1 /*	$NetBSD: session.c,v 1.7.6.2 2007/08/01 11:52:22 vanhu Exp $	*/
2 
3 /*	$KAME: session.c,v 1.32 2003/09/24 02:01:17 jinmei Exp $	*/
4 
5 /*
6  * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
7  * All rights reserved.
8  *
9  * Redistribution and use in source and binary forms, with or without
10  * modification, are permitted provided that the following conditions
11  * are met:
12  * 1. Redistributions of source code must retain the above copyright
13  *    notice, this list of conditions and the following disclaimer.
14  * 2. Redistributions in binary form must reproduce the above copyright
15  *    notice, this list of conditions and the following disclaimer in the
16  *    documentation and/or other materials provided with the distribution.
17  * 3. Neither the name of the project nor the names of its contributors
18  *    may be used to endorse or promote products derived from this software
19  *    without specific prior written permission.
20  *
21  * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
22  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24  * ARE DISCLAIMED.  IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
25  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31  * SUCH DAMAGE.
32  */
33 
34 #include "config.h"
35 
36 #include <sys/types.h>
37 #include <sys/param.h>
38 #include <sys/time.h>
39 #include <sys/socket.h>
40 #if HAVE_SYS_WAIT_H
41 # include <sys/wait.h>
42 #endif
43 #ifndef WEXITSTATUS
44 # define WEXITSTATUS(s)	((unsigned)(s) >> 8)
45 #endif
46 #ifndef WIFEXITED
47 # define WIFEXITED(s)	(((s) & 255) == 0)
48 #endif
49 
50 #include PATH_IPSEC_H
51 
52 #include <stdlib.h>
53 #include <stdio.h>
54 #include <string.h>
55 #include <errno.h>
56 #ifdef HAVE_UNISTD_H
57 #include <unistd.h>
58 #endif
59 #include <signal.h>
60 #include <sys/stat.h>
61 #include <paths.h>
62 
63 #include <netinet/in.h>
64 #include <resolv.h>
65 
66 #include "libpfkey.h"
67 
68 #include "var.h"
69 #include "misc.h"
70 #include "vmbuf.h"
71 #include "plog.h"
72 #include "debug.h"
73 
74 #include "schedule.h"
75 #include "session.h"
76 #include "grabmyaddr.h"
77 #include "evt.h"
78 #include "cfparse_proto.h"
79 #include "isakmp_var.h"
80 #include "isakmp_xauth.h"
81 #include "isakmp_cfg.h"
82 #include "admin_var.h"
83 #include "admin.h"
84 #include "privsep.h"
85 #include "oakley.h"
86 #include "pfkey.h"
87 #include "handler.h"
88 #include "localconf.h"
89 #include "remoteconf.h"
90 #include "backupsa.h"
91 #ifdef ENABLE_NATT
92 #include "nattraversal.h"
93 #endif
94 
95 
96 #include "algorithm.h" /* XXX ??? */
97 
98 #include "sainfo.h"
99 
100 static void close_session __P((void));
101 static void check_rtsock __P((void *));
102 static void initfds __P((void));
103 static void init_signal __P((void));
104 static int set_signal __P((int sig, RETSIGTYPE (*func) __P((int))));
105 static void check_sigreq __P((void));
106 static void check_flushsa_stub __P((void *));
107 static void check_flushsa __P((void));
108 static int close_sockets __P((void));
109 
110 static fd_set mask0;
111 static fd_set maskdying;
112 static int nfds = 0;
113 static volatile sig_atomic_t sigreq[NSIG + 1];
114 static int dying = 0;
115 
116 int
session(void)117 session(void)
118 {
119 	fd_set rfds;
120 	struct timeval *timeout;
121 	int error;
122 	struct myaddrs *p;
123 	char pid_file[MAXPATHLEN];
124 	FILE *fp;
125 	pid_t racoon_pid = 0;
126 	int i;
127 
128 	/* initialize schedular */
129 	sched_init();
130 
131 	init_signal();
132 
133 #ifdef ENABLE_ADMINPORT
134 	if (admin_init() < 0)
135 		exit(1);
136 #endif
137 
138 	initmyaddr();
139 
140 	if (isakmp_init() < 0)
141 		exit(1);
142 
143 	initfds();
144 
145 #ifdef ENABLE_NATT
146 	natt_keepalive_init ();
147 #endif
148 
149 	if (privsep_init() != 0)
150 		exit(1);
151 
152 	for (i = 0; i <= NSIG; i++)
153 		sigreq[i] = 0;
154 
155 	/* write .pid file */
156 	racoon_pid = getpid();
157 	if (lcconf->pathinfo[LC_PATHTYPE_PIDFILE] == NULL)
158 		strlcpy(pid_file, _PATH_VARRUN "racoon.pid", MAXPATHLEN);
159 	else if (lcconf->pathinfo[LC_PATHTYPE_PIDFILE][0] == '/')
160 		strlcpy(pid_file, lcconf->pathinfo[LC_PATHTYPE_PIDFILE], MAXPATHLEN);
161 	else {
162 		strlcat(pid_file, _PATH_VARRUN, MAXPATHLEN);
163 		strlcat(pid_file, lcconf->pathinfo[LC_PATHTYPE_PIDFILE], MAXPATHLEN);
164 	}
165 	fp = fopen(pid_file, "w");
166 	if (fp) {
167 		if (fchmod(fileno(fp),
168 			S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH) == -1) {
169 			syslog(LOG_ERR, "%s", strerror(errno));
170 			fclose(fp);
171 			exit(1);
172 		}
173 		fprintf(fp, "%ld\n", (long)racoon_pid);
174 		fclose(fp);
175 	} else {
176 		plog(LLV_ERROR, LOCATION, NULL,
177 			"cannot open %s", pid_file);
178 	}
179 
180 	while (1) {
181 		if (dying)
182 			rfds = maskdying;
183 		else
184 			rfds = mask0;
185 
186 		/*
187 		 * asynchronous requests via signal.
