projects / strongswan.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
plugin-loader: Support a reload() callback for static features
[strongswan.git] / src / pt-tls-client / pt-tls-client.c
1 /*
2 * Copyright (C) 2010-2013 Martin Willi, revosec AG
3 * Copyright (C) 2013-2014 Andreas Steffen
4 * HSR Hochschule für Technik Rapperswil
5 *
6 * This program is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the
8 * Free Software Foundation; either version 2 of the License, or (at your
9 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
10 *
11 * This program is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
13 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * for more details.
15 */
16
17 #include <unistd.h>
18 #include <stdio.h>
19 #include <sys/types.h>
20 #include <getopt.h>
21 #include <errno.h>
22 #include <string.h>
23 #include <stdlib.h>
24 #ifdef HAVE_SYSLOG
25 #include <syslog.h>
26 #endif
27
28 #include <pt_tls.h>
29 #include <pt_tls_client.h>
30 #include <tnc/tnc.h>
31 #include <tls.h>
32
33 #include <library.h>
34 #include <utils/debug.h>
35 #include <credentials/sets/mem_cred.h>
36 #include <utils/optionsfrom.h>
37
38 /**
39 * Print usage information
40 */
41 static void usage(FILE *out)
42 {
43 fprintf(out,
44 "Usage: pt-tls --connect <hostname|address> [--port <port>]\n"
45 " [--cert <file>]+ [--key <file>]\n"
46 " [--client <client-id>] [--secret <password>]\n"
47 " [--optionsfrom <filename>] [--quiet] [--debug <level>]\n");
48 }
49
50 /**
51 * Client routine
52 */
53 static int client(char *address, u_int16_t port, char *identity)
54 {
55 pt_tls_client_t *assessment;
56 tls_t *tnccs;
57 identification_t *server, *client;
58 host_t *host;
59 status_t status;
60
61 host = host_create_from_dns(address, AF_UNSPEC, port);
62 if (!host)
63 {
64 return 1;
65 }
66 server = identification_create_from_string(address);
67 client = identification_create_from_string(identity);
68 tnccs = (tls_t*)tnc->tnccs->create_instance(tnc->tnccs, TNCCS_2_0, FALSE,
69 server, client, TNC_IFT_TLS_2_0, NULL);
70 if (!tnccs)
71 {
72 fprintf(stderr, "loading TNCCS failed: %s\n", PLUGINS);
73 host->destroy(host);
74 server->destroy(server);
75 client->destroy(client);
76 return 1;
77 }
78 assessment = pt_tls_client_create(host, server, client);
79 status = assessment->run_assessment(assessment, (tnccs_t*)tnccs);
80 assessment->destroy(assessment);
81 tnccs->destroy(tnccs);
82 return status;
83 }
84
85
86 /**
87 * In-Memory credential set
88 */
89 static mem_cred_t *creds;
90
91 /**
92 * Load certificate from file
93 */
94 static bool load_certificate(char *filename)
95 {
96 certificate_t *cert;
97
98 cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509,
99 BUILD_FROM_FILE, filename, BUILD_END);
100 if (!cert)
101 {
102 DBG1(DBG_TLS, "loading certificate from '%s' failed", filename);
103 return FALSE;
104 }
105 creds->add_cert(creds, TRUE, cert);
106 return TRUE;
107 }
108
109 /**
110 * Load private key from file
111 */
112 static bool load_key(char *filename)
113 {
114 private_key_t *key;
115
116 key = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_RSA,
117 BUILD_FROM_FILE, filename, BUILD_END);
118 if (!key)
119 {
120 DBG1(DBG_TLS, "loading key from '%s' failed", filename);
121 return FALSE;
122 }
123 creds->add_key(creds, key);
124 return TRUE;
125 }
126
127 /**
128 * Logging and debug level
129 */
130 static bool log_to_stderr = TRUE;
131 #ifdef HAVE_SYSLOG
132 static bool log_to_syslog = TRUE;
133 #endif /* HAVE_SYSLOG */
134 static level_t default_loglevel = 1;
135
136 static void dbg_pt_tls(debug_t group, level_t level, char *fmt, ...)
