plugin load configuration in strongswan.conf
authorMartin Willi <martin@strongswan.org>
Thu, 15 May 2008 14:01:26 +0000 (14:01 -0000)
committerMartin Willi <martin@strongswan.org>
Thu, 15 May 2008 14:01:26 +0000 (14:01 -0000)
  some components accept a "component.load" option with a space separated list of plugins to load
  libcharon- plugins are now handled the same way as libstrongswan- plugins

21 files changed:
src/charon/daemon.c
src/charon/daemon.h
src/charon/plugins/dbus/Makefile.am
src/charon/plugins/eap_aka/Makefile.am
src/charon/plugins/eap_identity/Makefile.am
src/charon/plugins/eap_md5/Makefile.am
src/charon/plugins/eap_sim/Makefile.am
src/charon/plugins/medcli/Makefile.am
src/charon/plugins/medsrv/Makefile.am
src/charon/plugins/smp/Makefile.am
src/charon/plugins/sql/Makefile.am
src/charon/plugins/sql/pool.c
src/charon/plugins/stroke/Makefile.am
src/charon/plugins/unit_tester/Makefile.am
src/libstrongswan/fips/fips_signer.c
src/libstrongswan/plugins/plugin_loader.c
src/libstrongswan/plugins/plugin_loader.h
src/libstrongswan/utils/leak_detective.c
src/manager/main.c
src/openac/openac.c
src/strongswan.conf

index ce12917..2eb0d2e 100644 (file)
@@ -175,7 +175,8 @@ static void destroy(private_daemon_t *this)
        {
                this->public.ike_sa_manager->flush(this->public.ike_sa_manager);
        }
-       DESTROY_IF(this->public.plugins);
+       /* unload plugins to release threads */
+       lib->plugins->unload(lib->plugins);
        DESTROY_IF(this->public.ike_sa_manager);
        DESTROY_IF(this->public.kernel_interface);
        DESTROY_IF(this->public.scheduler);
@@ -367,24 +368,28 @@ static bool initialize(private_daemon_t *this, bool syslog, level_t levels[])
                return FALSE;
        }
 #endif /* INTEGRITY_TEST */
-       
-       this->public.ike_sa_manager = ike_sa_manager_create();
-       if (this->public.ike_sa_manager == NULL)
-       {
-               return FALSE;
-       }
-       this->public.processor = processor_create();
-       this->public.scheduler = scheduler_create();
 
        /* load secrets, ca certificates and crls */
+       this->public.processor = processor_create();
+       this->public.scheduler = scheduler_create();
        this->public.credentials = credential_manager_create();
        this->public.controller = controller_create();
        this->public.eap = eap_manager_create();
        this->public.backends = backend_manager_create();
        this->public.attributes = attribute_manager_create();
-       this->public.plugins = plugin_loader_create();
        this->public.kernel_interface = kernel_interface_create();
        this->public.socket = socket_create();
+       
+       /* load plugins, further infrastructure may need it */
+       lib->plugins->load(lib->plugins, IPSEC_PLUGINDIR, 
+               lib->settings->get_str(lib->settings, "charon.load", 
+                  "aes des gmp hmac md5 random sha1 sha2 pubkey x509 xcbc stroke"));
+       
+       this->public.ike_sa_manager = ike_sa_manager_create();
+       if (this->public.ike_sa_manager == NULL)
+       {
+               return FALSE;
+       }
        this->public.sender = sender_create();
        this->public.receiver = receiver_create();
        if (this->public.receiver == NULL)
@@ -400,8 +405,6 @@ static bool initialize(private_daemon_t *this, bool syslog, level_t levels[])
        }
        this->public.mediation_manager = mediation_manager_create();
 #endif /* ME */
-
-       this->public.plugins->load(this->public.plugins, IPSEC_PLUGINDIR, "libcharon-");
        
        return TRUE;
 }
@@ -460,7 +463,6 @@ private_daemon_t *daemon_create(void)
        this->public.processor = NULL;
        this->public.controller = NULL;
        this->public.eap = NULL;
-       this->public.plugins = NULL;
        this->public.bus = NULL;
        this->public.outlog = NULL;
        this->public.syslog = NULL;
@@ -529,7 +531,6 @@ int main(int argc, char *argv[])
        
