int
main(int argc, char **argv)
{
uint32_t *time_map;
struct tlsdate_time start_time, end_time, warp_time;
int status;
pid_t ssl_child;
long long rt_time_ms;
uint32_t server_time_s;
int setclock;
int showtime;
int showtime_raw;
int timewarp;
int leap;
int http;
if (argc != 13)
return 1;
host = argv[1];
hostname_to_verify = argv[1];
port = argv[2];
protocol = argv[3];
ca_cert_container = argv[6];
ca_racket = (0 != strcmp ("unchecked", argv[4]));
verbose = (0 != strcmp ("quiet", argv[5]));
verbose_debug = (0 != strcmp ("verbose", argv[5]));
setclock = (0 == strcmp ("setclock", argv[7]));
showtime = (0 == strcmp ("showtime", argv[8]));
showtime_raw = (0 == strcmp ("showtime=raw", argv[8]));
timewarp = (0 == strcmp ("timewarp", argv[9]));
leap = (0 == strcmp ("leapaway", argv[10]));
proxy = (0 == strcmp ("none", argv[11]) ? NULL : argv[11]);
http = (0 == (strcmp("http", argv[12])));
/* Initalize warp_time with RECENT_COMPILE_DATE */
clock_init_time(&warp_time, RECENT_COMPILE_DATE, 0);
verb ("V: RECENT_COMPILE_DATE is %lu.%06lu",
(unsigned long) CLOCK_SEC(&warp_time),
(unsigned long) CLOCK_USEC(&warp_time));
if (1 != timewarp)
{
verb ("V: we'll do the time warp another time - we're not setting clock");
}
/* We are not going to set the clock, thus no need to stay root */
if (0 == setclock && 0 == timewarp)
{
verb ("V: attemping to drop administrator privileges");
drop_privs_to (UNPRIV_USER, UNPRIV_GROUP);
}
// We cast the mmap value to remove this error when compiling with g++:
// src/tlsdate-helper.c: In function ‘int main(int, char**)’:
// src/tlsdate-helper.c:822:41: error: invalid conversion from ‘void*’ to ‘uint32_t
time_map = (uint32_t *) mmap (NULL, sizeof (uint32_t),
PROT_READ | PROT_WRITE,
MAP_SHARED | MAP_ANONYMOUS, -1, 0);
if (MAP_FAILED == time_map)
{
fprintf (stderr, "mmap failed: %s",
strerror (errno));
return 1;
}
/* Get the current time from the system clock. */
if (0 != clock_get_real_time(&start_time))
{
die ("Failed to read current time of day: %s", strerror (errno));
}
verb ("V: time is currently %lu.%06lu",
(unsigned long) CLOCK_SEC(&start_time),
(unsigned long) CLOCK_NSEC(&start_time));
if (((unsigned long) CLOCK_SEC(&start_time)) < ((unsigned long) CLOCK_SEC(&warp_time)))
{
verb ("V: local clock time is less than RECENT_COMPILE_DATE");
if (timewarp)
{
verb ("V: Attempting to warp local clock into the future");
if (0 != clock_set_real_time(&warp_time))
{
die ("setting time failed: %s (Attempted to set clock to %lu.%06lu)",
strerror (errno),
(unsigned long) CLOCK_SEC(&warp_time),
(unsigned long) CLOCK_SEC(&warp_time));
}
if (0 != clock_get_real_time(&start_time))
{
die ("Failed to read current time of day: %s", strerror (errno));
}
verb ("V: time is currently %lu.%06lu",
(unsigned long) CLOCK_SEC(&start_time),
(unsigned long) CLOCK_NSEC(&start_time));
verb ("V: It's just a step to the left...");
}
} else {
verb ("V: time is greater than RECENT_COMPILE_DATE");
}
/* initialize to bogus value, just to be on the safe side */
*time_map = 0;
/* Run SSL interaction in separate process (and not as 'root') */
ssl_child = fork ();
if (-1 == ssl_child)
die ("fork failed: %s", strerror (errno));
if (0 == ssl_child)
{
drop_privs_to (UNPRIV_USER, UNPRIV_GROUP);
run_ssl (time_map, leap, http);
(void) munmap (time_map, sizeof (uint32_t));
_exit (0);
}
if (ssl_child != platform->process_wait (ssl_child, &status, 1))
die ("waitpid failed: %s", strerror (errno));
if (! (WIFEXITED (status) && (0 == WEXITSTATUS (status)) ))
die ("child process failed in SSL handshake");
if (0 != clock_get_real_time(&end_time))
die ("Failed to read current time of day: %s", strerror (errno));
/* calculate RTT */
rt_time_ms = (CLOCK_SEC(&end_time) - CLOCK_SEC(&start_time)) * 1000 + (CLOCK_USEC(&end_time) - CLOCK_USEC(&start_time)) / 1000;
if (rt_time_ms < 0)
rt_time_ms = 0; /* non-linear time... */
#ifdef USE_POLARSSL
server_time_s = *time_map;
#else
server_time_s = ntohl (*time_map);
#endif
// We should never have a time_map of zero here;
// It either stayed zero or we have a false ticker.
