To get this branch, use:
bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk
« back to all changes in this revision
Viewing changes to plugins.d/mandosclient.c
- browse files at revision 1
- compare with another revision
- download diff
- download tarball
- view history from revision 1
- Committer: Björn Påhlsson
- Date: 2007-10-20 21:38:25 UTC
- Revision ID: belorn@tower-20071020213825-abf6f0d1c33ee961
First working version with: IPv6, GnuTLS, X.509 certificates, DN
retrieval.
retrieval.
- files added:
- bad-ca.pem
- files removed:
- TODO
- plugins.d
- files modified:
- Makefile
added
removed
plugins.d/mandosclient.c
1
/* -*- coding: utf-8 -*- */
2
/*
3
* Mandos client - get and decrypt data from a Mandos server
4
*
5
* This program is partly derived from an example program for an Avahi
6
* service browser, downloaded from
7
* <http://avahi.org/browser/examples/core-browse-services.c>. This
8
* includes the following functions: "resolve_callback",
9
* "browse_callback", and parts of "main".
10
*
11
* Everything else is
12
* Copyright © 2007-2008 Teddy Hogeborn & Björn Påhlsson
13
*
14
* This program is free software: you can redistribute it and/or
15
* modify it under the terms of the GNU General Public License as
16
* published by the Free Software Foundation, either version 3 of the
17
* License, or (at your option) any later version.
18
*
19
* This program is distributed in the hope that it will be useful, but
20
* WITHOUT ANY WARRANTY; without even the implied warranty of
21
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
22
* General Public License for more details.
23
*
24
* You should have received a copy of the GNU General Public License
25
* along with this program. If not, see
26
* <http://www.gnu.org/licenses/>.
27
*
28
* Contact the authors at <mandos@fukt.bsnet.se>.
29
*/
30
31
/* Needed by GPGME, specifically gpgme_data_seek() */
32
#define _LARGEFILE_SOURCE
33
#define _FILE_OFFSET_BITS 64
34
35
#include <stdio.h>
36
#include <assert.h>
37
#include <stdlib.h>
38
#include <time.h>
39
#include <net/if.h> /* if_nametoindex */
40
41
#include <avahi-core/core.h>
42
#include <avahi-core/lookup.h>
43
#include <avahi-core/log.h>
44
#include <avahi-common/simple-watch.h>
45
#include <avahi-common/malloc.h>
46
#include <avahi-common/error.h>
47
48
//mandos client part
49
#include <sys/types.h> /* socket(), inet_pton() */
50
#include <sys/socket.h> /* socket(), struct sockaddr_in6,
51
struct in6_addr, inet_pton() */
52
#include <gnutls/gnutls.h> /* All GnuTLS stuff */
53
#include <gnutls/openpgp.h> /* GnuTLS with openpgp stuff */
54
55
#include <unistd.h> /* close() */
56
#include <netinet/in.h>
57
#include <stdbool.h> /* true */
58
#include <string.h> /* memset */
59
#include <arpa/inet.h> /* inet_pton() */
60
#include <iso646.h> /* not */
61
62
// gpgme
63
#include <errno.h> /* perror() */
64
#include <gpgme.h>
65
66
// getopt long
67
#include <getopt.h>
68
69
#define BUFFER_SIZE 256
70
#define DH_BITS 1024
71
72
static const char *certdir = "/conf/conf.d/mandos";
73
static const char *certfile = "openpgp-client.txt";
74
static const char *certkey = "openpgp-client-key.txt";
75
76
bool debug = false;
77
78
typedef struct {
79
gnutls_session_t session;
80
