/mandos/release : revision 13

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to plugins.d/mandosclient.c

Committer: Björn Påhlsson
Date: 2008-07-20 02:52:20 UTC
Revision ID: belorn@braxen-20080720025220-r5u0388uy9iu23h6

Added following support:
Pluginbased client handler
rewritten Mandos client
Avahi instead of udp server discovery
openpgp encrypted key support
Passprompt stand alone application for direct console input
Added logging for Mandos server

files added:
ca.pem

cert.pem

client-cert.pem

client-key.pem

crl.pem

key.pem

plugins.d/Makefile

files removed:
mandos-client.xml

mandos-clients.conf.xml

mandos.conf

mandos.conf.xml

mandos.xml

network-protocol.txt

plugins.d/password-prompt.xml

plugins.d/password-request.xml

files renamed:
clients.conf => mandos-clients.conf

mandos-client.c => plugbasedclient.c

plugins.d/password-request.c => plugins.d/mandosclient.c

plugins.d/password-prompt.c => plugins.d/passprompt.c

mandos => server.py

files modified:
Makefile

TODO

Show diffs side-by-side

added added

removed removed

plugins.d/mandosclient.c

/* -*- coding: utf-8 -*- */

* Mandos client - get and decrypt data from a Mandos server

/* $Id$ */

/* PLEASE NOTE *

* This file demonstrates how to use Avahi's core API, this is

* the embeddable mDNS stack for embedded applications.

* This program is partly derived from an example program for an Avahi

* service browser, downloaded from

* <http://avahi.org/browser/examples/core-browse-services.c>. This

* includes the following functions: "resolve_callback",

* "browse_callback", and parts of "main".

* Everything else is

* This program is free software: you can redistribute it and/or

* modify it under the terms of the GNU General Public License as

* published by the Free Software Foundation, either version 3 of the

* License, or (at your option) any later version.

* This program is distributed in the hope that it will be useful, but

* WITHOUT ANY WARRANTY; without even the implied warranty of

* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU

* General Public License for more details.

* You should have received a copy of the GNU General Public License

* along with this program. If not, see

* <http://www.gnu.org/licenses/>.

* Contact the authors at <mandos@fukt.bsnet.se>.

* End user applications should *not* use this API and should use

* the D-Bus or C APIs, please see

* client-browse-services.c and glib-integration.c

* I repeat, you probably do *not* want to use this example.

/* Needed by GPGME, specifically gpgme_data_seek() */

/***

This file is part of avahi.

avahi is free software; you can redistribute it and/or modify it

under the terms of the GNU Lesser General Public License as

published by the Free Software Foundation; either version 2.1 of the

License, or (at your option) any later version.

avahi is distributed in the hope that it will be useful, but WITHOUT

ANY WARRANTY; without even the implied warranty of MERCHANTABILITY

or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General

Public License for more details.

You should have received a copy of the GNU Lesser General Public

License along with avahi; if not, write to the Free Software

Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307

USA.

***/

#define _LARGEFILE_SOURCE

#define _FILE_OFFSET_BITS 64

#define _GNU_SOURCE /* TEMP_FAILURE_RETRY() */

#include <stdio.h> /* fprintf(), stderr, fwrite(), stdout,

ferror() */

#include <stdint.h> /* uint16_t, uint32_t */

#include <stddef.h> /* NULL, size_t, ssize_t */

#include <stdlib.h> /* free(), EXIT_SUCCESS, EXIT_FAILURE,

srand() */

#include <stdbool.h> /* bool, true */

#include <string.h> /* memset(), strcmp(), strlen(),

strerror(), memcpy(), strcpy() */

#include <sys/ioctl.h> /* ioctl */

#include <net/if.h> /* ifreq, SIOCGIFFLAGS, SIOCSIFFLAGS,

IFF_UP */

#include <sys/types.h> /* socket(), inet_pton(), sockaddr,

sockaddr_in6, PF_INET6,

SOCK_STREAM, INET6_ADDRSTRLEN,

uid_t, gid_t */

#include <inttypes.h> /* PRIu16 */

#include <sys/socket.h> /* socket(), struct sockaddr_in6,

struct in6_addr, inet_pton(),

connect() */

#include <assert.h> /* assert() */

#include <errno.h> /* perror(), errno */

#include <time.h> /* time() */

#include <net/if.h> /* ioctl, ifreq, SIOCGIFFLAGS, IFF_UP,

SIOCSIFFLAGS, if_indextoname(),

if_nametoindex(), IF_NAMESIZE */

#include <unistd.h> /* close(), SEEK_SET, off_t, write(),

getuid(), getgid(), setuid(),

setgid() */

#include <netinet/in.h>

#include <arpa/inet.h> /* inet_pton(), htons */

#include <iso646.h> /* not, and */

#include <argp.h> /* struct argp_option, error_t, struct

argp_state, struct argp,

argp_parse(), ARGP_KEY_ARG,

ARGP_KEY_END, ARGP_ERR_UNKNOWN */

/* Avahi */

/* All Avahi types, constants and functions

Avahi*, avahi_*,

AVAHI_* */

#include <stdio.h>

#include <assert.h>

#include <stdlib.h>

#include <time.h>

#include <net/if.h> /* if_nametoindex */

#include <avahi-core/core.h>

#include <avahi-core/lookup.h>

#include <avahi-core/log.h>

#include <avahi-common/malloc.h>

#include <avahi-common/error.h>

/* GnuTLS */

#include <gnutls/gnutls.h> /* All GnuTLS types, constants and functions

gnutls_*

init_gnutls_session(),

GNUTLS_* */

#include <gnutls/openpgp.h> /* gnutls_certificate_set_openpgp_key_file(),

GNUTLS_OPENPGP_FMT_BASE64 */

/* GPGME */

#include <gpgme.h> /* All GPGME types, constants and functions

gpgme_*

GPGME_PROTOCOL_OpenPGP,

GPG_ERR_NO_* */

//mandos client part

#include <sys/types.h> /* socket(), setsockopt(), inet_pton() */

#include <sys/socket.h> /* socket(), setsockopt(), struct sockaddr_in6, struct in6_addr, inet_pton() */

#include <gnutls/gnutls.h> /* ALL GNUTLS STUFF */

#include <gnutls/openpgp.h> /* gnutls with openpgp stuff */

#include <unistd.h> /* close() */

#include <netinet/in.h>

#include <stdbool.h> /* true */

#include <string.h> /* memset */

#include <arpa/inet.h> /* inet_pton() */

#include <iso646.h> /* not */

// gpgme

#include <errno.h> /* perror() */

#include <gpgme.h>

#ifndef CERT_ROOT

#define CERT_ROOT "/conf/conf.d/cryptkeyreq/"

