To get this branch, use:
bzr branch
http://bzr.recompile.se/loggerhead/mandos/release
« back to all changes in this revision
Viewing changes to plugins.d/mandosclient.c
- browse files at revision 24.1.4
- compare with another revision
- download diff
- download tarball
- view history from revision 24.1.4
- Committer: Björn Påhlsson
- Date: 2008-07-30 02:11:33 UTC
- mto: (237.7.1 mandos) (24.1.154 mandos)
- mto: This revision was merged to the branch mainline in revision 30.
- Revision ID: belorn@braxen-20080730021133-q341llq93r328q5b
Added optional parameters certdir, certkey and certfile that can be iven at start in the command line.
- files added:
- ca.pem
- files removed:
- .bzrignore
- files renamed:
- clients.conf => mandos-clients.conf
- plugin-runner.c => plugbasedclient.c
- plugins.d/password-request.c => plugins.d/mandosclient.c
- plugins.d/password-prompt.c => plugins.d/passprompt.c
- mandos => server.py
- files modified:
- Makefile
added
removed
plugins.d/mandosclient.c
8
8
* includes the following functions: "resolve_callback",
9
9
* "browse_callback", and parts of "main".
10
10
*
11
* Everything else is
12
* Copyright © 2007-2008 Teddy Hogeborn & Björn Påhlsson
11
* Everything else is Copyright © 2007-2008 Teddy Hogeborn and Björn
12
* Påhlsson.
13
13
*
14
14
* This program is free software: you can redistribute it and/or
15
15
* modify it under the terms of the GNU General Public License as
25
25
* along with this program. If not, see
26
26
* <http://www.gnu.org/licenses/>.
27
27
*
28
* Contact the authors at <mandos@fukt.bsnet.se>.
28
* Contact the authors at <https://www.fukt.bsnet.se/~belorn/> and
29
* <https://www.fukt.bsnet.se/~teddy/>.
29
30
*/
30
31
31
/* Needed by GPGME, specifically gpgme_data_seek() */
32
#define _FORTIFY_SOURCE 2
33
32
34
#define _LARGEFILE_SOURCE
33
35
#define _FILE_OFFSET_BITS 64
34
36
35
#define _GNU_SOURCE /* TEMP_FAILURE_RETRY(), asprintf() */
36
37
#include <stdio.h> /* fprintf(), stderr, fwrite(),
38
stdout, ferror() */
39
#include <stdint.h> /* uint16_t, uint32_t */
40
#include <stddef.h> /* NULL, size_t, ssize_t */
41
#include <stdlib.h> /* free(), EXIT_SUCCESS, EXIT_FAILURE,
42
srand() */
43
#include <stdbool.h> /* bool, true */
44
#include <string.h> /* memset(), strcmp(), strlen(),
45
strerror(), asprintf(), strcpy() */
46
#include <sys/ioctl.h> /* ioctl */
47
#include <sys/types.h> /* socket(), inet_pton(), sockaddr,
48
sockaddr_in6, PF_INET6,
49
SOCK_STREAM, INET6_ADDRSTRLEN,
50
uid_t, gid_t, open(), opendir(), DIR */
51
#include <sys/stat.h> /* open() */
52
#include <sys/socket.h> /* socket(), struct sockaddr_in6,
53
struct in6_addr, inet_pton(),
54
connect() */
55
#include <fcntl.h> /* open() */
56
#include <dirent.h> /* opendir(), struct dirent, readdir() */
57
#include <inttypes.h> /* PRIu16 */
58
#include <assert.h> /* assert() */
59
#include <errno.h> /* perror(), errno */
60
#include <time.h> /* time() */
61
#include <net/if.h> /* ioctl, ifreq, SIOCGIFFLAGS, IFF_UP,
62
SIOCSIFFLAGS, if_indextoname(),
63
if_nametoindex(), IF_NAMESIZE */
64
#include <netinet/in.h>
65
#include <unistd.h> /* close(), SEEK_SET, off_t, write(),
66
getuid(), getgid(), setuid(),
67
setgid() */
68
#include <arpa/inet.h> /* inet_pton(), htons */
69
#include <iso646.h> /* not, and */
70
#include <argp.h> /* struct argp_option, error_t, struct
71
argp_state, struct argp,
72
argp_parse(), ARGP_KEY_ARG,
73
ARGP_KEY_END, ARGP_ERR_UNKNOWN */
74
75
/* Avahi */
76
/* All Avahi types, constants and functions
77
Avahi*, avahi_*,
78
AVAHI_* */
37
#include <stdio.h>
38
#include <assert.h>
39
#include <stdlib.h>
40
#include <time.h>
41
#include <net/if.h> /* if_nametoindex */
42
79
43
#include <avahi-core/core.h>
80
44
#include <avahi-core/lookup.h>
81
45
#include <avahi-core/log.h>
83
47
#include <avahi-common/malloc.h>
84
48
#include <avahi-common/error.h>
85
49
86
/* GnuTLS */
87
#include <gnutls/gnutls.h> /* All GnuTLS types, constants and
88
functions:
89
gnutls_*
90
init_gnutls_session(),
91
GNUTLS_* */
92
#include <gnutls/openpgp.h> /* gnutls_certificate_set_openpgp_key_file(),
93
GNUTLS_OPENPGP_FMT_BASE64 */
94
95
/* GPGME */
96
#include <gpgme.h> /* All GPGME types, constants and
97
functions:
98
gpgme_*
99
GPGME_PROTOCOL_OpenPGP,
100
GPG_ERR_NO_* */
50
//mandos client part
51
#include <sys/types.h> /* socket(), inet_pton() */
52
#include <sys/socket.h> /* socket(), struct sockaddr_in6,
53
struct in6_addr, inet_pton() */
54
#include <gnutls/gnutls.h> /* All GnuTLS stuff */
55
#include <gnutls/openpgp.h> /* GnuTLS with openpgp stuff */
56
57
#include <unistd.h> /* close() */
58
#include <netinet/in.h>
59
#include <stdbool.h> /* true */
60
#include <string.h> /* memset */
61
#include <arpa/inet.h> /* inet_pton() */
62
#include <iso646.h> /* not */
63
64
// gpgme
65
#include <errno.h> /* perror() */
66
#include <gpgme.h>
67
68
// getopt long
69
#include <getopt.h>
101
70
102
71
#define BUFFER_SIZE 256
103
104
/*
105
#define PATHDIR "/conf/conf.d/mandos"
106
*/
107
108
#define PATHDIR "/conf/conf.d/mandos"
109
#define SECKEY "seckey.txt"
110
#define PUBKEY "pubkey.txt"
72
#define DH_BITS 1024
73
74
const char *certdir = "/conf/conf.d/cryptkeyreq/";
75
const char *certfile = "openpgp-client.txt";
76
const char *certkey = "openpgp-client-key.txt";
111
77
112
78
bool debug = false;
113
static const char mandos_protocol_version[] = "1";
114
const char *argp_program_version = "password-request 1.0";
115
const char *argp_program_bug_address = "<mandos@fukt.bsnet.se>";
116
79
117
/* Used for passing in values through the Avahi callback functions */
118
80
typedef struct {
119
AvahiSimplePoll *simple_poll;
120
AvahiServer *server;
81
gnutls_session_t session;
121
82
gnutls_certificate_credentials_t cred;
122
unsigned int dh_bits;
123
83
gnutls_dh_params_t dh_params;
124
const char *priority;
84
} encrypted_session;
85
86
87
ssize_t pgp_packet_decrypt (char *packet, size_t packet_size,
88
char **new_packet, const char *homedir){
89
gpgme_data_t dh_crypto, dh_plain;
125
90
gpgme_ctx_t ctx;
126
} mandos_context;
127
128
/*
129
* Make room in "buffer" for at least BUFFER_SIZE additional bytes.
