32
32
#define _LARGEFILE_SOURCE
33
33
#define _FILE_OFFSET_BITS 64
35
#define _GNU_SOURCE /* TEMP_FAILURE_RETRY(), asprintf() */
37
#include <stdio.h> /* fprintf(), stderr, fwrite(),
39
#include <stdint.h> /* uint16_t, uint32_t */
40
#include <stddef.h> /* NULL, size_t, ssize_t */
41
#include <stdlib.h> /* free(), EXIT_SUCCESS, EXIT_FAILURE,
43
#include <stdbool.h> /* bool, true */
44
#include <string.h> /* memset(), strcmp(), strlen(),
45
strerror(), asprintf(), strcpy() */
46
#include <sys/ioctl.h> /* ioctl */
47
#include <sys/types.h> /* socket(), inet_pton(), sockaddr,
48
sockaddr_in6, PF_INET6,
49
SOCK_STREAM, INET6_ADDRSTRLEN,
51
#include <inttypes.h> /* PRIu16 */
52
#include <sys/socket.h> /* socket(), struct sockaddr_in6,
53
struct in6_addr, inet_pton(),
55
#include <assert.h> /* assert() */
56
#include <errno.h> /* perror(), errno */
57
#include <time.h> /* time() */
58
#include <net/if.h> /* ioctl, ifreq, SIOCGIFFLAGS, IFF_UP,
59
SIOCSIFFLAGS, if_indextoname(),
60
if_nametoindex(), IF_NAMESIZE */
61
#include <unistd.h> /* close(), SEEK_SET, off_t, write(),
62
getuid(), getgid(), setuid(),
64
#include <netinet/in.h>
65
#include <arpa/inet.h> /* inet_pton(), htons */
66
#include <iso646.h> /* not, and */
67
#include <argp.h> /* struct argp_option, error_t, struct
68
argp_state, struct argp,
69
argp_parse(), ARGP_KEY_ARG,
70
ARGP_KEY_END, ARGP_ERR_UNKNOWN */
73
/* All Avahi types, constants and functions
39
#include <net/if.h> /* if_nametoindex */
40
#include <sys/ioctl.h> // ioctl, ifreq, SIOCGIFFLAGS, IFF_UP, SIOCSIFFLAGS
41
#include <net/if.h> // ioctl, ifreq, SIOCGIFFLAGS, IFF_UP, SIOCSIFFLAGS
76
43
#include <avahi-core/core.h>
77
44
#include <avahi-core/lookup.h>
78
45
#include <avahi-core/log.h>
80
47
#include <avahi-common/malloc.h>
81
48
#include <avahi-common/error.h>
84
#include <gnutls/gnutls.h> /* All GnuTLS types, constants and
87
init_gnutls_session(),
89
#include <gnutls/openpgp.h> /* gnutls_certificate_set_openpgp_key_file(),
90
GNUTLS_OPENPGP_FMT_BASE64 */
93
#include <gpgme.h> /* All GPGME types, constants and
96
GPGME_PROTOCOL_OpenPGP,
51
#include <sys/types.h> /* socket(), inet_pton() */
52
#include <sys/socket.h> /* socket(), struct sockaddr_in6,
53
struct in6_addr, inet_pton() */
54
#include <gnutls/gnutls.h> /* All GnuTLS stuff */
55
#include <gnutls/openpgp.h> /* GnuTLS with openpgp stuff */
57
#include <unistd.h> /* close() */
58
#include <netinet/in.h>
59
#include <stdbool.h> /* true */
60
#include <string.h> /* memset */
61
#include <arpa/inet.h> /* inet_pton() */
62
#include <iso646.h> /* not */
65
#include <errno.h> /* perror() */
99
71
#define BUFFER_SIZE 256
74
static const char *certdir = "/conf/conf.d/mandos";
75
static const char *certfile = "openpgp-client.txt";
76
static const char *certkey = "openpgp-client-key.txt";
101
78
bool debug = false;
102
static const char *keydir = "/conf/conf.d/mandos";
103
static const char mandos_protocol_version[] = "1";
104
const char *argp_program_version = "password-request 1.0";
105
const char *argp_program_bug_address = "<mandos@fukt.bsnet.se>";
107
/* Used for passing in values through the Avahi callback functions */
109
AvahiSimplePoll *simple_poll;
81
gnutls_session_t session;
111
82
gnutls_certificate_credentials_t cred;
112
unsigned int dh_bits;
113
83
gnutls_dh_params_t dh_params;
114
const char *priority;
118
* Make room in "buffer" for at least BUFFER_SIZE additional bytes.
