32
32
#define _LARGEFILE_SOURCE
33
33
#define _FILE_OFFSET_BITS 64
39
#include <net/if.h> /* if_nametoindex */
40
#include <sys/ioctl.h> // ioctl, ifreq, SIOCGIFFLAGS, IFF_UP, SIOCSIFFLAGS
41
#include <net/if.h> // ioctl, ifreq, SIOCGIFFLAGS, IFF_UP, SIOCSIFFLAGS
35
#define _GNU_SOURCE /* TEMP_FAILURE_RETRY() */
37
#include <stdio.h> /* fprintf(), stderr, fwrite(), stdout,
39
#include <stdint.h> /* uint16_t, uint32_t */
40
#include <stddef.h> /* NULL, size_t, ssize_t */
41
#include <stdlib.h> /* free(), EXIT_SUCCESS, EXIT_FAILURE,
43
#include <stdbool.h> /* bool, true */
44
#include <string.h> /* memset(), strcmp(), strlen(),
45
strerror(), memcpy(), strcpy() */
46
#include <sys/ioctl.h> /* ioctl */
47
#include <net/if.h> /* ifreq, SIOCGIFFLAGS, SIOCSIFFLAGS,
49
#include <sys/types.h> /* socket(), inet_pton(), sockaddr,
50
sockaddr_in6, PF_INET6,
51
SOCK_STREAM, INET6_ADDRSTRLEN,
53
#include <inttypes.h> /* PRIu16 */
54
#include <sys/socket.h> /* socket(), struct sockaddr_in6,
55
struct in6_addr, inet_pton(),
57
#include <assert.h> /* assert() */
58
#include <errno.h> /* perror(), errno */
59
#include <time.h> /* time() */
60
#include <net/if.h> /* ioctl, ifreq, SIOCGIFFLAGS, IFF_UP,
61
SIOCSIFFLAGS, if_indextoname(),
62
if_nametoindex(), IF_NAMESIZE */
63
#include <unistd.h> /* close(), SEEK_SET, off_t, write(),
64
getuid(), getgid(), setuid(),
66
#include <netinet/in.h>
67
#include <arpa/inet.h> /* inet_pton(), htons */
68
#include <iso646.h> /* not, and */
69
#include <argp.h> /* struct argp_option, error_t, struct
70
argp_state, struct argp,
71
argp_parse(), ARGP_KEY_ARG,
72
ARGP_KEY_END, ARGP_ERR_UNKNOWN */
75
/* All Avahi types, constants and functions
43
78
#include <avahi-core/core.h>
44
79
#include <avahi-core/lookup.h>
45
80
#include <avahi-core/log.h>
47
82
#include <avahi-common/malloc.h>
48
83
#include <avahi-common/error.h>
51
#include <sys/types.h> /* socket(), inet_pton() */
52
#include <sys/socket.h> /* socket(), struct sockaddr_in6,
53
struct in6_addr, inet_pton() */
54
#include <gnutls/gnutls.h> /* All GnuTLS stuff */
55
#include <gnutls/openpgp.h> /* GnuTLS with openpgp stuff */
57
#include <unistd.h> /* close() */
58
#include <netinet/in.h>
59
#include <stdbool.h> /* true */
60
#include <string.h> /* memset */
61
#include <arpa/inet.h> /* inet_pton() */
62
#include <iso646.h> /* not */
65
#include <errno.h> /* perror() */
86
#include <gnutls/gnutls.h> /* All GnuTLS types, constants and functions
88
init_gnutls_session(),
90
#include <gnutls/openpgp.h> /* gnutls_certificate_set_openpgp_key_file(),
91
GNUTLS_OPENPGP_FMT_BASE64 */
94
#include <gpgme.h> /* All GPGME types, constants and functions
96
GPGME_PROTOCOL_OpenPGP,
71
99
#define BUFFER_SIZE 256
74
static const char *certdir = "/conf/conf.d/mandos";
75
static const char *certfile = "openpgp-client.txt";
76
static const char *certkey = "openpgp-client-key.txt";
78
101
bool debug = false;
102
static const char *keydir = "/conf/conf.d/mandos";
103
static const char mandos_protocol_version[] = "1";
104
const char *argp_program_version = "password-request 1.0";
105
const char *argp_program_bug_address = "<mandos@fukt.bsnet.se>";
107
/* Used for passing in values through the Avahi callback functions */
81
gnutls_session_t session;
109
AvahiSimplePoll *simple_poll;
82
111
gnutls_certificate_credentials_t cred;
112
unsigned int dh_bits;
83
113
gnutls_dh_params_t dh_params;
87
static ssize_t pgp_packet_decrypt (char *packet, size_t packet_size,
114
const char *priority;
118
* Make room in "buffer" for at least BUFFER_SIZE additional bytes.
