/mandos/release : revision 237.2.64

42

#include <stddef.h> /* NULL, size_t, ssize_t */

43

#include <stdlib.h> /* free(), EXIT_SUCCESS, EXIT_FAILURE,

44

srand() */

45

#include <stdbool.h> /* bool, false, true */

45

#include <stdbool.h> /* bool, true */

46

#include <string.h> /* memset(), strcmp(), strlen(),

47

strerror(), asprintf(), strcpy() */

48

#include <sys/ioctl.h> /* ioctl */

48

#include <sys/ioctl.h> /* ioctl */

49

#include <sys/types.h> /* socket(), inet_pton(), sockaddr,

50

sockaddr_in6, PF_INET6,

51

SOCK_STREAM, uid_t, gid_t, open(),

52

opendir(), DIR */

51

SOCK_STREAM, INET6_ADDRSTRLEN,

52

uid_t, gid_t, open(), opendir(),

53

DIR */

53

54

#include <sys/stat.h> /* open() */

54

55

#include <sys/socket.h> /* socket(), struct sockaddr_in6,

55

inet_pton(), connect() */

56

struct in6_addr, inet_pton(),

57

connect() */

56

58

#include <fcntl.h> /* open() */

57

59

#include <dirent.h> /* opendir(), struct dirent, readdir()

58

60

*/

63

65

#include <net/if.h> /* ioctl, ifreq, SIOCGIFFLAGS, IFF_UP,

64

66

SIOCSIFFLAGS, if_indextoname(),

65

67

if_nametoindex(), IF_NAMESIZE */

66

#include <netinet/in.h> /* IN6_IS_ADDR_LINKLOCAL,

67

INET_ADDRSTRLEN, INET6_ADDRSTRLEN

68

*/

68

#include <netinet/in.h>

69

#include <unistd.h> /* close(), SEEK_SET, off_t, write(),

70

getuid(), getgid(), setuid(),

71

setgid() */

72

#include <arpa/inet.h> /* inet_pton(), htons */

73

#include <iso646.h> /* not, or, and */

73

#include <iso646.h> /* not, and, or */

74

#include <argp.h> /* struct argp_option, error_t, struct

75

argp_state, struct argp,

76

argp_parse(), ARGP_KEY_ARG,

77

ARGP_KEY_END, ARGP_ERR_UNKNOWN */

78

#include <signal.h> /* sigemptyset(), sigaddset(),

79

sigaction(), SIGTERM, sigaction */

80

81

78

#ifdef __linux__

82

79

#include <sys/klog.h> /* klogctl() */

83

80

#endif

132

129

gpgme_ctx_t ctx;

133

130

} mandos_context;

134

131

135

/* global context so signal handler can reach it*/

136

mandos_context mc;

137

138

132

/*

139

* Make additional room in "buffer" for at least BUFFER_SIZE

140

* additional bytes. "buffer_capacity" is how much is currently

141

* allocated, "buffer_length" is how much is already used.

133

* Make room in "buffer" for at least BUFFER_SIZE additional bytes.

134

* "buffer_capacity" is how much is currently allocated,

135

* "buffer_length" is how much is already used.

142

136

*/

143

size_t incbuffer(char **buffer, size_t buffer_length,

137

size_t adjustbuffer(char **buffer, size_t buffer_length,

144

138

size_t buffer_capacity){

145

139

if(buffer_length + BUFFER_SIZE > buffer_capacity){

146

140

*buffer = realloc(*buffer, buffer_capacity + BUFFER_SIZE);

155

149

/*

156

150

* Initialize GPGME.

