To get this branch, use:
bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk
« back to all changes in this revision
Viewing changes to plugins.d/mandosclient.c
- browse files at revision 24.1.11
- compare with another revision
- download diff
- download tarball
- view history from revision 24.1.11
- Committer: Björn Påhlsson
- Date: 2008-08-03 16:08:20 UTC
- mto: (24.1.154 mandos) (237.4.3 mandos-release)
- mto: This revision was merged to the branch mainline in revision 41.
- Revision ID: belorn@braxen-20080803160820-0tw2n3ufebh51e3i
Added support for protocol version handling
- files added:
- ca.pem
- files removed:
- .bzr-builddeb
- debian
- debian/po
- files renamed:
- plugin-runner.c => plugbasedclient.c
- plugins.d/mandos-client.c => plugins.d/mandosclient.c
- plugins.d/password-prompt.c => plugins.d/passprompt.c
- mandos.conf => server.conf
- mandos => server.py
- files modified:
- Makefile
added
removed
plugins.d/mandosclient.c
9
9
* "browse_callback", and parts of "main".
10
10
*
11
11
* Everything else is
12
* Copyright © 2008,2009 Teddy Hogeborn
13
* Copyright © 2008,2009 Björn Påhlsson
12
* Copyright © 2007-2008 Teddy Hogeborn & Björn Påhlsson
14
13
*
15
14
* This program is free software: you can redistribute it and/or
16
15
* modify it under the terms of the GNU General Public License as
33
32
#define _LARGEFILE_SOURCE
34
33
#define _FILE_OFFSET_BITS 64
35
34
36
#define _GNU_SOURCE /* TEMP_FAILURE_RETRY(), asprintf() */
37
38
#include <stdio.h> /* fprintf(), stderr, fwrite(),
39
stdout, ferror() */
40
#include <stdint.h> /* uint16_t, uint32_t */
41
#include <stddef.h> /* NULL, size_t, ssize_t */
42
#include <stdlib.h> /* free(), EXIT_SUCCESS, EXIT_FAILURE,
43
srand() */
44
#include <stdbool.h> /* bool, true */
45
#include <string.h> /* memset(), strcmp(), strlen(),
46
strerror(), asprintf(), strcpy() */
47
#include <sys/ioctl.h> /* ioctl */
48
#include <sys/types.h> /* socket(), inet_pton(), sockaddr,
49
sockaddr_in6, PF_INET6,
50
SOCK_STREAM, INET6_ADDRSTRLEN,
51
uid_t, gid_t, open(), opendir(), DIR */
52
#include <sys/stat.h> /* open() */
53
#include <sys/socket.h> /* socket(), struct sockaddr_in6,
54
struct in6_addr, inet_pton(),
55
connect() */
56
#include <fcntl.h> /* open() */
57
#include <dirent.h> /* opendir(), struct dirent, readdir() */
58
#include <inttypes.h> /* PRIu16 */
59
#include <assert.h> /* assert() */
60
#include <errno.h> /* perror(), errno */
61
#include <time.h> /* time() */
62
#include <net/if.h> /* ioctl, ifreq, SIOCGIFFLAGS, IFF_UP,
63
SIOCSIFFLAGS, if_indextoname(),
64
if_nametoindex(), IF_NAMESIZE */
65
#include <netinet/in.h>
66
#include <unistd.h> /* close(), SEEK_SET, off_t, write(),
67
getuid(), getgid(), setuid(),
68
setgid() */
69
#include <arpa/inet.h> /* inet_pton(), htons */
70
#include <iso646.h> /* not, and */
71
#include <argp.h> /* struct argp_option, error_t, struct
72
argp_state, struct argp,
73
argp_parse(), ARGP_KEY_ARG,
74
ARGP_KEY_END, ARGP_ERR_UNKNOWN */
75
76
/* Avahi */
77
/* All Avahi types, constants and functions
78
Avahi*, avahi_*,
79
AVAHI_* */
35
#define _GNU_SOURCE /* TEMP_FAILURE_RETRY() */
36
37
#include <stdio.h>
38
#include <assert.h>
39
#include <stdlib.h>
40
#include <time.h>
41
#include <net/if.h> /* if_nametoindex */
42
#include <sys/ioctl.h> // ioctl, ifreq, SIOCGIFFLAGS, IFF_UP, SIOCSIFFLAGS
43
#include <net/if.h> // ioctl, ifreq, SIOCGIFFLAGS, IFF_UP, SIOCSIFFLAGS
44
80
45
#include <avahi-core/core.h>
81
46
#include <avahi-core/lookup.h>
82
47
#include <avahi-core/log.h>
84
49
#include <avahi-common/malloc.h>
85
50
#include <avahi-common/error.h>
86
51
87
/* GnuTLS */
88
#include <gnutls/gnutls.h> /* All GnuTLS types, constants and
89
functions:
90
gnutls_*
91
init_gnutls_session(),
92
GNUTLS_* */
93
#include <gnutls/openpgp.h> /* gnutls_certificate_set_openpgp_key_file(),
94
GNUTLS_OPENPGP_FMT_BASE64 */
95
96
/* GPGME */
97
#include <gpgme.h> /* All GPGME types, constants and
98
functions:
99
gpgme_*
100
GPGME_PROTOCOL_OpenPGP,
101
GPG_ERR_NO_* */
52
//mandos client part
53
#include <sys/types.h> /* socket(), inet_pton() */
54
#include <sys/socket.h> /* socket(), struct sockaddr_in6,
55
struct in6_addr, inet_pton() */
56
#include <gnutls/gnutls.h> /* All GnuTLS stuff */
57
#include <gnutls/openpgp.h> /* GnuTLS with openpgp stuff */
58
59
#include <unistd.h> /* close() */
60
#include <netinet/in.h>
61
#include <stdbool.h> /* true */
62
#include <string.h> /* memset */
63
#include <arpa/inet.h> /* inet_pton() */
64
#include <iso646.h> /* not */
65
66
// gpgme
67
#include <errno.h> /* perror() */
68
#include <gpgme.h>
69
70
// getopt long
71
#include <getopt.h>
102
72
103
73
#define BUFFER_SIZE 256
74
#define DH_BITS 1024
104
75
105
#define PATHDIR "/conf/conf.d/mandos"
106
#define SECKEY "seckey.txt"
107
#define PUBKEY "pubkey.txt"
76
static const char *certdir = "/conf/conf.d/mandos";
77
static const char *certfile = "openpgp-client.txt";
78
static const char *certkey = "openpgp-client-key.txt";
108
79
109
80
bool debug = false;
110
static const char mandos_protocol_version[] = "1";
111
const char *argp_program_version = "mandos-client " VERSION;
112
const char *argp_program_bug_address = "<mandos@fukt.bsnet.se>";
113
114
/* Used for passing in values through the Avahi callback functions */
81
82
const char mandos_protocol_version[] = "1";
83
115
84
typedef struct {
116
85
AvahiSimplePoll *simple_poll;
117
86
AvahiServer *server;
118
87
gnutls_certificate_credentials_t cred;
119
88
unsigned int dh_bits;
120
gnutls_dh_params_t dh_params;
121
89
const char *priority;
122
gpgme_ctx_t ctx;
123
90
} mandos_context;
124
91
125
/*
126
* Make room in "buffer" for at least BUFFER_SIZE additional bytes.
