/mandos/release : revision 36

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to plugins.d/mandosclient.c

Committer: Teddy Hogeborn
Date: 2008-08-02 14:33:47 UTC
Revision ID: teddy@fukt.bsnet.se-20080802143347-u1m4zs1q0feu72ei

* TODO: Converted to org-mode style

* plugins.d/mandosclient.c (certdir): Changed to "/conf/conf.d/mandos/".
  (certdir, certfile, certkey, pgp_packet_decrypt, debuggnutls,
  initgnutls, empty_log, combinepath): Made static.
  (combinepath): Rewritten to only get the argument string lengths
                 once.  Do not print error message; leave that to
                 caller.  All callers changed.

files added:
ca.pem

cert.pem

client-cert.pem

client-key.pem

crl.pem

key.pem

files removed:
.bzrignore

COPYING

initramfs-tools-hook

initramfs-tools-hook-conf

initramfs-tools-script

mandos-clients.conf.xml

mandos-keygen

mandos-keygen.xml

mandos-options.xml

mandos.conf.xml

mandos.xml

overview.xml

plugin-runner.xml

plugins.d/password-prompt.xml

plugins.d/password-request.xml

plugins.d/usplash

files renamed:
plugin-runner.c => plugbasedclient.c

plugins.d/password-request.c => plugins.d/mandosclient.c

plugins.d/password-prompt.c => plugins.d/passprompt.c

mandos.conf => server.conf

mandos => server.py

files modified:
Makefile

TODO

clients.conf

Show diffs side-by-side

added added

removed removed

plugins.d/mandosclient.c

#define _LARGEFILE_SOURCE

#define _FILE_OFFSET_BITS 64

#define _GNU_SOURCE /* TEMP_FAILURE_RETRY(), asprintf() */

#include <stdio.h> /* fprintf(), stderr, fwrite(),

stdout, ferror() */

#include <stdint.h> /* uint16_t, uint32_t */

#include <stddef.h> /* NULL, size_t, ssize_t */

#include <stdlib.h> /* free(), EXIT_SUCCESS, EXIT_FAILURE,

srand() */

#include <stdbool.h> /* bool, true */

#include <string.h> /* memset(), strcmp(), strlen(),

strerror(), asprintf(), strcpy() */

#include <sys/ioctl.h> /* ioctl */

#include <sys/types.h> /* socket(), inet_pton(), sockaddr,

sockaddr_in6, PF_INET6,

SOCK_STREAM, INET6_ADDRSTRLEN,

uid_t, gid_t */

#include <inttypes.h> /* PRIu16 */

#include <sys/socket.h> /* socket(), struct sockaddr_in6,

struct in6_addr, inet_pton(),

connect() */

#include <assert.h> /* assert() */

#include <errno.h> /* perror(), errno */

#include <time.h> /* time() */

#include <net/if.h> /* ioctl, ifreq, SIOCGIFFLAGS, IFF_UP,

SIOCSIFFLAGS, if_indextoname(),

if_nametoindex(), IF_NAMESIZE */

#include <unistd.h> /* close(), SEEK_SET, off_t, write(),

getuid(), getgid(), setuid(),

setgid() */

#include <netinet/in.h>

#include <arpa/inet.h> /* inet_pton(), htons */

#include <iso646.h> /* not, and */

#include <argp.h> /* struct argp_option, error_t, struct

argp_state, struct argp,

argp_parse(), ARGP_KEY_ARG,

ARGP_KEY_END, ARGP_ERR_UNKNOWN */

/* Avahi */

/* All Avahi types, constants and functions

Avahi*, avahi_*,

AVAHI_* */

#include <stdio.h>

#include <assert.h>

#include <stdlib.h>

#include <time.h>

#include <net/if.h> /* if_nametoindex */

#include <avahi-core/core.h>

#include <avahi-core/lookup.h>

#include <avahi-core/log.h>

#include <avahi-common/malloc.h>

#include <avahi-common/error.h>

/* GnuTLS */

#include <gnutls/gnutls.h> /* All GnuTLS types, constants and

functions:

gnutls_*

init_gnutls_session(),

GNUTLS_* */

#include <gnutls/openpgp.h> /* gnutls_certificate_set_openpgp_key_file(),

GNUTLS_OPENPGP_FMT_BASE64 */

/* GPGME */

#include <gpgme.h> /* All GPGME types, constants and

functions:

gpgme_*

GPGME_PROTOCOL_OpenPGP,

GPG_ERR_NO_* */

//mandos client part

#include <sys/types.h> /* socket(), inet_pton() */

#include <sys/socket.h> /* socket(), struct sockaddr_in6,

struct in6_addr, inet_pton() */

#include <gnutls/gnutls.h> /* All GnuTLS stuff */

#include <gnutls/openpgp.h> /* GnuTLS with openpgp stuff */

#include <unistd.h> /* close() */

#include <netinet/in.h>

#include <stdbool.h> /* true */

#include <string.h> /* memset */

#include <arpa/inet.h> /* inet_pton() */

#include <iso646.h> /* not */

// gpgme

#include <errno.h> /* perror() */

#include <gpgme.h>

// getopt long

#include <getopt.h>

#define BUFFER_SIZE 256

#define DH_BITS 1024

static const char *certdir = "/conf/conf.d/mandos";

static const char *certfile = "openpgp-client.txt";

static const char *certkey = "openpgp-client-key.txt";

100

101

bool debug = false;

102

static const char *keydir = "/conf/conf.d/mandos";

103

static const char mandos_protocol_version[] = "1";

104

const char *argp_program_version = "password-request 1.0";

105

const char *argp_program_bug_address = "<mandos@fukt.bsnet.se>";

106

107

/* Used for passing in values through the Avahi callback functions */

108

typedef struct {

109

AvahiSimplePoll *simple_poll;

110

AvahiServer *server;

gnutls_session_t session;

111

gnutls_certificate_credentials_t cred;

112

unsigned int dh_bits;

113

gnutls_dh_params_t dh_params;

114

const char *priority;

115

} mandos_context;

116

117

118

* Make room in "buffer" for at least BUFFER_SIZE additional bytes.

119

* "buffer_capacity" is how much is currently allocated,

120

* "buffer_length" is how much is already used.

121

122

size_t adjustbuffer(char **buffer, size_t buffer_length,

123

size_t buffer_capacity){

124

if (buffer_length + BUFFER_SIZE > buffer_capacity){

125

*buffer = realloc(*buffer, buffer_capacity + BUFFER_SIZE);

126

if (buffer == NULL){

127

return 0;

128

}

129

buffer_capacity += BUFFER_SIZE;

130

}

131

return buffer_capacity;

132

}

133

134

135

* Decrypt OpenPGP data using keyrings in HOMEDIR.

