To get this branch, use:
bzr branch
http://bzr.recompile.se/loggerhead/mandos/release
« back to all changes in this revision
Viewing changes to plugins.d/mandosclient.c
- browse files at revision 24.1.17
- compare with another revision
- download diff
- download tarball
- view history from revision 24.1.17
- Committer: Björn Påhlsson
- Date: 2008-08-04 16:23:54 UTC
- mto: (237.7.1 mandos) (24.1.154 mandos)
- mto: This revision was merged to the branch mainline in revision 44.
- Revision ID: belorn@braxen-20080804162354-xi1jjin1b7pavc74
passprompt
Using argp instead off getopt
Using argp instead off getopt
- files modified:
- TODO
added
removed
plugins.d/mandosclient.c
32
32
#define _LARGEFILE_SOURCE
33
33
#define _FILE_OFFSET_BITS 64
34
34
35
#define _GNU_SOURCE /* TEMP_FAILURE_RETRY() */
36
35
37
#include <stdio.h>
36
38
#include <assert.h>
37
39
#include <stdlib.h>
49
51
#include <avahi-common/malloc.h>
50
52
#include <avahi-common/error.h>
51
53
52
//mandos client part
54
/* Mandos client part */
53
55
#include <sys/types.h> /* socket(), inet_pton() */
54
56
#include <sys/socket.h> /* socket(), struct sockaddr_in6,
55
57
struct in6_addr, inet_pton() */
62
64
#include <string.h> /* memset */
63
65
#include <arpa/inet.h> /* inet_pton() */
64
66
#include <iso646.h> /* not */
65
66
// gpgme
67
#include <net/if.h> /* IF_NAMESIZE */
68
#include <argp.h> /* struct argp_option,
69
struct argp_state, struct argp,
70
argp_parse() */
71
/* GPGME */
67
72
#include <errno.h> /* perror() */
68
73
#include <gpgme.h>
69
74
70
// getopt_long
71
#include <getopt.h>
72
73
75
#define BUFFER_SIZE 256
74
76
77
bool debug = false;
75
78
static const char *keydir = "/conf/conf.d/mandos";
76
static const char *pubkeyfile = "pubkey.txt";
77
static const char *seckeyfile = "seckey.txt";
78
79
bool debug = false;
80
81
/* Used for passing in values through all the callback functions */
79
const char *argp_program_version = "mandosclient 0.9";
80
const char *argp_program_bug_address = "<mandos@fukt.bsnet.se>";
81
static const char mandos_protocol_version[] = "1";
82
83
/* Used for passing in values through the Avahi callback functions */
82
84
typedef struct {
83
85
AvahiSimplePoll *simple_poll;
84
86
AvahiServer *server;
85
87
gnutls_certificate_credentials_t cred;
86
88
unsigned int dh_bits;
89
gnutls_dh_params_t dh_params;
87
90
const char *priority;
88
91
} mandos_context;
89
92
93
/* Make room in "buffer" for at least BUFFER_SIZE additional bytes.
94
* "buffer_capacity" is how much is currently allocated,
95
* "buffer_length" is how much is already used. */
96
size_t adjustbuffer(char **buffer, size_t buffer_length,
97
size_t buffer_capacity){
98
if (buffer_length + BUFFER_SIZE > buffer_capacity){
99
*buffer = realloc(*buffer, buffer_capacity + BUFFER_SIZE);
100
if (buffer == NULL){
101
return 0;
102
}
103
buffer_capacity += BUFFER_SIZE;
104
}
105
return buffer_capacity;
106
}
107
90
108
/*
91
109
* Decrypt OpenPGP data using keyrings in HOMEDIR.
