4
* This file demonstrates how to use Avahi's core API, this is
5
* the embeddable mDNS stack for embedded applications.
1
/* -*- coding: utf-8 -*- */
3
* Mandos client - get and decrypt data from a Mandos server
7
* End user applications should *not* use this API and should use
8
* the D-Bus or C APIs, please see
9
* client-browse-services.c and glib-integration.c
11
* I repeat, you probably do *not* want to use this example.
5
* This program is partly derived from an example program for an Avahi
6
* service browser, downloaded from
7
* <http://avahi.org/browser/examples/core-browse-services.c>. This
8
* includes the following functions: "resolve_callback",
9
* "browse_callback", and parts of "main".
11
* Everything else is Copyright © 2007-2008 Teddy Hogeborn and Björn
14
* This program is free software: you can redistribute it and/or
15
* modify it under the terms of the GNU General Public License as
16
* published by the Free Software Foundation, either version 3 of the
17
* License, or (at your option) any later version.
19
* This program is distributed in the hope that it will be useful, but
20
* WITHOUT ANY WARRANTY; without even the implied warranty of
21
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
22
* General Public License for more details.
24
* You should have received a copy of the GNU General Public License
25
* along with this program. If not, see
26
* <http://www.gnu.org/licenses/>.
28
* Contact the authors at <https://www.fukt.bsnet.se/~belorn/> and
29
* <https://www.fukt.bsnet.se/~teddy/>.
15
This file is part of avahi.
17
avahi is free software; you can redistribute it and/or modify it
18
under the terms of the GNU Lesser General Public License as
19
published by the Free Software Foundation; either version 2.1 of the
20
License, or (at your option) any later version.
22
avahi is distributed in the hope that it will be useful, but WITHOUT
23
ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
24
or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General
25
Public License for more details.
27
You should have received a copy of the GNU Lesser General Public
28
License along with avahi; if not, write to the Free Software
29
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
32
#define _FORTIFY_SOURCE 2
33
34
#define _LARGEFILE_SOURCE
34
35
#define _FILE_OFFSET_BITS 64
47
48
#include <avahi-common/error.h>
49
50
//mandos client part
50
#include <sys/types.h> /* socket(), setsockopt(), inet_pton() */
51
#include <sys/socket.h> /* socket(), setsockopt(), struct sockaddr_in6, struct in6_addr, inet_pton() */
52
#include <gnutls/gnutls.h> /* ALL GNUTLS STUFF */
53
#include <gnutls/openpgp.h> /* gnutls with openpgp stuff */
51
#include <sys/types.h> /* socket(), inet_pton() */
52
#include <sys/socket.h> /* socket(), struct sockaddr_in6,
53
struct in6_addr, inet_pton() */
54
#include <gnutls/gnutls.h> /* All GnuTLS stuff */
55
#include <gnutls/openpgp.h> /* GnuTLS with openpgp stuff */
55
57
#include <unistd.h> /* close() */
56
58
#include <netinet/in.h>
79
84
} encrypted_session;
82
ssize_t gpg_packet_decrypt (char *packet, size_t packet_size, char **new_packet, char *homedir){
87
ssize_t pgp_packet_decrypt (char *packet, size_t packet_size,
88
char **new_packet, const char *homedir){
83
89
gpgme_data_t dh_crypto, dh_plain;
87
size_t new_packet_capacity = 0;
88
size_t new_packet_length = 0;
93
ssize_t new_packet_capacity = 0;
94
ssize_t new_packet_length = 0;
89
95
gpgme_engine_info_t engine_info;
98
fprintf(stderr, "Trying to decrypt OpenPGP packet\n");
92
102
gpgme_check_version(NULL);
93
gpgme_engine_check_version(GPGME_PROTOCOL_OpenPGP);
103
rc = gpgme_engine_check_version(GPGME_PROTOCOL_OpenPGP);
104
if (rc != GPG_ERR_NO_ERROR){
105
