/mandos/release : revision 21

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to plugins.d/mandosclient.c

Committer: Teddy Hogeborn
Date: 2008-07-21 15:34:44 UTC
Revision ID: teddy@fukt.bsnet.se-20080721153444-lugbjkj1oq65ugq3

* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
                     $(LANGUAGE).
  (WARN, DEBUG, COVERAGE, LANGUAGE): New.
  (LDFLAGS): New; use $(COVERAGE)

* plugbasedclient.c: Added copyright header.
  (process.buffer_size, process.buffer_length): Changed to "size_t".
  (main): Cast arguments to malloc and realloc.  Detect read errors
          from processes.

* mandosclient.c: Added copyright header.
  (interface): Moved to inside "main".
  (gpg_packet_decrypt): Renamed to "pgp_packet_decrypt"; all callers
                        changed.  Changed "new_packet_capacity" and
                        "new_packet_length" to be ssize_t.  Cast
                        arguments to realloc.
  (debuggnutls): Attribute "level" argument as unused.
  (empty_log): Attribute "level" and "txt" arguments as unused.
  (start_mandos_communication): New argument "if_index".  Bug fix:
                                check ret, no tcp_sd, for errors from
                                setsockopt.  Use "if_index" directly
                                instead of looking up the index.  Loop
                                around fwrite until all data is written.
  (resolve_callback): Attribute "txt", and "flags" as usused.  Added
                      default case to switch.  Also show server host
                      name.  Call start_mandos_communication with
                      "interface".
  (browse_callback): Added default case to switch.
  (main): Variable "interface" moved here.  Cast "srand" argument.
          Bug fix: Call avahi_s_service_browser_new with index of
          "interface", not "eth0".

* passprompt.c: Added copyright header.
  (termination_handler): Attribute "signum" argument as unused.

files added:
ca.pem

cert.pem

client-cert.pem

client-key.pem

crl.pem

key.pem

files removed:
COPYING

initramfs-tools-hook

initramfs-tools-hook-conf

initramfs-tools-script

mandos-clients.conf.xml

mandos-keygen

mandos-keygen.xml

mandos-options.xml

mandos.conf

mandos.conf.xml

mandos.xml

overview.xml

plugin-runner.xml

plugins.d/password-prompt.xml

plugins.d/password-request.xml

plugins.d/usplash

files renamed:
clients.conf => mandos-clients.conf

plugin-runner.c => plugbasedclient.c

plugins.d/password-request.c => plugins.d/mandosclient.c

plugins.d/password-prompt.c => plugins.d/passprompt.c

mandos => server.py

files modified:
Makefile

TODO

Show diffs side-by-side

added added

removed removed

plugins.d/mandosclient.c

* includes the following functions: "resolve_callback",

* "browse_callback", and parts of "main".

* Everything else is

* Påhlsson.

* This program is free software: you can redistribute it and/or

* modify it under the terms of the GNU General Public License as

* along with this program. If not, see

* <http://www.gnu.org/licenses/>.

* Contact the authors at <mandos@fukt.bsnet.se>.

* Contact the authors at <https://www.fukt.bsnet.se/~belorn/> and

* <https://www.fukt.bsnet.se/~teddy/>.

/* Needed by GPGME, specifically gpgme_data_seek() */

#define _FORTIFY_SOURCE 2

#define _LARGEFILE_SOURCE

#define _FILE_OFFSET_BITS 64

#define _GNU_SOURCE /* TEMP_FAILURE_RETRY(), asprintf() */

#include <stdio.h> /* fprintf(), stderr, fwrite(),

stdout, ferror() */

#include <stdint.h> /* uint16_t, uint32_t */

#include <stddef.h> /* NULL, size_t, ssize_t */

#include <stdlib.h> /* free(), EXIT_SUCCESS, EXIT_FAILURE,

srand() */

#include <stdbool.h> /* bool, true */

#include <string.h> /* memset(), strcmp(), strlen(),

strerror(), asprintf(), strcpy() */

#include <sys/ioctl.h> /* ioctl */

#include <sys/types.h> /* socket(), inet_pton(), sockaddr,

sockaddr_in6, PF_INET6,

SOCK_STREAM, INET6_ADDRSTRLEN,

uid_t, gid_t */

#include <inttypes.h> /* PRIu16 */

#include <sys/socket.h> /* socket(), struct sockaddr_in6,

struct in6_addr, inet_pton(),

connect() */

#include <assert.h> /* assert() */

#include <errno.h> /* perror(), errno */

#include <time.h> /* time() */

#include <net/if.h> /* ioctl, ifreq, SIOCGIFFLAGS, IFF_UP,

SIOCSIFFLAGS, if_indextoname(),

if_nametoindex(), IF_NAMESIZE */

#include <unistd.h> /* close(), SEEK_SET, off_t, write(),

getuid(), getgid(), setuid(),

setgid() */

#include <netinet/in.h>

#include <arpa/inet.h> /* inet_pton(), htons */

#include <iso646.h> /* not, and */

#include <argp.h> /* struct argp_option, error_t, struct

argp_state, struct argp,

argp_parse(), ARGP_KEY_ARG,

ARGP_KEY_END, ARGP_ERR_UNKNOWN */

/* Avahi */

/* All Avahi types, constants and functions

Avahi*, avahi_*,

AVAHI_* */

#include <stdio.h>

#include <assert.h>

#include <stdlib.h>

#include <time.h>

#include <net/if.h> /* if_nametoindex */

#include <avahi-core/core.h>

#include <avahi-core/lookup.h>

#include <avahi-core/log.h>

#include <avahi-common/malloc.h>

#include <avahi-common/error.h>

/* GnuTLS */

#include <gnutls/gnutls.h> /* All GnuTLS types, constants and

functions:

gnutls_*

init_gnutls_session(),

GNUTLS_* */

#include <gnutls/openpgp.h> /* gnutls_certificate_set_openpgp_key_file(),

GNUTLS_OPENPGP_FMT_BASE64 */

/* GPGME */

#include <gpgme.h> /* All GPGME types, constants and

functions:

gpgme_*

GPGME_PROTOCOL_OpenPGP,

GPG_ERR_NO_* */

//mandos client part

#include <sys/types.h> /* socket(), setsockopt(),

inet_pton() */

#include <sys/socket.h> /* socket(), setsockopt(),

struct sockaddr_in6,

struct in6_addr, inet_pton() */

#include <gnutls/gnutls.h> /* All GnuTLS stuff */

#include <gnutls/openpgp.h> /* GnuTLS with openpgp stuff */

#include <unistd.h> /* close() */

#include <netinet/in.h>

#include <stdbool.h> /* true */

#include <string.h> /* memset */

#include <arpa/inet.h> /* inet_pton() */

#include <iso646.h> /* not */

// gpgme

#include <errno.h> /* perror() */

#include <gpgme.h>

// getopt long

#include <getopt.h>

#ifndef CERT_ROOT

#define CERT_ROOT "/conf/conf.d/cryptkeyreq/"

