1/* Copyright (c) 2012, Jacob Appelbaum.
2 * Copyright (c) 2012, The Tor Project, Inc.
3 * Copyright (c) 2012, Christian Grothoff. */
4/* See LICENSE for licensing information */
5/*
6                    This file contains the license for tlsdate,
7        a free software project to set your system clock securely.
8
9        It also lists the licenses for other components used by tlsdate.
10
11      For more information about tlsdate, see https://github.com/ioerror/tlsdate
12
13             If you got this file as a part of a larger bundle,
14        there may be other license terms that you should be aware of.
15
16===============================================================================
17tlsdate is distributed under this license:
18
19Copyright (c) 2011-2012, Jacob Appelbaum <jacob@appelbaum.net>
20Copyright (c) 2011-2012, The Tor Project, Inc.
21
22Redistribution and use in source and binary forms, with or without
23modification, are permitted provided that the following conditions are
24met:
25
26    * Redistributions of source code must retain the above copyright
27notice, this list of conditions and the following disclaimer.
28
29    * Redistributions in binary form must reproduce the above
30copyright notice, this list of conditions and the following disclaimer
31in the documentation and/or other materials provided with the
32distribution.
33
34    * Neither the names of the copyright owners nor the names of its
35contributors may be used to endorse or promote products derived from
36this software without specific prior written permission.
37
38THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
39"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
40LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
41A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
42OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
43SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
44LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
45DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
46THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
47(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
48OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
49===============================================================================
50If you got tlsdate as a static binary with OpenSSL included, then you should
51know:
52
53 "This product includes software developed by the OpenSSL Project for use in
54  the OpenSSL Toolkit (http://www.openssl.org/)"
55
56===============================================================================
57*/
58
59/**
60 * \file tlsdate.c
61 * \brief The main program to assist in setting the system clock.
62 **/
63
64/*
65 * tlsdate is a tool for setting the system clock by hand or by communication
66 * with the network. It does not set the RTC. It is designed to be as secure as
67 * TLS (RFC 2246) but of course the security of TLS is often reduced to
68 * whichever CA racket you believe is trustworthy. By default, tlsdate trusts
69 * your local CA root store - so any of these companies could assist in a MITM
70 * attack against you and you'd be screwed.
71
72 * This tool is designed to be run by hand or as a system daemon. It must be
73 * run as root or otherwise have the proper caps; it will not be able to set
74 * the system time without running as root or another privileged user.
75 */
76
77#include "config.h"
78#include "src/tlsdate.h"
79
80
81/** Return the proper commandline switches when the user needs information. */
82static void
83usage (void)
84{
85  fprintf (stderr, "tlsdate usage:\n"
86           " [-h|--help]\n"
87           " [-s|--skip-verification]\n"
88           " [-n|--dont-set-clock]\n"
89           " [-H|--host] [hostname|ip]\n"
90           " [-p|--port] [port number]\n"
91           " [-P|--protocol] [sslv23|sslv3|tlsv1]\n"
92           " [-C|--certcontainer] [dirname|filename]\n"
93           " [-v|--verbose]\n"
94           " [-V|--showtime] [human|raw]\n"
95           " [-t|--timewarp]\n"
96           " [-l|--leap]\n"
97           " [-x|--proxy] [url]\n"
98           " [-w|--http]\n");
99}
100
101
102int
103main (int argc, char **argv)
104{
105  int verbose;
106  int ca_racket;
107  int showtime;
108  int setclock;
109  const char *host;
110  const char *port;
111  const char *protocol;
112  const char *ca_cert_container;
113  int timewarp;
114  int leap;
115  const char *proxy;
116  int http;
117
118  host = DEFAULT_HOST;
119  port = DEFAULT_PORT;
120  protocol = DEFAULT_PROTOCOL;
121  ca_cert_container = DEFAULT_CERTFILE;
122  verbose = 0;
123  ca_racket = 1;
124  showtime = 0;
125  setclock = 1;
126  timewarp = 0;
127  leap = 0;
128  proxy = NULL;
129  http = 0;
130
131  while (1)
132    {
133      int option_index = 0;
134      int c;
135      static struct option long_options[] =
136      {
137        {"verbose", 0, 0, 'v'},
138        {"showtime", 2, 0, 'V'},
139        {"skip-verification", 0, 0, 's'},
140        {"help", 0, 0, 'h'},
141        {"host", 0, 0, 'H'},
142        {"port", 0, 0, 'p'},
143        {"protocol", 0, 0, 'P'},
144        {"dont-set-clock", 0, 0, 'n'},
145        {"certcontainer", 0, 0, 'C'},
146        {"timewarp", 0, 0, 't'},
147        {"leap", 0, 0, 'l'},
148        {"proxy", 0, 0, 'x'},
149        {"http", 0, 0, 'w'},
150        {0, 0, 0, 0}
151      };
152
153      c = getopt_long (argc, argv, "vV::shH:p:P:nC:tlx:w",
154                       long_options, &option_index);
155      if (c == -1)
156        break;
157      switch (c)
158        {
159        case 'v':
160          verbose = 1;
161          break;
162        case 'V':
163          showtime = (optarg && 0 == strcmp ("raw", optarg) ? 2:1);
164          break;
165        case 's':
166          ca_racket = 0;
167          break;
168        case 'h':
169          usage();
170          exit (1);
171          break;
172        case 'H':
173          host = optarg;
174          break;
175        case 'p':
176          port = optarg;
177          break;
178        case 'P':
179          protocol = optarg;
180          break;
181        case 'n':
182          setclock = 0;
183          break;
184        case 'C':
185          ca_cert_container = optarg;
186          break;
187        case 't':
188          timewarp = 1;
189          break;
190        case 'l':
191          leap = 1;
192          break;
193        case 'x':
194          proxy = optarg;
195          break;
196        case 'w':
197          http = 1;
198          break;
199        case '?':
200          break;
201        default :
202          fprintf (stderr, "Unknown option!\n");
203          usage();
204          exit (1);
205        }
206    }
207  if (1 == verbose) {
208    fprintf(stderr,
209      "V: tlsdate version %s\n"
210            "V: We were called with the following arguments:\n"
211            "V: %s host = %s:%s\n",
212            PACKAGE_VERSION,
213      ca_racket ? "validate SSL certificates" : "disable SSL certificate check",
214            host, port);
215    if (0 == ca_racket)
216      fprintf(stderr, "WARNING: Skipping certificate verification!\n");
217  }
218  execlp (TLSDATE_HELPER,
219          "tlsdate",
220          host,
221          port,
222          protocol,
223          (ca_racket ? "racket" : "unchecked"),
224          (verbose ? "verbose" : "quiet"),
225          ca_cert_container,
226          (setclock ? "setclock" : "dont-set-clock"),
227          (showtime ? (showtime == 2 ? "showtime=raw" : "showtime") : "no-showtime"),
228            (timewarp ? "timewarp" : "no-fun"),
229            (leap ? "leapaway" : "holdfast"),
230            (proxy ? proxy : "none"),
231            (http ? "http" : "tls"),
232            NULL);
233  perror ("Failed to run tlsdate-helper");
234  return 1;
235}
236