/mandos/trunk

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/trunk
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
1
/*  -*- coding: utf-8 -*- */
2
/*
3
 * Mandos client - get and decrypt data from a Mandos server
4
 *
5
 * This program is partly derived from an example program for an Avahi
6
 * service browser, downloaded from
7
 * <http://avahi.org/browser/examples/core-browse-services.c>.  This
8
 * includes the following functions: "resolve_callback",
9
 * "browse_callback", and parts of "main".
10
 * 
28 by Teddy Hogeborn
* server.conf: New file.
11
 * Everything else is
12
 * Copyright © 2007-2008 Teddy Hogeborn & Björn Påhlsson
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
13
 * 
14
 * This program is free software: you can redistribute it and/or
15
 * modify it under the terms of the GNU General Public License as
16
 * published by the Free Software Foundation, either version 3 of the
17
 * License, or (at your option) any later version.
18
 * 
19
 * This program is distributed in the hope that it will be useful, but
20
 * WITHOUT ANY WARRANTY; without even the implied warranty of
21
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
22
 * General Public License for more details.
23
 * 
24
 * You should have received a copy of the GNU General Public License
25
 * along with this program.  If not, see
26
 * <http://www.gnu.org/licenses/>.
27
 * 
31 by Teddy Hogeborn
* plugins.d/plugbasedclient.c: Update include file comments.
28
 * Contact the authors at <mandos@fukt.bsnet.se>.
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
29
 */
30
28 by Teddy Hogeborn
* server.conf: New file.
31
/* Needed by GPGME, specifically gpgme_data_seek() */
13 by Björn Påhlsson
Added following support:
32
#define _LARGEFILE_SOURCE
33
#define _FILE_OFFSET_BITS 64
34
35
#include <stdio.h>
36
#include <assert.h>
37
#include <stdlib.h>
38
#include <time.h>
39
#include <net/if.h>		/* if_nametoindex */
24.1.6 by Björn Påhlsson
plugbasedclient
40
#include <sys/ioctl.h> 		// ioctl, ifreq, SIOCGIFFLAGS, IFF_UP, SIOCSIFFLAGS
41
#include <net/if.h> 		// ioctl, ifreq, SIOCGIFFLAGS, IFF_UP, SIOCSIFFLAGS
13 by Björn Påhlsson
Added following support:
42
43
#include <avahi-core/core.h>
44
#include <avahi-core/lookup.h>
45
#include <avahi-core/log.h>
46
#include <avahi-common/simple-watch.h>
47
#include <avahi-common/malloc.h>
48
#include <avahi-common/error.h>
49
50
//mandos client part
22 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Cast "0" argument to
51
#include <sys/types.h>		/* socket(), inet_pton() */
52
#include <sys/socket.h>		/* socket(), struct sockaddr_in6,
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
53
				   struct in6_addr, inet_pton() */
54
#include <gnutls/gnutls.h>	/* All GnuTLS stuff */
55
#include <gnutls/openpgp.h>	/* GnuTLS with openpgp stuff */
13 by Björn Påhlsson
Added following support:
56
57
#include <unistd.h>		/* close() */
58
#include <netinet/in.h>
59
#include <stdbool.h>		/* true */
60
#include <string.h>		/* memset */
61
#include <arpa/inet.h>		/* inet_pton() */
62
#include <iso646.h>		/* not */
63
64
// gpgme
65
#include <errno.h>		/* perror() */
66
#include <gpgme.h>
67
15.1.3 by Björn Påhlsson
Added getopt_long support for mandosclient and passprompt
68
// getopt long
69
#include <getopt.h>
13 by Björn Påhlsson
Added following support:
70
71
#define BUFFER_SIZE 256
72
#define DH_BITS 1024
73
36 by Teddy Hogeborn
* TODO: Converted to org-mode style
74
static const char *certdir = "/conf/conf.d/mandos";
75
static const char *certfile = "openpgp-client.txt";
76
static const char *certkey = "openpgp-client-key.txt";
24.1.4 by Björn Påhlsson
Added optional parameters certdir, certkey and certfile that can be iven at start in the command line.
77
15.1.2 by Björn Påhlsson
Added debug options from passprompt as --debug and --debug=passprompt
78
bool debug = false;
15.1.1 by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient
79
13 by Björn Påhlsson
Added following support:
80
typedef struct {
81
  gnutls_session_t session;
82
  gnutls_certificate_credentials_t cred;
83
  gnutls_dh_params_t dh_params;
84
} encrypted_session;
85
86
36 by Teddy Hogeborn
* TODO: Converted to org-mode style
87
static ssize_t pgp_packet_decrypt (char *packet, size_t packet_size,
88
				   char **new_packet,
89
				   const char *homedir){
13 by Björn Påhlsson
Added following support:
90
  gpgme_data_t dh_crypto, dh_plain;
91
  gpgme_ctx_t ctx;
92
  gpgme_error_t rc;
93
  ssize_t ret;
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
94
  ssize_t new_packet_capacity = 0;
95
  ssize_t new_packet_length = 0;
13 by Björn Påhlsson
Added following support:
96
  gpgme_engine_info_t engine_info;
97
15.1.1 by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient
98
  if (debug){
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
99
    fprintf(stderr, "Trying to decrypt OpenPGP packet\n");
15.1.1 by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient
100
  }
101
  
