]> git.ipfire.org Git - people/ms/strongswan.git/blob - src/libcharon/daemon.c
projects / people / ms / strongswan.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Properly handle retransmitted initial IKE messages.
[people/ms/strongswan.git] / src / libcharon / daemon.c
1 /*
2 * Copyright (C) 2006-2010 Tobias Brunner
3 * Copyright (C) 2005-2009 Martin Willi
4 * Copyright (C) 2006 Daniel Roethlisberger
5 * Copyright (C) 2005 Jan Hutter
6 * Hochschule fuer Technik Rapperswil
7 *
8 * This program is free software; you can redistribute it and/or modify it
9 * under the terms of the GNU General Public License as published by the
10 * Free Software Foundation; either version 2 of the License, or (at your
11 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
12 *
13 * This program is distributed in the hope that it will be useful, but
14 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
15 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
16 * for more details.
17 */
18
19 #include <stdio.h>
20 #include <sys/types.h>
21 #include <unistd.h>
22 #include <time.h>
23
24 #ifdef CAPABILITIES
25 # ifdef HAVE_SYS_CAPABILITY_H
26 # include <sys/capability.h>
27 # elif defined(CAPABILITIES_NATIVE)
28 # include <linux/capability.h>
29 # endif /* CAPABILITIES_NATIVE */
30 #endif /* CAPABILITIES */
31
32 #include "daemon.h"
33
34 #include <library.h>
35 #include <plugins/plugin.h>
36 #include <config/proposal.h>
37 #include <kernel/kernel_handler.h>
38 #include <processing/jobs/start_action_job.h>
39
40 typedef struct private_daemon_t private_daemon_t;
41
42 /**
43 * Private additions to daemon_t, contains threads and internal functions.
44 */
45 struct private_daemon_t {
46 /**
47 * Public members of daemon_t.
48 */
49 daemon_t public;
50
51 /**
52 * Handler for kernel events
53 */
54 kernel_handler_t *kernel_handler;
55
56 /**
57 * capabilities to keep
58 */
59 #ifdef CAPABILITIES_LIBCAP
60 cap_t caps;
61 #endif /* CAPABILITIES_LIBCAP */
62 #ifdef CAPABILITIES_NATIVE
63 struct __user_cap_data_struct caps[2];
64 #endif /* CAPABILITIES_NATIVE */
65
66 };
67
68 /**
69 * One and only instance of the daemon.
70 */
71 daemon_t *charon;
72
73 /**
74 * hook in library for debugging messages
75 */
76 extern void (*dbg) (debug_t group, level_t level, char *fmt, ...);
77
78 /**
79 * we store the previous debug function so we can reset it
80 */
81 static void (*dbg_old) (debug_t group, level_t level, char *fmt, ...);
82
83 /**
84 * Logging hook for library logs, spreads debug message over bus
85 */
86 static void dbg_bus(debug_t group, level_t level, char *fmt, ...)