#endif

#define CERTFILE CERT_ROOT "openpgp-client.txt"

#define KEYFILE CERT_ROOT "openpgp-client-key.txt"

#define BUFFER_SIZE 256

100

101

bool debug = false;

102

static const char *keydir = "/conf/conf.d/mandos";

103

static const char mandos_protocol_version[] = "1";

104

const char *argp_program_version = "password-request 1.0";

105

const char *argp_program_bug_address = "<mandos@fukt.bsnet.se>";

106

107

/* Used for passing in values through the Avahi callback functions */

#define DH_BITS 1024

108

typedef struct {

109

AvahiSimplePoll *simple_poll;

110

AvahiServer *server;

gnutls_session_t session;

111

gnutls_certificate_credentials_t cred;

112

unsigned int dh_bits;

113

gnutls_dh_params_t dh_params;

114

const char *priority;

115

} mandos_context;

116

117

118

* Make room in "buffer" for at least BUFFER_SIZE additional bytes.

119

* "buffer_capacity" is how much is currently allocated,

120

* "buffer_length" is how much is already used.

121

122

size_t adjustbuffer(char **buffer, size_t buffer_length,

123

size_t buffer_capacity){

124

if (buffer_length + BUFFER_SIZE > buffer_capacity){

125

*buffer = realloc(*buffer, buffer_capacity + BUFFER_SIZE);

126

if (buffer == NULL){

127

return 0;

128

}

129

buffer_capacity += BUFFER_SIZE;

130

}

131

return buffer_capacity;

132

}

133

134

135

* Decrypt OpenPGP data using keyrings in HOMEDIR.

136

* Returns -1 on error

137

138

static ssize_t pgp_packet_decrypt (const char *cryptotext,

139

size_t crypto_size,

140

char **plaintext,

141

const char *homedir){

} encrypted_session;

ssize_t gpg_packet_decrypt (char *packet, size_t packet_size, char **new_packet, char *homedir){

142

gpgme_data_t dh_crypto, dh_plain;

143

gpgme_ctx_t ctx;

144

gpgme_error_t rc;

145

ssize_t ret;

146

size_t plaintext_capacity = 0;

147

ssize_t plaintext_length = 0;

size_t new_packet_capacity = 0;

size_t new_packet_length = 0;

148

gpgme_engine_info_t engine_info;

149

150

if (debug){

151

fprintf(stderr, "Trying to decrypt OpenPGP data\n");

152

}

153

154

/* Init GPGME */

155

gpgme_check_version(NULL);

156

rc = gpgme_engine_check_version(GPGME_PROTOCOL_OpenPGP);

157

if (rc != GPG_ERR_NO_ERROR){

158

fprintf(stderr, "bad gpgme_engine_check_version: %s: %s\n",

159

gpgme_strsource(rc), gpgme_strerror(rc));

160

return -1;

161

}

gpgme_engine_check_version(GPGME_PROTOCOL_OpenPGP);

162

163

/* Set GPGME home directory for the OpenPGP engine only */

/* Set GPGME home directory */

164

rc = gpgme_get_engine_info (&engine_info);

165

if (rc != GPG_ERR_NO_ERROR){

166

fprintf(stderr, "bad gpgme_get_engine_info: %s: %s\n",

176

108

engine_info = engine_info->next;

177

109

}

178

110

if(engine_info == NULL){

179

fprintf(stderr, "Could not set GPGME home dir to %s\n", homedir);

111

fprintf(stderr, "Could not set home dir to %s\n", homedir);

180

112

return -1;

181

113

}

182

114

183

/* Create new GPGME data buffer from memory cryptotext */

184

rc = gpgme_data_new_from_mem(&dh_crypto, cryptotext, crypto_size,

185

0);

115

/* Create new GPGME data buffer from packet buffer */

116

rc = gpgme_data_new_from_mem(&dh_crypto, packet, packet_size, 0);

186

117

if (rc != GPG_ERR_NO_ERROR){

187

118

fprintf(stderr, "bad gpgme_data_new_from_mem: %s: %s\n",

188

119

gpgme_strsource(rc), gpgme_strerror(rc));

194

125

if (rc != GPG_ERR_NO_ERROR){

195

126

fprintf(stderr, "bad gpgme_data_new: %s: %s\n",

196

127

gpgme_strsource(rc), gpgme_strerror(rc));

197

gpgme_data_release(dh_crypto);

198

128

return -1;

199

129

}

200

130

203

133

if (rc != GPG_ERR_NO_ERROR){

204

134

fprintf(stderr, "bad gpgme_new: %s: %s\n",

205

135

gpgme_strsource(rc), gpgme_strerror(rc));

206

plaintext_length = -1;

207

goto decrypt_end;

136

return -1;

208

137

}

209

138

210

/* Decrypt data from the cryptotext data buffer to the plaintext

211

data buffer */

139

/* Decrypt data from the FILE pointer to the plaintext data buffer */

212

140

rc = gpgme_op_decrypt(ctx, dh_crypto, dh_plain);

213

141

if (rc != GPG_ERR_NO_ERROR){

214

142

fprintf(stderr, "bad gpgme_op_decrypt: %s: %s\n",

215

143

gpgme_strsource(rc), gpgme_strerror(rc));

216

plaintext_length = -1;

217

goto decrypt_end;

218

}

219

220

if(debug){

221

fprintf(stderr, "Decryption of OpenPGP data succeeded\n");

222

}

223

224

if (debug){

225

gpgme_decrypt_result_t result;

226

result = gpgme_op_decrypt_result(ctx);

227

if (result == NULL){

228

fprintf(stderr, "gpgme_op_decrypt_result failed\n");

229

} else {

230

fprintf(stderr, "Unsupported algorithm: %s\n",

231

result->unsupported_algorithm);

232

fprintf(stderr, "Wrong key usage: %u\n",

233

result->wrong_key_usage);

234

if(result->file_name != NULL){

235

fprintf(stderr, "File name: %s\n", result->file_name);

236

}

237

gpgme_recipient_t recipient;

238

recipient = result->recipients;

239

if(recipient){

240

while(recipient != NULL){

241

fprintf(stderr, "Public key algorithm: %s\n",

242

gpgme_pubkey_algo_name(recipient->pubkey_algo));

243

fprintf(stderr, "Key ID: %s\n", recipient->keyid);

244

fprintf(stderr, "Secret key available: %s\n",

245

recipient->status == GPG_ERR_NO_SECKEY

246

? "No" : "Yes");

247

recipient = recipient->next;

248

}

249

}

250

}

251

}

144

return -1;

