmt, __ap); + dlclose(handle); + install_hooks(); + pthread_mutex_unlock(&mutex); + return; +} + #endif /* LEAK_DETECTION */ diff --git a/Source/lib/utils/logger.c b/Source/lib/utils/logger.c index 546de226b..4e6832243 100644 --- a/Source/lib/utils/logger.c +++ b/Source/lib/utils/logger.c @@ -352,7 +352,7 @@ logger_t *logger_create(char *logger_name, log_level_t log_level, bool log_threa if (output == NULL) { - openlog(DAEMON_NAME, 0, LOG_DAEMON); + //openlog(DAEMON_NAME, 0, LOG_DAEMON); } return (logger_t*)this; diff --git a/Source/lib/utils/logger_manager.h b/Source/lib/utils/logger_manager.h index 24806b80f..074dd744a 100644 --- a/Source/lib/utils/logger_manager.h +++ b/Source/lib/utils/logger_manager.h @@ -27,7 +27,7 @@ #include <utils/logger.h> -#define INITIAL_LOG_OUTPUT stderr +#define INITIAL_LOG_OUTPUT stdout typedef enum logger_context_t logger_context_t; @@ -77,7 +77,7 @@ typedef struct logger_manager_t logger_manager_t; * library start and destroyed at exit. * * @b Constructors: - * - none, logger_manager is an instance + * - none, logger_manager is the single instance * * @see logger_t * diff --git a/Source/patches/strongswan-2.6.4.patch b/Source/patches/strongswan-2.6.4.patch new file mode 100644 index 000000000..ce6fe631f --- /dev/null +++ b/Source/patches/strongswan-2.6.4.patch @@ -0,0 +1,852 @@ +diff -Naur strongswan-2.6.4/Makefile.inc strongswan-2.6.4-charon/Makefile.inc +--- strongswan-2.6.4/Makefile.inc 2006-01-25 18:23:15.000000000 +0100 ++++ strongswan-2.6.4-charon/Makefile.inc 2006-04-19 14:22:26.000000000 +0200 +@@ -84,6 +84,8 @@ + FINALLIBDIR=$(INC_USRLOCAL)/lib/ipsec + LIBDIR=$(DESTDIR)$(FINALLIBDIR) + ++# sharedlibdir is where shared libraries go ++SHAREDLIBDIR=$(DESTDIR)$(INC_USRLOCAL)/lib + + # where the appropriate manpage tree is located + # location within INC_USRLOCAL +@@ -284,6 +286,9 @@ + # include PKCS11-based smartcard support + USE_SMARTCARD?=false + ++# support IKEv2 via charon ++USE_IKEV2?=true ++ + # Default PKCS11 library + # Uncomment this line if using OpenSC <= 0.9.6 + PKCS11_DEFAULT_LIB=\"/usr/lib/pkcs11/opensc-pkcs11.so\" +diff -Naur strongswan-2.6.4/programs/Makefile strongswan-2.6.4-charon/programs/Makefile +--- strongswan-2.6.4/programs/Makefile 2006-01-01 16:14:08.000000000 +0100 ++++ strongswan-2.6.4-charon/programs/Makefile 2006-04-19 14:22:26.000000000 +0200 +@@ -32,6 +32,10 @@ + SUBDIRS+=showpolicy + endif + ++ifeq ($(USE_IKEV2),true) ++SUBDIRS+=charon ++endif ++ + def: + @echo "Please read doc/intro.html or INSTALL before running make" + @false +diff -Naur strongswan-2.6.4/programs/ipsec/ipsec.in strongswan-2.6.4-charon/programs/ipsec/ipsec.in +--- strongswan-2.6.4/programs/ipsec/ipsec.in 2006-03-09 21:09:33.000000000 +0100 ++++ strongswan-2.6.4-charon/programs/ipsec/ipsec.in 2006-04-19 14:22:26.000000000 +0200 +@@ -123,6 +123,10 @@ + down) + shift + $IPSEC_EXECDIR/whack --name "$1" --terminate ++ if test -e $IPSEC_EXECDIR/stroke ++ then ++ $IPSEC_EXECDIR/stroke down "$1" ++ fi + exit 0 + ;; + listalgs|listpubkeys|listcerts|listcacerts|\ +@@ -134,6 +138,10 @@ + op="$1" + shift + $IPSEC_EXECDIR/whack "$@" "--$op" ++ if test -e $IPSEC_EXECDIR/stroke ++ then ++ $IPSEC_EXECDIR/stroke "$op" ++ fi + exit 0 + ;; + ready) +@@ -180,8 +188,16 @@ + if test $# -eq 0 + then + $IPSEC_EXECDIR/whack "--$op" ++ if test -e $IPSEC_EXECDIR/stroke ++ then ++ $IPSEC_EXECDIR/stroke status ++ fi + else + $IPSEC_EXECDIR/whack --name "$1" "--$op" ++ if test -e $IPSEC_EXECDIR/stroke ++ then ++ $IPSEC_EXECDIR/stroke status ++ fi + fi + exit 0 + ;; +@@ -198,6 +214,10 @@ + up) + shift + $IPSEC_EXECDIR/whack --name "$1" --initiate ++ if test -e $IPSEC_EXECDIR/stroke ++ then ++ $IPSEC_EXECDIR/stroke up "$1" ++ fi + exit 0 + ;; + update) +diff -Naur strongswan-2.6.4/programs/pluto/Makefile strongswan-2.6.4-charon/programs/pluto/Makefile +--- strongswan-2.6.4/programs/pluto/Makefile 2006-01-25 18:22:19.000000000 +0100 ++++ strongswan-2.6.4-charon/programs/pluto/Makefile 2006-04-19 14:22:26.000000000 +0200 +@@ -170,6 +170,11 @@ + LIBSPLUTO+= -ldl + endif + ++# enable IKEv2 support ++ifeq ($(USE_IKEV2),true) ++ DEFINES+= -DIKEV2 ++endif ++ + # This compile option activates the leak detective + ifeq ($(USE_LEAK_DETECTIVE),true) + DEFINES+= -DLEAK_DETECTIVE +diff -Naur strongswan-2.6.4/programs/pluto/demux.c strongswan-2.6.4-charon/programs/pluto/demux.c +--- strongswan-2.6.4/programs/pluto/demux.c 2005-02-18 22:08:59.000000000 +0100 ++++ strongswan-2.6.4-charon/programs/pluto/demux.c 2006-04-19 14:22:26.000000000 +0200 +@@ -1229,6 +1229,15 @@ + if (md->packet_pbs.roof - md->packet_pbs.cur >= (ptrdiff_t)isakmp_hdr_desc.size) + { + struct isakmp_hdr *hdr = (struct isakmp_hdr *)md->packet_pbs.cur; ++#ifdef IKEV2 ++ if ((hdr->isa_version >> ISA_MAJ_SHIFT) == 0x2 && ++ (hdr->isa_version & ISA_MIN_MASK) == 0x0) ++ { ++ /* IKEv2 is handled from charon, ignore */ ++ return; ++ } ++ else ++#endif /* IKEV2 */ + if ((hdr->isa_version >> ISA_MAJ_SHIFT) != ISAKMP_MAJOR_VERSION) + { + SEND_NOTIFICATION(INVALID_MAJOR_VERSION); +diff -Naur strongswan-2.6.4/programs/starter/Makefile strongswan-2.6.4-charon/programs/starter/Makefile +--- strongswan-2.6.4/programs/starter/Makefile 2006-02-17 20:34:02.000000000 +0100 ++++ strongswan-2.6.4-charon/programs/starter/Makefile 2006-04-19 14:22:26.000000000 +0200 +@@ -34,6 +34,11 @@ + DEFINES+= -DLEAK_DETECTIVE + endif + ++# Enable charon support ++ifeq ($(USE_IKEV2),true) ++ DEFINES+= -DIKEV2 ++endif ++ + INCLUDES=-I${FREESWANDIR}/linux/include + CFLAGS=$(DEFINES) $(INCLUDES) -Wall + CFLAGS+=-DIPSEC_EXECDIR=\"${FINALLIBEXECDIR}\" -DIPSEC_CONFDDIR=\"${FINALCONFDDIR}\" +@@ -46,6 +51,11 @@ + starterwhack.o klips.o netkey.o interfaces.o exec.o cmp.o confread.o \ + loglite.o ${PLUTO_OBJS} + ++# Build charon-only objs ++ifeq ($(USE_IKEV2),true) ++ OBJS+= invokecharon.o starterstroke.o ++endif ++ + DISTSRC=$(OBJS:.o=.c) + DISTSRC+=cmp.h confread.h confwrite.h exec.h files.h interfaces.h klips.h netkey.h + DISTSRC+=parser.h args.h invokepluto.h starterwhack.h keywords.h keywords.txt +diff -Naur strongswan-2.6.4/programs/starter/args.c strongswan-2.6.4-charon/programs/starter/args.c +--- strongswan-2.6.4/programs/starter/args.c 2006-03-10 21:37:10.000000000 +0100 ++++ strongswan-2.6.4-charon/programs/starter/args.c 2006-04-19 14:22:26.000000000 +0200 +@@ -86,6 +86,10 @@ + + static const char *LST_keyexchange[] = { + "ike", ++#ifdef IKEV2 ++ "ikev1", ++ "ikev2", ++#endif /* IKEV2 */ + NULL + }; + +diff -Naur strongswan-2.6.4/programs/starter/files.h strongswan-2.6.4-charon/programs/starter/files.h +--- strongswan-2.6.4/programs/starter/files.h 2006-02-04 19:52:58.000000000 +0100 ++++ strongswan-2.6.4-charon/programs/starter/files.h 2006-04-19 14:22:26.000000000 +0200 +@@ -37,8 +37,15 @@ + #define SECRETS_FILE IPSEC_CONFDIR"/ipsec.secrets" + + #define PLUTO_CMD IPSEC_EXECDIR"/pluto" +-#define CTL_FILE DEFAULT_CTLBASE CTL_SUFFIX +-#define PID_FILE DEFAULT_CTLBASE PID_SUFFIX ++#define PLUTO_CTL_FILE DEFAULT_CTLBASE CTL_SUFFIX ++#define PLUTO_PID_FILE DEFAULT_CTLBASE PID_SUFFIX ++ ++#ifdef IKEV2 ++#define CHARON_CMD IPSEC_EXECDIR"/charon" ++#define