1 files changed, 349 insertions, 0 deletions
diff --git a/ipsec-tools/src/racoon/main.c b/ipsec-tools/src/racoon/main.c
new file mode 100644
index 00000000..8936204e
--- /dev/null
+++ b/ipsec-tools/src/racoon/main.c
@@ -0,0 +1,349 @@
+/*	$NetBSD: main.c,v 1.12.6.1 2013/07/12 13:12:24 tteras Exp $	*/
+
+/* Id: main.c,v 1.25 2006/06/20 20:31:34 manubsd Exp */
+
+/*
+ * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the project nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "config.h"
+
+#include <sys/types.h>
+#include <sys/param.h>
+#include <sys/socket.h>
+#include <sys/stat.h>
+
+#include <netinet/in.h>
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+#include <errno.h>
+#include <limits.h>
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+#include <paths.h>
+#include <err.h>
+
+/*
+ * If we're using a debugging malloc library, this may define our
+ * wrapper stubs.
+ */
+#define	RACOON_MAIN_PROGRAM
+#include "gcmalloc.h"
+
+#include "var.h"
+#include "misc.h"
+#include "vmbuf.h"
+#include "plog.h"
+#include "debug.h"
+
+#include "cfparse_proto.h"
+#include "isakmp_var.h"
+#include "remoteconf.h"
+#include "localconf.h"
+#include "session.h"
+#include "oakley.h"
+#include "pfkey.h"
+#include "policy.h"
+#include "crypto_openssl.h"
+#include "backupsa.h"
+#include "vendorid.h"
+
+#include "package_version.h"
+
+int dump_config = 0;	/* dump parsed config file. */
+int f_local = 0;	/* local test mode.  behave like a wall. */
+int vflag = 1;		/* for print-isakmp.c */
+static int loading_sa = 0;	/* install sa when racoon boots up. */
+
+#ifdef TOP_PACKAGE
+static char version[] = "@(#)" TOP_PACKAGE_STRING " (" TOP_PACKAGE_URL ")";
+#else /* TOP_PACKAGE */
+static char version[] = "@(#) racoon / IPsec-tools";
+#endif /* TOP_PACKAGE */
+
+static void
+print_version()
+{
+	printf("%s\n"
+	       "\n"
+	       "Compiled with:\n"
+	       "- %s (http://www.openssl.org/)\n"
+#ifdef INET6
+	       "- IPv6 support\n"
+#endif
+#ifdef ENABLE_DPD
+	       "- Dead Peer Detection\n"
+#endif
+#ifdef ENABLE_FRAG
+	       "- IKE fragmentation\n"
+#endif
+#ifdef ENABLE_HYBRID
+	       "- Hybrid authentication\n"
+#endif
+#ifdef ENABLE_GSSAPI
+	       "- GSS-API authentication\n"
+#endif
+#ifdef ENABLE_NATT
+	       "- NAT Traversal\n"
+#endif
+#ifdef ENABLE_STATS
+	       "- Timing statistics\n"
+#endif
+#ifdef ENABLE_ADMINPORT
+	       "- Admin port\n"
+#endif
+#ifdef HAVE_CLOCK_MONOTONIC
+	       "- Monotonic clock\n"
+#endif
+#ifdef HAVE_SECCTX
+	       "- Security context\n"
+#endif
+	       "\n",
+	       version,
+	       eay_version());
+	exit(0);
+}
+
+static void
+usage()
+{
+	printf("usage: racoon [-BdFv"
+#ifdef INET6
+		"46"
+#endif
+		"] [-f (file)] [-l (file)] [-p (port)] [-P (natt port)]\n"
+		"   -B: install SA to the kernel from the file "
+		"specified by the configuration file.\n"
+		"   -d: debug level, more -d will generate more debug message.\n"
+		"   -C: dump parsed config file.\n"
+		"   -L: include location in debug messages\n"
+		"   -F: run in foreground, do not become daemon.\n"
+		"   -v: be more verbose\n"
+		"   -V: print version and exit\n"
+#ifdef INET6
+		"   -4: IPv4 mode.\n"
+		"   -6: IPv6 mode.\n"
+#endif
+		"   -f: pathname for configuration file.\n"
+		"   -l: pathname for log file.\n"
+		"   -p: port number for isakmp (default: %d).\n"
+		"   -P: port number for NAT-T (default: %d).\n"
+		"\n",
+		PORT_ISAKMP, PORT_ISAKMP_NATT);
+	exit(1);
+}
+
+static void
+parse(ac, av)
+	int ac;
+	char **av;
+{
+	extern char *optarg;
+	extern int optind;
+	int c;
+#ifdef YYDEBUG
+	extern int yydebug;
+#endif
+
+	pname = strrchr(*av, '/');
+	if (pname)
+		pname++;
+	else
+		pname = *av;
+
+	while ((c = getopt(ac, av, "dLFp:P:f:l:vVZBC"
+#ifdef YYDEBUG
+			"y"
+#endif
+#ifdef INET6
+			"46"
+#endif
+			)) != -1) {
+		switch (c) {
+		case 'd':
+			loglevel++;
+			break;
+		case 'L':
+			print_location = 1;
+			break;
+		case 'F':
+			printf("Foreground mode.\n");
+			f_foreground = 1;
+			break;
+		case 'p':
+			lcconf->port_isakmp = atoi(optarg);
+			break;
+		case 'P':
+			lcconf->port_isakmp_natt = atoi(optarg);
+			break;
+		case 'f':
+			lcconf->racoon_conf = optarg;
+			break;
+		case 'l':
+			plogset(optarg);
+			break;
+		case 'v':
+			vflag++;
+			break;
+		case 'V':
+			print_version();
+			break;
+		case 'Z':
+			/*
+			 * only local test.
