2
This file is part of avahi.
4
avahi is free software; you can redistribute it and/or modify it
5
under the terms of the GNU Lesser General Public License as
6
published by the Free Software Foundation; either version 2.1 of the
7
License, or (at your option) any later version.
9
avahi is distributed in the hope that it will be useful, but WITHOUT
10
ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
11
or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General
12
Public License for more details.
14
You should have received a copy of the GNU Lesser General Public
15
License along with avahi; if not, write to the Free Software
16
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
1
/* -*- coding: utf-8 -*- */
3
* Mandos client - get and decrypt data from a Mandos server
5
* This program is partly derived from an example program for an Avahi
6
* service browser, downloaded from
7
* <http://avahi.org/browser/examples/core-browse-services.c>. This
8
* includes the following functions: "resolve_callback",
9
* "browse_callback", and parts of "main".
12
* Copyright © 2007-2008 Teddy Hogeborn & Björn Påhlsson
14
* This program is free software: you can redistribute it and/or
15
* modify it under the terms of the GNU General Public License as
16
* published by the Free Software Foundation, either version 3 of the
17
* License, or (at your option) any later version.
19
* This program is distributed in the hope that it will be useful, but
20
* WITHOUT ANY WARRANTY; without even the implied warranty of
21
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
22
* General Public License for more details.
24
* You should have received a copy of the GNU General Public License
25
* along with this program. If not, see
26
* <http://www.gnu.org/licenses/>.
28
* Contact the authors at <mandos@fukt.bsnet.se>.
31
/* Needed by GPGME, specifically gpgme_data_seek() */
20
32
#define _LARGEFILE_SOURCE
21
33
#define _FILE_OFFSET_BITS 64
68
82
} encrypted_session;
71
ssize_t gpg_packet_decrypt (char *packet, size_t packet_size, char **new_packet, char *homedir){
85
ssize_t pgp_packet_decrypt (char *packet, size_t packet_size,
86
char **new_packet, const char *homedir){
72
87
gpgme_data_t dh_crypto, dh_plain;
76
size_t new_packet_capacity = 0;
77
size_t new_packet_length = 0;
91
ssize_t new_packet_capacity = 0;
92
ssize_t new_packet_length = 0;
78
93
gpgme_engine_info_t engine_info;
81
fprintf(stderr, "Attempting to decrypt password from gpg packet\n");
96
fprintf(stderr, "Trying to decrypt OpenPGP packet\n");
85
100
gpgme_check_version(NULL);
86
gpgme_engine_check_version(GPGME_PROTOCOL_OpenPGP);
101
rc = gpgme_engine_check_version(GPGME_PROTOCOL_OpenPGP);
102
if (rc != GPG_ERR_NO_ERROR){
103
fprintf(stderr, "bad gpgme_engine_check_version: %s: %s\n",
104
gpgme_strsource(rc), gpgme_strerror(rc));
88
108
/* Set GPGME home directory */
89
109
rc = gpgme_get_engine_info (&engine_info);
237
269
gnutls_global_set_log_function(debuggnutls);
241
272
/* openpgp credentials */
242
273
if ((ret = gnutls_certificate_allocate_credentials (&es->cred))
243
274
!= GNUTLS_E_SUCCESS) {
244
fprintf (stderr, "memory error: %s\n", safer_gnutls_strerror(ret));
275
fprintf (stderr, "memory error: %s\n",
276
safer_gnutls_strerror(ret));
249
fprintf(stderr, "Attempting to use openpgp certificate %s"
250
" and keyfile %s as gnutls credentials\n", CERTFILE, KEYFILE);
281
fprintf(stderr, "Attempting to use OpenPGP certificate %s"
282
" and keyfile %s as GnuTLS credentials\n", certfile,
253
286
ret = gnutls_certificate_set_openpgp_key_file
254
(es->cred, CERTFILE, KEYFILE, GNUTLS_OPENPGP_FMT_BASE64);
287
(es->cred, certfile, certkey, GNUTLS_OPENPGP_FMT_BASE64);
255
288
if (ret != GNUTLS_E_SUCCESS) {
257
(stderr, "Error[%d] while reading the OpenPGP key pair ('%s', '%s')\n",
258
ret, CERTFILE, KEYFILE);
290
(stderr, "Error[%d] while reading the OpenPGP key pair ('%s',"
