To get this branch, use:
bzr branch
http://bzr.recompile.se/loggerhead/mandos/release
« back to all changes in this revision
Viewing changes to plugins.d/mandosclient.c
- browse files at revision 20
- compare with another revision
- download diff
- download tarball
- view history from revision 20
- Committer: Teddy Hogeborn
- Date: 2008-07-21 04:42:08 UTC
- mfrom: (15.1.3 mandos)
- Revision ID: teddy@fukt.bsnet.se-20080721044208-y8v1sjmvalfiehrv
Merge.
- files added:
- ca.pem
- files removed:
- mandos-client.xml
- files renamed:
- clients.conf => mandos-clients.conf
- mandos-client.c => plugbasedclient.c
- plugins.d/password-request.c => plugins.d/mandosclient.c
- plugins.d/password-prompt.c => plugins.d/passprompt.c
- mandos => server.py
- files modified:
- Makefile
added
removed
plugins.d/mandosclient.c
1
/* -*- coding: utf-8 -*- */
2
/*
3
* Mandos client - get and decrypt data from a Mandos server
4
*
5
* This program is partly derived from an example program for an Avahi
6
* service browser, downloaded from
7
* <http://avahi.org/browser/examples/core-browse-services.c>. This
8
* includes the following functions: "resolve_callback",
9
* "browse_callback", and parts of "main".
10
*
11
* Everything else is
12
* Copyright © 2007-2008 Teddy Hogeborn & Björn Påhlsson
13
*
14
* This program is free software: you can redistribute it and/or
15
* modify it under the terms of the GNU General Public License as
16
* published by the Free Software Foundation, either version 3 of the
17
* License, or (at your option) any later version.
18
*
19
* This program is distributed in the hope that it will be useful, but
20
* WITHOUT ANY WARRANTY; without even the implied warranty of
21
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
22
* General Public License for more details.
23
*
24
* You should have received a copy of the GNU General Public License
25
* along with this program. If not, see
26
* <http://www.gnu.org/licenses/>.
27
*
28
* Contact the authors at <mandos@fukt.bsnet.se>.
29
*/
1
/***
2
This file is part of avahi.
3
4
avahi is free software; you can redistribute it and/or modify it
5
under the terms of the GNU Lesser General Public License as
6
published by the Free Software Foundation; either version 2.1 of the
7
License, or (at your option) any later version.
8
9
avahi is distributed in the hope that it will be useful, but WITHOUT
10
ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
11
or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General
12
Public License for more details.
13
14
You should have received a copy of the GNU Lesser General Public
15
License along with avahi; if not, write to the Free Software
16
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
17
USA.
18
***/
30
19
31
/* Needed by GPGME, specifically gpgme_data_seek() */
32
20
#define _LARGEFILE_SOURCE
33
21
#define _FILE_OFFSET_BITS 64
34
22
35
#define _GNU_SOURCE /* TEMP_FAILURE_RETRY() */
36
37
#include <stdio.h> /* fprintf(), stderr, fwrite(), stdout, ferror() */
38
#include <stdint.h> /* uint16_t, uint32_t */
39
#include <stddef.h> /* NULL, size_t, ssize_t */
40
#include <stdlib.h> /* free() */
41
#include <stdbool.h> /* bool, true */
42
#include <string.h> /* memset(), strcmp(), strlen, strerror() */
43
#include <sys/ioctl.h> /* ioctl, ifreq, SIOCGIFFLAGS, IFF_UP,
44
SIOCSIFFLAGS */
45
#include <sys/types.h> /* socket(), inet_pton(), sockaddr,
46
sockaddr_in6, PF_INET6, SOCK_STREAM, INET6_ADDRSTRLEN */
47
#include <sys/socket.h> /* socket(), struct sockaddr_in6,
48
struct in6_addr, inet_pton(),
49
connect() */
23
#include <stdio.h>
50
24
#include <assert.h>
51
#include <errno.h> /* perror() */
25
#include <stdlib.h>
52
26
#include <time.h>
53
#include <net/if.h> /* ioctl, ifreq, SIOCGIFFLAGS, IFF_UP,
54
SIOCSIFFLAGS, if_indextoname(),
55
if_nametoindex(), IF_NAMESIZE */
56
#include <unistd.h> /* close(), SEEK_SET, off_t, write()*/
57
#include <netinet/in.h>
58
#include <arpa/inet.h> /* inet_pton(), htons */
59
#include <iso646.h> /* not */
60
#include <argp.h> /* struct argp_option,
61
struct argp_state, struct argp,
62
argp_parse() */
27
#include <net/if.h> /* if_nametoindex */
63
28
64
/* Avahi */
65
#include <avahi-core/core.h> /* AvahiSimplePoll, AvahiServer,
66
AvahiIfIndex */
29
#include <avahi-core/core.h>
67
30
#include <avahi-core/lookup.h>
68
#include <avahi-core/log.h> /* AvahiLogLevel */
31
#include <avahi-core/log.h>
69
32
#include <avahi-common/simple-watch.h>
70
33
#include <avahi-common/malloc.h>
71
34
#include <avahi-common/error.h>
72
35
73
/* GnuTLS */
74
#include <gnutls/gnutls.h> /* gnutls_certificate_credentials_t,
75
gnutls_dh_params_t,
76
gnutls_strerror(),
77
gnutls_global_init(),
78
gnutls_global_set_log_level(),
79
gnutls_global_set_log_function(),
80
gnutls_certificate_allocate_credentials(),
81
gnutls_global_deinit(),
82
gnutls_dh_params_init(),
83
gnutls_dh_params_generate(),
84
gnutls_certificate_set_dh_params(),
85
gnutls_certificate_free_credentials(),
86
gnutls_session_t, gnutls_init(),
87
gnutls_priority_set_direct(),
88
gnutls_deinit(),
89
gnutls_credentials_set(),
90
gnutls_certificate_server_set_request(),
91
gnutls_dh_set_prime_bits(),
92
gnutls_transport_set_ptr(),
93
gnutls_transport_ptr_t,
94
gnutls_handshake(),
95
gnutls_record_recv()