127
* "buffer_capacity" is how much is currently allocated,
128
* "buffer_length" is how much is already used.
129
*/
130
size_t adjustbuffer(char **buffer, size_t buffer_length,
92
size_t adjustbuffer(char *buffer, size_t buffer_length,
131
93
size_t buffer_capacity){
132
94
if (buffer_length + BUFFER_SIZE > buffer_capacity){
133
*buffer = realloc(*buffer, buffer_capacity + BUFFER_SIZE);
95
buffer = realloc(buffer, buffer_capacity + BUFFER_SIZE);
134
96
if (buffer == NULL){
135
97
return 0;
136
98
}
139
101
return buffer_capacity;
140
102
}
141
103
142
/*
143
* Initialize GPGME.
144
*/
145
static bool init_gpgme(mandos_context *mc, const char *seckey,
146
const char *pubkey, const char *tempdir){
147
int ret;
104
static ssize_t pgp_packet_decrypt (char *packet, size_t packet_size,
105
char **new_packet,
106
const char *homedir){
107
gpgme_data_t dh_crypto, dh_plain;
108
gpgme_ctx_t ctx;
148
109
gpgme_error_t rc;
110
ssize_t ret;
111
size_t new_packet_capacity = 0;
112
ssize_t new_packet_length = 0;
149
113
gpgme_engine_info_t engine_info;
150
151
152
/*
153
* Helper function to insert pub and seckey to the enigne keyring.
154
*/
155
bool import_key(const char *filename){
156
int fd;
157
gpgme_data_t pgp_data;
158
159
fd = TEMP_FAILURE_RETRY(open(filename, O_RDONLY));
160
if(fd == -1){
161
perror("open");
162
return false;
163
}
164
165
rc = gpgme_data_new_from_fd(&pgp_data, fd);
166
if (rc != GPG_ERR_NO_ERROR){
167
fprintf(stderr, "bad gpgme_data_new_from_fd: %s: %s\n",
168
gpgme_strsource(rc), gpgme_strerror(rc));
169
return false;
170
}
171
172
rc = gpgme_op_import(mc->ctx, pgp_data);
173
if (rc != GPG_ERR_NO_ERROR){
174
fprintf(stderr, "bad gpgme_op_import: %s: %s\n",
175
gpgme_strsource(rc), gpgme_strerror(rc));
176
return false;
177
}
178
179
ret = TEMP_FAILURE_RETRY(close(fd));
180
if(ret == -1){
181
perror("close");
182
}
183
gpgme_data_release(pgp_data);
184
return true;
185
}
186
114
187
115
if (debug){
188
fprintf(stderr, "Initialize gpgme\n");
116
fprintf(stderr, "Trying to decrypt OpenPGP packet\n");
189
117
}
190
118
191
119
/* Init GPGME */
194
122
if (rc != GPG_ERR_NO_ERROR){
195
123
fprintf(stderr, "bad gpgme_engine_check_version: %s: %s\n",
196
124
gpgme_strsource(rc), gpgme_strerror(rc));
197
return false;
125
return -1;
198
126
}
199
127
200
/* Set GPGME home directory for the OpenPGP engine only */
128
/* Set GPGME home directory */
201
129
rc = gpgme_get_engine_info (&engine_info);
202
130
if (rc != GPG_ERR_NO_ERROR){
203
131
fprintf(stderr, "bad gpgme_get_engine_info: %s: %s\n",
204
132
gpgme_strsource(rc), gpgme_strerror(rc));
205
return false;
133
return -1;
206
134
}
207
135
while(engine_info != NULL){
208
136
if(engine_info->protocol == GPGME_PROTOCOL_OpenPGP){
209
137
gpgme_set_engine_info(GPGME_PROTOCOL_OpenPGP,
210
engine_info->file_name, tempdir);
138
engine_info->file_name, homedir);
211
139
break;
212
140
}
213
141
engine_info = engine_info->next;
214
142
}
215
143
if(engine_info == NULL){
216
fprintf(stderr, "Could not set GPGME home dir to %s\n", tempdir);
217
return false;
218
}
219
220
/* Create new GPGME "context" */
221
rc = gpgme_new(&(mc->ctx));
222
if (rc != GPG_ERR_NO_ERROR){
223
fprintf(stderr, "bad gpgme_new: %s: %s\n",
224
gpgme_strsource(rc), gpgme_strerror(rc));
225
return false;
226
}
227
228
if (not import_key(pubkey) or not import_key(seckey)){
229
return false;
230
}
231
232
return true;
233
}
234
235
/*
236
* Decrypt OpenPGP data.
237
* Returns -1 on error
238
*/
239
static ssize_t pgp_packet_decrypt (const mandos_context *mc,
240
const char *cryptotext,
241
size_t crypto_size,
242
char **plaintext){
243
gpgme_data_t dh_crypto, dh_plain;
244
gpgme_error_t rc;
245
ssize_t ret;
246
size_t plaintext_capacity = 0;
247
ssize_t plaintext_length = 0;
248
249
if (debug){
250
fprintf(stderr, "Trying to decrypt OpenPGP data\n");
251
}
252
253
/* Create new GPGME data buffer from memory cryptotext */
254
rc = gpgme_data_new_from_mem(&dh_crypto, cryptotext, crypto_size,
255
0);
144
fprintf(stderr, "Could not set home dir to %s\n", homedir);
145
return -1;
146
}
147
148
/* Create new GPGME data buffer from packet buffer */
149
rc = gpgme_data_new_from_mem(&dh_crypto, packet, packet_size, 0);
256
150
if (rc != GPG_ERR_NO_ERROR){
257
151
fprintf(stderr, "bad gpgme_data_new_from_mem: %s: %s\n",
258
152
gpgme_strsource(rc), gpgme_strerror(rc));
264
158
if (rc != GPG_ERR_NO_ERROR){
265
159
fprintf(stderr, "bad gpgme_data_new: %s: %s\n",
266
160
gpgme_strsource(rc), gpgme_strerror(rc));
267
gpgme_data_release(dh_crypto);
268
return -1;
269
}
270
271
/* Decrypt data from the cryptotext data buffer to the plaintext
272
data buffer */
273
rc = gpgme_op_decrypt(mc->ctx, dh_crypto, dh_plain);
161
return -1;
162
}
163
164
/* Create new GPGME "context" */
165
rc = gpgme_new(&ctx);
166
if (rc != GPG_ERR_NO_ERROR){
167
fprintf(stderr, "bad gpgme_new: %s: %s\n",
168
gpgme_strsource(rc), gpgme_strerror(rc));
169
return -1;
170
}
171
172
/* Decrypt data from the FILE pointer to the plaintext data
173
buffer */
174
rc = gpgme_op_decrypt(ctx, dh_crypto, dh_plain);
274
175
if (rc != GPG_ERR_NO_ERROR){
275
176
fprintf(stderr, "bad gpgme_op_decrypt: %s: %s\n",
276
177
gpgme_strsource(rc), gpgme_strerror(rc));
277
plaintext_length = -1;
278
if (debug){
279
gpgme_decrypt_result_t result;
