1 /* Copyright (c) 2012, Jacob Appelbaum.
2 * Copyright (c) 2012, The Tor Project, Inc.
3 * Copyright (c) 2012, Christian Grothoff. */
4 /* See LICENSE for licensing information */
5 /*
6 This file contains the license for tlsdate,
7 a free software project to set your system clock securely.
8
9 It also lists the licenses for other components used by tlsdate.
10
11 For more information about tlsdate, see https://github.com/ioerror/tlsdate
12
13 If you got this file as a part of a larger bundle,
14 there may be other license terms that you should be aware of.
15
16 ===============================================================================
17 tlsdate is distributed under this license:
18
19 Copyright (c) 2011-2012, Jacob Appelbaum <jacob@appelbaum.net>
20 Copyright (c) 2011-2012, The Tor Project, Inc.
21
22 Redistribution and use in source and binary forms, with or without
23 modification, are permitted provided that the following conditions are
24 met:
25
26 * Redistributions of source code must retain the above copyright
27 notice, this list of conditions and the following disclaimer.
28
29 * Redistributions in binary form must reproduce the above
30 copyright notice, this list of conditions and the following disclaimer
31 in the documentation and/or other materials provided with the
32 distribution.
33
34 * Neither the names of the copyright owners nor the names of its
35 contributors may be used to endorse or promote products derived from
36 this software without specific prior written permission.
37
38 THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
39 "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
40 LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
41 A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
42 OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
43 SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
44 LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
45 DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
46 THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
47 (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
48 OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
49 ===============================================================================
50 If you got tlsdate as a static binary with OpenSSL included, then you should
51 know:
52
53 "This product includes software developed by the OpenSSL Project for use in
54 the OpenSSL Toolkit (http://www.openssl.org/)"
55
56 ===============================================================================
57 */
58
59 /**
60 * \file tlsdate.c
61 * \brief The main program to assist in setting the system clock.
62 **/
63
64 /*
65 * tlsdate is a tool for setting the system clock by hand or by communication
66 * with the network. It does not set the RTC. It is designed to be as secure as
67 * TLS (RFC 2246) but of course the security of TLS is often reduced to
68 * whichever CA racket you believe is trustworthy. By default, tlsdate trusts
69 * your local CA root store - so any of these companies could assist in a MITM
70 * attack against you and you'd be screwed.
71
72 * This tool is designed to be run by hand or as a system daemon. It must be
73 * run as root or otherwise have the proper caps; it will not be able to set
74 * the system time without running as root or another privileged user.
75 */
76
77 #include "config.h"
78 #include "src/tlsdate.h"
79
80
81 /** Return the proper commandline switches when the user needs information. */
82 static void
usage(void)83 usage (void)
84 {
85 fprintf (stderr, "tlsdate usage:\n"
86 " [-h|--help]\n"
87 " [-s|--skip-verification]\n"
88 " [-n|--dont-set-clock]\n"
89 " [-H|--host] [hostname|ip]\n"
90 " [-p|--port] [port number]\n"
91 " [-P|--protocol] [sslv23|sslv3|tlsv1]\n"
92 " [-C|--certcontainer] [dirname|filename]\n"
93 " [-v|--verbose]\n"
94 " [-V|--showtime] [human|raw]\n"
95 " [-t|--timewarp]\n"
96 " [-l|--leap]\n"
97 " [-x|--proxy] [url]\n"
98 " [-w|--http]\n");
99 }
100
101
102 int
main(int argc,char ** argv)103 main (int argc, char **argv)
104 {
105 int verbose;
106 int ca_racket;
107 int showtime;
108 int setclock;
109 const char *host;
110 const char *port;
111 const char *protocol;
112 const char *ca_cert_container;
113 int timewarp;
114 int leap;
115 const char *proxy;
116 int http;
117
118 host = DEFAULT_HOST;
119 port = DEFAULT_PORT;
120 protocol = DEFAULT_PROTOCOL;
121 ca_cert_container = DEFAULT_CERTFILE;
122 verbose = 0;
123 ca_racket = 1;
124 showtime = 0;
125 setclock = 1;
126 timewarp = 0;
127 leap = 0;
128 proxy = NULL;
129 http = 0;
130
131 while (1)
132 {
133 int option_index = 0;
134 int c;
135 static struct option long_options[] =
136 {
137 {"verbose", 0, 0, 'v'},
138 {"showtime", 2, 0, 'V'},
139 {"skip-verification", 0, 0, 's'},
140 {"help", 0, 0, 'h'},
141 {"host", 0, 0, 'H'},
142 {"port", 0, 0, 'p'},
143 {"protocol", 0, 0, 'P'},
144 {"dont-set-clock", 0, 0, 'n'},
145 {"certcontainer", 0, 0, 'C'},
146 {"timewarp", 0, 0, 't'},
147 {"leap", 0, 0, 'l'},
148 {"proxy", 0, 0, 'x'},
149 {"http", 0, 0, 'w'},
150 {0, 0, 0, 0}
151 };
152
153 c = getopt_long (argc, argv, "vV::shH:p:P:nC:tlx:w",
154 long_options, &option_index);
155 if (c == -1)
156 break;
157 switch (c)
158 {
159 case 'v':
160 verbose = 1;
161 break;
162 case 'V':
163 showtime = (optarg && 0 == strcmp ("raw", optarg) ? 2:1);
164 break;
165 case 's':
166 ca_racket = 0;
167 break;
168 case 'h':
169 usage();
170 exit (1);
171 break;
172 case 'H':
173 host = optarg;
174 break;
175 case 'p':
176 port = optarg;
177 break;
178 case 'P':
179 protocol = optarg;
180 break;
181 case 'n':
182 setclock = 0;
183 break;
184 case 'C':
185 ca_cert_container = optarg;
186 break;
187 case 't':
188 timewarp = 1;
189 break;
190 case 'l':
191 leap = 1;
192 break;
193 case 'x':
194 proxy = optarg;
195 break;
196 case 'w':
197 http = 1;
198 break;
199 case '?':
200 break;
201 default :
202 fprintf (stderr, "Unknown option!\n");
203 usage();
204 exit (1);
205 }
206 }
207 if (1 == verbose) {
208 fprintf(stderr,
209 "V: tlsdate version %s\n"
210 "V: We were called with the following arguments:\n"
211 "V: %s host = %s:%s\n",
212 PACKAGE_VERSION,
213 ca_racket ? "validate SSL certificates" : "disable SSL certificate check",
214 host, port);
215 if (0 == ca_racket)
216 fprintf(stderr, "WARNING: Skipping certificate verification!\n");
217 }
218 execlp (TLSDATE_HELPER,
219 "tlsdate",
220 host,
221 port,
222 protocol,
223 (ca_racket ? "racket" : "unchecked"),
224 (verbose ? "verbose" : "quiet"),
225 ca_cert_container,
226 (setclock ? "setclock" : "dont-set-clock"),
227 (showtime ? (showtime == 2 ? "showtime=raw" : "showtime") : "no-showtime"),
228 (timewarp ? "timewarp" : "no-fun"),
229 (leap ? "leapaway" : "holdfast"),
230 (proxy ? proxy : "none"),
231 (http ? "http" : "tls"),
232 NULL);
233 perror ("Failed to run tlsdate-helper");
234 return 1;
235 }
236