src/checksum/checksum_builder.c

   1 /*
   2  * Copyright (C) 2009 Martin Willi
   3  * Hochschule fuer Technik Rapperswil, Switzerland
   4  *
   5  * This program is free software; you can redistribute it and/or modify it
   6  * under the terms of the GNU General Public License as published by the
   7  * Free Software Foundation; either version 2 of the License, or (at your
   8  * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
   9  *
  10  * This program is distributed in the hope that it will be useful, but
  11  * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
  12  * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  13  * for more details.
  14  */
  15
  16 #define _GNU_SOURCE
  17 #include <stdlib.h>
  18 #include <stdio.h>
  19 #include <dlfcn.h>
  20
  21 #include <library.h>
  22 #include <hydra.h>
  23 #include <daemon.h>
  24 #include <utils/enumerator.h>
  25
  26 /* we need to fake the pluto symbol to dlopen() the xauth plugin */
  27 void *pluto;
  28
  29 /**
  30  * Integrity checker
  31  */
  32 integrity_checker_t *integrity;
  33
  34 /**
  35  * Create the checksum of a binary, using name and a symbol name
  36  */
  37 static void build_checksum(char *path, char *name, char *sname)
  38 {
  39         void *handle, *symbol;
  40         u_int32_t fsum, ssum;
  41         size_t fsize = 0;
  42         size_t ssize = 0;
  43
  44         fsum = integrity->build_file(integrity, path, &fsize);
  45         ssum = 0;
  46         if (sname)
  47         {
  48                 handle = dlopen(path, RTLD_LAZY);
  49                 if (handle)
  50                 {
  51                         symbol = dlsym(handle, sname);
  52                         if (symbol)
  53                         {
  54                                 ssum = integrity->build_segment(integrity, symbol, &ssize);
  55                         }
  56                         else
  57                         {
  58                                 fprintf(stderr, "symbol lookup failed: %s\n", dlerror());
  59                         }
  60                         dlclose(handle);
  61                 }
  62                 else
  63                 {
  64                         fprintf(stderr, "dlopen failed: %s\n", dlerror());
  65                 }
  66         }
  67         printf("\t{\"%-20s%7u, 0x%08x, %6u, 0x%08x},\n",
  68                    name, fsize, fsum, ssize, ssum);
  69         fprintf(stderr, "\"%-20s%7u / 0x%08x       %6u / 0x%08x\n",
  70                         name, fsize, fsum, ssize, ssum);
  71 }
  72
  73 /**
  74  * Build checksums for a set of plugins in a given path prefix
  75  */
  76 static void build_plugin_checksums(char *plugins, char *prefix)
  77 {
  78         enumerator_t *enumerator;
  79         char *plugin, path[256], under[128], sname[128], name[128];
  80
  81         enumerator = enumerator_create_token(plugins, " ", " ");
  82         while (enumerator->enumerate(enumerator, &plugin))
  83         {
  84                 snprintf(under, sizeof(under), "%s", plugin);
  85                 translate(under, "-", "_");
  86                 snprintf(path, sizeof(path), "%s/%s/.libs/libstrongswan-%s.so",
  87                                  prefix, under, plugin);
  88                 snprintf(sname, sizeof(sname), "%s_plugin_create", under);
  89                 snprintf(name, sizeof(name), "%s\",", plugin);
  90                 build_checksum(path, name, sname);
  91         }
  92         enumerator->destroy(enumerator);
  93 }
  94
  95 /**
  96  * Build checksums for a binary/library found at path
  97  */
  98 static void build_binary_checksum(char *path)
  99 {
 100         char *binary, *pos, name[128], sname[128];
 101
 102         binary = strrchr(path, '/');
 103         if (binary)
 104         {
 105                 binary++;
 106                 pos = strrchr(binary, '.');
 107                 if (pos && streq(pos, ".so"))
 108                 {
 109                         snprintf(name, sizeof(name), "%.*s\",", pos - binary, binary);
 110                         if (streq(name, "libstrongswan\","))
 111                         {
 112                                 snprintf(sname, sizeof(sname), "%s", "library_init");
 113                         }
 114                         else
 115                         {
 116                                 snprintf(sname, sizeof(sname), "%.*s_init", pos - binary, binary);
 117                         }
 118                         build_checksum(path, name, sname);
 119                 }
 120                 else
 121                 {
 122                         snprintf(name, sizeof(name), "%s\",", binary);
 123                         build_checksum(path, name, NULL);
 124                 }
 125         }
 126 }
 127
 128 int main(int argc, char* argv[])
 129 {
 130         int i;
 131
 132         /* forces link against libhydra/libcharon */
 133         hydra = NULL;
 134         charon = NULL;
 135
 136         /* avoid confusing leak reports in build process */
 137         setenv("LEAK_DETECTIVE_DISABLE", "1", 0);
 138         /* don't use a strongswan.conf, forces integrity check to disabled */
 139         library_init("");
 140         atexit(library_deinit);
 141
 142         integrity = integrity_checker_create(NULL);
 143
 144         printf("/**\n");
 145         printf(" * checksums of files and loaded code segments.\n");
 146         printf(" * created by %s\n", argv[0]);
 147         printf(" */\n");
 148         printf("\n");
 149         printf("#include <library.h>\n");
 150         printf("\n");
 151         printf("integrity_checksum_t checksums[] = {\n");
 152         fprintf(stderr, "integrity test data:\n");
 153         fprintf(stderr, "module name,       file size / checksum   segment size / checksum\n");
 154         for (i = 1; i < argc; i++)
 155         {
 156                 build_binary_checksum(argv[i]);
 157         }
 158 #ifdef S_PLUGINS
 159         build_plugin_checksums(S_PLUGINS, S_PATH);
 160 #endif
 161 #ifdef H_PLUGINS
 162         build_plugin_checksums(H_PLUGINS, H_PATH);
 163 #endif
 164 #ifdef P_PLUGINS
 165         build_plugin_checksums(P_PLUGINS, P_PATH);
 166 #endif
 167 #ifdef C_PLUGINS
 168         build_plugin_checksums(C_PLUGINS, C_PATH);
 169 #endif
 170
 171         printf("};\n");
 172         printf("\n");
 173         printf("int checksum_count = countof(checksums);\n");
 174         printf("\n");
 175         integrity->destroy(integrity);
 176
 177         exit(0);
 178 }
 179