119
* "buffer_capacity" is how much is currently allocated,
120
* "buffer_length" is how much is already used.
122
size_t adjustbuffer(char **buffer, size_t buffer_length,
123
size_t buffer_capacity){
124
if (buffer_length + BUFFER_SIZE > buffer_capacity){
125
*buffer = realloc(*buffer, buffer_capacity + BUFFER_SIZE);
129
buffer_capacity += BUFFER_SIZE;
131
return buffer_capacity;
135
* Decrypt OpenPGP data using keyrings in HOMEDIR.
136
* Returns -1 on error
138
static ssize_t pgp_packet_decrypt (const char *cryptotext,
89
141
const char *homedir){
90
142
gpgme_data_t dh_crypto, dh_plain;
94
ssize_t new_packet_capacity = 0;
95
ssize_t new_packet_length = 0;
146
size_t plaintext_capacity = 0;
147
ssize_t plaintext_length = 0;
96
148
gpgme_engine_info_t engine_info;
99
fprintf(stderr, "Trying to decrypt OpenPGP packet\n");
151
fprintf(stderr, "Trying to decrypt OpenPGP data\n");
197
/* Delete the GPGME FILE pointer cryptotext data buffer */
198
gpgme_data_release(dh_crypto);
200
253
/* Seek back to the beginning of the GPGME plaintext data buffer */
201
254
if (gpgme_data_seek(dh_plain, (off_t) 0, SEEK_SET) == -1){
202
255
perror("pgpme_data_seek");
256
plaintext_length = -1;
207
if (new_packet_length + BUFFER_SIZE > new_packet_capacity){
208
*new_packet = realloc(*new_packet,
209
(unsigned int)new_packet_capacity
211
if (*new_packet == NULL){
215
new_packet_capacity += BUFFER_SIZE;
262
plaintext_capacity = adjustbuffer(plaintext,
263
(size_t)plaintext_length,
265
if (plaintext_capacity == 0){
266
perror("adjustbuffer");
267
plaintext_length = -1;
218
ret = gpgme_data_read(dh_plain, *new_packet + new_packet_length,
271
ret = gpgme_data_read(dh_plain, *plaintext + plaintext_length,
220
273
/* Print the data, if any */
225
279
perror("gpgme_data_read");
280
plaintext_length = -1;
228
new_packet_length += ret;
283
plaintext_length += ret;
231
/* FIXME: check characters before printing to screen so to not print
232
terminal control characters */
234
/* fprintf(stderr, "decrypted password is: "); */
235
/* fwrite(*new_packet, 1, new_packet_length, stderr); */
236
/* fprintf(stderr, "\n"); */
287
fprintf(stderr, "Decrypted password is: ");
288
for(ssize_t i = 0; i < plaintext_length; i++){
289
fprintf(stderr, "%02hhX ", (*plaintext)[i]);
291
fprintf(stderr, "\n");
296
/* Delete the GPGME cryptotext data buffer */
297
gpgme_data_release(dh_crypto);
239
299
/* Delete the GPGME plaintext data buffer */
240
300
gpgme_data_release(dh_plain);
241
return new_packet_length;
301
return plaintext_length;
244
304
static const char * safer_gnutls_strerror (int value) {
311
/* GnuTLS log function callback */
251
312
static void debuggnutls(__attribute__((unused)) int level,
252
313
const char* string){
253
fprintf(stderr, "%s", string);
314
fprintf(stderr, "GnuTLS: %s", string);
256
static int initgnutls(encrypted_session *es){
317
static int init_gnutls_global(mandos_context *mc,
318
const char *pubkeyfile,
319
const char *seckeyfile){
261
323
fprintf(stderr, "Initializing GnuTLS\n");
264
if ((ret = gnutls_global_init ())
265
!= GNUTLS_E_SUCCESS) {
266
fprintf (stderr, "global_init: %s\n", safer_gnutls_strerror(ret));
326
ret = gnutls_global_init();
327
if (ret != GNUTLS_E_SUCCESS) {
328
fprintf (stderr, "GnuTLS global_init: %s\n",
329
safer_gnutls_strerror(ret));
334
/* "Use a log level over 10 to enable all debugging options."
