| 1 | /* -*-c-*- |
| 2 | * |
| 3 | * $Id$ |
| 4 | * |
| 5 | * Generate and validate cryptographic cookies |
| 6 | * |
| 7 | * (c) 1999 Mark Wooding |
| 8 | */ |
| 9 | |
| 10 | /*----- Licensing notice --------------------------------------------------* |
| 11 | * |
| 12 | * This file is part of Catacomb. |
| 13 | * |
| 14 | * Catacomb is free software; you can redistribute it and/or modify |
| 15 | * it under the terms of the GNU General Public License as published by |
| 16 | * the Free Software Foundation; either version 2 of the License, or |
| 17 | * (at your option) any later version. |
| 18 | * |
| 19 | * Catacomb is distributed in the hope that it will be useful, |
| 20 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
| 21 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
| 22 | * GNU General Public License for more details. |
| 23 | * |
| 24 | * You should have received a copy of the GNU General Public License |
| 25 | * along with Catacomb; if not, write to the Free Software Foundation, |
| 26 | * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
| 27 | */ |
| 28 | |
| 29 | /*----- Header files ------------------------------------------------------*/ |
| 30 | |
| 31 | #include "config.h" |
| 32 | |
| 33 | #include <errno.h> |
| 34 | #include <stdio.h> |
| 35 | #include <stdlib.h> |
| 36 | #include <string.h> |
| 37 | #include <time.h> |
| 38 | |
| 39 | #include <mLib/base64.h> |
| 40 | #include <mLib/bits.h> |
| 41 | #include <mLib/dstr.h> |
| 42 | #include <mLib/mdwopt.h> |
| 43 | #include <mLib/quis.h> |
| 44 | #include <mLib/report.h> |
| 45 | #include <mLib/sub.h> |
| 46 | |
| 47 | #include "cc.h" |
| 48 | #include "key.h" |
| 49 | #include "gmac.h" |
| 50 | #include "getdate.h" |
| 51 | |
| 52 | /*----- Handy global state ------------------------------------------------*/ |
| 53 | |
| 54 | static const char *keyfile = "keyring"; |
| 55 | |
| 56 | /*----- Cookie format -----------------------------------------------------*/ |
| 57 | |
| 58 | /* --- Cookie header structure (unpacked) --- */ |
| 59 | |
| 60 | typedef struct cookie { |
| 61 | uint32 k; |
| 62 | time_t exp; |
| 63 | } cookie; |
| 64 | |
| 65 | /* --- Size of a cookie header (packed) --- */ |
| 66 | |
| 67 | #define COOKIE_SZ (4 + 8) |
| 68 | |
| 69 | /* --- @COOKIE_PACK@ --- * |
| 70 | * |
| 71 | * Arguments: @p@ = pointer to destination buffer |
| 72 | * @c@ = pointer to source cookie header block |
| 73 | * |
| 74 | * Use: Packs a cookie header into an octet buffer in a machine- |
| 75 | * independent way. |
| 76 | */ |
| 77 | |
| 78 | #define COOKIE_PACK(p, c) do { \ |
| 79 | octet *_p = (octet *)(p); \ |
| 80 | const cookie *_c = (c); \ |
| 81 | STORE32(_p + 0, _c->k); \ |
| 82 | STORE32(_p + 4, ((_c->exp & ~MASK32) >> 16) >> 16); \ |
| 83 | STORE32(_p + 8, _c->exp); \ |
| 84 | } while (0) |
| 85 | |
| 86 | /* --- @COOKIE_UNPACK@ --- * |
| 87 | * |
| 88 | * Arguments: @c@ = pointer to destination cookie header |
