To get this branch, use:
bzr branch
http://bzr.recompile.se/loggerhead/mandos/release
« back to all changes in this revision
Viewing changes to plugins.d/mandosclient.c
- browse files at revision 15
- compare with another revision
- download diff
- download tarball
- view history from revision 15
- Committer: Teddy Hogeborn
- Date: 2008-07-20 06:33:48 UTC
- Revision ID: teddy@fukt.bsnet.se-20080720063348-jscgy5p0itrgvlo8
* mandos-clients.conf ([foo]): Uncommented.
([foo]/secret): New.
([foo]/secfile): Commented out.
([foo]/checker): Changed to "fping -q -- %%(fqdn)s".
([foo]/timeout): New.
* server.py: New modeline for Python and Emacs. Set a logging format.
(Client.__init__): Bug fix: Choose either the value from the options
object or pass the argument through string_to_delta
for both "timeout" and "interval".
(Client.checker_callback): Bug fix: Do not log spurious "Checker for
<foo> failed" messages.
(Client.start_checker): Moved "Starting checker" log message down to
just before actually starting the subprocess.
Do not redirect the subprocesses' stdout to a
pipe.
(peer_certificate, fingerprint): Added docstrings.
(entry_group_state_changed): Call "killme()" instead of
"main_loop.quit()".
(daemon, killme): New functions.
(exitstatus, main_loop_started): New global variables.
(__main__): Removed the "--cert", "--key", "--ca", and "--crl"
options. Removed the sleep command from the default
checker. Add a console logger in debug mode. Call
"killme()" instead of "main_loop.quit()" when there are no
more clients. Call "daemon()" if not in debug mode.
Register "cleanup()" to run at exit. Ignore some
signals. Catch DBusException to detect another running
server and exit cleanly. Exit with "exitstatus".
(cleanup): New function.
([foo]/secret): New.
([foo]/secfile): Commented out.
([foo]/checker): Changed to "fping -q -- %%(fqdn)s".
([foo]/timeout): New.
* server.py: New modeline for Python and Emacs. Set a logging format.
(Client.__init__): Bug fix: Choose either the value from the options
object or pass the argument through string_to_delta
for both "timeout" and "interval".
(Client.checker_callback): Bug fix: Do not log spurious "Checker for
<foo> failed" messages.
(Client.start_checker): Moved "Starting checker" log message down to
just before actually starting the subprocess.
Do not redirect the subprocesses' stdout to a
pipe.
(peer_certificate, fingerprint): Added docstrings.
(entry_group_state_changed): Call "killme()" instead of
"main_loop.quit()".
(daemon, killme): New functions.
(exitstatus, main_loop_started): New global variables.
(__main__): Removed the "--cert", "--key", "--ca", and "--crl"
options. Removed the sleep command from the default
checker. Add a console logger in debug mode. Call
"killme()" instead of "main_loop.quit()" when there are no
more clients. Call "daemon()" if not in debug mode.
Register "cleanup()" to run at exit. Ignore some
signals. Catch DBusException to detect another running
server and exit cleanly. Exit with "exitstatus".
(cleanup): New function.
- files added:
- plugins.d/Makefile
- files removed:
- server.conf
- files renamed:
- clients.conf => mandos-clients.conf
- files modified:
- Makefile
added
removed
plugins.d/mandosclient.c
1
/* -*- coding: utf-8 -*- */
2
/*
3
* Mandos client - get and decrypt data from a Mandos server
1
/* $Id$ */
2
3
/* PLEASE NOTE *
4
* This file demonstrates how to use Avahi's core API, this is
5
* the embeddable mDNS stack for embedded applications.
4
6
*
5
* This program is partly derived from an example program for an Avahi
6
* service browser, downloaded from
7
* <http://avahi.org/browser/examples/core-browse-services.c>. This
8
* includes the following functions: "resolve_callback",
9
* "browse_callback", and parts of "main".
10
*
11
* Everything else is
12
* Copyright © 2007-2008 Teddy Hogeborn & Björn Påhlsson
13
*
14
* This program is free software: you can redistribute it and/or
15
* modify it under the terms of the GNU General Public License as
16
* published by the Free Software Foundation, either version 3 of the
17
* License, or (at your option) any later version.
18
*
19
* This program is distributed in the hope that it will be useful, but
20
* WITHOUT ANY WARRANTY; without even the implied warranty of
21
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
22
* General Public License for more details.
23
*
24
* You should have received a copy of the GNU General Public License
25
* along with this program. If not, see
26
* <http://www.gnu.org/licenses/>.
27
*
28
* Contact the authors at <mandos@fukt.bsnet.se>.
7
* End user applications should *not* use this API and should use
8
* the D-Bus or C APIs, please see
9
* client-browse-services.c and glib-integration.c
10
*
11
* I repeat, you probably do *not* want to use this example.
