// verify_command_callback - callback function called from ap-mission at 10hz or higher when a command is being run // we double check that the flight mode is AUTO to avoid the possibility of ap-mission triggering actions while we're not in AUTO mode bool Plane::verify_command_callback(const AP_Mission::Mission_Command& cmd) { if (control_mode == AUTO) { bool cmd_complete = verify_command(cmd); // send message to GCS if (cmd_complete) { gcs_send_mission_item_reached_message(cmd.index); } return cmd_complete; } return false; }
bool network_cmd_send(const char *cmd_) { bool ret; char *command = NULL; char *save = NULL; const char *cmd = NULL; const char *host = NULL; const char *port_ = NULL; global_t *global = global_get_ptr(); bool old_verbose = global ? global->verbosity : false; uint16_t port = DEFAULT_NETWORK_CMD_PORT; if (!network_init()) return false; if (!(command = strdup(cmd_))) return false; global->verbosity = true; cmd = strtok_r(command, ";", &save); if (cmd) host = strtok_r(NULL, ";", &save); if (host) port_ = strtok_r(NULL, ";", &save); if (!host) { #ifdef _WIN32 host = "127.0.0.1"; #else host = "localhost"; #endif } if (port_) port = strtoul(port_, NULL, 0); RARCH_LOG("%s: \"%s\" to %s:%hu\n", msg_hash_to_str(MSG_SENDING_COMMAND), cmd, host, (unsigned short)port); ret = verify_command(cmd) && send_udp_packet(host, port, cmd); free(command); global->verbosity = old_verbose; return ret; }
bool network_cmd_send(const char *cmd_) { char *command, *save; bool ret; const char *cmd = NULL; const char *host = NULL; const char *port_ = NULL; bool old_verbose = g_extern.verbosity; uint16_t port = DEFAULT_NETWORK_CMD_PORT; if (!netplay_init_network()) return false; if (!(command = strdup(cmd_))) return false; g_extern.verbosity = true; cmd = strtok_r(command, ";", &save); if (cmd) host = strtok_r(NULL, ";", &save); if (host) port_ = strtok_r(NULL, ";", &save); if (!host) { #ifdef _WIN32 host = "127.0.0.1"; #else host = "localhost"; #endif } if (port_) port = strtoul(port_, NULL, 0); RARCH_LOG("Sending command: \"%s\" to %s:%hu\n", cmd, host, (unsigned short)port); ret = verify_command(cmd) && send_udp_packet(host, port, cmd); free(command); g_extern.verbosity = old_verbose; return ret; }
int ts_main(int argc, char **argv) { CONF *conf = NULL; char *CAfile = NULL, *untrusted = NULL, *engine = NULL, *prog, **helpp; char *configfile = default_config_file; char *section = NULL, *password = NULL; char *data = NULL, *digest = NULL, *rnd = NULL, *policy = NULL; char *in = NULL, *out = NULL, *queryfile = NULL, *passin = NULL; char *inkey = NULL, *signer = NULL, *chain = NULL, *CApath = NULL; const EVP_MD *md = NULL; OPTION_CHOICE o, mode = OPT_ERR; int ret = 1, no_nonce = 0, cert = 0, text = 0; int vpmtouched = 0; X509_VERIFY_PARAM *vpm = NULL; /* Input is ContentInfo instead of TimeStampResp. */ int token_in = 0; /* Output is ContentInfo instead of TimeStampResp. */ int token_out = 0; if ((vpm = X509_VERIFY_PARAM_new()) == NULL) goto end; prog = opt_init(argc, argv, ts_options); while ((o = opt_next()) != OPT_EOF) { switch (o) { case OPT_EOF: case OPT_ERR: opthelp: BIO_printf(bio_err, "%s: Use -help for summary.\n", prog); goto end; case OPT_HELP: opt_help(ts_options); for (helpp = opt_helplist; *helpp; ++helpp) BIO_printf(bio_err, "%s\n", *helpp); ret = 0; goto end; case OPT_CONFIG: configfile = opt_arg(); break; case OPT_SECTION: section = opt_arg(); break; case OPT_QUERY: case OPT_REPLY: case OPT_VERIFY: if (mode != OPT_ERR) goto opthelp; mode = o; break; case OPT_DATA: data = opt_arg(); break; case OPT_DIGEST: digest = opt_arg(); break; case OPT_RAND: rnd = opt_arg(); break; case OPT_TSPOLICY: policy = opt_arg(); break; case OPT_NO_NONCE: no_nonce = 1; break; case OPT_CERT: cert = 1; break; case OPT_IN: in = opt_arg(); break; case