| 89 | * @p@ = pointer to source buffer |
| 90 | * |
| 91 | * Use: Unpacks a cookie header from an octet buffer into a |
| 92 | * machine-specific but comprehensible structure. |
| 93 | */ |
| 94 | |
| 95 | #define COOKIE_UNPACK(c, p) do { \ |
| 96 | cookie *_c = (c); \ |
| 97 | const octet *_p = (const octet *)(p); \ |
| 98 | _c->k = LOAD32(_p + 0); \ |
| 99 | _c->exp = ((time_t)(((LOAD32(_p + 4) << 16) << 16) & ~MASK32) | \ |
| 100 | (time_t)LOAD32(_p + 8)); \ |
| 101 | } while (0) |
| 102 | |
| 103 | /*----- Useful shared functions -------------------------------------------*/ |
| 104 | |
| 105 | /* --- @doopen@ --- * |
| 106 | * |
| 107 | * Arguments: @key_file *f@ = pointer to key file block |
| 108 | * @unsigned how@ = method to open file with |
| 109 | * |
| 110 | * Returns: --- |
| 111 | * |
| 112 | * Use: Opens a key file and handles errors by panicking |
| 113 | * appropriately. |
| 114 | */ |
| 115 | |
| 116 | static void doopen(key_file *f, unsigned how) |
| 117 | { |
| 118 | if (key_open(f, keyfile, how, key_moan, 0)) { |
| 119 | die(EXIT_FAILURE, "couldn't open file `%s': %s", |
| 120 | keyfile, strerror(errno)); |
| 121 | } |
| 122 | } |
| 123 | |
| 124 | /* --- @doclose@ --- * |
| 125 | * |
| 126 | * Arguments: @key_file *f@ = pointer to key file block |
| 127 | * |
| 128 | * Returns: --- |
| 129 | * |
| 130 | * Use: Closes a key file and handles errors by panicking |
| 131 | * appropriately. |
| 132 | */ |
| 133 | |
| 134 | static void doclose(key_file *f) |
| 135 | { |
| 136 | switch (key_close(f)) { |
| 137 | case KWRITE_FAIL: |
| 138 | die(EXIT_FAILURE, "couldn't write file `%s': %s", |
| 139 | keyfile, strerror(errno)); |
| 140 | case KWRITE_BROKEN: |
| 141 | die(EXIT_FAILURE, "keyring file `%s' broken: %s (repair manually)", |
| 142 | keyfile, strerror(errno)); |
| 143 | } |
| 144 | } |
| 145 | |
| 146 | /* --- @getmac@ --- * |
| 147 | * |
| 148 | * Arguments: @key *k@ = key to use |
| 149 | * @const char *app@ = application name |
| 150 | * |
| 151 | * Returns: The MAC to use. |
| 152 | * |
| 153 | * Use: Finds the right MAC for the given key. |
| 154 | */ |
| 155 | |
| 156 | static gmac *getmac(key *k, const char *app) |
| 157 | { |
| 158 | dstr t = DSTR_INIT; |
| 159 | dstr d = DSTR_INIT; |
| 160 | char *p = 0; |
| 161 | const char *q; |
| 162 | size_t n; |
| 163 | key_bin kb; |
| 164 | key_packdef kp; |
| 165 | const gcmac *cm; |
| 166 | int e; |
| 167 | gmac *m; |
| 168 | |
| 169 | /* --- Set up --- */ |
| 170 | |
| 171 | key_fulltag(k, &t); |
| 172 | |
| 173 | /* --- Pick out the right MAC --- */ |
| 174 | |
| 175 | n = strlen(app); |
| 176 | if ((q = key_getattr(0, k, "mac")) != 0) { |
| 177 | dstr_puts(&d, q); |
| 178 | p = d.buf; |
| 179 | } else if (strncmp(k->type, app, n) == 0 && k->type[n] == '-') { |
| 180 | dstr_puts(&d, k->type); |
| 181 | p = d.buf + n + 1; |
| 182 | } else |
| 183 | die(EXIT_FAILURE, "no MAC algorithm for key `%s'", t.buf); |
| 184 | if ((cm = gmac_byname(p)) == 0) { |
