Store the name of the binary using libcharon to enable specific settings.
[strongswan.git] / src / conftest / conftest.c
1 /*
2 * Copyright (C) 2010 Martin Willi
3 * Copyright (C) 2010 revosec AG
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 #define _GNU_SOURCE
17 #include <unistd.h>
18 #include <stdio.h>
19 #include <errno.h>
20 #include <signal.h>
21 #include <getopt.h>
22 #include <dlfcn.h>
23 #include <libgen.h>
24
25 #include "conftest.h"
26 #include "config.h"
27 #include "hooks/hook.h"
28
29 #include <threading/thread.h>
30 #include <credentials/certificates/x509.h>
31
32 /**
33 * Conftest globals struct
34 */
35 conftest_t *conftest;
36
37 /**
38 * Print usage information
39 */
40 static void usage(FILE *out)
41 {
42 fprintf(out, "Usage:\n");
43 fprintf(out, " --help show usage information\n");
44 fprintf(out, " --version show conftest version\n");
45 fprintf(out, " --suite <file> global testsuite configuration "
46 "(default: ./suite.conf)\n");
47 fprintf(out, " --test <file> test specific configuration\n");
48 }
49
50 /**
51 * Handle SIGSEGV/SIGILL signals raised by threads
52 */
53 static void segv_handler(int signal)
54 {
55 fprintf(stderr, "thread %u received %d\n", thread_current_id(), signal);
56 abort();
57 }
58
59 /**
60 * Load suite and test specific configurations
61 */
62 static bool load_configs(char *suite_file, char *test_file)
63 {
64 if (!test_file)
65 {
66 fprintf(stderr, "Missing test configuration file.\n");
67 return FALSE;
68 }
69 if (access(suite_file, R_OK) != 0)
70 {
71 fprintf(stderr, "Reading suite configuration file '%s' failed: %s.\n",
72 suite_file, strerror(errno));
73 return FALSE;
74 }
75 if (access(test_file, R_OK) != 0)
76 {
77 fprintf(stderr, "Reading test configuration file '%s' failed: %s.\n",
78 test_file, strerror(errno));
79 return FALSE;
80 }
81 conftest->test = settings_create(suite_file);
82 conftest->test->load_files(conftest->test, test_file, TRUE);
83 conftest->suite_dir = strdup(dirname(suite_file));
84 return TRUE;
85 }
86
87 /**
88 * Load trusted/untrusted certificates
89 */
90 static bool load_cert(settings_t *settings, bool trusted)
91 {
92 enumerator_t *enumerator;
93 char *key, *value;
94
95 enumerator = settings->create_key_value_enumerator(settings,
96 trusted ? "certs.trusted" : "certs.untrusted");
97 while (enumerator->enumerate(enumerator, &key, &value))
98 {
99 certificate_t *cert = NULL;
100
101 if (strncaseeq(key, "x509", strlen("x509")))
102 {
103 cert = lib->creds->create(lib->creds, CRED_CERTIFICATE,
104 CERT_X509, BUILD_FROM_FILE, value, BUILD_END);
105 }
106 else if (strncaseeq(key, "crl", strlen("crl")))
107 {
108 cert = lib->creds->create(lib->creds, CRED_CERTIFICATE,
109 CERT_X509_CRL, BUILD_FROM_FILE, value, BUILD_END);
110 }
111 else
112 {
113 fprintf(stderr, "certificate type '%s' not supported\n", key);
114 enumerator->destroy(enumerator);
115 return FALSE;
116 }
117 if (!cert)
118 {
119 fprintf(stderr, "loading %strusted certificate '%s' from '%s' "
120 "failed\n", trusted ? "" : "un", key, value);
121 enumerator->destroy(enumerator);
122 return FALSE;
123 }
124 conftest->creds->add_cert(conftest->creds, trusted, cert);
125 }
126 enumerator->destroy(enumerator);
127 return TRUE;
128 }
129
130 /**
131 * Load certificates from the confiuguration file
132 */
133 static bool load_certs(settings_t *settings, char *dir)
134 {
