/mandos/release : revision 147

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to plugins.d/password-request.c

Committer: Teddy Hogeborn
Date: 2008-09-03 17:11:32 UTC
Revision ID: teddy@fukt.bsnet.se-20080903171132-usevhlf0gi9rxqc3

* plugins.d/password-request.c (init_gnutls_global): Improved wording
                                                     in debug message.
                                                     Bug fix: Make
                                                     debug message
                                                     print to stderr,
                                                     not stdout.

* plugins.d/password-request.xml (SECURITY): Add text.

files added:
.bzrignore

COPYING

initramfs-tools-hook

initramfs-tools-hook-conf

initramfs-tools-script

legalnotice.xml

mandos-clients.conf.xml

mandos-keygen

mandos-keygen.xml

mandos-options.xml

mandos.conf

mandos.conf.xml

mandos.xml

overview.xml

plugin-runner.xml

plugins.d/password-prompt.xml

plugins.d/password-request.xml

plugins.d/usplash

files removed:
ca.pem

cert.pem

client-cert.pem

client-key.pem

crl.pem

key.pem

files renamed:
mandos-clients.conf => clients.conf

server.py => mandos

plugbasedclient.c => plugin-runner.c

plugins.d/passprompt.c => plugins.d/password-prompt.c

plugins.d/mandosclient.c => plugins.d/password-request.c

files modified:
Makefile

TODO

Show diffs side-by-side

added added

removed removed

plugins.d/password-request.c

* includes the following functions: "resolve_callback",

* "browse_callback", and parts of "main".

* Påhlsson.

* Everything else is

* This program is free software: you can redistribute it and/or

* modify it under the terms of the GNU General Public License as

* along with this program. If not, see

* <http://www.gnu.org/licenses/>.

* Contact the authors at <https://www.fukt.bsnet.se/~belorn/> and

* <https://www.fukt.bsnet.se/~teddy/>.

* Contact the authors at <mandos@fukt.bsnet.se>.

#define _FORTIFY_SOURCE 2

/* Needed by GPGME, specifically gpgme_data_seek() */

#define _LARGEFILE_SOURCE

#define _FILE_OFFSET_BITS 64

#include <stdio.h>

#include <assert.h>

#include <stdlib.h>

#include <time.h>

#include <net/if.h> /* if_nametoindex */

#define _GNU_SOURCE /* TEMP_FAILURE_RETRY(), asprintf() */

#include <stdio.h> /* fprintf(), stderr, fwrite(),

stdout, ferror() */

#include <stdint.h> /* uint16_t, uint32_t */

#include <stddef.h> /* NULL, size_t, ssize_t */

#include <stdlib.h> /* free(), EXIT_SUCCESS, EXIT_FAILURE,

srand() */

#include <stdbool.h> /* bool, true */

#include <string.h> /* memset(), strcmp(), strlen(),

strerror(), asprintf(), strcpy() */

#include <sys/ioctl.h> /* ioctl */

#include <sys/types.h> /* socket(), inet_pton(), sockaddr,

sockaddr_in6, PF_INET6,

SOCK_STREAM, INET6_ADDRSTRLEN,

uid_t, gid_t */

#include <inttypes.h> /* PRIu16 */

#include <sys/socket.h> /* socket(), struct sockaddr_in6,

struct in6_addr, inet_pton(),

connect() */

#include <assert.h> /* assert() */

#include <errno.h> /* perror(), errno */

#include <time.h> /* time() */

#include <net/if.h> /* ioctl, ifreq, SIOCGIFFLAGS, IFF_UP,

SIOCSIFFLAGS, if_indextoname(),

if_nametoindex(), IF_NAMESIZE */

#include <unistd.h> /* close(), SEEK_SET, off_t, write(),

getuid(), getgid(), setuid(),

setgid() */

#include <netinet/in.h>

#include <arpa/inet.h> /* inet_pton(), htons */

#include <iso646.h> /* not, and */

#include <argp.h> /* struct argp_option, error_t, struct

argp_state, struct argp,

argp_parse(), ARGP_KEY_ARG,

ARGP_KEY_END, ARGP_ERR_UNKNOWN */

/* Avahi */

/* All Avahi types, constants and functions

Avahi*, avahi_*,

AVAHI_* */

#include <avahi-core/core.h>

#include <avahi-core/lookup.h>

#include <avahi-core/log.h>

#include <avahi-common/malloc.h>

#include <avahi-common/error.h>

//mandos client part

#include <sys/types.h> /* socket(), inet_pton() */

#include <sys/socket.h> /* socket(), struct sockaddr_in6,

struct in6_addr, inet_pton() */

#include <gnutls/gnutls.h> /* All GnuTLS stuff */

#include <gnutls/openpgp.h> /* GnuTLS with openpgp stuff */

#include <unistd.h> /* close() */

#include <netinet/in.h>

#include <stdbool.h> /* true */

#include <string.h> /* memset */

#include <arpa/inet.h> /* inet_pton() */

#include <iso646.h> /* not */

// gpgme

#include <errno.h> /* perror() */

#include <gpgme.h>

// getopt long

#include <getopt.h>

/* GnuTLS */

#include <gnutls/gnutls.h> /* All GnuTLS types, constants and

functions:

gnutls_*

init_gnutls_session(),

GNUTLS_* */

#include <gnutls/openpgp.h> /* gnutls_certificate_set_openpgp_key_file(),

GNUTLS_OPENPGP_FMT_BASE64 */

/* GPGME */

#include <gpgme.h> /* All GPGME types, constants and

functions:

gpgme_*

GPGME_PROTOCOL_OpenPGP,

GPG_ERR_NO_* */

#define BUFFER_SIZE 256

#define DH_BITS 1024

const char *certdir = "/conf/conf.d/cryptkeyreq/";

const char *certfile = "openpgp-client.txt";

const char *certkey = "openpgp-client-key.txt";

100

101

bool debug = false;

102

static const char *keydir = "/conf/conf.d/mandos";

103

static const char mandos_protocol_version[] = "1";

104

const char *argp_program_version = "password-request 1.0";

105

const char *argp_program_bug_address = "<mandos@fukt.bsnet.se>";

106

107

/* Used for passing in values through the Avahi callback functions */

108

typedef struct {

gnutls_session_t session;

109

AvahiSimplePoll *simple_poll;

110

AvahiServer *server;

111

gnutls_certificate_credentials_t cred;

112

unsigned int dh_bits;

113

gnutls_dh_params_t dh_params;

} encrypted_session;

ssize_t pgp_packet_decrypt (char *packet, size_t packet_size,

char **new_packet, const char *homedir){

114

const char *priority;

115

} mandos_context;

116

117

118

* Make room in "buffer" for at least BUFFER_SIZE additional bytes.