13 by Björn Påhlsson
Added following support:
102
  /* Init GPGME */
103
  gpgme_check_version(NULL);
24.1.4 by Björn Påhlsson
Added optional parameters certdir, certkey and certfile that can be iven at start in the command line.
104
  rc = gpgme_engine_check_version(GPGME_PROTOCOL_OpenPGP);
105
  if (rc != GPG_ERR_NO_ERROR){
106
    fprintf(stderr, "bad gpgme_engine_check_version: %s: %s\n",
107
	    gpgme_strsource(rc), gpgme_strerror(rc));
108
    return -1;
109
  }
13 by Björn Påhlsson
Added following support:
110
  
111
  /* Set GPGME home directory */
112
  rc = gpgme_get_engine_info (&engine_info);
113
  if (rc != GPG_ERR_NO_ERROR){
114
    fprintf(stderr, "bad gpgme_get_engine_info: %s: %s\n",
115
	    gpgme_strsource(rc), gpgme_strerror(rc));
116
    return -1;
117
  }
118
  while(engine_info != NULL){
119
    if(engine_info->protocol == GPGME_PROTOCOL_OpenPGP){
120
      gpgme_set_engine_info(GPGME_PROTOCOL_OpenPGP,
121
			    engine_info->file_name, homedir);
122
      break;
123
    }
124
    engine_info = engine_info->next;
125
  }
126
  if(engine_info == NULL){
127
    fprintf(stderr, "Could not set home dir to %s\n", homedir);
128
    return -1;
129
  }
130
  
131
  /* Create new GPGME data buffer from packet buffer */
132
  rc = gpgme_data_new_from_mem(&dh_crypto, packet, packet_size, 0);
133
  if (rc != GPG_ERR_NO_ERROR){
134
    fprintf(stderr, "bad gpgme_data_new_from_mem: %s: %s\n",
135
	    gpgme_strsource(rc), gpgme_strerror(rc));
136
    return -1;
137
  }
138
  
139
  /* Create new empty GPGME data buffer for the plaintext */
140
  rc = gpgme_data_new(&dh_plain);
141
  if (rc != GPG_ERR_NO_ERROR){
142
    fprintf(stderr, "bad gpgme_data_new: %s: %s\n",
143
	    gpgme_strsource(rc), gpgme_strerror(rc));
144
    return -1;
145
  }
146
  
147
  /* Create new GPGME "context" */
148
  rc = gpgme_new(&ctx);
149
  if (rc != GPG_ERR_NO_ERROR){
150
    fprintf(stderr, "bad gpgme_new: %s: %s\n",
151
	    gpgme_strsource(rc), gpgme_strerror(rc));
152
    return -1;
153
  }
154
  
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
155
  /* Decrypt data from the FILE pointer to the plaintext data
156
     buffer */
13 by Björn Påhlsson
Added following support:
157
  rc = gpgme_op_decrypt(ctx, dh_crypto, dh_plain);
158
  if (rc != GPG_ERR_NO_ERROR){
159
    fprintf(stderr, "bad gpgme_op_decrypt: %s: %s\n",
160
	    gpgme_strsource(rc), gpgme_strerror(rc));
161
    return -1;
162
  }
15.1.1 by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient
163
164
  if(debug){
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
165
    fprintf(stderr, "Decryption of OpenPGP packet succeeded\n");
15.1.1 by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient
166
  }
167
168
  if (debug){
169
    gpgme_decrypt_result_t result;
170
    result = gpgme_op_decrypt_result(ctx);
171
    if (result == NULL){
172
      fprintf(stderr, "gpgme_op_decrypt_result failed\n");
173
    } else {
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
174
      fprintf(stderr, "Unsupported algorithm: %s\n",
175
	      result->unsupported_algorithm);
176
      fprintf(stderr, "Wrong key usage: %d\n",
177
	      result->wrong_key_usage);
15.1.1 by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient
178
      if(result->file_name != NULL){
179
	fprintf(stderr, "File name: %s\n", result->file_name);
180
      }
181
      gpgme_recipient_t recipient;
182
      recipient = result->recipients;
183
      if(recipient){
184
	while(recipient != NULL){
185
	  fprintf(stderr, "Public key algorithm: %s\n",
186
		  gpgme_pubkey_algo_name(recipient->pubkey_algo));
187
	  fprintf(stderr, "Key ID: %s\n", recipient->keyid);
188
	  fprintf(stderr, "Secret key available: %s\n",
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
189
		  recipient->status == GPG_ERR_NO_SECKEY
190
		  ? "No" : "Yes");
15.1.1 by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient
191
	  recipient = recipient->next;
192
	}
193
      }
194
    }
195
  }
13 by Björn Påhlsson
Added following support:
196
  
197
  /* Delete the GPGME FILE pointer cryptotext data buffer */
198
  gpgme_data_release(dh_crypto);
199
  
200
  /* Seek back to the beginning of the GPGME plaintext data buffer */
24.1.5 by Björn Påhlsson
plugbasedclient:
201
  if (gpgme_data_seek(dh_plain, (off_t) 0, SEEK_SET) == -1){
202
    perror("pgpme_data_seek");
203
  }
204
  
