1 | /* |
---|
2 | * Copyright (c) 2018 embedded brains GmbH. All rights reserved. |
---|
3 | * |
---|
4 | * embedded brains GmbH |
---|
5 | * Dornierstr. 4 |
---|
6 | * 82178 Puchheim |
---|
7 | * Germany |
---|
8 | * <rtems@embedded-brains.de> |
---|
9 | * |
---|
10 | * Redistribution and use in source and binary forms, with or without |
---|
11 | * modification, are permitted provided that the following conditions |
---|
12 | * are met: |
---|
13 | * 1. Redistributions of source code must retain the above copyright |
---|
14 | * notice, this list of conditions and the following disclaimer. |
---|
15 | * 2. Redistributions in binary form must reproduce the above copyright |
---|
16 | * notice, this list of conditions and the following disclaimer in the |
---|
17 | * documentation and/or other materials provided with the distribution. |
---|
18 | * |
---|
19 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND |
---|
20 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
---|
21 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
---|
22 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE |
---|
23 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL |
---|
24 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS |
---|
25 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
---|
26 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT |
---|
27 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY |
---|
28 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
---|
29 | * SUCH DAMAGE. |
---|
30 | */ |
---|
31 | |
---|
32 | /* |
---|
33 | * Handle the IPSec and ike related directives found in rc.conf. |
---|
34 | * - ipsec_enable |
---|
35 | * - ipsec_file |
---|
36 | * - ike_enable |
---|
37 | * - ike_program |
---|
38 | * - ike_flags |
---|
39 | * - ike_priority |
---|
40 | * |
---|
41 | * Notes: |
---|
42 | * - `ike_...` seems not to be included in the rc.conf man page. But the |
---|
43 | * parameters are there in the default rc.conf file. So handle them. |
---|
44 | * - For ike_program, "racoon" is the only supported one (without any path). |
---|
45 | */ |
---|
46 | |
---|
47 | #include <rtems.h> |
---|
48 | #include <rtems/ipsec.h> |
---|
49 | |
---|
50 | #include <errno.h> |
---|
51 | #include <stdint.h> |
---|
52 | #include <stdio.h> |
---|
53 | #include <stdlib.h> |
---|
54 | #include <string.h> |
---|
55 | #include <strings.h> |
---|
56 | |
---|
57 | #include <machine/rtems-bsd-commands.h> |
---|
58 | #include <machine/rtems-bsd-rc-conf-services.h> |
---|
59 | |
---|
60 | static int |
---|
61 | ipsec_service(rtems_bsd_rc_conf* rc_conf) |
---|
62 | { |
---|
63 | rtems_bsd_rc_conf_argc_argv* aa; |
---|
64 | int r; |
---|
65 | int erroroccured = 0; |
---|
66 | |
---|
67 | aa = rtems_bsd_rc_conf_argc_argv_create(); |
---|
68 | if (aa == NULL) |
---|
69 | return -1; |
---|
70 | |
---|
71 | r = rtems_bsd_rc_conf_find(rc_conf, "ipsec_enable", aa); |
---|
72 | if (r == 0) { |
---|
73 | if (aa->argc == 2 && strcasecmp("YES", aa->argv[1]) == 0) { |
---|
74 | char* ipsec_file = NULL; |
---|
75 | |
---|
76 | if (erroroccured == 0) { |
---|
77 | r = rtems_bsd_rc_conf_find(rc_conf, "ipsec_file", aa); |
---|
78 | if (r == 0) { |
---|
79 | if (aa->argc == 2) { |
---|
80 | ipsec_file = strdup(aa->argv[1]); |
---|
81 | if (ipsec_file == NULL) { |
---|
82 | fprintf(stderr, |
---|
83 | "error: ipsec: Could not duplicate ipsec file string: %s\n", |
---|
84 | strerror(errno)); |
---|
85 | erroroccured = -1; |
---|
86 | } |
---|
87 | } else { |
---|
88 | fprintf(stderr, |
---|
89 | "error: ipsec: Syntax error in ipsec_file directive.\n"); |
---|
90 | erroroccured = -1; |
---|
91 | } |
---|
92 | } |
---|
93 | } |
---|
94 | |
---|
95 | if (erroroccured == 0) { |
---|
96 | if (ipsec_file == NULL) { |
---|
