/mandos/trunk : revision 238

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to plugins.d/mandos-client.c

Committer: Teddy Hogeborn
Date: 2008-12-10 01:26:02 UTC
mfrom: (237.1.2 mandos)
Revision ID: teddy@fukt.bsnet.se-20081210012602-vhz3h75xkj24t340

First version of a somewhat complete D-Bus server interface.  Also
change user/group name to "_mandos".

* debian/mandos.postinst: Rename old "mandos" user and group to
                          "_mandos"; create "_mandos" user and group
                          if none exist.
* debian/mandos-client.postinst: - '' -

* initramfs-tools-hook: Try "_mandos" before "mandos" as user and
                        group name.

* mandos (_datetime_to_dbus_struct): New; was previously local.
  (Client.started): Renamed to "last_started".  All users changed.
  (Client.started): New; boolean.
  (Client.dbus_object_path): New.
  (Client.check_command): Renamed to "checker_command".  All users
                          changed.
  (Client.__init__): Set and use "self.dbus_object_path".  Set
                     "self.started".
  (Client.start): Update "self.started".  Emit "self.PropertyChanged"
                  signals for both "started" and "last_started".
  (Client.stop): Update "self.started".  Emit "self.PropertyChanged"
                 signal for "started".
  (Client.checker_callback): Take additional "command" argument.  All
                             callers changed. Emit
                             "self.PropertyChanged" signal.
  (Client.bump_timeout): Emit "self.PropertyChanged" signal for
                         "last_checked_ok".
  (Client.start_checker): Emit "self.PropertyChanged" signal for
                          "checker_running".
  (Client.stop_checker): Emit "self.PropertyChanged" signal for
                         "checker_running".
  (Client.still_valid): Bug fix: use "getattr(self, started, False)"
                        instead of "self.started" in case this client
                        object is so new that the "started" attribute
                        has not been created yet.
  (Client.IntervalChanged, Client.CheckerIsRunning, Client.GetChecker,
  Client.GetCreated, Client.GetFingerprint, Client.GetHost,
  Client.GetInterval, Client.GetName, Client.GetStarted,
  Client.GetTimeout, Client.StateChanged, Client.TimeoutChanged):
  Removed; all callers changed.
  (Client.CheckerCompleted): Add "condition" and "command" arguments.
                             All callers changed.
  (Client.GetAllProperties, Client.PropertyChanged): New.
  (Client.StillValid): Renamed to "IsStillValid".
  (Client.StartChecker): Changed to its own function to avoid the
                         return value from "Client.start_checker()".
  (Client.Stop): Changed to its own function to avoid the return value
                 from "Client.stop()".
  (main): Try "_mandos" before "mandos" as user and group name.
          Removed inner function "remove_from_clients".  New inner
          class "MandosServer".

files added:
.bzr-builddeb

.bzr-builddeb/default.conf

.bzrignore

INSTALL

NEWS

README

common.ent

debian

debian/changelog

debian/compat

debian/control

debian/copyright

debian/mandos-client.README.Debian

debian/mandos-client.config

debian/mandos-client.dirs

debian/mandos-client.docs

debian/mandos-client.links

debian/mandos-client.lintian-overrides

debian/mandos-client.postinst

debian/mandos-client.postrm

debian/mandos-client.templates

debian/mandos.README.Debian

debian/mandos.config

debian/mandos.dirs

debian/mandos.docs

debian/mandos.lintian-overrides

debian/mandos.postinst

debian/mandos.prerm

debian/mandos.templates

debian/po

debian/po/POTFILES.in

debian/po/sv.po

debian/rules

default-mandos

init.d-mandos

legalnotice.xml

mandos.lsm

plugin-runner.conf

plugins.d/askpass-fifo.c

plugins.d/askpass-fifo.xml

plugins.d/splashy.c

plugins.d/splashy.xml

plugins.d/usplash.c

plugins.d/usplash.xml

files removed:
plugins.d/usplash

files renamed:
plugins.d/password-request.c => plugins.d/mandos-client.c

plugins.d/password-request.xml => plugins.d/mandos-client.xml

files modified:
Makefile

TODO

clients.conf

initramfs-tools-hook

initramfs-tools-script

mandos

mandos-clients.conf.xml

mandos-keygen

mandos-keygen.xml

mandos-options.xml

mandos.conf.xml

mandos.xml

overview.xml

plugin-runner.c

plugin-runner.xml

plugins.d/password-prompt.c

plugins.d/password-prompt.xml

Show diffs side-by-side

added added

removed removed

plugins.d/mandos-client.c

* "browse_callback", and parts of "main".

