/mandos/release

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/release
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
1
/*  -*- coding: utf-8 -*- */
2
/*
3
 * Mandos client - get and decrypt data from a Mandos server
4
 *
5
 * This program is partly derived from an example program for an Avahi
6
 * service browser, downloaded from
7
 * <http://avahi.org/browser/examples/core-browse-services.c>.  This
8
 * includes the following functions: "resolve_callback",
9
 * "browse_callback", and parts of "main".
10
 * 
28 by Teddy Hogeborn
* server.conf: New file.
11
 * Everything else is
12
 * Copyright © 2007-2008 Teddy Hogeborn & Björn Påhlsson
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
13
 * 
14
 * This program is free software: you can redistribute it and/or
15
 * modify it under the terms of the GNU General Public License as
16
 * published by the Free Software Foundation, either version 3 of the
17
 * License, or (at your option) any later version.
18
 * 
19
 * This program is distributed in the hope that it will be useful, but
20
 * WITHOUT ANY WARRANTY; without even the implied warranty of
21
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
22
 * General Public License for more details.
23
 * 
24
 * You should have received a copy of the GNU General Public License
25
 * along with this program.  If not, see
26
 * <http://www.gnu.org/licenses/>.
27
 * 
31 by Teddy Hogeborn
* plugins.d/plugbasedclient.c: Update include file comments.
28
 * Contact the authors at <mandos@fukt.bsnet.se>.
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
29
 */
30
28 by Teddy Hogeborn
* server.conf: New file.
31
/* Needed by GPGME, specifically gpgme_data_seek() */
13 by Björn Påhlsson
Added following support:
32
#define _LARGEFILE_SOURCE
33
#define _FILE_OFFSET_BITS 64
34
24.1.10 by Björn Påhlsson
merge commit
35
#define _GNU_SOURCE		/* TEMP_FAILURE_RETRY() */
36
24.1.29 by Björn Påhlsson
Added more header file comments
37
#include <stdio.h>		/* fprintf(), stderr, fwrite(), stdout,
38
				   ferror() */
24.1.26 by Björn Påhlsson
tally count of used symbols
39
#include <stdint.h> 		/* uint16_t, uint32_t */
40
#include <stddef.h>		/* NULL, size_t, ssize_t */
24.1.29 by Björn Påhlsson
Added more header file comments
41
#include <stdlib.h> 		/* free(), EXIT_SUCCESS, EXIT_FAILURE,
42
				   srand() */
24.1.26 by Björn Påhlsson
tally count of used symbols
43
#include <stdbool.h>		/* bool, true */
24.1.29 by Björn Påhlsson
Added more header file comments
44
#include <string.h>		/* memset(), strcmp(), strlen(),
45
				   strerror(), memcpy(), strcpy() */
46
#include <sys/ioctl.h>          /* ioctl */
24.1.26 by Björn Påhlsson
tally count of used symbols
47
#include <sys/types.h>		/* socket(), inet_pton(), sockaddr,
24.1.29 by Björn Påhlsson
Added more header file comments
48
				   sockaddr_in6, PF_INET6,
49
				   SOCK_STREAM, INET6_ADDRSTRLEN,
50
				   uid_t, gid_t */
60 by Teddy Hogeborn
* mandos-client.c (main): Cast pid_t to unsigned int before printing.
51
#include <inttypes.h>		/* PRIu16 */
24.1.26 by Björn Påhlsson
tally count of used symbols
52
#include <sys/socket.h>		/* socket(), struct sockaddr_in6,
53
				   struct in6_addr, inet_pton(),
54
				   connect() */
24.1.29 by Björn Påhlsson
Added more header file comments
55
#include <assert.h>		/* assert() */
56
#include <errno.h>		/* perror(), errno */
57
#include <time.h>		/* time() */
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
58
#include <net/if.h>		/* ioctl, ifreq, SIOCGIFFLAGS, IFF_UP,
24.1.26 by Björn Påhlsson
tally count of used symbols
59
				   SIOCSIFFLAGS, if_indextoname(),
60
				   if_nametoindex(), IF_NAMESIZE */
24.1.29 by Björn Påhlsson
Added more header file comments
61
#include <unistd.h>		/* close(), SEEK_SET, off_t, write(),
62
				   getuid(), getgid(), setuid(),
63
				   setgid() */
13 by Björn Påhlsson
Added following support:
64
#include <netinet/in.h>
24.1.26 by Björn Påhlsson
tally count of used symbols
65
#include <arpa/inet.h>		/* inet_pton(), htons */
24.1.29 by Björn Påhlsson
Added more header file comments
66
#include <iso646.h>		/* not, and */
67
#include <argp.h>		/* struct argp_option, error_t, struct
68
				   argp_state, struct argp,
69
				   argp_parse(), ARGP_KEY_ARG,
70
				   ARGP_KEY_END, ARGP_ERR_UNKNOWN */
24.1.26 by Björn Påhlsson
tally count of used symbols
71
72
/* Avahi */
24.1.29 by Björn Påhlsson
Added more header file comments
73
/* All Avahi types, constants and functions
74
 Avahi*, avahi_*,
75
 AVAHI_* */
76
#include <avahi-core/core.h>
24.1.26 by Björn Påhlsson
tally count of used symbols
77
#include <avahi-core/lookup.h>
24.1.29 by Björn Påhlsson
Added more header file comments
78
#include <avahi-core/log.h>
24.1.26 by Björn Påhlsson
tally count of used symbols
79
#include <avahi-common/simple-watch.h>
80
#include <avahi-common/malloc.h>
81
#include <avahi-common/error.h>
82
83
/* GnuTLS */
24.1.29 by Björn Påhlsson
Added more header file comments
84
#include <gnutls/gnutls.h>	/* All GnuTLS types, constants and functions
85
				   gnutls_*
24.1.26 by Björn Påhlsson
tally count of used symbols
86
				   init_gnutls_session(),
24.1.29 by Björn Påhlsson
Added more header file comments
87
				   GNUTLS_* */
88
#include <gnutls/openpgp.h>     /* gnutls_certificate_set_openpgp_key_file(),
89
				   GNUTLS_OPENPGP_FMT_BASE64 */
24.1.26 by Björn Påhlsson
tally count of used symbols
90
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
91
/* GPGME */
24.1.29 by Björn Påhlsson
Added more header file comments
92
#include <gpgme.h> 		/* All GPGME types, constants and functions
93
				   gpgme_*
24.1.26 by Björn Påhlsson
tally count of used symbols
94
				   GPGME_PROTOCOL_OpenPGP,
24.1.29 by Björn Påhlsson
Added more header file comments
95
				   GPG_ERR_NO_* */
13 by Björn Påhlsson
Added following support:
96
97
#define BUFFER_SIZE 256
37 by Teddy Hogeborn
Non-tested commit for merge purposes.
98
15.1.2 by Björn Påhlsson
Added debug options from passprompt as --debug and --debug=passprompt
99
bool debug = false;
42 by Teddy Hogeborn
* plugins.d/mandosclient.c (start_mandos_communication): Change "to"
100
static const char *keydir = "/conf/conf.d/mandos";
43 by Teddy Hogeborn
* plugins.d/mandosclient.c: Cosmetic changes.
101
static const char mandos_protocol_version[] = "1";
24.1.37 by Björn Påhlsson
name change for argp
102
const char *argp_program_version = "password-request 1.0";
24.1.14 by Björn Påhlsson
mandosclient
103
const char *argp_program_bug_address = "<mandos@fukt.bsnet.se>";
24.1.10 by Björn Påhlsson
merge commit
104
42 by Teddy Hogeborn
* plugins.d/mandosclient.c (start_mandos_communication): Change "to"
105
/* Used for passing in values through the Avahi callback functions */
13 by Björn Påhlsson
Added following support:
106
typedef struct {
24.1.9 by Björn Påhlsson
not working midwork...
107
  AvahiSimplePoll *simple_poll;
108
  AvahiServer *server;
13 by Björn Påhlsson
Added following support:
109
  gnutls_certificate_credentials_t cred;
24.1.9 by Björn Påhlsson
not working midwork...
110
  unsigned int dh_bits;
24.1.13 by Björn Påhlsson
mandosclient
111
  gnutls_dh_params_t dh_params;
24.1.9 by Björn Påhlsson
not working midwork...
112
  const char *priority;
113
} mandos_context;
13 by Björn Påhlsson
Added following support:
114
43 by Teddy Hogeborn
* plugins.d/mandosclient.c: Cosmetic changes.
115
/*
116
 * Make room in "buffer" for at least BUFFER_SIZE additional bytes.
42 by Teddy Hogeborn
* plugins.d/mandosclient.c (start_mandos_communication): Change "to"
117
 * "buffer_capacity" is how much is currently allocated,
43 by Teddy Hogeborn
* plugins.d/mandosclient.c: Cosmetic changes.
118
 * "buffer_length" is how much is already used.
119
 */
24.1.12 by Björn Påhlsson
merge +
120
size_t adjustbuffer(char **buffer, size_t buffer_length,
24.1.10 by Björn Påhlsson
merge commit
121
		  size_t buffer_capacity){
122
  if (buffer_length + BUFFER_SIZE > buffer_capacity){
24.1.12 by Björn Påhlsson
merge +
123
    *buffer = realloc(*buffer, buffer_capacity + BUFFER_SIZE);
24.1.10 by Björn Påhlsson
merge commit
124
    if (buffer == NULL){
125
      return 0;
126
    }
127
    buffer_capacity += BUFFER_SIZE;
128
  }
129
  return buffer_capacity;
130
}
131
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
132
/* 
133
 * Decrypt OpenPGP data using keyrings in HOMEDIR.
134
 * Returns -1 on error
135
 */
136
static ssize_t pgp_packet_decrypt (const char *cryptotext,
137
				   size_t crypto_size,
138
				   char **plaintext,
36 by Teddy Hogeborn
* TODO: Converted to org-mode style
139
				   const char *homedir){
13 by Björn Påhlsson
Added following support:
140
  gpgme_data_t dh_crypto, dh_plain;
141
  gpgme_ctx_t ctx;
142
  gpgme_error_t rc;
143
  ssize_t ret;
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
144
  size_t plaintext_capacity = 0;
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
145
  ssize_t plaintext_length = 0;
13 by Björn Påhlsson
Added following support:
146
  gpgme_engine_info_t engine_info;
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
147
  
