To get this branch, use:
bzr branch
http://bzr.recompile.se/loggerhead/mandos/release
« back to all changes in this revision
Viewing changes to plugins.d/mandos-client.c
- browse files at revision 237.2.26
- compare with another revision
- download diff
- download tarball
- view history from revision 237.2.26
- Committer: Teddy Hogeborn
- Date: 2009-01-12 22:02:33 UTC
- mto: (24.1.123 mandos) (237.4.2 mandos-pipe-ipc) (299.1.1 release) (300.1.1 release) (301.1.1 release)
- mto: This revision was merged to the branch mainline in revision 245.
- Revision ID: teddy@fukt.bsnet.se-20090112220233-lawxo4uvyzb38u1f
* README (The Plugin System): Removed redundant text about options and
files for the plugins, this is now
documented in the manuals for the
plugins.
* plugins.d/mandos-client.c (main): Remove comment which was copied
from another program by mistake.
Use "sscanf" instead of "strtol"
to parse numbers; this uses the
correct type instead of casting.
Don't report errors when removing
temporary directory if directory
is already gone.
files for the plugins, this is now
documented in the manuals for the
plugins.
* plugins.d/mandos-client.c (main): Remove comment which was copied
from another program by mistake.
Use "sscanf" instead of "strtol"
to parse numbers; this uses the
correct type instead of casting.
Don't report errors when removing
temporary directory if directory
is already gone.
- files added:
- .bzr-builddeb
- debian
- debian/po
- files removed:
- ca.pem
- files renamed:
- server.py => mandos
- server.conf => mandos.conf
- plugbasedclient.c => plugin-runner.c
- plugins.d/mandosclient.c => plugins.d/mandos-client.c
- plugins.d/passprompt.c => plugins.d/password-prompt.c
- files modified:
- Makefile
added
removed
plugins.d/mandos-client.c
1
1
/* -*- coding: utf-8 -*- */
2
2
/*
3
* Mandos client - get and decrypt data from a Mandos server
3
* Mandos-client - get and decrypt data from a Mandos server
4
4
*
5
5
* This program is partly derived from an example program for an Avahi
6
6
* service browser, downloaded from
9
9
* "browse_callback", and parts of "main".
10
10
*
11
11
* Everything else is
12
* Copyright © 2007-2008 Teddy Hogeborn & Björn Påhlsson
12
* Copyright © 2008,2009 Teddy Hogeborn
13
* Copyright © 2008,2009 Björn Påhlsson
13
14
*
14
15
* This program is free software: you can redistribute it and/or
15
16
* modify it under the terms of the GNU General Public License as
32
33
#define _LARGEFILE_SOURCE
33
34
#define _FILE_OFFSET_BITS 64
34
35
35
#include <stdio.h>
36
#include <assert.h>
37
#include <stdlib.h>
38
#include <time.h>
39
#include <net/if.h> /* if_nametoindex */
40
#include <sys/ioctl.h> /* ioctl, ifreq, SIOCGIFFLAGS, IFF_UP,
41
SIOCSIFFLAGS */
36
#define _GNU_SOURCE /* TEMP_FAILURE_RETRY(), asprintf() */
37
38
#include <stdio.h> /* fprintf(), stderr, fwrite(),
39
stdout, ferror(), sscanf */
40
#include <stdint.h> /* uint16_t, uint32_t */
41
#include <stddef.h> /* NULL, size_t, ssize_t */
42
#include <stdlib.h> /* free(), EXIT_SUCCESS, EXIT_FAILURE,
43
srand() */
44
#include <stdbool.h> /* bool, true */
45
#include <string.h> /* memset(), strcmp(), strlen(),
46
strerror(), asprintf(), strcpy() */
47
#include <sys/ioctl.h> /* ioctl */
48
#include <sys/types.h> /* socket(), inet_pton(), sockaddr,
49
sockaddr_in6, PF_INET6,
50
SOCK_STREAM, INET6_ADDRSTRLEN,
51
uid_t, gid_t, open(), opendir(), DIR */
52
#include <sys/stat.h> /* open() */
53
#include <sys/socket.h> /* socket(), struct sockaddr_in6,
54
struct in6_addr, inet_pton(),
55
connect() */
56
#include <fcntl.h> /* open() */
57
#include <dirent.h> /* opendir(), struct dirent, readdir() */
58
#include <inttypes.h> /* PRIu16, SCNu16 */
59
#include <assert.h> /* assert() */
60
#include <errno.h> /* perror(), errno */
61
#include <time.h> /* time() */
42
62
#include <net/if.h> /* ioctl, ifreq, SIOCGIFFLAGS, IFF_UP,
43
SIOCSIFFLAGS */
63
SIOCSIFFLAGS, if_indextoname(),
64
if_nametoindex(), IF_NAMESIZE */
65
#include <netinet/in.h>
66
#include <unistd.h> /* close(), SEEK_SET, off_t, write(),
67
getuid(), getgid(), setuid(),
68
setgid() */
69
#include <arpa/inet.h> /* inet_pton(), htons */
70
#include <iso646.h> /* not, and, or */
71
#include <argp.h> /* struct argp_option, error_t, struct
72
argp_state, struct argp,
73
argp_parse(), ARGP_KEY_ARG,
74
ARGP_KEY_END, ARGP_ERR_UNKNOWN */
44
75
76
/* Avahi */
77
/* All Avahi types, constants and functions
78
Avahi*, avahi_*,
79
AVAHI_* */
45
80
#include <avahi-core/core.h>
46
81
#include <avahi-core/lookup.h>
47
82
#include <avahi-core/log.h>
49
84
#include <avahi-common/malloc.h>
50
85
#include <avahi-common/error.h>
51
86
52
//mandos client part
53
#include <sys/types.h> /* socket(), inet_pton() */
54
#include <sys/socket.h> /* socket(), struct sockaddr_in6,
55
struct in6_addr, inet_pton() */
56
#include <gnutls/gnutls.h> /* All GnuTLS stuff */
57
#include <gnutls/openpgp.h> /* GnuTLS with openpgp stuff */
58
59
#include <unistd.h> /* close() */
60
#include <netinet/in.h>
61
#include <stdbool.h> /* true */
62
#include <string.h> /* memset */
63
#include <arpa/inet.h> /* inet_pton() */
64
#include <iso646.h> /* not */
65
66
// gpgme
67
#include <errno.h> /* perror() */
68
#include <gpgme.h>
69
70
// getopt_long
71
#include <getopt.h>
87
/* GnuTLS */
88
#include <gnutls/gnutls.h> /* All GnuTLS types, constants and
89
functions:
90
gnutls_*
91
init_gnutls_session(),
92
GNUTLS_* */
93
#include <gnutls/openpgp.h> /* gnutls_certificate_set_openpgp_key_file(),
94
GNUTLS_OPENPGP_FMT_BASE64 */
95
96
/* GPGME */
97
#include <gpgme.h> /* All GPGME types, constants and
98
functions:
99
gpgme_*
100
GPGME_PROTOCOL_OpenPGP,
101
GPG_ERR_NO_* */
72
102
73
103
#define BUFFER_SIZE 256
74
104
75
static const char *keydir = "/conf/conf.d/mandos";
76
static const char *pubkeyfile = "pubkey.txt";
77
static const char *seckeyfile = "seckey.txt";
105
#define PATHDIR "/conf/conf.d/mandos"
106
#define SECKEY "seckey.txt"
107
#define PUBKEY "pubkey.txt"
78
108
79
109
bool debug = false;
110
static const char mandos_protocol_version[] = "1";
111
const char *argp_program_version = "mandos-client " VERSION;
112
const char *argp_program_bug_address = "<mandos@fukt.bsnet.se>";
80
113
81
/* Used for passing in values through all the callback functions */
114
/* Used for passing in values through the Avahi callback functions */
82
115
typedef struct {
83
116
AvahiSimplePoll *simple_poll;
84
117
AvahiServer *server;
85
118
gnutls_certificate_credentials_t cred;
86
119
unsigned int dh_bits;
120
gnutls_dh_params_t dh_params;
87
121
const char *priority;
122
gpgme_ctx_t ctx;
88
123
} mandos_context;
89
124
125
/*
126
* Make room in "buffer" for at least BUFFER_SIZE additional bytes.
