/mandos/release : revision 5

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to plugins.d/mandosclient.c

Committer: Teddy Hogeborn
Date: 2008-01-18 20:11:37 UTC
Revision ID: teddy@fukt.bsnet.se-20080118201137-oxhupsfl5ut9cjz5

* server.py (server_metaclass): New.
  (IPv6_UDPServer, IPv6_TCPServer): Use "server_metaclass" instead of
  "server_bind" and "init_with_options".  Removed "address_family" and
  "allow_reuse_address", since they are now added in "server_metaclass".
  (server_bind, init_with_options): Removed.

  (main): Pass "options" to Client constructor.
  (Client.__init__): Take an "options" parameter and use it.

files added:
bad-ca.pem

bad-cert.pem

bad-client-cert.pem

bad-client-key.pem

bad-crl.pem

bad-key.pem

client.cpp

clients.conf

server.cpp

files removed:
plugbasedclient.c

plugins.d

plugins.d/mandosclient.c

plugins.d/passprompt.c

server.conf

files renamed:
clients.conf => mandos-clients.conf

files modified:
Makefile

TODO

server.py

Show diffs side-by-side

added added

removed removed

plugins.d/mandosclient.c

/* -*- coding: utf-8 -*- */

* Mandos client - get and decrypt data from a Mandos server

* This program is partly derived from an example program for an Avahi

* service browser, downloaded from

* <http://avahi.org/browser/examples/core-browse-services.c>. This

* includes the following functions: "resolve_callback",

* "browse_callback", and parts of "main".

* Everything else is

* This program is free software: you can redistribute it and/or

* modify it under the terms of the GNU General Public License as

* published by the Free Software Foundation, either version 3 of the

* License, or (at your option) any later version.

* This program is distributed in the hope that it will be useful, but

* WITHOUT ANY WARRANTY; without even the implied warranty of

* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU

* General Public License for more details.

* You should have received a copy of the GNU General Public License

* along with this program. If not, see

* <http://www.gnu.org/licenses/>.

* Contact the authors at <https://www.fukt.bsnet.se/~belorn/> and

* <https://www.fukt.bsnet.se/~teddy/>.

/* Needed by GPGME, specifically gpgme_data_seek() */

#define _LARGEFILE_SOURCE

#define _FILE_OFFSET_BITS 64

#include <stdio.h>

#include <assert.h>

#include <stdlib.h>

#include <time.h>

#include <net/if.h> /* if_nametoindex */

#include <avahi-core/core.h>

#include <avahi-core/lookup.h>

#include <avahi-core/log.h>

#include <avahi-common/simple-watch.h>

#include <avahi-common/malloc.h>

#include <avahi-common/error.h>

//mandos client part

#include <sys/types.h> /* socket(), inet_pton() */

#include <sys/socket.h> /* socket(), struct sockaddr_in6,

struct in6_addr, inet_pton() */

#include <gnutls/gnutls.h> /* All GnuTLS stuff */

#include <gnutls/openpgp.h> /* GnuTLS with openpgp stuff */

#include <unistd.h> /* close() */

#include <netinet/in.h>

#include <stdbool.h> /* true */

#include <string.h> /* memset */

#include <arpa/inet.h> /* inet_pton() */

#include <iso646.h> /* not */

// gpgme

#include <errno.h> /* perror() */

#include <gpgme.h>

// getopt long

#include <getopt.h>

#define BUFFER_SIZE 256

#define DH_BITS 1024

const char *certdir = "/conf/conf.d/cryptkeyreq/";

const char *certfile = "openpgp-client.txt";

const char *certkey = "openpgp-client-key.txt";

bool debug = false;

typedef struct {

gnutls_session_t session;

gnutls_certificate_credentials_t cred;

gnutls_dh_params_t dh_params;

} encrypted_session;

ssize_t pgp_packet_decrypt (char *packet, size_t packet_size,

char **new_packet, const char *homedir){

gpgme_data_t dh_crypto, dh_plain;

gpgme_ctx_t ctx;

gpgme_error_t rc;

ssize_t ret;

ssize_t new_packet_capacity = 0;

ssize_t new_packet_length = 0;

gpgme_engine_info_t engine_info;

if (debug){

fprintf(stderr, "Trying to decrypt OpenPGP packet\n");

