To get this branch, use:
bzr branch
http://bzr.recompile.se/loggerhead/mandos/release
« back to all changes in this revision
Viewing changes to plugins.d/mandos-client.c
- browse files at revision 237.2.9
- compare with another revision
- download diff
- download tarball
- view history from revision 237.2.9
- Committer: Teddy Hogeborn
- Date: 2009-01-04 21:54:55 UTC
- mto: (24.1.120 mandos) (237.4.2 mandos-pipe-ipc) (299.1.1 release) (300.1.1 release) (301.1.1 release)
- mto: This revision was merged to the branch mainline in revision 238.
- Revision ID: teddy@fukt.bsnet.se-20090104215455-o5q1zdrlxzr1wmn1
* README: Update copyright year; add "2009".
* debian/copyright: - '' -
* mandos: - '' -
* mandos-clients.conf.xml: - '' -
* mandos-keygen: - '' -
* mandos-keygen.xml: - '' -
* mandos.conf.xml: - '' -
* mandos.xml: - '' -
* plugin-runner.c: - '' -
* plugin-runner.xml: - '' -
* plugins.d/askpass-fifo.c: - '' -
* plugins.d/askpass-fifo.xml: - '' -
* plugins.d/mandos-client.c: - '' -
* plugins.d/mandos-client.xml: - '' -
* plugins.d/password-prompt.c: - '' -
* plugins.d/password-prompt.xml: - '' -
* plugins.d/splashy.c: - '' -
* plugins.d/splashy.xml: - '' -
* plugins.d/usplash.c: - '' -
* plugins.d/usplash.xml: - '' -
* debian/copyright: - '' -
* mandos: - '' -
* mandos-clients.conf.xml: - '' -
* mandos-keygen: - '' -
* mandos-keygen.xml: - '' -
* mandos.conf.xml: - '' -
* mandos.xml: - '' -
* plugin-runner.c: - '' -
* plugin-runner.xml: - '' -
* plugins.d/askpass-fifo.c: - '' -
* plugins.d/askpass-fifo.xml: - '' -
* plugins.d/mandos-client.c: - '' -
* plugins.d/mandos-client.xml: - '' -
* plugins.d/password-prompt.c: - '' -
* plugins.d/password-prompt.xml: - '' -
* plugins.d/splashy.c: - '' -
* plugins.d/splashy.xml: - '' -
* plugins.d/usplash.c: - '' -
* plugins.d/usplash.xml: - '' -
- files added:
- .bzr-builddeb
- debian
- debian/po
- files removed:
- ca.pem
- files renamed:
- server.py => mandos
- server.conf => mandos.conf
- plugbasedclient.c => plugin-runner.c
- plugins.d/mandosclient.c => plugins.d/mandos-client.c
- plugins.d/passprompt.c => plugins.d/password-prompt.c
- files modified:
- Makefile
added
removed
plugins.d/mandos-client.c
9
9
* "browse_callback", and parts of "main".
10
10
*
11
11
* Everything else is
12
* Copyright © 2007-2008 Teddy Hogeborn & Björn Påhlsson
12
* Copyright © 2008,2009 Teddy Hogeborn
13
* Copyright © 2008,2009 Björn Påhlsson
13
14
*
14
15
* This program is free software: you can redistribute it and/or
15
16
* modify it under the terms of the GNU General Public License as
32
33
#define _LARGEFILE_SOURCE
33
34
#define _FILE_OFFSET_BITS 64
34
35
35
#include <stdio.h>
36
#include <assert.h>
37
#include <stdlib.h>
38
#include <time.h>
39
#include <net/if.h> /* if_nametoindex */
40
#include <sys/ioctl.h> // ioctl, ifreq, SIOCGIFFLAGS, IFF_UP, SIOCSIFFLAGS
41
#include <net/if.h> // ioctl, ifreq, SIOCGIFFLAGS, IFF_UP, SIOCSIFFLAGS
42
36
#define _GNU_SOURCE /* TEMP_FAILURE_RETRY(), asprintf() */
37
38
#include <stdio.h> /* fprintf(), stderr, fwrite(),
39
stdout, ferror() */
40
#include <stdint.h> /* uint16_t, uint32_t */
41
#include <stddef.h> /* NULL, size_t, ssize_t */
42
#include <stdlib.h> /* free(), EXIT_SUCCESS, EXIT_FAILURE,
43
srand() */
44
#include <stdbool.h> /* bool, true */
45
#include <string.h> /* memset(), strcmp(), strlen(),
46
strerror(), asprintf(), strcpy() */
47
#include <sys/ioctl.h> /* ioctl */
48
#include <sys/types.h> /* socket(), inet_pton(), sockaddr,
49
sockaddr_in6, PF_INET6,
50
SOCK_STREAM, INET6_ADDRSTRLEN,
51
uid_t, gid_t, open(), opendir(), DIR */
52
#include <sys/stat.h> /* open() */
53
#include <sys/socket.h> /* socket(), struct sockaddr_in6,
54
struct in6_addr, inet_pton(),
55
connect() */
56
#include <fcntl.h> /* open() */
57
#include <dirent.h> /* opendir(), struct dirent, readdir() */
58
#include <inttypes.h> /* PRIu16 */
59
#include <assert.h> /* assert() */
60
#include <errno.h> /* perror(), errno */
61
#include <time.h> /* time() */
62
#include <net/if.h> /* ioctl, ifreq, SIOCGIFFLAGS, IFF_UP,
63
SIOCSIFFLAGS, if_indextoname(),
64
if_nametoindex(), IF_NAMESIZE */
65
#include <netinet/in.h>
66
#include <unistd.h> /* close(), SEEK_SET, off_t, write(),
67
getuid(), getgid(), setuid(),
68
setgid() */
69
#include <arpa/inet.h> /* inet_pton(), htons */
70
#include <iso646.h> /* not, and */
71
#include <argp.h> /* struct argp_option, error_t, struct
72
argp_state, struct argp,
73
argp_parse(), ARGP_KEY_ARG,
74
ARGP_KEY_END, ARGP_ERR_UNKNOWN */
75
76
/* Avahi */
77
/* All Avahi types, constants and functions
78
Avahi*, avahi_*,
79
AVAHI_* */
43
80
#include <avahi-core/core.h>
44
81
#include <avahi-core/lookup.h>
45
82
#include <avahi-core/log.h>
47
84
#include <avahi-common/malloc.h>
48
85
#include <avahi-common/error.h>
49
86
50
//mandos client part
51
#include <sys/types.h> /* socket(), inet_pton() */
52
#include <sys/socket.h> /* socket(), struct sockaddr_in6,
53
struct in6_addr, inet_pton() */
54
#include <gnutls/gnutls.h> /* All GnuTLS stuff */
55
#include <gnutls/openpgp.h> /* GnuTLS with openpgp stuff */
56
57
#include <unistd.h> /* close() */
58
#include <netinet/in.h>
59
#include <stdbool.h> /* true */
60
#include <string.h> /* memset */
61
#include <arpa/inet.h> /* inet_pton() */
62
#include <iso646.h> /* not */
63
64
// gpgme
65
#include <errno.h> /* perror() */
66
#include <gpgme.h>
67
68
// getopt_long
69
#include <getopt.h>
87
/* GnuTLS */
88
#include <gnutls/gnutls.h> /* All GnuTLS types, constants and
89
functions:
90
gnutls_*
91
init_gnutls_session(),
92
GNUTLS_* */
93
#include <gnutls/openpgp.h> /* gnutls_certificate_set_openpgp_key_file(),
94
GNUTLS_OPENPGP_FMT_BASE64 */
95
96
/* GPGME */
97
#include <gpgme.h> /* All GPGME types, constants and
98
functions:
99
gpgme_*
100
GPGME_PROTOCOL_OpenPGP,
101
GPG_ERR_NO_* */
70
102
71
103
#define BUFFER_SIZE 256
72
104
73
static const char *keydir = "/conf/conf.d/mandos";
74
static const char *pubkeyfile = "pubkey.txt";
75
static const char *seckeyfile = "seckey.txt";
105
#define PATHDIR "/conf/conf.d/mandos"
106
#define SECKEY "seckey.txt"
107
#define PUBKEY "pubkey.txt"
76
108
77
109
bool debug = false;
110
static const char mandos_protocol_version[] = "1";
111
const char *argp_program_version = "mandos-client " VERSION;
112
const char *argp_program_bug_address = "<mandos@fukt.bsnet.se>";
78
113
79
/* Used for passing in values through all the callback functions */
114
/* Used for passing in values through the Avahi callback functions */
80
115
typedef struct {
81
116
AvahiSimplePoll *simple_poll;
82
117
AvahiServer *server;
83
118
gnutls_certificate_credentials_t cred;
84
119
unsigned int dh_bits;
120
gnutls_dh_params_t dh_params;
85
121
const char *priority;
122
gpgme_ctx_t ctx;
86
123
} mandos_context;
87
124
88
static ssize_t pgp_packet_decrypt (char *packet, size_t packet_size,
89
char **new_packet,
90
const char *homedir){
91
gpgme_data_t dh_crypto, dh_plain;
92
gpgme_ctx_t ctx;
125
/*
126
* Make room in "buffer" for at least BUFFER_SIZE additional bytes.
