check on-disk and loaded segment integrity of libstrongswan
authorMartin Willi <martin@strongswan.org>
Fri, 19 Jun 2009 15:27:57 +0000 (17:27 +0200)
committerMartin Willi <martin@strongswan.org>
Mon, 22 Jun 2009 13:47:17 +0000 (15:47 +0200)
src/libstrongswan/integrity_checker.c
src/libstrongswan/integrity_checker.h
src/libstrongswan/library.c

index 813ae9e..3643c0a 100644 (file)
@@ -137,7 +137,7 @@ static u_int32_t build_segment(private_integrity_checker_t *this, void *sym)
        
        if (dladdr(sym, &dli) == 0)
        {
-               DBG1("unable to locate symbol: %s", strerror(errno));
+               DBG1("unable to locate symbol: %s", dlerror());
                return 0;
        }
        /* we reuse the Dl_info struct as in/out parameter */
@@ -221,6 +221,29 @@ static bool check_segment(private_integrity_checker_t *this,
 }
 
 /**
+ * Implementation of integrity_checker_t.check
+ */
+static bool check(private_integrity_checker_t *this, char *name, void *sym)
+{
+       Dl_info dli;
+       
+       if (dladdr(sym, &dli) == 0)
+       {
+               DBG1("unable to locate symbol: %s", dlerror());
+               return FALSE;
+       }
+       if (!check_file(this, name, (char*)dli.dli_fname))
+       {
+               return FALSE;
+       }
+       if (!check_segment(this, name, sym))
+       {
+               return FALSE;
+       }
+       return TRUE;
+}
+
+/**
  * Implementation of integrity_checker_t.destroy.
  */
 static void destroy(private_integrity_checker_t *this)
@@ -243,6 +266,7 @@ integrity_checker_t *integrity_checker_create(char *checksum_library)
        this->public.build_file = (u_int32_t(*)(integrity_checker_t*, char *file))build_file;
        this->public.check_segment = (bool(*)(integrity_checker_t*, char *name, void *sym))check_segment;
        this->public.build_segment = (u_int32_t(*)(integrity_checker_t*, void *sym))build_segment;
+       this->public.check = (bool(*)(integrity_checker_t*, char *name, void *sym))check;
        this->public.destroy = (void(*)(integrity_checker_t*))destroy;
        
        this->checksum_count = 0;
index ec4961e..d10de5b 100644 (file)
@@ -82,6 +82,15 @@ struct integrity_checker_t {
        u_int32_t (*build_segment)(integrity_checker_t *this, void *sym);
        
        /**
+        * Check both, on disk file integrity and loaded segment.
+        *
+        * @param name          name to lookup checksum
+        * @param sym           a symbol to look up library and segment
+        * @return                      TRUE if integrity tested successfully
+        */
+       bool (*check)(integrity_checker_t *this, char *name, void *sym);
+       
+       /**
         * Destroy a integrity_checker_t.
         */
        void (*destroy)(integrity_checker_t *this);
index 217dbc0..0116b8e 100644 (file)
@@ -132,8 +132,7 @@ bool library_init(char *settings)
                                                                "libstrongswan.integrity_test", FALSE))
        {
                this->public.integrity = integrity_checker_create(CHECKSUM_LIBRARY);
-               if (!lib->integrity->check_segment(lib->integrity,
-                                                                                 "libstrongswan", library_init))
+               if (!lib->integrity->check(lib->integrity, "libstrongswan", library_init))
                {
                        DBG1("integrity check of libstrongswan failed");
                        return FALSE;