119
* "buffer_capacity" is how much is currently allocated,
120
* "buffer_length" is how much is already used.
122
size_t adjustbuffer(char **buffer, size_t buffer_length,
123
size_t buffer_capacity){
124
if (buffer_length + BUFFER_SIZE > buffer_capacity){
125
*buffer = realloc(*buffer, buffer_capacity + BUFFER_SIZE);
129
buffer_capacity += BUFFER_SIZE;
131
return buffer_capacity;
135
* Decrypt OpenPGP data using keyrings in HOMEDIR.
136
* Returns -1 on error
138
static ssize_t pgp_packet_decrypt (const char *cryptotext,
87
static ssize_t pgp_packet_decrypt (char *packet, size_t packet_size,
141
89
const char *homedir){
142
90
gpgme_data_t dh_crypto, dh_plain;
146
size_t plaintext_capacity = 0;
147
ssize_t plaintext_length = 0;
94
ssize_t new_packet_capacity = 0;
95
ssize_t new_packet_length = 0;
148
96
gpgme_engine_info_t engine_info;
151
fprintf(stderr, "Trying to decrypt OpenPGP data\n");
99
fprintf(stderr, "Trying to decrypt OpenPGP packet\n");
197
/* Delete the GPGME FILE pointer cryptotext data buffer */
198
gpgme_data_release(dh_crypto);
253
200
/* Seek back to the beginning of the GPGME plaintext data buffer */
254
201
if (gpgme_data_seek(dh_plain, (off_t) 0, SEEK_SET) == -1){
255
202
perror("pgpme_data_seek");
256
plaintext_length = -1;
262
plaintext_capacity = adjustbuffer(plaintext,
263
(size_t)plaintext_length,
265
if (plaintext_capacity == 0){
266
perror("adjustbuffer");
267
plaintext_length = -1;
207
if (new_packet_length + BUFFER_SIZE > new_packet_capacity){
208
*new_packet = realloc(*new_packet,
209
(unsigned int)new_packet_capacity
211
if (*new_packet == NULL){
215
new_packet_capacity += BUFFER_SIZE;
271
ret = gpgme_data_read(dh_plain, *plaintext + plaintext_length,
218
ret = gpgme_data_read(dh_plain, *new_packet + new_packet_length,
273
220
/* Print the data, if any */
279
225
perror("gpgme_data_read");
280
plaintext_length = -1;
283
plaintext_length += ret;
228
new_packet_length += ret;
287
fprintf(stderr, "Decrypted password is: ");
288
for(ssize_t i = 0; i < plaintext_length; i++){
289
fprintf(stderr, "%02hhX ", (*plaintext)[i]);
291
fprintf(stderr, "\n");
296
/* Delete the GPGME cryptotext data buffer */
297
gpgme_data_release(dh_crypto);
231
/* FIXME: check characters before printing to screen so to not print
232
terminal control characters */
234
/* fprintf(stderr, "decrypted password is: "); */
235
/* fwrite(*new_packet, 1, new_packet_length, stderr); */
236
/* fprintf(stderr, "\n"); */
299
239
/* Delete the GPGME plaintext data buffer */
300
240
gpgme_data_release(dh_plain);
301
return plaintext_length;
241
return new_packet_length;
304
244
static const char * safer_gnutls_strerror (int value) {
311
/* GnuTLS log function callback */
312
251
static void debuggnutls(__attribute__((unused)) int level,
313
252
const char* string){
314
fprintf(stderr, "GnuTLS: %s", string);
253
fprintf(stderr, "%s", string);
317
static int init_gnutls_global(mandos_context *mc,
318
const char *pubkeyfilename,
319
const char *seckeyfilename){
256
static int initgnutls(encrypted_session *es){
323
261
fprintf(stderr, "Initializing GnuTLS\n");
326
ret = gnutls_global_init();
327
if (ret != GNUTLS_E_SUCCESS) {
328
fprintf (stderr, "GnuTLS global_init: %s\n",
329
safer_gnutls_strerror(ret));
264
if ((ret = gnutls_global_init ())
265
!= GNUTLS_E_SUCCESS) {
266
fprintf (stderr, "global_init: %s\n", safer_gnutls_strerror(ret));
334
/* "Use a log level over 10 to enable all debugging options."
