refactored IMV policy management
[strongswan.git] / src / libimcv / imcv.c
1 /*
2 * Copyright (C) 2011 Andreas Steffen, HSR Hochschule fuer Technik Rapperswil
3 *
4 * This program is free software; you can redistribute it and/or modify it
5 * under the terms of the GNU General Public License as published by the
6 * Free Software Foundation; either version 2 of the License, or (at your
7 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
8 *
9 * This program is distributed in the hope that it will be useful, but
10 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
11 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
12 * for more details.
13 */
14
15 #include "imcv.h"
16 #include "ietf/ietf_attr.h"
17 #include "ita/ita_attr.h"
18
19 #include <utils/debug.h>
20 #include <utils/utils.h>
21 #include <pen/pen.h>
22
23 #include <syslog.h>
24
25 #define IMCV_DEBUG_LEVEL 1
26 #define IMCV_DEFAULT_DATABASE_URI "sqlite:///etc/pts/config.db"
27 #define IMCV_DEFAULT_POLICY_SCRIPT "ipsec _imv_policy"
28
29
30 /**
31 * PA-TNC attribute manager
32 */
33 pa_tnc_attr_manager_t *imcv_pa_tnc_attributes;
34
35 /**
36 * Global IMV database
37 */
38 imv_database_t *imcv_db;
39
40 /**
41 * Reference count for libimcv
42 */
43 static refcount_t libimcv_ref = 0;
44
45 /**
46 * Reference count for libstrongswan
47 */
48 static refcount_t libstrongswan_ref = 0;
49
50 /**
51 * Global configuration of imcv dbg function
52 */
53 static int imcv_debug_level;
54 static bool imcv_stderr_quiet;
55
56 /**
57 * imvc dbg function
58 */
59 static void imcv_dbg(debug_t group, level_t level, char *fmt, ...)
60 {
61 int priority = LOG_INFO;
62 char buffer[8192];
63 char *current = buffer, *next;
64 va_list args;
65
66 if (level <= imcv_debug_level)
67 {
68 if (!imcv_stderr_quiet)
69 {
70 va_start(args, fmt);
71 fprintf(stderr, "[HSR] ");
72 vfprintf(stderr, fmt, args);
73 fprintf(stderr, "\n");
74 va_end(args);
75 }
76
77 /* write in memory buffer first */
78 va_start(args, fmt);
79 vsnprintf(buffer, sizeof(buffer), fmt, args);
80 va_end(args);
81
82 /* do a syslog with every line */
83 while (current)
84 {
85 next = strchr(current, '\n');
86 if (next)
87 {
88 *(next++) = '\0';
89 }
90 syslog(priority, "[HSR] %s\n", current);
91 current = next;
92 }
93 }
94 }
95
96 /**
97 * Described in header.
98 */
99 bool libimcv_init(bool is_imv)
100 {
101 /* initialize libstrongswan library only once */
102 if (lib)
103 {
104 /* did main program initialize libstrongswan? */
105 if (libstrongswan_ref == 0)
106 {
107 ref_get(&libstrongswan_ref);
108 }
109 }
110 else
111 {
112 /* we are the first to initialize libstrongswan */
113 if (!library_init(NULL))
114 {
115 return FALSE;
116 }
117
118 /* set the debug level and stderr output */
119 imcv_debug_level = lib->settings->get_int(lib->settings,
120 "libimcv.debug_level", IMCV_DEBUG_LEVEL);
121 imcv_stderr_quiet = lib->settings->get_int(lib->settings,
122 "libimcv.stderr_quiet", FALSE);
123
124 /* activate the imcv debugging hook */
125 dbg = imcv_dbg;
126 openlog("imcv", 0, LOG_DAEMON);
127
128 if (!lib->plugins->load(lib->plugins, NULL,
129 lib->settings->get_str(lib->settings, "libimcv.load",
130 "random nonce gmp pubkey x509")))
131 {
132 library_deinit();
133 return FALSE;
134 }
135 }
136 ref_get(&libstrongswan_ref);
137
138 if (libimcv_ref == 0)
139 {
140 char *uri, *script;
141
142 /* initialize the PA-TNC attribute manager */
143 imcv_pa_tnc_attributes = pa_tnc_attr_manager_create();
144 imcv_pa_tnc_attributes->add_vendor(imcv_pa_tnc_attributes, PEN_IETF,
145 ietf_attr_create_from_data, ietf_attr_names);
146 imcv_pa_tnc_attributes->add_vendor(imcv_pa_tnc_attributes, PEN_ITA,
147 ita_attr_create_from_data, ita_attr_names);
148
149 /* attach global IMV database */
150 if (is_imv)
151 {
152 uri = lib->settings->get_str(lib->settings,
153 "libimcv.database", IMCV_DEFAULT_DATABASE_URI);
154 script = lib->settings->get_str(lib->settings,
155 "libimcv.policy_script", IMCV_DEFAULT_POLICY_SCRIPT);
156 if (uri)
157 {
158 imcv_db = imv_database_create(uri, script);
159 }
160 }
161 DBG1(DBG_LIB, "libimcv initialized");
162 }
163 ref_get(&libimcv_ref);
164
165 return TRUE;
166 }
167
168 /**
169 * Described in header.
170 */
171 void libimcv_deinit(void)
172 {
173 if (ref_put(&libimcv_ref))
174 {
175 imcv_pa_tnc_attributes->remove_vendor(imcv_pa_tnc_attributes, PEN_IETF);
176 imcv_pa_tnc_attributes->remove_vendor(imcv_pa_tnc_attributes, PEN_ITA);
177 DESTROY_IF(imcv_pa_tnc_attributes);
178 DESTROY_IF(imcv_db);
179 DBG1(DBG_LIB, "libimcv terminated");
180 }
181 if (ref_put(&libstrongswan_ref))
182 {
183 library_deinit();
184 }
185 }
186