127
* "buffer_capacity" is how much is currently allocated,
128
* "buffer_length" is how much is already used.
129
*/
130
size_t adjustbuffer(char **buffer, size_t buffer_length,
131
size_t buffer_capacity){
132
if (buffer_length + BUFFER_SIZE > buffer_capacity){
133
*buffer = realloc(*buffer, buffer_capacity + BUFFER_SIZE);
134
if (buffer == NULL){
135
return 0;
136
}
137
buffer_capacity += BUFFER_SIZE;
138
}
139
return buffer_capacity;
140
}
141
90
142
/*
91
* Decrypt OpenPGP data using keyrings in HOMEDIR.
92
* Returns -1 on error
143
* Initialize GPGME.
93
144
*/
94
static ssize_t pgp_packet_decrypt (const char *cryptotext,
95
size_t crypto_size,
96
char **plaintext,
97
const char *homedir){
98
gpgme_data_t dh_crypto, dh_plain;
99
gpgme_ctx_t ctx;
145
static bool init_gpgme(mandos_context *mc, const char *seckey,
146
const char *pubkey, const char *tempdir){
147
int ret;
100
148
gpgme_error_t rc;
101
ssize_t ret;
102
ssize_t plaintext_capacity = 0;
103
ssize_t plaintext_length = 0;
104
149
gpgme_engine_info_t engine_info;
105
150
151
152
/*
153
* Helper function to insert pub and seckey to the enigne keyring.
154
*/
155
bool import_key(const char *filename){
156
int fd;
157
gpgme_data_t pgp_data;
158
159
fd = (int)TEMP_FAILURE_RETRY(open(filename, O_RDONLY));
160
if(fd == -1){
161
perror("open");
162
return false;
163
}
164
165
rc = gpgme_data_new_from_fd(&pgp_data, fd);
166
if (rc != GPG_ERR_NO_ERROR){
167
fprintf(stderr, "bad gpgme_data_new_from_fd: %s: %s\n",
168
gpgme_strsource(rc), gpgme_strerror(rc));
169
return false;
170
}
171
172
rc = gpgme_op_import(mc->ctx, pgp_data);
173
if (rc != GPG_ERR_NO_ERROR){
174
fprintf(stderr, "bad gpgme_op_import: %s: %s\n",
175
gpgme_strsource(rc), gpgme_strerror(rc));
176
return false;
177
}
178
179
ret = (int)TEMP_FAILURE_RETRY(close(fd));
180
if(ret == -1){
181
perror("close");
182
}
183
gpgme_data_release(pgp_data);
184
return true;
185
}
186
106
187
if (debug){
107
fprintf(stderr, "Trying to decrypt OpenPGP data\n");
188
fprintf(stderr, "Initialize gpgme\n");
108
189
}
109
190
110
191
/* Init GPGME */
113
194
if (rc != GPG_ERR_NO_ERROR){
114
195
fprintf(stderr, "bad gpgme_engine_check_version: %s: %s\n",
115
196
gpgme_strsource(rc), gpgme_strerror(rc));
116
return -1;
197
return false;
117
198
}
118
199
119
/* Set GPGME home directory for the OpenPGP engine only */
200
/* Set GPGME home directory for the OpenPGP engine only */
120
201
rc = gpgme_get_engine_info (&engine_info);
121
202
if (rc != GPG_ERR_NO_ERROR){
122
203
fprintf(stderr, "bad gpgme_get_engine_info: %s: %s\n",
123
204
gpgme_strsource(rc), gpgme_strerror(rc));
124
return -1;
205
return false;
125
206
}
126
207
while(engine_info != NULL){
127
208
if(engine_info->protocol == GPGME_PROTOCOL_OpenPGP){
128
209
gpgme_set_engine_info(GPGME_PROTOCOL_OpenPGP,
129
engine_info->file_name, homedir);
210
engine_info->file_name, tempdir);
130
211
break;
131
212
}
132
213
engine_info = engine_info->next;
133
214
}
134
215
if(engine_info == NULL){
135
fprintf(stderr, "Could not set GPGME home dir to %s\n", homedir);
136
return -1;
216
fprintf(stderr, "Could not set GPGME home dir to %s\n", tempdir);
217
return false;
218
}
219
220
/* Create new GPGME "context" */
221
rc = gpgme_new(&(mc->ctx));
222
if (rc != GPG_ERR_NO_ERROR){
223
fprintf(stderr, "bad gpgme_new: %s: %s\n",
224
gpgme_strsource(rc), gpgme_strerror(rc));
225
return false;
226
}
227
228
if (not import_key(pubkey) or not import_key(seckey)){
229
return false;
230
}
231
232
return true;
233
}
234
235
/*
236
* Decrypt OpenPGP data.
