/mandos/release : revision 68

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to plugins.d/password-request.c

Committer: Teddy Hogeborn
Date: 2008-08-12 19:22:34 UTC
Revision ID: teddy@fukt.bsnet.se-20080812192234-8bm17713ltih9ud1

* initramfs-tools-hook: New.
* initramfs-tools-hook-conf: New.

files added:
initramfs-tools-hook

initramfs-tools-hook-conf

mandos-client.xml

mandos-clients.conf.xml

mandos-keygen

mandos.conf

mandos.conf.xml

mandos.xml

network-protocol.txt

plugins.d/password-prompt.xml

plugins.d/password-request.xml

files removed:
ca.pem

cert.pem

client-cert.pem

client-key.pem

crl.pem

key.pem

files renamed:
mandos-clients.conf => clients.conf

server.py => mandos

plugbasedclient.c => mandos-client.c

plugins.d/passprompt.c => plugins.d/password-prompt.c

plugins.d/mandosclient.c => plugins.d/password-request.c

files modified:
Makefile

TODO

Show diffs side-by-side

added added

removed removed

plugins.d/password-request.c

/***

This file is part of avahi.

avahi is free software; you can redistribute it and/or modify it

under the terms of the GNU Lesser General Public License as

published by the Free Software Foundation; either version 2.1 of the

License, or (at your option) any later version.

avahi is distributed in the hope that it will be useful, but WITHOUT

ANY WARRANTY; without even the implied warranty of MERCHANTABILITY

or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General

Public License for more details.

You should have received a copy of the GNU Lesser General Public

License along with avahi; if not, write to the Free Software

Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307

USA.

***/

/* -*- coding: utf-8 -*- */

* Mandos client - get and decrypt data from a Mandos server

* This program is partly derived from an example program for an Avahi

* service browser, downloaded from

* <http://avahi.org/browser/examples/core-browse-services.c>. This

* includes the following functions: "resolve_callback",

* "browse_callback", and parts of "main".

* Everything else is

* This program is free software: you can redistribute it and/or

* modify it under the terms of the GNU General Public License as

* published by the Free Software Foundation, either version 3 of the

* License, or (at your option) any later version.

* This program is distributed in the hope that it will be useful, but

* WITHOUT ANY WARRANTY; without even the implied warranty of

* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU

* General Public License for more details.

* You should have received a copy of the GNU General Public License

* along with this program. If not, see

* <http://www.gnu.org/licenses/>.

* Contact the authors at <mandos@fukt.bsnet.se>.

/* Needed by GPGME, specifically gpgme_data_seek() */

#define _LARGEFILE_SOURCE

#define _FILE_OFFSET_BITS 64

#include <stdio.h>

#include <assert.h>

#include <stdlib.h>

#include <time.h>

#include <net/if.h> /* if_nametoindex */

#define _GNU_SOURCE /* TEMP_FAILURE_RETRY() */

#include <stdio.h> /* fprintf(), stderr, fwrite(), stdout,

ferror() */

#include <stdint.h> /* uint16_t, uint32_t */

#include <stddef.h> /* NULL, size_t, ssize_t */

#include <stdlib.h> /* free(), EXIT_SUCCESS, EXIT_FAILURE,

srand() */

#include <stdbool.h> /* bool, true */

#include <string.h> /* memset(), strcmp(), strlen(),

strerror(), memcpy(), strcpy() */

#include <sys/ioctl.h> /* ioctl */

#include <sys/types.h> /* socket(), inet_pton(), sockaddr,

sockaddr_in6, PF_INET6,

SOCK_STREAM, INET6_ADDRSTRLEN,

uid_t, gid_t */

#include <inttypes.h> /* PRIu16 */

#include <sys/socket.h> /* socket(), struct sockaddr_in6,

struct in6_addr, inet_pton(),

connect() */

#include <assert.h> /* assert() */

#include <errno.h> /* perror(), errno */

#include <time.h> /* time() */

#include <net/if.h> /* ioctl, ifreq, SIOCGIFFLAGS, IFF_UP,

SIOCSIFFLAGS, if_indextoname(),

if_nametoindex(), IF_NAMESIZE */

#include <unistd.h> /* close(), SEEK_SET, off_t, write(),

getuid(), getgid(), setuid(),

setgid() */

#include <netinet/in.h>

#include <arpa/inet.h> /* inet_pton(), htons */

#include <iso646.h> /* not, and */

#include <argp.h> /* struct argp_option, error_t, struct

argp_state, struct argp,

argp_parse(), ARGP_KEY_ARG,

ARGP_KEY_END, ARGP_ERR_UNKNOWN */

/* Avahi */

/* All Avahi types, constants and functions

Avahi*, avahi_*,

AVAHI_* */

#include <avahi-core/core.h>

#include <avahi-core/lookup.h>

#include <avahi-core/log.h>

#include <avahi-common/malloc.h>

#include <avahi-common/error.h>

//mandos client part

#include <sys/types.h> /* socket(), setsockopt(), inet_pton() */

#include <sys/socket.h> /* socket(), setsockopt(), struct sockaddr_in6, struct in6_addr, inet_pton() */

#include <gnutls/gnutls.h> /* ALL GNUTLS STUFF */

#include <gnutls/openpgp.h> /* gnutls with openpgp stuff */

#include <unistd.h> /* close() */

#include <netinet/in.h>

#include <stdbool.h> /* true */

#include <string.h> /* memset */

#include <arpa/inet.h> /* inet_pton() */

#include <iso646.h> /* not */

// gpgme

#include <errno.h> /* perror() */

#include <gpgme.h>

// getopt long

#include <getopt.h>

#ifndef CERT_ROOT

#define CERT_ROOT "/conf/conf.d/cryptkeyreq/"

#endif

#define CERTFILE CERT_ROOT "openpgp-client.txt"

#define KEYFILE CERT_ROOT "openpgp-client-key.txt"

/* GnuTLS */

#include <gnutls/gnutls.h> /* All GnuTLS types, constants and functions

gnutls_*

init_gnutls_session(),

GNUTLS_* */

#include <gnutls/openpgp.h> /* gnutls_certificate_set_openpgp_key_file(),

GNUTLS_OPENPGP_FMT_BASE64 */

/* GPGME */

#include <gpgme.h> /* All GPGME types, constants and functions

gpgme_*

GPGME_PROTOCOL_OpenPGP,

GPG_ERR_NO_* */

#define BUFFER_SIZE 256

#define DH_BITS 1024

bool debug = false;

char *interface = "eth0";

100

static const char *keydir = "/conf/conf.d/mandos";

101

static const char mandos_protocol_version[] = "1";

102

const char *argp_program_version = "password-request 1.0";

103

const char *argp_program_bug_address = "<mandos@fukt.bsnet.se>";

104

105

/* Used for passing in values through the Avahi callback functions */

106

typedef struct {

gnutls_session_t session;

107

AvahiSimplePoll *simple_poll;

108

AvahiServer *server;

109

gnutls_certificate_credentials_t cred;

110

unsigned int dh_bits;

111

gnutls_dh_params_t dh_params;

} encrypted_session;

ssize_t gpg_packet_decrypt (char *packet, size_t packet_size, char **new_packet, char *homedir){

112

const char *priority;

113

} mandos_context;

114

115

116

* Make room in "buffer" for at least BUFFER_SIZE additional bytes.