292
ret, certfile, certkey);
259
293
fprintf(stdout, "The Error is: %s\n",
260
294
safer_gnutls_strerror(ret));
264
//Gnutls server initialization
298
//GnuTLS server initialization
265
299
if ((ret = gnutls_dh_params_init (&es->dh_params))
266
300
!= GNUTLS_E_SUCCESS) {
267
301
fprintf (stderr, "Error in dh parameter initialization: %s\n",
268
302
safer_gnutls_strerror(ret));
272
306
if ((ret = gnutls_dh_params_generate2 (es->dh_params, DH_BITS))
273
307
!= GNUTLS_E_SUCCESS) {
274
308
fprintf (stderr, "Error in prime generation: %s\n",
275
309
safer_gnutls_strerror(ret));
279
313
gnutls_certificate_set_dh_params (es->cred, es->dh_params);
281
// Gnutls session creation
315
// GnuTLS session creation
282
316
if ((ret = gnutls_init (&es->session, GNUTLS_SERVER))
283
317
!= GNUTLS_E_SUCCESS){
284
fprintf(stderr, "Error in gnutls session initialization: %s\n",
318
fprintf(stderr, "Error in GnuTLS session initialization: %s\n",
285
319
safer_gnutls_strerror(ret));
288
322
if ((ret = gnutls_priority_set_direct (es->session, "NORMAL", &err))
289
323
!= GNUTLS_E_SUCCESS) {
290
324
fprintf(stderr, "Syntax error at: %s\n", err);
291
fprintf(stderr, "Gnutls error: %s\n",
325
fprintf(stderr, "GnuTLS error: %s\n",
292
326
safer_gnutls_strerror(ret));
296
330
if ((ret = gnutls_credentials_set
297
331
(es->session, GNUTLS_CRD_CERTIFICATE, es->cred))
298
332
!= GNUTLS_E_SUCCESS) {
300
334
safer_gnutls_strerror(ret));
304
338
/* ignore client certificate if any. */
305
gnutls_certificate_server_set_request (es->session, GNUTLS_CERT_IGNORE);
339
gnutls_certificate_server_set_request (es->session,
307
342
gnutls_dh_set_prime_bits (es->session, DH_BITS);
312
void empty_log(AvahiLogLevel level, const char *txt){}
347
void empty_log(__attribute__((unused)) AvahiLogLevel level,
348
__attribute__((unused)) const char *txt){}
314
int start_mandos_communcation(char *ip, uint16_t port){
350
int start_mandos_communication(const char *ip, uint16_t port,
351
AvahiIfIndex if_index){
316
353
struct sockaddr_in6 to;
317
struct in6_addr ip_addr;
318
354
encrypted_session es;
319
355
char *buffer = NULL;
320
356
char *decrypted_buffer;
321
357
size_t buffer_length = 0;
322
358
size_t buffer_capacity = 0;
323
359
ssize_t decrypted_buffer_size;
325
const char interface[] = "eth0";
362
char interface[IF_NAMESIZE];
328
fprintf(stderr, "Setting up a tcp connection to %s\n", ip);
365
fprintf(stderr, "Setting up a tcp connection to %s, port %d\n",
331
369
tcp_sd = socket(PF_INET6, SOCK_STREAM, 0);
355
394
fprintf(stderr, "Bad address: %s\n", ip);
358
to.sin6_port = htons(port);
359
to.sin6_scope_id = if_nametoindex(interface);
397
to.sin6_port = htons(port); /* Spurious warning */
399
to.sin6_scope_id = (uint32_t)if_index;
362
fprintf(stderr, "Connection to: %s\n", ip);
402
fprintf(stderr, "Connection to: %s, port %d\n", ip, port);
403
/* char addrstr[INET6_ADDRSTRLEN]; */
404
/* if(inet_ntop(to.sin6_family, &(to.sin6_addr), addrstr, */
405
/* sizeof(addrstr)) == NULL){ */
406
/* perror("inet_ntop"); */
408
/* fprintf(stderr, "Really connecting to: %s, port %d\n", */
409
/* addrstr, ntohs(to.sin6_port)); */
365
413
ret = connect(tcp_sd, (struct sockaddr *) &to, sizeof(to));
378
gnutls_transport_set_ptr (es.session, (gnutls_transport_ptr_t) tcp_sd);
425
gnutls_transport_set_ptr (es.session,
426
(gnutls_transport_ptr_t) tcp_sd);
381
fprintf(stderr, "Establishing tls session with %s\n", ip);
429
fprintf(stderr, "Establishing TLS session with %s\n", ip);
385
432
ret = gnutls_handshake (es.session);
387
434
if (ret != GNUTLS_E_SUCCESS){
388
fprintf(stderr, "\n*** Handshake failed ***\n");
436
fprintf(stderr, "\n*** Handshake failed ***\n");
394
//Retrieve gpg packet that contains the wanted password
443
//Retrieve OpenPGP packet that contains the wanted password
397
fprintf(stderr, "Retrieving pgp encrypted password from %s\n", ip);