136

* Returns -1 on error

137

138

static ssize_t pgp_packet_decrypt (const char *cryptotext,

139

size_t crypto_size,

140

char **plaintext,

} encrypted_session;

static ssize_t pgp_packet_decrypt (char *packet, size_t packet_size,

char **new_packet,

141

const char *homedir){

142

gpgme_data_t dh_crypto, dh_plain;

143

gpgme_ctx_t ctx;

144

gpgme_error_t rc;

145

ssize_t ret;

146

size_t plaintext_capacity = 0;

147

ssize_t plaintext_length = 0;

ssize_t new_packet_capacity = 0;

ssize_t new_packet_length = 0;

148

gpgme_engine_info_t engine_info;

149

150

if (debug){

151

fprintf(stderr, "Trying to decrypt OpenPGP data\n");

fprintf(stderr, "Trying to decrypt OpenPGP packet\n");

152

}

153

154

100

/* Init GPGME */

160

106

return -1;

161

107

}

162

108

163

/* Set GPGME home directory for the OpenPGP engine only */

109

/* Set GPGME home directory */

164

110

rc = gpgme_get_engine_info (&engine_info);

165

111

if (rc != GPG_ERR_NO_ERROR){

166

112

fprintf(stderr, "bad gpgme_get_engine_info: %s: %s\n",

176

122

engine_info = engine_info->next;

177

123

}

178

124

if(engine_info == NULL){

179

fprintf(stderr, "Could not set GPGME home dir to %s\n", homedir);

125

fprintf(stderr, "Could not set home dir to %s\n", homedir);

180

126

return -1;

181

127

}

182

128

183

/* Create new GPGME data buffer from memory cryptotext */

184

rc = gpgme_data_new_from_mem(&dh_crypto, cryptotext, crypto_size,

185

0);

129

/* Create new GPGME data buffer from packet buffer */

130

rc = gpgme_data_new_from_mem(&dh_crypto, packet, packet_size, 0);

186

131

if (rc != GPG_ERR_NO_ERROR){

187

132

fprintf(stderr, "bad gpgme_data_new_from_mem: %s: %s\n",

188

133

gpgme_strsource(rc), gpgme_strerror(rc));

194

139

if (rc != GPG_ERR_NO_ERROR){

195

140

fprintf(stderr, "bad gpgme_data_new: %s: %s\n",

196

141

gpgme_strsource(rc), gpgme_strerror(rc));

197

gpgme_data_release(dh_crypto);

198

142

return -1;

199

143

}

200

144

203

147

if (rc != GPG_ERR_NO_ERROR){

204

148

fprintf(stderr, "bad gpgme_new: %s: %s\n",

205

149

gpgme_strsource(rc), gpgme_strerror(rc));

206

plaintext_length = -1;

207

goto decrypt_end;

150

return -1;

208

151

}

209

152

210

/* Decrypt data from the cryptotext data buffer to the plaintext

211

data buffer */

153

/* Decrypt data from the FILE pointer to the plaintext data

154

buffer */

212

155

rc = gpgme_op_decrypt(ctx, dh_crypto, dh_plain);

213

156

if (rc != GPG_ERR_NO_ERROR){

214

157

fprintf(stderr, "bad gpgme_op_decrypt: %s: %s\n",

215

158

gpgme_strsource(rc), gpgme_strerror(rc));

216

plaintext_length = -1;

217

if (debug){

218

gpgme_decrypt_result_t result;

219

result = gpgme_op_decrypt_result(ctx);

220

if (result == NULL){

221

fprintf(stderr, "gpgme_op_decrypt_result failed\n");

222

} else {

223

fprintf(stderr, "Unsupported algorithm: %s\n",

224

result->unsupported_algorithm);

225

fprintf(stderr, "Wrong key usage: %u\n",

226

result->wrong_key_usage);

227

if(result->file_name != NULL){

228

fprintf(stderr, "File name: %s\n", result->file_name);

229

}

230

gpgme_recipient_t recipient;

231

recipient = result->recipients;

232

if(recipient){

233

while(recipient != NULL){

234

fprintf(stderr, "Public key algorithm: %s\n",

235

gpgme_pubkey_algo_name(recipient->pubkey_algo));

236

fprintf(stderr, "Key ID: %s\n", recipient->keyid);

237

fprintf(stderr, "Secret key available: %s\n",

238

recipient->status == GPG_ERR_NO_SECKEY

239

? "No" : "Yes");

240

recipient = recipient->next;

241

}

159

return -1;

160

}

161

162

if(debug){

163

fprintf(stderr, "Decryption of OpenPGP packet succeeded\n");

164

}

165

166

if (debug){

167

gpgme_decrypt_result_t result;

168

result = gpgme_op_decrypt_result(ctx);

169

if (result == NULL){

170

fprintf(stderr, "gpgme_op_decrypt_result failed\n");

171

} else {

172

fprintf(stderr, "Unsupported algorithm: %s\n",

173

result->unsupported_algorithm);

174

fprintf(stderr, "Wrong key usage: %d\n",

175

result->wrong_key_usage);

176

if(result->file_name != NULL){

177

fprintf(stderr, "File name: %s\n", result->file_name);

178

}

179

gpgme_recipient_t recipient;

180

recipient = result->recipients;

181

if(recipient){

182

while(recipient != NULL){

183

fprintf(stderr, "Public key algorithm: %s\n",

184

gpgme_pubkey_algo_name(recipient->pubkey_algo));

185

fprintf(stderr, "Key ID: %s\n", recipient->keyid);

186

fprintf(stderr, "Secret key available: %s\n",

187

recipient->status == GPG_ERR_NO_SECKEY

188

? "No" : "Yes");

189

recipient = recipient->next;

242

190

}

243

191

}

244

192

}

245

goto decrypt_end;

246

193

}

247

194

248

if(debug){

249

fprintf(stderr, "Decryption of OpenPGP data succeeded\n");

250

}

195

/* Delete the GPGME FILE pointer cryptotext data buffer */

196

gpgme_data_release(dh_crypto);

251

197

252

198

/* Seek back to the beginning of the GPGME plaintext data buffer */

253

199

if (gpgme_data_seek(dh_plain, (off_t) 0, SEEK_SET) == -1){

254

200

perror("pgpme_data_seek");

255

plaintext_length = -1;

256

goto decrypt_end;

257

201

}

258

202

259

*plaintext = NULL;

203

*new_packet = 0;

260

204

while(true){

261

plaintext_capacity = adjustbuffer(plaintext,

262

(size_t)plaintext_length,

263

plaintext_capacity);

