1: /*
2: * Copyright (C) 2009-2018 Tobias Brunner
3: * Copyright (C) 2008 Martin Willi
4: * HSR Hochschule fuer Technik Rapperswil
5: *
6: * This program is free software; you can redistribute it and/or modify it
7: * under the terms of the GNU General Public License as published by the
8: * Free Software Foundation; either version 2 of the License, or (at your
9: * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
10: *
11: * This program is distributed in the hope that it will be useful, but
12: * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
13: * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14: * for more details.
15: */
16:
17: #include "library.h"
18:
19: #include <stdlib.h>
20:
21: #include <utils/debug.h>
22: #include <threading/thread.h>
23: #include <utils/identification.h>
24: #include <networking/host.h>
25: #include <collections/array.h>
26: #include <collections/hashtable.h>
27: #include <utils/backtrace.h>
28: #include <selectors/traffic_selector.h>
29: #include <crypto/proposal/proposal.h>
30:
31: #define CHECKSUM_LIBRARY IPSEC_LIB_DIR"/libchecksum.so"
32:
33: #ifndef STRONGSWAN_CONF
34: #define STRONGSWAN_CONF NULL
35: #endif
36:
37: typedef struct private_library_t private_library_t;
38:
39: /**
40: * private data of library
41: */
42: struct private_library_t {
43:
44: /**
45: * public functions
46: */
47: library_t public;
48:
49: /**
50: * Hashtable with registered objects (name => object)
51: */
52: hashtable_t *objects;
53:
54: /**
55: * Integrity check failed?
56: */
57: bool init_failed;
58:
59: #ifdef LEAK_DETECTIVE
60: /**
61: * Where to write leak detective output to
62: */
63: FILE *ld_out;
64: #endif
65:
66: /**
67: * Number of times we have been initialized
68: */
69: refcount_t ref;
70: };
71:
72: #define MAX_NAMESPACES 5
73:
74: /**
75: * Additional namespaces registered using __attribute__((constructor))
76: */
77: static char *namespaces[MAX_NAMESPACES];
78: static int ns_count;
79:
80: /**
81: * Described in header
82: */
83: void library_add_namespace(char *ns)
84: {
85: if (ns_count < MAX_NAMESPACES - 1)
86: {
87: namespaces[ns_count] = ns;
88: ns_count++;
89: }
90: else
91: {
92: fprintf(stderr, "failed to register additional namespace alias, please "
93: "increase MAX_NAMESPACES");
94: }
95: }
96:
97: /**
98: * Register plugins if built statically
99: */
100: #ifdef STATIC_PLUGIN_CONSTRUCTORS
101: #include "plugin_constructors.c"
102: #endif
103:
104: /**
105: * library instance
106: */
107: library_t *lib = NULL;
108:
109: #ifdef LEAK_DETECTIVE
110: /**
111: * Default leak report callback
112: */
113: CALLBACK(report_leaks, void,
114: private_library_t *this, int count, size_t bytes, backtrace_t *bt,
115: bool detailed)
116: {
117: fprintf(this->ld_out, "%zu bytes total, %d allocations, %zu bytes average:\n",
118: bytes, count, bytes / count);
119: bt->log(bt, this->ld_out, detailed);
120: }
121:
122: /**
123: * Default leak report summary callback
124: */
125: CALLBACK(sum_leaks, void,
126: private_library_t *this, int count, size_t bytes, int whitelisted)
127: {
128: switch (count)
129: {
130: case 0:
131: fprintf(this->ld_out, "No leaks detected");
132: break;
133: case 1:
134: fprintf(this->ld_out, "One leak detected");
135: break;
136: default:
137: fprintf(this->ld_out, "%d leaks detected, %zu bytes", count, bytes);
138: break;
139: }
140: fprintf(this->ld_out, ", %d suppressed by whitelist\n", whitelisted);
141: }
142: #endif /* LEAK_DETECTIVE */
143:
144: /**
145: * Deinitialize library
146: */
147: void library_deinit()
148: {
149: private_library_t *this = (private_library_t*)lib;
150: bool detailed;
151:
152: if (!this || !ref_put(&this->ref))
153: { /* have more users */
154: return;
155: }
156:
157: detailed = lib->settings->get_bool(lib->settings,
158: "%s.leak_detective.detailed", TRUE, lib->ns);
159:
160: /* make sure the cache is clear before unloading plugins */
161: lib->credmgr->flush_cache(lib->credmgr, CERT_ANY);
162:
163: this->public.streams->destroy(this->public.streams);
164: this->public.watcher->destroy(this->public.watcher);
165: this->public.scheduler->destroy(this->public.scheduler);
