281
/* GnuTLS log function callback */
282
static void debuggnutls(__attribute__((unused)) int level,
284
fprintf(stderr, "GnuTLS: %s", string);
246
void debuggnutls(__attribute__((unused)) int level,
248
fprintf(stderr, "%s", string);
287
static int init_gnutls_global(mandos_context *mc,
288
const char *pubkeyfile,
289
const char *seckeyfile){
251
int initgnutls(encrypted_session *es){
293
256
fprintf(stderr, "Initializing GnuTLS\n");
296
259
if ((ret = gnutls_global_init ())
297
260
!= GNUTLS_E_SUCCESS) {
298
fprintf (stderr, "GnuTLS global_init: %s\n",
299
safer_gnutls_strerror(ret));
261
fprintf (stderr, "global_init: %s\n", safer_gnutls_strerror(ret));
304
/* "Use a log level over 10 to enable all debugging options."
307
266
gnutls_global_set_log_level(11);
308
267
gnutls_global_set_log_function(debuggnutls);
311
/* OpenPGP credentials */
312
if ((ret = gnutls_certificate_allocate_credentials (&mc->cred))
270
/* openpgp credentials */
271
if ((ret = gnutls_certificate_allocate_credentials (&es->cred))
313
272
!= GNUTLS_E_SUCCESS) {
314
fprintf (stderr, "GnuTLS memory error: %s\n",
273
fprintf (stderr, "memory error: %s\n",
315
274
safer_gnutls_strerror(ret));
320
279
fprintf(stderr, "Attempting to use OpenPGP certificate %s"
321
" and keyfile %s as GnuTLS credentials\n", pubkeyfile,
280
" and keyfile %s as GnuTLS credentials\n", CERTFILE,
325
284
ret = gnutls_certificate_set_openpgp_key_file
326
(mc->cred, pubkeyfile, seckeyfile, GNUTLS_OPENPGP_FMT_BASE64);
285
(es->cred, CERTFILE, KEYFILE, GNUTLS_OPENPGP_FMT_BASE64);
327
286
if (ret != GNUTLS_E_SUCCESS) {
329
"Error[%d] while reading the OpenPGP key pair ('%s',"
330
" '%s')\n", ret, pubkeyfile, seckeyfile);
331
fprintf(stdout, "The GnuTLS error is: %s\n",
288
(stderr, "Error[%d] while reading the OpenPGP key pair ('%s',"
290
ret, CERTFILE, KEYFILE);
291
fprintf(stdout, "The Error is: %s\n",
332
292
safer_gnutls_strerror(ret));
336
/* GnuTLS server initialization */
337
ret = gnutls_dh_params_init(&mc->dh_params);
338
if (ret != GNUTLS_E_SUCCESS) {
339
fprintf (stderr, "Error in GnuTLS DH parameter initialization:"
340
" %s\n", safer_gnutls_strerror(ret));
343
ret = gnutls_dh_params_generate2(mc->dh_params, mc->dh_bits);
344
if (ret != GNUTLS_E_SUCCESS) {
345
fprintf (stderr, "Error in GnuTLS prime generation: %s\n",
346
safer_gnutls_strerror(ret));
350
gnutls_certificate_set_dh_params(mc->cred, mc->dh_params);
355
static int init_gnutls_session(mandos_context *mc, gnutls_session_t *session){
357
/* GnuTLS session creation */
358
ret = gnutls_init(session, GNUTLS_SERVER);
359
if (ret != GNUTLS_E_SUCCESS){
296
//GnuTLS server initialization
297
if ((ret = gnutls_dh_params_init (&es->dh_params))
298
!= GNUTLS_E_SUCCESS) {
299
fprintf (stderr, "Error in dh parameter initialization: %s\n",
300
safer_gnutls_strerror(ret));
304
if ((ret = gnutls_dh_params_generate2 (es->dh_params, DH_BITS))
305
!= GNUTLS_E_SUCCESS) {
306
fprintf (stderr, "Error in prime generation: %s\n",
307
safer_gnutls_strerror(ret));
311
gnutls_certificate_set_dh_params (es->cred, es->dh_params);
313
// GnuTLS session creation
314
if ((ret = gnutls_init (&es->session, GNUTLS_SERVER))
315
!= GNUTLS_E_SUCCESS){
360
316
fprintf(stderr, "Error in GnuTLS session initialization: %s\n",
361
317
safer_gnutls_strerror(ret));
366
ret = gnutls_priority_set_direct(*session, mc->priority, &err);
367
if (ret != GNUTLS_E_SUCCESS) {
