1 /* $NetBSD: session.c,v 1.7.6.2 2007/08/01 11:52:22 vanhu Exp $ */
2
3 /* $KAME: session.c,v 1.32 2003/09/24 02:01:17 jinmei Exp $ */
4
5 /*
6 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
7 * All rights reserved.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in the
16 * documentation and/or other materials provided with the distribution.
17 * 3. Neither the name of the project nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 */
33
34 #include "config.h"
35
36 #include <sys/types.h>
37 #include <sys/param.h>
38 #include <sys/time.h>
39 #include <sys/socket.h>
40 #if HAVE_SYS_WAIT_H
41 # include <sys/wait.h>
42 #endif
43 #ifndef WEXITSTATUS
44 # define WEXITSTATUS(s) ((unsigned)(s) >> 8)
45 #endif
46 #ifndef WIFEXITED
47 # define WIFEXITED(s) (((s) & 255) == 0)
48 #endif
49
50 #include PATH_IPSEC_H
51
52 #include <stdlib.h>
53 #include <stdio.h>
54 #include <string.h>
55 #include <errno.h>
56 #ifdef HAVE_UNISTD_H
57 #include <unistd.h>
58 #endif
59 #include <signal.h>
60 #include <sys/stat.h>
61 #include <paths.h>
62
63 #include <netinet/in.h>
64 #include <resolv.h>
65
66 #include "libpfkey.h"
67
68 #include "var.h"
69 #include "misc.h"
70 #include "vmbuf.h"
71 #include "plog.h"
72 #include "debug.h"
73
74 #include "schedule.h"
75 #include "session.h"
76 #include "grabmyaddr.h"
77 #include "evt.h"
78 #include "cfparse_proto.h"
79 #include "isakmp_var.h"
80 #include "isakmp_xauth.h"
81 #include "isakmp_cfg.h"
82 #include "admin_var.h"
83 #include "admin.h"
84 #include "privsep.h"
85 #include "oakley.h"
86 #include "pfkey.h"
87 #include "handler.h"
88 #include "localconf.h"
89 #include "remoteconf.h"
90 #include "backupsa.h"
91 #ifdef ENABLE_NATT
92 #include "nattraversal.h"
93 #endif
94
95
96 #include "algorithm.h" /* XXX ??? */
97
98 #include "sainfo.h"
99
100 static void close_session __P((void));
101 static void check_rtsock __P((void *));
102 static void initfds __P((void));
103 static void init_signal __P((void));
104 static int set_signal __P((int sig, RETSIGTYPE (*func) __P((int))));
105 static void check_sigreq __P((void));
106 static void check_flushsa_stub __P((void *));
107 static void check_flushsa __P((void));
108 static int close_sockets __P((void));
109
110 static fd_set mask0;
111 static fd_set maskdying;
112 static int nfds = 0;
113 static volatile sig_atomic_t sigreq[NSIG + 1];
114 static int dying = 0;
115
116 int
session(void)117 session(void)
118 {
119 fd_set rfds;
120 struct timeval *timeout;
121 int error;
122 struct myaddrs *p;
123 char pid_file[MAXPATHLEN];
124 FILE *fp;
125 pid_t racoon_pid = 0;
126 int i;
127
128 /* initialize schedular */
129 sched_init();
130
131 init_signal();
132
133 #ifdef ENABLE_ADMINPORT
134 if (admin_init() < 0)
135 exit(1);
136 #endif
137
138 initmyaddr();
139
140 if (isakmp_init() < 0)
141 exit(1);
142
143 initfds();
144
145 #ifdef ENABLE_NATT
146 natt_keepalive_init ();
147 #endif
148
149 if (privsep_init() != 0)
150 exit(1);
151
152 for (i = 0; i <= NSIG; i++)
153 sigreq[i] = 0;
154
155 /* write .pid file */
156 racoon_pid = getpid();
157 if (lcconf->pathinfo[LC_PATHTYPE_PIDFILE] == NULL)
158 strlcpy(pid_file, _PATH_VARRUN "racoon.pid", MAXPATHLEN);
159 else if (lcconf->pathinfo[LC_PATHTYPE_PIDFILE][0] == '/')
160 strlcpy(pid_file, lcconf->pathinfo[LC_PATHTYPE_PIDFILE], MAXPATHLEN);
161 else {
162 strlcat(pid_file, _PATH_VARRUN, MAXPATHLEN);
163 strlcat(pid_file, lcconf->pathinfo[LC_PATHTYPE_PIDFILE], MAXPATHLEN);
164 }
165 fp = fopen(pid_file, "w");
166 if (fp) {
167 if (fchmod(fileno(fp),
168 S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH) == -1) {
169 syslog(LOG_ERR, "%s", strerror(errno));
170 fclose(fp);
171 exit(1);
172 }
173 fprintf(fp, "%ld\n", (long)racoon_pid);
174 fclose(fp);
175 } else {
176 plog(LLV_ERROR, LOCATION, NULL,
177 "cannot open %s", pid_file);
178 }
179
180 while (1) {
181 if (dying)
182 rfds = maskdying;
183 else
184 rfds = mask0;
185
186 /*
187 * asynchronous requests via signal.
