2 *****************************************************************************
6 * Author: Damien S. Stuart
8 * Purpose: An implementation of an fwknop client.
10 * Copyright 2009-2010 Damien Stuart (dstuart@dstuart.org)
12 * License (GNU Public License):
14 * This program is free software; you can redistribute it and/or
15 * modify it under the terms of the GNU General Public License
16 * as published by the Free Software Foundation; either version 2
17 * of the License, or (at your option) any later version.
19 * This program is distributed in the hope that it will be useful,
20 * but WITHOUT ANY WARRANTY; without even the implied warranty of
21 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
22 * GNU General Public License for more details.
24 * You should have received a copy of the GNU General Public License
25 * along with this program; if not, write to the Free Software
26 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
29 *****************************************************************************
32 #include "config_init.h"
35 #include "getpasswd.h"
39 static char * get_user_pw(fko_cli_options_t *options, const int crypt_op);
40 static void display_ctx(fko_ctx_t ctx);
41 static void errmsg(const char *msg, const int err);
42 static void show_last_command(void);
43 static void save_args(int argc, char **argv);
44 static void run_last_args(fko_cli_options_t *options);
45 static int set_message_type(fko_ctx_t ctx, fko_cli_options_t *options);
46 static int set_nat_access(fko_ctx_t ctx, fko_cli_options_t *options);
47 static int get_rand_port(fko_ctx_t ctx);
48 int resolve_ip_http(fko_cli_options_t *options);
51 main(int argc, char **argv)
55 char *spa_data, *version;
56 char access_buf[MAX_LINE_LEN];
58 fko_cli_options_t options;
60 /* Handle command line
62 config_init(&options, argc, argv);
64 /* Handle options that don't require a libfko context
66 if(options.run_last_command)
67 run_last_args(&options);
68 else if(options.show_last_command)
70 else if (!options.no_save_args)
71 save_args(argc, argv);
73 /* Intialize the context
76 if(res != FKO_SUCCESS)
78 errmsg("fko_new", res);
82 /* Display version info and exit.
84 if (options.version) {
85 fko_get_version(ctx, &version);
87 fprintf(stdout, "fwknop client %s, FKO protocol version %s\n",
96 if(options.fw_timeout >= 0)
98 res = fko_set_spa_client_timeout(ctx, options.fw_timeout);
99 if(res != FKO_SUCCESS)
101 errmsg("fko_set_spa_client_timeout", res);
103 return(EXIT_FAILURE);
107 /* Set the SPA packet message type based on command line options
109 res = set_message_type(ctx, &options);
110 if(res != FKO_SUCCESS)
112 errmsg("fko_set_spa_message_type", res);
114 return(EXIT_FAILURE);
117 /* Adjust the SPA timestamp if necessary
119 if(options.time_offset_plus > 0)
121 res = fko_set_timestamp(ctx, options.time_offset_plus);
122 if(res != FKO_SUCCESS)
124 errmsg("fko_set_timestamp", res);
126 return(EXIT_FAILURE);
129 if(options.time_offset_minus > 0)
131 res = fko_set_timestamp(ctx, -options.time_offset_minus);
132 if(res != FKO_SUCCESS)
134 errmsg("fko_set_timestamp", res);
136 return(EXIT_FAILURE);
140 if(options.server_command[0] != 0x0)
142 /* Set the access message to a command that the server will
145 snprintf(access_buf, MAX_LINE_LEN, "%s%s%s",
146 options.allow_ip_str, ",", options.server_command);
150 /* Resolve the client's public facing IP address if requestesd.
151 * if this fails, consider it fatal.
153 if (options.resolve_ip_http)
154 if(resolve_ip_http(&options) < 0)
157 return(EXIT_FAILURE);
160 /* Set a message string by combining the allow IP and the
161 * port/protocol. The fwknopd server allows no port/protocol
162 * to be specified as well, so in this case append the string
163 * "none/0" to the allow IP.