#endif

#define CERTFILE CERT_ROOT "openpgp-client.txt"

#define KEYFILE CERT_ROOT "openpgp-client-key.txt"

#define BUFFER_SIZE 256

#define DH_BITS 1024

100

101

bool debug = false;

102

static const char *keydir = "/conf/conf.d/mandos";

103

static const char mandos_protocol_version[] = "1";

104

const char *argp_program_version = "password-request 1.0";

105

const char *argp_program_bug_address = "<mandos@fukt.bsnet.se>";

106

107

/* Used for passing in values through the Avahi callback functions */

108

typedef struct {

109

AvahiSimplePoll *simple_poll;

110

AvahiServer *server;

gnutls_session_t session;

111

gnutls_certificate_credentials_t cred;

112

unsigned int dh_bits;

113

gnutls_dh_params_t dh_params;

114

const char *priority;

115

} mandos_context;

116

117

118

* Make room in "buffer" for at least BUFFER_SIZE additional bytes.

119

* "buffer_capacity" is how much is currently allocated,

120

* "buffer_length" is how much is already used.

121

122

size_t adjustbuffer(char **buffer, size_t buffer_length,

123

size_t buffer_capacity){

124

if (buffer_length + BUFFER_SIZE > buffer_capacity){

125

*buffer = realloc(*buffer, buffer_capacity + BUFFER_SIZE);

126

if (buffer == NULL){

127

return 0;

128

}

129

buffer_capacity += BUFFER_SIZE;

130

}

131

return buffer_capacity;

132

}

133

134

135

* Decrypt OpenPGP data using keyrings in HOMEDIR.

136

* Returns -1 on error

137

138

static ssize_t pgp_packet_decrypt (const char *cryptotext,

139

size_t crypto_size,

140

char **plaintext,

141

const char *homedir){

} encrypted_session;

ssize_t pgp_packet_decrypt (char *packet, size_t packet_size,

char **new_packet, const char *homedir){

142

gpgme_data_t dh_crypto, dh_plain;

143

gpgme_ctx_t ctx;

144

gpgme_error_t rc;

145

ssize_t ret;

146

size_t plaintext_capacity = 0;

147

ssize_t plaintext_length = 0;

ssize_t new_packet_capacity = 0;

ssize_t new_packet_length = 0;

148

gpgme_engine_info_t engine_info;

149

150

100

if (debug){

151

fprintf(stderr, "Trying to decrypt OpenPGP data\n");

101

fprintf(stderr, "Trying to decrypt OpenPGP packet\n");

152

102

}

153

103

154

104

/* Init GPGME */

155

105

gpgme_check_version(NULL);

156

rc = gpgme_engine_check_version(GPGME_PROTOCOL_OpenPGP);

157

if (rc != GPG_ERR_NO_ERROR){

158

fprintf(stderr, "bad gpgme_engine_check_version: %s: %s\n",

159

gpgme_strsource(rc), gpgme_strerror(rc));

160

return -1;

161

}

106

gpgme_engine_check_version(GPGME_PROTOCOL_OpenPGP);

162

107

163

/* Set GPGME home directory for the OpenPGP engine only */

108

/* Set GPGME home directory */

164

109

rc = gpgme_get_engine_info (&engine_info);

165

110

if (rc != GPG_ERR_NO_ERROR){

166

111

fprintf(stderr, "bad gpgme_get_engine_info: %s: %s\n",

176

121

engine_info = engine_info->next;

177

122

}

178

123

if(engine_info == NULL){

179

fprintf(stderr, "Could not set GPGME home dir to %s\n", homedir);

124

fprintf(stderr, "Could not set home dir to %s\n", homedir);

180

125

return -1;

181

126

}

182

127

183

/* Create new GPGME data buffer from memory cryptotext */

184

rc = gpgme_data_new_from_mem(&dh_crypto, cryptotext, crypto_size,

185

0);

128

/* Create new GPGME data buffer from packet buffer */

129

rc = gpgme_data_new_from_mem(&dh_crypto, packet, packet_size, 0);

186

130

if (rc != GPG_ERR_NO_ERROR){

187

131

fprintf(stderr, "bad gpgme_data_new_from_mem: %s: %s\n",

188

132

gpgme_strsource(rc), gpgme_strerror(rc));

194

138

if (rc != GPG_ERR_NO_ERROR){

195

139

fprintf(stderr, "bad gpgme_data_new: %s: %s\n",

196

140

gpgme_strsource(rc), gpgme_strerror(rc));

197

gpgme_data_release(dh_crypto);

198

141

return -1;

199

142

}

200

143

203

146

if (rc != GPG_ERR_NO_ERROR){

204

147

fprintf(stderr, "bad gpgme_new: %s: %s\n",

205

148

gpgme_strsource(rc), gpgme_strerror(rc));

206

plaintext_length = -1;

207

goto decrypt_end;

149

return -1;

208

150

}

209

151

210

/* Decrypt data from the cryptotext data buffer to the plaintext

211

data buffer */

152

/* Decrypt data from the FILE pointer to the plaintext data

153

buffer */

212

154

rc = gpgme_op_decrypt(ctx, dh_crypto, dh_plain);

213

155

if (rc != GPG_ERR_NO_ERROR){

214

156

fprintf(stderr, "bad gpgme_op_decrypt: %s: %s\n",

215

157

gpgme_strsource(rc), gpgme_strerror(rc));

216

plaintext_length = -1;

217

goto decrypt_end;

158

return -1;

218

159

}

219

160

220

161

if(debug){

221

fprintf(stderr, "Decryption of OpenPGP data succeeded\n");

162

fprintf(stderr, "Decryption of OpenPGP packet succeeded\n");

222

163

}

223

164

224

165

if (debug){

225

166

gpgme_decrypt_result_t result;

226

167

result = gpgme_op_decrypt_result(ctx);

229

170

} else {

230

171

fprintf(stderr, "Unsupported algorithm: %s\n",

231

172

result->unsupported_algorithm);

232

fprintf(stderr, "Wrong key usage: %u\n",

173

fprintf(stderr, "Wrong key usage: %d\n",

233

174

result->wrong_key_usage);

234

175

if(result->file_name != NULL){

235

176

fprintf(stderr, "File name: %s\n", result->file_name);