87 {
88 va_list args;
89
90 va_start(args, fmt);
91 charon->bus->vlog(charon->bus, group, level, fmt, args);
92 va_end(args);
93 }
94
95 /**
96 * Clean up all daemon resources
97 */
98 static void destroy(private_daemon_t *this)
99 {
100 /* terminate all idle threads */
101 lib->processor->set_threads(lib->processor, 0);
102
103 /* close all IKE_SAs */
104 if (this->public.ike_sa_manager)
105 {
106 this->public.ike_sa_manager->flush(this->public.ike_sa_manager);
107 }
108 if (this->public.traps)
109 {
110 this->public.traps->flush(this->public.traps);
111 }
112 DESTROY_IF(this->public.receiver);
113 DESTROY_IF(this->public.sender);
114 /* unload plugins to release threads */
115 lib->plugins->unload(lib->plugins);
116 #ifdef CAPABILITIES_LIBCAP
117 cap_free(this->caps);
118 #endif /* CAPABILITIES_LIBCAP */
119 DESTROY_IF(this->kernel_handler);
120 DESTROY_IF(this->public.traps);
121 DESTROY_IF(this->public.shunts);
122 DESTROY_IF(this->public.ike_sa_manager);
123 DESTROY_IF(this->public.controller);
124 DESTROY_IF(this->public.eap);
125 DESTROY_IF(this->public.xauth);
126 #ifdef ME
127 DESTROY_IF(this->public.connect_manager);
128 DESTROY_IF(this->public.mediation_manager);
129 #endif /* ME */
130 DESTROY_IF(this->public.backends);
131 DESTROY_IF(this->public.socket);
132
133 /* rehook library logging, shutdown logging */
134 dbg = dbg_old;
135 DESTROY_IF(this->public.bus);
136 this->public.file_loggers->destroy_offset(this->public.file_loggers,
137 offsetof(file_logger_t, destroy));
138 this->public.sys_loggers->destroy_offset(this->public.sys_loggers,
139 offsetof(sys_logger_t, destroy));
140 free(this);
141 }
142
143 METHOD(daemon_t, keep_cap, void,
144 private_daemon_t *this, u_int cap)
145 {
146 #ifdef CAPABILITIES_LIBCAP
147 cap_set_flag(this->caps, CAP_EFFECTIVE, 1, &cap, CAP_SET);
148 cap_set_flag(this->caps, CAP_INHERITABLE, 1, &cap, CAP_SET);
149 cap_set_flag(this->caps, CAP_PERMITTED, 1, &cap, CAP_SET);
150 #endif /* CAPABILITIES_LIBCAP */
151 #ifdef CAPABILITIES_NATIVE
152 int i = 0;
153
154 if (cap >= 32)
155 {
156 i++;
157 cap -= 32;
158 }
159 this->caps[i].effective |= 1 << cap;
160 this->caps[i].permitted |= 1 << cap;
161 this->caps[i].inheritable |= 1 << cap;
162 #endif /* CAPABILITIES_NATIVE */
163 }
164
165 METHOD(daemon_t, drop_capabilities, bool,
166 private_daemon_t *this)
167 {
168 #ifdef CAPABILITIES_LIBCAP
169 if (cap_set_proc(this->caps) != 0)
170 {
171 return FALSE;
172 }
173 #endif /* CAPABILITIES_LIBCAP */
174 #ifdef CAPABILITIES_NATIVE
175 struct __user_cap_header_struct header = {
176 #if defined(_LINUX_CAPABILITY_VERSION_3)
177 .version = _LINUX_CAPABILITY_VERSION_3,
178 #elif defined(_LINUX_CAPABILITY_VERSION_2)
179 .version = _LINUX_CAPABILITY_VERSION_2,
180 #elif defined(_LINUX_CAPABILITY_VERSION_1)
181 .version = _LINUX_CAPABILITY_VERSION_1,
182 #else
183 .version = _LINUX_CAPABILITY_VERSION,
184 #endif
185 };
186 if (capset(&header, this->caps) != 0)
187 {
188 return FALSE;
189 }
190 #endif /* CAPABILITIES_NATIVE */
191 return TRUE;
192 }
193
194 METHOD(daemon_t, start, void,
195 private_daemon_t *this)
196 {
197 /* start the engine, go multithreaded */
198 lib->processor->set_threads(lib->processor,
199 lib->settings->get_int(lib->settings, "charon.threads",
200 DEFAULT_THREADS));
201 }
202
203 /**
204 * Log loaded plugins
205 */
206 static void print_plugins()
207 {
208 char buf[512];
209 int len = 0;
210 enumerator_t *enumerator;
211 plugin_t *plugin;
212
213 buf[0] = '\0';
214 enumerator = lib->plugins->create_plugin_enumerator(lib->plugins);
215 while (len < sizeof(buf) && enumerator->enumerate(enumerator, &plugin, NULL))
