/mandos/release : revision 13

1

/* -*- coding: utf-8 -*- */

2

/*

3

* Mandos client - get and decrypt data from a Mandos server

1

/* $Id$ */

2

3

/* PLEASE NOTE *

4

* This file demonstrates how to use Avahi's core API, this is

5

* the embeddable mDNS stack for embedded applications.

4

6

*

5

* This program is partly derived from an example program for an Avahi

6

* service browser, downloaded from

7

* <http://avahi.org/browser/examples/core-browse-services.c>. This

8

* includes the following functions: "resolve_callback",

9

* "browse_callback", and parts of "main".

10

*

11

* Everything else is

12

13

*

14

* This program is free software: you can redistribute it and/or

15

* modify it under the terms of the GNU General Public License as

16

* published by the Free Software Foundation, either version 3 of the

17

* License, or (at your option) any later version.

18

*

19

* This program is distributed in the hope that it will be useful, but

20

* WITHOUT ANY WARRANTY; without even the implied warranty of

21

* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU

22

* General Public License for more details.

23

*

24

* You should have received a copy of the GNU General Public License

25

* along with this program. If not, see

26

* <http://www.gnu.org/licenses/>.

27

*

28

* Contact the authors at <https://www.fukt.bsnet.se/~belorn/> and

29

* <https://www.fukt.bsnet.se/~teddy/>.

7

* End user applications should *not* use this API and should use

8

* the D-Bus or C APIs, please see

9

* client-browse-services.c and glib-integration.c

10

*

11

* I repeat, you probably do *not* want to use this example.

30

12

*/

31

13

32

/* Needed by GPGME, specifically gpgme_data_seek() */

14

/***

15

This file is part of avahi.

16

17

avahi is free software; you can redistribute it and/or modify it

18

under the terms of the GNU Lesser General Public License as

19

published by the Free Software Foundation; either version 2.1 of the

20

License, or (at your option) any later version.

21

22

avahi is distributed in the hope that it will be useful, but WITHOUT

23

ANY WARRANTY; without even the implied warranty of MERCHANTABILITY

24

or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General

25

Public License for more details.

26

27

You should have received a copy of the GNU Lesser General Public

28

License along with avahi; if not, write to the Free Software

29

Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307

30

USA.

31

***/

32

33

#define _LARGEFILE_SOURCE

34

#define _FILE_OFFSET_BITS 64

35

47

#include <avahi-common/error.h>

48

49

//mandos client part

50

#include <sys/types.h> /* socket(), inet_pton() */

51

#include <sys/socket.h> /* socket(), struct sockaddr_in6,

52

struct in6_addr, inet_pton() */

53

#include <gnutls/gnutls.h> /* All GnuTLS stuff */

54

#include <gnutls/openpgp.h> /* GnuTLS with openpgp stuff */

50

#include <sys/types.h> /* socket(), setsockopt(), inet_pton() */

51

#include <sys/socket.h> /* socket(), setsockopt(), struct sockaddr_in6, struct in6_addr, inet_pton() */

52

#include <gnutls/gnutls.h> /* ALL GNUTLS STUFF */

53

#include <gnutls/openpgp.h> /* gnutls with openpgp stuff */

55

54

56

55

#include <unistd.h> /* close() */

57

56

#include <netinet/in.h>

64

63

#include <errno.h> /* perror() */

65

64

#include <gpgme.h>

66

65

67

// getopt long

68

#include <getopt.h>

69

66

70

67

#ifndef CERT_ROOT

71

68

#define CERT_ROOT "/conf/conf.d/cryptkeyreq/"

75

72

#define BUFFER_SIZE 256

76

73

#define DH_BITS 1024

77

74

78

bool debug = false;

79

80

75

typedef struct {

81

76

gnutls_session_t session;

82

77

gnutls_certificate_credentials_t cred;

84

79

} encrypted_session;

