projects / strongswan.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Refer to scheduler and processor via lib and not hydra.
[strongswan.git] / src / libcharon / daemon.c
1 /*
2 * Copyright (C) 2006-2010 Tobias Brunner
3 * Copyright (C) 2005-2009 Martin Willi
4 * Copyright (C) 2006 Daniel Roethlisberger
5 * Copyright (C) 2005 Jan Hutter
6 * Hochschule fuer Technik Rapperswil
7 *
8 * This program is free software; you can redistribute it and/or modify it
9 * under the terms of the GNU General Public License as published by the
10 * Free Software Foundation; either version 2 of the License, or (at your
11 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
12 *
13 * This program is distributed in the hope that it will be useful, but
14 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
15 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
16 * for more details.
17 */
18
19 #include <stdio.h>
20 #include <sys/types.h>
21 #include <unistd.h>
22 #include <syslog.h>
23 #include <time.h>
24 #include <errno.h>
25
26 #ifdef CAPABILITIES
27 #ifdef HAVE_SYS_CAPABILITY_H
28 #include <sys/capability.h>
29 #endif /* HAVE_SYS_CAPABILITY_H */
30 #endif /* CAPABILITIES */
31
32 #include "daemon.h"
33
34 #include <library.h>
35 #include <config/proposal.h>
36 #include <kernel/kernel_handler.h>
37
38 #ifndef LOG_AUTHPRIV /* not defined on OpenSolaris */
39 #define LOG_AUTHPRIV LOG_AUTH
40 #endif
41
42 typedef struct private_daemon_t private_daemon_t;
43
44 /**
45 * Private additions to daemon_t, contains threads and internal functions.
46 */
47 struct private_daemon_t {
48 /**
49 * Public members of daemon_t.
50 */
51 daemon_t public;
52
53 /**
54 * Handler for kernel events
55 */
56 kernel_handler_t *kernel_handler;
57
58 /**
59 * capabilities to keep
60 */
61 #ifdef CAPABILITIES_LIBCAP
62 cap_t caps;
63 #endif /* CAPABILITIES_LIBCAP */
64 #ifdef CAPABILITIES_NATIVE
65 struct __user_cap_data_struct caps;
66 #endif /* CAPABILITIES_NATIVE */
67
68 };
69
70 /**
71 * One and only instance of the daemon.
72 */
73 daemon_t *charon;
74
75 /**
76 * hook in library for debugging messages
77 */
78 extern void (*dbg) (debug_t group, level_t level, char *fmt, ...);
79
80 /**
81 * we store the previous debug function so we can reset it
82 */
83 static void (*dbg_old) (debug_t group, level_t level, char *fmt, ...);
84
85 /**
86 * Logging hook for library logs, spreads debug message over bus
87 */
88 static void dbg_bus(debug_t group, level_t level, char *fmt, ...)
89 {
90 va_list args;
91
92 va_start(args, fmt);
93 charon->bus->vlog(charon->bus, group, level, fmt, args);
94 va_end(args);
95 }
96
97 /**
98 * Clean up all daemon resources
99 */
100 static void destroy(private_daemon_t *this)
101 {
102 /* terminate all idle threads */
103 lib->processor->set_threads(lib->processor, 0);
104
105 /* close all IKE_SAs */
106 if (this->public.ike_sa_manager)
107 {
108 this->public.ike_sa_manager->flush(this->public.ike_sa_manager);
109 }
110 DESTROY_IF(this->public.receiver);
111 DESTROY_IF(this->public.sender);
112 /* unload plugins to release threads */
113 lib->plugins->unload(lib->plugins);
114 #ifdef CAPABILITIES_LIBCAP
115 cap_free(this->caps);
116 #endif /* CAPABILITIES_LIBCAP */
117 DESTROY_IF(this->kernel_handler);
118 DESTROY_IF(this->public.traps);
119 DESTROY_IF(this->public.ike_sa_manager);
120 DESTROY_IF(this->public.controller);
