To get this branch, use:
bzr branch
http://bzr.recompile.se/loggerhead/mandos/release
« back to all changes in this revision
Viewing changes to plugins.d/mandosclient.c
- browse files at revision 36
- compare with another revision
- download diff
- download tarball
- view history from revision 36
- Committer: Teddy Hogeborn
- Date: 2008-08-02 14:33:47 UTC
- Revision ID: teddy@fukt.bsnet.se-20080802143347-u1m4zs1q0feu72ei
* TODO: Converted to org-mode style
* plugins.d/mandosclient.c (certdir): Changed to "/conf/conf.d/mandos/".
(certdir, certfile, certkey, pgp_packet_decrypt, debuggnutls,
initgnutls, empty_log, combinepath): Made static.
(combinepath): Rewritten to only get the argument string lengths
once. Do not print error message; leave that to
caller. All callers changed.
* plugins.d/mandosclient.c (certdir): Changed to "/conf/conf.d/mandos/".
(certdir, certfile, certkey, pgp_packet_decrypt, debuggnutls,
initgnutls, empty_log, combinepath): Made static.
(combinepath): Rewritten to only get the argument string lengths
once. Do not print error message; leave that to
caller. All callers changed.
- files added:
- server.conf
- files renamed:
- mandos-clients.conf => clients.conf
- files modified:
- Makefile
added
removed
plugins.d/mandosclient.c
8
8
* includes the following functions: "resolve_callback",
9
9
* "browse_callback", and parts of "main".
10
10
*
11
* Everything else is Copyright © 2007-2008 Teddy Hogeborn and Björn
12
* Påhlsson.
11
* Everything else is
12
* Copyright © 2007-2008 Teddy Hogeborn & Björn Påhlsson
13
13
*
14
14
* This program is free software: you can redistribute it and/or
15
15
* modify it under the terms of the GNU General Public License as
25
25
* along with this program. If not, see
26
26
* <http://www.gnu.org/licenses/>.
27
27
*
28
* Contact the authors at <https://www.fukt.bsnet.se/~belorn/> and
29
* <https://www.fukt.bsnet.se/~teddy/>.
28
* Contact the authors at <mandos@fukt.bsnet.se>.
30
29
*/
31
30
32
#define _FORTIFY_SOURCE 2
33
31
/* Needed by GPGME, specifically gpgme_data_seek() */
34
32
#define _LARGEFILE_SOURCE
35
33
#define _FILE_OFFSET_BITS 64
36
34
68
66
// getopt long
69
67
#include <getopt.h>
70
68
71
#ifndef CERT_ROOT
72
#define CERT_ROOT "/conf/conf.d/cryptkeyreq/"
73
#endif
74
#define CERTFILE CERT_ROOT "openpgp-client.txt"
75
#define KEYFILE CERT_ROOT "openpgp-client-key.txt"
76
69
#define BUFFER_SIZE 256
77
70
#define DH_BITS 1024
78
71
72
static const char *certdir = "/conf/conf.d/mandos";
73
static const char *certfile = "openpgp-client.txt";
74
static const char *certkey = "openpgp-client-key.txt";
75
79
76
bool debug = false;
80
77
81
78
typedef struct {
85
82
} encrypted_session;
86
83
87
84
88
ssize_t pgp_packet_decrypt (char *packet, size_t packet_size,
89
char **new_packet, const char *homedir){
85
static ssize_t pgp_packet_decrypt (char *packet, size_t packet_size,
86
char **new_packet,
87
const char *homedir){
90
88
gpgme_data_t dh_crypto, dh_plain;
91
89
gpgme_ctx_t ctx;
92
90
gpgme_error_t rc;
101
99
102
100
/* Init GPGME */
103
101
gpgme_check_version(NULL);
104
gpgme_engine_check_version(GPGME_PROTOCOL_OpenPGP);
102
rc = gpgme_engine_check_version(GPGME_PROTOCOL_OpenPGP);
103
if (rc != GPG_ERR_NO_ERROR){
104
fprintf(stderr, "bad gpgme_engine_check_version: %s: %s\n",
105
gpgme_strsource(rc), gpgme_strerror(rc));
106
return -1;
107
}
105
108
106
109
/* Set GPGME home directory */
107
110
rc = gpgme_get_engine_info (&engine_info);
193
196
gpgme_data_release(dh_crypto);
194
197
195
198
/* Seek back to the beginning of the GPGME plaintext data buffer */
196
gpgme_data_seek(dh_plain, (off_t) 0, SEEK_SET);
197
199