85

80

86

81

87

ssize_t pgp_packet_decrypt (char *packet, size_t packet_size,

88

char **new_packet, const char *homedir){

82

ssize_t gpg_packet_decrypt (char *packet, size_t packet_size, char **new_packet, char *homedir){

89

83

gpgme_data_t dh_crypto, dh_plain;

90

84

gpgme_ctx_t ctx;

91

85

gpgme_error_t rc;

92

86

ssize_t ret;

93

ssize_t new_packet_capacity = 0;

94

ssize_t new_packet_length = 0;

87

size_t new_packet_capacity = 0;

88

size_t new_packet_length = 0;

95

89

gpgme_engine_info_t engine_info;

96

90

97

if (debug){

98

fprintf(stderr, "Trying to decrypt OpenPGP packet\n");

99

}

100

101

91

/* Init GPGME */

102

92

gpgme_check_version(NULL);

103

93

gpgme_engine_check_version(GPGME_PROTOCOL_OpenPGP);

146

136

return -1;

147

137

}

148

138

149

/* Decrypt data from the FILE pointer to the plaintext data

150

buffer */

139

/* Decrypt data from the FILE pointer to the plaintext data buffer */

151

140

rc = gpgme_op_decrypt(ctx, dh_crypto, dh_plain);

152

141

if (rc != GPG_ERR_NO_ERROR){

153

142

fprintf(stderr, "bad gpgme_op_decrypt: %s: %s\n",

154

143

gpgme_strsource(rc), gpgme_strerror(rc));

155

144

return -1;

156

145

}

157

158

if(debug){

159

fprintf(stderr, "Decryption of OpenPGP packet succeeded\n");

160

}

161

162

if (debug){

163

gpgme_decrypt_result_t result;

164

result = gpgme_op_decrypt_result(ctx);

165

if (result == NULL){

166

fprintf(stderr, "gpgme_op_decrypt_result failed\n");

167

} else {

168

fprintf(stderr, "Unsupported algorithm: %s\n",

169

result->unsupported_algorithm);

170

fprintf(stderr, "Wrong key usage: %d\n",

171

result->wrong_key_usage);

172

if(result->file_name != NULL){

173

fprintf(stderr, "File name: %s\n", result->file_name);

174

}

175

gpgme_recipient_t recipient;

176

recipient = result->recipients;

177

if(recipient){

178

while(recipient != NULL){

179

fprintf(stderr, "Public key algorithm: %s\n",

180

gpgme_pubkey_algo_name(recipient->pubkey_algo));

181

fprintf(stderr, "Key ID: %s\n", recipient->keyid);

182

fprintf(stderr, "Secret key available: %s\n",

183

recipient->status == GPG_ERR_NO_SECKEY

184

? "No" : "Yes");

185

recipient = recipient->next;

186

}

187

}

188

}

189

}

190

146

147

/* gpgme_decrypt_result_t result; */

148

/* result = gpgme_op_decrypt_result(ctx); */

149

/* fprintf(stderr, "Unsupported algorithm: %s\n", result->unsupported_algorithm); */

150

/* fprintf(stderr, "Wrong key usage: %d\n", result->wrong_key_usage); */

151

/* if(result->file_name != NULL){ */

152

/* fprintf(stderr, "File name: %s\n", result->file_name); */

153

/* } */

154

/* gpgme_recipient_t recipient; */

155

/* recipient = result->recipients; */

156

/* if(recipient){ */

157

/* while(recipient != NULL){ */

158

/* fprintf(stderr, "Public key algorithm: %s\n", */

159

/* gpgme_pubkey_algo_name(recipient->pubkey_algo)); */

160

/* fprintf(stderr, "Key ID: %s\n", recipient->keyid); */

161

/* fprintf(stderr, "Secret key available: %s\n", */

162

/* recipient->status == GPG_ERR_NO_SECKEY ? "No" : "Yes"); */

163

/* recipient = recipient->next; */

164

/* } */

165

/* } */

166

191

167

/* Delete the GPGME FILE pointer cryptotext data buffer */

192

168

gpgme_data_release(dh_crypto);

