![[tokkee]](http://tokkee.org/images/avatar.png){kind=avatar}
diff --git a/src/tools/sysdb/main.c b/src/tools/sysdb/main.c
index 20f37ae34791d2dbebd942066844a60ecdcd395c..1f3975a7949b52491d4b0b2fe37660260e556649 100644 (file)
--- a/src/tools/sysdb/main.c
+++ b/src/tools/sysdb/main.c
#include "utils/llist.h"
#include "utils/strbuf.h"
#include "utils/os.h"
+#include "utils/ssl.h"
#include <errno.h>
+#include <time.h>
#if HAVE_LIBGEN_H
# include <libgen.h>
#include <sys/stat.h>
#include <fcntl.h>
-
+#include <signal.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
-
#include <unistd.h>
#include <sys/types.h>
# endif
#endif /* READLINEs */
-#include <openssl/ssl.h>
-#include <openssl/err.h>
-
#ifndef DEFAULT_SOCKET
# define DEFAULT_SOCKET "unix:"LOCALSTATEDIR"/run/sysdbd.sock"
#endif
-static const char *
-get_homedir(void)
-{
- char *username = sdb_get_current_user();
-
- struct passwd pw_entry;
- struct passwd *result = NULL;
-
- /* needs to be static because we return a pointer into this buffer
- * to the caller */
- static char buf[1024];
+static sdb_ssl_options_t ssl_options = {
+ /* ca_file */ SDB_SSL_CAFILE,
+ /* key_file */ "~/.config/sysdb/ssl/key.pem",
+ /* cert_file */ "~/.config/sysdb/ssl/cert.pem",
+ /* crl_file */ "~/.config/sysdb/ssl/crl.pem",
+};
- int status;
-
- if (username) {
- memset(&pw_entry, 0, sizeof(pw_entry));
- status = getpwnam_r(username, &pw_entry, buf, sizeof(buf), &result);
+static void
+canonicalize_ssl_options(void)
+{
+ char *tmp;
+ if (ssl_options.ca_file) {
+ tmp = sdb_realpath(ssl_options.ca_file);
+ ssl_options.ca_file = tmp ? tmp : strdup(ssl_options.ca_file);
}
- else
- status = -1;
-
- if (status || (! result)) {
- char errbuf[1024];
- sdb_log(SDB_LOG_WARNING, "Failed to determine home directory "
- "for user %s: %s", username,
- sdb_strerror(errno, errbuf, sizeof(errbuf)));
- free(username);
- return NULL;
+ if (ssl_options.key_file) {
+ tmp = sdb_realpath(ssl_options.key_file);
+ ssl_options.key_file = tmp ? tmp : strdup(ssl_options.key_file);
+ }
+ if (ssl_options.cert_file) {
+ tmp = sdb_realpath(ssl_options.cert_file);
+ ssl_options.cert_file = tmp ? tmp : strdup(ssl_options.cert_file);
+ }
+ if (ssl_options.crl_file) {
+ tmp = sdb_realpath(ssl_options.crl_file);
+ ssl_options.crl_file = tmp ? tmp : strdup(ssl_options.crl_file);
}
- free(username);
- return result->pw_dir;
-} /* get_homedir */
+} /* canonicalize_ssl_options */
static void
exit_usage(char *name, int status)
printf(
"Usage: %s <options>\n"
-"\nOptions:\n"
-" -H HOST the host to connect to\n"
-" default: "DEFAULT_SOCKET"\n"
-" -U USER the username to connect as\n"
-" default: %s\n"
-" -c CMD execute the specified command and then exit\n"
+"Connection options:\n"
+" -H HOST the host to connect to\n"
+" default: "DEFAULT_SOCKET"\n"
+" -U USER the username to connect as\n"
+" default: %s\n"
+" -c CMD execute the specified command and then exit\n"
"\n"
-" -h display this help and exit\n"
-" -V display the version number and copyright\n"
+"SSL options:\n"
+" -K KEYFILE private key file name\n"
+" default: %s\n"
+" -C CERTFILE client certificate file name\n"
+" default: %s\n"
+" -A CAFILE CA certificates file name\n"
+" default: %s\n"
+"\n"
+"General options:\n"
+"\n"
+" -h display this help and exit\n"
+" -V display the version number and copyright\n"
"\nSysDB client "SDB_CLIENT_VERSION_STRING SDB_CLIENT_VERSION_EXTRA", "
-PACKAGE_URL"\n", basename(name), user);
+PACKAGE_URL"\n", basename(name), user,
+ ssl_options.key_file, ssl_options.cert_file, ssl_options.ca_file);
+
free(user);
exit(status);
} /* exit_usage */
} /* exit_version */
static int
