ikev1: Handle queued TRANSACTION messages only after processing replies
[strongswan.git] / src / libimcv / imcv.c
1 /*
2 * Copyright (C) 2011-2015 Andreas Steffen
3 * HSR Hochschule fuer Technik Rapperswil
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 #include "imcv.h"
17 #include "ietf/ietf_attr.h"
18 #include "ita/ita_attr.h"
19 #include "pwg/pwg_attr.h"
20 #include "tcg/tcg_attr.h"
21 #include "pts/components/pts_component.h"
22 #include "pts/components/pts_component_manager.h"
23 #include "pts/components/tcg/tcg_comp_func_name.h"
24 #include "pts/components/ita/ita_comp_func_name.h"
25 #include "pts/components/ita/ita_comp_ima.h"
26 #include "pts/components/ita/ita_comp_tboot.h"
27 #include "pts/components/ita/ita_comp_tgrub.h"
28
29 #include <utils/debug.h>
30 #include <utils/utils.h>
31 #include <pen/pen.h>
32
33 #ifdef HAVE_SYSLOG
34 #include <syslog.h>
35 #endif
36
37 #ifndef IPSEC_SCRIPT
38 #define IPSEC_SCRIPT "ipsec"
39 #endif
40
41 #define IMCV_DEBUG_LEVEL 1
42 #define IMCV_DEFAULT_POLICY_SCRIPT IPSEC_SCRIPT " _imv_policy"
43
44
45 /**
46 * PA-TNC attribute manager
47 */
48 pa_tnc_attr_manager_t *imcv_pa_tnc_attributes;
49
50 /**
51 * Global list of IMV sessions
52 */
53 imv_session_manager_t *imcv_sessions;
54
55 /**
56 * Global IMV database
57 */
58 imv_database_t *imcv_db;
59
60 /**
61 * PTS Functional Component manager
62 */
63 pts_component_manager_t *imcv_pts_components;
64
65 /**
66 * Reference count for libimcv
67 */
68 static refcount_t libimcv_ref = 0;
69
70 /**
71 * Reference count for libstrongswan
72 */
73 static refcount_t libstrongswan_ref = 0;
74
75 /**
76 * Global configuration of imcv dbg function
77 */
78 static int imcv_debug_level;
79 static bool imcv_stderr_quiet;
80
81 /**
82 * imvc dbg function
83 */
84 static void imcv_dbg(debug_t group, level_t level, char *fmt, ...)
85 {
86 va_list args;
87
88 if (level <= imcv_debug_level)
89 {
90 if (!imcv_stderr_quiet)
91 {
92 va_start(args, fmt);
93 fprintf(stderr, "[HSR] ");
94 vfprintf(stderr, fmt, args);
95 fprintf(stderr, "\n");
96 va_end(args);
97 }
98
99 #ifdef HAVE_SYSLOG
100 {
101 int priority = LOG_INFO;
102 char buffer[8192];
103 char *current = buffer, *next;
104
105 /* write in memory buffer first */
106 va_start(args, fmt);
107 vsnprintf(buffer, sizeof(buffer), fmt, args);
108 va_end(args);
109
110 /* do a syslog with every line */
111 while (current)
112 {
113 next = strchr(current, '\n');
114 if (next)
115 {
116 *(next++) = '\0';
117 }
118 syslog(priority, "[HSR] %s\n", current);
119 current = next;
120 }
121 }
122 #endif /* HAVE_SYSLOG */
123 }
124 }
125
126 /**
127 * Described in header.