337
271
gnutls_global_set_log_level(11);
338
272
gnutls_global_set_log_function(debuggnutls);
341
/* OpenPGP credentials */
342
gnutls_certificate_allocate_credentials(&mc->cred);
343
if (ret != GNUTLS_E_SUCCESS){
344
fprintf (stderr, "GnuTLS memory error: %s\n",
275
/* openpgp credentials */
276
if ((ret = gnutls_certificate_allocate_credentials (&es->cred))
277
!= GNUTLS_E_SUCCESS) {
278
fprintf (stderr, "memory error: %s\n",
345
279
safer_gnutls_strerror(ret));
346
gnutls_global_deinit ();
351
284
fprintf(stderr, "Attempting to use OpenPGP certificate %s"
352
" and keyfile %s as GnuTLS credentials\n", pubkeyfilename,
285
" and keyfile %s as GnuTLS credentials\n", certfile,
356
289
ret = gnutls_certificate_set_openpgp_key_file
357
(mc->cred, pubkeyfilename, seckeyfilename,
358
GNUTLS_OPENPGP_FMT_BASE64);
290
(es->cred, certfile, certkey, GNUTLS_OPENPGP_FMT_BASE64);
359
291
if (ret != GNUTLS_E_SUCCESS) {
361
"Error[%d] while reading the OpenPGP key pair ('%s',"
362
" '%s')\n", ret, pubkeyfilename, seckeyfilename);
363
fprintf(stdout, "The GnuTLS error is: %s\n",
293
(stderr, "Error[%d] while reading the OpenPGP key pair ('%s',"
295
ret, certfile, certkey);
296
fprintf(stdout, "The Error is: %s\n",
364
297
safer_gnutls_strerror(ret));
368
/* GnuTLS server initialization */
369
ret = gnutls_dh_params_init(&mc->dh_params);
370
if (ret != GNUTLS_E_SUCCESS) {
371
fprintf (stderr, "Error in GnuTLS DH parameter initialization:"
372
" %s\n", safer_gnutls_strerror(ret));
375
ret = gnutls_dh_params_generate2(mc->dh_params, mc->dh_bits);
376
if (ret != GNUTLS_E_SUCCESS) {
377
fprintf (stderr, "Error in GnuTLS prime generation: %s\n",
378
safer_gnutls_strerror(ret));
382
gnutls_certificate_set_dh_params(mc->cred, mc->dh_params);
388
gnutls_certificate_free_credentials(mc->cred);
389
gnutls_global_deinit();
394
static int init_gnutls_session(mandos_context *mc,
395
gnutls_session_t *session){
397
/* GnuTLS session creation */
398
ret = gnutls_init(session, GNUTLS_SERVER);
399
if (ret != GNUTLS_E_SUCCESS){
301
//GnuTLS server initialization
302
if ((ret = gnutls_dh_params_init (&es->dh_params))
303
!= GNUTLS_E_SUCCESS) {
304
fprintf (stderr, "Error in dh parameter initialization: %s\n",
305
safer_gnutls_strerror(ret));
309
if ((ret = gnutls_dh_params_generate2 (es->dh_params, DH_BITS))
310
!= GNUTLS_E_SUCCESS) {
311
fprintf (stderr, "Error in prime generation: %s\n",
312
safer_gnutls_strerror(ret));
316
gnutls_certificate_set_dh_params (es->cred, es->dh_params);
318
// GnuTLS session creation
319
if ((ret = gnutls_init (&es->session, GNUTLS_SERVER))
320
!= GNUTLS_E_SUCCESS){
400
321
fprintf(stderr, "Error in GnuTLS session initialization: %s\n",
401
322
safer_gnutls_strerror(ret));
406
ret = gnutls_priority_set_direct(*session, mc->priority, &err);
407
if (ret != GNUTLS_E_SUCCESS) {
408
fprintf(stderr, "Syntax error at: %s\n", err);
409
fprintf(stderr, "GnuTLS error: %s\n",
410
safer_gnutls_strerror(ret));
411
gnutls_deinit (*session);
325
if ((ret = gnutls_priority_set_direct (es->session, "NORMAL", &err))
326
!= GNUTLS_E_SUCCESS) {
327
fprintf(stderr, "Syntax error at: %s\n", err);
