4
* This file demonstrates how to use Avahi's core API, this is
5
* the embeddable mDNS stack for embedded applications.
1
/* -*- coding: utf-8 -*- */
3
* Mandos client - get and decrypt data from a Mandos server
7
* End user applications should *not* use this API and should use
8
* the D-Bus or C APIs, please see
9
* client-browse-services.c and glib-integration.c
11
* I repeat, you probably do *not* want to use this example.
5
* This program is partly derived from an example program for an Avahi
6
* service browser, downloaded from
7
* <http://avahi.org/browser/examples/core-browse-services.c>. This
8
* includes the following functions: "resolve_callback",
9
* "browse_callback", and parts of "main".
12
* Copyright © 2007-2008 Teddy Hogeborn & Björn Påhlsson
14
* This program is free software: you can redistribute it and/or
15
* modify it under the terms of the GNU General Public License as
16
* published by the Free Software Foundation, either version 3 of the
17
* License, or (at your option) any later version.
19
* This program is distributed in the hope that it will be useful, but
20
* WITHOUT ANY WARRANTY; without even the implied warranty of
21
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
22
* General Public License for more details.
24
* You should have received a copy of the GNU General Public License
25
* along with this program. If not, see
26
* <http://www.gnu.org/licenses/>.
28
* Contact the authors at <https://www.fukt.bsnet.se/~belorn/> and
29
* <https://www.fukt.bsnet.se/~teddy/>.
15
This file is part of avahi.
17
avahi is free software; you can redistribute it and/or modify it
18
under the terms of the GNU Lesser General Public License as
19
published by the Free Software Foundation; either version 2.1 of the
20
License, or (at your option) any later version.
22
avahi is distributed in the hope that it will be useful, but WITHOUT
23
ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
24
or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General
25
Public License for more details.
27
You should have received a copy of the GNU Lesser General Public
28
License along with avahi; if not, write to the Free Software
29
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
32
/* Needed by GPGME, specifically gpgme_data_seek() */
33
33
#define _LARGEFILE_SOURCE
34
34
#define _FILE_OFFSET_BITS 64
47
47
#include <avahi-common/error.h>
49
49
//mandos client part
50
#include <sys/types.h> /* socket(), setsockopt(), inet_pton() */
51
#include <sys/socket.h> /* socket(), setsockopt(), struct sockaddr_in6, struct in6_addr, inet_pton() */
52
#include <gnutls/gnutls.h> /* ALL GNUTLS STUFF */
53
#include <gnutls/openpgp.h> /* gnutls with openpgp stuff */
50
#include <sys/types.h> /* socket(), inet_pton() */
51
#include <sys/socket.h> /* socket(), struct sockaddr_in6,
52
struct in6_addr, inet_pton() */
53
#include <gnutls/gnutls.h> /* All GnuTLS stuff */
54
#include <gnutls/openpgp.h> /* GnuTLS with openpgp stuff */
55
56
#include <unistd.h> /* close() */
56
57
#include <netinet/in.h>
79
84
} encrypted_session;
82
ssize_t gpg_packet_decrypt (char *packet, size_t packet_size, char **new_packet, char *homedir){
87
ssize_t pgp_packet_decrypt (char *packet, size_t packet_size,