* Everything else is

* This program is free software: you can redistribute it and/or

* modify it under the terms of the GNU General Public License as

#include <sys/types.h> /* socket(), inet_pton(), sockaddr,

sockaddr_in6, PF_INET6,

SOCK_STREAM, INET6_ADDRSTRLEN,

uid_t, gid_t */

#include <inttypes.h> /* PRIu16 */

uid_t, gid_t, open(), opendir(), DIR */

#include <sys/stat.h> /* open() */

#include <sys/socket.h> /* socket(), struct sockaddr_in6,

struct in6_addr, inet_pton(),

connect() */

#include <fcntl.h> /* open() */

#include <dirent.h> /* opendir(), struct dirent, readdir() */

#include <inttypes.h> /* PRIu16 */

#include <assert.h> /* assert() */

#include <errno.h> /* perror(), errno */

#include <time.h> /* time() */

#include <net/if.h> /* ioctl, ifreq, SIOCGIFFLAGS, IFF_UP,

SIOCSIFFLAGS, if_indextoname(),

if_nametoindex(), IF_NAMESIZE */

#include <netinet/in.h>

#include <unistd.h> /* close(), SEEK_SET, off_t, write(),

getuid(), getgid(), setuid(),

setgid() */

#include <netinet/in.h>

#include <arpa/inet.h> /* inet_pton(), htons */

#include <iso646.h> /* not, and */

#include <argp.h> /* struct argp_option, error_t, struct

102

103

#define BUFFER_SIZE 256

100

104

105

#define PATHDIR "/conf/conf.d/mandos"

106

#define SECKEY "seckey.txt"

107

#define PUBKEY "pubkey.txt"

108

101

109

bool debug = false;

102

static const char *keydir = "/conf/conf.d/mandos";

103

110

static const char mandos_protocol_version[] = "1";

104

const char *argp_program_version = "password-request 1.0";

111

const char *argp_program_version = "mandos-client " VERSION;

105

112

const char *argp_program_bug_address = "<mandos@fukt.bsnet.se>";

106

113

107

114

/* Used for passing in values through the Avahi callback functions */

112

119

unsigned int dh_bits;

113

120

gnutls_dh_params_t dh_params;

114

121

const char *priority;

122

gpgme_ctx_t ctx;

115

123

} mandos_context;

116

124

117

125

132

140

}

133

141

134

142

135

* Decrypt OpenPGP data using keyrings in HOMEDIR.

136

* Returns -1 on error

143

* Initialize GPGME.

137

144

138

static ssize_t pgp_packet_decrypt (const char *cryptotext,

139

size_t crypto_size,

140

char **plaintext,

141

const char *homedir){

142

gpgme_data_t dh_crypto, dh_plain;

143

gpgme_ctx_t ctx;

145

static bool init_gpgme(mandos_context *mc, const char *seckey,

146

const char *pubkey, const char *tempdir){

147

int ret;

144

148

gpgme_error_t rc;

145

ssize_t ret;

146

size_t plaintext_capacity = 0;

147

ssize_t plaintext_length = 0;

148

149

gpgme_engine_info_t engine_info;

149

150

151

152

153

* Helper function to insert pub and seckey to the enigne keyring.

154

155

bool import_key(const char *filename){

156

int fd;

157

gpgme_data_t pgp_data;

158

159

fd = TEMP_FAILURE_RETRY(open(filename, O_RDONLY));

160

if(fd == -1){

161

perror("open");

162

return false;

163

}

164

165

rc = gpgme_data_new_from_fd(&pgp_data, fd);

166

if (rc != GPG_ERR_NO_ERROR){

167

fprintf(stderr, "bad gpgme_data_new_from_fd: %s: %s\n",

168

gpgme_strsource(rc), gpgme_strerror(rc));

169

return false;

170

}

171

172

rc = gpgme_op_import(mc->ctx, pgp_data);

