To get this branch, use:
bzr branch
http://bzr.recompile.se/loggerhead/mandos/release
« back to all changes in this revision
Viewing changes to plugins.d/mandosclient.c
- browse files at revision 20
- compare with another revision
- download diff
- download tarball
- view history from revision 20
- Committer: Teddy Hogeborn
- Date: 2008-07-21 04:42:08 UTC
- mfrom: (15.1.3 mandos)
- Revision ID: teddy@fukt.bsnet.se-20080721044208-y8v1sjmvalfiehrv
Merge.
- files removed:
- plugins.d/Makefile
- files modified:
- plugins.d/mandosclient.c
added
removed
plugins.d/mandosclient.c
1
/* $Id$ */
2
3
/* PLEASE NOTE *
4
* This file demonstrates how to use Avahi's core API, this is
5
* the embeddable mDNS stack for embedded applications.
6
*
7
* End user applications should *not* use this API and should use
8
* the D-Bus or C APIs, please see
9
* client-browse-services.c and glib-integration.c
10
*
11
* I repeat, you probably do *not* want to use this example.
12
*/
13
14
1
/***
15
2
This file is part of avahi.
16
3
63
50
#include <errno.h> /* perror() */
64
51
#include <gpgme.h>
65
52
53
// getopt long
54
#include <getopt.h>
66
55
67
56
#ifndef CERT_ROOT
68
57
#define CERT_ROOT "/conf/conf.d/cryptkeyreq/"
72
61
#define BUFFER_SIZE 256
73
62
#define DH_BITS 1024
74
63
64
bool debug = false;
65
char *interface = "eth0";
66
75
67
typedef struct {
76
68
gnutls_session_t session;
77
69
gnutls_certificate_credentials_t cred;
88
80
size_t new_packet_length = 0;
89
81
gpgme_engine_info_t engine_info;
90
82
83
if (debug){
84
fprintf(stderr, "Attempting to decrypt password from gpg packet\n");
85
}
86
91
87
/* Init GPGME */
92
88
gpgme_check_version(NULL);
93
89
gpgme_engine_check_version(GPGME_PROTOCOL_OpenPGP);
143
139
gpgme_strsource(rc), gpgme_strerror(rc));
144
140
return -1;
145
141
}
142
143
if(debug){
144
fprintf(stderr, "decryption of gpg packet succeeded\n");
145
}
146
147
if (debug){
148
gpgme_decrypt_result_t result;
149
result = gpgme_op_decrypt_result(ctx);
150
if (result == NULL){
151
fprintf(stderr, "gpgme_op_decrypt_result failed\n");
152
} else {
153
fprintf(stderr, "Unsupported algorithm: %s\n", result->unsupported_algorithm);
154
fprintf(stderr, "Wrong key usage: %d\n", result->wrong_key_usage);
155
if(result->file_name != NULL){
156
fprintf(stderr, "File name: %s\n", result->file_name);
157
}
158
gpgme_recipient_t recipient;
159
recipient = result->recipients;
160
if(recipient){
161
while(recipient != NULL){
162
fprintf(stderr, "Public key algorithm: %s\n",
163
gpgme_pubkey_algo_name(recipient->pubkey_algo));
164
fprintf(stderr, "Key ID: %s\n", recipient->keyid);
165
fprintf(stderr, "Secret key available: %s\n",
166
recipient->status == GPG_ERR_NO_SECKEY ? "No" : "Yes");
167
recipient = recipient->next;
168
}
169
}
170
}
171
}
146
172
147
/* gpgme_decrypt_result_t result; */
148
/* result = gpgme_op_decrypt_result(ctx); */
149
/* fprintf(stderr, "Unsupported algorithm: %s\n", result->unsupported_algorithm); */
150
/* fprintf(stderr, "Wrong key usage: %d\n", result->wrong_key_usage); */
151
/* if(result->file_name != NULL){ */
152
/* fprintf(stderr, "File name: %s\n", result->file_name); */
153
/* } */
154
/* gpgme_recipient_t recipient; */
155
/* recipient = result->recipients; */
156
/* if(recipient){ */
157
/* while(recipient != NULL){ */
158
/* fprintf(stderr, "Public key algorithm: %s\n", */
159
/* gpgme_pubkey_algo_name(recipient->pubkey_algo)); */
160
/* fprintf(stderr, "Key ID: %s\n", recipient->keyid); */
161
/* fprintf(stderr, "Secret key available: %s\n", */
162
/* recipient->status == GPG_ERR_NO_SECKEY ? "No" : "Yes"); */
163
/* recipient = recipient->next; */
164
/* } */
165
/* } */
166
167
173
/* Delete the GPGME FILE pointer cryptotext data buffer */
168
174
gpgme_data_release(dh_crypto);
169
175
194
200
new_packet_length += ret;
195
201
}
196
202
197
