bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk
21
by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and |
1 |
/* -*- coding: utf-8 -*- */
|
2 |
/*
|
|
3 |
* Mandos client - get and decrypt data from a Mandos server
|
|
4 |
*
|
|
5 |
* This program is partly derived from an example program for an Avahi
|
|
6 |
* service browser, downloaded from
|
|
7 |
* <http://avahi.org/browser/examples/core-browse-services.c>. This
|
|
8 |
* includes the following functions: "resolve_callback",
|
|
9 |
* "browse_callback", and parts of "main".
|
|
10 |
*
|
|
28
by Teddy Hogeborn
* server.conf: New file. |
11 |
* Everything else is
|
12 |
* Copyright © 2007-2008 Teddy Hogeborn & Björn Påhlsson
|
|
21
by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and |
13 |
*
|
14 |
* This program is free software: you can redistribute it and/or
|
|
15 |
* modify it under the terms of the GNU General Public License as
|
|
16 |
* published by the Free Software Foundation, either version 3 of the
|
|
17 |
* License, or (at your option) any later version.
|
|
18 |
*
|
|
19 |
* This program is distributed in the hope that it will be useful, but
|
|
20 |
* WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
21 |
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
22 |
* General Public License for more details.
|
|
23 |
*
|
|
24 |
* You should have received a copy of the GNU General Public License
|
|
25 |
* along with this program. If not, see
|
|
26 |
* <http://www.gnu.org/licenses/>.
|
|
27 |
*
|
|
31
by Teddy Hogeborn
* plugins.d/plugbasedclient.c: Update include file comments. |
28 |
* Contact the authors at <mandos@fukt.bsnet.se>.
|
21
by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and |
29 |
*/
|
30 |
||
28
by Teddy Hogeborn
* server.conf: New file. |
31 |
/* Needed by GPGME, specifically gpgme_data_seek() */
|
13
by Björn Påhlsson
Added following support: |
32 |
#define _LARGEFILE_SOURCE
|
33 |
#define _FILE_OFFSET_BITS 64
|
|
34 |
||
35 |
#include <stdio.h> |
|
36 |
#include <assert.h> |
|
37 |
#include <stdlib.h> |
|
38 |
#include <time.h> |
|
39 |
#include <net/if.h> /* if_nametoindex */ |
|
24.1.6
by Björn Påhlsson
plugbasedclient |
40 |
#include <sys/ioctl.h> // ioctl, ifreq, SIOCGIFFLAGS, IFF_UP, SIOCSIFFLAGS |
41 |
#include <net/if.h> // ioctl, ifreq, SIOCGIFFLAGS, IFF_UP, SIOCSIFFLAGS |
|
13
by Björn Påhlsson
Added following support: |
42 |
|
43 |
#include <avahi-core/core.h> |
|
44 |
#include <avahi-core/lookup.h> |
|
45 |
#include <avahi-core/log.h> |
|
46 |
#include <avahi-common/simple-watch.h> |
|
47 |
#include <avahi-common/malloc.h> |
|
48 |
#include <avahi-common/error.h> |
|
49 |
||
50 |
//mandos client part
|
|
22
by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Cast "0" argument to |
51 |
#include <sys/types.h> /* socket(), inet_pton() */ |
52 |
#include <sys/socket.h> /* socket(), struct sockaddr_in6, |
|
21
by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and |
53 |
struct in6_addr, inet_pton() */ |
54 |
#include <gnutls/gnutls.h> /* All GnuTLS stuff */ |
|
55 |
#include <gnutls/openpgp.h> /* GnuTLS with openpgp stuff */ |
|
13
by Björn Påhlsson
Added following support: |
56 |
|
57 |
#include <unistd.h> /* close() */ |
|
58 |
#include <netinet/in.h> |
|
59 |
#include <stdbool.h> /* true */ |
|
60 |
#include <string.h> /* memset */ |
|
61 |
#include <arpa/inet.h> /* inet_pton() */ |
|
62 |
#include <iso646.h> /* not */ |
|
63 |
||
64 |
// gpgme
|
|
65 |
#include <errno.h> /* perror() */ |
|
66 |
#include <gpgme.h> |
|
67 |
||
15.1.3
by Björn Påhlsson
Added getopt_long support for mandosclient and passprompt |
68 |
// getopt long
|
69 |
#include <getopt.h> |
|
13
by Björn Påhlsson
Added following support: |
70 |
|
71 |
#define BUFFER_SIZE 256
|
|
72 |
#define DH_BITS 1024
|
|
73 |
||
36
by Teddy Hogeborn
* TODO: Converted to org-mode style |
74 |
static const char *certdir = "/conf/conf.d/mandos"; |
75 |
static const char *certfile = "openpgp-client.txt"; |
|
76 |
static const char *certkey = "openpgp-client-key.txt"; |
|
24.1.4
by Björn Påhlsson
Added optional parameters certdir, certkey and certfile that can be iven at start in the command line. |
77 |
|
15.1.2
by Björn Påhlsson
Added debug options from passprompt as --debug and --debug=passprompt |
78 |
bool debug = false; |
15.1.1
by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient |
79 |
|
13
by Björn Påhlsson
Added following support: |
80 |
typedef struct { |
81 |
gnutls_session_t session; |
|
82 |
gnutls_certificate_credentials_t cred; |
|
83 |
gnutls_dh_params_t dh_params; |
|
84 |
} encrypted_session; |
|
85 |
||
86 |
||
36
by Teddy Hogeborn
* TODO: Converted to org-mode style |
87 |
static ssize_t pgp_packet_decrypt (char *packet, size_t packet_size, |
88 |
char **new_packet, |
|
89 |
const char *homedir){ |
|
13
by Björn Påhlsson
Added following support: |
90 |
gpgme_data_t dh_crypto, dh_plain; |
91 |
gpgme_ctx_t ctx; |
|
92 |
gpgme_error_t rc; |
|
93 |
ssize_t ret; |
|
21
by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and |
94 |
ssize_t new_packet_capacity = 0; |
95 |
ssize_t new_packet_length = 0; |
|
13
by Björn Påhlsson
Added following support: |
96 |
gpgme_engine_info_t engine_info; |
97 |
||
15.1.1
by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient |
98 |
if (debug){ |
21
by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and |
99 |