188 		 * make sure to reset sigreq to 0.
189 		 */
190 		check_sigreq();
191 
192 		/* scheduling */
193 		timeout = schedular();
194 
195 		error = select(nfds, &rfds, (fd_set *)0, (fd_set *)0, timeout);
196 		if (error < 0) {
197 			switch (errno) {
198 			case EINTR:
199 				continue;
200 			default:
201 				plog(LLV_ERROR, LOCATION, NULL,
202 					"failed to select (%s)\n",
203 					strerror(errno));
204 				return -1;
205 			}
206 			/*NOTREACHED*/
207 		}
208 
209 #ifdef ENABLE_ADMINPORT
210 		if ((lcconf->sock_admin != -1) &&
211 		    (FD_ISSET(lcconf->sock_admin, &rfds)))
212 			admin_handler();
213 #endif
214 
215 		for (p = lcconf->myaddrs; p; p = p->next) {
216 			if (!p->addr)
217 				continue;
218 			if (FD_ISSET(p->sock, &rfds))
219 				isakmp_handler(p->sock);
220 		}
221 
222 		if (FD_ISSET(lcconf->sock_pfkey, &rfds))
223 			pfkey_handler();
224 
225 		if (lcconf->rtsock >= 0 && FD_ISSET(lcconf->rtsock, &rfds)) {
226 			if (update_myaddrs() && lcconf->autograbaddr)
227 				check_rtsock(NULL);
228 			else
229 				initfds();
230 		}
231 	}
232 }
233 
234 /* clear all status and exit program. */
235 static void
close_session()236 close_session()
237 {
238 #ifdef ENABLE_FASTQUIT
239 	flushph2();
240 #endif
241 	flushph1();
242 	close_sockets();
243 	backupsa_clean();
244 
245 	plog(LLV_INFO, LOCATION, NULL, "racoon shutdown\n");
246 	exit(0);
247 }
248 
249 static void
check_rtsock(unused)250 check_rtsock(unused)
251 	void *unused;
252 {
253 	isakmp_close();
254 	grab_myaddrs();
255 	autoconf_myaddrsport();
256 	isakmp_open();
257 
258 	/* initialize socket list again */
259 	initfds();
260 }
261 
262 static void
initfds()263 initfds()
264 {
265 	struct myaddrs *p;
266 
267 	nfds = 0;
268 
269 	FD_ZERO(&mask0);
270 	FD_ZERO(&maskdying);
271 
272 #ifdef ENABLE_ADMINPORT
273 	if (lcconf->sock_admin != -1) {
274 		if (lcconf->sock_admin >= FD_SETSIZE) {
275 			plog(LLV_ERROR, LOCATION, NULL, "fd_set overrun\n");
276 			exit(1);
277 		}
278 		FD_SET(lcconf->sock_admin, &mask0);
279 		/* XXX should we listen on admin socket when dying ?
