To get this branch, use:
bzr branch
http://bzr.recompile.se/loggerhead/mandos/release
« back to all changes in this revision
Viewing changes to plugins.d/mandosclient.c
- browse files at revision 1
- compare with another revision
- download diff
- download tarball
- view history from revision 1
- Committer: Björn Påhlsson
- Date: 2007-10-20 21:38:25 UTC
- Revision ID: belorn@tower-20071020213825-abf6f0d1c33ee961
First working version with: IPv6, GnuTLS, X.509 certificates, DN
retrieval.
retrieval.
- files added:
- bad-ca.pem
- files removed:
- TODO
- plugins.d
- files modified:
- Makefile
added
removed
plugins.d/mandosclient.c
1
/* -*- coding: utf-8 -*- */
2
/*
3
* Mandos client - get and decrypt data from a Mandos server
4
*
5
* This program is partly derived from an example program for an Avahi
6
* service browser, downloaded from
7
* <http://avahi.org/browser/examples/core-browse-services.c>. This
8
* includes the following functions: "resolve_callback",
9
* "browse_callback", and parts of "main".
10
*
11
* Everything else is
12
* Copyright © 2007-2008 Teddy Hogeborn & Björn Påhlsson
13
*
14
* This program is free software: you can redistribute it and/or
15
* modify it under the terms of the GNU General Public License as
16
* published by the Free Software Foundation, either version 3 of the
17
* License, or (at your option) any later version.
18
*
19
* This program is distributed in the hope that it will be useful, but
20
* WITHOUT ANY WARRANTY; without even the implied warranty of
21
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
22
* General Public License for more details.
23
*
24
* You should have received a copy of the GNU General Public License
25
* along with this program. If not, see
26
* <http://www.gnu.org/licenses/>.
27
*
28
* Contact the authors at <mandos@fukt.bsnet.se>.
29
*/
30
31
/* Needed by GPGME, specifically gpgme_data_seek() */
32
#define _LARGEFILE_SOURCE
33
#define _FILE_OFFSET_BITS 64
34
35
#include <stdio.h>
36
#include <assert.h>
37
#include <stdlib.h>
38
#include <time.h>
39
#include <net/if.h> /* if_nametoindex */
40
#include <sys/ioctl.h> // ioctl, ifreq, SIOCGIFFLAGS, IFF_UP, SIOCSIFFLAGS
41
#include <net/if.h> // ioctl, ifreq, SIOCGIFFLAGS, IFF_UP, SIOCSIFFLAGS
42
43
#include <avahi-core/core.h>
44
#include <avahi-core/lookup.h>
45
#include <avahi-core/log.h>
46
#include <avahi-common/simple-watch.h>
47
#include <avahi-common/malloc.h>
48
#include <avahi-common/error.h>
49
50
//mandos client part
51
#include <sys/types.h> /* socket(), inet_pton() */
52
#include <sys/socket.h> /* socket(), struct sockaddr_in6,
53
struct in6_addr, inet_pton() */
54
#include <gnutls/gnutls.h> /* All GnuTLS stuff */
55
#include <gnutls/openpgp.h> /* GnuTLS with openpgp stuff */
56
57
#include <unistd.h> /* close() */
58
#include <netinet/in.h>
59
#include <stdbool.h> /* true */
60
#include <string.h> /* memset */
61
#include <arpa/inet.h> /* inet_pton() */
62
#include <iso646.h> /* not */
63
64
// gpgme
65
#include <errno.h> /* perror() */
66
#include <gpgme.h>
67
68
// getopt long
69
#include <getopt.h>
70
71
#define BUFFER_SIZE 256
72
#define DH_BITS 1024
73
74
static const char *certdir = "/conf/conf.d/mandos";
75
static const char *certfile = "openpgp-client.txt";
76
static const char *certkey = "openpgp-client-key.txt";
77
78
bool debug = false;
79
80
typedef struct {
81