29
12
*/
30
13
31
/* Needed by GPGME, specifically gpgme_data_seek() */
14
/***
15
This file is part of avahi.
16
17
avahi is free software; you can redistribute it and/or modify it
18
under the terms of the GNU Lesser General Public License as
19
published by the Free Software Foundation; either version 2.1 of the
20
License, or (at your option) any later version.
21
22
avahi is distributed in the hope that it will be useful, but WITHOUT
23
ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
24
or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General
25
Public License for more details.
26
27
You should have received a copy of the GNU Lesser General Public
28
License along with avahi; if not, write to the Free Software
29
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
30
USA.
31
***/
32
32
33
#define _LARGEFILE_SOURCE
33
34
#define _FILE_OFFSET_BITS 64
34
35
37
38
#include <stdlib.h>
38
39
#include <time.h>
39
40
#include <net/if.h> /* if_nametoindex */
40
#include <sys/ioctl.h> // ioctl, ifreq, SIOCGIFFLAGS, IFF_UP, SIOCSIFFLAGS
41
#include <net/if.h> // ioctl, ifreq, SIOCGIFFLAGS, IFF_UP, SIOCSIFFLAGS
42
41
43
42
#include <avahi-core/core.h>
44
43
#include <avahi-core/lookup.h>
48
47
#include <avahi-common/error.h>
49
48
50
49
//mandos client part
51
#include <sys/types.h> /* socket(), inet_pton() */
52
#include <sys/socket.h> /* socket(), struct sockaddr_in6,
53
struct in6_addr, inet_pton() */
54
#include <gnutls/gnutls.h> /* All GnuTLS stuff */
55
#include <gnutls/openpgp.h> /* GnuTLS with openpgp stuff */
50
#include <sys/types.h> /* socket(), setsockopt(), inet_pton() */
51
#include <sys/socket.h> /* socket(), setsockopt(), struct sockaddr_in6, struct in6_addr, inet_pton() */
52
#include <gnutls/gnutls.h> /* ALL GNUTLS STUFF */
53
#include <gnutls/openpgp.h> /* gnutls with openpgp stuff */
56
54
57
55
#include <unistd.h> /* close() */
58
56
#include <netinet/in.h>
65
63
#include <errno.h> /* perror() */
66
64
#include <gpgme.h>
67
65
68
// getopt long
69
#include <getopt.h>
70
66
67
#ifndef CERT_ROOT
68
#define CERT_ROOT "/conf/conf.d/cryptkeyreq/"
69
#endif
70
#define CERTFILE CERT_ROOT "openpgp-client.txt"
71
#define KEYFILE CERT_ROOT "openpgp-client-key.txt"
71
72
#define BUFFER_SIZE 256
72
73
#define DH_BITS 1024
73
74
74
static const char *certdir = "/conf/conf.d/mandos";
75
static const char *certfile = "openpgp-client.txt";
76
static const char *certkey = "openpgp-client-key.txt";
77
78
bool debug = false;
79
80
75
typedef struct {
81
76
gnutls_session_t session;
82
77
gnutls_certificate_credentials_t cred;
84
79
} encrypted_session;
85
80
86
81
87
static ssize_t pgp_packet_decrypt (char *packet, size_t packet_size,
88
char **new_packet,
89
const char *homedir){
82
ssize_t gpg_packet_decrypt (char *packet, size_t packet_size, char **new_packet, char *homedir){
90
83
gpgme_data_t dh_crypto, dh_plain;
91
84
gpgme_ctx_t ctx;
92
85
gpgme_error_t rc;
93
86
ssize_t ret;
94
ssize_t new_packet_capacity = 0;
95
ssize_t new_packet_length = 0;
87
size_t new_packet_capacity = 0;
88
size_t new_packet_length = 0;
96
89
gpgme_engine_info_t engine_info;
97
90
98
if (debug){
99
fprintf(stderr, "Trying to decrypt OpenPGP packet\n");
100
}
101
102
91
/* Init GPGME */
103
92
gpgme_check_version(NULL);
104
rc = gpgme_engine_check_version(GPGME_PROTOCOL_OpenPGP);
105
if (rc != GPG_ERR_NO_ERROR){
106
fprintf(stderr, "bad gpgme_engine_check_version: %s: %s\n",
107
gpgme_strsource(rc), gpgme_strerror(rc));
108
return -1;
109
}
93
gpgme_engine_check_version(GPGME_PROTOCOL_OpenPGP);
110
94
111
95
/* Set GPGME home directory */
112
96
rc = gpgme_get_engine_info (&engine_info);
152
136
return -1;
153
137
}
154
138
155
/* Decrypt data from the FILE pointer to the plaintext data
156
buffer */
139
/* Decrypt data from the FILE pointer to the plaintext data buffer */
