2 * Copyright (C) 2010-2013 Martin Willi, revosec AG
3 * Copyright (C) 2013-2014 Andreas Steffen
4 * HSR Hochschule für Technik Rapperswil
6 * This program is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the
8 * Free Software Foundation; either version 2 of the License, or (at your
9 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
11 * This program is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
13 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
19 #include <sys/types.h>
29 #include <pt_tls_client.h>
34 #include <utils/debug.h>
35 #include <credentials/sets/mem_cred.h>
36 #include <utils/optionsfrom.h>
39 * Print usage information
41 static void usage(FILE *out
)
44 "Usage: pt-tls --connect <hostname|address> [--port <port>]\n"
45 " [--cert <file>]+ [--key <file>]\n"
46 " [--client <client-id>] [--secret <password>]\n"
47 " [--optionsfrom <filename>] [--quiet] [--debug <level>]\n");
53 static int client(char *address
, u_int16_t port
, char *identity
)
55 pt_tls_client_t
*assessment
;
57 identification_t
*server
, *client
;
61 host
= host_create_from_dns(address
, AF_UNSPEC
, port
);
66 server
= identification_create_from_string(address
);
67 client
= identification_create_from_string(identity
);
68 tnccs
= (tls_t
*)tnc
->tnccs
->create_instance(tnc
->tnccs
, TNCCS_2_0
, FALSE
,
69 server
, client
, TNC_IFT_TLS_2_0
, NULL
);
72 fprintf(stderr
, "loading TNCCS failed: %s\n", PLUGINS
);
74 server
->destroy(server
);
75 client
->destroy(client
);
78 assessment
= pt_tls_client_create(host
, server
, client
);
79 status
= assessment
->run_assessment(assessment
, (tnccs_t
*)tnccs
);
80 assessment
->destroy(assessment
);
81 tnccs
->destroy(tnccs
);
87 * In-Memory credential set
89 static mem_cred_t
*creds
;
92 * Load certificate from file
94 static bool load_certificate(char *filename
)
98 cert
= lib
->creds
->create(lib
->creds
, CRED_CERTIFICATE
, CERT_X509
,
99 BUILD_FROM_FILE
, filename
, BUILD_END
);
102 DBG1(DBG_TLS
, "loading certificate from '%s' failed", filename
);
105 creds
->add_cert(creds
, TRUE
, cert
);
110 * Load private key from file
112 static bool load_key(char *filename
)
116 key
= lib
->creds
->create(lib
->creds
, CRED_PRIVATE_KEY
, KEY_RSA
,
117 BUILD_FROM_FILE
, filename
, BUILD_END
);
120 DBG1(DBG_TLS
, "loading key from '%s' failed", filename
);
123 creds
->add_key(creds
, key
);
128 * Logging and debug level
130 static bool log_to_stderr
= TRUE
;
132 static bool log_to_syslog
= TRUE
;
133 #endif /* HAVE_SYSLOG */
134 static level_t default_loglevel
= 1;
136 static void dbg_pt_tls(debug_t group
, level_t level
, char *fmt
, ...)
140 if (level
<= default_loglevel
)
145 vfprintf(stderr
, fmt
, args
);
147 fprintf(stderr
, "\n");
153 char *current
= buffer
, *next
;
155 /* write in memory buffer first */
157 vsnprintf(buffer
, sizeof(buffer
), fmt
, args
);
160 /* do a syslog with every line */
163 next
= strchr(current
, '\n');
168 syslog(LOG_INFO
, "%s\n", current
);
172 #endif /* HAVE_SYSLOG */
177 * Initialize logging to stderr/syslog
179 static void init_log(const char *program
)
185 setbuf(stderr
, NULL
);
190 openlog(program
, LOG_CONS
| LOG_NDELAY
| LOG_PID
, LOG_AUTHPRIV
);
192 #endif /* HAVE_SYSLOG */
196 * Handles --optionsfrom arguments
203 static void cleanup()
205 lib
->processor
->cancel(lib
->processor
);
206 lib
->credmgr
->remove_set(lib
->credmgr
, &creds
->set
);
207 creds
->destroy(creds
);
208 options
->destroy(options
);
218 plugin_feature_t features
[] = {
220 PLUGIN_PROVIDE(CUSTOM
, "pt-tls-client"),
221 PLUGIN_DEPENDS(CUSTOM
, "tnccs-manager"),
223 library_init(NULL
, "pt-tls-client");
226 init_log("pt-tls-client");
227 options
= options_create();
229 lib
->plugins
->add_static_features(lib
->plugins
, "pt-tls-client", features
,
230 countof(features
), TRUE
, NULL
, NULL
);
231 if (!lib
->plugins
->load(lib
->plugins
,
232 lib
->settings
->get_str(lib
->settings
, "pt-tls-client.load", PLUGINS
)))
234 exit(SS_RC_INITIALIZATION_FAILED
);
236 lib
->plugins
->status(lib
->plugins
, LEVEL_CTRL
);
238 creds
= mem_cred_create();
239 lib
->credmgr
->add_set(lib
->credmgr
, &creds
->set
);
244 int main(int argc
, char *argv
[])
246 char *address
= NULL
, *identity
= "%any", *secret
= NULL
;
247 int port
= PT_TLS_PORT
;
253 struct option long_opts
[] = {
254 {"help", no_argument
, NULL
, 'h' },
255 {"connect", required_argument
, NULL
, 'c' },
256 {"client", required_argument
, NULL
, 'i' },
257 {"secret", required_argument
, NULL
, 's' },
258 {"port", required_argument
, NULL
, 'p' },
259 {"cert", required_argument
, NULL
, 'x' },
260 {"key", required_argument
, NULL
, 'k' },
261 {"quiet", no_argument
, NULL
, 'q' },
262 {"debug", required_argument
, NULL
, 'd' },
263 {"optionsfrom", required_argument
, NULL
, '+' },
266 switch (getopt_long(argc
, argv
, "", long_opts
, NULL
))
270 case 'h': /* --help */
273 case 'x': /* --cert <file> */
274 if (!load_certificate(optarg
))
279 case 'k': /* --key <file> */
280 if (!load_key(optarg
))
285 case 'c': /* --connect <hostname|address> */
293 case 'i': /* --client <client-id> */
296 case 's': /* --secret <password> */
299 case 'p': /* --port <port> */
302 case 'q': /* --quiet */
303 log_to_stderr
= FALSE
;
305 case 'd': /* --debug <level> */
306 default_loglevel
= atoi(optarg
);
308 case '+': /* --optionsfrom <filename> */
309 if (!options
->from(options
, optarg
, &argc
, &argv
, optind
))
327 creds
->add_shared(creds
, shared_key_create(SHARED_EAP
,
328 chunk_clone(chunk_from_str(secret
))),
329 identification_create_from_string(identity
), NULL
);
332 return client(address
, port
, identity
);