446
fprintf(stderr, "Retrieving pgp encrypted password from %s\n",
430
fprintf(stderr, "Unknown error while reading data from encrypted session with mandos server\n");
480
fprintf(stderr, "Unknown error while reading data from"
481
" encrypted session with mandos server\n");
432
483
gnutls_bye (es.session, GNUTLS_SHUT_RDWR);
436
buffer_length += ret;
487
buffer_length += (size_t) ret;
440
491
if (buffer_length > 0){
441
if ((decrypted_buffer_size = gpg_packet_decrypt(buffer, buffer_length, &decrypted_buffer, CERT_ROOT)) >= 0){
442
fwrite (decrypted_buffer, 1, decrypted_buffer_size, stdout);
492
decrypted_buffer_size = pgp_packet_decrypt(buffer,
496
if (decrypted_buffer_size >= 0){
497
while(written < (size_t) decrypted_buffer_size){
498
ret = (int)fwrite (decrypted_buffer + written, 1,
499
(size_t)decrypted_buffer_size - written,
501
if(ret == 0 and ferror(stdout)){
503
fprintf(stderr, "Error writing encrypted data: %s\n",
509
written += (size_t)ret;
443
511
free(decrypted_buffer);
476
544
const char *host_name,
477
545
const AvahiAddress *address,
479
AvahiStringList *txt,
480
AvahiLookupResultFlags flags,
547
AVAHI_GCC_UNUSED AvahiStringList *txt,
548
AVAHI_GCC_UNUSED AvahiLookupResultFlags flags,
481
549
AVAHI_GCC_UNUSED void* userdata) {
485
/* Called whenever a service has been resolved successfully or timed out */
488
case AVAHI_RESOLVER_FAILURE:
489
fprintf(stderr, "(Resolver) Failed to resolve service '%s' of type '%s' in domain '%s': %s\n", name, type, domain, avahi_strerror(avahi_server_errno(server)));
492
case AVAHI_RESOLVER_FOUND: {
493
char ip[AVAHI_ADDRESS_STR_MAX];
494
avahi_address_snprint(ip, sizeof(ip), address);
496
fprintf(stderr, "Mandos server found at %s on port %d\n", ip, port);
498
int ret = start_mandos_communcation(ip, port);
551
assert(r); /* Spurious warning */
553
/* Called whenever a service has been resolved successfully or
558
case AVAHI_RESOLVER_FAILURE:
559
fprintf(stderr, "(Resolver) Failed to resolve service '%s' of"
560
" type '%s' in domain '%s': %s\n", name, type, domain,
561
avahi_strerror(avahi_server_errno(server)));
564
case AVAHI_RESOLVER_FOUND:
566
char ip[AVAHI_ADDRESS_STR_MAX];
567
avahi_address_snprint(ip, sizeof(ip), address);
569
fprintf(stderr, "Mandos server \"%s\" found on %s (%s) on"
570
" port %d\n", name, host_name, ip, port);
572
int ret = start_mandos_communication(ip, port, interface);
506
avahi_s_service_resolver_free(r);
578
avahi_s_service_resolver_free(r);
509
581
static void browse_callback(
518
590
void* userdata) {
520
592
AvahiServer *s = userdata;
523
/* Called whenever a new services becomes available on the LAN or is removed from the LAN */
593
assert(b); /* Spurious warning */
595
/* Called whenever a new services becomes available on the LAN or
596
is removed from the LAN */
527
case AVAHI_BROWSER_FAILURE:
529
fprintf(stderr, "(Browser) %s\n", avahi_strerror(avahi_server_errno(server)));
530
avahi_simple_poll_quit(simple_poll);
533
case AVAHI_BROWSER_NEW:
534
/* We ignore the returned resolver object. In the callback
535
function we free it. If the server is terminated before
536
the callback function is called the server will free
537
the resolver for us. */
539
if (!(avahi_s_service_resolver_new(s, interface, protocol, name, type, domain, AVAHI_PROTO_INET6, 0, resolve_callback, s)))
540
fprintf(stderr, "Failed to resolve service '%s': %s\n", name, avahi_strerror(avahi_server_errno(s)));
544
case AVAHI_BROWSER_REMOVE:
547
case AVAHI_BROWSER_ALL_FOR_NOW:
548
case AVAHI_BROWSER_CACHE_EXHAUSTED:
600
case AVAHI_BROWSER_FAILURE:
602
fprintf(stderr, "(Browser) %s\n",
603
avahi_strerror(avahi_server_errno(server)));
604
avahi_simple_poll_quit(simple_poll);
607
case AVAHI_BROWSER_NEW:
608
/* We ignore the returned resolver object. In the callback
609
function we free it. If the server is terminated before
610