fprintf(stderr, "Trying to decrypt OpenPGP packet\n"); |
15.1.1
by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient |
100 |
} |
101 |
|
|
13
by Björn Påhlsson
Added following support: |
102 |
/* Init GPGME */ |
103 |
gpgme_check_version(NULL); |
|
24.1.4
by Björn Påhlsson
Added optional parameters certdir, certkey and certfile that can be iven at start in the command line. |
104 |
rc = gpgme_engine_check_version(GPGME_PROTOCOL_OpenPGP); |
105 |
if (rc != GPG_ERR_NO_ERROR){ |
|
106 |
fprintf(stderr, "bad gpgme_engine_check_version: %s: %s\n", |
|
107 |
gpgme_strsource(rc), gpgme_strerror(rc)); |
|
108 |
return -1; |
|
109 |
} |
|
13
by Björn Påhlsson
Added following support: |
110 |
|
111 |
/* Set GPGME home directory */ |
|
112 |
rc = gpgme_get_engine_info (&engine_info); |
|
113 |
if (rc != GPG_ERR_NO_ERROR){ |
|
114 |
fprintf(stderr, "bad gpgme_get_engine_info: %s: %s\n", |
|
115 |
gpgme_strsource(rc), gpgme_strerror(rc)); |
|
116 |
return -1; |
|
117 |
} |
|
118 |
while(engine_info != NULL){ |
|
119 |
if(engine_info->protocol == GPGME_PROTOCOL_OpenPGP){ |
|
120 |
gpgme_set_engine_info(GPGME_PROTOCOL_OpenPGP, |
|
121 |
engine_info->file_name, homedir); |
|
122 |
break; |
|
123 |
} |
|
124 |
engine_info = engine_info->next; |
|
125 |
} |
|
126 |
if(engine_info == NULL){ |
|
127 |
fprintf(stderr, "Could not set home dir to %s\n", homedir); |
|
128 |
return -1; |
|
129 |
} |
|
130 |
|
|
131 |
/* Create new GPGME data buffer from packet buffer */ |
|
132 |
rc = gpgme_data_new_from_mem(&dh_crypto, packet, packet_size, 0); |
|
133 |
if (rc != GPG_ERR_NO_ERROR){ |
|
134 |
fprintf(stderr, "bad gpgme_data_new_from_mem: %s: %s\n", |
|
135 |
gpgme_strsource(rc), gpgme_strerror(rc)); |
|
136 |
return -1; |
|
137 |
} |
|
138 |
|
|
139 |
/* Create new empty GPGME data buffer for the plaintext */ |
|
140 |
rc = gpgme_data_new(&dh_plain); |
|
141 |
if (rc != GPG_ERR_NO_ERROR){ |
|
142 |
fprintf(stderr, "bad gpgme_data_new: %s: %s\n", |
|
143 |
gpgme_strsource(rc), gpgme_strerror(rc)); |
|
144 |
return -1; |
|
145 |
} |
|
146 |
|
|
147 |
/* Create new GPGME "context" */ |
|
148 |
rc = gpgme_new(&ctx); |
|
149 |
if (rc != GPG_ERR_NO_ERROR){ |
|
150 |
fprintf(stderr, "bad gpgme_new: %s: %s\n", |
|
151 |
gpgme_strsource(rc), gpgme_strerror(rc)); |
|
152 |
return -1; |
|
153 |
} |
|
154 |
|
|
21
by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and |
155 |
/* Decrypt data from the FILE pointer to the plaintext data |
156 |
buffer */
|
|
13
by Björn Påhlsson
Added following support: |
157 |
rc = gpgme_op_decrypt(ctx, dh_crypto, dh_plain); |
158 |
if (rc != GPG_ERR_NO_ERROR){ |
|
159 |
fprintf(stderr, "bad gpgme_op_decrypt: %s: %s\n", |
|
160 |
gpgme_strsource(rc), gpgme_strerror(rc)); |
|
161 |
return -1; |
|
162 |
} |
|
15.1.1
by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient |
163 |
|
164 |
if(debug){ |
|
21
by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and |
165 |
fprintf(stderr, "Decryption of OpenPGP packet succeeded\n"); |
15.1.1
by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient |
166 |
} |
167 |
||
168 |
if (debug){ |
|
169 |
gpgme_decrypt_result_t result; |
|
170 |
result = gpgme_op_decrypt_result(ctx); |
|
171 |
if (result == NULL){ |
|
172 |
fprintf(stderr, "gpgme_op_decrypt_result failed\n"); |
|
173 |
} else { |
|
21
by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and |
174 |
fprintf(stderr, "Unsupported algorithm: %s\n", |
175 |
result->unsupported_algorithm); |
|
176 |
fprintf(stderr, "Wrong key usage: %d\n", |
|
177 |
result->wrong_key_usage); |
|
15.1.1
by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient |
178 |
if(result->file_name != NULL){ |
179 |
fprintf(stderr, "File name: %s\n", result->file_name); |
|
180 |
} |
|
181 |
gpgme_recipient_t recipient; |
|
182 |
recipient = result->recipients; |
|
183 |
if(recipient){ |
|
184 |
while(recipient != NULL){ |
|
185 |
fprintf(stderr, "Public key algorithm: %s\n", |
|
186 |
gpgme_pubkey_algo_name(recipient->pubkey_algo)); |
|
187 |
fprintf(stderr, "Key ID: %s\n", recipient->keyid); |
|
188 |
fprintf(stderr, "Secret key available: %s\n", |
|
21
by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and |
189 |
recipient->status == GPG_ERR_NO_SECKEY |
190 |
? "No" : "Yes"); |
|
15.1.1
by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient |
191 |
recipient = recipient->next; |
192 |
} |
|
193 |
} |
|
194 |
} |
|
195 |
} |
|
13
by Björn Påhlsson
Added following support: |
196 |
|
197 |
/* Delete the GPGME FILE pointer cryptotext data buffer */ |
|
198 |
gpgme_data_release(dh_crypto); |
|
199 |
|
|
200 |
/* Seek back to the beginning of the GPGME plaintext data buffer */ |
|
24.1.5
by Björn Påhlsson
plugbasedclient: |
201 |
if (gpgme_data_seek(dh_plain, (off_t) 0, SEEK_SET) == -1){ |
202 |
perror("pgpme_data_seek"); |
|
203 |
} |
|
204 |
|
|
13
by Björn Påhlsson
Added following support: |
205 |
*new_packet = 0; |
206 |
while(true){ |
|
207 |
if (new_packet_length + BUFFER_SIZE > new_packet_capacity){ |
|
21
by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and |
208 |
*new_packet = realloc(*new_packet, |
209 |
(unsigned int)new_packet_capacity |
|
210 |
+ BUFFER_SIZE); |
|
13
by Björn Påhlsson
Added following support: |
211 |
if (*new_packet == NULL){ |
212 |
perror("realloc"); |
|
213 |
return -1; |
|
214 |
} |
|
215 |
new_packet_capacity += BUFFER_SIZE; |
|
216 |
} |
|
217 |
|
|
21