92
110
* Returns -1 on error
99
117
gpgme_ctx_t ctx;
100
118
gpgme_error_t rc;
101
119
ssize_t ret;
102
ssize_t plaintext_capacity = 0;
120
size_t plaintext_capacity = 0;
103
121
ssize_t plaintext_length = 0;
104
122
gpgme_engine_info_t engine_info;
105
123
215
233
216
234
*plaintext = NULL;
217
235
while(true){
218
if (plaintext_length + BUFFER_SIZE > plaintext_capacity){
219
*plaintext = realloc(*plaintext,
220
(unsigned int)plaintext_capacity
221
+ BUFFER_SIZE);
222
if (*plaintext == NULL){
223
perror("realloc");
236
plaintext_capacity = adjustbuffer(plaintext,
237
(size_t)plaintext_length,
238
plaintext_capacity);
239
if (plaintext_capacity == 0){
240
perror("adjustbuffer");
224
241
plaintext_length = -1;
225
242
goto decrypt_end;
226
}
227
plaintext_capacity += BUFFER_SIZE;
228
243
}
229
244
230
245
ret = gpgme_data_read(dh_plain, *plaintext + plaintext_length,
244
259
245
260
if(debug){
246
261
fprintf(stderr, "Decrypted password is: ");
247
for(size_t i = 0; i < plaintext_length; i++){
262
for(ssize_t i = 0; i < plaintext_length; i++){
248
263
fprintf(stderr, "%02hhX ", (*plaintext)[i]);
249
264
}
250
265
fprintf(stderr, "\n");
267
282
return ret;
268
283
}
269
284
285
/* GnuTLS log function callback */
270
286
static void debuggnutls(__attribute__((unused)) int level,
271
287
const char* string){
272
fprintf(stderr, "%s", string);
288
fprintf(stderr, "GnuTLS: %s", string);
273
289
}
274
290
275
static int initgnutls(mandos_context *mc, gnutls_session_t *session,
276
gnutls_dh_params_t *dh_params){
277
const char *err;
291
static int init_gnutls_global(mandos_context *mc,
292
const char *pubkeyfile,
293
const char *seckeyfile){
278
294
int ret;
279
295
280
296
if(debug){
283
299
284
300
if ((ret = gnutls_global_init ())
285
301
!= GNUTLS_E_SUCCESS) {
286
fprintf (stderr, "global_init: %s\n", safer_gnutls_strerror(ret));
302
fprintf (stderr, "GnuTLS global_init: %s\n",
303
safer_gnutls_strerror(ret));
287
304
return -1;
288
305
}
289
306
290
307
if (debug){
308
/* "Use a log level over 10 to enable all debugging options."
309
* - GnuTLS manual
310
*/
291
311
gnutls_global_set_log_level(11);
292
312
gnutls_global_set_log_function(debuggnutls);
293
313
}
294
314
295
/* openpgp credentials */
315
/* OpenPGP credentials */
296
316
if ((ret = gnutls_certificate_allocate_credentials (&mc->cred))
297
317
!= GNUTLS_E_SUCCESS) {
298
fprintf (stderr, "memory error: %s\n",
318
fprintf (stderr, "GnuTLS memory error: %s\n",
299
319
safer_gnutls_strerror(ret));
300
320
return -1;
301
321
}
309
329
ret = gnutls_certificate_set_openpgp_key_file
310
330
(mc->cred, pubkeyfile, seckeyfile, GNUTLS_OPENPGP_FMT_BASE64);
311
331
if (ret != GNUTLS_E_SUCCESS) {
312
fprintf
313
(stderr, "Error[%d] while reading the OpenPGP key pair ('%s',"
314
" '%s')\n",
315
ret, pubkeyfile, seckeyfile);
316
fprintf(stdout, "The Error is: %s\n",
332
fprintf(stderr,
333
"Error[%d] while reading the OpenPGP key pair ('%s',"
334
" '%s')\n", ret, pubkeyfile, seckeyfile);
335
fprintf(stdout, "The GnuTLS error is: %s\n",
317
336
safer_gnutls_strerror(ret));
318
337
return -1;
319
338
}
320
339
321
//GnuTLS server initialization
322
if ((ret = gnutls_dh_params_init(dh_params))
323
!= GNUTLS_E_SUCCESS) {
324
fprintf (stderr, "Error in dh parameter initialization: %s\n",
325
safer_gnutls_strerror(ret));
326
return -1;
327
}
328
329
if ((ret = gnutls_dh_params_generate2(*dh_params, mc->dh_bits))
330
!= GNUTLS_E_SUCCESS) {
