1
/* -*- coding: utf-8 -*- */
3
* Mandos client - get and decrypt data from a Mandos server
5
* This program is partly derived from an example program for an Avahi
6
* service browser, downloaded from
7
* <http://avahi.org/browser/examples/core-browse-services.c>. This
8
* includes the following functions: "resolve_callback",
9
* "browse_callback", and parts of "main".
11
* Everything else is Copyright © 2007-2008 Teddy Hogeborn and Björn
14
* This program is free software: you can redistribute it and/or
15
* modify it under the terms of the GNU General Public License as
16
* published by the Free Software Foundation, either version 3 of the
17
* License, or (at your option) any later version.
19
* This program is distributed in the hope that it will be useful, but
20
* WITHOUT ANY WARRANTY; without even the implied warranty of
21
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
22
* General Public License for more details.
24
* You should have received a copy of the GNU General Public License
25
* along with this program. If not, see
26
* <http://www.gnu.org/licenses/>.
28
* Contact the authors at <https://www.fukt.bsnet.se/~belorn/> and
29
* <https://www.fukt.bsnet.se/~teddy/>.
32
#define _FORTIFY_SOURCE 2
2
This file is part of avahi.
4
avahi is free software; you can redistribute it and/or modify it
5
under the terms of the GNU Lesser General Public License as
6
published by the Free Software Foundation; either version 2.1 of the
7
License, or (at your option) any later version.
9
avahi is distributed in the hope that it will be useful, but WITHOUT
10
ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
11
or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General
12
Public License for more details.
14
You should have received a copy of the GNU Lesser General Public
15
License along with avahi; if not, write to the Free Software
16
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
34
20
#define _LARGEFILE_SOURCE
35
21
#define _FILE_OFFSET_BITS 64
48
34
#include <avahi-common/error.h>
50
36
//mandos client part
51
#include <sys/types.h> /* socket(), inet_pton() */
52
#include <sys/socket.h> /* socket(), struct sockaddr_in6,
53
struct in6_addr, inet_pton() */
54
#include <gnutls/gnutls.h> /* All GnuTLS stuff */
55
#include <gnutls/openpgp.h> /* GnuTLS with openpgp stuff */
37
#include <sys/types.h> /* socket(), setsockopt(), inet_pton() */
38
#include <sys/socket.h> /* socket(), setsockopt(), struct sockaddr_in6, struct in6_addr, inet_pton() */
39
#include <gnutls/gnutls.h> /* ALL GNUTLS STUFF */
40
#include <gnutls/openpgp.h> /* gnutls with openpgp stuff */
57
42
#include <unistd.h> /* close() */
58
43
#include <netinet/in.h>
85
68
} encrypted_session;
88
ssize_t pgp_packet_decrypt (char *packet, size_t packet_size,
89
char **new_packet, const char *homedir){
71
ssize_t gpg_packet_decrypt (char *packet, size_t packet_size, char **new_packet, char *homedir){
90
72
gpgme_data_t dh_crypto, dh_plain;
94
ssize_t new_packet_capacity = 0;
95
ssize_t new_packet_length = 0;
76
size_t new_packet_capacity = 0;
77
size_t new_packet_length = 0;
96
78
gpgme_engine_info_t engine_info;
99
fprintf(stderr, "Trying to decrypt OpenPGP packet\n");
81
fprintf(stderr, "Attempting to decrypt password from gpg packet\n");
166
147
if (result == NULL){
167
148
fprintf(stderr, "gpgme_op_decrypt_result failed\n");
169
fprintf(stderr, "Unsupported algorithm: %s\n",
170
result->unsupported_algorithm);
171
fprintf(stderr, "Wrong key usage: %d\n",
172
result->wrong_key_usage);
150
fprintf(stderr, "Unsupported algorithm: %s\n", result->unsupported_algorithm);
151
fprintf(stderr, "Wrong key usage: %d\n", result->wrong_key_usage);