by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and |
218 |
ret = gpgme_data_read(dh_plain, *new_packet + new_packet_length, |
219 |
BUFFER_SIZE); |
|
13
by Björn Påhlsson
Added following support: |
220 |
/* Print the data, if any */ |
221 |
if (ret == 0){ |
|
222 |
break; |
|
223 |
} |
|
224 |
if(ret < 0){ |
|
225 |
perror("gpgme_data_read"); |
|
226 |
return -1; |
|
227 |
} |
|
228 |
new_packet_length += ret; |
|
229 |
} |
|
230 |
||
15.1.3
by Björn Påhlsson
Added getopt_long support for mandosclient and passprompt |
231 |
/* FIXME: check characters before printing to screen so to not print |
232 |
terminal control characters */
|
|
233 |
/* if(debug){ */ |
|
234 |
/* fprintf(stderr, "decrypted password is: "); */ |
|
235 |
/* fwrite(*new_packet, 1, new_packet_length, stderr); */ |
|
236 |
/* fprintf(stderr, "\n"); */ |
|
237 |
/* } */ |
|
238 |
|
|
239 |
/* Delete the GPGME plaintext data buffer */ |
|
13
by Björn Påhlsson
Added following support: |
240 |
gpgme_data_release(dh_plain); |
241 |
return new_packet_length; |
|
242 |
}
|
|
243 |
||
244 |
static const char * safer_gnutls_strerror (int value) { |
|
245 |
const char *ret = gnutls_strerror (value); |
|
246 |
if (ret == NULL) |
|
247 |
ret = "(unknown)"; |
|
248 |
return ret; |
|
249 |
}
|
|
250 |
||
36
by Teddy Hogeborn
* TODO: Converted to org-mode style |
251 |
static void debuggnutls(__attribute__((unused)) int level, |
252 |
const char* string){ |
|
13
by Björn Påhlsson
Added following support: |
253 |
fprintf(stderr, "%s", string); |
254 |
}
|
|
255 |
||
36
by Teddy Hogeborn
* TODO: Converted to org-mode style |
256 |
static int initgnutls(encrypted_session *es){ |
13
by Björn Påhlsson
Added following support: |
257 |
const char *err; |
258 |
int ret; |
|
21
by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and |
259 |
|
15.1.1
by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient |
260 |
if(debug){ |
21
by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and |
261 |
fprintf(stderr, "Initializing GnuTLS\n"); |
15.1.1
by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient |
262 |
} |
24.1.4
by Björn Påhlsson
Added optional parameters certdir, certkey and certfile that can be iven at start in the command line. |
263 |
|
13
by Björn Påhlsson
Added following support: |
264 |
if ((ret = gnutls_global_init ()) |
265 |
!= GNUTLS_E_SUCCESS) { |
|
266 |
fprintf (stderr, "global_init: %s\n", safer_gnutls_strerror(ret)); |
|
267 |
return -1; |
|
268 |
} |
|
269 |
||
15.1.1
by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient |
270 |
if (debug){ |
271 |
gnutls_global_set_log_level(11); |
|
272 |
gnutls_global_set_log_function(debuggnutls); |
|
273 |
} |
|
274 |
|
|
13
by Björn Påhlsson
Added following support: |
275 |
/* openpgp credentials */ |
276 |
if ((ret = gnutls_certificate_allocate_credentials (&es->cred)) |
|
277 |
!= GNUTLS_E_SUCCESS) { |
|
21
by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and |
278 |
fprintf (stderr, "memory error: %s\n", |
279 |
safer_gnutls_strerror(ret)); |
|
13
by Björn Påhlsson
Added following support: |
280 |
return -1; |
281 |
} |
|
21
by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and |
282 |
|
15.1.1
by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient |
283 |
if(debug){ |
21
by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and |
284 |
fprintf(stderr, "Attempting to use OpenPGP certificate %s" |
24.1.4
by Björn Påhlsson
Added optional parameters certdir, certkey and certfile that can be iven at start in the command line. |
285 |
" and keyfile %s as GnuTLS credentials\n", certfile, |
286 |
certkey); |
|
15.1.1
by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient |
287 |
} |
21
by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and |
288 |
|
13
by Björn Påhlsson
Added following support: |
289 |
ret = gnutls_certificate_set_openpgp_key_file |
24.1.4
by Björn Påhlsson
Added optional parameters certdir, certkey and certfile that can be iven at start in the command line. |
290 |
(es->cred, certfile, certkey, GNUTLS_OPENPGP_FMT_BASE64); |
13
by Björn Påhlsson
Added following support: |
291 |
if (ret != GNUTLS_E_SUCCESS) { |
292 |
fprintf |
|
21
by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and |
293 |
(stderr, "Error[%d] while reading the OpenPGP key pair ('%s'," |
294 |
" '%s')\n", |
|
24.1.4
by Björn Påhlsson
Added optional parameters certdir, certkey and certfile that can be iven at start in the command line. |
295 |
ret, certfile, certkey); |
13
by Björn Påhlsson
Added following support: |
296 |
fprintf(stdout, "The Error is: %s\n", |
297 |
safer_gnutls_strerror(ret)); |
|
298 |
return -1; |
|
299 |
} |
|
21
by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and |
300 |
|
301 |
//GnuTLS server initialization |
|
13
by Björn Påhlsson
Added following support: |
302 |
if ((ret = gnutls_dh_params_init (&es->dh_params)) |
303 |
!= GNUTLS_E_SUCCESS) { |
|
304 |
fprintf (stderr, "Error in dh parameter initialization: %s\n", |
|
305 |
safer_gnutls_strerror(ret)); |
|
306 |
return -1; |
|
307 |
} |
|
21
by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and |
308 |
|
13
by Björn Påhlsson
Added following support: |
309 |
if ((ret = gnutls_dh_params_generate2 (es->dh_params, DH_BITS)) |
310 |
!= GNUTLS_E_SUCCESS) { |
|
311 |
fprintf (stderr, "Error in prime generation: %s\n", |
|
312 |
safer_gnutls_strerror(ret)); |
|
313 |
