To get this branch, use:
bzr branch
http://bzr.recompile.se/loggerhead/mandos/release
« back to all changes in this revision
Viewing changes to plugins.d/mandosclient.c
- browse files at revision 24.1.15
- compare with another revision
- download diff
- download tarball
- view history from revision 24.1.15
- Committer: Björn Påhlsson
- Date: 2008-08-04 15:50:45 UTC
- mfrom: (41 mandos)
- mto: (237.7.1 mandos) (24.1.154 mandos)
- mto: This revision was merged to the branch mainline in revision 42.
- Revision ID: belorn@braxen-20080804155045-gnodwjn34v0a2vhr
merge
- files added:
- ca.pem
- files removed:
- network-protocol.txt
- files renamed:
- mandos-client.c => plugbasedclient.c
- plugins.d/password-request.c => plugins.d/mandosclient.c
- plugins.d/password-prompt.c => plugins.d/passprompt.c
- mandos.conf => server.conf
- mandos => server.py
- files modified:
- Makefile
added
removed
plugins.d/mandosclient.c
75
75
#define BUFFER_SIZE 256
76
76
77
77
bool debug = false;
78
static const char *keydir = "/conf/conf.d/mandos";
79
static const char mandos_protocol_version[] = "1";
78
const char *keydir = "/conf/conf.d/mandos";
80
79
const char *argp_program_version = "mandosclient 0.9";
81
80
const char *argp_program_bug_address = "<mandos@fukt.bsnet.se>";
81
const char mandos_protocol_version[] = "1";
82
82
83
/* Used for passing in values through the Avahi callback functions */
83
/* Used for passing in values through all the callback functions */
84
84
typedef struct {
85
85
AvahiSimplePoll *simple_poll;
86
86
AvahiServer *server;
90
90
const char *priority;
91
91
} mandos_context;
92
92
93
/*
94
* Make room in "buffer" for at least BUFFER_SIZE additional bytes.
95
* "buffer_capacity" is how much is currently allocated,
96
* "buffer_length" is how much is already used.
97
*/
98
93
size_t adjustbuffer(char **buffer, size_t buffer_length,
99
94
size_t buffer_capacity){
100
95
if (buffer_length + BUFFER_SIZE > buffer_capacity){
235
230
236
231
*plaintext = NULL;
237
232
while(true){
238
plaintext_capacity = adjustbuffer(plaintext,
239
(size_t)plaintext_length,
233
plaintext_capacity = adjustbuffer(plaintext, (size_t)plaintext_length,
240
234
plaintext_capacity);
241
235
if (plaintext_capacity == 0){
242
236
perror("adjustbuffer");
319
313
!= GNUTLS_E_SUCCESS) {
320
314
fprintf (stderr, "GnuTLS memory error: %s\n",
321
315
safer_gnutls_strerror(ret));
322
gnutls_global_deinit ();
323
316
return -1;
324
317
}
325
318
337
330
" '%s')\n", ret, pubkeyfile, seckeyfile);
338
331
fprintf(stdout, "The GnuTLS error is: %s\n",
339
332
safer_gnutls_strerror(ret));
340
goto globalfail;
333
return -1;
341
334
}
342
335
343
336
/* GnuTLS server initialization */
345
338
if (ret != GNUTLS_E_SUCCESS) {
346
339
fprintf (stderr, "Error in GnuTLS DH parameter initialization:"
347
340
" %s\n", safer_gnutls_strerror(ret));
348
goto globalfail;
341
return -1;
349
342
}
350
343
ret = gnutls_dh_params_generate2(mc->dh_params, mc->dh_bits);
351
344
if (ret != GNUTLS_E_SUCCESS) {
352
345
fprintf (stderr, "Error in GnuTLS prime generation: %s\n",
353
346
safer_gnutls_strerror(ret));
354