331
fprintf (stderr, "Error in prime generation: %s\n",
332
safer_gnutls_strerror(ret));
333
return -1;
334
}
335
336
gnutls_certificate_set_dh_params(mc->cred, *dh_params);
337
338
// GnuTLS session creation
339
if ((ret = gnutls_init(session, GNUTLS_SERVER))
340
!= GNUTLS_E_SUCCESS){
340
/* GnuTLS server initialization */
341
ret = gnutls_dh_params_init(&mc->dh_params);
342
if (ret != GNUTLS_E_SUCCESS) {
343
fprintf (stderr, "Error in GnuTLS DH parameter initialization:"
344
" %s\n", safer_gnutls_strerror(ret));
345
return -1;
346
}
347
ret = gnutls_dh_params_generate2(mc->dh_params, mc->dh_bits);
348
if (ret != GNUTLS_E_SUCCESS) {
349
fprintf (stderr, "Error in GnuTLS prime generation: %s\n",
350
safer_gnutls_strerror(ret));
351
return -1;
352
}
353
354
gnutls_certificate_set_dh_params(mc->cred, mc->dh_params);
355
356
return 0;
357
}
358
359
static int init_gnutls_session(mandos_context *mc,
360
gnutls_session_t *session){
361
int ret;
362
/* GnuTLS session creation */
363
ret = gnutls_init(session, GNUTLS_SERVER);
364
if (ret != GNUTLS_E_SUCCESS){
341
365
fprintf(stderr, "Error in GnuTLS session initialization: %s\n",
342
366
safer_gnutls_strerror(ret));
343
367
}
344
368
345
if ((ret = gnutls_priority_set_direct(*session, mc->priority, &err))
346
!= GNUTLS_E_SUCCESS) {
347
fprintf(stderr, "Syntax error at: %s\n", err);
348
fprintf(stderr, "GnuTLS error: %s\n",
349
safer_gnutls_strerror(ret));
350
return -1;
369
{
370
const char *err;
371
ret = gnutls_priority_set_direct(*session, mc->priority, &err);
372
if (ret != GNUTLS_E_SUCCESS) {
373
fprintf(stderr, "Syntax error at: %s\n", err);
374
fprintf(stderr, "GnuTLS error: %s\n",
375
safer_gnutls_strerror(ret));
376
return -1;
377
}
351
378
}
352
379
353
if ((ret = gnutls_credentials_set(*session, GNUTLS_CRD_CERTIFICATE,
354
mc->cred))
355
!= GNUTLS_E_SUCCESS) {
356
fprintf(stderr, "Error setting a credentials set: %s\n",
380
ret = gnutls_credentials_set(*session, GNUTLS_CRD_CERTIFICATE,
381
mc->cred);
382
if (ret != GNUTLS_E_SUCCESS) {
383
fprintf(stderr, "Error setting GnuTLS credentials: %s\n",
357
384
safer_gnutls_strerror(ret));
358
385
return -1;
359
386
}
367
394
return 0;
368
395
}
369
396
397
/* Avahi log function callback */
370
398
static void empty_log(__attribute__((unused)) AvahiLogLevel level,
371
399
__attribute__((unused)) const char *txt){}
372
400
401
/* Called when a Mandos server is found */
373
402
static int start_mandos_communication(const char *ip, uint16_t port,
374
403
AvahiIfIndex if_index,
375
404
mandos_context *mc){
376
405
int ret, tcp_sd;
377
struct sockaddr_in6 to;
406
union { struct sockaddr in; struct sockaddr_in6 in6; } to;
378
407
char *buffer = NULL;
379
408
char *decrypted_buffer;
380
409
size_t buffer_length = 0;
381
410
size_t buffer_capacity = 0;
382
411
ssize_t decrypted_buffer_size;
383
size_t written = 0;
412
size_t written;
384
413
int retval = 0;
385
414
char interface[IF_NAMESIZE];
386
415
gnutls_session_t session;
387
gnutls_dh_params_t dh_params;
416
417
ret = init_gnutls_session (mc, &session);
418
if (ret != 0){
419
return -1;
420
}
388
421
389
422
if(debug){
390
423
fprintf(stderr, "Setting up a tcp connection to %s, port %d\n",
406
439
}
407
440
408
441
memset(&to,0,sizeof(to)); /* Spurious warning */
409
to.sin6_family = AF_INET6;
410
ret = inet_pton(AF_INET6, ip, &to.sin6_addr);
442
to.in6.sin6_family = AF_INET6;
443
/* It would be nice to have a way to detect if we were passed an
