child-sa-manager: Add a global manager storing CHILD_SA relations
[strongswan.git] / src / libcharon / daemon.c
1 /*
2 * Copyright (C) 2006-2012 Tobias Brunner
3 * Copyright (C) 2005-2009 Martin Willi
4 * Copyright (C) 2006 Daniel Roethlisberger
5 * Copyright (C) 2005 Jan Hutter
6 * Hochschule fuer Technik Rapperswil
7 *
8 * This program is free software; you can redistribute it and/or modify it
9 * under the terms of the GNU General Public License as published by the
10 * Free Software Foundation; either version 2 of the License, or (at your
11 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
12 *
13 * This program is distributed in the hope that it will be useful, but
14 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
15 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
16 * for more details.
17 */
18
19 #include <stdio.h>
20 #include <sys/types.h>
21 #include <unistd.h>
22 #include <time.h>
23 #include <errno.h>
24
25 #ifdef HAVE_SYSLOG
26 #include <syslog.h>
27 #endif
28
29 #include "daemon.h"
30
31 #include <library.h>
32 #include <bus/listeners/sys_logger.h>
33 #include <bus/listeners/file_logger.h>
34 #include <config/proposal.h>
35 #include <plugins/plugin_feature.h>
36 #include <kernel/kernel_handler.h>
37 #include <processing/jobs/start_action_job.h>
38 #include <threading/mutex.h>
39
40 #ifndef LOG_AUTHPRIV /* not defined on OpenSolaris */
41 #define LOG_AUTHPRIV LOG_AUTH
42 #endif
43
44 typedef struct private_daemon_t private_daemon_t;
45
46 /**
47 * Private additions to daemon_t, contains threads and internal functions.
48 */
49 struct private_daemon_t {
50 /**
51 * Public members of daemon_t.
52 */
53 daemon_t public;
54
55 /**
56 * Handler for kernel events
57 */
58 kernel_handler_t *kernel_handler;
59
60 /**
61 * A list of installed loggers (as logger_entry_t*)
62 */
63 linked_list_t *loggers;
64
65 /**
66 * Identifier used for syslog (in the openlog call)
67 */
68 char *syslog_identifier;
69
70 /**
71 * Mutex for configured loggers
72 */
73 mutex_t *mutex;
74
75 /**
76 * Integrity check failed?
77 */
78 bool integrity_failed;
79
80 /**
81 * Number of times we have been initialized
82 */
83 refcount_t ref;
84 };
85
86 /**
87 * One and only instance of the daemon.
88 */
89 daemon_t *charon;
90
91 /**
92 * hook in library for debugging messages
93 */
94 extern void (*dbg) (debug_t group, level_t level, char *fmt, ...);
95
96 /**
97 * we store the previous debug function so we can reset it
98 */
99 static void (*dbg_old) (debug_t group, level_t level, char *fmt, ...);
100
101 /**
102 * Logging hook for library logs, spreads debug message over bus
103 */
104 static void dbg_bus(debug_t group, level_t level, char *fmt, ...)
105 {
106 va_list args;
107
108 va_start(args, fmt);
109 charon->bus->vlog(charon->bus, group, level, fmt, args);
110 va_end(args);
111 }
112
113 /**
114 * Some metadata about configured loggers
115 */
116 typedef struct {
117 /**
118 * Target of the logger (syslog facility or filename)
119 */
120 char *target;
121
122 /**
123 * TRUE if this is a file logger
124 */
125 bool file;
126
127 /**
128 * The actual logger
129 */
130 union {
131 sys_logger_t *sys;
132 file_logger_t *file;
133 } logger;
134
135 } logger_entry_t;
136
137 /**
138 * Destroy a logger entry
139 */
140 static void logger_entry_destroy(logger_entry_t *this)
141 {
142 if (this->file)
143 {
144 DESTROY_IF(this->logger.file);
145 }
146 else
147 {
148 DESTROY_IF(this->logger.sys);
149 }
150 free(this->target);
151 free(this);
152 }
153
154 /**
155 * Unregister and destroy a logger entry
156 */
157 static void logger_entry_unregister_destroy(logger_entry_t *this)
158 {
159 if (this->file)
160 {
161 charon->bus->remove_logger(charon->bus, &this->logger.file->logger);
162 }
163 else
164 {
165 charon->bus->remove_logger(charon->bus, &this->logger.sys->logger);