gnutls_certificate_credentials_t cred;
81
gnutls_dh_params_t dh_params;
82
} encrypted_session;
83
84
85
static ssize_t pgp_packet_decrypt (char *packet, size_t packet_size,
86
char **new_packet,
87
const char *homedir){
88
gpgme_data_t dh_crypto, dh_plain;
89
gpgme_ctx_t ctx;
90
gpgme_error_t rc;
91
ssize_t ret;
92
ssize_t new_packet_capacity = 0;
93
ssize_t new_packet_length = 0;
94
gpgme_engine_info_t engine_info;
95
96
if (debug){
97
fprintf(stderr, "Trying to decrypt OpenPGP packet\n");
98
}
99
100
/* Init GPGME */
101
gpgme_check_version(NULL);
102
rc = gpgme_engine_check_version(GPGME_PROTOCOL_OpenPGP);
103
if (rc != GPG_ERR_NO_ERROR){
104
fprintf(stderr, "bad gpgme_engine_check_version: %s: %s\n",
105
gpgme_strsource(rc), gpgme_strerror(rc));
106
return -1;
107
}
108
109
/* Set GPGME home directory */
110
rc = gpgme_get_engine_info (&engine_info);
111
if (rc != GPG_ERR_NO_ERROR){
112
fprintf(stderr, "bad gpgme_get_engine_info: %s: %s\n",
113
gpgme_strsource(rc), gpgme_strerror(rc));
114
return -1;
115
}
116
while(engine_info != NULL){
117
if(engine_info->protocol == GPGME_PROTOCOL_OpenPGP){
118
gpgme_set_engine_info(GPGME_PROTOCOL_OpenPGP,
119
engine_info->file_name, homedir);
120
break;
121
}
122
engine_info = engine_info->next;
123
}
124
if(engine_info == NULL){
125
fprintf(stderr, "Could not set home dir to %s\n", homedir);
126
return -1;
127
}
128
129
/* Create new GPGME data buffer from packet buffer */
130
rc = gpgme_data_new_from_mem(&dh_crypto, packet, packet_size, 0);
131
if (rc != GPG_ERR_NO_ERROR){
132
fprintf(stderr, "bad gpgme_data_new_from_mem: %s: %s\n",
133
gpgme_strsource(rc), gpgme_strerror(rc));
134
return -1;
135
}
136
137
/* Create new empty GPGME data buffer for the plaintext */
138
rc = gpgme_data_new(&dh_plain);
139
if (rc != GPG_ERR_NO_ERROR){
140
fprintf(stderr, "bad gpgme_data_new: %s: %s\n",
141
gpgme_strsource(rc), gpgme_strerror(rc));
142
return -1;
143
}
144
145
/* Create new GPGME "context" */
146
rc = gpgme_new(&ctx);
147
if (rc != GPG_ERR_NO_ERROR){
148
fprintf(stderr, "bad gpgme_new: %s: %s\n",
149
gpgme_strsource(rc), gpgme_strerror(rc));
150
return -1;
151
}
152
153
/* Decrypt data from the FILE pointer to the plaintext data
154
buffer */
155
rc = gpgme_op_decrypt(ctx, dh_crypto, dh_plain);
156
if (rc != GPG_ERR_NO_ERROR){
157
fprintf(stderr, "bad gpgme_op_decrypt: %s: %s\n",
158
gpgme_strsource(rc), gpgme_strerror(rc));
159
return -1;
160
}
161
162
if(debug){
163
fprintf(stderr, "Decryption of OpenPGP packet succeeded\n");
164
}
165
166
if (debug){
167
gpgme_decrypt_result_t result;
168
result = gpgme_op_decrypt_result(ctx);
169
if (result == NULL){
170
fprintf(stderr, "gpgme_op_decrypt_result failed\n");
171
} else {
172
fprintf(stderr, "Unsupported algorithm: %s\n",
173
result->unsupported_algorithm);
174
fprintf(stderr, "Wrong key usage: %d\n",
175
result->wrong_key_usage);
176
if(result->file_name != NULL){
177
fprintf(stderr, "File name: %s\n", result->file_name);
178
}
179
gpgme_recipient_t recipient;
180
recipient = result->recipients;
181
if(recipient){
182
while(recipient != NULL){
183
fprintf(stderr, "Public key algorithm: %s\n",
184
gpgme_pubkey_algo_name(recipient->pubkey_algo));
185
fprintf(stderr, "Key ID: %s\n", recipient->keyid);
186
