To get this branch, use:
bzr branch
http://bzr.recompile.se/loggerhead/mandos/release
« back to all changes in this revision
Viewing changes to plugins.d/mandosclient.c
- browse files at revision 24.1.5
- compare with another revision
- download diff
- download tarball
- view history from revision 24.1.5
- Committer: Björn Påhlsson
- Date: 2008-07-31 16:20:47 UTC
- mto: (237.7.1 mandos) (24.1.154 mandos)
- mto: This revision was merged to the branch mainline in revision 30.
- Revision ID: belorn@braxen-20080731162047-lahe2b2prwjw8b2l
plugbasedclient:
Added support to disable plugins
Added support to change plugin directory
mandosclient.c
Fixed some funtion calls that lacked error handling
small bugfix
Added support to disable plugins
Added support to change plugin directory
mandosclient.c
Fixed some funtion calls that lacked error handling
small bugfix
- files added:
- ca.pem
- files removed:
- .bzr-builddeb
- debian
- debian/po
- files renamed:
- clients.conf => mandos-clients.conf
- plugin-runner.c => plugbasedclient.c
- plugins.d/mandos-client.c => plugins.d/mandosclient.c
- plugins.d/password-prompt.c => plugins.d/passprompt.c
- mandos => server.py
- files modified:
- Makefile
added
removed
plugins.d/mandosclient.c
1
1
/* -*- coding: utf-8 -*- */
2
2
/*
3
* Mandos-client - get and decrypt data from a Mandos server
3
* Mandos client - get and decrypt data from a Mandos server
4
4
*
5
5
* This program is partly derived from an example program for an Avahi
6
6
* service browser, downloaded from
8
8
* includes the following functions: "resolve_callback",
9
9
* "browse_callback", and parts of "main".
10
10
*
11
* Everything else is
12
* Copyright © 2008,2009 Teddy Hogeborn
13
* Copyright © 2008,2009 Björn Påhlsson
11
* Everything else is Copyright © 2007-2008 Teddy Hogeborn and Björn
12
* Påhlsson.
14
13
*
15
14
* This program is free software: you can redistribute it and/or
16
15
* modify it under the terms of the GNU General Public License as
26
25
* along with this program. If not, see
27
26
* <http://www.gnu.org/licenses/>.
28
27
*
29
* Contact the authors at <mandos@fukt.bsnet.se>.
28
* Contact the authors at <https://www.fukt.bsnet.se/~belorn/> and
29
* <https://www.fukt.bsnet.se/~teddy/>.
30
30
*/
31
31
32
/* Needed by GPGME, specifically gpgme_data_seek() */
33
#ifndef _LARGEFILE_SOURCE
32
#define _FORTIFY_SOURCE 2
33
34
34
#define _LARGEFILE_SOURCE
35
#endif
36
#ifndef _FILE_OFFSET_BITS
37
35
#define _FILE_OFFSET_BITS 64
38
#endif
39
40
#define _GNU_SOURCE /* TEMP_FAILURE_RETRY(), asprintf() */
41
42
#include <stdio.h> /* fprintf(), stderr, fwrite(),
43
stdout, ferror(), remove() */
44
#include <stdint.h> /* uint16_t, uint32_t */
45
#include <stddef.h> /* NULL, size_t, ssize_t */
46
#include <stdlib.h> /* free(), EXIT_SUCCESS, srand(),
47
strtof(), abort() */
48
#include <stdbool.h> /* bool, false, true */
49
#include <string.h> /* memset(), strcmp(), strlen(),
50
strerror(), asprintf(), strcpy() */
51
#include <sys/ioctl.h> /* ioctl */
52
#include <sys/types.h> /* socket(), inet_pton(), sockaddr,
53
sockaddr_in6, PF_INET6,
54
SOCK_STREAM, uid_t, gid_t, open(),
55
opendir(), DIR */
56
#include <sys/stat.h> /* open() */
57
#include <sys/socket.h> /* socket(), struct sockaddr_in6,
58
inet_pton(), connect() */
59
#include <fcntl.h> /* open() */
60
#include <dirent.h> /* opendir(), struct dirent, readdir()
61
*/
62
#include <inttypes.h> /* PRIu16, PRIdMAX, intmax_t,
63
strtoimax() */
64
#include <assert.h> /* assert() */
65
#include <errno.h> /* perror(), errno */
66
#include <time.h> /* nanosleep(), time() */
67
#include <net/if.h> /* ioctl, ifreq, SIOCGIFFLAGS, IFF_UP,
68
SIOCSIFFLAGS, if_indextoname(),
69
if_nametoindex(), IF_NAMESIZE */
70
#include <netinet/in.h> /* IN6_IS_ADDR_LINKLOCAL,
71
INET_ADDRSTRLEN, INET6_ADDRSTRLEN
72
*/
73
#include <unistd.h> /* close(), SEEK_SET, off_t, write(),
74
getuid(), getgid(), seteuid(),
75
setgid(), pause() */
76
#include <arpa/inet.h> /* inet_pton(), htons */
77
#include <iso646.h> /* not, or, and */
78
#include <argp.h> /* struct argp_option, error_t, struct
79
argp_state, struct argp,
80
argp_parse(), ARGP_KEY_ARG,
81
ARGP_KEY_END, ARGP_ERR_UNKNOWN */
82
#include <signal.h> /* sigemptyset(), sigaddset(),
83
sigaction(), SIGTERM, sig_atomic_t,
84
raise() */
85
#include <sysexits.h> /* EX_OSERR, EX_USAGE, EX_UNAVAILABLE,
86
EX_NOHOST, EX_IOERR, EX_PROTOCOL */
87
88
#ifdef __linux__
89
#include <sys/klog.h> /* klogctl() */
90
#endif /* __linux__ */
91
92
/* Avahi */
93
/* All Avahi types, constants and functions
94
Avahi*, avahi_*,
95
AVAHI_* */
36
37
#include <stdio.h>
38
#include <assert.h>
39
#include <stdlib.h>
40
#include <time.h>
41
#include <net/if.h> /* if_nametoindex */
42
96
43
#include <avahi-core/core.h>
97
44
#include <avahi-core/lookup.h>
98
45
#include <avahi-core/log.h>
100
47
#include <avahi-common/malloc.h>
101
48
#include <avahi-common/error.h>
102
49
103
/* GnuTLS */
104
#include <gnutls/gnutls.h> /* All GnuTLS types, constants and
105
functions:
106
gnutls_*
107
init_gnutls_session(),
108
GNUTLS_* */
109
#include <gnutls/openpgp.h>
110
/* gnutls_certificate_set_openpgp_key_file(),
111
GNUTLS_OPENPGP_FMT_BASE64 */
112
113
/* GPGME */
114
#include <gpgme.h> /* All GPGME types, constants and
115
functions:
116
gpgme_*
117
GPGME_PROTOCOL_OpenPGP,
118
GPG_ERR_NO_* */
50
//mandos client part
51
#include <sys/types.h> /* socket(), inet_pton() */
52
#include <sys/socket.h> /* socket(), struct sockaddr_in6,
53
struct in6_addr, inet_pton() */
54
#include <gnutls/gnutls.h> /* All GnuTLS stuff */
55
#include <gnutls/openpgp.h> /* GnuTLS with openpgp stuff */
56
57
#include <unistd.h> /* close() */
58
#include <netinet/in.h>
59
#include <stdbool.h> /* true */
60
#include <string.h> /* memset */
61
#include <arpa/inet.h> /* inet_pton() */
62
#include <iso646.h> /* not */
63
64
// gpgme
65
#include <errno.h> /* perror() */
66
#include <gpgme.h>
67
68
// getopt long
69
#include <getopt.h>
119
70
120
71
#define BUFFER_SIZE 256
72
#define DH_BITS 1024
121
73
122
#define PATHDIR "/conf/conf.d/mandos"
123
#define SECKEY "seckey.txt"
124
#define PUBKEY "pubkey.txt"
74
const char *certdir = "/conf/conf.d/cryptkeyreq/";
75
const char *certfile = "openpgp-client.txt";
76
const char *certkey = "openpgp-client-key.txt";
125
77
126
78
bool debug = false;
127
static const char mandos_protocol_version[] = "1";
128
const char *argp_program_version = "mandos-client " VERSION;
129
const char *argp_program_bug_address = "<mandos@fukt.bsnet.se>";
130
79
131
/* Used for passing in values through the Avahi callback functions */
132
80
typedef struct {
133
AvahiSimplePoll *simple_poll;
134
AvahiServer *server;
81
gnutls_session_t session;
135
82
gnutls_certificate_credentials_t cred;
136
unsigned int dh_bits;
137
83
gnutls_dh_params_t dh_params;
138
const char *priority;
84
} encrypted_session;
85
86
87
ssize_t pgp_packet_decrypt (char *packet, size_t packet_size,
88
char **new_packet, const char *homedir){
89
gpgme_data_t dh_crypto, dh_plain;
139
90
gpgme_ctx_t ctx;
140
} mandos_context;
141
142
/* global context so signal handler can reach it*/
143
mandos_context mc = { .simple_poll = NULL, .server = NULL,
144
.dh_bits = 1024, .priority = "SECURE256"
145
":!CTYPE-X.509:+CTYPE-OPENPGP" };
146
147
sig_atomic_t quit_now = 0;
148
int signal_received = 0;
149
150
/*
151
* Make additional room in "buffer" for at least BUFFER_SIZE more
152
* bytes. "buffer_capacity" is how much is currently allocated,
153
* "buffer_length" is how much is already used.
154
*/
155
size_t incbuffer(char **buffer, size_t buffer_length,
156
size_t buffer_capacity){
157
if(buffer_length + BUFFER_SIZE > buffer_capacity){
158
*buffer = realloc(*buffer, buffer_capacity + BUFFER_SIZE);
159
if(buffer == NULL){
160
return 0;
161
}
162
buffer_capacity += BUFFER_SIZE;
163
}
164
return buffer_capacity;
165
}
166
167
/*
168
* Initialize GPGME.