328
fprintf(stderr, "GnuTLS error: %s\n",
329
safer_gnutls_strerror(ret));
416
ret = gnutls_credentials_set(*session, GNUTLS_CRD_CERTIFICATE,
418
if (ret != GNUTLS_E_SUCCESS) {
419
fprintf(stderr, "Error setting GnuTLS credentials: %s\n",
333
if ((ret = gnutls_credentials_set
334
(es->session, GNUTLS_CRD_CERTIFICATE, es->cred))
335
!= GNUTLS_E_SUCCESS) {
336
fprintf(stderr, "Error setting a credentials set: %s\n",
420
337
safer_gnutls_strerror(ret));
421
gnutls_deinit (*session);
425
341
/* ignore client certificate if any. */
426
gnutls_certificate_server_set_request (*session,
342
gnutls_certificate_server_set_request (es->session,
427
343
GNUTLS_CERT_IGNORE);
429
gnutls_dh_set_prime_bits (*session, mc->dh_bits);
345
gnutls_dh_set_prime_bits (es->session, DH_BITS);
434
/* Avahi log function callback */
435
350
static void empty_log(__attribute__((unused)) AvahiLogLevel level,
436
351
__attribute__((unused)) const char *txt){}
438
/* Called when a Mandos server is found */
439
353
static int start_mandos_communication(const char *ip, uint16_t port,
440
AvahiIfIndex if_index,
354
AvahiIfIndex if_index){
443
union { struct sockaddr in; struct sockaddr_in6 in6; } to;
356
struct sockaddr_in6 to;
357
encrypted_session es;
444
358
char *buffer = NULL;
445
359
char *decrypted_buffer;
446
360
size_t buffer_length = 0;
447
361
size_t buffer_capacity = 0;
448
362
ssize_t decrypted_buffer_size;
451
365
char interface[IF_NAMESIZE];
452
gnutls_session_t session;
454
ret = init_gnutls_session (mc, &session);
460
fprintf(stderr, "Setting up a tcp connection to %s, port %" PRIu16
368
fprintf(stderr, "Setting up a tcp connection to %s, port %d\n",
464
372
tcp_sd = socket(PF_INET6, SOCK_STREAM, 0);
471
379
if(if_indextoname((unsigned int)if_index, interface) == NULL){
472
perror("if_indextoname");
381
perror("if_indextoname");
475
386
fprintf(stderr, "Binding to interface %s\n", interface);
478
memset(&to, 0, sizeof(to)); /* Spurious warning */
479
to.in6.sin6_family = AF_INET6;
480
/* It would be nice to have a way to detect if we were passed an
481
IPv4 address here. Now we assume an IPv6 address. */
482
ret = inet_pton(AF_INET6, ip, &to.in6.sin6_addr);
389
memset(&to,0,sizeof(to)); /* Spurious warning */
390
to.sin6_family = AF_INET6;
391
ret = inet_pton(AF_INET6, ip, &to.sin6_addr);
484
393
perror("inet_pton");
488
397
fprintf(stderr, "Bad address: %s\n", ip);
491
to.in6.sin6_port = htons(port); /* Spurious warning */
400
to.sin6_port = htons(port); /* Spurious warning */
493
to.in6.sin6_scope_id = (uint32_t)if_index;
402
to.sin6_scope_id = (uint32_t)if_index;
496
fprintf(stderr, "Connection to: %s, port %" PRIu16 "\n", ip,
498
char addrstr[INET6_ADDRSTRLEN] = "";
499
if(inet_ntop(to.in6.sin6_family, &(to.in6.sin6_addr), addrstr,
500
sizeof(addrstr)) == NULL){
503
if(strcmp(addrstr, ip) != 0){
504
fprintf(stderr, "Canonical address form: %s\n", addrstr);
405
fprintf(stderr, "Connection to: %s, port %d\n", ip, port);
406
/* char addrstr[INET6_ADDRSTRLEN]; */
407
/* if(inet_ntop(to.sin6_family, &(to.sin6_addr), addrstr, */
408
/* sizeof(addrstr)) == NULL){ */