188 * make sure to reset sigreq to 0.
189 */
190 check_sigreq();
191
192 /* scheduling */
193 timeout = schedular();
194
195 error = select(nfds, &rfds, (fd_set *)0, (fd_set *)0, timeout);
196 if (error < 0) {
197 switch (errno) {
198 case EINTR:
199 continue;
200 default:
201 plog(LLV_ERROR, LOCATION, NULL,
202 "failed to select (%s)\n",
203 strerror(errno));
204 return -1;
205 }
206 /*NOTREACHED*/
207 }
208
209 #ifdef ENABLE_ADMINPORT
210 if ((lcconf->sock_admin != -1) &&
211 (FD_ISSET(lcconf->sock_admin, &rfds)))
212 admin_handler();
213 #endif
214
215 for (p = lcconf->myaddrs; p; p = p->next) {
216 if (!p->addr)
217 continue;
218 if (FD_ISSET(p->sock, &rfds))
219 isakmp_handler(p->sock);
220 }
221
222 if (FD_ISSET(lcconf->sock_pfkey, &rfds))
223 pfkey_handler();
224
225 if (lcconf->rtsock >= 0 && FD_ISSET(lcconf->rtsock, &rfds)) {
226 if (update_myaddrs() && lcconf->autograbaddr)
227 check_rtsock(NULL);
228 else
229 initfds();
230 }
231 }
232 }
233
234 /* clear all status and exit program. */
235 static void
close_session()236 close_session()
237 {
238 #ifdef ENABLE_FASTQUIT
239 flushph2();
240 #endif
241 flushph1();
242 close_sockets();
243 backupsa_clean();
244
245 plog(LLV_INFO, LOCATION, NULL, "racoon shutdown\n");
246 exit(0);
247 }
248
249 static void
check_rtsock(unused)250 check_rtsock(unused)
251 void *unused;
252 {
253 isakmp_close();
254 grab_myaddrs();
255 autoconf_myaddrsport();
256 isakmp_open();
257
258 /* initialize socket list again */
259 initfds();
260 }
261
262 static void
initfds()263 initfds()
264 {
265 struct myaddrs *p;
266
267 nfds = 0;
268
269 FD_ZERO(&mask0);
270 FD_ZERO(&maskdying);
271
272 #ifdef ENABLE_ADMINPORT
273 if (lcconf->sock_admin != -1) {
274 if (lcconf->sock_admin >= FD_SETSIZE) {
275 plog(LLV_ERROR, LOCATION, NULL, "fd_set overrun\n");
276 exit(1);
277 }
278 FD_SET(lcconf->sock_admin, &mask0);
279 /* XXX should we listen on admin socket when dying ?