/* Delete the GPGME plaintext data buffer */
203
/* FIXME: check characters before printing to screen so to not print
204
terminal control characters */
205
/* if(debug){ */
206
/* fprintf(stderr, "decrypted password is: "); */
207
/* fwrite(*new_packet, 1, new_packet_length, stderr); */
208
/* fprintf(stderr, "\n"); */
209
/* } */
210
211
/* Delete the GPGME plaintext data buffer */
198
212
gpgme_data_release(dh_plain);
199
213
return new_packet_length;
200
214
}
213
227
int initgnutls(encrypted_session *es){
214
228
const char *err;
215
229
int ret;
230
231
if(debug){
232
fprintf(stderr, "Initializing gnutls\n");
233
}
234
216
235
217
236
if ((ret = gnutls_global_init ())
218
237
!= GNUTLS_E_SUCCESS) {
220
239
return -1;
221
240
}
222
241
223
/* Uncomment to enable full debuggin on the gnutls library */
224
/* gnutls_global_set_log_level(11); */
225
/* gnutls_global_set_log_function(debuggnutls); */
226
242
if (debug){
243
gnutls_global_set_log_level(11);
244
gnutls_global_set_log_function(debuggnutls);
245
}
246
227
247
228
248
/* openpgp credentials */
229
249
if ((ret = gnutls_certificate_allocate_credentials (&es->cred))
232
252
return -1;
233
253
}
234
254
255
if(debug){
256
fprintf(stderr, "Attempting to use openpgp certificate %s"
257
" and keyfile %s as gnutls credentials\n", CERTFILE, KEYFILE);
258
}
259
235
260
ret = gnutls_certificate_set_openpgp_key_file
236
261
(es->cred, CERTFILE, KEYFILE, GNUTLS_OPENPGP_FMT_BASE64);
237
262
if (ret != GNUTLS_E_SUCCESS) {
293
318
294
319
void empty_log(AvahiLogLevel level, const char *txt){}
295
320
296
int start_mandos_communcation(char *ip, uint16_t port){
321
int start_mandos_communication(char *ip, uint16_t port){
297
322
int ret, tcp_sd;
298
323
struct sockaddr_in6 to;
299
struct in6_addr ip_addr;
300
324
encrypted_session es;
301
325
char *buffer = NULL;
302
326
char *decrypted_buffer;
305
329
ssize_t decrypted_buffer_size;
306
330
int retval = 0;
307
331
332
if(debug){
333
fprintf(stderr, "Setting up a tcp connection to %s\n", ip);
334
}
308
335
309
336
tcp_sd = socket(PF_INET6, SOCK_STREAM, 0);
310
337
if(tcp_sd < 0) {
311
338
perror("socket");
312
339
return -1;
313
340
}
314
315
ret = setsockopt(tcp_sd, SOL_SOCKET, SO_BINDTODEVICE, "eth0", 5);
341
342
if(debug){
343
fprintf(stderr, "Binding to interface %s\n", interface);
344
}
345
346
ret = setsockopt(tcp_sd, SOL_SOCKET, SO_BINDTODEVICE, interface, 5);
316
347
if(tcp_sd < 0) {
317
348
perror("setsockopt bindtodevice");
318
349
return -1;
320
351
321
352
memset(&to,0,sizeof(to));
322
353
to.sin6_family = AF_INET6;
323
ret = inet_pton(AF_INET6, ip, &ip_addr);
354
ret = inet_pton(AF_INET6, ip, &to.sin6_addr);
324
355
if (ret < 0 ){
325
356
perror("inet_pton");
326
357
return -1;
330
361
return -1;
331
362
}
332
363
to.sin6_port = htons(port);
333
to.sin6_scope_id = if_nametoindex("eth0");
364
to.sin6_scope_id = if_nametoindex(interface);
365
366
if(debug){
367
fprintf(stderr, "Connection to: %s\n", ip);
368
}
334
369
335
370
ret = connect(tcp_sd, (struct sockaddr *) &to, sizeof(to));
336
371
if (ret < 0){
347
382
348
383
gnutls_transport_set_ptr (es.session, (gnutls_transport_ptr_t) tcp_sd);
349
384
385
if(debug){
386
fprintf(stderr, "Establishing tls session with %s\n", ip);
387
}
388
389
350
390
ret = gnutls_handshake (es.session);
351
391
352
392
if (ret != GNUTLS_E_SUCCESS){
356
396
goto exit;
357
397
}
358
398
359
//retrive password
399
//Retrieve gpg packet that contains the wanted password
400
401
if(debug){
402
fprintf(stderr, "Retrieving pgp encrypted password from %s\n", ip);
403
}
404
360
405
while(true){
361
406
if (buffer_length + BUFFER_SIZE > buffer_capacity){
362
407
buffer = realloc(buffer, buffer_capacity + BUFFER_SIZE);
396
441
buffer_length += ret;
397
442
}
398
443
}
399
444
400
445
if (buffer_length > 0){
401