280 		 */
281 #if 0
282 		FD_SET(lcconf->sock_admin, &maskdying);
283 #endif
284 		nfds = (nfds > lcconf->sock_admin ? nfds : lcconf->sock_admin);
285 	}
286 #endif
287 	if (lcconf->sock_pfkey >= FD_SETSIZE) {
288 		plog(LLV_ERROR, LOCATION, NULL, "fd_set overrun\n");
289 		exit(1);
290 	}
291 	FD_SET(lcconf->sock_pfkey, &mask0);
292 	FD_SET(lcconf->sock_pfkey, &maskdying);
293 	nfds = (nfds > lcconf->sock_pfkey ? nfds : lcconf->sock_pfkey);
294 	if (lcconf->rtsock >= 0) {
295 		if (lcconf->rtsock >= FD_SETSIZE) {
296 			plog(LLV_ERROR, LOCATION, NULL, "fd_set overrun\n");
297 			exit(1);
298 		}
299 		FD_SET(lcconf->rtsock, &mask0);
300 		nfds = (nfds > lcconf->rtsock ? nfds : lcconf->rtsock);
301 	}
302 
303 	for (p = lcconf->myaddrs; p; p = p->next) {
304 		if (!p->addr)
305 			continue;
306 		if (p->sock >= FD_SETSIZE) {
307 			plog(LLV_ERROR, LOCATION, NULL, "fd_set overrun\n");
308 			exit(1);
309 		}
310 		FD_SET(p->sock, &mask0);
311 		nfds = (nfds > p->sock ? nfds : p->sock);
312 	}
313 	nfds++;
314 }
315 
316 static int signals[] = {
317 	SIGHUP,
318 	SIGINT,
319 	SIGTERM,
320 	SIGUSR1,
321 	SIGUSR2,
322 	SIGCHLD,
323 	0
324 };
325 
326 /*
327  * asynchronous requests will actually dispatched in the
328  * main loop in session().
329  */
330 RETSIGTYPE
signal_handler(sig)331 signal_handler(sig)
332 	int sig;
333 {
334 	/* Do not just set it to 1, because we may miss some signals by just setting
335 	 * values to 0/1
336 	 */
337 	sigreq[sig]++;
338 }
339 
340 
341 /* XXX possible mem leaks and no way to go back for now !!!
342  */
reload_conf()343 static void reload_conf(){
344 	int error;
345 
346 #ifdef ENABLE_HYBRID
347 	if ((isakmp_cfg_init(ISAKMP_CFG_INIT_WARM)) != 0) {
348 		plog(LLV_ERROR, LOCATION, NULL,
349 		    "ISAKMP mode config structure reset failed, "
350 		    "not reloading\n");
351 		return;
352 	}
353 #endif
354 
355 	save_sainfotree();
356 
357 	/* TODO: save / restore / flush old lcconf (?) / rmtree
358 	 */
359 /*	initlcconf();*/ /* racoon_conf ? ! */
360 
361 	save_rmconf();
362 	initrmconf();
363 
364 	/* Do a part of pfkey_init() ?
365 	 * SPD reload ?
366 	 */
367 
368 	save_params();
369 	error = cfparse();
370 	if (error != 0){
371 		plog(LLV_ERROR, LOCATION, NULL, "config reload failed\n");
372 		/* We are probably in an inconsistant state... */
373 		return;
374 	}
375 	restore_params();
376 
377 #if 0
378 	if (dump_config)
379 		dumprmconf ();
380 #endif
381 
382 	/*
383 	 * init_myaddr() ?
384 	 * If running in privilege separation, do not reinitialize
385 	 * the IKE listener, as we will not have the right to
386 	 * setsockopt(IP_IPSEC_POLICY).
387 	 */
388 	if (geteuid() == 0)
389 		check_rtsock(NULL);
390 
391 	/* Revalidate ph1 / ph2tree !!!
392 	 * update ctdtree if removing some ph1 !
393 	 */
394 	revalidate_ph12();
395 	/* Update ctdtree ?
396 	 */
397 
398 	save_sainfotree_flush();
399 	save_rmconf_flush();
400 }
401 
402 static void
check_sigreq()403 check_sigreq()
404 {
405 	int sig;
406 
407 	/*
408 	 * XXX We are not able to tell if we got
409 	 * several time the same signal. This is
410 	 * not a problem for the current code,
411 	 * but we shall remember this limitation.
412 	 */
413 	for (sig = 0; sig <= NSIG; sig++) {
414 		if (sigreq[sig] == 0)
415 			continue;
416 
417 		sigreq[sig]--;
418 		switch(sig) {
419 		case 0:
420 			return;
421 
422 			/* Catch up childs, mainly scripts.
423 			 */
424 		case SIGCHLD:
425 	    {
426 			pid_t pid;
427 			int s;
428 
429 			pid = wait(&s);
430 	    }
431 		break;
432 
433 #ifdef DEBUG_RECORD_MALLOCATION
434 		/*
435 		 * XXX This operation is signal handler unsafe and may lead to
436 		 * crashes and security breaches: See Henning Brauer talk at
437 		 * EuroBSDCon 2005. Do not run in production with this option
438 		 * enabled.