fprintf(stderr, "Secret key available: %s\n",
187
recipient->status == GPG_ERR_NO_SECKEY
188
? "No" : "Yes");
189
recipient = recipient->next;
190
}
191
}
192
}
193
}
194
195
/* Delete the GPGME FILE pointer cryptotext data buffer */
196
gpgme_data_release(dh_crypto);
197
198
/* Seek back to the beginning of the GPGME plaintext data buffer */
199
if (gpgme_data_seek(dh_plain, (off_t) 0, SEEK_SET) == -1){
200
perror("pgpme_data_seek");
201
}
202
203
*new_packet = 0;
204
while(true){
205
if (new_packet_length + BUFFER_SIZE > new_packet_capacity){
206
*new_packet = realloc(*new_packet,
207
(unsigned int)new_packet_capacity
208
+ BUFFER_SIZE);
209
if (*new_packet == NULL){
210
perror("realloc");
211
return -1;
212
}
213
new_packet_capacity += BUFFER_SIZE;
214
}
215
216
ret = gpgme_data_read(dh_plain, *new_packet + new_packet_length,
217
BUFFER_SIZE);
218
/* Print the data, if any */
219
if (ret == 0){
220
break;
221
}
222
if(ret < 0){
223
perror("gpgme_data_read");
224
return -1;
225
}
226
new_packet_length += ret;
227
}
228
229
/* FIXME: check characters before printing to screen so to not print
230
terminal control characters */
231
/* if(debug){ */
232
/* fprintf(stderr, "decrypted password is: "); */
233
/* fwrite(*new_packet, 1, new_packet_length, stderr); */
234
/* fprintf(stderr, "\n"); */
235
/* } */
236
237
/* Delete the GPGME plaintext data buffer */
238
gpgme_data_release(dh_plain);
239
return new_packet_length;
240
}
241
242
static const char * safer_gnutls_strerror (int value) {
243
const char *ret = gnutls_strerror (value);
244
if (ret == NULL)
245
ret = "(unknown)";
246
return ret;
247
}
248
249
static void debuggnutls(__attribute__((unused)) int level,
250
const char* string){
251
fprintf(stderr, "%s", string);
252
}
253
254
static int initgnutls(encrypted_session *es){
255
const char *err;
256
int ret;
257
258
if(debug){
259
fprintf(stderr, "Initializing GnuTLS\n");
260
}
261
262
if ((ret = gnutls_global_init ())
263
!= GNUTLS_E_SUCCESS) {
264
fprintf (stderr, "global_init: %s\n", safer_gnutls_strerror(ret));
265
return -1;
266
}
267
268
if (debug){
269
gnutls_global_set_log_level(11);
270
gnutls_global_set_log_function(debuggnutls);
271
}
272
273
/* openpgp credentials */
274
if ((ret = gnutls_certificate_allocate_credentials (&es->cred))
275
!= GNUTLS_E_SUCCESS) {
276
fprintf (stderr, "memory error: %s\n",
277
safer_gnutls_strerror(ret));
278
return -1;
279
}
280
281
if(debug){
282
fprintf(stderr, "Attempting to use OpenPGP certificate %s"
283
" and keyfile %s as GnuTLS credentials\n", certfile,
284
certkey);
285
}
286
287
ret = gnutls_certificate_set_openpgp_key_file
288
(es->cred, certfile, certkey, GNUTLS_OPENPGP_FMT_BASE64);
289
if (ret != GNUTLS_E_SUCCESS) {
290
fprintf
291
(stderr, "Error[%d] while reading the OpenPGP key pair ('%s',"
292
" '%s')\n",
293
ret, certfile, certkey);
294
fprintf(stdout, "The Error is: %s\n",
295
safer_gnutls_strerror(ret));
296
return -1;
297
}
298
299
//GnuTLS server initialization
300
if ((ret = gnutls_dh_params_init (&es->dh_params))
301
!= GNUTLS_E_SUCCESS) {
302
fprintf (stderr, "Error in dh parameter initialization: %s\n",
303
safer_gnutls_strerror(ret));
304
return -1;
305
}
306
307
if ((ret = gnutls_dh_params_generate2 (es->dh_params, DH_BITS))
