src/checksum/checksum_builder.c

   1 /*
   2  * Copyright (C) 2009 Martin Willi
   3  * Hochschule fuer Technik Rapperswil, Switzerland
   4  *
   5  * This program is free software; you can redistribute it and/or modify it
   6  * under the terms of the GNU General Public License as published by the
   7  * Free Software Foundation; either version 2 of the License, or (at your
   8  * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
   9  *
  10  * This program is distributed in the hope that it will be useful, but
  11  * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
  12  * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  13  * for more details.
  14  */
  15
  16 #define _GNU_SOURCE
  17 #include <stdlib.h>
  18 #include <stdio.h>
  19 #include <dlfcn.h>
  20
  21 #include <library.h>
  22 #include <hydra.h>
  23 #include <daemon.h>
  24 #include <utils/enumerator.h>
  25
  26 /* we need to fake the pluto symbol to dlopen() the xauth plugin */
  27 void *pluto;
  28
  29 /**
  30  * Integrity checker
  31  */
  32 integrity_checker_t *integrity;
  33
  34 /**
  35  * Create the checksum of a binary, using name and a symbol name
  36  */
  37 static void build_checksum(char *path, char *name, char *sname)
  38 {
  39         void *handle, *symbol;
  40         u_int32_t fsum, ssum;
  41         size_t fsize = 0;
  42         size_t ssize = 0;
  43
  44         fsum = integrity->build_file(integrity, path, &fsize);
  45         ssum = 0;
  46         if (sname)
  47         {
  48                 handle = dlopen(path, RTLD_LAZY);
  49                 if (handle)
  50                 {
  51                         symbol = dlsym(handle, sname);
  52                         if (symbol)
  53                         {
  54                                 ssum = integrity->build_segment(integrity, symbol, &ssize);
  55                         }
  56                         else
  57                         {
  58                                 fprintf(stderr, "symbol lookup failed: %s\n", dlerror());
  59                         }
  60                         dlclose(handle);
  61                 }
  62                 else
  63                 {
  64                         fprintf(stderr, "dlopen failed: %s\n", dlerror());
  65                 }
  66         }
  67         printf("\t{\"%-25s%7u, 0x%08x, %6u, 0x%08x},\n",
  68                    name, fsize, fsum, ssize, ssum);
  69         fprintf(stderr, "\"%-25s%7u / 0x%08x       %6u / 0x%08x\n",
  70                         name, fsize, fsum, ssize, ssum);
  71 }
  72
  73 /**
  74  * Build checksums for a set of plugins
  75  */
  76 static void build_plugin_checksums(char *plugins)
  77 {
  78         enumerator_t *enumerator;
  79         char *plugin, path[256], under[128], sname[128], name[128];
  80
  81         enumerator = enumerator_create_token(plugins, " ", " ");
  82         while (enumerator->enumerate(enumerator, &plugin))
  83         {
  84                 snprintf(under, sizeof(under), "%s", plugin);
  85                 translate(under, "-", "_");
  86                 snprintf(path, sizeof(path), "%s/libstrongswan-%s.so",
  87                                  PLUGINDIR, plugin);
  88                 snprintf(sname, sizeof(sname), "%s_plugin_create", under);
  89                 snprintf(name, sizeof(name), "%s\",", plugin);
  90                 build_checksum(path, name, sname);
  91         }
  92         enumerator->destroy(enumerator);
  93 }
  94
  95 /**
  96  * Build checksums for a binary/library found at path
  97  */
  98 static void build_binary_checksum(char *path)
  99 {
 100         char *binary, *pos, name[128], sname[128];
 101
 102         binary = strrchr(path, '/');
 103         if (binary)
 104         {
 105                 binary++;
 106                 pos = strrchr(binary, '.');
 107                 if (pos && streq(pos, ".so"))
 108                 {
 109                         snprintf(name, sizeof(name), "%.*s\",", (int)(pos - binary),
 110                                          binary);
 111                         if (streq(name, "libstrongswan\","))
 112                         {
 113                                 snprintf(sname, sizeof(sname), "%s", "library_init");
 114                         }
 115                         else
 116                         {
 117                                 snprintf(sname, sizeof(sname), "%.*s_init", (int)(pos - binary),
 118                                                  binary);
 119                         }
 120                         build_checksum(path, name, sname);
 121                 }
 122                 else
 123                 {
 124                         snprintf(name, sizeof(name), "%s\",", binary);
 125                         build_checksum(path, name, NULL);
 126                 }
 127         }
 128 }
 129
 130 int main(int argc, char* argv[])
 131 {
 132         int i;
 133
 134         /* forces link against libhydra/libcharon, imports symbols needed to
 135          * dlopen plugins */
 136         hydra = NULL;
 137         charon = NULL;
 138
 139         /* avoid confusing leak reports in build process */
 140         setenv("LEAK_DETECTIVE_DISABLE", "1", 0);
 141         /* don't use a strongswan.conf, forces integrity check to disabled */
 142         library_init("");
 143         atexit(library_deinit);
 144
 145         integrity = integrity_checker_create(NULL);
 146
 147         printf("/**\n");
 148         printf(" * checksums of files and loaded code segments.\n");
 149         printf(" * created by %s\n", argv[0]);
 150         printf(" */\n");
 151         printf("\n");
 152         printf("#include <library.h>\n");
 153         printf("\n");
 154         printf("integrity_checksum_t checksums[] = {\n");
 155         fprintf(stderr, "integrity test data:\n");
 156         fprintf(stderr, "module name,            file size / checksum   "
 157                                         "segment size / checksum\n");
 158         for (i = 1; i < argc; i++)
 159         {
 160                 build_binary_checksum(argv[i]);
 161         }
 162 #ifdef S_PLUGINS
 163         build_plugin_checksums(S_PLUGINS);
 164 #endif
 165 #ifdef H_PLUGINS
 166         build_plugin_checksums(H_PLUGINS);
 167 #endif
 168 #ifdef P_PLUGINS
 169         build_plugin_checksums(P_PLUGINS);
 170 #endif
 171 #ifdef C_PLUGINS
 172         build_plugin_checksums(C_PLUGINS);
 173 #endif
 174
 175         printf("};\n");
 176         printf("\n");
 177         printf("int checksum_count = countof(checksums);\n");
 178         printf("\n");
 179         integrity->destroy(integrity);
 180
 181         exit(0);
 182 }
 183