15.1.1 by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient
148
  if (debug){
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
149
    fprintf(stderr, "Trying to decrypt OpenPGP data\n");
15.1.1 by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient
150
  }
151
  
13 by Björn Påhlsson
Added following support:
152
  /* Init GPGME */
153
  gpgme_check_version(NULL);
24.1.4 by Björn Påhlsson
Added optional parameters certdir, certkey and certfile that can be iven at start in the command line.
154
  rc = gpgme_engine_check_version(GPGME_PROTOCOL_OpenPGP);
155
  if (rc != GPG_ERR_NO_ERROR){
156
    fprintf(stderr, "bad gpgme_engine_check_version: %s: %s\n",
157
	    gpgme_strsource(rc), gpgme_strerror(rc));
158
    return -1;
159
  }
13 by Björn Påhlsson
Added following support:
160
  
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
161
  /* Set GPGME home directory for the OpenPGP engine only */
13 by Björn Påhlsson
Added following support:
162
  rc = gpgme_get_engine_info (&engine_info);
163
  if (rc != GPG_ERR_NO_ERROR){
164
    fprintf(stderr, "bad gpgme_get_engine_info: %s: %s\n",
165
	    gpgme_strsource(rc), gpgme_strerror(rc));
166
    return -1;
167
  }
168
  while(engine_info != NULL){
169
    if(engine_info->protocol == GPGME_PROTOCOL_OpenPGP){
170
      gpgme_set_engine_info(GPGME_PROTOCOL_OpenPGP,
171
			    engine_info->file_name, homedir);
172
      break;
173
    }
174
    engine_info = engine_info->next;
175
  }
176
  if(engine_info == NULL){
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
177
    fprintf(stderr, "Could not set GPGME home dir to %s\n", homedir);
13 by Björn Påhlsson
Added following support:
178
    return -1;
179
  }
180
  
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
181
  /* Create new GPGME data buffer from memory cryptotext */
182
  rc = gpgme_data_new_from_mem(&dh_crypto, cryptotext, crypto_size,
183
			       0);
13 by Björn Påhlsson
Added following support:
184
  if (rc != GPG_ERR_NO_ERROR){
185
    fprintf(stderr, "bad gpgme_data_new_from_mem: %s: %s\n",
186
	    gpgme_strsource(rc), gpgme_strerror(rc));
187
    return -1;
188
  }
189
  
190
  /* Create new empty GPGME data buffer for the plaintext */
191
  rc = gpgme_data_new(&dh_plain);
192
  if (rc != GPG_ERR_NO_ERROR){
193
    fprintf(stderr, "bad gpgme_data_new: %s: %s\n",
194
	    gpgme_strsource(rc), gpgme_strerror(rc));
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
195
    gpgme_data_release(dh_crypto);
13 by Björn Påhlsson
Added following support:
196
    return -1;
197
  }
198
  
199
  /* Create new GPGME "context" */
200
  rc = gpgme_new(&ctx);
201
  if (rc != GPG_ERR_NO_ERROR){
202
    fprintf(stderr, "bad gpgme_new: %s: %s\n",
203
	    gpgme_strsource(rc), gpgme_strerror(rc));
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
204
    plaintext_length = -1;
205
    goto decrypt_end;
13 by Björn Påhlsson
Added following support:
206
  }
207
  
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
208
  /* Decrypt data from the cryptotext data buffer to the plaintext
209
     data buffer */
13 by Björn Påhlsson
Added following support:
210
  rc = gpgme_op_decrypt(ctx, dh_crypto, dh_plain);
211
  if (rc != GPG_ERR_NO_ERROR){
212
    fprintf(stderr, "bad gpgme_op_decrypt: %s: %s\n",
213
	    gpgme_strsource(rc), gpgme_strerror(rc));
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
214
    plaintext_length = -1;
215
    goto decrypt_end;
13 by Björn Påhlsson
Added following support:
216
  }
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
217
  
15.1.1 by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient
218
  if(debug){
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
219
    fprintf(stderr, "Decryption of OpenPGP data succeeded\n");
15.1.1 by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient
220
  }
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
221
  
15.1.1 by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient
222
  if (debug){
223
    gpgme_decrypt_result_t result;
224
    result = gpgme_op_decrypt_result(ctx);
225
    if (result == NULL){
226
      fprintf(stderr, "gpgme_op_decrypt_result failed\n");
227
    } else {
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
228
      fprintf(stderr, "Unsupported algorithm: %s\n",
229
	      result->unsupported_algorithm);
60 by Teddy Hogeborn
* mandos-client.c (main): Cast pid_t to unsigned int before printing.
230
      fprintf(stderr, "Wrong key usage: %u\n",
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
231
	      result->wrong_key_usage);
15.1.1 by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient
232
      if(result->file_name != NULL){
233
	fprintf(stderr, "File name: %s\n", result->file_name);
234
      }
235
      gpgme_recipient_t recipient;
236
      recipient = result->recipients;
237
      if(recipient){
238
	while(recipient != NULL){
239
	  fprintf(stderr, "Public key algorithm: %s\n",
240
		  gpgme_pubkey_algo_name(recipient->pubkey_algo));
241
	  fprintf(stderr, "Key ID: %s\n", recipient->keyid);
242
	  fprintf(stderr, "Secret key available: %s\n",
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
243
		  recipient->status == GPG_ERR_NO_SECKEY
244
		  ? "No" : "Yes");
15.1.1 by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient
245
	  recipient = recipient->next;
246
	}
247
      }
248
    }
249
  }
13 by Björn Påhlsson
Added following support:
250
  