130
* "buffer_capacity" is how much is currently allocated,
131
* "buffer_length" is how much is already used.
132
*/
133
size_t adjustbuffer(char **buffer, size_t buffer_length,
134
size_t buffer_capacity){
135
if (buffer_length + BUFFER_SIZE > buffer_capacity){
136
*buffer = realloc(*buffer, buffer_capacity + BUFFER_SIZE);
137
if (buffer == NULL){
138
return 0;
139
}
140
buffer_capacity += BUFFER_SIZE;
141
}
142
return buffer_capacity;
143
}
144
145
/*
146
* Initialize GPGME.
147
*/
148
static bool init_gpgme(mandos_context *mc, const char *seckey,
149
const char *pubkey, const char *tempdir){
150
int ret;
151
91
gpgme_error_t rc;
92
ssize_t ret;
93
ssize_t new_packet_capacity = 0;
94
ssize_t new_packet_length = 0;
152
95
gpgme_engine_info_t engine_info;
153
154
155
/*
156
* Helper function to insert pub and seckey to the enigne keyring.
157
*/
158
bool import_key(const char *filename){
159
int fd;
160
gpgme_data_t pgp_data;
161
162
fd = TEMP_FAILURE_RETRY(open(filename, O_RDONLY));
163
if(fd == -1){
164
perror("open");
165
return false;
166
}
167
168
rc = gpgme_data_new_from_fd(&pgp_data, fd);
169
if (rc != GPG_ERR_NO_ERROR){
170
fprintf(stderr, "bad gpgme_data_new_from_fd: %s: %s\n",
171
gpgme_strsource(rc), gpgme_strerror(rc));
172
return false;
173
}
174
175
rc = gpgme_op_import(mc->ctx, pgp_data);
176
if (rc != GPG_ERR_NO_ERROR){
177
fprintf(stderr, "bad gpgme_op_import: %s: %s\n",
178
gpgme_strsource(rc), gpgme_strerror(rc));
179
return false;
180
}
181
182
ret = TEMP_FAILURE_RETRY(close(fd));
183
if(ret == -1){
184
perror("close");
185
}
186
gpgme_data_release(pgp_data);
187
return true;
188
}
189
96
190
97
if (debug){
191
fprintf(stderr, "Initialize gpgme\n");
98
fprintf(stderr, "Trying to decrypt OpenPGP packet\n");
192
99
}
193
100
194
101
/* Init GPGME */
197
104
if (rc != GPG_ERR_NO_ERROR){
198
105
fprintf(stderr, "bad gpgme_engine_check_version: %s: %s\n",
199
106
gpgme_strsource(rc), gpgme_strerror(rc));
200
return false;
107
return -1;
201
108
}
202
109
203
/* Set GPGME home directory for the OpenPGP engine only */
110
/* Set GPGME home directory */
204
111
rc = gpgme_get_engine_info (&engine_info);
205
112
if (rc != GPG_ERR_NO_ERROR){
206
113
fprintf(stderr, "bad gpgme_get_engine_info: %s: %s\n",
207
114
gpgme_strsource(rc), gpgme_strerror(rc));
208
return false;
115
return -1;
209
116
}
210
117
while(engine_info != NULL){
211
118
if(engine_info->protocol == GPGME_PROTOCOL_OpenPGP){
212
119
gpgme_set_engine_info(GPGME_PROTOCOL_OpenPGP,
213
engine_info->file_name, tempdir);
120
engine_info->file_name, homedir);
214
121
break;
215
122
}
216
123
engine_info = engine_info->next;
217
124
}
218
125
if(engine_info == NULL){
219
fprintf(stderr, "Could not set GPGME home dir to %s\n", tempdir);
220
return false;
221
}
222
223
/* Create new GPGME "context" */
224
rc = gpgme_new(&(mc->ctx));
225
if (rc != GPG_ERR_NO_ERROR){
226
fprintf(stderr, "bad gpgme_new: %s: %s\n",
227
gpgme_strsource(rc), gpgme_strerror(rc));
228
return false;
229
}
230
231
if (not import_key(pubkey) or not import_key(seckey)){
232
return false;
233
}
234
235
return true;
236
}
237
238
/*
239
* Decrypt OpenPGP data.
240
* Returns -1 on error
241
*/
242
static ssize_t pgp_packet_decrypt (const mandos_context *mc,
243
const char *cryptotext,
244
size_t crypto_size,
245
char **plaintext){
246
gpgme_data_t dh_crypto, dh_plain;
247
gpgme_error_t rc;
248
ssize_t ret;
249
size_t plaintext_capacity = 0;
250
ssize_t plaintext_length = 0;
251
252
if (debug){
253
fprintf(stderr, "Trying to decrypt OpenPGP data\n");
254
}
255
256
/* Create new GPGME data buffer from memory cryptotext */
257
rc = gpgme_data_new_from_mem(&dh_crypto, cryptotext, crypto_size,
258
0);
126
fprintf(stderr, "Could not set home dir to %s\n", homedir);
127
return -1;
128
}
129
130
/* Create new GPGME data buffer from packet buffer */
131
rc = gpgme_data_new_from_mem(&dh_crypto, packet, packet_size, 0);
259
132
if (rc != GPG_ERR_NO_ERROR){
260
133
fprintf(stderr, "bad gpgme_data_new_from_mem: %s: %s\n",
261
134
gpgme_strsource(rc), gpgme_strerror(rc));
267
140
if (rc != GPG_ERR_NO_ERROR){
268
141
fprintf(stderr, "bad gpgme_data_new: %s: %s\n",
269
142
gpgme_strsource(rc), gpgme_strerror(rc));
270
gpgme_data_release(dh_crypto);
271
return -1;
272
}
273
274
/* Decrypt data from the cryptotext data buffer to the plaintext
275
data buffer */
276
rc = gpgme_op_decrypt(mc->ctx, dh_crypto, dh_plain);
143
return -1;
144
}
145
146
/* Create new GPGME "context" */
147
rc = gpgme_new(&ctx);
148
if (rc != GPG_ERR_NO_ERROR){
149
fprintf(stderr, "bad gpgme_new: %s: %s\n",
150
gpgme_strsource(rc), gpgme_strerror(rc));
151
return -1;
152
}
153
154
/* Decrypt data from the FILE pointer to the plaintext data
155
buffer */
156
rc = gpgme_op_decrypt(ctx, dh_crypto, dh_plain);
277
157
if (rc != GPG_ERR_NO_ERROR){
278
158
fprintf(stderr, "bad gpgme_op_decrypt: %s: %s\n",
279
159
gpgme_strsource(rc), gpgme_strerror(rc));
280
plaintext_length = -1;
281
if (debug){
282
gpgme_decrypt_result_t result;
283
result = gpgme_op_decrypt_result(mc->ctx);
284
if (result == NULL){
285
fprintf(stderr, "gpgme_op_decrypt_result failed\n");
286
} else {
287
fprintf(stderr, "Unsupported algorithm: %s\n",
288
result->unsupported_algorithm);