409
/* perror("inet_ntop"); */
411
/* fprintf(stderr, "Really connecting to: %s, port %d\n", */
412
/* addrstr, ntohs(to.sin6_port)); */
509
ret = connect(tcp_sd, &to.in, sizeof(to));
416
ret = connect(tcp_sd, (struct sockaddr *) &to, sizeof(to));
511
418
perror("connect");
515
const char *out = mandos_protocol_version;
518
size_t out_size = strlen(out);
519
ret = TEMP_FAILURE_RETRY(write(tcp_sd, out + written,
520
out_size - written));
526
written += (size_t)ret;
527
if(written < out_size){
530
if (out == mandos_protocol_version){
422
ret = initgnutls (&es);
428
gnutls_transport_set_ptr (es.session,
429
(gnutls_transport_ptr_t) tcp_sd);
540
432
fprintf(stderr, "Establishing TLS session with %s\n", ip);
543
gnutls_transport_set_ptr (session, (gnutls_transport_ptr_t) tcp_sd);
546
ret = gnutls_handshake (session);
547
} while(ret == GNUTLS_E_AGAIN or ret == GNUTLS_E_INTERRUPTED);
435
ret = gnutls_handshake (es.session);
549
437
if (ret != GNUTLS_E_SUCCESS){
551
fprintf(stderr, "*** GnuTLS Handshake failed ***\n");
439
fprintf(stderr, "\n*** Handshake failed ***\n");
552
440
gnutls_perror (ret);
558
/* Read OpenPGP packet that contains the wanted password */
446
//Retrieve OpenPGP packet that contains the wanted password
561
449
fprintf(stderr, "Retrieving pgp encrypted password from %s\n",
679
569
char ip[AVAHI_ADDRESS_STR_MAX];
680
570
avahi_address_snprint(ip, sizeof(ip), address);
682
fprintf(stderr, "Mandos server \"%s\" found on %s (%s, %"
683
PRIu16 ") on port %d\n", name, host_name, ip,
572
fprintf(stderr, "Mandos server \"%s\" found on %s (%s) on"
573
" port %d\n", name, host_name, ip, port);
686
int ret = start_mandos_communication(ip, port, interface, mc);
575
int ret = start_mandos_communication(ip, port, interface);
688
avahi_simple_poll_quit(mc->simple_poll);
692
581
avahi_s_service_resolver_free(r);
695
static void browse_callback( AvahiSServiceBrowser *b,
696
AvahiIfIndex interface,
697
AvahiProtocol protocol,
698
AvahiBrowserEvent event,
702
AVAHI_GCC_UNUSED AvahiLookupResultFlags
705
mandos_context *mc = userdata;
706
assert(b); /* Spurious warning */
708
/* Called whenever a new services becomes available on the LAN or
709
is removed from the LAN */
713
case AVAHI_BROWSER_FAILURE:
715
fprintf(stderr, "(Avahi browser) %s\n",
716
avahi_strerror(avahi_server_errno(mc->server)));
717
avahi_simple_poll_quit(mc->simple_poll);
720
case AVAHI_BROWSER_NEW:
721
/* We ignore the returned Avahi resolver object. In the callback
722
function we free it. If the Avahi server is terminated before
723
the callback function is called the Avahi server will free the
726
if (!(avahi_s_service_resolver_new(mc->server, interface,
727
protocol, name, type, domain,
728
AVAHI_PROTO_INET6, 0,
729
resolve_callback, mc)))
730
fprintf(stderr, "Avahi: Failed to resolve service '%s': %s\n",
731
name, avahi_strerror(avahi_server_errno(mc->server)));
734
case AVAHI_BROWSER_REMOVE:
737
case AVAHI_BROWSER_ALL_FOR_NOW:
738
case AVAHI_BROWSER_CACHE_EXHAUSTED:
740
fprintf(stderr, "No Mandos server found, still searching...\n");
584
static void browse_callback(
585
AvahiSServiceBrowser *b,
