From: Guus Sliepen Date: Sat, 24 Jan 2009 15:38:40 +0000 (+0100) Subject: Autoconfiscation. X-Git-Url: https://tinc-vpn.org/git/browse?a=commitdiff_plain;h=811b273f857703f489875376f188f1fc21b7e850;p=fides Autoconfiscation. --- diff --git a/Makefile b/Makefile deleted file mode 100644 index a7a4bd6..0000000 --- a/Makefile +++ /dev/null @@ -1,13 +0,0 @@ -all: fides - -CFLAGS ?= -Wall -g -O0 -LDFLAGS ?= -Wall -g -O0 - -fides: fides.o - $(CXX) $(LDFLAGS) -o $@ $< -lbotan - -%.o: %.cc %.h - $(CXX) $(CFLAGS) -g -c -Wall -o $@ $< - -clean: - rm -f *.o fides diff --git a/Makefile.am b/Makefile.am new file mode 100644 index 0000000..1e0060f --- /dev/null +++ b/Makefile.am @@ -0,0 +1,6 @@ +AUTOMAKE_OPTIONS = foreign + +SUBDIRS = lib src + +ChangeLog: + git log > ChangeLog diff --git a/configure.ac b/configure.ac new file mode 100644 index 0000000..415538b --- /dev/null +++ b/configure.ac @@ -0,0 +1,21 @@ +AC_INIT +AM_INIT_AUTOMAKE([fides], [0.1]) +AC_PREREQ(2.61) +AC_COPYRIGHT([Copyright (c) 2008-2009 Guus Sliepen ]) +AC_REVISION($Revision$) +AC_CONFIG_SRCDIR(src/fides.cc) + +AC_GNU_SOURCE + +AC_PROG_CXX +AC_PROG_CXXCPP +AC_PROG_INSTALL +AC_PROG_MAKE_SET +AC_PROG_LIBTOOL + +PKG_CHECK_MODULES(BOTAN, botan-1.8 >= 1.8.0) +AC_SUBST(BOTAN_CFLAGS) +AC_SUBST(BOTAN_LIBS) + +AC_CONFIG_FILES([Makefile lib/Makefile src/Makefile]) +AC_OUTPUT diff --git a/lib/Makefile.am b/lib/Makefile.am new file mode 100644 index 0000000..cb39600 --- /dev/null +++ b/lib/Makefile.am @@ -0,0 +1,4 @@ +lib_LTLIBRARIES = libfides.la +libfides_la_SOURCES = fides.cc +include_HEADERS = fides.h +libfides_la_LIBADD = $(BOTAN_LIBS) diff --git a/fides.cc b/lib/fides.cc similarity index 73% rename from fides.cc rename to lib/fides.cc index eb2de1a..c4dff16 100644 --- a/fides.cc +++ b/lib/fides.cc @@ -1,4 +1,4 @@ -/* fides.c - Light-weight, decentralised trust and authorisation management +/* fides.cc - Light-weight, decentralised trust and authorisation management Copyright (C) 2008-2009 Guus Sliepen Fides is free software; you can redistribute it and/or modify @@ -19,8 +19,6 @@ #include #include #include -#include -#include #include #include #include @@ -223,60 +221,6 @@ string fides::certificate::to_string() const { return data; } -static void help(ostream &out, const string &argv0) { - out << "Usage: " << argv0 << " [arguments]\n" - "\n" - "Available commands are:\n" - "\n" - " init Initialise fides, generate a public/private keypair.\n" - " version Show version and copyright information.\n" - " help Show this help message.\n" - "\n" - " trust \n" - " Trust allow/deny packets signed by the specified key.\n" - " distrust \n" - " Distrust allow/deny packets signed by the specified key.\n" - " dctrust \n" - " Don't care about allow/deny packets signed by the specified key.\n" - " is_trusted \n" - " Returns 0 if key is trusted, 1 otherwise\n" - " is_distrusted \n" - " Returns 0 if key is distrusted, 1 otherwise\n" - "\n" - " sign \n" - " Sign stuff.\n" - " allow \n" - " Allow stuff.\n" - " deny \n" - " Deny stuff.\n" - " dontcare \n" - " Don't care about stuff.\n" - " is_allowed \n" - " Returns 0 if stuff is allowed, 1 otherwise\n" - " is_denied \n" - " Returns 0 if stuff is denied, 1 otherwise\n" - "\n" - " import [filename]\n" - " Import keys and certificates from file, or stdin if unspecified.\n" - " export [filename]\n" - " Export keys and certificates to file, or stdout if unspecified.\n" - " test \n" - " Tell whether stuff is allowed or not by counting relevant certificates\n" - " find \n" - " Find all certificates matching regexp\n" - " fsck Verify the signature on all information collected.