166 }
167 logger_entry_destroy(this);
168 }
169
170 /**
171 * Match a logger entry by target and whether it is a file or syslog logger
172 */
173 static bool logger_entry_match(logger_entry_t *this, char *target, bool *file)
174 {
175 return this->file == *file && streq(this->target, target);
176 }
177
178 /**
179 * Handle configured syslog identifier
180 *
181 * mutex must be locked when calling this function
182 */
183 static void handle_syslog_identifier(private_daemon_t *this)
184 {
185 #ifdef HAVE_SYSLOG
186 char *identifier;
187
188 identifier = lib->settings->get_str(lib->settings, "%s.syslog.identifier",
189 NULL, lib->ns);
190 if (identifier)
191 { /* set identifier, which is prepended to each log line */
192 if (!this->syslog_identifier ||
193 !streq(identifier, this->syslog_identifier))
194 {
195 closelog();
196 this->syslog_identifier = identifier;
197 openlog(this->syslog_identifier, 0, 0);
198 }
199 }
200 else if (this->syslog_identifier)
201 {
202 closelog();
203 this->syslog_identifier = NULL;
204 }
205 #endif /* HAVE_SYSLOG */
206 }
207
208 /**
209 * Convert the given string into a syslog facility, returns -1 if the facility
210 * is not supported
211 */
212 static int get_syslog_facility(char *facility)
213 {
214 #ifdef HAVE_SYSLOG
215 if (streq(facility, "daemon"))
216 {
217 return LOG_DAEMON;
218 }
219 else if (streq(facility, "auth"))
220 {
221 return LOG_AUTHPRIV;
222 }
223 #endif /* HAVE_SYSLOG */
224 return -1;
225 }
226
227 /**
228 * Returns an existing or newly created logger entry (if found, it is removed
229 * from the given linked list of existing loggers)
230 */
231 static logger_entry_t *get_logger_entry(char *target, bool is_file_logger,
232 linked_list_t *existing)
233 {
234 logger_entry_t *entry;
235
236 if (existing->find_first(existing, (void*)logger_entry_match,
237 (void**)&entry, target, &is_file_logger) != SUCCESS)
238 {
239 INIT(entry,
240 .target = strdup(target),
241 .file = is_file_logger,
242 );
243 if (is_file_logger)
244 {
245 entry->logger.file = file_logger_create(target);
246 }
247 #ifdef HAVE_SYSLOG
248 else
249 {
250 entry->logger.sys = sys_logger_create(get_syslog_facility(target));
251 }
252 #endif /* HAVE_SYSLOG */
253 }
254 else
255 {
256 existing->remove(existing, entry, NULL);
257 }
258 return entry;
259 }
260
261 /**
262 * Create or reuse a syslog logger
263 */
264 static sys_logger_t *add_sys_logger(private_daemon_t *this, char *facility,
265 linked_list_t *current_loggers)
266 {
267 logger_entry_t *entry;
268
269 entry = get_logger_entry(facility, FALSE, current_loggers);
270 this->loggers->insert_last(this->loggers, entry);
271 return entry->logger.sys;
272 }
273
274 /**
275 * Create or reuse a file logger
276 */
277 static file_logger_t *add_file_logger(private_daemon_t *this, char *filename,
278 linked_list_t *current_loggers)
279 {
280 logger_entry_t *entry;
281
282 entry = get_logger_entry(filename, TRUE, current_loggers);
283 this->loggers->insert_last(this->loggers, entry);
284 return entry->logger.file;
285 }
286
287 /**
288 * Load the given syslog logger configured in strongswan.conf
289 */
290 static void load_sys_logger(private_daemon_t *this, char *facility,
291 linked_list_t *current_loggers)
292 {
293 sys_logger_t *sys_logger;
294 debug_t group;
295 level_t def;
296
297 if (get_syslog_facility(facility) == -1)
298 {
299 return;
300 }
301
302 sys_logger = add_sys_logger(this, facility, current_loggers);
303 sys_logger->set_options(sys_logger,
304 lib->settings->get_bool(lib->settings, "%s.syslog.%s.ike_name",
305 FALSE, lib->ns, facility));
306
307 def = lib->settings->get_int(lib->settings, "%s.syslog.%s.default", 1,
308 lib->ns, facility);
309 for (group = 0; group < DBG_MAX; group++)
310 {
311 sys_logger->set_level(sys_logger, group,
312 lib->settings->get_int(lib->settings, "%s.syslog.%s.%N", def,
