To get this branch, use:
bzr branch
http://bzr.recompile.se/loggerhead/mandos/release
« back to all changes in this revision
Viewing changes to plugins.d/password-request.c
- browse files at revision 24.1.63
- compare with another revision
- download diff
- download tarball
- view history from revision 24.1.63
- Committer: Björn Påhlsson
- Date: 2008-08-24 10:19:59 UTC
- mfrom: (98 mandos)
- mto: (237.7.1 mandos) (24.1.154 mandos)
- mto: This revision was merged to the branch mainline in revision 99.
- Revision ID: belorn@braxen-20080824101959-cbs6x05jwgqrlp2s
merge + fallback bugg
- files removed:
- .bzrignore
- files modified:
- Makefile
added
removed
plugins.d/password-request.c
214
214
fprintf(stderr, "bad gpgme_op_decrypt: %s: %s\n",
215
215
gpgme_strsource(rc), gpgme_strerror(rc));
216
216
plaintext_length = -1;
217
if (debug){
218
gpgme_decrypt_result_t result;
219
result = gpgme_op_decrypt_result(ctx);
220
if (result == NULL){
221
fprintf(stderr, "gpgme_op_decrypt_result failed\n");
222
} else {
223
fprintf(stderr, "Unsupported algorithm: %s\n",
224
result->unsupported_algorithm);
225
fprintf(stderr, "Wrong key usage: %u\n",
226
result->wrong_key_usage);
227
if(result->file_name != NULL){
228
fprintf(stderr, "File name: %s\n", result->file_name);
229
}
230
gpgme_recipient_t recipient;
231
recipient = result->recipients;
232
if(recipient){
233
while(recipient != NULL){
234
fprintf(stderr, "Public key algorithm: %s\n",
235
gpgme_pubkey_algo_name(recipient->pubkey_algo));
236
fprintf(stderr, "Key ID: %s\n", recipient->keyid);
237
fprintf(stderr, "Secret key available: %s\n",
238
recipient->status == GPG_ERR_NO_SECKEY
239
? "No" : "Yes");
240
recipient = recipient->next;
241
}
242
}
243
}
244
}
245
217
goto decrypt_end;
246
218
}
247
219
249
221
fprintf(stderr, "Decryption of OpenPGP data succeeded\n");
250
222
}
251
223
224
if (debug){
225
gpgme_decrypt_result_t result;
226
result = gpgme_op_decrypt_result(ctx);
227
if (result == NULL){
228
fprintf(stderr, "gpgme_op_decrypt_result failed\n");
229
} else {
230
fprintf(stderr, "Unsupported algorithm: %s\n",
231
result->unsupported_algorithm);
232
fprintf(stderr, "Wrong key usage: %u\n",
233
result->wrong_key_usage);
234
if(result->file_name != NULL){
235
fprintf(stderr, "File name: %s\n", result->file_name);
236
}
237
gpgme_recipient_t recipient;
238
recipient = result->recipients;
239
if(recipient){
240
while(recipient != NULL){
241
fprintf(stderr, "Public key algorithm: %s\n",
242
gpgme_pubkey_algo_name(recipient->pubkey_algo));
243
fprintf(stderr, "Key ID: %s\n", recipient->keyid);
244
fprintf(stderr, "Secret key available: %s\n",
245
recipient->status == GPG_ERR_NO_SECKEY
246
? "No" : "Yes");
247
recipient = recipient->next;
248
}
249
}
250
}
251
}
252
252
253
/* Seek back to the beginning of the GPGME plaintext data buffer */
253
254
if (gpgme_data_seek(dh_plain, (off_t) 0, SEEK_SET) == -1){
254
255
perror("pgpme_data_seek");
281
282
}
282
283
plaintext_length += ret;
283
284
}
284
285
285
286
if(debug){
286
287
fprintf(stderr, "Decrypted password is: ");
287
288
for(ssize_t i = 0; i < plaintext_length; i++){
380
381
}
381
382
382
383
gnutls_certificate_set_dh_params(mc->cred, mc->dh_params);