\n"; -} - -static void version(ostream &out = cout) { - out << "fides version 0.1\n" - "Copyright (c) 2008-2009 Guus Sliepen \n" - "\n" - "This program is free software; you can redistribute it and/or modify\n" - "it under the terms of the GNU General Public License as published by\n" - "the Free Software Foundation; either version 2 of the License, or\n" - "(at your option) any later version.\n"; -} - // Utility functions static vector dirlist(const string &path) { @@ -526,16 +470,6 @@ void fides::export_all(ostream &out) { out << i->second->to_string() << '\n'; } -static int init() { - fides fides; - if(fides.is_firstrun()) { - cout << "New keys generated in " << fides.get_homedir() << '\n'; - } else { - cout << "Fides already initialised\n"; - } - return 0; -} - void fides::trust(publickey *key) { string full = "t+ " + hexencode(key->fingerprint()); sign(full); @@ -551,77 +485,6 @@ void fides::dctrust(publickey *key) { sign(full); } -static int is_trusted(int argc, char *const argv[]) { - if(argc < 1) - return EX_USAGE; - - fides fides; - fides::publickey *key = fides.find_key(fides::hexdecode(argv[0])); - if(!key) { - cerr << "Unknown key!\n"; - return 1; - } - return fides.is_trusted(key) ? 0 : 1; -} - -static int is_distrusted(int argc, char *const argv[]) { - if(argc < 1) - return EX_USAGE; - - fides fides; - fides::publickey *key = fides.find_key(fides::hexdecode(argv[0])); - if(!key) { - cerr << "Unknown key!\n"; - return 1; - } - return fides.is_distrusted(key) ? 0 : 1; -} - -static int trust(int argc, char *const argv[]) { - if(argc < 1) - return EX_USAGE; - - fides fides; - fides::publickey *key = fides.find_key(fides::hexdecode(argv[0])); - if(key) - fides.trust(key); - else { - cerr << "Unknown key!\n"; - return -1; - } - return 0; -} - -static int dctrust(int argc, char *const argv[]) { - if(argc < 1) - return EX_USAGE; - - fides fides; - fides::publickey *key = fides.find_key(fides::hexdecode(argv[0])); - if(key) - fides.dctrust(key); - else { - cerr << "Unknown key!\n"; - return -1; - } - return 0; -} - -static int distrust(int argc, char *const argv[]) { - if(argc < 1) - return EX_USAGE; - - fides fides; - fides::publickey *key = fides.find_key(fides::hexdecode(argv[0])); - if(key) - fides.distrust(key); - else { - cerr << "Unknown key!\n"; - return -1; - } - return 0; -} - void fides::update_trust() { // clear trust on all keys for(map::iterator i = keys.begin(); i != keys.end(); ++i) @@ -909,210 +772,3 @@ void fides::deny(const string &statement, publickey *key) { sign(full); } -static int sign(int argc, char *const argv[]) { - if(argc < 1) - return EX_USAGE; - - fides fides; - fides.sign(argv[0]); - return 0; -} - -static int allow(int argc, char *const argv[]) { - if(argc < 1) - return EX_USAGE; - - fides fides; - fides.allow(argv[0]); - return 0; -} - -static int dontcare(int argc, char *const argv[]) { - if(argc < 1) - return EX_USAGE; - - fides fides; - fides.dontcare(argv[0]); - return 0; -} - -static int deny(int argc, char *const argv[]) { - if(argc < 1) - return EX_USAGE; - - fides fides; - fides.deny(argv[0]); - return 0; -} - -static int import(int argc, char *const argv[]) { - fides fides; - - if(argc) { - ifstream in(argv[0]); - fides.import_all(in); - } else - fides.import_all(cin); - return 0; -} - -static int exprt(int argc, char *const argv[]) { - fides fides; - - if(argc) { - ofstream out(argv[0]); - fides.export_all(out); - } else - fides.export_all(cout); - return 0; -} - -static int find(int argc, char *const argv[]) { - if(argc < 1) - return EX_USAGE; - - // Find certificates matching statement - fides fides; - const vector &certs = fides.find_certificates(argv[0]); - for(size_t i = 0; i < certs.size(); ++i) - cout << i << ' ' << certs[i]->to_string() << '\n'; - return 0; -} - -static int is_allowed(int argc, char *const argv[]) { - if(argc < 1) - return EX_USAGE; - - fides fides; - return fides.is_allowed(argv[0]) ? 