119

* "buffer_capacity" is how much is currently allocated,

120

* "buffer_length" is how much is already used.

121

122

size_t adjustbuffer(char **buffer, size_t buffer_length,

123

size_t buffer_capacity){

124

if (buffer_length + BUFFER_SIZE > buffer_capacity){

125

*buffer = realloc(*buffer, buffer_capacity + BUFFER_SIZE);

126

if (buffer == NULL){

127

return 0;

128

}

129

buffer_capacity += BUFFER_SIZE;

130

}

131

return buffer_capacity;

132

}

133

134

135

* Decrypt OpenPGP data using keyrings in HOMEDIR.

136

* Returns -1 on error

137

138

static ssize_t pgp_packet_decrypt (const char *cryptotext,

139

size_t crypto_size,

140

char **plaintext,

141

const char *homedir){

142

gpgme_data_t dh_crypto, dh_plain;

143

gpgme_ctx_t ctx;

144

gpgme_error_t rc;

145

ssize_t ret;

ssize_t new_packet_capacity = 0;

ssize_t new_packet_length = 0;

146

size_t plaintext_capacity = 0;

147

ssize_t plaintext_length = 0;

148

gpgme_engine_info_t engine_info;

149

150

if (debug){

fprintf(stderr, "Trying to decrypt OpenPGP packet\n");

151

fprintf(stderr, "Trying to decrypt OpenPGP data\n");

152

}

100

153

101

154

/* Init GPGME */

107

160

return -1;

108

161

}

109

162

110

/* Set GPGME home directory */

163

/* Set GPGME home directory for the OpenPGP engine only */

111

164

rc = gpgme_get_engine_info (&engine_info);

112

165

if (rc != GPG_ERR_NO_ERROR){

113

166

fprintf(stderr, "bad gpgme_get_engine_info: %s: %s\n",

123

176

engine_info = engine_info->next;

124

177

}

125

178

if(engine_info == NULL){

126

fprintf(stderr, "Could not set home dir to %s\n", homedir);

179

fprintf(stderr, "Could not set GPGME home dir to %s\n", homedir);

127

180

return -1;

128

181

}

129

182

130

/* Create new GPGME data buffer from packet buffer */

131

rc = gpgme_data_new_from_mem(&dh_crypto, packet, packet_size, 0);

183

/* Create new GPGME data buffer from memory cryptotext */

184

rc = gpgme_data_new_from_mem(&dh_crypto, cryptotext, crypto_size,

185

0);

132

186

if (rc != GPG_ERR_NO_ERROR){

133

187

fprintf(stderr, "bad gpgme_data_new_from_mem: %s: %s\n",

134

188

gpgme_strsource(rc), gpgme_strerror(rc));

140

194

if (rc != GPG_ERR_NO_ERROR){

141

195

fprintf(stderr, "bad gpgme_data_new: %s: %s\n",

142

196

gpgme_strsource(rc), gpgme_strerror(rc));

197

gpgme_data_release(dh_crypto);

143

198

return -1;

144

199

}

145

200

148

203

if (rc != GPG_ERR_NO_ERROR){

149

204

fprintf(stderr, "bad gpgme_new: %s: %s\n",

150

205

gpgme_strsource(rc), gpgme_strerror(rc));

151

return -1;

206

plaintext_length = -1;

207

goto decrypt_end;

152

208

}

153

209

154

/* Decrypt data from the FILE pointer to the plaintext data

155

buffer */

210

/* Decrypt data from the cryptotext data buffer to the plaintext

211

data buffer */

156

212

rc = gpgme_op_decrypt(ctx, dh_crypto, dh_plain);

157

213

if (rc != GPG_ERR_NO_ERROR){

158

214

fprintf(stderr, "bad gpgme_op_decrypt: %s: %s\n",

159

215

gpgme_strsource(rc), gpgme_strerror(rc));

160

return -1;

216

plaintext_length = -1;

217

if (debug){

218

gpgme_decrypt_result_t result;

219

result = gpgme_op_decrypt_result(ctx);

220

if (result == NULL){

221

fprintf(stderr, "gpgme_op_decrypt_result failed\n");

222

} else {

223

fprintf(stderr, "Unsupported algorithm: %s\n",

224

result->unsupported_algorithm);

225

fprintf(stderr, "Wrong key usage: %u\n",

226

result->wrong_key_usage);

227

if(result->file_name != NULL){

228

fprintf(stderr, "File name: %s\n", result->file_name);

229

}

230

gpgme_recipient_t recipient;

231

recipient = result->recipients;

232

if(recipient){

233

while(recipient != NULL){

234

fprintf(stderr, "Public key algorithm: %s\n",

235

gpgme_pubkey_algo_name(recipient->pubkey_algo));

236

fprintf(stderr, "Key ID: %s\n", recipient->keyid);

237

fprintf(stderr, "Secret key available: %s\n",

238

recipient->status == GPG_ERR_NO_SECKEY

239

? "No" : "Yes");

240

recipient = recipient->next;

241

}

242

}

243

}

244

}

245

goto decrypt_end;

161

246

}

162

247

163

248

if(debug){

164

fprintf(stderr, "Decryption of OpenPGP packet succeeded\n");

165

}

166

167

if (debug){

168

gpgme_decrypt_result_t result;

169

result = gpgme_op_decrypt_result(ctx);

170

if (result == NULL){

171

fprintf(stderr, "gpgme_op_decrypt_result failed\n");

172

} else {

173

fprintf(stderr, "Unsupported algorithm: %s\n",

174

result->unsupported_algorithm);

175

fprintf(stderr, "Wrong key usage: %d\n",

176

result->wrong_key_usage);

177

if(result->file_name != NULL){

178

fprintf(stderr, "File name: %s\n", result->file_name);

179

}

180

gpgme_recipient_t recipient;

181

recipient = result->recipients;

182

if(recipient){

183

while(recipient != NULL){

184

fprintf(stderr, "Public key algorithm: %s\n",

185

gpgme_pubkey_algo_name(recipient->pubkey_algo));

186

fprintf(stderr, "Key ID: %s\n", recipient->keyid);

187

fprintf(stderr, "Secret key available: %s\n",

188

recipient->status == GPG_ERR_NO_SECKEY

189

? "No" : "Yes");

190

recipient = recipient->next;

191

}

192

}

193

}

194

}

195

196

/* Delete the GPGME FILE pointer cryptotext data buffer */

197

gpgme_data_release(dh_crypto);

249

fprintf(stderr, "Decryption of OpenPGP data succeeded\n");

