To get this branch, use:
bzr branch
http://bzr.recompile.se/loggerhead/mandos/release
« back to all changes in this revision
Viewing changes to plugins.d/password-request.c
- browse files at revision 78
- compare with another revision
- download diff
- download tarball
- view history from revision 78
- Committer: Teddy Hogeborn
- Date: 2008-08-16 03:29:08 UTC
- Revision ID: teddy@fukt.bsnet.se-20080816032908-ihw7c05r2mnyk389
Add feature to specify custom environment variables for plugins.
* plugin-runner.c (plugin): New members "environ" and "envc" to
contain possible custom environment.
(getplugin): Return NULL on failure instead of doing exit(); all
callers changed.
(add_to_char_array): New helper function for "add_argument" and
"add_environment".
(addargument): Renamed to "add_argument". Return bool. Call
"add_to_char_array" to actually do things.
(add_environment): New; analogous to "add_argument".
(addcustomargument): Renamed to "add_to_argv" to avoid confusion
with "add_argument".
(main): New options "--global-envs" and "--envs-for" to specify
custom environment for plugins. Print environment for
plugins in debug mode. Use asprintf instead of strcpy and
strcat. Use execve() for plugins with custom environments.
Free environment for plugin when freeing plugin list.
* plugin-runner.c (plugin): New members "environ" and "envc" to
contain possible custom environment.
(getplugin): Return NULL on failure instead of doing exit(); all
callers changed.
(add_to_char_array): New helper function for "add_argument" and
"add_environment".
(addargument): Renamed to "add_argument". Return bool. Call
"add_to_char_array" to actually do things.
(add_environment): New; analogous to "add_argument".
(addcustomargument): Renamed to "add_to_argv" to avoid confusion
with "add_argument".
(main): New options "--global-envs" and "--envs-for" to specify
custom environment for plugins. Print environment for
plugins in debug mode. Use asprintf instead of strcpy and
strcat. Use execve() for plugins with custom environments.
Free environment for plugin when freeing plugin list.
- files added:
- network-protocol.txt
- files removed:
- .bzr-builddeb
- debian
- debian/po
- files renamed:
- plugins.d/mandos-client.c => plugins.d/password-request.c
- plugins.d/mandos-client.xml => plugins.d/password-request.xml
- files modified:
- Makefile
added
removed
plugins.d/password-request.c
1
1
/* -*- coding: utf-8 -*- */
2
2
/*
3
* Mandos-client - get and decrypt data from a Mandos server
3
* Mandos client - get and decrypt data from a Mandos server
4
4
*
5
5
* This program is partly derived from an example program for an Avahi
6
6
* service browser, downloaded from
9
9
* "browse_callback", and parts of "main".
10
10
*
11
11
* Everything else is
12
* Copyright © 2008,2009 Teddy Hogeborn
13
* Copyright © 2008,2009 Björn Påhlsson
12
* Copyright © 2007-2008 Teddy Hogeborn & Björn Påhlsson
14
13
*
15
14
* This program is free software: you can redistribute it and/or
16
15
* modify it under the terms of the GNU General Public License as
