To get this branch, use:
bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk
« back to all changes in this revision
Viewing changes to plugins.d/mandosclient.c
- browse files at revision 17
- compare with another revision
- download diff
- download tarball
- view history from revision 17
- Committer: Teddy Hogeborn
- Date: 2008-07-21 01:52:54 UTC
- mfrom: (15.1.2 mandos)
- Revision ID: teddy@fukt.bsnet.se-20080721015254-5ut0m7j1r4t5x7hj
Merge.
- files added:
- plugins.d/Makefile
- files removed:
- server.conf
- files renamed:
- clients.conf => mandos-clients.conf
- files modified:
- Makefile
added
removed
plugins.d/mandosclient.c
1
/* -*- coding: utf-8 -*- */
2
/*
3
* Mandos client - get and decrypt data from a Mandos server
4
*
5
* This program is partly derived from an example program for an Avahi
6
* service browser, downloaded from
7
* <http://avahi.org/browser/examples/core-browse-services.c>. This
8
* includes the following functions: "resolve_callback",
9
* "browse_callback", and parts of "main".
10
*
11
* Everything else is
12
* Copyright © 2007-2008 Teddy Hogeborn & Björn Påhlsson
13
*
14
* This program is free software: you can redistribute it and/or
15
* modify it under the terms of the GNU General Public License as
16
* published by the Free Software Foundation, either version 3 of the
17
* License, or (at your option) any later version.
18
*
19
* This program is distributed in the hope that it will be useful, but
20
* WITHOUT ANY WARRANTY; without even the implied warranty of
21
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
22
* General Public License for more details.
23
*
24
* You should have received a copy of the GNU General Public License
25
* along with this program. If not, see
26
* <http://www.gnu.org/licenses/>.
27
*
28
* Contact the authors at <https://www.fukt.bsnet.se/~belorn/> and
29
* <https://www.fukt.bsnet.se/~teddy/>.
30
*/
1
/***
2
This file is part of avahi.
3
4
avahi is free software; you can redistribute it and/or modify it
5
under the terms of the GNU Lesser General Public License as
6
published by the Free Software Foundation; either version 2.1 of the
7
License, or (at your option) any later version.
8
9
avahi is distributed in the hope that it will be useful, but WITHOUT
10
ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
11
or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General
12
Public License for more details.
13
14
You should have received a copy of the GNU Lesser General Public
15
License along with avahi; if not, write to the Free Software
16
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
17
USA.
18
***/
31
19
32
/* Needed by GPGME, specifically gpgme_data_seek() */
33
20
#define _LARGEFILE_SOURCE
34
21
#define _FILE_OFFSET_BITS 64
35
22
47
34
#include <avahi-common/error.h>
48
35
49
36
//mandos client part
50
#include <sys/types.h> /* socket(), inet_pton() */
51
#include <sys/socket.h> /* socket(), struct sockaddr_in6,
52
struct in6_addr, inet_pton() */
53
#include <gnutls/gnutls.h> /* All GnuTLS stuff */
54
#include <gnutls/openpgp.h> /* GnuTLS with openpgp stuff */
37
#include <sys/types.h> /* socket(), setsockopt(), inet_pton() */
38
#include <sys/socket.h> /* socket(), setsockopt(), struct sockaddr_in6, struct in6_addr, inet_pton() */
39
#include <gnutls/gnutls.h> /* ALL GNUTLS STUFF */
40
#include <gnutls/openpgp.h> /* gnutls with openpgp stuff */
55
41
56
42
#include <unistd.h> /* close() */
57
43
#include <netinet/in.h>
64
50
#include <errno.h> /* perror() */
