/mandos/trunk : revision 13

1

/* -*- coding: utf-8 -*- */

2

/*

3

* Mandos client - get and decrypt data from a Mandos server

1

/* $Id$ */

2

3

/* PLEASE NOTE *

4

* This file demonstrates how to use Avahi's core API, this is

5

* the embeddable mDNS stack for embedded applications.

4

6

*

5

* This program is partly derived from an example program for an Avahi

6

* service browser, downloaded from

7

* <http://avahi.org/browser/examples/core-browse-services.c>. This

8

* includes the following functions: "resolve_callback",

9

* "browse_callback", and parts of "main".

10

*

11

* Everything else is

12

13

*

14

* This program is free software: you can redistribute it and/or

15

* modify it under the terms of the GNU General Public License as

16

* published by the Free Software Foundation, either version 3 of the

17

* License, or (at your option) any later version.

18

*

19

* This program is distributed in the hope that it will be useful, but

20

* WITHOUT ANY WARRANTY; without even the implied warranty of

21

* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU

22

* General Public License for more details.

23

*

24

* You should have received a copy of the GNU General Public License

25

* along with this program. If not, see

26

* <http://www.gnu.org/licenses/>.

27

*

28

* Contact the authors at <https://www.fukt.bsnet.se/~belorn/> and

29

* <https://www.fukt.bsnet.se/~teddy/>.

7

* End user applications should *not* use this API and should use

8

* the D-Bus or C APIs, please see

9

* client-browse-services.c and glib-integration.c

10

*

11

* I repeat, you probably do *not* want to use this example.

30

12

*/

31

13

32

/* Needed by GPGME, specifically gpgme_data_seek() */

14

/***

15

This file is part of avahi.

16

17

avahi is free software; you can redistribute it and/or modify it

18

under the terms of the GNU Lesser General Public License as

19

published by the Free Software Foundation; either version 2.1 of the

20

License, or (at your option) any later version.

21

22

avahi is distributed in the hope that it will be useful, but WITHOUT

23

ANY WARRANTY; without even the implied warranty of MERCHANTABILITY

24

or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General

25

Public License for more details.

26

27

You should have received a copy of the GNU Lesser General Public

28

License along with avahi; if not, write to the Free Software

29

Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307

30

USA.

31

***/

32

33

#define _LARGEFILE_SOURCE

34

#define _FILE_OFFSET_BITS 64

35

47

#include <avahi-common/error.h>

48

49

//mandos client part

50

#include <sys/types.h> /* socket(), inet_pton() */

51

#include <sys/socket.h> /* socket(), struct sockaddr_in6,

52

struct in6_addr, inet_pton() */

53

#include <gnutls/gnutls.h> /* All GnuTLS stuff */

54

#include <gnutls/openpgp.h> /* GnuTLS with openpgp stuff */

50

#include <sys/types.h> /* socket(), setsockopt(), inet_pton() */

51

#include <sys/socket.h> /* socket(), setsockopt(), struct sockaddr_in6, struct in6_addr, inet_pton() */

52

#include <gnutls/gnutls.h> /* ALL GNUTLS STUFF */

53

#include <gnutls/openpgp.h> /* gnutls with openpgp stuff */

55

54

56

55

#include <unistd.h> /* close() */

57

56

#include <netinet/in.h>

64

63

#include <errno.h> /* perror() */

65

64

#include <gpgme.h>

66

65

67

// getopt long

68

#include <getopt.h>

69

66

67

#ifndef CERT_ROOT

68

#define CERT_ROOT "/conf/conf.d/cryptkeyreq/"

69

#endif

70

#define CERTFILE CERT_ROOT "openpgp-client.txt"

71

#define KEYFILE CERT_ROOT "openpgp-client-key.txt"

70

72

#define BUFFER_SIZE 256

71

73

#define DH_BITS 1024

72

74

73

const char *certdir = "/conf/conf.d/cryptkeyreq/";

74

const char *certfile = "openpgp-client.txt";

75

const char *certkey = "openpgp-client-key.txt";

76

77

bool debug = false;

78

79

75

typedef struct {

80

76

gnutls_session_t session;

81

77

gnutls_certificate_credentials_t cred;

83

79

} encrypted_session;

