To get this branch, use:
bzr branch
http://bzr.recompile.se/loggerhead/mandos/release
« back to all changes in this revision
Viewing changes to plugins.d/mandosclient.c
- browse files at revision 13
- compare with another revision
- download diff
- download tarball
- view history from revision 13
- Committer: Björn Påhlsson
- Date: 2008-07-20 02:52:20 UTC
- Revision ID: belorn@braxen-20080720025220-r5u0388uy9iu23h6
Added following support:
Pluginbased client handler
rewritten Mandos client
Avahi instead of udp server discovery
openpgp encrypted key support
Passprompt stand alone application for direct console input
Added logging for Mandos server
Pluginbased client handler
rewritten Mandos client
Avahi instead of udp server discovery
openpgp encrypted key support
Passprompt stand alone application for direct console input
Added logging for Mandos server
- files added:
- plugins.d/Makefile
- files removed:
- server.conf
- files renamed:
- clients.conf => mandos-clients.conf
- files modified:
- Makefile
added
removed
plugins.d/mandosclient.c
1
/* -*- coding: utf-8 -*- */
2
/*
3
* Mandos client - get and decrypt data from a Mandos server
1
/* $Id$ */
2
3
/* PLEASE NOTE *
4
* This file demonstrates how to use Avahi's core API, this is
5
* the embeddable mDNS stack for embedded applications.
4
6
*
5
* This program is partly derived from an example program for an Avahi
6
* service browser, downloaded from
7
* <http://avahi.org/browser/examples/core-browse-services.c>. This
8
* includes the following functions: "resolve_callback",
9
* "browse_callback", and parts of "main".
10
*
11
* Everything else is
12
* Copyright © 2007-2008 Teddy Hogeborn & Björn Påhlsson
13
*
14
* This program is free software: you can redistribute it and/or
15
* modify it under the terms of the GNU General Public License as
16
* published by the Free Software Foundation, either version 3 of the
17
* License, or (at your option) any later version.
18
*
19
* This program is distributed in the hope that it will be useful, but
20
* WITHOUT ANY WARRANTY; without even the implied warranty of
21
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
22
* General Public License for more details.
23
*
24
* You should have received a copy of the GNU General Public License
25
* along with this program. If not, see
26
* <http://www.gnu.org/licenses/>.
27
*
28
* Contact the authors at <https://www.fukt.bsnet.se/~belorn/> and
29
* <https://www.fukt.bsnet.se/~teddy/>.
7
* End user applications should *not* use this API and should use
8
* the D-Bus or C APIs, please see
9
* client-browse-services.c and glib-integration.c
10
*
11
* I repeat, you probably do *not* want to use this example.
30
12
*/
31
13
32
/* Needed by GPGME, specifically gpgme_data_seek() */
14
/***
15
This file is part of avahi.
16
17
avahi is free software; you can redistribute it and/or modify it
18
under the terms of the GNU Lesser General Public License as
19
published by the Free Software Foundation; either version 2.1 of the
20
License, or (at your option) any later version.
21
22
avahi is distributed in the hope that it will be useful, but WITHOUT
23
ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
24
or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General
25
Public License for more details.
26
27
You should have received a copy of the GNU Lesser General Public
28
License along with avahi; if not, write to the Free Software
29
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
30
USA.