135 char wd[PATH_MAX];
136
137 if (getcwd(wd, sizeof(wd)) == NULL)
138 {
139 fprintf(stderr, "getting cwd failed: %s\n", strerror(errno));
140 return FALSE;
141 }
142 if (chdir(dir) != 0)
143 {
144 fprintf(stderr, "opening directory '%s' failed: %s\n",
145 dir, strerror(errno));
146 return FALSE;
147 }
148
149 if (!load_cert(settings, TRUE) ||
150 !load_cert(settings, FALSE))
151 {
152 return FALSE;
153 }
154
155 if (chdir(wd) != 0)
156 {
157 fprintf(stderr, "opening directory '%s' failed: %s\n",
158 wd, strerror(errno));
159 return FALSE;
160 }
161 return TRUE;
162 }
163
164 /**
165 * Load private keys from the confiuguration file
166 */
167 static bool load_keys(settings_t *settings, char *dir)
168 {
169 enumerator_t *enumerator;
170 char *type, *value, wd[PATH_MAX];
171 private_key_t *key;
172 key_type_t key_type;
173
174 if (getcwd(wd, sizeof(wd)) == NULL)
175 {
176 fprintf(stderr, "getting cwd failed: %s\n", strerror(errno));
177 return FALSE;
178 }
179 if (chdir(dir) != 0)
180 {
181 fprintf(stderr, "opening directory '%s' failed: %s\n",
182 dir, strerror(errno));
183 return FALSE;
184 }
185
186 enumerator = settings->create_key_value_enumerator(settings, "keys");
187 while (enumerator->enumerate(enumerator, &type, &value))
188 {
189 if (strncaseeq(type, "ecdsa", strlen("ecdsa")))
190 {
191 key_type = KEY_ECDSA;
192 }
193 else if (strncaseeq(type, "rsa", strlen("rsa")))
194 {
195 key_type = KEY_RSA;
196 }
197 else
198 {
199 fprintf(stderr, "unknown key type: '%s'\n", type);
200 enumerator->destroy(enumerator);
201 return FALSE;
202 }
203 key = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, key_type,
204 BUILD_FROM_FILE, value, BUILD_END);
205 if (!key)
206 {
207 fprintf(stderr, "loading %s key from '%s' failed\n", type, value);
208 enumerator->destroy(enumerator);
209 return FALSE;
210 }
211 conftest->creds->add_key(conftest->creds, key);
212 }
213 enumerator->destroy(enumerator);
214
215 if (chdir(wd) != 0)
216 {
217 fprintf(stderr, "opening directory '%s' failed: %s\n",
218 wd, strerror(errno));
219 return FALSE;
220 }
221 return TRUE;
222 }
223
224 /**
225 * Load certificate distribution points
226 */
227 static void load_cdps(settings_t *settings)
228 {
229 enumerator_t *enumerator;
230 identification_t *id;
231 char *ca, *uri, *section;
232 certificate_type_t type;
233 x509_t *x509;
234
235 enumerator = settings->create_section_enumerator(settings, "cdps");
236 while (enumerator->enumerate(enumerator, &section))
237 {
238 if (strncaseeq(section, "crl", strlen("crl")))
239 {
240 type = CERT_X509_CRL;
241 }
242 else if (strncaseeq(section, "ocsp", strlen("ocsp")))
243 {
244 type = CERT_X509_OCSP_RESPONSE;
245 }
246 else
247 {
248 fprintf(stderr, "unknown cdp type '%s', ignored\n", section);
249 continue;
250 }
251
252 uri = settings->get_str(settings, "cdps.%s.uri", NULL, section);
253 ca = settings->get_str(settings, "cdps.%s.ca", NULL, section);
254 if (!ca || !uri)
255 {
256 fprintf(stderr, "cdp '%s' misses ca/uri, ignored\n", section);
257 continue;
258 }
259 x509 = lib->creds->create(lib->creds, CRED_CERTIFICATE,
260 CERT_X509, BUILD_FROM_FILE, ca, BUILD_END);
261 if (!x509)
262 {
263 fprintf(stderr, "loading cdp '%s' ca failed, ignored\n", section);
264 continue;
265 }
266 id = identification_create_from_encoding(ID_KEY_ID,
267 x509->get_subjectKeyIdentifier(x509));
268 conftest->creds->add_cdp(conftest->creds, type, id, uri);