84

80

85

81

86

ssize_t pgp_packet_decrypt (char *packet, size_t packet_size,

87

char **new_packet, const char *homedir){

82

ssize_t gpg_packet_decrypt (char *packet, size_t packet_size, char **new_packet, char *homedir){

88

83

gpgme_data_t dh_crypto, dh_plain;

89

84

gpgme_ctx_t ctx;

90

85

gpgme_error_t rc;

91

86

ssize_t ret;

92

ssize_t new_packet_capacity = 0;

93

ssize_t new_packet_length = 0;

87

size_t new_packet_capacity = 0;

88

size_t new_packet_length = 0;

94

89

gpgme_engine_info_t engine_info;

95

90

96

if (debug){

97

fprintf(stderr, "Trying to decrypt OpenPGP packet\n");

98

}

99

100

91

/* Init GPGME */

101

92

gpgme_check_version(NULL);

102

rc = gpgme_engine_check_version(GPGME_PROTOCOL_OpenPGP);

103

if (rc != GPG_ERR_NO_ERROR){

104

fprintf(stderr, "bad gpgme_engine_check_version: %s: %s\n",

105

gpgme_strsource(rc), gpgme_strerror(rc));

106

return -1;

107

}

93

gpgme_engine_check_version(GPGME_PROTOCOL_OpenPGP);

108

94

109

95

/* Set GPGME home directory */

110

96

rc = gpgme_get_engine_info (&engine_info);

150

136

return -1;

151

137

}

152

138

153

/* Decrypt data from the FILE pointer to the plaintext data

154

buffer */

139

/* Decrypt data from the FILE pointer to the plaintext data buffer */

155

140

rc = gpgme_op_decrypt(ctx, dh_crypto, dh_plain);

156

141

if (rc != GPG_ERR_NO_ERROR){

157

142

fprintf(stderr, "bad gpgme_op_decrypt: %s: %s\n",

158

143

gpgme_strsource(rc), gpgme_strerror(rc));

159

144

return -1;

160

145

}

161

162

if(debug){

163

fprintf(stderr, "Decryption of OpenPGP packet succeeded\n");

164

}

165

166

if (debug){

167

gpgme_decrypt_result_t result;

168

result = gpgme_op_decrypt_result(ctx);

169

if (result == NULL){

170

fprintf(stderr, "gpgme_op_decrypt_result failed\n");

171

} else {

172

fprintf(stderr, "Unsupported algorithm: %s\n",

173

result->unsupported_algorithm);

174

fprintf(stderr, "Wrong key usage: %d\n",

175

result->wrong_key_usage);

176

if(result->file_name != NULL){

177

fprintf(stderr, "File name: %s\n", result->file_name);

178

}

179

gpgme_recipient_t recipient;

180

recipient = result->recipients;

181

if(recipient){

182

while(recipient != NULL){

183

fprintf(stderr, "Public key algorithm: %s\n",

184

gpgme_pubkey_algo_name(recipient->pubkey_algo));

185

fprintf(stderr, "Key ID: %s\n", recipient->keyid);

186

fprintf(stderr, "Secret key available: %s\n",

187

recipient->status == GPG_ERR_NO_SECKEY

188

? "No" : "Yes");

189

recipient = recipient->next;

190

}

191

}

192

}

193

}

194

146

147

/* gpgme_decrypt_result_t result; */

148

/* result = gpgme_op_decrypt_result(ctx); */

149

/* fprintf(stderr, "Unsupported algorithm: %s\n", result->unsupported_algorithm); */

150

/* fprintf(stderr, "Wrong key usage: %d\n", result->wrong_key_usage); */

151

/* if(result->file_name != NULL){ */

152

/* fprintf(stderr, "File name: %s\n", result->file_name); */

153

/* } */

154

/* gpgme_recipient_t recipient; */

155

/* recipient = result->recipients; */

156

/* if(recipient){ */

157

/* while(recipient != NULL){ */

158

/* fprintf(stderr, "Public key algorithm: %s\n", */

159

/* gpgme_pubkey_algo_name(recipient->pubkey_algo)); */

160

/* fprintf(stderr, "Key ID: %s\n", recipient->keyid); */

161

/* fprintf(stderr, "Secret key available: %s\n", */

162

/* recipient->status == GPG_ERR_NO_SECKEY ? "No" : "Yes"); */

163

/* recipient = recipient->next; */

164

/* } */

165

/* } */

166

195

167

/* Delete the GPGME FILE pointer cryptotext data buffer */

196

168

gpgme_data_release(dh_crypto);