251
  /* Seek back to the beginning of the GPGME plaintext data buffer */
24.1.5 by Björn Påhlsson
plugbasedclient:
252
  if (gpgme_data_seek(dh_plain, (off_t) 0, SEEK_SET) == -1){
253
    perror("pgpme_data_seek");
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
254
    plaintext_length = -1;
255
    goto decrypt_end;
24.1.5 by Björn Påhlsson
plugbasedclient:
256
  }
257
  
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
258
  *plaintext = NULL;
13 by Björn Påhlsson
Added following support:
259
  while(true){
42 by Teddy Hogeborn
* plugins.d/mandosclient.c (start_mandos_communication): Change "to"
260
    plaintext_capacity = adjustbuffer(plaintext,
261
				      (size_t)plaintext_length,
24.1.12 by Björn Påhlsson
merge +
262
				      plaintext_capacity);
263
    if (plaintext_capacity == 0){
24.1.10 by Björn Påhlsson
merge commit
264
	perror("adjustbuffer");
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
265
	plaintext_length = -1;
266
	goto decrypt_end;
13 by Björn Påhlsson
Added following support:
267
    }
268
    
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
269
    ret = gpgme_data_read(dh_plain, *plaintext + plaintext_length,
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
270
			  BUFFER_SIZE);
13 by Björn Påhlsson
Added following support:
271
    /* Print the data, if any */
272
    if (ret == 0){
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
273
      /* EOF */
13 by Björn Påhlsson
Added following support:
274
      break;
275
    }
276
    if(ret < 0){
277
      perror("gpgme_data_read");
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
278
      plaintext_length = -1;
279
      goto decrypt_end;
13 by Björn Påhlsson
Added following support:
280
    }
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
281
    plaintext_length += ret;
13 by Björn Påhlsson
Added following support:
282
  }
283
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
284
  if(debug){
285
    fprintf(stderr, "Decrypted password is: ");
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
286
    for(ssize_t i = 0; i < plaintext_length; i++){
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
287
      fprintf(stderr, "%02hhX ", (*plaintext)[i]);
288
    }
289
    fprintf(stderr, "\n");
290
  }
291
  
292
 decrypt_end:
293
  
294
  /* Delete the GPGME cryptotext data buffer */
295
  gpgme_data_release(dh_crypto);
15.1.3 by Björn Påhlsson
Added getopt_long support for mandosclient and passprompt
296
  
297
  /* Delete the GPGME plaintext data buffer */
13 by Björn Påhlsson
Added following support:
298
  gpgme_data_release(dh_plain);
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
299
  return plaintext_length;
13 by Björn Påhlsson
Added following support:
300
}
301
302
static const char * safer_gnutls_strerror (int value) {
303
  const char *ret = gnutls_strerror (value);
304
  if (ret == NULL)
305
    ret = "(unknown)";
306
  return ret;
307
}
308
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
309
/* GnuTLS log function callback */
36 by Teddy Hogeborn
* TODO: Converted to org-mode style
310
static void debuggnutls(__attribute__((unused)) int level,
311
			const char* string){
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
312
  fprintf(stderr, "GnuTLS: %s", string);
13 by Björn Påhlsson
Added following support:
313
}
314
24.1.14 by Björn Påhlsson
mandosclient
315
static int init_gnutls_global(mandos_context *mc,
316
			      const char *pubkeyfile,
317
			      const char *seckeyfile){
13 by Björn Påhlsson
Added following support:
318
  int ret;
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
319
  
15.1.1 by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient
320
  if(debug){
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
321
    fprintf(stderr, "Initializing GnuTLS\n");
15.1.1 by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient
322
  }
24.1.29 by Björn Påhlsson
Added more header file comments
323
  
324
  ret = gnutls_global_init();
325
  if (ret != GNUTLS_E_SUCCESS) {
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
326
    fprintf (stderr, "GnuTLS global_init: %s\n",
327
	     safer_gnutls_strerror(ret));
13 by Björn Påhlsson
Added following support:
328
    return -1;
329
  }
38 by Teddy Hogeborn
* plugbasedclient.c (main): New "--userid" and "--groupid" options.
330
  
15.1.1 by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient
331
  if (debug){
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
332
    /* "Use a log level over 10 to enable all debugging options."
333
     * - GnuTLS manual
334
     */
15.1.1 by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient
335
    gnutls_global_set_log_level(11);
336
    gnutls_global_set_log_function(debuggnutls);
337
  }
338
  
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
339
  /* OpenPGP credentials */
24.1.29 by Björn Påhlsson
Added more header file comments
340
  gnutls_certificate_allocate_credentials(&mc->cred);
341
  if (ret != GNUTLS_E_SUCCESS){
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
342
    fprintf (stderr, "GnuTLS memory error: %s\n",
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
343
	     safer_gnutls_strerror(ret));
24.1.20 by Björn Påhlsson
mandosclient
344
    gnutls_global_deinit ();
13 by Björn Påhlsson
Added following support:
345
    return -1;
346
  }
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
347
  
15.1.1 by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient
348
  if(debug){
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
349
    fprintf(stderr, "Attempting to use OpenPGP certificate %s"
37 by Teddy Hogeborn
Non-tested commit for merge purposes.
350
	    " and keyfile %s as GnuTLS credentials\n", pubkeyfile,
351
	    seckeyfile);
15.1.1 by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient
352
  }
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
353
  
13 by Björn Påhlsson
Added following support:
354
  ret = gnutls_certificate_set_openpgp_key_file
38 by Teddy Hogeborn
* plugbasedclient.c (main): New "--userid" and "--groupid" options.
355
    (mc->cred, pubkeyfile, seckeyfile, GNUTLS_OPENPGP_FMT_BASE64);
13 by Björn Påhlsson
Added following support:
356
  if (ret != GNUTLS_E_SUCCESS) {
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
357
    fprintf(stderr,
358
	    "Error[%d] while reading the OpenPGP key pair ('%s',"
359
	    " '%s')\n", ret, pubkeyfile, seckeyfile);
360
    fprintf(stdout, "The GnuTLS error is: %s\n",
13 by Björn Påhlsson
Added following support:
361
	    safer_gnutls_strerror(ret));
24.1.20 by Björn Påhlsson
mandosclient
362
    goto globalfail;
13 by Björn Påhlsson
Added following support:
363
  }
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
364
  
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
365
  /* GnuTLS server initialization */
24.1.13 by Björn Påhlsson
mandosclient
366
  ret = gnutls_dh_params_init(&mc->dh_params);
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
367
  if (ret != GNUTLS_E_SUCCESS) {
368
    fprintf (stderr, "Error in GnuTLS DH parameter initialization:"
369
	     " %s\n", safer_gnutls_strerror(ret));
24.1.20 by Björn Påhlsson
mandosclient
370
    goto globalfail;
13 by Björn Påhlsson
Added following support:
371
  }
24.1.13 by Björn Påhlsson
mandosclient
372
  ret = gnutls_dh_params_generate2(mc->dh_params, mc->dh_bits);
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
373
  if (ret != GNUTLS_E_SUCCESS) {
374
    fprintf (stderr, "Error in GnuTLS prime generation: %s\n",
13 by Björn Påhlsson
Added following support:
375
	     safer_gnutls_strerror(ret));
24.1.20 by Björn Påhlsson
mandosclient
376
    goto globalfail;
13 by Björn Påhlsson
Added following support:
377
  }
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
378
  