173
152
if(result->file_name != NULL){
174
153
fprintf(stderr, "File name: %s\n", result->file_name);
193
171
gpgme_data_release(dh_crypto);
195
173
/* Seek back to the beginning of the GPGME plaintext data buffer */
196
gpgme_data_seek(dh_plain, (off_t) 0, SEEK_SET);
174
gpgme_data_seek(dh_plain, 0, SEEK_SET);
200
178
if (new_packet_length + BUFFER_SIZE > new_packet_capacity){
201
*new_packet = realloc(*new_packet,
202
(unsigned int)new_packet_capacity
179
*new_packet = realloc(*new_packet, new_packet_capacity + BUFFER_SIZE);
204
180
if (*new_packet == NULL){
205
181
perror("realloc");
221
197
new_packet_length += ret;
224
/* FIXME: check characters before printing to screen so to not print
225
terminal control characters */
227
/* fprintf(stderr, "decrypted password is: "); */
228
/* fwrite(*new_packet, 1, new_packet_length, stderr); */
229
/* fprintf(stderr, "\n"); */
232
/* Delete the GPGME plaintext data buffer */
201
fprintf(stderr, "decrypted password is: %s\n", *new_packet);
204
/* Delete the GPGME plaintext data buffer */
233
205
gpgme_data_release(dh_plain);
234
206
return new_packet_length;
265
237
gnutls_global_set_log_function(debuggnutls);
268
241
/* openpgp credentials */
269
242
if ((ret = gnutls_certificate_allocate_credentials (&es->cred))
270
243
!= GNUTLS_E_SUCCESS) {
271
fprintf (stderr, "memory error: %s\n",
272
safer_gnutls_strerror(ret));
244
fprintf (stderr, "memory error: %s\n", safer_gnutls_strerror(ret));
277
fprintf(stderr, "Attempting to use OpenPGP certificate %s"
278
" and keyfile %s as GnuTLS credentials\n", CERTFILE,
249
fprintf(stderr, "Attempting to use openpgp certificate %s"
250
" and keyfile %s as gnutls credentials\n", CERTFILE, KEYFILE);
282
253
ret = gnutls_certificate_set_openpgp_key_file
283
254
(es->cred, CERTFILE, KEYFILE, GNUTLS_OPENPGP_FMT_BASE64);
284
255
if (ret != GNUTLS_E_SUCCESS) {
286
(stderr, "Error[%d] while reading the OpenPGP key pair ('%s',"
257
(stderr, "Error[%d] while reading the OpenPGP key pair ('%s', '%s')\n",
288
258
ret, CERTFILE, KEYFILE);
289
259
fprintf(stdout, "The Error is: %s\n",
290
260
safer_gnutls_strerror(ret));
294
//GnuTLS server initialization
264
//Gnutls server initialization
295
265
if ((ret = gnutls_dh_params_init (&es->dh_params))
296
266
!= GNUTLS_E_SUCCESS) {
297
267
fprintf (stderr, "Error in dh parameter initialization: %s\n",
298
268
safer_gnutls_strerror(ret));
302
272
if ((ret = gnutls_dh_params_generate2 (es->dh_params, DH_BITS))
303
273
!= GNUTLS_E_SUCCESS) {
304
274
fprintf (stderr, "Error in prime generation: %s\n",
305
275
safer_gnutls_strerror(ret));
309
279
gnutls_certificate_set_dh_params (es->cred, es->dh_params);
311
// GnuTLS session creation
281
// Gnutls session creation
312
282
if ((ret = gnutls_init (&es->session, GNUTLS_SERVER))
313
283
!= GNUTLS_E_SUCCESS){
314
fprintf(stderr, "Error in GnuTLS session initialization: %s\n",
284
fprintf(stderr, "Error in gnutls session initialization: %s\n",
315
285
safer_gnutls_strerror(ret));
318
288
if ((ret = gnutls_priority_set_direct (es->session, "NORMAL", &err))
319
289
!= GNUTLS_E_SUCCESS) {
320
290
fprintf(stderr, "Syntax error at: %s\n", err);
321
fprintf(stderr, "GnuTLS error: %s\n",
291
fprintf(stderr, "Gnutls error: %s\n",
322
292
safer_gnutls_strerror(ret));
326
296
if ((ret = gnutls_credentials_set
327
297
(es->session, GNUTLS_CRD_CERTIFICATE, es->cred))
328
298
!= GNUTLS_E_SUCCESS) {
330
300
safer_gnutls_strerror(ret));
334
304
/* ignore client certificate if any. */
335
gnutls_certificate_server_set_request (es->session,
305
gnutls_certificate_server_set_request (es->session, GNUTLS_CERT_IGNORE);
338
307
gnutls_dh_set_prime_bits (es->session, DH_BITS);