264

if (plaintext_capacity == 0){

265

perror("adjustbuffer");

266

plaintext_length = -1;

267

goto decrypt_end;

205

if (new_packet_length + BUFFER_SIZE > new_packet_capacity){

206

*new_packet = realloc(*new_packet,

207

(unsigned int)new_packet_capacity

208

+ BUFFER_SIZE);

209

if (*new_packet == NULL){

210

perror("realloc");

211

return -1;

212

}

213

new_packet_capacity += BUFFER_SIZE;

268

214

}

269

215

270

ret = gpgme_data_read(dh_plain, *plaintext + plaintext_length,

216

ret = gpgme_data_read(dh_plain, *new_packet + new_packet_length,

271

217

BUFFER_SIZE);

272

218

/* Print the data, if any */

273

219

if (ret == 0){

274

/* EOF */

275

220

break;

276

221

}

277

222

if(ret < 0){

278

223

perror("gpgme_data_read");

279

plaintext_length = -1;

280

goto decrypt_end;

224

return -1;

281

225

}

282

plaintext_length += ret;

226

new_packet_length += ret;

283

227

}

284

228

285

if(debug){

286

fprintf(stderr, "Decrypted password is: ");

287

for(ssize_t i = 0; i < plaintext_length; i++){

288

fprintf(stderr, "%02hhX ", (*plaintext)[i]);

289

}

290

fprintf(stderr, "\n");

291

}

292

293

decrypt_end:

294

295

/* Delete the GPGME cryptotext data buffer */

296

gpgme_data_release(dh_crypto);

229

/* FIXME: check characters before printing to screen so to not print

230

terminal control characters */

231

/* if(debug){ */

232

/* fprintf(stderr, "decrypted password is: "); */

233

/* fwrite(*new_packet, 1, new_packet_length, stderr); */

234

/* fprintf(stderr, "\n"); */

235

/* } */

297

236

298

237

/* Delete the GPGME plaintext data buffer */

299

238

gpgme_data_release(dh_plain);

300

return plaintext_length;

239

return new_packet_length;

301

240

}

302

241

303

242

static const char * safer_gnutls_strerror (int value) {

304

const char *ret = gnutls_strerror (value); /* Spurious warning */

243

const char *ret = gnutls_strerror (value);

305

244

if (ret == NULL)

306

245

ret = "(unknown)";

307

246

return ret;

308

247

}

309

248

310

/* GnuTLS log function callback */

311

249

static void debuggnutls(__attribute__((unused)) int level,

312

250

const char* string){

313

fprintf(stderr, "GnuTLS: %s", string);

251

fprintf(stderr, "%s", string);

314

252

}

315

253

316

static int init_gnutls_global(mandos_context *mc,

317

const char *pubkeyfilename,

318

const char *seckeyfilename){

254

static int initgnutls(encrypted_session *es){

255

const char *err;

319

256

int ret;

320

257

321

258

if(debug){

322

259

fprintf(stderr, "Initializing GnuTLS\n");

323

260

}

324

325

ret = gnutls_global_init();

326

if (ret != GNUTLS_E_SUCCESS) {

327

fprintf (stderr, "GnuTLS global_init: %s\n",

328

safer_gnutls_strerror(ret));

261

262

if ((ret = gnutls_global_init ())

263

!= GNUTLS_E_SUCCESS) {

264

fprintf (stderr, "global_init: %s\n", safer_gnutls_strerror(ret));

329

265

return -1;

330

266

}

331

267

332

268

if (debug){

333

/* "Use a log level over 10 to enable all debugging options."

334

* - GnuTLS manual

335

336

269

gnutls_global_set_log_level(11);

337

270

gnutls_global_set_log_function(debuggnutls);

338

271

}

339

272

340

/* OpenPGP credentials */

341

gnutls_certificate_allocate_credentials(&mc->cred);

342

if (ret != GNUTLS_E_SUCCESS){

343

fprintf (stderr, "GnuTLS memory error: %s\n", /* Spurious

344

warning */

273

/* openpgp credentials */

274

if ((ret = gnutls_certificate_allocate_credentials (&es->cred))

275

!= GNUTLS_E_SUCCESS) {

276

fprintf (stderr, "memory error: %s\n",

345

277

safer_gnutls_strerror(ret));

346

gnutls_global_deinit ();

347

278

return -1;

348

279

}

349

280

350

281

if(debug){

351

282

fprintf(stderr, "Attempting to use OpenPGP certificate %s"

352

" and keyfile %s as GnuTLS credentials\n", pubkeyfilename,

353

seckeyfilename);

283

" and keyfile %s as GnuTLS credentials\n", certfile,

284

certkey);

354

285

}

355

286

356

287

ret = gnutls_certificate_set_openpgp_key_file

357

(mc->cred, pubkeyfilename, seckeyfilename,

358

GNUTLS_OPENPGP_FMT_BASE64);

288

(es->cred, certfile, certkey, GNUTLS_OPENPGP_FMT_BASE64);

359

289

if (ret != GNUTLS_E_SUCCESS) {

360

fprintf(stderr,

361

"Error[%d] while reading the OpenPGP key pair ('%s',"

362

" '%s')\n", ret, pubkeyfilename, seckeyfilename);

363

fprintf(stdout, "The GnuTLS error is: %s\n",

290

fprintf

291

(stderr, "Error[%d] while reading the OpenPGP key pair ('%s',"

292

" '%s')\n",

293

ret, certfile, certkey);

294

fprintf(stdout, "The Error is: %s\n",

364

295

safer_gnutls_strerror(ret));

365

goto globalfail;

366

}

367

368

/* GnuTLS server initialization */

369

ret = gnutls_dh_params_init(&mc->dh_params);

370

if (ret != GNUTLS_E_SUCCESS) {

371

fprintf (stderr, "Error in GnuTLS DH parameter initialization:"

372

" %s\n", safer_gnutls_strerror(ret));

373

goto globalfail;

374

}

375

ret = gnutls_dh_params_generate2(mc->dh_params, mc->dh_bits);

376

if (ret != GNUTLS_E_SUCCESS) {

377

fprintf (stderr, "Error in GnuTLS prime generation: %s\n",

378

safer_gnutls_strerror(ret));

379

goto globalfail;

380

}

381

382

gnutls_certificate_set_dh_params(mc->cred, mc->dh_params);

383

384

return 0;

385

386

globalfail:

387

388

gnutls_certificate_free_credentials(mc->cred);

389

gnutls_global_deinit();

390

return -1;

391

392

}

393

394

static int init_gnutls_session(mandos_context *mc,

395

gnutls_session_t *session){

396

int ret;

397

/* GnuTLS session creation */

398

ret = gnutls_init(session, GNUTLS_SERVER);