31
***/
32
33
33
#define _LARGEFILE_SOURCE
34
34
#define _FILE_OFFSET_BITS 64
35
35
47
47
#include <avahi-common/error.h>
48
48
49
49
//mandos client part
50
#include <sys/types.h> /* socket(), inet_pton() */
51
#include <sys/socket.h> /* socket(), struct sockaddr_in6,
52
struct in6_addr, inet_pton() */
53
#include <gnutls/gnutls.h> /* All GnuTLS stuff */
54
#include <gnutls/openpgp.h> /* GnuTLS with openpgp stuff */
50
#include <sys/types.h> /* socket(), setsockopt(), inet_pton() */
51
#include <sys/socket.h> /* socket(), setsockopt(), struct sockaddr_in6, struct in6_addr, inet_pton() */
52
#include <gnutls/gnutls.h> /* ALL GNUTLS STUFF */
53
#include <gnutls/openpgp.h> /* gnutls with openpgp stuff */
55
54
56
55
#include <unistd.h> /* close() */
57
56
#include <netinet/in.h>
64
63
#include <errno.h> /* perror() */
65
64
#include <gpgme.h>
66
65
67
// getopt long
68
#include <getopt.h>
69
66
70
67
#ifndef CERT_ROOT
71
68
#define CERT_ROOT "/conf/conf.d/cryptkeyreq/"
75
72
#define BUFFER_SIZE 256
76
73
#define DH_BITS 1024
77
74
78
bool debug = false;
79
80
75
typedef struct {
81
76
gnutls_session_t session;
82
77
gnutls_certificate_credentials_t cred;
84
79
} encrypted_session;
85
80
86
81
87
ssize_t pgp_packet_decrypt (char *packet, size_t packet_size,
88
char **new_packet, const char *homedir){
82
ssize_t gpg_packet_decrypt (char *packet, size_t packet_size, char **new_packet, char *homedir){
89
83
gpgme_data_t dh_crypto, dh_plain;
90
84
gpgme_ctx_t ctx;
91
85
gpgme_error_t rc;
92
86
ssize_t ret;
93
ssize_t new_packet_capacity = 0;
94
ssize_t new_packet_length = 0;
87
size_t new_packet_capacity = 0;
88
size_t new_packet_length = 0;
95
89
gpgme_engine_info_t engine_info;
96
90
97
if (debug){
98
fprintf(stderr, "Trying to decrypt OpenPGP packet\n");
99
}
100
101
91
/* Init GPGME */
102
92
gpgme_check_version(NULL);
103
93
gpgme_engine_check_version(GPGME_PROTOCOL_OpenPGP);
146
136
return -1;
147
137
}
148
138
149
/* Decrypt data from the FILE pointer to the plaintext data
150
buffer */
139
/* Decrypt data from the FILE pointer to the plaintext data buffer */
151
140
rc = gpgme_op_decrypt(ctx, dh_crypto, dh_plain);
152
141
if (rc != GPG_ERR_NO_ERROR){
153
142
fprintf(stderr, "bad gpgme_op_decrypt: %s: %s\n",
154
143
gpgme_strsource(rc), gpgme_strerror(rc));
155
144
return -1;
156
145
}
157
158
if(debug){
159
fprintf(stderr, "Decryption of OpenPGP packet succeeded\n");
160
}
161
162
if (debug){
163
gpgme_decrypt_result_t result;
164
result = gpgme_op_decrypt_result(ctx);
165
if (result == NULL){
166
fprintf(stderr, "gpgme_op_decrypt_result failed\n");
167
} else {
168
fprintf(stderr, "Unsupported algorithm: %s\n",
169
result->unsupported_algorithm);
170
fprintf(stderr, "Wrong key usage: %d\n",
171
result->wrong_key_usage);
172
if(result->file_name != NULL){
173
fprintf(stderr, "File name: %s\n", result->file_name);
174
}
175
gpgme_recipient_t recipient;
176
recipient = result->recipients;
177
if(recipient){
178
while(recipient != NULL){
179
fprintf(stderr, "Public key algorithm: %s\n",
180
gpgme_pubkey_algo_name(recipient->pubkey_algo));
181
fprintf(stderr, "Key ID: %s\n", recipient->keyid);
182
fprintf(stderr, "Secret key available: %s\n",
183
recipient->status == GPG_ERR_NO_SECKEY
