/mandos/release : revision 63

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to plugins.d/password-request.c

Committer: Teddy Hogeborn
Date: 2008-08-10 20:35:01 UTC
mfrom: (24.1.42 mandos)
Revision ID: teddy@fukt.bsnet.se-20080810203501-euh3qcf1nopilksm

Merge.

files added:
mandos-client.xml

mandos-clients.conf.xml

mandos.conf

mandos.conf.xml

mandos.xml

network-protocol.txt

plugins.d/password-prompt.xml

plugins.d/password-request.xml

files removed:
ca.pem

cert.pem

client-cert.pem

client-key.pem

crl.pem

key.pem

files renamed:
mandos-clients.conf => clients.conf

server.py => mandos

plugbasedclient.c => mandos-client.c

plugins.d/passprompt.c => plugins.d/password-prompt.c

plugins.d/mandosclient.c => plugins.d/password-request.c

files modified:
Makefile

TODO

Show diffs side-by-side

added added

removed removed

plugins.d/password-request.c

/***

This file is part of avahi.

avahi is free software; you can redistribute it and/or modify it

under the terms of the GNU Lesser General Public License as

published by the Free Software Foundation; either version 2.1 of the

License, or (at your option) any later version.

avahi is distributed in the hope that it will be useful, but WITHOUT

ANY WARRANTY; without even the implied warranty of MERCHANTABILITY

or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General

Public License for more details.

You should have received a copy of the GNU Lesser General Public

License along with avahi; if not, write to the Free Software

Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307

USA.

***/

/* -*- coding: utf-8 -*- */

* Mandos client - get and decrypt data from a Mandos server

* This program is partly derived from an example program for an Avahi

* service browser, downloaded from

* <http://avahi.org/browser/examples/core-browse-services.c>. This

* includes the following functions: "resolve_callback",

* "browse_callback", and parts of "main".

* Everything else is

* This program is free software: you can redistribute it and/or

* modify it under the terms of the GNU General Public License as

* published by the Free Software Foundation, either version 3 of the

* License, or (at your option) any later version.

* This program is distributed in the hope that it will be useful, but

* WITHOUT ANY WARRANTY; without even the implied warranty of

* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU

* General Public License for more details.

* You should have received a copy of the GNU General Public License

* along with this program. If not, see

* <http://www.gnu.org/licenses/>.

* Contact the authors at <mandos@fukt.bsnet.se>.

/* Needed by GPGME, specifically gpgme_data_seek() */

#define _LARGEFILE_SOURCE

#define _FILE_OFFSET_BITS 64

#include <stdio.h>

#include <assert.h>

#include <stdlib.h>

#include <time.h>

#include <net/if.h> /* if_nametoindex */

#define _GNU_SOURCE /* TEMP_FAILURE_RETRY() */

#include <stdio.h> /* fprintf(), stderr, fwrite(), stdout,

ferror() */

#include <stdint.h> /* uint16_t, uint32_t */

#include <stddef.h> /* NULL, size_t, ssize_t */

#include <stdlib.h> /* free(), EXIT_SUCCESS, EXIT_FAILURE,

srand() */

#include <stdbool.h> /* bool, true */

#include <string.h> /* memset(), strcmp(), strlen(),

strerror(), memcpy(), strcpy() */

#include <sys/ioctl.h> /* ioctl */

#include <net/if.h> /* ifreq, SIOCGIFFLAGS, SIOCSIFFLAGS,

IFF_UP */

#include <sys/types.h> /* socket(), inet_pton(), sockaddr,

sockaddr_in6, PF_INET6,

SOCK_STREAM, INET6_ADDRSTRLEN,

uid_t, gid_t */

#include <inttypes.h> /* PRIu16 */

#include <sys/socket.h> /* socket(), struct sockaddr_in6,

struct in6_addr, inet_pton(),

connect() */

#include <assert.h> /* assert() */

#include <errno.h> /* perror(), errno */

#include <time.h> /* time() */

#include <net/if.h> /* ioctl, ifreq, SIOCGIFFLAGS, IFF_UP,

SIOCSIFFLAGS, if_indextoname(),

if_nametoindex(), IF_NAMESIZE */

#include <unistd.h> /* close(), SEEK_SET, off_t, write(),

getuid(), getgid(), setuid(),

setgid() */

#include <netinet/in.h>

#include <arpa/inet.h> /* inet_pton(), htons */

#include <iso646.h> /* not, and */

#include <argp.h> /* struct argp_option, error_t, struct

argp_state, struct argp,

argp_parse(), ARGP_KEY_ARG,

ARGP_KEY_END, ARGP_ERR_UNKNOWN */

/* Avahi */

/* All Avahi types, constants and functions

Avahi*, avahi_*,

AVAHI_* */

#include <avahi-core/core.h>

#include <avahi-core/lookup.h>

#include <avahi-core/log.h>

#include <avahi-common/malloc.h>

#include <avahi-common/error.h>

//mandos client part

#include <sys/types.h> /* socket(), setsockopt(), inet_pton() */

#include <sys/socket.h> /* socket(), setsockopt(), struct sockaddr_in6, struct in6_addr, inet_pton() */

#include <gnutls/gnutls.h> /* ALL GNUTLS STUFF */

#include <gnutls/openpgp.h> /* gnutls with openpgp stuff */

#include <unistd.h> /* close() */

#include <netinet/in.h>

#include <stdbool.h> /* true */

#include <string.h> /* memset */

#include <arpa/inet.h> /* inet_pton() */

#include <iso646.h> /* not */

// gpgme

#include <errno.h> /* perror() */

#include <gpgme.h>

// getopt long

#include <getopt.h>

#ifndef CERT_ROOT

#define CERT_ROOT "/conf/conf.d/cryptkeyreq/"

#endif

#define CERTFILE CERT_ROOT "openpgp-client.txt"

#define KEYFILE CERT_ROOT "openpgp-client-key.txt"

/* GnuTLS */

#include <gnutls/gnutls.h> /* All GnuTLS types, constants and functions

gnutls_*

init_gnutls_session(),

GNUTLS_* */

#include <gnutls/openpgp.h> /* gnutls_certificate_set_openpgp_key_file(),

GNUTLS_OPENPGP_FMT_BASE64 */

/* GPGME */

#include <gpgme.h> /* All GPGME types, constants and functions

gpgme_*

GPGME_PROTOCOL_OpenPGP,

GPG_ERR_NO_* */

#define BUFFER_SIZE 256

#define DH_BITS 1024

100

101

bool debug = false;

char *interface = "eth0";

102

static const char *keydir = "/conf/conf.d/mandos";

103

static const char mandos_protocol_version[] = "1";

104

const char *argp_program_version = "password-request 1.0";

105

const char *argp_program_bug_address = "<mandos@fukt.bsnet.se>";

106

107

/* Used for passing in values through the Avahi callback functions */

108

typedef struct {

gnutls_session_t session;

109

AvahiSimplePoll *simple_poll;

110

AvahiServer *server;

111

gnutls_certificate_credentials_t cred;

112

unsigned int dh_bits;

113

gnutls_dh_params_t dh_params;

} encrypted_session;

ssize_t gpg_packet_decrypt (char *packet, size_t packet_size, char **new_packet, char *homedir){

114

const char *priority;

115

} mandos_context;

116

117

118

* Make room in "buffer" for at least BUFFER_SIZE additional bytes.