| 185 | die(EXIT_FAILURE, "MAC algorithm `%s' not found in key `%s'", |
| 186 | p, t.buf); |
| 187 | } |
| 188 | |
| 189 | /* --- Unlock the key --- */ |
| 190 | |
| 191 | kp.kd.e = KENC_BINARY; |
| 192 | kp.p = &kb; |
| 193 | if ((e = key_unpack(&kp, &k->k, &t)) != 0) { |
| 194 | die(EXIT_FAILURE, "error unpacking key `%s': %s", |
| 195 | t.buf, key_strerror(e)); |
| 196 | } |
| 197 | |
| 198 | /* --- Make the MAC object --- */ |
| 199 | |
| 200 | if (keysz(kb.sz, cm->keysz) != kb.sz) |
| 201 | die(EXIT_FAILURE, "key %s has bad length (%lu) for MAC %s", |
| 202 | t.buf, (unsigned long)kb.sz, cm->name); |
| 203 | m = cm->key(kb.k, kb.sz); |
| 204 | key_unpackdone(&kp); |
| 205 | return (m); |
| 206 | } |
| 207 | |
| 208 | /*----- Command implementation --------------------------------------------*/ |
| 209 | |
| 210 | /* --- @cmd_gen@ --- */ |
| 211 | |
| 212 | static int cmd_gen(int argc, char *argv[]) |
| 213 | { |
| 214 | key_file f; |
| 215 | key *k; |
| 216 | gmac *m; |
| 217 | ghash *h; |
| 218 | const char *tag = "cookie"; |
| 219 | int err; |
| 220 | cookie c = { 0, KEXP_EXPIRE }; |
| 221 | unsigned fl = 0; |
| 222 | int bits = 32; |
| 223 | const octet *t; |
| 224 | dstr d = DSTR_INIT; |
| 225 | octet buf[COOKIE_SZ]; |
| 226 | base64_ctx b; |
| 227 | |
| 228 | /* --- Various useful flag bits --- */ |
| 229 | |
| 230 | #define f_bogus 1u |
| 231 | |
| 232 | /* --- Parse options for the subcommand --- */ |
| 233 | |
| 234 | for (;;) { |
| 235 | static struct option opt[] = { |
| 236 | { "bits", OPTF_ARGREQ, 0, 'b' }, |
| 237 | { "expire", OPTF_ARGREQ, 0, 'e' }, |
| 238 | { "key", OPTF_ARGREQ, 0, 'k' }, |
| 239 | { 0, 0, 0, 0 } |
| 240 | }; |
| 241 | int i = mdwopt(argc, argv, "+b:e:i:t:", opt, 0, 0, 0); |
| 242 | if (i < 0) |
| 243 | break; |
| 244 | |
| 245 | /* --- Handle the various options --- */ |
| 246 | |
| 247 | switch (i) { |
| 248 | |
| 249 | /* --- Fetch a size in bits --- */ |
| 250 | |
| 251 | case 'b': |
| 252 | if (!(bits = atoi(optarg)) || bits % 8) |
| 253 | die(EXIT_FAILURE, "bad number of bits: `%s'", optarg); |
| 254 | break; |
| 255 | |
| 256 | /* --- Fetch an expiry time --- */ |
| 257 | |
| 258 | case 'e': |
| 259 | if (strcmp(optarg, "forever") == 0) |
| 260 | c.exp = KEXP_FOREVER; |
| 261 | else if ((c.exp = get_date(optarg, 0)) == -1) |
| 262 | die(EXIT_FAILURE, "bad expiry date: `%s'", optarg); |
| 263 | break; |
| 264 | |
| 265 | /* --- Fetch a key type --- */ |
| 266 | |
| 267 | case 'k': |
| 268 | tag = optarg; |
| 269 | break; |
| 270 | |
| 271 | /* --- Other things are bogus --- */ |
| 272 | |
| 273 | default: |
| 274 | fl |= f_bogus; |
| 275 | break; |
| 276 | } |
| 277 | } |
| 278 | |
| 279 | /* --- Various sorts of bogosity --- */ |
| 280 | |
| 281 | if (fl & f_bogus || optind + 1 < argc) |
| 282 | die(EXIT_FAILURE, |
| 283 | "Usage: generate [-b BITS] [-e TIME] [-k TAG] [DATA]"); |
| 284 | |
| 285 | /* --- Choose a default expiry time --- */ |
| 286 | |
| 287 | if (c.exp == KEXP_EXPIRE) |