237
* Returns -1 on error
238
*/
239
static ssize_t pgp_packet_decrypt (const mandos_context *mc,
240
const char *cryptotext,
241
size_t crypto_size,
242
char **plaintext){
243
gpgme_data_t dh_crypto, dh_plain;
244
gpgme_error_t rc;
245
ssize_t ret;
246
size_t plaintext_capacity = 0;
247
ssize_t plaintext_length = 0;
248
249
if (debug){
250
fprintf(stderr, "Trying to decrypt OpenPGP data\n");
137
251
}
138
252
139
253
/* Create new GPGME data buffer from memory cryptotext */
154
268
return -1;
155
269
}
156
270
157
/* Create new GPGME "context" */
158
rc = gpgme_new(&ctx);
159
if (rc != GPG_ERR_NO_ERROR){
160
fprintf(stderr, "bad gpgme_new: %s: %s\n",
161
gpgme_strsource(rc), gpgme_strerror(rc));
162
plaintext_length = -1;
163
goto decrypt_end;
164
}
165
166
271
/* Decrypt data from the cryptotext data buffer to the plaintext
167
272
data buffer */
168
rc = gpgme_op_decrypt(ctx, dh_crypto, dh_plain);
273
rc = gpgme_op_decrypt(mc->ctx, dh_crypto, dh_plain);
169
274
if (rc != GPG_ERR_NO_ERROR){
170
275
fprintf(stderr, "bad gpgme_op_decrypt: %s: %s\n",
171
276
gpgme_strsource(rc), gpgme_strerror(rc));
172
277
plaintext_length = -1;
278
if (debug){
279
gpgme_decrypt_result_t result;
280
result = gpgme_op_decrypt_result(mc->ctx);
281
if (result == NULL){
282
fprintf(stderr, "gpgme_op_decrypt_result failed\n");
283
} else {
284
fprintf(stderr, "Unsupported algorithm: %s\n",
285
result->unsupported_algorithm);
286
fprintf(stderr, "Wrong key usage: %u\n",
287
result->wrong_key_usage);
288
if(result->file_name != NULL){
289
fprintf(stderr, "File name: %s\n", result->file_name);
290
}
291
gpgme_recipient_t recipient;
292
recipient = result->recipients;
293
if(recipient){
294
while(recipient != NULL){
295
fprintf(stderr, "Public key algorithm: %s\n",
296
gpgme_pubkey_algo_name(recipient->pubkey_algo));
297
fprintf(stderr, "Key ID: %s\n", recipient->keyid);
298
fprintf(stderr, "Secret key available: %s\n",
299
recipient->status == GPG_ERR_NO_SECKEY
300
? "No" : "Yes");
301
recipient = recipient->next;
302
}
303
}
304
}
305
}
173
306
goto decrypt_end;
174
307
}
175
308
177
310
fprintf(stderr, "Decryption of OpenPGP data succeeded\n");
178
311
}
179
312
180
if (debug){
181
gpgme_decrypt_result_t result;
182
result = gpgme_op_decrypt_result(ctx);
183
if (result == NULL){
184
fprintf(stderr, "gpgme_op_decrypt_result failed\n");
185
} else {
186
fprintf(stderr, "Unsupported algorithm: %s\n",
187
result->unsupported_algorithm);
188
fprintf(stderr, "Wrong key usage: %d\n",
189
result->wrong_key_usage);
190
if(result->file_name != NULL){
191
fprintf(stderr, "File name: %s\n", result->file_name);
192
}
193
gpgme_recipient_t recipient;
194
recipient = result->recipients;
195
if(recipient){
196
while(recipient != NULL){
197
fprintf(stderr, "Public key algorithm: %s\n",
198
gpgme_pubkey_algo_name(recipient->pubkey_algo));
199
fprintf(stderr, "Key ID: %s\n", recipient->keyid);
200
fprintf(stderr, "Secret key available: %s\n",
201
recipient->status == GPG_ERR_NO_SECKEY
202
? "No" : "Yes");
203
recipient = recipient->next;
204
}
205
}
206
}
207
}
208
209
313
/* Seek back to the beginning of the GPGME plaintext data buffer */
210
314
if (gpgme_data_seek(dh_plain, (off_t) 0, SEEK_SET) == -1){
211
perror("pgpme_data_seek");
315
perror("gpgme_data_seek");
212
316
plaintext_length = -1;
213
317
goto decrypt_end;
214
318
}
215
319
216
320
*plaintext = NULL;
217
321
while(true){
218
if (plaintext_length + BUFFER_SIZE > plaintext_capacity){
219
*plaintext = realloc(*plaintext,
220
(unsigned int)plaintext_capacity
221
+ BUFFER_SIZE);
222
if (*plaintext == NULL){
223
perror("realloc");
322
plaintext_capacity = adjustbuffer(plaintext,
323
(size_t)plaintext_length,
324
plaintext_capacity);
325
if (plaintext_capacity == 0){
326
perror("adjustbuffer");
224
327
plaintext_length = -1;
225
328
goto decrypt_end;
226
}
227
plaintext_capacity += BUFFER_SIZE;
228
329
}
229
330
230
331
ret = gpgme_data_read(dh_plain, *plaintext + plaintext_length,
241
342
}
242
343
plaintext_length += ret;
243
344
}
244
345
245
346
if(debug){
246
347
fprintf(stderr, "Decrypted password is: ");
247
for(size_t i = 0; i < plaintext_length; i++){
348
for(ssize_t i = 0; i < plaintext_length; i++){
248
349
fprintf(stderr, "%02hhX ", (*plaintext)[i]);
249
350
}
250
351
fprintf(stderr, "\n");
261
362
}
262
363
263
364
static const char * safer_gnutls_strerror (int value) {
264
const char *ret = gnutls_strerror (value);
365
const char *ret = gnutls_strerror (value); /* Spurious warning */
265
366
if (ret == NULL)
266
367
ret = "(unknown)";
267
368
return ret;
268
369
}
269
370
371
/* GnuTLS log function callback */
270
372
static void debuggnutls(__attribute__((unused)) int level,
271
373
const char* string){
272
fprintf(stderr, "%s", string);
374
fprintf(stderr, "GnuTLS: %s", string);
273
375
}
274
376
275
static int initgnutls(mandos_context *mc, gnutls_session_t *session,
276
gnutls_dh_params_t *dh_params){
277
const char *err;
377
static int init_gnutls_global(mandos_context *mc,
378
const char *pubkeyfilename,
379
const char *seckeyfilename){
278
380
int ret;
279
381
280
382
if(debug){
281
383
fprintf(stderr, "Initializing GnuTLS\n");
282
384
}
283
284
if ((ret = gnutls_global_init ())
285
!= GNUTLS_E_SUCCESS) {
286
fprintf (stderr, "global_init: %s\n", safer_gnutls_strerror(ret));
385
386
ret = gnutls_global_init();
387
if (ret != GNUTLS_E_SUCCESS) {
388
fprintf (stderr, "GnuTLS global_init: %s\n",
389
safer_gnutls_strerror(ret));
287
390
return -1;
288
391
}
289
392
290
393
if (debug){
394
/* "Use a log level over 10 to enable all debugging options."