119

* "buffer_capacity" is how much is currently allocated,

120

* "buffer_length" is how much is already used.

121

122

size_t adjustbuffer(char **buffer, size_t buffer_length,

123

size_t buffer_capacity){

124

if (buffer_length + BUFFER_SIZE > buffer_capacity){

125

*buffer = realloc(*buffer, buffer_capacity + BUFFER_SIZE);

126

if (buffer == NULL){

127

return 0;

128

}

129

buffer_capacity += BUFFER_SIZE;

130

}

131

return buffer_capacity;

132

}

133

134

135

* Decrypt OpenPGP data using keyrings in HOMEDIR.

136

* Returns -1 on error

137

138

static ssize_t pgp_packet_decrypt (const char *cryptotext,

139

size_t crypto_size,

140

char **plaintext,

141

const char *homedir){

142

gpgme_data_t dh_crypto, dh_plain;

143

gpgme_ctx_t ctx;

144

gpgme_error_t rc;

145

ssize_t ret;

size_t new_packet_capacity = 0;

size_t new_packet_length = 0;

146

size_t plaintext_capacity = 0;

147

ssize_t plaintext_length = 0;

148

gpgme_engine_info_t engine_info;

149

150

if (debug){

fprintf(stderr, "Attempting to decrypt password from gpg packet\n");

151

fprintf(stderr, "Trying to decrypt OpenPGP data\n");

152

}

153

154

/* Init GPGME */

155

gpgme_check_version(NULL);

gpgme_engine_check_version(GPGME_PROTOCOL_OpenPGP);

156

rc = gpgme_engine_check_version(GPGME_PROTOCOL_OpenPGP);

157

if (rc != GPG_ERR_NO_ERROR){

158

fprintf(stderr, "bad gpgme_engine_check_version: %s: %s\n",

159

gpgme_strsource(rc), gpgme_strerror(rc));

160

return -1;

161

}

162

/* Set GPGME home directory */

163

/* Set GPGME home directory for the OpenPGP engine only */

164

rc = gpgme_get_engine_info (&engine_info);

165

if (rc != GPG_ERR_NO_ERROR){

166

fprintf(stderr, "bad gpgme_get_engine_info: %s: %s\n",

104

176

engine_info = engine_info->next;

105

177

}

106

178

if(engine_info == NULL){

107

fprintf(stderr, "Could not set home dir to %s\n", homedir);

179

fprintf(stderr, "Could not set GPGME home dir to %s\n", homedir);

108

180

return -1;

109

181

}

110

182

111

/* Create new GPGME data buffer from packet buffer */

112

rc = gpgme_data_new_from_mem(&dh_crypto, packet, packet_size, 0);

183

/* Create new GPGME data buffer from memory cryptotext */

184

rc = gpgme_data_new_from_mem(&dh_crypto, cryptotext, crypto_size,

185

0);

113

186

if (rc != GPG_ERR_NO_ERROR){

114

187

fprintf(stderr, "bad gpgme_data_new_from_mem: %s: %s\n",

115

188

gpgme_strsource(rc), gpgme_strerror(rc));

121

194

if (rc != GPG_ERR_NO_ERROR){

122

195

fprintf(stderr, "bad gpgme_data_new: %s: %s\n",

123

196

gpgme_strsource(rc), gpgme_strerror(rc));

197

gpgme_data_release(dh_crypto);

124

198

return -1;

125

199

}

126

200

129

203

if (rc != GPG_ERR_NO_ERROR){

130

204

fprintf(stderr, "bad gpgme_new: %s: %s\n",

131

205

gpgme_strsource(rc), gpgme_strerror(rc));

132

return -1;

206

plaintext_length = -1;

207

goto decrypt_end;

133

208

}

134

209

135

/* Decrypt data from the FILE pointer to the plaintext data buffer */

210

/* Decrypt data from the cryptotext data buffer to the plaintext

211

data buffer */

136

212

rc = gpgme_op_decrypt(ctx, dh_crypto, dh_plain);

137

213

if (rc != GPG_ERR_NO_ERROR){

138

214

fprintf(stderr, "bad gpgme_op_decrypt: %s: %s\n",

139

215

gpgme_strsource(rc), gpgme_strerror(rc));

140

return -1;

216

plaintext_length = -1;

217

goto decrypt_end;

141

218

}

142

219

143

220

if(debug){

144

fprintf(stderr, "decryption of gpg packet succeeded\n");

221

fprintf(stderr, "Decryption of OpenPGP data succeeded\n");

145

222

}

146

223

147

224

if (debug){

148

225

gpgme_decrypt_result_t result;

149

226

result = gpgme_op_decrypt_result(ctx);

150

227

if (result == NULL){

151

228

fprintf(stderr, "gpgme_op_decrypt_result failed\n");

152

229

} else {

153

fprintf(stderr, "Unsupported algorithm: %s\n", result->unsupported_algorithm);

154

fprintf(stderr, "Wrong key usage: %d\n", result->wrong_key_usage);

230

fprintf(stderr, "Unsupported algorithm: %s\n",

231

result->unsupported_algorithm);

232

fprintf(stderr, "Wrong key usage: %u\n",

233

result->wrong_key_usage);

155

234

if(result->file_name != NULL){

156

235

fprintf(stderr, "File name: %s\n", result->file_name);

157

236

}

163

242

gpgme_pubkey_algo_name(recipient->pubkey_algo));

164

243

fprintf(stderr, "Key ID: %s\n", recipient->keyid);

165

244

fprintf(stderr, "Secret key available: %s\n",

166

recipient->status == GPG_ERR_NO_SECKEY ? "No" : "Yes");

245

recipient->status == GPG_ERR_NO_SECKEY

246

? "No" : "Yes");

167

247

recipient = recipient->next;

168

248

}

169

249

}

170

250

}

171

251

}

172

252

173

/* Delete the GPGME FILE pointer cryptotext data buffer */

174

gpgme_data_release(dh_crypto);

