/mandos/release : revision 15.1.4

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to plugins.d/mandosclient.c

Committer: Björn Påhlsson
Date: 2008-07-21 19:15:06 UTC
mfrom: (19 mandos)
mto: This revision was merged to the branch mainline in revision 22.
Revision ID: belorn@braxen-20080721191506-f4av11wlu2cmmeid

merge

files added:
ca.pem

cert.pem

client-cert.pem

client-key.pem

crl.pem

key.pem

files removed:
mandos-client.xml

mandos-clients.conf.xml

mandos.conf

mandos.conf.xml

mandos.xml

network-protocol.txt

plugins.d/password-prompt.xml

plugins.d/password-request.xml

files renamed:
clients.conf => mandos-clients.conf

mandos-client.c => plugbasedclient.c

plugins.d/password-request.c => plugins.d/mandosclient.c

plugins.d/password-prompt.c => plugins.d/passprompt.c

mandos => server.py

files modified:
Makefile

TODO

Show diffs side-by-side

added added

removed removed

plugins.d/mandosclient.c

/* -*- coding: utf-8 -*- */

* Mandos client - get and decrypt data from a Mandos server

* This program is partly derived from an example program for an Avahi

* service browser, downloaded from

* <http://avahi.org/browser/examples/core-browse-services.c>. This

* includes the following functions: "resolve_callback",

* "browse_callback", and parts of "main".

* Everything else is

* This program is free software: you can redistribute it and/or

* modify it under the terms of the GNU General Public License as

* published by the Free Software Foundation, either version 3 of the

* License, or (at your option) any later version.

* This program is distributed in the hope that it will be useful, but

* WITHOUT ANY WARRANTY; without even the implied warranty of

* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU

* General Public License for more details.

* You should have received a copy of the GNU General Public License

* along with this program. If not, see

* <http://www.gnu.org/licenses/>.

* Contact the authors at <mandos@fukt.bsnet.se>.

/***

This file is part of avahi.

avahi is free software; you can redistribute it and/or modify it

under the terms of the GNU Lesser General Public License as

published by the Free Software Foundation; either version 2.1 of the

License, or (at your option) any later version.

avahi is distributed in the hope that it will be useful, but WITHOUT

ANY WARRANTY; without even the implied warranty of MERCHANTABILITY

or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General

Public License for more details.

You should have received a copy of the GNU Lesser General Public

License along with avahi; if not, write to the Free Software

Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307

USA.

***/

/* Needed by GPGME, specifically gpgme_data_seek() */

#define _LARGEFILE_SOURCE

#define _FILE_OFFSET_BITS 64

#define _GNU_SOURCE /* TEMP_FAILURE_RETRY() */

#include <stdio.h> /* fprintf(), stderr, fwrite(), stdout,

ferror() */

#include <stdint.h> /* uint16_t, uint32_t */

#include <stddef.h> /* NULL, size_t, ssize_t */

#include <stdlib.h> /* free(), EXIT_SUCCESS, EXIT_FAILURE,

srand() */

#include <stdbool.h> /* bool, true */

#include <string.h> /* memset(), strcmp(), strlen(),

strerror(), memcpy(), strcpy() */

#include <sys/ioctl.h> /* ioctl */

#include <net/if.h> /* ifreq, SIOCGIFFLAGS, SIOCSIFFLAGS,

IFF_UP */

#include <sys/types.h> /* socket(), inet_pton(), sockaddr,

sockaddr_in6, PF_INET6,

SOCK_STREAM, INET6_ADDRSTRLEN,

uid_t, gid_t */

#include <sys/socket.h> /* socket(), struct sockaddr_in6,

struct in6_addr, inet_pton(),

connect() */

#include <assert.h> /* assert() */

#include <errno.h> /* perror(), errno */

#include <time.h> /* time() */

#include <net/if.h> /* ioctl, ifreq, SIOCGIFFLAGS, IFF_UP,

SIOCSIFFLAGS, if_indextoname(),

if_nametoindex(), IF_NAMESIZE */

#include <unistd.h> /* close(), SEEK_SET, off_t, write(),

getuid(), getgid(), setuid(),

setgid() */

#include <netinet/in.h>

#include <arpa/inet.h> /* inet_pton(), htons */

#include <iso646.h> /* not, and */

#include <argp.h> /* struct argp_option, error_t, struct

argp_state, struct argp,

argp_parse(), ARGP_KEY_ARG,

ARGP_KEY_END, ARGP_ERR_UNKNOWN */

/* Avahi */

/* All Avahi types, constants and functions

Avahi*, avahi_*,

AVAHI_* */

#include <stdio.h>

#include <assert.h>

#include <stdlib.h>

#include <time.h>

#include <net/if.h> /* if_nametoindex */

#include <avahi-core/core.h>

#include <avahi-core/lookup.h>

#include <avahi-core/log.h>

#include <avahi-common/malloc.h>

#include <avahi-common/error.h>

/* GnuTLS */

#include <gnutls/gnutls.h> /* All GnuTLS types, constants and functions

gnutls_*

init_gnutls_session(),

GNUTLS_* */

#include <gnutls/openpgp.h> /* gnutls_certificate_set_openpgp_key_file(),

GNUTLS_OPENPGP_FMT_BASE64 */

/* GPGME */

#include <gpgme.h> /* All GPGME types, constants and functions

gpgme_*

GPGME_PROTOCOL_OpenPGP,

GPG_ERR_NO_* */

//mandos client part

#include <sys/types.h> /* socket(), setsockopt(), inet_pton() */

#include <sys/socket.h> /* socket(), setsockopt(), struct sockaddr_in6, struct in6_addr, inet_pton() */

#include <gnutls/gnutls.h> /* ALL GNUTLS STUFF */

#include <gnutls/openpgp.h> /* gnutls with openpgp stuff */

#include <unistd.h> /* close() */

#include <netinet/in.h>

#include <stdbool.h> /* true */

#include <string.h> /* memset */

#include <arpa/inet.h> /* inet_pton() */

#include <iso646.h> /* not */

// gpgme

#include <errno.h> /* perror() */

#include <gpgme.h>

// getopt long

#include <getopt.h>

#ifndef CERT_ROOT

#define CERT_ROOT "/conf/conf.d/cryptkeyreq/"

#endif

#define CERTFILE CERT_ROOT "openpgp-client.txt"

#define KEYFILE CERT_ROOT "openpgp-client-key.txt"

#define BUFFER_SIZE 256

#define DH_BITS 1024

100

bool debug = false;

101

static const char *keydir = "/conf/conf.d/mandos";

102

static const char mandos_protocol_version[] = "1";

103

const char *argp_program_version = "password-request 1.0";

104

const char *argp_program_bug_address = "<mandos@fukt.bsnet.se>";

char *interface = "eth0";

105

106

/* Used for passing in values through the Avahi callback functions */

107

typedef struct {

108

AvahiSimplePoll *simple_poll;

109

AvahiServer *server;

gnutls_session_t session;

110

gnutls_certificate_credentials_t cred;

111

unsigned int dh_bits;

112

gnutls_dh_params_t dh_params;

113

const char *priority;

114

} mandos_context;

115

116

117

* Make room in "buffer" for at least BUFFER_SIZE additional bytes.

