/* leave pluto, with status.
* Once child is launched, parent must not exit this way because
* the lock would be released.
*
* 0 OK
* 1 general discomfort
* 10 lock file exists
*/
void exit_pluto(int status)
{
reset_globals(); /* needed because we may be called in odd state */
free_preshared_secrets();
free_remembered_public_keys();
close_ha_iface();
delete_every_connection();
whack_attribute_finalize(); /* free in-memory pools */
fetch_finalize(); /* stop fetching thread */
free_crl_fetch(); /* free chain of crl fetch requests */
free_ocsp_fetch(); /* free chain of ocsp fetch requests */
free_authcerts(); /* free chain of X.509 authority certificates */
free_crls(); /* free chain of X.509 CRLs */
free_ca_infos(); /* free chain of X.509 CA information records */
free_ocsp(); /* free ocsp cache */
free_ifaces();
ac_finalize(); /* free X.509 attribute certificates */
scx_finalize(); /* finalize and unload PKCS #11 module */
stop_adns();
free_md_pool();
free_crypto();
free_myid(); /* free myids */
free_events(); /* free remaining events */
free_vendorid(); /* free all vendor id records */
free_builder();
delete_lock();
options->destroy(options);
pluto_deinit();
lib->plugins->unload(lib->plugins);
libhydra_deinit();
library_deinit();
close_log();
exit(status);
}
void remove_player(t_ctrl *c, t_player *p)
{
t_frame *tmp;
if (!p)
{
fprintf(stderr, RED"Player doesn't exists"END);
return ;
}
printf(GREEN"Removing player #%d in (%d, %d)"END, p->id, p->x, p->y);
if (p->lvl >= 8)
p->t->nblvlmax--;
remove_life_node(c, p);
_remove_from_team(p->t, p);
free_events(p->e);
p->e = NULL;
tmp = getframe(c, p->x, p->y);
while (tmp && (void *)tmp->p != (void *)p)
tmp = tmp->next;
if (tmp)
{
unset_elem_from_map(c, tmp, p->x, p->y);
free(tmp);
free(p);
}
else
fprintf(stderr, RED"Player #%d not found"END, p->id);
}
void free_events(t_event *e)
{
if (e)
{
free_events(e->next);
free(e->param);
free(e);
}
}
static ERL_NIF_TERM parse(ErlNifEnv* env, yaml_parser_t *parser,
int flags, unsigned char *data, int size)
{
int result = 0, done = 0;
yaml_event_t *event = NULL;
events_t *prev_events = NULL;
events_t *events = NULL;
ERL_NIF_TERM rterm;
yaml_parser_set_input_string(parser, data, size);
do {
event = enif_alloc(sizeof(yaml_event_t));
result = yaml_parser_parse(parser, event);
if (result) {
prev_events = events;
events = enif_alloc(sizeof(events_t));
events->event = event;
events->prev = prev_events;
done = (event->type == YAML_STREAM_END_EVENT);
} else {
enif_free(event);
done = 1;
}
} while (!done);
if (result) {
rterm = enif_make_tuple2(env, enif_make_atom(env, "ok"),
process_events(env, &events, parser, flags));
} else {
rterm = make_error(env, parser);
}
free_events(&events);
return rterm;
}
int
main (int argc,
char **argv)
{
GOptionContext *context;
gboolean retval;
GError *error = NULL;
int report_type;
int uid;
GTimeVal timestamp;
gboolean use_since;
static gboolean do_version = FALSE;
static gboolean report_last_compat = FALSE;
static gboolean report_last = FALSE;
static gboolean report_frequent = FALSE;
static gboolean report_log = FALSE;
static char *username = NULL;
static char *seat = NULL;