444
IPv4 address here. Now we assume an IPv6 address. */
445
ret = inet_pton(AF_INET6, ip, &to.in6.sin6_addr);
411
446
if (ret < 0 ){
412
447
perror("inet_pton");
413
448
return -1;
416
451
fprintf(stderr, "Bad address: %s\n", ip);
417
452
return -1;
418
453
}
419
to.sin6_port = htons(port); /* Spurious warning */
454
to.in6.sin6_port = htons(port); /* Spurious warning */
420
455
421
to.sin6_scope_id = (uint32_t)if_index;
456
to.in6.sin6_scope_id = (uint32_t)if_index;
422
457
423
458
if(debug){
424
459
fprintf(stderr, "Connection to: %s, port %d\n", ip, port);
425
460
char addrstr[INET6_ADDRSTRLEN] = "";
426
if(inet_ntop(to.sin6_family, &(to.sin6_addr), addrstr,
461
if(inet_ntop(to.in6.sin6_family, &(to.in6.sin6_addr), addrstr,
427
462
sizeof(addrstr)) == NULL){
428
463
perror("inet_ntop");
429
464
} else {
433
468
}
434
469
}
435
470
436
ret = connect(tcp_sd, (struct sockaddr *) &to, sizeof(to));
471
ret = connect(tcp_sd, &to.in, sizeof(to));
437
472
if (ret < 0){
438
473
perror("connect");
439
474
return -1;
440
475
}
441
442
ret = initgnutls (mc, &session, &dh_params);
443
if (ret != 0){
444
retval = -1;
445
return -1;
476
477
const char *out = mandos_protocol_version;
478
written = 0;
479
while (true){
480
size_t out_size = strlen(out);
481
ret = TEMP_FAILURE_RETRY(write(tcp_sd, out + written,
482
out_size - written));
483
if (ret == -1){
484
perror("write");
485
retval = -1;
486
goto mandos_end;
487
}
488
written += (size_t)ret;
489
if(written < out_size){
490
continue;
491
} else {
492
if (out == mandos_protocol_version){
493
written = 0;
494
out = "\r\n";
495
} else {
496
break;
497
}
498
}
499
}
500
501
if(debug){
502
fprintf(stderr, "Establishing TLS session with %s\n", ip);
446
503
}
447
504
448
505
gnutls_transport_set_ptr (session, (gnutls_transport_ptr_t) tcp_sd);
449
506
450
if(debug){
451
fprintf(stderr, "Establishing TLS session with %s\n", ip);
452
}
453
454
507
ret = gnutls_handshake (session);
455
508
456
509
if (ret != GNUTLS_E_SUCCESS){
457
510
if(debug){
458
fprintf(stderr, "\n*** Handshake failed ***\n");
511
fprintf(stderr, "*** GnuTLS Handshake failed ***\n");
459
512
gnutls_perror (ret);
460
513
}
461
514
retval = -1;
462
goto exit;
515
goto mandos_end;
463
516
}
464
517
465
//Retrieve OpenPGP packet that contains the wanted password
518
/* Read OpenPGP packet that contains the wanted password */
466
519
467
520
if(debug){
468
521
fprintf(stderr, "Retrieving pgp encrypted password from %s\n",
470
523
}
471
524
472
525
while(true){
473
if (buffer_length + BUFFER_SIZE > buffer_capacity){
474
buffer = realloc(buffer, buffer_capacity + BUFFER_SIZE);
475
if (buffer == NULL){
476
perror("realloc");
477
goto exit;
478
}
479
buffer_capacity += BUFFER_SIZE;
526
buffer_capacity = adjustbuffer(&buffer, buffer_length,
527
buffer_capacity);
528
if (buffer_capacity == 0){
529
perror("adjustbuffer");
530
retval = -1;
531
goto mandos_end;
480
532
}
481
533
482
534
ret = gnutls_record_recv(session, buffer+buffer_length,
492
544
case GNUTLS_E_REHANDSHAKE:
493
545
ret = gnutls_handshake (session);
494
546
if (ret < 0){
495
fprintf(stderr, "\n*** Handshake failed ***\n");
547
fprintf(stderr, "*** GnuTLS Re-handshake failed ***\n");
496
548
gnutls_perror (ret);
497
549
retval = -1;
498
goto exit;
550
goto mandos_end;
499
551
}
500
552
break;
501
553
default:
502
554
fprintf(stderr, "Unknown error while reading data from"
503
" encrypted session with mandos server\n");