250

191

}

251

192

}

252

193

194

/* Delete the GPGME FILE pointer cryptotext data buffer */

195

gpgme_data_release(dh_crypto);

196

253

197

/* Seek back to the beginning of the GPGME plaintext data buffer */

254

if (gpgme_data_seek(dh_plain, (off_t) 0, SEEK_SET) == -1){

255

perror("pgpme_data_seek");

256

plaintext_length = -1;

257

goto decrypt_end;

258

}

259

260

*plaintext = NULL;

198

gpgme_data_seek(dh_plain, 0, SEEK_SET);

199

200

*new_packet = 0;

261

201

while(true){

262

plaintext_capacity = adjustbuffer(plaintext,

263

(size_t)plaintext_length,

264

plaintext_capacity);

265

if (plaintext_capacity == 0){

266

perror("adjustbuffer");

267

plaintext_length = -1;

268

goto decrypt_end;

202

if (new_packet_length + BUFFER_SIZE > new_packet_capacity){

203

*new_packet = realloc(*new_packet,

204

(unsigned int)new_packet_capacity

205

+ BUFFER_SIZE);

206

if (*new_packet == NULL){

207

perror("realloc");

208

return -1;

209

}

210

new_packet_capacity += BUFFER_SIZE;

269

211

}

270

212

271

ret = gpgme_data_read(dh_plain, *plaintext + plaintext_length,

213

ret = gpgme_data_read(dh_plain, *new_packet + new_packet_length,

272

214

BUFFER_SIZE);

273

215

/* Print the data, if any */

274

216

if (ret == 0){

275

/* EOF */

276

217

break;

277

218

}

278

219

if(ret < 0){

279

220

perror("gpgme_data_read");

280

plaintext_length = -1;

281

goto decrypt_end;

221

return -1;

282

222

}

283

plaintext_length += ret;

223

new_packet_length += ret;

284

224

}

285

225

286

if(debug){

287

fprintf(stderr, "Decrypted password is: ");

288

for(ssize_t i = 0; i < plaintext_length; i++){

289

fprintf(stderr, "%02hhX ", (*plaintext)[i]);

290

}

291

fprintf(stderr, "\n");

292

}

293

294

decrypt_end:

295

296

/* Delete the GPGME cryptotext data buffer */

297

gpgme_data_release(dh_crypto);

226

/* FIXME: check characters before printing to screen so to not print

227

terminal control characters */

228

/* if(debug){ */

229

/* fprintf(stderr, "decrypted password is: "); */

230

/* fwrite(*new_packet, 1, new_packet_length, stderr); */

231

/* fprintf(stderr, "\n"); */

232

/* } */

298

233

299

234

/* Delete the GPGME plaintext data buffer */

300

235

gpgme_data_release(dh_plain);

301

return plaintext_length;

236

return new_packet_length;

302

237

}

303

238

304

239

static const char * safer_gnutls_strerror (int value) {

305

const char *ret = gnutls_strerror (value); /* Spurious warning */

240

const char *ret = gnutls_strerror (value);

306

241

if (ret == NULL)

307

242

ret = "(unknown)";

308

243

return ret;

309

244

}

310

245

311

/* GnuTLS log function callback */

312

static void debuggnutls(__attribute__((unused)) int level,

313

const char* string){

314

fprintf(stderr, "GnuTLS: %s", string);

246

void debuggnutls(__attribute__((unused)) int level,

247

const char* string){

248

fprintf(stderr, "%s", string);

315

249

}

316

250

317

static int init_gnutls_global(mandos_context *mc,

318

const char *pubkeyfilename,

319

const char *seckeyfilename){

251

int initgnutls(encrypted_session *es){

252

const char *err;

320

253

int ret;

321

254

322

255

if(debug){

323

256

fprintf(stderr, "Initializing GnuTLS\n");

324

257

}

325

258

326

ret = gnutls_global_init();

327

if (ret != GNUTLS_E_SUCCESS) {

328

fprintf (stderr, "GnuTLS global_init: %s\n",

329

safer_gnutls_strerror(ret));

259

if ((ret = gnutls_global_init ())

260

!= GNUTLS_E_SUCCESS) {

261

fprintf (stderr, "global_init: %s\n", safer_gnutls_strerror(ret));

330

262

return -1;

331

263

}

332

264

333

265

if (debug){

334

/* "Use a log level over 10 to enable all debugging options."

335

* - GnuTLS manual

336

337

266

gnutls_global_set_log_level(11);

338

267

gnutls_global_set_log_function(debuggnutls);

339

268

}

340

269

341

/* OpenPGP credentials */

342

gnutls_certificate_allocate_credentials(&mc->cred);

343

if (ret != GNUTLS_E_SUCCESS){

344

fprintf (stderr, "GnuTLS memory error: %s\n", /* Spurious

345

warning */

270

/* openpgp credentials */

271

if ((ret = gnutls_certificate_allocate_credentials (&es->cred))

272

!= GNUTLS_E_SUCCESS) {

273

fprintf (stderr, "memory error: %s\n",

346

274

safer_gnutls_strerror(ret));

347

gnutls_global_deinit ();

348

275

return -1;

349

276

}

350

277

351

278

if(debug){

352

279

fprintf(stderr, "Attempting to use OpenPGP certificate %s"

353

" and keyfile %s as GnuTLS credentials\n", pubkeyfilename,

354

seckeyfilename);

280

" and keyfile %s as GnuTLS credentials\n", CERTFILE,

281

KEYFILE);

355

282

}

356

283

357

284

ret = gnutls_certificate_set_openpgp_key_file

358

(mc->cred, pubkeyfilename, seckeyfilename,

359

GNUTLS_OPENPGP_FMT_BASE64);

285

(es->cred, CERTFILE, KEYFILE, GNUTLS_OPENPGP_FMT_BASE64);

360

286

if (ret != GNUTLS_E_SUCCESS) {

361

fprintf(stderr,

362

"Error[%d] while reading the OpenPGP key pair ('%s',"

363

" '%s')\n", ret, pubkeyfilename, seckeyfilename);

364

fprintf(stdout, "The GnuTLS error is: %s\n",

287

fprintf

288

(stderr, "Error[%d] while reading the OpenPGP key pair ('%s',"

289

" '%s')\n",

290

ret, CERTFILE, KEYFILE);

291

fprintf(stdout, "The Error is: %s\n",

365

292

safer_gnutls_strerror(ret));

366

goto globalfail;

367

}

368

369

/* GnuTLS server initialization */

370

ret = gnutls_dh_params_init(&mc->dh_params);