the callback function is called the server will free
611
the resolver for us. */
613
if (!(avahi_s_service_resolver_new(s, interface, protocol, name,
615
AVAHI_PROTO_INET6, 0,
616
resolve_callback, s)))
617
fprintf(stderr, "Failed to resolve service '%s': %s\n", name,
618
avahi_strerror(avahi_server_errno(s)));
621
case AVAHI_BROWSER_REMOVE:
624
case AVAHI_BROWSER_ALL_FOR_NOW:
625
case AVAHI_BROWSER_CACHE_EXHAUSTED:
630
/* combinds file name and path and returns the malloced new string. som sane checks could/should be added */
631
const char *combinepath(const char *first, const char *second){
633
tmp = malloc(strlen(first) + strlen(second) + 2);
639
if (first[0] != '\0' and first[strlen(first) - 1] != '/'){
553
647
int main(AVAHI_GCC_UNUSED int argc, AVAHI_GCC_UNUSED char*argv[]) {
554
648
AvahiServerConfig config;
555
649
AvahiSServiceBrowser *sb = NULL;
556
const char db[] = "--debug";
559
652
int returncode = EXIT_SUCCESS;
560
char *basename = rindex(argv[0], '/');
561
if(basename == NULL){
567
char *program_name = malloc(strlen(basename) + sizeof(db));
569
if (program_name == NULL){
574
program_name[0] = '\0';
576
for (int i = 1; i < argc; i++){
577
if (not strncmp(argv[i], db, 5)){
578
strcat(strcat(strcat(program_name, db ), "="), basename);
579
if(not strcmp(argv[i], db) or not strcmp(argv[i], program_name)){
653
const char *interface = NULL;
654
AvahiIfIndex if_index = AVAHI_IF_UNSPEC;
655
char *connect_to = NULL;
658
static struct option long_options[] = {
659
{"debug", no_argument, (int *)&debug, 1},
660
{"connect", required_argument, 0, 'C'},
661
{"interface", required_argument, 0, 'i'},
662
{"certdir", required_argument, 0, 'd'},
663
{"certkey", required_argument, 0, 'c'},
664
{"certfile", required_argument, 0, 'k'},
667
int option_index = 0;
668
ret = getopt_long (argc, argv, "i:", long_options,
698
certfile = combinepath(certdir, certfile);
699
if (certfile == NULL){
703
if(interface != NULL){
704
if_index = (AvahiIfIndex) if_nametoindex(interface);
706
fprintf(stderr, "No such interface: \"%s\"\n", interface);
711
if(connect_to != NULL){
712
/* Connect directly, do not use Zeroconf */
713
/* (Mainly meant for debugging) */
714
char *address = strrchr(connect_to, ':');
716
fprintf(stderr, "No colon in address\n");
720
uint16_t port = (uint16_t) strtol(address+1, NULL, 10);
722
perror("Bad port number");
726
address = connect_to;
727
ret = start_mandos_communication(address, port, if_index);
735
certkey = combinepath(certdir, certkey);
736
if (certkey == NULL){
587
741
avahi_set_log_function(empty_log);
590
744
/* Initialize the psuedo-RNG */
745
srand((unsigned int) time(NULL));
593
747
/* Allocate main loop object */
594
748
if (!(simple_poll = avahi_simple_poll_new())) {
605
759
config.publish_domain = 0;
607
761
/* Allocate a new server */
608
server = avahi_server_new(avahi_simple_poll_get(simple_poll), &config, NULL, NULL, &error);
762
server = avahi_server_new(avahi_simple_poll_get(simple_poll),
763
&config, NULL, NULL, &error);
610
765
/* Free the configuration data */
611
766
avahi_server_config_free(&config);
613
768
/* Check if creating the server object succeeded */
615
fprintf(stderr, "Failed to create server: %s\n", avahi_strerror(error));
770
fprintf(stderr, "Failed to create server: %s\n",
771
avahi_strerror(error));
616
772
returncode = EXIT_FAILURE;
620
776
/* Create the service browser */
621
if (!(sb = avahi_s_service_browser_new(server, if_nametoindex("eth0"), AVAHI_PROTO_INET6, "_mandos._tcp", NULL, 0, browse_callback, server))) {
622
fprintf(stderr, "Failed to create service browser: %s\n", avahi_strerror(avahi_server_errno(server)));
777
sb = avahi_s_service_browser_new(server, if_index,
779
"_mandos._tcp", NULL, 0,
780
browse_callback, server);
782
fprintf(stderr, "Failed to create service browser: %s\n",
783
avahi_strerror(avahi_server_errno(server)));
623
784
returncode = EXIT_FAILURE;