/* leave pluto, with status. * Once child is launched, parent must not exit this way because * the lock would be released. * * 0 OK * 1 general discomfort * 10 lock file exists */ void exit_pluto(int status) { reset_globals(); /* needed because we may be called in odd state */ free_preshared_secrets(); free_remembered_public_keys(); close_ha_iface(); delete_every_connection(); whack_attribute_finalize(); /* free in-memory pools */ fetch_finalize(); /* stop fetching thread */ free_crl_fetch(); /* free chain of crl fetch requests */ free_ocsp_fetch(); /* free chain of ocsp fetch requests */ free_authcerts(); /* free chain of X.509 authority certificates */ free_crls(); /* free chain of X.509 CRLs */ free_ca_infos(); /* free chain of X.509 CA information records */ free_ocsp(); /* free ocsp cache */ free_ifaces(); ac_finalize(); /* free X.509 attribute certificates */ scx_finalize(); /* finalize and unload PKCS #11 module */ stop_adns(); free_md_pool(); free_crypto(); free_myid(); /* free myids */ free_events(); /* free remaining events */ free_vendorid(); /* free all vendor id records */ free_builder(); delete_lock(); options->destroy(options); pluto_deinit(); lib->plugins->unload(lib->plugins); libhydra_deinit(); library_deinit(); close_log(); exit(status); }
void remove_player(t_ctrl *c, t_player *p) { t_frame *tmp; if (!p) { fprintf(stderr, RED"Player doesn't exists"END); return ; } printf(GREEN"Removing player #%d in (%d, %d)"END, p->id, p->x, p->y); if (p->lvl >= 8) p->t->nblvlmax--; remove_life_node(c, p); _remove_from_team(p->t, p); free_events(p->e); p->e = NULL; tmp = getframe(c, p->x, p->y); while (tmp && (void *)tmp->p != (void *)p) tmp = tmp->next; if (tmp) { unset_elem_from_map(c, tmp, p->x, p->y); free(tmp); free(p); } else fprintf(stderr, RED"Player #%d not found"END, p->id); }
void free_events(t_event *e) { if (e) { free_events(e->next); free(e->param); free(e); } }
static ERL_NIF_TERM parse(ErlNifEnv* env, yaml_parser_t *parser, int flags, unsigned char *data, int size) { int result = 0, done = 0; yaml_event_t *event = NULL; events_t *prev_events = NULL; events_t *events = NULL; ERL_NIF_TERM rterm; yaml_parser_set_input_string(parser, data, size); do { event = enif_alloc(sizeof(yaml_event_t)); result = yaml_parser_parse(parser, event); if (result) { prev_events = events; events = enif_alloc(sizeof(events_t)); events->event = event; events->prev = prev_events; done = (event->type == YAML_STREAM_END_EVENT); } else { enif_free(event); done = 1; } } while (!done); if (result) { rterm = enif_make_tuple2(env, enif_make_atom(env, "ok"), process_events(env, &events, parser, flags)); } else { rterm = make_error(env, parser); } free_events(&events); return rterm; }
int main (int argc, char **argv) { GOptionContext *context; gboolean retval; GError *error = NULL; int report_type; int uid; GTimeVal timestamp; gboolean use_since; static gboolean do_version = FALSE; static gboolean report_last_compat = FALSE; static gboolean report_last = FALSE; static gboolean report_frequent = FALSE; static gboolean report_log = FALSE; static char *username = NULL; static char *seat = NULL; static char *session_type = NULL; static char *since = NULL; static GOptionEntry entries [] = { { "version", 'V', G_OPTION_FLAG_IN_MAIN, G_OPTION_ARG_NONE, &do_version, N_("Version