65
51
#include <gpgme.h>
66
52
67
// getopt long
68
#include <getopt.h>
69
53
70
54
#ifndef CERT_ROOT
71
55
#define CERT_ROOT "/conf/conf.d/cryptkeyreq/"
84
68
} encrypted_session;
85
69
86
70
87
ssize_t pgp_packet_decrypt (char *packet, size_t packet_size,
88
char **new_packet, const char *homedir){
71
ssize_t gpg_packet_decrypt (char *packet, size_t packet_size, char **new_packet, char *homedir){
89
72
gpgme_data_t dh_crypto, dh_plain;
90
73
gpgme_ctx_t ctx;
91
74
gpgme_error_t rc;
92
75
ssize_t ret;
93
ssize_t new_packet_capacity = 0;
94
ssize_t new_packet_length = 0;
76
size_t new_packet_capacity = 0;
77
size_t new_packet_length = 0;
95
78
gpgme_engine_info_t engine_info;
96
79
97
80
if (debug){
98
fprintf(stderr, "Trying to decrypt OpenPGP packet\n");
81
fprintf(stderr, "Attempting to decrypt password from gpg packet\n");
99
82
}
100
83
101
84
/* Init GPGME */
146
129
return -1;
147
130
}
148
131
149
/* Decrypt data from the FILE pointer to the plaintext data
150
buffer */
132
/* Decrypt data from the FILE pointer to the plaintext data buffer */
151
133
rc = gpgme_op_decrypt(ctx, dh_crypto, dh_plain);
152
134
if (rc != GPG_ERR_NO_ERROR){
153
135
fprintf(stderr, "bad gpgme_op_decrypt: %s: %s\n",
156
138
}
157
139
158
140
if(debug){
159
fprintf(stderr, "Decryption of OpenPGP packet succeeded\n");
141
fprintf(stderr, "decryption of gpg packet succeeded\n");
160
142
}
161
143
162
144
if (debug){
165
147
if (result == NULL){
166
148
fprintf(stderr, "gpgme_op_decrypt_result failed\n");
167
149
} else {
168
fprintf(stderr, "Unsupported algorithm: %s\n",
169
result->unsupported_algorithm);
170
fprintf(stderr, "Wrong key usage: %d\n",
171
result->wrong_key_usage);
150
fprintf(stderr, "Unsupported algorithm: %s\n", result->unsupported_algorithm);
151
fprintf(stderr, "Wrong key usage: %d\n", result->wrong_key_usage);
172
152
if(result->file_name != NULL){
173
153
fprintf(stderr, "File name: %s\n", result->file_name);
174
154
}
180
160
gpgme_pubkey_algo_name(recipient->pubkey_algo));
181
161
fprintf(stderr, "Key ID: %s\n", recipient->keyid);
182
162
fprintf(stderr, "Secret key available: %s\n",
183
recipient->status == GPG_ERR_NO_SECKEY
184
? "No" : "Yes");
163
recipient->status == GPG_ERR_NO_SECKEY ? "No" : "Yes");
185
164
recipient = recipient->next;
186
165
}
187
166
}
192
171
gpgme_data_release(dh_crypto);
193
172
194
173
/* Seek back to the beginning of the GPGME plaintext data buffer */
195
gpgme_data_seek(dh_plain, (off_t) 0, SEEK_SET);
174
gpgme_data_seek(dh_plain, 0, SEEK_SET);
196
175
197
176
*new_packet = 0;
198
177
while(true){
199
178
if (new_packet_length + BUFFER_SIZE > new_packet_capacity){
200
*new_packet = realloc(*new_packet,
201
(unsigned int)new_packet_capacity
202
+ BUFFER_SIZE);
179
*new_packet = realloc(*new_packet, new_packet_capacity + BUFFER_SIZE);
203
180
if (*new_packet == NULL){
204
181
perror("realloc");
205
182
return -1;
207
184
new_packet_capacity += BUFFER_SIZE;
208
185
}
209
186
210
ret = gpgme_data_read(dh_plain, *new_packet + new_packet_length,
211
BUFFER_SIZE);
187
ret = gpgme_data_read(dh_plain, *new_packet + new_packet_length, BUFFER_SIZE);
212
188
/* Print the data, if any */
213
189
if (ret == 0){
190
/* If password is empty, then a incorrect error will be printed */
214
191
break;
215
192
}
216
193
if(ret < 0){
220
197
new_packet_length += ret;
221
198
}
222
199
223
/* FIXME: check characters before printing to screen so to not print
224
terminal control characters */
225