36
35
#define _GNU_SOURCE /* TEMP_FAILURE_RETRY(), asprintf() */
37
36
38
37
#include <stdio.h> /* fprintf(), stderr, fwrite(),
39
stdout, ferror(), sscanf */
38
stdout, ferror() */
40
39
#include <stdint.h> /* uint16_t, uint32_t */
41
40
#include <stddef.h> /* NULL, size_t, ssize_t */
42
41
#include <stdlib.h> /* free(), EXIT_SUCCESS, EXIT_FAILURE,
48
47
#include <sys/types.h> /* socket(), inet_pton(), sockaddr,
49
48
sockaddr_in6, PF_INET6,
50
49
SOCK_STREAM, INET6_ADDRSTRLEN,
51
uid_t, gid_t, open(), opendir(), DIR */
52
#include <sys/stat.h> /* open() */
50
uid_t, gid_t */
51
#include <inttypes.h> /* PRIu16 */
53
52
#include <sys/socket.h> /* socket(), struct sockaddr_in6,
54
53
struct in6_addr, inet_pton(),
55
54
connect() */
56
#include <fcntl.h> /* open() */
57
#include <dirent.h> /* opendir(), struct dirent, readdir() */
58
#include <inttypes.h> /* PRIu16, SCNu16 */
59
55
#include <assert.h> /* assert() */
60
56
#include <errno.h> /* perror(), errno */
61
57
#include <time.h> /* time() */
62
58
#include <net/if.h> /* ioctl, ifreq, SIOCGIFFLAGS, IFF_UP,
63
59
SIOCSIFFLAGS, if_indextoname(),
64
60
if_nametoindex(), IF_NAMESIZE */
65
#include <netinet/in.h>
66
61
#include <unistd.h> /* close(), SEEK_SET, off_t, write(),
67
62
getuid(), getgid(), setuid(),
68
63
setgid() */
64
#include <netinet/in.h>
69
65
#include <arpa/inet.h> /* inet_pton(), htons */
70
#include <iso646.h> /* not, and, or */
66
#include <iso646.h> /* not, and */
71
67
#include <argp.h> /* struct argp_option, error_t, struct
72
68
argp_state, struct argp,
73
69
argp_parse(), ARGP_KEY_ARG,
102
98
103
99
#define BUFFER_SIZE 256
104
100
105
#define PATHDIR "/conf/conf.d/mandos"
106
#define SECKEY "seckey.txt"
107
#define PUBKEY "pubkey.txt"
108
109
101
bool debug = false;
102
static const char *keydir = "/conf/conf.d/mandos";
110
103
static const char mandos_protocol_version[] = "1";
111
const char *argp_program_version = "mandos-client " VERSION;
104
const char *argp_program_version = "password-request 1.0";
112
105
const char *argp_program_bug_address = "<mandos@fukt.bsnet.se>";
113
106
114
107
/* Used for passing in values through the Avahi callback functions */
119
112
unsigned int dh_bits;
120
113
gnutls_dh_params_t dh_params;
121
114
const char *priority;
122
gpgme_ctx_t ctx;
123
115
} mandos_context;
124
116
125
117
/*
140
132
}
141
133
142
134
/*
143
* Initialize GPGME.
135
* Decrypt OpenPGP data using keyrings in HOMEDIR.
136
* Returns -1 on error
144
137
*/
145
static bool init_gpgme(mandos_context *mc, const char *seckey,
146
const char *pubkey, const char *tempdir){
147
int ret;
138
static ssize_t pgp_packet_decrypt (const char *cryptotext,
139
size_t crypto_size,
140
char **plaintext,
141
const char *homedir){
142
gpgme_data_t dh_crypto, dh_plain;
143
gpgme_ctx_t ctx;
148
144
gpgme_error_t rc;
145
ssize_t ret;
146
size_t plaintext_capacity = 0;
147
ssize_t plaintext_length = 0;
149
148
gpgme_engine_info_t engine_info;
150
149
151
152
/*
153
* Helper function to insert pub and seckey to the enigne keyring.