173

if (rc != GPG_ERR_NO_ERROR){

174

fprintf(stderr, "bad gpgme_op_import: %s: %s\n",

175

gpgme_strsource(rc), gpgme_strerror(rc));

176

return false;

177

}

178

179

ret = TEMP_FAILURE_RETRY(close(fd));

180

if(ret == -1){

181

perror("close");

182

}

183

gpgme_data_release(pgp_data);

184

return true;

185

}

186

150

187

if (debug){

151

fprintf(stderr, "Trying to decrypt OpenPGP data\n");

188

fprintf(stderr, "Initialize gpgme\n");

152

189

}

153

190

154

191

/* Init GPGME */

157

194

if (rc != GPG_ERR_NO_ERROR){

158

195

fprintf(stderr, "bad gpgme_engine_check_version: %s: %s\n",

159

196

gpgme_strsource(rc), gpgme_strerror(rc));

160

return -1;

197

return false;

161

198

}

162

199

163

/* Set GPGME home directory for the OpenPGP engine only */

200

/* Set GPGME home directory for the OpenPGP engine only */

164

201

rc = gpgme_get_engine_info (&engine_info);

165

202

if (rc != GPG_ERR_NO_ERROR){

166

203

fprintf(stderr, "bad gpgme_get_engine_info: %s: %s\n",

167

204

gpgme_strsource(rc), gpgme_strerror(rc));

168

return -1;

205

return false;

169

206

}

170

207

while(engine_info != NULL){

171

208

if(engine_info->protocol == GPGME_PROTOCOL_OpenPGP){

172

209

gpgme_set_engine_info(GPGME_PROTOCOL_OpenPGP,

173

engine_info->file_name, homedir);

210

engine_info->file_name, tempdir);

174

211

break;

175

212

}

176

213

engine_info = engine_info->next;

177

214

}

178

215

if(engine_info == NULL){

179

fprintf(stderr, "Could not set GPGME home dir to %s\n", homedir);

180

return -1;

216

fprintf(stderr, "Could not set GPGME home dir to %s\n", tempdir);

217

return false;

218

}

219

220

/* Create new GPGME "context" */

221

rc = gpgme_new(&(mc->ctx));

222

if (rc != GPG_ERR_NO_ERROR){

223

fprintf(stderr, "bad gpgme_new: %s: %s\n",

224

gpgme_strsource(rc), gpgme_strerror(rc));

225

return false;

226

}

227

228

if (not import_key(pubkey) or not import_key(seckey)){

229

return false;

230

}

231

232

return true;

233

}

234

235

236

* Decrypt OpenPGP data.

237

* Returns -1 on error

238

239

static ssize_t pgp_packet_decrypt (const mandos_context *mc,

240

const char *cryptotext,

241

size_t crypto_size,

242

char **plaintext){

243

gpgme_data_t dh_crypto, dh_plain;

244

gpgme_error_t rc;

245

ssize_t ret;

246

size_t plaintext_capacity = 0;

247

ssize_t plaintext_length = 0;

248

249

if (debug){

250

fprintf(stderr, "Trying to decrypt OpenPGP data\n");

181

251

}

182

252

183

253

/* Create new GPGME data buffer from memory cryptotext */

198

268

return -1;

199

269

}

200

270

201

/* Create new GPGME "context" */

202

rc = gpgme_new(&ctx);

203

if (rc != GPG_ERR_NO_ERROR){

204

fprintf(stderr, "bad gpgme_new: %s: %s\n",

205

gpgme_strsource(rc), gpgme_strerror(rc));

206

plaintext_length = -1;

207

goto decrypt_end;

208

}

209

210

271

/* Decrypt data from the cryptotext data buffer to the plaintext

211

272

data buffer */

212

rc = gpgme_op_decrypt(ctx, dh_crypto, dh_plain);

273

rc = gpgme_op_decrypt(mc->ctx, dh_crypto, dh_plain);

213

274

if (rc != GPG_ERR_NO_ERROR){

214

275

fprintf(stderr, "bad gpgme_op_decrypt: %s: %s\n",

215

276

gpgme_strsource(rc), gpgme_strerror(rc));

216

277

plaintext_length = -1;

278

if (debug){

279

gpgme_decrypt_result_t result;

280

result = gpgme_op_decrypt_result(mc->ctx);