371

if (ret != GNUTLS_E_SUCCESS) {

372

fprintf (stderr, "Error in GnuTLS DH parameter initialization:"

373

" %s\n", safer_gnutls_strerror(ret));

374

goto globalfail;

375

}

376

ret = gnutls_dh_params_generate2(mc->dh_params, mc->dh_bits);

377

if (ret != GNUTLS_E_SUCCESS) {

378

fprintf (stderr, "Error in GnuTLS prime generation: %s\n",

379

safer_gnutls_strerror(ret));

380

goto globalfail;

381

}

382

383

gnutls_certificate_set_dh_params(mc->cred, mc->dh_params);

384

385

return 0;

386

387

globalfail:

388

389

gnutls_certificate_free_credentials(mc->cred);

390

gnutls_global_deinit();

391

return -1;

392

393

}

394

395

static int init_gnutls_session(mandos_context *mc,

396

gnutls_session_t *session){

397

int ret;

398

/* GnuTLS session creation */

399

ret = gnutls_init(session, GNUTLS_SERVER);

400

if (ret != GNUTLS_E_SUCCESS){

293

return -1;

294

}

295

296

//GnuTLS server initialization

297

if ((ret = gnutls_dh_params_init (&es->dh_params))

298

!= GNUTLS_E_SUCCESS) {

299

fprintf (stderr, "Error in dh parameter initialization: %s\n",

300

safer_gnutls_strerror(ret));

301

return -1;

302

}

303

304

if ((ret = gnutls_dh_params_generate2 (es->dh_params, DH_BITS))

305

!= GNUTLS_E_SUCCESS) {

306

fprintf (stderr, "Error in prime generation: %s\n",

307

safer_gnutls_strerror(ret));

308

return -1;

309

}

310

311

gnutls_certificate_set_dh_params (es->cred, es->dh_params);

312

313

// GnuTLS session creation

314

if ((ret = gnutls_init (&es->session, GNUTLS_SERVER))

315

!= GNUTLS_E_SUCCESS){

401

316

fprintf(stderr, "Error in GnuTLS session initialization: %s\n",

402

317

safer_gnutls_strerror(ret));

403

318

}

404

319

405

{

406

const char *err;

407

ret = gnutls_priority_set_direct(*session, mc->priority, &err);

408

if (ret != GNUTLS_E_SUCCESS) {

409

fprintf(stderr, "Syntax error at: %s\n", err);

410

fprintf(stderr, "GnuTLS error: %s\n",

411

safer_gnutls_strerror(ret));

412

gnutls_deinit (*session);

413

return -1;

414

}

320

if ((ret = gnutls_priority_set_direct (es->session, "NORMAL", &err))

321

!= GNUTLS_E_SUCCESS) {

322

fprintf(stderr, "Syntax error at: %s\n", err);

323

fprintf(stderr, "GnuTLS error: %s\n",

324

safer_gnutls_strerror(ret));

325

return -1;

415

326

}

416

327

417

ret = gnutls_credentials_set(*session, GNUTLS_CRD_CERTIFICATE,

418

mc->cred);

419

if (ret != GNUTLS_E_SUCCESS) {

420

fprintf(stderr, "Error setting GnuTLS credentials: %s\n",

328

if ((ret = gnutls_credentials_set

329

(es->session, GNUTLS_CRD_CERTIFICATE, es->cred))

330

!= GNUTLS_E_SUCCESS) {

331

fprintf(stderr, "Error setting a credentials set: %s\n",

421

332

safer_gnutls_strerror(ret));

422

gnutls_deinit (*session);

423

333

return -1;

424

334

}

425

335

426

336

/* ignore client certificate if any. */

427

gnutls_certificate_server_set_request (*session,

337

gnutls_certificate_server_set_request (es->session,

428

338

GNUTLS_CERT_IGNORE);

429

339

430

gnutls_dh_set_prime_bits (*session, mc->dh_bits);

340

gnutls_dh_set_prime_bits (es->session, DH_BITS);

431

341

432

342

return 0;

433

343

}

434

344

435

/* Avahi log function callback */

436

static void empty_log(__attribute__((unused)) AvahiLogLevel level,

437

__attribute__((unused)) const char *txt){}

345

void empty_log(__attribute__((unused)) AvahiLogLevel level,

346

__attribute__((unused)) const char *txt){}

438

347

439

/* Called when a Mandos server is found */

440

static int start_mandos_communication(const char *ip, uint16_t port,

441

AvahiIfIndex if_index,

442

mandos_context *mc){

348

int start_mandos_communication(char *ip, uint16_t port,

349

unsigned int if_index){

443

350

int ret, tcp_sd;

444

union { struct sockaddr in; struct sockaddr_in6 in6; } to;

351

struct sockaddr_in6 to;

352

encrypted_session es;

445

353

char *buffer = NULL;

446

354

char *decrypted_buffer;

447

355

size_t buffer_length = 0;

448

356

size_t buffer_capacity = 0;

449

357

ssize_t decrypted_buffer_size;

450

size_t written;

451

358

int retval = 0;

452

359

char interface[IF_NAMESIZE];

453

gnutls_session_t session;

454

455

ret = init_gnutls_session (mc, &session);

456

if (ret != 0){

457

return -1;

458

}

459

360

460

361

if(debug){

461

fprintf(stderr, "Setting up a tcp connection to %s, port %" PRIu16

462

"\n", ip, port);

362

fprintf(stderr, "Setting up a tcp connection to %s\n", ip);

463

363

}

464

364

465

365

tcp_sd = socket(PF_INET6, SOCK_STREAM, 0);

467

367

perror("socket");

468

368

return -1;

469

369

}

470

471

if(debug){

472

if(if_indextoname((unsigned int)if_index, interface) == NULL){

370

371

if(if_indextoname(if_index, interface) == NULL){

372

if(debug){

473

373

perror("if_indextoname");

474

return -1;

475

374

}

375

return -1;

376

}

377

378

if(debug){

476

379

fprintf(stderr, "Binding to interface %s\n", interface);

477

380

}

478

381

479

memset(&to, 0, sizeof(to));

480

to.in6.sin6_family = AF_INET6;

481

/* It would be nice to have a way to detect if we were passed an

482

IPv4 address here. Now we assume an IPv6 address. */

483

ret = inet_pton(AF_INET6, ip, &to.in6.sin6_addr);

382

ret = setsockopt(tcp_sd, SOL_SOCKET, SO_BINDTODEVICE, interface, 5);

383

if(ret < 0) {

384

perror("setsockopt bindtodevice");

385

return -1;