289
fprintf(stderr, "Wrong key usage: %u\n",
290
result->wrong_key_usage);
291
if(result->file_name != NULL){
292
fprintf(stderr, "File name: %s\n", result->file_name);
293
}
294
gpgme_recipient_t recipient;
295
recipient = result->recipients;
296
if(recipient){
297
while(recipient != NULL){
298
fprintf(stderr, "Public key algorithm: %s\n",
299
gpgme_pubkey_algo_name(recipient->pubkey_algo));
300
fprintf(stderr, "Key ID: %s\n", recipient->keyid);
301
fprintf(stderr, "Secret key available: %s\n",
302
recipient->status == GPG_ERR_NO_SECKEY
303
? "No" : "Yes");
304
recipient = recipient->next;
305
}
160
return -1;
161
}
162
163
if(debug){
164
fprintf(stderr, "Decryption of OpenPGP packet succeeded\n");
165
}
166
167
if (debug){
168
gpgme_decrypt_result_t result;
169
result = gpgme_op_decrypt_result(ctx);
170
if (result == NULL){
171
fprintf(stderr, "gpgme_op_decrypt_result failed\n");
172
} else {
173
fprintf(stderr, "Unsupported algorithm: %s\n",
174
result->unsupported_algorithm);
175
fprintf(stderr, "Wrong key usage: %d\n",
176
result->wrong_key_usage);
177
if(result->file_name != NULL){
178
fprintf(stderr, "File name: %s\n", result->file_name);
179
}
180
gpgme_recipient_t recipient;
181
recipient = result->recipients;
182
if(recipient){
183
while(recipient != NULL){
184
fprintf(stderr, "Public key algorithm: %s\n",
185
gpgme_pubkey_algo_name(recipient->pubkey_algo));
186
fprintf(stderr, "Key ID: %s\n", recipient->keyid);
187
fprintf(stderr, "Secret key available: %s\n",
188
recipient->status == GPG_ERR_NO_SECKEY
189
? "No" : "Yes");
190
recipient = recipient->next;
306
191
}
307
192
}
308
193
}
309
goto decrypt_end;
310
194
}
311
195
312
if(debug){
313
fprintf(stderr, "Decryption of OpenPGP data succeeded\n");
314
}
196
/* Delete the GPGME FILE pointer cryptotext data buffer */
197
gpgme_data_release(dh_crypto);
315
198
316
199
/* Seek back to the beginning of the GPGME plaintext data buffer */
317
if (gpgme_data_seek(dh_plain, (off_t) 0, SEEK_SET) == -1){
318
perror("pgpme_data_seek");
319
plaintext_length = -1;
320
goto decrypt_end;
321
}
322
323
*plaintext = NULL;
200
gpgme_data_seek(dh_plain, (off_t) 0, SEEK_SET);
201
202
*new_packet = 0;
324
203
while(true){
325
plaintext_capacity = adjustbuffer(plaintext,
326
(size_t)plaintext_length,
327
plaintext_capacity);
328
if (plaintext_capacity == 0){
329
perror("adjustbuffer");
330
plaintext_length = -1;
331
goto decrypt_end;
204
if (new_packet_length + BUFFER_SIZE > new_packet_capacity){
205
*new_packet = realloc(*new_packet,
206
(unsigned int)new_packet_capacity
207
+ BUFFER_SIZE);
208
if (*new_packet == NULL){
209
perror("realloc");
210
return -1;
211
}
212
new_packet_capacity += BUFFER_SIZE;
332
213
}
333
214
334
ret = gpgme_data_read(dh_plain, *plaintext + plaintext_length,
215
ret = gpgme_data_read(dh_plain, *new_packet + new_packet_length,
335
216
BUFFER_SIZE);
336
217
/* Print the data, if any */
337
218
if (ret == 0){
338
/* EOF */
339
219
break;
340
220
}
341
221
if(ret < 0){
342
222
perror("gpgme_data_read");
343
plaintext_length = -1;
344
goto decrypt_end;
345
}
346
plaintext_length += ret;
347
}
348
349
if(debug){
350
fprintf(stderr, "Decrypted password is: ");
351
for(ssize_t i = 0; i < plaintext_length; i++){
352
fprintf(stderr, "%02hhX ", (*plaintext)[i]);
353
}
354
fprintf(stderr, "\n");
355
}
356
357
decrypt_end:
358
359
/* Delete the GPGME cryptotext data buffer */
360
gpgme_data_release(dh_crypto);
223
return -1;
224
}
225
new_packet_length += ret;
226
}
227
228
/* FIXME: check characters before printing to screen so to not print
229
terminal control characters */
230
/* if(debug){ */
231
/* fprintf(stderr, "decrypted password is: "); */
232
/* fwrite(*new_packet, 1, new_packet_length, stderr); */
233
/* fprintf(stderr, "\n"); */
234
/* } */
361
235
362
236
/* Delete the GPGME plaintext data buffer */
363
237
gpgme_data_release(dh_plain);
364
return plaintext_length;
238
return new_packet_length;
365
239
}
366
240
367
241
static const char * safer_gnutls_strerror (int value) {
368
const char *ret = gnutls_strerror (value); /* Spurious warning */
242
const char *ret = gnutls_strerror (value);
369
243
if (ret == NULL)
370
244
ret = "(unknown)";
371
245
return ret;
372
246
}
373
247
374
/* GnuTLS log function callback */
375
static void debuggnutls(__attribute__((unused)) int level,
376
const char* string){
377
fprintf(stderr, "GnuTLS: %s", string);
248
void debuggnutls(__attribute__((unused)) int level,
249
const char* string){
250
fprintf(stderr, "%s", string);
378
251
}
379
252
380
static int init_gnutls_global(mandos_context *mc,
381
const char *pubkeyfilename,
382
const char *seckeyfilename){
253
int initgnutls(encrypted_session *es){
254
const char *err;
383
255
int ret;
384
256
385
257
if(debug){
386
258
fprintf(stderr, "Initializing GnuTLS\n");
387
259
}
388
389
ret = gnutls_global_init();
390
if (ret != GNUTLS_E_SUCCESS) {
391
fprintf (stderr, "GnuTLS global_init: %s\n",
392
safer_gnutls_strerror(ret));
260
261
if ((ret = gnutls_global_init ())
262
!= GNUTLS_E_SUCCESS) {
263
fprintf (stderr, "global_init: %s\n", safer_gnutls_strerror(ret));
393
264
return -1;
394
265
}
395
266
396
267
if (debug){
397
/* "Use a log level over 10 to enable all debugging options."
