Annotation of embedaddon/strongswan/src/conftest/conftest.c, revision 1.1.1.1
1.1 misho 1: /*
2: * Copyright (C) 2010 Martin Willi
3: * Copyright (C) 2010 revosec AG
4: *
5: * This program is free software; you can redistribute it and/or modify it
6: * under the terms of the GNU General Public License as published by the
7: * Free Software Foundation; either version 2 of the License, or (at your
8: * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9: *
10: * This program is distributed in the hope that it will be useful, but
11: * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12: * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13: * for more details.
14: */
15:
16: #define _GNU_SOURCE
17: #include <unistd.h>
18: #include <stdio.h>
19: #include <errno.h>
20: #include <signal.h>
21: #include <getopt.h>
22: #include <dlfcn.h>
23: #include <libgen.h>
24:
25: #include "conftest.h"
26: #include "config.h"
27: #include "hooks/hook.h"
28:
29: #include <bus/listeners/file_logger.h>
30: #include <threading/thread.h>
31: #include <credentials/certificates/x509.h>
32:
33: /**
34: * Conftest globals struct
35: */
36: conftest_t *conftest;
37:
38: /**
39: * Print usage information
40: */
41: static void usage(FILE *out)
42: {
43: fprintf(out, "Usage:\n");
44: fprintf(out, " --help show usage information\n");
45: fprintf(out, " --version show conftest version\n");
46: fprintf(out, " --suite <file> global testsuite configuration "
47: "(default: ./suite.conf)\n");
48: fprintf(out, " --test <file> test specific configuration\n");
49: }
50:
51: /**
52: * Handle SIGSEGV/SIGILL signals raised by threads
53: */
54: static void segv_handler(int signal)
55: {
56: fprintf(stderr, "thread %u received %d\n", thread_current_id(), signal);
57: abort();
58: }
59:
60: /**
61: * Load suite and test specific configurations
62: */
63: static bool load_configs(char *suite_file, char *test_file)
64: {
65: if (!test_file)
66: {
67: fprintf(stderr, "Missing test configuration file.\n");
68: return FALSE;
69: }
70: if (access(suite_file, R_OK) != 0)
71: {
72: fprintf(stderr, "Reading suite configuration file '%s' failed: %s.\n",
73: suite_file, strerror(errno));
74: return FALSE;
75: }
76: if (access(test_file, R_OK) != 0)
77: {
78: fprintf(stderr, "Reading test configuration file '%s' failed: %s.\n",
79: test_file, strerror(errno));
80: return FALSE;
81: }
82: conftest->test = settings_create(suite_file);
83: conftest->test->load_files(conftest->test, test_file, TRUE);
84: conftest->suite_dir = path_dirname(suite_file);
85: return TRUE;
86: }
87:
88: /**
89: * Load trusted/untrusted certificates
90: */
91: static bool load_cert(settings_t *settings, bool trusted)
92: {
93: enumerator_t *enumerator;
94: char *key, *value;
95:
96: enumerator = settings->create_key_value_enumerator(settings,
97: trusted ? "certs.trusted" : "certs.untrusted");
98: while (enumerator->enumerate(enumerator, &key, &value))
99: {
100: certificate_t *cert = NULL;
101:
102: if (strncaseeq(key, "x509", strlen("x509")))
103: {
104: cert = lib->creds->create(lib->creds, CRED_CERTIFICATE,
105: CERT_X509, BUILD_FROM_FILE, value, BUILD_END);
106: }
107: else if (strncaseeq(key, "crl", strlen("crl")))
108: {
109: cert = lib->creds->create(lib->creds, CRED_CERTIFICATE,
110: CERT_X509_CRL, BUILD_FROM_FILE, value, BUILD_END);
111: }
112: else
113: {
114: fprintf(stderr, "certificate type '%s' not supported\n", key);
115: enumerator->destroy(enumerator);
116: return FALSE;
117: }
118: if (!cert)
119: {
120: fprintf(stderr, "loading %strusted certificate '%s' from '%s' "
121: "failed\n", trusted ? "" : "un", key, value);
122: enumerator->destroy(enumerator);
123: return FALSE;
124: }
125: conftest->creds->add_cert(conftest->creds, trusted, cert);
126: }
127: enumerator->destroy(enumerator);
128: return TRUE;
129: }
130:
131: /**
132: * Load certificates from the configuration file
133: */
134: static bool load_certs(settings_t *settings, char *dir)
135: {
