/mandos/release : revision 39

32

#define _LARGEFILE_SOURCE

33

#define _FILE_OFFSET_BITS 64

34

35

#define _GNU_SOURCE /* TEMP_FAILURE_RETRY() */

36

37

35

#include <stdio.h>

38

36

#include <assert.h>

39

37

#include <stdlib.h>

51

49

#include <avahi-common/malloc.h>

52

50

#include <avahi-common/error.h>

53

51

54

/* Mandos client part */

52

//mandos client part

55

53

#include <sys/types.h> /* socket(), inet_pton() */

56

54

#include <sys/socket.h> /* socket(), struct sockaddr_in6,

57

55

struct in6_addr, inet_pton() */

64

62

#include <string.h> /* memset */

65

63

#include <arpa/inet.h> /* inet_pton() */

66

64

#include <iso646.h> /* not */

67

#include <net/if.h> /* IF_NAMESIZE */

68

#include <argp.h> /* struct argp_option,

69

struct argp_state, struct argp,

70

argp_parse() */

71

/* GPGME */

65

66

// gpgme

72

67

#include <errno.h> /* perror() */

73

68

#include <gpgme.h>

74

69

70

// getopt_long

71

#include <getopt.h>

72

75

73

#define BUFFER_SIZE 256

76

74

75

static const char *keydir = "/conf/conf.d/mandos";

76

static const char *pubkeyfile = "pubkey.txt";

77

static const char *seckeyfile = "seckey.txt";

78

77

79

bool debug = false;

78

static const char *keydir = "/conf/conf.d/mandos";

79

static const char mandos_protocol_version[] = "1";

80

const char *argp_program_version = "mandosclient 0.9";

81

const char *argp_program_bug_address = "<mandos@fukt.bsnet.se>";

82

80

83

/* Used for passing in values through the Avahi callback functions */

81

/* Used for passing in values through all the callback functions */

84

82

typedef struct {

85

83

AvahiSimplePoll *simple_poll;

86

84

AvahiServer *server;

87

85

gnutls_certificate_credentials_t cred;

88

86

unsigned int dh_bits;

89

gnutls_dh_params_t dh_params;

90

87

const char *priority;

91

88

} mandos_context;

92

89

93

/*

94

* Make room in "buffer" for at least BUFFER_SIZE additional bytes.

95

* "buffer_capacity" is how much is currently allocated,

96

* "buffer_length" is how much is already used.

97

*/

98

size_t adjustbuffer(char **buffer, size_t buffer_length,

99

size_t buffer_capacity){

100

if (buffer_length + BUFFER_SIZE > buffer_capacity){

101

*buffer = realloc(*buffer, buffer_capacity + BUFFER_SIZE);

102

if (buffer == NULL){

103

return 0;

104

}

105

buffer_capacity += BUFFER_SIZE;

106

}

107

return buffer_capacity;

108

}

109

110

90

/*

111

91

* Decrypt OpenPGP data using keyrings in HOMEDIR.

112

92

* Returns -1 on error

119

99

gpgme_ctx_t ctx;

120

100

gpgme_error_t rc;

121

101

ssize_t ret;

122

size_t plaintext_capacity = 0;

102

ssize_t plaintext_capacity = 0;

123

103

ssize_t plaintext_length = 0;

124

104

gpgme_engine_info_t engine_info;

125

105

235

215

236

216

*plaintext = NULL;

237

217

while(true){

238

plaintext_capacity = adjustbuffer(plaintext,

239

(size_t)plaintext_length,

240

plaintext_capacity);

241

if (plaintext_capacity == 0){

242

perror("adjustbuffer");

218

if (plaintext_length + BUFFER_SIZE > plaintext_capacity){

219

*plaintext = realloc(*plaintext,

220

(unsigned int)plaintext_capacity

221

+ BUFFER_SIZE);

222

if (*plaintext == NULL){

223

perror("realloc");

243

224

plaintext_length = -1;

244

225

goto decrypt_end;

226

}

227

plaintext_capacity += BUFFER_SIZE;

245

228

}

246

229

247

230

ret = gpgme_data_read(dh_plain, *plaintext + plaintext_length,

261

244

262

245

if(debug){

263

246

fprintf(stderr, "Decrypted password is: ");