OPT_TOKEN_IN: token_in = 1; break; case OPT_OUT: out = opt_arg(); break; case OPT_TOKEN_OUT: token_out = 1; break; case OPT_TEXT: text = 1; break; case OPT_QUERYFILE: queryfile = opt_arg(); break; case OPT_PASSIN: passin = opt_arg(); break; case OPT_INKEY: inkey = opt_arg(); break; case OPT_SIGNER: signer = opt_arg(); break; case OPT_CHAIN: chain = opt_arg(); break; case OPT_CAPATH: CApath = opt_arg(); break; case OPT_CAFILE: CAfile = opt_arg(); break; case OPT_UNTRUSTED: untrusted = opt_arg(); break; case OPT_ENGINE: engine = opt_arg(); break; case OPT_MD: if (!opt_md(opt_unknown(), &md)) goto opthelp; break; case OPT_V_CASES: if (!opt_verify(o, vpm)) goto end; vpmtouched++; break; } } if (mode == OPT_ERR || opt_num_rest() != 0) goto opthelp; /* Seed the random number generator if it is going to be used. */ if (mode == OPT_QUERY && !no_nonce) { if (!app_RAND_load_file(NULL, 1) && rnd == NULL) BIO_printf(bio_err, "warning, not much extra random " "data, consider using the -rand option\n"); if (rnd != NULL) BIO_printf(bio_err, "%ld semi-random bytes loaded\n", app_RAND_load_files(rnd)); } if (mode == OPT_REPLY && passin && !app_passwd(passin, NULL, &password, NULL)) { BIO_printf(bio_err, "Error getting password.\n"); goto end; } conf = load_config_file(configfile); if (configfile != default_config_file && !app_load_modules(conf)) goto end; /* Check parameter consistency and execute the appropriate function. */ switch (mode) { default: case OPT_ERR: goto opthelp; case OPT_QUERY: if (vpmtouched) goto opthelp; if ((data != NULL) && (digest != NULL)) goto opthelp; ret = !query_command(data, digest, md, policy, no_nonce, cert, in, out, text); break; case OPT_REPLY: if (vpmtouched) goto opthelp; if ((in != NULL) && (queryfile != NULL)) goto opthelp; if (in == NULL) { if ((conf == NULL) || (token_in != 0)) goto opthelp; } ret = !reply_command(conf, section, engine, queryfile, password, inkey, md, signer, chain, policy, in, token_in, out, token_out, text); break; case OPT_VERIFY: if ((in == NULL) || !EXACTLY_ONE(queryfile, data, digest)) goto opthelp; ret = !verify_command(data, digest, queryfile, in, token_in, CApath, CAfile, untrusted, vpmtouched ? vpm : NULL); } end: X509_VERIFY_PARAM_free(vpm); app_RAND_write_file(NULL); NCONF_free(conf); OPENSSL_free(password); return (ret); }
int ts_main(int argc, char **argv) { int ret = 1; char *configfile = NULL; char *section = NULL; CONF *conf = NULL; enum mode { CMD_NONE, CMD_QUERY, CMD_REPLY, CMD_VERIFY } mode = CMD_NONE; char *data = NULL; char *digest = NULL; const EVP_MD *md = NULL; char *policy = NULL; int no_nonce = 0; int cert = 0; char *in = NULL; char *out = NULL; int text = 0; char *queryfile = NULL; char *passin = NULL; /* Password source. */ char *password = NULL; /* Password itself. */ char *inkey = NULL; char *signer = NULL; char *chain = NULL; char *ca_path = NULL; char *ca_file = NULL; char *untrusted = NULL; char *engine = NULL; /* Input is ContentInfo instead of TimeStampResp. */ int token_in = 0; /* Output is ContentInfo instead of TimeStampResp. */ int token_out = 0; for (argc--, argv++; argc > 0; argc--, argv++) { if (strcmp(*argv, "-config") == 0) { if (argc-- < 1) goto usage; configfile = *++argv; } else if (strcmp(*argv, "-section") == 0) { if (argc-- < 1) goto usage; section = *++argv; } else if (strcmp(*argv, "-query") == 0) { if (mode != CMD_NONE) goto usage; mode = CMD_QUERY; } else if (strcmp(*argv, "-data") == 0) { if (argc-- < 1) goto usage; data = *++argv; } else if (strcmp(*argv, "-digest") == 0) { if (argc-- < 1) goto usage; digest = *++argv; } else if (strcmp(*argv, "-policy") == 0) { if (argc-- < 1) goto usage; policy = *++argv; } else if (strcmp(*argv, "-no_nonce") == 0) { no_nonce = 1; } else if (strcmp(*argv, "-cert") == 0) { cert = 1; } else if (strcmp(*argv, "-in") == 