386

}

387

388

memset(&to,0,sizeof(to));

389

to.sin6_family = AF_INET6;

390

ret = inet_pton(AF_INET6, ip, &to.sin6_addr);

484

391

if (ret < 0 ){

485

392

perror("inet_pton");

486

393

return -1;

487

}

394

}

488

395

if(ret == 0){

489

396

fprintf(stderr, "Bad address: %s\n", ip);

490

397

return -1;

491

398

}

492

to.in6.sin6_port = htons(port); /* Spurious warning */

399

/* Spurious warnings for the next line, see for instance

400

<http://bugs.debian.org/488884> */

401

to.sin6_port = htons(port);

493

402

494

to.in6.sin6_scope_id = (uint32_t)if_index;

403

to.sin6_scope_id = (uint32_t)if_index;

495

404

496

405

if(debug){

497

fprintf(stderr, "Connection to: %s, port %" PRIu16 "\n", ip,

498

port);

499

char addrstr[INET6_ADDRSTRLEN] = "";

500

if(inet_ntop(to.in6.sin6_family, &(to.in6.sin6_addr), addrstr,

501

sizeof(addrstr)) == NULL){

502

perror("inet_ntop");

503

} else {

504

if(strcmp(addrstr, ip) != 0){

505

fprintf(stderr, "Canonical address form: %s\n", addrstr);

506

}

507

}

406

fprintf(stderr, "Connection to: %s\n", ip);

508

407

}

509

408

510

ret = connect(tcp_sd, &to.in, sizeof(to));

409

ret = connect(tcp_sd, (struct sockaddr *) &to, sizeof(to));

511

410

if (ret < 0){

512

411

perror("connect");

513

412

return -1;

514

413

}

515

516

const char *out = mandos_protocol_version;

517

written = 0;

518

while (true){

519

size_t out_size = strlen(out);

520

ret = TEMP_FAILURE_RETRY(write(tcp_sd, out + written,

521

out_size - written));

522

if (ret == -1){

523

perror("write");

524

retval = -1;

525

goto mandos_end;

526

}

527

written += (size_t)ret;

528

if(written < out_size){

529

continue;

530

} else {

531

if (out == mandos_protocol_version){

532

written = 0;

533

out = "\r\n";

534

} else {

535

break;

536

}

537

}

414

415

ret = initgnutls (&es);

416

if (ret != 0){

417

retval = -1;

418

return -1;

538

419

}

539

420

421

gnutls_transport_set_ptr (es.session,

422

(gnutls_transport_ptr_t) tcp_sd);

423

540

424

if(debug){

541

425

fprintf(stderr, "Establishing TLS session with %s\n", ip);

542

426

}

543

427

544

gnutls_transport_set_ptr (session, (gnutls_transport_ptr_t) tcp_sd);

545

546

do{

547

ret = gnutls_handshake (session);

548

} while(ret == GNUTLS_E_AGAIN or ret == GNUTLS_E_INTERRUPTED);

428

ret = gnutls_handshake (es.session);

549

429

550

430

if (ret != GNUTLS_E_SUCCESS){

551

if(debug){

552

fprintf(stderr, "*** GnuTLS Handshake failed ***\n");

553

gnutls_perror (ret);

554

}

431

fprintf(stderr, "\n*** Handshake failed ***\n");

432

gnutls_perror (ret);

555

433

retval = -1;

556

goto mandos_end;

434

goto exit;

557

435

}

558

436

559

/* Read OpenPGP packet that contains the wanted password */

437

//Retrieve OpenPGP packet that contains the wanted password

560

438

561

439

if(debug){

562

440

fprintf(stderr, "Retrieving pgp encrypted password from %s\n",

564

442

}

565

443

566

444

while(true){

567

buffer_capacity = adjustbuffer(&buffer, buffer_length,

568

buffer_capacity);

569

if (buffer_capacity == 0){

570

perror("adjustbuffer");

571

retval = -1;

572

goto mandos_end;

445

if (buffer_length + BUFFER_SIZE > buffer_capacity){

446

buffer = realloc(buffer, buffer_capacity + BUFFER_SIZE);

447

if (buffer == NULL){

448

perror("realloc");

449

goto exit;

450

}

451

buffer_capacity += BUFFER_SIZE;

573

452

}

574

453

575

ret = gnutls_record_recv(session, buffer+buffer_length,

576

BUFFER_SIZE);

454

ret = gnutls_record_recv

455

(es.session, buffer+buffer_length, BUFFER_SIZE);

577

456

if (ret == 0){

578

457

break;

579

458

}

583

462

case GNUTLS_E_AGAIN:

584

463

break;

585

464

case GNUTLS_E_REHANDSHAKE:

586

do{

587

ret = gnutls_handshake (session);

588

} while(ret == GNUTLS_E_AGAIN or ret == GNUTLS_E_INTERRUPTED);

465

ret = gnutls_handshake (es.session);

589

466

if (ret < 0){

590

fprintf(stderr, "*** GnuTLS Re-handshake failed ***\n");

467

fprintf(stderr, "\n*** Handshake failed ***\n");

591

468

gnutls_perror (ret);

592

469

retval = -1;

593

goto mandos_end;

470

goto exit;

594

471

}

595

472

break;

596

473

default:

597

474

fprintf(stderr, "Unknown error while reading data from"

598

" encrypted session with Mandos server\n");

475

" encrypted session with mandos server\n");

599

476

retval = -1;

600

gnutls_bye (session, GNUTLS_SHUT_RDWR);

601

goto mandos_end;

477

gnutls_bye (es.session, GNUTLS_SHUT_RDWR);

478

goto exit;

602

479

}

603

480

} else {

604

481

buffer_length += (size_t) ret;

605

482

}

606

483

}

607

484

608

if(debug){

609

fprintf(stderr, "Closing TLS session\n");

610

}

611

612

gnutls_bye (session, GNUTLS_SHUT_RDWR);

613

614

485

if (buffer_length > 0){

615

486

decrypted_buffer_size = pgp_packet_decrypt(buffer,

616

487

buffer_length,

617

488

&decrypted_buffer,

618

keydir);

489

CERT_ROOT);

619

490

if (decrypted_buffer_size >= 0){

620

written = 0;

621

while(written < (size_t) decrypted_buffer_size){

622

ret = (int)fwrite (decrypted_buffer + written, 1,

623

(size_t)decrypted_buffer_size - written,

624

stdout);

491

while(decrypted_buffer_size > 0){

492

ret = fwrite (decrypted_buffer, 1, (size_t)decrypted_buffer_size,

493

stdout);

