Annotation of embedaddon/strongswan/src/libimcv/imcv.c, revision 1.1.1.1
1.1 misho 1: /*
2: * Copyright (C) 2011-2015 Andreas Steffen
3: * HSR Hochschule fuer Technik Rapperswil
4: *
5: * This program is free software; you can redistribute it and/or modify it
6: * under the terms of the GNU General Public License as published by the
7: * Free Software Foundation; either version 2 of the License, or (at your
8: * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9: *
10: * This program is distributed in the hope that it will be useful, but
11: * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12: * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13: * for more details.
14: */
15:
16: #include "imcv.h"
17: #include "ietf/ietf_attr.h"
18: #include "ita/ita_attr.h"
19: #include "pwg/pwg_attr.h"
20: #include "tcg/tcg_attr.h"
21: #include "pts/components/pts_component.h"
22: #include "pts/components/pts_component_manager.h"
23: #include "pts/components/tcg/tcg_comp_func_name.h"
24: #include "pts/components/ita/ita_comp_func_name.h"
25: #include "pts/components/ita/ita_comp_ima.h"
26: #include "pts/components/ita/ita_comp_tboot.h"
27: #include "pts/components/ita/ita_comp_tgrub.h"
28:
29: #include <utils/debug.h>
30: #include <utils/utils.h>
31: #include <pen/pen.h>
32:
33: #ifdef HAVE_SYSLOG
34: #include <syslog.h>
35: #endif
36:
37: #ifndef IPSEC_SCRIPT
38: #define IPSEC_SCRIPT "ipsec"
39: #endif
40:
41: #define IMCV_DEBUG_LEVEL 1
42: #define IMCV_DEFAULT_POLICY_SCRIPT IPSEC_SCRIPT " _imv_policy"
43:
44:
45: /**
46: * PA-TNC attribute manager
47: */
48: pa_tnc_attr_manager_t *imcv_pa_tnc_attributes;
49:
50: /**
51: * Global list of IMV sessions
52: */
53: imv_session_manager_t *imcv_sessions;
54:
55: /**
56: * Global IMV database
57: */
58: imv_database_t *imcv_db;
59:
60: /**
61: * PTS Functional Component manager
62: */
63: pts_component_manager_t *imcv_pts_components;
64:
65: /**
66: * Reference count for libimcv
67: */
68: static refcount_t libimcv_ref = 0;
69:
70: /**
71: * Reference count for libstrongswan
72: */
73: static refcount_t libstrongswan_ref = 0;
74:
75: /**
76: * Global configuration of imcv dbg function
77: */
78: static int imcv_debug_level;
79: static bool imcv_stderr_quiet;
80:
81: /**
82: * imvc dbg function
83: */
84: static void imcv_dbg(debug_t group, level_t level, char *fmt, ...)
85: {
86: va_list args;
87:
88: if (level <= imcv_debug_level)
89: {
90: if (!imcv_stderr_quiet)
91: {
92: va_start(args, fmt);
93: fprintf(stderr, "[HSR] ");
94: vfprintf(stderr, fmt, args);
95: fprintf(stderr, "\n");
96: va_end(args);
97: }
98:
99: #ifdef HAVE_SYSLOG
100: {
101: int priority = LOG_INFO;
102: char buffer[8192];
103: char *current = buffer, *next;
104:
105: /* write in memory buffer first */
106: va_start(args, fmt);
107: vsnprintf(buffer, sizeof(buffer), fmt, args);
108: va_end(args);
109:
110: /* do a syslog with every line */
111: while (current)
112: {
113: next = strchr(current, '\n');
114: if (next)
115: {
116: *(next++) = '\0';
117: }
118: syslog(priority, "[HSR] %s\n", current);
119: current = next;
120: }
121: }
122: #endif /* HAVE_SYSLOG */
123: }
124: }
125:
126: /**
127: * Described in header.
