1
/* -*- coding: utf-8 -*- */
3
* Mandos client - get and decrypt data from a Mandos server
4
* This file demonstrates how to use Avahi's core API, this is
5
* the embeddable mDNS stack for embedded applications.
5
* This program is partly derived from an example program for an Avahi
6
* service browser, downloaded from
7
* <http://avahi.org/browser/examples/core-browse-services.c>. This
8
* includes the following functions: "resolve_callback",
9
* "browse_callback", and parts of "main".
12
* Copyright © 2007-2008 Teddy Hogeborn & Björn Påhlsson
14
* This program is free software: you can redistribute it and/or
15
* modify it under the terms of the GNU General Public License as
16
* published by the Free Software Foundation, either version 3 of the
17
* License, or (at your option) any later version.
19
* This program is distributed in the hope that it will be useful, but
20
* WITHOUT ANY WARRANTY; without even the implied warranty of
21
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
22
* General Public License for more details.
24
* You should have received a copy of the GNU General Public License
25
* along with this program. If not, see
26
* <http://www.gnu.org/licenses/>.
28
* Contact the authors at <mandos@fukt.bsnet.se>.
7
* End user applications should *not* use this API and should use
8
* the D-Bus or C APIs, please see
9
* client-browse-services.c and glib-integration.c
11
* I repeat, you probably do *not* want to use this example.
31
/* Needed by GPGME, specifically gpgme_data_seek() */
15
This file is part of avahi.
17
avahi is free software; you can redistribute it and/or modify it
18
under the terms of the GNU Lesser General Public License as
19
published by the Free Software Foundation; either version 2.1 of the
20
License, or (at your option) any later version.
22
avahi is distributed in the hope that it will be useful, but WITHOUT
23
ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
24
or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General
25
Public License for more details.
27
You should have received a copy of the GNU Lesser General Public
28
License along with avahi; if not, write to the Free Software
29
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
32
33
#define _LARGEFILE_SOURCE
33
34
#define _FILE_OFFSET_BITS 64
35
#define _GNU_SOURCE /* TEMP_FAILURE_RETRY() */
38
37
#include <assert.h>
39
38
#include <stdlib.h>
41
40
#include <net/if.h> /* if_nametoindex */
42
#include <sys/ioctl.h> /* ioctl, ifreq, SIOCGIFFLAGS, IFF_UP,
44
#include <net/if.h> /* ioctl, ifreq, SIOCGIFFLAGS, IFF_UP,
47
42
#include <avahi-core/core.h>
48
43
#include <avahi-core/lookup.h>
177
133
if (rc != GPG_ERR_NO_ERROR){
178
134
fprintf(stderr, "bad gpgme_new: %s: %s\n",
179
135
gpgme_strsource(rc), gpgme_strerror(rc));
180
plaintext_length = -1;
184
/* Decrypt data from the cryptotext data buffer to the plaintext
139
/* Decrypt data from the FILE pointer to the plaintext data buffer */
186
140
rc = gpgme_op_decrypt(ctx, dh_crypto, dh_plain);
187
141
if (rc != GPG_ERR_NO_ERROR){
188
142
fprintf(stderr, "bad gpgme_op_decrypt: %s: %s\n",
189
143
gpgme_strsource(rc), gpgme_strerror(rc));
190
plaintext_length = -1;
195
fprintf(stderr, "Decryption of OpenPGP data succeeded\n");
199
gpgme_decrypt_result_t result;
200
result = gpgme_op_decrypt_result(ctx);
202
fprintf(stderr, "gpgme_op_decrypt_result failed\n");
204
fprintf(stderr, "Unsupported algorithm: %s\n",
205
result->unsupported_algorithm);
206
fprintf(stderr, "Wrong key usage: %d\n",
207
result->wrong_key_usage);
208
