To get this branch, use:
bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk
« back to all changes in this revision
Viewing changes to plugins.d/mandosclient.c
- browse files at revision 21
- compare with another revision
- download diff
- download tarball
- view history from revision 21
- Committer: Teddy Hogeborn
- Date: 2008-07-21 15:34:44 UTC
- Revision ID: teddy@fukt.bsnet.se-20080721153444-lugbjkj1oq65ugq3
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
$(LANGUAGE).
(WARN, DEBUG, COVERAGE, LANGUAGE): New.
(LDFLAGS): New; use $(COVERAGE)
* plugbasedclient.c: Added copyright header.
(process.buffer_size, process.buffer_length): Changed to "size_t".
(main): Cast arguments to malloc and realloc. Detect read errors
from processes.
* mandosclient.c: Added copyright header.
(interface): Moved to inside "main".
(gpg_packet_decrypt): Renamed to "pgp_packet_decrypt"; all callers
changed. Changed "new_packet_capacity" and
"new_packet_length" to be ssize_t. Cast
arguments to realloc.
(debuggnutls): Attribute "level" argument as unused.
(empty_log): Attribute "level" and "txt" arguments as unused.
(start_mandos_communication): New argument "if_index". Bug fix:
check ret, no tcp_sd, for errors from
setsockopt. Use "if_index" directly
instead of looking up the index. Loop
around fwrite until all data is written.
(resolve_callback): Attribute "txt", and "flags" as usused. Added
default case to switch. Also show server host
name. Call start_mandos_communication with
"interface".
(browse_callback): Added default case to switch.
(main): Variable "interface" moved here. Cast "srand" argument.
Bug fix: Call avahi_s_service_browser_new with index of
"interface", not "eth0".
* passprompt.c: Added copyright header.
(termination_handler): Attribute "signum" argument as unused.
$(LANGUAGE).
(WARN, DEBUG, COVERAGE, LANGUAGE): New.
(LDFLAGS): New; use $(COVERAGE)
* plugbasedclient.c: Added copyright header.
(process.buffer_size, process.buffer_length): Changed to "size_t".
(main): Cast arguments to malloc and realloc. Detect read errors
from processes.
* mandosclient.c: Added copyright header.
(interface): Moved to inside "main".
(gpg_packet_decrypt): Renamed to "pgp_packet_decrypt"; all callers
changed. Changed "new_packet_capacity" and
"new_packet_length" to be ssize_t. Cast
arguments to realloc.
(debuggnutls): Attribute "level" argument as unused.
(empty_log): Attribute "level" and "txt" arguments as unused.
(start_mandos_communication): New argument "if_index". Bug fix:
check ret, no tcp_sd, for errors from
setsockopt. Use "if_index" directly
instead of looking up the index. Loop
around fwrite until all data is written.
(resolve_callback): Attribute "txt", and "flags" as usused. Added
default case to switch. Also show server host
name. Call start_mandos_communication with
"interface".
(browse_callback): Added default case to switch.
(main): Variable "interface" moved here. Cast "srand" argument.
Bug fix: Call avahi_s_service_browser_new with index of
"interface", not "eth0".
* passprompt.c: Added copyright header.
(termination_handler): Attribute "signum" argument as unused.
- files added:
- ca.pem
- files removed:
- COPYING
- files renamed:
- clients.conf => mandos-clients.conf
- plugin-runner.c => plugbasedclient.c
- plugins.d/password-request.c => plugins.d/mandosclient.c
- plugins.d/password-prompt.c => plugins.d/passprompt.c
- mandos => server.py
- files modified:
- Makefile
added
removed
plugins.d/mandosclient.c
8
8
* includes the following functions: "resolve_callback",
9
9
* "browse_callback", and parts of "main".
10
10
*
11
* Everything else is
12
* Copyright © 2007-2008 Teddy Hogeborn & Björn Påhlsson
11
* Everything else is Copyright © 2007-2008 Teddy Hogeborn and Björn
12
* Påhlsson.
13
13
*
14
14
* This program is free software: you can redistribute it and/or
15
15
* modify it under the terms of the GNU General Public License as
25
25
* along with this program. If not, see
26
26
* <http://www.gnu.org/licenses/>.
27
27
*
28
* Contact the authors at <mandos@fukt.bsnet.se>.
28
* Contact the authors at <https://www.fukt.bsnet.se/~belorn/> and
29
* <https://www.fukt.bsnet.se/~teddy/>.
29
30
*/
30
31
31
/* Needed by GPGME, specifically gpgme_data_seek() */
32
#define _FORTIFY_SOURCE 2
33
32
34
#define _LARGEFILE_SOURCE
33
35
#define _FILE_OFFSET_BITS 64
34
36
35
#define _GNU_SOURCE /* TEMP_FAILURE_RETRY(), asprintf() */
36
37
#include <stdio.h> /* fprintf(), stderr, fwrite(),
38
stdout, ferror() */
39
#include <stdint.h> /* uint16_t, uint32_t */
40
#include <stddef.h> /* NULL, size_t, ssize_t */
41
#include <stdlib.h> /* free(), EXIT_SUCCESS, EXIT_FAILURE,
42
srand() */
43
#include <stdbool.h> /* bool, true */
44
#include <string.h> /* memset(), strcmp(), strlen(),
45
strerror(), asprintf(), strcpy() */
46
#include <sys/ioctl.h> /* ioctl */
47
#include <sys/types.h> /* socket(), inet_pton(), sockaddr,
48
sockaddr_in6, PF_INET6,
49
SOCK_STREAM, INET6_ADDRSTRLEN,
50
uid_t, gid_t */
51
#include <inttypes.h> /* PRIu16 */
52
#include <sys/socket.h> /* socket(), struct sockaddr_in6,
53
struct in6_addr, inet_pton(),
54
connect() */
55
#include <assert.h> /* assert() */
56
#include <errno.h> /* perror(), errno */
57
#include <time.h> /* time() */
58