| 288 | c.exp = time(0) + 7 * 24 * 60 * 60; |
| 289 | |
| 290 | /* --- Open the key file and get the key --- */ |
| 291 | |
| 292 | doopen(&f, KOPEN_WRITE); |
| 293 | if ((k = key_bytag(&f, tag)) == 0) { |
| 294 | die(EXIT_FAILURE, "no key with tag `%s' in keyring `%s'", |
| 295 | tag, keyfile); |
| 296 | } |
| 297 | |
| 298 | c.k = k->id; |
| 299 | if ((err = key_used(&f, k, c.exp)) != 0) |
| 300 | die(EXIT_FAILURE, "can't generate cookie: %s", key_strerror(err)); |
| 301 | m = getmac(k, "cookie"); |
| 302 | if (bits/8 > GM_CLASS(m)->hashsz) { |
| 303 | die(EXIT_FAILURE, "inapproriate bit length for `%s' MACs", |
| 304 | GM_CLASS(m)->name); |
| 305 | } |
| 306 | |
| 307 | /* --- Store and MAC the cookie --- */ |
| 308 | |
| 309 | COOKIE_PACK(buf, &c); |
| 310 | |
| 311 | h = GM_INIT(m); |
| 312 | GH_HASH(h, buf, sizeof(buf)); |
| 313 | if (argv[optind]) |
| 314 | GH_HASH(h, argv[optind], strlen(argv[optind])); |
| 315 | t = GH_DONE(h, 0); |
| 316 | |
| 317 | /* --- Encode and emit the finished cookie --- */ |
| 318 | |
| 319 | base64_init(&b); |
| 320 | b.indent = ""; |
| 321 | base64_encode(&b, buf, sizeof(buf), &d); |
| 322 | base64_encode(&b, t, bits/8, &d); |
| 323 | base64_encode(&b, 0, 0, &d); |
| 324 | DWRITE(&d, stdout); |
| 325 | fputc('\n', stdout); |
| 326 | DDESTROY(&d); |
| 327 | GH_DESTROY(h); |
| 328 | GM_DESTROY(m); |
| 329 | |
| 330 | doclose(&f); |
| 331 | return (0); |
| 332 | |
| 333 | #undef f_bogus |
| 334 | } |
| 335 | |
| 336 | /* --- @cmd_verify@ --- */ |
| 337 | |
| 338 | static int cmd_verify(int argc, char *argv[]) |
| 339 | { |
| 340 | key_file f; |
| 341 | dstr d = DSTR_INIT; |
| 342 | unsigned fl = 0; |
| 343 | int bits = -1, minbits = 32; |
| 344 | int v = 1; |
| 345 | base64_ctx b; |
| 346 | gmac *m; |
| 347 | ghash *h; |
| 348 | cookie c; |
| 349 | key *k; |
| 350 | int cbits; |
| 351 | const octet *t; |
| 352 | time_t now = time(0); |
| 353 | |
| 354 | /* --- Various useful flag bits --- */ |
| 355 | |
| 356 | #define f_bogus 1u |
| 357 | #define f_forever 2u |
| 358 | #define f_utc 4u |
| 359 | |
| 360 | /* --- Parse options for the subcommand --- */ |
| 361 | |
| 362 | for (;;) { |
| 363 | static struct option opt[] = { |
| 364 | { "bits", OPTF_ARGREQ, 0, 'b' }, |
| 365 | { "min-bits", OPTF_ARGREQ, 0, 'm' }, |
| 366 | { "forever", 0, 0, 'f' }, |
| 367 | { "quiet", 0, 0, 'q' }, |
| 368 | { "verbose", 0, 0, 'v' }, |
| 369 | { "utc", 0, 0, 'u' }, |
| 370 | { 0, 0, 0, 0 } |
| 371 | }; |
| 372 | int i = mdwopt(argc, argv, "+b:m:fqvu", opt, 0, 0, 0); |
| 373 | if (i < 0) |
| 374 | break; |
| 375 | |
| 376 | /* --- Handle the various options --- */ |
| 377 | |
| 378 | switch (i) { |
| 379 | |
| 380 | /* --- Fetch a size in bits --- */ |
| 381 | |
| 382 | case 'b': |
| 383 | if (!(bits = atoi(optarg)) || bits % 8) |
| 384 | die(EXIT_FAILURE, "bad number of bits: `%s'", optarg); |
| 385 | break; |
| 386 | case 'm': |
| 387 | if (!(minbits = atoi(optarg)) || minbits % 8) |
