/mandos/trunk

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/trunk
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
1
/*  -*- coding: utf-8 -*- */
2
/*
3
 * Mandos client - get and decrypt data from a Mandos server
4
 *
5
 * This program is partly derived from an example program for an Avahi
6
 * service browser, downloaded from
7
 * <http://avahi.org/browser/examples/core-browse-services.c>.  This
8
 * includes the following functions: "resolve_callback",
9
 * "browse_callback", and parts of "main".
10
 * 
28 by Teddy Hogeborn
* server.conf: New file.
11
 * Everything else is
12
 * Copyright © 2007-2008 Teddy Hogeborn & Björn Påhlsson
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
13
 * 
14
 * This program is free software: you can redistribute it and/or
15
 * modify it under the terms of the GNU General Public License as
16
 * published by the Free Software Foundation, either version 3 of the
17
 * License, or (at your option) any later version.
18
 * 
19
 * This program is distributed in the hope that it will be useful, but
20
 * WITHOUT ANY WARRANTY; without even the implied warranty of
21
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
22
 * General Public License for more details.
23
 * 
24
 * You should have received a copy of the GNU General Public License
25
 * along with this program.  If not, see
26
 * <http://www.gnu.org/licenses/>.
27
 * 
31 by Teddy Hogeborn
* plugins.d/plugbasedclient.c: Update include file comments.
28
 * Contact the authors at <mandos@fukt.bsnet.se>.
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
29
 */
30
28 by Teddy Hogeborn
* server.conf: New file.
31
/* Needed by GPGME, specifically gpgme_data_seek() */
13 by Björn Påhlsson
Added following support:
32
#define _LARGEFILE_SOURCE
33
#define _FILE_OFFSET_BITS 64
34
35
#include <stdio.h>
36
#include <assert.h>
37
#include <stdlib.h>
38
#include <time.h>
39
#include <net/if.h>		/* if_nametoindex */
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
40
#include <sys/ioctl.h>          /* ioctl, ifreq, SIOCGIFFLAGS, IFF_UP,
41
				   SIOCSIFFLAGS */
42
#include <net/if.h>		/* ioctl, ifreq, SIOCGIFFLAGS, IFF_UP,
43
				   SIOCSIFFLAGS */
13 by Björn Påhlsson
Added following support:
44
45
#include <avahi-core/core.h>
46
#include <avahi-core/lookup.h>
47
#include <avahi-core/log.h>
48
#include <avahi-common/simple-watch.h>
49
#include <avahi-common/malloc.h>
50
#include <avahi-common/error.h>
51
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
52
/* Mandos client part */
22 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Cast "0" argument to
53
#include <sys/types.h>		/* socket(), inet_pton() */
54
#include <sys/socket.h>		/* socket(), struct sockaddr_in6,
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
55
				   struct in6_addr, inet_pton() */
56
#include <gnutls/gnutls.h>	/* All GnuTLS stuff */
57
#include <gnutls/openpgp.h>	/* GnuTLS with openpgp stuff */
13 by Björn Påhlsson
Added following support:
58
59
#include <unistd.h>		/* close() */
60
#include <netinet/in.h>
61
#include <stdbool.h>		/* true */
62
#include <string.h>		/* memset */
63
#include <arpa/inet.h>		/* inet_pton() */
64
#include <iso646.h>		/* not */
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
65
#include <net/if.h>		/* IF_NAMESIZE */
13 by Björn Påhlsson
Added following support:
66
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
67
/* GPGME */
13 by Björn Påhlsson
Added following support:
68
#include <errno.h>		/* perror() */
69
#include <gpgme.h>
70
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
71
/* getopt_long */
15.1.3 by Björn Påhlsson
Added getopt_long support for mandosclient and passprompt
72
#include <getopt.h>
13 by Björn Påhlsson
Added following support:
73
74
#define BUFFER_SIZE 256
37 by Teddy Hogeborn
Non-tested commit for merge purposes.
75
76
static const char *keydir = "/conf/conf.d/mandos";
77
static const char *pubkeyfile = "pubkey.txt";
78
static const char *seckeyfile = "seckey.txt";
24.1.4 by Björn Påhlsson
Added optional parameters certdir, certkey and certfile that can be iven at start in the command line.
79
15.1.2 by Björn Påhlsson
Added debug options from passprompt as --debug and --debug=passprompt
80
bool debug = false;
15.1.1 by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient
81
38 by Teddy Hogeborn
* plugbasedclient.c (main): New "--userid" and "--groupid" options.
82
/* Used for passing in values through all the callback functions */
13 by Björn Påhlsson
Added following support:
83
typedef struct {
24.1.9 by Björn Påhlsson
not working midwork...
84
  AvahiSimplePoll *simple_poll;
85
  AvahiServer *server;
13 by Björn Påhlsson
Added following support:
86
  gnutls_certificate_credentials_t cred;
24.1.9 by Björn Påhlsson
not working midwork...
87
  unsigned int dh_bits;
88
  const char *priority;
89
} mandos_context;
13 by Björn Påhlsson
Added following support:
90
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
91
/* 
92
 * Decrypt OpenPGP data using keyrings in HOMEDIR.
93
 * Returns -1 on error
94
 */
95
static ssize_t pgp_packet_decrypt (const char *cryptotext,
96
				   size_t crypto_size,
97
				   char **plaintext,
36 by Teddy Hogeborn
* TODO: Converted to org-mode style
98
				   const char *homedir){
13 by Björn Påhlsson
Added following support:
99
  gpgme_data_t dh_crypto, dh_plain;
100
  gpgme_ctx_t ctx;
101
  gpgme_error_t rc;
102
  ssize_t ret;
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
103
  size_t plaintext_capacity = 0;
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
104
  ssize_t plaintext_length = 0;
13 by Björn Påhlsson
Added following support:
105
  gpgme_engine_info_t engine_info;
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
106
  
15.1.1 by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient
107
  if (debug){
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
108
    fprintf(stderr, "Trying to decrypt OpenPGP data\n");
15.1.1 by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient
109
  }
110
  