of this application"), NULL }, { "frequent", 0, G_OPTION_FLAG_IN_MAIN, G_OPTION_ARG_NONE, &report_frequent, N_("Show listing of frequent users"), NULL }, { "last", 0, G_OPTION_FLAG_IN_MAIN, G_OPTION_ARG_NONE, &report_last, N_("Show listing of last logged in users"), NULL }, { "last-compat", 0, G_OPTION_FLAG_IN_MAIN, G_OPTION_ARG_NONE, &report_last_compat, N_("Show 'last' compatible listing of last logged in users"), NULL }, { "log", 0, G_OPTION_FLAG_IN_MAIN, G_OPTION_ARG_NONE, &report_log, N_("Show full event log"), NULL }, { "seat", 's', G_OPTION_FLAG_IN_MAIN, G_OPTION_ARG_STRING, &seat, N_("Show entries for the specified seat"), N_("SEAT") }, { "session-type", 't', G_OPTION_FLAG_IN_MAIN, G_OPTION_ARG_STRING, &session_type, N_("Show entries for the specified session type"), N_("TYPE") }, { "user", 'u', G_OPTION_FLAG_IN_MAIN, G_OPTION_ARG_STRING, &username, N_("Show entries for the specified user"), N_("NAME") }, { "since", 0, G_OPTION_FLAG_IN_MAIN, G_OPTION_ARG_STRING, &since, N_("Show entries since the specified time (ISO 8601 format)"), N_("DATETIME") }, { NULL } }; /* Setup for i18n */ setlocale(LC_ALL, ""); #ifdef ENABLE_NLS bindtextdomain(PACKAGE, LOCALEDIR); textdomain(PACKAGE); #endif context = g_option_context_new (NULL); g_option_context_add_main_entries (context, entries, NULL); retval = g_option_context_parse (context, &argc, &argv, &error); g_option_context_free (context); if (! retval) { g_warning ("%s", error->message); g_error_free (error); exit (1); } if (do_version) { g_print ("%s %s\n", argv [0], VERSION); exit (1); } use_since = FALSE; if (since != NULL) { use_since = g_time_val_from_iso8601 (since, ×tamp); if (! use_since) { g_warning ("Invalid ISO 8601 time value"); exit (1); } } if (report_last_compat) { report_type = REPORT_TYPE_LAST_COMPAT; } else if (report_last) { report_type = REPORT_TYPE_LAST; } else if (report_frequent) { report_type = REPORT_TYPE_FREQUENT; } else if (report_log) { report_type = REPORT_TYPE_LOG; } else { report_type = REPORT_TYPE_SUMMARY; } if (username != NULL) { uid = get_uid_for_username (username); if (uid == -1) { g_warning ("Unknown username: %s", username); exit (1); } } else { uid = -1; } if (use_since) { process_logs (×tamp); } else { process_logs (NULL); } generate_report (report_type, uid, seat, session_type); free_events (); return 0; }
int main(int argc,char **argv) { edg_wll_Context ctx; char *errt,*errd; edg_wll_Event *events = NULL; edg_wlc_JobId job; int i,opt,delay = 1,count = 0, proxy = 0; if (argc < 2) help(argv[0]); if (edg_wll_InitContext(&ctx) != 0) { fprintf(stderr, "Couldn't create L&B context.\n"); return 1; } while ((opt=getopt(argc,argv,"r:d:xX:")) != -1) switch (opt) { case 'd': delay = atoi(optarg); break; case 'r': count = atoi(optarg); break; case 'x': proxy = 1; break; case 'X': proxy = 1; edg_wll_SetParam(ctx, EDG_WLL_PARAM_LBPROXY_SERVE_SOCK, optarg); break; default: help(argv[0]); } if (edg_wlc_JobIdParse(argv[optind],&job)) { fprintf(stderr,"%s: can't parse job ID\n",argv[1]); return 1; } #ifdef USE_CALLBACKS edg_wll_RegisterTestQueryEvents(query_events_cb); #endif if ( proxy ? edg_wll_JobLogProxy(ctx,job,&events) : edg_wll_JobLog(ctx,job,&events) ) { edg_wll_Error(ctx,&errt,&errd); fprintf(stderr,"%s: %s (%s)\n",argv[0],errt,errd); } for ( i = 0; events && events[i].type != EDG_WLL_EVENT_UNDEF; i++ ) { char *e = edg_wll_UnparseEvent(ctx,events+i); fputs(e,stdout); fputs("\n",stdout); free(e); } free_events(events); printf("\nFound %d events\n",i); while (count--) { puts("Sleeping ..."); sleep(delay); if (proxy ? edg_wll_JobLogProxy(ctx,job,&events) : edg_wll_JobLog(ctx,job,&events)) { edg_wll_Error(ctx,&errt,&errd); fprintf(stderr,"%s: %s (%s)\n",argv[0],errt,errd); free(errt); free(errd); errt = errd = NULL; free_events(events); } else puts("OK"); } edg_wlc_JobIdFree(job); edg_wll_FreeContext(ctx); #ifdef USE_CALLBACKS edg_wll_UnregisterTestQueryEvents(); #endif return 0; #ifdef USE_CALLBACKS edg_wll_UnregisterTestQueryEvents(); #endif switch (edg_wll_Error(ctx,&errt,&errd)) { case 0: break; case ENOENT: puts("No events found"); break; default: fprintf(stderr,"%s: %s (%s)\n",argv[0],errt,errd); return 1; } edg_wlc_JobIdFree(job); edg_wll_FreeContext(ctx); return 0; }
/** * read_events - Read JSON performance counter event list * @fn: File name to read. NULL to chose default location. * * Read the JSON event list fn. The other functions in the library * automatically read the default event list for the current CPU, * but calling this explicitly is useful to chose a specific one. * * Return: -1 on failure, otherwise 0. */ int read_events(char *fn) { if (eventlist) free_events(); return json_events(NULL, collect_events, NULL); }
int main(int argc,char **argv) { edg_wll_Context ctx; char *errt,*errd,*e,a; edg_wll_Event *events; int i; edg_wll_QueryRec jq[2],eq[2]; edg_wlc_JobId job; edg_wll_Source src; if (argc != 3) help(argv[0]); puts( "*\n" "* USE WITH CARE, AT YOUR OWN RISK, UNDER ABNORMAL CONDITIONS ONLY,\n" "* AND BE ALWAYS SURE WHAT YOU ARE DOING.\n" "* \n" "* THIS PROGRAM IS A PERFECT EXAMPLE HOW L&B SEQENCE CODES SHOULD NOT BE USED\n" "* IN NORMAL OPERATION.\n" "\n" "Do you want to proceed?" ); scanf("%c",&a); if (a != 'y' && a != 'Y') return 1; if (edg_wll_InitContext(&ctx) != 0) { fprintf(stderr, "Couldn't create L&B context.\n"); return 1; } if (edg_wlc_JobIdParse(argv[1],&job)) { fprintf(stderr,"%s: can't parse job ID\n",argv[1]); return 1; } if (( src = edg_wll_StringToSource(argv[2])) == EDG_WLL_SOURCE_NONE) { fprintf(stderr,"%s: unknown event source\n",argv[2]); return 1; } jq[0].attr = EDG_WLL_QUERY_ATTR_JOBID; jq[0].op = EDG_WLL_QUERY_OP_EQUAL; jq[0].value.j = job; jq[1].attr = EDG_WLL_QUERY_ATTR_UNDEF; eq[0].attr = EDG_WLL_QUERY_ATTR_SOURCE; eq[0].op = EDG_WLL_QUERY_OP_EQUAL; eq[0].value.i = src; eq[1].attr = EDG_WLL_QUERY_ATTR_UNDEF; if ( edg_wll_QueryEvents(ctx,jq,eq,&events) ) { if ( edg_wll_Error(ctx, &errt, &errd) != E2BIG ) goto err; fprintf(stderr,"%s: %s (%s)\n",argv[0],errt,errd); } for ( i = 0; events[i].type != EDG_WLL_EVENT_UNDEF; i++ ); e = edg_wll_UnparseEvent(ctx,events+i-1); fputs(e,stdout); fputs("\n",stdout); if (edg_wll_SetParam(ctx,EDG_WLL_PARAM_SOURCE,src) || edg_wll_SetLoggingJob(ctx,job,events[i-1].any.seqcode,EDG_WLL_SEQ_NORMAL) || edg_wll_IncSequenceCode(ctx) || /* necessary to simulate this * call in last event logging * _after_ current seq. was used */ edg_wll_LogAbort(ctx,"manual abort")) goto err; free(e); free_events(events); edg_wll_FreeContext(ctx); return 0; err: switch (edg_wll_Error(ctx,&errt,&errd)) { case 0: break; case ENOENT: puts("No events found"); break; default: fprintf(stderr,"%s: %s (%s)\n",argv[0],errt,errd); return 1; } edg_wll_FreeContext(ctx); return 0; }
