/mandos/release : revision 63

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to plugins.d/password-request.c

Committer: Teddy Hogeborn
Date: 2008-08-10 20:35:01 UTC
mfrom: (24.1.42 mandos)
Revision ID: teddy@fukt.bsnet.se-20080810203501-euh3qcf1nopilksm

Merge.

files added:
mandos-client.xml

mandos-clients.conf.xml

mandos.conf

mandos.conf.xml

mandos.xml

network-protocol.txt

plugins.d/password-prompt.xml

plugins.d/password-request.xml

files removed:
ca.pem

cert.pem

client-cert.pem

client-key.pem

crl.pem

key.pem

files renamed:
mandos-clients.conf => clients.conf

server.py => mandos

plugbasedclient.c => mandos-client.c

plugins.d/passprompt.c => plugins.d/password-prompt.c

plugins.d/mandosclient.c => plugins.d/password-request.c

files modified:
Makefile

TODO

Show diffs side-by-side

added added

removed removed

plugins.d/password-request.c

/***

This file is part of avahi.

avahi is free software; you can redistribute it and/or modify it

under the terms of the GNU Lesser General Public License as

published by the Free Software Foundation; either version 2.1 of the

License, or (at your option) any later version.

avahi is distributed in the hope that it will be useful, but WITHOUT

ANY WARRANTY; without even the implied warranty of MERCHANTABILITY

or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General

Public License for more details.

You should have received a copy of the GNU Lesser General Public

License along with avahi; if not, write to the Free Software

Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307

USA.

***/

/* -*- coding: utf-8 -*- */

* Mandos client - get and decrypt data from a Mandos server

* This program is partly derived from an example program for an Avahi

* service browser, downloaded from

* <http://avahi.org/browser/examples/core-browse-services.c>. This

* includes the following functions: "resolve_callback",

* "browse_callback", and parts of "main".

* Everything else is

* This program is free software: you can redistribute it and/or

* modify it under the terms of the GNU General Public License as

* published by the Free Software Foundation, either version 3 of the

* License, or (at your option) any later version.

* This program is distributed in the hope that it will be useful, but

* WITHOUT ANY WARRANTY; without even the implied warranty of

* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU

* General Public License for more details.

* You should have received a copy of the GNU General Public License

* along with this program. If not, see

* <http://www.gnu.org/licenses/>.

* Contact the authors at <mandos@fukt.bsnet.se>.

/* Needed by GPGME, specifically gpgme_data_seek() */

#define _LARGEFILE_SOURCE

#define _FILE_OFFSET_BITS 64

#include <stdio.h>

#include <assert.h>

#include <stdlib.h>

#include <time.h>

#include <net/if.h> /* if_nametoindex */

#define _GNU_SOURCE /* TEMP_FAILURE_RETRY() */

#include <stdio.h> /* fprintf(), stderr, fwrite(), stdout,

ferror() */

#include <stdint.h> /* uint16_t, uint32_t */

#include <stddef.h> /* NULL, size_t, ssize_t */

#include <stdlib.h> /* free(), EXIT_SUCCESS, EXIT_FAILURE,

srand() */

#include <stdbool.h> /* bool, true */

#include <string.h> /* memset(), strcmp(), strlen(),

strerror(), memcpy(), strcpy() */

#include <sys/ioctl.h> /* ioctl */

#include <net/if.h> /* ifreq, SIOCGIFFLAGS, SIOCSIFFLAGS,

IFF_UP */

#include <sys/types.h> /* socket(), inet_pton(), sockaddr,

sockaddr_in6, PF_INET6,

SOCK_STREAM, INET6_ADDRSTRLEN,

uid_t, gid_t */

#include <inttypes.h> /* PRIu16 */

#include <sys/socket.h> /* socket(), struct sockaddr_in6,

struct in6_addr, inet_pton(),

connect() */

#include <assert.h> /* assert() */

#include <errno.h> /* perror(), errno */

#include <time.h> /* time() */

#include <net/if.h> /* ioctl, ifreq, SIOCGIFFLAGS, IFF_UP,

SIOCSIFFLAGS, if_indextoname(),

if_nametoindex(), IF_NAMESIZE */

#include <unistd.h> /* close(), SEEK_SET, off_t, write(),

getuid(), getgid(), setuid(),

setgid() */

#include <netinet/in.h>

#include <arpa/inet.h> /* inet_pton(), htons */

#include <iso646.h> /* not, and */

#include <argp.h> /* struct argp_option, error_t, struct

argp_state, struct argp,

argp_parse(), ARGP_KEY_ARG,

ARGP_KEY_END, ARGP_ERR_UNKNOWN */

/* Avahi */

/* All Avahi types, constants and functions

Avahi*, avahi_*,

AVAHI_* */

#include <avahi-core/core.h>

#include <avahi-core/lookup.h>

#include <avahi-core/log.h>

#include <avahi-common/malloc.h>

#include <avahi-common/error.h>

//mandos client part

#include <sys/types.h> /* socket(), setsockopt(), inet_pton() */

#include <sys/socket.h> /* socket(), setsockopt(), struct sockaddr_in6, struct in6_addr, inet_pton() */

#include <gnutls/gnutls.h> /* ALL GNUTLS STUFF */

#include <gnutls/openpgp.h> /* gnutls with openpgp stuff */

#include <unistd.h> /* close() */

#include <netinet/in.h>

#include <stdbool.h> /* true */

#include <string.h> /* memset */

#include <arpa/inet.h> /* inet_pton() */

#include <iso646.h> /* not */

// gpgme

#include <errno.h> /* perror() */

#include <gpgme.h>

#ifndef CERT_ROOT

#define CERT_ROOT "/conf/conf.d/cryptkeyreq/"

#endif

#define CERTFILE CERT_ROOT "openpgp-client.txt"

#define KEYFILE CERT_ROOT "openpgp-client-key.txt"

/* GnuTLS */

#include <gnutls/gnutls.h> /* All GnuTLS types, constants and functions

gnutls_*

init_gnutls_session(),

GNUTLS_* */

#include <gnutls/openpgp.h> /* gnutls_certificate_set_openpgp_key_file(),

GNUTLS_OPENPGP_FMT_BASE64 */

/* GPGME */

#include <gpgme.h> /* All GPGME types, constants and functions

gpgme_*

GPGME_PROTOCOL_OpenPGP,

GPG_ERR_NO_* */

#define BUFFER_SIZE 256

#define DH_BITS 1024

100

101

bool debug = false;

102

static const char *keydir = "/conf/conf.d/mandos";

103

static const char mandos_protocol_version[] = "1";

104

const char *argp_program_version = "password-request 1.0";

105

const char *argp_program_bug_address = "<mandos@fukt.bsnet.se>";

106

107

/* Used for passing in values through the Avahi callback functions */

108

typedef struct {

gnutls_session_t session;

109

AvahiSimplePoll *simple_poll;

110

AvahiServer *server;

111

gnutls_certificate_credentials_t cred;

112

unsigned int dh_bits;

113

gnutls_dh_params_t dh_params;

} encrypted_session;

ssize_t gpg_packet_decrypt (char *packet, size_t packet_size, char **new_packet, char *homedir){

114

const char *priority;

115

} mandos_context;

116

117

118

* Make room in "buffer" for at least BUFFER_SIZE additional bytes.

