To get this branch, use:
bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk
« back to all changes in this revision
Viewing changes to plugins.d/password-request.c
- browse files at revision 122
- compare with another revision
- download diff
- download tarball
- view history from revision 122
- Committer: Teddy Hogeborn
- Date: 2008-08-31 07:32:05 UTC
- Revision ID: teddy@fukt.bsnet.se-20080831073205-9hggg03i1iird264
* mandos-keygen.xml (SYNOPSIS): Put long options before short.
* mandos.xml (SYNOPSIS): - '' -
* plugins.d/password-prompt.xml (SYNOPSIS): - '' -
* plugins.d/password-request.xml (SYNOPSIS): - '' -
* mandos.xml (SYNOPSIS): - '' -
* plugins.d/password-prompt.xml (SYNOPSIS): - '' -
* plugins.d/password-request.xml (SYNOPSIS): - '' -
- files added:
- .bzrignore
- files removed:
- ca.pem
- files renamed:
- server.py => mandos
- server.conf => mandos.conf
- plugbasedclient.c => plugin-runner.c
- plugins.d/passprompt.c => plugins.d/password-prompt.c
- plugins.d/mandosclient.c => plugins.d/password-request.c
- files modified:
- Makefile
added
removed
plugins.d/password-request.c
32
32
#define _LARGEFILE_SOURCE
33
33
#define _FILE_OFFSET_BITS 64
34
34
35
#define _GNU_SOURCE /* TEMP_FAILURE_RETRY() */
36
37
#include <stdio.h>
38
#include <assert.h>
39
#include <stdlib.h>
40
#include <time.h>
41
#include <net/if.h> /* if_nametoindex */
42
#include <sys/ioctl.h> // ioctl, ifreq, SIOCGIFFLAGS, IFF_UP, SIOCSIFFLAGS
43
#include <net/if.h> // ioctl, ifreq, SIOCGIFFLAGS, IFF_UP, SIOCSIFFLAGS
44
35
#define _GNU_SOURCE /* TEMP_FAILURE_RETRY(), asprintf() */
36
37
#include <stdio.h> /* fprintf(), stderr, fwrite(),
38
stdout, ferror() */
39
#include <stdint.h> /* uint16_t, uint32_t */
40
#include <stddef.h> /* NULL, size_t, ssize_t */
41
#include <stdlib.h> /* free(), EXIT_SUCCESS, EXIT_FAILURE,
42
srand() */
43
#include <stdbool.h> /* bool, true */
44
#include <string.h> /* memset(), strcmp(), strlen(),
45
strerror(), asprintf(), strcpy() */
46
#include <sys/ioctl.h> /* ioctl */
47
#include <sys/types.h> /* socket(), inet_pton(), sockaddr,
48
sockaddr_in6, PF_INET6,
49
SOCK_STREAM, INET6_ADDRSTRLEN,
50
uid_t, gid_t */
51
#include <inttypes.h> /* PRIu16 */
52
#include <sys/socket.h> /* socket(), struct sockaddr_in6,
53
struct in6_addr, inet_pton(),
54
connect() */
55
#include <assert.h> /* assert() */
56
#include <errno.h> /* perror(), errno */
57
#include <time.h> /* time() */
58
#include <net/if.h> /* ioctl, ifreq, SIOCGIFFLAGS, IFF_UP,
59
SIOCSIFFLAGS, if_indextoname(),
60
if_nametoindex(), IF_NAMESIZE */
61
#include <unistd.h> /* close(), SEEK_SET, off_t, write(),
62
getuid(), getgid(), setuid(),
63
setgid() */
64
#include <netinet/in.h>
65
#include <arpa/inet.h> /* inet_pton(), htons */
66
#include <iso646.h> /* not, and */
67
#include <argp.h> /* struct argp_option, error_t, struct
68
argp_state, struct argp,
69
argp_parse(), ARGP_KEY_ARG,
70
ARGP_KEY_END, ARGP_ERR_UNKNOWN */
71
72
/* Avahi */
73
/* All Avahi types, constants and functions
74
Avahi*, avahi_*,
75
AVAHI_* */
45
76
#include <avahi-core/core.h>
46
77
#include <avahi-core/lookup.h>
47
78
#include <avahi-core/log.h>
49
80
#include <avahi-common/malloc.h>
50
81
#include <avahi-common/error.h>
51
82
52
//mandos client part
53
#include <sys/types.h> /* socket(), inet_pton() */
54
#include <sys/socket.h> /* socket(), struct sockaddr_in6,
55
struct in6_addr, inet_pton() */
56
#include <gnutls/gnutls.h> /* All GnuTLS stuff */
57
#include <gnutls/openpgp.h> /* GnuTLS with openpgp stuff */
58
59
#include <unistd.h> /* close() */
60
#include <netinet/in.h>
61
#include <stdbool.h> /* true */
62
#include <string.h> /* memset */
63
#include <arpa/inet.h> /* inet_pton() */
64
#include <iso646.h> /* not */
65
66
// gpgme
67
#include <errno.h> /* perror() */
68
#include <gpgme.h>
69
70
// getopt long
71
#include <getopt.h>
83
/* GnuTLS */
84
#include <gnutls/gnutls.h> /* All GnuTLS types, constants and
85
functions:
86
gnutls_*
87
init_gnutls_session(),
88
GNUTLS_* */
89
#include <gnutls/openpgp.h> /* gnutls_certificate_set_openpgp_key_file(),
90
GNUTLS_OPENPGP_FMT_BASE64 */
91
92
/* GPGME */
93
#include <gpgme.h> /* All GPGME types, constants and
94
functions:
95
gpgme_*
96
GPGME_PROTOCOL_OpenPGP,
97
GPG_ERR_NO_* */
72
98
73
99
#define BUFFER_SIZE 256
74
#define DH_BITS 1024
75
76
static const char *certdir = "/conf/conf.d/mandos";
77
static const char *certfile = "openpgp-client.txt";
78
static const char *certkey = "openpgp-client-key.txt";
79
100
80
101
bool debug = false;
81
82
const char mandos_protocol_version[] = "1";
83
102
static const char *keydir = "/conf/conf.d/mandos";
103
static const char mandos_protocol_version[] = "1";
104
const char *argp_program_version = "password-request 1.0";
105
const char *argp_program_bug_address = "<mandos@fukt.bsnet.se>";
106
107
/* Used for passing in values through the Avahi callback functions */
84
108
typedef struct {
85
109
AvahiSimplePoll *simple_poll;
86
110
AvahiServer *server;
87
111
gnutls_certificate_credentials_t cred;
88
112
unsigned int dh_bits;
113
gnutls_dh_params_t dh_params;
89
114
const char *priority;
90
115
} mandos_context;
91
116
92
size_t adjustbuffer(char *buffer, size_t buffer_length,
117
/*
118
* Make room in "buffer" for at least BUFFER_SIZE additional bytes.