271
337
gnutls_global_set_log_level(11);
272
338
gnutls_global_set_log_function(debuggnutls);
275
/* openpgp credentials */
276
if ((ret = gnutls_certificate_allocate_credentials (&es->cred))
277
!= GNUTLS_E_SUCCESS) {
278
fprintf (stderr, "memory error: %s\n",
341
/* OpenPGP credentials */
342
gnutls_certificate_allocate_credentials(&mc->cred);
343
if (ret != GNUTLS_E_SUCCESS){
344
fprintf (stderr, "GnuTLS memory error: %s\n",
279
345
safer_gnutls_strerror(ret));
346
gnutls_global_deinit ();
284
351
fprintf(stderr, "Attempting to use OpenPGP certificate %s"
285
" and keyfile %s as GnuTLS credentials\n", certfile,
352
" and keyfile %s as GnuTLS credentials\n", pubkeyfile,
289
356
ret = gnutls_certificate_set_openpgp_key_file
290
(es->cred, certfile, certkey, GNUTLS_OPENPGP_FMT_BASE64);
357
(mc->cred, pubkeyfile, seckeyfile, GNUTLS_OPENPGP_FMT_BASE64);
291
358
if (ret != GNUTLS_E_SUCCESS) {
293
(stderr, "Error[%d] while reading the OpenPGP key pair ('%s',"
295
ret, certfile, certkey);
296
fprintf(stdout, "The Error is: %s\n",
360
"Error[%d] while reading the OpenPGP key pair ('%s',"
361
" '%s')\n", ret, pubkeyfile, seckeyfile);
362
fprintf(stdout, "The GnuTLS error is: %s\n",
297
363
safer_gnutls_strerror(ret));
301
//GnuTLS server initialization
302
if ((ret = gnutls_dh_params_init (&es->dh_params))
303
!= GNUTLS_E_SUCCESS) {
304
fprintf (stderr, "Error in dh parameter initialization: %s\n",
305
safer_gnutls_strerror(ret));
309
if ((ret = gnutls_dh_params_generate2 (es->dh_params, DH_BITS))
310
!= GNUTLS_E_SUCCESS) {
311
fprintf (stderr, "Error in prime generation: %s\n",
312
safer_gnutls_strerror(ret));
316
gnutls_certificate_set_dh_params (es->cred, es->dh_params);
318
// GnuTLS session creation
319
if ((ret = gnutls_init (&es->session, GNUTLS_SERVER))
320
!= GNUTLS_E_SUCCESS){
367
/* GnuTLS server initialization */
368
ret = gnutls_dh_params_init(&mc->dh_params);
369
if (ret != GNUTLS_E_SUCCESS) {
370
fprintf (stderr, "Error in GnuTLS DH parameter initialization:"
371
" %s\n", safer_gnutls_strerror(ret));
374
ret = gnutls_dh_params_generate2(mc->dh_params, mc->dh_bits);
375
if (ret != GNUTLS_E_SUCCESS) {
376
fprintf (stderr, "Error in GnuTLS prime generation: %s\n",
377
safer_gnutls_strerror(ret));
381
gnutls_certificate_set_dh_params(mc->cred, mc->dh_params);
387
gnutls_certificate_free_credentials(mc->cred);
388
gnutls_global_deinit();
393
static int init_gnutls_session(mandos_context *mc,
394
gnutls_session_t *session){
396
/* GnuTLS session creation */
397
ret = gnutls_init(session, GNUTLS_SERVER);
398
if (ret != GNUTLS_E_SUCCESS){
321
399
fprintf(stderr, "Error in GnuTLS session initialization: %s\n",
322
400
safer_gnutls_strerror(ret));
325
if ((ret = gnutls_priority_set_direct (es->session, "NORMAL", &err))
326
!= GNUTLS_E_SUCCESS) {
327
fprintf(stderr, "Syntax error at: %s\n", err);
328
fprintf(stderr, "GnuTLS error: %s\n",
329
safer_gnutls_strerror(ret));
405
ret = gnutls_priority_set_direct(*session, mc->priority, &err);
406
if (ret != GNUTLS_E_SUCCESS) {
407
fprintf(stderr, "Syntax error at: %s\n", err);
408
fprintf(stderr, "GnuTLS error: %s\n",
409
safer_gnutls_strerror(ret));