}

100

/* Init GPGME */

101

gpgme_check_version(NULL);

102

rc = gpgme_engine_check_version(GPGME_PROTOCOL_OpenPGP);

103

if (rc != GPG_ERR_NO_ERROR){

104

fprintf(stderr, "bad gpgme_engine_check_version: %s: %s\n",

105

gpgme_strsource(rc), gpgme_strerror(rc));

106

return -1;

107

}

108

109

/* Set GPGME home directory */

110

rc = gpgme_get_engine_info (&engine_info);

111

if (rc != GPG_ERR_NO_ERROR){

112

fprintf(stderr, "bad gpgme_get_engine_info: %s: %s\n",

113

gpgme_strsource(rc), gpgme_strerror(rc));

114

return -1;

115

}

116

while(engine_info != NULL){

117

if(engine_info->protocol == GPGME_PROTOCOL_OpenPGP){

118

gpgme_set_engine_info(GPGME_PROTOCOL_OpenPGP,

119

engine_info->file_name, homedir);

120

break;

121

}

122

engine_info = engine_info->next;

123

}

124

if(engine_info == NULL){

125

fprintf(stderr, "Could not set home dir to %s\n", homedir);

126

return -1;

127

}

128

129

/* Create new GPGME data buffer from packet buffer */

130

rc = gpgme_data_new_from_mem(&dh_crypto, packet, packet_size, 0);

131

if (rc != GPG_ERR_NO_ERROR){

132

fprintf(stderr, "bad gpgme_data_new_from_mem: %s: %s\n",

133

gpgme_strsource(rc), gpgme_strerror(rc));

134

return -1;

135

}

136

137

/* Create new empty GPGME data buffer for the plaintext */

138

rc = gpgme_data_new(&dh_plain);

139

if (rc != GPG_ERR_NO_ERROR){

140

fprintf(stderr, "bad gpgme_data_new: %s: %s\n",

141

gpgme_strsource(rc), gpgme_strerror(rc));

142

return -1;

143

}

144

145

/* Create new GPGME "context" */

146

rc = gpgme_new(&ctx);

147

if (rc != GPG_ERR_NO_ERROR){

148

fprintf(stderr, "bad gpgme_new: %s: %s\n",

149

gpgme_strsource(rc), gpgme_strerror(rc));

150

return -1;

151

}

152

153

/* Decrypt data from the FILE pointer to the plaintext data

154

buffer */

155

rc = gpgme_op_decrypt(ctx, dh_crypto, dh_plain);

156

if (rc != GPG_ERR_NO_ERROR){

157

fprintf(stderr, "bad gpgme_op_decrypt: %s: %s\n",

158

gpgme_strsource(rc), gpgme_strerror(rc));

159

return -1;

160

}

161

162

if(debug){

163

fprintf(stderr, "Decryption of OpenPGP packet succeeded\n");

164

}

165

166

if (debug){

167

gpgme_decrypt_result_t result;

168

result = gpgme_op_decrypt_result(ctx);

169

if (result == NULL){

170

fprintf(stderr, "gpgme_op_decrypt_result failed\n");

171

} else {

172

fprintf(stderr, "Unsupported algorithm: %s\n",

173

result->unsupported_algorithm);

174

fprintf(stderr, "Wrong key usage: %d\n",

175

result->wrong_key_usage);

176

if(result->file_name != NULL){

177

fprintf(stderr, "File name: %s\n", result->file_name);

178

}

179

gpgme_recipient_t recipient;

180

recipient = result->recipients;

181

if(recipient){

182

while(recipient != NULL){

183

fprintf(stderr, "Public key algorithm: %s\n",

184

gpgme_pubkey_algo_name(recipient->pubkey_algo));

185

fprintf(stderr, "Key ID: %s\n", recipient->keyid);

186

fprintf(stderr, "Secret key available: %s\n",

187

recipient->status == GPG_ERR_NO_SECKEY

188

? "No" : "Yes");