119

* "buffer_capacity" is how much is currently allocated,

120

* "buffer_length" is how much is already used.

121

122

size_t adjustbuffer(char **buffer, size_t buffer_length,

123

size_t buffer_capacity){

124

if (buffer_length + BUFFER_SIZE > buffer_capacity){

125

*buffer = realloc(*buffer, buffer_capacity + BUFFER_SIZE);

126

if (buffer == NULL){

127

return 0;

128

}

129

buffer_capacity += BUFFER_SIZE;

130

}

131

return buffer_capacity;

132

}

133

134

135

* Decrypt OpenPGP data using keyrings in HOMEDIR.

136

* Returns -1 on error

137

138

static ssize_t pgp_packet_decrypt (const char *cryptotext,

139

size_t crypto_size,

140

char **plaintext,

141

const char *homedir){

142

gpgme_data_t dh_crypto, dh_plain;

143

gpgme_ctx_t ctx;

144

gpgme_error_t rc;

145

ssize_t ret;

size_t new_packet_capacity = 0;

size_t new_packet_length = 0;

146

size_t plaintext_capacity = 0;

147

ssize_t plaintext_length = 0;

148

gpgme_engine_info_t engine_info;

149

150

if (debug){

fprintf(stderr, "Attempting to decrypt password from gpg packet\n");

151

fprintf(stderr, "Trying to decrypt OpenPGP data\n");

152

}

153

154

/* Init GPGME */

155

gpgme_check_version(NULL);

gpgme_engine_check_version(GPGME_PROTOCOL_OpenPGP);

156

rc = gpgme_engine_check_version(GPGME_PROTOCOL_OpenPGP);

157

if (rc != GPG_ERR_NO_ERROR){

158

fprintf(stderr, "bad gpgme_engine_check_version: %s: %s\n",

159

gpgme_strsource(rc), gpgme_strerror(rc));

160

return -1;

161

}

162

/* Set GPGME home directory */

163

/* Set GPGME home directory for the OpenPGP engine only */

164

rc = gpgme_get_engine_info (&engine_info);

165

if (rc != GPG_ERR_NO_ERROR){

166

fprintf(stderr, "bad gpgme_get_engine_info: %s: %s\n",

101

176

engine_info = engine_info->next;

102

177

}

103

178

if(engine_info == NULL){

104

fprintf(stderr, "Could not set home dir to %s\n", homedir);

179

fprintf(stderr, "Could not set GPGME home dir to %s\n", homedir);

105

180

return -1;

106

181

}

107

182

108

/* Create new GPGME data buffer from packet buffer */

109

rc = gpgme_data_new_from_mem(&dh_crypto, packet, packet_size, 0);

183

/* Create new GPGME data buffer from memory cryptotext */

184

rc = gpgme_data_new_from_mem(&dh_crypto, cryptotext, crypto_size,

185

0);

110

186

if (rc != GPG_ERR_NO_ERROR){

111

187

fprintf(stderr, "bad gpgme_data_new_from_mem: %s: %s\n",

112

188

gpgme_strsource(rc), gpgme_strerror(rc));

118

194

if (rc != GPG_ERR_NO_ERROR){

119

195

fprintf(stderr, "bad gpgme_data_new: %s: %s\n",

120

196

gpgme_strsource(rc), gpgme_strerror(rc));

197

gpgme_data_release(dh_crypto);

121

198

return -1;

122

199

}

123

200

126

203

if (rc != GPG_ERR_NO_ERROR){

127

204

fprintf(stderr, "bad gpgme_new: %s: %s\n",

128

205

gpgme_strsource(rc), gpgme_strerror(rc));

129

return -1;

206

plaintext_length = -1;

207

goto decrypt_end;

130

208

}

131

209

132

/* Decrypt data from the FILE pointer to the plaintext data buffer */

210

/* Decrypt data from the cryptotext data buffer to the plaintext

211

data buffer */

133

212

rc = gpgme_op_decrypt(ctx, dh_crypto, dh_plain);

134

213

if (rc != GPG_ERR_NO_ERROR){

135

214

fprintf(stderr, "bad gpgme_op_decrypt: %s: %s\n",

136

215

gpgme_strsource(rc), gpgme_strerror(rc));

137

return -1;

216

plaintext_length = -1;

217

goto decrypt_end;

138

218

}

139

219

140

220

if(debug){

141

fprintf(stderr, "decryption of gpg packet succeeded\n");

221

fprintf(stderr, "Decryption of OpenPGP data succeeded\n");

142

222

}

143

223

144

224

if (debug){

145

225

gpgme_decrypt_result_t result;

146

226

result = gpgme_op_decrypt_result(ctx);

147

227

if (result == NULL){

148

228

fprintf(stderr, "gpgme_op_decrypt_result failed\n");

149

229

} else {

150

fprintf(stderr, "Unsupported algorithm: %s\n", result->unsupported_algorithm);

151

fprintf(stderr, "Wrong key usage: %d\n", result->wrong_key_usage);

230

fprintf(stderr, "Unsupported algorithm: %s\n",

231

result->unsupported_algorithm);

232

fprintf(stderr, "Wrong key usage: %u\n",

233

result->wrong_key_usage);

152

234

if(result->file_name != NULL){

153

235

fprintf(stderr, "File name: %s\n", result->file_name);

154

236

}

160

242

gpgme_pubkey_algo_name(recipient->pubkey_algo));

161

243

fprintf(stderr, "Key ID: %s\n", recipient->keyid);

162

244

fprintf(stderr, "Secret key available: %s\n",

163

recipient->status == GPG_ERR_NO_SECKEY ? "No" : "Yes");

245

recipient->status == GPG_ERR_NO_SECKEY

246

? "No" : "Yes");

164

247

recipient = recipient->next;

165

248

}

166

249

}

167

250

}

168

251

}

169

252

170

/* Delete the GPGME FILE pointer cryptotext data buffer */

171

gpgme_data_release(dh_crypto);