117

* "buffer_capacity" is how much is currently allocated,

118

* "buffer_length" is how much is already used.

119

120

size_t adjustbuffer(char **buffer, size_t buffer_length,

121

size_t buffer_capacity){

122

if (buffer_length + BUFFER_SIZE > buffer_capacity){

123

*buffer = realloc(*buffer, buffer_capacity + BUFFER_SIZE);

124

if (buffer == NULL){

125

return 0;

126

}

127

buffer_capacity += BUFFER_SIZE;

128

}

129

return buffer_capacity;

130

}

131

132

133

* Decrypt OpenPGP data using keyrings in HOMEDIR.

134

* Returns -1 on error

135

136

static ssize_t pgp_packet_decrypt (const char *cryptotext,

137

size_t crypto_size,

138

char **plaintext,

139

const char *homedir){

140

gpgme_data_t dh_crypto, dh_plain;

141

gpgme_ctx_t ctx;

142

gpgme_error_t rc;

143

ssize_t ret;

size_t new_packet_capacity = 0;

size_t new_packet_length = 0;

144

size_t plaintext_capacity = 0;

145

ssize_t plaintext_length = 0;

146

gpgme_engine_info_t engine_info;

147

148

if (debug){

fprintf(stderr, "Attempting to decrypt password from gpg packet\n");

149

fprintf(stderr, "Trying to decrypt OpenPGP data\n");

150

}

151

152

/* Init GPGME */

153

gpgme_check_version(NULL);

gpgme_engine_check_version(GPGME_PROTOCOL_OpenPGP);

154

rc = gpgme_engine_check_version(GPGME_PROTOCOL_OpenPGP);

155

if (rc != GPG_ERR_NO_ERROR){

156

fprintf(stderr, "bad gpgme_engine_check_version: %s: %s\n",

157

gpgme_strsource(rc), gpgme_strerror(rc));

158

return -1;

159

}

160

/* Set GPGME home directory */

161

/* Set GPGME home directory for the OpenPGP engine only */

162

rc = gpgme_get_engine_info (&engine_info);

163

if (rc != GPG_ERR_NO_ERROR){

164

fprintf(stderr, "bad gpgme_get_engine_info: %s: %s\n",

104

174

engine_info = engine_info->next;

105

175

}

106

176

if(engine_info == NULL){

107

fprintf(stderr, "Could not set home dir to %s\n", homedir);

177

fprintf(stderr, "Could not set GPGME home dir to %s\n", homedir);

108

178

return -1;

109

179

}

110

180

111

/* Create new GPGME data buffer from packet buffer */

112

rc = gpgme_data_new_from_mem(&dh_crypto, packet, packet_size, 0);

181

/* Create new GPGME data buffer from memory cryptotext */

182

rc = gpgme_data_new_from_mem(&dh_crypto, cryptotext, crypto_size,

183

0);

113

184

if (rc != GPG_ERR_NO_ERROR){

114

185

fprintf(stderr, "bad gpgme_data_new_from_mem: %s: %s\n",

115

186

gpgme_strsource(rc), gpgme_strerror(rc));

121

192

if (rc != GPG_ERR_NO_ERROR){

122

193

fprintf(stderr, "bad gpgme_data_new: %s: %s\n",

123

194

gpgme_strsource(rc), gpgme_strerror(rc));

195

gpgme_data_release(dh_crypto);

124

196

return -1;

125

197

}

126

198

129

201

if (rc != GPG_ERR_NO_ERROR){

130

202

fprintf(stderr, "bad gpgme_new: %s: %s\n",

131

203

gpgme_strsource(rc), gpgme_strerror(rc));

132

return -1;

204

plaintext_length = -1;

205

goto decrypt_end;

133

206

}

134

207

135

/* Decrypt data from the FILE pointer to the plaintext data buffer */

208

/* Decrypt data from the cryptotext data buffer to the plaintext

209

data buffer */

136

210

rc = gpgme_op_decrypt(ctx, dh_crypto, dh_plain);

137

211

if (rc != GPG_ERR_NO_ERROR){

138

212

fprintf(stderr, "bad gpgme_op_decrypt: %s: %s\n",

139

213

gpgme_strsource(rc), gpgme_strerror(rc));

140

return -1;

214

plaintext_length = -1;

215

goto decrypt_end;

141

216

}

142

217

143

218

if(debug){

144

fprintf(stderr, "decryption of gpg packet succeeded\n");

219

fprintf(stderr, "Decryption of OpenPGP data succeeded\n");

145

220

}

146

221

147

222

if (debug){

148

223

gpgme_decrypt_result_t result;

149

224

result = gpgme_op_decrypt_result(ctx);

150

225

if (result == NULL){

151

226

fprintf(stderr, "gpgme_op_decrypt_result failed\n");

152

227

} else {

153

fprintf(stderr, "Unsupported algorithm: %s\n", result->unsupported_algorithm);

154

fprintf(stderr, "Wrong key usage: %d\n", result->wrong_key_usage);

228

fprintf(stderr, "Unsupported algorithm: %s\n",

229

result->unsupported_algorithm);

230

fprintf(stderr, "Wrong key usage: %u\n",

231

result->wrong_key_usage);

155

232

if(result->file_name != NULL){

156

233

fprintf(stderr, "File name: %s\n", result->file_name);

157

234

}

163

240

gpgme_pubkey_algo_name(recipient->pubkey_algo));

164

241

fprintf(stderr, "Key ID: %s\n", recipient->keyid);

165

242

fprintf(stderr, "Secret key available: %s\n",

166

recipient->status == GPG_ERR_NO_SECKEY ? "No" : "Yes");

243

recipient->status == GPG_ERR_NO_SECKEY

244

? "No" : "Yes");

167

245

recipient = recipient->next;

168

246

}

169

247

}

170

248

}

171

249

}

172

250

173

/* Delete the GPGME FILE pointer cryptotext data buffer */

174

gpgme_data_release(dh_crypto);