157

151

*/

158

static bool init_gpgme(const char *seckey,

152

static bool init_gpgme(mandos_context *mc, const char *seckey,

159

153

const char *pubkey, const char *tempdir){

160

154

int ret;

161

155

gpgme_error_t rc;

182

176

return false;

183

177

}

184

178

185

rc = gpgme_op_import(mc.ctx, pgp_data);

179

rc = gpgme_op_import(mc->ctx, pgp_data);

186

180

if(rc != GPG_ERR_NO_ERROR){

187

181

fprintf(stderr, "bad gpgme_op_import: %s: %s\n",

188

182

gpgme_strsource(rc), gpgme_strerror(rc));

198

192

}

199

193

200

194

if(debug){

201

fprintf(stderr, "Initializing GPGME\n");

195

fprintf(stderr, "Initialize gpgme\n");

202

196

}

203

197

204

198

/* Init GPGME */

231

225

}

232

226

233

227

/* Create new GPGME "context" */

234

rc = gpgme_new(&(mc.ctx));

228

rc = gpgme_new(&(mc->ctx));

235

229

if(rc != GPG_ERR_NO_ERROR){

236

230

fprintf(stderr, "bad gpgme_new: %s: %s\n",

237

231

gpgme_strsource(rc), gpgme_strerror(rc));

249

243

* Decrypt OpenPGP data.

250

244

* Returns -1 on error

251

245

*/

252

static ssize_t pgp_packet_decrypt(const char *cryptotext,

246

static ssize_t pgp_packet_decrypt(const mandos_context *mc,

247

const char *cryptotext,

253

248

size_t crypto_size,

254

249

char **plaintext){

255

250

gpgme_data_t dh_crypto, dh_plain;

282

277

283

278

/* Decrypt data from the cryptotext data buffer to the plaintext

284

279

data buffer */

285

rc = gpgme_op_decrypt(mc.ctx, dh_crypto, dh_plain);

280

rc = gpgme_op_decrypt(mc->ctx, dh_crypto, dh_plain);

286

281

if(rc != GPG_ERR_NO_ERROR){

287

282

fprintf(stderr, "bad gpgme_op_decrypt: %s: %s\n",

288

283

gpgme_strsource(rc), gpgme_strerror(rc));

289

284

plaintext_length = -1;

290

285

if(debug){

291

286

gpgme_decrypt_result_t result;

292

result = gpgme_op_decrypt_result(mc.ctx);

287

result = gpgme_op_decrypt_result(mc->ctx);

293

288

if(result == NULL){

294

289

fprintf(stderr, "gpgme_op_decrypt_result failed\n");

295

290

} else {

331

326

332

327

*plaintext = NULL;

333

328

while(true){

334

plaintext_capacity = incbuffer(plaintext,

329

plaintext_capacity = adjustbuffer(plaintext,

335

330

(size_t)plaintext_length,

336

331

plaintext_capacity);

337

332

if(plaintext_capacity == 0){

338

perror("incbuffer");

333

perror("adjustbuffer");

339

334

plaintext_length = -1;

340

335

goto decrypt_end;

341

336

}

387

382

fprintf(stderr, "GnuTLS: %s", string);

388

383

}

389

384

390

static int init_gnutls_global(const char *pubkeyfilename,

385

static int init_gnutls_global(mandos_context *mc,

386

const char *pubkeyfilename,

391

387

const char *seckeyfilename){

392

388

int ret;

393

389

411

407

}

412

408

413

409

/* OpenPGP credentials */

414

gnutls_certificate_allocate_credentials(&mc.cred);

410

gnutls_certificate_allocate_credentials(&mc->cred);

415

411

if(ret != GNUTLS_E_SUCCESS){

416

412

fprintf(stderr, "GnuTLS memory error: %s\n", /* Spurious warning

417

from

418

-Wunreachable-code

419

*/

413

* from

414

* -Wunreachable-code

415

*/

420

416

safer_gnutls_strerror(ret));

421

417

gnutls_global_deinit();

422

418

return -1;

429

425

}

430

426

431

427

ret = gnutls_certificate_set_openpgp_key_file

432

(mc.cred, pubkeyfilename, seckeyfilename,

428

(mc->cred, pubkeyfilename, seckeyfilename,

433

429

GNUTLS_OPENPGP_FMT_BASE64);

434

430

if(ret != GNUTLS_E_SUCCESS){

435

431

fprintf(stderr,

441

437

}

442

438

443

439

/* GnuTLS server initialization */

444

ret = gnutls_dh_params_init(&mc.dh_params);

440

ret = gnutls_dh_params_init(&mc->dh_params);

445

441

if(ret != GNUTLS_E_SUCCESS){

446

442

fprintf(stderr, "Error in GnuTLS DH parameter initialization:"