280 */
281 #if 0
282 FD_SET(lcconf->sock_admin, &maskdying);
283 #endif
284 nfds = (nfds > lcconf->sock_admin ? nfds : lcconf->sock_admin);
285 }
286 #endif
287 if (lcconf->sock_pfkey >= FD_SETSIZE) {
288 plog(LLV_ERROR, LOCATION, NULL, "fd_set overrun\n");
289 exit(1);
290 }
291 FD_SET(lcconf->sock_pfkey, &mask0);
292 FD_SET(lcconf->sock_pfkey, &maskdying);
293 nfds = (nfds > lcconf->sock_pfkey ? nfds : lcconf->sock_pfkey);
294 if (lcconf->rtsock >= 0) {
295 if (lcconf->rtsock >= FD_SETSIZE) {
296 plog(LLV_ERROR, LOCATION, NULL, "fd_set overrun\n");
297 exit(1);
298 }
299 FD_SET(lcconf->rtsock, &mask0);
300 nfds = (nfds > lcconf->rtsock ? nfds : lcconf->rtsock);
301 }
302
303 for (p = lcconf->myaddrs; p; p = p->next) {
304 if (!p->addr)
305 continue;
306 if (p->sock >= FD_SETSIZE) {
307 plog(LLV_ERROR, LOCATION, NULL, "fd_set overrun\n");
308 exit(1);
309 }
310 FD_SET(p->sock, &mask0);
311 nfds = (nfds > p->sock ? nfds : p->sock);
312 }
313 nfds++;
314 }
315
316 static int signals[] = {
317 SIGHUP,
318 SIGINT,
319 SIGTERM,
320 SIGUSR1,
321 SIGUSR2,
322 SIGCHLD,
323 0
324 };
325
326 /*
327 * asynchronous requests will actually dispatched in the
328 * main loop in session().
329 */
330 RETSIGTYPE
signal_handler(sig)331 signal_handler(sig)
332 int sig;
333 {
334 /* Do not just set it to 1, because we may miss some signals by just setting
335 * values to 0/1
336 */
337 sigreq[sig]++;
338 }
339
340
341 /* XXX possible mem leaks and no way to go back for now !!!
342 */
reload_conf()343 static void reload_conf(){
344 int error;
345
346 #ifdef ENABLE_HYBRID
347 if ((isakmp_cfg_init(ISAKMP_CFG_INIT_WARM)) != 0) {
348 plog(LLV_ERROR, LOCATION, NULL,
349 "ISAKMP mode config structure reset failed, "
350 "not reloading\n");
351 return;
352 }
353 #endif
354
355 save_sainfotree();
356
357 /* TODO: save / restore / flush old lcconf (?) / rmtree
358 */
359 /* initlcconf();*/ /* racoon_conf ? ! */
360
361 save_rmconf();
362 initrmconf();
363
364 /* Do a part of pfkey_init() ?
365 * SPD reload ?
366 */
367
368 save_params();
369 error = cfparse();
370 if (error != 0){
371 plog(LLV_ERROR, LOCATION, NULL, "config reload failed\n");
372 /* We are probably in an inconsistant state... */
373 return;
374 }
375 restore_params();
376
377 #if 0
378 if (dump_config)
379 dumprmconf ();
380 #endif
381
382 /*
383 * init_myaddr() ?
384 * If running in privilege separation, do not reinitialize
385 * the IKE listener, as we will not have the right to
386 * setsockopt(IP_IPSEC_POLICY).
387 */
388 if (geteuid() == 0)
389 check_rtsock(NULL);
390
391 /* Revalidate ph1 / ph2tree !!!
392 * update ctdtree if removing some ph1 !
393 */
394 revalidate_ph12();
395 /* Update ctdtree ?
396 */
397
398 save_sainfotree_flush();
399 save_rmconf_flush();
400 }
401
402 static void
check_sigreq()403 check_sigreq()
404 {
405 int sig;
406
407 /*
408 * XXX We are not able to tell if we got
409 * several time the same signal. This is
410 * not a problem for the current code,
411 * but we shall remember this limitation.
412 */
413 for (sig = 0; sig <= NSIG; sig++) {
414 if (sigreq[sig] == 0)
415 continue;
416
417 sigreq[sig]--;
418 switch(sig) {
419 case 0:
420 return;
421
422 /* Catch up childs, mainly scripts.
423 */
424 case SIGCHLD:
425 {
426 pid_t pid;
427 int s;
428
429 pid = wait(&s);
430 }
431 break;
432
433 #ifdef DEBUG_RECORD_MALLOCATION
434 /*
435 * XXX This operation is signal handler unsafe and may lead to
436 * crashes and security breaches: See Henning Brauer talk at
437 * EuroBSDCon 2005. Do not run in production with this option
438 * enabled.