121 DESTROY_IF(this->public.eap);
122 DESTROY_IF(this->public.sim);
123 #ifdef ME
124 DESTROY_IF(this->public.connect_manager);
125 DESTROY_IF(this->public.mediation_manager);
126 #endif /* ME */
127 DESTROY_IF(this->public.backends);
128 DESTROY_IF(this->public.socket);
129
130 /* rehook library logging, shutdown logging */
131 dbg = dbg_old;
132 DESTROY_IF(this->public.bus);
133 this->public.file_loggers->destroy_offset(this->public.file_loggers,
134 offsetof(file_logger_t, destroy));
135 this->public.sys_loggers->destroy_offset(this->public.sys_loggers,
136 offsetof(sys_logger_t, destroy));
137 free(this);
138 }
139
140 METHOD(daemon_t, keep_cap, void,
141 private_daemon_t *this, u_int cap)
142 {
143 #ifdef CAPABILITIES_LIBCAP
144 cap_set_flag(this->caps, CAP_EFFECTIVE, 1, &cap, CAP_SET);
145 cap_set_flag(this->caps, CAP_INHERITABLE, 1, &cap, CAP_SET);
146 cap_set_flag(this->caps, CAP_PERMITTED, 1, &cap, CAP_SET);
147 #endif /* CAPABILITIES_LIBCAP */
148 #ifdef CAPABILITIES_NATIVE
149 this->caps.effective |= 1 << cap;
150 this->caps.permitted |= 1 << cap;
151 this->caps.inheritable |= 1 << cap;
152 #endif /* CAPABILITIES_NATIVE */
153 }
154
155 METHOD(daemon_t, drop_capabilities, bool,
156 private_daemon_t *this)
157 {
158 #ifdef CAPABILITIES_LIBCAP
159 if (cap_set_proc(this->caps) != 0)
160 {
161 return FALSE;
162 }
163 #endif /* CAPABILITIES_LIBCAP */
164 #ifdef CAPABILITIES_NATIVE
165 struct __user_cap_header_struct header = {
166 .version = _LINUX_CAPABILITY_VERSION,
167 };
168 if (capset(&header, &this->caps) != 0)
169 {
170 return FALSE;
171 }
172 #endif /* CAPABILITIES_NATIVE */
173 return TRUE;
174 }
175
176 METHOD(daemon_t, start, void,
177 private_daemon_t *this)
178 {
179 /* start the engine, go multithreaded */
180 lib->processor->set_threads(lib->processor,
181 lib->settings->get_int(lib->settings, "charon.threads",
182 DEFAULT_THREADS));
183 }
184
185 /**
186 * Log loaded plugins
187 */
188 static void print_plugins()
189 {
190 char buf[512], *plugin;
191 int len = 0;
192 enumerator_t *enumerator;
193
194 buf[0] = '\0';
195 enumerator = lib->plugins->create_plugin_enumerator(lib->plugins);
196 while (len < sizeof(buf) && enumerator->enumerate(enumerator, &plugin))
197 {
198 len += snprintf(&buf[len], sizeof(buf)-len, "%s ", plugin);
199 }
200 enumerator->destroy(enumerator);
201 DBG1(DBG_DMN, "loaded plugins: %s", buf);
202 }
203
204 /**
205 * Initialize logging
206 */
207 static void initialize_loggers(private_daemon_t *this, bool use_stderr,
208 level_t levels[])
209 {
210 sys_logger_t *sys_logger;
211 file_logger_t *file_logger;
212 enumerator_t *enumerator;
213 char *facility, *filename;
214 int loggers_defined = 0;
215 debug_t group;
216 level_t def;
217 bool append, ike_name;
218 FILE *file;
219
220 /* setup sysloggers */
221 enumerator = lib->settings->create_section_enumerator(lib->settings,
222 "charon.syslog");
223 while (enumerator->enumerate(enumerator, &facility))
224 {
225 loggers_defined++;
226
227 ike_name = lib->settings->get_bool(lib->settings,
228 "charon.syslog.%s.ike_name", FALSE, facility);
229 if (streq(facility, "daemon"))
230 {
231 sys_logger = sys_logger_create(LOG_DAEMON, ike_name);
232 }
233 else if (streq(facility, "auth"))
234 {
235 sys_logger = sys_logger_create(LOG_AUTHPRIV, ike_name);
236 }
237 else
238 {
239 continue;
240 }
241 def = lib->settings->get_int(lib->settings,