264

for(ssize_t i = 0; i < plaintext_length; i++){

247

for(size_t i = 0; i < plaintext_length; i++){

265

248

fprintf(stderr, "%02hhX ", (*plaintext)[i]);

266

249

}

267

250

fprintf(stderr, "\n");

284

267

return ret;

285

268

}

286

269

287

/* GnuTLS log function callback */

288

270

static void debuggnutls(__attribute__((unused)) int level,

289

271

const char* string){

290

fprintf(stderr, "GnuTLS: %s", string);

272

fprintf(stderr, "%s", string);

291

273

}

292

274

293

static int init_gnutls_global(mandos_context *mc,

294

const char *pubkeyfile,

295

const char *seckeyfile){

275

static int initgnutls(mandos_context *mc, gnutls_session_t *session,

276

gnutls_dh_params_t *dh_params){

277

const char *err;

296

278

int ret;

297

279

298

280

if(debug){

301

283

302

284

if ((ret = gnutls_global_init ())

303

285

!= GNUTLS_E_SUCCESS) {

304

fprintf (stderr, "GnuTLS global_init: %s\n",

305

safer_gnutls_strerror(ret));

286

fprintf (stderr, "global_init: %s\n", safer_gnutls_strerror(ret));

306

287

return -1;

307

288

}

308

289

309

290

if (debug){

310

/* "Use a log level over 10 to enable all debugging options."

311

* - GnuTLS manual

312

*/

313

291

gnutls_global_set_log_level(11);

314

292

gnutls_global_set_log_function(debuggnutls);

315

293

}

316

294

317

/* OpenPGP credentials */

295

/* openpgp credentials */

318

296

if ((ret = gnutls_certificate_allocate_credentials (&mc->cred))

319

297

!= GNUTLS_E_SUCCESS) {

320

fprintf (stderr, "GnuTLS memory error: %s\n",

298

fprintf (stderr, "memory error: %s\n",

321

299

safer_gnutls_strerror(ret));

322

300

return -1;

323

301

}

331

309

ret = gnutls_certificate_set_openpgp_key_file

332

310

(mc->cred, pubkeyfile, seckeyfile, GNUTLS_OPENPGP_FMT_BASE64);

333

311

if (ret != GNUTLS_E_SUCCESS) {

334

fprintf(stderr,

335

"Error[%d] while reading the OpenPGP key pair ('%s',"

336

" '%s')\n", ret, pubkeyfile, seckeyfile);

337

fprintf(stdout, "The GnuTLS error is: %s\n",

312

fprintf

313

(stderr, "Error[%d] while reading the OpenPGP key pair ('%s',"

314

" '%s')\n",

315

ret, pubkeyfile, seckeyfile);

316

fprintf(stdout, "The Error is: %s\n",

338

317

safer_gnutls_strerror(ret));

339

318

return -1;

340

319

}

341

320

342

/* GnuTLS server initialization */

343

ret = gnutls_dh_params_init(&mc->dh_params);

344

if (ret != GNUTLS_E_SUCCESS) {

345

fprintf (stderr, "Error in GnuTLS DH parameter initialization:"

346

" %s\n", safer_gnutls_strerror(ret));

347

return -1;

348

}

349

ret = gnutls_dh_params_generate2(mc->dh_params, mc->dh_bits);

350

if (ret != GNUTLS_E_SUCCESS) {

351

fprintf (stderr, "Error in GnuTLS prime generation: %s\n",

352

safer_gnutls_strerror(ret));

353

return -1;

354

}

355

356

gnutls_certificate_set_dh_params(mc->cred, mc->dh_params);

357

358

return 0;

359

}

360

361

static int init_gnutls_session(mandos_context *mc,

362

gnutls_session_t *session){

363

int ret;

364

/* GnuTLS session creation */

365

ret = gnutls_init(session, GNUTLS_SERVER);

366

if (ret != GNUTLS_E_SUCCESS){

321

//GnuTLS server initialization

322

if ((ret = gnutls_dh_params_init(dh_params))

323

!= GNUTLS_E_SUCCESS) {

324

fprintf (stderr, "Error in dh parameter initialization: %s\n",

325

safer_gnutls_strerror(ret));

326

return -1;

327

}

328

329

if ((ret = gnutls_dh_params_generate2(*dh_params, mc->dh_bits))