127
* "buffer_capacity" is how much is currently allocated,
128
* "buffer_length" is how much is already used.
129
*/
130
size_t adjustbuffer(char **buffer, size_t buffer_length,
131
size_t buffer_capacity){
132
if (buffer_length + BUFFER_SIZE > buffer_capacity){
133
*buffer = realloc(*buffer, buffer_capacity + BUFFER_SIZE);
134
if (buffer == NULL){
135
return 0;
136
}
137
buffer_capacity += BUFFER_SIZE;
138
}
139
return buffer_capacity;
140
}
141
142
/*
143
* Initialize GPGME.
144
*/
145
static bool init_gpgme(mandos_context *mc, const char *seckey,
146
const char *pubkey, const char *tempdir){
147
int ret;
93
148
gpgme_error_t rc;
94
ssize_t ret;
95
ssize_t new_packet_capacity = 0;
96
ssize_t new_packet_length = 0;
97
149
gpgme_engine_info_t engine_info;
98
150
151
152
/*
153
* Helper function to insert pub and seckey to the enigne keyring.
154
*/
155
bool import_key(const char *filename){
156
int fd;
157
gpgme_data_t pgp_data;
158
159
fd = TEMP_FAILURE_RETRY(open(filename, O_RDONLY));
160
if(fd == -1){
161
perror("open");
162
return false;
163
}
164
165
rc = gpgme_data_new_from_fd(&pgp_data, fd);
166
if (rc != GPG_ERR_NO_ERROR){
167
fprintf(stderr, "bad gpgme_data_new_from_fd: %s: %s\n",
168
gpgme_strsource(rc), gpgme_strerror(rc));
169
return false;
170
}
171
172
rc = gpgme_op_import(mc->ctx, pgp_data);
173
if (rc != GPG_ERR_NO_ERROR){
174
fprintf(stderr, "bad gpgme_op_import: %s: %s\n",
175
gpgme_strsource(rc), gpgme_strerror(rc));
176
return false;
177
}
178
179
ret = TEMP_FAILURE_RETRY(close(fd));
180
if(ret == -1){
181
perror("close");
182
}
183
gpgme_data_release(pgp_data);
184
return true;
185
}
186
99
187
if (debug){
100
fprintf(stderr, "Trying to decrypt OpenPGP packet\n");
188
fprintf(stderr, "Initialize gpgme\n");
101
189
}
102
190
103
191
/* Init GPGME */
106
194
if (rc != GPG_ERR_NO_ERROR){
107
195
fprintf(stderr, "bad gpgme_engine_check_version: %s: %s\n",
108
196
gpgme_strsource(rc), gpgme_strerror(rc));
109
return -1;
197
return false;
110
198
}
111
199
112
/* Set GPGME home directory */
200
/* Set GPGME home directory for the OpenPGP engine only */
113
201
rc = gpgme_get_engine_info (&engine_info);
114
202
if (rc != GPG_ERR_NO_ERROR){
115
203
fprintf(stderr, "bad gpgme_get_engine_info: %s: %s\n",
116
204
gpgme_strsource(rc), gpgme_strerror(rc));
117
return -1;
205
return false;
118
206
}
119
207
while(engine_info != NULL){
120
208
if(engine_info->protocol == GPGME_PROTOCOL_OpenPGP){
121
209
gpgme_set_engine_info(GPGME_PROTOCOL_OpenPGP,
122
engine_info->file_name, homedir);
210
engine_info->file_name, tempdir);
123
211
break;
124
212
}
125
213
engine_info = engine_info->next;
126
214
}
127
215
if(engine_info == NULL){
128
fprintf(stderr, "Could not set home dir to %s\n", homedir);
129
return -1;
130
}
131
132
/* Create new GPGME data buffer from packet buffer */
133
rc = gpgme_data_new_from_mem(&dh_crypto, packet, packet_size, 0);
216
fprintf(stderr, "Could not set GPGME home dir to %s\n", tempdir);
217
return false;
218
}
219
220
/* Create new GPGME "context" */
221
rc = gpgme_new(&(mc->ctx));
222
if (rc != GPG_ERR_NO_ERROR){
223
fprintf(stderr, "bad gpgme_new: %s: %s\n",
224
gpgme_strsource(rc), gpgme_strerror(rc));
225
return false;
226
}
227
228
if (not import_key(pubkey) or not import_key(seckey)){
229
return false;
230
}
231
232
return true;
233
}
234
235
/*
236
* Decrypt OpenPGP data.
