libcharon: Publish IKE_SA/CHILD_SA managers as custom plugin feature
[strongswan.git] / src / libcharon / daemon.c
1 /*
2 * Copyright (C) 2006-2015 Tobias Brunner
3 * Copyright (C) 2005-2009 Martin Willi
4 * Copyright (C) 2006 Daniel Roethlisberger
5 * Copyright (C) 2005 Jan Hutter
6 * Hochschule fuer Technik Rapperswil
7 *
8 * This program is free software; you can redistribute it and/or modify it
9 * under the terms of the GNU General Public License as published by the
10 * Free Software Foundation; either version 2 of the License, or (at your
11 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
12 *
13 * This program is distributed in the hope that it will be useful, but
14 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
15 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
16 * for more details.
17 */
18
19 #include <stdio.h>
20 #include <sys/types.h>
21 #include <unistd.h>
22 #include <time.h>
23 #include <errno.h>
24
25 #ifdef HAVE_SYSLOG
26 #include <syslog.h>
27 #endif
28
29 #include "daemon.h"
30
31 #include <library.h>
32 #include <bus/listeners/sys_logger.h>
33 #include <bus/listeners/file_logger.h>
34 #include <config/proposal.h>
35 #include <plugins/plugin_feature.h>
36 #include <kernel/kernel_handler.h>
37 #include <processing/jobs/start_action_job.h>
38 #include <threading/mutex.h>
39
40 #ifndef LOG_AUTHPRIV /* not defined on OpenSolaris */
41 #define LOG_AUTHPRIV LOG_AUTH
42 #endif
43
44 typedef struct private_daemon_t private_daemon_t;
45
46 /**
47 * Private additions to daemon_t, contains threads and internal functions.
48 */
49 struct private_daemon_t {
50 /**
51 * Public members of daemon_t.
52 */
53 daemon_t public;
54
55 /**
56 * Handler for kernel events
57 */
58 kernel_handler_t *kernel_handler;
59
60 /**
61 * A list of installed loggers (as logger_entry_t*)
62 */
63 linked_list_t *loggers;
64
65 /**
66 * Identifier used for syslog (in the openlog call)
67 */
68 char *syslog_identifier;
69
70 /**
71 * Mutex for configured loggers
72 */
73 mutex_t *mutex;
74
75 /**
76 * Integrity check failed?
77 */
78 bool integrity_failed;
79
80 /**
81 * Number of times we have been initialized
82 */
83 refcount_t ref;
84 };
85
86 /**
87 * One and only instance of the daemon.
88 */
89 daemon_t *charon;
90
91 /**
92 * hook in library for debugging messages
93 */
94 extern void (*dbg) (debug_t group, level_t level, char *fmt, ...);
95
96 /**
97 * we store the previous debug function so we can reset it
98 */
99 static void (*dbg_old) (debug_t group, level_t level, char *fmt, ...);
100
101 /**
102 * Logging hook for library logs, spreads debug message over bus
103 */
104 static void dbg_bus(debug_t group, level_t level, char *fmt, ...)
