Merge branch 'testing-leak-detective'
[strongswan.git] / src / libstrongswan / library.c
1 /*
2 * Copyright (C) 2009-2016 Tobias Brunner
3 * Copyright (C) 2008 Martin Willi
4 * Hochschule fuer Technik Rapperswil
5 *
6 * This program is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the
8 * Free Software Foundation; either version 2 of the License, or (at your
9 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
10 *
11 * This program is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
13 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * for more details.
15 */
16
17 #include "library.h"
18
19 #include <stdlib.h>
20
21 #include <utils/debug.h>
22 #include <threading/thread.h>
23 #include <utils/identification.h>
24 #include <networking/host.h>
25 #include <collections/array.h>
26 #include <collections/hashtable.h>
27 #include <utils/backtrace.h>
28 #include <selectors/traffic_selector.h>
29
30 #define CHECKSUM_LIBRARY IPSEC_LIB_DIR"/libchecksum.so"
31
32 #ifndef STRONGSWAN_CONF
33 #define STRONGSWAN_CONF NULL
34 #endif
35
36 typedef struct private_library_t private_library_t;
37
38 /**
39 * private data of library
40 */
41 struct private_library_t {
42
43 /**
44 * public functions
45 */
46 library_t public;
47
48 /**
49 * Hashtable with registered objects (name => object)
50 */
51 hashtable_t *objects;
52
53 /**
54 * Integrity check failed?
55 */
56 bool integrity_failed;
57
58 #ifdef LEAK_DETECTIVE
59 /**
60 * Where to write leak detective output to
61 */
62 FILE *ld_out;
63 #endif
64
65 /**
66 * Number of times we have been initialized
67 */
68 refcount_t ref;
69 };
70
71 #define MAX_NAMESPACES 5
72
73 /**
74 * Additional namespaces registered using __atrribute__((constructor))
75 */
76 static char *namespaces[MAX_NAMESPACES];
77 static int ns_count;
78
79 /**
80 * Described in header
81 */
82 void library_add_namespace(char *ns)
83 {
84 if (ns_count < MAX_NAMESPACES - 1)
85 {
86 namespaces[ns_count] = ns;
87 ns_count++;
88 }
89 else
90 {
91 fprintf(stderr, "failed to register additional namespace alias, please "
92 "increase MAX_NAMESPACES");
93 }
94 }
95
96 /**
97 * library instance
98 */
99 library_t *lib = NULL;
100
101 #ifdef LEAK_DETECTIVE
102 /**
103 * Default leak report callback
104 */
105 CALLBACK(report_leaks, void,
106 private_library_t *this, int count, size_t bytes, backtrace_t *bt,
107 bool detailed)
108 {
109 fprintf(this->ld_out, "%zu bytes total, %d allocations, %zu bytes average:\n",
110 bytes, count, bytes / count);
111 bt->log(bt, this->ld_out, detailed);
112 }
113
114 /**
115 * Default leak report summary callback
116 */
117 CALLBACK(sum_leaks, void,
118 private_library_t *this, int count, size_t bytes, int whitelisted)
119 {
120 switch (count)
121 {
122 case 0:
123 fprintf(this->ld_out, "No leaks detected");
124 break;
125 case 1:
126 fprintf(this->ld_out, "One leak detected");
127 break;
128 default:
129 fprintf(this->ld_out, "%d leaks detected, %zu bytes", count, bytes);
130 break;
131 }
132 fprintf(this->ld_out, ", %d suppressed by whitelist\n", whitelisted);
133 }
134 #endif /* LEAK_DETECTIVE */
135
136 /**
137 * Deinitialize library
138 */
139 void library_deinit()
140 {
141 private_library_t *this = (private_library_t*)lib;
142 bool detailed;
143
144 if (!this || !ref_put(&this->ref))
145 { /* have more users */
146 return;
147 }
148
149 detailed = lib->settings->get_bool(lib->settings,
150 "%s.leak_detective.detailed", TRUE, lib->ns);
151
152 /* make sure the cache is clear before unloading plugins */
153 lib->credmgr->flush_cache(lib->credmgr, CERT_ANY);
154
155 this->public.streams->destroy(this->public.streams);
156 this->public.watcher->destroy(this->public.watcher);
157 this->public.scheduler->destroy(this->public.scheduler);