gnutls_session_t session;
82
gnutls_certificate_credentials_t cred;
83
gnutls_dh_params_t dh_params;
84
} encrypted_session;
85
86
87
static ssize_t pgp_packet_decrypt (char *packet, size_t packet_size,
88
char **new_packet,
89
const char *homedir){
90
gpgme_data_t dh_crypto, dh_plain;
91
gpgme_ctx_t ctx;
92
gpgme_error_t rc;
93
ssize_t ret;
94
ssize_t new_packet_capacity = 0;
95
ssize_t new_packet_length = 0;
96
gpgme_engine_info_t engine_info;
97
98
if (debug){
99
fprintf(stderr, "Trying to decrypt OpenPGP packet\n");
100
}
101
102
/* Init GPGME */
103
gpgme_check_version(NULL);
104
rc = gpgme_engine_check_version(GPGME_PROTOCOL_OpenPGP);
105
if (rc != GPG_ERR_NO_ERROR){
106
fprintf(stderr, "bad gpgme_engine_check_version: %s: %s\n",
107
gpgme_strsource(rc), gpgme_strerror(rc));
108
return -1;
109
}
110
111
/* Set GPGME home directory */
112
rc = gpgme_get_engine_info (&engine_info);
113
if (rc != GPG_ERR_NO_ERROR){
114
fprintf(stderr, "bad gpgme_get_engine_info: %s: %s\n",
115
gpgme_strsource(rc), gpgme_strerror(rc));
116
return -1;
117
}
118
while(engine_info != NULL){
119
if(engine_info->protocol == GPGME_PROTOCOL_OpenPGP){
120
gpgme_set_engine_info(GPGME_PROTOCOL_OpenPGP,
121
engine_info->file_name, homedir);
122
break;
123
}
124
engine_info = engine_info->next;
125
}
126
if(engine_info == NULL){
127
fprintf(stderr, "Could not set home dir to %s\n", homedir);
128
return -1;
129
}
130
131
/* Create new GPGME data buffer from packet buffer */
132
rc = gpgme_data_new_from_mem(&dh_crypto, packet, packet_size, 0);
133
if (rc != GPG_ERR_NO_ERROR){
134
fprintf(stderr, "bad gpgme_data_new_from_mem: %s: %s\n",
135
gpgme_strsource(rc), gpgme_strerror(rc));
136
return -1;
137
}
138
139
/* Create new empty GPGME data buffer for the plaintext */
140
rc = gpgme_data_new(&dh_plain);
141
if (rc != GPG_ERR_NO_ERROR){
142
fprintf(stderr, "bad gpgme_data_new: %s: %s\n",
143
gpgme_strsource(rc), gpgme_strerror(rc));
144
return -1;
145
}
146
147
/* Create new GPGME "context" */
148
rc = gpgme_new(&ctx);
149
if (rc != GPG_ERR_NO_ERROR){
150
fprintf(stderr, "bad gpgme_new: %s: %s\n",
151
gpgme_strsource(rc), gpgme_strerror(rc));
152
return -1;
153
}
154
155
/* Decrypt data from the FILE pointer to the plaintext data
156
buffer */
157
rc = gpgme_op_decrypt(ctx, dh_crypto, dh_plain);
158
if (rc != GPG_ERR_NO_ERROR){
159
fprintf(stderr, "bad gpgme_op_decrypt: %s: %s\n",
160
gpgme_strsource(rc), gpgme_strerror(rc));
161
return -1;
162
}
163
164
if(debug){
165
fprintf(stderr, "Decryption of OpenPGP packet succeeded\n");
166
}
167
168
if (debug){
169
gpgme_decrypt_result_t result;
170
result = gpgme_op_decrypt_result(ctx);
171
if (result == NULL){
172
fprintf(stderr, "gpgme_op_decrypt_result failed\n");
173
} else {
174
fprintf(stderr, "Unsupported algorithm: %s\n",
175
result->unsupported_algorithm);
176
fprintf(stderr, "Wrong key usage: %d\n",
177
result->wrong_key_usage);
178
if(result->file_name != NULL){
179
fprintf(stderr, "File name: %s\n", result->file_name);
180
}
181
gpgme_recipient_t recipient;
182
recipient = result->recipients;
183
if(recipient){
184
while(recipient != NULL){
185
fprintf(stderr, "Public key algorithm: %s\n",
186
gpgme_pubkey_algo_name(recipient->pubkey_algo));
187
fprintf(stderr, "Key ID: %s\n", recipient->keyid);
188
fprintf(stderr, "Secret key available: %s\n",
189
recipient->status == GPG_ERR_NO_SECKEY
190
