2 *****************************************************************************
6 * Author: Damien S. Stuart
8 * Purpose: An implementation of an fwknop client.
10 * Copyright 2009-2010 Damien Stuart (dstuart@dstuart.org)
12 * License (GNU Public License):
14 * This program is free software; you can redistribute it and/or
15 * modify it under the terms of the GNU General Public License
16 * as published by the Free Software Foundation; either version 2
17 * of the License, or (at your option) any later version.
19 * This program is distributed in the hope that it will be useful,
20 * but WITHOUT ANY WARRANTY; without even the implied warranty of
21 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
22 * GNU General Public License for more details.
24 * You should have received a copy of the GNU General Public License
25 * along with this program; if not, write to the Free Software
26 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
29 *****************************************************************************
32 #include "config_init.h"
35 #include "getpasswd.h"
39 static char * get_user_pw(fko_ctx_t ctx,
40 fko_cli_options_t *options, const int crypt_op);
41 static void display_ctx(fko_ctx_t ctx);
42 static void errmsg(const char *msg, const int err);
43 static void show_last_command(void);
44 static void save_args(int argc, char **argv);
45 static void run_last_args(fko_cli_options_t *options);
46 static int set_message_type(fko_ctx_t ctx, fko_cli_options_t *options);
47 static int set_nat_access(fko_ctx_t ctx, fko_cli_options_t *options);
48 static int get_rand_port(fko_ctx_t ctx);
49 int resolve_ip_http(fko_cli_options_t *options);
52 main(int argc, char **argv)
56 char *spa_data, *version;
57 char access_buf[MAX_LINE_LEN];
59 fko_cli_options_t options;
61 /* Handle command line
63 config_init(&options, argc, argv);
65 /* Handle options that don't require a libfko context
67 if(options.run_last_command)
68 run_last_args(&options);
69 else if(options.show_last_command)
71 else if (!options.no_save_args)
72 save_args(argc, argv);
74 /* Intialize the context
77 if(res != FKO_SUCCESS)
79 errmsg("fko_new", res);
83 /* Display version info and exit.
85 if (options.version) {
86 fko_get_version(ctx, &version);
88 fprintf(stdout, "fwknop client %s, FKO protocol version %s\n",
97 if(options.fw_timeout >= 0)
99 res = fko_set_spa_client_timeout(ctx, options.fw_timeout);
100 if(res != FKO_SUCCESS)
102 errmsg("fko_set_spa_client_timeout", res);
104 return(EXIT_FAILURE);
108 /* Set the SPA packet message type based on command line options
110 res = set_message_type(ctx, &options);
111 if(res != FKO_SUCCESS)
113 errmsg("fko_set_spa_message_type", res);
115 return(EXIT_FAILURE);
118 /* Adjust the SPA timestamp if necessary
120 if(options.time_offset_plus > 0)
122 res = fko_set_timestamp(ctx, options.time_offset_plus);
123 if(res != FKO_SUCCESS)
125 errmsg("fko_set_timestamp", res);
127 return(EXIT_FAILURE);
130 if(options.time_offset_minus > 0)
132 res = fko_set_timestamp(ctx, -options.time_offset_minus);
133 if(res != FKO_SUCCESS)
135 errmsg("fko_set_timestamp", res);
137 return(EXIT_FAILURE);
141 if(options.server_command[0] != 0x0)
143 /* Set the access message to a command that the server will
146 snprintf(access_buf, MAX_LINE_LEN, "%s%s%s",
147 options.allow_ip_str, ",", options.server_command);
151 /* Resolve the client's public facing IP address if requestesd.
152 * if this fails, consider it fatal.
154 if (options.resolve_ip_http)
156 if(resolve_ip_http(&options) < 0)
159 return(EXIT_FAILURE);
163 /* Set a message string by combining the allow IP and the
164 * port/protocol. The fwknopd server allows no port/protocol
165 * to be specified as well, so in this case append the string
166 * "none/0" to the allow IP.