13 by Björn Påhlsson
Added following support:
205
  *new_packet = 0;
206
  while(true){
207
    if (new_packet_length + BUFFER_SIZE > new_packet_capacity){
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
208
      *new_packet = realloc(*new_packet,
209
			    (unsigned int)new_packet_capacity
210
			    + BUFFER_SIZE);
13 by Björn Påhlsson
Added following support:
211
      if (*new_packet == NULL){
212
	perror("realloc");
213
	return -1;
214
      }
215
      new_packet_capacity += BUFFER_SIZE;
216
    }
217
    
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
218
    ret = gpgme_data_read(dh_plain, *new_packet + new_packet_length,
219
			  BUFFER_SIZE);
13 by Björn Påhlsson
Added following support:
220
    /* Print the data, if any */
221
    if (ret == 0){
222
      break;
223
    }
224
    if(ret < 0){
225
      perror("gpgme_data_read");
226
      return -1;
227
    }
228
    new_packet_length += ret;
229
  }
230
15.1.3 by Björn Påhlsson
Added getopt_long support for mandosclient and passprompt
231
  /* FIXME: check characters before printing to screen so to not print
232
     terminal control characters */
233
  /*   if(debug){ */
234
  /*     fprintf(stderr, "decrypted password is: "); */
235
  /*     fwrite(*new_packet, 1, new_packet_length, stderr); */
236
  /*     fprintf(stderr, "\n"); */
237
  /*   } */
238
  
239
  /* Delete the GPGME plaintext data buffer */
13 by Björn Påhlsson
Added following support:
240
  gpgme_data_release(dh_plain);
241
  return new_packet_length;
242
}
243
244
static const char * safer_gnutls_strerror (int value) {
245
  const char *ret = gnutls_strerror (value);
246
  if (ret == NULL)
247
    ret = "(unknown)";
248
  return ret;
249
}
250
36 by Teddy Hogeborn
* TODO: Converted to org-mode style
251
static void debuggnutls(__attribute__((unused)) int level,
252
			const char* string){
13 by Björn Påhlsson
Added following support:
253
  fprintf(stderr, "%s", string);
254
}
255
36 by Teddy Hogeborn
* TODO: Converted to org-mode style
256
static int initgnutls(encrypted_session *es){
13 by Björn Påhlsson
Added following support:
257
  const char *err;
258
  int ret;
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
259
  
15.1.1 by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient
260
  if(debug){
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
261
    fprintf(stderr, "Initializing GnuTLS\n");
15.1.1 by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient
262
  }
24.1.4 by Björn Påhlsson
Added optional parameters certdir, certkey and certfile that can be iven at start in the command line.
263
13 by Björn Påhlsson
Added following support:
264
  if ((ret = gnutls_global_init ())
265
      != GNUTLS_E_SUCCESS) {
266
    fprintf (stderr, "global_init: %s\n", safer_gnutls_strerror(ret));
267
    return -1;
268
  }
269
15.1.1 by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient
270
  if (debug){
271
    gnutls_global_set_log_level(11);
272
    gnutls_global_set_log_function(debuggnutls);
273
  }
274
  
13 by Björn Påhlsson
Added following support:
275
  /* openpgp credentials */
276
  if ((ret = gnutls_certificate_allocate_credentials (&es->cred))
277
      != GNUTLS_E_SUCCESS) {
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
278
    fprintf (stderr, "memory error: %s\n",
279
	     safer_gnutls_strerror(ret));
13 by Björn Påhlsson
Added following support:
280
    return -1;
281
  }
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
282
  
15.1.1 by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient
283
  if(debug){
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
284
    fprintf(stderr, "Attempting to use OpenPGP certificate %s"
24.1.4 by Björn Påhlsson
Added optional parameters certdir, certkey and certfile that can be iven at start in the command line.
285
	    " and keyfile %s as GnuTLS credentials\n", certfile,
286
	    certkey);
15.1.1 by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient
287
  }
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
288
  
13 by Björn Påhlsson
Added following support:
289
  ret = gnutls_certificate_set_openpgp_key_file
24.1.4 by Björn Påhlsson
Added optional parameters certdir, certkey and certfile that can be iven at start in the command line.
290
    (es->cred, certfile, certkey, GNUTLS_OPENPGP_FMT_BASE64);
13 by Björn Påhlsson
Added following support:
291
  if (ret != GNUTLS_E_SUCCESS) {
292
    fprintf
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
293
      (stderr, "Error[%d] while reading the OpenPGP key pair ('%s',"
294
       " '%s')\n",
24.1.4 by Björn Påhlsson
Added optional parameters certdir, certkey and certfile that can be iven at start in the command line.
295
       ret, certfile, certkey);
13 by Björn Påhlsson
Added following support:
296
    fprintf(stdout, "The Error is: %s\n",
297
	    safer_gnutls_strerror(ret));
298
    return -1;
299
  }
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
300
  
301
  //GnuTLS server initialization
13 by Björn Påhlsson
Added following support:
302
  if ((ret = gnutls_dh_params_init (&es->dh_params))
303
      != GNUTLS_E_SUCCESS) {
304
    fprintf (stderr, "Error in dh parameter initialization: %s\n",
305
	     safer_gnutls_strerror(ret));
306
    return -1;
307
  }
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
308
  