105 {
106 va_list args;
107
108 va_start(args, fmt);
109 charon->bus->vlog(charon->bus, group, level, fmt, args);
110 va_end(args);
111 }
112
113 /**
114 * Some metadata about configured loggers
115 */
116 typedef struct {
117 /**
118 * Target of the logger (syslog facility or filename)
119 */
120 char *target;
121
122 /**
123 * TRUE if this is a file logger
124 */
125 bool file;
126
127 /**
128 * The actual logger
129 */
130 union {
131 sys_logger_t *sys;
132 file_logger_t *file;
133 } logger;
134
135 } logger_entry_t;
136
137 /**
138 * Destroy a logger entry
139 */
140 static void logger_entry_destroy(logger_entry_t *this)
141 {
142 if (this->file)
143 {
144 DESTROY_IF(this->logger.file);
145 }
146 else
147 {
148 DESTROY_IF(this->logger.sys);
149 }
150 free(this->target);
151 free(this);
152 }
153
154 /**
155 * Unregister and destroy a logger entry
156 */
157 static void logger_entry_unregister_destroy(logger_entry_t *this)
158 {
159 if (this->file)
160 {
161 charon->bus->remove_logger(charon->bus, &this->logger.file->logger);
162 }
163 else
164 {
165 charon->bus->remove_logger(charon->bus, &this->logger.sys->logger);
166 }
167 logger_entry_destroy(this);
168 }
169
170 /**
171 * Match a logger entry by target and whether it is a file or syslog logger
172 */
173 static bool logger_entry_match(logger_entry_t *this, char *target, bool *file)
174 {
175 return this->file == *file && streq(this->target, target);
176 }
177
178 /**
179 * Handle configured syslog identifier
180 *
181 * mutex must be locked when calling this function
182 */
183 static void handle_syslog_identifier(private_daemon_t *this)
184 {
185 #ifdef HAVE_SYSLOG
186 char *identifier;
187
188 identifier = lib->settings->get_str(lib->settings, "%s.syslog.identifier",
189 NULL, lib->ns);
190 if (identifier)
191 { /* set identifier, which is prepended to each log line */
192 if (!this->syslog_identifier ||
193 !streq(identifier, this->syslog_identifier))
194 {
195 closelog();
196 this->syslog_identifier = identifier;
197 openlog(this->syslog_identifier, 0, 0);
198 }
199 }
200 else if (this->syslog_identifier)
201 {
202 closelog();
203 this->syslog_identifier = NULL;
204 }
205 #endif /* HAVE_SYSLOG */
206 }
207
208 /**
209 * Convert the given string into a syslog facility, returns -1 if the facility
210 * is not supported
211 */
212 static int get_syslog_facility(char *facility)
213 {
214 #ifdef HAVE_SYSLOG
215 if (streq(facility, "daemon"))
216 {
217 return LOG_DAEMON;
218 }
219 else if (streq(facility, "auth"))
220 {
221 return LOG_AUTHPRIV;
222 }
223 #endif /* HAVE_SYSLOG */
224 return -1;
225 }
226
227 /**
228 * Returns an existing or newly created logger entry (if found, it is removed
229 * from the given linked list of existing loggers)
230 */
231 static logger_entry_t *get_logger_entry(char *target, bool is_file_logger,
232 linked_list_t *existing)
233 {
234 logger_entry_t *entry;
235
236 if (existing->find_first(existing, (void*)logger_entry_match,
237 (void**)&entry, target, &is_file_logger) != SUCCESS)
238 {
239 INIT(entry,
240 .target = strdup(target),
241 .file = is_file_logger,
242 );
243 if (is_file_logger)
244 {
245 entry->logger.file = file_logger_create(target);
246 }
247 #ifdef HAVE_SYSLOG
248 else
249 {
250 entry->logger.sys = sys_logger_create(get_syslog_facility(target));
251 }
252 #endif /* HAVE_SYSLOG */
253 }
254 else
255 {
256 existing->remove(existing, entry, NULL);
257 }
258 return entry;
259 }
260
261 /**