216 {
217 len += snprintf(&buf[len], sizeof(buf)-len, "%s ",
218 plugin->get_name(plugin));
219 }
220 enumerator->destroy(enumerator);
221 DBG1(DBG_DMN, "loaded plugins: %s", buf);
222 }
223
224 METHOD(daemon_t, initialize, bool,
225 private_daemon_t *this)
226 {
227 DBG1(DBG_DMN, "Starting IKEv2 charon daemon (strongSwan "VERSION")");
228
229 if (lib->integrity)
230 {
231 DBG1(DBG_DMN, "integrity tests enabled:");
232 DBG1(DBG_DMN, "lib 'libstrongswan': passed file and segment integrity tests");
233 DBG1(DBG_DMN, "lib 'libhydra': passed file and segment integrity tests");
234 DBG1(DBG_DMN, "lib 'libcharon': passed file and segment integrity tests");
235 DBG1(DBG_DMN, "daemon 'charon': passed file integrity test");
236 }
237
238 /* load plugins, further infrastructure may need it */
239 if (!lib->plugins->load(lib->plugins, NULL,
240 lib->settings->get_str(lib->settings, "charon.load", PLUGINS)))
241 {
242 return FALSE;
243 }
244
245 print_plugins();
246
247 this->public.ike_sa_manager = ike_sa_manager_create();
248 if (this->public.ike_sa_manager == NULL)
249 {
250 return FALSE;
251 }
252 this->public.sender = sender_create();
253 this->public.receiver = receiver_create();
254 if (this->public.receiver == NULL)
255 {
256 return FALSE;
257 }
258
259 /* Queue start_action job */
260 lib->processor->queue_job(lib->processor, (job_t*)start_action_job_create());
261
262 #ifdef ME
263 this->public.connect_manager = connect_manager_create();
264 if (this->public.connect_manager == NULL)
265 {
266 return FALSE;
267 }
268 this->public.mediation_manager = mediation_manager_create();
269 #endif /* ME */
270
271 return TRUE;
272 }
273
274 /**
275 * Create the daemon.
276 */
277 private_daemon_t *daemon_create()
278 {
279 private_daemon_t *this;
280
281 INIT(this,
282 .public = {
283 .keep_cap = _keep_cap,
284 .drop_capabilities = _drop_capabilities,
285 .initialize = _initialize,
286 .start = _start,
287 .bus = bus_create(),
288 .file_loggers = linked_list_create(),
289 .sys_loggers = linked_list_create(),
290 },
291 );
292 charon = &this->public;
293 this->public.controller = controller_create();
294 this->public.eap = eap_manager_create();
295 this->public.xauth = xauth_manager_create();
296 this->public.backends = backend_manager_create();
297 this->public.socket = socket_manager_create();
298 this->public.traps = trap_manager_create();
299 this->public.shunts = shunt_manager_create();
300 this->kernel_handler = kernel_handler_create();
301
302 #ifdef CAPABILITIES
303 #ifdef CAPABILITIES_LIBCAP
304 this->caps = cap_init();
305 #endif /* CAPABILITIES_LIBCAP */
306 keep_cap(this, CAP_NET_ADMIN);
307 if (lib->leak_detective)
308 {
309 keep_cap(this, CAP_SYS_NICE);
310 }
311 #endif /* CAPABILITIES */
312
313 return this;
314 }
315
316 /**
317 * Described in header.
318 */
319 void libcharon_deinit()
320 {
321 destroy((private_daemon_t*)charon);
322 charon = NULL;
323 }
324
325 /**
326 * Described in header.
327 */
328 bool libcharon_init()
329 {
330 daemon_create();
331
332 /* for uncritical pseudo random numbers */
333 srandom(time(NULL) + getpid());
334
335 /* set up hook to log dbg message in library via charons message bus */
336 dbg_old = dbg;
337 dbg = dbg_bus;
338
339 lib->printf_hook->add_handler(lib->printf_hook, 'P',
340 proposal_printf_hook,
341 PRINTF_HOOK_ARGTYPE_POINTER,
342 PRINTF_HOOK_ARGTYPE_END);
343
344 if (lib->integrity &&
345 !lib->integrity->check(lib->integrity, "libcharon", libcharon_init))
346 {
347 dbg(DBG_DMN, 1, "integrity check of libcharon failed");
348 return FALSE;
349 }
350
351 return TRUE;
352 }
Michael's strongswan development tree