4
* This file demonstrates how to use Avahi's core API, this is
5
* the embeddable mDNS stack for embedded applications.
1
/* -*- coding: utf-8 -*- */
3
* Mandos client - get and decrypt data from a Mandos server
7
* End user applications should *not* use this API and should use
8
* the D-Bus or C APIs, please see
9
* client-browse-services.c and glib-integration.c
11
* I repeat, you probably do *not* want to use this example.
5
* This program is partly derived from an example program for an Avahi
6
* service browser, downloaded from
7
* <http://avahi.org/browser/examples/core-browse-services.c>. This
8
* includes the following functions: "resolve_callback",
9
* "browse_callback", and parts of "main".
12
* Copyright © 2007-2008 Teddy Hogeborn & Björn Påhlsson
14
* This program is free software: you can redistribute it and/or
15
* modify it under the terms of the GNU General Public License as
16
* published by the Free Software Foundation, either version 3 of the
17
* License, or (at your option) any later version.
19
* This program is distributed in the hope that it will be useful, but
20
* WITHOUT ANY WARRANTY; without even the implied warranty of
21
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
22
* General Public License for more details.
24
* You should have received a copy of the GNU General Public License
25
* along with this program. If not, see
26
* <http://www.gnu.org/licenses/>.
28
* Contact the authors at <mandos@fukt.bsnet.se>.
15
This file is part of avahi.
17
avahi is free software; you can redistribute it and/or modify it
18
under the terms of the GNU Lesser General Public License as
19
published by the Free Software Foundation; either version 2.1 of the
20
License, or (at your option) any later version.
22
avahi is distributed in the hope that it will be useful, but WITHOUT
23
ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
24
or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General
25
Public License for more details.
27
You should have received a copy of the GNU Lesser General Public
28
License along with avahi; if not, write to the Free Software
29
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
31
/* Needed by GPGME, specifically gpgme_data_seek() */
33
32
#define _LARGEFILE_SOURCE
34
33
#define _FILE_OFFSET_BITS 64
47
46
#include <avahi-common/error.h>
49
48
//mandos client part
50
#include <sys/types.h> /* socket(), setsockopt(), inet_pton() */
51
#include <sys/socket.h> /* socket(), setsockopt(), struct sockaddr_in6, struct in6_addr, inet_pton() */
52
#include <gnutls/gnutls.h> /* ALL GNUTLS STUFF */
53
#include <gnutls/openpgp.h> /* gnutls with openpgp stuff */
49
#include <sys/types.h> /* socket(), inet_pton() */
50
#include <sys/socket.h> /* socket(), struct sockaddr_in6,
51
struct in6_addr, inet_pton() */
52
#include <gnutls/gnutls.h> /* All GnuTLS stuff */
53
#include <gnutls/openpgp.h> /* GnuTLS with openpgp stuff */
55
55
#include <unistd.h> /* close() */
56
56
#include <netinet/in.h>
79
82
} encrypted_session;
82
ssize_t gpg_packet_decrypt (char *packet, size_t packet_size, char **new_packet, char *homedir){
85
ssize_t pgp_packet_decrypt (char *packet, size_t packet_size,
86
char **new_packet, const char *homedir){
83
87
gpgme_data_t dh_crypto, dh_plain;
87
size_t new_packet_capacity = 0;
88