555
" encrypted session with Mandos server\n");
504
556
retval = -1;
505
557
gnutls_bye (session, GNUTLS_SHUT_RDWR);
506
goto exit;
558
goto mandos_end;
507
559
}
508
560
} else {
509
561
buffer_length += (size_t) ret;
510
562
}
511
563
}
512
564
565
if(debug){
566
fprintf(stderr, "Closing TLS session\n");
567
}
568
569
gnutls_bye (session, GNUTLS_SHUT_RDWR);
570
513
571
if (buffer_length > 0){
514
572
decrypted_buffer_size = pgp_packet_decrypt(buffer,
515
573
buffer_length,
516
574
&decrypted_buffer,
517
575
keydir);
518
576
if (decrypted_buffer_size >= 0){
577
written = 0;
519
578
while(written < (size_t) decrypted_buffer_size){
520
579
ret = (int)fwrite (decrypted_buffer + written, 1,
521
580
(size_t)decrypted_buffer_size - written,
535
594
retval = -1;
536
595
}
537
596
}
538
539
//shutdown procedure
540
541
if(debug){
542
fprintf(stderr, "Closing TLS session\n");
543
}
544
597
598
/* Shutdown procedure */
599
600
mandos_end:
545
601
free(buffer);
546
gnutls_bye (session, GNUTLS_SHUT_RDWR);
547
exit:
548
602
close(tcp_sd);
549
603
gnutls_deinit (session);
550
604
gnutls_certificate_free_credentials (mc->cred);
575
629
switch (event) {
576
630
default:
577
631
case AVAHI_RESOLVER_FAILURE:
578
fprintf(stderr, "(Resolver) Failed to resolve service '%s' of"
579
" type '%s' in domain '%s': %s\n", name, type, domain,
632
fprintf(stderr, "(Avahi Resolver) Failed to resolve service '%s'"
633
" of type '%s' in domain '%s': %s\n", name, type, domain,
580
634
avahi_strerror(avahi_server_errno(mc->server)));
581
635
break;
582
636
585
639
char ip[AVAHI_ADDRESS_STR_MAX];
586
640
avahi_address_snprint(ip, sizeof(ip), address);
587
641
if(debug){
588
fprintf(stderr, "Mandos server \"%s\" found on %s (%s) on"
589
" port %d\n", name, host_name, ip, port);
642
fprintf(stderr, "Mandos server \"%s\" found on %s (%s, %d) on"
643
" port %d\n", name, host_name, ip, interface, port);
590
644
}
591
645
int ret = start_mandos_communication(ip, port, interface, mc);
592
646
if (ret == 0){
617
671
default:
618
672
case AVAHI_BROWSER_FAILURE:
619
673
620
fprintf(stderr, "(Browser) %s\n",
674
fprintf(stderr, "(Avahi browser) %s\n",
621
675
avahi_strerror(avahi_server_errno(mc->server)));
622
676
avahi_simple_poll_quit(mc->simple_poll);
623
677
return;
624
678
625
679
case AVAHI_BROWSER_NEW:
626
/* We ignore the returned resolver object. In the callback
627
function we free it. If the server is terminated before
628
the callback function is called the server will free
629
the resolver for us. */
680
/* We ignore the returned Avahi resolver object. In the callback
681
function we free it. If the Avahi server is terminated before
682
the callback function is called the Avahi server will free the
683
resolver for us. */
630
684
631
685
if (!(avahi_s_service_resolver_new(mc->server, interface,
632
686
protocol, name, type, domain,
633
687
AVAHI_PROTO_INET6, 0,
634
688
resolve_callback, mc)))
635
fprintf(stderr, "Failed to resolve service '%s': %s\n", name,
636
avahi_strerror(avahi_server_errno(mc->server)));
689
fprintf(stderr, "Avahi: Failed to resolve service '%s': %s\n",
690
name, avahi_strerror(avahi_server_errno(mc->server)));
637
691
break;
638
692
639
693
case AVAHI_BROWSER_REMOVE:
641
695
642
696
case AVAHI_BROWSER_ALL_FOR_NOW:
643
697
case AVAHI_BROWSER_CACHE_EXHAUSTED:
698
if(debug){
699
fprintf(stderr, "No Mandos server found, still searching...\n");
700
}
644
701
break;
645