197

169

198

170

/* Seek back to the beginning of the GPGME plaintext data buffer */

199

if (gpgme_data_seek(dh_plain, (off_t) 0, SEEK_SET) == -1){

200

perror("pgpme_data_seek");

201

}

202

171

gpgme_data_seek(dh_plain, 0, SEEK_SET);

172

203

173

*new_packet = 0;

204

174

while(true){

205

175

if (new_packet_length + BUFFER_SIZE > new_packet_capacity){

206

*new_packet = realloc(*new_packet,

207

(unsigned int)new_packet_capacity

208

+ BUFFER_SIZE);

176

*new_packet = realloc(*new_packet, new_packet_capacity + BUFFER_SIZE);

209

177

if (*new_packet == NULL){

210

178

perror("realloc");

211

179

return -1;

213

181

new_packet_capacity += BUFFER_SIZE;

214

182

}

215

183

216

ret = gpgme_data_read(dh_plain, *new_packet + new_packet_length,

217

BUFFER_SIZE);

184

ret = gpgme_data_read(dh_plain, *new_packet + new_packet_length, BUFFER_SIZE);

218

185

/* Print the data, if any */

219

186

if (ret == 0){

187

/* If password is empty, then a incorrect error will be printed */

220

188

break;

221

189

}

222

190

if(ret < 0){

226

194

new_packet_length += ret;

227

195

}

228

196

229

/* FIXME: check characters before printing to screen so to not print

230

terminal control characters */

231

/* if(debug){ */

232

/* fprintf(stderr, "decrypted password is: "); */

233

/* fwrite(*new_packet, 1, new_packet_length, stderr); */

234

/* fprintf(stderr, "\n"); */

235

/* } */

236

237

/* Delete the GPGME plaintext data buffer */

197

/* Delete the GPGME plaintext data buffer */

238

198

gpgme_data_release(dh_plain);

239

199

return new_packet_length;

240

200

}

246

206

return ret;

247

207

}

248

208

249

void debuggnutls(__attribute__((unused)) int level,

250

const char* string){

209

void debuggnutls(int level, const char* string){

251

210

fprintf(stderr, "%s", string);

252

211

}

253

212

255

214

const char *err;

256

215

int ret;

257

216

258

if(debug){

259

fprintf(stderr, "Initializing GnuTLS\n");

260

}

261

262

217

if ((ret = gnutls_global_init ())

263

218

!= GNUTLS_E_SUCCESS) {

264

219

fprintf (stderr, "global_init: %s\n", safer_gnutls_strerror(ret));

265

220

return -1;

266

221

}

267

222

268

if (debug){

269

gnutls_global_set_log_level(11);

270

gnutls_global_set_log_function(debuggnutls);

271

}

272

223

/* Uncomment to enable full debuggin on the gnutls library */

224

/* gnutls_global_set_log_level(11); */

225

/* gnutls_global_set_log_function(debuggnutls); */

226

227

273

228

/* openpgp credentials */

274

229

if ((ret = gnutls_certificate_allocate_credentials (&es->cred))

275

230

!= GNUTLS_E_SUCCESS) {

276

fprintf (stderr, "memory error: %s\n",

277

safer_gnutls_strerror(ret));

231

fprintf (stderr, "memory error: %s\n", safer_gnutls_strerror(ret));

278

232

return -1;

279

233

}

280

281

if(debug){

282

fprintf(stderr, "Attempting to use OpenPGP certificate %s"

283

" and keyfile %s as GnuTLS credentials\n", certfile,

284

certkey);

285

}

286

234

287

235

ret = gnutls_certificate_set_openpgp_key_file

288

(es->cred, certfile, certkey, GNUTLS_OPENPGP_FMT_BASE64);

236

(es->cred, CERTFILE, KEYFILE, GNUTLS_OPENPGP_FMT_BASE64);

