projects / strongswan.git / blob
? search:


3fb49d475e71a1222f20f55fc4f8298a976875f5
[strongswan.git] / src / libcharon / daemon.c
1 /*
2 * Copyright (C) 2006-2010 Tobias Brunner
3 * Copyright (C) 2005-2009 Martin Willi
4 * Copyright (C) 2006 Daniel Roethlisberger
5 * Copyright (C) 2005 Jan Hutter
6 * Hochschule fuer Technik Rapperswil
7 *
8 * This program is free software; you can redistribute it and/or modify it
9 * under the terms of the GNU General Public License as published by the
10 * Free Software Foundation; either version 2 of the License, or (at your
11 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
12 *
13 * This program is distributed in the hope that it will be useful, but
14 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
15 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
16 * for more details.
17 */
18
19 #include <stdio.h>
20 #include <sys/types.h>
21 #include <unistd.h>
22 #include <time.h>
23
24 #ifdef CAPABILITIES
25 # ifdef HAVE_SYS_CAPABILITY_H
26 # include <sys/capability.h>
27 # elif defined(CAPABILITIES_NATIVE)
28 # include <linux/capability.h>
29 # endif /* CAPABILITIES_NATIVE */
30 #endif /* CAPABILITIES */
31
32 #include "daemon.h"
33
34 #include <library.h>
35 #include <plugins/plugin.h>
36 #include <config/proposal.h>
37 #include <kernel/kernel_handler.h>
38 #include <processing/jobs/start_action_job.h>
39
40 typedef struct private_daemon_t private_daemon_t;
41
42 /**
43 * Private additions to daemon_t, contains threads and internal functions.
44 */
45 struct private_daemon_t {
46 /**
47 * Public members of daemon_t.
48 */
49 daemon_t public;
50
51 /**
52 * Handler for kernel events
53 */
54 kernel_handler_t *kernel_handler;
55
56 /**
57 * capabilities to keep
58 */
59 #ifdef CAPABILITIES_LIBCAP
60 cap_t caps;
61 #endif /* CAPABILITIES_LIBCAP */
62 #ifdef CAPABILITIES_NATIVE
63 struct __user_cap_data_struct caps[2];
64 #endif /* CAPABILITIES_NATIVE */
65
66 };
67
68 /**
69 * One and only instance of the daemon.
70 */
71 daemon_t *charon;
72
73 /**
74 * hook in library for debugging messages
75 */
76 extern void (*dbg) (debug_t group, level_t level, char *fmt, ...);
77
78 /**
79 * we store the previous debug function so we can reset it
80 */
81 static void (*dbg_old) (debug_t group, level_t level, char *fmt, ...);
82
83 /**
84 * Logging hook for library logs, spreads debug message over bus
85 */
86 static void dbg_bus(debug_t group, level_t level, char *fmt, ...)
87 {
88 va_list args;
89
90 va_start(args, fmt);
91 charon->bus->vlog(charon->bus, group, level, fmt, args);
92 va_end(args);
93 }
94
95 /**
96 * Clean up all daemon resources
97 */
98 static void destroy(private_daemon_t *this)
99 {
100 /* terminate all idle threads */
101 lib->processor->set_threads(lib->processor, 0);
102
103 /* close all IKE_SAs */
104 if (this->public.ike_sa_manager)
105 {
106 this->public.ike_sa_manager->flush(this->public.ike_sa_manager);
107 }
108 if (this->public.traps)
109 {
110 this->public.traps->flush(this->public.traps);
111 }
112 DESTROY_IF(this->public.receiver);
113 DESTROY_IF(this->public.sender);
114 #ifdef ME
115 DESTROY_IF(this->public.connect_manager);
116 DESTROY_IF(this->public.mediation_manager);
117 #endif /* ME */
118 /* make sure the cache is clear before unloading plugins */
119 lib->credmgr->flush_cache(lib->credmgr, CERT_ANY);
120 /* unload plugins to release threads */
121 lib->plugins->unload(lib->plugins);
122 #ifdef CAPABILITIES_LIBCAP
123 cap_free(this->caps);
124 #endif /* CAPABILITIES_LIBCAP */
125 DESTROY_IF(this->kernel_handler);
126 DESTROY_IF(this->public.traps);
127 DESTROY_IF(this->public.shunts);
128 DESTROY_IF(this->public.ike_sa_manager);
129 DESTROY_IF(this->public.controller);
130 DESTROY_IF(this->public.eap);
131 DESTROY_IF(this->public.backends);
132 DESTROY_IF(this->public.socket);
133
134 /* rehook library logging, shutdown logging */
135 dbg = dbg_old;
136 DESTROY_IF(this->public.bus);
137 this->public.file_loggers->destroy_offset(this->public.file_loggers,
138 offsetof(file_logger_t, destroy));
139 this->public.sys_loggers->destroy_offset(this->public.sys_loggers,
140 offsetof(sys_logger_t, destroy));
141 free(this);
142 }
143
144 METHOD(daemon_t, keep_cap, void,
145 private_daemon_t *this, u_int cap)
146 {
147 #ifdef CAPABILITIES_LIBCAP
148 cap_set_flag(this->caps, CAP_EFFECTIVE, 1, &cap, CAP_SET);
149 cap_set_flag(this->caps, CAP_INHERITABLE, 1, &cap, CAP_SET);
150 cap_set_flag(this->caps, CAP_PERMITTED, 1, &cap, CAP_SET);
151 #endif /* CAPABILITIES_LIBCAP */
152 #ifdef CAPABILITIES_NATIVE
153 int i = 0;
154
155 if (cap >= 32)
156 {
157 i++;
158 cap -= 32;
159 }