119
* "buffer_capacity" is how much is currently allocated,
120
* "buffer_length" is how much is already used.
121
*/
122
size_t adjustbuffer(char **buffer, size_t buffer_length,
93
123
size_t buffer_capacity){
94
124
if (buffer_length + BUFFER_SIZE > buffer_capacity){
95
buffer = realloc(buffer, buffer_capacity + BUFFER_SIZE);
125
*buffer = realloc(*buffer, buffer_capacity + BUFFER_SIZE);
96
126
if (buffer == NULL){
97
127
return 0;
98
128
}
101
131
return buffer_capacity;
102
132
}
103
133
104
static ssize_t pgp_packet_decrypt (char *packet, size_t packet_size,
105
char **new_packet,
134
/*
135
* Decrypt OpenPGP data using keyrings in HOMEDIR.
136
* Returns -1 on error
137
*/
138
static ssize_t pgp_packet_decrypt (const char *cryptotext,
139
size_t crypto_size,
140
char **plaintext,
106
141
const char *homedir){
107
142
gpgme_data_t dh_crypto, dh_plain;
108
143
gpgme_ctx_t ctx;
109
144
gpgme_error_t rc;
110
145
ssize_t ret;
111
size_t new_packet_capacity = 0;
112
ssize_t new_packet_length = 0;
146
size_t plaintext_capacity = 0;
147
ssize_t plaintext_length = 0;
113
148
gpgme_engine_info_t engine_info;
114
149
115
150
if (debug){
116
fprintf(stderr, "Trying to decrypt OpenPGP packet\n");
151
fprintf(stderr, "Trying to decrypt OpenPGP data\n");
117
152
}
118
153
119
154
/* Init GPGME */
125
160
return -1;
126
161
}
127
162
128
/* Set GPGME home directory */
163
/* Set GPGME home directory for the OpenPGP engine only */
129
164
rc = gpgme_get_engine_info (&engine_info);
130
165
if (rc != GPG_ERR_NO_ERROR){
131
166
fprintf(stderr, "bad gpgme_get_engine_info: %s: %s\n",
141
176
engine_info = engine_info->next;
142
177
}
143
178
if(engine_info == NULL){
144
fprintf(stderr, "Could not set home dir to %s\n", homedir);
179
fprintf(stderr, "Could not set GPGME home dir to %s\n", homedir);
145
180
return -1;
146
181
}
147
182
148
/* Create new GPGME data buffer from packet buffer */
149
rc = gpgme_data_new_from_mem(&dh_crypto, packet, packet_size, 0);
183
/* Create new GPGME data buffer from memory cryptotext */
184
rc = gpgme_data_new_from_mem(&dh_crypto, cryptotext, crypto_size,
185
0);
150
186
if (rc != GPG_ERR_NO_ERROR){
151
187
fprintf(stderr, "bad gpgme_data_new_from_mem: %s: %s\n",
152
188
gpgme_strsource(rc), gpgme_strerror(rc));
158
194
if (rc != GPG_ERR_NO_ERROR){
159
195
fprintf(stderr, "bad gpgme_data_new: %s: %s\n",
160
196
gpgme_strsource(rc), gpgme_strerror(rc));
197
gpgme_data_release(dh_crypto);
161
198
return -1;
162
199
}
163
200
166
203
if (rc != GPG_ERR_NO_ERROR){
167
204
fprintf(stderr, "bad gpgme_new: %s: %s\n",
168
205
gpgme_strsource(rc), gpgme_strerror(rc));
169
return -1;
206
plaintext_length = -1;
207
goto decrypt_end;
170
208
}
171
209
172
/* Decrypt data from the FILE pointer to the plaintext data
173
buffer */
210
/* Decrypt data from the cryptotext data buffer to the plaintext
211
data buffer */
174
212
rc = gpgme_op_decrypt(ctx, dh_crypto, dh_plain);
175
213
if (rc != GPG_ERR_NO_ERROR){
176
214
fprintf(stderr, "bad gpgme_op_decrypt: %s: %s\n",
177
215
gpgme_strsource(rc), gpgme_strerror(rc));
178
return -1;
216
plaintext_length = -1;
217
if (debug){
218
gpgme_decrypt_result_t result;
219
result = gpgme_op_decrypt_result(ctx);
220
if (result == NULL){
221
fprintf(stderr, "gpgme_op_decrypt_result failed\n");
222
} else {
223
fprintf(stderr, "Unsupported algorithm: %s\n",
224
result->unsupported_algorithm);
225
fprintf(stderr, "Wrong key usage: %u\n",
226
result->wrong_key_usage);
227
if(result->file_name != NULL){
228
fprintf(stderr, "File name: %s\n", result->file_name);
229
}
230
gpgme_recipient_t recipient;
231
recipient = result->recipients;
232
if(recipient){
233
while(recipient != NULL){
234
fprintf(stderr, "Public key algorithm: %s\n",
235
gpgme_pubkey_algo_name(recipient->pubkey_algo));
236
fprintf(stderr, "Key ID: %s\n", recipient->keyid);
237
fprintf(stderr, "Secret key available: %s\n",
238
recipient->status == GPG_ERR_NO_SECKEY
239
? "No" : "Yes");
240
recipient = recipient->next;
241
}
242
}
243
}
244
}
245
goto decrypt_end;
179
246
}
180
247
181
248
if(debug){
182
fprintf(stderr, "Decryption of OpenPGP packet succeeded\n");
183
}
184
185
if (debug){
186
gpgme_decrypt_result_t result;
187
result = gpgme_op_decrypt_result(ctx);
188
if (result == NULL){
189
fprintf(stderr, "gpgme_op_decrypt_result failed\n");
190
} else {
191
fprintf(stderr, "Unsupported algorithm: %s\n",
192
result->unsupported_algorithm);
193
fprintf(stderr, "Wrong key usage: %d\n",
194
result->wrong_key_usage);
195
if(result->file_name != NULL){
196
fprintf(stderr, "File name: %s\n", result->file_name);
197
}
198
gpgme_recipient_t recipient;
199
recipient = result->recipients;
200
if(recipient){
201
while(recipient != NULL){
202
fprintf(stderr, "Public key algorithm: %s\n",
203
gpgme_pubkey_algo_name(recipient->pubkey_algo));
204
fprintf(stderr, "Key ID: %s\n", recipient->keyid);
205
fprintf(stderr, "Secret key available: %s\n",
206
recipient->status == GPG_ERR_NO_SECKEY
207
? "No" : "Yes");
208
recipient = recipient->next;
209
}
210
}
211
}
212
}
213
214
/* Delete the GPGME FILE pointer cryptotext data buffer */
215
