/mandos/trunk : revision 13

1

/* -*- coding: utf-8 -*- */

2

/*

3

* Mandos client - get and decrypt data from a Mandos server

1

/* $Id$ */

2

3

/* PLEASE NOTE *

4

* This file demonstrates how to use Avahi's core API, this is

5

* the embeddable mDNS stack for embedded applications.

4

6

*

5

* This program is partly derived from an example program for an Avahi

6

* service browser, downloaded from

7

* <http://avahi.org/browser/examples/core-browse-services.c>. This

8

* includes the following functions: "resolve_callback",

9

* "browse_callback", and parts of "main".

10

*

11

* Everything else is

12

13

*

14

* This program is free software: you can redistribute it and/or

15

* modify it under the terms of the GNU General Public License as

16

* published by the Free Software Foundation, either version 3 of the

17

* License, or (at your option) any later version.

18

*

19

* This program is distributed in the hope that it will be useful, but

20

* WITHOUT ANY WARRANTY; without even the implied warranty of

21

* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU

22

* General Public License for more details.

23

*

24

* You should have received a copy of the GNU General Public License

25

* along with this program. If not, see

26

* <http://www.gnu.org/licenses/>.

27

*

28

* Contact the authors at <mandos@fukt.bsnet.se>.

7

* End user applications should *not* use this API and should use

8

* the D-Bus or C APIs, please see

9

* client-browse-services.c and glib-integration.c

10

*

11

* I repeat, you probably do *not* want to use this example.

29

12

*/

30

13

31

/* Needed by GPGME, specifically gpgme_data_seek() */

14

/***

15

This file is part of avahi.

16

17

avahi is free software; you can redistribute it and/or modify it

18

under the terms of the GNU Lesser General Public License as

19

published by the Free Software Foundation; either version 2.1 of the

20

License, or (at your option) any later version.

21

22

avahi is distributed in the hope that it will be useful, but WITHOUT

23

ANY WARRANTY; without even the implied warranty of MERCHANTABILITY

24

or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General

25

Public License for more details.

26

27

You should have received a copy of the GNU Lesser General Public

28

License along with avahi; if not, write to the Free Software

29

Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307

30

USA.

31

***/

32

33

#define _LARGEFILE_SOURCE

33

34

#define _FILE_OFFSET_BITS 64

34

35

46

47

#include <avahi-common/error.h>

47

48

49

//mandos client part

49

#include <sys/types.h> /* socket(), inet_pton() */

50

#include <sys/socket.h> /* socket(), struct sockaddr_in6,

51

struct in6_addr, inet_pton() */

52

#include <gnutls/gnutls.h> /* All GnuTLS stuff */

53

#include <gnutls/openpgp.h> /* GnuTLS with openpgp stuff */

50

#include <sys/types.h> /* socket(), setsockopt(), inet_pton() */

51

#include <sys/socket.h> /* socket(), setsockopt(), struct sockaddr_in6, struct in6_addr, inet_pton() */

52

#include <gnutls/gnutls.h> /* ALL GNUTLS STUFF */

53

#include <gnutls/openpgp.h> /* gnutls with openpgp stuff */

54

55

#include <unistd.h> /* close() */

56

#include <netinet/in.h>

63

#include <errno.h> /* perror() */

64

#include <gpgme.h>

65

66

// getopt long

67

#include <getopt.h>

68

66

67

#ifndef CERT_ROOT

68

#define CERT_ROOT "/conf/conf.d/cryptkeyreq/"

69

#endif

70

#define CERTFILE CERT_ROOT "openpgp-client.txt"

71

#define KEYFILE CERT_ROOT "openpgp-client-key.txt"

69

72

#define BUFFER_SIZE 256

70

73

#define DH_BITS 1024

71

74

72

static const char *certdir = "/conf/conf.d/mandos";

73

static const char *certfile = "openpgp-client.txt";

74

static const char *certkey = "openpgp-client-key.txt";

75

76

bool debug = false;

77

78

75

typedef struct {

79

76

gnutls_session_t session;

80

77

gnutls_certificate_credentials_t cred;

82

79

} encrypted_session;

