diff options
Diffstat (limited to 'sbin/ipsecctl/ike.c')
-rw-r--r-- | sbin/ipsecctl/ike.c | 30 |
1 files changed, 21 insertions, 9 deletions
diff --git a/sbin/ipsecctl/ike.c b/sbin/ipsecctl/ike.c index abef651287d..44a3e7934b6 100644 --- a/sbin/ipsecctl/ike.c +++ b/sbin/ipsecctl/ike.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ike.c,v 1.11 2005/12/12 09:44:06 hshoexer Exp $ */ +/* $OpenBSD: ike.c,v 1.12 2005/12/28 10:53:12 hshoexer Exp $ */ /* * Copyright (c) 2005 Hans-Joerg Hoexer <hshoexer@openbsd.org> * @@ -17,6 +17,7 @@ #include <sys/types.h> #include <sys/socket.h> +#include <sys/stat.h> #include <sys/queue.h> #include <netinet/in.h> #include <arpa/inet.h> @@ -54,6 +55,8 @@ int ike_ipsec_establish(int, struct ipsec_rule *); #define ADD "C add " #define DELETE "C rms " +#define ISAKMPD_FIFO "/var/run/isakmpd.fifo" + static void ike_section_peer(struct ipsec_addr_wrap *peer, FILE *fd) { @@ -348,6 +351,7 @@ ike_delete_config(struct ipsec_rule *r, FILE *fd) return (0); } +/* ARGSUSED1 */ int ike_print_config(struct ipsec_rule *r, int opts) { @@ -357,23 +361,31 @@ ike_print_config(struct ipsec_rule *r, int opts) int ike_ipsec_establish(int action, struct ipsec_rule *r) { - FILE *fd; - int ret = 0; - - if ((fd = fopen("/var/run/isakmpd.fifo", "w")) == NULL) - err(1, "ike_ipsec_establish: fopen"); + struct stat sb; + FILE *fdp; + int fd, ret = 0; + + if ((fd = open(ISAKMPD_FIFO, O_WRONLY)) == -1) + err(1, "ike_ipsec_establish: open(%s)", ISAKMPD_FIFO); + if (fstat(fd, &sb) == -1) + err(1, "ike_ipsec_establish: fstat(%s)", ISAKMPD_FIFO); + if (!S_ISFIFO(sb.st_mode)) + errx(1, "ike_ipsec_establish: %s not a fifo", ISAKMPD_FIFO); + if ((fdp = fdopen(fd, "w")) == NULL) + err(1, "ike_ipsec_establish: fdopen(%s)", ISAKMPD_FIFO); + close(fd); switch (action) { case ACTION_ADD: - ret = ike_gen_config(r, fd); + ret = ike_gen_config(r, fdp); break; case ACTION_DELETE: - ret = ike_delete_config(r, fd); + ret = ike_delete_config(r, fdp); break; default: ret = -1; } - fclose(fd); + fclose(fdp); return (ret); } |