/mandos/trunk : revision 14

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to plugins.d/mandosclient.c

Committer: Björn Påhlsson
Date: 2008-07-20 03:51:41 UTC
Revision ID: belorn@braxen-20080720035141-ta0y0be7fotdm4ks

Fixed a overbufferflow bug, thanks to a forgotten \0

files added:
ca.pem

cert.pem

client-cert.pem

client-key.pem

crl.pem

key.pem

plugins.d/Makefile

files removed:
.bzrignore

COPYING

initramfs-tools-hook

initramfs-tools-hook-conf

initramfs-tools-script

mandos-clients.conf.xml

mandos-keygen

mandos-keygen.xml

mandos-options.xml

mandos.conf

mandos.conf.xml

mandos.xml

overview.xml

plugin-runner.xml

plugins.d/password-prompt.xml

plugins.d/password-request.xml

plugins.d/usplash

files renamed:
clients.conf => mandos-clients.conf

plugin-runner.c => plugbasedclient.c

plugins.d/password-request.c => plugins.d/mandosclient.c

plugins.d/password-prompt.c => plugins.d/passprompt.c

mandos => server.py

files modified:
Makefile

TODO

Show diffs side-by-side

added added

removed removed

plugins.d/mandosclient.c

/* -*- coding: utf-8 -*- */

* Mandos client - get and decrypt data from a Mandos server

/* $Id$ */

/* PLEASE NOTE *

* This file demonstrates how to use Avahi's core API, this is

* the embeddable mDNS stack for embedded applications.

* This program is partly derived from an example program for an Avahi

* service browser, downloaded from

* <http://avahi.org/browser/examples/core-browse-services.c>. This

* includes the following functions: "resolve_callback",

* "browse_callback", and parts of "main".

* Everything else is

* This program is free software: you can redistribute it and/or

* modify it under the terms of the GNU General Public License as

* published by the Free Software Foundation, either version 3 of the

* License, or (at your option) any later version.

* This program is distributed in the hope that it will be useful, but

* WITHOUT ANY WARRANTY; without even the implied warranty of

* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU

* General Public License for more details.

* You should have received a copy of the GNU General Public License

* along with this program. If not, see

* <http://www.gnu.org/licenses/>.

* Contact the authors at <mandos@fukt.bsnet.se>.

* End user applications should *not* use this API and should use

* the D-Bus or C APIs, please see

* client-browse-services.c and glib-integration.c

* I repeat, you probably do *not* want to use this example.

/* Needed by GPGME, specifically gpgme_data_seek() */

/***

This file is part of avahi.

avahi is free software; you can redistribute it and/or modify it

under the terms of the GNU Lesser General Public License as

published by the Free Software Foundation; either version 2.1 of the

License, or (at your option) any later version.

avahi is distributed in the hope that it will be useful, but WITHOUT

ANY WARRANTY; without even the implied warranty of MERCHANTABILITY

or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General

Public License for more details.

You should have received a copy of the GNU Lesser General Public

License along with avahi; if not, write to the Free Software

Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307

USA.

***/

#define _LARGEFILE_SOURCE

#define _FILE_OFFSET_BITS 64

#define _GNU_SOURCE /* TEMP_FAILURE_RETRY(), asprintf() */

#include <stdio.h> /* fprintf(), stderr, fwrite(),

stdout, ferror() */

#include <stdint.h> /* uint16_t, uint32_t */

#include <stddef.h> /* NULL, size_t, ssize_t */

#include <stdlib.h> /* free(), EXIT_SUCCESS, EXIT_FAILURE,

srand() */

#include <stdbool.h> /* bool, true */

#include <string.h> /* memset(), strcmp(), strlen(),

strerror(), asprintf(), strcpy() */

#include <sys/ioctl.h> /* ioctl */

#include <sys/types.h> /* socket(), inet_pton(), sockaddr,

sockaddr_in6, PF_INET6,

SOCK_STREAM, INET6_ADDRSTRLEN,

uid_t, gid_t */

#include <inttypes.h> /* PRIu16 */

#include <sys/socket.h> /* socket(), struct sockaddr_in6,

struct in6_addr, inet_pton(),

connect() */

#include <assert.h> /* assert() */

#include <errno.h> /* perror(), errno */

#include <time.h> /* time() */

#include <net/if.h> /* ioctl, ifreq, SIOCGIFFLAGS, IFF_UP,

SIOCSIFFLAGS, if_indextoname(),

if_nametoindex(), IF_NAMESIZE */

#include <unistd.h> /* close(), SEEK_SET, off_t, write(),

getuid(), getgid(), setuid(),

setgid() */

#include <netinet/in.h>

#include <arpa/inet.h> /* inet_pton(), htons */

#include <iso646.h> /* not, and */

#include <argp.h> /* struct argp_option, error_t, struct

argp_state, struct argp,

argp_parse(), ARGP_KEY_ARG,

ARGP_KEY_END, ARGP_ERR_UNKNOWN */

/* Avahi */

/* All Avahi types, constants and functions

Avahi*, avahi_*,

AVAHI_* */

#include <stdio.h>

#include <assert.h>

#include <stdlib.h>

#include <time.h>

#include <net/if.h> /* if_nametoindex */

#include <avahi-core/core.h>

#include <avahi-core/lookup.h>

#include <avahi-core/log.h>

#include <avahi-common/malloc.h>

#include <avahi-common/error.h>

/* GnuTLS */

#include <gnutls/gnutls.h> /* All GnuTLS types, constants and

functions:

gnutls_*

init_gnutls_session(),

GNUTLS_* */

#include <gnutls/openpgp.h> /* gnutls_certificate_set_openpgp_key_file(),

GNUTLS_OPENPGP_FMT_BASE64 */

/* GPGME */

#include <gpgme.h> /* All GPGME types, constants and

functions:

gpgme_*

GPGME_PROTOCOL_OpenPGP,

GPG_ERR_NO_* */

//mandos client part

#include <sys/types.h> /* socket(), setsockopt(), inet_pton() */

#include <sys/socket.h> /* socket(), setsockopt(), struct sockaddr_in6, struct in6_addr, inet_pton() */

#include <gnutls/gnutls.h> /* ALL GNUTLS STUFF */

#include <gnutls/openpgp.h> /* gnutls with openpgp stuff */

#include <unistd.h> /* close() */

#include <netinet/in.h>

#include <stdbool.h> /* true */

#include <string.h> /* memset */

#include <arpa/inet.h> /* inet_pton() */

#include <iso646.h> /* not */

// gpgme

#include <errno.h> /* perror() */

#include <gpgme.h>

#ifndef CERT_ROOT

#define CERT_ROOT "/conf/conf.d/cryptkeyreq/"