586
AvahiIfIndex interface,
587
AvahiProtocol protocol,
588
AvahiBrowserEvent event,
592
AVAHI_GCC_UNUSED AvahiLookupResultFlags flags,
595
AvahiServer *s = userdata;
596
assert(b); /* Spurious warning */
598
/* Called whenever a new services becomes available on the LAN or
599
is removed from the LAN */
603
case AVAHI_BROWSER_FAILURE:
605
fprintf(stderr, "(Browser) %s\n",
606
avahi_strerror(avahi_server_errno(server)));
607
avahi_simple_poll_quit(simple_poll);
610
case AVAHI_BROWSER_NEW:
611
/* We ignore the returned resolver object. In the callback
612
function we free it. If the server is terminated before
613
the callback function is called the server will free
614
the resolver for us. */
616
if (!(avahi_s_service_resolver_new(s, interface, protocol, name,
618
AVAHI_PROTO_INET6, 0,
619
resolve_callback, s)))
620
fprintf(stderr, "Failed to resolve service '%s': %s\n", name,
621
avahi_strerror(avahi_server_errno(s)));
624
case AVAHI_BROWSER_REMOVE:
627
case AVAHI_BROWSER_ALL_FOR_NOW:
628
case AVAHI_BROWSER_CACHE_EXHAUSTED:
746
633
/* Combines file name and path and returns the malloced new
747
634
string. some sane checks could/should be added */
748
static char *combinepath(const char *first, const char *second){
750
int ret = asprintf(&tmp, "%s/%s", first, second);
635
static const char *combinepath(const char *first, const char *second){
636
size_t f_len = strlen(first);
637
size_t s_len = strlen(second);
638
char *tmp = malloc(f_len + s_len + 2);
643
memcpy(tmp, first, f_len);
647
memcpy(tmp + f_len + 1, second, s_len);
649
tmp[f_len + 1 + s_len] = '\0';
758
int main(int argc, char *argv[]){
654
int main(AVAHI_GCC_UNUSED int argc, AVAHI_GCC_UNUSED char*argv[]) {
655
AvahiServerConfig config;
759
656
AvahiSServiceBrowser *sb = NULL;
762
int exitcode = EXIT_SUCCESS;
659
int returncode = EXIT_SUCCESS;
763
660
const char *interface = "eth0";
764
661
struct ifreq network;
768
663
char *connect_to = NULL;
769
664
AvahiIfIndex if_index = AVAHI_IF_UNSPEC;
770
char *pubkeyfilename = NULL;
771
char *seckeyfilename = NULL;
772
const char *pubkeyname = "pubkey.txt";
773
const char *seckeyname = "seckey.txt";
774
mandos_context mc = { .simple_poll = NULL, .server = NULL,
775
.dh_bits = 1024, .priority = "SECURE256"};
776
bool gnutls_initalized = false;
779
struct argp_option options[] = {
780
{ .name = "debug", .key = 128,
781
.doc = "Debug mode", .group = 3 },
782
{ .name = "connect", .key = 'c',
784
.doc = "Connect directly to a sepcified mandos server",
786
{ .name = "interface", .key = 'i',
788
.doc = "Interface that Avahi will conntect through",
790
{ .name = "keydir", .key = 'd',
792
.doc = "Directory where the openpgp keyring is",
794
{ .name = "seckey", .key = 's',
796
.doc = "Secret openpgp key for gnutls authentication",
798
{ .name = "pubkey", .key = 'p',
800
.doc = "Public openpgp key for gnutls authentication",
802
{ .name = "dh-bits", .key = 129,
804
.doc = "dh-bits to use in gnutls communication",
806
{ .name = "priority", .key = 130,
808
.doc = "GNUTLS priority", .group = 1 },
813
error_t parse_opt (int key, char *arg,
814
struct argp_state *state) {
