/mandos/release : revision 146

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to plugins.d/password-request.c

Committer: Teddy Hogeborn
Date: 2008-09-03 13:59:58 UTC
Revision ID: teddy@fukt.bsnet.se-20080903135958-k0he2xucqmx7nz4b

* plugins.d/password-request.xml (OPTIONS): Improved wording.
  (FILES): Add text about public and secret key files.
  (BUGS): Commented out.
  (EXAMPLE): Added examples.

files added:
.bzrignore

COPYING

initramfs-tools-hook

initramfs-tools-hook-conf

initramfs-tools-script

legalnotice.xml

mandos-clients.conf.xml

mandos-keygen

mandos-keygen.xml

mandos-options.xml

mandos.conf.xml

mandos.xml

overview.xml

plugin-runner.xml

plugins.d/password-prompt.xml

plugins.d/password-request.xml

plugins.d/usplash

files removed:
ca.pem

cert.pem

client-cert.pem

client-key.pem

crl.pem

key.pem

files renamed:
server.py => mandos

server.conf => mandos.conf

plugbasedclient.c => plugin-runner.c

plugins.d/passprompt.c => plugins.d/password-prompt.c

plugins.d/mandosclient.c => plugins.d/password-request.c

files modified:
Makefile

TODO

clients.conf

Show diffs side-by-side

added added

removed removed

plugins.d/password-request.c

#define _LARGEFILE_SOURCE

#define _FILE_OFFSET_BITS 64

#include <stdio.h>

#include <assert.h>

#include <stdlib.h>

#include <time.h>

#include <net/if.h> /* if_nametoindex */

#include <sys/ioctl.h> // ioctl, ifreq, SIOCGIFFLAGS, IFF_UP, SIOCSIFFLAGS

#include <net/if.h> // ioctl, ifreq, SIOCGIFFLAGS, IFF_UP, SIOCSIFFLAGS

#define _GNU_SOURCE /* TEMP_FAILURE_RETRY(), asprintf() */

#include <stdio.h> /* fprintf(), stderr, fwrite(),

stdout, ferror() */

#include <stdint.h> /* uint16_t, uint32_t */

#include <stddef.h> /* NULL, size_t, ssize_t */

#include <stdlib.h> /* free(), EXIT_SUCCESS, EXIT_FAILURE,

srand() */

#include <stdbool.h> /* bool, true */

#include <string.h> /* memset(), strcmp(), strlen(),

strerror(), asprintf(), strcpy() */

#include <sys/ioctl.h> /* ioctl */

#include <sys/types.h> /* socket(), inet_pton(), sockaddr,

sockaddr_in6, PF_INET6,

SOCK_STREAM, INET6_ADDRSTRLEN,

uid_t, gid_t */

#include <inttypes.h> /* PRIu16 */

#include <sys/socket.h> /* socket(), struct sockaddr_in6,

struct in6_addr, inet_pton(),

connect() */

#include <assert.h> /* assert() */

#include <errno.h> /* perror(), errno */

#include <time.h> /* time() */

#include <net/if.h> /* ioctl, ifreq, SIOCGIFFLAGS, IFF_UP,

SIOCSIFFLAGS, if_indextoname(),

if_nametoindex(), IF_NAMESIZE */

#include <unistd.h> /* close(), SEEK_SET, off_t, write(),

getuid(), getgid(), setuid(),

setgid() */

#include <netinet/in.h>

#include <arpa/inet.h> /* inet_pton(), htons */

#include <iso646.h> /* not, and */

#include <argp.h> /* struct argp_option, error_t, struct

argp_state, struct argp,

argp_parse(), ARGP_KEY_ARG,

ARGP_KEY_END, ARGP_ERR_UNKNOWN */

/* Avahi */

/* All Avahi types, constants and functions

Avahi*, avahi_*,

AVAHI_* */

#include <avahi-core/core.h>

#include <avahi-core/lookup.h>

#include <avahi-core/log.h>

#include <avahi-common/malloc.h>

#include <avahi-common/error.h>

//mandos client part

#include <sys/types.h> /* socket(), inet_pton() */

#include <sys/socket.h> /* socket(), struct sockaddr_in6,

struct in6_addr, inet_pton() */

#include <gnutls/gnutls.h> /* All GnuTLS stuff */

#include <gnutls/openpgp.h> /* GnuTLS with openpgp stuff */

#include <unistd.h> /* close() */

#include <netinet/in.h>

#include <stdbool.h> /* true */

#include <string.h> /* memset */

#include <arpa/inet.h> /* inet_pton() */

#include <iso646.h> /* not */

// gpgme

#include <errno.h> /* perror() */

#include <gpgme.h>

// getopt long

#include <getopt.h>

/* GnuTLS */

#include <gnutls/gnutls.h> /* All GnuTLS types, constants and

functions:

gnutls_*

init_gnutls_session(),

GNUTLS_* */

#include <gnutls/openpgp.h> /* gnutls_certificate_set_openpgp_key_file(),

GNUTLS_OPENPGP_FMT_BASE64 */

/* GPGME */

#include <gpgme.h> /* All GPGME types, constants and

functions:

gpgme_*

GPGME_PROTOCOL_OpenPGP,

GPG_ERR_NO_* */

#define BUFFER_SIZE 256

#define DH_BITS 1024

static const char *certdir = "/conf/conf.d/mandos";

static const char *certfile = "openpgp-client.txt";

static const char *certkey = "openpgp-client-key.txt";

100

101

bool debug = false;

102

static const char *keydir = "/conf/conf.d/mandos";

103

static const char mandos_protocol_version[] = "1";

104

const char *argp_program_version = "password-request 1.0";

105

const char *argp_program_bug_address = "<mandos@fukt.bsnet.se>";

106

107

/* Used for passing in values through the Avahi callback functions */

108

typedef struct {

gnutls_session_t session;

109

AvahiSimplePoll *simple_poll;

110

AvahiServer *server;

111

gnutls_certificate_credentials_t cred;

112

unsigned int dh_bits;

113

gnutls_dh_params_t dh_params;

} encrypted_session;

static ssize_t pgp_packet_decrypt (char *packet, size_t packet_size,

char **new_packet,

114

const char *priority;

115

} mandos_context;

116

117

118

* Make room in "buffer" for at least BUFFER_SIZE additional bytes.

119

* "buffer_capacity" is how much is currently allocated,

120

* "buffer_length" is how much is already used.

121

122

size_t adjustbuffer(char **buffer, size_t buffer_length,

123

size_t buffer_capacity){

124

if (buffer_length + BUFFER_SIZE > buffer_capacity){

125

*buffer = realloc(*buffer, buffer_capacity + BUFFER_SIZE);

126

if (buffer == NULL){

127

return 0;

128

}

129

buffer_capacity += BUFFER_SIZE;

130

}

131

return buffer_capacity;

132

}

133

134

135

* Decrypt OpenPGP data using keyrings in HOMEDIR.