168 if(options.access_str[0] != 0x0)
170 snprintf(access_buf, MAX_LINE_LEN, "%s%s%s",
171 options.allow_ip_str, ",", options.access_str);
175 snprintf(access_buf, MAX_LINE_LEN, "%s%s%s",
176 options.allow_ip_str, ",", "none/0");
179 res = fko_set_spa_message(ctx, access_buf);
180 if(res != FKO_SUCCESS)
182 errmsg("fko_set_spa_message", res);
184 return(EXIT_FAILURE);
187 /* Set NAT access string
189 if (options.nat_local || options.nat_access_str[0] != 0x0)
191 res = set_nat_access(ctx, &options);
192 if(res != FKO_SUCCESS)
194 errmsg("fko_set_nat_access_str", res);
196 return(EXIT_FAILURE);
202 if(options.spoof_user[0] != 0x0)
204 res = fko_set_username(ctx, options.spoof_user);
205 if(res != FKO_SUCCESS)
207 errmsg("fko_set_username", res);
209 return(EXIT_FAILURE);
213 /* Set up for using GPG if specified.
217 /* If use-gpg-agent was not specified, then remove the GPG_AGENT_INFO
218 * ENV variable if it exists.
221 if(!options.use_gpg_agent)
222 unsetenv("GPG_AGENT_INFO");
225 res = fko_set_spa_encryption_type(ctx, FKO_ENCRYPTION_GPG);
226 if(res != FKO_SUCCESS)
228 errmsg("fko_set_spa_encryption_type", res);
230 return(EXIT_FAILURE);
233 /* If a GPG home dir was specified, set it here. Note: Setting
234 * this has to occur before calling any of the other GPG-related
237 if(options.gpg_home_dir != NULL && strlen(options.gpg_home_dir) > 0)
239 res = fko_set_gpg_home_dir(ctx, options.gpg_home_dir);
240 if(res != FKO_SUCCESS)
242 errmsg("fko_set_gpg_home_dir", res);
244 return(EXIT_FAILURE);
248 res = fko_set_gpg_recipient(ctx, options.gpg_recipient_key);
249 if(res != FKO_SUCCESS)
251 errmsg("fko_set_gpg_recipient", res);
253 if(IS_GPG_ERROR(res))
254 fprintf(stderr, "GPG ERR: %s\n", fko_gpg_errstr(ctx));
256 return(EXIT_FAILURE);
259 if(options.gpg_signer_key != NULL && strlen(options.gpg_signer_key))
261 res = fko_set_gpg_signer(ctx, options.gpg_signer_key);
262 if(res != FKO_SUCCESS)
264 errmsg("fko_set_gpg_signer", res);
266 if(IS_GPG_ERROR(res))
267 fprintf(stderr, "GPG ERR: %s\n", fko_gpg_errstr(ctx));
270 return(EXIT_FAILURE);
277 if(options.digest_type)
279 fko_set_spa_digest_type(ctx, options.digest_type);
280 if(res != FKO_SUCCESS)
282 errmsg("fko_set_spa_digest_type", res);
284 return(EXIT_FAILURE);
288 /* Finalize the context data (encrypt and encode the SPA data)
290 res = fko_spa_data_final(ctx, get_user_pw(ctx, &options, CRYPT_OP_ENCRYPT));
291 if(res != FKO_SUCCESS)
293 errmsg("fko_spa_data_final", res);
295 if(IS_GPG_ERROR(res))
296 fprintf(stderr, "GPG ERR: %s\n", fko_gpg_errstr(ctx));
299 return(EXIT_FAILURE);
302 /* Display the context data.
304 if (options.verbose || options.test)
307 /* Save packet data payload if requested.
309 if (options.save_packet_file[0] != 0x0)
310 write_spa_packet_data(ctx, &options);
312 if (options.rand_port)
313 options.spa_dst_port = get_rand_port(ctx);
315 res = send_spa_packet(ctx, &options);
318 fprintf(stderr, "send_spa_packet: packet not sent.\n");
320 return(EXIT_FAILURE);
325 fprintf(stderr, "send_spa_packet: bytes sent: %i\n", res);
328 /* Run through a decode cycle in test mode (--DSS XXX: This test/decode
329 * portion should be moved elsewhere).
333 /************** Decoding now *****************/
335 /* Now we create a new context based on data from the first one.
337 res = fko_get_spa_data(ctx, &spa_data);
338 if(res != FKO_SUCCESS)
340 errmsg("fko_get_spa_data", res);
342 return(EXIT_FAILURE);
345 /* If gpg-home-dir is specified, we have to defer decrypting if we
346 * use the fko_new_with_data() function because we need to set the
347 * gpg home dir after the context is created, but before we attempt
348 * to decrypt the data. Therefore we either pass NULL for the
349 * decryption key to fko_new_with_data() or use fko_new() to create
350 * an empty context, populate it with the encrypted data, set our
351 * options, then decode it.
