1
/* -*- coding: utf-8 -*- */
3
* Mandos client - get and decrypt data from a Mandos server
5
* This program is partly derived from an example program for an Avahi
6
* service browser, downloaded from
7
* <http://avahi.org/browser/examples/core-browse-services.c>. This
8
* includes the following functions: "resolve_callback",
9
* "browse_callback", and parts of "main".
12
* Copyright © 2007-2008 Teddy Hogeborn & Björn Påhlsson
14
* This program is free software: you can redistribute it and/or
15
* modify it under the terms of the GNU General Public License as
16
* published by the Free Software Foundation, either version 3 of the
17
* License, or (at your option) any later version.
19
* This program is distributed in the hope that it will be useful, but
20
* WITHOUT ANY WARRANTY; without even the implied warranty of
21
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
22
* General Public License for more details.
24
* You should have received a copy of the GNU General Public License
25
* along with this program. If not, see
26
* <http://www.gnu.org/licenses/>.
28
* Contact the authors at <mandos@fukt.bsnet.se>.
31
/* Needed by GPGME, specifically gpgme_data_seek() */
32
#define _LARGEFILE_SOURCE
33
#define _FILE_OFFSET_BITS 64
35
#define _GNU_SOURCE /* TEMP_FAILURE_RETRY() */
37
#include <stdio.h> /* fprintf(), stderr, fwrite(), stdout, ferror() */
38
#include <stdint.h> /* uint16_t, uint32_t */
39
#include <stddef.h> /* NULL, size_t, ssize_t */
40
#include <stdlib.h> /* free() */
41
#include <stdbool.h> /* bool, true */
42
#include <string.h> /* memset(), strcmp(), strlen, strerror() */
43
#include <sys/ioctl.h> /* ioctl, ifreq, SIOCGIFFLAGS, IFF_UP,
45
#include <sys/types.h> /* socket(), inet_pton(), sockaddr,
46
sockaddr_in6, PF_INET6, SOCK_STREAM, INET6_ADDRSTRLEN */
47
#include <sys/socket.h> /* socket(), struct sockaddr_in6,
48
struct in6_addr, inet_pton(),
51
#include <errno.h> /* perror() */
53
#include <net/if.h> /* ioctl, ifreq, SIOCGIFFLAGS, IFF_UP,
54
SIOCSIFFLAGS, if_indextoname(),
55
if_nametoindex(), IF_NAMESIZE */
56
#include <unistd.h> /* close(), SEEK_SET, off_t, write()*/
57
#include <netinet/in.h>
58
#include <arpa/inet.h> /* inet_pton(), htons */
59
#include <iso646.h> /* not */
60
#include <argp.h> /* struct argp_option,
61
struct argp_state, struct argp,
65
#include <avahi-core/core.h> /* AvahiSimplePoll, AvahiServer,
67
#include <avahi-core/lookup.h>
68
#include <avahi-core/log.h> /* AvahiLogLevel */
69
#include <avahi-common/simple-watch.h>
70
#include <avahi-common/malloc.h>
71
#include <avahi-common/error.h>
74
#include <gnutls/gnutls.h> /* gnutls_certificate_credentials_t,
78
gnutls_global_set_log_level(),
79
gnutls_global_set_log_function(),
80
gnutls_certificate_allocate_credentials(),
81
gnutls_global_deinit(),
82
gnutls_dh_params_init(),
83
gnutls_dh_params_generate(),
84
gnutls_certificate_set_dh_params(),
85
gnutls_certificate_free_credentials(),
86
gnutls_session_t, gnutls_init(),
87
gnutls_priority_set_direct(),
89
gnutls_credentials_set(),
90
gnutls_certificate_server_set_request(),
91
gnutls_dh_set_prime_bits(),
92