702
}
646
703
}
666
723
}
667
724
668
725
669
int main(AVAHI_GCC_UNUSED int argc, AVAHI_GCC_UNUSED char*argv[]) {
670
AvahiServerConfig config;
726
int main(int argc, char *argv[]){
671
727
AvahiSServiceBrowser *sb = NULL;
672
728
int error;
673
729
int ret;
674
int debug_int;
675
int returncode = EXIT_SUCCESS;
730
int exitcode = EXIT_SUCCESS;
676
731
const char *interface = "eth0";
677
732
struct ifreq network;
678
733
int sd;
734
uid_t uid;
735
gid_t gid;
679
736
char *connect_to = NULL;
680
737
AvahiIfIndex if_index = AVAHI_IF_UNSPEC;
738
const char *pubkeyfile = "pubkey.txt";
739
const char *seckeyfile = "seckey.txt";
681
740
mandos_context mc = { .simple_poll = NULL, .server = NULL,
682
741
.dh_bits = 1024, .priority = "SECURE256"};
683
742
684
debug_int = debug ? 1 : 0;
685
while (true){
686
struct option long_options[] = {
687
{"debug", no_argument, &debug_int, 1},
688
{"connect", required_argument, NULL, 'c'},
689
{"interface", required_argument, NULL, 'i'},
690
{"keydir", required_argument, NULL, 'd'},
691
{"seckey", required_argument, NULL, 's'},
692
{"pubkey", required_argument, NULL, 'p'},
693
{"dh-bits", required_argument, NULL, 'D'},
694
{"priority", required_argument, NULL, 'P'},
695
{0, 0, 0, 0} };
696
697
int option_index = 0;
698
ret = getopt_long (argc, argv, "i:", long_options,
699
&option_index);
700
701
if (ret == -1){
702
break;
703
}
704
705
switch(ret){
706
case 0:
707
break;
708
case 'i':
709
interface = optarg;
710
break;
711
case 'c':
712
connect_to = optarg;
713
break;
714
case 'd':
715
keydir = optarg;
716
break;
717
case 'p':
718
pubkeyfile = optarg;
719
break;
720
case 's':
721
seckeyfile = optarg;
722
break;
723
case 'D':
724
errno = 0;
725
mc.dh_bits = (unsigned int) strtol(optarg, NULL, 10);
726
if (errno){
727
perror("strtol");
728
exit(EXIT_FAILURE);
743
{
744
struct argp_option options[] = {
745
{ .name = "debug", .key = 128,
746
.doc = "Debug mode", .group = 3 },
747
{ .name = "connect", .key = 'c',
748
.arg = "IP",
749
.doc = "Connect directly to a sepcified mandos server",
750
.group = 1 },
751
{ .name = "interface", .key = 'i',
752
.arg = "INTERFACE",
753
.doc = "Interface that Avahi will conntect through",
754
.group = 1 },
755
{ .name = "keydir", .key = 'd',
756
.arg = "KEYDIR",
757
.doc = "Directory where the openpgp keyring is",
758
.group = 1 },
759
{ .name = "seckey", .key = 's',
760
.arg = "SECKEY",
761
.doc = "Secret openpgp key for gnutls authentication",
762
.group = 1 },
763
{ .name = "pubkey", .key = 'p',
764
.arg = "PUBKEY",
765
.doc = "Public openpgp key for gnutls authentication",
766
.group = 2 },
767
{ .name = "dh-bits", .key = 129,
768
.arg = "BITS",
769
.doc = "dh-bits to use in gnutls communication",
770
.group = 2 },
771
{ .name = "priority", .key = 130,
772
.arg = "PRIORITY",
773
.doc = "GNUTLS priority", .group = 1 },
774
{ .name = NULL }
775
};
776
777
778
error_t parse_opt (int key, char *arg,
779
struct argp_state *state) {
780
/* Get the INPUT argument from `argp_parse', which we know is
781
a pointer to our plugin list pointer. */
782
switch (key) {
783
case 128:
784
debug = true;
785
break;
786
case 'c':
787
connect_to = arg;
788
break;
789
case 'i':
790
interface = arg;
791
break;
792
case 'd':
793
keydir = arg;
794
break;
795
case 's':
796
seckeyfile = arg;
797
break;
798
case 'p':
799
pubkeyfile = arg;
800
break;
801
case 129:
802
errno = 0;
803
mc.dh_bits = (unsigned int) strtol(arg, NULL, 10);
804