#endif

#define CERTFILE CERT_ROOT "openpgp-client.txt"

#define KEYFILE CERT_ROOT "openpgp-client-key.txt"

#define BUFFER_SIZE 256

100

101

bool debug = false;

102

static const char *keydir = "/conf/conf.d/mandos";

103

static const char mandos_protocol_version[] = "1";

104

const char *argp_program_version = "password-request 1.0";

105

const char *argp_program_bug_address = "<mandos@fukt.bsnet.se>";

106

107

/* Used for passing in values through the Avahi callback functions */

#define DH_BITS 1024

108

typedef struct {

109

AvahiSimplePoll *simple_poll;

110

AvahiServer *server;

gnutls_session_t session;

111

gnutls_certificate_credentials_t cred;

112

unsigned int dh_bits;

113

gnutls_dh_params_t dh_params;

114

const char *priority;

115

} mandos_context;

116

117

118

* Make room in "buffer" for at least BUFFER_SIZE additional bytes.

119

* "buffer_capacity" is how much is currently allocated,

120

* "buffer_length" is how much is already used.

121

122

size_t adjustbuffer(char **buffer, size_t buffer_length,

123

size_t buffer_capacity){

124

if (buffer_length + BUFFER_SIZE > buffer_capacity){

125

*buffer = realloc(*buffer, buffer_capacity + BUFFER_SIZE);

126

if (buffer == NULL){

127

return 0;

128

}

129

buffer_capacity += BUFFER_SIZE;

130

}

131

return buffer_capacity;

132

}

133

134

135

* Decrypt OpenPGP data using keyrings in HOMEDIR.

136

* Returns -1 on error

137

138

static ssize_t pgp_packet_decrypt (const char *cryptotext,

139

size_t crypto_size,

140

char **plaintext,

141

const char *homedir){

} encrypted_session;

ssize_t gpg_packet_decrypt (char *packet, size_t packet_size, char **new_packet, char *homedir){

142

gpgme_data_t dh_crypto, dh_plain;

143

gpgme_ctx_t ctx;

144

gpgme_error_t rc;

145

ssize_t ret;

146

size_t plaintext_capacity = 0;

147

ssize_t plaintext_length = 0;

size_t new_packet_capacity = 0;

size_t new_packet_length = 0;

148

gpgme_engine_info_t engine_info;

149

150

if (debug){

151

fprintf(stderr, "Trying to decrypt OpenPGP data\n");

152

}

153

154

/* Init GPGME */

155

gpgme_check_version(NULL);

156

rc = gpgme_engine_check_version(GPGME_PROTOCOL_OpenPGP);

157

if (rc != GPG_ERR_NO_ERROR){

158

fprintf(stderr, "bad gpgme_engine_check_version: %s: %s\n",

159

gpgme_strsource(rc), gpgme_strerror(rc));

160

return -1;

161

}

gpgme_engine_check_version(GPGME_PROTOCOL_OpenPGP);

162

163

/* Set GPGME home directory for the OpenPGP engine only */

/* Set GPGME home directory */

164

rc = gpgme_get_engine_info (&engine_info);

165

if (rc != GPG_ERR_NO_ERROR){

166

fprintf(stderr, "bad gpgme_get_engine_info: %s: %s\n",

176

108

engine_info = engine_info->next;

177

109

}

178

110

if(engine_info == NULL){

179

fprintf(stderr, "Could not set GPGME home dir to %s\n", homedir);

111

fprintf(stderr, "Could not set home dir to %s\n", homedir);

180

112

return -1;

181

113

}

182

114

183

/* Create new GPGME data buffer from memory cryptotext */

184

rc = gpgme_data_new_from_mem(&dh_crypto, cryptotext, crypto_size,

185

0);

115

/* Create new GPGME data buffer from packet buffer */

116

rc = gpgme_data_new_from_mem(&dh_crypto, packet, packet_size, 0);

186

117

if (rc != GPG_ERR_NO_ERROR){

187

118

fprintf(stderr, "bad gpgme_data_new_from_mem: %s: %s\n",

188

119

gpgme_strsource(rc), gpgme_strerror(rc));

194

125

if (rc != GPG_ERR_NO_ERROR){

195

126

fprintf(stderr, "bad gpgme_data_new: %s: %s\n",

196

127

gpgme_strsource(rc), gpgme_strerror(rc));

197

gpgme_data_release(dh_crypto);

198

128

return -1;

199

129

}

200

130

203

133

if (rc != GPG_ERR_NO_ERROR){

204

134

fprintf(stderr, "bad gpgme_new: %s: %s\n",

205

135

gpgme_strsource(rc), gpgme_strerror(rc));

206

plaintext_length = -1;

207

goto decrypt_end;

136

return -1;

208

137

}

209

138

210

/* Decrypt data from the cryptotext data buffer to the plaintext

211

data buffer */

139

/* Decrypt data from the FILE pointer to the plaintext data buffer */

212

140

rc = gpgme_op_decrypt(ctx, dh_crypto, dh_plain);

213

141

if (rc != GPG_ERR_NO_ERROR){

214

142

fprintf(stderr, "bad gpgme_op_decrypt: %s: %s\n",

215

143

gpgme_strsource(rc), gpgme_strerror(rc));

216

plaintext_length = -1;

217

if (debug){

218

gpgme_decrypt_result_t result;

219

result = gpgme_op_decrypt_result(ctx);

220

if (result == NULL){

221

fprintf(stderr, "gpgme_op_decrypt_result failed\n");

222

} else {

223

fprintf(stderr, "Unsupported algorithm: %s\n",

224

result->unsupported_algorithm);

225

fprintf(stderr, "Wrong key usage: %u\n",

226

result->wrong_key_usage);

227

if(result->file_name != NULL){

228

fprintf(stderr, "File name: %s\n", result->file_name);

229

}

230

gpgme_recipient_t recipient;

231

recipient = result->recipients;

232

if(recipient){

233

while(recipient != NULL){

234

fprintf(stderr, "Public key algorithm: %s\n",

235

gpgme_pubkey_algo_name(recipient->pubkey_algo));

236

fprintf(stderr, "Key ID: %s\n", recipient->keyid);

237

fprintf(stderr, "Secret key available: %s\n",

238

recipient->status == GPG_ERR_NO_SECKEY

239

? "No" : "Yes");

240

recipient = recipient->next;

241

}

242

}

243

}

244

}

245

goto decrypt_end;

144

return -1;

246

145

}

247

146

248

if(debug){

249

fprintf(stderr, "Decryption of OpenPGP data succeeded\n");

