projects / strongswan.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Make sure first argument is an int when using %.*s to print e.g. chunks
[strongswan.git] / src / conftest / conftest.c
1 /*
2 * Copyright (C) 2010 Martin Willi
3 * Copyright (C) 2010 revosec AG
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 #define _GNU_SOURCE
17 #include <unistd.h>
18 #include <stdio.h>
19 #include <errno.h>
20 #include <signal.h>
21 #include <getopt.h>
22 #include <dlfcn.h>
23 #include <libgen.h>
24
25 #include "conftest.h"
26 #include "config.h"
27 #include "hooks/hook.h"
28
29 #include <threading/thread.h>
30 #include <credentials/certificates/x509.h>
31
32 /**
33 * Conftest globals struct
34 */
35 conftest_t *conftest;
36
37 /**
38 * Print usage information
39 */
40 static void usage(FILE *out)
41 {
42 fprintf(out, "Usage:\n");
43 fprintf(out, " --help show usage information\n");
44 fprintf(out, " --version show conftest version\n");
45 fprintf(out, " --suite <file> global testsuite configuration "
46 "(default: ./suite.conf)\n");
47 fprintf(out, " --test <file> test specific configuration\n");
48 }
49
50 /**
51 * Handle SIGSEGV/SIGILL signals raised by threads
52 */
53 static void segv_handler(int signal)
54 {
55 fprintf(stderr, "thread %u received %d\n", thread_current_id(), signal);
56 abort();
57 }
58
59 /**
60 * Load suite and test specific configurations
61 */
62 static bool load_configs(char *suite_file, char *test_file)
63 {
64 if (!test_file)
65 {
66 fprintf(stderr, "Missing test configuration file.\n");
67 return FALSE;
68 }
69 if (access(suite_file, R_OK) != 0)
70 {
71 fprintf(stderr, "Reading suite configuration file '%s' failed: %s.\n",
72 suite_file, strerror(errno));
73 return FALSE;
74 }
75 if (access(test_file, R_OK) != 0)
76 {
77 fprintf(stderr, "Reading test configuration file '%s' failed: %s.\n",
78 test_file, strerror(errno));
79 return FALSE;
80 }
81 conftest->test = settings_create(suite_file);
82 conftest->test->load_files(conftest->test, test_file, TRUE);
83 conftest->suite_dir = strdup(dirname(suite_file));
84 return TRUE;
85 }
86
87 /**
88 * Load trusted/untrusted certificates
89 */
90 static bool load_cert(settings_t *settings, bool trusted)
91 {
92 enumerator_t *enumerator;
93 char *key, *value;
94
95 enumerator = settings->create_key_value_enumerator(settings,
96 trusted ? "certs.trusted" : "certs.untrusted");
97 while (enumerator->enumerate(enumerator, &key, &value))
98 {
99 certificate_t *cert = NULL;
100
101 if (strncaseeq(key, "x509", strlen("x509")))
102 {
103 cert = lib->creds->create(lib->creds, CRED_CERTIFICATE,
104 CERT_X509, BUILD_FROM_FILE, value, BUILD_END);
105 }
106 else if (strncaseeq(key, "crl", strlen("crl")))
107 {
108 cert = lib->creds->create(lib->creds, CRED_CERTIFICATE,
109 CERT_X509_CRL, BUILD_FROM_FILE, value, BUILD_END);
110 }
111 else
112 {
113 fprintf(stderr, "certificate type '%s' not supported\n", key);
114 enumerator->destroy(enumerator);
115 return FALSE;
116 }
117 if (!cert)
118 {
119 fprintf(stderr, "loading %strusted certificate '%s' from '%s' "
120 "failed\n", trusted ? "" : "un", key, value);
121 enumerator->destroy(enumerator);
122 return FALSE;
123 }
124 conftest->creds->add_cert(conftest->creds, trusted, cert);
125 }
126 enumerator->destroy(enumerator);
127 return TRUE;
128 }
129
130 /**
131 * Load certificates from the confiuguration file
132 */