280
result = gpgme_op_decrypt_result(mc->ctx);
281
if (result == NULL){
282
fprintf(stderr, "gpgme_op_decrypt_result failed\n");
283
} else {
284
fprintf(stderr, "Unsupported algorithm: %s\n",
285
result->unsupported_algorithm);
286
fprintf(stderr, "Wrong key usage: %u\n",
287
result->wrong_key_usage);
288
if(result->file_name != NULL){
289
fprintf(stderr, "File name: %s\n", result->file_name);
290
}
291
gpgme_recipient_t recipient;
292
recipient = result->recipients;
293
if(recipient){
294
while(recipient != NULL){
295
fprintf(stderr, "Public key algorithm: %s\n",
296
gpgme_pubkey_algo_name(recipient->pubkey_algo));
297
fprintf(stderr, "Key ID: %s\n", recipient->keyid);
298
fprintf(stderr, "Secret key available: %s\n",
299
recipient->status == GPG_ERR_NO_SECKEY
300
? "No" : "Yes");
301
recipient = recipient->next;
302
}
178
return -1;
179
}
180
181
if(debug){
182
fprintf(stderr, "Decryption of OpenPGP packet succeeded\n");
183
}
184
185
if (debug){
186
gpgme_decrypt_result_t result;
187
result = gpgme_op_decrypt_result(ctx);
188
if (result == NULL){
189
fprintf(stderr, "gpgme_op_decrypt_result failed\n");
190
} else {
191
fprintf(stderr, "Unsupported algorithm: %s\n",
192
result->unsupported_algorithm);
193
fprintf(stderr, "Wrong key usage: %d\n",
194
result->wrong_key_usage);
195
if(result->file_name != NULL){
196
fprintf(stderr, "File name: %s\n", result->file_name);
197
}
198
gpgme_recipient_t recipient;
199
recipient = result->recipients;
200
if(recipient){
201
while(recipient != NULL){
202
fprintf(stderr, "Public key algorithm: %s\n",
203
gpgme_pubkey_algo_name(recipient->pubkey_algo));
204
fprintf(stderr, "Key ID: %s\n", recipient->keyid);
205
fprintf(stderr, "Secret key available: %s\n",
206
recipient->status == GPG_ERR_NO_SECKEY
207
? "No" : "Yes");
208
recipient = recipient->next;
303
209
}
304
210
}
305
211
}
306
goto decrypt_end;
307
212
}
308
213
309
if(debug){
310
fprintf(stderr, "Decryption of OpenPGP data succeeded\n");
311
}
214
/* Delete the GPGME FILE pointer cryptotext data buffer */
215
gpgme_data_release(dh_crypto);
312
216
313
217
/* Seek back to the beginning of the GPGME plaintext data buffer */
314
218
if (gpgme_data_seek(dh_plain, (off_t) 0, SEEK_SET) == -1){
315
perror("gpgme_data_seek");
316
plaintext_length = -1;
317
goto decrypt_end;
219
perror("pgpme_data_seek");
318
220
}
319
221
320
*plaintext = NULL;
222
*new_packet = 0;
321
223
while(true){
322
plaintext_capacity = adjustbuffer(plaintext,
323
(size_t)plaintext_length,
324
plaintext_capacity);
325
if (plaintext_capacity == 0){
224
new_packet_capacity = adjustbuffer(*new_packet, new_packet_length,
225
new_packet_capacity);
226
if (new_packet_capacity == 0){
326
227
perror("adjustbuffer");
327
plaintext_length = -1;
328
goto decrypt_end;
228
return -1;
229
}
230
new_packet_capacity += BUFFER_SIZE;
329
231
}
330
232
331
ret = gpgme_data_read(dh_plain, *plaintext + plaintext_length,
233
ret = gpgme_data_read(dh_plain, *new_packet + new_packet_length,
332
234
BUFFER_SIZE);
333
235
/* Print the data, if any */
334
236
if (ret == 0){
335
/* EOF */
336
237
break;
337
238
}
338
239
if(ret < 0){
339
240
perror("gpgme_data_read");
340
plaintext_length = -1;
341
goto decrypt_end;
342
}
343
plaintext_length += ret;
344
}
345
346
if(debug){
347
fprintf(stderr, "Decrypted password is: ");
348
for(ssize_t i = 0; i < plaintext_length; i++){
349
fprintf(stderr, "%02hhX ", (*plaintext)[i]);
350
}
351
fprintf(stderr, "\n");
352
}
353
354
decrypt_end:
355
356
/* Delete the GPGME cryptotext data buffer */
357
gpgme_data_release(dh_crypto);
241
return -1;
242
}
243
new_packet_length += ret;
244
}
245
246
/* FIXME: check characters before printing to screen so to not print
247
terminal control characters */
248
/* if(debug){ */
249
/* fprintf(stderr, "decrypted password is: "); */
250
/* fwrite(*new_packet, 1, new_packet_length, stderr); */
251
/* fprintf(stderr, "\n"); */
252
/* } */
358
253
359
254
/* Delete the GPGME plaintext data buffer */
360
255
gpgme_data_release(dh_plain);
361
return plaintext_length;
256
return new_packet_length;
362
257
}
363
258
364
259
static const char * safer_gnutls_strerror (int value) {
365
const char *ret = gnutls_strerror (value); /* Spurious warning */
260
const char *ret = gnutls_strerror (value);
366
261
if (ret == NULL)
367
262
ret = "(unknown)";
368
263
return ret;
369
264
}
370
265
371
/* GnuTLS log function callback */
372
266
static void debuggnutls(__attribute__((unused)) int level,
373
267
const char* string){
374
fprintf(stderr, "GnuTLS: %s", string);
268
fprintf(stderr, "%s", string);
375
269
}
376
270
377
static int init_gnutls_global(mandos_context *mc,
378
const char *pubkeyfilename,
379
const char *seckeyfilename){
271
static int initgnutls(mandos_context *mc){
272
const char *err;
380
273
int ret;
381
274
382
275
if(debug){
383
276
fprintf(stderr, "Initializing GnuTLS\n");
384
277
}
385
386
ret = gnutls_global_init();
387
if (ret != GNUTLS_E_SUCCESS) {
388
fprintf (stderr, "GnuTLS global_init: %s\n",
389
safer_gnutls_strerror(ret));
278
279
if ((ret = gnutls_global_init ())
280
!= GNUTLS_E_SUCCESS) {
281
fprintf (stderr, "global_init: %s\n", safer_gnutls_strerror(ret));
390
282
return -1;
391
283
}
392
284
393
285
if (debug){
394
/* "Use a log level over 10 to enable all debugging options."