#include <net/if.h> /* ioctl, ifreq, SIOCGIFFLAGS, IFF_UP,
59
SIOCSIFFLAGS, if_indextoname(),
60
if_nametoindex(), IF_NAMESIZE */
61
#include <unistd.h> /* close(), SEEK_SET, off_t, write(),
62
getuid(), getgid(), setuid(),
63
setgid() */
64
#include <netinet/in.h>
65
#include <arpa/inet.h> /* inet_pton(), htons */
66
#include <iso646.h> /* not, and */
67
#include <argp.h> /* struct argp_option, error_t, struct
68
argp_state, struct argp,
69
argp_parse(), ARGP_KEY_ARG,
70
ARGP_KEY_END, ARGP_ERR_UNKNOWN */
71
72
/* Avahi */
73
/* All Avahi types, constants and functions
74
Avahi*, avahi_*,
75
AVAHI_* */
37
#include <stdio.h>
38
#include <assert.h>
39
#include <stdlib.h>
40
#include <time.h>
41
#include <net/if.h> /* if_nametoindex */
42
76
43
#include <avahi-core/core.h>
77
44
#include <avahi-core/lookup.h>
78
45
#include <avahi-core/log.h>
80
47
#include <avahi-common/malloc.h>
81
48
#include <avahi-common/error.h>
82
49
83
/* GnuTLS */
84
#include <gnutls/gnutls.h> /* All GnuTLS types, constants and
85
functions:
86
gnutls_*
87
init_gnutls_session(),
88
GNUTLS_* */
89
#include <gnutls/openpgp.h> /* gnutls_certificate_set_openpgp_key_file(),
90
GNUTLS_OPENPGP_FMT_BASE64 */
91
92
/* GPGME */
93
#include <gpgme.h> /* All GPGME types, constants and
94
functions:
95
gpgme_*
96
GPGME_PROTOCOL_OpenPGP,
97
GPG_ERR_NO_* */
98
50
//mandos client part
51
#include <sys/types.h> /* socket(), setsockopt(),
52
inet_pton() */
53
#include <sys/socket.h> /* socket(), setsockopt(),
54
struct sockaddr_in6,
55
struct in6_addr, inet_pton() */
56
#include <gnutls/gnutls.h> /* All GnuTLS stuff */
57
#include <gnutls/openpgp.h> /* GnuTLS with openpgp stuff */
58
59
#include <unistd.h> /* close() */
60
#include <netinet/in.h>
61
#include <stdbool.h> /* true */
62
#include <string.h> /* memset */
63
#include <arpa/inet.h> /* inet_pton() */
64
#include <iso646.h> /* not */
65
66
// gpgme
67
#include <errno.h> /* perror() */
68
#include <gpgme.h>
69
70
// getopt long
71
#include <getopt.h>
72
73
#ifndef CERT_ROOT
74
#define CERT_ROOT "/conf/conf.d/cryptkeyreq/"
75
#endif
76
#define CERTFILE CERT_ROOT "openpgp-client.txt"
77
#define KEYFILE CERT_ROOT "openpgp-client-key.txt"
99
78
#define BUFFER_SIZE 256
79
#define DH_BITS 1024
100
80
101
81
bool debug = false;
102
static const char *keydir = "/conf/conf.d/mandos";
103
static const char mandos_protocol_version[] = "1";
104
const char *argp_program_version = "password-request 1.0";
105
const char *argp_program_bug_address = "<mandos@fukt.bsnet.se>";
106
82
107
/* Used for passing in values through the Avahi callback functions */
108
83
typedef struct {
109
AvahiSimplePoll *simple_poll;
110
AvahiServer *server;
84
gnutls_session_t session;
111
85
gnutls_certificate_credentials_t cred;
112
unsigned int dh_bits;
113
86
gnutls_dh_params_t dh_params;
114
const char *priority;
115
} mandos_context;
116
117
/*
118
* Make room in "buffer" for at least BUFFER_SIZE additional bytes.
119
* "buffer_capacity" is how much is currently allocated,
120
* "buffer_length" is how much is already used.
121
*/
122
size_t adjustbuffer(char **buffer, size_t buffer_length,
123
size_t buffer_capacity){
124
if (buffer_length + BUFFER_SIZE > buffer_capacity){
125
*buffer = realloc(*buffer, buffer_capacity + BUFFER_SIZE);
126
if (buffer == NULL){
127
return 0;
128
}
129
buffer_capacity += BUFFER_SIZE;
130
}
131
return buffer_capacity;
132
}
133
134
/*
135
* Decrypt OpenPGP data using keyrings in HOMEDIR.
136
* Returns -1 on error
137
*/
138
static ssize_t pgp_packet_decrypt (const char *cryptotext,
139
size_t crypto_size,
140
char **plaintext,
141
const char *homedir){
87
} encrypted_session;
88
89
90
ssize_t pgp_packet_decrypt (char *packet, size_t packet_size,
91
char **new_packet, const char *homedir){
142
92
gpgme_data_t dh_crypto, dh_plain;
143
93
gpgme_ctx_t ctx;
144
94
gpgme_error_t rc;
145
95
ssize_t ret;
146
size_t plaintext_capacity = 0;
147
ssize_t plaintext_length = 0;
96
ssize_t new_packet_capacity = 0;
97
ssize_t new_packet_length = 0;
148
98
gpgme_engine_info_t engine_info;
149
99
150
100
if (debug){
151
fprintf(stderr, "Trying to decrypt OpenPGP data\n");
101
fprintf(stderr, "Trying to decrypt OpenPGP packet\n");
152
102
}
153
103
154
104
/* Init GPGME */
155
105
gpgme_check_version(NULL);
156
rc = gpgme_engine_check_version(GPGME_PROTOCOL_OpenPGP);
157
if (rc != GPG_ERR_NO_ERROR){
158
fprintf(stderr, "bad gpgme_engine_check_version: %s: %s\n",
159
gpgme_strsource(rc), gpgme_strerror(rc));
160
return -1;
161
}
106
gpgme_engine_check_version(GPGME_PROTOCOL_OpenPGP);
162
107
163
/* Set GPGME home directory for the OpenPGP engine only */
108
/* Set GPGME home directory */
164
109
rc = gpgme_get_engine_info (&engine_info);
165
110
if (rc != GPG_ERR_NO_ERROR){
166
111
fprintf(stderr, "bad gpgme_get_engine_info: %s: %s\n",
176
121
engine_info = engine_info->next;
177
122
}
178
123
if(engine_info == NULL){
179
fprintf(stderr, "Could not set GPGME home dir to %s\n", homedir);
124
fprintf(stderr, "Could not set home dir to %s\n", homedir);
180
125
return -1;
181
126
}
182
127
183
/* Create new GPGME data buffer from memory cryptotext */
184
rc = gpgme_data_new_from_mem(&dh_crypto, cryptotext, crypto_size,
185
0);
128
/* Create new GPGME data buffer from packet buffer */