83

80

84

81

85

static ssize_t pgp_packet_decrypt (char *packet, size_t packet_size,

86

char **new_packet,

87

const char *homedir){

82

ssize_t gpg_packet_decrypt (char *packet, size_t packet_size, char **new_packet, char *homedir){

88

83

gpgme_data_t dh_crypto, dh_plain;

89

84

gpgme_ctx_t ctx;

90

85

gpgme_error_t rc;

91

86

ssize_t ret;

92

ssize_t new_packet_capacity = 0;

93

ssize_t new_packet_length = 0;

87

size_t new_packet_capacity = 0;

88

size_t new_packet_length = 0;

94

89

gpgme_engine_info_t engine_info;

95

90

96

if (debug){

97

fprintf(stderr, "Trying to decrypt OpenPGP packet\n");

98

}

99

100

91

/* Init GPGME */

101

92

gpgme_check_version(NULL);

102

rc = gpgme_engine_check_version(GPGME_PROTOCOL_OpenPGP);

103

if (rc != GPG_ERR_NO_ERROR){

104

fprintf(stderr, "bad gpgme_engine_check_version: %s: %s\n",

105

gpgme_strsource(rc), gpgme_strerror(rc));

106

return -1;

107

}

93

gpgme_engine_check_version(GPGME_PROTOCOL_OpenPGP);

108

94

109

95

/* Set GPGME home directory */

110

96

rc = gpgme_get_engine_info (&engine_info);

150

136

return -1;

151

137

}

152

138

153

/* Decrypt data from the FILE pointer to the plaintext data

154

buffer */

139

/* Decrypt data from the FILE pointer to the plaintext data buffer */

155

140

rc = gpgme_op_decrypt(ctx, dh_crypto, dh_plain);

156

141

if (rc != GPG_ERR_NO_ERROR){

157

142

fprintf(stderr, "bad gpgme_op_decrypt: %s: %s\n",

158

143

gpgme_strsource(rc), gpgme_strerror(rc));

159

144

return -1;

160

145

}

161

162

if(debug){

163

fprintf(stderr, "Decryption of OpenPGP packet succeeded\n");

164

}

165

166

if (debug){

167

gpgme_decrypt_result_t result;

168

result = gpgme_op_decrypt_result(ctx);

169

if (result == NULL){

170

fprintf(stderr, "gpgme_op_decrypt_result failed\n");

171

} else {

172

fprintf(stderr, "Unsupported algorithm: %s\n",

173

result->unsupported_algorithm);

174

fprintf(stderr, "Wrong key usage: %d\n",

175

result->wrong_key_usage);

176

if(result->file_name != NULL){

177

fprintf(stderr, "File name: %s\n", result->file_name);

178

}

179

gpgme_recipient_t recipient;

180

recipient = result->recipients;

181

if(recipient){

182

while(recipient != NULL){

183

fprintf(stderr, "Public key algorithm: %s\n",

184

gpgme_pubkey_algo_name(recipient->pubkey_algo));

185

fprintf(stderr, "Key ID: %s\n", recipient->keyid);

186

fprintf(stderr, "Secret key available: %s\n",

187

recipient->status == GPG_ERR_NO_SECKEY

188

? "No" : "Yes");

189

recipient = recipient->next;

190

}

191

}

192

}

193

}

194

146

147

/* gpgme_decrypt_result_t result; */

148

/* result = gpgme_op_decrypt_result(ctx); */

149

/* fprintf(stderr, "Unsupported algorithm: %s\n", result->unsupported_algorithm); */

150

/* fprintf(stderr, "Wrong key usage: %d\n", result->wrong_key_usage); */

151

/* if(result->file_name != NULL){ */

152

/* fprintf(stderr, "File name: %s\n", result->file_name); */

153

/* } */

154

/* gpgme_recipient_t recipient; */

155

/* recipient = result->recipients; */

156

/* if(recipient){ */

157

/* while(recipient != NULL){ */

158

/* fprintf(stderr, "Public key algorithm: %s\n", */

159

/* gpgme_pubkey_algo_name(recipient->pubkey_algo)); */

160

/* fprintf(stderr, "Key ID: %s\n", recipient->keyid); */

161

/* fprintf(stderr, "Secret key available: %s\n", */

162

/* recipient->status == GPG_ERR_NO_SECKEY ? "No" : "Yes"); */

163

/* recipient = recipient->next; */

164

/* } */

165

/* } */

166

195

167

/* Delete the GPGME FILE pointer cryptotext data buffer */

196

168

gpgme_data_release(dh_crypto);