250

}

198

251

199

252

/* Seek back to the beginning of the GPGME plaintext data buffer */

200

253

if (gpgme_data_seek(dh_plain, (off_t) 0, SEEK_SET) == -1){

201

254

perror("pgpme_data_seek");

255

plaintext_length = -1;

256

goto decrypt_end;

202

257

}

203

258

204

*new_packet = 0;

259

*plaintext = NULL;

205

260

while(true){

206

if (new_packet_length + BUFFER_SIZE > new_packet_capacity){

207

*new_packet = realloc(*new_packet,

208

(unsigned int)new_packet_capacity

209

+ BUFFER_SIZE);

210

if (*new_packet == NULL){

211

perror("realloc");

212

return -1;

213

}

214

new_packet_capacity += BUFFER_SIZE;

261

plaintext_capacity = adjustbuffer(plaintext,

262

(size_t)plaintext_length,

263

plaintext_capacity);

264

if (plaintext_capacity == 0){

265

perror("adjustbuffer");

266

plaintext_length = -1;

267

goto decrypt_end;

215

268

}

216

269

217

ret = gpgme_data_read(dh_plain, *new_packet + new_packet_length,

270

ret = gpgme_data_read(dh_plain, *plaintext + plaintext_length,

218

271

BUFFER_SIZE);

219

272

/* Print the data, if any */

220

273

if (ret == 0){

274

/* EOF */

221

275

break;

222

276

}

223

277

if(ret < 0){

224

278

perror("gpgme_data_read");

225

return -1;

226

}

227

new_packet_length += ret;

228

}

229

230

/* FIXME: check characters before printing to screen so to not print

231

terminal control characters */

232

/* if(debug){ */

233

/* fprintf(stderr, "decrypted password is: "); */

234

/* fwrite(*new_packet, 1, new_packet_length, stderr); */

235

/* fprintf(stderr, "\n"); */

236

/* } */

279

plaintext_length = -1;

280

goto decrypt_end;

281

}

282

plaintext_length += ret;

283

}

284

285

if(debug){

286

fprintf(stderr, "Decrypted password is: ");

287

for(ssize_t i = 0; i < plaintext_length; i++){

288

fprintf(stderr, "%02hhX ", (*plaintext)[i]);

289

}

290

fprintf(stderr, "\n");

291

}

292

293

decrypt_end:

294

295

/* Delete the GPGME cryptotext data buffer */

296

gpgme_data_release(dh_crypto);

237

297

238

298

/* Delete the GPGME plaintext data buffer */

239

299

gpgme_data_release(dh_plain);

240

return new_packet_length;

300

return plaintext_length;

241

301

}

242

302

243

303

static const char * safer_gnutls_strerror (int value) {

244

const char *ret = gnutls_strerror (value);

304

const char *ret = gnutls_strerror (value); /* Spurious warning */

245

305

if (ret == NULL)

246

306

ret = "(unknown)";

247

307

return ret;

248

308

}

249

309

250

void debuggnutls(__attribute__((unused)) int level,

251

const char* string){

252

fprintf(stderr, "%s", string);

310

/* GnuTLS log function callback */

311

static void debuggnutls(__attribute__((unused)) int level,

312

const char* string){

313

fprintf(stderr, "GnuTLS: %s", string);

253

314

}

254

315

255

int initgnutls(encrypted_session *es){

256

const char *err;

316

static int init_gnutls_global(mandos_context *mc,

317

const char *pubkeyfilename,

318

const char *seckeyfilename){

257

319

int ret;

258

320

259

321

if(debug){

260

322

fprintf(stderr, "Initializing GnuTLS\n");

261

323

}

262

263

if ((ret = gnutls_global_init ())

264

!= GNUTLS_E_SUCCESS) {

265

fprintf (stderr, "global_init: %s\n", safer_gnutls_strerror(ret));

324

325

ret = gnutls_global_init();

326

if (ret != GNUTLS_E_SUCCESS) {

327

fprintf (stderr, "GnuTLS global_init: %s\n",

328

safer_gnutls_strerror(ret));

266

329

return -1;

267

330

}

268

331

269

332

if (debug){

333

/* "Use a log level over 10 to enable all debugging options."

334

* - GnuTLS manual

335

270

336

gnutls_global_set_log_level(11);

271

337

gnutls_global_set_log_function(debuggnutls);

272

338

}

273

339

274

/* openpgp credentials */

275

if ((ret = gnutls_certificate_allocate_credentials (&es->cred))

276

!= GNUTLS_E_SUCCESS) {

277

fprintf (stderr, "memory error: %s\n",

340

/* OpenPGP credentials */

341

gnutls_certificate_allocate_credentials(&mc->cred);

342

if (ret != GNUTLS_E_SUCCESS){

343

fprintf (stderr, "GnuTLS memory error: %s\n", /* Spurious

344

warning */

278

345

safer_gnutls_strerror(ret));

346

gnutls_global_deinit ();

279

347

return -1;

280

348

}

281

349

282

350

if(debug){

283

fprintf(stderr, "Attempting to use OpenPGP certificate %s"

284

" and keyfile %s as GnuTLS credentials\n", certfile,

285

certkey);

351

fprintf(stderr, "Attempting to use OpenPGP public key %s and"

352

" secret key %s as GnuTLS credentials\n", pubkeyfilename,

353

seckeyfilename);

286

354

}

287

355

288

356

ret = gnutls_certificate_set_openpgp_key_file

289

(es->cred, certfile, certkey, GNUTLS_OPENPGP_FMT_BASE64);

357

(mc->cred, pubkeyfilename, seckeyfilename,

358

GNUTLS_OPENPGP_FMT_BASE64);

290

359

if (ret != GNUTLS_E_SUCCESS) {

291

fprintf

292

(stderr, "Error[%d] while reading the OpenPGP key pair ('%s',"

293

" '%s')\n",

294

ret, certfile, certkey);

295

fprintf(stdout, "The Error is: %s\n",

360

fprintf(stderr,

361

"Error[%d] while reading the OpenPGP key pair ('%s',"

362

" '%s')\n", ret, pubkeyfilename, seckeyfilename);

363

fprintf(stderr, "The GnuTLS error is: %s\n",

296

364

safer_gnutls_strerror(ret));

297

return -1;

298

}

299

300

//GnuTLS server initialization

301

if ((ret = gnutls_dh_params_init (&es->dh_params))

302

!= GNUTLS_E_SUCCESS) {

303

fprintf (stderr, "Error in dh parameter initialization: %s\n",

304

safer_gnutls_strerror(ret));

305

return -1;

306

}

307

308

if ((ret = gnutls_dh_params_generate2 (es->dh_params, DH_BITS))