399

if (ret != GNUTLS_E_SUCCESS){

296

return -1;

297

}

298

299

//GnuTLS server initialization

300

if ((ret = gnutls_dh_params_init (&es->dh_params))

301

!= GNUTLS_E_SUCCESS) {

302

fprintf (stderr, "Error in dh parameter initialization: %s\n",

303

safer_gnutls_strerror(ret));

304

return -1;

305

}

306

307

if ((ret = gnutls_dh_params_generate2 (es->dh_params, DH_BITS))

308

!= GNUTLS_E_SUCCESS) {

309

fprintf (stderr, "Error in prime generation: %s\n",

310

safer_gnutls_strerror(ret));

311

return -1;

312

}

313

314

gnutls_certificate_set_dh_params (es->cred, es->dh_params);

315

316

// GnuTLS session creation

317

if ((ret = gnutls_init (&es->session, GNUTLS_SERVER))

318

!= GNUTLS_E_SUCCESS){

400

319

fprintf(stderr, "Error in GnuTLS session initialization: %s\n",

401

320

safer_gnutls_strerror(ret));

402

321

}

403

322

404

{

405

const char *err;

406

ret = gnutls_priority_set_direct(*session, mc->priority, &err);

407

if (ret != GNUTLS_E_SUCCESS) {

408

fprintf(stderr, "Syntax error at: %s\n", err);

409

fprintf(stderr, "GnuTLS error: %s\n",

410

safer_gnutls_strerror(ret));

411

gnutls_deinit (*session);

412

return -1;

413

}

323

if ((ret = gnutls_priority_set_direct (es->session, "NORMAL", &err))

324

!= GNUTLS_E_SUCCESS) {

325

fprintf(stderr, "Syntax error at: %s\n", err);

326

fprintf(stderr, "GnuTLS error: %s\n",

327

safer_gnutls_strerror(ret));

328

return -1;

414

329

}

415

330

416

ret = gnutls_credentials_set(*session, GNUTLS_CRD_CERTIFICATE,

417

mc->cred);

418

if (ret != GNUTLS_E_SUCCESS) {

419

fprintf(stderr, "Error setting GnuTLS credentials: %s\n",

331

if ((ret = gnutls_credentials_set

332

(es->session, GNUTLS_CRD_CERTIFICATE, es->cred))

333

!= GNUTLS_E_SUCCESS) {

334

fprintf(stderr, "Error setting a credentials set: %s\n",

420

335

safer_gnutls_strerror(ret));

421

gnutls_deinit (*session);

422

336

return -1;

423

337

}

424

338

425

339

/* ignore client certificate if any. */

426

gnutls_certificate_server_set_request (*session,

340

gnutls_certificate_server_set_request (es->session,

427

341

GNUTLS_CERT_IGNORE);

428

342

429

gnutls_dh_set_prime_bits (*session, mc->dh_bits);

343

gnutls_dh_set_prime_bits (es->session, DH_BITS);

430

344

431

345

return 0;

432

346

}

433

347

434

/* Avahi log function callback */

435

348

static void empty_log(__attribute__((unused)) AvahiLogLevel level,

436

349

__attribute__((unused)) const char *txt){}

437

350

438

/* Called when a Mandos server is found */

439

351

static int start_mandos_communication(const char *ip, uint16_t port,

440

AvahiIfIndex if_index,

441

mandos_context *mc){

352

AvahiIfIndex if_index){

442

353

int ret, tcp_sd;

443

union { struct sockaddr in; struct sockaddr_in6 in6; } to;

354

struct sockaddr_in6 to;

355

encrypted_session es;

444

356

char *buffer = NULL;

445

357

char *decrypted_buffer;

446

358

size_t buffer_length = 0;

447

359

size_t buffer_capacity = 0;

448

360

ssize_t decrypted_buffer_size;

449

size_t written;

361

size_t written = 0;

450

362

int retval = 0;

451

363

char interface[IF_NAMESIZE];

452

gnutls_session_t session;

453

454

ret = init_gnutls_session (mc, &session);

455

if (ret != 0){

456

return -1;

457

}

458

364

459

365

if(debug){

460

fprintf(stderr, "Setting up a tcp connection to %s, port %" PRIu16

461

"\n", ip, port);

366

fprintf(stderr, "Setting up a tcp connection to %s, port %d\n",

367

ip, port);

462

368

}

463

369

464

370

tcp_sd = socket(PF_INET6, SOCK_STREAM, 0);

466

372

perror("socket");

467

373

return -1;

468

374

}

469

470

if(debug){

471

if(if_indextoname((unsigned int)if_index, interface) == NULL){

375

376

if(if_indextoname((unsigned int)if_index, interface) == NULL){

377

if(debug){

472

378

perror("if_indextoname");

473

return -1;

474

379

}

380

return -1;

381

}

382

383

if(debug){

475

384

fprintf(stderr, "Binding to interface %s\n", interface);

476

385

}

477

386

478

memset(&to, 0, sizeof(to));

479

to.in6.sin6_family = AF_INET6;

480

/* It would be nice to have a way to detect if we were passed an

481

IPv4 address here. Now we assume an IPv6 address. */

482

ret = inet_pton(AF_INET6, ip, &to.in6.sin6_addr);

387

memset(&to,0,sizeof(to)); /* Spurious warning */

388

to.sin6_family = AF_INET6;

389

ret = inet_pton(AF_INET6, ip, &to.sin6_addr);

483

390

if (ret < 0 ){

484

391

perror("inet_pton");

485

392

return -1;

486

}

393

}

487

394

if(ret == 0){

488

395

fprintf(stderr, "Bad address: %s\n", ip);

489

396

return -1;

490

397

}

491

to.in6.sin6_port = htons(port); /* Spurious warning */

398

to.sin6_port = htons(port); /* Spurious warning */

492

399

493

to.in6.sin6_scope_id = (uint32_t)if_index;

400

to.sin6_scope_id = (uint32_t)if_index;

494

401

495

402

if(debug){

496

fprintf(stderr, "Connection to: %s, port %" PRIu16 "\n", ip,

497

port);

498

char addrstr[INET6_ADDRSTRLEN] = "";

499

if(inet_ntop(to.in6.sin6_family, &(to.in6.sin6_addr), addrstr,

500

sizeof(addrstr)) == NULL){

501

perror("inet_ntop");

502

} else {

503

if(strcmp(addrstr, ip) != 0){

504

fprintf(stderr, "Canonical address form: %s\n", addrstr);

505

}

506

}

403

fprintf(stderr, "Connection to: %s, port %d\n", ip, port);