184
? "No" : "Yes");
185
recipient = recipient->next;
186
}
187
}
188
}
189
}
190
146
147
/* gpgme_decrypt_result_t result; */
148
/* result = gpgme_op_decrypt_result(ctx); */
149
/* fprintf(stderr, "Unsupported algorithm: %s\n", result->unsupported_algorithm); */
150
/* fprintf(stderr, "Wrong key usage: %d\n", result->wrong_key_usage); */
151
/* if(result->file_name != NULL){ */
152
/* fprintf(stderr, "File name: %s\n", result->file_name); */
153
/* } */
154
/* gpgme_recipient_t recipient; */
155
/* recipient = result->recipients; */
156
/* if(recipient){ */
157
/* while(recipient != NULL){ */
158
/* fprintf(stderr, "Public key algorithm: %s\n", */
159
/* gpgme_pubkey_algo_name(recipient->pubkey_algo)); */
160
/* fprintf(stderr, "Key ID: %s\n", recipient->keyid); */
161
/* fprintf(stderr, "Secret key available: %s\n", */
162
/* recipient->status == GPG_ERR_NO_SECKEY ? "No" : "Yes"); */
163
/* recipient = recipient->next; */
164
/* } */
165
/* } */
166
191
167
/* Delete the GPGME FILE pointer cryptotext data buffer */
192
168
gpgme_data_release(dh_crypto);
193
169
194
170
/* Seek back to the beginning of the GPGME plaintext data buffer */
195
gpgme_data_seek(dh_plain, (off_t) 0, SEEK_SET);
171
gpgme_data_seek(dh_plain, 0, SEEK_SET);
196
172
197
173
*new_packet = 0;
198
174
while(true){
199
175
if (new_packet_length + BUFFER_SIZE > new_packet_capacity){
200
*new_packet = realloc(*new_packet,
201
(unsigned int)new_packet_capacity
202
+ BUFFER_SIZE);
176
*new_packet = realloc(*new_packet, new_packet_capacity + BUFFER_SIZE);
203
177
if (*new_packet == NULL){
204
178
perror("realloc");
205
179
return -1;
207
181
new_packet_capacity += BUFFER_SIZE;
208
182
}
209
183
210
ret = gpgme_data_read(dh_plain, *new_packet + new_packet_length,
211
BUFFER_SIZE);
184
ret = gpgme_data_read(dh_plain, *new_packet + new_packet_length, BUFFER_SIZE);
212
185
/* Print the data, if any */
213
186
if (ret == 0){
187
/* If password is empty, then a incorrect error will be printed */
214
188
break;
215
189
}
216
190
if(ret < 0){
220
194
new_packet_length += ret;
221
195
}
222
196
223
/* FIXME: check characters before printing to screen so to not print
224
terminal control characters */
225
/* if(debug){ */
226
/* fprintf(stderr, "decrypted password is: "); */
227
/* fwrite(*new_packet, 1, new_packet_length, stderr); */
228
/* fprintf(stderr, "\n"); */
229
/* } */
230
231
/* Delete the GPGME plaintext data buffer */
197
/* Delete the GPGME plaintext data buffer */
232
198
gpgme_data_release(dh_plain);
233
199
return new_packet_length;
234
200
}
240
206
return ret;
241
207
}
242
208
243
void debuggnutls(__attribute__((unused)) int level,
244
const char* string){
209
void debuggnutls(int level, const char* string){
245
210
fprintf(stderr, "%s", string);
246
211
}
247
212
249
214
const char *err;
250
215
int ret;
251
216
252
if(debug){
253
fprintf(stderr, "Initializing GnuTLS\n");
254
}
255
256
217
if ((ret = gnutls_global_init ())
257
218
!= GNUTLS_E_SUCCESS) {
258
219
fprintf (stderr, "global_init: %s\n", safer_gnutls_strerror(ret));
259
220
return -1;
260
221
}
261
222
262
if (debug){
263
gnutls_global_set_log_level(11);
264
gnutls_global_set_log_function(debuggnutls);
265
}
266
223