145

}

146

147

/* gpgme_decrypt_result_t result; */

148

/* result = gpgme_op_decrypt_result(ctx); */

149

/* fprintf(stderr, "Unsupported algorithm: %s\n", result->unsupported_algorithm); */

150

/* fprintf(stderr, "Wrong key usage: %d\n", result->wrong_key_usage); */

151

/* if(result->file_name != NULL){ */

152

/* fprintf(stderr, "File name: %s\n", result->file_name); */

153

/* } */

154

/* gpgme_recipient_t recipient; */

155

/* recipient = result->recipients; */

156

/* if(recipient){ */

157

/* while(recipient != NULL){ */

158

/* fprintf(stderr, "Public key algorithm: %s\n", */

159

/* gpgme_pubkey_algo_name(recipient->pubkey_algo)); */

160

/* fprintf(stderr, "Key ID: %s\n", recipient->keyid); */

161

/* fprintf(stderr, "Secret key available: %s\n", */

162

/* recipient->status == GPG_ERR_NO_SECKEY ? "No" : "Yes"); */

163

/* recipient = recipient->next; */

164

/* } */

165

/* } */

166

167

/* Delete the GPGME FILE pointer cryptotext data buffer */

168

gpgme_data_release(dh_crypto);

252

169

253

170

/* Seek back to the beginning of the GPGME plaintext data buffer */

254

if (gpgme_data_seek(dh_plain, (off_t) 0, SEEK_SET) == -1){

255

perror("pgpme_data_seek");

256

plaintext_length = -1;

257

goto decrypt_end;

258

}

259

260

*plaintext = NULL;

171

gpgme_data_seek(dh_plain, 0, SEEK_SET);

172

173

*new_packet = 0;

261

174

while(true){

262

plaintext_capacity = adjustbuffer(plaintext,

263

(size_t)plaintext_length,

264

plaintext_capacity);

265

if (plaintext_capacity == 0){

266

perror("adjustbuffer");

267

plaintext_length = -1;

268

goto decrypt_end;

175

if (new_packet_length + BUFFER_SIZE > new_packet_capacity){

176

*new_packet = realloc(*new_packet, new_packet_capacity + BUFFER_SIZE);

177

if (*new_packet == NULL){

178

perror("realloc");

179

return -1;

180

}

181

new_packet_capacity += BUFFER_SIZE;

269

182

}

270

183

271

ret = gpgme_data_read(dh_plain, *plaintext + plaintext_length,

272

BUFFER_SIZE);

184

ret = gpgme_data_read(dh_plain, *new_packet + new_packet_length, BUFFER_SIZE);

273

185

/* Print the data, if any */

274

186

if (ret == 0){

275

/* EOF */

187

/* If password is empty, then a incorrect error will be printed */

276

188

break;

277

189

}

278

190

if(ret < 0){

279

191

perror("gpgme_data_read");

280

plaintext_length = -1;

281

goto decrypt_end;

192

return -1;

282

193

}

283

plaintext_length += ret;

194

new_packet_length += ret;

284

195

}

285

196

286

if(debug){

287

fprintf(stderr, "Decrypted password is: ");

288

for(ssize_t i = 0; i < plaintext_length; i++){

289

fprintf(stderr, "%02hhX ", (*plaintext)[i]);

290

}

291

fprintf(stderr, "\n");

292

}

293

294

decrypt_end:

295

296

/* Delete the GPGME cryptotext data buffer */

297

gpgme_data_release(dh_crypto);

298

299

/* Delete the GPGME plaintext data buffer */

197

/* Delete the GPGME plaintext data buffer */

300

198

gpgme_data_release(dh_plain);

301

return plaintext_length;

199

return new_packet_length;

302

200

}

303

201

304

202

static const char * safer_gnutls_strerror (int value) {

308

206

return ret;

309

207

}

310

208

311

/* GnuTLS log function callback */

312

static void debuggnutls(__attribute__((unused)) int level,

313

const char* string){

314

fprintf(stderr, "GnuTLS: %s", string);

209

void debuggnutls(int level, const char* string){

210

fprintf(stderr, "%s", string);

315

211

}

316

212

317

static int init_gnutls_global(mandos_context *mc,

318

const char *pubkeyfile,

319

const char *seckeyfile){

213

int initgnutls(encrypted_session *es){

214

const char *err;

320

215

int ret;

321

216

322

if(debug){

323

fprintf(stderr, "Initializing GnuTLS\n");

324

}

325

326

ret = gnutls_global_init();

327

if (ret != GNUTLS_E_SUCCESS) {

328

fprintf (stderr, "GnuTLS global_init: %s\n",

329

safer_gnutls_strerror(ret));

330

return -1;

331

}

332

333

if (debug){

334

/* "Use a log level over 10 to enable all debugging options."

335

* - GnuTLS manual

336

337

gnutls_global_set_log_level(11);

338

gnutls_global_set_log_function(debuggnutls);

339

}

340

341

/* OpenPGP credentials */

342

gnutls_certificate_allocate_credentials(&mc->cred);

343

if (ret != GNUTLS_E_SUCCESS){

344

fprintf (stderr, "GnuTLS memory error: %s\n",

345

safer_gnutls_strerror(ret));

346

gnutls_global_deinit ();

347

return -1;

348

}

349

350

if(debug){

351

fprintf(stderr, "Attempting to use OpenPGP certificate %s"

352

" and keyfile %s as GnuTLS credentials\n", pubkeyfile,

353

seckeyfile);

354

}

355

217

if ((ret = gnutls_global_init ())

218

!= GNUTLS_E_SUCCESS) {

219

fprintf (stderr, "global_init: %s\n", safer_gnutls_strerror(ret));

220

return -1;

221

}

222

223

/* Uncomment to enable full debuggin on the gnutls library */

224

/* gnutls_global_set_log_level(11); */

225

/* gnutls_global_set_log_function(debuggnutls); */

226

227

228

/* openpgp credentials */

229

if ((ret = gnutls_certificate_allocate_credentials (&es->cred))

230

!= GNUTLS_E_SUCCESS) {

231

fprintf (stderr, "memory error: %s\n", safer_gnutls_strerror(ret));

232

return -1;

233

}

234

356

235

ret = gnutls_certificate_set_openpgp_key_file

357

(mc->cred, pubkeyfile, seckeyfile, GNUTLS_OPENPGP_FMT_BASE64);

358

if (ret != GNUTLS_E_SUCCESS) {

359

fprintf(stderr,

360

"Error[%d] while reading the OpenPGP key pair ('%s',"

361

" '%s')\n", ret, pubkeyfile, seckeyfile);

362

fprintf(stdout, "The GnuTLS error is: %s\n",

363

safer_gnutls_strerror(ret));

