e21914811b32eafbba414155ea5a9c2ea2958914
[strongswan.git] / src / conftest / conftest.c
1 /*
2 * Copyright (C) 2010 Martin Willi
3 * Copyright (C) 2010 revosec AG
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 #define _GNU_SOURCE
17 #include <unistd.h>
18 #include <stdio.h>
19 #include <errno.h>
20 #include <signal.h>
21 #include <getopt.h>
22 #include <dlfcn.h>
23 #include <libgen.h>
24
25 #include "conftest.h"
26 #include "config.h"
27 #include "hooks/hook.h"
28
29 #include <threading/thread.h>
30 #include <credentials/certificates/x509.h>
31
32 /**
33 * Conftest globals struct
34 */
35 conftest_t *conftest;
36
37 /**
38 * Print usage information
39 */
40 static void usage(FILE *out)
41 {
42 fprintf(out, "Usage:\n");
43 fprintf(out, " --help show usage information\n");
44 fprintf(out, " --version show conftest version\n");
45 fprintf(out, " --suite <file> global testsuite configuration "
46 "(default: ./suite.conf)\n");
47 fprintf(out, " --test <file> test specific configuration\n");
48 }
49
50 /**
51 * Handle SIGSEGV/SIGILL signals raised by threads
52 */
53 static void segv_handler(int signal)
54 {
55 fprintf(stderr, "thread %u received %d\n", thread_current_id(), signal);
56 abort();
57 }
58
59 /**
60 * Load suite and test specific configurations
61 */
62 static bool load_configs(char *suite_file, char *test_file)
63 {
64 if (!test_file)
65 {
66 fprintf(stderr, "Missing test configuration file.\n");
67 return FALSE;
68 }
69 if (access(suite_file, R_OK) != 0)
70 {
71 fprintf(stderr, "Reading suite configuration file '%s' failed: %s.\n",
72 suite_file, strerror(errno));
73 return FALSE;
74 }
75 if (access(test_file, R_OK) != 0)
76 {
77 fprintf(stderr, "Reading test configuration file '%s' failed: %s.\n",
78 test_file, strerror(errno));
79 return FALSE;
80 }
81 conftest->test = settings_create(suite_file);
82 conftest->test->load_files(conftest->test, test_file);
83 conftest->suite_dir = strdup(dirname(suite_file));
84 return TRUE;
85 }
86
87 /**
88 * Load trusted/untrusted certificates
89 */
90 static bool load_cert(settings_t *settings, bool trusted)
91 {
92 enumerator_t *enumerator;
93 char *key, *value;
94
95 enumerator = settings->create_key_value_enumerator(settings,
96 trusted ? "certs.trusted" : "certs.untrusted");
97 while (enumerator->enumerate(enumerator, &key, &value))
98 {
99 certificate_t *cert = NULL;
100
101 if (strncaseeq(key, "x509", strlen("x509")))
102 {
103 cert = lib->creds->create(lib->creds, CRED_CERTIFICATE,
104 CERT_X509, BUILD_FROM_FILE, value, BUILD_END);
105 }
106 else if (strncaseeq(key, "crl", strlen("crl")))
107 {
108 cert = lib->creds->create(lib->creds, CRED_CERTIFICATE,
109 CERT_X509_CRL, BUILD_FROM_FILE, value, BUILD_END);
110 }
111 else
112 {
113 fprintf(stderr, "certificate type '%s' not supported\n", key);
114 enumerator->destroy(enumerator);
115 return FALSE;
116 }
117 if (!cert)
118 {
119 fprintf(stderr, "loading %strusted certificate '%s' from '%s' "
120 "failed\n", trusted ? "" : "un", key, value);
121 enumerator->destroy(enumerator);
122 return FALSE;
123 }
124 conftest->creds->add_cert(conftest->creds, trusted, cert);
125 }
126 enumerator->destroy(enumerator);
127 return TRUE;
128 }
129
130 /**
131 * Load certificates from the confiuguration file
132 */
133 static bool load_certs(settings_t *settings, char *dir)