118

* "buffer_capacity" is how much is currently allocated,

119

* "buffer_length" is how much is already used.

120

121

size_t adjustbuffer(char **buffer, size_t buffer_length,

122

size_t buffer_capacity){

123

if (buffer_length + BUFFER_SIZE > buffer_capacity){

124

*buffer = realloc(*buffer, buffer_capacity + BUFFER_SIZE);

125

if (buffer == NULL){

126

return 0;

127

}

128

buffer_capacity += BUFFER_SIZE;

129

}

130

return buffer_capacity;

131

}

132

133

134

* Decrypt OpenPGP data using keyrings in HOMEDIR.

135

* Returns -1 on error

136

137

static ssize_t pgp_packet_decrypt (const char *cryptotext,

138

size_t crypto_size,

139

char **plaintext,

140

const char *homedir){

} encrypted_session;

ssize_t gpg_packet_decrypt (char *packet, size_t packet_size, char **new_packet, char *homedir){

141

gpgme_data_t dh_crypto, dh_plain;

142

gpgme_ctx_t ctx;

143

gpgme_error_t rc;

144

ssize_t ret;

145

size_t plaintext_capacity = 0;

146

ssize_t plaintext_length = 0;

size_t new_packet_capacity = 0;

size_t new_packet_length = 0;

147

gpgme_engine_info_t engine_info;

148

149

if (debug){

150

fprintf(stderr, "Trying to decrypt OpenPGP data\n");

fprintf(stderr, "Attempting to decrypt password from gpg packet\n");

151

}

152

153

/* Init GPGME */

154

gpgme_check_version(NULL);

155

rc = gpgme_engine_check_version(GPGME_PROTOCOL_OpenPGP);

156

if (rc != GPG_ERR_NO_ERROR){

157

fprintf(stderr, "bad gpgme_engine_check_version: %s: %s\n",

158

gpgme_strsource(rc), gpgme_strerror(rc));

159

return -1;

160

}

gpgme_engine_check_version(GPGME_PROTOCOL_OpenPGP);

161

162

/* Set GPGME home directory for the OpenPGP engine only */

/* Set GPGME home directory */

163

rc = gpgme_get_engine_info (&engine_info);

164

if (rc != GPG_ERR_NO_ERROR){

165

fprintf(stderr, "bad gpgme_get_engine_info: %s: %s\n",

175

104

engine_info = engine_info->next;

176

105

}

177

106

if(engine_info == NULL){

178

fprintf(stderr, "Could not set GPGME home dir to %s\n", homedir);

107

fprintf(stderr, "Could not set home dir to %s\n", homedir);

179

108

return -1;

180

109

}

181

110

182

/* Create new GPGME data buffer from memory cryptotext */

183

rc = gpgme_data_new_from_mem(&dh_crypto, cryptotext, crypto_size,

184

0);

111

/* Create new GPGME data buffer from packet buffer */

112

rc = gpgme_data_new_from_mem(&dh_crypto, packet, packet_size, 0);

185

113

if (rc != GPG_ERR_NO_ERROR){

186

114

fprintf(stderr, "bad gpgme_data_new_from_mem: %s: %s\n",

187

115

gpgme_strsource(rc), gpgme_strerror(rc));

193

121

if (rc != GPG_ERR_NO_ERROR){

194

122

fprintf(stderr, "bad gpgme_data_new: %s: %s\n",

195

123

gpgme_strsource(rc), gpgme_strerror(rc));

196

gpgme_data_release(dh_crypto);

197

124

return -1;

198

125

}

199

126

202

129

if (rc != GPG_ERR_NO_ERROR){

203

130

fprintf(stderr, "bad gpgme_new: %s: %s\n",

204

131

gpgme_strsource(rc), gpgme_strerror(rc));

205

plaintext_length = -1;

206

goto decrypt_end;

132

return -1;

207

133

}

208

134

209

/* Decrypt data from the cryptotext data buffer to the plaintext

210

data buffer */

135

/* Decrypt data from the FILE pointer to the plaintext data buffer */

211

136

rc = gpgme_op_decrypt(ctx, dh_crypto, dh_plain);

212

137

if (rc != GPG_ERR_NO_ERROR){

213

138

fprintf(stderr, "bad gpgme_op_decrypt: %s: %s\n",

214

139

gpgme_strsource(rc), gpgme_strerror(rc));

215

plaintext_length = -1;

216

goto decrypt_end;

140

return -1;

217

141

}

218

142

219

143

if(debug){

220

fprintf(stderr, "Decryption of OpenPGP data succeeded\n");

144

fprintf(stderr, "decryption of gpg packet succeeded\n");

221

145

}

222

146

223

147

if (debug){

224

148

gpgme_decrypt_result_t result;

225

149

result = gpgme_op_decrypt_result(ctx);

226

150

if (result == NULL){

227

151

fprintf(stderr, "gpgme_op_decrypt_result failed\n");

228

152

} else {

229

fprintf(stderr, "Unsupported algorithm: %s\n",

230

result->unsupported_algorithm);

231

fprintf(stderr, "Wrong key usage: %d\n",

232

result->wrong_key_usage);

153

fprintf(stderr, "Unsupported algorithm: %s\n", result->unsupported_algorithm);

154

fprintf(stderr, "Wrong key usage: %d\n", result->wrong_key_usage);

233

155

if(result->file_name != NULL){

234

156

fprintf(stderr, "File name: %s\n", result->file_name);

235

157

}

241

163

gpgme_pubkey_algo_name(recipient->pubkey_algo));

242

164

fprintf(stderr, "Key ID: %s\n", recipient->keyid);

243

165

fprintf(stderr, "Secret key available: %s\n",

244

recipient->status == GPG_ERR_NO_SECKEY

245

? "No" : "Yes");

166

recipient->status == GPG_ERR_NO_SECKEY ? "No" : "Yes");

246

167

recipient = recipient->next;

247

168

}

248

169

}

249

170

}

250

171

}

251

172

173

/* Delete the GPGME FILE pointer cryptotext data buffer */

174

gpgme_data_release(dh_crypto);

