/mandos/release : revision 33

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to plugins.d/mandosclient.c

Committer: Teddy Hogeborn
Date: 2008-08-01 07:04:32 UTC
Revision ID: teddy@fukt.bsnet.se-20080801070432-5t1q0ds0bjxojyoz

* plugins.d/plugbasedclient.c (main): Close the pipe fd after dup2:ing
it onto stdout.

files modified:
plugbasedclient.c

plugins.d/mandosclient.c

server.py

Show diffs side-by-side

added added

removed removed

plugins.d/mandosclient.c

* along with this program. If not, see

* <http://www.gnu.org/licenses/>.

* Contact the authors at <https://www.fukt.bsnet.se/~belorn/> and

* <https://www.fukt.bsnet.se/~teddy/>.

* Contact the authors at <mandos@fukt.bsnet.se>.

/* Needed by GPGME, specifically gpgme_data_seek() */

// getopt long

#include <getopt.h>

#ifndef CERT_ROOT

#define CERT_ROOT "/conf/conf.d/cryptkeyreq/"

#endif

#define CERTFILE CERT_ROOT "openpgp-client.txt"

#define KEYFILE CERT_ROOT "openpgp-client-key.txt"

#define BUFFER_SIZE 256

#define DH_BITS 1024

const char *certdir = "/conf/conf.d/cryptkeyreq/";

const char *certfile = "openpgp-client.txt";

const char *certkey = "openpgp-client-key.txt";

bool debug = false;

typedef struct {

100

101

/* Init GPGME */

102

100

gpgme_check_version(NULL);

103

gpgme_engine_check_version(GPGME_PROTOCOL_OpenPGP);

101

rc = gpgme_engine_check_version(GPGME_PROTOCOL_OpenPGP);

102

if (rc != GPG_ERR_NO_ERROR){

103

fprintf(stderr, "bad gpgme_engine_check_version: %s: %s\n",

104

gpgme_strsource(rc), gpgme_strerror(rc));

105

return -1;

106

}

104

107

105

108

/* Set GPGME home directory */

106

109

rc = gpgme_get_engine_info (&engine_info);

192

195

gpgme_data_release(dh_crypto);

193

196

194

197

/* Seek back to the beginning of the GPGME plaintext data buffer */

195

gpgme_data_seek(dh_plain, (off_t) 0, SEEK_SET);

196

198

if (gpgme_data_seek(dh_plain, (off_t) 0, SEEK_SET) == -1){

199

perror("pgpme_data_seek");

200

}

201

197

202

*new_packet = 0;

198

203

while(true){

199

204

if (new_packet_length + BUFFER_SIZE > new_packet_capacity){

252

257

if(debug){

253

258

fprintf(stderr, "Initializing GnuTLS\n");

254

259

}

255

260

256

261

if ((ret = gnutls_global_init ())

257

262

!= GNUTLS_E_SUCCESS) {

258

263

fprintf (stderr, "global_init: %s\n", safer_gnutls_strerror(ret));

274

279

275

280

if(debug){

276

281

fprintf(stderr, "Attempting to use OpenPGP certificate %s"

277

" and keyfile %s as GnuTLS credentials\n", CERTFILE,

278

KEYFILE);

282

" and keyfile %s as GnuTLS credentials\n", certfile,

283

certkey);

279

284

}

280

285

281

286

ret = gnutls_certificate_set_openpgp_key_file

282

(es->cred, CERTFILE, KEYFILE, GNUTLS_OPENPGP_FMT_BASE64);

287

(es->cred, certfile, certkey, GNUTLS_OPENPGP_FMT_BASE64);

283

288

if (ret != GNUTLS_E_SUCCESS) {

284

289

fprintf

285

290

(stderr, "Error[%d] while reading the OpenPGP key pair ('%s',"

286

291

" '%s')\n",

287

ret, CERTFILE, KEYFILE);

292

ret, certfile, certkey);

288

293

fprintf(stdout, "The Error is: %s\n",

289

294

safer_gnutls_strerror(ret));

290

295

return -1;

343

348

__attribute__((unused)) const char *txt){}

344

349

345

350

int start_mandos_communication(const char *ip, uint16_t port,

346

unsigned int if_index){

351

AvahiIfIndex if_index){

347

352

int ret, tcp_sd;

348

353

struct sockaddr_in6 to;

349

354

encrypted_session es;

367

372

return -1;

368

373

}

369

374

370

if(if_indextoname(if_index, interface) == NULL){

375

if(if_indextoname((unsigned int)if_index, interface) == NULL){

371

376

if(debug){

372

377

perror("if_indextoname");