157
140
rc = gpgme_op_decrypt(ctx, dh_crypto, dh_plain);
158
141
if (rc != GPG_ERR_NO_ERROR){
159
142
fprintf(stderr, "bad gpgme_op_decrypt: %s: %s\n",
160
143
gpgme_strsource(rc), gpgme_strerror(rc));
161
144
return -1;
162
145
}
163
164
if(debug){
165
fprintf(stderr, "Decryption of OpenPGP packet succeeded\n");
166
}
167
168
if (debug){
169
gpgme_decrypt_result_t result;
170
result = gpgme_op_decrypt_result(ctx);
171
if (result == NULL){
172
fprintf(stderr, "gpgme_op_decrypt_result failed\n");
173
} else {
174
fprintf(stderr, "Unsupported algorithm: %s\n",
175
result->unsupported_algorithm);
176
fprintf(stderr, "Wrong key usage: %d\n",
177
result->wrong_key_usage);
178
if(result->file_name != NULL){
179
fprintf(stderr, "File name: %s\n", result->file_name);
180
}
181
gpgme_recipient_t recipient;
182
recipient = result->recipients;
183
if(recipient){
184
while(recipient != NULL){
185
fprintf(stderr, "Public key algorithm: %s\n",
186
gpgme_pubkey_algo_name(recipient->pubkey_algo));
187
fprintf(stderr, "Key ID: %s\n", recipient->keyid);
188
fprintf(stderr, "Secret key available: %s\n",
189
recipient->status == GPG_ERR_NO_SECKEY
190
? "No" : "Yes");
191
recipient = recipient->next;
192
}
193
}
194
}
195
}
196
146
147
/* gpgme_decrypt_result_t result; */
148
/* result = gpgme_op_decrypt_result(ctx); */
149
/* fprintf(stderr, "Unsupported algorithm: %s\n", result->unsupported_algorithm); */
150
/* fprintf(stderr, "Wrong key usage: %d\n", result->wrong_key_usage); */
151
/* if(result->file_name != NULL){ */
152
/* fprintf(stderr, "File name: %s\n", result->file_name); */
153
/* } */
154
/* gpgme_recipient_t recipient; */
155
/* recipient = result->recipients; */
156
/* if(recipient){ */
157
/* while(recipient != NULL){ */
158
/* fprintf(stderr, "Public key algorithm: %s\n", */
159
/* gpgme_pubkey_algo_name(recipient->pubkey_algo)); */
160
/* fprintf(stderr, "Key ID: %s\n", recipient->keyid); */
161
/* fprintf(stderr, "Secret key available: %s\n", */
162
/* recipient->status == GPG_ERR_NO_SECKEY ? "No" : "Yes"); */
163
/* recipient = recipient->next; */
164
/* } */
165
/* } */
166
197
167
/* Delete the GPGME FILE pointer cryptotext data buffer */
198
168
gpgme_data_release(dh_crypto);
199
169
200
170
/* Seek back to the beginning of the GPGME plaintext data buffer */
201
if (gpgme_data_seek(dh_plain, (off_t) 0, SEEK_SET) == -1){
202
perror("pgpme_data_seek");
203
}
204
171
gpgme_data_seek(dh_plain, 0, SEEK_SET);
172
205
173
*new_packet = 0;
206
174
while(true){
207
175
if (new_packet_length + BUFFER_SIZE > new_packet_capacity){
208
*new_packet = realloc(*new_packet,
209
(unsigned int)new_packet_capacity
210
+ BUFFER_SIZE);
176
*new_packet = realloc(*new_packet, new_packet_capacity + BUFFER_SIZE);
211
177
if (*new_packet == NULL){
212
178
perror("realloc");
213
179
return -1;
215
181
new_packet_capacity += BUFFER_SIZE;
216
182
}
217
183
218
ret = gpgme_data_read(dh_plain, *new_packet + new_packet_length,
219
BUFFER_SIZE);
184
ret = gpgme_data_read(dh_plain, *new_packet + new_packet_length, BUFFER_SIZE);
220
185
/* Print the data, if any */
221
186
if (ret == 0){
187
/* If password is empty, then a incorrect error will be printed */
222
188
break;
223
189
}
224
190
if(ret < 0){
228
194
new_packet_length += ret;
229
195
}
230
196
231
/* FIXME: check characters before printing to screen so to not print
232
terminal control characters */
233
/* if(debug){ */
234
/* fprintf(stderr, "decrypted password is: "); */
235
/* fwrite(*new_packet, 1, new_packet_length, stderr); */
236
/* fprintf(stderr, "\n"); */
237
/* } */
238
239
/* Delete the GPGME plaintext data buffer */
197
/* Delete the GPGME plaintext data buffer */
240
198
gpgme_data_release(dh_plain);
241
199
return new_packet_length;
242
200
}
248
206
return ret;