? "No" : "Yes");
191
recipient = recipient->next;
192
}
193
}
194
}
195
}
196
197
/* Delete the GPGME FILE pointer cryptotext data buffer */
198
gpgme_data_release(dh_crypto);
199
200
/* Seek back to the beginning of the GPGME plaintext data buffer */
201
if (gpgme_data_seek(dh_plain, (off_t) 0, SEEK_SET) == -1){
202
perror("pgpme_data_seek");
203
}
204
205
*new_packet = 0;
206
while(true){
207
if (new_packet_length + BUFFER_SIZE > new_packet_capacity){
208
*new_packet = realloc(*new_packet,
209
(unsigned int)new_packet_capacity
210
+ BUFFER_SIZE);
211
if (*new_packet == NULL){
212
perror("realloc");
213
return -1;
214
}
215
new_packet_capacity += BUFFER_SIZE;
216
}
217
218
ret = gpgme_data_read(dh_plain, *new_packet + new_packet_length,
219
BUFFER_SIZE);
220
/* Print the data, if any */
221
if (ret == 0){
222
break;
223
}
224
if(ret < 0){
225
perror("gpgme_data_read");
226
return -1;
227
}
228
new_packet_length += ret;
229
}
230
231
/* FIXME: check characters before printing to screen so to not print
232
terminal control characters */
233
/* if(debug){ */
234
/* fprintf(stderr, "decrypted password is: "); */
235
/* fwrite(*new_packet, 1, new_packet_length, stderr); */
236
/* fprintf(stderr, "\n"); */
237
/* } */
238
239
/* Delete the GPGME plaintext data buffer */
240
gpgme_data_release(dh_plain);
241
return new_packet_length;
242
}
243
244
static const char * safer_gnutls_strerror (int value) {
245
const char *ret = gnutls_strerror (value);
246
if (ret == NULL)
247
ret = "(unknown)";
248
return ret;
249
}
250
251
static void debuggnutls(__attribute__((unused)) int level,
252
const char* string){
253
fprintf(stderr, "%s", string);
254
}
255
256
static int initgnutls(encrypted_session *es){
257
const char *err;
258
int ret;
259
260
if(debug){
261
fprintf(stderr, "Initializing GnuTLS\n");
262
}
263
264
if ((ret = gnutls_global_init ())
265
!= GNUTLS_E_SUCCESS) {
266
fprintf (stderr, "global_init: %s\n", safer_gnutls_strerror(ret));
267
return -1;
268
}
269
270
if (debug){
271
gnutls_global_set_log_level(11);
272
gnutls_global_set_log_function(debuggnutls);
273
}
274
275
/* openpgp credentials */
276
if ((ret = gnutls_certificate_allocate_credentials (&es->cred))
277
!= GNUTLS_E_SUCCESS) {
278
fprintf (stderr, "memory error: %s\n",
279
safer_gnutls_strerror(ret));
280
return -1;
281
}
282
283
if(debug){
284
fprintf(stderr, "Attempting to use OpenPGP certificate %s"
285
" and keyfile %s as GnuTLS credentials\n", certfile,
286
certkey);
287
}
288
289
ret = gnutls_certificate_set_openpgp_key_file
290
(es->cred, certfile, certkey, GNUTLS_OPENPGP_FMT_BASE64);
291
if (ret != GNUTLS_E_SUCCESS) {
292
fprintf
293
(stderr, "Error[%d] while reading the OpenPGP key pair ('%s',"
294
" '%s')\n",
295
ret, certfile, certkey);
296
fprintf(stdout, "The Error is: %s\n",
297
safer_gnutls_strerror(ret));
298
return -1;
299
}
300
301
//GnuTLS server initialization
302
if ((ret = gnutls_dh_params_init (&es->dh_params))
303
!= GNUTLS_E_SUCCESS) {
304
fprintf (stderr, "Error in dh parameter initialization: %s\n",
305
safer_gnutls_strerror(ret));
306
return -1;
307
}
308
309
if ((ret = gnutls_dh_params_generate2 (es->dh_params, DH_BITS))
310
!= GNUTLS_E_SUCCESS) {
311
fprintf (stderr, "Error in prime generation: %s\n",
312
safer_gnutls_strerror(ret));
313
return -1;
314
}
315
316
gnutls_certificate_set_dh_params (es->cred, es->dh_params);