/* if(debug){ */
226
/* fprintf(stderr, "decrypted password is: "); */
227
/* fwrite(*new_packet, 1, new_packet_length, stderr); */
228
/* fprintf(stderr, "\n"); */
229
/* } */
230
231
/* Delete the GPGME plaintext data buffer */
200
if(debug){
201
fprintf(stderr, "decrypted password is: %s\n", *new_packet);
202
}
203
204
/* Delete the GPGME plaintext data buffer */
232
205
gpgme_data_release(dh_plain);
233
206
return new_packet_length;
234
207
}
240
213
return ret;
241
214
}
242
215
243
void debuggnutls(__attribute__((unused)) int level,
244
const char* string){
216
void debuggnutls(int level, const char* string){
245
217
fprintf(stderr, "%s", string);
246
218
}
247
219
248
220
int initgnutls(encrypted_session *es){
249
221
const char *err;
250
222
int ret;
251
223
252
224
if(debug){
253
fprintf(stderr, "Initializing GnuTLS\n");
225
fprintf(stderr, "Initializing gnutls\n");
254
226
}
227
255
228
256
229
if ((ret = gnutls_global_init ())
257
230
!= GNUTLS_E_SUCCESS) {
264
237
gnutls_global_set_log_function(debuggnutls);
265
238
}
266
239
240
267
241
/* openpgp credentials */
268
242
if ((ret = gnutls_certificate_allocate_credentials (&es->cred))
269
243
!= GNUTLS_E_SUCCESS) {
270
fprintf (stderr, "memory error: %s\n",
271
safer_gnutls_strerror(ret));
244
fprintf (stderr, "memory error: %s\n", safer_gnutls_strerror(ret));
272
245
return -1;
273
246
}
274
247
275
248
if(debug){
276
fprintf(stderr, "Attempting to use OpenPGP certificate %s"
277
" and keyfile %s as GnuTLS credentials\n", CERTFILE,
278
KEYFILE);
249
fprintf(stderr, "Attempting to use openpgp certificate %s"
250
" and keyfile %s as gnutls credentials\n", CERTFILE, KEYFILE);
279
251
}
280
252
281
253
ret = gnutls_certificate_set_openpgp_key_file
282
254
(es->cred, CERTFILE, KEYFILE, GNUTLS_OPENPGP_FMT_BASE64);
283
255
if (ret != GNUTLS_E_SUCCESS) {
284
256
fprintf
285
(stderr, "Error[%d] while reading the OpenPGP key pair ('%s',"
286
" '%s')\n",
257
(stderr, "Error[%d] while reading the OpenPGP key pair ('%s', '%s')\n",
287
258
ret, CERTFILE, KEYFILE);
288
259
fprintf(stdout, "The Error is: %s\n",
289
260
safer_gnutls_strerror(ret));
290
261
return -1;
291
262
}
292
293
//GnuTLS server initialization
263
264
//Gnutls server initialization
294
265
if ((ret = gnutls_dh_params_init (&es->dh_params))
295
266
!= GNUTLS_E_SUCCESS) {
296
267
fprintf (stderr, "Error in dh parameter initialization: %s\n",
297
268
safer_gnutls_strerror(ret));
298
269
return -1;
299
270
}
300
271
301
272
if ((ret = gnutls_dh_params_generate2 (es->dh_params, DH_BITS))
302
273
!= GNUTLS_E_SUCCESS) {
303
274
fprintf (stderr, "Error in prime generation: %s\n",
304
275
safer_gnutls_strerror(ret));
305
276
return -1;
306
277
}
307
278
308
279
gnutls_certificate_set_dh_params (es->cred, es->dh_params);
309
310
// GnuTLS session creation
280
281
// Gnutls session creation
311
282
if ((ret = gnutls_init (&es->session, GNUTLS_SERVER))
312
283
!= GNUTLS_E_SUCCESS){
313
fprintf(stderr, "Error in GnuTLS session initialization: %s\n",
284
fprintf(stderr, "Error in gnutls session initialization: %s\n",
314
285
safer_gnutls_strerror(ret));
315
286
}
316
287
317
288
if ((ret = gnutls_priority_set_direct (es->session, "NORMAL", &err))
318
289
!= GNUTLS_E_SUCCESS) {
319
290
fprintf(stderr, "Syntax error at: %s\n", err);
320
fprintf(stderr, "GnuTLS error: %s\n",
291
fprintf(stderr, "Gnutls error: %s\n",
321
292
safer_gnutls_strerror(ret));
322
293
return -1;
323
294
}
324
295
325
296
if ((ret = gnutls_credentials_set