249
207
}
250
208
251
static void debuggnutls(__attribute__((unused)) int level,
252
const char* string){
209
void debuggnutls(int level, const char* string){
253
210
fprintf(stderr, "%s", string);
254
211
}
255
212
256
static int initgnutls(encrypted_session *es){
213
int initgnutls(encrypted_session *es){
257
214
const char *err;
258
215
int ret;
259
216
260
if(debug){
261
fprintf(stderr, "Initializing GnuTLS\n");
262
}
263
264
217
if ((ret = gnutls_global_init ())
265
218
!= GNUTLS_E_SUCCESS) {
266
219
fprintf (stderr, "global_init: %s\n", safer_gnutls_strerror(ret));
267
220
return -1;
268
221
}
269
222
270
if (debug){
271
gnutls_global_set_log_level(11);
272
gnutls_global_set_log_function(debuggnutls);
273
}
274
223
/* Uncomment to enable full debuggin on the gnutls library */
224
/* gnutls_global_set_log_level(11); */
225
/* gnutls_global_set_log_function(debuggnutls); */
226
227
275
228
/* openpgp credentials */
276
229
if ((ret = gnutls_certificate_allocate_credentials (&es->cred))
277
230
!= GNUTLS_E_SUCCESS) {
278
fprintf (stderr, "memory error: %s\n",
279
safer_gnutls_strerror(ret));
231
fprintf (stderr, "memory error: %s\n", safer_gnutls_strerror(ret));
280
232
return -1;
281
233
}
282
283
if(debug){
284
fprintf(stderr, "Attempting to use OpenPGP certificate %s"
285
" and keyfile %s as GnuTLS credentials\n", certfile,
286
certkey);
287
}
288
234
289
235
ret = gnutls_certificate_set_openpgp_key_file
290
(es->cred, certfile, certkey, GNUTLS_OPENPGP_FMT_BASE64);
236
(es->cred, CERTFILE, KEYFILE, GNUTLS_OPENPGP_FMT_BASE64);
291
237
if (ret != GNUTLS_E_SUCCESS) {
292
238
fprintf
293
(stderr, "Error[%d] while reading the OpenPGP key pair ('%s',"
294
" '%s')\n",
295
ret, certfile, certkey);
239
(stderr, "Error[%d] while reading the OpenPGP key pair ('%s', '%s')\n",
240
ret, CERTFILE, KEYFILE);
296
241
fprintf(stdout, "The Error is: %s\n",
297
242
safer_gnutls_strerror(ret));
298
243
return -1;
299
244
}
300
301
//GnuTLS server initialization
245
246
//Gnutls server initialization
302
247
if ((ret = gnutls_dh_params_init (&es->dh_params))
303
248
!= GNUTLS_E_SUCCESS) {
304
249
fprintf (stderr, "Error in dh parameter initialization: %s\n",
305
250
safer_gnutls_strerror(ret));
306
251
return -1;
307
252
}
308
253
309
254
if ((ret = gnutls_dh_params_generate2 (es->dh_params, DH_BITS))
310
255
!= GNUTLS_E_SUCCESS) {
311
256
fprintf (stderr, "Error in prime generation: %s\n",
312
257
safer_gnutls_strerror(ret));
313
258
return -1;
314
259
}
315
260
316
261
gnutls_certificate_set_dh_params (es->cred, es->dh_params);
317
318
// GnuTLS session creation
262
263
// Gnutls session creation
319
264
if ((ret = gnutls_init (&es->session, GNUTLS_SERVER))
320
265
!= GNUTLS_E_SUCCESS){
321
fprintf(stderr, "Error in GnuTLS session initialization: %s\n",
266
fprintf(stderr, "Error in gnutls session initialization: %s\n",
322
267
safer_gnutls_strerror(ret));
323
268
}
324
269
325
270
if ((ret = gnutls_priority_set_direct (es->session, "NORMAL", &err))
326
271
!= GNUTLS_E_SUCCESS) {
327
272
fprintf(stderr, "Syntax error at: %s\n", err);
328
fprintf(stderr, "GnuTLS error: %s\n",
273
fprintf(stderr, "Gnutls error: %s\n",
329
274
safer_gnutls_strerror(ret));
330
275
return -1;
331
276
}
332
277
333
278
if ((ret = gnutls_credentials_set
334
279
(es->session, GNUTLS_CRD_CERTIFICATE, es->cred))
335
280
!= GNUTLS_E_SUCCESS) {
337
282
safer_gnutls_strerror(ret));
338
283
return -1;
339
284
}
340
285
341
286
/* ignore client certificate if any. */
342
gnutls_certificate_server_set_request (es->session,
343
GNUTLS_CERT_IGNORE);
287
gnutls_certificate_server_set_request (es->session, GNUTLS_CERT_IGNORE);
344
288
345
289
gnutls_dh_set_prime_bits (es->session, DH_BITS);
346
290
347
291
return 0;
348
292
}
349
293
350
static void empty_log(__attribute__((unused)) AvahiLogLevel level,