262 * Create or reuse a syslog logger
263 */
264 static sys_logger_t *add_sys_logger(private_daemon_t *this, char *facility,
265 linked_list_t *current_loggers)
266 {
267 logger_entry_t *entry;
268
269 entry = get_logger_entry(facility, FALSE, current_loggers);
270 this->loggers->insert_last(this->loggers, entry);
271 return entry->logger.sys;
272 }
273
274 /**
275 * Create or reuse a file logger
276 */
277 static file_logger_t *add_file_logger(private_daemon_t *this, char *filename,
278 linked_list_t *current_loggers)
279 {
280 logger_entry_t *entry;
281
282 entry = get_logger_entry(filename, TRUE, current_loggers);
283 this->loggers->insert_last(this->loggers, entry);
284 return entry->logger.file;
285 }
286
287 /**
288 * Load the given syslog logger configured in strongswan.conf
289 */
290 static void load_sys_logger(private_daemon_t *this, char *facility,
291 linked_list_t *current_loggers)
292 {
293 sys_logger_t *sys_logger;
294 debug_t group;
295 level_t def;
296
297 if (get_syslog_facility(facility) == -1)
298 {
299 return;
300 }
301
302 sys_logger = add_sys_logger(this, facility, current_loggers);
303 sys_logger->set_options(sys_logger,
304 lib->settings->get_bool(lib->settings, "%s.syslog.%s.ike_name",
305 FALSE, lib->ns, facility));
306
307 def = lib->settings->get_int(lib->settings, "%s.syslog.%s.default", 1,
308 lib->ns, facility);
309 for (group = 0; group < DBG_MAX; group++)
310 {
311 sys_logger->set_level(sys_logger, group,
312 lib->settings->get_int(lib->settings, "%s.syslog.%s.%N", def,
313 lib->ns, facility, debug_lower_names, group));
314 }
315 charon->bus->add_logger(charon->bus, &sys_logger->logger);
316 }
317
318 /**
319 * Load the given file logger configured in strongswan.conf
320 */
321 static void load_file_logger(private_daemon_t *this, char *filename,
322 linked_list_t *current_loggers)
323 {
324 file_logger_t *file_logger;
325 debug_t group;
326 level_t def;
327 bool add_ms, ike_name, flush_line, append;
328 char *time_format;
329
330 time_format = lib->settings->get_str(lib->settings,
331 "%s.filelog.%s.time_format", NULL, lib->ns, filename);
332 add_ms = lib->settings->get_bool(lib->settings,
333 "%s.filelog.%s.time_add_ms", FALSE, lib->ns, filename);
334 ike_name = lib->settings->get_bool(lib->settings,
335 "%s.filelog.%s.ike_name", FALSE, lib->ns, filename);
336 flush_line = lib->settings->get_bool(lib->settings,
337 "%s.filelog.%s.flush_line", FALSE, lib->ns, filename);
338 append = lib->settings->get_bool(lib->settings,
339 "%s.filelog.%s.append", TRUE, lib->ns, filename);
340
341 file_logger = add_file_logger(this, filename, current_loggers);
342 file_logger->set_options(file_logger, time_format, add_ms, ike_name);
343 file_logger->open(file_logger, flush_line, append);
344
345 def = lib->settings->get_int(lib->settings, "%s.filelog.%s.default", 1,
346 lib->ns, filename);
347 for (group = 0; group < DBG_MAX; group++)
348 {
349 file_logger->set_level(file_logger, group,
350 lib->settings->get_int(lib->settings, "%s.filelog.%s.%N", def,
351 lib->ns, filename, debug_lower_names, group));
352 }
353 charon->bus->add_logger(charon->bus, &file_logger->logger);
354 }
355
356 METHOD(daemon_t, load_loggers, void,
357 private_daemon_t *this, level_t levels[DBG_MAX], bool to_stderr)
358 {
359 enumerator_t *enumerator;
360 linked_list_t *current_loggers;
361 char *target;
362
363 this->mutex->lock(this->mutex);
364 handle_syslog_identifier(this);
365 current_loggers = this->loggers;
