/mandos/trunk : revision 16

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to plugins.d/mandosclient.c

Committer: Teddy Hogeborn
Date: 2008-07-21 01:50:31 UTC
Revision ID: teddy@fukt.bsnet.se-20080721015031-ivjiclli2j06hwgs

* Makefile: Include targets for all binaries.

* plugins.d/Makefile: Do nothing but call the parent Makefile.

* server.py: Added copyright statement and information.
  (Client.__init__): Added doc string.
  (Client.stop): Bug fix: Only log message if stopping for the first
                 time.  Check if the "stop_initiator_tag" and
                 "checker_initiator_tag" attributes exist before using
                 them.
  (Client.__del__): Call self.stop() instead of doing things here.
  (Client.checker_callback): Set self.checker_callback_tag and
                             self.checker to None unconditionally and
                             immediately.
  (Client.stop_checker): Added some checks to handle multiple calls.
  (tcp_handler.handle): Use "self.server.clients" instead of "clients".
  (__main__): Moved all code to the "main" function.
  (main): New.  New option "--address".  Instantiate IPv6_TCPServer
          with "options.address".  Log before starting main loop.
  (main.cleanup) Use "clients.pop()" to remove clients from the set as
                 they are stopped.

files modified:
plugins.d/mandosclient.c

plugins.d/passprompt.c

Show diffs side-by-side

added added

removed removed

plugins.d/mandosclient.c

/* $Id$ */

/* PLEASE NOTE *

* This file demonstrates how to use Avahi's core API, this is

* the embeddable mDNS stack for embedded applications.

* End user applications should *not* use this API and should use

* the D-Bus or C APIs, please see

* client-browse-services.c and glib-integration.c

* I repeat, you probably do *not* want to use this example.

/***

This file is part of avahi.

#define BUFFER_SIZE 256

#define DH_BITS 1024

bool debug = false;

typedef struct {

gnutls_session_t session;

gnutls_certificate_credentials_t cred;

size_t new_packet_length = 0;

gpgme_engine_info_t engine_info;

if (debug){

fprintf(stderr, "Attempting to decrypt password from gpg packet\n");

}

/* Init GPGME */

gpgme_check_version(NULL);

gpgme_engine_check_version(GPGME_PROTOCOL_OpenPGP);

136

143

gpgme_strsource(rc), gpgme_strerror(rc));

137

144

return -1;

138

145

}

139

140

if(debug){

141

fprintf(stderr, "decryption of gpg packet succeeded\n");

142

}

143

144

if (debug){

145

gpgme_decrypt_result_t result;

146

result = gpgme_op_decrypt_result(ctx);

147

if (result == NULL){

148

fprintf(stderr, "gpgme_op_decrypt_result failed\n");

149

} else {

150

fprintf(stderr, "Unsupported algorithm: %s\n", result->unsupported_algorithm);

151

fprintf(stderr, "Wrong key usage: %d\n", result->wrong_key_usage);

152

if(result->file_name != NULL){

153

fprintf(stderr, "File name: %s\n", result->file_name);

154

}

155

gpgme_recipient_t recipient;

156

recipient = result->recipients;

157

if(recipient){

158

while(recipient != NULL){

159

fprintf(stderr, "Public key algorithm: %s\n",

160

gpgme_pubkey_algo_name(recipient->pubkey_algo));

161

fprintf(stderr, "Key ID: %s\n", recipient->keyid);

162

fprintf(stderr, "Secret key available: %s\n",

163

recipient->status == GPG_ERR_NO_SECKEY ? "No" : "Yes");

164

recipient = recipient->next;

165

}

166

}

167

}

168

}

169

146

147

/* gpgme_decrypt_result_t result; */

148

/* result = gpgme_op_decrypt_result(ctx); */

149

/* fprintf(stderr, "Unsupported algorithm: %s\n", result->unsupported_algorithm); */

150

/* fprintf(stderr, "Wrong key usage: %d\n", result->wrong_key_usage); */

151

/* if(result->file_name != NULL){ */

152

/* fprintf(stderr, "File name: %s\n", result->file_name); */

153

/* } */

154

/* gpgme_recipient_t recipient; */

155

/* recipient = result->recipients; */

156

/* if(recipient){ */

157

/* while(recipient != NULL){ */

158

/* fprintf(stderr, "Public key algorithm: %s\n", */

159

/* gpgme_pubkey_algo_name(recipient->pubkey_algo)); */

160

/* fprintf(stderr, "Key ID: %s\n", recipient->keyid); */

161

/* fprintf(stderr, "Secret key available: %s\n", */

162

/* recipient->status == GPG_ERR_NO_SECKEY ? "No" : "Yes"); */

163

/* recipient = recipient->next; */

164

/* } */

165

/* } */

166

170

167

/* Delete the GPGME FILE pointer cryptotext data buffer */

171

168

gpgme_data_release(dh_crypto);

