/mandos/release : revision 38

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to plugins.d/mandosclient.c

Committer: Teddy Hogeborn
Date: 2008-08-03 01:09:36 UTC
mfrom: (24.1.9 mandos)
Revision ID: teddy@fukt.bsnet.se-20080803010936-ujme8tgxceszfbi1

* plugbasedclient.c (main): New "--userid" and "--groupid" options.
                            Take an additional non-option argument and
                            parse it as a plus-separated and -prefixed
                            list of additional options.

* plugins.d/mandosclient.c (DH_BITS): Replaced with
                                      "mandos_context.dh_bits".  All
                                      users changed.
  (certdir): Renamed to "keydir".  All users changed.
  (certfile): Renamed to "pubkeyfile".  All users changed.
  (certkey): Renamed to "seckeyfile".  All users changed.
  (encrypted_session): Replaced with "mandos_context".  All users
                       changed.
  (initgnutls): Take additional "session" and "dh_params" arguments.
                All callers changed.
  (start_mandos_communication): Take additional "mc" argument.  All
                                callers changed.  Print target IPv6
                                address if different than supplied
                                string.
  (simple_poll) Replaced with "mandos_context.simple_poll".  All users
                changed.
  (server): Replaced with "mandos_context.server".  All users changed.
  (main): Default interface to "eth0".  Rename "--certdir" to
          "--keydir", "--certkey" to "--seckey", and "--certfile" to
          "--pubkey".  New options "--dh-bits" and "--priority".  If
          the interface is not up, bring it up.

files added:
TODO

clients.conf

plugbasedclient.c

plugins.d

plugins.d/mandosclient.c

plugins.d/passprompt.c

server.conf

server.py

files removed:
bad-ca.pem

bad-cert.pem

bad-client-cert.pem

bad-client-key.pem

bad-crl.pem

bad-key.pem

client.cpp

clients.conf

server.cpp

files modified:
Makefile

Show diffs side-by-side

added added

removed removed

plugins.d/mandosclient.c

/* -*- coding: utf-8 -*- */

* Mandos client - get and decrypt data from a Mandos server

* This program is partly derived from an example program for an Avahi

* service browser, downloaded from

* <http://avahi.org/browser/examples/core-browse-services.c>. This

* includes the following functions: "resolve_callback",

* "browse_callback", and parts of "main".

* Everything else is

* This program is free software: you can redistribute it and/or

* modify it under the terms of the GNU General Public License as

* published by the Free Software Foundation, either version 3 of the

* License, or (at your option) any later version.

* This program is distributed in the hope that it will be useful, but

* WITHOUT ANY WARRANTY; without even the implied warranty of

* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU

* General Public License for more details.

* You should have received a copy of the GNU General Public License

* along with this program. If not, see

* <http://www.gnu.org/licenses/>.

* Contact the authors at <mandos@fukt.bsnet.se>.

/* Needed by GPGME, specifically gpgme_data_seek() */

#define _LARGEFILE_SOURCE

#define _FILE_OFFSET_BITS 64

#include <stdio.h>

#include <assert.h>

#include <stdlib.h>

#include <time.h>

#include <net/if.h> /* if_nametoindex */

#include <sys/ioctl.h> // ioctl, ifreq, SIOCGIFFLAGS, IFF_UP, SIOCSIFFLAGS

#include <net/if.h> // ioctl, ifreq, SIOCGIFFLAGS, IFF_UP, SIOCSIFFLAGS

#include <avahi-core/core.h>

#include <avahi-core/lookup.h>

#include <avahi-core/log.h>

#include <avahi-common/simple-watch.h>

#include <avahi-common/malloc.h>

#include <avahi-common/error.h>

//mandos client part

#include <sys/types.h> /* socket(), inet_pton() */

#include <sys/socket.h> /* socket(), struct sockaddr_in6,

struct in6_addr, inet_pton() */

#include <gnutls/gnutls.h> /* All GnuTLS stuff */

#include <gnutls/openpgp.h> /* GnuTLS with openpgp stuff */

#include <unistd.h> /* close() */

#include <netinet/in.h>

#include <stdbool.h> /* true */

#include <string.h> /* memset */

#include <arpa/inet.h> /* inet_pton() */

#include <iso646.h> /* not */

// gpgme

#include <errno.h> /* perror() */

#include <gpgme.h>

// getopt_long

#include <getopt.h>

#define BUFFER_SIZE 256

static const char *keydir = "/conf/conf.d/mandos";