289

237

if (ret != GNUTLS_E_SUCCESS) {

290

238

fprintf

291

(stderr, "Error[%d] while reading the OpenPGP key pair ('%s',"

292

" '%s')\n",

293

ret, certfile, certkey);

239

(stderr, "Error[%d] while reading the OpenPGP key pair ('%s', '%s')\n",

240

ret, CERTFILE, KEYFILE);

294

241

fprintf(stdout, "The Error is: %s\n",

295

242

safer_gnutls_strerror(ret));

296

243

return -1;

297

244

}

298

299

//GnuTLS server initialization

245

246

//Gnutls server initialization

300

247

if ((ret = gnutls_dh_params_init (&es->dh_params))

301

248

!= GNUTLS_E_SUCCESS) {

302

249

fprintf (stderr, "Error in dh parameter initialization: %s\n",

303

250

safer_gnutls_strerror(ret));

304

251

return -1;

305

252

}

306

253

307

254

if ((ret = gnutls_dh_params_generate2 (es->dh_params, DH_BITS))

308

255

!= GNUTLS_E_SUCCESS) {

309

256

fprintf (stderr, "Error in prime generation: %s\n",

310

257

safer_gnutls_strerror(ret));

311

258

return -1;

312

259

}

313

260

314

261

gnutls_certificate_set_dh_params (es->cred, es->dh_params);

315

316

// GnuTLS session creation

262

263

// Gnutls session creation

317

264

if ((ret = gnutls_init (&es->session, GNUTLS_SERVER))

318

265

!= GNUTLS_E_SUCCESS){

319

fprintf(stderr, "Error in GnuTLS session initialization: %s\n",

266

fprintf(stderr, "Error in gnutls session initialization: %s\n",

320

267

safer_gnutls_strerror(ret));

321

268

}

322

269

323

270

if ((ret = gnutls_priority_set_direct (es->session, "NORMAL", &err))

324

271

!= GNUTLS_E_SUCCESS) {

325

272

fprintf(stderr, "Syntax error at: %s\n", err);

326

fprintf(stderr, "GnuTLS error: %s\n",

273

fprintf(stderr, "Gnutls error: %s\n",

327

274

safer_gnutls_strerror(ret));

328

275

return -1;

329

276

}

330

277

331

278

if ((ret = gnutls_credentials_set

332

279

(es->session, GNUTLS_CRD_CERTIFICATE, es->cred))

333

280

!= GNUTLS_E_SUCCESS) {

335

282

safer_gnutls_strerror(ret));

336

283

return -1;

337

284

}

338

285

339

286

/* ignore client certificate if any. */

340

gnutls_certificate_server_set_request (es->session,

341

GNUTLS_CERT_IGNORE);

287

gnutls_certificate_server_set_request (es->session, GNUTLS_CERT_IGNORE);

342

288

343

289

gnutls_dh_set_prime_bits (es->session, DH_BITS);

344

290

345

291

return 0;

346

292

}

347

293

348

void empty_log(__attribute__((unused)) AvahiLogLevel level,

349

__attribute__((unused)) const char *txt){}

294

void empty_log(AvahiLogLevel level, const char *txt){}

350

295

351

int start_mandos_communication(const char *ip, uint16_t port,

352

AvahiIfIndex if_index){

296

int start_mandos_communcation(char *ip, uint16_t port){

353

297

int ret, tcp_sd;

354

298

struct sockaddr_in6 to;

299

struct in6_addr ip_addr;

355

300

encrypted_session es;

356

301

char *buffer = NULL;

357

302

char *decrypted_buffer;

358

303

size_t buffer_length = 0;

359

304

size_t buffer_capacity = 0;

360

305

ssize_t decrypted_buffer_size;

361

size_t written = 0;

362

306

int retval = 0;

363

char interface[IF_NAMESIZE];

364

365

if(debug){

366

fprintf(stderr, "Setting up a tcp connection to %s, port %d\n",

367

ip, port);

368

}

307

369

308

370

309

tcp_sd = socket(PF_INET6, SOCK_STREAM, 0);

371

310

if(tcp_sd < 0) {

373

312

return -1;

374

313

}

375

314

376

if(if_indextoname((unsigned int)if_index, interface) == NULL){

377

if(debug){

378

perror("if_indextoname");