395
* - GnuTLS manual
396
*/
397
286
gnutls_global_set_log_level(11);
398
287
gnutls_global_set_log_function(debuggnutls);
399
288
}
400
289
401
/* OpenPGP credentials */
402
gnutls_certificate_allocate_credentials(&mc->cred);
403
if (ret != GNUTLS_E_SUCCESS){
404
fprintf (stderr, "GnuTLS memory error: %s\n", /* Spurious
405
warning */
290
/* openpgp credentials */
291
if ((ret = gnutls_certificate_allocate_credentials (&es->cred))
292
!= GNUTLS_E_SUCCESS) {
293
fprintf (stderr, "memory error: %s\n",
406
294
safer_gnutls_strerror(ret));
407
gnutls_global_deinit ();
408
295
return -1;
409
296
}
410
297
411
298
if(debug){
412
fprintf(stderr, "Attempting to use OpenPGP public key %s and"
413
" secret key %s as GnuTLS credentials\n", pubkeyfilename,
414
seckeyfilename);
299
fprintf(stderr, "Attempting to use OpenPGP certificate %s"
300
" and keyfile %s as GnuTLS credentials\n", certfile,
301
certkey);
415
302
}
416
303
417
304
ret = gnutls_certificate_set_openpgp_key_file
418
(mc->cred, pubkeyfilename, seckeyfilename,
419
GNUTLS_OPENPGP_FMT_BASE64);
305
(es->cred, certfile, certkey, GNUTLS_OPENPGP_FMT_BASE64);
420
306
if (ret != GNUTLS_E_SUCCESS) {
421
fprintf(stderr,
422
"Error[%d] while reading the OpenPGP key pair ('%s',"
423
" '%s')\n", ret, pubkeyfilename, seckeyfilename);
424
fprintf(stderr, "The GnuTLS error is: %s\n",
307
fprintf
308
(stderr, "Error[%d] while reading the OpenPGP key pair ('%s',"
309
" '%s')\n",
310
ret, certfile, certkey);
311
fprintf(stdout, "The Error is: %s\n",
425
312
safer_gnutls_strerror(ret));
426
goto globalfail;
427
}
428
429
/* GnuTLS server initialization */
430
ret = gnutls_dh_params_init(&mc->dh_params);
431
if (ret != GNUTLS_E_SUCCESS) {
432
fprintf (stderr, "Error in GnuTLS DH parameter initialization:"
433
" %s\n", safer_gnutls_strerror(ret));
434
goto globalfail;
435
}
436
ret = gnutls_dh_params_generate2(mc->dh_params, mc->dh_bits);
437
if (ret != GNUTLS_E_SUCCESS) {
438
fprintf (stderr, "Error in GnuTLS prime generation: %s\n",
439
safer_gnutls_strerror(ret));
440
goto globalfail;
441
}
442
443
gnutls_certificate_set_dh_params(mc->cred, mc->dh_params);
444
445
return 0;
446
447
globalfail:
448
449
gnutls_certificate_free_credentials(mc->cred);
450
gnutls_global_deinit();
451
gnutls_dh_params_deinit(mc->dh_params);
452
return -1;
453
}
454
455
static int init_gnutls_session(mandos_context *mc,
456
gnutls_session_t *session){
457
int ret;
458
/* GnuTLS session creation */
459
ret = gnutls_init(session, GNUTLS_SERVER);
460
if (ret != GNUTLS_E_SUCCESS){
313
return -1;
314
}
315
316
//GnuTLS server initialization
317
if ((ret = gnutls_dh_params_init (&es->dh_params))
318
!= GNUTLS_E_SUCCESS) {
319
fprintf (stderr, "Error in dh parameter initialization: %s\n",
320
safer_gnutls_strerror(ret));
321
return -1;
322
}
323
324
if ((ret = gnutls_dh_params_generate2 (es->dh_params, DH_BITS))
325
!= GNUTLS_E_SUCCESS) {
326
fprintf (stderr, "Error in prime generation: %s\n",
327
safer_gnutls_strerror(ret));
328
return -1;
329
}
330
331
gnutls_certificate_set_dh_params (es->cred, es->dh_params);
332
333
// GnuTLS session creation
334
if ((ret = gnutls_init (&es->session, GNUTLS_SERVER))
335
!= GNUTLS_E_SUCCESS){
461
336
fprintf(stderr, "Error in GnuTLS session initialization: %s\n",
462
337
safer_gnutls_strerror(ret));
463
338
}
464
339
465
{
466
const char *err;
467
ret = gnutls_priority_set_direct(*session, mc->priority, &err);
468
if (ret != GNUTLS_E_SUCCESS) {
469
fprintf(stderr, "Syntax error at: %s\n", err);
470
fprintf(stderr, "GnuTLS error: %s\n",
471
safer_gnutls_strerror(ret));
472
gnutls_deinit (*session);
473
return -1;
474
}
340
if ((ret = gnutls_priority_set_direct (es->session, mc->priority, &err))
341
!= GNUTLS_E_SUCCESS) {
342
fprintf(stderr, "Syntax error at: %s\n", err);
343
fprintf(stderr, "GnuTLS error: %s\n",
344
safer_gnutls_strerror(ret));
345
return -1;
475
346
}
476
347
477
ret = gnutls_credentials_set(*session, GNUTLS_CRD_CERTIFICATE,
478
mc->cred);
479
if (ret != GNUTLS_E_SUCCESS) {
480
fprintf(stderr, "Error setting GnuTLS credentials: %s\n",
348
if ((ret = gnutls_credentials_set
349
(es->session, GNUTLS_CRD_CERTIFICATE, es->cred))
350
!= GNUTLS_E_SUCCESS) {
351
fprintf(stderr, "Error setting a credentials set: %s\n",
481
352
safer_gnutls_strerror(ret));
482
gnutls_deinit (*session);
483
353
return -1;
484
354
}
485
355
486
356
/* ignore client certificate if any. */
487
gnutls_certificate_server_set_request (*session,
357
gnutls_certificate_server_set_request (es->session,
488
358
GNUTLS_CERT_IGNORE);
489
359
490
gnutls_dh_set_prime_bits (*session, mc->dh_bits);
360
gnutls_dh_set_prime_bits (es->session, DH_BITS);
491
361
492
362
return 0;
493
363
}
494
364
495
/* Avahi log function callback */
496
365
static void empty_log(__attribute__((unused)) AvahiLogLevel level,
497
366
__attribute__((unused)) const char *txt){}
498
367
499
/* Called when a Mandos server is found */
500
368
static int start_mandos_communication(const char *ip, uint16_t port,
501
369
AvahiIfIndex if_index,
502
370
mandos_context *mc){
503
371
int ret, tcp_sd;
504
union { struct sockaddr in; struct sockaddr_in6 in6; } to;
372
struct sockaddr_in6 to;
373
encrypted_session es;
505
374
char *buffer = NULL;
506
375
char *decrypted_buffer;
507
376
size_t buffer_length = 0;
510
379
size_t written;
511
380
int retval = 0;
512
381
char interface[IF_NAMESIZE];
513
gnutls_session_t session;
514
515
ret = init_gnutls_session (mc, &session);
516
if (ret != 0){
517
return -1;
518
}
519
382
520
383
if(debug){
521
fprintf(stderr, "Setting up a tcp connection to %s, port %" PRIu16
522
"\n", ip, port);
384
fprintf(stderr, "Setting up a tcp connection to %s, port %d\n",
385
ip, port);
523
386