175

176

251

/* Seek back to the beginning of the GPGME plaintext data buffer */

177

gpgme_data_seek(dh_plain, 0, SEEK_SET);

178

179

*new_packet = 0;

252

if (gpgme_data_seek(dh_plain, (off_t) 0, SEEK_SET) == -1){

253

perror("pgpme_data_seek");

254

plaintext_length = -1;

255

goto decrypt_end;

256

}

257

258

*plaintext = NULL;

180

259

while(true){

181

if (new_packet_length + BUFFER_SIZE > new_packet_capacity){

182

*new_packet = realloc(*new_packet, new_packet_capacity + BUFFER_SIZE);

183

if (*new_packet == NULL){

184

perror("realloc");

185

return -1;

186

}

187

new_packet_capacity += BUFFER_SIZE;

260

plaintext_capacity = adjustbuffer(plaintext,

261

(size_t)plaintext_length,

262

plaintext_capacity);

263

if (plaintext_capacity == 0){

264

perror("adjustbuffer");

265

plaintext_length = -1;

266

goto decrypt_end;

188

267

}

189

268

190

ret = gpgme_data_read(dh_plain, *new_packet + new_packet_length, BUFFER_SIZE);

269

ret = gpgme_data_read(dh_plain, *plaintext + plaintext_length,

270

BUFFER_SIZE);

191

271

/* Print the data, if any */

192

272

if (ret == 0){

193

/* If password is empty, then a incorrect error will be printed */

273

/* EOF */

194

274

break;

195

275

}

196

276

if(ret < 0){

197

277

perror("gpgme_data_read");

198

return -1;

278

plaintext_length = -1;

279

goto decrypt_end;

199

280

}

200

new_packet_length += ret;

281

plaintext_length += ret;

201

282

}

202

283

203

/* FIXME: check characters before printing to screen so to not print

204

terminal control characters */

205

/* if(debug){ */

206

/* fprintf(stderr, "decrypted password is: "); */

207

/* fwrite(*new_packet, 1, new_packet_length, stderr); */

208

/* fprintf(stderr, "\n"); */

209

/* } */

284

if(debug){

285

fprintf(stderr, "Decrypted password is: ");

286

for(ssize_t i = 0; i < plaintext_length; i++){

287

fprintf(stderr, "%02hhX ", (*plaintext)[i]);

288

}

289

fprintf(stderr, "\n");

290

}

291

292

decrypt_end:

293

294

/* Delete the GPGME cryptotext data buffer */

295

gpgme_data_release(dh_crypto);

210

296

211

297

/* Delete the GPGME plaintext data buffer */

212

298

gpgme_data_release(dh_plain);

213

return new_packet_length;

299

return plaintext_length;

214

300

}

215

301

216

302

static const char * safer_gnutls_strerror (int value) {

220

306

return ret;

221

307

}

222

308

223

void debuggnutls(int level, const char* string){

224

fprintf(stderr, "%s", string);

309

/* GnuTLS log function callback */

310

static void debuggnutls(__attribute__((unused)) int level,

311

const char* string){

312

fprintf(stderr, "GnuTLS: %s", string);

225

313

}

226

314

227

int initgnutls(encrypted_session *es){

228

const char *err;

315

static int init_gnutls_global(mandos_context *mc,

316

const char *pubkeyfile,

317

const char *seckeyfile){

229

318

int ret;

230

319

231

320

if(debug){

232

fprintf(stderr, "Initializing gnutls\n");

321

fprintf(stderr, "Initializing GnuTLS\n");

233

322

}

234

235

323

236

if ((ret = gnutls_global_init ())

237

!= GNUTLS_E_SUCCESS) {

238

fprintf (stderr, "global_init: %s\n", safer_gnutls_strerror(ret));

324

ret = gnutls_global_init();

325

if (ret != GNUTLS_E_SUCCESS) {

326

fprintf (stderr, "GnuTLS global_init: %s\n",

327

safer_gnutls_strerror(ret));

239

328

return -1;

240

329

}

241

330

242

331

if (debug){

332

/* "Use a log level over 10 to enable all debugging options."

333

* - GnuTLS manual

334

243

335

gnutls_global_set_log_level(11);

244

336

gnutls_global_set_log_function(debuggnutls);

245

337

}

246

338

247

248

/* openpgp credentials */

249

if ((ret = gnutls_certificate_allocate_credentials (&es->cred))

250

!= GNUTLS_E_SUCCESS) {

251

fprintf (stderr, "memory error: %s\n", safer_gnutls_strerror(ret));

339

/* OpenPGP credentials */

340

gnutls_certificate_allocate_credentials(&mc->cred);

341

if (ret != GNUTLS_E_SUCCESS){

342

fprintf (stderr, "GnuTLS memory error: %s\n",

343

safer_gnutls_strerror(ret));

344

gnutls_global_deinit ();

252

345

return -1;

253

346

}

254

347

255

348

if(debug){

256

fprintf(stderr, "Attempting to use openpgp certificate %s"

257

" and keyfile %s as gnutls credentials\n", CERTFILE, KEYFILE);

349

fprintf(stderr, "Attempting to use OpenPGP certificate %s"

350

" and keyfile %s as GnuTLS credentials\n", pubkeyfile,

351

seckeyfile);

258

352

}

259

353

260

354

ret = gnutls_certificate_set_openpgp_key_file

261

(es->cred, CERTFILE, KEYFILE, GNUTLS_OPENPGP_FMT_BASE64);

262

if (ret != GNUTLS_E_SUCCESS) {

263

fprintf

264

(stderr, "Error[%d] while reading the OpenPGP key pair ('%s', '%s')\n",

265

ret, CERTFILE, KEYFILE);

266

fprintf(stdout, "The Error is: %s\n",

267

safer_gnutls_strerror(ret));

268

return -1;

269

}

270

271

//Gnutls server initialization

272

if ((ret = gnutls_dh_params_init (&es->dh_params))

273

!= GNUTLS_E_SUCCESS) {

274

fprintf (stderr, "Error in dh parameter initialization: %s\n",

275

safer_gnutls_strerror(ret));

276

return -1;

277

}

278

279

if ((ret = gnutls_dh_params_generate2 (es->dh_params, DH_BITS))

280

!= GNUTLS_E_SUCCESS) {

281

fprintf (stderr, "Error in prime generation: %s\n",

282

safer_gnutls_strerror(ret));

283

return -1;

284

}

285

286

gnutls_certificate_set_dh_params (es->cred, es->dh_params);

287

288

// Gnutls session creation

289

if ((ret = gnutls_init (&es->session, GNUTLS_SERVER))

290

!= GNUTLS_E_SUCCESS){

291

fprintf(stderr, "Error in gnutls session initialization: %s\n",

292

safer_gnutls_strerror(ret));

