To get this branch, use:
bzr branch
http://bzr.recompile.se/loggerhead/mandos/release
« back to all changes in this revision
Viewing changes to plugins.d/mandosclient.c
- browse files at revision 29
- compare with another revision
- download diff
- download tarball
- view history from revision 29
- Committer: Teddy Hogeborn
- Date: 2008-07-31 19:48:05 UTC
- Revision ID: teddy@fukt.bsnet.se-20080731194805-mseis21dxwrdfqhk
* plugins.d/mandosclient.c (start_mandos_communication): Changed
"if_index" to
be of type
"AvahiIfIndex".
All callers
changed.
(main): Add default values to "interface" and "if_index". Only
change if_index from default if "interface" was given.
* server.py (IPv6_TCPServer.server_bind): Bug fix: test if interface
is empty, not if equal to
avahi.IF_UNSPEC.
(if_nametoindex): Bug fix; typo: assign to _func[0], not func[0].
(main): Bug fix: Do not set service.interface unless the interface
setting has been given.
"if_index" to
be of type
"AvahiIfIndex".
All callers
changed.
(main): Add default values to "interface" and "if_index". Only
change if_index from default if "interface" was given.
* server.py (IPv6_TCPServer.server_bind): Bug fix: test if interface
is empty, not if equal to
avahi.IF_UNSPEC.
(if_nametoindex): Bug fix; typo: assign to _func[0], not func[0].
(main): Bug fix: Do not set service.interface unless the interface
setting has been given.
- files modified:
- TODO
added
removed
plugins.d/mandosclient.c
25
25
* along with this program. If not, see
26
26
* <http://www.gnu.org/licenses/>.
27
27
*
28
* Contact the authors at <mandos@fukt.bsnet.se>.
28
* Contact the authors at <https://www.fukt.bsnet.se/~belorn/> and
29
* <https://www.fukt.bsnet.se/~teddy/>.
29
30
*/
30
31
31
32
/* Needed by GPGME, specifically gpgme_data_seek() */
63
64
#include <errno.h> /* perror() */
64
65
#include <gpgme.h>
65
66
66
// getopt_long
67
// getopt long
67
68
#include <getopt.h>
68
69
70
#ifndef CERT_ROOT
71
#define CERT_ROOT "/conf/conf.d/cryptkeyreq/"
72
#endif
73
#define CERTFILE CERT_ROOT "openpgp-client.txt"
74
#define KEYFILE CERT_ROOT "openpgp-client-key.txt"
69
75
#define BUFFER_SIZE 256
70
71
static int dh_bits = 1024;
72
73
static const char *keydir = "/conf/conf.d/mandos";
74
static const char *pubkeyfile = "pubkey.txt";
75
static const char *seckeyfile = "seckey.txt";
76
#define DH_BITS 1024
76
77
77
78
bool debug = false;
78
79
79
/* Used for */
80
80
typedef struct {
81
81
gnutls_session_t session;
82
82
gnutls_certificate_credentials_t cred;
84
84
} encrypted_session;
85
85
86
86
87
static ssize_t pgp_packet_decrypt (char *packet, size_t packet_size,
88
char **new_packet,
89
const char *homedir){
87
ssize_t pgp_packet_decrypt (char *packet, size_t packet_size,
88
char **new_packet, const char *homedir){
90
89
gpgme_data_t dh_crypto, dh_plain;
91
90
gpgme_ctx_t ctx;
92
91
gpgme_error_t rc;
101
100
102
101
/* Init GPGME */
103
102
gpgme_check_version(NULL);
104
rc = gpgme_engine_check_version(GPGME_PROTOCOL_OpenPGP);
105
if (rc != GPG_ERR_NO_ERROR){
106
fprintf(stderr, "bad gpgme_engine_check_version: %s: %s\n",
107
gpgme_strsource(rc), gpgme_strerror(rc));
108
return -1;
109
}
103
gpgme_engine_check_version(GPGME_PROTOCOL_OpenPGP);
110
104
111
105
/* Set GPGME home directory */
112
106
rc = gpgme_get_engine_info (&engine_info);
198
192
gpgme_data_release(dh_crypto);