}
524
387
525
388
tcp_sd = socket(PF_INET6, SOCK_STREAM, 0);
527
390
perror("socket");
528
391
return -1;
529
392
}
530
393
531
394
if(debug){
532
395
if(if_indextoname((unsigned int)if_index, interface) == NULL){
533
perror("if_indextoname");
396
if(debug){
397
perror("if_indextoname");
398
}
534
399
return -1;
535
400
}
401
536
402
fprintf(stderr, "Binding to interface %s\n", interface);
537
403
}
538
404
539
memset(&to, 0, sizeof(to));
540
to.in6.sin6_family = AF_INET6;
541
/* It would be nice to have a way to detect if we were passed an
542
IPv4 address here. Now we assume an IPv6 address. */
543
ret = inet_pton(AF_INET6, ip, &to.in6.sin6_addr);
405
memset(&to,0,sizeof(to)); /* Spurious warning */
406
to.sin6_family = AF_INET6;
407
ret = inet_pton(AF_INET6, ip, &to.sin6_addr);
544
408
if (ret < 0 ){
545
409
perror("inet_pton");
546
410
return -1;
547
}
411
}
548
412
if(ret == 0){
549
413
fprintf(stderr, "Bad address: %s\n", ip);
550
414
return -1;
551
415
}
552
to.in6.sin6_port = htons(port); /* Spurious warning */
416
to.sin6_port = htons(port); /* Spurious warning */
553
417
554
to.in6.sin6_scope_id = (uint32_t)if_index;
418
to.sin6_scope_id = (uint32_t)if_index;
555
419
556
420
if(debug){
557
fprintf(stderr, "Connection to: %s, port %" PRIu16 "\n", ip,
558
port);
559
char addrstr[INET6_ADDRSTRLEN] = "";
560
if(inet_ntop(to.in6.sin6_family, &(to.in6.sin6_addr), addrstr,
561
sizeof(addrstr)) == NULL){
562
perror("inet_ntop");
563
} else {
564
if(strcmp(addrstr, ip) != 0){
565
fprintf(stderr, "Canonical address form: %s\n", addrstr);
566
}
567
}
421
fprintf(stderr, "Connection to: %s, port %d\n", ip, port);
422
/* char addrstr[INET6_ADDRSTRLEN]; */
423
/* if(inet_ntop(to.sin6_family, &(to.sin6_addr), addrstr, */
424
/* sizeof(addrstr)) == NULL){ */
425
/* perror("inet_ntop"); */
426
/* } else { */
427
/* fprintf(stderr, "Really connecting to: %s, port %d\n", */
428
/* addrstr, ntohs(to.sin6_port)); */
429
/* } */
568
430
}
569
431
570
ret = connect(tcp_sd, &to.in, sizeof(to));
432
ret = connect(tcp_sd, (struct sockaddr *) &to, sizeof(to));
571
433
if (ret < 0){
572
434
perror("connect");
573
435
return -1;
574
436
}
575
576
const char *out = mandos_protocol_version;
437
438
char *out = mandos_protocol_version;
577
439
written = 0;
578
440
while (true){
579
441
size_t out_size = strlen(out);
582
444
if (ret == -1){
583
445
perror("write");
584
446
retval = -1;
585
goto mandos_end;
447
goto end;
586
448
}
587
written += (size_t)ret;
449
written += ret;
588
450
if(written < out_size){
589
451
continue;
590
452
} else {
596
458
}
597
459
}
598
460
}
461
462
ret = initgnutls (&es);
463
if (ret != 0){
464
retval = -1;
465
return -1;
466
}
467
468
gnutls_transport_set_ptr (es.session,
469
(gnutls_transport_ptr_t) tcp_sd);
599
470
600
471
if(debug){
601
472
fprintf(stderr, "Establishing TLS session with %s\n", ip);
602
473
}
603
474
604
gnutls_transport_set_ptr (session, (gnutls_transport_ptr_t) tcp_sd);
605
606
do{
607
ret = gnutls_handshake (session);
608
} while(ret == GNUTLS_E_AGAIN or ret == GNUTLS_E_INTERRUPTED);
475
ret = gnutls_handshake (es.session);
609
476
610
477
if (ret != GNUTLS_E_SUCCESS){
611
478
if(debug){
612
fprintf(stderr, "*** GnuTLS Handshake failed ***\n");
479
fprintf(stderr, "\n*** Handshake failed ***\n");
613
480
gnutls_perror (ret);
614
481
}
615
482
retval = -1;
616
goto mandos_end;
483
goto exit;
617
484
}
618
485
619
/* Read OpenPGP packet that contains the wanted password */
486
//Retrieve OpenPGP packet that contains the wanted password
620
487
621
488
if(debug){
622
489
fprintf(stderr, "Retrieving pgp encrypted password from %s\n",
623
490
ip);
624
491
}
625
492
626
493
while(true){
627
buffer_capacity = adjustbuffer(&buffer, buffer_length,
628
buffer_capacity);
494
buffer_capacity = adjustbuffer(buffer, buffer_length, buffer_capacity);
629
495
if (buffer_capacity == 0){
630
496
perror("adjustbuffer");
631
497
retval = -1;
632
goto mandos_end;
498
goto exit;
633
499
}
634
500
635
ret = gnutls_record_recv(session, buffer+buffer_length,
636
BUFFER_SIZE);
501
ret = gnutls_record_recv
502
(es.session, buffer+buffer_length, BUFFER_SIZE);
637
503
if (ret == 0){
638
504
break;
639
505
}
643
509
case GNUTLS_E_AGAIN:
644
510
break;
645
511
case GNUTLS_E_REHANDSHAKE:
646
do{
647
ret = gnutls_handshake (session);
648
} while(ret == GNUTLS_E_AGAIN or ret == GNUTLS_E_INTERRUPTED);
512
ret = gnutls_handshake (es.session);
649
513
if (ret < 0){
650
fprintf(stderr, "*** GnuTLS Re-handshake failed ***\n");
514
fprintf(stderr, "\n*** Handshake failed ***\n");
651
515
gnutls_perror (ret);
652
516
retval = -1;
653
goto mandos_end;
517
goto exit;
654
518
}
655
519
break;
656
520
default:
657
521
fprintf(stderr, "Unknown error while reading data from"
658
" encrypted session with Mandos server\n");
522
" encrypted session with mandos server\n");
659
523
retval = -1;
660
gnutls_bye (session, GNUTLS_SHUT_RDWR);
661
goto mandos_end;
524
gnutls_bye (es.session, GNUTLS_SHUT_RDWR);
525
goto exit;
662
526
}
663
527
} else {
664
528
buffer_length += (size_t) ret;
665
529
}
666
530
}
667
531
668
if(debug){
669
fprintf(stderr, "Closing TLS session\n");
670
}
671
672
gnutls_bye (session, GNUTLS_SHUT_RDWR);
673
674
532
if (buffer_length > 0){
675
decrypted_buffer_size = pgp_packet_decrypt(mc, buffer,
533
decrypted_buffer_size = pgp_packet_decrypt(buffer,
676
534
buffer_length,
677
&decrypted_buffer);
535
&decrypted_buffer,
536
certdir);
678
537
if (decrypted_buffer_size >= 0){
679
538
written = 0;
680
539
while(written < (size_t) decrypted_buffer_size){
695
554
} else {
696
555
retval = -1;
697
556
}
698
} else {
699
retval = -1;
700
}
701
702
/* Shutdown procedure */
703
704
mandos_end:
557
}
558
559