134 {
135 char wd[PATH_MAX];
136
137 if (getcwd(wd, sizeof(wd)) == NULL)
138 {
139 fprintf(stderr, "getting cwd failed: %s\n", strerror(errno));
140 return FALSE;
141 }
142 if (chdir(dir) != 0)
143 {
144 fprintf(stderr, "opening directory '%s' failed: %s\n",
145 dir, strerror(errno));
146 return FALSE;
147 }
148
149 if (!load_cert(settings, TRUE) ||
150 !load_cert(settings, FALSE))
151 {
152 return FALSE;
153 }
154
155 if (chdir(wd) != 0)
156 {
157 fprintf(stderr, "opening directory '%s' failed: %s\n",
158 wd, strerror(errno));
159 return FALSE;
160 }
161 return TRUE;
162 }
163
164 /**
165 * Load private keys from the confiuguration file
166 */
167 static bool load_keys(settings_t *settings, char *dir)
168 {
169 enumerator_t *enumerator;
170 char *type, *value, wd[PATH_MAX];
171 private_key_t *key;
172 key_type_t key_type;
173
174 if (getcwd(wd, sizeof(wd)) == NULL)
175 {
176 fprintf(stderr, "getting cwd failed: %s\n", strerror(errno));
177 return FALSE;
178 }
179 if (chdir(dir) != 0)
180 {
181 fprintf(stderr, "opening directory '%s' failed: %s\n",
182 dir, strerror(errno));
183 return FALSE;
184 }
185
186 enumerator = settings->create_key_value_enumerator(settings, "keys");
187 while (enumerator->enumerate(enumerator, &type, &value))
188 {
189 if (strncaseeq(type, "ecdsa", strlen("ecdsa")))
190 {
191 key_type = KEY_ECDSA;
192 }
193 else if (strncaseeq(type, "rsa", strlen("rsa")))
194 {
195 key_type = KEY_RSA;
196 }
197 else
198 {
199 fprintf(stderr, "unkown key type: '%s'\n", type);
200 enumerator->destroy(enumerator);
201 return FALSE;
202 }
203 key = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, key_type,
204 BUILD_FROM_FILE, value, BUILD_END);
205 if (!key)
206 {
207 fprintf(stderr, "loading %s key from '%s' failed\n", type, value);
208 enumerator->destroy(enumerator);
209 return FALSE;
210 }
211 conftest->creds->add_key(conftest->creds, key);
212 }
213 enumerator->destroy(enumerator);
214
215 if (chdir(wd) != 0)
216 {
217 fprintf(stderr, "opening directory '%s' failed: %s\n",
218 wd, strerror(errno));
219 return FALSE;
220 }
221 return TRUE;
222 }
223
224 /**
225 * Load certificate distribution points
226 */
227 static void load_cdps(settings_t *settings)
228 {
229 enumerator_t *enumerator;
230 identification_t *id;
231 char *ca, *uri, *section;
232 x509_t *x509;
233
234 enumerator = settings->create_section_enumerator(settings, "cdps");
235 while (enumerator->enumerate(enumerator, &section))
236 {
237 if (!strncaseeq(section, "crl", strlen("crl")))
238 {
239 fprintf(stderr, "unknown cdp type '%s', ignored\n", section);
240 continue;
241 }
242
243 uri = settings->get_str(settings, "cdps.%s.uri", NULL, section);
244 ca = settings->get_str(settings, "cdps.%s.ca", NULL, section);
245 if (!ca || !uri)
246 {
247 fprintf(stderr, "cdp '%s' misses ca/uri, ignored\n", section);
248 continue;
249 }
250 x509 = lib->creds->create(lib->creds, CRED_CERTIFICATE,
251 CERT_X509, BUILD_FROM_FILE, ca, BUILD_END);
252 if (!x509)
253 {
254 fprintf(stderr, "loading cdp '%s' ca failed, ignored\n", section);
255 continue;
256 }
257 id = identification_create_from_encoding(ID_KEY_ID,
258 x509->get_subjectKeyIdentifier(x509));
259 conftest->creds->add_cdp(conftest->creds, CERT_X509_CRL, id, uri);
260 DESTROY_IF((certificate_t*)x509);