175

176

253

/* Seek back to the beginning of the GPGME plaintext data buffer */

177

gpgme_data_seek(dh_plain, 0, SEEK_SET);

178

179

*new_packet = 0;

254

if (gpgme_data_seek(dh_plain, (off_t) 0, SEEK_SET) == -1){

255

perror("pgpme_data_seek");

256

plaintext_length = -1;

257

goto decrypt_end;

258

}

259

260

*plaintext = NULL;

180

261

while(true){

181

if (new_packet_length + BUFFER_SIZE > new_packet_capacity){

182

*new_packet = realloc(*new_packet, new_packet_capacity + BUFFER_SIZE);

183

if (*new_packet == NULL){

184

perror("realloc");

185

return -1;

186

}

187

new_packet_capacity += BUFFER_SIZE;

262

plaintext_capacity = adjustbuffer(plaintext,

263

(size_t)plaintext_length,

264

plaintext_capacity);

265

if (plaintext_capacity == 0){

266

perror("adjustbuffer");

267

plaintext_length = -1;

268

goto decrypt_end;

188

269

}

189

270

190

ret = gpgme_data_read(dh_plain, *new_packet + new_packet_length, BUFFER_SIZE);

271

ret = gpgme_data_read(dh_plain, *plaintext + plaintext_length,

272

BUFFER_SIZE);

191

273

/* Print the data, if any */

192

274

if (ret == 0){

193

/* If password is empty, then a incorrect error will be printed */

275

/* EOF */

194

276

break;

195

277

}

196

278

if(ret < 0){

197

279

perror("gpgme_data_read");

198

return -1;

280

plaintext_length = -1;

281

goto decrypt_end;

199

282

}

200

new_packet_length += ret;

283

plaintext_length += ret;

201

284

}

202

285

203

/* FIXME: check characters before printing to screen so to not print

204

terminal control characters */

205

/* if(debug){ */

206

/* fprintf(stderr, "decrypted password is: "); */

207

/* fwrite(*new_packet, 1, new_packet_length, stderr); */

208

/* fprintf(stderr, "\n"); */

209

/* } */

286

if(debug){

287

fprintf(stderr, "Decrypted password is: ");

288

for(ssize_t i = 0; i < plaintext_length; i++){

289

fprintf(stderr, "%02hhX ", (*plaintext)[i]);

290

}

291

fprintf(stderr, "\n");

292

}

293

294

decrypt_end:

295

296

/* Delete the GPGME cryptotext data buffer */

297

gpgme_data_release(dh_crypto);

210

298

211

299

/* Delete the GPGME plaintext data buffer */

212

300

gpgme_data_release(dh_plain);

213

return new_packet_length;

301

return plaintext_length;

214

302

}

215

303

216

304

static const char * safer_gnutls_strerror (int value) {

220

308

return ret;

221

309

}

222

310

223

void debuggnutls(int level, const char* string){

224

fprintf(stderr, "%s", string);

311

/* GnuTLS log function callback */

312

static void debuggnutls(__attribute__((unused)) int level,

313

const char* string){

314

fprintf(stderr, "GnuTLS: %s", string);

225

315

}

226

316

227

int initgnutls(encrypted_session *es){

228

const char *err;

317

static int init_gnutls_global(mandos_context *mc,

318

const char *pubkeyfile,

319

const char *seckeyfile){

229

320

int ret;

230

321

231

322

if(debug){

232

fprintf(stderr, "Initializing gnutls\n");

323

fprintf(stderr, "Initializing GnuTLS\n");

233

324

}

234

235

325

236

if ((ret = gnutls_global_init ())

237

!= GNUTLS_E_SUCCESS) {

238

fprintf (stderr, "global_init: %s\n", safer_gnutls_strerror(ret));

326

ret = gnutls_global_init();

327

if (ret != GNUTLS_E_SUCCESS) {

328

fprintf (stderr, "GnuTLS global_init: %s\n",

329

safer_gnutls_strerror(ret));

239

330

return -1;

240

331

}

241

332

242

333

if (debug){

334

/* "Use a log level over 10 to enable all debugging options."

335

* - GnuTLS manual

336

243

337

gnutls_global_set_log_level(11);

244

338

gnutls_global_set_log_function(debuggnutls);

245

339

}

246

340

247

248

/* openpgp credentials */

249

if ((ret = gnutls_certificate_allocate_credentials (&es->cred))

250

!= GNUTLS_E_SUCCESS) {

251

fprintf (stderr, "memory error: %s\n", safer_gnutls_strerror(ret));

341

/* OpenPGP credentials */

342

gnutls_certificate_allocate_credentials(&mc->cred);

343

if (ret != GNUTLS_E_SUCCESS){

344

fprintf (stderr, "GnuTLS memory error: %s\n",

345

safer_gnutls_strerror(ret));

346

gnutls_global_deinit ();

252

347

return -1;

253

348

}

254

349

255

350

if(debug){

256

fprintf(stderr, "Attempting to use openpgp certificate %s"

257

" and keyfile %s as gnutls credentials\n", CERTFILE, KEYFILE);

351

fprintf(stderr, "Attempting to use OpenPGP certificate %s"

352

" and keyfile %s as GnuTLS credentials\n", pubkeyfile,

353

seckeyfile);

258

354

}

259

355

260

356

ret = gnutls_certificate_set_openpgp_key_file

261

(es->cred, CERTFILE, KEYFILE, GNUTLS_OPENPGP_FMT_BASE64);

262

if (ret != GNUTLS_E_SUCCESS) {

263

fprintf

264

(stderr, "Error[%d] while reading the OpenPGP key pair ('%s', '%s')\n",

265

ret, CERTFILE, KEYFILE);

266

fprintf(stdout, "The Error is: %s\n",

267

safer_gnutls_strerror(ret));

268

return -1;

269

}

270

271

//Gnutls server initialization

272

if ((ret = gnutls_dh_params_init (&es->dh_params))

273

!= GNUTLS_E_SUCCESS) {

274

fprintf (stderr, "Error in dh parameter initialization: %s\n",

275

safer_gnutls_strerror(ret));

276

return -1;

277

}

278

279

if ((ret = gnutls_dh_params_generate2 (es->dh_params, DH_BITS))

280

!= GNUTLS_E_SUCCESS) {

281

fprintf (stderr, "Error in prime generation: %s\n",

282

safer_gnutls_strerror(ret));

283

return -1;

284

}

285

286

gnutls_certificate_set_dh_params (es->cred, es->dh_params);

287

288

// Gnutls session creation

289

if ((ret = gnutls_init (&es->session, GNUTLS_SERVER))