size_t new_packet_length = 0;
91
ssize_t new_packet_capacity = 0;
92
ssize_t new_packet_length = 0;
89
93
gpgme_engine_info_t engine_info;
96
fprintf(stderr, "Trying to decrypt OpenPGP packet\n");
92
100
gpgme_check_version(NULL);
93
gpgme_engine_check_version(GPGME_PROTOCOL_OpenPGP);
101
rc = gpgme_engine_check_version(GPGME_PROTOCOL_OpenPGP);
102
if (rc != GPG_ERR_NO_ERROR){
103
fprintf(stderr, "bad gpgme_engine_check_version: %s: %s\n",
104
gpgme_strsource(rc), gpgme_strerror(rc));
95
108
/* Set GPGME home directory */
96
109
rc = gpgme_get_engine_info (&engine_info);
139
/* Decrypt data from the FILE pointer to the plaintext data buffer */
152
/* Decrypt data from the FILE pointer to the plaintext data
140
154
rc = gpgme_op_decrypt(ctx, dh_crypto, dh_plain);
141
155
if (rc != GPG_ERR_NO_ERROR){
142
156
fprintf(stderr, "bad gpgme_op_decrypt: %s: %s\n",
143
157
gpgme_strsource(rc), gpgme_strerror(rc));
162
fprintf(stderr, "Decryption of OpenPGP packet succeeded\n");
166
gpgme_decrypt_result_t result;
167
result = gpgme_op_decrypt_result(ctx);
169
fprintf(stderr, "gpgme_op_decrypt_result failed\n");
171
fprintf(stderr, "Unsupported algorithm: %s\n",
172
result->unsupported_algorithm);
173
fprintf(stderr, "Wrong key usage: %d\n",
174
result->wrong_key_usage);
175
if(result->file_name != NULL){
176
fprintf(stderr, "File name: %s\n", result->file_name);
178
gpgme_recipient_t recipient;
179
recipient = result->recipients;
181
while(recipient != NULL){
182
fprintf(stderr, "Public key algorithm: %s\n",
183
gpgme_pubkey_algo_name(recipient->pubkey_algo));
184
fprintf(stderr, "Key ID: %s\n", recipient->keyid);
185
fprintf(stderr, "Secret key available: %s\n",
186
recipient->status == GPG_ERR_NO_SECKEY
188
recipient = recipient->next;
147
/* gpgme_decrypt_result_t result; */
148
/* result = gpgme_op_decrypt_result(ctx); */
149
/* fprintf(stderr, "Unsupported algorithm: %s\n", result->unsupported_algorithm); */
150
/* fprintf(stderr, "Wrong key usage: %d\n", result->wrong_key_usage); */
151
/* if(result->file_name != NULL){ */
152
/* fprintf(stderr, "File name: %s\n", result->file_name); */
154
/* gpgme_recipient_t recipient; */
155
/* recipient = result->recipients; */
157
/* while(recipient != NULL){ */
158
/* fprintf(stderr, "Public key algorithm: %s\n", */
159
/* gpgme_pubkey_algo_name(recipient->pubkey_algo)); */
160
/* fprintf(stderr, "Key ID: %s\n", recipient->keyid); */
161
/* fprintf(stderr, "Secret key available: %s\n", */
162
/* recipient->status == GPG_ERR_NO_SECKEY ? "No" : "Yes"); */
163
/* recipient = recipient->next; */
167
194
/* Delete the GPGME FILE pointer cryptotext data buffer */
168
195
gpgme_data_release(dh_crypto);
170
197
/* Seek back to the beginning of the GPGME plaintext data buffer */
171
gpgme_data_seek(dh_plain, 0, SEEK_SET);
198
if (gpgme_data_seek(dh_plain, (off_t) 0, SEEK_SET) == -1){
199
perror("pgpme_data_seek");
175
204
if (new_packet_length + BUFFER_SIZE > new_packet_capacity){
176
*new_packet = realloc(*new_packet, new_packet_capacity + BUFFER_SIZE);
205
*new_packet = realloc(*new_packet,
206
(unsigned int)new_packet_capacity
177
208
if (*new_packet == NULL){
178
209
perror("realloc");
258
fprintf(stderr, "Initializing GnuTLS\n");
217
261
if ((ret = gnutls_global_init ())
218
262
!= GNUTLS_E_SUCCESS) {
219
263