410
gnutls_deinit (*session);
333
if ((ret = gnutls_credentials_set
334
(es->session, GNUTLS_CRD_CERTIFICATE, es->cred))
335
!= GNUTLS_E_SUCCESS) {
336
fprintf(stderr, "Error setting a credentials set: %s\n",
415
ret = gnutls_credentials_set(*session, GNUTLS_CRD_CERTIFICATE,
417
if (ret != GNUTLS_E_SUCCESS) {
418
fprintf(stderr, "Error setting GnuTLS credentials: %s\n",
337
419
safer_gnutls_strerror(ret));
420
gnutls_deinit (*session);
341
424
/* ignore client certificate if any. */
342
gnutls_certificate_server_set_request (es->session,
425
gnutls_certificate_server_set_request (*session,
343
426
GNUTLS_CERT_IGNORE);
345
gnutls_dh_set_prime_bits (es->session, DH_BITS);
428
gnutls_dh_set_prime_bits (*session, mc->dh_bits);
433
/* Avahi log function callback */
350
434
static void empty_log(__attribute__((unused)) AvahiLogLevel level,
351
435
__attribute__((unused)) const char *txt){}
437
/* Called when a Mandos server is found */
353
438
static int start_mandos_communication(const char *ip, uint16_t port,
354
AvahiIfIndex if_index){
439
AvahiIfIndex if_index,
356
struct sockaddr_in6 to;
357
encrypted_session es;
442
union { struct sockaddr in; struct sockaddr_in6 in6; } to;
358
443
char *buffer = NULL;
359
444
char *decrypted_buffer;
360
445
size_t buffer_length = 0;
361
446
size_t buffer_capacity = 0;
362
447
ssize_t decrypted_buffer_size;
365
450
char interface[IF_NAMESIZE];
451
gnutls_session_t session;
453
ret = init_gnutls_session (mc, &session);
368
fprintf(stderr, "Setting up a tcp connection to %s, port %d\n",
459
fprintf(stderr, "Setting up a tcp connection to %s, port %" PRIu16
372
463
tcp_sd = socket(PF_INET6, SOCK_STREAM, 0);
379
470
if(if_indextoname((unsigned int)if_index, interface) == NULL){
381
perror("if_indextoname");
471
perror("if_indextoname");
386
474
fprintf(stderr, "Binding to interface %s\n", interface);
389
477
memset(&to,0,sizeof(to)); /* Spurious warning */
390
to.sin6_family = AF_INET6;
391
ret = inet_pton(AF_INET6, ip, &to.sin6_addr);
478
to.in6.sin6_family = AF_INET6;
479
/* It would be nice to have a way to detect if we were passed an
480
IPv4 address here. Now we assume an IPv6 address. */
481
ret = inet_pton(AF_INET6, ip, &to.in6.sin6_addr);
393
483
perror("inet_pton");
397
487
fprintf(stderr, "Bad address: %s\n", ip);
400
to.sin6_port = htons(port); /* Spurious warning */
490
to.in6.sin6_port = htons(port); /* Spurious warning */
402
to.sin6_scope_id = (uint32_t)if_index;
492
to.in6.sin6_scope_id = (uint32_t)if_index;
405
fprintf(stderr, "Connection to: %s, port %d\n", ip, port);
406
/* char addrstr[INET6_ADDRSTRLEN]; */
407
/* if(inet_ntop(to.sin6_family, &(to.sin6_addr), addrstr, */
408
/* sizeof(addrstr)) == NULL){ */
409
/* perror("inet_ntop"); */
411
/* fprintf(stderr, "Really connecting to: %s, port %d\n", */
412
/* addrstr, ntohs(to.sin6_port)); */
495
fprintf(stderr, "Connection to: %s, port %" PRIu16 "\n", ip,
497
char addrstr[INET6_ADDRSTRLEN] = "";
498
if(inet_ntop(to.in6.sin6_family, &(to.in6.sin6_addr), addrstr,
499
sizeof(addrstr)) == NULL){
502
if(strcmp(addrstr, ip) != 0){
503
fprintf(stderr, "Canonical address form: %s\n", addrstr);