404

/* char addrstr[INET6_ADDRSTRLEN]; */

405

/* if(inet_ntop(to.sin6_family, &(to.sin6_addr), addrstr, */

406

/* sizeof(addrstr)) == NULL){ */

407

/* perror("inet_ntop"); */

408

/* } else { */

409

/* fprintf(stderr, "Really connecting to: %s, port %d\n", */

410

/* addrstr, ntohs(to.sin6_port)); */

411

/* } */

507

412

}

508

413

509

ret = connect(tcp_sd, &to.in, sizeof(to));

414

ret = connect(tcp_sd, (struct sockaddr *) &to, sizeof(to));

510

415

if (ret < 0){

511

416

perror("connect");

512

417

return -1;

513

418

}

514

515

const char *out = mandos_protocol_version;

516

written = 0;

517

while (true){

518

size_t out_size = strlen(out);

519

ret = TEMP_FAILURE_RETRY(write(tcp_sd, out + written,

520

out_size - written));

521

if (ret == -1){

522

perror("write");

523

retval = -1;

524

goto mandos_end;

525

}

526

written += (size_t)ret;

527

if(written < out_size){

528

continue;

529

} else {

530

if (out == mandos_protocol_version){

531

written = 0;

532

out = "\r\n";

533

} else {

534

break;

535

}

536

}

419

420

ret = initgnutls (&es);

421

if (ret != 0){

422

retval = -1;

423

return -1;

537

424

}

538

425

426

gnutls_transport_set_ptr (es.session,

427

(gnutls_transport_ptr_t) tcp_sd);

428

539

429

if(debug){

540

430

fprintf(stderr, "Establishing TLS session with %s\n", ip);

541

431

}

542

432

543

gnutls_transport_set_ptr (session, (gnutls_transport_ptr_t) tcp_sd);

544

545

do{

546

ret = gnutls_handshake (session);

547

} while(ret == GNUTLS_E_AGAIN or ret == GNUTLS_E_INTERRUPTED);

433

ret = gnutls_handshake (es.session);

548

434

549

435

if (ret != GNUTLS_E_SUCCESS){

550

436

if(debug){

551

fprintf(stderr, "*** GnuTLS Handshake failed ***\n");

437

fprintf(stderr, "\n*** Handshake failed ***\n");

552

438

gnutls_perror (ret);

553

439

}

554

440

retval = -1;

555

goto mandos_end;

441

goto exit;

556

442

}

557

443

558

/* Read OpenPGP packet that contains the wanted password */

444

//Retrieve OpenPGP packet that contains the wanted password

559

445

560

446

if(debug){

561

447

fprintf(stderr, "Retrieving pgp encrypted password from %s\n",

563

449

}

564

450

565

451

while(true){

566

buffer_capacity = adjustbuffer(&buffer, buffer_length,

567

buffer_capacity);

568

if (buffer_capacity == 0){

569

perror("adjustbuffer");

570

retval = -1;

571

goto mandos_end;

452

if (buffer_length + BUFFER_SIZE > buffer_capacity){

453

buffer = realloc(buffer, buffer_capacity + BUFFER_SIZE);

454

if (buffer == NULL){

455

perror("realloc");

456

goto exit;

457

}

458

buffer_capacity += BUFFER_SIZE;

572

459

}

573

460

574

ret = gnutls_record_recv(session, buffer+buffer_length,

575

BUFFER_SIZE);

461

ret = gnutls_record_recv

462

(es.session, buffer+buffer_length, BUFFER_SIZE);

576

463

if (ret == 0){

577

464

break;

578

465

}

582

469

case GNUTLS_E_AGAIN:

583

470

break;

584

471

case GNUTLS_E_REHANDSHAKE:

585

do{

586

ret = gnutls_handshake (session);

587

} while(ret == GNUTLS_E_AGAIN or ret == GNUTLS_E_INTERRUPTED);

472

ret = gnutls_handshake (es.session);

588

473

if (ret < 0){

589

fprintf(stderr, "*** GnuTLS Re-handshake failed ***\n");

474

fprintf(stderr, "\n*** Handshake failed ***\n");

590

475

gnutls_perror (ret);

591

476

retval = -1;

592

goto mandos_end;

477

goto exit;

593

478

}

594

479

break;

595

480

default:

596

481

fprintf(stderr, "Unknown error while reading data from"

597

" encrypted session with Mandos server\n");

482

" encrypted session with mandos server\n");

598

483

retval = -1;

599

gnutls_bye (session, GNUTLS_SHUT_RDWR);

600

goto mandos_end;

484

gnutls_bye (es.session, GNUTLS_SHUT_RDWR);

485

goto exit;

601

486

}

602

487

} else {

603

488

buffer_length += (size_t) ret;

604

489

}

605

490

}

606

491

607

if(debug){

608

fprintf(stderr, "Closing TLS session\n");

609

}

610

611

gnutls_bye (session, GNUTLS_SHUT_RDWR);

612

613

492

if (buffer_length > 0){

614

493

decrypted_buffer_size = pgp_packet_decrypt(buffer,

615

494

buffer_length,

616

495

&decrypted_buffer,

617

keydir);

496

certdir);

618

497

if (decrypted_buffer_size >= 0){

619

written = 0;

620

498

while(written < (size_t) decrypted_buffer_size){

621

499

ret = (int)fwrite (decrypted_buffer + written, 1,

622

500

(size_t)decrypted_buffer_size - written,

635

513

} else {

636

514

retval = -1;

637

515

}

638

} else {

639

retval = -1;

640

}

641

642

/* Shutdown procedure */

643

644

mandos_end:

516

}

517

518

//shutdown procedure

519

520

if(debug){

521

fprintf(stderr, "Closing TLS session\n");

522

}

523

645

524

free(buffer);

525

gnutls_bye (es.session, GNUTLS_SHUT_RDWR);

526

exit:

646

527

close(tcp_sd);

647

gnutls_deinit (session);

528

gnutls_deinit (es.session);

529

gnutls_certificate_free_credentials (es.cred);

530

gnutls_global_deinit ();

648

531

return retval;

649

532

}

650

533

651

static void resolve_callback(AvahiSServiceResolver *r,

652

AvahiIfIndex interface,

653

AVAHI_GCC_UNUSED AvahiProtocol protocol,

654

AvahiResolverEvent event,

655

const char *name,

656

const char *type,

657

const char *domain,

658

const char *host_name,

659

const AvahiAddress *address,

660

uint16_t port,

661

AVAHI_GCC_UNUSED AvahiStringList *txt,

662

AVAHI_GCC_UNUSED AvahiLookupResultFlags

663

flags,

664

void* userdata) {

665

mandos_context *mc = userdata;

666

assert(r);