175

252

176

/* Seek back to the beginning of the GPGME plaintext data buffer */

253

if (gpgme_data_seek(dh_plain, (off_t) 0, SEEK_SET) == -1){

254

perror("pgpme_data_seek");

255

plaintext_length = -1;

256

goto decrypt_end;

257

}

258

259

*plaintext = NULL;

177

gpgme_data_seek(dh_plain, 0, SEEK_SET);

178

179

*new_packet = 0;

260

180

while(true){

261

plaintext_capacity = adjustbuffer(plaintext,

262

(size_t)plaintext_length,

263

plaintext_capacity);

264

if (plaintext_capacity == 0){

265

perror("adjustbuffer");

266

plaintext_length = -1;

267

goto decrypt_end;

181

if (new_packet_length + BUFFER_SIZE > new_packet_capacity){

182

*new_packet = realloc(*new_packet, new_packet_capacity + BUFFER_SIZE);

183

if (*new_packet == NULL){

184

perror("realloc");

185

return -1;

186

}

187

new_packet_capacity += BUFFER_SIZE;

268

188

}

269

189

270

ret = gpgme_data_read(dh_plain, *plaintext + plaintext_length,

271

BUFFER_SIZE);

190

ret = gpgme_data_read(dh_plain, *new_packet + new_packet_length, BUFFER_SIZE);

272

191

/* Print the data, if any */

273

192

if (ret == 0){

274

/* EOF */

193

/* If password is empty, then a incorrect error will be printed */

275

194

break;

276

195

}

277

196

if(ret < 0){

278

197

perror("gpgme_data_read");

279

plaintext_length = -1;

280

goto decrypt_end;

198

return -1;

281

199

}

282

plaintext_length += ret;

200

new_packet_length += ret;

283

201

}

284

202

285

if(debug){

286

fprintf(stderr, "Decrypted password is: ");

287

for(ssize_t i = 0; i < plaintext_length; i++){

288

fprintf(stderr, "%02hhX ", (*plaintext)[i]);

289

}

290

fprintf(stderr, "\n");

291

}

292

293

decrypt_end:

294

295

/* Delete the GPGME cryptotext data buffer */

296

gpgme_data_release(dh_crypto);

203

/* FIXME: check characters before printing to screen so to not print

204

terminal control characters */

205

/* if(debug){ */

206

/* fprintf(stderr, "decrypted password is: "); */

207

/* fwrite(*new_packet, 1, new_packet_length, stderr); */

208

/* fprintf(stderr, "\n"); */

209

/* } */

297

210

298

211

/* Delete the GPGME plaintext data buffer */

299

212

gpgme_data_release(dh_plain);

300

return plaintext_length;

213

return new_packet_length;

301

214

}

302

215

303

216

static const char * safer_gnutls_strerror (int value) {

307

220

return ret;

308

221

}

309

222

310

/* GnuTLS log function callback */

311

static void debuggnutls(__attribute__((unused)) int level,

312

const char* string){

313

fprintf(stderr, "GnuTLS: %s", string);

223

void debuggnutls(int level, const char* string){

224

fprintf(stderr, "%s", string);

314

225

}

315

226

316

static int init_gnutls_global(mandos_context *mc,

317

const char *pubkeyfile,

318

const char *seckeyfile){

227

int initgnutls(encrypted_session *es){

228

const char *err;

319

229

int ret;

320

230

321

231

if(debug){

322

fprintf(stderr, "Initializing GnuTLS\n");

232

fprintf(stderr, "Initializing gnutls\n");

323

233

}

234

324

235

325

ret = gnutls_global_init();

326

if (ret != GNUTLS_E_SUCCESS) {

327

fprintf (stderr, "GnuTLS global_init: %s\n",

328

safer_gnutls_strerror(ret));

236

if ((ret = gnutls_global_init ())

237

!= GNUTLS_E_SUCCESS) {

238

fprintf (stderr, "global_init: %s\n", safer_gnutls_strerror(ret));

329

239

return -1;

330

240

}

331

241

332

242

if (debug){

333

/* "Use a log level over 10 to enable all debugging options."

334

* - GnuTLS manual

335

336

243

gnutls_global_set_log_level(11);

337

244

gnutls_global_set_log_function(debuggnutls);

338

245

}

339

246

340

/* OpenPGP credentials */

341

gnutls_certificate_allocate_credentials(&mc->cred);

342

if (ret != GNUTLS_E_SUCCESS){

343

fprintf (stderr, "GnuTLS memory error: %s\n",

344

safer_gnutls_strerror(ret));

345

gnutls_global_deinit ();

247

248

/* openpgp credentials */

249

if ((ret = gnutls_certificate_allocate_credentials (&es->cred))

250

!= GNUTLS_E_SUCCESS) {

251

fprintf (stderr, "memory error: %s\n", safer_gnutls_strerror(ret));

346

252

return -1;

347

253

}

348

254

349

255

if(debug){

350

fprintf(stderr, "Attempting to use OpenPGP certificate %s"

351

" and keyfile %s as GnuTLS credentials\n", pubkeyfile,

352

seckeyfile);

256

fprintf(stderr, "Attempting to use openpgp certificate %s"

257

" and keyfile %s as gnutls credentials\n", CERTFILE, KEYFILE);

353

258

}

354

259

355

260

ret = gnutls_certificate_set_openpgp_key_file

356

(mc->cred, pubkeyfile, seckeyfile, GNUTLS_OPENPGP_FMT_BASE64);

357

if (ret != GNUTLS_E_SUCCESS) {

358

fprintf(stderr,

359

"Error[%d] while reading the OpenPGP key pair ('%s',"

360

" '%s')\n", ret, pubkeyfile, seckeyfile);

361

fprintf(stdout, "The GnuTLS error is: %s\n",

362

safer_gnutls_strerror(ret));

363

goto globalfail;

364

}

365

366

/* GnuTLS server initialization */

367

ret = gnutls_dh_params_init(&mc->dh_params);

368

if (ret != GNUTLS_E_SUCCESS) {

369

fprintf (stderr, "Error in GnuTLS DH parameter initialization:"

370

" %s\n", safer_gnutls_strerror(ret));

371

goto globalfail;

372

}

373

ret = gnutls_dh_params_generate2(mc->dh_params, mc->dh_bits);

374

if (ret != GNUTLS_E_SUCCESS) {

375

fprintf (stderr, "Error in GnuTLS prime generation: %s\n",

376

safer_gnutls_strerror(ret));

377

goto globalfail;

378

}

379

380

gnutls_certificate_set_dh_params(mc->cred, mc->dh_params);

381

382

return 0;

383

384

globalfail:

385

386

gnutls_certificate_free_credentials(mc->cred);

387

gnutls_global_deinit();

388

return -1;

389

390

}

391

392

static int init_gnutls_session(mandos_context *mc,

393

gnutls_session_t *session){

394

int ret;

395

/* GnuTLS session creation */

396

ret = gnutls_init(session, GNUTLS_SERVER);

397

if (ret != GNUTLS_E_SUCCESS){

398

fprintf(stderr, "Error in GnuTLS session initialization: %s\n",

399

safer_gnutls_strerror(ret));

400

}

401

402

{

403

const char *err;

404

ret = gnutls_priority_set_direct(*session, mc->priority, &err);

405

if (ret != GNUTLS_E_SUCCESS) {

406

fprintf(stderr, "Syntax error at: %s\n", err);

407

fprintf(stderr, "GnuTLS error: %s\n",

408

safer_gnutls_strerror(ret));

409

gnutls_deinit (*session);

410

return -1;

411

}

412

}

413

414

ret = gnutls_credentials_set(*session, GNUTLS_CRD_CERTIFICATE,

415

mc->cred);

416

if (ret != GNUTLS_E_SUCCESS) {

417

fprintf(stderr, "Error setting GnuTLS credentials: %s\n",

418

safer_gnutls_strerror(ret));

419

gnutls_deinit (*session);

420

return -1;

421

}

422

261

(es->cred, CERTFILE, KEYFILE, GNUTLS_OPENPGP_FMT_BASE64);

262

if (ret != GNUTLS_E_SUCCESS) {

263

fprintf

264

(stderr, "Error[%d] while reading the OpenPGP key pair ('%s', '%s')\n",

265

ret, CERTFILE, KEYFILE);

266

fprintf(stdout, "The Error is: %s\n",

267

safer_gnutls_strerror(ret));

268

return -1;

269

}

270

271

//Gnutls server initialization

272

if ((ret = gnutls_dh_params_init (&es->dh_params))

273

!= GNUTLS_E_SUCCESS) {

274

fprintf (stderr, "Error in dh parameter initialization: %s\n",

275

safer_gnutls_strerror(ret));

276

return -1;

277

}

278

279

if ((ret = gnutls_dh_params_generate2 (es->dh_params, DH_BITS))

280

!= GNUTLS_E_SUCCESS) {

281

fprintf (stderr, "Error in prime generation: %s\n",

282

safer_gnutls_strerror(ret));

283

return -1;

284

}

285

286

gnutls_certificate_set_dh_params (es->cred, es->dh_params);

287

288

// Gnutls session creation

289

if ((ret = gnutls_init (&es->session, GNUTLS_SERVER))

290

!= GNUTLS_E_SUCCESS){

291

fprintf(stderr, "Error in gnutls session initialization: %s\n",

292

safer_gnutls_strerror(ret));

293

}

294

295

if ((ret = gnutls_priority_set_direct (es->session, "NORMAL", &err))

296

!= GNUTLS_E_SUCCESS) {

297

fprintf(stderr, "Syntax error at: %s\n", err);

298

fprintf(stderr, "Gnutls error: %s\n",

299

safer_gnutls_strerror(ret));

300

return -1;

301

}

302

303

if ((ret = gnutls_credentials_set

304

(es->session, GNUTLS_CRD_CERTIFICATE, es->cred))

305

!= GNUTLS_E_SUCCESS) {

306

fprintf(stderr, "Error setting a credentials set: %s\n",

307

safer_gnutls_strerror(ret));

308

return -1;

309

}

310

423

311

/* ignore client certificate if any. */

424

gnutls_certificate_server_set_request (*session,

425

GNUTLS_CERT_IGNORE);

312

gnutls_certificate_server_set_request (es->session, GNUTLS_CERT_IGNORE);

426

313

427

gnutls_dh_set_prime_bits (*session, mc->dh_bits);

314

gnutls_dh_set_prime_bits (es->session, DH_BITS);

428

315

429

316

return 0;

430

317

}

431

318

432

/* Avahi log function callback */

433

static void empty_log(__attribute__((unused)) AvahiLogLevel level,

434

__attribute__((unused)) const char *txt){}

319

void empty_log(AvahiLogLevel level, const char *txt){}

435

320

436

/* Called when a Mandos server is found */

437

static int start_mandos_communication(const char *ip, uint16_t port,

438

AvahiIfIndex if_index,

439

mandos_context *mc){

321

int start_mandos_communication(char *ip, uint16_t port){

440

322

int ret, tcp_sd;

441

union { struct sockaddr in; struct sockaddr_in6 in6; } to;

323

struct sockaddr_in6 to;

324

encrypted_session es;

442

325

char *buffer = NULL;

443

326

char *decrypted_buffer;

444

327

size_t buffer_length = 0;

445

328

size_t buffer_capacity = 0;

446

329

ssize_t decrypted_buffer_size;

447

size_t written;

448

330

int retval = 0;

449

char interface[IF_NAMESIZE];

450

gnutls_session_t session;

451

452

ret = init_gnutls_session (mc, &session);

453

if (ret != 0){

454

return -1;

455

}

456

331

457

332

if(debug){

458

fprintf(stderr, "Setting up a tcp connection to %s, port %d\n",

459

ip, port);

333

fprintf(stderr, "Setting up a tcp connection to %s\n", ip);

460

334

}

461

335

462

336

tcp_sd = socket(PF_INET6, SOCK_STREAM, 0);

466

340

}

467

341

468

342

if(debug){

469

if(if_indextoname((unsigned int)if_index, interface) == NULL){

470

perror("if_indextoname");

471

return -1;

472

}

473

343

fprintf(stderr, "Binding to interface %s\n", interface);

474

344

}

345

346

ret = setsockopt(tcp_sd, SOL_SOCKET, SO_BINDTODEVICE, interface, 5);

347

if(tcp_sd < 0) {

348

perror("setsockopt bindtodevice");

349

return -1;

350

}

475

351

476

memset(&to,0,sizeof(to)); /* Spurious warning */

477

to.in6.sin6_family = AF_INET6;

478

/* It would be nice to have a way to detect if we were passed an

479

IPv4 address here. Now we assume an IPv6 address. */

480

ret = inet_pton(AF_INET6, ip, &to.in6.sin6_addr);

352

memset(&to,0,sizeof(to));

353

to.sin6_family = AF_INET6;

354

ret = inet_pton(AF_INET6, ip, &to.sin6_addr);

481

355

if (ret < 0 ){

482

356

perror("inet_pton");

483

357

return -1;

484

}

358

}

485

359

if(ret == 0){

486

360

fprintf(stderr, "Bad address: %s\n", ip);