| 388 | die(EXIT_FAILURE, "bad number of bits: `%s'", optarg); |
| 389 | break; |
| 390 | |
| 391 | /* --- Miscellaneous flags --- */ |
| 392 | |
| 393 | case 'f': |
| 394 | fl |= f_forever; |
| 395 | break; |
| 396 | case 'u': |
| 397 | fl |= f_utc; |
| 398 | break; |
| 399 | case 'q': |
| 400 | if (v > 0) v--; |
| 401 | break; |
| 402 | case 'v': |
| 403 | v++; |
| 404 | break; |
| 405 | |
| 406 | /* --- Other things are bogus --- */ |
| 407 | |
| 408 | default: |
| 409 | fl |= f_bogus; |
| 410 | break; |
| 411 | } |
| 412 | } |
| 413 | |
| 414 | /* --- Various sorts of bogosity --- */ |
| 415 | |
| 416 | if (fl & f_bogus || optind == argc || optind + 2 < argc) { |
| 417 | die(EXIT_FAILURE, |
| 418 | "Usage: verify [-fuqv] [-b BITS] [-m BITS] COOKIE [DATA]"); |
| 419 | } |
| 420 | doopen(&f, KOPEN_READ); |
| 421 | |
| 422 | /* --- Decode the base64 wrapping --- */ |
| 423 | |
| 424 | base64_init(&b); |
| 425 | base64_decode(&b, argv[optind], strlen(argv[optind]), &d); |
| 426 | base64_decode(&b, 0, 0, &d); |
| 427 | |
| 428 | if (d.len < COOKIE_SZ + 1) { |
| 429 | if (v) printf("FAIL cookie too small\n"); |
| 430 | goto fail; |
| 431 | } |
| 432 | |
| 433 | /* --- Extract the relevant details --- */ |
| 434 | |
| 435 | COOKIE_UNPACK(&c, d.buf); |
| 436 | |
| 437 | if (v > 1) { |
| 438 | char buf[64]; |
| 439 | if (c.exp == KEXP_FOREVER) |
| 440 | strcpy(buf, "forever"); |
| 441 | else { |
| 442 | struct tm *tm; |
| 443 | const char *fmt; |
| 444 | |
| 445 | if (fl & f_utc) { |
| 446 | tm = gmtime(&c.exp); |
| 447 | fmt = "%Y-%m-%d %H:%M:%S UTC"; |
| 448 | } else { |
| 449 | tm = localtime(&c.exp); |
| 450 | fmt = "%Y-%m-%d %H:%M:%S %Z"; |
| 451 | } |
| 452 | strftime(buf, sizeof(buf), fmt, tm); |
| 453 | } |
| 454 | printf("INFO keyid = %08lx; expiry = %s\n", (unsigned long)c.k, buf); |
| 455 | } |
| 456 | |
| 457 | /* --- Check the authentication token width --- */ |
| 458 | |
| 459 | cbits = (d.len - COOKIE_SZ) * 8; |
| 460 | if (v > 2) printf("INFO authentication token width = %i bits\n", cbits); |
| 461 | if (bits == -1) { |
| 462 | if (cbits < minbits) { |
| 463 | if (v) printf("FAIL authentication token too narrow\n"); |
| 464 | goto fail; |
| 465 | } |
| 466 | } else { |
| 467 | if (cbits != bits) { |
| 468 | if (v) printf("FAIL authentication token width doesn't match\n"); |
| 469 | goto fail; |
| 470 | } |
| 471 | } |
| 472 | /* --- Get the key --- */ |
| 473 | |
| 474 | if ((k = key_byid(&f, c.k)) == 0) { |
| 475 | if (v) printf("FAIL keyid %08lx unavailable\n", (unsigned long)c.k); |
| 476 | goto fail; |
| 477 | } |
| 478 | |
| 479 | /* --- Check that the cookie authenticates OK --- */ |
| 480 | |
| 481 | m = getmac(k, "cookie"); |
| 482 | h = GM_INIT(m); |
| 483 | GH_HASH(h, d.buf, COOKIE_SZ); |
| 484 | if (argv[optind + 1]) |
| 485 | GH_HASH(h, argv[optind + 1], strlen(argv[optind + 1])); |
| 486 | t = GH_DONE(h, 0); |
| 487 | |
| 488 | if (memcmp(t, d.buf + COOKIE_SZ, cbits / 8) != 0) { |
| 489 | if (v) printf("FAIL bad authentication token\n"); |