129
rc = gpgme_data_new_from_mem(&dh_crypto, packet, packet_size, 0);
186
130
if (rc != GPG_ERR_NO_ERROR){
187
131
fprintf(stderr, "bad gpgme_data_new_from_mem: %s: %s\n",
188
132
gpgme_strsource(rc), gpgme_strerror(rc));
194
138
if (rc != GPG_ERR_NO_ERROR){
195
139
fprintf(stderr, "bad gpgme_data_new: %s: %s\n",
196
140
gpgme_strsource(rc), gpgme_strerror(rc));
197
gpgme_data_release(dh_crypto);
198
141
return -1;
199
142
}
200
143
203
146
if (rc != GPG_ERR_NO_ERROR){
204
147
fprintf(stderr, "bad gpgme_new: %s: %s\n",
205
148
gpgme_strsource(rc), gpgme_strerror(rc));
206
plaintext_length = -1;
207
goto decrypt_end;
149
return -1;
208
150
}
209
151
210
/* Decrypt data from the cryptotext data buffer to the plaintext
211
data buffer */
152
/* Decrypt data from the FILE pointer to the plaintext data
153
buffer */
212
154
rc = gpgme_op_decrypt(ctx, dh_crypto, dh_plain);
213
155
if (rc != GPG_ERR_NO_ERROR){
214
156
fprintf(stderr, "bad gpgme_op_decrypt: %s: %s\n",
215
157
gpgme_strsource(rc), gpgme_strerror(rc));
216
plaintext_length = -1;
217
goto decrypt_end;
158
return -1;
218
159
}
219
160
220
161
if(debug){
221
fprintf(stderr, "Decryption of OpenPGP data succeeded\n");
162
fprintf(stderr, "Decryption of OpenPGP packet succeeded\n");
222
163
}
223
164
224
165
if (debug){
225
166
gpgme_decrypt_result_t result;
226
167
result = gpgme_op_decrypt_result(ctx);
229
170
} else {
230
171
fprintf(stderr, "Unsupported algorithm: %s\n",
231
172
result->unsupported_algorithm);
232
fprintf(stderr, "Wrong key usage: %u\n",
173
fprintf(stderr, "Wrong key usage: %d\n",
233
174
result->wrong_key_usage);
234
175
if(result->file_name != NULL){
235
176
fprintf(stderr, "File name: %s\n", result->file_name);
250
191
}
251
192
}
252
193
194
/* Delete the GPGME FILE pointer cryptotext data buffer */
195
gpgme_data_release(dh_crypto);
196
253
197
/* Seek back to the beginning of the GPGME plaintext data buffer */
254
if (gpgme_data_seek(dh_plain, (off_t) 0, SEEK_SET) == -1){
255
perror("pgpme_data_seek");
256
plaintext_length = -1;
257
goto decrypt_end;
258
}
259
260
*plaintext = NULL;
198
gpgme_data_seek(dh_plain, 0, SEEK_SET);
199
200
*new_packet = 0;
261
201
while(true){
262
plaintext_capacity = adjustbuffer(plaintext,
263
(size_t)plaintext_length,
264
plaintext_capacity);
265
if (plaintext_capacity == 0){
266
perror("adjustbuffer");
267
plaintext_length = -1;
268
goto decrypt_end;
202
if (new_packet_length + BUFFER_SIZE > new_packet_capacity){
203
*new_packet = realloc(*new_packet,
204
(unsigned int)new_packet_capacity
205
+ BUFFER_SIZE);
206
if (*new_packet == NULL){
207
perror("realloc");
208
return -1;
209
}
210
new_packet_capacity += BUFFER_SIZE;
269
211
}
270
212
271
ret = gpgme_data_read(dh_plain, *plaintext + plaintext_length,
213
ret = gpgme_data_read(dh_plain, *new_packet + new_packet_length,
272
214
BUFFER_SIZE);
273
215
/* Print the data, if any */
274
216
if (ret == 0){
275
/* EOF */
276
217
break;
277
218
}
278
219
if(ret < 0){
279
220
perror("gpgme_data_read");
280
plaintext_length = -1;
281
goto decrypt_end;
221
return -1;
282
222
}
283
plaintext_length += ret;
223
new_packet_length += ret;
284
224
}
285
225
286
if(debug){
287
fprintf(stderr, "Decrypted password is: ");
288
for(ssize_t i = 0; i < plaintext_length; i++){
289
fprintf(stderr, "%02hhX ", (*plaintext)[i]);
290
}
291
fprintf(stderr, "\n");
292
}
293
294
decrypt_end:
295
296
/* Delete the GPGME cryptotext data buffer */
297
gpgme_data_release(dh_crypto);
226
/* FIXME: check characters before printing to screen so to not print
227
terminal control characters */
228
/* if(debug){ */
229
/* fprintf(stderr, "decrypted password is: "); */
230
/* fwrite(*new_packet, 1, new_packet_length, stderr); */
231
/* fprintf(stderr, "\n"); */
232
/* } */
298
233
299
234
/* Delete the GPGME plaintext data buffer */
300
235
gpgme_data_release(dh_plain);
301
return plaintext_length;
236
return new_packet_length;
302
237
}
303
238
304
239
static const char * safer_gnutls_strerror (int value) {
305
const char *ret = gnutls_strerror (value); /* Spurious warning */
240
const char *ret = gnutls_strerror (value);
306
241
if (ret == NULL)
307
242
ret = "(unknown)";
308
243
return ret;
309
244
}
310
245
311
/* GnuTLS log function callback */
312
static void debuggnutls(__attribute__((unused)) int level,
313
const char* string){
314
fprintf(stderr, "GnuTLS: %s", string);
246
void debuggnutls(__attribute__((unused)) int level,
247
const char* string){
248
fprintf(stderr, "%s", string);
315
249
}
316
250
317
static int init_gnutls_global(mandos_context *mc,
318
const char *pubkeyfilename,
319
const char *seckeyfilename){
251
int initgnutls(encrypted_session *es){
252
const char *err;
320
253
int ret;
321
254
322
255
if(debug){
323
256
fprintf(stderr, "Initializing GnuTLS\n");
324
257
}
325
258
326
ret = gnutls_global_init();
327
if (ret != GNUTLS_E_SUCCESS) {
328
fprintf (stderr, "GnuTLS global_init: %s\n",
329
safer_gnutls_strerror(ret));
259
if ((ret = gnutls_global_init ())
260
!= GNUTLS_E_SUCCESS) {
261
fprintf (stderr, "global_init: %s\n", safer_gnutls_strerror(ret));
330
262
return -1;
331
263
}
332
264
333
265
if (debug){
334
/* "Use a log level over 10 to enable all debugging options."