13 by Björn Påhlsson
Added following support:
111
  /* Init GPGME */
112
  gpgme_check_version(NULL);
24.1.4 by Björn Påhlsson
Added optional parameters certdir, certkey and certfile that can be iven at start in the command line.
113
  rc = gpgme_engine_check_version(GPGME_PROTOCOL_OpenPGP);
114
  if (rc != GPG_ERR_NO_ERROR){
115
    fprintf(stderr, "bad gpgme_engine_check_version: %s: %s\n",
116
	    gpgme_strsource(rc), gpgme_strerror(rc));
117
    return -1;
118
  }
13 by Björn Påhlsson
Added following support:
119
  
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
120
  /* Set GPGME home directory for the OpenPGP engine only */
13 by Björn Påhlsson
Added following support:
121
  rc = gpgme_get_engine_info (&engine_info);
122
  if (rc != GPG_ERR_NO_ERROR){
123
    fprintf(stderr, "bad gpgme_get_engine_info: %s: %s\n",
124
	    gpgme_strsource(rc), gpgme_strerror(rc));
125
    return -1;
126
  }
127
  while(engine_info != NULL){
128
    if(engine_info->protocol == GPGME_PROTOCOL_OpenPGP){
129
      gpgme_set_engine_info(GPGME_PROTOCOL_OpenPGP,
130
			    engine_info->file_name, homedir);
131
      break;
132
    }
133
    engine_info = engine_info->next;
134
  }
135
  if(engine_info == NULL){
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
136
    fprintf(stderr, "Could not set GPGME home dir to %s\n", homedir);
13 by Björn Påhlsson
Added following support:
137
    return -1;
138
  }
139
  
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
140
  /* Create new GPGME data buffer from memory cryptotext */
141
  rc = gpgme_data_new_from_mem(&dh_crypto, cryptotext, crypto_size,
142
			       0);
13 by Björn Påhlsson
Added following support:
143
  if (rc != GPG_ERR_NO_ERROR){
144
    fprintf(stderr, "bad gpgme_data_new_from_mem: %s: %s\n",
145
	    gpgme_strsource(rc), gpgme_strerror(rc));
146
    return -1;
147
  }
148
  
149
  /* Create new empty GPGME data buffer for the plaintext */
150
  rc = gpgme_data_new(&dh_plain);
151
  if (rc != GPG_ERR_NO_ERROR){
152
    fprintf(stderr, "bad gpgme_data_new: %s: %s\n",
153
	    gpgme_strsource(rc), gpgme_strerror(rc));
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
154
    gpgme_data_release(dh_crypto);
13 by Björn Påhlsson
Added following support:
155
    return -1;
156
  }
157
  
158
  /* Create new GPGME "context" */
159
  rc = gpgme_new(&ctx);
160
  if (rc != GPG_ERR_NO_ERROR){
161
    fprintf(stderr, "bad gpgme_new: %s: %s\n",
162
	    gpgme_strsource(rc), gpgme_strerror(rc));
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
163
    plaintext_length = -1;
164
    goto decrypt_end;
13 by Björn Påhlsson
Added following support:
165
  }
166
  
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
167
  /* Decrypt data from the cryptotext data buffer to the plaintext
168
     data buffer */
13 by Björn Påhlsson
Added following support:
169
  rc = gpgme_op_decrypt(ctx, dh_crypto, dh_plain);
170
  if (rc != GPG_ERR_NO_ERROR){
171
    fprintf(stderr, "bad gpgme_op_decrypt: %s: %s\n",
172
	    gpgme_strsource(rc), gpgme_strerror(rc));
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
173
    plaintext_length = -1;
174
    goto decrypt_end;
13 by Björn Påhlsson
Added following support:
175
  }
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
176
  
15.1.1 by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient
177
  if(debug){
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
178
    fprintf(stderr, "Decryption of OpenPGP data succeeded\n");
15.1.1 by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient
179
  }
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
180
  
15.1.1 by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient
181
  if (debug){
182
    gpgme_decrypt_result_t result;
183
    result = gpgme_op_decrypt_result(ctx);
184
    if (result == NULL){
185
      fprintf(stderr, "gpgme_op_decrypt_result failed\n");
186
    } else {
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
187
      fprintf(stderr, "Unsupported algorithm: %s\n",
188
	      result->unsupported_algorithm);
189
      fprintf(stderr, "Wrong key usage: %d\n",
190
	      result->wrong_key_usage);
15.1.1 by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient
191
      if(result->file_name != NULL){
192
	fprintf(stderr, "File name: %s\n", result->file_name);
193
      }
194
      gpgme_recipient_t recipient;
195
      recipient = result->recipients;
196
      if(recipient){
197
	while(recipient != NULL){
198
	  fprintf(stderr, "Public key algorithm: %s\n",
199
		  gpgme_pubkey_algo_name(recipient->pubkey_algo));
200
	  fprintf(stderr, "Key ID: %s\n", recipient->keyid);
201
	  fprintf(stderr, "Secret key available: %s\n",
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
202
		  recipient->status == GPG_ERR_NO_SECKEY
203
		  ? "No" : "Yes");
15.1.1 by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient
204
	  recipient = recipient->next;
205
	}
206
      }
207
    }
208
  }
13 by Björn Påhlsson
Added following support:
209
  
210
  /* Seek back to the beginning of the GPGME plaintext data buffer */
24.1.5 by Björn Påhlsson
plugbasedclient:
211
  if (gpgme_data_seek(dh_plain, (off_t) 0, SEEK_SET) == -1){
212
    perror("pgpme_data_seek");
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
213
    plaintext_length = -1;
214
    goto decrypt_end;
24.1.5 by Björn Påhlsson
plugbasedclient:
215
  }
216
  
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
217
  *plaintext = NULL;
13 by Björn Påhlsson
Added following support:
218
  while(true){
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
219
    if (plaintext_length + BUFFER_SIZE
220
	> (ssize_t) plaintext_capacity){
221
      *plaintext = realloc(*plaintext, plaintext_capacity
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
222
			    + BUFFER_SIZE);
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
223
      if (*plaintext == NULL){
13 by Björn Påhlsson
Added following support:
224
	perror("realloc");
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
225
	plaintext_length = -1;
226
	goto decrypt_end;
13 by Björn Påhlsson
Added following support:
227
      }
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
228
      plaintext_capacity += BUFFER_SIZE;
13 by Björn Påhlsson
Added following support:
229
    }
230
    