281

if (result == NULL){

282

fprintf(stderr, "gpgme_op_decrypt_result failed\n");

283

} else {

284

fprintf(stderr, "Unsupported algorithm: %s\n",

285

result->unsupported_algorithm);

286

fprintf(stderr, "Wrong key usage: %u\n",

287

result->wrong_key_usage);

288

if(result->file_name != NULL){

289

fprintf(stderr, "File name: %s\n", result->file_name);

290

}

291

gpgme_recipient_t recipient;

292

recipient = result->recipients;

293

if(recipient){

294

while(recipient != NULL){

295

fprintf(stderr, "Public key algorithm: %s\n",

296

gpgme_pubkey_algo_name(recipient->pubkey_algo));

297

fprintf(stderr, "Key ID: %s\n", recipient->keyid);

298

fprintf(stderr, "Secret key available: %s\n",

299

recipient->status == GPG_ERR_NO_SECKEY

300

? "No" : "Yes");

301

recipient = recipient->next;

302

}

303

}

304

}

305

}

217

306

goto decrypt_end;

218

307

}

219

308

221

310

fprintf(stderr, "Decryption of OpenPGP data succeeded\n");

222

311

}

223

312

224

if (debug){

225

gpgme_decrypt_result_t result;

226

result = gpgme_op_decrypt_result(ctx);

227

if (result == NULL){

228

fprintf(stderr, "gpgme_op_decrypt_result failed\n");

229

} else {

230

fprintf(stderr, "Unsupported algorithm: %s\n",

231

result->unsupported_algorithm);

232

fprintf(stderr, "Wrong key usage: %u\n",

233

result->wrong_key_usage);

234

if(result->file_name != NULL){

235

fprintf(stderr, "File name: %s\n", result->file_name);

236

}

237

gpgme_recipient_t recipient;

238

recipient = result->recipients;

239

if(recipient){

240

while(recipient != NULL){

241

fprintf(stderr, "Public key algorithm: %s\n",

242

gpgme_pubkey_algo_name(recipient->pubkey_algo));

243

fprintf(stderr, "Key ID: %s\n", recipient->keyid);

244

fprintf(stderr, "Secret key available: %s\n",

245

recipient->status == GPG_ERR_NO_SECKEY

246

? "No" : "Yes");

247

recipient = recipient->next;

248

}

249

}

250

}

251

}

252

253

313

/* Seek back to the beginning of the GPGME plaintext data buffer */

254

314

if (gpgme_data_seek(dh_plain, (off_t) 0, SEEK_SET) == -1){

255

perror("pgpme_data_seek");

315

perror("gpgme_data_seek");

256

316

plaintext_length = -1;

257

317

goto decrypt_end;

258

318

}

282

342

}

283

343

plaintext_length += ret;

284

344

}

285

345

286

346

if(debug){

287

347

fprintf(stderr, "Decrypted password is: ");

288

348

for(ssize_t i = 0; i < plaintext_length; i++){

349

409

}

350

410

351

411

if(debug){

352

fprintf(stderr, "Attempting to use OpenPGP certificate %s"

353

" and keyfile %s as GnuTLS credentials\n", pubkeyfilename,

412

fprintf(stderr, "Attempting to use OpenPGP public key %s and"

413

" secret key %s as GnuTLS credentials\n", pubkeyfilename,

354

414

seckeyfilename);

355

415

}

356

416

361

421

fprintf(stderr,

362

422

"Error[%d] while reading the OpenPGP key pair ('%s',"

363

423

" '%s')\n", ret, pubkeyfilename, seckeyfilename);

364

fprintf(stdout, "The GnuTLS error is: %s\n",

424

fprintf(stderr, "The GnuTLS error is: %s\n",

365

425

safer_gnutls_strerror(ret));

366

426

goto globalfail;

367

427

}

381

441

}

382

442

383

443

gnutls_certificate_set_dh_params(mc->cred, mc->dh_params);

384

444

385

445

return 0;

386

446

387

447

globalfail:

388

448

389

449

gnutls_certificate_free_credentials(mc->cred);

390

450

gnutls_global_deinit();

451

gnutls_dh_params_deinit(mc->dh_params);

391

452

return -1;