237
* Returns -1 on error
238
*/
239
static ssize_t pgp_packet_decrypt (const mandos_context *mc,
240
const char *cryptotext,
241
size_t crypto_size,
242
char **plaintext){
243
gpgme_data_t dh_crypto, dh_plain;
244
gpgme_error_t rc;
245
ssize_t ret;
246
size_t plaintext_capacity = 0;
247
ssize_t plaintext_length = 0;
248
249
if (debug){
250
fprintf(stderr, "Trying to decrypt OpenPGP data\n");
251
}
252
253
/* Create new GPGME data buffer from memory cryptotext */
254
rc = gpgme_data_new_from_mem(&dh_crypto, cryptotext, crypto_size,
255
0);
134
256
if (rc != GPG_ERR_NO_ERROR){
135
257
fprintf(stderr, "bad gpgme_data_new_from_mem: %s: %s\n",
136
258
gpgme_strsource(rc), gpgme_strerror(rc));
142
264
if (rc != GPG_ERR_NO_ERROR){
143
265
fprintf(stderr, "bad gpgme_data_new: %s: %s\n",
144
266
gpgme_strsource(rc), gpgme_strerror(rc));
145
return -1;
146
}
147
148
/* Create new GPGME "context" */
149
rc = gpgme_new(&ctx);
150
if (rc != GPG_ERR_NO_ERROR){
151
fprintf(stderr, "bad gpgme_new: %s: %s\n",
152
gpgme_strsource(rc), gpgme_strerror(rc));
153
return -1;
154
}
155
156
/* Decrypt data from the FILE pointer to the plaintext data
157
buffer */
158
rc = gpgme_op_decrypt(ctx, dh_crypto, dh_plain);
267
gpgme_data_release(dh_crypto);
268
return -1;
269
}
270
271
/* Decrypt data from the cryptotext data buffer to the plaintext
272
data buffer */
273
rc = gpgme_op_decrypt(mc->ctx, dh_crypto, dh_plain);
159
274
if (rc != GPG_ERR_NO_ERROR){
160
275
fprintf(stderr, "bad gpgme_op_decrypt: %s: %s\n",
161
276
gpgme_strsource(rc), gpgme_strerror(rc));
162
return -1;
277
plaintext_length = -1;
278
if (debug){
279
gpgme_decrypt_result_t result;
280
result = gpgme_op_decrypt_result(mc->ctx);
281
if (result == NULL){
282
fprintf(stderr, "gpgme_op_decrypt_result failed\n");
283
} else {
284
fprintf(stderr, "Unsupported algorithm: %s\n",
285
result->unsupported_algorithm);
286
fprintf(stderr, "Wrong key usage: %u\n",
287
result->wrong_key_usage);
288
if(result->file_name != NULL){
289
fprintf(stderr, "File name: %s\n", result->file_name);
290
}
291
gpgme_recipient_t recipient;
292
recipient = result->recipients;
293
if(recipient){
294
while(recipient != NULL){
295
fprintf(stderr, "Public key algorithm: %s\n",
296
gpgme_pubkey_algo_name(recipient->pubkey_algo));
297
fprintf(stderr, "Key ID: %s\n", recipient->keyid);
298
fprintf(stderr, "Secret key available: %s\n",
299
recipient->status == GPG_ERR_NO_SECKEY
300
? "No" : "Yes");
301
recipient = recipient->next;
302
}
303
}
304
}
305
}
306
goto decrypt_end;
163
307
}
164
308
165
309
if(debug){
166
fprintf(stderr, "Decryption of OpenPGP packet succeeded\n");
167
}
168
169
if (debug){
170
gpgme_decrypt_result_t result;
171
result = gpgme_op_decrypt_result(ctx);
172
if (result == NULL){
173
fprintf(stderr, "gpgme_op_decrypt_result failed\n");
174
} else {
175
fprintf(stderr, "Unsupported algorithm: %s\n",
176
result->unsupported_algorithm);
177
fprintf(stderr, "Wrong key usage: %d\n",
178
result->wrong_key_usage);
179
if(result->file_name != NULL){
180
fprintf(stderr, "File name: %s\n", result->file_name);
181
}
182
gpgme_recipient_t recipient;
183
recipient = result->recipients;
184
if(recipient){
185
while(recipient != NULL){
186
fprintf(stderr, "Public key algorithm: %s\n",
187
gpgme_pubkey_algo_name(recipient->pubkey_algo));
188
fprintf(stderr, "Key ID: %s\n", recipient->keyid);
189
fprintf(stderr, "Secret key available: %s\n",
190
recipient->status == GPG_ERR_NO_SECKEY
191
? "No" : "Yes");
192
recipient = recipient->next;
193
}
194
}
195
}
196
}
197
198
/* Delete the GPGME FILE pointer cryptotext data buffer */
199
gpgme_data_release(dh_crypto);
310
fprintf(stderr, "Decryption of OpenPGP data succeeded\n");
311
}
200
312
201
313
/* Seek back to the beginning of the GPGME plaintext data buffer */
202
314
if (gpgme_data_seek(dh_plain, (off_t) 0, SEEK_SET) == -1){
203
perror("pgpme_data_seek");
315
perror("gpgme_data_seek");
316
plaintext_length = -1;
317
goto decrypt_end;
204
318
}
205
319
206
*new_packet = 0;
320
*plaintext = NULL;
207
321
while(true){
208
if (new_packet_length + BUFFER_SIZE > new_packet_capacity){
209
*new_packet = realloc(*new_packet,
210
(unsigned int)new_packet_capacity
211
+ BUFFER_SIZE);
212
if (*new_packet == NULL){
213
perror("realloc");
214
return -1;
215
}
216
new_packet_capacity += BUFFER_SIZE;
322
plaintext_capacity = adjustbuffer(plaintext,
323
(size_t)plaintext_length,
324
plaintext_capacity);
325
if (plaintext_capacity == 0){
326
perror("adjustbuffer");
327
plaintext_length = -1;
328
goto decrypt_end;
217
329
}
218
330
219
ret = gpgme_data_read(dh_plain, *new_packet + new_packet_length,
331
ret = gpgme_data_read(dh_plain, *plaintext + plaintext_length,
220
332
BUFFER_SIZE);
221
333
/* Print the data, if any */
222
334
if (ret == 0){
335
/* EOF */
223
336
break;
224
337
}
225
338
if(ret < 0){
226
339
perror("gpgme_data_read");
227
return -1;
228
}
229
new_packet_length += ret;
230
}
231
232
/* FIXME: check characters before printing to screen so to not print
233
terminal control characters */
234
/* if(debug){ */
235
/* fprintf(stderr, "decrypted password is: "); */
236
/* fwrite(*new_packet, 1, new_packet_length, stderr); */
237
/* fprintf(stderr, "\n"); */
238
/* } */
340
plaintext_length = -1;
341
goto decrypt_end;
342
}
343
plaintext_length += ret;
344
}
345
346
if(debug){
347
fprintf(stderr, "Decrypted password is: ");
348
for(ssize_t i = 0; i < plaintext_length; i++){
349
fprintf(stderr, "%02hhX ", (*plaintext)[i]);
350
}
351
fprintf(stderr, "\n");
352
}
353
354
decrypt_end:
355
356
/* Delete the GPGME cryptotext data buffer */
357
gpgme_data_release(dh_crypto);
239
358
240
359
/* Delete the GPGME plaintext data buffer */
241
360
gpgme_data_release(dh_plain);
242
return new_packet_length;
361
return plaintext_length;
243
362
}
244
363
245
364
static const char * safer_gnutls_strerror (int value) {
246
const char *ret = gnutls_strerror (value);
365
const char *ret = gnutls_strerror (value); /* Spurious warning */
247
366
if (ret == NULL)
248
367
ret = "(unknown)";
249
368
return ret;
250
369
}
251
370
371
/* GnuTLS log function callback */
252
372
static void debuggnutls(__attribute__((unused)) int level,
253
373
const char* string){
254
fprintf(stderr, "%s", string);
374
fprintf(stderr, "GnuTLS: %s", string);
255
375
}
256
376
257
static int initgnutls(mandos_context *mc, gnutls_session_t *session,
258
gnutls_dh_params_t *dh_params){
259
const char *err;
377
static int init_gnutls_global(mandos_context *mc,
378
const char *pubkeyfilename,
379
const char *seckeyfilename){
260
380
int ret;
261
381
262
382
if(debug){
263
383
fprintf(stderr, "Initializing GnuTLS\n");
264
384
}
265
266
if ((ret = gnutls_global_init ())
267
!= GNUTLS_E_SUCCESS) {
268
fprintf (stderr, "global_init: %s\n", safer_gnutls_strerror(ret));
385
386
ret = gnutls_global_init();
387
if (ret != GNUTLS_E_SUCCESS) {
388
fprintf (stderr, "GnuTLS global_init: %s\n",
389
safer_gnutls_strerror(ret));
269
390
return -1;
270
391
}
271
392
272
393
if (debug){
394
/* "Use a log level over 10 to enable all debugging options."