gpgme_data_release(dh_crypto);
249
fprintf(stderr, "Decryption of OpenPGP data succeeded\n");
250
}
216
251
217
252
/* Seek back to the beginning of the GPGME plaintext data buffer */
218
253
if (gpgme_data_seek(dh_plain, (off_t) 0, SEEK_SET) == -1){
219
254
perror("pgpme_data_seek");
255
plaintext_length = -1;
256
goto decrypt_end;
220
257
}
221
258
222
*new_packet = 0;
259
*plaintext = NULL;
223
260
while(true){
224
new_packet_capacity = adjustbuffer(*new_packet, new_packet_length,
225
new_packet_capacity);
226
if (new_packet_capacity == 0){
261
plaintext_capacity = adjustbuffer(plaintext,
262
(size_t)plaintext_length,
263
plaintext_capacity);
264
if (plaintext_capacity == 0){
227
265
perror("adjustbuffer");
228
return -1;
229
}
230
new_packet_capacity += BUFFER_SIZE;
266
plaintext_length = -1;
267
goto decrypt_end;
231
268
}
232
269
233
ret = gpgme_data_read(dh_plain, *new_packet + new_packet_length,
270
ret = gpgme_data_read(dh_plain, *plaintext + plaintext_length,
234
271
BUFFER_SIZE);
235
272
/* Print the data, if any */
236
273
if (ret == 0){
274
/* EOF */
237
275
break;
238
276
}
239
277
if(ret < 0){
240
278
perror("gpgme_data_read");
241
return -1;
279
plaintext_length = -1;
280
goto decrypt_end;
242
281
}
243
new_packet_length += ret;
282
plaintext_length += ret;
244
283
}
245
284
246
/* FIXME: check characters before printing to screen so to not print
247
terminal control characters */
248
/* if(debug){ */
249
/* fprintf(stderr, "decrypted password is: "); */
250
/* fwrite(*new_packet, 1, new_packet_length, stderr); */
251
/* fprintf(stderr, "\n"); */
252
/* } */
285
if(debug){
286
fprintf(stderr, "Decrypted password is: ");
287
for(ssize_t i = 0; i < plaintext_length; i++){
288
fprintf(stderr, "%02hhX ", (*plaintext)[i]);
289
}
290
fprintf(stderr, "\n");
291
}
292
293
decrypt_end:
294
295
/* Delete the GPGME cryptotext data buffer */
296
gpgme_data_release(dh_crypto);
253
297
254
298
/* Delete the GPGME plaintext data buffer */
255
299
gpgme_data_release(dh_plain);
256
return new_packet_length;
300
return plaintext_length;
257
301
}
258
302
259
303
static const char * safer_gnutls_strerror (int value) {
260
const char *ret = gnutls_strerror (value);
304
const char *ret = gnutls_strerror (value); /* Spurious warning */
261
305
if (ret == NULL)
262
306
ret = "(unknown)";
263
307
return ret;
264
308
}
265
309
310
/* GnuTLS log function callback */
266
311
static void debuggnutls(__attribute__((unused)) int level,
267
312
const char* string){
268
fprintf(stderr, "%s", string);
313
fprintf(stderr, "GnuTLS: %s", string);
269
314
}
270
315
271
static int initgnutls(mandos_context *mc){
272
const char *err;
316
static int init_gnutls_global(mandos_context *mc,
317
const char *pubkeyfilename,
318
const char *seckeyfilename){
273
319
int ret;
274
320
275
321
if(debug){
276
322
fprintf(stderr, "Initializing GnuTLS\n");
277
323
}
278
279
if ((ret = gnutls_global_init ())
280
!= GNUTLS_E_SUCCESS) {
281
fprintf (stderr, "global_init: %s\n", safer_gnutls_strerror(ret));
324
325
ret = gnutls_global_init();
326
if (ret != GNUTLS_E_SUCCESS) {
327
fprintf (stderr, "GnuTLS global_init: %s\n",
328
safer_gnutls_strerror(ret));
282
329
return -1;
283
330
}
284
331
285
332
if (debug){
333
/* "Use a log level over 10 to enable all debugging options."
334
* - GnuTLS manual
335
*/
286
336
gnutls_global_set_log_level(11);
287
337
gnutls_global_set_log_function(debuggnutls);
288
338
}
289
339
290
/* openpgp credentials */
291
if ((ret = gnutls_certificate_allocate_credentials (&es->cred))
292
!= GNUTLS_E_SUCCESS) {
293
fprintf (stderr, "memory error: %s\n",
340
/* OpenPGP credentials */
341
gnutls_certificate_allocate_credentials(&mc->cred);
342
if (ret != GNUTLS_E_SUCCESS){
343
fprintf (stderr, "GnuTLS memory error: %s\n", /* Spurious
344
warning */
294
345
safer_gnutls_strerror(ret));
346
gnutls_global_deinit ();
295
347
return -1;
296
348
}
297
349
298
350
if(debug){
299
351
fprintf(stderr, "Attempting to use OpenPGP certificate %s"
300
" and keyfile %s as GnuTLS credentials\n", certfile,
301
certkey);
352
" and keyfile %s as GnuTLS credentials\n", pubkeyfilename,
353
seckeyfilename);
302
354
}
303
355
304
356
ret = gnutls_certificate_set_openpgp_key_file
305
(es->cred, certfile, certkey, GNUTLS_OPENPGP_FMT_BASE64);
357
(mc->cred, pubkeyfilename, seckeyfilename,
358
GNUTLS_OPENPGP_FMT_BASE64);
306
359
if (ret != GNUTLS_E_SUCCESS) {
307
fprintf
308
(stderr, "Error[%d] while reading the OpenPGP key pair ('%s',"
309
" '%s')\n",
310
ret, certfile, certkey);
311
fprintf(stdout, "The Error is: %s\n",
360
fprintf(stderr,
361
"Error[%d] while reading the OpenPGP key pair ('%s',"
362
" '%s')\n", ret, pubkeyfilename, seckeyfilename);
363
fprintf(stdout, "The GnuTLS error is: %s\n",
312
364
safer_gnutls_strerror(ret));
313
return -1;
314
}
315
316
//GnuTLS server initialization
317
if ((ret = gnutls_dh_params_init (&es->dh_params))
318
!= GNUTLS_E_SUCCESS) {
319
fprintf (stderr, "Error in dh parameter initialization: %s\n",
320
safer_gnutls_strerror(ret));
321
return -1;
322
}
323
324
if ((ret = gnutls_dh_params_generate2 (es->dh_params, DH_BITS))