165 if(options.access_str[0] != 0x0)
167 snprintf(access_buf, MAX_LINE_LEN, "%s%s%s",
168 options.allow_ip_str, ",", options.access_str);
172 snprintf(access_buf, MAX_LINE_LEN, "%s%s%s",
173 options.allow_ip_str, ",", "none/0");
176 res = fko_set_spa_message(ctx, access_buf);
177 if(res != FKO_SUCCESS)
179 errmsg("fko_set_spa_message", res);
181 return(EXIT_FAILURE);
184 /* Set NAT access string
186 if (options.nat_local || options.nat_access_str[0] != 0x0)
188 res = set_nat_access(ctx, &options);
189 if(res != FKO_SUCCESS)
191 errmsg("fko_set_nat_access_str", res);
193 return(EXIT_FAILURE);
199 if(options.spoof_user[0] != 0x0)
201 res = fko_set_username(ctx, options.spoof_user);
202 if(res != FKO_SUCCESS)
204 errmsg("fko_set_username", res);
206 return(EXIT_FAILURE);
210 /* Set up for using GPG if specified.
214 /* If use-gpg-agent was not specified, then remove the GPG_AGENT_INFO
215 * ENV variable if it exists.
218 if(!options.use_gpg_agent)
219 unsetenv("GPG_AGENT_INFO");
222 res = fko_set_spa_encryption_type(ctx, FKO_ENCRYPTION_GPG);
223 if(res != FKO_SUCCESS)
225 errmsg("fko_set_spa_encryption_type", res);
227 return(EXIT_FAILURE);
230 /* If a GPG home dir was specified, set it here. Note: Setting
231 * this has to occur before calling any of the other GPG-related
234 if(options.gpg_home_dir != NULL && strlen(options.gpg_home_dir) > 0)
236 res = fko_set_gpg_home_dir(ctx, options.gpg_home_dir);
237 if(res != FKO_SUCCESS)
239 errmsg("fko_set_gpg_home_dir", res);
241 return(EXIT_FAILURE);
245 res = fko_set_gpg_recipient(ctx, options.gpg_recipient_key);
246 if(res != FKO_SUCCESS)
248 errmsg("fko_set_gpg_recipient", res);
250 if(IS_GPG_ERROR(res))
251 fprintf(stderr, "GPG ERR: %s\n", fko_gpg_errstr(ctx));
253 return(EXIT_FAILURE);
256 if(options.gpg_signer_key != NULL && strlen(options.gpg_signer_key))
258 res = fko_set_gpg_signer(ctx, options.gpg_signer_key);
259 if(res != FKO_SUCCESS)
261 errmsg("fko_set_gpg_signer", res);
263 if(IS_GPG_ERROR(res))
264 fprintf(stderr, "GPG ERR: %s\n", fko_gpg_errstr(ctx));
267 return(EXIT_FAILURE);
274 if(options.digest_type)
276 fko_set_spa_digest_type(ctx, options.digest_type);
277 if(res != FKO_SUCCESS)
279 errmsg("fko_set_spa_digest_type", res);
281 return(EXIT_FAILURE);
285 /* Finalize the context data (encrypt and encode the SPA data)
287 res = fko_spa_data_final(ctx, get_user_pw(&options, CRYPT_OP_ENCRYPT));
288 if(res != FKO_SUCCESS)
290 errmsg("fko_spa_data_final", res);
292 if(IS_GPG_ERROR(res))
293 fprintf(stderr, "GPG ERR: %s\n", fko_gpg_errstr(ctx));
296 return(EXIT_FAILURE);
299 /* Display the context data.
301 if (options.verbose || options.test)
304 /* Save packet data payload if requested.
306 if (options.save_packet_file[0] != 0x0)
307 write_spa_packet_data(ctx, &options);
309 if (options.rand_port)
310 options.spa_dst_port = get_rand_port(ctx);
312 res = send_spa_packet(ctx, &options);
315 fprintf(stderr, "send_spa_packet: packet not sent.\n");
317 return(EXIT_FAILURE);
322 fprintf(stderr, "send_spa_packet: bytes sent: %i\n", res);
325 /* Run through a decode cycle in test mode (--DSS XXX: This test/decode
326 * portion should be moved elsewhere).
330 /************** Decoding now *****************/
332 /* Now we create a new context based on data from the first one.
334 res = fko_get_spa_data(ctx, &spa_data);
335 if(res != FKO_SUCCESS)
337 errmsg("fko_get_spa_data", res);
339 return(EXIT_FAILURE);
342 /* If gpg-home-dir is specified, we have to defer decrypting if we
343 * use the fko_new_with_data() function because we need to set the
344 * gpg home dir after the context is created, but before we attempt
345 * to decrypt the data. Therefore we either pass NULL for the
346 * decryption key to fko_new_with_data() or use fko_new() to create
347 * an empty context, populate it with the encrypted data, set our
348 * options, then decode it.