136: char wd[PATH_MAX];
137:
138: if (getcwd(wd, sizeof(wd)) == NULL)
139: {
140: fprintf(stderr, "getting cwd failed: %s\n", strerror(errno));
141: return FALSE;
142: }
143: if (chdir(dir) != 0)
144: {
145: fprintf(stderr, "opening directory '%s' failed: %s\n",
146: dir, strerror(errno));
147: return FALSE;
148: }
149:
150: if (!load_cert(settings, TRUE) ||
151: !load_cert(settings, FALSE))
152: {
153: return FALSE;
154: }
155:
156: if (chdir(wd) != 0)
157: {
158: fprintf(stderr, "opening directory '%s' failed: %s\n",
159: wd, strerror(errno));
160: return FALSE;
161: }
162: return TRUE;
163: }
164:
165: /**
166: * Load private keys from the configuration file
167: */
168: static bool load_keys(settings_t *settings, char *dir)
169: {
170: enumerator_t *enumerator;
171: char *type, *value, wd[PATH_MAX];
172: private_key_t *key;
173: key_type_t key_type;
174:
175: if (getcwd(wd, sizeof(wd)) == NULL)
176: {
177: fprintf(stderr, "getting cwd failed: %s\n", strerror(errno));
178: return FALSE;
179: }
180: if (chdir(dir) != 0)
181: {
182: fprintf(stderr, "opening directory '%s' failed: %s\n",
183: dir, strerror(errno));
184: return FALSE;
185: }
186:
187: enumerator = settings->create_key_value_enumerator(settings, "keys");
188: while (enumerator->enumerate(enumerator, &type, &value))
189: {
190: if (strncaseeq(type, "ecdsa", strlen("ecdsa")))
191: {
192: key_type = KEY_ECDSA;
193: }
194: else if (strncaseeq(type, "rsa", strlen("rsa")))
195: {
196: key_type = KEY_RSA;
197: }
198: else
199: {
200: fprintf(stderr, "unknown key type: '%s'\n", type);
201: enumerator->destroy(enumerator);
202: return FALSE;
203: }
204: key = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, key_type,
205: BUILD_FROM_FILE, value, BUILD_END);
206: if (!key)
207: {
208: fprintf(stderr, "loading %s key from '%s' failed\n", type, value);
209: enumerator->destroy(enumerator);
210: return FALSE;
211: }
212: conftest->creds->add_key(conftest->creds, key);
213: }
214: enumerator->destroy(enumerator);
215:
216: if (chdir(wd) != 0)
217: {
218: fprintf(stderr, "opening directory '%s' failed: %s\n",
219: wd, strerror(errno));
220: return FALSE;
221: }
222: return TRUE;
223: }
224:
225: /**
226: * Load certificate distribution points
227: */
228: static void load_cdps(settings_t *settings)
229: {
230: enumerator_t *enumerator;
231: identification_t *id;
232: char *ca, *uri, *section;
233: certificate_type_t type;
234: x509_t *x509;
235:
236: enumerator = settings->create_section_enumerator(settings, "cdps");
237: while (enumerator->enumerate(enumerator, §ion))
238: {
239: if (strncaseeq(section, "crl", strlen("crl")))
240: {
241: type = CERT_X509_CRL;
242: }
243: else if (strncaseeq(section, "ocsp", strlen("ocsp")))
244: {
245: type = CERT_X509_OCSP_RESPONSE;
246: }
247: else
248: {
249: fprintf(stderr, "unknown cdp type '%s', ignored\n", section);
250: continue;
251: }
252:
253: uri = settings->get_str(settings, "cdps.%s.uri", NULL, section);
254: ca = settings->get_str(settings, "cdps.%s.ca", NULL, section);
255: if (!ca || !uri)
256: {
257: fprintf(stderr, "cdp '%s' misses ca/uri, ignored\n", section);
258: continue;
259: }
260: x509 = lib->creds->create(lib->creds, CRED_CERTIFICATE,
261: CERT_X509, BUILD_FROM_FILE, ca, BUILD_END);
262: if (!x509)
263: {
264: fprintf(stderr, "loading cdp '%s' ca failed, ignored\n", section);
265: continue;
266: }
267: id = identification_create_from_encoding(ID_KEY_ID,
268: x509->get_subjectKeyIdentifier(x509));
269: conftest->creds->add_cdp(conftest->creds, type, id, uri);
270: DESTROY_IF((certificate_t*)x509);
271: id->destroy(id);
272: }
273: enumerator->destroy(enumerator);
274: }
275:
276: /**
277: * Load configured hooks
278: */
279: static bool load_hooks()
280: {
281: enumerator_t *enumerator;
282: char *name, *pos, buf[64];
283: hook_t *(*create)(char*);
284: hook_t *hook;
285:
286: enumerator = conftest->test->create_section_enumerator(conftest->test,
287: "hooks");