/* Uncomment to enable full debuggin on the gnutls library */
224
/* gnutls_global_set_log_level(11); */
225
/* gnutls_global_set_log_function(debuggnutls); */
226
227
267
228
/* openpgp credentials */
268
229
if ((ret = gnutls_certificate_allocate_credentials (&es->cred))
269
230
!= GNUTLS_E_SUCCESS) {
270
fprintf (stderr, "memory error: %s\n",
271
safer_gnutls_strerror(ret));
231
fprintf (stderr, "memory error: %s\n", safer_gnutls_strerror(ret));
272
232
return -1;
273
233
}
274
275
if(debug){
276
fprintf(stderr, "Attempting to use OpenPGP certificate %s"
277
" and keyfile %s as GnuTLS credentials\n", CERTFILE,
278
KEYFILE);
279
}
280
234
281
235
ret = gnutls_certificate_set_openpgp_key_file
282
236
(es->cred, CERTFILE, KEYFILE, GNUTLS_OPENPGP_FMT_BASE64);
283
237
if (ret != GNUTLS_E_SUCCESS) {
284
238
fprintf
285
(stderr, "Error[%d] while reading the OpenPGP key pair ('%s',"
286
" '%s')\n",
239
(stderr, "Error[%d] while reading the OpenPGP key pair ('%s', '%s')\n",
287
240
ret, CERTFILE, KEYFILE);
288
241
fprintf(stdout, "The Error is: %s\n",
289
242
safer_gnutls_strerror(ret));
290
243
return -1;
291
244
}
292
293
//GnuTLS server initialization
245
246
//Gnutls server initialization
294
247
if ((ret = gnutls_dh_params_init (&es->dh_params))
295
248
!= GNUTLS_E_SUCCESS) {
296
249
fprintf (stderr, "Error in dh parameter initialization: %s\n",
297
250
safer_gnutls_strerror(ret));
298
251
return -1;
299
252
}
300
253
301
254
if ((ret = gnutls_dh_params_generate2 (es->dh_params, DH_BITS))
302
255
!= GNUTLS_E_SUCCESS) {
303
256
fprintf (stderr, "Error in prime generation: %s\n",
304
257
safer_gnutls_strerror(ret));
305
258
return -1;
306
259
}
307
260
308
261
gnutls_certificate_set_dh_params (es->cred, es->dh_params);
309
310
// GnuTLS session creation
262
263
// Gnutls session creation
311
264
if ((ret = gnutls_init (&es->session, GNUTLS_SERVER))
312
265
!= GNUTLS_E_SUCCESS){
313
fprintf(stderr, "Error in GnuTLS session initialization: %s\n",
266
fprintf(stderr, "Error in gnutls session initialization: %s\n",
314
267
safer_gnutls_strerror(ret));
315
268
}
316
269
317
270
if ((ret = gnutls_priority_set_direct (es->session, "NORMAL", &err))
318
271
!= GNUTLS_E_SUCCESS) {
319
272
fprintf(stderr, "Syntax error at: %s\n", err);
320
fprintf(stderr, "GnuTLS error: %s\n",
273
fprintf(stderr, "Gnutls error: %s\n",
321
274
safer_gnutls_strerror(ret));
322
275
return -1;
323
276
}
324
277
325
278
if ((ret = gnutls_credentials_set
326
279
(es->session, GNUTLS_CRD_CERTIFICATE, es->cred))
327
280
!= GNUTLS_E_SUCCESS) {
329
282
safer_gnutls_strerror(ret));
330
283
return -1;
331
284
}
332
285
333
286
/* ignore client certificate if any. */
334
gnutls_certificate_server_set_request (es->session,
335
GNUTLS_CERT_IGNORE);
287
gnutls_certificate_server_set_request (es->session, GNUTLS_CERT_IGNORE);
336
288
337
289
gnutls_dh_set_prime_bits (es->session, DH_BITS);
338
290
339
291
return 0;
340
292
}
341
293
342
void empty_log(__attribute__((unused)) AvahiLogLevel level,
343
__attribute__((unused)) const char *txt){}
294
void empty_log(AvahiLogLevel level, const char *txt){}
344
295
345
int start_mandos_communication(const char *ip, uint16_t port,
346
unsigned int if_index){
296
int start_mandos_communcation(char *ip, uint16_t port){