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
231
    ret = gpgme_data_read(dh_plain, *plaintext + plaintext_length,
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
232
			  BUFFER_SIZE);
13 by Björn Påhlsson
Added following support:
233
    /* Print the data, if any */
234
    if (ret == 0){
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
235
      /* EOF */
13 by Björn Påhlsson
Added following support:
236
      break;
237
    }
238
    if(ret < 0){
239
      perror("gpgme_data_read");
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
240
      plaintext_length = -1;
241
      goto decrypt_end;
13 by Björn Påhlsson
Added following support:
242
    }
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
243
    plaintext_length += ret;
13 by Björn Påhlsson
Added following support:
244
  }
245
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
246
  if(debug){
247
    fprintf(stderr, "Decrypted password is: ");
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
248
    for(ssize_t i = 0; i < plaintext_length; i++){
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
249
      fprintf(stderr, "%02hhX ", (*plaintext)[i]);
250
    }
251
    fprintf(stderr, "\n");
252
  }
253
  
254
 decrypt_end:
255
  
256
  /* Delete the GPGME cryptotext data buffer */
257
  gpgme_data_release(dh_crypto);
15.1.3 by Björn Påhlsson
Added getopt_long support for mandosclient and passprompt
258
  
259
  /* Delete the GPGME plaintext data buffer */
13 by Björn Påhlsson
Added following support:
260
  gpgme_data_release(dh_plain);
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
261
  return plaintext_length;
13 by Björn Påhlsson
Added following support:
262
}
263
264
static const char * safer_gnutls_strerror (int value) {
265
  const char *ret = gnutls_strerror (value);
266
  if (ret == NULL)
267
    ret = "(unknown)";
268
  return ret;
269
}
270
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
271
/* GnuTLS log function callback */
36 by Teddy Hogeborn
* TODO: Converted to org-mode style
272
static void debuggnutls(__attribute__((unused)) int level,
273
			const char* string){
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
274
  fprintf(stderr, "GnuTLS: %s", string);
13 by Björn Påhlsson
Added following support:
275
}
276
38 by Teddy Hogeborn
* plugbasedclient.c (main): New "--userid" and "--groupid" options.
277
static int initgnutls(mandos_context *mc, gnutls_session_t *session,
278
		      gnutls_dh_params_t *dh_params){
13 by Björn Påhlsson
Added following support:
279
  int ret;
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
280
  
15.1.1 by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient
281
  if(debug){
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
282
    fprintf(stderr, "Initializing GnuTLS\n");
15.1.1 by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient
283
  }
24.1.4 by Björn Påhlsson
Added optional parameters certdir, certkey and certfile that can be iven at start in the command line.
284
13 by Björn Påhlsson
Added following support:
285
  if ((ret = gnutls_global_init ())
286
      != GNUTLS_E_SUCCESS) {
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
287
    fprintf (stderr, "GnuTLS global_init: %s\n",
288
	     safer_gnutls_strerror(ret));
13 by Björn Påhlsson
Added following support:
289
    return -1;
290
  }
38 by Teddy Hogeborn
* plugbasedclient.c (main): New "--userid" and "--groupid" options.
291
  
15.1.1 by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient
292
  if (debug){
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
293
    /* "Use a log level over 10 to enable all debugging options."
294
     * - GnuTLS manual
295
     */
15.1.1 by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient
296
    gnutls_global_set_log_level(11);
297
    gnutls_global_set_log_function(debuggnutls);
298
  }
299
  
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
300
  /* OpenPGP credentials */
38 by Teddy Hogeborn
* plugbasedclient.c (main): New "--userid" and "--groupid" options.
301
  if ((ret = gnutls_certificate_allocate_credentials (&mc->cred))
13 by Björn Påhlsson
Added following support:
302
      != GNUTLS_E_SUCCESS) {
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
303
    fprintf (stderr, "GnuTLS memory error: %s\n",
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
304
	     safer_gnutls_strerror(ret));
13 by Björn Påhlsson
Added following support:
305
    return -1;
306
  }
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
307
  
15.1.1 by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient
308
  if(debug){
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
309
    fprintf(stderr, "Attempting to use OpenPGP certificate %s"
37 by Teddy Hogeborn
Non-tested commit for merge purposes.
310
	    " and keyfile %s as GnuTLS credentials\n", pubkeyfile,
311
	    seckeyfile);
15.1.1 by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient
312
  }
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
313
  
13 by Björn Påhlsson
Added following support:
314
  ret = gnutls_certificate_set_openpgp_key_file
38 by Teddy Hogeborn
* plugbasedclient.c (main): New "--userid" and "--groupid" options.
315
    (mc->cred, pubkeyfile, seckeyfile, GNUTLS_OPENPGP_FMT_BASE64);
13 by Björn Påhlsson
Added following support:
316
  if (ret != GNUTLS_E_SUCCESS) {
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
317
    fprintf(stderr,
318
	    "Error[%d] while reading the OpenPGP key pair ('%s',"
319
	    " '%s')\n", ret, pubkeyfile, seckeyfile);
320
    fprintf(stdout, "The GnuTLS error is: %s\n",
13 by Björn Påhlsson
Added following support:
321
	    safer_gnutls_strerror(ret));
322
    return -1;
323
  }
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
324
  
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
325
  /* GnuTLS server initialization */
326
  ret = gnutls_dh_params_init(dh_params);
327
  if (ret != GNUTLS_E_SUCCESS) {
328
    fprintf (stderr, "Error in GnuTLS DH parameter initialization:"
329
	     " %s\n", safer_gnutls_strerror(ret));
13 by Björn Påhlsson
Added following support:
330
    return -1;
331
  }
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
332
  ret = gnutls_dh_params_generate2(*dh_params, mc->dh_bits);
333
  if (ret != GNUTLS_E_SUCCESS) {
334
    fprintf (stderr, "Error in GnuTLS prime generation: %s\n",
13 by Björn Påhlsson
Added following support:
335
	     safer_gnutls_strerror(ret));
336
    return -1;
337
  }
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
338
  