88
char **new_packet, const char *homedir){
83
89
gpgme_data_t dh_crypto, dh_plain;
87
size_t new_packet_capacity = 0;
88
size_t new_packet_length = 0;
93
ssize_t new_packet_capacity = 0;
94
ssize_t new_packet_length = 0;
89
95
gpgme_engine_info_t engine_info;
98
fprintf(stderr, "Trying to decrypt OpenPGP packet\n");
92
102
gpgme_check_version(NULL);
93
103
gpgme_engine_check_version(GPGME_PROTOCOL_OpenPGP);
139
/* Decrypt data from the FILE pointer to the plaintext data buffer */
149
/* Decrypt data from the FILE pointer to the plaintext data
140
151
rc = gpgme_op_decrypt(ctx, dh_crypto, dh_plain);
141
152
if (rc != GPG_ERR_NO_ERROR){
142
153
fprintf(stderr, "bad gpgme_op_decrypt: %s: %s\n",
143
154
gpgme_strsource(rc), gpgme_strerror(rc));
159
fprintf(stderr, "Decryption of OpenPGP packet succeeded\n");
163
gpgme_decrypt_result_t result;
164
result = gpgme_op_decrypt_result(ctx);
166
fprintf(stderr, "gpgme_op_decrypt_result failed\n");
168
fprintf(stderr, "Unsupported algorithm: %s\n",
169
result->unsupported_algorithm);
170
fprintf(stderr, "Wrong key usage: %d\n",
171
result->wrong_key_usage);
172
if(result->file_name != NULL){
173
fprintf(stderr, "File name: %s\n", result->file_name);
175
gpgme_recipient_t recipient;
176
recipient = result->recipients;
178
while(recipient != NULL){
179
fprintf(stderr, "Public key algorithm: %s\n",
180
gpgme_pubkey_algo_name(recipient->pubkey_algo));
181
fprintf(stderr, "Key ID: %s\n", recipient->keyid);
182
fprintf(stderr, "Secret key available: %s\n",
183
recipient->status == GPG_ERR_NO_SECKEY
185
recipient = recipient->next;
147
/* gpgme_decrypt_result_t result; */
148
/* result = gpgme_op_decrypt_result(ctx); */
149
/* fprintf(stderr, "Unsupported algorithm: %s\n", result->unsupported_algorithm); */
150
/* fprintf(stderr, "Wrong key usage: %d\n", result->wrong_key_usage); */
151
/* if(result->file_name != NULL){ */
152
/* fprintf(stderr, "File name: %s\n", result->file_name); */
154
/* gpgme_recipient_t recipient; */
155
/* recipient = result->recipients; */
157
/* while(recipient != NULL){ */
158
/* fprintf(stderr, "Public key algorithm: %s\n", */
159
/* gpgme_pubkey_algo_name(recipient->pubkey_algo)); */
160
/* fprintf(stderr, "Key ID: %s\n", recipient->keyid); */
161
/* fprintf(stderr, "Secret key available: %s\n", */
162
/* recipient->status == GPG_ERR_NO_SECKEY ? "No" : "Yes"); */
163
/* recipient = recipient->next; */
167
191
/* Delete the GPGME FILE pointer cryptotext data buffer */
168
192
gpgme_data_release(dh_crypto);
170
194
/* Seek back to the beginning of the GPGME plaintext data buffer */
171
gpgme_data_seek(dh_plain, 0, SEEK_SET);
195
gpgme_data_seek(dh_plain, (off_t) 0, SEEK_SET);
175
199
if (new_packet_length + BUFFER_SIZE > new_packet_capacity){
176
*new_packet = realloc(*new_packet, new_packet_capacity + BUFFER_SIZE);
200
*new_packet = realloc(*new_packet,
201
(unsigned int)new_packet_capacity
177
203
if (*new_packet == NULL){
178
204
perror("realloc");
194
220
new_packet_length += ret;
197
/* Delete the GPGME plaintext data buffer */
223
/* FIXME: check characters before printing to screen so to not print
224
terminal control characters */
226
/* fprintf(stderr, "decrypted password is: "); */