351
__attribute__((unused)) const char *txt){}
294
void empty_log(AvahiLogLevel level, const char *txt){}
352
295
353
static int start_mandos_communication(const char *ip, uint16_t port,
354
AvahiIfIndex if_index){
296
int start_mandos_communcation(char *ip, uint16_t port){
355
297
int ret, tcp_sd;
356
298
struct sockaddr_in6 to;
299
struct in6_addr ip_addr;
357
300
encrypted_session es;
358
301
char *buffer = NULL;
359
302
char *decrypted_buffer;
360
303
size_t buffer_length = 0;
361
304
size_t buffer_capacity = 0;
362
305
ssize_t decrypted_buffer_size;
363
size_t written = 0;
364
306
int retval = 0;
365
char interface[IF_NAMESIZE];
366
367
if(debug){
368
fprintf(stderr, "Setting up a tcp connection to %s, port %d\n",
369
ip, port);
370
}
307
371
308
372
309
tcp_sd = socket(PF_INET6, SOCK_STREAM, 0);
373
310
if(tcp_sd < 0) {
374
311
perror("socket");
375
312
return -1;
376
313
}
377
378
if(debug){
379
if(if_indextoname((unsigned int)if_index, interface) == NULL){
380
if(debug){
381
perror("if_indextoname");
382
}
383
return -1;
384
}
385
386
fprintf(stderr, "Binding to interface %s\n", interface);
314
315
ret = setsockopt(tcp_sd, SOL_SOCKET, SO_BINDTODEVICE, "eth0", 5);
316
if(tcp_sd < 0) {
317
perror("setsockopt bindtodevice");
318
return -1;
387
319
}
388
320
389
memset(&to,0,sizeof(to)); /* Spurious warning */
321
memset(&to,0,sizeof(to));
390
322
to.sin6_family = AF_INET6;
391
ret = inet_pton(AF_INET6, ip, &to.sin6_addr);
323
ret = inet_pton(AF_INET6, ip, &ip_addr);
392
324
if (ret < 0 ){
393
325
perror("inet_pton");
394
326
return -1;
397
329
fprintf(stderr, "Bad address: %s\n", ip);
398
330
return -1;
399
331
}
400
to.sin6_port = htons(port); /* Spurious warning */
401
402
to.sin6_scope_id = (uint32_t)if_index;
403
404
if(debug){
405
fprintf(stderr, "Connection to: %s, port %d\n", ip, port);
406
/* char addrstr[INET6_ADDRSTRLEN]; */
407
/* if(inet_ntop(to.sin6_family, &(to.sin6_addr), addrstr, */
408
/* sizeof(addrstr)) == NULL){ */
409
/* perror("inet_ntop"); */
410
/* } else { */
411
/* fprintf(stderr, "Really connecting to: %s, port %d\n", */
412
/* addrstr, ntohs(to.sin6_port)); */
413
/* } */
414
}
332
to.sin6_port = htons(port);
333
to.sin6_scope_id = if_nametoindex("eth0");
415
334
416
335
ret = connect(tcp_sd, (struct sockaddr *) &to, sizeof(to));
417
336
if (ret < 0){
424
343
retval = -1;
425
344
return -1;
426
345
}
427
428
gnutls_transport_set_ptr (es.session,
429
(gnutls_transport_ptr_t) tcp_sd);
430
431
if(debug){
432
fprintf(stderr, "Establishing TLS session with %s\n", ip);
433
}
434
346
347
348
gnutls_transport_set_ptr (es.session, (gnutls_transport_ptr_t) tcp_sd);
349
435
350
ret = gnutls_handshake (es.session);
436
351
437
352
if (ret != GNUTLS_E_SUCCESS){
438
if(debug){
439
fprintf(stderr, "\n*** Handshake failed ***\n");
440
gnutls_perror (ret);
441
}
353
fprintf(stderr, "\n*** Handshake failed ***\n");
354
gnutls_perror (ret);
442
355
retval = -1;
443
356
goto exit;
444
357
}
445
446
//Retrieve OpenPGP packet that contains the wanted password
447
448
if(debug){
449
fprintf(stderr, "Retrieving pgp encrypted password from %s\n",
450
ip);
451
}
452
358
359
//retrive password
453
360
while(true){
454
361
if (buffer_length + BUFFER_SIZE > buffer_capacity){
455
362
buffer = realloc(buffer, buffer_capacity + BUFFER_SIZE);
480
387
}
481
388
break;
482
389
default:
483
fprintf(stderr, "Unknown error while reading data from"
484
" encrypted session with mandos server\n");
390
fprintf(stderr, "Unknown error while reading data from encrypted session with mandos server\n");
485
391
retval = -1;
486
392
gnutls_bye (es.session, GNUTLS_SHUT_RDWR);
487
393
goto exit;
488
394
}
489
395
} else {
490
buffer_length += (size_t) ret;
396
buffer_length += ret;
491
397
}
492
398
}
493
399
494
400