335
* - GnuTLS manual
336
*/
337
266
gnutls_global_set_log_level(11);
338
267
gnutls_global_set_log_function(debuggnutls);
339
268
}
340
269
341
/* OpenPGP credentials */
342
gnutls_certificate_allocate_credentials(&mc->cred);
343
if (ret != GNUTLS_E_SUCCESS){
344
fprintf (stderr, "GnuTLS memory error: %s\n", /* Spurious
345
warning */
270
/* openpgp credentials */
271
if ((ret = gnutls_certificate_allocate_credentials (&es->cred))
272
!= GNUTLS_E_SUCCESS) {
273
fprintf (stderr, "memory error: %s\n",
346
274
safer_gnutls_strerror(ret));
347
gnutls_global_deinit ();
348
275
return -1;
349
276
}
350
277
351
278
if(debug){
352
279
fprintf(stderr, "Attempting to use OpenPGP certificate %s"
353
" and keyfile %s as GnuTLS credentials\n", pubkeyfilename,
354
seckeyfilename);
280
" and keyfile %s as GnuTLS credentials\n", CERTFILE,
281
KEYFILE);
355
282
}
356
283
357
284
ret = gnutls_certificate_set_openpgp_key_file
358
(mc->cred, pubkeyfilename, seckeyfilename,
359
GNUTLS_OPENPGP_FMT_BASE64);
285
(es->cred, CERTFILE, KEYFILE, GNUTLS_OPENPGP_FMT_BASE64);
360
286
if (ret != GNUTLS_E_SUCCESS) {
361
fprintf(stderr,
362
"Error[%d] while reading the OpenPGP key pair ('%s',"
363
" '%s')\n", ret, pubkeyfilename, seckeyfilename);
364
fprintf(stdout, "The GnuTLS error is: %s\n",
287
fprintf
288
(stderr, "Error[%d] while reading the OpenPGP key pair ('%s',"
289
" '%s')\n",
290
ret, CERTFILE, KEYFILE);
291
fprintf(stdout, "The Error is: %s\n",
365
292
safer_gnutls_strerror(ret));
366
goto globalfail;
367
}
368
369
/* GnuTLS server initialization */
370
ret = gnutls_dh_params_init(&mc->dh_params);
371
if (ret != GNUTLS_E_SUCCESS) {
372
fprintf (stderr, "Error in GnuTLS DH parameter initialization:"
373
" %s\n", safer_gnutls_strerror(ret));
374
goto globalfail;
375
}
376
ret = gnutls_dh_params_generate2(mc->dh_params, mc->dh_bits);
377
if (ret != GNUTLS_E_SUCCESS) {
378
fprintf (stderr, "Error in GnuTLS prime generation: %s\n",
379
safer_gnutls_strerror(ret));
380
goto globalfail;
381
}
382
383
gnutls_certificate_set_dh_params(mc->cred, mc->dh_params);
384
385
return 0;
386
387
globalfail:
388
389
gnutls_certificate_free_credentials(mc->cred);
390
gnutls_global_deinit();
391
return -1;
392
393
}
394
395
static int init_gnutls_session(mandos_context *mc,
396
gnutls_session_t *session){
397
int ret;
398
/* GnuTLS session creation */
399
ret = gnutls_init(session, GNUTLS_SERVER);
400
if (ret != GNUTLS_E_SUCCESS){
293
return -1;
294
}
295
296
//GnuTLS server initialization
297
if ((ret = gnutls_dh_params_init (&es->dh_params))
298
!= GNUTLS_E_SUCCESS) {
299
fprintf (stderr, "Error in dh parameter initialization: %s\n",
300
safer_gnutls_strerror(ret));
301
return -1;
302
}
303
304
if ((ret = gnutls_dh_params_generate2 (es->dh_params, DH_BITS))
305
!= GNUTLS_E_SUCCESS) {
306
fprintf (stderr, "Error in prime generation: %s\n",
307
safer_gnutls_strerror(ret));
308
return -1;
309
}
310
311
gnutls_certificate_set_dh_params (es->cred, es->dh_params);
312
313
// GnuTLS session creation
314
if ((ret = gnutls_init (&es->session, GNUTLS_SERVER))
315
!= GNUTLS_E_SUCCESS){
401
316
fprintf(stderr, "Error in GnuTLS session initialization: %s\n",
402
317
safer_gnutls_strerror(ret));
403
318
}
404
319
405
{
406
const char *err;
407
ret = gnutls_priority_set_direct(*session, mc->priority, &err);
408
if (ret != GNUTLS_E_SUCCESS) {
409
fprintf(stderr, "Syntax error at: %s\n", err);
410
fprintf(stderr, "GnuTLS error: %s\n",
411
safer_gnutls_strerror(ret));
412
gnutls_deinit (*session);
413
return -1;
414
}
320
if ((ret = gnutls_priority_set_direct (es->session, "NORMAL", &err))
321
!= GNUTLS_E_SUCCESS) {
322
fprintf(stderr, "Syntax error at: %s\n", err);
323
fprintf(stderr, "GnuTLS error: %s\n",
324
safer_gnutls_strerror(ret));
325
return -1;
415
326
}
416
327
417
ret = gnutls_credentials_set(*session, GNUTLS_CRD_CERTIFICATE,
418
mc->cred);
419
if (ret != GNUTLS_E_SUCCESS) {
420
fprintf(stderr, "Error setting GnuTLS credentials: %s\n",
328
if ((ret = gnutls_credentials_set
329
(es->session, GNUTLS_CRD_CERTIFICATE, es->cred))
330
!= GNUTLS_E_SUCCESS) {
331
fprintf(stderr, "Error setting a credentials set: %s\n",
421
332
safer_gnutls_strerror(ret));
422
gnutls_deinit (*session);
423
333
return -1;
424
334
}
425
335
426
336
/* ignore client certificate if any. */
427
gnutls_certificate_server_set_request (*session,
337
gnutls_certificate_server_set_request (es->session,
428
338
GNUTLS_CERT_IGNORE);
429
339
430
gnutls_dh_set_prime_bits (*session, mc->dh_bits);
340
gnutls_dh_set_prime_bits (es->session, DH_BITS);
431
341
432
342
return 0;
433
343
}
434
344
435
/* Avahi log function callback */
436
static void empty_log(__attribute__((unused)) AvahiLogLevel level,
437
__attribute__((unused)) const char *txt){}
345
void empty_log(__attribute__((unused)) AvahiLogLevel level,
346
__attribute__((unused)) const char *txt){}
438
347
439
/* Called when a Mandos server is found */
440
static int start_mandos_communication(const char *ip, uint16_t port,
441
AvahiIfIndex if_index,
442
mandos_context *mc){
348
int start_mandos_communication(char *ip, uint16_t port,
349
unsigned int if_index){
443
350
int ret, tcp_sd;
444
union { struct sockaddr in; struct sockaddr_in6 in6; } to;
351
struct sockaddr_in6 to;
352
encrypted_session es;
445
353
char *buffer = NULL;
446
354
char *decrypted_buffer;
447
355
size_t buffer_length = 0;
448
356
size_t buffer_capacity = 0;
449
357
ssize_t decrypted_buffer_size;
450
size_t written;
451
358
int retval = 0;
452
359