193

169

194

170

/* Seek back to the beginning of the GPGME plaintext data buffer */

195

gpgme_data_seek(dh_plain, (off_t) 0, SEEK_SET);

171

gpgme_data_seek(dh_plain, 0, SEEK_SET);

196

172

197

173

*new_packet = 0;

198

174

while(true){

199

175

if (new_packet_length + BUFFER_SIZE > new_packet_capacity){

200

*new_packet = realloc(*new_packet,

201

(unsigned int)new_packet_capacity

202

+ BUFFER_SIZE);

176

*new_packet = realloc(*new_packet, new_packet_capacity + BUFFER_SIZE);

203

177

if (*new_packet == NULL){

204

178

perror("realloc");

205

179

return -1;

207

181

new_packet_capacity += BUFFER_SIZE;

208

182

}

209

183

210

ret = gpgme_data_read(dh_plain, *new_packet + new_packet_length,

211

BUFFER_SIZE);

184

ret = gpgme_data_read(dh_plain, *new_packet + new_packet_length, BUFFER_SIZE);

212

185

/* Print the data, if any */

213

186

if (ret == 0){

187

/* If password is empty, then a incorrect error will be printed */

214

188

break;

215

189

}

216

190

if(ret < 0){

220

194

new_packet_length += ret;

221

195

}

222

196

223

/* FIXME: check characters before printing to screen so to not print

224

terminal control characters */

225

/* if(debug){ */

226

/* fprintf(stderr, "decrypted password is: "); */

227

/* fwrite(*new_packet, 1, new_packet_length, stderr); */

228

/* fprintf(stderr, "\n"); */

229

/* } */

230

231

/* Delete the GPGME plaintext data buffer */

197

/* Delete the GPGME plaintext data buffer */

232

198

gpgme_data_release(dh_plain);

233

199

return new_packet_length;

234

200

}

240

206

return ret;

241

207

}

242

208

243

void debuggnutls(__attribute__((unused)) int level,

244

const char* string){

209

void debuggnutls(int level, const char* string){

245

210

fprintf(stderr, "%s", string);

246

211

}

247

212

249

214

const char *err;

250

215

int ret;

251

216

252

if(debug){

253

fprintf(stderr, "Initializing GnuTLS\n");

254

}

255

256

217

if ((ret = gnutls_global_init ())

257

218

!= GNUTLS_E_SUCCESS) {

258

219

fprintf (stderr, "global_init: %s\n", safer_gnutls_strerror(ret));

259

220

return -1;

260

221

}

261

222

262

if (debug){

263

gnutls_global_set_log_level(11);

264

gnutls_global_set_log_function(debuggnutls);

265

}

266

223

/* Uncomment to enable full debuggin on the gnutls library */

224

/* gnutls_global_set_log_level(11); */

225

/* gnutls_global_set_log_function(debuggnutls); */

226

227

267

228

/* openpgp credentials */

268

229

if ((ret = gnutls_certificate_allocate_credentials (&es->cred))

269

230

!= GNUTLS_E_SUCCESS) {

270

fprintf (stderr, "memory error: %s\n",

271

safer_gnutls_strerror(ret));

231

fprintf (stderr, "memory error: %s\n", safer_gnutls_strerror(ret));

272

232

return -1;

273

233

}

274

275

if(debug){

276

fprintf(stderr, "Attempting to use OpenPGP certificate %s"

277

" and keyfile %s as GnuTLS credentials\n", CERTFILE,

278

KEYFILE);

279

}

280

234

281

235

ret = gnutls_certificate_set_openpgp_key_file

282

236

(es->cred, CERTFILE, KEYFILE, GNUTLS_OPENPGP_FMT_BASE64);

283

237

if (ret != GNUTLS_E_SUCCESS) {

284

238

fprintf

285

(stderr, "Error[%d] while reading the OpenPGP key pair ('%s',"