313 lib->ns, facility, debug_lower_names, group));
314 }
315 charon->bus->add_logger(charon->bus, &sys_logger->logger);
316 }
317
318 /**
319 * Load the given file logger configured in strongswan.conf
320 */
321 static void load_file_logger(private_daemon_t *this, char *filename,
322 linked_list_t *current_loggers)
323 {
324 file_logger_t *file_logger;
325 debug_t group;
326 level_t def;
327 bool ike_name, flush_line, append;
328 char *time_format;
329
330 time_format = lib->settings->get_str(lib->settings,
331 "%s.filelog.%s.time_format", NULL, lib->ns, filename);
332 ike_name = lib->settings->get_bool(lib->settings,
333 "%s.filelog.%s.ike_name", FALSE, lib->ns, filename);
334 flush_line = lib->settings->get_bool(lib->settings,
335 "%s.filelog.%s.flush_line", FALSE, lib->ns, filename);
336 append = lib->settings->get_bool(lib->settings,
337 "%s.filelog.%s.append", TRUE, lib->ns, filename);
338
339 file_logger = add_file_logger(this, filename, current_loggers);
340 file_logger->set_options(file_logger, time_format, ike_name);
341 file_logger->open(file_logger, flush_line, append);
342
343 def = lib->settings->get_int(lib->settings, "%s.filelog.%s.default", 1,
344 lib->ns, filename);
345 for (group = 0; group < DBG_MAX; group++)
346 {
347 file_logger->set_level(file_logger, group,
348 lib->settings->get_int(lib->settings, "%s.filelog.%s.%N", def,
349 lib->ns, filename, debug_lower_names, group));
350 }
351 charon->bus->add_logger(charon->bus, &file_logger->logger);
352 }
353
354 METHOD(daemon_t, load_loggers, void,
355 private_daemon_t *this, level_t levels[DBG_MAX], bool to_stderr)
356 {
357 enumerator_t *enumerator;
358 linked_list_t *current_loggers;
359 char *target;
360
361 this->mutex->lock(this->mutex);
362 handle_syslog_identifier(this);
363 current_loggers = this->loggers;
364 this->loggers = linked_list_create();
365 enumerator = lib->settings->create_section_enumerator(lib->settings,
366 "%s.syslog", lib->ns);
367 while (enumerator->enumerate(enumerator, &target))
368 {
369 load_sys_logger(this, target, current_loggers);
370 }
371 enumerator->destroy(enumerator);
372
373 enumerator = lib->settings->create_section_enumerator(lib->settings,
374 "%s.filelog", lib->ns);
375 while (enumerator->enumerate(enumerator, &target))
376 {
377 load_file_logger(this, target, current_loggers);
378 }
379 enumerator->destroy(enumerator);
380
381 if (!this->loggers->get_count(this->loggers) && levels)
382 { /* setup legacy style default loggers configured via command-line */
383 file_logger_t *file_logger;
384 sys_logger_t *sys_logger;
385 debug_t group;
386
387 sys_logger = add_sys_logger(this, "daemon", current_loggers);
388 file_logger = add_file_logger(this, "stdout", current_loggers);
389 file_logger->open(file_logger, FALSE, FALSE);
390
391 for (group = 0; group < DBG_MAX; group++)
392 {
393 if (sys_logger)
394 {
395 sys_logger->set_level(sys_logger, group, levels[group]);
396 }
397 if (to_stderr)
398 {
399 file_logger->set_level(file_logger, group, levels[group]);
400 }
401 }
402 if (sys_logger)
403 {
404 charon->bus->add_logger(charon->bus, &sys_logger->logger);
405 }
406 charon->bus->add_logger(charon->bus, &file_logger->logger);
407
408 sys_logger = add_sys_logger(this, "auth", current_loggers);
409 if (sys_logger)
410 {
411 sys_logger->set_level(sys_logger, DBG_ANY, LEVEL_AUDIT);
412 charon->bus->add_logger(charon->bus, &sys_logger->logger);
413 }
414 }
415 /* unregister and destroy any unused remaining loggers */
416 current_loggers->destroy_function(current_loggers,
417 (void*)logger_entry_unregister_destroy);
418 this->mutex->unlock(this->mutex);
419 }
420
421 METHOD(daemon_t, set_level, void,
422 private_daemon_t *this, debug_t group, level_t level)
423 {
424 enumerator_t *enumerator;
425 logger_entry_t *entry;
426