160 this->caps[i].effective |= 1 << cap;
161 this->caps[i].permitted |= 1 << cap;
162 this->caps[i].inheritable |= 1 << cap;
163 #endif /* CAPABILITIES_NATIVE */
164 }
165
166 METHOD(daemon_t, drop_capabilities, bool,
167 private_daemon_t *this)
168 {
169 #ifdef CAPABILITIES_LIBCAP
170 if (cap_set_proc(this->caps) != 0)
171 {
172 return FALSE;
173 }
174 #endif /* CAPABILITIES_LIBCAP */
175 #ifdef CAPABILITIES_NATIVE
176 struct __user_cap_header_struct header = {
177 #if defined(_LINUX_CAPABILITY_VERSION_3)
178 .version = _LINUX_CAPABILITY_VERSION_3,
179 #elif defined(_LINUX_CAPABILITY_VERSION_2)
180 .version = _LINUX_CAPABILITY_VERSION_2,
181 #elif defined(_LINUX_CAPABILITY_VERSION_1)
182 .version = _LINUX_CAPABILITY_VERSION_1,
183 #else
184 .version = _LINUX_CAPABILITY_VERSION,
185 #endif
186 };
187 if (capset(&header, this->caps) != 0)
188 {
189 return FALSE;
190 }
191 #endif /* CAPABILITIES_NATIVE */
192 return TRUE;
193 }
194
195 METHOD(daemon_t, start, void,
196 private_daemon_t *this)
197 {
198 /* start the engine, go multithreaded */
199 lib->processor->set_threads(lib->processor,
200 lib->settings->get_int(lib->settings, "charon.threads",
201 DEFAULT_THREADS));
202 }
203
204 METHOD(daemon_t, initialize, bool,
205 private_daemon_t *this)
206 {
207 DBG1(DBG_DMN, "Starting IKEv2 charon daemon (strongSwan "VERSION")");
208
209 if (lib->integrity)
210 {
211 DBG1(DBG_DMN, "integrity tests enabled:");
212 DBG1(DBG_DMN, "lib 'libstrongswan': passed file and segment integrity tests");
213 DBG1(DBG_DMN, "lib 'libhydra': passed file and segment integrity tests");
214 DBG1(DBG_DMN, "lib 'libcharon': passed file and segment integrity tests");
215 DBG1(DBG_DMN, "daemon 'charon': passed file integrity test");
216 }
217
218 /* load plugins, further infrastructure may need it */
219 if (!lib->plugins->load(lib->plugins, NULL,
220 lib->settings->get_str(lib->settings, "charon.load", PLUGINS)))
221 {
222 return FALSE;
223 }
224 DBG1(DBG_DMN, "loaded plugins: %s",
225 lib->plugins->loaded_plugins(lib->plugins));
226
227 this->public.ike_sa_manager = ike_sa_manager_create();
228 if (this->public.ike_sa_manager == NULL)
229 {
230 return FALSE;
231 }
232 this->public.sender = sender_create();
233 this->public.receiver = receiver_create();
234 if (this->public.receiver == NULL)
235 {
236 return FALSE;
237 }
238
239 /* Queue start_action job */
240 lib->processor->queue_job(lib->processor, (job_t*)start_action_job_create());
241
242 #ifdef ME
243 this->public.connect_manager = connect_manager_create();
244 if (this->public.connect_manager == NULL)
245 {
246 return FALSE;
247 }
248 this->public.mediation_manager = mediation_manager_create();
249 #endif /* ME */
250
251 return TRUE;
252 }
253
254 /**
255 * Create the daemon.
256 */
257 private_daemon_t *daemon_create()
258 {
259 private_daemon_t *this;
260
261 INIT(this,
262 .public = {
263 .keep_cap = _keep_cap,
264 .drop_capabilities = _drop_capabilities,
265 .initialize = _initialize,
266 .start = _start,
267 .bus = bus_create(),
268 .file_loggers = linked_list_create(),
269 .sys_loggers = linked_list_create(),
270 },
271 );
272 charon = &this->public;
273 this->public.controller = controller_create();
274 this->public.eap = eap_manager_create();
275 this->public.backends = backend_manager_create();
276 this->public.socket = socket_manager_create();
277 this->public.traps = trap_manager_create();
278 this->public.shunts = shunt_manager_create();
279 this->kernel_handler = kernel_handler_create();
280
281 #ifdef CAPABILITIES
282 #ifdef CAPABILITIES_LIBCAP
283 this->caps = cap_init();
284 #endif /* CAPABILITIES_LIBCAP */
285 keep_cap(this, CAP_NET_ADMIN);
286 if (lib->leak_detective)
287 {
288 keep_cap(this, CAP_SYS_NICE);
289 }
290 #endif /* CAPABILITIES */
291
292 return this;
293 }
294
295 /**
296 * Described in header.
297 */
298 void libcharon_deinit()
299 {
300 destroy((private_daemon_t*)charon);
301 charon = NULL;
302 }
303
304 /**
305 * Described in header.
306 */
307 bool libcharon_init()
308 {
309 daemon_create();
310
311 /* for uncritical pseudo random numbers */
312 srandom(time(NULL) + getpid());
313
314 /* set up hook to log dbg message in library via charons message bus */
315 dbg_old = dbg;
316 dbg = dbg_bus;
317
318 lib->printf_hook->add_handler(lib->printf_hook, 'P',
319 proposal_printf_hook,
320 PRINTF_HOOK_ARGTYPE_POINTER,
321 PRINTF_HOOK_ARGTYPE_END);
322
323 if (lib->integrity &&
324 !lib->integrity->check(lib->integrity, "libcharon", libcharon_init))
325 {
326 dbg(DBG_DMN, 1, "integrity check of libcharon failed");
327 return FALSE;
328 }
329
330 return TRUE;
331 }
strongSwan - IPsec VPN