317
318
// GnuTLS session creation
319
if ((ret = gnutls_init (&es->session, GNUTLS_SERVER))
320
!= GNUTLS_E_SUCCESS){
321
fprintf(stderr, "Error in GnuTLS session initialization: %s\n",
322
safer_gnutls_strerror(ret));
323
}
324
325
if ((ret = gnutls_priority_set_direct (es->session, "NORMAL", &err))
326
!= GNUTLS_E_SUCCESS) {
327
fprintf(stderr, "Syntax error at: %s\n", err);
328
fprintf(stderr, "GnuTLS error: %s\n",
329
safer_gnutls_strerror(ret));
330
return -1;
331
}
332
333
if ((ret = gnutls_credentials_set
334
(es->session, GNUTLS_CRD_CERTIFICATE, es->cred))
335
!= GNUTLS_E_SUCCESS) {
336
fprintf(stderr, "Error setting a credentials set: %s\n",
337
safer_gnutls_strerror(ret));
338
return -1;
339
}
340
341
/* ignore client certificate if any. */
342
gnutls_certificate_server_set_request (es->session,
343
GNUTLS_CERT_IGNORE);
344
345
gnutls_dh_set_prime_bits (es->session, DH_BITS);
346
347
return 0;
348
}
349
350
static void empty_log(__attribute__((unused)) AvahiLogLevel level,
351
__attribute__((unused)) const char *txt){}
352
353
static int start_mandos_communication(const char *ip, uint16_t port,
354
AvahiIfIndex if_index){
355
int ret, tcp_sd;
356
struct sockaddr_in6 to;
357
encrypted_session es;
358
char *buffer = NULL;
359
char *decrypted_buffer;
360
size_t buffer_length = 0;
361
size_t buffer_capacity = 0;
362
ssize_t decrypted_buffer_size;
363
size_t written = 0;
364
int retval = 0;
365
char interface[IF_NAMESIZE];
366
367
if(debug){
368
fprintf(stderr, "Setting up a tcp connection to %s, port %d\n",
369
ip, port);
370
}
371
372
tcp_sd = socket(PF_INET6, SOCK_STREAM, 0);
373
if(tcp_sd < 0) {
374
perror("socket");
375
return -1;
376
}
377
378
if(debug){
379
if(if_indextoname((unsigned int)if_index, interface) == NULL){
380
if(debug){
381
perror("if_indextoname");
382
}
383
return -1;
384
}
385
386
fprintf(stderr, "Binding to interface %s\n", interface);
387
}
388
389
memset(&to,0,sizeof(to)); /* Spurious warning */
390
to.sin6_family = AF_INET6;
391
ret = inet_pton(AF_INET6, ip, &to.sin6_addr);
392
if (ret < 0 ){
393
perror("inet_pton");
394
return -1;
395
}
396
if(ret == 0){
397
fprintf(stderr, "Bad address: %s\n", ip);
398
return -1;
399
}
400
to.sin6_port = htons(port); /* Spurious warning */
401
402
to.sin6_scope_id = (uint32_t)if_index;
403
404
if(debug){
405
fprintf(stderr, "Connection to: %s, port %d\n", ip, port);
406
/* char addrstr[INET6_ADDRSTRLEN]; */
407
/* if(inet_ntop(to.sin6_family, &(to.sin6_addr), addrstr, */
408
/* sizeof(addrstr)) == NULL){ */
409
/* perror("inet_ntop"); */
410
/* } else { */
411
/* fprintf(stderr, "Really connecting to: %s, port %d\n", */
412
/* addrstr, ntohs(to.sin6_port)); */
413
/* } */
414
}
415
416
ret = connect(tcp_sd, (struct sockaddr *) &to, sizeof(to));
417
if (ret < 0){
418
perror("connect");
419
return -1;
420
}
421
422
ret = initgnutls (&es);
423
if (ret != 0){
424
retval = -1;
425
return -1;
426
}
427
428
gnutls_transport_set_ptr (es.session,
429
(gnutls_transport_ptr_t) tcp_sd);
430
431
if(debug){
432
fprintf(stderr, "Establishing TLS session with %s\n", ip);
433
}
434
435
ret = gnutls_handshake (es.session);
436
437
if (ret != GNUTLS_E_SUCCESS){
438
if(debug){
439
fprintf(stderr, "\n*** Handshake failed ***\n");
440
gnutls_perror (ret);
441
}
442
retval = -1;
443
goto exit;
444
}
445
446
//Retrieve OpenPGP packet that contains the wanted password