if ((decrypted_buffer_size = gpg_packet_decrypt(buffer, buffer_length, &decrypted_buffer, CERT_ROOT)) == 0){
402
retval = -1;
403
} else {
446
if ((decrypted_buffer_size = gpg_packet_decrypt(buffer, buffer_length, &decrypted_buffer, CERT_ROOT)) >= 0){
404
447
fwrite (decrypted_buffer, 1, decrypted_buffer_size, stdout);
405
448
free(decrypted_buffer);
449
} else {
450
retval = -1;
406
451
}
407
452
}
408
453
454
//shutdown procedure
455
456
if(debug){
457
fprintf(stderr, "Closing tls session\n");
458
}
459
409
460
free(buffer);
410
411
//shutdown procedure
412
461
gnutls_bye (es.session, GNUTLS_SHUT_RDWR);
413
462
exit:
414
463
close(tcp_sd);
448
497
case AVAHI_RESOLVER_FOUND: {
449
498
char ip[AVAHI_ADDRESS_STR_MAX];
450
499
avahi_address_snprint(ip, sizeof(ip), address);
451
int ret = start_mandos_communcation(ip, port);
500
if(debug){
501
fprintf(stderr, "Mandos server found at %s on port %d\n", ip, port);
502
}
503
int ret = start_mandos_communication(ip, port);
452
504
if (ret == 0){
453
505
exit(EXIT_SUCCESS);
454
506
} else {
507
559
AvahiServerConfig config;
508
560
AvahiSServiceBrowser *sb = NULL;
509
561
int error;
510
int ret = 1;
511
512
avahi_set_log_function(empty_log);
562
int ret;
563
int returncode = EXIT_SUCCESS;
564
565
while (true){
566
static struct option long_options[] = {
567
{"debug", no_argument, (int *)&debug, 1},
568
{"interface", required_argument, 0, 'i'},
569
{0, 0, 0, 0} };
570
571
int option_index = 0;
572
ret = getopt_long (argc, argv, "i:", long_options, &option_index);
573
574
if (ret == -1){
575
break;
576
}
577
578
switch(ret){
579
case 0:
580
break;
581
case 'i':
582
interface = optarg;
583
break;
584
default:
585
exit(EXIT_FAILURE);
586
}
587
}
588
589
if (not debug){
590
avahi_set_log_function(empty_log);
591
}
513
592
514
593
/* Initialize the psuedo-RNG */
515
594
srand(time(NULL));
517
596
/* Allocate main loop object */
518
597
if (!(simple_poll = avahi_simple_poll_new())) {
519
598
fprintf(stderr, "Failed to create simple poll object.\n");
520
goto fail;
599
600
goto exit;
521
601
}
522
602
523
603
/* Do not publish any local records */
527
607
config.publish_workstation = 0;
528
608
config.publish_domain = 0;
529
609
530
/* /\* Set a unicast DNS server for wide area DNS-SD *\/ */
531
/* avahi_address_parse("193.11.177.11", AVAHI_PROTO_UNSPEC, &config.wide_area_servers[0]); */
532
/* config.n_wide_area_servers = 1; */
533
/* config.enable_wide_area = 1; */
534
535
610
/* Allocate a new server */
536
611
server = avahi_server_new(avahi_simple_poll_get(simple_poll), &config, NULL, NULL, &error);
537
612
538
613
/* Free the configuration data */
539
614
avahi_server_config_free(&config);
540
615
541
/* Check wether creating the server object succeeded */
616
/* Check if creating the server object succeeded */
542
617
if (!server) {
543
618
fprintf(stderr, "Failed to create server: %s\n", avahi_strerror(error));
544
goto fail;
619
returncode = EXIT_FAILURE;
620
goto exit;
545
621
}
546
622
547
623
/* Create the service browser */
548
624
if (!(sb = avahi_s_service_browser_new(server, if_nametoindex("eth0"), AVAHI_PROTO_INET6, "_mandos._tcp", NULL, 0, browse_callback, server))) {
549
625
fprintf(stderr, "Failed to create service browser: %s\n", avahi_strerror(avahi_server_errno(server)));
550
goto fail;
626
returncode = EXIT_FAILURE;
627
goto exit;
551
628
}
552
629
553
630
/* Run the main loop */
631
632
if (debug){
633
fprintf(stderr, "Starting avahi loop search\n");
634
}
635
554
636
avahi_simple_poll_loop(simple_poll);
555
637
556
ret = 0;
557
558
fail:
638
exit:
639
640
if (debug){
641
fprintf(stderr, "%s exiting\n", argv[0]);
642
}
559
643
560
644
/* Cleanup things */
561
645
if (sb)
567
651
if (simple_poll)
568
652
avahi_simple_poll_free(simple_poll);
569
653
570
return ret;
654
return returncode;
571
655
}
Loggerhead is a web-based interface for Breezy
Version: 2.0.2.dev0