src/libstrongswan/library.c

   1 /*
   2  * Copyright (C) 2009 Tobias Brunner
   3  * Copyright (C) 2008 Martin Willi
   4  * Hochschule fuer Technik Rapperswil
   5  *
   6  * This program is free software; you can redistribute it and/or modify it
   7  * under the terms of the GNU General Public License as published by the
   8  * Free Software Foundation; either version 2 of the License, or (at your
   9  * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
  10  *
  11  * This program is distributed in the hope that it will be useful, but
  12  * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
  13  * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  14  * for more details.
  15  */
  16
  17 #include "library.h"
  18
  19 #include <stdlib.h>
  20
  21 #include <utils/debug.h>
  22 #include <threading/thread.h>
  23 #include <utils/identification.h>
  24 #include <networking/host.h>
  25 #include <collections/hashtable.h>
  26 #include <utils/backtrace.h>
  27 #include <selectors/traffic_selector.h>
  28
  29 #define CHECKSUM_LIBRARY IPSEC_LIB_DIR"/libchecksum.so"
  30
  31 typedef struct private_library_t private_library_t;
  32
  33 /**
  34  * private data of library
  35  */
  36 struct private_library_t {
  37
  38         /**
  39          * public functions
  40          */
  41         library_t public;
  42
  43         /**
  44          * Hashtable with registered objects (name => object)
  45          */
  46         hashtable_t *objects;
  47
  48         /**
  49          * Integrity check failed?
  50          */
  51         bool integrity_failed;
  52
  53         /**
  54          * Number of times we have been initialized
  55          */
  56         refcount_t ref;
  57 };
  58
  59 /**
  60  * library instance
  61  */
  62 library_t *lib = NULL;
  63
  64 /**
  65  * Deinitialize library
  66  */
  67 void library_deinit()
  68 {
  69         private_library_t *this = (private_library_t*)lib;
  70         bool detailed;
  71
  72         if (!this || !ref_put(&this->ref))
  73         {       /* have more users */
  74                 return;
  75         }
  76
  77         detailed = lib->settings->get_bool(lib->settings,
  78                                                                 "libstrongswan.leak_detective.detailed", TRUE);
  79
  80         /* make sure the cache is clear before unloading plugins */
  81         lib->credmgr->flush_cache(lib->credmgr, CERT_ANY);
  82
  83         this->public.scheduler->destroy(this->public.scheduler);
  84         this->public.processor->destroy(this->public.processor);
  85         this->public.plugins->destroy(this->public.plugins);
  86         this->public.hosts->destroy(this->public.hosts);
  87         this->public.settings->destroy(this->public.settings);
  88         this->public.credmgr->destroy(this->public.credmgr);
  89         this->public.creds->destroy(this->public.creds);
  90         this->public.encoding->destroy(this->public.encoding);
  91         this->public.crypto->destroy(this->public.crypto);
  92         this->public.proposal->destroy(this->public.proposal);
  93         this->public.fetcher->destroy(this->public.fetcher);
  94         this->public.resolver->destroy(this->public.resolver);
  95         this->public.db->destroy(this->public.db);
  96         this->public.printf_hook->destroy(this->public.printf_hook);
  97         this->objects->destroy(this->objects);
  98         if (this->public.integrity)
  99         {
 100                 this->public.integrity->destroy(this->public.integrity);
 101         }
 102
 103         if (lib->leak_detective)
 104         {
 105                 lib->leak_detective->report(lib->leak_detective, detailed);
 106                 lib->leak_detective->destroy(lib->leak_detective);
 107         }
 108
 109         threads_deinit();
 110         backtrace_deinit();
 111
 112         free(this);
 113         lib = NULL;
 114 }
 115
 116 METHOD(library_t, get, void*,
 117         private_library_t *this, char *name)
 118 {
 119         return this->objects->get(this->objects, name);
 120 }
 121
 122 METHOD(library_t, set, bool,
 123         private_library_t *this, char *name, void *object)
 124 {
 125         if (object)
 126         {
 127                 if (this->objects->get(this->objects, name))
 128                 {
 129                         return FALSE;
 130                 }
 131                 this->objects->put(this->objects, name, object);
 132                 return TRUE;
 133         }
 134         return this->objects->remove(this->objects, name) != NULL;
 135 }
 136
 137 /**
 138  * Hashtable hash function
 139  */
 140 static u_int hash(char *key)
 141 {
 142         return chunk_hash(chunk_create(key, strlen(key)));
 143 }
 144
 145 /**
 146  * Hashtable equals function
 147  */
 148 static bool equals(char *a, char *b)
 149 {
 150         return streq(a, b);
 151 }
 152
 153 /**
 154  * Write magic to memory, and try to clear it with memwipe()
 155  */
 156 __attribute__((noinline))
 157 static void do_magic(int magic, int **stack)
 158 {
 159         int buf[32], i;
 160
 161         /* tell caller where callee stack is (but don't point to buf) */
 162         *stack = &i;
 163         for (i = 0; i < countof(buf); i++)
 164         {
 165                 buf[i] = magic;
 166         }
 167         /* passing buf to dbg should make sure the compiler can't optimize out buf.
