To get this branch, use:
bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk
« back to all changes in this revision
Viewing changes to plugins.d/mandosclient.c
- browse files at revision 24.1.13
- compare with another revision
- download diff
- download tarball
- view history from revision 24.1.13
- Committer: Björn Påhlsson
- Date: 2008-08-03 20:35:01 UTC
- mto: (24.1.154 mandos) (237.4.3 mandos-release)
- mto: This revision was merged to the branch mainline in revision 41.
- Revision ID: belorn@braxen-20080803203501-av7janz21ve7iq0b
mandosclient
Droping privileges
split gnutls function into global and session
* server.py (if_nametoindex): Redefine itself instead of using a
default keyword argument.
Droping privileges
split gnutls function into global and session
* server.py (if_nametoindex): Redefine itself instead of using a
default keyword argument.
- files modified:
- TODO
added
removed
plugins.d/mandosclient.c
32
32
#define _LARGEFILE_SOURCE
33
33
#define _FILE_OFFSET_BITS 64
34
34
35
#define _GNU_SOURCE /* TEMP_FAILURE_RETRY() */
36
35
37
#include <stdio.h>
36
38
#include <assert.h>
37
39
#include <stdlib.h>
49
51
#include <avahi-common/malloc.h>
50
52
#include <avahi-common/error.h>
51
53
52
//mandos client part
54
/* Mandos client part */
53
55
#include <sys/types.h> /* socket(), inet_pton() */
54
56
#include <sys/socket.h> /* socket(), struct sockaddr_in6,
55
57
struct in6_addr, inet_pton() */
62
64
#include <string.h> /* memset */
63
65
#include <arpa/inet.h> /* inet_pton() */
64
66
#include <iso646.h> /* not */
67
#include <net/if.h> /* IF_NAMESIZE */
65
68
66
// gpgme
69
/* GPGME */
67
70
#include <errno.h> /* perror() */
68
71
#include <gpgme.h>
69
72
70
// getopt_long
73
/* getopt_long */
71
74
#include <getopt.h>
72
75
73
76
#define BUFFER_SIZE 256
78
81
79
82
bool debug = false;
80
83
84
const char mandos_protocol_version[] = "1";
85
81
86
/* Used for passing in values through all the callback functions */
82
87
typedef struct {
83
88
AvahiSimplePoll *simple_poll;
84
89
AvahiServer *server;
85
90
gnutls_certificate_credentials_t cred;
86
91
unsigned int dh_bits;
92
gnutls_dh_params_t dh_params;
87
93
const char *priority;
88
94
} mandos_context;
89
95
96
size_t adjustbuffer(char **buffer, size_t buffer_length,
97
size_t buffer_capacity){
98
if (buffer_length + BUFFER_SIZE > buffer_capacity){
99
*buffer = realloc(*buffer, buffer_capacity + BUFFER_SIZE);
100
if (buffer == NULL){
101
return 0;
102
}
103
buffer_capacity += BUFFER_SIZE;
104
}
105
return buffer_capacity;
106
}
107
90
108
/*
91
109
* Decrypt OpenPGP data using keyrings in HOMEDIR.