189

recipient = recipient->next;

190

}

191

}

192

}

193

}

194

195

/* Delete the GPGME FILE pointer cryptotext data buffer */

196

gpgme_data_release(dh_crypto);

197

198

/* Seek back to the beginning of the GPGME plaintext data buffer */

199

if (gpgme_data_seek(dh_plain, (off_t) 0, SEEK_SET) == -1){

200

perror("pgpme_data_seek");

201

}

202

203

*new_packet = 0;

204

while(true){

205

if (new_packet_length + BUFFER_SIZE > new_packet_capacity){

206

*new_packet = realloc(*new_packet,

207

(unsigned int)new_packet_capacity

208

+ BUFFER_SIZE);

209

if (*new_packet == NULL){

210

perror("realloc");

211

return -1;

212

}

213

new_packet_capacity += BUFFER_SIZE;

214

}

215

216

ret = gpgme_data_read(dh_plain, *new_packet + new_packet_length,

217

BUFFER_SIZE);

218

/* Print the data, if any */

219

if (ret == 0){

220

break;

221

}

222

if(ret < 0){

223

perror("gpgme_data_read");

224

return -1;

225

}

226

new_packet_length += ret;

227

}

228

229

/* FIXME: check characters before printing to screen so to not print

230

terminal control characters */

231

/* if(debug){ */

232

/* fprintf(stderr, "decrypted password is: "); */

233

/* fwrite(*new_packet, 1, new_packet_length, stderr); */

234

/* fprintf(stderr, "\n"); */

235

/* } */

236

237

/* Delete the GPGME plaintext data buffer */

238

gpgme_data_release(dh_plain);

239

return new_packet_length;

240

}

241

242

static const char * safer_gnutls_strerror (int value) {

243

const char *ret = gnutls_strerror (value);

244

if (ret == NULL)

245

ret = "(unknown)";

246

return ret;

247

}

248

249

void debuggnutls(__attribute__((unused)) int level,

250

const char* string){

251

fprintf(stderr, "%s", string);

252

}

253

254

int initgnutls(encrypted_session *es){

255

const char *err;

256

int ret;

257

258

if(debug){

259

fprintf(stderr, "Initializing GnuTLS\n");

260

}

261

262

if ((ret = gnutls_global_init ())

263

!= GNUTLS_E_SUCCESS) {

264

fprintf (stderr, "global_init: %s\n", safer_gnutls_strerror(ret));

265

return -1;

266

}

267

268

if (debug){

269

gnutls_global_set_log_level(11);

270

gnutls_global_set_log_function(debuggnutls);

271

}

272

273

/* openpgp credentials */

274

if ((ret = gnutls_certificate_allocate_credentials (&es->cred))

275

!= GNUTLS_E_SUCCESS) {

276

fprintf (stderr, "memory error: %s\n",

277

safer_gnutls_strerror(ret));

278

return -1;

279

}

280

281

if(debug){

282

fprintf(stderr, "Attempting to use OpenPGP certificate %s"

283

" and keyfile %s as GnuTLS credentials\n", certfile,

284

certkey);

285

}

286

287

ret = gnutls_certificate_set_openpgp_key_file

288

(es->cred, certfile, certkey, GNUTLS_OPENPGP_FMT_BASE64);

289

if (ret != GNUTLS_E_SUCCESS) {

290

fprintf

291

(stderr, "Error[%d] while reading the OpenPGP key pair ('%s',"

292

" '%s')\n",

293

ret, certfile, certkey);

294

fprintf(stdout, "The Error is: %s\n",

295

safer_gnutls_strerror(ret));

296

return -1;

297

}

298

299

//GnuTLS server initialization

300

if ((ret = gnutls_dh_params_init (&es->dh_params))

301

!= GNUTLS_E_SUCCESS) {

302

fprintf (stderr, "Error in dh parameter initialization: %s\n",

303

safer_gnutls_strerror(ret));

304

return -1;

305

}

306

307

if ((ret = gnutls_dh_params_generate2 (es->dh_params, DH_BITS))