368
fprintf(stderr, "Syntax error at: %s\n", err);
369
fprintf(stderr, "GnuTLS error: %s\n",
370
safer_gnutls_strerror(ret));
320
if ((ret = gnutls_priority_set_direct (es->session, "NORMAL", &err))
321
!= GNUTLS_E_SUCCESS) {
322
fprintf(stderr, "Syntax error at: %s\n", err);
323
fprintf(stderr, "GnuTLS error: %s\n",
324
safer_gnutls_strerror(ret));
375
ret = gnutls_credentials_set(*session, GNUTLS_CRD_CERTIFICATE,
377
if (ret != GNUTLS_E_SUCCESS) {
378
fprintf(stderr, "Error setting GnuTLS credentials: %s\n",
328
if ((ret = gnutls_credentials_set
329
(es->session, GNUTLS_CRD_CERTIFICATE, es->cred))
330
!= GNUTLS_E_SUCCESS) {
331
fprintf(stderr, "Error setting a credentials set: %s\n",
379
332
safer_gnutls_strerror(ret));
383
336
/* ignore client certificate if any. */
384
gnutls_certificate_server_set_request (*session,
337
gnutls_certificate_server_set_request (es->session,
385
338
GNUTLS_CERT_IGNORE);
387
gnutls_dh_set_prime_bits (*session, mc->dh_bits);
340
gnutls_dh_set_prime_bits (es->session, DH_BITS);
392
/* Avahi log function callback */
393
static void empty_log(__attribute__((unused)) AvahiLogLevel level,
394
__attribute__((unused)) const char *txt){}
345
void empty_log(__attribute__((unused)) AvahiLogLevel level,
346
__attribute__((unused)) const char *txt){}
396
/* Called when a Mandos server is found */
397
static int start_mandos_communication(const char *ip, uint16_t port,
398
AvahiIfIndex if_index,
348
int start_mandos_communication(char *ip, uint16_t port,
349
unsigned int if_index){
401
351
struct sockaddr_in6 to;
352
encrypted_session es;
402
353
char *buffer = NULL;
403
354
char *decrypted_buffer;
404
355
size_t buffer_length = 0;
405
356
size_t buffer_capacity = 0;
406
357
ssize_t decrypted_buffer_size;
409
359
char interface[IF_NAMESIZE];
410
gnutls_session_t session;
411
gnutls_dh_params_t dh_params;
413
ret = init_gnutls_session (mc, &session);
419
fprintf(stderr, "Setting up a tcp connection to %s, port %d\n",
362
fprintf(stderr, "Setting up a tcp connection to %s\n", ip);
423
365
tcp_sd = socket(PF_INET6, SOCK_STREAM, 0);
585
written += (size_t)ret;
502
decrypted_buffer += ret;
503
decrypted_buffer_size -= ret;
587
505
free(decrypted_buffer);
593
/* Shutdown procedure */
514
fprintf(stderr, "Closing TLS session\n");
518
gnutls_bye (es.session, GNUTLS_SHUT_RDWR);
598
gnutls_deinit (session);
599
gnutls_certificate_free_credentials (mc->cred);
521
gnutls_deinit (es.session);
522
gnutls_certificate_free_credentials (es.cred);
600
523
gnutls_global_deinit ();
604
static void resolve_callback(AvahiSServiceResolver *r,
605
AvahiIfIndex interface,
606
AVAHI_GCC_UNUSED AvahiProtocol protocol,
607
AvahiResolverEvent event,
611
const char *host_name,
612
const AvahiAddress *address,
614
AVAHI_GCC_UNUSED AvahiStringList *txt,
615
AVAHI_GCC_UNUSED AvahiLookupResultFlags
618
mandos_context *mc = userdata;
619
assert(r); /* Spurious warning */
527
static AvahiSimplePoll *simple_poll = NULL;
528
static AvahiServer *server = NULL;
530
static void resolve_callback(
531
AvahiSServiceResolver *r,
532
AVAHI_GCC_UNUSED AvahiIfIndex interface,
533
AVAHI_GCC_UNUSED AvahiProtocol protocol,
534
AvahiResolverEvent event,
538
const char *host_name,
539
const AvahiAddress *address,
541
AVAHI_GCC_UNUSED AvahiStringList *txt,
542
AVAHI_GCC_UNUSED AvahiLookupResultFlags flags,
543
AVAHI_GCC_UNUSED void* userdata) {
621
547
