daemon: Flush shunts before unloading plugins
[strongswan.git] / src / libstrongswan / library.c
1 /*
2 * Copyright (C) 2009 Tobias Brunner
3 * Copyright (C) 2008 Martin Willi
4 * Hochschule fuer Technik Rapperswil
5 *
6 * This program is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the
8 * Free Software Foundation; either version 2 of the License, or (at your
9 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
10 *
11 * This program is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
13 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * for more details.
15 */
16
17 #include "library.h"
18
19 #include <stdlib.h>
20
21 #include <utils/debug.h>
22 #include <threading/thread.h>
23 #include <utils/identification.h>
24 #include <networking/host.h>
25 #include <collections/array.h>
26 #include <collections/hashtable.h>
27 #include <utils/backtrace.h>
28 #include <selectors/traffic_selector.h>
29
30 #define CHECKSUM_LIBRARY IPSEC_LIB_DIR"/libchecksum.so"
31
32 #ifndef STRONGSWAN_CONF
33 #define STRONGSWAN_CONF NULL
34 #endif
35
36 typedef struct private_library_t private_library_t;
37
38 /**
39 * private data of library
40 */
41 struct private_library_t {
42
43 /**
44 * public functions
45 */
46 library_t public;
47
48 /**
49 * Hashtable with registered objects (name => object)
50 */
51 hashtable_t *objects;
52
53 /**
54 * Integrity check failed?
55 */
56 bool integrity_failed;
57
58 /**
59 * Number of times we have been initialized
60 */
61 refcount_t ref;
62 };
63
64 /**
65 * library instance
66 */
67 library_t *lib = NULL;
68
69 #ifdef LEAK_DETECTIVE
70 /**
71 * Default leak report callback
72 */
73 static void report_leaks(void *user, int count, size_t bytes,
74 backtrace_t *bt, bool detailed)
75 {
76 fprintf(stderr, "%zu bytes total, %d allocations, %zu bytes average:\n",
77 bytes, count, bytes / count);
78 bt->log(bt, stderr, detailed);
79 }
80
81 /**
82 * Default leak report summary callback
83 */
84 static void sum_leaks(void* user, int count, size_t bytes, int whitelisted)
85 {
86 switch (count)
87 {
88 case 0:
89 fprintf(stderr, "No leaks detected");
90 break;
91 case 1:
92 fprintf(stderr, "One leak detected");
93 break;
94 default:
95 fprintf(stderr, "%d leaks detected, %zu bytes", count, bytes);
96 break;
97 }
98 fprintf(stderr, ", %d suppressed by whitelist\n", whitelisted);
99 }
100 #endif /* LEAK_DETECTIVE */
101
102 /**
103 * Deinitialize library
104 */
105 void library_deinit()
106 {
107 private_library_t *this = (private_library_t*)lib;
108 bool detailed;
109
110 if (!this || !ref_put(&this->ref))
111 { /* have more users */
112 return;
113 }
114
115 detailed = lib->settings->get_bool(lib->settings,
116 "%s.leak_detective.detailed", TRUE, lib->ns);
117
118 /* make sure the cache is clear before unloading plugins */
119 lib->credmgr->flush_cache(lib->credmgr, CERT_ANY);
120
121 this->public.streams->destroy(this->public.streams);
122 this->public.watcher->destroy(this->public.watcher);
123 this->public.scheduler->destroy(this->public.scheduler);
124 this->public.processor->destroy(this->public.processor);
125 this->public.plugins->destroy(this->public.plugins);
126 this->public.hosts->destroy(this->public.hosts);
127 this->public.settings->destroy(this->public.settings);
128 this->public.credmgr->destroy(this->public.credmgr);