325
!= GNUTLS_E_SUCCESS) {
326
fprintf (stderr, "Error in prime generation: %s\n",
327
safer_gnutls_strerror(ret));
328
return -1;
329
}
330
331
gnutls_certificate_set_dh_params (es->cred, es->dh_params);
332
333
// GnuTLS session creation
334
if ((ret = gnutls_init (&es->session, GNUTLS_SERVER))
335
!= GNUTLS_E_SUCCESS){
365
goto globalfail;
366
}
367
368
/* GnuTLS server initialization */
369
ret = gnutls_dh_params_init(&mc->dh_params);
370
if (ret != GNUTLS_E_SUCCESS) {
371
fprintf (stderr, "Error in GnuTLS DH parameter initialization:"
372
" %s\n", safer_gnutls_strerror(ret));
373
goto globalfail;
374
}
375
ret = gnutls_dh_params_generate2(mc->dh_params, mc->dh_bits);
376
if (ret != GNUTLS_E_SUCCESS) {
377
fprintf (stderr, "Error in GnuTLS prime generation: %s\n",
378
safer_gnutls_strerror(ret));
379
goto globalfail;
380
}
381
382
gnutls_certificate_set_dh_params(mc->cred, mc->dh_params);
383
384
return 0;
385
386
globalfail:
387
388
gnutls_certificate_free_credentials(mc->cred);
389
gnutls_global_deinit();
390
return -1;
391
392
}
393
394
static int init_gnutls_session(mandos_context *mc,
395
gnutls_session_t *session){
396
int ret;
397
/* GnuTLS session creation */
398
ret = gnutls_init(session, GNUTLS_SERVER);
399
if (ret != GNUTLS_E_SUCCESS){
336
400
fprintf(stderr, "Error in GnuTLS session initialization: %s\n",
337
401
safer_gnutls_strerror(ret));
338
402
}
339
403
340
if ((ret = gnutls_priority_set_direct (es->session, mc->priority, &err))
341
!= GNUTLS_E_SUCCESS) {
342
fprintf(stderr, "Syntax error at: %s\n", err);
343
fprintf(stderr, "GnuTLS error: %s\n",
344
safer_gnutls_strerror(ret));
345
return -1;
404
{
405
const char *err;
406
ret = gnutls_priority_set_direct(*session, mc->priority, &err);
407
if (ret != GNUTLS_E_SUCCESS) {
408
fprintf(stderr, "Syntax error at: %s\n", err);
409
fprintf(stderr, "GnuTLS error: %s\n",
410
safer_gnutls_strerror(ret));
411
gnutls_deinit (*session);
412
return -1;
413
}
346
414
}
347
415
348
if ((ret = gnutls_credentials_set
349
(es->session, GNUTLS_CRD_CERTIFICATE, es->cred))
350
!= GNUTLS_E_SUCCESS) {
351
fprintf(stderr, "Error setting a credentials set: %s\n",
416
ret = gnutls_credentials_set(*session, GNUTLS_CRD_CERTIFICATE,
417
mc->cred);
418
if (ret != GNUTLS_E_SUCCESS) {
419
fprintf(stderr, "Error setting GnuTLS credentials: %s\n",
352
420
safer_gnutls_strerror(ret));
421
gnutls_deinit (*session);
353
422
return -1;
354
423
}
355
424
356
425
/* ignore client certificate if any. */
357
gnutls_certificate_server_set_request (es->session,
426
gnutls_certificate_server_set_request (*session,
358
427
GNUTLS_CERT_IGNORE);
359
428
360
gnutls_dh_set_prime_bits (es->session, DH_BITS);
429
gnutls_dh_set_prime_bits (*session, mc->dh_bits);
361
430
362
431
return 0;
363
432
}
364
433
434
/* Avahi log function callback */
365
435
static void empty_log(__attribute__((unused)) AvahiLogLevel level,
366
436
__attribute__((unused)) const char *txt){}
367
437
438
/* Called when a Mandos server is found */
368
439
static int start_mandos_communication(const char *ip, uint16_t port,
369
440
AvahiIfIndex if_index,
370
441
mandos_context *mc){
371
442
int ret, tcp_sd;
372
struct sockaddr_in6 to;
373
encrypted_session es;
443
union { struct sockaddr in; struct sockaddr_in6 in6; } to;
374
444
char *buffer = NULL;
375
445
char *decrypted_buffer;
376
446
size_t buffer_length = 0;
379
449
size_t written;
380
450
int retval = 0;
381
451
char interface[IF_NAMESIZE];
452
gnutls_session_t session;
453
454
ret = init_gnutls_session (mc, &session);
455
if (ret != 0){
456
return -1;
457
}
382
458
383
459
if(debug){
384
fprintf(stderr, "Setting up a tcp connection to %s, port %d\n",
385
ip, port);
460
fprintf(stderr, "Setting up a tcp connection to %s, port %" PRIu16
461
"\n", ip, port);
386
462
}
387
463
388
464
tcp_sd = socket(PF_INET6, SOCK_STREAM, 0);
393
469
394
470
if(debug){
395
471
if(if_indextoname((unsigned int)if_index, interface) == NULL){
396
if(debug){
397
perror("if_indextoname");
398
}
472
perror("if_indextoname");
399
473
return -1;
400
474
}
401
402
475
fprintf(stderr, "Binding to interface %s\n", interface);
403
476
}
404
477
405
memset(&to,0,sizeof(to)); /* Spurious warning */
406
to.sin6_family = AF_INET6;
407
ret = inet_pton(AF_INET6, ip, &to.sin6_addr);
478
memset(&to, 0, sizeof(to));
479
to.in6.sin6_family = AF_INET6;
480
/* It would be nice to have a way to detect if we were passed an
481
IPv4 address here. Now we assume an IPv6 address. */
482
ret = inet_pton(AF_INET6, ip, &to.in6.sin6_addr);
408
483
if (ret < 0 ){
409
484
perror("inet_pton");
410
485
return -1;
411
}
486
}
412
487
if(ret == 0){
413
488
fprintf(stderr, "Bad address: %s\n", ip);
414
489
return -1;
415
490
}
416
to.sin6_port = htons(port); /* Spurious warning */
491
to.in6.sin6_port = htons(port); /* Spurious warning */
417
492
418
to.sin6_scope_id = (uint32_t)if_index;
493
to.in6.sin6_scope_id = (uint32_t)if_index;
419
494
420
495
if(debug){
421
fprintf(stderr, "Connection to: %s, port %d\n", ip, port);
422
/* char addrstr[INET6_ADDRSTRLEN]; */
423
/* if(inet_ntop(to.sin6_family, &(to.sin6_addr), addrstr, */
424