92
110
* Returns -1 on error
99
117
gpgme_ctx_t ctx;
100
118
gpgme_error_t rc;
101
119
ssize_t ret;
102
ssize_t plaintext_capacity = 0;
120
size_t plaintext_capacity = 0;
103
121
ssize_t plaintext_length = 0;
104
122
gpgme_engine_info_t engine_info;
105
123
215
233
216
234
*plaintext = NULL;
217
235
while(true){
218
if (plaintext_length + BUFFER_SIZE > plaintext_capacity){
219
*plaintext = realloc(*plaintext,
220
(unsigned int)plaintext_capacity
221
+ BUFFER_SIZE);
222
if (*plaintext == NULL){
223
perror("realloc");
236
plaintext_capacity = adjustbuffer(plaintext, (size_t)plaintext_length,
237
plaintext_capacity);
238
if (plaintext_capacity == 0){
239
perror("adjustbuffer");
224
240
plaintext_length = -1;
225
241
goto decrypt_end;
226
}
227
plaintext_capacity += BUFFER_SIZE;
228
242
}
229
243
230
244
ret = gpgme_data_read(dh_plain, *plaintext + plaintext_length,
244
258
245
259
if(debug){
246
260
fprintf(stderr, "Decrypted password is: ");
247
for(size_t i = 0; i < plaintext_length; i++){
261
for(ssize_t i = 0; i < plaintext_length; i++){
248
262
fprintf(stderr, "%02hhX ", (*plaintext)[i]);
249
263
}
250
264
fprintf(stderr, "\n");
267
281
return ret;
268
282
}
269
283
284
/* GnuTLS log function callback */
270
285
static void debuggnutls(__attribute__((unused)) int level,
271
286
const char* string){
272
fprintf(stderr, "%s", string);
287
fprintf(stderr, "GnuTLS: %s", string);
273
288
}
274
289
275
static int initgnutls(mandos_context *mc, gnutls_session_t *session,
276
gnutls_dh_params_t *dh_params){
277
const char *err;
290
static int init_gnutls_global(mandos_context *mc){
278
291
int ret;
279
292
280
293
if(debug){
283
296
284
297
if ((ret = gnutls_global_init ())
285
298
!= GNUTLS_E_SUCCESS) {
286
fprintf (stderr, "global_init: %s\n", safer_gnutls_strerror(ret));
299
fprintf (stderr, "GnuTLS global_init: %s\n",
300
safer_gnutls_strerror(ret));
287
301
return -1;
288
302
}
289
303
290
304
if (debug){
305
/* "Use a log level over 10 to enable all debugging options."
306
* - GnuTLS manual
307
*/
291
308
gnutls_global_set_log_level(11);
292
309
gnutls_global_set_log_function(debuggnutls);
293
310
}
294
311
295
/* openpgp credentials */
312
/* OpenPGP credentials */
296
313
if ((ret = gnutls_certificate_allocate_credentials (&mc->cred))
297
314
!= GNUTLS_E_SUCCESS) {
298
fprintf (stderr, "memory error: %s\n",
315
fprintf (stderr, "GnuTLS memory error: %s\n",
299
316
safer_gnutls_strerror(ret));
300
317
return -1;
301
318
}
309
326
ret = gnutls_certificate_set_openpgp_key_file
310
327
(mc->cred, pubkeyfile, seckeyfile, GNUTLS_OPENPGP_FMT_BASE64);
311
328
if (ret != GNUTLS_E_SUCCESS) {
312
fprintf
313
(stderr, "Error[%d] while reading the OpenPGP key pair ('%s',"
314
" '%s')\n",
315
ret, pubkeyfile, seckeyfile);
316
fprintf(stdout, "The Error is: %s\n",
329
fprintf(stderr,
330
"Error[%d] while reading the OpenPGP key pair ('%s',"
331
" '%s')\n", ret, pubkeyfile, seckeyfile);
332
fprintf(stdout, "The GnuTLS error is: %s\n",
317
333
safer_gnutls_strerror(ret));
318
334
return -1;
319
335
}
320
336
321
//GnuTLS server initialization
322
if ((ret = gnutls_dh_params_init(dh_params))
323
!= GNUTLS_E_SUCCESS) {