416
ret = connect(tcp_sd, (struct sockaddr *) &to, sizeof(to));
508
ret = connect(tcp_sd, &to.in, sizeof(to));
418
510
perror("connect");
422
ret = initgnutls (&es);
514
const char *out = mandos_protocol_version;
517
size_t out_size = strlen(out);
518
ret = TEMP_FAILURE_RETRY(write(tcp_sd, out + written,
519
out_size - written));
525
written += (size_t)ret;
526
if(written < out_size){
529
if (out == mandos_protocol_version){
428
gnutls_transport_set_ptr (es.session,
429
(gnutls_transport_ptr_t) tcp_sd);
432
539
fprintf(stderr, "Establishing TLS session with %s\n", ip);
435
ret = gnutls_handshake (es.session);
542
gnutls_transport_set_ptr (session, (gnutls_transport_ptr_t) tcp_sd);
545
ret = gnutls_handshake (session);
546
} while(ret == GNUTLS_E_AGAIN or ret == GNUTLS_E_INTERRUPTED);
437
548
if (ret != GNUTLS_E_SUCCESS){
439
fprintf(stderr, "\n*** Handshake failed ***\n");
550
fprintf(stderr, "*** GnuTLS Handshake failed ***\n");
440
551
gnutls_perror (ret);
446
//Retrieve OpenPGP packet that contains the wanted password
557
/* Read OpenPGP packet that contains the wanted password */
449
560
fprintf(stderr, "Retrieving pgp encrypted password from %s\n",
523
fprintf(stderr, "Closing TLS session\n");
639
/* Shutdown procedure */
527
gnutls_bye (es.session, GNUTLS_SHUT_RDWR);
530
gnutls_deinit (es.session);
531
gnutls_certificate_free_credentials (es.cred);
532
gnutls_global_deinit ();
644
gnutls_deinit (session);
536
static AvahiSimplePoll *simple_poll = NULL;
537
static AvahiServer *server = NULL;
539
static void resolve_callback(
540
AvahiSServiceResolver *r,
541
AvahiIfIndex interface,
542
AVAHI_GCC_UNUSED AvahiProtocol protocol,
543
AvahiResolverEvent event,
547
const char *host_name,
548
const AvahiAddress *address,
550
AVAHI_GCC_UNUSED AvahiStringList *txt,
551
AVAHI_GCC_UNUSED AvahiLookupResultFlags flags,
552
AVAHI_GCC_UNUSED void* userdata) {
648
static void resolve_callback(AvahiSServiceResolver *r,
649
AvahiIfIndex interface,
650
AVAHI_GCC_UNUSED AvahiProtocol protocol,
651
AvahiResolverEvent event,
655
const char *host_name,
656
const AvahiAddress *address,
658
AVAHI_GCC_UNUSED AvahiStringList *txt,
659
AVAHI_GCC_UNUSED AvahiLookupResultFlags
662
mandos_context *mc = userdata;
554
663
assert(r); /* Spurious warning */
556
665
/* Called whenever a service has been resolved successfully or
581
691
avahi_s_service_resolver_free(r);
584
static void browse_callback(
585
AvahiSServiceBrowser *b,
586
AvahiIfIndex interface,
587
AvahiProtocol protocol,
588
AvahiBrowserEvent event,
592
AVAHI_GCC_UNUSED AvahiLookupResultFlags flags,
595
AvahiServer *s = userdata;
596
assert(b); /* Spurious warning */
598
/* Called whenever a new services becomes available on the LAN or
599
is removed from the LAN */
603
case AVAHI_BROWSER_FAILURE:
605
fprintf(stderr, "(Browser) %s\n",
606
avahi_strerror(avahi_server_errno(server)));
607
avahi_simple_poll_quit(simple_poll);
610
case AVAHI_BROWSER_NEW:
611
/* We ignore the returned resolver object. In the callback
612
function we free it. If the server is terminated before
613
the callback function is called the server will free
614
the resolver for us. */
