diff options
| -rw-r--r-- | src/charon/daemon.c | 5 | ||||
| -rw-r--r-- | src/libstrongswan/integrity_checker.c | 13 | ||||
| -rw-r--r-- | src/libstrongswan/plugins/plugin_loader.c | 34 |
3 files changed, 33 insertions, 19 deletions
diff --git a/src/charon/daemon.c b/src/charon/daemon.c index 07267cb98..92dc88f81 100644 --- a/src/charon/daemon.c +++ b/src/charon/daemon.c @@ -464,6 +464,11 @@ static bool initialize(private_daemon_t *this, bool syslog, level_t levels[]) DBG1(DBG_DMN, "Starting IKEv2 charon daemon (strongSwan "VERSION")"); + if (lib->integrity) + { + DBG1(DBG_DMN, "integrity tests enabled:"); + } + /* load secrets, ca certificates and crls */ this->public.processor = processor_create(); this->public.scheduler = scheduler_create(); diff --git a/src/libstrongswan/integrity_checker.c b/src/libstrongswan/integrity_checker.c index af48a5d2a..9ad87833e 100644 --- a/src/libstrongswan/integrity_checker.c +++ b/src/libstrongswan/integrity_checker.c @@ -166,7 +166,6 @@ static integrity_checksum_t *find_checksum(private_integrity_checker_t *this, return &this->checksums[i]; } } - DBG1("no checksum found for %s", name); return NULL; } @@ -182,16 +181,17 @@ static bool check_file(private_integrity_checker_t *this, cs = find_checksum(this, name); if (!cs) { + DBG1(" '%s' file checksum not found", name); return FALSE; } sum = build_file(this, file); if (!sum || cs->file != sum) { - DBG1("file checksum %s of '%s' invalid (got %08x, expected %08x)", - name, file, sum, cs->file); + DBG1(" invalid '%s' file checksum: %08x, expected %08x", + name, sum, cs->file); return FALSE; } - DBG2("file checksum %s tested successfully", name); + DBG2(" valid '%s' file checksum: %08x", name, sum); return TRUE; } @@ -207,16 +207,17 @@ static bool check_segment(private_integrity_checker_t *this, cs = find_checksum(this, name); if (!cs) { + DBG1(" '%s' segment checksum not found", name); return FALSE; } sum = build_segment(this, sym); if (!sum || cs->segment != sum) { - DBG1("segment checksum %s invalid (got %08x, expected %08x)", + DBG1(" invalid '%s' segment checksum: %08x, expected %08x", name, sum, cs->segment); return FALSE; } - DBG2("segment checksum %s tested successfully", name); + DBG2(" valid '%s' segment checksum: %08x", name, sum); return TRUE; } diff --git a/src/libstrongswan/plugins/plugin_loader.c b/src/libstrongswan/plugins/plugin_loader.c index 47c244be3..b402090df 100644 --- a/src/libstrongswan/plugins/plugin_loader.c +++ b/src/libstrongswan/plugins/plugin_loader.c @@ -62,40 +62,48 @@ static plugin_t* load_plugin(private_plugin_loader_t *this, snprintf(file, sizeof(file), "%s/libstrongswan-%s.so", path, name); - if (lib->integrity && - !lib->integrity->check_file(lib->integrity, name, file)) + if (lib->integrity) { - DBG1("file integrity test of plugin '%s' failed", name); - return NULL; + if (!lib->integrity->check_file(lib->integrity, name, file)) + { + DBG1("plugin '%s': failed file integrity test of" + " 'libstrongswan-%s.so'", name, name); + return NULL; + } + DBG1("plugin '%s': passed file integrity test of" + " 'libstrongswan-%s.so'", name, name); } handle = dlopen(file, RTLD_LAZY); if (handle == NULL) { - DBG1("loading plugin '%s' failed: %s", name, dlerror()); + DBG1("plugin '%s': failed to load '%s' - %s", name, file, dlerror()); return NULL; } constructor = dlsym(handle, "plugin_create"); if (constructor == NULL) { - DBG1("loading plugin '%s' failed: no plugin_create() function", name); + DBG1("plugin '%s': failed to load - no plugin_create() function", name); dlclose(handle); return NULL; } - if (lib->integrity && - !lib->integrity->check_segment(lib->integrity, name, constructor)) + if (lib->integrity) { - DBG1("segment integrity test of plugin '%s' failed", name); - dlclose(handle); - return NULL; + if (!lib->integrity->check_segment(lib->integrity, name, constructor)) + { + DBG1("plugin '%s': failed segment integrity test", name); + dlclose(handle); + return NULL; + } + DBG1("plugin '%s': passed segment integrity test", name); } plugin = constructor(); if (plugin == NULL) { - DBG1("loading plugin '%s' failed: plugin_create() returned NULL", name); + DBG1("plugin '%s': failed to load - plugin_create() returned NULL", name); dlclose(handle); return NULL; } - DBG2("plugin '%s' loaded successfully", name); + DBG2("plugin '%s': loaded successfully", name); /* we do not store or free dlopen() handles, leak_detective requires * the modules to keep loaded until leak report */ |