347
297
int ret, tcp_sd;
348
298
struct sockaddr_in6 to;
299
struct in6_addr ip_addr;
349
300
encrypted_session es;
350
301
char *buffer = NULL;
351
302
char *decrypted_buffer;
352
303
size_t buffer_length = 0;
353
304
size_t buffer_capacity = 0;
354
305
ssize_t decrypted_buffer_size;
355
size_t written = 0;
356
306
int retval = 0;
357
char interface[IF_NAMESIZE];
358
359
if(debug){
360
fprintf(stderr, "Setting up a tcp connection to %s, port %d\n",
361
ip, port);
362
}
307
363
308
364
309
tcp_sd = socket(PF_INET6, SOCK_STREAM, 0);
365
310
if(tcp_sd < 0) {
367
312
return -1;
368
313
}
369
314
370
if(if_indextoname(if_index, interface) == NULL){
371
if(debug){
372
perror("if_indextoname");
373
}
315
ret = setsockopt(tcp_sd, SOL_SOCKET, SO_BINDTODEVICE, "eth0", 5);
316
if(tcp_sd < 0) {
317
perror("setsockopt bindtodevice");
374
318
return -1;
375
319
}
376
320
377
if(debug){
378
fprintf(stderr, "Binding to interface %s\n", interface);
379
}
380
381
memset(&to,0,sizeof(to)); /* Spurious warning */
321
memset(&to,0,sizeof(to));
382
322
to.sin6_family = AF_INET6;
383
ret = inet_pton(AF_INET6, ip, &to.sin6_addr);
323
ret = inet_pton(AF_INET6, ip, &ip_addr);
384
324
if (ret < 0 ){
385
325
perror("inet_pton");
386
326
return -1;
389
329
fprintf(stderr, "Bad address: %s\n", ip);
390
330
return -1;
391
331
}
392
to.sin6_port = htons(port); /* Spurious warning */
393
394
to.sin6_scope_id = (uint32_t)if_index;
395
396
if(debug){
397
fprintf(stderr, "Connection to: %s, port %d\n", ip, port);
398
/* char addrstr[INET6_ADDRSTRLEN]; */
399
/* if(inet_ntop(to.sin6_family, &(to.sin6_addr), addrstr, */
400
/* sizeof(addrstr)) == NULL){ */
401
/* perror("inet_ntop"); */
402
/* } else { */
403
/* fprintf(stderr, "Really connecting to: %s, port %d\n", */
404
/* addrstr, ntohs(to.sin6_port)); */
405
/* } */
406
}
332
to.sin6_port = htons(port);
333
to.sin6_scope_id = if_nametoindex("eth0");
407
334
408
335
ret = connect(tcp_sd, (struct sockaddr *) &to, sizeof(to));
409
336
if (ret < 0){
416
343
retval = -1;
417
344
return -1;
418
345
}
419
420
gnutls_transport_set_ptr (es.session,
421
(gnutls_transport_ptr_t) tcp_sd);
422
423
if(debug){
424
fprintf(stderr, "Establishing TLS session with %s\n", ip);
425
}
426
346
347
348
gnutls_transport_set_ptr (es.session, (gnutls_transport_ptr_t) tcp_sd);
349
427
350
ret = gnutls_handshake (es.session);
428
351
429
352
if (ret != GNUTLS_E_SUCCESS){
430
if(debug){
431
fprintf(stderr, "\n*** Handshake failed ***\n");
432
gnutls_perror (ret);
433
}
353
fprintf(stderr, "\n*** Handshake failed ***\n");
354
gnutls_perror (ret);
434
355
retval = -1;
435
356
goto exit;
436
357
}
437
438
//Retrieve OpenPGP packet that contains the wanted password
439
440
if(debug){
441
fprintf(stderr, "Retrieving pgp encrypted password from %s\n",
442
ip);
443
}
444
358
359
//retrive password
445
360
while(true){
446
361
if (buffer_length + BUFFER_SIZE > buffer_capacity){
447
362
buffer = realloc(buffer, buffer_capacity + BUFFER_SIZE);
472
387
}
473
388
break;
474
389
default:
475
fprintf(stderr, "Unknown error while reading data from"
476
" encrypted session with mandos server\n");
390
fprintf(stderr, "Unknown error while reading data from encrypted session with mandos server\n");