if (errno){
805
perror("strtol");
806
exit(EXIT_FAILURE);
807
}
808
break;
809
case 130:
810
mc.priority = arg;
811
break;
812
case ARGP_KEY_ARG:
813
argp_usage (state);
814
break;
815
case ARGP_KEY_END:
816
break;
817
default:
818
return ARGP_ERR_UNKNOWN;
729
819
}
730
break;
731
case 'P':
732
mc.priority = optarg;
733
break;
734
case '?':
735
default:
736
exit(EXIT_FAILURE);
820
return 0;
737
821
}
822
823
struct argp argp = { .options = options, .parser = parse_opt,
824
.args_doc = "",
825
.doc = "Mandos client -- Get and decrypt"
826
" passwords from mandos server" };
827
argp_parse (&argp, argc, argv, 0, 0, NULL);
738
828
}
739
debug = debug_int ? true : false;
740
829
741
830
pubkeyfile = combinepath(keydir, pubkeyfile);
742
831
if (pubkeyfile == NULL){
743
832
perror("combinepath");
744
returncode = EXIT_FAILURE;
745
goto exit;
833
exitcode = EXIT_FAILURE;
834
goto end;
746
835
}
747
836
748
837
seckeyfile = combinepath(keydir, seckeyfile);
749
838
if (seckeyfile == NULL){
750
839
perror("combinepath");
751
goto exit;
840
goto end;
841
}
842
843
ret = init_gnutls_global(&mc, pubkeyfile, seckeyfile);
844
if (ret == -1){
845
fprintf(stderr, "init_gnutls_global\n");
846
goto end;
847
}
848
849
uid = getuid();
850
gid = getgid();
851
852
ret = setuid(uid);
853
if (ret == -1){
854
perror("setuid");
855
}
856
857
setgid(gid);
858
if (ret == -1){
859
perror("setgid");
752
860
}
753
861
754
862
if_index = (AvahiIfIndex) if_nametoindex(interface);
763
871
char *address = strrchr(connect_to, ':');
764
872
if(address == NULL){
765
873
fprintf(stderr, "No colon in address\n");
766
exit(EXIT_FAILURE);
874
exitcode = EXIT_FAILURE;
875
goto end;
767
876
}
768
877
errno = 0;
769
878
uint16_t port = (uint16_t) strtol(address+1, NULL, 10);
770
879
if(errno){
771
880
perror("Bad port number");
772
exit(EXIT_FAILURE);
881
exitcode = EXIT_FAILURE;
882
goto end;
773
883
}
774
884
*address = '\0';
775
885
address = connect_to;
776
886
ret = start_mandos_communication(address, port, if_index, &mc);
777
887
if(ret < 0){
778
exit(EXIT_FAILURE);
888
exitcode = EXIT_FAILURE;
779
889
} else {
780
exit(EXIT_SUCCESS);
890
exitcode = EXIT_SUCCESS;
781
891
}
892
goto end;
782
893
}
783
894
784
sd = socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP);
785
if(sd < 0) {
786
perror("socket");
787
returncode = EXIT_FAILURE;
788
goto exit;
789
}
790
strcpy(network.ifr_name, interface); /* Spurious warning */
791
ret = ioctl(sd, SIOCGIFFLAGS, &network);
792
if(ret == -1){
793
794
perror("ioctl SIOCGIFFLAGS");
795
returncode = EXIT_FAILURE;
796
goto exit;
797
}
798
if((network.ifr_flags & IFF_UP) == 0){
799
network.ifr_flags |= IFF_UP;
800
ret = ioctl(sd, SIOCSIFFLAGS, &network);
895
/* If the interface is down, bring it up */
896
{
897
sd = socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP);
898
if(sd < 0) {
899
perror("socket");
900
exitcode = EXIT_FAILURE;
901
goto end;
902
}
903
strcpy(network.ifr_name, interface); /* Spurious warning */
904
ret = ioctl(sd, SIOCGIFFLAGS, &network);
801
905
if(ret == -1){
802
perror("ioctl SIOCSIFFLAGS");
803
returncode = EXIT_FAILURE;
804
goto exit;
805
}
906
perror("ioctl SIOCGIFFLAGS");
907
exitcode = EXIT_FAILURE;
908
goto end;
909
}
910
if((network.ifr_flags & IFF_UP) == 0){
911
network.ifr_flags |= IFF_UP;
912
ret = ioctl(sd, SIOCSIFFLAGS, &network);
913
if(ret == -1){
914
perror("ioctl SIOCSIFFLAGS");
915
exitcode = EXIT_FAILURE;
916
goto end;
917
}