fprintf(stderr, "bad gpgme_engine_check_version: %s: %s\n",
106
gpgme_strsource(rc), gpgme_strerror(rc));
95
110
/* Set GPGME home directory */
96
111
rc = gpgme_get_engine_info (&engine_info);
139
/* Decrypt data from the FILE pointer to the plaintext data buffer */
154
/* Decrypt data from the FILE pointer to the plaintext data
140
156
rc = gpgme_op_decrypt(ctx, dh_crypto, dh_plain);
141
157
if (rc != GPG_ERR_NO_ERROR){
142
158
fprintf(stderr, "bad gpgme_op_decrypt: %s: %s\n",
143
159
gpgme_strsource(rc), gpgme_strerror(rc));
164
fprintf(stderr, "Decryption of OpenPGP packet succeeded\n");
168
gpgme_decrypt_result_t result;
169
result = gpgme_op_decrypt_result(ctx);
171
fprintf(stderr, "gpgme_op_decrypt_result failed\n");
173
fprintf(stderr, "Unsupported algorithm: %s\n",
174
result->unsupported_algorithm);
175
fprintf(stderr, "Wrong key usage: %d\n",
176
result->wrong_key_usage);
177
if(result->file_name != NULL){
178
fprintf(stderr, "File name: %s\n", result->file_name);
180
gpgme_recipient_t recipient;
181
recipient = result->recipients;
183
while(recipient != NULL){
184
fprintf(stderr, "Public key algorithm: %s\n",
185
gpgme_pubkey_algo_name(recipient->pubkey_algo));
186
fprintf(stderr, "Key ID: %s\n", recipient->keyid);
187
fprintf(stderr, "Secret key available: %s\n",
188
recipient->status == GPG_ERR_NO_SECKEY
190
recipient = recipient->next;
147
/* gpgme_decrypt_result_t result; */
148
/* result = gpgme_op_decrypt_result(ctx); */
149
/* fprintf(stderr, "Unsupported algorithm: %s\n", result->unsupported_algorithm); */
150
/* fprintf(stderr, "Wrong key usage: %d\n", result->wrong_key_usage); */
151
/* if(result->file_name != NULL){ */
152
/* fprintf(stderr, "File name: %s\n", result->file_name); */
154
/* gpgme_recipient_t recipient; */
155
/* recipient = result->recipients; */
157
/* while(recipient != NULL){ */
158
/* fprintf(stderr, "Public key algorithm: %s\n", */
159
/* gpgme_pubkey_algo_name(recipient->pubkey_algo)); */
160
/* fprintf(stderr, "Key ID: %s\n", recipient->keyid); */
161
/* fprintf(stderr, "Secret key available: %s\n", */
162
/* recipient->status == GPG_ERR_NO_SECKEY ? "No" : "Yes"); */
163
/* recipient = recipient->next; */
167
196
/* Delete the GPGME FILE pointer cryptotext data buffer */
168
197
gpgme_data_release(dh_crypto);
170
199
/* Seek back to the beginning of the GPGME plaintext data buffer */
171
gpgme_data_seek(dh_plain, 0, SEEK_SET);
200
if (gpgme_data_seek(dh_plain, (off_t) 0, SEEK_SET) == -1){
201
perror("pgpme_data_seek");
175
206
if (new_packet_length + BUFFER_SIZE > new_packet_capacity){
176
*new_packet = realloc(*new_packet, new_packet_capacity + BUFFER_SIZE);
207
*new_packet = realloc(*new_packet,
208
(unsigned int)new_packet_capacity
177
210
if (*new_packet == NULL){
178
211
perror("realloc");
260
fprintf(stderr, "Initializing GnuTLS\n");
217
263
if ((ret = gnutls_global_init ())
218
264
!= GNUTLS_E_SUCCESS) {
219
265
fprintf (stderr, "global_init: %s\n", safer_gnutls_strerror(ret));
223
/* Uncomment to enable full debuggin on the gnutls library */
224
/* gnutls_global_set_log_level(11); */
225
/* gnutls_global_set_log_function(debuggnutls); */
270
gnutls_global_set_log_level(11);
271
gnutls_global_set_log_function(debuggnutls);
228
274
/* openpgp credentials */
229
275
if ((ret = gnutls_certificate_allocate_credentials (&es->cred))
230
276
!= GNUTLS_E_SUCCESS) {
231
fprintf (stderr, "memory error: %s\n", safer_gnutls_strerror(ret));
277
fprintf (stderr, "memory error: %s\n",
278
safer_gnutls_strerror(ret));
283
fprintf(stderr, "Attempting to use OpenPGP certificate %s"
284
" and keyfile %s as GnuTLS credentials\n", certfile,
235
288
ret = gnutls_certificate_set_openpgp_key_file
236
(es->cred, CERTFILE, KEYFILE, GNUTLS_OPENPGP_FMT_BASE64);