 168          * we use directly dbg(3), as DBG3() might be stripped with DEBUG_LEVEL. */
 169         dbg(DBG_LIB, 3, "memwipe() pre: %b", buf, sizeof(buf));
 170         memwipe(buf, sizeof(buf));
 171 }
 172
 173 /**
 174  * Check if memwipe works as expected
 175  */
 176 static bool check_memwipe()
 177 {
 178         int magic = 0xCAFEBABE, *ptr, *deeper, i, stackdir = 1;
 179
 180         do_magic(magic, &deeper);
 181
 182         ptr = &magic;
 183         if (deeper < ptr)
 184         {       /* stack grows down */
 185                 stackdir = -1;
 186         }
 187         for (i = 0; i < 128; i++)
 188         {
 189                 ptr = ptr + stackdir;
 190                 if (*ptr == magic)
 191                 {
 192                         return FALSE;
 193                 }
 194         }
 195         return TRUE;
 196 }
 197
 198 /*
 199  * see header file
 200  */
 201 bool library_init(char *settings)
 202 {
 203         private_library_t *this;
 204         printf_hook_t *pfh;
 205
 206         if (lib)
 207         {       /* already initialized, increase refcount */
 208                 this = (private_library_t*)lib;
 209                 ref_get(&this->ref);
 210                 return !this->integrity_failed;
 211         }
 212
 213         INIT(this,
 214                 .public = {
 215                         .get = _get,
 216                         .set = _set,
 217                 },
 218                 .ref = 1,
 219         );
 220         lib = &this->public;
 221
 222         backtrace_init();
 223         threads_init();
 224
 225 #ifdef LEAK_DETECTIVE
 226         lib->leak_detective = leak_detective_create();
 227 #endif /* LEAK_DETECTIVE */
 228
 229         pfh = printf_hook_create();
 230         this->public.printf_hook = pfh;
 231
 232         pfh->add_handler(pfh, 'b', mem_printf_hook,
 233                                          PRINTF_HOOK_ARGTYPE_POINTER, PRINTF_HOOK_ARGTYPE_INT,
 234                                          PRINTF_HOOK_ARGTYPE_END);
 235         pfh->add_handler(pfh, 'B', chunk_printf_hook,
 236                                          PRINTF_HOOK_ARGTYPE_POINTER, PRINTF_HOOK_ARGTYPE_END);
 237         pfh->add_handler(pfh, 'H', host_printf_hook,
 238                                          PRINTF_HOOK_ARGTYPE_POINTER, PRINTF_HOOK_ARGTYPE_END);
 239         pfh->add_handler(pfh, 'N', enum_printf_hook,
 240                                          PRINTF_HOOK_ARGTYPE_POINTER, PRINTF_HOOK_ARGTYPE_INT,
 241                                          PRINTF_HOOK_ARGTYPE_END);
 242         pfh->add_handler(pfh, 'T', time_printf_hook,
 243                                          PRINTF_HOOK_ARGTYPE_POINTER, PRINTF_HOOK_ARGTYPE_INT,
 244                                          PRINTF_HOOK_ARGTYPE_END);
 245         pfh->add_handler(pfh, 'V', time_delta_printf_hook,
 246                                          PRINTF_HOOK_ARGTYPE_POINTER, PRINTF_HOOK_ARGTYPE_POINTER,
 247                                          PRINTF_HOOK_ARGTYPE_END);
 248         pfh->add_handler(pfh, 'Y', identification_printf_hook,
 249                                          PRINTF_HOOK_ARGTYPE_POINTER, PRINTF_HOOK_ARGTYPE_END);
 250         pfh->add_handler(pfh, 'R', traffic_selector_printf_hook,
 251                                          PRINTF_HOOK_ARGTYPE_POINTER, PRINTF_HOOK_ARGTYPE_END);
 252
 253         this->objects = hashtable_create((hashtable_hash_t)hash,
 254                                                                          (hashtable_equals_t)equals, 4);
 255         this->public.settings = settings_create(settings);
 256         this->public.hosts = host_resolver_create();
 257         this->public.proposal = proposal_keywords_create();
 258         this->public.crypto = crypto_factory_create();
 259         this->public.creds = credential_factory_create();
 260         this->public.credmgr = credential_manager_create();
 261         this->public.encoding = cred_encoding_create();
 262         this->public.fetcher = fetcher_manager_create();
 263         this->public.resolver = resolver_manager_create();
 264         this->public.db = database_factory_create();
 265         this->public.processor = processor_create();
 266         this->public.scheduler = scheduler_create();
 267         this->public.plugins = plugin_loader_create();
 268
 269         if (!check_memwipe())
 270         {
 271                 DBG1(DBG_LIB, "memwipe() check failed");
 272                 return FALSE;
 273         }
 274
 275         if (lib->settings->get_bool(lib->settings,
 276                                                                 "libstrongswan.integrity_test", FALSE))
 277         {
 278 #ifdef INTEGRITY_TEST
 279                 this->public.integrity = integrity_checker_create(CHECKSUM_LIBRARY);
 280                 if (!lib->integrity->check(lib->integrity, "libstrongswan", library_init))
 281                 {
 282                         DBG1(DBG_LIB, "integrity check of libstrongswan failed");
 283                         this->integrity_failed = TRUE;
 284                 }
 285 #else /* !INTEGRITY_TEST */
 286                 DBG1(DBG_LIB, "integrity test enabled, but not supported");
 287                 this->integrity_failed = TRUE;
 288 #endif /* INTEGRITY_TEST */
 289         }
 290
 291         return !this->integrity_failed;
 292 }