goto globalfail;
347
return -1;
355
348
}
356
349
357
350
gnutls_certificate_set_dh_params(mc->cred, mc->dh_params);
358
351
359
352
return 0;
360
361
globalfail:
362
363
gnutls_certificate_free_credentials (mc->cred);
364
gnutls_global_deinit ();
365
return -1;
366
367
353
}
368
354
369
static int init_gnutls_session(mandos_context *mc,
370
gnutls_session_t *session){
355
static int init_gnutls_session(mandos_context *mc, gnutls_session_t *session){
371
356
int ret;
372
357
/* GnuTLS session creation */
373
358
ret = gnutls_init(session, GNUTLS_SERVER);
383
368
fprintf(stderr, "Syntax error at: %s\n", err);
384
369
fprintf(stderr, "GnuTLS error: %s\n",
385
370
safer_gnutls_strerror(ret));
386
gnutls_deinit (*session);
387
371
return -1;
388
372
}
389
373
}
393
377
if (ret != GNUTLS_E_SUCCESS) {
394
378
fprintf(stderr, "Error setting GnuTLS credentials: %s\n",
395
379
safer_gnutls_strerror(ret));
396
gnutls_deinit (*session);
397
380
return -1;
398
381
}
399
382
415
398
AvahiIfIndex if_index,
416
399
mandos_context *mc){
417
400
int ret, tcp_sd;
418
union { struct sockaddr in; struct sockaddr_in6 in6; } to;
401
struct sockaddr_in6 to;
419
402
char *buffer = NULL;
420
403
char *decrypted_buffer;
421
404
size_t buffer_length = 0;
425
408
int retval = 0;
426
409
char interface[IF_NAMESIZE];
427
410
gnutls_session_t session;
411
gnutls_dh_params_t dh_params;
428
412
429
413
ret = init_gnutls_session (mc, &session);
430
414
if (ret != 0){
451
435
}
452
436
453
437
memset(&to,0,sizeof(to)); /* Spurious warning */
454
to.in6.sin6_family = AF_INET6;
438
to.sin6_family = AF_INET6;
455
439
/* It would be nice to have a way to detect if we were passed an
456
440
IPv4 address here. Now we assume an IPv6 address. */
457
ret = inet_pton(AF_INET6, ip, &to.in6.sin6_addr);
441
ret = inet_pton(AF_INET6, ip, &to.sin6_addr);
458
442
if (ret < 0 ){
459
443
perror("inet_pton");
460
444
return -1;
463
447
fprintf(stderr, "Bad address: %s\n", ip);
464
448
return -1;
465
449
}
466
to.in6.sin6_port = htons(port); /* Spurious warning */
450
to.sin6_port = htons(port); /* Spurious warning */
467
451
468
to.in6.sin6_scope_id = (uint32_t)if_index;
452
to.sin6_scope_id = (uint32_t)if_index;
469
453
470
454
if(debug){
471
455
fprintf(stderr, "Connection to: %s, port %d\n", ip, port);
472
456
char addrstr[INET6_ADDRSTRLEN] = "";
473
if(inet_ntop(to.in6.sin6_family, &(to.in6.sin6_addr), addrstr,
457
if(inet_ntop(to.sin6_family, &(to.sin6_addr), addrstr,
474
458
sizeof(addrstr)) == NULL){
475
459
perror("inet_ntop");
476
460
} else {
480
464
}
481
465
}
482
466
483
ret = connect(tcp_sd, &to.in, sizeof(to));
467
ret = connect(tcp_sd, (struct sockaddr *) &to, sizeof(to));
484
468
if (ret < 0){
485
469
perror("connect");
486
470
return -1;
535
519
}
536
520
537
521
while(true){
538
buffer_capacity = adjustbuffer(&buffer, buffer_length,
539
buffer_capacity);
522
buffer_capacity = adjustbuffer(&buffer, buffer_length, buffer_capacity);
540
523
if (buffer_capacity == 0){
541
524
perror("adjustbuffer");
542
525
retval = -1;
613
596
free(buffer);
614
597
close(tcp_sd);
615
598
gnutls_deinit (session);