return -1; |
|
314 |
} |
|
21
by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and |
315 |
|
13
by Björn Påhlsson
Added following support: |
316 |
gnutls_certificate_set_dh_params (es->cred, es->dh_params); |
21
by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and |
317 |
|
318 |
// GnuTLS session creation |
|
13
by Björn Påhlsson
Added following support: |
319 |
if ((ret = gnutls_init (&es->session, GNUTLS_SERVER)) |
320 |
!= GNUTLS_E_SUCCESS){ |
|
21
by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and |
321 |
fprintf(stderr, "Error in GnuTLS session initialization: %s\n", |
13
by Björn Påhlsson
Added following support: |
322 |
safer_gnutls_strerror(ret)); |
323 |
} |
|
21
by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and |
324 |
|
13
by Björn Påhlsson
Added following support: |
325 |
if ((ret = gnutls_priority_set_direct (es->session, "NORMAL", &err)) |
326 |
!= GNUTLS_E_SUCCESS) { |
|
327 |
fprintf(stderr, "Syntax error at: %s\n", err); |
|
21
by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and |
328 |
fprintf(stderr, "GnuTLS error: %s\n", |
13
by Björn Påhlsson
Added following support: |
329 |
safer_gnutls_strerror(ret)); |
330 |
return -1; |
|
331 |
} |
|
21
by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and |
332 |
|
13
by Björn Påhlsson
Added following support: |
333 |
if ((ret = gnutls_credentials_set |
334 |
(es->session, GNUTLS_CRD_CERTIFICATE, es->cred)) |
|
335 |
!= GNUTLS_E_SUCCESS) { |
|
336 |
fprintf(stderr, "Error setting a credentials set: %s\n", |
|
337 |
safer_gnutls_strerror(ret)); |
|
338 |
return -1; |
|
339 |
} |
|
21
by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and |
340 |
|
13
by Björn Påhlsson
Added following support: |
341 |
/* ignore client certificate if any. */ |
21
by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and |
342 |
gnutls_certificate_server_set_request (es->session, |
343 |
GNUTLS_CERT_IGNORE); |
|
13
by Björn Påhlsson
Added following support: |
344 |
|
345 |
gnutls_dh_set_prime_bits (es->session, DH_BITS); |
|
346 |
|
|
347 |
return 0; |
|
348 |
}
|
|
349 |
||
36
by Teddy Hogeborn
* TODO: Converted to org-mode style |
350 |
static void empty_log(__attribute__((unused)) AvahiLogLevel level, |
351 |
__attribute__((unused)) const char *txt){} |
|
13
by Björn Påhlsson
Added following support: |
352 |
|
36
by Teddy Hogeborn
* TODO: Converted to org-mode style |
353 |
static int start_mandos_communication(const char *ip, uint16_t port, |
354 |
AvahiIfIndex if_index){ |
|
13
by Björn Påhlsson
Added following support: |
355 |
int ret, tcp_sd; |
356 |
struct sockaddr_in6 to; |
|
357 |
encrypted_session es; |
|
358 |
char *buffer = NULL; |
|
359 |
char *decrypted_buffer; |
|
360 |
size_t buffer_length = 0; |
|
361 |
size_t buffer_capacity = 0; |
|
362 |
ssize_t decrypted_buffer_size; |
|
22
by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Cast "0" argument to |
363 |
size_t written = 0; |
13
by Björn Påhlsson
Added following support: |
364 |
int retval = 0; |
21
by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and |
365 |
char interface[IF_NAMESIZE]; |
366 |
|
|
15.1.1
by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient |
367 |
if(debug){ |
28
by Teddy Hogeborn
* server.conf: New file. |
368 |
fprintf(stderr, "Setting up a tcp connection to %s, port %d\n", |
369 |
ip, port); |
|
15.1.1
by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient |
370 |
} |
13
by Björn Påhlsson
Added following support: |
371 |
|
372 |
tcp_sd = socket(PF_INET6, SOCK_STREAM, 0); |
|
373 |
if(tcp_sd < 0) { |
|
374 |
perror("socket"); |
|
375 |
return -1; |
|
376 |
} |
|
24.1.6
by Björn Påhlsson
plugbasedclient |
377 |
|
378 |
if(debug){ |
|
24.1.7
by Björn Påhlsson
merge |
379 |
if(if_indextoname((unsigned int)if_index, interface) == NULL){ |
24.1.6
by Björn Påhlsson
plugbasedclient |
380 |
if(debug){ |
381 |
perror("if_indextoname"); |
|
382 |
} |
|
383 |
return -1; |
|
21
by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and |
384 |
} |
24.1.6
by Björn Påhlsson
plugbasedclient |
385 |
|
15.1.1
by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient |
386 |
fprintf(stderr, "Binding to interface %s\n", interface); |
387 |
} |
|
21
by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and |
388 |
|
22
by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Cast "0" argument to |
389 |
memset(&to,0,sizeof(to)); /* Spurious warning */ |
13
by Björn Påhlsson
Added following support: |
390 |
to.sin6_family = AF_INET6; |
18
by Teddy Hogeborn
* plugins.d/Makefile: Removed |
391 |
ret = inet_pton(AF_INET6, ip, &to.sin6_addr); |
13
by Björn Påhlsson
Added following support: |
392 |
if (ret < 0 ){ |
393 |
perror("inet_pton"); |
|
394 |
return -1; |
|
395 |
} |
|
396 |
if(ret == 0){ |
|
397 |
fprintf(stderr, "Bad address: %s\n", ip); |
|
398 |
return -1; |
|
399 |
} |
|
22
by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Cast "0" argument to |
400 |
to.sin6_port = htons(port); /* Spurious warning */ |
21
by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and |
401 |
|
402 |
to.sin6_scope_id = (uint32_t)if_index; |
|
403 |
|
|
15.1.1
by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient |
404 |
if(debug){ |
28
by Teddy Hogeborn
* server.conf: New file. |
405 |
fprintf(stderr, "Connection to: %s, port %d\n", ip, port); |
406 |
/* char addrstr[INET6_ADDRSTRLEN]; */
|
|
407 |