172

169

197

194

new_packet_length += ret;

198

195

}

199

196

200

if(debug){

201

fprintf(stderr, "decrypted password is: %s\n", *new_packet);

202

}

203

204

197

/* Delete the GPGME plaintext data buffer */

205

198

gpgme_data_release(dh_plain);

206

199

return new_packet_length;

220

213

int initgnutls(encrypted_session *es){

221

214

const char *err;

222

215

int ret;

223

224

if(debug){

225

fprintf(stderr, "Initializing gnutls\n");

226

}

227

228

216

229

217

if ((ret = gnutls_global_init ())

230

218

!= GNUTLS_E_SUCCESS) {

232

220

return -1;

233

221

}

234

222

235

if (debug){

236

gnutls_global_set_log_level(11);

237

gnutls_global_set_log_function(debuggnutls);

238

}

239

223

/* Uncomment to enable full debuggin on the gnutls library */

224

/* gnutls_global_set_log_level(11); */

225

/* gnutls_global_set_log_function(debuggnutls); */

226

240

227

241

228

/* openpgp credentials */

242

229

if ((ret = gnutls_certificate_allocate_credentials (&es->cred))

245

232

return -1;

246

233

}

247

234

248

if(debug){

249

fprintf(stderr, "Attempting to use openpgp certificate %s"

250

" and keyfile %s as gnutls credentials\n", CERTFILE, KEYFILE);

251

}

252

253

235

ret = gnutls_certificate_set_openpgp_key_file

254

236

(es->cred, CERTFILE, KEYFILE, GNUTLS_OPENPGP_FMT_BASE64);

255

237

if (ret != GNUTLS_E_SUCCESS) {

322

304

size_t buffer_capacity = 0;

323

305

ssize_t decrypted_buffer_size;

324

306

int retval = 0;

325

const char interface[] = "eth0";

326

307

327

if(debug){

328

fprintf(stderr, "Setting up a tcp connection to %s\n", ip);

329

}

330

308

331

309

tcp_sd = socket(PF_INET6, SOCK_STREAM, 0);

332

310

if(tcp_sd < 0) {

333

311

perror("socket");

334

312

return -1;

335

313

}

336

337

if(debug){

338

fprintf(stderr, "Binding to interface %s\n", interface);

339

}

340

341

ret = setsockopt(tcp_sd, SOL_SOCKET, SO_BINDTODEVICE, interface, 5);

314

315

ret = setsockopt(tcp_sd, SOL_SOCKET, SO_BINDTODEVICE, "eth0", 5);

342

316

if(tcp_sd < 0) {

343

317

perror("setsockopt bindtodevice");

344

318

return -1;

356

330

return -1;

357

331

}

358

332

to.sin6_port = htons(port);

359

to.sin6_scope_id = if_nametoindex(interface);

360

361

if(debug){

362

fprintf(stderr, "Connection to: %s\n", ip);

363

}

333

to.sin6_scope_id = if_nametoindex("eth0");

364

334

365

335

ret = connect(tcp_sd, (struct sockaddr *) &to, sizeof(to));

366

336

if (ret < 0){

377

347

378

348

gnutls_transport_set_ptr (es.session, (gnutls_transport_ptr_t) tcp_sd);

379

349

380

if(debug){

381

fprintf(stderr, "Establishing tls session with %s\n", ip);

382

}

383

384

385

350

ret = gnutls_handshake (es.session);

386

351

387

352

if (ret != GNUTLS_E_SUCCESS){

391

356

goto exit;

392

357

}

393

358

394

//Retrieve gpg packet that contains the wanted password

395

396

if(debug){

397

fprintf(stderr, "Retrieving pgp encrypted password from %s\n", ip);

398

}

399

359

//retrive password

400

360

while(true){

401

361

if (buffer_length + BUFFER_SIZE > buffer_capacity){

402

362

buffer = realloc(buffer, buffer_capacity + BUFFER_SIZE);

436

396

buffer_length += ret;

437

397

}

438

398

}

439

399

440

400

if (buffer_length > 0){

441

if ((decrypted_buffer_size = gpg_packet_decrypt(buffer, buffer_length, &decrypted_buffer, CERT_ROOT)) >= 0){

401

if ((decrypted_buffer_size = gpg_packet_decrypt(buffer, buffer_length, &decrypted_buffer, CERT_ROOT)) == 0){