/* sizeof(addrstr)) == NULL){ */
425
/* perror("inet_ntop"); */
426
/* } else { */
427
/* fprintf(stderr, "Really connecting to: %s, port %d\n", */
428
/* addrstr, ntohs(to.sin6_port)); */
429
/* } */
496
fprintf(stderr, "Connection to: %s, port %" PRIu16 "\n", ip,
497
port);
498
char addrstr[INET6_ADDRSTRLEN] = "";
499
if(inet_ntop(to.in6.sin6_family, &(to.in6.sin6_addr), addrstr,
500
sizeof(addrstr)) == NULL){
501
perror("inet_ntop");
502
} else {
503
if(strcmp(addrstr, ip) != 0){
504
fprintf(stderr, "Canonical address form: %s\n", addrstr);
505
}
506
}
430
507
}
431
508
432
ret = connect(tcp_sd, (struct sockaddr *) &to, sizeof(to));
509
ret = connect(tcp_sd, &to.in, sizeof(to));
433
510
if (ret < 0){
434
511
perror("connect");
435
512
return -1;
436
513
}
437
514
438
char *out = mandos_protocol_version;
515
const char *out = mandos_protocol_version;
439
516
written = 0;
440
517
while (true){
441
518
size_t out_size = strlen(out);
444
521
if (ret == -1){
445
522
perror("write");
446
523
retval = -1;
447
goto end;
524
goto mandos_end;
448
525
}
449
written += ret;
526
written += (size_t)ret;
450
527
if(written < out_size){
451
528
continue;
452
529
} else {
459
536
}
460
537
}
461
538
462
ret = initgnutls (&es);
463
if (ret != 0){
464
retval = -1;
465
return -1;
466
}
467
468
gnutls_transport_set_ptr (es.session,
469
(gnutls_transport_ptr_t) tcp_sd);
470
471
539
if(debug){
472
540
fprintf(stderr, "Establishing TLS session with %s\n", ip);
473
541
}
474
542
475
ret = gnutls_handshake (es.session);
543
gnutls_transport_set_ptr (session, (gnutls_transport_ptr_t) tcp_sd);
544
545
do{
546
ret = gnutls_handshake (session);
547
} while(ret == GNUTLS_E_AGAIN or ret == GNUTLS_E_INTERRUPTED);
476
548
477
549
if (ret != GNUTLS_E_SUCCESS){
478
550
if(debug){
479
fprintf(stderr, "\n*** Handshake failed ***\n");
551
fprintf(stderr, "*** GnuTLS Handshake failed ***\n");
480
552
gnutls_perror (ret);
481
553
}
482
554
retval = -1;
483
goto exit;
555
goto mandos_end;
484
556
}
485
557
486
//Retrieve OpenPGP packet that contains the wanted password
558
/* Read OpenPGP packet that contains the wanted password */
487
559
488
560
if(debug){
489
561
fprintf(stderr, "Retrieving pgp encrypted password from %s\n",
491
563
}
492
564
493
565
while(true){
494
buffer_capacity = adjustbuffer(buffer, buffer_length, buffer_capacity);
566
buffer_capacity = adjustbuffer(&buffer, buffer_length,
567
buffer_capacity);
495
568
if (buffer_capacity == 0){
496
569
perror("adjustbuffer");
497
570
retval = -1;
498
goto exit;
571
goto mandos_end;
499
572
}
500
573
501
ret = gnutls_record_recv
502
(es.session, buffer+buffer_length, BUFFER_SIZE);
574
ret = gnutls_record_recv(session, buffer+buffer_length,
575
BUFFER_SIZE);
503
576
if (ret == 0){
504
577
break;
505
578
}
509
582
case GNUTLS_E_AGAIN:
510
583
break;
511
584
case GNUTLS_E_REHANDSHAKE:
512
ret = gnutls_handshake (es.session);
585
do{
586
ret = gnutls_handshake (session);
587
} while(ret == GNUTLS_E_AGAIN or ret == GNUTLS_E_INTERRUPTED);
513
588
if (ret < 0){
514
fprintf(stderr, "\n*** Handshake failed ***\n");
589
fprintf(stderr, "*** GnuTLS Re-handshake failed ***\n");
515
590
gnutls_perror (ret);
516
591
retval = -1;
517
goto exit;
592
goto mandos_end;
518
593
}
519
594
break;
520
595
default:
521
596
fprintf(stderr, "Unknown error while reading data from"
522
" encrypted session with mandos server\n");
597
" encrypted session with Mandos server\n");
523
598
retval = -1;
524
gnutls_bye (es.session, GNUTLS_SHUT_RDWR);
525
goto exit;
599
gnutls_bye (session, GNUTLS_SHUT_RDWR);
600
goto mandos_end;
526
601
}
527
602
} else {
528
603
buffer_length += (size_t) ret;
529
604
}
530
605
}
531
606
607
if(debug){
608
fprintf(stderr, "Closing TLS session\n");
609
}
610
611
gnutls_bye (session, GNUTLS_SHUT_RDWR);
612
532
613
if (buffer_length > 0){
533
614
decrypted_buffer_size = pgp_packet_decrypt(buffer,
534
615
buffer_length,
535
616
&decrypted_buffer,
536
certdir);
617
keydir);
537
618
if (decrypted_buffer_size >= 0){
538
619
written = 0;
539
620
while(written < (size_t) decrypted_buffer_size){
554
635
} else {
555
636
retval = -1;
556
637
}
557
}
558
559
//shutdown procedure
560
561
if(debug){
562
fprintf(stderr, "Closing TLS session\n");
563
}
564
638
} else {
639
retval = -1;
640
}
641
642
/* Shutdown procedure */
643
644
mandos_end:
565
645
free(buffer);
566
gnutls_bye (es.session, GNUTLS_SHUT_RDWR);
567
exit:
568
646
close(tcp_sd);
569
gnutls_deinit (es.session);
570
gnutls_certificate_free_credentials (es.cred);
571
gnutls_global_deinit ();
647
gnutls_deinit (session);
572
648
return retval;
573
649
}
574
650
575
static void resolve_callback( AvahiSServiceResolver *r,
576
AvahiIfIndex interface,
577
AVAHI_GCC_UNUSED AvahiProtocol protocol,
578
AvahiResolverEvent event,
579
const char *name,
580
const char *type,
581
const char *domain,
582
const char *host_name,
583
const AvahiAddress *address,
584
uint16_t port,
585
AVAHI_GCC_UNUSED AvahiStringList *txt,
586
AVAHI_GCC_UNUSED AvahiLookupResultFlags flags,
587
AVAHI_GCC_UNUSED void* userdata) {
651
static void resolve_callback(AvahiSServiceResolver *r,
652
