src/charon/charon.c

   1 /*
   2  * Copyright (C) 2006-2012 Tobias Brunner
   3  * Copyright (C) 2005-2009 Martin Willi
   4  * Copyright (C) 2006 Daniel Roethlisberger
   5  * Copyright (C) 2005 Jan Hutter
   6  * Hochschule fuer Technik Rapperswil
   7  *
   8  * This program is free software; you can redistribute it and/or modify it
   9  * under the terms of the GNU General Public License as published by the
  10  * Free Software Foundation; either version 2 of the License, or (at your
  11  * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
  12  *
  13  * This program is distributed in the hope that it will be useful, but
  14  * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
  15  * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  16  * for more details.
  17  */
  18
  19 #include <stdio.h>
  20 #define _POSIX_PTHREAD_SEMANTICS /* for two param sigwait on OpenSolaris */
  21 #include <signal.h>
  22 #undef _POSIX_PTHREAD_SEMANTICS
  23 #include <pthread.h>
  24 #include <sys/stat.h>
  25 #include <sys/types.h>
  26 #include <sys/utsname.h>
  27 #include <syslog.h>
  28 #include <errno.h>
  29 #include <unistd.h>
  30 #include <getopt.h>
  31
  32 #include <hydra.h>
  33 #include <daemon.h>
  34
  35 #include <library.h>
  36 #include <utils/backtrace.h>
  37 #include <threading/thread.h>
  38
  39 #ifdef ANDROID
  40 #include <private/android_filesystem_config.h> /* for AID_VPN */
  41 #endif
  42
  43 #ifndef LOG_AUTHPRIV /* not defined on OpenSolaris */
  44 #define LOG_AUTHPRIV LOG_AUTH
  45 #endif
  46
  47 /**
  48  * PID file, in which charon stores its process id
  49  */
  50 #define PID_FILE IPSEC_PIDDIR "/charon.pid"
  51
  52 /**
  53  * Global reference to PID file (required to truncate, if undeletable)
  54  */
  55 static FILE *pidfile = NULL;
  56
  57 /**
  58  * hook in library for debugging messages
  59  */
  60 extern void (*dbg) (debug_t group, level_t level, char *fmt, ...);
  61
  62 /**
  63  * Logging hook for library logs, using stderr output
  64  */
  65 static void dbg_stderr(debug_t group, level_t level, char *fmt, ...)
  66 {
  67         va_list args;
  68
  69         if (level <= 1)
  70         {
  71                 va_start(args, fmt);
  72                 fprintf(stderr, "00[%N] ", debug_names, group);
  73                 vfprintf(stderr, fmt, args);
  74                 fprintf(stderr, "\n");
  75                 va_end(args);
  76         }
  77 }
  78
  79 /**
  80  * Run the daemon and handle unix signals
  81  */
  82 static void run()
  83 {
  84         sigset_t set;
  85
  86         /* handle SIGINT, SIGHUP ans SIGTERM in this handler */
  87         sigemptyset(&set);
  88         sigaddset(&set, SIGINT);
  89         sigaddset(&set, SIGHUP);
  90         sigaddset(&set, SIGTERM);
  91         sigprocmask(SIG_BLOCK, &set, NULL);
  92
  93         while (TRUE)
  94         {
  95                 int sig;
  96                 int error;
  97
  98                 error = sigwait(&set, &sig);
  99                 if (error)
 100                 {
 101                         DBG1(DBG_DMN, "error %d while waiting for a signal", error);
 102                         return;
 103                 }
 104                 switch (sig)
 105                 {
 106                         case SIGHUP:
 107                         {
 108                                 DBG1(DBG_DMN, "signal of type SIGHUP received. Reloading "
 109                                          "configuration");
 110                                 if (lib->settings->load_files(lib->settings, NULL, FALSE))
 111                                 {
 112                                         lib->plugins->reload(lib->plugins, NULL);
 113                                 }
 114                                 else
 115                                 {
 116                                         DBG1(DBG_DMN, "reloading config failed, keeping old");
 117                                 }
 118                                 break;
 119                         }
 120                         case SIGINT:
 121                         {
 122                                 DBG1(DBG_DMN, "signal of type SIGINT received. Shutting down");
 123                                 charon->bus->alert(charon->bus, ALERT_SHUTDOWN_SIGNAL, sig);
 124                                 return;
 125                         }
 126                         case SIGTERM:
 127                         {
 128                                 DBG1(DBG_DMN, "signal of type SIGTERM received. Shutting down");
 129                                 charon->bus->alert(charon->bus, ALERT_SHUTDOWN_SIGNAL, sig);
 130                                 return;
 131                         }
 132                         default:
 133                         {
 134                                 DBG1(DBG_DMN, "unknown signal %d received. Ignored", sig);