if (buffer_length > 0){
495
decrypted_buffer_size = pgp_packet_decrypt(buffer,
496
buffer_length,
497
&decrypted_buffer,
498
certdir);
499
if (decrypted_buffer_size >= 0){
500
while(written < (size_t) decrypted_buffer_size){
501
ret = (int)fwrite (decrypted_buffer + written, 1,
502
(size_t)decrypted_buffer_size - written,
503
stdout);
504
if(ret == 0 and ferror(stdout)){
505
if(debug){
506
fprintf(stderr, "Error writing encrypted data: %s\n",
507
strerror(errno));
508
}
509
retval = -1;
510
break;
511
}
512
written += (size_t)ret;
513
}
401
if ((decrypted_buffer_size = gpg_packet_decrypt(buffer, buffer_length, &decrypted_buffer, CERT_ROOT)) == 0){
402
retval = -1;
403
} else {
404
fwrite (decrypted_buffer, 1, decrypted_buffer_size, stdout);
514
405
free(decrypted_buffer);
515
} else {
516
retval = -1;
517
406
}
518
407
}
519
408
409
free(buffer);
410
520
411
//shutdown procedure
521
522
if(debug){
523
fprintf(stderr, "Closing TLS session\n");
524
}
525
526
free(buffer);
527
412
gnutls_bye (es.session, GNUTLS_SHUT_RDWR);
528
413
exit:
529
414
close(tcp_sd);
538
423
539
424
static void resolve_callback(
540
425
AvahiSServiceResolver *r,
541
AvahiIfIndex interface,
426
AVAHI_GCC_UNUSED AvahiIfIndex interface,
542
427
AVAHI_GCC_UNUSED AvahiProtocol protocol,
543
428
AvahiResolverEvent event,
544
429
const char *name,
547
432
const char *host_name,
548
433
const AvahiAddress *address,
549
434
uint16_t port,
550
AVAHI_GCC_UNUSED AvahiStringList *txt,
551
AVAHI_GCC_UNUSED AvahiLookupResultFlags flags,
435
AvahiStringList *txt,
436
AvahiLookupResultFlags flags,
552
437
AVAHI_GCC_UNUSED void* userdata) {
553
438
554
assert(r); /* Spurious warning */
555
556
/* Called whenever a service has been resolved successfully or
557
timed out */
558
559
switch (event) {
560
default:
561
case AVAHI_RESOLVER_FAILURE:
562
fprintf(stderr, "(Resolver) Failed to resolve service '%s' of"
563
" type '%s' in domain '%s': %s\n", name, type, domain,
564
avahi_strerror(avahi_server_errno(server)));
565
break;
566
567
case AVAHI_RESOLVER_FOUND:
568
{
569
char ip[AVAHI_ADDRESS_STR_MAX];
570
avahi_address_snprint(ip, sizeof(ip), address);
571
if(debug){
572
fprintf(stderr, "Mandos server \"%s\" found on %s (%s) on"
573
" port %d\n", name, host_name, ip, port);
574
}
575
int ret = start_mandos_communication(ip, port, interface);
576
if (ret == 0){
577
exit(EXIT_SUCCESS);
578
}
439
assert(r);
440
441
/* Called whenever a service has been resolved successfully or timed out */
442
443
switch (event) {
444
case AVAHI_RESOLVER_FAILURE:
445
fprintf(stderr, "(Resolver) Failed to resolve service '%s' of type '%s' in domain '%s': %s\n", name, type, domain, avahi_strerror(avahi_server_errno(server)));
446
break;
447
448
case AVAHI_RESOLVER_FOUND: {
449
char ip[AVAHI_ADDRESS_STR_MAX];
450
avahi_address_snprint(ip, sizeof(ip), address);
451
int ret = start_mandos_communcation(ip, port);
452
if (ret == 0){
453
exit(EXIT_SUCCESS);
454
} else {
455
exit(EXIT_FAILURE);
456
}
457
}
579
458
}
580
}
581
avahi_s_service_resolver_free(r);
459
avahi_s_service_resolver_free(r);
582
460
}
583
461
584
462
static void browse_callback(
593
471
void* userdata) {
594
472
595
473
AvahiServer *s = userdata;
596
assert(b); /* Spurious warning */
597
598
/* Called whenever a new services becomes available on the LAN or
599
is removed from the LAN */
600
474
assert(b);
475
476
/* Called whenever a new services becomes available on the LAN or is removed from the LAN */
477
601
478
switch (event) {
602
default:
603
case AVAHI_BROWSER_FAILURE:
604
605
fprintf(stderr, "(Browser) %s\n",
606
avahi_strerror(avahi_server_errno(server)));
607
avahi_simple_poll_quit(simple_poll);
608
return;
609
610
case AVAHI_BROWSER_NEW:
611
/* We ignore the returned resolver object. In the callback
612
function we free it. If the server is terminated before