286

" '%s')\n",

239

(stderr, "Error[%d] while reading the OpenPGP key pair ('%s', '%s')\n",

287

240

ret, CERTFILE, KEYFILE);

288

241

fprintf(stdout, "The Error is: %s\n",

289

242

safer_gnutls_strerror(ret));

290

243

return -1;

291

244

}

292

293

//GnuTLS server initialization

245

246

//Gnutls server initialization

294

247

if ((ret = gnutls_dh_params_init (&es->dh_params))

295

248

!= GNUTLS_E_SUCCESS) {

296

249

fprintf (stderr, "Error in dh parameter initialization: %s\n",

297

250

safer_gnutls_strerror(ret));

298

251

return -1;

299

252

}

300

253

301

254

if ((ret = gnutls_dh_params_generate2 (es->dh_params, DH_BITS))

302

255

!= GNUTLS_E_SUCCESS) {

303

256

fprintf (stderr, "Error in prime generation: %s\n",

304

257

safer_gnutls_strerror(ret));

305

258

return -1;

306

259

}

307

260

308

261

gnutls_certificate_set_dh_params (es->cred, es->dh_params);

309

310

// GnuTLS session creation

262

263

// Gnutls session creation

311

264

if ((ret = gnutls_init (&es->session, GNUTLS_SERVER))

312

265

!= GNUTLS_E_SUCCESS){

313

fprintf(stderr, "Error in GnuTLS session initialization: %s\n",

266

fprintf(stderr, "Error in gnutls session initialization: %s\n",

314

267

safer_gnutls_strerror(ret));

315

268

}

316

269

317

270

if ((ret = gnutls_priority_set_direct (es->session, "NORMAL", &err))

318

271

!= GNUTLS_E_SUCCESS) {

319

272

fprintf(stderr, "Syntax error at: %s\n", err);

320

fprintf(stderr, "GnuTLS error: %s\n",

273

fprintf(stderr, "Gnutls error: %s\n",

321

274

safer_gnutls_strerror(ret));

322

275

return -1;

323

276

}

324

277

325

278

if ((ret = gnutls_credentials_set

326

279

(es->session, GNUTLS_CRD_CERTIFICATE, es->cred))

327

280

!= GNUTLS_E_SUCCESS) {

329

282

safer_gnutls_strerror(ret));

330

283

return -1;

331

284

}

332

285

333

286

/* ignore client certificate if any. */

334

gnutls_certificate_server_set_request (es->session,

335

GNUTLS_CERT_IGNORE);

287

gnutls_certificate_server_set_request (es->session, GNUTLS_CERT_IGNORE);

336

288

337

289

gnutls_dh_set_prime_bits (es->session, DH_BITS);

338

290

339

291

return 0;

340

292

}

341

293

342

void empty_log(__attribute__((unused)) AvahiLogLevel level,

343

__attribute__((unused)) const char *txt){}

294

void empty_log(AvahiLogLevel level, const char *txt){}

344

295

345

int start_mandos_communication(const char *ip, uint16_t port,

346

AvahiIfIndex if_index){

296

int start_mandos_communcation(char *ip, uint16_t port){

347

297

int ret, tcp_sd;

348

298

struct sockaddr_in6 to;

299

struct in6_addr ip_addr;

349

300

encrypted_session es;

350

301

char *buffer = NULL;

351

302

char *decrypted_buffer;

352

303

size_t buffer_length = 0;

353

304

size_t buffer_capacity = 0;

354

305

ssize_t decrypted_buffer_size;

355

size_t written = 0;

356

306

int retval = 0;

357

char interface[IF_NAMESIZE];

358

359

if(debug){

360

fprintf(stderr, "Setting up a tcp connection to %s, port %d\n",

361

ip, port);

362

}

307

363

308

364

309

tcp_sd = socket(PF_INET6, SOCK_STREAM, 0);

365

310

if(tcp_sd < 0) {

367

312

return -1;