250

}

147

/* gpgme_decrypt_result_t result; */

148

/* result = gpgme_op_decrypt_result(ctx); */

149

/* fprintf(stderr, "Unsupported algorithm: %s\n", result->unsupported_algorithm); */

150

/* fprintf(stderr, "Wrong key usage: %d\n", result->wrong_key_usage); */

151

/* if(result->file_name != NULL){ */

152

/* fprintf(stderr, "File name: %s\n", result->file_name); */

153

/* } */

154

/* gpgme_recipient_t recipient; */

155

/* recipient = result->recipients; */

156

/* if(recipient){ */

157

/* while(recipient != NULL){ */

158

/* fprintf(stderr, "Public key algorithm: %s\n", */

159

/* gpgme_pubkey_algo_name(recipient->pubkey_algo)); */

160

/* fprintf(stderr, "Key ID: %s\n", recipient->keyid); */

161

/* fprintf(stderr, "Secret key available: %s\n", */

162

/* recipient->status == GPG_ERR_NO_SECKEY ? "No" : "Yes"); */

163

/* recipient = recipient->next; */

164

/* } */

165

/* } */

166

167

/* Delete the GPGME FILE pointer cryptotext data buffer */

168

gpgme_data_release(dh_crypto);

251

169

252

170

/* Seek back to the beginning of the GPGME plaintext data buffer */

253

if (gpgme_data_seek(dh_plain, (off_t) 0, SEEK_SET) == -1){

254

perror("pgpme_data_seek");

255

plaintext_length = -1;

256

goto decrypt_end;

257

}

258

259

*plaintext = NULL;

171

gpgme_data_seek(dh_plain, 0, SEEK_SET);

172

173

*new_packet = 0;

260

174

while(true){

261

plaintext_capacity = adjustbuffer(plaintext,

262

(size_t)plaintext_length,

263

plaintext_capacity);

264

if (plaintext_capacity == 0){

265

perror("adjustbuffer");

266

plaintext_length = -1;

267

goto decrypt_end;

175

if (new_packet_length + BUFFER_SIZE > new_packet_capacity){

176

*new_packet = realloc(*new_packet, new_packet_capacity + BUFFER_SIZE);

177

if (*new_packet == NULL){

178

perror("realloc");

179

return -1;

180

}

181

new_packet_capacity += BUFFER_SIZE;

268

182

}

269

183

270

ret = gpgme_data_read(dh_plain, *plaintext + plaintext_length,

271

BUFFER_SIZE);

184

ret = gpgme_data_read(dh_plain, *new_packet + new_packet_length, BUFFER_SIZE);

272

185

/* Print the data, if any */

273

186

if (ret == 0){

274

/* EOF */

187

/* If password is empty, then a incorrect error will be printed */

275

188

break;

276

189

}

277

190

if(ret < 0){

278

191

perror("gpgme_data_read");

279

plaintext_length = -1;

280

goto decrypt_end;

192

return -1;

281

193

}

282

plaintext_length += ret;

194

new_packet_length += ret;

283

195

}

284

196

285

if(debug){

286

fprintf(stderr, "Decrypted password is: ");

287

for(ssize_t i = 0; i < plaintext_length; i++){

288

fprintf(stderr, "%02hhX ", (*plaintext)[i]);

289

}

290

fprintf(stderr, "\n");

291

}

292

293

decrypt_end:

294

295

/* Delete the GPGME cryptotext data buffer */

296

gpgme_data_release(dh_crypto);

297

298

/* Delete the GPGME plaintext data buffer */

197

/* Delete the GPGME plaintext data buffer */

299

198

gpgme_data_release(dh_plain);

300

return plaintext_length;

199

return new_packet_length;

301

200

}

302

201

303

202

static const char * safer_gnutls_strerror (int value) {

304

const char *ret = gnutls_strerror (value); /* Spurious warning */

203

const char *ret = gnutls_strerror (value);

305

204

if (ret == NULL)

306

205

ret = "(unknown)";

307

206

return ret;

308

207

}

309

208

310

/* GnuTLS log function callback */

311

static void debuggnutls(__attribute__((unused)) int level,

312

const char* string){

313

fprintf(stderr, "GnuTLS: %s", string);

209

void debuggnutls(int level, const char* string){

210

fprintf(stderr, "%s", string);

314

211

}

315

212

316

static int init_gnutls_global(mandos_context *mc,

317

const char *pubkeyfilename,

318

const char *seckeyfilename){

213

int initgnutls(encrypted_session *es){

214

const char *err;

319

215

int ret;

320

216

321

if(debug){

322

fprintf(stderr, "Initializing GnuTLS\n");

323

}

324

325

ret = gnutls_global_init();

326

if (ret != GNUTLS_E_SUCCESS) {

327

fprintf (stderr, "GnuTLS global_init: %s\n",

328

safer_gnutls_strerror(ret));

329

return -1;

330

}

331

332

if (debug){

333

/* "Use a log level over 10 to enable all debugging options."

334

* - GnuTLS manual

335

336

gnutls_global_set_log_level(11);

337

gnutls_global_set_log_function(debuggnutls);

338

}

339

340

/* OpenPGP credentials */

341

gnutls_certificate_allocate_credentials(&mc->cred);

342

if (ret != GNUTLS_E_SUCCESS){

343

fprintf (stderr, "GnuTLS memory error: %s\n", /* Spurious

344

warning */

345

safer_gnutls_strerror(ret));

346

gnutls_global_deinit ();

347

return -1;

348

}

349

350

if(debug){

351

fprintf(stderr, "Attempting to use OpenPGP certificate %s"

352

" and keyfile %s as GnuTLS credentials\n", pubkeyfilename,

353

seckeyfilename);

354

}

355

217

if ((ret = gnutls_global_init ())

218

!= GNUTLS_E_SUCCESS) {

219

fprintf (stderr, "global_init: %s\n", safer_gnutls_strerror(ret));

220

return -1;

221

}

222

223

/* Uncomment to enable full debuggin on the gnutls library */

224

/* gnutls_global_set_log_level(11); */

225

/* gnutls_global_set_log_function(debuggnutls); */

226

227

228

/* openpgp credentials */

229

if ((ret = gnutls_certificate_allocate_credentials (&es->cred))

230

!= GNUTLS_E_SUCCESS) {

231

fprintf (stderr, "memory error: %s\n", safer_gnutls_strerror(ret));

232

return -1;

233

}

234

356

235

ret = gnutls_certificate_set_openpgp_key_file

357

(mc->cred, pubkeyfilename, seckeyfilename,

358

GNUTLS_OPENPGP_FMT_BASE64);

359

if (ret != GNUTLS_E_SUCCESS) {

360

fprintf(stderr,

361

"Error[%d] while reading the OpenPGP key pair ('%s',"