136

* Returns -1 on error

137

138

static ssize_t pgp_packet_decrypt (const char *cryptotext,

139

size_t crypto_size,

140

char **plaintext,

141

const char *homedir){

142

gpgme_data_t dh_crypto, dh_plain;

143

gpgme_ctx_t ctx;

144

gpgme_error_t rc;

145

ssize_t ret;

ssize_t new_packet_capacity = 0;

ssize_t new_packet_length = 0;

146

size_t plaintext_capacity = 0;

147

ssize_t plaintext_length = 0;

148

gpgme_engine_info_t engine_info;

149

150

if (debug){

fprintf(stderr, "Trying to decrypt OpenPGP packet\n");

151

fprintf(stderr, "Trying to decrypt OpenPGP data\n");

100

152

}

101

153

102

154

/* Init GPGME */

108

160

return -1;

109

161

}

110

162

111

/* Set GPGME home directory */

163

/* Set GPGME home directory for the OpenPGP engine only */

112

164

rc = gpgme_get_engine_info (&engine_info);

113

165

if (rc != GPG_ERR_NO_ERROR){

114

166

fprintf(stderr, "bad gpgme_get_engine_info: %s: %s\n",

124

176

engine_info = engine_info->next;

125

177

}

126

178

if(engine_info == NULL){

127

fprintf(stderr, "Could not set home dir to %s\n", homedir);

179

fprintf(stderr, "Could not set GPGME home dir to %s\n", homedir);

128

180

return -1;

129

181

}

130

182

131

/* Create new GPGME data buffer from packet buffer */

132

rc = gpgme_data_new_from_mem(&dh_crypto, packet, packet_size, 0);

183

/* Create new GPGME data buffer from memory cryptotext */

184

rc = gpgme_data_new_from_mem(&dh_crypto, cryptotext, crypto_size,

185

0);

133

186

if (rc != GPG_ERR_NO_ERROR){

134

187

fprintf(stderr, "bad gpgme_data_new_from_mem: %s: %s\n",

135

188

gpgme_strsource(rc), gpgme_strerror(rc));

141

194

if (rc != GPG_ERR_NO_ERROR){

142

195

fprintf(stderr, "bad gpgme_data_new: %s: %s\n",

143

196

gpgme_strsource(rc), gpgme_strerror(rc));

197

gpgme_data_release(dh_crypto);

144

198

return -1;

145

199

}

146

200

149

203

if (rc != GPG_ERR_NO_ERROR){

150

204

fprintf(stderr, "bad gpgme_new: %s: %s\n",

151

205

gpgme_strsource(rc), gpgme_strerror(rc));

152

return -1;

206

plaintext_length = -1;

207

goto decrypt_end;

153

208

}

154

209

155

/* Decrypt data from the FILE pointer to the plaintext data

156

buffer */

210

/* Decrypt data from the cryptotext data buffer to the plaintext

211

data buffer */

157

212

rc = gpgme_op_decrypt(ctx, dh_crypto, dh_plain);

158

213

if (rc != GPG_ERR_NO_ERROR){

159

214

fprintf(stderr, "bad gpgme_op_decrypt: %s: %s\n",

160

215

gpgme_strsource(rc), gpgme_strerror(rc));

161

return -1;

216

plaintext_length = -1;

217

if (debug){

218

gpgme_decrypt_result_t result;

219

result = gpgme_op_decrypt_result(ctx);

220

if (result == NULL){

221

fprintf(stderr, "gpgme_op_decrypt_result failed\n");

222

} else {

223

fprintf(stderr, "Unsupported algorithm: %s\n",

224

result->unsupported_algorithm);

225

fprintf(stderr, "Wrong key usage: %u\n",

226

result->wrong_key_usage);

227

if(result->file_name != NULL){

228

fprintf(stderr, "File name: %s\n", result->file_name);

229

}

230

gpgme_recipient_t recipient;

231

recipient = result->recipients;

232

if(recipient){

233

while(recipient != NULL){

234

fprintf(stderr, "Public key algorithm: %s\n",

235

gpgme_pubkey_algo_name(recipient->pubkey_algo));

236

fprintf(stderr, "Key ID: %s\n", recipient->keyid);

237

fprintf(stderr, "Secret key available: %s\n",

238

recipient->status == GPG_ERR_NO_SECKEY

239

? "No" : "Yes");

240

recipient = recipient->next;

241

}

242

}

243

}

244

}

245

goto decrypt_end;

162

246

}

163

247

164

248

if(debug){

165

fprintf(stderr, "Decryption of OpenPGP packet succeeded\n");

166

}

167

168

if (debug){

169

gpgme_decrypt_result_t result;

170

result = gpgme_op_decrypt_result(ctx);

171

if (result == NULL){

172

fprintf(stderr, "gpgme_op_decrypt_result failed\n");

173

} else {

174

fprintf(stderr, "Unsupported algorithm: %s\n",

175

result->unsupported_algorithm);

176

fprintf(stderr, "Wrong key usage: %d\n",

177

result->wrong_key_usage);

178

if(result->file_name != NULL){

179

fprintf(stderr, "File name: %s\n", result->file_name);

180

}

181

gpgme_recipient_t recipient;

182

recipient = result->recipients;

183

if(recipient){

184

while(recipient != NULL){

185

fprintf(stderr, "Public key algorithm: %s\n",

186

gpgme_pubkey_algo_name(recipient->pubkey_algo));

187

fprintf(stderr, "Key ID: %s\n", recipient->keyid);

188

fprintf(stderr, "Secret key available: %s\n",

189

recipient->status == GPG_ERR_NO_SECKEY

190

? "No" : "Yes");

191

recipient = recipient->next;

192

}

193

}

194

}

195

}

196

197

/* Delete the GPGME FILE pointer cryptotext data buffer */

198

gpgme_data_release(dh_crypto);

249

fprintf(stderr, "Decryption of OpenPGP data succeeded\n");

250

}

199

251

200

252

/* Seek back to the beginning of the GPGME plaintext data buffer */

201

253

if (gpgme_data_seek(dh_plain, (off_t) 0, SEEK_SET) == -1){

202

254

perror("pgpme_data_seek");

255

plaintext_length = -1;

256

goto decrypt_end;

203

257

}

204

258

205

*new_packet = 0;

259

*plaintext = NULL;

206

260

while(true){

207

if (new_packet_length + BUFFER_SIZE > new_packet_capacity){

208

*new_packet = realloc(*new_packet,

209

(unsigned int)new_packet_capacity

210

+ BUFFER_SIZE);

211

if (*new_packet == NULL){

212

perror("realloc");