+			 * To specify -Z option and to choice a appropriate
+			 * port number for ISAKMP, you can launch some racoons
+			 * on the local host for debug.
+			 * pk_sendadd() on initiator side is always failed
+			 * even if this flag is used.  Because there is same
+			 * spi in the SAD which is inserted by pk_sendgetspi()
+			 * on responder side.
+			 */
+			printf("Local test mode.\n");
+			f_local = 1;
+			break;
+#ifdef YYDEBUG
+		case 'y':
+			yydebug = 1;
+			break;
+#endif
+#ifdef INET6
+		case '4':
+			lcconf->default_af = AF_INET;
+			break;
+		case '6':
+			lcconf->default_af = AF_INET6;
+			break;
+#endif
+		case 'B':
+			loading_sa++;
+			break;
+		case 'C':
+			dump_config++;
+			break;
+		default:
+			usage();
+			/* NOTREACHED */
+		}
+	}
+	ac -= optind;
+	av += optind;
+
+	if (ac != 0) {
+		usage();
+		/* NOTREACHED */
+	}
+}
+
+int
+main(ac, av)
+	int ac;
+	char **av;
+{
+	int error;
+
+	initlcconf();
+	parse(ac, av);
+
+	if (geteuid() != 0) {
+		errx(1, "must be root to invoke this program.");
+		/* NOTREACHED*/
+	}
+
+	/*
+	 * Don't let anyone read files I write.  Although some files (such as
+	 * the PID file) can be other readable, we dare to use the global mask,
+	 * because racoon uses fopen(3), which can't specify the permission
+	 * at the creation time.
+	 */
+	umask(077);
+	if (umask(077) != 077) {
+		errx(1, "could not set umask");
+		/* NOTREACHED*/
+	}
+
+	ploginit();
+
+#ifdef DEBUG_RECORD_MALLOCATION
+	DRM_init();
+#endif
+
+#ifdef HAVE_SECCTX
+	init_avc();
+#endif
+	eay_init();
+	initrmconf();
+	oakley_dhinit();
+	compute_vendorids();
+
+	plog(LLV_INFO, LOCATION, NULL, "%s\n", version);
+	plog(LLV_INFO, LOCATION, NULL, "@(#)"
+	    "This product linked %s (http://www.openssl.org/)"
+	    "\n", eay_version());
+	plog(LLV_INFO, LOCATION, NULL, "Reading configuration from \"%s\"\n", 
+	    lcconf->racoon_conf);
+
+	/*
+	 * install SAs from the specified file.  If the file is not specified
+	 * by the configuration file, racoon will exit.
+	 */
+	if (loading_sa && !f_local) {
+		if (backupsa_from_file() != 0)
+			errx(1, "something error happened "
+				"SA recovering.");
+	}
+
+	if (f_foreground)
+		close(0);
+	else {
+		if (daemon(0, 0) < 0) {
+			errx(1, "failed to be daemon. (%s)",
+				strerror(errno));
+		}
+#ifndef __linux__
+		/*
+		 * In case somebody has started inetd manually, we need to
+		 * clear the logname, so that old servers run as root do not
+		 * get the user's logname..
+		 */
+		if (setlogin("") < 0) {
+			plog(LLV_ERROR, LOCATION, NULL,
+				"cannot clear logname: %s\n", strerror(errno));
+			/* no big deal if it fails.. */
+		}
+#endif
+	}
+
+	session();
+
+	return 0;
+}
+