154
*/
155
bool import_key(const char *filename){
156
int fd;
157
gpgme_data_t pgp_data;
158
159
fd = (int)TEMP_FAILURE_RETRY(open(filename, O_RDONLY));
160
if(fd == -1){
161
perror("open");
162
return false;
163
}
164
165
rc = gpgme_data_new_from_fd(&pgp_data, fd);
166
if (rc != GPG_ERR_NO_ERROR){
167
fprintf(stderr, "bad gpgme_data_new_from_fd: %s: %s\n",
168
gpgme_strsource(rc), gpgme_strerror(rc));
169
return false;
170
}
171
172
rc = gpgme_op_import(mc->ctx, pgp_data);
173
if (rc != GPG_ERR_NO_ERROR){
174
fprintf(stderr, "bad gpgme_op_import: %s: %s\n",
175
gpgme_strsource(rc), gpgme_strerror(rc));
176
return false;
177
}
178
179
ret = (int)TEMP_FAILURE_RETRY(close(fd));
180
if(ret == -1){
181
perror("close");
182
}
183
gpgme_data_release(pgp_data);
184
return true;
185
}
186
187
150
if (debug){
188
fprintf(stderr, "Initialize gpgme\n");
151
fprintf(stderr, "Trying to decrypt OpenPGP data\n");
189
152
}
190
153
191
154
/* Init GPGME */
194
157
if (rc != GPG_ERR_NO_ERROR){
195
158
fprintf(stderr, "bad gpgme_engine_check_version: %s: %s\n",
196
159
gpgme_strsource(rc), gpgme_strerror(rc));
197
return false;
160
return -1;
198
161
}
199
162
200
/* Set GPGME home directory for the OpenPGP engine only */
163
/* Set GPGME home directory for the OpenPGP engine only */
201
164
rc = gpgme_get_engine_info (&engine_info);
202
165
if (rc != GPG_ERR_NO_ERROR){
203
166
fprintf(stderr, "bad gpgme_get_engine_info: %s: %s\n",
204
167
gpgme_strsource(rc), gpgme_strerror(rc));
205
return false;
168
return -1;
206
169
}
207
170
while(engine_info != NULL){
208
171
if(engine_info->protocol == GPGME_PROTOCOL_OpenPGP){
209
172
gpgme_set_engine_info(GPGME_PROTOCOL_OpenPGP,
210
engine_info->file_name, tempdir);
173
engine_info->file_name, homedir);
211
174
break;
212
175
}
213
176
engine_info = engine_info->next;
214
177
}
215
178
if(engine_info == NULL){
216
fprintf(stderr, "Could not set GPGME home dir to %s\n", tempdir);
217
return false;
218
}
219
220
/* Create new GPGME "context" */
221
rc = gpgme_new(&(mc->ctx));
222
if (rc != GPG_ERR_NO_ERROR){
223
fprintf(stderr, "bad gpgme_new: %s: %s\n",
224
gpgme_strsource(rc), gpgme_strerror(rc));
225
return false;
226
}
227
228
if (not import_key(pubkey) or not import_key(seckey)){
229
return false;
230
}
231
232
return true;
233
}
234
235
/*
236
* Decrypt OpenPGP data.
237
* Returns -1 on error
238
*/
239
static ssize_t pgp_packet_decrypt (const mandos_context *mc,
240
const char *cryptotext,
241
size_t crypto_size,
242
char **plaintext){
243
gpgme_data_t dh_crypto, dh_plain;
244
gpgme_error_t rc;
245
ssize_t ret;
246
size_t plaintext_capacity = 0;
247
ssize_t plaintext_length = 0;
248
249
if (debug){
250
fprintf(stderr, "Trying to decrypt OpenPGP data\n");
179
fprintf(stderr, "Could not set GPGME home dir to %s\n", homedir);
180
return -1;
251
181
}
252
182
253
183
/* Create new GPGME data buffer from memory cryptotext */
268
198
return -1;
269
199
}
270
200
201
/* Create new GPGME "context" */
202
rc = gpgme_new(&ctx);
203
if (rc != GPG_ERR_NO_ERROR){
204
fprintf(stderr, "bad gpgme_new: %s: %s\n",
205
gpgme_strsource(rc), gpgme_strerror(rc));
206
plaintext_length = -1;
207
goto decrypt_end;
208
}
209
271
210
/* Decrypt data from the cryptotext data buffer to the plaintext
272
211
data buffer */
273
rc = gpgme_op_decrypt(mc->ctx, dh_crypto, dh_plain);
212