197

169

198

170

/* Seek back to the beginning of the GPGME plaintext data buffer */

199

if (gpgme_data_seek(dh_plain, (off_t) 0, SEEK_SET) == -1){

200

perror("pgpme_data_seek");

201

}

202

171

gpgme_data_seek(dh_plain, 0, SEEK_SET);

172

203

173

*new_packet = 0;

204

174

while(true){

205

175

if (new_packet_length + BUFFER_SIZE > new_packet_capacity){

206

*new_packet = realloc(*new_packet,

207

(unsigned int)new_packet_capacity

208

+ BUFFER_SIZE);

176

*new_packet = realloc(*new_packet, new_packet_capacity + BUFFER_SIZE);

209

177

if (*new_packet == NULL){

210

178

perror("realloc");

211

179

return -1;

213

181

new_packet_capacity += BUFFER_SIZE;

214

182

}

215

183

216

ret = gpgme_data_read(dh_plain, *new_packet + new_packet_length,

217

BUFFER_SIZE);

184

ret = gpgme_data_read(dh_plain, *new_packet + new_packet_length, BUFFER_SIZE);

218

185

/* Print the data, if any */

219

186

if (ret == 0){

187

/* If password is empty, then a incorrect error will be printed */

220

188

break;

221

189

}

222

190

if(ret < 0){

226

194

new_packet_length += ret;

227

195

}

228

196

229

/* FIXME: check characters before printing to screen so to not print

230

terminal control characters */

231

/* if(debug){ */

232

/* fprintf(stderr, "decrypted password is: "); */

233

/* fwrite(*new_packet, 1, new_packet_length, stderr); */

234

/* fprintf(stderr, "\n"); */

235

/* } */

236

237

/* Delete the GPGME plaintext data buffer */

197

/* Delete the GPGME plaintext data buffer */

238

198

gpgme_data_release(dh_plain);

239

199

return new_packet_length;

240

200

}

246

206

return ret;

247

207

}

248

208

249

static void debuggnutls(__attribute__((unused)) int level,

250

const char* string){

209

void debuggnutls(int level, const char* string){

251

210

fprintf(stderr, "%s", string);

252

211

}

253

212

254

static int initgnutls(encrypted_session *es){

213

int initgnutls(encrypted_session *es){

255

214

const char *err;

256

215

int ret;

257

216

258

if(debug){

259

fprintf(stderr, "Initializing GnuTLS\n");

260

}

261

262

217

if ((ret = gnutls_global_init ())

263

218

!= GNUTLS_E_SUCCESS) {

264

219

fprintf (stderr, "global_init: %s\n", safer_gnutls_strerror(ret));

265

220

return -1;

266

221

}

267

222

268

if (debug){

269

gnutls_global_set_log_level(11);

270

gnutls_global_set_log_function(debuggnutls);

271

}

272

223

/* Uncomment to enable full debuggin on the gnutls library */

224

/* gnutls_global_set_log_level(11); */

225

/* gnutls_global_set_log_function(debuggnutls); */

226

227

273

228

/* openpgp credentials */

274

229

if ((ret = gnutls_certificate_allocate_credentials (&es->cred))

275

230

!= GNUTLS_E_SUCCESS) {

276

fprintf (stderr, "memory error: %s\n",

277

safer_gnutls_strerror(ret));

231

fprintf (stderr, "memory error: %s\n", safer_gnutls_strerror(ret));

278

232

return -1;

279

233

}

280

281

if(debug){

282

fprintf(stderr, "Attempting to use OpenPGP certificate %s"

283

" and keyfile %s as GnuTLS credentials\n", certfile,

284

certkey);

285

}

286

234

287

235

ret = gnutls_certificate_set_openpgp_key_file

288

(es->cred, certfile, certkey, GNUTLS_OPENPGP_FMT_BASE64);

236

(es->cred, CERTFILE, KEYFILE, GNUTLS_OPENPGP_FMT_BASE64);

289

237

if (ret != GNUTLS_E_SUCCESS) {

290

238

fprintf

291

(stderr, "Error[%d] while reading the OpenPGP key pair ('%s',"