199
193
200
194
/* Seek back to the beginning of the GPGME plaintext data buffer */
201
if (gpgme_data_seek(dh_plain, (off_t) 0, SEEK_SET) == -1){
202
perror("pgpme_data_seek");
203
}
204
195
gpgme_data_seek(dh_plain, (off_t) 0, SEEK_SET);
196
205
197
*new_packet = 0;
206
198
while(true){
207
199
if (new_packet_length + BUFFER_SIZE > new_packet_capacity){
248
240
return ret;
249
241
}
250
242
251
static void debuggnutls(__attribute__((unused)) int level,
252
const char* string){
243
void debuggnutls(__attribute__((unused)) int level,
244
const char* string){
253
245
fprintf(stderr, "%s", string);
254
246
}
255
247
256
static int initgnutls(encrypted_session *es){
248
int initgnutls(encrypted_session *es){
257
249
const char *err;
258
250
int ret;
259
251
260
252
if(debug){
261
253
fprintf(stderr, "Initializing GnuTLS\n");
262
254
}
263
255
264
256
if ((ret = gnutls_global_init ())
265
257
!= GNUTLS_E_SUCCESS) {
266
258
fprintf (stderr, "global_init: %s\n", safer_gnutls_strerror(ret));
282
274
283
275
if(debug){
284
276
fprintf(stderr, "Attempting to use OpenPGP certificate %s"
285
" and keyfile %s as GnuTLS credentials\n", pubkeyfile,
286
seckeyfile);
277
" and keyfile %s as GnuTLS credentials\n", CERTFILE,
278
KEYFILE);
287
279
}
288
280
289
281
ret = gnutls_certificate_set_openpgp_key_file
290
(es->cred, pubkeyfile, seckeyfile, GNUTLS_OPENPGP_FMT_BASE64);
282
(es->cred, CERTFILE, KEYFILE, GNUTLS_OPENPGP_FMT_BASE64);
291
283
if (ret != GNUTLS_E_SUCCESS) {
292
284
fprintf
293
285
(stderr, "Error[%d] while reading the OpenPGP key pair ('%s',"
294
286
" '%s')\n",
295
ret, pubkeyfile, seckeyfile);
287
ret, CERTFILE, KEYFILE);
296
288
fprintf(stdout, "The Error is: %s\n",
297
289
safer_gnutls_strerror(ret));
298
290
return -1;
306
298
return -1;
307
299
}
308
300
309
if ((ret = gnutls_dh_params_generate2 (es->dh_params, dh_bits))
301
if ((ret = gnutls_dh_params_generate2 (es->dh_params, DH_BITS))
310
302
!= GNUTLS_E_SUCCESS) {
311
303
fprintf (stderr, "Error in prime generation: %s\n",
312
304
safer_gnutls_strerror(ret));
342
334
gnutls_certificate_server_set_request (es->session,
343
335
GNUTLS_CERT_IGNORE);
344
336
345
gnutls_dh_set_prime_bits (es->session, dh_bits);
337
gnutls_dh_set_prime_bits (es->session, DH_BITS);
346
338
347
339
return 0;
348
340
}
349
341
350
static void empty_log(__attribute__((unused)) AvahiLogLevel level,
351
__attribute__((unused)) const char *txt){}
342
void empty_log(__attribute__((unused)) AvahiLogLevel level,
343
__attribute__((unused)) const char *txt){}
352
344
353
static int start_mandos_communication(const char *ip, uint16_t port,
354
AvahiIfIndex if_index){
345
int start_mandos_communication(const char *ip, uint16_t port,
346
AvahiIfIndex if_index){
355
347
int ret, tcp_sd;
356
348
struct sockaddr_in6 to;
357
349
encrypted_session es;
403
395
404
396
if(debug){
405
397
fprintf(stderr, "Connection to: %s, port %d\n", ip, port);
406
char addrstr[INET6_ADDRSTRLEN] = "";
407
if(inet_ntop(to.sin6_family, &(to.sin6_addr), addrstr,
408
sizeof(addrstr)) == NULL){
409
perror("inet_ntop");
410
} else {
411
if(strcmp(addrstr, ip) != 0){
412
fprintf(stderr, "Canonical address form: %s\n",
413
addrstr, ntohs(to.sin6_port));
414
}
415
}
398
/* char addrstr[INET6_ADDRSTRLEN]; */
399
/* if(inet_ntop(to.sin6_family, &(to.sin6_addr), addrstr, */
