summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--sbin/isakmpd/monitor.c73
-rw-r--r--sbin/isakmpd/monitor.h5
-rw-r--r--sbin/isakmpd/pf_key_v2.c7
-rw-r--r--sbin/isakmpd/pf_key_v2.h4
-rw-r--r--sbin/isakmpd/sysdep/openbsd/sysdep.c6
5 files changed, 87 insertions, 8 deletions
diff --git a/sbin/isakmpd/monitor.c b/sbin/isakmpd/monitor.c
index 25eb1f2a059..eba00104e8c 100644
--- a/sbin/isakmpd/monitor.c
+++ b/sbin/isakmpd/monitor.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: monitor.c,v 1.26 2004/06/25 00:58:39 hshoexer Exp $ */
+/* $OpenBSD: monitor.c,v 1.27 2004/06/26 06:07:03 hshoexer Exp $ */
/*
* Copyright (c) 2003 Håkan Olsson. All rights reserved.
@@ -52,6 +52,7 @@
#include "policy.h"
#include "ui.h"
#include "util.h"
+#include "pf_key_v2.h"
struct monitor_state {
pid_t pid;
@@ -81,6 +82,7 @@ static void m_priv_increase_state(int);
static void m_priv_test_state(int);
static void m_priv_ui_init(int);
+static void m_priv_pfkey_open(int);
/*
* Public functions, unprivileged.
@@ -182,6 +184,37 @@ errout:
}
int
+monitor_pf_key_v2_open(void)
+{
+ int32_t err;
+
+ if (m_write_int32(m_state.s, MONITOR_PFKEY_OPEN))
+ goto errout;
+
+ if (m_read_int32(m_state.s, &err))
+ goto errout;
+
+ if (err < 0) {
+ log_error("monitor_pf_key_v2_open: parent could not create "
+ "PF_KEY socket");
+ return -1;
+ }
+
+ pf_key_v2_socket = mm_receive_fd(m_state.s);
+ if (pf_key_v2_socket < 0) {
+ log_error("monitor_pf_key_v2_open: mm_receive_fd() failed: %s",
+ strerror(errno));
+ return -1;
+ }
+ return pf_key_v2_socket;
+
+errout:
+ log_error("monitor_pf_key_v2_open: problem talking to privileged "
+ "process");
+ return -1;
+}
+
+int
monitor_open(const char *path, int flags, mode_t mode)
{
int fd, mode32 = (int32_t) mode;
@@ -604,6 +637,14 @@ monitor_loop(int debug)
m_priv_ui_init(m_state.s);
break;
+ case MONITOR_PFKEY_OPEN:
+ LOG_DBG((LOG_MISC, 80,
+ "%s: MONITOR_PFKEY_OPEN",
+ __func__));
+ m_priv_test_state(STATE_INIT);
+ m_priv_pfkey_open(m_state.s);
+ break;
+
case MONITOR_GET_SOCKET:
LOG_DBG((LOG_MISC, 80,
"%s: MONITOR_GET_SOCKET",
@@ -691,6 +732,36 @@ errout:
/* Privileged: called by monitor_loop. */
static void
+m_priv_pfkey_open(int s)
+{
+ int fd;
+ int32_t err;
+
+ fd = pf_key_v2_open();
+
+ if (fd < 0)
+ err = -1;
+ else
+ err = 0;
+
+ if (m_write_int32(s, err))
+ goto errout;
+
+ if (fd > 0 && mm_send_fd(s, fd)) {
+ close(fd);
+ goto errout;
+ }
+ close(fd);
+
+ return;
+
+errout:
+ log_error("m_priv_pfkey_open: read/write operation failed");
+ return;
+}
+
+/* Privileged: called by monitor_loop. */
+static void
m_priv_getfd(int s)
{
char path[MAXPATHLEN];
diff --git a/sbin/isakmpd/monitor.h b/sbin/isakmpd/monitor.h
index fb7332f9420..caea4ff052f 100644
--- a/sbin/isakmpd/monitor.h
+++ b/sbin/isakmpd/monitor.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: monitor.h,v 1.10 2004/06/25 00:58:39 hshoexer Exp $ */
+/* $OpenBSD: monitor.h,v 1.11 2004/06/26 06:07:03 hshoexer Exp $ */
/*
* Copyright (c) 2003 Håkan Olsson. All rights reserved.