292

" '%s')\n",

293

ret, certfile, certkey);

239

(stderr, "Error[%d] while reading the OpenPGP key pair ('%s', '%s')\n",

240

ret, CERTFILE, KEYFILE);

294

241

fprintf(stdout, "The Error is: %s\n",

295

242

safer_gnutls_strerror(ret));

296

243

return -1;

297

244

}

298

299

//GnuTLS server initialization

245

246

//Gnutls server initialization

300

247

if ((ret = gnutls_dh_params_init (&es->dh_params))

301

248

!= GNUTLS_E_SUCCESS) {

302

249

fprintf (stderr, "Error in dh parameter initialization: %s\n",

303

250

safer_gnutls_strerror(ret));

304

251

return -1;

305

252

}

306

253

307

254

if ((ret = gnutls_dh_params_generate2 (es->dh_params, DH_BITS))

308

255

!= GNUTLS_E_SUCCESS) {

309

256

fprintf (stderr, "Error in prime generation: %s\n",

310

257

safer_gnutls_strerror(ret));

311

258

return -1;

312

259

}

313

260

314

261

gnutls_certificate_set_dh_params (es->cred, es->dh_params);

315

316

// GnuTLS session creation

262

263

// Gnutls session creation

317

264

if ((ret = gnutls_init (&es->session, GNUTLS_SERVER))

318

265

!= GNUTLS_E_SUCCESS){

319

fprintf(stderr, "Error in GnuTLS session initialization: %s\n",

266

fprintf(stderr, "Error in gnutls session initialization: %s\n",

320

267

safer_gnutls_strerror(ret));

321

268

}

322

269

323

270

if ((ret = gnutls_priority_set_direct (es->session, "NORMAL", &err))

324

271

!= GNUTLS_E_SUCCESS) {

325

272

fprintf(stderr, "Syntax error at: %s\n", err);

326

fprintf(stderr, "GnuTLS error: %s\n",

273

fprintf(stderr, "Gnutls error: %s\n",

327

274

safer_gnutls_strerror(ret));

328

275

return -1;

329

276

}

330

277

331

278

if ((ret = gnutls_credentials_set

332

279

(es->session, GNUTLS_CRD_CERTIFICATE, es->cred))

333

280

!= GNUTLS_E_SUCCESS) {

335

282

safer_gnutls_strerror(ret));

336

283

return -1;

337

284

}

338

285

339

286

/* ignore client certificate if any. */

340

gnutls_certificate_server_set_request (es->session,

341

GNUTLS_CERT_IGNORE);

287

gnutls_certificate_server_set_request (es->session, GNUTLS_CERT_IGNORE);

342

288

343

289

gnutls_dh_set_prime_bits (es->session, DH_BITS);

344

290

345

291

return 0;

346

292

}

347

293

348

static void empty_log(__attribute__((unused)) AvahiLogLevel level,

349

__attribute__((unused)) const char *txt){}

294

void empty_log(AvahiLogLevel level, const char *txt){}

350

295

351

static int start_mandos_communication(const char *ip, uint16_t port,

352

AvahiIfIndex if_index){

296

int start_mandos_communcation(char *ip, uint16_t port){

353

297

int ret, tcp_sd;

354

298

struct sockaddr_in6 to;

299

struct in6_addr ip_addr;

355

300

encrypted_session es;

356

301

char *buffer = NULL;

357

302

char *decrypted_buffer;

358

303

size_t buffer_length = 0;

359

304

size_t buffer_capacity = 0;

360

305

ssize_t decrypted_buffer_size;

361

size_t written = 0;

362

306

int retval = 0;

363

char interface[IF_NAMESIZE];

364

365

if(debug){

366

fprintf(stderr, "Setting up a tcp connection to %s, port %d\n",

367

ip, port);

368

}

307

369

308

370

309

tcp_sd = socket(PF_INET6, SOCK_STREAM, 0);

371

310

if(tcp_sd < 0) {

373

312

return -1;

374

313

}

375

314

376

if(if_indextoname((unsigned int)if_index, interface) == NULL){

377

if(debug){

378

perror("if_indextoname");

379

}

315

ret = setsockopt(tcp_sd, SOL_SOCKET, SO_BINDTODEVICE, "eth0", 5);