        /* initialize library */
        library_init(STRONGSWAN_CONF);
-       lib->plugins->load(lib->plugins, IPSEC_PLUGINDIR, "libstrongswan-");
        lib->printf_hook->add_handler(lib->printf_hook, 'R',
                                                                  traffic_selector_get_printf_hooks());
        private_charon = daemon_create();
index 8399523..3633e45 100644 (file)
@@ -163,7 +163,6 @@ typedef struct daemon_t daemon_t;
 #include <config/attributes/attribute_manager.h>
 #include <credentials/credential_manager.h>
 #include <sa/authenticators/eap/eap_manager.h>
-#include <plugins/plugin_loader.h>
 
 #ifdef ME
 #include <sa/connect_manager.h>
@@ -252,11 +251,6 @@ struct daemon_t {
        bus_t *bus;
        
        /**
-        * plugin loader
-        */
-       plugin_loader_t *plugins;
-       
-       /**
         * A bus listener logging to stdout
         */
        file_logger_t *outlog;
index ccfada4..05f3253 100644 (file)
@@ -3,9 +3,9 @@ INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon ${dbus_C
 
 AM_CFLAGS = -rdynamic
 
-plugin_LTLIBRARIES = libcharon-dbus.la
+plugin_LTLIBRARIES = libstrongswan-dbus.la
 
-libcharon_dbus_la_SOURCES = dbus.h dbus.c
-libcharon_dbus_la_LDFLAGS = -module
-libcharon_dbus_la_LIBADD = ${dbus_LIBS}
+libstrongswan_dbus_la_SOURCES = dbus.h dbus.c
+libstrongswan_dbus_la_LDFLAGS = -module
+libstrongswan_dbus_la_LIBADD = ${dbus_LIBS}
 
index c938716..e1ad1ea 100644 (file)
@@ -3,9 +3,9 @@ INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon
 
 AM_CFLAGS = -rdynamic
 
-plugin_LTLIBRARIES = libcharon-eapaka.la
+plugin_LTLIBRARIES = libstrongswan-eapaka.la
 
-libcharon_eapaka_la_SOURCES = eap_aka_plugin.h eap_aka_plugin.c eap_aka.h eap_aka.c
-libcharon_eapaka_la_LDFLAGS = -module
-libcharon_eapaka_la_LIBADD = -lgmp
+libstrongswan_eapaka_la_SOURCES = eap_aka_plugin.h eap_aka_plugin.c eap_aka.h eap_aka.c
+libstrongswan_eapaka_la_LDFLAGS = -module
+libstrongswan_eapaka_la_LIBADD = -lgmp
 
index 1ce2426..dbf66e7 100644 (file)
@@ -3,8 +3,8 @@ INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon
 
 AM_CFLAGS = -rdynamic
 
-plugin_LTLIBRARIES = libcharon-eapidentity.la
-libcharon_eapidentity_la_SOURCES = \
+plugin_LTLIBRARIES = libstrongswan-eapidentity.la
+libstrongswan_eapidentity_la_SOURCES = \
   eap_identity_plugin.h eap_identity_plugin.c eap_identity.h eap_identity.c
-libcharon_eapidentity_la_LDFLAGS = -module
+libstrongswan_eapidentity_la_LDFLAGS = -module
 
index 2d6d68f..d7964fe 100644 (file)
@@ -3,8 +3,8 @@ INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon
 
 AM_CFLAGS = -rdynamic
 
-plugin_LTLIBRARIES = libcharon-eapmd5.la
+plugin_LTLIBRARIES = libstrongswan-eapmd5.la
 