fprintf (stderr, "global_init: %s\n", safer_gnutls_strerror(ret));
223
/* Uncomment to enable full debuggin on the gnutls library */
224
/* gnutls_global_set_log_level(11); */
225
/* gnutls_global_set_log_function(debuggnutls); */
268
gnutls_global_set_log_level(11);
269
gnutls_global_set_log_function(debuggnutls);
228
272
/* openpgp credentials */
229
273
if ((ret = gnutls_certificate_allocate_credentials (&es->cred))
230
274
!= GNUTLS_E_SUCCESS) {
231
fprintf (stderr, "memory error: %s\n", safer_gnutls_strerror(ret));
275
fprintf (stderr, "memory error: %s\n",
276
safer_gnutls_strerror(ret));
281
fprintf(stderr, "Attempting to use OpenPGP certificate %s"
282
" and keyfile %s as GnuTLS credentials\n", certfile,
235
286
ret = gnutls_certificate_set_openpgp_key_file
236
(es->cred, CERTFILE, KEYFILE, GNUTLS_OPENPGP_FMT_BASE64);
287
(es->cred, certfile, certkey, GNUTLS_OPENPGP_FMT_BASE64);
237
288
if (ret != GNUTLS_E_SUCCESS) {
239
(stderr, "Error[%d] while reading the OpenPGP key pair ('%s', '%s')\n",
240
ret, CERTFILE, KEYFILE);
290
(stderr, "Error[%d] while reading the OpenPGP key pair ('%s',"
292
ret, certfile, certkey);
241
293
fprintf(stdout, "The Error is: %s\n",
242
294
safer_gnutls_strerror(ret));
246
//Gnutls server initialization
298
//GnuTLS server initialization
247
299
if ((ret = gnutls_dh_params_init (&es->dh_params))
248
300
!= GNUTLS_E_SUCCESS) {
249
301
fprintf (stderr, "Error in dh parameter initialization: %s\n",
250
302
safer_gnutls_strerror(ret));
254
306
if ((ret = gnutls_dh_params_generate2 (es->dh_params, DH_BITS))
255
307
!= GNUTLS_E_SUCCESS) {
256
308
fprintf (stderr, "Error in prime generation: %s\n",
257
309
safer_gnutls_strerror(ret));
261
313
gnutls_certificate_set_dh_params (es->cred, es->dh_params);
263
// Gnutls session creation
315
// GnuTLS session creation
264
316
if ((ret = gnutls_init (&es->session, GNUTLS_SERVER))
265
317
!= GNUTLS_E_SUCCESS){
266
fprintf(stderr, "Error in gnutls session initialization: %s\n",
318
fprintf(stderr, "Error in GnuTLS session initialization: %s\n",
267
319
safer_gnutls_strerror(ret));
270
322
if ((ret = gnutls_priority_set_direct (es->session, "NORMAL", &err))
271
323
!= GNUTLS_E_SUCCESS) {
272
324
fprintf(stderr, "Syntax error at: %s\n", err);
273
fprintf(stderr, "Gnutls error: %s\n",
325
fprintf(stderr, "GnuTLS error: %s\n",
274
326
safer_gnutls_strerror(ret));
278
330
if ((ret = gnutls_credentials_set
279
331
(es->session, GNUTLS_CRD_CERTIFICATE, es->cred))
280
332
!= GNUTLS_E_SUCCESS) {
282
334
safer_gnutls_strerror(ret));
286
338
/* ignore client certificate if any. */
287
gnutls_certificate_server_set_request (es->session, GNUTLS_CERT_IGNORE);
339
gnutls_certificate_server_set_request (es->session,
289
342
gnutls_dh_set_prime_bits (es->session, DH_BITS);
294
void empty_log(AvahiLogLevel level, const char *txt){}
347
void empty_log(__attribute__((unused)) AvahiLogLevel level,
348
__attribute__((unused)) const char *txt){}
296
int start_mandos_communcation(char *ip, uint16_t port){
350
int start_mandos_communication(const char *ip, uint16_t port,
351
AvahiIfIndex if_index){
298
353
struct sockaddr_in6 to;
299
struct in6_addr ip_addr;
300
354
encrypted_session es;
301
355
char *buffer = NULL;
302
356
char *decrypted_buffer;
303
357
size_t buffer_length = 0;
304
358
size_t buffer_capacity = 0;
305
359
ssize_t decrypted_buffer_size;