if(result->file_name != NULL){
209
fprintf(stderr, "File name: %s\n", result->file_name);
211
gpgme_recipient_t recipient;
212
recipient = result->recipients;
214
while(recipient != NULL){
215
fprintf(stderr, "Public key algorithm: %s\n",
216
gpgme_pubkey_algo_name(recipient->pubkey_algo));
217
fprintf(stderr, "Key ID: %s\n", recipient->keyid);
218
fprintf(stderr, "Secret key available: %s\n",
219
recipient->status == GPG_ERR_NO_SECKEY
221
recipient = recipient->next;
147
/* gpgme_decrypt_result_t result; */
148
/* result = gpgme_op_decrypt_result(ctx); */
149
/* fprintf(stderr, "Unsupported algorithm: %s\n", result->unsupported_algorithm); */
150
/* fprintf(stderr, "Wrong key usage: %d\n", result->wrong_key_usage); */
151
/* if(result->file_name != NULL){ */
152
/* fprintf(stderr, "File name: %s\n", result->file_name); */
154
/* gpgme_recipient_t recipient; */
155
/* recipient = result->recipients; */
157
/* while(recipient != NULL){ */
158
/* fprintf(stderr, "Public key algorithm: %s\n", */
159
/* gpgme_pubkey_algo_name(recipient->pubkey_algo)); */
160
/* fprintf(stderr, "Key ID: %s\n", recipient->keyid); */
161
/* fprintf(stderr, "Secret key available: %s\n", */
162
/* recipient->status == GPG_ERR_NO_SECKEY ? "No" : "Yes"); */
163
/* recipient = recipient->next; */
167
/* Delete the GPGME FILE pointer cryptotext data buffer */
168
gpgme_data_release(dh_crypto);
227
170
/* Seek back to the beginning of the GPGME plaintext data buffer */
228
if (gpgme_data_seek(dh_plain, (off_t) 0, SEEK_SET) == -1){
229
perror("pgpme_data_seek");
230
plaintext_length = -1;
171
gpgme_data_seek(dh_plain, 0, SEEK_SET);
236
plaintext_capacity = adjustbuffer(plaintext, (size_t)plaintext_length,
238
if (plaintext_capacity == 0){
239
perror("adjustbuffer");
240
plaintext_length = -1;
175
if (new_packet_length + BUFFER_SIZE > new_packet_capacity){
176
*new_packet = realloc(*new_packet, new_packet_capacity + BUFFER_SIZE);
177
if (*new_packet == NULL){
181
new_packet_capacity += BUFFER_SIZE;
244
ret = gpgme_data_read(dh_plain, *plaintext + plaintext_length,
184
ret = gpgme_data_read(dh_plain, *new_packet + new_packet_length, BUFFER_SIZE);
246
185
/* Print the data, if any */
187
/* If password is empty, then a incorrect error will be printed */
252
191
perror("gpgme_data_read");
253
plaintext_length = -1;
256
plaintext_length += ret;
194
new_packet_length += ret;
260
fprintf(stderr, "Decrypted password is: ");
261
for(ssize_t i = 0; i < plaintext_length; i++){
262
fprintf(stderr, "%02hhX ", (*plaintext)[i]);
264
fprintf(stderr, "\n");
269
/* Delete the GPGME cryptotext data buffer */
270
gpgme_data_release(dh_crypto);
272
/* Delete the GPGME plaintext data buffer */
197
/* Delete the GPGME plaintext data buffer */
273
198
gpgme_data_release(dh_plain);
274
return plaintext_length;
199
return new_packet_length;
277
202
static const char * safer_gnutls_strerror (int value) {
284
/* GnuTLS log function callback */
285
static void debuggnutls(__attribute__((unused)) int level,
287
fprintf(stderr, "GnuTLS: %s", string);
209
void debuggnutls(int level, const char* string){
210
fprintf(stderr, "%s", string);
290
static int init_gnutls_global(mandos_context *mc){
213
int initgnutls(encrypted_session *es){
294
fprintf(stderr, "Initializing GnuTLS\n");
297
217
if ((ret = gnutls_global_init ())
298
218
!= GNUTLS_E_SUCCESS) {
299
fprintf (stderr, "GnuTLS global_init: %s\n",
300
safer_gnutls_strerror(ret));
219
fprintf (stderr, "global_init: %s\n", safer_gnutls_strerror(ret));
305
/* "Use a log level over 10 to enable all debugging options."
