1 /* 2 * Copyright (C) 2011 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 #include <stdio.h> 18 #include <stdlib.h> 19 #include <stdarg.h> 20 #include <signal.h> 21 #include <poll.h> 22 #include <unistd.h> 23 24 #include "config.h" 25 #include "gcmalloc.h" 26 #include "schedule.h" 27 #include "plog.h" 28 29 #ifdef ANDROID_CHANGES 30 31 #include <openssl/engine.h> 32 33 #include <string.h> 34 #include <sys/types.h> 35 #include <sys/socket.h> 36 #include <sys/ioctl.h> 37 #include <sys/stat.h> 38 #include <fcntl.h> 39 #include <errno.h> 40 #include <linux/if.h> 41 #include <linux/if_tun.h> 42 43 #include <android/log.h> 44 #include <cutils/sockets.h> 45 #include <private/android_filesystem_config.h> 46 47 static void notify_death() 48 { 49 creat("/data/misc/vpn/abort", 0); 50 } 51 52 static int android_get_control_and_arguments(int *argc, char ***argv) 53 { 54 static char *args[32]; 55 int control; 56 int i; 57 58 atexit(notify_death); 59 60 if ((i = android_get_control_socket("racoon")) == -1) { 61 return -1; 62 } 63 do_plog(LLV_DEBUG, "Waiting for control socket"); 64 if (listen(i, 1) == -1 || (control = accept(i, NULL, 0)) == -1) { 65 do_plog(LLV_ERROR, "Cannot get control socket"); 66 exit(1); 67 } 68 close(i); 69 fcntl(control, F_SETFD, FD_CLOEXEC); 70 71 args[0] = (*argv)[0]; 72 for (i = 1; i < 32; ++i) { 73 unsigned char bytes[2]; 74 if (recv(control, &bytes[0], 1, 0) != 1 || 75 recv(control, &bytes[1], 1, 0) != 1) { 76 do_plog(LLV_ERROR, "Cannot get argument length"); 77 exit(1); 78 } else { 79 int length = bytes[0] << 8 | bytes[1]; 80 int offset = 0; 81 82 if (length == 0xFFFF) { 83 break; 84 } 85 args[i] = malloc(length + 1); 86 while (offset < length) { 87 int n = recv(control, &args[i][offset], length - offset, 0); 88 if (n > 0) { 89 offset += n; 90 } else { 91 do_plog(LLV_ERROR, "Cannot get argument value"); 92 exit(1); 93 } 94 } 95 args[i][length] = 0; 96 } 97 } 98 do_plog(LLV_DEBUG, "Received %d arguments", i - 1); 99 100 *argc = i; 101 *argv = args; 102 return control; 103 } 104 105 const char *android_hook(char **envp) 106 { 107 struct ifreq ifr = {.ifr_flags = IFF_TUN}; 108 int tun = open("/dev/tun", 0); 109 110 /* Android does not support INTERNAL_WINS4_LIST, so we just use it. */ 111 while (*envp && strncmp(*envp, "INTERNAL_WINS4_LIST=", 20)) { 112 ++envp; 113 } 114 if (!*envp) { 115 do_plog(LLV_ERROR, "Cannot find environment variable\n"); 116 exit(1); 117 } 118 if (ioctl(tun, TUNSETIFF, &ifr)) { 119 do_plog(LLV_ERROR, "Cannot allocate TUN: %s\n", strerror(errno)); 120 exit(1); 121 } 122 sprintf(*envp, "INTERFACE=%s", ifr.ifr_name); 123 return "/etc/ppp/ip-up-vpn"; 124 } 125 126 #endif 127 128 extern void setup(int argc, char **argv); 129 130 static int monitors; 131 static void (*callbacks[10])(int fd); 132 static struct pollfd pollfds[10]; 133 134 char *pname; 135 136 static void terminate(int signal) 137 { 138 