97 | fprintf(stderr, "error: ipsec: No ipsec_file given.\n"); |
---|
98 | erroroccured = -1; |
---|
99 | } |
---|
100 | } |
---|
101 | |
---|
102 | if (erroroccured == 0) { |
---|
103 | char *setkey[] = {"setkey", "-f", ipsec_file, NULL}; |
---|
104 | |
---|
105 | rtems_bsd_rc_conf_print_cmd( |
---|
106 | rc_conf, "setkey", RTEMS_BSD_ARGC(setkey), (const char**)setkey); |
---|
107 | r = rtems_bsd_command_setkey(RTEMS_BSD_ARGC(setkey), setkey); |
---|
108 | if (r != EXIT_SUCCESS) { |
---|
109 | fprintf(stderr, |
---|
110 | "error: setkey: Call to setkey failed.\n"); |
---|
111 | erroroccured = -1; |
---|
112 | } |
---|
113 | } |
---|
114 | |
---|
115 | if (ipsec_file != NULL) { |
---|
116 | free(ipsec_file); |
---|
117 | } |
---|
118 | } |
---|
119 | } |
---|
120 | |
---|
121 | rtems_bsd_rc_conf_argc_argv_destroy(aa); |
---|
122 | |
---|
123 | return erroroccured; |
---|
124 | } |
---|
125 | |
---|
126 | static int |
---|
127 | ike_service(rtems_bsd_rc_conf* rc_conf) |
---|
128 | { |
---|
129 | rtems_bsd_rc_conf_argc_argv* aa; |
---|
130 | int r; |
---|
131 | int erroroccured = 0; |
---|
132 | |
---|
133 | aa = rtems_bsd_rc_conf_argc_argv_create(); |
---|
134 | if (aa == NULL) |
---|
135 | return -1; |
---|
136 | |
---|
137 | r = rtems_bsd_rc_conf_find(rc_conf, "ike_enable", aa); |
---|
138 | if (r == 0) { |
---|
139 | if (aa->argc == 2 && strcasecmp("YES", aa->argv[1]) == 0) { |
---|
140 | const char *default_argv[] = {"racoon", NULL}; |
---|
141 | const char **argv = default_argv; |
---|
142 | rtems_task_priority prio = RTEMS_MAXIMUM_PRIORITY - 1; |
---|
143 | int argc = 1; |
---|
144 | |
---|
145 | r = rtems_bsd_rc_conf_find(rc_conf, "ike_program", aa); |
---|
146 | if (r == 0) { |
---|
147 | if (aa->argc != 2 || strcasecmp("racoon", aa->argv[1]) != 0) { |
---|
148 | fprintf(stderr, |
---|
149 | "error: ike: Only \"racoon\" is supported as ike_program\n"); |
---|
150 | erroroccured = -1; |
---|
151 | } |
---|
152 | } |
---|
153 | |
---|
154 | if (erroroccured == 0) { |
---|
155 | r = rtems_bsd_rc_conf_find(rc_conf, "ike_priority", aa); |
---|
156 | if (r == 0) { |
---|
157 | if (aa->argc == 2) { |
---|
158 | char *end; |
---|
159 | prio = strtoul(aa->argv[1], &end, 10); |
---|
160 | if (*end != '\0') { |
---|
161 | fprintf(stderr, |
---|
162 | "error: ike: syntax error in ike_priority\n"); |
---|
163 | erroroccured = -1; |
---|
164 | } |
---|
165 | } |
---|
166 | } |
---|
167 | } |
---|
168 | |
---|
169 | if (erroroccured == 0) { |
---|
170 | r = rtems_bsd_rc_conf_find(rc_conf, "ike_flags", aa); |
---|
171 | if (r == 0) { |
---|
172 | argc = aa->argc; |
---|
173 | argv = aa->argv; |
---|
174 | } |
---|
175 | } |
---|
176 | |
---|
177 | if (erroroccured == 0) { |
---|
178 | rtems_status_code sc; |
---|
179 | sc = rtems_bsd_racoon_daemon(argc, argv, prio); |
---|
180 | if (sc != RTEMS_SUCCESSFUL) { |
---|
181 | fprintf(stderr, "error: ike: Could not start racoon: %s\n", |
---|
182 | rtems_status_text(sc)); |
---|
183 | erroroccured = -1; |
---|
184 | } |
---|
185 | } |
---|
186 | } |
---|
187 | } |
---|
188 | |
---|
189 | rtems_bsd_rc_conf_argc_argv_destroy(aa); |
---|
190 | |
---|
191 | return erroroccured; |
---|
192 | } |
---|
193 | |
---|
194 | void |
---|
195 | rc_conf_ipsec_init(void* arg) |
---|
196 | { |
---|
197 | int r; |
---|
198 | r = rtems_bsd_rc_conf_service_add("ipsec", |
---|
199 | "after:network;before:telnetd;", |
---|
200 | ipsec_service); |
---|
201 | if (r < 0) |
---|
202 | fprintf(stderr, |
---|
203 | "error: ipsec service add failed: %s\n", strerror(errno)); |
---|
204 | r = rtems_bsd_rc_conf_service_add("ike", |
---|
205 | "after:ipsec;before:telnetd;", |
---|
206 | ike_service); |
---|
207 | if (r < 0) |
---|
208 | fprintf(stderr, |
---|
209 | "error: ike service add failed: %s\n", strerror(errno)); |
---|
210 | } |
---|