326
297
(es->session, GNUTLS_CRD_CERTIFICATE, es->cred))
327
298
!= GNUTLS_E_SUCCESS) {
329
300
safer_gnutls_strerror(ret));
330
301
return -1;
331
302
}
332
303
333
304
/* ignore client certificate if any. */
334
gnutls_certificate_server_set_request (es->session,
335
GNUTLS_CERT_IGNORE);
305
gnutls_certificate_server_set_request (es->session, GNUTLS_CERT_IGNORE);
336
306
337
307
gnutls_dh_set_prime_bits (es->session, DH_BITS);
338
308
339
309
return 0;
340
310
}
341
311
342
void empty_log(__attribute__((unused)) AvahiLogLevel level,
343
__attribute__((unused)) const char *txt){}
312
void empty_log(AvahiLogLevel level, const char *txt){}
344
313
345
int start_mandos_communication(const char *ip, uint16_t port,
346
unsigned int if_index){
314
int start_mandos_communcation(char *ip, uint16_t port){
347
315
int ret, tcp_sd;
348
316
struct sockaddr_in6 to;
317
struct in6_addr ip_addr;
349
318
encrypted_session es;
350
319
char *buffer = NULL;
351
320
char *decrypted_buffer;
352
321
size_t buffer_length = 0;
353
322
size_t buffer_capacity = 0;
354
323
ssize_t decrypted_buffer_size;
355
size_t written = 0;
356
324
int retval = 0;
357
char interface[IF_NAMESIZE];
358
325
const char interface[] = "eth0";
326
359
327
if(debug){
360
fprintf(stderr, "Setting up a tcp connection to %s, port %d\n",
361
ip, port);
328
fprintf(stderr, "Setting up a tcp connection to %s\n", ip);
362
329
}
363
330
364
331
tcp_sd = socket(PF_INET6, SOCK_STREAM, 0);
366
333
perror("socket");
367
334
return -1;
368
335
}
369
370
if(if_indextoname(if_index, interface) == NULL){
371
if(debug){
372
perror("if_indextoname");
373
}
374
return -1;
375
}
376
336
377
337
if(debug){
378
338
fprintf(stderr, "Binding to interface %s\n", interface);
379
339
}
340
341
ret = setsockopt(tcp_sd, SOL_SOCKET, SO_BINDTODEVICE, interface, 5);
342
if(tcp_sd < 0) {
343
perror("setsockopt bindtodevice");
344
return -1;
345
}
380
346
381
memset(&to,0,sizeof(to)); /* Spurious warning */
347
memset(&to,0,sizeof(to));
382
348
to.sin6_family = AF_INET6;
383
ret = inet_pton(AF_INET6, ip, &to.sin6_addr);
349
ret = inet_pton(AF_INET6, ip, &ip_addr);
384
350
if (ret < 0 ){
385
351
perror("inet_pton");
386
352
return -1;
389
355
fprintf(stderr, "Bad address: %s\n", ip);
390
356
return -1;
391
357
}
392
to.sin6_port = htons(port); /* Spurious warning */
393
394
to.sin6_scope_id = (uint32_t)if_index;
395
358
to.sin6_port = htons(port);
359
to.sin6_scope_id = if_nametoindex(interface);
360
396
361
if(debug){
397
fprintf(stderr, "Connection to: %s, port %d\n", ip, port);
398
/* char addrstr[INET6_ADDRSTRLEN]; */
399
/* if(inet_ntop(to.sin6_family, &(to.sin6_addr), addrstr, */
400
/* sizeof(addrstr)) == NULL){ */
401
/* perror("inet_ntop"); */
402
/* } else { */
403
/* fprintf(stderr, "Really connecting to: %s, port %d\n", */
404
/* addrstr, ntohs(to.sin6_port)); */
405
/* } */
362
fprintf(stderr, "Connection to: %s\n", ip);
406
363
}
407
364
408
365
ret = connect(tcp_sd, (struct sockaddr *) &to, sizeof(to));
416
373
retval = -1;
417
374
return -1;
418
375
}
419
420
gnutls_transport_set_ptr (es.session,
421
(gnutls_transport_ptr_t) tcp_sd);
422
376
377
378
gnutls_transport_set_ptr (es.session, (gnutls_transport_ptr_t) tcp_sd);
379
423
380
if(debug){
424
fprintf(stderr, "Establishing TLS session with %s\n", ip);
381
fprintf(stderr, "Establishing tls session with %s\n", ip);
425
382
}
383
426
384
427
385
ret = gnutls_handshake (es.session);
428
386
429
387
if (ret != GNUTLS_E_SUCCESS){
430
if(debug){