| 490 | goto fail; |
| 491 | } |
| 492 | |
| 493 | /* --- See whether the cookie has expired --- */ |
| 494 | |
| 495 | if (c.exp == KEXP_FOREVER) { |
| 496 | if (!(fl & f_forever)) { |
| 497 | if (v) printf("FAIL forever cookies not allowed\n"); |
| 498 | goto fail; |
| 499 | } |
| 500 | if (k->exp != KEXP_FOREVER) { |
| 501 | if (v) printf("FAIL cookie lasts forever but key will expire\n"); |
| 502 | goto fail; |
| 503 | } |
| 504 | } else if (c.exp < now) { |
| 505 | if (v) printf("FAIL cookie has expired\n"); |
| 506 | goto fail; |
| 507 | } |
| 508 | |
| 509 | if (v) printf("OK\n"); |
| 510 | key_close(&f); |
| 511 | GM_DESTROY(m); |
| 512 | GH_DESTROY(h); |
| 513 | dstr_destroy(&d); |
| 514 | return (0); |
| 515 | |
| 516 | fail: |
| 517 | key_close(&f); |
| 518 | dstr_destroy(&d); |
| 519 | return (1); |
| 520 | |
| 521 | #undef f_bogus |
| 522 | #undef f_forever |
| 523 | #undef f_utc |
| 524 | } |
| 525 | |
| 526 | /*----- Main command table ------------------------------------------------*/ |
| 527 | |
| 528 | static int cmd_help(int, char **); |
| 529 | |
| 530 | #define LISTS(LI) \ |
| 531 | LI("Lists", list, \ |
| 532 | listtab[i].name, listtab[i].name) \ |
| 533 | LI("Message authentication algorithms", mac, \ |
| 534 | gmactab[i], gmactab[i]->name) |
| 535 | |
| 536 | MAKELISTTAB(listtab, LISTS) |
| 537 | |
| 538 | static int cmd_show(int argc, char *argv[]) |
| 539 | { |
| 540 | return (displaylists(listtab, argv + 1)); |
| 541 | } |
| 542 | |
| 543 | static cmd cmds[] = { |
| 544 | { "help", cmd_help, "help [COMMAND...]" }, |
| 545 | { "show", cmd_show, "show [ITEM...]" }, |
| 546 | { "generate", cmd_gen, |
| 547 | "generate [-b BITS] [-e TIME] [-k TAG] [DATA]", "\ |
| 548 | Options:\n\ |
| 549 | \n\ |
| 550 | -b, --bits=N Use an N-bit token in the cookie.\n\ |
| 551 | -e, --expire=TIME Make the cookie expire after TIME.\n\ |
| 552 | -k, --key=TAG Use key TAG to create the token.\n\ |
| 553 | " }, |
| 554 | { "verify", cmd_verify, |
| 555 | "verify [-fuqv] [-b BITS] [-m BITS] COOKIE [DATA]", "\ |
| 556 | Options:\n\ |
| 557 | \n\ |
| 558 | -b, --bits=N Accept tokens exactly N bits long only.\n\ |
| 559 | -m, --min-bits=N Accept tokens N bits long or more.\n\ |
| 560 | -f, --forever Accept cookies which never expire.\n\ |
| 561 | -u, --utc Output cookie expiry dates in UTC.\n\ |
| 562 | -q, --quiet Produce less output while checking cookies.\n\ |
| 563 | -v, --verbose Produce more output while checking cookies.\n\ |
| 564 | " }, |
| 565 | { 0, 0, 0 } |
| 566 | }; |
| 567 | |
| 568 | static int cmd_help(int argc, char *argv[]) |
| 569 | { |
| 570 | sc_help(cmds, stdout, argv + 1); |
| 571 | return (0); |
| 572 | } |
| 573 | |
| 574 | /*----- Main code ---------------------------------------------------------*/ |
| 575 | |
| 576 | /* --- Helpful GNUy functions --- */ |
| 577 | |
| 578 | static void usage(FILE *fp) |
| 579 | { |
| 580 | fprintf(fp, "Usage: %s [-k KEYRING] COMMAND [ARGS]\n", QUIS); |