364

goto globalfail;

365

}

366

367

/* GnuTLS server initialization */

368

ret = gnutls_dh_params_init(&mc->dh_params);

369

if (ret != GNUTLS_E_SUCCESS) {

370

fprintf (stderr, "Error in GnuTLS DH parameter initialization:"

371

" %s\n", safer_gnutls_strerror(ret));

372

goto globalfail;

373

}

374

ret = gnutls_dh_params_generate2(mc->dh_params, mc->dh_bits);

375

if (ret != GNUTLS_E_SUCCESS) {

376

fprintf (stderr, "Error in GnuTLS prime generation: %s\n",

377

safer_gnutls_strerror(ret));

378

goto globalfail;

379

}

380

381

gnutls_certificate_set_dh_params(mc->cred, mc->dh_params);

382

383

return 0;

384

385

globalfail:

386

387

gnutls_certificate_free_credentials(mc->cred);

388

gnutls_global_deinit();

389

return -1;

390

391

}

392

393

static int init_gnutls_session(mandos_context *mc,

394

gnutls_session_t *session){

395

int ret;

396

/* GnuTLS session creation */

397

ret = gnutls_init(session, GNUTLS_SERVER);

398

if (ret != GNUTLS_E_SUCCESS){

399

fprintf(stderr, "Error in GnuTLS session initialization: %s\n",

400

safer_gnutls_strerror(ret));

401

}

402

403

{

404

const char *err;

405

ret = gnutls_priority_set_direct(*session, mc->priority, &err);

406

if (ret != GNUTLS_E_SUCCESS) {

407

fprintf(stderr, "Syntax error at: %s\n", err);

408

fprintf(stderr, "GnuTLS error: %s\n",

409

safer_gnutls_strerror(ret));

410

gnutls_deinit (*session);

411

return -1;

412

}

413

}

414

415

ret = gnutls_credentials_set(*session, GNUTLS_CRD_CERTIFICATE,

416

mc->cred);

417

if (ret != GNUTLS_E_SUCCESS) {

418

fprintf(stderr, "Error setting GnuTLS credentials: %s\n",

419

safer_gnutls_strerror(ret));

420

gnutls_deinit (*session);

421

return -1;

422

}

423

236

(es->cred, CERTFILE, KEYFILE, GNUTLS_OPENPGP_FMT_BASE64);

237

if (ret != GNUTLS_E_SUCCESS) {

238

fprintf

239

(stderr, "Error[%d] while reading the OpenPGP key pair ('%s', '%s')\n",

240

ret, CERTFILE, KEYFILE);

241

fprintf(stdout, "The Error is: %s\n",

242

safer_gnutls_strerror(ret));

243

return -1;

244

}

245

246

//Gnutls server initialization

247

if ((ret = gnutls_dh_params_init (&es->dh_params))

248

!= GNUTLS_E_SUCCESS) {

249

fprintf (stderr, "Error in dh parameter initialization: %s\n",

250

safer_gnutls_strerror(ret));

251

return -1;

252

}

253

254

if ((ret = gnutls_dh_params_generate2 (es->dh_params, DH_BITS))

255

!= GNUTLS_E_SUCCESS) {

256

fprintf (stderr, "Error in prime generation: %s\n",

257

safer_gnutls_strerror(ret));

258

return -1;

259

}

260

261

gnutls_certificate_set_dh_params (es->cred, es->dh_params);

262

263

// Gnutls session creation

264

if ((ret = gnutls_init (&es->session, GNUTLS_SERVER))

265

!= GNUTLS_E_SUCCESS){

266

fprintf(stderr, "Error in gnutls session initialization: %s\n",

267

safer_gnutls_strerror(ret));

268

}

269

270

if ((ret = gnutls_priority_set_direct (es->session, "NORMAL", &err))

271

!= GNUTLS_E_SUCCESS) {

272

fprintf(stderr, "Syntax error at: %s\n", err);

273

fprintf(stderr, "Gnutls error: %s\n",

274

safer_gnutls_strerror(ret));

275

return -1;

276

}

277

278

if ((ret = gnutls_credentials_set

279

(es->session, GNUTLS_CRD_CERTIFICATE, es->cred))

280

!= GNUTLS_E_SUCCESS) {

281

fprintf(stderr, "Error setting a credentials set: %s\n",

282

safer_gnutls_strerror(ret));

283

return -1;

284

}

285

424

286

/* ignore client certificate if any. */

425

gnutls_certificate_server_set_request (*session,

426

GNUTLS_CERT_IGNORE);

287

gnutls_certificate_server_set_request (es->session, GNUTLS_CERT_IGNORE);

427

288

428

gnutls_dh_set_prime_bits (*session, mc->dh_bits);

289

gnutls_dh_set_prime_bits (es->session, DH_BITS);

429

290

430

291

return 0;

431

292

}

432

293

433

/* Avahi log function callback */

434

static void empty_log(__attribute__((unused)) AvahiLogLevel level,

435

__attribute__((unused)) const char *txt){}

294

void empty_log(AvahiLogLevel level, const char *txt){}

436

295

437

/* Called when a Mandos server is found */

438

static int start_mandos_communication(const char *ip, uint16_t port,

439

AvahiIfIndex if_index,

440

mandos_context *mc){

296

int start_mandos_communcation(char *ip, uint16_t port){

441

297

int ret, tcp_sd;

442

union { struct sockaddr in; struct sockaddr_in6 in6; } to;

298

struct sockaddr_in6 to;

299

struct in6_addr ip_addr;

300

encrypted_session es;

443

301

char *buffer = NULL;

444

302

char *decrypted_buffer;

445

303

size_t buffer_length = 0;

446

304

size_t buffer_capacity = 0;

447

305

ssize_t decrypted_buffer_size;

448

size_t written;

449

306

int retval = 0;

450

char interface[IF_NAMESIZE];

451

gnutls_session_t session;

452

453

ret = init_gnutls_session (mc, &session);

454

if (ret != 0){

455

return -1;

456

}

457

458

if(debug){

459

fprintf(stderr, "Setting up a tcp connection to %s, port %" PRIu16

460

"\n", ip, port);

461

}

307

462

308

463

309

tcp_sd = socket(PF_INET6, SOCK_STREAM, 0);

464

310

if(tcp_sd < 0) {

465

311

perror("socket");

466

312

return -1;

467

313

}

468

469

if(debug){

470

if(if_indextoname((unsigned int)if_index, interface) == NULL){

471

perror("if_indextoname");

472

return -1;

473

}

474

fprintf(stderr, "Binding to interface %s\n", interface);

314

315

ret = setsockopt(tcp_sd, SOL_SOCKET, SO_BINDTODEVICE, "eth0", 5);