613
the callback function is called the server will free
614
the resolver for us. */
615
616
if (!(avahi_s_service_resolver_new(s, interface, protocol, name,
617
type, domain,
618
AVAHI_PROTO_INET6, 0,
619
resolve_callback, s)))
620
fprintf(stderr, "Failed to resolve service '%s': %s\n", name,
621
avahi_strerror(avahi_server_errno(s)));
622
break;
623
624
case AVAHI_BROWSER_REMOVE:
625
break;
626
627
case AVAHI_BROWSER_ALL_FOR_NOW:
628
case AVAHI_BROWSER_CACHE_EXHAUSTED:
629
break;
479
480
case AVAHI_BROWSER_FAILURE:
481
482
fprintf(stderr, "(Browser) %s\n", avahi_strerror(avahi_server_errno(server)));
483
avahi_simple_poll_quit(simple_poll);
484
return;
485
486
case AVAHI_BROWSER_NEW:
487
/* We ignore the returned resolver object. In the callback
488
function we free it. If the server is terminated before
489
the callback function is called the server will free
490
the resolver for us. */
491
492
if (!(avahi_s_service_resolver_new(s, interface, protocol, name, type, domain, AVAHI_PROTO_INET6, 0, resolve_callback, s)))
493
fprintf(stderr, "Failed to resolve service '%s': %s\n", name, avahi_strerror(avahi_server_errno(s)));
494
495
break;
496
497
case AVAHI_BROWSER_REMOVE:
498
break;
499
500
case AVAHI_BROWSER_ALL_FOR_NOW:
501
case AVAHI_BROWSER_CACHE_EXHAUSTED:
502
break;
630
503
}
631
504
}
632
505
633
/* Combines file name and path and returns the malloced new
634
string. some sane checks could/should be added */
635
static const char *combinepath(const char *first, const char *second){
636
size_t f_len = strlen(first);
637
size_t s_len = strlen(second);
638
char *tmp = malloc(f_len + s_len + 2);
639
if (tmp == NULL){
640
return NULL;
641
}
642
if(f_len > 0){
643
memcpy(tmp, first, f_len);
644
}
645
tmp[f_len] = '/';
646
if(s_len > 0){
647
memcpy(tmp + f_len + 1, second, s_len);
648
}
649
tmp[f_len + 1 + s_len] = '\0';
650
return tmp;
651
}
652
653
654
506
int main(AVAHI_GCC_UNUSED int argc, AVAHI_GCC_UNUSED char*argv[]) {
655
507
AvahiServerConfig config;
656
508
AvahiSServiceBrowser *sb = NULL;
657
509
int error;
658
int ret;
659
int returncode = EXIT_SUCCESS;
660
const char *interface = "eth0";
661
struct ifreq network;
662
int sd;
663
char *connect_to = NULL;
664
AvahiIfIndex if_index = AVAHI_IF_UNSPEC;
665
666
while (true){
667
static struct option long_options[] = {
668
{"debug", no_argument, (int *)&debug, 1},
669
{"connect", required_argument, 0, 'C'},
670
{"interface", required_argument, 0, 'i'},
671
{"certdir", required_argument, 0, 'd'},
672
{"certkey", required_argument, 0, 'c'},
673
{"certfile", required_argument, 0, 'k'},
674
{0, 0, 0, 0} };
675
676
int option_index = 0;
677
ret = getopt_long (argc, argv, "i:", long_options,
678
&option_index);
679
680
if (ret == -1){
681
break;
682
}
683
684
switch(ret){
685
case 0:
686
break;
687
case 'i':
688
interface = optarg;
689
break;
690
case 'C':
691
connect_to = optarg;
692
break;
693
case 'd':
694
certdir = optarg;
695
break;
696
case 'c':
697
certfile = optarg;
698
break;
699
case 'k':
700
certkey = optarg;
701
break;
702
default:
703
exit(EXIT_FAILURE);
704
}
705
}
706
707
certfile = combinepath(certdir, certfile);
708
if (certfile == NULL){
709
perror("combinepath");
710
returncode = EXIT_FAILURE;
711
goto exit;
712
}
510
int ret = 1;
713
511
714
certkey = combinepath(certdir, certkey);
715
if (certkey == NULL){
716
perror("combinepath");
717
returncode = EXIT_FAILURE;
718
goto exit;
719
}
720
721
if_index = (AvahiIfIndex) if_nametoindex(interface);
722
if(if_index == 0){
723
fprintf(stderr, "No such interface: \"%s\"\n", interface);
724
exit(EXIT_FAILURE);
725
}
726
727
if(connect_to != NULL){
728
/* Connect directly, do not use Zeroconf */
729
/* (Mainly meant for debugging) */
730
char *address = strrchr(connect_to, ':');
731
if(address == NULL){