gnutls_transport_set_ptr(),
93
gnutls_transport_ptr_t,
96
gnutls_perror(), gnutls_bye(),
97
init_gnutls_session(),
99
GNUTLS_CRD_CERTIFICATE,
101
GNUTLS_E_INTERRUPTED,
103
GNUTLS_E_REHANDSHAKE,
105
#include <gnutls/openpgp.h> /* gnutls_certificate_set_openpgp_key_file(),
106
GNUTLS_OPENPGP_FMT_BASE64 */
109
#include <gpgme.h> /* gpgme_data_t, gpgme_ctx_t,
110
gpgme_error_t, gpgme_engine_info_t,
111
gpgme_check_version(),
112
gpgme_engine_check_version(),
115
gpgme_get_engine_info(),
116
gpgme_set_engine_info(),
117
gpgme_data_new_from_mem(),
118
gpgme_data_new(), gpgme_new(),
120
gpgme_decrypt_result_t,
121
gpgme_op_decrypt_result(),
123
gpgme_pubkey_algo_name(),
127
GPGME_PROTOCOL_OpenPGP,
129
GPG_ERR_NO_SECKEY, */
131
#define BUFFER_SIZE 256
134
static const char *keydir = "/conf/conf.d/mandos";
135
static const char mandos_protocol_version[] = "1";
136
const char *argp_program_version = "mandosclient 0.9";
137
const char *argp_program_bug_address = "<mandos@fukt.bsnet.se>";
139
/* Used for passing in values through the Avahi callback functions */
141
AvahiSimplePoll *simple_poll;
143
gnutls_certificate_credentials_t cred;
144
unsigned int dh_bits;
145
gnutls_dh_params_t dh_params;
146
const char *priority;
150
* Make room in "buffer" for at least BUFFER_SIZE additional bytes.
151
* "buffer_capacity" is how much is currently allocated,
152
* "buffer_length" is how much is already used.
154
size_t adjustbuffer(char **buffer, size_t buffer_length,
155
size_t buffer_capacity){
156
if (buffer_length + BUFFER_SIZE > buffer_capacity){
157
*buffer = realloc(*buffer, buffer_capacity + BUFFER_SIZE);
161
buffer_capacity += BUFFER_SIZE;
163
return buffer_capacity;
167
* Decrypt OpenPGP data using keyrings in HOMEDIR.
168
* Returns -1 on error
170
static ssize_t pgp_packet_decrypt (const char *cryptotext,
173
const char *homedir){
174
gpgme_data_t dh_crypto, dh_plain;
178
size_t plaintext_capacity = 0;
179
ssize_t plaintext_length = 0;
180
gpgme_engine_info_t engine_info;
183
fprintf(stderr, "Trying to decrypt OpenPGP data\n");
187
gpgme_check_version(NULL);
188
rc = gpgme_engine_check_version(GPGME_PROTOCOL_OpenPGP);
189
if (rc != GPG_ERR_NO_ERROR){
190
fprintf(stderr, "bad gpgme_engine_check_version: %s: %s\n",
191
gpgme_strsource(rc), gpgme_strerror(rc));
195
/* Set GPGME home directory for the OpenPGP engine only */
196
rc = gpgme_get_engine_info (&engine_info);
197
if (rc != GPG_ERR_NO_ERROR){
198
fprintf(stderr, "bad gpgme_get_engine_info: %s: %s\n",
199
gpgme_strsource(rc), gpgme_strerror(rc));
202
while(engine_info != NULL){
203
if(engine_info->protocol == GPGME_PROTOCOL_OpenPGP){
204
gpgme_set_engine_info(GPGME_PROTOCOL_OpenPGP,
205
engine_info->file_name, homedir);
208
engine_info = engine_info->next;
210
if(engine_info == NULL){
211
fprintf(stderr, "Could not set GPGME home dir to %s\n", homedir);
215
/* Create new GPGME data buffer from memory cryptotext */
216
rc = gpgme_data_new_from_mem(&dh_crypto, cryptotext, crypto_size,
218
if (rc != GPG_ERR_NO_ERROR){
219
fprintf(stderr, "bad gpgme_data_new_from_mem: %s: %s\n",
220
gpgme_strsource(rc), gpgme_strerror(rc));
224
