projects / strongswan.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Completed the command line options of the pt-tls-client
[strongswan.git] / src / pt-tls-client / pt-tls-client.c
1 /*
2 * Copyright (C) 2010-2013 Martin Willi, revosec AG
3 * Copyright (C) 2013-2014 Andreas Steffen
4 * HSR Hochschule für Technik Rapperswil
5 *
6 * This program is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the
8 * Free Software Foundation; either version 2 of the License, or (at your
9 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
10 *
11 * This program is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
13 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * for more details.
15 */
16
17 #include <unistd.h>
18 #include <stdio.h>
19 #include <sys/types.h>
20 #include <sys/socket.h>
21 #include <getopt.h>
22 #include <errno.h>
23 #include <string.h>
24 #include <stdlib.h>
25 #include <syslog.h>
26
27 #include <pt_tls.h>
28 #include <pt_tls_client.h>
29 #include <tnc/tnc.h>
30 #include <tls.h>
31
32 #include <library.h>
33 #include <utils/debug.h>
34 #include <credentials/sets/mem_cred.h>
35 #include <utils/optionsfrom.h>
36
37 /**
38 * Print usage information
39 */
40 static void usage(FILE *out)
41 {
42 fprintf(out,
43 "Usage: pt-tls --connect <hostname|address> [--port <port>]\n"
44 " [--cert <file>]+ [--key <file>]\n"
45 " [--client <client-id>] [--secret <password>]\n"
46 " [--optionsfrom <filename>] [--quiet] [--debug <level>]\n");
47 }
48
49 /**
50 * Client routine
51 */
52 static int client(char *address, u_int16_t port, char *identity)
53 {
54 pt_tls_client_t *assessment;
55 tls_t *tnccs;
56 identification_t *server, *client;
57 host_t *host;
58 status_t status;
59
60 host = host_create_from_dns(address, AF_UNSPEC, port);
61 if (!host)
62 {
63 return 1;
64 }
65 server = identification_create_from_string(address);
66 client = identification_create_from_string(identity);
67 tnccs = (tls_t*)tnc->tnccs->create_instance(tnc->tnccs, TNCCS_2_0, FALSE,
68 server, client, TNC_IFT_TLS_2_0, NULL);
69 if (!tnccs)
70 {
71 fprintf(stderr, "loading TNCCS failed: %s\n", PLUGINS);
72 host->destroy(host);
73 server->destroy(server);
74 client->destroy(client);
75 return 1;
76 }
77 assessment = pt_tls_client_create(host, server, client);
78 status = assessment->run_assessment(assessment, (tnccs_t*)tnccs);
79 assessment->destroy(assessment);
80 tnccs->destroy(tnccs);
81 return status;
82 }
83
84
85 /**
86 * In-Memory credential set
87 */
88 static mem_cred_t *creds;
89
90 /**
91 * Load certificate from file
92 */
93 static bool load_certificate(char *filename)
94 {
95 certificate_t *cert;
96
97 cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509,
98 BUILD_FROM_FILE, filename, BUILD_END);
99 if (!cert)
100 {
101 DBG1(DBG_TLS, "loading certificate from '%s' failed", filename);
102 return FALSE;
103 }
104 creds->add_cert(creds, TRUE, cert);
105 return TRUE;
106 }
107
108 /**
109 * Load private key from file
110 */
111 static bool load_key(char *filename)
112 {
113 private_key_t *key;
114
115 key = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_RSA,
116 BUILD_FROM_FILE, filename, BUILD_END);
117 if (!key)
118 {
119 DBG1(DBG_TLS, "loading key from '%s' failed", filename);
120 return FALSE;
121 }
122 creds->add_key(creds, key);
123 return TRUE;
124 }
125
126 /**
127 * Logging and debug level
128 */
129 static bool log_to_stderr = TRUE;
130 static bool log_to_syslog = TRUE;
131 static level_t default_loglevel = 1;
132
133 static void dbg_pt_tls(debug_t group, level_t level, char *fmt, ...)