316

if(tcp_sd < 0) {

317

perror("setsockopt bindtodevice");

380

318

return -1;

381

319

}

382

320

383

if(debug){

384

fprintf(stderr, "Binding to interface %s\n", interface);

385

}

386

387

memset(&to,0,sizeof(to)); /* Spurious warning */

321

memset(&to,0,sizeof(to));

388

322

to.sin6_family = AF_INET6;

389

ret = inet_pton(AF_INET6, ip, &to.sin6_addr);

323

ret = inet_pton(AF_INET6, ip, &ip_addr);

390

324

if (ret < 0 ){

391

325

perror("inet_pton");

392

326

return -1;

395

329

fprintf(stderr, "Bad address: %s\n", ip);

396

330

return -1;

397

331

}

398

to.sin6_port = htons(port); /* Spurious warning */

399

400

to.sin6_scope_id = (uint32_t)if_index;

401

402

if(debug){

403

fprintf(stderr, "Connection to: %s, port %d\n", ip, port);

404

/* char addrstr[INET6_ADDRSTRLEN]; */

405

/* if(inet_ntop(to.sin6_family, &(to.sin6_addr), addrstr, */

406

/* sizeof(addrstr)) == NULL){ */

407

/* perror("inet_ntop"); */

408

/* } else { */

409

/* fprintf(stderr, "Really connecting to: %s, port %d\n", */

410

/* addrstr, ntohs(to.sin6_port)); */

411

/* } */

412

}

332

to.sin6_port = htons(port);

333

to.sin6_scope_id = if_nametoindex("eth0");

413

334

414

335

ret = connect(tcp_sd, (struct sockaddr *) &to, sizeof(to));

415

336

if (ret < 0){

422

343

retval = -1;

423

344

return -1;

424

345

}

425

426

gnutls_transport_set_ptr (es.session,

427

(gnutls_transport_ptr_t) tcp_sd);

428

429

if(debug){

430

fprintf(stderr, "Establishing TLS session with %s\n", ip);

431

}

432

346

347

348

gnutls_transport_set_ptr (es.session, (gnutls_transport_ptr_t) tcp_sd);

349

433

350

ret = gnutls_handshake (es.session);

434

351

435

352

if (ret != GNUTLS_E_SUCCESS){

436

if(debug){

437

fprintf(stderr, "\n*** Handshake failed ***\n");

438

gnutls_perror (ret);

439

}

353

fprintf(stderr, "\n*** Handshake failed ***\n");

354

gnutls_perror (ret);

440

355

retval = -1;

441

356

goto exit;

442

357

}

443

444

//Retrieve OpenPGP packet that contains the wanted password

445

446

if(debug){

447

fprintf(stderr, "Retrieving pgp encrypted password from %s\n",

448

ip);

449

}

450

358

359

//retrive password

451

360

while(true){

452

361

if (buffer_length + BUFFER_SIZE > buffer_capacity){

453

362

buffer = realloc(buffer, buffer_capacity + BUFFER_SIZE);

478

387

}

479

388

break;

480

389

default:

481

fprintf(stderr, "Unknown error while reading data from"

482

" encrypted session with mandos server\n");

390

fprintf(stderr, "Unknown error while reading data from encrypted session with mandos server\n");

483

391

retval = -1;

484

392

gnutls_bye (es.session, GNUTLS_SHUT_RDWR);

485

393

goto exit;

486

394

}

487

395

} else {

488

buffer_length += (size_t) ret;

396

buffer_length += ret;

489

397

}

490

398

}

491

399

492

400

if (buffer_length > 0){

493

decrypted_buffer_size = pgp_packet_decrypt(buffer,

494

buffer_length,

495

&decrypted_buffer,

496

certdir);

497

if (decrypted_buffer_size >= 0){

498

while(written < (size_t) decrypted_buffer_size){

499

ret = (int)fwrite (decrypted_buffer + written, 1,

500

(size_t)decrypted_buffer_size - written,

501

stdout);

502

if(ret == 0 and ferror(stdout)){

503

if(debug){

504

fprintf(stderr, "Error writing encrypted data: %s\n",

505

strerror(errno));

506

}

507

retval = -1;

508

break;