24.1.13 by Björn Påhlsson
mandosclient
379
  gnutls_certificate_set_dh_params(mc->cred, mc->dh_params);
380
381
  return 0;
24.1.20 by Björn Påhlsson
mandosclient
382
383
 globalfail:
384
24.1.26 by Björn Påhlsson
tally count of used symbols
385
  gnutls_certificate_free_credentials(mc->cred);
386
  gnutls_global_deinit();
24.1.20 by Björn Påhlsson
mandosclient
387
  return -1;
388
24.1.13 by Björn Påhlsson
mandosclient
389
}
390
42 by Teddy Hogeborn
* plugins.d/mandosclient.c (start_mandos_communication): Change "to"
391
static int init_gnutls_session(mandos_context *mc,
392
			       gnutls_session_t *session){
24.1.13 by Björn Påhlsson
mandosclient
393
  int ret;
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
394
  /* GnuTLS session creation */
395
  ret = gnutls_init(session, GNUTLS_SERVER);
396
  if (ret != GNUTLS_E_SUCCESS){
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
397
    fprintf(stderr, "Error in GnuTLS session initialization: %s\n",
13 by Björn Påhlsson
Added following support:
398
	    safer_gnutls_strerror(ret));
399
  }
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
400
  
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
401
  {
402
    const char *err;
403
    ret = gnutls_priority_set_direct(*session, mc->priority, &err);
404
    if (ret != GNUTLS_E_SUCCESS) {
405
      fprintf(stderr, "Syntax error at: %s\n", err);
406
      fprintf(stderr, "GnuTLS error: %s\n",
407
	      safer_gnutls_strerror(ret));
24.1.20 by Björn Påhlsson
mandosclient
408
      gnutls_deinit (*session);
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
409
      return -1;
410
    }
13 by Björn Påhlsson
Added following support:
411
  }
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
412
  
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
413
  ret = gnutls_credentials_set(*session, GNUTLS_CRD_CERTIFICATE,
414
			       mc->cred);
415
  if (ret != GNUTLS_E_SUCCESS) {
416
    fprintf(stderr, "Error setting GnuTLS credentials: %s\n",
13 by Björn Påhlsson
Added following support:
417
	    safer_gnutls_strerror(ret));
24.1.20 by Björn Påhlsson
mandosclient
418
    gnutls_deinit (*session);
13 by Björn Påhlsson
Added following support:
419
    return -1;
420
  }
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
421
  
13 by Björn Påhlsson
Added following support:
422
  /* ignore client certificate if any. */
38 by Teddy Hogeborn
* plugbasedclient.c (main): New "--userid" and "--groupid" options.
423
  gnutls_certificate_server_set_request (*session,
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
424
					 GNUTLS_CERT_IGNORE);
13 by Björn Påhlsson
Added following support:
425
  
38 by Teddy Hogeborn
* plugbasedclient.c (main): New "--userid" and "--groupid" options.
426
  gnutls_dh_set_prime_bits (*session, mc->dh_bits);
13 by Björn Påhlsson
Added following support:
427
  
428
  return 0;
429
}
430
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
431
/* Avahi log function callback */
36 by Teddy Hogeborn
* TODO: Converted to org-mode style
432
static void empty_log(__attribute__((unused)) AvahiLogLevel level,
433
		      __attribute__((unused)) const char *txt){}
13 by Björn Påhlsson
Added following support:
434
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
435
/* Called when a Mandos server is found */
36 by Teddy Hogeborn
* TODO: Converted to org-mode style
436
static int start_mandos_communication(const char *ip, uint16_t port,
24.1.9 by Björn Påhlsson
not working midwork...
437
				      AvahiIfIndex if_index,
438
				      mandos_context *mc){
13 by Björn Påhlsson
Added following support:
439
  int ret, tcp_sd;
42 by Teddy Hogeborn
* plugins.d/mandosclient.c (start_mandos_communication): Change "to"
440
  union { struct sockaddr in; struct sockaddr_in6 in6; } to;
13 by Björn Påhlsson
Added following support:
441
  char *buffer = NULL;
442
  char *decrypted_buffer;
443
  size_t buffer_length = 0;
444
  size_t buffer_capacity = 0;
445
  ssize_t decrypted_buffer_size;
24.1.10 by Björn Påhlsson
merge commit
446
  size_t written;
13 by Björn Påhlsson
Added following support:
447
  int retval = 0;
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
448
  char interface[IF_NAMESIZE];
38 by Teddy Hogeborn
* plugbasedclient.c (main): New "--userid" and "--groupid" options.
449
  gnutls_session_t session;
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
450
  
24.1.13 by Björn Påhlsson
mandosclient
451
  ret = init_gnutls_session (mc, &session);
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
452
  if (ret != 0){
453
    return -1;
454
  }
455
  
15.1.1 by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient
456
  if(debug){
60 by Teddy Hogeborn
* mandos-client.c (main): Cast pid_t to unsigned int before printing.
457
    fprintf(stderr, "Setting up a tcp connection to %s, port %" PRIu16
458
	    "\n", ip, port);
15.1.1 by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient
459
  }
13 by Björn Påhlsson
Added following support:
460
  
461
  tcp_sd = socket(PF_INET6, SOCK_STREAM, 0);
462
  if(tcp_sd < 0) {
463
    perror("socket");
464
    return -1;
465
  }
24.1.6 by Björn Påhlsson
plugbasedclient
466
467
  if(debug){
24.1.7 by Björn Påhlsson
merge
468
    if(if_indextoname((unsigned int)if_index, interface) == NULL){
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
469
      perror("if_indextoname");
24.1.6 by Björn Påhlsson
plugbasedclient
470
      return -1;
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
471
    }
15.1.1 by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient
472
    fprintf(stderr, "Binding to interface %s\n", interface);
473
  }
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
474
  
22 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Cast "0" argument to
475
  memset(&to,0,sizeof(to));	/* Spurious warning */
42 by Teddy Hogeborn
* plugins.d/mandosclient.c (start_mandos_communication): Change "to"
476
  to.in6.sin6_family = AF_INET6;
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
477
  /* It would be nice to have a way to detect if we were passed an
478
     IPv4 address here.   Now we assume an IPv6 address. */
42 by Teddy Hogeborn
* plugins.d/mandosclient.c (start_mandos_communication): Change "to"
479
  ret = inet_pton(AF_INET6, ip, &to.in6.sin6_addr);
13 by Björn Påhlsson
Added following support:
480
  if (ret < 0 ){
481
    perror("inet_pton");
482
    return -1;
38 by Teddy Hogeborn
* plugbasedclient.c (main): New "--userid" and "--groupid" options.
483
  }
13 by Björn Påhlsson
Added following support:
484
  if(ret == 0){
485
    fprintf(stderr, "Bad address: %s\n", ip);
486
    return -1;
487
  }
65 by Teddy Hogeborn
* plugins.d/password-request.c (main): Bug fix: Bring up network
488
  to.in6.sin6_port = htons(port); /* Spurious warning */
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
489
  
42 by Teddy Hogeborn
* plugins.d/mandosclient.c (start_mandos_communication): Change "to"
490
  to.in6.sin6_scope_id = (uint32_t)if_index;
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
491
  
15.1.1 by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient
492
  if(debug){
60 by Teddy Hogeborn
* mandos-client.c (main): Cast pid_t to unsigned int before printing.
493
    fprintf(stderr, "Connection to: %s, port %" PRIu16 "\n", ip,
494
	    port);
37 by Teddy Hogeborn
Non-tested commit for merge purposes.
495
    char addrstr[INET6_ADDRSTRLEN] = "";
42 by Teddy Hogeborn
* plugins.d/mandosclient.c (start_mandos_communication): Change "to"
496
    if(inet_ntop(to.in6.sin6_family, &(to.in6.sin6_addr), addrstr,
37 by Teddy Hogeborn
Non-tested commit for merge purposes.
497
		 sizeof(addrstr)) == NULL){
498
      perror("inet_ntop");
499
    } else {
500
      if(strcmp(addrstr, ip) != 0){
38 by Teddy Hogeborn
* plugbasedclient.c (main): New "--userid" and "--groupid" options.
501
	fprintf(stderr, "Canonical address form: %s\n", addrstr);
37 by Teddy Hogeborn
Non-tested commit for merge purposes.
502
      }
503
    }
15.1.1 by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient
504
  }
13 by Björn Påhlsson
Added following support:
505
  