if (gpgme_data_seek(dh_plain, (off_t) 0, SEEK_SET) == -1){
200
perror("pgpme_data_seek");
201
}
202
198
203
*new_packet = 0;
199
204
while(true){
200
205
if (new_packet_length + BUFFER_SIZE > new_packet_capacity){
241
246
return ret;
242
247
}
243
248
244
void debuggnutls(__attribute__((unused)) int level,
245
const char* string){
249
static void debuggnutls(__attribute__((unused)) int level,
250
const char* string){
246
251
fprintf(stderr, "%s", string);
247
252
}
248
253
249
int initgnutls(encrypted_session *es){
254
static int initgnutls(encrypted_session *es){
250
255
const char *err;
251
256
int ret;
252
257
253
258
if(debug){
254
259
fprintf(stderr, "Initializing GnuTLS\n");
255
260
}
256
261
257
262
if ((ret = gnutls_global_init ())
258
263
!= GNUTLS_E_SUCCESS) {
259
264
fprintf (stderr, "global_init: %s\n", safer_gnutls_strerror(ret));
275
280
276
281
if(debug){
277
282
fprintf(stderr, "Attempting to use OpenPGP certificate %s"
278
" and keyfile %s as GnuTLS credentials\n", CERTFILE,
279
KEYFILE);
283
" and keyfile %s as GnuTLS credentials\n", certfile,
284
certkey);
280
285
}
281
286
282
287
ret = gnutls_certificate_set_openpgp_key_file
283
(es->cred, CERTFILE, KEYFILE, GNUTLS_OPENPGP_FMT_BASE64);
288
(es->cred, certfile, certkey, GNUTLS_OPENPGP_FMT_BASE64);
284
289
if (ret != GNUTLS_E_SUCCESS) {
285
290
fprintf
286
291
(stderr, "Error[%d] while reading the OpenPGP key pair ('%s',"
287
292
" '%s')\n",
288
ret, CERTFILE, KEYFILE);
293
ret, certfile, certkey);
289
294
fprintf(stdout, "The Error is: %s\n",
290
295
safer_gnutls_strerror(ret));
291
296
return -1;
340
345
return 0;
341
346
}
342
347
343
void empty_log(__attribute__((unused)) AvahiLogLevel level,
344
__attribute__((unused)) const char *txt){}
348
static void empty_log(__attribute__((unused)) AvahiLogLevel level,
349
__attribute__((unused)) const char *txt){}
345
350
346
int start_mandos_communication(const char *ip, uint16_t port,
347
unsigned int if_index){
351
static int start_mandos_communication(const char *ip, uint16_t port,
352
AvahiIfIndex if_index){
348
353
int ret, tcp_sd;
349
354
struct sockaddr_in6 to;
350
355
encrypted_session es;
358
363
char interface[IF_NAMESIZE];
359
364
360
365
if(debug){
361
fprintf(stderr, "Setting up a tcp connection to %s\n", ip);
366
fprintf(stderr, "Setting up a tcp connection to %s, port %d\n",
367
ip, port);
362
368
}
363
369
364
370
tcp_sd = socket(PF_INET6, SOCK_STREAM, 0);
367
373
return -1;
368
374
}
369
375
370
if(if_indextoname(if_index, interface) == NULL){
376
if(if_indextoname((unsigned int)if_index, interface) == NULL){
371
377
if(debug){
372
378
perror("if_indextoname");
373
379
}
394
400
to.sin6_scope_id = (uint32_t)if_index;
395
401
396
402
if(debug){
397
fprintf(stderr, "Connection to: %s\n", ip);
403
fprintf(stderr, "Connection to: %s, port %d\n", ip, port);
404
/* char addrstr[INET6_ADDRSTRLEN]; */
405
/* if(inet_ntop(to.sin6_family, &(to.sin6_addr), addrstr, */
406
/* sizeof(addrstr)) == NULL){ */
407
/* perror("inet_ntop"); */
408
/* } else { */
409
/* fprintf(stderr, "Really connecting to: %s, port %d\n", */
410
/* addrstr, ntohs(to.sin6_port)); */
411
/* } */
398
412
}
399
413
400
414
ret = connect(tcp_sd, (struct sockaddr *) &to, sizeof(to));
479
493
decrypted_buffer_size = pgp_packet_decrypt(buffer,
480
494
buffer_length,
481
495
&decrypted_buffer,
482
CERT_ROOT);
496
certdir);
483
497
if (decrypted_buffer_size >= 0){
484
while(written < decrypted_buffer_size){
498
while(written < (size_t) decrypted_buffer_size){
485
499
ret = (int)fwrite (decrypted_buffer + written, 1,
486
500
(size_t)decrypted_buffer_size - written,
487
501
stdout);
556
570
fprintf(stderr, "Mandos server \"%s\" found on %s (%s) on"