/* Called whenever a service has been resolved successfully or
626
552
case AVAHI_RESOLVER_FAILURE:
627
fprintf(stderr, "(Avahi Resolver) Failed to resolve service '%s'"
628
" of type '%s' in domain '%s': %s\n", name, type, domain,
629
avahi_strerror(avahi_server_errno(mc->server)));
553
fprintf(stderr, "(Resolver) Failed to resolve service '%s' of"
554
" type '%s' in domain '%s': %s\n", name, type, domain,
555
avahi_strerror(avahi_server_errno(server)));
632
558
case AVAHI_RESOLVER_FOUND:
634
560
char ip[AVAHI_ADDRESS_STR_MAX];
635
561
avahi_address_snprint(ip, sizeof(ip), address);
637
fprintf(stderr, "Mandos server \"%s\" found on %s (%s, %d) on"
638
" port %d\n", name, host_name, ip, interface, port);
563
fprintf(stderr, "Mandos server found on %s (%s) on port %d\n",
564
host_name, ip, port);
640
int ret = start_mandos_communication(ip, port, interface, mc);
566
int ret = start_mandos_communication(ip, port,
642
570
exit(EXIT_SUCCESS);
646
576
avahi_s_service_resolver_free(r);
649
static void browse_callback( AvahiSServiceBrowser *b,
650
AvahiIfIndex interface,
651
AvahiProtocol protocol,
652
AvahiBrowserEvent event,
656
AVAHI_GCC_UNUSED AvahiLookupResultFlags
659
mandos_context *mc = userdata;
660
assert(b); /* Spurious warning */
662
/* Called whenever a new services becomes available on the LAN or
663
is removed from the LAN */
667
case AVAHI_BROWSER_FAILURE:
669
fprintf(stderr, "(Avahi browser) %s\n",
670
avahi_strerror(avahi_server_errno(mc->server)));
671
avahi_simple_poll_quit(mc->simple_poll);
674
case AVAHI_BROWSER_NEW:
675
/* We ignore the returned Avahi resolver object. In the callback
676
function we free it. If the Avahi server is terminated before
677
the callback function is called the Avahi server will free the
680
if (!(avahi_s_service_resolver_new(mc->server, interface,
681
protocol, name, type, domain,
682
AVAHI_PROTO_INET6, 0,
683
resolve_callback, mc)))
684
fprintf(stderr, "Avahi: Failed to resolve service '%s': %s\n",
685
name, avahi_strerror(avahi_server_errno(mc->server)));
688
case AVAHI_BROWSER_REMOVE:
691
case AVAHI_BROWSER_ALL_FOR_NOW:
692
case AVAHI_BROWSER_CACHE_EXHAUSTED:
694
fprintf(stderr, "No Mandos server found, still searching...\n");
579
static void browse_callback(
580
AvahiSServiceBrowser *b,
581
AvahiIfIndex interface,
582
AvahiProtocol protocol,
583
AvahiBrowserEvent event,
587
AVAHI_GCC_UNUSED AvahiLookupResultFlags flags,
590
AvahiServer *s = userdata;
593
/* Called whenever a new services becomes available on the LAN or
594
is removed from the LAN */
598
case AVAHI_BROWSER_FAILURE:
600
fprintf(stderr, "(Browser) %s\n",
601
avahi_strerror(avahi_server_errno(server)));
602
avahi_simple_poll_quit(simple_poll);
605
case AVAHI_BROWSER_NEW:
606
/* We ignore the returned resolver object. In the callback
607
function we free it. If the server is terminated before
608
the callback function is called the server will free
609
the resolver for us. */
611
if (!(avahi_s_service_resolver_new(s, interface, protocol, name,
613
AVAHI_PROTO_INET6, 0,
614
resolve_callback, s)))
615
fprintf(stderr, "Failed to resolve service '%s': %s\n", name,
616
avahi_strerror(avahi_server_errno(s)));
619
case AVAHI_BROWSER_REMOVE:
622
case AVAHI_BROWSER_ALL_FOR_NOW:
623
case AVAHI_BROWSER_CACHE_EXHAUSTED:
700
/* Combines file name and path and returns the malloced new
701
string. some sane checks could/should be added */