398
* - GnuTLS manual
399
*/
400
268
gnutls_global_set_log_level(11);
401
269
gnutls_global_set_log_function(debuggnutls);
402
270
}
403
271
404
/* OpenPGP credentials */
405
gnutls_certificate_allocate_credentials(&mc->cred);
406
if (ret != GNUTLS_E_SUCCESS){
407
fprintf (stderr, "GnuTLS memory error: %s\n", /* Spurious
408
warning */
272
/* openpgp credentials */
273
if ((ret = gnutls_certificate_allocate_credentials (&es->cred))
274
!= GNUTLS_E_SUCCESS) {
275
fprintf (stderr, "memory error: %s\n",
409
276
safer_gnutls_strerror(ret));
410
gnutls_global_deinit ();
411
277
return -1;
412
278
}
413
279
414
280
if(debug){
415
fprintf(stderr, "Attempting to use OpenPGP public key %s and"
416
" secret key %s as GnuTLS credentials\n", pubkeyfilename,
417
seckeyfilename);
281
fprintf(stderr, "Attempting to use OpenPGP certificate %s"
282
" and keyfile %s as GnuTLS credentials\n", certfile,
283
certkey);
418
284
}
419
285
420
286
ret = gnutls_certificate_set_openpgp_key_file
421
(mc->cred, pubkeyfilename, seckeyfilename,
422
GNUTLS_OPENPGP_FMT_BASE64);
287
(es->cred, certfile, certkey, GNUTLS_OPENPGP_FMT_BASE64);
423
288
if (ret != GNUTLS_E_SUCCESS) {
424
fprintf(stderr,
425
"Error[%d] while reading the OpenPGP key pair ('%s',"
426
" '%s')\n", ret, pubkeyfilename, seckeyfilename);
427
fprintf(stderr, "The GnuTLS error is: %s\n",
289
fprintf
290
(stderr, "Error[%d] while reading the OpenPGP key pair ('%s',"
291
" '%s')\n",
292
ret, certfile, certkey);
293
fprintf(stdout, "The Error is: %s\n",
428
294
safer_gnutls_strerror(ret));
429
goto globalfail;
430
}
431
432
/* GnuTLS server initialization */
433
ret = gnutls_dh_params_init(&mc->dh_params);
434
if (ret != GNUTLS_E_SUCCESS) {
435
fprintf (stderr, "Error in GnuTLS DH parameter initialization:"
436
" %s\n", safer_gnutls_strerror(ret));
437
goto globalfail;
438
}
439
ret = gnutls_dh_params_generate2(mc->dh_params, mc->dh_bits);
440
if (ret != GNUTLS_E_SUCCESS) {
441
fprintf (stderr, "Error in GnuTLS prime generation: %s\n",
442
safer_gnutls_strerror(ret));
443
goto globalfail;
444
}
445
446
gnutls_certificate_set_dh_params(mc->cred, mc->dh_params);
447
448
return 0;
449
450
globalfail:
451
452
gnutls_certificate_free_credentials(mc->cred);
453
gnutls_global_deinit();
454
return -1;
455
}
456
457
static int init_gnutls_session(mandos_context *mc,
458
gnutls_session_t *session){
459
int ret;
460
/* GnuTLS session creation */
461
ret = gnutls_init(session, GNUTLS_SERVER);
462
if (ret != GNUTLS_E_SUCCESS){
295
return -1;
296
}
297
298
//GnuTLS server initialization
299
if ((ret = gnutls_dh_params_init (&es->dh_params))
300
!= GNUTLS_E_SUCCESS) {
301
fprintf (stderr, "Error in dh parameter initialization: %s\n",
302
safer_gnutls_strerror(ret));
303
return -1;
304
}
305
306
if ((ret = gnutls_dh_params_generate2 (es->dh_params, DH_BITS))
307
!= GNUTLS_E_SUCCESS) {
308
fprintf (stderr, "Error in prime generation: %s\n",
309
safer_gnutls_strerror(ret));
310
return -1;
311
}
312
313
gnutls_certificate_set_dh_params (es->cred, es->dh_params);
314
315
// GnuTLS session creation
316
if ((ret = gnutls_init (&es->session, GNUTLS_SERVER))
317
!= GNUTLS_E_SUCCESS){
463
318
fprintf(stderr, "Error in GnuTLS session initialization: %s\n",
464
319
safer_gnutls_strerror(ret));
465
320
}
466
321
467
{
468
const char *err;
469
ret = gnutls_priority_set_direct(*session, mc->priority, &err);
470
if (ret != GNUTLS_E_SUCCESS) {
471
fprintf(stderr, "Syntax error at: %s\n", err);
472
fprintf(stderr, "GnuTLS error: %s\n",
473
safer_gnutls_strerror(ret));
474
gnutls_deinit (*session);
475
return -1;
476
}
322
if ((ret = gnutls_priority_set_direct (es->session, "NORMAL", &err))
323
!= GNUTLS_E_SUCCESS) {
324
fprintf(stderr, "Syntax error at: %s\n", err);
325
fprintf(stderr, "GnuTLS error: %s\n",
326
safer_gnutls_strerror(ret));
327
return -1;
477
328
}
478
329
479
ret = gnutls_credentials_set(*session, GNUTLS_CRD_CERTIFICATE,
480
mc->cred);
481
if (ret != GNUTLS_E_SUCCESS) {
482
fprintf(stderr, "Error setting GnuTLS credentials: %s\n",
330
if ((ret = gnutls_credentials_set
331
(es->session, GNUTLS_CRD_CERTIFICATE, es->cred))
332
!= GNUTLS_E_SUCCESS) {
333
fprintf(stderr, "Error setting a credentials set: %s\n",
483
334
safer_gnutls_strerror(ret));
484
gnutls_deinit (*session);
485
335
return -1;
486
336
}
487
337
488
338
/* ignore client certificate if any. */
489
gnutls_certificate_server_set_request (*session,
339
gnutls_certificate_server_set_request (es->session,
490
340
GNUTLS_CERT_IGNORE);
491
341
492
gnutls_dh_set_prime_bits (*session, mc->dh_bits);
342
gnutls_dh_set_prime_bits (es->session, DH_BITS);
493
343
494
344
return 0;
495
345
}
496
346
497
/* Avahi log function callback */
498
static void empty_log(__attribute__((unused)) AvahiLogLevel level,
499
__attribute__((unused)) const char *txt){}
347
void empty_log(__attribute__((unused)) AvahiLogLevel level,
348
__attribute__((unused)) const char *txt){}
500
349
501
/* Called when a Mandos server is found */
502
static int start_mandos_communication(const char *ip, uint16_t port,
503
AvahiIfIndex if_index,
504
mandos_context *mc){
350
int start_mandos_communication(const char *ip, uint16_t port,
351
unsigned int if_index){
505
352
int ret, tcp_sd;
506
union { struct sockaddr in; struct sockaddr_in6 in6; } to;
353
struct sockaddr_in6 to;
354
encrypted_session es;
507
355
char *buffer = NULL;
508
356
char *decrypted_buffer;
509
357
size_t buffer_length = 0;
510
358
size_t buffer_capacity = 0;
511
359
ssize_t decrypted_buffer_size;
512
size_t written;
360
size_t written = 0;
513
361
int retval = 0;
514
362
char interface[IF_NAMESIZE];
515
gnutls_session_t session;
516
517
ret = init_gnutls_session (mc, &session);
518
if (ret != 0){
519
return -1;