-libcharon_eapmd5_la_SOURCES = eap_md5_plugin.h eap_md5_plugin.c eap_md5.h eap_md5.c
-libcharon_eapmd5_la_LDFLAGS = -module
+libstrongswan_eapmd5_la_SOURCES = eap_md5_plugin.h eap_md5_plugin.c eap_md5.h eap_md5.c
+libstrongswan_eapmd5_la_LDFLAGS = -module
 
index 549e92a..63267b9 100644 (file)
@@ -3,10 +3,10 @@ INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon
 
 AM_CFLAGS = -rdynamic -DIPSEC_CONFDIR=\"${confdir}\" -DSIM_READER_LIB=\"${simreader}\"
 
-plugin_LTLIBRARIES = libcharon-eapsim.la libeapsim-file.la
+plugin_LTLIBRARIES = libstrongswan-eapsim.la libeapsim-file.la
 
-libcharon_eapsim_la_SOURCES = eap_sim_plugin.h eap_sim_plugin.c eap_sim.h eap_sim.c
-libcharon_eapsim_la_LDFLAGS = -module
+libstrongswan_eapsim_la_SOURCES = eap_sim_plugin.h eap_sim_plugin.c eap_sim.h eap_sim.c
+libstrongswan_eapsim_la_LDFLAGS = -module
 
 libeapsim_file_la_SOURCES = eap_sim_file.c
 libeapsim_file_la_LDFLAGS = -module
index 6581f5a..f657868 100644 (file)
@@ -3,9 +3,9 @@ INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon
 
 AM_CFLAGS = -rdynamic
 
-plugin_LTLIBRARIES = libcharon-medcli.la
-libcharon_medcli_la_SOURCES = medcli_plugin.h medcli_plugin.c \
+plugin_LTLIBRARIES = libstrongswan-medcli.la
+libstrongswan_medcli_la_SOURCES = medcli_plugin.h medcli_plugin.c \
                              medcli_creds.h medcli_creds.c \
                              medcli_config.h medcli_config.c
-libcharon_medcli_la_LDFLAGS = -module
+libstrongswan_medcli_la_LDFLAGS = -module
 
index 491e12d..476da18 100644 (file)
@@ -3,9 +3,9 @@ INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon
 
 AM_CFLAGS = -rdynamic
 
-plugin_LTLIBRARIES = libcharon-medsrv.la
-libcharon_medsrv_la_SOURCES = medsrv_plugin.h medsrv_plugin.c \
+plugin_LTLIBRARIES = libstrongswan-medsrv.la
+libstrongswan_medsrv_la_SOURCES = medsrv_plugin.h medsrv_plugin.c \
                              medsrv_creds.h medsrv_creds.c \
                              medsrv_config.h medsrv_config.c
-libcharon_medsrv_la_LDFLAGS = -module
+libstrongswan_medsrv_la_LDFLAGS = -module
 
index b1b0e5c..1679f1c 100644 (file)
@@ -3,8 +3,8 @@ INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon ${xml_CF
 
 AM_CFLAGS = -rdynamic -DIPSEC_PIDDIR=\"${piddir}\"
 
-plugin_LTLIBRARIES = libcharon-smp.la
-libcharon_smp_la_SOURCES = smp.h smp.c
-libcharon_smp_la_LDFLAGS = -module
-libcharon_smp_la_LIBADD = ${xml_LIBS}
+plugin_LTLIBRARIES = libstrongswan-smp.la
+libstrongswan_smp_la_SOURCES = smp.h smp.c
+libstrongswan_smp_la_LDFLAGS = -module
+libstrongswan_smp_la_LIBADD = ${xml_LIBS}
 
index c391043..7dc42c1 100644 (file)
@@ -3,11 +3,11 @@ INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon
 
 AM_CFLAGS = -rdynamic -DIPSEC_PLUGINDIR=\"${plugindir}\"
 
