/mandos/trunk : revision 18

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to plugins.d/mandosclient.c

Committer: Teddy Hogeborn
Date: 2008-07-21 02:33:00 UTC
Revision ID: teddy@fukt.bsnet.se-20080721023300-c4t0cq7sxit973py

* plugins.d/Makefile: Removed

* plugins.d/mandosclient.c (start_mandos_communcation): Bug fix: write
                                                        server IP
                                                        address to
                                                        "to" struct.

files removed:
plugins.d/Makefile

files modified:
Makefile

TODO

mandos-clients.conf

plugbasedclient.c

plugins.d/mandosclient.c

plugins.d/passprompt.c

server.py

Show diffs side-by-side

added added

removed removed

plugins.d/mandosclient.c

/* $Id$ */

/* PLEASE NOTE *

* This file demonstrates how to use Avahi's core API, this is

* the embeddable mDNS stack for embedded applications.

* End user applications should *not* use this API and should use

* the D-Bus or C APIs, please see

* client-browse-services.c and glib-integration.c

* I repeat, you probably do *not* want to use this example.

/***

This file is part of avahi.

#define BUFFER_SIZE 256

#define DH_BITS 1024

bool debug = false;

typedef struct {

gnutls_session_t session;

gnutls_certificate_credentials_t cred;

size_t new_packet_length = 0;

gpgme_engine_info_t engine_info;

if (debug){

fprintf(stderr, "Attempting to decrypt password from gpg packet\n");

}

/* Init GPGME */

gpgme_check_version(NULL);

gpgme_engine_check_version(GPGME_PROTOCOL_OpenPGP);

143

136

gpgme_strsource(rc), gpgme_strerror(rc));

144

137

return -1;

145

138

}

139

140

if(debug){

141

fprintf(stderr, "decryption of gpg packet succeeded\n");

142

}

143

144

if (debug){

145

gpgme_decrypt_result_t result;

146

result = gpgme_op_decrypt_result(ctx);

147

if (result == NULL){

148

fprintf(stderr, "gpgme_op_decrypt_result failed\n");

149

} else {

150

fprintf(stderr, "Unsupported algorithm: %s\n", result->unsupported_algorithm);

151

fprintf(stderr, "Wrong key usage: %d\n", result->wrong_key_usage);

152

if(result->file_name != NULL){

153

fprintf(stderr, "File name: %s\n", result->file_name);

154

}

155

gpgme_recipient_t recipient;

156

recipient = result->recipients;

157

if(recipient){

158

while(recipient != NULL){

159

fprintf(stderr, "Public key algorithm: %s\n",

160

gpgme_pubkey_algo_name(recipient->pubkey_algo));

161

fprintf(stderr, "Key ID: %s\n", recipient->keyid);

162

fprintf(stderr, "Secret key available: %s\n",

163

recipient->status == GPG_ERR_NO_SECKEY ? "No" : "Yes");

164

recipient = recipient->next;

165

}

166

}

167

}

168

}

146

169

147

/* gpgme_decrypt_result_t result; */

148

/* result = gpgme_op_decrypt_result(ctx); */

149

/* fprintf(stderr, "Unsupported algorithm: %s\n", result->unsupported_algorithm); */

150

/* fprintf(stderr, "Wrong key usage: %d\n", result->wrong_key_usage); */

151

/* if(result->file_name != NULL){ */

152

/* fprintf(stderr, "File name: %s\n", result->file_name); */

153

/* } */

154

/* gpgme_recipient_t recipient; */

155

/* recipient = result->recipients; */

156

/* if(recipient){ */

157

/* while(recipient != NULL){ */

158

/* fprintf(stderr, "Public key algorithm: %s\n", */

159

/* gpgme_pubkey_algo_name(recipient->pubkey_algo)); */

160

/* fprintf(stderr, "Key ID: %s\n", recipient->keyid); */

161

/* fprintf(stderr, "Secret key available: %s\n", */

162

/* recipient->status == GPG_ERR_NO_SECKEY ? "No" : "Yes"); */

163

/* recipient = recipient->next; */

164

/* } */

165

/* } */

166

167

170

/* Delete the GPGME FILE pointer cryptotext data buffer */

168

171

gpgme_data_release(dh_crypto);

169

172

194

197

new_packet_length += ret;

195

198

}

196

199

200

if(debug){

201

fprintf(stderr, "decrypted password is: %s\n", *new_packet);

202

}

203

197

204

/* Delete the GPGME plaintext data buffer */

198

205

gpgme_data_release(dh_plain);

199

206

return new_packet_length;

213

220

int initgnutls(encrypted_session *es){

214

221

const char *err;