383
384
384
385
return 0;
385
386
386
387
globalfail:
387
388
388
389
gnutls_certificate_free_credentials(mc->cred);
389
390
gnutls_global_deinit();
390
391
return -1;
392
391
393
}
392
394
393
395
static int init_gnutls_session(mandos_context *mc,
465
467
perror("socket");
466
468
return -1;
467
469
}
468
470
469
471
if(debug){
470
472
if(if_indextoname((unsigned int)if_index, interface) == NULL){
471
473
perror("if_indextoname");
510
512
perror("connect");
511
513
return -1;
512
514
}
513
515
514
516
const char *out = mandos_protocol_version;
515
517
written = 0;
516
518
while (true){
534
536
}
535
537
}
536
538
}
537
539
538
540
if(debug){
539
541
fprintf(stderr, "Establishing TLS session with %s\n", ip);
540
542
}
541
543
542
544
gnutls_transport_set_ptr (session, (gnutls_transport_ptr_t) tcp_sd);
543
545
544
546
do{
545
547
ret = gnutls_handshake (session);
546
548
} while(ret == GNUTLS_E_AGAIN or ret == GNUTLS_E_INTERRUPTED);
560
562
fprintf(stderr, "Retrieving pgp encrypted password from %s\n",
561
563
ip);
562
564
}
563
565
564
566
while(true){
565
567
buffer_capacity = adjustbuffer(&buffer, buffer_length,
566
568
buffer_capacity);
773
775
const char *pubkeyname = "pubkey.txt";
774
776
const char *seckeyname = "seckey.txt";
775
777
mandos_context mc = { .simple_poll = NULL, .server = NULL,
776
.dh_bits = 1024, .priority = "SECURE256"
777
":!CTYPE-X.509:+CTYPE-OPENPGP" };
778
.dh_bits = 1024, .priority = "SECURE256"};
778
779
bool gnutls_initalized = false;
779
780
780
781
{
782
783
{ .name = "debug", .key = 128,
783
784
.doc = "Debug mode", .group = 3 },
784
785
{ .name = "connect", .key = 'c',
785
.arg = "ADDRESS:PORT",
786
.doc = "Connect directly to a specific Mandos server",
786
.arg = "IP",
787
.doc = "Connect directly to a sepcified mandos server",
787
788
.group = 1 },
788
789
{ .name = "interface", .key = 'i',
789
.arg = "NAME",
790
.doc = "Interface that will be used to search for Mandos"
791
" servers",
790
.arg = "INTERFACE",
791
.doc = "Interface that Avahi will conntect through",
792
792
.group = 1 },
793
793
{ .name = "keydir", .key = 'd',
794
.arg = "DIRECTORY",
795
.doc = "Directory to read the OpenPGP key files from",
794
.arg = "KEYDIR",
795
.doc = "Directory where the openpgp keyring is",
796
796
.group = 1 },
797
797
{ .name = "seckey", .key = 's',
798
.arg = "FILE",
799
.doc = "OpenPGP secret key file base name",
798
.arg = "SECKEY",
799
.doc = "Secret openpgp key for gnutls authentication",
800
800
.group = 1 },
801
801
{ .name = "pubkey", .key = 'p',
802
.arg = "FILE",
803
.doc = "OpenPGP public key file base name",
802
.arg = "PUBKEY",
803
.doc = "Public openpgp key for gnutls authentication",
804
804
.group = 2 },
805
805
{ .name = "dh-bits", .key = 129,
806
806
.arg = "BITS",
807
.doc = "Bit length of the prime number used in the"
808
" Diffie-Hellman key exchange",
807
.doc = "dh-bits to use in gnutls communication",
809
808
.group = 2 },
810
809
{ .name = "priority", .key = 130,
811
.arg = "STRING",
812
.doc = "GnuTLS priority string for the TLS handshake",
813
.group = 1 },
810
.arg = "PRIORITY",
811
.doc = "GNUTLS priority", .group = 1 },
814
812
{ .name = NULL }
815
813
};
814
816
815