96
gnutls_perror(), gnutls_bye(),
97
init_gnutls_session(),
98
GNUTLS_E_SUCCESS,
99
GNUTLS_CRD_CERTIFICATE,
100
GNUTLS_CERT_IGNORE,
101
GNUTLS_E_INTERRUPTED,
102
GNUTLS_E_AGAIN,
103
GNUTLS_E_REHANDSHAKE,
104
GNUTLS_SHUT_RDWR, */
105
#include <gnutls/openpgp.h> /* gnutls_certificate_set_openpgp_key_file(),
106
GNUTLS_OPENPGP_FMT_BASE64 */
107
108
/* GPGME */
109
#include <gpgme.h> /* gpgme_data_t, gpgme_ctx_t,
110
gpgme_error_t, gpgme_engine_info_t,
111
gpgme_check_version(),
112
gpgme_engine_check_version(),
113
gpgme_strsource(),
114
gpgme_strerror(),
115
gpgme_get_engine_info(),
116
gpgme_set_engine_info(),
117
gpgme_data_new_from_mem(),
118
gpgme_data_new(), gpgme_new(),
119
gpgme_op_decrypt(),
120
gpgme_decrypt_result_t,
121
gpgme_op_decrypt_result(),
122
gpgme_recipient_t,
123
gpgme_pubkey_algo_name(),
124
gpgme_data_seek(),
125
gpgme_data_read(),
126
gpgme_data_release()
127
GPGME_PROTOCOL_OpenPGP,
128
GPG_ERR_NO_ERROR,
129
GPG_ERR_NO_SECKEY, */
130
36
//mandos client part
37
#include <sys/types.h> /* socket(), setsockopt(), inet_pton() */
38
#include <sys/socket.h> /* socket(), setsockopt(), struct sockaddr_in6, struct in6_addr, inet_pton() */
39
#include <gnutls/gnutls.h> /* ALL GNUTLS STUFF */
40
#include <gnutls/openpgp.h> /* gnutls with openpgp stuff */
41
42
#include <unistd.h> /* close() */
43
#include <netinet/in.h>
44
#include <stdbool.h> /* true */
45
#include <string.h> /* memset */
46
#include <arpa/inet.h> /* inet_pton() */
47
#include <iso646.h> /* not */
48
49
// gpgme
50
#include <errno.h> /* perror() */
51
#include <gpgme.h>
52
53
// getopt long
54
#include <getopt.h>
55
56
#ifndef CERT_ROOT
57
#define CERT_ROOT "/conf/conf.d/cryptkeyreq/"
58
#endif
59
#define CERTFILE CERT_ROOT "openpgp-client.txt"
60
#define KEYFILE CERT_ROOT "openpgp-client-key.txt"
131
61
#define BUFFER_SIZE 256
62
#define DH_BITS 1024
132
63
133
64
bool debug = false;
134
static const char *keydir = "/conf/conf.d/mandos";
135
static const char mandos_protocol_version[] = "1";
136
const char *argp_program_version = "mandosclient 0.9";
137
const char *argp_program_bug_address = "<mandos@fukt.bsnet.se>";
65
char *interface = "eth0";
138
66
139
/* Used for passing in values through the Avahi callback functions */
140
67
typedef struct {
141
AvahiSimplePoll *simple_poll;
142
AvahiServer *server;
68
gnutls_session_t session;
143
69
gnutls_certificate_credentials_t cred;
144
unsigned int dh_bits;
145
70
gnutls_dh_params_t dh_params;
146
const char *priority;
147
} mandos_context;
148
149
/*
150
* Make room in "buffer" for at least BUFFER_SIZE additional bytes.
151
* "buffer_capacity" is how much is currently allocated,
152
* "buffer_length" is how much is already used.
153
*/
154
size_t adjustbuffer(char **buffer, size_t buffer_length,
155
size_t buffer_capacity){
156
if (buffer_length + BUFFER_SIZE > buffer_capacity){
157
*buffer = realloc(*buffer, buffer_capacity + BUFFER_SIZE);
158
if (buffer == NULL){
159
return 0;
160
}
161
buffer_capacity += BUFFER_SIZE;
162
}
163
return buffer_capacity;
164
}
165
166
/*
167
* Decrypt OpenPGP data using keyrings in HOMEDIR.
168
* Returns -1 on error
169
*/
170
static ssize_t pgp_packet_decrypt (const char *cryptotext,
171
size_t crypto_size,
172
char **plaintext,
173
const char *homedir){
71
} encrypted_session;
72
73
74
ssize_t gpg_packet_decrypt (char *packet, size_t packet_size, char **new_packet, char *homedir){
174
75
gpgme_data_t dh_crypto, dh_plain;
175
76
gpgme_ctx_t ctx;
176
77
gpgme_error_t rc;
177
78
ssize_t ret;
178
size_t plaintext_capacity = 0;
179
ssize_t plaintext_length = 0;
79
size_t new_packet_capacity = 0;
80
size_t new_packet_length = 0;
180
81
gpgme_engine_info_t engine_info;
181
82
182
83
if (debug){
183
fprintf(stderr, "Trying to decrypt OpenPGP data\n");
84
fprintf(stderr, "Attempting to decrypt password from gpg packet\n");
184
85
}
185
86
186
87
/* Init GPGME */
187
88
gpgme_check_version(NULL);
188
rc = gpgme_engine_check_version(GPGME_PROTOCOL_OpenPGP);
189
if (rc != GPG_ERR_NO_ERROR){
190
fprintf(stderr, "bad gpgme_engine_check_version: %s: %s\n",
191
gpgme_strsource(rc), gpgme_strerror(rc));
192
return -1;
193
}
89
gpgme_engine_check_version(GPGME_PROTOCOL_OpenPGP);
194
90
195
/* Set GPGME home directory for the OpenPGP engine only */
91
/* Set GPGME home directory */
196
92
rc = gpgme_get_engine_info (&engine_info);
197
93
if (rc != GPG_ERR_NO_ERROR){
198
94
fprintf(stderr, "bad gpgme_get_engine_info: %s: %s\n",
208
104
engine_info = engine_info->next;
209
105
}
210
106
if(engine_info == NULL){
211
fprintf(stderr, "Could not set GPGME home dir to %s\n", homedir);
107
fprintf(stderr, "Could not set home dir to %s\n", homedir);
212
108
return -1;
213
109
}
214
110
215
/* Create new GPGME data buffer from memory cryptotext */
216
rc = gpgme_data_new_from_mem(&dh_crypto, cryptotext, crypto_size,
217
0);
111
/* Create new GPGME data buffer from packet buffer */
112
rc = gpgme_data_new_from_mem(&dh_crypto, packet, packet_size, 0);
218
113
if (rc != GPG_ERR_NO_ERROR){
219
114
fprintf(stderr, "bad gpgme_data_new_from_mem: %s: %s\n",
220
115
gpgme_strsource(rc), gpgme_strerror(rc));
226
121
if (rc != GPG_ERR_NO_ERROR){
227
122
fprintf(stderr, "bad gpgme_data_new: %s: %s\n",
228
123
