1 /* @(#) $Id: ./src/os_auth/main-client.c, 2012/02/07 dcid Exp $
4 /* Copyright (C) 2010 Trend Micro Inc.
7 * This program is a free software; you can redistribute it
8 * and/or modify it under the terms of the GNU General Public
9 * License (version 2) as published by the FSF - Free Software
12 * In addition, as a special exception, the copyright holders give
13 * permission to link the code of portions of this program with the
14 * OpenSSL library under certain conditions as described in each
15 * individual source file, and distribute linked combinations
18 * You must obey the GNU General Public License in all respects
19 * for all of the code used other than OpenSSL. If you modify
20 * file(s) with this exception, you may extend this exception to your
21 * version of the file(s), but you are not obligated to do so. If you
22 * do not wish to do so, delete this exception statement from your
23 * version. If you delete this exception statement from all source
24 * files in the program, then also delete it here.
34 printf("ERROR: Not compiled. Missing OpenSSL support.\n");
41 #include <openssl/ssl.h>
48 printf("\nOSSEC HIDS %s: Connects to the manager to extract the agent key.\n", ARGV0);
49 printf("Available options:\n");
50 printf("\t-h This help message.\n");
51 printf("\t-m <manager ip> Manager IP Address.\n");
52 printf("\t-p <port> Manager port (default 1515).\n");
53 printf("\t-A <agent name> Agent name (default is the hostname).\n");
54 printf("\t-D <OSSEC Dir> Location where OSSEC is installed.\n");
60 int main(int argc, char **argv)
62 int c, test_config = 0;
67 int sock = 0, port = 1515, ret = 0;
68 char *dir = DEFAULTDIR;
70 char *group = GROUPGLOBAL;
71 char *cfg = DEFAULTCPATH;
73 char *agentname = NULL;
74 char lhostname[512 + 1];
85 /* Setting the name */
88 while((c = getopt(argc, argv, "Vdhu:g:D:c:m:p:A:")) != -1)
102 ErrorExit("%s: -u needs an argument",ARGV0);
107 ErrorExit("%s: -g needs an argument",ARGV0);
112 ErrorExit("%s: -D needs an argument",ARGV0);
117 ErrorExit("%s: -c needs an argument",ARGV0);
125 ErrorExit("%s: -%c needs an argument",ARGV0, c);
130 ErrorExit("%s: -%c needs an argument",ARGV0, c);
135 ErrorExit("%s: -%c needs an argument",ARGV0, c);
137 if(port <= 0 || port >= 65536)
139 ErrorExit("%s: Invalid port: %s", ARGV0, optarg);
148 /* Starting daemon */
149 debug1(STARTED_MSG,ARGV0);
153 /* Check if the user/group given are valid */
154 gid = Privsep_GetGroup(group);
156 ErrorExit(USER_ERROR,ARGV0,user,group);
160 /* Privilege separation */
161 if(Privsep_SetGroup(gid) < 0)
162 ErrorExit(SETGID_ERROR,ARGV0,group);
166 /* Signal manipulation */
171 /* Creating PID files */
172 if(CreatePID(ARGV0, getpid()) < 0)
173 ErrorExit(PID_ERROR,ARGV0);
177 /* Start up message */
178 verbose(STARTUP_MSG, ARGV0, (int)getpid());
181 if(agentname == NULL)
183 lhostname[512] = '\0';
184 if(gethostname(lhostname, 512 -1) != 0)
186 merror("%s: ERROR: Unable to extract hostname. Custom agent name not set.", ARGV0);
189 agentname = lhostname;
195 ctx = os_ssl_keys(1, NULL);
198 merror("%s: ERROR: SSL error. Exiting.", ARGV0);
204 merror("%s: ERROR: Manager IP not set.", ARGV0);
209 /* Connecting via TCP */
210 sock = OS_ConnectTCP(port, manager, 0);
213 merror("%s: Unable to connect to %s:%d", ARGV0, manager, port);
218 /* Connecting the SSL socket */
220 sbio = BIO_new_socket(sock, BIO_NOCLOSE);
221 SSL_set_bio(ssl, sbio, sbio);
224 ret = SSL_connect(ssl);
227 ERR_print_errors_fp(stderr);
228 merror("%s: ERROR: SSL error (%d). Exiting.", ARGV0, ret);
233 printf("INFO: Connected to %s:%d\n", manager, port);
234 printf("INFO: Using agent name as: %s\n", agentname);
237 snprintf(buf, 2048, "OSSEC A:'%s'\n", agentname);
238 ret = SSL_write(ssl, buf, strlen(buf));
241 printf("SSL write error (unable to send message.)\n");
242 ERR_print_errors_fp(stderr);
246 printf("INFO: Send request to manager. Waiting for reply.\n");
250 ret = SSL_read(ssl,buf,sizeof(buf) -1);
251 switch(SSL_get_error(ssl,ret))
255 if(strncmp(buf, "ERROR", 5) == 0)
258 tmpstr = strchr(buf, '\n');
259 if(tmpstr) *tmpstr = '\0';
260 printf("%s (from manager)\n", buf);
262 else if(strncmp(buf, "OSSEC K:'",9) == 0)
267 printf("INFO: Received response with agent key\n");
271 tmpstr = strchr(key, '\'');
274 printf("ERROR: Invalid key received. Closing connection.\n");
278 entry = OS_StrBreak(' ', key, 4);
279 if(!OS_IsValidID(entry[0]) || !OS_IsValidName(entry[1]) ||
280 !OS_IsValidName(entry[2]) || !OS_IsValidName(entry[3]))
282 printf("ERROR: Invalid key received (2). Closing connection.\n");
288 fp = fopen(KEYSFILE_PATH,"w");
291 printf("ERROR: Unable to open key file: %s", KEYSFILE_PATH);
294 fprintf(fp, "%s\n", key);
297 printf("INFO: Valid key created. Finished.\n");
300 case SSL_ERROR_ZERO_RETURN:
301 case SSL_ERROR_SYSCALL:
302 printf("INFO: Connection closed.\n");
306 printf("ERROR: SSL read (unable to receive message)\n");
315 /* Shutdown the socket */