projects / strongswan.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Migrated eap_simaka_reauth_provider_t to INIT/METHOD macros.
[strongswan.git] / src / libcharon / daemon.c
1 /*
2 * Copyright (C) 2006-2010 Tobias Brunner
3 * Copyright (C) 2005-2009 Martin Willi
4 * Copyright (C) 2006 Daniel Roethlisberger
5 * Copyright (C) 2005 Jan Hutter
6 * Hochschule fuer Technik Rapperswil
7 *
8 * This program is free software; you can redistribute it and/or modify it
9 * under the terms of the GNU General Public License as published by the
10 * Free Software Foundation; either version 2 of the License, or (at your
11 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
12 *
13 * This program is distributed in the hope that it will be useful, but
14 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
15 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
16 * for more details.
17 */
18
19 #include <stdio.h>
20 #include <sys/types.h>
21 #include <unistd.h>
22 #include <time.h>
23
24 #ifdef CAPABILITIES
25 # ifdef HAVE_SYS_CAPABILITY_H
26 # include <sys/capability.h>
27 # elif defined(CAPABILITIES_NATIVE)
28 # include <linux/capability.h>
29 # endif /* CAPABILITIES_NATIVE */
30 #endif /* CAPABILITIES */
31
32 #define USE_TNC /* for tnccs_manager */
33
34 #include "daemon.h"
35
36 #include <library.h>
37 #include <config/proposal.h>
38 #include <kernel/kernel_handler.h>
39 #include <processing/jobs/start_action_job.h>
40
41 typedef struct private_daemon_t private_daemon_t;
42
43 /**
44 * Private additions to daemon_t, contains threads and internal functions.
45 */
46 struct private_daemon_t {
47 /**
48 * Public members of daemon_t.
49 */
50 daemon_t public;
51
52 /**
53 * Handler for kernel events
54 */
55 kernel_handler_t *kernel_handler;
56
57 /**
58 * capabilities to keep
59 */
60 #ifdef CAPABILITIES_LIBCAP
61 cap_t caps;
62 #endif /* CAPABILITIES_LIBCAP */
63 #ifdef CAPABILITIES_NATIVE
64 struct __user_cap_data_struct caps[2];
65 #endif /* CAPABILITIES_NATIVE */
66
67 };
68
69 /**
70 * One and only instance of the daemon.
71 */
72 daemon_t *charon;
73
74 /**
75 * hook in library for debugging messages
76 */
77 extern void (*dbg) (debug_t group, level_t level, char *fmt, ...);
78
79 /**
80 * we store the previous debug function so we can reset it
81 */
82 static void (*dbg_old) (debug_t group, level_t level, char *fmt, ...);
83
84 /**
85 * Logging hook for library logs, spreads debug message over bus
86 */
87 static void dbg_bus(debug_t group, level_t level, char *fmt, ...)