815
/* Get the INPUT argument from `argp_parse', which we know is
816
a pointer to our plugin list pointer. */
838
mc.dh_bits = (unsigned int) strtol(arg, NULL, 10);
852
return ARGP_ERR_UNKNOWN;
857
struct argp argp = { .options = options, .parser = parse_opt,
859
.doc = "Mandos client -- Get and decrypt"
860
" passwords from mandos server" };
861
ret = argp_parse (&argp, argc, argv, 0, 0, NULL);
862
if (ret == ARGP_ERR_UNKNOWN){
863
fprintf(stderr, "Unknown error while parsing arguments\n");
864
exitcode = EXIT_FAILURE;
869
pubkeyfilename = combinepath(keydir, pubkeyname);
870
if (pubkeyfilename == NULL){
871
perror("combinepath");
872
exitcode = EXIT_FAILURE;
876
seckeyfilename = combinepath(keydir, seckeyname);
877
if (seckeyfilename == NULL){
878
perror("combinepath");
879
exitcode = EXIT_FAILURE;
883
ret = init_gnutls_global(&mc, pubkeyfilename, seckeyfilename);
885
fprintf(stderr, "init_gnutls_global failed\n");
886
exitcode = EXIT_FAILURE;
889
gnutls_initalized = true;
892
/* If the interface is down, bring it up */
894
sd = socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP);
897
exitcode = EXIT_FAILURE;
900
strcpy(network.ifr_name, interface); /* Spurious warning */
901
ret = ioctl(sd, SIOCGIFFLAGS, &network);
903
perror("ioctl SIOCGIFFLAGS");
904
exitcode = EXIT_FAILURE;
907
if((network.ifr_flags & IFF_UP) == 0){
908
network.ifr_flags |= IFF_UP;
909
ret = ioctl(sd, SIOCSIFFLAGS, &network);
911
perror("ioctl SIOCSIFFLAGS");
912
exitcode = EXIT_FAILURE;
667
static struct option long_options[] = {
668
{"debug", no_argument, (int *)&debug, 1},
669
{"connect", required_argument, 0, 'C'},
670
{"interface", required_argument, 0, 'i'},
671
{"certdir", required_argument, 0, 'd'},
672
{"certkey", required_argument, 0, 'c'},
673
{"certfile", required_argument, 0, 'k'},
676
int option_index = 0;
677
ret = getopt_long (argc, argv, "i:", long_options,
707
certfile = combinepath(certdir, certfile);
708
if (certfile == NULL){
709
perror("combinepath");
710
returncode = EXIT_FAILURE;
714
certkey = combinepath(certdir, certkey);
715
if (certkey == NULL){
716
perror("combinepath");
717
returncode = EXIT_FAILURE;
932
721
if_index = (AvahiIfIndex) if_nametoindex(interface);
941
730
char *address = strrchr(connect_to, ':');
942
731
if(address == NULL){
943
732
fprintf(stderr, "No colon in address\n");
944
exitcode = EXIT_FAILURE;
948
736
uint16_t port = (uint16_t) strtol(address+1, NULL, 10);
950
738
perror("Bad port number");
951
exitcode = EXIT_FAILURE;
955
742
address = connect_to;
956
ret = start_mandos_communication(address, port, if_index, &mc);
743
ret = start_mandos_communication(address, port, if_index);
958
exitcode = EXIT_FAILURE;
960
exitcode = EXIT_SUCCESS;
751
sd = socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP);
754
returncode = EXIT_FAILURE;
757
strcpy(network.ifr_name, interface);
758
ret = ioctl(sd, SIOCGIFFLAGS, &network);
761
perror("ioctl SIOCGIFFLAGS");
762
returncode = EXIT_FAILURE;
765
if((network.ifr_flags & IFF_UP) == 0){
766
network.ifr_flags |= IFF_UP;
767
ret = ioctl(sd, SIOCSIFFLAGS, &network);
769