166: this->public.processor->destroy(this->public.processor);
167: this->public.plugins->destroy(this->public.plugins);
168: this->public.hosts->destroy(this->public.hosts);
169: this->public.settings->destroy(this->public.settings);
170: this->public.credmgr->destroy(this->public.credmgr);
171: this->public.creds->destroy(this->public.creds);
172: this->public.encoding->destroy(this->public.encoding);
173: this->public.crypto->destroy(this->public.crypto);
174: this->public.caps->destroy(this->public.caps);
175: this->public.proposal->destroy(this->public.proposal);
176: this->public.fetcher->destroy(this->public.fetcher);
177: this->public.resolver->destroy(this->public.resolver);
178: this->public.db->destroy(this->public.db);
179: this->public.printf_hook->destroy(this->public.printf_hook);
180: this->objects->destroy(this->objects);
181: if (this->public.integrity)
182: {
183: this->public.integrity->destroy(this->public.integrity);
184: }
185:
186: if (lib->leak_detective)
187: {
188: lib->leak_detective->report(lib->leak_detective, detailed);
189: lib->leak_detective->destroy(lib->leak_detective);
190: lib->leak_detective = NULL;
191: }
192: #ifdef LEAK_DETECTIVE
193: if (this->ld_out && this->ld_out != stderr)
194: {
195: fclose(this->ld_out);
196: }
197: #endif /* LEAK_DETECTIVE */
198:
199: backtrace_deinit();
200: arrays_deinit();
201: utils_deinit();
202: threads_deinit();
203:
204: free(this->public.conf);
205: free((void*)this->public.ns);
206: free(this);
207: lib = NULL;
208: }
209:
210: METHOD(library_t, get, void*,
211: private_library_t *this, char *name)
212: {
213: return this->objects->get(this->objects, name);
214: }
215:
216: METHOD(library_t, set, bool,
217: private_library_t *this, char *name, void *object)
218: {
219: if (object)
220: {
221: if (this->objects->get(this->objects, name))
222: {
223: return FALSE;
224: }
225: this->objects->put(this->objects, name, object);
226: return TRUE;
227: }
228: return this->objects->remove(this->objects, name) != NULL;
229: }
230:
231: /**
232: * Hashtable hash function
233: */
234: static u_int hash(char *key)
235: {
236: return chunk_hash(chunk_create(key, strlen(key)));
237: }
238:
239: /**
240: * Hashtable equals function
241: */
242: static bool equals(char *a, char *b)
243: {
244: return streq(a, b);
245: }
246:
247: /**
248: * Number of words we write and memwipe() in memwipe check
249: */
250: #define MEMWIPE_WIPE_WORDS 16
251:
252: #ifndef NO_CHECK_MEMWIPE
253:
254: /**
255: * Write magic to memory, and try to clear it with memwipe()
256: */
257: __attribute__((noinline))
258: static void do_magic(int *magic, int **out)
259: {
260: int buf[MEMWIPE_WIPE_WORDS], i;
261:
262: *out = buf;
263: for (i = 0; i < countof(buf); i++)
264: {
265: buf[i] = *magic;
266: }
267: /* passing buf to dbg should make sure the compiler can't optimize out buf.
268: * we use directly dbg(3), as DBG3() might be stripped with DEBUG_LEVEL. */
269: dbg(DBG_LIB, 3, "memwipe() pre: %b", buf, sizeof(buf));
270: memwipe(buf, sizeof(buf));
271: }
272:
273: /**
274: * Check if memwipe works as expected
275: */
276: static bool check_memwipe()
277: {
278: int magic = 0xCAFEBABE, *buf, i;
279:
280: do_magic(&magic, &buf);
281:
282: for (i = 0; i < MEMWIPE_WIPE_WORDS; i++)
283: {
284: if (buf[i] == magic)
285: {
286: DBG1(DBG_LIB, "memwipe() check failed: stackdir: %b",
287: buf, MEMWIPE_WIPE_WORDS * sizeof(int));
288: return FALSE;
289: }
290: }
291: return TRUE;
292: }
293:
294: #endif
295:
296: /*
297: * see header file
298: */
299: bool library_init(char *settings, const char *namespace)
300: {
301: private_library_t *this;
302: printf_hook_t *pfh;
303: int i;
304:
305: if (lib)
306: { /* already initialized, increase refcount */
307: this = (private_library_t*)lib;
308: ref_get(&this->ref);
309: return !this->init_failed;
310: }
311:
312: chunk_hash_seed();
313:
314: INIT(this,
315: .public = {
316: .get = _get,
317: .set = _set,
318: .ns = strdup(namespace ?: "libstrongswan"),
319: .conf = strdupnull(settings ?: (getenv("STRONGSWAN_CONF") ?: STRONGSWAN_CONF)),
320: },
321: .ref = 1,
322: );