char interface[IF_NAMESIZE];
453
gnutls_session_t session;
454
455
ret = init_gnutls_session (mc, &session);
456
if (ret != 0){
457
return -1;
458
}
459
360
460
361
if(debug){
461
fprintf(stderr, "Setting up a tcp connection to %s, port %" PRIu16
462
"\n", ip, port);
362
fprintf(stderr, "Setting up a tcp connection to %s\n", ip);
463
363
}
464
364
465
365
tcp_sd = socket(PF_INET6, SOCK_STREAM, 0);
467
367
perror("socket");
468
368
return -1;
469
369
}
470
471
if(debug){
472
if(if_indextoname((unsigned int)if_index, interface) == NULL){
370
371
if(if_indextoname(if_index, interface) == NULL){
372
if(debug){
473
373
perror("if_indextoname");
474
return -1;
475
374
}
375
return -1;
376
}
377
378
if(debug){
476
379
fprintf(stderr, "Binding to interface %s\n", interface);
477
380
}
478
381
479
memset(&to, 0, sizeof(to));
480
to.in6.sin6_family = AF_INET6;
481
/* It would be nice to have a way to detect if we were passed an
482
IPv4 address here. Now we assume an IPv6 address. */
483
ret = inet_pton(AF_INET6, ip, &to.in6.sin6_addr);
382
ret = setsockopt(tcp_sd, SOL_SOCKET, SO_BINDTODEVICE, interface, 5);
383
if(ret < 0) {
384
perror("setsockopt bindtodevice");
385
return -1;
386
}
387
388
memset(&to,0,sizeof(to));
389
to.sin6_family = AF_INET6;
390
ret = inet_pton(AF_INET6, ip, &to.sin6_addr);
484
391
if (ret < 0 ){
485
392
perror("inet_pton");
486
393
return -1;
487
}
394
}
488
395
if(ret == 0){
489
396
fprintf(stderr, "Bad address: %s\n", ip);
490
397
return -1;
491
398
}
492
to.in6.sin6_port = htons(port); /* Spurious warning */
399
/* Spurious warnings for the next line, see for instance
400
<http://bugs.debian.org/488884> */
401
to.sin6_port = htons(port);
493
402
494
to.in6.sin6_scope_id = (uint32_t)if_index;
403
to.sin6_scope_id = (uint32_t)if_index;
495
404
496
405
if(debug){
497
fprintf(stderr, "Connection to: %s, port %" PRIu16 "\n", ip,
498
port);
499
char addrstr[INET6_ADDRSTRLEN] = "";
500
if(inet_ntop(to.in6.sin6_family, &(to.in6.sin6_addr), addrstr,
501
sizeof(addrstr)) == NULL){
502
perror("inet_ntop");
503
} else {
504
if(strcmp(addrstr, ip) != 0){
505
fprintf(stderr, "Canonical address form: %s\n", addrstr);
506
}
507
}
406
fprintf(stderr, "Connection to: %s\n", ip);
508
407
}
509
408
510
ret = connect(tcp_sd, &to.in, sizeof(to));
409
ret = connect(tcp_sd, (struct sockaddr *) &to, sizeof(to));
511
410
if (ret < 0){
512
411
perror("connect");
513
412
return -1;
514
413
}
515
516
const char *out = mandos_protocol_version;
517
written = 0;
518
while (true){
519
size_t out_size = strlen(out);
520
ret = TEMP_FAILURE_RETRY(write(tcp_sd, out + written,
521
out_size - written));
522
if (ret == -1){
523
perror("write");
524
retval = -1;
525
goto mandos_end;
526
}
527
written += (size_t)ret;
528
if(written < out_size){
529
continue;
530
} else {
531
if (out == mandos_protocol_version){
532
written = 0;
533
out = "\r\n";
534
} else {
535
break;
536
}
537
}
414
415
ret = initgnutls (&es);
416
if (ret != 0){
417
retval = -1;
418
return -1;
538
419
}
539
420
421
gnutls_transport_set_ptr (es.session,
422
(gnutls_transport_ptr_t) tcp_sd);
423
540
424
if(debug){
541
425
fprintf(stderr, "Establishing TLS session with %s\n", ip);
542
426
}
543
427
544
gnutls_transport_set_ptr (session, (gnutls_transport_ptr_t) tcp_sd);
545
546
do{
547
ret = gnutls_handshake (session);
548
} while(ret == GNUTLS_E_AGAIN or ret == GNUTLS_E_INTERRUPTED);
428
ret = gnutls_handshake (es.session);
549
429
550
430
if (ret != GNUTLS_E_SUCCESS){
551
if(debug){
552
fprintf(stderr, "*** GnuTLS Handshake failed ***\n");
553
gnutls_perror (ret);
554
}
431
fprintf(stderr, "\n*** Handshake failed ***\n");
432
gnutls_perror (ret);
555
433
retval = -1;
556
goto mandos_end;
434
goto exit;
557
435
}
558
436
559
/* Read OpenPGP packet that contains the wanted password */
437
//Retrieve OpenPGP packet that contains the wanted password
560
438
561
439
if(debug){
562
440
fprintf(stderr, "Retrieving pgp encrypted password from %s\n",
564
442
}
565
443
566
444
while(true){
567
buffer_capacity = adjustbuffer(&buffer, buffer_length,
568
buffer_capacity);
569
if (buffer_capacity == 0){
570
perror("adjustbuffer");
571
retval = -1;
572
goto mandos_end;
445
if (buffer_length + BUFFER_SIZE > buffer_capacity){
446
buffer = realloc(buffer, buffer_capacity + BUFFER_SIZE);
447
if (buffer == NULL){
448
perror("realloc");
449
goto exit;
450
}
451
buffer_capacity += BUFFER_SIZE;
573
452
}
574
453
575
ret = gnutls_record_recv(session, buffer+buffer_length,
576
BUFFER_SIZE);
454
ret = gnutls_record_recv
455
(es.session, buffer+buffer_length, BUFFER_SIZE);
577
456
if (ret == 0){
578
457
break;
579
458
}
583
462
case GNUTLS_E_AGAIN:
584
463
break;
585
464
case GNUTLS_E_REHANDSHAKE:
586
do{
587
ret = gnutls_handshake (session);
588
} while(ret == GNUTLS_E_AGAIN or ret == GNUTLS_E_INTERRUPTED);
465
ret = gnutls_handshake (es.session);
589
466
if (ret < 0){
590
fprintf(stderr, "*** GnuTLS Re-handshake failed ***\n");
467
fprintf(stderr, "\n*** Handshake failed ***\n");
591
468
gnutls_perror (ret);
592
469
retval = -1;
593
goto mandos_end;
470
goto exit;
594
471
}
595
472
break;
596
473
default:
597
474
fprintf(stderr, "Unknown error while reading data from"
598
" encrypted session with Mandos server\n");
475
" encrypted session with mandos server\n");
599
476
retval = -1;
600
gnutls_bye (session, GNUTLS_SHUT_RDWR);
601
goto mandos_end;
477
gnutls_bye (es.session, GNUTLS_SHUT_RDWR);
478
goto exit;
602
479
}
603
480
} else {
604
481
buffer_length += (size_t) ret;
605
482