 135                                 break;
 136                         }
 137                 }
 138         }
 139 }
 140
 141 /**
 142  * lookup UID and GID
 143  */
 144 static bool lookup_uid_gid()
 145 {
 146 #ifdef IPSEC_USER
 147         if (!charon->caps->resolve_uid(charon->caps, IPSEC_USER))
 148         {
 149                 return FALSE;
 150         }
 151 #endif
 152 #ifdef IPSEC_GROUP
 153         if (!charon->caps->resolve_gid(charon->caps, IPSEC_GROUP))
 154         {
 155                 return FALSE;
 156         }
 157 #endif
 158 #ifdef ANDROID
 159         charon->caps->set_uid(charon->caps, AID_VPN);
 160 #endif
 161         return TRUE;
 162 }
 163
 164 /**
 165  * Handle SIGSEGV/SIGILL signals raised by threads
 166  */
 167 static void segv_handler(int signal)
 168 {
 169         backtrace_t *backtrace;
 170
 171         DBG1(DBG_DMN, "thread %u received %d", thread_current_id(), signal);
 172         backtrace = backtrace_create(2);
 173         backtrace->log(backtrace, stderr, TRUE);
 174         backtrace->destroy(backtrace);
 175
 176         DBG1(DBG_DMN, "killing ourself, received critical signal");
 177         abort();
 178 }
 179
 180 /**
 181  * Check/create PID file, return TRUE if already running
 182  */
 183 static bool check_pidfile()
 184 {
 185         struct stat stb;
 186
 187         if (stat(PID_FILE, &stb) == 0)
 188         {
 189                 pidfile = fopen(PID_FILE, "r");
 190                 if (pidfile)
 191                 {
 192                         char buf[64];
 193                         pid_t pid = 0;
 194
 195                         memset(buf, 0, sizeof(buf));
 196                         if (fread(buf, 1, sizeof(buf), pidfile))
 197                         {
 198                                 buf[sizeof(buf) - 1] = '\0';
 199                                 pid = atoi(buf);
 200                         }
 201                         fclose(pidfile);
 202                         if (pid && kill(pid, 0) == 0)
 203                         {       /* such a process is running */
 204                                 return TRUE;
 205                         }
 206                 }
 207                 DBG1(DBG_DMN, "removing pidfile '"PID_FILE"', process not running");
 208                 unlink(PID_FILE);
 209         }
 210
 211         /* create new pidfile */
 212         pidfile = fopen(PID_FILE, "w");
 213         if (pidfile)
 214         {
 215                 ignore_result(fchown(fileno(pidfile),
 216                                                          charon->caps->get_uid(charon->caps),
 217                                                          charon->caps->get_gid(charon->caps)));
 218                 fprintf(pidfile, "%d\n", getpid());
 219                 fflush(pidfile);
 220         }
 221         return FALSE;
 222 }
 223
 224 /**
 225  * Delete/truncate the PID file
 226  */
 227 static void unlink_pidfile()
 228 {
 229         /* because unlinking the PID file may fail, we truncate it to ensure the
 230          * daemon can be properly restarted.  one probable cause for this is the
 231          * combination of not running as root and the effective user lacking
 232          * permissions on the parent dir(s) of the PID file */
 233         if (pidfile)
 234         {
 235                 ignore_result(ftruncate(fileno(pidfile), 0));
 236                 fclose(pidfile);
 237         }
 238         unlink(PID_FILE);
 239 }
 240
 241 /**
 242  * Initialize logging
 243  */
 244 static void initialize_loggers(bool use_stderr, level_t levels[])
 245 {
 246         sys_logger_t *sys_logger;
 247         file_logger_t *file_logger;
 248         enumerator_t *enumerator;
 249         char *identifier, *facility, *filename;
 250         int loggers_defined = 0;
 251         debug_t group;
 252         level_t  def;
 253         bool append, ike_name;
 254         FILE *file;
 255
 256         /* setup sysloggers */
 257         identifier = lib->settings->get_str(lib->settings,
 258                                                                                 "charon.syslog.identifier", NULL);
 259         if (identifier)
 260         {       /* set identifier, which is prepended to each log line */
 261                 openlog(identifier, 0, 0);
 262         }
 263         enumerator = lib->settings->create_section_enumerator(lib->settings,
 264                                                                                                                   "charon.syslog");
 265         while (enumerator->enumerate(enumerator, &facility))
 266         {
 267                 loggers_defined++;
 268
 269                 ike_name = lib->settings->get_bool(lib->settings,
 270                                                                 "charon.syslog.%s.ike_name", FALSE, facility);