169
*/
170
static bool init_gpgme(const char *seckey,
171
const char *pubkey, const char *tempdir){
172
91
gpgme_error_t rc;
92
ssize_t ret;
93
ssize_t new_packet_capacity = 0;
94
ssize_t new_packet_length = 0;
173
95
gpgme_engine_info_t engine_info;
174
175
176
/*
177
* Helper function to insert pub and seckey to the engine keyring.
178
*/
179
bool import_key(const char *filename){
180
int ret;
181
int fd;
182
gpgme_data_t pgp_data;
183
184
fd = (int)TEMP_FAILURE_RETRY(open(filename, O_RDONLY));
185
if(fd == -1){
186
perror("open");
187
return false;
188
}
189
190
rc = gpgme_data_new_from_fd(&pgp_data, fd);
191
if(rc != GPG_ERR_NO_ERROR){
192
fprintf(stderr, "bad gpgme_data_new_from_fd: %s: %s\n",
193
gpgme_strsource(rc), gpgme_strerror(rc));
194
return false;
195
}
196
197
rc = gpgme_op_import(mc.ctx, pgp_data);
198
if(rc != GPG_ERR_NO_ERROR){
199
fprintf(stderr, "bad gpgme_op_import: %s: %s\n",
200
gpgme_strsource(rc), gpgme_strerror(rc));
201
return false;
202
}
203
204
ret = (int)TEMP_FAILURE_RETRY(close(fd));
205
if(ret == -1){
206
perror("close");
207
}
208
gpgme_data_release(pgp_data);
209
return true;
210
}
211
212
if(debug){
213
fprintf(stderr, "Initializing GPGME\n");
96
97
if (debug){
98
fprintf(stderr, "Trying to decrypt OpenPGP packet\n");
214
99
}
215
100
216
101
/* Init GPGME */
217
102
gpgme_check_version(NULL);
218
103
rc = gpgme_engine_check_version(GPGME_PROTOCOL_OpenPGP);
219
if(rc != GPG_ERR_NO_ERROR){
104
if (rc != GPG_ERR_NO_ERROR){
220
105
fprintf(stderr, "bad gpgme_engine_check_version: %s: %s\n",
221
106
gpgme_strsource(rc), gpgme_strerror(rc));
222
return false;
107
return -1;
223
108
}
224
109
225
/* Set GPGME home directory for the OpenPGP engine only */
226
rc = gpgme_get_engine_info(&engine_info);
227
if(rc != GPG_ERR_NO_ERROR){
110
/* Set GPGME home directory */
111
rc = gpgme_get_engine_info (&engine_info);
112
if (rc != GPG_ERR_NO_ERROR){
228
113
fprintf(stderr, "bad gpgme_get_engine_info: %s: %s\n",
229
114
gpgme_strsource(rc), gpgme_strerror(rc));
230
return false;
115
return -1;
231
116
}
232
117
while(engine_info != NULL){
233
118
if(engine_info->protocol == GPGME_PROTOCOL_OpenPGP){
234
119
gpgme_set_engine_info(GPGME_PROTOCOL_OpenPGP,
235
engine_info->file_name, tempdir);
120
engine_info->file_name, homedir);
236
121
break;
237
122
}
238
123
engine_info = engine_info->next;
239
124
}
240
125
if(engine_info == NULL){
241
fprintf(stderr, "Could not set GPGME home dir to %s\n", tempdir);
242
return false;
243
}
244
245
/* Create new GPGME "context" */
246
rc = gpgme_new(&(mc.ctx));
247
if(rc != GPG_ERR_NO_ERROR){
248
fprintf(stderr, "bad gpgme_new: %s: %s\n",
249
gpgme_strsource(rc), gpgme_strerror(rc));
250
return false;
251
}
252
253
if(not import_key(pubkey) or not import_key(seckey)){
254
return false;
255
}
256
257
return true;
258
}
259
260
/*
261
* Decrypt OpenPGP data.
262
* Returns -1 on error
263
*/
264
static ssize_t pgp_packet_decrypt(const char *cryptotext,
265
size_t crypto_size,
266
char **plaintext){
267
gpgme_data_t dh_crypto, dh_plain;
268
gpgme_error_t rc;
269
ssize_t ret;
270
size_t plaintext_capacity = 0;
271
ssize_t plaintext_length = 0;
272
273
if(debug){
274
fprintf(stderr, "Trying to decrypt OpenPGP data\n");
275
}
276
277
/* Create new GPGME data buffer from memory cryptotext */
278
rc = gpgme_data_new_from_mem(&dh_crypto, cryptotext, crypto_size,
279
0);
280
if(rc != GPG_ERR_NO_ERROR){
126
fprintf(stderr, "Could not set home dir to %s\n", homedir);
127
return -1;
128
}
129
130
/* Create new GPGME data buffer from packet buffer */
131
rc = gpgme_data_new_from_mem(&dh_crypto, packet, packet_size, 0);
132
if (rc != GPG_ERR_NO_ERROR){
281
133
fprintf(stderr, "bad gpgme_data_new_from_mem: %s: %s\n",
282
134
gpgme_strsource(rc), gpgme_strerror(rc));
283
135
return -1;
285
137
286
138
/* Create new empty GPGME data buffer for the plaintext */
287
139
rc = gpgme_data_new(&dh_plain);
288
if(rc != GPG_ERR_NO_ERROR){
140
if (rc != GPG_ERR_NO_ERROR){
289
141
fprintf(stderr, "bad gpgme_data_new: %s: %s\n",
290
142
gpgme_strsource(rc), gpgme_strerror(rc));
291
gpgme_data_release(dh_crypto);
292
return -1;
293
}
294
295
/* Decrypt data from the cryptotext data buffer to the plaintext
296
data buffer */
297
rc = gpgme_op_decrypt(mc.ctx, dh_crypto, dh_plain);
298
if(rc != GPG_ERR_NO_ERROR){
143
return -1;
144
}
145
146
/* Create new GPGME "context" */
147
rc = gpgme_new(&ctx);
148
if (rc != GPG_ERR_NO_ERROR){
149
fprintf(stderr, "bad gpgme_new: %s: %s\n",
150
gpgme_strsource(rc), gpgme_strerror(rc));
151
return -1;
152
}
153
154
/* Decrypt data from the FILE pointer to the plaintext data
155
buffer */
156
rc = gpgme_op_decrypt(ctx, dh_crypto, dh_plain);
157
if (rc != GPG_ERR_NO_ERROR){
299
158
fprintf(stderr, "bad gpgme_op_decrypt: %s: %s\n",
300
159
gpgme_strsource(rc), gpgme_strerror(rc));
301
plaintext_length = -1;
302
if(debug){
303
gpgme_decrypt_result_t result;
304
result = gpgme_op_decrypt_result(mc.ctx);
305
if(result == NULL){
306
fprintf(stderr, "gpgme_op_decrypt_result failed\n");
307
} else {
308
fprintf(stderr, "Unsupported algorithm: %s\n",
309
result->unsupported_algorithm);
310
fprintf(stderr, "Wrong key usage: %u\n",
311
result->wrong_key_usage);
312
if(result->file_name != NULL){
313
fprintf(stderr, "File name: %s\n", result->file_name);
314
}
315
gpgme_recipient_t recipient;
316
recipient = result->recipients;
160
return -1;
161
}
162
163
if(debug){
164
fprintf(stderr, "Decryption of OpenPGP packet succeeded\n");
165
}
166
167
if (debug){
168
gpgme_decrypt_result_t result;
169
result = gpgme_op_decrypt_result(ctx);
170
if (result == NULL){
171
fprintf(stderr, "gpgme_op_decrypt_result failed\n");
172
} else {
173
fprintf(stderr, "Unsupported algorithm: %s\n",
174
result->unsupported_algorithm);
175
fprintf(stderr, "Wrong key usage: %d\n",
176
result->wrong_key_usage);
177
if(result->file_name != NULL){
178
fprintf(stderr, "File name: %s\n", result->file_name);
179
}
180
gpgme_recipient_t recipient;
181
recipient = result->recipients;
182
if(recipient){
317
183
while(recipient != NULL){
318
184
fprintf(stderr, "Public key algorithm: %s\n",
319
185
gpgme_pubkey_algo_name(recipient->pubkey_algo));
325
191
}
326
192
}
327
193
}
328
goto decrypt_end;
329
194
}
330
195
331
if(debug){
332
fprintf(stderr, "Decryption of OpenPGP data succeeded\n");
333
}
196
/* Delete the GPGME FILE pointer cryptotext data buffer */
197
gpgme_data_release(dh_crypto);
334
198
335
199
/* Seek back to the beginning of the GPGME plaintext data buffer */
336
if(gpgme_data_seek(dh_plain, (off_t)0, SEEK_SET) == -1){
337
perror("gpgme_data_seek");
338
plaintext_length = -1;
339
goto decrypt_end;
200
if (gpgme_data_seek(dh_plain, (off_t) 0, SEEK_SET) == -1){
201
perror("pgpme_data_seek");
340
202
}
341
203
342
*plaintext = NULL;
204
*new_packet = 0;
343
205
while(true){
344
plaintext_capacity = incbuffer(plaintext,
345
(size_t)plaintext_length,
346
plaintext_capacity);
347
if(plaintext_capacity == 0){
348
perror("incbuffer");
349
plaintext_length = -1;
350
goto decrypt_end;
206
if (new_packet_length + BUFFER_SIZE > new_packet_capacity){
207
*new_packet = realloc(*new_packet,
208
(unsigned int)new_packet_capacity
209
+ BUFFER_SIZE);
210
if (*new_packet == NULL){
211
perror("realloc");
212
return -1;
213
}
214
new_packet_capacity += BUFFER_SIZE;
351
215
}
352
216
353
ret = gpgme_data_read(dh_plain, *plaintext + plaintext_length,
217
ret = gpgme_data_read(dh_plain, *new_packet + new_packet_length,
354
218