350 res = fko_new_with_data(&ctx2, spa_data, NULL);
351 if(res != FKO_SUCCESS)
353 errmsg("fko_new_with_data", res);
356 return(EXIT_FAILURE);
359 /* See if we are using gpg and if we need to set the GPG home dir.
363 if(options.gpg_home_dir != NULL && strlen(options.gpg_home_dir) > 0)
365 res = fko_set_gpg_home_dir(ctx2, options.gpg_home_dir);
366 if(res != FKO_SUCCESS)
368 errmsg("fko_set_gpg_home_dir", res);
371 return(EXIT_FAILURE);
376 res = fko_decrypt_spa_data(
377 ctx2, get_user_pw(&options, CRYPT_OP_DECRYPT)
380 if(res != FKO_SUCCESS)
382 errmsg("fko_decrypt_spa_data", res);
384 if(IS_GPG_ERROR(res)) {
385 /* we most likely could not decrypt the gpg-encrypted data
386 * because we don't have access to the private key associated
387 * with the public key we used for encryption. Since this is
388 * expected, return 0 instead of an error condition (so calling
389 * programs like the fwknop test suite don't interpret this as
390 * an unrecoverable error), but print the error string for
391 debugging purposes. */
392 fprintf(stderr, "GPG ERR: %s\n%s\n", fko_gpg_errstr(ctx2),
393 "No access to recipient private key?\n");
396 return(EXIT_SUCCESS);
401 return(EXIT_FAILURE);
404 printf("\nDump of the Decoded Data\n");
412 free_configs(&options);
414 return(EXIT_SUCCESS);
418 free_configs(fko_cli_options_t *opts)
420 if (opts->resolve_url != NULL)
421 free(opts->resolve_url);
425 get_rand_port(fko_ctx_t ctx)
427 char *rand_val = NULL;
431 res = fko_get_rand_value(ctx, &rand_val);
432 if(res != FKO_SUCCESS)
434 errmsg("get_rand_port(), fko_get_rand_value", res);
438 /* Convert to a random value between 1024 and 65535
440 port = (MIN_HIGH_PORT + (abs(atoi(rand_val)) % (MAX_PORT - MIN_HIGH_PORT)));
442 /* Force libfko to calculate a new random value since we don't want to
443 * given anyone a hint (via the port value) about the contents of the
444 * encrypted SPA data.
446 res = fko_set_rand_value(ctx, NULL);
447 if(res != FKO_SUCCESS)
449 errmsg("get_rand_port(), fko_get_rand_value", res);
456 /* See if the string is of the format "<ipv4 addr>:<port>",
459 ipv4_str_has_port(char *str)
461 int o1, o2, o3, o4, p;
463 /* Force the ':' (if any) to a ','
465 char *ndx = strchr(str, ':');
469 /* Check format and values.
471 if((sscanf(str, "%u.%u.%u.%u,%u", &o1, &o2, &o3, &o4, &p)) == 5
472 && o1 >= 0 && o1 <= 255
473 && o2 >= 0 && o2 <= 255
474 && o3 >= 0 && o3 <= 255
475 && o4 >= 0 && o4 <= 255
476 && p > 0 && p < 65536)
484 /* Set NAT access string
487 set_nat_access(fko_ctx_t ctx, fko_cli_options_t *options)
489 char nat_access_buf[MAX_LINE_LEN] = "";
492 if (options->nat_rand_port)
493 nat_port = get_rand_port(ctx);
494 else if (options->nat_port)
495 nat_port = options->nat_port;
497 nat_port = DEFAULT_NAT_PORT;
499 if (options->nat_local && options->nat_access_str[0] == 0x0)
501 snprintf(nat_access_buf, MAX_LINE_LEN, "%s,%d",
502 options->spa_server_str, nat_port);
505 if (nat_access_buf[0] == 0x0 && options->nat_access_str[0] != 0x0)
507 if (ipv4_str_has_port(options->nat_access_str))
509 snprintf(nat_access_buf, MAX_LINE_LEN, "%s",
510 options->nat_access_str);
514 snprintf(nat_access_buf, MAX_LINE_LEN, "%s,%d",
515 options->nat_access_str, nat_port);
519 return fko_set_spa_nat_access(ctx, nat_access_buf);
523 get_save_file(char *args_save_file)
525 char *homedir = NULL;
528 homedir = getenv("HOME");
530 if (homedir != NULL) {
531 snprintf(args_save_file, MAX_PATH_LEN, "%s%s%s",
532 homedir, "/", ".fwknop.run");