392

393

453

}

394

454

395

455

static int init_gnutls_session(mandos_context *mc,

467

527

perror("socket");

468

528

return -1;

469

529

}

470

530

471

531

if(debug){

472

532

if(if_indextoname((unsigned int)if_index, interface) == NULL){

473

533

perror("if_indextoname");

512

572

perror("connect");

513

573

return -1;

514

574

}

515

575

516

576

const char *out = mandos_protocol_version;

517

577

written = 0;

518

578

while (true){

536

596

}

537

597

}

538

598

}

539

599

540

600

if(debug){

541

601

fprintf(stderr, "Establishing TLS session with %s\n", ip);

542

602

}

543

603

544

604

gnutls_transport_set_ptr (session, (gnutls_transport_ptr_t) tcp_sd);

545

605

546

606

do{

547

607

ret = gnutls_handshake (session);

548

608

} while(ret == GNUTLS_E_AGAIN or ret == GNUTLS_E_INTERRUPTED);

562

622

fprintf(stderr, "Retrieving pgp encrypted password from %s\n",

563

623

ip);

564

624

}

565

625

566

626

while(true){

567

627

buffer_capacity = adjustbuffer(&buffer, buffer_length,

568

628

buffer_capacity);

612

672

gnutls_bye (session, GNUTLS_SHUT_RDWR);

613

673

614

674

if (buffer_length > 0){

615

decrypted_buffer_size = pgp_packet_decrypt(buffer,

675

decrypted_buffer_size = pgp_packet_decrypt(mc, buffer,

616

676

buffer_length,

617

&decrypted_buffer,

618

keydir);

677

&decrypted_buffer);

619

678

if (decrypted_buffer_size >= 0){

620

679

written = 0;

621

680

while(written < (size_t) decrypted_buffer_size){

636

695

} else {

637

696

retval = -1;

638

697

}

698

} else {

699

retval = -1;

639

700

}

640

701

641

702

/* Shutdown procedure */

642

703

643

704

mandos_end:

644

705

free(buffer);

645

close(tcp_sd);

706

ret = TEMP_FAILURE_RETRY(close(tcp_sd));

707

if(ret == -1){

708

perror("close");

709

}

646

710

gnutls_deinit (session);

647

711

return retval;

648

712

}

744

808

}

745

809

}

746

810

747

/* Combines file name and path and returns the malloced new

748

string. some sane checks could/should be added */

749

static char *combinepath(const char *first, const char *second){

750

char *tmp;

751

int ret = asprintf(&tmp, "%s/%s", first, second);

752

if(ret < 0){

753

return NULL;

754

}

755

return tmp;

756

}

757

758

759

811

int main(int argc, char *argv[]){

760

812

AvahiSServiceBrowser *sb = NULL;

761

813

int error;

767

819

uid_t uid;

768

820

gid_t gid;

769

821

char *connect_to = NULL;

822

char tempdir[] = "/tmp/mandosXXXXXX";

770

823

AvahiIfIndex if_index = AVAHI_IF_UNSPEC;

771

char *pubkeyfilename = NULL;

772

char *seckeyfilename = NULL;

773

const char *pubkeyname = "pubkey.txt";

774

const char *seckeyname = "seckey.txt";

824

const char *seckey = PATHDIR "/" SECKEY;

825

const char *pubkey = PATHDIR "/" PUBKEY;

826

775

827

mandos_context mc = { .simple_poll = NULL, .server = NULL,

776

.dh_bits = 1024, .priority = "SECURE256"};

828

.dh_bits = 1024, .priority = "SECURE256"

829

":!CTYPE-X.509:+CTYPE-OPENPGP" };

777

830

bool gnutls_initalized = false;

831

bool gpgme_initalized = false;

778

832

779

833

{

780

834

struct argp_option options[] = {

781

835

{ .name = "debug", .key = 128,

782

836

.doc = "Debug mode", .group = 3 },

783

837

{ .name = "connect", .key = 'c',

784

.arg = "IP",

785

.doc = "Connect directly to a sepcified mandos server",

838

.arg = "ADDRESS:PORT",

839

.doc = "Connect directly to a specific Mandos server",

786

840

.group = 1 },

787

841

{ .name = "interface", .key = 'i',

788

.arg = "INTERFACE",

789

.doc = "Interface that Avahi will conntect through",

790

.group = 1 },

791

{ .name = "keydir", .key = 'd',

792

.arg = "KEYDIR",

793

.doc = "Directory where the openpgp keyring is",

842

.arg = "NAME",

843

.doc = "Interface that will be used to search for Mandos"