293

}

294

295

if ((ret = gnutls_priority_set_direct (es->session, "NORMAL", &err))

296

!= GNUTLS_E_SUCCESS) {

297

fprintf(stderr, "Syntax error at: %s\n", err);

298

fprintf(stderr, "Gnutls error: %s\n",

299

safer_gnutls_strerror(ret));

300

return -1;

301

}

302

303

if ((ret = gnutls_credentials_set

304

(es->session, GNUTLS_CRD_CERTIFICATE, es->cred))

305

!= GNUTLS_E_SUCCESS) {

306

fprintf(stderr, "Error setting a credentials set: %s\n",

307

safer_gnutls_strerror(ret));

308

return -1;

309

}

310

355

(mc->cred, pubkeyfile, seckeyfile, GNUTLS_OPENPGP_FMT_BASE64);

356

if (ret != GNUTLS_E_SUCCESS) {

357

fprintf(stderr,

358

"Error[%d] while reading the OpenPGP key pair ('%s',"

359

" '%s')\n", ret, pubkeyfile, seckeyfile);

360

fprintf(stdout, "The GnuTLS error is: %s\n",

361

safer_gnutls_strerror(ret));

362

goto globalfail;

363

}

364

365

/* GnuTLS server initialization */

366

ret = gnutls_dh_params_init(&mc->dh_params);

367

if (ret != GNUTLS_E_SUCCESS) {

368

fprintf (stderr, "Error in GnuTLS DH parameter initialization:"

369

" %s\n", safer_gnutls_strerror(ret));

370

goto globalfail;

371

}

372

ret = gnutls_dh_params_generate2(mc->dh_params, mc->dh_bits);

373

if (ret != GNUTLS_E_SUCCESS) {

374

fprintf (stderr, "Error in GnuTLS prime generation: %s\n",

375

safer_gnutls_strerror(ret));

376

goto globalfail;

377

}

378

379

gnutls_certificate_set_dh_params(mc->cred, mc->dh_params);

380

381

return 0;

382

383

globalfail:

384

385

gnutls_certificate_free_credentials(mc->cred);

386

gnutls_global_deinit();

387

return -1;

388

389

}

390

391

static int init_gnutls_session(mandos_context *mc,

392

gnutls_session_t *session){

393

int ret;

394

/* GnuTLS session creation */

395

ret = gnutls_init(session, GNUTLS_SERVER);

396

if (ret != GNUTLS_E_SUCCESS){

397

fprintf(stderr, "Error in GnuTLS session initialization: %s\n",

398

safer_gnutls_strerror(ret));

399

}

400

401

{

402

const char *err;

403

ret = gnutls_priority_set_direct(*session, mc->priority, &err);

404

if (ret != GNUTLS_E_SUCCESS) {

405

fprintf(stderr, "Syntax error at: %s\n", err);

406

fprintf(stderr, "GnuTLS error: %s\n",

407

safer_gnutls_strerror(ret));

408

gnutls_deinit (*session);

409

return -1;

410

}

411

}

412

413

ret = gnutls_credentials_set(*session, GNUTLS_CRD_CERTIFICATE,

414

mc->cred);

415

if (ret != GNUTLS_E_SUCCESS) {

416

fprintf(stderr, "Error setting GnuTLS credentials: %s\n",

417

safer_gnutls_strerror(ret));

418

gnutls_deinit (*session);

419

return -1;

420

}

421

311

422

/* ignore client certificate if any. */

312

gnutls_certificate_server_set_request (es->session, GNUTLS_CERT_IGNORE);

423

gnutls_certificate_server_set_request (*session,

424

GNUTLS_CERT_IGNORE);

313

425

314

gnutls_dh_set_prime_bits (es->session, DH_BITS);

426

gnutls_dh_set_prime_bits (*session, mc->dh_bits);

315

427

316

428

return 0;

317

429

}

318

430

319

void empty_log(AvahiLogLevel level, const char *txt){}

431

/* Avahi log function callback */

432

static void empty_log(__attribute__((unused)) AvahiLogLevel level,

433

__attribute__((unused)) const char *txt){}

320

434

321

int start_mandos_communication(char *ip, uint16_t port){

435

/* Called when a Mandos server is found */

436

static int start_mandos_communication(const char *ip, uint16_t port,

437

AvahiIfIndex if_index,

438

mandos_context *mc){

322

439

int ret, tcp_sd;

323

struct sockaddr_in6 to;

324

encrypted_session es;

440

union { struct sockaddr in; struct sockaddr_in6 in6; } to;

325

441

char *buffer = NULL;

326

442

char *decrypted_buffer;

327

443

size_t buffer_length = 0;

328

444

size_t buffer_capacity = 0;

329

445

ssize_t decrypted_buffer_size;

446

size_t written;

330

447

int retval = 0;

331

448

char interface[IF_NAMESIZE];

449

gnutls_session_t session;

450

451

ret = init_gnutls_session (mc, &session);

452

if (ret != 0){

453

return -1;

454

}

455

332

456

if(debug){

333

fprintf(stderr, "Setting up a tcp connection to %s\n", ip);

457

fprintf(stderr, "Setting up a tcp connection to %s, port %" PRIu16

458

"\n", ip, port);

334

459

}

335

460

336

461

tcp_sd = socket(PF_INET6, SOCK_STREAM, 0);

340

465

}

341

466

342

467

if(debug){

468

if(if_indextoname((unsigned int)if_index, interface) == NULL){

469

perror("if_indextoname");

470

return -1;

471

}

343

472

fprintf(stderr, "Binding to interface %s\n", interface);

344

473

}

345

346

ret = setsockopt(tcp_sd, SOL_SOCKET, SO_BINDTODEVICE, interface, 5);

347

if(tcp_sd < 0) {

348

perror("setsockopt bindtodevice");

349

return -1;

350

}

351

474

352

memset(&to,0,sizeof(to));

353

to.sin6_family = AF_INET6;

354

ret = inet_pton(AF_INET6, ip, &to.sin6_addr);

475

memset(&to,0,sizeof(to)); /* Spurious warning */

476

to.in6.sin6_family = AF_INET6;

477

/* It would be nice to have a way to detect if we were passed an

478

IPv4 address here. Now we assume an IPv6 address. */

479

ret = inet_pton(AF_INET6, ip, &to.in6.sin6_addr);

355

480

if (ret < 0 ){

356

481

perror("inet_pton");

357

482

return -1;

358

}

483

}

359

484

if(ret == 0){

360

485

fprintf(stderr, "Bad address: %s\n", ip);

361

486

return -1;

362

487

}

363

to.sin6_port = htons(port);