BUFFER_SIZE);
355
219
/* Print the data, if any */
356
if(ret == 0){
357
/* EOF */
220
if (ret == 0){
358
221
break;
359
222
}
360
223
if(ret < 0){
361
224
perror("gpgme_data_read");
362
plaintext_length = -1;
363
goto decrypt_end;
364
}
365
plaintext_length += ret;
366
}
367
368
if(debug){
369
fprintf(stderr, "Decrypted password is: ");
370
for(ssize_t i = 0; i < plaintext_length; i++){
371
fprintf(stderr, "%02hhX ", (*plaintext)[i]);
372
}
373
fprintf(stderr, "\n");
374
}
375
376
decrypt_end:
377
378
/* Delete the GPGME cryptotext data buffer */
379
gpgme_data_release(dh_crypto);
225
return -1;
226
}
227
new_packet_length += ret;
228
}
229
230
/* FIXME: check characters before printing to screen so to not print
231
terminal control characters */
232
/* if(debug){ */
233
/* fprintf(stderr, "decrypted password is: "); */
234
/* fwrite(*new_packet, 1, new_packet_length, stderr); */
235
/* fprintf(stderr, "\n"); */
236
/* } */
380
237
381
238
/* Delete the GPGME plaintext data buffer */
382
239
gpgme_data_release(dh_plain);
383
return plaintext_length;
240
return new_packet_length;
384
241
}
385
242
386
static const char * safer_gnutls_strerror(int value){
387
const char *ret = gnutls_strerror(value); /* Spurious warning from
388
-Wunreachable-code */
389
if(ret == NULL)
243
static const char * safer_gnutls_strerror (int value) {
244
const char *ret = gnutls_strerror (value);
245
if (ret == NULL)
390
246
ret = "(unknown)";
391
247
return ret;
392
248
}
393
249
394
/* GnuTLS log function callback */
395
static void debuggnutls(__attribute__((unused)) int level,
396
const char* string){
397
fprintf(stderr, "GnuTLS: %s", string);
250
void debuggnutls(__attribute__((unused)) int level,
251
const char* string){
252
fprintf(stderr, "%s", string);
398
253
}
399
254
400
static int init_gnutls_global(const char *pubkeyfilename,
401
const char *seckeyfilename){
255
int initgnutls(encrypted_session *es){
256
const char *err;
402
257
int ret;
403
258
404
259
if(debug){
405
260
fprintf(stderr, "Initializing GnuTLS\n");
406
261
}
407
408
ret = gnutls_global_init();
409
if(ret != GNUTLS_E_SUCCESS){
410
fprintf(stderr, "GnuTLS global_init: %s\n",
411
safer_gnutls_strerror(ret));
262
263
if ((ret = gnutls_global_init ())
264
!= GNUTLS_E_SUCCESS) {
265
fprintf (stderr, "global_init: %s\n", safer_gnutls_strerror(ret));
412
266
return -1;
413
267
}
414
415
if(debug){
416
/* "Use a log level over 10 to enable all debugging options."
417
* - GnuTLS manual
418
*/
268
269
if (debug){
419
270
gnutls_global_set_log_level(11);
420
271
gnutls_global_set_log_function(debuggnutls);
421
272
}
422
273
423
/* OpenPGP credentials */
424
gnutls_certificate_allocate_credentials(&mc.cred);
425
if(ret != GNUTLS_E_SUCCESS){
426
fprintf(stderr, "GnuTLS memory error: %s\n", /* Spurious warning
427
from
428
-Wunreachable-code
429
*/
430
safer_gnutls_strerror(ret));
431
gnutls_global_deinit();
274
/* openpgp credentials */
275
if ((ret = gnutls_certificate_allocate_credentials (&es->cred))
276
!= GNUTLS_E_SUCCESS) {
277
fprintf (stderr, "memory error: %s\n",
278
safer_gnutls_strerror(ret));
432
279
return -1;
433
280
}
434
281
435
282
if(debug){
436
fprintf(stderr, "Attempting to use OpenPGP public key %s and"
437
" secret key %s as GnuTLS credentials\n", pubkeyfilename,
438
seckeyfilename);
283
fprintf(stderr, "Attempting to use OpenPGP certificate %s"
284
" and keyfile %s as GnuTLS credentials\n", certfile,
285
certkey);
439
286
}
440
287
441
288
ret = gnutls_certificate_set_openpgp_key_file
442
(mc.cred, pubkeyfilename, seckeyfilename,
443
GNUTLS_OPENPGP_FMT_BASE64);
444
if(ret != GNUTLS_E_SUCCESS){
445
fprintf(stderr,
446
"Error[%d] while reading the OpenPGP key pair ('%s',"
447
" '%s')\n", ret, pubkeyfilename, seckeyfilename);
448
fprintf(stderr, "The GnuTLS error is: %s\n",
449
safer_gnutls_strerror(ret));
450
goto globalfail;
451
}
452
453
/* GnuTLS server initialization */
454
ret = gnutls_dh_params_init(&mc.dh_params);
455
if(ret != GNUTLS_E_SUCCESS){
456
fprintf(stderr, "Error in GnuTLS DH parameter initialization:"
457
" %s\n", safer_gnutls_strerror(ret));
458
goto globalfail;
459
}
460
ret = gnutls_dh_params_generate2(mc.dh_params, mc.dh_bits);
461
if(ret != GNUTLS_E_SUCCESS){
462
fprintf(stderr, "Error in GnuTLS prime generation: %s\n",
463
safer_gnutls_strerror(ret));
464
goto globalfail;
465
}
466
467
gnutls_certificate_set_dh_params(mc.cred, mc.dh_params);
468
469
return 0;
470
471
globalfail:
472
473
gnutls_certificate_free_credentials(mc.cred);
474
gnutls_global_deinit();
475
gnutls_dh_params_deinit(mc.dh_params);
476
return -1;
477
}
478
479
static int init_gnutls_session(gnutls_session_t *session){
480
int ret;
481
/* GnuTLS session creation */
482
do {
483
ret = gnutls_init(session, GNUTLS_SERVER);
484
if(quit_now){
485
return -1;
486
}
487
} while(ret == GNUTLS_E_INTERRUPTED or ret == GNUTLS_E_AGAIN);
488
if(ret != GNUTLS_E_SUCCESS){
289
(es->cred, certfile, certkey, GNUTLS_OPENPGP_FMT_BASE64);
290
if (ret != GNUTLS_E_SUCCESS) {
291
fprintf
292
(stderr, "Error[%d] while reading the OpenPGP key pair ('%s',"
293
" '%s')\n",
294
ret, certfile, certkey);
295
fprintf(stdout, "The Error is: %s\n",
296
safer_gnutls_strerror(ret));
297
return -1;
298
}
299
300
//GnuTLS server initialization
301
if ((ret = gnutls_dh_params_init (&es->dh_params))
302
!= GNUTLS_E_SUCCESS) {
303
fprintf (stderr, "Error in dh parameter initialization: %s\n",
304
safer_gnutls_strerror(ret));
305
return -1;
306
}
307
308
if ((ret = gnutls_dh_params_generate2 (es->dh_params, DH_BITS))
309
!= GNUTLS_E_SUCCESS) {
310
fprintf (stderr, "Error in prime generation: %s\n",
311
safer_gnutls_strerror(ret));
312
return -1;
313
}
314
315
gnutls_certificate_set_dh_params (es->cred, es->dh_params);
316
317
// GnuTLS session creation
318
if ((ret = gnutls_init (&es->session, GNUTLS_SERVER))
319
!= GNUTLS_E_SUCCESS){
489
320
fprintf(stderr, "Error in GnuTLS session initialization: %s\n",
490
321
safer_gnutls_strerror(ret));
491
322
}
492
323
493
{
494
const char *err;
495
do {
496
ret = gnutls_priority_set_direct(*session, mc.priority, &err);
497
if(quit_now){
498
gnutls_deinit(*session);
499
return -1;
500
}
501
} while(ret == GNUTLS_E_INTERRUPTED or ret == GNUTLS_E_AGAIN);
502
if(ret != GNUTLS_E_SUCCESS){
503
fprintf(stderr, "Syntax error at: %s\n", err);
504
fprintf(stderr, "GnuTLS error: %s\n",
505
safer_gnutls_strerror(ret));
506
gnutls_deinit(*session);
507
return -1;
508
}
324
if ((ret = gnutls_priority_set_direct (es->session, "NORMAL", &err))
325
!= GNUTLS_E_SUCCESS) {
326
fprintf(stderr, "Syntax error at: %s\n", err);
327
fprintf(stderr, "GnuTLS error: %s\n",
328
safer_gnutls_strerror(ret));
329
return -1;
509
330
}
510
331
511
do {
512
ret = gnutls_credentials_set(*session, GNUTLS_CRD_CERTIFICATE,
513
mc.cred);
514
if(quit_now){
515
gnutls_deinit(*session);
516
return -1;
517
}
518
} while(ret == GNUTLS_E_INTERRUPTED or ret == GNUTLS_E_AGAIN);
519
if(ret != GNUTLS_E_SUCCESS){
520
fprintf(stderr, "Error setting GnuTLS credentials: %s\n",
332
if ((ret = gnutls_credentials_set
333
(es->session, GNUTLS_CRD_CERTIFICATE, es->cred))
334
!= GNUTLS_E_SUCCESS) {
335
fprintf(stderr, "Error setting a credentials set: %s\n",
521
336
safer_gnutls_strerror(ret));
522
gnutls_deinit(*session);
523
337
return -1;
524
338
}
525
339
526
340
/* ignore client certificate if any. */
527
gnutls_certificate_server_set_request(*session, GNUTLS_CERT_IGNORE);
341
gnutls_certificate_server_set_request (es->session,
342