/* if(inet_ntop(to.sin6_family, &(to.sin6_addr), addrstr, */
|
|
408 |
/* sizeof(addrstr)) == NULL){ */
|
|
409 |
/* perror("inet_ntop"); */
|
|
410 |
/* } else { */
|
|
411 |
/* fprintf(stderr, "Really connecting to: %s, port %d\n", */
|
|
412 |
/* addrstr, ntohs(to.sin6_port)); */
|
|
413 |
/* } */
|
|
15.1.1
by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient |
414 |
} |
13
by Björn Påhlsson
Added following support: |
415 |
|
416 |
ret = connect(tcp_sd, (struct sockaddr *) &to, sizeof(to)); |
|
417 |
if (ret < 0){ |
|
418 |
perror("connect"); |
|
419 |
return -1; |
|
420 |
} |
|
421 |
|
|
422 |
ret = initgnutls (&es); |
|
423 |
if (ret != 0){ |
|
424 |
retval = -1; |
|
425 |
return -1; |
|
426 |
} |
|
21
by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and |
427 |
|
428 |
gnutls_transport_set_ptr (es.session, |
|
429 |
(gnutls_transport_ptr_t) tcp_sd); |
|
430 |
|
|
15.1.1
by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient |
431 |
if(debug){ |
21
by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and |
432 |
fprintf(stderr, "Establishing TLS session with %s\n", ip); |
15.1.1
by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient |
433 |
} |
434 |
|
|
13
by Björn Påhlsson
Added following support: |
435 |
ret = gnutls_handshake (es.session); |
436 |
|
|
437 |
if (ret != GNUTLS_E_SUCCESS){ |
|
25
by Teddy Hogeborn
* mandos-clients.conf ([DEFAULT]): New section. |
438 |
if(debug){ |
439 |
fprintf(stderr, "\n*** Handshake failed ***\n"); |
|
440 |
gnutls_perror (ret); |
|
441 |
} |
|
13
by Björn Påhlsson
Added following support: |
442 |
retval = -1; |
443 |
goto exit; |
|
444 |
} |
|
21
by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and |
445 |
|
446 |
//Retrieve OpenPGP packet that contains the wanted password |
|
447 |
|
|
15.1.1
by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient |
448 |
if(debug){ |
21
by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and |
449 |
fprintf(stderr, "Retrieving pgp encrypted password from %s\n", |
450 |
ip); |
|
15.1.1
by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient |
451 |
} |
452 |
||
13
by Björn Påhlsson
Added following support: |
453 |
while(true){ |
454 |
if (buffer_length + BUFFER_SIZE > buffer_capacity){ |
|
455 |
buffer = realloc(buffer, buffer_capacity + BUFFER_SIZE); |
|
456 |
if (buffer == NULL){ |
|
457 |
perror("realloc"); |
|
458 |
goto exit; |
|
459 |
} |
|
460 |
buffer_capacity += BUFFER_SIZE; |
|
461 |
} |
|
462 |
|
|
463 |
ret = gnutls_record_recv |
|
464 |
(es.session, buffer+buffer_length, BUFFER_SIZE); |
|
465 |
if (ret == 0){ |
|
466 |
break; |
|
467 |
} |
|
468 |
if (ret < 0){ |
|
469 |
switch(ret){ |
|
470 |
case GNUTLS_E_INTERRUPTED: |
|
471 |
case GNUTLS_E_AGAIN: |
|
472 |
break; |
|
473 |
case GNUTLS_E_REHANDSHAKE: |
|
474 |
ret = gnutls_handshake (es.session); |
|
475 |
if (ret < 0){ |
|
476 |
fprintf(stderr, "\n*** Handshake failed ***\n"); |
|
477 |
gnutls_perror (ret); |
|
478 |
retval = -1; |
|
479 |
goto exit; |
|
480 |
} |
|
481 |
break; |
|
482 |
default: |
|
21
by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and |
483 |
fprintf(stderr, "Unknown error while reading data from" |
484 |
" encrypted session with mandos server\n"); |
|
13
by Björn Påhlsson
Added following support: |
485 |
retval = -1; |
486 |
gnutls_bye (es.session, GNUTLS_SHUT_RDWR); |
|
487 |
goto exit; |
|
488 |
} |
|
489 |
} else { |
|
21
by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and |
490 |
buffer_length += (size_t) ret; |
13
by Björn Påhlsson
Added following support: |
491 |
} |
492 |
} |
|
15.1.1
by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient |
493 |
|
13
by Björn Påhlsson
Added following support: |
494 |
if (buffer_length > 0){ |
21
by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and |
495 |
decrypted_buffer_size = pgp_packet_decrypt(buffer, |
496 |
buffer_length, |
|
497 |
&decrypted_buffer, |
|
24.1.4
by Björn Påhlsson
Added optional parameters certdir, certkey and certfile that can be iven at start in the command line. |
498 |
certdir); |
21
by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and |
499 |
if (decrypted_buffer_size >= 0){ |
28
by Teddy Hogeborn
* server.conf: New file. |
500 |
while(written < (size_t) decrypted_buffer_size){ |
22
by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Cast "0" argument to |
501 |
ret = (int)fwrite (decrypted_buffer + written, 1, |
502 |
(size_t)decrypted_buffer_size - written, |
|
503 |
stdout); |
|
21
by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and |
504 |
if(ret == 0 and ferror(stdout)){ |
505 |
if(debug){ |
|
506 |
fprintf(stderr, "Error writing encrypted data: %s\n", |
|
507 |
strerror(errno)); |
|
508 |
} |
|
509 |
retval = -1; |
|
510 |
break; |
|
511 |
} |
|
22
by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Cast "0" argument to |
512 |
written += (size_t)ret; |
21
by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and |
513 |
} |
13
by Björn Påhlsson
Added following support: |
514 |
free(decrypted_buffer); |
15.1.1
by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient |
515 |
} else { |
516 |
retval = -1; |
|
13
by Björn Påhlsson
Added following support: |
517 |
} |
518 |
} |
|
519 |
||
15.1.1
by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient |
520 |
//shutdown procedure |
521 |
||
522 |
if(debug){ |
|
21
by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and |