0 : 1; -} - -static int is_denied(int argc, char *const argv[]) { - if(argc < 1) - return EX_USAGE; - - fides fides; - return fides.is_denied(argv[0]) ? 0 : 1; -} - -static int test(int argc, char *const argv[]) { - if(argc < 1) - return EX_USAGE; - - fides fides; - int self, trusted, all; - fides.auth_stats(argv[0], self, trusted, all); - cout << "Self: " << self << ", trusted: " << trusted << ", all: " << all << '\n'; - return 0; -} - -static int fsck() { - fides fides; - if(fides.fsck()) { - cout << "Everything OK\n"; - return 0; - } else { - cout << "Integrity failure!\n"; - return 1; - } -} - -int main(int argc, char *const argv[]) { - int r; - int option_index; - - static struct option const long_options[] = { - {"homedir", required_argument, NULL, 2}, - {"help", no_argument, NULL, 'h'}, - {"version", no_argument, NULL, 3}, - {NULL, 0, NULL, 0} - }; - - while((r = getopt_long(argc, argv, "h", long_options, &option_index)) != EOF) { - switch (r) { - case 0: /* long option */ - break; - case 1: /* non-option */ - break; - case 2: - //homedir = strdup(optarg); - break; - case 3: - version(); - return 0; - case 'h': - help(cout, argv[0]); - return 0; - } - } - - if(argc < 2) { - help(cerr, argv[0]); - return EX_USAGE; - } - - if(!strcmp(argv[1], "help")) { - help(cout, argv[0]); - return 0; - } - - if(!strcmp(argv[1], "version")) { - version(); - return 0; - } - - if(!strcmp(argv[1], "init")) - return init(); - - if(!strcmp(argv[1], "trust")) - return trust(argc - 2, argv + 2); - - if(!strcmp(argv[1], "dctrust")) - return dctrust(argc - 2, argv + 2); - - if(!strcmp(argv[1], "distrust")) - return distrust(argc - 2, argv + 2); - - if(!strcmp(argv[1], "is_trusted")) - return is_trusted(argc - 2, argv + 2); - - if(!strcmp(argv[1], "is_distrusted")) - return is_distrusted(argc - 2, argv + 2); - - if(!strcmp(argv[1], "is_allowed")) - return is_allowed(argc - 2, argv + 2); - - if(!strcmp(argv[1], "is_denied")) - return is_denied(argc - 2, argv + 2); - - if(!strcmp(argv[1], "allow")) - return allow(argc - 2, argv + 2); - - if(!strcmp(argv[1], "dontcare")) - return dontcare(argc - 2, argv + 2); - - if(!strcmp(argv[1], "deny")) - return deny(argc - 2, argv + 2); - - if(!strcmp(argv[1], "sign")) - return sign(argc - 2, argv + 2); - - if(!strcmp(argv[1], "import")) - return import(argc - 2, argv + 2); - - if(!strcmp(argv[1], "export")) - return exprt(argc - 2, argv + 2); - - if(!strcmp(argv[1], "test")) - return test(argc - 2, argv + 2); - - if(!strcmp(argv[1], "find")) - return find(argc - 2, argv + 2); - - if(!strcmp(argv[1], "fsck")) - return fsck(); - - cerr << "Unknown command: " << argv[1] << '\n'; - return EX_USAGE; -} - diff --git a/fides.h b/lib/fides.h similarity index 100% rename from fides.h rename to lib/fides.h diff --git a/src/Makefile.am b/src/Makefile.am new file mode 100644 index 0000000..3a5b9e9 --- /dev/null +++ b/src/Makefile.am @@ -0,0 +1,11 @@ +AM_CPPFLAGS = \ + -I$(top_srcdir)/lib + +bin_PROGRAMS = fides + +fides_SOURCES = fides.cc + +noinst_HEADERS = + +fides_LDADD = \ + $(top_srcdir)/lib/libfides.la diff --git a/src/fides.cc b/src/fides.cc new file mode 100644 index 0000000..006b503 --- /dev/null +++ b/src/fides.cc @@ -0,0 +1,382 @@ +/* fides.c - Light-weight, decentralised trust and authorisation management + Copyright (C) 2008-2009 Guus Sliepen + + Fides is free software; you can redistribute it and/or modify + it under the terms of the GNU Lesser General Public License as + published by the Free Software Foundation; either version 2.1 of + the License, or (at your option) any later version. + + Fides is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with this program; if not, see . +*/ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "fides.h" + +using namespace std; + +static void help(ostream &out, const string &argv0) { + out << "Usage: " << argv0 << " [arguments]\n" + "\n" + "Available commands are:\n" + "\n" + " init Initialise fides, generate a public/private keypair.