324
fprintf (stderr, "Error in dh parameter initialization: %s\n",
325
safer_gnutls_strerror(ret));
326
return -1;
327
}
328
329
if ((ret = gnutls_dh_params_generate2(*dh_params, mc->dh_bits))
330
!= GNUTLS_E_SUCCESS) {
331
fprintf (stderr, "Error in prime generation: %s\n",
332
safer_gnutls_strerror(ret));
333
return -1;
334
}
335
336
gnutls_certificate_set_dh_params(mc->cred, *dh_params);
337
338
// GnuTLS session creation
339
if ((ret = gnutls_init(session, GNUTLS_SERVER))
340
!= GNUTLS_E_SUCCESS){
337
/* GnuTLS server initialization */
338
ret = gnutls_dh_params_init(&mc->dh_params);
339
if (ret != GNUTLS_E_SUCCESS) {
340
fprintf (stderr, "Error in GnuTLS DH parameter initialization:"
341
" %s\n", safer_gnutls_strerror(ret));
342
return -1;
343
}
344
ret = gnutls_dh_params_generate2(mc->dh_params, mc->dh_bits);
345
if (ret != GNUTLS_E_SUCCESS) {
346
fprintf (stderr, "Error in GnuTLS prime generation: %s\n",
347
safer_gnutls_strerror(ret));
348
return -1;
349
}
350
351
gnutls_certificate_set_dh_params(mc->cred, mc->dh_params);
352
353
return 0;
354
}
355
356
static int init_gnutls_session(mandos_context *mc, gnutls_session_t *session){
357
int ret;
358
/* GnuTLS session creation */
359
ret = gnutls_init(session, GNUTLS_SERVER);
360
if (ret != GNUTLS_E_SUCCESS){
341
361
fprintf(stderr, "Error in GnuTLS session initialization: %s\n",
342
362
safer_gnutls_strerror(ret));
343
363
}
344
364
345
if ((ret = gnutls_priority_set_direct(*session, mc->priority, &err))
346
!= GNUTLS_E_SUCCESS) {
347
fprintf(stderr, "Syntax error at: %s\n", err);
348
fprintf(stderr, "GnuTLS error: %s\n",
349
safer_gnutls_strerror(ret));
350
return -1;
365
{
366
const char *err;
367
ret = gnutls_priority_set_direct(*session, mc->priority, &err);
368
if (ret != GNUTLS_E_SUCCESS) {
369
fprintf(stderr, "Syntax error at: %s\n", err);
370
fprintf(stderr, "GnuTLS error: %s\n",
371
safer_gnutls_strerror(ret));
372
return -1;
373
}
351
374
}
352
375
353
if ((ret = gnutls_credentials_set(*session, GNUTLS_CRD_CERTIFICATE,
354
mc->cred))
355
!= GNUTLS_E_SUCCESS) {
356
fprintf(stderr, "Error setting a credentials set: %s\n",
376
ret = gnutls_credentials_set(*session, GNUTLS_CRD_CERTIFICATE,
377
mc->cred);
378
if (ret != GNUTLS_E_SUCCESS) {
379
fprintf(stderr, "Error setting GnuTLS credentials: %s\n",
357
380
safer_gnutls_strerror(ret));
358
381
return -1;
359
382
}
367
390
return 0;
368
391
}
369
392
393
/* Avahi log function callback */
370
394
static void empty_log(__attribute__((unused)) AvahiLogLevel level,
371
395
__attribute__((unused)) const char *txt){}
372
396
397
/* Called when a Mandos server is found */
373
398
static int start_mandos_communication(const char *ip, uint16_t port,
374
399
AvahiIfIndex if_index,
375
400
mandos_context *mc){
380
405
size_t buffer_length = 0;
381
406
size_t buffer_capacity = 0;
382
407
ssize_t decrypted_buffer_size;
383
size_t written = 0;
408
size_t written;
384
409
int retval = 0;
385
410
char interface[IF_NAMESIZE];
386
411
gnutls_session_t session;
387
412
gnutls_dh_params_t dh_params;
388
413
414
ret = init_gnutls_session (mc, &session);
415
if (ret != 0){
416
return -1;
417
}
418
389
419
if(debug){