330

!= GNUTLS_E_SUCCESS) {

331

fprintf (stderr, "Error in prime generation: %s\n",

332

safer_gnutls_strerror(ret));

333

return -1;

334

}

335

336

gnutls_certificate_set_dh_params(mc->cred, *dh_params);

337

338

// GnuTLS session creation

339

if ((ret = gnutls_init(session, GNUTLS_SERVER))

340

!= GNUTLS_E_SUCCESS){

367

341

fprintf(stderr, "Error in GnuTLS session initialization: %s\n",

368

342

safer_gnutls_strerror(ret));

369

343

}

370

344

371

{

372

const char *err;

373

ret = gnutls_priority_set_direct(*session, mc->priority, &err);

374

if (ret != GNUTLS_E_SUCCESS) {

375

fprintf(stderr, "Syntax error at: %s\n", err);

376

fprintf(stderr, "GnuTLS error: %s\n",

377

safer_gnutls_strerror(ret));

378

return -1;

379

}

345

if ((ret = gnutls_priority_set_direct(*session, mc->priority, &err))

346

!= GNUTLS_E_SUCCESS) {

347

fprintf(stderr, "Syntax error at: %s\n", err);

348

fprintf(stderr, "GnuTLS error: %s\n",

349

safer_gnutls_strerror(ret));

350

return -1;

380

351

}

381

352

382

ret = gnutls_credentials_set(*session, GNUTLS_CRD_CERTIFICATE,

383

mc->cred);

384

if (ret != GNUTLS_E_SUCCESS) {

385

fprintf(stderr, "Error setting GnuTLS credentials: %s\n",

353

if ((ret = gnutls_credentials_set(*session, GNUTLS_CRD_CERTIFICATE,

354

mc->cred))

355

!= GNUTLS_E_SUCCESS) {

356

fprintf(stderr, "Error setting a credentials set: %s\n",

386

357

safer_gnutls_strerror(ret));

387

358

return -1;

388

359

}

396

367

return 0;

397

368

}

398

369

399

/* Avahi log function callback */

400

370

static void empty_log(__attribute__((unused)) AvahiLogLevel level,

401

371

__attribute__((unused)) const char *txt){}

402

372

403

/* Called when a Mandos server is found */

404

373

static int start_mandos_communication(const char *ip, uint16_t port,

405

374

AvahiIfIndex if_index,

406

375

mandos_context *mc){

407

376

int ret, tcp_sd;

408

union { struct sockaddr in; struct sockaddr_in6 in6; } to;

377

struct sockaddr_in6 to;

409

378

char *buffer = NULL;

410

379

char *decrypted_buffer;

411

380

size_t buffer_length = 0;

412

381

size_t buffer_capacity = 0;

413

382

ssize_t decrypted_buffer_size;

414

size_t written;

383

size_t written = 0;

415

384

int retval = 0;

416

385

char interface[IF_NAMESIZE];

417

386

gnutls_session_t session;

418

419

ret = init_gnutls_session (mc, &session);

420

if (ret != 0){

421

return -1;

422

}

387

gnutls_dh_params_t dh_params;

423

388

424

389

if(debug){

425

390

fprintf(stderr, "Setting up a tcp connection to %s, port %d\n",

441

406

}

442

407

443

408

memset(&to,0,sizeof(to)); /* Spurious warning */

444

to.in6.sin6_family = AF_INET6;

445

/* It would be nice to have a way to detect if we were passed an

446

IPv4 address here. Now we assume an IPv6 address. */

447

ret = inet_pton(AF_INET6, ip, &to.in6.sin6_addr);

409

to.sin6_family = AF_INET6;

410

ret = inet_pton(AF_INET6, ip, &to.sin6_addr);

448

411

if (ret < 0 ){

449

412

perror("inet_pton");

450

413

return -1;

453

416

fprintf(stderr, "Bad address: %s\n", ip);

454

417

return -1;

455

418

}

456

to.in6.sin6_port = htons(port); /* Spurious warning */

419

to.sin6_port = htons(port); /* Spurious warning */

457

420

458

to.in6.sin6_scope_id = (uint32_t)if_index;

421

to.sin6_scope_id = (uint32_t)if_index;