perror("ioctl SIOCSIFFLAGS");
770
returncode = EXIT_FAILURE;
966
777
avahi_set_log_function(empty_log);
969
/* Initialize the pseudo-RNG for Avahi */
780
/* Initialize the psuedo-RNG */
970
781
srand((unsigned int) time(NULL));
972
/* Allocate main Avahi loop object */
973
mc.simple_poll = avahi_simple_poll_new();
974
if (mc.simple_poll == NULL) {
975
fprintf(stderr, "Avahi: Failed to create simple poll"
977
exitcode = EXIT_FAILURE;
982
AvahiServerConfig config;
983
/* Do not publish any local Zeroconf records */
984
avahi_server_config_init(&config);
985
config.publish_hinfo = 0;
986
config.publish_addresses = 0;
987
config.publish_workstation = 0;
988
config.publish_domain = 0;
990
/* Allocate a new server */
991
mc.server = avahi_server_new(avahi_simple_poll_get
992
(mc.simple_poll), &config, NULL,
995
/* Free the Avahi configuration data */
996
avahi_server_config_free(&config);
999
/* Check if creating the Avahi server object succeeded */
1000
if (mc.server == NULL) {
1001
fprintf(stderr, "Failed to create Avahi server: %s\n",
783
/* Allocate main loop object */
784
if (!(simple_poll = avahi_simple_poll_new())) {
785
fprintf(stderr, "Failed to create simple poll object.\n");
786
returncode = EXIT_FAILURE;
790
/* Do not publish any local records */
791
avahi_server_config_init(&config);
792
config.publish_hinfo = 0;
793
config.publish_addresses = 0;
794
config.publish_workstation = 0;
795
config.publish_domain = 0;
797
/* Allocate a new server */
798
server = avahi_server_new(avahi_simple_poll_get(simple_poll),
799
&config, NULL, NULL, &error);
801
/* Free the configuration data */
802
avahi_server_config_free(&config);
804
/* Check if creating the server object succeeded */
806
fprintf(stderr, "Failed to create server: %s\n",
1002
807
avahi_strerror(error));
1003
exitcode = EXIT_FAILURE;
808
returncode = EXIT_FAILURE;
1007
/* Create the Avahi service browser */
1008
sb = avahi_s_service_browser_new(mc.server, if_index,
812
/* Create the service browser */
813
sb = avahi_s_service_browser_new(server, if_index,
1009
814
AVAHI_PROTO_INET6,
1010
815
"_mandos._tcp", NULL, 0,
1011
browse_callback, &mc);
816
browse_callback, server);
1013
818
fprintf(stderr, "Failed to create service browser: %s\n",
1014
avahi_strerror(avahi_server_errno(mc.server)));
1015
exitcode = EXIT_FAILURE;
819
avahi_strerror(avahi_server_errno(server)));
820
returncode = EXIT_FAILURE;
1019
824
/* Run the main loop */
1022
fprintf(stderr, "Starting Avahi loop search\n");
827
fprintf(stderr, "Starting avahi loop search\n");
1025
avahi_simple_poll_loop(mc.simple_poll);
830
avahi_simple_poll_loop(simple_poll);
1030
835
fprintf(stderr, "%s exiting\n", argv[0]);
1033
838
/* Cleanup things */
1035
840
avahi_s_service_browser_free(sb);
1037
if (mc.server != NULL)
1038
avahi_server_free(mc.server);
1040
if (mc.simple_poll != NULL)
1041
avahi_simple_poll_free(mc.simple_poll);
1042
free(pubkeyfilename);
1043
free(seckeyfilename);
1045
if (gnutls_initalized){
1046
gnutls_certificate_free_credentials(mc.cred);
1047
gnutls_global_deinit ();
843
avahi_server_free(server);
846
avahi_simple_poll_free(simple_poll);