/mandos/release : revision 24.1.4

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to plugins.d/mandosclient.c

Committer: Björn Påhlsson
Date: 2008-07-30 02:11:33 UTC
mto: (237.7.1 mandos) (24.1.154 mandos)
mto: This revision was merged to the branch mainline in revision 30.
Revision ID: belorn@braxen-20080730021133-q341llq93r328q5b

Added optional parameters certdir, certkey and certfile that can be iven at start in the command line.

files added:
ca.pem

cert.pem

client-cert.pem

client-key.pem

crl.pem

key.pem

files removed:
.bzrignore

COPYING

initramfs-tools-hook

initramfs-tools-hook-conf

initramfs-tools-script

legalnotice.xml

mandos-clients.conf.xml

mandos-keygen

mandos-keygen.xml

mandos-options.xml

mandos.conf

mandos.conf.xml

mandos.xml

overview.xml

plugin-runner.xml

plugins.d/password-prompt.xml

plugins.d/password-request.xml

plugins.d/usplash

files renamed:
clients.conf => mandos-clients.conf

plugin-runner.c => plugbasedclient.c

plugins.d/password-request.c => plugins.d/mandosclient.c

plugins.d/password-prompt.c => plugins.d/passprompt.c

mandos => server.py

files modified:
Makefile

TODO

Show diffs side-by-side

added added

removed removed

plugins.d/mandosclient.c

* includes the following functions: "resolve_callback",

* "browse_callback", and parts of "main".

* Everything else is

* Påhlsson.

* This program is free software: you can redistribute it and/or

* modify it under the terms of the GNU General Public License as

* along with this program. If not, see

* <http://www.gnu.org/licenses/>.

* Contact the authors at <mandos@fukt.bsnet.se>.

* Contact the authors at <https://www.fukt.bsnet.se/~belorn/> and

* <https://www.fukt.bsnet.se/~teddy/>.

/* Needed by GPGME, specifically gpgme_data_seek() */

#define _FORTIFY_SOURCE 2

#define _LARGEFILE_SOURCE

#define _FILE_OFFSET_BITS 64

#define _GNU_SOURCE /* TEMP_FAILURE_RETRY(), asprintf() */

#include <stdio.h> /* fprintf(), stderr, fwrite(),

stdout, ferror() */

#include <stdint.h> /* uint16_t, uint32_t */

#include <stddef.h> /* NULL, size_t, ssize_t */

#include <stdlib.h> /* free(), EXIT_SUCCESS, EXIT_FAILURE,

srand() */

#include <stdbool.h> /* bool, true */

#include <string.h> /* memset(), strcmp(), strlen(),

strerror(), asprintf(), strcpy() */

#include <sys/ioctl.h> /* ioctl */

#include <sys/types.h> /* socket(), inet_pton(), sockaddr,

sockaddr_in6, PF_INET6,

SOCK_STREAM, INET6_ADDRSTRLEN,

uid_t, gid_t */

#include <inttypes.h> /* PRIu16 */

#include <sys/socket.h> /* socket(), struct sockaddr_in6,

struct in6_addr, inet_pton(),

connect() */

#include <assert.h> /* assert() */

#include <errno.h> /* perror(), errno */

#include <time.h> /* time() */

#include <net/if.h> /* ioctl, ifreq, SIOCGIFFLAGS, IFF_UP,

SIOCSIFFLAGS, if_indextoname(),

if_nametoindex(), IF_NAMESIZE */

#include <unistd.h> /* close(), SEEK_SET, off_t, write(),

getuid(), getgid(), setuid(),

setgid() */

#include <netinet/in.h>

#include <arpa/inet.h> /* inet_pton(), htons */

#include <iso646.h> /* not, and */

#include <argp.h> /* struct argp_option, error_t, struct

argp_state, struct argp,

argp_parse(), ARGP_KEY_ARG,

ARGP_KEY_END, ARGP_ERR_UNKNOWN */

/* Avahi */

/* All Avahi types, constants and functions

Avahi*, avahi_*,

AVAHI_* */

#include <stdio.h>

#include <assert.h>

#include <stdlib.h>

#include <time.h>

#include <net/if.h> /* if_nametoindex */

#include <avahi-core/core.h>

#include <avahi-core/lookup.h>

#include <avahi-core/log.h>

#include <avahi-common/malloc.h>

#include <avahi-common/error.h>

/* GnuTLS */

#include <gnutls/gnutls.h> /* All GnuTLS types, constants and

functions:

gnutls_*

init_gnutls_session(),

GNUTLS_* */

#include <gnutls/openpgp.h> /* gnutls_certificate_set_openpgp_key_file(),

GNUTLS_OPENPGP_FMT_BASE64 */

/* GPGME */

#include <gpgme.h> /* All GPGME types, constants and

functions:

gpgme_*

GPGME_PROTOCOL_OpenPGP,

GPG_ERR_NO_* */

//mandos client part

#include <sys/types.h> /* socket(), inet_pton() */

#include <sys/socket.h> /* socket(), struct sockaddr_in6,

struct in6_addr, inet_pton() */

#include <gnutls/gnutls.h> /* All GnuTLS stuff */

#include <gnutls/openpgp.h> /* GnuTLS with openpgp stuff */

#include <unistd.h> /* close() */

#include <netinet/in.h>

#include <stdbool.h> /* true */

#include <string.h> /* memset */

#include <arpa/inet.h> /* inet_pton() */

#include <iso646.h> /* not */

// gpgme

#include <errno.h> /* perror() */

#include <gpgme.h>

// getopt long

#include <getopt.h>

#define BUFFER_SIZE 256

#define DH_BITS 1024

const char *certdir = "/conf/conf.d/cryptkeyreq/";

const char *certfile = "openpgp-client.txt";

const char *certkey = "openpgp-client-key.txt";

100

101

bool debug = false;

102

static const char *keydir = "/conf/conf.d/mandos";

103

static const char mandos_protocol_version[] = "1";

104

const char *argp_program_version = "password-request 1.0";

105

const char *argp_program_bug_address = "<mandos@fukt.bsnet.se>";

106

107

/* Used for passing in values through the Avahi callback functions */

108

typedef struct {

109

AvahiSimplePoll *simple_poll;

110

AvahiServer *server;

gnutls_session_t session;

111

gnutls_certificate_credentials_t cred;

112

unsigned int dh_bits;

113

gnutls_dh_params_t dh_params;

114

const char *priority;

115

} mandos_context;

116

117

118

* Make room in "buffer" for at least BUFFER_SIZE additional bytes.

119

* "buffer_capacity" is how much is currently allocated,

120

* "buffer_length" is how much is already used.