459

422

460

423

if(debug){

461

424

fprintf(stderr, "Connection to: %s, port %d\n", ip, port);

462

425

char addrstr[INET6_ADDRSTRLEN] = "";

463

if(inet_ntop(to.in6.sin6_family, &(to.in6.sin6_addr), addrstr,

426

if(inet_ntop(to.sin6_family, &(to.sin6_addr), addrstr,

464

427

sizeof(addrstr)) == NULL){

465

428

perror("inet_ntop");

466

429

} else {

470

433

}

471

434

}

472

435

473

ret = connect(tcp_sd, &to.in, sizeof(to));

436

ret = connect(tcp_sd, (struct sockaddr *) &to, sizeof(to));

474

437

if (ret < 0){

475

438

perror("connect");

476

439

return -1;

477

440

}

478

479

const char *out = mandos_protocol_version;

480

written = 0;

481

while (true){

482

size_t out_size = strlen(out);

483

ret = TEMP_FAILURE_RETRY(write(tcp_sd, out + written,

484

out_size - written));

485

if (ret == -1){

486

perror("write");

487

retval = -1;

488

goto mandos_end;

489

}

490

written += (size_t)ret;

491

if(written < out_size){

492

continue;

493

} else {

494

if (out == mandos_protocol_version){

495

written = 0;

496

out = "\r\n";

497

} else {

498

break;

499

}

500

}

441

442

ret = initgnutls (mc, &session, &dh_params);

443

if (ret != 0){

444

retval = -1;

445

return -1;

501

446

}

502

447

448

gnutls_transport_set_ptr (session, (gnutls_transport_ptr_t) tcp_sd);

449

503

450

if(debug){

504

451

fprintf(stderr, "Establishing TLS session with %s\n", ip);

505

452

}

506

453

507

gnutls_transport_set_ptr (session, (gnutls_transport_ptr_t) tcp_sd);

508

509

454

ret = gnutls_handshake (session);

510

455

511

456

if (ret != GNUTLS_E_SUCCESS){

512

457

if(debug){

513

fprintf(stderr, "*** GnuTLS Handshake failed ***\n");

458

fprintf(stderr, "\n*** Handshake failed ***\n");

514

459

gnutls_perror (ret);

515

460

}

516

461

retval = -1;

517

goto mandos_end;

462

goto exit;

518

463

}

519

464

520

/* Read OpenPGP packet that contains the wanted password */

465

//Retrieve OpenPGP packet that contains the wanted password

521

466

522

467

if(debug){

523

468

fprintf(stderr, "Retrieving pgp encrypted password from %s\n",

525

470

}

526

471

527

472

while(true){

528

buffer_capacity = adjustbuffer(&buffer, buffer_length,

529

buffer_capacity);

530

if (buffer_capacity == 0){

531

perror("adjustbuffer");

532

retval = -1;

533

goto mandos_end;

473

if (buffer_length + BUFFER_SIZE > buffer_capacity){

474

buffer = realloc(buffer, buffer_capacity + BUFFER_SIZE);

475

if (buffer == NULL){

476

perror("realloc");

477

goto exit;

478

}

479

buffer_capacity += BUFFER_SIZE;

534

480

}

535

481

536

482

ret = gnutls_record_recv(session, buffer+buffer_length,

546

492

case GNUTLS_E_REHANDSHAKE:

547

493

ret = gnutls_handshake (session);

548

494

if (ret < 0){

549

fprintf(stderr, "*** GnuTLS Re-handshake failed ***\n");

495

fprintf(stderr, "\n*** Handshake failed ***\n");

550

496

gnutls_perror (ret);

551

497

retval = -1;

552

goto mandos_end;

498

goto exit;

553

499

}

554

500

break;

555

501

default:

556

502

fprintf(stderr, "Unknown error while reading data from"

557

" encrypted session with Mandos server\n");

503

" encrypted session with mandos server\n");

558

504

retval = -1;

559

505

gnutls_bye (session, GNUTLS_SHUT_RDWR);

560

goto mandos_end;

506

goto exit;

561

507

}

562

508

} else {

563

509

buffer_length += (size_t) ret;

564

510

}

565

511

}

566

512

567

if(debug){

568

fprintf(stderr, "Closing TLS session\n");

569

}

570

571

gnutls_bye (session, GNUTLS_SHUT_RDWR);