431
fprintf(stderr, "\n*** Handshake failed ***\n");
432
gnutls_perror (ret);
433
}
388
fprintf(stderr, "\n*** Handshake failed ***\n");
389
gnutls_perror (ret);
434
390
retval = -1;
435
391
goto exit;
436
392
}
437
438
//Retrieve OpenPGP packet that contains the wanted password
439
393
394
//Retrieve gpg packet that contains the wanted password
395
440
396
if(debug){
441
fprintf(stderr, "Retrieving pgp encrypted password from %s\n",
442
ip);
397
fprintf(stderr, "Retrieving pgp encrypted password from %s\n", ip);
443
398
}
444
399
445
400
while(true){
472
427
}
473
428
break;
474
429
default:
475
fprintf(stderr, "Unknown error while reading data from"
476
" encrypted session with mandos server\n");
430
fprintf(stderr, "Unknown error while reading data from encrypted session with mandos server\n");
477
431
retval = -1;
478
432
gnutls_bye (es.session, GNUTLS_SHUT_RDWR);
479
433
goto exit;
480
434
}
481
435
} else {
482
buffer_length += (size_t) ret;
436
buffer_length += ret;
483
437
}
484
438
}
485
439
486
440
if (buffer_length > 0){
487
decrypted_buffer_size = pgp_packet_decrypt(buffer,
488
buffer_length,
489
&decrypted_buffer,
490
CERT_ROOT);
491
if (decrypted_buffer_size >= 0){
492
while(written < (size_t) decrypted_buffer_size){
493
ret = (int)fwrite (decrypted_buffer + written, 1,
494
(size_t)decrypted_buffer_size - written,
495
stdout);
496
if(ret == 0 and ferror(stdout)){
497
if(debug){
498
fprintf(stderr, "Error writing encrypted data: %s\n",
499
strerror(errno));
500
}
501
retval = -1;
502
break;
503
}
504
written += (size_t)ret;
505
}
441
if ((decrypted_buffer_size = gpg_packet_decrypt(buffer, buffer_length, &decrypted_buffer, CERT_ROOT)) >= 0){
442
fwrite (decrypted_buffer, 1, decrypted_buffer_size, stdout);
506
443
free(decrypted_buffer);
507
444
} else {
508
445
retval = -1;
512
449
//shutdown procedure
513
450
514
451
if(debug){
515
fprintf(stderr, "Closing TLS session\n");
452
fprintf(stderr, "Closing tls session\n");
516
453
}
517
454
518
455
free(buffer);
530
467
531
468
static void resolve_callback(
532
469
AvahiSServiceResolver *r,
533
AvahiIfIndex interface,
470
AVAHI_GCC_UNUSED AvahiIfIndex interface,
534
471
AVAHI_GCC_UNUSED AvahiProtocol protocol,
535
472
AvahiResolverEvent event,
536
473
const char *name,
539
476
const char *host_name,
540
477
const AvahiAddress *address,
541
478
uint16_t port,
542
AVAHI_GCC_UNUSED AvahiStringList *txt,
543
AVAHI_GCC_UNUSED AvahiLookupResultFlags flags,
479
AvahiStringList *txt,
480
AvahiLookupResultFlags flags,
544
481
AVAHI_GCC_UNUSED void* userdata) {
545
482
546
assert(r); /* Spurious warning */
547
548
/* Called whenever a service has been resolved successfully or
549
timed out */
550
551
switch (event) {
552
default:
553
case AVAHI_RESOLVER_FAILURE:
554
fprintf(stderr, "(Resolver) Failed to resolve service '%s' of"
555
" type '%s' in domain '%s': %s\n", name, type, domain,
556
avahi_strerror(avahi_server_errno(server)));
557
break;
558
559
case AVAHI_RESOLVER_FOUND:
560
{
561
char ip[AVAHI_ADDRESS_STR_MAX];
562
avahi_address_snprint(ip, sizeof(ip), address);
563
if(debug){
564
fprintf(stderr, "Mandos server \"%s\" found on %s (%s) on"
565
" port %d\n", name, host_name, ip, port);
566
}
567
int ret = start_mandos_communication(ip, port,
568
(unsigned int) interface);
569
if (ret == 0){
570
exit(EXIT_SUCCESS);
571
}
483
assert(r);
484
485
/* Called whenever a service has been resolved successfully or timed out */
486
487
switch (event) {
488
case AVAHI_RESOLVER_FAILURE:
489
fprintf(stderr, "(Resolver) Failed to resolve service '%s' of type '%s' in domain '%s': %s\n", name, type, domain, avahi_strerror(avahi_server_errno(server)));
490
break;
491
492
case AVAHI_RESOLVER_FOUND: {
493
char ip[AVAHI_ADDRESS_STR_MAX];
494
avahi_address_snprint(ip, sizeof(ip), address);
495
if(debug){
496
fprintf(stderr, "Mandos server found at %s on port %d\n", ip, port);
497
}
498
int ret = start_mandos_communcation(ip, port);
499
if (ret == 0){
500
exit(EXIT_SUCCESS);
501
} else {
502
exit(EXIT_FAILURE);
503
}
504
}
572
505
}
573
}
574
avahi_s_service_resolver_free(r);
506
avahi_s_service_resolver_free(r);
575
507
}
576
508
577
509
static void browse_callback(
586
518
void* userdata) {
587
519
588
520
AvahiServer *s = userdata;
589
assert(b); /* Spurious warning */
590
591
/* Called whenever a new services becomes available on the LAN or
592
is removed from the LAN */
593
521
assert(b);
522
523
/* Called whenever a new services becomes available on the LAN or is removed from the LAN */
524
594
525
switch (event) {
595
default:
596
case AVAHI_BROWSER_FAILURE:
597
598
fprintf(stderr, "(Browser) %s\n",
599
avahi_strerror(avahi_server_errno(server)));
600
avahi_simple_poll_quit(simple_poll);
601
return;
602
603
case AVAHI_BROWSER_NEW:
604
/* We ignore the returned resolver object. In the callback
605
function we free it. If the server is terminated before
606
the callback function is called the server will free
607
the resolver for us. */
608
609
if (!(avahi_s_service_resolver_new(s, interface, protocol, name,
610
type, domain,
611
AVAHI_PROTO_INET6, 0,
612
resolve_callback, s)))
613
fprintf(stderr, "Failed to resolve service '%s': %s\n", name,
614
avahi_strerror(avahi_server_errno(s)));
615
break;
616
617
case AVAHI_BROWSER_REMOVE:
618
break;
619
620
case AVAHI_BROWSER_ALL_FOR_NOW:
621
case AVAHI_BROWSER_CACHE_EXHAUSTED:
622
break;
526
527
case AVAHI_BROWSER_FAILURE:
528
529
fprintf(stderr, "(Browser) %s\n", avahi_strerror(avahi_server_errno(server)));
530
avahi_simple_poll_quit(simple_poll);
531
return;
532
533
case AVAHI_BROWSER_NEW:
534
/* We ignore the returned resolver object. In the callback
535
function we free it. If the server is terminated before
536
the callback function is called the server will free
537
the resolver for us. */
538
539
if (!(avahi_s_service_resolver_new(s, interface, protocol, name, type, domain, AVAHI_PROTO_INET6, 0, resolve_callback, s)))
540
fprintf(stderr, "Failed to resolve service '%s': %s\n", name, avahi_strerror(avahi_server_errno(s)));
541
542
break;
543
544
case AVAHI_BROWSER_REMOVE:
545
break;
546
547
case AVAHI_BROWSER_ALL_FOR_NOW:
548
case AVAHI_BROWSER_CACHE_EXHAUSTED:
549
break;
623
550
}
624
551
}
625
552
626
553
int main(AVAHI_GCC_UNUSED int argc, AVAHI_GCC_UNUSED char*argv[]) {
627
554
AvahiServerConfig config;
628
555
AvahiSServiceBrowser *sb = NULL;
556
const char db[] = "--debug";
629
557
int error;
630
int ret;
558
int ret = 1;
631
559
int returncode = EXIT_SUCCESS;
632
const char *interface = "eth0";
633
unsigned int if_index;
634
char *connect_to = NULL;
635
636
while (true){
637
static struct option long_options[] = {
638
{"debug", no_argument, (int *)&debug, 1},
639
{"connect", required_argument, 0, 'c'},
640
{"interface", required_argument, 0, 'i'},
641
{0, 0, 0, 0} };
642
643
int option_index = 0;
644
ret = getopt_long (argc, argv, "i:", long_options,
645
&option_index);
646
647
if (ret == -1){
648
break;
649
}
650
651
switch(ret){
652
case 0:
653
break;