308
gnutls_global_set_log_level(11);
309
gnutls_global_set_log_function(debuggnutls);
312
/* OpenPGP credentials */
313
if ((ret = gnutls_certificate_allocate_credentials (&mc->cred))
223
/* Uncomment to enable full debuggin on the gnutls library */
224
/* gnutls_global_set_log_level(11); */
225
/* gnutls_global_set_log_function(debuggnutls); */
228
/* openpgp credentials */
229
if ((ret = gnutls_certificate_allocate_credentials (&es->cred))
314
230
!= GNUTLS_E_SUCCESS) {
315
fprintf (stderr, "GnuTLS memory error: %s\n",
316
safer_gnutls_strerror(ret));
231
fprintf (stderr, "memory error: %s\n", safer_gnutls_strerror(ret));
321
fprintf(stderr, "Attempting to use OpenPGP certificate %s"
322
" and keyfile %s as GnuTLS credentials\n", pubkeyfile,
326
235
ret = gnutls_certificate_set_openpgp_key_file
327
(mc->cred, pubkeyfile, seckeyfile, GNUTLS_OPENPGP_FMT_BASE64);
328
if (ret != GNUTLS_E_SUCCESS) {
330
"Error[%d] while reading the OpenPGP key pair ('%s',"
331
" '%s')\n", ret, pubkeyfile, seckeyfile);
332
fprintf(stdout, "The GnuTLS error is: %s\n",
333
safer_gnutls_strerror(ret));
337
/* GnuTLS server initialization */
338
ret = gnutls_dh_params_init(&mc->dh_params);
339
if (ret != GNUTLS_E_SUCCESS) {
340
fprintf (stderr, "Error in GnuTLS DH parameter initialization:"
341
" %s\n", safer_gnutls_strerror(ret));
344
ret = gnutls_dh_params_generate2(mc->dh_params, mc->dh_bits);
345
if (ret != GNUTLS_E_SUCCESS) {
346
fprintf (stderr, "Error in GnuTLS prime generation: %s\n",
347
safer_gnutls_strerror(ret));
351
gnutls_certificate_set_dh_params(mc->cred, mc->dh_params);
356
static int init_gnutls_session(mandos_context *mc, gnutls_session_t *session){
358
/* GnuTLS session creation */
359
ret = gnutls_init(session, GNUTLS_SERVER);
360
if (ret != GNUTLS_E_SUCCESS){
361
fprintf(stderr, "Error in GnuTLS session initialization: %s\n",
362
safer_gnutls_strerror(ret));
367
ret = gnutls_priority_set_direct(*session, mc->priority, &err);
368
if (ret != GNUTLS_E_SUCCESS) {
369
fprintf(stderr, "Syntax error at: %s\n", err);
370
fprintf(stderr, "GnuTLS error: %s\n",
371
safer_gnutls_strerror(ret));
376
ret = gnutls_credentials_set(*session, GNUTLS_CRD_CERTIFICATE,
378
if (ret != GNUTLS_E_SUCCESS) {
379
fprintf(stderr, "Error setting GnuTLS credentials: %s\n",
380
safer_gnutls_strerror(ret));
236
(es->cred, CERTFILE, KEYFILE, GNUTLS_OPENPGP_FMT_BASE64);
237
if (ret != GNUTLS_E_SUCCESS) {
239
(stderr, "Error[%d] while reading the OpenPGP key pair ('%s', '%s')\n",
240
ret, CERTFILE, KEYFILE);
241
fprintf(stdout, "The Error is: %s\n",
242
safer_gnutls_strerror(ret));
246
//Gnutls server initialization
247
if ((ret = gnutls_dh_params_init (&es->dh_params))
248
!= GNUTLS_E_SUCCESS) {
249
fprintf (stderr, "Error in dh parameter initialization: %s\n",
250
safer_gnutls_strerror(ret));
254
if ((ret = gnutls_dh_params_generate2 (es->dh_params, DH_BITS))
255
!= GNUTLS_E_SUCCESS) {
256
fprintf (stderr, "Error in prime generation: %s\n",
257
safer_gnutls_strerror(ret));
261
gnutls_certificate_set_dh_params (es->cred, es->dh_params);
263
// Gnutls session creation
264
if ((ret = gnutls_init (&es->session, GNUTLS_SERVER))
265
!= GNUTLS_E_SUCCESS){
266
fprintf(stderr, "Error in gnutls session initialization: %s\n",
267
safer_gnutls_strerror(ret));
270