121

122

size_t adjustbuffer(char **buffer, size_t buffer_length,

123

size_t buffer_capacity){

124

if (buffer_length + BUFFER_SIZE > buffer_capacity){

125

*buffer = realloc(*buffer, buffer_capacity + BUFFER_SIZE);

126

if (buffer == NULL){

127

return 0;

128

}

129

buffer_capacity += BUFFER_SIZE;

130

}

131

return buffer_capacity;

132

}

133

134

135

* Decrypt OpenPGP data using keyrings in HOMEDIR.

136

* Returns -1 on error

137

138

static ssize_t pgp_packet_decrypt (const char *cryptotext,

139

size_t crypto_size,

140

char **plaintext,

141

const char *homedir){

} encrypted_session;

ssize_t pgp_packet_decrypt (char *packet, size_t packet_size,

char **new_packet, const char *homedir){

142

gpgme_data_t dh_crypto, dh_plain;

143

gpgme_ctx_t ctx;

144

gpgme_error_t rc;

145

ssize_t ret;

146

size_t plaintext_capacity = 0;

147

ssize_t plaintext_length = 0;

ssize_t new_packet_capacity = 0;

ssize_t new_packet_length = 0;

148

gpgme_engine_info_t engine_info;

149

150

if (debug){

151

fprintf(stderr, "Trying to decrypt OpenPGP data\n");

fprintf(stderr, "Trying to decrypt OpenPGP packet\n");

152

}

153

100

154

101

/* Init GPGME */

160

107

return -1;

161

108

}

162

109

163

/* Set GPGME home directory for the OpenPGP engine only */

110

/* Set GPGME home directory */

164

111

rc = gpgme_get_engine_info (&engine_info);

165

112

if (rc != GPG_ERR_NO_ERROR){

166

113

fprintf(stderr, "bad gpgme_get_engine_info: %s: %s\n",

176

123

engine_info = engine_info->next;

177

124

}

178

125

if(engine_info == NULL){

179

fprintf(stderr, "Could not set GPGME home dir to %s\n", homedir);

126

fprintf(stderr, "Could not set home dir to %s\n", homedir);

180

127

return -1;

181

128

}

182

129

183

/* Create new GPGME data buffer from memory cryptotext */

184

rc = gpgme_data_new_from_mem(&dh_crypto, cryptotext, crypto_size,

185

0);

130

/* Create new GPGME data buffer from packet buffer */

131

rc = gpgme_data_new_from_mem(&dh_crypto, packet, packet_size, 0);

186

132

if (rc != GPG_ERR_NO_ERROR){

187

133

fprintf(stderr, "bad gpgme_data_new_from_mem: %s: %s\n",

188

134

gpgme_strsource(rc), gpgme_strerror(rc));

194

140

if (rc != GPG_ERR_NO_ERROR){

195

141

fprintf(stderr, "bad gpgme_data_new: %s: %s\n",

196

142

gpgme_strsource(rc), gpgme_strerror(rc));

197

gpgme_data_release(dh_crypto);

198

143

return -1;

199

144

}

200

145

203

148

if (rc != GPG_ERR_NO_ERROR){

204

149

fprintf(stderr, "bad gpgme_new: %s: %s\n",

205

150

gpgme_strsource(rc), gpgme_strerror(rc));

206

plaintext_length = -1;

207

goto decrypt_end;

151

return -1;

208

152

}

209

153

210

/* Decrypt data from the cryptotext data buffer to the plaintext

211

data buffer */

154

/* Decrypt data from the FILE pointer to the plaintext data

155

buffer */

212

156

rc = gpgme_op_decrypt(ctx, dh_crypto, dh_plain);

213

157

if (rc != GPG_ERR_NO_ERROR){

214

158

fprintf(stderr, "bad gpgme_op_decrypt: %s: %s\n",

215

159

gpgme_strsource(rc), gpgme_strerror(rc));

216

plaintext_length = -1;

217

if (debug){

218

gpgme_decrypt_result_t result;

219

result = gpgme_op_decrypt_result(ctx);

220

if (result == NULL){

221

fprintf(stderr, "gpgme_op_decrypt_result failed\n");

222

} else {

223

fprintf(stderr, "Unsupported algorithm: %s\n",

224

result->unsupported_algorithm);

225

fprintf(stderr, "Wrong key usage: %u\n",

226

result->wrong_key_usage);

227

if(result->file_name != NULL){

228

fprintf(stderr, "File name: %s\n", result->file_name);

229

}

230

gpgme_recipient_t recipient;

231

recipient = result->recipients;

232

if(recipient){

233

while(recipient != NULL){

234

fprintf(stderr, "Public key algorithm: %s\n",

235

gpgme_pubkey_algo_name(recipient->pubkey_algo));

236

fprintf(stderr, "Key ID: %s\n", recipient->keyid);

237

fprintf(stderr, "Secret key available: %s\n",

238

recipient->status == GPG_ERR_NO_SECKEY

239

? "No" : "Yes");

240

recipient = recipient->next;

241

}

160

return -1;

161

}

162

163

if(debug){

164

fprintf(stderr, "Decryption of OpenPGP packet succeeded\n");

165

}

166

167

if (debug){

168

gpgme_decrypt_result_t result;

169

result = gpgme_op_decrypt_result(ctx);

170

if (result == NULL){

171

fprintf(stderr, "gpgme_op_decrypt_result failed\n");

172

} else {

173

fprintf(stderr, "Unsupported algorithm: %s\n",

174

result->unsupported_algorithm);

175

fprintf(stderr, "Wrong key usage: %d\n",

176

result->wrong_key_usage);

177

if(result->file_name != NULL){

178

fprintf(stderr, "File name: %s\n", result->file_name);

179

}

180

gpgme_recipient_t recipient;

181

recipient = result->recipients;

182

if(recipient){

183

while(recipient != NULL){

184

fprintf(stderr, "Public key algorithm: %s\n",

185

gpgme_pubkey_algo_name(recipient->pubkey_algo));

186

fprintf(stderr, "Key ID: %s\n", recipient->keyid);

187

fprintf(stderr, "Secret key available: %s\n",

188

recipient->status == GPG_ERR_NO_SECKEY

189

? "No" : "Yes");

190

recipient = recipient->next;

242

191

}

243

192

}

244

193

}

245

goto decrypt_end;

246

194

}

247

195

248

if(debug){

249

fprintf(stderr, "Decryption of OpenPGP data succeeded\n");

250

}

196

/* Delete the GPGME FILE pointer cryptotext data buffer */

197

gpgme_data_release(dh_crypto);