269 DESTROY_IF((certificate_t*)x509);
270 id->destroy(id);
271 }
272 enumerator->destroy(enumerator);
273 }
274
275 /**
276 * Load configured hooks
277 */
278 static bool load_hooks()
279 {
280 enumerator_t *enumerator;
281 char *name, *pos, buf[64];
282 hook_t *(*create)(char*);
283 hook_t *hook;
284
285 enumerator = conftest->test->create_section_enumerator(conftest->test,
286 "hooks");
287 while (enumerator->enumerate(enumerator, &name))
288 {
289 pos = strchr(name, '-');
290 if (pos)
291 {
292 snprintf(buf, sizeof(buf), "%.*s_hook_create", pos - name, name);
293 }
294 else
295 {
296 snprintf(buf, sizeof(buf), "%s_hook_create", name);
297 }
298 create = dlsym(RTLD_DEFAULT, buf);
299 if (create)
300 {
301 hook = create(name);
302 if (hook)
303 {
304 conftest->hooks->insert_last(conftest->hooks, hook);
305 charon->bus->add_listener(charon->bus, &hook->listener);
306 }
307 }
308 else
309 {
310 fprintf(stderr, "dlsym() for hook '%s' failed: %s\n", name, dlerror());
311 enumerator->destroy(enumerator);
312 return FALSE;
313 }
314 }
315 enumerator->destroy(enumerator);
316 return TRUE;
317 }
318
319 /**
320 * atexit() cleanup handler
321 */
322 static void cleanup()
323 {
324 hook_t *hook;
325
326 DESTROY_IF(conftest->test);
327 lib->credmgr->remove_set(lib->credmgr, &conftest->creds->set);
328 conftest->creds->destroy(conftest->creds);
329 DESTROY_IF(conftest->actions);
330 while (conftest->hooks->remove_last(conftest->hooks,
331 (void**)&hook) == SUCCESS)
332 {
333 charon->bus->remove_listener(charon->bus, &hook->listener);
334 hook->destroy(hook);
335 }
336 conftest->hooks->destroy(conftest->hooks);
337 if (conftest->config)
338 {
339 if (charon->backends)
340 {
341 charon->backends->remove_backend(charon->backends,
342 &conftest->config->backend);
343 }
344 conftest->config->destroy(conftest->config);
345 }
346 free(conftest->suite_dir);
347 free(conftest);
348 libcharon_deinit();
349 libhydra_deinit();
350 library_deinit();
351 }
352
353 /**
354 * Load log levels for a logger from section
355 */
356 static void load_log_levels(file_logger_t *logger, char *section)
357 {
358 debug_t group;
359 level_t def;
360
361 def = conftest->test->get_int(conftest->test, "log.%s.default", 1, section);
362 for (group = 0; group < DBG_MAX; group++)
363 {
364 logger->set_level(logger, group,
365 conftest->test->get_int(conftest->test, "log.%s.%N", def,
366 section, debug_lower_names, group));
367 }
368 }
369
370 /**
371 * Load logger configuration
372 */
373 static void load_loggers(file_logger_t *logger)
374 {
375 enumerator_t *enumerator;
376 char *section;
377 FILE *file;
378
379 load_log_levels(logger, "stdout");
380
381 enumerator = conftest->test->create_section_enumerator(conftest->test, "log");
382 while (enumerator->enumerate(enumerator, &section))
383 {
384 if (!streq(section, "stdout"))
385 {
386 file = fopen(section, "w");
387 if (file == NULL)
388 {
389 fprintf(stderr, "opening file %s for logging failed: %s",
390 section, strerror(errno));
391 continue;
392 }
393 logger = file_logger_create(file, NULL, FALSE);
394 load_log_levels(logger, section);
395 charon->bus->add_listener(charon->bus, &logger->listener);
396 charon->file_loggers->insert_last(charon->file_loggers, logger);
397 }
398 }
399 enumerator->destroy(enumerator);
400 }
401
402 /**
403 * Main function, starts the conftest daemon.