rc = gpgme_op_decrypt(ctx, dh_crypto, dh_plain);
274
213
if (rc != GPG_ERR_NO_ERROR){
275
214
fprintf(stderr, "bad gpgme_op_decrypt: %s: %s\n",
276
215
gpgme_strsource(rc), gpgme_strerror(rc));
277
216
plaintext_length = -1;
278
if (debug){
279
gpgme_decrypt_result_t result;
280
result = gpgme_op_decrypt_result(mc->ctx);
281
if (result == NULL){
282
fprintf(stderr, "gpgme_op_decrypt_result failed\n");
283
} else {
284
fprintf(stderr, "Unsupported algorithm: %s\n",
285
result->unsupported_algorithm);
286
fprintf(stderr, "Wrong key usage: %u\n",
287
result->wrong_key_usage);
288
if(result->file_name != NULL){
289
fprintf(stderr, "File name: %s\n", result->file_name);
290
}
291
gpgme_recipient_t recipient;
292
recipient = result->recipients;
293
if(recipient){
294
while(recipient != NULL){
295
fprintf(stderr, "Public key algorithm: %s\n",
296
gpgme_pubkey_algo_name(recipient->pubkey_algo));
297
fprintf(stderr, "Key ID: %s\n", recipient->keyid);
298
fprintf(stderr, "Secret key available: %s\n",
299
recipient->status == GPG_ERR_NO_SECKEY
300
? "No" : "Yes");
301
recipient = recipient->next;
302
}
303
}
304
}
305
}
306
217
goto decrypt_end;
307
218
}
308
219
310
221
fprintf(stderr, "Decryption of OpenPGP data succeeded\n");
311
222
}
312
223
224
if (debug){
225
gpgme_decrypt_result_t result;
226
result = gpgme_op_decrypt_result(ctx);
227
if (result == NULL){
228
fprintf(stderr, "gpgme_op_decrypt_result failed\n");
229
} else {
230
fprintf(stderr, "Unsupported algorithm: %s\n",
231
result->unsupported_algorithm);
232
fprintf(stderr, "Wrong key usage: %u\n",
233
result->wrong_key_usage);
234
if(result->file_name != NULL){
235
fprintf(stderr, "File name: %s\n", result->file_name);
236
}
237
gpgme_recipient_t recipient;
238
recipient = result->recipients;
239
if(recipient){
240
while(recipient != NULL){
241
fprintf(stderr, "Public key algorithm: %s\n",
242
gpgme_pubkey_algo_name(recipient->pubkey_algo));
243
fprintf(stderr, "Key ID: %s\n", recipient->keyid);
244
fprintf(stderr, "Secret key available: %s\n",
245
recipient->status == GPG_ERR_NO_SECKEY
246
? "No" : "Yes");
247
recipient = recipient->next;
248
}
249
}
250
}
251
}
252
313
253
/* Seek back to the beginning of the GPGME plaintext data buffer */
314
254
if (gpgme_data_seek(dh_plain, (off_t) 0, SEEK_SET) == -1){
315
perror("gpgme_data_seek");
255
perror("pgpme_data_seek");
316
256
plaintext_length = -1;
317
257
goto decrypt_end;
318
258
}
342
282
}
343
283
plaintext_length += ret;
344
284
}
345
285
346
286
if(debug){
347
287
fprintf(stderr, "Decrypted password is: ");
348
288
for(ssize_t i = 0; i < plaintext_length; i++){
362
302
}
363
303
364
304
static const char * safer_gnutls_strerror (int value) {
365
const char *ret = gnutls_strerror (value); /* Spurious warning */
305
const char *ret = gnutls_strerror (value);
366
306
if (ret == NULL)
367
307
ret = "(unknown)";
368
308
return ret;
401
341
/* OpenPGP credentials */
402
342
gnutls_certificate_allocate_credentials(&mc->cred);
403
343
if (ret != GNUTLS_E_SUCCESS){
404
fprintf (stderr, "GnuTLS memory error: %s\n", /* Spurious
405
warning */
344
fprintf (stderr, "GnuTLS memory error: %s\n",
406
345
safer_gnutls_strerror(ret));
407
346
gnutls_global_deinit ();
408
347
return -1;
409
348
}
410
349
411
350
if(debug){
412
fprintf(stderr, "Attempting to use OpenPGP public key %s and"
413