129 this->public.creds->destroy(this->public.creds);
130 this->public.encoding->destroy(this->public.encoding);
131 this->public.crypto->destroy(this->public.crypto);
132 this->public.caps->destroy(this->public.caps);
133 this->public.proposal->destroy(this->public.proposal);
134 this->public.fetcher->destroy(this->public.fetcher);
135 this->public.resolver->destroy(this->public.resolver);
136 this->public.db->destroy(this->public.db);
137 this->public.printf_hook->destroy(this->public.printf_hook);
138 this->objects->destroy(this->objects);
139 if (this->public.integrity)
140 {
141 this->public.integrity->destroy(this->public.integrity);
142 }
143
144 if (lib->leak_detective)
145 {
146 lib->leak_detective->report(lib->leak_detective, detailed);
147 lib->leak_detective->destroy(lib->leak_detective);
148 lib->leak_detective = NULL;
149 }
150
151 backtrace_deinit();
152 arrays_deinit();
153 utils_deinit();
154 threads_deinit();
155
156 free(this->public.conf);
157 free((void*)this->public.ns);
158 free(this);
159 lib = NULL;
160 }
161
162 METHOD(library_t, get, void*,
163 private_library_t *this, char *name)
164 {
165 return this->objects->get(this->objects, name);
166 }
167
168 METHOD(library_t, set, bool,
169 private_library_t *this, char *name, void *object)
170 {
171 if (object)
172 {
173 if (this->objects->get(this->objects, name))
174 {
175 return FALSE;
176 }
177 this->objects->put(this->objects, name, object);
178 return TRUE;
179 }
180 return this->objects->remove(this->objects, name) != NULL;
181 }
182
183 /**
184 * Hashtable hash function
185 */
186 static u_int hash(char *key)
187 {
188 return chunk_hash(chunk_create(key, strlen(key)));
189 }
190
191 /**
192 * Hashtable equals function
193 */
194 static bool equals(char *a, char *b)
195 {
196 return streq(a, b);
197 }
198
199 /**
200 * Number of words we write and memwipe() in memwipe check
201 */
202 #define MEMWIPE_WIPE_WORDS 16
203
204 /**
205 * Write magic to memory, and try to clear it with memwipe()
206 */
207 __attribute__((noinline))
208 static void do_magic(int *magic, int **out)
209 {
210 int buf[MEMWIPE_WIPE_WORDS], i;
211
212 *out = buf;
213 for (i = 0; i < countof(buf); i++)
214 {
215 buf[i] = *magic;
216 }
217 /* passing buf to dbg should make sure the compiler can't optimize out buf.
218 * we use directly dbg(3), as DBG3() might be stripped with DEBUG_LEVEL. */
219 dbg(DBG_LIB, 3, "memwipe() pre: %b", buf, sizeof(buf));
220 memwipe(buf, sizeof(buf));
221 }
222
223 /**
224 * Check if memwipe works as expected
225 */
226 static bool check_memwipe()
227 {
228 int magic = 0xCAFEBABE, *buf, i;
229
230 do_magic(&magic, &buf);
231
232 for (i = 0; i < MEMWIPE_WIPE_WORDS; i++)
233 {
234 if (buf[i] == magic)
235 {
236 DBG1(DBG_LIB, "memwipe() check failed: stackdir: %b",
237 buf, MEMWIPE_WIPE_WORDS * sizeof(int));
238 return FALSE;
239 }
240 }
241 return TRUE;
242 }
243
244 /*
245 * see header file
246 */
247 bool library_init(char *settings, const char *namespace)
248 {
249 private_library_t *this;
250 printf_hook_t *pfh;
251
252 if (lib)
253 { /* already initialized, increase refcount */
254 this = (private_library_t*)lib;
255 ref_get(&this->ref);
256 return !this->integrity_failed;
257 }
258
259 chunk_hash_seed();
260
261 INIT(this,
262 .public = {
263 .get = _get,
264 .set = _set,
265 .ns = strdup(namespace ?: "libstrongswan"),