213

return -1;

214

}

215

new_packet_capacity += BUFFER_SIZE;

261

plaintext_capacity = adjustbuffer(plaintext,

262

(size_t)plaintext_length,

263

plaintext_capacity);

264

if (plaintext_capacity == 0){

265

perror("adjustbuffer");

266

plaintext_length = -1;

267

goto decrypt_end;

216

268

}

217

269

218

ret = gpgme_data_read(dh_plain, *new_packet + new_packet_length,

270

ret = gpgme_data_read(dh_plain, *plaintext + plaintext_length,

219

271

BUFFER_SIZE);

220

272

/* Print the data, if any */

221

273

if (ret == 0){

274

/* EOF */

222

275

break;

223

276

}

224

277

if(ret < 0){

225

278

perror("gpgme_data_read");

226

return -1;

227

}

228

new_packet_length += ret;

229

}

230

231

/* FIXME: check characters before printing to screen so to not print

232

terminal control characters */

233

/* if(debug){ */

234

/* fprintf(stderr, "decrypted password is: "); */

235

/* fwrite(*new_packet, 1, new_packet_length, stderr); */

236

/* fprintf(stderr, "\n"); */

237

/* } */

279

plaintext_length = -1;

280

goto decrypt_end;

281

}

282

plaintext_length += ret;

283

}

284

285

if(debug){

286

fprintf(stderr, "Decrypted password is: ");

287

for(ssize_t i = 0; i < plaintext_length; i++){

288

fprintf(stderr, "%02hhX ", (*plaintext)[i]);

289

}

290

fprintf(stderr, "\n");

291

}

292

293

decrypt_end:

294

295

/* Delete the GPGME cryptotext data buffer */

296

gpgme_data_release(dh_crypto);

238

297

239

298

/* Delete the GPGME plaintext data buffer */

240

299

gpgme_data_release(dh_plain);

241

return new_packet_length;

300

return plaintext_length;

242

301

}

243

302

244

303

static const char * safer_gnutls_strerror (int value) {

245

const char *ret = gnutls_strerror (value);

304

const char *ret = gnutls_strerror (value); /* Spurious warning */

246

305

if (ret == NULL)

247

306

ret = "(unknown)";

248

307

return ret;

249

308

}

250

309

310

/* GnuTLS log function callback */

251

311

static void debuggnutls(__attribute__((unused)) int level,

252

312

const char* string){

253

fprintf(stderr, "%s", string);

313

fprintf(stderr, "GnuTLS: %s", string);

254

314

}

255

315

256

static int initgnutls(encrypted_session *es){

257

const char *err;

316

static int init_gnutls_global(mandos_context *mc,

317

const char *pubkeyfilename,

318

const char *seckeyfilename){

258

319

int ret;

259

320

260

321

if(debug){

261

322

fprintf(stderr, "Initializing GnuTLS\n");

262

323

}

263

264

if ((ret = gnutls_global_init ())

265

!= GNUTLS_E_SUCCESS) {

266

fprintf (stderr, "global_init: %s\n", safer_gnutls_strerror(ret));

324

325

ret = gnutls_global_init();

326

if (ret != GNUTLS_E_SUCCESS) {

327

fprintf (stderr, "GnuTLS global_init: %s\n",

328

safer_gnutls_strerror(ret));

267

329

return -1;

268

330

}

269

331

270

332

if (debug){

333

/* "Use a log level over 10 to enable all debugging options."

334

* - GnuTLS manual

335

271

336

gnutls_global_set_log_level(11);

272

337

gnutls_global_set_log_function(debuggnutls);

273

338

}

274

339

275

/* openpgp credentials */

276

if ((ret = gnutls_certificate_allocate_credentials (&es->cred))

277

!= GNUTLS_E_SUCCESS) {

278

fprintf (stderr, "memory error: %s\n",

340

/* OpenPGP credentials */

341

gnutls_certificate_allocate_credentials(&mc->cred);

342

if (ret != GNUTLS_E_SUCCESS){

343

fprintf (stderr, "GnuTLS memory error: %s\n", /* Spurious

344

warning */

279

345

safer_gnutls_strerror(ret));

346

gnutls_global_deinit ();

280

347

return -1;

281

348

}

282

349

283

350

if(debug){

284

351

fprintf(stderr, "Attempting to use OpenPGP certificate %s"

285

" and keyfile %s as GnuTLS credentials\n", certfile,

286

certkey);

352

" and keyfile %s as GnuTLS credentials\n", pubkeyfilename,

353

seckeyfilename);

287

354

}

288

355

289

356

ret = gnutls_certificate_set_openpgp_key_file

290

(es->cred, certfile, certkey, GNUTLS_OPENPGP_FMT_BASE64);

357

(mc->cred, pubkeyfilename, seckeyfilename,

358

GNUTLS_OPENPGP_FMT_BASE64);

291

359

if (ret != GNUTLS_E_SUCCESS) {

292

fprintf

293

(stderr, "Error[%d] while reading the OpenPGP key pair ('%s',"

294

" '%s')\n",

295

ret, certfile, certkey);

296

fprintf(stdout, "The Error is: %s\n",

360

fprintf(stderr,

361

"Error[%d] while reading the OpenPGP key pair ('%s',"

362

" '%s')\n", ret, pubkeyfilename, seckeyfilename);

363

fprintf(stdout, "The GnuTLS error is: %s\n",

297

364

safer_gnutls_strerror(ret));

298

return -1;

299

}

300

301

//GnuTLS server initialization

302

if ((ret = gnutls_dh_params_init (&es->dh_params))

303

!= GNUTLS_E_SUCCESS) {

304

fprintf (stderr, "Error in dh parameter initialization: %s\n",

305

safer_gnutls_strerror(ret));

306

return -1;

307

}

308

309

if ((ret = gnutls_dh_params_generate2 (es->dh_params, DH_BITS))

310

!= GNUTLS_E_SUCCESS) {

311

fprintf (stderr, "Error in prime generation: %s\n",

312

safer_gnutls_strerror(ret));

313

return -1;

314

}

315

316

gnutls_certificate_set_dh_params (es->cred, es->dh_params);

317

318

// GnuTLS session creation

319

if ((ret = gnutls_init (&es->session, GNUTLS_SERVER))

320

!= GNUTLS_E_SUCCESS){

365

goto globalfail;

366

}

367

368

/* GnuTLS server initialization */

369

ret = gnutls_dh_params_init(&mc->dh_params);

370

if (ret != GNUTLS_E_SUCCESS) {

371

fprintf (stderr, "Error in GnuTLS DH parameter initialization:"

372

" %s\n", safer_gnutls_strerror(ret));

373

goto globalfail;

374

}

375

ret = gnutls_dh_params_generate2(mc->dh_params, mc->dh_bits);