509

}

510

written += (size_t)ret;

511

}

401

if ((decrypted_buffer_size = gpg_packet_decrypt(buffer, buffer_length, &decrypted_buffer, CERT_ROOT)) == 0){

402

retval = -1;

403

} else {

404

fwrite (decrypted_buffer, 1, decrypted_buffer_size, stdout);

512

405

free(decrypted_buffer);

513

} else {

514

retval = -1;

515

406

}

516

407

}

517

408

409

free(buffer);

410

518

411

//shutdown procedure

519

520

if(debug){

521

fprintf(stderr, "Closing TLS session\n");

522

}

523

524

free(buffer);

525

412

gnutls_bye (es.session, GNUTLS_SHUT_RDWR);

526

413

exit:

527

414

close(tcp_sd);

536

423

537

424

static void resolve_callback(

538

425

AvahiSServiceResolver *r,

539

AvahiIfIndex interface,

426

AVAHI_GCC_UNUSED AvahiIfIndex interface,

540

427

AVAHI_GCC_UNUSED AvahiProtocol protocol,

541

428

AvahiResolverEvent event,

542

429

const char *name,

545

432

const char *host_name,

546

433

const AvahiAddress *address,

547

434

uint16_t port,

548

AVAHI_GCC_UNUSED AvahiStringList *txt,

549

AVAHI_GCC_UNUSED AvahiLookupResultFlags flags,

435

AvahiStringList *txt,

436

AvahiLookupResultFlags flags,

550

437

AVAHI_GCC_UNUSED void* userdata) {

551

438

552

assert(r); /* Spurious warning */

553

554

/* Called whenever a service has been resolved successfully or

555

timed out */

556

557

switch (event) {

558

default:

559

case AVAHI_RESOLVER_FAILURE:

560

fprintf(stderr, "(Resolver) Failed to resolve service '%s' of"

561

" type '%s' in domain '%s': %s\n", name, type, domain,

562

avahi_strerror(avahi_server_errno(server)));

563

break;

564

565

case AVAHI_RESOLVER_FOUND:

566

{

567

char ip[AVAHI_ADDRESS_STR_MAX];

568

avahi_address_snprint(ip, sizeof(ip), address);

569

if(debug){

570

fprintf(stderr, "Mandos server \"%s\" found on %s (%s) on"

571

" port %d\n", name, host_name, ip, port);

572

}

573

int ret = start_mandos_communication(ip, port, interface);

574

if (ret == 0){

575

exit(EXIT_SUCCESS);

576

}

439

assert(r);

440

441

/* Called whenever a service has been resolved successfully or timed out */

442

443

switch (event) {

444

case AVAHI_RESOLVER_FAILURE:

445

fprintf(stderr, "(Resolver) Failed to resolve service '%s' of type '%s' in domain '%s': %s\n", name, type, domain, avahi_strerror(avahi_server_errno(server)));

446

break;

447

448

case AVAHI_RESOLVER_FOUND: {

449

char ip[AVAHI_ADDRESS_STR_MAX];

450

avahi_address_snprint(ip, sizeof(ip), address);

451

int ret = start_mandos_communcation(ip, port);

452

if (ret == 0){

453

exit(EXIT_SUCCESS);

454

} else {

455

exit(EXIT_FAILURE);

456

}

457

}

577

458

}

578

}

579

avahi_s_service_resolver_free(r);

459

avahi_s_service_resolver_free(r);

580

460

}

581

461

582

462

static void browse_callback(

591

471

void* userdata) {

592

472

593

473

AvahiServer *s = userdata;

594

assert(b); /* Spurious warning */

595

596

/* Called whenever a new services becomes available on the LAN or

597

is removed from the LAN */

598

474

assert(b);

475

476

/* Called whenever a new services becomes available on the LAN or is removed from the LAN */

477

599

478

switch (event) {

600

default:

601

case AVAHI_BROWSER_FAILURE:

602

603

fprintf(stderr, "(Browser) %s\n",

604

avahi_strerror(avahi_server_errno(server)));

605

avahi_simple_poll_quit(simple_poll);

606

return;

607

608

case AVAHI_BROWSER_NEW:

609

/* We ignore the returned resolver object. In the callback

610

function we free it. If the server is terminated before

611

the callback function is called the server will free

612

the resolver for us. */

613

614

if (!(avahi_s_service_resolver_new(s, interface, protocol, name,

615

type, domain,

616

AVAHI_PROTO_INET6, 0,

617

resolve_callback, s)))

618

fprintf(stderr, "Failed to resolve service '%s': %s\n", name,

619

avahi_strerror(avahi_server_errno(s)));

620

break;

621

622

case AVAHI_BROWSER_REMOVE:

623

break;

624

625

case AVAHI_BROWSER_ALL_FOR_NOW:

626

case AVAHI_BROWSER_CACHE_EXHAUSTED:

627

break;

479

480

case AVAHI_BROWSER_FAILURE:

481

482

fprintf(stderr, "(Browser) %s\n", avahi_strerror(avahi_server_errno(server)));

483

avahi_simple_poll_quit(simple_poll);

484

return;

485

486

case AVAHI_BROWSER_NEW:

487

/* We ignore the returned resolver object. In the callback

488

function we free it. If the server is terminated before

489

the callback function is called the server will free

490

the resolver for us. */

491

492

if (!(avahi_s_service_resolver_new(s, interface, protocol, name, type, domain, AVAHI_PROTO_INET6, 0, resolve_callback, s)))

493

fprintf(stderr, "Failed to resolve service '%s': %s\n", name, avahi_strerror(avahi_server_errno(s)));

494

495

break;

496

497

case AVAHI_BROWSER_REMOVE:

498

break;

499

500

case AVAHI_BROWSER_ALL_FOR_NOW:

501

case AVAHI_BROWSER_CACHE_EXHAUSTED:

502

break;

628

503

}

629

504

}

630

505

631

/* Combines file name and path and returns the malloced new

632

string. some sane checks could/should be added */

633

static const char *combinepath(const char *first, const char *second){

634

size_t f_len = strlen(first);

635

size_t s_len = strlen(second);

636

char *tmp = malloc(f_len + s_len + 2);

637

if (tmp == NULL){

638

return NULL;

639

}

640

if(f_len > 0){

641

memcpy(tmp, first, f_len);

642

}

643

tmp[f_len] = '/';

644

if(s_len > 0){

645

memcpy(tmp + f_len + 1, second, s_len);

646

}

647

tmp[f_len + 1 + s_len] = '\0';

648

return tmp;

649

}

650

651

652

506

int main(AVAHI_GCC_UNUSED int argc, AVAHI_GCC_UNUSED char*argv[]) {

653

507

AvahiServerConfig config;

654

508

AvahiSServiceBrowser *sb = NULL;

655

509

int error;

656

int ret;

657

int returncode = EXIT_SUCCESS;

658

const char *interface = NULL;

659

AvahiIfIndex if_index = AVAHI_IF_UNSPEC;

660

char *connect_to = NULL;

661

662

while (true){

663

static struct option long_options[] = {

664

{"debug", no_argument, (int *)&debug, 1},

665

{"connect", required_argument, 0, 'C'},

666

{"interface", required_argument, 0, 'i'},

667

{"certdir", required_argument, 0, 'd'},

668

{"certkey", required_argument, 0, 'c'},

669

{"certfile", required_argument, 0, 'k'},

670

{0, 0, 0, 0} };

671

672

int option_index = 0;

673

ret = getopt_long (argc, argv, "i:", long_options,

674

&option_index);

675

676

if (ret == -1){

677

break;

678

}

679

680

switch(ret){

681

case 0:

682

break;

683

case 'i':

684

interface = optarg;

685

break;

686

case 'C':

687

connect_to = optarg;

688

break;

689

case 'd':

690

certdir = optarg;

691

break;

692

case 'c':

693

certfile = optarg;

694

break;

695

case 'k':

696

certkey = optarg;

697

break;

698

default:

699

exit(EXIT_FAILURE);

700

}

701

}

702

703

certfile = combinepath(certdir, certfile);

704

if (certfile == NULL){

705

perror("combinepath");

706

goto exit;

707

}

708

709

if(interface != NULL){

710

if_index = (AvahiIfIndex) if_nametoindex(interface);

711

if(if_index == 0){

712

fprintf(stderr, "No such interface: \"%s\"\n", interface);

713

exit(EXIT_FAILURE);