//shutdown procedure
560
561
if(debug){
562
fprintf(stderr, "Closing TLS session\n");
563
}
564
705
565
free(buffer);
706
ret = TEMP_FAILURE_RETRY(close(tcp_sd));
707
if(ret == -1){
708
perror("close");
709
}
710
gnutls_deinit (session);
566
gnutls_bye (es.session, GNUTLS_SHUT_RDWR);
567
exit:
568
close(tcp_sd);
569
gnutls_deinit (es.session);
570
gnutls_certificate_free_credentials (es.cred);
571
gnutls_global_deinit ();
711
572
return retval;
712
573
}
713
574
714
static void resolve_callback(AvahiSServiceResolver *r,
715
AvahiIfIndex interface,
716
AVAHI_GCC_UNUSED AvahiProtocol protocol,
717
AvahiResolverEvent event,
718
const char *name,
719
const char *type,
720
const char *domain,
721
const char *host_name,
722
const AvahiAddress *address,
723
uint16_t port,
724
AVAHI_GCC_UNUSED AvahiStringList *txt,
725
AVAHI_GCC_UNUSED AvahiLookupResultFlags
726
flags,
727
void* userdata) {
575
static void resolve_callback( AvahiSServiceResolver *r,
576
AvahiIfIndex interface,
577
AVAHI_GCC_UNUSED AvahiProtocol protocol,
578
AvahiResolverEvent event,
579
const char *name,
580
const char *type,
581
const char *domain,
582
const char *host_name,
583
const AvahiAddress *address,
584
uint16_t port,
585
AVAHI_GCC_UNUSED AvahiStringList *txt,
586
AVAHI_GCC_UNUSED AvahiLookupResultFlags flags,
587
AVAHI_GCC_UNUSED void* userdata) {
728
588
mandos_context *mc = userdata;
729
assert(r);
589
assert(r); /* Spurious warning */
730
590
731
591
/* Called whenever a service has been resolved successfully or
732
592
timed out */
734
594
switch (event) {
735
595
default:
736
596
case AVAHI_RESOLVER_FAILURE:
737
fprintf(stderr, "(Avahi Resolver) Failed to resolve service '%s'"
738
" of type '%s' in domain '%s': %s\n", name, type, domain,
597
fprintf(stderr, "(Resolver) Failed to resolve service '%s' of"
598
" type '%s' in domain '%s': %s\n", name, type, domain,
739
599
avahi_strerror(avahi_server_errno(mc->server)));
740
600
break;
741
601
744
604
char ip[AVAHI_ADDRESS_STR_MAX];
745
605
avahi_address_snprint(ip, sizeof(ip), address);
746
606
if(debug){
747
fprintf(stderr, "Mandos server \"%s\" found on %s (%s, %"
748
PRIu16 ") on port %d\n", name, host_name, ip,
749
interface, port);
607
fprintf(stderr, "Mandos server \"%s\" found on %s (%s) on"
608
" port %d\n", name, host_name, ip, port);
750
609
}
751
610
int ret = start_mandos_communication(ip, port, interface, mc);
752
611
if (ret == 0){
753
avahi_simple_poll_quit(mc->simple_poll);
612
exit(EXIT_SUCCESS);
754
613
}
755
614
}
756
615
}
764
623
const char *name,
765
624
const char *type,
766
625
const char *domain,
767
AVAHI_GCC_UNUSED AvahiLookupResultFlags
768
flags,
626
AVAHI_GCC_UNUSED AvahiLookupResultFlags flags,
769
627
void* userdata) {
770
628
mandos_context *mc = userdata;
771
assert(b);
629
assert(b); /* Spurious warning */
772
630
773
631
/* Called whenever a new services becomes available on the LAN or
774
632
is removed from the LAN */
776
634
switch (event) {
777
635
default:
778
636
case AVAHI_BROWSER_FAILURE:
779
780
fprintf(stderr, "(Avahi browser) %s\n",
637
638
fprintf(stderr, "(Browser) %s\n",
781
639
avahi_strerror(avahi_server_errno(mc->server)));
782
640
avahi_simple_poll_quit(mc->simple_poll);
783
641
return;
784
642
785
643
case AVAHI_BROWSER_NEW:
786
/* We ignore the returned Avahi resolver object. In the callback
787
function we free it. If the Avahi server is terminated before
788
the callback function is called the Avahi server will free the
789
resolver for us. */
790
791
if (!(avahi_s_service_resolver_new(mc->server, interface,
792
protocol, name, type, domain,
644
/* We ignore the returned resolver object. In the callback
645
function we free it. If the server is terminated before
646
the callback function is called the server will free
647
the resolver for us. */
648
649
if (!(avahi_s_service_resolver_new(mc->server, interface, protocol, name,
650
type, domain,
793
651
AVAHI_PROTO_INET6, 0,
794
652
resolve_callback, mc)))
795
fprintf(stderr, "Avahi: Failed to resolve service '%s': %s\n",
796
name, avahi_strerror(avahi_server_errno(mc->server)));
653
fprintf(stderr, "Failed to resolve service '%s': %s\n", name,
654
avahi_strerror(avahi_server_errno(s)));
797
655
break;
798
656
799
657
case AVAHI_BROWSER_REMOVE:
800
658
break;
801
659
802
660
case AVAHI_BROWSER_ALL_FOR_NOW:
803
661
case AVAHI_BROWSER_CACHE_EXHAUSTED:
804
if(debug){
805
fprintf(stderr, "No Mandos server found, still searching...\n");
806
}
807
662
break;
808
663
}
809
664
}
810
665
811
int main(int argc, char *argv[]){
666
/* Combines file name and path and returns the malloced new
667
string. some sane checks could/should be added */
668
static const char *combinepath(const char *first, const char *second){
669
size_t f_len = strlen(first);
670
size_t s_len = strlen(second);
671
char *tmp = malloc(f_len + s_len + 2);
672
if (tmp == NULL){
673
return NULL;
674
}
675
if(f_len > 0){
676
memcpy(tmp, first, f_len);
677
}
678
tmp[f_len] = '/';
679
if(s_len > 0){
680
memcpy(tmp + f_len + 1, second, s_len);
681
}
682
tmp[f_len + 1 + s_len] = '\0';
683
return tmp;
684
}
685
686
687
int main(AVAHI_GCC_UNUSED int argc, AVAHI_GCC_UNUSED char*argv[]) {
688
AvahiServerConfig config;
812
689
AvahiSServiceBrowser *sb = NULL;
813
690
int error;
814
691
int ret;
815
int exitcode = EXIT_SUCCESS;
692
int returncode = EXIT_SUCCESS;
816
693
const char *interface = "eth0";
817
694
struct ifreq network;
818
695
int sd;
819
uid_t uid;
820
gid_t gid;
821
696
char *connect_to = NULL;
822
char tempdir[] = "/tmp/mandosXXXXXX";
823
697
AvahiIfIndex if_index = AVAHI_IF_UNSPEC;
824
const char *seckey = PATHDIR "/" SECKEY;
825
const char *pubkey = PATHDIR "/" PUBKEY;
826
827
698