654
case 'i':
655
interface = optarg;
656
break;
657
case 'c':
658
connect_to = optarg;
659
break;
660
default:
661
exit(EXIT_FAILURE);
662
}
663
}
664
665
if_index = if_nametoindex(interface);
666
if(if_index == 0){
667
fprintf(stderr, "No such interface: \"%s\"\n", interface);
668
exit(EXIT_FAILURE);
669
}
670
671
if(connect_to != NULL){
672
/* Connect directly, do not use Zeroconf */
673
/* (Mainly meant for debugging) */
674
char *address = strrchr(connect_to, ':');
675
if(address == NULL){
676
fprintf(stderr, "No colon in address\n");
677
exit(EXIT_FAILURE);
678
}
679
errno = 0;
680
uint16_t port = (uint16_t) strtol(address+1, NULL, 10);
681
if(errno){
682
perror("Bad port number");
683
exit(EXIT_FAILURE);
684
}
685
*address = '\0';
686
address = connect_to;
687
ret = start_mandos_communication(address, port, if_index);
688
if(ret < 0){
689
exit(EXIT_FAILURE);
690
} else {
691
exit(EXIT_SUCCESS);
692
}
693
}
694
560
char *basename = rindex(argv[0], '/');
561
if(basename == NULL){
562
basename = argv[0];
563
} else {
564
basename++;
565
}
566
567
char *program_name = malloc(strlen(basename) + sizeof(db));
568
569
if (program_name == NULL){
570
perror("argv[0]");
571
return EXIT_FAILURE;
572
}
573
574
program_name[0] = '\0';
575
576
for (int i = 1; i < argc; i++){
577
if (not strncmp(argv[i], db, 5)){
578
strcat(strcat(strcat(program_name, db ), "="), basename);
579
if(not strcmp(argv[i], db) or not strcmp(argv[i], program_name)){
580
debug = true;
581
}
582
}
583
}
584
free(program_name);
585
695
586
if (not debug){
696
587
avahi_set_log_function(empty_log);
697
588
}
698
589
699
590
/* Initialize the psuedo-RNG */
700
srand((unsigned int) time(NULL));
591
srand(time(NULL));
701
592
702
593
/* Allocate main loop object */
703
594
if (!(simple_poll = avahi_simple_poll_new())) {
714
605
config.publish_domain = 0;
715
606
716
607
/* Allocate a new server */
717
server = avahi_server_new(avahi_simple_poll_get(simple_poll),
718
&config, NULL, NULL, &error);
608
server = avahi_server_new(avahi_simple_poll_get(simple_poll), &config, NULL, NULL, &error);
719
609
720
610
/* Free the configuration data */
721
611
avahi_server_config_free(&config);
722
612
723
613
/* Check if creating the server object succeeded */
724
614
if (!server) {
725
fprintf(stderr, "Failed to create server: %s\n",
726
avahi_strerror(error));
615
fprintf(stderr, "Failed to create server: %s\n", avahi_strerror(error));
727
616
returncode = EXIT_FAILURE;
728
617
goto exit;
729
618
}
730
619
731
620
/* Create the service browser */
732
sb = avahi_s_service_browser_new(server, (AvahiIfIndex)if_index,
733
AVAHI_PROTO_INET6,
734
"_mandos._tcp", NULL, 0,
735
browse_callback, server);
736
if (!sb) {
737
fprintf(stderr, "Failed to create service browser: %s\n",
738
avahi_strerror(avahi_server_errno(server)));
621
if (!(sb = avahi_s_service_browser_new(server, if_nametoindex("eth0"), AVAHI_PROTO_INET6, "_mandos._tcp", NULL, 0, browse_callback, server))) {
622
fprintf(stderr, "Failed to create service browser: %s\n", avahi_strerror(avahi_server_errno(server)));
739
623
returncode = EXIT_FAILURE;
740
624
goto exit;
741
625
}
748
632
749
633
avahi_simple_poll_loop(simple_poll);
750
634
751
exit:
635
exit:
752
636
753
637
if (debug){
754
638
fprintf(stderr, "%s exiting\n", argv[0]);
764
648
if (simple_poll)
765
649
avahi_simple_poll_free(simple_poll);
766
650
767
return returncode;
651
return ret;
768
652
}
Loggerhead is a web-based interface for Breezy
Version: 2.0.2.dev0