308
!= GNUTLS_E_SUCCESS) {
309
fprintf (stderr, "Error in prime generation: %s\n",
310
safer_gnutls_strerror(ret));
311
return -1;
312
}
313
314
gnutls_certificate_set_dh_params (es->cred, es->dh_params);
315
316
// GnuTLS session creation
317
if ((ret = gnutls_init (&es->session, GNUTLS_SERVER))
318
!= GNUTLS_E_SUCCESS){
319
fprintf(stderr, "Error in GnuTLS session initialization: %s\n",
320
safer_gnutls_strerror(ret));
321
}
322
323
if ((ret = gnutls_priority_set_direct (es->session, "NORMAL", &err))
324
!= GNUTLS_E_SUCCESS) {
325
fprintf(stderr, "Syntax error at: %s\n", err);
326
fprintf(stderr, "GnuTLS error: %s\n",
327
safer_gnutls_strerror(ret));
328
return -1;
329
}
330
331
if ((ret = gnutls_credentials_set
332
(es->session, GNUTLS_CRD_CERTIFICATE, es->cred))
333
!= GNUTLS_E_SUCCESS) {
334
fprintf(stderr, "Error setting a credentials set: %s\n",
335
safer_gnutls_strerror(ret));
336
return -1;
337
}
338
339
/* ignore client certificate if any. */
340
gnutls_certificate_server_set_request (es->session,
341
GNUTLS_CERT_IGNORE);
342
343
gnutls_dh_set_prime_bits (es->session, DH_BITS);
344
345
return 0;
346
}
347
348
static void empty_log(__attribute__((unused)) AvahiLogLevel level,
349
__attribute__((unused)) const char *txt){}
350
351
static int start_mandos_communication(const char *ip, uint16_t port,
352
AvahiIfIndex if_index){
353
int ret, tcp_sd;
354
struct sockaddr_in6 to;
355
encrypted_session es;
356
char *buffer = NULL;
357
char *decrypted_buffer;
358
size_t buffer_length = 0;
359
size_t buffer_capacity = 0;
360
ssize_t decrypted_buffer_size;
361
size_t written = 0;
362
int retval = 0;
363
char interface[IF_NAMESIZE];
364
365
if(debug){
366
fprintf(stderr, "Setting up a tcp connection to %s, port %d\n",
367
ip, port);
368
}
369
370
tcp_sd = socket(PF_INET6, SOCK_STREAM, 0);
371
if(tcp_sd < 0) {
372
perror("socket");
373
return -1;
374
}
375
376
if(if_indextoname((unsigned int)if_index, interface) == NULL){
377
if(debug){
378
perror("if_indextoname");
379
}
380
return -1;
381
}
382
383
if(debug){
384
fprintf(stderr, "Binding to interface %s\n", interface);
385
}
386
387
memset(&to,0,sizeof(to)); /* Spurious warning */
388
to.sin6_family = AF_INET6;
389
ret = inet_pton(AF_INET6, ip, &to.sin6_addr);
390
if (ret < 0 ){
391
perror("inet_pton");
392
return -1;
393
}
394
if(ret == 0){
395
fprintf(stderr, "Bad address: %s\n", ip);
396
return -1;
397
}
398
to.sin6_port = htons(port); /* Spurious warning */
399
400
to.sin6_scope_id = (uint32_t)if_index;
401
402
if(debug){
403
fprintf(stderr, "Connection to: %s, port %d\n", ip, port);
404
/* char addrstr[INET6_ADDRSTRLEN]; */
405
/* if(inet_ntop(to.sin6_family, &(to.sin6_addr), addrstr, */
406
/* sizeof(addrstr)) == NULL){ */
407
/* perror("inet_ntop"); */
408
/* } else { */
409
/* fprintf(stderr, "Really connecting to: %s, port %d\n", */
410
/* addrstr, ntohs(to.sin6_port)); */
411
/* } */
412
}
413
414
ret = connect(tcp_sd, (struct sockaddr *) &to, sizeof(to));
415
if (ret < 0){
416
perror("connect");
417
return -1;
418
}
419
420
ret = initgnutls (&es);
421
if (ret != 0){
422
retval = -1;
423
return -1;
424
}
425
426
gnutls_transport_set_ptr (es.session,
427
(gnutls_transport_ptr_t) tcp_sd);
428
429
if(debug){
430