289
(es->cred, certfile, certkey, GNUTLS_OPENPGP_FMT_BASE64);
237
290
if (ret != GNUTLS_E_SUCCESS) {
239
(stderr, "Error[%d] while reading the OpenPGP key pair ('%s', '%s')\n",
240
ret, CERTFILE, KEYFILE);
292
(stderr, "Error[%d] while reading the OpenPGP key pair ('%s',"
294
ret, certfile, certkey);
241
295
fprintf(stdout, "The Error is: %s\n",
242
296
safer_gnutls_strerror(ret));
246
//Gnutls server initialization
300
//GnuTLS server initialization
247
301
if ((ret = gnutls_dh_params_init (&es->dh_params))
248
302
!= GNUTLS_E_SUCCESS) {
249
303
fprintf (stderr, "Error in dh parameter initialization: %s\n",
250
304
safer_gnutls_strerror(ret));
254
308
if ((ret = gnutls_dh_params_generate2 (es->dh_params, DH_BITS))
255
309
!= GNUTLS_E_SUCCESS) {
256
310
fprintf (stderr, "Error in prime generation: %s\n",
257
311
safer_gnutls_strerror(ret));
261
315
gnutls_certificate_set_dh_params (es->cred, es->dh_params);
263
// Gnutls session creation
317
// GnuTLS session creation
264
318
if ((ret = gnutls_init (&es->session, GNUTLS_SERVER))
265
319
!= GNUTLS_E_SUCCESS){
266
fprintf(stderr, "Error in gnutls session initialization: %s\n",
320
fprintf(stderr, "Error in GnuTLS session initialization: %s\n",
267
321
safer_gnutls_strerror(ret));
270
324
if ((ret = gnutls_priority_set_direct (es->session, "NORMAL", &err))
271
325
!= GNUTLS_E_SUCCESS) {
272
326
fprintf(stderr, "Syntax error at: %s\n", err);
273
fprintf(stderr, "Gnutls error: %s\n",
327
fprintf(stderr, "GnuTLS error: %s\n",
274
328
safer_gnutls_strerror(ret));
278
332
if ((ret = gnutls_credentials_set
279
333
(es->session, GNUTLS_CRD_CERTIFICATE, es->cred))
280
334
!= GNUTLS_E_SUCCESS) {
282
336
safer_gnutls_strerror(ret));
286
340
/* ignore client certificate if any. */
287
gnutls_certificate_server_set_request (es->session, GNUTLS_CERT_IGNORE);
341
gnutls_certificate_server_set_request (es->session,
289
344
gnutls_dh_set_prime_bits (es->session, DH_BITS);
294
void empty_log(AvahiLogLevel level, const char *txt){}
349
void empty_log(__attribute__((unused)) AvahiLogLevel level,
350
__attribute__((unused)) const char *txt){}
296
int start_mandos_communcation(char *ip, uint16_t port){
352
int start_mandos_communication(const char *ip, uint16_t port,
353
unsigned int if_index){
298
355
struct sockaddr_in6 to;
299
struct in6_addr ip_addr;
300
356
encrypted_session es;
301
357
char *buffer = NULL;
302
358
char *decrypted_buffer;
303
359
size_t buffer_length = 0;
304
360
size_t buffer_capacity = 0;
305
361
ssize_t decrypted_buffer_size;
364
char interface[IF_NAMESIZE];
367
fprintf(stderr, "Setting up a tcp connection to %s\n", ip);
309
370
tcp_sd = socket(PF_INET6, SOCK_STREAM, 0);
315
ret = setsockopt(tcp_sd, SOL_SOCKET, SO_BINDTODEVICE, "eth0", 5);
317
perror("setsockopt bindtodevice");
376
if(if_indextoname(if_index, interface) == NULL){
378
perror("if_indextoname");
321
memset(&to,0,sizeof(to));
384
fprintf(stderr, "Binding to interface %s\n", interface);
387
memset(&to,0,sizeof(to)); /* Spurious warning */
322
388
to.sin6_family = AF_INET6;
323
ret = inet_pton(AF_INET6, ip, &ip_addr);
389
ret = inet_pton(AF_INET6, ip, &to.sin6_addr);
325
391
perror("inet_pton");
348
gnutls_transport_set_ptr (es.session, (gnutls_transport_ptr_t) tcp_sd);
418
gnutls_transport_set_ptr (es.session,
419
(gnutls_transport_ptr_t) tcp_sd);
422
fprintf(stderr, "Establishing TLS session with %s\n", ip);
350
425
ret = gnutls_handshake (es.session);
352
427
if (ret != GNUTLS_E_SUCCESS){
353
fprintf(stderr, "\n*** Handshake failed ***\n");
429
fprintf(stderr, "\n*** Handshake failed ***\n");
436
//Retrieve OpenPGP packet that contains the wanted password
439
fprintf(stderr, "Retrieving pgp encrypted password from %s\n",
361
444