368

313

}

369

314

370

if(if_indextoname((unsigned int)if_index, interface) == NULL){

371

if(debug){

372

perror("if_indextoname");

373

}

315

ret = setsockopt(tcp_sd, SOL_SOCKET, SO_BINDTODEVICE, "eth0", 5);

316

if(tcp_sd < 0) {

317

perror("setsockopt bindtodevice");

374

318

return -1;

375

319

}

376

320

377

if(debug){

378

fprintf(stderr, "Binding to interface %s\n", interface);

379

}

380

381

memset(&to,0,sizeof(to)); /* Spurious warning */

321

memset(&to,0,sizeof(to));

382

322

to.sin6_family = AF_INET6;

383

ret = inet_pton(AF_INET6, ip, &to.sin6_addr);

323

ret = inet_pton(AF_INET6, ip, &ip_addr);

384

324

if (ret < 0 ){

385

325

perror("inet_pton");

386

326

return -1;

389

329

fprintf(stderr, "Bad address: %s\n", ip);

390

330

return -1;

391

331

}

392

to.sin6_port = htons(port); /* Spurious warning */

393

394

to.sin6_scope_id = (uint32_t)if_index;

395

396

if(debug){

397

fprintf(stderr, "Connection to: %s, port %d\n", ip, port);

398

/* char addrstr[INET6_ADDRSTRLEN]; */

399

/* if(inet_ntop(to.sin6_family, &(to.sin6_addr), addrstr, */

400

/* sizeof(addrstr)) == NULL){ */

401

/* perror("inet_ntop"); */

402

/* } else { */

403

/* fprintf(stderr, "Really connecting to: %s, port %d\n", */

404

/* addrstr, ntohs(to.sin6_port)); */

405

/* } */

406

}

332

to.sin6_port = htons(port);

333

to.sin6_scope_id = if_nametoindex("eth0");

407

334

408

335

ret = connect(tcp_sd, (struct sockaddr *) &to, sizeof(to));

409

336

if (ret < 0){

416

343

retval = -1;

417

344

return -1;

418

345

}

419

420

gnutls_transport_set_ptr (es.session,

421

(gnutls_transport_ptr_t) tcp_sd);

422

423

if(debug){

424

fprintf(stderr, "Establishing TLS session with %s\n", ip);

425

}

426

346

347

348

gnutls_transport_set_ptr (es.session, (gnutls_transport_ptr_t) tcp_sd);

349

427

350

ret = gnutls_handshake (es.session);

428

351

429

352

if (ret != GNUTLS_E_SUCCESS){

430

if(debug){

431

fprintf(stderr, "\n*** Handshake failed ***\n");

432

gnutls_perror (ret);

433

}

353

fprintf(stderr, "\n*** Handshake failed ***\n");

354

gnutls_perror (ret);

434

355

retval = -1;

435

356

goto exit;

436

357

}

437

438

//Retrieve OpenPGP packet that contains the wanted password

439

440

if(debug){

441

fprintf(stderr, "Retrieving pgp encrypted password from %s\n",

442

ip);

443

}

444

358

359

//retrive password

445

360

while(true){

446

361

if (buffer_length + BUFFER_SIZE > buffer_capacity){

447

362

buffer = realloc(buffer, buffer_capacity + BUFFER_SIZE);

472

387

}

473

388

break;

474

389

default:

475

fprintf(stderr, "Unknown error while reading data from"

476

" encrypted session with mandos server\n");

390

fprintf(stderr, "Unknown error while reading data from encrypted session with mandos server\n");

477

391

retval = -1;

478

392

gnutls_bye (es.session, GNUTLS_SHUT_RDWR);

479

393

goto exit;

480

394

}

481

395

} else {

482

buffer_length += (size_t) ret;

396

buffer_length += ret;

483

397

}

484

398

}

485

399

486

400

if (buffer_length > 0){

487

decrypted_buffer_size = pgp_packet_decrypt(buffer,

488

buffer_length,

489

&decrypted_buffer,

490

CERT_ROOT);