373

378

}

487

492

decrypted_buffer_size = pgp_packet_decrypt(buffer,

488

493

buffer_length,

489

494

&decrypted_buffer,

490

CERT_ROOT);

495

certdir);

491

496

if (decrypted_buffer_size >= 0){

492

497

while(written < (size_t) decrypted_buffer_size){

493

498

ret = (int)fwrite (decrypted_buffer + written, 1,

564

569

fprintf(stderr, "Mandos server \"%s\" found on %s (%s) on"

565

570

" port %d\n", name, host_name, ip, port);

566

571

}

567

int ret = start_mandos_communication(ip, port,

568

(unsigned int) interface);

572

int ret = start_mandos_communication(ip, port, interface);

569

573

if (ret == 0){

570

574

exit(EXIT_SUCCESS);

571

575

}

623

627

}

624

628

}

625

629

630

/* combinds file name and path and returns the malloced new string. som sane checks could/should be added */

631

const char *combinepath(const char *first, const char *second){

632

char *tmp;

633

tmp = malloc(strlen(first) + strlen(second) + 2);

634

if (tmp == NULL){

635

perror("malloc");

636

return NULL;

637

}

638

strcpy(tmp, first);

639

if (first[0] != '\0' and first[strlen(first) - 1] != '/'){

640

strcat(tmp, "/");

641

}

642

strcat(tmp, second);

643

return tmp;

644

}

645

646

626

647

int main(AVAHI_GCC_UNUSED int argc, AVAHI_GCC_UNUSED char*argv[]) {

627

648

AvahiServerConfig config;

628

649

AvahiSServiceBrowser *sb = NULL;

629

650

int error;

630

651

int ret;

631

652

int returncode = EXIT_SUCCESS;

632

const char *interface = "eth0";

633

unsigned int if_index;

653

const char *interface = NULL;

654

AvahiIfIndex if_index = AVAHI_IF_UNSPEC;

634

655

char *connect_to = NULL;

635

656

636

657

while (true){

637

658

static struct option long_options[] = {

638

659

{"debug", no_argument, (int *)&debug, 1},

639

{"connect", required_argument, 0, 'c'},

660

{"connect", required_argument, 0, 'C'},

640

661

{"interface", required_argument, 0, 'i'},

662

{"certdir", required_argument, 0, 'd'},

663

{"certkey", required_argument, 0, 'c'},

664

{"certfile", required_argument, 0, 'k'},

641

665

{0, 0, 0, 0} };

642

666

643

667

int option_index = 0;

654

678

case 'i':

655

679

interface = optarg;

656

680

break;

681

case 'C':

682

connect_to = optarg;

683

break;

684

case 'd':

685

certdir = optarg;

686

break;

657

687

case 'c':

658

connect_to = optarg;

688

certfile = optarg;

689

break;

690

case 'k':

691

certkey = optarg;

659

692

break;

660

693

default:

661

694

exit(EXIT_FAILURE);

662

695

}

663

696

}

697

698

certfile = combinepath(certdir, certfile);

699

if (certfile == NULL){

700

goto exit;

701

}

664

702

665

if_index = if_nametoindex(interface);

666

if(if_index == 0){

667

fprintf(stderr, "No such interface: \"%s\"\n", interface);

668

exit(EXIT_FAILURE);

703

if(interface != NULL){

704

if_index = (AvahiIfIndex) if_nametoindex(interface);

705

if(if_index == 0){

706

fprintf(stderr, "No such interface: \"%s\"\n", interface);

707

exit(EXIT_FAILURE);

708

}

669

709

}

670

710

671

711

if(connect_to != NULL){

692

732

}

693

733

}

694

734

735

certkey = combinepath(certdir, certkey);

736

if (certkey == NULL){

737

goto exit;

738

}

739

695

740

if (not debug){

696

741

avahi_set_log_function(empty_log);

697

742

}

729

774

}

730

775

731

776

/* Create the service browser */

732

sb = avahi_s_service_browser_new(server, (AvahiIfIndex)if_index,

777

sb = avahi_s_service_browser_new(server, if_index,

733

778

AVAHI_PROTO_INET6,

734

779

"_mandos._tcp", NULL, 0,

735

780

browse_callback, server);

763

808

764

809

if (simple_poll)

765

810

avahi_simple_poll_free(simple_poll);

766

811

free(certfile);

812

free(certkey);

813

767

814

return returncode;

768

815

}

Older »