702
static const char *combinepath(const char *first, const char *second){
703
size_t f_len = strlen(first);
704
size_t s_len = strlen(second);
705
char *tmp = malloc(f_len + s_len + 2);
710
memcpy(tmp, first, f_len); /* Spurious warning */
714
memcpy(tmp + f_len + 1, second, s_len); /* Spurious warning */
716
tmp[f_len + 1 + s_len] = '\0';
721
int main(int argc, char *argv[]){
628
int main(AVAHI_GCC_UNUSED int argc, AVAHI_GCC_UNUSED char*argv[]) {
629
AvahiServerConfig config;
722
630
AvahiSServiceBrowser *sb = NULL;
725
int exitcode = EXIT_SUCCESS;
633
int returncode = EXIT_SUCCESS;
726
634
const char *interface = "eth0";
727
struct ifreq network;
731
char *connect_to = NULL;
732
AvahiIfIndex if_index = AVAHI_IF_UNSPEC;
733
const char *pubkeyfile = "pubkey.txt";
734
const char *seckeyfile = "seckey.txt";
735
mandos_context mc = { .simple_poll = NULL, .server = NULL,
736
.dh_bits = 1024, .priority = "SECURE256"};
739
struct argp_option options[] = {
740
{ .name = "debug", .key = 128,
741
.doc = "Debug mode", .group = 3 },
742
{ .name = "connect", .key = 'c',
744
.doc = "Connect directly to a sepcified mandos server", .group = 1 },
745
{ .name = "interface", .key = 'i',
747
.doc = "Interface that Avahi will conntect through", .group = 1 },
748
{ .name = "keydir", .key = 'd',
750
.doc = "Directory where the openpgp keyring is", .group = 1 },
751
{ .name = "seckey", .key = 's',
753
.doc = "Secret openpgp key for gnutls authentication", .group = 1 },
754
{ .name = "pubkey", .key = 'p',
756
.doc = "Public openpgp key for gnutls authentication", .group = 2 },
757
{ .name = "dh-bits", .key = 129,
759
.doc = "dh-bits to use in gnutls communication", .group = 2 },
760
{ .name = "priority", .key = 130,
762
.doc = "GNUTLS priority", .group = 1 },
767
error_t parse_opt (int key, char *arg, struct argp_state *state) {
768
/* Get the INPUT argument from `argp_parse', which we know is a
769
pointer to our plugin list pointer. */
791
mc.dh_bits = (unsigned int) strtol(arg, NULL, 10);
806
return ARGP_ERR_UNKNOWN;
811
struct argp argp = { .options = options, .parser = parse_opt,
813
.doc = "Mandos client -- Get and decrypt passwords from mandos server" };
814
argp_parse (&argp, argc, argv, 0, 0, NULL);
817
pubkeyfile = combinepath(keydir, pubkeyfile);
818
if (pubkeyfile == NULL){
819
perror("combinepath");
820
exitcode = EXIT_FAILURE;
824
seckeyfile = combinepath(keydir, seckeyfile);
825
if (seckeyfile == NULL){
826
perror("combinepath");
830
ret = init_gnutls_global(&mc, pubkeyfile, seckeyfile);
832
fprintf(stderr, "init_gnutls_global\n");
849
if_index = (AvahiIfIndex) if_nametoindex(interface);
851
fprintf(stderr, "No such interface: \"%s\"\n", interface);
855
if(connect_to != NULL){
856
/* Connect directly, do not use Zeroconf */
857
/* (Mainly meant for debugging) */
858
char *address = strrchr(connect_to, ':');
860
fprintf(stderr, "No colon in address\n");
861
exitcode = EXIT_FAILURE;
865
uint16_t port = (uint16_t) strtol(address+1, NULL, 10);
867
perror("Bad port number");
868
exitcode = EXIT_FAILURE;
872
address = connect_to;
873
ret = start_mandos_communication(address, port, if_index, &mc);
875
exitcode = EXIT_FAILURE;
877
exitcode = EXIT_SUCCESS;
882
/* If the interface is down, bring it up */
884
sd = socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP);
887
exitcode = EXIT_FAILURE;
890
strcpy(network.ifr_name, interface); /* Spurious warning */