447

443

" %s\n", safer_gnutls_strerror(ret));

448

444

goto globalfail;

449

445

}

450

ret = gnutls_dh_params_generate2(mc.dh_params, mc.dh_bits);

446

ret = gnutls_dh_params_generate2(mc->dh_params, mc->dh_bits);

451

447

if(ret != GNUTLS_E_SUCCESS){

452

448

fprintf(stderr, "Error in GnuTLS prime generation: %s\n",

453

449

safer_gnutls_strerror(ret));

454

450

goto globalfail;

455

451

}

456

452

457

gnutls_certificate_set_dh_params(mc.cred, mc.dh_params);

453

gnutls_certificate_set_dh_params(mc->cred, mc->dh_params);

458

454

459

455

return 0;

460

456

461

457

globalfail:

462

458

463

gnutls_certificate_free_credentials(mc.cred);

459

gnutls_certificate_free_credentials(mc->cred);

464

460

gnutls_global_deinit();

465

gnutls_dh_params_deinit(mc.dh_params);

461

gnutls_dh_params_deinit(mc->dh_params);

466

462

return -1;

467

463

}

468

464

469

static int init_gnutls_session(gnutls_session_t *session){

465

static int init_gnutls_session(mandos_context *mc,

466

gnutls_session_t *session){

470

467

int ret;

471

468

/* GnuTLS session creation */

472

469

ret = gnutls_init(session, GNUTLS_SERVER);

477

474

478

475

{

479

476

const char *err;

480

ret = gnutls_priority_set_direct(*session, mc.priority, &err);

477

ret = gnutls_priority_set_direct(*session, mc->priority, &err);

481

478

if(ret != GNUTLS_E_SUCCESS){

482

479

fprintf(stderr, "Syntax error at: %s\n", err);

483

480

fprintf(stderr, "GnuTLS error: %s\n",

488

485

}

489

486

490

487

ret = gnutls_credentials_set(*session, GNUTLS_CRD_CERTIFICATE,

491

mc.cred);

488

mc->cred);

492

489

if(ret != GNUTLS_E_SUCCESS){

493

490

fprintf(stderr, "Error setting GnuTLS credentials: %s\n",

494

491

safer_gnutls_strerror(ret));

500

497

gnutls_certificate_server_set_request(*session,

501

498

GNUTLS_CERT_IGNORE);

502

499

503

gnutls_dh_set_prime_bits(*session, mc.dh_bits);

500

gnutls_dh_set_prime_bits(*session, mc->dh_bits);

504

501

505

502

return 0;

506

503

}

512

509

/* Called when a Mandos server is found */

513

510

static int start_mandos_communication(const char *ip, uint16_t port,

514

511

AvahiIfIndex if_index,

515

int af){

512

mandos_context *mc){

516

513

int ret, tcp_sd;

517

514

ssize_t sret;

518

union {

519

struct sockaddr_in in;

520

struct sockaddr_in6 in6;

521

} to;

515

union { struct sockaddr in; struct sockaddr_in6 in6; } to;

522

516

char *buffer = NULL;

523

517

char *decrypted_buffer;

524

518

size_t buffer_length = 0;

526

520

ssize_t decrypted_buffer_size;

527

521

size_t written;

528

522

int retval = 0;

523

char interface[IF_NAMESIZE];

529

524

gnutls_session_t session;

530

int pf; /* Protocol family */

531

532

switch(af){

533

case AF_INET6:

534

pf = PF_INET6;

535

break;

536

case AF_INET:

537

pf = PF_INET;

538

break;

539

default:

540

fprintf(stderr, "Bad address family: %d\n", af);

541

return -1;

542

}

543

544

ret = init_gnutls_session(&session);

525

526

ret = init_gnutls_session(mc, &session);

545

527

if(ret != 0){

546

528

return -1;

547

529

}

548

530

549

531

if(debug){

550

fprintf(stderr, "Setting up a TCP connection to %s, port %" PRIu16

532

fprintf(stderr, "Setting up a tcp connection to %s, port %" PRIu16

551

533

"\n", ip, port);