GNUTLS_CERT_IGNORE);
528
343
529
gnutls_dh_set_prime_bits(*session, mc.dh_bits);
344
gnutls_dh_set_prime_bits (es->session, DH_BITS);
530
345
531
346
return 0;
532
347
}
533
348
534
/* Avahi log function callback */
535
static void empty_log(__attribute__((unused)) AvahiLogLevel level,
536
__attribute__((unused)) const char *txt){}
349
void empty_log(__attribute__((unused)) AvahiLogLevel level,
350
__attribute__((unused)) const char *txt){}
537
351
538
/* Called when a Mandos server is found */
539
static int start_mandos_communication(const char *ip, uint16_t port,
540
AvahiIfIndex if_index,
541
int af){
542
int ret, tcp_sd = -1;
543
ssize_t sret;
544
union {
545
struct sockaddr_in in;
546
struct sockaddr_in6 in6;
547
} to;
352
int start_mandos_communication(const char *ip, uint16_t port,
353
unsigned int if_index){
354
int ret, tcp_sd;
355
struct sockaddr_in6 to;
356
encrypted_session es;
548
357
char *buffer = NULL;
549
char *decrypted_buffer = NULL;
358
char *decrypted_buffer;
550
359
size_t buffer_length = 0;
551
360
size_t buffer_capacity = 0;
552
size_t written;
553
int retval = -1;
554
gnutls_session_t session;
555
int pf; /* Protocol family */
556
557
errno = 0;
558
559
if(quit_now){
560
errno = EINTR;
561
return -1;
562
}
563
564
switch(af){
565
case AF_INET6:
566
pf = PF_INET6;
567
break;
568
case AF_INET:
569
pf = PF_INET;
570
break;
571
default:
572
fprintf(stderr, "Bad address family: %d\n", af);
573
errno = EINVAL;
574
return -1;
575
}
576
577
ret = init_gnutls_session(&session);
578
if(ret != 0){
579
return -1;
580
}
361
ssize_t decrypted_buffer_size;
362
size_t written = 0;
363
int retval = 0;
364
char interface[IF_NAMESIZE];
581
365
582
366
if(debug){
583
fprintf(stderr, "Setting up a TCP connection to %s, port %" PRIu16
584
"\n", ip, port);
367
fprintf(stderr, "Setting up a tcp connection to %s\n", ip);
585
368
}
586
369
587
tcp_sd = socket(pf, SOCK_STREAM, 0);
588
if(tcp_sd < 0){
589
int e = errno;
370
tcp_sd = socket(PF_INET6, SOCK_STREAM, 0);
371
if(tcp_sd < 0) {
590
372
perror("socket");
591
errno = e;
592
goto mandos_end;
593
}
594
595
if(quit_now){
596
errno = EINTR;
597
goto mandos_end;
598
}
599
600
memset(&to, 0, sizeof(to));
601
if(af == AF_INET6){
602
to.in6.sin6_family = (sa_family_t)af;
603
ret = inet_pton(af, ip, &to.in6.sin6_addr);
604
} else { /* IPv4 */
605
to.in.sin_family = (sa_family_t)af;
606
ret = inet_pton(af, ip, &to.in.sin_addr);
607
}
608
if(ret < 0 ){
609
int e = errno;
373
return -1;
374
}
375
376
if(if_indextoname(if_index, interface) == NULL){
377
if(debug){
378
perror("if_indextoname");
379
}
380
return -1;
381
}
382
383
if(debug){
384
fprintf(stderr, "Binding to interface %s\n", interface);
385
}
386
387
memset(&to,0,sizeof(to)); /* Spurious warning */
388
to.sin6_family = AF_INET6;
389
ret = inet_pton(AF_INET6, ip, &to.sin6_addr);
390
if (ret < 0 ){
610
391
perror("inet_pton");
611
errno = e;
612
goto mandos_end;
613
}
392
return -1;
393
}
614
394
if(ret == 0){
615
int e = errno;
616
395
fprintf(stderr, "Bad address: %s\n", ip);
617
errno = e;
618
goto mandos_end;
619
}
620
if(af == AF_INET6){
621
to.in6.sin6_port = htons(port); /* Spurious warnings from
622
-Wconversion and
623
-Wunreachable-code */
624
625
if(IN6_IS_ADDR_LINKLOCAL /* Spurious warnings from */
626
(&to.in6.sin6_addr)){ /* -Wstrict-aliasing=2 or lower and
627
-Wunreachable-code*/
628
if(if_index == AVAHI_IF_UNSPEC){
629
fprintf(stderr, "An IPv6 link-local address is incomplete"
630
" without a network interface\n");
631
errno = EINVAL;
632
goto mandos_end;
633
}
634
/* Set the network interface number as scope */
635
to.in6.sin6_scope_id = (uint32_t)if_index;
636
}
637
} else {
638
to.in.sin_port = htons(port); /* Spurious warnings from
639
-Wconversion and
640
-Wunreachable-code */
641
}
396
return -1;
397
}
398
to.sin6_port = htons(port); /* Spurious warning */
642
399
643
if(quit_now){
644
errno = EINTR;
645
goto mandos_end;
646
}
400
to.sin6_scope_id = (uint32_t)if_index;
647
401
648
402
if(debug){
649
if(af == AF_INET6 and if_index != AVAHI_IF_UNSPEC){
650
char interface[IF_NAMESIZE];
651
if(if_indextoname((unsigned int)if_index, interface) == NULL){
652
perror("if_indextoname");
653
} else {
654
fprintf(stderr, "Connection to: %s%%%s, port %" PRIu16 "\n",
655
ip, interface, port);
656
}
657
} else {
658
fprintf(stderr, "Connection to: %s, port %" PRIu16 "\n", ip,
659
port);
660
}
661
char addrstr[(INET_ADDRSTRLEN > INET6_ADDRSTRLEN) ?
662
INET_ADDRSTRLEN : INET6_ADDRSTRLEN] = "";
663
const char *pcret;
664
if(af == AF_INET6){
665
pcret = inet_ntop(af, &(to.in6.sin6_addr), addrstr,
666
sizeof(addrstr));
667
} else {
668
pcret = inet_ntop(af, &(to.in.sin_addr), addrstr,
669
sizeof(addrstr));
670
}
671
if(pcret == NULL){
672
perror("inet_ntop");
673
} else {
674
if(strcmp(addrstr, ip) != 0){
675
fprintf(stderr, "Canonical address form: %s\n", addrstr);
676
}
677
}
678
}
679
680
if(quit_now){
681
errno = EINTR;
682
goto mandos_end;
683
}
684
685
if(af == AF_INET6){
686
ret = connect(tcp_sd, &to.in6, sizeof(to));
687
} else {
688
ret = connect(tcp_sd, &to.in, sizeof(to)); /* IPv4 */
689
}
690
if(ret < 0){
691
int e = errno;
403
fprintf(stderr, "Connection to: %s\n", ip);
404
}
405
406
ret = connect(tcp_sd, (struct sockaddr *) &to, sizeof(to));
407
if (ret < 0){
692
408
perror("connect");
693
errno = e;
694
goto mandos_end;
695
}
696
697
if(quit_now){
698
errno = EINTR;
699
goto mandos_end;
700
}
701
702
const char *out = mandos_protocol_version;
703
written = 0;
704
while(true){
705
size_t out_size = strlen(out);
706
ret = (int)TEMP_FAILURE_RETRY(write(tcp_sd, out + written,
707
out_size - written));
708
if(ret == -1){
709
int e = errno;
710
perror("write");
711
errno = e;
712
goto mandos_end;
713
}
714
written += (size_t)ret;
715
if(written < out_size){
716
continue;
717
} else {
718
if(out == mandos_protocol_version){
719
written = 0;
720
out = "\r\n";
721
} else {
722
break;
723
}
724
}
725
726
if(quit_now){
727
errno = EINTR;
728
goto mandos_end;
729
}
730
}
409
return -1;
410
}
411
412
ret = initgnutls (&es);
413
if (ret != 0){
414
retval = -1;
415
return -1;
416
}
417
418
gnutls_transport_set_ptr (es.session,
419
(gnutls_transport_ptr_t) tcp_sd);
731
420
732
421
if(debug){
733
422
fprintf(stderr, "Establishing TLS session with %s\n", ip);
734
423
}
735
424
736
if(quit_now){
737
errno = EINTR;
738
goto mandos_end;
739
}
740
741
gnutls_transport_set_ptr(session, (gnutls_transport_ptr_t) tcp_sd);
742
743
if(quit_now){
744
errno = EINTR;
745
goto mandos_end;
746
}
747
748
do {
749
ret = gnutls_handshake(session);
750
if(quit_now){
751
errno = EINTR;
752
goto mandos_end;
753
}
754
} while(ret == GNUTLS_E_AGAIN or ret == GNUTLS_E_INTERRUPTED);
755
756
if(ret != GNUTLS_E_SUCCESS){
425
ret = gnutls_handshake (es.session);
426
427
if (ret != GNUTLS_E_SUCCESS){
757
428
if(debug){
758
fprintf(stderr, "*** GnuTLS Handshake failed ***\n");
759
gnutls_perror(ret);
429
fprintf(stderr, "\n*** Handshake failed ***\n");
430
gnutls_perror (ret);
760
431
}
761
errno = EPROTO;
762
goto mandos_end;
432
retval = -1;
433
goto exit;
763
434
}
764
435
765
/* Read OpenPGP packet that contains the wanted password */
436
//Retrieve OpenPGP packet that contains the wanted password
766
437
767
438
if(debug){
768
fprintf(stderr, "Retrieving OpenPGP encrypted password from %s\n",
439
fprintf(stderr, "Retrieving pgp encrypted password from %s\n",
769
440
ip);
770
441
}
771
442
772
443
while(true){
773
774
if(quit_now){
775
errno = EINTR;
776
