child-rekey: Don't change state to INSTALLED if it was already REKEYING
[strongswan.git] / src / libstrongswan / library.c
1 /*
2 * Copyright (C) 2009-2016 Tobias Brunner
3 * Copyright (C) 2008 Martin Willi
4 * Hochschule fuer Technik Rapperswil
5 *
6 * This program is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the
8 * Free Software Foundation; either version 2 of the License, or (at your
9 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
10 *
11 * This program is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
13 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * for more details.
15 */
16
17 #include "library.h"
18
19 #include <stdlib.h>
20
21 #include <utils/debug.h>
22 #include <threading/thread.h>
23 #include <utils/identification.h>
24 #include <networking/host.h>
25 #include <collections/array.h>
26 #include <collections/hashtable.h>
27 #include <utils/backtrace.h>
28 #include <selectors/traffic_selector.h>
29
30 #define CHECKSUM_LIBRARY IPSEC_LIB_DIR"/libchecksum.so"
31
32 #ifndef STRONGSWAN_CONF
33 #define STRONGSWAN_CONF NULL
34 #endif
35
36 typedef struct private_library_t private_library_t;
37
38 /**
39 * private data of library
40 */
41 struct private_library_t {
42
43 /**
44 * public functions
45 */
46 library_t public;
47
48 /**
49 * Hashtable with registered objects (name => object)
50 */
51 hashtable_t *objects;
52
53 /**
54 * Integrity check failed?
55 */
56 bool integrity_failed;
57
58 /**
59 * Number of times we have been initialized
60 */
61 refcount_t ref;
62 };
63
64 #define MAX_NAMESPACES 5
65
66 /**
67 * Additional namespaces registered using __atrribute__((constructor))
68 */
69 static char *namespaces[MAX_NAMESPACES];
70 static int ns_count;
71
72 /**
73 * Described in header
74 */
75 void library_add_namespace(char *ns)
76 {
77 if (ns_count < MAX_NAMESPACES - 1)
78 {
79 namespaces[ns_count] = ns;
80 ns_count++;
81 }
82 else
83 {
84 fprintf(stderr, "failed to register additional namespace alias, please "
85 "increase MAX_NAMESPACES");
86 }
87 }
88
89 /**
90 * library instance
91 */
92 library_t *lib = NULL;
93
94 #ifdef LEAK_DETECTIVE
95 /**
96 * Default leak report callback
97 */
98 static void report_leaks(void *user, int count, size_t bytes,
99 backtrace_t *bt, bool detailed)
100 {
101 fprintf(stderr, "%zu bytes total, %d allocations, %zu bytes average:\n",
102 bytes, count, bytes / count);
103 bt->log(bt, stderr, detailed);
104 }
105
106 /**
107 * Default leak report summary callback
108 */
109 static void sum_leaks(void* user, int count, size_t bytes, int whitelisted)
110 {
111 switch (count)
112 {
113 case 0:
114 fprintf(stderr, "No leaks detected");
115 break;
116 case 1:
117 fprintf(stderr, "One leak detected");
118 break;
119 default:
120 fprintf(stderr, "%d leaks detected, %zu bytes", count, bytes);
121 break;
122 }
123 fprintf(stderr, ", %d suppressed by whitelist\n", whitelisted);
124 }
125 #endif /* LEAK_DETECTIVE */
126
127 /**
128 * Deinitialize library
129 */
130 void library_deinit()
131 {
132 private_library_t *this = (private_library_t*)lib;
133 bool detailed;
134
135 if (!this || !ref_put(&this->ref))
136 { /* have more users */
137 return;
138 }
139
140 detailed = lib->settings->get_bool(lib->settings,
141 "%s.leak_detective.detailed", TRUE, lib->ns);
142
143 /* make sure the cache is clear before unloading plugins */
144 lib->credmgr->flush_cache(lib->credmgr, CERT_ANY);
145
146 this->public.streams->destroy(this->public.streams);
147 this->public.watcher->destroy(this->public.watcher);
148 this->public.scheduler->destroy(this->public.scheduler);