362
char interface[IF_NAMESIZE];
365
fprintf(stderr, "Setting up a tcp connection to %s, port %d\n",
309
369
tcp_sd = socket(PF_INET6, SOCK_STREAM, 0);
315
ret = setsockopt(tcp_sd, SOL_SOCKET, SO_BINDTODEVICE, "eth0", 5);
317
perror("setsockopt bindtodevice");
375
if(if_indextoname((unsigned int)if_index, interface) == NULL){
377
perror("if_indextoname");
321
memset(&to,0,sizeof(to));
383
fprintf(stderr, "Binding to interface %s\n", interface);
386
memset(&to,0,sizeof(to)); /* Spurious warning */
322
387
to.sin6_family = AF_INET6;
323
ret = inet_pton(AF_INET6, ip, &ip_addr);
388
ret = inet_pton(AF_INET6, ip, &to.sin6_addr);
325
390
perror("inet_pton");
329
394
fprintf(stderr, "Bad address: %s\n", ip);
332
to.sin6_port = htons(port);
333
to.sin6_scope_id = if_nametoindex("eth0");
397
to.sin6_port = htons(port); /* Spurious warning */
399
to.sin6_scope_id = (uint32_t)if_index;
402
fprintf(stderr, "Connection to: %s, port %d\n", ip, port);
403
/* char addrstr[INET6_ADDRSTRLEN]; */
404
/* if(inet_ntop(to.sin6_family, &(to.sin6_addr), addrstr, */
405
/* sizeof(addrstr)) == NULL){ */
406
/* perror("inet_ntop"); */
408
/* fprintf(stderr, "Really connecting to: %s, port %d\n", */
409
/* addrstr, ntohs(to.sin6_port)); */
335
413
ret = connect(tcp_sd, (struct sockaddr *) &to, sizeof(to));
348
gnutls_transport_set_ptr (es.session, (gnutls_transport_ptr_t) tcp_sd);
425
gnutls_transport_set_ptr (es.session,
426
(gnutls_transport_ptr_t) tcp_sd);
429
fprintf(stderr, "Establishing TLS session with %s\n", ip);
350
432
ret = gnutls_handshake (es.session);
352
434
if (ret != GNUTLS_E_SUCCESS){
353
fprintf(stderr, "\n*** Handshake failed ***\n");
436
fprintf(stderr, "\n*** Handshake failed ***\n");
443
//Retrieve OpenPGP packet that contains the wanted password
446
fprintf(stderr, "Retrieving pgp encrypted password from %s\n",
361
451
if (buffer_length + BUFFER_SIZE > buffer_capacity){
362
452
buffer = realloc(buffer, buffer_capacity + BUFFER_SIZE);
390
fprintf(stderr, "Unknown error while reading data from encrypted session with mandos server\n");
480
fprintf(stderr, "Unknown error while reading data from"
481
" encrypted session with mandos server\n");
392
483
gnutls_bye (es.session, GNUTLS_SHUT_RDWR);
396
buffer_length += ret;
487
buffer_length += (size_t) ret;
400
491
if (buffer_length > 0){
401
if ((decrypted_buffer_size = gpg_packet_decrypt(buffer, buffer_length, &decrypted_buffer, CERT_ROOT)) == 0){
492
decrypted_buffer_size = pgp_packet_decrypt(buffer,
496
if (decrypted_buffer_size >= 0){
497
while(written < (size_t) decrypted_buffer_size){
498
ret = (int)fwrite (decrypted_buffer + written, 1,
499
(size_t)decrypted_buffer_size - written,
501
if(ret == 0 and ferror(stdout)){
503
fprintf(stderr, "Error writing encrypted data: %s\n",
509
written += (size_t)ret;
511
free(decrypted_buffer);
404
fwrite (decrypted_buffer, 1, decrypted_buffer_size, stdout);
405
free(decrypted_buffer);
520
fprintf(stderr, "Closing TLS session\n");
412
524
gnutls_bye (es.session, GNUTLS_SHUT_RDWR);
432
544
const char *host_name,
433
545
const AvahiAddress *address,
435
AvahiStringList *txt,
436
AvahiLookupResultFlags flags,
547
AVAHI_GCC_UNUSED AvahiStringList *txt,
548
AVAHI_GCC_UNUSED AvahiLookupResultFlags flags,
437
549
AVAHI_GCC_UNUSED void* userdata) {
441