static char *session_type = NULL;
static char *since = NULL;
static GOptionEntry entries [] = {
{ "version", 'V', G_OPTION_FLAG_IN_MAIN, G_OPTION_ARG_NONE, &do_version, N_("Version of this application"), NULL },
{ "frequent", 0, G_OPTION_FLAG_IN_MAIN, G_OPTION_ARG_NONE, &report_frequent, N_("Show listing of frequent users"), NULL },
{ "last", 0, G_OPTION_FLAG_IN_MAIN, G_OPTION_ARG_NONE, &report_last, N_("Show listing of last logged in users"), NULL },
{ "last-compat", 0, G_OPTION_FLAG_IN_MAIN, G_OPTION_ARG_NONE, &report_last_compat, N_("Show 'last' compatible listing of last logged in users"), NULL },
{ "log", 0, G_OPTION_FLAG_IN_MAIN, G_OPTION_ARG_NONE, &report_log, N_("Show full event log"), NULL },
{ "seat", 's', G_OPTION_FLAG_IN_MAIN, G_OPTION_ARG_STRING, &seat, N_("Show entries for the specified seat"), N_("SEAT") },
{ "session-type", 't', G_OPTION_FLAG_IN_MAIN, G_OPTION_ARG_STRING, &session_type, N_("Show entries for the specified session type"), N_("TYPE") },
{ "user", 'u', G_OPTION_FLAG_IN_MAIN, G_OPTION_ARG_STRING, &username, N_("Show entries for the specified user"), N_("NAME") },
{ "since", 0, G_OPTION_FLAG_IN_MAIN, G_OPTION_ARG_STRING, &since, N_("Show entries since the specified time (ISO 8601 format)"), N_("DATETIME") },
{ NULL }
};
/* Setup for i18n */
setlocale(LC_ALL, "");
#ifdef ENABLE_NLS
bindtextdomain(PACKAGE, LOCALEDIR);
textdomain(PACKAGE);
#endif
context = g_option_context_new (NULL);
g_option_context_add_main_entries (context, entries, NULL);
retval = g_option_context_parse (context, &argc, &argv, &error);
g_option_context_free (context);
if (! retval) {
g_warning ("%s", error->message);
g_error_free (error);
exit (1);
}
if (do_version) {
g_print ("%s %s\n", argv [0], VERSION);
exit (1);
}
use_since = FALSE;
if (since != NULL) {
use_since = g_time_val_from_iso8601 (since, ×tamp);
if (! use_since) {
g_warning ("Invalid ISO 8601 time value");
exit (1);
}
}
if (report_last_compat) {
report_type = REPORT_TYPE_LAST_COMPAT;
} else if (report_last) {
report_type = REPORT_TYPE_LAST;
} else if (report_frequent) {
report_type = REPORT_TYPE_FREQUENT;
} else if (report_log) {
report_type = REPORT_TYPE_LOG;
} else {
report_type = REPORT_TYPE_SUMMARY;
}
if (username != NULL) {
uid = get_uid_for_username (username);
if (uid == -1) {
g_warning ("Unknown username: %s", username);
exit (1);
}
} else {
uid = -1;
}
if (use_since) {
process_logs (×tamp);
} else {
process_logs (NULL);
}
generate_report (report_type, uid, seat, session_type);
free_events ();
return 0;
}
int main(int argc,char **argv)
{
edg_wll_Context ctx;
char *errt,*errd;
edg_wll_Event *events = NULL;
edg_wlc_JobId job;
int i,opt,delay = 1,count = 0, proxy = 0;
if (argc < 2)
help(argv[0]);
if (edg_wll_InitContext(&ctx) != 0) {
fprintf(stderr, "Couldn't create L&B context.\n");
return 1;
}
while ((opt=getopt(argc,argv,"r:d:xX:")) != -1)
switch (opt) {
case 'd': delay = atoi(optarg); break;
case 'r': count = atoi(optarg); break;
case 'x': proxy = 1; break;
case 'X': proxy = 1;
edg_wll_SetParam(ctx, EDG_WLL_PARAM_LBPROXY_SERVE_SOCK, optarg);
break;
default:
help(argv[0]);
}