251

198

252

199

/* Seek back to the beginning of the GPGME plaintext data buffer */

253

if (gpgme_data_seek(dh_plain, (off_t) 0, SEEK_SET) == -1){

254

perror("pgpme_data_seek");

255

plaintext_length = -1;

256

goto decrypt_end;

257

}

258

259

*plaintext = NULL;

200

gpgme_data_seek(dh_plain, (off_t) 0, SEEK_SET);

201

202

*new_packet = 0;

260

203

while(true){

261

plaintext_capacity = adjustbuffer(plaintext,

262

(size_t)plaintext_length,

263

plaintext_capacity);

264

if (plaintext_capacity == 0){

265

perror("adjustbuffer");

266

plaintext_length = -1;

267

goto decrypt_end;

204

if (new_packet_length + BUFFER_SIZE > new_packet_capacity){

205

*new_packet = realloc(*new_packet,

206

(unsigned int)new_packet_capacity

207

+ BUFFER_SIZE);

208

if (*new_packet == NULL){

209

perror("realloc");

210

return -1;

211

}

212

new_packet_capacity += BUFFER_SIZE;

268

213

}

269

214

270

ret = gpgme_data_read(dh_plain, *plaintext + plaintext_length,

215

ret = gpgme_data_read(dh_plain, *new_packet + new_packet_length,

271

216

BUFFER_SIZE);

272

217

/* Print the data, if any */

273

218

if (ret == 0){

274

/* EOF */

275

219

break;

276

220

}

277

221

if(ret < 0){

278

222

perror("gpgme_data_read");

279

plaintext_length = -1;

280

goto decrypt_end;

223

return -1;

281

224

}

282

plaintext_length += ret;

225

new_packet_length += ret;

283

226

}

284

227

285

if(debug){

286

fprintf(stderr, "Decrypted password is: ");

287

for(ssize_t i = 0; i < plaintext_length; i++){

288

fprintf(stderr, "%02hhX ", (*plaintext)[i]);

289

}

290

fprintf(stderr, "\n");

291

}

292

293

decrypt_end:

294

295

/* Delete the GPGME cryptotext data buffer */

296

gpgme_data_release(dh_crypto);

228

/* FIXME: check characters before printing to screen so to not print

229

terminal control characters */

230

/* if(debug){ */

231

/* fprintf(stderr, "decrypted password is: "); */

232

/* fwrite(*new_packet, 1, new_packet_length, stderr); */

233

/* fprintf(stderr, "\n"); */

234

/* } */

297

235

298

236

/* Delete the GPGME plaintext data buffer */

299

237

gpgme_data_release(dh_plain);

300

return plaintext_length;

238

return new_packet_length;

301

239

}

302

240

303

241

static const char * safer_gnutls_strerror (int value) {

304

const char *ret = gnutls_strerror (value); /* Spurious warning */

242

const char *ret = gnutls_strerror (value);

305

243

if (ret == NULL)

306

244

ret = "(unknown)";

307

245

return ret;

308

246

}

309

247

310

/* GnuTLS log function callback */

311

static void debuggnutls(__attribute__((unused)) int level,

312

const char* string){

313

fprintf(stderr, "GnuTLS: %s", string);

248

void debuggnutls(__attribute__((unused)) int level,

249

const char* string){

250

fprintf(stderr, "%s", string);

314

251

}

315

252

316

static int init_gnutls_global(mandos_context *mc,

317

const char *pubkeyfilename,

318

const char *seckeyfilename){

253

int initgnutls(encrypted_session *es){

254

const char *err;

319

255

int ret;

320

256

321

257

if(debug){

322

258

fprintf(stderr, "Initializing GnuTLS\n");

323

259

}

324

325

ret = gnutls_global_init();

326

if (ret != GNUTLS_E_SUCCESS) {

327

fprintf (stderr, "GnuTLS global_init: %s\n",

328

safer_gnutls_strerror(ret));

260

261

if ((ret = gnutls_global_init ())

262

!= GNUTLS_E_SUCCESS) {

263

fprintf (stderr, "global_init: %s\n", safer_gnutls_strerror(ret));

329

264

return -1;

330

265

}

331

266

332

267

if (debug){

333

/* "Use a log level over 10 to enable all debugging options."

334

* - GnuTLS manual

335

336

268

gnutls_global_set_log_level(11);

337

269

gnutls_global_set_log_function(debuggnutls);

338

270

}

339

271

340

/* OpenPGP credentials */

341

gnutls_certificate_allocate_credentials(&mc->cred);

342

if (ret != GNUTLS_E_SUCCESS){

343

fprintf (stderr, "GnuTLS memory error: %s\n", /* Spurious

344

warning */

272

/* openpgp credentials */

273

if ((ret = gnutls_certificate_allocate_credentials (&es->cred))

274

!= GNUTLS_E_SUCCESS) {

275

fprintf (stderr, "memory error: %s\n",

345

276

safer_gnutls_strerror(ret));

346

gnutls_global_deinit ();

347

277

return -1;

348

278

}

349

279

350

280

if(debug){

351

281

fprintf(stderr, "Attempting to use OpenPGP certificate %s"

352

" and keyfile %s as GnuTLS credentials\n", pubkeyfilename,

353

seckeyfilename);

282

" and keyfile %s as GnuTLS credentials\n", certfile,

283

certkey);

354

284

}

355

285

356

286

ret = gnutls_certificate_set_openpgp_key_file

357

(mc->cred, pubkeyfilename, seckeyfilename,

358

GNUTLS_OPENPGP_FMT_BASE64);

287

(es->cred, certfile, certkey, GNUTLS_OPENPGP_FMT_BASE64);

359

288

if (ret != GNUTLS_E_SUCCESS) {

360

fprintf(stderr,

361

"Error[%d] while reading the OpenPGP key pair ('%s',"

362

" '%s')\n", ret, pubkeyfilename, seckeyfilename);

363

fprintf(stdout, "The GnuTLS error is: %s\n",

289

fprintf

290

(stderr, "Error[%d] while reading the OpenPGP key pair ('%s',"

291

" '%s')\n",

292

ret, certfile, certkey);

293

fprintf(stdout, "The Error is: %s\n",

364

294

safer_gnutls_strerror(ret));

365

goto globalfail;

366

}

367

368

/* GnuTLS server initialization */

369

ret = gnutls_dh_params_init(&mc->dh_params);

370

if (ret != GNUTLS_E_SUCCESS) {

371

fprintf (stderr, "Error in GnuTLS DH parameter initialization:"

372

" %s\n", safer_gnutls_strerror(ret));

373

goto globalfail;