290

!= GNUTLS_E_SUCCESS){

291

fprintf(stderr, "Error in gnutls session initialization: %s\n",

292

safer_gnutls_strerror(ret));

293

}

294

295

if ((ret = gnutls_priority_set_direct (es->session, "NORMAL", &err))

296

!= GNUTLS_E_SUCCESS) {

297

fprintf(stderr, "Syntax error at: %s\n", err);

298

fprintf(stderr, "Gnutls error: %s\n",

299

safer_gnutls_strerror(ret));

300

return -1;

301

}

302

303

if ((ret = gnutls_credentials_set

304

(es->session, GNUTLS_CRD_CERTIFICATE, es->cred))

305

!= GNUTLS_E_SUCCESS) {

306

fprintf(stderr, "Error setting a credentials set: %s\n",

307

safer_gnutls_strerror(ret));

308

return -1;

309

}

310

357

(mc->cred, pubkeyfile, seckeyfile, GNUTLS_OPENPGP_FMT_BASE64);

358

if (ret != GNUTLS_E_SUCCESS) {

359

fprintf(stderr,

360

"Error[%d] while reading the OpenPGP key pair ('%s',"

361

" '%s')\n", ret, pubkeyfile, seckeyfile);

362

fprintf(stdout, "The GnuTLS error is: %s\n",

363

safer_gnutls_strerror(ret));

364

goto globalfail;

365

}

366

367

/* GnuTLS server initialization */

368

ret = gnutls_dh_params_init(&mc->dh_params);

369

if (ret != GNUTLS_E_SUCCESS) {

370

fprintf (stderr, "Error in GnuTLS DH parameter initialization:"

371

" %s\n", safer_gnutls_strerror(ret));

372

goto globalfail;

373

}

374

ret = gnutls_dh_params_generate2(mc->dh_params, mc->dh_bits);

375

if (ret != GNUTLS_E_SUCCESS) {

376

fprintf (stderr, "Error in GnuTLS prime generation: %s\n",

377

safer_gnutls_strerror(ret));

378

goto globalfail;

379

}

380

381

gnutls_certificate_set_dh_params(mc->cred, mc->dh_params);

382

383

return 0;

384

385

globalfail:

386

387

gnutls_certificate_free_credentials(mc->cred);

388

gnutls_global_deinit();

389

return -1;

390

391

}

392

393

static int init_gnutls_session(mandos_context *mc,

394

gnutls_session_t *session){

395

int ret;

396

/* GnuTLS session creation */

397

ret = gnutls_init(session, GNUTLS_SERVER);

398

if (ret != GNUTLS_E_SUCCESS){

399

fprintf(stderr, "Error in GnuTLS session initialization: %s\n",

400

safer_gnutls_strerror(ret));

401

}

402

403

{

404

const char *err;

405

ret = gnutls_priority_set_direct(*session, mc->priority, &err);

406

if (ret != GNUTLS_E_SUCCESS) {

407

fprintf(stderr, "Syntax error at: %s\n", err);

408

fprintf(stderr, "GnuTLS error: %s\n",

409

safer_gnutls_strerror(ret));

410

gnutls_deinit (*session);

411

return -1;

412

}

413

}

414

415

ret = gnutls_credentials_set(*session, GNUTLS_CRD_CERTIFICATE,

416

mc->cred);

417

if (ret != GNUTLS_E_SUCCESS) {

418

fprintf(stderr, "Error setting GnuTLS credentials: %s\n",

419

safer_gnutls_strerror(ret));

420

gnutls_deinit (*session);

421

return -1;

422

}

423

311

424

/* ignore client certificate if any. */

312

gnutls_certificate_server_set_request (es->session, GNUTLS_CERT_IGNORE);

425

gnutls_certificate_server_set_request (*session,

426

GNUTLS_CERT_IGNORE);

313

427

314

gnutls_dh_set_prime_bits (es->session, DH_BITS);

428

gnutls_dh_set_prime_bits (*session, mc->dh_bits);

315

429

316

430

return 0;

317

431

}

318

432

319

void empty_log(AvahiLogLevel level, const char *txt){}

433

/* Avahi log function callback */

434

static void empty_log(__attribute__((unused)) AvahiLogLevel level,

435

__attribute__((unused)) const char *txt){}

320

436

321

int start_mandos_communication(char *ip, uint16_t port){

437

/* Called when a Mandos server is found */

438

static int start_mandos_communication(const char *ip, uint16_t port,

439

AvahiIfIndex if_index,

440

mandos_context *mc){

322

441

int ret, tcp_sd;

323

struct sockaddr_in6 to;

324

encrypted_session es;

442

union { struct sockaddr in; struct sockaddr_in6 in6; } to;

325

443

char *buffer = NULL;

326

444

char *decrypted_buffer;

327

445

size_t buffer_length = 0;

328

446

size_t buffer_capacity = 0;

329

447

ssize_t decrypted_buffer_size;

448

size_t written;

330

449

int retval = 0;

331

450

char interface[IF_NAMESIZE];

451

gnutls_session_t session;

452

453

ret = init_gnutls_session (mc, &session);

454

if (ret != 0){

455

return -1;

456

}

457

332

458

if(debug){

333

fprintf(stderr, "Setting up a tcp connection to %s\n", ip);

459

fprintf(stderr, "Setting up a tcp connection to %s, port %" PRIu16

460

"\n", ip, port);

334

461

}

335

462

336

463

tcp_sd = socket(PF_INET6, SOCK_STREAM, 0);

340

467

}

341

468

342

469

if(debug){

470

if(if_indextoname((unsigned int)if_index, interface) == NULL){

471

perror("if_indextoname");

472

return -1;

473

}

343

474

fprintf(stderr, "Binding to interface %s\n", interface);

344

475

}

345

346

ret = setsockopt(tcp_sd, SOL_SOCKET, SO_BINDTODEVICE, interface, 5);

347

if(tcp_sd < 0) {

348

perror("setsockopt bindtodevice");

349

return -1;

350

}

351

476

352

memset(&to,0,sizeof(to));

353

to.sin6_family = AF_INET6;

354

ret = inet_pton(AF_INET6, ip, &to.sin6_addr);

477

memset(&to,0,sizeof(to)); /* Spurious warning */

478

to.in6.sin6_family = AF_INET6;

479

/* It would be nice to have a way to detect if we were passed an

480

IPv4 address here. Now we assume an IPv6 address. */

481

ret = inet_pton(AF_INET6, ip, &to.in6.sin6_addr);

355

482

if (ret < 0 ){

356

483

perror("inet_pton");

357

484

return -1;

358

}

485

}

359

486

if(ret == 0){

360

487

fprintf(stderr, "Bad address: %s\n", ip);