362

" '%s')\n", ret, pubkeyfilename, seckeyfilename);

363

fprintf(stdout, "The GnuTLS error is: %s\n",

364

safer_gnutls_strerror(ret));

365

goto globalfail;

366

}

367

368

/* GnuTLS server initialization */

369

ret = gnutls_dh_params_init(&mc->dh_params);

370

if (ret != GNUTLS_E_SUCCESS) {

371

fprintf (stderr, "Error in GnuTLS DH parameter initialization:"

372

" %s\n", safer_gnutls_strerror(ret));

373

goto globalfail;

374

}

375

ret = gnutls_dh_params_generate2(mc->dh_params, mc->dh_bits);

376

if (ret != GNUTLS_E_SUCCESS) {

377

fprintf (stderr, "Error in GnuTLS prime generation: %s\n",

378

safer_gnutls_strerror(ret));

379

goto globalfail;

380

}

381

382

gnutls_certificate_set_dh_params(mc->cred, mc->dh_params);

383

384

return 0;

385

386

globalfail:

387

388

gnutls_certificate_free_credentials(mc->cred);

389

gnutls_global_deinit();

390

return -1;

391

392

}

393

394

static int init_gnutls_session(mandos_context *mc,

395

gnutls_session_t *session){

396

int ret;

397

/* GnuTLS session creation */

398

ret = gnutls_init(session, GNUTLS_SERVER);

399

if (ret != GNUTLS_E_SUCCESS){

400

fprintf(stderr, "Error in GnuTLS session initialization: %s\n",

401

safer_gnutls_strerror(ret));

402

}

403

404

{

405

const char *err;

406

ret = gnutls_priority_set_direct(*session, mc->priority, &err);

407

if (ret != GNUTLS_E_SUCCESS) {

408

fprintf(stderr, "Syntax error at: %s\n", err);

409

fprintf(stderr, "GnuTLS error: %s\n",

410

safer_gnutls_strerror(ret));

411

gnutls_deinit (*session);

412

return -1;

413

}

414

}

415

416

ret = gnutls_credentials_set(*session, GNUTLS_CRD_CERTIFICATE,

417

mc->cred);

418

if (ret != GNUTLS_E_SUCCESS) {

419

fprintf(stderr, "Error setting GnuTLS credentials: %s\n",

420

safer_gnutls_strerror(ret));

421

gnutls_deinit (*session);

422

return -1;

423

}

424

236

(es->cred, CERTFILE, KEYFILE, GNUTLS_OPENPGP_FMT_BASE64);

237

if (ret != GNUTLS_E_SUCCESS) {

238

fprintf

239

(stderr, "Error[%d] while reading the OpenPGP key pair ('%s', '%s')\n",

240

ret, CERTFILE, KEYFILE);

241

fprintf(stdout, "The Error is: %s\n",

242

safer_gnutls_strerror(ret));

243

return -1;

244

}

245

246

//Gnutls server initialization

247

if ((ret = gnutls_dh_params_init (&es->dh_params))

248

!= GNUTLS_E_SUCCESS) {

249

fprintf (stderr, "Error in dh parameter initialization: %s\n",

250

safer_gnutls_strerror(ret));

251

return -1;

252

}

253

254

if ((ret = gnutls_dh_params_generate2 (es->dh_params, DH_BITS))

255

!= GNUTLS_E_SUCCESS) {

256

fprintf (stderr, "Error in prime generation: %s\n",

257

safer_gnutls_strerror(ret));

258

return -1;

259

}

260

261

gnutls_certificate_set_dh_params (es->cred, es->dh_params);

262

263

// Gnutls session creation

264

if ((ret = gnutls_init (&es->session, GNUTLS_SERVER))

265

!= GNUTLS_E_SUCCESS){

266

fprintf(stderr, "Error in gnutls session initialization: %s\n",

267

safer_gnutls_strerror(ret));

268

}

269

270

if ((ret = gnutls_priority_set_direct (es->session, "NORMAL", &err))

271

!= GNUTLS_E_SUCCESS) {

272

fprintf(stderr, "Syntax error at: %s\n", err);

273

fprintf(stderr, "Gnutls error: %s\n",

274

safer_gnutls_strerror(ret));

275

return -1;

276

}

277

278

if ((ret = gnutls_credentials_set

279

(es->session, GNUTLS_CRD_CERTIFICATE, es->cred))

280

!= GNUTLS_E_SUCCESS) {

281

fprintf(stderr, "Error setting a credentials set: %s\n",

282

safer_gnutls_strerror(ret));

283

return -1;

284

}

285

425

286

/* ignore client certificate if any. */

426

gnutls_certificate_server_set_request (*session,

427

GNUTLS_CERT_IGNORE);

287

gnutls_certificate_server_set_request (es->session, GNUTLS_CERT_IGNORE);

428

288

429

gnutls_dh_set_prime_bits (*session, mc->dh_bits);

289

gnutls_dh_set_prime_bits (es->session, DH_BITS);

430

290

431

291

return 0;

432

292

}

433

293

434

/* Avahi log function callback */

435

static void empty_log(__attribute__((unused)) AvahiLogLevel level,

436

__attribute__((unused)) const char *txt){}

294

void empty_log(AvahiLogLevel level, const char *txt){}

437

295

438

/* Called when a Mandos server is found */

439

static int start_mandos_communication(const char *ip, uint16_t port,

440

AvahiIfIndex if_index,

441

mandos_context *mc){

296

int start_mandos_communcation(char *ip, uint16_t port){

442

297

int ret, tcp_sd;

443

union { struct sockaddr in; struct sockaddr_in6 in6; } to;

298

struct sockaddr_in6 to;

299

struct in6_addr ip_addr;

300

encrypted_session es;

444

301

char *buffer = NULL;

445

302

char *decrypted_buffer;

446

303

size_t buffer_length = 0;

447

304

size_t buffer_capacity = 0;

448

305

ssize_t decrypted_buffer_size;

449

size_t written;

450

306

int retval = 0;

451

char interface[IF_NAMESIZE];

452

gnutls_session_t session;

453

454

ret = init_gnutls_session (mc, &session);

455

if (ret != 0){

456

return -1;

457

}

458

459

if(debug){

460

fprintf(stderr, "Setting up a tcp connection to %s, port %" PRIu16

461

"\n", ip, port);

462

}

307

463

308

464

309

tcp_sd = socket(PF_INET6, SOCK_STREAM, 0);

465

310

if(tcp_sd < 0) {

466

311

perror("socket");

467

312

return -1;

468

313

}

469

470

if(debug){

471

if(if_indextoname((unsigned int)if_index, interface) == NULL){

472

perror("if_indextoname");