353 res = fko_new_with_data(&ctx2, spa_data, NULL);
354 if(res != FKO_SUCCESS)
356 errmsg("fko_new_with_data", res);
359 return(EXIT_FAILURE);
362 /* See if we are using gpg and if we need to set the GPG home dir.
366 if(options.gpg_home_dir != NULL && strlen(options.gpg_home_dir) > 0)
368 res = fko_set_gpg_home_dir(ctx2, options.gpg_home_dir);
369 if(res != FKO_SUCCESS)
371 errmsg("fko_set_gpg_home_dir", res);
374 return(EXIT_FAILURE);
379 res = fko_decrypt_spa_data(
380 ctx2, get_user_pw(ctx2, &options, CRYPT_OP_DECRYPT)
383 if(res != FKO_SUCCESS)
385 errmsg("fko_decrypt_spa_data", res);
387 if(IS_GPG_ERROR(res)) {
388 /* we most likely could not decrypt the gpg-encrypted data
389 * because we don't have access to the private key associated
390 * with the public key we used for encryption. Since this is
391 * expected, return 0 instead of an error condition (so calling
392 * programs like the fwknop test suite don't interpret this as
393 * an unrecoverable error), but print the error string for
394 debugging purposes. */
395 fprintf(stderr, "GPG ERR: %s\n%s\n", fko_gpg_errstr(ctx2),
396 "No access to recipient private key?\n");
399 return(EXIT_SUCCESS);
404 return(EXIT_FAILURE);
407 printf("\nDump of the Decoded Data\n");
415 free_configs(&options);
417 return(EXIT_SUCCESS);
421 free_configs(fko_cli_options_t *opts)
423 if (opts->resolve_url != NULL)
424 free(opts->resolve_url);
428 get_rand_port(fko_ctx_t ctx)
430 char *rand_val = NULL;
434 res = fko_get_rand_value(ctx, &rand_val);
435 if(res != FKO_SUCCESS)
437 errmsg("get_rand_port(), fko_get_rand_value", res);
441 /* Convert to a random value between 1024 and 65535
443 port = (MIN_HIGH_PORT + (abs(atoi(rand_val)) % (MAX_PORT - MIN_HIGH_PORT)));
445 /* Force libfko to calculate a new random value since we don't want to
446 * given anyone a hint (via the port value) about the contents of the
447 * encrypted SPA data.
449 res = fko_set_rand_value(ctx, NULL);
450 if(res != FKO_SUCCESS)
452 errmsg("get_rand_port(), fko_get_rand_value", res);
459 /* See if the string is of the format "<ipv4 addr>:<port>",
462 ipv4_str_has_port(char *str)
464 int o1, o2, o3, o4, p;
466 /* Force the ':' (if any) to a ','
468 char *ndx = strchr(str, ':');
472 /* Check format and values.
474 if((sscanf(str, "%u.%u.%u.%u,%u", &o1, &o2, &o3, &o4, &p)) == 5
475 && o1 >= 0 && o1 <= 255
476 && o2 >= 0 && o2 <= 255
477 && o3 >= 0 && o3 <= 255
478 && o4 >= 0 && o4 <= 255
479 && p > 0 && p < 65536)
487 /* Set NAT access string
490 set_nat_access(fko_ctx_t ctx, fko_cli_options_t *options)
492 char nat_access_buf[MAX_LINE_LEN] = "";
495 if (options->nat_rand_port)
496 nat_port = get_rand_port(ctx);
497 else if (options->nat_port)
498 nat_port = options->nat_port;
500 nat_port = DEFAULT_NAT_PORT;
502 if (options->nat_local && options->nat_access_str[0] == 0x0)
504 snprintf(nat_access_buf, MAX_LINE_LEN, "%s,%d",
505 options->spa_server_str, nat_port);
508 if (nat_access_buf[0] == 0x0 && options->nat_access_str[0] != 0x0)
510 if (ipv4_str_has_port(options->nat_access_str))
512 snprintf(nat_access_buf, MAX_LINE_LEN, "%s",
513 options->nat_access_str);
517 snprintf(nat_access_buf, MAX_LINE_LEN, "%s,%d",
518 options->nat_access_str, nat_port);
522 return fko_set_spa_nat_access(ctx, nat_access_buf);
526 get_save_file(char *args_save_file)
528 char *homedir = NULL;
531 homedir = getenv("HOME");
533 if (homedir != NULL) {
534 snprintf(args_save_file, MAX_PATH_LEN, "%s%s%s",
535 homedir, "/", ".fwknop.run");