288: while (enumerator->enumerate(enumerator, &name))
289: {
290: pos = strchr(name, '-');
291: if (pos)
292: {
293: snprintf(buf, sizeof(buf), "%.*s_hook_create", (int)(pos - name),
294: name);
295: }
296: else
297: {
298: snprintf(buf, sizeof(buf), "%s_hook_create", name);
299: }
300: create = dlsym(RTLD_DEFAULT, buf);
301: if (create)
302: {
303: hook = create(name);
304: if (hook)
305: {
306: conftest->hooks->insert_last(conftest->hooks, hook);
307: charon->bus->add_listener(charon->bus, &hook->listener);
308: }
309: }
310: else
311: {
312: fprintf(stderr, "dlsym() for hook '%s' failed: %s\n", name, dlerror());
313: enumerator->destroy(enumerator);
314: return FALSE;
315: }
316: }
317: enumerator->destroy(enumerator);
318: return TRUE;
319: }
320:
321: /**
322: * atexit() cleanup handler
323: */
324: static void cleanup()
325: {
326: file_logger_t *logger;
327: hook_t *hook;
328:
329: DESTROY_IF(conftest->test);
330: lib->credmgr->remove_set(lib->credmgr, &conftest->creds->set);
331: conftest->creds->destroy(conftest->creds);
332: DESTROY_IF(conftest->actions);
333: while (conftest->hooks->remove_last(conftest->hooks,
334: (void**)&hook) == SUCCESS)
335: {
336: charon->bus->remove_listener(charon->bus, &hook->listener);
337: hook->destroy(hook);
338: }
339: conftest->hooks->destroy(conftest->hooks);
340: if (conftest->config)
341: {
342: if (charon->backends)
343: {
344: charon->backends->remove_backend(charon->backends,
345: &conftest->config->backend);
346: }
347: conftest->config->destroy(conftest->config);
348: }
349: while (conftest->loggers->remove_last(conftest->loggers,
350: (void**)&logger) == SUCCESS)
351: {
352: charon->bus->remove_logger(charon->bus, &logger->logger);
353: logger->destroy(logger);
354: }
355: conftest->loggers->destroy(conftest->loggers);
356: free(conftest->suite_dir);
357: free(conftest);
358: libcharon_deinit();
359: library_deinit();
360: }
361:
362: /**
363: * Load log levels for a logger from section
364: */
365: static void load_log_levels(file_logger_t *logger, char *section)
366: {
367: debug_t group;
368: level_t def;
369:
370: def = conftest->test->get_int(conftest->test, "log.%s.default", 1, section);
371: for (group = 0; group < DBG_MAX; group++)
372: {
373: logger->set_level(logger, group,
374: conftest->test->get_int(conftest->test, "log.%s.%N", def,
375: section, debug_lower_names, group));
376: }
377: }
378:
379: /**
380: * Load logger options for a logger from section
381: */
382: static void load_logger_options(file_logger_t *logger, char *section)
383: {
384: char *time_format;
385: bool add_ms, ike_name;
386:
387: time_format = conftest->test->get_str(conftest->test,
388: "log.%s.time_format", NULL, section);
389: add_ms = conftest->test->get_bool(conftest->test,
390: "log.%s.time_add_ms", FALSE, section);
391: ike_name = conftest->test->get_bool(conftest->test,
392: "log.%s.ike_name", FALSE, section);
393:
394: logger->set_options(logger, time_format, add_ms, ike_name);
395: }
396:
397: /**
398: * Load logger configuration
399: */
400: static void load_loggers(file_logger_t *logger)
401: {
402: enumerator_t *enumerator;
403: char *section;
404:
405: load_log_levels(logger, "stdout");
406: load_logger_options(logger, "stdout");
407: /* Re-add the logger to propagate configuration changes to the
408: * logging system */
409: charon->bus->add_logger(charon->bus, &logger->logger);
410:
411: enumerator = conftest->test->create_section_enumerator(conftest->test, "log");
412: while (enumerator->enumerate(enumerator, §ion))
413: {
414: if (!streq(section, "stdout"))
415: {
416: logger = file_logger_create(section);
417: load_logger_options(logger, section);
418: logger->open(logger, FALSE, FALSE);
419: load_log_levels(logger, section);
420: charon->bus->add_logger(charon->bus, &logger->logger);
421: conftest->loggers->insert_last(conftest->loggers, logger);
422: }
423: }
424: enumerator->destroy(enumerator);
425: }
426:
427: /**
428: * Main function, starts the conftest daemon.