EAPI void tsuite_evas_hook_reset(void) { /* tsuite.c informs us that vr_list is no longer valid */ if (vr_list) vr_list = free_events(vr_list, _hook_setting->recording); }
int main(int argc, char **argv) { bool fork_desired = TRUE; bool log_to_stderr_desired = FALSE; bool nat_traversal = FALSE; bool nat_t_spf = TRUE; /* support port floating */ unsigned int keep_alive = 0; bool force_keepalive = FALSE; char *virtual_private = NULL; int lockfd; #ifdef CAPABILITIES int keep[] = { CAP_NET_ADMIN, CAP_NET_BIND_SERVICE }; #endif /* CAPABILITIES */ /* initialize library and optionsfrom */ if (!library_init(NULL)) { library_deinit(); exit(SS_RC_LIBSTRONGSWAN_INTEGRITY); } if (!libhydra_init("pluto")) { libhydra_deinit(); library_deinit(); exit(SS_RC_INITIALIZATION_FAILED); } if (!pluto_init(argv[0])) { pluto_deinit(); libhydra_deinit(); library_deinit(); exit(SS_RC_DAEMON_INTEGRITY); } options = options_create(); /* handle arguments */ for (;;) { # define DBG_OFFSET 256 static const struct option long_opts[] = { /* name, has_arg, flag, val */ { "help", no_argument, NULL, 'h' }, { "version", no_argument, NULL, 'v' }, { "optionsfrom", required_argument, NULL, '+' }, { "nofork", no_argument, NULL, 'd' }, { "stderrlog", no_argument, NULL, 'e' }, { "nocrsend", no_argument, NULL, 'c' }, { "strictcrlpolicy", no_argument, NULL, 'r' }, { "crlcheckinterval", required_argument, NULL, 'x'}, { "cachecrls", no_argument, NULL, 'C' }, { "uniqueids", no_argument, NULL, 'u' }, { "disableuniqreqids", no_argument, NULL, 'Z'}, { "interface", required_argument, NULL, 'i' }, { "ikeport", required_argument, NULL, 'p' }, { "ctlbase", required_argument, NULL, 'b' }, { "secretsfile", required_argument, NULL, 's' }, { "foodgroupsdir", required_argument, NULL, 'f' }, { "perpeerlogbase", required_argument, NULL, 'P' }, { "perpeerlog", no_argument, NULL, 'l' }, { "policygroupsdir", required_argument, NULL, 'f' }, #ifdef USE_LWRES { "lwdnsq", required_argument, NULL, 'a' }, #else /* !USE_LWRES */ { "adns", required_argument, NULL, 'a' }, #endif /* !USE_LWRES */ { "pkcs11module", required_argument, NULL, 'm' }, { "pkcs11keepstate", no_argument, NULL, 'k' }, { "pkcs11initargs", required_argument, NULL, 'z' }, { "pkcs11proxy", no_argument, NULL, 'y' }, { "nat_traversal", no_argument, NULL, '1' }, { "keep_alive", required_argument, NULL, '2' }, { "force_keepalive", no_argument, NULL, '3' }, { "disable_port_floating", no_argument, NULL, '4' }, { "debug-natt", no_argument, NULL, '5' }, { "virtual_private", required_argument, NULL, '6' }, #ifdef DEBUG { "debug-none", no_argument, NULL, 'N' }, { "debug-all", no_argument, NULL, 'A' }, { "debug-raw", no_argument, NULL, DBG_RAW + DBG_OFFSET }, { "debug-crypt", no_argument, NULL, DBG_CRYPT + DBG_OFFSET }, { "debug-parsing", no_argument, NULL, DBG_PARSING + DBG_OFFSET }, { "debug-emitting", no_argument, NULL, DBG_EMITTING + DBG_OFFSET }, { "debug-control", no_argument, NULL, DBG_CONTROL + DBG_OFFSET }, { "debug-lifecycle", no_argument, NULL, DBG_LIFECYCLE + DBG_OFFSET }, { "debug-klips", no_argument, NULL, DBG_KERNEL + DBG_OFFSET }, { "debug-kernel", no_argument, NULL, DBG_KERNEL + DBG_OFFSET }, { "debug-dns", no_argument, NULL, DBG_DNS + DBG_OFFSET }, { "debug-oppo", no_argument, NULL, DBG_OPPO + DBG_OFFSET }, { "debug-controlmore", no_argument, NULL, DBG_CONTROLMORE + DBG_OFFSET }, { "debug-private", no_argument, NULL, DBG_PRIVATE + DBG_OFFSET }, { "impair-delay-adns-key-answer", no_argument, NULL, IMPAIR_DELAY_ADNS_KEY_ANSWER + DBG_OFFSET }, { "impair-delay-adns-txt-answer", no_argument, NULL, IMPAIR_DELAY_ADNS_TXT_ANSWER + DBG_OFFSET }, { "impair-bust-mi2", no_argument, NULL, IMPAIR_BUST_MI2 + DBG_OFFSET }, { "impair-bust-mr2", no_argument, NULL, IMPAIR_BUST_MR2 + DBG_OFFSET }, #endif { 0,0,0,0 } }; /* Note: we don't like the way short options get parsed * by getopt_long, so we simply pass an empty string as * the list. It could be "hvdenp:l:s:" "NARXPECK". */ int c = getopt_long(argc, argv, "", long_opts, NULL); /* Note: "breaking" from case terminates loop */ switch (c) { case EOF: /* end of flags */ break; case 0: /* long option already handled */ continue; case ':': /* diagnostic already printed by getopt_long */ case '?': /* diagnostic already printed by getopt_long */ usage(""); break; /* not actually reached */ case 'h': /* --help */ usage(NULL); break; /* not actually reached */ case 'v': /* --version */ { const char **sp = ipsec_copyright_notice(); printf("strongSwan "VERSION"%s\n", compile_time_interop_options); for (; *sp != NULL; sp++) puts(*sp); } exit_pluto(0); break; /* not actually reached */ case '+': /* --optionsfrom <filename> */ if (!options->from(options, optarg, &argc, &argv, optind)) { exit_pluto(1); } continue; case 'd': /* --nofork*/ fork_desired = FALSE; continue; case 'e': /* --stderrlog */ log_to_stderr_desired = TRUE; continue; case 'c': /* --nocrsend */ no_cr_send = TRUE; continue; case 'r': /* --strictcrlpolicy */ strict_crl_policy = TRUE; continue; case 'x': /* --crlcheckinterval <time>*/ if (optarg == NULL || !isdigit(optarg[0])) usage("missing interval time"); { char *endptr; long interval = strtol(optarg, &endptr, 0); if (*endptr != '\0' || endptr == optarg || interval <= 0) usage("<interval-time> must be a positive number"); crl_check_interval = interval; } continue; case 'C': /* --cachecrls */ cache_crls = TRUE; continue; case 'u': /* --uniqueids */ uniqueIDs = TRUE; continue; case 'Z': /* --disableuniqreqids */ disable_uniqreqids = TRUE; continue; case 'i': /* --interface <ifname> */ if (!use_interface(optarg)) usage("too many --interface specifications"); continue; case 'p': /* --port <portnumber> */ if (optarg == NULL || !isdigit(optarg[0])) usage("missing port number"); { char *endptr; long port = strtol(optarg, &endptr, 0); if (*endptr != '\0' || endptr == optarg || port <= 0 || port > 0x10000) usage("<port-number> must be a number between 1 and 65535"); pluto_port = port; } continue; case 'b': /* --ctlbase <path> */ if (snprintf(ctl_addr.sun_path, sizeof(ctl_addr.sun_path) , "%s%s", optarg, CTL_SUFFIX) == -1) usage("<path>" CTL_SUFFIX " too long for sun_path"); if (snprintf(info_addr.sun_path, sizeof(info_addr.sun_path) , "%s%s", optarg, INFO_SUFFIX) == -1) usage("<path>" INFO_SUFFIX " too long for sun_path"); if (snprintf(pluto_lock, sizeof(pluto_lock) , "%s%s", optarg, LOCK_SUFFIX) == -1) usage("<path>" LOCK_SUFFIX " must fit"); continue; case 's': /* --secretsfile <secrets-file> */ shared_secrets_file = optarg; continue; case 'f': /* --policygroupsdir <policygroups-dir> */ policygroups_dir = optarg; continue; case 'a': /* --adns <pathname> */ pluto_adns_option = optarg; continue; case 'm': /* --pkcs11module <pathname> */ pkcs11_module_path = optarg; continue; case 'k': /* --pkcs11keepstate */ pkcs11_keep_state = TRUE; continue; case 'y': /* --pkcs11proxy */ pkcs11_proxy = TRUE; continue; case 'z': /* --pkcs11initargs */ pkcs11_init_args = optarg; continue; #ifdef DEBUG case 'N': /* --debug-none */ base_debugging = DBG_NONE; continue; case 'A': /* --debug-all */ base_debugging = DBG_ALL; continue; #endif case 'P': /* --perpeerlogbase */ base_perpeer_logdir = optarg; continue; case 'l': log_to_perpeer = TRUE; continue; case '1': /* --nat_traversal */ nat_traversal = TRUE; continue; case '2': /* --keep_alive */ keep_alive = atoi(optarg); continue; case '3': /* --force_keepalive */ force_keepalive = TRUE; continue; case '4': /* --disable_port_floating */ nat_t_spf = FALSE; continue; case '5': /* --debug-nat_t */ base_debugging |= DBG_NATT; continue; case '6': /* --virtual_private */ virtual_private = optarg; continue; default: #ifdef DEBUG if (c >= DBG_OFFSET) { base_debugging |= c - DBG_OFFSET; continue; } # undef DBG_OFFSET #endif bad_case(c); } break; } if (optind != argc) usage("unexpected argument"); reset_debugging(); lockfd = create_lock(); /* select between logging methods */ if (log_to_stderr_desired) { log_to_syslog = FALSE; } else { log_to_stderr = FALSE; } /* set the logging function of pfkey debugging */ #ifdef DEBUG pfkey_debug_func = DBG_log; #else pfkey_debug_func = NULL; #endif /* create control socket. * We must create it before the parent process returns so that * there will be no race condition in using it. The easiest * place to do this is before the daemon fork. */ { err_t ugh = init_ctl_socket(); if (ugh != NULL) { fprintf(stderr, "pluto: %s", ugh); exit_pluto(1); } } /* If not suppressed, do daemon fork */ if (fork_desired) { { pid_t pid = fork(); if (pid < 0) { int e = errno; fprintf(stderr, "pluto: fork failed (%d %s)\n", errno, strerror(e)); exit_pluto(1); } if (pid != 0) { /* parent: die, after filling PID into lock file. * must not use exit_pluto: lock would be removed! */ exit(fill_lock(lockfd, pid)? 0 : 1); } } if (setsid() < 0) { int e = errno; fprintf(stderr, "setsid() failed in main(). Errno %d: %s\n", errno, strerror(e)); exit_pluto(1); } } else { /* no daemon fork: we have to fill in lock file */ (void) fill_lock(lockfd, getpid()); fprintf(stdout, "Pluto initialized\n"); fflush(stdout); } /* Redirect stdin, stdout and stderr to /dev/null */ { int fd; if ((fd = open("/dev/null", O_RDWR)) == -1) abort(); if (dup2(fd, 0) != 0) abort(); if (dup2(fd, 1) != 1) abort(); if (!log_to_stderr && dup2(fd, 2) != 2) abort(); close(fd); } init_constants(); init_log("pluto"); /* Note: some scripts may look for this exact message -- don't change * ipsec barf was one, but it no longer does. */ plog("Starting IKEv1 pluto daemon (strongSwan "VERSION")%s", compile_time_interop_options); if (lib->integrity) { plog("integrity tests enabled:"); plog("lib 'libstrongswan': passed file and segment integrity tests"); plog("lib 