exit(1); 139 } 140 141 static void terminated() 142 { 143 do_plog(LLV_INFO, "Bye\n"); 144 } 145 146 void monitor_fd(int fd, void (*callback)(int)) 147 { 148 if (fd < 0 || monitors == 10) { 149 do_plog(LLV_ERROR, "Cannot monitor fd"); 150 exit(1); 151 } 152 callbacks[monitors] = callback; 153 pollfds[monitors].fd = fd; 154 pollfds[monitors].events = callback ? POLLIN : 0; 155 ++monitors; 156 } 157 158 int main(int argc, char **argv) 159 { 160 #ifdef ANDROID_CHANGES 161 int control = android_get_control_and_arguments(&argc, &argv); 162 #if !defined(OPENSSL_IS_BORINGSSL) 163 ENGINE *engine; 164 #endif 165 166 if (control != -1) { 167 pname = "%p"; 168 monitor_fd(control, NULL); 169 170 #if !defined(OPENSSL_IS_BORINGSSL) 171 ENGINE_load_dynamic(); 172 engine = ENGINE_by_id("keystore"); 173 if (!engine || !ENGINE_init(engine)) { 174 do_plog(LLV_ERROR, "ipsec-tools: cannot load keystore engine"); 175 exit(1); 176 } 177 #endif 178 } 179 #endif 180 181 do_plog(LLV_INFO, "ipsec-tools 0.7.3 (http://ipsec-tools.sf.net)\n"); 182 183 signal(SIGHUP, terminate); 184 signal(SIGINT, terminate); 185 signal(SIGTERM, terminate); 186 signal(SIGPIPE, SIG_IGN); 187 atexit(terminated); 188 189 setup(argc, argv); 190 191 #ifdef ANDROID_CHANGES 192 shutdown(control, SHUT_WR); 193 setuid(AID_VPN); 194 #endif 195 196 while (1) { 197 struct timeval *tv = schedular(); 198 int timeout = tv->tv_sec * 1000 + tv->tv_usec / 1000 + 1; 199 200 if (poll(pollfds, monitors, timeout) > 0) { 201 int i; 202 for (i = 0; i < monitors; ++i) { 203 if (pollfds[i].revents & POLLHUP) { 204 do_plog(LLV_INFO, "Connection is closed\n", pollfds[i].fd); 205 /* Wait for few seconds to consume late messages. */ 206 sleep(5); 207 exit(1); 208 } 209 if (pollfds[i].revents & POLLIN) { 210 callbacks[i](pollfds[i].fd); 211 } 212 } 213 } 214 } 215 216 #if !defined(OPENSSL_IS_BORINGSSL) 217 if (engine) { 218 ENGINE_finish(engine); 219 ENGINE_free(engine); 220 } 221 #endif 222 return 0; 223 } 224 225 /* plog.h */ 226 227 void do_plog(int level, char *format, ...) 228 { 229 if (level >= 0 && level <= 5) { 230 #ifdef ANDROID_CHANGES 231 static int levels[6] = { 232 ANDROID_LOG_ERROR, ANDROID_LOG_WARN, ANDROID_LOG_INFO, 233 ANDROID_LOG_INFO, ANDROID_LOG_DEBUG, ANDROID_LOG_VERBOSE 234 }; 235 va_list ap; 236 va_start(ap, format); 237 __android_log_vprint(levels[level], "racoon", format, ap); 238 va_end(ap); 239 #else 240 static char *levels = "EWNIDV"; 241 fprintf(stderr, "%c: ", levels[level]); 242 va_list ap; 243 va_start(ap, format); 244 vfprintf(stderr, format, ap); 245 va_end(ap); 246 #endif 247 } 248 } 249 250 char *binsanitize(char *data, size_t length) 251 { 252 char *output = racoon_malloc(length + 1); 253 if (output) { 254 size_t i; 255 for (i = 0; i < length; ++i) { 256 output[i] = (data[i] < ' ' || data[i] > '~') ? '?' : data[i]; 257 } 258 output[length] = '\0'; 259 } 260 return output; 261 } 262