491

if (decrypted_buffer_size >= 0){

492

while(written < (size_t) decrypted_buffer_size){

493

ret = (int)fwrite (decrypted_buffer + written, 1,

494

(size_t)decrypted_buffer_size - written,

495

stdout);

496

if(ret == 0 and ferror(stdout)){

497

if(debug){

498

fprintf(stderr, "Error writing encrypted data: %s\n",

499

strerror(errno));

500

}

501

retval = -1;

502

break;

503

}

504

written += (size_t)ret;

505

}

401

if ((decrypted_buffer_size = gpg_packet_decrypt(buffer, buffer_length, &decrypted_buffer, CERT_ROOT)) == 0){

402

retval = -1;

403

} else {

404

fwrite (decrypted_buffer, 1, decrypted_buffer_size, stdout);

506

405

free(decrypted_buffer);

507

} else {

508

retval = -1;

509

406

}

510

407

}

511

408

409

free(buffer);

410

512

411

//shutdown procedure

513

514

if(debug){

515

fprintf(stderr, "Closing TLS session\n");

516

}

517

518

free(buffer);

519

412

gnutls_bye (es.session, GNUTLS_SHUT_RDWR);

520

413

exit:

521

414

close(tcp_sd);

530

423

531

424

static void resolve_callback(

532

425

AvahiSServiceResolver *r,

533

AvahiIfIndex interface,

426

AVAHI_GCC_UNUSED AvahiIfIndex interface,

534

427

AVAHI_GCC_UNUSED AvahiProtocol protocol,

535

428

AvahiResolverEvent event,

536

429

const char *name,

539

432

const char *host_name,

540

433

const AvahiAddress *address,

541

434

uint16_t port,

542

AVAHI_GCC_UNUSED AvahiStringList *txt,

543

AVAHI_GCC_UNUSED AvahiLookupResultFlags flags,

435

AvahiStringList *txt,

436

AvahiLookupResultFlags flags,

544

437

AVAHI_GCC_UNUSED void* userdata) {

545

438

546

assert(r); /* Spurious warning */

547

548

/* Called whenever a service has been resolved successfully or

549

timed out */

550

551

switch (event) {

552

default:

553

case AVAHI_RESOLVER_FAILURE:

554

fprintf(stderr, "(Resolver) Failed to resolve service '%s' of"

555

" type '%s' in domain '%s': %s\n", name, type, domain,

556

avahi_strerror(avahi_server_errno(server)));

557

break;

558

559

case AVAHI_RESOLVER_FOUND:

560

{

561

char ip[AVAHI_ADDRESS_STR_MAX];

562

avahi_address_snprint(ip, sizeof(ip), address);

563

if(debug){

564

fprintf(stderr, "Mandos server \"%s\" found on %s (%s) on"

565

" port %d\n", name, host_name, ip, port);

566

}

567

int ret = start_mandos_communication(ip, port, interface);

568

if (ret == 0){

569

exit(EXIT_SUCCESS);

570

}

439

assert(r);

440

441

/* Called whenever a service has been resolved successfully or timed out */

442

443

switch (event) {

444

case AVAHI_RESOLVER_FAILURE:

445

fprintf(stderr, "(Resolver) Failed to resolve service '%s' of type '%s' in domain '%s': %s\n", name, type, domain, avahi_strerror(avahi_server_errno(server)));

446

break;

447

448

case AVAHI_RESOLVER_FOUND: {

449

char ip[AVAHI_ADDRESS_STR_MAX];

450

avahi_address_snprint(ip, sizeof(ip), address);

451

int ret = start_mandos_communcation(ip, port);

452

if (ret == 0){

453

exit(EXIT_SUCCESS);

454

} else {

455

exit(EXIT_FAILURE);

456

}

457

}

571

458

}

572

}

573

avahi_s_service_resolver_free(r);