376

if (ret != GNUTLS_E_SUCCESS) {

377

fprintf (stderr, "Error in GnuTLS prime generation: %s\n",

378

safer_gnutls_strerror(ret));

379

goto globalfail;

380

}

381

382

gnutls_certificate_set_dh_params(mc->cred, mc->dh_params);

383

384

return 0;

385

386

globalfail:

387

388

gnutls_certificate_free_credentials(mc->cred);

389

gnutls_global_deinit();

390

return -1;

391

}

392

393

static int init_gnutls_session(mandos_context *mc,

394

gnutls_session_t *session){

395

int ret;

396

/* GnuTLS session creation */

397

ret = gnutls_init(session, GNUTLS_SERVER);

398

if (ret != GNUTLS_E_SUCCESS){

321

399

fprintf(stderr, "Error in GnuTLS session initialization: %s\n",

322

400

safer_gnutls_strerror(ret));

323

401

}

324

402

325

if ((ret = gnutls_priority_set_direct (es->session, "NORMAL", &err))

326

!= GNUTLS_E_SUCCESS) {

327

fprintf(stderr, "Syntax error at: %s\n", err);

328

fprintf(stderr, "GnuTLS error: %s\n",

329

safer_gnutls_strerror(ret));

330

return -1;

403

{

404

const char *err;

405

ret = gnutls_priority_set_direct(*session, mc->priority, &err);

406

if (ret != GNUTLS_E_SUCCESS) {

407

fprintf(stderr, "Syntax error at: %s\n", err);

408

fprintf(stderr, "GnuTLS error: %s\n",

409

safer_gnutls_strerror(ret));

410

gnutls_deinit (*session);

411

return -1;

412

}

331

413

}

332

414

333

if ((ret = gnutls_credentials_set

334

(es->session, GNUTLS_CRD_CERTIFICATE, es->cred))

335

!= GNUTLS_E_SUCCESS) {

336

fprintf(stderr, "Error setting a credentials set: %s\n",

415

ret = gnutls_credentials_set(*session, GNUTLS_CRD_CERTIFICATE,

416

mc->cred);

417

if (ret != GNUTLS_E_SUCCESS) {

418

fprintf(stderr, "Error setting GnuTLS credentials: %s\n",

337

419

safer_gnutls_strerror(ret));

420

gnutls_deinit (*session);

338

421

return -1;

339

422

}

340

423

341

424

/* ignore client certificate if any. */

342

gnutls_certificate_server_set_request (es->session,

425

gnutls_certificate_server_set_request (*session,

343

426

GNUTLS_CERT_IGNORE);

344

427

345

gnutls_dh_set_prime_bits (es->session, DH_BITS);

428

gnutls_dh_set_prime_bits (*session, mc->dh_bits);

346

429

347

430

return 0;

348

431

}

349

432

433

/* Avahi log function callback */

350

434

static void empty_log(__attribute__((unused)) AvahiLogLevel level,

351

435

__attribute__((unused)) const char *txt){}

352

436

437

/* Called when a Mandos server is found */

353

438

static int start_mandos_communication(const char *ip, uint16_t port,

354

AvahiIfIndex if_index){

439

AvahiIfIndex if_index,

440

mandos_context *mc){

355

441

int ret, tcp_sd;

356

struct sockaddr_in6 to;

357

encrypted_session es;

442

union { struct sockaddr in; struct sockaddr_in6 in6; } to;

358

443

char *buffer = NULL;

359

444

char *decrypted_buffer;

360

445

size_t buffer_length = 0;

361

446

size_t buffer_capacity = 0;

362

447

ssize_t decrypted_buffer_size;

363

size_t written = 0;

448

size_t written;

364

449

int retval = 0;

365

450

char interface[IF_NAMESIZE];

451

gnutls_session_t session;

452

453

ret = init_gnutls_session (mc, &session);

454

if (ret != 0){

455

return -1;

456

}

366

457

367

458

if(debug){

368

fprintf(stderr, "Setting up a tcp connection to %s, port %d\n",

369

ip, port);

459

fprintf(stderr, "Setting up a tcp connection to %s, port %" PRIu16

460

"\n", ip, port);

370

461

}

371

462

372

463

tcp_sd = socket(PF_INET6, SOCK_STREAM, 0);

374

465

perror("socket");

375

466

return -1;

376

467

}

377

468

378

469

if(debug){

379

470

if(if_indextoname((unsigned int)if_index, interface) == NULL){

380

if(debug){

381

perror("if_indextoname");

382

}

471

perror("if_indextoname");

383

472

return -1;

384

473

}

385

386

474

fprintf(stderr, "Binding to interface %s\n", interface);

387

475

}

388

476

389

memset(&to,0,sizeof(to)); /* Spurious warning */

390

to.sin6_family = AF_INET6;

391

ret = inet_pton(AF_INET6, ip, &to.sin6_addr);

477

memset(&to, 0, sizeof(to));

478

to.in6.sin6_family = AF_INET6;

479

/* It would be nice to have a way to detect if we were passed an

480

IPv4 address here. Now we assume an IPv6 address. */

481

ret = inet_pton(AF_INET6, ip, &to.in6.sin6_addr);

392

482

if (ret < 0 ){

393

483

perror("inet_pton");

394

484

return -1;

395

}

485

}

396

486

if(ret == 0){

397

487

fprintf(stderr, "Bad address: %s\n", ip);

398

488

return -1;

399

489

}

400

to.sin6_port = htons(port); /* Spurious warning */

490

to.in6.sin6_port = htons(port); /* Spurious warning */

401

491

402

to.sin6_scope_id = (uint32_t)if_index;

492

to.in6.sin6_scope_id = (uint32_t)if_index;

403

493

404

494

if(debug){

405

fprintf(stderr, "Connection to: %s, port %d\n", ip, port);

406

/* char addrstr[INET6_ADDRSTRLEN]; */

407

/* if(inet_ntop(to.sin6_family, &(to.sin6_addr), addrstr, */

408

/* sizeof(addrstr)) == NULL){ */

409

/* perror("inet_ntop"); */

410

/* } else { */

411

/* fprintf(stderr, "Really connecting to: %s, port %d\n", */

412

/* addrstr, ntohs(to.sin6_port)); */

413

/* } */

495

fprintf(stderr, "Connection to: %s, port %" PRIu16 "\n", ip,

496

port);

497

char addrstr[INET6_ADDRSTRLEN] = "";

498

if(inet_ntop(to.in6.sin6_family, &(to.in6.sin6_addr), addrstr,

499

sizeof(addrstr)) == NULL){

500

perror("inet_ntop");

501

} else {

502

if(strcmp(addrstr, ip) != 0){

503

fprintf(stderr, "Canonical address form: %s\n", addrstr);