-execute_commands(sdb_client_t *client, sdb_llist_t *commands)
+execute_commands(sdb_input_t *input, sdb_llist_t *commands)
{
sdb_llist_iter_t *iter;
int status = 0;
while (sdb_llist_iter_has_next(iter)) {
sdb_object_t *obj = sdb_llist_iter_get_next(iter);
- if (sdb_client_send(client, SDB_CONNECTION_QUERY,
+ if (sdb_client_send(input->client, SDB_CONNECTION_QUERY,
(uint32_t)strlen(obj->name), obj->name) <= 0) {
sdb_log(SDB_LOG_ERR, "Failed to send command '%s' to server",
obj->name);
* but eventually see the reply to the query, which is either DATA or
* ERROR. */
while (42) {
- status = sdb_command_print_reply(client);
+ status = sdb_command_print_reply(input);
if (status < 0) {
sdb_log(SDB_LOG_ERR, "Failed to read reply from server");
break;
{
const char *host = NULL;
- const char *homedir;
+ char *homedir;
char hist_file[1024] = "";
sdb_input_t input = SDB_INPUT_INIT;
sdb_llist_t *commands = NULL;
while (42) {
- int opt = getopt(argc, argv, "H:U:c:hV");
+ int opt = getopt(argc, argv, "H:U:c:C:K:A:hV");
if (-1 == opt)
break;
}
break;
+ case 'C':
+ ssl_options.cert_file = optarg;
+ break;
+ case 'K':
+ ssl_options.key_file = optarg;
+ break;
+ case 'A':
+ ssl_options.ca_file = optarg;
+ break;
+
case 'h':
exit_usage(argv[0], 0);
break;
if (! input.user)
exit(1);
- SSL_load_error_strings();
- OpenSSL_add_ssl_algorithms();
+ if (sdb_ssl_init())
+ exit(1);
input.client = sdb_client_create(host);
if (! input.client) {
sdb_log(SDB_LOG_ERR, "Failed to create client object");
- free(input.user);
+ sdb_input_reset(&input);
+ exit(1);
+ }
+ input.input = sdb_strbuf_create(2048);
+ sdb_input_init(&input);
+
+ canonicalize_ssl_options();
+ if (sdb_client_set_ssl_options(input.client, &ssl_options)) {
+ sdb_log(SDB_LOG_ERR, "Failed to apply SSL options");
+ sdb_input_reset(&input);
+ sdb_ssl_free_options(&ssl_options);
exit(1);
}
+ sdb_ssl_free_options(&ssl_options);
if (sdb_client_connect(input.client, input.user)) {
sdb_log(SDB_LOG_ERR, "Failed to connect to SysDBd");
- sdb_client_destroy(input.client);
- free(input.user);
+ sdb_input_reset(&input);
exit(1);
}
if (commands) {
- int status = execute_commands(input.client, commands);
+ int status;
+ input.interactive = 0;
+ status = execute_commands(&input, commands);
sdb_llist_destroy(commands);
- sdb_client_destroy(input.client);
- free(input.user);
+ sdb_input_reset(&input);
if ((status != SDB_CONNECTION_OK) && (status != SDB_CONNECTION_DATA))
exit(1);
exit(0);
}
sdb_log(SDB_LOG_INFO, "SysDB client "SDB_CLIENT_VERSION_STRING
- SDB_CLIENT_VERSION_EXTRA" (libsysdbclient %s%s)\n",
+ SDB_CLIENT_VERSION_EXTRA" (libsysdbclient %s%s)",
sdb_client_version_string(), sdb_client_version_extra());
+ sdb_command_print_server_version(&input);
+ printf("\n");
using_history();
- if ((homedir = get_homedir())) {
+ if ((homedir = sdb_get_homedir())) {
snprintf(hist_file, sizeof(hist_file) - 1,
"%s/.sysdb_history", homedir);
hist_file[sizeof(hist_file) - 1] = '\0';
+ free(homedir);
+ homedir = NULL;
errno = 0;
if (read_history(hist_file) && (errno != ENOENT)) {
hist_file, sdb_strerror(errno, errbuf, sizeof(errbuf)));
}
}
- free(input.user);
- input.input = sdb_strbuf_create(2048);
- sdb_input_init(&input);
+ signal(SIGPIPE, SIG_IGN);
+ signal(SIGCHLD, SIG_IGN);
+
sdb_input_mainloop();
sdb_client_shutdown(input.client, SHUT_WR);
while (! sdb_client_eof(input.client)) {
/* wait for remaining data to arrive */
- sdb_command_print_reply(input.client);
+ sdb_command_print_reply(&input);
}
if (hist_file[0] != '\0') {
}
}
- sdb_client_destroy(input.client);
- sdb_strbuf_destroy(input.input);
-
- ERR_free_strings();
+ sdb_input_reset(&input);
+ sdb_ssl_shutdown();
return 0;
} /* main */