447
448
if(debug){
449
fprintf(stderr, "Retrieving pgp encrypted password from %s\n",
450
ip);
451
}
452
453
while(true){
454
if (buffer_length + BUFFER_SIZE > buffer_capacity){
455
buffer = realloc(buffer, buffer_capacity + BUFFER_SIZE);
456
if (buffer == NULL){
457
perror("realloc");
458
goto exit;
459
}
460
buffer_capacity += BUFFER_SIZE;
461
}
462
463
ret = gnutls_record_recv
464
(es.session, buffer+buffer_length, BUFFER_SIZE);
465
if (ret == 0){
466
break;
467
}
468
if (ret < 0){
469
switch(ret){
470
case GNUTLS_E_INTERRUPTED:
471
case GNUTLS_E_AGAIN:
472
break;
473
case GNUTLS_E_REHANDSHAKE:
474
ret = gnutls_handshake (es.session);
475
if (ret < 0){
476
fprintf(stderr, "\n*** Handshake failed ***\n");
477
gnutls_perror (ret);
478
retval = -1;
479
goto exit;
480
}
481
break;
482
default:
483
fprintf(stderr, "Unknown error while reading data from"
484
" encrypted session with mandos server\n");
485
retval = -1;
486
gnutls_bye (es.session, GNUTLS_SHUT_RDWR);
487
goto exit;
488
}
489
} else {
490
buffer_length += (size_t) ret;
491
}
492
}
493
494
if (buffer_length > 0){
495
decrypted_buffer_size = pgp_packet_decrypt(buffer,
496
buffer_length,
497
&decrypted_buffer,
498
certdir);
499
if (decrypted_buffer_size >= 0){
500
while(written < (size_t) decrypted_buffer_size){
501
ret = (int)fwrite (decrypted_buffer + written, 1,
502
(size_t)decrypted_buffer_size - written,
503
stdout);
504
if(ret == 0 and ferror(stdout)){
505
if(debug){
506
fprintf(stderr, "Error writing encrypted data: %s\n",
507
strerror(errno));
508
}
509
retval = -1;
510
break;
511
}
512
written += (size_t)ret;
513
}
514
free(decrypted_buffer);
515
} else {
516
retval = -1;
517
}
518
}
519
520
//shutdown procedure
521
522
if(debug){
523
fprintf(stderr, "Closing TLS session\n");
524
}
525
526
free(buffer);
527
gnutls_bye (es.session, GNUTLS_SHUT_RDWR);
528
exit:
529
close(tcp_sd);
530
gnutls_deinit (es.session);
531
gnutls_certificate_free_credentials (es.cred);
532
gnutls_global_deinit ();
533
return retval;
534
}
535
536
static AvahiSimplePoll *simple_poll = NULL;
537
static AvahiServer *server = NULL;
538
539
static void resolve_callback(
540
AvahiSServiceResolver *r,
541
AvahiIfIndex interface,
542
AVAHI_GCC_UNUSED AvahiProtocol protocol,
543
AvahiResolverEvent event,
544
const char *name,
545
const char *type,
546
const char *domain,
547
const char *host_name,
548
const AvahiAddress *address,
549
uint16_t port,
550
AVAHI_GCC_UNUSED AvahiStringList *txt,
551
AVAHI_GCC_UNUSED AvahiLookupResultFlags flags,
552
AVAHI_GCC_UNUSED void* userdata) {
553
554
assert(r); /* Spurious warning */
555
556
/* Called whenever a service has been resolved successfully or
557
timed out */
558
559
switch (event) {
560
default:
561
case AVAHI_RESOLVER_FAILURE:
562
fprintf(stderr, "(Resolver) Failed to resolve service '%s' of"
563
" type '%s' in domain '%s': %s\n", name, type, domain,
564
avahi_strerror(avahi_server_errno(server)));
565
break;
566
567
case AVAHI_RESOLVER_FOUND:
568
{
569
char ip[AVAHI_ADDRESS_STR_MAX];
570
avahi_address_snprint(ip, sizeof(ip), address);
571
if(debug){
572
fprintf(stderr, "Mandos server \"%s\" found on %s (%s) on"
573
" port %d\n", name, host_name, ip, port);
574
}
575
int ret = start_mandos_communication(ip, port, interface);
576
if (ret == 0){
577
exit(EXIT_SUCCESS);
578
}
579
}
580
}
581
avahi_s_service_resolver_free(r);