459

avahi_s_service_resolver_free(r);

574

460

}

575

461

576

462

static void browse_callback(

585

471

void* userdata) {

586

472

587

473

AvahiServer *s = userdata;

588

assert(b); /* Spurious warning */

589

590

/* Called whenever a new services becomes available on the LAN or

591

is removed from the LAN */

592

474

assert(b);

475

476

/* Called whenever a new services becomes available on the LAN or is removed from the LAN */

477

593

478

switch (event) {

594

default:

595

case AVAHI_BROWSER_FAILURE:

596

597

fprintf(stderr, "(Browser) %s\n",

598

avahi_strerror(avahi_server_errno(server)));

599

avahi_simple_poll_quit(simple_poll);

600

return;

601

602

case AVAHI_BROWSER_NEW:

603

/* We ignore the returned resolver object. In the callback

604

function we free it. If the server is terminated before

605

the callback function is called the server will free

606

the resolver for us. */

607

608

if (!(avahi_s_service_resolver_new(s, interface, protocol, name,

609

type, domain,

610

AVAHI_PROTO_INET6, 0,

611

resolve_callback, s)))

612

fprintf(stderr, "Failed to resolve service '%s': %s\n", name,

613

avahi_strerror(avahi_server_errno(s)));

614

break;

615

616

case AVAHI_BROWSER_REMOVE:

617

break;

618

619

case AVAHI_BROWSER_ALL_FOR_NOW:

620

case AVAHI_BROWSER_CACHE_EXHAUSTED:

621

break;

479

480

case AVAHI_BROWSER_FAILURE:

481

482

fprintf(stderr, "(Browser) %s\n", avahi_strerror(avahi_server_errno(server)));

483

avahi_simple_poll_quit(simple_poll);

484

return;

485

486

case AVAHI_BROWSER_NEW:

487

/* We ignore the returned resolver object. In the callback

488

function we free it. If the server is terminated before

489

the callback function is called the server will free

490

the resolver for us. */

491

492

if (!(avahi_s_service_resolver_new(s, interface, protocol, name, type, domain, AVAHI_PROTO_INET6, 0, resolve_callback, s)))

493

fprintf(stderr, "Failed to resolve service '%s': %s\n", name, avahi_strerror(avahi_server_errno(s)));

494

495

break;

496

497

case AVAHI_BROWSER_REMOVE:

498

break;

499

500

case AVAHI_BROWSER_ALL_FOR_NOW:

501

case AVAHI_BROWSER_CACHE_EXHAUSTED:

502

break;

622

503

}

623

504

}

624

505

626

507

AvahiServerConfig config;

627

508

AvahiSServiceBrowser *sb = NULL;

628

509

int error;

629

int ret;

630

int returncode = EXIT_SUCCESS;

631

const char *interface = NULL;

632

AvahiIfIndex if_index = AVAHI_IF_UNSPEC;

633

char *connect_to = NULL;

634

635

while (true){

636

static struct option long_options[] = {

637

{"debug", no_argument, (int *)&debug, 1},

638

{"connect", required_argument, 0, 'c'},

639

{"interface", required_argument, 0, 'i'},

640

{0, 0, 0, 0} };

641

642

int option_index = 0;

643

ret = getopt_long (argc, argv, "i:", long_options,

644

&option_index);

645

646

if (ret == -1){

647

break;

648

}

649

650

switch(ret){

651

case 0:

652

break;

653

case 'i':

654

interface = optarg;

655

break;

656

case 'c':

657

connect_to = optarg;

658

break;

659

default:

660

exit(EXIT_FAILURE);

661

}

662

}

663

664

if(interface != NULL){

665

if_index = (AvahiIfIndex) if_nametoindex(interface);

666

if(if_index == 0){

667

fprintf(stderr, "No such interface: \"%s\"\n", interface);

668

exit(EXIT_FAILURE);