316

if(tcp_sd < 0) {

317

perror("setsockopt bindtodevice");

318

return -1;

475

319

}

476

320

477

memset(&to,0,sizeof(to)); /* Spurious warning */

478

to.in6.sin6_family = AF_INET6;

479

/* It would be nice to have a way to detect if we were passed an

480

IPv4 address here. Now we assume an IPv6 address. */

481

ret = inet_pton(AF_INET6, ip, &to.in6.sin6_addr);

321

memset(&to,0,sizeof(to));

322

to.sin6_family = AF_INET6;

323

ret = inet_pton(AF_INET6, ip, &ip_addr);

482

324

if (ret < 0 ){

483

325

perror("inet_pton");

484

326

return -1;

485

}

327

}

486

328

if(ret == 0){

487

329

fprintf(stderr, "Bad address: %s\n", ip);

488

330

return -1;

489

331

}

490

to.in6.sin6_port = htons(port); /* Spurious warning */

491

492

to.in6.sin6_scope_id = (uint32_t)if_index;

493

494

if(debug){

495

fprintf(stderr, "Connection to: %s, port %" PRIu16 "\n", ip,

496

port);

497

char addrstr[INET6_ADDRSTRLEN] = "";

498

if(inet_ntop(to.in6.sin6_family, &(to.in6.sin6_addr), addrstr,

499

sizeof(addrstr)) == NULL){

500

perror("inet_ntop");

501

} else {

502

if(strcmp(addrstr, ip) != 0){

503

fprintf(stderr, "Canonical address form: %s\n", addrstr);

504

}

505

}

506

}

507

508

ret = connect(tcp_sd, &to.in, sizeof(to));

332

to.sin6_port = htons(port);

333

to.sin6_scope_id = if_nametoindex("eth0");

334

335

ret = connect(tcp_sd, (struct sockaddr *) &to, sizeof(to));

509

336

if (ret < 0){

510

337

perror("connect");

511

338

return -1;

512

339

}

513

514

const char *out = mandos_protocol_version;

515

written = 0;

516

while (true){

517

size_t out_size = strlen(out);

518

ret = TEMP_FAILURE_RETRY(write(tcp_sd, out + written,

519

out_size - written));

520

if (ret == -1){

521

perror("write");

522

retval = -1;

523

goto mandos_end;

524

}

525

written += (size_t)ret;

526

if(written < out_size){

527

continue;

528

} else {

529

if (out == mandos_protocol_version){

530

written = 0;

531

out = "\r\n";

532

} else {

533

break;

534

}

535

}

536

}

537

538

if(debug){

539

fprintf(stderr, "Establishing TLS session with %s\n", ip);

540

}

541

542

gnutls_transport_set_ptr (session, (gnutls_transport_ptr_t) tcp_sd);

543

544

do{

545

ret = gnutls_handshake (session);

546

} while(ret == GNUTLS_E_AGAIN or ret == GNUTLS_E_INTERRUPTED);

340

341

ret = initgnutls (&es);

342

if (ret != 0){

343

retval = -1;

344

return -1;

345

}

346

347

348

gnutls_transport_set_ptr (es.session, (gnutls_transport_ptr_t) tcp_sd);

349

350

ret = gnutls_handshake (es.session);

547

351

548

352

if (ret != GNUTLS_E_SUCCESS){

549

if(debug){

550

fprintf(stderr, "*** GnuTLS Handshake failed ***\n");

551

gnutls_perror (ret);

552

}

353

fprintf(stderr, "\n*** Handshake failed ***\n");

354

gnutls_perror (ret);

553

355

retval = -1;

554

goto mandos_end;

555

}

556

557

/* Read OpenPGP packet that contains the wanted password */

558

559

if(debug){

560

fprintf(stderr, "Retrieving pgp encrypted password from %s\n",

561

ip);

356

goto exit;

562

357

}

563

358

359

//retrive password

564

360

while(true){

565

buffer_capacity = adjustbuffer(&buffer, buffer_length,

566

buffer_capacity);

567

if (buffer_capacity == 0){

568

perror("adjustbuffer");

569

retval = -1;

570

goto mandos_end;

361

if (buffer_length + BUFFER_SIZE > buffer_capacity){

362

buffer = realloc(buffer, buffer_capacity + BUFFER_SIZE);

363

if (buffer == NULL){

364

perror("realloc");

365

goto exit;

366

}

367

buffer_capacity += BUFFER_SIZE;

571

368

}

572

369

573

ret = gnutls_record_recv(session, buffer+buffer_length,

574

BUFFER_SIZE);

370

ret = gnutls_record_recv

371

(es.session, buffer+buffer_length, BUFFER_SIZE);

575

372

if (ret == 0){

576

373

break;

577

374

}

581

378

case GNUTLS_E_AGAIN:

582

379

break;

583

380

case GNUTLS_E_REHANDSHAKE:

584

do{

585

ret = gnutls_handshake (session);

586

} while(ret == GNUTLS_E_AGAIN or ret == GNUTLS_E_INTERRUPTED);

381

ret = gnutls_handshake (es.session);

587

382

if (ret < 0){

588

fprintf(stderr, "*** GnuTLS Re-handshake failed ***\n");

383

fprintf(stderr, "\n*** Handshake failed ***\n");

589

384

gnutls_perror (ret);

590

385

retval = -1;

591

goto mandos_end;

386

goto exit;

592

387

}

593

388

break;

594

389

default:

595

fprintf(stderr, "Unknown error while reading data from"

596

" encrypted session with Mandos server\n");

390

fprintf(stderr, "Unknown error while reading data from encrypted session with mandos server\n");

597

391

retval = -1;

598

gnutls_bye (session, GNUTLS_SHUT_RDWR);

599

goto mandos_end;

392

gnutls_bye (es.session, GNUTLS_SHUT_RDWR);

393

goto exit;

600

394

}

601

395

} else {

602

buffer_length += (size_t) ret;

396

buffer_length += ret;

603

397

}

604

398

}

605

606

if(debug){

607

fprintf(stderr, "Closing TLS session\n");

608

}

609

610

gnutls_bye (session, GNUTLS_SHUT_RDWR);

611

399

612

400

if (buffer_length > 0){

613

decrypted_buffer_size = pgp_packet_decrypt(buffer,

614

buffer_length,

615

&decrypted_buffer,

616

keydir);

617

if (decrypted_buffer_size >= 0){

618

written = 0;

619

while(written < (size_t) decrypted_buffer_size){

620

ret = (int)fwrite (decrypted_buffer + written, 1,

621

(size_t)decrypted_buffer_size - written,

622

stdout);