if (edg_wlc_JobIdParse(argv[optind],&job)) {
fprintf(stderr,"%s: can't parse job ID\n",argv[1]);
return 1;
}
#ifdef USE_CALLBACKS
edg_wll_RegisterTestQueryEvents(query_events_cb);
#endif
if ( proxy ? edg_wll_JobLogProxy(ctx,job,&events) : edg_wll_JobLog(ctx,job,&events) )
{
edg_wll_Error(ctx,&errt,&errd);
fprintf(stderr,"%s: %s (%s)\n",argv[0],errt,errd);
}
for ( i = 0; events && events[i].type != EDG_WLL_EVENT_UNDEF; i++ )
{
char *e = edg_wll_UnparseEvent(ctx,events+i);
fputs(e,stdout);
fputs("\n",stdout);
free(e);
}
free_events(events);
printf("\nFound %d events\n",i);
while (count--) {
puts("Sleeping ...");
sleep(delay);
if (proxy ? edg_wll_JobLogProxy(ctx,job,&events) : edg_wll_JobLog(ctx,job,&events)) {
edg_wll_Error(ctx,&errt,&errd);
fprintf(stderr,"%s: %s (%s)\n",argv[0],errt,errd);
free(errt); free(errd); errt = errd = NULL;
free_events(events);
}
else puts("OK");
}
edg_wlc_JobIdFree(job);
edg_wll_FreeContext(ctx);
#ifdef USE_CALLBACKS
edg_wll_UnregisterTestQueryEvents();
#endif
return 0;
#ifdef USE_CALLBACKS
edg_wll_UnregisterTestQueryEvents();
#endif
switch (edg_wll_Error(ctx,&errt,&errd)) {
case 0: break;
case ENOENT:
puts("No events found");
break;
default:
fprintf(stderr,"%s: %s (%s)\n",argv[0],errt,errd);
return 1;
}
edg_wlc_JobIdFree(job);
edg_wll_FreeContext(ctx);
return 0;
}
/**
* read_events - Read JSON performance counter event list
* @fn: File name to read. NULL to chose default location.
*
* Read the JSON event list fn. The other functions in the library
* automatically read the default event list for the current CPU,
* but calling this explicitly is useful to chose a specific one.
*
* Return: -1 on failure, otherwise 0.
*/
int read_events(char *fn)
{
if (eventlist)
free_events();
return json_events(NULL, collect_events, NULL);
}
int main(int argc,char **argv)
{
edg_wll_Context ctx;
char *errt,*errd,*e,a;
edg_wll_Event *events;
int i;
edg_wll_QueryRec jq[2],eq[2];
edg_wlc_JobId job;
edg_wll_Source src;
if (argc != 3) help(argv[0]);
puts(
"*\n"
"* USE WITH CARE, AT YOUR OWN RISK, UNDER ABNORMAL CONDITIONS ONLY,\n"
"* AND BE ALWAYS SURE WHAT YOU ARE DOING.\n"
"* \n"
"* THIS PROGRAM IS A PERFECT EXAMPLE HOW L&B SEQENCE CODES SHOULD NOT BE USED\n"
"* IN NORMAL OPERATION.\n"
"\n"
"Do you want to proceed?"
);
scanf("%c",&a);
if (a != 'y' && a != 'Y') return 1;
if (edg_wll_InitContext(&ctx) != 0) {
fprintf(stderr, "Couldn't create L&B context.\n");
return 1;
}
if (edg_wlc_JobIdParse(argv[1],&job)) {
fprintf(stderr,"%s: can't parse job ID\n",argv[1]);
return 1;
}
if (( src = edg_wll_StringToSource(argv[2])) == EDG_WLL_SOURCE_NONE) {
fprintf(stderr,"%s: unknown event source\n",argv[2]);
return 1;
}
jq[0].attr = EDG_WLL_QUERY_ATTR_JOBID;
jq[0].op = EDG_WLL_QUERY_OP_EQUAL;
jq[0].value.j = job;
jq[1].attr = EDG_WLL_QUERY_ATTR_UNDEF;
eq[0].attr = EDG_WLL_QUERY_ATTR_SOURCE;
eq[0].op = EDG_WLL_QUERY_OP_EQUAL;
eq[0].value.i = src;
eq[1].attr = EDG_WLL_QUERY_ATTR_UNDEF;
if ( edg_wll_QueryEvents(ctx,jq,eq,&events) )
{
if ( edg_wll_Error(ctx, &errt, &errd) != E2BIG )
goto err;
fprintf(stderr,"%s: %s (%s)\n",argv[0],errt,errd);
}
for ( i = 0; events[i].type != EDG_WLL_EVENT_UNDEF; i++ );
