src/libstrongswan/library.c

   1 /*
   2  * Copyright (C) 2009 Tobias Brunner
   3  * Copyright (C) 2008 Martin Willi
   4  * Hochschule fuer Technik Rapperswil
   5  *
   6  * This program is free software; you can redistribute it and/or modify it
   7  * under the terms of the GNU General Public License as published by the
   8  * Free Software Foundation; either version 2 of the License, or (at your
   9  * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
  10  *
  11  * This program is distributed in the hope that it will be useful, but
  12  * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
  13  * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  14  * for more details.
  15  */
  16
  17 #include "library.h"
  18
  19 #include <stdlib.h>
  20
  21 #include <utils/debug.h>
  22 #include <threading/thread.h>
  23 #include <utils/identification.h>
  24 #include <networking/host.h>
  25 #include <collections/hashtable.h>
  26 #include <utils/backtrace.h>
  27 #include <selectors/traffic_selector.h>
  28
  29 #define CHECKSUM_LIBRARY IPSEC_LIB_DIR"/libchecksum.so"
  30
  31 typedef struct private_library_t private_library_t;
  32
  33 /**
  34  * private data of library
  35  */
  36 struct private_library_t {
  37
  38         /**
  39          * public functions
  40          */
  41         library_t public;
  42
  43         /**
  44          * Hashtable with registered objects (name => object)
  45          */
  46         hashtable_t *objects;
  47
  48         /**
  49          * Integrity check failed?
  50          */
  51         bool integrity_failed;
  52
  53         /**
  54          * Number of times we have been initialized
  55          */
  56         refcount_t ref;
  57 };
  58
  59 /**
  60  * library instance
  61  */
  62 library_t *lib = NULL;
  63
  64 /**
  65  * Deinitialize library
  66  */
  67 void library_deinit()
  68 {
  69         private_library_t *this = (private_library_t*)lib;
  70         bool detailed;
  71
  72         if (!this || !ref_put(&this->ref))
  73         {       /* have more users */
  74                 return;
  75         }
  76
  77         detailed = lib->settings->get_bool(lib->settings,
  78                                                                 "libstrongswan.leak_detective.detailed", TRUE);
  79
  80         /* make sure the cache is clear before unloading plugins */
  81         lib->credmgr->flush_cache(lib->credmgr, CERT_ANY);
  82
  83         this->public.scheduler->destroy(this->public.scheduler);
  84         this->public.processor->destroy(this->public.processor);
  85         this->public.plugins->destroy(this->public.plugins);
  86         this->public.hosts->destroy(this->public.hosts);
  87         this->public.settings->destroy(this->public.settings);
  88         this->public.credmgr->destroy(this->public.credmgr);
  89         this->public.creds->destroy(this->public.creds);
  90         this->public.encoding->destroy(this->public.encoding);
  91         this->public.crypto->destroy(this->public.crypto);
  92         this->public.proposal->destroy(this->public.proposal);
  93         this->public.fetcher->destroy(this->public.fetcher);
  94         this->public.resolver->destroy(this->public.resolver);
  95         this->public.db->destroy(this->public.db);
  96         this->public.printf_hook->destroy(this->public.printf_hook);
  97         this->objects->destroy(this->objects);
  98         if (this->public.integrity)
  99         {
 100                 this->public.integrity->destroy(this->public.integrity);
 101         }
 102
 103         if (lib->leak_detective)
 104         {
 105                 lib->leak_detective->report(lib->leak_detective, detailed);
 106                 lib->leak_detective->destroy(lib->leak_detective);
 107         }
 108
 109         threads_deinit();
 110         backtrace_deinit();
 111
 112         free(this);
 113         lib = NULL;
 114 }
 115
 116 METHOD(library_t, get, void*,
 117         private_library_t *this, char *name)
 118 {
 119         return this->objects->get(this->objects, name);
 120 }
 121
 122 METHOD(library_t, set, bool,
 123         private_library_t *this, char *name, void *object)
 124 {
 125         if (object)
 126         {
 127                 if (this->objects->get(this->objects, name))
 128                 {
 129                         return FALSE;
 130                 }
 131                 this->objects->put(this->objects, name, object);
 132                 return TRUE;
 133         }
 134         return this->objects->remove(this->objects, name) != NULL;
 135 }
 136
 137 /**
 138  * Hashtable hash function
 139  */
 140 static u_int hash(char *key)
 141 {
 142         return chunk_hash(chunk_create(key, strlen(key)));
 143 }
 144
 145 /**
 146  * Hashtable equals function
 147  */
 148 static bool equals(char *a, char *b)
 149 {
 150         return streq(a, b);
 151 }
 152
 153 /**
 154  * Number of words we write and memwipe() in memwipe check
 155  */
 156 #define MEMWIPE_WIPE_WORDS 16
 157
 158 /**
 159  * Number of words we check stack for memwiped magic
 160  */
 161 #define MEMWIPE_CHECK_WORDS (MEMWIPE_WIPE_WORDS * 2)
 162
 163 /**
 164  * Write magic to memory, and try to clear it with memwipe()
 165  */
 166 __attribute__((noinline))
 167 static void do_magic(int magic, int **stack)
 168 {
 169         int buf[MEMWIPE_WIPE_WORDS], i;
 170
 171         /* tell caller where callee stack is (but don't point to buf) */
 172         *stack = &i;
 173         for (i = 0; i < countof(buf); i++)
 174         {
 175                 buf[i] = magic;
 176         }
 177         /* passing buf to dbg should make sure the compiler can't optimize out buf.