308

!= GNUTLS_E_SUCCESS) {

309

fprintf (stderr, "Error in prime generation: %s\n",

310

safer_gnutls_strerror(ret));

311

return -1;

312

}

313

314

gnutls_certificate_set_dh_params (es->cred, es->dh_params);

315

316

// GnuTLS session creation

317

if ((ret = gnutls_init (&es->session, GNUTLS_SERVER))

318

!= GNUTLS_E_SUCCESS){

319

fprintf(stderr, "Error in GnuTLS session initialization: %s\n",

320

safer_gnutls_strerror(ret));

321

}

322

323

if ((ret = gnutls_priority_set_direct (es->session, "NORMAL", &err))

324

!= GNUTLS_E_SUCCESS) {

325

fprintf(stderr, "Syntax error at: %s\n", err);

326

fprintf(stderr, "GnuTLS error: %s\n",

327

safer_gnutls_strerror(ret));

328

return -1;

329

}

330

331

if ((ret = gnutls_credentials_set

332

(es->session, GNUTLS_CRD_CERTIFICATE, es->cred))

333

!= GNUTLS_E_SUCCESS) {

334

fprintf(stderr, "Error setting a credentials set: %s\n",

335

safer_gnutls_strerror(ret));

336

return -1;

337

}

338

339

/* ignore client certificate if any. */

340

gnutls_certificate_server_set_request (es->session,

341

GNUTLS_CERT_IGNORE);

342

343

gnutls_dh_set_prime_bits (es->session, DH_BITS);

344

345

return 0;

346

}

347

348

void empty_log(__attribute__((unused)) AvahiLogLevel level,

349

__attribute__((unused)) const char *txt){}

350

351

int start_mandos_communication(const char *ip, uint16_t port,

352

AvahiIfIndex if_index){

353

int ret, tcp_sd;

354

struct sockaddr_in6 to;

355

encrypted_session es;

356

char *buffer = NULL;

357

char *decrypted_buffer;

358

size_t buffer_length = 0;

359

size_t buffer_capacity = 0;

360

ssize_t decrypted_buffer_size;

361

size_t written = 0;

362

int retval = 0;

363

char interface[IF_NAMESIZE];

364

365

if(debug){

366

fprintf(stderr, "Setting up a tcp connection to %s, port %d\n",

367

ip, port);

368

}

369

370

tcp_sd = socket(PF_INET6, SOCK_STREAM, 0);

371

if(tcp_sd < 0) {

372

perror("socket");

373

return -1;

374

}

375

376

if(if_indextoname((unsigned int)if_index, interface) == NULL){

377

if(debug){

378

perror("if_indextoname");

379

}

380

return -1;

381

}

382

383

if(debug){

384

fprintf(stderr, "Binding to interface %s\n", interface);

385

}

386

387

memset(&to,0,sizeof(to)); /* Spurious warning */

388

to.sin6_family = AF_INET6;

389

ret = inet_pton(AF_INET6, ip, &to.sin6_addr);

390

if (ret < 0 ){

391

perror("inet_pton");

392

return -1;

393

}

394

if(ret == 0){

395

fprintf(stderr, "Bad address: %s\n", ip);

396

return -1;

397

}

398

to.sin6_port = htons(port); /* Spurious warning */

399

400

to.sin6_scope_id = (uint32_t)if_index;

401

402

if(debug){

403

fprintf(stderr, "Connection to: %s, port %d\n", ip, port);

404

/* char addrstr[INET6_ADDRSTRLEN]; */

405

/* if(inet_ntop(to.sin6_family, &(to.sin6_addr), addrstr, */

406

/* sizeof(addrstr)) == NULL){ */

407

/* perror("inet_ntop"); */

408

/* } else { */

409

/* fprintf(stderr, "Really connecting to: %s, port %d\n", */

410

/* addrstr, ntohs(to.sin6_port)); */

411

/* } */

412

}

413

414

ret = connect(tcp_sd, (struct sockaddr *) &to, sizeof(to));

415

if (ret < 0){

416

perror("connect");

417

return -1;

418

}

419

420

ret = initgnutls (&es);