fprintf(stderr, "Establishing TLS session with %s\n", ip);
431
}
432
433
ret = gnutls_handshake (es.session);
434
435
if (ret != GNUTLS_E_SUCCESS){
436
if(debug){
437
fprintf(stderr, "\n*** Handshake failed ***\n");
438
gnutls_perror (ret);
439
}
440
retval = -1;
441
goto exit;
442
}
443
444
//Retrieve OpenPGP packet that contains the wanted password
445
446
if(debug){
447
fprintf(stderr, "Retrieving pgp encrypted password from %s\n",
448
ip);
449
}
450
451
while(true){
452
if (buffer_length + BUFFER_SIZE > buffer_capacity){
453
buffer = realloc(buffer, buffer_capacity + BUFFER_SIZE);
454
if (buffer == NULL){
455
perror("realloc");
456
goto exit;
457
}
458
buffer_capacity += BUFFER_SIZE;
459
}
460
461
ret = gnutls_record_recv
462
(es.session, buffer+buffer_length, BUFFER_SIZE);
463
if (ret == 0){
464
break;
465
}
466
if (ret < 0){
467
switch(ret){
468
case GNUTLS_E_INTERRUPTED:
469
case GNUTLS_E_AGAIN:
470
break;
471
case GNUTLS_E_REHANDSHAKE:
472
ret = gnutls_handshake (es.session);
473
if (ret < 0){
474
fprintf(stderr, "\n*** Handshake failed ***\n");
475
gnutls_perror (ret);
476
retval = -1;
477
goto exit;
478
}
479
break;
480
default:
481
fprintf(stderr, "Unknown error while reading data from"
482
" encrypted session with mandos server\n");
483
retval = -1;
484
gnutls_bye (es.session, GNUTLS_SHUT_RDWR);
485
goto exit;
486
}
487
} else {
488
buffer_length += (size_t) ret;
489
}
490
}
491
492
if (buffer_length > 0){
493
decrypted_buffer_size = pgp_packet_decrypt(buffer,
494
buffer_length,
495
&decrypted_buffer,
496
certdir);
497
if (decrypted_buffer_size >= 0){
498
while(written < (size_t) decrypted_buffer_size){
499
ret = (int)fwrite (decrypted_buffer + written, 1,
500
(size_t)decrypted_buffer_size - written,
501
stdout);
502
if(ret == 0 and ferror(stdout)){
503
if(debug){
504
fprintf(stderr, "Error writing encrypted data: %s\n",
505
strerror(errno));
506
}
507
retval = -1;
508
break;
509
}
510
written += (size_t)ret;
511
}
512
free(decrypted_buffer);
513
} else {
514
retval = -1;
515
}
516
}
517
518
//shutdown procedure
519
520
if(debug){
521
fprintf(stderr, "Closing TLS session\n");
522
}
523
524
free(buffer);
525
gnutls_bye (es.session, GNUTLS_SHUT_RDWR);
526
exit:
527
close(tcp_sd);
528
gnutls_deinit (es.session);
529
gnutls_certificate_free_credentials (es.cred);
530
gnutls_global_deinit ();
531
return retval;
532
}
533
534
static AvahiSimplePoll *simple_poll = NULL;
535
static AvahiServer *server = NULL;
536
537
static void resolve_callback(
538
AvahiSServiceResolver *r,
539
AvahiIfIndex interface,
540
AVAHI_GCC_UNUSED AvahiProtocol protocol,
541
AvahiResolverEvent event,
542
const char *name,
543
const char *type,
544
const char *domain,
545
const char *host_name,
546
const AvahiAddress *address,
547
uint16_t port,
548
AVAHI_GCC_UNUSED AvahiStringList *txt,
549
AVAHI_GCC_UNUSED AvahiLookupResultFlags flags,
550
AVAHI_GCC_UNUSED void* userdata) {
551
552
assert(r); /* Spurious warning */
553
554
/* Called whenever a service has been resolved successfully or
555
timed out */
556
557
switch (event) {
558
default:
559
case AVAHI_RESOLVER_FAILURE:
560
fprintf(stderr, "(Resolver) Failed to resolve service '%s' of"
561
" type '%s' in domain '%s': %s\n", name, type, domain,
562