473

return -1;

474

}

475

fprintf(stderr, "Binding to interface %s\n", interface);

314

315

ret = setsockopt(tcp_sd, SOL_SOCKET, SO_BINDTODEVICE, "eth0", 5);

316

if(tcp_sd < 0) {

317

perror("setsockopt bindtodevice");

318

return -1;

476

319

}

477

320

478

memset(&to, 0, sizeof(to));

479

to.in6.sin6_family = AF_INET6;

480

/* It would be nice to have a way to detect if we were passed an

481

IPv4 address here. Now we assume an IPv6 address. */

482

ret = inet_pton(AF_INET6, ip, &to.in6.sin6_addr);

321

memset(&to,0,sizeof(to));

322

to.sin6_family = AF_INET6;

323

ret = inet_pton(AF_INET6, ip, &ip_addr);

483

324

if (ret < 0 ){

484

325

perror("inet_pton");

485

326

return -1;

486

}

327

}

487

328

if(ret == 0){

488

329

fprintf(stderr, "Bad address: %s\n", ip);

489

330

return -1;

490

331

}

491

to.in6.sin6_port = htons(port); /* Spurious warning */

492

493

to.in6.sin6_scope_id = (uint32_t)if_index;

494

495

if(debug){

496

fprintf(stderr, "Connection to: %s, port %" PRIu16 "\n", ip,

497

port);

498

char addrstr[INET6_ADDRSTRLEN] = "";

499

if(inet_ntop(to.in6.sin6_family, &(to.in6.sin6_addr), addrstr,

500

sizeof(addrstr)) == NULL){

501

perror("inet_ntop");

502

} else {

503

if(strcmp(addrstr, ip) != 0){

504

fprintf(stderr, "Canonical address form: %s\n", addrstr);

505

}

506

}

507

}

508

509

ret = connect(tcp_sd, &to.in, sizeof(to));

332

to.sin6_port = htons(port);

333

to.sin6_scope_id = if_nametoindex("eth0");

334

335

ret = connect(tcp_sd, (struct sockaddr *) &to, sizeof(to));

510

336

if (ret < 0){

511

337

perror("connect");

512

338

return -1;

513

339

}

514

515

const char *out = mandos_protocol_version;

516

written = 0;

517

while (true){

518

size_t out_size = strlen(out);

519

ret = TEMP_FAILURE_RETRY(write(tcp_sd, out + written,

520

out_size - written));

521

if (ret == -1){

522

perror("write");

523

retval = -1;

524

goto mandos_end;

525

}

526

written += (size_t)ret;

527

if(written < out_size){

528

continue;

529

} else {

530

if (out == mandos_protocol_version){

531

written = 0;

532

out = "\r\n";

533

} else {

534

break;

535

}

536

}

537

}

538

539

if(debug){

540

fprintf(stderr, "Establishing TLS session with %s\n", ip);

541

}

542

543

gnutls_transport_set_ptr (session, (gnutls_transport_ptr_t) tcp_sd);

544

545

do{

546

ret = gnutls_handshake (session);

547

} while(ret == GNUTLS_E_AGAIN or ret == GNUTLS_E_INTERRUPTED);

340

341

ret = initgnutls (&es);

342

if (ret != 0){

343

retval = -1;

344

return -1;

345

}

346

347

348

gnutls_transport_set_ptr (es.session, (gnutls_transport_ptr_t) tcp_sd);

349

350

ret = gnutls_handshake (es.session);

548

351

549

352

if (ret != GNUTLS_E_SUCCESS){

550

if(debug){

551

fprintf(stderr, "*** GnuTLS Handshake failed ***\n");

552

gnutls_perror (ret);

553

}

353

fprintf(stderr, "\n*** Handshake failed ***\n");

354

gnutls_perror (ret);

554

355

retval = -1;

555

goto mandos_end;

556

}

557

558

/* Read OpenPGP packet that contains the wanted password */

559

560

if(debug){

561

fprintf(stderr, "Retrieving pgp encrypted password from %s\n",

562

ip);

356

goto exit;

563

357

}

564

358

359

//retrive password

565

360

while(true){

566

buffer_capacity = adjustbuffer(&buffer, buffer_length,

567

buffer_capacity);

568

if (buffer_capacity == 0){

569

perror("adjustbuffer");

570

retval = -1;

571

goto mandos_end;

361

if (buffer_length + BUFFER_SIZE > buffer_capacity){

362

buffer = realloc(buffer, buffer_capacity + BUFFER_SIZE);

363

if (buffer == NULL){

364

perror("realloc");

365

goto exit;

366

}

367

buffer_capacity += BUFFER_SIZE;

572

368

}

573

369

574

ret = gnutls_record_recv(session, buffer+buffer_length,

575

BUFFER_SIZE);

370

ret = gnutls_record_recv

371

(es.session, buffer+buffer_length, BUFFER_SIZE);

576

372

if (ret == 0){

577

373

break;

578

374

}

582

378

case GNUTLS_E_AGAIN:

583

379

break;

584

380

case GNUTLS_E_REHANDSHAKE:

585

do{

586

ret = gnutls_handshake (session);

587

} while(ret == GNUTLS_E_AGAIN or ret == GNUTLS_E_INTERRUPTED);

381

ret = gnutls_handshake (es.session);

588

382

if (ret < 0){

589

fprintf(stderr, "*** GnuTLS Re-handshake failed ***\n");

383

fprintf(stderr, "\n*** Handshake failed ***\n");

590

384

gnutls_perror (ret);

591

385

retval = -1;

592

goto mandos_end;

386

goto exit;

593

387

}

594

388

break;

595

389

default:

596

fprintf(stderr, "Unknown error while reading data from"

597

" encrypted session with Mandos server\n");

390

fprintf(stderr, "Unknown error while reading data from encrypted session with mandos server\n");

598

391

retval = -1;

599

gnutls_bye (session, GNUTLS_SHUT_RDWR);

600

goto mandos_end;

392

gnutls_bye (es.session, GNUTLS_SHUT_RDWR);

393

goto exit;

601

394

}

602

395

} else {

603

buffer_length += (size_t) ret;

396

buffer_length += ret;

604

397

}

605

398

}

606

607

if(debug){

608

fprintf(stderr, "Closing TLS session\n");

609

}

610

611

gnutls_bye (session, GNUTLS_SHUT_RDWR);

612

399

613

400

if (buffer_length > 0){

614

decrypted_buffer_size = pgp_packet_decrypt(buffer,

615

buffer_length,

616

&decrypted_buffer,

617

keydir);

618

if (decrypted_buffer_size >= 0){

619

written = 0;