/* Create new empty GPGME data buffer for the plaintext */
225
rc = gpgme_data_new(&dh_plain);
226
if (rc != GPG_ERR_NO_ERROR){
227
fprintf(stderr, "bad gpgme_data_new: %s: %s\n",
228
gpgme_strsource(rc), gpgme_strerror(rc));
229
gpgme_data_release(dh_crypto);
233
/* Create new GPGME "context" */
234
rc = gpgme_new(&ctx);
235
if (rc != GPG_ERR_NO_ERROR){
236
fprintf(stderr, "bad gpgme_new: %s: %s\n",
237
gpgme_strsource(rc), gpgme_strerror(rc));
238
plaintext_length = -1;
242
/* Decrypt data from the cryptotext data buffer to the plaintext
244
rc = gpgme_op_decrypt(ctx, dh_crypto, dh_plain);
245
if (rc != GPG_ERR_NO_ERROR){
246
fprintf(stderr, "bad gpgme_op_decrypt: %s: %s\n",
247
gpgme_strsource(rc), gpgme_strerror(rc));
248
plaintext_length = -1;
253
fprintf(stderr, "Decryption of OpenPGP data succeeded\n");
257
gpgme_decrypt_result_t result;
258
result = gpgme_op_decrypt_result(ctx);
260
fprintf(stderr, "gpgme_op_decrypt_result failed\n");
262
fprintf(stderr, "Unsupported algorithm: %s\n",
263
result->unsupported_algorithm);
264
fprintf(stderr, "Wrong key usage: %d\n",
265
result->wrong_key_usage);
266
if(result->file_name != NULL){
267
fprintf(stderr, "File name: %s\n", result->file_name);
269
gpgme_recipient_t recipient;
270
recipient = result->recipients;
272
while(recipient != NULL){
273
fprintf(stderr, "Public key algorithm: %s\n",
274
gpgme_pubkey_algo_name(recipient->pubkey_algo));
275
fprintf(stderr, "Key ID: %s\n", recipient->keyid);
276
fprintf(stderr, "Secret key available: %s\n",
277
recipient->status == GPG_ERR_NO_SECKEY
279
recipient = recipient->next;
285
/* Seek back to the beginning of the GPGME plaintext data buffer */
286
if (gpgme_data_seek(dh_plain, (off_t) 0, SEEK_SET) == -1){
287
perror("pgpme_data_seek");
288
plaintext_length = -1;
294
plaintext_capacity = adjustbuffer(plaintext,
295
(size_t)plaintext_length,
297
if (plaintext_capacity == 0){
298
perror("adjustbuffer");
299
plaintext_length = -1;
303
ret = gpgme_data_read(dh_plain, *plaintext + plaintext_length,
305
/* Print the data, if any */
311
perror("gpgme_data_read");
312
plaintext_length = -1;
315
plaintext_length += ret;
319
fprintf(stderr, "Decrypted password is: ");
320
for(ssize_t i = 0; i < plaintext_length; i++){
321
fprintf(stderr, "%02hhX ", (*plaintext)[i]);
323
fprintf(stderr, "\n");
328
/* Delete the GPGME cryptotext data buffer */
329
gpgme_data_release(dh_crypto);
331
/* Delete the GPGME plaintext data buffer */
332
gpgme_data_release(dh_plain);
333
return plaintext_length;
336
static const char * safer_gnutls_strerror (int value) {
337
const char *ret = gnutls_strerror (value);
343
/* GnuTLS log function callback */
344
static void debuggnutls(__attribute__((unused)) int level,
346
fprintf(stderr, "GnuTLS: %s", string);
349
static int init_gnutls_global(mandos_context *mc,
350
const char *pubkeyfile,
351
const char *seckeyfile){
355
fprintf(stderr, "Initializing GnuTLS\n");
358
if ((ret = gnutls_global_init ())
359
!= GNUTLS_E_SUCCESS) {
360
fprintf (stderr, "GnuTLS global_init: %s\n",
361
safer_gnutls_strerror(ret));
366
/* "Use a log level over 10 to enable all debugging options."