520
}
521
363
522
364
if(debug){
523
fprintf(stderr, "Setting up a tcp connection to %s, port %" PRIu16
524
"\n", ip, port);
365
fprintf(stderr, "Setting up a tcp connection to %s\n", ip);
525
366
}
526
367
527
368
tcp_sd = socket(PF_INET6, SOCK_STREAM, 0);
530
371
return -1;
531
372
}
532
373
533
if(debug){
534
if(if_indextoname((unsigned int)if_index, interface) == NULL){
374
if(if_indextoname(if_index, interface) == NULL){
375
if(debug){
535
376
perror("if_indextoname");
536
return -1;
537
377
}
378
return -1;
379
}
380
381
if(debug){
538
382
fprintf(stderr, "Binding to interface %s\n", interface);
539
383
}
540
384
541
memset(&to, 0, sizeof(to));
542
to.in6.sin6_family = AF_INET6;
543
/* It would be nice to have a way to detect if we were passed an
544
IPv4 address here. Now we assume an IPv6 address. */
545
ret = inet_pton(AF_INET6, ip, &to.in6.sin6_addr);
385
memset(&to,0,sizeof(to)); /* Spurious warning */
386
to.sin6_family = AF_INET6;
387
ret = inet_pton(AF_INET6, ip, &to.sin6_addr);
546
388
if (ret < 0 ){
547
389
perror("inet_pton");
548
390
return -1;
549
}
391
}
550
392
if(ret == 0){
551
393
fprintf(stderr, "Bad address: %s\n", ip);
552
394
return -1;
553
395
}
554
to.in6.sin6_port = htons(port); /* Spurious warning */
396
to.sin6_port = htons(port); /* Spurious warning */
555
397
556
to.in6.sin6_scope_id = (uint32_t)if_index;
398
to.sin6_scope_id = (uint32_t)if_index;
557
399
558
400
if(debug){
559
fprintf(stderr, "Connection to: %s, port %" PRIu16 "\n", ip,
560
port);
561
char addrstr[INET6_ADDRSTRLEN] = "";
562
if(inet_ntop(to.in6.sin6_family, &(to.in6.sin6_addr), addrstr,
563
sizeof(addrstr)) == NULL){
564
perror("inet_ntop");
565
} else {
566
if(strcmp(addrstr, ip) != 0){
567
fprintf(stderr, "Canonical address form: %s\n", addrstr);
568
}
569
}
401
fprintf(stderr, "Connection to: %s\n", ip);
570
402
}
571
403
572
ret = connect(tcp_sd, &to.in, sizeof(to));
404
ret = connect(tcp_sd, (struct sockaddr *) &to, sizeof(to));
573
405
if (ret < 0){
574
406
perror("connect");
575
407
return -1;
576
408
}
577
409
578
const char *out = mandos_protocol_version;
579
written = 0;
580
while (true){
581
size_t out_size = strlen(out);
582
ret = TEMP_FAILURE_RETRY(write(tcp_sd, out + written,
583
out_size - written));
584
if (ret == -1){
585
perror("write");
586
retval = -1;
587
goto mandos_end;
588
}
589
written += (size_t)ret;
590
if(written < out_size){
591
continue;
592
} else {
593
if (out == mandos_protocol_version){
594
written = 0;
595
out = "\r\n";
596
} else {
597
break;
598
}
599
}
410
ret = initgnutls (&es);
411
if (ret != 0){
412
retval = -1;
413
return -1;
600
414
}
601
415
416
gnutls_transport_set_ptr (es.session,
417
(gnutls_transport_ptr_t) tcp_sd);
418
602
419
if(debug){
603
420
fprintf(stderr, "Establishing TLS session with %s\n", ip);
604
421
}
605
422
606
gnutls_transport_set_ptr (session, (gnutls_transport_ptr_t) tcp_sd);
607
608
do{
609
ret = gnutls_handshake (session);
610
} while(ret == GNUTLS_E_AGAIN or ret == GNUTLS_E_INTERRUPTED);
423
ret = gnutls_handshake (es.session);
611
424
612
425
if (ret != GNUTLS_E_SUCCESS){
613
426
if(debug){
614
fprintf(stderr, "*** GnuTLS Handshake failed ***\n");
427
fprintf(stderr, "\n*** Handshake failed ***\n");
615
428
gnutls_perror (ret);
616
429
}
617
430
retval = -1;
618
goto mandos_end;
431
goto exit;
619
432
}
620
433
621
/* Read OpenPGP packet that contains the wanted password */
434
//Retrieve OpenPGP packet that contains the wanted password
622
435
623
436
if(debug){
624
437
fprintf(stderr, "Retrieving pgp encrypted password from %s\n",
625
438
ip);
626
439
}
627
440
628
441
while(true){
629
buffer_capacity = adjustbuffer(&buffer, buffer_length,
630
buffer_capacity);
631
if (buffer_capacity == 0){
632
perror("adjustbuffer");
633
retval = -1;
634
goto mandos_end;
442
if (buffer_length + BUFFER_SIZE > buffer_capacity){
443
buffer = realloc(buffer, buffer_capacity + BUFFER_SIZE);
444
if (buffer == NULL){
445
perror("realloc");
446
goto exit;
447
}
448
buffer_capacity += BUFFER_SIZE;
635
449
}
636
450
637
ret = gnutls_record_recv(session, buffer+buffer_length,
638
BUFFER_SIZE);
451
ret = gnutls_record_recv
452
(es.session, buffer+buffer_length, BUFFER_SIZE);
639
453
if (ret == 0){
640
454
break;
641
455
}
645
459
case GNUTLS_E_AGAIN:
646
460
break;
647
461
case GNUTLS_E_REHANDSHAKE:
648
do{
649
ret = gnutls_handshake (session);
650
} while(ret == GNUTLS_E_AGAIN or ret == GNUTLS_E_INTERRUPTED);
462
ret = gnutls_handshake (es.session);
651
463
if (ret < 0){
652
fprintf(stderr, "*** GnuTLS Re-handshake failed ***\n");
464
fprintf(stderr, "\n*** Handshake failed ***\n");
653
465
gnutls_perror (ret);
654
466
retval = -1;
655
goto mandos_end;
467
goto exit;
656
468
}
657
469
break;
658
470
default:
659
471
fprintf(stderr, "Unknown error while reading data from"
660
" encrypted session with Mandos server\n");
472
" encrypted session with mandos server\n");
661
473
retval = -1;
662
gnutls_bye (session, GNUTLS_SHUT_RDWR);
663
goto mandos_end;
474
gnutls_bye (es.session, GNUTLS_SHUT_RDWR);
475
goto exit;
664
476
}
665
477
} else {
666
478
buffer_length += (size_t) ret;
667
479
}
668
480
}
669
481
670
if(debug){
671
fprintf(stderr, "Closing TLS session\n");
672
}
673
674
gnutls_bye (session, GNUTLS_SHUT_RDWR);
675
676
482
if (buffer_length > 0){
677
decrypted_buffer_size = pgp_packet_decrypt(mc, buffer,
483
decrypted_buffer_size = pgp_packet_decrypt(buffer,
678
484
buffer_length,
679
&decrypted_buffer);
485
&decrypted_buffer,
486
certdir);
680
487
if (decrypted_buffer_size >= 0){
681
written = 0;
682
while(written < (size_t) decrypted_buffer_size){
488
while(written < decrypted_buffer_size){
683
489
ret = (int)fwrite (decrypted_buffer + written, 1,
684
490
