build and verify on disk file integrity of pluto and charon executables
authorMartin Willi <martin@strongswan.org>
Mon, 22 Jun 2009 12:42:04 +0000 (14:42 +0200)
committerMartin Willi <martin@strongswan.org>
Mon, 22 Jun 2009 13:47:18 +0000 (15:47 +0200)
src/charon/daemon.c
src/checksum/Makefile.am
src/checksum/checksum_builder.c
src/pluto/plutomain.c

index c672515..166857f 100644 (file)
@@ -672,6 +672,15 @@ int main(int argc, char *argv[])
        {
                exit(-1);
        }
+       
+       if (lib->integrity &&
+               !lib->integrity->check_file(lib->integrity, "charon", argv[0]))
+       {
+               dbg_stderr(1, "integrity check of charon failed");
+               library_deinit();
+               exit(-1);
+       }
+       
        lib->printf_hook->add_handler(lib->printf_hook, 'R',
                                                                  traffic_selector_printf_hook,
                                                                  PRINTF_HOOK_ARGTYPE_POINTER,
index aaed128..c089acb 100644 (file)
@@ -11,7 +11,10 @@ CLEANFILES = checksum.c checksum_builder
 INCLUDES = -I$(top_srcdir)/src/libstrongswan
 AM_CFLAGS = -rdynamic
 
-libs = $(shell find $(top_builddir)/src -name 'libstrongswan*.so')
+libs = $(shell find $(top_builddir)/src/libstrongswan $(top_builddir)/src/charon \
+                       -name 'libstrongswan*.so') \
+               $(top_builddir)/src/charon/.libs/charon \
+               $(top_builddir)/src/pluto/.libs/pluto
 
 checksum.c : checksum_builder $(libs)
                ./checksum_builder $(libs) > checksum.c
index ca86679..d2c042d 100644 (file)
@@ -46,7 +46,7 @@ int main(int argc, char* argv[])
        printf("integrity_checksum_t checksums[] = {\n");
        for (i = 1; i < argc; i++)
        {
-               char *name, *path, *sname;
+               char *name, *path, *sname = NULL;
                void *handle, *symbol;
                u_int32_t fsum, ssum;
                
@@ -65,6 +65,14 @@ int main(int argc, char* argv[])
                        name = strdup("libstrongswan\",");
                        sname = "library_init";
                }
+               else if (strstr(path, "charon"))
+               {
+                       name = strdup("charon\",");
+               }
+               else if (strstr(path, "pluto"))
+               {
+                       name = strdup("pluto\",");
+               }
                else
                {
                        fprintf(stderr, "don't know how to handle '%s', ignored", path);
@@ -73,25 +81,27 @@ int main(int argc, char* argv[])
                
                fsum = integrity->build_file(integrity, path);
                ssum = 0;
-               handle = dlopen(path, RTLD_LAZY);
-               if (handle)
+               if (sname)
                {
-                       symbol = dlsym(handle, sname);
-                       if (symbol)
+                       handle = dlopen(path, RTLD_LAZY);
+                       if (handle)
                        {
-                               ssum = integrity->build_segment(integrity, symbol);
+                               symbol = dlsym(handle, sname);
+                               if (symbol)
+                               {
+                                       ssum = integrity->build_segment(integrity, symbol);
+                               }
+                               else
+                               {
+                                       fprintf(stderr, "symbol lookup failed: %s\n", dlerror());
+                               }
+                               dlclose(handle);
                        }
                        else
                        {
-                               fprintf(stderr, "symbol lookup failed: %s\n", dlerror());
+                               fprintf(stderr, "dlopen failed: %s\n", dlerror());
                        }
-                       dlclose(handle);
                }
-               else
-               {
-                       fprintf(stderr, "dlopen failed: %s\n", dlerror());
-               }
-               
                printf("\t{\"%-20s0x%08x, 0x%08x},\n", name, fsum, ssum);
                free(name);
        }
index 0ff9bfc..b0710fa 100644 (file)
@@ -264,6 +264,13 @@ int main(int argc, char **argv)
        {
                abort();
        }
+       if (lib->integrity &&
+               !lib->integrity->check_file(lib->integrity, "pluto", argv[0]))
+       {
+               fprintf(stderr, "integrity check of pluto failed\n");
+               library_deinit();
+               abort();
+       }
        options = options_create();
 
        /* handle arguments */