572

573

513

if (buffer_length > 0){

574

514

decrypted_buffer_size = pgp_packet_decrypt(buffer,

575

515

buffer_length,

576

516

&decrypted_buffer,

577

517

keydir);

578

518

if (decrypted_buffer_size >= 0){

579

written = 0;

580

519

while(written < (size_t) decrypted_buffer_size){

581

520

ret = (int)fwrite (decrypted_buffer + written, 1,

582

521

(size_t)decrypted_buffer_size - written,

596

535

retval = -1;

597

536

}

598

537

}

599

600

/* Shutdown procedure */

601

602

mandos_end:

538

539

//shutdown procedure

540

541

if(debug){

542

fprintf(stderr, "Closing TLS session\n");

543

}

544

603

545

free(buffer);

546

gnutls_bye (session, GNUTLS_SHUT_RDWR);

547

exit:

604

548

close(tcp_sd);

605

549

gnutls_deinit (session);

606

550

gnutls_certificate_free_credentials (mc->cred);

631

575

switch (event) {

632

576

default:

633

577

case AVAHI_RESOLVER_FAILURE:

634

fprintf(stderr, "(Avahi Resolver) Failed to resolve service '%s'"

635

" of type '%s' in domain '%s': %s\n", name, type, domain,

578

fprintf(stderr, "(Resolver) Failed to resolve service '%s' of"

579

" type '%s' in domain '%s': %s\n", name, type, domain,

636

580

avahi_strerror(avahi_server_errno(mc->server)));

637

581

break;

638

582

641

585

char ip[AVAHI_ADDRESS_STR_MAX];

642

586

avahi_address_snprint(ip, sizeof(ip), address);

643

587

if(debug){

644

fprintf(stderr, "Mandos server \"%s\" found on %s (%s, %d) on"

645

" port %d\n", name, host_name, ip, interface, port);

588

fprintf(stderr, "Mandos server \"%s\" found on %s (%s) on"

589

" port %d\n", name, host_name, ip, port);

646

590

}

647

591

int ret = start_mandos_communication(ip, port, interface, mc);

648

592

if (ret == 0){

673

617

default:

674

618

case AVAHI_BROWSER_FAILURE:

675

619

676

fprintf(stderr, "(Avahi browser) %s\n",

620

fprintf(stderr, "(Browser) %s\n",

677

621

avahi_strerror(avahi_server_errno(mc->server)));

678

622

avahi_simple_poll_quit(mc->simple_poll);

679

623

return;

680

624

681

625

case AVAHI_BROWSER_NEW:

682

/* We ignore the returned Avahi resolver object. In the callback

683

function we free it. If the Avahi server is terminated before

684

the callback function is called the Avahi server will free the

685

resolver for us. */

626

/* We ignore the returned resolver object. In the callback

627

function we free it. If the server is terminated before

628

the callback function is called the server will free

629

the resolver for us. */

686

630

687

631

if (!(avahi_s_service_resolver_new(mc->server, interface,

688

632

protocol, name, type, domain,

689

633

AVAHI_PROTO_INET6, 0,

690

634

resolve_callback, mc)))

691

fprintf(stderr, "Avahi: Failed to resolve service '%s': %s\n",

692

name, avahi_strerror(avahi_server_errno(mc->server)));

635

fprintf(stderr, "Failed to resolve service '%s': %s\n", name,

636

avahi_strerror(avahi_server_errno(mc->server)));

693

637

break;

694

638

695

639

case AVAHI_BROWSER_REMOVE:

697

641

698

642

case AVAHI_BROWSER_ALL_FOR_NOW:

699

643

case AVAHI_BROWSER_CACHE_EXHAUSTED:

700

if(debug){

701

fprintf(stderr, "No Mandos server found, still searching...\n");

702

}

703

644

break;

704

645

}

705

646

}

725

666

}

726

667

727

668

728

int main(int argc, char *argv[]){

669

int main(AVAHI_GCC_UNUSED int argc, AVAHI_GCC_UNUSED char*argv[]) {

670

AvahiServerConfig config;

729

671

AvahiSServiceBrowser *sb = NULL;

730

672

int error;

731

673

int ret;

732

int exitcode = EXIT_SUCCESS;

674

int debug_int;