427 /* we set the loglevel on ALL sys- and file-loggers */
428 this->mutex->lock(this->mutex);
429 enumerator = this->loggers->create_enumerator(this->loggers);
430 while (enumerator->enumerate(enumerator, &entry))
431 {
432 if (entry->file)
433 {
434 entry->logger.file->set_level(entry->logger.file, group, level);
435 charon->bus->add_logger(charon->bus, &entry->logger.file->logger);
436 }
437 else
438 {
439 entry->logger.sys->set_level(entry->logger.sys, group, level);
440 charon->bus->add_logger(charon->bus, &entry->logger.sys->logger);
441 }
442 }
443 enumerator->destroy(enumerator);
444 this->mutex->unlock(this->mutex);
445 }
446
447 /**
448 * Clean up all daemon resources
449 */
450 static void destroy(private_daemon_t *this)
451 {
452 /* terminate all idle threads */
453 lib->processor->set_threads(lib->processor, 0);
454 /* make sure nobody waits for a DNS query */
455 lib->hosts->flush(lib->hosts);
456 /* close all IKE_SAs */
457 if (this->public.ike_sa_manager)
458 {
459 this->public.ike_sa_manager->flush(this->public.ike_sa_manager);
460 }
461 if (this->public.traps)
462 {
463 this->public.traps->flush(this->public.traps);
464 }
465 if (this->public.sender)
466 {
467 this->public.sender->flush(this->public.sender);
468 }
469
470 /* cancel all threads and wait for their termination */
471 lib->processor->cancel(lib->processor);
472
473 #ifdef ME
474 DESTROY_IF(this->public.connect_manager);
475 DESTROY_IF(this->public.mediation_manager);
476 #endif /* ME */
477 /* make sure the cache is clear before unloading plugins */
478 lib->credmgr->flush_cache(lib->credmgr, CERT_ANY);
479 lib->plugins->unload(lib->plugins);
480 DESTROY_IF(this->kernel_handler);
481 DESTROY_IF(this->public.traps);
482 DESTROY_IF(this->public.shunts);
483 DESTROY_IF(this->public.child_sa_manager);
484 DESTROY_IF(this->public.ike_sa_manager);
485 DESTROY_IF(this->public.controller);
486 DESTROY_IF(this->public.eap);
487 DESTROY_IF(this->public.xauth);
488 DESTROY_IF(this->public.backends);
489 DESTROY_IF(this->public.socket);
490
491 /* rehook library logging, shutdown logging */
492 dbg = dbg_old;
493 DESTROY_IF(this->public.bus);
494 this->loggers->destroy_function(this->loggers, (void*)logger_entry_destroy);
495 this->mutex->destroy(this->mutex);
496 free(this);
497 }
498
499 /**
500 * Run a set of configured scripts
501 */
502 static void run_scripts(private_daemon_t *this, char *verb)
503 {
504 enumerator_t *enumerator;
505 char *key, *value, *pos, buf[1024];
506 FILE *cmd;
507
508 enumerator = lib->settings->create_key_value_enumerator(lib->settings,
509 "%s.%s-scripts", lib->ns, verb);
510 while (enumerator->enumerate(enumerator, &key, &value))
511 {
512 DBG1(DBG_DMN, "executing %s script '%s' (%s):", verb, key, value);
513 cmd = popen(value, "r");
514 if (!cmd)
515 {
516 DBG1(DBG_DMN, "executing %s script '%s' (%s) failed: %s",
517 verb, key, value, strerror(errno));
518 continue;
519 }
520 while (TRUE)
521 {
522 if (!fgets(buf, sizeof(buf), cmd))
523 {
524 if (ferror(cmd))
525 {
526 DBG1(DBG_DMN, "reading from %s script '%s' (%s) failed",
527 verb, key, value);
528 }
529 break;
530 }
531 else
532 {
533 pos = buf + strlen(buf);
534 if (pos > buf && pos[-1] == '\n')
535 {
536 pos[-1] = '\0';
537 }
538 DBG1(DBG_DMN, "%s: %s", key, buf);
539 }
540 }
541 pclose(cmd);
542 }
543 enumerator->destroy(enumerator);
544 }
545
546 METHOD(daemon_t, start, void,
547 private_daemon_t *this)
548 {
549 /* start the engine, go multithreaded */
550 lib->processor->set_threads(lib->processor,
551 lib->settings->get_int(lib->settings, "%s.threads",
552 DEFAULT_THREADS, lib->ns));
553
554 run_scripts(this, "start");
555 }
556
557
558 /**
559 * Initialize/deinitialize sender and receiver
560 */
561 static bool sender_receiver_cb(void *plugin, plugin_feature_t *feature,
562 bool reg, private_daemon_t *this)