421

if (ret != 0){

422

retval = -1;

423

return -1;

424

}

425

426

gnutls_transport_set_ptr (es.session,

427

(gnutls_transport_ptr_t) tcp_sd);

428

429

if(debug){

430

fprintf(stderr, "Establishing TLS session with %s\n", ip);

431

}

432

433

ret = gnutls_handshake (es.session);

434

435

if (ret != GNUTLS_E_SUCCESS){

436

if(debug){

437

fprintf(stderr, "\n*** Handshake failed ***\n");

438

gnutls_perror (ret);

439

}

440

retval = -1;

441

goto exit;

442

}

443

444

//Retrieve OpenPGP packet that contains the wanted password

445

446

if(debug){

447

fprintf(stderr, "Retrieving pgp encrypted password from %s\n",

448

ip);

449

}

450

451

while(true){

452

if (buffer_length + BUFFER_SIZE > buffer_capacity){

453

buffer = realloc(buffer, buffer_capacity + BUFFER_SIZE);

454

if (buffer == NULL){

455

perror("realloc");

456

goto exit;

457

}

458

buffer_capacity += BUFFER_SIZE;

459

}

460

461

ret = gnutls_record_recv

462

(es.session, buffer+buffer_length, BUFFER_SIZE);

463

if (ret == 0){

464

break;

465

}

466

if (ret < 0){

467

switch(ret){

468

case GNUTLS_E_INTERRUPTED:

469

case GNUTLS_E_AGAIN:

470

break;

471

case GNUTLS_E_REHANDSHAKE:

472

ret = gnutls_handshake (es.session);

473

if (ret < 0){

474

fprintf(stderr, "\n*** Handshake failed ***\n");

475

gnutls_perror (ret);

476

retval = -1;

477

goto exit;

478

}

479

break;

480

default:

481

fprintf(stderr, "Unknown error while reading data from"

482

" encrypted session with mandos server\n");

483

retval = -1;

484

gnutls_bye (es.session, GNUTLS_SHUT_RDWR);

485

goto exit;

486

}

487

} else {

488

buffer_length += (size_t) ret;

489

}

490

}

491

492

if (buffer_length > 0){

493

decrypted_buffer_size = pgp_packet_decrypt(buffer,

494

buffer_length,

495

&decrypted_buffer,

496

certdir);

497

if (decrypted_buffer_size >= 0){

498

while(written < (size_t) decrypted_buffer_size){

499

ret = (int)fwrite (decrypted_buffer + written, 1,

500

(size_t)decrypted_buffer_size - written,

501

stdout);

502

if(ret == 0 and ferror(stdout)){

503

if(debug){

504

fprintf(stderr, "Error writing encrypted data: %s\n",

505

strerror(errno));

506

}

507

retval = -1;

508

break;

509

}

510

written += (size_t)ret;

511

}

512

free(decrypted_buffer);

513

} else {

514

retval = -1;

515

}

516

}

517

518

//shutdown procedure

519

520

if(debug){

521

fprintf(stderr, "Closing TLS session\n");

522

}

523

524

free(buffer);

525

gnutls_bye (es.session, GNUTLS_SHUT_RDWR);

526

exit:

527

close(tcp_sd);

528

gnutls_deinit (es.session);

529

gnutls_certificate_free_credentials (es.cred);

530

gnutls_global_deinit ();

531

return retval;

532

}

533

534

static AvahiSimplePoll *simple_poll = NULL;

535

static AvahiServer *server = NULL;

536

537

static void resolve_callback(

538

AvahiSServiceResolver *r,

539

AvahiIfIndex interface,

540

AVAHI_GCC_UNUSED AvahiProtocol protocol,

541

AvahiResolverEvent event,

542

const char *name,

543

const char *type,

544

const char *domain,

545

const char *host_name,

546

const AvahiAddress *address,

547

uint16_t port,

548

AVAHI_GCC_UNUSED AvahiStringList *txt,

549

AVAHI_GCC_UNUSED AvahiLookupResultFlags flags,

550

AVAHI_GCC_UNUSED void* userdata) {

551

552

assert(r); /* Spurious warning */

553

554

/* Called whenever a service has been resolved successfully or

555

timed out */

556

557

switch (event) {

558

default:

559

case AVAHI_RESOLVER_FAILURE:

560

fprintf(stderr, "(Resolver) Failed to resolve service '%s' of"

561

" type '%s' in domain '%s': %s\n", name, type, domain,

562

avahi_strerror(avahi_server_errno(server)));

563

break;

564

565

case AVAHI_RESOLVER_FOUND:

566

{

567

char ip[AVAHI_ADDRESS_STR_MAX];

568

avahi_address_snprint(ip, sizeof(ip), address);

569

if(debug){

570

fprintf(stderr, "Mandos server \"%s\" found on %s (%s) on"

571

" port %d\n", name, host_name, ip, port);

572

}

573

int ret = start_mandos_communication(ip, port, interface);

574

if (ret == 0){

575

exit(EXIT_SUCCESS);

576

}

577

}

578

}

579

avahi_s_service_resolver_free(r);

580

}

581

582

static void browse_callback(

583

AvahiSServiceBrowser *b,

584

AvahiIfIndex interface,

585

AvahiProtocol protocol,

586

AvahiBrowserEvent event,

587

const char *name,

588

const char *type,

589

const char *domain,

590

AVAHI_GCC_UNUSED AvahiLookupResultFlags flags,

591

void* userdata) {

592

593

AvahiServer *s = userdata;

594

assert(b); /* Spurious warning */

595

596

/* Called whenever a new services becomes available on the LAN or

597

is removed from the LAN */

598

599

switch (event) {

600

default:

601

case AVAHI_BROWSER_FAILURE:

602

603

fprintf(stderr, "(Browser) %s\n",

604

avahi_strerror(avahi_server_errno(server)));

605

avahi_simple_poll_quit(simple_poll);

606

return;

607

608

case AVAHI_BROWSER_NEW:

609

/* We ignore the returned resolver object. In the callback

610

function we free it. If the server is terminated before

611

the callback function is called the server will free

612

the resolver for us. */

613

614

if (!(avahi_s_service_resolver_new(s, interface, protocol, name,

615

type, domain,

616

AVAHI_PROTO_INET6, 0,

617

resolve_callback, s)))

618

fprintf(stderr, "Failed to resolve service '%s': %s\n", name,

619

avahi_strerror(avahi_server_errno(s)));

620

break;

621

622

case AVAHI_BROWSER_REMOVE:

623

break;

624

625

case AVAHI_BROWSER_ALL_FOR_NOW:

626

case AVAHI_BROWSER_CACHE_EXHAUSTED:

627

break;

628

}

629

}

630

631

/* combinds file name and path and returns the malloced new string. som sane checks could/should be added */

632

const char *combinepath(const char *first, const char *second){

633

char *tmp;

634

tmp = malloc(strlen(first) + strlen(second) + 2);

635

if (tmp == NULL){

636

perror("malloc");

637

return NULL;

638

}

639

strcpy(tmp, first);

640

if (first[0] != '\0' and first[strlen(first) - 1] != '/'){

641

strcat(tmp, "/");

642

}

643

strcat(tmp, second);

644

return tmp;

645

}

646

647

648

int main(AVAHI_GCC_UNUSED int argc, AVAHI_GCC_UNUSED char*argv[]) {

649

AvahiServerConfig config;

650

AvahiSServiceBrowser *sb = NULL;

651

int error;

652

int ret;

653

int returncode = EXIT_SUCCESS;

654

const char *interface = NULL;

655

AvahiIfIndex if_index = AVAHI_IF_UNSPEC;

656

char *connect_to = NULL;

657

658

while (true){

659

static struct option long_options[] = {

660

{"debug", no_argument, (int *)&debug, 1},

661

{"connect", required_argument, 0, 'C'},

662

{"interface", required_argument, 0, 'i'},

663

{"certdir", required_argument, 0, 'd'},

664

{"certkey", required_argument, 0, 'c'},

665

{"certfile", required_argument, 0, 'k'},

666

{0, 0, 0, 0} };

667

668

int option_index = 0;