477
391
retval = -1;
478
392
gnutls_bye (es.session, GNUTLS_SHUT_RDWR);
479
393
goto exit;
480
394
}
481
395
} else {
482
buffer_length += (size_t) ret;
396
buffer_length += ret;
483
397
}
484
398
}
485
399
486
400
if (buffer_length > 0){
487
decrypted_buffer_size = pgp_packet_decrypt(buffer,
488
buffer_length,
489
&decrypted_buffer,
490
CERT_ROOT);
491
if (decrypted_buffer_size >= 0){
492
while(written < (size_t) decrypted_buffer_size){
493
ret = (int)fwrite (decrypted_buffer + written, 1,
494
(size_t)decrypted_buffer_size - written,
495
stdout);
496
if(ret == 0 and ferror(stdout)){
497
if(debug){
498
fprintf(stderr, "Error writing encrypted data: %s\n",
499
strerror(errno));
500
}
501
retval = -1;
502
break;
503
}
504
written += (size_t)ret;
505
}
401
if ((decrypted_buffer_size = gpg_packet_decrypt(buffer, buffer_length, &decrypted_buffer, CERT_ROOT)) == 0){
402
retval = -1;
403
} else {
404
fwrite (decrypted_buffer, 1, decrypted_buffer_size, stdout);
506
405
free(decrypted_buffer);
507
} else {
508
retval = -1;
509
406
}
510
407
}
511
408
409
free(buffer);
410
512
411
//shutdown procedure
513
514
if(debug){
515
fprintf(stderr, "Closing TLS session\n");
516
}
517
518
free(buffer);
519
412
gnutls_bye (es.session, GNUTLS_SHUT_RDWR);
520
413
exit:
521
414
close(tcp_sd);
530
423
531
424
static void resolve_callback(
532
425
AvahiSServiceResolver *r,
533
AvahiIfIndex interface,
426
AVAHI_GCC_UNUSED AvahiIfIndex interface,
534
427
AVAHI_GCC_UNUSED AvahiProtocol protocol,
535
428
AvahiResolverEvent event,
536
429
const char *name,
539
432
const char *host_name,
540
433
const AvahiAddress *address,
541
434
uint16_t port,
542
AVAHI_GCC_UNUSED AvahiStringList *txt,
543
AVAHI_GCC_UNUSED AvahiLookupResultFlags flags,
435
AvahiStringList *txt,
436
AvahiLookupResultFlags flags,
544
437
AVAHI_GCC_UNUSED void* userdata) {
545
438
546
assert(r); /* Spurious warning */
547
548
/* Called whenever a service has been resolved successfully or
549
timed out */
550
551
switch (event) {
552
default:
553
case AVAHI_RESOLVER_FAILURE:
554
fprintf(stderr, "(Resolver) Failed to resolve service '%s' of"
555
" type '%s' in domain '%s': %s\n", name, type, domain,
556
avahi_strerror(avahi_server_errno(server)));
557
break;
558
559
case AVAHI_RESOLVER_FOUND:
560
{
561
char ip[AVAHI_ADDRESS_STR_MAX];
562
avahi_address_snprint(ip, sizeof(ip), address);
563
if(debug){
564
fprintf(stderr, "Mandos server \"%s\" found on %s (%s) on"
565
" port %d\n", name, host_name, ip, port);
566
}
567
int ret = start_mandos_communication(ip, port,
568
(unsigned int) interface);
569
if (ret == 0){
570
exit(EXIT_SUCCESS);
571
}
439
assert(r);
440
441
/* Called whenever a service has been resolved successfully or timed out */
442
443
switch (event) {
444
case AVAHI_RESOLVER_FAILURE:
445
fprintf(stderr, "(Resolver) Failed to resolve service '%s' of type '%s' in domain '%s': %s\n", name, type, domain, avahi_strerror(avahi_server_errno(server)));
446
break;
447
448
case AVAHI_RESOLVER_FOUND: {
449
char ip[AVAHI_ADDRESS_STR_MAX];
450
avahi_address_snprint(ip, sizeof(ip), address);
451
int ret = start_mandos_communcation(ip, port);
452
if (ret == 0){
453
exit(EXIT_SUCCESS);
454
} else {
455
exit(EXIT_FAILURE);
456
}
457
}