261 id->destroy(id);
262 }
263 enumerator->destroy(enumerator);
264 }
265
266 /**
267 * Load configured hooks
268 */
269 static bool load_hooks()
270 {
271 enumerator_t *enumerator;
272 char *name, *pos, buf[64];
273 hook_t *(*create)(char*);
274 hook_t *hook;
275
276 enumerator = conftest->test->create_section_enumerator(conftest->test,
277 "hooks");
278 while (enumerator->enumerate(enumerator, &name))
279 {
280 pos = strchr(name, '-');
281 if (pos)
282 {
283 snprintf(buf, sizeof(buf), "%.*s_hook_create", pos - name, name);
284 }
285 else
286 {
287 snprintf(buf, sizeof(buf), "%s_hook_create", name);
288 }
289 create = dlsym(RTLD_DEFAULT, buf);
290 if (create)
291 {
292 hook = create(name);
293 if (hook)
294 {
295 conftest->hooks->insert_last(conftest->hooks, hook);
296 charon->bus->add_listener(charon->bus, &hook->listener);
297 }
298 }
299 else
300 {
301 fprintf(stderr, "dlsym() for hook '%s' failed: %s\n", name, dlerror());
302 enumerator->destroy(enumerator);
303 return FALSE;
304 }
305 }
306 enumerator->destroy(enumerator);
307 return TRUE;
308 }
309
310 /**
311 * atexit() cleanup handler
312 */
313 static void cleanup()
314 {
315 hook_t *hook;
316
317 DESTROY_IF(conftest->test);
318 lib->credmgr->remove_set(lib->credmgr, &conftest->creds->set);
319 conftest->creds->destroy(conftest->creds);
320 DESTROY_IF(conftest->actions);
321 while (conftest->hooks->remove_last(conftest->hooks,
322 (void**)&hook) == SUCCESS)
323 {
324 charon->bus->remove_listener(charon->bus, &hook->listener);
325 hook->destroy(hook);
326 }
327 conftest->hooks->destroy(conftest->hooks);
328 if (conftest->config)
329 {
330 if (charon->backends)
331 {
332 charon->backends->remove_backend(charon->backends,
333 &conftest->config->backend);
334 }
335 conftest->config->destroy(conftest->config);
336 }
337 free(conftest->suite_dir);
338 free(conftest);
339 libcharon_deinit();
340 libhydra_deinit();
341 library_deinit();
342 }
343
344 /**
345 * Load log levels for a logger from section
346 */
347 static void load_log_levels(file_logger_t *logger, char *section)
348 {
349 debug_t group;
350 level_t def;
351
352 def = conftest->test->get_int(conftest->test, "log.%s.default", 1, section);
353 for (group = 0; group < DBG_MAX; group++)
354 {
355 logger->set_level(logger, group,
356 conftest->test->get_int(conftest->test, "log.%s.%N", def,
357 section, debug_lower_names, group));
358 }
359 }
360
361 /**
362 * Load logger configuration
363 */
364 static void load_loggers(file_logger_t *logger)
365 {
366 enumerator_t *enumerator;
367 char *section;
368 FILE *file;
369
370 load_log_levels(logger, "stdout");
371
372 enumerator = conftest->test->create_section_enumerator(conftest->test, "log");
373 while (enumerator->enumerate(enumerator, &section))
374 {
375 if (!streq(section, "stdout"))
376 {
377 file = fopen(section, "w");
378 if (file == NULL)
379 {
380 fprintf(stderr, "opening file %s for logging failed: %s",
381 section, strerror(errno));
382 continue;
383 }
384 logger = file_logger_create(file, NULL, FALSE);
385 load_log_levels(logger, section);
386 charon->bus->add_listener(charon->bus, &logger->listener);
387 charon->file_loggers->insert_last(charon->file_loggers, logger);
388 }
389 }
390 enumerator->destroy(enumerator);
391 }
392
393 /**
394 * Main function, starts the conftest daemon.