669

ret = getopt_long (argc, argv, "i:", long_options,

670

&option_index);

671

672

if (ret == -1){

673

break;

674

}

675

676

switch(ret){

677

case 0:

678

break;

679

case 'i':

680

interface = optarg;

681

break;

682

case 'C':

683

connect_to = optarg;

684

break;

685

case 'd':

686

certdir = optarg;

687

break;

688

case 'c':

689

certfile = optarg;

690

break;

691

case 'k':

692

certkey = optarg;

693

break;

694

default:

695

exit(EXIT_FAILURE);

696

}

697

}

698

699

certfile = combinepath(certdir, certfile);

700

if (certfile == NULL){

701

goto exit;

702

}

703

704

if(interface != NULL){

705

if_index = (AvahiIfIndex) if_nametoindex(interface);

706

if(if_index == 0){

707

fprintf(stderr, "No such interface: \"%s\"\n", interface);

708

exit(EXIT_FAILURE);

709

}

710

}

711

712

if(connect_to != NULL){

713

/* Connect directly, do not use Zeroconf */

714

/* (Mainly meant for debugging) */

715

char *address = strrchr(connect_to, ':');

716

if(address == NULL){

717

fprintf(stderr, "No colon in address\n");

718

exit(EXIT_FAILURE);

719

}

720

errno = 0;

721

uint16_t port = (uint16_t) strtol(address+1, NULL, 10);

722

if(errno){

723

perror("Bad port number");

724

exit(EXIT_FAILURE);

725

}

726

*address = '\0';

727

address = connect_to;

728

ret = start_mandos_communication(address, port, if_index);

729

if(ret < 0){

730

exit(EXIT_FAILURE);

731

} else {

732

exit(EXIT_SUCCESS);

733

}

734

}

735

736

certkey = combinepath(certdir, certkey);

737

if (certkey == NULL){

738

goto exit;

739

}

740

741

if (not debug){

742

avahi_set_log_function(empty_log);

743

}

744

745

/* Initialize the psuedo-RNG */

746

srand((unsigned int) time(NULL));

747

748

/* Allocate main loop object */

749

if (!(simple_poll = avahi_simple_poll_new())) {

750

fprintf(stderr, "Failed to create simple poll object.\n");

751

752

goto exit;

753

}

754

755

/* Do not publish any local records */

756

avahi_server_config_init(&config);

757

config.publish_hinfo = 0;

758

config.publish_addresses = 0;

759

config.publish_workstation = 0;

760

config.publish_domain = 0;

761

762

/* Allocate a new server */

763

server = avahi_server_new(avahi_simple_poll_get(simple_poll),

764

&config, NULL, NULL, &error);

765

766

/* Free the configuration data */

767

avahi_server_config_free(&config);

768

769

/* Check if creating the server object succeeded */

770

if (!server) {

771

fprintf(stderr, "Failed to create server: %s\n",

772

avahi_strerror(error));

773

returncode = EXIT_FAILURE;

774

goto exit;

775

}

776

777

/* Create the service browser */

778

sb = avahi_s_service_browser_new(server, if_index,

779

AVAHI_PROTO_INET6,

780

"_mandos._tcp", NULL, 0,

781

browse_callback, server);

782

if (!sb) {

783

fprintf(stderr, "Failed to create service browser: %s\n",

784

avahi_strerror(avahi_server_errno(server)));

785

returncode = EXIT_FAILURE;

786

goto exit;

787

}

788

789

/* Run the main loop */

790

791

if (debug){

792

fprintf(stderr, "Starting avahi loop search\n");

793

}

794

795

avahi_simple_poll_loop(simple_poll);

796

797

exit:

798

799

if (debug){

800

fprintf(stderr, "%s exiting\n", argv[0]);

801

}

802

803

/* Cleanup things */

804

if (sb)

805

avahi_s_service_browser_free(sb);

806

807

if (server)

808

avahi_server_free(server);

809

810

if (simple_poll)

811

avahi_simple_poll_free(simple_poll);

812

free(certfile);

813

free(certkey);

814

815

return returncode;

816

}

Older »