| 581 | } |
| 582 | |
| 583 | void version(FILE *fp) |
| 584 | { |
| 585 | fprintf(fp, "%s, Catacomb version " VERSION "\n", QUIS); |
| 586 | } |
| 587 | |
| 588 | void help_global(FILE *fp) |
| 589 | { |
| 590 | usage(fp); |
| 591 | fputs("\n\ |
| 592 | Generates and validates cryptographic cookies. Command line options\n\ |
| 593 | recognized are:\n\ |
| 594 | \n\ |
| 595 | -h, --help [COMMAND] Display this help text (or help for COMMAND).\n\ |
| 596 | -v, --version Display version number.\n\ |
| 597 | -u, --usage Display short usage summary.\n\ |
| 598 | \n\ |
| 599 | -k, --key-file=FILE Read and write keys in FILE.\n", |
| 600 | fp); |
| 601 | } |
| 602 | |
| 603 | /* --- @main@ --- * |
| 604 | * |
| 605 | * Arguments: @int argc@ = number of command line arguments |
| 606 | * @char *argv[]@ = array of arguments |
| 607 | * |
| 608 | * Returns: Zero if OK, nonzero if not. |
| 609 | * |
| 610 | * Use: Generates and validates cryptographic cookies. |
| 611 | */ |
| 612 | |
| 613 | int main(int argc, char *argv[]) |
| 614 | { |
| 615 | unsigned f = 0; |
| 616 | |
| 617 | #define f_bogus 1u |
| 618 | #define f_forever 2u |
| 619 | |
| 620 | /* --- Initialize the library --- */ |
| 621 | |
| 622 | ego(argv[0]); |
| 623 | sub_init(); |
| 624 | |
| 625 | /* --- Options parsing --- */ |
| 626 | |
| 627 | for (;;) { |
| 628 | static struct option opt[] = { |
| 629 | |
| 630 | /* --- Standard GNUy help options --- */ |
| 631 | |
| 632 | { "help", 0, 0, 'h' }, |
| 633 | { "version", 0, 0, 'v' }, |
| 634 | { "usage", 0, 0, 'u' }, |
| 635 | |
| 636 | /* --- Actual relevant options --- */ |
| 637 | |
| 638 | { "keyring", OPTF_ARGREQ, 0, 'k' }, |
| 639 | |
| 640 | /* --- Magic terminator --- */ |
| 641 | |
| 642 | { 0, 0, 0, 0 } |
| 643 | }; |
| 644 | int i = mdwopt(argc, argv, "+hvu k:", opt, 0, 0, 0); |
| 645 | |
| 646 | if (i < 0) |
| 647 | break; |
| 648 | switch (i) { |
| 649 | |
| 650 | /* --- Helpful GNUs --- */ |
| 651 | |
| 652 | case 'u': |
| 653 | usage(stdout); |
| 654 | exit(0); |
| 655 | case 'v': |
| 656 | version(stdout); |
| 657 | exit(0); |
| 658 | case 'h': |
| 659 | sc_help(cmds, stdout, argv + optind); |
| 660 | exit(0); |
| 661 | |
| 662 | /* --- Real genuine useful options --- */ |
| 663 | |
| 664 | case 'k': |
| 665 | keyfile = optarg; |
| 666 | break; |
| 667 | |
| 668 | /* --- Bogus things --- */ |
| 669 | |
| 670 | default: |
| 671 | f |= f_bogus; |
| 672 | break; |
| 673 | } |
| 674 | } |
| 675 | |
| 676 | if ((f & f_bogus) || optind == argc) { |
| 677 | usage(stderr); |
| 678 | exit(EXIT_FAILURE); |
| 679 | } |
| 680 | |
| 681 | /* --- Dispatch to appropriate command handler --- */ |
| 682 | |
| 683 | argc -= optind; |
| 684 | argv += optind; |
| 685 | optind = 0; |
| 686 | return (findcmd(cmds, argv[0])->cmd(argc, argv)); |
| 687 | |
| 688 | #undef f_bogus |
| 689 | #undef f_forever |
| 690 | } |
| 691 | |
| 692 | /*----- That's all, folks -------------------------------------------------*/ |