390
420
fprintf(stderr, "Setting up a tcp connection to %s, port %d\n",
391
421
ip, port);
407
437
408
438
memset(&to,0,sizeof(to)); /* Spurious warning */
409
439
to.sin6_family = AF_INET6;
440
/* It would be nice to have a way to detect if we were passed an
441
IPv4 address here. Now we assume an IPv6 address. */
410
442
ret = inet_pton(AF_INET6, ip, &to.sin6_addr);
411
443
if (ret < 0 ){
412
444
perror("inet_pton");
438
470
perror("connect");
439
471
return -1;
440
472
}
441
442
ret = initgnutls (mc, &session, &dh_params);
443
if (ret != 0){
444
retval = -1;
445
return -1;
473
474
const char *out = mandos_protocol_version;
475
written = 0;
476
while (true){
477
size_t out_size = strlen(out);
478
ret = TEMP_FAILURE_RETRY(write(tcp_sd, out + written,
479
out_size - written));
480
if (ret == -1){
481
perror("write");
482
retval = -1;
483
goto mandos_end;
484
}
485
written += (size_t)ret;
486
if(written < out_size){
487
continue;
488
} else {
489
if (out == mandos_protocol_version){
490
written = 0;
491
out = "\r\n";
492
} else {
493
break;
494
}
495
}
496
}
497
498
if(debug){
499
fprintf(stderr, "Establishing TLS session with %s\n", ip);
446
500
}
447
501
448
502
gnutls_transport_set_ptr (session, (gnutls_transport_ptr_t) tcp_sd);
449
503
450
if(debug){
451
fprintf(stderr, "Establishing TLS session with %s\n", ip);
452
}
453
454
504
ret = gnutls_handshake (session);
455
505
456
506
if (ret != GNUTLS_E_SUCCESS){
457
507
if(debug){
458
fprintf(stderr, "\n*** Handshake failed ***\n");
508
fprintf(stderr, "*** GnuTLS Handshake failed ***\n");
459
509
gnutls_perror (ret);
460
510
}
461
511
retval = -1;
462
goto exit;
512
goto mandos_end;
463
513
}
464
514
465
//Retrieve OpenPGP packet that contains the wanted password
515
/* Read OpenPGP packet that contains the wanted password */
466
516
467
517
if(debug){
468
518
fprintf(stderr, "Retrieving pgp encrypted password from %s\n",
470
520
}
471
521
472
522
while(true){
473
if (buffer_length + BUFFER_SIZE > buffer_capacity){
474
buffer = realloc(buffer, buffer_capacity + BUFFER_SIZE);
475
if (buffer == NULL){
476
perror("realloc");
477
goto exit;
478
}
479
buffer_capacity += BUFFER_SIZE;
523
buffer_capacity = adjustbuffer(&buffer, buffer_length, buffer_capacity);
524
if (buffer_capacity == 0){
525
perror("adjustbuffer");
526
retval = -1;
527
goto mandos_end;
480
528
}
481
529
482
530
ret = gnutls_record_recv(session, buffer+buffer_length,
492
540
case GNUTLS_E_REHANDSHAKE:
493
541
ret = gnutls_handshake (session);
494
542
if (ret < 0){
495
fprintf(stderr, "\n*** Handshake failed ***\n");
543
fprintf(stderr, "*** GnuTLS Re-handshake failed ***\n");
496
544
gnutls_perror (ret);
497
545
retval = -1;
498
goto exit;
546
goto mandos_end;
499
547
}
500
548
break;
501
549
default:
502
550
fprintf(stderr, "Unknown error while reading data from"
503
" encrypted session with mandos server\n");
551
" encrypted session with Mandos server\n");
504
552
retval = -1;
505
553
gnutls_bye (session, GNUTLS_SHUT_RDWR);
506
goto exit;
554
goto mandos_end;
507
555
}
508
556
} else {
509
557
buffer_length += (size_t) ret;
510
558
}
511
559
}
512
560
561
if(debug){
562
fprintf(stderr, "Closing TLS session\n");