552

534

}

553

535

554

tcp_sd = socket(pf, SOCK_STREAM, 0);

536

tcp_sd = socket(PF_INET6, SOCK_STREAM, 0);

555

537

if(tcp_sd < 0){

556

538

perror("socket");

557

539

return -1;

558

540

}

559

541

542

if(debug){

543

if(if_indextoname((unsigned int)if_index, interface) == NULL){

544

perror("if_indextoname");

545

return -1;

546

}

547

fprintf(stderr, "Binding to interface %s\n", interface);

548

}

549

560

550

memset(&to, 0, sizeof(to));

561

if(af == AF_INET6){

562

to.in6.sin6_family = (uint16_t)af;

563

ret = inet_pton(af, ip, &to.in6.sin6_addr);

564

} else { /* IPv4 */

565

to.in.sin_family = (sa_family_t)af;

566

ret = inet_pton(af, ip, &to.in.sin_addr);

567

}

551

to.in6.sin6_family = AF_INET6;

552

/* It would be nice to have a way to detect if we were passed an

553

IPv4 address here. Now we assume an IPv6 address. */

554

ret = inet_pton(AF_INET6, ip, &to.in6.sin6_addr);

568

555

if(ret < 0 ){

569

556

perror("inet_pton");

570

557

return -1;

573

560

fprintf(stderr, "Bad address: %s\n", ip);

574

561

return -1;

575

562

}

576

if(af == AF_INET6){

577

to.in6.sin6_port = htons(port); /* Spurious warnings from

578

-Wconversion and

579

-Wunreachable-code */

580

581

if(IN6_IS_ADDR_LINKLOCAL /* Spurious warnings from */

582

(&to.in6.sin6_addr)){ /* -Wstrict-aliasing=2 or lower and

583

-Wunreachable-code*/

584

if(if_index == AVAHI_IF_UNSPEC){

585

fprintf(stderr, "An IPv6 link-local address is incomplete"

586

" without a network interface\n");

587

return -1;

588

}

589

/* Set the network interface number as scope */

590

to.in6.sin6_scope_id = (uint32_t)if_index;

591

}

592

} else {

593

to.in.sin_port = htons(port); /* Spurious warnings from

563

to.in6.sin6_port = htons(port); /* Spurious warnings from

594

564

-Wconversion and

595

565

-Wunreachable-code */

596

}

566

567

to.in6.sin6_scope_id = (uint32_t)if_index;

597

568

598

569

if(debug){

599

if(af == AF_INET6 and if_index != AVAHI_IF_UNSPEC){

600

char interface[IF_NAMESIZE];

601

if(if_indextoname((unsigned int)if_index, interface) == NULL){

602

perror("if_indextoname");

603

} else {

604

fprintf(stderr, "Connection to: %s%%%s, port %" PRIu16 "\n",

605

ip, interface, port);

606

}

607

} else {

608

fprintf(stderr, "Connection to: %s, port %" PRIu16 "\n", ip,

609

port);

610

}

611

char addrstr[(INET_ADDRSTRLEN > INET6_ADDRSTRLEN) ?

612

INET_ADDRSTRLEN : INET6_ADDRSTRLEN] = "";

613

const char *pcret;

614

if(af == AF_INET6){

615

pcret = inet_ntop(af, &(to.in6.sin6_addr), addrstr,

616

sizeof(addrstr));

617

} else {

618

pcret = inet_ntop(af, &(to.in.sin_addr), addrstr,

619

sizeof(addrstr));

620

}

621

if(pcret == NULL){

570

fprintf(stderr, "Connection to: %s, port %" PRIu16 "\n", ip,

571

port);

572

char addrstr[INET6_ADDRSTRLEN] = "";

573

if(inet_ntop(to.in6.sin6_family, &(to.in6.sin6_addr), addrstr,

574

sizeof(addrstr)) == NULL){

622

575

perror("inet_ntop");

623

576

} else {

624

577

if(strcmp(addrstr, ip) != 0){

627

580

}

628

581

}

629

582

630

if(af == AF_INET6){

631

ret = connect(tcp_sd, &to.in6, sizeof(to));