623

if(ret == 0 and ferror(stdout)){

624

if(debug){

625

fprintf(stderr, "Error writing encrypted data: %s\n",

626

strerror(errno));

627

}

628

retval = -1;

629

break;

630

}

631

written += (size_t)ret;

632

}

401

if ((decrypted_buffer_size = gpg_packet_decrypt(buffer, buffer_length, &decrypted_buffer, CERT_ROOT)) == 0){

402

retval = -1;

403

} else {

404

fwrite (decrypted_buffer, 1, decrypted_buffer_size, stdout);

633

405

free(decrypted_buffer);

634

} else {

635

retval = -1;

636

406

}

637

407

}

638

639

/* Shutdown procedure */

640

641

mandos_end:

408

642

409

free(buffer);

410

411

//shutdown procedure

412

gnutls_bye (es.session, GNUTLS_SHUT_RDWR);

413

exit:

643

414

close(tcp_sd);

644

gnutls_deinit (session);

415

gnutls_deinit (es.session);

416

gnutls_certificate_free_credentials (es.cred);

417

gnutls_global_deinit ();

645

418

return retval;

646

419

}

647

420

648

static void resolve_callback(AvahiSServiceResolver *r,

649

AvahiIfIndex interface,

650

AVAHI_GCC_UNUSED AvahiProtocol protocol,

651

AvahiResolverEvent event,

652

const char *name,

653

const char *type,

654

const char *domain,

655

const char *host_name,

656

const AvahiAddress *address,

657

uint16_t port,

658

AVAHI_GCC_UNUSED AvahiStringList *txt,

659

AVAHI_GCC_UNUSED AvahiLookupResultFlags

660

flags,

661

void* userdata) {

662

mandos_context *mc = userdata;

663

assert(r); /* Spurious warning */

664

665

/* Called whenever a service has been resolved successfully or

666

timed out */

667

668

switch (event) {

669

default:

670

case AVAHI_RESOLVER_FAILURE:

671

fprintf(stderr, "(Avahi Resolver) Failed to resolve service '%s'"

672

" of type '%s' in domain '%s': %s\n", name, type, domain,

673

avahi_strerror(avahi_server_errno(mc->server)));

674

break;

675

676

case AVAHI_RESOLVER_FOUND:

677

{

678

char ip[AVAHI_ADDRESS_STR_MAX];

679

avahi_address_snprint(ip, sizeof(ip), address);

680

if(debug){

681

fprintf(stderr, "Mandos server \"%s\" found on %s (%s, %"

682

PRIu16 ") on port %d\n", name, host_name, ip,

683

interface, port);

684

}

685

int ret = start_mandos_communication(ip, port, interface, mc);

686

if (ret == 0){

687

exit(EXIT_SUCCESS);

688

}

689

}

690

}

691

avahi_s_service_resolver_free(r);

692

}

693

694

static void browse_callback( AvahiSServiceBrowser *b,

695

AvahiIfIndex interface,

696

AvahiProtocol protocol,

697

AvahiBrowserEvent event,

698

const char *name,

699

const char *type,

700

const char *domain,

701

AVAHI_GCC_UNUSED AvahiLookupResultFlags

702

flags,

703

void* userdata) {

704

mandos_context *mc = userdata;

705

assert(b); /* Spurious warning */

706

707

/* Called whenever a new services becomes available on the LAN or

708

is removed from the LAN */

709

710

switch (event) {

711

default:

712

case AVAHI_BROWSER_FAILURE:

713

714

fprintf(stderr, "(Avahi browser) %s\n",

715

avahi_strerror(avahi_server_errno(mc->server)));

716

avahi_simple_poll_quit(mc->simple_poll);

717

return;

718

719

case AVAHI_BROWSER_NEW:

720

/* We ignore the returned Avahi resolver object. In the callback

721

function we free it. If the Avahi server is terminated before

722

the callback function is called the Avahi server will free the

723

resolver for us. */

724

725

if (!(avahi_s_service_resolver_new(mc->server, interface,

726

protocol, name, type, domain,

727

AVAHI_PROTO_INET6, 0,

728

resolve_callback, mc)))

729

fprintf(stderr, "Avahi: Failed to resolve service '%s': %s\n",

730

name, avahi_strerror(avahi_server_errno(mc->server)));

731

break;

732

733

case AVAHI_BROWSER_REMOVE:

734

break;

735

736

case AVAHI_BROWSER_ALL_FOR_NOW:

737

case AVAHI_BROWSER_CACHE_EXHAUSTED:

738

if(debug){

739

fprintf(stderr, "No Mandos server found, still searching...\n");

740

}

741

break;

742

}

743

}

744

745

/* Combines file name and path and returns the malloced new

746

string. some sane checks could/should be added */

747

static const char *combinepath(const char *first, const char *second){

748

size_t f_len = strlen(first);

749

size_t s_len = strlen(second);

750

char *tmp = malloc(f_len + s_len + 2);

751

if (tmp == NULL){

752

return NULL;

753

}

754

if(f_len > 0){

755

memcpy(tmp, first, f_len); /* Spurious warning */

756

}

757

tmp[f_len] = '/';

758

if(s_len > 0){

759

memcpy(tmp + f_len + 1, second, s_len); /* Spurious warning */

760

}

761

tmp[f_len + 1 + s_len] = '\0';

762

return tmp;

763

}

764

765

766

int main(int argc, char *argv[]){

421

static AvahiSimplePoll *simple_poll = NULL;

422

static AvahiServer *server = NULL;

423

424

static void resolve_callback(

425

AvahiSServiceResolver *r,

426

AVAHI_GCC_UNUSED AvahiIfIndex interface,

427

AVAHI_GCC_UNUSED AvahiProtocol protocol,

428

AvahiResolverEvent event,

429

const char *name,

430

const char *type,

431

const char *domain,

432

const char *host_name,

433

const AvahiAddress *address,

434

uint16_t port,

435

AvahiStringList *txt,

436

AvahiLookupResultFlags flags,

437

AVAHI_GCC_UNUSED void* userdata) {

438

439

assert(r);

440

441

/* Called whenever a service has been resolved successfully or timed out */

442

443

switch (event) {

444

case AVAHI_RESOLVER_FAILURE:

445

fprintf(stderr, "(Resolver) Failed to resolve service '%s' of type '%s' in domain '%s': %s\n", name, type, domain, avahi_strerror(avahi_server_errno(server)));

446

break;

447

448

case AVAHI_RESOLVER_FOUND: {

449

char ip[AVAHI_ADDRESS_STR_MAX];

450

avahi_address_snprint(ip, sizeof(ip), address);

451

int ret = start_mandos_communcation(ip, port);