13 by Björn Påhlsson
Added following support:
309
  if ((ret = gnutls_dh_params_generate2 (es->dh_params, DH_BITS))
310
      != GNUTLS_E_SUCCESS) {
311
    fprintf (stderr, "Error in prime generation: %s\n",
312
	     safer_gnutls_strerror(ret));
313
    return -1;
314
  }
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
315
  
13 by Björn Påhlsson
Added following support:
316
  gnutls_certificate_set_dh_params (es->cred, es->dh_params);
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
317
  
318
  // GnuTLS session creation
13 by Björn Påhlsson
Added following support:
319
  if ((ret = gnutls_init (&es->session, GNUTLS_SERVER))
320
      != GNUTLS_E_SUCCESS){
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
321
    fprintf(stderr, "Error in GnuTLS session initialization: %s\n",
13 by Björn Påhlsson
Added following support:
322
	    safer_gnutls_strerror(ret));
323
  }
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
324
  
13 by Björn Påhlsson
Added following support:
325
  if ((ret = gnutls_priority_set_direct (es->session, "NORMAL", &err))
326
      != GNUTLS_E_SUCCESS) {
327
    fprintf(stderr, "Syntax error at: %s\n", err);
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
328
    fprintf(stderr, "GnuTLS error: %s\n",
13 by Björn Påhlsson
Added following support:
329
	    safer_gnutls_strerror(ret));
330
    return -1;
331
  }
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
332
  
13 by Björn Påhlsson
Added following support:
333
  if ((ret = gnutls_credentials_set
334
       (es->session, GNUTLS_CRD_CERTIFICATE, es->cred))
335
      != GNUTLS_E_SUCCESS) {
336
    fprintf(stderr, "Error setting a credentials set: %s\n",
337
	    safer_gnutls_strerror(ret));
338
    return -1;
339
  }
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
340
  
13 by Björn Påhlsson
Added following support:
341
  /* ignore client certificate if any. */
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
342
  gnutls_certificate_server_set_request (es->session,
343
					 GNUTLS_CERT_IGNORE);
13 by Björn Påhlsson
Added following support:
344
  
345
  gnutls_dh_set_prime_bits (es->session, DH_BITS);
346
  
347
  return 0;
348
}
349
36 by Teddy Hogeborn
* TODO: Converted to org-mode style
350
static void empty_log(__attribute__((unused)) AvahiLogLevel level,
351
		      __attribute__((unused)) const char *txt){}
13 by Björn Påhlsson
Added following support:
352
36 by Teddy Hogeborn
* TODO: Converted to org-mode style
353
static int start_mandos_communication(const char *ip, uint16_t port,
354
				      AvahiIfIndex if_index){
13 by Björn Påhlsson
Added following support:
355
  int ret, tcp_sd;
356
  struct sockaddr_in6 to;
357
  encrypted_session es;
358
  char *buffer = NULL;
359
  char *decrypted_buffer;
360
  size_t buffer_length = 0;
361
  size_t buffer_capacity = 0;
362
  ssize_t decrypted_buffer_size;
22 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Cast "0" argument to
363
  size_t written = 0;
13 by Björn Påhlsson
Added following support:
364
  int retval = 0;
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
365
  char interface[IF_NAMESIZE];
366
  
15.1.1 by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient
367
  if(debug){
28 by Teddy Hogeborn
* server.conf: New file.
368
    fprintf(stderr, "Setting up a tcp connection to %s, port %d\n",
369
	    ip, port);
15.1.1 by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient
370
  }
13 by Björn Påhlsson
Added following support:
371
  
372
  tcp_sd = socket(PF_INET6, SOCK_STREAM, 0);
373
  if(tcp_sd < 0) {
374
    perror("socket");
375
    return -1;
376
  }
24.1.6 by Björn Påhlsson
plugbasedclient
377
378
  if(debug){
24.1.7 by Björn Påhlsson
merge
379
    if(if_indextoname((unsigned int)if_index, interface) == NULL){
24.1.6 by Björn Påhlsson
plugbasedclient
380
      if(debug){
381
	perror("if_indextoname");
382
      }
383
      return -1;
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
384
    }
24.1.6 by Björn Påhlsson
plugbasedclient
385
    
15.1.1 by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient
386
    fprintf(stderr, "Binding to interface %s\n", interface);
387
  }
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
388
  
22 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Cast "0" argument to
389
  memset(&to,0,sizeof(to));	/* Spurious warning */
13 by Björn Påhlsson
Added following support:
390
  to.sin6_family = AF_INET6;
18 by Teddy Hogeborn
* plugins.d/Makefile: Removed
391
  ret = inet_pton(AF_INET6, ip, &to.sin6_addr);
13 by Björn Påhlsson
Added following support:
392
  if (ret < 0 ){
393
    perror("inet_pton");
394
    return -1;
395
  }  
396
  if(ret == 0){
397
    fprintf(stderr, "Bad address: %s\n", ip);
398
    return -1;
399
  }
22 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Cast "0" argument to
400
  to.sin6_port = htons(port);	/* Spurious warning */
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
401
  