616
if (!(avahi_s_service_resolver_new(s, interface, protocol, name,
618
AVAHI_PROTO_INET6, 0,
619
resolve_callback, s)))
620
fprintf(stderr, "Failed to resolve service '%s': %s\n", name,
621
avahi_strerror(avahi_server_errno(s)));
624
case AVAHI_BROWSER_REMOVE:
627
case AVAHI_BROWSER_ALL_FOR_NOW:
628
case AVAHI_BROWSER_CACHE_EXHAUSTED:
694
static void browse_callback( AvahiSServiceBrowser *b,
695
AvahiIfIndex interface,
696
AvahiProtocol protocol,
697
AvahiBrowserEvent event,
701
AVAHI_GCC_UNUSED AvahiLookupResultFlags
704
mandos_context *mc = userdata;
705
assert(b); /* Spurious warning */
707
/* Called whenever a new services becomes available on the LAN or
708
is removed from the LAN */
712
case AVAHI_BROWSER_FAILURE:
714
fprintf(stderr, "(Avahi browser) %s\n",
715
avahi_strerror(avahi_server_errno(mc->server)));
716
avahi_simple_poll_quit(mc->simple_poll);
719
case AVAHI_BROWSER_NEW:
720
/* We ignore the returned Avahi resolver object. In the callback
721
function we free it. If the Avahi server is terminated before
722
the callback function is called the Avahi server will free the
725
if (!(avahi_s_service_resolver_new(mc->server, interface,
726
protocol, name, type, domain,
727
AVAHI_PROTO_INET6, 0,
728
resolve_callback, mc)))
729
fprintf(stderr, "Avahi: Failed to resolve service '%s': %s\n",
730
name, avahi_strerror(avahi_server_errno(mc->server)));
733
case AVAHI_BROWSER_REMOVE:
736
case AVAHI_BROWSER_ALL_FOR_NOW:
737
case AVAHI_BROWSER_CACHE_EXHAUSTED:
739
fprintf(stderr, "No Mandos server found, still searching...\n");
633
745
/* Combines file name and path and returns the malloced new
643
memcpy(tmp, first, f_len);
755
memcpy(tmp, first, f_len); /* Spurious warning */
645
757
tmp[f_len] = '/';
647
memcpy(tmp + f_len + 1, second, s_len);
759
memcpy(tmp + f_len + 1, second, s_len); /* Spurious warning */
649
761
tmp[f_len + 1 + s_len] = '\0';
654
int main(AVAHI_GCC_UNUSED int argc, AVAHI_GCC_UNUSED char*argv[]) {
655
AvahiServerConfig config;
766
int main(int argc, char *argv[]){
656
767
AvahiSServiceBrowser *sb = NULL;
659
int returncode = EXIT_SUCCESS;
770
int exitcode = EXIT_SUCCESS;
660
771
const char *interface = "eth0";
661
772
struct ifreq network;
663
776
char *connect_to = NULL;
664
777
AvahiIfIndex if_index = AVAHI_IF_UNSPEC;
667
static struct option long_options[] = {
668
{"debug", no_argument, (int *)&debug, 1},
669
{"connect", required_argument, 0, 'C'},
670
{"interface", required_argument, 0, 'i'},
671
{"certdir", required_argument, 0, 'd'},
672
{"certkey", required_argument, 0, 'c'},
673
{"certfile", required_argument, 0, 'k'},
676
int option_index = 0;
677
ret = getopt_long (argc, argv, "i:", long_options,
707
certfile = combinepath(certdir, certfile);
708
if (certfile == NULL){
709
perror("combinepath");
710
returncode = EXIT_FAILURE;
714
certkey = combinepath(certdir, certkey);
715
if (certkey == NULL){
716
perror("combinepath");
717
returncode = EXIT_FAILURE;
778
const char *pubkeyfile = "pubkey.txt";
779
const char *seckeyfile = "seckey.txt";
780
mandos_context mc = { .simple_poll = NULL, .server = NULL,
781
.dh_bits = 1024, .priority = "SECURE256"};