0) { if (argc-- < 1) goto usage; in = *++argv; } else if (strcmp(*argv, "-token_in") == 0) { token_in = 1; } else if (strcmp(*argv, "-out") == 0) { if (argc-- < 1) goto usage; out = *++argv; } else if (strcmp(*argv, "-token_out") == 0) { token_out = 1; } else if (strcmp(*argv, "-text") == 0) { text = 1; } else if (strcmp(*argv, "-reply") == 0) { if (mode != CMD_NONE) goto usage; mode = CMD_REPLY; } else if (strcmp(*argv, "-queryfile") == 0) { if (argc-- < 1) goto usage; queryfile = *++argv; } else if (strcmp(*argv, "-passin") == 0) { if (argc-- < 1) goto usage; passin = *++argv; } else if (strcmp(*argv, "-inkey") == 0) { if (argc-- < 1) goto usage; inkey = *++argv; } else if (strcmp(*argv, "-signer") == 0) { if (argc-- < 1) goto usage; signer = *++argv; } else if (strcmp(*argv, "-chain") == 0) { if (argc-- < 1) goto usage; chain = *++argv; } else if (strcmp(*argv, "-verify") == 0) { if (mode != CMD_NONE) goto usage; mode = CMD_VERIFY; } else if (strcmp(*argv, "-CApath") == 0) { if (argc-- < 1) goto usage; ca_path = *++argv; } else if (strcmp(*argv, "-CAfile") == 0) { if (argc-- < 1) goto usage; ca_file = *++argv; } else if (strcmp(*argv, "-untrusted") == 0) { if (argc-- < 1) goto usage; untrusted = *++argv; } else if (strcmp(*argv, "-engine") == 0) { if (argc-- < 1) goto usage; engine = *++argv; } else if ((md = EVP_get_digestbyname(*argv + 1)) != NULL) { /* empty. */ } else goto usage; } /* Get the password if required. */ if (mode == CMD_REPLY && passin && !app_passwd(bio_err, passin, NULL, &password, NULL)) { BIO_printf(bio_err, "Error getting password.\n"); goto cleanup; } /* * Check consistency of parameters and execute the appropriate * function. */ switch (mode) { case CMD_NONE: goto usage; case CMD_QUERY: /* * Data file and message imprint cannot be specified at the * same time. */ ret = data != NULL && digest != NULL; if (ret) goto usage; /* Load the config file for possible policy OIDs. */ conf = load_config_file(configfile); ret = !query_command(data, digest, md, policy, no_nonce, cert, in, out, text); break; case CMD_REPLY: conf = load_config_file(configfile); if (in == NULL) { ret = !(queryfile != NULL && conf != NULL && !token_in); if (ret) goto usage; } else { /* 'in' and 'queryfile' are exclusive. */ ret = !(queryfile == NULL); if (ret) goto usage; } ret = !reply_command(conf, section, engine, queryfile, password, inkey, signer, chain, policy, in, token_in, out, token_out, text); break; case CMD_VERIFY: ret = !(((queryfile && !data && !digest) || (!queryfile && data && !digest) || (!queryfile && !data && digest)) && in != NULL); if (ret) goto usage; ret = !verify_command(data, digest, queryfile, in, token_in, ca_path, ca_file, untrusted); } goto cleanup; usage: BIO_printf(bio_err, "usage:\n" "ts -query [-config configfile] " "[-data file_to_hash] [-digest digest_bytes]" "[-md2|-md4|-md5|-sha|-sha1|-ripemd160] " "[-policy object_id] [-no_nonce] [-cert] " "[-in request.tsq] [-out request.tsq] [-text]\n"); BIO_printf(bio_err, "or\n" "ts -reply [-config configfile] [-section tsa_section] " "[-queryfile request.tsq] [-passin password] " "[-signer tsa_cert.pem] [-inkey private_key.pem] " "[-chain certs_file.pem] [-policy object_id] " "[-in response.tsr] [-token_in] " "[-out response.tsr] [-token_out] [-text] [-engine id]\n"); BIO_printf(bio_err, "or\n" "ts -verify [-data file_to_hash] [-digest digest_bytes] " "[-queryfile request.tsq] " "-in response.tsr [-token_in] " "-CApath ca_path -CAfile ca_file.pem " "-untrusted cert_file.pem\n"); cleanup: /* Clean up. */ NCONF_free(conf); free(password); OBJ_cleanup(); return (ret); }