172

173

253

/* Seek back to the beginning of the GPGME plaintext data buffer */

174

gpgme_data_seek(dh_plain, 0, SEEK_SET);

175

176

*new_packet = 0;

254

if (gpgme_data_seek(dh_plain, (off_t) 0, SEEK_SET) == -1){

255

perror("pgpme_data_seek");

256

plaintext_length = -1;

257

goto decrypt_end;

258

}

259

260

*plaintext = NULL;

177

261

while(true){

178

if (new_packet_length + BUFFER_SIZE > new_packet_capacity){

179

*new_packet = realloc(*new_packet, new_packet_capacity + BUFFER_SIZE);

180

if (*new_packet == NULL){

181

perror("realloc");

182

return -1;

183

}

184

new_packet_capacity += BUFFER_SIZE;

262

plaintext_capacity = adjustbuffer(plaintext,

263

(size_t)plaintext_length,

264

plaintext_capacity);

265

if (plaintext_capacity == 0){

266

perror("adjustbuffer");

267

plaintext_length = -1;

268

goto decrypt_end;

185

269

}

186

270

187

ret = gpgme_data_read(dh_plain, *new_packet + new_packet_length, BUFFER_SIZE);

271

ret = gpgme_data_read(dh_plain, *plaintext + plaintext_length,

272

BUFFER_SIZE);

188

273

/* Print the data, if any */

189

274

if (ret == 0){

190

/* If password is empty, then a incorrect error will be printed */

275

/* EOF */

191

276

break;

192

277

}

193

278

if(ret < 0){

194

279

perror("gpgme_data_read");

195

return -1;

280

plaintext_length = -1;

281

goto decrypt_end;

196

282

}

197

new_packet_length += ret;

283

plaintext_length += ret;

198

284

}

199

285

200

286

if(debug){

201

fprintf(stderr, "decrypted password is: %s\n", *new_packet);

287

fprintf(stderr, "Decrypted password is: ");

288

for(ssize_t i = 0; i < plaintext_length; i++){

289

fprintf(stderr, "%02hhX ", (*plaintext)[i]);

290

}

291

fprintf(stderr, "\n");

202

292

}

203

204

/* Delete the GPGME plaintext data buffer */

293

294

decrypt_end:

295

296

/* Delete the GPGME cryptotext data buffer */

297

gpgme_data_release(dh_crypto);

298

299

/* Delete the GPGME plaintext data buffer */

205

300

gpgme_data_release(dh_plain);

206

return new_packet_length;

301

return plaintext_length;

207

302

}

208

303

209

304

static const char * safer_gnutls_strerror (int value) {

213

308

return ret;

214

309

}

215

310

216

void debuggnutls(int level, const char* string){

217

fprintf(stderr, "%s", string);

311

/* GnuTLS log function callback */

312

static void debuggnutls(__attribute__((unused)) int level,

313

const char* string){

314

fprintf(stderr, "GnuTLS: %s", string);

218

315

}

219

316

220

int initgnutls(encrypted_session *es){

221

const char *err;

317

static int init_gnutls_global(mandos_context *mc,

318

const char *pubkeyfile,

319

const char *seckeyfile){

222

320

int ret;

223

321

224

322

if(debug){

225

fprintf(stderr, "Initializing gnutls\n");

323

fprintf(stderr, "Initializing GnuTLS\n");

226

324

}

227

228

325

229

if ((ret = gnutls_global_init ())

230

!= GNUTLS_E_SUCCESS) {

231

fprintf (stderr, "global_init: %s\n", safer_gnutls_strerror(ret));

326

ret = gnutls_global_init();

327

if (ret != GNUTLS_E_SUCCESS) {

328

fprintf (stderr, "GnuTLS global_init: %s\n",

329

safer_gnutls_strerror(ret));

232

330

return -1;

233

331

}

234

332

235

333

if (debug){

334

/* "Use a log level over 10 to enable all debugging options."

335

* - GnuTLS manual

336

236

337

gnutls_global_set_log_level(11);

237

338

gnutls_global_set_log_function(debuggnutls);

238

339

}

239

340

240

241

/* openpgp credentials */

242

if ((ret = gnutls_certificate_allocate_credentials (&es->cred))

243

!= GNUTLS_E_SUCCESS) {

244

fprintf (stderr, "memory error: %s\n", safer_gnutls_strerror(ret));

341

/* OpenPGP credentials */

342

gnutls_certificate_allocate_credentials(&mc->cred);

343

if (ret != GNUTLS_E_SUCCESS){

344

fprintf (stderr, "GnuTLS memory error: %s\n",

345

safer_gnutls_strerror(ret));

346

gnutls_global_deinit ();

245

347

return -1;

246

348

}

247

349

248

350

if(debug){

249

fprintf(stderr, "Attempting to use openpgp certificate %s"

250

" and keyfile %s as gnutls credentials\n", CERTFILE, KEYFILE);

351

fprintf(stderr, "Attempting to use OpenPGP certificate %s"

352

" and keyfile %s as GnuTLS credentials\n", pubkeyfile,

353

seckeyfile);

251

354

}

252

355

253

356

ret = gnutls_certificate_set_openpgp_key_file

254

(es->cred, CERTFILE, KEYFILE, GNUTLS_OPENPGP_FMT_BASE64);

255

if (ret != GNUTLS_E_SUCCESS) {

256

fprintf

257

(stderr, "Error[%d] while reading the OpenPGP key pair ('%s', '%s')\n",

258

ret, CERTFILE, KEYFILE);

259

fprintf(stdout, "The Error is: %s\n",

260

safer_gnutls_strerror(ret));

261

return -1;

262

}

263

264

//Gnutls server initialization

265

if ((ret = gnutls_dh_params_init (&es->dh_params))

266

!= GNUTLS_E_SUCCESS) {

267

fprintf (stderr, "Error in dh parameter initialization: %s\n",

268

safer_gnutls_strerror(ret));

269

return -1;

270

}

271

272

if ((ret = gnutls_dh_params_generate2 (es->dh_params, DH_BITS))

273

!= GNUTLS_E_SUCCESS) {

274

fprintf (stderr, "Error in prime generation: %s\n",

275

safer_gnutls_strerror(ret));

276

return -1;

277

}

278

279

gnutls_certificate_set_dh_params (es->cred, es->dh_params);

280

281

// Gnutls session creation

282

if ((ret = gnutls_init (&es->session, GNUTLS_SERVER))

283

!= GNUTLS_E_SUCCESS){

284

fprintf(stderr, "Error in gnutls session initialization: %s\n",

285

safer_gnutls_strerror(ret));

286

}

287

288

if ((ret = gnutls_priority_set_direct (es->session, "NORMAL", &err))