\n" + " version Show version and copyright information.\n" + " help Show this help message.\n" + "\n" + " trust \n" + " Trust allow/deny packets signed by the specified key.\n" + " distrust \n" + " Distrust allow/deny packets signed by the specified key.\n" + " dctrust \n" + " Don't care about allow/deny packets signed by the specified key.\n" + " is_trusted \n" + " Returns 0 if key is trusted, 1 otherwise\n" + " is_distrusted \n" + " Returns 0 if key is distrusted, 1 otherwise\n" + "\n" + " sign \n" + " Sign stuff.\n" + " allow \n" + " Allow stuff.\n" + " deny \n" + " Deny stuff.\n" + " dontcare \n" + " Don't care about stuff.\n" + " is_allowed \n" + " Returns 0 if stuff is allowed, 1 otherwise\n" + " is_denied \n" + " Returns 0 if stuff is denied, 1 otherwise\n" + "\n" + " import [filename]\n" + " Import keys and certificates from file, or stdin if unspecified.\n" + " export [filename]\n" + " Export keys and certificates to file, or stdout if unspecified.\n" + " test \n" + " Tell whether stuff is allowed or not by counting relevant certificates\n" + " find \n" + " Find all certificates matching regexp\n" + " fsck Verify the signature on all information collected.\n"; +} + +static void version(ostream &out = cout) { + out << "fides version 0.1\n" + "Copyright (c) 2008-2009 Guus Sliepen \n" + "\n" + "This program is free software; you can redistribute it and/or modify\n" + "it under the terms of the GNU General Public License as published by\n" + "the Free Software Foundation; either version 2 of the License, or\n" + "(at your option) any later version.\n"; +} + +static int init() { + fides fides; + if(fides.is_firstrun()) { + cout << "New keys generated in " << fides.get_homedir() << '\n'; + } else { + cout << "Fides already initialised\n"; + } + return 0; +} + +static int is_trusted(int argc, char *const argv[]) { + if(argc < 1) + return EX_USAGE; + + fides fides; + fides::publickey *key = fides.find_key(fides::hexdecode(argv[0])); + if(!key) { + cerr << "Unknown key!\n"; + return 1; + } + return fides.is_trusted(key) ? 0 : 1; +} + +static int is_distrusted(int argc, char *const argv[]) { + if(argc < 1) + return EX_USAGE; + + fides fides; + fides::publickey *key = fides.find_key(fides::hexdecode(argv[0])); + if(!key) { + cerr << "Unknown key!\n"; + return 1; + } + return fides.is_distrusted(key) ? 0 : 1; +} + +static int trust(int argc, char *const argv[]) { + if(argc < 1) + return EX_USAGE; + + fides fides; + fides::publickey *key = fides.find_key(fides::hexdecode(argv[0])); + if(key) + fides.trust(key); + else { + cerr << "Unknown key!\n"; + return -1; + } + return 0; +} + +static int dctrust(int argc, char *const argv[]) { + if(argc < 1) + return EX_USAGE; + + fides fides; + fides::publickey *key = fides.find_key(fides::hexdecode(argv[0])); + if(key) + fides.dctrust(key); + else { + cerr << "Unknown key!\n"; + return -1; + } + return 0; +} + +static int distrust(int argc, char *const argv[]) { + if(argc < 1) + return EX_USAGE; + + fides fides; + fides::publickey *key = fides.find_key(fides::hexdecode(argv[0])); + if(key) + fides.distrust(key); + else { + cerr << "Unknown key!