632

} else {

633

ret = connect(tcp_sd, &to.in, sizeof(to)); /* IPv4 */

634

}

583

ret = connect(tcp_sd, &to.in, sizeof(to));

635

584

if(ret < 0){

636

585

perror("connect");

637

586

return -1;

683

632

/* Read OpenPGP packet that contains the wanted password */

684

633

685

634

if(debug){

686

fprintf(stderr, "Retrieving OpenPGP encrypted password from %s\n",

635

fprintf(stderr, "Retrieving pgp encrypted password from %s\n",

687

636

ip);

688

637

}

689

638

690

639

while(true){

691

buffer_capacity = incbuffer(&buffer, buffer_length,

640

buffer_capacity = adjustbuffer(&buffer, buffer_length,

692

641

buffer_capacity);

693

642

if(buffer_capacity == 0){

694

perror("incbuffer");

643

perror("adjustbuffer");

695

644

retval = -1;

696

645

goto mandos_end;

697

646

}

736

685

gnutls_bye(session, GNUTLS_SHUT_RDWR);

737

686

738

687

if(buffer_length > 0){

739

decrypted_buffer_size = pgp_packet_decrypt(buffer,

688

decrypted_buffer_size = pgp_packet_decrypt(mc, buffer,

740

689

buffer_length,

741

690

&decrypted_buffer);

742

691

if(decrypted_buffer_size >= 0){

777

726

778

727

static void resolve_callback(AvahiSServiceResolver *r,

779

728

AvahiIfIndex interface,

780

AvahiProtocol proto,

729

AVAHI_GCC_UNUSED AvahiProtocol protocol,

781

730

AvahiResolverEvent event,

782

731

const char *name,

783

732

const char *type,

788

737

AVAHI_GCC_UNUSED AvahiStringList *txt,

789

738

AVAHI_GCC_UNUSED AvahiLookupResultFlags

790

739

flags,

791

AVAHI_GCC_UNUSED void* userdata){

740

void* userdata){

741

mandos_context *mc = userdata;

792

742

assert(r);

793

743

794

744

/* Called whenever a service has been resolved successfully or

799

749

case AVAHI_RESOLVER_FAILURE:

800

750

fprintf(stderr, "(Avahi Resolver) Failed to resolve service '%s'"

801

751

" of type '%s' in domain '%s': %s\n", name, type, domain,

802

avahi_strerror(avahi_server_errno(mc.server)));

752

avahi_strerror(avahi_server_errno(mc->server)));

803

753

break;

804

754

805

755

case AVAHI_RESOLVER_FOUND:

811

761

PRIdMAX ") on port %" PRIu16 "\n", name, host_name,

812

762

ip, (intmax_t)interface, port);

813

763

}

814

int ret = start_mandos_communication(ip, port, interface,

815

avahi_proto_to_af(proto));

764

int ret = start_mandos_communication(ip, port, interface, mc);

816

765

if(ret == 0){

817

avahi_simple_poll_quit(mc.simple_poll);

766

avahi_simple_poll_quit(mc->simple_poll);

818

767

}

819

768

}

820

769

}

830

779

const char *domain,

831

780

AVAHI_GCC_UNUSED AvahiLookupResultFlags

832

781

flags,

833

AVAHI_GCC_UNUSED void* userdata){

782

void* userdata){

783

mandos_context *mc = userdata;

834

784

assert(b);

835

785

836

786

/* Called whenever a new services becomes available on the LAN or

841

791

case AVAHI_BROWSER_FAILURE:

842

792

843

793

fprintf(stderr, "(Avahi browser) %s\n",

844

avahi_strerror(avahi_server_errno(mc.server)));

845

avahi_simple_poll_quit(mc.simple_poll);

794

avahi_strerror(avahi_server_errno(mc->server)));

795

avahi_simple_poll_quit(mc->simple_poll);

846

796

return;

847

797

848

798

case AVAHI_BROWSER_NEW:

851

801

the callback function is called the Avahi server will free the

852

802

resolver for us. */

853

803

854

if(!(avahi_s_service_resolver_new(mc.server, interface,

804

if(!(avahi_s_service_resolver_new(mc->server, interface,

855

805

protocol, name, type, domain,

856

806

AVAHI_PROTO_INET6, 0,

857

resolve_callback, NULL)))