782
bool gnutls_initalized = false;
785
struct argp_option options[] = {
786
{ .name = "debug", .key = 128,
787
.doc = "Debug mode", .group = 3 },
788
{ .name = "connect", .key = 'c',
790
.doc = "Connect directly to a sepcified mandos server",
792
{ .name = "interface", .key = 'i',
794
.doc = "Interface that Avahi will conntect through",
796
{ .name = "keydir", .key = 'd',
798
.doc = "Directory where the openpgp keyring is",
800
{ .name = "seckey", .key = 's',
802
.doc = "Secret openpgp key for gnutls authentication",
804
{ .name = "pubkey", .key = 'p',
806
.doc = "Public openpgp key for gnutls authentication",
808
{ .name = "dh-bits", .key = 129,
810
.doc = "dh-bits to use in gnutls communication",
812
{ .name = "priority", .key = 130,
814
.doc = "GNUTLS priority", .group = 1 },
819
error_t parse_opt (int key, char *arg,
820
struct argp_state *state) {
821
/* Get the INPUT argument from `argp_parse', which we know is
822
a pointer to our plugin list pointer. */
844
mc.dh_bits = (unsigned int) strtol(arg, NULL, 10);
859
return ARGP_ERR_UNKNOWN;
864
struct argp argp = { .options = options, .parser = parse_opt,
866
.doc = "Mandos client -- Get and decrypt"
867
" passwords from mandos server" };
868
ret = argp_parse (&argp, argc, argv, 0, 0, NULL);
869
if (ret == ARGP_ERR_UNKNOWN){
870
fprintf(stderr, "Unkown error while parsing arguments\n");
871
exitcode = EXIT_FAILURE;
876
pubkeyfile = combinepath(keydir, pubkeyfile);
877
if (pubkeyfile == NULL){
878
perror("combinepath");
879
exitcode = EXIT_FAILURE;
883
seckeyfile = combinepath(keydir, seckeyfile);
884
if (seckeyfile == NULL){
885
perror("combinepath");
889
ret = init_gnutls_global(&mc, pubkeyfile, seckeyfile);
891
fprintf(stderr, "init_gnutls_global\n");
894
gnutls_initalized = true;
721
910
if_index = (AvahiIfIndex) if_nametoindex(interface);
730
919
char *address = strrchr(connect_to, ':');
731
920
if(address == NULL){
732
921
fprintf(stderr, "No colon in address\n");
922
exitcode = EXIT_FAILURE;
736
926
uint16_t port = (uint16_t) strtol(address+1, NULL, 10);
738
928
perror("Bad port number");
929
exitcode = EXIT_FAILURE;
742
933
address = connect_to;
743
ret = start_mandos_communication(address, port, if_index);
934
ret = start_mandos_communication(address, port, if_index, &mc);
936
exitcode = EXIT_FAILURE;
938
exitcode = EXIT_SUCCESS;
751
sd = socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP);
754
returncode = EXIT_FAILURE;
757
strcpy(network.ifr_name, interface);
758
ret = ioctl(sd, SIOCGIFFLAGS, &network);
761
perror("ioctl SIOCGIFFLAGS");
762
returncode = EXIT_FAILURE;
765
if((network.ifr_flags & IFF_UP) == 0){
766
network.ifr_flags |= IFF_UP;
767
ret = ioctl(sd, SIOCSIFFLAGS, &network);
943
/* If the interface is down, bring it up */
945
sd = socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP);
948
exitcode = EXIT_FAILURE;
951
strcpy(network.ifr_name, interface); /* Spurious warning */
952
ret = ioctl(sd, SIOCGIFFLAGS, &network);
769
perror("ioctl SIOCSIFFLAGS");
770
returncode = EXIT_FAILURE;
954
perror("ioctl SIOCGIFFLAGS");
955
exitcode = EXIT_FAILURE;
958
if((network.ifr_flags & IFF_UP) == 0){
959