if ((ret = gnutls_priority_set_direct (es->session, "NORMAL", &err))
271
!= GNUTLS_E_SUCCESS) {
272
fprintf(stderr, "Syntax error at: %s\n", err);
273
fprintf(stderr, "Gnutls error: %s\n",
274
safer_gnutls_strerror(ret));
278
if ((ret = gnutls_credentials_set
279
(es->session, GNUTLS_CRD_CERTIFICATE, es->cred))
280
!= GNUTLS_E_SUCCESS) {
281
fprintf(stderr, "Error setting a credentials set: %s\n",
282
safer_gnutls_strerror(ret));
384
286
/* ignore client certificate if any. */
385
gnutls_certificate_server_set_request (*session,
287
gnutls_certificate_server_set_request (es->session, GNUTLS_CERT_IGNORE);
388
gnutls_dh_set_prime_bits (*session, mc->dh_bits);
289
gnutls_dh_set_prime_bits (es->session, DH_BITS);
393
/* Avahi log function callback */
394
static void empty_log(__attribute__((unused)) AvahiLogLevel level,
395
__attribute__((unused)) const char *txt){}
294
void empty_log(AvahiLogLevel level, const char *txt){}
397
/* Called when a Mandos server is found */
398
static int start_mandos_communication(const char *ip, uint16_t port,
399
AvahiIfIndex if_index,
296
int start_mandos_communcation(char *ip, uint16_t port){
402
298
struct sockaddr_in6 to;
299
struct in6_addr ip_addr;
300
encrypted_session es;
403
301
char *buffer = NULL;
404
302
char *decrypted_buffer;
405
303
size_t buffer_length = 0;
406
304
size_t buffer_capacity = 0;
407
305
ssize_t decrypted_buffer_size;
410
char interface[IF_NAMESIZE];
411
gnutls_session_t session;
412
gnutls_dh_params_t dh_params;
414
ret = init_gnutls_session (mc, &session);
420
fprintf(stderr, "Setting up a tcp connection to %s, port %d\n",
424
309
tcp_sd = socket(PF_INET6, SOCK_STREAM, 0);
426
311
perror("socket");
431
if(if_indextoname((unsigned int)if_index, interface) == NULL){
432
perror("if_indextoname");
435
fprintf(stderr, "Binding to interface %s\n", interface);
315
ret = setsockopt(tcp_sd, SOL_SOCKET, SO_BINDTODEVICE, "eth0", 5);
317
perror("setsockopt bindtodevice");
438
memset(&to,0,sizeof(to)); /* Spurious warning */
321
memset(&to,0,sizeof(to));
439
322
to.sin6_family = AF_INET6;
440
/* It would be nice to have a way to detect if we were passed an
441
IPv4 address here. Now we assume an IPv6 address. */
442
ret = inet_pton(AF_INET6, ip, &to.sin6_addr);
323
ret = inet_pton(AF_INET6, ip, &ip_addr);
444
325
perror("inet_pton");
448
329
fprintf(stderr, "Bad address: %s\n", ip);
451
to.sin6_port = htons(port); /* Spurious warning */
453
to.sin6_scope_id = (uint32_t)if_index;
456
fprintf(stderr, "Connection to: %s, port %d\n", ip, port);
457
char addrstr[INET6_ADDRSTRLEN] = "";
458
if(inet_ntop(to.sin6_family, &(to.sin6_addr), addrstr,
459
sizeof(addrstr)) == NULL){
462
if(strcmp(addrstr, ip) != 0){
463
fprintf(stderr, "Canonical address form: %s\n", addrstr);
332
to.sin6_port = htons(port);
333
to.sin6_scope_id = if_nametoindex("eth0");
468
335
ret = connect(tcp_sd, (struct sockaddr *) &to, sizeof(to));
470
337
perror("connect");
341
ret = initgnutls (&es);
348
gnutls_transport_set_ptr (es.session, (gnutls_transport_ptr_t) tcp_sd);
474
const char *out = mandos_protocol_version;
477
size_t out_size = strlen(out);
478
ret = TEMP_FAILURE_RETRY(write(tcp_sd, out + written,
479
out_size - written));
485
written += (size_t)ret;
486
if(written < out_size){
489
if (out == mandos_protocol_version){