149 this->public.processor->destroy(this->public.processor);
150 this->public.plugins->destroy(this->public.plugins);
151 this->public.hosts->destroy(this->public.hosts);
152 this->public.settings->destroy(this->public.settings);
153 this->public.credmgr->destroy(this->public.credmgr);
154 this->public.creds->destroy(this->public.creds);
155 this->public.encoding->destroy(this->public.encoding);
156 this->public.crypto->destroy(this->public.crypto);
157 this->public.caps->destroy(this->public.caps);
158 this->public.proposal->destroy(this->public.proposal);
159 this->public.fetcher->destroy(this->public.fetcher);
160 this->public.resolver->destroy(this->public.resolver);
161 this->public.db->destroy(this->public.db);
162 this->public.printf_hook->destroy(this->public.printf_hook);
163 this->objects->destroy(this->objects);
164 if (this->public.integrity)
165 {
166 this->public.integrity->destroy(this->public.integrity);
167 }
168
169 if (lib->leak_detective)
170 {
171 lib->leak_detective->report(lib->leak_detective, detailed);
172 lib->leak_detective->destroy(lib->leak_detective);
173 lib->leak_detective = NULL;
174 }
175
176 backtrace_deinit();
177 arrays_deinit();
178 utils_deinit();
179 threads_deinit();
180
181 free(this->public.conf);
182 free((void*)this->public.ns);
183 free(this);
184 lib = NULL;
185 }
186
187 METHOD(library_t, get, void*,
188 private_library_t *this, char *name)
189 {
190 return this->objects->get(this->objects, name);
191 }
192
193 METHOD(library_t, set, bool,
194 private_library_t *this, char *name, void *object)
195 {
196 if (object)
197 {
198 if (this->objects->get(this->objects, name))
199 {
200 return FALSE;
201 }
202 this->objects->put(this->objects, name, object);
203 return TRUE;
204 }
205 return this->objects->remove(this->objects, name) != NULL;
206 }
207
208 /**
209 * Hashtable hash function
210 */
211 static u_int hash(char *key)
212 {
213 return chunk_hash(chunk_create(key, strlen(key)));
214 }
215
216 /**
217 * Hashtable equals function
218 */
219 static bool equals(char *a, char *b)
220 {
221 return streq(a, b);
222 }
223
224 /**
225 * Number of words we write and memwipe() in memwipe check
226 */
227 #define MEMWIPE_WIPE_WORDS 16
228
229 /**
230 * Write magic to memory, and try to clear it with memwipe()
231 */
232 __attribute__((noinline))
233 static void do_magic(int *magic, int **out)
234 {
235 int buf[MEMWIPE_WIPE_WORDS], i;
236
237 *out = buf;
238 for (i = 0; i < countof(buf); i++)
239 {
240 buf[i] = *magic;
241 }
242 /* passing buf to dbg should make sure the compiler can't optimize out buf.
243 * we use directly dbg(3), as DBG3() might be stripped with DEBUG_LEVEL. */
244 dbg(DBG_LIB, 3, "memwipe() pre: %b", buf, sizeof(buf));
245 memwipe(buf, sizeof(buf));
246 }
247
248 /**
249 * Check if memwipe works as expected
250 */
251 static bool check_memwipe()
252 {
253 int magic = 0xCAFEBABE, *buf, i;
254
255 do_magic(&magic, &buf);
256
257 for (i = 0; i < MEMWIPE_WIPE_WORDS; i++)
258 {
259 if (buf[i] == magic)
260 {
261 DBG1(DBG_LIB, "memwipe() check failed: stackdir: %b",
262 buf, MEMWIPE_WIPE_WORDS * sizeof(int));
263 return FALSE;
264 }
265 }
266 return TRUE;
267 }
268
269 /*
270 * see header file
271 */
272 bool library_init(char *settings, const char *namespace)
273 {
274 private_library_t *this;
275 printf_hook_t *pfh;
276 int i;
277
278 if (lib)
279 { /* already initialized, increase refcount */
280 this = (private_library_t*)lib;
281 ref_get(&this->ref);
282 return !this->integrity_failed;
283 }
284
285 chunk_hash_seed();
286
287 INIT(this,