static const char *pubkeyfile = "pubkey.txt";

static const char *seckeyfile = "seckey.txt";

bool debug = false;

/* Used for passing in values through all the callback functions */

typedef struct {

AvahiSimplePoll *simple_poll;

AvahiServer *server;

gnutls_certificate_credentials_t cred;

unsigned int dh_bits;

const char *priority;

} mandos_context;

static ssize_t pgp_packet_decrypt (char *packet, size_t packet_size,

char **new_packet,

const char *homedir){

gpgme_data_t dh_crypto, dh_plain;

gpgme_ctx_t ctx;

gpgme_error_t rc;

ssize_t ret;

ssize_t new_packet_capacity = 0;

ssize_t new_packet_length = 0;

gpgme_engine_info_t engine_info;

if (debug){

100

fprintf(stderr, "Trying to decrypt OpenPGP packet\n");

101

}

102

103

/* Init GPGME */

104

gpgme_check_version(NULL);

105

rc = gpgme_engine_check_version(GPGME_PROTOCOL_OpenPGP);

106

if (rc != GPG_ERR_NO_ERROR){

107

fprintf(stderr, "bad gpgme_engine_check_version: %s: %s\n",

108

gpgme_strsource(rc), gpgme_strerror(rc));

109

return -1;

110

}

111

112

/* Set GPGME home directory */

113

rc = gpgme_get_engine_info (&engine_info);

114

if (rc != GPG_ERR_NO_ERROR){

115

fprintf(stderr, "bad gpgme_get_engine_info: %s: %s\n",

116

gpgme_strsource(rc), gpgme_strerror(rc));

117

return -1;

118

}

119

while(engine_info != NULL){

120

if(engine_info->protocol == GPGME_PROTOCOL_OpenPGP){

121

gpgme_set_engine_info(GPGME_PROTOCOL_OpenPGP,

122

engine_info->file_name, homedir);

123

break;

124

}

125

engine_info = engine_info->next;

126

}

127

if(engine_info == NULL){

128

fprintf(stderr, "Could not set home dir to %s\n", homedir);

129

return -1;

130

}

131

132

/* Create new GPGME data buffer from packet buffer */

133

rc = gpgme_data_new_from_mem(&dh_crypto, packet, packet_size, 0);

134

if (rc != GPG_ERR_NO_ERROR){

135

fprintf(stderr, "bad gpgme_data_new_from_mem: %s: %s\n",

136

gpgme_strsource(rc), gpgme_strerror(rc));

137

return -1;

138

}

139

140

/* Create new empty GPGME data buffer for the plaintext */

141

rc = gpgme_data_new(&dh_plain);

142

if (rc != GPG_ERR_NO_ERROR){

143

fprintf(stderr, "bad gpgme_data_new: %s: %s\n",

144

gpgme_strsource(rc), gpgme_strerror(rc));

145

return -1;

146

}

147

148

/* Create new GPGME "context" */

149

rc = gpgme_new(&ctx);

150

if (rc != GPG_ERR_NO_ERROR){

151

fprintf(stderr, "bad gpgme_new: %s: %s\n",

152

gpgme_strsource(rc), gpgme_strerror(rc));

153

return -1;

154

}

155

156

/* Decrypt data from the FILE pointer to the plaintext data

157

buffer */

158

rc = gpgme_op_decrypt(ctx, dh_crypto, dh_plain);

159

if (rc != GPG_ERR_NO_ERROR){

160

fprintf(stderr, "bad gpgme_op_decrypt: %s: %s\n",

161

gpgme_strsource(rc), gpgme_strerror(rc));