452

if (ret == 0){

453

exit(EXIT_SUCCESS);

454

} else {

455

exit(EXIT_FAILURE);

456

}

457

}

458

}

459

avahi_s_service_resolver_free(r);

460

}

461

462

static void browse_callback(

463

AvahiSServiceBrowser *b,

464

AvahiIfIndex interface,

465

AvahiProtocol protocol,

466

AvahiBrowserEvent event,

467

const char *name,

468

const char *type,

469

const char *domain,

470

AVAHI_GCC_UNUSED AvahiLookupResultFlags flags,

471

void* userdata) {

472

473

AvahiServer *s = userdata;

474

assert(b);

475

476

/* Called whenever a new services becomes available on the LAN or is removed from the LAN */

477

478

switch (event) {

479

480

case AVAHI_BROWSER_FAILURE:

481

482

fprintf(stderr, "(Browser) %s\n", avahi_strerror(avahi_server_errno(server)));

483

avahi_simple_poll_quit(simple_poll);

484

return;

485

486

case AVAHI_BROWSER_NEW:

487

/* We ignore the returned resolver object. In the callback

488

function we free it. If the server is terminated before

489

the callback function is called the server will free

490

the resolver for us. */

491

492

if (!(avahi_s_service_resolver_new(s, interface, protocol, name, type, domain, AVAHI_PROTO_INET6, 0, resolve_callback, s)))

493

fprintf(stderr, "Failed to resolve service '%s': %s\n", name, avahi_strerror(avahi_server_errno(s)));

494

495

break;

496

497

case AVAHI_BROWSER_REMOVE:

498

break;

499

500

case AVAHI_BROWSER_ALL_FOR_NOW:

501

case AVAHI_BROWSER_CACHE_EXHAUSTED:

502

break;

503

}

504

}

505

506

int main(AVAHI_GCC_UNUSED int argc, AVAHI_GCC_UNUSED char*argv[]) {

507

AvahiServerConfig config;

767

508

AvahiSServiceBrowser *sb = NULL;

768

509

int error;

769

int ret;

770

int exitcode = EXIT_SUCCESS;

771

const char *interface = "eth0";

772

struct ifreq network;

773

int sd;

774

uid_t uid;

775

gid_t gid;

776

char *connect_to = NULL;

777

AvahiIfIndex if_index = AVAHI_IF_UNSPEC;

778

const char *pubkeyfile = "pubkey.txt";

779

const char *seckeyfile = "seckey.txt";

780

mandos_context mc = { .simple_poll = NULL, .server = NULL,

781

.dh_bits = 1024, .priority = "SECURE256"};

782

bool gnutls_initalized = false;

783

784

{

785

struct argp_option options[] = {

786

{ .name = "debug", .key = 128,

787

.doc = "Debug mode", .group = 3 },

788

{ .name = "connect", .key = 'c',

789

.arg = "IP",

790

.doc = "Connect directly to a sepcified mandos server",

791

.group = 1 },

792

{ .name = "interface", .key = 'i',

793

.arg = "INTERFACE",

794

.doc = "Interface that Avahi will conntect through",

795

.group = 1 },

796

{ .name = "keydir", .key = 'd',

797

.arg = "KEYDIR",

798

.doc = "Directory where the openpgp keyring is",

799

.group = 1 },

800

{ .name = "seckey", .key = 's',

801

.arg = "SECKEY",

802

.doc = "Secret openpgp key for gnutls authentication",

803

.group = 1 },

804

{ .name = "pubkey", .key = 'p',

805

.arg = "PUBKEY",

806

.doc = "Public openpgp key for gnutls authentication",

807

.group = 2 },

808

{ .name = "dh-bits", .key = 129,

809

.arg = "BITS",

810

.doc = "dh-bits to use in gnutls communication",

811

.group = 2 },

812

{ .name = "priority", .key = 130,

813

.arg = "PRIORITY",

814

.doc = "GNUTLS priority", .group = 1 },

815

{ .name = NULL }

816

};

817

818

819

error_t parse_opt (int key, char *arg,

820

struct argp_state *state) {

821

/* Get the INPUT argument from `argp_parse', which we know is

822

a pointer to our plugin list pointer. */

823

switch (key) {

824

case 128:

825

debug = true;

826

break;

827

case 'c':

828

connect_to = arg;

829

break;

830

case 'i':

831

interface = arg;

832

break;

833

case 'd':

834

keydir = arg;

835

break;

836

case 's':

837

seckeyfile = arg;

838

break;

839

case 'p':

840

pubkeyfile = arg;

841

break;

842

case 129:

843

errno = 0;

844

mc.dh_bits = (unsigned int) strtol(arg, NULL, 10);

845

if (errno){

846

perror("strtol");

847

exit(EXIT_FAILURE);

848

}

849

break;

850

case 130:

851

mc.priority = arg;

852

break;

853

case ARGP_KEY_ARG:

854

argp_usage (state);

855

break;

856

case ARGP_KEY_END:

857

break;

858

default:

859

return ARGP_ERR_UNKNOWN;

860

}

861

return 0;

862

}

863

864

struct argp argp = { .options = options, .parser = parse_opt,

865

.args_doc = "",

866

.doc = "Mandos client -- Get and decrypt"

867

" passwords from mandos server" };

868

ret = argp_parse (&argp, argc, argv, 0, 0, NULL);

869

if (ret == ARGP_ERR_UNKNOWN){

870

fprintf(stderr, "Unkown error while parsing arguments\n");

871

exitcode = EXIT_FAILURE;

872

goto end;

873

}

874

}

875

876

pubkeyfile = combinepath(keydir, pubkeyfile);

877

if (pubkeyfile == NULL){

878

perror("combinepath");

879

exitcode = EXIT_FAILURE;

880

goto end;

881

}

882

883

seckeyfile = combinepath(keydir, seckeyfile);

884

if (seckeyfile == NULL){

885

perror("combinepath");

886

goto end;

887

}

888

889

ret = init_gnutls_global(&mc, pubkeyfile, seckeyfile);

890

if (ret == -1){

891

fprintf(stderr, "init_gnutls_global\n");

892

goto end;

893

} else {

894

gnutls_initalized = true;

895

}

896

897

uid = getuid();

898

gid = getgid();

899

900

ret = setuid(uid);

901

if (ret == -1){

902

perror("setuid");

903

}

904

905

setgid(gid);

906

if (ret == -1){

907

perror("setgid");

908

}

909

910

if_index = (AvahiIfIndex) if_nametoindex(interface);

911

if(if_index == 0){

912

fprintf(stderr, "No such interface: \"%s\"\n", interface);

913

exit(EXIT_FAILURE);