289

!= GNUTLS_E_SUCCESS) {

290

fprintf(stderr, "Syntax error at: %s\n", err);

291

fprintf(stderr, "Gnutls error: %s\n",

292

safer_gnutls_strerror(ret));

293

return -1;

294

}

295

296

if ((ret = gnutls_credentials_set

297

(es->session, GNUTLS_CRD_CERTIFICATE, es->cred))

298

!= GNUTLS_E_SUCCESS) {

299

fprintf(stderr, "Error setting a credentials set: %s\n",

300

safer_gnutls_strerror(ret));

301

return -1;

302

}

303

357

(mc->cred, pubkeyfile, seckeyfile, GNUTLS_OPENPGP_FMT_BASE64);

358

if (ret != GNUTLS_E_SUCCESS) {

359

fprintf(stderr,

360

"Error[%d] while reading the OpenPGP key pair ('%s',"

361

" '%s')\n", ret, pubkeyfile, seckeyfile);

362

fprintf(stdout, "The GnuTLS error is: %s\n",

363

safer_gnutls_strerror(ret));

364

goto globalfail;

365

}

366

367

/* GnuTLS server initialization */

368

ret = gnutls_dh_params_init(&mc->dh_params);

369

if (ret != GNUTLS_E_SUCCESS) {

370

fprintf (stderr, "Error in GnuTLS DH parameter initialization:"

371

" %s\n", safer_gnutls_strerror(ret));

372

goto globalfail;

373

}

374

ret = gnutls_dh_params_generate2(mc->dh_params, mc->dh_bits);

375

if (ret != GNUTLS_E_SUCCESS) {

376

fprintf (stderr, "Error in GnuTLS prime generation: %s\n",

377

safer_gnutls_strerror(ret));

378

goto globalfail;

379

}

380

381

gnutls_certificate_set_dh_params(mc->cred, mc->dh_params);

382

383

return 0;

384

385

globalfail:

386

387

gnutls_certificate_free_credentials(mc->cred);

388

gnutls_global_deinit();

389

return -1;

390

391

}

392

393

static int init_gnutls_session(mandos_context *mc,

394

gnutls_session_t *session){

395

int ret;

396

/* GnuTLS session creation */

397

ret = gnutls_init(session, GNUTLS_SERVER);

398

if (ret != GNUTLS_E_SUCCESS){

399

fprintf(stderr, "Error in GnuTLS session initialization: %s\n",

400

safer_gnutls_strerror(ret));

401

}

402

403

{

404

const char *err;

405

ret = gnutls_priority_set_direct(*session, mc->priority, &err);

406

if (ret != GNUTLS_E_SUCCESS) {

407

fprintf(stderr, "Syntax error at: %s\n", err);

408

fprintf(stderr, "GnuTLS error: %s\n",

409

safer_gnutls_strerror(ret));

410

gnutls_deinit (*session);

411

return -1;

412

}

413

}

414

415

ret = gnutls_credentials_set(*session, GNUTLS_CRD_CERTIFICATE,

416

mc->cred);

417

if (ret != GNUTLS_E_SUCCESS) {

418

fprintf(stderr, "Error setting GnuTLS credentials: %s\n",

419

safer_gnutls_strerror(ret));

420

gnutls_deinit (*session);

421

return -1;

422

}

423

304

424

/* ignore client certificate if any. */

305

gnutls_certificate_server_set_request (es->session, GNUTLS_CERT_IGNORE);

425

gnutls_certificate_server_set_request (*session,

426

GNUTLS_CERT_IGNORE);

306

427

307

gnutls_dh_set_prime_bits (es->session, DH_BITS);

428

gnutls_dh_set_prime_bits (*session, mc->dh_bits);

308

429

309

430

return 0;

310

431

}

311

432

312

void empty_log(AvahiLogLevel level, const char *txt){}

433

/* Avahi log function callback */

434

static void empty_log(__attribute__((unused)) AvahiLogLevel level,

435

__attribute__((unused)) const char *txt){}

313

436

314

int start_mandos_communication(char *ip, uint16_t port){

437

/* Called when a Mandos server is found */

438

static int start_mandos_communication(const char *ip, uint16_t port,

439

AvahiIfIndex if_index,

440

mandos_context *mc){

315

441

int ret, tcp_sd;

316

struct sockaddr_in6 to;

317

encrypted_session es;

442

union { struct sockaddr in; struct sockaddr_in6 in6; } to;

318

443

char *buffer = NULL;

319

444

char *decrypted_buffer;

320

445

size_t buffer_length = 0;

321

446

size_t buffer_capacity = 0;

322

447

ssize_t decrypted_buffer_size;

448

size_t written;

323

449

int retval = 0;

324

const char interface[] = "eth0";

325

450

char interface[IF_NAMESIZE];

451

gnutls_session_t session;

452

453

ret = init_gnutls_session (mc, &session);

454

if (ret != 0){

455

return -1;

456

}

457

326

458

if(debug){

327

fprintf(stderr, "Setting up a tcp connection to %s\n", ip);

459

fprintf(stderr, "Setting up a tcp connection to %s, port %" PRIu16

460

"\n", ip, port);

328

461

}

329

462

330

463

tcp_sd = socket(PF_INET6, SOCK_STREAM, 0);

334

467

}

335

468

336

469

if(debug){

470

if(if_indextoname((unsigned int)if_index, interface) == NULL){

471

perror("if_indextoname");

472

return -1;

473

}

337

474

fprintf(stderr, "Binding to interface %s\n", interface);

338

475

}

339

340

ret = setsockopt(tcp_sd, SOL_SOCKET, SO_BINDTODEVICE, interface, 5);

341

if(tcp_sd < 0) {

342

perror("setsockopt bindtodevice");

343

return -1;

344

}

345

476

346

memset(&to,0,sizeof(to));

347

to.sin6_family = AF_INET6;

348

ret = inet_pton(AF_INET6, ip, &to.sin6_addr);

477

memset(&to,0,sizeof(to)); /* Spurious warning */

478

to.in6.sin6_family = AF_INET6;

479

/* It would be nice to have a way to detect if we were passed an

480

IPv4 address here. Now we assume an IPv6 address. */

481

ret = inet_pton(AF_INET6, ip, &to.in6.sin6_addr);

349

482

if (ret < 0 ){

350

483

perror("inet_pton");

351

484

return -1;

352

}

485

}

353

486

if(ret == 0){

354

487

fprintf(stderr, "Bad address: %s\n", ip);

355

488

return -1;

356

489

}

357

to.sin6_port = htons(port);

358

to.sin6_scope_id = if_nametoindex(interface);