}
606
483
}
607
484
608
if(debug){
609
fprintf(stderr, "Closing TLS session\n");
610
}
611
612
gnutls_bye (session, GNUTLS_SHUT_RDWR);
613
614
485
if (buffer_length > 0){
615
486
decrypted_buffer_size = pgp_packet_decrypt(buffer,
616
487
buffer_length,
617
488
&decrypted_buffer,
618
keydir);
489
CERT_ROOT);
619
490
if (decrypted_buffer_size >= 0){
620
written = 0;
621
while(written < (size_t) decrypted_buffer_size){
622
ret = (int)fwrite (decrypted_buffer + written, 1,
623
(size_t)decrypted_buffer_size - written,
624
stdout);
491
while(decrypted_buffer_size > 0){
492
ret = fwrite (decrypted_buffer, 1, (size_t)decrypted_buffer_size,
493
stdout);
625
494
if(ret == 0 and ferror(stdout)){
626
495
if(debug){
627
496
fprintf(stderr, "Error writing encrypted data: %s\n",
630
499
retval = -1;
631
500
break;
632
501
}
633
written += (size_t)ret;
502
decrypted_buffer += ret;
503
decrypted_buffer_size -= ret;
634
504
}
635
505
free(decrypted_buffer);
636
506
} else {
637
507
retval = -1;
638
508
}
639
509
}
640
641
/* Shutdown procedure */
642
643
mandos_end:
510
511
//shutdown procedure
512
513
if(debug){
514
fprintf(stderr, "Closing TLS session\n");
515
}
516
644
517
free(buffer);
518
gnutls_bye (es.session, GNUTLS_SHUT_RDWR);
519
exit:
645
520
close(tcp_sd);
646
gnutls_deinit (session);
521
gnutls_deinit (es.session);
522
gnutls_certificate_free_credentials (es.cred);
523
gnutls_global_deinit ();
647
524
return retval;
648
525
}
649
526
650
static void resolve_callback(AvahiSServiceResolver *r,
651
AvahiIfIndex interface,
652
AVAHI_GCC_UNUSED AvahiProtocol protocol,
653
AvahiResolverEvent event,
654
const char *name,
655
const char *type,
656
const char *domain,
657
const char *host_name,
658
const AvahiAddress *address,
659
uint16_t port,
660
AVAHI_GCC_UNUSED AvahiStringList *txt,
661
AVAHI_GCC_UNUSED AvahiLookupResultFlags
662
flags,
663
void* userdata) {
664
mandos_context *mc = userdata;
527
static AvahiSimplePoll *simple_poll = NULL;
528
static AvahiServer *server = NULL;
529
530
static void resolve_callback(
531
AvahiSServiceResolver *r,
532
AVAHI_GCC_UNUSED AvahiIfIndex interface,
533
AVAHI_GCC_UNUSED AvahiProtocol protocol,
534
AvahiResolverEvent event,
535
const char *name,
536
const char *type,
537
const char *domain,
538
const char *host_name,
539
const AvahiAddress *address,
540
uint16_t port,
541
AVAHI_GCC_UNUSED AvahiStringList *txt,
542
AVAHI_GCC_UNUSED AvahiLookupResultFlags flags,
543
AVAHI_GCC_UNUSED void* userdata) {
544
665
545
assert(r);
666
546
667
547
/* Called whenever a service has been resolved successfully or
668
548
timed out */
669
549
670
550
switch (event) {
671
551
default:
672
552
case AVAHI_RESOLVER_FAILURE:
673
fprintf(stderr, "(Avahi Resolver) Failed to resolve service '%s'"
674
" of type '%s' in domain '%s': %s\n", name, type, domain,
675
avahi_strerror(avahi_server_errno(mc->server)));
553
fprintf(stderr, "(Resolver) Failed to resolve service '%s' of"
554
" type '%s' in domain '%s': %s\n", name, type, domain,
555
avahi_strerror(avahi_server_errno(server)));
676
556
break;
677
557
678
558
case AVAHI_RESOLVER_FOUND:
679
559
{
680
560
char ip[AVAHI_ADDRESS_STR_MAX];
681
561
avahi_address_snprint(ip, sizeof(ip), address);
682
562
if(debug){
683
fprintf(stderr, "Mandos server \"%s\" found on %s (%s, %"
684
PRIu16 ") on port %d\n", name, host_name, ip,
685
interface, port);
563
fprintf(stderr, "Mandos server found on %s (%s) on port %d\n",
564
host_name, ip, port);
686
565
}
687
int ret = start_mandos_communication(ip, port, interface, mc);
566
int ret = start_mandos_communication(ip, port,
567
(unsigned int)
568
interface);
688
569
if (ret == 0){
689
avahi_simple_poll_quit(mc->simple_poll);
570
exit(EXIT_SUCCESS);
571
} else {
572
exit(EXIT_FAILURE);
690
573
}
691
574
}
692
575
}
693
576
avahi_s_service_resolver_free(r);
694
577
}
695
578
696
static void browse_callback( AvahiSServiceBrowser *b,
697
AvahiIfIndex interface,
698
AvahiProtocol protocol,
699
AvahiBrowserEvent event,
700
const char *name,
701
const char *type,
702
const char *domain,
703
AVAHI_GCC_UNUSED AvahiLookupResultFlags
704
flags,
705
void* userdata) {
706
mandos_context *mc = userdata;
707
assert(b);
708
709
/* Called whenever a new services becomes available on the LAN or
710
is removed from the LAN */
711
712
switch (event) {
713
default:
714
case AVAHI_BROWSER_FAILURE:
715
716
fprintf(stderr, "(Avahi browser) %s\n",
717
avahi_strerror(avahi_server_errno(mc->server)));
718
avahi_simple_poll_quit(mc->simple_poll);
719
return;
720
721
case AVAHI_BROWSER_NEW:
722
/* We ignore the returned Avahi resolver object. In the callback
723
function we free it. If the Avahi server is terminated before
724
the callback function is called the Avahi server will free the
725
resolver for us. */
726
727
if (!(avahi_s_service_resolver_new(mc->server, interface,
728
protocol, name, type, domain,
729
AVAHI_PROTO_INET6, 0,
730
resolve_callback, mc)))
731
fprintf(stderr, "Avahi: Failed to resolve service '%s': %s\n",
732
name, avahi_strerror(avahi_server_errno(mc->server)));
733
break;
734
735
case AVAHI_BROWSER_REMOVE:
736
break;
737
738
case AVAHI_BROWSER_ALL_FOR_NOW:
739
case AVAHI_BROWSER_CACHE_EXHAUSTED:
740
if(debug){
741
fprintf(stderr, "No Mandos server found, still searching...\n");
579
static void browse_callback(
580
AvahiSServiceBrowser *b,
581
AvahiIfIndex interface,
582
AvahiProtocol protocol,
583
AvahiBrowserEvent event,
584
const char *name,
585
const char *type,
586
const char *domain,
587