227
/* fwrite(*new_packet, 1, new_packet_length, stderr); */
228
/* fprintf(stderr, "\n"); */
231
/* Delete the GPGME plaintext data buffer */
198
232
gpgme_data_release(dh_plain);
199
233
return new_packet_length;
253
fprintf(stderr, "Initializing GnuTLS\n");
217
256
if ((ret = gnutls_global_init ())
218
257
!= GNUTLS_E_SUCCESS) {
219
258
fprintf (stderr, "global_init: %s\n", safer_gnutls_strerror(ret));
223
/* Uncomment to enable full debuggin on the gnutls library */
224
/* gnutls_global_set_log_level(11); */
225
/* gnutls_global_set_log_function(debuggnutls); */
263
gnutls_global_set_log_level(11);
264
gnutls_global_set_log_function(debuggnutls);
228
267
/* openpgp credentials */
229
268
if ((ret = gnutls_certificate_allocate_credentials (&es->cred))
230
269
!= GNUTLS_E_SUCCESS) {
231
fprintf (stderr, "memory error: %s\n", safer_gnutls_strerror(ret));
270
fprintf (stderr, "memory error: %s\n",
271
safer_gnutls_strerror(ret));
276
fprintf(stderr, "Attempting to use OpenPGP certificate %s"
277
" and keyfile %s as GnuTLS credentials\n", CERTFILE,
235
281
ret = gnutls_certificate_set_openpgp_key_file
236
282
(es->cred, CERTFILE, KEYFILE, GNUTLS_OPENPGP_FMT_BASE64);
237
283
if (ret != GNUTLS_E_SUCCESS) {
239
(stderr, "Error[%d] while reading the OpenPGP key pair ('%s', '%s')\n",
285
(stderr, "Error[%d] while reading the OpenPGP key pair ('%s',"
240
287
ret, CERTFILE, KEYFILE);
241
288
fprintf(stdout, "The Error is: %s\n",
242
289
safer_gnutls_strerror(ret));
246
//Gnutls server initialization
293
//GnuTLS server initialization
247
294
if ((ret = gnutls_dh_params_init (&es->dh_params))
248
295
!= GNUTLS_E_SUCCESS) {
249
296
fprintf (stderr, "Error in dh parameter initialization: %s\n",
250
297
safer_gnutls_strerror(ret));
254
301
if ((ret = gnutls_dh_params_generate2 (es->dh_params, DH_BITS))
255
302
!= GNUTLS_E_SUCCESS) {
256
303
fprintf (stderr, "Error in prime generation: %s\n",
257
304
safer_gnutls_strerror(ret));
261
308
gnutls_certificate_set_dh_params (es->cred, es->dh_params);
263
// Gnutls session creation
310
// GnuTLS session creation
264
311
if ((ret = gnutls_init (&es->session, GNUTLS_SERVER))
265
312
!= GNUTLS_E_SUCCESS){
266
fprintf(stderr, "Error in gnutls session initialization: %s\n",
313
fprintf(stderr, "Error in GnuTLS session initialization: %s\n",
267
314
safer_gnutls_strerror(ret));
270
317
if ((ret = gnutls_priority_set_direct (es->session, "NORMAL", &err))
271
318
!= GNUTLS_E_SUCCESS) {
272
319
fprintf(stderr, "Syntax error at: %s\n", err);
273
fprintf(stderr, "Gnutls error: %s\n",
320
fprintf(stderr, "GnuTLS error: %s\n",
274
321
safer_gnutls_strerror(ret));
278
325
if ((ret = gnutls_credentials_set
279
326
(es->session, GNUTLS_CRD_CERTIFICATE, es->cred))
280
327
!= GNUTLS_E_SUCCESS) {
282
329
safer_gnutls_strerror(ret));
286
333
/* ignore client certificate if any. */
287
gnutls_certificate_server_set_request (es->session, GNUTLS_CERT_IGNORE);
334
gnutls_certificate_server_set_request (es->session,
289
337
gnutls_dh_set_prime_bits (es->session, DH_BITS);
294
void empty_log(AvahiLogLevel level, const char *txt){}
342
void empty_log(__attribute__((unused)) AvahiLogLevel level,
343
__attribute__((unused)) const char *txt){}
296