395
* - GnuTLS manual
396
*/
273
397
gnutls_global_set_log_level(11);
274
398
gnutls_global_set_log_function(debuggnutls);
275
399
}
276
400
277
/* openpgp credentials */
278
if ((ret = gnutls_certificate_allocate_credentials (&mc->cred))
279
!= GNUTLS_E_SUCCESS) {
280
fprintf (stderr, "memory error: %s\n",
401
/* OpenPGP credentials */
402
gnutls_certificate_allocate_credentials(&mc->cred);
403
if (ret != GNUTLS_E_SUCCESS){
404
fprintf (stderr, "GnuTLS memory error: %s\n", /* Spurious
405
warning */
281
406
safer_gnutls_strerror(ret));
407
gnutls_global_deinit ();
282
408
return -1;
283
409
}
284
410
285
411
if(debug){
286
fprintf(stderr, "Attempting to use OpenPGP certificate %s"
287
" and keyfile %s as GnuTLS credentials\n", pubkeyfile,
288
seckeyfile);
412
fprintf(stderr, "Attempting to use OpenPGP public key %s and"
413
" secret key %s as GnuTLS credentials\n", pubkeyfilename,
414
seckeyfilename);
289
415
}
290
416
291
417
ret = gnutls_certificate_set_openpgp_key_file
292
(mc->cred, pubkeyfile, seckeyfile, GNUTLS_OPENPGP_FMT_BASE64);
418
(mc->cred, pubkeyfilename, seckeyfilename,
419
GNUTLS_OPENPGP_FMT_BASE64);
293
420
if (ret != GNUTLS_E_SUCCESS) {
294
fprintf
295
(stderr, "Error[%d] while reading the OpenPGP key pair ('%s',"
296
" '%s')\n",
297
ret, pubkeyfile, seckeyfile);
298
fprintf(stdout, "The Error is: %s\n",
421
fprintf(stderr,
422
"Error[%d] while reading the OpenPGP key pair ('%s',"
423
" '%s')\n", ret, pubkeyfilename, seckeyfilename);
424
fprintf(stderr, "The GnuTLS error is: %s\n",
299
425
safer_gnutls_strerror(ret));
300
return -1;
301
}
302
303
//GnuTLS server initialization
304
if ((ret = gnutls_dh_params_init(dh_params))
305
!= GNUTLS_E_SUCCESS) {
306
fprintf (stderr, "Error in dh parameter initialization: %s\n",
307
safer_gnutls_strerror(ret));
308
return -1;
309
}
310
311
if ((ret = gnutls_dh_params_generate2(*dh_params, mc->dh_bits))
312
!= GNUTLS_E_SUCCESS) {
313
fprintf (stderr, "Error in prime generation: %s\n",
314
safer_gnutls_strerror(ret));
315
return -1;
316
}
317
318
gnutls_certificate_set_dh_params(mc->cred, *dh_params);
319
320
// GnuTLS session creation
321
if ((ret = gnutls_init(session, GNUTLS_SERVER))
322
!= GNUTLS_E_SUCCESS){
426
goto globalfail;
427
}
428
429
/* GnuTLS server initialization */
430
ret = gnutls_dh_params_init(&mc->dh_params);
431
if (ret != GNUTLS_E_SUCCESS) {
432
fprintf (stderr, "Error in GnuTLS DH parameter initialization:"
433
" %s\n", safer_gnutls_strerror(ret));
434
goto globalfail;
435
}
436
ret = gnutls_dh_params_generate2(mc->dh_params, mc->dh_bits);
437
if (ret != GNUTLS_E_SUCCESS) {
438
fprintf (stderr, "Error in GnuTLS prime generation: %s\n",
439
safer_gnutls_strerror(ret));
440
goto globalfail;
441
}
442
443
gnutls_certificate_set_dh_params(mc->cred, mc->dh_params);
444
445
return 0;
446
447
globalfail:
448
449
gnutls_certificate_free_credentials(mc->cred);
450
gnutls_global_deinit();
451
gnutls_dh_params_deinit(mc->dh_params);
452
return -1;
453
}
454
455
static int init_gnutls_session(mandos_context *mc,
456
gnutls_session_t *session){
457
int ret;
458
/* GnuTLS session creation */
459
ret = gnutls_init(session, GNUTLS_SERVER);
460
if (ret != GNUTLS_E_SUCCESS){
323
461
fprintf(stderr, "Error in GnuTLS session initialization: %s\n",
324
462
safer_gnutls_strerror(ret));
325
463
}
326
464
327
if ((ret = gnutls_priority_set_direct(*session, mc->priority, &err))
328
!= GNUTLS_E_SUCCESS) {
329
fprintf(stderr, "Syntax error at: %s\n", err);
330
fprintf(stderr, "GnuTLS error: %s\n",
331
safer_gnutls_strerror(ret));
332
return -1;
465
{
466
const char *err;
467
ret = gnutls_priority_set_direct(*session, mc->priority, &err);
468
if (ret != GNUTLS_E_SUCCESS) {
469
fprintf(stderr, "Syntax error at: %s\n", err);
470
fprintf(stderr, "GnuTLS error: %s\n",
471
safer_gnutls_strerror(ret));
472
gnutls_deinit (*session);
473
return -1;
474
}
333
475
}
334
476
335
if ((ret = gnutls_credentials_set(*session, GNUTLS_CRD_CERTIFICATE,
336
mc->cred))
337
!= GNUTLS_E_SUCCESS) {
338
fprintf(stderr, "Error setting a credentials set: %s\n",
477
ret = gnutls_credentials_set(*session, GNUTLS_CRD_CERTIFICATE,
478
mc->cred);
479
if (ret != GNUTLS_E_SUCCESS) {
480
fprintf(stderr, "Error setting GnuTLS credentials: %s\n",
339
481
safer_gnutls_strerror(ret));
482
gnutls_deinit (*session);
340
483
return -1;
341
484
}
342
485
349
492
return 0;
350
493
}
351
494
495
/* Avahi log function callback */
352
496
static void empty_log(__attribute__((unused)) AvahiLogLevel level,
353
497
__attribute__((unused)) const char *txt){}
354
498
499
/* Called when a Mandos server is found */
355
500
static int start_mandos_communication(const char *ip, uint16_t port,
356
501
AvahiIfIndex if_index,
357
502
mandos_context *mc){
358
503
int ret, tcp_sd;
359
struct sockaddr_in6 to;
504
union { struct sockaddr in; struct sockaddr_in6 in6; } to;
360
505
char *buffer = NULL;
361
506
char *decrypted_buffer;
362
507
size_t buffer_length = 0;
363
508
size_t buffer_capacity = 0;
364
509
ssize_t decrypted_buffer_size;
365
size_t written = 0;
510
size_t written;
366
511
int retval = 0;
367
512
char interface[IF_NAMESIZE];
368
513
gnutls_session_t session;
369
gnutls_dh_params_t dh_params;
514
515
ret = init_gnutls_session (mc, &session);
516
if (ret != 0){
517
return -1;
518
}
370
519
371
520
if(debug){
372
fprintf(stderr, "Setting up a tcp connection to %s, port %d\n",
373
ip, port);
521
fprintf(stderr, "Setting up a tcp connection to %s, port %" PRIu16
522
"\n", ip, port);
374
523
}
375
524
376
525
tcp_sd = socket(PF_INET6, SOCK_STREAM, 0);
378
527
perror("socket");
379