if (buffer_length + BUFFER_SIZE > buffer_capacity){
362
445
buffer = realloc(buffer, buffer_capacity + BUFFER_SIZE);
390
fprintf(stderr, "Unknown error while reading data from encrypted session with mandos server\n");
473
fprintf(stderr, "Unknown error while reading data from"
474
" encrypted session with mandos server\n");
392
476
gnutls_bye (es.session, GNUTLS_SHUT_RDWR);
396
buffer_length += ret;
480
buffer_length += (size_t) ret;
400
484
if (buffer_length > 0){
401
if ((decrypted_buffer_size = gpg_packet_decrypt(buffer, buffer_length, &decrypted_buffer, CERT_ROOT)) == 0){
485
decrypted_buffer_size = pgp_packet_decrypt(buffer,
489
if (decrypted_buffer_size >= 0){
490
while(written < decrypted_buffer_size){
491
ret = (int)fwrite (decrypted_buffer + written, 1,
492
(size_t)decrypted_buffer_size - written,
494
if(ret == 0 and ferror(stdout)){
496
fprintf(stderr, "Error writing encrypted data: %s\n",
502
written += (size_t)ret;
504
free(decrypted_buffer);
404
fwrite (decrypted_buffer, 1, decrypted_buffer_size, stdout);
405
free(decrypted_buffer);
513
fprintf(stderr, "Closing TLS session\n");
412
517
gnutls_bye (es.session, GNUTLS_SHUT_RDWR);
432
537
const char *host_name,
433
538
const AvahiAddress *address,
435
AvahiStringList *txt,
436
AvahiLookupResultFlags flags,
540
AVAHI_GCC_UNUSED AvahiStringList *txt,
541
AVAHI_GCC_UNUSED AvahiLookupResultFlags flags,
437
542
AVAHI_GCC_UNUSED void* userdata) {
441
/* Called whenever a service has been resolved successfully or timed out */
444
case AVAHI_RESOLVER_FAILURE:
445
fprintf(stderr, "(Resolver) Failed to resolve service '%s' of type '%s' in domain '%s': %s\n", name, type, domain, avahi_strerror(avahi_server_errno(server)));
448
case AVAHI_RESOLVER_FOUND: {
449
char ip[AVAHI_ADDRESS_STR_MAX];
450
avahi_address_snprint(ip, sizeof(ip), address);
451
int ret = start_mandos_communcation(ip, port);
544
assert(r); /* Spurious warning */
546
/* Called whenever a service has been resolved successfully or
551
case AVAHI_RESOLVER_FAILURE:
552
fprintf(stderr, "(Resolver) Failed to resolve service '%s' of"
553
" type '%s' in domain '%s': %s\n", name, type, domain,
554
avahi_strerror(avahi_server_errno(server)));
557
case AVAHI_RESOLVER_FOUND:
559
char ip[AVAHI_ADDRESS_STR_MAX];
560
avahi_address_snprint(ip, sizeof(ip), address);
562
fprintf(stderr, "Mandos server \"%s\" found on %s (%s) on"
563
" port %d\n", name, host_name, ip, port);
565
int ret = start_mandos_communication(ip, port,
566
(unsigned int) interface);
459
avahi_s_service_resolver_free(r);
572
avahi_s_service_resolver_free(r);
462
575
static void browse_callback(
471
584
void* userdata) {
473
586
AvahiServer *s = userdata;
476
/* Called whenever a new services becomes available on the LAN or is removed from the LAN */
587
assert(b); /* Spurious warning */
589
/* Called whenever a new services becomes available on the LAN or
590
is removed from the LAN */
480
case AVAHI_BROWSER_FAILURE:
482
fprintf(stderr, "(Browser) %s\n", avahi_strerror(avahi_server_errno(server)));
483
avahi_simple_poll_quit(simple_poll);
486
case AVAHI_BROWSER_NEW:
487
/* We ignore the returned resolver object. In the callback
488
function we free it. If the server is terminated before
489
the callback function is called the server will free
490
the resolver for us. */
492
if (!(avahi_s_service_resolver_new(s, interface, protocol, name, type, domain, AVAHI_PROTO_INET6, 0, resolve_callback, s)))
493
fprintf(stderr, "Failed to resolve service '%s': %s\n", name, avahi_strerror(avahi_server_errno(s)));
497
case AVAHI_BROWSER_REMOVE:
500
case AVAHI_BROWSER_ALL_FOR_NOW:
501
case AVAHI_BROWSER_CACHE_EXHAUSTED:
594
case AVAHI_BROWSER_FAILURE:
596
fprintf(stderr, "(Browser) %s\n",
597
avahi_strerror(avahi_server_errno(server)));