128: */
129: bool libimcv_init(bool is_imv)
130: {
131: /* initialize libstrongswan library only once */
132: if (lib)
133: {
134: /* did main program initialize libstrongswan? */
135: if (libstrongswan_ref == 0)
136: {
137: ref_get(&libstrongswan_ref);
138: }
139: }
140: else
141: {
142: /* we are the first to initialize libstrongswan */
143: if (!library_init(NULL, "libimcv"))
144: {
145: return FALSE;
146: }
147:
148: /* set the debug level and stderr output */
149: imcv_debug_level = lib->settings->get_int(lib->settings,
150: "libimcv.debug_level", IMCV_DEBUG_LEVEL);
151: imcv_stderr_quiet = lib->settings->get_int(lib->settings,
152: "libimcv.stderr_quiet", FALSE);
153:
154: /* activate the imcv debugging hook */
155: dbg = imcv_dbg;
156: #ifdef HAVE_SYSLOG
157: openlog("imcv", 0, LOG_DAEMON);
158: #endif
159:
160: if (!lib->plugins->load(lib->plugins,
161: lib->settings->get_str(lib->settings, "libimcv.load",
162: "random nonce gmp pubkey x509")))
163: {
164: library_deinit();
165: return FALSE;
166: }
167: }
168: ref_get(&libstrongswan_ref);
169:
170: lib->settings->add_fallback(lib->settings, "%s.imcv", "libimcv", lib->ns);
171: lib->settings->add_fallback(lib->settings, "%s.plugins", "libimcv.plugins",
172: lib->ns);
173:
174: if (libimcv_ref == 0)
175: {
176: char *uri, *script;
177:
178: /* initialize the PA-TNC attribute manager */
179: imcv_pa_tnc_attributes = pa_tnc_attr_manager_create();
180: imcv_pa_tnc_attributes->add_vendor(imcv_pa_tnc_attributes, PEN_IETF,
181: ietf_attr_create_from_data, ietf_attr_names);
182: imcv_pa_tnc_attributes->add_vendor(imcv_pa_tnc_attributes, PEN_ITA,
183: ita_attr_create_from_data, ita_attr_names);
184: imcv_pa_tnc_attributes->add_vendor(imcv_pa_tnc_attributes, PEN_PWG,
185: pwg_attr_create_from_data, pwg_attr_names);
186: imcv_pa_tnc_attributes->add_vendor(imcv_pa_tnc_attributes, PEN_TCG,
187: tcg_attr_create_from_data, tcg_attr_names);
188:
189: imcv_pts_components = pts_component_manager_create();
190: imcv_pts_components->add_vendor(imcv_pts_components, PEN_TCG,
191: pts_tcg_comp_func_names, PTS_TCG_QUALIFIER_TYPE_SIZE,
192: pts_tcg_qualifier_flag_names, pts_tcg_qualifier_type_names);
193: imcv_pts_components->add_vendor(imcv_pts_components, PEN_ITA,
194: pts_ita_comp_func_names, PTS_ITA_QUALIFIER_TYPE_SIZE,
195: pts_ita_qualifier_flag_names, pts_ita_qualifier_type_names);
196:
197: imcv_pts_components->add_component(imcv_pts_components, PEN_ITA,
198: PTS_ITA_COMP_FUNC_NAME_TGRUB,
199: pts_ita_comp_tgrub_create);
200: imcv_pts_components->add_component(imcv_pts_components, PEN_ITA,
201: PTS_ITA_COMP_FUNC_NAME_TBOOT,
202: pts_ita_comp_tboot_create);
203: imcv_pts_components->add_component(imcv_pts_components, PEN_ITA,
204: PTS_ITA_COMP_FUNC_NAME_IMA,
205: pts_ita_comp_ima_create);
206: if (is_imv)
207: {
208: /* instantiate global IMV session manager */
209: imcv_sessions = imv_session_manager_create();
210:
211: /* instantiate and attach global IMV database if URI is valid */
212: uri = lib->settings->get_str(lib->settings,
213: "%s.imcv.database", NULL, lib->ns);
214: script = lib->settings->get_str(lib->settings,
215: "%s.imcv.policy_script", IMCV_DEFAULT_POLICY_SCRIPT,
216: lib->ns);
217: if (uri)
218: {
219: imcv_db = imv_database_create(uri, script);
220: }
221: }
222: DBG1(DBG_LIB, "libimcv initialized");
223: }
224: ref_get(&libimcv_ref);
225:
226: return TRUE;
227: }
228:
229: /**
230: * Described in header.
231: */
232: void libimcv_deinit(void)
233: {
234: if (ref_put(&libimcv_ref))
235: {
236: imcv_pts_components->remove_vendor(imcv_pts_components, PEN_TCG);
237: imcv_pts_components->remove_vendor(imcv_pts_components, PEN_ITA);
238: imcv_pts_components->destroy(imcv_pts_components);
239:
240: imcv_pa_tnc_attributes->remove_vendor(imcv_pa_tnc_attributes, PEN_IETF);
241: imcv_pa_tnc_attributes->remove_vendor(imcv_pa_tnc_attributes, PEN_ITA);
242: imcv_pa_tnc_attributes->remove_vendor(imcv_pa_tnc_attributes, PEN_PWG);
243: imcv_pa_tnc_attributes->remove_vendor(imcv_pa_tnc_attributes, PEN_TCG);
244: DESTROY_IF(imcv_pa_tnc_attributes);
245: imcv_pa_tnc_attributes = NULL;
246: DESTROY_IF(imcv_db);
247: DESTROY_IF(imcv_sessions);
248: DBG1(DBG_LIB, "libimcv terminated");
249: }
250: if (ref_put(&libstrongswan_ref))
251: {
252: library_deinit();
253: }
254: }
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>