844

" servers",

794

845

.group = 1 },

795

846

{ .name = "seckey", .key = 's',

796

.arg = "SECKEY",

797

.doc = "Secret openpgp key for gnutls authentication",

847

.arg = "FILE",

848

.doc = "OpenPGP secret key file base name",

798

849

.group = 1 },

799

850

{ .name = "pubkey", .key = 'p',

800

.arg = "PUBKEY",

801

.doc = "Public openpgp key for gnutls authentication",

851

.arg = "FILE",

852

.doc = "OpenPGP public key file base name",

802

853

.group = 2 },

803

854

{ .name = "dh-bits", .key = 129,

804

855

.arg = "BITS",

805

.doc = "dh-bits to use in gnutls communication",

856

.doc = "Bit length of the prime number used in the"

857

" Diffie-Hellman key exchange",

806

858

.group = 2 },

807

859

{ .name = "priority", .key = 130,

808

.arg = "PRIORITY",

809

.doc = "GNUTLS priority", .group = 1 },

860

.arg = "STRING",

861

.doc = "GnuTLS priority string for the TLS handshake",

862

.group = 1 },

810

863

{ .name = NULL }

811

864

};

812

813

865

814

866

error_t parse_opt (int key, char *arg,

815

867

struct argp_state *state) {

816

868

/* Get the INPUT argument from `argp_parse', which we know is

817

869

a pointer to our plugin list pointer. */

818

870

switch (key) {

819

case 128:

871

case 128: /* --debug */

820

872

debug = true;

821

873

break;

822

case 'c':

874

case 'c': /* --connect */

823

875

connect_to = arg;

824

876

break;

825

case 'i':

877

case 'i': /* --interface */

826

878

interface = arg;

827

879

break;

828

case 'd':

829

keydir = arg;

830

break;

831

case 's':

832

seckeyname = arg;

833

break;

834

case 'p':

835

pubkeyname = arg;

836

break;

837

case 129:

880

case 's': /* --seckey */

881

seckey = arg;

882

break;

883

case 'p': /* --pubkey */

884

pubkey = arg;

885

break;

886

case 129: /* --dh-bits */

838

887

errno = 0;

839

888

mc.dh_bits = (unsigned int) strtol(arg, NULL, 10);

840

889

if (errno){

842

891

exit(EXIT_FAILURE);

843

892

}

844

893

break;

845

case 130:

894

case 130: /* --priority */

846

895

mc.priority = arg;

847

896

break;

848

897

case ARGP_KEY_ARG:

854

903

}

855

904

return 0;

856

905

}

857

906

858

907

struct argp argp = { .options = options, .parser = parse_opt,

859

908

.args_doc = "",

860

909

.doc = "Mandos client -- Get and decrypt"

861

" passwords from mandos server" };

910

" passwords from a Mandos server" };

862

911

ret = argp_parse (&argp, argc, argv, 0, 0, NULL);

863

912

if (ret == ARGP_ERR_UNKNOWN){

864

913

fprintf(stderr, "Unknown error while parsing arguments\n");

866

915

goto end;

867

916

}

868

917

}

869

870

pubkeyfilename = combinepath(keydir, pubkeyname);

871

if (pubkeyfilename == NULL){

872

perror("combinepath");

873

exitcode = EXIT_FAILURE;

874

goto end;

875

}

876

877

seckeyfilename = combinepath(keydir, seckeyname);

878

if (seckeyfilename == NULL){

879

perror("combinepath");

880

exitcode = EXIT_FAILURE;

881

goto end;

882

}

883

884

ret = init_gnutls_global(&mc, pubkeyfilename, seckeyfilename);

885

if (ret == -1){

886

fprintf(stderr, "init_gnutls_global failed\n");

887

exitcode = EXIT_FAILURE;

888

goto end;

889

} else {

890

gnutls_initalized = true;

891

}

892

918

893

919

/* If the interface is down, bring it up */

894

920

{

914

940

goto end;