goto mandos_end;
777
}
778
779
buffer_capacity = incbuffer(&buffer, buffer_length,
780
buffer_capacity);
781
if(buffer_capacity == 0){
782
int e = errno;
783
perror("incbuffer");
784
errno = e;
785
goto mandos_end;
786
}
787
788
if(quit_now){
789
errno = EINTR;
790
goto mandos_end;
791
}
792
793
sret = gnutls_record_recv(session, buffer+buffer_length,
794
BUFFER_SIZE);
795
if(sret == 0){
444
if (buffer_length + BUFFER_SIZE > buffer_capacity){
445
buffer = realloc(buffer, buffer_capacity + BUFFER_SIZE);
446
if (buffer == NULL){
447
perror("realloc");
448
goto exit;
449
}
450
buffer_capacity += BUFFER_SIZE;
451
}
452
453
ret = gnutls_record_recv
454
(es.session, buffer+buffer_length, BUFFER_SIZE);
455
if (ret == 0){
796
456
break;
797
457
}
798
if(sret < 0){
799
switch(sret){
458
if (ret < 0){
459
switch(ret){
800
460
case GNUTLS_E_INTERRUPTED:
801
461
case GNUTLS_E_AGAIN:
802
462
break;
803
463
case GNUTLS_E_REHANDSHAKE:
804
do {
805
ret = gnutls_handshake(session);
806
807
if(quit_now){
808
errno = EINTR;
809
goto mandos_end;
810
}
811
} while(ret == GNUTLS_E_AGAIN or ret == GNUTLS_E_INTERRUPTED);
812
if(ret < 0){
813
fprintf(stderr, "*** GnuTLS Re-handshake failed ***\n");
814
gnutls_perror(ret);
815
errno = EPROTO;
816
goto mandos_end;
464
ret = gnutls_handshake (es.session);
465
if (ret < 0){
466
fprintf(stderr, "\n*** Handshake failed ***\n");
467
gnutls_perror (ret);
468
retval = -1;
469
goto exit;
817
470
}
818
471
break;
819
472
default:
820
473
fprintf(stderr, "Unknown error while reading data from"
821
" encrypted session with Mandos server\n");
822
gnutls_bye(session, GNUTLS_SHUT_RDWR);
823
errno = EIO;
824
goto mandos_end;
474
" encrypted session with mandos server\n");
475
retval = -1;
476
gnutls_bye (es.session, GNUTLS_SHUT_RDWR);
477
goto exit;
825
478
}
826
479
} else {
827
buffer_length += (size_t) sret;
828
}
829
}
830
831
if(debug){
832
fprintf(stderr, "Closing TLS session\n");
833
}
834
835
if(quit_now){
836
errno = EINTR;
837
goto mandos_end;
838
}
839
840
do {
841
ret = gnutls_bye(session, GNUTLS_SHUT_RDWR);
842
if(quit_now){
843
errno = EINTR;
844
goto mandos_end;
845
}
846
} while(ret == GNUTLS_E_AGAIN or ret == GNUTLS_E_INTERRUPTED);
847
848
if(buffer_length > 0){
849
ssize_t decrypted_buffer_size;
480
buffer_length += (size_t) ret;
481
}
482
}
483
484
if (buffer_length > 0){
850
485
decrypted_buffer_size = pgp_packet_decrypt(buffer,
851
486
buffer_length,
852
&decrypted_buffer);
853
if(decrypted_buffer_size >= 0){
854
855
written = 0;
856
while(written < (size_t) decrypted_buffer_size){
857
if(quit_now){
858
errno = EINTR;
859
goto mandos_end;
860
}
861
862
ret = (int)fwrite(decrypted_buffer + written, 1,
863
(size_t)decrypted_buffer_size - written,
864
stdout);
487
&decrypted_buffer,
488
certdir);
489
if (decrypted_buffer_size >= 0){
490
while(written < decrypted_buffer_size){
491
ret = (int)fwrite (decrypted_buffer + written, 1,
492
(size_t)decrypted_buffer_size - written,
493
stdout);
865
494
if(ret == 0 and ferror(stdout)){
866
int e = errno;
867
495
if(debug){
868
496
fprintf(stderr, "Error writing encrypted data: %s\n",
869
497
strerror(errno));
870
498
}
871
errno = e;
872
goto mandos_end;
499
retval = -1;
500
break;
873
501
}
874
502
written += (size_t)ret;
875
503
}
876
retval = 0;
877
}
878
}
879
880
/* Shutdown procedure */
881
882
mandos_end:
883
{
884
int e = errno;
885
free(decrypted_buffer);
886
free(buffer);
887
if(tcp_sd >= 0){
888
ret = (int)TEMP_FAILURE_RETRY(close(tcp_sd));
889
}
890
if(ret == -1){
891
if(e == 0){
892
e = errno;
893
}
894
perror("close");
895
}
896
gnutls_deinit(session);
897
if(quit_now){
898
e = EINTR;
504
free(decrypted_buffer);
505
} else {
899
506
retval = -1;
900
507
}
901
errno = e;
902
}
508
}
509
510
//shutdown procedure
511
512
if(debug){
513
fprintf(stderr, "Closing TLS session\n");
514
}
515
516
free(buffer);
517
gnutls_bye (es.session, GNUTLS_SHUT_RDWR);
518
exit:
519
close(tcp_sd);
520
gnutls_deinit (es.session);
521
gnutls_certificate_free_credentials (es.cred);
522
gnutls_global_deinit ();
903
523
return retval;
904
524
}
905
525
906
static void resolve_callback(AvahiSServiceResolver *r,
907
AvahiIfIndex interface,
908
AvahiProtocol proto,
909
AvahiResolverEvent event,
910
const char *name,
911
const char *type,
912
const char *domain,
913
const char *host_name,
914
const AvahiAddress *address,
915
uint16_t port,
916
AVAHI_GCC_UNUSED AvahiStringList *txt,
917
AVAHI_GCC_UNUSED AvahiLookupResultFlags
918
flags,
919
AVAHI_GCC_UNUSED void* userdata){
920
assert(r);
526
static AvahiSimplePoll *simple_poll = NULL;
527
static AvahiServer *server = NULL;
528
529
static void resolve_callback(
530
AvahiSServiceResolver *r,
531
AvahiIfIndex interface,
532
AVAHI_GCC_UNUSED AvahiProtocol protocol,
533
AvahiResolverEvent event,
534
const char *name,
535
const char *type,
536
const char *domain,
537
const char *host_name,
538
const AvahiAddress *address,
539
uint16_t port,
540
AVAHI_GCC_UNUSED AvahiStringList *txt,
541
AVAHI_GCC_UNUSED AvahiLookupResultFlags flags,
542
AVAHI_GCC_UNUSED void* userdata) {
543
544
assert(r); /* Spurious warning */
921
545
922
546
/* Called whenever a service has been resolved successfully or
923
547
timed out */
924
548
925
if(quit_now){
926
return;
927
}
928
929
switch(event){
549
switch (event) {
930
550
default:
931
551
case AVAHI_RESOLVER_FAILURE:
932
fprintf(stderr, "(Avahi Resolver) Failed to resolve service '%s'"
933
" of type '%s' in domain '%s': %s\n", name, type, domain,
934
avahi_strerror(avahi_server_errno(mc.server)));
552
fprintf(stderr, "(Resolver) Failed to resolve service '%s' of"
553
" type '%s' in domain '%s': %s\n", name, type, domain,
554
avahi_strerror(avahi_server_errno(server)));
935
555
break;
936
556
937
557
case AVAHI_RESOLVER_FOUND:
939
559
char ip[AVAHI_ADDRESS_STR_MAX];
940
560
avahi_address_snprint(ip, sizeof(ip), address);
941
561
if(debug){
942
fprintf(stderr, "Mandos server \"%s\" found on %s (%s, %"
943
PRIdMAX ") on port %" PRIu16 "\n", name, host_name,
944
ip, (intmax_t)interface, port);
562
fprintf(stderr, "Mandos server \"%s\" found on %s (%s) on"
563
" port %d\n", name, host_name, ip, port);
945
564
}
946
int ret = start_mandos_communication(ip, port, interface,
947
avahi_proto_to_af(proto));
948
if(ret == 0){
949
avahi_simple_poll_quit(mc.simple_poll);
565
int ret = start_mandos_communication(ip, port,
566
(unsigned int) interface);
567
if (ret == 0){
568
exit(EXIT_SUCCESS);
950
569
}
951
570
}
952
571
}
953
572
avahi_s_service_resolver_free(r);
954
573
}
955
574
956
static void browse_callback(AvahiSServiceBrowser *b,
957
AvahiIfIndex interface,
958
AvahiProtocol protocol,
959
AvahiBrowserEvent event,
960
const char *name,
961
const char *type,
962
const char *domain,
963
AVAHI_GCC_UNUSED AvahiLookupResultFlags
964
flags,
965
AVAHI_GCC_UNUSED void* userdata){
966
assert(b);
967
968
/* Called whenever a new services becomes available on the LAN or
969
is removed from the LAN */
970
971
if(quit_now){
972
return;
973
}
974
975
switch(event){
976
default:
977
case AVAHI_BROWSER_FAILURE:
978
979
fprintf(stderr, "(Avahi browser) %s\n",
980
avahi_strerror(avahi_server_errno(mc.server)));
981
avahi_simple_poll_quit(mc.simple_poll);
982
return;
983
984
case AVAHI_BROWSER_NEW:
985
/* We ignore the returned Avahi resolver object. In the callback
986
function we free it. If the Avahi server is terminated before
987
the callback function is called the Avahi server will free the
988
resolver for us. */
989
990