487

361

return -1;

488

362

}

489

to.in6.sin6_port = htons(port); /* Spurious warning */

490

491

to.in6.sin6_scope_id = (uint32_t)if_index;

492

363

to.sin6_port = htons(port);

364

to.sin6_scope_id = if_nametoindex(interface);

365

493

366

if(debug){

494

fprintf(stderr, "Connection to: %s, port %d\n", ip, port);

495

char addrstr[INET6_ADDRSTRLEN] = "";

496

if(inet_ntop(to.in6.sin6_family, &(to.in6.sin6_addr), addrstr,

497

sizeof(addrstr)) == NULL){

498

perror("inet_ntop");

499

} else {

500

if(strcmp(addrstr, ip) != 0){

501

fprintf(stderr, "Canonical address form: %s\n", addrstr);

502

}

503

}

367

fprintf(stderr, "Connection to: %s\n", ip);

504

368

}

505

369

506

ret = connect(tcp_sd, &to.in, sizeof(to));

370

ret = connect(tcp_sd, (struct sockaddr *) &to, sizeof(to));

507

371

if (ret < 0){

508

372

perror("connect");

509

373

return -1;

510

374

}

375

376

ret = initgnutls (&es);

377

if (ret != 0){

378

retval = -1;

379

return -1;

380

}

381

382

383

gnutls_transport_set_ptr (es.session, (gnutls_transport_ptr_t) tcp_sd);

511

384

512

const char *out = mandos_protocol_version;

513

written = 0;

514

while (true){

515

size_t out_size = strlen(out);

516

ret = TEMP_FAILURE_RETRY(write(tcp_sd, out + written,

517

out_size - written));

518

if (ret == -1){

519

perror("write");

520

retval = -1;

521

goto mandos_end;

522

}

523

written += (size_t)ret;

524

if(written < out_size){

525

continue;

526

} else {

527

if (out == mandos_protocol_version){

528

written = 0;

529

out = "\r\n";

530

} else {

531

break;

532

}

533

}

534

}

535

536

385

if(debug){

537

fprintf(stderr, "Establishing TLS session with %s\n", ip);

386

fprintf(stderr, "Establishing tls session with %s\n", ip);

538

387

}

539

540

gnutls_transport_set_ptr (session, (gnutls_transport_ptr_t) tcp_sd);

541

388

542

do{

543

ret = gnutls_handshake (session);

544

} while(ret == GNUTLS_E_AGAIN or ret == GNUTLS_E_INTERRUPTED);

389

390

ret = gnutls_handshake (es.session);

545

391

546

392

if (ret != GNUTLS_E_SUCCESS){

547

if(debug){

548

fprintf(stderr, "*** GnuTLS Handshake failed ***\n");

549

gnutls_perror (ret);

550

}

393

fprintf(stderr, "\n*** Handshake failed ***\n");

394

gnutls_perror (ret);

551

395

retval = -1;

552

goto mandos_end;

396

goto exit;

553

397

}

554

555

/* Read OpenPGP packet that contains the wanted password */

556

398

399

//Retrieve gpg packet that contains the wanted password

400

557

401

if(debug){

558

fprintf(stderr, "Retrieving pgp encrypted password from %s\n",

559

ip);

402

fprintf(stderr, "Retrieving pgp encrypted password from %s\n", ip);

560

403

}

561

404

562

405

while(true){

563

buffer_capacity = adjustbuffer(&buffer, buffer_length,

564

buffer_capacity);

565

if (buffer_capacity == 0){

566

perror("adjustbuffer");

567

retval = -1;

568

goto mandos_end;

406

if (buffer_length + BUFFER_SIZE > buffer_capacity){

407

buffer = realloc(buffer, buffer_capacity + BUFFER_SIZE);

408

if (buffer == NULL){

409

perror("realloc");

410

goto exit;

411

}

412

buffer_capacity += BUFFER_SIZE;

569

413

}

570

414

571

ret = gnutls_record_recv(session, buffer+buffer_length,

572

BUFFER_SIZE);

415

ret = gnutls_record_recv

416

(es.session, buffer+buffer_length, BUFFER_SIZE);

573

417

if (ret == 0){

574

418

break;

575

419

}

579

423

case GNUTLS_E_AGAIN:

580

424

break;

581

425

case GNUTLS_E_REHANDSHAKE:

582

do{

583

ret = gnutls_handshake (session);

584

} while(ret == GNUTLS_E_AGAIN or ret == GNUTLS_E_INTERRUPTED);

426

ret = gnutls_handshake (es.session);

585

427

if (ret < 0){

586

fprintf(stderr, "*** GnuTLS Re-handshake failed ***\n");

428

fprintf(stderr, "\n*** Handshake failed ***\n");

587

429

gnutls_perror (ret);

588

430

retval = -1;

589

goto mandos_end;

431

goto exit;

590

432

}

591

433

break;

592

434

default:

593

fprintf(stderr, "Unknown error while reading data from"

594

" encrypted session with Mandos server\n");

435

fprintf(stderr, "Unknown error while reading data from encrypted session with mandos server\n");

595

436

retval = -1;

596

gnutls_bye (session, GNUTLS_SHUT_RDWR);

597

goto mandos_end;

437

gnutls_bye (es.session, GNUTLS_SHUT_RDWR);

438

goto exit;

598

439

}

599

440

} else {

600

buffer_length += (size_t) ret;

441

buffer_length += ret;

601

442

}

602

443

}

603

444

604

if(debug){

605

fprintf(stderr, "Closing TLS session\n");

606

}

607

608

gnutls_bye (session, GNUTLS_SHUT_RDWR);

609

610

445

if (buffer_length > 0){

611

decrypted_buffer_size = pgp_packet_decrypt(buffer,

612

buffer_length,

613

&decrypted_buffer,

614

keydir);

615

if (decrypted_buffer_size >= 0){

616

written = 0;

617

while(written < (size_t) decrypted_buffer_size){

618

ret = (int)fwrite (decrypted_buffer + written, 1,

619

(size_t)decrypted_buffer_size - written,

620

stdout);

621

if(ret == 0 and ferror(stdout)){

622

if(debug){

623

fprintf(stderr, "Error writing encrypted data: %s\n",

624

strerror(errno));

625

}

626

retval = -1;

627

break;

628

}

629

written += (size_t)ret;

630

}

446

if ((decrypted_buffer_size = gpg_packet_decrypt(buffer, buffer_length, &decrypted_buffer, CERT_ROOT)) >= 0){

447

fwrite (decrypted_buffer, 1, decrypted_buffer_size, stdout);

631

448

free(decrypted_buffer);

632

449

} else {

633

450

retval = -1;