598
avahi_simple_poll_quit(simple_poll);
601
case AVAHI_BROWSER_NEW:
602
/* We ignore the returned resolver object. In the callback
603
function we free it. If the server is terminated before
604
the callback function is called the server will free
605
the resolver for us. */
607
if (!(avahi_s_service_resolver_new(s, interface, protocol, name,
609
AVAHI_PROTO_INET6, 0,
610
resolve_callback, s)))
611
fprintf(stderr, "Failed to resolve service '%s': %s\n", name,
612
avahi_strerror(avahi_server_errno(s)));
615
case AVAHI_BROWSER_REMOVE:
618
case AVAHI_BROWSER_ALL_FOR_NOW:
619
case AVAHI_BROWSER_CACHE_EXHAUSTED:
624
/* combinds file name and path and returns the malloced new string. som sane checks could/should be added */
625
const char *combinepath(const char *first, const char *second){
627
tmp = malloc(strlen(first) + strlen(second) + 2);
633
if (first[0] != '\0' and first[strlen(first) - 1] != '/'){
506
641
int main(AVAHI_GCC_UNUSED int argc, AVAHI_GCC_UNUSED char*argv[]) {
507
642
AvahiServerConfig config;
508
643
AvahiSServiceBrowser *sb = NULL;
646
int returncode = EXIT_SUCCESS;
647
const char *interface = "eth0";
650
static struct option long_options[] = {
651
{"debug", no_argument, (int *)&debug, 1},
652
{"interface", required_argument, 0, 'i'},
653
{"certdir", required_argument, 0, 'd'},
654
{"certkey", required_argument, 0, 'c'},
655
{"certfile", required_argument, 0, 'k'},
658
int option_index = 0;
659
ret = getopt_long (argc, argv, "i:", long_options,
512
avahi_set_log_function(empty_log);
686
certfile = combinepath(certdir, certfile);
687
if (certfile == NULL){
691
certkey = combinepath(certdir, certkey);
692
if (certkey == NULL){
697
avahi_set_log_function(empty_log);
514
700
/* Initialize the psuedo-RNG */
701
srand((unsigned int) time(NULL));
517
703
/* Allocate main loop object */
518
704
if (!(simple_poll = avahi_simple_poll_new())) {
519
705
fprintf(stderr, "Failed to create simple poll object.\n");
523
710
/* Do not publish any local records */
527
714
config.publish_workstation = 0;
528
715
config.publish_domain = 0;
530
/* /\* Set a unicast DNS server for wide area DNS-SD *\/ */
531
/* avahi_address_parse("193.11.177.11", AVAHI_PROTO_UNSPEC, &config.wide_area_servers[0]); */
532
/* config.n_wide_area_servers = 1; */
533
/* config.enable_wide_area = 1; */
535
717
/* Allocate a new server */
536
server = avahi_server_new(avahi_simple_poll_get(simple_poll), &config, NULL, NULL, &error);
718
server = avahi_server_new(avahi_simple_poll_get(simple_poll),
719
&config, NULL, NULL, &error);
538
721
/* Free the configuration data */
539
722
avahi_server_config_free(&config);
541
/* Check wether creating the server object succeeded */
724
/* Check if creating the server object succeeded */
543
fprintf(stderr, "Failed to create server: %s\n", avahi_strerror(error));
726
fprintf(stderr, "Failed to create server: %s\n",
727
avahi_strerror(error));
728
returncode = EXIT_FAILURE;
547
732
/* Create the service browser */
548
if (!(sb = avahi_s_service_browser_new(server, if_nametoindex("eth0"), AVAHI_PROTO_INET6, "_mandos._tcp", NULL, 0, browse_callback, server))) {
549
fprintf(stderr, "Failed to create service browser: %s\n", avahi_strerror(avahi_server_errno(server)));
733
sb = avahi_s_service_browser_new(server,
735
if_nametoindex(interface),
737
"_mandos._tcp", NULL, 0,
738
browse_callback, server);
740
fprintf(stderr, "Failed to create service browser: %s\n",
741
avahi_strerror(avahi_server_errno(server)));
742
returncode = EXIT_FAILURE;
553
746
/* Run the main loop */
749
fprintf(stderr, "Starting avahi loop search\n");
554
752
avahi_simple_poll_loop(simple_poll);
757
fprintf(stderr, "%s exiting\n", argv[0]);
560
760
/* Cleanup things */