534

static AvahiSimplePoll *simple_poll = NULL;

535

static AvahiServer *server = NULL;

536

537

static void resolve_callback(

538

AvahiSServiceResolver *r,

539

AvahiIfIndex interface,

540

AVAHI_GCC_UNUSED AvahiProtocol protocol,

541

AvahiResolverEvent event,

542

const char *name,

543

const char *type,

544

const char *domain,

545

const char *host_name,

546

const AvahiAddress *address,

547

uint16_t port,

548

AVAHI_GCC_UNUSED AvahiStringList *txt,

549

AVAHI_GCC_UNUSED AvahiLookupResultFlags flags,

550

AVAHI_GCC_UNUSED void* userdata) {

551

552

assert(r); /* Spurious warning */

667

553

668

554

/* Called whenever a service has been resolved successfully or

669

555

timed out */

671

557

switch (event) {

672

558

default:

673

559

case AVAHI_RESOLVER_FAILURE:

674

fprintf(stderr, "(Avahi Resolver) Failed to resolve service '%s'"

675

" of type '%s' in domain '%s': %s\n", name, type, domain,

676

avahi_strerror(avahi_server_errno(mc->server)));

560

fprintf(stderr, "(Resolver) Failed to resolve service '%s' of"

561

" type '%s' in domain '%s': %s\n", name, type, domain,

562

avahi_strerror(avahi_server_errno(server)));

677

563

break;

678

564

679

565

case AVAHI_RESOLVER_FOUND:

681

567

char ip[AVAHI_ADDRESS_STR_MAX];

682

568

avahi_address_snprint(ip, sizeof(ip), address);

683

569

if(debug){

684

fprintf(stderr, "Mandos server \"%s\" found on %s (%s, %"

685

PRIu16 ") on port %d\n", name, host_name, ip,

686

interface, port);

570

fprintf(stderr, "Mandos server \"%s\" found on %s (%s) on"

571

" port %d\n", name, host_name, ip, port);

687

572

}

688

int ret = start_mandos_communication(ip, port, interface, mc);

573

int ret = start_mandos_communication(ip, port, interface);

689

574

if (ret == 0){

690

avahi_simple_poll_quit(mc->simple_poll);

575

exit(EXIT_SUCCESS);

691

576

}

692

577

}

693

578

}

694

579

avahi_s_service_resolver_free(r);

695

580

}

696

581

697

static void browse_callback( AvahiSServiceBrowser *b,

698

AvahiIfIndex interface,

699

AvahiProtocol protocol,

700

AvahiBrowserEvent event,

701

const char *name,

702

const char *type,

703

const char *domain,

704

AVAHI_GCC_UNUSED AvahiLookupResultFlags

705

flags,

706

void* userdata) {

707

mandos_context *mc = userdata;

708

assert(b);

709

710

/* Called whenever a new services becomes available on the LAN or

711

is removed from the LAN */

712

713

switch (event) {

714

default:

715

case AVAHI_BROWSER_FAILURE:

716

717

fprintf(stderr, "(Avahi browser) %s\n",

718

avahi_strerror(avahi_server_errno(mc->server)));

719

avahi_simple_poll_quit(mc->simple_poll);

720

return;

721

722

case AVAHI_BROWSER_NEW:

723

/* We ignore the returned Avahi resolver object. In the callback

724

function we free it. If the Avahi server is terminated before

725

the callback function is called the Avahi server will free the

726

resolver for us. */

727

728

if (!(avahi_s_service_resolver_new(mc->server, interface,

729

protocol, name, type, domain,

730

AVAHI_PROTO_INET6, 0,

731

resolve_callback, mc)))

732

fprintf(stderr, "Avahi: Failed to resolve service '%s': %s\n",

733

name, avahi_strerror(avahi_server_errno(mc->server)));

734

break;

735

736

case AVAHI_BROWSER_REMOVE:

737

break;

738

739

case AVAHI_BROWSER_ALL_FOR_NOW:

740

case AVAHI_BROWSER_CACHE_EXHAUSTED:

741

if(debug){

742

fprintf(stderr, "No Mandos server found, still searching...\n");

582

static void browse_callback(

583

AvahiSServiceBrowser *b,

584

AvahiIfIndex interface,

585

AvahiProtocol protocol,

586

AvahiBrowserEvent event,

587

const char *name,

588

const char *type,

589

const char *domain,

590

AVAHI_GCC_UNUSED AvahiLookupResultFlags flags,

591

void* userdata) {

592

593

AvahiServer *s = userdata;

594

assert(b); /* Spurious warning */

595

596

/* Called whenever a new services becomes available on the LAN or

597

is removed from the LAN */

598

599

switch (event) {

600

default:

601

case AVAHI_BROWSER_FAILURE:

602

603

fprintf(stderr, "(Browser) %s\n",

604

avahi_strerror(avahi_server_errno(server)));

605

avahi_simple_poll_quit(simple_poll);

606

return;

607

608

case AVAHI_BROWSER_NEW:

609

/* We ignore the returned resolver object. In the callback

610

function we free it. If the server is terminated before

611

the callback function is called the server will free

612

the resolver for us. */

613

614

if (!(avahi_s_service_resolver_new(s, interface, protocol, name,

615

type, domain,

616

AVAHI_PROTO_INET6, 0,

617

resolve_callback, s)))

618

fprintf(stderr, "Failed to resolve service '%s': %s\n", name,

619

avahi_strerror(avahi_server_errno(s)));

620

break;

621

622

case AVAHI_BROWSER_REMOVE:

623

break;

624

625

case AVAHI_BROWSER_ALL_FOR_NOW:

626

case AVAHI_BROWSER_CACHE_EXHAUSTED:

627

break;

743

628

}

744

break;

745

}

746

629

}

747

630

748

631

/* Combines file name and path and returns the malloced new

749

632

string. some sane checks could/should be added */

750

static char *combinepath(const char *first, const char *second){

751

char *tmp;

752

int ret = asprintf(&tmp, "%s/%s", first, second);

753

if(ret < 0){

633

static const char *combinepath(const char *first, const char *second){

634

size_t f_len = strlen(first);

635

size_t s_len = strlen(second);

636

char *tmp = malloc(f_len + s_len + 2);

637

if (tmp == NULL){

754

638

return NULL;

755

639

}

640

if(f_len > 0){

641

memcpy(tmp, first, f_len);

642

}

643

tmp[f_len] = '/';

644

if(s_len > 0){

645

memcpy(tmp + f_len + 1, second, s_len);

646

}

647

tmp[f_len + 1 + s_len] = '\0';

756

648

return tmp;