/** * sg_scsi_ioctl -- handle deprecated SCSI_IOCTL_SEND_COMMAND ioctl * @file: file this ioctl operates on (optional) * @q: request queue to send scsi commands down * @disk: gendisk to operate on (option) * @sic: userspace structure describing the command to perform * * Send down the scsi command described by @sic to the device below * the request queue @q. If @file is non-NULL it's used to perform * fine-grained permission checks that allow users to send down * non-destructive SCSI commands. If the caller has a struct gendisk * available it should be passed in as @disk to allow the low level * driver to use the information contained in it. A non-NULL @disk * is only allowed if the caller knows that the low level driver doesn't * need it (e.g. in the scsi subsystem). * * Notes: * - This interface is deprecated - users should use the SG_IO * interface instead, as this is a more flexible approach to * performing SCSI commands on a device. * - The SCSI command length is determined by examining the 1st byte * of the given command. There is no way to override this. * - Data transfers are limited to PAGE_SIZE * - The length (x + y) must be at least OMAX_SB_LEN bytes long to * accommodate the sense buffer when an error occurs. * The sense buffer is truncated to OMAX_SB_LEN (16) bytes so that * old code will not be surprised. * - If a Unix error occurs (e.g. ENOMEM) then the user will receive * a negative return and the Unix error code in 'errno'. * If the SCSI command succeeds then 0 is returned. * Positive numbers returned are the compacted SCSI error codes (4 * bytes in one int) where the lowest byte is the SCSI status. */ #define OMAX_SB_LEN 16 /* For backward compatibility */ int sg_scsi_ioctl(struct file *file, struct request_queue *q, struct gendisk *disk, struct scsi_ioctl_command __user *sic) { struct request *rq; int err; unsigned int in_len, out_len, bytes, opcode, cmdlen; char *buffer = NULL, sense[SCSI_SENSE_BUFFERSIZE]; if (!sic) return -EINVAL; /* * get in an out lengths, verify they don't exceed a page worth of data */ if (get_user(in_len, &sic->inlen)) return -EFAULT; if (get_user(out_len, &sic->outlen)) return -EFAULT; if (in_len > PAGE_SIZE || out_len > PAGE_SIZE) return -EINVAL; if (get_user(opcode, sic->data)) return -EFAULT; bytes = max(in_len, out_len); if (bytes) { buffer = kmalloc(bytes, q->bounce_gfp | GFP_USER| __GFP_NOWARN); if (!buffer) return -ENOMEM; memset(buffer, 0, bytes); } rq = blk_get_request(q, in_len ? WRITE : READ, __GFP_WAIT); cmdlen = COMMAND_SIZE(opcode); /* * get command and data to send to device, if any */ err = -EFAULT; rq->cmd_len = cmdlen; if (copy_from_user(rq->cmd, sic->data, cmdlen)) goto error; if (in_len && copy_from_user(buffer, sic->data + cmdlen, in_len)) goto error; err = verify_command(file, rq->cmd); if (err) goto error; /* default. possible overriden later */ rq->retries = 5; switch (opcode) { case SEND_DIAGNOSTIC: case FORMAT_UNIT: rq->timeout = FORMAT_UNIT_TIMEOUT; rq->retries = 1; break; case START_STOP: rq->timeout = START_STOP_TIMEOUT; break; case MOVE_MEDIUM: rq->timeout = MOVE_MEDIUM_TIMEOUT; break; case READ_ELEMENT_STATUS: rq->timeout = READ_ELEMENT_STATUS_TIMEOUT; break; case READ_DEFECT_DATA: rq->timeout = READ_DEFECT_DATA_TIMEOUT; rq->retries = 1; break; default: rq->timeout = BLK_DEFAULT_TIMEOUT; break; } if (bytes && blk_rq_map_kern(q, rq, buffer, bytes, __GFP_WAIT)) { err = DRIVER_ERROR << 24; goto out; } memset(sense, 0, sizeof(sense)); rq->sense = sense; rq->sense_len = 0; rq->cmd_type = REQ_TYPE_BLOCK_PC; blk_execute_rq(q, disk, rq, 0); out: err = rq->errors & 0xff; /* only 8 bit SCSI status */ if (err) { if (rq->sense_len && rq->sense) { bytes = (OMAX_SB_LEN > rq->sense_len) ? rq->sense_len : OMAX_SB_LEN; if (copy_to_user(sic->data, rq->sense, bytes)) err = -EFAULT; } } else { if (copy_to_user(sic->data, buffer, out_len)) err = -EFAULT; } error: kfree(buffer); blk_put_request(rq); return err; }