374

}

375

ret = gnutls_dh_params_generate2(mc->dh_params, mc->dh_bits);

376

if (ret != GNUTLS_E_SUCCESS) {

377

fprintf (stderr, "Error in GnuTLS prime generation: %s\n",

378

safer_gnutls_strerror(ret));

379

goto globalfail;

380

}

381

382

gnutls_certificate_set_dh_params(mc->cred, mc->dh_params);

383

384

return 0;

385

386

globalfail:

387

388

gnutls_certificate_free_credentials(mc->cred);

389

gnutls_global_deinit();

390

return -1;

391

392

}

393

394

static int init_gnutls_session(mandos_context *mc,

395

gnutls_session_t *session){

396

int ret;

397

/* GnuTLS session creation */

398

ret = gnutls_init(session, GNUTLS_SERVER);

399

if (ret != GNUTLS_E_SUCCESS){

295

return -1;

296

}

297

298

//GnuTLS server initialization

299

if ((ret = gnutls_dh_params_init (&es->dh_params))

300

!= GNUTLS_E_SUCCESS) {

301

fprintf (stderr, "Error in dh parameter initialization: %s\n",

302

safer_gnutls_strerror(ret));

303

return -1;

304

}

305

306

if ((ret = gnutls_dh_params_generate2 (es->dh_params, DH_BITS))

307

!= GNUTLS_E_SUCCESS) {

308

fprintf (stderr, "Error in prime generation: %s\n",

309

safer_gnutls_strerror(ret));

310

return -1;

311

}

312

313

gnutls_certificate_set_dh_params (es->cred, es->dh_params);

314

315

// GnuTLS session creation

316

if ((ret = gnutls_init (&es->session, GNUTLS_SERVER))

317

!= GNUTLS_E_SUCCESS){

400

318

fprintf(stderr, "Error in GnuTLS session initialization: %s\n",

401

319

safer_gnutls_strerror(ret));

402

320

}

403

321

404

{

405

const char *err;

406

ret = gnutls_priority_set_direct(*session, mc->priority, &err);

407

if (ret != GNUTLS_E_SUCCESS) {

408

fprintf(stderr, "Syntax error at: %s\n", err);

409

fprintf(stderr, "GnuTLS error: %s\n",

410

safer_gnutls_strerror(ret));

411

gnutls_deinit (*session);

412

return -1;

413

}

322

if ((ret = gnutls_priority_set_direct (es->session, "NORMAL", &err))

323

!= GNUTLS_E_SUCCESS) {

324

fprintf(stderr, "Syntax error at: %s\n", err);

325

fprintf(stderr, "GnuTLS error: %s\n",

326

safer_gnutls_strerror(ret));

327

return -1;

414

328

}

415

329

416

ret = gnutls_credentials_set(*session, GNUTLS_CRD_CERTIFICATE,

417

mc->cred);

418

if (ret != GNUTLS_E_SUCCESS) {

419

fprintf(stderr, "Error setting GnuTLS credentials: %s\n",

330

if ((ret = gnutls_credentials_set

331

(es->session, GNUTLS_CRD_CERTIFICATE, es->cred))

332

!= GNUTLS_E_SUCCESS) {

333

fprintf(stderr, "Error setting a credentials set: %s\n",

420

334

safer_gnutls_strerror(ret));

421

gnutls_deinit (*session);

422

335

return -1;

423

336

}

424

337

425

338

/* ignore client certificate if any. */

426

gnutls_certificate_server_set_request (*session,

339

gnutls_certificate_server_set_request (es->session,

427

340

GNUTLS_CERT_IGNORE);

428

341

429

gnutls_dh_set_prime_bits (*session, mc->dh_bits);

342

gnutls_dh_set_prime_bits (es->session, DH_BITS);

430

343

431

344

return 0;

432

345

}

433

346

434

/* Avahi log function callback */

435

static void empty_log(__attribute__((unused)) AvahiLogLevel level,

436

__attribute__((unused)) const char *txt){}

347

void empty_log(__attribute__((unused)) AvahiLogLevel level,

348

__attribute__((unused)) const char *txt){}

437

349

438

/* Called when a Mandos server is found */

439

static int start_mandos_communication(const char *ip, uint16_t port,

440

AvahiIfIndex if_index,

441

mandos_context *mc){

350

int start_mandos_communication(const char *ip, uint16_t port,

351

unsigned int if_index){

442

352

int ret, tcp_sd;

443

union { struct sockaddr in; struct sockaddr_in6 in6; } to;

353

struct sockaddr_in6 to;

354

encrypted_session es;

444

355

char *buffer = NULL;

445

356

char *decrypted_buffer;

446

357

size_t buffer_length = 0;

447

358

size_t buffer_capacity = 0;

448

359

ssize_t decrypted_buffer_size;

449

size_t written;

360

size_t written = 0;

450

361

int retval = 0;

451

362

char interface[IF_NAMESIZE];

452

gnutls_session_t session;

453

454

ret = init_gnutls_session (mc, &session);

455

if (ret != 0){

456

return -1;

457

}

458

363

459

364

if(debug){

460

fprintf(stderr, "Setting up a tcp connection to %s, port %" PRIu16

461

"\n", ip, port);

365

fprintf(stderr, "Setting up a tcp connection to %s\n", ip);

462

366

}

463

367

464

368

tcp_sd = socket(PF_INET6, SOCK_STREAM, 0);

466

370

perror("socket");

467

371

return -1;

468

372

}

469

470

if(debug){

471

if(if_indextoname((unsigned int)if_index, interface) == NULL){

373

374

if(if_indextoname(if_index, interface) == NULL){

375

if(debug){

472

376

perror("if_indextoname");

473

return -1;

474

377

}

378

return -1;

379

}

380

381

if(debug){

475

382

fprintf(stderr, "Binding to interface %s\n", interface);

476

383

}

477

384

478

memset(&to, 0, sizeof(to));

479

to.in6.sin6_family = AF_INET6;

480

/* It would be nice to have a way to detect if we were passed an

481

IPv4 address here. Now we assume an IPv6 address. */

482

ret = inet_pton(AF_INET6, ip, &to.in6.sin6_addr);

385

memset(&to,0,sizeof(to)); /* Spurious warning */

386

to.sin6_family = AF_INET6;

387

ret = inet_pton(AF_INET6, ip, &to.sin6_addr);

483

388

if (ret < 0 ){

484

389

perror("inet_pton");

485

390

return -1;

486

}

391

}

487

392

if(ret == 0){

488

393

fprintf(stderr, "Bad address: %s\n", ip);

489

394

return -1;