-plugin_LTLIBRARIES = libcharon-sql.la
-libcharon_sql_la_SOURCES = sql_plugin.h sql_plugin.c \
+plugin_LTLIBRARIES = libstrongswan-sql.la
+libstrongswan_sql_la_SOURCES = sql_plugin.h sql_plugin.c \
   sql_config.h sql_config.c sql_cred.h sql_cred.c \
   sql_attribute.h sql_attribute.c sql_logger.h sql_logger.c
-libcharon_sql_la_LDFLAGS = -module
+libstrongswan_sql_la_LDFLAGS = -module
 
 ipsec_PROGRAMS = pool
 pool_SOURCES = pool.c
index 709c18c..40ff6bc 100644 (file)
@@ -358,8 +358,9 @@ int main(int argc, char *argv[])
        dbg = dbg_stderr;
        library_init(STRONGSWAN_CONF);
        atexit(library_deinit);
-       
-       lib->plugins->load(lib->plugins, IPSEC_PLUGINDIR, "libstrongswan-");
+       lib->plugins->load(lib->plugins, IPSEC_PLUGINDIR,
+               lib->settings->get_str(lib->settings, "pool.load",
+                       "sqlite mysql"));
        
        uri = lib->settings->get_str(lib->settings, "charon.plugins.sql.database", NULL);
        if (!uri)
index 36e5406..7a34110 100644 (file)
@@ -3,9 +3,9 @@ INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon -I$(top_
 
 AM_CFLAGS = -rdynamic -DIPSEC_CONFDIR=\"${confdir}\" -DIPSEC_PIDDIR=\"${piddir}\"
 
-plugin_LTLIBRARIES = libcharon-stroke.la
+plugin_LTLIBRARIES = libstrongswan-stroke.la
 
-libcharon_stroke_la_SOURCES = stroke_plugin.h stroke_plugin.c \
+libstrongswan_stroke_la_SOURCES = stroke_plugin.h stroke_plugin.c \
   stroke_socket.h stroke_socket.c \
   stroke_config.h stroke_config.c \
   stroke_control.h stroke_control.c \
@@ -15,5 +15,5 @@ libcharon_stroke_la_SOURCES = stroke_plugin.h stroke_plugin.c \
   stroke_list.h stroke_list.c \
   stroke_shared_key.h stroke_shared_key.c
 
-libcharon_stroke_la_LDFLAGS = -module
+libstrongswan_stroke_la_LDFLAGS = -module
 
index 6d91c9e..2487cf2 100644 (file)
@@ -3,9 +3,9 @@ INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon
 
 AM_CFLAGS = -rdynamic
 
-plugin_LTLIBRARIES = libcharon-unit-tester.la
+plugin_LTLIBRARIES = libstrongswan-unit-tester.la
 
-libcharon_unit_tester_la_SOURCES = unit_tester.c unit_tester.h \
+libstrongswan_unit_tester_la_SOURCES = unit_tester.c unit_tester.h \
   tests/test_enumerator.c \
   tests/test_auth_info.c \
   tests/test_fips_prf.c \
@@ -17,5 +17,5 @@ libcharon_unit_tester_la_SOURCES = unit_tester.c unit_tester.h \
   tests/test_med_db.c \
   tests/test_aes.c \
   tests/test_chunk.c
-libcharon_unit_tester_la_LDFLAGS = -module
+libstrongswan_unit_tester_la_LDFLAGS = -module
 
index a458c16..9ba2ba6 100644 (file)
@@ -28,7 +28,7 @@ int main(int argc, char* argv[])
 
        /* initialize library */
        library_init(STRONGSWAN_CONF);
-       lib->plugins->load(lib->plugins, IPSEC_PLUGINDIR, "libstrongswan-");
+       lib->plugins->load(lib->plugins, IPSEC_PLUGINDIR, "sha1 hmac");
 
        if (!fips_compute_hmac_signature(hmac_key, hmac_signature))
        {
index 3ed30c5..5734c90 100644 (file)
 
 #include "plugin_loader.h"
 
+#define _GNU_SOURCE
+#include <string.h>
 #include <dlfcn.h>
+#include <limits.h>
+#include <stdio.h>
 