 271                 if (streq(facility, "daemon"))
 272                 {
 273                         sys_logger = sys_logger_create(LOG_DAEMON, ike_name);
 274                 }
 275                 else if (streq(facility, "auth"))
 276                 {
 277                         sys_logger = sys_logger_create(LOG_AUTHPRIV, ike_name);
 278                 }
 279                 else
 280                 {
 281                         continue;
 282                 }
 283                 def = lib->settings->get_int(lib->settings,
 284                                                                          "charon.syslog.%s.default", 1, facility);
 285                 for (group = 0; group < DBG_MAX; group++)
 286                 {
 287                         sys_logger->set_level(sys_logger, group,
 288                                 lib->settings->get_int(lib->settings,
 289                                                                            "charon.syslog.%s.%N", def,
 290                                                                            facility, debug_lower_names, group));
 291                 }
 292                 charon->sys_loggers->insert_last(charon->sys_loggers, sys_logger);
 293                 charon->bus->add_logger(charon->bus, &sys_logger->logger);
 294         }
 295         enumerator->destroy(enumerator);
 296
 297         /* and file loggers */
 298         enumerator = lib->settings->create_section_enumerator(lib->settings,
 299                                                                                                                   "charon.filelog");
 300         while (enumerator->enumerate(enumerator, &filename))
 301         {
 302                 loggers_defined++;
 303                 if (streq(filename, "stderr"))
 304                 {
 305                         file = stderr;
 306                 }
 307                 else if (streq(filename, "stdout"))
 308                 {
 309                         file = stdout;
 310                 }
 311                 else
 312                 {
 313                         append = lib->settings->get_bool(lib->settings,
 314                                                                         "charon.filelog.%s.append", TRUE, filename);
 315                         file = fopen(filename, append ? "a" : "w");
 316                         if (file == NULL)
 317                         {
 318                                 DBG1(DBG_DMN, "opening file %s for logging failed: %s",
 319                                          filename, strerror(errno));
 320                                 continue;
 321                         }
 322                         if (lib->settings->get_bool(lib->settings,
 323                                                         "charon.filelog.%s.flush_line", FALSE, filename))
 324                         {
 325                                 setlinebuf(file);
 326                         }
 327                 }
 328                 file_logger = file_logger_create(file,
 329                                                 lib->settings->get_str(lib->settings,
 330                                                         "charon.filelog.%s.time_format", NULL, filename),
 331                                                 lib->settings->get_bool(lib->settings,
 332                                                         "charon.filelog.%s.ike_name", FALSE, filename));
 333                 def = lib->settings->get_int(lib->settings,
 334                                                                          "charon.filelog.%s.default", 1, filename);
 335                 for (group = 0; group < DBG_MAX; group++)
 336                 {
 337                         file_logger->set_level(file_logger, group,
 338                                 lib->settings->get_int(lib->settings,
 339                                                                            "charon.filelog.%s.%N", def,
 340                                                                            filename, debug_lower_names, group));
 341                 }
 342                 charon->file_loggers->insert_last(charon->file_loggers, file_logger);
 343                 charon->bus->add_logger(charon->bus, &file_logger->logger);
 344
 345         }
 346         enumerator->destroy(enumerator);
 347
 348         /* set up legacy style default loggers provided via command-line */
 349         if (!loggers_defined)
 350         {
 351                 /* set up default stdout file_logger */
 352                 file_logger = file_logger_create(stdout, NULL, FALSE);
 353                 charon->file_loggers->insert_last(charon->file_loggers, file_logger);
 354                 /* set up default daemon sys_logger */
 355                 sys_logger = sys_logger_create(LOG_DAEMON, FALSE);