523 |
fprintf(stderr, "Closing TLS session\n"); |
15.1.1
by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient |
524 |
} |
525 |
||
13
by Björn Påhlsson
Added following support: |
526 |
free(buffer); |
527 |
gnutls_bye (es.session, GNUTLS_SHUT_RDWR); |
|
528 |
exit: |
|
529 |
close(tcp_sd); |
|
530 |
gnutls_deinit (es.session); |
|
531 |
gnutls_certificate_free_credentials (es.cred); |
|
532 |
gnutls_global_deinit (); |
|
533 |
return retval; |
|
534 |
}
|
|
535 |
||
536 |
static AvahiSimplePoll *simple_poll = NULL; |
|
537 |
static AvahiServer *server = NULL; |
|
538 |
||
539 |
static void resolve_callback( |
|
540 |
AvahiSServiceResolver *r, |
|
22
by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Cast "0" argument to |
541 |
AvahiIfIndex interface, |
13
by Björn Påhlsson
Added following support: |
542 |
AVAHI_GCC_UNUSED AvahiProtocol protocol, |
543 |
AvahiResolverEvent event, |
|
544 |
const char *name, |
|
545 |
const char *type, |
|
546 |
const char *domain, |
|
547 |
const char *host_name, |
|
548 |
const AvahiAddress *address, |
|
549 |
uint16_t port, |
|
21
by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and |
550 |
AVAHI_GCC_UNUSED AvahiStringList *txt, |
551 |
AVAHI_GCC_UNUSED AvahiLookupResultFlags flags, |
|
13
by Björn Påhlsson
Added following support: |
552 |
AVAHI_GCC_UNUSED void* userdata) { |
553 |
|
|
22
by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Cast "0" argument to |
554 |
assert(r); /* Spurious warning */ |
555 |
|
|
21
by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and |
556 |
/* Called whenever a service has been resolved successfully or |
557 |
timed out */
|
|
22
by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Cast "0" argument to |
558 |
|
21
by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and |
559 |
switch (event) { |
560 |
default: |
|
561 |
case AVAHI_RESOLVER_FAILURE: |
|
562 |
fprintf(stderr, "(Resolver) Failed to resolve service '%s' of" |
|
563 |
" type '%s' in domain '%s': %s\n", name, type, domain, |
|
564 |
avahi_strerror(avahi_server_errno(server))); |
|
565 |
break; |
|
22
by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Cast "0" argument to |
566 |
|
21
by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and |
567 |
case AVAHI_RESOLVER_FOUND: |
568 |
{ |
|
569 |
char ip[AVAHI_ADDRESS_STR_MAX]; |
|
570 |
avahi_address_snprint(ip, sizeof(ip), address); |
|
571 |
if(debug){ |
|
25
by Teddy Hogeborn
* mandos-clients.conf ([DEFAULT]): New section. |
572 |
fprintf(stderr, "Mandos server \"%s\" found on %s (%s) on" |
573 |
" port %d\n", name, host_name, ip, port); |
|
21
by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and |
574 |
} |
29
by Teddy Hogeborn
* plugins.d/mandosclient.c (start_mandos_communication): Changed |
575 |
int ret = start_mandos_communication(ip, port, interface); |
21
by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and |
576 |
if (ret == 0){ |
577 |
exit(EXIT_SUCCESS); |
|
578 |
} |
|
13
by Björn Påhlsson
Added following support: |
579 |
} |
21
by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and |
580 |
} |
581 |
avahi_s_service_resolver_free(r); |
|
13
by Björn Påhlsson
Added following support: |
582 |
}
|
583 |
||
584 |
static void browse_callback( |
|
585 |
AvahiSServiceBrowser *b, |
|
586 |
AvahiIfIndex interface, |
|
587 |
AvahiProtocol protocol, |
|
588 |
AvahiBrowserEvent event, |
|
589 |
const char *name, |
|
590 |
const char *type, |
|
591 |
const char *domain, |
|
592 |
AVAHI_GCC_UNUSED AvahiLookupResultFlags flags, |
|
593 |
void* userdata) { |
|
594 |
|
|
595 |
AvahiServer *s = userdata; |
|
22
by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Cast "0" argument to |
596 |
assert(b); /* Spurious warning */ |
597 |
|
|
21
by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and |
598 |
/* Called whenever a new services becomes available on the LAN or |
599 |
is removed from the LAN */
|
|
22
by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Cast "0" argument to |
600 |
|
13
by Björn Påhlsson
Added following support: |
601 |
switch (event) { |
21
by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and |
602 |
default: |
603 |
case AVAHI_BROWSER_FAILURE: |
|
604 |
|
|
605 |
fprintf(stderr, "(Browser) %s\n", |
|
606 |
avahi_strerror(avahi_server_errno(server))); |
|
607 |
avahi_simple_poll_quit(simple_poll); |
|
608 |
return; |
|
609 |
|
|
610 |
case AVAHI_BROWSER_NEW: |
|
611 |
/* We ignore the returned resolver object. In the callback |
|
612 |
function we free it. If the server is terminated before
|
|
613 |
the callback function is called the server will free
|
|
614 |
the resolver for us. */
|
|
615 |
|
|
616 |
if (!(avahi_s_service_resolver_new(s, interface, protocol, name, |
|
617 |
type, domain, |
|
618 |
AVAHI_PROTO_INET6, 0, |
|
619 |
resolve_callback, s))) |
|
620 |
fprintf(stderr, "Failed to resolve service '%s': %s\n", name, |
|
621 |
avahi_strerror(avahi_server_errno(s))); |
|
622 |
break; |
|
623 |
|
|
624 |
case AVAHI_BROWSER_REMOVE: |
|
625 |
break; |
|
626 |
|
|
627 |
case AVAHI_BROWSER_ALL_FOR_NOW: |
|
628 |
case AVAHI_BROWSER_CACHE_EXHAUSTED: |
|
629 |
break; |
|
13
by Björn Påhlsson
Added following support: |
630 |
} |
631 |
}
|
|
632 |
||
36
by Teddy Hogeborn
* TODO: Converted to org-mode style |
633 |
/* Combines file name and path and returns the malloced new
|
634 |
string. some sane checks could/should be added */
