1 /* fides.c - Light-weight, decentralised trust and authorisation management
2 Copyright (C) 2008-2009 Guus Sliepen <guus@tinc-vpn.org>
4 Fides is free software; you can redistribute it and/or modify
5 it under the terms of the GNU Lesser General Public License as
6 published by the Free Software Foundation; either version 2.1 of
7 the License, or (at your option) any later version.
9 Fides is distributed in the hope that it will be useful,
10 but WITHOUT ANY WARRANTY; without even the implied warranty of
11 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 GNU Lesser General Public License for more details.
14 You should have received a copy of the GNU Lesser General Public
15 License along with this program; if not, see <http://www.gnu.org/licenses/>.
26 #include <botan/types.h>
27 #include <botan/botan.h>
28 #include <botan/ecdsa.h>
29 #include <botan/look_pk.h>
30 #include <botan/lookup.h>
31 #include <botan/filters.h>
32 #include <botan/sha2_32.h>
34 #include <sys/types.h>
42 static void help(ostream &out, const string &argv0) {
43 out << "Usage: " << argv0 << "<command> [arguments]\n"
45 "Available commands are:\n"
47 " init Initialise fides, generate a public/private keypair.\n"
48 " version Show version and copyright information.\n"
49 " help Show this help message.\n"
52 " Trust allow/deny packets signed by the specified key.\n"
54 " Distrust allow/deny packets signed by the specified key.\n"
56 " Don't care about allow/deny packets signed by the specified key.\n"
57 " is_trusted <keyid>\n"
58 " Returns 0 if key is trusted, 1 otherwise\n"
59 " is_distrusted <keyid>\n"
60 " Returns 0 if key is distrusted, 1 otherwise\n"
64 " allow <stuff ...>\n"
66 " deny <stuff ...> \n"
68 " dontcare <stuff ...> \n"
69 " Don't care about stuff.\n"
70 " is_allowed <stuff ...>\n"
71 " Returns 0 if stuff is allowed, 1 otherwise\n"
72 " is_denied <stuff ...>\n"
73 " Returns 0 if stuff is denied, 1 otherwise\n"
75 " import [filename]\n"
76 " Import keys and certificates from file, or stdin if unspecified.\n"
77 " export [filename]\n"
78 " Export keys and certificates to file, or stdout if unspecified.\n"
80 " Tell whether stuff is allowed or not by counting relevant certificates\n"
82 " Find all certificates matching regexp\n"
83 " fsck Verify the signature on all information collected.\n";
86 static void version(ostream &out = cout) {
87 out << "fides version 0.1\n"
88 "Copyright (c) 2008-2009 Guus Sliepen <guus@tinc-vpn.org>\n"
90 "This program is free software; you can redistribute it and/or modify\n"
91 "it under the terms of the GNU General Public License as published by\n"
92 "the Free Software Foundation; either version 2 of the License, or\n"
93 "(at your option) any later version.\n";
98 if(fides.is_firstrun()) {
99 cout << "New keys generated in " << fides.get_homedir() << '\n';
101 cout << "Fides already initialised\n";
106 static int is_trusted(int argc, char *const argv[]) {
111 fides::publickey *key = fides.find_key(fides::hexdecode(argv[0]));
113 cerr << "Unknown key!\n";
116 return fides.is_trusted(key) ? 0 : 1;
119 static int is_distrusted(int argc, char *const argv[]) {
124 fides::publickey *key = fides.find_key(fides::hexdecode(argv[0]));
126 cerr << "Unknown key!\n";
129 return fides.is_distrusted(key) ? 0 : 1;
132 static int trust(int argc, char *const argv[]) {
137 fides::publickey *key = fides.find_key(fides::hexdecode(argv[0]));