gpgme_strsource(rc), gpgme_strerror(rc));
229
gpgme_data_release(dh_crypto);
230
124
return -1;
231
125
}
232
126
235
129
if (rc != GPG_ERR_NO_ERROR){
236
130
fprintf(stderr, "bad gpgme_new: %s: %s\n",
237
131
gpgme_strsource(rc), gpgme_strerror(rc));
238
plaintext_length = -1;
239
goto decrypt_end;
132
return -1;
240
133
}
241
134
242
/* Decrypt data from the cryptotext data buffer to the plaintext
243
data buffer */
135
/* Decrypt data from the FILE pointer to the plaintext data buffer */
244
136
rc = gpgme_op_decrypt(ctx, dh_crypto, dh_plain);
245
137
if (rc != GPG_ERR_NO_ERROR){
246
138
fprintf(stderr, "bad gpgme_op_decrypt: %s: %s\n",
247
139
gpgme_strsource(rc), gpgme_strerror(rc));
248
plaintext_length = -1;
249
goto decrypt_end;
140
return -1;
250
141
}
251
142
252
143
if(debug){
253
fprintf(stderr, "Decryption of OpenPGP data succeeded\n");
144
fprintf(stderr, "decryption of gpg packet succeeded\n");
254
145
}
255
146
256
147
if (debug){
257
148
gpgme_decrypt_result_t result;
258
149
result = gpgme_op_decrypt_result(ctx);
259
150
if (result == NULL){
260
151
fprintf(stderr, "gpgme_op_decrypt_result failed\n");
261
152
} else {
262
fprintf(stderr, "Unsupported algorithm: %s\n",
263
result->unsupported_algorithm);
264
fprintf(stderr, "Wrong key usage: %d\n",
265
result->wrong_key_usage);
153
fprintf(stderr, "Unsupported algorithm: %s\n", result->unsupported_algorithm);
154
fprintf(stderr, "Wrong key usage: %d\n", result->wrong_key_usage);
266
155
if(result->file_name != NULL){
267
156
fprintf(stderr, "File name: %s\n", result->file_name);
268
157
}
274
163
gpgme_pubkey_algo_name(recipient->pubkey_algo));
275
164
fprintf(stderr, "Key ID: %s\n", recipient->keyid);
276
165
fprintf(stderr, "Secret key available: %s\n",
277
recipient->status == GPG_ERR_NO_SECKEY
278
? "No" : "Yes");
166
recipient->status == GPG_ERR_NO_SECKEY ? "No" : "Yes");
279
167
recipient = recipient->next;
280
168
}
281
169
}
282
170
}
283
171
}
284
172
173
/* Delete the GPGME FILE pointer cryptotext data buffer */
174
gpgme_data_release(dh_crypto);
175
285
176
/* Seek back to the beginning of the GPGME plaintext data buffer */
286
if (gpgme_data_seek(dh_plain, (off_t) 0, SEEK_SET) == -1){
287
perror("pgpme_data_seek");
288
plaintext_length = -1;
289
goto decrypt_end;
290
}
291
292
*plaintext = NULL;
177
gpgme_data_seek(dh_plain, 0, SEEK_SET);
178
179
*new_packet = 0;
293
180
while(true){
294
plaintext_capacity = adjustbuffer(plaintext,
295
(size_t)plaintext_length,
296
plaintext_capacity);
297
if (plaintext_capacity == 0){
298
perror("adjustbuffer");
299
plaintext_length = -1;
300
goto decrypt_end;
181
if (new_packet_length + BUFFER_SIZE > new_packet_capacity){
182
*new_packet = realloc(*new_packet, new_packet_capacity + BUFFER_SIZE);
183
if (*new_packet == NULL){
184
perror("realloc");
185
return -1;
186
}
187
new_packet_capacity += BUFFER_SIZE;
301
188
}
302
189
303
ret = gpgme_data_read(dh_plain, *plaintext + plaintext_length,
304
BUFFER_SIZE);
190
ret = gpgme_data_read(dh_plain, *new_packet + new_packet_length, BUFFER_SIZE);
305
191
/* Print the data, if any */
306
192
if (ret == 0){
307
/* EOF */
193
/* If password is empty, then a incorrect error will be printed */
308
194
break;
309
195
}
310
196
if(ret < 0){
311
197
perror("gpgme_data_read");
312
plaintext_length = -1;
313
goto decrypt_end;
198
return -1;
314
199
}
315
plaintext_length += ret;
200
new_packet_length += ret;
316
201
}
317
202
318
if(debug){
319
fprintf(stderr, "Decrypted password is: ");
320
for(ssize_t i = 0; i < plaintext_length; i++){
321
fprintf(stderr, "%02hhX ", (*plaintext)[i]);
322
}
323
fprintf(stderr, "\n");
324
}
325
326
decrypt_end:
327
328
/* Delete the GPGME cryptotext data buffer */
329
gpgme_data_release(dh_crypto);
203
/* FIXME: check characters before printing to screen so to not print
204
terminal control characters */
205
/* if(debug){ */
206
/* fprintf(stderr, "decrypted password is: "); */
207
/* fwrite(*new_packet, 1, new_packet_length, stderr); */
208
/* fprintf(stderr, "\n"); */
209
/* } */
330
210
331
211
/* Delete the GPGME plaintext data buffer */
332
212
gpgme_data_release(dh_plain);
333
return plaintext_length;
213
return new_packet_length;
334
214
}
335
215
336
216
static const char * safer_gnutls_strerror (int value) {
340
220
return ret;
341
221
}
342
222
343
/* GnuTLS log function callback */
344
static void debuggnutls(__attribute__((unused)) int level,
345
const char* string){
346
fprintf(stderr, "GnuTLS: %s", string);
223
void debuggnutls(int level, const char* string){
224
fprintf(stderr, "%s", string);
347
225
}
348
226
349
static int init_gnutls_global(mandos_context *mc,
350
const char *pubkeyfile,
351
const char *seckeyfile){
227
int initgnutls(encrypted_session *es){
228
const char *err;
352
229
int ret;
353
230
354
231
if(debug){
355
fprintf(stderr, "Initializing GnuTLS\n");
232
fprintf(stderr, "Initializing gnutls\n");
356
233
}
357
234
235
358
236
if ((ret = gnutls_global_init ())
359
237
!= GNUTLS_E_SUCCESS) {
360
fprintf (stderr, "GnuTLS global_init: %s\n",
361
safer_gnutls_strerror(ret));
238
fprintf (stderr, "global_init: %s\n", safer_gnutls_strerror(ret));
362
239
return -1;
363
240
}
364
241
365
242
if (debug){
366
/* "Use a log level over 10 to enable all debugging options."