504

}

505

}

414

506

}

415

507

416

ret = connect(tcp_sd, (struct sockaddr *) &to, sizeof(to));

508

ret = connect(tcp_sd, &to.in, sizeof(to));

417

509

if (ret < 0){

418

510

perror("connect");

419

511

return -1;

420

512

}

421

513

422

ret = initgnutls (&es);

423

if (ret != 0){

424

retval = -1;

425

return -1;

514

const char *out = mandos_protocol_version;

515

written = 0;

516

while (true){

517

size_t out_size = strlen(out);

518

ret = TEMP_FAILURE_RETRY(write(tcp_sd, out + written,

519

out_size - written));

520

if (ret == -1){

521

perror("write");

522

retval = -1;

523

goto mandos_end;

524

}

525

written += (size_t)ret;

526

if(written < out_size){

527

continue;

528

} else {

529

if (out == mandos_protocol_version){

530

written = 0;

531

out = "\r\n";

532

} else {

533

break;

534

}

535

}

426

536

}

427

537

428

gnutls_transport_set_ptr (es.session,

429

(gnutls_transport_ptr_t) tcp_sd);

430

431

538

if(debug){

432

539

fprintf(stderr, "Establishing TLS session with %s\n", ip);

433

540

}

434

541

435

ret = gnutls_handshake (es.session);

542

gnutls_transport_set_ptr (session, (gnutls_transport_ptr_t) tcp_sd);

543

544

do{

545

ret = gnutls_handshake (session);

546

} while(ret == GNUTLS_E_AGAIN or ret == GNUTLS_E_INTERRUPTED);

436

547

437

548

if (ret != GNUTLS_E_SUCCESS){

438

549

if(debug){

439

fprintf(stderr, "\n*** Handshake failed ***\n");

550

fprintf(stderr, "*** GnuTLS Handshake failed ***\n");

440

551

gnutls_perror (ret);

441

552

}

442

553

retval = -1;

443

goto exit;

554

goto mandos_end;

444

555

}

445

556

446

//Retrieve OpenPGP packet that contains the wanted password

557

/* Read OpenPGP packet that contains the wanted password */

447

558

448

559

if(debug){

449

560

fprintf(stderr, "Retrieving pgp encrypted password from %s\n",

450

561

ip);

451

562

}

452

563

453

564

while(true){

454

if (buffer_length + BUFFER_SIZE > buffer_capacity){

455

buffer = realloc(buffer, buffer_capacity + BUFFER_SIZE);

456

if (buffer == NULL){

457

perror("realloc");

458

goto exit;

459

}

460

buffer_capacity += BUFFER_SIZE;

565

buffer_capacity = adjustbuffer(&buffer, buffer_length,

566

buffer_capacity);

567

if (buffer_capacity == 0){

568

perror("adjustbuffer");

569

retval = -1;

570

goto mandos_end;

461

571

}

462

572

463

ret = gnutls_record_recv

464

(es.session, buffer+buffer_length, BUFFER_SIZE);

573

ret = gnutls_record_recv(session, buffer+buffer_length,

574

BUFFER_SIZE);

465

575

if (ret == 0){

466

576

break;

467

577

}

471

581

case GNUTLS_E_AGAIN:

472

582

break;

473

583

case GNUTLS_E_REHANDSHAKE:

474

ret = gnutls_handshake (es.session);

584

do{

585

ret = gnutls_handshake (session);

586

} while(ret == GNUTLS_E_AGAIN or ret == GNUTLS_E_INTERRUPTED);

475

587

if (ret < 0){

476

fprintf(stderr, "\n*** Handshake failed ***\n");

588

fprintf(stderr, "*** GnuTLS Re-handshake failed ***\n");

477

589

gnutls_perror (ret);

478

590

retval = -1;

479

goto exit;

591

goto mandos_end;

480

592

}

481

593

break;

482

594

default:

483

595

fprintf(stderr, "Unknown error while reading data from"

484

" encrypted session with mandos server\n");

596

" encrypted session with Mandos server\n");

485

597

retval = -1;

486

gnutls_bye (es.session, GNUTLS_SHUT_RDWR);

487

goto exit;

598

gnutls_bye (session, GNUTLS_SHUT_RDWR);

599

goto mandos_end;

488

600

}

489

601

} else {

490

602

buffer_length += (size_t) ret;

491

603

}

492

604

}

493

605

606

if(debug){

607

fprintf(stderr, "Closing TLS session\n");

608

}

609

610

gnutls_bye (session, GNUTLS_SHUT_RDWR);

611

494

612

if (buffer_length > 0){

495

613

decrypted_buffer_size = pgp_packet_decrypt(buffer,

496

614

buffer_length,

497

615

&decrypted_buffer,

498

certdir);

616

keydir);

499

617

if (decrypted_buffer_size >= 0){

618

written = 0;

500

619

while(written < (size_t) decrypted_buffer_size){

501

620

ret = (int)fwrite (decrypted_buffer + written, 1,

502

621

(size_t)decrypted_buffer_size - written,

515

634

} else {

516

635

retval = -1;

517

636

}

518

}

519

520

//shutdown procedure

521

522

if(debug){

523

fprintf(stderr, "Closing TLS session\n");

524

}

525

637

} else {

638

retval = -1;

639

}

640

641

/* Shutdown procedure */

642

643

mandos_end:

526

644

free(buffer);

527

gnutls_bye (es.session, GNUTLS_SHUT_RDWR);

528

exit:

529

645

close(tcp_sd);

530

gnutls_deinit (es.session);

531

gnutls_certificate_free_credentials (es.cred);

532

gnutls_global_deinit ();

646

gnutls_deinit (session);

533

647

return retval;

534

648

}

535

649

536

static AvahiSimplePoll *simple_poll = NULL;

537

static AvahiServer *server = NULL;

538

539

static void resolve_callback(

540

AvahiSServiceResolver *r,

541

AvahiIfIndex interface,

542

AVAHI_GCC_UNUSED AvahiProtocol protocol,

543

AvahiResolverEvent event,

544

const char *name,

545

const char *type,

546

const char *domain,

547

const char *host_name,

548

const AvahiAddress *address,

549

uint16_t port,

550

AVAHI_GCC_UNUSED AvahiStringList *txt,

551

AVAHI_GCC_UNUSED AvahiLookupResultFlags flags,

552

AVAHI_GCC_UNUSED void* userdata) {

553

554

assert(r); /* Spurious warning */

650

static void resolve_callback(AvahiSServiceResolver *r,

651

AvahiIfIndex interface,

652

AVAHI_GCC_UNUSED AvahiProtocol protocol,

653

AvahiResolverEvent event,

654

const char *name,

655

const char *type,

656

const char *domain,

657

const char *host_name,

658

const AvahiAddress *address,

659

uint16_t port,

660

AVAHI_GCC_UNUSED AvahiStringList *txt,

661

AVAHI_GCC_UNUSED AvahiLookupResultFlags

662

flags,

663

void* userdata) {

664

mandos_context *mc = userdata;

