pt-tls-client: Remove unneeded socket.h include, fixing Windows build
[strongswan.git] / src / pt-tls-client / pt-tls-client.c
1 /*
2 * Copyright (C) 2010-2013 Martin Willi, revosec AG
3 * Copyright (C) 2013-2014 Andreas Steffen
4 * HSR Hochschule für Technik Rapperswil
5 *
6 * This program is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the
8 * Free Software Foundation; either version 2 of the License, or (at your
9 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
10 *
11 * This program is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
13 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * for more details.
15 */
16
17 #include <unistd.h>
18 #include <stdio.h>
19 #include <sys/types.h>
20 #include <getopt.h>
21 #include <errno.h>
22 #include <string.h>
23 #include <stdlib.h>
24 #include <syslog.h>
25
26 #include <pt_tls.h>
27 #include <pt_tls_client.h>
28 #include <tnc/tnc.h>
29 #include <tls.h>
30
31 #include <library.h>
32 #include <utils/debug.h>
33 #include <credentials/sets/mem_cred.h>
34 #include <utils/optionsfrom.h>
35
36 /**
37 * Print usage information
38 */
39 static void usage(FILE *out)
40 {
41 fprintf(out,
42 "Usage: pt-tls --connect <hostname|address> [--port <port>]\n"
43 " [--cert <file>]+ [--key <file>]\n"
44 " [--client <client-id>] [--secret <password>]\n"
45 " [--optionsfrom <filename>] [--quiet] [--debug <level>]\n");
46 }
47
48 /**
49 * Client routine
50 */
51 static int client(char *address, u_int16_t port, char *identity)
52 {
53 pt_tls_client_t *assessment;
54 tls_t *tnccs;
55 identification_t *server, *client;
56 host_t *host;
57 status_t status;
58
59 host = host_create_from_dns(address, AF_UNSPEC, port);
60 if (!host)
61 {
62 return 1;
63 }
64 server = identification_create_from_string(address);
65 client = identification_create_from_string(identity);
66 tnccs = (tls_t*)tnc->tnccs->create_instance(tnc->tnccs, TNCCS_2_0, FALSE,
67 server, client, TNC_IFT_TLS_2_0, NULL);
68 if (!tnccs)
69 {
70 fprintf(stderr, "loading TNCCS failed: %s\n", PLUGINS);
71 host->destroy(host);
72 server->destroy(server);
73 client->destroy(client);
74 return 1;
75 }
76 assessment = pt_tls_client_create(host, server, client);
77 status = assessment->run_assessment(assessment, (tnccs_t*)tnccs);
78 assessment->destroy(assessment);
79 tnccs->destroy(tnccs);
80 return status;
81 }
82
83
84 /**
85 * In-Memory credential set
86 */
87 static mem_cred_t *creds;
88
89 /**
90 * Load certificate from file
91 */
92 static bool load_certificate(char *filename)
93 {
94 certificate_t *cert;
95
96 cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509,
97 BUILD_FROM_FILE, filename, BUILD_END);
98 if (!cert)
99 {
100 DBG1(DBG_TLS, "loading certificate from '%s' failed", filename);
101 return FALSE;
102 }
103 creds->add_cert(creds, TRUE, cert);
104 return TRUE;
105 }
106
107 /**
108 * Load private key from file
109 */
110 static bool load_key(char *filename)
111 {
112 private_key_t *key;
113
114 key = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_RSA,
115 BUILD_FROM_FILE, filename, BUILD_END);
116 if (!key)
117 {
118 DBG1(DBG_TLS, "loading key from '%s' failed", filename);
119 return FALSE;
120 }
121 creds->add_key(creds, key);
122 return TRUE;
123 }
124
125 /**
126 * Logging and debug level
127 */
128 static bool log_to_stderr = TRUE;
129 static bool log_to_syslog = TRUE;
130 static level_t default_loglevel = 1;
131
132 static void dbg_pt_tls(debug_t group, level_t level, char *fmt, ...)