563
}
564
565
gnutls_bye (session, GNUTLS_SHUT_RDWR);
566
513
567
if (buffer_length > 0){
514
568
decrypted_buffer_size = pgp_packet_decrypt(buffer,
515
569
buffer_length,
516
570
&decrypted_buffer,
517
571
keydir);
518
572
if (decrypted_buffer_size >= 0){
573
written = 0;
519
574
while(written < (size_t) decrypted_buffer_size){
520
575
ret = (int)fwrite (decrypted_buffer + written, 1,
521
576
(size_t)decrypted_buffer_size - written,
535
590
retval = -1;
536
591
}
537
592
}
538
539
//shutdown procedure
540
541
if(debug){
542
fprintf(stderr, "Closing TLS session\n");
543
}
544
593
594
/* Shutdown procedure */
595
596
mandos_end:
545
597
free(buffer);
546
gnutls_bye (session, GNUTLS_SHUT_RDWR);
547
exit:
548
598
close(tcp_sd);
549
599
gnutls_deinit (session);
550
600
gnutls_certificate_free_credentials (mc->cred);
575
625
switch (event) {
576
626
default:
577
627
case AVAHI_RESOLVER_FAILURE:
578
fprintf(stderr, "(Resolver) Failed to resolve service '%s' of"
579
" type '%s' in domain '%s': %s\n", name, type, domain,
628
fprintf(stderr, "(Avahi Resolver) Failed to resolve service '%s'"
629
" of type '%s' in domain '%s': %s\n", name, type, domain,
580
630
avahi_strerror(avahi_server_errno(mc->server)));
581
631
break;
582
632
585
635
char ip[AVAHI_ADDRESS_STR_MAX];
586
636
avahi_address_snprint(ip, sizeof(ip), address);
587
637
if(debug){
588
fprintf(stderr, "Mandos server \"%s\" found on %s (%s) on"
589
" port %d\n", name, host_name, ip, port);
638
fprintf(stderr, "Mandos server \"%s\" found on %s (%s, %d) on"
639
" port %d\n", name, host_name, ip, interface, port);
590
640
}
591
641
int ret = start_mandos_communication(ip, port, interface, mc);
592
642
if (ret == 0){
617
667
default:
618
668
case AVAHI_BROWSER_FAILURE:
619
669
620
fprintf(stderr, "(Browser) %s\n",
670
fprintf(stderr, "(Avahi browser) %s\n",
621
671
avahi_strerror(avahi_server_errno(mc->server)));
622
672
avahi_simple_poll_quit(mc->simple_poll);
623
673
return;
624
674
625
675
case AVAHI_BROWSER_NEW:
626
/* We ignore the returned resolver object. In the callback
627
function we free it. If the server is terminated before
628
the callback function is called the server will free
629
the resolver for us. */
676
/* We ignore the returned Avahi resolver object. In the callback
677
function we free it. If the Avahi server is terminated before
678
the callback function is called the Avahi server will free the
679
resolver for us. */
630
680
631
681
if (!(avahi_s_service_resolver_new(mc->server, interface,
632
682
protocol, name, type, domain,
633
683
AVAHI_PROTO_INET6, 0,
634
684
resolve_callback, mc)))
635
fprintf(stderr, "Failed to resolve service '%s': %s\n", name,
636
avahi_strerror(avahi_server_errno(mc->server)));
685
fprintf(stderr, "Avahi: Failed to resolve service '%s': %s\n",
686
name, avahi_strerror(avahi_server_errno(mc->server)));
637
687
break;
638
688
639
689
case AVAHI_BROWSER_REMOVE:
641
691
642
692
case AVAHI_BROWSER_ALL_FOR_NOW:
643
693
case AVAHI_BROWSER_CACHE_EXHAUSTED:
694
if(debug){
695
fprintf(stderr, "No Mandos server found, still searching...\n");
696
}
644
697
break;
645
698
}
646
699
}
666
719
}
667