133 static bool load_certs(settings_t *settings, char *dir)
134 {
135 char wd[PATH_MAX];
136
137 if (getcwd(wd, sizeof(wd)) == NULL)
138 {
139 fprintf(stderr, "getting cwd failed: %s\n", strerror(errno));
140 return FALSE;
141 }
142 if (chdir(dir) != 0)
143 {
144 fprintf(stderr, "opening directory '%s' failed: %s\n",
145 dir, strerror(errno));
146 return FALSE;
147 }
148
149 if (!load_cert(settings, TRUE) ||
150 !load_cert(settings, FALSE))
151 {
152 return FALSE;
153 }
154
155 if (chdir(wd) != 0)
156 {
157 fprintf(stderr, "opening directory '%s' failed: %s\n",
158 wd, strerror(errno));
159 return FALSE;
160 }
161 return TRUE;
162 }
163
164 /**
165 * Load private keys from the confiuguration file
166 */
167 static bool load_keys(settings_t *settings, char *dir)
168 {
169 enumerator_t *enumerator;
170 char *type, *value, wd[PATH_MAX];
171 private_key_t *key;
172 key_type_t key_type;
173
174 if (getcwd(wd, sizeof(wd)) == NULL)
175 {
176 fprintf(stderr, "getting cwd failed: %s\n", strerror(errno));
177 return FALSE;
178 }
179 if (chdir(dir) != 0)
180 {
181 fprintf(stderr, "opening directory '%s' failed: %s\n",
182 dir, strerror(errno));
183 return FALSE;
184 }
185
186 enumerator = settings->create_key_value_enumerator(settings, "keys");
187 while (enumerator->enumerate(enumerator, &type, &value))
188 {
189 if (strncaseeq(type, "ecdsa", strlen("ecdsa")))
190 {
191 key_type = KEY_ECDSA;
192 }
193 else if (strncaseeq(type, "rsa", strlen("rsa")))
194 {
195 key_type = KEY_RSA;
196 }
197 else
198 {
199 fprintf(stderr, "unknown key type: '%s'\n", type);
200 enumerator->destroy(enumerator);
201 return FALSE;
202 }
203 key = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, key_type,
204 BUILD_FROM_FILE, value, BUILD_END);
205 if (!key)
206 {
207 fprintf(stderr, "loading %s key from '%s' failed\n", type, value);
208 enumerator->destroy(enumerator);
209 return FALSE;
210 }
211 conftest->creds->add_key(conftest->creds, key);
212 }
213 enumerator->destroy(enumerator);
214
215 if (chdir(wd) != 0)
216 {
217 fprintf(stderr, "opening directory '%s' failed: %s\n",
218 wd, strerror(errno));
219 return FALSE;
220 }
221 return TRUE;
222 }
223
224 /**
225 * Load certificate distribution points
226 */
227 static void load_cdps(settings_t *settings)
228 {
229 enumerator_t *enumerator;
230 identification_t *id;
231 char *ca, *uri, *section;
232 certificate_type_t type;
233 x509_t *x509;
234
235 enumerator = settings->create_section_enumerator(settings, "cdps");
236 while (enumerator->enumerate(enumerator, &section))
237 {
238 if (strncaseeq(section, "crl", strlen("crl")))
239 {
240 type = CERT_X509_CRL;
241 }
242 else if (strncaseeq(section, "ocsp", strlen("ocsp")))
243 {
244 type = CERT_X509_OCSP_RESPONSE;
245 }
246 else
247 {
248 fprintf(stderr, "unknown cdp type '%s', ignored\n", section);
249 continue;
250 }
251
252 uri = settings->get_str(settings, "cdps.%s.uri", NULL, section);
253 ca = settings->get_str(settings, "cdps.%s.ca", NULL, section);
254 if (!ca || !uri)
255 {
256 fprintf(stderr, "cdp '%s' misses ca/uri, ignored\n", section);
257 continue;
258 }
259 x509 = lib->creds->create(lib->creds, CRED_CERTIFICATE,
260 CERT_X509, BUILD_FROM_FILE, ca, BUILD_END);
261 if (!x509)
262 {
263 fprintf(stderr, "loading cdp '%s' ca failed, ignored\n", section);
264 continue;
265 }
266 id = identification_create_from_encoding(ID_KEY_ID,
267 x509->get_subjectKeyIdentifier(x509));