42 by Teddy Hogeborn
* plugins.d/mandosclient.c (start_mandos_communication): Change "to"
506
  ret = connect(tcp_sd, &to.in, sizeof(to));
13 by Björn Påhlsson
Added following support:
507
  if (ret < 0){
508
    perror("connect");
509
    return -1;
510
  }
24.1.10 by Björn Påhlsson
merge commit
511
24.1.12 by Björn Påhlsson
merge +
512
  const char *out = mandos_protocol_version;
24.1.10 by Björn Påhlsson
merge commit
513
  written = 0;
514
  while (true){
515
    size_t out_size = strlen(out);
516
    ret = TEMP_FAILURE_RETRY(write(tcp_sd, out + written,
517
				   out_size - written));
518
    if (ret == -1){
519
      perror("write");
520
      retval = -1;
24.1.12 by Björn Påhlsson
merge +
521
      goto mandos_end;
24.1.10 by Björn Påhlsson
merge commit
522
    }
24.1.12 by Björn Påhlsson
merge +
523
    written += (size_t)ret;
24.1.10 by Björn Påhlsson
merge commit
524
    if(written < out_size){
525
      continue;
526
    } else {
527
      if (out == mandos_protocol_version){
528
	written = 0;
529
	out = "\r\n";
530
      } else {
531
	break;
532
      }
533
    }
534
  }
535
 
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
536
  if(debug){
537
    fprintf(stderr, "Establishing TLS session with %s\n", ip);
15.1.1 by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient
538
  }
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
539
  
38 by Teddy Hogeborn
* plugbasedclient.c (main): New "--userid" and "--groupid" options.
540
  gnutls_transport_set_ptr (session, (gnutls_transport_ptr_t) tcp_sd);
24.1.29 by Björn Påhlsson
Added more header file comments
541
542
  do{
543
    ret = gnutls_handshake (session);
544
  } while(ret == GNUTLS_E_AGAIN or ret == GNUTLS_E_INTERRUPTED);
13 by Björn Påhlsson
Added following support:
545
  
546
  if (ret != GNUTLS_E_SUCCESS){
25 by Teddy Hogeborn
* mandos-clients.conf ([DEFAULT]): New section.
547
    if(debug){
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
548
      fprintf(stderr, "*** GnuTLS Handshake failed ***\n");
25 by Teddy Hogeborn
* mandos-clients.conf ([DEFAULT]): New section.
549
      gnutls_perror (ret);
550
    }
13 by Björn Påhlsson
Added following support:
551
    retval = -1;
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
552
    goto mandos_end;
13 by Björn Påhlsson
Added following support:
553
  }
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
554
  
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
555
  /* Read OpenPGP packet that contains the wanted password */
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
556
  
15.1.1 by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient
557
  if(debug){
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
558
    fprintf(stderr, "Retrieving pgp encrypted password from %s\n",
559
	    ip);
15.1.1 by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient
560
  }
561
13 by Björn Påhlsson
Added following support:
562
  while(true){
42 by Teddy Hogeborn
* plugins.d/mandosclient.c (start_mandos_communication): Change "to"
563
    buffer_capacity = adjustbuffer(&buffer, buffer_length,
564
				   buffer_capacity);
24.1.10 by Björn Påhlsson
merge commit
565
    if (buffer_capacity == 0){
566
      perror("adjustbuffer");
567
      retval = -1;
24.1.12 by Björn Påhlsson
merge +
568
      goto mandos_end;
13 by Björn Påhlsson
Added following support:
569
    }
570
    
38 by Teddy Hogeborn
* plugbasedclient.c (main): New "--userid" and "--groupid" options.
571
    ret = gnutls_record_recv(session, buffer+buffer_length,
572
			     BUFFER_SIZE);
13 by Björn Påhlsson
Added following support:
573
    if (ret == 0){
574
      break;
575
    }
576
    if (ret < 0){
577
      switch(ret){
578
      case GNUTLS_E_INTERRUPTED:
579
      case GNUTLS_E_AGAIN:
580
	break;
581
      case GNUTLS_E_REHANDSHAKE:
24.1.29 by Björn Påhlsson
Added more header file comments
582
	do{
583
	  ret = gnutls_handshake (session);
584
	} while(ret == GNUTLS_E_AGAIN or ret == GNUTLS_E_INTERRUPTED);
13 by Björn Påhlsson
Added following support:
585
	if (ret < 0){
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
586
	  fprintf(stderr, "*** GnuTLS Re-handshake failed ***\n");
13 by Björn Påhlsson
Added following support:
587
	  gnutls_perror (ret);
588
	  retval = -1;
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
589
	  goto mandos_end;
13 by Björn Påhlsson
Added following support:
590
	}
591
	break;
592
      default:
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
593
	fprintf(stderr, "Unknown error while reading data from"
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
594
		" encrypted session with Mandos server\n");
13 by Björn Påhlsson
Added following support:
595
	retval = -1;
38 by Teddy Hogeborn
* plugbasedclient.c (main): New "--userid" and "--groupid" options.
596
	gnutls_bye (session, GNUTLS_SHUT_RDWR);
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
597
	goto mandos_end;
13 by Björn Påhlsson
Added following support:
598
      }
599
    } else {
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
600
      buffer_length += (size_t) ret;
13 by Björn Påhlsson
Added following support:
601
    }
602
  }
15.1.1 by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient
603
  
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
604
  if(debug){
605
    fprintf(stderr, "Closing TLS session\n");
606
  }
607
  
608
  gnutls_bye (session, GNUTLS_SHUT_RDWR);
609
  
13 by Björn Påhlsson
Added following support:
610
  if (buffer_length > 0){
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
611
    decrypted_buffer_size = pgp_packet_decrypt(buffer,
612
					       buffer_length,
613
					       &decrypted_buffer,
37 by Teddy Hogeborn
Non-tested commit for merge purposes.
614
					       keydir);
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
615
    if (decrypted_buffer_size >= 0){
24.1.10 by Björn Påhlsson
merge commit
616
      written = 0;
28 by Teddy Hogeborn
* server.conf: New file.
617
      while(written < (size_t) decrypted_buffer_size){
22 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Cast "0" argument to
618
	ret = (int)fwrite (decrypted_buffer + written, 1,
619
			   (size_t)decrypted_buffer_size - written,
620
			   stdout);
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
621
	if(ret == 0 and ferror(stdout)){
622
	  if(debug){
623
	    fprintf(stderr, "Error writing encrypted data: %s\n",
624
		    strerror(errno));
625
	  }
626
	  retval = -1;
627
	  break;
628
	}
22 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Cast "0" argument to
629
	written += (size_t)ret;
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
630
      }
13 by Björn Påhlsson
Added following support:
631
      free(decrypted_buffer);
15.1.1 by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient
632
    } else {
633
      retval = -1;
13 by Björn Påhlsson
Added following support:
634
    }
635
  }
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
636
  