367
* - GnuTLS manual
368
*/
369
243
gnutls_global_set_log_level(11);
370
244
gnutls_global_set_log_function(debuggnutls);
371
245
}
372
246
373
/* OpenPGP credentials */
374
if ((ret = gnutls_certificate_allocate_credentials (&mc->cred))
247
248
/* openpgp credentials */
249
if ((ret = gnutls_certificate_allocate_credentials (&es->cred))
375
250
!= GNUTLS_E_SUCCESS) {
376
fprintf (stderr, "GnuTLS memory error: %s\n",
377
safer_gnutls_strerror(ret));
378
gnutls_global_deinit ();
251
fprintf (stderr, "memory error: %s\n", safer_gnutls_strerror(ret));
379
252
return -1;
380
253
}
381
254
382
255
if(debug){
383
fprintf(stderr, "Attempting to use OpenPGP certificate %s"
384
" and keyfile %s as GnuTLS credentials\n", pubkeyfile,
385
seckeyfile);
256
fprintf(stderr, "Attempting to use openpgp certificate %s"
257
" and keyfile %s as gnutls credentials\n", CERTFILE, KEYFILE);
386
258
}
387
259
388
260
ret = gnutls_certificate_set_openpgp_key_file
389
(mc->cred, pubkeyfile, seckeyfile, GNUTLS_OPENPGP_FMT_BASE64);
390
if (ret != GNUTLS_E_SUCCESS) {
391
fprintf(stderr,
392
"Error[%d] while reading the OpenPGP key pair ('%s',"
393
" '%s')\n", ret, pubkeyfile, seckeyfile);
394
fprintf(stdout, "The GnuTLS error is: %s\n",
395
safer_gnutls_strerror(ret));
396
goto globalfail;
397
}
398
399
/* GnuTLS server initialization */
400
ret = gnutls_dh_params_init(&mc->dh_params);
401
if (ret != GNUTLS_E_SUCCESS) {
402
fprintf (stderr, "Error in GnuTLS DH parameter initialization:"
403
" %s\n", safer_gnutls_strerror(ret));
404
goto globalfail;
405
}
406
ret = gnutls_dh_params_generate2(mc->dh_params, mc->dh_bits);
407
if (ret != GNUTLS_E_SUCCESS) {
408
fprintf (stderr, "Error in GnuTLS prime generation: %s\n",
409
safer_gnutls_strerror(ret));
410
goto globalfail;
411
}
412
413
gnutls_certificate_set_dh_params(mc->cred, mc->dh_params);
414
415
return 0;
416
417
globalfail:
418
419
gnutls_certificate_free_credentials(mc->cred);
420
gnutls_global_deinit();
421
return -1;
422
423
}
424
425
static int init_gnutls_session(mandos_context *mc,
426
gnutls_session_t *session){
427
int ret;
428
/* GnuTLS session creation */
429
ret = gnutls_init(session, GNUTLS_SERVER);
430
if (ret != GNUTLS_E_SUCCESS){
431
fprintf(stderr, "Error in GnuTLS session initialization: %s\n",
432
safer_gnutls_strerror(ret));
433
}
434
435
{
436
const char *err;
437
ret = gnutls_priority_set_direct(*session, mc->priority, &err);
438
if (ret != GNUTLS_E_SUCCESS) {
439
fprintf(stderr, "Syntax error at: %s\n", err);
440
fprintf(stderr, "GnuTLS error: %s\n",
441
safer_gnutls_strerror(ret));
442
gnutls_deinit (*session);
443
return -1;
444
}
445
}
446
447
ret = gnutls_credentials_set(*session, GNUTLS_CRD_CERTIFICATE,
448
mc->cred);
449
if (ret != GNUTLS_E_SUCCESS) {
450
fprintf(stderr, "Error setting GnuTLS credentials: %s\n",
451
safer_gnutls_strerror(ret));
452
gnutls_deinit (*session);
453
return -1;
454
}
455
261
(es->cred, CERTFILE, KEYFILE, GNUTLS_OPENPGP_FMT_BASE64);
262
if (ret != GNUTLS_E_SUCCESS) {
263
fprintf
264
(stderr, "Error[%d] while reading the OpenPGP key pair ('%s', '%s')\n",
265
ret, CERTFILE, KEYFILE);
266
fprintf(stdout, "The Error is: %s\n",
267
safer_gnutls_strerror(ret));
268
return -1;
269
}
270
271
//Gnutls server initialization
272
if ((ret = gnutls_dh_params_init (&es->dh_params))
273
!= GNUTLS_E_SUCCESS) {
274
fprintf (stderr, "Error in dh parameter initialization: %s\n",
275
safer_gnutls_strerror(ret));
276
return -1;
277
}
278
279
if ((ret = gnutls_dh_params_generate2 (es->dh_params, DH_BITS))
280
!= GNUTLS_E_SUCCESS) {
281
fprintf (stderr, "Error in prime generation: %s\n",
282
safer_gnutls_strerror(ret));
283
return -1;
284
}
285
286
gnutls_certificate_set_dh_params (es->cred, es->dh_params);
287
288
// Gnutls session creation
289
if ((ret = gnutls_init (&es->session, GNUTLS_SERVER))
290
!= GNUTLS_E_SUCCESS){
291
fprintf(stderr, "Error in gnutls session initialization: %s\n",
292
safer_gnutls_strerror(ret));
293
}
294
295
if ((ret = gnutls_priority_set_direct (es->session, "NORMAL", &err))
296
!= GNUTLS_E_SUCCESS) {
297
fprintf(stderr, "Syntax error at: %s\n", err);
298
fprintf(stderr, "Gnutls error: %s\n",
299
safer_gnutls_strerror(ret));
300
return -1;
301
}
302
303
if ((ret = gnutls_credentials_set
304
(es->session, GNUTLS_CRD_CERTIFICATE, es->cred))
305
!= GNUTLS_E_SUCCESS) {
306
fprintf(stderr, "Error setting a credentials set: %s\n",
307
safer_gnutls_strerror(ret));
308
return -1;
309
}
310
456
311
/* ignore client certificate if any. */
457
gnutls_certificate_server_set_request (*session,
458
GNUTLS_CERT_IGNORE);
312
gnutls_certificate_server_set_request (es->session, GNUTLS_CERT_IGNORE);
459
313
460
gnutls_dh_set_prime_bits (*session, mc->dh_bits);
314
gnutls_dh_set_prime_bits (es->session, DH_BITS);
461
315
462
316
return 0;
463
317
}
464
318
465
/* Avahi log function callback */
466
static void empty_log(__attribute__((unused)) AvahiLogLevel level,
467
__attribute__((unused)) const char *txt){}
319
void empty_log(AvahiLogLevel level, const char *txt){}
468
320
469
/* Called when a Mandos server is found */
470
static int start_mandos_communication(const char *ip, uint16_t port,
471
AvahiIfIndex if_index,
472
mandos_context *mc){
321
int start_mandos_communication(char *ip, uint16_t port){
473
322
int ret, tcp_sd;
474
union { struct sockaddr in; struct sockaddr_in6 in6; } to;
323
struct sockaddr_in6 to;
324
encrypted_session es;
475
325
char *buffer = NULL;
476
326
char *decrypted_buffer;
477
327
size_t buffer_length = 0;
478
328
size_t buffer_capacity = 0;