757

649

}

758

650

759

651

760

int main(int argc, char *argv[]){

652

int main(AVAHI_GCC_UNUSED int argc, AVAHI_GCC_UNUSED char*argv[]) {

653

AvahiServerConfig config;

761

654

AvahiSServiceBrowser *sb = NULL;

762

655

int error;

763

656

int ret;

764

int exitcode = EXIT_SUCCESS;

765

const char *interface = "eth0";

766

struct ifreq network;

767

int sd;

768

uid_t uid;

769

gid_t gid;

657

int returncode = EXIT_SUCCESS;

658

const char *interface = NULL;

659

AvahiIfIndex if_index = AVAHI_IF_UNSPEC;

770

660

char *connect_to = NULL;

771

AvahiIfIndex if_index = AVAHI_IF_UNSPEC;

772

char *pubkeyfilename = NULL;

773

char *seckeyfilename = NULL;

774

const char *pubkeyname = "pubkey.txt";

775

const char *seckeyname = "seckey.txt";

776

mandos_context mc = { .simple_poll = NULL, .server = NULL,

777

.dh_bits = 1024, .priority = "SECURE256"};

778

bool gnutls_initalized = false;

779

780

{

781

struct argp_option options[] = {

782

{ .name = "debug", .key = 128,

783

.doc = "Debug mode", .group = 3 },

784

{ .name = "connect", .key = 'c',

785

.arg = "IP",

786

.doc = "Connect directly to a sepcified mandos server",

787

.group = 1 },

788

{ .name = "interface", .key = 'i',

789

.arg = "INTERFACE",

790

.doc = "Interface that Avahi will conntect through",

791

.group = 1 },

792

{ .name = "keydir", .key = 'd',

793

.arg = "KEYDIR",

794

.doc = "Directory where the openpgp keyring is",

795

.group = 1 },

796

{ .name = "seckey", .key = 's',

797

.arg = "SECKEY",

798

.doc = "Secret openpgp key for gnutls authentication",

799

.group = 1 },

800

{ .name = "pubkey", .key = 'p',

801

.arg = "PUBKEY",

802

.doc = "Public openpgp key for gnutls authentication",

803

.group = 2 },

804

{ .name = "dh-bits", .key = 129,

805

.arg = "BITS",

806

.doc = "dh-bits to use in gnutls communication",

807

.group = 2 },

808

{ .name = "priority", .key = 130,

809

.arg = "PRIORITY",

810

.doc = "GNUTLS priority", .group = 1 },

811

{ .name = NULL }

812

};

813

814

815

error_t parse_opt (int key, char *arg,

816

struct argp_state *state) {

817

/* Get the INPUT argument from `argp_parse', which we know is

818

a pointer to our plugin list pointer. */

819

switch (key) {

820

case 128:

821

debug = true;

822

break;

823

case 'c':

824

connect_to = arg;

825

break;

826

case 'i':

827

interface = arg;

828

break;

829

case 'd':

830

keydir = arg;

831

break;

832

case 's':

833

seckeyname = arg;

834

break;

835

case 'p':

836

pubkeyname = arg;

837

break;

838

case 129:

839

errno = 0;

840

mc.dh_bits = (unsigned int) strtol(arg, NULL, 10);

841

if (errno){

842

perror("strtol");

843

exit(EXIT_FAILURE);

844

}

845

break;

846

case 130:

847

mc.priority = arg;

848

break;

849

case ARGP_KEY_ARG:

850

argp_usage (state);

851

case ARGP_KEY_END:

852

break;

853

default:

854

return ARGP_ERR_UNKNOWN;

855

}

856

return 0;

857

}

858

859

struct argp argp = { .options = options, .parser = parse_opt,

860

.args_doc = "",

861

.doc = "Mandos client -- Get and decrypt"

862

" passwords from mandos server" };

863

ret = argp_parse (&argp, argc, argv, 0, 0, NULL);

864

if (ret == ARGP_ERR_UNKNOWN){

865

fprintf(stderr, "Unknown error while parsing arguments\n");

866

exitcode = EXIT_FAILURE;

867

goto end;

868

}

869

}

870

871

pubkeyfilename = combinepath(keydir, pubkeyname);

872

if (pubkeyfilename == NULL){

873

perror("combinepath");

874

exitcode = EXIT_FAILURE;

875

goto end;

876

}

877

878

seckeyfilename = combinepath(keydir, seckeyname);

879

if (seckeyfilename == NULL){

880

perror("combinepath");

881

exitcode = EXIT_FAILURE;

882

goto end;

883

}

884

885

ret = init_gnutls_global(&mc, pubkeyfilename, seckeyfilename);

886

if (ret == -1){

887

fprintf(stderr, "init_gnutls_global failed\n");

888

exitcode = EXIT_FAILURE;

889

goto end;

890

} else {

891

gnutls_initalized = true;

892

}

893

894

/* If the interface is down, bring it up */

895

{

896

sd = socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP);

897

if(sd < 0) {

898

perror("socket");

899

exitcode = EXIT_FAILURE;

900

goto end;

901

}

902

strcpy(network.ifr_name, interface);

903

ret = ioctl(sd, SIOCGIFFLAGS, &network);

904

if(ret == -1){

905

perror("ioctl SIOCGIFFLAGS");

906

exitcode = EXIT_FAILURE;

907

goto end;

908

}

909

if((network.ifr_flags & IFF_UP) == 0){

910

network.ifr_flags |= IFF_UP;

911

ret = ioctl(sd, SIOCSIFFLAGS, &network);

912

if(ret == -1){

913

perror("ioctl SIOCSIFFLAGS");

914

exitcode = EXIT_FAILURE;

915

goto end;

916

}

917

}

918

close(sd);

919

}

920

921

uid = getuid();

922

gid = getgid();

923

924

ret = setuid(uid);

925

if (ret == -1){

926

perror("setuid");

927

}

928

929

setgid(gid);

930

if (ret == -1){

931

perror("setgid");

932

}

933

934

if_index = (AvahiIfIndex) if_nametoindex(interface);

935

if(if_index == 0){

936

fprintf(stderr, "No such interface: \"%s\"\n", interface);

937

exit(EXIT_FAILURE);

661

662

while (true){

663

static struct option long_options[] = {

664

{"debug", no_argument, (int *)&debug, 1},

665

{"connect", required_argument, 0, 'C'},

666

{"interface", required_argument, 0, 'i'},

667

{"certdir", required_argument, 0, 'd'},

668

{"certkey", required_argument, 0, 'c'},

669

{"certfile", required_argument, 0, 'k'},

670

{0, 0, 0, 0} };

671

672

int option_index = 0;

673

ret = getopt_long (argc, argv, "i:", long_options,

674

&option_index);

675

676

if (ret == -1){

677

break;