359

490

to.in6.sin6_port = htons(port); /* Spurious warning */

491

492

to.in6.sin6_scope_id = (uint32_t)if_index;

493

360

494

if(debug){

361

fprintf(stderr, "Connection to: %s\n", ip);

495

fprintf(stderr, "Connection to: %s, port %" PRIu16 "\n", ip,

496

port);

497

char addrstr[INET6_ADDRSTRLEN] = "";

498

if(inet_ntop(to.in6.sin6_family, &(to.in6.sin6_addr), addrstr,

499

sizeof(addrstr)) == NULL){

500

perror("inet_ntop");

501

} else {

502

if(strcmp(addrstr, ip) != 0){

503

fprintf(stderr, "Canonical address form: %s\n", addrstr);

504

}

505

}

362

506

}

363

507

364

ret = connect(tcp_sd, (struct sockaddr *) &to, sizeof(to));

508

ret = connect(tcp_sd, &to.in, sizeof(to));

365

509

if (ret < 0){

366

510

perror("connect");

367

511

return -1;

368

512

}

369

370

ret = initgnutls (&es);

371

if (ret != 0){

372

retval = -1;

373

return -1;

374

}

375

376

377

gnutls_transport_set_ptr (es.session, (gnutls_transport_ptr_t) tcp_sd);

378

513

514

const char *out = mandos_protocol_version;

515

written = 0;

516

while (true){

517

size_t out_size = strlen(out);

518

ret = TEMP_FAILURE_RETRY(write(tcp_sd, out + written,

519

out_size - written));

520

if (ret == -1){

521

perror("write");

522

retval = -1;

523

goto mandos_end;

524

}

525

written += (size_t)ret;

526

if(written < out_size){

527

continue;

528

} else {

529

if (out == mandos_protocol_version){

530

written = 0;

531

out = "\r\n";

532

} else {

533

break;

534

}

535

}

536

}

537

379

538

if(debug){

380

fprintf(stderr, "Establishing tls session with %s\n", ip);

539

fprintf(stderr, "Establishing TLS session with %s\n", ip);

381

540

}

541

542

gnutls_transport_set_ptr (session, (gnutls_transport_ptr_t) tcp_sd);

382

543

383

384

ret = gnutls_handshake (es.session);

544

do{

545

ret = gnutls_handshake (session);

546

} while(ret == GNUTLS_E_AGAIN or ret == GNUTLS_E_INTERRUPTED);

385

547

386

548

if (ret != GNUTLS_E_SUCCESS){

387

fprintf(stderr, "\n*** Handshake failed ***\n");

388

gnutls_perror (ret);

549

if(debug){

550

fprintf(stderr, "*** GnuTLS Handshake failed ***\n");

551

gnutls_perror (ret);

552

}

389

553

retval = -1;

390

goto exit;

554

goto mandos_end;

391

555

}

392

393

//Retrieve gpg packet that contains the wanted password

394

556

557

/* Read OpenPGP packet that contains the wanted password */

558

395

559

if(debug){

396

fprintf(stderr, "Retrieving pgp encrypted password from %s\n", ip);

560

fprintf(stderr, "Retrieving pgp encrypted password from %s\n",

561

ip);

397

562

}

398

563

399

564

while(true){

400

if (buffer_length + BUFFER_SIZE > buffer_capacity){

401

buffer = realloc(buffer, buffer_capacity + BUFFER_SIZE);

402

if (buffer == NULL){

403

perror("realloc");

404

goto exit;

405

}

406

buffer_capacity += BUFFER_SIZE;

565

buffer_capacity = adjustbuffer(&buffer, buffer_length,

566

buffer_capacity);

567

if (buffer_capacity == 0){

568

perror("adjustbuffer");

569

retval = -1;

570

goto mandos_end;

407

571

}

408

572

409

ret = gnutls_record_recv

410

(es.session, buffer+buffer_length, BUFFER_SIZE);

573

ret = gnutls_record_recv(session, buffer+buffer_length,

574

BUFFER_SIZE);

411

575

if (ret == 0){

412

576

break;

413

577

}

417

581

case GNUTLS_E_AGAIN:

418

582

break;

419

583

case GNUTLS_E_REHANDSHAKE:

420

ret = gnutls_handshake (es.session);

584

do{

585

ret = gnutls_handshake (session);

586

} while(ret == GNUTLS_E_AGAIN or ret == GNUTLS_E_INTERRUPTED);

421

587

if (ret < 0){

422

fprintf(stderr, "\n*** Handshake failed ***\n");

588

fprintf(stderr, "*** GnuTLS Re-handshake failed ***\n");

423

589

gnutls_perror (ret);

424

590

retval = -1;

425

goto exit;

591

goto mandos_end;

426

592

}

427

593

break;

428

594

default:

429

fprintf(stderr, "Unknown error while reading data from encrypted session with mandos server\n");

595

fprintf(stderr, "Unknown error while reading data from"

596

" encrypted session with Mandos server\n");

430

597

retval = -1;

431

gnutls_bye (es.session, GNUTLS_SHUT_RDWR);

432

goto exit;

598

gnutls_bye (session, GNUTLS_SHUT_RDWR);

599

goto mandos_end;

433

600

}

434

601

} else {

435

buffer_length += ret;

602

buffer_length += (size_t) ret;

436

603

}

437

604

}

438

605

606

if(debug){

607

fprintf(stderr, "Closing TLS session\n");

608

}

609

610

gnutls_bye (session, GNUTLS_SHUT_RDWR);

611

439

612

if (buffer_length > 0){

440

if ((decrypted_buffer_size = gpg_packet_decrypt(buffer, buffer_length, &decrypted_buffer, CERT_ROOT)) >= 0){

441

fwrite (decrypted_buffer, 1, decrypted_buffer_size, stdout);

613

decrypted_buffer_size = pgp_packet_decrypt(buffer,

614

buffer_length,

615

&decrypted_buffer,

616

keydir);

617

if (decrypted_buffer_size >= 0){

618

written = 0;

619

while(written < (size_t) decrypted_buffer_size){

620

ret = (int)fwrite (decrypted_buffer + written, 1,

621

(size_t)decrypted_buffer_size - written,

622

stdout);

623

if(ret == 0 and ferror(stdout)){

624

if(debug){

625

fprintf(stderr, "Error writing encrypted data: %s\n",

626

strerror(errno));

627

}

628

retval = -1;

629

break;

630

}

631

written += (size_t)ret;

632

}

442

633

free(decrypted_buffer);

443

634

} else {

444

635

retval = -1;

445

636

}

446

637

}

447

448

//shutdown procedure

449

450

if(debug){

451

fprintf(stderr, "Closing tls session\n");

452

}

453

638

639

/* Shutdown procedure */

640

641

mandos_end:

454

642

free(buffer);

455

gnutls_bye (es.session, GNUTLS_SHUT_RDWR);

456

exit:

457

643

close(tcp_sd);

458

gnutls_deinit (es.session);

459

gnutls_certificate_free_credentials (es.cred);

460

gnutls_global_deinit ();

644

gnutls_deinit (session);

461

645

return retval;

462

646

}

463

647

464

static AvahiSimplePoll *simple_poll = NULL;

465

static AvahiServer *server = NULL;

466

467

static void resolve_callback(

468

AvahiSServiceResolver *r,

469

AVAHI_GCC_UNUSED AvahiIfIndex interface,

470

AVAHI_GCC_UNUSED AvahiProtocol protocol,

471

AvahiResolverEvent event,

472

const char *name,

473

const char *type,

474

const char *domain,

475

const char *host_name,

476

const AvahiAddress *address,

477

uint16_t port,

478

AvahiStringList *txt,

479

AvahiLookupResultFlags flags,

480

AVAHI_GCC_UNUSED void* userdata) {

481

482

assert(r);

483

484

/* Called whenever a service has been resolved successfully or timed out */

485

486

switch (event) {

487

case AVAHI_RESOLVER_FAILURE:

488

fprintf(stderr, "(Resolver) Failed to resolve service '%s' of type '%s' in domain '%s': %s\n", name, type, domain, avahi_strerror(avahi_server_errno(server)));

489

break;

490

491

case AVAHI_RESOLVER_FOUND: {

492

char ip[AVAHI_ADDRESS_STR_MAX];

493

avahi_address_snprint(ip, sizeof(ip), address);

494

if(debug){

495

fprintf(stderr, "Mandos server found at %s on port %d\n", ip, port);

496

}

497

int ret = start_mandos_communication(ip, port);

498

if (ret == 0){

499

exit(EXIT_SUCCESS);

500

} else {

501

exit(EXIT_FAILURE);

502

}

503

}

504

}

505

avahi_s_service_resolver_free(r);

506

}

507

508

static void browse_callback(

509

AvahiSServiceBrowser *b,

510

AvahiIfIndex interface,

511

AvahiProtocol protocol,

512

AvahiBrowserEvent event,

513

const char *name,

514

const char *type,

515

const char *domain,

516

AVAHI_GCC_UNUSED AvahiLookupResultFlags flags,

517

void* userdata) {

518

519

AvahiServer *s = userdata;

520

assert(b);

521

522

/* Called whenever a new services becomes available on the LAN or is removed from the LAN */

523

524

switch (event) {

525

526

case AVAHI_BROWSER_FAILURE:

527

528

fprintf(stderr, "(Browser) %s\n", avahi_strerror(avahi_server_errno(server)));

529

avahi_simple_poll_quit(simple_poll);

530

return;

531

532

case AVAHI_BROWSER_NEW:

533

/* We ignore the returned resolver object. In the callback

534

function we free it. If the server is terminated before

535

the callback function is called the server will free

536

the resolver for us. */

537

538

if (!(avahi_s_service_resolver_new(s, interface, protocol, name, type, domain, AVAHI_PROTO_INET6, 0, resolve_callback, s)))

539

fprintf(stderr, "Failed to resolve service '%s': %s\n", name, avahi_strerror(avahi_server_errno(s)));

540

541

break;

542

543

case AVAHI_BROWSER_REMOVE:

544

break;

545

546

case AVAHI_BROWSER_ALL_FOR_NOW:

547

case AVAHI_BROWSER_CACHE_EXHAUSTED:

548

break;

549

}

550

}

551

552

int main(AVAHI_GCC_UNUSED int argc, AVAHI_GCC_UNUSED char*argv[]) {

553

AvahiServerConfig config;

648

static void resolve_callback(AvahiSServiceResolver *r,

649

AvahiIfIndex interface,

650

AVAHI_GCC_UNUSED AvahiProtocol protocol,

651

AvahiResolverEvent event,

652

const char *name,

653

const char *type,

654

const char *domain,

655

const char *host_name,

656

const AvahiAddress *address,

657

uint16_t port,

658

AVAHI_GCC_UNUSED AvahiStringList *txt,

659

AVAHI_GCC_UNUSED AvahiLookupResultFlags

660

flags,

661

void* userdata) {

662

mandos_context *mc = userdata;

663

assert(r); /* Spurious warning */

664

665

/* Called whenever a service has been resolved successfully or

666

timed out */

667

668

switch (event) {

669

default:

670

case AVAHI_RESOLVER_FAILURE:

671

fprintf(stderr, "(Avahi Resolver) Failed to resolve service '%s'"

672

" of type '%s' in domain '%s': %s\n", name, type, domain,

673

avahi_strerror(avahi_server_errno(mc->server)));

674

break;

675

676

case AVAHI_RESOLVER_FOUND:

677

{

678

char ip[AVAHI_ADDRESS_STR_MAX];

679

avahi_address_snprint(ip, sizeof(ip), address);

680

if(debug){

681

fprintf(stderr, "Mandos server \"%s\" found on %s (%s, %"

682

PRIu16 ") on port %d\n", name, host_name, ip,

683

interface, port);

684

}

685

int ret = start_mandos_communication(ip, port, interface, mc);

686

if (ret == 0){

687

exit(EXIT_SUCCESS);

688

}

689

}

690

}

691

avahi_s_service_resolver_free(r);

692

}

693

694

static void browse_callback( AvahiSServiceBrowser *b,

695

AvahiIfIndex interface,

696

AvahiProtocol protocol,

697

AvahiBrowserEvent event,

698

const char *name,

699

const char *type,

700

const char *domain,

701

AVAHI_GCC_UNUSED AvahiLookupResultFlags

702

flags,

703

void* userdata) {

704

mandos_context *mc = userdata;

705

assert(b); /* Spurious warning */

706

707

/* Called whenever a new services becomes available on the LAN or

708

is removed from the LAN */

709

710

switch (event) {

711

default:

712

case AVAHI_BROWSER_FAILURE:

713

714

fprintf(stderr, "(Avahi browser) %s\n",

715

avahi_strerror(avahi_server_errno(mc->server)));

716

avahi_simple_poll_quit(mc->simple_poll);

717

return;

718

719

case AVAHI_BROWSER_NEW:

720

/* We ignore the returned Avahi resolver object. In the callback

721

function we free it. If the Avahi server is terminated before

722

the callback function is called the Avahi server will free the

723

resolver for us. */

724

725

if (!(avahi_s_service_resolver_new(mc->server, interface,

726

protocol, name, type, domain,

727

AVAHI_PROTO_INET6, 0,

728

resolve_callback, mc)))