675

int returncode = EXIT_SUCCESS;

733

676

const char *interface = "eth0";

734

677

struct ifreq network;

735

678

int sd;

736

uid_t uid;

737

gid_t gid;

738

679

char *connect_to = NULL;

739

680

AvahiIfIndex if_index = AVAHI_IF_UNSPEC;

740

const char *pubkeyfile = "pubkey.txt";

741

const char *seckeyfile = "seckey.txt";

742

681

mandos_context mc = { .simple_poll = NULL, .server = NULL,

743

682

.dh_bits = 1024, .priority = "SECURE256"};

744

683

745

{

746

struct argp_option options[] = {

747

{ .name = "debug", .key = 128,

748

.doc = "Debug mode", .group = 3 },

749

{ .name = "connect", .key = 'c',

750

.arg = "IP",

751

.doc = "Connect directly to a sepcified mandos server",

752

.group = 1 },

753

{ .name = "interface", .key = 'i',

754

.arg = "INTERFACE",

755

.doc = "Interface that Avahi will conntect through",

756

.group = 1 },

757

{ .name = "keydir", .key = 'd',

758

.arg = "KEYDIR",

759

.doc = "Directory where the openpgp keyring is",

760

.group = 1 },

761

{ .name = "seckey", .key = 's',

762

.arg = "SECKEY",

763

.doc = "Secret openpgp key for gnutls authentication",

764

.group = 1 },

765

{ .name = "pubkey", .key = 'p',

766

.arg = "PUBKEY",

767

.doc = "Public openpgp key for gnutls authentication",

768

.group = 2 },

769

{ .name = "dh-bits", .key = 129,

770

.arg = "BITS",

771

.doc = "dh-bits to use in gnutls communication",

772

.group = 2 },

773

{ .name = "priority", .key = 130,

774

.arg = "PRIORITY",

775

.doc = "GNUTLS priority", .group = 1 },

776

{ .name = NULL }

777

};

778

779

780

error_t parse_opt (int key, char *arg,

781

struct argp_state *state) {

782

/* Get the INPUT argument from `argp_parse', which we know is

783

a pointer to our plugin list pointer. */

784

switch (key) {

785

case 128:

786

debug = true;

787

break;

788

case 'c':

789

connect_to = arg;

790

break;

791

case 'i':

792

interface = arg;

793

break;

794

case 'd':

795

keydir = arg;

796

break;

797

case 's':

798

seckeyfile = arg;

799

break;

800

case 'p':

801

pubkeyfile = arg;

802

break;

803

case 129:

804

errno = 0;

805

mc.dh_bits = (unsigned int) strtol(arg, NULL, 10);

806

if (errno){

807

perror("strtol");

808

exit(EXIT_FAILURE);

809

}

810

break;

811

case 130:

812

mc.priority = arg;

813

break;

814

case ARGP_KEY_ARG:

815

argp_usage (state);

816

break;

817

case ARGP_KEY_END:

818

break;

819

default:

820

return ARGP_ERR_UNKNOWN;

684

debug_int = debug ? 1 : 0;

685

while (true){

686

struct option long_options[] = {

687

{"debug", no_argument, &debug_int, 1},

688

{"connect", required_argument, NULL, 'c'},

689

{"interface", required_argument, NULL, 'i'},

690

{"keydir", required_argument, NULL, 'd'},

691

{"seckey", required_argument, NULL, 's'},

692

{"pubkey", required_argument, NULL, 'p'},

693

{"dh-bits", required_argument, NULL, 'D'},

694

{"priority", required_argument, NULL, 'P'},

695

{0, 0, 0, 0} };

696

697

int option_index = 0;

698

ret = getopt_long (argc, argv, "i:", long_options,

699

&option_index);

700

701

if (ret == -1){

702

break;

703

}

704

705

switch(ret){

706

case 0:

707

break;

708

case 'i':

709

interface = optarg;

710

break;

711

case 'c':

712

connect_to = optarg;

713

break;

714

case 'd':

715

keydir = optarg;

716

break;

717

case 'p':

718

pubkeyfile = optarg;

719

break;

720

case 's':

721

seckeyfile = optarg;

722

break;

723

case 'D':

724

errno = 0;

725

mc.dh_bits = (unsigned int) strtol(optarg, NULL, 10);

