/mandos/release : revision 37

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to plugins.d/mandosclient.c

Committer: Teddy Hogeborn
Date: 2008-08-02 21:06:12 UTC
Revision ID: teddy@fukt.bsnet.se-20080802210612-4c1waup4z0f66ya7

Non-tested commit for merge purposes.

* plugbasedclient.c (getplugin, addargument, set_cloexec): Made static.

* plugins.d/passprompt.c (termination_handler): Made static.

files modified:
TODO

plugbasedclient.c

plugins.d/mandosclient.c

plugins.d/passprompt.c

Show diffs side-by-side

added added

removed removed

plugins.d/mandosclient.c

* along with this program. If not, see

* <http://www.gnu.org/licenses/>.

* Contact the authors at <https://www.fukt.bsnet.se/~belorn/> and

* <https://www.fukt.bsnet.se/~teddy/>.

* Contact the authors at <mandos@fukt.bsnet.se>.

/* Needed by GPGME, specifically gpgme_data_seek() */

#include <errno.h> /* perror() */

#include <gpgme.h>

// getopt long

// getopt_long

#include <getopt.h>

#ifndef CERT_ROOT

#define CERT_ROOT "/conf/conf.d/cryptkeyreq/"

#endif

#define CERTFILE CERT_ROOT "openpgp-client.txt"

#define KEYFILE CERT_ROOT "openpgp-client-key.txt"

#define BUFFER_SIZE 256

#define DH_BITS 1024

static int dh_bits = 1024;

static const char *keydir = "/conf/conf.d/mandos";

static const char *pubkeyfile = "pubkey.txt";

static const char *seckeyfile = "seckey.txt";

bool debug = false;

/* Used for */

typedef struct {

gnutls_session_t session;

gnutls_certificate_credentials_t cred;

} encrypted_session;

ssize_t pgp_packet_decrypt (char *packet, size_t packet_size,

char **new_packet, const char *homedir){

static ssize_t pgp_packet_decrypt (char *packet, size_t packet_size,

char **new_packet,

const char *homedir){

gpgme_data_t dh_crypto, dh_plain;

gpgme_ctx_t ctx;

gpgme_error_t rc;

100

101

102

/* Init GPGME */

102

103

gpgme_check_version(NULL);

103

gpgme_engine_check_version(GPGME_PROTOCOL_OpenPGP);

104

rc = gpgme_engine_check_version(GPGME_PROTOCOL_OpenPGP);

105

if (rc != GPG_ERR_NO_ERROR){

106

fprintf(stderr, "bad gpgme_engine_check_version: %s: %s\n",

107

gpgme_strsource(rc), gpgme_strerror(rc));

108

return -1;

109

}

104

110

105

111

/* Set GPGME home directory */

106

112

rc = gpgme_get_engine_info (&engine_info);

192

198

gpgme_data_release(dh_crypto);

193

199

194

200

/* Seek back to the beginning of the GPGME plaintext data buffer */

195

gpgme_data_seek(dh_plain, (off_t) 0, SEEK_SET);

196

201

if (gpgme_data_seek(dh_plain, (off_t) 0, SEEK_SET) == -1){

202

perror("pgpme_data_seek");

203

}

204

197

205

*new_packet = 0;

198

206

while(true){

199

207

if (new_packet_length + BUFFER_SIZE > new_packet_capacity){

240

248

return ret;

241

249

}

242

250

243

void debuggnutls(__attribute__((unused)) int level,

244

const char* string){

251

static void debuggnutls(__attribute__((unused)) int level,

252

const char* string){

245

253

fprintf(stderr, "%s", string);

246

254

}

247

255

248

int initgnutls(encrypted_session *es){

256

static int initgnutls(encrypted_session *es){

249

257

const char *err;

250

258

int ret;

251

259

252

260

if(debug){

253

261

fprintf(stderr, "Initializing GnuTLS\n");

254

262

}

255

263

256

264

if ((ret = gnutls_global_init ())

257

265

!= GNUTLS_E_SUCCESS) {

258

266

fprintf (stderr, "global_init: %s\n", safer_gnutls_strerror(ret));

274

282

275

283

if(debug){

276

284

fprintf(stderr, "Attempting to use OpenPGP certificate %s"

277

" and keyfile %s as GnuTLS credentials\n", CERTFILE,

278

KEYFILE);

285

" and keyfile %s as GnuTLS credentials\n", pubkeyfile,

286

seckeyfile);

279

287

}

280

288

281

289

ret = gnutls_certificate_set_openpgp_key_file

282

(es->cred, CERTFILE, KEYFILE, GNUTLS_OPENPGP_FMT_BASE64);

290

(es->cred, pubkeyfile, seckeyfile, GNUTLS_OPENPGP_FMT_BASE64);

283

291

if (ret != GNUTLS_E_SUCCESS) {

284

292

fprintf

285

293

(stderr, "Error[%d] while reading the OpenPGP key pair ('%s',"

286

294

" '%s')\n",

287

ret, CERTFILE, KEYFILE);

295

ret, pubkeyfile, seckeyfile);

288

296

fprintf(stdout, "The Error is: %s\n",

289

297

safer_gnutls_strerror(ret));

290

298

return -1;

298

306

return -1;

299

307

}

300

308

301

if ((ret = gnutls_dh_params_generate2 (es->dh_params, DH_BITS))

309

if ((ret = gnutls_dh_params_generate2 (es->dh_params, dh_bits))

302

310

!= GNUTLS_E_SUCCESS) {

303

311

fprintf (stderr, "Error in prime generation: %s\n",

304

312

safer_gnutls_strerror(ret));

334

342

gnutls_certificate_server_set_request (es->session,

335

343

GNUTLS_CERT_IGNORE);

