1 /* fides.cc - Light-weight, decentralised trust and authorisation management
2 Copyright (C) 2008-2009 Guus Sliepen <guus@tinc-vpn.org>
4 This program is free software; you can redistribute it and/or modify
5 it under the terms of the GNU General Public License as published by
6 the Free Software Foundation; either version 2 of the License, or
7 (at your option) any later version.
9 This program is distributed in the hope that it will be useful,
10 but WITHOUT ANY WARRANTY; without even the implied warranty of
11 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 GNU General Public License for more details.
14 You should have received a copy of the GNU General Public License
15 along with this program; if not, see <http://www.gnu.org/licenses/>.
27 static void help(ostream &out, const string &argv0) {
28 out << "Usage: " << argv0 << "<command> [arguments]\n"
30 "Available commands are:\n"
32 " init Initialise fides, generate a public/private keypair.\n"
33 " version Show version and copyright information.\n"
34 " help Show this help message.\n"
37 " Trust allow/deny packets signed by the specified key.\n"
39 " Distrust allow/deny packets signed by the specified key.\n"
41 " Don't care about allow/deny packets signed by the specified key.\n"
42 " is_trusted <keyid>\n"
43 " Returns 0 if key is trusted, 1 otherwise\n"
44 " is_distrusted <keyid>\n"
45 " Returns 0 if key is distrusted, 1 otherwise\n"
49 " allow <stuff ...>\n"
51 " deny <stuff ...> \n"
53 " dontcare <stuff ...> \n"
54 " Don't care about stuff.\n"
55 " is_allowed <stuff ...>\n"
56 " Returns 0 if stuff is allowed, 1 otherwise\n"
57 " is_denied <stuff ...>\n"
58 " Returns 0 if stuff is denied, 1 otherwise\n"
60 " import [filename]\n"
61 " Import keys and certificates from file, or stdin if unspecified.\n"
62 " export [filename]\n"
63 " Export keys and certificates to file, or stdout if unspecified.\n"
65 " Tell whether stuff is allowed or not by counting relevant certificates\n"
67 " Find all certificates matching regexp\n"
68 " fsck Verify the signature on all information collected.\n";
71 static void version(ostream &out = cout) {
72 out << "fides version 0.1\n"
73 "Copyright (c) 2008-2009 Guus Sliepen <guus@tinc-vpn.org>\n"
75 "This program is free software; you can redistribute it and/or modify\n"
76 "it under the terms of the GNU General Public License as published by\n"
77 "the Free Software Foundation; either version 2 of the License, or\n"
78 "(at your option) any later version.\n";
83 if(fides.is_firstrun()) {
84 cout << "New keys generated in " << fides.get_homedir() << '\n';
86 cout << "Fides already initialised\n";
91 static int is_trusted(int argc, char *const argv[]) {
96 Fides::PublicKey *key = fides.find_key(Fides::hexdecode(argv[0]));
98 cerr << "Unknown key!\n";
101 return fides.is_trusted(key) ? 0 : 1;
104 static int is_distrusted(int argc, char *const argv[]) {
108 Fides::Manager fides;
109 Fides::PublicKey *key = fides.find_key(Fides::hexdecode(argv[0]));
111 cerr << "Unknown key!\n";
114 return fides.is_distrusted(key) ? 0 : 1;
117 static int trust(int argc, char *const argv[]) {
121 Fides::Manager fides;
122 Fides::PublicKey *key = fides.find_key(Fides::hexdecode(argv[0]));
126 cerr << "Unknown key!\n";
132 static int dctrust(int argc, char *const argv[]) {
136 Fides::Manager fides;
137 Fides::PublicKey *key = fides.find_key(Fides::hexdecode(argv[0]));
141 cerr << "Unknown key!\n";
147 static int distrust(int argc, char *const argv[]) {