e = edg_wll_UnparseEvent(ctx,events+i-1);
fputs(e,stdout);
fputs("\n",stdout);
if (edg_wll_SetParam(ctx,EDG_WLL_PARAM_SOURCE,src) ||
edg_wll_SetLoggingJob(ctx,job,events[i-1].any.seqcode,EDG_WLL_SEQ_NORMAL) ||
edg_wll_IncSequenceCode(ctx) || /* necessary to simulate this
* call in last event logging
* _after_ current seq. was used */
edg_wll_LogAbort(ctx,"manual abort")) goto err;
free(e);
free_events(events);
edg_wll_FreeContext(ctx);
return 0;
err:
switch (edg_wll_Error(ctx,&errt,&errd)) {
case 0: break;
case ENOENT:
puts("No events found");
break;
default:
fprintf(stderr,"%s: %s (%s)\n",argv[0],errt,errd);
return 1;
}
edg_wll_FreeContext(ctx);
return 0;
}
EAPI void
tsuite_evas_hook_reset(void)
{ /* tsuite.c informs us that vr_list is no longer valid */
if (vr_list)
vr_list = free_events(vr_list, _hook_setting->recording);
}
int main(int argc, char **argv)
{
bool fork_desired = TRUE;
bool log_to_stderr_desired = FALSE;
bool nat_traversal = FALSE;
bool nat_t_spf = TRUE; /* support port floating */
unsigned int keep_alive = 0;
bool force_keepalive = FALSE;
char *virtual_private = NULL;
int lockfd;
#ifdef CAPABILITIES
int keep[] = { CAP_NET_ADMIN, CAP_NET_BIND_SERVICE };
#endif /* CAPABILITIES */
/* initialize library and optionsfrom */
if (!library_init(NULL))
{
library_deinit();
exit(SS_RC_LIBSTRONGSWAN_INTEGRITY);
}
if (!libhydra_init("pluto"))
{
libhydra_deinit();
library_deinit();
exit(SS_RC_INITIALIZATION_FAILED);
}
if (!pluto_init(argv[0]))
{
pluto_deinit();
libhydra_deinit();
library_deinit();
exit(SS_RC_DAEMON_INTEGRITY);
}
options = options_create();
/* handle arguments */
for (;;)
{
# define DBG_OFFSET 256
static const struct option long_opts[] = {
/* name, has_arg, flag, val */
{ "help", no_argument, NULL, 'h' },
{ "version", no_argument, NULL, 'v' },
{ "optionsfrom", required_argument, NULL, '+' },
{ "nofork", no_argument, NULL, 'd' },
{ "stderrlog", no_argument, NULL, 'e' },
{ "nocrsend", no_argument, NULL, 'c' },
{ "strictcrlpolicy", no_argument, NULL, 'r' },
{ "crlcheckinterval", required_argument, NULL, 'x'},
{ "cachecrls", no_argument, NULL, 'C' },
{ "uniqueids", no_argument, NULL, 'u' },
{ "disableuniqreqids", no_argument, NULL, 'Z'},
{ "interface", required_argument, NULL, 'i' },
{ "ikeport", required_argument, NULL, 'p' },
{ "ctlbase", required_argument, NULL, 'b' },
{ "secretsfile", required_argument, NULL, 's' },
{ "foodgroupsdir", required_argument, NULL, 'f' },
{ "perpeerlogbase", required_argument, NULL, 'P' },
{ "perpeerlog", no_argument, NULL, 'l' },
{ "policygroupsdir", required_argument, NULL, 'f' },
#ifdef USE_LWRES
{ "lwdnsq", required_argument, NULL, 'a' },
#else /* !USE_LWRES */
{ "adns", required_argument, NULL, 'a' },
#endif /* !USE_LWRES */
{ "pkcs11module", required_argument, NULL, 'm' },
{ "pkcs11keepstate", no_argument, NULL, 'k' },
{ "pkcs11initargs", required_argument, NULL, 'z' },
{ "pkcs11proxy", no_argument, NULL, 'y' },
{ "nat_traversal", no_argument, NULL, '1' },
{ "keep_alive", required_argument, NULL, '2' },
{ "force_keepalive", no_argument, NULL, '3' },
{ "disable_port_floating", no_argument, NULL, '4' },