162

return -1;

163

}

164

165

if(debug){

166

fprintf(stderr, "Decryption of OpenPGP packet succeeded\n");

167

}

168

169

if (debug){

170

gpgme_decrypt_result_t result;

171

result = gpgme_op_decrypt_result(ctx);

172

if (result == NULL){

173

fprintf(stderr, "gpgme_op_decrypt_result failed\n");

174

} else {

175

fprintf(stderr, "Unsupported algorithm: %s\n",

176

result->unsupported_algorithm);

177

fprintf(stderr, "Wrong key usage: %d\n",

178

result->wrong_key_usage);

179

if(result->file_name != NULL){

180

fprintf(stderr, "File name: %s\n", result->file_name);

181

}

182

gpgme_recipient_t recipient;

183

recipient = result->recipients;

184

if(recipient){

185

while(recipient != NULL){

186

fprintf(stderr, "Public key algorithm: %s\n",

187

gpgme_pubkey_algo_name(recipient->pubkey_algo));

188

fprintf(stderr, "Key ID: %s\n", recipient->keyid);

189

fprintf(stderr, "Secret key available: %s\n",

190

recipient->status == GPG_ERR_NO_SECKEY

191

? "No" : "Yes");

192

recipient = recipient->next;

193

}

194

}

195

}

196

}

197

198

/* Delete the GPGME FILE pointer cryptotext data buffer */

199

gpgme_data_release(dh_crypto);

200

201

/* Seek back to the beginning of the GPGME plaintext data buffer */

202

if (gpgme_data_seek(dh_plain, (off_t) 0, SEEK_SET) == -1){

203

perror("pgpme_data_seek");

204

}

205

206

*new_packet = 0;

207

while(true){

208

if (new_packet_length + BUFFER_SIZE > new_packet_capacity){

209

*new_packet = realloc(*new_packet,

210

(unsigned int)new_packet_capacity

211

+ BUFFER_SIZE);

212

if (*new_packet == NULL){

213

perror("realloc");

214

return -1;

215

}

216

new_packet_capacity += BUFFER_SIZE;

217

}

218

219

ret = gpgme_data_read(dh_plain, *new_packet + new_packet_length,

220

BUFFER_SIZE);

221

/* Print the data, if any */

222

if (ret == 0){

223

break;

224

}

225

if(ret < 0){

226

perror("gpgme_data_read");

227

return -1;

228

}

229

new_packet_length += ret;

230

}

231

232

/* FIXME: check characters before printing to screen so to not print

233

terminal control characters */

234

/* if(debug){ */

235

/* fprintf(stderr, "decrypted password is: "); */

236

/* fwrite(*new_packet, 1, new_packet_length, stderr); */

237

/* fprintf(stderr, "\n"); */

238

/* } */

239

240

/* Delete the GPGME plaintext data buffer */

241

gpgme_data_release(dh_plain);

242

return new_packet_length;

243

}

244

245

static const char * safer_gnutls_strerror (int value) {

246

const char *ret = gnutls_strerror (value);

247

if (ret == NULL)

248

ret = "(unknown)";

249

return ret;

250

}

251

252

static void debuggnutls(__attribute__((unused)) int level,

253

const char* string){

254

fprintf(stderr, "%s", string);

255

}

256

257

static int initgnutls(mandos_context *mc, gnutls_session_t *session,

258

gnutls_dh_params_t *dh_params){

259

const char *err;

260

int ret;

261

262

if(debug){

263

fprintf(stderr, "Initializing GnuTLS\n");

264

}

265

266

if ((ret = gnutls_global_init ())

267

!= GNUTLS_E_SUCCESS) {

268

fprintf (stderr, "global_init: %s\n", safer_gnutls_strerror(ret));

269

return -1;

270

}

271

272

if (debug){

273

gnutls_global_set_log_level(11);

274

gnutls_global_set_log_function(debuggnutls);