151 Fides::Manager fides;
152 Fides::PublicKey *key = fides.find_key(Fides::hexdecode(argv[0]));
156 cerr << "Unknown key!\n";
162 static int sign(int argc, char *const argv[]) {
166 Fides::Manager fides;
171 static int allow(int argc, char *const argv[]) {
175 Fides::Manager fides;
176 fides.allow(argv[0]);
180 static int dontcare(int argc, char *const argv[]) {
184 Fides::Manager fides;
185 fides.dontcare(argv[0]);
189 static int deny(int argc, char *const argv[]) {
193 Fides::Manager fides;
198 static int import(int argc, char *const argv[]) {
199 Fides::Manager fides;
202 ifstream in(argv[0]);
203 fides.import_all(in);
205 fides.import_all(cin);
209 static int exprt(int argc, char *const argv[]) {
210 Fides::Manager fides;
213 ofstream out(argv[0]);
214 fides.export_all(out);
216 fides.export_all(cout);
220 static int find(int argc, char *const argv[]) {
224 // Find certificates matching statement
225 Fides::Manager fides;
226 const vector<const Fides::Certificate *> &certs = fides.find_certificates(argv[0]);
227 for(size_t i = 0; i < certs.size(); ++i)
228 cout << i << ' ' << certs[i]->to_string() << '\n';
232 static int is_allowed(int argc, char *const argv[]) {
236 Fides::Manager fides;
237 return fides.is_allowed(argv[0]) ? 0 : 1;
240 static int is_denied(int argc, char *const argv[]) {
244 Fides::Manager fides;
245 return fides.is_denied(argv[0]) ? 0 : 1;
248 static int test(int argc, char *const argv[]) {
252 Fides::Manager fides;
253 int self, trusted, all;
254 fides.auth_stats(argv[0], self, trusted, all);
255 cout << "Self: " << self << ", trusted: " << trusted << ", all: " << all << '\n';
260 Fides::Manager fides;
262 cout << "Everything OK\n";
265 cout << "Integrity failure!\n";
270 int main(int argc, char *const argv[]) {
274 static struct option const long_options[] = {
275 {"homedir", required_argument, NULL, 2},
276 {"help", no_argument, NULL, 'h'},
277 {"version", no_argument, NULL, 3},
281 while((r = getopt_long(argc, argv, "h", long_options, &option_index)) != EOF) {
283 case 0: /* long option */
285 case 1: /* non-option */
288 //homedir = strdup(optarg);
304 if(!strcmp(argv[1], "help")) {
309 if(!strcmp(argv[1], "version")) {
314 if(!strcmp(argv[1], "init"))
317 if(!strcmp(argv[1], "trust"))
318 return trust(argc - 2, argv + 2);
320 if(!strcmp(argv[1], "dctrust"))
321 return dctrust(argc - 2, argv + 2);
323 if(!strcmp(argv[1], "distrust"))
324 return distrust(argc - 2, argv + 2);
326 if(!strcmp(argv[1], "is_trusted"))
327 return is_trusted(argc - 2, argv + 2);
329 if(!strcmp(argv[1], "is_distrusted"))
330 return is_distrusted(argc - 2, argv + 2);
332 if(!strcmp(argv[1], "is_allowed"))
333 return is_allowed(argc - 2, argv + 2);
335 if(!strcmp(argv[1], "is_denied"))
336 return is_denied(argc - 2, argv + 2);
338 if(!strcmp(argv[1], "allow"))
339 return allow(argc - 2, argv + 2);
341 if(!strcmp(argv[1], "dontcare"))
342 return dontcare(argc - 2, argv + 2);
344 if(!strcmp(argv[1], "deny"))
345 return deny(argc - 2, argv + 2);
347 if(!strcmp(argv[1], "sign"))
348 return sign(argc - 2, argv + 2);
350 if(!strcmp(argv[1], "import"))
351 return import(argc - 2, argv + 2);
353 if(!strcmp(argv[1], "export"))
354 return exprt(argc - 2, argv + 2);
356 if(!strcmp(argv[1], "test"))
357 return test(argc - 2, argv + 2);
359 if(!strcmp(argv[1], "find"))
360 return find(argc - 2, argv + 2);
362 if(!strcmp(argv[1], "fsck"))
365 cerr << "Unknown command: " << argv[1] << '\n';