479
329
ssize_t decrypted_buffer_size;
480
size_t written;
481
330
int retval = 0;
482
char interface[IF_NAMESIZE];
483
gnutls_session_t session;
484
485
ret = init_gnutls_session (mc, &session);
486
if (ret != 0){
487
return -1;
488
}
489
331
490
332
if(debug){
491
fprintf(stderr, "Setting up a tcp connection to %s, port %d\n",
492
ip, port);
333
fprintf(stderr, "Setting up a tcp connection to %s\n", ip);
493
334
}
494
335
495
336
tcp_sd = socket(PF_INET6, SOCK_STREAM, 0);
499
340
}
500
341
501
342
if(debug){
502
if(if_indextoname((unsigned int)if_index, interface) == NULL){
503
perror("if_indextoname");
504
return -1;
505
}
506
343
fprintf(stderr, "Binding to interface %s\n", interface);
507
344
}
345
346
ret = setsockopt(tcp_sd, SOL_SOCKET, SO_BINDTODEVICE, interface, 5);
347
if(tcp_sd < 0) {
348
perror("setsockopt bindtodevice");
349
return -1;
350
}
508
351
509
memset(&to,0,sizeof(to)); /* Spurious warning */
510
to.in6.sin6_family = AF_INET6;
511
/* It would be nice to have a way to detect if we were passed an
512
IPv4 address here. Now we assume an IPv6 address. */
513
ret = inet_pton(AF_INET6, ip, &to.in6.sin6_addr);
352
memset(&to,0,sizeof(to));
353
to.sin6_family = AF_INET6;
354
ret = inet_pton(AF_INET6, ip, &to.sin6_addr);
514
355
if (ret < 0 ){
515
356
perror("inet_pton");
516
357
return -1;
517
}
358
}
518
359
if(ret == 0){
519
360
fprintf(stderr, "Bad address: %s\n", ip);
520
361
return -1;
521
362
}
522
to.in6.sin6_port = htons(port); /* Spurious warning */
523
524
to.in6.sin6_scope_id = (uint32_t)if_index;
525
363
to.sin6_port = htons(port);
364
to.sin6_scope_id = if_nametoindex(interface);
365
526
366
if(debug){
527
fprintf(stderr, "Connection to: %s, port %d\n", ip, port);
528
char addrstr[INET6_ADDRSTRLEN] = "";
529
if(inet_ntop(to.in6.sin6_family, &(to.in6.sin6_addr), addrstr,
530
sizeof(addrstr)) == NULL){
531
perror("inet_ntop");
532
} else {
533
if(strcmp(addrstr, ip) != 0){
534
fprintf(stderr, "Canonical address form: %s\n", addrstr);
535
}
536
}
367
fprintf(stderr, "Connection to: %s\n", ip);
537
368
}
538
369
539
ret = connect(tcp_sd, &to.in, sizeof(to));
370
ret = connect(tcp_sd, (struct sockaddr *) &to, sizeof(to));
540
371
if (ret < 0){
541
372
perror("connect");
542
373
return -1;
543
374
}
375
376
ret = initgnutls (&es);
377
if (ret != 0){
378
retval = -1;
379
return -1;
380
}
381
382
383
gnutls_transport_set_ptr (es.session, (gnutls_transport_ptr_t) tcp_sd);
544
384
545
const char *out = mandos_protocol_version;
546
written = 0;
547
while (true){
548
size_t out_size = strlen(out);
549
ret = TEMP_FAILURE_RETRY(write(tcp_sd, out + written,
550
out_size - written));
551
if (ret == -1){
552
perror("write");
553
retval = -1;
554
goto mandos_end;
555
}
556
written += (size_t)ret;
557
if(written < out_size){
558
continue;
559
} else {
560
if (out == mandos_protocol_version){
561
written = 0;
562
out = "\r\n";
563
} else {
564
break;
565
}
566
}
567
}
568
569
385
if(debug){
570
fprintf(stderr, "Establishing TLS session with %s\n", ip);
386
fprintf(stderr, "Establishing tls session with %s\n", ip);
571
387
}
572
573
gnutls_transport_set_ptr (session, (gnutls_transport_ptr_t) tcp_sd);
574
575
ret = gnutls_handshake (session);
388
389
390
ret = gnutls_handshake (es.session);
576
391
577
392
if (ret != GNUTLS_E_SUCCESS){
578
if(debug){
579
fprintf(stderr, "*** GnuTLS Handshake failed ***\n");
580
gnutls_perror (ret);
581
}
393
fprintf(stderr, "\n*** Handshake failed ***\n");
394
gnutls_perror (ret);
582
395
retval = -1;
583
goto mandos_end;
396
goto exit;
584
397
}
585
586
/* Read OpenPGP packet that contains the wanted password */
587
398
399
//Retrieve gpg packet that contains the wanted password
400
588
401
if(debug){
589
fprintf(stderr, "Retrieving pgp encrypted password from %s\n",
590
ip);
402
fprintf(stderr, "Retrieving pgp encrypted password from %s\n", ip);
591
403
}
592
404
593
405
while(true){
594
buffer_capacity = adjustbuffer(&buffer, buffer_length,
595
buffer_capacity);
596
if (buffer_capacity == 0){
597
perror("adjustbuffer");
598
retval = -1;
599
goto mandos_end;
406
if (buffer_length + BUFFER_SIZE > buffer_capacity){
407
buffer = realloc(buffer, buffer_capacity + BUFFER_SIZE);
408
if (buffer == NULL){
409
perror("realloc");
410
goto exit;
411
}
412
buffer_capacity += BUFFER_SIZE;
600
413
}
601
414
602
ret = gnutls_record_recv(session, buffer+buffer_length,
603
BUFFER_SIZE);
415
ret = gnutls_record_recv
416
(es.session, buffer+buffer_length, BUFFER_SIZE);
604
417
if (ret == 0){
605
418
break;
606
419
}
610
423
case GNUTLS_E_AGAIN:
611
424
break;
612
425
case GNUTLS_E_REHANDSHAKE:
613
ret = gnutls_handshake (session);
426
ret = gnutls_handshake (es.session);
614
427
if (ret < 0){
615
fprintf(stderr, "*** GnuTLS Re-handshake failed ***\n");
428
fprintf(stderr, "\n*** Handshake failed ***\n");
616
429
gnutls_perror (ret);
617
430
retval = -1;
618
goto mandos_end;
431
goto exit;
619
432
}
620
433
break;
621
434
default:
622
fprintf(stderr, "Unknown error while reading data from"
623
" encrypted session with Mandos server\n");
435
fprintf(stderr, "Unknown error while reading data from encrypted session with mandos server\n");
624
436
retval = -1;
625
gnutls_bye (session, GNUTLS_SHUT_RDWR);
626
goto mandos_end;
437
gnutls_bye (es.session, GNUTLS_SHUT_RDWR);
438
goto exit;
627
439
}
628
440
} else {
629
buffer_length += (size_t) ret;
441
buffer_length += ret;
630
442
}
631
443
}
632
444
633
if(debug){
634
fprintf(stderr, "Closing TLS session\n");
635
}
636
637
gnutls_bye (session, GNUTLS_SHUT_RDWR);
638