158 this->public.processor->destroy(this->public.processor);
159 this->public.plugins->destroy(this->public.plugins);
160 this->public.hosts->destroy(this->public.hosts);
161 this->public.settings->destroy(this->public.settings);
162 this->public.credmgr->destroy(this->public.credmgr);
163 this->public.creds->destroy(this->public.creds);
164 this->public.encoding->destroy(this->public.encoding);
165 this->public.crypto->destroy(this->public.crypto);
166 this->public.caps->destroy(this->public.caps);
167 this->public.proposal->destroy(this->public.proposal);
168 this->public.fetcher->destroy(this->public.fetcher);
169 this->public.resolver->destroy(this->public.resolver);
170 this->public.db->destroy(this->public.db);
171 this->public.printf_hook->destroy(this->public.printf_hook);
172 this->objects->destroy(this->objects);
173 if (this->public.integrity)
174 {
175 this->public.integrity->destroy(this->public.integrity);
176 }
177
178 #ifdef LEAK_DETECTIVE
179 if (lib->leak_detective)
180 {
181 lib->leak_detective->report(lib->leak_detective, detailed);
182 lib->leak_detective->destroy(lib->leak_detective);
183 lib->leak_detective = NULL;
184 }
185 if (this->ld_out && this->ld_out != stderr)
186 {
187 fclose(this->ld_out);
188 }
189 #endif /* LEAK_DETECTIVE */
190
191 backtrace_deinit();
192 arrays_deinit();
193 utils_deinit();
194 threads_deinit();
195
196 free(this->public.conf);
197 free((void*)this->public.ns);
198 free(this);
199 lib = NULL;
200 }
201
202 METHOD(library_t, get, void*,
203 private_library_t *this, char *name)
204 {
205 return this->objects->get(this->objects, name);
206 }
207
208 METHOD(library_t, set, bool,
209 private_library_t *this, char *name, void *object)
210 {
211 if (object)
212 {
213 if (this->objects->get(this->objects, name))
214 {
215 return FALSE;
216 }
217 this->objects->put(this->objects, name, object);
218 return TRUE;
219 }
220 return this->objects->remove(this->objects, name) != NULL;
221 }
222
223 /**
224 * Hashtable hash function
225 */
226 static u_int hash(char *key)
227 {
228 return chunk_hash(chunk_create(key, strlen(key)));
229 }
230
231 /**
232 * Hashtable equals function
233 */
234 static bool equals(char *a, char *b)
235 {
236 return streq(a, b);
237 }
238
239 /**
240 * Number of words we write and memwipe() in memwipe check
241 */
242 #define MEMWIPE_WIPE_WORDS 16
243
244 /**
245 * Write magic to memory, and try to clear it with memwipe()
246 */
247 __attribute__((noinline))
248 static void do_magic(int *magic, int **out)
249 {
250 int buf[MEMWIPE_WIPE_WORDS], i;
251
252 *out = buf;
253 for (i = 0; i < countof(buf); i++)
254 {
255 buf[i] = *magic;
256 }
257 /* passing buf to dbg should make sure the compiler can't optimize out buf.
258 * we use directly dbg(3), as DBG3() might be stripped with DEBUG_LEVEL. */
259 dbg(DBG_LIB, 3, "memwipe() pre: %b", buf, sizeof(buf));
260 memwipe(buf, sizeof(buf));
261 }
262
263 /**
264 * Check if memwipe works as expected
265 */
266 static bool check_memwipe()
267 {
268 int magic = 0xCAFEBABE, *buf, i;
269
270 do_magic(&magic, &buf);
271
272 for (i = 0; i < MEMWIPE_WIPE_WORDS; i++)
273 {
274 if (buf[i] == magic)
275 {
276 DBG1(DBG_LIB, "memwipe() check failed: stackdir: %b",
277 buf, MEMWIPE_WIPE_WORDS * sizeof(int));
278 return FALSE;
279 }
280 }
281 return TRUE;
282 }
283
284 /*
285 * see header file
286 */
287 bool library_init(char *settings, const char *namespace)
288 {
289 private_library_t *this;
290 printf_hook_t *pfh;
291 int i;
292
293 if (lib)
294 { /* already initialized, increase refcount */
295 this = (private_library_t*)lib;
296 ref_get(&this->ref);
297 return !this->integrity_failed;
298 }
299
300 chunk_hash_seed();
301
302 INIT(this,
303 .public = {