avahi_strerror(avahi_server_errno(server)));
563
break;
564
565
case AVAHI_RESOLVER_FOUND:
566
{
567
char ip[AVAHI_ADDRESS_STR_MAX];
568
avahi_address_snprint(ip, sizeof(ip), address);
569
if(debug){
570
fprintf(stderr, "Mandos server \"%s\" found on %s (%s) on"
571
" port %d\n", name, host_name, ip, port);
572
}
573
int ret = start_mandos_communication(ip, port, interface);
574
if (ret == 0){
575
exit(EXIT_SUCCESS);
576
}
577
}
578
}
579
avahi_s_service_resolver_free(r);
580
}
581
582
static void browse_callback(
583
AvahiSServiceBrowser *b,
584
AvahiIfIndex interface,
585
AvahiProtocol protocol,
586
AvahiBrowserEvent event,
587
const char *name,
588
const char *type,
589
const char *domain,
590
AVAHI_GCC_UNUSED AvahiLookupResultFlags flags,
591
void* userdata) {
592
593
AvahiServer *s = userdata;
594
assert(b); /* Spurious warning */
595
596
/* Called whenever a new services becomes available on the LAN or
597
is removed from the LAN */
598
599
switch (event) {
600
default:
601
case AVAHI_BROWSER_FAILURE:
602
603
fprintf(stderr, "(Browser) %s\n",
604
avahi_strerror(avahi_server_errno(server)));
605
avahi_simple_poll_quit(simple_poll);
606
return;
607
608
case AVAHI_BROWSER_NEW:
609
/* We ignore the returned resolver object. In the callback
610
function we free it. If the server is terminated before
611
the callback function is called the server will free
612
the resolver for us. */
613
614
if (!(avahi_s_service_resolver_new(s, interface, protocol, name,
615
type, domain,
616
AVAHI_PROTO_INET6, 0,
617
resolve_callback, s)))
618
fprintf(stderr, "Failed to resolve service '%s': %s\n", name,
619
avahi_strerror(avahi_server_errno(s)));
620
break;
621
622
case AVAHI_BROWSER_REMOVE:
623
break;
624
625
case AVAHI_BROWSER_ALL_FOR_NOW:
626
case AVAHI_BROWSER_CACHE_EXHAUSTED:
627
break;
628
}
629
}
630
631
/* Combines file name and path and returns the malloced new
632
string. some sane checks could/should be added */
633
static const char *combinepath(const char *first, const char *second){
634
size_t f_len = strlen(first);
635
size_t s_len = strlen(second);
636
char *tmp = malloc(f_len + s_len + 2);
637
if (tmp == NULL){
638
return NULL;
639
}
640
if(f_len > 0){
641
memcpy(tmp, first, f_len);
642
}
643
tmp[f_len] = '/';
644
if(s_len > 0){
645
memcpy(tmp + f_len + 1, second, s_len);
646
}
647
tmp[f_len + 1 + s_len] = '\0';
648
return tmp;
649
}
650
651
652
int main(AVAHI_GCC_UNUSED int argc, AVAHI_GCC_UNUSED char*argv[]) {
653
AvahiServerConfig config;
654
AvahiSServiceBrowser *sb = NULL;
655
int error;
656
int ret;
657
int returncode = EXIT_SUCCESS;
658
const char *interface = NULL;
659
AvahiIfIndex if_index = AVAHI_IF_UNSPEC;
660
char *connect_to = NULL;
661
662
while (true){
663
static struct option long_options[] = {
664
{"debug", no_argument, (int *)&debug, 1},
665
{"connect", required_argument, 0, 'C'},
666
{"interface", required_argument, 0, 'i'},
667
{"certdir", required_argument, 0, 'd'},
668
{"certkey", required_argument, 0, 'c'},
669
{"certfile", required_argument, 0, 'k'},
670
{0, 0, 0, 0} };
671
672
int option_index = 0;
673
ret = getopt_long (argc, argv, "i:", long_options,
674
&option_index);
675
676
if (ret == -1){
677
break;
678
}
679
680
switch(ret){
681
case 0:
682
break;
683
case 'i':
684