(size_t)decrypted_buffer_size - written,
685
491
stdout);
697
503
} else {
698
504
retval = -1;
699
505
}
700
} else {
701
retval = -1;
702
}
703
704
/* Shutdown procedure */
705
706
mandos_end:
506
}
507
508
//shutdown procedure
509
510
if(debug){
511
fprintf(stderr, "Closing TLS session\n");
512
}
513
707
514
free(buffer);
708
ret = TEMP_FAILURE_RETRY(close(tcp_sd));
709
if(ret == -1){
710
perror("close");
711
}
712
gnutls_deinit (session);
515
gnutls_bye (es.session, GNUTLS_SHUT_RDWR);
516
exit:
517
close(tcp_sd);
518
gnutls_deinit (es.session);
519
gnutls_certificate_free_credentials (es.cred);
520
gnutls_global_deinit ();
713
521
return retval;
714
522
}
715
523
716
static void resolve_callback(AvahiSServiceResolver *r,
717
AvahiIfIndex interface,
718
AVAHI_GCC_UNUSED AvahiProtocol protocol,
719
AvahiResolverEvent event,
720
const char *name,
721
const char *type,
722
const char *domain,
723
const char *host_name,
724
const AvahiAddress *address,
725
uint16_t port,
726
AVAHI_GCC_UNUSED AvahiStringList *txt,
727
AVAHI_GCC_UNUSED AvahiLookupResultFlags
728
flags,
729
void* userdata) {
730
mandos_context *mc = userdata;
731
assert(r);
524
static AvahiSimplePoll *simple_poll = NULL;
525
static AvahiServer *server = NULL;
526
527
static void resolve_callback(
528
AvahiSServiceResolver *r,
529
AvahiIfIndex interface,
530
AVAHI_GCC_UNUSED AvahiProtocol protocol,
531
AvahiResolverEvent event,
532
const char *name,
533
const char *type,
534
const char *domain,
535
const char *host_name,
536
const AvahiAddress *address,
537
uint16_t port,
538
AVAHI_GCC_UNUSED AvahiStringList *txt,
539
AVAHI_GCC_UNUSED AvahiLookupResultFlags flags,
540
AVAHI_GCC_UNUSED void* userdata) {
541
542
assert(r); /* Spurious warning */
732
543
733
544
/* Called whenever a service has been resolved successfully or
734
545
timed out */
736
547
switch (event) {
737
548
default:
738
549
case AVAHI_RESOLVER_FAILURE:
739
fprintf(stderr, "(Avahi Resolver) Failed to resolve service '%s'"
740
" of type '%s' in domain '%s': %s\n", name, type, domain,
741
avahi_strerror(avahi_server_errno(mc->server)));
550
fprintf(stderr, "(Resolver) Failed to resolve service '%s' of"
551
" type '%s' in domain '%s': %s\n", name, type, domain,
552
avahi_strerror(avahi_server_errno(server)));
742
553
break;
743
554
744
555
case AVAHI_RESOLVER_FOUND:
746
557
char ip[AVAHI_ADDRESS_STR_MAX];
747
558
avahi_address_snprint(ip, sizeof(ip), address);
748
559
if(debug){
749
fprintf(stderr, "Mandos server \"%s\" found on %s (%s, %"
750
PRIu16 ") on port %d\n", name, host_name, ip,
751
interface, port);
560
fprintf(stderr, "Mandos server \"%s\" found on %s (%s) on"
561
" port %d\n", name, host_name, ip, port);
752
562
}
753
int ret = start_mandos_communication(ip, port, interface, mc);
563
int ret = start_mandos_communication(ip, port,
564
(unsigned int) interface);
754
565
if (ret == 0){
755
avahi_simple_poll_quit(mc->simple_poll);
566
exit(EXIT_SUCCESS);
756
567
}
757
568
}
758
569
}
759
570
avahi_s_service_resolver_free(r);
760
571
}
761
572
762
static void browse_callback( AvahiSServiceBrowser *b,
763
AvahiIfIndex interface,
764
AvahiProtocol protocol,
765
AvahiBrowserEvent event,
766
const char *name,
767
const char *type,
768
const char *domain,
769
AVAHI_GCC_UNUSED AvahiLookupResultFlags
770
flags,
771
void* userdata) {
772
mandos_context *mc = userdata;
773
assert(b);
774
775
/* Called whenever a new services becomes available on the LAN or
776
is removed from the LAN */
777
778
switch (event) {
779
default:
780
case AVAHI_BROWSER_FAILURE:
781
782
fprintf(stderr, "(Avahi browser) %s\n",
783
avahi_strerror(avahi_server_errno(mc->server)));
784
avahi_simple_poll_quit(mc->simple_poll);
785
return;
786
787
case AVAHI_BROWSER_NEW:
788
/* We ignore the returned Avahi resolver object. In the callback
789
function we free it. If the Avahi server is terminated before
790
the callback function is called the Avahi server will free the
791
resolver for us. */
792
793
if (!(avahi_s_service_resolver_new(mc->server, interface,
794
protocol, name, type, domain,
795
AVAHI_PROTO_INET6, 0,
796
resolve_callback, mc)))
797
fprintf(stderr, "Avahi: Failed to resolve service '%s': %s\n",
798
name, avahi_strerror(avahi_server_errno(mc->server)));
799
break;
800
801
case AVAHI_BROWSER_REMOVE:
802
break;
803
804
case AVAHI_BROWSER_ALL_FOR_NOW:
805
case AVAHI_BROWSER_CACHE_EXHAUSTED:
806
if(debug){
807
fprintf(stderr, "No Mandos server found, still searching...\n");
573
static void browse_callback(
574
AvahiSServiceBrowser *b,
575
AvahiIfIndex interface,
576
AvahiProtocol protocol,
577
AvahiBrowserEvent event,
578
const char *name,
579
const char *type,
580
const char *domain,
581
AVAHI_GCC_UNUSED AvahiLookupResultFlags flags,
582
void* userdata) {
583
584
AvahiServer *s = userdata;
585
assert(b); /* Spurious warning */
586
587
/* Called whenever a new services becomes available on the LAN or
588
is removed from the LAN */
589
590
switch (event) {
591
default:
592
case AVAHI_BROWSER_FAILURE:
593
594
fprintf(stderr, "(Browser) %s\n",
595
avahi_strerror(avahi_server_errno(server)));
596
avahi_simple_poll_quit(simple_poll);
597
return;
598
599
case AVAHI_BROWSER_NEW:
600
/* We ignore the returned resolver object. In the callback
601
function we free it. If the server is terminated before
602
the callback function is called the server will free
603
the resolver for us. */
604
605
if (!(avahi_s_service_resolver_new(s, interface, protocol, name,
606
type, domain,
607
AVAHI_PROTO_INET6, 0,
608
resolve_callback, s)))
609
fprintf(stderr, "Failed to resolve service '%s': %s\n", name,
610
avahi_strerror(avahi_server_errno(s)));
611
break;
612
613
case AVAHI_BROWSER_REMOVE:
614
break;
615
616
case AVAHI_BROWSER_ALL_FOR_NOW:
617
case AVAHI_BROWSER_CACHE_EXHAUSTED:
618
break;
808
619
}
809
break;
620
}
621
622
/* combinds two strings and returns the malloced new string. som sane checks could/should be added */
623
const char *combinestrings(const char *first, const char *second){
624
char *tmp;
625
tmp = malloc(strlen(first) + strlen(second));
626
if (tmp == NULL){
627
perror("malloc");
628
return NULL;
810
629
}
630
strcpy(tmp, first);
631
strcat(tmp, second);
632
return tmp;
811
633
}
812
634
813
int main(int argc, char *argv[]){
635
636
int main(AVAHI_GCC_UNUSED int argc, AVAHI_GCC_UNUSED char*argv[]) {
637
AvahiServerConfig config;
814
638
AvahiSServiceBrowser *sb = NULL;
815
639
int error;
816
640
int ret;
817
int exitcode = EXIT_SUCCESS;
641
int returncode = EXIT_SUCCESS;
818
642
const char *interface = "eth0";
819
struct ifreq network;
820
int sd;
821
uid_t uid;
822
gid_t gid;
823
char *connect_to = NULL;
824
char tempdir[] = "/tmp/mandosXXXXXX";
825
AvahiIfIndex if_index = AVAHI_IF_UNSPEC;
826
const char *seckey = PATHDIR "/" SECKEY;
827
const char *pubkey = PATHDIR "/" PUBKEY;
828
829
mandos_context mc = { .simple_poll = NULL, .server = NULL,
830
.dh_bits = 1024, .priority = "SECURE256"
831
":!CTYPE-X.509:+CTYPE-OPENPGP" };
832
bool gnutls_initalized = false;
833
bool pgpme_initalized = false;
834
835
{
836
struct argp_option options[] = {
837
{ .name = "debug", .key = 128,
838
.doc = "Debug mode", .group = 3 },
839
{ .name = "connect", .key = 'c',
840
.arg = "ADDRESS:PORT",
841
.doc = "Connect directly to a specific Mandos server",
842
.group = 1 },
843
{ .name = "interface", .key = 'i',
844
.arg = "NAME",
845
.doc = "Interface that will be used to search for Mandos"
846
" servers",
847
.group = 1 },
848
{ .name = "seckey", .key = 's',
849
.arg = "FILE",
850
.doc = "OpenPGP secret key file base name",
851
.group = 1 },
852
{ .name = "pubkey", .key = 'p',
853
.arg = "FILE",
854
.doc = "OpenPGP public key file base name",
855
.group = 2 },
856
{ .name = "dh-bits", .key = 129,
857
.arg = "BITS",
858
.doc = "Bit length of the prime number used in the"
859
" Diffie-Hellman key exchange",
860
.group = 2 },
861
{ .name = "priority", .key = 130,
862
.arg = "STRING",
863
.doc = "GnuTLS priority string for the TLS handshake",
864
.group = 1 },
865
{ .name = NULL }
866
};
867
868
error_t parse_opt (int key, char *arg,
869
struct argp_state *state) {
870
/* Get the INPUT argument from `argp_parse', which we know is
871
a pointer to our plugin list pointer. */
872
switch (key) {
873
case 128: /* --debug */
874
debug = true;
875
break;
876
case 'c': /* --connect */
877
connect_to = arg;
878
break;
879
case 'i': /* --interface */
880
interface = arg;
881
break;
882
case 's': /* --seckey */
883
seckey = arg;
884
break;
885
case 'p': /* --pubkey */
886
pubkey = arg;
887
break;
888
case 129: /* --dh-bits */
889
errno = 0;
890
mc.dh_bits = (unsigned int) strtol(arg, NULL, 10);
891
if (errno){
892
perror("strtol");
893
exit(EXIT_FAILURE);
894
}
895
break;
896
case 130: /* --priority */
897
mc.priority = arg;
898
break;
899
case ARGP_KEY_ARG:
900
argp_usage (state);
901
case ARGP_KEY_END:
902
break;
903
default:
904
return ARGP_ERR_UNKNOWN;
905
}
906
return 0;
907
}
908
909
struct argp argp = { .options = options, .parser = parse_opt,
910
.args_doc = "",
911
.doc = "Mandos client -- Get and decrypt"
912
" passwords from a Mandos server" };
913
ret = argp_parse (&argp, argc, argv, 0, 0, NULL);
914
if (ret == ARGP_ERR_UNKNOWN){
915
fprintf(stderr, "Unknown error while parsing arguments\n");
916
exitcode = EXIT_FAILURE;
917
goto end;
918
}
919
}
920
921
/* If the interface is down, bring it up */
922
{
923
sd = socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP);
924
if(sd < 0) {
925
perror("socket");
926
exitcode = EXIT_FAILURE;
927
goto end;
928
}
929
strcpy(network.ifr_name, interface);
930
ret = ioctl(sd, SIOCGIFFLAGS, &network);
931
if(ret == -1){
932
perror("ioctl SIOCGIFFLAGS");
933
exitcode = EXIT_FAILURE;
934
goto end;
935
}
936
if((network.ifr_flags & IFF_UP) == 0){
937
network.ifr_flags |= IFF_UP;
938
ret = ioctl(sd, SIOCSIFFLAGS, &network);
939
if(ret == -1){
940
perror("ioctl SIOCSIFFLAGS");
941
exitcode = EXIT_FAILURE;
942
goto end;
943
}
944
}
945
ret = TEMP_FAILURE_RETRY(close(sd));
946
if(ret == -1){
947
perror("close");
948
}
949
}
950
951
uid = getuid();
952
gid = getgid();
953
954
ret = setuid(uid);
955
if (ret == -1){
956
perror("setuid");
957
}
958
959
setgid(gid);
960
if (ret == -1){
961
perror("setgid");
962
}
963
964
ret = init_gnutls_global(&mc, pubkey, seckey);
965
if (ret == -1){
966
fprintf(stderr, "init_gnutls_global failed\n");
967
exitcode = EXIT_FAILURE;
968
goto end;
969
} else {
970
gnutls_initalized = true;
971
}
972
973
if(mkdtemp(tempdir) == NULL){
974
perror("mkdtemp");
975
tempdir[0] = '\0';
976
goto end;
977
}
978
979
if(not init_gpgme(&mc, pubkey, seckey, tempdir)){
980
fprintf(stderr, "pgpme_initalized failed\n");
981
exitcode = EXIT_FAILURE;
982
goto end;
983
} else {
984
pgpme_initalized = true;
985
}
986
987
if_index = (AvahiIfIndex) if_nametoindex(interface);
988
if(if_index == 0){
989
fprintf(stderr, "No such interface: \"%s\"\n", interface);
990
exit(EXIT_FAILURE);
991
}
992
993
if(connect_to != NULL){
994
/* Connect directly, do not use Zeroconf */
995
/* (Mainly meant for debugging) */
996
char *address = strrchr(connect_to, ':');
997
if(address == NULL){
998
fprintf(stderr, "No colon in address\n");
999
exitcode = EXIT_FAILURE;
1000
goto end;
1001
}
1002
errno = 0;
1003
uint16_t port = (uint16_t) strtol(address+1, NULL, 10);
1004
if(errno){
1005
perror("Bad port number");
1006
exitcode = EXIT_FAILURE;
1007
goto end;
1008
}
1009
*address = '\0';
1010
address = connect_to;
1011