582
}
583
584
static void browse_callback(
585
AvahiSServiceBrowser *b,
586
AvahiIfIndex interface,
587
AvahiProtocol protocol,
588
AvahiBrowserEvent event,
589
const char *name,
590
const char *type,
591
const char *domain,
592
AVAHI_GCC_UNUSED AvahiLookupResultFlags flags,
593
void* userdata) {
594
595
AvahiServer *s = userdata;
596
assert(b); /* Spurious warning */
597
598
/* Called whenever a new services becomes available on the LAN or
599
is removed from the LAN */
600
601
switch (event) {
602
default:
603
case AVAHI_BROWSER_FAILURE:
604
605
fprintf(stderr, "(Browser) %s\n",
606
avahi_strerror(avahi_server_errno(server)));
607
avahi_simple_poll_quit(simple_poll);
608
return;
609
610
case AVAHI_BROWSER_NEW:
611
/* We ignore the returned resolver object. In the callback
612
function we free it. If the server is terminated before
613
the callback function is called the server will free
614
the resolver for us. */
615
616
if (!(avahi_s_service_resolver_new(s, interface, protocol, name,
617
type, domain,
618
AVAHI_PROTO_INET6, 0,
619
resolve_callback, s)))
620
fprintf(stderr, "Failed to resolve service '%s': %s\n", name,
621
avahi_strerror(avahi_server_errno(s)));
622
break;
623
624
case AVAHI_BROWSER_REMOVE:
625
break;
626
627
case AVAHI_BROWSER_ALL_FOR_NOW:
628
case AVAHI_BROWSER_CACHE_EXHAUSTED:
629
break;
630
}
631
}
632
633
/* Combines file name and path and returns the malloced new
634
string. some sane checks could/should be added */
635
static const char *combinepath(const char *first, const char *second){
636
size_t f_len = strlen(first);
637
size_t s_len = strlen(second);
638
char *tmp = malloc(f_len + s_len + 2);
639
if (tmp == NULL){
640
return NULL;
641
}
642
if(f_len > 0){
643
memcpy(tmp, first, f_len);
644
}
645
tmp[f_len] = '/';
646
if(s_len > 0){
647
memcpy(tmp + f_len + 1, second, s_len);
648
}
649
tmp[f_len + 1 + s_len] = '\0';
650
return tmp;
651
}
652
653
654
int main(AVAHI_GCC_UNUSED int argc, AVAHI_GCC_UNUSED char*argv[]) {
655
AvahiServerConfig config;
656
AvahiSServiceBrowser *sb = NULL;
657
int error;
658
int ret;
659
int returncode = EXIT_SUCCESS;
660
const char *interface = "eth0";
661
struct ifreq network;
662
int sd;
663
char *connect_to = NULL;
664
AvahiIfIndex if_index = AVAHI_IF_UNSPEC;
665
666
while (true){
667
static struct option long_options[] = {
668
{"debug", no_argument, (int *)&debug, 1},
669
{"connect", required_argument, 0, 'C'},
670
{"interface", required_argument, 0, 'i'},
671
{"certdir", required_argument, 0, 'd'},
672
{"certkey", required_argument, 0, 'c'},
673
{"certfile", required_argument, 0, 'k'},
674
{0, 0, 0, 0} };
675
676
int option_index = 0;
677
ret = getopt_long (argc, argv, "i:", long_options,
678
&option_index);
679
680
if (ret == -1){
681
break;
682
}
683
684
switch(ret){
685
case 0:
686
break;
687
case 'i':
688
interface = optarg;
689
break;
690
case 'C':
691
connect_to = optarg;
692
break;
693
case 'd':
694
certdir = optarg;
695
break;
696
case 'c':
697
certfile = optarg;
698
break;
699
case 'k':
700
certkey = optarg;
701
break;
702
default:
703
exit(EXIT_FAILURE);
704
}
705
}
706
707
certfile = combinepath(certdir, certfile);
708
if (certfile == NULL){
709
perror("combinepath");
710
returncode = EXIT_FAILURE;
711
goto exit;
712
}
713
714
certkey = combinepath(certdir, certkey);
715
if (certkey == NULL){
716
perror("combinepath");
717