if(avahi_s_service_resolver_new(mc.server, interface, protocol,
991
name, type, domain, protocol, 0,
992
resolve_callback, NULL) == NULL)
993
fprintf(stderr, "Avahi: Failed to resolve service '%s': %s\n",
994
name, avahi_strerror(avahi_server_errno(mc.server)));
995
break;
996
997
case AVAHI_BROWSER_REMOVE:
998
break;
999
1000
case AVAHI_BROWSER_ALL_FOR_NOW:
1001
case AVAHI_BROWSER_CACHE_EXHAUSTED:
1002
if(debug){
1003
fprintf(stderr, "No Mandos server found, still searching...\n");
575
static void browse_callback(
576
AvahiSServiceBrowser *b,
577
AvahiIfIndex interface,
578
AvahiProtocol protocol,
579
AvahiBrowserEvent event,
580
const char *name,
581
const char *type,
582
const char *domain,
583
AVAHI_GCC_UNUSED AvahiLookupResultFlags flags,
584
void* userdata) {
585
586
AvahiServer *s = userdata;
587
assert(b); /* Spurious warning */
588
589
/* Called whenever a new services becomes available on the LAN or
590
is removed from the LAN */
591
592
switch (event) {
593
default:
594
case AVAHI_BROWSER_FAILURE:
595
596
fprintf(stderr, "(Browser) %s\n",
597
avahi_strerror(avahi_server_errno(server)));
598
avahi_simple_poll_quit(simple_poll);
599
return;
600
601
case AVAHI_BROWSER_NEW:
602
/* We ignore the returned resolver object. In the callback
603
function we free it. If the server is terminated before
604
the callback function is called the server will free
605
the resolver for us. */
606
607
if (!(avahi_s_service_resolver_new(s, interface, protocol, name,
608
type, domain,
609
AVAHI_PROTO_INET6, 0,
610
resolve_callback, s)))
611
fprintf(stderr, "Failed to resolve service '%s': %s\n", name,
612
avahi_strerror(avahi_server_errno(s)));
613
break;
614
615
case AVAHI_BROWSER_REMOVE:
616
break;
617
618
case AVAHI_BROWSER_ALL_FOR_NOW:
619
case AVAHI_BROWSER_CACHE_EXHAUSTED:
620
break;
1004
621
}
1005
break;
1006
}
1007
}
1008
1009
/* stop main loop after sigterm has been called */
1010
static void handle_sigterm(int sig){
1011
if(quit_now){
1012
return;
1013
}
1014
quit_now = 1;
1015
signal_received = sig;
1016
int old_errno = errno;
1017
if(mc.simple_poll != NULL){
1018
avahi_simple_poll_quit(mc.simple_poll);
1019
}
1020
errno = old_errno;
1021
}
1022
1023
int main(int argc, char *argv[]){
1024
AvahiSServiceBrowser *sb = NULL;
1025
int error;
1026
int ret;
1027
intmax_t tmpmax;
622
}
623
624
/* combinds file name and path and returns the malloced new string. som sane checks could/should be added */
625
const char *combinepath(const char *first, const char *second){
1028
626
char *tmp;
1029
int exitcode = EXIT_SUCCESS;
1030
const char *interface = "eth0";
1031
struct ifreq network;
1032
int sd = -1;
1033
bool take_down_interface = false;
1034
uid_t uid;
1035
gid_t gid;
1036
char *connect_to = NULL;
1037
char tempdir[] = "/tmp/mandosXXXXXX";
1038
bool tempdir_created = false;
1039
AvahiIfIndex if_index = AVAHI_IF_UNSPEC;
1040
const char *seckey = PATHDIR "/" SECKEY;
1041
const char *pubkey = PATHDIR "/" PUBKEY;
1042
1043
bool gnutls_initialized = false;
1044
bool gpgme_initialized = false;
1045
float delay = 2.5f;
1046
1047
struct sigaction old_sigterm_action = { .sa_handler = SIG_DFL };
1048
struct sigaction sigterm_action = { .sa_handler = handle_sigterm };
1049
1050
uid = getuid();
1051
gid = getgid();
1052
1053
/* Lower any group privileges we might have, just to be safe */
1054
errno = 0;
1055
ret = setgid(gid);
1056
if(ret == -1){
1057
perror("setgid");
1058
}
1059
1060
/* Lower user privileges (temporarily) */
1061
errno = 0;
1062
ret = seteuid(uid);
1063
if(ret == -1){
1064
perror("seteuid");
1065
}
1066
1067
if(quit_now){
1068
goto end;
1069
}
1070
1071
{
1072
struct argp_option options[] = {
1073
{ .name = "debug", .key = 128,
1074
.doc = "Debug mode", .group = 3 },
1075
{ .name = "connect", .key = 'c',
1076
.arg = "ADDRESS:PORT",
1077
.doc = "Connect directly to a specific Mandos server",
1078
.group = 1 },
1079
{ .name = "interface", .key = 'i',
1080
.arg = "NAME",
1081
.doc = "Network interface that will be used to search for"
1082
" Mandos servers",
1083
.group = 1 },
1084
{ .name = "seckey", .key = 's',
1085
.arg = "FILE",
1086
.doc = "OpenPGP secret key file base name",
1087
.group = 1 },
1088
{ .name = "pubkey", .key = 'p',
1089
.arg = "FILE",
1090
.doc = "OpenPGP public key file base name",
1091
.group = 2 },
1092
{ .name = "dh-bits", .key = 129,
1093
.arg = "BITS",
1094
.doc = "Bit length of the prime number used in the"
1095
" Diffie-Hellman key exchange",
1096
.group = 2 },
1097
{ .name = "priority", .key = 130,
1098
.arg = "STRING",
1099
.doc = "GnuTLS priority string for the TLS handshake",
1100
.group = 1 },
1101
{ .name = "delay", .key = 131,
1102
.arg = "SECONDS",
1103
.doc = "Maximum delay to wait for interface startup",
1104
.group = 2 },
1105
/*
1106
* These reproduce what we would get without ARGP_NO_HELP
1107
*/
1108
{ .name = "help", .key = '?',
1109
.doc = "Give this help list", .group = -1 },
1110
{ .name = "usage", .key = -3,
1111
.doc = "Give a short usage message", .group = -1 },
1112
{ .name = "version", .key = 'V',
1113
.doc = "Print program version", .group = -1 },
1114
{ .name = NULL }
1115
};
1116
1117
error_t parse_opt(int key, char *arg,
1118
struct argp_state *state){
1119
errno = 0;
1120
switch(key){
1121
case 128: /* --debug */
1122
debug = true;
1123
break;
1124
case 'c': /* --connect */
1125
connect_to = arg;
1126
break;
1127
case 'i': /* --interface */
1128
interface = arg;
1129
break;
1130
case 's': /* --seckey */
1131
seckey = arg;
1132
break;
1133
case 'p': /* --pubkey */
1134
pubkey = arg;
1135
break;
1136
case 129: /* --dh-bits */
1137
errno = 0;
1138
tmpmax = strtoimax(arg, &tmp, 10);
1139
if(errno != 0 or tmp == arg or *tmp != '\0'
1140
or tmpmax != (typeof(mc.dh_bits))tmpmax){
1141
argp_error(state, "Bad number of DH bits");
1142
}
1143
mc.dh_bits = (typeof(mc.dh_bits))tmpmax;
1144
break;
1145
case 130: /* --priority */
1146
mc.priority = arg;
1147
break;
1148
case 131: /* --delay */
1149
errno = 0;
1150
delay = strtof(arg, &tmp);
1151
if(errno != 0 or tmp == arg or *tmp != '\0'){
1152
argp_error(state, "Bad delay");
1153
}
1154
break;
1155
/*
1156
* These reproduce what we would get without ARGP_NO_HELP
1157
*/
1158
case '?': /* --help */
1159
argp_state_help(state, state->out_stream,
1160
(ARGP_HELP_STD_HELP | ARGP_HELP_EXIT_ERR)
1161
& ~(unsigned int)ARGP_HELP_EXIT_OK);
1162
case -3: /* --usage */
1163
argp_state_help(state, state->out_stream,
1164
ARGP_HELP_USAGE | ARGP_HELP_EXIT_ERR);
1165
case 'V': /* --version */
1166
fprintf(state->out_stream, "%s\n", argp_program_version);
1167
exit(argp_err_exit_status);
1168
break;
1169
default:
1170
return ARGP_ERR_UNKNOWN;
1171
}
1172
return errno;
1173
}
1174
1175
struct argp argp = { .options = options, .parser = parse_opt,
1176
.args_doc = "",
1177
.doc = "Mandos client -- Get and decrypt"
1178
" passwords from a Mandos server" };
1179
ret = argp_parse(&argp, argc, argv,
1180
ARGP_IN_ORDER | ARGP_NO_HELP, 0, NULL);
1181
switch(ret){
1182
case 0:
1183
break;
1184
case ENOMEM:
1185
default:
1186
errno = ret;
1187
perror("argp_parse");
1188
exitcode = EX_OSERR;
1189
goto end;
1190
case EINVAL:
1191
exitcode = EX_USAGE;
1192
goto end;
1193
}
1194
}
1195
1196
if(not debug){
1197
avahi_set_log_function(empty_log);
1198
}
1199
1200
/* Initialize Avahi early so avahi_simple_poll_quit() can be called
1201
from the signal handler */
1202
/* Initialize the pseudo-RNG for Avahi */
1203
srand((unsigned int) time(NULL));
1204
mc.simple_poll = avahi_simple_poll_new();