665

assert(r);

555

666

556

667

/* Called whenever a service has been resolved successfully or

557

668

timed out */

559

670

switch (event) {

560

671

default:

561

672

case AVAHI_RESOLVER_FAILURE:

562

fprintf(stderr, "(Resolver) Failed to resolve service '%s' of"

563

" type '%s' in domain '%s': %s\n", name, type, domain,

564

avahi_strerror(avahi_server_errno(server)));

673

fprintf(stderr, "(Avahi Resolver) Failed to resolve service '%s'"

674

" of type '%s' in domain '%s': %s\n", name, type, domain,

675

avahi_strerror(avahi_server_errno(mc->server)));

565

676

break;

566

677

567

678

case AVAHI_RESOLVER_FOUND:

569

680

char ip[AVAHI_ADDRESS_STR_MAX];

570

681

avahi_address_snprint(ip, sizeof(ip), address);

571

682

if(debug){

572

fprintf(stderr, "Mandos server \"%s\" found on %s (%s) on"

573

" port %d\n", name, host_name, ip, port);

683

fprintf(stderr, "Mandos server \"%s\" found on %s (%s, %"

684

PRIu16 ") on port %d\n", name, host_name, ip,

685

interface, port);

574

686

}

575

int ret = start_mandos_communication(ip, port, interface);

687

int ret = start_mandos_communication(ip, port, interface, mc);

576

688

if (ret == 0){

577

exit(EXIT_SUCCESS);

689

avahi_simple_poll_quit(mc->simple_poll);

578

690

}

579

691

}

580

692

}

581

693

avahi_s_service_resolver_free(r);

582

694

}

583

695

584

static void browse_callback(

585

AvahiSServiceBrowser *b,

586

AvahiIfIndex interface,

587

AvahiProtocol protocol,

588

AvahiBrowserEvent event,

589

const char *name,

590

const char *type,

591

const char *domain,

592

AVAHI_GCC_UNUSED AvahiLookupResultFlags flags,

593

void* userdata) {

594

595

AvahiServer *s = userdata;

596

assert(b); /* Spurious warning */

597

598

/* Called whenever a new services becomes available on the LAN or

599

is removed from the LAN */

600

601

switch (event) {

602

default:

603

case AVAHI_BROWSER_FAILURE:

604

605

fprintf(stderr, "(Browser) %s\n",

606

avahi_strerror(avahi_server_errno(server)));

607

avahi_simple_poll_quit(simple_poll);

608

return;

609

610

case AVAHI_BROWSER_NEW:

611

/* We ignore the returned resolver object. In the callback

612

function we free it. If the server is terminated before

613

the callback function is called the server will free

614

the resolver for us. */

615

616

if (!(avahi_s_service_resolver_new(s, interface, protocol, name,

617

type, domain,

618

AVAHI_PROTO_INET6, 0,

619

resolve_callback, s)))

620

fprintf(stderr, "Failed to resolve service '%s': %s\n", name,

621

avahi_strerror(avahi_server_errno(s)));

622

break;

623

624

case AVAHI_BROWSER_REMOVE:

625

break;

626

627

case AVAHI_BROWSER_ALL_FOR_NOW:

628

case AVAHI_BROWSER_CACHE_EXHAUSTED:

629

break;

696

static void browse_callback( AvahiSServiceBrowser *b,

697

AvahiIfIndex interface,

698

AvahiProtocol protocol,

699

AvahiBrowserEvent event,

700

const char *name,

701

const char *type,

702

const char *domain,

703

AVAHI_GCC_UNUSED AvahiLookupResultFlags

704

flags,

705

void* userdata) {

706

mandos_context *mc = userdata;

707

assert(b);

708

709

/* Called whenever a new services becomes available on the LAN or

710

is removed from the LAN */

711

712

switch (event) {

713

default:

714

case AVAHI_BROWSER_FAILURE:

715

716

fprintf(stderr, "(Avahi browser) %s\n",

717

avahi_strerror(avahi_server_errno(mc->server)));

718

avahi_simple_poll_quit(mc->simple_poll);

719

return;

720

721

case AVAHI_BROWSER_NEW:

722

/* We ignore the returned Avahi resolver object. In the callback

723

function we free it. If the Avahi server is terminated before

724

the callback function is called the Avahi server will free the

725

resolver for us. */

726

727

if (!(avahi_s_service_resolver_new(mc->server, interface,

728

protocol, name, type, domain,

729

AVAHI_PROTO_INET6, 0,

730

resolve_callback, mc)))

731

fprintf(stderr, "Avahi: Failed to resolve service '%s': %s\n",

732

name, avahi_strerror(avahi_server_errno(mc->server)));

733

break;

734

735

case AVAHI_BROWSER_REMOVE:

736

break;

737

738

case AVAHI_BROWSER_ALL_FOR_NOW:

739

case AVAHI_BROWSER_CACHE_EXHAUSTED:

740

if(debug){

741

fprintf(stderr, "No Mandos server found, still searching...\n");

630

742

}

743

break;

744

}

631

745

}

632

746

633

747

/* Combines file name and path and returns the malloced new

634

748

string. some sane checks could/should be added */

635

static const char *combinepath(const char *first, const char *second){

636

size_t f_len = strlen(first);

637

size_t s_len = strlen(second);

638

char *tmp = malloc(f_len + s_len + 2);

639

if (tmp == NULL){

749

static char *combinepath(const char *first, const char *second){

750

char *tmp;

751

int ret = asprintf(&tmp, "%s/%s", first, second);

752

if(ret < 0){

640

753

return NULL;

641

754

}

642

if(f_len > 0){

643

memcpy(tmp, first, f_len);

644

}

645

tmp[f_len] = '/';

646

if(s_len > 0){

647

memcpy(tmp + f_len + 1, second, s_len);

648

}

649

tmp[f_len + 1 + s_len] = '\0';

650

755

return tmp;

651

756

}

652

757

653

758

654

int main(AVAHI_GCC_UNUSED int argc, AVAHI_GCC_UNUSED char*argv[]) {

655

AvahiServerConfig config;

759

int main(int argc, char *argv[]){

656

760

AvahiSServiceBrowser *sb = NULL;

657

761

int error;

658

762

int ret;

659

int returncode = EXIT_SUCCESS;

763

int exitcode = EXIT_SUCCESS;

660

764

const char *interface = "eth0";

661

765

struct ifreq network;

662

766

int sd;

767

uid_t uid;

768

gid_t gid;