128 */
129 bool libimcv_init(bool is_imv)
130 {
131 /* initialize libstrongswan library only once */
132 if (lib)
133 {
134 /* did main program initialize libstrongswan? */
135 if (libstrongswan_ref == 0)
136 {
137 ref_get(&libstrongswan_ref);
138 }
139 }
140 else
141 {
142 /* we are the first to initialize libstrongswan */
143 if (!library_init(NULL, "libimcv"))
144 {
145 return FALSE;
146 }
147
148 /* set the debug level and stderr output */
149 imcv_debug_level = lib->settings->get_int(lib->settings,
150 "libimcv.debug_level", IMCV_DEBUG_LEVEL);
151 imcv_stderr_quiet = lib->settings->get_int(lib->settings,
152 "libimcv.stderr_quiet", FALSE);
153
154 /* activate the imcv debugging hook */
155 dbg = imcv_dbg;
156 #ifdef HAVE_SYSLOG
157 openlog("imcv", 0, LOG_DAEMON);
158 #endif
159
160 if (!lib->plugins->load(lib->plugins,
161 lib->settings->get_str(lib->settings, "libimcv.load",
162 "random nonce gmp pubkey x509")))
163 {
164 library_deinit();
165 return FALSE;
166 }
167 }
168 ref_get(&libstrongswan_ref);
169
170 lib->settings->add_fallback(lib->settings, "%s.imcv", "libimcv", lib->ns);
171 lib->settings->add_fallback(lib->settings, "%s.plugins", "libimcv.plugins",
172 lib->ns);
173
174 if (libimcv_ref == 0)
175 {
176 char *uri, *script;
177
178 /* initialize the PA-TNC attribute manager */
179 imcv_pa_tnc_attributes = pa_tnc_attr_manager_create();
180 imcv_pa_tnc_attributes->add_vendor(imcv_pa_tnc_attributes, PEN_IETF,
181 ietf_attr_create_from_data, ietf_attr_names);
182 imcv_pa_tnc_attributes->add_vendor(imcv_pa_tnc_attributes, PEN_ITA,
183 ita_attr_create_from_data, ita_attr_names);
184 imcv_pa_tnc_attributes->add_vendor(imcv_pa_tnc_attributes, PEN_PWG,
185 pwg_attr_create_from_data, pwg_attr_names);
186 imcv_pa_tnc_attributes->add_vendor(imcv_pa_tnc_attributes, PEN_TCG,
187 tcg_attr_create_from_data, tcg_attr_names);
188
189 imcv_pts_components = pts_component_manager_create();
190 imcv_pts_components->add_vendor(imcv_pts_components, PEN_TCG,
191 pts_tcg_comp_func_names, PTS_TCG_QUALIFIER_TYPE_SIZE,
192 pts_tcg_qualifier_flag_names, pts_tcg_qualifier_type_names);
193 imcv_pts_components->add_vendor(imcv_pts_components, PEN_ITA,
194 pts_ita_comp_func_names, PTS_ITA_QUALIFIER_TYPE_SIZE,
195 pts_ita_qualifier_flag_names, pts_ita_qualifier_type_names);
196
197 imcv_pts_components->add_component(imcv_pts_components, PEN_ITA,
198 PTS_ITA_COMP_FUNC_NAME_TGRUB,
199 pts_ita_comp_tgrub_create);
200 imcv_pts_components->add_component(imcv_pts_components, PEN_ITA,
201 PTS_ITA_COMP_FUNC_NAME_TBOOT,
202 pts_ita_comp_tboot_create);
203 imcv_pts_components->add_component(imcv_pts_components, PEN_ITA,
204 PTS_ITA_COMP_FUNC_NAME_IMA,
205 pts_ita_comp_ima_create);
206 if (is_imv)
207 {
208 /* instantiate global IMV session manager */
209 imcv_sessions = imv_session_manager_create();
210
211 /* instantiate and attach global IMV database if URI is valid */
212 uri = lib->settings->get_str(lib->settings,
213 "%s.imcv.database", NULL, lib->ns);
214 script = lib->settings->get_str(lib->settings,
215 "%s.imcv.policy_script", IMCV_DEFAULT_POLICY_SCRIPT,
216 lib->ns);
217 if (uri)
218 {
219 imcv_db = imv_database_create(uri, script);
220 }
221 }
222 DBG1(DBG_LIB, "libimcv initialized");
223 }
224 ref_get(&libimcv_ref);
225
226 return TRUE;
227 }
228
229 /**
230 * Described in header.
231 */
232 void libimcv_deinit(void)
233 {
234 if (ref_put(&libimcv_ref))
235 {
236 imcv_pts_components->remove_vendor(imcv_pts_components, PEN_TCG);
237 imcv_pts_components->remove_vendor(imcv_pts_components, PEN_ITA);
238 imcv_pts_components->destroy(imcv_pts_components);
239
240 imcv_pa_tnc_attributes->remove_vendor(imcv_pa_tnc_attributes, PEN_IETF);
241 imcv_pa_tnc_attributes->remove_vendor(imcv_pa_tnc_attributes, PEN_ITA);
242 imcv_pa_tnc_attributes->remove_vendor(imcv_pa_tnc_attributes, PEN_PWG);
243 imcv_pa_tnc_attributes->remove_vendor(imcv_pa_tnc_attributes, PEN_TCG);
244 DESTROY_IF(imcv_pa_tnc_attributes);
245 imcv_pa_tnc_attributes = NULL;
246 DESTROY_IF(imcv_db);
247 DESTROY_IF(imcv_sessions);
248 DBG1(DBG_LIB, "libimcv terminated");
249 }
250 if (ref_put(&libstrongswan_ref))
251 {
252 library_deinit();
253 }
254 }