{ "debug-natt", no_argument, NULL, '5' },
{ "virtual_private", required_argument, NULL, '6' },
#ifdef DEBUG
{ "debug-none", no_argument, NULL, 'N' },
{ "debug-all", no_argument, NULL, 'A' },
{ "debug-raw", no_argument, NULL, DBG_RAW + DBG_OFFSET },
{ "debug-crypt", no_argument, NULL, DBG_CRYPT + DBG_OFFSET },
{ "debug-parsing", no_argument, NULL, DBG_PARSING + DBG_OFFSET },
{ "debug-emitting", no_argument, NULL, DBG_EMITTING + DBG_OFFSET },
{ "debug-control", no_argument, NULL, DBG_CONTROL + DBG_OFFSET },
{ "debug-lifecycle", no_argument, NULL, DBG_LIFECYCLE + DBG_OFFSET },
{ "debug-klips", no_argument, NULL, DBG_KERNEL + DBG_OFFSET },
{ "debug-kernel", no_argument, NULL, DBG_KERNEL + DBG_OFFSET },
{ "debug-dns", no_argument, NULL, DBG_DNS + DBG_OFFSET },
{ "debug-oppo", no_argument, NULL, DBG_OPPO + DBG_OFFSET },
{ "debug-controlmore", no_argument, NULL, DBG_CONTROLMORE + DBG_OFFSET },
{ "debug-private", no_argument, NULL, DBG_PRIVATE + DBG_OFFSET },
{ "impair-delay-adns-key-answer", no_argument, NULL, IMPAIR_DELAY_ADNS_KEY_ANSWER + DBG_OFFSET },
{ "impair-delay-adns-txt-answer", no_argument, NULL, IMPAIR_DELAY_ADNS_TXT_ANSWER + DBG_OFFSET },
{ "impair-bust-mi2", no_argument, NULL, IMPAIR_BUST_MI2 + DBG_OFFSET },
{ "impair-bust-mr2", no_argument, NULL, IMPAIR_BUST_MR2 + DBG_OFFSET },
#endif
{ 0,0,0,0 }
};
/* Note: we don't like the way short options get parsed
* by getopt_long, so we simply pass an empty string as
* the list. It could be "hvdenp:l:s:" "NARXPECK".
*/
int c = getopt_long(argc, argv, "", long_opts, NULL);
/* Note: "breaking" from case terminates loop */
switch (c)
{
case EOF: /* end of flags */
break;
case 0: /* long option already handled */
continue;
case ':': /* diagnostic already printed by getopt_long */
case '?': /* diagnostic already printed by getopt_long */
usage("");
break; /* not actually reached */
case 'h': /* --help */
usage(NULL);
break; /* not actually reached */
case 'v': /* --version */
{
const char **sp = ipsec_copyright_notice();
printf("strongSwan "VERSION"%s\n", compile_time_interop_options);
for (; *sp != NULL; sp++)
puts(*sp);
}
exit_pluto(0);
break; /* not actually reached */
case '+': /* --optionsfrom <filename> */
if (!options->from(options, optarg, &argc, &argv, optind))
{
exit_pluto(1);
}
continue;
case 'd': /* --nofork*/
fork_desired = FALSE;
continue;
case 'e': /* --stderrlog */
log_to_stderr_desired = TRUE;
continue;
case 'c': /* --nocrsend */
no_cr_send = TRUE;
continue;
case 'r': /* --strictcrlpolicy */
strict_crl_policy = TRUE;
continue;
case 'x': /* --crlcheckinterval <time>*/
if (optarg == NULL || !isdigit(optarg[0]))
usage("missing interval time");
{
char *endptr;
long interval = strtol(optarg, &endptr, 0);
if (*endptr != '\0' || endptr == optarg
|| interval <= 0)
usage("<interval-time> must be a positive number");
crl_check_interval = interval;
}
continue;
case 'C': /* --cachecrls */
cache_crls = TRUE;
continue;
case 'u': /* --uniqueids */
uniqueIDs = TRUE;
continue;
case 'Z': /* --disableuniqreqids */
disable_uniqreqids = TRUE;
continue;
case 'i': /* --interface <ifname> */
if (!use_interface(optarg))
usage("too many --interface specifications");