CHARON_BASE "/var/run/charon" ++#define CHARON_CTL_FILE CHARON_BASE CTL_SUFFIX ++#define CHARON_PID_FILE CHARON_BASE PID_SUFFIX ++#endif /* IKEV2 */ + + #define DYNIP_DIR "/var/run/dynip" + #define INFO_FILE "/var/run/ipsec.info" +diff -Naur strongswan-2.6.4/programs/starter/invokecharon.c strongswan-2.6.4-charon/programs/starter/invokecharon.c +--- strongswan-2.6.4/programs/starter/invokecharon.c 1970-01-01 01:00:00.000000000 +0100 ++++ strongswan-2.6.4-charon/programs/starter/invokecharon.c 2006-04-20 08:14:25.000000000 +0200 +@@ -0,0 +1,174 @@ ++/* strongSwan charon launcher ++ * Copyright (C) 2001-2002 Mathieu Lafon - Arkoon Network Security ++ * Copyright (C) 2006 Martin Willi - Hochschule fuer Technik Rapperswil ++ * ++ * Ported from invokepluto.c to fit charons needs. ++ * ++ * This program is free software; you can redistribute it and/or modify it ++ * under the terms of the GNU General Public License as published by the ++ * Free Software Foundation; either version 2 of the License, or (at your ++ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. ++ * ++ * This program is distributed in the hope that it will be useful, but ++ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY ++ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License ++ * for more details. ++ * ++ * RCSID $Id: invokecharon.c $ ++ */ ++ ++#include <sys/types.h> ++#include <sys/stat.h> ++#include <unistd.h> ++#include <signal.h> ++#include <string.h> ++#include <stdlib.h> ++#include <errno.h> ++ ++#include <freeswan.h> ++ ++#include "../pluto/constants.h" ++#include "../pluto/defs.h" ++#include "../pluto/log.h" ++ ++#include "confread.h" ++#include "invokecharon.h" ++#include "files.h" ++ ++static int _charon_pid = 0; ++static int _stop_requested; ++ ++pid_t ++starter_charon_pid(void) ++{ ++ return _charon_pid; ++} ++ ++void ++starter_charon_sigchild(pid_t pid) ++{ ++ if (pid == _charon_pid) ++ { ++ _charon_pid = 0; ++ if (!_stop_requested) ++ { ++ plog("charon has died -- restart scheduled (%dsec)" ++ , CHARON_RESTART_DELAY); ++ alarm(CHARON_RESTART_DELAY); // restart in 5 sec ++ } ++ unlink(CHARON_PID_FILE); ++ } ++} ++ ++int ++starter_stop_charon (void) ++{ ++ pid_t pid; ++ int i; ++ ++ pid = _charon_pid; ++ if (pid) ++ { ++ _stop_requested = 1; ++ ++ /* be more and more aggressive */ ++ for (i = 0; i < 20 && (pid = _charon_pid) != 0; i++) ++ { ++ if (i == 0) ++ kill(pid, SIGINT); ++ else if (i < 10) ++ kill(pid, SIGTERM); ++ else ++ kill(pid, SIGKILL); ++ usleep(20000); ++ } ++ if (_charon_pid == 0) ++ return 0; ++ plog("starter_stop_charon(): can't stop charon !!!"); ++ return -1; ++ } ++ else ++ { ++ plog("stater_stop_charon(): charon is not started..."); ++ } ++ return -1; ++} ++ ++ ++int ++starter_start_charon (starter_config_t *cfg, bool debug) ++{ ++ int pid, i; ++ struct stat stb; ++ int argc = 1; ++ char *arg[] = { ++ CHARON_CMD, NULL, NULL, ++ }; ++ ++ if (!debug) ++ { ++ arg[argc++] = "--use-syslog"; ++ } ++ ++ if (_charon_pid) ++ { ++ plog("starter_start_charon(): charon already started..."); ++ return -1; ++ } ++ else ++ { ++ unlink(CHARON_CTL_FILE); ++ _stop_requested = 0; ++ ++ pid = fork(); ++ switch (pid) ++ { ++ case -1: ++ plog("can't fork(): %s", strerror(errno)); ++ return -1; ++ case 0: ++ /* child */ ++ setsid(); ++ sigprocmask(SIG_SETMASK, 0, NULL); ++ execv(arg[0], arg); ++ plog("can't execv(%s,...): %s", arg[0], strerror(errno)); ++ exit(1); ++ default: ++ /* father */ ++ _charon_pid = pid; ++ for (i = 0; i < 50 && _charon_pid; i++) ++ { ++ /* wait for charon */ ++ usleep(20000); ++ if (stat(CHARON_PID_FILE, &stb) == 0) ++ { ++ DBG(DBG_CONTROL, ++ DBG_log("charon (%d) started", _charon_pid) ++ ) ++ return 0; ++ } ++ } ++ if (_charon_pid) ++ { ++ /* If charon is started but with no ctl file, stop it */ ++ plog("charon too long to start... - kill kill"); ++ for (i = 0; i < 20 && (pid = _charon_pid) != 0; i++) ++ { ++ if (i == 0) ++ kill(pid, SIGINT); ++ else if (i < 10) ++ kill(pid, SIGTERM); ++ else ++ kill(pid, SIGKILL); ++ usleep(20000); ++ } ++ } ++ else ++ { ++ plog("charon refused to be started"); ++ } ++ return -1; ++ } ++ } ++ return -1; ++} +diff -Naur strongswan-2.6.4/programs/starter/invokecharon.h strongswan-2.6.4-charon/programs/starter/invokecharon.h +--- strongswan-2.6.4/programs/starter/invokecharon.h 1970-01-01 01:00:00.000000000 +0100 ++++ strongswan-2.6.4-charon/programs/starter/invokecharon.h 2006-04-19 14:22:26.000000000 +0200 +@@ -0,0 +1,31 @@ ++/* strongSwan charon launcher ++ * Copyright (C) 2001-2002 Mathieu Lafon - Arkoon Network Security ++ * Copyright (C) 2006 Martin Willi - Hochschule fuer Technik Rapperswil ++ * ++ * Ported from invokepluto.h to fit charons needs. ++ * ++ * This program is free software; you can redistribute it and/or modify it ++ * under the terms of the GNU General Public License as published by the ++ * Free Software Foundation; either version 2 of the License, or (at your ++ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. ++ * ++ * This program is distributed in the hope that it will be useful, but ++ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY ++ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License ++ * for more details. ++ * ++ * RCSID $Id: invokecharon.h $ ++ */ ++ ++#ifndef _STARTER_CHARON_H_ ++#define _STARTER_CHARON_H_ ++ ++#define CHARON_RESTART_DELAY 5 ++ ++extern void starter_charon_sigchild (pid_t pid); ++extern pid_t starter_charon_pid (void); ++extern int starter_stop_charon (void); ++extern int starter_start_charon(struct starter_config *cfg, bool debug); ++ ++#endif /* _STARTER_CHARON_H_ */ ++ +diff -Naur strongswan-2.6.4/programs/starter/invokepluto.c strongswan-2.6.4-charon/programs/starter/invokepluto.c +--- strongswan-2.6.4/programs/starter/invokepluto.c 2006-02-17 22:41:50.000000000 +0100 ++++ strongswan-2.6.4-charon/programs/starter/invokepluto.c 2006-04-19 14:22:26.000000000 +0200 +@@ -54,7 +54,7 @@ + , PLUTO_RESTART_DELAY); + alarm(PLUTO_RESTART_DELAY); // restart in 5 sec + } +- unlink(PID_FILE); ++ unlink(PLUTO_PID_FILE); + } + } + +@@ -203,7 +203,7 @@ + } + else + { +- unlink(CTL_FILE); ++ unlink(PLUTO_CTL_FILE); + _stop_requested = 0; + + if (cfg->setup.prepluto) +@@ -252,7 +252,7 @@ + { + /* wait for pluto */ + usleep(20000); +- if (stat(CTL_FILE, &stb) == 0) ++ if (stat(PLUTO_CTL_FILE, &stb) == 0) + { + DBG(DBG_CONTROL, + DBG_log("pluto (%d) started", _pluto_pid) +diff -Naur strongswan-2.6.4/programs/starter/starter.c strongswan-2.6.4-charon/programs/starter/starter.c +--- strongswan-2.6.4/programs/starter/starter.c 2006-02-15 19:37:46.000000000 +0100 ++++ strongswan-2.6.4-charon/programs/starter/starter.c 2006-04-19 14:22:26.000000000 +0200 +@@ -37,6 +37,7 @@ + #include "files.h" + #include "starterwhack.h" + #include "invokepluto.h" ++#include "invokecharon.h" + #include "klips.h" + #include "netkey.h" + #include "cmp.h" +@@ -47,6 +48,9 @@ + #define FLAG_ACTION_RELOAD 0x04 + #define FLAG_ACTION_QUIT 0x08 + #define FLAG_ACTION_LISTEN 0x10 ++#ifdef IKEV2 ++#define FLAG_ACTION_START_CHARON 0x20 ++#endif /* IKEV2 */ + + static unsigned int _action_ = 0; + +@@ -65,6 +69,10 @@ + { + if (pid == starter_pluto_pid()) + name = " (Pluto)"; ++#ifdef IKEV2 ++ if (pid == starter_charon_pid()) ++ name = " (Charon)"; ++#endif /* IKEV2 */ + if (WIFSIGNALED(status)) + DBG(DBG_CONTROL, + DBG_log("child %d%s has been killed by sig %d\n", +@@ -87,6 +95,10 @@ + + if (pid == starter_pluto_pid()) + starter_pluto_sigchild(pid); ++#ifdef IKEV2 ++ if (pid == starter_charon_pid()) ++ starter_charon_sigchild(pid); ++#endif /* IKEV2 */ + } + } + break; +@@ -97,6 +109,9 @@ + + case SIGALRM: + _action_ |= FLAG_ACTION_START_PLUTO; ++#ifdef IKEV2 ++ _action_ |= FLAG_ACTION_START_CHARON; ++#endif /* IKEV2 */ + break; + + case SIGHUP: +@@ -193,6 +208,9 @@ + signal(SIGQUIT, fsig); + signal(SIGALRM, fsig); + signal(SIGUSR1, fsig); ++ ++ ++ plog("Starting strongSwan IPsec %s [starter]...", ipsec_version_code()); + + /* verify that we can start */ + if (getuid() != 0) +@@ -201,12 +219,24 @@ + exit(1); + } + +- if (stat(PID_FILE, &stb) == 0) ++ if (stat(PLUTO_PID_FILE, &stb) == 0) + { +- plog("pluto is already running (%s exists) -- aborting", PID_FILE); +- exit(1); ++ plog("pluto is already running (%s exists) -- skipping pluto start", PLUTO_PID_FILE); + } +- ++ else ++ { ++ _action_ |= FLAG_ACTION_START_PLUTO; ++ } ++#ifdef IKEV2 ++ if (stat(CHARON_PID_FILE, &stb) == 0) ++ { ++ plog("charon is already running (%s exists) -- skipping charon start", CHARON_PID_FILE); ++ } ++ else ++ { ++ _action_ |= FLAG_ACTION_START_CHARON; ++ } ++#endif /* IKEV2 */ + if (stat(DEV_RANDOM, &stb) != 0) + { + plog("unable to start strongSwan IPsec -- no %s!", DEV_RANDOM); +@@ -247,7 +277,11 @@ + + last_reload = time(NULL); + +- plog("Starting strongSwan IPsec %s [starter]...", ipsec_version_code()); ++ if (stat(MY_PID_FILE, &stb) == 0) ++ { ++ plog("starter is already running (%s exists) -- no fork done", MY_PID_FILE); ++ exit(0); ++ } + + /* fork if we're not debugging stuff */ + if (!no_fork) +@@ -296,17 +330,19 @@ + , &cfg->defaultroute); + } + +- _action_ = FLAG_ACTION_START_PLUTO; +- + for (;;) + { + /* +- * Stop pluto (if started) and exit +- */ ++ * Stop pluto/charon (if started) and exit ++ */ + if (_action_ & FLAG_ACTION_QUIT) + { + if (starter_pluto_pid()) + starter_stop_pluto(); ++#ifdef IKEV2 ++ if (starter_charon_pid()) ++ starter_stop_charon(); ++#endif IKEV2 + if (has_netkey) + starter_netkey_cleanup(); + else +@@ -337,6 +373,9 @@ + if (conn->state == STATE_ADDED) + { + starter_whack_del_conn(conn); ++#ifdef IKEV2 ++ starter_stroke_del_conn(conn); ++#endif /* IKEV2 */ + conn->state = STATE_TO_ADD; + } + } +@@ -427,6 +466,9 @@ + { + if (conn->state == STATE_ADDED) + starter_whack_del_conn(conn); ++#ifdef IKEV2 ++ starter_stroke_del_conn(conn); ++#endif /* IKEV2 */ + } + + /* Look for new ca sections that are already loaded */ +@@ -502,6 +544,27 @@ + conn->state = STATE_TO_ADD; + } + } ++ ++#ifdef IKEV2 ++ /* ++ * Start charon ++ */ ++ if (_action_ & FLAG_ACTION_START_CHARON) ++ { ++ if (starter_charon_pid() == 0) ++ { ++ DBG(DBG_CONTROL, ++ DBG_log("Attempting to start charon...") ++ ) ++ if (starter_start_charon(cfg, no_fork) != 0) ++ { ++ /* schedule next try */ ++ alarm(PLUTO_RESTART_DELAY); ++ } ++ } ++ _action_ &= ~FLAG_ACTION_START_CHARON; ++ } ++#endif /* IKEV2 */ + + /* + * Tell pluto to reread its interfaces +@@ -536,11 +599,36 @@ + conn->id = id++; + } + starter_whack_add_conn(conn); ++#ifdef IKEV2 ++ starter_stroke_add_conn(conn); ++#endif /* IKEV2 */ + conn->state = STATE_ADDED; + if (conn->startup == STARTUP_START) +- starter_whack_initiate_conn(conn); ++ { ++#ifdef IKEV2 ++ if (conn->keyexchange == 2) ++ { ++ starter_stroke_initiate_conn(conn); ++ } ++ else ++#endif /* IKEV2 */ ++ { ++ starter_whack_initiate_conn(conn); ++ } ++ } + else if (conn->startup == STARTUP_ROUTE) +- starter_whack_route_conn(conn); ++ { ++#ifdef IKEV2 ++ if (conn->keyexchange == 2) ++ { ++ starter_stroke_route_conn(conn); ++ } ++ else ++#endif /* IKEV2 */ ++ { ++ starter_whack_route_conn(conn); ++ } ++ } + } + } + } +diff -Naur strongswan-2.6.4/programs/starter/starterstroke.c strongswan-2.6.4-charon/programs/starter/starterstroke.c +--- strongswan-2.6.4/programs/starter/starterstroke.c 1970-01-01 01:00:00.000000000 +0100 ++++ strongswan-2.6.4-charon/programs/starter/starterstroke.c 2006-04-19 14:28:33.000000000 +0200 +@@ -0,0 +1,161 @@ ++/* Stroke for charon is the counterpart to whack from pluto ++ * Copyright (C) 2006 Martin Willi - Hochschule fuer Technik Rapperswil ++ * ++ * This program is free software; you can redistribute it and/or modify it ++ * under the terms of the GNU General Public License as published by the ++ * Free Software Foundation; either version 2 of the License, or (at your ++ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. ++ * ++ * This program is distributed in the hope that it will be useful, but ++ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY ++ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License ++ * for more details. ++ * ++ * RCSID $Id: starterstroke.c $ ++ */ ++ ++#include <sys/types.h> ++#include <sys/socket.h> ++#include <sys/un.h> ++#include <linux/stddef.h> ++#include <unistd.h> ++#include <stdlib.h> ++#include <errno.h> ++#include <netinet/in.h> ++#include <arpa/inet.h> ++ ++#include <freeswan.h> ++ ++#include "../pluto/constants.h" ++#include "../pluto/defs.h" ++#include "../pluto/log.h" ++ ++#include "../charon/stroke/stroke.h" ++ ++#include "starterstroke.h" ++#include "confread.h" ++#include "files.h" ++ ++static char* push_string(stroke_msg_t **strm, char *string) ++{ ++ stroke_msg_t *stroke_msg; ++ size_t string_length; ++ ++ if (string == NULL) ++ { ++ return NULL; ++ } ++ stroke_msg = *strm; ++ string_length = strlen(string) + 1; ++ stroke_msg->length += string_length; ++ ++ stroke_msg = realloc(stroke_msg, stroke_msg->length); ++ strcpy((char*)stroke_msg + stroke_msg->length - string_length, string); ++ ++ *strm = stroke_msg; ++ return (char*)(u_int)stroke_msg->length - string_length; ++} ++ ++static int ++send_stroke_msg (stroke_msg_t *msg) ++{ ++ struct sockaddr_un ctl_addr = { AF_UNIX, CHARON_CTL_FILE }; ++ int sock; ++ ++ sock = socket(AF_UNIX, SOCK_STREAM, 0); ++ if (sock < 0) ++ { ++ plog("socket() failed: %s", strerror(errno)); ++ return -1; ++ } ++ if (connect(sock, (struct sockaddr *)&ctl_addr, ++ offsetof(struct sockaddr_un, sun_path) + strlen(ctl_addr.sun_path)) < 0) ++ { ++ plog("connect(charon_ctl) failed: %s", strerror(errno)); ++ close(sock); ++ return -1; ++ } ++ ++ /* send message */ ++ if (write(sock, msg, msg->length) != msg->length) ++ { ++ plog("write(charon_ctl) failed: %s", strerror(errno)); ++ close(sock); ++ return -1; ++ } ++ ++ close(sock); ++ return 0; ++} ++ ++static char * ++connection_name(starter_conn_t *conn) ++{ ++ /* if connection name is '%auto', create a new name like conn_xxxxx */ ++ static char buf[32]; ++ ++ if (streq(conn->name, "%auto")) ++ { ++ sprintf(buf, "conn_%ld", conn->id); ++ return buf; ++ } ++ return conn->name; ++} ++ ++ ++int starter_stroke_add_conn(starter_conn_t *conn) ++{ ++ stroke_msg_t *msg = malloc(sizeof(stroke_msg_t)); ++ int res; ++ ++ msg->length = sizeof(stroke_msg_t); ++ msg->type = STR_ADD_CONN; ++ ++ msg->add_conn.name = push_string(&msg, connection_name(conn)); ++ ++ msg->add_conn.me.id = push_string(&msg, conn->left.id); ++ msg->add_conn.me.cert = push_string(&msg, conn->left.cert); ++ msg->add_conn.me.address = push_string(&msg, inet_ntoa(conn->left.addr.u.v4.sin_addr)); ++ msg->add_conn.me.subnet = push_string(&msg, inet_ntoa(conn->left.subnet.addr.u.v4.sin_addr)); ++ msg->add_conn.me.subnet_mask = conn->left.subnet.maskbits; ++ ++ msg->add_conn.other.id = push_string(&msg, conn->right.id); ++ msg->add_conn.other.cert = push_string(&msg, conn->right.cert); ++ msg->add_conn.other.address = push_string(&msg, inet_ntoa(conn->right.addr.u.v4.sin_addr)); ++ msg->add_conn.other.subnet = push_string(&msg, inet_ntoa(conn->right.subnet.addr.u.v4.sin_addr)); ++ msg->add_conn.other.subnet_mask = conn->right.subnet.maskbits; ++ ++ res = send_stroke_msg(msg); ++ free(msg); ++ return res; ++} ++ ++int starter_stroke_del_conn(starter_conn_t *conn) ++{ ++ return 0; ++} ++int starter_stroke_route_conn(starter_conn_t *conn) ++{ ++ stroke_msg_t *msg = malloc(sizeof(stroke_msg_t)); ++ int res; ++ ++ msg->length = sizeof(stroke_msg_t); ++ msg->type = STR_INSTALL; ++ msg->install.name = push_string(&msg, connection_name(conn)); ++ res = send_stroke_msg(msg); ++ free(msg); ++ return res; ++} ++ ++int starter_stroke_initiate_conn(starter_conn_t *conn) ++{ ++ stroke_msg_t *msg = malloc(sizeof(stroke_msg_t)); ++ int res; ++ ++ msg->length = sizeof(stroke_msg_t); ++ msg->type = STR_INITIATE; ++ msg->initiate.name = push_string(&msg, connection_name(conn)); ++ res = send_stroke_msg(msg); ++ free(msg); ++ return res; ++} +diff -Naur strongswan-2.6.4/programs/starter/starterstroke.h strongswan-2.6.4-charon/programs/starter/starterstroke.h +--- strongswan-2.6.4/programs/starter/starterstroke.h 1970-01-01 01:00:00.000000000 +0100 ++++ strongswan-2.6.4-charon/programs/starter/starterstroke.h 2006-04-19 14:22:26.000000000 +0200 +@@ -0,0 +1,27 @@ ++/* Stroke for charon is the counterpart to whack from pluto ++ * Copyright (C) 2006 Martin Willi - Hochschule fuer Technik Rapperswil ++ * ++ * This program is free software; you can redistribute it and/or modify it ++ * under the terms of the GNU General Public License as published by the ++ * Free Software Foundation; either version 2 of the License, or (at your ++ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. ++ * ++ * This program is distributed in the hope that it will be useful, but ++ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY ++ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License ++ * for more details. ++ * ++ * RCSID $Id: starterstroke.h $ ++ */ ++ ++#ifndef _STARTER_STROKE_H_ ++#define _STARTER_STROKE_H_ ++ ++#include "confread.h" ++ ++extern int starter_stroke_add_conn(starter_conn_t *conn); ++extern int starter_stroke_del_conn(starter_conn_t *conn); ++extern int starter_stroke_route_conn(starter_conn_t *conn); ++extern int starter_stroke_initiate_conn(starter_conn_t *conn); ++ ++#endif /* _STARTER_STROKE_H_ */ +diff -Naur strongswan-2.6.4/programs/starter/starterwhack.c strongswan-2.6.4-charon/programs/starter/starterwhack.c +--- strongswan-2.6.4/programs/starter/starterwhack.c 2006-02-08 21:56:07.000000000 +0100 ++++ strongswan-2.6.4-charon/programs/starter/starterwhack.c 2006-04-19 14:22:26.000000000 +0200 +@@ -54,7 +54,7 @@ + static int + send_whack_msg (whack_message_t *msg) + { +- struct sockaddr_un ctl_addr = { AF_UNIX, CTL_FILE }; ++ struct sockaddr_un ctl_addr = { AF_UNIX, PLUTO_CTL_FILE }; + int