678

}

679

680

switch(ret){

681

case 0:

682

break;

683

case 'i':

684

interface = optarg;

685

break;

686

case 'C':

687

connect_to = optarg;

688

break;

689

case 'd':

690

certdir = optarg;

691

break;

692

case 'c':

693

certfile = optarg;

694

break;

695

case 'k':

696

certkey = optarg;

697

break;

698

default:

699

exit(EXIT_FAILURE);

700

}

701

}

702

703

certfile = combinepath(certdir, certfile);

704

if (certfile == NULL){

705

perror("combinepath");

706

goto exit;

707

}

708

709

if(interface != NULL){

710

if_index = (AvahiIfIndex) if_nametoindex(interface);

711

if(if_index == 0){

712

fprintf(stderr, "No such interface: \"%s\"\n", interface);

713

exit(EXIT_FAILURE);

714

}

938

715

}

939

716

940

717

if(connect_to != NULL){

943

720

char *address = strrchr(connect_to, ':');

944

721

if(address == NULL){

945

722

fprintf(stderr, "No colon in address\n");

946

exitcode = EXIT_FAILURE;

947

goto end;

723

exit(EXIT_FAILURE);

948

724

}

949

725

errno = 0;

950

726

uint16_t port = (uint16_t) strtol(address+1, NULL, 10);

951

727

if(errno){

952

728

perror("Bad port number");

953

exitcode = EXIT_FAILURE;

954

goto end;

729

exit(EXIT_FAILURE);

955

730

}

956

731

*address = '\0';

957

732

address = connect_to;

958

ret = start_mandos_communication(address, port, if_index, &mc);

733

ret = start_mandos_communication(address, port, if_index);

959

734

if(ret < 0){

960

exitcode = EXIT_FAILURE;

735

exit(EXIT_FAILURE);

961

736

} else {

962

exitcode = EXIT_SUCCESS;

737

exit(EXIT_SUCCESS);

963

738

}

964

goto end;

739

}

740

741

certkey = combinepath(certdir, certkey);

742

if (certkey == NULL){

743

perror("combinepath");

744

goto exit;

965

745

}

966

746

967

747

if (not debug){

968

748

avahi_set_log_function(empty_log);

969

749

}

970

750

971

/* Initialize the pseudo-RNG for Avahi */

751

/* Initialize the psuedo-RNG */

972

752

srand((unsigned int) time(NULL));

973

974

/* Allocate main Avahi loop object */

975

mc.simple_poll = avahi_simple_poll_new();

976

if (mc.simple_poll == NULL) {

977

fprintf(stderr, "Avahi: Failed to create simple poll"

978

" object.\n");

979

exitcode = EXIT_FAILURE;

980

goto end;

981

}

982

983

{

984

AvahiServerConfig config;

985

/* Do not publish any local Zeroconf records */

986

avahi_server_config_init(&config);

987

config.publish_hinfo = 0;

988

config.publish_addresses = 0;

989

config.publish_workstation = 0;

990

config.publish_domain = 0;

991

992

/* Allocate a new server */

993

mc.server = avahi_server_new(avahi_simple_poll_get

994

(mc.simple_poll), &config, NULL,

995

NULL, &error);

996

997

/* Free the Avahi configuration data */

998

avahi_server_config_free(&config);

999

}

1000

1001

/* Check if creating the Avahi server object succeeded */

1002

if (mc.server == NULL) {

1003

fprintf(stderr, "Failed to create Avahi server: %s\n",

753

754

/* Allocate main loop object */

755

if (!(simple_poll = avahi_simple_poll_new())) {

756

fprintf(stderr, "Failed to create simple poll object.\n");

757

758

goto exit;

759

}

760

761

/* Do not publish any local records */

762

avahi_server_config_init(&config);

763

config.publish_hinfo = 0;

764

config.publish_addresses = 0;

765

config.publish_workstation = 0;

766

config.publish_domain = 0;

767

768

/* Allocate a new server */

769

server = avahi_server_new(avahi_simple_poll_get(simple_poll),

770

&config, NULL, NULL, &error);

771

772

/* Free the configuration data */

773

avahi_server_config_free(&config);

774

775

/* Check if creating the server object succeeded */

776

if (!server) {

777

fprintf(stderr, "Failed to create server: %s\n",

1004

778

avahi_strerror(error));

1005

exitcode = EXIT_FAILURE;

1006

goto end;

779

returncode = EXIT_FAILURE;

780

goto exit;

1007

781

}

1008

782

1009

/* Create the Avahi service browser */

1010

sb = avahi_s_service_browser_new(mc.server, if_index,

783

/* Create the service browser */

784

sb = avahi_s_service_browser_new(server, if_index,

1011

785

AVAHI_PROTO_INET6,

1012

786

"_mandos._tcp", NULL, 0,

1013

browse_callback, &mc);

1014

if (sb == NULL) {

787

browse_callback, server);

788

if (!sb) {

1015

789

fprintf(stderr, "Failed to create service browser: %s\n",

1016

avahi_strerror(avahi_server_errno(mc.server)));

1017

exitcode = EXIT_FAILURE;

1018

goto end;

790

avahi_strerror(avahi_server_errno(server)));

791

returncode = EXIT_FAILURE;

792

goto exit;

1019

793

}

1020

794

1021

795

/* Run the main loop */

1022

796

1023

797

if (debug){

1024

fprintf(stderr, "Starting Avahi loop search\n");

798

fprintf(stderr, "Starting avahi loop search\n");

1025

799

}

1026

800

1027

avahi_simple_poll_loop(mc.simple_poll);

801

avahi_simple_poll_loop(simple_poll);

1028

802

1029

end:

803

exit:

1030

804

1031

805

if (debug){

1032

806

fprintf(stderr, "%s exiting\n", argv[0]);

1033

807

}

1034

808

1035

809

/* Cleanup things */

1036

if (sb != NULL)

810

if (sb)

1037

811

avahi_s_service_browser_free(sb);

1038

812

1039

if (mc.server != NULL)

1040

avahi_server_free(mc.server);

1041

1042

if (mc.simple_poll != NULL)

1043

avahi_simple_poll_free(mc.simple_poll);

1044

free(pubkeyfilename);

1045

free(seckeyfilename);

1046

1047

if (gnutls_initalized){

1048

gnutls_certificate_free_credentials(mc.cred);

1049

gnutls_global_deinit ();

1050

}

813

if (server)

814

avahi_server_free(server);

815

816

if (simple_poll)

817

avahi_simple_poll_free(simple_poll);

818

free(certfile);

819

free(certkey);

1051

820

1052

return exitcode;

821

return returncode;

1053

822

}

Older »