continue;
case 'p': /* --port <portnumber> */
if (optarg == NULL || !isdigit(optarg[0]))
usage("missing port number");
{
char *endptr;
long port = strtol(optarg, &endptr, 0);
if (*endptr != '\0' || endptr == optarg
|| port <= 0 || port > 0x10000)
usage("<port-number> must be a number between 1 and 65535");
pluto_port = port;
}
continue;
case 'b': /* --ctlbase <path> */
if (snprintf(ctl_addr.sun_path, sizeof(ctl_addr.sun_path)
, "%s%s", optarg, CTL_SUFFIX) == -1)
usage("<path>" CTL_SUFFIX " too long for sun_path");
if (snprintf(info_addr.sun_path, sizeof(info_addr.sun_path)
, "%s%s", optarg, INFO_SUFFIX) == -1)
usage("<path>" INFO_SUFFIX " too long for sun_path");
if (snprintf(pluto_lock, sizeof(pluto_lock)
, "%s%s", optarg, LOCK_SUFFIX) == -1)
usage("<path>" LOCK_SUFFIX " must fit");
continue;
case 's': /* --secretsfile <secrets-file> */
shared_secrets_file = optarg;
continue;
case 'f': /* --policygroupsdir <policygroups-dir> */
policygroups_dir = optarg;
continue;
case 'a': /* --adns <pathname> */
pluto_adns_option = optarg;
continue;
case 'm': /* --pkcs11module <pathname> */
pkcs11_module_path = optarg;
continue;
case 'k': /* --pkcs11keepstate */
pkcs11_keep_state = TRUE;
continue;
case 'y': /* --pkcs11proxy */
pkcs11_proxy = TRUE;
continue;
case 'z': /* --pkcs11initargs */
pkcs11_init_args = optarg;
continue;
#ifdef DEBUG
case 'N': /* --debug-none */
base_debugging = DBG_NONE;
continue;
case 'A': /* --debug-all */
base_debugging = DBG_ALL;
continue;
#endif
case 'P': /* --perpeerlogbase */
base_perpeer_logdir = optarg;
continue;
case 'l':
log_to_perpeer = TRUE;
continue;
case '1': /* --nat_traversal */
nat_traversal = TRUE;
continue;
case '2': /* --keep_alive */
keep_alive = atoi(optarg);
continue;
case '3': /* --force_keepalive */
force_keepalive = TRUE;
continue;
case '4': /* --disable_port_floating */
nat_t_spf = FALSE;
continue;
case '5': /* --debug-nat_t */
base_debugging |= DBG_NATT;
continue;
case '6': /* --virtual_private */
virtual_private = optarg;
continue;
default:
#ifdef DEBUG
if (c >= DBG_OFFSET)
{
base_debugging |= c - DBG_OFFSET;
continue;
}
# undef DBG_OFFSET
#endif
bad_case(c);
}
break;
}
if (optind != argc)
usage("unexpected argument");
reset_debugging();
lockfd = create_lock();
/* select between logging methods */
if (log_to_stderr_desired)
{
log_to_syslog = FALSE;
}
else
{
log_to_stderr = FALSE;
}
/* set the logging function of pfkey debugging */
#ifdef DEBUG
pfkey_debug_func = DBG_log;
#else
pfkey_debug_func = NULL;
#endif
/* create control socket.
* We must create it before the parent process returns so that
* there will be no race condition in using it. The easiest
* place to do this is before the daemon fork.
*/
{
err_t ugh = init_ctl_socket();
if (ugh != NULL)
{
fprintf(stderr, "pluto: %s", ugh);
exit_pluto(1);
}
}
/* If not suppressed, do daemon fork */
if (fork_desired)
{
{
pid_t pid = fork();
if (pid < 0)
{
int e = errno;
fprintf(stderr, "pluto: fork failed (%d %s)\n",
errno, strerror(e));
exit_pluto(1);
}
if (pid != 0)
{
/* parent: die, after filling PID into lock file.
* must not use exit_pluto: lock would be removed!