134 {
135 char buffer[8192];
136 char *current = buffer, *next;
137 va_list args;
138
139 if (level <= default_loglevel)
140 {
141 if (log_to_stderr)
142 {
143 va_start(args, fmt);
144 vfprintf(stderr, fmt, args);
145 va_end(args);
146 fprintf(stderr, "\n");
147 }
148 if (log_to_syslog)
149 {
150 /* write in memory buffer first */
151 va_start(args, fmt);
152 vsnprintf(buffer, sizeof(buffer), fmt, args);
153 va_end(args);
154
155 /* do a syslog with every line */
156 while (current)
157 {
158 next = strchr(current, '\n');
159 if (next)
160 {
161 *(next++) = '\0';
162 }
163 syslog(LOG_INFO, "%s\n", current);
164 current = next;
165 }
166 }
167 }
168 }
169
170 /**
171 * Initialize logging to stderr/syslog
172 */
173 static void init_log(const char *program)
174 {
175 dbg = dbg_pt_tls;
176
177 if (log_to_stderr)
178 {
179 setbuf(stderr, NULL);
180 }
181 if (log_to_syslog)
182 {
183 openlog(program, LOG_CONS | LOG_NDELAY | LOG_PID, LOG_AUTHPRIV);
184 }
185 }
186
187 /**
188 * Handles --optionsfrom arguments
189 */
190 options_t *options;
191
192 /**
193 * Cleanup
194 */
195 static void cleanup()
196 {
197 lib->processor->cancel(lib->processor);
198 lib->credmgr->remove_set(lib->credmgr, &creds->set);
199 creds->destroy(creds);
200 options->destroy(options);
201 libtnccs_deinit();
202 library_deinit();
203 }
204
205 /**
206 * Initialize library
207 */
208 static void init()
209 {
210 plugin_feature_t features[] = {
211 PLUGIN_NOOP,
212 PLUGIN_PROVIDE(CUSTOM, "pt-tls-client"),
213 PLUGIN_DEPENDS(CUSTOM, "tnccs-manager"),
214 };
215 library_init(NULL, "pt-tls-client");
216 libtnccs_init();
217
218 init_log("pt-tls-client");
219 options = options_create();
220
221 lib->plugins->add_static_features(lib->plugins, "pt-tls-client", features,
222 countof(features), TRUE);
223 if (!lib->plugins->load(lib->plugins,
224 lib->settings->get_str(lib->settings, "pt-tls-client.load", PLUGINS)))
225 {
226 exit(SS_RC_INITIALIZATION_FAILED);
227 }
228 lib->plugins->status(lib->plugins, LEVEL_CTRL);
229
230 creds = mem_cred_create();
231 lib->credmgr->add_set(lib->credmgr, &creds->set);
232
233 atexit(cleanup);
234 }
235
236 int main(int argc, char *argv[])
237 {
238 char *address = NULL, *identity = "%any", *secret = NULL;
239 int port = PT_TLS_PORT;
240
241 init();
242
243 while (TRUE)
244 {
245 struct option long_opts[] = {
246 {"help", no_argument, NULL, 'h' },
247 {"connect", required_argument, NULL, 'c' },
248 {"client", required_argument, NULL, 'i' },
249 {"secret", required_argument, NULL, 's' },
250 {"port", required_argument, NULL, 'p' },
251 {"cert", required_argument, NULL, 'x' },
252 {"key", required_argument, NULL, 'k' },
253 {"quiet", no_argument, NULL, 'q' },
254 {"debug", required_argument, NULL, 'd' },
255 {"optionsfrom", required_argument, NULL, '+' },
256 {0,0,0,0 }
257 };
258 switch (getopt_long(argc, argv, "", long_opts, NULL))
259 {
260 case EOF:
261 break;
262 case 'h': /* --help */
263 usage(stdout);
264 return 0;
265 case 'x': /* --cert <file> */
266 if (!load_certificate(optarg))
267 {
268 return 1;
269 }
270 continue;
271 case 'k': /* --key <file> */
272 if (!load_key(optarg))
273 {
274 return 1;
275 }
276 continue;
277 case 'c': /* --connect <hostname|address> */
278 if (address)
279 {
280 usage(stderr);
281 return 1;
282 }
283 address = optarg;
284 continue;
285 case 'i': /* --client <client-id> */
286 identity = optarg;
287 continue;
288 case 's': /* --secret <password> */
289 secret = optarg;
290 continue;
291 case 'p': /* --port <port> */
292 port = atoi(optarg);
293 continue;
294 case 'q': /* --quiet */
295 log_to_stderr = FALSE;
296 continue;
297 case 'd': /* --debug <level> */
298 default_loglevel = atoi(optarg);
299 continue;
300 case '+': /* --optionsfrom <filename> */
301 if (!options->from(options, optarg, &argc, &argv, optind))
302 {
303 return 1;
304 }
305 continue;
306 default:
307 usage(stderr);
308 return 1;
309 }
310 break;
311 }
312 if (!address)
313 {
314 usage(stderr);
315 return 1;
316 }
317 if (secret)
318 {
319 creds->add_shared(creds, shared_key_create(SHARED_EAP,
320 chunk_clone(chunk_from_str(secret))),
321 identification_create_from_string(identity), NULL);
322 }
323
324 return client(address, port, identity);
325 }
strongSwan - IPsec VPN