" secret key %s as GnuTLS credentials\n", pubkeyfilename,
351
fprintf(stderr, "Attempting to use OpenPGP certificate %s"
352
" and keyfile %s as GnuTLS credentials\n", pubkeyfilename,
414
353
seckeyfilename);
415
354
}
416
355
421
360
fprintf(stderr,
422
361
"Error[%d] while reading the OpenPGP key pair ('%s',"
423
362
" '%s')\n", ret, pubkeyfilename, seckeyfilename);
424
fprintf(stderr, "The GnuTLS error is: %s\n",
363
fprintf(stdout, "The GnuTLS error is: %s\n",
425
364
safer_gnutls_strerror(ret));
426
365
goto globalfail;
427
366
}
441
380
}
442
381
443
382
gnutls_certificate_set_dh_params(mc->cred, mc->dh_params);
444
383
445
384
return 0;
446
385
447
386
globalfail:
448
387
449
388
gnutls_certificate_free_credentials(mc->cred);
450
389
gnutls_global_deinit();
451
gnutls_dh_params_deinit(mc->dh_params);
452
390
return -1;
391
453
392
}
454
393
455
394
static int init_gnutls_session(mandos_context *mc,
501
440
AvahiIfIndex if_index,
502
441
mandos_context *mc){
503
442
int ret, tcp_sd;
504
ssize_t sret;
505
443
union { struct sockaddr in; struct sockaddr_in6 in6; } to;
506
444
char *buffer = NULL;
507
445
char *decrypted_buffer;
528
466
perror("socket");
529
467
return -1;
530
468
}
531
469
532
470
if(debug){
533
471
if(if_indextoname((unsigned int)if_index, interface) == NULL){
534
472
perror("if_indextoname");
537
475
fprintf(stderr, "Binding to interface %s\n", interface);
538
476
}
539
477
540
memset(&to, 0, sizeof(to));
478
memset(&to, 0, sizeof(to)); /* Spurious warning */
541
479
to.in6.sin6_family = AF_INET6;
542
480
/* It would be nice to have a way to detect if we were passed an
543
481
IPv4 address here. Now we assume an IPv6 address. */
573
511
perror("connect");
574
512
return -1;
575
513
}
576
514
577
515
const char *out = mandos_protocol_version;
578
516
written = 0;
579
517
while (true){
580
518
size_t out_size = strlen(out);
581
ret = (int)TEMP_FAILURE_RETRY(write(tcp_sd, out + written,
519
ret = TEMP_FAILURE_RETRY(write(tcp_sd, out + written,
582
520
out_size - written));
583
521
if (ret == -1){
584
522
perror("write");
597
535
}
598
536
}
599
537
}
600
538
601
539
if(debug){
602
540
fprintf(stderr, "Establishing TLS session with %s\n", ip);
603
541
}
604
542
605
543
gnutls_transport_set_ptr (session, (gnutls_transport_ptr_t) tcp_sd);
606
544
607
545
do{
608
546
ret = gnutls_handshake (session);
609
547
} while(ret == GNUTLS_E_AGAIN or ret == GNUTLS_E_INTERRUPTED);
623
561
fprintf(stderr, "Retrieving pgp encrypted password from %s\n",
624
562
ip);
625
563
}
626
564
627
565
while(true){
628
566
buffer_capacity = adjustbuffer(&buffer, buffer_length,
629
567
buffer_capacity);
633
571
goto mandos_end;
634
572
}
635
573
636
sret = gnutls_record_recv(session, buffer+buffer_length,
637
BUFFER_SIZE);
638
if (sret == 0){
574
ret = gnutls_record_recv(session, buffer+buffer_length,
575
BUFFER_SIZE);
576
if (ret == 0){
639
577
break;
640
578
}
641
if (sret < 0){
642
switch(sret){
579
if (ret < 0){
580
switch(ret){
643
581
case GNUTLS_E_INTERRUPTED:
644
582
case GNUTLS_E_AGAIN:
645
583
break;
662
600
goto mandos_end;
663
601
}
664
602
} else {
665
buffer_length += (size_t) sret;
603
buffer_length += (size_t) ret;
666
604
}
667
605
}
668
606
673
611
gnutls_bye (session, GNUTLS_SHUT_RDWR);
674
612
675
613
if (buffer_length > 0){
676
decrypted_buffer_size = pgp_packet_decrypt(mc, buffer,
614