395
* - GnuTLS manual
396
*/
291
397
gnutls_global_set_log_level(11);
292
398
gnutls_global_set_log_function(debuggnutls);
293
399
}
294
400
295
/* openpgp credentials */
296
if ((ret = gnutls_certificate_allocate_credentials (&mc->cred))
297
!= GNUTLS_E_SUCCESS) {
298
fprintf (stderr, "memory error: %s\n",
401
/* OpenPGP credentials */
402
gnutls_certificate_allocate_credentials(&mc->cred);
403
if (ret != GNUTLS_E_SUCCESS){
404
fprintf (stderr, "GnuTLS memory error: %s\n", /* Spurious
405
warning */
299
406
safer_gnutls_strerror(ret));
407
gnutls_global_deinit ();
300
408
return -1;
301
409
}
302
410
303
411
if(debug){
304
fprintf(stderr, "Attempting to use OpenPGP certificate %s"
305
" and keyfile %s as GnuTLS credentials\n", pubkeyfile,
306
seckeyfile);
412
fprintf(stderr, "Attempting to use OpenPGP public key %s and"
413
" secret key %s as GnuTLS credentials\n", pubkeyfilename,
414
seckeyfilename);
307
415
}
308
416
309
417
ret = gnutls_certificate_set_openpgp_key_file
310
(mc->cred, pubkeyfile, seckeyfile, GNUTLS_OPENPGP_FMT_BASE64);
418
(mc->cred, pubkeyfilename, seckeyfilename,
419
GNUTLS_OPENPGP_FMT_BASE64);
311
420
if (ret != GNUTLS_E_SUCCESS) {
312
fprintf
313
(stderr, "Error[%d] while reading the OpenPGP key pair ('%s',"
314
" '%s')\n",
315
ret, pubkeyfile, seckeyfile);
316
fprintf(stdout, "The Error is: %s\n",
421
fprintf(stderr,
422
"Error[%d] while reading the OpenPGP key pair ('%s',"
423
" '%s')\n", ret, pubkeyfilename, seckeyfilename);
424
fprintf(stderr, "The GnuTLS error is: %s\n",
317
425
safer_gnutls_strerror(ret));
318
return -1;
319
}
320
321
//GnuTLS server initialization
322
if ((ret = gnutls_dh_params_init(dh_params))
323
!= GNUTLS_E_SUCCESS) {
324
fprintf (stderr, "Error in dh parameter initialization: %s\n",
325
safer_gnutls_strerror(ret));
326
return -1;
327
}
328
329
if ((ret = gnutls_dh_params_generate2(*dh_params, mc->dh_bits))
330
!= GNUTLS_E_SUCCESS) {
331
fprintf (stderr, "Error in prime generation: %s\n",
332
safer_gnutls_strerror(ret));
333
return -1;
334
}
335
336
gnutls_certificate_set_dh_params(mc->cred, *dh_params);
337
338
// GnuTLS session creation
339
if ((ret = gnutls_init(session, GNUTLS_SERVER))
340
!= GNUTLS_E_SUCCESS){
426
goto globalfail;
427
}
428
429
/* GnuTLS server initialization */
430
ret = gnutls_dh_params_init(&mc->dh_params);
431
if (ret != GNUTLS_E_SUCCESS) {
432
fprintf (stderr, "Error in GnuTLS DH parameter initialization:"
433
" %s\n", safer_gnutls_strerror(ret));
434
goto globalfail;
435
}
436
ret = gnutls_dh_params_generate2(mc->dh_params, mc->dh_bits);
437
if (ret != GNUTLS_E_SUCCESS) {
438
fprintf (stderr, "Error in GnuTLS prime generation: %s\n",
439
safer_gnutls_strerror(ret));
440
goto globalfail;
441
}
442
443
gnutls_certificate_set_dh_params(mc->cred, mc->dh_params);
444
445
return 0;
446
447
globalfail:
448
449
gnutls_certificate_free_credentials(mc->cred);
450
gnutls_global_deinit();
451
gnutls_dh_params_deinit(mc->dh_params);
452
return -1;
453
}
454
455
static int init_gnutls_session(mandos_context *mc,
456
gnutls_session_t *session){
457
int ret;
458
/* GnuTLS session creation */
459
ret = gnutls_init(session, GNUTLS_SERVER);
460
if (ret != GNUTLS_E_SUCCESS){
341
461
fprintf(stderr, "Error in GnuTLS session initialization: %s\n",
342
462
safer_gnutls_strerror(ret));
343
463
}
344
464
345
if ((ret = gnutls_priority_set_direct(*session, mc->priority, &err))
346
!= GNUTLS_E_SUCCESS) {
347
fprintf(stderr, "Syntax error at: %s\n", err);
348
fprintf(stderr, "GnuTLS error: %s\n",
349
safer_gnutls_strerror(ret));
350
return -1;
465
{
466
const char *err;
467
ret = gnutls_priority_set_direct(*session, mc->priority, &err);
468
if (ret != GNUTLS_E_SUCCESS) {
469
fprintf(stderr, "Syntax error at: %s\n", err);
470
fprintf(stderr, "GnuTLS error: %s\n",
471
safer_gnutls_strerror(ret));
472
gnutls_deinit (*session);
473
return -1;
474
}
351
475
}
352
476
353
if ((ret = gnutls_credentials_set(*session, GNUTLS_CRD_CERTIFICATE,
354
mc->cred))
355
!= GNUTLS_E_SUCCESS) {
356
fprintf(stderr, "Error setting a credentials set: %s\n",
477
ret = gnutls_credentials_set(*session, GNUTLS_CRD_CERTIFICATE,
478
mc->cred);
479
if (ret != GNUTLS_E_SUCCESS) {
480
fprintf(stderr, "Error setting GnuTLS credentials: %s\n",
357
481
safer_gnutls_strerror(ret));
482
gnutls_deinit (*session);
358
483
return -1;
359
484
}
360
485
367
492
return 0;
368
493
}
369
494
495
/* Avahi log function callback */
370
496
static void empty_log(__attribute__((unused)) AvahiLogLevel level,
371
497
__attribute__((unused)) const char *txt){}
372
498
499
/* Called when a Mandos server is found */
373
500
static int start_mandos_communication(const char *ip, uint16_t port,
374
501
AvahiIfIndex if_index,
375
502
mandos_context *mc){
376
503
int ret, tcp_sd;
377
struct sockaddr_in6 to;
504
ssize_t sret;
505
union { struct sockaddr in; struct sockaddr_in6 in6; } to;
378
506
char *buffer = NULL;
379
507
char *decrypted_buffer;
380
508
size_t buffer_length = 0;
381
509
size_t buffer_capacity = 0;
382
510
ssize_t decrypted_buffer_size;
383
size_t written = 0;
511
size_t written;
384
512
int retval = 0;
385
513
char interface[IF_NAMESIZE];
386
514
gnutls_session_t session;
387
gnutls_dh_params_t dh_params;
515
516
ret = init_gnutls_session (mc, &session);
517
if (ret != 0){
518
return -1;
519
}
388
520
389
521
if(debug){
390
fprintf(stderr, "Setting up a tcp connection to %s, port %d\n",
391
ip, port);
522
fprintf(stderr, "Setting up a tcp connection to %s, port %" PRIu16
