diff options
-rw-r--r-- | sbin/isakmpd/monitor.c | 73 | ||||
-rw-r--r-- | sbin/isakmpd/monitor.h | 5 | ||||
-rw-r--r-- | sbin/isakmpd/pf_key_v2.c | 7 | ||||
-rw-r--r-- | sbin/isakmpd/pf_key_v2.h | 4 | ||||
-rw-r--r-- | sbin/isakmpd/sysdep/openbsd/sysdep.c | 6 |
5 files changed, 87 insertions, 8 deletions
diff --git a/sbin/isakmpd/monitor.c b/sbin/isakmpd/monitor.c index 25eb1f2a059..eba00104e8c 100644 --- a/sbin/isakmpd/monitor.c +++ b/sbin/isakmpd/monitor.c @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor.c,v 1.26 2004/06/25 00:58:39 hshoexer Exp $ */ +/* $OpenBSD: monitor.c,v 1.27 2004/06/26 06:07:03 hshoexer Exp $ */ /* * Copyright (c) 2003 Håkan Olsson. All rights reserved. @@ -52,6 +52,7 @@ #include "policy.h" #include "ui.h" #include "util.h" +#include "pf_key_v2.h" struct monitor_state { pid_t pid; @@ -81,6 +82,7 @@ static void m_priv_increase_state(int); static void m_priv_test_state(int); static void m_priv_ui_init(int); +static void m_priv_pfkey_open(int); /* * Public functions, unprivileged. @@ -182,6 +184,37 @@ errout: } int +monitor_pf_key_v2_open(void) +{ + int32_t err; + + if (m_write_int32(m_state.s, MONITOR_PFKEY_OPEN)) + goto errout; + + if (m_read_int32(m_state.s, &err)) + goto errout; + + if (err < 0) { + log_error("monitor_pf_key_v2_open: parent could not create " + "PF_KEY socket"); + return -1; + } + + pf_key_v2_socket = mm_receive_fd(m_state.s); + if (pf_key_v2_socket < 0) { + log_error("monitor_pf_key_v2_open: mm_receive_fd() failed: %s", + strerror(errno)); + return -1; + } + return pf_key_v2_socket; + +errout: + log_error("monitor_pf_key_v2_open: problem talking to privileged " + "process"); + return -1; +} + +int monitor_open(const char *path, int flags, mode_t mode) { int fd, mode32 = (int32_t) mode; @@ -604,6 +637,14 @@ monitor_loop(int debug) m_priv_ui_init(m_state.s); break; + case MONITOR_PFKEY_OPEN: + LOG_DBG((LOG_MISC, 80, + "%s: MONITOR_PFKEY_OPEN", + __func__)); + m_priv_test_state(STATE_INIT); + m_priv_pfkey_open(m_state.s); + break; + case MONITOR_GET_SOCKET: LOG_DBG((LOG_MISC, 80, "%s: MONITOR_GET_SOCKET", @@ -691,6 +732,36 @@ errout: /* Privileged: called by monitor_loop. */ static void +m_priv_pfkey_open(int s) +{ + int fd; + int32_t err; + + fd = pf_key_v2_open(); + + if (fd < 0) + err = -1; + else + err = 0; + + if (m_write_int32(s, err)) + goto errout; + + if (fd > 0 && mm_send_fd(s, fd)) { + close(fd); + goto errout; + } + close(fd); + + return; + +errout: + log_error("m_priv_pfkey_open: read/write operation failed"); + return; +} + +/* Privileged: called by monitor_loop. */ +static void m_priv_getfd(int s) { char path[MAXPATHLEN]; diff --git a/sbin/isakmpd/monitor.h b/sbin/isakmpd/monitor.h index fb7332f9420..caea4ff052f 100644 --- a/sbin/isakmpd/monitor.h +++ b/sbin/isakmpd/monitor.h @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor.h,v 1.10 2004/06/25 00:58:39 hshoexer Exp $ */ +/* $OpenBSD: monitor.h,v 1.11 2004/06/26 06:07:03 hshoexer