*/
exit(fill_lock(lockfd, pid)? 0 : 1);
}
}
if (setsid() < 0)
{
int e = errno;
fprintf(stderr, "setsid() failed in main(). Errno %d: %s\n",
errno, strerror(e));
exit_pluto(1);
}
}
else
{
/* no daemon fork: we have to fill in lock file */
(void) fill_lock(lockfd, getpid());
fprintf(stdout, "Pluto initialized\n");
fflush(stdout);
}
/* Redirect stdin, stdout and stderr to /dev/null
*/
{
int fd;
if ((fd = open("/dev/null", O_RDWR)) == -1)
abort();
if (dup2(fd, 0) != 0)
abort();
if (dup2(fd, 1) != 1)
abort();
if (!log_to_stderr && dup2(fd, 2) != 2)
abort();
close(fd);
}
init_constants();
init_log("pluto");
/* Note: some scripts may look for this exact message -- don't change
* ipsec barf was one, but it no longer does.
*/
plog("Starting IKEv1 pluto daemon (strongSwan "VERSION")%s",
compile_time_interop_options);
if (lib->integrity)
{
plog("integrity tests enabled:");
plog("lib 'libstrongswan': passed file and segment integrity tests");
plog("lib 'libhydra': passed file and segment integrity tests");
plog("daemon 'pluto': passed file integrity test");
}
/* load plugins, further infrastructure may need it */
if (!lib->plugins->load(lib->plugins, NULL,
lib->settings->get_str(lib->settings, "pluto.load", PLUGINS)))
{
exit(SS_RC_INITIALIZATION_FAILED);
}
print_plugins();
init_builder();
if (!init_secret() || !init_crypto())
{
plog("initialization failed - aborting pluto");
exit_pluto(SS_RC_INITIALIZATION_FAILED);
}
init_nat_traversal(nat_traversal, keep_alive, force_keepalive, nat_t_spf);
init_virtual_ip(virtual_private);
scx_init(pkcs11_module_path, pkcs11_init_args);
init_states();
init_demux();
init_kernel();
init_adns();
init_myid();
fetch_initialize();
ac_initialize();
whack_attribute_initialize();
/* drop unneeded capabilities and change UID/GID */
prctl(PR_SET_KEEPCAPS, 1);
#ifdef IPSEC_GROUP
{
struct group group, *grp;
char buf[1024];
if (getgrnam_r(IPSEC_GROUP, &group, buf, sizeof(buf), &grp) != 0 ||
grp == NULL || setgid(grp->gr_gid) != 0)
{
plog("unable to change daemon group");
abort();
}
}
#endif
#ifdef IPSEC_USER
{
struct passwd passwd, *pwp;
char buf[1024];
if (getpwnam_r(IPSEC_USER, &passwd, buf, sizeof(buf), &pwp) != 0 ||
pwp == NULL || setuid(pwp->pw_uid) != 0)
{
plog("unable to change daemon user");
abort();
}
}
#endif
#ifdef CAPABILITIES_LIBCAP
{
cap_t caps;
caps = cap_init();
cap_set_flag(caps, CAP_EFFECTIVE, countof(keep), keep, CAP_SET);
cap_set_flag(caps, CAP_INHERITABLE, countof(keep), keep, CAP_SET);
cap_set_flag(caps, CAP_PERMITTED, countof(keep), keep, CAP_SET);
if (cap_set_proc(caps) != 0)
{
plog("unable to drop daemon capabilities");
abort();
}
cap_free(caps);
}
#endif /* CAPABILITIES_LIBCAP */
#ifdef CAPABILITIES_NATIVE
{
struct __user_cap_data_struct caps = { .effective = 0 };
struct __user_cap_header_struct header = {
.version = _LINUX_CAPABILITY_VERSION,
};
int i;
for (i = 0; i < countof(keep); i++)
{
caps.effective |= 1 << keep[i];
caps.permitted |= 1 << keep[i];
caps.inheritable |= 1 << keep[i];
}
if (capset(&header, &caps) != 0)
{
plog("unable to drop daemon capabilities");
abort();
}
}
#endif /* CAPABILITIES_NATIVE */
/* loading X.509 CA certificates */
load_authcerts("ca", CA_CERT_PATH, X509_CA);
/* loading X.509 AA certificates */
load_authcerts("aa", AA_CERT_PATH, X509_AA);
/* loading X.509 OCSP certificates */
load_authcerts("ocsp", OCSP_CERT_PATH, X509_OCSP_SIGNER);
/* loading X.509 CRLs */
load_crls();
/* loading attribute certificates (experimental) */
ac_load_certs();
lib->processor->set_threads(lib->processor,
lib->settings->get_int(lib->settings, "pluto.threads",
DEFAULT_THREADS));
daily_log_event();
call_server();
return -1; /* Shouldn't ever reach this */
}
/* leave pluto, with status.