620

while(written < (size_t) decrypted_buffer_size){

621

ret = (int)fwrite (decrypted_buffer + written, 1,

622

(size_t)decrypted_buffer_size - written,

623

stdout);

624

if(ret == 0 and ferror(stdout)){

625

if(debug){

626

fprintf(stderr, "Error writing encrypted data: %s\n",

627

strerror(errno));

628

}

629

retval = -1;

630

break;

631

}

632

written += (size_t)ret;

633

}

401

if ((decrypted_buffer_size = gpg_packet_decrypt(buffer, buffer_length, &decrypted_buffer, CERT_ROOT)) == 0){

402

retval = -1;

403

} else {

404

fwrite (decrypted_buffer, 1, decrypted_buffer_size, stdout);

634

405

free(decrypted_buffer);

635

} else {

636

retval = -1;

637

406

}

638

} else {

639

retval = -1;

640

407

}

641

642

/* Shutdown procedure */

643

644

mandos_end:

408

645

409

free(buffer);

410

411

//shutdown procedure

412

gnutls_bye (es.session, GNUTLS_SHUT_RDWR);

413

exit:

646

414

close(tcp_sd);

647

gnutls_deinit (session);

415

gnutls_deinit (es.session);

416

gnutls_certificate_free_credentials (es.cred);

417

gnutls_global_deinit ();

648

418

return retval;

649

419

}

650

420

651

static void resolve_callback(AvahiSServiceResolver *r,

652

AvahiIfIndex interface,

653

AVAHI_GCC_UNUSED AvahiProtocol protocol,

654

AvahiResolverEvent event,

655

const char *name,

656

const char *type,

657

const char *domain,

658

const char *host_name,

659

const AvahiAddress *address,

660

uint16_t port,

661

AVAHI_GCC_UNUSED AvahiStringList *txt,

662

AVAHI_GCC_UNUSED AvahiLookupResultFlags

663

flags,

664

void* userdata) {

665

mandos_context *mc = userdata;

666

assert(r);

667

668

/* Called whenever a service has been resolved successfully or

669

timed out */

670

671

switch (event) {

672

default:

673

case AVAHI_RESOLVER_FAILURE:

674

fprintf(stderr, "(Avahi Resolver) Failed to resolve service '%s'"

675

" of type '%s' in domain '%s': %s\n", name, type, domain,

676

avahi_strerror(avahi_server_errno(mc->server)));

677

break;

678

679

case AVAHI_RESOLVER_FOUND:

680

{

681

char ip[AVAHI_ADDRESS_STR_MAX];

682

avahi_address_snprint(ip, sizeof(ip), address);

683

if(debug){

684

fprintf(stderr, "Mandos server \"%s\" found on %s (%s, %"

685

PRIu16 ") on port %d\n", name, host_name, ip,

686

interface, port);

687

}

688

int ret = start_mandos_communication(ip, port, interface, mc);

689

if (ret == 0){

690

avahi_simple_poll_quit(mc->simple_poll);

691

}

692

}

693

}

694

avahi_s_service_resolver_free(r);

695

}

696

697

static void browse_callback( AvahiSServiceBrowser *b,

698

AvahiIfIndex interface,

699

AvahiProtocol protocol,

700

AvahiBrowserEvent event,

701

const char *name,

702

const char *type,

703

const char *domain,

704

AVAHI_GCC_UNUSED AvahiLookupResultFlags

705

flags,

706

void* userdata) {

707

mandos_context *mc = userdata;

708

assert(b);

709

710

/* Called whenever a new services becomes available on the LAN or

711

is removed from the LAN */

712

713

switch (event) {

714

default:

715

case AVAHI_BROWSER_FAILURE:

716

717

fprintf(stderr, "(Avahi browser) %s\n",

718

avahi_strerror(avahi_server_errno(mc->server)));

719

avahi_simple_poll_quit(mc->simple_poll);

720

return;

721

722

case AVAHI_BROWSER_NEW:

723

/* We ignore the returned Avahi resolver object. In the callback

724

function we free it. If the Avahi server is terminated before

725

the callback function is called the Avahi server will free the

726

resolver for us. */

727

728

if (!(avahi_s_service_resolver_new(mc->server, interface,

729

protocol, name, type, domain,

730

AVAHI_PROTO_INET6, 0,

731

resolve_callback, mc)))

732

fprintf(stderr, "Avahi: Failed to resolve service '%s': %s\n",

733

name, avahi_strerror(avahi_server_errno(mc->server)));

734

break;

735

736

case AVAHI_BROWSER_REMOVE:

737

break;

738

739

case AVAHI_BROWSER_ALL_FOR_NOW:

740

case AVAHI_BROWSER_CACHE_EXHAUSTED:

741

if(debug){

742

fprintf(stderr, "No Mandos server found, still searching...\n");

743

}

744

break;

745

}

746

}

747

748

/* Combines file name and path and returns the malloced new

749

string. some sane checks could/should be added */

750

static char *combinepath(const char *first, const char *second){

751

char *tmp;

752

int ret = asprintf(&tmp, "%s/%s", first, second);

753

if(ret < 0){

754

return NULL;

755

}

756

return tmp;

757

}

758

759

760

int main(int argc, char *argv[]){

421

static AvahiSimplePoll *simple_poll = NULL;

422

static AvahiServer *server = NULL;

423

424

static void resolve_callback(

425

AvahiSServiceResolver *r,

426

AVAHI_GCC_UNUSED AvahiIfIndex interface,

427

AVAHI_GCC_UNUSED AvahiProtocol protocol,

428

AvahiResolverEvent event,

429

const char *name,

430

const char *type,

431

const char *domain,

432

const char *host_name,

433

const AvahiAddress *address,

434

uint16_t port,

435

AvahiStringList *txt,

436

AvahiLookupResultFlags flags,

437

AVAHI_GCC_UNUSED void* userdata) {

438

439

assert(r);

440

441

/* Called whenever a service has been resolved successfully or timed out */

442

443

switch (event) {

444

case AVAHI_RESOLVER_FAILURE:

445

fprintf(stderr, "(Resolver) Failed to resolve service '%s' of type '%s' in domain '%s': %s\n", name, type, domain, avahi_strerror(avahi_server_errno(server)));

446

break;

447

448

case AVAHI_RESOLVER_FOUND: {

449

char ip[AVAHI_ADDRESS_STR_MAX];

450

avahi_address_snprint(ip, sizeof(ip), address);

451

int ret = start_mandos_communcation(ip, port);

452

if (ret == 0){

453

exit(EXIT_SUCCESS);

454

} else {

455

exit(EXIT_FAILURE);

