X-Git-Url: https://git.tokkee.org/?a=blobdiff_plain;f=src%2Ftools%2Fsysdb%2Fmain.c;h=792faf9d93a7ff62d407b23320729e35c83cd6d7;hb=c837ea62546dfd018f9c1793376c2af97abb48c9;hp=357ef34827672d0033030eeefe8d85d059f98836;hpb=13fe0f9ec3d161fab7a015054649910541d75f5e;p=sysdb.git diff --git a/src/tools/sysdb/main.c b/src/tools/sysdb/main.c index 357ef34..792faf9 100644 --- a/src/tools/sysdb/main.c +++ b/src/tools/sysdb/main.c @@ -38,6 +38,7 @@ #include "utils/llist.h" #include "utils/strbuf.h" #include "utils/os.h" +#include "utils/ssl.h" #include @@ -81,30 +82,34 @@ # define DEFAULT_SOCKET "unix:"LOCALSTATEDIR"/run/sysdbd.sock" #endif -static const char * -get_homedir(const char *username) -{ - struct passwd pw_entry; - struct passwd *result = NULL; - - /* needs to be static because we return a pointer into this buffer - * to the caller */ - static char buf[1024]; - - int status; +static sdb_ssl_options_t ssl_options = { + /* ca_file */ SDB_SSL_CAFILE, + /* key_file */ "~/.config/sysdb/ssl/key.pem", + /* cert_file */ "~/.config/sysdb/ssl/cert.pem", + /* crl_file */ "~/.config/sysdb/ssl/crl.pem", +}; - memset(&pw_entry, 0, sizeof(pw_entry)); - status = getpwnam_r(username, &pw_entry, buf, sizeof(buf), &result); - - if (status || (! result)) { - char errbuf[1024]; - sdb_log(SDB_LOG_WARNING, "Failed to determine home directory " - "for user %s: %s", username, - sdb_strerror(errno, errbuf, sizeof(errbuf))); - return NULL; +static void +canonicalize_ssl_options(void) +{ + char *tmp; + if (ssl_options.ca_file) { + tmp = sdb_realpath(ssl_options.ca_file); + ssl_options.ca_file = tmp ? tmp : strdup(ssl_options.ca_file); + } + if (ssl_options.key_file) { + tmp = sdb_realpath(ssl_options.key_file); + ssl_options.key_file = tmp ? tmp : strdup(ssl_options.key_file); + } + if (ssl_options.cert_file) { + tmp = sdb_realpath(ssl_options.cert_file); + ssl_options.cert_file = tmp ? tmp : strdup(ssl_options.cert_file); } - return result->pw_dir; -} /* get_homedir */ + if (ssl_options.crl_file) { + tmp = sdb_realpath(ssl_options.crl_file); + ssl_options.crl_file = tmp ? tmp : strdup(ssl_options.crl_file); + } +} /* canonicalize_ssl_options */ static void exit_usage(char *name, int status) @@ -113,18 +118,30 @@ exit_usage(char *name, int status) printf( "Usage: %s \n" -"\nOptions:\n" -" -H HOST the host to connect to\n" -" default: "DEFAULT_SOCKET"\n" -" -U USER the username to connect as\n" -" default: %s\n" -" -c CMD execute the specified command and then exit\n" +"Connection options:\n" +" -H HOST the host to connect to\n" +" default: "DEFAULT_SOCKET"\n" +" -U USER the username to connect as\n" +" default: %s\n" +" -c CMD execute the specified command and then exit\n" +"\n" +"SSL options:\n" +" -K KEYFILE private key file name\n" +" default: %s\n" +" -C CERTFILE client certificate file name\n" +" default: %s\n" +" -A CAFILE CA certificates file name\n" +" default: %s\n" "\n" -" -h display this help and exit\n" -" -V display the version number and copyright\n" +"General options:\n" +"\n" +" -h display this help and exit\n" +" -V display the version number and copyright\n" "\nSysDB client "SDB_CLIENT_VERSION_STRING SDB_CLIENT_VERSION_EXTRA", " -PACKAGE_URL"\n", basename(name), user); +PACKAGE_URL"\n", basename(name), user, + ssl_options.key_file, ssl_options.cert_file, ssl_options.ca_file); + free(user); exit(status); } /* exit_usage */ @@ -203,14 +220,14 @@ main(int argc, char **argv) { const char *host = NULL; - const char *homedir; + char *homedir; char hist_file[1024] = ""; sdb_input_t input = SDB_INPUT_INIT; sdb_llist_t *commands = NULL; while (42) { - int opt = getopt(argc, argv, "H:U:c:hV"); + int opt = getopt(argc, argv, "H:U:c:C:K:A:hV"); if (-1 == opt) break; @@ -247,6 +264,16 @@ main(int argc, char **argv) } break; + case 'C': + ssl_options.cert_file = optarg; + break; + case 'K': + ssl_options.key_file = optarg; + break; + case 'A': + ssl_options.ca_file = optarg; + break; + case 'h': exit_usage(argv[0], 0); break; @@ -270,24 +297,33 @@ main(int argc, char **argv) if (! input.user) exit(1); + if (sdb_ssl_init()) + exit(1); + input.client = sdb_client_create(host); if (! input.client) { sdb_log(SDB_LOG_ERR, "Failed to create client object"); - free(input.user); + sdb_input_reset(&input); + exit(1); + } + canonicalize_ssl_options(); + if (sdb_client_set_ssl_options(input.client, &ssl_options)) { + sdb_log(SDB_LOG_ERR, "Failed to apply SSL options"); + sdb_input_reset(&input); + sdb_ssl_free_options(&ssl_options); exit(1); } + sdb_ssl_free_options(&ssl_options); if (sdb_client_connect(input.client, input.user)) { sdb_log(SDB_LOG_ERR, "Failed to connect to SysDBd"); - sdb_client_destroy(input.client); - free(input.user); + sdb_input_reset(&input); exit(1); } if (commands) { int status = execute_commands(input.client, commands); sdb_llist_destroy(commands); - sdb_client_destroy(input.client); - free(input.user); + sdb_input_reset(&input); if ((status != SDB_CONNECTION_OK) && (status != SDB_CONNECTION_DATA)) exit(1); exit(0); @@ -299,10 +335,12 @@ main(int argc, char **argv) using_history(); - if ((homedir = get_homedir(input.user))) { + if ((homedir = sdb_get_homedir())) { snprintf(hist_file, sizeof(hist_file) - 1, "%s/.sysdb_history", homedir); hist_file[sizeof(hist_file) - 1] = '\0'; + free(homedir); + homedir = NULL; errno = 0; if (read_history(hist_file) && (errno != ENOENT)) { @@ -311,7 +349,6 @@ main(int argc, char **argv) hist_file, sdb_strerror(errno, errbuf, sizeof(errbuf))); } } - free(input.user); input.input = sdb_strbuf_create(2048); sdb_input_init(&input); @@ -332,8 +369,8 @@ main(int argc, char **argv) } } - sdb_client_destroy(input.client); - sdb_strbuf_destroy(input.input); + sdb_input_reset(&input); + sdb_ssl_shutdown(); return 0; } /* main */