275

}

276

277

/* openpgp credentials */

278

if ((ret = gnutls_certificate_allocate_credentials (&mc->cred))

279

!= GNUTLS_E_SUCCESS) {

280

fprintf (stderr, "memory error: %s\n",

281

safer_gnutls_strerror(ret));

282

return -1;

283

}

284

285

if(debug){

286

fprintf(stderr, "Attempting to use OpenPGP certificate %s"

287

" and keyfile %s as GnuTLS credentials\n", pubkeyfile,

288

seckeyfile);

289

}

290

291

ret = gnutls_certificate_set_openpgp_key_file

292

(mc->cred, pubkeyfile, seckeyfile, GNUTLS_OPENPGP_FMT_BASE64);

293

if (ret != GNUTLS_E_SUCCESS) {

294

fprintf

295

(stderr, "Error[%d] while reading the OpenPGP key pair ('%s',"

296

" '%s')\n",

297

ret, pubkeyfile, seckeyfile);

298

fprintf(stdout, "The Error is: %s\n",

299

safer_gnutls_strerror(ret));

300

return -1;

301

}

302

303

//GnuTLS server initialization

304

if ((ret = gnutls_dh_params_init(dh_params))

305

!= GNUTLS_E_SUCCESS) {

306

fprintf (stderr, "Error in dh parameter initialization: %s\n",

307

safer_gnutls_strerror(ret));

308

return -1;

309

}

310

311

if ((ret = gnutls_dh_params_generate2(*dh_params, mc->dh_bits))

312

!= GNUTLS_E_SUCCESS) {

313

fprintf (stderr, "Error in prime generation: %s\n",

314

safer_gnutls_strerror(ret));

315

return -1;

316

}

317

318

gnutls_certificate_set_dh_params(mc->cred, *dh_params);

319

320

// GnuTLS session creation

321

if ((ret = gnutls_init(session, GNUTLS_SERVER))

322

!= GNUTLS_E_SUCCESS){

323

fprintf(stderr, "Error in GnuTLS session initialization: %s\n",

324

safer_gnutls_strerror(ret));

325

}

326

327

if ((ret = gnutls_priority_set_direct(*session, mc->priority, &err))

328

!= GNUTLS_E_SUCCESS) {

329

fprintf(stderr, "Syntax error at: %s\n", err);

330

fprintf(stderr, "GnuTLS error: %s\n",

331

safer_gnutls_strerror(ret));

332

return -1;

333

}

334

335

if ((ret = gnutls_credentials_set(*session, GNUTLS_CRD_CERTIFICATE,

336

mc->cred))

337

!= GNUTLS_E_SUCCESS) {

338

fprintf(stderr, "Error setting a credentials set: %s\n",

339

safer_gnutls_strerror(ret));

340

return -1;

341

}

342

343

/* ignore client certificate if any. */

344

gnutls_certificate_server_set_request (*session,

345

GNUTLS_CERT_IGNORE);

346

347

gnutls_dh_set_prime_bits (*session, mc->dh_bits);

348

349

return 0;

350

}

351

352

static void empty_log(__attribute__((unused)) AvahiLogLevel level,

353

__attribute__((unused)) const char *txt){}

354

355

static int start_mandos_communication(const char *ip, uint16_t port,

356

AvahiIfIndex if_index,

357

mandos_context *mc){

358

int ret, tcp_sd;

359

struct sockaddr_in6 to;

360

char *buffer = NULL;

361

char *decrypted_buffer;

362

size_t buffer_length = 0;

363

size_t buffer_capacity = 0;

364

ssize_t decrypted_buffer_size;

365

size_t written = 0;

366

int retval = 0;

367

char interface[IF_NAMESIZE];

368

gnutls_session_t session;

369

gnutls_dh_params_t dh_params;

370

371

if(debug){

372

fprintf(stderr, "Setting up a tcp connection to %s, port %d\n",

373

ip, port);

374

}

375

376

tcp_sd = socket(PF_INET6, SOCK_STREAM, 0);

