Close IKE_SA on Android immediately if setting up CHILD_SA fails
[strongswan.git] / src / frontends / android / jni / libandroidbridge / charonservice.c
1 /*
2 * Copyright (C) 2012 Giuliano Grassi
3 * Copyright (C) 2012 Ralf Sager
4 * Copyright (C) 2012 Tobias Brunner
5 * Hochschule fuer Technik Rapperswil
6 *
7 * This program is free software; you can redistribute it and/or modify it
8 * under the terms of the GNU General Public License as published by the
9 * Free Software Foundation; either version 2 of the License, or (at your
10 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
11 *
12 * This program is distributed in the hope that it will be useful, but
13 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
14 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
15 * for more details.
16 */
17
18 #include <signal.h>
19 #include <string.h>
20 #include <android/log.h>
21
22 #include "charonservice.h"
23 #include "android_jni.h"
24 #include "backend/android_attr.h"
25 #include "backend/android_creds.h"
26 #include "backend/android_service.h"
27 #include "kernel/android_ipsec.h"
28 #include "kernel/android_net.h"
29
30 #include <daemon.h>
31 #include <hydra.h>
32 #include <ipsec.h>
33 #include <library.h>
34 #include <threading/thread.h>
35
36 #define ANDROID_DEBUG_LEVEL 1
37 #define ANDROID_RETRASNMIT_TRIES 3
38 #define ANDROID_RETRANSMIT_TIMEOUT 3.0
39 #define ANDROID_RETRANSMIT_BASE 1.4
40
41 typedef struct private_charonservice_t private_charonservice_t;
42
43 /**
44 * private data of charonservice
45 */
46 struct private_charonservice_t {
47
48 /**
49 * public interface
50 */
51 charonservice_t public;
52
53 /**
54 * android_attr instance
55 */
56 android_attr_t *attr;
57
58 /**
59 * android_creds instance
60 */
61 android_creds_t *creds;
62
63 /**
64 * android_service instance
65 */
66 android_service_t *service;
67
68 /**
69 * VpnService builder (accessed via JNI)
70 */
71 vpnservice_builder_t *builder;
72
73 /**
74 * CharonVpnService reference
75 */
76 jobject vpn_service;
77 };
78
79 /**
80 * Single instance of charonservice_t.
81 */
82 charonservice_t *charonservice;
83
84 /**
85 * hook in library for debugging messages
86 */
87 extern void (*dbg)(debug_t group, level_t level, char *fmt, ...);
88
89 /**
90 * Logging hook for library logs, using android specific logging
91 */
92 static void dbg_android(debug_t group, level_t level, char *fmt, ...)
93 {
94 va_list args;
95
96 if (level <= ANDROID_DEBUG_LEVEL)
97 {
98 char sgroup[16], buffer[8192];
99 char *current = buffer, *next;
100
101 snprintf(sgroup, sizeof(sgroup), "%N", debug_names, group);
102 va_start(args, fmt);
103 vsnprintf(buffer, sizeof(buffer), fmt, args);
104 va_end(args);
105 while (current)
106 { /* log each line separately */
107 next = strchr(current, '\n');
108 if (next)
109 {
110 *(next++) = '\0';
111 }
112 __android_log_print(ANDROID_LOG_INFO, "charon", "00[%s] %s\n",
113 sgroup, current);
114 current = next;
115 }
116 }
117 }
118
119 METHOD(charonservice_t, update_status, bool,
120 private_charonservice_t *this, android_vpn_state_t code)
121 {
122 JNIEnv *env;
123 jmethodID method_id;
124 bool success = FALSE;
125
126 androidjni_attach_thread(&env);
127
128 method_id = (*env)->GetMethodID(env, android_charonvpnservice_class,
129 "updateStatus", "(I)V");
130 if (!method_id)
131 {
132 goto failed;
133 }
134 (*env)->CallVoidMethod(env, this->vpn_service, method_id, (jint)code);
135 success = !androidjni_exception_occurred(env);
136
137 failed:
138 androidjni_exception_occurred(env);
139 androidjni_detach_thread();
140 return success;
141 }
142
143 METHOD(charonservice_t, bypass_socket, bool,
144 private_charonservice_t *this, int fd, int family)
145 {
146 JNIEnv *env;
147 jmethodID method_id;
148
149 androidjni_attach_thread(&env);
150
151 method_id = (*env)->GetMethodID(env, android_charonvpnservice_class,
152 "protect", "(I)Z");
153 if (!method_id)
154 {
155 goto failed;
156 }