215

222

int ret;

223

224

if(debug){

225

fprintf(stderr, "Initializing gnutls\n");

226

}

227

216

228

217

229

if ((ret = gnutls_global_init ())

218

230

!= GNUTLS_E_SUCCESS) {

220

232

return -1;

221

233

}

222

234

223

/* Uncomment to enable full debuggin on the gnutls library */

224

/* gnutls_global_set_log_level(11); */

225

/* gnutls_global_set_log_function(debuggnutls); */

226

235

if (debug){

236

gnutls_global_set_log_level(11);

237

gnutls_global_set_log_function(debuggnutls);

238

}

239

227

240

228

241

/* openpgp credentials */

229

242

if ((ret = gnutls_certificate_allocate_credentials (&es->cred))

232

245

return -1;

233

246

}

234

247

248

if(debug){

249

fprintf(stderr, "Attempting to use openpgp certificate %s"

250

" and keyfile %s as gnutls credentials\n", CERTFILE, KEYFILE);

251

}

252

235

253

ret = gnutls_certificate_set_openpgp_key_file

236

254

(es->cred, CERTFILE, KEYFILE, GNUTLS_OPENPGP_FMT_BASE64);

237

255

if (ret != GNUTLS_E_SUCCESS) {

296

314

int start_mandos_communcation(char *ip, uint16_t port){

297

315

int ret, tcp_sd;

298

316

struct sockaddr_in6 to;

299

struct in6_addr ip_addr;

300

317

encrypted_session es;

301

318

char *buffer = NULL;

302

319

char *decrypted_buffer;

304

321

size_t buffer_capacity = 0;

305

322

ssize_t decrypted_buffer_size;

306

323

int retval = 0;

324

const char interface[] = "eth0";

307

325

326

if(debug){

327

fprintf(stderr, "Setting up a tcp connection to %s\n", ip);

328

}

308

329

309

330

tcp_sd = socket(PF_INET6, SOCK_STREAM, 0);

310

331

if(tcp_sd < 0) {

311

332

perror("socket");

312

333

return -1;

313

334

}

314

315

ret = setsockopt(tcp_sd, SOL_SOCKET, SO_BINDTODEVICE, "eth0", 5);

335

336

if(debug){

337

fprintf(stderr, "Binding to interface %s\n", interface);

338

}

339

340

ret = setsockopt(tcp_sd, SOL_SOCKET, SO_BINDTODEVICE, interface, 5);

316

341

if(tcp_sd < 0) {

317

342

perror("setsockopt bindtodevice");

318

343

return -1;

320

345

321

346

memset(&to,0,sizeof(to));

322

347

to.sin6_family = AF_INET6;

323

ret = inet_pton(AF_INET6, ip, &ip_addr);

348

ret = inet_pton(AF_INET6, ip, &to.sin6_addr);

324

349

if (ret < 0 ){

325

350

perror("inet_pton");

326

351

return -1;

330

355

return -1;

331

356

}

332

357

to.sin6_port = htons(port);

333

to.sin6_scope_id = if_nametoindex("eth0");

358

to.sin6_scope_id = if_nametoindex(interface);

359

360

if(debug){

361

fprintf(stderr, "Connection to: %s\n", ip);

362

}

334

363

335

364

ret = connect(tcp_sd, (struct sockaddr *) &to, sizeof(to));

336

365

if (ret < 0){

347

376

348

377

gnutls_transport_set_ptr (es.session, (gnutls_transport_ptr_t) tcp_sd);

349

378

379

if(debug){

380

fprintf(stderr, "Establishing tls session with %s\n", ip);

381

}

382

383

350

384

ret = gnutls_handshake (es.session);

351

385

352

386

if (ret != GNUTLS_E_SUCCESS){

356

390

goto exit;

357

391

}

358

392

359

//retrive password

393

//Retrieve gpg packet that contains the wanted password

394

395

if(debug){

396

fprintf(stderr, "Retrieving pgp encrypted password from %s\n", ip);

397

}

398

360

399

while(true){

361

400

if (buffer_length + BUFFER_SIZE > buffer_capacity){

362

401

buffer = realloc(buffer, buffer_capacity + BUFFER_SIZE);

396

435

buffer_length += ret;

397

436

}

398

437

}

399

438

400

439

if (buffer_length > 0){

401

if ((decrypted_buffer_size = gpg_packet_decrypt(buffer, buffer_length, &decrypted_buffer, CERT_ROOT)) == 0){

402

retval = -1;

403

} else {

440

if ((decrypted_buffer_size = gpg_packet_decrypt(buffer, buffer_length, &decrypted_buffer, CERT_ROOT)) >= 0){