|
|
635 |
static const char *combinepath(const char *first, const char *second){ |
|
636 |
size_t f_len = strlen(first); |
|
637 |
size_t s_len = strlen(second); |
|
638 |
char *tmp = malloc(f_len + s_len + 2); |
|
24.1.4
by Björn Påhlsson
Added optional parameters certdir, certkey and certfile that can be iven at start in the command line. |
639 |
if (tmp == NULL){ |
640 |
return NULL; |
|
641 |
} |
|
36
by Teddy Hogeborn
* TODO: Converted to org-mode style |
642 |
if(f_len > 0){ |
643 |
memcpy(tmp, first, f_len); |
|
644 |
} |
|
645 |
tmp[f_len] = '/'; |
|
646 |
if(s_len > 0){ |
|
647 |
memcpy(tmp + f_len + 1, second, s_len); |
|
648 |
} |
|
649 |
tmp[f_len + 1 + s_len] = '\0'; |
|
24.1.4
by Björn Påhlsson
Added optional parameters certdir, certkey and certfile that can be iven at start in the command line. |
650 |
return tmp; |
651 |
}
|
|
652 |
||
653 |
||
13
by Björn Påhlsson
Added following support: |
654 |
int main(AVAHI_GCC_UNUSED int argc, AVAHI_GCC_UNUSED char*argv[]) { |
655 |
AvahiServerConfig config; |
|
656 |
AvahiSServiceBrowser *sb = NULL; |
|
657 |
int error; |
|
15.1.3
by Björn Påhlsson
Added getopt_long support for mandosclient and passprompt |
658 |
int ret; |
15.1.1
by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient |
659 |
int returncode = EXIT_SUCCESS; |
21
by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and |
660 |
const char *interface = "eth0"; |
24.1.6
by Björn Påhlsson
plugbasedclient |
661 |
struct ifreq network; |
662 |
int sd; |
|
24.1.7
by Björn Påhlsson
merge |
663 |
char *connect_to = NULL; |
29
by Teddy Hogeborn
* plugins.d/mandosclient.c (start_mandos_communication): Changed |
664 |
AvahiIfIndex if_index = AVAHI_IF_UNSPEC; |
21
by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and |
665 |
|
15.1.3
by Björn Påhlsson
Added getopt_long support for mandosclient and passprompt |
666 |
while (true){ |
667 |
static struct option long_options[] = { |
|
668 |
{"debug", no_argument, (int *)&debug, 1}, |
|
30
by Teddy Hogeborn
Merge. |
669 |
{"connect", required_argument, 0, 'C'}, |
15.1.3
by Björn Påhlsson
Added getopt_long support for mandosclient and passprompt |
670 |
{"interface", required_argument, 0, 'i'}, |
24.1.4
by Björn Påhlsson
Added optional parameters certdir, certkey and certfile that can be iven at start in the command line. |
671 |
{"certdir", required_argument, 0, 'd'}, |
672 |
{"certkey", required_argument, 0, 'c'}, |
|
673 |
{"certfile", required_argument, 0, 'k'}, |
|
15.1.3
by Björn Påhlsson
Added getopt_long support for mandosclient and passprompt |
674 |
{0, 0, 0, 0} }; |
22
by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Cast "0" argument to |
675 |
|
15.1.3
by Björn Påhlsson
Added getopt_long support for mandosclient and passprompt |
676 |
int option_index = 0; |
21
by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and |
677 |
ret = getopt_long (argc, argv, "i:", long_options, |
678 |
&option_index); |
|
22
by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Cast "0" argument to |
679 |
|
15.1.3
by Björn Påhlsson
Added getopt_long support for mandosclient and passprompt |
680 |
if (ret == -1){ |
681 |
break; |
|
682 |
} |
|
683 |
|
|
684 |
switch(ret){ |
|
685 |
case 0: |
|
686 |
break; |
|
687 |
case 'i': |
|
688 |
interface = optarg; |
|
689 |
break; |
|
30
by Teddy Hogeborn
Merge. |
690 |
case 'C': |
691 |
connect_to = optarg; |
|
692 |
break; |
|
24.1.4
by Björn Påhlsson
Added optional parameters certdir, certkey and certfile that can be iven at start in the command line. |
693 |
case 'd': |
694 |
certdir = optarg; |
|
695 |
break; |
|
696 |
case 'c': |
|
697 |
certfile = optarg; |
|
698 |
break; |
|
699 |
case 'k': |
|
700 |
certkey = optarg; |
|
701 |
break; |
|
15.1.3
by Björn Påhlsson
Added getopt_long support for mandosclient and passprompt |
702 |
default: |
703 |
exit(EXIT_FAILURE); |
|
704 |
} |
|
705 |
} |
|
36
by Teddy Hogeborn
* TODO: Converted to org-mode style |
706 |
|
24.1.5
by Björn Påhlsson
plugbasedclient: |
707 |
certfile = combinepath(certdir, certfile); |
24.1.4
by Björn Påhlsson
Added optional parameters certdir, certkey and certfile that can be iven at start in the command line. |
708 |
if (certfile == NULL){ |
36
by Teddy Hogeborn
* TODO: Converted to org-mode style |
709 |
perror("combinepath"); |
24.1.6
by Björn Påhlsson
plugbasedclient |
710 |
returncode = EXIT_FAILURE; |
24.1.4
by Björn Påhlsson
Added optional parameters certdir, certkey and certfile that can be iven at start in the command line. |
711 |
goto exit; |
712 |
} |
|
24.1.7
by Björn Påhlsson
merge |
713 |
|
24.1.5
by Björn Påhlsson
plugbasedclient: |
714 |
certkey = combinepath(certdir, certkey); |
24.1.4
by Björn Påhlsson
Added optional parameters certdir, certkey and certfile that can be iven at start in the command line. |
715 |
if (certkey == NULL){ |
24.1.7
by Björn Påhlsson
merge |
716 |
perror("combinepath"); |
24.1.6
by Björn Påhlsson
plugbasedclient |
717 |
returncode = EXIT_FAILURE; |
718 |
goto exit; |
|
719 |
} |
|
15.1.3
by Björn Påhlsson
Added getopt_long support for mandosclient and passprompt |
720 |
|
24.1.7
by Björn Påhlsson
merge |
721 |
if_index = (AvahiIfIndex) if_nametoindex(interface); |
722 |
if(if_index == 0){ |
|
723 |
fprintf(stderr, "No such interface: \"%s\"\n", interface); |
|
724 |
exit(EXIT_FAILURE); |
|
28
by Teddy Hogeborn
* server.conf: New file. |