AVAHI_GCC_UNUSED AvahiLookupResultFlags flags,
588
void* userdata) {
589
590
AvahiServer *s = userdata;
591
assert(b);
592
593
/* Called whenever a new services becomes available on the LAN or
594
is removed from the LAN */
595
596
switch (event) {
597
default:
598
case AVAHI_BROWSER_FAILURE:
599
600
fprintf(stderr, "(Browser) %s\n",
601
avahi_strerror(avahi_server_errno(server)));
602
avahi_simple_poll_quit(simple_poll);
603
return;
604
605
case AVAHI_BROWSER_NEW:
606
/* We ignore the returned resolver object. In the callback
607
function we free it. If the server is terminated before
608
the callback function is called the server will free
609
the resolver for us. */
610
611
if (!(avahi_s_service_resolver_new(s, interface, protocol, name,
612
type, domain,
613
AVAHI_PROTO_INET6, 0,
614
resolve_callback, s)))
615
fprintf(stderr, "Failed to resolve service '%s': %s\n", name,
616
avahi_strerror(avahi_server_errno(s)));
617
break;
618
619
case AVAHI_BROWSER_REMOVE:
620
break;
621
622
case AVAHI_BROWSER_ALL_FOR_NOW:
623
case AVAHI_BROWSER_CACHE_EXHAUSTED:
624
break;
742
625
}
743
break;
744
}
745
}
746
747
/* Combines file name and path and returns the malloced new
748
string. some sane checks could/should be added */
749
static char *combinepath(const char *first, const char *second){
750
char *tmp;
751
int ret = asprintf(&tmp, "%s/%s", first, second);
752
if(ret < 0){
753
return NULL;
754
}
755
return tmp;
756
}
757
758
759
int main(int argc, char *argv[]){
626
}
627
628
int main(AVAHI_GCC_UNUSED int argc, AVAHI_GCC_UNUSED char*argv[]) {
629
AvahiServerConfig config;
760
630
AvahiSServiceBrowser *sb = NULL;
761
631
int error;
762
632
int ret;
763
int exitcode = EXIT_SUCCESS;
633
int returncode = EXIT_SUCCESS;
764
634
const char *interface = "eth0";
765
struct ifreq network;
766
int sd;
767
uid_t uid;
768
gid_t gid;
769
char *connect_to = NULL;
770
AvahiIfIndex if_index = AVAHI_IF_UNSPEC;
771
char *pubkeyfilename = NULL;
772
char *seckeyfilename = NULL;
773
const char *pubkeyname = "pubkey.txt";
774
const char *seckeyname = "seckey.txt";
775
mandos_context mc = { .simple_poll = NULL, .server = NULL,
776
.dh_bits = 1024, .priority = "SECURE256"};
777
bool gnutls_initalized = false;
778
779
{
780
struct argp_option options[] = {
781
{ .name = "debug", .key = 128,
782
.doc = "Debug mode", .group = 3 },
783
{ .name = "connect", .key = 'c',
784
.arg = "IP",
785
.doc = "Connect directly to a sepcified mandos server",
786
.group = 1 },
787
{ .name = "interface", .key = 'i',
788
.arg = "INTERFACE",
789
.doc = "Interface that Avahi will conntect through",
790
.group = 1 },
791
{ .name = "keydir", .key = 'd',
792
.arg = "KEYDIR",
793
.doc = "Directory where the openpgp keyring is",
794
.group = 1 },
795
{ .name = "seckey", .key = 's',
796
.arg = "SECKEY",
797
.doc = "Secret openpgp key for gnutls authentication",
798
.group = 1 },
799
{ .name = "pubkey", .key = 'p',
800
.arg = "PUBKEY",
801
.doc = "Public openpgp key for gnutls authentication",
802
.group = 2 },
803
{ .name = "dh-bits", .key = 129,
804
.arg = "BITS",
805
.doc = "dh-bits to use in gnutls communication",
806
.group = 2 },
807
{ .name = "priority", .key = 130,
808
.arg = "PRIORITY",
809
.doc = "GNUTLS priority", .group = 1 },
810
{ .name = NULL }
811
};
812
813
814
error_t parse_opt (int key, char *arg,
815
struct argp_state *state) {
816
/* Get the INPUT argument from `argp_parse', which we know is
817
a pointer to our plugin list pointer. */
818
switch (key) {
819
case 128:
820
debug = true;
821
break;
822
case 'c':
823
connect_to = arg;
824
break;
825
case 'i':
826
interface = arg;
827
break;
828
case 'd':
829
keydir = arg;
830
break;
831
case 's':
832
seckeyname = arg;
833
break;
834
case 'p':
835
pubkeyname = arg;
836
break;
837
case 129:
838
errno = 0;
839
mc.dh_bits = (unsigned int) strtol(arg, NULL, 10);
840
if (errno){
841
perror("strtol");
842
exit(EXIT_FAILURE);
843
}
844
break;
845
case 130:
846
mc.priority = arg;
847
break;
848
case ARGP_KEY_ARG:
849
argp_usage (state);
850
case ARGP_KEY_END:
851
break;
852
default:
853
return ARGP_ERR_UNKNOWN;
854
}
855
return 0;
856
}
857
858
struct argp argp = { .options = options, .parser = parse_opt,
859
.args_doc = "",
860
.doc = "Mandos client -- Get and decrypt"
861
" passwords from mandos server" };
862
ret = argp_parse (&argp, argc, argv, 0, 0, NULL);
863
if (ret == ARGP_ERR_UNKNOWN){
864
fprintf(stderr, "Unknown error while parsing arguments\n");
865
exitcode = EXIT_FAILURE;
866
goto end;
867
}
868
}
869
870
pubkeyfilename = combinepath(keydir, pubkeyname);
871
if (pubkeyfilename == NULL){
872
perror("combinepath");
873
exitcode = EXIT_FAILURE;
874
goto end;
875
}
876
877
seckeyfilename = combinepath(keydir, seckeyname);
878
if (seckeyfilename == NULL){
879
perror("combinepath");
880
exitcode = EXIT_FAILURE;
881
goto end;
882
}
883
884
ret = init_gnutls_global(&mc, pubkeyfilename, seckeyfilename);
885
if (ret == -1){
886
fprintf(stderr, "init_gnutls_global failed\n");
887
exitcode = EXIT_FAILURE;
888
goto end;
889
} else {
890
gnutls_initalized = true;
891
}
892
893
/* If the interface is down, bring it up */
894
{
895
sd = socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP);
896
if(sd < 0) {
897
perror("socket");
898
exitcode = EXIT_FAILURE;
899
goto end;
900
}
901
strcpy(network.ifr_name, interface);
902
ret = ioctl(sd, SIOCGIFFLAGS, &network);
903
if(ret == -1){
904
perror("ioctl SIOCGIFFLAGS");
905
exitcode = EXIT_FAILURE;
906
goto end;
907
}
908
if((network.ifr_flags & IFF_UP) == 0){