38 by Teddy Hogeborn
* plugbasedclient.c (main): New "--userid" and "--groupid" options.
339
  gnutls_certificate_set_dh_params(mc->cred, *dh_params);
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
340
  
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
341
  /* GnuTLS session creation */
342
  ret = gnutls_init(session, GNUTLS_SERVER);
343
  if (ret != GNUTLS_E_SUCCESS){
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
344
    fprintf(stderr, "Error in GnuTLS session initialization: %s\n",
13 by Björn Påhlsson
Added following support:
345
	    safer_gnutls_strerror(ret));
346
  }
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
347
  
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
348
  {
349
    const char *err;
350
    ret = gnutls_priority_set_direct(*session, mc->priority, &err);
351
    if (ret != GNUTLS_E_SUCCESS) {
352
      fprintf(stderr, "Syntax error at: %s\n", err);
353
      fprintf(stderr, "GnuTLS error: %s\n",
354
	      safer_gnutls_strerror(ret));
355
      return -1;
356
    }
13 by Björn Påhlsson
Added following support:
357
  }
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
358
  
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
359
  ret = gnutls_credentials_set(*session, GNUTLS_CRD_CERTIFICATE,
360
			       mc->cred);
361
  if (ret != GNUTLS_E_SUCCESS) {
362
    fprintf(stderr, "Error setting GnuTLS credentials: %s\n",
13 by Björn Påhlsson
Added following support:
363
	    safer_gnutls_strerror(ret));
364
    return -1;
365
  }
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
366
  
13 by Björn Påhlsson
Added following support:
367
  /* ignore client certificate if any. */
38 by Teddy Hogeborn
* plugbasedclient.c (main): New "--userid" and "--groupid" options.
368
  gnutls_certificate_server_set_request (*session,
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
369
					 GNUTLS_CERT_IGNORE);
13 by Björn Påhlsson
Added following support:
370
  
38 by Teddy Hogeborn
* plugbasedclient.c (main): New "--userid" and "--groupid" options.
371
  gnutls_dh_set_prime_bits (*session, mc->dh_bits);
13 by Björn Påhlsson
Added following support:
372
  
373
  return 0;
374
}
375
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
376
/* Avahi log function callback */
36 by Teddy Hogeborn
* TODO: Converted to org-mode style
377
static void empty_log(__attribute__((unused)) AvahiLogLevel level,
378
		      __attribute__((unused)) const char *txt){}
13 by Björn Påhlsson
Added following support:
379
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
380
/* Called when a Mandos server is found */
36 by Teddy Hogeborn
* TODO: Converted to org-mode style
381
static int start_mandos_communication(const char *ip, uint16_t port,
24.1.9 by Björn Påhlsson
not working midwork...
382
				      AvahiIfIndex if_index,
383
				      mandos_context *mc){
13 by Björn Påhlsson
Added following support:
384
  int ret, tcp_sd;
385
  struct sockaddr_in6 to;
386
  char *buffer = NULL;
387
  char *decrypted_buffer;
388
  size_t buffer_length = 0;
389
  size_t buffer_capacity = 0;
390
  ssize_t decrypted_buffer_size;
22 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Cast "0" argument to
391
  size_t written = 0;
13 by Björn Påhlsson
Added following support:
392
  int retval = 0;
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
393
  char interface[IF_NAMESIZE];
38 by Teddy Hogeborn
* plugbasedclient.c (main): New "--userid" and "--groupid" options.
394
  gnutls_session_t session;
395
  gnutls_dh_params_t dh_params;
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
396
  
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
397
  ret = initgnutls (mc, &session, &dh_params);
398
  if (ret != 0){
399
    return -1;
400
  }
401
  
15.1.1 by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient
402
  if(debug){
28 by Teddy Hogeborn
* server.conf: New file.
403
    fprintf(stderr, "Setting up a tcp connection to %s, port %d\n",
404
	    ip, port);
15.1.1 by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient
405
  }
13 by Björn Påhlsson
Added following support:
406
  
407
  tcp_sd = socket(PF_INET6, SOCK_STREAM, 0);
408
  if(tcp_sd < 0) {
409
    perror("socket");
410
    return -1;
411
  }
24.1.6 by Björn Påhlsson
plugbasedclient
412
413
  if(debug){
24.1.7 by Björn Påhlsson
merge
414
    if(if_indextoname((unsigned int)if_index, interface) == NULL){
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
415
      perror("if_indextoname");
24.1.6 by Björn Påhlsson
plugbasedclient
416
      return -1;
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
417
    }
15.1.1 by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient
418
    fprintf(stderr, "Binding to interface %s\n", interface);
419
  }
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
420
  
22 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Cast "0" argument to
421
  memset(&to,0,sizeof(to));	/* Spurious warning */
13 by Björn Påhlsson
Added following support:
422
  to.sin6_family = AF_INET6;
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
423
  /* It would be nice to have a way to detect if we were passed an
424
     IPv4 address here.   Now we assume an IPv6 address. */
18 by Teddy Hogeborn
* plugins.d/Makefile: Removed
425
  ret = inet_pton(AF_INET6, ip, &to.sin6_addr);
13 by Björn Påhlsson
Added following support:
426
  if (ret < 0 ){
427
    perror("inet_pton");
428
    return -1;
38 by Teddy Hogeborn
* plugbasedclient.c (main): New "--userid" and "--groupid" options.
429
  }
13 by Björn Påhlsson
Added following support:
430
  if(ret == 0){
431
    fprintf(stderr, "Bad address: %s\n", ip);
432
    return -1;
433
  }
22 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Cast "0" argument to
434
  to.sin6_port = htons(port);	/* Spurious warning */
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
435
  