490

395

}

491

to.in6.sin6_port = htons(port); /* Spurious warning */

396

to.sin6_port = htons(port); /* Spurious warning */

492

397

493

to.in6.sin6_scope_id = (uint32_t)if_index;

398

to.sin6_scope_id = (uint32_t)if_index;

494

399

495

400

if(debug){

496

fprintf(stderr, "Connection to: %s, port %" PRIu16 "\n", ip,

497

port);

498

char addrstr[INET6_ADDRSTRLEN] = "";

499

if(inet_ntop(to.in6.sin6_family, &(to.in6.sin6_addr), addrstr,

500

sizeof(addrstr)) == NULL){

501

perror("inet_ntop");

502

} else {

503

if(strcmp(addrstr, ip) != 0){

504

fprintf(stderr, "Canonical address form: %s\n", addrstr);

505

}

506

}

401

fprintf(stderr, "Connection to: %s\n", ip);

507

402

}

508

403

509

ret = connect(tcp_sd, &to.in, sizeof(to));

404

ret = connect(tcp_sd, (struct sockaddr *) &to, sizeof(to));

510

405

if (ret < 0){

511

406

perror("connect");

512

407

return -1;

513

408

}

514

515

const char *out = mandos_protocol_version;

516

written = 0;

517

while (true){

518

size_t out_size = strlen(out);

519

ret = TEMP_FAILURE_RETRY(write(tcp_sd, out + written,

520

out_size - written));

521

if (ret == -1){

522

perror("write");

523

retval = -1;

524

goto mandos_end;

525

}

526

written += (size_t)ret;

527

if(written < out_size){

528

continue;

529

} else {

530

if (out == mandos_protocol_version){

531

written = 0;

532

out = "\r\n";

533

} else {

534

break;

535

}

536

}

409

410

ret = initgnutls (&es);

411

if (ret != 0){

412

retval = -1;

413

return -1;

537

414

}

538

415

416

gnutls_transport_set_ptr (es.session,

417

(gnutls_transport_ptr_t) tcp_sd);

418

539

419

if(debug){

540

420

fprintf(stderr, "Establishing TLS session with %s\n", ip);

541

421

}

542

422

543

gnutls_transport_set_ptr (session, (gnutls_transport_ptr_t) tcp_sd);

544

545

do{

546

ret = gnutls_handshake (session);

547

} while(ret == GNUTLS_E_AGAIN or ret == GNUTLS_E_INTERRUPTED);

423

ret = gnutls_handshake (es.session);

548

424

549

425

if (ret != GNUTLS_E_SUCCESS){

550

426

if(debug){

551

fprintf(stderr, "*** GnuTLS Handshake failed ***\n");

427

fprintf(stderr, "\n*** Handshake failed ***\n");

552

428

gnutls_perror (ret);

553

429

}

554

430

retval = -1;

555

goto mandos_end;

431

goto exit;

556

432

}

557

433

558

/* Read OpenPGP packet that contains the wanted password */

434

//Retrieve OpenPGP packet that contains the wanted password

559

435

560

436

if(debug){

561

437

fprintf(stderr, "Retrieving pgp encrypted password from %s\n",

563

439

}

564

440

565

441

while(true){

566

buffer_capacity = adjustbuffer(&buffer, buffer_length,

567

buffer_capacity);

568

if (buffer_capacity == 0){

569

perror("adjustbuffer");

570

retval = -1;

571

goto mandos_end;

442

if (buffer_length + BUFFER_SIZE > buffer_capacity){

443

buffer = realloc(buffer, buffer_capacity + BUFFER_SIZE);

444

if (buffer == NULL){

445

perror("realloc");

446

goto exit;

447

}

448

buffer_capacity += BUFFER_SIZE;

572

449

}

573

450

574

ret = gnutls_record_recv(session, buffer+buffer_length,

575

BUFFER_SIZE);

451

ret = gnutls_record_recv

452

(es.session, buffer+buffer_length, BUFFER_SIZE);

576

453

if (ret == 0){

577

454

break;

578

455

}

582

459

case GNUTLS_E_AGAIN:

583

460

break;

584

461

case GNUTLS_E_REHANDSHAKE:

585

do{

586

ret = gnutls_handshake (session);

587

} while(ret == GNUTLS_E_AGAIN or ret == GNUTLS_E_INTERRUPTED);

462

ret = gnutls_handshake (es.session);

588

463

if (ret < 0){

589

fprintf(stderr, "*** GnuTLS Re-handshake failed ***\n");

464

fprintf(stderr, "\n*** Handshake failed ***\n");

590

465

gnutls_perror (ret);

591

466

retval = -1;

592

goto mandos_end;

467

goto exit;

593

468

}

594

469

break;

595

470

default:

596

471

fprintf(stderr, "Unknown error while reading data from"

597

" encrypted session with Mandos server\n");

472

" encrypted session with mandos server\n");

598

473

retval = -1;

599

gnutls_bye (session, GNUTLS_SHUT_RDWR);

600

goto mandos_end;

474

gnutls_bye (es.session, GNUTLS_SHUT_RDWR);

475

goto exit;

601

476

}

602

477

} else {

603

478

buffer_length += (size_t) ret;

604

479

}

605

480

}

606

481

607

if(debug){

608

fprintf(stderr, "Closing TLS session\n");

609

}

610

611

gnutls_bye (session, GNUTLS_SHUT_RDWR);

612

613

482

if (buffer_length > 0){

614

483

decrypted_buffer_size = pgp_packet_decrypt(buffer,

615

484

buffer_length,

616

485

&decrypted_buffer,

617

keydir);

486

certdir);

618

487

if (decrypted_buffer_size >= 0){

619

written = 0;

620

while(written < (size_t) decrypted_buffer_size){

488

while(written < decrypted_buffer_size){

621

489

ret = (int)fwrite (decrypted_buffer + written, 1,

622

490

(size_t)decrypted_buffer_size - written,

623

491

stdout);

635

503

} else {

636

504

retval = -1;

637

505

}

638

} else {

639

retval = -1;

640

}

641

642

/* Shutdown procedure */

643

644

mandos_end:

506

}

507

508

//shutdown procedure

509

510

if(debug){

511

fprintf(stderr, "Closing TLS session\n");

512

}

513

645

514

free(buffer);

515

gnutls_bye (es.session, GNUTLS_SHUT_RDWR);

516

exit:

646

517

close(tcp_sd);

647

gnutls_deinit (session);

518

gnutls_deinit (es.session);

519

gnutls_certificate_free_credentials (es.cred);

520

gnutls_global_deinit ();

648

521

return retval;