817
816
error_t parse_opt (int key, char *arg,
818
817
struct argp_state *state) {
819
818
/* Get the INPUT argument from `argp_parse', which we know is
820
819
a pointer to our plugin list pointer. */
821
820
switch (key) {
822
case 128: /* --debug */
821
case 128:
823
822
debug = true;
824
823
break;
825
case 'c': /* --connect */
824
case 'c':
826
825
connect_to = arg;
827
826
break;
828
case 'i': /* --interface */
827
case 'i':
829
828
interface = arg;
830
829
break;
831
case 'd': /* --keydir */
830
case 'd':
832
831
keydir = arg;
833
832
break;
834
case 's': /* --seckey */
833
case 's':
835
834
seckeyname = arg;
836
835
break;
837
case 'p': /* --pubkey */
836
case 'p':
838
837
pubkeyname = arg;
839
838
break;
840
case 129: /* --dh-bits */
839
case 129:
841
840
errno = 0;
842
841
mc.dh_bits = (unsigned int) strtol(arg, NULL, 10);
843
842
if (errno){
845
844
exit(EXIT_FAILURE);
846
845
}
847
846
break;
848
case 130: /* --priority */
847
case 130:
849
848
mc.priority = arg;
850
849
break;
851
850
case ARGP_KEY_ARG:
857
856
}
858
857
return 0;
859
858
}
860
859
861
860
struct argp argp = { .options = options, .parser = parse_opt,
862
861
.args_doc = "",
863
862
.doc = "Mandos client -- Get and decrypt"
864
" passwords from a Mandos server" };
863
" passwords from mandos server" };
865
864
ret = argp_parse (&argp, argc, argv, 0, 0, NULL);
866
865
if (ret == ARGP_ERR_UNKNOWN){
867
866
fprintf(stderr, "Unknown error while parsing arguments\n");
869
868
goto end;
870
869
}
871
870
}
872
871
873
872
pubkeyfilename = combinepath(keydir, pubkeyname);
874
873
if (pubkeyfilename == NULL){
875
874
perror("combinepath");
883
882
exitcode = EXIT_FAILURE;
884
883
goto end;
885
884
}
886
885
887
886
ret = init_gnutls_global(&mc, pubkeyfilename, seckeyfilename);
888
887
if (ret == -1){
889
888
fprintf(stderr, "init_gnutls_global failed\n");
981
980
exitcode = EXIT_FAILURE;
982
981
goto end;
983
982
}
984
983
985
984
{
986
985
AvahiServerConfig config;
987
986
/* Do not publish any local Zeroconf records */
990
989
config.publish_addresses = 0;
991
990
config.publish_workstation = 0;
992
991
config.publish_domain = 0;
993
992
994
993
/* Allocate a new server */
995
994
mc.server = avahi_server_new(avahi_simple_poll_get
996
995
(mc.simple_poll), &config, NULL,
997
996
NULL, &error);
998
997
999
998
/* Free the Avahi configuration data */
1000
999
avahi_server_config_free(&config);
1001
1000
}
1021
1020
}
1022
1021
1023
1022
/* Run the main loop */
1024
1023
1025
1024
if (debug){
1026
1025
fprintf(stderr, "Starting Avahi loop search\n");
1027
1026
}
1029
1028
avahi_simple_poll_loop(mc.simple_poll);
1030
1029
1031
1030
end:
1032
1031
1033
1032
if (debug){
1034
1033
fprintf(stderr, "%s exiting\n", argv[0]);
1035
1034
}
1040
1039
1041
1040
if (mc.server != NULL)
1042
1041
avahi_server_free(mc.server);
1043
1042
1044
1043
if (mc.simple_poll != NULL)
1045
1044
avahi_simple_poll_free(mc.simple_poll);
1046
1045
free(pubkeyfilename);
1047
1046
free(seckeyfilename);
1048
1047
1049
1048
if (gnutls_initalized){
1050
1049
gnutls_certificate_free_credentials(mc.cred);
1051
1050
gnutls_global_deinit ();
Loggerhead is a web-based interface for Breezy
Version: 2.0.2.dev0