436
  to.sin6_scope_id = (uint32_t)if_index;
437
  
15.1.1 by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient
438
  if(debug){
28 by Teddy Hogeborn
* server.conf: New file.
439
    fprintf(stderr, "Connection to: %s, port %d\n", ip, port);
37 by Teddy Hogeborn
Non-tested commit for merge purposes.
440
    char addrstr[INET6_ADDRSTRLEN] = "";
441
    if(inet_ntop(to.sin6_family, &(to.sin6_addr), addrstr,
442
		 sizeof(addrstr)) == NULL){
443
      perror("inet_ntop");
444
    } else {
445
      if(strcmp(addrstr, ip) != 0){
38 by Teddy Hogeborn
* plugbasedclient.c (main): New "--userid" and "--groupid" options.
446
	fprintf(stderr, "Canonical address form: %s\n", addrstr);
37 by Teddy Hogeborn
Non-tested commit for merge purposes.
447
      }
448
    }
15.1.1 by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient
449
  }
13 by Björn Påhlsson
Added following support:
450
  
451
  ret = connect(tcp_sd, (struct sockaddr *) &to, sizeof(to));
452
  if (ret < 0){
453
    perror("connect");
454
    return -1;
455
  }
456
  
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
457
  if(debug){
458
    fprintf(stderr, "Establishing TLS session with %s\n", ip);
13 by Björn Påhlsson
Added following support:
459
  }
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
460
  
38 by Teddy Hogeborn
* plugbasedclient.c (main): New "--userid" and "--groupid" options.
461
  gnutls_transport_set_ptr (session, (gnutls_transport_ptr_t) tcp_sd);
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
462
  
38 by Teddy Hogeborn
* plugbasedclient.c (main): New "--userid" and "--groupid" options.
463
  ret = gnutls_handshake (session);
13 by Björn Påhlsson
Added following support:
464
  
465
  if (ret != GNUTLS_E_SUCCESS){
25 by Teddy Hogeborn
* mandos-clients.conf ([DEFAULT]): New section.
466
    if(debug){
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
467
      fprintf(stderr, "*** GnuTLS Handshake failed ***\n");
25 by Teddy Hogeborn
* mandos-clients.conf ([DEFAULT]): New section.
468
      gnutls_perror (ret);
469
    }
13 by Björn Påhlsson
Added following support:
470
    retval = -1;
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
471
    goto mandos_end;
13 by Björn Påhlsson
Added following support:
472
  }
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
473
  
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
474
  /* Read OpenPGP packet that contains the wanted password */
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
475
  
15.1.1 by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient
476
  if(debug){
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
477
    fprintf(stderr, "Retrieving pgp encrypted password from %s\n",
478
	    ip);
15.1.1 by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient
479
  }
480
13 by Björn Påhlsson
Added following support:
481
  while(true){
482
    if (buffer_length + BUFFER_SIZE > buffer_capacity){
483
      buffer = realloc(buffer, buffer_capacity + BUFFER_SIZE);
484
      if (buffer == NULL){
485
	perror("realloc");
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
486
	retval = -1;
487
	goto mandos_end;
13 by Björn Påhlsson
Added following support:
488
      }
489
      buffer_capacity += BUFFER_SIZE;
490
    }
491
    
38 by Teddy Hogeborn
* plugbasedclient.c (main): New "--userid" and "--groupid" options.
492
    ret = gnutls_record_recv(session, buffer+buffer_length,
493
			     BUFFER_SIZE);
13 by Björn Påhlsson
Added following support:
494
    if (ret == 0){
495
      break;
496
    }
497
    if (ret < 0){
498
      switch(ret){
499
      case GNUTLS_E_INTERRUPTED:
500
      case GNUTLS_E_AGAIN:
501
	break;
502
      case GNUTLS_E_REHANDSHAKE:
38 by Teddy Hogeborn
* plugbasedclient.c (main): New "--userid" and "--groupid" options.
503
	ret = gnutls_handshake (session);
13 by Björn Påhlsson
Added following support:
504
	if (ret < 0){
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
505
	  fprintf(stderr, "*** GnuTLS Re-handshake failed ***\n");
13 by Björn Påhlsson
Added following support:
506
	  gnutls_perror (ret);
507
	  retval = -1;
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
508
	  goto mandos_end;
13 by Björn Påhlsson
Added following support:
509
	}
510
	break;
511
      default:
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
512
	fprintf(stderr, "Unknown error while reading data from"
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
513
		" encrypted session with Mandos server\n");
13 by Björn Påhlsson
Added following support:
514
	retval = -1;
38 by Teddy Hogeborn
* plugbasedclient.c (main): New "--userid" and "--groupid" options.
515
	gnutls_bye (session, GNUTLS_SHUT_RDWR);
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
516
	goto mandos_end;
13 by Björn Påhlsson
Added following support:
517
      }
518
    } else {
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
519
      buffer_length += (size_t) ret;
13 by Björn Påhlsson
Added following support:
520
    }
521
  }
15.1.1 by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient
522
  
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
523
  if(debug){
524
    fprintf(stderr, "Closing TLS session\n");
525
  }
526
  
527
  gnutls_bye (session, GNUTLS_SHUT_RDWR);
528
  
13 by Björn Påhlsson
Added following support:
529
  if (buffer_length > 0){
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
530
    decrypted_buffer_size = pgp_packet_decrypt(buffer,
531
					       buffer_length,
532
					       &decrypted_buffer,
37 by Teddy Hogeborn
Non-tested commit for merge purposes.
533
					       keydir);
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
534
    if (decrypted_buffer_size >= 0){
28 by Teddy Hogeborn
* server.conf: New file.
535
      while(written < (size_t) decrypted_buffer_size){
22 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Cast "0" argument to
536
	ret = (int)fwrite (decrypted_buffer + written, 1,
537
			   (size_t)decrypted_buffer_size - written,
538
			   stdout);
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
539
	if(ret == 0 and ferror(stdout)){
540
	  if(debug){
541
	    fprintf(stderr, "Error writing encrypted data: %s\n",
542
		    strerror(errno));
543
	  }
544
	  retval = -1;
545
	  break;
546
	}
22 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Cast "0" argument to
547
	written += (size_t)ret;
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
548
      }
13 by Björn Påhlsson
Added following support:
549
      free(decrypted_buffer);
15.1.1 by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient
550
    } else {
551
      retval = -1;
13 by Björn Påhlsson
Added following support:
552
    }
553
  }
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
554
  