649

522

}

650

523

651

static void resolve_callback(AvahiSServiceResolver *r,

652

AvahiIfIndex interface,

653

AVAHI_GCC_UNUSED AvahiProtocol protocol,

654

AvahiResolverEvent event,

655

const char *name,

656

const char *type,

657

const char *domain,

658

const char *host_name,

659

const AvahiAddress *address,

660

uint16_t port,

661

AVAHI_GCC_UNUSED AvahiStringList *txt,

662

AVAHI_GCC_UNUSED AvahiLookupResultFlags

663

flags,

664

void* userdata) {

665

mandos_context *mc = userdata;

666

assert(r);

524

static AvahiSimplePoll *simple_poll = NULL;

525

static AvahiServer *server = NULL;

526

527

static void resolve_callback(

528

AvahiSServiceResolver *r,

529

AvahiIfIndex interface,

530

AVAHI_GCC_UNUSED AvahiProtocol protocol,

531

AvahiResolverEvent event,

532

const char *name,

533

const char *type,

534

const char *domain,

535

const char *host_name,

536

const AvahiAddress *address,

537

uint16_t port,

538

AVAHI_GCC_UNUSED AvahiStringList *txt,

539

AVAHI_GCC_UNUSED AvahiLookupResultFlags flags,

540

AVAHI_GCC_UNUSED void* userdata) {

541

542

assert(r); /* Spurious warning */

667

543

668

544

/* Called whenever a service has been resolved successfully or

669

545

timed out */

671

547

switch (event) {

672

548

default:

673

549

case AVAHI_RESOLVER_FAILURE:

674

fprintf(stderr, "(Avahi Resolver) Failed to resolve service '%s'"

675

" of type '%s' in domain '%s': %s\n", name, type, domain,

676

avahi_strerror(avahi_server_errno(mc->server)));

550

fprintf(stderr, "(Resolver) Failed to resolve service '%s' of"

551

" type '%s' in domain '%s': %s\n", name, type, domain,

552

avahi_strerror(avahi_server_errno(server)));

677

553

break;

678

554

679

555

case AVAHI_RESOLVER_FOUND:

681

557

char ip[AVAHI_ADDRESS_STR_MAX];

682

558

avahi_address_snprint(ip, sizeof(ip), address);

683

559

if(debug){

684

fprintf(stderr, "Mandos server \"%s\" found on %s (%s, %"

685

PRIu16 ") on port %d\n", name, host_name, ip,

686

interface, port);

560

fprintf(stderr, "Mandos server \"%s\" found on %s (%s) on"

561

" port %d\n", name, host_name, ip, port);

687

562

}

688

int ret = start_mandos_communication(ip, port, interface, mc);

563

int ret = start_mandos_communication(ip, port,

564

(unsigned int) interface);

689

565

if (ret == 0){

690

avahi_simple_poll_quit(mc->simple_poll);

566

exit(EXIT_SUCCESS);

691

567

}

692

568

}

693

569

}

694

570

avahi_s_service_resolver_free(r);

695

571

}

696

572

697

static void browse_callback( AvahiSServiceBrowser *b,

698

AvahiIfIndex interface,

699

AvahiProtocol protocol,

700

AvahiBrowserEvent event,

701

const char *name,

702

const char *type,

703

const char *domain,

704

AVAHI_GCC_UNUSED AvahiLookupResultFlags

705

flags,

706

void* userdata) {

707

mandos_context *mc = userdata;

708

assert(b);

709

710

/* Called whenever a new services becomes available on the LAN or

711

is removed from the LAN */

712

713

switch (event) {

714

default:

715

case AVAHI_BROWSER_FAILURE:

716

717

fprintf(stderr, "(Avahi browser) %s\n",

718

avahi_strerror(avahi_server_errno(mc->server)));

719

avahi_simple_poll_quit(mc->simple_poll);

720

return;

721

722

case AVAHI_BROWSER_NEW:

723

/* We ignore the returned Avahi resolver object. In the callback

724

function we free it. If the Avahi server is terminated before

725

the callback function is called the Avahi server will free the

726

resolver for us. */

727

728

if (!(avahi_s_service_resolver_new(mc->server, interface,

729

protocol, name, type, domain,

730

AVAHI_PROTO_INET6, 0,

731

resolve_callback, mc)))

732

fprintf(stderr, "Avahi: Failed to resolve service '%s': %s\n",

733

name, avahi_strerror(avahi_server_errno(mc->server)));

734

break;

735

736

case AVAHI_BROWSER_REMOVE:

737

break;

738

739

case AVAHI_BROWSER_ALL_FOR_NOW:

740

case AVAHI_BROWSER_CACHE_EXHAUSTED:

741

if(debug){

742

fprintf(stderr, "No Mandos server found, still searching...\n");

573

static void browse_callback(

574

AvahiSServiceBrowser *b,

575

AvahiIfIndex interface,

576

AvahiProtocol protocol,

577

AvahiBrowserEvent event,

578

const char *name,

579

const char *type,

580

const char *domain,

581

AVAHI_GCC_UNUSED AvahiLookupResultFlags flags,

582

void* userdata) {

583

584

AvahiServer *s = userdata;

585

assert(b); /* Spurious warning */

586

587

/* Called whenever a new services becomes available on the LAN or

588

is removed from the LAN */

589

590

switch (event) {

591

default:

592

case AVAHI_BROWSER_FAILURE:

593

594

fprintf(stderr, "(Browser) %s\n",

595

avahi_strerror(avahi_server_errno(server)));

596

avahi_simple_poll_quit(simple_poll);

597

return;

598

599

case AVAHI_BROWSER_NEW:

600

/* We ignore the returned resolver object. In the callback

601

function we free it. If the server is terminated before

602

the callback function is called the server will free

603

the resolver for us. */

604

605

if (!(avahi_s_service_resolver_new(s, interface, protocol, name,

606

type, domain,

607

AVAHI_PROTO_INET6, 0,

608

resolve_callback, s)))

609

fprintf(stderr, "Failed to resolve service '%s': %s\n", name,

610

avahi_strerror(avahi_server_errno(s)));

611

break;

612

613

case AVAHI_BROWSER_REMOVE:

614

break;

615

616

case AVAHI_BROWSER_ALL_FOR_NOW:

617

case AVAHI_BROWSER_CACHE_EXHAUSTED:

618

break;

743

619

}

744

break;

745

}

746

620

}

747

621

748

/* Combines file name and path and returns the malloced new

749

string. some sane checks could/should be added */

750

static char *combinepath(const char *first, const char *second){

622

/* combinds two strings and returns the malloced new string. som sane checks could/should be added */

623

const char *combinestrings(const char *first, const char *second){

751

624

char *tmp;