639
445
if (buffer_length > 0){
640
decrypted_buffer_size = pgp_packet_decrypt(buffer,
641
buffer_length,
642
&decrypted_buffer,
643
keydir);
644
if (decrypted_buffer_size >= 0){
645
written = 0;
646
while(written < (size_t) decrypted_buffer_size){
647
ret = (int)fwrite (decrypted_buffer + written, 1,
648
(size_t)decrypted_buffer_size - written,
649
stdout);
650
if(ret == 0 and ferror(stdout)){
651
if(debug){
652
fprintf(stderr, "Error writing encrypted data: %s\n",
653
strerror(errno));
654
}
655
retval = -1;
656
break;
657
}
658
written += (size_t)ret;
659
}
446
if ((decrypted_buffer_size = gpg_packet_decrypt(buffer, buffer_length, &decrypted_buffer, CERT_ROOT)) >= 0){
447
fwrite (decrypted_buffer, 1, decrypted_buffer_size, stdout);
660
448
free(decrypted_buffer);
661
449
} else {
662
450
retval = -1;
663
451
}
664
452
}
665
666
/* Shutdown procedure */
667
668
mandos_end:
453
454
//shutdown procedure
455
456
if(debug){
457
fprintf(stderr, "Closing tls session\n");
458
}
459
669
460
free(buffer);
461
gnutls_bye (es.session, GNUTLS_SHUT_RDWR);
462
exit:
670
463
close(tcp_sd);
671
gnutls_deinit (session);
464
gnutls_deinit (es.session);
465
gnutls_certificate_free_credentials (es.cred);
466
gnutls_global_deinit ();
672
467
return retval;
673
468
}
674
469
675
static void resolve_callback(AvahiSServiceResolver *r,
676
AvahiIfIndex interface,
677
AVAHI_GCC_UNUSED AvahiProtocol protocol,
678
AvahiResolverEvent event,
679
const char *name,
680
const char *type,
681
const char *domain,
682
const char *host_name,
683
const AvahiAddress *address,
684
uint16_t port,
685
AVAHI_GCC_UNUSED AvahiStringList *txt,
686
AVAHI_GCC_UNUSED AvahiLookupResultFlags
687
flags,
688
void* userdata) {
689
mandos_context *mc = userdata;
690
assert(r); /* Spurious warning */
691
692
/* Called whenever a service has been resolved successfully or
693
timed out */
694
695
switch (event) {
696
default:
697
case AVAHI_RESOLVER_FAILURE:
698
fprintf(stderr, "(Avahi Resolver) Failed to resolve service '%s'"
699
" of type '%s' in domain '%s': %s\n", name, type, domain,
700
avahi_strerror(avahi_server_errno(mc->server)));
701
break;
702
703
case AVAHI_RESOLVER_FOUND:
704
{
705
char ip[AVAHI_ADDRESS_STR_MAX];
706
avahi_address_snprint(ip, sizeof(ip), address);
707
if(debug){
708
fprintf(stderr, "Mandos server \"%s\" found on %s (%s, %d) on"
709
" port %d\n", name, host_name, ip, interface, port);
710
}
711
int ret = start_mandos_communication(ip, port, interface, mc);
712
if (ret == 0){
713
exit(EXIT_SUCCESS);
714
}
715
}
716
}
717
avahi_s_service_resolver_free(r);
718
}
719
720
static void browse_callback( AvahiSServiceBrowser *b,
721
AvahiIfIndex interface,
722
AvahiProtocol protocol,
723
AvahiBrowserEvent event,
724
const char *name,
725
const char *type,
726
const char *domain,
727
AVAHI_GCC_UNUSED AvahiLookupResultFlags
728
flags,
729
void* userdata) {
730
mandos_context *mc = userdata;
731
assert(b); /* Spurious warning */
732
733
/* Called whenever a new services becomes available on the LAN or
734
is removed from the LAN */
735
736
switch (event) {
737
default:
738
case AVAHI_BROWSER_FAILURE:
739
740
fprintf(stderr, "(Avahi browser) %s\n",
741
avahi_strerror(avahi_server_errno(mc->server)));
742
avahi_simple_poll_quit(mc->simple_poll);
743
return;
744
745
case AVAHI_BROWSER_NEW:
746
/* We ignore the returned Avahi resolver object. In the callback
747
function we free it. If the Avahi server is terminated before
748
the callback function is called the Avahi server will free the
749
resolver for us. */
750
751
if (!(avahi_s_service_resolver_new(mc->server, interface,
752
protocol, name, type, domain,
753
AVAHI_PROTO_INET6, 0,
754
resolve_callback, mc)))
755
fprintf(stderr, "Avahi: Failed to resolve service '%s': %s\n",
756
name, avahi_strerror(avahi_server_errno(mc->server)));
757
break;
758
759
case AVAHI_BROWSER_REMOVE:
760
break;
761
762
case AVAHI_BROWSER_ALL_FOR_NOW:
763
case AVAHI_BROWSER_CACHE_EXHAUSTED:
764
if(debug){
765
fprintf(stderr, "No Mandos server found, still searching...\n");
766
}
767
break;
768
}
769
}
770
771
/* Combines file name and path and returns the malloced new
772
string. some sane checks could/should be added */
773
static const char *combinepath(const char *first, const char *second){
774
size_t f_len = strlen(first);
775
size_t s_len = strlen(second);
776
char *tmp = malloc(f_len + s_len + 2);
777
if (tmp == NULL){
778
return NULL;
779
}
780
if(f_len > 0){
781
memcpy(tmp, first, f_len); /* Spurious warning */
782
}
783
tmp[f_len] = '/';
784
if(s_len > 0){
785
memcpy(tmp + f_len + 1, second, s_len); /* Spurious warning */
786
}
787
tmp[f_len + 1 + s_len] = '\0';
788
return tmp;
789
}
790
791
792
int main(int argc, char *argv[]){
470
static AvahiSimplePoll *simple_poll = NULL;
471
static AvahiServer *server = NULL;
472
473
static void resolve_callback(
474
AvahiSServiceResolver *r,
475
AVAHI_GCC_UNUSED AvahiIfIndex interface,
476
AVAHI_GCC_UNUSED AvahiProtocol protocol,
477
AvahiResolverEvent event,
478
const char *name,
479
const char *type,
480
const char *domain,
481
const char *host_name,
482
const AvahiAddress *address,
483
uint16_t port,
484
AvahiStringList *txt,
485
AvahiLookupResultFlags flags,
486
AVAHI_GCC_UNUSED void* userdata) {
487
488
assert(r);
489
490
/* Called whenever a service has been resolved successfully or timed out */
491
492
switch (event) {
493
case AVAHI_RESOLVER_FAILURE:
494
fprintf(stderr, "(Resolver) Failed to resolve service '%s' of type '%s' in domain '%s': %s\n", name, type, domain, avahi_strerror(avahi_server_errno(server)));
