X-Git-Url: https://git.tokkee.org/?a=blobdiff_plain;f=src%2Ftools%2Fsysdb%2Fmain.c;h=1f3975a7949b52491d4b0b2fe37660260e556649;hb=HEAD;hp=91a67232afaeda429cfd78689061ea87781697c5;hpb=8efdf07be8a00287bc3d929cde8aa7562b4910be;p=sysdb.git diff --git a/src/tools/sysdb/main.c b/src/tools/sysdb/main.c index 91a6723..1f3975a 100644 --- a/src/tools/sysdb/main.c +++ b/src/tools/sysdb/main.c @@ -38,8 +38,10 @@ #include "utils/llist.h" #include "utils/strbuf.h" #include "utils/os.h" +#include "utils/ssl.h" #include +#include #if HAVE_LIBGEN_H # include @@ -49,11 +51,10 @@ #include #include - +#include #include #include #include - #include #include @@ -77,13 +78,38 @@ # endif #endif /* READLINEs */ -#include -#include - #ifndef DEFAULT_SOCKET # define DEFAULT_SOCKET "unix:"LOCALSTATEDIR"/run/sysdbd.sock" #endif +static sdb_ssl_options_t ssl_options = { + /* ca_file */ SDB_SSL_CAFILE, + /* key_file */ "~/.config/sysdb/ssl/key.pem", + /* cert_file */ "~/.config/sysdb/ssl/cert.pem", + /* crl_file */ "~/.config/sysdb/ssl/crl.pem", +}; + +static void +canonicalize_ssl_options(void) +{ + char *tmp; + if (ssl_options.ca_file) { + tmp = sdb_realpath(ssl_options.ca_file); + ssl_options.ca_file = tmp ? tmp : strdup(ssl_options.ca_file); + } + if (ssl_options.key_file) { + tmp = sdb_realpath(ssl_options.key_file); + ssl_options.key_file = tmp ? tmp : strdup(ssl_options.key_file); + } + if (ssl_options.cert_file) { + tmp = sdb_realpath(ssl_options.cert_file); + ssl_options.cert_file = tmp ? tmp : strdup(ssl_options.cert_file); + } + if (ssl_options.crl_file) { + tmp = sdb_realpath(ssl_options.crl_file); + ssl_options.crl_file = tmp ? tmp : strdup(ssl_options.crl_file); + } +} /* canonicalize_ssl_options */ static void exit_usage(char *name, int status) @@ -92,18 +118,30 @@ exit_usage(char *name, int status) printf( "Usage: %s \n" -"\nOptions:\n" -" -H HOST the host to connect to\n" -" default: "DEFAULT_SOCKET"\n" -" -U USER the username to connect as\n" -" default: %s\n" -" -c CMD execute the specified command and then exit\n" +"Connection options:\n" +" -H HOST the host to connect to\n" +" default: "DEFAULT_SOCKET"\n" +" -U USER the username to connect as\n" +" default: %s\n" +" -c CMD execute the specified command and then exit\n" +"\n" +"SSL options:\n" +" -K KEYFILE private key file name\n" +" default: %s\n" +" -C CERTFILE client certificate file name\n" +" default: %s\n" +" -A CAFILE CA certificates file name\n" +" default: %s\n" "\n" -" -h display this help and exit\n" -" -V display the version number and copyright\n" +"General options:\n" +"\n" +" -h display this help and exit\n" +" -V display the version number and copyright\n" "\nSysDB client "SDB_CLIENT_VERSION_STRING SDB_CLIENT_VERSION_EXTRA", " -PACKAGE_URL"\n", basename(name), user); +PACKAGE_URL"\n", basename(name), user, + ssl_options.key_file, ssl_options.cert_file, ssl_options.ca_file); + free(user); exit(status); } /* exit_usage */ @@ -125,7 +163,7 @@ exit_version(void) } /* exit_version */ static int -execute_commands(sdb_client_t *client, sdb_llist_t *commands) +execute_commands(sdb_input_t *input, sdb_llist_t *commands) { sdb_llist_iter_t *iter; int status = 0; @@ -139,7 +177,7 @@ execute_commands(sdb_client_t *client, sdb_llist_t *commands) while (sdb_llist_iter_has_next(iter)) { sdb_object_t *obj = sdb_llist_iter_get_next(iter); - if (sdb_client_send(client, SDB_CONNECTION_QUERY, + if (sdb_client_send(input->client, SDB_CONNECTION_QUERY, (uint32_t)strlen(obj->name), obj->name) <= 0) { sdb_log(SDB_LOG_ERR, "Failed to send command '%s' to server", obj->name); @@ -151,7 +189,7 @@ execute_commands(sdb_client_t *client, sdb_llist_t *commands) * but eventually see the reply to the query, which is either DATA or * ERROR. */ while (42) { - status = sdb_command_print_reply(client); + status = sdb_command_print_reply(input); if (status < 0) { sdb_log(SDB_LOG_ERR, "Failed to read reply from server"); break; @@ -189,7 +227,7 @@ main(int argc, char **argv) sdb_llist_t *commands = NULL; while (42) { - int opt = getopt(argc, argv, "H:U:c:hV"); + int opt = getopt(argc, argv, "H:U:c:C:K:A:hV"); if (-1 == opt) break; @@ -226,6 +264,16 @@ main(int argc, char **argv) } break; + case 'C': + ssl_options.cert_file = optarg; + break; + case 'K': + ssl_options.key_file = optarg; + break; + case 'A': + ssl_options.ca_file = optarg; + break; + case 'h': exit_usage(argv[0], 0); break; @@ -249,8 +297,8 @@ main(int argc, char **argv) if (! input.user) exit(1); - SSL_load_error_strings(); - OpenSSL_add_ssl_algorithms(); + if (sdb_ssl_init()) + exit(1); input.client = sdb_client_create(host); if (! input.client) { @@ -258,6 +306,17 @@ main(int argc, char **argv) sdb_input_reset(&input); exit(1); } + input.input = sdb_strbuf_create(2048); + sdb_input_init(&input); + + canonicalize_ssl_options(); + if (sdb_client_set_ssl_options(input.client, &ssl_options)) { + sdb_log(SDB_LOG_ERR, "Failed to apply SSL options"); + sdb_input_reset(&input); + sdb_ssl_free_options(&ssl_options); + exit(1); + } + sdb_ssl_free_options(&ssl_options); if (sdb_client_connect(input.client, input.user)) { sdb_log(SDB_LOG_ERR, "Failed to connect to SysDBd"); sdb_input_reset(&input); @@ -265,7 +324,9 @@ main(int argc, char **argv) } if (commands) { - int status = execute_commands(input.client, commands); + int status; + input.interactive = 0; + status = execute_commands(&input, commands); sdb_llist_destroy(commands); sdb_input_reset(&input); if ((status != SDB_CONNECTION_OK) && (status != SDB_CONNECTION_DATA)) @@ -274,8 +335,10 @@ main(int argc, char **argv) } sdb_log(SDB_LOG_INFO, "SysDB client "SDB_CLIENT_VERSION_STRING - SDB_CLIENT_VERSION_EXTRA" (libsysdbclient %s%s)\n", + SDB_CLIENT_VERSION_EXTRA" (libsysdbclient %s%s)", sdb_client_version_string(), sdb_client_version_extra()); + sdb_command_print_server_version(&input); + printf("\n"); using_history(); @@ -294,14 +357,15 @@ main(int argc, char **argv) } } - input.input = sdb_strbuf_create(2048); - sdb_input_init(&input); + signal(SIGPIPE, SIG_IGN); + signal(SIGCHLD, SIG_IGN); + sdb_input_mainloop(); sdb_client_shutdown(input.client, SHUT_WR); while (! sdb_client_eof(input.client)) { /* wait for remaining data to arrive */ - sdb_command_print_reply(input.client); + sdb_command_print_reply(&input); } if (hist_file[0] != '\0') { @@ -314,8 +378,7 @@ main(int argc, char **argv) } sdb_input_reset(&input); - - ERR_free_strings(); + sdb_ssl_shutdown(); return 0; } /* main */