static int sg_io(struct file *file, request_queue_t *q, struct gendisk *bd_disk, struct sg_io_hdr *hdr) { unsigned long start_time, timeout; int writing = 0, ret = 0; struct request *rq; char sense[SCSI_SENSE_BUFFERSIZE]; unsigned char cmd[BLK_MAX_CDB]; struct bio *bio; if (hdr->interface_id != 'S') return -EINVAL; if (hdr->cmd_len > BLK_MAX_CDB) return -EINVAL; if (copy_from_user(cmd, hdr->cmdp, hdr->cmd_len)) return -EFAULT; if (verify_command(file, cmd)) return -EPERM; if (hdr->dxfer_len > (q->max_hw_sectors << 9)) return -EIO; if (hdr->dxfer_len) switch (hdr->dxfer_direction) { default: return -EINVAL; case SG_DXFER_TO_DEV: writing = 1; break; case SG_DXFER_TO_FROM_DEV: case SG_DXFER_FROM_DEV: break; } rq = blk_get_request(q, writing ? WRITE : READ, GFP_KERNEL); if (!rq) return -ENOMEM; /* * fill in request structure */ rq->cmd_len = hdr->cmd_len; memset(rq->cmd, 0, BLK_MAX_CDB); /* ATAPI hates garbage after CDB */ memcpy(rq->cmd, cmd, hdr->cmd_len); memset(sense, 0, sizeof(sense)); rq->sense = sense; rq->sense_len = 0; rq->cmd_type = REQ_TYPE_BLOCK_PC; timeout = msecs_to_jiffies(hdr->timeout); rq->timeout = (timeout < INT_MAX) ? timeout : INT_MAX; if (!rq->timeout) rq->timeout = q->sg_timeout; if (!rq->timeout) rq->timeout = BLK_DEFAULT_TIMEOUT; if (hdr->iovec_count) { const int size = sizeof(struct sg_iovec) * hdr->iovec_count; struct sg_iovec *iov; iov = kmalloc(size, GFP_KERNEL); if (!iov) { ret = -ENOMEM; goto out; } if (copy_from_user(iov, hdr->dxferp, size)) { kfree(iov); ret = -EFAULT; goto out; } ret = blk_rq_map_user_iov(q, rq, iov, hdr->iovec_count, hdr->dxfer_len); kfree(iov); } else if (hdr->dxfer_len) ret = blk_rq_map_user(q, rq, hdr->dxferp, hdr->dxfer_len); if (ret) goto out; bio = rq->bio; rq->retries = 0; start_time = jiffies; /* ignore return value. All information is passed back to caller * (if he doesn't check that is his problem). * N.B. a non-zero SCSI status is _not_ necessarily an error. */ blk_execute_rq(q, bd_disk, rq, 0); /* write to all output members */ hdr->status = 0xff & rq->errors; hdr->masked_status = status_byte(rq->errors); hdr->msg_status = msg_byte(rq->errors); hdr->host_status = host_byte(rq->errors); hdr->driver_status = driver_byte(rq->errors); hdr->info = 0; if (hdr->masked_status || hdr->host_status || hdr->driver_status) hdr->info |= SG_INFO_CHECK; hdr->resid = rq->data_len; hdr->duration = ((jiffies - start_time) * 1000) / HZ; hdr->sb_len_wr = 0; if (rq->sense_len && hdr->sbp) { int len = min((unsigned int) hdr->mx_sb_len, rq->sense_len); if (!copy_to_user(hdr->sbp, rq->sense, len)) hdr->sb_len_wr = len; } if (blk_rq_unmap_user(bio)) ret = -EFAULT; /* may not have succeeded, but output values written to control * structure (struct sg_io_hdr). */ out: blk_put_request(rq); return ret; }
static int sg_io(struct file *file, request_queue_t *q, struct gendisk *bd_disk, struct sg_io_hdr *hdr) { unsigned long start_time; int reading, writing; struct request *rq; struct bio *bio; char sense[SCSI_SENSE_BUFFERSIZE]; unsigned char cmd[BLK_MAX_CDB]; if (hdr->interface_id != 'S') return -EINVAL; if (hdr->cmd_len > BLK_MAX_CDB) return -EINVAL; if (copy_from_user(cmd, hdr->cmdp, hdr->cmd_len)) return -EFAULT; if (verify_command(file, cmd)) return -EPERM; /* * we'll do that later */ if (hdr->iovec_count) return -EOPNOTSUPP; if (hdr->dxfer_len > (q->max_sectors << 9)) return -EIO; reading = writing = 0; if (hdr->dxfer_len) { switch (hdr->dxfer_direction) { default: return -EINVAL; case SG_DXFER_TO_FROM_DEV: reading = 1; /* fall through */ case SG_DXFER_TO_DEV: writing = 1; break; case SG_DXFER_FROM_DEV: reading = 1; break; } rq = blk_rq_map_user(q, writing ? WRITE : READ, hdr->dxferp, hdr->dxfer_len); if (IS_ERR(rq)) return PTR_ERR(rq); } else rq = blk_get_request(q, READ, __GFP_WAIT); /* * fill in request structure */ rq->cmd_len = hdr->cmd_len; memcpy(rq->cmd, cmd, hdr->cmd_len); if (sizeof(rq->cmd) != hdr->cmd_len) memset(rq->cmd + hdr->cmd_len, 0, sizeof(rq->cmd) - hdr->cmd_len); memset(sense, 0, sizeof(sense)); rq->sense = sense; rq->sense_len = 0; rq->flags |= REQ_BLOCK_PC; bio = rq->bio; /* * bounce this after holding a reference to the original bio, it's * needed for proper unmapping */ if (rq->bio) blk_queue_bounce(q, &rq->bio); rq->timeout = (hdr->timeout * HZ) / 1000; if (!rq->timeout) rq->timeout = q->sg_timeout; if (!rq->timeout) rq->timeout = BLK_DEFAULT_TIMEOUT; start_time = jiffies; /* ignore return value. All information is passed back to caller * (if he doesn't check that is his problem). * N.B. a non-zero SCSI status is _not_ necessarily an error. */ blk_execute_rq(q, bd_disk, rq); /* write to all output members */ hdr->status = rq->errors; hdr->masked_status = (hdr->status >> 1) & 0x1f; hdr->msg_status = 0; hdr->host_status = 0; hdr->driver_status = 0; hdr->info = 0; if (hdr->masked_status || hdr->host_status || hdr->driver_status) hdr->info |= SG_INFO_CHECK; hdr->resid = rq->data_len; hdr->duration = ((jiffies - start_time) * 1000) / HZ; hdr->sb_len_wr = 0; if (rq->sense_len && hdr->sbp) { int len = min((unsigned int) hdr->mx_sb_len, rq->sense_len); if (!copy_to_user(hdr->sbp, rq->sense, len)) hdr->sb_len_wr = len; } if (blk_rq_unmap_user(rq, bio, hdr->dxfer_len)) return -EFAULT; /* may not have succeeded, but output values written to control * structure (struct sg_io_hdr). */ return 0; }
int MAIN(int argc, char **argv) { int ret = 1; char *configfile = NULL; char *section = NULL; CONF *conf = NULL; enum mode { CMD_NONE, CMD_QUERY, CMD_REPLY, CMD_VERIFY } mode = CMD_NONE; char *data = NULL; char *digest = NULL; const EVP_MD *md = NULL; char *rnd = NULL; char *policy = NULL; int no_nonce = 0; int cert = 0; char *in = NULL; char *out = NULL; int text = 0; char *queryfile = NULL; char *passin = NULL; /* Password source. */ char *password =NULL; /* Password itself. */ char *inkey = NULL; char *signer = NULL; char *chain = NULL; char *ca_path = NULL; char *ca_file = NULL; char *untrusted = NULL; char *engine = NULL; /* Input is ContentInfo instead of TimeStampResp. */ int token_in = 0; /* Output is ContentInfo instead of TimeStampResp. */ int token_out = 0; int free_bio_err = 0; ERR_load_crypto_strings(); apps_startup(); if (bio_err == NULL && (bio_err = BIO_new(BIO_s_file())) != NULL) { free_bio_err = 1; BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT); } if (!load_config(bio_err, NULL)) goto cleanup; for (argc--, argv++; argc > 0; argc--, argv++) { if (strcmp(*argv, "-config") == 0) { if (argc-- < 1) goto usage; configfile = *++argv; } else if (strcmp(*argv, "-section") == 0) { if (argc-- < 1) goto usage; section = *++argv; } else if (strcmp(*argv, "-query") == 0) { if (mode != CMD_NONE) goto usage; mode = CMD_QUERY; } else if (strcmp(*argv, "-data") == 0) { if (argc-- < 1) goto usage; data = *++argv; } else if (strcmp(*argv, "-digest") == 0) { if (argc-- < 1) goto usage; digest = *++argv; } else if (strcmp(*argv, "-rand") == 0) { if (argc-- < 1) goto usage; rnd = *++argv; } else if (strcmp(*argv, "-policy") == 0) { if (argc-- < 1) goto usage; policy = *++argv; } else if (strcmp(*argv, "-no_nonce") == 0) { no_nonce = 1; } else if (strcmp(*argv, "-cert") == 0) { cert = 1; } else if (strcmp(*argv, "-in") == 0) { if (argc-- < 1) goto usage; in = *++argv; } else if (strcmp(*argv, "-token_in") == 0) { token_in = 1; } else if (strcmp(*argv, "-out") == 0) { if (argc-- < 1) goto usage; out = *++argv; } else if (strcmp(*argv, "-token_out") == 0) { token_out = 1; } else if (strcmp(*argv, "-text") == 0) { text = 1; } else if (strcmp(*argv, "-reply") == 0) { if (mode != CMD_NONE) goto usage; mode = CMD_REPLY; } else if (strcmp(*argv, "-queryfile") == 0) { if (argc-- < 