364

to.sin6_scope_id = if_nametoindex(interface);

365

488

to.in6.sin6_port = htons(port); /* Spurious warning */

489

490

to.in6.sin6_scope_id = (uint32_t)if_index;

491

366

492

if(debug){

367

fprintf(stderr, "Connection to: %s\n", ip);

493

fprintf(stderr, "Connection to: %s, port %" PRIu16 "\n", ip,

494

port);

495

char addrstr[INET6_ADDRSTRLEN] = "";

496

if(inet_ntop(to.in6.sin6_family, &(to.in6.sin6_addr), addrstr,

497

sizeof(addrstr)) == NULL){

498

perror("inet_ntop");

499

} else {

500

if(strcmp(addrstr, ip) != 0){

501

fprintf(stderr, "Canonical address form: %s\n", addrstr);

502

}

503

}

368

504

}

369

505

370

ret = connect(tcp_sd, (struct sockaddr *) &to, sizeof(to));

506

ret = connect(tcp_sd, &to.in, sizeof(to));

371

507

if (ret < 0){

372

508

perror("connect");

373

509

return -1;

374

510

}

375

376

ret = initgnutls (&es);

377

if (ret != 0){

378

retval = -1;

379

return -1;

380

}

381

382

383

gnutls_transport_set_ptr (es.session, (gnutls_transport_ptr_t) tcp_sd);

384

511

512

const char *out = mandos_protocol_version;

513

written = 0;

514

while (true){

515

size_t out_size = strlen(out);

516

ret = TEMP_FAILURE_RETRY(write(tcp_sd, out + written,

517

out_size - written));

518

if (ret == -1){

519

perror("write");

520

retval = -1;

521

goto mandos_end;

522

}

523

written += (size_t)ret;

524

if(written < out_size){

525

continue;

526

} else {

527

if (out == mandos_protocol_version){

528

written = 0;

529

out = "\r\n";

530

} else {

531

break;

532

}

533

}

534

}

535

385

536

if(debug){

386

fprintf(stderr, "Establishing tls session with %s\n", ip);

537

fprintf(stderr, "Establishing TLS session with %s\n", ip);

387

538

}

539

540

gnutls_transport_set_ptr (session, (gnutls_transport_ptr_t) tcp_sd);

388

541

389

390

ret = gnutls_handshake (es.session);

542

do{

543

ret = gnutls_handshake (session);

544

} while(ret == GNUTLS_E_AGAIN or ret == GNUTLS_E_INTERRUPTED);

391

545

392

546

if (ret != GNUTLS_E_SUCCESS){

393

fprintf(stderr, "\n*** Handshake failed ***\n");

394

gnutls_perror (ret);

547

if(debug){

548

fprintf(stderr, "*** GnuTLS Handshake failed ***\n");

549

gnutls_perror (ret);

550

}

395

551

retval = -1;

396

goto exit;

552

goto mandos_end;

397

553

}

398

399

//Retrieve gpg packet that contains the wanted password

400

554

555

/* Read OpenPGP packet that contains the wanted password */

556

401

557

if(debug){

402

fprintf(stderr, "Retrieving pgp encrypted password from %s\n", ip);

558

fprintf(stderr, "Retrieving pgp encrypted password from %s\n",

559

ip);

403

560

}

404

561

405

562

while(true){

406

if (buffer_length + BUFFER_SIZE > buffer_capacity){

407

buffer = realloc(buffer, buffer_capacity + BUFFER_SIZE);

408

if (buffer == NULL){

409

perror("realloc");

410

goto exit;

411

}

412

buffer_capacity += BUFFER_SIZE;

563

buffer_capacity = adjustbuffer(&buffer, buffer_length,

564

buffer_capacity);

565

if (buffer_capacity == 0){

566

perror("adjustbuffer");

567

retval = -1;

568

goto mandos_end;

413

569

}

414

570

415

ret = gnutls_record_recv

416

(es.session, buffer+buffer_length, BUFFER_SIZE);

571

ret = gnutls_record_recv(session, buffer+buffer_length,

572

BUFFER_SIZE);

417

573

if (ret == 0){

418

574

break;

419

575

}

423

579

case GNUTLS_E_AGAIN:

424

580

break;

425

581

case GNUTLS_E_REHANDSHAKE:

426

ret = gnutls_handshake (es.session);

582

do{

583

ret = gnutls_handshake (session);

584

} while(ret == GNUTLS_E_AGAIN or ret == GNUTLS_E_INTERRUPTED);

427

585

if (ret < 0){

428

fprintf(stderr, "\n*** Handshake failed ***\n");

586

fprintf(stderr, "*** GnuTLS Re-handshake failed ***\n");

429

587

gnutls_perror (ret);

430

588

retval = -1;

431

goto exit;

589

goto mandos_end;

432

590

}

433

591

break;

434

592

default:

435

fprintf(stderr, "Unknown error while reading data from encrypted session with mandos server\n");

593

fprintf(stderr, "Unknown error while reading data from"

594

" encrypted session with Mandos server\n");

436

595

retval = -1;

437

gnutls_bye (es.session, GNUTLS_SHUT_RDWR);

438

goto exit;

596

gnutls_bye (session, GNUTLS_SHUT_RDWR);

597

goto mandos_end;

439

598

}

440

599

} else {

441

buffer_length += ret;

600

buffer_length += (size_t) ret;

442

601

}

443

602

}

444

603

604

if(debug){

605

fprintf(stderr, "Closing TLS session\n");

606

}

607

608

gnutls_bye (session, GNUTLS_SHUT_RDWR);

609

445

610

if (buffer_length > 0){

446

if ((decrypted_buffer_size = gpg_packet_decrypt(buffer, buffer_length, &decrypted_buffer, CERT_ROOT)) >= 0){

447

fwrite (decrypted_buffer, 1, decrypted_buffer_size, stdout);

611

decrypted_buffer_size = pgp_packet_decrypt(buffer,

612

buffer_length,

613

&decrypted_buffer,

614

keydir);

615

if (decrypted_buffer_size >= 0){

616

written = 0;

617

while(written < (size_t) decrypted_buffer_size){

618

ret = (int)fwrite (decrypted_buffer + written, 1,

619

(size_t)decrypted_buffer_size - written,

620

stdout);

621

if(ret == 0 and ferror(stdout)){

622

if(debug){

623

fprintf(stderr, "Error writing encrypted data: %s\n",

624

strerror(errno));

625

}

626

retval = -1;

627

break;

628

}

629

written += (size_t)ret;

630

}

448

631

free(decrypted_buffer);

449

632

} else {

450

633

retval = -1;