366 this->loggers = linked_list_create();
367 enumerator = lib->settings->create_section_enumerator(lib->settings,
368 "%s.syslog", lib->ns);
369 while (enumerator->enumerate(enumerator, &target))
370 {
371 load_sys_logger(this, target, current_loggers);
372 }
373 enumerator->destroy(enumerator);
374
375 enumerator = lib->settings->create_section_enumerator(lib->settings,
376 "%s.filelog", lib->ns);
377 while (enumerator->enumerate(enumerator, &target))
378 {
379 load_file_logger(this, target, current_loggers);
380 }
381 enumerator->destroy(enumerator);
382
383 if (!this->loggers->get_count(this->loggers) && levels)
384 { /* setup legacy style default loggers configured via command-line */
385 file_logger_t *file_logger;
386 sys_logger_t *sys_logger;
387 debug_t group;
388
389 sys_logger = add_sys_logger(this, "daemon", current_loggers);
390 file_logger = add_file_logger(this, "stdout", current_loggers);
391 file_logger->open(file_logger, FALSE, FALSE);
392
393 for (group = 0; group < DBG_MAX; group++)
394 {
395 if (sys_logger)
396 {
397 sys_logger->set_level(sys_logger, group, levels[group]);
398 }
399 if (to_stderr)
400 {
401 file_logger->set_level(file_logger, group, levels[group]);
402 }
403 }
404 if (sys_logger)
405 {
406 charon->bus->add_logger(charon->bus, &sys_logger->logger);
407 }
408 charon->bus->add_logger(charon->bus, &file_logger->logger);
409
410 sys_logger = add_sys_logger(this, "auth", current_loggers);
411 if (sys_logger)
412 {
413 sys_logger->set_level(sys_logger, DBG_ANY, LEVEL_AUDIT);
414 charon->bus->add_logger(charon->bus, &sys_logger->logger);
415 }
416 }
417 /* unregister and destroy any unused remaining loggers */
418 current_loggers->destroy_function(current_loggers,
419 (void*)logger_entry_unregister_destroy);
420 this->mutex->unlock(this->mutex);
421 }
422
423 METHOD(daemon_t, set_level, void,
424 private_daemon_t *this, debug_t group, level_t level)
425 {
426 enumerator_t *enumerator;
427 logger_entry_t *entry;
428
429 /* we set the loglevel on ALL sys- and file-loggers */
430 this->mutex->lock(this->mutex);
431 enumerator = this->loggers->create_enumerator(this->loggers);
432 while (enumerator->enumerate(enumerator, &entry))
433 {
434 if (entry->file)
435 {
436 entry->logger.file->set_level(entry->logger.file, group, level);
437 charon->bus->add_logger(charon->bus, &entry->logger.file->logger);
438 }
439 else
440 {
441 entry->logger.sys->set_level(entry->logger.sys, group, level);
442 charon->bus->add_logger(charon->bus, &entry->logger.sys->logger);
443 }
444 }
445 enumerator->destroy(enumerator);
446 this->mutex->unlock(this->mutex);
447 }
448
449 /**
450 * Clean up all daemon resources
451 */
452 static void destroy(private_daemon_t *this)
453 {
454 /* terminate all idle threads */
455 lib->processor->set_threads(lib->processor, 0);
456 /* make sure nobody waits for a DNS query */
457 lib->hosts->flush(lib->hosts);
458 /* close all IKE_SAs */
459 if (this->public.ike_sa_manager)
460 {
461 this->public.ike_sa_manager->flush(this->public.ike_sa_manager);
462 }
463 if (this->public.traps)
464 {
465 this->public.traps->flush(this->public.traps);
466 }
467 if (this->public.shunts)
468 {
469 this->public.shunts->flush(this->public.shunts);
470 }
471 if (this->public.sender)
472 {
473 this->public.sender->flush(this->public.sender);
474 }
475
476 /* cancel all threads and wait for their termination */
477 lib->processor->cancel(lib->processor);
478
479 #ifdef ME