304 .get = _get,
305 .set = _set,
306 .ns = strdup(namespace ?: "libstrongswan"),
307 .conf = strdupnull(settings ?: (getenv("STRONGSWAN_CONF") ?: STRONGSWAN_CONF)),
308 },
309 .ref = 1,
310 );
311 lib = &this->public;
312
313 threads_init();
314 utils_init();
315 arrays_init();
316 backtrace_init();
317
318 #ifdef LEAK_DETECTIVE
319 {
320 FILE *out = NULL;
321 char *log;
322
323 log = getenv("LEAK_DETECTIVE_LOG");
324 if (log)
325 {
326 out = fopen(log, "a");
327 }
328 this->ld_out = out ?: stderr;
329 }
330 lib->leak_detective = leak_detective_create();
331 if (lib->leak_detective)
332 {
333 lib->leak_detective->set_report_cb(lib->leak_detective,
334 report_leaks, sum_leaks, this);
335 }
336 #endif /* LEAK_DETECTIVE */
337
338 pfh = printf_hook_create();
339 this->public.printf_hook = pfh;
340
341 pfh->add_handler(pfh, 'b', mem_printf_hook,
342 PRINTF_HOOK_ARGTYPE_POINTER, PRINTF_HOOK_ARGTYPE_INT,
343 PRINTF_HOOK_ARGTYPE_END);
344 pfh->add_handler(pfh, 'B', chunk_printf_hook,
345 PRINTF_HOOK_ARGTYPE_POINTER, PRINTF_HOOK_ARGTYPE_END);
346 pfh->add_handler(pfh, 'H', host_printf_hook,
347 PRINTF_HOOK_ARGTYPE_POINTER, PRINTF_HOOK_ARGTYPE_END);
348 pfh->add_handler(pfh, 'N', enum_printf_hook,
349 PRINTF_HOOK_ARGTYPE_POINTER, PRINTF_HOOK_ARGTYPE_INT,
350 PRINTF_HOOK_ARGTYPE_END);
351 pfh->add_handler(pfh, 'T', time_printf_hook,
352 PRINTF_HOOK_ARGTYPE_POINTER, PRINTF_HOOK_ARGTYPE_INT,
353 PRINTF_HOOK_ARGTYPE_END);
354 pfh->add_handler(pfh, 'V', time_delta_printf_hook,
355 PRINTF_HOOK_ARGTYPE_POINTER, PRINTF_HOOK_ARGTYPE_POINTER,
356 PRINTF_HOOK_ARGTYPE_END);
357 pfh->add_handler(pfh, 'Y', identification_printf_hook,
358 PRINTF_HOOK_ARGTYPE_POINTER, PRINTF_HOOK_ARGTYPE_END);
359 pfh->add_handler(pfh, 'R', traffic_selector_printf_hook,
360 PRINTF_HOOK_ARGTYPE_POINTER, PRINTF_HOOK_ARGTYPE_END);
361
362 this->objects = hashtable_create((hashtable_hash_t)hash,
363 (hashtable_equals_t)equals, 4);
364
365 this->public.settings = settings_create(this->public.conf);
366 /* add registered aliases */
367 for (i = 0; i < ns_count; ++i)
368 {
369 lib->settings->add_fallback(lib->settings, lib->ns, namespaces[i]);
370 }
371 /* all namespace settings may fall back to libstrongswan */
372 lib->settings->add_fallback(lib->settings, lib->ns, "libstrongswan");
373
374 this->public.hosts = host_resolver_create();
375 this->public.proposal = proposal_keywords_create();
376 this->public.caps = capabilities_create();
377 this->public.crypto = crypto_factory_create();
378 this->public.creds = credential_factory_create();
379 this->public.credmgr = credential_manager_create();
380 this->public.encoding = cred_encoding_create();
381 this->public.fetcher = fetcher_manager_create();
382 this->public.resolver = resolver_manager_create();
383 this->public.db = database_factory_create();
384 this->public.processor = processor_create();
385 this->public.scheduler = scheduler_create();
386 this->public.watcher = watcher_create();
387 this->public.streams = stream_manager_create();
388 this->public.plugins = plugin_loader_create();
389
390 if (!check_memwipe())
391 {
392 return FALSE;
393 }
394
395 if (lib->settings->get_bool(lib->settings,
396 "%s.integrity_test", FALSE, lib->ns))
397 {
398 #ifdef INTEGRITY_TEST
399 this->public.integrity = integrity_checker_create(CHECKSUM_LIBRARY);
400 if (!lib->integrity->check(lib->integrity, "libstrongswan", library_init))
401 {
402 DBG1(DBG_LIB, "integrity check of libstrongswan failed");
403 this->integrity_failed = TRUE;
404 }
405 #else /* !INTEGRITY_TEST */
406 DBG1(DBG_LIB, "integrity test enabled, but not supported");
407 this->integrity_failed = TRUE;
408 #endif /* INTEGRITY_TEST */
409 }
410
411 diffie_hellman_init();
412
413 return !this->integrity_failed;
414 }