563 {
564 if (reg)
565 {
566 this->public.receiver = receiver_create();
567 if (!this->public.receiver)
568 {
569 return FALSE;
570 }
571 this->public.sender = sender_create();
572 }
573 else
574 {
575 DESTROY_IF(this->public.receiver);
576 DESTROY_IF(this->public.sender);
577 }
578 return TRUE;
579 }
580
581 METHOD(daemon_t, initialize, bool,
582 private_daemon_t *this, char *plugins)
583 {
584 plugin_feature_t features[] = {
585 PLUGIN_PROVIDE(CUSTOM, "libcharon"),
586 PLUGIN_DEPENDS(NONCE_GEN),
587 PLUGIN_DEPENDS(CUSTOM, "libcharon-receiver"),
588 PLUGIN_DEPENDS(CUSTOM, "kernel-ipsec"),
589 PLUGIN_DEPENDS(CUSTOM, "kernel-net"),
590 PLUGIN_CALLBACK((plugin_feature_callback_t)sender_receiver_cb, this),
591 PLUGIN_PROVIDE(CUSTOM, "libcharon-receiver"),
592 PLUGIN_DEPENDS(HASHER, HASH_SHA1),
593 PLUGIN_DEPENDS(RNG, RNG_STRONG),
594 PLUGIN_DEPENDS(CUSTOM, "socket"),
595 };
596 lib->plugins->add_static_features(lib->plugins, lib->ns, features,
597 countof(features), TRUE, NULL, NULL);
598
599 /* load plugins, further infrastructure may need it */
600 if (!lib->plugins->load(lib->plugins, plugins))
601 {
602 return FALSE;
603 }
604
605 this->public.ike_sa_manager = ike_sa_manager_create();
606 if (this->public.ike_sa_manager == NULL)
607 {
608 return FALSE;
609 }
610 this->public.child_sa_manager = child_sa_manager_create();
611
612 /* Queue start_action job */
613 lib->processor->queue_job(lib->processor, (job_t*)start_action_job_create());
614
615 #ifdef ME
616 this->public.connect_manager = connect_manager_create();
617 if (this->public.connect_manager == NULL)
618 {
619 return FALSE;
620 }
621 this->public.mediation_manager = mediation_manager_create();
622 #endif /* ME */
623
624 return TRUE;
625 }
626
627 /**
628 * Create the daemon.
629 */
630 private_daemon_t *daemon_create()
631 {
632 private_daemon_t *this;
633
634 INIT(this,
635 .public = {
636 .initialize = _initialize,
637 .start = _start,
638 .load_loggers = _load_loggers,
639 .set_level = _set_level,
640 .bus = bus_create(),
641 },
642 .loggers = linked_list_create(),
643 .mutex = mutex_create(MUTEX_TYPE_DEFAULT),
644 .ref = 1,
645 );
646 charon = &this->public;
647 this->public.controller = controller_create();
648 this->public.eap = eap_manager_create();
649 this->public.xauth = xauth_manager_create();
650 this->public.backends = backend_manager_create();
651 this->public.socket = socket_manager_create();
652 this->public.traps = trap_manager_create();
653 this->public.shunts = shunt_manager_create();
654 this->kernel_handler = kernel_handler_create();
655
656 return this;
657 }
658
659 /**
660 * Described in header.
661 */
662 void libcharon_deinit()
663 {
664 private_daemon_t *this = (private_daemon_t*)charon;
665
666 if (!this || !ref_put(&this->ref))
667 { /* have more users */
668 return;
669 }
670
671 run_scripts(this, "stop");
672
673 destroy(this);
674 charon = NULL;
675 }
676
677 /**
678 * Described in header.
679 */
680 bool libcharon_init()
681 {
682 private_daemon_t *this;
683
684 if (charon)
685 { /* already initialized, increase refcount */
686 this = (private_daemon_t*)charon;
687 ref_get(&this->ref);
688 return !this->integrity_failed;
689 }
690
691 this = daemon_create();
692
693 /* for uncritical pseudo random numbers */
694 srandom(time(NULL) + getpid());
695
696 /* set up hook to log dbg message in library via charons message bus */
697 dbg_old = dbg;
698 dbg = dbg_bus;
699
700 lib->printf_hook->add_handler(lib->printf_hook, 'P',
701 proposal_printf_hook,
702 PRINTF_HOOK_ARGTYPE_POINTER,
703 PRINTF_HOOK_ARGTYPE_END);
704
705 if (lib->integrity &&
706 !lib->integrity->check(lib->integrity, "libcharon", libcharon_init))
707 {
708 dbg(DBG_DMN, 1, "integrity check of libcharon failed");
709 this->integrity_failed = TRUE;
710 }
711 return !this->integrity_failed;
712 }