141 cerr << "Unknown key!\n";
147 static int dctrust(int argc, char *const argv[]) {
152 fides::publickey *key = fides.find_key(fides::hexdecode(argv[0]));
156 cerr << "Unknown key!\n";
162 static int distrust(int argc, char *const argv[]) {
167 fides::publickey *key = fides.find_key(fides::hexdecode(argv[0]));
171 cerr << "Unknown key!\n";
177 static int sign(int argc, char *const argv[]) {
186 static int allow(int argc, char *const argv[]) {
191 fides.allow(argv[0]);
195 static int dontcare(int argc, char *const argv[]) {
200 fides.dontcare(argv[0]);
204 static int deny(int argc, char *const argv[]) {
213 static int import(int argc, char *const argv[]) {
217 ifstream in(argv[0]);
218 fides.import_all(in);
220 fides.import_all(cin);
224 static int exprt(int argc, char *const argv[]) {
228 ofstream out(argv[0]);
229 fides.export_all(out);
231 fides.export_all(cout);
235 static int find(int argc, char *const argv[]) {
239 // Find certificates matching statement
241 const vector<fides::certificate *> &certs = fides.find_certificates(argv[0]);
242 for(size_t i = 0; i < certs.size(); ++i)
243 cout << i << ' ' << certs[i]->to_string() << '\n';
247 static int is_allowed(int argc, char *const argv[]) {
252 return fides.is_allowed(argv[0]) ? 0 : 1;
255 static int is_denied(int argc, char *const argv[]) {
260 return fides.is_denied(argv[0]) ? 0 : 1;
263 static int test(int argc, char *const argv[]) {
268 int self, trusted, all;
269 fides.auth_stats(argv[0], self, trusted, all);
270 cout << "Self: " << self << ", trusted: " << trusted << ", all: " << all << '\n';
277 cout << "Everything OK\n";
280 cout << "Integrity failure!\n";
285 int main(int argc, char *const argv[]) {
289 static struct option const long_options[] = {
290 {"homedir", required_argument, NULL, 2},
291 {"help", no_argument, NULL, 'h'},
292 {"version", no_argument, NULL, 3},
296 while((r = getopt_long(argc, argv, "h", long_options, &option_index)) != EOF) {
298 case 0: /* long option */
300 case 1: /* non-option */
303 //homedir = strdup(optarg);
319 if(!strcmp(argv[1], "help")) {
324 if(!strcmp(argv[1], "version")) {
329 if(!strcmp(argv[1], "init"))
332 if(!strcmp(argv[1], "trust"))
333 return trust(argc - 2, argv + 2);
335 if(!strcmp(argv[1], "dctrust"))
336 return dctrust(argc - 2, argv + 2);
338 if(!strcmp(argv[1], "distrust"))
339 return distrust(argc - 2, argv + 2);
341 if(!strcmp(argv[1], "is_trusted"))
342 return is_trusted(argc - 2, argv + 2);
344 if(!strcmp(argv[1], "is_distrusted"))
345 return is_distrusted(argc - 2, argv + 2);
347 if(!strcmp(argv[1], "is_allowed"))
348 return is_allowed(argc - 2, argv + 2);
350 if(!strcmp(argv[1], "is_denied"))
351 return is_denied(argc - 2, argv + 2);
353 if(!strcmp(argv[1], "allow"))
354 return allow(argc - 2, argv + 2);
356 if(!strcmp(argv[1], "dontcare"))
357 return dontcare(argc - 2, argv + 2);
359 if(!strcmp(argv[1], "deny"))
360 return deny(argc - 2, argv + 2);
362 if(!strcmp(argv[1], "sign"))
363 return sign(argc - 2, argv + 2);
365 if(!strcmp(argv[1], "import"))
366 return import(argc - 2, argv + 2);
368 if(!strcmp(argv[1], "export"))
369 return exprt(argc - 2, argv + 2);
371 if(!strcmp(argv[1], "test"))
372 return test(argc - 2, argv + 2);
374 if(!strcmp(argv[1], "find"))
375 return find(argc - 2, argv + 2);
377 if(!strcmp(argv[1], "fsck"))
380 cerr << "Unknown command: " << argv[1] << '\n';