361

488

return -1;

362

489

}

363

to.sin6_port = htons(port);

364

to.sin6_scope_id = if_nametoindex(interface);

365

490

to.in6.sin6_port = htons(port); /* Spurious warning */

491

492

to.in6.sin6_scope_id = (uint32_t)if_index;

493

366

494

if(debug){

367

fprintf(stderr, "Connection to: %s\n", ip);

495

fprintf(stderr, "Connection to: %s, port %" PRIu16 "\n", ip,

496

port);

497

char addrstr[INET6_ADDRSTRLEN] = "";

498

if(inet_ntop(to.in6.sin6_family, &(to.in6.sin6_addr), addrstr,

499

sizeof(addrstr)) == NULL){

500

perror("inet_ntop");

501

} else {

502

if(strcmp(addrstr, ip) != 0){

503

fprintf(stderr, "Canonical address form: %s\n", addrstr);

504

}

505

}

368

506

}

369

507

370

ret = connect(tcp_sd, (struct sockaddr *) &to, sizeof(to));

508

ret = connect(tcp_sd, &to.in, sizeof(to));

371

509

if (ret < 0){

372

510

perror("connect");

373

511

return -1;

374

512

}

375

376

ret = initgnutls (&es);

377

if (ret != 0){

378

retval = -1;

379

return -1;

380

}

381

382

383

gnutls_transport_set_ptr (es.session, (gnutls_transport_ptr_t) tcp_sd);

384

513

514

const char *out = mandos_protocol_version;

515

written = 0;

516

while (true){

517

size_t out_size = strlen(out);

518

ret = TEMP_FAILURE_RETRY(write(tcp_sd, out + written,

519

out_size - written));

520

if (ret == -1){

521

perror("write");

522

retval = -1;

523

goto mandos_end;

524

}

525

written += (size_t)ret;

526

if(written < out_size){

527

continue;

528

} else {

529

if (out == mandos_protocol_version){

530

written = 0;

531

out = "\r\n";

532

} else {

533

break;

534

}

535

}

536

}

537

385

538

if(debug){

386

fprintf(stderr, "Establishing tls session with %s\n", ip);

539

fprintf(stderr, "Establishing TLS session with %s\n", ip);

387

540

}

541

542

gnutls_transport_set_ptr (session, (gnutls_transport_ptr_t) tcp_sd);

388

543

389

390

ret = gnutls_handshake (es.session);

544

do{

545

ret = gnutls_handshake (session);

546

} while(ret == GNUTLS_E_AGAIN or ret == GNUTLS_E_INTERRUPTED);

391

547

392

548

if (ret != GNUTLS_E_SUCCESS){

393

fprintf(stderr, "\n*** Handshake failed ***\n");

394

gnutls_perror (ret);

549

if(debug){

550

fprintf(stderr, "*** GnuTLS Handshake failed ***\n");

551

gnutls_perror (ret);

552

}

395

553

retval = -1;

396

goto exit;

554

goto mandos_end;

397

555

}

398

399

//Retrieve gpg packet that contains the wanted password

400

556

557

/* Read OpenPGP packet that contains the wanted password */

558

401

559

if(debug){

402

fprintf(stderr, "Retrieving pgp encrypted password from %s\n", ip);

560

fprintf(stderr, "Retrieving pgp encrypted password from %s\n",

561

ip);

403

562

}

404

563

405

564

while(true){

406

if (buffer_length + BUFFER_SIZE > buffer_capacity){

407

buffer = realloc(buffer, buffer_capacity + BUFFER_SIZE);

408

if (buffer == NULL){

409

perror("realloc");

410

goto exit;

411

}

412

buffer_capacity += BUFFER_SIZE;

565

buffer_capacity = adjustbuffer(&buffer, buffer_length,

566

buffer_capacity);

567

if (buffer_capacity == 0){

568

perror("adjustbuffer");

569

retval = -1;

570

goto mandos_end;

413

571

}

414

572

415

ret = gnutls_record_recv

416

(es.session, buffer+buffer_length, BUFFER_SIZE);

573

ret = gnutls_record_recv(session, buffer+buffer_length,

574

BUFFER_SIZE);

417

575

if (ret == 0){

418

576

break;

419

577

}

423

581

case GNUTLS_E_AGAIN:

424

582

break;

425

583

case GNUTLS_E_REHANDSHAKE:

426

ret = gnutls_handshake (es.session);

584

do{

585

ret = gnutls_handshake (session);

586

} while(ret == GNUTLS_E_AGAIN or ret == GNUTLS_E_INTERRUPTED);

427

587

if (ret < 0){

428

fprintf(stderr, "\n*** Handshake failed ***\n");

588

fprintf(stderr, "*** GnuTLS Re-handshake failed ***\n");

429

589

gnutls_perror (ret);

430

590

retval = -1;

431

goto exit;

591

goto mandos_end;

432

592

}

433

593

break;

434

594

default:

435

fprintf(stderr, "Unknown error while reading data from encrypted session with mandos server\n");

595

fprintf(stderr, "Unknown error while reading data from"

596

" encrypted session with Mandos server\n");

436

597

retval = -1;

437

gnutls_bye (es.session, GNUTLS_SHUT_RDWR);

438

goto exit;

598

gnutls_bye (session, GNUTLS_SHUT_RDWR);

599

goto mandos_end;

439

600

}

440

601

} else {

441

buffer_length += ret;

602

buffer_length += (size_t) ret;

442

603

}

443

604

}

444

605

606

if(debug){

607

fprintf(stderr, "Closing TLS session\n");

608

}

609

610

gnutls_bye (session, GNUTLS_SHUT_RDWR);

611

445

612

if (buffer_length > 0){

446

if ((decrypted_buffer_size = gpg_packet_decrypt(buffer, buffer_length, &decrypted_buffer, CERT_ROOT)) >= 0){

447

fwrite (decrypted_buffer, 1, decrypted_buffer_size, stdout);

613

decrypted_buffer_size = pgp_packet_decrypt(buffer,

614

buffer_length,

615

&decrypted_buffer,

616

keydir);

617

if (decrypted_buffer_size >= 0){

618

written = 0;

619

while(written < (size_t) decrypted_buffer_size){

620

ret = (int)fwrite (decrypted_buffer + written, 1,

621

(size_t)decrypted_buffer_size - written,

622

stdout);

623

if(ret == 0 and ferror(stdout)){

624

if(debug){

625

fprintf(stderr, "Error writing encrypted data: %s\n",

626

strerror(errno));

627

}

628

retval = -1;

629

break;

630

}

631

written += (size_t)ret;

632

}

448

633

free(decrypted_buffer);

449

634

} else {

450

635

retval = -1;