634

451

}

635

452

}

636

637

/* Shutdown procedure */

638

639

mandos_end:

453

454

//shutdown procedure

455

456

if(debug){

457

fprintf(stderr, "Closing tls session\n");

458

}

459

640

460

free(buffer);

461

gnutls_bye (es.session, GNUTLS_SHUT_RDWR);

462

exit:

641

463

close(tcp_sd);

642

gnutls_deinit (session);

464

gnutls_deinit (es.session);

465

gnutls_certificate_free_credentials (es.cred);

466

gnutls_global_deinit ();

643

467

return retval;

644

468

}

645

469

646

static void resolve_callback(AvahiSServiceResolver *r,

647

AvahiIfIndex interface,

648

AVAHI_GCC_UNUSED AvahiProtocol protocol,

649

AvahiResolverEvent event,

650

const char *name,

651

const char *type,

652

const char *domain,

653

const char *host_name,

654

const AvahiAddress *address,

655

uint16_t port,

656

AVAHI_GCC_UNUSED AvahiStringList *txt,

657

AVAHI_GCC_UNUSED AvahiLookupResultFlags

658

flags,

659

void* userdata) {

660

mandos_context *mc = userdata;

661

assert(r); /* Spurious warning */

662

663

/* Called whenever a service has been resolved successfully or

664

timed out */

665

666

switch (event) {

667

default:

668

case AVAHI_RESOLVER_FAILURE:

669

fprintf(stderr, "(Avahi Resolver) Failed to resolve service '%s'"

670

" of type '%s' in domain '%s': %s\n", name, type, domain,

671

avahi_strerror(avahi_server_errno(mc->server)));

672

break;

673

674

case AVAHI_RESOLVER_FOUND:

675

{

676

char ip[AVAHI_ADDRESS_STR_MAX];

677

avahi_address_snprint(ip, sizeof(ip), address);

678

if(debug){

679

fprintf(stderr, "Mandos server \"%s\" found on %s (%s, %d) on"

680

" port %d\n", name, host_name, ip, interface, port);

681

}

682

int ret = start_mandos_communication(ip, port, interface, mc);

683

if (ret == 0){

684

exit(EXIT_SUCCESS);

685

}

686

}

687

}

688

avahi_s_service_resolver_free(r);

689

}

690

691

static void browse_callback( AvahiSServiceBrowser *b,

692

AvahiIfIndex interface,

693

AvahiProtocol protocol,

694

AvahiBrowserEvent event,

695

const char *name,

696

const char *type,

697

const char *domain,

698

AVAHI_GCC_UNUSED AvahiLookupResultFlags

699

flags,

700

void* userdata) {

701

mandos_context *mc = userdata;

702

assert(b); /* Spurious warning */

703

704

/* Called whenever a new services becomes available on the LAN or

705

is removed from the LAN */

706

707

switch (event) {

708

default:

709

case AVAHI_BROWSER_FAILURE:

710

711

fprintf(stderr, "(Avahi browser) %s\n",

712

avahi_strerror(avahi_server_errno(mc->server)));

713

avahi_simple_poll_quit(mc->simple_poll);

714

return;

715

716

case AVAHI_BROWSER_NEW:

717

/* We ignore the returned Avahi resolver object. In the callback

718

function we free it. If the Avahi server is terminated before

719

the callback function is called the Avahi server will free the

720

resolver for us. */

721

722

if (!(avahi_s_service_resolver_new(mc->server, interface,

723

protocol, name, type, domain,

724

AVAHI_PROTO_INET6, 0,

725

resolve_callback, mc)))

726

fprintf(stderr, "Avahi: Failed to resolve service '%s': %s\n",

727

name, avahi_strerror(avahi_server_errno(mc->server)));

728

break;

729

730

case AVAHI_BROWSER_REMOVE:

731

break;

732

733

case AVAHI_BROWSER_ALL_FOR_NOW:

734

case AVAHI_BROWSER_CACHE_EXHAUSTED:

735

if(debug){

736

fprintf(stderr, "No Mandos server found, still searching...\n");

737

}

738

break;

739

}

740

}

741

742

/* Combines file name and path and returns the malloced new

743

string. some sane checks could/should be added */

744

static const char *combinepath(const char *first, const char *second){

745

size_t f_len = strlen(first);

746

size_t s_len = strlen(second);

747

char *tmp = malloc(f_len + s_len + 2);

748

if (tmp == NULL){

749

return NULL;

750

}

751

if(f_len > 0){

752

memcpy(tmp, first, f_len); /* Spurious warning */

753

}

754

tmp[f_len] = '/';

755

if(s_len > 0){

756

memcpy(tmp + f_len + 1, second, s_len); /* Spurious warning */

757

}

758

tmp[f_len + 1 + s_len] = '\0';

759

return tmp;

760

}

761

762

763

int main(int argc, char *argv[]){

470

static AvahiSimplePoll *simple_poll = NULL;

471

static AvahiServer *server = NULL;

472

473

static void resolve_callback(

474

AvahiSServiceResolver *r,

475

AVAHI_GCC_UNUSED AvahiIfIndex interface,

476

AVAHI_GCC_UNUSED AvahiProtocol protocol,

477

AvahiResolverEvent event,

478

const char *name,

479

const char *type,

480

const char *domain,

481

const char *host_name,

482

const AvahiAddress *address,

483

uint16_t port,

484

AvahiStringList *txt,

485

AvahiLookupResultFlags flags,

486

AVAHI_GCC_UNUSED void* userdata) {

487

488

assert(r);

489

490

/* Called whenever a service has been resolved successfully or timed out */

491

492

switch (event) {

493

case AVAHI_RESOLVER_FAILURE:

494

fprintf(stderr, "(Resolver) Failed to resolve service '%s' of type '%s' in domain '%s': %s\n", name, type, domain, avahi_strerror(avahi_server_errno(server)));

495

break;

496

497

case AVAHI_RESOLVER_FOUND: {

498

char ip[AVAHI_ADDRESS_STR_MAX];

499

avahi_address_snprint(ip, sizeof(ip), address);

500

if(debug){

501

fprintf(stderr, "Mandos server found at %s on port %d\n", ip, port);

502

}

503

int ret = start_mandos_communication(ip, port);

504

if (ret == 0){

505

exit(EXIT_SUCCESS);

506

} else {

507

exit(EXIT_FAILURE);

508

}

509

}

510

}

511

avahi_s_service_resolver_free(r);

512

}

513

514

static void browse_callback(

515

AvahiSServiceBrowser *b,

516

AvahiIfIndex interface,

517

AvahiProtocol protocol,

518

AvahiBrowserEvent event,

519

const char *name,

520

const char *type,

521

const char *domain,

522

AVAHI_GCC_UNUSED AvahiLookupResultFlags flags,

523

void* userdata) {

524

525

AvahiServer *s = userdata;

