streamlined debug output of integrity tests
authorAndreas Steffen <andreas.steffen@strongswan.org>
Fri, 17 Jul 2009 15:00:17 +0000 (17:00 +0200)
committerAndreas Steffen <andreas.steffen@strongswan.org>
Fri, 17 Jul 2009 15:00:17 +0000 (17:00 +0200)
src/charon/daemon.c
src/libstrongswan/integrity_checker.c
src/libstrongswan/plugins/plugin_loader.c

index 07267cb..92dc88f 100644 (file)
@@ -464,6 +464,11 @@ static bool initialize(private_daemon_t *this, bool syslog, level_t levels[])
        
        DBG1(DBG_DMN, "Starting IKEv2 charon daemon (strongSwan "VERSION")");
 
+       if (lib->integrity)
+       {
+               DBG1(DBG_DMN, "integrity tests enabled:");
+       }
+
        /* load secrets, ca certificates and crls */
        this->public.processor = processor_create();
        this->public.scheduler = scheduler_create();
index af48a5d..9ad8783 100644 (file)
@@ -166,7 +166,6 @@ static integrity_checksum_t *find_checksum(private_integrity_checker_t *this,
                        return &this->checksums[i];
                }
        }
-       DBG1("no checksum found for %s", name);
        return NULL;
 }
 
@@ -182,16 +181,17 @@ static bool check_file(private_integrity_checker_t *this,
        cs = find_checksum(this, name);
        if (!cs)
        {
+               DBG1("  '%s' file checksum not found", name);
                return FALSE;
        }
        sum = build_file(this, file);
        if (!sum || cs->file != sum)
        {
-               DBG1("file checksum %s of '%s' invalid (got %08x, expected %08x)", 
-                        name, file, sum, cs->file);
+               DBG1("  invalid '%s' file checksum: %08x, expected %08x",
+                        name, sum, cs->file);
                return FALSE;
        }
-       DBG2("file checksum %s tested successfully", name);
+       DBG2("  valid '%s' file checksum: %08x", name, sum);
        return TRUE;
 }
 
@@ -207,16 +207,17 @@ static bool check_segment(private_integrity_checker_t *this,
        cs = find_checksum(this, name);
        if (!cs)
        {
+               DBG1("  '%s' segment checksum not found", name);
                return FALSE;
        }
        sum = build_segment(this, sym);
        if (!sum || cs->segment != sum)
        {
-               DBG1("segment checksum %s invalid (got %08x, expected %08x)",
+               DBG1("  invalid '%s' segment checksum: %08x, expected %08x",
                         name, sum, cs->segment);
                return FALSE;
        }
-       DBG2("segment checksum %s tested successfully", name);
+       DBG2("  valid '%s' segment checksum: %08x", name, sum);
        return TRUE;
 }
 
index 47c244b..b402090 100644 (file)
@@ -62,40 +62,48 @@ static plugin_t* load_plugin(private_plugin_loader_t *this,
        
        snprintf(file, sizeof(file), "%s/libstrongswan-%s.so", path, name);
        
-       if (lib->integrity &&
-               !lib->integrity->check_file(lib->integrity, name, file))
+       if (lib->integrity)
        {
-               DBG1("file integrity test of plugin '%s' failed", name);
-               return NULL;
+               if (!lib->integrity->check_file(lib->integrity, name, file))
+               {
+                       DBG1("plugin '%s': failed file integrity test of"
+                                " 'libstrongswan-%s.so'", name, name);
+                       return NULL;
+               }
+               DBG1("plugin '%s': passed file integrity test of"
+                        " 'libstrongswan-%s.so'", name, name);
        }
        handle = dlopen(file, RTLD_LAZY);
        if (handle == NULL)
        {
-               DBG1("loading plugin '%s' failed: %s", name, dlerror());
+               DBG1("plugin '%s': failed to load '%s' - %s", name, file, dlerror());
                return NULL;
        }
        constructor = dlsym(handle, "plugin_create");
        if (constructor == NULL)
        {
-               DBG1("loading plugin '%s' failed: no plugin_create() function", name);
+               DBG1("plugin '%s': failed to load - no plugin_create() function", name);
                dlclose(handle);
                return NULL;
        }
-       if (lib->integrity &&
-               !lib->integrity->check_segment(lib->integrity, name, constructor))
+       if (lib->integrity)
        {
-               DBG1("segment integrity test of plugin '%s' failed", name);
-               dlclose(handle);
-               return NULL;
+               if (!lib->integrity->check_segment(lib->integrity, name, constructor))
+               {
+                       DBG1("plugin '%s': failed segment integrity test", name);
+                       dlclose(handle);
+                       return NULL;
+               }
+               DBG1("plugin '%s': passed segment integrity test", name);
        }
        plugin = constructor();
        if (plugin == NULL)
        {
-               DBG1("loading plugin '%s' failed: plugin_create() returned NULL", name);
+               DBG1("plugin '%s': failed to load - plugin_create() returned NULL", name);
                dlclose(handle);
                return NULL;
        }
-       DBG2("plugin '%s' loaded successfully", name);
+       DBG2("plugin '%s': loaded successfully", name);
        
        /* we do not store or free dlopen() handles, leak_detective requires
         * the modules to keep loaded until leak report */