Annotation of embedaddon/strongswan/src/libimcv/imcv.c, revision 1.1
1.1 ! misho 1: /*
! 2: * Copyright (C) 2011-2015 Andreas Steffen
! 3: * HSR Hochschule fuer Technik Rapperswil
! 4: *
! 5: * This program is free software; you can redistribute it and/or modify it
! 6: * under the terms of the GNU General Public License as published by the
! 7: * Free Software Foundation; either version 2 of the License, or (at your
! 8: * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
! 9: *
! 10: * This program is distributed in the hope that it will be useful, but
! 11: * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
! 12: * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
! 13: * for more details.
! 14: */
! 15:
! 16: #include "imcv.h"
! 17: #include "ietf/ietf_attr.h"
! 18: #include "ita/ita_attr.h"
! 19: #include "pwg/pwg_attr.h"
! 20: #include "tcg/tcg_attr.h"
! 21: #include "pts/components/pts_component.h"
! 22: #include "pts/components/pts_component_manager.h"
! 23: #include "pts/components/tcg/tcg_comp_func_name.h"
! 24: #include "pts/components/ita/ita_comp_func_name.h"
! 25: #include "pts/components/ita/ita_comp_ima.h"
! 26: #include "pts/components/ita/ita_comp_tboot.h"
! 27: #include "pts/components/ita/ita_comp_tgrub.h"
! 28:
! 29: #include <utils/debug.h>
! 30: #include <utils/utils.h>
! 31: #include <pen/pen.h>
! 32:
! 33: #ifdef HAVE_SYSLOG
! 34: #include <syslog.h>
! 35: #endif
! 36:
! 37: #ifndef IPSEC_SCRIPT
! 38: #define IPSEC_SCRIPT "ipsec"
! 39: #endif
! 40:
! 41: #define IMCV_DEBUG_LEVEL 1
! 42: #define IMCV_DEFAULT_POLICY_SCRIPT IPSEC_SCRIPT " _imv_policy"
! 43:
! 44:
! 45: /**
! 46: * PA-TNC attribute manager
! 47: */
! 48: pa_tnc_attr_manager_t *imcv_pa_tnc_attributes;
! 49:
! 50: /**
! 51: * Global list of IMV sessions
! 52: */
! 53: imv_session_manager_t *imcv_sessions;
! 54:
! 55: /**
! 56: * Global IMV database
! 57: */
! 58: imv_database_t *imcv_db;
! 59:
! 60: /**
! 61: * PTS Functional Component manager
! 62: */
! 63: pts_component_manager_t *imcv_pts_components;
! 64:
! 65: /**
! 66: * Reference count for libimcv
! 67: */
! 68: static refcount_t libimcv_ref = 0;
! 69:
! 70: /**
! 71: * Reference count for libstrongswan
! 72: */
! 73: static refcount_t libstrongswan_ref = 0;
! 74:
! 75: /**
! 76: * Global configuration of imcv dbg function
! 77: */
! 78: static int imcv_debug_level;
! 79: static bool imcv_stderr_quiet;
! 80:
! 81: /**
! 82: * imvc dbg function
! 83: */
! 84: static void imcv_dbg(debug_t group, level_t level, char *fmt, ...)
! 85: {
! 86: va_list args;
! 87:
! 88: if (level <= imcv_debug_level)
! 89: {
! 90: if (!imcv_stderr_quiet)
! 91: {
! 92: va_start(args, fmt);
! 93: fprintf(stderr, "[HSR] ");
! 94: vfprintf(stderr, fmt, args);
! 95: fprintf(stderr, "\n");
! 96: va_end(args);
! 97: }
! 98:
! 99: #ifdef HAVE_SYSLOG
! 100: {
! 101: int priority = LOG_INFO;
! 102: char buffer[8192];
! 103: char *current = buffer, *next;
! 104:
! 105: /* write in memory buffer first */
! 106: va_start(args, fmt);
! 107: vsnprintf(buffer, sizeof(buffer), fmt, args);
! 108: va_end(args);
! 109:
! 110: /* do a syslog with every line */
! 111: while (current)
! 112: {
! 113: next = strchr(current, '\n');
! 114: if (next)
! 115: {
! 116: *(next++) = '\0';
! 117: }
! 118: syslog(priority, "[HSR] %s\n", current);
! 119: current = next;
! 120: }
! 121: }
! 122: #endif /* HAVE_SYSLOG */
! 123: }
! 124: }
! 125:
! 126: /**
! 127: * Described in header.