499
fprintf(stderr, "Establishing TLS session with %s\n", ip);
502
gnutls_transport_set_ptr (session, (gnutls_transport_ptr_t) tcp_sd);
504
ret = gnutls_handshake (session);
350
ret = gnutls_handshake (es.session);
506
352
if (ret != GNUTLS_E_SUCCESS){
508
fprintf(stderr, "*** GnuTLS Handshake failed ***\n");
353
fprintf(stderr, "\n*** Handshake failed ***\n");
515
/* Read OpenPGP packet that contains the wanted password */
518
fprintf(stderr, "Retrieving pgp encrypted password from %s\n",
523
buffer_capacity = adjustbuffer(&buffer, buffer_length, buffer_capacity);
524
if (buffer_capacity == 0){
525
perror("adjustbuffer");
361
if (buffer_length + BUFFER_SIZE > buffer_capacity){
362
buffer = realloc(buffer, buffer_capacity + BUFFER_SIZE);
367
buffer_capacity += BUFFER_SIZE;
530
ret = gnutls_record_recv(session, buffer+buffer_length,
370
ret = gnutls_record_recv
371
(es.session, buffer+buffer_length, BUFFER_SIZE);
538
378
case GNUTLS_E_AGAIN:
540
380
case GNUTLS_E_REHANDSHAKE:
541
ret = gnutls_handshake (session);
381
ret = gnutls_handshake (es.session);
543
fprintf(stderr, "*** GnuTLS Re-handshake failed ***\n");
383
fprintf(stderr, "\n*** Handshake failed ***\n");
544
384
gnutls_perror (ret);
550
fprintf(stderr, "Unknown error while reading data from"
551
" encrypted session with Mandos server\n");
390
fprintf(stderr, "Unknown error while reading data from encrypted session with mandos server\n");
553
gnutls_bye (session, GNUTLS_SHUT_RDWR);
392
gnutls_bye (es.session, GNUTLS_SHUT_RDWR);
557
buffer_length += (size_t) ret;
396
buffer_length += ret;
562
fprintf(stderr, "Closing TLS session\n");
565
gnutls_bye (session, GNUTLS_SHUT_RDWR);
567
400
if (buffer_length > 0){
568
decrypted_buffer_size = pgp_packet_decrypt(buffer,
572
if (decrypted_buffer_size >= 0){
574
while(written < (size_t) decrypted_buffer_size){
575
ret = (int)fwrite (decrypted_buffer + written, 1,
576
(size_t)decrypted_buffer_size - written,
578
if(ret == 0 and ferror(stdout)){
580
fprintf(stderr, "Error writing encrypted data: %s\n",
586
written += (size_t)ret;
401
if ((decrypted_buffer_size = gpg_packet_decrypt(buffer, buffer_length, &decrypted_buffer, CERT_ROOT)) == 0){
404
fwrite (decrypted_buffer, 1, decrypted_buffer_size, stdout);
588
405
free(decrypted_buffer);
594
/* Shutdown procedure */
412
gnutls_bye (es.session, GNUTLS_SHUT_RDWR);
599
gnutls_deinit (session);
600
gnutls_certificate_free_credentials (mc->cred);
415
gnutls_deinit (es.session);
416
gnutls_certificate_free_credentials (es.cred);
601
417
gnutls_global_deinit ();
605
static void resolve_callback(AvahiSServiceResolver *r,
606
AvahiIfIndex interface,
607
AVAHI_GCC_UNUSED AvahiProtocol protocol,
608
AvahiResolverEvent event,
612
const char *host_name,
613
const AvahiAddress *address,
615
AVAHI_GCC_UNUSED AvahiStringList *txt,
616
AVAHI_GCC_UNUSED AvahiLookupResultFlags
619
mandos_context *mc = userdata;
620
assert(r); /* Spurious warning */
622
/* Called whenever a service has been resolved successfully or
627
case AVAHI_RESOLVER_FAILURE:
628
fprintf(stderr, "(Avahi Resolver) Failed to resolve service '%s'"
629
" of type '%s' in domain '%s': %s\n", name, type, domain,
630
avahi_strerror(avahi_server_errno(mc->server)));
633
case AVAHI_RESOLVER_FOUND:
635
char ip[AVAHI_ADDRESS_STR_MAX];