402
  to.sin6_scope_id = (uint32_t)if_index;
403
  
15.1.1 by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient
404
  if(debug){
28 by Teddy Hogeborn
* server.conf: New file.
405
    fprintf(stderr, "Connection to: %s, port %d\n", ip, port);
406
/*     char addrstr[INET6_ADDRSTRLEN]; */
407
/*     if(inet_ntop(to.sin6_family, &(to.sin6_addr), addrstr, */
408
/* 		 sizeof(addrstr)) == NULL){ */
409
/*       perror("inet_ntop"); */
410
/*     } else { */
411
/*       fprintf(stderr, "Really connecting to: %s, port %d\n", */
412
/* 	      addrstr, ntohs(to.sin6_port)); */
413
/*     } */
15.1.1 by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient
414
  }
13 by Björn Påhlsson
Added following support:
415
  
416
  ret = connect(tcp_sd, (struct sockaddr *) &to, sizeof(to));
417
  if (ret < 0){
418
    perror("connect");
419
    return -1;
420
  }
421
  
422
  ret = initgnutls (&es);
423
  if (ret != 0){
424
    retval = -1;
425
    return -1;
426
  }
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
427
  
428
  gnutls_transport_set_ptr (es.session,
429
			    (gnutls_transport_ptr_t) tcp_sd);
430
  
15.1.1 by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient
431
  if(debug){
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
432
    fprintf(stderr, "Establishing TLS session with %s\n", ip);
15.1.1 by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient
433
  }
434
  
13 by Björn Påhlsson
Added following support:
435
  ret = gnutls_handshake (es.session);
436
  
437
  if (ret != GNUTLS_E_SUCCESS){
25 by Teddy Hogeborn
* mandos-clients.conf ([DEFAULT]): New section.
438
    if(debug){
439
      fprintf(stderr, "\n*** Handshake failed ***\n");
440
      gnutls_perror (ret);
441
    }
13 by Björn Påhlsson
Added following support:
442
    retval = -1;
443
    goto exit;
444
  }
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
445
  
446
  //Retrieve OpenPGP packet that contains the wanted password
447
  
15.1.1 by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient
448
  if(debug){
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
449
    fprintf(stderr, "Retrieving pgp encrypted password from %s\n",
450
	    ip);
15.1.1 by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient
451
  }
452
13 by Björn Påhlsson
Added following support:
453
  while(true){
454
    if (buffer_length + BUFFER_SIZE > buffer_capacity){
455
      buffer = realloc(buffer, buffer_capacity + BUFFER_SIZE);
456
      if (buffer == NULL){
457
	perror("realloc");
458
	goto exit;
459
      }
460
      buffer_capacity += BUFFER_SIZE;
461
    }
462
    
463
    ret = gnutls_record_recv
464
      (es.session, buffer+buffer_length, BUFFER_SIZE);
465
    if (ret == 0){
466
      break;
467
    }
468
    if (ret < 0){
469
      switch(ret){
470
      case GNUTLS_E_INTERRUPTED:
471
      case GNUTLS_E_AGAIN:
472
	break;
473
      case GNUTLS_E_REHANDSHAKE:
474
	ret = gnutls_handshake (es.session);
475
	if (ret < 0){
476
	  fprintf(stderr, "\n*** Handshake failed ***\n");
477
	  gnutls_perror (ret);
478
	  retval = -1;
479
	  goto exit;
480
	}
481
	break;
482
      default:
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
483
	fprintf(stderr, "Unknown error while reading data from"
484
		" encrypted session with mandos server\n");
13 by Björn Påhlsson
Added following support:
485
	retval = -1;
486
	gnutls_bye (es.session, GNUTLS_SHUT_RDWR);
487
	goto exit;
488
      }
489
    } else {
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
490
      buffer_length += (size_t) ret;
13 by Björn Påhlsson
Added following support:
491
    }
492
  }
15.1.1 by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient
493
  
13 by Björn Påhlsson
Added following support:
494
  if (buffer_length > 0){
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
495
    decrypted_buffer_size = pgp_packet_decrypt(buffer,
496
					       buffer_length,
497
					       &decrypted_buffer,
24.1.4 by Björn Påhlsson
Added optional parameters certdir, certkey and certfile that can be iven at start in the command line.
498
					       certdir);
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
499
    if (decrypted_buffer_size >= 0){
28 by Teddy Hogeborn
* server.conf: New file.
500
      while(written < (size_t) decrypted_buffer_size){
22 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Cast "0" argument to
501
	ret = (int)fwrite (decrypted_buffer + written, 1,
502
			   (size_t)decrypted_buffer_size - written,
503
			   stdout);
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
504
	if(ret == 0 and ferror(stdout)){
505
	  if(debug){
506
	    fprintf(stderr, "Error writing encrypted data: %s\n",
507
		    strerror(errno));
508
	  }
509
	  retval = -1;
510
	  break;
511
	}
22 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Cast "0" argument to
512
	written += (size_t)ret;
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
513
      }
13 by Björn Påhlsson
Added following support:
514
      free(decrypted_buffer);
15.1.1 by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient
515
    } else {
516
      retval = -1;
13 by Björn Påhlsson
Added following support:
517
    }
518
  }
519
15.1.1 by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient
520
  //shutdown procedure
521
522
  if(debug){
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
523
    fprintf(stderr, "Closing TLS session\n");
15.1.1 by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient
524
  }
525
13 by Björn Påhlsson
Added following support:
526
  free(buffer);
527
  gnutls_bye (es.session, GNUTLS_SHUT_RDWR);
528
 exit:
529
  close(tcp_sd);
530
  gnutls_deinit (es.session);
531
  gnutls_certificate_free_credentials (es.cred);
532
  gnutls_global_deinit ();
533
  return retval;
534
}
535
536
static AvahiSimplePoll *simple_poll = NULL;
537
static AvahiServer *server = NULL;
538
539
static void resolve_callback(
540
    AvahiSServiceResolver *r,
22 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Cast "0" argument to
541
    AvahiIfIndex interface,
13 by Björn Påhlsson
Added following support:
542
    AVAHI_GCC_UNUSED AvahiProtocol protocol,
543
    AvahiResolverEvent event,
544
    const char *name,
545
    const char *type,
546
    const char *domain,
547
    const char *host_name,
548
    const AvahiAddress *address,
549
    uint16_t port,
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
550
    AVAHI_GCC_UNUSED AvahiStringList *txt,
551
    AVAHI_GCC_UNUSED AvahiLookupResultFlags flags,
13 by Björn Påhlsson
Added following support:
552
    AVAHI_GCC_UNUSED void* userdata) {
553
    
