• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (C) 2011 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 #include <stdio.h>
18 #include <stdlib.h>
19 #include <stdarg.h>
20 #include <signal.h>
21 #include <poll.h>
22 #include <unistd.h>
23 
24 #include "config.h"
25 #include "gcmalloc.h"
26 #include "schedule.h"
27 #include "plog.h"
28 
29 #ifdef ANDROID_CHANGES
30 
31 #include <openssl/engine.h>
32 
33 #include <string.h>
34 #include <sys/types.h>
35 #include <sys/socket.h>
36 #include <sys/ioctl.h>
37 #include <sys/stat.h>
38 #include <fcntl.h>
39 #include <errno.h>
40 #include <linux/if.h>
41 #include <linux/if_tun.h>
42 
43 #include <android/log.h>
44 #include <cutils/sockets.h>
45 #include <private/android_filesystem_config.h>
46 
notify_death()47 static void notify_death()
48 {
49     creat("/data/misc/vpn/abort", 0);
50 }
51 
android_get_control_and_arguments(int * argc,char *** argv)52 static int android_get_control_and_arguments(int *argc, char ***argv)
53 {
54     static char *args[32];
55     int control;
56     int i;
57 
58     atexit(notify_death);
59 
60     if ((i = android_get_control_socket("racoon")) == -1) {
61         return -1;
62     }
63     do_plog(LLV_DEBUG, "Waiting for control socket");
64     if (listen(i, 1) == -1 || (control = accept(i, NULL, 0)) == -1) {
65         do_plog(LLV_ERROR, "Cannot get control socket");
66         exit(1);
67     }
68     close(i);
69     fcntl(control, F_SETFD, FD_CLOEXEC);
70 
71     args[0] = (*argv)[0];
72     for (i = 1; i < 32; ++i) {
73         unsigned char bytes[2];
74         if (recv(control, &bytes[0], 1, 0) != 1 ||
75                 recv(control, &bytes[1], 1, 0) != 1) {
76             do_plog(LLV_ERROR, "Cannot get argument length");
77             exit(1);
78         } else {
79             int length = bytes[0] << 8 | bytes[1];
80             int offset = 0;
81 
82             if (length == 0xFFFF) {
83                 break;
84             }
85             args[i] = malloc(length + 1);
86             while (offset < length) {
87                 int n = recv(control, &args[i][offset], length - offset, 0);
88                 if (n > 0) {
89                     offset += n;
90                 } else {
91                     do_plog(LLV_ERROR, "Cannot get argument value");
92                     exit(1);
93                 }
94             }
95             args[i][length] = 0;
96         }
97     }
98     do_plog(LLV_DEBUG, "Received %d arguments", i - 1);
99 
100     *argc = i;
101     *argv = args;
102     return control;
103 }
104 
android_hook(char ** envp)105 const char *android_hook(char **envp)
106 {
107     struct ifreq ifr = {.ifr_flags = IFF_TUN};
108     int tun = open("/dev/tun", 0);
109 
110     /* Android does not support INTERNAL_WINS4_LIST, so we just use it. */
111     while (*envp && strncmp(*envp, "INTERNAL_WINS4_LIST=", 20)) {
112         ++envp;
113     }
114     if (!*envp) {
115         do_plog(LLV_ERROR, "Cannot find environment variable\n");
116         exit(1);
117     }
118     if (ioctl(tun, TUNSETIFF, &ifr)) {
119         do_plog(LLV_ERROR, "Cannot allocate TUN: %s\n", strerror(errno));
120         exit(1);
121     }
122     sprintf(*envp, "INTERFACE=%s", ifr.ifr_name);
123     return "/etc/ppp/ip-up-vpn";
124 }
125 
126 #endif
127 
128 extern void setup(int argc, char **argv);
129 extern void shutdown_session();
130 
131 static int monitors;
132 static void (*callbacks[10])(int fd);
133 static struct pollfd pollfds[10];
134 
135 char *pname;
136 
terminate(int signal)137 static void terminate(int signal)
138 {
139     exit(1);
140 }
141 
terminated()142 static void terminated()
143 {