int start_mandos_communcation(char *ip, uint16_t port){
345
int start_mandos_communication(const char *ip, uint16_t port,
346
AvahiIfIndex if_index){
298
348
struct sockaddr_in6 to;
299
struct in6_addr ip_addr;
300
349
encrypted_session es;
301
350
char *buffer = NULL;
302
351
char *decrypted_buffer;
303
352
size_t buffer_length = 0;
304
353
size_t buffer_capacity = 0;
305
354
ssize_t decrypted_buffer_size;
357
char interface[IF_NAMESIZE];
360
fprintf(stderr, "Setting up a tcp connection to %s, port %d\n",
309
364
tcp_sd = socket(PF_INET6, SOCK_STREAM, 0);
315
ret = setsockopt(tcp_sd, SOL_SOCKET, SO_BINDTODEVICE, "eth0", 5);
317
perror("setsockopt bindtodevice");
370
if(if_indextoname((unsigned int)if_index, interface) == NULL){
372
perror("if_indextoname");
321
memset(&to,0,sizeof(to));
378
fprintf(stderr, "Binding to interface %s\n", interface);
381
memset(&to,0,sizeof(to)); /* Spurious warning */
322
382
to.sin6_family = AF_INET6;
323
ret = inet_pton(AF_INET6, ip, &ip_addr);
383
ret = inet_pton(AF_INET6, ip, &to.sin6_addr);
325
385
perror("inet_pton");
329
389
fprintf(stderr, "Bad address: %s\n", ip);
332
to.sin6_port = htons(port);
333
to.sin6_scope_id = if_nametoindex("eth0");
392
to.sin6_port = htons(port); /* Spurious warning */
394
to.sin6_scope_id = (uint32_t)if_index;
397
fprintf(stderr, "Connection to: %s, port %d\n", ip, port);
398
/* char addrstr[INET6_ADDRSTRLEN]; */
399
/* if(inet_ntop(to.sin6_family, &(to.sin6_addr), addrstr, */
400
/* sizeof(addrstr)) == NULL){ */
401
/* perror("inet_ntop"); */
403
/* fprintf(stderr, "Really connecting to: %s, port %d\n", */
404
/* addrstr, ntohs(to.sin6_port)); */
335
408
ret = connect(tcp_sd, (struct sockaddr *) &to, sizeof(to));
348
gnutls_transport_set_ptr (es.session, (gnutls_transport_ptr_t) tcp_sd);
420
gnutls_transport_set_ptr (es.session,
421
(gnutls_transport_ptr_t) tcp_sd);
424
fprintf(stderr, "Establishing TLS session with %s\n", ip);
350
427
ret = gnutls_handshake (es.session);
352
429
if (ret != GNUTLS_E_SUCCESS){
353
fprintf(stderr, "\n*** Handshake failed ***\n");
431
fprintf(stderr, "\n*** Handshake failed ***\n");
438
//Retrieve OpenPGP packet that contains the wanted password
441
fprintf(stderr, "Retrieving pgp encrypted password from %s\n",
361
446
if (buffer_length + BUFFER_SIZE > buffer_capacity){
362
447
buffer = realloc(buffer, buffer_capacity + BUFFER_SIZE);
390
fprintf(stderr, "Unknown error while reading data from encrypted session with mandos server\n");
475
fprintf(stderr, "Unknown error while reading data from"
476
" encrypted session with mandos server\n");
392
478
gnutls_bye (es.session, GNUTLS_SHUT_RDWR);
396
buffer_length += ret;
482
buffer_length += (size_t) ret;
400
486
if (buffer_length > 0){
401
if ((decrypted_buffer_size = gpg_packet_decrypt(buffer, buffer_length, &decrypted_buffer, CERT_ROOT)) == 0){
487
decrypted_buffer_size = pgp_packet_decrypt(buffer,
491
if (decrypted_buffer_size >= 0){
492
while(written < (size_t) decrypted_buffer_size){
493
ret = (int)fwrite (decrypted_buffer + written, 1,
494
(size_t)decrypted_buffer_size - written,
496
if(ret == 0 and ferror(stdout)){
498
fprintf(stderr, "Error writing encrypted data: %s\n",
504
written += (size_t)ret;
506
free(decrypted_buffer);
404
