/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License (the "License").
* You may not use this file except in compliance with the License.
*
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
* or http://www.opensolaris.org/os/licensing.
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information: Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*/
/*
* Copyright 2009 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
/*
* sckmd - Starcat Key Management Daemon
*
* The sckmd is a daemon that runs on a domain and is responsible for
* establishing security associations (SAs) for secure communication
* with the System Controller (SC). All SAs are created on the SC
* and propogated to the sckmd through the sckm driver running on
* the domain. The sckmd then passes the SA to the key engine via the
* PF_KEY interface.
*/
#include <stdlib.h>
#include <stdio.h>
#include <stdarg.h>
#include <unistd.h>
#include <fcntl.h>
#include <string.h>
#include <errno.h>
#include <syslog.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <sys/times.h>
#include <sys/fcntl.h>
#include <sys/socket.h>
#include <net/pfkeyv2.h>
#include <netinet/in.h>
#include <ipsec_util.h>
#include <sys/sckm_io.h>
#ifdef SCKMD_DEBUG
#define OPT_STR "ds"
#else /* SCKMD_DEBUG */
#define OPT_STR ""
#endif /* SCKMD_DEBUG */
#define KM_DEV "/dev/kmdrv"
#define SCKMD_MAX_MSG_SIZE 1024
#define SCKMD_ERR_MSG_SIZE 512
#define SCKMD_MSG_HDR_SIZE sizeof (struct sadb_msg)
#define SCKMD_CURR_PFKEY_VER PF_KEY_V2
#define SCKMD_PFKEY_TIMEOUT 3000 /* 3 seconds */
static pid_t mypid;
static int standalone;
static int debug;
static int keysock;
static uint32_t seq = 0;
static uint64_t msg_buf[SCKMD_MAX_MSG_SIZE];
static int process_sckm_req(int fd, sckm_ioctl_getreq_t *msg);
static int send_sckm_status(int fd, sckm_ioctl_status_t *msg);
static int get_pfkey_reply(uint32_t req_seq, uint8_t req_type, int *err);
static struct sadb_msg *read_pfkey_msg(void);
static int convert_pfkey_msg(struct sadb_msg *msg);
static void sckmd_log(int priority, char *fmt, ...);
/*
* main:
*
* Initialize sckmd and enter an infinite loop. The loop waits for
* sckm messages from the sckm driver and dispatches each message
* to be processed synchronously.
*/
int
main(int argc, char **argv)
{
int opt;
int fd;
sckm_ioctl_getreq_t msg;
/*
* Set defaults
*/
standalone = 0;
debug = 0;
mypid = getpid();
openlog("sckmd", LOG_CONS | LOG_NDELAY, LOG_DAEMON);
/*
* Check command line options
*/
opterr = 0; /* disable getopt error messages */
while ((opt = getopt(argc, argv, OPT_STR)) != EOF) {
switch (opt) {
case 'd':
debug++;
break;
case 's':
standalone++;
break;
default:
sckmd_log(LOG_ERR, "unknown command line option\n");
exit(1);
}
}
sckmd_log(LOG_DEBUG, "starting sckmd...\n");
/*
* IPsec must get loaded in-kernel. The easiest way to do this is
* to open (then close) a PF_KEY socket.