268 conftest->creds->add_cdp(conftest->creds, type, id, uri);
269 DESTROY_IF((certificate_t*)x509);
270 id->destroy(id);
271 }
272 enumerator->destroy(enumerator);
273 }
274
275 /**
276 * Load configured hooks
277 */
278 static bool load_hooks()
279 {
280 enumerator_t *enumerator;
281 char *name, *pos, buf[64];
282 hook_t *(*create)(char*);
283 hook_t *hook;
284
285 enumerator = conftest->test->create_section_enumerator(conftest->test,
286 "hooks");
287 while (enumerator->enumerate(enumerator, &name))
288 {
289 pos = strchr(name, '-');
290 if (pos)
291 {
292 snprintf(buf, sizeof(buf), "%.*s_hook_create", (int)(pos - name),
293 name);
294 }
295 else
296 {
297 snprintf(buf, sizeof(buf), "%s_hook_create", name);
298 }
299 create = dlsym(RTLD_DEFAULT, buf);
300 if (create)
301 {
302 hook = create(name);
303 if (hook)
304 {
305 conftest->hooks->insert_last(conftest->hooks, hook);
306 charon->bus->add_listener(charon->bus, &hook->listener);
307 }
308 }
309 else
310 {
311 fprintf(stderr, "dlsym() for hook '%s' failed: %s\n", name, dlerror());
312 enumerator->destroy(enumerator);
313 return FALSE;
314 }
315 }
316 enumerator->destroy(enumerator);
317 return TRUE;
318 }
319
320 /**
321 * atexit() cleanup handler
322 */
323 static void cleanup()
324 {
325 hook_t *hook;
326
327 DESTROY_IF(conftest->test);
328 lib->credmgr->remove_set(lib->credmgr, &conftest->creds->set);
329 conftest->creds->destroy(conftest->creds);
330 DESTROY_IF(conftest->actions);
331 while (conftest->hooks->remove_last(conftest->hooks,
332 (void**)&hook) == SUCCESS)
333 {
334 charon->bus->remove_listener(charon->bus, &hook->listener);
335 hook->destroy(hook);
336 }
337 conftest->hooks->destroy(conftest->hooks);
338 if (conftest->config)
339 {
340 if (charon->backends)
341 {
342 charon->backends->remove_backend(charon->backends,
343 &conftest->config->backend);
344 }
345 conftest->config->destroy(conftest->config);
346 }
347 free(conftest->suite_dir);
348 free(conftest);
349 libcharon_deinit();
350 libhydra_deinit();
351 library_deinit();
352 }
353
354 /**
355 * Load log levels for a logger from section
356 */
357 static void load_log_levels(file_logger_t *logger, char *section)
358 {
359 debug_t group;
360 level_t def;
361
362 def = conftest->test->get_int(conftest->test, "log.%s.default", 1, section);
363 for (group = 0; group < DBG_MAX; group++)
364 {
365 logger->set_level(logger, group,
366 conftest->test->get_int(conftest->test, "log.%s.%N", def,
367 section, debug_lower_names, group));
368 }
369 }
370
371 /**
372 * Load logger configuration
373 */
374 static void load_loggers(file_logger_t *logger)
375 {
376 enumerator_t *enumerator;
377 char *section;
378 FILE *file;
379
380 load_log_levels(logger, "stdout");
381
382 enumerator = conftest->test->create_section_enumerator(conftest->test, "log");
383 while (enumerator->enumerate(enumerator, &section))
384 {
385 if (!streq(section, "stdout"))
386 {
387 file = fopen(section, "w");
388 if (file == NULL)
389 {
390 fprintf(stderr, "opening file %s for logging failed: %s",
391 section, strerror(errno));
392 continue;
393 }
394 logger = file_logger_create(file, NULL, FALSE);
395 load_log_levels(logger, section);
396 charon->bus->add_logger(charon->bus, &logger->logger);
397 charon->file_loggers->insert_last(charon->file_loggers, logger);
398 }
399 }
400 enumerator->destroy(enumerator);
401 }
402
403 /**
404 * Main function, starts the conftest daemon.