157 if (!(*env)->CallBooleanMethod(env, this->vpn_service, method_id, fd))
158 {
159 DBG1(DBG_CFG, "VpnService.protect() failed");
160 goto failed;
161 }
162 androidjni_detach_thread();
163 return TRUE;
164
165 failed:
166 androidjni_exception_occurred(env);
167 androidjni_detach_thread();
168 return FALSE;
169 }
170
171 METHOD(charonservice_t, get_trusted_certificates, linked_list_t*,
172 private_charonservice_t *this)
173 {
174 JNIEnv *env;
175 jmethodID method_id;
176 jobjectArray jcerts;
177 linked_list_t *list;
178 jsize i;
179
180 androidjni_attach_thread(&env);
181
182 method_id = (*env)->GetMethodID(env,
183 android_charonvpnservice_class,
184 "getTrustedCertificates", "(Ljava/lang/String;)[[B");
185 if (!method_id)
186 {
187 goto failed;
188 }
189 jcerts = (*env)->CallObjectMethod(env, this->vpn_service, method_id, NULL);
190 if (!jcerts)
191 {
192 goto failed;
193 }
194 list = linked_list_create();
195 for (i = 0; i < (*env)->GetArrayLength(env, jcerts); ++i)
196 {
197 chunk_t *ca_cert;
198 jbyteArray jcert;
199
200 ca_cert = malloc_thing(chunk_t);
201 list->insert_last(list, ca_cert);
202
203 jcert = (*env)->GetObjectArrayElement(env, jcerts, i);
204 *ca_cert = chunk_alloc((*env)->GetArrayLength(env, jcert));
205 (*env)->GetByteArrayRegion(env, jcert, 0, ca_cert->len, ca_cert->ptr);
206 (*env)->DeleteLocalRef(env, jcert);
207 }
208 (*env)->DeleteLocalRef(env, jcerts);
209 androidjni_detach_thread();
210 return list;
211
212 failed:
213 androidjni_exception_occurred(env);
214 androidjni_detach_thread();
215 return NULL;
216 }
217
218 METHOD(charonservice_t, get_vpnservice_builder, vpnservice_builder_t*,
219 private_charonservice_t *this)
220 {
221 return this->builder;
222 }
223
224 /**
225 * Initiate a new connection
226 *
227 * @param local local ip address (gets owned)
228 * @param gateway gateway address (gets owned)
229 * @param username username (gets owned)
230 * @param password password (gets owned)
231 */
232 static void initiate(char *local, char *gateway, char *username, char *password)
233 {
234 private_charonservice_t *this = (private_charonservice_t*)charonservice;
235
236 this->creds->clear(this->creds);
237 this->creds->add_username_password(this->creds, username, password);
238 memwipe(password, strlen(password));
239 free(password);
240
241 DESTROY_IF(this->service);
242 this->service = android_service_create(local, gateway, username);
243 }
244
245 /**
246 * Initialize/deinitialize Android backend
247 */
248 static bool charonservice_register(void *plugin, plugin_feature_t *feature,
249 bool reg, void *data)
250 {
251 private_charonservice_t *this = (private_charonservice_t*)charonservice;
252 if (reg)
253 {
254 lib->credmgr->add_set(lib->credmgr, &this->creds->set);
255 hydra->attributes->add_handler(hydra->attributes,
256 &this->attr->handler);
257 }
258 else
259 {
260 lib->credmgr->remove_set(lib->credmgr, &this->creds->set);
261 hydra->attributes->remove_handler(hydra->attributes,
262 &this->attr->handler);
263 if (this->service)
264 {
265 this->service->destroy(this->service);
266 this->service = NULL;
267 }
268 }
269 return TRUE;
270 }
271
272 /**
273 * Initialize the charonservice object
274 */
275 static void charonservice_init(JNIEnv *env, jobject service, jobject builder)
276 {
277 private_charonservice_t *this;
278 static plugin_feature_t features[] = {
279 PLUGIN_CALLBACK(kernel_net_register, kernel_android_net_create),
280 PLUGIN_PROVIDE(CUSTOM, "kernel-net"),
281 PLUGIN_CALLBACK(kernel_ipsec_register, kernel_android_ipsec_create),
282 PLUGIN_PROVIDE(CUSTOM, "kernel-ipsec"),
283 PLUGIN_CALLBACK((plugin_feature_callback_t)charonservice_register, NULL),
284 PLUGIN_PROVIDE(CUSTOM, "Android backend"),
285 PLUGIN_DEPENDS(CUSTOM, "libcharon"),
286 };
287
288 INIT(this,
289 .public = {
290 .update_status = _update_status,
291 .bypass_socket = _bypass_socket,
292 .get_trusted_certificates = _get_trusted_certificates,
293 .get_vpnservice_builder = _get_vpnservice_builder,