495
break;
496
497
case AVAHI_RESOLVER_FOUND: {
498
char ip[AVAHI_ADDRESS_STR_MAX];
499
avahi_address_snprint(ip, sizeof(ip), address);
500
if(debug){
501
fprintf(stderr, "Mandos server found at %s on port %d\n", ip, port);
502
}
503
int ret = start_mandos_communication(ip, port);
504
if (ret == 0){
505
exit(EXIT_SUCCESS);
506
} else {
507
exit(EXIT_FAILURE);
508
}
509
}
510
}
511
avahi_s_service_resolver_free(r);
512
}
513
514
static void browse_callback(
515
AvahiSServiceBrowser *b,
516
AvahiIfIndex interface,
517
AvahiProtocol protocol,
518
AvahiBrowserEvent event,
519
const char *name,
520
const char *type,
521
const char *domain,
522
AVAHI_GCC_UNUSED AvahiLookupResultFlags flags,
523
void* userdata) {
524
525
AvahiServer *s = userdata;
526
assert(b);
527
528
/* Called whenever a new services becomes available on the LAN or is removed from the LAN */
529
530
switch (event) {
531
532
case AVAHI_BROWSER_FAILURE:
533
534
fprintf(stderr, "(Browser) %s\n", avahi_strerror(avahi_server_errno(server)));
535
avahi_simple_poll_quit(simple_poll);
536
return;
537
538
case AVAHI_BROWSER_NEW:
539
/* We ignore the returned resolver object. In the callback
540
function we free it. If the server is terminated before
541
the callback function is called the server will free
542
the resolver for us. */
543
544
if (!(avahi_s_service_resolver_new(s, interface, protocol, name, type, domain, AVAHI_PROTO_INET6, 0, resolve_callback, s)))
545
fprintf(stderr, "Failed to resolve service '%s': %s\n", name, avahi_strerror(avahi_server_errno(s)));
546
547
break;
548
549
case AVAHI_BROWSER_REMOVE:
550
break;
551
552
case AVAHI_BROWSER_ALL_FOR_NOW:
553
case AVAHI_BROWSER_CACHE_EXHAUSTED:
554
break;
555
}
556
}
557
558
int main(AVAHI_GCC_UNUSED int argc, AVAHI_GCC_UNUSED char*argv[]) {
559
AvahiServerConfig config;
793
560
AvahiSServiceBrowser *sb = NULL;
794
561
int error;
795
562
int ret;
796
int exitcode = EXIT_SUCCESS;
797
const char *interface = "eth0";
798
struct ifreq network;
799
int sd;
800
uid_t uid;
801
gid_t gid;
802
char *connect_to = NULL;
803
AvahiIfIndex if_index = AVAHI_IF_UNSPEC;
804
const char *pubkeyfile = "pubkey.txt";
805
const char *seckeyfile = "seckey.txt";
806
mandos_context mc = { .simple_poll = NULL, .server = NULL,
807
.dh_bits = 1024, .priority = "SECURE256"};
808
bool gnutls_initalized = false;
809
810
{
811
struct argp_option options[] = {
812
{ .name = "debug", .key = 128,
813
.doc = "Debug mode", .group = 3 },
814
{ .name = "connect", .key = 'c',
815
.arg = "IP",
816
.doc = "Connect directly to a sepcified mandos server",
817
.group = 1 },
818
{ .name = "interface", .key = 'i',
819
.arg = "INTERFACE",
820
.doc = "Interface that Avahi will conntect through",
821
.group = 1 },
822
{ .name = "keydir", .key = 'd',
823
.arg = "KEYDIR",
824
.doc = "Directory where the openpgp keyring is",
825
.group = 1 },
826
{ .name = "seckey", .key = 's',
827
.arg = "SECKEY",
828
.doc = "Secret openpgp key for gnutls authentication",
829
.group = 1 },
830
{ .name = "pubkey", .key = 'p',
831
.arg = "PUBKEY",
832
.doc = "Public openpgp key for gnutls authentication",
833
.group = 2 },
834
{ .name = "dh-bits", .key = 129,
835
.arg = "BITS",
836
.doc = "dh-bits to use in gnutls communication",
837
.group = 2 },
838
{ .name = "priority", .key = 130,
839
.arg = "PRIORITY",
840
.doc = "GNUTLS priority", .group = 1 },
841
{ .name = NULL }
842
};
843
844
845
error_t parse_opt (int key, char *arg,
846
struct argp_state *state) {
847
/* Get the INPUT argument from `argp_parse', which we know is
848
a pointer to our plugin list pointer. */
849
switch (key) {
850
case 128:
851
debug = true;
852
break;
853
case 'c':
854
connect_to = arg;
855
break;
856
case 'i':
857
interface = arg;
858
break;
859
case 'd':
860
keydir = arg;
861
break;
862
case 's':
863
seckeyfile = arg;
864
break;
865
case 'p':
866
pubkeyfile = arg;
867
break;
868
case 129:
869
errno = 0;
870
mc.dh_bits = (unsigned int) strtol(arg, NULL, 10);
871
if (errno){
872
perror("strtol");
873
exit(EXIT_FAILURE);
874
}
875
break;
876
case 130:
877
mc.priority = arg;
878
break;
879
case ARGP_KEY_ARG:
880
argp_usage (state);
881
break;
882
case ARGP_KEY_END:
883
break;
884
default:
885
return ARGP_ERR_UNKNOWN;
886
}
887
return 0;
888
}
889
890
struct argp argp = { .options = options, .parser = parse_opt,
891
.args_doc = "",
892
.doc = "Mandos client -- Get and decrypt"
893
" passwords from mandos server" };
894
argp_parse (&argp, argc, argv, 0, 0, NULL);
895
}
896
897
pubkeyfile = combinepath(keydir, pubkeyfile);
898
if (pubkeyfile == NULL){
899
perror("combinepath");
900
exitcode = EXIT_FAILURE;
901
goto end;
902
}
903
904
seckeyfile = combinepath(keydir, seckeyfile);
905
if (seckeyfile == NULL){
906
perror("combinepath");
907
goto end;
908
}
909
910
ret = init_gnutls_global(&mc, pubkeyfile, seckeyfile);
911
if (ret == -1){
912
fprintf(stderr, "init_gnutls_global\n");
913
goto end;
914
} else {
915
gnutls_initalized = true;
916
}
917
918
uid = getuid();
919
gid = getgid();
920
921
ret = setuid(uid);
922
if (ret == -1){
923
perror("setuid");
924
}
925
926
setgid(gid);
927
if (ret == -1){
928
perror("setgid");
929
}
930
931
if_index = (AvahiIfIndex) if_nametoindex(interface);
932
if(if_index == 0){
933
fprintf(stderr, "No such interface: \"%s\"\n", interface);
934
exit(EXIT_FAILURE);
935
}
936
937
if(connect_to != NULL){
938
/* Connect directly, do not use Zeroconf */
939
/* (Mainly meant for debugging) */
940
char *address = strrchr(connect_to, ':');
941
if(address == NULL){
942