/* Called whenever a service has been resolved successfully or timed out */
444
case AVAHI_RESOLVER_FAILURE:
445
fprintf(stderr, "(Resolver) Failed to resolve service '%s' of type '%s' in domain '%s': %s\n", name, type, domain, avahi_strerror(avahi_server_errno(server)));
448
case AVAHI_RESOLVER_FOUND: {
449
char ip[AVAHI_ADDRESS_STR_MAX];
450
avahi_address_snprint(ip, sizeof(ip), address);
451
int ret = start_mandos_communcation(ip, port);
551
assert(r); /* Spurious warning */
553
/* Called whenever a service has been resolved successfully or
558
case AVAHI_RESOLVER_FAILURE:
559
fprintf(stderr, "(Resolver) Failed to resolve service '%s' of"
560
" type '%s' in domain '%s': %s\n", name, type, domain,
561
avahi_strerror(avahi_server_errno(server)));
564
case AVAHI_RESOLVER_FOUND:
566
char ip[AVAHI_ADDRESS_STR_MAX];
567
avahi_address_snprint(ip, sizeof(ip), address);
569
fprintf(stderr, "Mandos server \"%s\" found on %s (%s) on"
570
" port %d\n", name, host_name, ip, port);
572
int ret = start_mandos_communication(ip, port, interface);
459
avahi_s_service_resolver_free(r);
578
avahi_s_service_resolver_free(r);
462
581
static void browse_callback(
471
590
void* userdata) {
473
592
AvahiServer *s = userdata;
476
/* Called whenever a new services becomes available on the LAN or is removed from the LAN */
593
assert(b); /* Spurious warning */
595
/* Called whenever a new services becomes available on the LAN or
596
is removed from the LAN */
480
case AVAHI_BROWSER_FAILURE:
482
fprintf(stderr, "(Browser) %s\n", avahi_strerror(avahi_server_errno(server)));
483
avahi_simple_poll_quit(simple_poll);
486
case AVAHI_BROWSER_NEW:
487
/* We ignore the returned resolver object. In the callback
488
function we free it. If the server is terminated before
489
the callback function is called the server will free
490
the resolver for us. */
492
if (!(avahi_s_service_resolver_new(s, interface, protocol, name, type, domain, AVAHI_PROTO_INET6, 0, resolve_callback, s)))
493
fprintf(stderr, "Failed to resolve service '%s': %s\n", name, avahi_strerror(avahi_server_errno(s)));
497
case AVAHI_BROWSER_REMOVE:
500
case AVAHI_BROWSER_ALL_FOR_NOW:
501
case AVAHI_BROWSER_CACHE_EXHAUSTED:
600
case AVAHI_BROWSER_FAILURE:
602
fprintf(stderr, "(Browser) %s\n",
603
avahi_strerror(avahi_server_errno(server)));
604
avahi_simple_poll_quit(simple_poll);
607
case AVAHI_BROWSER_NEW:
608
/* We ignore the returned resolver object. In the callback
609
function we free it. If the server is terminated before
610
the callback function is called the server will free
611
the resolver for us. */
613
if (!(avahi_s_service_resolver_new(s, interface, protocol, name,
615
AVAHI_PROTO_INET6, 0,
616
resolve_callback, s)))
617
fprintf(stderr, "Failed to resolve service '%s': %s\n", name,
618
avahi_strerror(avahi_server_errno(s)));
621
case AVAHI_BROWSER_REMOVE:
624
case AVAHI_BROWSER_ALL_FOR_NOW:
625
case AVAHI_BROWSER_CACHE_EXHAUSTED:
630
/* combinds file name and path and returns the malloced new string. som sane checks could/should be added */
631
const char *combinepath(const char *first, const char *second){
633
tmp = malloc(strlen(first) + strlen(second) + 2);
639
if (first[0] != '\0' and first[strlen(first) - 1] != '/'){
506
647
int main(AVAHI_GCC_UNUSED int argc, AVAHI_GCC_UNUSED char*argv[]) {
507
648
AvahiServerConfig config;