526

assert(b);

527

528

/* Called whenever a new services becomes available on the LAN or is removed from the LAN */

529

530

switch (event) {

531

532

case AVAHI_BROWSER_FAILURE:

533

534

fprintf(stderr, "(Browser) %s\n", avahi_strerror(avahi_server_errno(server)));

535

avahi_simple_poll_quit(simple_poll);

536

return;

537

538

case AVAHI_BROWSER_NEW:

539

/* We ignore the returned resolver object. In the callback

540

function we free it. If the server is terminated before

541

the callback function is called the server will free

542

the resolver for us. */

543

544

if (!(avahi_s_service_resolver_new(s, interface, protocol, name, type, domain, AVAHI_PROTO_INET6, 0, resolve_callback, s)))

545

fprintf(stderr, "Failed to resolve service '%s': %s\n", name, avahi_strerror(avahi_server_errno(s)));

546

547

break;

548

549

case AVAHI_BROWSER_REMOVE:

550

break;

551

552

case AVAHI_BROWSER_ALL_FOR_NOW:

553

case AVAHI_BROWSER_CACHE_EXHAUSTED:

554

break;

555

}

556

}

557

558

int main(AVAHI_GCC_UNUSED int argc, AVAHI_GCC_UNUSED char*argv[]) {

559

AvahiServerConfig config;

764

560

AvahiSServiceBrowser *sb = NULL;

765

561

int error;

766

562

int ret;

767

int exitcode = EXIT_SUCCESS;

768

const char *interface = "eth0";

769

struct ifreq network;

770

int sd;

771

uid_t uid;

772

gid_t gid;

773

char *connect_to = NULL;

774

AvahiIfIndex if_index = AVAHI_IF_UNSPEC;

775

const char *pubkeyfile = "pubkey.txt";

776

const char *seckeyfile = "seckey.txt";

777

mandos_context mc = { .simple_poll = NULL, .server = NULL,

778

.dh_bits = 1024, .priority = "SECURE256"};

779

bool gnutls_initalized = false;

780

781

{

782

struct argp_option options[] = {

783

{ .name = "debug", .key = 128,

784

.doc = "Debug mode", .group = 3 },

785

{ .name = "connect", .key = 'c',

786

.arg = "IP",

787

.doc = "Connect directly to a sepcified mandos server",

788

.group = 1 },

789

{ .name = "interface", .key = 'i',

790

.arg = "INTERFACE",

791

.doc = "Interface that Avahi will conntect through",

792

.group = 1 },

793

{ .name = "keydir", .key = 'd',

794

.arg = "KEYDIR",

795

.doc = "Directory where the openpgp keyring is",

796

.group = 1 },

797

{ .name = "seckey", .key = 's',

798

.arg = "SECKEY",

799

.doc = "Secret openpgp key for gnutls authentication",

800

.group = 1 },

801

{ .name = "pubkey", .key = 'p',

802

.arg = "PUBKEY",

803

.doc = "Public openpgp key for gnutls authentication",

804

.group = 2 },

805

{ .name = "dh-bits", .key = 129,

806

.arg = "BITS",

807

.doc = "dh-bits to use in gnutls communication",

808

.group = 2 },

809

{ .name = "priority", .key = 130,

810

.arg = "PRIORITY",

811

.doc = "GNUTLS priority", .group = 1 },

812

{ .name = NULL }

813

};

814

815

816

error_t parse_opt (int key, char *arg,

817

struct argp_state *state) {

818

/* Get the INPUT argument from `argp_parse', which we know is

819

a pointer to our plugin list pointer. */

820

switch (key) {

821

case 128:

822

debug = true;

823

break;

824

case 'c':

825

connect_to = arg;

826

break;

827

case 'i':

828

interface = arg;

829

break;

830

case 'd':

831

keydir = arg;

832

break;

833

case 's':

834

seckeyfile = arg;

835

break;

836

case 'p':

837

pubkeyfile = arg;

838

break;

839

case 129:

840

errno = 0;

841

mc.dh_bits = (unsigned int) strtol(arg, NULL, 10);

842

if (errno){

843

perror("strtol");

844

exit(EXIT_FAILURE);

845

}

846

break;

847

case 130:

848

mc.priority = arg;

849

break;

850

case ARGP_KEY_ARG:

851

argp_usage (state);

852

break;

853

case ARGP_KEY_END:

854

break;

855

default:

856

return ARGP_ERR_UNKNOWN;

857

}

858

return 0;

859

}

860

861

struct argp argp = { .options = options, .parser = parse_opt,

862

.args_doc = "",

863

.doc = "Mandos client -- Get and decrypt"

864

" passwords from mandos server" };

865

ret = argp_parse (&argp, argc, argv, 0, 0, NULL);

866

if (ret == ARGP_ERR_UNKNOWN){

867

fprintf(stderr, "Unkown error while parsing arguments\n");

868

exitcode = EXIT_FAILURE;

869

goto end;

870

}

871

}

872

873

pubkeyfile = combinepath(keydir, pubkeyfile);

874

if (pubkeyfile == NULL){

875

perror("combinepath");

876

exitcode = EXIT_FAILURE;

877

goto end;

878

}

879

880

seckeyfile = combinepath(keydir, seckeyfile);

881

if (seckeyfile == NULL){

882

perror("combinepath");

883

goto end;

884

}

885

886

ret = init_gnutls_global(&mc, pubkeyfile, seckeyfile);

887

if (ret == -1){

888

fprintf(stderr, "init_gnutls_global\n");

889

goto end;

890

} else {

891

gnutls_initalized = true;

892

}

893

894

uid = getuid();

895

gid = getgid();

896

897

ret = setuid(uid);

898

if (ret == -1){

899

perror("setuid");

900

}

901

902

setgid(gid);

903

if (ret == -1){

904

perror("setgid");

905

}

906

907

if_index = (AvahiIfIndex) if_nametoindex(interface);

908

if(if_index == 0){

909

fprintf(stderr, "No such interface: \"%s\"\n", interface);

910

exit(EXIT_FAILURE);

911

}

912

913

if(connect_to != NULL){

914

/* Connect directly, do not use Zeroconf */

915

/* (Mainly meant for debugging) */

916

char *address = strrchr(connect_to, ':');

917

if(address == NULL){

918

fprintf(stderr, "No colon in address\n");

919

exitcode = EXIT_FAILURE;

920

goto end;

921

}

922

errno = 0;