539 /* Show the last command that was executed
542 show_last_command(void)
544 char args_save_file[MAX_PATH_LEN];
545 char args_str[MAX_LINE_LEN] = "";
546 FILE *args_file_ptr = NULL;
549 /* Not sure what the right thing is here on Win32, just exit
552 fprintf(stderr, "--show-last not implemented on Win32 yet.");
556 if (get_save_file(args_save_file)) {
557 if ((args_file_ptr = fopen(args_save_file, "r")) == NULL) {
558 fprintf(stderr, "Could not open args file: %s\n",
562 if ((fgets(args_str, MAX_LINE_LEN, args_file_ptr)) != NULL) {
563 printf("Last fwknop client command line: %s", args_str);
565 printf("Could not read line from file: %s\n", args_save_file);
567 fclose(args_file_ptr);
573 /* Get the command line arguments from the previous invocation
576 run_last_args(fko_cli_options_t *options)
578 FILE *args_file_ptr = NULL;
580 int current_arg_ctr = 0;
584 char args_save_file[MAX_PATH_LEN] = {0};
585 char args_str[MAX_LINE_LEN] = {0};
586 char arg_tmp[MAX_LINE_LEN] = {0};
587 char *argv_new[200]; /* should be way more than enough */
591 /* Not sure what the right thing is here on Win32, just return
597 if (get_save_file(args_save_file))
599 if ((args_file_ptr = fopen(args_save_file, "r")) == NULL)
601 fprintf(stderr, "Could not open args file: %s\n",
605 if ((fgets(args_str, MAX_LINE_LEN, args_file_ptr)) != NULL)
607 args_str[MAX_LINE_LEN-1] = '\0';
608 if (options->verbose)
609 printf("Executing: %s\n", args_str);
610 for (i=0; i < (int)strlen(args_str); i++)
612 if (!isspace(args_str[i]))
614 arg_tmp[current_arg_ctr] = args_str[i];
619 arg_tmp[current_arg_ctr] = '\0';
620 argv_new[argc_new] = malloc(strlen(arg_tmp)+1);
621 if (argv_new[argc_new] == NULL)
623 fprintf(stderr, "malloc failure for cmd line arg.\n");
626 strlcpy(argv_new[argc_new], arg_tmp, strlen(arg_tmp)+1);
632 fclose(args_file_ptr);
634 /* Reset the options index so we can run through them again.
638 config_init(options, argc_new, argv_new);
644 /* Save our command line arguments
647 save_args(int argc, char **argv)
649 char args_save_file[MAX_PATH_LEN];
650 char args_str[MAX_LINE_LEN] = "";
651 FILE *args_file_ptr = NULL;
652 int i = 0, args_str_len = 0;
655 /* Not sure what the right thing is here on Win32, just return
662 if (get_save_file(args_save_file)) {
663 if ((args_file_ptr = fopen(args_save_file, "w")) == NULL) {
664 fprintf(stderr, "Could not open args file: %s\n",
668 for (i=0; i < argc; i++) {
669 args_str_len += strlen(argv[i]);
670 if (args_str_len >= MAX_PATH_LEN) {
671 fprintf(stderr, "argument string too long, exiting.\n");
674 strlcat(args_str, argv[i], MAX_PATH_LEN);
675 strlcat(args_str, " ", MAX_PATH_LEN);
677 fprintf(args_file_ptr, "%s\n", args_str);
678 fclose(args_file_ptr);
683 /* Set the SPA packet message type
686 set_message_type(fko_ctx_t ctx, fko_cli_options_t *options)
690 if(options->server_command[0] != 0x0)
692 message_type = FKO_COMMAND_MSG;
694 else if(options->nat_local)
696 if (options->fw_timeout >= 0)
697 message_type = FKO_CLIENT_TIMEOUT_LOCAL_NAT_ACCESS_MSG;
699 message_type = FKO_LOCAL_NAT_ACCESS_MSG;
701 else if(options->nat_access_str[0] != 0x0)
703 if (options->fw_timeout >= 0)
704 message_type = FKO_CLIENT_TIMEOUT_NAT_ACCESS_MSG;
706 message_type = FKO_NAT_ACCESS_MSG;
710 if (options->fw_timeout >= 0)
711 message_type = FKO_CLIENT_TIMEOUT_ACCESS_MSG;
713 message_type = FKO_ACCESS_MSG;
716 return fko_set_spa_message_type(ctx, message_type);
719 /* Prompt for and receive a user password.