720
668
721
669
int main(AVAHI_GCC_UNUSED int argc, AVAHI_GCC_UNUSED char*argv[]) {
670
AvahiServerConfig config;
722
int main(int argc, char *argv[]){
671
723
AvahiSServiceBrowser *sb = NULL;
672
724
int error;
673
725
int ret;
674
int debug_int;
675
int returncode = EXIT_SUCCESS;
726
int exitcode = EXIT_SUCCESS;
676
727
const char *interface = "eth0";
677
728
struct ifreq network;
678
729
int sd;
730
uid_t uid;
731
gid_t gid;
679
732
char *connect_to = NULL;
680
733
AvahiIfIndex if_index = AVAHI_IF_UNSPEC;
681
734
mandos_context mc = { .simple_poll = NULL, .server = NULL,
682
735
.dh_bits = 1024, .priority = "SECURE256"};
683
736
684
debug_int = debug ? 1 : 0;
685
while (true){
686
struct option long_options[] = {
687
{"debug", no_argument, &debug_int, 1},
688
{"connect", required_argument, NULL, 'c'},
689
{"interface", required_argument, NULL, 'i'},
690
{"keydir", required_argument, NULL, 'd'},
691
{"seckey", required_argument, NULL, 's'},
692
{"pubkey", required_argument, NULL, 'p'},
693
{"dh-bits", required_argument, NULL, 'D'},
694
{"priority", required_argument, NULL, 'P'},
695
{0, 0, 0, 0} };
696
697
int option_index = 0;
698
ret = getopt_long (argc, argv, "i:", long_options,
699
&option_index);
700
701
if (ret == -1){
702
break;
703
}
704
705
switch(ret){
706
case 0:
707
break;
708
case 'i':
709
interface = optarg;
710
break;
711
case 'c':
712
connect_to = optarg;
713
break;
714
case 'd':
715
keydir = optarg;
716
break;
717
case 'p':
718
pubkeyfile = optarg;
719
break;
720
case 's':
721
seckeyfile = optarg;
722
break;
723
case 'D':
724
errno = 0;
725
mc.dh_bits = (unsigned int) strtol(optarg, NULL, 10);
726
if (errno){
727
perror("strtol");
737
{
738
/* Temporary int to get the address of for getopt_long */
739
int debug_int = debug ? 1 : 0;
740
while (true){
741
struct option long_options[] = {
742
{"debug", no_argument, &debug_int, 1},
743
{"connect", required_argument, NULL, 'c'},
744
{"interface", required_argument, NULL, 'i'},
745
{"keydir", required_argument, NULL, 'd'},
746
{"seckey", required_argument, NULL, 's'},
747
{"pubkey", required_argument, NULL, 'p'},
748
{"dh-bits", required_argument, NULL, 'D'},
749
{"priority", required_argument, NULL, 'P'},
750
{0, 0, 0, 0} };
751
752
int option_index = 0;
753
ret = getopt_long (argc, argv, "i:", long_options,
754
&option_index);
755
756
if (ret == -1){
757
break;
758
}
759
760
switch(ret){
761
case 0:
762
break;
763
case 'i':
764
interface = optarg;
765
break;
766
case 'c':
767
connect_to = optarg;
768
break;
769
case 'd':
770
keydir = optarg;
771
break;
772
case 'p':
773
pubkeyfile = optarg;
774
break;
775
case 's':
776
seckeyfile = optarg;
777
break;
778
case 'D':
779
errno = 0;
780
mc.dh_bits = (unsigned int) strtol(optarg, NULL, 10);
781
if (errno){
782
perror("strtol");
783
exit(EXIT_FAILURE);
784
}
785
break;
786
case 'P':
787
mc.priority = optarg;
788
break;
789
case '?':
790
default:
791
/* getopt_long() has already printed a message about the
792
unrcognized option, so just exit. */
728
793
exit(EXIT_FAILURE);
729
794
}
730
break;
731
case 'P':
732
mc.priority = optarg;
733
break;
734
case '?':
735
default:
736
exit(EXIT_FAILURE);
737