! 128: */
! 129: bool libimcv_init(bool is_imv)
! 130: {
! 131: /* initialize libstrongswan library only once */
! 132: if (lib)
! 133: {
! 134: /* did main program initialize libstrongswan? */
! 135: if (libstrongswan_ref == 0)
! 136: {
! 137: ref_get(&libstrongswan_ref);
! 138: }
! 139: }
! 140: else
! 141: {
! 142: /* we are the first to initialize libstrongswan */
! 143: if (!library_init(NULL, "libimcv"))
! 144: {
! 145: return FALSE;
! 146: }
! 147:
! 148: /* set the debug level and stderr output */
! 149: imcv_debug_level = lib->settings->get_int(lib->settings,
! 150: "libimcv.debug_level", IMCV_DEBUG_LEVEL);
! 151: imcv_stderr_quiet = lib->settings->get_int(lib->settings,
! 152: "libimcv.stderr_quiet", FALSE);
! 153:
! 154: /* activate the imcv debugging hook */
! 155: dbg = imcv_dbg;
! 156: #ifdef HAVE_SYSLOG
! 157: openlog("imcv", 0, LOG_DAEMON);
! 158: #endif
! 159:
! 160: if (!lib->plugins->load(lib->plugins,
! 161: lib->settings->get_str(lib->settings, "libimcv.load",
! 162: "random nonce gmp pubkey x509")))
! 163: {
! 164: library_deinit();
! 165: return FALSE;
! 166: }
! 167: }
! 168: ref_get(&libstrongswan_ref);
! 169:
! 170: lib->settings->add_fallback(lib->settings, "%s.imcv", "libimcv", lib->ns);
! 171: lib->settings->add_fallback(lib->settings, "%s.plugins", "libimcv.plugins",
! 172: lib->ns);
! 173:
! 174: if (libimcv_ref == 0)
! 175: {
! 176: char *uri, *script;
! 177:
! 178: /* initialize the PA-TNC attribute manager */
! 179: imcv_pa_tnc_attributes = pa_tnc_attr_manager_create();
! 180: imcv_pa_tnc_attributes->add_vendor(imcv_pa_tnc_attributes, PEN_IETF,
! 181: ietf_attr_create_from_data, ietf_attr_names);
! 182: imcv_pa_tnc_attributes->add_vendor(imcv_pa_tnc_attributes, PEN_ITA,
! 183: ita_attr_create_from_data, ita_attr_names);
! 184: imcv_pa_tnc_attributes->add_vendor(imcv_pa_tnc_attributes, PEN_PWG,
! 185: pwg_attr_create_from_data, pwg_attr_names);
! 186: imcv_pa_tnc_attributes->add_vendor(imcv_pa_tnc_attributes, PEN_TCG,
! 187: tcg_attr_create_from_data, tcg_attr_names);
! 188:
! 189: imcv_pts_components = pts_component_manager_create();
! 190: imcv_pts_components->add_vendor(imcv_pts_components, PEN_TCG,
! 191: pts_tcg_comp_func_names, PTS_TCG_QUALIFIER_TYPE_SIZE,
! 192: pts_tcg_qualifier_flag_names, pts_tcg_qualifier_type_names);
! 193: imcv_pts_components->add_vendor(imcv_pts_components, PEN_ITA,
! 194: pts_ita_comp_func_names, PTS_ITA_QUALIFIER_TYPE_SIZE,
! 195: pts_ita_qualifier_flag_names, pts_ita_qualifier_type_names);
! 196:
! 197: imcv_pts_components->add_component(imcv_pts_components, PEN_ITA,
! 198: PTS_ITA_COMP_FUNC_NAME_TGRUB,
! 199: pts_ita_comp_tgrub_create);
! 200: imcv_pts_components->add_component(imcv_pts_components, PEN_ITA,
! 201: PTS_ITA_COMP_FUNC_NAME_TBOOT,
! 202: pts_ita_comp_tboot_create);
! 203: imcv_pts_components->add_component(imcv_pts_components, PEN_ITA,
! 204: PTS_ITA_COMP_FUNC_NAME_IMA,
! 205: pts_ita_comp_ima_create);
! 206: if (is_imv)
! 207: {
! 208: /* instantiate global IMV session manager */
! 209: imcv_sessions = imv_session_manager_create();
! 210:
! 211: /* instantiate and attach global IMV database if URI is valid */
! 212: uri = lib->settings->get_str(lib->settings,
! 213: "%s.imcv.database", NULL, lib->ns);
! 214: script = lib->settings->get_str(lib->settings,
! 215: "%s.imcv.policy_script", IMCV_DEFAULT_POLICY_SCRIPT,
! 216: lib->ns);
! 217: if (uri)
! 218: {
! 219: imcv_db = imv_database_create(uri, script);
! 220: }
! 221: }
! 222: DBG1(DBG_LIB, "libimcv initialized");
! 223: }
! 224: ref_get(&libimcv_ref);
! 225:
! 226: return TRUE;
! 227: }
! 228:
! 229: /**
! 230: * Described in header.
! 231: */
! 232: void libimcv_deinit(void)
! 233: {
! 234: if (ref_put(&libimcv_ref))
! 235: {
! 236: imcv_pts_components->remove_vendor(imcv_pts_components, PEN_TCG);
! 237: imcv_pts_components->remove_vendor(imcv_pts_components, PEN_ITA);
! 238: imcv_pts_components->destroy(imcv_pts_components);
! 239:
! 240: imcv_pa_tnc_attributes->remove_vendor(imcv_pa_tnc_attributes, PEN_IETF);
! 241: imcv_pa_tnc_attributes->remove_vendor(imcv_pa_tnc_attributes, PEN_ITA);
! 242: imcv_pa_tnc_attributes->remove_vendor(imcv_pa_tnc_attributes, PEN_PWG);
! 243: imcv_pa_tnc_attributes->remove_vendor(imcv_pa_tnc_attributes, PEN_TCG);
! 244: DESTROY_IF(imcv_pa_tnc_attributes);
! 245: imcv_pa_tnc_attributes = NULL;
! 246: DESTROY_IF(imcv_db);
! 247: DESTROY_IF(imcv_sessions);
! 248: DBG1(DBG_LIB, "libimcv terminated");
! 249: }
! 250: if (ref_put(&libstrongswan_ref))
! 251: {
! 252: library_deinit();
! 253: }
! 254: }
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>