 #include <debug.h>
 #include <utils/linked_list.h>
@@ -42,68 +46,92 @@ struct private_plugin_loader_t {
 };
 
 /**
- * Implementation of plugin_loader_t.load_plugins.
+ * load a single plugin
  */
-static int load(private_plugin_loader_t *this, char *path, char *prefix)
+static plugin_t* load_plugin(private_plugin_loader_t *this,
+                                                        char *path, char *name)
 {
-       enumerator_t *enumerator;
-       char *file, *ending, *rel;
+       char file[PATH_MAX];
        void *handle;
-       int count = 0;
+       plugin_t *plugin;
+       plugin_constructor_t constructor;
        
-       enumerator = enumerator_create_directory(path);
-       if (!enumerator)
+       snprintf(file, sizeof(file), "%s/libstrongswan-%s.so", path, name);
+       
+       handle = dlopen(file, RTLD_LAZY);
+       if (handle == NULL)
        {
-               DBG1("opening plugin directory %s failed", path);
-               return 0;
+               DBG1("loading plugin '%s' failed: %s", name, dlerror());
+               return NULL;
        }
-       DBG2("loading plugins from %s", path);
-       while (enumerator->enumerate(enumerator, &rel, &file, NULL))
+       constructor = dlsym(handle, "plugin_create");
+       if (constructor == NULL)
        {
-               plugin_t *plugin;
-               plugin_constructor_t constructor;
-               
-               ending = file + strlen(file) - 3;
-               if (ending <= file || !streq(ending, ".so"))
-               {       /* only process .so libraries */
-                       continue;
-               }
-               if (!strneq(prefix, rel, strlen(prefix)))
-               {
-                       continue;
-               }
-               handle = dlopen(file, RTLD_LAZY);
-               if (handle == NULL)
+               DBG1("loading plugin '%s' failed: no plugin_create() function", name);
+               dlclose(handle);
+               return NULL;
+       }
+       plugin = constructor();
+       if (plugin == NULL)
+       {
+               DBG1("loading plugin '%s' failed: plugin_create() returned NULL", name);
+               dlclose(handle);
+               return NULL;
+       }
+       DBG2("plugin '%s' loaded successfully", name);
+       
+       /* we do not store or free dlopen() handles, leak_detective requires
+        * the modules to keep loaded until leak report */
+       return plugin;
+}
+
+/**
+ * Implementation of plugin_loader_t.load_plugins.
+ */
+static int load(private_plugin_loader_t *this, char *path, char *list)
+{
+       plugin_t *plugin;
+       char *pos;
+       int count = 0;
+       
+       list = strdupa(list);
+       while (TRUE)
+       {
+               pos = strchr(list, ' ');
+               if (pos)
                {
-                       DBG1("loading plugin %s failed: %s", rel, dlerror());
-                       continue;
+                       *pos = '\0';
                }
-               constructor = dlsym(handle, "plugin_create");
-               if (constructor == NULL)
-               {
-                       DBG1("plugin %s has no plugin_create() function, skipped", rel);
-                       dlclose(handle);
-                       continue;
+               plugin = load_plugin(this, path, list);
+               if (plugin)
+               {       /* insert in front to destroy them in reverse order */
+                       this->plugins->insert_last(this->plugins, plugin);
+                       count++;
                }
-               plugin = constructor();
-               if (plugin == NULL)
+               if (!pos)
                {
-                       DBG1("plugin %s constructor failed, skipping", rel);
-                       dlclose(handle);
-                       continue;
+                       break;
                }
-               DBG2("plugin %s loaded successfully", rel);
-               /* insert in front to destroy them in reverse order */
-               this->plugins->insert_last(this->plugins, plugin);
-               /* we do not store or free dlopen() handles, leak_detective requires
-                * the modules to keep loaded until leak report */
-               count++;
+               list = pos + 1;
        }
-       enumerator->destroy(enumerator);
        return count;
 }
 