288 .public = {
289 .get = _get,
290 .set = _set,
291 .ns = strdup(namespace ?: "libstrongswan"),
292 .conf = strdupnull(settings ?: (getenv("STRONGSWAN_CONF") ?: STRONGSWAN_CONF)),
293 },
294 .ref = 1,
295 );
296 lib = &this->public;
297
298 threads_init();
299 utils_init();
300 arrays_init();
301 backtrace_init();
302
303 #ifdef LEAK_DETECTIVE
304 lib->leak_detective = leak_detective_create();
305 if (lib->leak_detective)
306 {
307 lib->leak_detective->set_report_cb(lib->leak_detective,
308 report_leaks, sum_leaks, NULL);
309 }
310 #endif /* LEAK_DETECTIVE */
311
312 pfh = printf_hook_create();
313 this->public.printf_hook = pfh;
314
315 pfh->add_handler(pfh, 'b', mem_printf_hook,
316 PRINTF_HOOK_ARGTYPE_POINTER, PRINTF_HOOK_ARGTYPE_INT,
317 PRINTF_HOOK_ARGTYPE_END);
318 pfh->add_handler(pfh, 'B', chunk_printf_hook,
319 PRINTF_HOOK_ARGTYPE_POINTER, PRINTF_HOOK_ARGTYPE_END);
320 pfh->add_handler(pfh, 'H', host_printf_hook,
321 PRINTF_HOOK_ARGTYPE_POINTER, PRINTF_HOOK_ARGTYPE_END);
322 pfh->add_handler(pfh, 'N', enum_printf_hook,
323 PRINTF_HOOK_ARGTYPE_POINTER, PRINTF_HOOK_ARGTYPE_INT,
324 PRINTF_HOOK_ARGTYPE_END);
325 pfh->add_handler(pfh, 'T', time_printf_hook,
326 PRINTF_HOOK_ARGTYPE_POINTER, PRINTF_HOOK_ARGTYPE_INT,
327 PRINTF_HOOK_ARGTYPE_END);
328 pfh->add_handler(pfh, 'V', time_delta_printf_hook,
329 PRINTF_HOOK_ARGTYPE_POINTER, PRINTF_HOOK_ARGTYPE_POINTER,
330 PRINTF_HOOK_ARGTYPE_END);
331 pfh->add_handler(pfh, 'Y', identification_printf_hook,
332 PRINTF_HOOK_ARGTYPE_POINTER, PRINTF_HOOK_ARGTYPE_END);
333 pfh->add_handler(pfh, 'R', traffic_selector_printf_hook,
334 PRINTF_HOOK_ARGTYPE_POINTER, PRINTF_HOOK_ARGTYPE_END);
335
336 this->objects = hashtable_create((hashtable_hash_t)hash,
337 (hashtable_equals_t)equals, 4);
338
339 this->public.settings = settings_create(this->public.conf);
340 /* add registered aliases */
341 for (i = 0; i < ns_count; ++i)
342 {
343 lib->settings->add_fallback(lib->settings, lib->ns, namespaces[i]);
344 }
345 /* all namespace settings may fall back to libstrongswan */
346 lib->settings->add_fallback(lib->settings, lib->ns, "libstrongswan");
347
348 this->public.hosts = host_resolver_create();
349 this->public.proposal = proposal_keywords_create();
350 this->public.caps = capabilities_create();
351 this->public.crypto = crypto_factory_create();
352 this->public.creds = credential_factory_create();
353 this->public.credmgr = credential_manager_create();
354 this->public.encoding = cred_encoding_create();
355 this->public.fetcher = fetcher_manager_create();
356 this->public.resolver = resolver_manager_create();
357 this->public.db = database_factory_create();
358 this->public.processor = processor_create();
359 this->public.scheduler = scheduler_create();
360 this->public.watcher = watcher_create();
361 this->public.streams = stream_manager_create();
362 this->public.plugins = plugin_loader_create();
363
364 if (!check_memwipe())
365 {
366 return FALSE;
367 }
368
369 if (lib->settings->get_bool(lib->settings,
370 "%s.integrity_test", FALSE, lib->ns))
371 {
372 #ifdef INTEGRITY_TEST
373 this->public.integrity = integrity_checker_create(CHECKSUM_LIBRARY);
374 if (!lib->integrity->check(lib->integrity, "libstrongswan", library_init))
375 {
376 DBG1(DBG_LIB, "integrity check of libstrongswan failed");
377 this->integrity_failed = TRUE;
378 }
379 #else /* !INTEGRITY_TEST */
380 DBG1(DBG_LIB, "integrity test enabled, but not supported");
381 this->integrity_failed = TRUE;
382 #endif /* INTEGRITY_TEST */
383 }
384
385 diffie_hellman_init();
386
387 return !this->integrity_failed;
388 }