729

fprintf(stderr, "Avahi: Failed to resolve service '%s': %s\n",

730

name, avahi_strerror(avahi_server_errno(mc->server)));

731

break;

732

733

case AVAHI_BROWSER_REMOVE:

734

break;

735

736

case AVAHI_BROWSER_ALL_FOR_NOW:

737

case AVAHI_BROWSER_CACHE_EXHAUSTED:

738

if(debug){

739

fprintf(stderr, "No Mandos server found, still searching...\n");

740

}

741

break;

742

}

743

}

744

745

/* Combines file name and path and returns the malloced new

746

string. some sane checks could/should be added */

747

static const char *combinepath(const char *first, const char *second){

748

size_t f_len = strlen(first);

749

size_t s_len = strlen(second);

750

char *tmp = malloc(f_len + s_len + 2);

751

if (tmp == NULL){

752

return NULL;

753

}

754

if(f_len > 0){

755

memcpy(tmp, first, f_len); /* Spurious warning */

756

}

757

tmp[f_len] = '/';

758

if(s_len > 0){

759

memcpy(tmp + f_len + 1, second, s_len); /* Spurious warning */

760

}

761

tmp[f_len + 1 + s_len] = '\0';

762

return tmp;

763

}

764

765

766

int main(int argc, char *argv[]){

554

767

AvahiSServiceBrowser *sb = NULL;

555

const char db[] = "--debug";

556

768

int error;

557

int ret = 1;

558

int returncode = EXIT_SUCCESS;

559

char *basename = rindex(argv[0], '/');

560

if(basename == NULL){

561

basename = argv[0];

769

int ret;

770

int exitcode = EXIT_SUCCESS;

771

const char *interface = "eth0";

772

struct ifreq network;

773

int sd;

774

uid_t uid;

775

gid_t gid;

776

char *connect_to = NULL;

777

AvahiIfIndex if_index = AVAHI_IF_UNSPEC;

778

const char *pubkeyfile = "pubkey.txt";

779

const char *seckeyfile = "seckey.txt";

780

mandos_context mc = { .simple_poll = NULL, .server = NULL,

781

.dh_bits = 1024, .priority = "SECURE256"};

782

bool gnutls_initalized = false;

783

784

{

785

struct argp_option options[] = {

786

{ .name = "debug", .key = 128,

787

.doc = "Debug mode", .group = 3 },

788

{ .name = "connect", .key = 'c',

789

.arg = "IP",

790

.doc = "Connect directly to a sepcified mandos server",

791

.group = 1 },

792

{ .name = "interface", .key = 'i',

793

.arg = "INTERFACE",

794

.doc = "Interface that Avahi will conntect through",

795

.group = 1 },

796

{ .name = "keydir", .key = 'd',

797

.arg = "KEYDIR",

798

.doc = "Directory where the openpgp keyring is",

799

.group = 1 },

800

{ .name = "seckey", .key = 's',

801

.arg = "SECKEY",

802

.doc = "Secret openpgp key for gnutls authentication",

803

.group = 1 },

804

{ .name = "pubkey", .key = 'p',

805

.arg = "PUBKEY",

806

.doc = "Public openpgp key for gnutls authentication",

807

.group = 2 },

808

{ .name = "dh-bits", .key = 129,

809

.arg = "BITS",

810

.doc = "dh-bits to use in gnutls communication",

811

.group = 2 },

812

{ .name = "priority", .key = 130,

813

.arg = "PRIORITY",

814

.doc = "GNUTLS priority", .group = 1 },

815

{ .name = NULL }

816

};

817

818

819

error_t parse_opt (int key, char *arg,

820

struct argp_state *state) {

821

/* Get the INPUT argument from `argp_parse', which we know is

822

a pointer to our plugin list pointer. */

823

switch (key) {

824

case 128:

825

debug = true;

826

break;

827

case 'c':

828

connect_to = arg;

829

break;

830

case 'i':

831

interface = arg;

832

break;

833

case 'd':

834

keydir = arg;

835

break;

836

case 's':

837

seckeyfile = arg;

838

break;

839

case 'p':

840

pubkeyfile = arg;

841

break;

842

case 129:

843

errno = 0;

844

mc.dh_bits = (unsigned int) strtol(arg, NULL, 10);

845

if (errno){

846

perror("strtol");

847

exit(EXIT_FAILURE);

848

}

849

break;

850

case 130:

851

mc.priority = arg;

852

break;

853

case ARGP_KEY_ARG:

854

argp_usage (state);

855

break;

856

case ARGP_KEY_END:

857

break;

858

default:

859

return ARGP_ERR_UNKNOWN;

860

}

861

return 0;

862

}

863

864

struct argp argp = { .options = options, .parser = parse_opt,

865

.args_doc = "",

866

.doc = "Mandos client -- Get and decrypt"

867

" passwords from mandos server" };

868

ret = argp_parse (&argp, argc, argv, 0, 0, NULL);

869

if (ret == ARGP_ERR_UNKNOWN){

870

fprintf(stderr, "Unkown error while parsing arguments\n");

871

exitcode = EXIT_FAILURE;

872

goto end;

873

}

874

}

875

876

pubkeyfile = combinepath(keydir, pubkeyfile);

877

if (pubkeyfile == NULL){

878

perror("combinepath");

879

exitcode = EXIT_FAILURE;

880

goto end;

881

}

882

883

seckeyfile = combinepath(keydir, seckeyfile);

884

if (seckeyfile == NULL){

885

perror("combinepath");

886

goto end;

887

}

888

889

ret = init_gnutls_global(&mc, pubkeyfile, seckeyfile);

890

if (ret == -1){

891

fprintf(stderr, "init_gnutls_global\n");

892

goto end;

562

893

} else {

563

basename++;

564

}

565

566

char *program_name = malloc(strlen(basename) + sizeof(db));

567

568

if (program_name == NULL){

569

perror("argv[0]");

570

return EXIT_FAILURE;

571

}

572

573

program_name[0] = '\0';

574

575

for (int i = 1; i < argc; i++){

576

if (not strncmp(argv[i], db, 5)){

577

strcat(strcat(strcat(program_name, db ), "="), basename);

578

if(not strcmp(argv[i], db) or not strcmp(argv[i], program_name)){

579

debug = true;

580

}

894

gnutls_initalized = true;

895

}

896

897

uid = getuid();

898

gid = getgid();

899

900

ret = setuid(uid);

901

if (ret == -1){

902

perror("setuid");

903

}

904

905

setgid(gid);

906

if (ret == -1){

907

perror("setgid");

908

}

909

910

if_index = (AvahiIfIndex) if_nametoindex(interface);