Exp $ */ /* * Copyright (c) 2003 Håkan Olsson. All rights reserved. @@ -40,6 +40,7 @@ enum monitor_reqtypes { MONITOR_UI_INIT, + MONITOR_PFKEY_OPEN, MONITOR_GET_FD, MONITOR_GET_SOCKET, MONITOR_SETSOCKOPT, @@ -79,6 +80,7 @@ int monitor_closedir(struct monitor_dirents *); void monitor_init_done(void); void monitor_ui_init(void); +int monitor_pf_key_v2_open(void); void monitor_exit(int); #else /* !USE_PRIVSEP */ @@ -96,6 +98,7 @@ void monitor_exit(int); #define monitor_ui_init ui_init #define monitor_exit exit +#define monitor_pf_key_v2_open pf_key_v2_open #endif /* USE_PRIVSEP */ #endif /* _MONITOR_H_ */ diff --git a/sbin/isakmpd/pf_key_v2.c b/sbin/isakmpd/pf_key_v2.c index 4afc3eda669..eca2c2e3017 100644 --- a/sbin/isakmpd/pf_key_v2.c +++ b/sbin/isakmpd/pf_key_v2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf_key_v2.c,v 1.145 2004/06/23 23:36:01 ho Exp $ */ +/* $OpenBSD: pf_key_v2.c,v 1.146 2004/06/26 06:07:03 hshoexer Exp $ */ /* $EOM: pf_key_v2.c,v 1.79 2000/12/12 00:33:19 niklas Exp $ */ /* @@ -63,7 +63,6 @@ #include "ipsec_num.h" #include "key.h" #include "log.h" -#include "monitor.h" #include "pf_key_v2.h" #include "sa.h" #include "timer.h" @@ -149,7 +148,7 @@ static int pf_key_v2_conf_refinc(int, char *); #endif /* The socket to use for PF_KEY interactions. */ -static int pf_key_v2_socket; +int pf_key_v2_socket; #ifdef KAME static int @@ -519,7 +518,7 @@ pf_key_v2_open(void) /* Open the socket we use to speak to IPsec. */ pf_key_v2_socket = -1; - fd = monitor_socket(PF_KEY, SOCK_RAW, PF_KEY_V2); + fd = socket(PF_KEY, SOCK_RAW, PF_KEY_V2); if (fd == -1) { log_error("pf_key_v2_open: " "socket (PF_KEY, SOCK_RAW, PF_KEY_V2) failed"); diff --git a/sbin/isakmpd/pf_key_v2.h b/sbin/isakmpd/pf_key_v2.h index f6f3711f100..374c07f3d56 100644 --- a/sbin/isakmpd/pf_key_v2.h +++ b/sbin/isakmpd/pf_key_v2.h @@ -1,4 +1,4 @@ -/* $OpenBSD: pf_key_v2.h,v 1.10 2004/05/23 18:17:56 hshoexer Exp $ */ +/* $OpenBSD: pf_key_v2.h,v 1.11 2004/06/26 06:07:03 hshoexer Exp $ */ /* $EOM: pf_key_v2.h,v 1.4 2000/12/04 04:46:35 angelos Exp $ */ /* @@ -39,6 +39,8 @@ struct proto; struct sa; struct sockaddr; +extern int pf_key_v2_socket; + extern void pf_key_v2_connection_check(char *); extern int pf_key_v2_delete_spi(struct sa *, struct proto *, int); extern int pf_key_v2_enable_sa(struct sa *, struct sa *); diff --git a/sbin/isakmpd/sysdep/openbsd/sysdep.c b/sbin/isakmpd/sysdep/openbsd/sysdep.c index f51393a2e34..fc4b14d8af2 100644 --- a/sbin/isakmpd/sysdep/openbsd/sysdep.c +++ b/sbin/isakmpd/sysdep/openbsd/sysdep.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sysdep.c,v 1.26 2004/04/15 18:39:30 deraadt Exp $ */ +/* $OpenBSD: sysdep.c,v 1.27 2004/06/26 06:07:03 hshoexer Exp $ */ /* $EOM: sysdep.c,v 1.9 2000/12/04 04:46:35 angelos Exp $ */ /* @@ -93,7 +93,11 @@ sysdep_sa_len(struct sockaddr *sa) int sysdep_app_open() { +#ifdef USE_PRIVSEP + return monitor_pf_key_v2_open(); +#else return KEY_API(open)(); +#endif } /* |