*/
if ((keysock = socket(PF_KEY, SOCK_RAW, SCKMD_CURR_PFKEY_VER)) == -1) {
sckmd_log(LOG_DEBUG, "PF_KEY open for IPsec load failed: %s\n",
strerror(errno));
exit(1);
}
(void) close(keysock);
sckmd_log(LOG_ERR, "PF_KEY socket for IPsec load succeeded.\n");
/* must be root */
if (geteuid() != 0) {
sckmd_log(LOG_ERR, "must run as root\n");
exit(1);
}
if (standalone == 0) {
int i;
for (i = 0; i < NOFILE; i++) {
(void) close(i);
}
(void) chdir("/");
(void) umask(0);
if (fork() != 0) {
exit(0);
}
(void) setpgrp();
/* reinitialize syslog after closing all fds */
openlog("sckmd", LOG_CONS | LOG_NDELAY, LOG_DAEMON);
}
/* open driver */
if ((fd = open(KM_DEV, O_RDONLY)) == -1) {
sckmd_log(LOG_ERR, "error initializing km driver: %s\n",
strerror(errno));
exit(1);
}
/*
* Main processing loop
*/
for (;;) {
/* initialize the ioctl request */
(void) memset(&msg, 0, sizeof (sckm_ioctl_getreq_t));
msg.buf = (caddr_t)msg_buf;
(void) memset(&msg_buf, 0, SCKMD_MAX_MSG_SIZE);
msg.buf_len = SCKMD_MAX_MSG_SIZE;
/* wait for the next message */
if (ioctl(fd, SCKM_IOCTL_GETREQ, &msg) == -1) {
sckmd_log(LOG_ERR, "failed to receive sckm message: "
"%s\n", strerror(errno));
continue;
}
/* pass the message to pf_key */
if (process_sckm_req(fd, &msg) == -1) {
sckmd_log(LOG_DEBUG, "error processing sckm message\n");
continue;
}
}
/*NOTREACHED*/
return (0);
}
/*
* process_sckm_req:
*
* Process a sckm request message. If the message is valid, pass the
* included SADB message to PF_KEY and return status to the sckm driver.
* The function only fails if it is unable to return a status message
* to the driver.
*/
static int
process_sckm_req(int fd, sckm_ioctl_getreq_t *msg)
{
sckm_ioctl_status_t reply;
struct sadb_msg *pfkey_msg;
unsigned int msg_ver;
unsigned int msg_type;
unsigned int msg_len;
int err;
if (msg == NULL) {
sckmd_log(LOG_ERR, "invalid message\n");
return (-1);
}
/* initialize a reply message */
(void) memset(&reply, 0, sizeof (sckm_ioctl_status_t));
reply.transid = msg->transid;
/* currently, we only support sadb messages */
if (msg->type != SCKM_IOCTL_REQ_SADB) {
sckmd_log(LOG_ERR, "unsupported message type (%d)\n",
msg->type);
reply.status = SCKM_IOCTL_STAT_ERR_REQ;
return (send_sckm_status(fd, &reply));
}
/* check that we have at least the sadb header */
if (msg->buf_len < sizeof (struct sadb_msg)) {
sckmd_log(LOG_ERR, "incomplete sadb message received\n");
reply.status = SCKM_IOCTL_STAT_ERR_REQ;
return (send_sckm_status(fd, &reply));
}
/* LINTED Pointer Cast Alignment Warning */
pfkey_msg = (struct sadb_msg *)msg->buf;
msg_ver = pfkey_msg->sadb_msg_version;
msg_len = SADB_64TO8(pfkey_msg->sadb_msg_len);
msg_type = pfkey_msg->sadb_msg_type;
/* check for an unsupported PF_KEY version */
if ((msg_ver > SCKMD_CURR_PFKEY_VER) || (msg_ver < PF_KEY_V2)) {
sckmd_log(LOG_ERR, "unsupported PF_KEY version (%d)\n",
msg_ver);
reply.status = SCKM_IOCTL_STAT_ERR_VERSION;
reply.sadb_msg_version = SCKMD_CURR_PFKEY_VER;
return (send_sckm_status(fd, &reply));
}
/* convert the PF_KEY message if necessary */
if (msg_ver != SCKMD_CURR_PFKEY_VER) {
if (convert_pfkey_msg(pfkey_msg) == -1) {
reply.status = SCKM_IOCTL_STAT_ERR_VERSION;
reply.sadb_msg_version = SCKMD_CURR_PFKEY_VER;
return (send_sckm_status(fd, &reply));
}
}
/*
* Process the PF_KEY message
*/
pfkey_msg->sadb_msg_seq = ++seq;
pfkey_msg->sadb_msg_pid = mypid;
switch (msg_type) {
case SADB_UPDATE:
case SADB_ADD:
case SADB_DELETE:
/*
* Only update, add, and delete are supported. Pass the
* message directly to PF_KEY.