400
/* sizeof(addrstr)) == NULL){ */
401
/* perror("inet_ntop"); */
402
/* } else { */
403
/* fprintf(stderr, "Really connecting to: %s, port %d\n", */
404
/* addrstr, ntohs(to.sin6_port)); */
405
/* } */
416
406
}
417
407
418
408
ret = connect(tcp_sd, (struct sockaddr *) &to, sizeof(to));
497
487
decrypted_buffer_size = pgp_packet_decrypt(buffer,
498
488
buffer_length,
499
489
&decrypted_buffer,
500
keydir);
490
CERT_ROOT);
501
491
if (decrypted_buffer_size >= 0){
502
492
while(written < (size_t) decrypted_buffer_size){
503
493
ret = (int)fwrite (decrypted_buffer + written, 1,
632
622
}
633
623
}
634
624
635
/* Combines file name and path and returns the malloced new
636
string. some sane checks could/should be added */
637
static const char *combinepath(const char *first, const char *second){
638
size_t f_len = strlen(first);
639
size_t s_len = strlen(second);
640
char *tmp = malloc(f_len + s_len + 2);
641
if (tmp == NULL){
642
return NULL;
643
}
644
if(f_len > 0){
645
memcpy(tmp, first, f_len);
646
}
647
tmp[f_len] = '/';
648
if(s_len > 0){
649
memcpy(tmp + f_len + 1, second, s_len);
650
}
651
tmp[f_len + 1 + s_len] = '\0';
652
return tmp;
653
}
654
655
656
625
int main(AVAHI_GCC_UNUSED int argc, AVAHI_GCC_UNUSED char*argv[]) {
657
626
AvahiServerConfig config;
658
627
AvahiSServiceBrowser *sb = NULL;
659
628
int error;
660
629
int ret;
661
int debug_int = 0;
662
630
int returncode = EXIT_SUCCESS;
663
631
const char *interface = NULL;
664
632
AvahiIfIndex if_index = AVAHI_IF_UNSPEC;
665
633
char *connect_to = NULL;
666
634
667
debug_int = debug ? 1 : 0;
668
635
while (true){
669
636
static struct option long_options[] = {
670
{"debug", no_argument, &debug_int, 1},
671
{"connect", required_argument, NULL, 'C'},
672
{"interface", required_argument, NULL, 'i'},
673
{"keydir", required_argument, NULL, 'd'},
674
{"seckey", required_argument, NULL, 'c'},
675
{"pubkey", required_argument, NULL, 'k'},
676
{"dh-bits", required_argument, NULL, 'D'},
637
{"debug", no_argument, (int *)&debug, 1},
638
{"connect", required_argument, 0, 'c'},
639
{"interface", required_argument, 0, 'i'},
677
640
{0, 0, 0, 0} };
678
641
679
642
int option_index = 0;
690
653
case 'i':
691
654
interface = optarg;
692
655
break;
693
case 'C':
656
case 'c':
694
657
connect_to = optarg;
695
658
break;
696
case 'd':
697
keydir = optarg;
698
break;
699
case 'c':
700
pubkeyfile = optarg;
701
break;
702
case 'k':
703
seckeyfile = optarg;
704
break;
705
case 'D':
706
dh_bits = atoi(optarg);
707
break;
708
case '?':
709
break
710
659
default:
711
660
exit(EXIT_FAILURE);
712
661
}
713
662
}
714
debug = debug_int ? true : false;
715
716
pubkeyfile = combinepath(keydir, pubkeyfile);
717
if (pubkeyfile == NULL){
718
perror("combinepath");
719
goto exit;
720
}
721
663
722
664
if(interface != NULL){
723
665
if_index = (AvahiIfIndex) if_nametoindex(interface);
751
693
}
752
694
}
753
695
754
seckeyfile = combinepath(keydir, seckeyfile);
755
if (seckeyfile == NULL){
756
perror("combinepath");
757
goto exit;
758
}
759
760
696
if (not debug){
761
697
avahi_set_log_function(empty_log);
762
698
}
828
764
829
765
if (simple_poll)
830
766
avahi_simple_poll_free(simple_poll);
831
free(pubkeyfile);
832
free(seckeyfile);
833
767
834
768
return returncode;
835
769
}
Loggerhead is a web-based interface for Breezy
Version: 2.0.2.dev0