404

441

fwrite (decrypted_buffer, 1, decrypted_buffer_size, stdout);

405

442

free(decrypted_buffer);

443

} else {

444

retval = -1;

406

445

}

407

446

}

408

447

448

//shutdown procedure

449

450

if(debug){

451

fprintf(stderr, "Closing tls session\n");

452

}

453

409

454

free(buffer);

410

411

//shutdown procedure

412

455

gnutls_bye (es.session, GNUTLS_SHUT_RDWR);

413

456

exit:

414

457

close(tcp_sd);

448

491

case AVAHI_RESOLVER_FOUND: {

449

492

char ip[AVAHI_ADDRESS_STR_MAX];

450

493

avahi_address_snprint(ip, sizeof(ip), address);

494

if(debug){

495

fprintf(stderr, "Mandos server found at %s on port %d\n", ip, port);

496

}

451

497

int ret = start_mandos_communcation(ip, port);

452

498

if (ret == 0){

453

499

exit(EXIT_SUCCESS);

506

552

int main(AVAHI_GCC_UNUSED int argc, AVAHI_GCC_UNUSED char*argv[]) {

507

553

AvahiServerConfig config;

508

554

AvahiSServiceBrowser *sb = NULL;

555

const char db[] = "--debug";

509

556

int error;

510

557

int ret = 1;

511

512

avahi_set_log_function(empty_log);

558

int returncode = EXIT_SUCCESS;

559

char *basename = rindex(argv[0], '/');

560

if(basename == NULL){

561

basename = argv[0];

562

} else {

563

basename++;

564

}

565

566

char *program_name = malloc(strlen(basename) + sizeof(db));

567

568

if (program_name == NULL){

569

perror("argv[0]");

570

return EXIT_FAILURE;

571

}

572

573

program_name[0] = '\0';

574

575

for (int i = 1; i < argc; i++){

576

if (not strncmp(argv[i], db, 5)){

577

strcat(strcat(strcat(program_name, db ), "="), basename);

578

if(not strcmp(argv[i], db) or not strcmp(argv[i], program_name)){

579

debug = true;

580

}

581

}

582

}

583

free(program_name);

584

585

if (not debug){

586

avahi_set_log_function(empty_log);

587

}

513

588

514

589

/* Initialize the psuedo-RNG */

515

590

srand(time(NULL));

517

592

/* Allocate main loop object */

518

593

if (!(simple_poll = avahi_simple_poll_new())) {

519

594

fprintf(stderr, "Failed to create simple poll object.\n");

520

goto fail;

595

596

goto exit;

521

597

}

522

598

523

599

/* Do not publish any local records */

527

603

config.publish_workstation = 0;

528

604

config.publish_domain = 0;

529

605

530

/* /\* Set a unicast DNS server for wide area DNS-SD *\/ */

531

/* avahi_address_parse("193.11.177.11", AVAHI_PROTO_UNSPEC, &config.wide_area_servers[0]); */

532

/* config.n_wide_area_servers = 1; */

533

/* config.enable_wide_area = 1; */

534

535

606

/* Allocate a new server */

536

607

server = avahi_server_new(avahi_simple_poll_get(simple_poll), &config, NULL, NULL, &error);

537

608

538

609

/* Free the configuration data */

539

610

avahi_server_config_free(&config);

540

611

541

/* Check wether creating the server object succeeded */

612

/* Check if creating the server object succeeded */

542

613

if (!server) {

543

614

fprintf(stderr, "Failed to create server: %s\n", avahi_strerror(error));

544

goto fail;

615

returncode = EXIT_FAILURE;

616

goto exit;

545

617

}

546

618

547

619

/* Create the service browser */

548

620

if (!(sb = avahi_s_service_browser_new(server, if_nametoindex("eth0"), AVAHI_PROTO_INET6, "_mandos._tcp", NULL, 0, browse_callback, server))) {

549

621

fprintf(stderr, "Failed to create service browser: %s\n", avahi_strerror(avahi_server_errno(server)));

550

goto fail;

622

returncode = EXIT_FAILURE;

623

goto exit;

551

624

}

552

625

553

626

/* Run the main loop */

627

628

if (debug){

629

fprintf(stderr, "Starting avahi loop search\n");

630

}

631

554

632

avahi_simple_poll_loop(simple_poll);

555

633

556

ret = 0;

557

558

fail:

634

exit:

635

636

if (debug){

637

fprintf(stderr, "%s exiting\n", argv[0]);

638

}

559

639

560

640

/* Cleanup things */

561

641

if (sb)

Older »