542 /* Show the last command that was executed
545 show_last_command(void)
547 char args_save_file[MAX_PATH_LEN];
548 char args_str[MAX_LINE_LEN] = "";
549 FILE *args_file_ptr = NULL;
552 /* Not sure what the right thing is here on Win32, just exit
555 fprintf(stderr, "--show-last not implemented on Win32 yet.");
559 if (get_save_file(args_save_file)) {
560 if ((args_file_ptr = fopen(args_save_file, "r")) == NULL) {
561 fprintf(stderr, "Could not open args file: %s\n",
565 if ((fgets(args_str, MAX_LINE_LEN, args_file_ptr)) != NULL) {
566 printf("Last fwknop client command line: %s", args_str);
568 printf("Could not read line from file: %s\n", args_save_file);
570 fclose(args_file_ptr);
576 /* Get the command line arguments from the previous invocation
579 run_last_args(fko_cli_options_t *options)
581 FILE *args_file_ptr = NULL;
583 int current_arg_ctr = 0;
587 char args_save_file[MAX_PATH_LEN] = {0};
588 char args_str[MAX_LINE_LEN] = {0};
589 char arg_tmp[MAX_LINE_LEN] = {0};
590 char *argv_new[200]; /* should be way more than enough */
594 /* Not sure what the right thing is here on Win32, just return
600 if (get_save_file(args_save_file))
602 if ((args_file_ptr = fopen(args_save_file, "r")) == NULL)
604 fprintf(stderr, "Could not open args file: %s\n",
608 if ((fgets(args_str, MAX_LINE_LEN, args_file_ptr)) != NULL)
610 args_str[MAX_LINE_LEN-1] = '\0';
611 if (options->verbose)
612 printf("Executing: %s\n", args_str);
613 for (i=0; i < (int)strlen(args_str); i++)
615 if (!isspace(args_str[i]))
617 arg_tmp[current_arg_ctr] = args_str[i];
622 arg_tmp[current_arg_ctr] = '\0';
623 argv_new[argc_new] = malloc(strlen(arg_tmp)+1);
624 if (argv_new[argc_new] == NULL)
626 fprintf(stderr, "malloc failure for cmd line arg.\n");
629 strlcpy(argv_new[argc_new], arg_tmp, strlen(arg_tmp)+1);
635 fclose(args_file_ptr);
637 /* Reset the options index so we can run through them again.
641 config_init(options, argc_new, argv_new);
647 /* Save our command line arguments
650 save_args(int argc, char **argv)
652 char args_save_file[MAX_PATH_LEN];
653 char args_str[MAX_LINE_LEN] = "";
654 FILE *args_file_ptr = NULL;
655 int i = 0, args_str_len = 0;
658 /* Not sure what the right thing is here on Win32, just return
665 if (get_save_file(args_save_file)) {
666 if ((args_file_ptr = fopen(args_save_file, "w")) == NULL) {
667 fprintf(stderr, "Could not open args file: %s\n",
671 for (i=0; i < argc; i++) {
672 args_str_len += strlen(argv[i]);
673 if (args_str_len >= MAX_PATH_LEN) {
674 fprintf(stderr, "argument string too long, exiting.\n");
677 strlcat(args_str, argv[i], MAX_PATH_LEN);
678 strlcat(args_str, " ", MAX_PATH_LEN);
680 fprintf(args_file_ptr, "%s\n", args_str);
681 fclose(args_file_ptr);
686 /* Set the SPA packet message type
689 set_message_type(fko_ctx_t ctx, fko_cli_options_t *options)
693 if(options->server_command[0] != 0x0)
695 message_type = FKO_COMMAND_MSG;
697 else if(options->nat_local)
699 if (options->fw_timeout >= 0)
700 message_type = FKO_CLIENT_TIMEOUT_LOCAL_NAT_ACCESS_MSG;
702 message_type = FKO_LOCAL_NAT_ACCESS_MSG;
704 else if(options->nat_access_str[0] != 0x0)
706 if (options->fw_timeout >= 0)
707 message_type = FKO_CLIENT_TIMEOUT_NAT_ACCESS_MSG;
709 message_type = FKO_NAT_ACCESS_MSG;
713 if (options->fw_timeout >= 0)
714 message_type = FKO_CLIENT_TIMEOUT_ACCESS_MSG;
716 message_type = FKO_ACCESS_MSG;
719 return fko_set_spa_message_type(ctx, message_type);
722 /* Prompt for and receive a user password.