795
}
796
/* Set the global debug flag from the temporary int */
797
debug = debug_int ? true : false;
738
798
}
739
debug = debug_int ? true : false;
740
799
741
800
pubkeyfile = combinepath(keydir, pubkeyfile);
742
801
if (pubkeyfile == NULL){
743
802
perror("combinepath");
744
returncode = EXIT_FAILURE;
745
goto exit;
803
exitcode = EXIT_FAILURE;
804
goto end;
746
805
}
747
806
748
807
seckeyfile = combinepath(keydir, seckeyfile);
749
808
if (seckeyfile == NULL){
750
809
perror("combinepath");
751
goto exit;
810
goto end;
811
}
812
813
ret = init_gnutls_global(&mc);
814
if (ret == -1){
815
fprintf(stderr, "init_gnutls_global\n");
816
goto end;
817
}
818
819
uid = getuid();
820
gid = getgid();
821
822
ret = setuid(uid);
823
if (ret == -1){
824
perror("setuid");
825
}
826
827
setgid(gid);
828
if (ret == -1){
829
perror("setgid");
752
830
}
753
831
754
832
if_index = (AvahiIfIndex) if_nametoindex(interface);
763
841
char *address = strrchr(connect_to, ':');
764
842
if(address == NULL){
765
843
fprintf(stderr, "No colon in address\n");
766
exit(EXIT_FAILURE);
844
exitcode = EXIT_FAILURE;
845
goto end;
767
846
}
768
847
errno = 0;
769
848
uint16_t port = (uint16_t) strtol(address+1, NULL, 10);
770
849
if(errno){
771
850
perror("Bad port number");
772
exit(EXIT_FAILURE);
851
exitcode = EXIT_FAILURE;
852
goto end;
773
853
}
774
854
*address = '\0';
775
855
address = connect_to;
776
856
ret = start_mandos_communication(address, port, if_index, &mc);
777
857
if(ret < 0){
778
exit(EXIT_FAILURE);
858
exitcode = EXIT_FAILURE;
779
859
} else {
780
exit(EXIT_SUCCESS);
860
exitcode = EXIT_SUCCESS;
781
861
}
862
goto end;
782
863
}
783
864
784
sd = socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP);
785
if(sd < 0) {
786
perror("socket");
787
returncode = EXIT_FAILURE;
788
goto exit;
789
}
790
strcpy(network.ifr_name, interface); /* Spurious warning */
791
ret = ioctl(sd, SIOCGIFFLAGS, &network);
792
if(ret == -1){
793
794
perror("ioctl SIOCGIFFLAGS");
795
returncode = EXIT_FAILURE;
796
goto exit;
797
}
798
if((network.ifr_flags & IFF_UP) == 0){
799
network.ifr_flags |= IFF_UP;
800
ret = ioctl(sd, SIOCSIFFLAGS, &network);
865
/* If the interface is down, bring it up */
866
{
867
sd = socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP);
868
if(sd < 0) {
869
perror("socket");
870
exitcode = EXIT_FAILURE;
871
goto end;
872
}
873
strcpy(network.ifr_name, interface); /* Spurious warning */
874
ret = ioctl(sd, SIOCGIFFLAGS, &network);
801
875
if(ret == -1){
802
perror("ioctl SIOCSIFFLAGS");
803
returncode = EXIT_FAILURE;
804
goto exit;
805
}
876
perror("ioctl SIOCGIFFLAGS");
877
exitcode = EXIT_FAILURE;
878
goto end;
879
}
880
if((network.ifr_flags & IFF_UP) == 0){
881
network.ifr_flags |= IFF_UP;
882
ret = ioctl(sd, SIOCSIFFLAGS, &network);
883
if(ret == -1){
884
perror("ioctl SIOCSIFFLAGS");
885
exitcode = EXIT_FAILURE;
886
goto end;
887
}
888
}
889
close(sd);
806
890
}
807
close(sd);
808
891
809
892
if (not debug){
810
893
avahi_set_log_function(empty_log);
811
894
}
812
895
813
/* Initialize the psuedo-RNG */
896
/* Initialize the pseudo-RNG for Avahi */
814
897
srand((unsigned int) time(NULL));
815
816