336

344

337

gnutls_dh_set_prime_bits (es->session, DH_BITS);

345

gnutls_dh_set_prime_bits (es->session, dh_bits);

338

346

339

347

return 0;

340

348

}

341

349

342

void empty_log(__attribute__((unused)) AvahiLogLevel level,

343

__attribute__((unused)) const char *txt){}

350

static void empty_log(__attribute__((unused)) AvahiLogLevel level,

351

__attribute__((unused)) const char *txt){}

344

352

345

int start_mandos_communication(const char *ip, uint16_t port,

346

AvahiIfIndex if_index){

353

static int start_mandos_communication(const char *ip, uint16_t port,

354

AvahiIfIndex if_index){

347

355

int ret, tcp_sd;

348

356

struct sockaddr_in6 to;

349

357

encrypted_session es;

395

403

396

404

if(debug){

397

405

fprintf(stderr, "Connection to: %s, port %d\n", ip, port);

398

/* char addrstr[INET6_ADDRSTRLEN]; */

399

/* if(inet_ntop(to.sin6_family, &(to.sin6_addr), addrstr, */

400

/* sizeof(addrstr)) == NULL){ */

401

/* perror("inet_ntop"); */

402

/* } else { */

403

/* fprintf(stderr, "Really connecting to: %s, port %d\n", */

404

/* addrstr, ntohs(to.sin6_port)); */

405

/* } */

406

char addrstr[INET6_ADDRSTRLEN] = "";

407

if(inet_ntop(to.sin6_family, &(to.sin6_addr), addrstr,

408

sizeof(addrstr)) == NULL){

409

perror("inet_ntop");

410

} else {

411

if(strcmp(addrstr, ip) != 0){

412

fprintf(stderr, "Canonical address form: %s\n",

413

addrstr, ntohs(to.sin6_port));

414

}

415

}

406

416

}

407

417

408

418

ret = connect(tcp_sd, (struct sockaddr *) &to, sizeof(to));

487

497

decrypted_buffer_size = pgp_packet_decrypt(buffer,

488

498

buffer_length,

489

499

&decrypted_buffer,

490

CERT_ROOT);

500

keydir);

491

501

if (decrypted_buffer_size >= 0){

492

502

while(written < (size_t) decrypted_buffer_size){

493

503

ret = (int)fwrite (decrypted_buffer + written, 1,

622

632

}

623

633

}

624

634

635

/* Combines file name and path and returns the malloced new

636

string. some sane checks could/should be added */

637

static const char *combinepath(const char *first, const char *second){

638

size_t f_len = strlen(first);

639

size_t s_len = strlen(second);

640

char *tmp = malloc(f_len + s_len + 2);

641

if (tmp == NULL){

642

return NULL;

643

}

644

if(f_len > 0){

645

memcpy(tmp, first, f_len);

646

}

647

tmp[f_len] = '/';

648

if(s_len > 0){

649

memcpy(tmp + f_len + 1, second, s_len);

650

}

651

tmp[f_len + 1 + s_len] = '\0';

652

return tmp;

653

}

654

655

625

656

int main(AVAHI_GCC_UNUSED int argc, AVAHI_GCC_UNUSED char*argv[]) {

626

657

AvahiServerConfig config;

627

658

AvahiSServiceBrowser *sb = NULL;

628

659

int error;

629

660

int ret;

661

int debug_int = 0;

630

662

int returncode = EXIT_SUCCESS;

631

663

const char *interface = NULL;

632

664

AvahiIfIndex if_index = AVAHI_IF_UNSPEC;

633

665

char *connect_to = NULL;

634

666

667

debug_int = debug ? 1 : 0;

635

668

while (true){

636

669

static struct option long_options[] = {

637

{"debug", no_argument, (int *)&debug, 1},

638

{"connect", required_argument, 0, 'c'},

639

{"interface", required_argument, 0, 'i'},

670

{"debug", no_argument, &debug_int, 1},

671

{"connect", required_argument, NULL, 'C'},

672

{"interface", required_argument, NULL, 'i'},

673

{"keydir", required_argument, NULL, 'd'},

674

{"seckey", required_argument, NULL, 'c'},

675

{"pubkey", required_argument, NULL, 'k'},

676

{"dh-bits", required_argument, NULL, 'D'},

640

677

{0, 0, 0, 0} };

641

678

642

679

int option_index = 0;

653

690

case 'i':

654

691

interface = optarg;

655

692

break;

693

case 'C':

694

connect_to = optarg;

695

break;

696

case 'd':

697

keydir = optarg;

698

break;

656

699

case 'c':

657

connect_to = optarg;

658

break;

700

pubkeyfile = optarg;

701

break;

702

case 'k':

703

seckeyfile = optarg;

704

break;

705

case 'D':

706

dh_bits = atoi(optarg);

707

break;

708

case '?':

709

break

659

710

default:

660

711

exit(EXIT_FAILURE);

661

712

}

662

713

}

714

debug = debug_int ? true : false;

715

716

pubkeyfile = combinepath(keydir, pubkeyfile);

717

if (pubkeyfile == NULL){

718

perror("combinepath");

719

goto exit;

720

}

663

721

664

722

if(interface != NULL){

665

723

if_index = (AvahiIfIndex) if_nametoindex(interface);

693

751

}

694

752

}

695

753

754

seckeyfile = combinepath(keydir, seckeyfile);

755

if (seckeyfile == NULL){

756

perror("combinepath");

757

goto exit;

758

}

759

696

760

if (not debug){

697

761

avahi_set_log_function(empty_log);

698

762

}

764

828

765

829

if (simple_poll)

766

830

avahi_simple_poll_free(simple_poll);

767

831

free(pubkeyfile);

832

free(seckeyfile);

833

768

834

return returncode;

769

835

}

Older »