decrypted_buffer_size = pgp_packet_decrypt(buffer,
677
615
buffer_length,
678
&decrypted_buffer);
616
&decrypted_buffer,
617
keydir);
679
618
if (decrypted_buffer_size >= 0){
680
619
written = 0;
681
620
while(written < (size_t) decrypted_buffer_size){
696
635
} else {
697
636
retval = -1;
698
637
}
699
} else {
700
retval = -1;
701
638
}
702
639
703
640
/* Shutdown procedure */
704
641
705
642
mandos_end:
706
643
free(buffer);
707
ret = (int)TEMP_FAILURE_RETRY(close(tcp_sd));
708
if(ret == -1){
709
perror("close");
710
}
644
close(tcp_sd);
711
645
gnutls_deinit (session);
712
646
return retval;
713
647
}
727
661
flags,
728
662
void* userdata) {
729
663
mandos_context *mc = userdata;
730
assert(r);
664
assert(r); /* Spurious warning */
731
665
732
666
/* Called whenever a service has been resolved successfully or
733
667
timed out */
769
703
flags,
770
704
void* userdata) {
771
705
mandos_context *mc = userdata;
772
assert(b);
706
assert(b); /* Spurious warning */
773
707
774
708
/* Called whenever a new services becomes available on the LAN or
775
709
is removed from the LAN */
809
743
}
810
744
}
811
745
746
/* Combines file name and path and returns the malloced new
747
string. some sane checks could/should be added */
748
static char *combinepath(const char *first, const char *second){
749
char *tmp;
750
int ret = asprintf(&tmp, "%s/%s", first, second);
751
if(ret < 0){
752
return NULL;
753
}
754
return tmp;
755
}
756
757
812
758
int main(int argc, char *argv[]){
813
759
AvahiSServiceBrowser *sb = NULL;
814
760
int error;
820
766
uid_t uid;
821
767
gid_t gid;
822
768
char *connect_to = NULL;
823
char tempdir[] = "/tmp/mandosXXXXXX";
824
769
AvahiIfIndex if_index = AVAHI_IF_UNSPEC;
825
const char *seckey = PATHDIR "/" SECKEY;
826
const char *pubkey = PATHDIR "/" PUBKEY;
827
770
char *pubkeyfilename = NULL;
771
char *seckeyfilename = NULL;
772
const char *pubkeyname = "pubkey.txt";
773
const char *seckeyname = "seckey.txt";
828
774
mandos_context mc = { .simple_poll = NULL, .server = NULL,
829
.dh_bits = 1024, .priority = "SECURE256"
830
":!CTYPE-X.509:+CTYPE-OPENPGP" };
775
.dh_bits = 1024, .priority = "SECURE256"};
831
776
bool gnutls_initalized = false;
832
bool gpgme_initalized = false;
833
777
834
778
{
835
779
struct argp_option options[] = {
836
780
{ .name = "debug", .key = 128,
837
781
.doc = "Debug mode", .group = 3 },
838
782
{ .name = "connect", .key = 'c',
839
.arg = "ADDRESS:PORT",
840
.doc = "Connect directly to a specific Mandos server",
783
.arg = "IP",
784
.doc = "Connect directly to a sepcified mandos server",
841
785
.group = 1 },
842
786
{ .name = "interface", .key = 'i',
843
.arg = "NAME",
844
.doc = "Interface that will be used to search for Mandos"
845
" servers",
787
.arg = "INTERFACE",
788
.doc = "Interface that Avahi will conntect through",
789
.group = 1 },
790
{ .name = "keydir", .key = 'd',
791
.arg = "KEYDIR",
792
.doc = "Directory where the openpgp keyring is",
846
793
.group = 1 },
847
794
{ .name = "seckey", .key = 's',
848
.arg = "FILE",
849
.doc = "OpenPGP secret key file base name",
795
.arg = "SECKEY",
796
.doc = "Secret openpgp key for gnutls authentication",
850
797
.group = 1 },
851
798
{ .name = "pubkey", .key = 'p',
852
.arg = "FILE",
853
.doc = "OpenPGP public key file base name",
799
.arg = "PUBKEY",
800
.doc = "Public openpgp key for gnutls authentication",
854