AvahiIfIndex interface,
653
AVAHI_GCC_UNUSED AvahiProtocol protocol,
654
AvahiResolverEvent event,
655
const char *name,
656
const char *type,
657
const char *domain,
658
const char *host_name,
659
const AvahiAddress *address,
660
uint16_t port,
661
AVAHI_GCC_UNUSED AvahiStringList *txt,
662
AVAHI_GCC_UNUSED AvahiLookupResultFlags
663
flags,
664
void* userdata) {
588
665
mandos_context *mc = userdata;
589
assert(r); /* Spurious warning */
666
assert(r);
590
667
591
668
/* Called whenever a service has been resolved successfully or
592
669
timed out */
594
671
switch (event) {
595
672
default:
596
673
case AVAHI_RESOLVER_FAILURE:
597
fprintf(stderr, "(Resolver) Failed to resolve service '%s' of"
598
" type '%s' in domain '%s': %s\n", name, type, domain,
674
fprintf(stderr, "(Avahi Resolver) Failed to resolve service '%s'"
675
" of type '%s' in domain '%s': %s\n", name, type, domain,
599
676
avahi_strerror(avahi_server_errno(mc->server)));
600
677
break;
601
678
604
681
char ip[AVAHI_ADDRESS_STR_MAX];
605
682
avahi_address_snprint(ip, sizeof(ip), address);
606
683
if(debug){
607
fprintf(stderr, "Mandos server \"%s\" found on %s (%s) on"
608
" port %d\n", name, host_name, ip, port);
684
fprintf(stderr, "Mandos server \"%s\" found on %s (%s, %"
685
PRIu16 ") on port %d\n", name, host_name, ip,
686
interface, port);
609
687
}
610
688
int ret = start_mandos_communication(ip, port, interface, mc);
611
689
if (ret == 0){
612
exit(EXIT_SUCCESS);
690
avahi_simple_poll_quit(mc->simple_poll);
613
691
}
614
692
}
615
693
}
623
701
const char *name,
624
702
const char *type,
625
703
const char *domain,
626
AVAHI_GCC_UNUSED AvahiLookupResultFlags flags,
704
AVAHI_GCC_UNUSED AvahiLookupResultFlags
705
flags,
627
706
void* userdata) {
628
707
mandos_context *mc = userdata;
629
assert(b); /* Spurious warning */
708
assert(b);
630
709
631
710
/* Called whenever a new services becomes available on the LAN or
632
711
is removed from the LAN */
634
713
switch (event) {
635
714
default:
636
715
case AVAHI_BROWSER_FAILURE:
637
638
fprintf(stderr, "(Browser) %s\n",
716
717
fprintf(stderr, "(Avahi browser) %s\n",
639
718
avahi_strerror(avahi_server_errno(mc->server)));
640
719
avahi_simple_poll_quit(mc->simple_poll);
641
720
return;
642
721
643
722
case AVAHI_BROWSER_NEW:
644
/* We ignore the returned resolver object. In the callback
645
function we free it. If the server is terminated before
646
the callback function is called the server will free
647
the resolver for us. */
648
649
if (!(avahi_s_service_resolver_new(mc->server, interface, protocol, name,
650
type, domain,
723
/* We ignore the returned Avahi resolver object. In the callback
724
function we free it. If the Avahi server is terminated before
725
the callback function is called the Avahi server will free the
726
resolver for us. */
727
728
if (!(avahi_s_service_resolver_new(mc->server, interface,
729
protocol, name, type, domain,
651
730
AVAHI_PROTO_INET6, 0,
652
731
resolve_callback, mc)))
653
fprintf(stderr, "Failed to resolve service '%s': %s\n", name,
654
avahi_strerror(avahi_server_errno(s)));
732
fprintf(stderr, "Avahi: Failed to resolve service '%s': %s\n",
733
name, avahi_strerror(avahi_server_errno(mc->server)));
655
734
break;
656
735
657
736
case AVAHI_BROWSER_REMOVE:
658
737
break;
659
738
660
739
case AVAHI_BROWSER_ALL_FOR_NOW:
661
740
case AVAHI_BROWSER_CACHE_EXHAUSTED:
741
if(debug){
742
fprintf(stderr, "No Mandos server found, still searching...\n");
743
}
662
744
break;
663
745
}
664
746
}
665
747
666
748
/* Combines file name and path and returns the malloced new
667
749
string. some sane checks could/should be added */
668
static const char *combinepath(const char *first, const char *second){
669
size_t f_len = strlen(first);
670
size_t s_len = strlen(second);
671
char *tmp = malloc(f_len + s_len + 2);
672
if (tmp == NULL){
750
static char *combinepath(const char *first, const char *second){
751
char *tmp;
752
int ret = asprintf(&tmp, "%s/%s", first, second);
753
if(ret < 0){
673
754
return NULL;
674
755
}
675
if(f_len > 0){
676
memcpy(tmp, first, f_len);
677
}
678
tmp[f_len] = '/';
679
if(s_len > 0){
680
memcpy(tmp + f_len + 1, second, s_len);
681
}
682
tmp[f_len + 1 + s_len] = '\0';
683
756
return tmp;
684
757
}
685
758
686
759
687
int main(AVAHI_GCC_UNUSED int argc, AVAHI_GCC_UNUSED char*argv[]) {
688
AvahiServerConfig config;
760
int main(int argc, char *argv[]){
689
761
AvahiSServiceBrowser *sb = NULL;
690
762
int error;
691
763
int ret;
692
int returncode = EXIT_SUCCESS;
764
int exitcode = EXIT_SUCCESS;
693
765
const char *interface = "eth0";
694
766
struct ifreq network;
695
767
int sd;
768
uid_t uid;
769
gid_t gid;
696
770
char *connect_to = NULL;
697
771
AvahiIfIndex if_index = AVAHI_IF_UNSPEC;
772
char *pubkeyfilename = NULL;
773
char *seckeyfilename = NULL;
774
const char *pubkeyname = "pubkey.txt";
775
const char *seckeyname = "seckey.txt";
698
776
mandos_context mc = { .simple_poll = NULL, .server = NULL,
699
.dh_bits = 2048, .priority = "SECURE256"};
777
.dh_bits = 1024, .priority = "SECURE256"};
778
bool gnutls_initalized = false;
700
779
701
while (true){