88 {
89 va_list args;
90
91 va_start(args, fmt);
92 charon->bus->vlog(charon->bus, group, level, fmt, args);
93 va_end(args);
94 }
95
96 /**
97 * Clean up all daemon resources
98 */
99 static void destroy(private_daemon_t *this)
100 {
101 /* terminate all idle threads */
102 lib->processor->set_threads(lib->processor, 0);
103
104 /* close all IKE_SAs */
105 if (this->public.ike_sa_manager)
106 {
107 this->public.ike_sa_manager->flush(this->public.ike_sa_manager);
108 }
109 if (this->public.traps)
110 {
111 this->public.traps->flush(this->public.traps);
112 }
113 DESTROY_IF(this->public.receiver);
114 DESTROY_IF(this->public.sender);
115 /* unload plugins to release threads */
116 lib->plugins->unload(lib->plugins);
117 #ifdef CAPABILITIES_LIBCAP
118 cap_free(this->caps);
119 #endif /* CAPABILITIES_LIBCAP */
120 DESTROY_IF(this->kernel_handler);
121 DESTROY_IF(this->public.traps);
122 DESTROY_IF(this->public.shunts);
123 DESTROY_IF(this->public.ike_sa_manager);
124 DESTROY_IF(this->public.controller);
125 DESTROY_IF(this->public.eap);
126 DESTROY_IF(this->public.tnccs);
127 #ifdef ME
128 DESTROY_IF(this->public.connect_manager);
129 DESTROY_IF(this->public.mediation_manager);
130 #endif /* ME */
131 DESTROY_IF(this->public.backends);
132 DESTROY_IF(this->public.socket);
133
134 /* rehook library logging, shutdown logging */
135 dbg = dbg_old;
136 DESTROY_IF(this->public.bus);
137 this->public.file_loggers->destroy_offset(this->public.file_loggers,
138 offsetof(file_logger_t, destroy));
139 this->public.sys_loggers->destroy_offset(this->public.sys_loggers,
140 offsetof(sys_logger_t, destroy));
141 free(this);
142 }
143
144 METHOD(daemon_t, keep_cap, void,
145 private_daemon_t *this, u_int cap)
146 {
147 #ifdef CAPABILITIES_LIBCAP
148 cap_set_flag(this->caps, CAP_EFFECTIVE, 1, &cap, CAP_SET);
149 cap_set_flag(this->caps, CAP_INHERITABLE, 1, &cap, CAP_SET);
150 cap_set_flag(this->caps, CAP_PERMITTED, 1, &cap, CAP_SET);
151 #endif /* CAPABILITIES_LIBCAP */
152 #ifdef CAPABILITIES_NATIVE
153 int i = 0;
154
155 if (cap >= 32)
156 {
157 i++;
158 cap -= 32;
159 }
160 this->caps[i].effective |= 1 << cap;
161 this->caps[i].permitted |= 1 << cap;
162 this->caps[i].inheritable |= 1 << cap;
163 #endif /* CAPABILITIES_NATIVE */
164 }
165
166 METHOD(daemon_t, drop_capabilities, bool,
167 private_daemon_t *this)
168 {
169 #ifdef CAPABILITIES_LIBCAP
170 if (cap_set_proc(this->caps) != 0)
171 {
172 return FALSE;
173 }
174 #endif /* CAPABILITIES_LIBCAP */
175 #ifdef CAPABILITIES_NATIVE
176 struct __user_cap_header_struct header = {
177 #if defined(_LINUX_CAPABILITY_VERSION_3)
178 .version = _LINUX_CAPABILITY_VERSION_3,
179 #elif defined(_LINUX_CAPABILITY_VERSION_2)
180 .version = _LINUX_CAPABILITY_VERSION_2,
181 #elif defined(_LINUX_CAPABILITY_VERSION_1)
182 .version = _LINUX_CAPABILITY_VERSION_1,
183 #else
184 .version = _LINUX_CAPABILITY_VERSION,
185 #endif
186 };
187 if (capset(&header, this->caps) != 0)
188 {
189 return FALSE;
190 }
191 #endif /* CAPABILITIES_NATIVE */
192 return TRUE;
193 }
194
195 METHOD(daemon_t, start, void,
196 private_daemon_t *this)
197 {
198 /* start the engine, go multithreaded */
199 lib->processor->set_threads(lib->processor,
200 lib->settings->get_int(lib->settings, "charon.threads",
201 DEFAULT_THREADS));
202 }
203
204 /**
205 * Log loaded plugins
206 */
207 static void print_plugins()
208 {
209 char buf[512];
210 int len = 0;
211 enumerator_t *enumerator;
212 plugin_t *plugin;
213
214 buf[0] = '\0';
215 enumerator = lib->plugins->create_plugin_enumerator(lib->plugins);
216 while (len < sizeof(buf) && enumerator->enumerate(enumerator, &plugin))