726

if (errno){

727

perror("strtol");

728

exit(EXIT_FAILURE);

821

729

}

822

return 0;

730

break;

731

case 'P':

732

mc.priority = optarg;

733

break;

734

case '?':

735

default:

736

exit(EXIT_FAILURE);

823

737

}

824

825

struct argp argp = { .options = options, .parser = parse_opt,

826

.args_doc = "",

827

.doc = "Mandos client -- Get and decrypt"

828

" passwords from mandos server" };

829

argp_parse (&argp, argc, argv, 0, 0, NULL);

830

738

}

831

739

debug = debug_int ? true : false;

740

832

741

pubkeyfile = combinepath(keydir, pubkeyfile);

833

742

if (pubkeyfile == NULL){

834

743

perror("combinepath");

835

exitcode = EXIT_FAILURE;

836

goto end;

744

returncode = EXIT_FAILURE;

745

goto exit;

837

746

}

838

747

839

748

seckeyfile = combinepath(keydir, seckeyfile);

840

749

if (seckeyfile == NULL){

841

750

perror("combinepath");

842

goto end;

843

}

844

845

ret = init_gnutls_global(&mc, pubkeyfile, seckeyfile);

846

if (ret == -1){

847

fprintf(stderr, "init_gnutls_global\n");

848

goto end;

849

}

850

851

uid = getuid();

852

gid = getgid();

853

854

ret = setuid(uid);

855

if (ret == -1){

856

perror("setuid");

857

}

858

859

setgid(gid);

860

if (ret == -1){

861

perror("setgid");

751

goto exit;

862

752

}

863

753

864

754

if_index = (AvahiIfIndex) if_nametoindex(interface);

873

763

char *address = strrchr(connect_to, ':');

874

764

if(address == NULL){

875

765

fprintf(stderr, "No colon in address\n");

876

exitcode = EXIT_FAILURE;

877

goto end;

766

exit(EXIT_FAILURE);

878

767

}

879

768

errno = 0;

880

769

uint16_t port = (uint16_t) strtol(address+1, NULL, 10);

881

770

if(errno){

882

771

perror("Bad port number");

883

exitcode = EXIT_FAILURE;

884

goto end;

772

exit(EXIT_FAILURE);

885

773

}

886

774

*address = '\0';

887

775

address = connect_to;

888

776

ret = start_mandos_communication(address, port, if_index, &mc);

889

777

if(ret < 0){

890

exitcode = EXIT_FAILURE;

778

exit(EXIT_FAILURE);

891

779

} else {

892

exitcode = EXIT_SUCCESS;

780

exit(EXIT_SUCCESS);

893

781

}

894

goto end;

895

782

}

896

783

897

/* If the interface is down, bring it up */

898

{

899

sd = socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP);

900

if(sd < 0) {

901

perror("socket");

902

exitcode = EXIT_FAILURE;

903

goto end;

904

}

905

strcpy(network.ifr_name, interface); /* Spurious warning */

906

ret = ioctl(sd, SIOCGIFFLAGS, &network);

784

sd = socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP);

785

if(sd < 0) {

786

perror("socket");

787

returncode = EXIT_FAILURE;

788

goto exit;

789

}

790

strcpy(network.ifr_name, interface); /* Spurious warning */

791

ret = ioctl(sd, SIOCGIFFLAGS, &network);

792

if(ret == -1){

793

794

perror("ioctl SIOCGIFFLAGS");

795

returncode = EXIT_FAILURE;

796

goto exit;

797

}

798

if((network.ifr_flags & IFF_UP) == 0){

799

network.ifr_flags |= IFF_UP;

800

ret = ioctl(sd, SIOCSIFFLAGS, &network);

907

801

if(ret == -1){

908

perror("ioctl SIOCGIFFLAGS");

909

exitcode = EXIT_FAILURE;

910

goto end;

911

}

912

if((network.ifr_flags & IFF_UP) == 0){

913

network.ifr_flags |= IFF_UP;

914

ret = ioctl(sd, SIOCSIFFLAGS, &network);

915

if(ret == -1){

916

perror("ioctl SIOCSIFFLAGS");

917

exitcode = EXIT_FAILURE;

918

goto end;

919

}

920

}

921

close(sd);