702
static struct option long_options[] = {
703
{"debug", no_argument, (int *)&debug, 1},
704
{"connect", required_argument, 0, 'C'},
705
{"interface", required_argument, 0, 'i'},
706
{"certdir", required_argument, 0, 'd'},
707
{"certkey", required_argument, 0, 'c'},
708
{"certfile", required_argument, 0, 'k'},
709
{"dh_bits", required_argument, 0, 'D'},
710
{"priority", required_argument, 0, 'p'},
711
{0, 0, 0, 0} };
712
713
int option_index = 0;
714
ret = getopt_long (argc, argv, "i:", long_options,
715
&option_index);
716
717
if (ret == -1){
718
break;
719
}
720
721
switch(ret){
722
case 0:
723
break;
724
case 'i':
725
interface = optarg;
726
break;
727
case 'C':
728
connect_to = optarg;
729
break;
730
case 'd':
731
certdir = optarg;
732
break;
733
case 'c':
734
certfile = optarg;
735
break;
736
case 'k':
737
certkey = optarg;
738
break;
739
case 'D':
740
{
741
long int tmp;
780
{
781
struct argp_option options[] = {
782
{ .name = "debug", .key = 128,
783
.doc = "Debug mode", .group = 3 },
784
{ .name = "connect", .key = 'c',
785
.arg = "IP",
786
.doc = "Connect directly to a sepcified mandos server",
787
.group = 1 },
788
{ .name = "interface", .key = 'i',
789
.arg = "INTERFACE",
790
.doc = "Interface that Avahi will conntect through",
791
.group = 1 },
792
{ .name = "keydir", .key = 'd',
793
.arg = "KEYDIR",
794
.doc = "Directory where the openpgp keyring is",
795
.group = 1 },
796
{ .name = "seckey", .key = 's',
797
.arg = "SECKEY",
798
.doc = "Secret openpgp key for gnutls authentication",
799
.group = 1 },
800
{ .name = "pubkey", .key = 'p',
801
.arg = "PUBKEY",
802
.doc = "Public openpgp key for gnutls authentication",
803
.group = 2 },
804
{ .name = "dh-bits", .key = 129,
805
.arg = "BITS",
806
.doc = "dh-bits to use in gnutls communication",
807
.group = 2 },
808
{ .name = "priority", .key = 130,
809
.arg = "PRIORITY",
810
.doc = "GNUTLS priority", .group = 1 },
811
{ .name = NULL }
812
};
813
814
815
error_t parse_opt (int key, char *arg,
816
struct argp_state *state) {
817
/* Get the INPUT argument from `argp_parse', which we know is
818
a pointer to our plugin list pointer. */
819
switch (key) {
820
case 128:
821
debug = true;
822
break;
823
case 'c':
824
connect_to = arg;
825
break;
826
case 'i':
827
interface = arg;
828
break;
829
case 'd':
830
keydir = arg;
831
break;
832
case 's':
833
seckeyname = arg;
834
break;
835
case 'p':
836
pubkeyname = arg;
837
break;
838
case 129:
742
839
errno = 0;
743
tmp = strtol(optarg, NULL, 10);
744
if (errno == ERANGE){
840
mc.dh_bits = (unsigned int) strtol(arg, NULL, 10);
841
if (errno){
745
842
perror("strtol");
746
843
exit(EXIT_FAILURE);
747
844
}
748
mc.dh_bits = tmp;
749
}
750
break;
751
case 'p':
752
mc.priority = optarg;
753
break;
754
default:
755
exit(EXIT_FAILURE);
756
}
757
}
758
759
certfile = combinepath(certdir, certfile);
760
if (certfile == NULL){
761
perror("combinepath");
762
returncode = EXIT_FAILURE;
763
goto exit;
764
}
765
766
certkey = combinepath(certdir, certkey);
767
if (certkey == NULL){
768
perror("combinepath");
769
returncode = EXIT_FAILURE;
770
goto exit;
845
break;
846
case 130:
847
mc.priority = arg;
848
break;
849
case ARGP_KEY_ARG:
850
argp_usage (state);
851
case ARGP_KEY_END:
852
break;
853
default:
854
return ARGP_ERR_UNKNOWN;
855
}
856
return 0;
857
}
858
859
struct argp argp = { .options = options, .parser = parse_opt,
860
.args_doc = "",
861
.doc = "Mandos client -- Get and decrypt"
862
" passwords from mandos server" };
863
ret = argp_parse (&argp, argc, argv, 0, 0, NULL);
864
if (ret == ARGP_ERR_UNKNOWN){
865
fprintf(stderr, "Unknown error while parsing arguments\n");
866
exitcode = EXIT_FAILURE;
867
goto end;
868
}
869
}
870
871
pubkeyfilename = combinepath(keydir, pubkeyname);
872
if (pubkeyfilename == NULL){
873
perror("combinepath");
874
exitcode = EXIT_FAILURE;
875
goto end;
876
}
877
878
seckeyfilename = combinepath(keydir, seckeyname);
879
if (seckeyfilename == NULL){
880
perror("combinepath");
881
exitcode = EXIT_FAILURE;
882
goto end;
883
}
884
885
ret = init_gnutls_global(&mc, pubkeyfilename, seckeyfilename);
886
if (ret == -1){
887
fprintf(stderr, "init_gnutls_global failed\n");
888
exitcode = EXIT_FAILURE;
889
goto end;
890
} else {
891
gnutls_initalized = true;
892
}
893
894
/* If the interface is down, bring it up */
895
{
896
sd = socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP);
897
if(sd < 0) {
898
perror("socket");
899
exitcode = EXIT_FAILURE;
900
goto end;
901
}
902
strcpy(network.ifr_name, interface);
903
ret = ioctl(sd, SIOCGIFFLAGS, &network);
904
if(ret == -1){
905
perror("ioctl SIOCGIFFLAGS");
906
exitcode = EXIT_FAILURE;
907
goto end;
908
}
909
if((network.ifr_flags & IFF_UP) == 0){
910
network.ifr_flags |= IFF_UP;
911
ret = ioctl(sd, SIOCSIFFLAGS, &network);
912
if(ret == -1){
913
perror("ioctl SIOCSIFFLAGS");
914
exitcode = EXIT_FAILURE;
915
goto end;
916
}
917
}
918
close(sd);
919
}
920
921
uid = getuid();
922
gid = getgid();
923
924
ret = setuid(uid);
925
if (ret == -1){
926
perror("setuid");
927
}
928
929
setgid(gid);
930
if (ret == -1){
931
perror("setgid");
771
932
}
772
933
773