217 {
218 len += snprintf(&buf[len], sizeof(buf)-len, "%s ",
219 plugin->get_name(plugin));
220 }
221 enumerator->destroy(enumerator);
222 DBG1(DBG_DMN, "loaded plugins: %s", buf);
223 }
224
225 METHOD(daemon_t, initialize, bool,
226 private_daemon_t *this)
227 {
228 DBG1(DBG_DMN, "Starting IKEv2 charon daemon (strongSwan "VERSION")");
229
230 if (lib->integrity)
231 {
232 DBG1(DBG_DMN, "integrity tests enabled:");
233 DBG1(DBG_DMN, "lib 'libstrongswan': passed file and segment integrity tests");
234 DBG1(DBG_DMN, "lib 'libhydra': passed file and segment integrity tests");
235 DBG1(DBG_DMN, "lib 'libcharon': passed file and segment integrity tests");
236 DBG1(DBG_DMN, "daemon 'charon': passed file integrity test");
237 }
238
239 /* load plugins, further infrastructure may need it */
240 if (!lib->plugins->load(lib->plugins, NULL,
241 lib->settings->get_str(lib->settings, "charon.load", PLUGINS)))
242 {
243 return FALSE;
244 }
245
246 print_plugins();
247
248 this->public.ike_sa_manager = ike_sa_manager_create();
249 if (this->public.ike_sa_manager == NULL)
250 {
251 return FALSE;
252 }
253 this->public.sender = sender_create();
254 this->public.receiver = receiver_create();
255 if (this->public.receiver == NULL)
256 {
257 return FALSE;
258 }
259
260 /* Queue start_action job */
261 lib->processor->queue_job(lib->processor, (job_t*)start_action_job_create());
262
263 #ifdef ME
264 this->public.connect_manager = connect_manager_create();
265 if (this->public.connect_manager == NULL)
266 {
267 return FALSE;
268 }
269 this->public.mediation_manager = mediation_manager_create();
270 #endif /* ME */
271
272 return TRUE;
273 }
274
275 /**
276 * Create the daemon.
277 */
278 private_daemon_t *daemon_create()
279 {
280 private_daemon_t *this;
281
282 INIT(this,
283 .public = {
284 .keep_cap = _keep_cap,
285 .drop_capabilities = _drop_capabilities,
286 .initialize = _initialize,
287 .start = _start,
288 .bus = bus_create(),
289 .file_loggers = linked_list_create(),
290 .sys_loggers = linked_list_create(),
291 },
292 );
293 charon = &this->public;
294 this->public.controller = controller_create();
295 this->public.eap = eap_manager_create();
296 this->public.tnccs = tnccs_manager_create();
297 this->public.backends = backend_manager_create();
298 this->public.socket = socket_manager_create();
299 this->public.traps = trap_manager_create();
300 this->public.shunts = shunt_manager_create();
301 this->kernel_handler = kernel_handler_create();
302
303 #ifdef CAPABILITIES
304 #ifdef CAPABILITIES_LIBCAP
305 this->caps = cap_init();
306 #endif /* CAPABILITIES_LIBCAP */
307 keep_cap(this, CAP_NET_ADMIN);
308 if (lib->leak_detective)
309 {
310 keep_cap(this, CAP_SYS_NICE);
311 }
312 #endif /* CAPABILITIES */
313
314 return this;
315 }
316
317 /**
318 * Described in header.
319 */
320 void libcharon_deinit()
321 {
322 destroy((private_daemon_t*)charon);
323 charon = NULL;
324 }
325
326 /**
327 * Described in header.
328 */
329 bool libcharon_init()
330 {
331 daemon_create();
332
333 /* for uncritical pseudo random numbers */
334 srandom(time(NULL) + getpid());
335
336 /* set up hook to log dbg message in library via charons message bus */
337 dbg_old = dbg;
338 dbg = dbg_bus;
339
340 lib->printf_hook->add_handler(lib->printf_hook, 'P',
341 proposal_printf_hook,
342 PRINTF_HOOK_ARGTYPE_POINTER,
343 PRINTF_HOOK_ARGTYPE_END);
344
345 if (lib->integrity &&
346 !lib->integrity->check(lib->integrity, "libcharon", libcharon_init))
347 {
348 dbg(DBG_DMN, 1, "integrity check of libcharon failed");
349 return FALSE;
350 }
351
352 return TRUE;
353 }
strongSwan - IPsec VPN