323: lib = &this->public;
324:
325: threads_init();
326: utils_init();
327: arrays_init();
328: backtrace_init();
329:
330: #ifdef LEAK_DETECTIVE
331: {
332: FILE *out = NULL;
333: char *log;
334:
335: log = getenv("LEAK_DETECTIVE_LOG");
336: if (log)
337: {
338: out = fopen(log, "a");
339: }
340: this->ld_out = out ?: stderr;
341: }
342: lib->leak_detective = leak_detective_create();
343: if (lib->leak_detective)
344: {
345: lib->leak_detective->set_report_cb(lib->leak_detective,
346: report_leaks, sum_leaks, this);
347: }
348: #endif /* LEAK_DETECTIVE */
349:
350: pfh = printf_hook_create();
351: this->public.printf_hook = pfh;
352:
353: pfh->add_handler(pfh, 'b', mem_printf_hook,
354: PRINTF_HOOK_ARGTYPE_POINTER, PRINTF_HOOK_ARGTYPE_INT,
355: PRINTF_HOOK_ARGTYPE_END);
356: pfh->add_handler(pfh, 'B', chunk_printf_hook,
357: PRINTF_HOOK_ARGTYPE_POINTER, PRINTF_HOOK_ARGTYPE_END);
358: pfh->add_handler(pfh, 'H', host_printf_hook,
359: PRINTF_HOOK_ARGTYPE_POINTER, PRINTF_HOOK_ARGTYPE_END);
360: pfh->add_handler(pfh, 'N', enum_printf_hook,
361: PRINTF_HOOK_ARGTYPE_POINTER, PRINTF_HOOK_ARGTYPE_INT,
362: PRINTF_HOOK_ARGTYPE_END);
363: pfh->add_handler(pfh, 'T', time_printf_hook,
364: PRINTF_HOOK_ARGTYPE_POINTER, PRINTF_HOOK_ARGTYPE_INT,
365: PRINTF_HOOK_ARGTYPE_END);
366: pfh->add_handler(pfh, 'V', time_delta_printf_hook,
367: PRINTF_HOOK_ARGTYPE_POINTER, PRINTF_HOOK_ARGTYPE_POINTER,
368: PRINTF_HOOK_ARGTYPE_END);
369: pfh->add_handler(pfh, 'Y', identification_printf_hook,
370: PRINTF_HOOK_ARGTYPE_POINTER, PRINTF_HOOK_ARGTYPE_END);
371: pfh->add_handler(pfh, 'R', traffic_selector_printf_hook,
372: PRINTF_HOOK_ARGTYPE_POINTER, PRINTF_HOOK_ARGTYPE_END);
373: pfh->add_handler(pfh, 'P', proposal_printf_hook,
374: PRINTF_HOOK_ARGTYPE_POINTER, PRINTF_HOOK_ARGTYPE_END);
375:
376: this->objects = hashtable_create((hashtable_hash_t)hash,
377: (hashtable_equals_t)equals, 4);
378:
379: this->public.settings = settings_create(NULL);
380: if (!this->public.settings->load_files(this->public.settings,
381: this->public.conf, FALSE))
382: {
383: DBG1(DBG_LIB, "abort initialization due to invalid configuration");
384: this->init_failed = TRUE;
385: }
386:
387: /* add registered aliases */
388: for (i = 0; i < ns_count; ++i)
389: {
390: lib->settings->add_fallback(lib->settings, lib->ns, namespaces[i]);
391: }
392: /* all namespace settings may fall back to libstrongswan */
393: lib->settings->add_fallback(lib->settings, lib->ns, "libstrongswan");
394:
395: this->public.hosts = host_resolver_create();
396: this->public.proposal = proposal_keywords_create();
397: this->public.caps = capabilities_create();
398: this->public.crypto = crypto_factory_create();
399: this->public.creds = credential_factory_create();
400: this->public.credmgr = credential_manager_create();
401: this->public.encoding = cred_encoding_create();
402: this->public.fetcher = fetcher_manager_create();
403: this->public.resolver = resolver_manager_create();
404: this->public.db = database_factory_create();
405: this->public.processor = processor_create();
406: this->public.scheduler = scheduler_create();
407: this->public.watcher = watcher_create();
408: this->public.streams = stream_manager_create();
409: this->public.plugins = plugin_loader_create();
410:
411: #ifndef NO_CHECK_MEMWIPE
412: if (!check_memwipe())
413: {
414: return FALSE;
415: }
416: #endif
417:
418: if (lib->settings->get_bool(lib->settings,
419: "%s.integrity_test", FALSE, lib->ns))
420: {
421: #ifdef INTEGRITY_TEST
422: this->public.integrity = integrity_checker_create(CHECKSUM_LIBRARY);
423: if (!lib->integrity->check(lib->integrity, "libstrongswan", library_init))
424: {
425: DBG1(DBG_LIB, "integrity check of libstrongswan failed");
426: this->init_failed = TRUE;
427: }
428: #else /* !INTEGRITY_TEST */
429: DBG1(DBG_LIB, "integrity test enabled, but not supported");
430: this->init_failed = TRUE;
431: #endif /* INTEGRITY_TEST */
432: }
433:
434: diffie_hellman_init();
435:
436: return !this->init_failed;
437: }
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to library.c CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / src / libstrongswan