144     do_plog(LLV_INFO, "Bye\n");
145 }
146 
monitor_fd(int fd,void (* callback)(int))147 void monitor_fd(int fd, void (*callback)(int))
148 {
149     if (fd < 0 || monitors == 10) {
150         do_plog(LLV_ERROR, "Cannot monitor fd");
151         exit(1);
152     }
153     callbacks[monitors] = callback;
154     pollfds[monitors].fd = fd;
155     pollfds[monitors].events = callback ? POLLIN : 0;
156     ++monitors;
157 }
158 
main(int argc,char ** argv)159 int main(int argc, char **argv)
160 {
161 #ifdef ANDROID_CHANGES
162     int control = android_get_control_and_arguments(&argc, &argv);
163 #if !defined(OPENSSL_IS_BORINGSSL)
164     ENGINE *engine;
165 #endif
166 
167     if (control != -1) {
168         pname = "%p";
169         monitor_fd(control, NULL);
170 
171 #if !defined(OPENSSL_IS_BORINGSSL)
172         ENGINE_load_dynamic();
173         engine = ENGINE_by_id("keystore");
174         if (!engine || !ENGINE_init(engine)) {
175             do_plog(LLV_ERROR, "ipsec-tools: cannot load keystore engine");
176             exit(1);
177         }
178 #endif
179     }
180 #endif
181 
182     do_plog(LLV_INFO, "ipsec-tools 0.7.3 (http://ipsec-tools.sf.net)\n");
183 
184     signal(SIGHUP, terminate);
185     signal(SIGINT, terminate);
186     signal(SIGTERM, terminate);
187     signal(SIGPIPE, SIG_IGN);
188     atexit(terminated);
189 
190     setup(argc, argv);
191 
192 #ifdef ANDROID_CHANGES
193     shutdown(control, SHUT_WR);
194     setuid(AID_VPN);
195 #endif
196 
197     while (1) {
198         struct timeval *tv = schedular();
199         int timeout = tv->tv_sec * 1000 + tv->tv_usec / 1000 + 1;
200 
201         if (poll(pollfds, monitors, timeout) > 0) {
202             int i;
203             for (i = 0; i < monitors; ++i) {
204                 if (pollfds[i].revents & POLLHUP) {
205                     do_plog(LLV_INFO, "Connection is closed\n", pollfds[i].fd);
206                     shutdown_session();
207 
208                     /* Wait for few seconds to consume late messages. */
209                     sleep(5);
210                     exit(1);
211                 }
212                 if (pollfds[i].revents & POLLIN) {
213                     callbacks[i](pollfds[i].fd);
214                 }
215             }
216         }
217     }
218 
219 #if !defined(OPENSSL_IS_BORINGSSL)
220     if (engine) {
221         ENGINE_finish(engine);
222         ENGINE_free(engine);
223     }
224 #endif
225     return 0;
226 }
227 
228 /* plog.h */
229 
do_plog(int level,char * format,...)230 void do_plog(int level, char *format, ...)
231 {
232     if (level >= 0 && level <= 5) {
233 #ifdef ANDROID_CHANGES
234         static int levels[6] = {
235             ANDROID_LOG_ERROR, ANDROID_LOG_WARN, ANDROID_LOG_INFO,
236             ANDROID_LOG_INFO, ANDROID_LOG_DEBUG, ANDROID_LOG_VERBOSE
237         };
238         va_list ap;
239         va_start(ap, format);
240         __android_log_vprint(levels[level], "racoon", format, ap);
241         va_end(ap);
242 #else
243         static char *levels = "EWNIDV";
244         fprintf(stderr, "%c: ", levels[level]);
245         va_list ap;
246         va_start(ap, format);
247         vfprintf(stderr, format, ap);
248         va_end(ap);
249 #endif
250     }
251 }
252 
binsanitize(char * data,size_t length)253 char *binsanitize(char *data, size_t length)
254 {
255     char *output = racoon_malloc(length + 1);
256     if (output) {
257         size_t i;
258         for (i = 0; i < length; ++i) {
259             output[i] = (data[i] < ' ' || data[i] > '~') ? '?' : data[i];
260         }
261         output[length] = '\0';
262     }
263     return output;
264 }
265