451

634

}

452

635

}

453

454

//shutdown procedure

455

456

if(debug){

457

fprintf(stderr, "Closing tls session\n");

458

}

459

636

637

/* Shutdown procedure */

638

639

mandos_end:

460

640

free(buffer);

461

gnutls_bye (es.session, GNUTLS_SHUT_RDWR);

462

exit:

463

641

close(tcp_sd);

464

gnutls_deinit (es.session);

465

gnutls_certificate_free_credentials (es.cred);

466

gnutls_global_deinit ();

642

gnutls_deinit (session);

467

643

return retval;

468

644

}

469

645

470

static AvahiSimplePoll *simple_poll = NULL;

471

static AvahiServer *server = NULL;

472

473

static void resolve_callback(

474

AvahiSServiceResolver *r,

475

AVAHI_GCC_UNUSED AvahiIfIndex interface,

476

AVAHI_GCC_UNUSED AvahiProtocol protocol,

477

AvahiResolverEvent event,

478

const char *name,

479

const char *type,

480

const char *domain,

481

const char *host_name,

482

const AvahiAddress *address,

483

uint16_t port,

484

AvahiStringList *txt,

485

AvahiLookupResultFlags flags,

486

AVAHI_GCC_UNUSED void* userdata) {

487

488

assert(r);

489

490

/* Called whenever a service has been resolved successfully or timed out */

491

492

switch (event) {

493

case AVAHI_RESOLVER_FAILURE:

494

fprintf(stderr, "(Resolver) Failed to resolve service '%s' of type '%s' in domain '%s': %s\n", name, type, domain, avahi_strerror(avahi_server_errno(server)));

495

break;

496

497

case AVAHI_RESOLVER_FOUND: {

498

char ip[AVAHI_ADDRESS_STR_MAX];

499

avahi_address_snprint(ip, sizeof(ip), address);

500

if(debug){

501

fprintf(stderr, "Mandos server found at %s on port %d\n", ip, port);

502

}

503

int ret = start_mandos_communication(ip, port);

504

if (ret == 0){

505

exit(EXIT_SUCCESS);

506

} else {

507

exit(EXIT_FAILURE);

508

}

509

}

510

}

511

avahi_s_service_resolver_free(r);

512

}

513

514

static void browse_callback(

515

AvahiSServiceBrowser *b,

516

AvahiIfIndex interface,

517

AvahiProtocol protocol,

518

AvahiBrowserEvent event,

519

const char *name,

520

const char *type,

521

const char *domain,

522

AVAHI_GCC_UNUSED AvahiLookupResultFlags flags,

523

void* userdata) {

524

525

AvahiServer *s = userdata;

526

assert(b);

527

528

/* Called whenever a new services becomes available on the LAN or is removed from the LAN */

529

530

switch (event) {

531

532

case AVAHI_BROWSER_FAILURE:

533

534

fprintf(stderr, "(Browser) %s\n", avahi_strerror(avahi_server_errno(server)));

535

avahi_simple_poll_quit(simple_poll);

536

return;

537

538

case AVAHI_BROWSER_NEW:

539

/* We ignore the returned resolver object. In the callback

540

function we free it. If the server is terminated before

541

the callback function is called the server will free

542

the resolver for us. */

543

544

if (!(avahi_s_service_resolver_new(s, interface, protocol, name, type, domain, AVAHI_PROTO_INET6, 0, resolve_callback, s)))

545

fprintf(stderr, "Failed to resolve service '%s': %s\n", name, avahi_strerror(avahi_server_errno(s)));

546

547

break;

548

549

case AVAHI_BROWSER_REMOVE:

550

break;

551

552

case AVAHI_BROWSER_ALL_FOR_NOW:

553

case AVAHI_BROWSER_CACHE_EXHAUSTED:

554

break;

555

}

556

}

557

558

int main(AVAHI_GCC_UNUSED int argc, AVAHI_GCC_UNUSED char*argv[]) {

559

AvahiServerConfig config;

646

static void resolve_callback(AvahiSServiceResolver *r,

647

AvahiIfIndex interface,

648

AVAHI_GCC_UNUSED AvahiProtocol protocol,

649

AvahiResolverEvent event,

650

const char *name,

651

const char *type,

652

const char *domain,

653

const char *host_name,

654

const AvahiAddress *address,

655

uint16_t port,

656

AVAHI_GCC_UNUSED AvahiStringList *txt,

657

AVAHI_GCC_UNUSED AvahiLookupResultFlags

658

flags,

659

void* userdata) {

660

mandos_context *mc = userdata;

661

assert(r); /* Spurious warning */

662

663

/* Called whenever a service has been resolved successfully or

664

timed out */

665

666

switch (event) {

667

default:

668

case AVAHI_RESOLVER_FAILURE:

669

fprintf(stderr, "(Avahi Resolver) Failed to resolve service '%s'"

670

" of type '%s' in domain '%s': %s\n", name, type, domain,

671

avahi_strerror(avahi_server_errno(mc->server)));

672

break;

673

674

case AVAHI_RESOLVER_FOUND:

675

{

676

char ip[AVAHI_ADDRESS_STR_MAX];

677

avahi_address_snprint(ip, sizeof(ip), address);

678

if(debug){

679

fprintf(stderr, "Mandos server \"%s\" found on %s (%s, %"

680

PRIu16 ") on port %d\n", name, host_name, ip,

681

interface, port);

682

}

683

int ret = start_mandos_communication(ip, port, interface, mc);

684

if (ret == 0){

685

exit(EXIT_SUCCESS);

686

}

687

}

688

}

689

avahi_s_service_resolver_free(r);

690

}

691

692

static void browse_callback( AvahiSServiceBrowser *b,

693

AvahiIfIndex interface,

694

AvahiProtocol protocol,

695

AvahiBrowserEvent event,

696

const char *name,

697

const char *type,

698

const char *domain,

699

AVAHI_GCC_UNUSED AvahiLookupResultFlags

700

flags,

701

void* userdata) {

702

mandos_context *mc = userdata;

703

assert(b); /* Spurious warning */

704

705

/* Called whenever a new services becomes available on the LAN or

706

is removed from the LAN */

707

708

switch (event) {

709

default:

710

case AVAHI_BROWSER_FAILURE:

711

712

fprintf(stderr, "(Avahi browser) %s\n",

713

avahi_strerror(avahi_server_errno(mc->server)));

714

avahi_simple_poll_quit(mc->simple_poll);

715

return;

716

717

case AVAHI_BROWSER_NEW:

718

/* We ignore the returned Avahi resolver object. In the callback

719

function we free it. If the Avahi server is terminated before

720

the callback function is called the Avahi server will free the

721

resolver for us. */

722

723

if (!(avahi_s_service_resolver_new(mc->server, interface,

724

protocol, name, type, domain,

725

AVAHI_PROTO_INET6, 0,

726

resolve_callback, mc)))