637
  /* Shutdown procedure */
638
  
639
 mandos_end:
13 by Björn Påhlsson
Added following support:
640
  free(buffer);
641
  close(tcp_sd);
38 by Teddy Hogeborn
* plugbasedclient.c (main): New "--userid" and "--groupid" options.
642
  gnutls_deinit (session);
13 by Björn Påhlsson
Added following support:
643
  return retval;
644
}
645
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
646
static void resolve_callback(AvahiSServiceResolver *r,
647
			     AvahiIfIndex interface,
648
			     AVAHI_GCC_UNUSED AvahiProtocol protocol,
649
			     AvahiResolverEvent event,
650
			     const char *name,
651
			     const char *type,
652
			     const char *domain,
653
			     const char *host_name,
654
			     const AvahiAddress *address,
655
			     uint16_t port,
656
			     AVAHI_GCC_UNUSED AvahiStringList *txt,
657
			     AVAHI_GCC_UNUSED AvahiLookupResultFlags
658
			     flags,
659
			     void* userdata) {
24.1.9 by Björn Påhlsson
not working midwork...
660
  mandos_context *mc = userdata;
22 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Cast "0" argument to
661
  assert(r);			/* Spurious warning */
662
  
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
663
  /* Called whenever a service has been resolved successfully or
664
     timed out */
22 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Cast "0" argument to
665
  
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
666
  switch (event) {
667
  default:
668
  case AVAHI_RESOLVER_FAILURE:
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
669
    fprintf(stderr, "(Avahi Resolver) Failed to resolve service '%s'"
670
	    " of type '%s' in domain '%s': %s\n", name, type, domain,
24.1.9 by Björn Påhlsson
not working midwork...
671
	    avahi_strerror(avahi_server_errno(mc->server)));
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
672
    break;
22 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Cast "0" argument to
673
    
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
674
  case AVAHI_RESOLVER_FOUND:
675
    {
676
      char ip[AVAHI_ADDRESS_STR_MAX];
677
      avahi_address_snprint(ip, sizeof(ip), address);
678
      if(debug){
60 by Teddy Hogeborn
* mandos-client.c (main): Cast pid_t to unsigned int before printing.
679
	fprintf(stderr, "Mandos server \"%s\" found on %s (%s, %"
680
		PRIu16 ") on port %d\n", name, host_name, ip,
681
		interface, port);
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
682
      }
24.1.9 by Björn Påhlsson
not working midwork...
683
      int ret = start_mandos_communication(ip, port, interface, mc);
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
684
      if (ret == 0){
685
	exit(EXIT_SUCCESS);
686
      }
13 by Björn Påhlsson
Added following support:
687
    }
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
688
  }
689
  avahi_s_service_resolver_free(r);
13 by Björn Påhlsson
Added following support:
690
}
691
24.1.9 by Björn Påhlsson
not working midwork...
692
static void browse_callback( AvahiSServiceBrowser *b,
693
			     AvahiIfIndex interface,
694
			     AvahiProtocol protocol,
695
			     AvahiBrowserEvent event,
696
			     const char *name,
697
			     const char *type,
698
			     const char *domain,
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
699
			     AVAHI_GCC_UNUSED AvahiLookupResultFlags
700
			     flags,
24.1.9 by Björn Påhlsson
not working midwork...
701
			     void* userdata) {
702
  mandos_context *mc = userdata;
703
  assert(b);			/* Spurious warning */
704
  
705
  /* Called whenever a new services becomes available on the LAN or
706
     is removed from the LAN */
707
  
708
  switch (event) {
709
  default:
710
  case AVAHI_BROWSER_FAILURE:
38 by Teddy Hogeborn
* plugbasedclient.c (main): New "--userid" and "--groupid" options.
711
    
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
712
    fprintf(stderr, "(Avahi browser) %s\n",
24.1.9 by Björn Påhlsson
not working midwork...
713
	    avahi_strerror(avahi_server_errno(mc->server)));
714
    avahi_simple_poll_quit(mc->simple_poll);
715
    return;
38 by Teddy Hogeborn
* plugbasedclient.c (main): New "--userid" and "--groupid" options.
716
    
24.1.9 by Björn Påhlsson
not working midwork...
717
  case AVAHI_BROWSER_NEW:
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
718
    /* We ignore the returned Avahi resolver object. In the callback
719
       function we free it. If the Avahi server is terminated before
720
       the callback function is called the Avahi server will free the
721
       resolver for us. */
38 by Teddy Hogeborn
* plugbasedclient.c (main): New "--userid" and "--groupid" options.
722
    
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
723
    if (!(avahi_s_service_resolver_new(mc->server, interface,
724
				       protocol, name, type, domain,
24.1.9 by Björn Påhlsson
not working midwork...
725
				       AVAHI_PROTO_INET6, 0,
726
				       resolve_callback, mc)))
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
727
      fprintf(stderr, "Avahi: Failed to resolve service '%s': %s\n",
728
	      name, avahi_strerror(avahi_server_errno(mc->server)));
24.1.9 by Björn Påhlsson
not working midwork...
729
    break;
38 by Teddy Hogeborn
* plugbasedclient.c (main): New "--userid" and "--groupid" options.
730
    
24.1.9 by Björn Påhlsson
not working midwork...
731
  case AVAHI_BROWSER_REMOVE:
732
    break;
38 by Teddy Hogeborn
* plugbasedclient.c (main): New "--userid" and "--groupid" options.
733
    
24.1.9 by Björn Påhlsson
not working midwork...
734
  case AVAHI_BROWSER_ALL_FOR_NOW:
735
  case AVAHI_BROWSER_CACHE_EXHAUSTED:
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
736
    if(debug){
737
      fprintf(stderr, "No Mandos server found, still searching...\n");
738
    }
24.1.9 by Björn Påhlsson
not working midwork...
739
    break;
740
  }
13 by Björn Påhlsson
Added following support:
741
}
742
36 by Teddy Hogeborn
* TODO: Converted to org-mode style
743
/* Combines file name and path and returns the malloced new
744
   string. some sane checks could/should be added */
745
static const char *combinepath(const char *first, const char *second){
746
  size_t f_len = strlen(first);
747
  size_t s_len = strlen(second);
748
  char *tmp = malloc(f_len + s_len + 2);
24.1.4 by Björn Påhlsson
Added optional parameters certdir, certkey and certfile that can be iven at start in the command line.
749
  if (tmp == NULL){
750
    return NULL;
751
  }
36 by Teddy Hogeborn
* TODO: Converted to org-mode style
752
  if(f_len > 0){
38 by Teddy Hogeborn
* plugbasedclient.c (main): New "--userid" and "--groupid" options.
753
    memcpy(tmp, first, f_len);	/* Spurious warning */
36 by Teddy Hogeborn
* TODO: Converted to org-mode style
754
  }
755
  tmp[f_len] = '/';
756
  if(s_len > 0){
38 by Teddy Hogeborn
* plugbasedclient.c (main): New "--userid" and "--groupid" options.
757
    memcpy(tmp + f_len + 1, second, s_len); /* Spurious warning */
36 by Teddy Hogeborn
* TODO: Converted to org-mode style
758
  }
759
  tmp[f_len + 1 + s_len] = '\0';
24.1.4 by Björn Påhlsson
Added optional parameters certdir, certkey and certfile that can be iven at start in the command line.
760
  return tmp;
761
}
762
763
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
764
int main(int argc, char *argv[]){
13 by Björn Påhlsson
Added following support:
765
    AvahiSServiceBrowser *sb = NULL;
766
    int error;
15.1.3 by Björn Påhlsson
Added getopt_long support for mandosclient and passprompt
767
    int ret;
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
768
    int exitcode = EXIT_SUCCESS;
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
769
    const char *interface = "eth0";
24.1.6 by Björn Påhlsson
plugbasedclient
770
    struct ifreq network;
771
    int sd;
24.1.13 by Björn Påhlsson
mandosclient
772
    uid_t uid;
773
    gid_t gid;
24.1.7 by Björn Påhlsson
merge
774
    char *connect_to = NULL;
29 by Teddy Hogeborn
* plugins.d/mandosclient.c (start_mandos_communication): Changed
775
    AvahiIfIndex if_index = AVAHI_IF_UNSPEC;
24.1.14 by Björn Påhlsson
mandosclient
776
    const char *pubkeyfile = "pubkey.txt";
777
    const char *seckeyfile = "seckey.txt";
24.1.9 by Björn Påhlsson
not working midwork...
778
    mandos_context mc = { .simple_poll = NULL, .server = NULL,
38 by Teddy Hogeborn
* plugbasedclient.c (main): New "--userid" and "--groupid" options.
779
			  .dh_bits = 1024, .priority = "SECURE256"};
24.1.20 by Björn Påhlsson
mandosclient
780
    bool gnutls_initalized = false;
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
781
    