725 |
} |
726 |
|
|
727 |
if(connect_to != NULL){ |
|
728 |
/* Connect directly, do not use Zeroconf */ |
|
729 |
/* (Mainly meant for debugging) */ |
|
730 |
char *address = strrchr(connect_to, ':'); |
|
731 |
if(address == NULL){ |
|
732 |
fprintf(stderr, "No colon in address\n"); |
|
733 |
exit(EXIT_FAILURE); |
|
734 |
} |
|
735 |
errno = 0; |
|
736 |
uint16_t port = (uint16_t) strtol(address+1, NULL, 10); |
|
737 |
if(errno){ |
|
738 |
perror("Bad port number"); |
|
739 |
exit(EXIT_FAILURE); |
|
740 |
} |
|
741 |
*address = '\0'; |
|
742 |
address = connect_to; |
|
743 |
ret = start_mandos_communication(address, port, if_index); |
|
744 |
if(ret < 0){ |
|
745 |
exit(EXIT_FAILURE); |
|
746 |
} else { |
|
747 |
exit(EXIT_SUCCESS); |
|
748 |
} |
|
749 |
} |
|
750 |
|
|
24.1.6
by Björn Påhlsson
plugbasedclient |
751 |
sd = socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP); |
752 |
if(sd < 0) { |
|
753 |
perror("socket"); |
|
754 |
returncode = EXIT_FAILURE; |
|
755 |
goto exit; |
|
756 |
} |
|
757 |
strcpy(network.ifr_name, interface); |
|
758 |
ret = ioctl(sd, SIOCGIFFLAGS, &network); |
|
759 |
if(ret == -1){ |
|
760 |
|
|
761 |
perror("ioctl SIOCGIFFLAGS"); |
|
762 |
returncode = EXIT_FAILURE; |
|
763 |
goto exit; |
|
764 |
} |
|
765 |
if((network.ifr_flags & IFF_UP) == 0){ |
|
766 |
network.ifr_flags |= IFF_UP; |
|
767 |
ret = ioctl(sd, SIOCSIFFLAGS, &network); |
|
768 |
if(ret == -1){ |
|
769 |
perror("ioctl SIOCSIFFLAGS"); |
|
770 |
returncode = EXIT_FAILURE; |
|
771 |
goto exit; |
|
772 |
} |
|
773 |
} |
|
774 |
close(sd); |
|
775 |
|
|
15.1.1
by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient |
776 |
if (not debug){ |
777 |
avahi_set_log_function(empty_log); |
|
778 |
} |
|
13
by Björn Påhlsson
Added following support: |
779 |
|
780 |
/* Initialize the psuedo-RNG */ |
|
21
by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and |
781 |
srand((unsigned int) time(NULL)); |
13
by Björn Påhlsson
Added following support: |
782 |
|
783 |
/* Allocate main loop object */ |
|
784 |
if (!(simple_poll = avahi_simple_poll_new())) { |
|
785 |
fprintf(stderr, "Failed to create simple poll object.\n"); |
|
24.1.6
by Björn Påhlsson
plugbasedclient |
786 |
returncode = EXIT_FAILURE; |
15.1.1
by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient |
787 |
goto exit; |
13
by Björn Påhlsson
Added following support: |
788 |
} |
789 |
||
790 |
/* Do not publish any local records */ |
|
791 |
avahi_server_config_init(&config); |
|
792 |
config.publish_hinfo = 0; |
|
793 |
config.publish_addresses = 0; |
|
794 |
config.publish_workstation = 0; |
|
795 |
config.publish_domain = 0; |
|
796 |
||
797 |
/* Allocate a new server */ |
|
21
by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and |
798 |
server = avahi_server_new(avahi_simple_poll_get(simple_poll), |
799 |
&config, NULL, NULL, &error); |
|
13
by Björn Påhlsson
Added following support: |
800 |
|
801 |
/* Free the configuration data */ |
|
802 |
avahi_server_config_free(&config); |
|
803 |
||
15.1.1
by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient |
804 |
/* Check if creating the server object succeeded */ |
13
by Björn Påhlsson
Added following support: |
805 |
if (!server) { |
21
by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and |
806 |
fprintf(stderr, "Failed to create server: %s\n", |
807 |
avahi_strerror(error)); |
|
15.1.1
by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient |
808 |
returncode = EXIT_FAILURE; |
809 |
goto exit; |
|
13
by Björn Påhlsson
Added following support: |
810 |
} |
811 |
|
|
812 |
/* Create the service browser */ |
|
29
by Teddy Hogeborn
* plugins.d/mandosclient.c (start_mandos_communication): Changed |
813 |
sb = avahi_s_service_browser_new(server, if_index, |
21
by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and |
814 |
AVAHI_PROTO_INET6, |
815 |
"_mandos._tcp", NULL, 0, |
|
816 |
browse_callback, server); |
|
817 |
if (!sb) { |
|
818 |
fprintf(stderr, "Failed to create service browser: %s\n", |
|
819 |
avahi_strerror(avahi_server_errno(server))); |
|
15.1.1
by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient |
820 |
returncode = EXIT_FAILURE; |
821 |
goto exit; |
|
13
by Björn Påhlsson
Added following support: |
822 |
} |
823 |
|
|
824 |
/* Run the main loop */ |
|
15.1.1
by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient |
825 |
|
826 |
if (debug){ |
|
827 |
fprintf(stderr, "Starting avahi loop search\n"); |
|
828 |
} |
|
829 |
|
|
13
by Björn Påhlsson
Added following support: |
830 |
avahi_simple_poll_loop(simple_poll); |
831 |
|
|
21
by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and |
832 |
exit: |
15.1.1
by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient |
833 |
|
834 |
if (debug){ |
|
835 |
fprintf(stderr, "%s exiting\n", argv[0]); |
|
836 |
} |
|
13
by Björn Påhlsson
Added following support: |
837 |
|
838 |
/* Cleanup things */ |
|
839 |
if (sb) |
|
840 |
avahi_s_service_browser_free(sb); |
|
841 |
|
|
842 |
if (server) |
|
843 |
avahi_server_free(server); |
|
844 |
||
845 |
if (simple_poll) |
|
846 |
avahi_simple_poll_free(simple_poll); |
|
24.1.5
by Björn Påhlsson
plugbasedclient: |
847 |
free(certfile); |
848 |
free(certkey); |
|
849 |
|
|
15.1.3
by Björn Påhlsson
Added getopt_long support for mandosclient and passprompt |
850 |
return returncode; |
13
by Björn Påhlsson
Added following support: |
851 |
}
|