interface = optarg;
685
break;
686
case 'C':
687
connect_to = optarg;
688
break;
689
case 'd':
690
certdir = optarg;
691
break;
692
case 'c':
693
certfile = optarg;
694
break;
695
case 'k':
696
certkey = optarg;
697
break;
698
default:
699
exit(EXIT_FAILURE);
700
}
701
}
702
703
certfile = combinepath(certdir, certfile);
704
if (certfile == NULL){
705
perror("combinepath");
706
goto exit;
707
}
708
709
if(interface != NULL){
710
if_index = (AvahiIfIndex) if_nametoindex(interface);
711
if(if_index == 0){
712
fprintf(stderr, "No such interface: \"%s\"\n", interface);
713
exit(EXIT_FAILURE);
714
}
715
}
716
717
if(connect_to != NULL){
718
/* Connect directly, do not use Zeroconf */
719
/* (Mainly meant for debugging) */
720
char *address = strrchr(connect_to, ':');
721
if(address == NULL){
722
fprintf(stderr, "No colon in address\n");
723
exit(EXIT_FAILURE);
724
}
725
errno = 0;
726
uint16_t port = (uint16_t) strtol(address+1, NULL, 10);
727
if(errno){
728
perror("Bad port number");
729
exit(EXIT_FAILURE);
730
}
731
*address = '\0';
732
address = connect_to;
733
ret = start_mandos_communication(address, port, if_index);
734
if(ret < 0){
735
exit(EXIT_FAILURE);
736
} else {
737
exit(EXIT_SUCCESS);
738
}
739
}
740
741
certkey = combinepath(certdir, certkey);
742
if (certkey == NULL){
743
perror("combinepath");
744
goto exit;
745
}
746
747
if (not debug){
748
avahi_set_log_function(empty_log);
749
}
750
751
/* Initialize the psuedo-RNG */
752
srand((unsigned int) time(NULL));
753
754
/* Allocate main loop object */
755
if (!(simple_poll = avahi_simple_poll_new())) {
756
fprintf(stderr, "Failed to create simple poll object.\n");
757
758
goto exit;
759
}
760
761
/* Do not publish any local records */
762
avahi_server_config_init(&config);
763
config.publish_hinfo = 0;
764
config.publish_addresses = 0;
765
config.publish_workstation = 0;
766
config.publish_domain = 0;
767
768
/* Allocate a new server */
769
server = avahi_server_new(avahi_simple_poll_get(simple_poll),
770
&config, NULL, NULL, &error);
771
772
/* Free the configuration data */
773
avahi_server_config_free(&config);
774
775
/* Check if creating the server object succeeded */
776
if (!server) {
777
fprintf(stderr, "Failed to create server: %s\n",
778
avahi_strerror(error));
779
returncode = EXIT_FAILURE;
780
goto exit;
781
}
782
783
/* Create the service browser */
784
sb = avahi_s_service_browser_new(server, if_index,
785
AVAHI_PROTO_INET6,
786
"_mandos._tcp", NULL, 0,
787
browse_callback, server);
788
if (!sb) {
789
fprintf(stderr, "Failed to create service browser: %s\n",
790
avahi_strerror(avahi_server_errno(server)));
791
returncode = EXIT_FAILURE;
792
goto exit;
793
}
794
795
/* Run the main loop */
796
797
if (debug){
798
fprintf(stderr, "Starting avahi loop search\n");
799
}
800
801
avahi_simple_poll_loop(simple_poll);
802
803
exit:
804
805
if (debug){
806
fprintf(stderr, "%s exiting\n", argv[0]);
807
}
808
809
/* Cleanup things */
810
if (sb)
811
avahi_s_service_browser_free(sb);
812
813
if (server)
814
avahi_server_free(server);
815
816
if (simple_poll)
817
avahi_simple_poll_free(simple_poll);
818
free(certfile);
819
free(certkey);
820
821
return returncode;
822
}
Loggerhead is a web-based interface for Breezy
Version: 2.0.2.dev0