480 DESTROY_IF(this->public.connect_manager);
481 DESTROY_IF(this->public.mediation_manager);
482 #endif /* ME */
483 /* make sure the cache and scheduler are clear before unloading plugins */
484 lib->credmgr->flush_cache(lib->credmgr, CERT_ANY);
485 lib->scheduler->flush(lib->scheduler);
486 lib->plugins->unload(lib->plugins);
487 DESTROY_IF(this->public.attributes);
488 DESTROY_IF(this->kernel_handler);
489 DESTROY_IF(this->public.traps);
490 DESTROY_IF(this->public.shunts);
491 DESTROY_IF(this->public.controller);
492 DESTROY_IF(this->public.eap);
493 DESTROY_IF(this->public.xauth);
494 DESTROY_IF(this->public.backends);
495 DESTROY_IF(this->public.socket);
496
497 /* rehook library logging, shutdown logging */
498 dbg = dbg_old;
499 DESTROY_IF(this->public.bus);
500 this->loggers->destroy_function(this->loggers, (void*)logger_entry_destroy);
501 this->mutex->destroy(this->mutex);
502 free(this);
503 }
504
505 /**
506 * Run a set of configured scripts
507 */
508 static void run_scripts(private_daemon_t *this, char *verb)
509 {
510 enumerator_t *enumerator;
511 char *key, *value, *pos, buf[1024];
512 FILE *cmd;
513
514 enumerator = lib->settings->create_key_value_enumerator(lib->settings,
515 "%s.%s-scripts", lib->ns, verb);
516 while (enumerator->enumerate(enumerator, &key, &value))
517 {
518 DBG1(DBG_DMN, "executing %s script '%s' (%s):", verb, key, value);
519 cmd = popen(value, "r");
520 if (!cmd)
521 {
522 DBG1(DBG_DMN, "executing %s script '%s' (%s) failed: %s",
523 verb, key, value, strerror(errno));
524 continue;
525 }
526 while (TRUE)
527 {
528 if (!fgets(buf, sizeof(buf), cmd))
529 {
530 if (ferror(cmd))
531 {
532 DBG1(DBG_DMN, "reading from %s script '%s' (%s) failed",
533 verb, key, value);
534 }
535 break;
536 }
537 else
538 {
539 pos = buf + strlen(buf);
540 if (pos > buf && pos[-1] == '\n')
541 {
542 pos[-1] = '\0';
543 }
544 DBG1(DBG_DMN, "%s: %s", key, buf);
545 }
546 }
547 pclose(cmd);
548 }
549 enumerator->destroy(enumerator);
550 }
551
552 METHOD(daemon_t, start, void,
553 private_daemon_t *this)
554 {
555 /* start the engine, go multithreaded */
556 lib->processor->set_threads(lib->processor,
557 lib->settings->get_int(lib->settings, "%s.threads",
558 DEFAULT_THREADS, lib->ns));
559
560 run_scripts(this, "start");
561 }
562
563 /**
564 * Initialize/deinitialize sender and receiver
565 */
566 static bool sender_receiver_cb(void *plugin, plugin_feature_t *feature,
567 bool reg, private_daemon_t *this)
568 {
569 if (reg)
570 {
571 this->public.receiver = receiver_create();
572 if (!this->public.receiver)
573 {
574 return FALSE;
575 }
576 this->public.sender = sender_create();
577 }
578 else
579 {
580 DESTROY_IF(this->public.receiver);
581 DESTROY_IF(this->public.sender);
582 }
583 return TRUE;
584 }
585
586 /**
587 * Initialize/deinitialize IKE_SA/CHILD_SA managers
588 */
589 static bool sa_managers_cb(void *plugin, plugin_feature_t *feature,
590 bool reg, private_daemon_t *this)
591 {
592 if (reg)
593 {
594 this->public.ike_sa_manager = ike_sa_manager_create();
595 if (!this->public.ike_sa_manager)
596 {
597 return FALSE;
598 }
599 this->public.child_sa_manager = child_sa_manager_create();
600 }
601 else
602 {
603 DESTROY_IF(this->public.ike_sa_manager);
604 DESTROY_IF(this->public.child_sa_manager);
605 }
606 return TRUE;
607 }
608
609 METHOD(daemon_t, initialize, bool,
610 private_daemon_t *this, char *plugins)
611 {
612 plugin_feature_t features[] = {
613 PLUGIN_PROVIDE(CUSTOM, "libcharon"),