mandos_context mc = { .simple_poll = NULL, .server = NULL,
828
.dh_bits = 1024, .priority = "SECURE256"
829
":!CTYPE-X.509:+CTYPE-OPENPGP" };
830
bool gnutls_initalized = false;
831
bool gpgme_initalized = false;
699
.dh_bits = 2048, .priority = "SECURE256"};
832
700
833
{
834
struct argp_option options[] = {
835
{ .name = "debug", .key = 128,
836
.doc = "Debug mode", .group = 3 },
837
{ .name = "connect", .key = 'c',
838
.arg = "ADDRESS:PORT",
839
.doc = "Connect directly to a specific Mandos server",
840
.group = 1 },
841
{ .name = "interface", .key = 'i',
842
.arg = "NAME",
843
.doc = "Interface that will be used to search for Mandos"
844
" servers",
845
.group = 1 },
846
{ .name = "seckey", .key = 's',
847
.arg = "FILE",
848
.doc = "OpenPGP secret key file base name",
849
.group = 1 },
850
{ .name = "pubkey", .key = 'p',
851
.arg = "FILE",
852
.doc = "OpenPGP public key file base name",
853
.group = 2 },
854
{ .name = "dh-bits", .key = 129,
855
.arg = "BITS",
856
.doc = "Bit length of the prime number used in the"
857
" Diffie-Hellman key exchange",
858
.group = 2 },
859
{ .name = "priority", .key = 130,
860
.arg = "STRING",
861
.doc = "GnuTLS priority string for the TLS handshake",
862
.group = 1 },
863
{ .name = NULL }
864
};
865
866
error_t parse_opt (int key, char *arg,
867
struct argp_state *state) {
868
/* Get the INPUT argument from `argp_parse', which we know is
869
a pointer to our plugin list pointer. */
870
switch (key) {
871
case 128: /* --debug */
872
debug = true;
873
break;
874
case 'c': /* --connect */
875
connect_to = arg;
876
break;
877
case 'i': /* --interface */
878
interface = arg;
879
break;
880
case 's': /* --seckey */
881
seckey = arg;
882
break;
883
case 'p': /* --pubkey */
884
pubkey = arg;
885
break;
886
case 129: /* --dh-bits */
701
while (true){
702
static struct option long_options[] = {
703
{"debug", no_argument, (int *)&debug, 1},
704
{"connect", required_argument, 0, 'C'},
705
{"interface", required_argument, 0, 'i'},
706
{"certdir", required_argument, 0, 'd'},
707
{"certkey", required_argument, 0, 'c'},
708
{"certfile", required_argument, 0, 'k'},
709
{"dh_bits", required_argument, 0, 'D'},
710
{"priority", required_argument, 0, 'p'},
711
{0, 0, 0, 0} };
712
713
int option_index = 0;
714
ret = getopt_long (argc, argv, "i:", long_options,
715
&option_index);
716
717
if (ret == -1){
718
break;
719
}
720
721
switch(ret){
722
case 0:
723
break;
724
case 'i':
725
interface = optarg;
726
break;
727
case 'C':
728
connect_to = optarg;
729
break;
730
case 'd':
731
certdir = optarg;
732
break;
733
case 'c':
734
certfile = optarg;
735
break;
736
case 'k':
737
certkey = optarg;
738
break;
739
case 'D':
740
{
741
long int tmp;
887
742
errno = 0;
888
mc.dh_bits = (unsigned int) strtol(arg, NULL, 10);
889
if (errno){
743
tmp = strtol(optarg, NULL, 10);
744
if (errno == ERANGE){
890
745
perror("strtol");
891
746
exit(EXIT_FAILURE);
892
747
}
893
break;
894
case 130: /* --priority */
895
mc.priority = arg;
896
break;
897
case ARGP_KEY_ARG:
898
argp_usage (state);
899
case ARGP_KEY_END:
900
break;
901
default:
902
return ARGP_ERR_UNKNOWN;
903
}
904
return 0;
905
}
906
907
struct argp argp = { .options = options, .parser = parse_opt,
908
.args_doc = "",
909
.doc = "Mandos client -- Get and decrypt"
910
" passwords from a Mandos server" };
911
ret = argp_parse (&argp, argc, argv, 0, 0, NULL);
912
if (ret == ARGP_ERR_UNKNOWN){
913
fprintf(stderr, "Unknown error while parsing arguments\n");
914
exitcode = EXIT_FAILURE;
915
goto end;
916
}
917
}
918
919
/* If the interface is down, bring it up */
920
{
921
sd = socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP);
922
if(sd < 0) {
923
perror("socket");
924
exitcode = EXIT_FAILURE;
925
goto end;
926
}
927
strcpy(network.ifr_name, interface);
928
ret = ioctl(sd, SIOCGIFFLAGS, &network);
929
if(ret == -1){
930
perror("ioctl SIOCGIFFLAGS");
931
exitcode = EXIT_FAILURE;
932
goto end;
933
}
934
if((network.ifr_flags & IFF_UP) == 0){
935
network.ifr_flags |= IFF_UP;
936
ret = ioctl(sd, SIOCSIFFLAGS, &network);
937
if(ret == -1){
938
perror("ioctl SIOCSIFFLAGS");
939
exitcode = EXIT_FAILURE;
940
goto end;
941
}
942
}
943
ret = TEMP_FAILURE_RETRY(close(sd));
944
if(ret == -1){
945
perror("close");
946
}
947
}
948
949
uid = getuid();
950
gid = getgid();
951
952
ret = setuid(uid);
953
if (ret == -1){
954
perror("setuid");
955
}
956
957
setgid(gid);
958
if (ret == -1){
959
perror("setgid");
960
}
961
962
ret = init_gnutls_global(&mc, pubkey, seckey);
963
if (ret == -1){
964
fprintf(stderr, "init_gnutls_global failed\n");
965
exitcode = EXIT_FAILURE;
966
goto end;
967
} else {
968
gnutls_initalized = true;
969
}
970
971
if(mkdtemp(tempdir) == NULL){
972
perror("mkdtemp");
973
tempdir[0] = '\0';
974
goto end;
975
}
976
977
if(not init_gpgme(&mc, pubkey, seckey, tempdir)){
978
fprintf(stderr, "gpgme_initalized failed\n");
979
exitcode = EXIT_FAILURE;
980
goto end;
981
} else {
982
gpgme_initalized = true;
748
mc.dh_bits = tmp;
749
}
750
break;
751
case 'p':
752
mc.priority = optarg;
753
break;
754
default:
755
exit(EXIT_FAILURE);
756
}
757
}
758
759
certfile = combinepath(certdir, certfile);
760
if (certfile == NULL){
761
perror("combinepath");
762
returncode = EXIT_FAILURE;
763
goto exit;
764
}
765
766
certkey = combinepath(certdir, certkey);
767
if (certkey == NULL){
768
perror("combinepath");
769
returncode = EXIT_FAILURE;
770
goto exit;
983
771
}
984
772
985
773
if_index = (AvahiIfIndex) if_nametoindex(interface);
994
782
char *address = strrchr(connect_to, ':');
995
783
if(address == NULL){
996
784
fprintf(stderr, "No colon in address\n");
997
exitcode = EXIT_FAILURE;
998
goto end;
785
exit(EXIT_FAILURE);
999
786
}
1000
787
errno = 0;
1001
788