379

}

315

ret = setsockopt(tcp_sd, SOL_SOCKET, SO_BINDTODEVICE, "eth0", 5);

316

if(tcp_sd < 0) {

317

perror("setsockopt bindtodevice");

380

318

return -1;

381

319

}

382

320

383

if(debug){

384

fprintf(stderr, "Binding to interface %s\n", interface);

385

}

386

387

memset(&to,0,sizeof(to)); /* Spurious warning */

321

memset(&to,0,sizeof(to));

388

322

to.sin6_family = AF_INET6;

389

ret = inet_pton(AF_INET6, ip, &to.sin6_addr);

323

ret = inet_pton(AF_INET6, ip, &ip_addr);

390

324

if (ret < 0 ){

391

325

perror("inet_pton");

392

326

return -1;

395

329

fprintf(stderr, "Bad address: %s\n", ip);

396

330

return -1;

397

331

}

398

to.sin6_port = htons(port); /* Spurious warning */

399

400

to.sin6_scope_id = (uint32_t)if_index;

401

402

if(debug){

403

fprintf(stderr, "Connection to: %s, port %d\n", ip, port);

404

/* char addrstr[INET6_ADDRSTRLEN]; */

405

/* if(inet_ntop(to.sin6_family, &(to.sin6_addr), addrstr, */

406

/* sizeof(addrstr)) == NULL){ */

407

/* perror("inet_ntop"); */

408

/* } else { */

409

/* fprintf(stderr, "Really connecting to: %s, port %d\n", */

410

/* addrstr, ntohs(to.sin6_port)); */

411

/* } */

412

}

332

to.sin6_port = htons(port);

333

to.sin6_scope_id = if_nametoindex("eth0");

413

334

414

335

ret = connect(tcp_sd, (struct sockaddr *) &to, sizeof(to));

415

336

if (ret < 0){

422

343

retval = -1;

423

344

return -1;

424

345

}

425

426

gnutls_transport_set_ptr (es.session,

427

(gnutls_transport_ptr_t) tcp_sd);

428

429

if(debug){

430

fprintf(stderr, "Establishing TLS session with %s\n", ip);

431

}

432

346

347

348

gnutls_transport_set_ptr (es.session, (gnutls_transport_ptr_t) tcp_sd);

349

433

350

ret = gnutls_handshake (es.session);

434

351

435

352

if (ret != GNUTLS_E_SUCCESS){

436

if(debug){

437

fprintf(stderr, "\n*** Handshake failed ***\n");

438

gnutls_perror (ret);

439

}

353

fprintf(stderr, "\n*** Handshake failed ***\n");

354

gnutls_perror (ret);

440

355

retval = -1;

441

356

goto exit;

442

357

}

443

444

//Retrieve OpenPGP packet that contains the wanted password

445

446

if(debug){

447

fprintf(stderr, "Retrieving pgp encrypted password from %s\n",

448

ip);

449

}

450

358

359

//retrive password

451

360

while(true){

452

361

if (buffer_length + BUFFER_SIZE > buffer_capacity){

453

362

buffer = realloc(buffer, buffer_capacity + BUFFER_SIZE);

478

387

}

479

388

break;

480

389

default:

481

fprintf(stderr, "Unknown error while reading data from"

482

" encrypted session with mandos server\n");

390

fprintf(stderr, "Unknown error while reading data from encrypted session with mandos server\n");

483

391

retval = -1;

484

392

gnutls_bye (es.session, GNUTLS_SHUT_RDWR);

485

393

goto exit;

486

394

}

487

395

} else {

488

buffer_length += (size_t) ret;

396

buffer_length += ret;

489

397

}

490

398

}

491

399

492

400

if (buffer_length > 0){

493

decrypted_buffer_size = pgp_packet_decrypt(buffer,

494

buffer_length,

495

&decrypted_buffer,

496

certdir);

497

if (decrypted_buffer_size >= 0){

498

while(written < (size_t) decrypted_buffer_size){

499

ret = (int)fwrite (decrypted_buffer + written, 1,

500

(size_t)decrypted_buffer_size - written,

501

stdout);

502

if(ret == 0 and ferror(stdout)){

503

if(debug){

504

fprintf(stderr, "Error writing encrypted data: %s\n",

505

strerror(errno));