294 },
295 .attr = android_attr_create(),
296 .creds = android_creds_create(),
297 .builder = vpnservice_builder_create(builder),
298 .vpn_service = (*env)->NewGlobalRef(env, service),
299 );
300 charonservice = &this->public;
301
302 lib->plugins->add_static_features(lib->plugins, "androidbridge", features,
303 countof(features), TRUE);
304
305 lib->settings->set_int(lib->settings,
306 "charon.plugins.android_log.loglevel", ANDROID_DEBUG_LEVEL);
307 lib->settings->set_int(lib->settings,
308 "charon.retransmit_tries", ANDROID_RETRASNMIT_TRIES);
309 lib->settings->set_double(lib->settings,
310 "charon.retransmit_timeout", ANDROID_RETRANSMIT_TIMEOUT);
311 lib->settings->set_double(lib->settings,
312 "charon.retransmit_base", ANDROID_RETRANSMIT_BASE);
313 lib->settings->set_bool(lib->settings,
314 "charon.close_ike_on_child_failure", TRUE);
315 }
316
317 /**
318 * Deinitialize the charonservice object
319 */
320 static void charonservice_deinit(JNIEnv *env)
321 {
322 private_charonservice_t *this = (private_charonservice_t*)charonservice;
323
324 this->builder->destroy(this->builder);
325 this->creds->destroy(this->creds);
326 this->attr->destroy(this->attr);
327 (*env)->DeleteGlobalRef(env, this->vpn_service);
328 free(this);
329 charonservice = NULL;
330 }
331
332 /**
333 * Handle SIGSEGV/SIGILL signals raised by threads
334 */
335 static void segv_handler(int signal)
336 {
337 dbg_android(DBG_DMN, 1, "thread %u received %d", thread_current_id(),
338 signal);
339 exit(1);
340 }
341
342 /**
343 * Initialize charon and the libraries via JNI
344 */
345 JNI_METHOD(CharonVpnService, initializeCharon, void,
346 jobject builder)
347 {
348 struct sigaction action;
349
350 /* logging for library during initialization, as we have no bus yet */
351 dbg = dbg_android;
352
353 /* initialize library */
354 if (!library_init(NULL))
355 {
356 library_deinit();
357 return;
358 }
359
360 if (!libhydra_init("charon"))
361 {
362 libhydra_deinit();
363 library_deinit();
364 return;
365 }
366
367 if (!libipsec_init())
368 {
369 libipsec_deinit();
370 libhydra_deinit();
371 library_deinit();
372 return;
373 }
374
375 charonservice_init(env, this, builder);
376
377 if (!libcharon_init("charon") ||
378 !charon->initialize(charon, PLUGINS))
379 {
380 libcharon_deinit();
381 charonservice_deinit(env);
382 libipsec_deinit();
383 libhydra_deinit();
384 library_deinit();
385 return;
386 }
387
388 /* add handler for SEGV and ILL etc. */
389 action.sa_handler = segv_handler;
390 action.sa_flags = 0;
391 sigemptyset(&action.sa_mask);
392 sigaction(SIGSEGV, &action, NULL);
393 sigaction(SIGILL, &action, NULL);
394 sigaction(SIGBUS, &action, NULL);
395 action.sa_handler = SIG_IGN;
396 sigaction(SIGPIPE, &action, NULL);
397
398 /* start daemon (i.e. the threads in the thread-pool) */
399 charon->start(charon);
400 }
401
402 /**
403 * Deinitialize charon and all libraries
404 */
405 JNI_METHOD(CharonVpnService, deinitializeCharon, void)
406 {
407 libcharon_deinit();
408 charonservice_deinit(env);
409 libipsec_deinit();
410 libhydra_deinit();
411 library_deinit();
412 }
413
414 /**
415 * Convert a Java string to a C string. Memory is allocated.
416 */
417 static inline char *convert_jstring(JNIEnv *env, jstring jstr)
418 {
419 char *str;
420 jsize len;
421
422 len = (*env)->GetStringUTFLength(env, jstr);
423 str = malloc(len + 1);
424 (*env)->GetStringUTFRegion(env, jstr, 0, len, str);
425 str[len] = '\0';
426 return str;
427 }
428
429 /**
430 * Initiate SA
431 */
432 JNI_METHOD(CharonVpnService, initiate, void,
433 jstring jlocal_address, jstring jgateway, jstring jusername,
434 jstring jpassword)
435 {
436 char *local_address, *gateway, *username, *password;
437
438 local_address = convert_jstring(env, jlocal_address);
439 gateway = convert_jstring(env, jgateway);
440 username = convert_jstring(env, jusername);
441 password = convert_jstring(env, jpassword);
442
443 initiate(local_address, gateway, username, password);
444 }