523
"\n", ip, port);
392
524
}
393
525
394
526
tcp_sd = socket(PF_INET6, SOCK_STREAM, 0);
396
528
perror("socket");
397
529
return -1;
398
530
}
399
531
400
532
if(debug){
401
533
if(if_indextoname((unsigned int)if_index, interface) == NULL){
402
534
perror("if_indextoname");
405
537
fprintf(stderr, "Binding to interface %s\n", interface);
406
538
}
407
539
408
memset(&to,0,sizeof(to)); /* Spurious warning */
409
to.sin6_family = AF_INET6;
410
ret = inet_pton(AF_INET6, ip, &to.sin6_addr);
540
memset(&to, 0, sizeof(to));
541
to.in6.sin6_family = AF_INET6;
542
/* It would be nice to have a way to detect if we were passed an
543
IPv4 address here. Now we assume an IPv6 address. */
544
ret = inet_pton(AF_INET6, ip, &to.in6.sin6_addr);
411
545
if (ret < 0 ){
412
546
perror("inet_pton");
413
547
return -1;
416
550
fprintf(stderr, "Bad address: %s\n", ip);
417
551
return -1;
418
552
}
419
to.sin6_port = htons(port); /* Spurious warning */
553
to.in6.sin6_port = htons(port); /* Spurious warning */
420
554
421
to.sin6_scope_id = (uint32_t)if_index;
555
to.in6.sin6_scope_id = (uint32_t)if_index;
422
556
423
557
if(debug){
424
fprintf(stderr, "Connection to: %s, port %d\n", ip, port);
558
fprintf(stderr, "Connection to: %s, port %" PRIu16 "\n", ip,
559
port);
425
560
char addrstr[INET6_ADDRSTRLEN] = "";
426
if(inet_ntop(to.sin6_family, &(to.sin6_addr), addrstr,
561
if(inet_ntop(to.in6.sin6_family, &(to.in6.sin6_addr), addrstr,
427
562
sizeof(addrstr)) == NULL){
428
563
perror("inet_ntop");
429
564
} else {
433
568
}
434
569
}
435
570
436
ret = connect(tcp_sd, (struct sockaddr *) &to, sizeof(to));
571
ret = connect(tcp_sd, &to.in, sizeof(to));
437
572
if (ret < 0){
438
573
perror("connect");
439
574
return -1;
440
575
}
441
576
442
ret = initgnutls (mc, &session, &dh_params);
443
if (ret != 0){
444
retval = -1;
445
return -1;
577
const char *out = mandos_protocol_version;
578
written = 0;
579
while (true){
580
size_t out_size = strlen(out);
581
ret = (int)TEMP_FAILURE_RETRY(write(tcp_sd, out + written,
582
out_size - written));
583
if (ret == -1){
584
perror("write");
585
retval = -1;
586
goto mandos_end;
587
}
588
written += (size_t)ret;
589
if(written < out_size){
590
continue;
591
} else {
592
if (out == mandos_protocol_version){
593
written = 0;
594
out = "\r\n";
595
} else {
596
break;
597
}
598
}
599
}
600
601
if(debug){
602
fprintf(stderr, "Establishing TLS session with %s\n", ip);
446
603
}
447
604
448
605
gnutls_transport_set_ptr (session, (gnutls_transport_ptr_t) tcp_sd);
449
606
450
if(debug){
451
fprintf(stderr, "Establishing TLS session with %s\n", ip);
452
}
453
454
ret = gnutls_handshake (session);
607
do{
608
ret = gnutls_handshake (session);
609
} while(ret == GNUTLS_E_AGAIN or ret == GNUTLS_E_INTERRUPTED);
455
610
456
611
if (ret != GNUTLS_E_SUCCESS){
457
612
if(debug){
458
fprintf(stderr, "\n*** Handshake failed ***\n");
613
fprintf(stderr, "*** GnuTLS Handshake failed ***\n");
459
614
gnutls_perror (ret);
460
615
}
461
616
retval = -1;
462
goto exit;
617
goto mandos_end;
463
618
}
464
619
465
//Retrieve OpenPGP packet that contains the wanted password
620
/* Read OpenPGP packet that contains the wanted password */
466
621
467
622
if(debug){
468
623
fprintf(stderr, "Retrieving pgp encrypted password from %s\n",
469
624
ip);
470
625
}
471
626
472
627
while(true){
473
if (buffer_length + BUFFER_SIZE > buffer_capacity){
474
buffer = realloc(buffer, buffer_capacity + BUFFER_SIZE);
475
if (buffer == NULL){
476
perror("realloc");
477
goto exit;
478
}
479
buffer_capacity += BUFFER_SIZE;
628
buffer_capacity = adjustbuffer(&buffer, buffer_length,
629
buffer_capacity);
630
if (buffer_capacity == 0){
631
perror("adjustbuffer");
632
retval = -1;
633
goto mandos_end;
480
634
}
481
635
482
ret = gnutls_record_recv(session, buffer+buffer_length,
483
BUFFER_SIZE);
484
if (ret == 0){
636
sret = gnutls_record_recv(session, buffer+buffer_length,
637
BUFFER_SIZE);
638
if (sret == 0){
485
639
break;
486
640
}
487
if (ret < 0){
488
switch(ret){
641
if (sret < 0){
642
switch(sret){
489
643
case GNUTLS_E_INTERRUPTED:
490
644
case GNUTLS_E_AGAIN:
491
645
break;
492
646
case GNUTLS_E_REHANDSHAKE:
493
ret = gnutls_handshake (session);
647
do{
648
ret = gnutls_handshake (session);
649
} while(ret == GNUTLS_E_AGAIN or ret == GNUTLS_E_INTERRUPTED);
494
650
if (ret < 0){
495
fprintf(stderr, "\n*** Handshake failed ***\n");
651
fprintf(stderr, "*** GnuTLS Re-handshake failed ***\n");
496
652
gnutls_perror (ret);
497
653
retval = -1;
498
goto exit;
654
goto mandos_end;
499
655
}
500
656
break;
501
657
default:
502
658
fprintf(stderr, "Unknown error while reading data from"
503
" encrypted session with mandos server\n");
659
" encrypted session with Mandos server\n");
504
660
retval = -1;
505
661
gnutls_bye (session, GNUTLS_SHUT_RDWR);
506
goto exit;
662
goto mandos_end;
507
663
}
508
664
} else {
509
buffer_length += (size_t) ret;
665
buffer_length += (size_t) sret;
510
666
}
511
667
}
512
668
669
if(debug){
670
fprintf(stderr, "Closing TLS session\n");
671
}
672
673
gnutls_bye (session, GNUTLS_SHUT_RDWR);
674
513
675
if (buffer_length > 0){
514
decrypted_buffer_size = pgp_packet_decrypt(buffer,
676
decrypted_buffer_size = pgp_packet_decrypt(mc, buffer,
515
677
buffer_length,
516
&decrypted_buffer,
517
keydir);
678
&decrypted_buffer);
518
679
if (decrypted_buffer_size >= 0){
680
written = 0;
519
681
while(written < (size_t) decrypted_buffer_size){