 /**
+ * Implementation of plugin_loader_t.unload
+ */
+static void unload(private_plugin_loader_t *this)
+{
+       plugin_t *plugin;
+       
+       while (this->plugins->remove_first(this->plugins,
+                                                                          (void**)&plugin) == SUCCESS)
+       {
+               plugin->destroy(plugin);
+       }
+}
+
+/**
  * Implementation of plugin_loader_t.destroy
  */
 static void destroy(private_plugin_loader_t *this)
@@ -120,6 +148,7 @@ plugin_loader_t *plugin_loader_create()
        private_plugin_loader_t *this = malloc_thing(private_plugin_loader_t);
        
        this->public.load = (int(*)(plugin_loader_t*, char *path, char *prefix))load;
+       this->public.unload = (void(*)(plugin_loader_t*))unload;
        this->public.destroy = (void(*)(plugin_loader_t*))destroy;
        
        this->plugins = linked_list_create();
index 4553325..45b7afa 100644 (file)
@@ -29,13 +29,18 @@ typedef struct plugin_loader_t plugin_loader_t;
 struct plugin_loader_t {       
        
        /**
-        * Load plugins from a directory.
+        * Load a list of plugins from a directory.
         *
         * @param path                  path containing loadable plugins
-        * @param prefix                prefix of plugin libraries to load
+        * @param list                  space separated list of plugins to load
         * @return                              number of successfully loaded plugins
         */
-       int (*load)(plugin_loader_t *this, char *path, char *prefix);
+       int (*load)(plugin_loader_t *this, char *path, char *list);
+       
+       /**
+        * Unload all loaded plugins.
+        */
+       void (*unload)(plugin_loader_t *this);
                
        /**
      * Unload loaded plugins, destroy plugin_loader instance.
index d4ba26b..40200dd 100644 (file)
@@ -259,6 +259,7 @@ char *whitelist[] = {
        "setlocale",
        /* ignore dlopen, as we do not dlclose to get proper leak reports */
        "dlopen",
+       "dlerror",
        /* mysql functions */
        "mysql_init_character_set",
        "init_client_errs",
index 03a9f58..08f05e5 100644 (file)
@@ -37,7 +37,9 @@ int main (int arc, char *argv[])
        int threads, timeout;
 
        library_init(STRONGSWAN_CONF);
-       lib->plugins->load(lib->plugins, IPSEC_PLUGINDIR, "libstrongswan-");
+       lib->plugins->load(lib->plugins, IPSEC_PLUGINDIR,
+               lib->settings->get_str(lib->settings, "manager.load",
+                       "random sha1 sqlite"));
        
        socket = lib->settings->get_str(lib->settings, "manager.socket", NULL);
        debug = lib->settings->get_bool(lib->settings, "manager.debug", FALSE);
index 210e1f6..5bb47c3 100755 (executable)
@@ -267,7 +267,9 @@ int main(int argc, char **argv)
 
        /* initialize library */
        library_init(STRONGSWAN_CONF);
-       lib->plugins->load(lib->plugins, IPSEC_PLUGINDIR, "libstrongswan-");
+       lib->plugins->load(lib->plugins, IPSEC_PLUGINDIR, 
+               lib->settings->get_str(lib->settings, "openac.load", 
+                  "gmp hmac md5 random sha1 sha2 pubkey x509"))
 
        /* initialize optionsfrom */
        options_t *options = options_create();
index cca06fd..5b6ecb7 100644 (file)
@@ -5,6 +5,9 @@ charon {
        # number of worker threads in charon
        threads = 16
        
+       # plugins to load in charon
+       load = aes des gmp hmac md5 random sha1 sha2 pubkey xcbc stroke
+       
        plugins {
        
                sql {
@@ -20,3 +23,16 @@ charon {
        
        # ...
 }
+
+pool {
+       # choose one
+       load = mysql sqlite
+}
+
+manager {
+       load = sha1 random sqlite
+}
+
+openac {
+       load = gmp hmac md5 random sha1 sha2 pubkey x509
+}