801
.group = 2 },
855
802
{ .name = "dh-bits", .key = 129,
856
803
.arg = "BITS",
857
.doc = "Bit length of the prime number used in the"
858
" Diffie-Hellman key exchange",
804
.doc = "dh-bits to use in gnutls communication",
859
805
.group = 2 },
860
806
{ .name = "priority", .key = 130,
861
.arg = "STRING",
862
.doc = "GnuTLS priority string for the TLS handshake",
863
.group = 1 },
807
.arg = "PRIORITY",
808
.doc = "GNUTLS priority", .group = 1 },
864
809
{ .name = NULL }
865
810
};
811
866
812
867
813
error_t parse_opt (int key, char *arg,
868
814
struct argp_state *state) {
815
/* Get the INPUT argument from `argp_parse', which we know is
816
a pointer to our plugin list pointer. */
869
817
switch (key) {
870
case 128: /* --debug */
818
case 128:
871
819
debug = true;
872
820
break;
873
case 'c': /* --connect */
821
case 'c':
874
822
connect_to = arg;
875
823
break;
876
case 'i': /* --interface */
824
case 'i':
877
825
interface = arg;
878
826
break;
879
case 's': /* --seckey */
880
seckey = arg;
881
break;
882
case 'p': /* --pubkey */
883
pubkey = arg;
884
break;
885
case 129: /* --dh-bits */
886
ret = sscanf(arg, "%u", &mc.dh_bits);
887
if(ret == 0 or mc.dh_bits == 0){
888
fprintf(stderr, "Bad number of DH bits\n");
827
case 'd':
828
keydir = arg;
829
break;
830
case 's':
831
seckeyname = arg;
832
break;
833
case 'p':
834
pubkeyname = arg;
835
break;
836
case 129:
837
errno = 0;
838
mc.dh_bits = (unsigned int) strtol(arg, NULL, 10);
839
if (errno){
840
perror("strtol");
889
841
exit(EXIT_FAILURE);
890
842
}
891
843
break;
892
case 130: /* --priority */
844
case 130:
893
845
mc.priority = arg;
894
846
break;
895
847
case ARGP_KEY_ARG:
901
853
}
902
854
return 0;
903
855
}
904
856
905
857
struct argp argp = { .options = options, .parser = parse_opt,
906
858
.args_doc = "",
907
859
.doc = "Mandos client -- Get and decrypt"
908
" passwords from a Mandos server" };
860
" passwords from mandos server" };
909
861
ret = argp_parse (&argp, argc, argv, 0, 0, NULL);
910
862
if (ret == ARGP_ERR_UNKNOWN){
911
863
fprintf(stderr, "Unknown error while parsing arguments\n");
913
865
goto end;
914
866
}
915
867
}
868
869
pubkeyfilename = combinepath(keydir, pubkeyname);
870
if (pubkeyfilename == NULL){
871
perror("combinepath");
872
exitcode = EXIT_FAILURE;
873
goto end;
874
}
875
876
seckeyfilename = combinepath(keydir, seckeyname);
877
if (seckeyfilename == NULL){
878
perror("combinepath");
879
exitcode = EXIT_FAILURE;
880
goto end;
881
}
882
883
ret = init_gnutls_global(&mc, pubkeyfilename, seckeyfilename);
884
if (ret == -1){
885
fprintf(stderr, "init_gnutls_global failed\n");
886
exitcode = EXIT_FAILURE;
887
goto end;
888
} else {
889
gnutls_initalized = true;
890
}
916
891
917
892
/* If the interface is down, bring it up */
918
893
{
922
897
exitcode = EXIT_FAILURE;
923
898
goto end;
924
899
}
925
strcpy(network.ifr_name, interface);
900
strcpy(network.ifr_name, interface); /* Spurious warning */
926
901
ret = ioctl(sd, SIOCGIFFLAGS, &network);
927
902
if(ret == -1){
928
903
perror("ioctl SIOCGIFFLAGS");
938
913
goto end;
939
914
}
940
915
}
941
ret = (int)TEMP_FAILURE_RETRY(close(sd));
942
if(ret == -1){
943
perror("close");
944
}
916
close(sd);
945
917
}
946
918
947
919
uid = getuid();
957
929
perror("setgid");
958
930
}
959
931
960
ret = init_gnutls_global(&mc, pubkey, seckey);
961
if (ret == -1){