520
682
ret = (int)fwrite (decrypted_buffer + written, 1,
521
683
(size_t)decrypted_buffer_size - written,
534
696
} else {
535
697
retval = -1;
536
698
}
537
}
538
539
//shutdown procedure
540
541
if(debug){
542
fprintf(stderr, "Closing TLS session\n");
543
}
544
699
} else {
700
retval = -1;
701
}
702
703
/* Shutdown procedure */
704
705
mandos_end:
545
706
free(buffer);
546
gnutls_bye (session, GNUTLS_SHUT_RDWR);
547
exit:
548
close(tcp_sd);
707
ret = (int)TEMP_FAILURE_RETRY(close(tcp_sd));
708
if(ret == -1){
709
perror("close");
710
}
549
711
gnutls_deinit (session);
550
gnutls_certificate_free_credentials (mc->cred);
551
gnutls_global_deinit ();
552
712
return retval;
553
713
}
554
714
567
727
flags,
568
728
void* userdata) {
569
729
mandos_context *mc = userdata;
570
assert(r); /* Spurious warning */
730
assert(r);
571
731
572
732
/* Called whenever a service has been resolved successfully or
573
733
timed out */
575
735
switch (event) {
576
736
default:
577
737
case AVAHI_RESOLVER_FAILURE:
578
fprintf(stderr, "(Resolver) Failed to resolve service '%s' of"
579
" type '%s' in domain '%s': %s\n", name, type, domain,
738
fprintf(stderr, "(Avahi Resolver) Failed to resolve service '%s'"
739
" of type '%s' in domain '%s': %s\n", name, type, domain,
580
740
avahi_strerror(avahi_server_errno(mc->server)));
581
741
break;
582
742
585
745
char ip[AVAHI_ADDRESS_STR_MAX];
586
746
avahi_address_snprint(ip, sizeof(ip), address);
587
747
if(debug){
588
fprintf(stderr, "Mandos server \"%s\" found on %s (%s) on"
589
" port %d\n", name, host_name, ip, port);
748
fprintf(stderr, "Mandos server \"%s\" found on %s (%s, %"
749
PRIu16 ") on port %d\n", name, host_name, ip,
750
interface, port);
590
751
}
591
752
int ret = start_mandos_communication(ip, port, interface, mc);
592
753
if (ret == 0){
593
exit(EXIT_SUCCESS);
754
avahi_simple_poll_quit(mc->simple_poll);
594
755
}
595
756
}
596
757
}
608
769
flags,
609
770
void* userdata) {
610
771
mandos_context *mc = userdata;
611
assert(b); /* Spurious warning */
772
assert(b);
612
773
613
774
/* Called whenever a new services becomes available on the LAN or
614
775
is removed from the LAN */
617
778
default:
618
779
case AVAHI_BROWSER_FAILURE:
619
780
620
fprintf(stderr, "(Browser) %s\n",
781
fprintf(stderr, "(Avahi browser) %s\n",
621
782
avahi_strerror(avahi_server_errno(mc->server)));
622
783
avahi_simple_poll_quit(mc->simple_poll);
623
784
return;
624
785
625
786
case AVAHI_BROWSER_NEW:
626
/* We ignore the returned resolver object. In the callback
627
function we free it. If the server is terminated before
628
the callback function is called the server will free
629
the resolver for us. */
787
/* We ignore the returned Avahi resolver object. In the callback
788
function we free it. If the Avahi server is terminated before
789
the callback function is called the Avahi server will free the
790
resolver for us. */
630
791
631
792
if (!(avahi_s_service_resolver_new(mc->server, interface,
632
793
protocol, name, type, domain,
633
794
AVAHI_PROTO_INET6, 0,
634
795
resolve_callback, mc)))
635
fprintf(stderr, "Failed to resolve service '%s': %s\n", name,
636
avahi_strerror(avahi_server_errno(mc->server)));
796
fprintf(stderr, "Avahi: Failed to resolve service '%s': %s\n",
797
name, avahi_strerror(avahi_server_errno(mc->server)));
637
798
break;
638
799
639
800
case AVAHI_BROWSER_REMOVE:
641
802
642
803
case AVAHI_BROWSER_ALL_FOR_NOW:
643
804
case AVAHI_BROWSER_CACHE_EXHAUSTED:
805
if(debug){
806
fprintf(stderr, "No Mandos server found, still searching...\n");
807
}
644
808
break;
645
809
}
646
810
}
647
811
648
/* Combines file name and path and returns the malloced new
649
string. some sane checks could/should be added */
650
static const char *combinepath(const char *first, const char *second){
651
size_t f_len = strlen(first);
652
size_t s_len = strlen(second);
653
char *tmp = malloc(f_len + s_len + 2);
654
if (tmp == NULL){
655
return NULL;
656
}
657
if(f_len > 0){
658
memcpy(tmp, first, f_len); /* Spurious warning */
659
}
660
tmp[f_len] = '/';
661
if(s_len > 0){
662
memcpy(tmp + f_len + 1, second, s_len); /* Spurious warning */
663
}
664
tmp[f_len + 1 + s_len] = '\0';
665
return tmp;
666
}
667
668
669
int main(AVAHI_GCC_UNUSED int argc, AVAHI_GCC_UNUSED char*argv[]) {
670
AvahiServerConfig config;
812
int main(int argc, char *argv[]){
671
813
AvahiSServiceBrowser *sb = NULL;
672
814
int error;
673
815
int ret;
674
int debug_int;
675
int returncode = EXIT_SUCCESS;
816
int exitcode = EXIT_SUCCESS;
676
817
const char *interface = "eth0";
677
818
struct ifreq network;
678
819
int sd;
820
uid_t uid;
821
gid_t gid;
679
822
char *connect_to = NULL;
823
char tempdir[] = "/tmp/mandosXXXXXX";
680
824
AvahiIfIndex if_index = AVAHI_IF_UNSPEC;
825
const char *seckey = PATHDIR "/" SECKEY;
826
const char *pubkey = PATHDIR "/" PUBKEY;
827
681
828
mandos_context mc = { .simple_poll = NULL, .server = NULL,
682
.dh_bits = 1024, .priority = "SECURE256"};
683
684
debug_int = debug ? 1 : 0;
685
while (true){
686
struct option long_options[] = {
687
{"debug", no_argument, &debug_int, 1},
688
{"connect", required_argument, NULL, 'c'},
689
{"interface", required_argument, NULL, 'i'},
690
{"keydir", required_argument, NULL, 'd'},
691
{"seckey", required_argument, NULL, 's'},
692
{"pubkey", required_argument, NULL, 'p'},
693
{"dh-bits", required_argument, NULL, 'D'},
694
{"priority", required_argument, NULL, 'P'},
695
{0, 0, 0, 0} };
696
697