\n"; + return -1; + } + return 0; +} + +static int sign(int argc, char *const argv[]) { + if(argc < 1) + return EX_USAGE; + + fides fides; + fides.sign(argv[0]); + return 0; +} + +static int allow(int argc, char *const argv[]) { + if(argc < 1) + return EX_USAGE; + + fides fides; + fides.allow(argv[0]); + return 0; +} + +static int dontcare(int argc, char *const argv[]) { + if(argc < 1) + return EX_USAGE; + + fides fides; + fides.dontcare(argv[0]); + return 0; +} + +static int deny(int argc, char *const argv[]) { + if(argc < 1) + return EX_USAGE; + + fides fides; + fides.deny(argv[0]); + return 0; +} + +static int import(int argc, char *const argv[]) { + fides fides; + + if(argc) { + ifstream in(argv[0]); + fides.import_all(in); + } else + fides.import_all(cin); + return 0; +} + +static int exprt(int argc, char *const argv[]) { + fides fides; + + if(argc) { + ofstream out(argv[0]); + fides.export_all(out); + } else + fides.export_all(cout); + return 0; +} + +static int find(int argc, char *const argv[]) { + if(argc < 1) + return EX_USAGE; + + // Find certificates matching statement + fides fides; + const vector &certs = fides.find_certificates(argv[0]); + for(size_t i = 0; i < certs.size(); ++i) + cout << i << ' ' << certs[i]->to_string() << '\n'; + return 0; +} + +static int is_allowed(int argc, char *const argv[]) { + if(argc < 1) + return EX_USAGE; + + fides fides; + return fides.is_allowed(argv[0]) ? 0 : 1; +} + +static int is_denied(int argc, char *const argv[]) { + if(argc < 1) + return EX_USAGE; + + fides fides; + return fides.is_denied(argv[0]) ? 0 : 1; +} + +static int test(int argc, char *const argv[]) { + if(argc < 1) + return EX_USAGE; + + fides fides; + int self, trusted, all; + fides.auth_stats(argv[0], self, trusted, all); + cout << "Self: " << self << ", trusted: " << trusted << ", all: " << all << '\n'; + return 0; +} + +static int fsck() { + fides fides; + if(fides.fsck()) { + cout << "Everything OK\n"; + return 0; + } else { + cout << "Integrity failure!\n"; + return 1; + } +} + +int main(int argc, char *const argv[]) { + int r; + int option_index; + + static struct option const long_options[] = { + {"homedir", required_argument, NULL, 2}, + {"help", no_argument, NULL, 'h'}, + {"version", no_argument, NULL, 3}, + {NULL, 0, NULL, 0} + }; + + while((r = getopt_long(argc, argv, "h", long_options, &option_index)) != EOF) { + switch (r) { + case 0: /* long option */ + break; + case 1: /* non-option */ + break; + case 2: + //homedir = strdup(optarg); + break; + case 3: + version(); + return 0; + case 'h': + help(cout, argv[0]); + return 0; + } + } + + if(argc < 2) { + help(cerr, argv[0]); + return EX_USAGE; + } + + if(!strcmp(argv[1], "help")) { + help(cout, argv[0]); + return 0; + } + + if(!strcmp(argv[1], "version")) { + version(); + return 0; + } + + if(!strcmp(argv[1], "init")) + return init(); + + if(!strcmp(argv[1], "trust")) + return trust(argc - 2, argv + 2); + + if(!strcmp(argv[1], "dctrust")) + return dctrust(argc - 2, argv + 2); + + if(!strcmp(argv[1], "distrust")) + return distrust(argc - 2, argv + 2); + + if(!strcmp(argv[1], "is_trusted")) + return is_trusted(argc - 2, argv + 2); + + if(!strcmp(argv[1], "is_distrusted")) + return is_distrusted(argc - 2, argv + 2); + + if(!strcmp(argv[1], "is_allowed")) + return is_allowed(argc - 2, argv + 2); + + if(!strcmp(argv[1], "is_denied")) + return is_denied(argc - 2, argv + 2); + + if(!strcmp(argv[1], "allow")) + return allow(argc - 2, argv + 2); + + if(!strcmp(argv[1], "dontcare")) + return dontcare(argc - 2, argv + 2); + + if(!strcmp(argv[1], "deny")) + return deny(argc - 2, argv + 2); + + if(!strcmp(argv[1], "sign")) + return sign(argc - 2, argv + 2); + + if(!strcmp(argv[1], "import")) + return import(argc - 2, argv + 2); + + if(!strcmp(argv[1], "export")) + return exprt(argc - 2, argv + 2); + + if(!strcmp(argv[1], "test")) + return test(argc - 2, argv + 2); + + if(!strcmp(argv[1], "find")) + return find(argc - 2, argv + 2); + + if(!strcmp(argv[1], "fsck")) + return fsck(); + + cerr << "Unknown command: " << argv[1] << '\n'; + return EX_USAGE; +}