*/
break;
default:
sckmd_log(LOG_ERR, "received unsupported operation "
"from client (%d)\n", msg_type);
reply.status = SCKM_IOCTL_STAT_ERR_SADB_TYPE;
return (send_sckm_status(fd, &reply));
}
/* initialize global key socket */
if ((keysock = socket(PF_KEY, SOCK_RAW, SCKMD_CURR_PFKEY_VER)) == -1) {
sckmd_log(LOG_ERR, "error initializing PF_KEY socket: %s\n",
strerror(errno));
reply.status = SCKM_IOCTL_STAT_ERR_OTHER;
return (send_sckm_status(fd, &reply));
}
/* send the PF_KEY message */
if (write(keysock, pfkey_msg, msg_len) != msg_len) {
sckmd_log(LOG_ERR, "PF_KEY write failed\n");
reply.status = SCKM_IOCTL_STAT_ERR_OTHER;
close(keysock);
return (send_sckm_status(fd, &reply));
}
/* wait for key engine reply */
if (get_pfkey_reply(pfkey_msg->sadb_msg_seq, msg_type, &err) == -1) {
reply.status = err;
if (err == SCKM_IOCTL_STAT_ERR_PFKEY) {
reply.sadb_msg_errno = errno;
}
} else {
sckmd_log(LOG_DEBUG, "PF_KEY operation succeeded\n");
reply.status = SCKM_IOCTL_STAT_SUCCESS;
}
close(keysock);
return (send_sckm_status(fd, &reply));
}
/*
* send_sckm_status:
*
* Send a sckm status message to the sckm driver
*/
static int
send_sckm_status(int fd, sckm_ioctl_status_t *msg)
{
if (ioctl(fd, SCKM_IOCTL_STATUS, msg) == -1) {
sckmd_log(LOG_ERR, "error sending sckm status message: %s\n",
strerror(errno));
return (-1);
}
return (0);
}
/*
* get_pfkey_reply:
*
* Wait for a reply from PF_KEY. Get the reply from the socket using
* the global file desciptor 'keysock'. If PF_KEY returns an error,
* the global errno is set to the error returned in the reply message.
* If an error occurs, the parameter 'err' is set to one of the error
* codes prefixed by SCKM_IOCTL_STAT_ERR to indicate the overall status
* of the operation.
*/
static int
get_pfkey_reply(uint32_t req_seq, uint8_t req_type, int *err)
{
int timeout;
int pollstatus;
clock_t before;
clock_t after;
double diff;
struct tms unused;
struct pollfd pfd;
struct sadb_msg *msg;
static char *pfkey_msg_type[] = {
"RESERVED",
"GETSPI",
"UPDATE",
"ADD",
"DELETE",
"GET",
"ACQUIRE",
"REGISTER",
"EXPIRE",
"FLUSH",
"DUMP",
"X_PROMISC",
"X_INVERSE_ACQUIRE",
};
sckmd_log(LOG_DEBUG, "waiting for key engine reply\n");
timeout = SCKMD_PFKEY_TIMEOUT;
pfd.fd = keysock;
pfd.events = POLLIN;
while (timeout > 0) {
before = times(&unused);
pfd.revents = 0;
pollstatus = poll(&pfd, 1, timeout);
/* check for a timeout */
if (pollstatus == 0) {
sckmd_log(LOG_NOTICE, "timed out waiting for PF_KEY "
"reply\n");
*err = SCKM_IOCTL_STAT_ERR_TIMEOUT;
return (-1);
}
/* read in the next PF_KEY message */
msg = read_pfkey_msg();
if (msg == NULL) {
*err = SCKM_IOCTL_STAT_ERR_OTHER;
return (-1);
}
/* check if the message is intended for us */
if (msg->sadb_msg_seq == req_seq &&
msg->sadb_msg_pid == mypid) {
break;
}
after = times(&unused);
diff = (double)(after - before)/(double)CLK_TCK;
timeout -= (int)(diff * 1000);
}
/* check for a timeout */
if (timeout <= 0) {
sckmd_log(LOG_NOTICE, "timed out waiting for PF_KEY "
"reply\n");
*err = SCKM_IOCTL_STAT_ERR_TIMEOUT;
return (-1);
}
/* did we get what we were expecting? */
if (msg->sadb_msg_type != req_type) {
sckmd_log(LOG_ERR, "unexpected message type from PF_KEY: %d\n",
msg->sadb_msg_type);
*err = SCKM_IOCTL_STAT_ERR_OTHER;
return (-1);
}
/*
* Check for errors in SADB message, but ignore the
* ESRCH error for DELETE operation. This can happen if the SP
* sends a DELETE request first before sending the ADD
* request, just to make sure the keys are installed without a failure.