625

494

if(ret == 0 and ferror(stdout)){

626

495

if(debug){

627

496

fprintf(stderr, "Error writing encrypted data: %s\n",

630

499

retval = -1;

631

500

break;

632

501

}

633

written += (size_t)ret;

502

decrypted_buffer += ret;

503

decrypted_buffer_size -= ret;

634

504

}

635

505

free(decrypted_buffer);

636

506

} else {

637

507

retval = -1;

638

508

}

639

509

}

640

641

/* Shutdown procedure */

642

643

mandos_end:

510

511

//shutdown procedure

512

513

if(debug){

514

fprintf(stderr, "Closing TLS session\n");

515

}

516

644

517

free(buffer);

518

gnutls_bye (es.session, GNUTLS_SHUT_RDWR);

519

exit:

645

520

close(tcp_sd);

646

gnutls_deinit (session);

521

gnutls_deinit (es.session);

522

gnutls_certificate_free_credentials (es.cred);

523

gnutls_global_deinit ();

647

524

return retval;

648

525

}

649

526

650

static void resolve_callback(AvahiSServiceResolver *r,

651

AvahiIfIndex interface,

652

AVAHI_GCC_UNUSED AvahiProtocol protocol,

653

AvahiResolverEvent event,

654

const char *name,

655

const char *type,

656

const char *domain,

657

const char *host_name,

658

const AvahiAddress *address,

659

uint16_t port,

660

AVAHI_GCC_UNUSED AvahiStringList *txt,

661

AVAHI_GCC_UNUSED AvahiLookupResultFlags

662

flags,

663

void* userdata) {

664

mandos_context *mc = userdata;

527

static AvahiSimplePoll *simple_poll = NULL;

528

static AvahiServer *server = NULL;

529

530

static void resolve_callback(

531

AvahiSServiceResolver *r,

532

AVAHI_GCC_UNUSED AvahiIfIndex interface,

533

AVAHI_GCC_UNUSED AvahiProtocol protocol,

534

AvahiResolverEvent event,

535

const char *name,

536

const char *type,

537

const char *domain,

538

const char *host_name,

539

const AvahiAddress *address,

540

uint16_t port,

541

AVAHI_GCC_UNUSED AvahiStringList *txt,

542

AVAHI_GCC_UNUSED AvahiLookupResultFlags flags,

543

AVAHI_GCC_UNUSED void* userdata) {

544

665

545

assert(r);

666

546

667

547

/* Called whenever a service has been resolved successfully or

668

548

timed out */

669

549

670

550

switch (event) {

671

551

default:

672

552

case AVAHI_RESOLVER_FAILURE:

673

fprintf(stderr, "(Avahi Resolver) Failed to resolve service '%s'"

674

" of type '%s' in domain '%s': %s\n", name, type, domain,

675

avahi_strerror(avahi_server_errno(mc->server)));

553

fprintf(stderr, "(Resolver) Failed to resolve service '%s' of"

554

" type '%s' in domain '%s': %s\n", name, type, domain,

555

avahi_strerror(avahi_server_errno(server)));

676

556

break;

677

557

678

558

case AVAHI_RESOLVER_FOUND:

679

559

{

680

560

char ip[AVAHI_ADDRESS_STR_MAX];

681

561

avahi_address_snprint(ip, sizeof(ip), address);

682

562

if(debug){

683

fprintf(stderr, "Mandos server \"%s\" found on %s (%s, %"

684

PRIu16 ") on port %d\n", name, host_name, ip,

685

interface, port);

563

fprintf(stderr, "Mandos server found on %s (%s) on port %d\n",

564

host_name, ip, port);

686

565

}

687

int ret = start_mandos_communication(ip, port, interface, mc);

566

int ret = start_mandos_communication(ip, port,

567

(unsigned int)

568

interface);

688

569

if (ret == 0){

689

avahi_simple_poll_quit(mc->simple_poll);

570

exit(EXIT_SUCCESS);

571

} else {

572

exit(EXIT_FAILURE);

690

573

}

691

574

}

692

575

}

693

576

avahi_s_service_resolver_free(r);

694

577

}

695

578

696

static void browse_callback( AvahiSServiceBrowser *b,

697

AvahiIfIndex interface,

698

AvahiProtocol protocol,

699

AvahiBrowserEvent event,

700

const char *name,

701

const char *type,

702

const char *domain,

703

AVAHI_GCC_UNUSED AvahiLookupResultFlags

704

flags,

705

void* userdata) {

706

mandos_context *mc = userdata;

707

assert(b);

708

709

/* Called whenever a new services becomes available on the LAN or

710

is removed from the LAN */

711

712

switch (event) {

713

default:

714

case AVAHI_BROWSER_FAILURE:

715

716

fprintf(stderr, "(Avahi browser) %s\n",

717

avahi_strerror(avahi_server_errno(mc->server)));

718

avahi_simple_poll_quit(mc->simple_poll);

719

return;

720

721

case AVAHI_BROWSER_NEW:

722

/* We ignore the returned Avahi resolver object. In the callback

723

function we free it. If the Avahi server is terminated before

724

the callback function is called the Avahi server will free the

725

resolver for us. */

726

727

if (!(avahi_s_service_resolver_new(mc->server, interface,

728

protocol, name, type, domain,

729

AVAHI_PROTO_INET6, 0,

730

resolve_callback, mc)))

731

fprintf(stderr, "Avahi: Failed to resolve service '%s': %s\n",

732

name, avahi_strerror(avahi_server_errno(mc->server)));

733

break;

734

735

case AVAHI_BROWSER_REMOVE:

736

break;

737

738

case AVAHI_BROWSER_ALL_FOR_NOW:

739

case AVAHI_BROWSER_CACHE_EXHAUSTED:

740

if(debug){

741

fprintf(stderr, "No Mandos server found, still searching...\n");

579

static void browse_callback(

580

AvahiSServiceBrowser *b,

581

AvahiIfIndex interface,

582

AvahiProtocol protocol,

583

AvahiBrowserEvent event,

584

const char *name,

585

const char *type,

586

const char *domain,

587

AVAHI_GCC_UNUSED AvahiLookupResultFlags flags,

588

void* userdata) {

589

590

AvahiServer *s = userdata;

591

assert(b);

592

593

/* Called whenever a new services becomes available on the LAN or

594

is removed from the LAN */

595

596

switch (event) {

597

default:

598

case AVAHI_BROWSER_FAILURE:

599

600

fprintf(stderr, "(Browser) %s\n",

601

avahi_strerror(avahi_server_errno(server)));

602

avahi_simple_poll_quit(simple_poll);

603

return;

604

605

case AVAHI_BROWSER_NEW:

606

/* We ignore the returned resolver object. In the callback

607

function we free it. If the server is terminated before

608

the callback function is called the server will free

609

the resolver for us. */

610

611

if (!(avahi_s_service_resolver_new(s, interface, protocol, name,

612

type, domain,

613

AVAHI_PROTO_INET6, 0,

614

resolve_callback, s)))

615

fprintf(stderr, "Failed to resolve service '%s': %s\n", name,

616

avahi_strerror(avahi_server_errno(s)));

617

break;

618

619

case AVAHI_BROWSER_REMOVE:

620

break;

621

622

case AVAHI_BROWSER_ALL_FOR_NOW:

623

case AVAHI_BROWSER_CACHE_EXHAUSTED:

624

break;

742

625

}

743

break;

744

}

745

}

746

747

/* Combines file name and path and returns the malloced new

748

string. some sane checks could/should be added */

749

static char *combinepath(const char *first, const char *second){

750

char *tmp;

751

int ret = asprintf(&tmp, "%s/%s", first, second);

752

if(ret < 0){

753

return NULL;

754

}

755

return tmp;

756

}

757

758

759

int main(int argc, char *argv[]){

626

}

627

628

int main(AVAHI_GCC_UNUSED int argc, AVAHI_GCC_UNUSED char*argv[]) {

629

AvahiServerConfig config;

760

630

AvahiSServiceBrowser *sb = NULL;

761

631

int error;

762

632

int ret;

763

int exitcode = EXIT_SUCCESS;

633

int returncode = EXIT_SUCCESS;

764

634

const char *interface = "eth0";

765

struct ifreq network;

766

int sd;

767

uid_t uid;

768

gid_t gid;

769

char *connect_to = NULL;

770

AvahiIfIndex if_index = AVAHI_IF_UNSPEC;

771

char *pubkeyfilename = NULL;

772

char *seckeyfilename = NULL;

773

const char *pubkeyname = "pubkey.txt";

774

const char *seckeyname = "seckey.txt";

775

mandos_context mc = { .simple_poll = NULL, .server = NULL,

776

.dh_bits = 1024, .priority = "SECURE256"};

777

bool gnutls_initalized = false;

778

779

{

780

struct argp_option options[] = {

781

{ .name = "debug", .key = 128,

782

.doc = "Debug mode", .group = 3 },

783

{ .name = "connect", .key = 'c',

784

.arg = "IP",

785

.doc = "Connect directly to a sepcified mandos server",

786

.group = 1 },

787

{ .name = "interface", .key = 'i',

788

.arg = "INTERFACE",

789

.doc = "Interface that Avahi will conntect through",

790

.group = 1 },

791

{ .name = "keydir", .key = 'd',

792

.arg = "KEYDIR",

793

.doc = "Directory where the openpgp keyring is",

794

.group = 1 },

795

{ .name = "seckey", .key = 's',

796

.arg = "SECKEY",

797

.doc = "Secret openpgp key for gnutls authentication",

798

.group = 1 },

799

{ .name = "pubkey", .key = 'p',

800

.arg = "PUBKEY",

801

.doc = "Public openpgp key for gnutls authentication",

802

.group = 2 },

803

{ .name = "dh-bits", .key = 129,

804

.arg = "BITS",

805

.doc = "dh-bits to use in gnutls communication",

806

.group = 2 },

807

{ .name = "priority", .key = 130,

808

.arg = "PRIORITY",

809

.doc = "GNUTLS priority", .group = 1 },

810

{ .name = NULL }

811

};

812

813

814

error_t parse_opt (int key, char *arg,

815

struct argp_state *state) {

816

/* Get the INPUT argument from `argp_parse', which we know is

817

a pointer to our plugin list pointer. */

818

switch (key) {

819

case 128:

820

debug = true;

821

break;

822

case 'c':

823

connect_to = arg;

824

break;

825

case 'i':

826

interface = arg;

827

break;

828

case 'd':

829

keydir = arg;

830

break;

831

case 's':

832

seckeyname = arg;

833

break;

834

case 'p':

835

pubkeyname = arg;

836

break;

837

case 129:

838

errno = 0;

839

mc.dh_bits = (unsigned int) strtol(arg, NULL, 10);

840

if (errno){

841

perror("strtol");

842

exit(EXIT_FAILURE);

843

}

844

break;

845

case 130:

846

mc.priority = arg;

847

break;

848

case ARGP_KEY_ARG:

849

argp_usage (state);

850

case ARGP_KEY_END:

851

break;

852

default:

853

return ARGP_ERR_UNKNOWN;

854

}

855

return 0;

856

}

857

858

struct argp argp = { .options = options, .parser = parse_opt,

859

.args_doc = "",

860

.doc = "Mandos client -- Get and decrypt"

861

" passwords from mandos server" };

862

ret = argp_parse (&argp, argc, argv, 0, 0, NULL);

863

if (ret == ARGP_ERR_UNKNOWN){

864

fprintf(stderr, "Unknown error while parsing arguments\n");

865

exitcode = EXIT_FAILURE;

866

goto end;

867

}

868

}

869

870

pubkeyfilename = combinepath(keydir, pubkeyname);

871

if (pubkeyfilename == NULL){

872

perror("combinepath");

873

exitcode = EXIT_FAILURE;

874

goto end;

875

}

876

877

seckeyfilename = combinepath(keydir, seckeyname);

878

if (seckeyfilename == NULL){

879

perror("combinepath");

880

exitcode = EXIT_FAILURE;

881

goto end;

882

}

883

884

ret = init_gnutls_global(&mc, pubkeyfilename, seckeyfilename);

885

if (ret == -1){

886

fprintf(stderr, "init_gnutls_global failed\n");

887

exitcode = EXIT_FAILURE;

888

goto end;

889

} else {

890

gnutls_initalized = true;

891

}

892

893

/* If the interface is down, bring it up */

894

{

895

sd = socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP);

896

if(sd < 0) {

897

perror("socket");

898

exitcode = EXIT_FAILURE;

899

goto end;

900

}

901

strcpy(network.ifr_name, interface);

902

ret = ioctl(sd, SIOCGIFFLAGS, &network);

903

if(ret == -1){

904

perror("ioctl SIOCGIFFLAGS");

905

exitcode = EXIT_FAILURE;

906

goto end;

907

}

908

if((network.ifr_flags & IFF_UP) == 0){

909

network.ifr_flags |= IFF_UP;

910

ret = ioctl(sd, SIOCSIFFLAGS, &network);

911

if(ret == -1){

912

perror("ioctl SIOCSIFFLAGS");