377

if(tcp_sd < 0) {

378

perror("socket");

379

return -1;

380

}

381

382

if(debug){

383

if(if_indextoname((unsigned int)if_index, interface) == NULL){

384

perror("if_indextoname");

385

return -1;

386

}

387

fprintf(stderr, "Binding to interface %s\n", interface);

388

}

389

390

memset(&to,0,sizeof(to)); /* Spurious warning */

391

to.sin6_family = AF_INET6;

392

ret = inet_pton(AF_INET6, ip, &to.sin6_addr);

393

if (ret < 0 ){

394

perror("inet_pton");

395

return -1;

396

}

397

if(ret == 0){

398

fprintf(stderr, "Bad address: %s\n", ip);

399

return -1;

400

}

401

to.sin6_port = htons(port); /* Spurious warning */

402

403

to.sin6_scope_id = (uint32_t)if_index;

404

405

if(debug){

406

fprintf(stderr, "Connection to: %s, port %d\n", ip, port);

407

char addrstr[INET6_ADDRSTRLEN] = "";

408

if(inet_ntop(to.sin6_family, &(to.sin6_addr), addrstr,

409

sizeof(addrstr)) == NULL){

410

perror("inet_ntop");

411

} else {

412

if(strcmp(addrstr, ip) != 0){

413

fprintf(stderr, "Canonical address form: %s\n", addrstr);

414

}

415

}

416

}

417

418

ret = connect(tcp_sd, (struct sockaddr *) &to, sizeof(to));

419

if (ret < 0){

420

perror("connect");

421

return -1;

422

}

423

424

ret = initgnutls (mc, &session, &dh_params);

425

if (ret != 0){

426

retval = -1;

427

return -1;

428

}

429

430

gnutls_transport_set_ptr (session, (gnutls_transport_ptr_t) tcp_sd);

431

432

if(debug){

433

fprintf(stderr, "Establishing TLS session with %s\n", ip);

434

}

435

436

ret = gnutls_handshake (session);

437

438

if (ret != GNUTLS_E_SUCCESS){

439

if(debug){

440

fprintf(stderr, "\n*** Handshake failed ***\n");

441

gnutls_perror (ret);

442

}

443

retval = -1;

444

goto exit;

445

}

446

447

//Retrieve OpenPGP packet that contains the wanted password

448

449

if(debug){

450

fprintf(stderr, "Retrieving pgp encrypted password from %s\n",

451

ip);

452

}

453

454

while(true){

455

if (buffer_length + BUFFER_SIZE > buffer_capacity){

456

buffer = realloc(buffer, buffer_capacity + BUFFER_SIZE);

457

if (buffer == NULL){

458

perror("realloc");

459

goto exit;

460

}

461

buffer_capacity += BUFFER_SIZE;

462

}

463

464

ret = gnutls_record_recv(session, buffer+buffer_length,

465

BUFFER_SIZE);

466

if (ret == 0){

467

break;

468

}

469

if (ret < 0){

470

switch(ret){

471

case GNUTLS_E_INTERRUPTED:

472

case GNUTLS_E_AGAIN:

473

break;

474

case GNUTLS_E_REHANDSHAKE:

475

ret = gnutls_handshake (session);

476

if (ret < 0){

477

fprintf(stderr, "\n*** Handshake failed ***\n");

478

gnutls_perror (ret);

479

retval = -1;

480

goto exit;

481

}

482

break;

483

default:

484

fprintf(stderr, "Unknown error while reading data from"

485

" encrypted session with mandos server\n");

486

retval = -1;

487

gnutls_bye (session, GNUTLS_SHUT_RDWR);

488

goto exit;

489

}

490

} else {

491

buffer_length += (size_t) ret;

492

}

493

}

494

495

if (buffer_length > 0){

496

decrypted_buffer_size = pgp_packet_decrypt(buffer,

497

buffer_length,

498

&decrypted_buffer,

499

keydir);