732
fprintf(stderr, "No colon in address\n");
733
exit(EXIT_FAILURE);
734
}
735
errno = 0;
736
uint16_t port = (uint16_t) strtol(address+1, NULL, 10);
737
if(errno){
738
perror("Bad port number");
739
exit(EXIT_FAILURE);
740
}
741
*address = '\0';
742
address = connect_to;
743
ret = start_mandos_communication(address, port, if_index);
744
if(ret < 0){
745
exit(EXIT_FAILURE);
746
} else {
747
exit(EXIT_SUCCESS);
748
}
749
}
750
751
sd = socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP);
752
if(sd < 0) {
753
perror("socket");
754
returncode = EXIT_FAILURE;
755
goto exit;
756
}
757
strcpy(network.ifr_name, interface);
758
ret = ioctl(sd, SIOCGIFFLAGS, &network);
759
if(ret == -1){
760
761
perror("ioctl SIOCGIFFLAGS");
762
returncode = EXIT_FAILURE;
763
goto exit;
764
}
765
if((network.ifr_flags & IFF_UP) == 0){
766
network.ifr_flags |= IFF_UP;
767
ret = ioctl(sd, SIOCSIFFLAGS, &network);
768
if(ret == -1){
769
perror("ioctl SIOCSIFFLAGS");
770
returncode = EXIT_FAILURE;
771
goto exit;
772
}
773
}
774
close(sd);
775
776
if (not debug){
777
avahi_set_log_function(empty_log);
778
}
512
avahi_set_log_function(empty_log);
779
513
780
514
/* Initialize the psuedo-RNG */
781
srand((unsigned int) time(NULL));
515
srand(time(NULL));
782
516
783
517
/* Allocate main loop object */
784
518
if (!(simple_poll = avahi_simple_poll_new())) {
785
519
fprintf(stderr, "Failed to create simple poll object.\n");
786
returncode = EXIT_FAILURE;
787
goto exit;
520
goto fail;
788
521
}
789
522
790
523
/* Do not publish any local records */
794
527
config.publish_workstation = 0;
795
528
config.publish_domain = 0;
796
529
530
/* /\* Set a unicast DNS server for wide area DNS-SD *\/ */
531
/* avahi_address_parse("193.11.177.11", AVAHI_PROTO_UNSPEC, &config.wide_area_servers[0]); */
532
/* config.n_wide_area_servers = 1; */
533
/* config.enable_wide_area = 1; */
534
797
535
/* Allocate a new server */
798
server = avahi_server_new(avahi_simple_poll_get(simple_poll),
799
&config, NULL, NULL, &error);
536
server = avahi_server_new(avahi_simple_poll_get(simple_poll), &config, NULL, NULL, &error);
800
537
801
538
/* Free the configuration data */
802
539
avahi_server_config_free(&config);
803
540
804
/* Check if creating the server object succeeded */
541
/* Check wether creating the server object succeeded */
805
542
if (!server) {
806
fprintf(stderr, "Failed to create server: %s\n",
807
avahi_strerror(error));
808
returncode = EXIT_FAILURE;
809
goto exit;
543
fprintf(stderr, "Failed to create server: %s\n", avahi_strerror(error));
544
goto fail;
810
545
}
811
546
812
547
/* Create the service browser */
813
sb = avahi_s_service_browser_new(server, if_index,
814
AVAHI_PROTO_INET6,
815
"_mandos._tcp", NULL, 0,
816
browse_callback, server);
817
if (!sb) {
818
fprintf(stderr, "Failed to create service browser: %s\n",
819
avahi_strerror(avahi_server_errno(server)));
820
returncode = EXIT_FAILURE;
821
goto exit;
548
if (!(sb = avahi_s_service_browser_new(server, if_nametoindex("eth0"), AVAHI_PROTO_INET6, "_mandos._tcp", NULL, 0, browse_callback, server))) {
549
fprintf(stderr, "Failed to create service browser: %s\n", avahi_strerror(avahi_server_errno(server)));
550
goto fail;
822
551
}
823
552
824
553
/* Run the main loop */
825
826
if (debug){
827
fprintf(stderr, "Starting avahi loop search\n");
828
}
829
830
554
avahi_simple_poll_loop(simple_poll);
831
555
832
exit:
833
834
if (debug){
835
fprintf(stderr, "%s exiting\n", argv[0]);
836
}
556
ret = 0;
557
558
fail:
837
559
838
560
/* Cleanup things */
839
561
if (sb)
844
566
845
567
if (simple_poll)
846
568
avahi_simple_poll_free(simple_poll);
847
free(certfile);
848
free(certkey);
849
850
return returncode;
569
570
return ret;
851
571
}
Loggerhead is a web-based interface for Breezy
Version: 2.0.2.dev0