909
network.ifr_flags |= IFF_UP;
910
ret = ioctl(sd, SIOCSIFFLAGS, &network);
911
if(ret == -1){
912
perror("ioctl SIOCSIFFLAGS");
913
exitcode = EXIT_FAILURE;
914
goto end;
915
}
916
}
917
close(sd);
918
}
919
920
uid = getuid();
921
gid = getgid();
922
923
ret = setuid(uid);
924
if (ret == -1){
925
perror("setuid");
926
}
927
928
setgid(gid);
929
if (ret == -1){
930
perror("setgid");
931
}
932
933
if_index = (AvahiIfIndex) if_nametoindex(interface);
934
if(if_index == 0){
935
fprintf(stderr, "No such interface: \"%s\"\n", interface);
936
exit(EXIT_FAILURE);
937
}
938
939
if(connect_to != NULL){
940
/* Connect directly, do not use Zeroconf */
941
/* (Mainly meant for debugging) */
942
char *address = strrchr(connect_to, ':');
943
if(address == NULL){
944
fprintf(stderr, "No colon in address\n");
945
exitcode = EXIT_FAILURE;
946
goto end;
947
}
948
errno = 0;
949
uint16_t port = (uint16_t) strtol(address+1, NULL, 10);
950
if(errno){
951
perror("Bad port number");
952
exitcode = EXIT_FAILURE;
953
goto end;
954
}
955
*address = '\0';
956
address = connect_to;
957
ret = start_mandos_communication(address, port, if_index, &mc);
958
if(ret < 0){
959
exitcode = EXIT_FAILURE;
960
} else {
961
exitcode = EXIT_SUCCESS;
962
}
963
goto end;
635
636
while (true){
637
static struct option long_options[] = {
638
{"debug", no_argument, (int *)&debug, 1},
639
{"interface", required_argument, 0, 'i'},
640
{0, 0, 0, 0} };
641
642
int option_index = 0;
643
ret = getopt_long (argc, argv, "i:", long_options,
644
&option_index);
645
646
if (ret == -1){
647
break;
648
}
649
650
switch(ret){
651
case 0:
652
break;
653
case 'i':
654
interface = optarg;
655
break;
656
default:
657
exit(EXIT_FAILURE);
658
}
964
659
}
965
660
966
661
if (not debug){
967
662
avahi_set_log_function(empty_log);
968
663
}
969
664
970
/* Initialize the pseudo-RNG for Avahi */
665
/* Initialize the psuedo-RNG */
971
666
srand((unsigned int) time(NULL));
972
973
/* Allocate main Avahi loop object */
974
mc.simple_poll = avahi_simple_poll_new();
975
if (mc.simple_poll == NULL) {
976
fprintf(stderr, "Avahi: Failed to create simple poll"
977
" object.\n");
978
exitcode = EXIT_FAILURE;
979
goto end;
980
}
981
982
{
983
AvahiServerConfig config;
984
/* Do not publish any local Zeroconf records */
985
avahi_server_config_init(&config);
986
config.publish_hinfo = 0;
987
config.publish_addresses = 0;
988
config.publish_workstation = 0;
989
config.publish_domain = 0;
990
991
/* Allocate a new server */
992
mc.server = avahi_server_new(avahi_simple_poll_get
993
(mc.simple_poll), &config, NULL,
994
NULL, &error);
995
996
/* Free the Avahi configuration data */
997
avahi_server_config_free(&config);
998
}
999
1000
/* Check if creating the Avahi server object succeeded */
1001
if (mc.server == NULL) {
1002
fprintf(stderr, "Failed to create Avahi server: %s\n",
667
668
/* Allocate main loop object */
669
if (!(simple_poll = avahi_simple_poll_new())) {
670
fprintf(stderr, "Failed to create simple poll object.\n");
671
672
goto exit;
673
}
674
675
/* Do not publish any local records */
676
avahi_server_config_init(&config);
677
config.publish_hinfo = 0;
678
config.publish_addresses = 0;
679
config.publish_workstation = 0;
680
config.publish_domain = 0;
681
682
/* Allocate a new server */
683
server = avahi_server_new(avahi_simple_poll_get(simple_poll),
684
&config, NULL, NULL, &error);
685
686
/* Free the configuration data */
687
avahi_server_config_free(&config);
688
689
/* Check if creating the server object succeeded */
690
if (!server) {
691
fprintf(stderr, "Failed to create server: %s\n",
1003
692
avahi_strerror(error));
1004
exitcode = EXIT_FAILURE;
1005
goto end;
693
returncode = EXIT_FAILURE;
694
goto exit;
1006
695
}
1007
696
1008
/* Create the Avahi service browser */
1009
sb = avahi_s_service_browser_new(mc.server, if_index,
697
/* Create the service browser */
698
sb = avahi_s_service_browser_new(server,
699
(AvahiIfIndex)
700
if_nametoindex(interface),
1010
701
AVAHI_PROTO_INET6,
1011
702
"_mandos._tcp", NULL, 0,
1012
browse_callback, &mc);
1013
if (sb == NULL) {
703
browse_callback, server);
704
if (!sb) {
1014
705
fprintf(stderr, "Failed to create service browser: %s\n",
1015
avahi_strerror(avahi_server_errno(mc.server)));
1016
exitcode = EXIT_FAILURE;
1017
goto end;
706
avahi_strerror(avahi_server_errno(server)));
707
returncode = EXIT_FAILURE;
708
goto exit;
1018
709
}
1019
710
1020
711
/* Run the main loop */
1021
712
1022
713
if (debug){
1023
fprintf(stderr, "Starting Avahi loop search\n");
714
fprintf(stderr, "Starting avahi loop search\n");
1024
715
}
1025
716
1026
avahi_simple_poll_loop(mc.simple_poll);
717
avahi_simple_poll_loop(simple_poll);
1027
718
1028
end:
719
exit:
1029
720
1030
721
if (debug){
1031
722
fprintf(stderr, "%s exiting\n", argv[0]);
1032
723
}
1033
724
1034
725
/* Cleanup things */
1035
if (sb != NULL)
726
if (sb)
1036
727
avahi_s_service_browser_free(sb);
1037
728
1038
if (mc.server != NULL)
1039
avahi_server_free(mc.server);
1040
1041
if (mc.simple_poll != NULL)
1042
avahi_simple_poll_free(mc.simple_poll);
1043
free(pubkeyfilename);
1044
free(seckeyfilename);
1045
1046
if (gnutls_initalized){
1047
gnutls_certificate_free_credentials(mc.cred);
1048
gnutls_global_deinit ();
1049
}
1050
1051
return exitcode;
729
if (server)
730
avahi_server_free(server);
731
732
if (simple_poll)
733
avahi_simple_poll_free(simple_poll);
734
735
return returncode;
1052
736
}
Loggerhead is a web-based interface for Breezy
Version: 2.0.2.dev0