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
782
    {
24.1.14 by Björn Påhlsson
mandosclient
783
      struct argp_option options[] = {
784
	{ .name = "debug", .key = 128,
785
	  .doc = "Debug mode", .group = 3 },
786
	{ .name = "connect", .key = 'c',
787
	  .arg = "IP",
42 by Teddy Hogeborn
* plugins.d/mandosclient.c (start_mandos_communication): Change "to"
788
	  .doc = "Connect directly to a sepcified mandos server",
789
	  .group = 1 },
24.1.14 by Björn Påhlsson
mandosclient
790
	{ .name = "interface", .key = 'i',
791
	  .arg = "INTERFACE",
42 by Teddy Hogeborn
* plugins.d/mandosclient.c (start_mandos_communication): Change "to"
792
	  .doc = "Interface that Avahi will conntect through",
793
	  .group = 1 },
24.1.14 by Björn Påhlsson
mandosclient
794
	{ .name = "keydir", .key = 'd',
795
	  .arg = "KEYDIR",
42 by Teddy Hogeborn
* plugins.d/mandosclient.c (start_mandos_communication): Change "to"
796
	  .doc = "Directory where the openpgp keyring is",
797
	  .group = 1 },
24.1.14 by Björn Påhlsson
mandosclient
798
	{ .name = "seckey", .key = 's',
799
	  .arg = "SECKEY",
42 by Teddy Hogeborn
* plugins.d/mandosclient.c (start_mandos_communication): Change "to"
800
	  .doc = "Secret openpgp key for gnutls authentication",
801
	  .group = 1 },
24.1.14 by Björn Påhlsson
mandosclient
802
	{ .name = "pubkey", .key = 'p',
803
	  .arg = "PUBKEY",
42 by Teddy Hogeborn
* plugins.d/mandosclient.c (start_mandos_communication): Change "to"
804
	  .doc = "Public openpgp key for gnutls authentication",
805
	  .group = 2 },
24.1.14 by Björn Påhlsson
mandosclient
806
	{ .name = "dh-bits", .key = 129,
807
	  .arg = "BITS",
42 by Teddy Hogeborn
* plugins.d/mandosclient.c (start_mandos_communication): Change "to"
808
	  .doc = "dh-bits to use in gnutls communication",
809
	  .group = 2 },
24.1.14 by Björn Påhlsson
mandosclient
810
	{ .name = "priority", .key = 130,
811
	  .arg = "PRIORITY",
812
	  .doc = "GNUTLS priority", .group = 1 },
813
	{ .name = NULL }
814
      };
815
816
      
42 by Teddy Hogeborn
* plugins.d/mandosclient.c (start_mandos_communication): Change "to"
817
      error_t parse_opt (int key, char *arg,
818
			 struct argp_state *state) {
819
	/* Get the INPUT argument from `argp_parse', which we know is
820
	   a pointer to our plugin list pointer. */
24.1.14 by Björn Påhlsson
mandosclient
821
	switch (key) {
822
	case 128:
823
	  debug = true;
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
824
	  break;
24.1.14 by Björn Påhlsson
mandosclient
825
	case 'c':
826
	  connect_to = arg;
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
827
	  break;
828
	case 'i':
24.1.14 by Björn Påhlsson
mandosclient
829
	  interface = arg;
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
830
	  break;
831
	case 'd':
24.1.14 by Björn Påhlsson
mandosclient
832
	  keydir = arg;
833
	  break;
834
	case 's':
835
	  seckeyfile = arg;
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
836
	  break;
837
	case 'p':
24.1.14 by Björn Påhlsson
mandosclient
838
	  pubkeyfile = arg;
839
	  break;
840
	case 129:
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
841
	  errno = 0;
24.1.14 by Björn Påhlsson
mandosclient
842
	  mc.dh_bits = (unsigned int) strtol(arg, NULL, 10);
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
843
	  if (errno){
844
	    perror("strtol");
845
	    exit(EXIT_FAILURE);
846
	  }
847
	  break;
24.1.14 by Björn Påhlsson
mandosclient
848
	case 130:
849
	  mc.priority = arg;
850
	  break;
851
	case ARGP_KEY_ARG:
852
	  argp_usage (state);
853
	  break;
854
	  case ARGP_KEY_END:
855
	    break;
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
856
	default:
24.1.14 by Björn Påhlsson
mandosclient
857
	  return ARGP_ERR_UNKNOWN;
24.1.9 by Björn Påhlsson
not working midwork...
858
	}
24.1.14 by Björn Påhlsson
mandosclient
859
	return 0;
15.1.3 by Björn Påhlsson
Added getopt_long support for mandosclient and passprompt
860
      }
24.1.14 by Björn Påhlsson
mandosclient
861
862
      struct argp argp = { .options = options, .parser = parse_opt,
863
			   .args_doc = "",
42 by Teddy Hogeborn
* plugins.d/mandosclient.c (start_mandos_communication): Change "to"
864
			   .doc = "Mandos client -- Get and decrypt"
865
			   " passwords from mandos server" };
24.1.29 by Björn Påhlsson
Added more header file comments
866
      ret = argp_parse (&argp, argc, argv, 0, 0, NULL);
867
      if (ret == ARGP_ERR_UNKNOWN){
24.1.43 by Björn Påhlsson
merge
868
	fprintf(stderr, "Unknown error while parsing arguments\n");
24.1.29 by Björn Påhlsson
Added more header file comments
869
	exitcode = EXIT_FAILURE;
870
	goto end;
871
      }
15.1.3 by Björn Påhlsson
Added getopt_long support for mandosclient and passprompt
872
    }
24.1.14 by Björn Påhlsson
mandosclient
873
      
37 by Teddy Hogeborn
Non-tested commit for merge purposes.
874
    pubkeyfile = combinepath(keydir, pubkeyfile);
875
    if (pubkeyfile == NULL){
36 by Teddy Hogeborn
* TODO: Converted to org-mode style
876
      perror("combinepath");
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
877
      exitcode = EXIT_FAILURE;
878
      goto end;
24.1.4 by Björn Påhlsson
Added optional parameters certdir, certkey and certfile that can be iven at start in the command line.
879
    }
38 by Teddy Hogeborn
* plugbasedclient.c (main): New "--userid" and "--groupid" options.
880
    
881
    seckeyfile = combinepath(keydir, seckeyfile);
882
    if (seckeyfile == NULL){
24.1.7 by Björn Påhlsson
merge
883
      perror("combinepath");
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
884
      goto end;
24.1.6 by Björn Påhlsson
plugbasedclient
885
    }
24.1.13 by Björn Påhlsson
mandosclient
886
24.1.14 by Björn Påhlsson
mandosclient
887
    ret = init_gnutls_global(&mc, pubkeyfile, seckeyfile);
24.1.13 by Björn Påhlsson
mandosclient
888
    if (ret == -1){
889
      fprintf(stderr, "init_gnutls_global\n");
890
      goto end;
24.1.20 by Björn Påhlsson
mandosclient
891
    } else {
892
      gnutls_initalized = true;
24.1.13 by Björn Påhlsson
mandosclient
893
    }
65 by Teddy Hogeborn
* plugins.d/password-request.c (main): Bug fix: Bring up network
894
    