402

retval = -1;

403

} else {

442

404

fwrite (decrypted_buffer, 1, decrypted_buffer_size, stdout);

443

405

free(decrypted_buffer);

444

} else {

445

retval = -1;

446

406

}

447

407

}

448

408

409

free(buffer);

410

449

411

//shutdown procedure

450

451

if(debug){

452

fprintf(stderr, "Closing tls session\n");

453

}

454

455

free(buffer);

456

412

gnutls_bye (es.session, GNUTLS_SHUT_RDWR);

457

413

exit:

458

414

close(tcp_sd);

492

448

case AVAHI_RESOLVER_FOUND: {

493

449

char ip[AVAHI_ADDRESS_STR_MAX];

494

450

avahi_address_snprint(ip, sizeof(ip), address);

495

if(debug){

496

fprintf(stderr, "Mandos server found at %s on port %d\n", ip, port);

497

}

498

451

int ret = start_mandos_communcation(ip, port);

499

452

if (ret == 0){

500

453

exit(EXIT_SUCCESS);

553

506

int main(AVAHI_GCC_UNUSED int argc, AVAHI_GCC_UNUSED char*argv[]) {

554

507

AvahiServerConfig config;

555

508

AvahiSServiceBrowser *sb = NULL;

556

const char db[] = "--debug";

557

509

int error;

558

510

int ret = 1;

559

int returncode = EXIT_SUCCESS;

560

char *basename = rindex(argv[0], '/');

561

if(basename == NULL){

562

basename = argv[0];

563

} else {

564

basename++;

565

}

566

567

char *program_name = malloc(strlen(basename) + sizeof(db));

568

569

if (program_name == NULL){

570

perror("argv[0]");

571

return EXIT_FAILURE;

572

}

573

574

program_name[0] = '\0';

575

576

for (int i = 1; i < argc; i++){

577

if (not strncmp(argv[i], db, 5)){

578

strcat(strcat(strcat(program_name, db ), "="), basename);

579

if(not strcmp(argv[i], db) or not strcmp(argv[i], program_name)){

580

debug = true;

581

}

582

}

583

}

584

free(program_name);

585

586

if (not debug){

587

avahi_set_log_function(empty_log);

588

}

511

512

avahi_set_log_function(empty_log);

589

513

590

514

/* Initialize the psuedo-RNG */

591

515

srand(time(NULL));

593

517

/* Allocate main loop object */

594

518

if (!(simple_poll = avahi_simple_poll_new())) {

595

519

fprintf(stderr, "Failed to create simple poll object.\n");

596

597

goto exit;

520

goto fail;

598

521

}

599

522

600

523

/* Do not publish any local records */

604

527

config.publish_workstation = 0;

605

528

config.publish_domain = 0;

606

529

530

/* /\* Set a unicast DNS server for wide area DNS-SD *\/ */

531

/* avahi_address_parse("193.11.177.11", AVAHI_PROTO_UNSPEC, &config.wide_area_servers[0]); */

532

/* config.n_wide_area_servers = 1; */

533

/* config.enable_wide_area = 1; */

534

607

535

/* Allocate a new server */

608

536

server = avahi_server_new(avahi_simple_poll_get(simple_poll), &config, NULL, NULL, &error);

609

537

610

538

/* Free the configuration data */

611

539

avahi_server_config_free(&config);

612

540

613

/* Check if creating the server object succeeded */

541

/* Check wether creating the server object succeeded */

614

542

if (!server) {

615

543

fprintf(stderr, "Failed to create server: %s\n", avahi_strerror(error));

616

returncode = EXIT_FAILURE;

617

goto exit;

544

goto fail;

618

545

}

619

546

620

547

/* Create the service browser */

621

548

if (!(sb = avahi_s_service_browser_new(server, if_nametoindex("eth0"), AVAHI_PROTO_INET6, "_mandos._tcp", NULL, 0, browse_callback, server))) {

622

549

fprintf(stderr, "Failed to create service browser: %s\n", avahi_strerror(avahi_server_errno(server)));

623

returncode = EXIT_FAILURE;

624

goto exit;

550

goto fail;

625

551

}

626

552

627

553

/* Run the main loop */

628

629

if (debug){

630

fprintf(stderr, "Starting avahi loop search\n");

631

}

632

633

554

avahi_simple_poll_loop(simple_poll);

634

555

635

exit:

636

637

if (debug){

638

fprintf(stderr, "%s exiting\n", argv[0]);

639

}

556

ret = 0;

557

558

fail:

640

559

641

560

/* Cleanup things */

642

561

if (sb)

Older »