int option_index = 0;
698
ret = getopt_long (argc, argv, "i:", long_options,
699
&option_index);
700
701
if (ret == -1){
702
break;
703
}
704
705
switch(ret){
706
case 0:
707
break;
708
case 'i':
709
interface = optarg;
710
break;
711
case 'c':
712
connect_to = optarg;
713
break;
714
case 'd':
715
keydir = optarg;
716
break;
717
case 'p':
718
pubkeyfile = optarg;
719
break;
720
case 's':
721
seckeyfile = optarg;
722
break;
723
case 'D':
724
errno = 0;
725
mc.dh_bits = (unsigned int) strtol(optarg, NULL, 10);
726
if (errno){
727
perror("strtol");
728
exit(EXIT_FAILURE);
729
}
730
break;
731
case 'P':
732
mc.priority = optarg;
733
break;
734
case '?':
735
default:
736
exit(EXIT_FAILURE);
737
}
738
}
739
debug = debug_int ? true : false;
740
741
pubkeyfile = combinepath(keydir, pubkeyfile);
742
if (pubkeyfile == NULL){
743
perror("combinepath");
744
returncode = EXIT_FAILURE;
745
goto exit;
746
}
747
748
seckeyfile = combinepath(keydir, seckeyfile);
749
if (seckeyfile == NULL){
750
perror("combinepath");
751
goto exit;
829
.dh_bits = 1024, .priority = "SECURE256"
830
":!CTYPE-X.509:+CTYPE-OPENPGP" };
831
bool gnutls_initalized = false;
832
bool gpgme_initalized = false;
833
834
{
835
struct argp_option options[] = {
836
{ .name = "debug", .key = 128,
837
.doc = "Debug mode", .group = 3 },
838
{ .name = "connect", .key = 'c',
839
.arg = "ADDRESS:PORT",
840
.doc = "Connect directly to a specific Mandos server",
841
.group = 1 },
842
{ .name = "interface", .key = 'i',
843
.arg = "NAME",
844
.doc = "Interface that will be used to search for Mandos"
845
" servers",
846
.group = 1 },
847
{ .name = "seckey", .key = 's',
848
.arg = "FILE",
849
.doc = "OpenPGP secret key file base name",
850
.group = 1 },
851
{ .name = "pubkey", .key = 'p',
852
.arg = "FILE",
853
.doc = "OpenPGP public key file base name",
854
.group = 2 },
855
{ .name = "dh-bits", .key = 129,
856
.arg = "BITS",
857
.doc = "Bit length of the prime number used in the"
858
" Diffie-Hellman key exchange",
859
.group = 2 },
860
{ .name = "priority", .key = 130,
861
.arg = "STRING",
862
.doc = "GnuTLS priority string for the TLS handshake",
863
.group = 1 },
864
{ .name = NULL }
865
};
866
867
error_t parse_opt (int key, char *arg,
868
struct argp_state *state) {
869
switch (key) {
870
case 128: /* --debug */
871
debug = true;
872
break;
873
case 'c': /* --connect */
874
connect_to = arg;
875
break;
876
case 'i': /* --interface */
877
interface = arg;
878
break;
879
case 's': /* --seckey */
880
seckey = arg;
881
break;
882
case 'p': /* --pubkey */
883
pubkey = arg;
884
break;
885
case 129: /* --dh-bits */
886
ret = sscanf(arg, "%u", &mc.dh_bits);
887
if(ret == 0 or mc.dh_bits == 0){
888
fprintf(stderr, "Bad number of DH bits\n");
889
exit(EXIT_FAILURE);
890
}
891
break;
892
case 130: /* --priority */
893
mc.priority = arg;
894
break;
895
case ARGP_KEY_ARG:
896
argp_usage (state);
897
case ARGP_KEY_END:
898
break;
899
default:
900
return ARGP_ERR_UNKNOWN;
901
}
902
return 0;
903
}
904
905
struct argp argp = { .options = options, .parser = parse_opt,
906
.args_doc = "",
907
.doc = "Mandos client -- Get and decrypt"
908
" passwords from a Mandos server" };
909
ret = argp_parse (&argp, argc, argv, 0, 0, NULL);
910
if (ret == ARGP_ERR_UNKNOWN){
911
fprintf(stderr, "Unknown error while parsing arguments\n");
912
exitcode = EXIT_FAILURE;
913
goto end;
914
}
915
}
916
917
/* If the interface is down, bring it up */
918
{
919
sd = socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP);
920
if(sd < 0) {
921
perror("socket");
922
exitcode = EXIT_FAILURE;
923
goto end;
924
}
925
strcpy(network.ifr_name, interface);
926
ret = ioctl(sd, SIOCGIFFLAGS, &network);
927
if(ret == -1){
928
perror("ioctl SIOCGIFFLAGS");
929
exitcode = EXIT_FAILURE;
930
goto end;
931
}
932
if((network.ifr_flags & IFF_UP) == 0){
933
network.ifr_flags |= IFF_UP;
934
ret = ioctl(sd, SIOCSIFFLAGS, &network);
935
if(ret == -1){
936
perror("ioctl SIOCSIFFLAGS");
937
exitcode = EXIT_FAILURE;
938
goto end;
939
}
940
}
941
ret = (int)TEMP_FAILURE_RETRY(close(sd));
942
if(ret == -1){
943
perror("close");
944
}
945
}
946
947
uid = getuid();
948
gid = getgid();
949
950
ret = setuid(uid);
951
if (ret == -1){
952
perror("setuid");
953
}
954
955
setgid(gid);
956
if (ret == -1){
957
perror("setgid");
958
}
959
960
ret = init_gnutls_global(&mc, pubkey, seckey);
961
if (ret == -1){
962
fprintf(stderr, "init_gnutls_global failed\n");
963
exitcode = EXIT_FAILURE;
964
goto end;
965
} else {
966
gnutls_initalized = true;
967
}
968
969
if(mkdtemp(tempdir) == NULL){
970
perror("mkdtemp");
971
tempdir[0] = '\0';
972
goto end;
973
}
974
975
if(not init_gpgme(&mc, pubkey, seckey, tempdir)){
976
fprintf(stderr, "gpgme_initalized failed\n");
977
exitcode = EXIT_FAILURE;
978
goto end;
979
} else {
980
gpgme_initalized = true;
752
981
}
753
982
754
983
if_index = (AvahiIfIndex) if_nametoindex(interface);
763
992
char *address = strrchr(connect_to, ':');
764
993
if(address == NULL){
765
994
fprintf(stderr, "No colon in address\n");
766
exit(EXIT_FAILURE);
995
exitcode = EXIT_FAILURE;
996
goto end;
767
997
}
768
errno = 0;
769
uint16_t port = (uint16_t) strtol(address+1, NULL, 10);
770
if(errno){
771
perror("Bad port number");
772
exit(EXIT_FAILURE);
998
uint16_t port;
999
ret = sscanf(address+1, "%" SCNu16, &port);
1000
if(ret == 0 or port == 0){
1001
fprintf(stderr, "Bad port number\n");
1002
exitcode = EXIT_FAILURE;
1003
goto end;
773
1004
}
774
1005
*address = '\0';