727

fprintf(stderr, "Avahi: Failed to resolve service '%s': %s\n",

728

name, avahi_strerror(avahi_server_errno(mc->server)));

729

break;

730

731

case AVAHI_BROWSER_REMOVE:

732

break;

733

734

case AVAHI_BROWSER_ALL_FOR_NOW:

735

case AVAHI_BROWSER_CACHE_EXHAUSTED:

736

if(debug){

737

fprintf(stderr, "No Mandos server found, still searching...\n");

738

}

739

break;

740

}

741

}

742

743

/* Combines file name and path and returns the malloced new

744

string. some sane checks could/should be added */

745

static const char *combinepath(const char *first, const char *second){

746

size_t f_len = strlen(first);

747

size_t s_len = strlen(second);

748

char *tmp = malloc(f_len + s_len + 2);

749

if (tmp == NULL){

750

return NULL;

751

}

752

if(f_len > 0){

753

memcpy(tmp, first, f_len); /* Spurious warning */

754

}

755

tmp[f_len] = '/';

756

if(s_len > 0){

757

memcpy(tmp + f_len + 1, second, s_len); /* Spurious warning */

758

}

759

tmp[f_len + 1 + s_len] = '\0';

760

return tmp;

761

}

762

763

764

int main(int argc, char *argv[]){

560

765

AvahiSServiceBrowser *sb = NULL;

561

766

int error;

562

767

int ret;

563

int returncode = EXIT_SUCCESS;

564

565

while (true){

566

static struct option long_options[] = {

567

{"debug", no_argument, (int *)&debug, 1},

568

{"interface", required_argument, 0, 'i'},

569

{0, 0, 0, 0} };

570

571

int option_index = 0;

572

ret = getopt_long (argc, argv, "i:", long_options, &option_index);

573

574

if (ret == -1){

575

break;

576

}

577

578

switch(ret){

579

case 0:

580

break;

581

case 'i':

582

interface = optarg;

583

break;

584

default:

585

exit(EXIT_FAILURE);

586

}

768

int exitcode = EXIT_SUCCESS;

769

const char *interface = "eth0";

770

struct ifreq network;

771

int sd;

772

uid_t uid;

773

gid_t gid;

774

char *connect_to = NULL;

775

AvahiIfIndex if_index = AVAHI_IF_UNSPEC;

776

const char *pubkeyfile = "pubkey.txt";

777

const char *seckeyfile = "seckey.txt";

778

mandos_context mc = { .simple_poll = NULL, .server = NULL,

779

.dh_bits = 1024, .priority = "SECURE256"};

780

bool gnutls_initalized = false;

781

782

{

783

struct argp_option options[] = {

784

{ .name = "debug", .key = 128,

785

.doc = "Debug mode", .group = 3 },

786

{ .name = "connect", .key = 'c',

787

.arg = "IP",

788

.doc = "Connect directly to a sepcified mandos server",

789

.group = 1 },

790

{ .name = "interface", .key = 'i',

791

.arg = "INTERFACE",

792

.doc = "Interface that Avahi will conntect through",

793

.group = 1 },

794

{ .name = "keydir", .key = 'd',

795

.arg = "KEYDIR",

796

.doc = "Directory where the openpgp keyring is",

797

.group = 1 },

798

{ .name = "seckey", .key = 's',

799

.arg = "SECKEY",

800

.doc = "Secret openpgp key for gnutls authentication",

801

.group = 1 },

802

{ .name = "pubkey", .key = 'p',

803

.arg = "PUBKEY",

804

.doc = "Public openpgp key for gnutls authentication",

805

.group = 2 },

806

{ .name = "dh-bits", .key = 129,

807

.arg = "BITS",

808

.doc = "dh-bits to use in gnutls communication",

809

.group = 2 },

810

{ .name = "priority", .key = 130,

811

.arg = "PRIORITY",

812

.doc = "GNUTLS priority", .group = 1 },

813

{ .name = NULL }

814

};

815

816

817

error_t parse_opt (int key, char *arg,

818

struct argp_state *state) {

819

/* Get the INPUT argument from `argp_parse', which we know is

820

a pointer to our plugin list pointer. */

821

switch (key) {

822

case 128:

823

debug = true;

824

break;

825

case 'c':

826

connect_to = arg;

827

break;

828

case 'i':

829

interface = arg;

830

break;

831

case 'd':

832

keydir = arg;

833

break;

834

case 's':

835

seckeyfile = arg;

836

break;

837

case 'p':

838

pubkeyfile = arg;

839

break;

840

case 129:

841

errno = 0;

842

mc.dh_bits = (unsigned int) strtol(arg, NULL, 10);

843

if (errno){

844

perror("strtol");

845

exit(EXIT_FAILURE);

846

}

847

break;

848

case 130:

849

mc.priority = arg;

850

break;

851

case ARGP_KEY_ARG:

852

argp_usage (state);

853

break;

854

case ARGP_KEY_END:

855

break;

856

default:

857

return ARGP_ERR_UNKNOWN;

858

}

859

return 0;

860

}

861

862

struct argp argp = { .options = options, .parser = parse_opt,

863

.args_doc = "",

864

.doc = "Mandos client -- Get and decrypt"

865

" passwords from mandos server" };

866

ret = argp_parse (&argp, argc, argv, 0, 0, NULL);

867

if (ret == ARGP_ERR_UNKNOWN){

868

fprintf(stderr, "Unknown error while parsing arguments\n");

869

exitcode = EXIT_FAILURE;

870

goto end;

871

}

872

}

873

874

pubkeyfile = combinepath(keydir, pubkeyfile);

875

if (pubkeyfile == NULL){

876

perror("combinepath");

877

exitcode = EXIT_FAILURE;

878

goto end;

879

}

880

881

seckeyfile = combinepath(keydir, seckeyfile);

882

if (seckeyfile == NULL){

883

perror("combinepath");

884

exitcode = EXIT_FAILURE;

885

goto end;

886

}

887

888

ret = init_gnutls_global(&mc, pubkeyfile, seckeyfile);

889

if (ret == -1){

890

fprintf(stderr, "init_gnutls_global failed\n");

891

exitcode = EXIT_FAILURE;

892

goto end;

893

} else {

894

gnutls_initalized = true;

895

}

896

897

/* If the interface is down, bring it up */

898

{

899

sd = socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP);

900

if(sd < 0) {

901

perror("socket");

902

exitcode = EXIT_FAILURE;

903

goto end;