404 */
405 int main(int argc, char *argv[])
406 {
407 struct sigaction action;
408 int status = 0;
409 sigset_t set;
410 int sig;
411 char *suite_file = "suite.conf", *test_file = NULL;
412 file_logger_t *logger;
413
414 if (!library_init(NULL))
415 {
416 library_deinit();
417 return SS_RC_LIBSTRONGSWAN_INTEGRITY;
418 }
419 if (!libhydra_init("conftest"))
420 {
421 libhydra_deinit();
422 library_deinit();
423 return SS_RC_INITIALIZATION_FAILED;
424 }
425 if (!libcharon_init("conftest"))
426 {
427 libcharon_deinit();
428 libhydra_deinit();
429 library_deinit();
430 return SS_RC_INITIALIZATION_FAILED;
431 }
432
433 INIT(conftest,
434 .creds = mem_cred_create(),
435 );
436
437 logger = file_logger_create(stdout, NULL, FALSE);
438 logger->set_level(logger, DBG_ANY, LEVEL_CTRL);
439 charon->bus->add_listener(charon->bus, &logger->listener);
440 charon->file_loggers->insert_last(charon->file_loggers, logger);
441
442 lib->credmgr->add_set(lib->credmgr, &conftest->creds->set);
443 conftest->hooks = linked_list_create();
444 conftest->config = config_create();
445
446 atexit(cleanup);
447
448 while (TRUE)
449 {
450 struct option long_opts[] = {
451 { "help", no_argument, NULL, 'h' },
452 { "version", no_argument, NULL, 'v' },
453 { "suite", required_argument, NULL, 's' },
454 { "test", required_argument, NULL, 't' },
455 { 0,0,0,0 }
456 };
457 switch (getopt_long(argc, argv, "", long_opts, NULL))
458 {
459 case EOF:
460 break;
461 case 'h':
462 usage(stdout);
463 return 0;
464 case 'v':
465 printf("strongSwan %s conftest\n", VERSION);
466 return 0;
467 case 's':
468 suite_file = optarg;
469 continue;
470 case 't':
471 test_file = optarg;
472 continue;
473 default:
474 usage(stderr);
475 return 1;
476 }
477 break;
478 }
479
480 if (!load_configs(suite_file, test_file))
481 {
482 return 1;
483 }
484 load_loggers(logger);
485
486 if (!lib->plugins->load(lib->plugins, NULL,
487 conftest->test->get_str(conftest->test, "preload", "")))
488 {
489 return 1;
490 }
491 if (!charon->initialize(charon))
492 {
493 return 1;
494 }
495 if (!load_certs(conftest->test, conftest->suite_dir))
496 {
497 return 1;
498 }
499 if (!load_keys(conftest->test, conftest->suite_dir))
500 {
501 return 1;
502 }
503 load_cdps(conftest->test);
504 if (!load_hooks())
505 {
506 return 1;
507 }
508 charon->backends->add_backend(charon->backends, &conftest->config->backend);
509 conftest->config->load(conftest->config, conftest->test);
510 conftest->actions = actions_create();
511
512 /* set up thread specific handlers */
513 action.sa_handler = segv_handler;
514 action.sa_flags = 0;
515 sigemptyset(&action.sa_mask);
516 sigaddset(&action.sa_mask, SIGINT);
517 sigaddset(&action.sa_mask, SIGTERM);
518 sigaddset(&action.sa_mask, SIGHUP);
519 sigaction(SIGSEGV, &action, NULL);
520 sigaction(SIGILL, &action, NULL);
521 sigaction(SIGBUS, &action, NULL);
522 action.sa_handler = SIG_IGN;
523 sigaction(SIGPIPE, &action, NULL);
524 pthread_sigmask(SIG_SETMASK, &action.sa_mask, NULL);
525
526 /* start thread pool */
527 charon->start(charon);
528
529 /* handle SIGINT/SIGTERM in main thread */
530 sigemptyset(&set);
531 sigaddset(&set, SIGINT);
532 sigaddset(&set, SIGHUP);
533 sigaddset(&set, SIGTERM);
534 sigprocmask(SIG_BLOCK, &set, NULL);
535
536 while (sigwait(&set, &sig) == 0)
537 {
538 switch (sig)
539 {
540 case SIGINT:
541 case SIGTERM:
542 fprintf(stderr, "\nshutting down...\n");
543 break;
544 default:
545 continue;
546 }
547 break;
548 }
549 return status;
550 }