923

uint16_t port = (uint16_t) strtol(address+1, NULL, 10);

924

if(errno){

925

perror("Bad port number");

926

exitcode = EXIT_FAILURE;

927

goto end;

928

}

929

*address = '\0';

930

address = connect_to;

931

ret = start_mandos_communication(address, port, if_index, &mc);

932

if(ret < 0){

933

exitcode = EXIT_FAILURE;

934

} else {

935

exitcode = EXIT_SUCCESS;

936

}

937

goto end;

938

}

939

940

/* If the interface is down, bring it up */

941

{

942

sd = socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP);

943

if(sd < 0) {

944

perror("socket");

945

exitcode = EXIT_FAILURE;

946

goto end;

947

}

948

strcpy(network.ifr_name, interface); /* Spurious warning */

949

ret = ioctl(sd, SIOCGIFFLAGS, &network);

950

if(ret == -1){

951

perror("ioctl SIOCGIFFLAGS");

952

exitcode = EXIT_FAILURE;

953

goto end;

954

}

955

if((network.ifr_flags & IFF_UP) == 0){

956

network.ifr_flags |= IFF_UP;

957

ret = ioctl(sd, SIOCSIFFLAGS, &network);

958

if(ret == -1){

959

perror("ioctl SIOCSIFFLAGS");

960

exitcode = EXIT_FAILURE;

961

goto end;

962

}

963

}

964

close(sd);

563

int returncode = EXIT_SUCCESS;

564

565

while (true){

566

static struct option long_options[] = {

567

{"debug", no_argument, (int *)&debug, 1},

568

{"interface", required_argument, 0, 'i'},

569

{0, 0, 0, 0} };

570

571

int option_index = 0;

572

ret = getopt_long (argc, argv, "i:", long_options, &option_index);

573

574

if (ret == -1){

575

break;

576

}

577

578

switch(ret){

579

case 0:

580

break;

581

case 'i':

582

interface = optarg;

583

break;

584

default:

585

exit(EXIT_FAILURE);

586

}

965

587

}

966

588

967

589

if (not debug){

968

590

avahi_set_log_function(empty_log);

969

591

}

970

592

971

/* Initialize the pseudo-RNG for Avahi */

972

srand((unsigned int) time(NULL));

973

974

/* Allocate main Avahi loop object */

975

mc.simple_poll = avahi_simple_poll_new();

976

if (mc.simple_poll == NULL) {

977

fprintf(stderr, "Avahi: Failed to create simple poll"

978

" object.\n");

979

exitcode = EXIT_FAILURE;

980

goto end;

981

}

982

983

{

984

AvahiServerConfig config;

985

/* Do not publish any local Zeroconf records */

986

avahi_server_config_init(&config);

987

config.publish_hinfo = 0;

988

config.publish_addresses = 0;

989

config.publish_workstation = 0;

990

config.publish_domain = 0;

991

992

/* Allocate a new server */

993

mc.server = avahi_server_new(avahi_simple_poll_get

994

(mc.simple_poll), &config, NULL,

995

NULL, &error);

996

997

/* Free the Avahi configuration data */

998

avahi_server_config_free(&config);

999

}

1000

1001

/* Check if creating the Avahi server object succeeded */

1002

if (mc.server == NULL) {

1003

fprintf(stderr, "Failed to create Avahi server: %s\n",

1004

avahi_strerror(error));

1005

exitcode = EXIT_FAILURE;

1006

goto end;

1007

}

1008

1009

/* Create the Avahi service browser */

1010

sb = avahi_s_service_browser_new(mc.server, if_index,

1011

AVAHI_PROTO_INET6,

1012

"_mandos._tcp", NULL, 0,

1013

browse_callback, &mc);

1014

if (sb == NULL) {

1015

fprintf(stderr, "Failed to create service browser: %s\n",

1016

avahi_strerror(avahi_server_errno(mc.server)));

1017

exitcode = EXIT_FAILURE;

1018

goto end;

593

/* Initialize the psuedo-RNG */

594

srand(time(NULL));

595

596

/* Allocate main loop object */

597

if (!(simple_poll = avahi_simple_poll_new())) {

598

fprintf(stderr, "Failed to create simple poll object.\n");

599

600

goto exit;

601

}

602

603

/* Do not publish any local records */

604

avahi_server_config_init(&config);

605

config.publish_hinfo = 0;

606

config.publish_addresses = 0;

607

config.publish_workstation = 0;

608

config.publish_domain = 0;

609

610

/* Allocate a new server */

611

server = avahi_server_new(avahi_simple_poll_get(simple_poll), &config, NULL, NULL, &error);

612

613

/* Free the configuration data */

614

avahi_server_config_free(&config);

615

616

/* Check if creating the server object succeeded */

617

if (!server) {

618

fprintf(stderr, "Failed to create server: %s\n", avahi_strerror(error));

619

returncode = EXIT_FAILURE;

620

goto exit;

621

}

622

623

/* Create the service browser */

624

if (!(sb = avahi_s_service_browser_new(server, if_nametoindex("eth0"), AVAHI_PROTO_INET6, "_mandos._tcp", NULL, 0, browse_callback, server))) {

625

fprintf(stderr, "Failed to create service browser: %s\n", avahi_strerror(avahi_server_errno(server)));

626

returncode = EXIT_FAILURE;

627

goto exit;

1019

628

}

1020

629

1021

630

/* Run the main loop */

1022

631

1023

632

if (debug){

1024

fprintf(stderr, "Starting Avahi loop search\n");

633

fprintf(stderr, "Starting avahi loop search\n");

1025

634

}

1026

635

1027

avahi_simple_poll_loop(mc.simple_poll);

636

avahi_simple_poll_loop(simple_poll);

1028

637

1029

end:

638

exit:

1030

639

1031

640

if (debug){

1032

641

fprintf(stderr, "%s exiting\n", argv[0]);

1033

642

}

1034

643

1035

644

/* Cleanup things */

1036

if (sb != NULL)

645

if (sb)

1037

646

avahi_s_service_browser_free(sb);

1038

647

1039

if (mc.server != NULL)

1040

avahi_server_free(mc.server);

1041

1042

if (mc.simple_poll != NULL)

1043

avahi_simple_poll_free(mc.simple_poll);

1044

free(pubkeyfile);

1045

free(seckeyfile);

1046

1047

if (gnutls_initalized){

1048

gnutls_certificate_free_credentials(mc.cred);

1049

gnutls_global_deinit ();

1050

}

1051

1052

return exitcode;

648

if (server)

649

avahi_server_free(server);

650

651

if (simple_poll)

652

avahi_simple_poll_free(simple_poll);

653

654

return returncode;

1053

655

}

Older »