752

int ret = asprintf(&tmp, "%s/%s", first, second);

753

if(ret < 0){

625

tmp = malloc(strlen(first) + strlen(second));

626

if (tmp == NULL){

627

perror("malloc");

754

628

return NULL;

755

629

}

630

strcpy(tmp, first);

631

strcat(tmp, second);

756

632

return tmp;

757

633

}

758

634

759

635

760

int main(int argc, char *argv[]){

636

int main(AVAHI_GCC_UNUSED int argc, AVAHI_GCC_UNUSED char*argv[]) {

637

AvahiServerConfig config;

761

638

AvahiSServiceBrowser *sb = NULL;

762

639

int error;

763

640

int ret;

764

int exitcode = EXIT_SUCCESS;

641

int returncode = EXIT_SUCCESS;

765

642

const char *interface = "eth0";

766

struct ifreq network;

767

int sd;

768

uid_t uid;

769

gid_t gid;

770

char *connect_to = NULL;

771

AvahiIfIndex if_index = AVAHI_IF_UNSPEC;

772

char *pubkeyfilename = NULL;

773

char *seckeyfilename = NULL;

774

const char *pubkeyname = "pubkey.txt";

775

const char *seckeyname = "seckey.txt";

776

mandos_context mc = { .simple_poll = NULL, .server = NULL,

777

.dh_bits = 1024, .priority = "SECURE256"

778

":!CTYPE-X.509:+CTYPE-OPENPGP" };

779

bool gnutls_initalized = false;

780

781

{

782

struct argp_option options[] = {

783

{ .name = "debug", .key = 128,

784

.doc = "Debug mode", .group = 3 },

785

{ .name = "connect", .key = 'c',

786

.arg = "IP",

787

.doc = "Connect directly to a sepcified mandos server",

788

.group = 1 },

789

{ .name = "interface", .key = 'i',

790

.arg = "INTERFACE",

791

.doc = "Interface that Avahi will conntect through",

792

.group = 1 },

793

{ .name = "keydir", .key = 'd',

794

.arg = "KEYDIR",

795

.doc = "Directory where the openpgp keyring is",

796

.group = 1 },

797

{ .name = "seckey", .key = 's',

798

.arg = "SECKEY",

799

.doc = "Secret openpgp key for gnutls authentication",

800

.group = 1 },

801

{ .name = "pubkey", .key = 'p',

802

.arg = "PUBKEY",

803

.doc = "Public openpgp key for gnutls authentication",

804

.group = 2 },

805

{ .name = "dh-bits", .key = 129,

806

.arg = "BITS",

807

.doc = "dh-bits to use in gnutls communication",

808

.group = 2 },

809

{ .name = "priority", .key = 130,

810

.arg = "PRIORITY",

811

.doc = "GNUTLS priority", .group = 1 },

812

{ .name = NULL }

813

};

814

815

816

error_t parse_opt (int key, char *arg,

817

struct argp_state *state) {

818

/* Get the INPUT argument from `argp_parse', which we know is

819

a pointer to our plugin list pointer. */

820

switch (key) {

821

case 128: /* --debug */

822

debug = true;

823

break;

824

case 'c': /* --connect */

825

connect_to = arg;

826

break;

827

case 'i': /* --interface */

828

interface = arg;

829

break;

830

case 'd': /* --keydir */

831

keydir = arg;

832

break;

833

case 's': /* --seckey */

834

seckeyname = arg;

835

break;

836

case 'p': /* --pubkey */

837

pubkeyname = arg;

838

break;

839

case 129: /* --dh-bits */

840

errno = 0;

841

mc.dh_bits = (unsigned int) strtol(arg, NULL, 10);

842

if (errno){

843

perror("strtol");

844

exit(EXIT_FAILURE);

845

}

846

break;

847

case 130: /* --priority */

848

mc.priority = arg;

849

break;

850

case ARGP_KEY_ARG:

851

argp_usage (state);

852

case ARGP_KEY_END:

853

break;

854

default:

855

return ARGP_ERR_UNKNOWN;

856

}

857

return 0;

858

}

859

860

struct argp argp = { .options = options, .parser = parse_opt,

861

.args_doc = "",

862

.doc = "Mandos client -- Get and decrypt"

863

" passwords from mandos server" };

864

ret = argp_parse (&argp, argc, argv, 0, 0, NULL);

865

if (ret == ARGP_ERR_UNKNOWN){

866

fprintf(stderr, "Unknown error while parsing arguments\n");

867

exitcode = EXIT_FAILURE;

868

goto end;

869

}

870

}

871

872

pubkeyfilename = combinepath(keydir, pubkeyname);

873

if (pubkeyfilename == NULL){

874

perror("combinepath");

875

exitcode = EXIT_FAILURE;

876

goto end;

877

}

878

879

seckeyfilename = combinepath(keydir, seckeyname);

880

if (seckeyfilename == NULL){

881

perror("combinepath");

882

exitcode = EXIT_FAILURE;

883

goto end;

884

}

885

886

ret = init_gnutls_global(&mc, pubkeyfilename, seckeyfilename);

887

if (ret == -1){

888

fprintf(stderr, "init_gnutls_global failed\n");

889

exitcode = EXIT_FAILURE;

890

goto end;

891

} else {

892

gnutls_initalized = true;

893

}

894

895

/* If the interface is down, bring it up */

896

{

897

sd = socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP);

898

if(sd < 0) {

899

perror("socket");

900

exitcode = EXIT_FAILURE;

901

goto end;

902

}

903

strcpy(network.ifr_name, interface);

904

ret = ioctl(sd, SIOCGIFFLAGS, &network);

905

if(ret == -1){

906

perror("ioctl SIOCGIFFLAGS");

907

exitcode = EXIT_FAILURE;

908

goto end;

909

}

910

if((network.ifr_flags & IFF_UP) == 0){

911

network.ifr_flags |= IFF_UP;

912

ret = ioctl(sd, SIOCSIFFLAGS, &network);

913

if(ret == -1){

914

perror("ioctl SIOCSIFFLAGS");

915

exitcode = EXIT_FAILURE;

916

goto end;

917

}

918

}

919

close(sd);

920

}

921

922

uid = getuid();

923

gid = getgid();

924

925

ret = setuid(uid);

926

if (ret == -1){

927

perror("setuid");

928

}

929

930

setgid(gid);

931

if (ret == -1){

932

perror("setgid");

933

}

934

935

if_index = (AvahiIfIndex) if_nametoindex(interface);

936

if(if_index == 0){

937

fprintf(stderr, "No such interface: \"%s\"\n", interface);

938

exit(EXIT_FAILURE);