555
  /* Shutdown procedure */
556
  
557
 mandos_end:
13 by Björn Påhlsson
Added following support:
558
  free(buffer);
559
  close(tcp_sd);
38 by Teddy Hogeborn
* plugbasedclient.c (main): New "--userid" and "--groupid" options.
560
  gnutls_deinit (session);
561
  gnutls_certificate_free_credentials (mc->cred);
13 by Björn Påhlsson
Added following support:
562
  gnutls_global_deinit ();
563
  return retval;
564
}
565
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
566
static void resolve_callback(AvahiSServiceResolver *r,
567
			     AvahiIfIndex interface,
568
			     AVAHI_GCC_UNUSED AvahiProtocol protocol,
569
			     AvahiResolverEvent event,
570
			     const char *name,
571
			     const char *type,
572
			     const char *domain,
573
			     const char *host_name,
574
			     const AvahiAddress *address,
575
			     uint16_t port,
576
			     AVAHI_GCC_UNUSED AvahiStringList *txt,
577
			     AVAHI_GCC_UNUSED AvahiLookupResultFlags
578
			     flags,
579
			     void* userdata) {
24.1.9 by Björn Påhlsson
not working midwork...
580
  mandos_context *mc = userdata;
22 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Cast "0" argument to
581
  assert(r);			/* Spurious warning */
582
  
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
583
  /* Called whenever a service has been resolved successfully or
584
     timed out */
22 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Cast "0" argument to
585
  
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
586
  switch (event) {
587
  default:
588
  case AVAHI_RESOLVER_FAILURE:
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
589
    fprintf(stderr, "(Avahi Resolver) Failed to resolve service '%s'"
590
	    " of type '%s' in domain '%s': %s\n", name, type, domain,
24.1.9 by Björn Påhlsson
not working midwork...
591
	    avahi_strerror(avahi_server_errno(mc->server)));
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
592
    break;
22 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Cast "0" argument to
593
    
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
594
  case AVAHI_RESOLVER_FOUND:
595
    {
596
      char ip[AVAHI_ADDRESS_STR_MAX];
597
      avahi_address_snprint(ip, sizeof(ip), address);
598
      if(debug){
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
599
	fprintf(stderr, "Mandos server \"%s\" found on %s (%s, %d) on"
600
		" port %d\n", name, host_name, ip, interface, port);
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
601
      }
24.1.9 by Björn Påhlsson
not working midwork...
602
      int ret = start_mandos_communication(ip, port, interface, mc);
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
603
      if (ret == 0){
604
	exit(EXIT_SUCCESS);
605
      }
13 by Björn Påhlsson
Added following support:
606
    }
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
607
  }
608
  avahi_s_service_resolver_free(r);
13 by Björn Påhlsson
Added following support:
609
}
610
24.1.9 by Björn Påhlsson
not working midwork...
611
static void browse_callback( AvahiSServiceBrowser *b,
612
			     AvahiIfIndex interface,
613
			     AvahiProtocol protocol,
614
			     AvahiBrowserEvent event,
615
			     const char *name,
616
			     const char *type,
617
			     const char *domain,
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
618
			     AVAHI_GCC_UNUSED AvahiLookupResultFlags
619
			     flags,
24.1.9 by Björn Påhlsson
not working midwork...
620
			     void* userdata) {
621
  mandos_context *mc = userdata;
622
  assert(b);			/* Spurious warning */
623
  
624
  /* Called whenever a new services becomes available on the LAN or
625
     is removed from the LAN */
626
  
627
  switch (event) {
628
  default:
629
  case AVAHI_BROWSER_FAILURE:
38 by Teddy Hogeborn
* plugbasedclient.c (main): New "--userid" and "--groupid" options.
630
    
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
631
    fprintf(stderr, "(Avahi browser) %s\n",
24.1.9 by Björn Påhlsson
not working midwork...
632
	    avahi_strerror(avahi_server_errno(mc->server)));
633
    avahi_simple_poll_quit(mc->simple_poll);
634
    return;
38 by Teddy Hogeborn
* plugbasedclient.c (main): New "--userid" and "--groupid" options.
635
    
24.1.9 by Björn Påhlsson
not working midwork...
636
  case AVAHI_BROWSER_NEW:
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
637
    /* We ignore the returned Avahi resolver object. In the callback
638
       function we free it. If the Avahi server is terminated before
639
       the callback function is called the Avahi server will free the
640
       resolver for us. */
38 by Teddy Hogeborn
* plugbasedclient.c (main): New "--userid" and "--groupid" options.
641
    
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
642
    if (!(avahi_s_service_resolver_new(mc->server, interface,
643
				       protocol, name, type, domain,
24.1.9 by Björn Påhlsson
not working midwork...
644
				       AVAHI_PROTO_INET6, 0,
645
				       resolve_callback, mc)))
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
646
      fprintf(stderr, "Avahi: Failed to resolve service '%s': %s\n",
647
	      name, avahi_strerror(avahi_server_errno(mc->server)));
24.1.9 by Björn Påhlsson
not working midwork...
648
    break;
38 by Teddy Hogeborn
* plugbasedclient.c (main): New "--userid" and "--groupid" options.
649
    
24.1.9 by Björn Påhlsson
not working midwork...
650
  case AVAHI_BROWSER_REMOVE:
651
    break;
38 by Teddy Hogeborn
* plugbasedclient.c (main): New "--userid" and "--groupid" options.
652
    