500

if (decrypted_buffer_size >= 0){

501

while(written < (size_t) decrypted_buffer_size){

502

ret = (int)fwrite (decrypted_buffer + written, 1,

503

(size_t)decrypted_buffer_size - written,

504

stdout);

505

if(ret == 0 and ferror(stdout)){

506

if(debug){

507

fprintf(stderr, "Error writing encrypted data: %s\n",

508

strerror(errno));

509

}

510

retval = -1;

511

break;

512

}

513

written += (size_t)ret;

514

}

515

free(decrypted_buffer);

516

} else {

517

retval = -1;

518

}

519

}

520

521

//shutdown procedure

522

523

if(debug){

524

fprintf(stderr, "Closing TLS session\n");

525

}

526

527

free(buffer);

528

gnutls_bye (session, GNUTLS_SHUT_RDWR);

529

exit:

530

close(tcp_sd);

531

gnutls_deinit (session);

532

gnutls_certificate_free_credentials (mc->cred);

533

gnutls_global_deinit ();

534

return retval;

535

}

536

537

static void resolve_callback( AvahiSServiceResolver *r,

538

AvahiIfIndex interface,

539

AVAHI_GCC_UNUSED AvahiProtocol protocol,

540

AvahiResolverEvent event,

541

const char *name,

542

const char *type,

543

const char *domain,

544

const char *host_name,

545

const AvahiAddress *address,

546

uint16_t port,

547

AVAHI_GCC_UNUSED AvahiStringList *txt,

548

AVAHI_GCC_UNUSED AvahiLookupResultFlags flags,

549

void* userdata) {

550

mandos_context *mc = userdata;

551

assert(r); /* Spurious warning */

552

553

/* Called whenever a service has been resolved successfully or

554

timed out */

555

556

switch (event) {

557

default:

558

case AVAHI_RESOLVER_FAILURE:

559

fprintf(stderr, "(Resolver) Failed to resolve service '%s' of"

560

" type '%s' in domain '%s': %s\n", name, type, domain,

561

avahi_strerror(avahi_server_errno(mc->server)));

562

break;

563

564

case AVAHI_RESOLVER_FOUND:

565

{

566

char ip[AVAHI_ADDRESS_STR_MAX];

567

avahi_address_snprint(ip, sizeof(ip), address);

568

if(debug){

569

fprintf(stderr, "Mandos server \"%s\" found on %s (%s) on"

570

" port %d\n", name, host_name, ip, port);

571

}

572

int ret = start_mandos_communication(ip, port, interface, mc);

573

if (ret == 0){

574

exit(EXIT_SUCCESS);

575

}

576

}

577

}

578

avahi_s_service_resolver_free(r);

579

}

580

581

static void browse_callback( AvahiSServiceBrowser *b,

582

AvahiIfIndex interface,

583

AvahiProtocol protocol,

584

AvahiBrowserEvent event,

585

const char *name,

586

const char *type,

587

const char *domain,

588

AVAHI_GCC_UNUSED AvahiLookupResultFlags flags,

589

void* userdata) {

590

mandos_context *mc = userdata;

591

assert(b); /* Spurious warning */

592

593

/* Called whenever a new services becomes available on the LAN or

594

is removed from the LAN */

595

596

switch (event) {

597

default:

598

case AVAHI_BROWSER_FAILURE:

599

600

fprintf(stderr, "(Browser) %s\n",

601

avahi_strerror(avahi_server_errno(mc->server)));

602

avahi_simple_poll_quit(mc->simple_poll);

603

return;

604

605

case AVAHI_BROWSER_NEW:

606

/* We ignore the returned resolver object. In the callback

607

function we free it. If the server is terminated before

608

the callback function is called the server will free

609

the resolver for us. */

610

611

if (!(avahi_s_service_resolver_new(mc->server, interface, protocol, name,

612

type, domain,

613

AVAHI_PROTO_INET6, 0,

614

resolve_callback, mc)))

615

fprintf(stderr, "Failed to resolve service '%s': %s\n", name,

616

avahi_strerror(avahi_server_errno(mc->server)));