714

}

715

}

716

717

if(connect_to != NULL){

718

/* Connect directly, do not use Zeroconf */

719

/* (Mainly meant for debugging) */

720

char *address = strrchr(connect_to, ':');

721

if(address == NULL){

722

fprintf(stderr, "No colon in address\n");

723

exit(EXIT_FAILURE);

724

}

725

errno = 0;

726

uint16_t port = (uint16_t) strtol(address+1, NULL, 10);

727

if(errno){

728

perror("Bad port number");

729

exit(EXIT_FAILURE);

730

}

731

*address = '\0';

732

address = connect_to;

733

ret = start_mandos_communication(address, port, if_index);

734

if(ret < 0){

735

exit(EXIT_FAILURE);

736

} else {

737

exit(EXIT_SUCCESS);

738

}

739

}

740

741

certkey = combinepath(certdir, certkey);

742

if (certkey == NULL){

743

perror("combinepath");

744

goto exit;

745

}

746

747

if (not debug){

748

avahi_set_log_function(empty_log);

749

}

510

int ret = 1;

511

512

avahi_set_log_function(empty_log);

750

513

751

514

/* Initialize the psuedo-RNG */

752

srand((unsigned int) time(NULL));

515

srand(time(NULL));

753

516

754

517

/* Allocate main loop object */

755

518

if (!(simple_poll = avahi_simple_poll_new())) {

756

519

fprintf(stderr, "Failed to create simple poll object.\n");

757

758

goto exit;

520

goto fail;

759

521

}

760

522

761

523

/* Do not publish any local records */

765

527

config.publish_workstation = 0;

766

528

config.publish_domain = 0;

767

529

530

/* /\* Set a unicast DNS server for wide area DNS-SD *\/ */

531

/* avahi_address_parse("193.11.177.11", AVAHI_PROTO_UNSPEC, &config.wide_area_servers[0]); */

532

/* config.n_wide_area_servers = 1; */

533

/* config.enable_wide_area = 1; */

534

768

535

/* Allocate a new server */

769

server = avahi_server_new(avahi_simple_poll_get(simple_poll),

770

&config, NULL, NULL, &error);

536

server = avahi_server_new(avahi_simple_poll_get(simple_poll), &config, NULL, NULL, &error);

771

537

772

538

/* Free the configuration data */

773

539

avahi_server_config_free(&config);

774

540

775

/* Check if creating the server object succeeded */

541

/* Check wether creating the server object succeeded */

776

542

if (!server) {

777

fprintf(stderr, "Failed to create server: %s\n",

778

avahi_strerror(error));

779

returncode = EXIT_FAILURE;

780

goto exit;

543

fprintf(stderr, "Failed to create server: %s\n", avahi_strerror(error));

544

goto fail;

781

545

}

782

546

783

547

/* Create the service browser */

784

sb = avahi_s_service_browser_new(server, if_index,

785

AVAHI_PROTO_INET6,

786

"_mandos._tcp", NULL, 0,

787

browse_callback, server);

788

if (!sb) {

789

fprintf(stderr, "Failed to create service browser: %s\n",

790

avahi_strerror(avahi_server_errno(server)));

791

returncode = EXIT_FAILURE;

792

goto exit;

548

if (!(sb = avahi_s_service_browser_new(server, if_nametoindex("eth0"), AVAHI_PROTO_INET6, "_mandos._tcp", NULL, 0, browse_callback, server))) {

549

fprintf(stderr, "Failed to create service browser: %s\n", avahi_strerror(avahi_server_errno(server)));

550

goto fail;

793

551

}

794

552

795

553

/* Run the main loop */

796

797

if (debug){

798

fprintf(stderr, "Starting avahi loop search\n");

799

}

800

801

554

avahi_simple_poll_loop(simple_poll);

802

555

803

exit:

804

805

if (debug){

806

fprintf(stderr, "%s exiting\n", argv[0]);

807

}

556

ret = 0;

557

558

fail:

808

559

809

560

/* Cleanup things */

810

561

if (sb)

815

566

816

567

if (simple_poll)

817

568

avahi_simple_poll_free(simple_poll);

818

free(certfile);

819

free(certkey);

820

821

return returncode;

569

570

return ret;

822

571

}