source: rtems-libbsd/rtemsbsd/rtems/rtems-bsd-rc-conf-ipsec.c @ c7eec93

55-freebsd-126-freebsd-12
Last change on this file since c7eec93 was 1b467ad, checked in by Christian Mauderer <christian.mauderer@…>, on 07/30/18 at 15:02:59

Add ipsec to rc.conf.
  • Property mode set to 100644
File size: 6.1 KB
Line 
1/*
2 * Copyright (c) 2018 embedded brains GmbH.  All rights reserved.
3 *
4 *  embedded brains GmbH
5 *  Dornierstr. 4
6 *  82178 Puchheim
7 *  Germany
8 *  <rtems@embedded-brains.de>
9 *
10 * Redistribution and use in source and binary forms, with or without
11 * modification, are permitted provided that the following conditions
12 * are met:
13 * 1. Redistributions of source code must retain the above copyright
14 *    notice, this list of conditions and the following disclaimer.
15 * 2. Redistributions in binary form must reproduce the above copyright
16 *    notice, this list of conditions and the following disclaimer in the
17 *    documentation and/or other materials provided with the distribution.
18 *
19 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
20 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
23 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
24 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
25 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
26 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
27 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
28 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29 * SUCH DAMAGE.
30 */
31
32/*
33 * Handle the IPSec and ike related directives found in rc.conf.
34 * - ipsec_enable
35 * - ipsec_file
36 * - ike_enable
37 * - ike_program
38 * - ike_flags
39 * - ike_priority
40 *
41 * Notes:
42 * - `ike_...` seems not to be included in the rc.conf man page. But the
43 *   parameters are there in the default rc.conf file. So handle them.
44 * - For ike_program, "racoon" is the only supported one (without any path).
45 */
46
47#include <rtems.h>
48#include <rtems/ipsec.h>
49
50#include <errno.h>
51#include <stdint.h>
52#include <stdio.h>
53#include <stdlib.h>
54#include <string.h>
55#include <strings.h>
56
57#include <machine/rtems-bsd-commands.h>
58#include <machine/rtems-bsd-rc-conf-services.h>
59
60static int
61ipsec_service(rtems_bsd_rc_conf* rc_conf)
62{
63  rtems_bsd_rc_conf_argc_argv* aa;
64  int r;
65  int erroroccured = 0;
66
67  aa = rtems_bsd_rc_conf_argc_argv_create();
68  if (aa == NULL)
69    return -1;
70
71  r = rtems_bsd_rc_conf_find(rc_conf, "ipsec_enable", aa);
72  if (r == 0) {
73    if (aa->argc == 2 && strcasecmp("YES", aa->argv[1]) == 0) {
74      char* ipsec_file = NULL;
75
76      if (erroroccured == 0) {
77        r = rtems_bsd_rc_conf_find(rc_conf, "ipsec_file", aa);
78        if (r == 0) {
79          if (aa->argc == 2) {
80            ipsec_file = strdup(aa->argv[1]);
81            if (ipsec_file == NULL) {
82              fprintf(stderr,
83                  "error: ipsec: Could not duplicate ipsec file string: %s\n",
84                  strerror(errno));
85              erroroccured = -1;
86            }
87          } else {
88            fprintf(stderr,
89                "error: ipsec: Syntax error in ipsec_file directive.\n");
90              erroroccured = -1;
91          }
92        }
93      }
94
95      if (erroroccured == 0) {
96        if (ipsec_file == NULL) {
97          fprintf(stderr, "error: ipsec: No ipsec_file given.\n");
98          erroroccured = -1;
99        }
100      }
101
102      if (erroroccured == 0) {
103        char *setkey[] = {"setkey", "-f", ipsec_file, NULL};
104
105        rtems_bsd_rc_conf_print_cmd(
106            rc_conf, "setkey", RTEMS_BSD_ARGC(setkey), (const char**)setkey);
107        r = rtems_bsd_command_setkey(RTEMS_BSD_ARGC(setkey), setkey);
108        if (r != EXIT_SUCCESS) {
109          fprintf(stderr,
110              "error: setkey: Call to setkey failed.\n");
111          erroroccured = -1;
112        }
113      }
114
115      if (ipsec_file != NULL) {
116        free(ipsec_file);
117      }
118    }
119  }
120
121  rtems_bsd_rc_conf_argc_argv_destroy(aa);
122
123  return erroroccured;
124}
125
126static int
127ike_service(rtems_bsd_rc_conf* rc_conf)
128{
129  rtems_bsd_rc_conf_argc_argv* aa;
130  int r;
131  int erroroccured = 0;
132
133  aa = rtems_bsd_rc_conf_argc_argv_create();
134  if (aa == NULL)
135    return -1;
136
137  r = rtems_bsd_rc_conf_find(rc_conf, "ike_enable", aa);
138  if (r == 0) {
139    if (aa->argc == 2 && strcasecmp("YES", aa->argv[1]) == 0) {
140      const char *default_argv[] = {"racoon", NULL};
141      const char **argv = default_argv;
142      rtems_task_priority prio = RTEMS_MAXIMUM_PRIORITY - 1;
143      int argc = 1;
144
145      r = rtems_bsd_rc_conf_find(rc_conf, "ike_program", aa);
146      if (r == 0) {
147        if (aa->argc != 2 || strcasecmp("racoon", aa->argv[1]) != 0) {
148          fprintf(stderr,
149              "error: ike: Only \"racoon\" is supported as ike_program\n");
150          erroroccured = -1;
151        }
152      }
153
154      if (erroroccured == 0) {
155        r = rtems_bsd_rc_conf_find(rc_conf, "ike_priority", aa);
156        if (r == 0) {
157          if (aa->argc == 2) {
158            char *end;
159            prio = strtoul(aa->argv[1], &end, 10);
160            if (*end != '\0') {
161              fprintf(stderr,
162                  "error: ike: syntax error in ike_priority\n");
163              erroroccured = -1;
164            }
165          }
166        }
167      }
168
169      if (erroroccured == 0) {
170        r = rtems_bsd_rc_conf_find(rc_conf, "ike_flags", aa);
171        if (r == 0) {
172          argc = aa->argc;
173          argv = aa->argv;
174        }
175      }
176
177      if (erroroccured == 0) {
178        rtems_status_code sc;
179        sc = rtems_bsd_racoon_daemon(argc, argv, prio);
180        if (sc != RTEMS_SUCCESSFUL) {
181          fprintf(stderr, "error: ike: Could not start racoon: %s\n",
182              rtems_status_text(sc));
183          erroroccured = -1;
184        }
185      }
186    }
187  }
188
189  rtems_bsd_rc_conf_argc_argv_destroy(aa);
190
191  return erroroccured;
192}
193
194void
195rc_conf_ipsec_init(void* arg)
196{
197  int r;
198  r = rtems_bsd_rc_conf_service_add("ipsec",
199                                    "after:network;before:telnetd;",
200                                    ipsec_service);
201  if (r < 0)
202    fprintf(stderr,
203            "error: ipsec service add failed: %s\n", strerror(errno));
204  r = rtems_bsd_rc_conf_service_add("ike",
205                                    "after:ipsec;before:telnetd;",
206                                    ike_service);
207  if (r < 0)
208    fprintf(stderr,
209            "error: ike service add failed: %s\n", strerror(errno));
210}
Note: See TracBrowser for help on using the repository browser.