663

769

char *connect_to = NULL;

664

770

AvahiIfIndex if_index = AVAHI_IF_UNSPEC;

665

666

while (true){

667

static struct option long_options[] = {

668

{"debug", no_argument, (int *)&debug, 1},

669

{"connect", required_argument, 0, 'C'},

670

{"interface", required_argument, 0, 'i'},

671

{"certdir", required_argument, 0, 'd'},

672

{"certkey", required_argument, 0, 'c'},

673

{"certfile", required_argument, 0, 'k'},

674

{0, 0, 0, 0} };

675

676

int option_index = 0;

677

ret = getopt_long (argc, argv, "i:", long_options,

678

&option_index);

679

680

if (ret == -1){

681

break;

682

}

683

684

switch(ret){

685

case 0:

686

break;

687

case 'i':

688

interface = optarg;

689

break;

690

case 'C':

691

connect_to = optarg;

692

break;

693

case 'd':

694

certdir = optarg;

695

break;

696

case 'c':

697

certfile = optarg;

698

break;

699

case 'k':

700

certkey = optarg;

701

break;

702

default:

703

exit(EXIT_FAILURE);

704

}

705

}

706

707

certfile = combinepath(certdir, certfile);

708

if (certfile == NULL){

709

perror("combinepath");

710

returncode = EXIT_FAILURE;

711

goto exit;

712

}

713

714

certkey = combinepath(certdir, certkey);

715

if (certkey == NULL){

716

perror("combinepath");

717

returncode = EXIT_FAILURE;

718

goto exit;

771

char *pubkeyfilename = NULL;

772

char *seckeyfilename = NULL;

773

const char *pubkeyname = "pubkey.txt";

774

const char *seckeyname = "seckey.txt";

775

mandos_context mc = { .simple_poll = NULL, .server = NULL,

776

.dh_bits = 1024, .priority = "SECURE256"

777

":!CTYPE-X.509:+CTYPE-OPENPGP" };

778

bool gnutls_initalized = false;

779

780

{

781

struct argp_option options[] = {

782

{ .name = "debug", .key = 128,

783

.doc = "Debug mode", .group = 3 },

784

{ .name = "connect", .key = 'c',

785

.arg = "ADDRESS:PORT",

786

.doc = "Connect directly to a specific Mandos server",

787

.group = 1 },

788

{ .name = "interface", .key = 'i',

789

.arg = "NAME",

790

.doc = "Interface that will be used to search for Mandos"

791

" servers",

792

.group = 1 },

793

{ .name = "keydir", .key = 'd',

794

.arg = "DIRECTORY",

795

.doc = "Directory to read the OpenPGP key files from",

796

.group = 1 },

797

{ .name = "seckey", .key = 's',

798

.arg = "FILE",

799

.doc = "OpenPGP secret key file base name",

800

.group = 1 },

801

{ .name = "pubkey", .key = 'p',

802

.arg = "FILE",

803

.doc = "OpenPGP public key file base name",

804

.group = 2 },

805

{ .name = "dh-bits", .key = 129,

806

.arg = "BITS",

807

.doc = "Bit length of the prime number used in the"

808

" Diffie-Hellman key exchange",

809

.group = 2 },

810

{ .name = "priority", .key = 130,

811

.arg = "STRING",

812

.doc = "GnuTLS priority string for the TLS handshake",

813

.group = 1 },

814

{ .name = NULL }

815

};

816

817

error_t parse_opt (int key, char *arg,

818

struct argp_state *state) {

819

/* Get the INPUT argument from `argp_parse', which we know is

820

a pointer to our plugin list pointer. */

821

switch (key) {

822

case 128: /* --debug */

823

debug = true;

824

break;

825

case 'c': /* --connect */

826

connect_to = arg;

827

break;

828

case 'i': /* --interface */

829

interface = arg;

830

break;

831

case 'd': /* --keydir */

832

keydir = arg;

833

break;

834

case 's': /* --seckey */

835

seckeyname = arg;

836

break;

837

case 'p': /* --pubkey */

838

pubkeyname = arg;

839

break;

840

case 129: /* --dh-bits */

841

errno = 0;

842

mc.dh_bits = (unsigned int) strtol(arg, NULL, 10);

843

if (errno){

844

perror("strtol");

845

exit(EXIT_FAILURE);

846

}

847

break;

848

case 130: /* --priority */

849

mc.priority = arg;

850

break;

851

case ARGP_KEY_ARG:

852

argp_usage (state);

853

case ARGP_KEY_END:

854

break;

855

default:

856

return ARGP_ERR_UNKNOWN;

857

}

858

return 0;

859

}

860

861

struct argp argp = { .options = options, .parser = parse_opt,

862

.args_doc = "",

863

.doc = "Mandos client -- Get and decrypt"

864

" passwords from a Mandos server" };

865

ret = argp_parse (&argp, argc, argv, 0, 0, NULL);

866

if (ret == ARGP_ERR_UNKNOWN){

867

fprintf(stderr, "Unknown error while parsing arguments\n");

868

exitcode = EXIT_FAILURE;

869

goto end;

870

}

871

}

872

873

pubkeyfilename = combinepath(keydir, pubkeyname);

874

if (pubkeyfilename == NULL){

875

perror("combinepath");

876

exitcode = EXIT_FAILURE;

877

goto end;

878

}

879

880

seckeyfilename = combinepath(keydir, seckeyname);

881

if (seckeyfilename == NULL){

882

perror("combinepath");

883

exitcode = EXIT_FAILURE;

884

goto end;

885

}

886

887

ret = init_gnutls_global(&mc, pubkeyfilename, seckeyfilename);

888

if (ret == -1){

889

fprintf(stderr, "init_gnutls_global failed\n");

890

exitcode = EXIT_FAILURE;

891

goto end;

892

} else {

893

gnutls_initalized = true;

894

}

895

896

/* If the interface is down, bring it up */

897

{

898

sd = socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP);

899

if(sd < 0) {

900

perror("socket");

901

exitcode = EXIT_FAILURE;

902

goto end;

903

}

904

strcpy(network.ifr_name, interface);

905

ret = ioctl(sd, SIOCGIFFLAGS, &network);

906

if(ret == -1){

907

perror("ioctl SIOCGIFFLAGS");

908

exitcode = EXIT_FAILURE;

909

goto end;

910

}

911

if((network.ifr_flags & IFF_UP) == 0){

912

network.ifr_flags |= IFF_UP;

913

ret = ioctl(sd, SIOCSIFFLAGS, &network);

914

if(ret == -1){

915

perror("ioctl SIOCSIFFLAGS");

916

exitcode = EXIT_FAILURE;

917

goto end;

918

}

919

}

920

close(sd);

921

}

922

923

uid = getuid();

924

gid = getgid();