528
return -1;
380
529
}
381
530
382
531
if(debug){
383
532
if(if_indextoname((unsigned int)if_index, interface) == NULL){
384
533
perror("if_indextoname");
387
536
fprintf(stderr, "Binding to interface %s\n", interface);
388
537
}
389
538
390
memset(&to,0,sizeof(to)); /* Spurious warning */
391
to.sin6_family = AF_INET6;
392
ret = inet_pton(AF_INET6, ip, &to.sin6_addr);
539
memset(&to, 0, sizeof(to));
540
to.in6.sin6_family = AF_INET6;
541
/* It would be nice to have a way to detect if we were passed an
542
IPv4 address here. Now we assume an IPv6 address. */
543
ret = inet_pton(AF_INET6, ip, &to.in6.sin6_addr);
393
544
if (ret < 0 ){
394
545
perror("inet_pton");
395
546
return -1;
398
549
fprintf(stderr, "Bad address: %s\n", ip);
399
550
return -1;
400
551
}
401
to.sin6_port = htons(port); /* Spurious warning */
552
to.in6.sin6_port = htons(port); /* Spurious warning */
402
553
403
to.sin6_scope_id = (uint32_t)if_index;
554
to.in6.sin6_scope_id = (uint32_t)if_index;
404
555
405
556
if(debug){
406
fprintf(stderr, "Connection to: %s, port %d\n", ip, port);
557
fprintf(stderr, "Connection to: %s, port %" PRIu16 "\n", ip,
558
port);
407
559
char addrstr[INET6_ADDRSTRLEN] = "";
408
if(inet_ntop(to.sin6_family, &(to.sin6_addr), addrstr,
560
if(inet_ntop(to.in6.sin6_family, &(to.in6.sin6_addr), addrstr,
409
561
sizeof(addrstr)) == NULL){
410
562
perror("inet_ntop");
411
563
} else {
415
567
}
416
568
}
417
569
418
ret = connect(tcp_sd, (struct sockaddr *) &to, sizeof(to));
570
ret = connect(tcp_sd, &to.in, sizeof(to));
419
571
if (ret < 0){
420
572
perror("connect");
421
573
return -1;
422
574
}
423
575
424
ret = initgnutls (mc, &session, &dh_params);
425
if (ret != 0){
426
retval = -1;
427
return -1;
576
const char *out = mandos_protocol_version;
577
written = 0;
578
while (true){
579
size_t out_size = strlen(out);
580
ret = TEMP_FAILURE_RETRY(write(tcp_sd, out + written,
581
out_size - written));
582
if (ret == -1){
583
perror("write");
584
retval = -1;
585
goto mandos_end;
586
}
587
written += (size_t)ret;
588
if(written < out_size){
589
continue;
590
} else {
591
if (out == mandos_protocol_version){
592
written = 0;
593
out = "\r\n";
594
} else {
595
break;
596
}
597
}
598
}
599
600
if(debug){
601
fprintf(stderr, "Establishing TLS session with %s\n", ip);
428
602
}
429
603
430
604
gnutls_transport_set_ptr (session, (gnutls_transport_ptr_t) tcp_sd);
431
605
432
if(debug){
433
fprintf(stderr, "Establishing TLS session with %s\n", ip);
434
}
435
436
ret = gnutls_handshake (session);
606
do{
607
ret = gnutls_handshake (session);
608
} while(ret == GNUTLS_E_AGAIN or ret == GNUTLS_E_INTERRUPTED);
437
609
438
610
if (ret != GNUTLS_E_SUCCESS){
439
611
if(debug){
440
fprintf(stderr, "\n*** Handshake failed ***\n");
612
fprintf(stderr, "*** GnuTLS Handshake failed ***\n");
441
613
gnutls_perror (ret);
442
614
}
443
615
retval = -1;
444
goto exit;
616
goto mandos_end;
445
617
}
446
618
447
//Retrieve OpenPGP packet that contains the wanted password
619
/* Read OpenPGP packet that contains the wanted password */
448
620
449
621
if(debug){
450
622
fprintf(stderr, "Retrieving pgp encrypted password from %s\n",
451
623
ip);
452
624
}
453
625
454
626
while(true){
455
if (buffer_length + BUFFER_SIZE > buffer_capacity){
456
buffer = realloc(buffer, buffer_capacity + BUFFER_SIZE);
457
if (buffer == NULL){
458
perror("realloc");
459
goto exit;
460
}
461
buffer_capacity += BUFFER_SIZE;
627
buffer_capacity = adjustbuffer(&buffer, buffer_length,
628
buffer_capacity);
629
if (buffer_capacity == 0){
630
perror("adjustbuffer");
631
retval = -1;
632
goto mandos_end;
462
633
}
463
634
464
635
ret = gnutls_record_recv(session, buffer+buffer_length,
472
643
case GNUTLS_E_AGAIN:
473
644
break;
474
645
case GNUTLS_E_REHANDSHAKE:
475
ret = gnutls_handshake (session);
646
do{
647
ret = gnutls_handshake (session);
648
} while(ret == GNUTLS_E_AGAIN or ret == GNUTLS_E_INTERRUPTED);
476
649
if (ret < 0){
477
fprintf(stderr, "\n*** Handshake failed ***\n");
650
fprintf(stderr, "*** GnuTLS Re-handshake failed ***\n");
478
651
gnutls_perror (ret);
479
652
retval = -1;
480
goto exit;
653
goto mandos_end;
481
654
}
482
655
break;
483
656
default:
484
657
fprintf(stderr, "Unknown error while reading data from"
485
" encrypted session with mandos server\n");
658
" encrypted session with Mandos server\n");
486
659
retval = -1;
487
660
gnutls_bye (session, GNUTLS_SHUT_RDWR);
488
goto exit;
661
goto mandos_end;
489
662
}
490
663
} else {
491
664
buffer_length += (size_t) ret;
492
665
}
493
666
}
494
667
668
if(debug){
669
fprintf(stderr, "Closing TLS session\n");
670
}
671
672
gnutls_bye (session, GNUTLS_SHUT_RDWR);
673
495
674
if (buffer_length > 0){
496
decrypted_buffer_size = pgp_packet_decrypt(buffer,
675
decrypted_buffer_size = pgp_packet_decrypt(mc, buffer,
497
676
buffer_length,
498
&decrypted_buffer,
499
keydir);
677
&decrypted_buffer);
500
678
if (decrypted_buffer_size >= 0){
679
written = 0;
501
680
while(written < (size_t) decrypted_buffer_size){
502
681
ret = (int)fwrite (decrypted_buffer + written, 1,
503
682
(size_t)decrypted_buffer_size - written,
516
695
} else {
517
696
retval = -1;
518
697
}
519
}
520
521
//shutdown procedure
522
523
if(debug){
524
fprintf(stderr, "Closing TLS session\n");
525
}
526
698
} else {
699
retval = -1;
700
}
701
702
/* Shutdown procedure */
703
704
mandos_end:
527
705
free(buffer);
528
gnutls_bye (session, GNUTLS_SHUT_RDWR);
529
exit:
530
close(tcp_sd);
706
ret = TEMP_FAILURE_RETRY(close(tcp_sd));
707
if(ret == -1){
708
perror("close");
709
}
531
710
gnutls_deinit (session);
532