22 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Cast "0" argument to
554
  assert(r);			/* Spurious warning */
555
  
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
556
  /* Called whenever a service has been resolved successfully or
557
     timed out */
22 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Cast "0" argument to
558
  
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
559
  switch (event) {
560
  default:
561
  case AVAHI_RESOLVER_FAILURE:
562
    fprintf(stderr, "(Resolver) Failed to resolve service '%s' of"
563
	    " type '%s' in domain '%s': %s\n", name, type, domain,
564
	    avahi_strerror(avahi_server_errno(server)));
565
    break;
22 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Cast "0" argument to
566
    
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
567
  case AVAHI_RESOLVER_FOUND:
568
    {
569
      char ip[AVAHI_ADDRESS_STR_MAX];
570
      avahi_address_snprint(ip, sizeof(ip), address);
571
      if(debug){
25 by Teddy Hogeborn
* mandos-clients.conf ([DEFAULT]): New section.
572
	fprintf(stderr, "Mandos server \"%s\" found on %s (%s) on"
573
		" port %d\n", name, host_name, ip, port);
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
574
      }
29 by Teddy Hogeborn
* plugins.d/mandosclient.c (start_mandos_communication): Changed
575
      int ret = start_mandos_communication(ip, port, interface);
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
576
      if (ret == 0){
577
	exit(EXIT_SUCCESS);
578
      }
13 by Björn Påhlsson
Added following support:
579
    }
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
580
  }
581
  avahi_s_service_resolver_free(r);
13 by Björn Påhlsson
Added following support:
582
}
583
584
static void browse_callback(
585
    AvahiSServiceBrowser *b,
586
    AvahiIfIndex interface,
587
    AvahiProtocol protocol,
588
    AvahiBrowserEvent event,
589
    const char *name,
590
    const char *type,
591
    const char *domain,
592
    AVAHI_GCC_UNUSED AvahiLookupResultFlags flags,
593
    void* userdata) {
594
    
595
    AvahiServer *s = userdata;
22 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Cast "0" argument to
596
    assert(b);			/* Spurious warning */
597
    
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
598
    /* Called whenever a new services becomes available on the LAN or
599
       is removed from the LAN */
22 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Cast "0" argument to
600
    
13 by Björn Påhlsson
Added following support:
601
    switch (event) {
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
602
    default:
603
    case AVAHI_BROWSER_FAILURE:
604
      
605
      fprintf(stderr, "(Browser) %s\n",
606
	      avahi_strerror(avahi_server_errno(server)));
607
      avahi_simple_poll_quit(simple_poll);
608
      return;
609
      
610
    case AVAHI_BROWSER_NEW:
611
      /* We ignore the returned resolver object. In the callback
612
	 function we free it. If the server is terminated before
613
	 the callback function is called the server will free
614
	 the resolver for us. */
615
      
616
      if (!(avahi_s_service_resolver_new(s, interface, protocol, name,
617
					 type, domain,
618
					 AVAHI_PROTO_INET6, 0,
619
					 resolve_callback, s)))
620
	fprintf(stderr, "Failed to resolve service '%s': %s\n", name,
621
		avahi_strerror(avahi_server_errno(s)));
622
      break;
623
      