636
avahi_address_snprint(ip, sizeof(ip), address);
638
fprintf(stderr, "Mandos server \"%s\" found on %s (%s, %d) on"
639
" port %d\n", name, host_name, ip, interface, port);
641
int ret = start_mandos_communication(ip, port, interface, mc);
647
avahi_s_service_resolver_free(r);
650
static void browse_callback( AvahiSServiceBrowser *b,
651
AvahiIfIndex interface,
652
AvahiProtocol protocol,
653
AvahiBrowserEvent event,
657
AVAHI_GCC_UNUSED AvahiLookupResultFlags
660
mandos_context *mc = userdata;
661
assert(b); /* Spurious warning */
663
/* Called whenever a new services becomes available on the LAN or
664
is removed from the LAN */
668
case AVAHI_BROWSER_FAILURE:
670
fprintf(stderr, "(Avahi browser) %s\n",
671
avahi_strerror(avahi_server_errno(mc->server)));
672
avahi_simple_poll_quit(mc->simple_poll);
675
case AVAHI_BROWSER_NEW:
676
/* We ignore the returned Avahi resolver object. In the callback
677
function we free it. If the Avahi server is terminated before
678
the callback function is called the Avahi server will free the
681
if (!(avahi_s_service_resolver_new(mc->server, interface,
682
protocol, name, type, domain,
683
AVAHI_PROTO_INET6, 0,
684
resolve_callback, mc)))
685
fprintf(stderr, "Avahi: Failed to resolve service '%s': %s\n",
686
name, avahi_strerror(avahi_server_errno(mc->server)));
689
case AVAHI_BROWSER_REMOVE:
692
case AVAHI_BROWSER_ALL_FOR_NOW:
693
case AVAHI_BROWSER_CACHE_EXHAUSTED:
695
fprintf(stderr, "No Mandos server found, still searching...\n");
701
/* Combines file name and path and returns the malloced new
702
string. some sane checks could/should be added */
703
static const char *combinepath(const char *first, const char *second){
704
size_t f_len = strlen(first);
705
size_t s_len = strlen(second);
706
char *tmp = malloc(f_len + s_len + 2);
711
memcpy(tmp, first, f_len); /* Spurious warning */
715
memcpy(tmp + f_len + 1, second, s_len); /* Spurious warning */
717
tmp[f_len + 1 + s_len] = '\0';
722
int main(int argc, char *argv[]){
421
static AvahiSimplePoll *simple_poll = NULL;
422
static AvahiServer *server = NULL;
424
static void resolve_callback(
425
AvahiSServiceResolver *r,
426
AVAHI_GCC_UNUSED AvahiIfIndex interface,
427
AVAHI_GCC_UNUSED AvahiProtocol protocol,
428
AvahiResolverEvent event,
432
const char *host_name,
433
const AvahiAddress *address,
435
AvahiStringList *txt,
436
AvahiLookupResultFlags flags,
437
AVAHI_GCC_UNUSED void* userdata) {
441
/* Called whenever a service has been resolved successfully or timed out */
444
case AVAHI_RESOLVER_FAILURE:
445
fprintf(stderr, "(Resolver) Failed to resolve service '%s' of type '%s' in domain '%s': %s\n", name, type, domain, avahi_strerror(avahi_server_errno(server)));
448
case AVAHI_RESOLVER_FOUND: {
449
char ip[AVAHI_ADDRESS_STR_MAX];
450
avahi_address_snprint(ip, sizeof(ip), address);
451
int ret = start_mandos_communcation(ip, port);
459
avahi_s_service_resolver_free(r);
462
static void browse_callback(
463
AvahiSServiceBrowser *b,
464
AvahiIfIndex interface,
465
AvahiProtocol protocol,
466
AvahiBrowserEvent event,
470
AVAHI_GCC_UNUSED AvahiLookupResultFlags flags,
473
AvahiServer *s = userdata;
476
/* Called whenever a new services becomes available on the LAN or is removed from the LAN */
480
case AVAHI_BROWSER_FAILURE:
482
fprintf(stderr, "(Browser) %s\n", avahi_strerror(avahi_server_errno(server)));
483
avahi_simple_poll_quit(simple_poll);
486
case AVAHI_BROWSER_NEW:
487
/* We ignore the returned resolver object. In the callback
488
function we free it. If the server is terminated before
489
the callback function is called the server will free
490
the resolver for us. */
492
if (!(avahi_s_service_resolver_new(s, interface, protocol, name, type, domain, AVAHI_PROTO_INET6, 0, resolve_callback, s)))
493
fprintf(stderr, "Failed to resolve service '%s': %s\n", name, avahi_strerror(avahi_server_errno(s)));
497
case AVAHI_BROWSER_REMOVE:
500
case AVAHI_BROWSER_ALL_FOR_NOW:
501
case AVAHI_BROWSER_CACHE_EXHAUSTED:
506
int main(AVAHI_GCC_UNUSED int argc, AVAHI_GCC_UNUSED char*argv[]) {
507
AvahiServerConfig config;
723
508
AvahiSServiceBrowser *sb = NULL;
726
int exitcode = EXIT_SUCCESS;
727
const char *interface = "eth0";
728
struct ifreq network;
732
char *connect_to = NULL;
733
AvahiIfIndex if_index = AVAHI_IF_UNSPEC;
734
mandos_context mc = { .simple_poll = NULL, .server = NULL,
735
.dh_bits = 1024, .priority = "SECURE256"};
738
/* Temporary int to get the address of for getopt_long */
739
int debug_int = debug ? 1 : 0;
741
struct option long_options[] = {
742
{"debug", no_argument, &debug_int, 1},
743
{"connect", required_argument, NULL, 'c'},
744
{"interface", required_argument, NULL, 'i'},
745
{"keydir", required_argument, NULL, 'd'},
746
{"seckey", required_argument, NULL, 's'},
747
{"pubkey", required_argument, NULL, 'p'},
748
{"dh-bits", required_argument, NULL, 'D'},
749
{"priority", required_argument, NULL, 'P'},
752
int option_index = 0;
753
ret = getopt_long (argc, argv, "i:", long_options,
780
mc.dh_bits = (unsigned int) strtol(optarg, NULL, 10);
787
mc.priority = optarg;
791
/* getopt_long() has already printed a message about the
792
unrcognized option, so just exit. */
796
/* Set the global debug flag from the temporary int */
797
debug = debug_int ? true : false;
800
pubkeyfile = combinepath(keydir, pubkeyfile);
801
if (pubkeyfile == NULL){
802
perror("combinepath");
803
exitcode = EXIT_FAILURE;
807
seckeyfile = combinepath(keydir, seckeyfile);
808
if (seckeyfile == NULL){
809
perror("combinepath");
813
ret = init_gnutls_global(&mc);
815
fprintf(stderr, "init_gnutls_global\n");
832
if_index = (AvahiIfIndex) if_nametoindex(interface);
834
fprintf(stderr, "No such interface: \"%s\"\n", interface);
838
if(connect_to != NULL){
839
/* Connect directly, do not use Zeroconf */
840
/* (Mainly meant for debugging) */
841
char *address = strrchr(connect_to, ':');
843
fprintf(stderr, "No colon in address\n");
844
exitcode = EXIT_FAILURE;
848
uint16_t port = (uint16_t) strtol(address+1, NULL, 10);
850
perror("Bad port number");
851
exitcode = EXIT_FAILURE;
855
address = connect_to;
856
ret = start_mandos_communication(address, port, if_index, &mc);
858
exitcode = EXIT_FAILURE;
860
exitcode = EXIT_SUCCESS;
865
/* If the interface is down, bring it up */
867
sd = socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP);
870
exitcode = EXIT_FAILURE;
873
strcpy(network.ifr_name, interface); /* Spurious warning */
874
ret = ioctl(sd, SIOCGIFFLAGS, &network);
876
perror("ioctl SIOCGIFFLAGS");
877
exitcode = EXIT_FAILURE;
880