24.1.9 by Björn Påhlsson
not working midwork...
653
  case AVAHI_BROWSER_ALL_FOR_NOW:
654
  case AVAHI_BROWSER_CACHE_EXHAUSTED:
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
655
    if(debug){
656
      fprintf(stderr, "No Mandos server found, still searching...\n");
657
    }
24.1.9 by Björn Påhlsson
not working midwork...
658
    break;
659
  }
13 by Björn Påhlsson
Added following support:
660
}
661
36 by Teddy Hogeborn
* TODO: Converted to org-mode style
662
/* Combines file name and path and returns the malloced new
663
   string. some sane checks could/should be added */
664
static const char *combinepath(const char *first, const char *second){
665
  size_t f_len = strlen(first);
666
  size_t s_len = strlen(second);
667
  char *tmp = malloc(f_len + s_len + 2);
24.1.4 by Björn Påhlsson
Added optional parameters certdir, certkey and certfile that can be iven at start in the command line.
668
  if (tmp == NULL){
669
    return NULL;
670
  }
36 by Teddy Hogeborn
* TODO: Converted to org-mode style
671
  if(f_len > 0){
38 by Teddy Hogeborn
* plugbasedclient.c (main): New "--userid" and "--groupid" options.
672
    memcpy(tmp, first, f_len);	/* Spurious warning */
36 by Teddy Hogeborn
* TODO: Converted to org-mode style
673
  }
674
  tmp[f_len] = '/';
675
  if(s_len > 0){
38 by Teddy Hogeborn
* plugbasedclient.c (main): New "--userid" and "--groupid" options.
676
    memcpy(tmp + f_len + 1, second, s_len); /* Spurious warning */
36 by Teddy Hogeborn
* TODO: Converted to org-mode style
677
  }
678
  tmp[f_len + 1 + s_len] = '\0';
24.1.4 by Björn Påhlsson
Added optional parameters certdir, certkey and certfile that can be iven at start in the command line.
679
  return tmp;
680
}
681
682
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
683
int main(int argc, char *argv[]){
13 by Björn Påhlsson
Added following support:
684
    AvahiSServiceBrowser *sb = NULL;
685
    int error;
15.1.3 by Björn Påhlsson
Added getopt_long support for mandosclient and passprompt
686
    int ret;
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
687
    int exitcode = EXIT_SUCCESS;
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
688
    const char *interface = "eth0";
24.1.6 by Björn Påhlsson
plugbasedclient
689
    struct ifreq network;
690
    int sd;
24.1.7 by Björn Påhlsson
merge
691
    char *connect_to = NULL;
29 by Teddy Hogeborn
* plugins.d/mandosclient.c (start_mandos_communication): Changed
692
    AvahiIfIndex if_index = AVAHI_IF_UNSPEC;
24.1.9 by Björn Påhlsson
not working midwork...
693
    mandos_context mc = { .simple_poll = NULL, .server = NULL,
38 by Teddy Hogeborn
* plugbasedclient.c (main): New "--userid" and "--groupid" options.
694
			  .dh_bits = 1024, .priority = "SECURE256"};
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
695
    
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
696
    {
697
      /* Temporary int to get the address of for getopt_long */
698
      int debug_int = debug ? 1 : 0;
699
      while (true){
700
	struct option long_options[] = {
701
	  {"debug", no_argument, &debug_int, 1},
702
	  {"connect", required_argument, NULL, 'c'},
703
	  {"interface", required_argument, NULL, 'i'},
704
	  {"keydir", required_argument, NULL, 'd'},
705
	  {"seckey", required_argument, NULL, 's'},
706
	  {"pubkey", required_argument, NULL, 'p'},
707
	  {"dh-bits", required_argument, NULL, 'D'},
708
	  {"priority", required_argument, NULL, 'P'},
709
	  {0, 0, 0, 0} };
710
      
711
	int option_index = 0;
712
	ret = getopt_long (argc, argv, "i:", long_options,
713
			   &option_index);
714
      
715
	if (ret == -1){
716
	  break;
717
	}
718
      
719
	switch(ret){
720
	case 0:
721
	  break;
722
	case 'i':
723
	  interface = optarg;
724
	  break;
725
	case 'c':
726
	  connect_to = optarg;
727
	  break;
728
	case 'd':
729
	  keydir = optarg;
730
	  break;
731
	case 'p':
732
	  pubkeyfile = optarg;
733
	  break;
734
	case 's':
735
	  seckeyfile = optarg;
736
	  break;
737
	case 'D':
738
	  errno = 0;
739
	  mc.dh_bits = (unsigned int) strtol(optarg, NULL, 10);
740
	  if (errno){
741
	    perror("strtol");
742
	    exit(EXIT_FAILURE);
743
	  }
744
	  break;
745
	case 'P':
746
	  mc.priority = optarg;
747
	  break;
748
	case '?':
749
	default:
750
	  /* getopt_long() has already printed a message about the
751
	     unrcognized option, so just exit. */
38 by Teddy Hogeborn
* plugbasedclient.c (main): New "--userid" and "--groupid" options.
752
	  exit(EXIT_FAILURE);
24.1.9 by Björn Påhlsson
not working midwork...
753
	}
15.1.3 by Björn Påhlsson
Added getopt_long support for mandosclient and passprompt
754
      }
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
755
      /* Set the global debug flag from the temporary int */
756
      debug = debug_int ? true : false;
15.1.3 by Björn Påhlsson
Added getopt_long support for mandosclient and passprompt
757
    }
36 by Teddy Hogeborn
* TODO: Converted to org-mode style
758
    
37 by Teddy Hogeborn
Non-tested commit for merge purposes.
759
    pubkeyfile = combinepath(keydir, pubkeyfile);
760
    if (pubkeyfile == NULL){
36 by Teddy Hogeborn
* TODO: Converted to org-mode style
761
      perror("combinepath");
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
762
      exitcode = EXIT_FAILURE;
763
      goto end;
24.1.4 by Björn Påhlsson
Added optional parameters certdir, certkey and certfile that can be iven at start in the command line.
764
    }
38 by Teddy Hogeborn
* plugbasedclient.c (main): New "--userid" and "--groupid" options.
765
    
766
    seckeyfile = combinepath(keydir, seckeyfile);
767
    if (seckeyfile == NULL){
24.1.7 by Björn Påhlsson
merge
768
      perror("combinepath");
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
769
      goto end;
24.1.6 by Björn Påhlsson
plugbasedclient
770
    }
15.1.3 by Björn Påhlsson
Added getopt_long support for mandosclient and passprompt
771
    
24.1.7 by Björn Påhlsson
merge
772
    if_index = (AvahiIfIndex) if_nametoindex(interface);
773
    if(if_index == 0){
774
      fprintf(stderr, "No such interface: \"%s\"\n", interface);
775
      exit(EXIT_FAILURE);
28 by Teddy Hogeborn
* server.conf: New file.
776
    }
777
    
