diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/charon/daemon.c | 9 | ||||
| -rw-r--r-- | src/checksum/Makefile.am | 5 | ||||
| -rw-r--r-- | src/checksum/checksum_builder.c | 36 | ||||
| -rw-r--r-- | src/pluto/plutomain.c | 7 |
4 files changed, 43 insertions, 14 deletions
diff --git a/src/charon/daemon.c b/src/charon/daemon.c index c672515a7..166857f43 100644 --- a/src/charon/daemon.c +++ b/src/charon/daemon.c @@ -672,6 +672,15 @@ int main(int argc, char *argv[]) { exit(-1); } + + if (lib->integrity && + !lib->integrity->check_file(lib->integrity, "charon", argv[0])) + { + dbg_stderr(1, "integrity check of charon failed"); + library_deinit(); + exit(-1); + } + lib->printf_hook->add_handler(lib->printf_hook, 'R', traffic_selector_printf_hook, PRINTF_HOOK_ARGTYPE_POINTER, diff --git a/src/checksum/Makefile.am b/src/checksum/Makefile.am index aaed128dc..c089acba8 100644 --- a/src/checksum/Makefile.am +++ b/src/checksum/Makefile.am @@ -11,7 +11,10 @@ CLEANFILES = checksum.c checksum_builder INCLUDES = -I$(top_srcdir)/src/libstrongswan AM_CFLAGS = -rdynamic -libs = $(shell find $(top_builddir)/src -name 'libstrongswan*.so') +libs = $(shell find $(top_builddir)/src/libstrongswan $(top_builddir)/src/charon \ + -name 'libstrongswan*.so') \ + $(top_builddir)/src/charon/.libs/charon \ + $(top_builddir)/src/pluto/.libs/pluto checksum.c : checksum_builder $(libs) ./checksum_builder $(libs) > checksum.c diff --git a/src/checksum/checksum_builder.c b/src/checksum/checksum_builder.c index ca8667969..d2c042d55 100644 --- a/src/checksum/checksum_builder.c +++ b/src/checksum/checksum_builder.c @@ -46,7 +46,7 @@ int main(int argc, char* argv[]) printf("integrity_checksum_t checksums[] = {\n"); for (i = 1; i < argc; i++) { - char *name, *path, *sname; + char *name, *path, *sname = NULL; void *handle, *symbol; u_int32_t fsum, ssum; @@ -65,6 +65,14 @@ int main(int argc, char* argv[]) name = strdup("libstrongswan\","); sname = "library_init"; } + else if (strstr(path, "charon")) + { + name = strdup("charon\","); + } + else if (strstr(path, "pluto")) + { + name = strdup("pluto\","); + } else { fprintf(stderr, "don't know how to handle '%s', ignored", path); @@ -73,25 +81,27 @@ int main(int argc, char* argv[]) fsum = integrity->build_file(integrity, path); ssum = 0; - handle = dlopen(path, RTLD_LAZY); - if (handle) + if (sname) { - symbol = dlsym(handle, sname); - if (symbol) + handle = dlopen(path, RTLD_LAZY); + if (handle) { - ssum = integrity->build_segment(integrity, symbol); + symbol = dlsym(handle, sname); + if (symbol) + { + ssum = integrity->build_segment(integrity, symbol); + } + else + { + fprintf(stderr, "symbol lookup failed: %s\n", dlerror()); + } + dlclose(handle); } else { - fprintf(stderr, "symbol lookup failed: %s\n", dlerror()); + fprintf(stderr, "dlopen failed: %s\n", dlerror()); } - dlclose(handle); } - else - { - fprintf(stderr, "dlopen failed: %s\n", dlerror()); - } - printf("\t{\"%-20s0x%08x, 0x%08x},\n", name, fsum, ssum); free(name); } diff --git a/src/pluto/plutomain.c b/src/pluto/plutomain.c index 0ff9bfc0d..b0710fa13 100644 --- a/src/pluto/plutomain.c +++ b/src/pluto/plutomain.c @@ -264,6 +264,13 @@ int main(int argc, char **argv) { abort(); } + if (lib->integrity && + !lib->integrity->check_file(lib->integrity, "pluto", argv[0])) + { + fprintf(stderr, "integrity check of pluto failed\n"); + library_deinit(); + abort(); + } options = options_create(); /* handle arguments */ |