962
fprintf(stderr, "init_gnutls_global failed\n");
963
exitcode = EXIT_FAILURE;
964
goto end;
965
} else {
966
gnutls_initalized = true;
967
}
968
969
if(mkdtemp(tempdir) == NULL){
970
perror("mkdtemp");
971
tempdir[0] = '\0';
972
goto end;
973
}
974
975
if(not init_gpgme(&mc, pubkey, seckey, tempdir)){
976
fprintf(stderr, "gpgme_initalized failed\n");
977
exitcode = EXIT_FAILURE;
978
goto end;
979
} else {
980
gpgme_initalized = true;
981
}
982
983
932
if_index = (AvahiIfIndex) if_nametoindex(interface);
984
933
if(if_index == 0){
985
934
fprintf(stderr, "No such interface: \"%s\"\n", interface);
995
944
exitcode = EXIT_FAILURE;
996
945
goto end;
997
946
}
998
uint16_t port;
999
ret = sscanf(address+1, "%" SCNu16, &port);
1000
if(ret == 0 or port == 0){
1001
fprintf(stderr, "Bad port number\n");
947
errno = 0;
948
uint16_t port = (uint16_t) strtol(address+1, NULL, 10);
949
if(errno){
950
perror("Bad port number");
1002
951
exitcode = EXIT_FAILURE;
1003
952
goto end;
1004
953
}
1028
977
exitcode = EXIT_FAILURE;
1029
978
goto end;
1030
979
}
1031
980
1032
981
{
1033
982
AvahiServerConfig config;
1034
983
/* Do not publish any local Zeroconf records */
1037
986
config.publish_addresses = 0;
1038
987
config.publish_workstation = 0;
1039
988
config.publish_domain = 0;
1040
989
1041
990
/* Allocate a new server */
1042
991
mc.server = avahi_server_new(avahi_simple_poll_get
1043
992
(mc.simple_poll), &config, NULL,
1044
993
NULL, &error);
1045
994
1046
995
/* Free the Avahi configuration data */
1047
996
avahi_server_config_free(&config);
1048
997
}
1068
1017
}
1069
1018
1070
1019
/* Run the main loop */
1071
1020
1072
1021
if (debug){
1073
1022
fprintf(stderr, "Starting Avahi loop search\n");
1074
1023
}
1076
1025
avahi_simple_poll_loop(mc.simple_poll);
1077
1026
1078
1027
end:
1079
1028
1080
1029
if (debug){
1081
1030
fprintf(stderr, "%s exiting\n", argv[0]);
1082
1031
}
1087
1036
1088
1037
if (mc.server != NULL)
1089
1038
avahi_server_free(mc.server);
1090
1039
1091
1040
if (mc.simple_poll != NULL)
1092
1041
avahi_simple_poll_free(mc.simple_poll);
1093
1042
free(pubkeyfilename);
1043
free(seckeyfilename);
1044
1094
1045
if (gnutls_initalized){
1095
1046
gnutls_certificate_free_credentials(mc.cred);
1096
1047
gnutls_global_deinit ();
1097
gnutls_dh_params_deinit(mc.dh_params);
1098
}
1099
1100
if(gpgme_initalized){
1101
gpgme_release(mc.ctx);
1102
}
1103
1104
/* Removes the temp directory used by GPGME */
1105
if(tempdir[0] != '\0'){
1106
DIR *d;
1107
struct dirent *direntry;
1108
d = opendir(tempdir);
1109
if(d == NULL){
1110
if(errno != ENOENT){
1111
perror("opendir");
1112
}
1113
} else {
1114
while(true){
1115
direntry = readdir(d);
1116
if(direntry == NULL){
1117
break;
1118
}
1119
if (direntry->d_type == DT_REG){
1120
char *fullname = NULL;
1121
ret = asprintf(&fullname, "%s/%s", tempdir,
1122
direntry->d_name);
1123
if(ret < 0){
1124
perror("asprintf");
1125
continue;
1126
}
1127
ret = unlink(fullname);
1128
if(ret == -1){
1129
fprintf(stderr, "unlink(\"%s\"): %s",
1130
fullname, strerror(errno));
1131
}
1132
free(fullname);
1133
}
1134
}
1135
closedir(d);
1136
}
1137
ret = rmdir(tempdir);
1138
if(ret == -1 and errno != ENOENT){
1139
perror("rmdir");
1140
}
1141
}
1142
1048
}
1049
1143
1050
return exitcode;
1144
1051
}
Loggerhead is a web-based interface for Breezy
Version: 2.0.2.dev0