572
458
}
573
}
574
avahi_s_service_resolver_free(r);
459
avahi_s_service_resolver_free(r);
575
460
}
576
461
577
462
static void browse_callback(
586
471
void* userdata) {
587
472
588
473
AvahiServer *s = userdata;
589
assert(b); /* Spurious warning */
590
591
/* Called whenever a new services becomes available on the LAN or
592
is removed from the LAN */
593
474
assert(b);
475
476
/* Called whenever a new services becomes available on the LAN or is removed from the LAN */
477
594
478
switch (event) {
595
default:
596
case AVAHI_BROWSER_FAILURE:
597
598
fprintf(stderr, "(Browser) %s\n",
599
avahi_strerror(avahi_server_errno(server)));
600
avahi_simple_poll_quit(simple_poll);
601
return;
602
603
case AVAHI_BROWSER_NEW:
604
/* We ignore the returned resolver object. In the callback
605
function we free it. If the server is terminated before
606
the callback function is called the server will free
607
the resolver for us. */
608
609
if (!(avahi_s_service_resolver_new(s, interface, protocol, name,
610
type, domain,
611
AVAHI_PROTO_INET6, 0,
612
resolve_callback, s)))
613
fprintf(stderr, "Failed to resolve service '%s': %s\n", name,
614
avahi_strerror(avahi_server_errno(s)));
615
break;
616
617
case AVAHI_BROWSER_REMOVE:
618
break;
619
620
case AVAHI_BROWSER_ALL_FOR_NOW:
621
case AVAHI_BROWSER_CACHE_EXHAUSTED:
622
break;
479
480
case AVAHI_BROWSER_FAILURE:
481
482
fprintf(stderr, "(Browser) %s\n", avahi_strerror(avahi_server_errno(server)));
483
avahi_simple_poll_quit(simple_poll);
484
return;
485
486
case AVAHI_BROWSER_NEW:
487
/* We ignore the returned resolver object. In the callback
488
function we free it. If the server is terminated before
489
the callback function is called the server will free
490
the resolver for us. */
491
492
if (!(avahi_s_service_resolver_new(s, interface, protocol, name, type, domain, AVAHI_PROTO_INET6, 0, resolve_callback, s)))
493
fprintf(stderr, "Failed to resolve service '%s': %s\n", name, avahi_strerror(avahi_server_errno(s)));
494
495
break;
496
497
case AVAHI_BROWSER_REMOVE:
498
break;
499
500
case AVAHI_BROWSER_ALL_FOR_NOW:
501
case AVAHI_BROWSER_CACHE_EXHAUSTED:
502
break;
623
503
}
624
504
}
625
505
627
507
AvahiServerConfig config;
628
508
AvahiSServiceBrowser *sb = NULL;
629
509
int error;
630
int ret;
631
int returncode = EXIT_SUCCESS;
632
const char *interface = "eth0";
633
unsigned int if_index;
634
char *connect_to = NULL;
635
636
while (true){
637
static struct option long_options[] = {
638
{"debug", no_argument, (int *)&debug, 1},
639
{"connect", required_argument, 0, 'c'},
640
{"interface", required_argument, 0, 'i'},
641
{0, 0, 0, 0} };
642
643
int option_index = 0;
644
ret = getopt_long (argc, argv, "i:", long_options,
645
&option_index);
646
647
if (ret == -1){
648
break;
649
}
650
651
switch(ret){
652
case 0:
653
break;
654
case 'i':
655
interface = optarg;
656
break;
657
case 'c':
658
connect_to = optarg;
659
break;
660
default:
661
exit(EXIT_FAILURE);
662
}
663
}
664
665
if_index = if_nametoindex(interface);
666
if(if_index == 0){
667
fprintf(stderr, "No such interface: \"%s\"\n", interface);
668
exit(EXIT_FAILURE);
669
}
670
671
if(connect_to != NULL){
672
/* Connect directly, do not use Zeroconf */
673
/* (Mainly meant for debugging) */