'libhydra': passed file and segment integrity tests"); plog("daemon 'pluto': passed file integrity test"); } /* load plugins, further infrastructure may need it */ if (!lib->plugins->load(lib->plugins, NULL, lib->settings->get_str(lib->settings, "pluto.load", PLUGINS))) { exit(SS_RC_INITIALIZATION_FAILED); } print_plugins(); init_builder(); if (!init_secret() || !init_crypto()) { plog("initialization failed - aborting pluto"); exit_pluto(SS_RC_INITIALIZATION_FAILED); } init_nat_traversal(nat_traversal, keep_alive, force_keepalive, nat_t_spf); init_virtual_ip(virtual_private); scx_init(pkcs11_module_path, pkcs11_init_args); init_states(); init_demux(); init_kernel(); init_adns(); init_myid(); fetch_initialize(); ac_initialize(); whack_attribute_initialize(); /* drop unneeded capabilities and change UID/GID */ prctl(PR_SET_KEEPCAPS, 1); #ifdef IPSEC_GROUP { struct group group, *grp; char buf[1024]; if (getgrnam_r(IPSEC_GROUP, &group, buf, sizeof(buf), &grp) != 0 || grp == NULL || setgid(grp->gr_gid) != 0) { plog("unable to change daemon group"); abort(); } } #endif #ifdef IPSEC_USER { struct passwd passwd, *pwp; char buf[1024]; if (getpwnam_r(IPSEC_USER, &passwd, buf, sizeof(buf), &pwp) != 0 || pwp == NULL || setuid(pwp->pw_uid) != 0) { plog("unable to change daemon user"); abort(); } } #endif #ifdef CAPABILITIES_LIBCAP { cap_t caps; caps = cap_init(); cap_set_flag(caps, CAP_EFFECTIVE, countof(keep), keep, CAP_SET); cap_set_flag(caps, CAP_INHERITABLE, countof(keep), keep, CAP_SET); cap_set_flag(caps, CAP_PERMITTED, countof(keep), keep, CAP_SET); if (cap_set_proc(caps) != 0) { plog("unable to drop daemon capabilities"); abort(); } cap_free(caps); } #endif /* CAPABILITIES_LIBCAP */ #ifdef CAPABILITIES_NATIVE { struct __user_cap_data_struct caps = { .effective = 0 }; struct __user_cap_header_struct header = { .version = _LINUX_CAPABILITY_VERSION, }; int i; for (i = 0; i < countof(keep); i++) { caps.effective |= 1 << keep[i]; caps.permitted |= 1 << keep[i]; caps.inheritable |= 1 << keep[i]; } if (capset(&header, &caps) != 0) { plog("unable to drop daemon capabilities"); abort(); } } #endif /* CAPABILITIES_NATIVE */ /* loading X.509 CA certificates */ load_authcerts("ca", CA_CERT_PATH, X509_CA); /* loading X.509 AA certificates */ load_authcerts("aa", AA_CERT_PATH, X509_AA); /* loading X.509 OCSP certificates */ load_authcerts("ocsp", OCSP_CERT_PATH, X509_OCSP_SIGNER); /* loading X.509 CRLs */ load_crls(); /* loading attribute certificates (experimental) */ ac_load_certs(); lib->processor->set_threads(lib->processor, lib->settings->get_int(lib->settings, "pluto.threads", DEFAULT_THREADS)); daily_log_event(); call_server(); return -1; /* Shouldn't ever reach this */ } /* leave pluto, with status. * Once child is launched, parent must not exit this way because * the lock would be released. * * 0 OK * 1 general discomfort * 10 lock file exists */ void exit_pluto(int status) { lib->processor->set_threads(lib->processor, 0); reset_globals(); /* needed because we may be called in odd state */ free_preshared_secrets(); free_remembered_public_keys(); delete_every_connection(); whack_attribute_finalize(); /* free in-memory pools */ kernel_finalize(); fetch_finalize(); /* stop fetching thread */ free_crl_fetch(); /* free chain of crl fetch requests */ free_ocsp_fetch(); /* free chain of ocsp fetch requests */ free_authcerts(); /* free chain of X.509 authority certificates */ free_crls(); /* free chain of X.509 CRLs */ free_ca_infos(); /* free chain of X.509 CA information records */ free_ocsp(); /* free ocsp cache */ free_ifaces(); ac_finalize(); /* free X.509 attribute certificates */ scx_finalize(); /* finalize and unload PKCS #11 module */ stop_adns(); free_md_pool(); free_crypto(); free_myid(); /* free myids */ free_events(); /* free remaining events */ free_vendorid(); /* free all vendor id records */ free_builder(); delete_lock(); options->destroy(options); pluto_deinit(); lib->plugins->unload(lib->plugins); libhydra_deinit(); library_deinit(); close_log(); exit(status); }
/** * pevent_filter_add_filter_str - add a new filter * @filter: the event filter to add to * @filter_str: the filter string that contains the filter * @error_str: string containing reason for failed filter * * Returns 0 if the filter was successfully added * -1 if there was an error. * * On error, if @error_str points to a string pointer, * it is set to the reason that the filter failed. * This string must be freed with "free". */ int pevent_filter_add_filter_str(struct event_filter *filter, const char *filter_str, char **error_str) { struct pevent *pevent = filter->pevent; struct event_list *event; struct event_list *events = NULL; const char *filter_start; const char *next_event; char *this_event; char *event_name = NULL; char *sys_name = NULL; char *sp; int rtn = 0; int len; int ret; /* clear buffer to reset show error */ pevent_buffer_init("", 0); if (error_str) *error_str = NULL; filter_start = strchr(filter_str, ':'); if (filter_start) len = filter_start - filter_str; else len = strlen(filter_str); do { next_event = strchr(filter_str, ','); if (next_event && (!filter_start || next_event < filter_start)) len = next_event - filter_str; else if (filter_start) len = filter_start - filter_str; else len = strlen(filter_str); this_event = malloc_or_die(len + 1); memcpy(this_event, filter_str, len); this_event[len] = 0; if (next_event) next_event++; filter_str = next_event; sys_name = strtok_r(this_event, "/", &sp); event_name = strtok_r(NULL, "/", &sp); if (!sys_name) { show_error(error_str, "No filter found"); /* This can only happen when events is NULL, but still */ free_events(events); free(this_event); return -1; } /* Find this event */ ret = find_event(pevent, &events, strim(sys_name), strim(event_name)); if (ret < 0) { if (event_name) show_error(error_str, "No event found under '%s.%s'", sys_name, event_name); else show_error(error_str, "No event found under '%s'", sys_name); free_events(events); free(this_event); return -1; } free(this_event); } while (filter_str); /* Skip the ':' */ if (filter_start) filter_start++; /* filter starts here */ for (event = events; event; event = event->next) { ret = filter_event(filter, event->event, filter_start, error_str); /* Failures are returned if a parse error happened */ if (ret < 0) rtn = ret; if (ret >= 0 && pevent->test_filters) { char *test; test = pevent_filter_make_string(filter, event->event->id); printf(" '%s: %s'\n", event->event->name, test); free(test); } } free_events(events); if (rtn >= 0 && pevent->test_filters) exit(0); return rtn; }