if ( 0 == server_time_s )
die ("child process failed to update time map; weird platform issues?");
munmap (time_map, sizeof (uint32_t));
verb ("V: server time %u (difference is about %d s) was fetched in %lld ms",
(unsigned int) server_time_s,
CLOCK_SEC(&start_time) - server_time_s,
rt_time_ms);
/* warning if the handshake took too long */
if (rt_time_ms > TLS_RTT_UNREASONABLE) {
die ("the TLS handshake took more than %d msecs - consider using a different " \
"server or run it again", TLS_RTT_UNREASONABLE);
}
if (rt_time_ms > TLS_RTT_THRESHOLD) {
verb ("V: the TLS handshake took more than %d msecs - consider using a different " \
"server or run it again", TLS_RTT_THRESHOLD);
}
if (showtime_raw)
{
fwrite(&server_time_s, sizeof(server_time_s), 1, stdout);
}
if (showtime)
{
struct tm ltm;
time_t tim = server_time_s;
char buf[256];
localtime_r(&tim, <m);
if (0 == strftime(buf, sizeof buf, "%a %b %e %H:%M:%S %Z %Y", <m))
{
die ("strftime returned 0");
}
fprintf(stdout, "%s\n", buf);
}
/* finally, actually set the time */
if (setclock)
{
struct tlsdate_time server_time;
clock_init_time(&server_time, server_time_s + (rt_time_ms / 2 / 1000),
(rt_time_ms / 2) % 1000);
// We should never receive a time that is before the time we were last
// compiled; we subscribe to the linear theory of time for this program
// and this program alone!
if (CLOCK_SEC(&server_time) >= MAX_REASONABLE_TIME)
die("remote server is a false ticker from the future!");
if (CLOCK_SEC(&server_time) <= RECENT_COMPILE_DATE)
die ("remote server is a false ticker!");
if (0 != clock_set_real_time(&server_time))
die ("setting time failed: %s (Difference from server is about %d s)",
strerror (errno),
CLOCK_SEC(&start_time) - server_time_s);
verb ("V: setting time succeeded");
}
return 0;
}
int
main(int argc, char **argv)
{
uint32_t *time_map;
struct tlsdate_time start_time, end_time, warp_time;
int status;
pid_t ssl_child;
long long rt_time_ms;
uint32_t server_time_s;
int setclock;
int showtime;
int timewarp;
int leap;
if (argc != 11)
return 1;
host = argv[1];
port = argv[2];
protocol = argv[3];
certdir = argv[6];
ca_racket = (0 != strcmp ("unchecked", argv[4]));
verbose = (0 != strcmp ("quiet", argv[5]));
setclock = (0 == strcmp ("setclock", argv[7]));
showtime = (0 == strcmp ("showtime", argv[8]));
timewarp = (0 == strcmp ("timewarp", argv[9]));
leap = (0 == strcmp ("leapaway", argv[10]));
clock_init_time(&warp_time, RECENT_COMPILE_DATE, 0);
if (timewarp)
{
verb ("V: RECENT_COMPILE_DATE is %lu.%06lu\n",
(unsigned long) CLOCK_SEC(&warp_time),
(unsigned long) CLOCK_USEC(&warp_time));
}
/* We are not going to set the clock, thus no need to stay root */
if (0 == setclock && 0 == timewarp)
{
become_nobody ();
}
time_map = mmap (NULL, sizeof (uint32_t),
PROT_READ | PROT_WRITE,
MAP_SHARED | MAP_ANONYMOUS, -1, 0);
if (MAP_FAILED == time_map)
{
fprintf (stderr, "mmap failed: %s\n",
strerror (errno));
return 1;
}
/* Get the current time from the system clock. */
if (0 != clock_get_real_time(&start_time))
{
die ("Failed to read current time of day: %s\n", strerror (errno));
}
verb ("V: time is currently %lu.%06lu\n",
(unsigned long) CLOCK_SEC(&start_time),