617

break;

618

619

case AVAHI_BROWSER_REMOVE:

620

break;

621

622

case AVAHI_BROWSER_ALL_FOR_NOW:

623

case AVAHI_BROWSER_CACHE_EXHAUSTED:

624

break;

625

}

626

}

627

628

/* Combines file name and path and returns the malloced new

629

string. some sane checks could/should be added */

630

static const char *combinepath(const char *first, const char *second){

631

size_t f_len = strlen(first);

632

size_t s_len = strlen(second);

633

char *tmp = malloc(f_len + s_len + 2);

634

if (tmp == NULL){

635

return NULL;

636

}

637

if(f_len > 0){

638

memcpy(tmp, first, f_len); /* Spurious warning */

639

}

640

tmp[f_len] = '/';

641

if(s_len > 0){

642

memcpy(tmp + f_len + 1, second, s_len); /* Spurious warning */

643

}

644

tmp[f_len + 1 + s_len] = '\0';

645

return tmp;

646

}

647

648

649

int main(AVAHI_GCC_UNUSED int argc, AVAHI_GCC_UNUSED char*argv[]) {

650

AvahiServerConfig config;

651

AvahiSServiceBrowser *sb = NULL;

652

int error;

653

int ret;

654

int debug_int;

655

int returncode = EXIT_SUCCESS;

656

const char *interface = "eth0";

657

struct ifreq network;

658

int sd;

659

char *connect_to = NULL;

660

AvahiIfIndex if_index = AVAHI_IF_UNSPEC;

661

mandos_context mc = { .simple_poll = NULL, .server = NULL,

662

.dh_bits = 1024, .priority = "SECURE256"};

663

664

debug_int = debug ? 1 : 0;

665

while (true){

666

struct option long_options[] = {

667

{"debug", no_argument, &debug_int, 1},

668

{"connect", required_argument, NULL, 'c'},

669

{"interface", required_argument, NULL, 'i'},

670

{"keydir", required_argument, NULL, 'd'},

671

{"seckey", required_argument, NULL, 's'},

672

{"pubkey", required_argument, NULL, 'p'},

673

{"dh-bits", required_argument, NULL, 'D'},

674

{"priority", required_argument, NULL, 'P'},

675

{0, 0, 0, 0} };

676

677

int option_index = 0;

678

ret = getopt_long (argc, argv, "i:", long_options,

679

&option_index);

680

681

if (ret == -1){

682

break;

683

}

684

685

switch(ret){

686

case 0:

687

break;

688

case 'i':

689

interface = optarg;

690

break;

691

case 'c':

692

connect_to = optarg;

693

break;

694

case 'd':

695

keydir = optarg;

696

break;

697

case 'p':

698

pubkeyfile = optarg;

699

break;

700

case 's':

701

seckeyfile = optarg;

702

break;

703

case 'D':

704

errno = 0;

705

mc.dh_bits = (unsigned int) strtol(optarg, NULL, 10);

706

if (errno){

707

perror("strtol");

708

exit(EXIT_FAILURE);

709

}

710

break;

711

case 'P':

712

mc.priority = optarg;

713

break;

714

case '?':

715

default:

716

exit(EXIT_FAILURE);

717

}

718

}

719

debug = debug_int ? true : false;

720

721

pubkeyfile = combinepath(keydir, pubkeyfile);

722

if (pubkeyfile == NULL){

723

perror("combinepath");

724

returncode = EXIT_FAILURE;

725

goto exit;

726

}

727

728

seckeyfile = combinepath(keydir, seckeyfile);

729

if (seckeyfile == NULL){

730

perror("combinepath");

731

goto exit;

732

}

733

734

if_index = (AvahiIfIndex) if_nametoindex(interface);

735

if(if_index == 0){

736

fprintf(stderr, "No such interface: \"%s\"\n", interface);

737

exit(EXIT_FAILURE);