242 "charon.syslog.%s.default", 1, facility);
243 for (group = 0; group < DBG_MAX; group++)
244 {
245 sys_logger->set_level(sys_logger, group,
246 lib->settings->get_int(lib->settings,
247 "charon.syslog.%s.%N", def,
248 facility, debug_lower_names, group));
249 }
250 this->public.sys_loggers->insert_last(this->public.sys_loggers,
251 sys_logger);
252 this->public.bus->add_listener(this->public.bus, &sys_logger->listener);
253 }
254 enumerator->destroy(enumerator);
255
256 /* and file loggers */
257 enumerator = lib->settings->create_section_enumerator(lib->settings,
258 "charon.filelog");
259 while (enumerator->enumerate(enumerator, &filename))
260 {
261 loggers_defined++;
262 if (streq(filename, "stderr"))
263 {
264 file = stderr;
265 }
266 else if (streq(filename, "stdout"))
267 {
268 file = stdout;
269 }
270 else
271 {
272 append = lib->settings->get_bool(lib->settings,
273 "charon.filelog.%s.append", TRUE, filename);
274 file = fopen(filename, append ? "a" : "w");
275 if (file == NULL)
276 {
277 DBG1(DBG_DMN, "opening file %s for logging failed: %s",
278 filename, strerror(errno));
279 continue;
280 }
281 if (lib->settings->get_bool(lib->settings,
282 "charon.filelog.%s.flush_line", FALSE, filename))
283 {
284 setlinebuf(file);
285 }
286 }
287 file_logger = file_logger_create(file,
288 lib->settings->get_str(lib->settings,
289 "charon.filelog.%s.time_format", NULL, filename),
290 lib->settings->get_bool(lib->settings,
291 "charon.filelog.%s.ike_name", FALSE, filename));
292 def = lib->settings->get_int(lib->settings,
293 "charon.filelog.%s.default", 1, filename);
294 for (group = 0; group < DBG_MAX; group++)
295 {
296 file_logger->set_level(file_logger, group,
297 lib->settings->get_int(lib->settings,
298 "charon.filelog.%s.%N", def,
299 filename, debug_lower_names, group));
300 }
301 this->public.file_loggers->insert_last(this->public.file_loggers,
302 file_logger);
303 this->public.bus->add_listener(this->public.bus, &file_logger->listener);
304
305 }
306 enumerator->destroy(enumerator);
307
308 /* set up legacy style default loggers provided via command-line */
309 if (!loggers_defined)
310 {
311 /* set up default stdout file_logger */
312 file_logger = file_logger_create(stdout, NULL, FALSE);
313 this->public.bus->add_listener(this->public.bus, &file_logger->listener);
314 this->public.file_loggers->insert_last(this->public.file_loggers,
315 file_logger);
316 /* set up default daemon sys_logger */
317 sys_logger = sys_logger_create(LOG_DAEMON, FALSE);
318 this->public.bus->add_listener(this->public.bus, &sys_logger->listener);
319 this->public.sys_loggers->insert_last(this->public.sys_loggers,
320 sys_logger);
321 for (group = 0; group < DBG_MAX; group++)
322 {
323 sys_logger->set_level(sys_logger, group, levels[group]);
324 if (use_stderr)
325 {
326 file_logger->set_level(file_logger, group, levels[group]);
327 }
328 }
329
330 /* set up default auth sys_logger */
331 sys_logger = sys_logger_create(LOG_AUTHPRIV, FALSE);
332 this->public.bus->add_listener(this->public.bus, &sys_logger->listener);
333 this->public.sys_loggers->insert_last(this->public.sys_loggers,
334 sys_logger);
335 sys_logger->set_level(sys_logger, DBG_ANY, LEVEL_AUDIT);
336 }
337 }
338
339 METHOD(daemon_t, initialize, bool,
340 private_daemon_t *this, bool syslog, level_t levels[])
341 {