725 get_user_pw(fko_ctx_t ctx, fko_cli_options_t *options, const int crypt_op)
728 static char *no_pw = "";
730 /* First of all if we are using GPG and GPG_AGENT
731 * then there is no password to return.
734 && (options->use_gpg_agent
735 || (crypt_op == CRYPT_OP_ENCRYPT && options->gpg_signer_key == NULL)))
738 /* If --get-key file was specified grab the key/password from it.
740 if (options->get_key_file[0] != 0x0)
742 pw_ptr = getpasswd_file(ctx, options);
744 else if (options->use_gpg)
746 if(crypt_op == CRYPT_OP_DECRYPT)
747 pw_ptr = getpasswd("Enter passphrase for secret key: ");
748 else if(options->gpg_signer_key && strlen(options->gpg_signer_key))
749 pw_ptr = getpasswd("Enter passphrase for signing: ");
755 if(crypt_op == CRYPT_OP_ENCRYPT)
756 pw_ptr = getpasswd("Enter encryption password: ");
757 else if(crypt_op == CRYPT_OP_DECRYPT)
758 pw_ptr = getpasswd("Enter decryption password: ");
760 pw_ptr = getpasswd("Enter password: ");
763 /* Empty password is allowed, NULL password is not.
767 fprintf(stderr, "Received no password data, exiting.\n");
775 /* Display an FKO error message.
778 errmsg(const char *msg, const int err) {
779 fprintf(stderr, "%s: %s: Error %i - %s\n",
780 MY_NAME, msg, err, fko_errstr(err));
783 /* Show the fields of the FKO context.
786 display_ctx(fko_ctx_t ctx)
788 char *rand_val = NULL;
789 char *username = NULL;
790 char *version = NULL;
791 char *spa_message = NULL;
792 char *nat_access = NULL;
793 char *server_auth = NULL;
794 char *enc_data = NULL;
795 char *spa_digest = NULL;
796 char *spa_data = NULL;
798 time_t timestamp = 0;
800 short digest_type = -1;
801 int client_timeout = -1;
803 /* Should be checking return values, but this is temp code. --DSS
805 fko_get_rand_value(ctx, &rand_val);
806 fko_get_username(ctx, &username);
807 fko_get_timestamp(ctx, ×tamp);
808 fko_get_version(ctx, &version);
809 fko_get_spa_message_type(ctx, &msg_type);
810 fko_get_spa_message(ctx, &spa_message);
811 fko_get_spa_nat_access(ctx, &nat_access);
812 fko_get_spa_server_auth(ctx, &server_auth);
813 fko_get_spa_client_timeout(ctx, &client_timeout);
814 fko_get_spa_digest_type(ctx, &digest_type);
815 fko_get_encoded_data(ctx, &enc_data);
816 fko_get_spa_digest(ctx, &spa_digest);
817 fko_get_spa_data(ctx, &spa_data);
819 printf("\nFKO Field Values:\n=================\n\n");
820 printf(" Random Value: %s\n", rand_val == NULL ? "<NULL>" : rand_val);
821 printf(" Username: %s\n", username == NULL ? "<NULL>" : username);
822 printf(" Timestamp: %u\n", (unsigned int) timestamp);
823 printf(" FKO Version: %s\n", version == NULL ? "<NULL>" : version);
824 printf(" Message Type: %i\n", msg_type);
825 printf(" Message String: %s\n", spa_message == NULL ? "<NULL>" : spa_message);
826 printf(" Nat Access: %s\n", nat_access == NULL ? "<NULL>" : nat_access);
827 printf(" Server Auth: %s\n", server_auth == NULL ? "<NULL>" : server_auth);
828 printf(" Client Timeout: %u\n", client_timeout);
829 printf(" Digest Type: %u\n", digest_type);
830 printf("\n Encoded Data: %s\n", enc_data == NULL ? "<NULL>" : enc_data);
831 printf("\nSPA Data Digest: %s\n", spa_digest == NULL ? "<NULL>" : spa_digest);
832 printf("\nFinal Packed/Encrypted/Encoded Data:\n\n%s\n\n", spa_data);
projects / fwknop.git / blob