934
if_index = (AvahiIfIndex) if_nametoindex(interface);
782
943
char *address = strrchr(connect_to, ':');
783
944
if(address == NULL){
784
945
fprintf(stderr, "No colon in address\n");
785
exit(EXIT_FAILURE);
946
exitcode = EXIT_FAILURE;
947
goto end;
786
948
}
787
949
errno = 0;
788
950
uint16_t port = (uint16_t) strtol(address+1, NULL, 10);
789
951
if(errno){
790
952
perror("Bad port number");
791
exit(EXIT_FAILURE);
953
exitcode = EXIT_FAILURE;
954
goto end;
792
955
}
793
956
*address = '\0';
794
957
address = connect_to;
795
ret = start_mandos_communication(address, port, if_index);
958
ret = start_mandos_communication(address, port, if_index, &mc);
796
959
if(ret < 0){
797
exit(EXIT_FAILURE);
960
exitcode = EXIT_FAILURE;
798
961
} else {
799
exit(EXIT_SUCCESS);
800
}
801
}
802
803
sd = socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP);
804
if(sd < 0) {
805
perror("socket");
806
returncode = EXIT_FAILURE;
807
goto exit;
808
}
809
strcpy(network.ifr_name, interface);
810
ret = ioctl(sd, SIOCGIFFLAGS, &network);
811
if(ret == -1){
812
813
perror("ioctl SIOCGIFFLAGS");
814
returncode = EXIT_FAILURE;
815
goto exit;
816
}
817
if((network.ifr_flags & IFF_UP) == 0){
818
network.ifr_flags |= IFF_UP;
819
ret = ioctl(sd, SIOCSIFFLAGS, &network);
820
if(ret == -1){
821
perror("ioctl SIOCSIFFLAGS");
822
returncode = EXIT_FAILURE;
823
goto exit;
824
}
825
}
826
close(sd);
962
exitcode = EXIT_SUCCESS;
963
}
964
goto end;
965
}
827
966
828
967
if (not debug){
829
968
avahi_set_log_function(empty_log);
830
969
}
831
970
832
/* Initialize the psuedo-RNG */
971
/* Initialize the pseudo-RNG for Avahi */
833
972
srand((unsigned int) time(NULL));
834
835
/* Allocate main loop object */
836
if (!(mc.simple_poll = avahi_simple_poll_new())) {
837
fprintf(stderr, "Failed to create simple poll object.\n");
838
returncode = EXIT_FAILURE;
839
goto exit;
840
}
841
842
/* Do not publish any local records */
843
avahi_server_config_init(&config);
844
config.publish_hinfo = 0;
845
config.publish_addresses = 0;
846
config.publish_workstation = 0;
847
config.publish_domain = 0;
848
849
/* Allocate a new server */
850
mc.server = avahi_server_new(avahi_simple_poll_get(simple_poll),
851
&config, NULL, NULL, &error);
852
853
/* Free the configuration data */
854
avahi_server_config_free(&config);
855
856
/* Check if creating the server object succeeded */
857
if (!mc.server) {
858
fprintf(stderr, "Failed to create server: %s\n",
973
974
/* Allocate main Avahi loop object */
975
mc.simple_poll = avahi_simple_poll_new();
976
if (mc.simple_poll == NULL) {
977
fprintf(stderr, "Avahi: Failed to create simple poll"
978
" object.\n");
979
exitcode = EXIT_FAILURE;
980
goto end;
981
}
982
983
{
984
AvahiServerConfig config;
985
/* Do not publish any local Zeroconf records */
986
avahi_server_config_init(&config);
987
config.publish_hinfo = 0;
988
config.publish_addresses = 0;
989
config.publish_workstation = 0;
990
config.publish_domain = 0;
991
992
/* Allocate a new server */
993
mc.server = avahi_server_new(avahi_simple_poll_get
994
(mc.simple_poll), &config, NULL,
995
NULL, &error);
996
997
/* Free the Avahi configuration data */
998
avahi_server_config_free(&config);
999
}
1000
1001
/* Check if creating the Avahi server object succeeded */
1002
if (mc.server == NULL) {
1003
fprintf(stderr, "Failed to create Avahi server: %s\n",
859
1004
avahi_strerror(error));
860
returncode = EXIT_FAILURE;
861
goto exit;
1005
exitcode = EXIT_FAILURE;
1006
goto end;
862
1007
}
863
1008
864
/* Create the service browser */
1009
/* Create the Avahi service browser */
865
1010
sb = avahi_s_service_browser_new(mc.server, if_index,
866
1011
AVAHI_PROTO_INET6,
867
1012
"_mandos._tcp", NULL, 0,
868
1013
browse_callback, &mc);
869
if (!sb) {
1014
if (sb == NULL) {
870
1015
fprintf(stderr, "Failed to create service browser: %s\n",
871
1016
avahi_strerror(avahi_server_errno(mc.server)));
872
returncode = EXIT_FAILURE;
873
goto exit;
1017
exitcode = EXIT_FAILURE;
1018
goto end;
874
1019
}
875
1020
876
1021
/* Run the main loop */
877
1022
878
1023
if (debug){
879
fprintf(stderr, "Starting avahi loop search\n");
1024
fprintf(stderr, "Starting Avahi loop search\n");
880
1025
}
881
1026
882
avahi_simple_poll_loop(simple_poll);
1027
avahi_simple_poll_loop(mc.simple_poll);
883
1028
884
exit:
1029
end:
885
1030
886
1031
if (debug){
887
1032
fprintf(stderr, "%s exiting\n", argv[0]);
888
1033
}
889
1034
890
1035
/* Cleanup things */
891
if (sb)
1036
if (sb != NULL)
892
1037
avahi_s_service_browser_free(sb);
893
1038
894
if (mc.server)
1039
if (mc.server != NULL)
895
1040
avahi_server_free(mc.server);
896
1041
897
if (simple_poll)
898
avahi_simple_poll_free(simple_poll);
899
free(certfile);
900
free(certkey);
1042
if (mc.simple_poll != NULL)
1043
avahi_simple_poll_free(mc.simple_poll);
1044
free(pubkeyfilename);
1045
free(seckeyfilename);
1046
1047
if (gnutls_initalized){
1048
gnutls_certificate_free_credentials(mc.cred);
1049
gnutls_global_deinit ();
1050
}
901
1051
902
return returncode;
1052
return exitcode;
903
1053
}
Loggerhead is a web-based interface for Breezy
Version: 2.0.2.dev0