309

!= GNUTLS_E_SUCCESS) {

310

fprintf (stderr, "Error in prime generation: %s\n",

311

safer_gnutls_strerror(ret));

312

return -1;

313

}

314

315

gnutls_certificate_set_dh_params (es->cred, es->dh_params);

316

317

// GnuTLS session creation

318

if ((ret = gnutls_init (&es->session, GNUTLS_SERVER))

319

!= GNUTLS_E_SUCCESS){

365

goto globalfail;

366

}

367

368

/* GnuTLS server initialization */

369

ret = gnutls_dh_params_init(&mc->dh_params);

370

if (ret != GNUTLS_E_SUCCESS) {

371

fprintf (stderr, "Error in GnuTLS DH parameter initialization:"

372

" %s\n", safer_gnutls_strerror(ret));

373

goto globalfail;

374

}

375

ret = gnutls_dh_params_generate2(mc->dh_params, mc->dh_bits);

376

if (ret != GNUTLS_E_SUCCESS) {

377

fprintf (stderr, "Error in GnuTLS prime generation: %s\n",

378

safer_gnutls_strerror(ret));

379

goto globalfail;

380

}

381

382

gnutls_certificate_set_dh_params(mc->cred, mc->dh_params);

383

384

return 0;

385

386

globalfail:

387

388

gnutls_certificate_free_credentials(mc->cred);

389

gnutls_global_deinit();

390

return -1;

391

}

392

393

static int init_gnutls_session(mandos_context *mc,

394

gnutls_session_t *session){

395

int ret;

396

/* GnuTLS session creation */

397

ret = gnutls_init(session, GNUTLS_SERVER);

398

if (ret != GNUTLS_E_SUCCESS){

320

399

fprintf(stderr, "Error in GnuTLS session initialization: %s\n",

321

400

safer_gnutls_strerror(ret));

322

401

}

323

402

324

if ((ret = gnutls_priority_set_direct (es->session, "NORMAL", &err))

325

!= GNUTLS_E_SUCCESS) {

326

fprintf(stderr, "Syntax error at: %s\n", err);

327

fprintf(stderr, "GnuTLS error: %s\n",

328

safer_gnutls_strerror(ret));

329

return -1;

403

{

404

const char *err;

405

ret = gnutls_priority_set_direct(*session, mc->priority, &err);

406

if (ret != GNUTLS_E_SUCCESS) {

407

fprintf(stderr, "Syntax error at: %s\n", err);

408

fprintf(stderr, "GnuTLS error: %s\n",

409

safer_gnutls_strerror(ret));

410

gnutls_deinit (*session);

411

return -1;

412

}

330

413

}

331

414

332

if ((ret = gnutls_credentials_set

333

(es->session, GNUTLS_CRD_CERTIFICATE, es->cred))

334

!= GNUTLS_E_SUCCESS) {

335

fprintf(stderr, "Error setting a credentials set: %s\n",

415

ret = gnutls_credentials_set(*session, GNUTLS_CRD_CERTIFICATE,

416

mc->cred);

417

if (ret != GNUTLS_E_SUCCESS) {

418

fprintf(stderr, "Error setting GnuTLS credentials: %s\n",

336

419

safer_gnutls_strerror(ret));

420

gnutls_deinit (*session);

337

421

return -1;

338

422

}

339

423

340

424

/* ignore client certificate if any. */

341

gnutls_certificate_server_set_request (es->session,

425

gnutls_certificate_server_set_request (*session,

342

426

GNUTLS_CERT_IGNORE);

343

427

344

gnutls_dh_set_prime_bits (es->session, DH_BITS);

428

gnutls_dh_set_prime_bits (*session, mc->dh_bits);

345

429

346

430

return 0;

347

431

}

348

432

349

void empty_log(__attribute__((unused)) AvahiLogLevel level,

350

__attribute__((unused)) const char *txt){}

433

/* Avahi log function callback */

434

static void empty_log(__attribute__((unused)) AvahiLogLevel level,

435

__attribute__((unused)) const char *txt){}

351

436

352

int start_mandos_communication(const char *ip, uint16_t port,

353

unsigned int if_index){

437

/* Called when a Mandos server is found */

438

static int start_mandos_communication(const char *ip, uint16_t port,

439

AvahiIfIndex if_index,

440

mandos_context *mc){

354

441

int ret, tcp_sd;

355

struct sockaddr_in6 to;

356

encrypted_session es;

442

union { struct sockaddr in; struct sockaddr_in6 in6; } to;

357

443

char *buffer = NULL;

358

444

char *decrypted_buffer;

359

445

size_t buffer_length = 0;

360

446

size_t buffer_capacity = 0;

361

447

ssize_t decrypted_buffer_size;

362

size_t written = 0;

448

size_t written;

363

449

int retval = 0;

364

450

char interface[IF_NAMESIZE];

451

gnutls_session_t session;

452

453

ret = init_gnutls_session (mc, &session);

454

if (ret != 0){

455

return -1;

456

}

365

457

366

458

if(debug){

367

fprintf(stderr, "Setting up a tcp connection to %s\n", ip);

459

fprintf(stderr, "Setting up a tcp connection to %s, port %" PRIu16

460

"\n", ip, port);

368

461

}

369

462

370

463

tcp_sd = socket(PF_INET6, SOCK_STREAM, 0);

373

466

return -1;

374

467

}

375

468

376

if(if_indextoname(if_index, interface) == NULL){

377

if(debug){

469

if(debug){

470

if(if_indextoname((unsigned int)if_index, interface) == NULL){

378

471

perror("if_indextoname");

472

return -1;

379

473

}

380

return -1;

381

}

382

383

if(debug){

384

474

fprintf(stderr, "Binding to interface %s\n", interface);

385

475

}

386

476

387

memset(&to,0,sizeof(to)); /* Spurious warning */

388

to.sin6_family = AF_INET6;

389

ret = inet_pton(AF_INET6, ip, &to.sin6_addr);

477

memset(&to, 0, sizeof(to));

478

to.in6.sin6_family = AF_INET6;

479

/* It would be nice to have a way to detect if we were passed an

480

IPv4 address here. Now we assume an IPv6 address. */

481

ret = inet_pton(AF_INET6, ip, &to.in6.sin6_addr);

390

482

if (ret < 0 ){

391

483

perror("inet_pton");

392

484

return -1;

393

}

485

}

394

486

if(ret == 0){

395

487

fprintf(stderr, "Bad address: %s\n", ip);

396

488

return -1;

397

489

}

398

to.sin6_port = htons(port); /* Spurious warning */

490

to.in6.sin6_port = htons(port); /* Spurious warning */

399

491

400

to.sin6_scope_id = (uint32_t)if_index;