gnutls_certificate_free_credentials (mc->cred);
533
gnutls_global_deinit ();
534
711
return retval;
535
712
}
536
713
537
static void resolve_callback( AvahiSServiceResolver *r,
538
AvahiIfIndex interface,
539
AVAHI_GCC_UNUSED AvahiProtocol protocol,
540
AvahiResolverEvent event,
541
const char *name,
542
const char *type,
543
const char *domain,
544
const char *host_name,
545
const AvahiAddress *address,
546
uint16_t port,
547
AVAHI_GCC_UNUSED AvahiStringList *txt,
548
AVAHI_GCC_UNUSED AvahiLookupResultFlags flags,
549
void* userdata) {
714
static void resolve_callback(AvahiSServiceResolver *r,
715
AvahiIfIndex interface,
716
AVAHI_GCC_UNUSED AvahiProtocol protocol,
717
AvahiResolverEvent event,
718
const char *name,
719
const char *type,
720
const char *domain,
721
const char *host_name,
722
const AvahiAddress *address,
723
uint16_t port,
724
AVAHI_GCC_UNUSED AvahiStringList *txt,
725
AVAHI_GCC_UNUSED AvahiLookupResultFlags
726
flags,
727
void* userdata) {
550
728
mandos_context *mc = userdata;
551
assert(r); /* Spurious warning */
729
assert(r);
552
730
553
731
/* Called whenever a service has been resolved successfully or
554
732
timed out */
556
734
switch (event) {
557
735
default:
558
736
case AVAHI_RESOLVER_FAILURE:
559
fprintf(stderr, "(Resolver) Failed to resolve service '%s' of"
560
" type '%s' in domain '%s': %s\n", name, type, domain,
737
fprintf(stderr, "(Avahi Resolver) Failed to resolve service '%s'"
738
" of type '%s' in domain '%s': %s\n", name, type, domain,
561
739
avahi_strerror(avahi_server_errno(mc->server)));
562
740
break;
563
741
566
744
char ip[AVAHI_ADDRESS_STR_MAX];
567
745
avahi_address_snprint(ip, sizeof(ip), address);
568
746
if(debug){
569
fprintf(stderr, "Mandos server \"%s\" found on %s (%s) on"
570
" port %d\n", name, host_name, ip, port);
747
fprintf(stderr, "Mandos server \"%s\" found on %s (%s, %"
748
PRIu16 ") on port %d\n", name, host_name, ip,
749
interface, port);
571
750
}
572
751
int ret = start_mandos_communication(ip, port, interface, mc);
573
752
if (ret == 0){
574
exit(EXIT_SUCCESS);
753
avahi_simple_poll_quit(mc->simple_poll);
575
754
}
576
755
}
577
756
}
585
764
const char *name,
586
765
const char *type,
587
766
const char *domain,
588
AVAHI_GCC_UNUSED AvahiLookupResultFlags flags,
767
AVAHI_GCC_UNUSED AvahiLookupResultFlags
768
flags,
589
769
void* userdata) {
590
770
mandos_context *mc = userdata;
591
assert(b); /* Spurious warning */
771
assert(b);
592
772
593
773
/* Called whenever a new services becomes available on the LAN or
594
774
is removed from the LAN */
597
777
default:
598
778
case AVAHI_BROWSER_FAILURE:
599
779
600
fprintf(stderr, "(Browser) %s\n",
780
fprintf(stderr, "(Avahi browser) %s\n",
601
781
avahi_strerror(avahi_server_errno(mc->server)));
602
782
avahi_simple_poll_quit(mc->simple_poll);
603
783
return;
604
784
605
785
case AVAHI_BROWSER_NEW:
606
/* We ignore the returned resolver object. In the callback
607
function we free it. If the server is terminated before
608
the callback function is called the server will free
609
the resolver for us. */
786
/* We ignore the returned Avahi resolver object. In the callback
787
function we free it. If the Avahi server is terminated before
788
the callback function is called the Avahi server will free the
789
resolver for us. */
610
790
611
if (!(avahi_s_service_resolver_new(mc->server, interface, protocol, name,
612
type, domain,
791
if (!(avahi_s_service_resolver_new(mc->server, interface,
792
protocol, name, type, domain,
613
793
AVAHI_PROTO_INET6, 0,
614
794
resolve_callback, mc)))
615
fprintf(stderr, "Failed to resolve service '%s': %s\n", name,
616
avahi_strerror(avahi_server_errno(mc->server)));
795
fprintf(stderr, "Avahi: Failed to resolve service '%s': %s\n",
796
name, avahi_strerror(avahi_server_errno(mc->server)));
617
797
break;
618
798
619
799
case AVAHI_BROWSER_REMOVE:
621
801
622
802
case AVAHI_BROWSER_ALL_FOR_NOW:
623
803
case AVAHI_BROWSER_CACHE_EXHAUSTED:
804
if(debug){
805
fprintf(stderr, "No Mandos server found, still searching...\n");
806
}
624
807
break;
625
808
}
626
809
}
627
810
628
/* Combines file name and path and returns the malloced new
629
string. some sane checks could/should be added */
630
static const char *combinepath(const char *first, const char *second){
631
size_t f_len = strlen(first);
632
size_t s_len = strlen(second);
633
char *tmp = malloc(f_len + s_len + 2);
634
if (tmp == NULL){
635
return NULL;
636
}
637
if(f_len > 0){
638
memcpy(tmp, first, f_len); /* Spurious warning */
639
}
640
tmp[f_len] = '/';
641
if(s_len > 0){
642
memcpy(tmp + f_len + 1, second, s_len); /* Spurious warning */
643
}
644
tmp[f_len + 1 + s_len] = '\0';
645
return tmp;
646
}
647
648
649
int main(AVAHI_GCC_UNUSED int argc, AVAHI_GCC_UNUSED char*argv[]) {
650
AvahiServerConfig config;
811
int main(int argc, char *argv[]){
651
812
AvahiSServiceBrowser *sb = NULL;
652
813
int error;
653
814
int ret;
654
int debug_int;
655
int returncode = EXIT_SUCCESS;
815
int exitcode = EXIT_SUCCESS;
656
816
const char *interface = "eth0";
657
817
struct ifreq network;
658
818
int sd;
819
uid_t uid;
820
gid_t gid;
659
821
char *connect_to = NULL;
822
char tempdir[] = "/tmp/mandosXXXXXX";
660
823
AvahiIfIndex if_index = AVAHI_IF_UNSPEC;
824
const char *seckey = PATHDIR "/" SECKEY;
825
const char *pubkey = PATHDIR "/" PUBKEY;
826
661
827
mandos_context mc = { .simple_poll = NULL, .server = NULL,
662
.dh_bits = 1024, .priority = "SECURE256"};
663
664
debug_int = debug ? 1 : 0;
665
while (true){
666
struct option long_options[] = {
667
{"debug", no_argument, &debug_int, 1},
668