599
gnutls_certificate_free_credentials (mc->cred);
600
gnutls_global_deinit ();
616
601
return retval;
617
602
}
618
603
749
734
const char *seckeyfile = "seckey.txt";
750
735
mandos_context mc = { .simple_poll = NULL, .server = NULL,
751
736
.dh_bits = 1024, .priority = "SECURE256"};
752
bool gnutls_initalized = false;
753
737
754
738
{
755
739
struct argp_option options[] = {
757
741
.doc = "Debug mode", .group = 3 },
758
742
{ .name = "connect", .key = 'c',
759
743
.arg = "IP",
760
.doc = "Connect directly to a sepcified mandos server",
761
.group = 1 },
744
.doc = "Connect directly to a sepcified mandos server", .group = 1 },
762
745
{ .name = "interface", .key = 'i',
763
746
.arg = "INTERFACE",
764
.doc = "Interface that Avahi will conntect through",
765
.group = 1 },
747
.doc = "Interface that Avahi will conntect through", .group = 1 },
766
748
{ .name = "keydir", .key = 'd',
767
749
.arg = "KEYDIR",
768
.doc = "Directory where the openpgp keyring is",
769
.group = 1 },
750
.doc = "Directory where the openpgp keyring is", .group = 1 },
770
751
{ .name = "seckey", .key = 's',
771
752
.arg = "SECKEY",
772
.doc = "Secret openpgp key for gnutls authentication",
773
.group = 1 },
753
.doc = "Secret openpgp key for gnutls authentication", .group = 1 },
774
754
{ .name = "pubkey", .key = 'p',
775
755
.arg = "PUBKEY",
776
.doc = "Public openpgp key for gnutls authentication",
777
.group = 2 },
756
.doc = "Public openpgp key for gnutls authentication", .group = 2 },
778
757
{ .name = "dh-bits", .key = 129,
779
758
.arg = "BITS",
780
.doc = "dh-bits to use in gnutls communication",
781
.group = 2 },
759
.doc = "dh-bits to use in gnutls communication", .group = 2 },
782
760
{ .name = "priority", .key = 130,
783
761
.arg = "PRIORITY",
784
762
.doc = "GNUTLS priority", .group = 1 },
786
764
};
787
765
788
766
789
error_t parse_opt (int key, char *arg,
790
struct argp_state *state) {
791
/* Get the INPUT argument from `argp_parse', which we know is
792
a pointer to our plugin list pointer. */
767
error_t parse_opt (int key, char *arg, struct argp_state *state) {
768
/* Get the INPUT argument from `argp_parse', which we know is a
769
pointer to our plugin list pointer. */
793
770
switch (key) {
794
771
case 128:
795
772
debug = true;
833
810
834
811
struct argp argp = { .options = options, .parser = parse_opt,
835
812
.args_doc = "",
836
.doc = "Mandos client -- Get and decrypt"
837
" passwords from mandos server" };
813
.doc = "Mandos client -- Get and decrypt passwords from mandos server" };
838
814
argp_parse (&argp, argc, argv, 0, 0, NULL);
839
815
}
840
816
855
831
if (ret == -1){
856
832
fprintf(stderr, "init_gnutls_global\n");
857
833
goto end;
858
} else {
859
gnutls_initalized = true;
860
834
}
861
835
862
836
uid = getuid();
1011
985
avahi_simple_poll_free(mc.simple_poll);
1012
986
free(pubkeyfile);
1013
987
free(seckeyfile);
1014
1015
if (gnutls_initalized){
1016
gnutls_certificate_free_credentials (mc.cred);
1017
gnutls_global_deinit ();
1018
}
1019
988
1020
989
return exitcode;
1021
990
}
Loggerhead is a web-based interface for Breezy
Version: 2.0.2.dev0