492

to.in6.sin6_scope_id = (uint32_t)if_index;

401

493

402

494

if(debug){

403

fprintf(stderr, "Connection to: %s\n", ip);

495

fprintf(stderr, "Connection to: %s, port %" PRIu16 "\n", ip,

496

port);

497

char addrstr[INET6_ADDRSTRLEN] = "";

498

if(inet_ntop(to.in6.sin6_family, &(to.in6.sin6_addr), addrstr,

499

sizeof(addrstr)) == NULL){

500

perror("inet_ntop");

501

} else {

502

if(strcmp(addrstr, ip) != 0){

503

fprintf(stderr, "Canonical address form: %s\n", addrstr);

504

}

505

}

404

506

}

405

507

406

ret = connect(tcp_sd, (struct sockaddr *) &to, sizeof(to));

508

ret = connect(tcp_sd, &to.in, sizeof(to));

407

509

if (ret < 0){

408

510

perror("connect");

409

511

return -1;

410

512

}

411

513

412

ret = initgnutls (&es);

413

if (ret != 0){

414

retval = -1;

415

return -1;

514

const char *out = mandos_protocol_version;

515

written = 0;

516

while (true){

517

size_t out_size = strlen(out);

518

ret = TEMP_FAILURE_RETRY(write(tcp_sd, out + written,

519

out_size - written));

520

if (ret == -1){

521

perror("write");

522

retval = -1;

523

goto mandos_end;

524

}

525

written += (size_t)ret;

526

if(written < out_size){

527

continue;

528

} else {

529

if (out == mandos_protocol_version){

530

written = 0;

531

out = "\r\n";

532

} else {

533

break;

534

}

535

}

416

536

}

417

537

418

gnutls_transport_set_ptr (es.session,

419

(gnutls_transport_ptr_t) tcp_sd);

420

421

538

if(debug){

422

539

fprintf(stderr, "Establishing TLS session with %s\n", ip);

423

540

}

424

541

425

ret = gnutls_handshake (es.session);

542

gnutls_transport_set_ptr (session, (gnutls_transport_ptr_t) tcp_sd);

543

544

do{

545

ret = gnutls_handshake (session);

546

} while(ret == GNUTLS_E_AGAIN or ret == GNUTLS_E_INTERRUPTED);

426

547

427

548

if (ret != GNUTLS_E_SUCCESS){

428

549

if(debug){

429

fprintf(stderr, "\n*** Handshake failed ***\n");

550

fprintf(stderr, "*** GnuTLS Handshake failed ***\n");

430

551

gnutls_perror (ret);

431

552

}

432

553

retval = -1;

433

goto exit;

554

goto mandos_end;

434

555

}

435

556

436

//Retrieve OpenPGP packet that contains the wanted password

557

/* Read OpenPGP packet that contains the wanted password */

437

558

438

559

if(debug){

439

560

fprintf(stderr, "Retrieving pgp encrypted password from %s\n",

440

561

ip);

441

562

}

442

563

443

564

while(true){

444

if (buffer_length + BUFFER_SIZE > buffer_capacity){

445

buffer = realloc(buffer, buffer_capacity + BUFFER_SIZE);

446

if (buffer == NULL){

447

perror("realloc");

448

goto exit;

449

}

450

buffer_capacity += BUFFER_SIZE;

565

buffer_capacity = adjustbuffer(&buffer, buffer_length,

566

buffer_capacity);

567

if (buffer_capacity == 0){

568

perror("adjustbuffer");

569

retval = -1;

570

goto mandos_end;

451

571

}

452

572

453

ret = gnutls_record_recv

454

(es.session, buffer+buffer_length, BUFFER_SIZE);

573

ret = gnutls_record_recv(session, buffer+buffer_length,

574

BUFFER_SIZE);

455

575

if (ret == 0){

456

576

break;

457

577

}

461

581

case GNUTLS_E_AGAIN:

462

582

break;

463

583

case GNUTLS_E_REHANDSHAKE:

464

ret = gnutls_handshake (es.session);

584

do{

585

ret = gnutls_handshake (session);

586

} while(ret == GNUTLS_E_AGAIN or ret == GNUTLS_E_INTERRUPTED);

465

587

if (ret < 0){

466

fprintf(stderr, "\n*** Handshake failed ***\n");

588

fprintf(stderr, "*** GnuTLS Re-handshake failed ***\n");

467

589

gnutls_perror (ret);

468

590

retval = -1;

469

goto exit;

591

goto mandos_end;

470

592

}

471

593

break;

472

594

default:

473

595

fprintf(stderr, "Unknown error while reading data from"

474

" encrypted session with mandos server\n");

596

" encrypted session with Mandos server\n");

475

597

retval = -1;

476

gnutls_bye (es.session, GNUTLS_SHUT_RDWR);

477

goto exit;

598

gnutls_bye (session, GNUTLS_SHUT_RDWR);

599

goto mandos_end;

478

600

}

479

601

} else {

480

602

buffer_length += (size_t) ret;

481

603

}

482

604

}

483

605

606

if(debug){

607

fprintf(stderr, "Closing TLS session\n");

608

}

609

610

gnutls_bye (session, GNUTLS_SHUT_RDWR);

611

484

612

if (buffer_length > 0){

485

613

decrypted_buffer_size = pgp_packet_decrypt(buffer,

486

614

buffer_length,

487

615

&decrypted_buffer,

488

certdir);

616

keydir);

489

617

if (decrypted_buffer_size >= 0){

490

while(written < decrypted_buffer_size){

618

written = 0;

619

while(written < (size_t) decrypted_buffer_size){

491

620

ret = (int)fwrite (decrypted_buffer + written, 1,

492

621

(size_t)decrypted_buffer_size - written,

493

622

stdout);

505

634

} else {

506

635

retval = -1;

507

636

}

508

}

509

510

//shutdown procedure

511

512

if(debug){

513

fprintf(stderr, "Closing TLS session\n");

514

}

515

637

} else {

638

retval = -1;

639

}

640

641

/* Shutdown procedure */

642

643

mandos_end:

516

644

free(buffer);

517

gnutls_bye (es.session, GNUTLS_SHUT_RDWR);

518

exit:

519

645

close(tcp_sd);

520

gnutls_deinit (es.session);

521

gnutls_certificate_free_credentials (es.cred);

522

gnutls_global_deinit ();

646

gnutls_deinit (session);

523

647

return retval;

524

648

}

525

649

526

static AvahiSimplePoll *simple_poll = NULL;

527

static AvahiServer *server = NULL;