 178          * we use directly dbg(3), as DBG3() might be stripped with DEBUG_LEVEL. */
 179         dbg(DBG_LIB, 3, "memwipe() pre: %b", buf, sizeof(buf));
 180         memwipe(buf, sizeof(buf));
 181 }
 182
 183 /**
 184  * Check if memwipe works as expected
 185  */
 186 static bool check_memwipe()
 187 {
 188         int magic = 0xCAFEBABE, *ptr, *deeper, i, stackdir = 1;
 189
 190         do_magic(magic, &deeper);
 191
 192         ptr = &magic;
 193         if (deeper < ptr)
 194         {       /* stack grows down */
 195                 stackdir = -1;
 196         }
 197         for (i = 0; i < MEMWIPE_CHECK_WORDS; i++)
 198         {
 199                 ptr = ptr + stackdir;
 200                 if (*ptr == magic)
 201                 {
 202                         ptr = &magic + stackdir;
 203                         if (stackdir == -1)
 204                         {
 205                                 ptr -= MEMWIPE_CHECK_WORDS;
 206                         }
 207                         DBG1(DBG_LIB, "memwipe() check failed: stackdir: %d %b",
 208                                  stackdir, ptr, (u_int)(MEMWIPE_CHECK_WORDS * sizeof(int)));
 209                         return FALSE;
 210                 }
 211         }
 212         return TRUE;
 213 }
 214
 215 /*
 216  * see header file
 217  */
 218 bool library_init(char *settings)
 219 {
 220         private_library_t *this;
 221         printf_hook_t *pfh;
 222
 223         if (lib)
 224         {       /* already initialized, increase refcount */
 225                 this = (private_library_t*)lib;
 226                 ref_get(&this->ref);
 227                 return !this->integrity_failed;
 228         }
 229
 230         INIT(this,
 231                 .public = {
 232                         .get = _get,
 233                         .set = _set,
 234                 },
 235                 .ref = 1,
 236         );
 237         lib = &this->public;
 238
 239         backtrace_init();
 240         threads_init();
 241
 242 #ifdef LEAK_DETECTIVE
 243         lib->leak_detective = leak_detective_create();
 244 #endif /* LEAK_DETECTIVE */
 245
 246         pfh = printf_hook_create();
 247         this->public.printf_hook = pfh;
 248
 249         pfh->add_handler(pfh, 'b', mem_printf_hook,
 250                                          PRINTF_HOOK_ARGTYPE_POINTER, PRINTF_HOOK_ARGTYPE_INT,
 251                                          PRINTF_HOOK_ARGTYPE_END);
 252         pfh->add_handler(pfh, 'B', chunk_printf_hook,
 253                                          PRINTF_HOOK_ARGTYPE_POINTER, PRINTF_HOOK_ARGTYPE_END);
 254         pfh->add_handler(pfh, 'H', host_printf_hook,
 255                                          PRINTF_HOOK_ARGTYPE_POINTER, PRINTF_HOOK_ARGTYPE_END);
 256         pfh->add_handler(pfh, 'N', enum_printf_hook,
 257                                          PRINTF_HOOK_ARGTYPE_POINTER, PRINTF_HOOK_ARGTYPE_INT,
 258                                          PRINTF_HOOK_ARGTYPE_END);
 259         pfh->add_handler(pfh, 'T', time_printf_hook,
 260                                          PRINTF_HOOK_ARGTYPE_POINTER, PRINTF_HOOK_ARGTYPE_INT,
 261                                          PRINTF_HOOK_ARGTYPE_END);
 262         pfh->add_handler(pfh, 'V', time_delta_printf_hook,
 263                                          PRINTF_HOOK_ARGTYPE_POINTER, PRINTF_HOOK_ARGTYPE_POINTER,
 264                                          PRINTF_HOOK_ARGTYPE_END);
 265         pfh->add_handler(pfh, 'Y', identification_printf_hook,
 266                                          PRINTF_HOOK_ARGTYPE_POINTER, PRINTF_HOOK_ARGTYPE_END);
 267         pfh->add_handler(pfh, 'R', traffic_selector_printf_hook,
 268                                          PRINTF_HOOK_ARGTYPE_POINTER, PRINTF_HOOK_ARGTYPE_END);
 269
 270         this->objects = hashtable_create((hashtable_hash_t)hash,
 271                                                                          (hashtable_equals_t)equals, 4);
 272         this->public.settings = settings_create(settings);
 273         this->public.hosts = host_resolver_create();
 274         this->public.proposal = proposal_keywords_create();
 275         this->public.crypto = crypto_factory_create();
 276         this->public.creds = credential_factory_create();
 277         this->public.credmgr = credential_manager_create();
 278         this->public.encoding = cred_encoding_create();
 279         this->public.fetcher = fetcher_manager_create();
 280         this->public.resolver = resolver_manager_create();
 281         this->public.db = database_factory_create();
 282         this->public.processor = processor_create();
 283         this->public.scheduler = scheduler_create();
 284         this->public.plugins = plugin_loader_create();
 285
 286         if (!check_memwipe())
 287         {
 288                 return FALSE;
 289         }
 290
 291         if (lib->settings->get_bool(lib->settings,
 292                                                                 "libstrongswan.integrity_test", FALSE))
 293         {
 294 #ifdef INTEGRITY_TEST
 295                 this->public.integrity = integrity_checker_create(CHECKSUM_LIBRARY);
 296                 if (!lib->integrity->check(lib->integrity, "libstrongswan", library_init))
 297                 {
 298                         DBG1(DBG_LIB, "integrity check of libstrongswan failed");
 299                         this->integrity_failed = TRUE;
 300                 }
 301 #else /* !INTEGRITY_TEST */
 302                 DBG1(DBG_LIB, "integrity test enabled, but not supported");
 303                 this->integrity_failed = TRUE;
 304 #endif /* INTEGRITY_TEST */
 305         }
 306
 307         return !this->integrity_failed;
 308 }