• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /* Copyright (c) 2012, Jacob Appelbaum.
2  * Copyright (c) 2012, The Tor Project, Inc.
3  * Copyright (c) 2012, Christian Grothoff. */
4 /* See LICENSE for licensing information */
5 /*
6                     This file contains the license for tlsdate,
7         a free software project to set your system clock securely.
8 
9         It also lists the licenses for other components used by tlsdate.
10 
11       For more information about tlsdate, see https://github.com/ioerror/tlsdate
12 
13              If you got this file as a part of a larger bundle,
14         there may be other license terms that you should be aware of.
15 
16 ===============================================================================
17 tlsdate is distributed under this license:
18 
19 Copyright (c) 2011-2012, Jacob Appelbaum <jacob@appelbaum.net>
20 Copyright (c) 2011-2012, The Tor Project, Inc.
21 
22 Redistribution and use in source and binary forms, with or without
23 modification, are permitted provided that the following conditions are
24 met:
25 
26     * Redistributions of source code must retain the above copyright
27 notice, this list of conditions and the following disclaimer.
28 
29     * Redistributions in binary form must reproduce the above
30 copyright notice, this list of conditions and the following disclaimer
31 in the documentation and/or other materials provided with the
32 distribution.
33 
34     * Neither the names of the copyright owners nor the names of its
35 contributors may be used to endorse or promote products derived from
36 this software without specific prior written permission.
37 
38 THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
39 "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
40 LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
41 A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
42 OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
43 SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
44 LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
45 DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
46 THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
47 (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
48 OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
49 ===============================================================================
50 If you got tlsdate as a static binary with OpenSSL included, then you should
51 know:
52 
53  "This product includes software developed by the OpenSSL Project for use in
54   the OpenSSL Toolkit (http://www.openssl.org/)"
55 
56 ===============================================================================
57 */
58 
59 /**
60  * \file tlsdate.c
61  * \brief The main program to assist in setting the system clock.
62  **/
63 
64 /*
65  * tlsdate is a tool for setting the system clock by hand or by communication
66  * with the network. It does not set the RTC. It is designed to be as secure as
67  * TLS (RFC 2246) but of course the security of TLS is often reduced to
68  * whichever CA racket you believe is trustworthy. By default, tlsdate trusts
69  * your local CA root store - so any of these companies could assist in a MITM
70  * attack against you and you'd be screwed.
71 
72  * This tool is designed to be run by hand or as a system daemon. It must be
73  * run as root or otherwise have the proper caps; it will not be able to set
74  * the system time without running as root or another privileged user.
75  */
76 
77 #include "config.h"
78 #include "src/tlsdate.h"
79 
80 
81 /** Return the proper commandline switches when the user needs information. */
82 static void
usage(void)83 usage (void)
84 {
85   fprintf (stderr, "tlsdate usage:\n"
86            " [-h|--help]\n"
87            " [-s|--skip-verification]\n"
88            " [-n|--dont-set-clock]\n"
89            " [-H|--host] [hostname|ip]\n"
90            " [-p|--port] [port number]\n"
91            " [-P|--protocol] [sslv23|sslv3|tlsv1]\n"
92            " [-C|--certcontainer] [dirname|filename]\n"
93            " [-v|--verbose]\n"
94            " [-V|--showtime] [human|raw]\n"
95            " [-t|--timewarp]\n"
96            " [-l|--leap]\n"
97            " [-x|--proxy] [url]\n"
98            " [-w|--http]\n");
99 }
100 
101 
102 int
main(int argc,char ** argv)103 main (int argc, char **argv)
104 {
105   int verbose;
106   int ca_racket;
107   int showtime;
108   int setclock;
109   const char *host;
110   const char *port;
111   const char *protocol;
112   const char *ca_cert_container;
113   int timewarp;
114   int leap;
115   const char *proxy;
116   int http;
117 
118   host = DEFAULT_HOST;
119   port = DEFAULT_PORT;
120   protocol = DEFAULT_PROTOCOL;
121   ca_cert_container = DEFAULT_CERTFILE;
122   verbose = 0;
123   ca_racket = 1;
124   showtime = 0;
125   setclock = 1;
126   timewarp = 0;
127   leap = 0;
128   proxy = NULL;
129   http = 0;
130 
131   while (1)
132     {
133       int option_index = 0;
134       int c;
135       static struct option long_options[] =
136       {
137         {"verbose", 0, 0, 'v'},
138         {"showtime", 2, 0, 'V'},
139         {"skip-verification", 0, 0, 's'},
140         {"help", 0, 0, 'h'},
141         {"host", 0, 0, 'H'},
142         {"port", 0, 0, 'p'},
143         {"protocol", 0, 0, 'P'},
144         {"dont-set-clock", 0, 0, 'n'},
145         {"certcontainer", 0, 0, 'C'},
146         {"timewarp", 0, 0, 't'},
147         {"leap", 0, 0, 'l'},
148         {"proxy", 0, 0, 'x'},
149         {"http", 0, 0, 'w'},
150         {0, 0, 0, 0}
151       };
152 
153       c = getopt_long (argc, argv, "vV::shH:p:P:nC:tlx:w",
154                        long_options, &option_index);
155       if (c == -1)
156         break;
157       switch (c)
158         {
159         case 'v':
160           verbose = 1;
161           break;
162         case 'V':
163           showtime = (optarg && 0 == strcmp ("raw", optarg) ? 2:1);
164           break;
165         case 's':
166           ca_racket = 0;
167           break;
168         case 'h':
169           usage();
170           exit (1);
171           break;
172         case 'H':
173           host = optarg;
174           break;
175         case 'p':
176           port = optarg;
177           break;
178         case 'P':
179           protocol = optarg;
180           break;
181         case 'n':
182           setclock = 0;
183           break;
184         case 'C':
185           ca_cert_container = optarg;
186           break;
187         case 't':
188           timewarp = 1;
189           break;
190         case 'l':
191           leap = 1;
192           break;
193         case 'x':
194           proxy = optarg;
195           break;
196         case 'w':
197           http = 1;
198           break;
199         case '?':
200           break;
201         default :
202           fprintf (stderr, "Unknown option!\n");
203           usage();
204           exit (1);
205         }
206     }
207   if (1 == verbose) {
208     fprintf(stderr,
209       "V: tlsdate version %s\n"
210             "V: We were called with the following arguments:\n"
211             "V: %s host = %s:%s\n",
212             PACKAGE_VERSION,
213       ca_racket ? "validate SSL certificates" : "disable SSL certificate check",
214             host, port);
215     if (0 == ca_racket)
216       fprintf(stderr, "WARNING: Skipping certificate verification!\n");
217   }
218   execlp (TLSDATE_HELPER,
219           "tlsdate",
220           host,
221           port,
222           protocol,
223           (ca_racket ? "racket" : "unchecked"),
224           (verbose ? "verbose" : "quiet"),
225           ca_cert_container,
226           (setclock ? "setclock" : "dont-set-clock"),
227           (showtime ? (showtime == 2 ? "showtime=raw" : "showtime") : "no-showtime"),
228             (timewarp ? "timewarp" : "no-fun"),
229             (leap ? "leapaway" : "holdfast"),
230             (proxy ? proxy : "none"),
231             (http ? "http" : "tls"),
232             NULL);
233   perror ("Failed to run tlsdate-helper");
234   return 1;
235 }
236