1) goto usage; queryfile = *++argv; } else if (strcmp(*argv, "-passin") == 0) { if (argc-- < 1) goto usage; passin = *++argv; } else if (strcmp(*argv, "-inkey") == 0) { if (argc-- < 1) goto usage; inkey = *++argv; } else if (strcmp(*argv, "-signer") == 0) { if (argc-- < 1) goto usage; signer = *++argv; } else if (strcmp(*argv, "-chain") == 0) { if (argc-- < 1) goto usage; chain = *++argv; } else if (strcmp(*argv, "-verify") == 0) { if (mode != CMD_NONE) goto usage; mode = CMD_VERIFY; } else if (strcmp(*argv, "-CApath") == 0) { if (argc-- < 1) goto usage; ca_path = *++argv; } else if (strcmp(*argv, "-CAfile") == 0) { if (argc-- < 1) goto usage; ca_file = *++argv; } else if (strcmp(*argv, "-untrusted") == 0) { if (argc-- < 1) goto usage; untrusted = *++argv; } else if (strcmp(*argv, "-engine") == 0) { if (argc-- < 1) goto usage; engine = *++argv; } else if ((md = EVP_get_digestbyname(*argv + 1)) != NULL) { /* empty. */ } else goto usage; } /* Seed the random number generator if it is going to be used. */ if (mode == CMD_QUERY && !no_nonce) { if (!app_RAND_load_file(NULL, bio_err, 1) && rnd == NULL) BIO_printf(bio_err, "warning, not much extra random " "data, consider using the -rand option\n"); if (rnd != NULL) BIO_printf(bio_err,"%ld semi-random bytes loaded\n", app_RAND_load_files(rnd)); } /* Get the password if required. */ if(mode == CMD_REPLY && passin && !app_passwd(bio_err, passin, NULL, &password, NULL)) { BIO_printf(bio_err,"Error getting password.\n"); goto cleanup; } /* Check consistency of parameters and execute the appropriate function. */ switch (mode) { case CMD_NONE: goto usage; case CMD_QUERY: /* Data file and message imprint cannot be specified at the same time. */ ret = data != NULL && digest != NULL; if (ret) goto usage; /* Load the config file for possible policy OIDs. */ conf = load_config_file(configfile); ret = !query_command(data, digest, md, policy, no_nonce, cert, in, out, text); break; case CMD_REPLY: conf = load_config_file(configfile); if (in == NULL) { ret = !(queryfile != NULL && conf != NULL && !token_in); if (ret) goto usage; } else { /* 'in' and 'queryfile' are exclusive. */ ret = !(queryfile == NULL); if (ret) goto usage; } ret = !reply_command(conf, section, engine, queryfile, password, inkey, signer, chain, policy, in, token_in, out, token_out, text); break; case CMD_VERIFY: ret = !(((queryfile && !data && !digest) || (!queryfile && data && !digest) || (!queryfile && !data && digest)) && in != NULL); if (ret) goto usage; ret = !verify_command(data, digest, queryfile, in, token_in, ca_path, ca_file, untrusted); } goto cleanup; usage: BIO_printf(bio_err, "usage:\n" "ts -query [-rand file%cfile%c...] [-config configfile] " "[-data file_to_hash] [-digest digest_bytes]" "[-md2|-md4|-md5|-sha|-sha1|-mdc2|-ripemd160] " "[-policy object_id] [-no_nonce] [-cert] " "[-in request.tsq] [-out request.tsq] [-text]\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR); BIO_printf(bio_err, "or\n" "ts -reply [-config configfile] [-section tsa_section] " "[-queryfile request.tsq] [-passin password] " "[-signer tsa_cert.pem] [-inkey private_key.pem] " "[-chain certs_file.pem] [-policy object_id] " "[-in response.tsr] [-token_in] " "[-out response.tsr] [-token_out] [-text] [-engine id]\n"); BIO_printf(bio_err, "or\n" "ts -verify [-data file_to_hash] [-digest digest_bytes] " "[-queryfile request.tsq] " "-in response.tsr [-token_in] " "-CApath ca_path -CAfile ca_file.pem " "-untrusted cert_file.pem\n"); cleanup: /* Clean up. */ app_RAND_write_file(NULL, bio_err); NCONF_free(conf); OPENSSL_free(password); OBJ_cleanup(); if (free_bio_err) { BIO_free_all(bio_err); bio_err = NULL; } OPENSSL_EXIT(ret); }