 356                 charon->sys_loggers->insert_last(charon->sys_loggers, sys_logger);
 357                 for (group = 0; group < DBG_MAX; group++)
 358                 {
 359                         sys_logger->set_level(sys_logger, group, levels[group]);
 360                         if (use_stderr)
 361                         {
 362                                 file_logger->set_level(file_logger, group, levels[group]);
 363                         }
 364                 }
 365                 charon->bus->add_logger(charon->bus, &file_logger->logger);
 366                 charon->bus->add_logger(charon->bus, &sys_logger->logger);
 367
 368                 /* set up default auth sys_logger */
 369                 sys_logger = sys_logger_create(LOG_AUTHPRIV, FALSE);
 370                 sys_logger->set_level(sys_logger, DBG_ANY, LEVEL_AUDIT);
 371                 charon->sys_loggers->insert_last(charon->sys_loggers, sys_logger);
 372                 charon->bus->add_logger(charon->bus, &sys_logger->logger);
 373         }
 374 }
 375
 376 /**
 377  * print command line usage and exit
 378  */
 379 static void usage(const char *msg)
 380 {
 381         if (msg != NULL && *msg != '\0')
 382         {
 383                 fprintf(stderr, "%s\n", msg);
 384         }
 385         fprintf(stderr, "Usage: charon\n"
 386                                         "         [--help]\n"
 387                                         "         [--version]\n"
 388                                         "         [--use-syslog]\n"
 389                                         "         [--debug-<type> <level>]\n"
 390                                         "           <type>:  log context type (dmn|mgr|ike|chd|job|cfg|knl|net|asn|enc|tnc|imc|imv|pts|tls|esp|lib)\n"
 391                                         "           <level>: log verbosity (-1 = silent, 0 = audit, 1 = control,\n"
 392                                         "                                    2 = controlmore, 3 = raw, 4 = private)\n"
 393                                         "\n"
 394                    );
 395 }
 396
 397 /**
 398  * Main function, starts the daemon.
 399  */
 400 int main(int argc, char *argv[])
 401 {
 402         struct sigaction action;
 403         bool use_syslog = FALSE;
 404         level_t levels[DBG_MAX];
 405         int group, status = SS_RC_INITIALIZATION_FAILED;
 406         struct utsname utsname;
 407
 408         /* logging for library during initialization, as we have no bus yet */
 409         dbg = dbg_stderr;
 410
 411         /* initialize library */
 412         if (!library_init(NULL))
 413         {
 414                 library_deinit();
 415                 exit(SS_RC_LIBSTRONGSWAN_INTEGRITY);
 416         }
 417
 418         if (lib->integrity &&
 419                 !lib->integrity->check_file(lib->integrity, "charon", argv[0]))
 420         {
 421                 dbg_stderr(DBG_DMN, 1, "integrity check of charon failed");
 422                 library_deinit();
 423                 exit(SS_RC_DAEMON_INTEGRITY);
 424         }
 425
 426         if (!libhydra_init("charon"))
 427         {
 428                 dbg_stderr(DBG_DMN, 1, "initialization failed - aborting charon");
 429                 libhydra_deinit();
 430                 library_deinit();
 431                 exit(SS_RC_INITIALIZATION_FAILED);
 432         }
 433
 434         if (!libcharon_init("charon"))
 435         {
 436                 dbg_stderr(DBG_DMN, 1, "initialization failed - aborting charon");
 437                 goto deinit;
 438         }
 439
 440         /* use CTRL loglevel for default */
 441         for (group = 0; group < DBG_MAX; group++)
 442         {
 443                 levels[group] = LEVEL_CTRL;
 444         }
 445
 446         /* handle arguments */
 447         for (;;)
 448         {
 449                 struct option long_opts[] = {
 450                         { "help", no_argument, NULL, 'h' },
 451                         { "version", no_argument, NULL, 'v' },
 452                         { "use-syslog", no_argument, NULL, 'l' },
 453                         /* TODO: handle "debug-all" */
 454                         { "debug-dmn", required_argument, &group, DBG_DMN },
 455                         { "debug-mgr", required_argument, &group, DBG_MGR },
 456                         { "debug-ike", required_argument, &group, DBG_IKE },
 457                         { "debug-chd", required_argument, &group, DBG_CHD },
 458                         { "debug-job", required_argument, &group, DBG_JOB },
 459                         { "debug-cfg", required_argument, &group, DBG_CFG },
 460                         { "debug-knl", required_argument, &group, DBG_KNL },
 461                         { "debug-net", required_argument, &group, DBG_NET },
 462                         { "debug-asn", required_argument, &group, DBG_ASN },