fprintf(stderr, "No colon in address\n");
943
exitcode = EXIT_FAILURE;
944
goto end;
945
}
946
errno = 0;
947
uint16_t port = (uint16_t) strtol(address+1, NULL, 10);
948
if(errno){
949
perror("Bad port number");
950
exitcode = EXIT_FAILURE;
951
goto end;
952
}
953
*address = '\0';
954
address = connect_to;
955
ret = start_mandos_communication(address, port, if_index, &mc);
956
if(ret < 0){
957
exitcode = EXIT_FAILURE;
958
} else {
959
exitcode = EXIT_SUCCESS;
960
}
961
goto end;
962
}
963
964
/* If the interface is down, bring it up */
965
{
966
sd = socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP);
967
if(sd < 0) {
968
perror("socket");
969
exitcode = EXIT_FAILURE;
970
goto end;
971
}
972
strcpy(network.ifr_name, interface); /* Spurious warning */
973
ret = ioctl(sd, SIOCGIFFLAGS, &network);
974
if(ret == -1){
975
perror("ioctl SIOCGIFFLAGS");
976
exitcode = EXIT_FAILURE;
977
goto end;
978
}
979
if((network.ifr_flags & IFF_UP) == 0){
980
network.ifr_flags |= IFF_UP;
981
ret = ioctl(sd, SIOCSIFFLAGS, &network);
982
if(ret == -1){
983
perror("ioctl SIOCSIFFLAGS");
984
exitcode = EXIT_FAILURE;
985
goto end;
986
}
987
}
988
close(sd);
563
int returncode = EXIT_SUCCESS;
564
565
while (true){
566
static struct option long_options[] = {
567
{"debug", no_argument, (int *)&debug, 1},
568
{"interface", required_argument, 0, 'i'},
569
{0, 0, 0, 0} };
570
571
int option_index = 0;
572
ret = getopt_long (argc, argv, "i:", long_options, &option_index);
573
574
if (ret == -1){
575
break;
576
}
577
578
switch(ret){
579
case 0:
580
break;
581
case 'i':
582
interface = optarg;
583
break;
584
default:
585
exit(EXIT_FAILURE);
586
}
989
587
}
990
588
991
589
if (not debug){
992
590
avahi_set_log_function(empty_log);
993
591
}
994
592
995
/* Initialize the pseudo-RNG for Avahi */
996
srand((unsigned int) time(NULL));
997
998
/* Allocate main Avahi loop object */
999
mc.simple_poll = avahi_simple_poll_new();
1000
if (mc.simple_poll == NULL) {
1001
fprintf(stderr, "Avahi: Failed to create simple poll"
1002
" object.\n");
1003
exitcode = EXIT_FAILURE;
1004
goto end;
1005
}
1006
1007
{
1008
AvahiServerConfig config;
1009
/* Do not publish any local Zeroconf records */
1010
avahi_server_config_init(&config);
1011
config.publish_hinfo = 0;
1012
config.publish_addresses = 0;
1013
config.publish_workstation = 0;
1014
config.publish_domain = 0;
1015
1016
/* Allocate a new server */
1017
mc.server = avahi_server_new(avahi_simple_poll_get
1018
(mc.simple_poll), &config, NULL,
1019
NULL, &error);
1020
1021
/* Free the Avahi configuration data */
1022
avahi_server_config_free(&config);
1023
}
1024
1025
/* Check if creating the Avahi server object succeeded */
1026
if (mc.server == NULL) {
1027
fprintf(stderr, "Failed to create Avahi server: %s\n",
1028
avahi_strerror(error));
1029
exitcode = EXIT_FAILURE;
1030
goto end;
1031
}
1032
1033
/* Create the Avahi service browser */
1034
sb = avahi_s_service_browser_new(mc.server, if_index,
1035
AVAHI_PROTO_INET6,
1036
"_mandos._tcp", NULL, 0,
1037
browse_callback, &mc);
1038
if (sb == NULL) {
1039
fprintf(stderr, "Failed to create service browser: %s\n",
1040
avahi_strerror(avahi_server_errno(mc.server)));
1041
exitcode = EXIT_FAILURE;
1042
goto end;
593
/* Initialize the psuedo-RNG */
594
srand(time(NULL));
595
596
/* Allocate main loop object */
597
if (!(simple_poll = avahi_simple_poll_new())) {
598
fprintf(stderr, "Failed to create simple poll object.\n");
599
600
goto exit;
601
}
602
603
/* Do not publish any local records */
604
avahi_server_config_init(&config);
605
config.publish_hinfo = 0;
606
config.publish_addresses = 0;
607
config.publish_workstation = 0;
608
config.publish_domain = 0;
609
610
/* Allocate a new server */
611
server = avahi_server_new(avahi_simple_poll_get(simple_poll), &config, NULL, NULL, &error);
612
613
/* Free the configuration data */
614
avahi_server_config_free(&config);
615
616
/* Check if creating the server object succeeded */
617
if (!server) {
618
fprintf(stderr, "Failed to create server: %s\n", avahi_strerror(error));
619
returncode = EXIT_FAILURE;
620
goto exit;
621
}
622
623
/* Create the service browser */
624
if (!(sb = avahi_s_service_browser_new(server, if_nametoindex("eth0"), AVAHI_PROTO_INET6, "_mandos._tcp", NULL, 0, browse_callback, server))) {
625
fprintf(stderr, "Failed to create service browser: %s\n", avahi_strerror(avahi_server_errno(server)));
626
returncode = EXIT_FAILURE;
627
goto exit;
1043
628
}
1044
629
1045
630
/* Run the main loop */
1046
631
1047
632
if (debug){
1048
fprintf(stderr, "Starting Avahi loop search\n");
633
fprintf(stderr, "Starting avahi loop search\n");
1049
634
}
1050
635
1051
avahi_simple_poll_loop(mc.simple_poll);
636
avahi_simple_poll_loop(simple_poll);
1052
637
1053
end:
638
exit:
1054
639
1055
640
if (debug){
1056
641
fprintf(stderr, "%s exiting\n", argv[0]);
1057
642
}
1058
643
1059
644
/* Cleanup things */
1060
if (sb != NULL)
645
if (sb)
1061
646
avahi_s_service_browser_free(sb);
1062
647
1063
if (mc.server != NULL)
1064
avahi_server_free(mc.server);
1065
1066
if (mc.simple_poll != NULL)
1067
avahi_simple_poll_free(mc.simple_poll);
1068
free(pubkeyfile);
1069
free(seckeyfile);
1070
1071
if (gnutls_initalized){
1072
gnutls_certificate_free_credentials (mc.cred);
1073
gnutls_global_deinit ();
1074
}
1075
1076
return exitcode;
648
if (server)
649
avahi_server_free(server);
650
651
if (simple_poll)
652
avahi_simple_poll_free(simple_poll);
653
654
return returncode;
1077
655
}
Loggerhead is a web-based interface for Breezy
Version: 2.0.2.dev0