915

941

}

916

942

}

917

close(sd);

943

ret = TEMP_FAILURE_RETRY(close(sd));

944

if(ret == -1){

945

perror("close");

946

}

918

947

}

919

948

920

949

uid = getuid();

930

959

perror("setgid");

931

960

}

932

961

962

ret = init_gnutls_global(&mc, pubkey, seckey);

963

if (ret == -1){

964

fprintf(stderr, "init_gnutls_global failed\n");

965

exitcode = EXIT_FAILURE;

966

goto end;

967

} else {

968

gnutls_initalized = true;

969

}

970

971

if(mkdtemp(tempdir) == NULL){

972

perror("mkdtemp");

973

tempdir[0] = '\0';

974

goto end;

975

}

976

977

if(not init_gpgme(&mc, pubkey, seckey, tempdir)){

978

fprintf(stderr, "gpgme_initalized failed\n");

979

exitcode = EXIT_FAILURE;

980

goto end;

981

} else {

982

gpgme_initalized = true;

983

}

984

933

985

if_index = (AvahiIfIndex) if_nametoindex(interface);

934

986

if(if_index == 0){

935

987

fprintf(stderr, "No such interface: \"%s\"\n", interface);

978

1030

exitcode = EXIT_FAILURE;

979

1031

goto end;

980

1032

}

981

1033

982

1034

{

983

1035

AvahiServerConfig config;

984

1036

/* Do not publish any local Zeroconf records */

987

1039

config.publish_addresses = 0;

988

1040

config.publish_workstation = 0;

989

1041

config.publish_domain = 0;

990

1042

991

1043

/* Allocate a new server */

992

1044

mc.server = avahi_server_new(avahi_simple_poll_get

993

1045

(mc.simple_poll), &config, NULL,

994

1046

NULL, &error);

995

1047

996

1048

/* Free the Avahi configuration data */

997

1049

avahi_server_config_free(&config);

998

1050

}

1018

1070

}

1019

1071

1020

1072

/* Run the main loop */

1021

1073

1022

1074

if (debug){

1023

1075

fprintf(stderr, "Starting Avahi loop search\n");

1024

1076

}

1026

1078

avahi_simple_poll_loop(mc.simple_poll);

1027

1079

1028

1080

end:

1029

1081

1030

1082

if (debug){

1031

1083

fprintf(stderr, "%s exiting\n", argv[0]);

1032

1084

}

1037

1089

1038

1090

if (mc.server != NULL)

1039

1091

avahi_server_free(mc.server);

1040

1092

1041

1093

if (mc.simple_poll != NULL)

1042

1094

avahi_simple_poll_free(mc.simple_poll);

1043

free(pubkeyfilename);

1044

free(seckeyfilename);

1045

1095

1046

1096

if (gnutls_initalized){

1047

1097

gnutls_certificate_free_credentials(mc.cred);

1048

1098

gnutls_global_deinit ();

1049

}

1050

1099

gnutls_dh_params_deinit(mc.dh_params);

1100

}

1101

1102

if(gpgme_initalized){

1103

gpgme_release(mc.ctx);

1104

}

1105

1106

/* Removes the temp directory used by GPGME */

1107

if(tempdir[0] != '\0'){

1108

DIR *d;

1109

struct dirent *direntry;

1110

d = opendir(tempdir);

1111

if(d == NULL){

1112

perror("opendir");

1113

} else {

1114

while(true){

1115

direntry = readdir(d);

1116

if(direntry == NULL){

1117

break;

1118

}

1119

if (direntry->d_type == DT_REG){

1120

char *fullname = NULL;

1121

ret = asprintf(&fullname, "%s/%s", tempdir,

1122

direntry->d_name);

1123

if(ret < 0){

1124

perror("asprintf");

1125

continue;

1126

}

1127

ret = unlink(fullname);

1128

if(ret == -1){

1129

fprintf(stderr, "unlink(\"%s\"): %s",

1130

fullname, strerror(errno));

1131

}

1132

free(fullname);

1133

}

1134

}

1135

closedir(d);

1136

}

1137

ret = rmdir(tempdir);

1138

if(ret == -1){

1139

perror("rmdir");

1140

}

1141

}

1142

1051

1143

return exitcode;

1052

1144

}

Older »