![[tokkee]](http://tokkee.org/images/avatar.png){kind=avatar}
diff --git a/src/tools/sysdb/main.c b/src/tools/sysdb/main.c
index 05c5b9fb6d6ce6f6d57cb45f04666dff37e775a7..1f3975a7949b52491d4b0b2fe37660260e556649 100644 (file)
--- a/src/tools/sysdb/main.c
+++ b/src/tools/sysdb/main.c
#include "utils/error.h"
#include "utils/llist.h"
#include "utils/strbuf.h"
+#include "utils/os.h"
+#include "utils/ssl.h"
#include <errno.h>
+#include <time.h>
#if HAVE_LIBGEN_H
# include <libgen.h>
#include <sys/stat.h>
#include <fcntl.h>
-
+#include <signal.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
-
#include <unistd.h>
#include <sys/types.h>
# define DEFAULT_SOCKET "unix:"LOCALSTATEDIR"/run/sysdbd.sock"
#endif
-static const char *
-get_current_user(void)
-{
- struct passwd pw_entry;
- struct passwd *result = NULL;
-
- uid_t uid;
-
- /* needs to be static because we return a pointer into this buffer
- * to the caller */
- static char buf[1024];
-
- int status;
+static sdb_ssl_options_t ssl_options = {
+ /* ca_file */ SDB_SSL_CAFILE,
+ /* key_file */ "~/.config/sysdb/ssl/key.pem",
+ /* cert_file */ "~/.config/sysdb/ssl/cert.pem",
+ /* crl_file */ "~/.config/sysdb/ssl/crl.pem",
+};
- uid = geteuid();
-
- memset(&pw_entry, 0, sizeof(pw_entry));
- status = getpwuid_r(uid, &pw_entry, buf, sizeof(buf), &result);
-
- if (status || (! result)) {
- char errbuf[1024];
- sdb_log(SDB_LOG_ERR, "Failed to determine current username: %s",
- sdb_strerror(errno, errbuf, sizeof(errbuf)));
- return NULL;
- }
- return result->pw_name;
-} /* get_current_user */
-
-static const char *
-get_homedir(const char *username)
+static void
+canonicalize_ssl_options(void)
{
- struct passwd pw_entry;
- struct passwd *result = NULL;
-
- /* needs to be static because we return a pointer into this buffer
- * to the caller */
- static char buf[1024];
-
- int status;
-
- memset(&pw_entry, 0, sizeof(pw_entry));
- status = getpwnam_r(username, &pw_entry, buf, sizeof(buf), &result);
-
- if (status || (! result)) {
- char errbuf[1024];
- sdb_log(SDB_LOG_WARNING, "Failed to determine home directory "
- "for user %s: %s", username,
- sdb_strerror(errno, errbuf, sizeof(errbuf)));
- return NULL;
+ char *tmp;
+ if (ssl_options.ca_file) {
+ tmp = sdb_realpath(ssl_options.ca_file);
+ ssl_options.ca_file = tmp ? tmp : strdup(ssl_options.ca_file);
+ }
+ if (ssl_options.key_file) {
+ tmp = sdb_realpath(ssl_options.key_file);
+ ssl_options.key_file = tmp ? tmp : strdup(ssl_options.key_file);
+ }
+ if (ssl_options.cert_file) {
+ tmp = sdb_realpath(ssl_options.cert_file);
+ ssl_options.cert_file = tmp ? tmp : strdup(ssl_options.cert_file);
}
- return result->pw_dir;
-} /* get_homedir */
+ if (ssl_options.crl_file) {
+ tmp = sdb_realpath(ssl_options.crl_file);
+ ssl_options.crl_file = tmp ? tmp : strdup(ssl_options.crl_file);
+ }
+} /* canonicalize_ssl_options */
static void
exit_usage(char *name, int status)
{
+ char *user = sdb_get_current_user();
printf(
"Usage: %s <options>\n"
-"\nOptions:\n"
-" -H HOST the host to connect to\n"
-" default: "DEFAULT_SOCKET"\n"
-" -U USER the username to connect as\n"
-" default: %s\n"
-" -c CMD execute the specified command and then exit\n"
+"Connection options:\n"
+" -H HOST the host to connect to\n"
+" default: "DEFAULT_SOCKET"\n"
+" -U USER the username to connect as\n"
+" default: %s\n"
+" -c CMD execute the specified command and then exit\n"
+"\n"
+"SSL options:\n"
+" -K KEYFILE private key file name\n"
+" default: %s\n"
+" -C CERTFILE client certificate file name\n"
+" default: %s\n"
+" -A CAFILE CA certificates file name\n"
+" default: %s\n"
+"\n"
+"General options:\n"
"\n"
-" -h display this help and exit\n"
-" -V display the version number and copyright\n"
+" -h display this help and exit\n"
+" -V display the version number and copyright\n"
"\nSysDB client "SDB_CLIENT_VERSION_STRING SDB_CLIENT_VERSION_EXTRA", "
-PACKAGE_URL"\n", basename(name), get_current_user());
+PACKAGE_URL"\n", basename(name), user,
+ ssl_options.key_file, ssl_options.cert_file, ssl_options.ca_file);
+
+ free(user);
exit(status);
} /* exit_usage */
} /* exit_version */
static int
-execute_commands(sdb_client_t *client, sdb_llist_t *commands)
+execute_commands(sdb_input_t *input, sdb_llist_t *commands)
{
sdb_llist_iter_t *iter;
int status = 0;
while (sdb_llist_iter_has_next(iter)) {
sdb_object_t *obj = sdb_llist_iter_get_next(iter);