ret = start_mandos_communication(address, port, if_index, &mc);
1012
if(ret < 0){
1013
exitcode = EXIT_FAILURE;
1014
} else {
1015
exitcode = EXIT_SUCCESS;
1016
}
1017
goto end;
1018
}
1019
643
644
while (true){
645
static struct option long_options[] = {
646
{"debug", no_argument, (int *)&debug, 1},
647
{"interface", required_argument, 0, 'i'},
648
{"certdir", required_argument, 0, 'd'},
649
{"certkey", required_argument, 0, 'c'},
650
{"certfile", required_argument, 0, 'k'},
651
{0, 0, 0, 0} };
652
653
int option_index = 0;
654
ret = getopt_long (argc, argv, "i:", long_options,
655
&option_index);
656
657
if (ret == -1){
658
break;
659
}
660
661
switch(ret){
662
case 0:
663
break;
664
case 'i':
665
interface = optarg;
666
break;
667
case 'd':
668
certdir = optarg;
669
break;
670
case 'c':
671
certfile = optarg;
672
break;
673
case 'k':
674
certkey = optarg;
675
break;
676
default:
677
exit(EXIT_FAILURE);
678
}
679
}
680
681
certfile = combinestrings(certdir, certfile);
682
if (certfile == NULL){
683
goto exit;
684
}
685
686
certkey = combinestrings(certdir, certkey);
687
if (certkey == NULL){
688
goto exit;
689
}
690
1020
691
if (not debug){
1021
692
avahi_set_log_function(empty_log);
1022
693
}
1023
694
1024
/* Initialize the pseudo-RNG for Avahi */
695
/* Initialize the psuedo-RNG */
1025
696
srand((unsigned int) time(NULL));
1026
1027
/* Allocate main Avahi loop object */
1028
mc.simple_poll = avahi_simple_poll_new();
1029
if (mc.simple_poll == NULL) {
1030
fprintf(stderr, "Avahi: Failed to create simple poll"
1031
" object.\n");
1032
exitcode = EXIT_FAILURE;
1033
goto end;
1034
}
1035
1036
{
1037
AvahiServerConfig config;
1038
/* Do not publish any local Zeroconf records */
1039
avahi_server_config_init(&config);
1040
config.publish_hinfo = 0;
1041
config.publish_addresses = 0;
1042
config.publish_workstation = 0;
1043
config.publish_domain = 0;
1044
1045
/* Allocate a new server */
1046
mc.server = avahi_server_new(avahi_simple_poll_get
1047
(mc.simple_poll), &config, NULL,
1048
NULL, &error);
1049
1050
/* Free the Avahi configuration data */
1051
avahi_server_config_free(&config);
1052
}
1053
1054
/* Check if creating the Avahi server object succeeded */
1055
if (mc.server == NULL) {
1056
fprintf(stderr, "Failed to create Avahi server: %s\n",
697
698
/* Allocate main loop object */
699
if (!(simple_poll = avahi_simple_poll_new())) {
700
fprintf(stderr, "Failed to create simple poll object.\n");
701
702
goto exit;
703
}
704
705
/* Do not publish any local records */
706
avahi_server_config_init(&config);
707
config.publish_hinfo = 0;
708
config.publish_addresses = 0;
709
config.publish_workstation = 0;
710
config.publish_domain = 0;
711
712
/* Allocate a new server */
713
server = avahi_server_new(avahi_simple_poll_get(simple_poll),
714
&config, NULL, NULL, &error);
715
716
/* Free the configuration data */
717
avahi_server_config_free(&config);
718
719
/* Check if creating the server object succeeded */
720
if (!server) {
721
fprintf(stderr, "Failed to create server: %s\n",
1057
722
avahi_strerror(error));
1058
exitcode = EXIT_FAILURE;
1059
goto end;
723
returncode = EXIT_FAILURE;
724
goto exit;
1060
725
}
1061
726
1062
/* Create the Avahi service browser */
1063
sb = avahi_s_service_browser_new(mc.server, if_index,
727
/* Create the service browser */
728
sb = avahi_s_service_browser_new(server,
729
(AvahiIfIndex)
730
if_nametoindex(interface),
1064
731
AVAHI_PROTO_INET6,
1065
732
"_mandos._tcp", NULL, 0,
1066
browse_callback, &mc);
1067
if (sb == NULL) {
733
browse_callback, server);
734
if (!sb) {
1068
735
fprintf(stderr, "Failed to create service browser: %s\n",
1069
avahi_strerror(avahi_server_errno(mc.server)));
1070
exitcode = EXIT_FAILURE;
1071
goto end;
736
avahi_strerror(avahi_server_errno(server)));
737
returncode = EXIT_FAILURE;
738
goto exit;
1072
739
}
1073
740
1074
741
/* Run the main loop */
1075
742
1076
743
if (debug){
1077
fprintf(stderr, "Starting Avahi loop search\n");
744
fprintf(stderr, "Starting avahi loop search\n");
1078
745
}
1079
746
1080
avahi_simple_poll_loop(mc.simple_poll);
1081
1082
end:
1083
747
avahi_simple_poll_loop(simple_poll);
748
749
exit:
750
1084
751
if (debug){
1085
752
fprintf(stderr, "%s exiting\n", argv[0]);
1086
753
}
1087
754
1088
755
/* Cleanup things */
1089
if (sb != NULL)
756
if (sb)
1090
757
avahi_s_service_browser_free(sb);
1091
758
1092
if (mc.server != NULL)
1093
avahi_server_free(mc.server);
1094
1095
if (mc.simple_poll != NULL)
1096
avahi_simple_poll_free(mc.simple_poll);
1097
1098
if (gnutls_initalized){
1099
gnutls_certificate_free_credentials(mc.cred);
1100
gnutls_global_deinit ();
1101
}
1102
1103
if(pgpme_initalized){
1104
gpgme_release(mc.ctx);
1105
}
1106
1107
/* Removes the temp directory used by GPGME */
1108
if(tempdir[0] != '\0'){
1109
DIR *d;
1110
struct dirent *direntry;
1111
d = opendir(tempdir);
1112
if(d == NULL){
1113
perror("opendir");
1114
} else {
1115
while(true){
1116
direntry = readdir(d);
1117
if(direntry == NULL){
1118
break;
1119
}
1120
if (direntry->d_type == DT_REG){
1121
char *fullname = NULL;
1122
ret = asprintf(&fullname, "%s/%s", tempdir,
1123
direntry->d_name);
1124
if(ret < 0){
1125
perror("asprintf");
1126
continue;
1127
}
1128
ret = unlink(fullname);
1129
if(ret == -1){
1130
fprintf(stderr, "unlink(\"%s\"): %s",
1131
fullname, strerror(errno));
1132
}
1133
free(fullname);
1134
}
1135
}
1136
}
1137
ret = rmdir(tempdir);
1138
if(ret == -1){
1139
perror("rmdir");
1140
}
1141
}
1142
1143
return exitcode;
759
if (server)
760
avahi_server_free(server);
761
762
if (simple_poll)
763
avahi_simple_poll_free(simple_poll);
764
765
return returncode;
1144
766
}
Loggerhead is a web-based interface for Breezy
Version: 2.0.2.dev0