911

if(if_index == 0){

912

fprintf(stderr, "No such interface: \"%s\"\n", interface);

913

exit(EXIT_FAILURE);

914

}

915

916

if(connect_to != NULL){

917

/* Connect directly, do not use Zeroconf */

918

/* (Mainly meant for debugging) */

919

char *address = strrchr(connect_to, ':');

920

if(address == NULL){

921

fprintf(stderr, "No colon in address\n");

922

exitcode = EXIT_FAILURE;

923

goto end;

924

}

925

errno = 0;

926

uint16_t port = (uint16_t) strtol(address+1, NULL, 10);

927

if(errno){

928

perror("Bad port number");

929

exitcode = EXIT_FAILURE;

930

goto end;

931

}

932

*address = '\0';

933

address = connect_to;

934

ret = start_mandos_communication(address, port, if_index, &mc);

935

if(ret < 0){

936

exitcode = EXIT_FAILURE;

937

} else {

938

exitcode = EXIT_SUCCESS;

939

}

940

goto end;

941

}

942

943

/* If the interface is down, bring it up */

944

{

945

sd = socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP);

946

if(sd < 0) {

947

perror("socket");

948

exitcode = EXIT_FAILURE;

949

goto end;

950

}

951

strcpy(network.ifr_name, interface); /* Spurious warning */

952

ret = ioctl(sd, SIOCGIFFLAGS, &network);

953

if(ret == -1){

954

perror("ioctl SIOCGIFFLAGS");

955

exitcode = EXIT_FAILURE;

956

goto end;

957

}

958

if((network.ifr_flags & IFF_UP) == 0){

959

network.ifr_flags |= IFF_UP;

960

ret = ioctl(sd, SIOCSIFFLAGS, &network);

961

if(ret == -1){

962

perror("ioctl SIOCSIFFLAGS");

963

exitcode = EXIT_FAILURE;

964

goto end;

581

965

}

966

}

967

close(sd);

582

968

}

583

free(program_name);

584

969

585

970

if (not debug){

586

971

avahi_set_log_function(empty_log);

587

972

}

588

973

589

/* Initialize the psuedo-RNG */

590

srand(time(NULL));

591

592

/* Allocate main loop object */

593

if (!(simple_poll = avahi_simple_poll_new())) {

594

fprintf(stderr, "Failed to create simple poll object.\n");

595

596

goto exit;

597

}

598

599

/* Do not publish any local records */

600

avahi_server_config_init(&config);

601

config.publish_hinfo = 0;

602

config.publish_addresses = 0;

603

config.publish_workstation = 0;

604

config.publish_domain = 0;

605

606

/* Allocate a new server */

607

server = avahi_server_new(avahi_simple_poll_get(simple_poll), &config, NULL, NULL, &error);

608

609

/* Free the configuration data */

610

avahi_server_config_free(&config);

611

612

/* Check if creating the server object succeeded */

613

if (!server) {

614

fprintf(stderr, "Failed to create server: %s\n", avahi_strerror(error));

615

returncode = EXIT_FAILURE;

616

goto exit;

617

}

618

619

/* Create the service browser */

620

if (!(sb = avahi_s_service_browser_new(server, if_nametoindex("eth0"), AVAHI_PROTO_INET6, "_mandos._tcp", NULL, 0, browse_callback, server))) {

621

fprintf(stderr, "Failed to create service browser: %s\n", avahi_strerror(avahi_server_errno(server)));

622

returncode = EXIT_FAILURE;

623

goto exit;

974

/* Initialize the pseudo-RNG for Avahi */

975

srand((unsigned int) time(NULL));

976

977

/* Allocate main Avahi loop object */

978

mc.simple_poll = avahi_simple_poll_new();

979

if (mc.simple_poll == NULL) {

980

fprintf(stderr, "Avahi: Failed to create simple poll"

981

" object.\n");

982

exitcode = EXIT_FAILURE;

983

goto end;

984

}

985

986

{

987

AvahiServerConfig config;

988

/* Do not publish any local Zeroconf records */

989

avahi_server_config_init(&config);

990

config.publish_hinfo = 0;

991

config.publish_addresses = 0;

992

config.publish_workstation = 0;

993

config.publish_domain = 0;

994

995

/* Allocate a new server */

996

mc.server = avahi_server_new(avahi_simple_poll_get

997

(mc.simple_poll), &config, NULL,

998

NULL, &error);

999

1000

/* Free the Avahi configuration data */

1001

avahi_server_config_free(&config);

1002

}

1003

1004

/* Check if creating the Avahi server object succeeded */

1005

if (mc.server == NULL) {

1006

fprintf(stderr, "Failed to create Avahi server: %s\n",

1007

avahi_strerror(error));

1008

exitcode = EXIT_FAILURE;

1009

goto end;

1010

}

1011

1012

/* Create the Avahi service browser */

1013

sb = avahi_s_service_browser_new(mc.server, if_index,

1014

AVAHI_PROTO_INET6,

1015

"_mandos._tcp", NULL, 0,

1016

browse_callback, &mc);

1017

if (sb == NULL) {

1018

fprintf(stderr, "Failed to create service browser: %s\n",

1019

avahi_strerror(avahi_server_errno(mc.server)));

1020

exitcode = EXIT_FAILURE;

1021

goto end;

624

1022

}

625

1023

626

1024

/* Run the main loop */

627

1025

628

1026

if (debug){

629

fprintf(stderr, "Starting avahi loop search\n");

1027

fprintf(stderr, "Starting Avahi loop search\n");

630

1028

}

631

1029

632

avahi_simple_poll_loop(simple_poll);

1030

avahi_simple_poll_loop(mc.simple_poll);

633

1031

634

exit:

1032

end:

635

1033

636

1034

if (debug){

637

1035

fprintf(stderr, "%s exiting\n", argv[0]);

638

1036

}

639

1037

640

1038

/* Cleanup things */

641

if (sb)

1039

if (sb != NULL)

642

1040

avahi_s_service_browser_free(sb);

643

1041

644

if (server)

645

avahi_server_free(server);

646

647

if (simple_poll)

648

avahi_simple_poll_free(simple_poll);

649

650

return ret;

1042

if (mc.server != NULL)

1043

avahi_server_free(mc.server);

1044

1045

if (mc.simple_poll != NULL)

1046

avahi_simple_poll_free(mc.simple_poll);

1047

free(pubkeyfile);

1048

free(seckeyfile);

1049

1050

if (gnutls_initalized){

1051

gnutls_certificate_free_credentials(mc.cred);

1052

gnutls_global_deinit ();

1053

}

1054

1055

return exitcode;

651

1056

}

Older »