891
ret = ioctl(sd, SIOCGIFFLAGS, &network);
893
perror("ioctl SIOCGIFFLAGS");
894
exitcode = EXIT_FAILURE;
897
if((network.ifr_flags & IFF_UP) == 0){
898
network.ifr_flags |= IFF_UP;
899
ret = ioctl(sd, SIOCSIFFLAGS, &network);
901
perror("ioctl SIOCSIFFLAGS");
902
exitcode = EXIT_FAILURE;
637
static struct option long_options[] = {
638
{"debug", no_argument, (int *)&debug, 1},
639
{"interface", required_argument, 0, 'i'},
642
int option_index = 0;
643
ret = getopt_long (argc, argv, "i:", long_options,
910
662
avahi_set_log_function(empty_log);
913
/* Initialize the pseudo-RNG for Avahi */
665
/* Initialize the psuedo-RNG */
914
666
srand((unsigned int) time(NULL));
916
/* Allocate main Avahi loop object */
917
mc.simple_poll = avahi_simple_poll_new();
918
if (mc.simple_poll == NULL) {
919
fprintf(stderr, "Avahi: Failed to create simple poll"
921
exitcode = EXIT_FAILURE;
926
AvahiServerConfig config;
927
/* Do not publish any local Zeroconf records */
928
avahi_server_config_init(&config);
929
config.publish_hinfo = 0;
930
config.publish_addresses = 0;
931
config.publish_workstation = 0;
932
config.publish_domain = 0;
934
/* Allocate a new server */
935
mc.server = avahi_server_new(avahi_simple_poll_get
936
(mc.simple_poll), &config, NULL,
939
/* Free the Avahi configuration data */
940
avahi_server_config_free(&config);
943
/* Check if creating the Avahi server object succeeded */
944
if (mc.server == NULL) {
945
fprintf(stderr, "Failed to create Avahi server: %s\n",
668
/* Allocate main loop object */
669
if (!(simple_poll = avahi_simple_poll_new())) {
670
fprintf(stderr, "Failed to create simple poll object.\n");
675
/* Do not publish any local records */
676
avahi_server_config_init(&config);
677
config.publish_hinfo = 0;
678
config.publish_addresses = 0;
679
config.publish_workstation = 0;
680
config.publish_domain = 0;
682
/* Allocate a new server */
683
server = avahi_server_new(avahi_simple_poll_get(simple_poll),
684
&config, NULL, NULL, &error);
686
/* Free the configuration data */
687
avahi_server_config_free(&config);
689
/* Check if creating the server object succeeded */
691
fprintf(stderr, "Failed to create server: %s\n",
946
692
avahi_strerror(error));
947
exitcode = EXIT_FAILURE;
693
returncode = EXIT_FAILURE;
951
/* Create the Avahi service browser */
952
sb = avahi_s_service_browser_new(mc.server, if_index,
697
/* Create the service browser */
698
sb = avahi_s_service_browser_new(server,
700
if_nametoindex(interface),
953
701
AVAHI_PROTO_INET6,
954
702
"_mandos._tcp", NULL, 0,
955
browse_callback, &mc);
703
browse_callback, server);
957
705
fprintf(stderr, "Failed to create service browser: %s\n",
958
avahi_strerror(avahi_server_errno(mc.server)));
959
exitcode = EXIT_FAILURE;
706
avahi_strerror(avahi_server_errno(server)));
707
returncode = EXIT_FAILURE;
963
711
/* Run the main loop */
966
fprintf(stderr, "Starting Avahi loop search\n");
714
fprintf(stderr, "Starting avahi loop search\n");
969
avahi_simple_poll_loop(mc.simple_poll);
717
avahi_simple_poll_loop(simple_poll);
974
722
fprintf(stderr, "%s exiting\n", argv[0]);
977
725
/* Cleanup things */
979
727
avahi_s_service_browser_free(sb);
981
if (mc.server != NULL)
982
avahi_server_free(mc.server);
984
if (mc.simple_poll != NULL)
985
avahi_simple_poll_free(mc.simple_poll);
730
avahi_server_free(server);
733
avahi_simple_poll_free(simple_poll);