451

636

}

452

637

}

453

454

//shutdown procedure

455

456

if(debug){

457

fprintf(stderr, "Closing tls session\n");

458

}

459

638

639

/* Shutdown procedure */

640

641

mandos_end:

460

642

free(buffer);

461

gnutls_bye (es.session, GNUTLS_SHUT_RDWR);

462

exit:

463

643

close(tcp_sd);

464

gnutls_deinit (es.session);

465

gnutls_certificate_free_credentials (es.cred);

466

gnutls_global_deinit ();

644

gnutls_deinit (session);

467

645

return retval;

468

646

}

469

647

470

static AvahiSimplePoll *simple_poll = NULL;

471

static AvahiServer *server = NULL;

472

473

static void resolve_callback(

474

AvahiSServiceResolver *r,

475

AVAHI_GCC_UNUSED AvahiIfIndex interface,

476

AVAHI_GCC_UNUSED AvahiProtocol protocol,

477

AvahiResolverEvent event,

478

const char *name,

479

const char *type,

480

const char *domain,

481

const char *host_name,

482

const AvahiAddress *address,

483

uint16_t port,

484

AvahiStringList *txt,

485

AvahiLookupResultFlags flags,

486

AVAHI_GCC_UNUSED void* userdata) {

487

488

assert(r);

489

490

/* Called whenever a service has been resolved successfully or timed out */

491

492

switch (event) {

493

case AVAHI_RESOLVER_FAILURE:

494

fprintf(stderr, "(Resolver) Failed to resolve service '%s' of type '%s' in domain '%s': %s\n", name, type, domain, avahi_strerror(avahi_server_errno(server)));

495

break;

496

497

case AVAHI_RESOLVER_FOUND: {

498

char ip[AVAHI_ADDRESS_STR_MAX];

499

avahi_address_snprint(ip, sizeof(ip), address);

500

if(debug){

501

fprintf(stderr, "Mandos server found at %s on port %d\n", ip, port);

502

}

503

int ret = start_mandos_communication(ip, port);

504

if (ret == 0){

505

exit(EXIT_SUCCESS);

506

} else {

507

exit(EXIT_FAILURE);

508

}

509

}

510

}

511

avahi_s_service_resolver_free(r);

512

}

513

514

static void browse_callback(

515

AvahiSServiceBrowser *b,

516

AvahiIfIndex interface,

517

AvahiProtocol protocol,

518

AvahiBrowserEvent event,

519

const char *name,

520

const char *type,

521

const char *domain,

522

AVAHI_GCC_UNUSED AvahiLookupResultFlags flags,

523

void* userdata) {

524

525

AvahiServer *s = userdata;

526

assert(b);

527

528

/* Called whenever a new services becomes available on the LAN or is removed from the LAN */

529

530

switch (event) {

531

532

case AVAHI_BROWSER_FAILURE:

533

534

fprintf(stderr, "(Browser) %s\n", avahi_strerror(avahi_server_errno(server)));

535

avahi_simple_poll_quit(simple_poll);

536

return;

537

538

case AVAHI_BROWSER_NEW:

539

/* We ignore the returned resolver object. In the callback

540

function we free it. If the server is terminated before

541

the callback function is called the server will free

542

the resolver for us. */

543

544

if (!(avahi_s_service_resolver_new(s, interface, protocol, name, type, domain, AVAHI_PROTO_INET6, 0, resolve_callback, s)))

545

fprintf(stderr, "Failed to resolve service '%s': %s\n", name, avahi_strerror(avahi_server_errno(s)));

546

547

break;

548

549

case AVAHI_BROWSER_REMOVE:

550

break;

551

552

case AVAHI_BROWSER_ALL_FOR_NOW:

553

case AVAHI_BROWSER_CACHE_EXHAUSTED:

554

break;

555

}

556

}

557

558

int main(AVAHI_GCC_UNUSED int argc, AVAHI_GCC_UNUSED char*argv[]) {

559

AvahiServerConfig config;

648

static void resolve_callback(AvahiSServiceResolver *r,

649

AvahiIfIndex interface,

650

AVAHI_GCC_UNUSED AvahiProtocol protocol,

651

AvahiResolverEvent event,

652

const char *name,

653

const char *type,

654

const char *domain,

655

const char *host_name,

656

const AvahiAddress *address,

657

uint16_t port,

658

AVAHI_GCC_UNUSED AvahiStringList *txt,

659

AVAHI_GCC_UNUSED AvahiLookupResultFlags

660

flags,

661

void* userdata) {

662

mandos_context *mc = userdata;

663

assert(r); /* Spurious warning */

664

665

/* Called whenever a service has been resolved successfully or

666

timed out */

667

668

switch (event) {

669

default:

670

case AVAHI_RESOLVER_FAILURE:

671

fprintf(stderr, "(Avahi Resolver) Failed to resolve service '%s'"

672

" of type '%s' in domain '%s': %s\n", name, type, domain,

673

avahi_strerror(avahi_server_errno(mc->server)));

674

break;

675

676

case AVAHI_RESOLVER_FOUND:

677

{

678

char ip[AVAHI_ADDRESS_STR_MAX];

679

avahi_address_snprint(ip, sizeof(ip), address);

680

if(debug){

681

fprintf(stderr, "Mandos server \"%s\" found on %s (%s, %"

682

PRIu16 ") on port %d\n", name, host_name, ip,

683

interface, port);

684

}

685

int ret = start_mandos_communication(ip, port, interface, mc);

686

if (ret == 0){

687

exit(EXIT_SUCCESS);

688

}

689

}

690

}

691

avahi_s_service_resolver_free(r);

692

}

693

694

static void browse_callback( AvahiSServiceBrowser *b,

695

AvahiIfIndex interface,

696

AvahiProtocol protocol,

697

AvahiBrowserEvent event,

698

const char *name,

699

const char *type,

700

const char *domain,

701

AVAHI_GCC_UNUSED AvahiLookupResultFlags

702

flags,

703

void* userdata) {

704

mandos_context *mc = userdata;

705

assert(b); /* Spurious warning */

706

707

/* Called whenever a new services becomes available on the LAN or

708

is removed from the LAN */

709

710

switch (event) {

711

default:

712

case AVAHI_BROWSER_FAILURE:

713

714

fprintf(stderr, "(Avahi browser) %s\n",

715

avahi_strerror(avahi_server_errno(mc->server)));

716

avahi_simple_poll_quit(mc->simple_poll);

717

return;

718

719

case AVAHI_BROWSER_NEW:

720

/* We ignore the returned Avahi resolver object. In the callback

721

function we free it. If the Avahi server is terminated before

722

the callback function is called the Avahi server will free the

723

resolver for us. */

724

725

if (!(avahi_s_service_resolver_new(mc->server, interface,

726

protocol, name, type, domain,

727

AVAHI_PROTO_INET6, 0,

728

resolve_callback, mc)))

729

fprintf(stderr, "Avahi: Failed to resolve service '%s': %s\n",

730

name, avahi_strerror(avahi_server_errno(mc->server)));

731

break;

732

733

case AVAHI_BROWSER_REMOVE:

734

break;

735

736

case AVAHI_BROWSER_ALL_FOR_NOW:

737

case AVAHI_BROWSER_CACHE_EXHAUSTED:

738

if(debug){

739

fprintf(stderr, "No Mandos server found, still searching...\n");

740

}

741

break;

742

}

743

}

744

745

/* Combines file name and path and returns the malloced new

746

string. some sane checks could/should be added */

747

static const char *combinepath(const char *first, const char *second){

748

size_t f_len = strlen(first);

749

size_t s_len = strlen(second);

750

char *tmp = malloc(f_len + s_len + 2);

751

if (tmp == NULL){

752

return NULL;

753

}

754

if(f_len > 0){

755

memcpy(tmp, first, f_len); /* Spurious warning */

756

}

757

tmp[f_len] = '/';

758

if(s_len > 0){

759

memcpy(tmp + f_len + 1, second, s_len); /* Spurious warning */

760

}

761

tmp[f_len + 1 + s_len] = '\0';

762

return tmp;

763

}

764

765

766

int main(int argc, char *argv[]){

560

767

AvahiSServiceBrowser *sb = NULL;

561

768

int error;

562

769

int ret;

563

int returncode = EXIT_SUCCESS;

564

565

while (true){

566

static struct option long_options[] = {

567

{"debug", no_argument, (int *)&debug, 1},

568

{"interface", required_argument, 0, 'i'},

569

{0, 0, 0, 0} };

570

571

int option_index = 0;

572

ret = getopt_long (argc, argv, "i:", long_options, &option_index);

573

574

if (ret == -1){

575

break;

576

}

577

578

switch(ret){

579

case 0:

580

break;

581

case 'i':

582

interface = optarg;

583

break;

584

default:

585

exit(EXIT_FAILURE);

586

}

770

int exitcode = EXIT_SUCCESS;

771

const char *interface = "eth0";

772

struct ifreq network;

773

int sd;

774

uid_t uid;

775

gid_t gid;

776

char *connect_to = NULL;

777

AvahiIfIndex if_index = AVAHI_IF_UNSPEC;

778

const char *pubkeyfile = "pubkey.txt";

779

const char *seckeyfile = "seckey.txt";

780

mandos_context mc = { .simple_poll = NULL, .server = NULL,

781

.dh_bits = 1024, .priority = "SECURE256"};

782

bool gnutls_initalized = false;

783

784

{

785

struct argp_option options[] = {

786

{ .name = "debug", .key = 128,

787

.doc = "Debug mode", .group = 3 },

788

{ .name = "connect", .key = 'c',

789

.arg = "IP",

790

.doc = "Connect directly to a sepcified mandos server",

791

.group = 1 },

792

{ .name = "interface", .key = 'i',

793

.arg = "INTERFACE",

794

.doc = "Interface that Avahi will conntect through",

795

.group = 1 },

796

{ .name = "keydir", .key = 'd',

797

.arg = "KEYDIR",

798

.doc = "Directory where the openpgp keyring is",

799

.group = 1 },

800

{ .name = "seckey", .key = 's',

801

.arg = "SECKEY",

802

.doc = "Secret openpgp key for gnutls authentication",

803

.group = 1 },

804

{ .name = "pubkey", .key = 'p',

805

.arg = "PUBKEY",

806

.doc = "Public openpgp key for gnutls authentication",

807

.group = 2 },

808

{ .name = "dh-bits", .key = 129,

809

.arg = "BITS",

810

.doc = "dh-bits to use in gnutls communication",

811

.group = 2 },

812

{ .name = "priority", .key = 130,

813

.arg = "PRIORITY",

814

.doc = "GNUTLS priority", .group = 1 },

815

{ .name = NULL }

816

};

817

818

819

error_t parse_opt (int key, char *arg,

820

struct argp_state *state) {

821

/* Get the INPUT argument from `argp_parse', which we know is

822

a pointer to our plugin list pointer. */

823

switch (key) {

824

case 128:

825

debug = true;

826

break;

827

case 'c':

828

connect_to = arg;

829

break;

830

case 'i':

831

interface = arg;

832

break;

833

case 'd':

834

keydir = arg;

835

break;

836

case 's':

837

seckeyfile = arg;

838

break;

839

case 'p':

840

pubkeyfile = arg;

841

break;

842

case 129:

843

errno = 0;

844

mc.dh_bits = (unsigned int) strtol(arg, NULL, 10);

845

if (errno){

846

perror("strtol");

847

exit(EXIT_FAILURE);

848

}

849

break;

850

case 130:

851

mc.priority = arg;

852

break;

853

case ARGP_KEY_ARG:

854

argp_usage (state);

855

break;

856

case ARGP_KEY_END:

857

break;

858

default:

859

return ARGP_ERR_UNKNOWN;

860

}

861

return 0;

862

}

863

864

struct argp argp = { .options = options, .parser = parse_opt,

865

.args_doc = "",

866

.doc = "Mandos client -- Get and decrypt"

867

" passwords from mandos server" };

868

ret = argp_parse (&argp, argc, argv, 0, 0, NULL);

869

if (ret == ARGP_ERR_UNKNOWN){

870

fprintf(stderr, "Unkown error while parsing arguments\n");

871

exitcode = EXIT_FAILURE;

872

goto end;

873

}

874

}

875

876

pubkeyfile = combinepath(keydir, pubkeyfile);

877

if (pubkeyfile == NULL){

878

perror("combinepath");

879

exitcode = EXIT_FAILURE;

880

goto end;

881

}

882

883

seckeyfile = combinepath(keydir, seckeyfile);

884

if (seckeyfile == NULL){

885

perror("combinepath");

886

goto end;

887

}

888

889

ret = init_gnutls_global(&mc, pubkeyfile, seckeyfile);

890

if (ret == -1){

891

fprintf(stderr, "init_gnutls_global\n");

892

goto end;

893

} else {

894

gnutls_initalized = true;

895

}

896

897

uid = getuid();

898

gid = getgid();

899

900

ret = setuid(uid);

901

if (ret == -1){

902

perror("setuid");

903

}

904

905

setgid(gid);

906

if (ret == -1){

907

perror("setgid");