343
void empty_log(__attribute__((unused)) AvahiLogLevel level,
344
__attribute__((unused)) const char *txt){}
312
void empty_log(AvahiLogLevel level, const char *txt){}
346
int start_mandos_communication(const char *ip, uint16_t port,
347
unsigned int if_index){
314
int start_mandos_communication(char *ip, uint16_t port){
349
316
struct sockaddr_in6 to;
350
317
encrypted_session es;
366
332
perror("socket");
370
if(if_indextoname(if_index, interface) == NULL){
372
perror("if_indextoname");
378
337
fprintf(stderr, "Binding to interface %s\n", interface);
340
ret = setsockopt(tcp_sd, SOL_SOCKET, SO_BINDTODEVICE, interface, 5);
342
perror("setsockopt bindtodevice");
381
memset(&to,0,sizeof(to)); /* Spurious warning */
346
memset(&to,0,sizeof(to));
382
347
to.sin6_family = AF_INET6;
383
348
ret = inet_pton(AF_INET6, ip, &to.sin6_addr);
465
fprintf(stderr, "Unknown error while reading data from"
466
" encrypted session with mandos server\n");
429
fprintf(stderr, "Unknown error while reading data from encrypted session with mandos server\n");
468
431
gnutls_bye (es.session, GNUTLS_SHUT_RDWR);
472
buffer_length += (size_t) ret;
435
buffer_length += ret;
476
439
if (buffer_length > 0){
477
decrypted_buffer_size = pgp_packet_decrypt(buffer,
481
if (decrypted_buffer_size >= 0){
482
while(written < decrypted_buffer_size){
483
ret = (int)fwrite (decrypted_buffer + written, 1,
484
(size_t)decrypted_buffer_size - written,
486
if(ret == 0 and ferror(stdout)){
488
fprintf(stderr, "Error writing encrypted data: %s\n",
494
written += (size_t)ret;
440
if ((decrypted_buffer_size = gpg_packet_decrypt(buffer, buffer_length, &decrypted_buffer, CERT_ROOT)) >= 0){
441
fwrite (decrypted_buffer, 1, decrypted_buffer_size, stdout);
496
442
free(decrypted_buffer);
529
475
const char *host_name,
530
476
const AvahiAddress *address,
532
AVAHI_GCC_UNUSED AvahiStringList *txt,
533
AVAHI_GCC_UNUSED AvahiLookupResultFlags flags,
478
AvahiStringList *txt,
479
AvahiLookupResultFlags flags,
534
480
AVAHI_GCC_UNUSED void* userdata) {
536
assert(r); /* Spurious warning */
538
/* Called whenever a service has been resolved successfully or
543
case AVAHI_RESOLVER_FAILURE:
544
fprintf(stderr, "(Resolver) Failed to resolve service '%s' of"
545
" type '%s' in domain '%s': %s\n", name, type, domain,
546
avahi_strerror(avahi_server_errno(server)));
549
case AVAHI_RESOLVER_FOUND:
551
char ip[AVAHI_ADDRESS_STR_MAX];
552
avahi_address_snprint(ip, sizeof(ip), address);
554
fprintf(stderr, "Mandos server found on %s (%s) on port %d\n",
555
host_name, ip, port);
557
int ret = start_mandos_communication(ip, port,
558
(unsigned int) interface);
484
/* Called whenever a service has been resolved successfully or timed out */
487
case AVAHI_RESOLVER_FAILURE:
488
fprintf(stderr, "(Resolver) Failed to resolve service '%s' of type '%s' in domain '%s': %s\n", name, type, domain, avahi_strerror(avahi_server_errno(server)));
491
case AVAHI_RESOLVER_FOUND: {
492
char ip[AVAHI_ADDRESS_STR_MAX];
493
avahi_address_snprint(ip, sizeof(ip), address);
495
fprintf(stderr, "Mandos server found at %s on port %d\n", ip, port);
497
int ret = start_mandos_communication(ip, port);
566
avahi_s_service_resolver_free(r);
505
avahi_s_service_resolver_free(r);
569
508
static void browse_callback(
578
517
void* userdata) {
580
519
AvahiServer *s = userdata;
581
assert(b); /* Spurious warning */
583
/* Called whenever a new services becomes available on the LAN or
584
is removed from the LAN */
522
/* Called whenever a new services becomes available on the LAN or is removed from the LAN */
588
case AVAHI_BROWSER_FAILURE:
590
fprintf(stderr, "(Browser) %s\n",
591