returncode = EXIT_FAILURE;
718
goto exit;
719
}
720
721
if_index = (AvahiIfIndex) if_nametoindex(interface);
722
if(if_index == 0){
723
fprintf(stderr, "No such interface: \"%s\"\n", interface);
724
exit(EXIT_FAILURE);
725
}
726
727
if(connect_to != NULL){
728
/* Connect directly, do not use Zeroconf */
729
/* (Mainly meant for debugging) */
730
char *address = strrchr(connect_to, ':');
731
if(address == NULL){
732
fprintf(stderr, "No colon in address\n");
733
exit(EXIT_FAILURE);
734
}
735
errno = 0;
736
uint16_t port = (uint16_t) strtol(address+1, NULL, 10);
737
if(errno){
738
perror("Bad port number");
739
exit(EXIT_FAILURE);
740
}
741
*address = '\0';
742
address = connect_to;
743
ret = start_mandos_communication(address, port, if_index);
744
if(ret < 0){
745
exit(EXIT_FAILURE);
746
} else {
747
exit(EXIT_SUCCESS);
748
}
749
}
750
751
sd = socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP);
752
if(sd < 0) {
753
perror("socket");
754
returncode = EXIT_FAILURE;
755
goto exit;
756
}
757
strcpy(network.ifr_name, interface);
758
ret = ioctl(sd, SIOCGIFFLAGS, &network);
759
if(ret == -1){
760
761
perror("ioctl SIOCGIFFLAGS");
762
returncode = EXIT_FAILURE;
763
goto exit;
764
}
765
if((network.ifr_flags & IFF_UP) == 0){
766
network.ifr_flags |= IFF_UP;
767
ret = ioctl(sd, SIOCSIFFLAGS, &network);
768
if(ret == -1){
769
perror("ioctl SIOCSIFFLAGS");
770
returncode = EXIT_FAILURE;
771
goto exit;
772
}
773
}
774
close(sd);
775
776
if (not debug){
777
avahi_set_log_function(empty_log);
778
}
779
780
/* Initialize the psuedo-RNG */
781
srand((unsigned int) time(NULL));
782
783
/* Allocate main loop object */
784
if (!(simple_poll = avahi_simple_poll_new())) {
785
fprintf(stderr, "Failed to create simple poll object.\n");
786
returncode = EXIT_FAILURE;
787
goto exit;
788
}
789
790
/* Do not publish any local records */
791
avahi_server_config_init(&config);
792
config.publish_hinfo = 0;
793
config.publish_addresses = 0;
794
config.publish_workstation = 0;
795
config.publish_domain = 0;
796
797
/* Allocate a new server */
798
server = avahi_server_new(avahi_simple_poll_get(simple_poll),
799
&config, NULL, NULL, &error);
800
801
/* Free the configuration data */
802
avahi_server_config_free(&config);
803
804
/* Check if creating the server object succeeded */
805
if (!server) {
806
fprintf(stderr, "Failed to create server: %s\n",
807
avahi_strerror(error));
808
returncode = EXIT_FAILURE;
809
goto exit;
810
}
811
812
/* Create the service browser */
813
sb = avahi_s_service_browser_new(server, if_index,
814
AVAHI_PROTO_INET6,
815
"_mandos._tcp", NULL, 0,
816
browse_callback, server);
817
if (!sb) {
818
fprintf(stderr, "Failed to create service browser: %s\n",
819
avahi_strerror(avahi_server_errno(server)));
820
returncode = EXIT_FAILURE;
821
goto exit;
822
}
823
824
/* Run the main loop */
825
826
if (debug){
827
fprintf(stderr, "Starting avahi loop search\n");
828
}
829
830
avahi_simple_poll_loop(simple_poll);
831
832
exit:
833
834
if (debug){
835
fprintf(stderr, "%s exiting\n", argv[0]);
836
}
837
838
/* Cleanup things */
839
if (sb)
840
avahi_s_service_browser_free(sb);
841
842
if (server)
843
avahi_server_free(server);
844
845
if (simple_poll)
846
avahi_simple_poll_free(simple_poll);
847
free(certfile);
848
free(certkey);
849
850
return returncode;
851
}
Loggerhead is a web-based interface for Breezy
Version: 2.0.2.dev0