sock; + ssize_t len; + char *str_next, *str_roof; diff --git a/Source/scripts/alice-key.der b/Source/scripts/alice-key.der Binary files differnew file mode 100644 index 000000000..5a8aef6cb --- /dev/null +++ b/Source/scripts/alice-key.der diff --git a/Source/scripts/alice.der b/Source/scripts/alice.der Binary files differnew file mode 100644 index 000000000..8154defd9 --- /dev/null +++ b/Source/scripts/alice.der diff --git a/Source/scripts/bob-key.der b/Source/scripts/bob-key.der Binary files differnew file mode 100644 index 000000000..f944dec9f --- /dev/null +++ b/Source/scripts/bob-key.der diff --git a/Source/scripts/bob.der b/Source/scripts/bob.der Binary files differnew file mode 100644 index 000000000..401611888 --- /dev/null +++ b/Source/scripts/bob.der diff --git a/Source/scripts/daemon-loop.sh b/Source/scripts/daemon-loop.sh new file mode 100755 index 000000000..9a361e012 --- /dev/null +++ b/Source/scripts/daemon-loop.sh @@ -0,0 +1,13 @@ +#!/bin/bash + +while [ 1 ] +do + ip x p f + ip x s f + rm /var/run/charon.* + make + bin/charon + echo "" + echo "----------------------------" + echo "" +done diff --git a/Source/scripts/deleteline b/Source/scripts/deleteline new file mode 100755 index 000000000..9f529dccc --- /dev/null +++ b/Source/scripts/deleteline @@ -0,0 +1,9 @@ +#!/bin/bash + +FILES=`find . -name '*.[ch]'` +for FILE in $FILES +do + TMP=${FILE}_tmp + sed "/$1/d" < $FILE > $TMP + mv $TMP $FILE +done diff --git a/Source/scripts/replace b/Source/scripts/replace new file mode 100755 index 000000000..adfc8e09a --- /dev/null +++ b/Source/scripts/replace @@ -0,0 +1,9 @@ +#!/bin/bash + +FILES=`find . -name '*.[ch]'` +for FILE in $FILES +do + TMP=${FILE}_tmp + sed "s/$1/$2/g" < $FILE > $TMP + mv $TMP $FILE +done diff --git a/Source/scripts/to-alice.sh b/Source/scripts/to-alice.sh new file mode 100755 index 000000000..fa2f84dd0 --- /dev/null +++ b/Source/scripts/to-alice.sh @@ -0,0 +1,28 @@ +#!/bin/bash + +# enable ip forwarding for gateway +echo 1 > /proc/sys/net/ipv4/ip_forward + +# add connection to alice +MY_ADDR=192.168.0.2 # Address of local peer, also used as ID +OTHER_ADDR=192.168.0.1 # Address of remote peer, also used as ID +MY_CERT=bob.der # own certificate +OTHER_CERT=alice.der # certificate for remote peer +MY_NET=10.2.0.0 # protected local subnet +OTHER_NET=10.1.0.0 # protected remote subnet +MY_BITS=16 # size of subnet +OTHER_BITS=16 # size of subnet +CONN_NAME=to-alice # connection name + +bin/stroke add $CONN_NAME $MY_ADDR $OTHER_ADDR $MY_CERT $OTHER_CERT \ + $MY_ADDR $OTHER_ADDR $MY_NET $OTHER_NET $MY_BITS $OTHER_BITS + +# initiate +i=0 +LIMIT=1 + +while [ "$i" -lt "$LIMIT" ] +do + bin/stroke up $CONN_NAME + let "i += 1" +done diff --git a/Source/scripts/to-bob.sh b/Source/scripts/to-bob.sh new file mode 100755 index 000000000..012986484 --- /dev/null +++ b/Source/scripts/to-bob.sh @@ -0,0 +1,19 @@ +#!/bin/bash + +# enable ip forwarding for gateway +echo 1 > /proc/sys/net/ipv4/ip_forward + +# add connection to bob +MY_ADDR=192.168.0.1 # Address of local peer, also used as ID +OTHER_ADDR=192.168.0.2 # Address of remote peer, also used as ID +MY_CERT=alice.der # own certificate +OTHER_CERT=bob.der # certificate for remote peer +MY_NET=10.1.0.0 # protected local subnet +OTHER_NET=10.2.0.0 # protected remote subnet +MY_BITS=16 # size of subnet +OTHER_BITS=16 # size of subnet +CONN_NAME=to-bob # connection name + +bin/stroke add $CONN_NAME $MY_ADDR $OTHER_ADDR $MY_CERT $OTHER_CERT \ + $MY_ADDR $OTHER_ADDR $MY_NET $OTHER_NET $MY_BITS $OTHER_BITS +
\ No newline at end of file |