fwrite (decrypted_buffer, 1, decrypted_buffer_size, stdout);
405
free(decrypted_buffer);
515
fprintf(stderr, "Closing TLS session\n");
412
519
gnutls_bye (es.session, GNUTLS_SHUT_RDWR);
432
539
const char *host_name,
433
540
const AvahiAddress *address,
435
AvahiStringList *txt,
436
AvahiLookupResultFlags flags,
542
AVAHI_GCC_UNUSED AvahiStringList *txt,
543
AVAHI_GCC_UNUSED AvahiLookupResultFlags flags,
437
544
AVAHI_GCC_UNUSED void* userdata) {
441
/* Called whenever a service has been resolved successfully or timed out */
444
case AVAHI_RESOLVER_FAILURE:
445
fprintf(stderr, "(Resolver) Failed to resolve service '%s' of type '%s' in domain '%s': %s\n", name, type, domain, avahi_strerror(avahi_server_errno(server)));
448
case AVAHI_RESOLVER_FOUND: {
449
char ip[AVAHI_ADDRESS_STR_MAX];
450
avahi_address_snprint(ip, sizeof(ip), address);
451
int ret = start_mandos_communcation(ip, port);
546
assert(r); /* Spurious warning */
548
/* Called whenever a service has been resolved successfully or
553
case AVAHI_RESOLVER_FAILURE:
554
fprintf(stderr, "(Resolver) Failed to resolve service '%s' of"
555
" type '%s' in domain '%s': %s\n", name, type, domain,
556
avahi_strerror(avahi_server_errno(server)));
559
case AVAHI_RESOLVER_FOUND:
561
char ip[AVAHI_ADDRESS_STR_MAX];
562
avahi_address_snprint(ip, sizeof(ip), address);
564
fprintf(stderr, "Mandos server \"%s\" found on %s (%s) on"
565
" port %d\n", name, host_name, ip, port);
567
int ret = start_mandos_communication(ip, port, interface);
459
avahi_s_service_resolver_free(r);
573
avahi_s_service_resolver_free(r);
462
576
static void browse_callback(
471
585
void* userdata) {
473
587
AvahiServer *s = userdata;
476
/* Called whenever a new services becomes available on the LAN or is removed from the LAN */
588
assert(b); /* Spurious warning */
590
/* Called whenever a new services becomes available on the LAN or
591
is removed from the LAN */
480
case AVAHI_BROWSER_FAILURE:
482
fprintf(stderr, "(Browser) %s\n", avahi_strerror(avahi_server_errno(server)));
483
avahi_simple_poll_quit(simple_poll);
486
case AVAHI_BROWSER_NEW:
487
/* We ignore the returned resolver object. In the callback
488
function we free it. If the server is terminated before
489
the callback function is called the server will free
490
the resolver for us. */
492
if (!(avahi_s_service_resolver_new(s, interface, protocol, name, type, domain, AVAHI_PROTO_INET6, 0, resolve_callback, s)))
493
fprintf(stderr, "Failed to resolve service '%s': %s\n", name, avahi_strerror(avahi_server_errno(s)));
497
case AVAHI_BROWSER_REMOVE:
500
case AVAHI_BROWSER_ALL_FOR_NOW:
501
case AVAHI_BROWSER_CACHE_EXHAUSTED:
595
case AVAHI_BROWSER_FAILURE:
597
fprintf(stderr, "(Browser) %s\n",
598
avahi_strerror(avahi_server_errno(server)));
599
avahi_simple_poll_quit(simple_poll);
602
case AVAHI_BROWSER_NEW:
603
/* We ignore the returned resolver object. In the callback
604
function we free it. If the server is terminated before
605
the callback function is called the server will free
606
the resolver for us. */
608
if (!(avahi_s_service_resolver_new(s, interface, protocol, name,
610
AVAHI_PROTO_INET6, 0,
611
resolve_callback, s)))
612
fprintf(stderr, "Failed to resolve service '%s': %s\n", name,