 463                         { "debug-enc", required_argument, &group, DBG_ENC },
 464                         { "debug-tnc", required_argument, &group, DBG_TNC },
 465                         { "debug-imc", required_argument, &group, DBG_IMC },
 466                         { "debug-imv", required_argument, &group, DBG_IMV },
 467                         { "debug-pts", required_argument, &group, DBG_PTS },
 468                         { "debug-tls", required_argument, &group, DBG_TLS },
 469                         { "debug-esp", required_argument, &group, DBG_ESP },
 470                         { "debug-lib", required_argument, &group, DBG_LIB },
 471                         { 0,0,0,0 }
 472                 };
 473
 474                 int c = getopt_long(argc, argv, "", long_opts, NULL);
 475                 switch (c)
 476                 {
 477                         case EOF:
 478                                 break;
 479                         case 'h':
 480                                 usage(NULL);
 481                                 status = 0;
 482                                 goto deinit;
 483                         case 'v':
 484                                 printf("Linux strongSwan %s\n", VERSION);
 485                                 status = 0;
 486                                 goto deinit;
 487                         case 'l':
 488                                 use_syslog = TRUE;
 489                                 continue;
 490                         case 0:
 491                                 /* option is in group */
 492                                 levels[group] = atoi(optarg);
 493                                 continue;
 494                         default:
 495                                 usage("");
 496                                 status = 1;
 497                                 goto deinit;
 498                 }
 499                 break;
 500         }
 501
 502         if (!lookup_uid_gid())
 503         {
 504                 dbg_stderr(DBG_DMN, 1, "invalid uid/gid - aborting charon");
 505                 goto deinit;
 506         }
 507
 508         initialize_loggers(!use_syslog, levels);
 509
 510         if (uname(&utsname) != 0)
 511         {
 512                 memset(&utsname, 0, sizeof(utsname));
 513         }
 514         DBG1(DBG_DMN, "Starting IKE charon daemon (strongSwan "VERSION", %s %s, %s)",
 515                   utsname.sysname, utsname.release, utsname.machine);
 516         if (lib->integrity)
 517         {
 518                 DBG1(DBG_DMN, "integrity tests enabled:");
 519                 DBG1(DBG_DMN, "lib    'libstrongswan': passed file and segment integrity tests");
 520                 DBG1(DBG_DMN, "lib    'libhydra': passed file and segment integrity tests");
 521                 DBG1(DBG_DMN, "lib    'libcharon': passed file and segment integrity tests");
 522                 DBG1(DBG_DMN, "daemon 'charon': passed file integrity test");
 523         }
 524
 525         /* initialize daemon */
 526         if (!charon->initialize(charon,
 527                                 lib->settings->get_str(lib->settings, "charon.load", PLUGINS)))
 528         {
 529                 DBG1(DBG_DMN, "initialization failed - aborting charon");
 530                 goto deinit;
 531         }
 532
 533         if (check_pidfile())
 534         {
 535                 DBG1(DBG_DMN, "charon already running (\""PID_FILE"\" exists)");
 536                 status = -1;
 537                 goto deinit;
 538         }
 539
 540         if (!charon->caps->drop(charon->caps))
 541         {
 542                 DBG1(DBG_DMN, "capability dropping failed - aborting charon");
 543                 goto deinit;
 544         }
 545
 546         /* add handler for SEGV and ILL,
 547          * INT, TERM and HUP are handled by sigwait() in run() */
 548         action.sa_handler = segv_handler;
 549         action.sa_flags = 0;
 550         sigemptyset(&action.sa_mask);
 551         sigaddset(&action.sa_mask, SIGINT);
 552         sigaddset(&action.sa_mask, SIGTERM);
 553         sigaddset(&action.sa_mask, SIGHUP);
 554         sigaction(SIGSEGV, &action, NULL);
 555         sigaction(SIGILL, &action, NULL);
 556         sigaction(SIGBUS, &action, NULL);
 557         action.sa_handler = SIG_IGN;
 558         sigaction(SIGPIPE, &action, NULL);
 559
 560         pthread_sigmask(SIG_SETMASK, &action.sa_mask, NULL);
 561
 562         /* start daemon (i.e. the threads in the thread-pool) */
 563         charon->start(charon);
 564
 565         /* main thread goes to run loop */
 566         run();
 567
 568         /* normal termination, cleanup and exit */
 569         unlink_pidfile();
 570         status = 0;
 571
 572 deinit:
 573         libcharon_deinit();
 574         libhydra_deinit();
 575         library_deinit();
 576         return status;
 577 }
 578