778
    if(connect_to != NULL){
779
      /* Connect directly, do not use Zeroconf */
780
      /* (Mainly meant for debugging) */
781
      char *address = strrchr(connect_to, ':');
782
      if(address == NULL){
783
        fprintf(stderr, "No colon in address\n");
784
	exit(EXIT_FAILURE);
785
      }
786
      errno = 0;
787
      uint16_t port = (uint16_t) strtol(address+1, NULL, 10);
788
      if(errno){
789
	perror("Bad port number");
790
	exit(EXIT_FAILURE);
791
      }
792
      *address = '\0';
793
      address = connect_to;
38 by Teddy Hogeborn
* plugbasedclient.c (main): New "--userid" and "--groupid" options.
794
      ret = start_mandos_communication(address, port, if_index, &mc);
28 by Teddy Hogeborn
* server.conf: New file.
795
      if(ret < 0){
796
	exit(EXIT_FAILURE);
797
      } else {
798
	exit(EXIT_SUCCESS);
799
      }
800
    }
801
    
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
802
    /* If the interface is down, bring it up */
803
    {
804
      sd = socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP);
805
      if(sd < 0) {
806
	perror("socket");
807
	exitcode = EXIT_FAILURE;
808
	goto end;
809
      }
810
      strcpy(network.ifr_name, interface); /* Spurious warning */
811
      ret = ioctl(sd, SIOCGIFFLAGS, &network);
24.1.6 by Björn Påhlsson
plugbasedclient
812
      if(ret == -1){
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
813
	perror("ioctl SIOCGIFFLAGS");
814
	exitcode = EXIT_FAILURE;
815
	goto end;
816
      }
817
      if((network.ifr_flags & IFF_UP) == 0){
818
	network.ifr_flags |= IFF_UP;
819
	ret = ioctl(sd, SIOCSIFFLAGS, &network);
820
	if(ret == -1){
821
	  perror("ioctl SIOCSIFFLAGS");
822
	  exitcode = EXIT_FAILURE;
823
	  goto end;
824
	}
825
      }
826
      close(sd);
24.1.6 by Björn Påhlsson
plugbasedclient
827
    }
828
    
15.1.1 by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient
829
    if (not debug){
830
      avahi_set_log_function(empty_log);
831
    }
13 by Björn Påhlsson
Added following support:
832
    
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
833
    /* Initialize the pseudo-RNG for Avahi */
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
834
    srand((unsigned int) time(NULL));
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
835
    
836
    /* Allocate main Avahi loop object */
837
    mc.simple_poll = avahi_simple_poll_new();
838
    if (mc.simple_poll == NULL) {
839
        fprintf(stderr, "Avahi: Failed to create simple poll"
840
		" object.\n");
841
	exitcode = EXIT_FAILURE;
842
        goto end;
843
    }
844
845
    {
846
      AvahiServerConfig config;
847
      /* Do not publish any local Zeroconf records */
848
      avahi_server_config_init(&config);
849
      config.publish_hinfo = 0;
850
      config.publish_addresses = 0;
851
      config.publish_workstation = 0;
852
      config.publish_domain = 0;
853
854
      /* Allocate a new server */
855
      mc.server = avahi_server_new(avahi_simple_poll_get
856
				   (mc.simple_poll), &config, NULL,
857
				   NULL, &error);
858
    
859
      /* Free the Avahi configuration data */
860
      avahi_server_config_free(&config);
861
    }
862
    
863
    /* Check if creating the Avahi server object succeeded */
864
    if (mc.server == NULL) {
865
        fprintf(stderr, "Failed to create Avahi server: %s\n",
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
866
		avahi_strerror(error));
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
867
	exitcode = EXIT_FAILURE;
868
        goto end;
13 by Björn Påhlsson
Added following support:
869
    }
870
    
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
871
    /* Create the Avahi service browser */
24.1.9 by Björn Påhlsson
not working midwork...
872
    sb = avahi_s_service_browser_new(mc.server, if_index,
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
873
				     AVAHI_PROTO_INET6,
874
				     "_mandos._tcp", NULL, 0,
24.1.9 by Björn Påhlsson
not working midwork...
875
				     browse_callback, &mc);
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
876
    if (sb == NULL) {
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
877
        fprintf(stderr, "Failed to create service browser: %s\n",
24.1.9 by Björn Påhlsson
not working midwork...
878
		avahi_strerror(avahi_server_errno(mc.server)));
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
879
	exitcode = EXIT_FAILURE;
880
        goto end;
13 by Björn Påhlsson
Added following support:
881
    }
882
    
883
    /* Run the main loop */
15.1.1 by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient
884
885
    if (debug){
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
886
      fprintf(stderr, "Starting Avahi loop search\n");
15.1.1 by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient
887
    }
888
    
38 by Teddy Hogeborn
* plugbasedclient.c (main): New "--userid" and "--groupid" options.
889
    avahi_simple_poll_loop(mc.simple_poll);
13 by Björn Påhlsson
Added following support:
890
    
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
891
 end:
15.1.1 by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient
892
893
    if (debug){
894
      fprintf(stderr, "%s exiting\n", argv[0]);
895
    }
13 by Björn Påhlsson
Added following support:
896
    
897
    /* Cleanup things */
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
898
    if (sb != NULL)
13 by Björn Påhlsson
Added following support:
899
        avahi_s_service_browser_free(sb);
900
    
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
901
    if (mc.server != NULL)
24.1.9 by Björn Påhlsson
not working midwork...
902
        avahi_server_free(mc.server);
13 by Björn Påhlsson
Added following support:
903
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
904
    if (mc.simple_poll != NULL)
38 by Teddy Hogeborn
* plugbasedclient.c (main): New "--userid" and "--groupid" options.
905
        avahi_simple_poll_free(mc.simple_poll);
37 by Teddy Hogeborn
Non-tested commit for merge purposes.
906
    free(pubkeyfile);
907
    free(seckeyfile);
24.1.5 by Björn Påhlsson
plugbasedclient:
908
    
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
909
    return exitcode;
13 by Björn Påhlsson
Added following support:
910
}