diff options
| -rw-r--r-- | src/charon/daemon.c | 4 | ||||
| -rw-r--r-- | src/libstrongswan/utils.h | 6 | ||||
| -rw-r--r-- | src/pluto/plutomain.c | 4 | ||||
| -rw-r--r-- | src/starter/invokecharon.c | 23 | ||||
| -rw-r--r-- | src/starter/invokecharon.h | 2 | ||||
| -rw-r--r-- | src/starter/invokepluto.c | 9 | ||||
| -rw-r--r-- | src/starter/invokepluto.h | 2 | ||||
| -rw-r--r-- | src/starter/starter.c | 24 |
8 files changed, 49 insertions, 25 deletions
diff --git a/src/charon/daemon.c b/src/charon/daemon.c index 92dc88f81..fe8f96fe2 100644 --- a/src/charon/daemon.c +++ b/src/charon/daemon.c @@ -676,7 +676,7 @@ int main(int argc, char *argv[]) if (!library_init(STRONGSWAN_CONF)) { library_deinit(); - exit(-1); + exit(SS_RC_LIBSTRONGSWAN_INTEGRITY); } if (lib->integrity && @@ -684,7 +684,7 @@ int main(int argc, char *argv[]) { dbg_stderr(1, "integrity check of charon failed"); library_deinit(); - exit(-1); + exit(SS_RC_DAEMON_INTEGRITY); } lib->printf_hook->add_handler(lib->printf_hook, 'R', diff --git a/src/libstrongswan/utils.h b/src/libstrongswan/utils.h index debd0145b..56f7b7095 100644 --- a/src/libstrongswan/utils.h +++ b/src/libstrongswan/utils.h @@ -29,6 +29,12 @@ #include <enum.h> /** + * strongSwan program return codes + */ +#define SS_RC_LIBSTRONGSWAN_INTEGRITY 64 +#define SS_RC_DAEMON_INTEGRITY 65 + +/** * Number of bits in a byte */ #define BITS_PER_BYTE 8 diff --git a/src/pluto/plutomain.c b/src/pluto/plutomain.c index e03496796..6590cafe2 100644 --- a/src/pluto/plutomain.c +++ b/src/pluto/plutomain.c @@ -263,14 +263,14 @@ int main(int argc, char **argv) if (!library_init(STRONGSWAN_CONF)) { library_deinit(); - abort(); + exit(SS_RC_LIBSTRONGSWAN_INTEGRITY); } if (lib->integrity && !lib->integrity->check_file(lib->integrity, "pluto", argv[0])) { fprintf(stderr, "integrity check of pluto failed\n"); library_deinit(); - abort(); + exit(SS_RC_DAEMON_INTEGRITY); } options = options_create(); diff --git a/src/starter/invokecharon.c b/src/starter/invokecharon.c index 804467cea..bd15ac148 100644 --- a/src/starter/invokecharon.c +++ b/src/starter/invokecharon.c @@ -36,18 +36,23 @@ static int _charon_pid = 0; static int _stop_requested; -pid_t -starter_charon_pid(void) +pid_t starter_charon_pid(void) { return _charon_pid; } -void -starter_charon_sigchild(pid_t pid) +void starter_charon_sigchild(pid_t pid, int status) { - if (pid == _charon_pid) + if (pid == _charon_pid) { - _charon_pid = 0; + _charon_pid = 0; + if (status == SS_RC_LIBSTRONGSWAN_INTEGRITY || + status == SS_RC_DAEMON_INTEGRITY) + { + plog("charon has quit: integrity test of %s failed", + (status == 64) ? "libstrongswan" : "charon"); + _stop_requested = 1; + } if (!_stop_requested) { plog("charon has died -- restart scheduled (%dsec)" @@ -58,8 +63,7 @@ starter_charon_sigchild(pid_t pid) } } -int -starter_stop_charon (void) +int starter_stop_charon (void) { int i; pid_t pid = _charon_pid; @@ -106,8 +110,7 @@ starter_stop_charon (void) } -int -starter_start_charon (starter_config_t *cfg, bool no_fork, bool attach_gdb) +int starter_start_charon (starter_config_t *cfg, bool no_fork, bool attach_gdb) { struct stat stb; int pid, i; diff --git a/src/starter/invokecharon.h b/src/starter/invokecharon.h index f0f470a8d..aaf913c9b 100644 --- a/src/starter/invokecharon.h +++ b/src/starter/invokecharon.h @@ -20,7 +20,7 @@ #define CHARON_RESTART_DELAY 5 -extern void starter_charon_sigchild (pid_t pid); +extern void starter_charon_sigchild (pid_t pid, int status); extern pid_t starter_charon_pid (void); extern int starter_stop_charon (void); extern int starter_start_charon(struct starter_config *cfg, bool no_fork, bool attach_gdb); diff --git a/src/starter/invokepluto.c b/src/starter/invokepluto.c index 28bd93c5d..5ca1b45ab 100644 --- a/src/starter/invokepluto.c +++ b/src/starter/invokepluto.c @@ -42,11 +42,18 @@ starter_pluto_pid(void) } void -starter_pluto_sigchild(pid_t pid) +starter_pluto_sigchild(pid_t pid, int status) { if (pid == _pluto_pid) { _pluto_pid = 0; + if (status == SS_RC_LIBSTRONGSWAN_INTEGRITY || + status == SS_RC_DAEMON_INTEGRITY) + { + plog("pluto has quit: integrity test of %s failed", + (status == 64) ? "libstrongswan" : "pluto"); + _stop_requested = 1; + } if (!_stop_requested) { plog("pluto has died -- restart scheduled (%dsec)" diff --git a/src/starter/invokepluto.h b/src/starter/invokepluto.h index b0c89b1f1..c87f50c2a 100644 --- a/src/starter/invokepluto.h +++ b/src/starter/invokepluto.h @@ -17,7 +17,7 @@ #define PLUTO_RESTART_DELAY 5 -extern void starter_pluto_sigchild (pid_t pid); +extern void starter_pluto_sigchild (pid_t pid, int status); extern pid_t starter_pluto_pid (void); extern int starter_stop_pluto (void); extern int starter_start_pluto (struct starter_config *cfg, bool no_fork, bool attach_gdb); diff --git a/src/starter/starter.c b/src/starter/starter.c index 24ce940cd..b64227238 100644 --- a/src/starter/starter.c +++ b/src/starter/starter.c @@ -66,14 +66,13 @@ static unsigned int _action_ = 0; -static void -fsig(int signal) +static void fsig(int signal) { switch (signal) { case SIGCHLD: { - int status; + int status, exit_status = 0; pid_t pid; char *name = NULL; @@ -103,9 +102,15 @@ fsig(int signal) } else if (WIFEXITED(status)) { + exit_status = WEXITSTATUS(status); + if (exit_status == SS_RC_LIBSTRONGSWAN_INTEGRITY || + exit_status == SS_RC_DAEMON_INTEGRITY) + { + _action_ = FLAG_ACTION_QUIT; + } DBG(DBG_CONTROL, DBG_log("child %d%s has quit (exit code %d)\n", - pid, name?name:"", WEXITSTATUS(status)) + pid, name?name:"", exit_status) ) } else @@ -116,11 +121,11 @@ fsig(int signal) } if (pid == starter_pluto_pid()) { - starter_pluto_sigchild(pid); + starter_pluto_sigchild(pid, exit_status); } if (pid == starter_charon_pid()) { - starter_charon_sigchild(pid); + starter_charon_sigchild(pid, exit_status); } } } @@ -212,8 +217,7 @@ static void generate_selfcert() } } -static void -usage(char *name) +static void usage(char *name) { fprintf(stderr, "Usage: starter [--nofork] [--auto-update <sec>] " "[--debug|--debug-more|--debug-all]\n"); @@ -408,9 +412,13 @@ int main (int argc, char **argv) if (_action_ & FLAG_ACTION_QUIT) { if (starter_pluto_pid()) + { starter_stop_pluto(); + } if (starter_charon_pid()) + { starter_stop_charon(); + } starter_netkey_cleanup(); confread_free(cfg); unlink(STARTER_PID_FILE); |