sbin/veriexec/veriexec.c

   1 /*-
   2  * Copyright (c) 2018, Juniper Networks, Inc.
   3  *
   4  * Redistribution and use in source and binary forms, with or without
   5  * modification, are permitted provided that the following conditions
   6  * are met:
   7  * 1. Redistributions of source code must retain the above copyright
   8  *    notice, this list of conditions and the following disclaimer.
   9  * 2. Redistributions in binary form must reproduce the above copyright
  10  *    notice, this list of conditions and the following disclaimer in the
  11  *    documentation and/or other materials provided with the distribution.
  12  *
  13  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
  14  * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
  15  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
  16  * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
  17  * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
  18  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
  19  * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
  20  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
  21  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
  22  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
  23  * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  24  */
  25 #include <sys/cdefs.h>
  26 __FBSDID("$FreeBSD$");
  27
  28 #include <stdlib.h>
  29 #include <sysexits.h>
  30 #include <unistd.h>
  31 #include <paths.h>
  32 #include <err.h>
  33 #include <syslog.h>
  34 #include <libsecureboot.h>
  35 #include <libveriexec.h>
  36
  37 #include "veriexec.h"
  38
  39 int dev_fd = -1;
  40 int ForceFlags = 0;
  41 int Verbose = 0;
  42 int VeriexecVersion = 0;
  43
  44 const char *Cdir = NULL;
  45
  46 static int
  47 veriexec_load(const char *manifest)
  48 {
  49         unsigned char *content;
  50         int rc;
  51
  52         content = verify_signed(manifest, VEF_VERBOSE);
  53         if (!content)
  54                 errx(EX_USAGE, "cannot verify %s", manifest);
  55         if (manifest_open(manifest, content)) {
  56                 rc = yyparse();
  57         } else {
  58                 err(EX_NOINPUT, "cannot load %s", manifest);
  59         }
  60         free(content);
  61         return (rc);
  62 }
  63
  64 int
  65 main(int argc, char *argv[])
  66 {
  67         unsigned long ctl;
  68         int c;
  69         int x;
  70
  71         dev_fd = open(_PATH_DEV_VERIEXEC, O_WRONLY, 0);
  72
  73         while ((c = getopt(argc, argv, "C:i:x:vz:")) != -1) {
  74                 switch (c) {
  75                 case 'C':
  76                         Cdir = optarg;
  77                         break;
  78                 case 'i':
  79                         if (dev_fd < 0) {
  80                                 err(EX_UNAVAILABLE, "cannot open veriexec");
  81                         }
  82                         if (ioctl(dev_fd, VERIEXEC_GETSTATE, &x)) {
  83                                 err(EX_UNAVAILABLE,
  84                                     "Cannot get veriexec state");
  85                         }
  86                         switch (optarg[0]) {
  87                         case 'a':       /* active */
  88                                 ctl = VERIEXEC_STATE_ACTIVE;
  89                                 break;
  90                         case 'e':       /* enforce */
  91                                 ctl = VERIEXEC_STATE_ENFORCE;
  92                                 break;
  93                         case 'l':       /* loaded/locked */
  94                                 ctl = (strncmp(optarg, "lock", 4)) ?
  95                                     VERIEXEC_STATE_LOCKED :
  96                                     VERIEXEC_STATE_LOADED;
  97                                 break;
  98                         default:
  99                                 errx(EX_USAGE, "unknown state %s", optarg);
 100                                 break;
 101                         }
 102                         exit((x & ctl) == 0);
 103                         break;
 104                 case 'v':
 105                         Verbose++;
 106                         break;
 107                 case 'x':
 108                         /*
 109                          * -x says all other args are paths to check.
 110                          */
 111                         for (x = 0; optind < argc; optind++) {
 112                                 if (veriexec_check_path(argv[optind])) {
 113                                         warn("%s", argv[optind]);
 114                                         x = 2;
 115                                 }
 116                         }
 117                         exit(x);
 118                         break;
 119                 case 'z':
 120                         switch (optarg[0]) {
 121                         case 'a':       /* active */
 122                                 ctl = VERIEXEC_ACTIVE;
 123                                 break;
 124                         case 'd':       /* debug* */
 125                                 ctl = (strstr(optarg, "off")) ?
 126                                     VERIEXEC_DEBUG_OFF : VERIEXEC_DEBUG_ON;
 127                                 if (optind < argc && ctl == VERIEXEC_DEBUG_ON) {
 128                                         x = atoi(argv[optind]);
 129                                         if (x == 0)
 130                                                 ctl = VERIEXEC_DEBUG_OFF;
 131                                 }
 132                                 break;
 133                         case 'e':       /* enforce */
 134                                 ctl = VERIEXEC_ENFORCE;
 135                                 break;
 136                         case 'g':
 137                                 ctl = VERIEXEC_GETSTATE; /* get state */
 138                                 break;
 139                         case 'l':       /* lock */
 140                                 ctl = VERIEXEC_LOCK;
 141                                 break;
 142                         default:
 143                                 errx(EX_USAGE, "unknown command %s", optarg);
 144                                 break;
 145                         }
 146                         if (dev_fd < 0) {
 147                                 err(EX_UNAVAILABLE, "cannot open veriexec");
 148                         }
 149                         if (ioctl(dev_fd, ctl, &x)) {
 150                                 err(EX_UNAVAILABLE, "cannot %s veriexec", optarg);
 151                         }
 152                         if (ctl == VERIEXEC_DEBUG_ON ||
 153                             ctl == VERIEXEC_DEBUG_OFF) {
 154                                 printf("debug is: %d\n", x);
 155                         } else if (ctl == VERIEXEC_GETSTATE) {
 156                                 printf("%#o\n", x);
 157                         }
 158                         exit(EX_OK);
 159                         break;
 160                 }
 161         }
 162         openlog(getprogname(), LOG_PID, LOG_AUTH);
 163         if (ve_trust_init() < 1)
 164                 errx(EX_OSFILE, "cannot initialize trust store");
 165 #ifdef VERIEXEC_GETVERSION
 166         if (ioctl(dev_fd, VERIEXEC_GETVERSION, &VeriexecVersion)) {
 167                 VeriexecVersion = 0;    /* unknown */
 168         }
 169 #endif
 170
 171         for (; optind < argc; optind++) {
 172                 if (veriexec_load(argv[optind])) {
 173                         err(EX_DATAERR, "cannot load %s", argv[optind]);
 174                 }
 175         }
 176         exit(EX_OK);
 177 }