395 */
396 int main(int argc, char *argv[])
397 {
398 struct sigaction action;
399 int status = 0;
400 sigset_t set;
401 int sig;
402 char *suite_file = "suite.conf", *test_file = NULL;
403 file_logger_t *logger;
404
405 if (!library_init(NULL))
406 {
407 library_deinit();
408 return SS_RC_LIBSTRONGSWAN_INTEGRITY;
409 }
410 if (!libhydra_init("conftest"))
411 {
412 libhydra_deinit();
413 library_deinit();
414 return SS_RC_INITIALIZATION_FAILED;
415 }
416 if (!libcharon_init())
417 {
418 libcharon_deinit();
419 libhydra_deinit();
420 library_deinit();
421 return SS_RC_INITIALIZATION_FAILED;
422 }
423
424 INIT(conftest,
425 .creds = mem_cred_create(),
426 );
427
428 logger = file_logger_create(stdout, NULL, FALSE);
429 logger->set_level(logger, DBG_ANY, LEVEL_CTRL);
430 charon->bus->add_listener(charon->bus, &logger->listener);
431 charon->file_loggers->insert_last(charon->file_loggers, logger);
432
433 lib->credmgr->add_set(lib->credmgr, &conftest->creds->set);
434 conftest->hooks = linked_list_create();
435 conftest->config = config_create();
436
437 atexit(cleanup);
438
439 while (TRUE)
440 {
441 struct option long_opts[] = {
442 { "help", no_argument, NULL, 'h' },
443 { "version", no_argument, NULL, 'v' },
444 { "suite", required_argument, NULL, 's' },
445 { "test", required_argument, NULL, 't' },
446 { 0,0,0,0 }
447 };
448 switch (getopt_long(argc, argv, "", long_opts, NULL))
449 {
450 case EOF:
451 break;
452 case 'h':
453 usage(stdout);
454 return 0;
455 case 'v':
456 printf("strongSwan %s conftest\n", VERSION);
457 return 0;
458 case 's':
459 suite_file = optarg;
460 continue;
461 case 't':
462 test_file = optarg;
463 continue;
464 default:
465 usage(stderr);
466 return 1;
467 }
468 break;
469 }
470
471 if (!load_configs(suite_file, test_file))
472 {
473 return 1;
474 }
475 load_loggers(logger);
476
477 if (!lib->plugins->load(lib->plugins, NULL,
478 conftest->test->get_str(conftest->test, "preload", "")))
479 {
480 return 1;
481 }
482 if (!charon->initialize(charon))
483 {
484 return 1;
485 }
486 if (!load_certs(conftest->test, conftest->suite_dir))
487 {
488 return 1;
489 }
490 if (!load_keys(conftest->test, conftest->suite_dir))
491 {
492 return 1;
493 }
494 load_cdps(conftest->test);
495 if (!load_hooks())
496 {
497 return 1;
498 }
499 charon->backends->add_backend(charon->backends, &conftest->config->backend);
500 conftest->config->load(conftest->config, conftest->test);
501 conftest->actions = actions_create();
502
503 /* set up thread specific handlers */
504 action.sa_handler = segv_handler;
505 action.sa_flags = 0;
506 sigemptyset(&action.sa_mask);
507 sigaddset(&action.sa_mask, SIGINT);
508 sigaddset(&action.sa_mask, SIGTERM);
509 sigaddset(&action.sa_mask, SIGHUP);
510 sigaction(SIGSEGV, &action, NULL);
511 sigaction(SIGILL, &action, NULL);
512 sigaction(SIGBUS, &action, NULL);
513 action.sa_handler = SIG_IGN;
514 sigaction(SIGPIPE, &action, NULL);
515 pthread_sigmask(SIG_SETMASK, &action.sa_mask, NULL);
516
517 /* start thread pool */
518 charon->start(charon);
519
520 /* handle SIGINT/SIGTERM in main thread */
521 sigemptyset(&set);
522 sigaddset(&set, SIGINT);
523 sigaddset(&set, SIGHUP);
524 sigaddset(&set, SIGTERM);
525 sigprocmask(SIG_BLOCK, &set, NULL);
526
527 while (sigwait(&set, &sig) == 0)
528 {
529 switch (sig)
530 {
531 case SIGINT:
532 case SIGTERM:
533 fprintf(stderr, "\nshutting down...\n");
534 break;
535 default:
536 continue;
537 }
538 break;
539 }
540 return status;
541 }