528

529

static void resolve_callback(

530

AvahiSServiceResolver *r,

531

AvahiIfIndex interface,

532

AVAHI_GCC_UNUSED AvahiProtocol protocol,

533

AvahiResolverEvent event,

534

const char *name,

535

const char *type,

536

const char *domain,

537

const char *host_name,

538

const AvahiAddress *address,

539

uint16_t port,

540

AVAHI_GCC_UNUSED AvahiStringList *txt,

541

AVAHI_GCC_UNUSED AvahiLookupResultFlags flags,

542

AVAHI_GCC_UNUSED void* userdata) {

543

544

assert(r); /* Spurious warning */

650

static void resolve_callback(AvahiSServiceResolver *r,

651

AvahiIfIndex interface,

652

AVAHI_GCC_UNUSED AvahiProtocol protocol,

653

AvahiResolverEvent event,

654

const char *name,

655

const char *type,

656

const char *domain,

657

const char *host_name,

658

const AvahiAddress *address,

659

uint16_t port,

660

AVAHI_GCC_UNUSED AvahiStringList *txt,

661

AVAHI_GCC_UNUSED AvahiLookupResultFlags

662

flags,

663

void* userdata) {

664

mandos_context *mc = userdata;

665

assert(r);

545

666

546

667

/* Called whenever a service has been resolved successfully or

547

668

timed out */

549

670

switch (event) {

550

671

default:

551

672

case AVAHI_RESOLVER_FAILURE:

552

fprintf(stderr, "(Resolver) Failed to resolve service '%s' of"

553

" type '%s' in domain '%s': %s\n", name, type, domain,

554

avahi_strerror(avahi_server_errno(server)));

673

fprintf(stderr, "(Avahi Resolver) Failed to resolve service '%s'"

674

" of type '%s' in domain '%s': %s\n", name, type, domain,

675

avahi_strerror(avahi_server_errno(mc->server)));

555

676

break;

556

677

557

678

case AVAHI_RESOLVER_FOUND:

559

680

char ip[AVAHI_ADDRESS_STR_MAX];

560

681

avahi_address_snprint(ip, sizeof(ip), address);

561

682

if(debug){

562

fprintf(stderr, "Mandos server \"%s\" found on %s (%s) on"

563

" port %d\n", name, host_name, ip, port);

683

fprintf(stderr, "Mandos server \"%s\" found on %s (%s, %"

684

PRIu16 ") on port %d\n", name, host_name, ip,

685

interface, port);

564

686

}

565

int ret = start_mandos_communication(ip, port,

566

(unsigned int) interface);

687

int ret = start_mandos_communication(ip, port, interface, mc);

567

688

if (ret == 0){

568

exit(EXIT_SUCCESS);

689

avahi_simple_poll_quit(mc->simple_poll);

569

690

}

570

691

}

571

692

}

572

693

avahi_s_service_resolver_free(r);

573

694

}

574

695

575

static void browse_callback(

576

AvahiSServiceBrowser *b,

577

AvahiIfIndex interface,

578

AvahiProtocol protocol,

579

AvahiBrowserEvent event,

580

const char *name,

581

const char *type,

582

const char *domain,

583

AVAHI_GCC_UNUSED AvahiLookupResultFlags flags,

584

void* userdata) {

585

586

AvahiServer *s = userdata;

587

assert(b); /* Spurious warning */

588

589

/* Called whenever a new services becomes available on the LAN or

590

is removed from the LAN */

591

592

switch (event) {

593

default:

594

case AVAHI_BROWSER_FAILURE:

595

596

fprintf(stderr, "(Browser) %s\n",

597

avahi_strerror(avahi_server_errno(server)));

598

avahi_simple_poll_quit(simple_poll);

599

return;

600

601

case AVAHI_BROWSER_NEW:

602

/* We ignore the returned resolver object. In the callback

603

function we free it. If the server is terminated before

604

the callback function is called the server will free

605

the resolver for us. */

606

607

if (!(avahi_s_service_resolver_new(s, interface, protocol, name,

608

type, domain,

609

AVAHI_PROTO_INET6, 0,

610

resolve_callback, s)))

611

fprintf(stderr, "Failed to resolve service '%s': %s\n", name,

612

avahi_strerror(avahi_server_errno(s)));

613

break;

614

615

case AVAHI_BROWSER_REMOVE:

616

break;

617

618

case AVAHI_BROWSER_ALL_FOR_NOW:

619

case AVAHI_BROWSER_CACHE_EXHAUSTED:

620

break;

696

static void browse_callback( AvahiSServiceBrowser *b,

697

AvahiIfIndex interface,

698

AvahiProtocol protocol,

699

AvahiBrowserEvent event,

700

const char *name,

701

const char *type,

702

const char *domain,

703

AVAHI_GCC_UNUSED AvahiLookupResultFlags

704

flags,

705

void* userdata) {

706

mandos_context *mc = userdata;

707

assert(b);

708

709

/* Called whenever a new services becomes available on the LAN or

710

is removed from the LAN */

711

712

switch (event) {

713

default:

714

case AVAHI_BROWSER_FAILURE:

715

716

fprintf(stderr, "(Avahi browser) %s\n",

717

avahi_strerror(avahi_server_errno(mc->server)));

718

avahi_simple_poll_quit(mc->simple_poll);

719

return;

720

721

case AVAHI_BROWSER_NEW:

722

/* We ignore the returned Avahi resolver object. In the callback

723

function we free it. If the Avahi server is terminated before

724

the callback function is called the Avahi server will free the

725

resolver for us. */

726

727

if (!(avahi_s_service_resolver_new(mc->server, interface,

728

protocol, name, type, domain,

729

AVAHI_PROTO_INET6, 0,

730

resolve_callback, mc)))

731

fprintf(stderr, "Avahi: Failed to resolve service '%s': %s\n",

732

name, avahi_strerror(avahi_server_errno(mc->server)));

733

break;

734

735

case AVAHI_BROWSER_REMOVE:

736

break;

737

738

case AVAHI_BROWSER_ALL_FOR_NOW:

739

case AVAHI_BROWSER_CACHE_EXHAUSTED:

740

if(debug){

741

fprintf(stderr, "No Mandos server found, still searching...\n");

621

742

}

743

break;

744

}

622

745

}

623

746

624

/* combinds file name and path and returns the malloced new string. som sane checks could/should be added */

625

const char *combinepath(const char *first, const char *second){

747

/* Combines file name and path and returns the malloced new

748

string. some sane checks could/should be added */

749

static char *combinepath(const char *first, const char *second){

626

750

char *tmp;

627

tmp = malloc(strlen(first) + strlen(second) + 2);

628

if (tmp == NULL){

629

perror("malloc");

751

int ret = asprintf(&tmp, "%s/%s", first, second);