506

}

507

retval = -1;

508

break;

509

}

510

written += (size_t)ret;

511

}

401

if ((decrypted_buffer_size = gpg_packet_decrypt(buffer, buffer_length, &decrypted_buffer, CERT_ROOT)) == 0){

402

retval = -1;

403

} else {

404

fwrite (decrypted_buffer, 1, decrypted_buffer_size, stdout);

512

405

free(decrypted_buffer);

513

} else {

514

retval = -1;

515

406

}

516

407

}

517

408

409

free(buffer);

410

518

411

//shutdown procedure

519

520

if(debug){

521

fprintf(stderr, "Closing TLS session\n");

522

}

523

524

free(buffer);

525

412

gnutls_bye (es.session, GNUTLS_SHUT_RDWR);

526

413

exit:

527

414

close(tcp_sd);

536

423

537

424

static void resolve_callback(

538

425

AvahiSServiceResolver *r,

539

AvahiIfIndex interface,

426

AVAHI_GCC_UNUSED AvahiIfIndex interface,

540

427

AVAHI_GCC_UNUSED AvahiProtocol protocol,

541

428

AvahiResolverEvent event,

542

429

const char *name,

545

432

const char *host_name,

546

433

const AvahiAddress *address,

547

434

uint16_t port,

548

AVAHI_GCC_UNUSED AvahiStringList *txt,

549

AVAHI_GCC_UNUSED AvahiLookupResultFlags flags,

435

AvahiStringList *txt,

436

AvahiLookupResultFlags flags,

550

437

AVAHI_GCC_UNUSED void* userdata) {

551

438

552

assert(r); /* Spurious warning */

553

554

/* Called whenever a service has been resolved successfully or

555

timed out */

556

557

switch (event) {

558

default:

559

case AVAHI_RESOLVER_FAILURE:

560

fprintf(stderr, "(Resolver) Failed to resolve service '%s' of"

561

" type '%s' in domain '%s': %s\n", name, type, domain,

562

avahi_strerror(avahi_server_errno(server)));

563

break;

564

565

case AVAHI_RESOLVER_FOUND:

566

{

567

char ip[AVAHI_ADDRESS_STR_MAX];

568

avahi_address_snprint(ip, sizeof(ip), address);

569

if(debug){

570

fprintf(stderr, "Mandos server \"%s\" found on %s (%s) on"

571

" port %d\n", name, host_name, ip, port);

572

}

573

int ret = start_mandos_communication(ip, port, interface);

574

if (ret == 0){

575

exit(EXIT_SUCCESS);

576

}

439

assert(r);

440

441

/* Called whenever a service has been resolved successfully or timed out */

442

443

switch (event) {

444

case AVAHI_RESOLVER_FAILURE:

445

fprintf(stderr, "(Resolver) Failed to resolve service '%s' of type '%s' in domain '%s': %s\n", name, type, domain, avahi_strerror(avahi_server_errno(server)));

446

break;

447

448

case AVAHI_RESOLVER_FOUND: {

449

char ip[AVAHI_ADDRESS_STR_MAX];

450

avahi_address_snprint(ip, sizeof(ip), address);

451

int ret = start_mandos_communcation(ip, port);

452

if (ret == 0){

453

exit(EXIT_SUCCESS);

454

} else {

455

exit(EXIT_FAILURE);

456

}

457

}

577

458

}

578

}

579

avahi_s_service_resolver_free(r);

459

avahi_s_service_resolver_free(r);

580

460

}

581

461

582

462

static void browse_callback(

591

471

void* userdata) {

592

472

593

473

AvahiServer *s = userdata;

594

assert(b); /* Spurious warning */

595

596

/* Called whenever a new services becomes available on the LAN or

597

is removed from the LAN */

598

474

assert(b);

475

476

/* Called whenever a new services becomes available on the LAN or is removed from the LAN */

477

599

478

switch (event) {

600

default:

601

case AVAHI_BROWSER_FAILURE:

602

603

fprintf(stderr, "(Browser) %s\n",

604

avahi_strerror(avahi_server_errno(server)));

605

avahi_simple_poll_quit(simple_poll);

606

return;

607

608

case AVAHI_BROWSER_NEW:

609

/* We ignore the returned resolver object. In the callback

610

function we free it. If the server is terminated before

611

the callback function is called the server will free

612

the resolver for us. */

613

614

if (!(avahi_s_service_resolver_new(s, interface, protocol, name,

615

type, domain,

616

AVAHI_PROTO_INET6, 0,

617

resolve_callback, s)))

618

fprintf(stderr, "Failed to resolve service '%s': %s\n", name,

619

avahi_strerror(avahi_server_errno(s)));

620

break;

621

622

case AVAHI_BROWSER_REMOVE:

623

break;

624

625

case AVAHI_BROWSER_ALL_FOR_NOW:

626

case AVAHI_BROWSER_CACHE_EXHAUSTED:

627

break;

479

480

case AVAHI_BROWSER_FAILURE:

481

482

fprintf(stderr, "(Browser) %s\n", avahi_strerror(avahi_server_errno(server)));

483

avahi_simple_poll_quit(simple_poll);

484

return;

485

486

case AVAHI_BROWSER_NEW:

487

/* We ignore the returned resolver object. In the callback

488

function we free it. If the server is terminated before

489

the callback function is called the server will free

490

the resolver for us. */

491

492

if (!(avahi_s_service_resolver_new(s, interface, protocol, name, type, domain, AVAHI_PROTO_INET6, 0, resolve_callback, s)))

493

fprintf(stderr, "Failed to resolve service '%s': %s\n", name, avahi_strerror(avahi_server_errno(s)));

494

495

break;

496

497

case AVAHI_BROWSER_REMOVE:

498

break;

499

500

case AVAHI_BROWSER_ALL_FOR_NOW:

501

case AVAHI_BROWSER_CACHE_EXHAUSTED:

502

break;

628

503

}

629

504

}

630

505

631

/* combinds file name and path and returns the malloced new string. som sane checks could/should be added */

632

const char *combinepath(const char *first, const char *second){

633

char *tmp;

634

tmp = malloc(strlen(first) + strlen(second) + 2);

635

if (tmp == NULL){

636

perror("malloc");

637

return NULL;

638

}

639

strcpy(tmp, first);

640

if (first[0] != '\0' and first[strlen(first) - 1] != '/'){

641

strcat(tmp, "/");

642

}

643

strcat(tmp, second);

644

return tmp;

645

}

646

647

648

506

int main(AVAHI_GCC_UNUSED int argc, AVAHI_GCC_UNUSED char*argv[]) {

649

507

AvahiServerConfig config;

650

508

AvahiSServiceBrowser *sb = NULL;

651

509

int error;

652

int ret;

653

int returncode = EXIT_SUCCESS;

654

const char *interface = NULL;

655

AvahiIfIndex if_index = AVAHI_IF_UNSPEC;

656

char *connect_to = NULL;

657

658

while (true){

659

static struct option long_options[] = {

660

{"debug", no_argument, (int *)&debug, 1},

661

{"connect", required_argument, 0, 'C'},

662

{"interface", required_argument, 0, 'i'},

663

{"certdir", required_argument, 0, 'd'},

664

{"certkey", required_argument, 0, 'c'},

665

{"certfile", required_argument, 0, 'k'},

666

{0, 0, 0, 0} };

667

668

int option_index = 0;

669

ret = getopt_long (argc, argv, "i:", long_options,

670

&option_index);

671

672

if (ret == -1){

673

break;

674

}

675

676

switch(ret){

677

case 0:

678

break;

679

case 'i':

680

interface = optarg;

681

break;

682

case 'C':

683

connect_to = optarg;

684

break;

685

case 'd':

686

certdir = optarg;

687

break;

688

case 'c':

689

certfile = optarg;

690

break;

691

case 'k':

692

certkey = optarg;

693

break;

694

default:

695

exit(EXIT_FAILURE);

696

}

697

}

510

int ret = 1;

698

511

699

certfile = combinepath(certdir, certfile);

700

if (certfile == NULL){

701

goto exit;

702

}

703

704

if(interface != NULL){

705

if_index = (AvahiIfIndex) if_nametoindex(interface);

706

if(if_index == 0){

707

fprintf(stderr, "No such interface: \"%s\"\n", interface);