939

}

940

941

if(connect_to != NULL){

942

/* Connect directly, do not use Zeroconf */

943

/* (Mainly meant for debugging) */

944

char *address = strrchr(connect_to, ':');

945

if(address == NULL){

946

fprintf(stderr, "No colon in address\n");

947

exitcode = EXIT_FAILURE;

948

goto end;

949

}

950

errno = 0;

951

uint16_t port = (uint16_t) strtol(address+1, NULL, 10);

952

if(errno){

953

perror("Bad port number");

954

exitcode = EXIT_FAILURE;

955

goto end;

956

}

957

*address = '\0';

958

address = connect_to;

959

ret = start_mandos_communication(address, port, if_index, &mc);

960

if(ret < 0){

961

exitcode = EXIT_FAILURE;

962

} else {

963

exitcode = EXIT_SUCCESS;

964

}

965

goto end;

966

}

967

643

644

while (true){

645

static struct option long_options[] = {

646

{"debug", no_argument, (int *)&debug, 1},

647

{"interface", required_argument, 0, 'i'},

648

{"certdir", required_argument, 0, 'd'},

649

{"certkey", required_argument, 0, 'c'},

650

{"certfile", required_argument, 0, 'k'},

651

{0, 0, 0, 0} };

652

653

int option_index = 0;

654

ret = getopt_long (argc, argv, "i:", long_options,

655

&option_index);

656

657

if (ret == -1){

658

break;

659

}

660

661

switch(ret){

662

case 0:

663

break;

664

case 'i':

665

interface = optarg;

666

break;

667

case 'd':

668

certdir = optarg;

669

break;

670

case 'c':

671

certfile = optarg;

672

break;

673

case 'k':

674

certkey = optarg;

675

break;

676

default:

677

exit(EXIT_FAILURE);

678

}

679

}

680

681

certfile = combinestrings(certdir, certfile);

682

if (certfile == NULL){

683

goto exit;

684

}

685

686

certkey = combinestrings(certdir, certkey);

687

if (certkey == NULL){

688

goto exit;

689

}

690

968

691

if (not debug){

969

692

avahi_set_log_function(empty_log);

970

693

}

971

694

972

/* Initialize the pseudo-RNG for Avahi */

695

/* Initialize the psuedo-RNG */

973

696

srand((unsigned int) time(NULL));

974

975

/* Allocate main Avahi loop object */

976

mc.simple_poll = avahi_simple_poll_new();

977

if (mc.simple_poll == NULL) {

978

fprintf(stderr, "Avahi: Failed to create simple poll"

979

" object.\n");

980

exitcode = EXIT_FAILURE;

981

goto end;

982

}

983

984

{

985

AvahiServerConfig config;

986

/* Do not publish any local Zeroconf records */

987

avahi_server_config_init(&config);

988

config.publish_hinfo = 0;

989

config.publish_addresses = 0;

990

config.publish_workstation = 0;

991

config.publish_domain = 0;

992

993

/* Allocate a new server */

994

mc.server = avahi_server_new(avahi_simple_poll_get

995

(mc.simple_poll), &config, NULL,

996

NULL, &error);

997

998

/* Free the Avahi configuration data */

999

avahi_server_config_free(&config);

1000

}

1001

1002

/* Check if creating the Avahi server object succeeded */

1003

if (mc.server == NULL) {

1004

fprintf(stderr, "Failed to create Avahi server: %s\n",

697

698

/* Allocate main loop object */

699

if (!(simple_poll = avahi_simple_poll_new())) {

700

fprintf(stderr, "Failed to create simple poll object.\n");

701

702

goto exit;

703

}

704

705

/* Do not publish any local records */

706

avahi_server_config_init(&config);

707

config.publish_hinfo = 0;

708

config.publish_addresses = 0;

709

config.publish_workstation = 0;

710

config.publish_domain = 0;

711

712

/* Allocate a new server */

713

server = avahi_server_new(avahi_simple_poll_get(simple_poll),

714

&config, NULL, NULL, &error);

715

716

/* Free the configuration data */

717

avahi_server_config_free(&config);

718

719

/* Check if creating the server object succeeded */

720

if (!server) {

721

fprintf(stderr, "Failed to create server: %s\n",

1005

722

avahi_strerror(error));

1006

exitcode = EXIT_FAILURE;

1007

goto end;

723

returncode = EXIT_FAILURE;

724

goto exit;

1008

725

}

1009

726

1010

/* Create the Avahi service browser */

1011

sb = avahi_s_service_browser_new(mc.server, if_index,

727

/* Create the service browser */

728

sb = avahi_s_service_browser_new(server,

729

(AvahiIfIndex)

730

if_nametoindex(interface),

1012

731

AVAHI_PROTO_INET6,

1013

732

"_mandos._tcp", NULL, 0,

1014

browse_callback, &mc);

1015

if (sb == NULL) {

733

browse_callback, server);

734

if (!sb) {

1016

735

fprintf(stderr, "Failed to create service browser: %s\n",

1017

avahi_strerror(avahi_server_errno(mc.server)));

1018

exitcode = EXIT_FAILURE;

1019

goto end;

736

avahi_strerror(avahi_server_errno(server)));

737

returncode = EXIT_FAILURE;

738

goto exit;

1020

739

}

1021

740

1022

741

/* Run the main loop */

1023

742

1024

743

if (debug){

1025

fprintf(stderr, "Starting Avahi loop search\n");

744

fprintf(stderr, "Starting avahi loop search\n");

1026

745

}

1027

746

1028

avahi_simple_poll_loop(mc.simple_poll);

747

avahi_simple_poll_loop(simple_poll);

1029

748

1030

end:

749

exit:

1031

750

1032

751

if (debug){

1033

752

fprintf(stderr, "%s exiting\n", argv[0]);

1034

753

}

1035

754

1036

755

/* Cleanup things */

1037

if (sb != NULL)

756

if (sb)

1038

757

avahi_s_service_browser_free(sb);

1039

758

1040

if (mc.server != NULL)

1041

avahi_server_free(mc.server);

1042

1043

if (mc.simple_poll != NULL)

1044

avahi_simple_poll_free(mc.simple_poll);

1045

free(pubkeyfilename);

1046

free(seckeyfilename);

1047

1048

if (gnutls_initalized){

1049

gnutls_certificate_free_credentials(mc.cred);

1050

gnutls_global_deinit ();

1051

}

1052

1053

return exitcode;

759

if (server)

760

avahi_server_free(server);

761

762

if (simple_poll)

763

avahi_simple_poll_free(simple_poll);

764

765

return returncode;

1054

766

}

Older »