429: */
430: int main(int argc, char *argv[])
431: {
432: struct sigaction action;
433: int status = 0;
434: sigset_t set;
435: int sig;
436: char *suite_file = "suite.conf", *test_file = NULL, *preload, *plugins;
437: file_logger_t *logger;
438:
439: if (!library_init(NULL, "conftest"))
440: {
441: library_deinit();
442: return SS_RC_LIBSTRONGSWAN_INTEGRITY;
443: }
444: if (!libcharon_init())
445: {
446: libcharon_deinit();
447: library_deinit();
448: return SS_RC_INITIALIZATION_FAILED;
449: }
450:
451: INIT(conftest,
452: .creds = mem_cred_create(),
453: .config = config_create(),
454: .hooks = linked_list_create(),
455: .loggers = linked_list_create(),
456: );
457: lib->credmgr->add_set(lib->credmgr, &conftest->creds->set);
458:
459: logger = file_logger_create("stdout");
460: logger->set_options(logger, NULL, FALSE, FALSE);
461: logger->open(logger, FALSE, FALSE);
462: logger->set_level(logger, DBG_ANY, LEVEL_CTRL);
463: charon->bus->add_logger(charon->bus, &logger->logger);
464: conftest->loggers->insert_last(conftest->loggers, logger);
465:
466: atexit(cleanup);
467:
468: while (TRUE)
469: {
470: struct option long_opts[] = {
471: { "help", no_argument, NULL, 'h' },
472: { "version", no_argument, NULL, 'v' },
473: { "suite", required_argument, NULL, 's' },
474: { "test", required_argument, NULL, 't' },
475: { 0,0,0,0 }
476: };
477: switch (getopt_long(argc, argv, "", long_opts, NULL))
478: {
479: case EOF:
480: break;
481: case 'h':
482: usage(stdout);
483: return 0;
484: case 'v':
485: printf("strongSwan %s conftest\n", VERSION);
486: return 0;
487: case 's':
488: suite_file = optarg;
489: continue;
490: case 't':
491: test_file = optarg;
492: continue;
493: default:
494: usage(stderr);
495: return 1;
496: }
497: break;
498: }
499:
500: if (!load_configs(suite_file, test_file))
501: {
502: return 1;
503: }
504: load_loggers(logger);
505:
506: preload = conftest->test->get_str(conftest->test, "preload", "");
507: if (asprintf(&plugins, "%s %s", preload, PLUGINS) < 0)
508: {
509: return 1;
510: }
511: if (!charon->initialize(charon, plugins))
512: {
513: free(plugins);
514: return 1;
515: }
516: lib->plugins->status(lib->plugins, LEVEL_CTRL);
517: free(plugins);
518:
519: if (!load_certs(conftest->test, conftest->suite_dir))
520: {
521: return 1;
522: }
523: if (!load_keys(conftest->test, conftest->suite_dir))
524: {
525: return 1;
526: }
527: load_cdps(conftest->test);
528: if (!load_hooks())
529: {
530: return 1;
531: }
532: charon->backends->add_backend(charon->backends, &conftest->config->backend);
533: conftest->config->load(conftest->config, conftest->test);
534: conftest->actions = actions_create();
535:
536: /* set up thread specific handlers */
537: action.sa_handler = segv_handler;
538: action.sa_flags = 0;
539: sigemptyset(&action.sa_mask);
540: sigaddset(&action.sa_mask, SIGINT);
541: sigaddset(&action.sa_mask, SIGTERM);
542: sigaddset(&action.sa_mask, SIGHUP);
543: sigaction(SIGSEGV, &action, NULL);
544: sigaction(SIGILL, &action, NULL);
545: sigaction(SIGBUS, &action, NULL);
546: action.sa_handler = SIG_IGN;
547: sigaction(SIGPIPE, &action, NULL);
548: pthread_sigmask(SIG_SETMASK, &action.sa_mask, NULL);
549:
550: /* start thread pool */
551: charon->start(charon);
552:
553: /* handle SIGINT/SIGTERM in main thread */
554: sigemptyset(&set);
555: sigaddset(&set, SIGINT);
556: sigaddset(&set, SIGHUP);
557: sigaddset(&set, SIGTERM);
558: sigprocmask(SIG_BLOCK, &set, NULL);
559:
560: while ((sig = sigwaitinfo(&set, NULL)) != -1 || errno == EINTR)
561: {
562: switch (sig)
563: {
564: case SIGINT:
565: case SIGTERM:
566: fprintf(stderr, "\nshutting down...\n");
567: break;
568: default:
569: continue;
570: }
571: break;
572: }
573: return status;
574: }
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>