722 get_user_pw(fko_cli_options_t *options, const int crypt_op)
725 static char *no_pw = "";
727 /* First of all if we are using GPG and GPG_AGENT
728 * then there is no password to return.
731 && (options->use_gpg_agent
732 || (crypt_op == CRYPT_OP_ENCRYPT && options->gpg_signer_key == NULL)))
735 /* If --get-key file was specified grab the key/password from it.
737 if (options->get_key_file[0] != 0x0)
739 pw_ptr = getpasswd_file(options->get_key_file, options->spa_server_str);
741 else if (options->use_gpg)
743 if(crypt_op == CRYPT_OP_DECRYPT)
744 pw_ptr = getpasswd("Enter passphrase for secret key: ");
745 else if(options->gpg_signer_key && strlen(options->gpg_signer_key))
746 pw_ptr = getpasswd("Enter passphrase for signing: ");
752 if(crypt_op == CRYPT_OP_ENCRYPT)
753 pw_ptr = getpasswd("Enter encryption password: ");
754 else if(crypt_op == CRYPT_OP_DECRYPT)
755 pw_ptr = getpasswd("Enter decryption password: ");
757 pw_ptr = getpasswd("Enter password: ");
760 /* Empty password is allowed, NULL password is not.
764 fprintf(stderr, "Received no password data, exiting.\n");
771 /* Display an FKO error message.
774 errmsg(const char *msg, const int err) {
775 fprintf(stderr, "%s: %s: Error %i - %s\n",
776 MY_NAME, msg, err, fko_errstr(err));
779 /* Show the fields of the FKO context.
782 display_ctx(fko_ctx_t ctx)
784 char *rand_val = NULL;
785 char *username = NULL;
786 char *version = NULL;
787 char *spa_message = NULL;
788 char *nat_access = NULL;
789 char *server_auth = NULL;
790 char *enc_data = NULL;
791 char *spa_digest = NULL;
792 char *spa_data = NULL;
794 time_t timestamp = 0;
796 short digest_type = -1;
797 int client_timeout = -1;
799 /* Should be checking return values, but this is temp code. --DSS
801 fko_get_rand_value(ctx, &rand_val);
802 fko_get_username(ctx, &username);
803 fko_get_timestamp(ctx, ×tamp);
804 fko_get_version(ctx, &version);
805 fko_get_spa_message_type(ctx, &msg_type);
806 fko_get_spa_message(ctx, &spa_message);
807 fko_get_spa_nat_access(ctx, &nat_access);
808 fko_get_spa_server_auth(ctx, &server_auth);
809 fko_get_spa_client_timeout(ctx, &client_timeout);
810 fko_get_spa_digest_type(ctx, &digest_type);
811 fko_get_encoded_data(ctx, &enc_data);
812 fko_get_spa_digest(ctx, &spa_digest);
813 fko_get_spa_data(ctx, &spa_data);
815 printf("\nFKO Field Values:\n=================\n\n");
816 printf(" Random Value: %s\n", rand_val == NULL ? "<NULL>" : rand_val);
817 printf(" Username: %s\n", username == NULL ? "<NULL>" : username);
818 printf(" Timestamp: %u\n", (unsigned int) timestamp);
819 printf(" FKO Version: %s\n", version == NULL ? "<NULL>" : version);
820 printf(" Message Type: %i\n", msg_type);
821 printf(" Message String: %s\n", spa_message == NULL ? "<NULL>" : spa_message);
822 printf(" Nat Access: %s\n", nat_access == NULL ? "<NULL>" : nat_access);
823 printf(" Server Auth: %s\n", server_auth == NULL ? "<NULL>" : server_auth);
824 printf(" Client Timeout: %u\n", client_timeout);
825 printf(" Digest Type: %u\n", digest_type);
826 printf("\n Encoded Data: %s\n", enc_data == NULL ? "<NULL>" : enc_data);
827 printf("\nSPA Data Digest: %s\n", spa_digest == NULL ? "<NULL>" : spa_digest);
828 printf("\nFinal Packed/Encrypted/Encoded Data:\n\n%s\n\n", spa_data);
projects / fwknop.git / blob