624
    case AVAHI_BROWSER_REMOVE:
625
      break;
626
      
627
    case AVAHI_BROWSER_ALL_FOR_NOW:
628
    case AVAHI_BROWSER_CACHE_EXHAUSTED:
629
      break;
13 by Björn Påhlsson
Added following support:
630
    }
631
}
632
36 by Teddy Hogeborn
* TODO: Converted to org-mode style
633
/* Combines file name and path and returns the malloced new
634
   string. some sane checks could/should be added */
635
static const char *combinepath(const char *first, const char *second){
636
  size_t f_len = strlen(first);
637
  size_t s_len = strlen(second);
638
  char *tmp = malloc(f_len + s_len + 2);
24.1.4 by Björn Påhlsson
Added optional parameters certdir, certkey and certfile that can be iven at start in the command line.
639
  if (tmp == NULL){
640
    return NULL;
641
  }
36 by Teddy Hogeborn
* TODO: Converted to org-mode style
642
  if(f_len > 0){
643
    memcpy(tmp, first, f_len);
644
  }
645
  tmp[f_len] = '/';
646
  if(s_len > 0){
647
    memcpy(tmp + f_len + 1, second, s_len);
648
  }
649
  tmp[f_len + 1 + s_len] = '\0';
24.1.4 by Björn Påhlsson
Added optional parameters certdir, certkey and certfile that can be iven at start in the command line.
650
  return tmp;
651
}
652
653
13 by Björn Påhlsson
Added following support:
654
int main(AVAHI_GCC_UNUSED int argc, AVAHI_GCC_UNUSED char*argv[]) {
655
    AvahiServerConfig config;
656
    AvahiSServiceBrowser *sb = NULL;
657
    int error;
15.1.3 by Björn Påhlsson
Added getopt_long support for mandosclient and passprompt
658
    int ret;
15.1.1 by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient
659
    int returncode = EXIT_SUCCESS;
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
660
    const char *interface = "eth0";
24.1.6 by Björn Påhlsson
plugbasedclient
661
    struct ifreq network;
662
    int sd;
24.1.7 by Björn Påhlsson
merge
663
    char *connect_to = NULL;
29 by Teddy Hogeborn
* plugins.d/mandosclient.c (start_mandos_communication): Changed
664
    AvahiIfIndex if_index = AVAHI_IF_UNSPEC;
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
665
    
15.1.3 by Björn Påhlsson
Added getopt_long support for mandosclient and passprompt
666
    while (true){
667
      static struct option long_options[] = {
668
	{"debug", no_argument, (int *)&debug, 1},
30 by Teddy Hogeborn
Merge.
669
	{"connect", required_argument, 0, 'C'},
15.1.3 by Björn Påhlsson
Added getopt_long support for mandosclient and passprompt
670
	{"interface", required_argument, 0, 'i'},
24.1.4 by Björn Påhlsson
Added optional parameters certdir, certkey and certfile that can be iven at start in the command line.
671
	{"certdir", required_argument, 0, 'd'},
672
	{"certkey", required_argument, 0, 'c'},
673
	{"certfile", required_argument, 0, 'k'},
15.1.3 by Björn Påhlsson
Added getopt_long support for mandosclient and passprompt
674
	{0, 0, 0, 0} };
22 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Cast "0" argument to
675
      
15.1.3 by Björn Påhlsson
Added getopt_long support for mandosclient and passprompt
676
      int option_index = 0;
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
677
      ret = getopt_long (argc, argv, "i:", long_options,
678
			 &option_index);
22 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Cast "0" argument to
679
      
15.1.3 by Björn Påhlsson
Added getopt_long support for mandosclient and passprompt
680
      if (ret == -1){
681
	break;
682
      }
683
      
684
      switch(ret){
685
      case 0:
686
	break;
687
      case 'i':
688
	interface = optarg;
689
	break;
30 by Teddy Hogeborn
Merge.
690
      case 'C':
691
	connect_to = optarg;
692
	break;
24.1.4 by Björn Påhlsson
Added optional parameters certdir, certkey and certfile that can be iven at start in the command line.
693
      case 'd':
694
	certdir = optarg;
695
	break;
696
      case 'c':
697
	certfile = optarg;
698
	break;
699
      case 'k':
700
	certkey = optarg;
701
	break;
15.1.3 by Björn Påhlsson
Added getopt_long support for mandosclient and passprompt
702
      default:
703
	exit(EXIT_FAILURE);
704
      }
705
    }
36 by Teddy Hogeborn
* TODO: Converted to org-mode style
706
    
24.1.5 by Björn Påhlsson
plugbasedclient:
707
    certfile = combinepath(certdir, certfile);
24.1.4 by Björn Påhlsson
Added optional parameters certdir, certkey and certfile that can be iven at start in the command line.
708
    if (certfile == NULL){
36 by Teddy Hogeborn
* TODO: Converted to org-mode style
709
      perror("combinepath");
24.1.6 by Björn Påhlsson
plugbasedclient
710
      returncode = EXIT_FAILURE;
24.1.4 by Björn Påhlsson
Added optional parameters certdir, certkey and certfile that can be iven at start in the command line.
711
      goto exit;
712
    }
24.1.7 by Björn Påhlsson
merge
713
24.1.5 by Björn Påhlsson
plugbasedclient:
714
    certkey = combinepath(certdir, certkey);
24.1.4 by Björn Påhlsson
Added optional parameters certdir, certkey and certfile that can be iven at start in the command line.
715
    if (certkey == NULL){
24.1.7 by Björn Påhlsson
merge
716
      perror("combinepath");
24.1.6 by Björn Påhlsson
plugbasedclient
717
      returncode = EXIT_FAILURE;
718
      goto exit;
719
    }
15.1.3 by Björn Påhlsson
Added getopt_long support for mandosclient and passprompt
720
    
24.1.7 by Björn Påhlsson
merge
721
    if_index = (AvahiIfIndex) if_nametoindex(interface);
722
    if(if_index == 0){
723
      fprintf(stderr, "No such interface: \"%s\"\n", interface);
724
      exit(EXIT_FAILURE);
28 by Teddy Hogeborn
* server.conf: New file.
725
    }
726
    
