projects / strongswan.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
pt-tls-client: Abort if no tnccs-manager is available
[strongswan.git] / src / pt-tls-client / pt-tls-client.c
1 /*
2 * Copyright (C) 2010-2013 Martin Willi, revosec AG
3 * Copyright (C) 2013 Andreas Steffen, HSR Hochschule für Technik Rapperswil
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 #include <unistd.h>
17 #include <stdio.h>
18 #include <sys/types.h>
19 #include <sys/socket.h>
20 #include <getopt.h>
21 #include <errno.h>
22 #include <string.h>
23 #include <stdlib.h>
24
25 #include <pt_tls.h>
26 #include <pt_tls_client.h>
27 #include <tnc/tnc.h>
28 #include <tls.h>
29
30 #include <library.h>
31 #include <utils/debug.h>
32 #include <credentials/sets/mem_cred.h>
33 #include <utils/optionsfrom.h>
34
35 /**
36 * Print usage information
37 */
38 static void usage(FILE *out, char *cmd)
39 {
40 fprintf(out, "usage:\n");
41 fprintf(out, " %s --connect <address> [--port <port>] [--cert <file>]+\n", cmd);
42 fprintf(out, " [--client <client-id>] [--secret <password>]\n");
43 fprintf(out, " [--optionsfrom <filename>]\n");
44 }
45
46 /**
47 * Client routine
48 */
49 static int client(char *address, u_int16_t port, char *identity)
50 {
51 pt_tls_client_t *assessment;
52 tls_t *tnccs;
53 identification_t *server, *client;
54 host_t *host;
55 status_t status;
56
57 host = host_create_from_dns(address, AF_UNSPEC, port);
58 if (!host)
59 {
60 return 1;
61 }
62 server = identification_create_from_string(address);
63 client = identification_create_from_string(identity);
64 tnccs = (tls_t*)tnc->tnccs->create_instance(tnc->tnccs, TNCCS_2_0, FALSE,
65 server, client, TNC_IFT_TLS_2_0, NULL);
66 if (!tnccs)
67 {
68 fprintf(stderr, "loading TNCCS failed: %s\n", PLUGINS);
69 host->destroy(host);
70 server->destroy(server);
71 client->destroy(client);
72 return 1;
73 }
74 assessment = pt_tls_client_create(host, server, client);
75 status = assessment->run_assessment(assessment, (tnccs_t*)tnccs);
76 assessment->destroy(assessment);
77 tnccs->destroy(tnccs);
78 return status;
79 }
80
81
82 /**
83 * In-Memory credential set
84 */
85 static mem_cred_t *creds;
86
87 /**
88 * Load certificate from file
89 */
90 static bool load_certificate(char *filename)
91 {
92 certificate_t *cert;
93
94 cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509,
95 BUILD_FROM_FILE, filename, BUILD_END);
96 if (!cert)
97 {
98 DBG1(DBG_TLS, "loading certificate from '%s' failed", filename);
99 return FALSE;
100 }
101 creds->add_cert(creds, TRUE, cert);
102 return TRUE;
103 }
104
105 /**
106 * Load private key from file
107 */
108 static bool load_key(char *filename)
109 {
110 private_key_t *key;
111
112 key = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_RSA,
113 BUILD_FROM_FILE, filename, BUILD_END);
114 if (!key)
115 {
116 DBG1(DBG_TLS, "loading key from '%s' failed", filename);
117 return FALSE;
118 }
119 creds->add_key(creds, key);
120 return TRUE;
121 }
122
123 /**
124 * Debug level
125 */
126 static level_t pt_tls_level = 1;
127
128 static void dbg_pt_tls(debug_t group, level_t level, char *fmt, ...)
129 {
130 if (level <= pt_tls_level)
131 {
132 va_list args;
133
134 va_start(args, fmt);
135 vfprintf(stderr, fmt, args);
136 fprintf(stderr, "\n");
137 va_end(args);
138 }
139 }
140
141 /**
142 * Handles --optionsfrom arguments
143 */
144 options_t *options;
145
146 /**
147 * Cleanup
148 */
149 static void cleanup()
150 {
151 lib->processor->cancel(lib->processor);
152 lib->credmgr->remove_set(lib->credmgr, &creds->set);
153 creds->destroy(creds);
154 options->destroy(options);
155 libtnccs_deinit();
156 library_deinit();
157 }
158
159 /**
160 * Initialize library
161 */
162 static void init()
163 {
164 plugin_feature_t features[] = {
165 PLUGIN_NOOP,
166 PLUGIN_PROVIDE(CUSTOM, "pt-tls-client"),
167 PLUGIN_DEPENDS(CUSTOM, "tnccs-manager"),
168 };
169 library_init(NULL);
170 libtnccs_init();
171
172 dbg = dbg_pt_tls;
173 options = options_create();
174
175 lib->plugins->add_static_features(lib->plugins, "pt-tls-client", features,
176 countof(features), TRUE);
177 if (!lib->plugins->load(lib->plugins,
178 lib->settings->get_str(lib->settings, "pt-tls-client.load", PLUGINS)))
179 {
180 exit(SS_RC_INITIALIZATION_FAILED);
181 }
182
183 creds = mem_cred_create();
184 lib->credmgr->add_set(lib->credmgr, &creds->set);
185
186 atexit(cleanup);
187 }
188
189 int main(int argc, char *argv[])
190 {
191 char *address = NULL, *identity = "%any", *secret = NULL;
192 int port = PT_TLS_PORT;
193
194 init();
195
196 while (TRUE)
197 {
198 struct option long_opts[] = {
199 {"help", no_argument, NULL, 'h' },
200 {"connect", required_argument, NULL, 'c' },
201 {"client", required_argument, NULL, 'i' },
202 {"secret", required_argument, NULL, 's' },
203 {"port", required_argument, NULL, 'p' },
204 {"cert", required_argument, NULL, 'x' },
205 {"key", required_argument, NULL, 'k' },
206 {"debug", required_argument, NULL, 'd' },
207 {"optionsfrom", required_argument, NULL, '+' },
208 {0,0,0,0 }
209 };
210 switch (getopt_long(argc, argv, "", long_opts, NULL))
211 {
212 case EOF:
213 break;
214 case 'h':
215 usage(stdout, argv[0]);
216 return 0;
217 case 'x':
218 if (!load_certificate(optarg))
219 {
220 return 1;
221 }
222 continue;
223 case 'k':
224 if (!load_key(optarg))
225 {
226 return 1;
227 }
228 continue;
229 case 'c':
230 if (address)
231 {
232 usage(stderr, argv[0]);
233 return 1;
234 }
235 address = optarg;
236 continue;
237 case 'i':
238 identity = optarg;
239 continue;
240 case 's':
241 secret = optarg;
242 continue;
243 case 'p':
244 port = atoi(optarg);
245 continue;
246 case 'd':
247 pt_tls_level = atoi(optarg);
248 continue;
249 case '+': /* --optionsfrom <filename> */
250 if (!options->from(options, optarg, &argc, &argv, optind))
251 {
252 return 1;
253 }
254 continue;
255 default:
256 usage(stderr, argv[0]);
257 return 1;
258 }
259 break;
260 }
261 if (!address)
262 {
263 usage(stderr, argv[0]);
264 return 1;
265 }
266 if (secret)
267 {
268 creds->add_shared(creds, shared_key_create(SHARED_EAP,
269 chunk_clone(chunk_from_str(secret))),
270 identification_create_from_string(identity), NULL);
271 }
272
273 return client(address, port, identity);
274 }
strongSwan - IPsec VPN