807

resolve_callback, mc)))

858

808

fprintf(stderr, "Avahi: Failed to resolve service '%s': %s\n",

859

name, avahi_strerror(avahi_server_errno(mc.server)));

809

name, avahi_strerror(avahi_server_errno(mc->server)));

860

810

break;

861

811

862

812

case AVAHI_BROWSER_REMOVE:

871

821

}

872

822

}

873

823

874

static void handle_sigterm(__attribute__((unused)) int sig){

875

int old_errno = errno;

876

avahi_simple_poll_quit(mc.simple_poll);

877

errno = old_errno;

878

}

879

880

824

int main(int argc, char *argv[]){

881

825

AvahiSServiceBrowser *sb = NULL;

882

826

int error;

896

840

const char *seckey = PATHDIR "/" SECKEY;

897

841

const char *pubkey = PATHDIR "/" PUBKEY;

898

842

899

/* Initialize Mandos context */

900

mc = (mandos_context){ .simple_poll = NULL, .server = NULL,

901

.dh_bits = 1024, .priority = "SECURE256"

902

":!CTYPE-X.509:+CTYPE-OPENPGP" };

843

mandos_context mc = { .simple_poll = NULL, .server = NULL,

844

.dh_bits = 1024, .priority = "SECURE256"

845

":!CTYPE-X.509:+CTYPE-OPENPGP" };

903

846

bool gnutls_initialized = false;

904

847

bool gpgme_initialized = false;

905

848

double delay = 2.5;

906

907

struct sigaction old_sigterm_action;

908

struct sigaction sigterm_action = { .sa_handler = handle_sigterm };

909

849

910

850

{

911

851

struct argp_option options[] = {

917

857

.group = 1 },

918

858

{ .name = "interface", .key = 'i',

919

859

.arg = "NAME",

920

.doc = "Network interface that will be used to search for"

921

" Mandos servers",

860

.doc = "Interface that will be used to search for Mandos"

861

" servers",

922

862

.group = 1 },

923

863

{ .name = "seckey", .key = 's',

924

864

.arg = "FILE",

1004

944

}

1005

945

1006

946

/* If the interface is down, bring it up */

1007

if(interface[0] != '\0'){

947

{

1008

948

#ifdef __linux__

1009

949

/* Lower kernel loglevel to KERN_NOTICE to avoid KERN_INFO

1010

950

messages to mess up the prompt */

1011

951

ret = klogctl(8, NULL, 5);

1012

bool restore_loglevel = true;

1013

952

if(ret == -1){

1014

restore_loglevel = false;

1015

953

perror("klogctl");

1016

954

}

1017

955

#endif

1021

959

perror("socket");

1022

960

exitcode = EXIT_FAILURE;

1023

961

#ifdef __linux__

1024

if(restore_loglevel){

1025

ret = klogctl(7, NULL, 0);

1026

if(ret == -1){

1027

perror("klogctl");

1028

}

962

ret = klogctl(7, NULL, 0);

963

if(ret == -1){

964

perror("klogctl");

1029

965

}

1030

966

#endif

1031

967

goto end;

1035

971

if(ret == -1){

1036

972

perror("ioctl SIOCGIFFLAGS");

1037

973

#ifdef __linux__

1038

if(restore_loglevel){

1039

ret = klogctl(7, NULL, 0);

1040

if(ret == -1){

1041

perror("klogctl");

1042

}

974

ret = klogctl(7, NULL, 0);

975

if(ret == -1){

976

perror("klogctl");

1043

977

}

1044

978

#endif

1045

979

exitcode = EXIT_FAILURE;

1052

986

perror("ioctl SIOCSIFFLAGS");

1053

987

exitcode = EXIT_FAILURE;

1054

988

#ifdef __linux__

1055

if(restore_loglevel){

1056

ret = klogctl(7, NULL, 0);

1057

if(ret == -1){

1058

perror("klogctl");

1059

}

989

ret = klogctl(7, NULL, 0);