if((network.ifr_flags & IFF_UP) == 0){
881
network.ifr_flags |= IFF_UP;
882
ret = ioctl(sd, SIOCSIFFLAGS, &network);
884
perror("ioctl SIOCSIFFLAGS");
885
exitcode = EXIT_FAILURE;
893
avahi_set_log_function(empty_log);
896
/* Initialize the pseudo-RNG for Avahi */
897
srand((unsigned int) time(NULL));
899
/* Allocate main Avahi loop object */
900
mc.simple_poll = avahi_simple_poll_new();
901
if (mc.simple_poll == NULL) {
902
fprintf(stderr, "Avahi: Failed to create simple poll"
904
exitcode = EXIT_FAILURE;
909
AvahiServerConfig config;
910
/* Do not publish any local Zeroconf records */
911
avahi_server_config_init(&config);
912
config.publish_hinfo = 0;
913
config.publish_addresses = 0;
914
config.publish_workstation = 0;
915
config.publish_domain = 0;
917
/* Allocate a new server */
918
mc.server = avahi_server_new(avahi_simple_poll_get
919
(mc.simple_poll), &config, NULL,
922
/* Free the Avahi configuration data */
923
avahi_server_config_free(&config);
926
/* Check if creating the Avahi server object succeeded */
927
if (mc.server == NULL) {
928
fprintf(stderr, "Failed to create Avahi server: %s\n",
929
avahi_strerror(error));
930
exitcode = EXIT_FAILURE;
934
/* Create the Avahi service browser */
935
sb = avahi_s_service_browser_new(mc.server, if_index,
937
"_mandos._tcp", NULL, 0,
938
browse_callback, &mc);
940
fprintf(stderr, "Failed to create service browser: %s\n",
941
avahi_strerror(avahi_server_errno(mc.server)));
942
exitcode = EXIT_FAILURE;
512
avahi_set_log_function(empty_log);
514
/* Initialize the psuedo-RNG */
517
/* Allocate main loop object */
518
if (!(simple_poll = avahi_simple_poll_new())) {
519
fprintf(stderr, "Failed to create simple poll object.\n");
523
/* Do not publish any local records */
524
avahi_server_config_init(&config);
525
config.publish_hinfo = 0;
526
config.publish_addresses = 0;
527
config.publish_workstation = 0;
528
config.publish_domain = 0;
530
/* /\* Set a unicast DNS server for wide area DNS-SD *\/ */
531
/* avahi_address_parse("193.11.177.11", AVAHI_PROTO_UNSPEC, &config.wide_area_servers[0]); */
532
/* config.n_wide_area_servers = 1; */
533
/* config.enable_wide_area = 1; */
535
/* Allocate a new server */
536
server = avahi_server_new(avahi_simple_poll_get(simple_poll), &config, NULL, NULL, &error);
538
/* Free the configuration data */
539
avahi_server_config_free(&config);
541
/* Check wether creating the server object succeeded */
543
fprintf(stderr, "Failed to create server: %s\n", avahi_strerror(error));
547
/* Create the service browser */
548
if (!(sb = avahi_s_service_browser_new(server, if_nametoindex("eth0"), AVAHI_PROTO_INET6, "_mandos._tcp", NULL, 0, browse_callback, server))) {
549
fprintf(stderr, "Failed to create service browser: %s\n", avahi_strerror(avahi_server_errno(server)));
946
553
/* Run the main loop */
949
fprintf(stderr, "Starting Avahi loop search\n");
952
avahi_simple_poll_loop(mc.simple_poll);
957
fprintf(stderr, "%s exiting\n", argv[0]);
554
avahi_simple_poll_loop(simple_poll);
960
560
/* Cleanup things */
962
562
avahi_s_service_browser_free(sb);
964
if (mc.server != NULL)
965
avahi_server_free(mc.server);
967
if (mc.simple_poll != NULL)
968
avahi_simple_poll_free(mc.simple_poll);
565
avahi_server_free(server);
568
avahi_simple_poll_free(simple_poll);