557
571
" port %d\n", name, host_name, ip, port);
558
572
}
559
int ret = start_mandos_communication(ip, port,
560
(unsigned int) interface);
573
int ret = start_mandos_communication(ip, port, interface);
561
574
if (ret == 0){
562
575
exit(EXIT_SUCCESS);
563
576
}
615
628
}
616
629
}
617
630
631
/* Combines file name and path and returns the malloced new
632
string. some sane checks could/should be added */
633
static const char *combinepath(const char *first, const char *second){
634
size_t f_len = strlen(first);
635
size_t s_len = strlen(second);
636
char *tmp = malloc(f_len + s_len + 2);
637
if (tmp == NULL){
638
return NULL;
639
}
640
if(f_len > 0){
641
memcpy(tmp, first, f_len);
642
}
643
tmp[f_len] = '/';
644
if(s_len > 0){
645
memcpy(tmp + f_len + 1, second, s_len);
646
}
647
tmp[f_len + 1 + s_len] = '\0';
648
return tmp;
649
}
650
651
618
652
int main(AVAHI_GCC_UNUSED int argc, AVAHI_GCC_UNUSED char*argv[]) {
619
653
AvahiServerConfig config;
620
654
AvahiSServiceBrowser *sb = NULL;
621
655
int error;
622
656
int ret;
623
657
int returncode = EXIT_SUCCESS;
624
const char *interface = "eth0";
658
const char *interface = NULL;
659
AvahiIfIndex if_index = AVAHI_IF_UNSPEC;
660
char *connect_to = NULL;
625
661
626
662
while (true){
627
663
static struct option long_options[] = {
628
664
{"debug", no_argument, (int *)&debug, 1},
665
{"connect", required_argument, 0, 'C'},
629
666
{"interface", required_argument, 0, 'i'},
667
{"certdir", required_argument, 0, 'd'},
668
{"certkey", required_argument, 0, 'c'},
669
{"certfile", required_argument, 0, 'k'},
630
670
{0, 0, 0, 0} };
631
671
632
672
int option_index = 0;
643
683
case 'i':
644
684
interface = optarg;
645
685
break;
686
case 'C':
687
connect_to = optarg;
688
break;
689
case 'd':
690
certdir = optarg;
691
break;
692
case 'c':
693
certfile = optarg;
694
break;
695
case 'k':
696
certkey = optarg;
697
break;
646
698
default:
647
699
exit(EXIT_FAILURE);
648
700
}
649
701
}
650
702
703
certfile = combinepath(certdir, certfile);
704
if (certfile == NULL){
705
perror("combinepath");
706
goto exit;
707
}
708
709
if(interface != NULL){
710
if_index = (AvahiIfIndex) if_nametoindex(interface);
711
if(if_index == 0){
712
fprintf(stderr, "No such interface: \"%s\"\n", interface);
713
exit(EXIT_FAILURE);
714
}
715
}
716
717
if(connect_to != NULL){
718
/* Connect directly, do not use Zeroconf */
719
/* (Mainly meant for debugging) */
720
char *address = strrchr(connect_to, ':');
721
if(address == NULL){
722
fprintf(stderr, "No colon in address\n");
723
exit(EXIT_FAILURE);
724
}
725
errno = 0;
726
uint16_t port = (uint16_t) strtol(address+1, NULL, 10);
727
if(errno){
728
perror("Bad port number");
729
exit(EXIT_FAILURE);
730
}
731
*address = '\0';
732
address = connect_to;
733
ret = start_mandos_communication(address, port, if_index);
734
if(ret < 0){
735
exit(EXIT_FAILURE);
736
} else {
737
exit(EXIT_SUCCESS);
738
}
739
}
740
741
certkey = combinepath(certdir, certkey);
742
if (certkey == NULL){
743
perror("combinepath");
744
goto exit;
745
}
746
651
747
if (not debug){
652
748
avahi_set_log_function(empty_log);
653
749
}
685
781
}
686
782
687
783
/* Create the service browser */
688
sb = avahi_s_service_browser_new(server,
689
(AvahiIfIndex)
690
if_nametoindex(interface),
784
sb = avahi_s_service_browser_new(server, if_index,
691
785
AVAHI_PROTO_INET6,
692
786
"_mandos._tcp", NULL, 0,
693
787
browse_callback, server);
721
815
722
816
if (simple_poll)
723
817
avahi_simple_poll_free(simple_poll);
724
818
free(certfile);
819
free(certkey);
820
725
821
return returncode;
726
822
}
Loggerhead is a web-based interface for Breezy
Version: 2.0.2.dev0