752

if(ret < 0){

630

753

return NULL;

631

754

}

632

strcpy(tmp, first);

633

if (first[0] != '\0' and first[strlen(first) - 1] != '/'){

634

strcat(tmp, "/");

635

}

636

strcat(tmp, second);

637

755

return tmp;

638

756

}

639

757

640

758

641

int main(AVAHI_GCC_UNUSED int argc, AVAHI_GCC_UNUSED char*argv[]) {

642

AvahiServerConfig config;

759

int main(int argc, char *argv[]){

643

760

AvahiSServiceBrowser *sb = NULL;

644

761

int error;

645

762

int ret;

646

int returncode = EXIT_SUCCESS;

763

int exitcode = EXIT_SUCCESS;

647

764

const char *interface = "eth0";

648

649

while (true){

650

static struct option long_options[] = {

651

{"debug", no_argument, (int *)&debug, 1},

652

{"interface", required_argument, 0, 'i'},

653

{"certdir", required_argument, 0, 'd'},

654

{"certkey", required_argument, 0, 'c'},

655

{"certfile", required_argument, 0, 'k'},

656

{0, 0, 0, 0} };

657

658

int option_index = 0;

659

ret = getopt_long (argc, argv, "i:", long_options,

660

&option_index);

661

662

if (ret == -1){

663

break;

664

}

665

666

switch(ret){

667

case 0:

668

break;

669

case 'i':

670

interface = optarg;

671

break;

672

case 'd':

673

certdir = optarg;

674

break;

675

case 'c':

676

certfile = optarg;

677

break;

678

case 'k':

679

certkey = optarg;

680

break;

681

default:

682

exit(EXIT_FAILURE);

683

}

684

}

685

686

certfile = combinepath(certdir, certfile);

687

if (certfile == NULL){

688

goto exit;

689

}

690

691

certkey = combinepath(certdir, certkey);

692

if (certkey == NULL){

693

goto exit;

694

}

695

765

struct ifreq network;

766

int sd;

767

uid_t uid;

768

gid_t gid;

769

char *connect_to = NULL;

770

AvahiIfIndex if_index = AVAHI_IF_UNSPEC;

771

char *pubkeyfilename = NULL;

772

char *seckeyfilename = NULL;

773

const char *pubkeyname = "pubkey.txt";

774

const char *seckeyname = "seckey.txt";

775

mandos_context mc = { .simple_poll = NULL, .server = NULL,

776

.dh_bits = 1024, .priority = "SECURE256"

777

":!CTYPE-X.509:+CTYPE-OPENPGP" };

778

bool gnutls_initalized = false;

779

780

{

781

struct argp_option options[] = {

782

{ .name = "debug", .key = 128,

783

.doc = "Debug mode", .group = 3 },

784

{ .name = "connect", .key = 'c',

785

.arg = "ADDRESS:PORT",

786

.doc = "Connect directly to a specific Mandos server",

787

.group = 1 },

788

{ .name = "interface", .key = 'i',

789

.arg = "NAME",

790

.doc = "Interface that will be used to search for Mandos"

791

" servers",

792

.group = 1 },

793

{ .name = "keydir", .key = 'd',

794

.arg = "DIRECTORY",

795

.doc = "Directory to read the OpenPGP key files from",

796

.group = 1 },

797

{ .name = "seckey", .key = 's',

798

.arg = "FILE",

799

.doc = "OpenPGP secret key file base name",

800

.group = 1 },

801

{ .name = "pubkey", .key = 'p',

802

.arg = "FILE",

803

.doc = "OpenPGP public key file base name",

804

.group = 2 },

805

{ .name = "dh-bits", .key = 129,

806

.arg = "BITS",

807

.doc = "Bit length of the prime number used in the"

808

" Diffie-Hellman key exchange",

809

.group = 2 },

810

{ .name = "priority", .key = 130,

811

.arg = "STRING",

812

.doc = "GnuTLS priority string for the TLS handshake",

813

.group = 1 },

814

{ .name = NULL }

815

};

816

817

error_t parse_opt (int key, char *arg,

818

struct argp_state *state) {

819

/* Get the INPUT argument from `argp_parse', which we know is

820

a pointer to our plugin list pointer. */

821

switch (key) {

822

case 128: /* --debug */

823

debug = true;

824

break;

825

case 'c': /* --connect */

826

connect_to = arg;

827

break;

828

case 'i': /* --interface */

829

interface = arg;

830

break;

831

case 'd': /* --keydir */

832

keydir = arg;

833

break;

834

case 's': /* --seckey */

835

seckeyname = arg;

836

break;

837

case 'p': /* --pubkey */

838

pubkeyname = arg;

839

break;

840

case 129: /* --dh-bits */

841

errno = 0;

842

mc.dh_bits = (unsigned int) strtol(arg, NULL, 10);

843

if (errno){

844

perror("strtol");

845

exit(EXIT_FAILURE);

846

}

847

break;

848

case 130: /* --priority */

849

mc.priority = arg;

850

break;

851

case ARGP_KEY_ARG:

852

argp_usage (state);

853

case ARGP_KEY_END:

854

break;

855

default:

856

return ARGP_ERR_UNKNOWN;

857

}

858

return 0;

859

}

860

861

struct argp argp = { .options = options, .parser = parse_opt,

862

.args_doc = "",

863

.doc = "Mandos client -- Get and decrypt"

864

" passwords from a Mandos server" };

865

ret = argp_parse (&argp, argc, argv, 0, 0, NULL);

866

if (ret == ARGP_ERR_UNKNOWN){

867

fprintf(stderr, "Unknown error while parsing arguments\n");

868

exitcode = EXIT_FAILURE;

869

goto end;

870

}

871

}

872

873

pubkeyfilename = combinepath(keydir, pubkeyname);

874

if (pubkeyfilename == NULL){

875

perror("combinepath");

876

exitcode = EXIT_FAILURE;

877

goto end;

878

}

879

880

seckeyfilename = combinepath(keydir, seckeyname);

881

if (seckeyfilename == NULL){

882

perror("combinepath");

883

exitcode = EXIT_FAILURE;

884

goto end;

885

}

886

887

ret = init_gnutls_global(&mc, pubkeyfilename, seckeyfilename);

888

if (ret == -1){

889

fprintf(stderr, "init_gnutls_global failed\n");

890

exitcode = EXIT_FAILURE;

891

goto end;

892

} else {

893

gnutls_initalized = true;

894

}

895

896

/* If the interface is down, bring it up */

897

{

898

sd = socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP);

899

if(sd < 0) {

900

perror("socket");

901

exitcode = EXIT_FAILURE;