738

}

739

740

if(connect_to != NULL){

741

/* Connect directly, do not use Zeroconf */

742

/* (Mainly meant for debugging) */

743

char *address = strrchr(connect_to, ':');

744

if(address == NULL){

745

fprintf(stderr, "No colon in address\n");

746

exit(EXIT_FAILURE);

747

}

748

errno = 0;

749

uint16_t port = (uint16_t) strtol(address+1, NULL, 10);

750

if(errno){

751

perror("Bad port number");

752

exit(EXIT_FAILURE);

753

}

754

*address = '\0';

755

address = connect_to;

756

ret = start_mandos_communication(address, port, if_index, &mc);

757

if(ret < 0){

758

exit(EXIT_FAILURE);

759

} else {

760

exit(EXIT_SUCCESS);

761

}

762

}

763

764

sd = socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP);

765

if(sd < 0) {

766

perror("socket");

767

returncode = EXIT_FAILURE;

768

goto exit;

769

}

770

strcpy(network.ifr_name, interface); /* Spurious warning */

771

ret = ioctl(sd, SIOCGIFFLAGS, &network);

772

if(ret == -1){

773

774

perror("ioctl SIOCGIFFLAGS");

775

returncode = EXIT_FAILURE;

776

goto exit;

777

}

778

if((network.ifr_flags & IFF_UP) == 0){

779

network.ifr_flags |= IFF_UP;

780

ret = ioctl(sd, SIOCSIFFLAGS, &network);

781

if(ret == -1){

782

perror("ioctl SIOCSIFFLAGS");

783

returncode = EXIT_FAILURE;

784

goto exit;

785

}

786

}

787

close(sd);

788

789

if (not debug){

790

avahi_set_log_function(empty_log);

791

}

792

793

/* Initialize the psuedo-RNG */

794

srand((unsigned int) time(NULL));

795

796

/* Allocate main loop object */

797

if (!(mc.simple_poll = avahi_simple_poll_new())) {

798

fprintf(stderr, "Failed to create simple poll object.\n");

799

returncode = EXIT_FAILURE;

800

goto exit;

801

}

802

803

/* Do not publish any local records */

804

avahi_server_config_init(&config);

805

config.publish_hinfo = 0;

806

config.publish_addresses = 0;

807

config.publish_workstation = 0;

808

config.publish_domain = 0;

809

810

/* Allocate a new server */

811

mc.server=avahi_server_new(avahi_simple_poll_get(mc.simple_poll),

812

&config, NULL, NULL, &error);

813

814

/* Free the configuration data */

815

avahi_server_config_free(&config);

816

817

/* Check if creating the server object succeeded */

818

if (!mc.server) {

819

fprintf(stderr, "Failed to create server: %s\n",

820

avahi_strerror(error));

821

returncode = EXIT_FAILURE;

822

goto exit;

823

}

824

825

/* Create the service browser */

826

sb = avahi_s_service_browser_new(mc.server, if_index,

827

AVAHI_PROTO_INET6,

828

"_mandos._tcp", NULL, 0,

829

browse_callback, &mc);

830

if (!sb) {

831

fprintf(stderr, "Failed to create service browser: %s\n",

832

avahi_strerror(avahi_server_errno(mc.server)));

833

returncode = EXIT_FAILURE;

834

goto exit;

835

}

836

837

/* Run the main loop */

838

839

if (debug){

840

fprintf(stderr, "Starting avahi loop search\n");

841

}

842

843

avahi_simple_poll_loop(mc.simple_poll);

844

845

exit:

846

847

if (debug){

848

fprintf(stderr, "%s exiting\n", argv[0]);

849

}

850

851

/* Cleanup things */

852

if (sb)

853

avahi_s_service_browser_free(sb);

854

855

if (mc.server)

856

avahi_server_free(mc.server);

857

858

if (mc.simple_poll)

859

avahi_simple_poll_free(mc.simple_poll);

860

free(pubkeyfile);

861

free(seckeyfile);

862

863

return returncode;

864

}

Older »