456

}

457

}

458

}

459

avahi_s_service_resolver_free(r);

460

}

461

462

static void browse_callback(

463

AvahiSServiceBrowser *b,

464

AvahiIfIndex interface,

465

AvahiProtocol protocol,

466

AvahiBrowserEvent event,

467

const char *name,

468

const char *type,

469

const char *domain,

470

AVAHI_GCC_UNUSED AvahiLookupResultFlags flags,

471

void* userdata) {

472

473

AvahiServer *s = userdata;

474

assert(b);

475

476

/* Called whenever a new services becomes available on the LAN or is removed from the LAN */

477

478

switch (event) {

479

480

case AVAHI_BROWSER_FAILURE:

481

482

fprintf(stderr, "(Browser) %s\n", avahi_strerror(avahi_server_errno(server)));

483

avahi_simple_poll_quit(simple_poll);

484

return;

485

486

case AVAHI_BROWSER_NEW:

487

/* We ignore the returned resolver object. In the callback

488

function we free it. If the server is terminated before

489

the callback function is called the server will free

490

the resolver for us. */

491

492

if (!(avahi_s_service_resolver_new(s, interface, protocol, name, type, domain, AVAHI_PROTO_INET6, 0, resolve_callback, s)))

493

fprintf(stderr, "Failed to resolve service '%s': %s\n", name, avahi_strerror(avahi_server_errno(s)));

494

495

break;

496

497

case AVAHI_BROWSER_REMOVE:

498

break;

499

500

case AVAHI_BROWSER_ALL_FOR_NOW:

501

case AVAHI_BROWSER_CACHE_EXHAUSTED:

502

break;

503

}

504

}

505

506

int main(AVAHI_GCC_UNUSED int argc, AVAHI_GCC_UNUSED char*argv[]) {

507

AvahiServerConfig config;

761

508

AvahiSServiceBrowser *sb = NULL;

762

509

int error;

763

int ret;

764

int exitcode = EXIT_SUCCESS;

765

const char *interface = "eth0";

766

struct ifreq network;

767

int sd;

768

uid_t uid;

769

gid_t gid;

770

char *connect_to = NULL;

771

AvahiIfIndex if_index = AVAHI_IF_UNSPEC;

772

char *pubkeyfilename = NULL;

773

char *seckeyfilename = NULL;

774

const char *pubkeyname = "pubkey.txt";

775

const char *seckeyname = "seckey.txt";

776

mandos_context mc = { .simple_poll = NULL, .server = NULL,

777

.dh_bits = 1024, .priority = "SECURE256"};

778

bool gnutls_initalized = false;

779

780

{

781

struct argp_option options[] = {

782

{ .name = "debug", .key = 128,

783

.doc = "Debug mode", .group = 3 },

784

{ .name = "connect", .key = 'c',

785

.arg = "IP",

786

.doc = "Connect directly to a sepcified mandos server",

787

.group = 1 },

788

{ .name = "interface", .key = 'i',

789

.arg = "INTERFACE",

790

.doc = "Interface that Avahi will conntect through",

791

.group = 1 },

792

{ .name = "keydir", .key = 'd',

793

.arg = "KEYDIR",

794

.doc = "Directory where the openpgp keyring is",

795

.group = 1 },

796

{ .name = "seckey", .key = 's',

797

.arg = "SECKEY",

798

.doc = "Secret openpgp key for gnutls authentication",

799

.group = 1 },

800

{ .name = "pubkey", .key = 'p',

801

.arg = "PUBKEY",

802

.doc = "Public openpgp key for gnutls authentication",

803

.group = 2 },

804

{ .name = "dh-bits", .key = 129,

805

.arg = "BITS",

806

.doc = "dh-bits to use in gnutls communication",

807

.group = 2 },

808

{ .name = "priority", .key = 130,

809

.arg = "PRIORITY",

810

.doc = "GNUTLS priority", .group = 1 },

811

{ .name = NULL }

812

};

813

814

815

error_t parse_opt (int key, char *arg,

816

struct argp_state *state) {

817

/* Get the INPUT argument from `argp_parse', which we know is

818

a pointer to our plugin list pointer. */

819

switch (key) {

820

case 128:

821

debug = true;

822

break;

823

case 'c':

824

connect_to = arg;

825

break;

826

case 'i':

827

interface = arg;

828

break;

829

case 'd':

830

keydir = arg;

831

break;

832

case 's':

833

seckeyname = arg;

834

break;

835

case 'p':

836

pubkeyname = arg;

837

break;

838

case 129:

839

errno = 0;

840

mc.dh_bits = (unsigned int) strtol(arg, NULL, 10);

841

if (errno){

842

perror("strtol");

843

exit(EXIT_FAILURE);

844

}

845

break;

846

case 130:

847

mc.priority = arg;

848

break;

849

case ARGP_KEY_ARG:

850

argp_usage (state);

851

case ARGP_KEY_END:

852

break;

853

default:

854

return ARGP_ERR_UNKNOWN;

855

}

856

return 0;

857

}

858

859

struct argp argp = { .options = options, .parser = parse_opt,

860

.args_doc = "",

861

.doc = "Mandos client -- Get and decrypt"

862

" passwords from mandos server" };

863

ret = argp_parse (&argp, argc, argv, 0, 0, NULL);

864

if (ret == ARGP_ERR_UNKNOWN){

865

fprintf(stderr, "Unknown error while parsing arguments\n");

866

exitcode = EXIT_FAILURE;

867

goto end;

868

}

869

}

870

871

pubkeyfilename = combinepath(keydir, pubkeyname);

872

if (pubkeyfilename == NULL){

873

perror("combinepath");

874

exitcode = EXIT_FAILURE;

875

goto end;

876

}

877

878

seckeyfilename = combinepath(keydir, seckeyname);

879

if (seckeyfilename == NULL){

880

perror("combinepath");

881

exitcode = EXIT_FAILURE;

882

goto end;

883

}

884

885

ret = init_gnutls_global(&mc, pubkeyfilename, seckeyfilename);

886

if (ret == -1){

887

fprintf(stderr, "init_gnutls_global failed\n");

888

exitcode = EXIT_FAILURE;

889

goto end;

890

} else {

891

gnutls_initalized = true;

892

}

893

894

/* If the interface is down, bring it up */

895

{

896

sd = socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP);

897

if(sd < 0) {

898

perror("socket");

899

exitcode = EXIT_FAILURE;

900

goto end;

901

}

902

strcpy(network.ifr_name, interface);

903

ret = ioctl(sd, SIOCGIFFLAGS, &network);

904

if(ret == -1){

905

perror("ioctl SIOCGIFFLAGS");

906

exitcode = EXIT_FAILURE;