avahi_strerror(avahi_server_errno(server)));
592
avahi_simple_poll_quit(simple_poll);
595
case AVAHI_BROWSER_NEW:
596
/* We ignore the returned resolver object. In the callback
597
function we free it. If the server is terminated before
598
the callback function is called the server will free
599
the resolver for us. */
601
if (!(avahi_s_service_resolver_new(s, interface, protocol, name,
603
AVAHI_PROTO_INET6, 0,
604
resolve_callback, s)))
605
fprintf(stderr, "Failed to resolve service '%s': %s\n", name,
606
avahi_strerror(avahi_server_errno(s)));
609
case AVAHI_BROWSER_REMOVE:
612
case AVAHI_BROWSER_ALL_FOR_NOW:
613
case AVAHI_BROWSER_CACHE_EXHAUSTED:
526
case AVAHI_BROWSER_FAILURE:
528
fprintf(stderr, "(Browser) %s\n", avahi_strerror(avahi_server_errno(server)));
529
avahi_simple_poll_quit(simple_poll);
532
case AVAHI_BROWSER_NEW:
533
/* We ignore the returned resolver object. In the callback
534
function we free it. If the server is terminated before
535
the callback function is called the server will free
536
the resolver for us. */
538
if (!(avahi_s_service_resolver_new(s, interface, protocol, name, type, domain, AVAHI_PROTO_INET6, 0, resolve_callback, s)))
539
fprintf(stderr, "Failed to resolve service '%s': %s\n", name, avahi_strerror(avahi_server_errno(s)));
543
case AVAHI_BROWSER_REMOVE:
546
case AVAHI_BROWSER_ALL_FOR_NOW:
547
case AVAHI_BROWSER_CACHE_EXHAUSTED:
618
552
int main(AVAHI_GCC_UNUSED int argc, AVAHI_GCC_UNUSED char*argv[]) {
619
553
AvahiServerConfig config;
620
554
AvahiSServiceBrowser *sb = NULL;
555
const char db[] = "--debug";
623
558
int returncode = EXIT_SUCCESS;
624
const char *interface = "eth0";
627
static struct option long_options[] = {
628
{"debug", no_argument, (int *)&debug, 1},
629
{"interface", required_argument, 0, 'i'},
632
int option_index = 0;
633
ret = getopt_long (argc, argv, "i:", long_options,
559
char *basename = rindex(argv[0], '/');
560
if(basename == NULL){
566
char *program_name = malloc(strlen(basename) + sizeof(db));
568
if (program_name == NULL){
573
program_name[0] = '\0';
575
for (int i = 1; i < argc; i++){
576
if (not strncmp(argv[i], db, 5)){
577
strcat(strcat(strcat(program_name, db ), "="), basename);
578
if(not strcmp(argv[i], db) or not strcmp(argv[i], program_name)){
652
586
avahi_set_log_function(empty_log);
655
589
/* Initialize the psuedo-RNG */
656
srand((unsigned int) time(NULL));
658
592
/* Allocate main loop object */
659
593
if (!(simple_poll = avahi_simple_poll_new())) {
670
604
config.publish_domain = 0;
672
606
/* Allocate a new server */
673
server = avahi_server_new(avahi_simple_poll_get(simple_poll),
674
&config, NULL, NULL, &error);
607
server = avahi_server_new(avahi_simple_poll_get(simple_poll), &config, NULL, NULL, &error);
676
609
/* Free the configuration data */
677
610
avahi_server_config_free(&config);
679
612
/* Check if creating the server object succeeded */
681
fprintf(stderr, "Failed to create server: %s\n",
682
avahi_strerror(error));
614
fprintf(stderr, "Failed to create server: %s\n", avahi_strerror(error));
683
615
returncode = EXIT_FAILURE;
687
619
/* Create the service browser */
688
sb = avahi_s_service_browser_new(server,
690
if_nametoindex(interface),
692
"_mandos._tcp", NULL, 0,
693
browse_callback, server);
695
fprintf(stderr, "Failed to create service browser: %s\n",
696
avahi_strerror(avahi_server_errno(server)));
620
if (!(sb = avahi_s_service_browser_new(server, if_nametoindex("eth0"), AVAHI_PROTO_INET6, "_mandos._tcp", NULL, 0, browse_callback, server))) {
621
fprintf(stderr, "Failed to create service browser: %s\n", avahi_strerror(avahi_server_errno(server)));
697
622
returncode = EXIT_FAILURE;