914

}

915

916

if(connect_to != NULL){

917

/* Connect directly, do not use Zeroconf */

918

/* (Mainly meant for debugging) */

919

char *address = strrchr(connect_to, ':');

920

if(address == NULL){

921

fprintf(stderr, "No colon in address\n");

922

exitcode = EXIT_FAILURE;

923

goto end;

924

}

925

errno = 0;

926

uint16_t port = (uint16_t) strtol(address+1, NULL, 10);

927

if(errno){

928

perror("Bad port number");

929

exitcode = EXIT_FAILURE;

930

goto end;

931

}

932

*address = '\0';

933

address = connect_to;

934

ret = start_mandos_communication(address, port, if_index, &mc);

935

if(ret < 0){

936

exitcode = EXIT_FAILURE;

937

} else {

938

exitcode = EXIT_SUCCESS;

939

}

940

goto end;

941

}

942

943

/* If the interface is down, bring it up */

944

{

945

sd = socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP);

946

if(sd < 0) {

947

perror("socket");

948

exitcode = EXIT_FAILURE;

949

goto end;

950

}

951

strcpy(network.ifr_name, interface); /* Spurious warning */

952

ret = ioctl(sd, SIOCGIFFLAGS, &network);

953

if(ret == -1){

954

perror("ioctl SIOCGIFFLAGS");

955

exitcode = EXIT_FAILURE;

956

goto end;

957

}

958

if((network.ifr_flags & IFF_UP) == 0){

959

network.ifr_flags |= IFF_UP;

960

ret = ioctl(sd, SIOCSIFFLAGS, &network);

961

if(ret == -1){

962

perror("ioctl SIOCSIFFLAGS");

963

exitcode = EXIT_FAILURE;

964

goto end;

965

}

966

}

967

close(sd);

968

}

969

970

if (not debug){

971

avahi_set_log_function(empty_log);

972

}

973

974

/* Initialize the pseudo-RNG for Avahi */

975

srand((unsigned int) time(NULL));

976

977

/* Allocate main Avahi loop object */

978

mc.simple_poll = avahi_simple_poll_new();

979

if (mc.simple_poll == NULL) {

980

fprintf(stderr, "Avahi: Failed to create simple poll"

981

" object.\n");

982

exitcode = EXIT_FAILURE;

983

goto end;

984

}

985

986

{

987

AvahiServerConfig config;

988

/* Do not publish any local Zeroconf records */

989

avahi_server_config_init(&config);

990

config.publish_hinfo = 0;

991

config.publish_addresses = 0;

992

config.publish_workstation = 0;

993

config.publish_domain = 0;

994

995

/* Allocate a new server */

996

mc.server = avahi_server_new(avahi_simple_poll_get

997

(mc.simple_poll), &config, NULL,

998

NULL, &error);

999

1000

/* Free the Avahi configuration data */

1001

avahi_server_config_free(&config);

1002

}

1003

1004

/* Check if creating the Avahi server object succeeded */

1005

if (mc.server == NULL) {

1006

fprintf(stderr, "Failed to create Avahi server: %s\n",

1007

avahi_strerror(error));

1008

exitcode = EXIT_FAILURE;

1009

goto end;

1010

}

1011

1012

/* Create the Avahi service browser */

1013

sb = avahi_s_service_browser_new(mc.server, if_index,

1014

AVAHI_PROTO_INET6,

1015

"_mandos._tcp", NULL, 0,

1016

browse_callback, &mc);

1017

if (sb == NULL) {

1018

fprintf(stderr, "Failed to create service browser: %s\n",

1019

avahi_strerror(avahi_server_errno(mc.server)));

1020

exitcode = EXIT_FAILURE;

1021

goto end;

510

int ret = 1;

511

512

avahi_set_log_function(empty_log);

513

514

/* Initialize the psuedo-RNG */

515

srand(time(NULL));

516

517

/* Allocate main loop object */

518

if (!(simple_poll = avahi_simple_poll_new())) {

519

fprintf(stderr, "Failed to create simple poll object.\n");

520

goto fail;

521

}

522

523

/* Do not publish any local records */

524

avahi_server_config_init(&config);

525

config.publish_hinfo = 0;

526

config.publish_addresses = 0;

527

config.publish_workstation = 0;

528

config.publish_domain = 0;

529

530

/* /\* Set a unicast DNS server for wide area DNS-SD *\/ */

531

/* avahi_address_parse("193.11.177.11", AVAHI_PROTO_UNSPEC, &config.wide_area_servers[0]); */

532

/* config.n_wide_area_servers = 1; */

533

/* config.enable_wide_area = 1; */

534

535

/* Allocate a new server */

536

server = avahi_server_new(avahi_simple_poll_get(simple_poll), &config, NULL, NULL, &error);

537

538

/* Free the configuration data */

539

avahi_server_config_free(&config);

540

541

/* Check wether creating the server object succeeded */

542

if (!server) {

543

fprintf(stderr, "Failed to create server: %s\n", avahi_strerror(error));

544

goto fail;

545

}

546

547

/* Create the service browser */

548

if (!(sb = avahi_s_service_browser_new(server, if_nametoindex("eth0"), AVAHI_PROTO_INET6, "_mandos._tcp", NULL, 0, browse_callback, server))) {

549

fprintf(stderr, "Failed to create service browser: %s\n", avahi_strerror(avahi_server_errno(server)));

550

goto fail;

1022

551

}

1023

552

1024

553

/* Run the main loop */

1025

1026

if (debug){

1027

fprintf(stderr, "Starting Avahi loop search\n");

1028

}

1029

1030

avahi_simple_poll_loop(mc.simple_poll);

1031

1032

end:

1033

1034

if (debug){

1035

fprintf(stderr, "%s exiting\n", argv[0]);

1036

}

554

avahi_simple_poll_loop(simple_poll);

555

556

ret = 0;

557

558

fail:

1037

559

1038

560

/* Cleanup things */

1039

if (sb != NULL)

561

if (sb)

1040

562

avahi_s_service_browser_free(sb);

1041

563

1042

if (mc.server != NULL)

1043

avahi_server_free(mc.server);

1044

1045

if (mc.simple_poll != NULL)

1046

avahi_simple_poll_free(mc.simple_poll);

1047

free(pubkeyfile);

1048

free(seckeyfile);

1049

1050

if (gnutls_initalized){

1051

gnutls_certificate_free_credentials(mc.cred);

1052

gnutls_global_deinit ();

1053

}

1054

1055

return exitcode;

564

if (server)

565

avahi_server_free(server);

566

567

if (simple_poll)

568

avahi_simple_poll_free(simple_poll);

569

570

return ret;

1056

571

}

Older »