925

926

ret = setuid(uid);

927

if (ret == -1){

928

perror("setuid");

929

}

930

931

setgid(gid);

932

if (ret == -1){

933

perror("setgid");

719

934

}

720

935

721

936

if_index = (AvahiIfIndex) if_nametoindex(interface);

730

945

char *address = strrchr(connect_to, ':');

731

946

if(address == NULL){

732

947

fprintf(stderr, "No colon in address\n");

733

exit(EXIT_FAILURE);

948

exitcode = EXIT_FAILURE;

949

goto end;

734

950

}

735

951

errno = 0;

736

952

uint16_t port = (uint16_t) strtol(address+1, NULL, 10);

737

953

if(errno){

738

954

perror("Bad port number");

739

exit(EXIT_FAILURE);

955

exitcode = EXIT_FAILURE;

956

goto end;

740

957

}

741

958

*address = '\0';

742

959

address = connect_to;

743

ret = start_mandos_communication(address, port, if_index);

960

ret = start_mandos_communication(address, port, if_index, &mc);

744

961

if(ret < 0){

745

exit(EXIT_FAILURE);

962

exitcode = EXIT_FAILURE;

746

963

} else {

747

exit(EXIT_SUCCESS);

748

}

749

}

750

751

sd = socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP);

752

if(sd < 0) {

753

perror("socket");

754

returncode = EXIT_FAILURE;

755

goto exit;

756

}

757

strcpy(network.ifr_name, interface);

758

ret = ioctl(sd, SIOCGIFFLAGS, &network);

759

if(ret == -1){

760

761

perror("ioctl SIOCGIFFLAGS");

762

returncode = EXIT_FAILURE;

763

goto exit;

764

}

765

if((network.ifr_flags & IFF_UP) == 0){

766

network.ifr_flags |= IFF_UP;

767

ret = ioctl(sd, SIOCSIFFLAGS, &network);

768

if(ret == -1){

769

perror("ioctl SIOCSIFFLAGS");

770

returncode = EXIT_FAILURE;

771

goto exit;

772

}

773

}

774

close(sd);

964

exitcode = EXIT_SUCCESS;

965

}

966

goto end;

967

}

775

968

776

969

if (not debug){

777

970

avahi_set_log_function(empty_log);

778

971

}

779

972

780

/* Initialize the psuedo-RNG */

973

/* Initialize the pseudo-RNG for Avahi */

781

974

srand((unsigned int) time(NULL));

782

783

/* Allocate main loop object */

784

if (!(simple_poll = avahi_simple_poll_new())) {

785

fprintf(stderr, "Failed to create simple poll object.\n");

786

returncode = EXIT_FAILURE;

787

goto exit;

788

}

789

790

/* Do not publish any local records */

791

avahi_server_config_init(&config);

792

config.publish_hinfo = 0;

793

config.publish_addresses = 0;

794

config.publish_workstation = 0;

795

config.publish_domain = 0;

796

797

/* Allocate a new server */

798

server = avahi_server_new(avahi_simple_poll_get(simple_poll),

799

&config, NULL, NULL, &error);

800

801

/* Free the configuration data */

802

avahi_server_config_free(&config);

803

804

/* Check if creating the server object succeeded */

805

if (!server) {

806

fprintf(stderr, "Failed to create server: %s\n",

975

976

/* Allocate main Avahi loop object */

977

mc.simple_poll = avahi_simple_poll_new();

978

if (mc.simple_poll == NULL) {

979

fprintf(stderr, "Avahi: Failed to create simple poll"

980

" object.\n");

981

exitcode = EXIT_FAILURE;

982

goto end;

983

}

984

985

{

986

AvahiServerConfig config;

987

/* Do not publish any local Zeroconf records */

988

avahi_server_config_init(&config);

989

config.publish_hinfo = 0;

990

config.publish_addresses = 0;

991

config.publish_workstation = 0;

992

config.publish_domain = 0;

993

994

/* Allocate a new server */

995

mc.server = avahi_server_new(avahi_simple_poll_get

996

(mc.simple_poll), &config, NULL,

997

NULL, &error);

998

999

/* Free the Avahi configuration data */

1000

avahi_server_config_free(&config);

1001

}

1002

1003

/* Check if creating the Avahi server object succeeded */

1004

if (mc.server == NULL) {

1005

fprintf(stderr, "Failed to create Avahi server: %s\n",

807

1006

avahi_strerror(error));

808

returncode = EXIT_FAILURE;

809

goto exit;

1007

exitcode = EXIT_FAILURE;

1008

goto end;

810

1009

}

811

1010

812

/* Create the service browser */

813

sb = avahi_s_service_browser_new(server, if_index,

1011

/* Create the Avahi service browser */

1012

sb = avahi_s_service_browser_new(mc.server, if_index,

814

1013

AVAHI_PROTO_INET6,

815

1014

"_mandos._tcp", NULL, 0,

816

browse_callback, server);

817

if (!sb) {

1015

browse_callback, &mc);

1016

if (sb == NULL) {

818

1017

fprintf(stderr, "Failed to create service browser: %s\n",

819

avahi_strerror(avahi_server_errno(server)));

820

returncode = EXIT_FAILURE;

821

goto exit;

1018

avahi_strerror(avahi_server_errno(mc.server)));

1019

exitcode = EXIT_FAILURE;

1020

goto end;

822

1021

}

823

1022

824

1023

/* Run the main loop */

825

1024

826

1025

if (debug){

827

fprintf(stderr, "Starting avahi loop search\n");

1026

fprintf(stderr, "Starting Avahi loop search\n");

828

1027

}

829

1028

830

avahi_simple_poll_loop(simple_poll);

831

832

exit:

833

1029

avahi_simple_poll_loop(mc.simple_poll);

1030

1031

end:

1032

834

1033

if (debug){

835

1034

fprintf(stderr, "%s exiting\n", argv[0]);

836

1035

}

837

1036

838

1037

/* Cleanup things */

839

if (sb)

1038

if (sb != NULL)

840

1039

avahi_s_service_browser_free(sb);

841

1040

842

if (server)

843

avahi_server_free(server);

844

845

if (simple_poll)

846

avahi_simple_poll_free(simple_poll);

847

free(certfile);

848

free(certkey);

849

850

return returncode;

1041

if (mc.server != NULL)

1042

avahi_server_free(mc.server);

1043

1044

if (mc.simple_poll != NULL)

1045

avahi_simple_poll_free(mc.simple_poll);

1046

free(pubkeyfilename);

1047

free(seckeyfilename);

1048

1049

if (gnutls_initalized){

1050

gnutls_certificate_free_credentials(mc.cred);

1051

gnutls_global_deinit ();

1052

}

1053

1054

return exitcode;

851

1055

}

Older »