1205
if(mc.simple_poll == NULL){
1206
fprintf(stderr, "Avahi: Failed to create simple poll object.\n");
1207
exitcode = EX_UNAVAILABLE;
1208
goto end;
1209
}
1210
1211
sigemptyset(&sigterm_action.sa_mask);
1212
ret = sigaddset(&sigterm_action.sa_mask, SIGINT);
1213
if(ret == -1){
1214
perror("sigaddset");
1215
exitcode = EX_OSERR;
1216
goto end;
1217
}
1218
ret = sigaddset(&sigterm_action.sa_mask, SIGHUP);
1219
if(ret == -1){
1220
perror("sigaddset");
1221
exitcode = EX_OSERR;
1222
goto end;
1223
}
1224
ret = sigaddset(&sigterm_action.sa_mask, SIGTERM);
1225
if(ret == -1){
1226
perror("sigaddset");
1227
exitcode = EX_OSERR;
1228
goto end;
1229
}
1230
/* Need to check if the handler is SIG_IGN before handling:
1231
| [[info:libc:Initial Signal Actions]] |
1232
| [[info:libc:Basic Signal Handling]] |
1233
*/
1234
ret = sigaction(SIGINT, NULL, &old_sigterm_action);
1235
if(ret == -1){
1236
perror("sigaction");
1237
return EX_OSERR;
1238
}
1239
if(old_sigterm_action.sa_handler != SIG_IGN){
1240
ret = sigaction(SIGINT, &sigterm_action, NULL);
1241
if(ret == -1){
1242
perror("sigaction");
1243
exitcode = EX_OSERR;
1244
goto end;
1245
}
1246
}
1247
ret = sigaction(SIGHUP, NULL, &old_sigterm_action);
1248
if(ret == -1){
1249
perror("sigaction");
1250
return EX_OSERR;
1251
}
1252
if(old_sigterm_action.sa_handler != SIG_IGN){
1253
ret = sigaction(SIGHUP, &sigterm_action, NULL);
1254
if(ret == -1){
1255
perror("sigaction");
1256
exitcode = EX_OSERR;
1257
goto end;
1258
}
1259
}
1260
ret = sigaction(SIGTERM, NULL, &old_sigterm_action);
1261
if(ret == -1){
1262
perror("sigaction");
1263
return EX_OSERR;
1264
}
1265
if(old_sigterm_action.sa_handler != SIG_IGN){
1266
ret = sigaction(SIGTERM, &sigterm_action, NULL);
1267
if(ret == -1){
1268
perror("sigaction");
1269
exitcode = EX_OSERR;
1270
goto end;
1271
}
1272
}
1273
1274
/* If the interface is down, bring it up */
1275
if(interface[0] != '\0'){
1276
if_index = (AvahiIfIndex) if_nametoindex(interface);
1277
if(if_index == 0){
1278
fprintf(stderr, "No such interface: \"%s\"\n", interface);
1279
exitcode = EX_UNAVAILABLE;
1280
goto end;
1281
}
1282
1283
if(quit_now){
1284
goto end;
1285
}
1286
1287
/* Re-raise priviliges */
1288
errno = 0;
1289
ret = seteuid(0);
1290
if(ret == -1){
1291
perror("seteuid");
1292
}
1293
1294
#ifdef __linux__
1295
/* Lower kernel loglevel to KERN_NOTICE to avoid KERN_INFO
1296
messages about the network interface to mess up the prompt */
1297
ret = klogctl(8, NULL, 5);
1298
bool restore_loglevel = true;
1299
if(ret == -1){
1300
restore_loglevel = false;
1301
perror("klogctl");
1302
}
1303
#endif /* __linux__ */
1304
1305
sd = socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP);
1306
if(sd < 0){
1307
perror("socket");
1308
exitcode = EX_OSERR;
1309
#ifdef __linux__
1310
if(restore_loglevel){
1311
ret = klogctl(7, NULL, 0);
1312
if(ret == -1){
1313
perror("klogctl");
1314
}
1315
}
1316
#endif /* __linux__ */
1317
/* Lower privileges */
1318
errno = 0;
1319
ret = seteuid(uid);
1320
if(ret == -1){
1321
perror("seteuid");
1322
}
1323
goto end;
1324
}
1325
strcpy(network.ifr_name, interface);
1326
ret = ioctl(sd, SIOCGIFFLAGS, &network);
1327
if(ret == -1){
1328
perror("ioctl SIOCGIFFLAGS");
1329
#ifdef __linux__
1330
if(restore_loglevel){
1331
ret = klogctl(7, NULL, 0);
1332
if(ret == -1){
1333
perror("klogctl");
1334
}
1335
}
1336
#endif /* __linux__ */
1337
exitcode = EX_OSERR;
1338
/* Lower privileges */
1339
errno = 0;
1340
ret = seteuid(uid);
1341
if(ret == -1){
1342
perror("seteuid");
1343
}
1344
goto end;
1345
}
1346
if((network.ifr_flags & IFF_UP) == 0){
1347
network.ifr_flags |= IFF_UP;
1348
take_down_interface = true;
1349
ret = ioctl(sd, SIOCSIFFLAGS, &network);
1350
if(ret == -1){
1351
take_down_interface = false;
1352
perror("ioctl SIOCSIFFLAGS");
1353
exitcode = EX_OSERR;
1354
#ifdef __linux__
1355
if(restore_loglevel){
1356
ret = klogctl(7, NULL, 0);
1357
if(ret == -1){
1358
perror("klogctl");
1359
}
1360
}
1361
#endif /* __linux__ */
1362
/* Lower privileges */
1363
errno = 0;
1364
ret = seteuid(uid);
1365
if(ret == -1){
1366
perror("seteuid");
1367
}
1368
goto end;
1369
}
1370
}
1371
/* sleep checking until interface is running */
1372
for(int i=0; i < delay * 4; i++){
1373
ret = ioctl(sd, SIOCGIFFLAGS, &network);
1374
if(ret == -1){
1375
perror("ioctl SIOCGIFFLAGS");
1376
} else if(network.ifr_flags & IFF_RUNNING){
1377
break;
1378
}
1379
struct timespec sleeptime = { .tv_nsec = 250000000 };
1380
ret = nanosleep(&sleeptime, NULL);
1381
if(ret == -1 and errno != EINTR){
1382
perror("nanosleep");
1383
}
1384
}
1385
if(not take_down_interface){
1386
/* We won't need the socket anymore */
1387
ret = (int)TEMP_FAILURE_RETRY(close(sd));
1388
if(ret == -1){
1389
perror("close");
1390
}
1391
}
1392
#ifdef __linux__
1393
if(restore_loglevel){
1394
/* Restores kernel loglevel to default */
1395
ret = klogctl(7, NULL, 0);
1396
if(ret == -1){
1397
perror("klogctl");
1398
}
1399
}
1400
#endif /* __linux__ */
1401
/* Lower privileges */
1402
errno = 0;
1403
if(take_down_interface){
1404
/* Lower privileges */
1405
ret = seteuid(uid);
1406
if(ret == -1){
1407
perror("seteuid");
1408
}
1409
} else {
1410
/* Lower privileges permanently */
1411
ret = setuid(uid);
1412
if(ret == -1){
1413
perror("setuid");
1414
}
1415
}
1416
}
1417
1418
if(quit_now){
1419
goto end;
1420
}
1421
1422
ret = init_gnutls_global(pubkey, seckey);
1423
if(ret == -1){
1424
fprintf(stderr, "init_gnutls_global failed\n");
1425
exitcode = EX_UNAVAILABLE;
1426
goto end;
1427
} else {
1428
gnutls_initialized = true;
1429
}
1430
1431
if(quit_now){
1432
goto end;
1433
}
1434
1435
tempdir_created = true;
1436
if(mkdtemp(tempdir) == NULL){
1437
tempdir_created = false;
1438
perror("mkdtemp");
1439
goto end;
1440
}
1441
1442
if(quit_now){
1443
goto end;
1444
}
1445
1446
if(not init_gpgme(pubkey, seckey, tempdir)){
1447
fprintf(stderr, "init_gpgme failed\n");
1448
exitcode = EX_UNAVAILABLE;
1449
goto end;
1450
} else {
1451
gpgme_initialized = true;
1452
}
1453
1454
if(quit_now){
1455
goto end;
1456
}
1457
1458
if(connect_to != NULL){
1459
/* Connect directly, do not use Zeroconf */
1460
/* (Mainly meant for debugging) */
1461
char *address = strrchr(connect_to, ':');
1462
if(address == NULL){
1463
fprintf(stderr, "No colon in address\n");
1464
exitcode = EX_USAGE;
1465
goto end;
1466
}
1467
1468
if(quit_now){
1469
goto end;
1470
}
1471
1472
uint16_t port;
1473
errno = 0;
1474
tmpmax = strtoimax(address+1, &tmp, 10);
1475
if(errno != 0 or tmp == address+1 or *tmp != '\0'
1476
or tmpmax != (uint16_t)tmpmax){
1477
fprintf(stderr, "Bad port number\n");
1478
exitcode = EX_USAGE;
1479
goto end;
1480
}
1481
1482
if(quit_now){
1483
goto end;
1484
}
1485
1486
port = (uint16_t)tmpmax;
1487
*address = '\0';
1488
address = connect_to;
1489
/* Colon in address indicates IPv6 */
1490
int af;
1491
if(strchr(address, ':') != NULL){
1492
af = AF_INET6;
1493
} else {
1494
af = AF_INET;
1495
}
1496
1497
if(quit_now){
1498
goto end;
1499
}
1500
1501
ret = start_mandos_communication(address, port, if_index, af);
1502
if(ret < 0){
1503
switch(errno){
1504
case ENETUNREACH:
1505
case EHOSTDOWN:
1506
case EHOSTUNREACH:
1507
exitcode = EX_NOHOST;
1508
break;
1509
case EINVAL:
1510
exitcode = EX_USAGE;
1511
break;
1512
case EIO:
1513
exitcode = EX_IOERR;
1514
break;
1515
case EPROTO:
1516
exitcode = EX_PROTOCOL;
1517
break;
1518
default:
1519
exitcode = EX_OSERR;
1520
break;
1521
}
1522
} else {
1523
exitcode = EXIT_SUCCESS;