439 */
440 case SIGUSR2:
441 DRM_dump();
442 break;
443 #endif
444
445 case SIGHUP:
446 /* Save old configuration, load new one... */
447 reload_conf();
448 break;
449
450 case SIGINT:
451 case SIGTERM:
452 plog(LLV_INFO, LOCATION, NULL,
453 "caught signal %d\n", sig);
454 EVT_PUSH(NULL, NULL, EVTT_RACOON_QUIT, NULL);
455 pfkey_send_flush(lcconf->sock_pfkey,
456 SADB_SATYPE_UNSPEC);
457 #ifdef ENABLE_FASTQUIT
458 close_session();
459 #else
460 sched_new(1, check_flushsa_stub, NULL);
461 #endif
462 dying = 1;
463 break;
464
465 default:
466 plog(LLV_INFO, LOCATION, NULL,
467 "caught signal %d\n", sig);
468 break;
469 }
470 }
471 }
472
473 /*
474 * waiting the termination of processing until sending DELETE message
475 * for all inbound SA will complete.
476 */
477 static void
check_flushsa_stub(p)478 check_flushsa_stub(p)
479 void *p;
480 {
481
482 check_flushsa();
483 }
484
485 static void
check_flushsa()486 check_flushsa()
487 {
488 vchar_t *buf;
489 struct sadb_msg *msg, *end, *next;
490 struct sadb_sa *sa;
491 caddr_t mhp[SADB_EXT_MAX + 1];
492 int n;
493
494 buf = pfkey_dump_sadb(SADB_SATYPE_UNSPEC);
495 if (buf == NULL) {
496 plog(LLV_DEBUG, LOCATION, NULL,
497 "pfkey_dump_sadb: returned nothing.\n");
498 return;
499 }
500
501 msg = (struct sadb_msg *)buf->v;
502 end = (struct sadb_msg *)(buf->v + buf->l);
503
504 /* counting SA except of dead one. */
505 n = 0;
506 while (msg < end) {
507 if (PFKEY_UNUNIT64(msg->sadb_msg_len) < sizeof(*msg))
508 break;
509 next = (struct sadb_msg *)((caddr_t)msg + PFKEY_UNUNIT64(msg->sadb_msg_len));
510 if (msg->sadb_msg_type != SADB_DUMP) {
511 msg = next;
512 continue;
513 }
514
515 if (pfkey_align(msg, mhp) || pfkey_check(mhp)) {
516 plog(LLV_ERROR, LOCATION, NULL,
517 "pfkey_check (%s)\n", ipsec_strerror());
518 msg = next;
519 continue;
520 }
521
522 sa = (struct sadb_sa *)(mhp[SADB_EXT_SA]);
523 if (!sa) {
524 msg = next;
525 continue;
526 }
527
528 if (sa->sadb_sa_state != SADB_SASTATE_DEAD) {
529 n++;
530 msg = next;
531 continue;
532 }
533
534 msg = next;
535 }
536
537 if (buf != NULL)
538 vfree(buf);
539
540 if (n) {
541 sched_new(1, check_flushsa_stub, NULL);
542 return;
543 }
544
545 close_session();
546 }
547
548 static void
init_signal()549 init_signal()
550 {
551 int i;
552
553 for (i = 0; signals[i] != 0; i++)
554 if (set_signal(signals[i], signal_handler) < 0) {
555 plog(LLV_ERROR, LOCATION, NULL,
556 "failed to set_signal (%s)\n",
557 strerror(errno));
558 exit(1);
559 }
560 }
561
562 static int
set_signal(sig,func)563 set_signal(sig, func)
564 int sig;
565 RETSIGTYPE (*func) __P((int));
566 {
567 struct sigaction sa;
568
569 memset((caddr_t)&sa, 0, sizeof(sa));
570 sa.sa_handler = func;
571 sa.sa_flags = SA_RESTART;
572
573 if (sigemptyset(&sa.sa_mask) < 0)
574 return -1;
575
576 if (sigaction(sig, &sa, (struct sigaction *)0) < 0)
577 return(-1);
578
579 return 0;
580 }
581
582 static int
close_sockets()583 close_sockets()
584 {
585 isakmp_close();
586 pfkey_close(lcconf->sock_pfkey);
587 #ifdef ENABLE_ADMINPORT
588 (void)admin_close();
589 #endif
590 return 0;
591 }
592
593