uint16_t port = (uint16_t) strtol(address+1, NULL, 10);
1002
789
if(errno){
1003
790
perror("Bad port number");
1004
exitcode = EXIT_FAILURE;
1005
goto end;
791
exit(EXIT_FAILURE);
1006
792
}
1007
793
*address = '\0';
1008
794
address = connect_to;
1009
ret = start_mandos_communication(address, port, if_index, &mc);
795
ret = start_mandos_communication(address, port, if_index);
1010
796
if(ret < 0){
1011
exitcode = EXIT_FAILURE;
797
exit(EXIT_FAILURE);
1012
798
} else {
1013
exitcode = EXIT_SUCCESS;
1014
}
1015
goto end;
1016
}
799
exit(EXIT_SUCCESS);
800
}
801
}
802
803
sd = socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP);
804
if(sd < 0) {
805
perror("socket");
806
returncode = EXIT_FAILURE;
807
goto exit;
808
}
809
strcpy(network.ifr_name, interface);
810
ret = ioctl(sd, SIOCGIFFLAGS, &network);
811
if(ret == -1){
812
813
perror("ioctl SIOCGIFFLAGS");
814
returncode = EXIT_FAILURE;
815
goto exit;
816
}
817
if((network.ifr_flags & IFF_UP) == 0){
818
network.ifr_flags |= IFF_UP;
819
ret = ioctl(sd, SIOCSIFFLAGS, &network);
820
if(ret == -1){
821
perror("ioctl SIOCSIFFLAGS");
822
returncode = EXIT_FAILURE;
823
goto exit;
824
}
825
}
826
close(sd);
1017
827
1018
828
if (not debug){
1019
829
avahi_set_log_function(empty_log);
1020
830
}
1021
831
1022
/* Initialize the pseudo-RNG for Avahi */
832
/* Initialize the psuedo-RNG */
1023
833
srand((unsigned int) time(NULL));
1024
1025
/* Allocate main Avahi loop object */
1026
mc.simple_poll = avahi_simple_poll_new();
1027
if (mc.simple_poll == NULL) {
1028
fprintf(stderr, "Avahi: Failed to create simple poll"
1029
" object.\n");
1030
exitcode = EXIT_FAILURE;
1031
goto end;
1032
}
1033
1034
{
1035
AvahiServerConfig config;
1036
/* Do not publish any local Zeroconf records */
1037
avahi_server_config_init(&config);
1038
config.publish_hinfo = 0;
1039
config.publish_addresses = 0;
1040
config.publish_workstation = 0;
1041
config.publish_domain = 0;
1042
1043
/* Allocate a new server */
1044
mc.server = avahi_server_new(avahi_simple_poll_get
1045
(mc.simple_poll), &config, NULL,
1046
NULL, &error);
1047
1048
/* Free the Avahi configuration data */
1049
avahi_server_config_free(&config);
1050
}
1051
1052
/* Check if creating the Avahi server object succeeded */
1053
if (mc.server == NULL) {
1054
fprintf(stderr, "Failed to create Avahi server: %s\n",
834
835
/* Allocate main loop object */
836
if (!(mc.simple_poll = avahi_simple_poll_new())) {
837
fprintf(stderr, "Failed to create simple poll object.\n");
838
returncode = EXIT_FAILURE;
839
goto exit;
840
}
841
842
/* Do not publish any local records */
843
avahi_server_config_init(&config);
844
config.publish_hinfo = 0;
845
config.publish_addresses = 0;
846
config.publish_workstation = 0;
847
config.publish_domain = 0;
848
849
/* Allocate a new server */
850
mc.server = avahi_server_new(avahi_simple_poll_get(simple_poll),
851
&config, NULL, NULL, &error);
852
853
/* Free the configuration data */
854
avahi_server_config_free(&config);
855
856
/* Check if creating the server object succeeded */
857
if (!mc.server) {
858
fprintf(stderr, "Failed to create server: %s\n",
1055
859
avahi_strerror(error));
1056
exitcode = EXIT_FAILURE;
1057
goto end;
860
returncode = EXIT_FAILURE;
861
goto exit;
1058
862
}
1059
863
1060
/* Create the Avahi service browser */
864
/* Create the service browser */
1061
865
sb = avahi_s_service_browser_new(mc.server, if_index,
1062
866
AVAHI_PROTO_INET6,
1063
867
"_mandos._tcp", NULL, 0,
1064
868
browse_callback, &mc);
1065
if (sb == NULL) {
869
if (!sb) {
1066
870
fprintf(stderr, "Failed to create service browser: %s\n",
1067
871
avahi_strerror(avahi_server_errno(mc.server)));
1068
exitcode = EXIT_FAILURE;
1069
goto end;
872
returncode = EXIT_FAILURE;
873
goto exit;
1070
874
}
1071
875
1072
876
/* Run the main loop */
1073
877
1074
878
if (debug){
1075
fprintf(stderr, "Starting Avahi loop search\n");
879
fprintf(stderr, "Starting avahi loop search\n");
1076
880
}
1077
881
1078
avahi_simple_poll_loop(mc.simple_poll);
1079
1080
end:
1081
882
avahi_simple_poll_loop(simple_poll);
883
884
exit:
885
1082
886
if (debug){
1083
887
fprintf(stderr, "%s exiting\n", argv[0]);
1084
888
}
1085
889
1086
890
/* Cleanup things */
1087
if (sb != NULL)
891
if (sb)
1088
892
avahi_s_service_browser_free(sb);
1089
893
1090
if (mc.server != NULL)
894
if (mc.server)
1091
895
avahi_server_free(mc.server);
1092
1093
if (mc.simple_poll != NULL)
1094
avahi_simple_poll_free(mc.simple_poll);
1095
1096
if (gnutls_initalized){
1097
gnutls_certificate_free_credentials(mc.cred);
1098
gnutls_global_deinit ();
1099
gnutls_dh_params_deinit(mc.dh_params);
1100
}
1101
1102
if(gpgme_initalized){
1103
gpgme_release(mc.ctx);
1104
}
1105
1106
/* Removes the temp directory used by GPGME */
1107
if(tempdir[0] != '\0'){
1108
DIR *d;
1109
struct dirent *direntry;
1110
d = opendir(tempdir);
1111
if(d == NULL){
1112
perror("opendir");
1113
} else {
1114
while(true){
1115
direntry = readdir(d);
1116
if(direntry == NULL){
1117
break;
1118
}
1119
if (direntry->d_type == DT_REG){
1120
char *fullname = NULL;
1121
ret = asprintf(&fullname, "%s/%s", tempdir,
1122
direntry->d_name);
1123
if(ret < 0){
1124
perror("asprintf");
1125
continue;
1126
}
1127
ret = unlink(fullname);
1128
if(ret == -1){
1129
fprintf(stderr, "unlink(\"%s\"): %s",
1130
fullname, strerror(errno));
1131
}
1132
free(fullname);
1133
}
1134
}
1135
closedir(d);
1136
}
1137
ret = rmdir(tempdir);
1138
if(ret == -1){
1139
perror("rmdir");
1140
}
1141
}
1142
1143
return exitcode;
896
897
if (simple_poll)
898
avahi_simple_poll_free(simple_poll);
899
free(certfile);
900
free(certkey);
901
902
return returncode;
1144
903
}
Loggerhead is a web-based interface for Breezy
Version: 2.0.2.dev0