{"connect", required_argument, NULL, 'c'},
669
{"interface", required_argument, NULL, 'i'},
670
{"keydir", required_argument, NULL, 'd'},
671
{"seckey", required_argument, NULL, 's'},
672
{"pubkey", required_argument, NULL, 'p'},
673
{"dh-bits", required_argument, NULL, 'D'},
674
{"priority", required_argument, NULL, 'P'},
675
{0, 0, 0, 0} };
676
677
int option_index = 0;
678
ret = getopt_long (argc, argv, "i:", long_options,
679
&option_index);
680
681
if (ret == -1){
682
break;
683
}
684
685
switch(ret){
686
case 0:
687
break;
688
case 'i':
689
interface = optarg;
690
break;
691
case 'c':
692
connect_to = optarg;
693
break;
694
case 'd':
695
keydir = optarg;
696
break;
697
case 'p':
698
pubkeyfile = optarg;
699
break;
700
case 's':
701
seckeyfile = optarg;
702
break;
703
case 'D':
704
errno = 0;
705
mc.dh_bits = (unsigned int) strtol(optarg, NULL, 10);
706
if (errno){
707
perror("strtol");
708
exit(EXIT_FAILURE);
709
}
710
break;
711
case 'P':
712
mc.priority = optarg;
713
break;
714
case '?':
715
default:
716
exit(EXIT_FAILURE);
717
}
718
}
719
debug = debug_int ? true : false;
720
721
pubkeyfile = combinepath(keydir, pubkeyfile);
722
if (pubkeyfile == NULL){
723
perror("combinepath");
724
returncode = EXIT_FAILURE;
725
goto exit;
726
}
727
728
seckeyfile = combinepath(keydir, seckeyfile);
729
if (seckeyfile == NULL){
730
perror("combinepath");
731
goto exit;
828
.dh_bits = 1024, .priority = "SECURE256"
829
":!CTYPE-X.509:+CTYPE-OPENPGP" };
830
bool gnutls_initalized = false;
831
bool gpgme_initalized = false;
832
833
{
834
struct argp_option options[] = {
835
{ .name = "debug", .key = 128,
836
.doc = "Debug mode", .group = 3 },
837
{ .name = "connect", .key = 'c',
838
.arg = "ADDRESS:PORT",
839
.doc = "Connect directly to a specific Mandos server",
840
.group = 1 },
841
{ .name = "interface", .key = 'i',
842
.arg = "NAME",
843
.doc = "Interface that will be used to search for Mandos"
844
" servers",
845
.group = 1 },
846
{ .name = "seckey", .key = 's',
847
.arg = "FILE",
848
.doc = "OpenPGP secret key file base name",
849
.group = 1 },
850
{ .name = "pubkey", .key = 'p',
851
.arg = "FILE",
852
.doc = "OpenPGP public key file base name",
853
.group = 2 },
854
{ .name = "dh-bits", .key = 129,
855
.arg = "BITS",
856
.doc = "Bit length of the prime number used in the"
857
" Diffie-Hellman key exchange",
858
.group = 2 },
859
{ .name = "priority", .key = 130,
860
.arg = "STRING",
861
.doc = "GnuTLS priority string for the TLS handshake",
862
.group = 1 },
863
{ .name = NULL }
864
};
865
866
error_t parse_opt (int key, char *arg,
867
struct argp_state *state) {
868
/* Get the INPUT argument from `argp_parse', which we know is
869
a pointer to our plugin list pointer. */
870
switch (key) {
871
case 128: /* --debug */
872
debug = true;
873
break;
874
case 'c': /* --connect */
875
connect_to = arg;
876
break;
877
case 'i': /* --interface */
878
interface = arg;
879
break;
880
case 's': /* --seckey */
881
seckey = arg;
882
break;
883
case 'p': /* --pubkey */
884
pubkey = arg;
885
break;
886
case 129: /* --dh-bits */
887
errno = 0;
888
mc.dh_bits = (unsigned int) strtol(arg, NULL, 10);
889
if (errno){
890
perror("strtol");
891
exit(EXIT_FAILURE);
892
}
893
break;
894
case 130: /* --priority */
895
mc.priority = arg;
896
break;
897
case ARGP_KEY_ARG:
898
argp_usage (state);
899
case ARGP_KEY_END:
900
break;
901
default:
902
return ARGP_ERR_UNKNOWN;
903
}
904
return 0;
905
}
906
907
struct argp argp = { .options = options, .parser = parse_opt,
908
.args_doc = "",
909
.doc = "Mandos client -- Get and decrypt"
910
" passwords from a Mandos server" };
911
ret = argp_parse (&argp, argc, argv, 0, 0, NULL);
912
if (ret == ARGP_ERR_UNKNOWN){
913
fprintf(stderr, "Unknown error while parsing arguments\n");
914
exitcode = EXIT_FAILURE;
915
goto end;
916
}
917
}
918
919
/* If the interface is down, bring it up */
920
{
921
sd = socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP);
922
if(sd < 0) {
923
perror("socket");
924
exitcode = EXIT_FAILURE;
925
goto end;
926
}
927
strcpy(network.ifr_name, interface);
928
ret = ioctl(sd, SIOCGIFFLAGS, &network);
929
if(ret == -1){
930
perror("ioctl SIOCGIFFLAGS");
931
exitcode = EXIT_FAILURE;
932
goto end;
933
}
934
if((network.ifr_flags & IFF_UP) == 0){
935
network.ifr_flags |= IFF_UP;
936
ret = ioctl(sd, SIOCSIFFLAGS, &network);
937
if(ret == -1){
938
perror("ioctl SIOCSIFFLAGS");
939
exitcode = EXIT_FAILURE;
940
goto end;
941
}
942
}
943
ret = TEMP_FAILURE_RETRY(close(sd));
944
if(ret == -1){
945
perror("close");
946
}
947
}
948
949
uid = getuid();
950
gid = getgid();
951
952
ret = setuid(uid);
953
if (ret == -1){
954
perror("setuid");
955
}
956
957
setgid(gid);
958
if (ret == -1){
959
perror("setgid");
960
}
961
962
ret = init_gnutls_global(&mc, pubkey, seckey);
963
if (ret == -1){
964
fprintf(stderr, "init_gnutls_global failed\n");
965
exitcode = EXIT_FAILURE;
966
goto end;
967
} else {
968
gnutls_initalized = true;
969
}
970
971
if(mkdtemp(tempdir) == NULL){
972
perror("mkdtemp");
973
tempdir[0] = '\0';
974
goto end;
975
}
976
977
if(not init_gpgme(&mc, pubkey, seckey, tempdir)){
978
fprintf(stderr, "gpgme_initalized failed\n");
979
exitcode = EXIT_FAILURE;
980
goto end;
981
} else {
982
gpgme_initalized = true;
732
983
}
733
984
734
985
if_index = (AvahiIfIndex) if_nametoindex(interface);
743
994
char *address = strrchr(connect_to, ':');
744
995
if(address == NULL){
745
996
fprintf(stderr, "No colon in address\n");
746
exit(EXIT_FAILURE);
997
exitcode = EXIT_FAILURE;
998
goto end;
747
999
}
748
1000
errno = 0;
749
1001
uint16_t port = (uint16_t) strtol(address+1, NULL, 10);