613
avahi_strerror(avahi_server_errno(s)));
616
case AVAHI_BROWSER_REMOVE:
619
case AVAHI_BROWSER_ALL_FOR_NOW:
620
case AVAHI_BROWSER_CACHE_EXHAUSTED:
507
626
AvahiServerConfig config;
508
627
AvahiSServiceBrowser *sb = NULL;
512
avahi_set_log_function(empty_log);
630
int returncode = EXIT_SUCCESS;
631
const char *interface = NULL;
632
AvahiIfIndex if_index = AVAHI_IF_UNSPEC;
633
char *connect_to = NULL;
636
static struct option long_options[] = {
637
{"debug", no_argument, (int *)&debug, 1},
638
{"connect", required_argument, 0, 'c'},
639
{"interface", required_argument, 0, 'i'},
642
int option_index = 0;
643
ret = getopt_long (argc, argv, "i:", long_options,
664
if(interface != NULL){
665
if_index = (AvahiIfIndex) if_nametoindex(interface);
667
fprintf(stderr, "No such interface: \"%s\"\n", interface);
672
if(connect_to != NULL){
673
/* Connect directly, do not use Zeroconf */
674
/* (Mainly meant for debugging) */
675
char *address = strrchr(connect_to, ':');
677
fprintf(stderr, "No colon in address\n");
681
uint16_t port = (uint16_t) strtol(address+1, NULL, 10);
683
perror("Bad port number");
687
address = connect_to;
688
ret = start_mandos_communication(address, port, if_index);
697
avahi_set_log_function(empty_log);
514
700
/* Initialize the psuedo-RNG */
701
srand((unsigned int) time(NULL));
517
703
/* Allocate main loop object */
518
704
if (!(simple_poll = avahi_simple_poll_new())) {
519
705
fprintf(stderr, "Failed to create simple poll object.\n");
523
710
/* Do not publish any local records */
527
714
config.publish_workstation = 0;
528
715
config.publish_domain = 0;
530
/* /\* Set a unicast DNS server for wide area DNS-SD *\/ */
531
/* avahi_address_parse("193.11.177.11", AVAHI_PROTO_UNSPEC, &config.wide_area_servers[0]); */
532
/* config.n_wide_area_servers = 1; */
533
/* config.enable_wide_area = 1; */
535
717
/* Allocate a new server */
536
server = avahi_server_new(avahi_simple_poll_get(simple_poll), &config, NULL, NULL, &error);
718
server = avahi_server_new(avahi_simple_poll_get(simple_poll),
719
&config, NULL, NULL, &error);
538
721
/* Free the configuration data */
539
722
avahi_server_config_free(&config);
541
/* Check wether creating the server object succeeded */
724
/* Check if creating the server object succeeded */
543
fprintf(stderr, "Failed to create server: %s\n", avahi_strerror(error));
726
fprintf(stderr, "Failed to create server: %s\n",
727
avahi_strerror(error));
728
returncode = EXIT_FAILURE;
547
732
/* Create the service browser */
548
if (!(sb = avahi_s_service_browser_new(server, if_nametoindex("eth0"), AVAHI_PROTO_INET6, "_mandos._tcp", NULL, 0, browse_callback, server))) {
549
fprintf(stderr, "Failed to create service browser: %s\n", avahi_strerror(avahi_server_errno(server)));
733
sb = avahi_s_service_browser_new(server, if_index,
735
"_mandos._tcp", NULL, 0,
736
browse_callback, server);
738
fprintf(stderr, "Failed to create service browser: %s\n",
739
avahi_strerror(avahi_server_errno(server)));
740
returncode = EXIT_FAILURE;
553
744
/* Run the main loop */
747
fprintf(stderr, "Starting avahi loop search\n");
554
750
avahi_simple_poll_loop(simple_poll);
755
fprintf(stderr, "%s exiting\n", argv[0]);
560
758
/* Cleanup things */