990

if(ret == -1){

991

perror("klogctl");

1060

992

}

1061

993

#endif

1062

994

goto end;

1081

1013

perror("close");

1082

1014

}

1083

1015

#ifdef __linux__

1084

if(restore_loglevel){

1085

/* Restores kernel loglevel to default */

1086

ret = klogctl(7, NULL, 0);

1087

if(ret == -1){

1088

perror("klogctl");

1089

}

1016

/* Restores kernel loglevel to default */

1017

ret = klogctl(7, NULL, 0);

1018

if(ret == -1){

1019

perror("klogctl");

1090

1020

}

1091

1021

#endif

1092

1022

}

1094

1024

uid = getuid();

1095

1025

gid = getgid();

1096

1026

1097

errno = 0;

1098

1027

setgid(gid);

1099

1028

if(ret == -1){

1100

1029

perror("setgid");

1105

1034

perror("setuid");

1106

1035

}

1107

1036

1108

ret = init_gnutls_global(pubkey, seckey);

1037

ret = init_gnutls_global(&mc, pubkey, seckey);

1109

1038

if(ret == -1){

1110

1039

fprintf(stderr, "init_gnutls_global failed\n");

1111

1040

exitcode = EXIT_FAILURE;

1120

1049

}

1121

1050

tempdir_created = true;

1122

1051

1123

if(not init_gpgme(pubkey, seckey, tempdir)){

1052

if(not init_gpgme(&mc, pubkey, seckey, tempdir)){

1124

1053

fprintf(stderr, "init_gpgme failed\n");

1125

1054

exitcode = EXIT_FAILURE;

1126

1055

goto end;

1128

1057

gpgme_initialized = true;

1129

1058

}

1130

1059

1131

if(interface[0] != '\0'){

1132

if_index = (AvahiIfIndex) if_nametoindex(interface);

1133

if(if_index == 0){

1134

fprintf(stderr, "No such interface: \"%s\"\n", interface);

1135

exitcode = EXIT_FAILURE;

1136

goto end;

1137

}

1060

if_index = (AvahiIfIndex) if_nametoindex(interface);

1061

if(if_index == 0){

1062

fprintf(stderr, "No such interface: \"%s\"\n", interface);

1063

exitcode = EXIT_FAILURE;

1064

goto end;

1138

1065

}

1139

1066

1140

1067

if(connect_to != NULL){

1157

1084

port = (uint16_t)tmpmax;

1158

1085

*address = '\0';

1159

1086

address = connect_to;

1160

/* Colon in address indicates IPv6 */

1161

int af;

1162

if(strchr(address, ':') != NULL){

1163

af = AF_INET6;

1164

} else {

1165

af = AF_INET;

1166

}

1167

ret = start_mandos_communication(address, port, if_index, af);

1087

ret = start_mandos_communication(address, port, if_index, &mc);

1168

1088

if(ret < 0){

1169

1089

exitcode = EXIT_FAILURE;

1170

1090

} else {

1217

1137

/* Create the Avahi service browser */

1218

1138

sb = avahi_s_service_browser_new(mc.server, if_index,

1219

1139

AVAHI_PROTO_INET6, "_mandos._tcp",

1220

NULL, 0, browse_callback, NULL);

1140

NULL, 0, browse_callback, &mc);

1221

1141

if(sb == NULL){

1222

1142

fprintf(stderr, "Failed to create service browser: %s\n",

1223

1143

avahi_strerror(avahi_server_errno(mc.server)));

1225

1145

goto end;

1226

1146

}

1227

1147

1228

sigemptyset(&sigterm_action.sa_mask);

1229

ret = sigaddset(&sigterm_action.sa_mask, SIGTERM);

1230

if(ret == -1){

1231

perror("sigaddset");

1232

exitcode = EXIT_FAILURE;

1233

goto end;

1234

}

1235

ret = sigaction(SIGTERM, &sigterm_action, &old_sigterm_action);

1236

if(ret == -1){

1237

perror("sigaction");

1238

exitcode = EXIT_FAILURE;

1239

goto end;

1240

}

1241

1242

1148

/* Run the main loop */

1243

1149

1244

1150

if(debug){