int ts_main(int argc, char **argv) { CONF *conf = NULL; char *CAfile = NULL, *untrusted = NULL, *engine = NULL, *prog, **helpp; char *configfile = NULL, *section = NULL, *password = NULL; char *data = NULL, *digest = NULL, *rnd = NULL, *policy = NULL; char *in = NULL, *out = NULL, *queryfile = NULL, *passin = NULL; char *inkey = NULL, *signer = NULL, *chain = NULL, *CApath = NULL; const EVP_MD *md = NULL; OPTION_CHOICE o, mode = OPT_ERR; int ret = 1, no_nonce = 0, cert = 0, text = 0; /* Input is ContentInfo instead of TimeStampResp. */ int token_in = 0; /* Output is ContentInfo instead of TimeStampResp. */ int token_out = 0; prog = opt_init(argc, argv, ts_options); while ((o = opt_next()) != OPT_EOF) { switch (o) { case OPT_EOF: case OPT_ERR: opthelp: BIO_printf(bio_err, "%s: Use -help for summary.\n", prog); goto end; case OPT_HELP: opt_help(ts_options); for (helpp = opt_helplist; *helpp; ++helpp) BIO_printf(bio_err, "%s\n", *helpp); ret = 0; goto end; case OPT_CONFIG: configfile = opt_arg(); break; case OPT_SECTION: section = opt_arg(); break; case OPT_QUERY: case OPT_REPLY: case OPT_VERIFY: if (mode != OPT_ERR) goto opthelp; mode = o; break; case OPT_DATA: data = opt_arg(); break; case OPT_DIGEST: digest = opt_arg(); break; case OPT_RAND: rnd = opt_arg(); break; case OPT_POLICY: policy = opt_arg(); break; case OPT_NO_NONCE: no_nonce = 1; break; case OPT_CERT: cert = 1; break; case OPT_IN: in = opt_arg(); break; case OPT_TOKEN_IN: token_in = 1; break; case OPT_OUT: out = opt_arg(); break; case OPT_TOKEN_OUT: token_out = 1; break; case OPT_TEXT: text = 1; break; case OPT_QUERYFILE: queryfile = opt_arg(); break; case OPT_PASSIN: passin = opt_arg(); break; case OPT_INKEY: inkey = opt_arg(); break; case OPT_SIGNER: signer = opt_arg(); break; case OPT_CHAIN: chain = opt_arg(); break; case OPT_CAPATH: CApath = opt_arg(); break; case OPT_CAFILE: CAfile = opt_arg(); break; case OPT_UNTRUSTED: untrusted = opt_arg(); break; case OPT_ENGINE: engine = opt_arg(); break; case OPT_MD: if (!opt_md(opt_unknown(), &md)) goto opthelp; break; } } argc = opt_num_rest(); argv = opt_rest(); if (mode == OPT_ERR || argc != 0) goto opthelp; /* Seed the random number generator if it is going to be used. */ if (mode == OPT_QUERY && !no_nonce) { if (!app_RAND_load_file(NULL, 1) && rnd == NULL) BIO_printf(bio_err, "warning, not much extra random " "data, consider using the -rand option\n"); if (rnd != NULL) BIO_printf(bio_err, "%ld semi-random bytes loaded\n", app_RAND_load_files(rnd)); } /* Get the password if required. */ if (mode == OPT_REPLY && passin && !app_passwd(passin, NULL, &password, NULL)) { BIO_printf(bio_err, "Error getting password.\n"); goto end; } /* * Check consistency of parameters and execute the appropriate function. */ switch (mode) { default: case OPT_ERR: goto opthelp; case OPT_QUERY: /* * Data file and message imprint cannot be specified at the same * time. */ ret = data != NULL && digest != NULL; if (ret) goto opthelp; /* Load the config file for possible policy OIDs. */ conf = load_config_file(configfile); ret = !query_command(data, digest, md, policy, no_nonce, cert, in, out, text); break; case OPT_REPLY: conf = load_config_file(configfile); if (in == NULL) { ret = !(queryfile != NULL && conf != NULL && !token_in); if (ret) goto opthelp; } else { /* 'in' and 'queryfile' are exclusive. */ ret = !(queryfile == NULL); if (ret) goto opthelp; } ret = !reply_command(conf, section, engine, queryfile, password, inkey, signer, chain, policy, in, token_in, out, token_out, text); break; case OPT_VERIFY: ret = !(((queryfile && !data && !digest) || (!queryfile && data && !digest) || (!queryfile && !data && digest)) && in != NULL); if (ret) goto opthelp; ret = !verify_command(data, digest, queryfile, in, token_in, CApath, CAfile, untrusted); } end: /* Clean up. */ app_RAND_write_file(NULL); NCONF_free(conf); OPENSSL_free(password); OBJ_cleanup(); return (ret); }