913

exitcode = EXIT_FAILURE;

914

goto end;

915

}

916

}

917

close(sd);

918

}

919

920

uid = getuid();

921

gid = getgid();

922

923

ret = setuid(uid);

924

if (ret == -1){

925

perror("setuid");

926

}

927

928

setgid(gid);

929

if (ret == -1){

930

perror("setgid");

931

}

932

933

if_index = (AvahiIfIndex) if_nametoindex(interface);

934

if(if_index == 0){

935

fprintf(stderr, "No such interface: \"%s\"\n", interface);

936

exit(EXIT_FAILURE);

937

}

938

939

if(connect_to != NULL){

940

/* Connect directly, do not use Zeroconf */

941

/* (Mainly meant for debugging) */

942

char *address = strrchr(connect_to, ':');

943

if(address == NULL){

944

fprintf(stderr, "No colon in address\n");

945

exitcode = EXIT_FAILURE;

946

goto end;

947

}

948

errno = 0;

949

uint16_t port = (uint16_t) strtol(address+1, NULL, 10);

950

if(errno){

951

perror("Bad port number");

952

exitcode = EXIT_FAILURE;

953

goto end;

954

}

955

*address = '\0';

956

address = connect_to;

957

ret = start_mandos_communication(address, port, if_index, &mc);

958

if(ret < 0){

959

exitcode = EXIT_FAILURE;

960

} else {

961

exitcode = EXIT_SUCCESS;

962

}

963

goto end;

635

636

while (true){

637

static struct option long_options[] = {

638

{"debug", no_argument, (int *)&debug, 1},

639

{"interface", required_argument, 0, 'i'},

640

{0, 0, 0, 0} };

641

642

int option_index = 0;

643

ret = getopt_long (argc, argv, "i:", long_options,

644

&option_index);

645

646

if (ret == -1){

647

break;

648

}

649

650

switch(ret){

651

case 0:

652

break;

653

case 'i':

654

interface = optarg;

655

break;

656

default:

657

exit(EXIT_FAILURE);

658

}

964

659

}

965

660

966

661

if (not debug){

967

662

avahi_set_log_function(empty_log);

968

663

}

969

664

970

/* Initialize the pseudo-RNG for Avahi */

665

/* Initialize the psuedo-RNG */

971

666

srand((unsigned int) time(NULL));

972

973

/* Allocate main Avahi loop object */

974

mc.simple_poll = avahi_simple_poll_new();

975

if (mc.simple_poll == NULL) {

976

fprintf(stderr, "Avahi: Failed to create simple poll"

977

" object.\n");

978

exitcode = EXIT_FAILURE;

979

goto end;

980

}

981

982

{

983

AvahiServerConfig config;

984

/* Do not publish any local Zeroconf records */

985

avahi_server_config_init(&config);

986

config.publish_hinfo = 0;

987

config.publish_addresses = 0;

988

config.publish_workstation = 0;

989

config.publish_domain = 0;

990

991

/* Allocate a new server */

992

mc.server = avahi_server_new(avahi_simple_poll_get

993

(mc.simple_poll), &config, NULL,

994

NULL, &error);

995

996

/* Free the Avahi configuration data */

997

avahi_server_config_free(&config);

998

}

999

1000

/* Check if creating the Avahi server object succeeded */

1001

if (mc.server == NULL) {

1002

fprintf(stderr, "Failed to create Avahi server: %s\n",

667

668

/* Allocate main loop object */

669

if (!(simple_poll = avahi_simple_poll_new())) {

670

fprintf(stderr, "Failed to create simple poll object.\n");

671

672

goto exit;

673

}

674

675

/* Do not publish any local records */

676

avahi_server_config_init(&config);

677

config.publish_hinfo = 0;

678

config.publish_addresses = 0;

679

config.publish_workstation = 0;

680

config.publish_domain = 0;

681

682

/* Allocate a new server */

683

server = avahi_server_new(avahi_simple_poll_get(simple_poll),

684

&config, NULL, NULL, &error);

685

686

/* Free the configuration data */

687

avahi_server_config_free(&config);

688

689

/* Check if creating the server object succeeded */

690

if (!server) {

691

fprintf(stderr, "Failed to create server: %s\n",

1003

692

avahi_strerror(error));

1004

exitcode = EXIT_FAILURE;

1005

goto end;

693

returncode = EXIT_FAILURE;

694

goto exit;

1006

695

}

1007

696

1008

/* Create the Avahi service browser */

1009

sb = avahi_s_service_browser_new(mc.server, if_index,

697

/* Create the service browser */

698

sb = avahi_s_service_browser_new(server,

699

(AvahiIfIndex)

700

if_nametoindex(interface),

1010

701

AVAHI_PROTO_INET6,

1011

702

"_mandos._tcp", NULL, 0,

1012

browse_callback, &mc);

1013

if (sb == NULL) {

703

browse_callback, server);

704

if (!sb) {

1014

705

fprintf(stderr, "Failed to create service browser: %s\n",

1015

avahi_strerror(avahi_server_errno(mc.server)));

1016

exitcode = EXIT_FAILURE;

1017

goto end;

706

avahi_strerror(avahi_server_errno(server)));

707

returncode = EXIT_FAILURE;

708

goto exit;

1018

709

}

1019

710

1020

711

/* Run the main loop */

1021

712

1022

713

if (debug){

1023

fprintf(stderr, "Starting Avahi loop search\n");

714

fprintf(stderr, "Starting avahi loop search\n");

1024

715

}

1025

716

1026

avahi_simple_poll_loop(mc.simple_poll);

717

avahi_simple_poll_loop(simple_poll);

1027

718

1028

end:

719

exit:

1029

720

1030

721

if (debug){

1031

722

fprintf(stderr, "%s exiting\n", argv[0]);

1032

723

}

1033

724

1034

725

/* Cleanup things */

1035

if (sb != NULL)

726

if (sb)

1036

727

avahi_s_service_browser_free(sb);

1037

728

1038

if (mc.server != NULL)

1039

avahi_server_free(mc.server);

1040

1041

if (mc.simple_poll != NULL)

1042

avahi_simple_poll_free(mc.simple_poll);

1043

free(pubkeyfilename);

1044

free(seckeyfilename);

1045

1046

if (gnutls_initalized){

1047

gnutls_certificate_free_credentials(mc.cred);

1048

gnutls_global_deinit ();

1049

}

1050

1051

return exitcode;

729

if (server)

730

avahi_server_free(server);

731

732

if (simple_poll)

733

avahi_simple_poll_free(simple_poll);

734

735

return returncode;

1052

736

}

Older »