708

exit(EXIT_FAILURE);

709

}

710

}

711

712

if(connect_to != NULL){

713

/* Connect directly, do not use Zeroconf */

714

/* (Mainly meant for debugging) */

715

char *address = strrchr(connect_to, ':');

716

if(address == NULL){

717

fprintf(stderr, "No colon in address\n");

718

exit(EXIT_FAILURE);

719

}

720

errno = 0;

721

uint16_t port = (uint16_t) strtol(address+1, NULL, 10);

722

if(errno){

723

perror("Bad port number");

724

exit(EXIT_FAILURE);

725

}

726

*address = '\0';

727

address = connect_to;

728

ret = start_mandos_communication(address, port, if_index);

729

if(ret < 0){

730

exit(EXIT_FAILURE);

731

} else {

732

exit(EXIT_SUCCESS);

733

}

734

}

735

736

certkey = combinepath(certdir, certkey);

737

if (certkey == NULL){

738

goto exit;

739

}

740

741

if (not debug){

742

avahi_set_log_function(empty_log);

743

}

512

avahi_set_log_function(empty_log);

744

513

745

514

/* Initialize the psuedo-RNG */

746

srand((unsigned int) time(NULL));

515

srand(time(NULL));

747

516

748

517

/* Allocate main loop object */

749

518

if (!(simple_poll = avahi_simple_poll_new())) {

750

519

fprintf(stderr, "Failed to create simple poll object.\n");

751

752

goto exit;

520

goto fail;

753

521

}

754

522

755

523

/* Do not publish any local records */

759

527

config.publish_workstation = 0;

760

528

config.publish_domain = 0;

761

529

530

/* /\* Set a unicast DNS server for wide area DNS-SD *\/ */

531

/* avahi_address_parse("193.11.177.11", AVAHI_PROTO_UNSPEC, &config.wide_area_servers[0]); */

532

/* config.n_wide_area_servers = 1; */

533

/* config.enable_wide_area = 1; */

534

762

535

/* Allocate a new server */

763

server = avahi_server_new(avahi_simple_poll_get(simple_poll),

764

&config, NULL, NULL, &error);

536

server = avahi_server_new(avahi_simple_poll_get(simple_poll), &config, NULL, NULL, &error);

765

537

766

538

/* Free the configuration data */

767

539

avahi_server_config_free(&config);

768

540

769

/* Check if creating the server object succeeded */

541

/* Check wether creating the server object succeeded */

770

542

if (!server) {

771

fprintf(stderr, "Failed to create server: %s\n",

772

avahi_strerror(error));

773

returncode = EXIT_FAILURE;

774

goto exit;

543

fprintf(stderr, "Failed to create server: %s\n", avahi_strerror(error));

544

goto fail;

775

545

}

776

546

777

547

/* Create the service browser */

778

sb = avahi_s_service_browser_new(server, if_index,

779

AVAHI_PROTO_INET6,

780

"_mandos._tcp", NULL, 0,

781

browse_callback, server);

782

if (!sb) {

783

fprintf(stderr, "Failed to create service browser: %s\n",

784

avahi_strerror(avahi_server_errno(server)));

785

returncode = EXIT_FAILURE;

786

goto exit;

548

if (!(sb = avahi_s_service_browser_new(server, if_nametoindex("eth0"), AVAHI_PROTO_INET6, "_mandos._tcp", NULL, 0, browse_callback, server))) {

549

fprintf(stderr, "Failed to create service browser: %s\n", avahi_strerror(avahi_server_errno(server)));

550

goto fail;

787

551

}

788

552

789

553

/* Run the main loop */

790

791

if (debug){

792

fprintf(stderr, "Starting avahi loop search\n");

793

}

794

795

554

avahi_simple_poll_loop(simple_poll);

796

555

797

exit:

798

799

if (debug){

800

fprintf(stderr, "%s exiting\n", argv[0]);

801

}

556

ret = 0;

557

558

fail:

802

559

803

560

/* Cleanup things */

804

561

if (sb)

809

566

810

567

if (simple_poll)

811

568

avahi_simple_poll_free(simple_poll);

812

free(certfile);

813

free(certkey);

814

815

return returncode;

569

570

return ret;

816

571

}