@@ -40,6 +40,7 @@
enum monitor_reqtypes {
MONITOR_UI_INIT,
+ MONITOR_PFKEY_OPEN,
MONITOR_GET_FD,
MONITOR_GET_SOCKET,
MONITOR_SETSOCKOPT,
@@ -79,6 +80,7 @@ int monitor_closedir(struct monitor_dirents *);
void monitor_init_done(void);
void monitor_ui_init(void);
+int monitor_pf_key_v2_open(void);
void monitor_exit(int);
#else /* !USE_PRIVSEP */
@@ -96,6 +98,7 @@ void monitor_exit(int);
#define monitor_ui_init ui_init
#define monitor_exit exit
+#define monitor_pf_key_v2_open pf_key_v2_open
#endif /* USE_PRIVSEP */
#endif /* _MONITOR_H_ */
diff --git a/sbin/isakmpd/pf_key_v2.c b/sbin/isakmpd/pf_key_v2.c
index 4afc3eda669..eca2c2e3017 100644
--- a/sbin/isakmpd/pf_key_v2.c
+++ b/sbin/isakmpd/pf_key_v2.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pf_key_v2.c,v 1.145 2004/06/23 23:36:01 ho Exp $ */
+/* $OpenBSD: pf_key_v2.c,v 1.146 2004/06/26 06:07:03 hshoexer Exp $ */
/* $EOM: pf_key_v2.c,v 1.79 2000/12/12 00:33:19 niklas Exp $ */
/*
@@ -63,7 +63,6 @@
#include "ipsec_num.h"
#include "key.h"
#include "log.h"
-#include "monitor.h"
#include "pf_key_v2.h"
#include "sa.h"
#include "timer.h"
@@ -149,7 +148,7 @@ static int pf_key_v2_conf_refinc(int, char *);
#endif
/* The socket to use for PF_KEY interactions. */
-static int pf_key_v2_socket;
+int pf_key_v2_socket;
#ifdef KAME
static int
@@ -519,7 +518,7 @@ pf_key_v2_open(void)
/* Open the socket we use to speak to IPsec. */
pf_key_v2_socket = -1;
- fd = monitor_socket(PF_KEY, SOCK_RAW, PF_KEY_V2);
+ fd = socket(PF_KEY, SOCK_RAW, PF_KEY_V2);
if (fd == -1) {
log_error("pf_key_v2_open: "
"socket (PF_KEY, SOCK_RAW, PF_KEY_V2) failed");
diff --git a/sbin/isakmpd/pf_key_v2.h b/sbin/isakmpd/pf_key_v2.h
index f6f3711f100..374c07f3d56 100644
--- a/sbin/isakmpd/pf_key_v2.h
+++ b/sbin/isakmpd/pf_key_v2.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: pf_key_v2.h,v 1.10 2004/05/23 18:17:56 hshoexer Exp $ */
+/* $OpenBSD: pf_key_v2.h,v 1.11 2004/06/26 06:07:03 hshoexer Exp $ */
/* $EOM: pf_key_v2.h,v 1.4 2000/12/04 04:46:35 angelos Exp $ */
/*
@@ -39,6 +39,8 @@ struct proto;
struct sa;
struct sockaddr;
+extern int pf_key_v2_socket;
+
extern void pf_key_v2_connection_check(char *);
extern int pf_key_v2_delete_spi(struct sa *, struct proto *, int);
extern int pf_key_v2_enable_sa(struct sa *, struct sa *);
diff --git a/sbin/isakmpd/sysdep/openbsd/sysdep.c b/sbin/isakmpd/sysdep/openbsd/sysdep.c
index f51393a2e34..fc4b14d8af2 100644
--- a/sbin/isakmpd/sysdep/openbsd/sysdep.c
+++ b/sbin/isakmpd/sysdep/openbsd/sysdep.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sysdep.c,v 1.26 2004/04/15 18:39:30 deraadt Exp $ */
+/* $OpenBSD: sysdep.c,v 1.27 2004/06/26 06:07:03 hshoexer Exp $ */
/* $EOM: sysdep.c,v 1.9 2000/12/04 04:46:35 angelos Exp $ */
/*
@@ -93,7 +93,11 @@ sysdep_sa_len(struct sockaddr *sa)
int
sysdep_app_open()
{
+#ifdef USE_PRIVSEP
+ return monitor_pf_key_v2_open();
+#else
return KEY_API(open)();
+#endif
}
/*