727
    if(connect_to != NULL){
728
      /* Connect directly, do not use Zeroconf */
729
      /* (Mainly meant for debugging) */
730
      char *address = strrchr(connect_to, ':');
731
      if(address == NULL){
732
        fprintf(stderr, "No colon in address\n");
733
	exit(EXIT_FAILURE);
734
      }
735
      errno = 0;
736
      uint16_t port = (uint16_t) strtol(address+1, NULL, 10);
737
      if(errno){
738
	perror("Bad port number");
739
	exit(EXIT_FAILURE);
740
      }
741
      *address = '\0';
742
      address = connect_to;
743
      ret = start_mandos_communication(address, port, if_index);
744
      if(ret < 0){
745
	exit(EXIT_FAILURE);
746
      } else {
747
	exit(EXIT_SUCCESS);
748
      }
749
    }
750
    
24.1.6 by Björn Påhlsson
plugbasedclient
751
    sd = socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP);
752
    if(sd < 0) {
753
      perror("socket");
754
      returncode = EXIT_FAILURE;
755
      goto exit;
756
    }
757
    strcpy(network.ifr_name, interface);    
758
    ret = ioctl(sd, SIOCGIFFLAGS, &network);
759
    if(ret == -1){
760
      
761
      perror("ioctl SIOCGIFFLAGS");
762
      returncode = EXIT_FAILURE;
763
      goto exit;
764
    }
765
    if((network.ifr_flags & IFF_UP) == 0){
766
      network.ifr_flags |= IFF_UP;
767
      ret = ioctl(sd, SIOCSIFFLAGS, &network);
768
      if(ret == -1){
769
	perror("ioctl SIOCSIFFLAGS");
770
	returncode = EXIT_FAILURE;
771
	goto exit;
772
      }
773
    }
774
    close(sd);
775
    
15.1.1 by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient
776
    if (not debug){
777
      avahi_set_log_function(empty_log);
778
    }
13 by Björn Påhlsson
Added following support:
779
    
780
    /* Initialize the psuedo-RNG */
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
781
    srand((unsigned int) time(NULL));
13 by Björn Påhlsson
Added following support:
782
783
    /* Allocate main loop object */
784
    if (!(simple_poll = avahi_simple_poll_new())) {
785
        fprintf(stderr, "Failed to create simple poll object.\n");
24.1.6 by Björn Påhlsson
plugbasedclient
786
	returncode = EXIT_FAILURE;	
15.1.1 by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient
787
        goto exit;
13 by Björn Påhlsson
Added following support:
788
    }
789
790
    /* Do not publish any local records */
791
    avahi_server_config_init(&config);
792
    config.publish_hinfo = 0;
793
    config.publish_addresses = 0;
794
    config.publish_workstation = 0;
795
    config.publish_domain = 0;
796
797
    /* Allocate a new server */
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
798
    server = avahi_server_new(avahi_simple_poll_get(simple_poll),
799
			      &config, NULL, NULL, &error);
13 by Björn Påhlsson
Added following support:
800
801
    /* Free the configuration data */
802
    avahi_server_config_free(&config);
803
15.1.1 by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient
804
    /* Check if creating the server object succeeded */
13 by Björn Påhlsson
Added following support:
805
    if (!server) {
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
806
        fprintf(stderr, "Failed to create server: %s\n",
807
		avahi_strerror(error));
15.1.1 by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient
808
	returncode = EXIT_FAILURE;
809
        goto exit;
13 by Björn Påhlsson
Added following support:
810
    }
811
    
812
    /* Create the service browser */
29 by Teddy Hogeborn
* plugins.d/mandosclient.c (start_mandos_communication): Changed
813
    sb = avahi_s_service_browser_new(server, if_index,
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
814
				     AVAHI_PROTO_INET6,
815
				     "_mandos._tcp", NULL, 0,
816
				     browse_callback, server);
817
    if (!sb) {
818
        fprintf(stderr, "Failed to create service browser: %s\n",
819
		avahi_strerror(avahi_server_errno(server)));
15.1.1 by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient
820
	returncode = EXIT_FAILURE;
821
        goto exit;
13 by Björn Påhlsson
Added following support:
822
    }
823
    
824
    /* Run the main loop */
15.1.1 by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient
825
826
    if (debug){
827
      fprintf(stderr, "Starting avahi loop search\n");
828
    }
829
    
13 by Björn Påhlsson
Added following support:
830
    avahi_simple_poll_loop(simple_poll);
831
    
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
832
 exit:
15.1.1 by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient
833
834
    if (debug){
835
      fprintf(stderr, "%s exiting\n", argv[0]);
836
    }
13 by Björn Påhlsson
Added following support:
837
    
838
    /* Cleanup things */
839
    if (sb)
840
        avahi_s_service_browser_free(sb);
841
    
842
    if (server)
843
        avahi_server_free(server);
844
845
    if (simple_poll)
846
        avahi_simple_poll_free(simple_poll);
24.1.5 by Björn Påhlsson
plugbasedclient:
847
    free(certfile);
848
    free(certkey);
849
    
15.1.3 by Björn Påhlsson
Added getopt_long support for mandosclient and passprompt
850
    return returncode;
13 by Björn Påhlsson
Added following support:
851
}