(unsigned long) CLOCK_NSEC(&start_time));
if (((unsigned long) CLOCK_SEC(&start_time)) < ((unsigned long) CLOCK_SEC(&warp_time)))
{
verb ("V: local clock time is less than RECENT_COMPILE_DATE\n");
if (timewarp)
{
verb ("V: Attempting to warp local clock into the future\n");
if (0 != clock_set_real_time(&warp_time))
{
die ("setting time failed: %s (Attempted to set clock to %lu.%06lu)\n",
strerror (errno),
(unsigned long) CLOCK_SEC(&warp_time),
(unsigned long) CLOCK_SEC(&warp_time));
}
if (0 != clock_get_real_time(&start_time))
{
die ("Failed to read current time of day: %s\n", strerror (errno));
}
verb ("V: time is currently %lu.%06lu\n",
(unsigned long) CLOCK_SEC(&start_time),
(unsigned long) CLOCK_NSEC(&start_time));
verb ("V: It's just a step to the left...\n");
}
} else {
verb ("V: time is greater than RECENT_COMPILE_DATE\n");
}
/* initialize to bogus value, just to be on the safe side */
*time_map = 0;
/* Run SSL interaction in separate process (and not as 'root') */
ssl_child = fork ();
if (-1 == ssl_child)
die ("fork failed: %s\n", strerror (errno));
if (0 == ssl_child)
{
become_nobody ();
run_ssl (time_map, leap);
(void) munmap (time_map, sizeof (uint32_t));
_exit (0);
}
if (ssl_child != waitpid (ssl_child, &status, 0))
die ("waitpid failed: %s\n", strerror (errno));
if (! (WIFEXITED (status) && (0 == WEXITSTATUS (status)) ))
die ("child process failed in SSL handshake\n");
if (0 != clock_get_real_time(&end_time))
die ("Failed to read current time of day: %s\n", strerror (errno));
/* calculate RTT */
rt_time_ms = (CLOCK_SEC(&end_time) - CLOCK_SEC(&start_time)) * 1000 + (CLOCK_USEC(&end_time) - CLOCK_USEC(&start_time)) / 1000;
if (rt_time_ms < 0)
rt_time_ms = 0; /* non-linear time... */
server_time_s = ntohl (*time_map);
munmap (time_map, sizeof (uint32_t));
verb ("V: server time %u (difference is about %d s) was fetched in %lld ms\n",
(unsigned int) server_time_s,
CLOCK_SEC(&start_time) - server_time_s,
rt_time_ms);
/* warning if the handshake took too long */
if (rt_time_ms > TLS_RTT_THRESHOLD) {
verb ("V: the TLS handshake took more than %d msecs - consider using a different " \
"server or run it again\n", TLS_RTT_THRESHOLD);
}
if (showtime)
{
struct tm ltm;
time_t tim = server_time_s;
char buf[256];
localtime_r(&tim, <m);
(void) strftime(buf, sizeof buf, "%a %b %e %H:%M:%S %Z %Y", <m);
fprintf(stdout, "%s\n", buf);
}
/* finally, actually set the time */
if (setclock)
{
struct tlsdate_time server_time;
clock_init_time(&server_time, server_time_s + (rt_time_ms / 2 / 1000),
(rt_time_ms / 2) % 1000);
// We should never receive a time that is before the time we were last
// compiled; we subscribe to the linear theory of time for this program
// and this program alone!
if (CLOCK_SEC(&server_time) >= MAX_REASONABLE_TIME)
die("remote server is a false ticker from the future!\n");
if (CLOCK_SEC(&server_time) <= RECENT_COMPILE_DATE)
die ("remote server is a false ticker!\n");
if (0 != clock_set_real_time(&server_time))
die ("setting time failed: %s (Difference from server is about %d)\n",
strerror (errno),
CLOCK_SEC(&start_time) - server_time_s);
verb ("V: setting time succeeded\n");
}
return 0;
}