918
}
919
close(sd);
806
920
}
807
close(sd);
808
921
809
922
if (not debug){
810
923
avahi_set_log_function(empty_log);
811
924
}
812
925
813
/* Initialize the psuedo-RNG */
926
/* Initialize the pseudo-RNG for Avahi */
814
927
srand((unsigned int) time(NULL));
815
816
/* Allocate main loop object */
817
if (!(mc.simple_poll = avahi_simple_poll_new())) {
818
fprintf(stderr, "Failed to create simple poll object.\n");
819
returncode = EXIT_FAILURE;
820
goto exit;
821
}
822
823
/* Do not publish any local records */
824
avahi_server_config_init(&config);
825
config.publish_hinfo = 0;
826
config.publish_addresses = 0;
827
config.publish_workstation = 0;
828
config.publish_domain = 0;
829
830
/* Allocate a new server */
831
mc.server=avahi_server_new(avahi_simple_poll_get(mc.simple_poll),
832
&config, NULL, NULL, &error);
833
834
/* Free the configuration data */
835
avahi_server_config_free(&config);
836
837
/* Check if creating the server object succeeded */
838
if (!mc.server) {
839
fprintf(stderr, "Failed to create server: %s\n",
928
929
/* Allocate main Avahi loop object */
930
mc.simple_poll = avahi_simple_poll_new();
931
if (mc.simple_poll == NULL) {
932
fprintf(stderr, "Avahi: Failed to create simple poll"
933
" object.\n");
934
exitcode = EXIT_FAILURE;
935
goto end;
936
}
937
938
{
939
AvahiServerConfig config;
940
/* Do not publish any local Zeroconf records */
941
avahi_server_config_init(&config);
942
config.publish_hinfo = 0;
943
config.publish_addresses = 0;
944
config.publish_workstation = 0;
945
config.publish_domain = 0;
946
947
/* Allocate a new server */
948
mc.server = avahi_server_new(avahi_simple_poll_get
949
(mc.simple_poll), &config, NULL,
950
NULL, &error);
951
952
/* Free the Avahi configuration data */
953
avahi_server_config_free(&config);
954
}
955
956
/* Check if creating the Avahi server object succeeded */
957
if (mc.server == NULL) {
958
fprintf(stderr, "Failed to create Avahi server: %s\n",
840
959
avahi_strerror(error));
841
returncode = EXIT_FAILURE;
842
goto exit;
960
exitcode = EXIT_FAILURE;
961
goto end;
843
962
}
844
963
845
/* Create the service browser */
964
/* Create the Avahi service browser */
846
965
sb = avahi_s_service_browser_new(mc.server, if_index,
847
966
AVAHI_PROTO_INET6,
848
967
"_mandos._tcp", NULL, 0,
849
968
browse_callback, &mc);
850
if (!sb) {
969
if (sb == NULL) {
851
970
fprintf(stderr, "Failed to create service browser: %s\n",
852
971
avahi_strerror(avahi_server_errno(mc.server)));
853
returncode = EXIT_FAILURE;
854
goto exit;
972
exitcode = EXIT_FAILURE;
973
goto end;
855
974
}
856
975
857
976
/* Run the main loop */
858
977
859
978
if (debug){
860
fprintf(stderr, "Starting avahi loop search\n");
979
fprintf(stderr, "Starting Avahi loop search\n");
861
980
}
862
981
863
982
avahi_simple_poll_loop(mc.simple_poll);
864
983
865
exit:
984
end:
866
985
867
986
if (debug){
868
987
fprintf(stderr, "%s exiting\n", argv[0]);
869
988
}
870
989
871
990
/* Cleanup things */
872
if (sb)
991
if (sb != NULL)
873
992
avahi_s_service_browser_free(sb);
874
993
875
if (mc.server)
994
if (mc.server != NULL)
876
995
avahi_server_free(mc.server);
877
996
878
if (mc.simple_poll)
997
if (mc.simple_poll != NULL)
879
998
avahi_simple_poll_free(mc.simple_poll);
880
999
free(pubkeyfile);
881
1000
free(seckeyfile);
882
1001
883
return returncode;
1002
return exitcode;
884
1003
}
Loggerhead is a web-based interface for Breezy
Version: 2.0.2.dev0