diff --git a/src/tools/sysdb/main.c b/src/tools/sysdb/main.c
index b22e11f0f89da462596783a000ffdcb2d70835fa..e4922e9b939587c914fd7d28ef172ce0fa4a59fb 100644 (file)
--- a/src/tools/sysdb/main.c
+++ b/src/tools/sysdb/main.c
#include "utils/llist.h"
#include "utils/strbuf.h"
#include "utils/os.h"
+#include "utils/ssl.h"
#include <errno.h>
# endif
#endif /* READLINEs */
-#include <openssl/ssl.h>
-#include <openssl/err.h>
-
#ifndef DEFAULT_SOCKET
# define DEFAULT_SOCKET "unix:"LOCALSTATEDIR"/run/sysdbd.sock"
#endif
+static sdb_ssl_options_t ssl_options = {
+ /* ca_file */ SDB_SSL_CAFILE,
+ /* key_file */ "~/.config/sysdb/ssl/key.pem",
+ /* cert_file */ "~/.config/sysdb/ssl/cert.pem",
+ /* crl_file */ "~/.config/sysdb/ssl/crl.pem",
+};
+
+static void
+canonicalize_ssl_options(void)
+{
+ char *tmp;
+ if (ssl_options.ca_file) {
+ tmp = sdb_realpath(ssl_options.ca_file);
+ ssl_options.ca_file = tmp ? tmp : strdup(ssl_options.ca_file);
+ }
+ if (ssl_options.key_file) {
+ tmp = sdb_realpath(ssl_options.key_file);
+ ssl_options.key_file = tmp ? tmp : strdup(ssl_options.key_file);
+ }
+ if (ssl_options.cert_file) {
+ tmp = sdb_realpath(ssl_options.cert_file);
+ ssl_options.cert_file = tmp ? tmp : strdup(ssl_options.cert_file);
+ }
+ if (ssl_options.crl_file) {
+ tmp = sdb_realpath(ssl_options.crl_file);
+ ssl_options.crl_file = tmp ? tmp : strdup(ssl_options.crl_file);
+ }
+} /* canonicalize_ssl_options */
static void
exit_usage(char *name, int status)
printf(
"Usage: %s <options>\n"
-"\nOptions:\n"
-" -H HOST the host to connect to\n"
-" default: "DEFAULT_SOCKET"\n"
-" -U USER the username to connect as\n"
-" default: %s\n"
-" -c CMD execute the specified command and then exit\n"
+"Connection options:\n"
+" -H HOST the host to connect to\n"
+" default: "DEFAULT_SOCKET"\n"
+" -U USER the username to connect as\n"
+" default: %s\n"
+" -c CMD execute the specified command and then exit\n"
+"\n"
+"SSL options:\n"
+" -K KEYFILE private key file name\n"
+" default: %s\n"
+" -C CERTFILE client certificate file name\n"
+" default: %s\n"
+" -A CAFILE CA certificates file name\n"
+" default: %s\n"
+"\n"
+"General options:\n"
"\n"
-" -h display this help and exit\n"
-" -V display the version number and copyright\n"
+" -h display this help and exit\n"
+" -V display the version number and copyright\n"
"\nSysDB client "SDB_CLIENT_VERSION_STRING SDB_CLIENT_VERSION_EXTRA", "
-PACKAGE_URL"\n", basename(name), user);
+PACKAGE_URL"\n", basename(name), user,
+ ssl_options.key_file, ssl_options.cert_file, ssl_options.ca_file);
+
free(user);
exit(status);
} /* exit_usage */
sdb_llist_t *commands = NULL;
while (42) {
- int opt = getopt(argc, argv, "H:U:c:hV");
+ int opt = getopt(argc, argv, "H:U:c:C:K:A:hV");
if (-1 == opt)
break;
}
break;
+ case 'C':
+ ssl_options.cert_file = optarg;
+ break;
+ case 'K':
+ ssl_options.key_file = optarg;
+ break;
+ case 'A':
+ ssl_options.ca_file = optarg;
+ break;
+
case 'h':
exit_usage(argv[0], 0);
break;
if (! input.user)
exit(1);
- SSL_load_error_strings();
- OpenSSL_add_ssl_algorithms();
+ if (sdb_ssl_init())
+ exit(1);
input.client = sdb_client_create(host);
if (! input.client) {
sdb_log(SDB_LOG_ERR, "Failed to create client object");
- free(input.user);
+ sdb_input_reset(&input);
+ exit(1);
+ }
+ canonicalize_ssl_options();
+ if (sdb_client_set_ssl_options(input.client, &ssl_options)) {
+ sdb_log(SDB_LOG_ERR, "Failed to apply SSL options");
+ sdb_input_reset(&input);
+ sdb_ssl_free_options(&ssl_options);
exit(1);
}
+ sdb_ssl_free_options(&ssl_options);
if (sdb_client_connect(input.client, input.user)) {
sdb_log(SDB_LOG_ERR, "Failed to connect to SysDBd");
- sdb_client_destroy(input.client);
- free(input.user);
+ sdb_input_reset(&input);
exit(1);
}
if (commands) {
int status = execute_commands(input.client, commands);
sdb_llist_destroy(commands);
- sdb_client_destroy(input.client);
- free(input.user);
+ sdb_input_reset(&input);
if ((status != SDB_CONNECTION_OK) && (status != SDB_CONNECTION_DATA))
exit(1);
exit(0);
}
sdb_log(SDB_LOG_INFO, "SysDB client "SDB_CLIENT_VERSION_STRING
- SDB_CLIENT_VERSION_EXTRA" (libsysdbclient %s%s)\n",
+ SDB_CLIENT_VERSION_EXTRA" (libsysdbclient %s%s)",
sdb_client_version_string(), sdb_client_version_extra());
+ sdb_command_print_server_version(&input);
+ printf("\n");
using_history();
hist_file, sdb_strerror(errno, errbuf, sizeof(errbuf)));
}
}
- free(input.user);
input.input = sdb_strbuf_create(2048);
sdb_input_init(&input);
}
}
- sdb_client_destroy(input.client);
- sdb_strbuf_destroy(input.input);
-
- ERR_free_strings();
+ sdb_input_reset(&input);
+ sdb_ssl_shutdown();
return 0;
} /* main */