network.ifr_flags |= IFF_UP;
960
ret = ioctl(sd, SIOCSIFFLAGS, &network);
962
perror("ioctl SIOCSIFFLAGS");
963
exitcode = EXIT_FAILURE;
777
971
avahi_set_log_function(empty_log);
780
/* Initialize the psuedo-RNG */
974
/* Initialize the pseudo-RNG for Avahi */
781
975
srand((unsigned int) time(NULL));
783
/* Allocate main loop object */
784
if (!(simple_poll = avahi_simple_poll_new())) {
785
fprintf(stderr, "Failed to create simple poll object.\n");
786
returncode = EXIT_FAILURE;
790
/* Do not publish any local records */
791
avahi_server_config_init(&config);
792
config.publish_hinfo = 0;
793
config.publish_addresses = 0;
794
config.publish_workstation = 0;
795
config.publish_domain = 0;
797
/* Allocate a new server */
798
server = avahi_server_new(avahi_simple_poll_get(simple_poll),
799
&config, NULL, NULL, &error);
801
/* Free the configuration data */
802
avahi_server_config_free(&config);
804
/* Check if creating the server object succeeded */
806
fprintf(stderr, "Failed to create server: %s\n",
977
/* Allocate main Avahi loop object */
978
mc.simple_poll = avahi_simple_poll_new();
979
if (mc.simple_poll == NULL) {
980
fprintf(stderr, "Avahi: Failed to create simple poll"
982
exitcode = EXIT_FAILURE;
987
AvahiServerConfig config;
988
/* Do not publish any local Zeroconf records */
989
avahi_server_config_init(&config);
990
config.publish_hinfo = 0;
991
config.publish_addresses = 0;
992
config.publish_workstation = 0;
993
config.publish_domain = 0;
995
/* Allocate a new server */
996
mc.server = avahi_server_new(avahi_simple_poll_get
997
(mc.simple_poll), &config, NULL,
1000
/* Free the Avahi configuration data */
1001
avahi_server_config_free(&config);
1004
/* Check if creating the Avahi server object succeeded */
1005
if (mc.server == NULL) {
1006
fprintf(stderr, "Failed to create Avahi server: %s\n",
807
1007
avahi_strerror(error));
808
returncode = EXIT_FAILURE;
1008
exitcode = EXIT_FAILURE;
812
/* Create the service browser */
813
sb = avahi_s_service_browser_new(server, if_index,
1012
/* Create the Avahi service browser */
1013
sb = avahi_s_service_browser_new(mc.server, if_index,
814
1014
AVAHI_PROTO_INET6,
815
1015
"_mandos._tcp", NULL, 0,
816
browse_callback, server);
1016
browse_callback, &mc);
818
1018
fprintf(stderr, "Failed to create service browser: %s\n",
819
avahi_strerror(avahi_server_errno(server)));
820
returncode = EXIT_FAILURE;
1019
avahi_strerror(avahi_server_errno(mc.server)));
1020
exitcode = EXIT_FAILURE;
824
1024
/* Run the main loop */
827
fprintf(stderr, "Starting avahi loop search\n");
1027
fprintf(stderr, "Starting Avahi loop search\n");
830
avahi_simple_poll_loop(simple_poll);
1030
avahi_simple_poll_loop(mc.simple_poll);
835
1035
fprintf(stderr, "%s exiting\n", argv[0]);
838
1038
/* Cleanup things */
840
1040
avahi_s_service_browser_free(sb);
843
avahi_server_free(server);
846
avahi_simple_poll_free(simple_poll);
1042
if (mc.server != NULL)
1043
avahi_server_free(mc.server);
1045
if (mc.simple_poll != NULL)
1046
avahi_simple_poll_free(mc.simple_poll);
1050
if (gnutls_initalized){
1051
gnutls_certificate_free_credentials(mc.cred);
1052
gnutls_global_deinit ();