750
1002
if(errno){
751
1003
perror("Bad port number");
752
exit(EXIT_FAILURE);
1004
exitcode = EXIT_FAILURE;
1005
goto end;
753
1006
}
754
1007
*address = '\0';
755
1008
address = connect_to;
756
1009
ret = start_mandos_communication(address, port, if_index, &mc);
757
1010
if(ret < 0){
758
exit(EXIT_FAILURE);
1011
exitcode = EXIT_FAILURE;
759
1012
} else {
760
exit(EXIT_SUCCESS);
761
}
762
}
763
764
sd = socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP);
765
if(sd < 0) {
766
perror("socket");
767
returncode = EXIT_FAILURE;
768
goto exit;
769
}
770
strcpy(network.ifr_name, interface); /* Spurious warning */
771
ret = ioctl(sd, SIOCGIFFLAGS, &network);
772
if(ret == -1){
773
774
perror("ioctl SIOCGIFFLAGS");
775
returncode = EXIT_FAILURE;
776
goto exit;
777
}
778
if((network.ifr_flags & IFF_UP) == 0){
779
network.ifr_flags |= IFF_UP;
780
ret = ioctl(sd, SIOCSIFFLAGS, &network);
781
if(ret == -1){
782
perror("ioctl SIOCSIFFLAGS");
783
returncode = EXIT_FAILURE;
784
goto exit;
785
}
786
}
787
close(sd);
1013
exitcode = EXIT_SUCCESS;
1014
}
1015
goto end;
1016
}
788
1017
789
1018
if (not debug){
790
1019
avahi_set_log_function(empty_log);
791
1020
}
792
1021
793
/* Initialize the psuedo-RNG */
1022
/* Initialize the pseudo-RNG for Avahi */
794
1023
srand((unsigned int) time(NULL));
795
796
/* Allocate main loop object */
797
if (!(mc.simple_poll = avahi_simple_poll_new())) {
798
fprintf(stderr, "Failed to create simple poll object.\n");
799
returncode = EXIT_FAILURE;
800
goto exit;
801
}
802
803
/* Do not publish any local records */
804
avahi_server_config_init(&config);
805
config.publish_hinfo = 0;
806
config.publish_addresses = 0;
807
config.publish_workstation = 0;
808
config.publish_domain = 0;
809
810
/* Allocate a new server */
811
mc.server=avahi_server_new(avahi_simple_poll_get(mc.simple_poll),
812
&config, NULL, NULL, &error);
813
814
/* Free the configuration data */
815
avahi_server_config_free(&config);
816
817
/* Check if creating the server object succeeded */
818
if (!mc.server) {
819
fprintf(stderr, "Failed to create server: %s\n",
1024
1025
/* Allocate main Avahi loop object */
1026
mc.simple_poll = avahi_simple_poll_new();
1027
if (mc.simple_poll == NULL) {
1028
fprintf(stderr, "Avahi: Failed to create simple poll"
1029
" object.\n");
1030
exitcode = EXIT_FAILURE;
1031
goto end;
1032
}
1033
1034
{
1035
AvahiServerConfig config;
1036
/* Do not publish any local Zeroconf records */
1037
avahi_server_config_init(&config);
1038
config.publish_hinfo = 0;
1039
config.publish_addresses = 0;
1040
config.publish_workstation = 0;
1041
config.publish_domain = 0;
1042
1043
/* Allocate a new server */
1044
mc.server = avahi_server_new(avahi_simple_poll_get
1045
(mc.simple_poll), &config, NULL,
1046
NULL, &error);
1047
1048
/* Free the Avahi configuration data */
1049
avahi_server_config_free(&config);
1050
}
1051
1052
/* Check if creating the Avahi server object succeeded */
1053
if (mc.server == NULL) {
1054
fprintf(stderr, "Failed to create Avahi server: %s\n",
820
1055
avahi_strerror(error));
821
returncode = EXIT_FAILURE;
822
goto exit;
1056
exitcode = EXIT_FAILURE;
1057
goto end;
823
1058
}
824
1059
825
/* Create the service browser */
1060
/* Create the Avahi service browser */
826
1061
sb = avahi_s_service_browser_new(mc.server, if_index,
827
1062
AVAHI_PROTO_INET6,
828
1063
"_mandos._tcp", NULL, 0,
829
1064
browse_callback, &mc);
830
if (!sb) {
1065
if (sb == NULL) {
831
1066
fprintf(stderr, "Failed to create service browser: %s\n",
832
1067
avahi_strerror(avahi_server_errno(mc.server)));
833
returncode = EXIT_FAILURE;
834
goto exit;
1068
exitcode = EXIT_FAILURE;
1069
goto end;
835
1070
}
836
1071
837
1072
/* Run the main loop */
838
1073
839
1074
if (debug){
840
fprintf(stderr, "Starting avahi loop search\n");
1075
fprintf(stderr, "Starting Avahi loop search\n");
841
1076
}
842
1077
843
1078
avahi_simple_poll_loop(mc.simple_poll);
844
1079
845
exit:
846
1080
end:
1081
847
1082
if (debug){
848
1083
fprintf(stderr, "%s exiting\n", argv[0]);
849
1084
}
850
1085
851
1086
/* Cleanup things */
852
if (sb)
1087
if (sb != NULL)
853
1088
avahi_s_service_browser_free(sb);
854
1089
855
if (mc.server)
1090
if (mc.server != NULL)
856
1091
avahi_server_free(mc.server);
857
858
if (mc.simple_poll)
1092
1093
if (mc.simple_poll != NULL)
859
1094
avahi_simple_poll_free(mc.simple_poll);
860
free(pubkeyfile);
861
free(seckeyfile);
862
863
return returncode;
1095
1096
if (gnutls_initalized){
1097
gnutls_certificate_free_credentials(mc.cred);
1098
gnutls_global_deinit ();
1099
gnutls_dh_params_deinit(mc.dh_params);
1100
}
1101
1102
if(gpgme_initalized){
1103
gpgme_release(mc.ctx);
1104
}
1105
1106
/* Removes the temp directory used by GPGME */
1107
if(tempdir[0] != '\0'){
1108
DIR *d;
1109
struct dirent *direntry;
1110
d = opendir(tempdir);
1111
if(d == NULL){
1112
perror("opendir");
1113
} else {
1114
while(true){
1115
direntry = readdir(d);
1116
if(direntry == NULL){
1117
break;
1118
}
1119
if (direntry->d_type == DT_REG){
1120
char *fullname = NULL;
1121
ret = asprintf(&fullname, "%s/%s", tempdir,
1122
direntry->d_name);
1123
if(ret < 0){
1124
perror("asprintf");
1125
continue;
1126
}
1127
ret = unlink(fullname);
1128
if(ret == -1){
1129
fprintf(stderr, "unlink(\"%s\"): %s",
1130
fullname, strerror(errno));
1131
}
1132
free(fullname);
1133
}
1134
}
1135
closedir(d);
1136
}
1137
ret = rmdir(tempdir);
1138
if(ret == -1){
1139
perror("rmdir");
1140
}
1141
}
1142
1143
return exitcode;
864
1144
}
Loggerhead is a web-based interface for Breezy
Version: 2.0.2.dev0