614 PLUGIN_DEPENDS(NONCE_GEN),
615 PLUGIN_DEPENDS(CUSTOM, "libcharon-sa-managers"),
616 PLUGIN_DEPENDS(CUSTOM, "libcharon-receiver"),
617 PLUGIN_DEPENDS(CUSTOM, "kernel-ipsec"),
618 PLUGIN_DEPENDS(CUSTOM, "kernel-net"),
619 PLUGIN_CALLBACK((plugin_feature_callback_t)sender_receiver_cb, this),
620 PLUGIN_PROVIDE(CUSTOM, "libcharon-receiver"),
621 PLUGIN_DEPENDS(HASHER, HASH_SHA1),
622 PLUGIN_DEPENDS(RNG, RNG_STRONG),
623 PLUGIN_DEPENDS(CUSTOM, "socket"),
624 PLUGIN_CALLBACK((plugin_feature_callback_t)sa_managers_cb, this),
625 PLUGIN_PROVIDE(CUSTOM, "libcharon-sa-managers"),
626 PLUGIN_DEPENDS(HASHER, HASH_SHA1),
627 PLUGIN_DEPENDS(RNG, RNG_WEAK),
628 };
629 lib->plugins->add_static_features(lib->plugins, lib->ns, features,
630 countof(features), TRUE, NULL, NULL);
631
632 /* load plugins, further infrastructure may need it */
633 if (!lib->plugins->load(lib->plugins, plugins))
634 {
635 return FALSE;
636 }
637
638 /* Queue start_action job */
639 lib->processor->queue_job(lib->processor, (job_t*)start_action_job_create());
640
641 #ifdef ME
642 this->public.connect_manager = connect_manager_create();
643 if (this->public.connect_manager == NULL)
644 {
645 return FALSE;
646 }
647 this->public.mediation_manager = mediation_manager_create();
648 #endif /* ME */
649
650 return TRUE;
651 }
652
653 /**
654 * Create the daemon.
655 */
656 private_daemon_t *daemon_create()
657 {
658 private_daemon_t *this;
659
660 INIT(this,
661 .public = {
662 .initialize = _initialize,
663 .start = _start,
664 .load_loggers = _load_loggers,
665 .set_level = _set_level,
666 .bus = bus_create(),
667 },
668 .loggers = linked_list_create(),
669 .mutex = mutex_create(MUTEX_TYPE_DEFAULT),
670 .ref = 1,
671 );
672 charon = &this->public;
673 this->public.attributes = attribute_manager_create();
674 this->public.controller = controller_create();
675 this->public.eap = eap_manager_create();
676 this->public.xauth = xauth_manager_create();
677 this->public.backends = backend_manager_create();
678 this->public.socket = socket_manager_create();
679 this->public.traps = trap_manager_create();
680 this->public.shunts = shunt_manager_create();
681 this->kernel_handler = kernel_handler_create();
682
683 return this;
684 }
685
686 /**
687 * Described in header.
688 */
689 void libcharon_deinit()
690 {
691 private_daemon_t *this = (private_daemon_t*)charon;
692
693 if (!this || !ref_put(&this->ref))
694 { /* have more users */
695 return;
696 }
697
698 run_scripts(this, "stop");
699
700 destroy(this);
701 charon = NULL;
702 }
703
704 /**
705 * Described in header.
706 */
707 bool libcharon_init()
708 {
709 private_daemon_t *this;
710
711 if (charon)
712 { /* already initialized, increase refcount */
713 this = (private_daemon_t*)charon;
714 ref_get(&this->ref);
715 return !this->integrity_failed;
716 }
717
718 this = daemon_create();
719
720 /* for uncritical pseudo random numbers */
721 srandom(time(NULL) + getpid());
722
723 /* set up hook to log dbg message in library via charons message bus */
724 dbg_old = dbg;
725 dbg = dbg_bus;
726
727 lib->printf_hook->add_handler(lib->printf_hook, 'P',
728 proposal_printf_hook,
729 PRINTF_HOOK_ARGTYPE_POINTER,
730 PRINTF_HOOK_ARGTYPE_END);
731
732 if (lib->integrity &&
733 !lib->integrity->check(lib->integrity, "libcharon", libcharon_init))
734 {
735 dbg(DBG_DMN, 1, "integrity check of libcharon failed");
736 this->integrity_failed = TRUE;
737 }
738 return !this->integrity_failed;
739 }