904

}

905

strcpy(network.ifr_name, interface); /* Spurious warning */

906

ret = ioctl(sd, SIOCGIFFLAGS, &network);

907

if(ret == -1){

908

perror("ioctl SIOCGIFFLAGS");

909

exitcode = EXIT_FAILURE;

910

goto end;

911

}

912

if((network.ifr_flags & IFF_UP) == 0){

913

network.ifr_flags |= IFF_UP;

914

ret = ioctl(sd, SIOCSIFFLAGS, &network);

915

if(ret == -1){

916

perror("ioctl SIOCSIFFLAGS");

917

exitcode = EXIT_FAILURE;

918

goto end;

919

}

920

}

921

close(sd);

922

}

923

924

uid = getuid();

925

gid = getgid();

926

927

ret = setuid(uid);

928

if (ret == -1){

929

perror("setuid");

930

}

931

932

setgid(gid);

933

if (ret == -1){

934

perror("setgid");

935

}

936

937

if_index = (AvahiIfIndex) if_nametoindex(interface);

938

if(if_index == 0){

939

fprintf(stderr, "No such interface: \"%s\"\n", interface);

940

exit(EXIT_FAILURE);

941

}

942

943

if(connect_to != NULL){

944

/* Connect directly, do not use Zeroconf */

945

/* (Mainly meant for debugging) */

946

char *address = strrchr(connect_to, ':');

947

if(address == NULL){

948

fprintf(stderr, "No colon in address\n");

949

exitcode = EXIT_FAILURE;

950

goto end;

951

}

952

errno = 0;

953

uint16_t port = (uint16_t) strtol(address+1, NULL, 10);

954

if(errno){

955

perror("Bad port number");

956

exitcode = EXIT_FAILURE;

957

goto end;

958

}

959

*address = '\0';

960

address = connect_to;

961

ret = start_mandos_communication(address, port, if_index, &mc);

962

if(ret < 0){

963

exitcode = EXIT_FAILURE;

964

} else {

965

exitcode = EXIT_SUCCESS;

966

}

967

goto end;

587

968

}

588

969

589

970

if (not debug){

590

971

avahi_set_log_function(empty_log);

591

972

}

592

973

593

/* Initialize the psuedo-RNG */

594

srand(time(NULL));

595

596

/* Allocate main loop object */

597

if (!(simple_poll = avahi_simple_poll_new())) {

598

fprintf(stderr, "Failed to create simple poll object.\n");

599

600

goto exit;

601

}

602

603

/* Do not publish any local records */

604

avahi_server_config_init(&config);

605

config.publish_hinfo = 0;

606

config.publish_addresses = 0;

607

config.publish_workstation = 0;

608

config.publish_domain = 0;

609

610

/* Allocate a new server */

611

server = avahi_server_new(avahi_simple_poll_get(simple_poll), &config, NULL, NULL, &error);

612

613

/* Free the configuration data */

614

avahi_server_config_free(&config);

615

616

/* Check if creating the server object succeeded */

617

if (!server) {

618

fprintf(stderr, "Failed to create server: %s\n", avahi_strerror(error));

619

returncode = EXIT_FAILURE;

620

goto exit;

621

}

622

623

/* Create the service browser */

624

if (!(sb = avahi_s_service_browser_new(server, if_nametoindex("eth0"), AVAHI_PROTO_INET6, "_mandos._tcp", NULL, 0, browse_callback, server))) {

625

fprintf(stderr, "Failed to create service browser: %s\n", avahi_strerror(avahi_server_errno(server)));

626

returncode = EXIT_FAILURE;

627

goto exit;

974

/* Initialize the pseudo-RNG for Avahi */

975

srand((unsigned int) time(NULL));

976

977

/* Allocate main Avahi loop object */

978

mc.simple_poll = avahi_simple_poll_new();

979

if (mc.simple_poll == NULL) {

980

fprintf(stderr, "Avahi: Failed to create simple poll"

981

" object.\n");

982

exitcode = EXIT_FAILURE;

983

goto end;

984

}

985

986

{

987

AvahiServerConfig config;

988

/* Do not publish any local Zeroconf records */

989

avahi_server_config_init(&config);

990

config.publish_hinfo = 0;

991

config.publish_addresses = 0;

992

config.publish_workstation = 0;

993

config.publish_domain = 0;

994

995

/* Allocate a new server */

996

mc.server = avahi_server_new(avahi_simple_poll_get

997

(mc.simple_poll), &config, NULL,

998

NULL, &error);

999

1000

/* Free the Avahi configuration data */

1001

avahi_server_config_free(&config);

1002

}

1003

1004

/* Check if creating the Avahi server object succeeded */

1005

if (mc.server == NULL) {

1006

fprintf(stderr, "Failed to create Avahi server: %s\n",

1007

avahi_strerror(error));

1008

exitcode = EXIT_FAILURE;

1009

goto end;

1010

}

1011

1012

/* Create the Avahi service browser */

1013

sb = avahi_s_service_browser_new(mc.server, if_index,

1014

AVAHI_PROTO_INET6,

1015

"_mandos._tcp", NULL, 0,

1016

browse_callback, &mc);

1017

if (sb == NULL) {

1018

fprintf(stderr, "Failed to create service browser: %s\n",

1019

avahi_strerror(avahi_server_errno(mc.server)));

1020

exitcode = EXIT_FAILURE;

1021

goto end;

628

1022

}

629

1023

630

1024

/* Run the main loop */

631

1025

632

1026

if (debug){

633

fprintf(stderr, "Starting avahi loop search\n");

1027

fprintf(stderr, "Starting Avahi loop search\n");

634

1028

}

635

1029

636

avahi_simple_poll_loop(simple_poll);

1030

avahi_simple_poll_loop(mc.simple_poll);

637

1031

638

exit:

1032

end:

639

1033

640

1034

if (debug){

641

1035

fprintf(stderr, "%s exiting\n", argv[0]);

642

1036

}

643

1037

644

1038

/* Cleanup things */

645

if (sb)

1039

if (sb != NULL)

646

1040

avahi_s_service_browser_free(sb);

647

1041

648

if (server)

649

avahi_server_free(server);

650

651

if (simple_poll)

652

avahi_simple_poll_free(simple_poll);

653

654

return returncode;

1042

if (mc.server != NULL)

1043

avahi_server_free(mc.server);

1044

1045

if (mc.simple_poll != NULL)

1046

avahi_simple_poll_free(mc.simple_poll);

1047

free(pubkeyfile);

1048

free(seckeyfile);

1049

1050

if (gnutls_initalized){

1051

gnutls_certificate_free_credentials(mc.cred);

1052

gnutls_global_deinit ();

1053

}

1054

1055

return exitcode;

655

1056

}

Older »