674
char *address = strrchr(connect_to, ':');
675
if(address == NULL){
676
fprintf(stderr, "No colon in address\n");
677
exit(EXIT_FAILURE);
678
}
679
errno = 0;
680
uint16_t port = (uint16_t) strtol(address+1, NULL, 10);
681
if(errno){
682
perror("Bad port number");
683
exit(EXIT_FAILURE);
684
}
685
*address = '\0';
686
address = connect_to;
687
ret = start_mandos_communication(address, port, if_index);
688
if(ret < 0){
689
exit(EXIT_FAILURE);
690
} else {
691
exit(EXIT_SUCCESS);
692
}
693
}
694
695
if (not debug){
696
avahi_set_log_function(empty_log);
697
}
510
int ret = 1;
511
512
avahi_set_log_function(empty_log);
698
513
699
514
/* Initialize the psuedo-RNG */
700
srand((unsigned int) time(NULL));
515
srand(time(NULL));
701
516
702
517
/* Allocate main loop object */
703
518
if (!(simple_poll = avahi_simple_poll_new())) {
704
519
fprintf(stderr, "Failed to create simple poll object.\n");
705
706
goto exit;
520
goto fail;
707
521
}
708
522
709
523
/* Do not publish any local records */
713
527
config.publish_workstation = 0;
714
528
config.publish_domain = 0;
715
529
530
/* /\* Set a unicast DNS server for wide area DNS-SD *\/ */
531
/* avahi_address_parse("193.11.177.11", AVAHI_PROTO_UNSPEC, &config.wide_area_servers[0]); */
532
/* config.n_wide_area_servers = 1; */
533
/* config.enable_wide_area = 1; */
534
716
535
/* Allocate a new server */
717
server = avahi_server_new(avahi_simple_poll_get(simple_poll),
718
&config, NULL, NULL, &error);
536
server = avahi_server_new(avahi_simple_poll_get(simple_poll), &config, NULL, NULL, &error);
719
537
720
538
/* Free the configuration data */
721
539
avahi_server_config_free(&config);
722
540
723
/* Check if creating the server object succeeded */
541
/* Check wether creating the server object succeeded */
724
542
if (!server) {
725
fprintf(stderr, "Failed to create server: %s\n",
726
avahi_strerror(error));
727
returncode = EXIT_FAILURE;
728
goto exit;
543
fprintf(stderr, "Failed to create server: %s\n", avahi_strerror(error));
544
goto fail;
729
545
}
730
546
731
547
/* Create the service browser */
732
sb = avahi_s_service_browser_new(server, (AvahiIfIndex)if_index,
733
AVAHI_PROTO_INET6,
734
"_mandos._tcp", NULL, 0,
735
browse_callback, server);
736
if (!sb) {
737
fprintf(stderr, "Failed to create service browser: %s\n",
738
avahi_strerror(avahi_server_errno(server)));
739
returncode = EXIT_FAILURE;
740
goto exit;
548
if (!(sb = avahi_s_service_browser_new(server, if_nametoindex("eth0"), AVAHI_PROTO_INET6, "_mandos._tcp", NULL, 0, browse_callback, server))) {
549
fprintf(stderr, "Failed to create service browser: %s\n", avahi_strerror(avahi_server_errno(server)));
550
goto fail;
741
551
}
742
552
743
553
/* Run the main loop */
744
745
if (debug){
746
fprintf(stderr, "Starting avahi loop search\n");
747
}
748
749
554
avahi_simple_poll_loop(simple_poll);
750
555
751
exit:
752
753
if (debug){
754
fprintf(stderr, "%s exiting\n", argv[0]);
755
}
556
ret = 0;
557
558
fail:
756
559
757
560
/* Cleanup things */
758
561
if (sb)
764
567
if (simple_poll)
765
568
avahi_simple_poll_free(simple_poll);
766
569
767
return returncode;
570
return ret;
768
571
}
Loggerhead is a web-based interface for Breezy
Version: 2.0.2.dev0