266 .conf = strdupnull(settings ?: (getenv("STRONGSWAN_CONF") ?: STRONGSWAN_CONF)),
267 },
268 .ref = 1,
269 );
270 lib = &this->public;
271
272 threads_init();
273 utils_init();
274 arrays_init();
275 backtrace_init();
276
277 #ifdef LEAK_DETECTIVE
278 lib->leak_detective = leak_detective_create();
279 if (lib->leak_detective)
280 {
281 lib->leak_detective->set_report_cb(lib->leak_detective,
282 report_leaks, sum_leaks, NULL);
283 }
284 #endif /* LEAK_DETECTIVE */
285
286 pfh = printf_hook_create();
287 this->public.printf_hook = pfh;
288
289 pfh->add_handler(pfh, 'b', mem_printf_hook,
290 PRINTF_HOOK_ARGTYPE_POINTER, PRINTF_HOOK_ARGTYPE_INT,
291 PRINTF_HOOK_ARGTYPE_END);
292 pfh->add_handler(pfh, 'B', chunk_printf_hook,
293 PRINTF_HOOK_ARGTYPE_POINTER, PRINTF_HOOK_ARGTYPE_END);
294 pfh->add_handler(pfh, 'H', host_printf_hook,
295 PRINTF_HOOK_ARGTYPE_POINTER, PRINTF_HOOK_ARGTYPE_END);
296 pfh->add_handler(pfh, 'N', enum_printf_hook,
297 PRINTF_HOOK_ARGTYPE_POINTER, PRINTF_HOOK_ARGTYPE_INT,
298 PRINTF_HOOK_ARGTYPE_END);
299 pfh->add_handler(pfh, 'T', time_printf_hook,
300 PRINTF_HOOK_ARGTYPE_POINTER, PRINTF_HOOK_ARGTYPE_INT,
301 PRINTF_HOOK_ARGTYPE_END);
302 pfh->add_handler(pfh, 'V', time_delta_printf_hook,
303 PRINTF_HOOK_ARGTYPE_POINTER, PRINTF_HOOK_ARGTYPE_POINTER,
304 PRINTF_HOOK_ARGTYPE_END);
305 pfh->add_handler(pfh, 'Y', identification_printf_hook,
306 PRINTF_HOOK_ARGTYPE_POINTER, PRINTF_HOOK_ARGTYPE_END);
307 pfh->add_handler(pfh, 'R', traffic_selector_printf_hook,
308 PRINTF_HOOK_ARGTYPE_POINTER, PRINTF_HOOK_ARGTYPE_END);
309
310 this->objects = hashtable_create((hashtable_hash_t)hash,
311 (hashtable_equals_t)equals, 4);
312
313 this->public.settings = settings_create(this->public.conf);
314 /* all namespace settings may fall back to libstrongswan */
315 lib->settings->add_fallback(lib->settings, lib->ns, "libstrongswan");
316
317 this->public.hosts = host_resolver_create();
318 this->public.proposal = proposal_keywords_create();
319 this->public.caps = capabilities_create();
320 this->public.crypto = crypto_factory_create();
321 this->public.creds = credential_factory_create();
322 this->public.credmgr = credential_manager_create();
323 this->public.encoding = cred_encoding_create();
324 this->public.fetcher = fetcher_manager_create();
325 this->public.resolver = resolver_manager_create();
326 this->public.db = database_factory_create();
327 this->public.processor = processor_create();
328 this->public.scheduler = scheduler_create();
329 this->public.watcher = watcher_create();
330 this->public.streams = stream_manager_create();
331 this->public.plugins = plugin_loader_create();
332
333 if (!check_memwipe())
334 {
335 return FALSE;
336 }
337
338 if (lib->settings->get_bool(lib->settings,
339 "%s.integrity_test", FALSE, lib->ns))
340 {
341 #ifdef INTEGRITY_TEST
342 this->public.integrity = integrity_checker_create(CHECKSUM_LIBRARY);
343 if (!lib->integrity->check(lib->integrity, "libstrongswan", library_init))
344 {
345 DBG1(DBG_LIB, "integrity check of libstrongswan failed");
346 this->integrity_failed = TRUE;
347 }
348 #else /* !INTEGRITY_TEST */
349 DBG1(DBG_LIB, "integrity test enabled, but not supported");
350 this->integrity_failed = TRUE;
351 #endif /* INTEGRITY_TEST */
352 }
353
354 diffie_hellman_init();
355
356 return !this->integrity_failed;
357 }