439 		 */
440 		case SIGUSR2:
441 			DRM_dump();
442 			break;
443 #endif
444 
445 		case SIGHUP:
446 			/* Save old configuration, load new one...  */
447 			reload_conf();
448 			break;
449 
450 		case SIGINT:
451 		case SIGTERM:
452 			plog(LLV_INFO, LOCATION, NULL,
453 			    "caught signal %d\n", sig);
454 			EVT_PUSH(NULL, NULL, EVTT_RACOON_QUIT, NULL);
455 			pfkey_send_flush(lcconf->sock_pfkey,
456 			    SADB_SATYPE_UNSPEC);
457 #ifdef ENABLE_FASTQUIT
458 			close_session();
459 #else
460 			sched_new(1, check_flushsa_stub, NULL);
461 #endif
462 			dying = 1;
463 			break;
464 
465 		default:
466 			plog(LLV_INFO, LOCATION, NULL,
467 			    "caught signal %d\n", sig);
468 			break;
469 		}
470 	}
471 }
472 
473 /*
474  * waiting the termination of processing until sending DELETE message
475  * for all inbound SA will complete.
476  */
477 static void
check_flushsa_stub(p)478 check_flushsa_stub(p)
479 	void *p;
480 {
481 
482 	check_flushsa();
483 }
484 
485 static void
check_flushsa()486 check_flushsa()
487 {
488 	vchar_t *buf;
489 	struct sadb_msg *msg, *end, *next;
490 	struct sadb_sa *sa;
491 	caddr_t mhp[SADB_EXT_MAX + 1];
492 	int n;
493 
494 	buf = pfkey_dump_sadb(SADB_SATYPE_UNSPEC);
495 	if (buf == NULL) {
496 		plog(LLV_DEBUG, LOCATION, NULL,
497 		    "pfkey_dump_sadb: returned nothing.\n");
498 		return;
499 	}
500 
501 	msg = (struct sadb_msg *)buf->v;
502 	end = (struct sadb_msg *)(buf->v + buf->l);
503 
504 	/* counting SA except of dead one. */
505 	n = 0;
506 	while (msg < end) {
507 		if (PFKEY_UNUNIT64(msg->sadb_msg_len) < sizeof(*msg))
508 			break;
509 		next = (struct sadb_msg *)((caddr_t)msg + PFKEY_UNUNIT64(msg->sadb_msg_len));
510 		if (msg->sadb_msg_type != SADB_DUMP) {
511 			msg = next;
512 			continue;
513 		}
514 
515 		if (pfkey_align(msg, mhp) || pfkey_check(mhp)) {
516 			plog(LLV_ERROR, LOCATION, NULL,
517 				"pfkey_check (%s)\n", ipsec_strerror());
518 			msg = next;
519 			continue;
520 		}
521 
522 		sa = (struct sadb_sa *)(mhp[SADB_EXT_SA]);
523 		if (!sa) {
524 			msg = next;
525 			continue;
526 		}
527 
528 		if (sa->sadb_sa_state != SADB_SASTATE_DEAD) {
529 			n++;
530 			msg = next;
531 			continue;
532 		}
533 
534 		msg = next;
535 	}
536 
537 	if (buf != NULL)
538 		vfree(buf);
539 
540 	if (n) {
541 		sched_new(1, check_flushsa_stub, NULL);
542 		return;
543 	}
544 
545 	close_session();
546 }
547 
548 static void
init_signal()549 init_signal()
550 {
551 	int i;
552 
553 	for (i = 0; signals[i] != 0; i++)
554 		if (set_signal(signals[i], signal_handler) < 0) {
555 			plog(LLV_ERROR, LOCATION, NULL,
556 				"failed to set_signal (%s)\n",
557 				strerror(errno));
558 			exit(1);
559 		}
560 }
561 
562 static int
set_signal(sig,func)563 set_signal(sig, func)
564 	int sig;
565 	RETSIGTYPE (*func) __P((int));
566 {
567 	struct sigaction sa;
568 
569 	memset((caddr_t)&sa, 0, sizeof(sa));
570 	sa.sa_handler = func;
571 	sa.sa_flags = SA_RESTART;
572 
573 	if (sigemptyset(&sa.sa_mask) < 0)
574 		return -1;
575 
576 	if (sigaction(sig, &sa, (struct sigaction *)0) < 0)
577 		return(-1);
578 
579 	return 0;
580 }
581 
582 static int
close_sockets()583 close_sockets()
584 {
585 	isakmp_close();
586 	pfkey_close(lcconf->sock_pfkey);
587 #ifdef ENABLE_ADMINPORT
588 	(void)admin_close();
589 #endif
590 	return 0;
591 }
592 
593