1524
}
1525
goto end;
1526
}
1527
1528
if(quit_now){
1529
goto end;
1530
}
1531
1532
{
627
tmp = malloc(strlen(first) + strlen(second) + 2);
628
if (tmp == NULL){
629
perror("malloc");
630
return NULL;
631
}
632
strcpy(tmp, first);
633
if (first[0] != '\0' and first[strlen(first) - 1] != '/'){
634
strcat(tmp, "/");
635
}
636
strcat(tmp, second);
637
return tmp;
638
}
639
640
641
int main(AVAHI_GCC_UNUSED int argc, AVAHI_GCC_UNUSED char*argv[]) {
1533
642
AvahiServerConfig config;
1534
/* Do not publish any local Zeroconf records */
643
AvahiSServiceBrowser *sb = NULL;
644
int error;
645
int ret;
646
int returncode = EXIT_SUCCESS;
647
const char *interface = "eth0";
648
649
while (true){
650
static struct option long_options[] = {
651
{"debug", no_argument, (int *)&debug, 1},
652
{"interface", required_argument, 0, 'i'},
653
{"certdir", required_argument, 0, 'd'},
654
{"certkey", required_argument, 0, 'c'},
655
{"certfile", required_argument, 0, 'k'},
656
{0, 0, 0, 0} };
657
658
int option_index = 0;
659
ret = getopt_long (argc, argv, "i:", long_options,
660
&option_index);
661
662
if (ret == -1){
663
break;
664
}
665
666
switch(ret){
667
case 0:
668
break;
669
case 'i':
670
interface = optarg;
671
break;
672
case 'd':
673
certdir = optarg;
674
break;
675
case 'c':
676
certfile = optarg;
677
break;
678
case 'k':
679
certkey = optarg;
680
break;
681
default:
682
exit(EXIT_FAILURE);
683
}
684
}
685
686
certfile = combinepath(certdir, certfile);
687
if (certfile == NULL){
688
goto exit;
689
}
690
691
certkey = combinepath(certdir, certkey);
692
if (certkey == NULL){
693
goto exit;
694
}
695
696
if (not debug){
697
avahi_set_log_function(empty_log);
698
}
699
700
/* Initialize the psuedo-RNG */
701
srand((unsigned int) time(NULL));
702
703
/* Allocate main loop object */
704
if (!(simple_poll = avahi_simple_poll_new())) {
705
fprintf(stderr, "Failed to create simple poll object.\n");
706
707
goto exit;
708
}
709
710
/* Do not publish any local records */
1535
711
avahi_server_config_init(&config);
1536
712
config.publish_hinfo = 0;
1537
713
config.publish_addresses = 0;
1538
714
config.publish_workstation = 0;
1539
715
config.publish_domain = 0;
1540
716
1541
717
/* Allocate a new server */
1542
mc.server = avahi_server_new(avahi_simple_poll_get
1543
(mc.simple_poll), &config, NULL,
1544
NULL, &error);
1545
1546
/* Free the Avahi configuration data */
718
server = avahi_server_new(avahi_simple_poll_get(simple_poll),
719
&config, NULL, NULL, &error);
720
721
/* Free the configuration data */
1547
722
avahi_server_config_free(&config);
1548
}
1549
1550
/* Check if creating the Avahi server object succeeded */
1551
if(mc.server == NULL){
1552
fprintf(stderr, "Failed to create Avahi server: %s\n",
1553
avahi_strerror(error));
1554
exitcode = EX_UNAVAILABLE;
1555
goto end;
1556
}
1557
1558
if(quit_now){
1559
goto end;
1560
}
1561
1562
/* Create the Avahi service browser */
1563
sb = avahi_s_service_browser_new(mc.server, if_index,
1564
AVAHI_PROTO_UNSPEC, "_mandos._tcp",
1565
NULL, 0, browse_callback, NULL);
1566
if(sb == NULL){
1567
fprintf(stderr, "Failed to create service browser: %s\n",
1568
avahi_strerror(avahi_server_errno(mc.server)));
1569
exitcode = EX_UNAVAILABLE;
1570
goto end;
1571
}
1572
1573
if(quit_now){
1574
goto end;
1575
}
1576
1577
/* Run the main loop */
1578
1579
if(debug){
1580
fprintf(stderr, "Starting Avahi loop search\n");
1581
}
1582
1583
avahi_simple_poll_loop(mc.simple_poll);
1584
1585
end:
1586
1587
if(debug){
1588
fprintf(stderr, "%s exiting\n", argv[0]);
1589
}
1590
1591
/* Cleanup things */
1592
if(sb != NULL)
1593
avahi_s_service_browser_free(sb);
1594
1595
if(mc.server != NULL)
1596
avahi_server_free(mc.server);
1597
1598
if(mc.simple_poll != NULL)
1599
avahi_simple_poll_free(mc.simple_poll);
1600
1601
if(gnutls_initialized){
1602
gnutls_certificate_free_credentials(mc.cred);
1603
gnutls_global_deinit();
1604
gnutls_dh_params_deinit(mc.dh_params);
1605
}
1606
1607
if(gpgme_initialized){
1608
gpgme_release(mc.ctx);
1609
}
1610
1611
/* Take down the network interface */
1612
if(take_down_interface){
1613
/* Re-raise priviliges */
1614
errno = 0;
1615
ret = seteuid(0);
1616
if(ret == -1){
1617
perror("seteuid");
1618
}
1619
if(geteuid() == 0){
1620
ret = ioctl(sd, SIOCGIFFLAGS, &network);
1621
if(ret == -1){
1622
perror("ioctl SIOCGIFFLAGS");
1623
} else if(network.ifr_flags & IFF_UP) {
1624
network.ifr_flags &= ~(short)IFF_UP; /* clear flag */
1625
ret = ioctl(sd, SIOCSIFFLAGS, &network);
1626
if(ret == -1){
1627
perror("ioctl SIOCSIFFLAGS");
1628
}
1629
}
1630
ret = (int)TEMP_FAILURE_RETRY(close(sd));
1631
if(ret == -1){
1632
perror("close");
1633
}
1634
/* Lower privileges permanently */
1635
errno = 0;
1636
ret = setuid(uid);
1637
if(ret == -1){
1638
perror("setuid");
1639
}
1640
}
1641
}
1642
1643
/* Removes the temp directory used by GPGME */
1644
if(tempdir_created){
1645
DIR *d;
1646
struct dirent *direntry;
1647
d = opendir(tempdir);
1648
if(d == NULL){
1649
if(errno != ENOENT){
1650
perror("opendir");
1651
}
1652
} else {
1653
while(true){
1654
direntry = readdir(d);
1655
if(direntry == NULL){
1656
break;
1657
}
1658
/* Skip "." and ".." */
1659
if(direntry->d_name[0] == '.'
1660
and (direntry->d_name[1] == '\0'
1661
or (direntry->d_name[1] == '.'
1662
and direntry->d_name[2] == '\0'))){
1663
continue;
1664
}
1665
char *fullname = NULL;
1666
ret = asprintf(&fullname, "%s/%s", tempdir,
1667
direntry->d_name);
1668
if(ret < 0){
1669
perror("asprintf");
1670
continue;
1671
}
1672
ret = remove(fullname);
1673
if(ret == -1){
1674
fprintf(stderr, "remove(\"%s\"): %s\n", fullname,
1675
strerror(errno));
1676
}
1677
free(fullname);
1678
}
1679
closedir(d);
1680
}
1681
ret = rmdir(tempdir);
1682
if(ret == -1 and errno != ENOENT){
1683
perror("rmdir");
1684
}
1685
}
1686
1687
if(quit_now){
1688
sigemptyset(&old_sigterm_action.sa_mask);
1689
old_sigterm_action.sa_handler = SIG_DFL;
1690
ret = (int)TEMP_FAILURE_RETRY(sigaction(signal_received,
1691
&old_sigterm_action,
1692
NULL));
1693
if(ret == -1){
1694
perror("sigaction");
1695
}
1696
do {
1697
ret = raise(signal_received);
1698
} while(ret != 0 and errno == EINTR);
1699
if(ret != 0){
1700
perror("raise");
1701
abort();
1702
}
1703
TEMP_FAILURE_RETRY(pause());
1704
}
1705
1706
return exitcode;
723
724
/* Check if creating the server object succeeded */
725
if (!server) {
726
fprintf(stderr, "Failed to create server: %s\n",
727
avahi_strerror(error));
728
returncode = EXIT_FAILURE;
729
goto exit;
730
}
731
732
/* Create the service browser */
733
sb = avahi_s_service_browser_new(server,
734
(AvahiIfIndex)
735
if_nametoindex(interface),
736
AVAHI_PROTO_INET6,
737
"_mandos._tcp", NULL, 0,
738
browse_callback, server);
739
if (!sb) {
740
fprintf(stderr, "Failed to create service browser: %s\n",
741
avahi_strerror(avahi_server_errno(server)));
742
returncode = EXIT_FAILURE;
743
goto exit;
744
}
745
746
/* Run the main loop */
747
748
if (debug){
749
fprintf(stderr, "Starting avahi loop search\n");
750
}
751
752
avahi_simple_poll_loop(simple_poll);
753
754
exit:
755
756
if (debug){
757
fprintf(stderr, "%s exiting\n", argv[0]);
758
}
759
760
/* Cleanup things */
761
if (sb)
762
avahi_s_service_browser_free(sb);
763
764
if (server)
765
avahi_server_free(server);
766
767
if (simple_poll)
768
avahi_simple_poll_free(simple_poll);
769
free(certfile);
770
free(certkey);
771
772
return returncode;
1707
773
}
Loggerhead is a web-based interface for Breezy
Version: 2.0.2.dev0