*/
if ((msg->sadb_msg_errno != 0) && !((msg->sadb_msg_errno == ESRCH) &&
(msg->sadb_msg_type == SADB_DELETE))) {
char unknown_type_str[16];
int unknown_type = 0;
int arr_sz;
const char *diagnostic_str;
arr_sz = sizeof (pfkey_msg_type) / sizeof (*pfkey_msg_type);
/* generate unknown type string, if necessary */
if (msg->sadb_msg_type >= arr_sz) {
(void) snprintf(unknown_type_str,
sizeof (unknown_type_str), "UNKNOWN-%d",
msg->sadb_msg_type);
unknown_type = 1;
}
/* use libipsecutil to lookup the SADB diagnostic string */
diagnostic_str = keysock_diag(msg->sadb_x_msg_diagnostic);
sckmd_log(LOG_ERR, "PF_KEY error: type=%s, errno=%d: %s, "
"diagnostic code=%d: %s\n",
(unknown_type) ? unknown_type_str :
pfkey_msg_type[msg->sadb_msg_type],
msg->sadb_msg_errno, strerror(msg->sadb_msg_errno),
msg->sadb_x_msg_diagnostic, diagnostic_str);
*err = SCKM_IOCTL_STAT_ERR_PFKEY;
errno = msg->sadb_msg_errno;
return (-1);
}
return (0);
}
/*
* read_pfkey_msg:
*
* Get a PF_KEY message from the socket using the global file descriptor
* 'keysock'. Data is stored in the global buffer 'msg_buf'. The function
* returns a pointer to the next PF_KEY message. Note that this is not
* necessarily at the start of 'msg_buf'. NULL is returned for errors.
*/
static struct sadb_msg *
read_pfkey_msg(void)
{
static uint64_t *offset;
static int len;
struct sadb_msg *retval;
/* Assume offset and len are initialized to NULL and 0 */
if ((offset == NULL) || (offset - len == msg_buf)) {
/* read a new block from the socket. */
len = read(keysock, &msg_buf, sizeof (msg_buf));
if (len == -1) {
sckmd_log(LOG_ERR, "PF_KEY read: %s\n",
strerror(errno));
offset = NULL;
return (NULL);
}
offset = msg_buf;
len = SADB_8TO64(len);
}
retval = (struct sadb_msg *)offset;
offset += retval->sadb_msg_len;
if (offset > msg_buf + len) {
sckmd_log(LOG_ERR, "PF_KEY read: message corruption, "
"message length %d exceeds boundary %d\n",
SADB_64TO8(retval->sadb_msg_len),
SADB_64TO8((msg_buf + len) - (uint64_t *)retval));
offset = NULL;
return (NULL);
}
return (retval);
}
/*
* convert_pfkey_msg:
*
* Convert a lower version PF_KEY message to the current version
* being used by sckmd.
*
* Currently, there is only one implemented version of PF_KEY (v2).
* If future versions are added to the PF_KEY specification (RFC 2367),
* this function should be updated to provide backwards compatibility
* with version 2 and above.
*/
static int
convert_pfkey_msg(struct sadb_msg *msg)
{
sckmd_log(LOG_DEBUG, "PF_KEY conversion necessary...\n");
switch (msg->sadb_msg_version) {
case PF_KEY_V2:
/*
* Current supported version:
* No conversion required
*/
break;
default:
sckmd_log(LOG_ERR, "No conversion possible for "
"PF_KEY version %d\n", msg->sadb_msg_version);
return (-1);
}
return (0);
}
/*
* sckmd_log:
*
* Log a message using the syslog facility. If sckmd is running in
* standalone mode (global flag 'standalone' set), messages are also
* sent to stderr.
*/
static void
sckmd_log(int priority, char *fmt, ...)
{
va_list vap;
char err[SCKMD_ERR_MSG_SIZE];
/* if this is a debug message, check if debugging is enabled */
if ((priority == LOG_DEBUG) && (debug == 0)) {
return;
}
va_start(vap, fmt);
vsnprintf(err, SCKMD_ERR_MSG_SIZE, fmt, vap);
va_end(vap);
/* send message to stderr if in standalone mode */
if (standalone != 0) {
fprintf(stderr, err);
}
/* always log the message */
syslog(priority, err);
}