133 {
134 char buffer[8192];
135 char *current = buffer, *next;
136 va_list args;
137
138 if (level <= default_loglevel)
139 {
140 if (log_to_stderr)
141 {
142 va_start(args, fmt);
143 vfprintf(stderr, fmt, args);
144 va_end(args);
145 fprintf(stderr, "\n");
146 }
147 if (log_to_syslog)
148 {
149 /* write in memory buffer first */
150 va_start(args, fmt);
151 vsnprintf(buffer, sizeof(buffer), fmt, args);
152 va_end(args);
153
154 /* do a syslog with every line */
155 while (current)
156 {
157 next = strchr(current, '\n');
158 if (next)
159 {
160 *(next++) = '\0';
161 }
162 syslog(LOG_INFO, "%s\n", current);
163 current = next;
164 }
165 }
166 }
167 }
168
169 /**
170 * Initialize logging to stderr/syslog
171 */
172 static void init_log(const char *program)
173 {
174 dbg = dbg_pt_tls;
175
176 if (log_to_stderr)
177 {
178 setbuf(stderr, NULL);
179 }
180 if (log_to_syslog)
181 {
182 openlog(program, LOG_CONS | LOG_NDELAY | LOG_PID, LOG_AUTHPRIV);
183 }
184 }
185
186 /**
187 * Handles --optionsfrom arguments
188 */
189 options_t *options;
190
191 /**
192 * Cleanup
193 */
194 static void cleanup()
195 {
196 lib->processor->cancel(lib->processor);
197 lib->credmgr->remove_set(lib->credmgr, &creds->set);
198 creds->destroy(creds);
199 options->destroy(options);
200 libtnccs_deinit();
201 library_deinit();
202 }
203
204 /**
205 * Initialize library
206 */
207 static void init()
208 {
209 plugin_feature_t features[] = {
210 PLUGIN_NOOP,
211 PLUGIN_PROVIDE(CUSTOM, "pt-tls-client"),
212 PLUGIN_DEPENDS(CUSTOM, "tnccs-manager"),
213 };
214 library_init(NULL, "pt-tls-client");
215 libtnccs_init();
216
217 init_log("pt-tls-client");
218 options = options_create();
219
220 lib->plugins->add_static_features(lib->plugins, "pt-tls-client", features,
221 countof(features), TRUE);
222 if (!lib->plugins->load(lib->plugins,
223 lib->settings->get_str(lib->settings, "pt-tls-client.load", PLUGINS)))
224 {
225 exit(SS_RC_INITIALIZATION_FAILED);
226 }
227 lib->plugins->status(lib->plugins, LEVEL_CTRL);
228
229 creds = mem_cred_create();
230 lib->credmgr->add_set(lib->credmgr, &creds->set);
231
232 atexit(cleanup);
233 }
234
235 int main(int argc, char *argv[])
236 {
237 char *address = NULL, *identity = "%any", *secret = NULL;
238 int port = PT_TLS_PORT;
239
240 init();
241
242 while (TRUE)
243 {
244 struct option long_opts[] = {
245 {"help", no_argument, NULL, 'h' },
246 {"connect", required_argument, NULL, 'c' },
247 {"client", required_argument, NULL, 'i' },
248 {"secret", required_argument, NULL, 's' },
249 {"port", required_argument, NULL, 'p' },
250 {"cert", required_argument, NULL, 'x' },
251 {"key", required_argument, NULL, 'k' },
252 {"quiet", no_argument, NULL, 'q' },
253 {"debug", required_argument, NULL, 'd' },
254 {"optionsfrom", required_argument, NULL, '+' },
255 {0,0,0,0 }
256 };
257 switch (getopt_long(argc, argv, "", long_opts, NULL))
258 {
259 case EOF:
260 break;
261 case 'h': /* --help */
262 usage(stdout);
263 return 0;
264 case 'x': /* --cert <file> */
265 if (!load_certificate(optarg))
266 {
267 return 1;
268 }
269 continue;
270 case 'k': /* --key <file> */
271 if (!load_key(optarg))
272 {
273 return 1;
274 }
275 continue;
276 case 'c': /* --connect <hostname|address> */
277 if (address)
278 {
279 usage(stderr);
280 return 1;
281 }
282 address = optarg;
283 continue;
284 case 'i': /* --client <client-id> */
285 identity = optarg;
286 continue;
287 case 's': /* --secret <password> */
288 secret = optarg;
289 continue;
290 case 'p': /* --port <port> */
291 port = atoi(optarg);
292 continue;
293 case 'q': /* --quiet */
294 log_to_stderr = FALSE;
295 continue;
296 case 'd': /* --debug <level> */
297 default_loglevel = atoi(optarg);
298 continue;
299 case '+': /* --optionsfrom <filename> */
300 if (!options->from(options, optarg, &argc, &argv, optind))
301 {
302 return 1;
303 }
304 continue;
305 default:
306 usage(stderr);
307 return 1;
308 }
309 break;
310 }
311 if (!address)
312 {
313 usage(stderr);
314 return 1;
315 }
316 if (secret)
317 {
318 creds->add_shared(creds, shared_key_create(SHARED_EAP,
319 chunk_clone(chunk_from_str(secret))),
320 identification_create_from_string(identity), NULL);
321 }
322
323 return client(address, port, identity);
324 }