342 /* for uncritical pseudo random numbers */
343 srandom(time(NULL) + getpid());
344
345 /* setup bus and it's listeners first to enable log output */
346 this->public.bus = bus_create();
347 /* set up hook to log dbg message in library via charons message bus */
348 dbg_old = dbg;
349 dbg = dbg_bus;
350
351 initialize_loggers(this, !syslog, levels);
352
353 DBG1(DBG_DMN, "Starting IKEv2 charon daemon (strongSwan "VERSION")");
354
355 if (lib->integrity)
356 {
357 DBG1(DBG_DMN, "integrity tests enabled:");
358 DBG1(DBG_DMN, "lib 'libstrongswan': passed file and segment integrity tests");
359 DBG1(DBG_DMN, "lib 'libhydra': passed file and segment integrity tests");
360 DBG1(DBG_DMN, "lib 'libcharon': passed file and segment integrity tests");
361 DBG1(DBG_DMN, "daemon 'charon': passed file integrity test");
362 }
363
364 /* load secrets, ca certificates and crls */
365 this->public.controller = controller_create();
366 this->public.eap = eap_manager_create();
367 this->public.sim = sim_manager_create();
368 this->public.backends = backend_manager_create();
369 this->public.socket = socket_manager_create();
370 this->public.traps = trap_manager_create();
371 this->kernel_handler = kernel_handler_create();
372
373 /* load plugins, further infrastructure may need it */
374 if (!lib->plugins->load(lib->plugins, NULL,
375 lib->settings->get_str(lib->settings, "charon.load", PLUGINS)))
376 {
377 return FALSE;
378 }
379
380 print_plugins();
381
382 this->public.ike_sa_manager = ike_sa_manager_create();
383 if (this->public.ike_sa_manager == NULL)
384 {
385 return FALSE;
386 }
387 this->public.sender = sender_create();
388 this->public.receiver = receiver_create();
389 if (this->public.receiver == NULL)
390 {
391 return FALSE;
392 }
393
394 #ifdef ME
395 this->public.connect_manager = connect_manager_create();
396 if (this->public.connect_manager == NULL)
397 {
398 return FALSE;
399 }
400 this->public.mediation_manager = mediation_manager_create();
401 #endif /* ME */
402
403 return TRUE;
404 }
405
406 /**
407 * Create the daemon.
408 */
409 private_daemon_t *daemon_create()
410 {
411 private_daemon_t *this;
412
413 INIT(this,
414 .public = {
415 .keep_cap = _keep_cap,
416 .drop_capabilities = _drop_capabilities,
417 .initialize = _initialize,
418 .start = _start,
419 .file_loggers = linked_list_create(),
420 .sys_loggers = linked_list_create(),
421 },
422 );
423
424 #ifdef CAPABILITIES
425 #ifdef CAPABILITIES_LIBCAP
426 this->caps = cap_init();
427 #endif /* CAPABILITIES_LIBCAP */
428 keep_cap(this, CAP_NET_ADMIN);
429 if (lib->leak_detective)
430 {
431 keep_cap(this, CAP_SYS_NICE);
432 }
433 #endif /* CAPABILITIES */
434
435 return this;
436 }
437
438 /**
439 * Described in header.
440 */
441 void libcharon_deinit()
442 {
443
444 destroy((private_daemon_t*)charon);
445 charon = NULL;
446 }
447
448 /**
449 * Described in header.
450 */
451 bool libcharon_init()
452 {
453 private_daemon_t *this;
454
455 this = daemon_create();
456 charon = &this->public;
457
458 lib->printf_hook->add_handler(lib->printf_hook, 'P',
459 proposal_printf_hook,
460 PRINTF_HOOK_ARGTYPE_POINTER,
461 PRINTF_HOOK_ARGTYPE_END);
462
463 if (lib->integrity &&
464 !lib->integrity->check(lib->integrity, "libcharon", libcharon_init))
465 {
466 dbg(DBG_DMN, 1, "integrity check of libcharon failed");
467 return FALSE;
468 }
469
470 return TRUE;
471 }
strongSwan - IPsec VPN