907

goto end;

908

}

909

if((network.ifr_flags & IFF_UP) == 0){

910

network.ifr_flags |= IFF_UP;

911

ret = ioctl(sd, SIOCSIFFLAGS, &network);

912

if(ret == -1){

913

perror("ioctl SIOCSIFFLAGS");

914

exitcode = EXIT_FAILURE;

915

goto end;

916

}

917

}

918

close(sd);

919

}

920

921

uid = getuid();

922

gid = getgid();

923

924

ret = setuid(uid);

925

if (ret == -1){

926

perror("setuid");

927

}

928

929

setgid(gid);

930

if (ret == -1){

931

perror("setgid");

932

}

933

934

if_index = (AvahiIfIndex) if_nametoindex(interface);

935

if(if_index == 0){

936

fprintf(stderr, "No such interface: \"%s\"\n", interface);

937

exit(EXIT_FAILURE);

938

}

939

940

if(connect_to != NULL){

941

/* Connect directly, do not use Zeroconf */

942

/* (Mainly meant for debugging) */

943

char *address = strrchr(connect_to, ':');

944

if(address == NULL){

945

fprintf(stderr, "No colon in address\n");

946

exitcode = EXIT_FAILURE;

947

goto end;

948

}

949

errno = 0;

950

uint16_t port = (uint16_t) strtol(address+1, NULL, 10);

951

if(errno){

952

perror("Bad port number");

953

exitcode = EXIT_FAILURE;

954

goto end;

955

}

956

*address = '\0';

957

address = connect_to;

958

ret = start_mandos_communication(address, port, if_index, &mc);

959

if(ret < 0){

960

exitcode = EXIT_FAILURE;

961

} else {

962

exitcode = EXIT_SUCCESS;

963

}

964

goto end;

965

}

966

967

if (not debug){

968

avahi_set_log_function(empty_log);

969

}

970

971

/* Initialize the pseudo-RNG for Avahi */

972

srand((unsigned int) time(NULL));

973

974

/* Allocate main Avahi loop object */

975

mc.simple_poll = avahi_simple_poll_new();

976

if (mc.simple_poll == NULL) {

977

fprintf(stderr, "Avahi: Failed to create simple poll"

978

" object.\n");

979

exitcode = EXIT_FAILURE;

980

goto end;

981

}

982

983

{

984

AvahiServerConfig config;

985

/* Do not publish any local Zeroconf records */

986

avahi_server_config_init(&config);

987

config.publish_hinfo = 0;

988

config.publish_addresses = 0;

989

config.publish_workstation = 0;

990

config.publish_domain = 0;

991

992

/* Allocate a new server */

993

mc.server = avahi_server_new(avahi_simple_poll_get

994

(mc.simple_poll), &config, NULL,

995

NULL, &error);

996

997

/* Free the Avahi configuration data */

998

avahi_server_config_free(&config);

999

}

1000

1001

/* Check if creating the Avahi server object succeeded */

1002

if (mc.server == NULL) {

1003

fprintf(stderr, "Failed to create Avahi server: %s\n",

1004

avahi_strerror(error));

1005

exitcode = EXIT_FAILURE;

1006

goto end;

1007

}

1008

1009

/* Create the Avahi service browser */

1010

sb = avahi_s_service_browser_new(mc.server, if_index,

1011

AVAHI_PROTO_INET6,

1012

"_mandos._tcp", NULL, 0,

1013

browse_callback, &mc);

1014

if (sb == NULL) {

1015

fprintf(stderr, "Failed to create service browser: %s\n",

1016

avahi_strerror(avahi_server_errno(mc.server)));

1017

exitcode = EXIT_FAILURE;

1018

goto end;

510

int ret = 1;

511

512

avahi_set_log_function(empty_log);

513

514

/* Initialize the psuedo-RNG */

515

srand(time(NULL));

516

517

/* Allocate main loop object */

518

if (!(simple_poll = avahi_simple_poll_new())) {

519

fprintf(stderr, "Failed to create simple poll object.\n");

520

goto fail;

521

}

522

523

/* Do not publish any local records */

524

avahi_server_config_init(&config);

525

config.publish_hinfo = 0;

526

config.publish_addresses = 0;

527

config.publish_workstation = 0;

528

config.publish_domain = 0;

529

530

/* /\* Set a unicast DNS server for wide area DNS-SD *\/ */

531

/* avahi_address_parse("193.11.177.11", AVAHI_PROTO_UNSPEC, &config.wide_area_servers[0]); */

532

/* config.n_wide_area_servers = 1; */

533

/* config.enable_wide_area = 1; */

534

535

/* Allocate a new server */

536

server = avahi_server_new(avahi_simple_poll_get(simple_poll), &config, NULL, NULL, &error);

537

538

/* Free the configuration data */

539

avahi_server_config_free(&config);

540

541

/* Check wether creating the server object succeeded */

542

if (!server) {

543

fprintf(stderr, "Failed to create server: %s\n", avahi_strerror(error));

544

goto fail;

545

}

546

547

/* Create the service browser */

548

if (!(sb = avahi_s_service_browser_new(server, if_nametoindex("eth0"), AVAHI_PROTO_INET6, "_mandos._tcp", NULL, 0, browse_callback, server))) {

549

fprintf(stderr, "Failed to create service browser: %s\n", avahi_strerror(avahi_server_errno(server)));

550

goto fail;

1019

551

}

1020

552

1021

553

/* Run the main loop */

1022

1023

if (debug){

1024

fprintf(stderr, "Starting Avahi loop search\n");

1025

}

1026

1027

avahi_simple_poll_loop(mc.simple_poll);

1028

1029

end:

1030

1031

if (debug){

1032

fprintf(stderr, "%s exiting\n", argv[0]);

1033

}

554

avahi_simple_poll_loop(simple_poll);

555

556

ret = 0;

557

558

fail:

1034

559

1035

560

/* Cleanup things */

1036

if (sb != NULL)

561

if (sb)

1037

562

avahi_s_service_browser_free(sb);

1038

563

1039

if (mc.server != NULL)

1040

avahi_server_free(mc.server);

1041

1042

if (mc.simple_poll != NULL)

1043

avahi_simple_poll_free(mc.simple_poll);

1044

free(pubkeyfilename);

1045

free(seckeyfilename);

1046

1047

if (gnutls_initalized){

1048

gnutls_certificate_free_credentials(mc.cred);

1049

gnutls_global_deinit ();

1050

}

1051

1052

return exitcode;

564

if (server)

565

avahi_server_free(server);

566

567

if (simple_poll)

568

avahi_simple_poll_free(simple_poll);

569

570

return ret;

1053

571

}

Older »