137 {
138 va_list args;
139
140 if (level <= default_loglevel)
141 {
142 if (log_to_stderr)
143 {
144 va_start(args, fmt);
145 vfprintf(stderr, fmt, args);
146 va_end(args);
147 fprintf(stderr, "\n");
148 }
149 #ifdef HAVE_SYSLOG
150 if (log_to_syslog)
151 {
152 char buffer[8192];
153 char *current = buffer, *next;
154
155 /* write in memory buffer first */
156 va_start(args, fmt);
157 vsnprintf(buffer, sizeof(buffer), fmt, args);
158 va_end(args);
159
160 /* do a syslog with every line */
161 while (current)
162 {
163 next = strchr(current, '\n');
164 if (next)
165 {
166 *(next++) = '\0';
167 }
168 syslog(LOG_INFO, "%s\n", current);
169 current = next;
170 }
171 }
172 #endif /* HAVE_SYSLOG */
173 }
174 }
175
176 /**
177 * Initialize logging to stderr/syslog
178 */
179 static void init_log(const char *program)
180 {
181 dbg = dbg_pt_tls;
182
183 if (log_to_stderr)
184 {
185 setbuf(stderr, NULL);
186 }
187 #ifdef HAVE_SYSLOG
188 if (log_to_syslog)
189 {
190 openlog(program, LOG_CONS | LOG_NDELAY | LOG_PID, LOG_AUTHPRIV);
191 }
192 #endif /* HAVE_SYSLOG */
193 }
194
195 /**
196 * Handles --optionsfrom arguments
197 */
198 options_t *options;
199
200 /**
201 * Cleanup
202 */
203 static void cleanup()
204 {
205 lib->processor->cancel(lib->processor);
206 lib->credmgr->remove_set(lib->credmgr, &creds->set);
207 creds->destroy(creds);
208 options->destroy(options);
209 libtnccs_deinit();
210 library_deinit();
211 }
212
213 /**
214 * Initialize library
215 */
216 static void init()
217 {
218 plugin_feature_t features[] = {
219 PLUGIN_NOOP,
220 PLUGIN_PROVIDE(CUSTOM, "pt-tls-client"),
221 PLUGIN_DEPENDS(CUSTOM, "tnccs-manager"),
222 };
223 library_init(NULL, "pt-tls-client");
224 libtnccs_init();
225
226 init_log("pt-tls-client");
227 options = options_create();
228
229 lib->plugins->add_static_features(lib->plugins, "pt-tls-client", features,
230 countof(features), TRUE, NULL, NULL);
231 if (!lib->plugins->load(lib->plugins,
232 lib->settings->get_str(lib->settings, "pt-tls-client.load", PLUGINS)))
233 {
234 exit(SS_RC_INITIALIZATION_FAILED);
235 }
236 lib->plugins->status(lib->plugins, LEVEL_CTRL);
237
238 creds = mem_cred_create();
239 lib->credmgr->add_set(lib->credmgr, &creds->set);
240
241 atexit(cleanup);
242 }
243
244 int main(int argc, char *argv[])
245 {
246 char *address = NULL, *identity = "%any", *secret = NULL;
247 int port = PT_TLS_PORT;
248
249 init();
250
251 while (TRUE)
252 {
253 struct option long_opts[] = {
254 {"help", no_argument, NULL, 'h' },
255 {"connect", required_argument, NULL, 'c' },
256 {"client", required_argument, NULL, 'i' },
257 {"secret", required_argument, NULL, 's' },
258 {"port", required_argument, NULL, 'p' },
259 {"cert", required_argument, NULL, 'x' },
260 {"key", required_argument, NULL, 'k' },
261 {"quiet", no_argument, NULL, 'q' },
262 {"debug", required_argument, NULL, 'd' },
263 {"optionsfrom", required_argument, NULL, '+' },
264 {0,0,0,0 }
265 };
266 switch (getopt_long(argc, argv, "", long_opts, NULL))
267 {
268 case EOF:
269 break;
270 case 'h': /* --help */
271 usage(stdout);
272 return 0;
273 case 'x': /* --cert <file> */
274 if (!load_certificate(optarg))
275 {
276 return 1;
277 }
278 continue;
279 case 'k': /* --key <file> */
280 if (!load_key(optarg))
281 {
282 return 1;
283 }
284 continue;
285 case 'c': /* --connect <hostname|address> */
286 if (address)
287 {
288 usage(stderr);
289 return 1;
290 }
291 address = optarg;
292 continue;
293 case 'i': /* --client <client-id> */
294 identity = optarg;
295 continue;
296 case 's': /* --secret <password> */
297 secret = optarg;
298 continue;
299 case 'p': /* --port <port> */
300 port = atoi(optarg);
301 continue;
302 case 'q': /* --quiet */
303 log_to_stderr = FALSE;
304 continue;
305 case 'd': /* --debug <level> */
306 default_loglevel = atoi(optarg);
307 continue;
308 case '+': /* --optionsfrom <filename> */
309 if (!options->from(options, optarg, &argc, &argv, optind))
310 {
311 return 1;
312 }
313 continue;
314 default:
315 usage(stderr);
316 return 1;
317 }
318 break;
319 }
320 if (!address)
321 {
322 usage(stderr);
323 return 1;
324 }
325 if (secret)
326 {
327 creds->add_shared(creds, shared_key_create(SHARED_EAP,
328 chunk_clone(chunk_from_str(secret))),
329 identification_create_from_string(identity), NULL);
330 }
331
332 return client(address, port, identity);
333 }
strongSwan - IPsec VPN