895
    /* If the interface is down, bring it up */
896
    {
897
      sd = socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP);
898
      if(sd < 0) {
899
	perror("socket");
900
	exitcode = EXIT_FAILURE;
901
	goto end;
902
      }
903
      strcpy(network.ifr_name, interface); /* Spurious warning */
904
      ret = ioctl(sd, SIOCGIFFLAGS, &network);
905
      if(ret == -1){
906
	perror("ioctl SIOCGIFFLAGS");
907
	exitcode = EXIT_FAILURE;
908
	goto end;
909
      }
910
      if((network.ifr_flags & IFF_UP) == 0){
911
	network.ifr_flags |= IFF_UP;
912
	ret = ioctl(sd, SIOCSIFFLAGS, &network);
913
	if(ret == -1){
914
	  perror("ioctl SIOCSIFFLAGS");
915
	  exitcode = EXIT_FAILURE;
916
	  goto end;
917
	}
918
      }
919
      close(sd);
920
    }
921
    
24.1.13 by Björn Påhlsson
mandosclient
922
    uid = getuid();
923
    gid = getgid();
65 by Teddy Hogeborn
* plugins.d/password-request.c (main): Bug fix: Bring up network
924
    
24.1.13 by Björn Påhlsson
mandosclient
925
    ret = setuid(uid);
926
    if (ret == -1){
927
      perror("setuid");
928
    }
929
    
930
    setgid(gid);
931
    if (ret == -1){
932
      perror("setgid");
933
    }
15.1.3 by Björn Påhlsson
Added getopt_long support for mandosclient and passprompt
934
    
24.1.7 by Björn Påhlsson
merge
935
    if_index = (AvahiIfIndex) if_nametoindex(interface);
936
    if(if_index == 0){
937
      fprintf(stderr, "No such interface: \"%s\"\n", interface);
938
      exit(EXIT_FAILURE);
28 by Teddy Hogeborn
* server.conf: New file.
939
    }
940
    
941
    if(connect_to != NULL){
942
      /* Connect directly, do not use Zeroconf */
943
      /* (Mainly meant for debugging) */
944
      char *address = strrchr(connect_to, ':');
945
      if(address == NULL){
946
        fprintf(stderr, "No colon in address\n");
24.1.13 by Björn Påhlsson
mandosclient
947
	exitcode = EXIT_FAILURE;
948
	goto end;
28 by Teddy Hogeborn
* server.conf: New file.
949
      }
950
      errno = 0;
951
      uint16_t port = (uint16_t) strtol(address+1, NULL, 10);
952
      if(errno){
953
	perror("Bad port number");
24.1.13 by Björn Påhlsson
mandosclient
954
	exitcode = EXIT_FAILURE;
955
	goto end;
28 by Teddy Hogeborn
* server.conf: New file.
956
      }
957
      *address = '\0';
958
      address = connect_to;
38 by Teddy Hogeborn
* plugbasedclient.c (main): New "--userid" and "--groupid" options.
959
      ret = start_mandos_communication(address, port, if_index, &mc);
28 by Teddy Hogeborn
* server.conf: New file.
960
      if(ret < 0){
24.1.13 by Björn Påhlsson
mandosclient
961
	exitcode = EXIT_FAILURE;
28 by Teddy Hogeborn
* server.conf: New file.
962
      } else {
24.1.13 by Björn Påhlsson
mandosclient
963
	exitcode = EXIT_SUCCESS;
28 by Teddy Hogeborn
* server.conf: New file.
964
      }
24.1.13 by Björn Påhlsson
mandosclient
965
      goto end;
28 by Teddy Hogeborn
* server.conf: New file.
966
    }
967
    
15.1.1 by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient
968
    if (not debug){
969
      avahi_set_log_function(empty_log);
970
    }
13 by Björn Påhlsson
Added following support:
971
    
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
972
    /* Initialize the pseudo-RNG for Avahi */
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
973
    srand((unsigned int) time(NULL));
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
974
    
975
    /* Allocate main Avahi loop object */
976
    mc.simple_poll = avahi_simple_poll_new();
977
    if (mc.simple_poll == NULL) {
978
        fprintf(stderr, "Avahi: Failed to create simple poll"
979
		" object.\n");
980
	exitcode = EXIT_FAILURE;
981
        goto end;
982
    }
983
984
    {
985
      AvahiServerConfig config;
986
      /* Do not publish any local Zeroconf records */
987
      avahi_server_config_init(&config);
988
      config.publish_hinfo = 0;
989
      config.publish_addresses = 0;
990
      config.publish_workstation = 0;
991
      config.publish_domain = 0;
992
993
      /* Allocate a new server */
994
      mc.server = avahi_server_new(avahi_simple_poll_get
995
				   (mc.simple_poll), &config, NULL,
996
				   NULL, &error);
997
    
998
      /* Free the Avahi configuration data */
999
      avahi_server_config_free(&config);
1000
    }
1001
    
1002
    /* Check if creating the Avahi server object succeeded */
1003
    if (mc.server == NULL) {
1004
        fprintf(stderr, "Failed to create Avahi server: %s\n",
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
1005
		avahi_strerror(error));
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
1006
	exitcode = EXIT_FAILURE;
1007
        goto end;
13 by Björn Påhlsson
Added following support:
1008
    }
1009
    
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
1010
    /* Create the Avahi service browser */
24.1.9 by Björn Påhlsson
not working midwork...
1011
    sb = avahi_s_service_browser_new(mc.server, if_index,
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
1012
				     AVAHI_PROTO_INET6,
1013
				     "_mandos._tcp", NULL, 0,
24.1.9 by Björn Påhlsson
not working midwork...
1014
				     browse_callback, &mc);
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
1015
    if (sb == NULL) {
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
1016
        fprintf(stderr, "Failed to create service browser: %s\n",
24.1.9 by Björn Påhlsson
not working midwork...
1017
		avahi_strerror(avahi_server_errno(mc.server)));
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
1018
	exitcode = EXIT_FAILURE;
1019
        goto end;
13 by Björn Påhlsson
Added following support:
1020
    }
1021
    
1022
    /* Run the main loop */
15.1.1 by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient
1023
1024
    if (debug){
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
1025
      fprintf(stderr, "Starting Avahi loop search\n");
15.1.1 by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient
1026
    }
1027
    
38 by Teddy Hogeborn
* plugbasedclient.c (main): New "--userid" and "--groupid" options.
1028
    avahi_simple_poll_loop(mc.simple_poll);
13 by Björn Påhlsson
Added following support:
1029
    
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
1030
 end:
15.1.1 by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient
1031
1032
    if (debug){
1033
      fprintf(stderr, "%s exiting\n", argv[0]);
1034
    }
13 by Björn Påhlsson
Added following support:
1035
    
1036
    /* Cleanup things */
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
1037
    if (sb != NULL)
13 by Björn Påhlsson
Added following support:
1038
        avahi_s_service_browser_free(sb);
1039
    
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
1040
    if (mc.server != NULL)
24.1.9 by Björn Påhlsson
not working midwork...
1041
        avahi_server_free(mc.server);
13 by Björn Påhlsson
Added following support:
1042
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
1043
    if (mc.simple_poll != NULL)
38 by Teddy Hogeborn
* plugbasedclient.c (main): New "--userid" and "--groupid" options.
1044
        avahi_simple_poll_free(mc.simple_poll);
37 by Teddy Hogeborn
Non-tested commit for merge purposes.
1045
    free(pubkeyfile);
1046
    free(seckeyfile);
24.1.20 by Björn Påhlsson
mandosclient
1047
1048
    if (gnutls_initalized){
24.1.29 by Björn Påhlsson
Added more header file comments
1049
      gnutls_certificate_free_credentials(mc.cred);
24.1.20 by Björn Påhlsson
mandosclient
1050
      gnutls_global_deinit ();
1051
    }
24.1.5 by Björn Påhlsson
plugbasedclient:
1052
    
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
1053
    return exitcode;
13 by Björn Påhlsson
Added following support:
1054
}