902

goto end;

903

}

904

strcpy(network.ifr_name, interface);

905

ret = ioctl(sd, SIOCGIFFLAGS, &network);

906

if(ret == -1){

907

perror("ioctl SIOCGIFFLAGS");

908

exitcode = EXIT_FAILURE;

909

goto end;

910

}

911

if((network.ifr_flags & IFF_UP) == 0){

912

network.ifr_flags |= IFF_UP;

913

ret = ioctl(sd, SIOCSIFFLAGS, &network);

914

if(ret == -1){

915

perror("ioctl SIOCSIFFLAGS");

916

exitcode = EXIT_FAILURE;

917

goto end;

918

}

919

}

920

close(sd);

921

}

922

923

uid = getuid();

924

gid = getgid();

925

926

ret = setuid(uid);

927

if (ret == -1){

928

perror("setuid");

929

}

930

931

setgid(gid);

932

if (ret == -1){

933

perror("setgid");

934

}

935

936

if_index = (AvahiIfIndex) if_nametoindex(interface);

937

if(if_index == 0){

938

fprintf(stderr, "No such interface: \"%s\"\n", interface);

939

exit(EXIT_FAILURE);

940

}

941

942

if(connect_to != NULL){

943

/* Connect directly, do not use Zeroconf */

944

/* (Mainly meant for debugging) */

945

char *address = strrchr(connect_to, ':');

946

if(address == NULL){

947

fprintf(stderr, "No colon in address\n");

948

exitcode = EXIT_FAILURE;

949

goto end;

950

}

951

errno = 0;

952

uint16_t port = (uint16_t) strtol(address+1, NULL, 10);

953

if(errno){

954

perror("Bad port number");

955

exitcode = EXIT_FAILURE;

956

goto end;

957

}

958

*address = '\0';

959

address = connect_to;

960

ret = start_mandos_communication(address, port, if_index, &mc);

961

if(ret < 0){

962

exitcode = EXIT_FAILURE;

963

} else {

964

exitcode = EXIT_SUCCESS;

965

}

966

goto end;

967

}

968

696

969

if (not debug){

697

970

avahi_set_log_function(empty_log);

698

971

}

699

972

700

/* Initialize the psuedo-RNG */

973

/* Initialize the pseudo-RNG for Avahi */

701

974

srand((unsigned int) time(NULL));

702

703

/* Allocate main loop object */

704

if (!(simple_poll = avahi_simple_poll_new())) {

705

fprintf(stderr, "Failed to create simple poll object.\n");

706

707

goto exit;

708

}

709

710

/* Do not publish any local records */

711

avahi_server_config_init(&config);

712

config.publish_hinfo = 0;

713

config.publish_addresses = 0;

714

config.publish_workstation = 0;

715

config.publish_domain = 0;

716

717

/* Allocate a new server */

718

server = avahi_server_new(avahi_simple_poll_get(simple_poll),

719

&config, NULL, NULL, &error);

720

721

/* Free the configuration data */

722

avahi_server_config_free(&config);

723

724

/* Check if creating the server object succeeded */

725

if (!server) {

726

fprintf(stderr, "Failed to create server: %s\n",

975

976

/* Allocate main Avahi loop object */

977

mc.simple_poll = avahi_simple_poll_new();

978

if (mc.simple_poll == NULL) {

979

fprintf(stderr, "Avahi: Failed to create simple poll"

980

" object.\n");

981

exitcode = EXIT_FAILURE;

982

goto end;

983

}

984

985

{

986

AvahiServerConfig config;

987

/* Do not publish any local Zeroconf records */

988

avahi_server_config_init(&config);

989

config.publish_hinfo = 0;

990

config.publish_addresses = 0;

991

config.publish_workstation = 0;

992

config.publish_domain = 0;

993

994

/* Allocate a new server */

995

mc.server = avahi_server_new(avahi_simple_poll_get

996

(mc.simple_poll), &config, NULL,

997

NULL, &error);

998

999

/* Free the Avahi configuration data */

1000

avahi_server_config_free(&config);

1001

}

1002

1003

/* Check if creating the Avahi server object succeeded */

1004

if (mc.server == NULL) {

1005

fprintf(stderr, "Failed to create Avahi server: %s\n",

727

1006

avahi_strerror(error));

728

returncode = EXIT_FAILURE;

729

goto exit;

1007

exitcode = EXIT_FAILURE;

1008

goto end;

730

1009

}

731

1010

732

/* Create the service browser */

733

sb = avahi_s_service_browser_new(server,

734

(AvahiIfIndex)

735

if_nametoindex(interface),

1011

/* Create the Avahi service browser */

1012

sb = avahi_s_service_browser_new(mc.server, if_index,

736

1013

AVAHI_PROTO_INET6,

737

1014

"_mandos._tcp", NULL, 0,

738

browse_callback, server);

739

if (!sb) {

1015

browse_callback, &mc);

1016

if (sb == NULL) {

740

1017

fprintf(stderr, "Failed to create service browser: %s\n",

741

avahi_strerror(avahi_server_errno(server)));

742

returncode = EXIT_FAILURE;

743

goto exit;

1018

avahi_strerror(avahi_server_errno(mc.server)));

1019

exitcode = EXIT_FAILURE;

1020

goto end;

744

1021

}

745

1022

746

1023

/* Run the main loop */

747

1024

748

1025

if (debug){

749

fprintf(stderr, "Starting avahi loop search\n");

1026

fprintf(stderr, "Starting Avahi loop search\n");

750

1027

}

751

1028

752

avahi_simple_poll_loop(simple_poll);

753

754

exit:

755

1029

avahi_simple_poll_loop(mc.simple_poll);

1030

1031

end:

1032

756

1033

if (debug){

757

1034

fprintf(stderr, "%s exiting\n", argv[0]);

758

1035

}

759

1036

760

1037

/* Cleanup things */

761

if (sb)

1038

if (sb != NULL)

762

1039

avahi_s_service_browser_free(sb);

763

1040

764

if (server)

765

avahi_server_free(server);

766

767

if (simple_poll)

768

avahi_simple_poll_free(simple_poll);

769

free(certfile);

770

free(certkey);

771

772

return returncode;

1041

if (mc.server != NULL)

1042

avahi_server_free(mc.server);

1043

1044

if (mc.simple_poll != NULL)

1045

avahi_simple_poll_free(mc.simple_poll);

1046

free(pubkeyfilename);

1047

free(seckeyfilename);

1048

1049

if (gnutls_initalized){

1050

gnutls_certificate_free_credentials(mc.cred);

1051

gnutls_global_deinit ();

1052

}

1053

1054

return exitcode;

773

1055

}

Older »