669

}

670

}

671

672

if(connect_to != NULL){

673

/* Connect directly, do not use Zeroconf */

674

/* (Mainly meant for debugging) */

675

char *address = strrchr(connect_to, ':');

676

if(address == NULL){

677

fprintf(stderr, "No colon in address\n");

678

exit(EXIT_FAILURE);

679

}

680

errno = 0;

681

uint16_t port = (uint16_t) strtol(address+1, NULL, 10);

682

if(errno){

683

perror("Bad port number");

684

exit(EXIT_FAILURE);

685

}

686

*address = '\0';

687

address = connect_to;

688

ret = start_mandos_communication(address, port, if_index);

689

if(ret < 0){

690

exit(EXIT_FAILURE);

691

} else {

692

exit(EXIT_SUCCESS);

693

}

694

}

695

696

if (not debug){

697

avahi_set_log_function(empty_log);

698

}

510

int ret = 1;

511

512

avahi_set_log_function(empty_log);

699

513

700

514

/* Initialize the psuedo-RNG */

701

srand((unsigned int) time(NULL));

515

srand(time(NULL));

702

516

703

517

/* Allocate main loop object */

704

518

if (!(simple_poll = avahi_simple_poll_new())) {

705

519

fprintf(stderr, "Failed to create simple poll object.\n");

706

707

goto exit;

520

goto fail;

708

521

}

709

522

710

523

/* Do not publish any local records */

714

527

config.publish_workstation = 0;

715

528

config.publish_domain = 0;

716

529

530

/* /\* Set a unicast DNS server for wide area DNS-SD *\/ */

531

/* avahi_address_parse("193.11.177.11", AVAHI_PROTO_UNSPEC, &config.wide_area_servers[0]); */

532

/* config.n_wide_area_servers = 1; */

533

/* config.enable_wide_area = 1; */

534

717

535

/* Allocate a new server */

718

server = avahi_server_new(avahi_simple_poll_get(simple_poll),

719

&config, NULL, NULL, &error);

536

server = avahi_server_new(avahi_simple_poll_get(simple_poll), &config, NULL, NULL, &error);

720

537

721

538

/* Free the configuration data */

722

539

avahi_server_config_free(&config);

723

540

724

/* Check if creating the server object succeeded */

541

/* Check wether creating the server object succeeded */

725

542

if (!server) {

726

fprintf(stderr, "Failed to create server: %s\n",

727

avahi_strerror(error));

728

returncode = EXIT_FAILURE;

729

goto exit;

543

fprintf(stderr, "Failed to create server: %s\n", avahi_strerror(error));

544

goto fail;

730

545

}

731

546

732

547

/* Create the service browser */

733

sb = avahi_s_service_browser_new(server, if_index,

734

AVAHI_PROTO_INET6,

735

"_mandos._tcp", NULL, 0,

736

browse_callback, server);

737

if (!sb) {

738

fprintf(stderr, "Failed to create service browser: %s\n",

739

avahi_strerror(avahi_server_errno(server)));

740

returncode = EXIT_FAILURE;

741

goto exit;

548

if (!(sb = avahi_s_service_browser_new(server, if_nametoindex("eth0"), AVAHI_PROTO_INET6, "_mandos._tcp", NULL, 0, browse_callback, server))) {

549

fprintf(stderr, "Failed to create service browser: %s\n", avahi_strerror(avahi_server_errno(server)));

550

goto fail;

742

551

}

743

552

744

553

/* Run the main loop */

745

746

if (debug){

747

fprintf(stderr, "Starting avahi loop search\n");

748

}

749

750

554

avahi_simple_poll_loop(simple_poll);

751

555

752

exit:

753

754

if (debug){

755

fprintf(stderr, "%s exiting\n", argv[0]);

756

}

556

ret = 0;

557

558

fail:

757

559

758

560

/* Cleanup things */

759

561

if (sb)

765

567

if (simple_poll)

766

568

avahi_simple_poll_free(simple_poll);

767

569

768

return returncode;

570

return ret;

769

571

}