508
649
AvahiSServiceBrowser *sb = NULL;
652
int returncode = EXIT_SUCCESS;
653
const char *interface = NULL;
654
AvahiIfIndex if_index = AVAHI_IF_UNSPEC;
655
char *connect_to = NULL;
658
static struct option long_options[] = {
659
{"debug", no_argument, (int *)&debug, 1},
660
{"connect", required_argument, 0, 'C'},
661
{"interface", required_argument, 0, 'i'},
662
{"certdir", required_argument, 0, 'd'},
663
{"certkey", required_argument, 0, 'c'},
664
{"certfile", required_argument, 0, 'k'},
667
int option_index = 0;
668
ret = getopt_long (argc, argv, "i:", long_options,
512
avahi_set_log_function(empty_log);
698
certfile = combinepath(certdir, certfile);
699
if (certfile == NULL){
703
if(interface != NULL){
704
if_index = (AvahiIfIndex) if_nametoindex(interface);
706
fprintf(stderr, "No such interface: \"%s\"\n", interface);
711
if(connect_to != NULL){
712
/* Connect directly, do not use Zeroconf */
713
/* (Mainly meant for debugging) */
714
char *address = strrchr(connect_to, ':');
716
fprintf(stderr, "No colon in address\n");
720
uint16_t port = (uint16_t) strtol(address+1, NULL, 10);
722
perror("Bad port number");
726
address = connect_to;
727
ret = start_mandos_communication(address, port, if_index);
735
certkey = combinepath(certdir, certkey);
736
if (certkey == NULL){
741
avahi_set_log_function(empty_log);
514
744
/* Initialize the psuedo-RNG */
745
srand((unsigned int) time(NULL));
517
747
/* Allocate main loop object */
518
748
if (!(simple_poll = avahi_simple_poll_new())) {
519
749
fprintf(stderr, "Failed to create simple poll object.\n");
523
754
/* Do not publish any local records */
527
758
config.publish_workstation = 0;
528
759
config.publish_domain = 0;
530
/* /\* Set a unicast DNS server for wide area DNS-SD *\/ */
531
/* avahi_address_parse("193.11.177.11", AVAHI_PROTO_UNSPEC, &config.wide_area_servers[0]); */
532
/* config.n_wide_area_servers = 1; */
533
/* config.enable_wide_area = 1; */
535
761
/* Allocate a new server */
536
server = avahi_server_new(avahi_simple_poll_get(simple_poll), &config, NULL, NULL, &error);
762
server = avahi_server_new(avahi_simple_poll_get(simple_poll),
763
&config, NULL, NULL, &error);
538
765
/* Free the configuration data */
539
766
avahi_server_config_free(&config);
541
/* Check wether creating the server object succeeded */
768
/* Check if creating the server object succeeded */
543
fprintf(stderr, "Failed to create server: %s\n", avahi_strerror(error));
770
fprintf(stderr, "Failed to create server: %s\n",
771
avahi_strerror(error));
772
returncode = EXIT_FAILURE;
547
776
/* Create the service browser */
548
if (!(sb = avahi_s_service_browser_new(server, if_nametoindex("eth0"), AVAHI_PROTO_INET6, "_mandos._tcp", NULL, 0, browse_callback, server))) {
549
fprintf(stderr, "Failed to create service browser: %s\n", avahi_strerror(avahi_server_errno(server)));
777
sb = avahi_s_service_browser_new(server, if_index,
779
"_mandos._tcp", NULL, 0,
780
browse_callback, server);
782
fprintf(stderr, "Failed to create service browser: %s\n",
783
avahi_strerror(avahi_server_errno(server)));
784
returncode = EXIT_FAILURE;
553
788
/* Run the main loop */
791
fprintf(stderr, "Starting avahi loop search\n");
554
794
avahi_simple_poll_loop(simple_poll);
799
fprintf(stderr, "%s exiting\n", argv[0]);
560
802
/* Cleanup things */