/* Allocate main loop object */
817
if (!(mc.simple_poll = avahi_simple_poll_new())) {
818
fprintf(stderr, "Failed to create simple poll object.\n");
819
returncode = EXIT_FAILURE;
820
goto exit;
821
}
822
823
/* Do not publish any local records */
824
avahi_server_config_init(&config);
825
config.publish_hinfo = 0;
826
config.publish_addresses = 0;
827
config.publish_workstation = 0;
828
config.publish_domain = 0;
829
830
/* Allocate a new server */
831
mc.server=avahi_server_new(avahi_simple_poll_get(mc.simple_poll),
832
&config, NULL, NULL, &error);
833
834
/* Free the configuration data */
835
avahi_server_config_free(&config);
836
837
/* Check if creating the server object succeeded */
838
if (!mc.server) {
839
fprintf(stderr, "Failed to create server: %s\n",
898
899
/* Allocate main Avahi loop object */
900
mc.simple_poll = avahi_simple_poll_new();
901
if (mc.simple_poll == NULL) {
902
fprintf(stderr, "Avahi: Failed to create simple poll"
903
" object.\n");
904
exitcode = EXIT_FAILURE;
905
goto end;
906
}
907
908
{
909
AvahiServerConfig config;
910
/* Do not publish any local Zeroconf records */
911
avahi_server_config_init(&config);
912
config.publish_hinfo = 0;
913
config.publish_addresses = 0;
914
config.publish_workstation = 0;
915
config.publish_domain = 0;
916
917
/* Allocate a new server */
918
mc.server = avahi_server_new(avahi_simple_poll_get
919
(mc.simple_poll), &config, NULL,
920
NULL, &error);
921
922
/* Free the Avahi configuration data */
923
avahi_server_config_free(&config);
924
}
925
926
/* Check if creating the Avahi server object succeeded */
927
if (mc.server == NULL) {
928
fprintf(stderr, "Failed to create Avahi server: %s\n",
840
929
avahi_strerror(error));
841
returncode = EXIT_FAILURE;
842
goto exit;
930
exitcode = EXIT_FAILURE;
931
goto end;
843
932
}
844
933
845
/* Create the service browser */
934
/* Create the Avahi service browser */
846
935
sb = avahi_s_service_browser_new(mc.server, if_index,
847
936
AVAHI_PROTO_INET6,
848
937
"_mandos._tcp", NULL, 0,
849
938
browse_callback, &mc);
850
if (!sb) {
939
if (sb == NULL) {
851
940
fprintf(stderr, "Failed to create service browser: %s\n",
852
941
avahi_strerror(avahi_server_errno(mc.server)));
853
returncode = EXIT_FAILURE;
854
goto exit;
942
exitcode = EXIT_FAILURE;
943
goto end;
855
944
}
856
945
857
946
/* Run the main loop */
858
947
859
948
if (debug){
860
fprintf(stderr, "Starting avahi loop search\n");
949
fprintf(stderr, "Starting Avahi loop search\n");
861
950
}
862
951
863
952
avahi_simple_poll_loop(mc.simple_poll);
864
953
865
exit:
954
end:
866
955
867
956
if (debug){
868
957
fprintf(stderr, "%s exiting\n", argv[0]);
869
958
}
870
959
871
960
/* Cleanup things */
872
if (sb)
961
if (sb != NULL)
873
962
avahi_s_service_browser_free(sb);
874
963
875
if (mc.server)
964
if (mc.server != NULL)
876
965
avahi_server_free(mc.server);
877
966
878
if (mc.simple_poll)
967
if (mc.simple_poll != NULL)
879
968
avahi_simple_poll_free(mc.simple_poll);
880
969
free(pubkeyfile);
881
970
free(seckeyfile);
882
971
883
return returncode;
972
return exitcode;
884
973
}
Loggerhead is a web-based interface for Breezy
Version: 2.0.2.dev0