405 */
406 int main(int argc, char *argv[])
407 {
408 struct sigaction action;
409 int status = 0;
410 sigset_t set;
411 int sig;
412 char *suite_file = "suite.conf", *test_file = NULL;
413 file_logger_t *logger;
414
415 if (!library_init(NULL))
416 {
417 library_deinit();
418 return SS_RC_LIBSTRONGSWAN_INTEGRITY;
419 }
420 if (!libhydra_init("conftest"))
421 {
422 libhydra_deinit();
423 library_deinit();
424 return SS_RC_INITIALIZATION_FAILED;
425 }
426 if (!libcharon_init("conftest"))
427 {
428 libcharon_deinit();
429 libhydra_deinit();
430 library_deinit();
431 return SS_RC_INITIALIZATION_FAILED;
432 }
433
434 INIT(conftest,
435 .creds = mem_cred_create(),
436 );
437
438 logger = file_logger_create(stdout, NULL, FALSE);
439 logger->set_level(logger, DBG_ANY, LEVEL_CTRL);
440 charon->bus->add_logger(charon->bus, &logger->logger);
441 charon->file_loggers->insert_last(charon->file_loggers, logger);
442
443 lib->credmgr->add_set(lib->credmgr, &conftest->creds->set);
444 conftest->hooks = linked_list_create();
445 conftest->config = config_create();
446
447 atexit(cleanup);
448
449 while (TRUE)
450 {
451 struct option long_opts[] = {
452 { "help", no_argument, NULL, 'h' },
453 { "version", no_argument, NULL, 'v' },
454 { "suite", required_argument, NULL, 's' },
455 { "test", required_argument, NULL, 't' },
456 { 0,0,0,0 }
457 };
458 switch (getopt_long(argc, argv, "", long_opts, NULL))
459 {
460 case EOF:
461 break;
462 case 'h':
463 usage(stdout);
464 return 0;
465 case 'v':
466 printf("strongSwan %s conftest\n", VERSION);
467 return 0;
468 case 's':
469 suite_file = optarg;
470 continue;
471 case 't':
472 test_file = optarg;
473 continue;
474 default:
475 usage(stderr);
476 return 1;
477 }
478 break;
479 }
480
481 if (!load_configs(suite_file, test_file))
482 {
483 return 1;
484 }
485 load_loggers(logger);
486
487 if (!lib->plugins->load(lib->plugins, NULL,
488 conftest->test->get_str(conftest->test, "preload", "")))
489 {
490 return 1;
491 }
492 if (!charon->initialize(charon, PLUGINS))
493 {
494 return 1;
495 }
496 if (!load_certs(conftest->test, conftest->suite_dir))
497 {
498 return 1;
499 }
500 if (!load_keys(conftest->test, conftest->suite_dir))
501 {
502 return 1;
503 }
504 load_cdps(conftest->test);
505 if (!load_hooks())
506 {
507 return 1;
508 }
509 charon->backends->add_backend(charon->backends, &conftest->config->backend);
510 conftest->config->load(conftest->config, conftest->test);
511 conftest->actions = actions_create();
512
513 /* set up thread specific handlers */
514 action.sa_handler = segv_handler;
515 action.sa_flags = 0;
516 sigemptyset(&action.sa_mask);
517 sigaddset(&action.sa_mask, SIGINT);
518 sigaddset(&action.sa_mask, SIGTERM);
519 sigaddset(&action.sa_mask, SIGHUP);
520 sigaction(SIGSEGV, &action, NULL);
521 sigaction(SIGILL, &action, NULL);
522 sigaction(SIGBUS, &action, NULL);
523 action.sa_handler = SIG_IGN;
524 sigaction(SIGPIPE, &action, NULL);
525 pthread_sigmask(SIG_SETMASK, &action.sa_mask, NULL);
526
527 /* start thread pool */
528 charon->start(charon);
529
530 /* handle SIGINT/SIGTERM in main thread */
531 sigemptyset(&set);
532 sigaddset(&set, SIGINT);
533 sigaddset(&set, SIGHUP);
534 sigaddset(&set, SIGTERM);
535 sigprocmask(SIG_BLOCK, &set, NULL);
536
537 while (sigwait(&set, &sig) == 0)
538 {
539 switch (sig)
540 {
541 case SIGINT:
542 case SIGTERM:
543 fprintf(stderr, "\nshutting down...\n");
544 break;
545 default:
546 continue;
547 }
548 break;
549 }
550 return status;
551 }
strongSwan - IPsec VPN