908

}

909

910

if_index = (AvahiIfIndex) if_nametoindex(interface);

911

if(if_index == 0){

912

fprintf(stderr, "No such interface: \"%s\"\n", interface);

913

exit(EXIT_FAILURE);

914

}

915

916

if(connect_to != NULL){

917

/* Connect directly, do not use Zeroconf */

918

/* (Mainly meant for debugging) */

919

char *address = strrchr(connect_to, ':');

920

if(address == NULL){

921

fprintf(stderr, "No colon in address\n");

922

exitcode = EXIT_FAILURE;

923

goto end;

924

}

925

errno = 0;

926

uint16_t port = (uint16_t) strtol(address+1, NULL, 10);

927

if(errno){

928

perror("Bad port number");

929

exitcode = EXIT_FAILURE;

930

goto end;

931

}

932

*address = '\0';

933

address = connect_to;

934

ret = start_mandos_communication(address, port, if_index, &mc);

935

if(ret < 0){

936

exitcode = EXIT_FAILURE;

937

} else {

938

exitcode = EXIT_SUCCESS;

939

}

940

goto end;

941

}

942

943

/* If the interface is down, bring it up */

944

{

945

sd = socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP);

946

if(sd < 0) {

947

perror("socket");

948

exitcode = EXIT_FAILURE;

949

goto end;

950

}

951

strcpy(network.ifr_name, interface); /* Spurious warning */

952

ret = ioctl(sd, SIOCGIFFLAGS, &network);

953

if(ret == -1){

954

perror("ioctl SIOCGIFFLAGS");

955

exitcode = EXIT_FAILURE;

956

goto end;

957

}

958

if((network.ifr_flags & IFF_UP) == 0){

959

network.ifr_flags |= IFF_UP;

960

ret = ioctl(sd, SIOCSIFFLAGS, &network);

961

if(ret == -1){

962

perror("ioctl SIOCSIFFLAGS");

963

exitcode = EXIT_FAILURE;

964

goto end;

965

}

966

}

967

close(sd);

587

968

}

588

969

589

970

if (not debug){

590

971

avahi_set_log_function(empty_log);

591

972

}

592

973

593

/* Initialize the psuedo-RNG */

594

srand(time(NULL));

595

596

/* Allocate main loop object */

597

if (!(simple_poll = avahi_simple_poll_new())) {

598

fprintf(stderr, "Failed to create simple poll object.\n");

599

600

goto exit;

601

}

602

603

/* Do not publish any local records */

604

avahi_server_config_init(&config);

605

config.publish_hinfo = 0;

606

config.publish_addresses = 0;

607

config.publish_workstation = 0;

608

config.publish_domain = 0;

609

610

/* Allocate a new server */

611

server = avahi_server_new(avahi_simple_poll_get(simple_poll), &config, NULL, NULL, &error);

612

613

/* Free the configuration data */

614

avahi_server_config_free(&config);

615

616

/* Check if creating the server object succeeded */

617

if (!server) {

618

fprintf(stderr, "Failed to create server: %s\n", avahi_strerror(error));

619

returncode = EXIT_FAILURE;

620

goto exit;

621

}

622

623

/* Create the service browser */

624

if (!(sb = avahi_s_service_browser_new(server, if_nametoindex("eth0"), AVAHI_PROTO_INET6, "_mandos._tcp", NULL, 0, browse_callback, server))) {

625

fprintf(stderr, "Failed to create service browser: %s\n", avahi_strerror(avahi_server_errno(server)));

626

returncode = EXIT_FAILURE;

627

goto exit;

974

/* Initialize the pseudo-RNG for Avahi */

975

srand((unsigned int) time(NULL));

976

977

/* Allocate main Avahi loop object */

978

mc.simple_poll = avahi_simple_poll_new();

979

if (mc.simple_poll == NULL) {

980

fprintf(stderr, "Avahi: Failed to create simple poll"

981

" object.\n");

982

exitcode = EXIT_FAILURE;

983

goto end;

984

}

985

986

{

987

AvahiServerConfig config;

988

/* Do not publish any local Zeroconf records */

989

avahi_server_config_init(&config);

990

config.publish_hinfo = 0;

991

config.publish_addresses = 0;

992

config.publish_workstation = 0;

993

config.publish_domain = 0;

994

995

/* Allocate a new server */

996

mc.server = avahi_server_new(avahi_simple_poll_get

997

(mc.simple_poll), &config, NULL,

998

NULL, &error);

999

1000

/* Free the Avahi configuration data */

1001

avahi_server_config_free(&config);

1002

}

1003

1004

/* Check if creating the Avahi server object succeeded */

1005

if (mc.server == NULL) {

1006

fprintf(stderr, "Failed to create Avahi server: %s\n",

1007

avahi_strerror(error));

1008

exitcode = EXIT_FAILURE;

1009

goto end;

1010

}

1011

1012

/* Create the Avahi service browser */

1013

sb = avahi_s_service_browser_new(mc.server, if_index,

1014

AVAHI_PROTO_INET6,

1015

"_mandos._tcp", NULL, 0,

1016

browse_callback, &mc);

1017

if (sb == NULL) {

1018

fprintf(stderr, "Failed to create service browser: %s\n",

1019

avahi_strerror(avahi_server_errno(mc.server)));

1020

exitcode = EXIT_FAILURE;

1021

goto end;

628

1022

}

629

1023

630

1024

/* Run the main loop */

631

1025

632

1026

if (debug){

633

fprintf(stderr, "Starting avahi loop search\n");

1027

fprintf(stderr, "Starting Avahi loop search\n");

634

1028

}

635

1029

636

avahi_simple_poll_loop(simple_poll);

1030

avahi_simple_poll_loop(mc.simple_poll);

637

1031

638

exit:

1032

end:

639

1033

640

1034

if (debug){

641

1035

fprintf(stderr, "%s exiting\n", argv[0]);

642

1036

}

643

1037

644

1038

/* Cleanup things */

645

if (sb)

1039

if (sb != NULL)

646

1040

avahi_s_service_browser_free(sb);

647

1041

648

if (server)

649

avahi_server_free(server);

650

651

if (simple_poll)

652

avahi_simple_poll_free(simple_poll);

653

654

return returncode;

1042

if (mc.server != NULL)

1043

avahi_server_free(mc.server);

1044

1045

if (mc.simple_poll != NULL)

1046

avahi_simple_poll_free(mc.simple_poll);

1047

free(pubkeyfile);

1048

free(seckeyfile);

1049

1050

if (gnutls_initalized){

1051

gnutls_certificate_free_credentials(mc.cred);

1052

gnutls_global_deinit ();

1053

}

1054

1055

return exitcode;

655

1056

}

Older »