* Once child is launched, parent must not exit this way because
* the lock would be released.
*
* 0 OK
* 1 general discomfort
* 10 lock file exists
*/
void exit_pluto(int status)
{
lib->processor->set_threads(lib->processor, 0);
reset_globals(); /* needed because we may be called in odd state */
free_preshared_secrets();
free_remembered_public_keys();
delete_every_connection();
whack_attribute_finalize(); /* free in-memory pools */
kernel_finalize();
fetch_finalize(); /* stop fetching thread */
free_crl_fetch(); /* free chain of crl fetch requests */
free_ocsp_fetch(); /* free chain of ocsp fetch requests */
free_authcerts(); /* free chain of X.509 authority certificates */
free_crls(); /* free chain of X.509 CRLs */
free_ca_infos(); /* free chain of X.509 CA information records */
free_ocsp(); /* free ocsp cache */
free_ifaces();
ac_finalize(); /* free X.509 attribute certificates */
scx_finalize(); /* finalize and unload PKCS #11 module */
stop_adns();
free_md_pool();
free_crypto();
free_myid(); /* free myids */
free_events(); /* free remaining events */
free_vendorid(); /* free all vendor id records */
free_builder();
delete_lock();
options->destroy(options);
pluto_deinit();
lib->plugins->unload(lib->plugins);
libhydra_deinit();
library_deinit();
close_log();
exit(status);
}
/**
* pevent_filter_add_filter_str - add a new filter
* @filter: the event filter to add to
* @filter_str: the filter string that contains the filter
* @error_str: string containing reason for failed filter
*
* Returns 0 if the filter was successfully added
* -1 if there was an error.
*
* On error, if @error_str points to a string pointer,
* it is set to the reason that the filter failed.
* This string must be freed with "free".
*/
int pevent_filter_add_filter_str(struct event_filter *filter,
const char *filter_str,
char **error_str)
{
struct pevent *pevent = filter->pevent;
struct event_list *event;
struct event_list *events = NULL;
const char *filter_start;
const char *next_event;
char *this_event;
char *event_name = NULL;
char *sys_name = NULL;
char *sp;
int rtn = 0;
int len;
int ret;
/* clear buffer to reset show error */
pevent_buffer_init("", 0);
if (error_str)
*error_str = NULL;
filter_start = strchr(filter_str, ':');
if (filter_start)
len = filter_start - filter_str;
else
len = strlen(filter_str);
do {
next_event = strchr(filter_str, ',');
if (next_event &&
(!filter_start || next_event < filter_start))
len = next_event - filter_str;
else if (filter_start)
len = filter_start - filter_str;
else
len = strlen(filter_str);
this_event = malloc_or_die(len + 1);
memcpy(this_event, filter_str, len);
this_event[len] = 0;
if (next_event)
next_event++;
filter_str = next_event;
sys_name = strtok_r(this_event, "/", &sp);
event_name = strtok_r(NULL, "/", &sp);
if (!sys_name) {
show_error(error_str, "No filter found");
/* This can only happen when events is NULL, but still */
free_events(events);
free(this_event);
return -1;
}
/* Find this event */
ret = find_event(pevent, &events, strim(sys_name), strim(event_name));
if (ret < 0) {
if (event_name)
show_error(error_str,
"No event found under '%s.%s'",
sys_name, event_name);
else
show_error(error_str,
"No event found under '%s'",
sys_name);
free_events(events);
free(this_event);
return -1;
}
free(this_event);
} while (filter_str);
/* Skip the ':' */
if (filter_start)
filter_start++;
/* filter starts here */
for (event = events; event; event = event->next) {
ret = filter_event(filter, event->event, filter_start,
error_str);
/* Failures are returned if a parse error happened */
if (ret < 0)
rtn = ret;
if (ret >= 0 && pevent->test_filters) {
char *test;
test = pevent_filter_make_string(filter, event->event->id);
printf(" '%s: %s'\n", event->event->name, test);
free(test);
}
}
free_events(events);
if (rtn >= 0 && pevent->test_filters)
exit(0);
return rtn;
}