775
1006
address = connect_to;
776
1007
ret = start_mandos_communication(address, port, if_index, &mc);
777
1008
if(ret < 0){
778
exit(EXIT_FAILURE);
1009
exitcode = EXIT_FAILURE;
779
1010
} else {
780
exit(EXIT_SUCCESS);
781
}
782
}
783
784
sd = socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP);
785
if(sd < 0) {
786
perror("socket");
787
returncode = EXIT_FAILURE;
788
goto exit;
789
}
790
strcpy(network.ifr_name, interface); /* Spurious warning */
791
ret = ioctl(sd, SIOCGIFFLAGS, &network);
792
if(ret == -1){
793
794
perror("ioctl SIOCGIFFLAGS");
795
returncode = EXIT_FAILURE;
796
goto exit;
797
}
798
if((network.ifr_flags & IFF_UP) == 0){
799
network.ifr_flags |= IFF_UP;
800
ret = ioctl(sd, SIOCSIFFLAGS, &network);
801
if(ret == -1){
802
perror("ioctl SIOCSIFFLAGS");
803
returncode = EXIT_FAILURE;
804
goto exit;
805
}
806
}
807
close(sd);
1011
exitcode = EXIT_SUCCESS;
1012
}
1013
goto end;
1014
}
808
1015
809
1016
if (not debug){
810
1017
avahi_set_log_function(empty_log);
811
1018
}
812
1019
813
/* Initialize the psuedo-RNG */
1020
/* Initialize the pseudo-RNG for Avahi */
814
1021
srand((unsigned int) time(NULL));
815
816
/* Allocate main loop object */
817
if (!(mc.simple_poll = avahi_simple_poll_new())) {
818
fprintf(stderr, "Failed to create simple poll object.\n");
819
returncode = EXIT_FAILURE;
820
goto exit;
821
}
822
823
/* Do not publish any local records */
824
avahi_server_config_init(&config);
825
config.publish_hinfo = 0;
826
config.publish_addresses = 0;
827
config.publish_workstation = 0;
828
config.publish_domain = 0;
829
830
/* Allocate a new server */
831
mc.server=avahi_server_new(avahi_simple_poll_get(mc.simple_poll),
832
&config, NULL, NULL, &error);
833
834
/* Free the configuration data */
835
avahi_server_config_free(&config);
836
837
/* Check if creating the server object succeeded */
838
if (!mc.server) {
839
fprintf(stderr, "Failed to create server: %s\n",
1022
1023
/* Allocate main Avahi loop object */
1024
mc.simple_poll = avahi_simple_poll_new();
1025
if (mc.simple_poll == NULL) {
1026
fprintf(stderr, "Avahi: Failed to create simple poll"
1027
" object.\n");
1028
exitcode = EXIT_FAILURE;
1029
goto end;
1030
}
1031
1032
{
1033
AvahiServerConfig config;
1034
/* Do not publish any local Zeroconf records */
1035
avahi_server_config_init(&config);
1036
config.publish_hinfo = 0;
1037
config.publish_addresses = 0;
1038
config.publish_workstation = 0;
1039
config.publish_domain = 0;
1040
1041
/* Allocate a new server */
1042
mc.server = avahi_server_new(avahi_simple_poll_get
1043
(mc.simple_poll), &config, NULL,
1044
NULL, &error);
1045
1046
/* Free the Avahi configuration data */
1047
avahi_server_config_free(&config);
1048
}
1049
1050
/* Check if creating the Avahi server object succeeded */
1051
if (mc.server == NULL) {
1052
fprintf(stderr, "Failed to create Avahi server: %s\n",
840
1053
avahi_strerror(error));
841
returncode = EXIT_FAILURE;
842
goto exit;
1054
exitcode = EXIT_FAILURE;
1055
goto end;
843
1056
}
844
1057
845
/* Create the service browser */
1058
/* Create the Avahi service browser */
846
1059
sb = avahi_s_service_browser_new(mc.server, if_index,
847
1060
AVAHI_PROTO_INET6,
848
1061
"_mandos._tcp", NULL, 0,
849
1062
browse_callback, &mc);
850
if (!sb) {
1063
if (sb == NULL) {
851
1064
fprintf(stderr, "Failed to create service browser: %s\n",
852
1065
avahi_strerror(avahi_server_errno(mc.server)));
853
returncode = EXIT_FAILURE;
854
goto exit;
1066
exitcode = EXIT_FAILURE;
1067
goto end;
855
1068
}
856
1069
857
1070
/* Run the main loop */
858
1071
859
1072
if (debug){
860
fprintf(stderr, "Starting avahi loop search\n");
1073
fprintf(stderr, "Starting Avahi loop search\n");
861
1074
}
862
1075
863
1076
avahi_simple_poll_loop(mc.simple_poll);
864
1077
865
exit:
866
1078
end:
1079
867
1080
if (debug){
868
1081
fprintf(stderr, "%s exiting\n", argv[0]);
869
1082
}
870
1083
871
1084
/* Cleanup things */
872
if (sb)
1085
if (sb != NULL)
873
1086
avahi_s_service_browser_free(sb);
874
1087
875
if (mc.server)
1088
if (mc.server != NULL)
876
1089
avahi_server_free(mc.server);
877
878
if (mc.simple_poll)
1090
1091
if (mc.simple_poll != NULL)
879
1092
avahi_simple_poll_free(mc.simple_poll);
880
free(pubkeyfile);
881
free(seckeyfile);
882
883
return returncode;
1093
1094
if (gnutls_initalized){
1095
gnutls_certificate_free_credentials(mc.cred);
1096
gnutls_global_deinit ();
1097
gnutls_dh_params_deinit(mc.dh_params);
1098
}
1099
1100
if(gpgme_initalized){
1101
gpgme_release(mc.ctx);
1102
}
1103
1104
/* Removes the temp directory used by GPGME */
1105
if(tempdir[0] != '\0'){
1106
DIR *d;
1107
struct dirent *direntry;
1108
d = opendir(tempdir);
1109
if(d == NULL){
1110
if(errno != ENOENT){
1111
perror("opendir");
1112
}
1113
} else {
1114
while(true){
1115
direntry = readdir(d);
1116
if(direntry == NULL){
1117
break;
1118
}
1119
if (direntry->d_type == DT_REG){
1120
char *fullname = NULL;
1121
ret = asprintf(&fullname, "%s/%s", tempdir,
1122
direntry->d_name);
1123
if(ret < 0){
1124
perror("asprintf");
1125
continue;
1126
}
1127
ret = unlink(fullname);
1128
if(ret == -1){
1129
fprintf(stderr, "unlink(\"%s\"): %s",
1130
fullname, strerror(errno));
1131
}
1132
free(fullname);
1133
}
1134
}
1135
closedir(d);
1136
}
1137
ret = rmdir(tempdir);
1138
if(ret == -1 and errno != ENOENT){
1139
perror("rmdir");
1140
}
1141
}
1142
1143
return exitcode;
884
1144
}
Loggerhead is a web-based interface for Breezy
Version: 2.0.2.dev0