- if (sdb_client_send(client, CONNECTION_QUERY,
+ if (sdb_client_send(input->client, SDB_CONNECTION_QUERY,
(uint32_t)strlen(obj->name), obj->name) <= 0) {
sdb_log(SDB_LOG_ERR, "Failed to send command '%s' to server",
obj->name);
}
/* Wait for server replies. We might get any number of log messages
- * but eventually see the reply to the query, which is either OK or
+ * but eventually see the reply to the query, which is either DATA or
* ERROR. */
while (42) {
- status = sdb_command_print_reply(client);
+ status = sdb_command_print_reply(input);
if (status < 0) {
sdb_log(SDB_LOG_ERR, "Failed to read reply from server");
break;
}
- if ((status == CONNECTION_OK) || (status == CONNECTION_ERROR))
+ if ((status == SDB_CONNECTION_DATA)
+ || (status == SDB_CONNECTION_ERROR))
+ break;
+ if (status == SDB_CONNECTION_OK) {
+ /* pre 0.4 versions used OK instead of DATA */
+ sdb_log(SDB_LOG_WARNING, "Received unexpected OK status from "
+ "server in response to a QUERY (expected DATA); "
+ "assuming we're talking to an old server");
break;
+ }
}
- if (status)
- break;
+ if ((status != SDB_CONNECTION_OK) && (status != SDB_CONNECTION_DATA))
+ break; /* error */
}
sdb_llist_iter_destroy(iter);
main(int argc, char **argv)
{
const char *host = NULL;
- const char *user = NULL;
- const char *homedir;
+ char *homedir;
char hist_file[1024] = "";
sdb_input_t input = SDB_INPUT_INIT;
sdb_llist_t *commands = NULL;
while (42) {
- int opt = getopt(argc, argv, "H:U:c:hV");
+ int opt = getopt(argc, argv, "H:U:c:C:K:A:hV");
if (-1 == opt)
break;
host = optarg;
break;
case 'U':
- user = optarg;
+ input.user = optarg;
break;
case 'c':
}
break;
+ case 'C':
+ ssl_options.cert_file = optarg;
+ break;
+ case 'K':
+ ssl_options.key_file = optarg;
+ break;
+ case 'A':
+ ssl_options.ca_file = optarg;
+ break;
+
case 'h':
exit_usage(argv[0], 0);
break;
if (! host)
host = DEFAULT_SOCKET;
- if (! user) {
- user = get_current_user();
- if (! user)
- exit(1);
- }
+ if (! input.user)
+ input.user = sdb_get_current_user();
+ else
+ input.user = strdup(input.user);
+ if (! input.user)
+ exit(1);
+
+ if (sdb_ssl_init())
+ exit(1);
input.client = sdb_client_create(host);
if (! input.client) {
sdb_log(SDB_LOG_ERR, "Failed to create client object");
+ sdb_input_reset(&input);
exit(1);
}
- if (sdb_client_connect(input.client, user)) {
+ input.input = sdb_strbuf_create(2048);
+ sdb_input_init(&input);
+
+ canonicalize_ssl_options();
+ if (sdb_client_set_ssl_options(input.client, &ssl_options)) {
+ sdb_log(SDB_LOG_ERR, "Failed to apply SSL options");
+ sdb_input_reset(&input);
+ sdb_ssl_free_options(&ssl_options);
+ exit(1);
+ }
+ sdb_ssl_free_options(&ssl_options);
+ if (sdb_client_connect(input.client, input.user)) {
sdb_log(SDB_LOG_ERR, "Failed to connect to SysDBd");
- sdb_client_destroy(input.client);
+ sdb_input_reset(&input);
exit(1);
}
if (commands) {
- int status = execute_commands(input.client, commands);
+ int status;
+ input.interactive = 0;
+ status = execute_commands(&input, commands);
sdb_llist_destroy(commands);
- sdb_client_destroy(input.client);
- exit(status);
+ sdb_input_reset(&input);
+ if ((status != SDB_CONNECTION_OK) && (status != SDB_CONNECTION_DATA))
+ exit(1);
+ exit(0);
}
sdb_log(SDB_LOG_INFO, "SysDB client "SDB_CLIENT_VERSION_STRING
- SDB_CLIENT_VERSION_EXTRA" (libsysdbclient %s%s)\n",
+ SDB_CLIENT_VERSION_EXTRA" (libsysdbclient %s%s)",
sdb_client_version_string(), sdb_client_version_extra());
+ sdb_command_print_server_version(&input);
+ printf("\n");
using_history();
- if ((homedir = get_homedir(user))) {
+ if ((homedir = sdb_get_homedir())) {
snprintf(hist_file, sizeof(hist_file) - 1,
"%s/.sysdb_history", homedir);
hist_file[sizeof(hist_file) - 1] = '\0';
+ free(homedir);
+ homedir = NULL;
errno = 0;
if (read_history(hist_file) && (errno != ENOENT)) {
}
}
- input.input = sdb_strbuf_create(2048);
- sdb_input_init(&input);
+ signal(SIGPIPE, SIG_IGN);
+ signal(SIGCHLD, SIG_IGN);
+
sdb_input_mainloop();
+ sdb_client_shutdown(input.client, SHUT_WR);
+ while (! sdb_client_eof(input.client)) {
+ /* wait for remaining data to arrive */
+ sdb_command_print_reply(&input);
+ }
+
if (hist_file[0] != '\0') {
errno = 0;
if (write_history(hist_file)) {
}
}
- sdb_client_destroy(input.client);
- sdb_strbuf_destroy(input.input);
+ sdb_input_reset(&input);
+ sdb_ssl_shutdown();
return 0;
} /* main */