802

perror("ioctl SIOCSIFFLAGS");

803

returncode = EXIT_FAILURE;

804

goto exit;

805

}

922

806

}

807

close(sd);

923

808

924

809

if (not debug){

925

810

avahi_set_log_function(empty_log);

926

811

}

927

812

928

/* Initialize the pseudo-RNG for Avahi */

813

/* Initialize the psuedo-RNG */

929

814

srand((unsigned int) time(NULL));

930

931

/* Allocate main Avahi loop object */

932

mc.simple_poll = avahi_simple_poll_new();

933

if (mc.simple_poll == NULL) {

934

fprintf(stderr, "Avahi: Failed to create simple poll"

935

" object.\n");

936

exitcode = EXIT_FAILURE;

937

goto end;

938

}

939

940

{

941

AvahiServerConfig config;

942

/* Do not publish any local Zeroconf records */

943

avahi_server_config_init(&config);

944

config.publish_hinfo = 0;

945

config.publish_addresses = 0;

946

config.publish_workstation = 0;

947

config.publish_domain = 0;

948

949

/* Allocate a new server */

950

mc.server = avahi_server_new(avahi_simple_poll_get

951

(mc.simple_poll), &config, NULL,

952

NULL, &error);

953

954

/* Free the Avahi configuration data */

955

avahi_server_config_free(&config);

956

}

957

958

/* Check if creating the Avahi server object succeeded */

959

if (mc.server == NULL) {

960

fprintf(stderr, "Failed to create Avahi server: %s\n",

815

816

/* Allocate main loop object */

817

if (!(mc.simple_poll = avahi_simple_poll_new())) {

818

fprintf(stderr, "Failed to create simple poll object.\n");

819

returncode = EXIT_FAILURE;

820

goto exit;

821

}

822

823

/* Do not publish any local records */

824

avahi_server_config_init(&config);

825

config.publish_hinfo = 0;

826

config.publish_addresses = 0;

827

config.publish_workstation = 0;

828

config.publish_domain = 0;

829

830

/* Allocate a new server */

831

mc.server=avahi_server_new(avahi_simple_poll_get(mc.simple_poll),

832

&config, NULL, NULL, &error);

833

834

/* Free the configuration data */

835

avahi_server_config_free(&config);

836

837

/* Check if creating the server object succeeded */

838

if (!mc.server) {

839

fprintf(stderr, "Failed to create server: %s\n",

961

840

avahi_strerror(error));

962

exitcode = EXIT_FAILURE;

963

goto end;

841

returncode = EXIT_FAILURE;

842

goto exit;

964

843

}

965

844

966

/* Create the Avahi service browser */

845

/* Create the service browser */

967

846

sb = avahi_s_service_browser_new(mc.server, if_index,

968

847

AVAHI_PROTO_INET6,

969

848

"_mandos._tcp", NULL, 0,

970

849

browse_callback, &mc);

971

if (sb == NULL) {

850

if (!sb) {

972

851

fprintf(stderr, "Failed to create service browser: %s\n",

973

852

avahi_strerror(avahi_server_errno(mc.server)));

974

exitcode = EXIT_FAILURE;

975

goto end;

853

returncode = EXIT_FAILURE;

854

goto exit;

976

855

}

977

856

978

857

/* Run the main loop */

979

858

980

859

if (debug){

981

fprintf(stderr, "Starting Avahi loop search\n");

860

fprintf(stderr, "Starting avahi loop search\n");

982

861

}

983

862

984

863

avahi_simple_poll_loop(mc.simple_poll);

985

864

986

end:

865

exit:

987

866

988

867

if (debug){

989

868

fprintf(stderr, "%s exiting\n", argv[0]);

990

869

}

991

870

992

871

/* Cleanup things */

993

if (sb != NULL)

872

if (sb)

994

873

avahi_s_service_browser_free(sb);

995

874

996

if (mc.server != NULL)

875

if (mc.server)

997

876

avahi_server_free(mc.server);

998

877

999

if (mc.simple_poll != NULL)

878

if (mc.simple_poll)

1000

879

avahi_simple_poll_free(mc.simple_poll);

1001

880

free(pubkeyfile);

1002

881

free(seckeyfile);

1003

882

1004

return exitcode;

883

return returncode;

1005

884

}