369
gnutls_global_set_log_level(11);
370
gnutls_global_set_log_function(debuggnutls);
373
/* OpenPGP credentials */
374
if ((ret = gnutls_certificate_allocate_credentials (&mc->cred))
375
!= GNUTLS_E_SUCCESS) {
376
fprintf (stderr, "GnuTLS memory error: %s\n",
377
safer_gnutls_strerror(ret));
378
gnutls_global_deinit ();
383
fprintf(stderr, "Attempting to use OpenPGP certificate %s"
384
" and keyfile %s as GnuTLS credentials\n", pubkeyfile,
388
ret = gnutls_certificate_set_openpgp_key_file
389
(mc->cred, pubkeyfile, seckeyfile, GNUTLS_OPENPGP_FMT_BASE64);
390
if (ret != GNUTLS_E_SUCCESS) {
392
"Error[%d] while reading the OpenPGP key pair ('%s',"
393
" '%s')\n", ret, pubkeyfile, seckeyfile);
394
fprintf(stdout, "The GnuTLS error is: %s\n",
395
safer_gnutls_strerror(ret));
399
/* GnuTLS server initialization */
400
ret = gnutls_dh_params_init(&mc->dh_params);
401
if (ret != GNUTLS_E_SUCCESS) {
402
fprintf (stderr, "Error in GnuTLS DH parameter initialization:"
403
" %s\n", safer_gnutls_strerror(ret));
406
ret = gnutls_dh_params_generate2(mc->dh_params, mc->dh_bits);
407
if (ret != GNUTLS_E_SUCCESS) {
408
fprintf (stderr, "Error in GnuTLS prime generation: %s\n",
409
safer_gnutls_strerror(ret));
413
gnutls_certificate_set_dh_params(mc->cred, mc->dh_params);
419
gnutls_certificate_free_credentials(mc->cred);
420
gnutls_global_deinit();
425
static int init_gnutls_session(mandos_context *mc,
426
gnutls_session_t *session){
428
/* GnuTLS session creation */
429
ret = gnutls_init(session, GNUTLS_SERVER);
430
if (ret != GNUTLS_E_SUCCESS){
431
fprintf(stderr, "Error in GnuTLS session initialization: %s\n",
432
safer_gnutls_strerror(ret));
437
ret = gnutls_priority_set_direct(*session, mc->priority, &err);
438
if (ret != GNUTLS_E_SUCCESS) {
439
fprintf(stderr, "Syntax error at: %s\n", err);
440
fprintf(stderr, "GnuTLS error: %s\n",
441
safer_gnutls_strerror(ret));
442
gnutls_deinit (*session);
447
ret = gnutls_credentials_set(*session, GNUTLS_CRD_CERTIFICATE,
449
if (ret != GNUTLS_E_SUCCESS) {
450
fprintf(stderr, "Error setting GnuTLS credentials: %s\n",
451
safer_gnutls_strerror(ret));
452
gnutls_deinit (*session);
456
/* ignore client certificate if any. */
457
gnutls_certificate_server_set_request (*session,
460
gnutls_dh_set_prime_bits (*session, mc->dh_bits);
465
/* Avahi log function callback */
466
static void empty_log(__attribute__((unused)) AvahiLogLevel level,
467
__attribute__((unused)) const char *txt){}
469
/* Called when a Mandos server is found */
470
static int start_mandos_communication(const char *ip, uint16_t port,
471
AvahiIfIndex if_index,
474
union { struct sockaddr in; struct sockaddr_in6 in6; } to;
476
char *decrypted_buffer;
477
size_t buffer_length = 0;
478
size_t buffer_capacity = 0;
479
ssize_t decrypted_buffer_size;
482
char interface[IF_NAMESIZE];
483
gnutls_session_t session;
485
ret = init_gnutls_session (mc, &session);
491
fprintf(stderr, "Setting up a tcp connection to %s, port %d\n",
495
tcp_sd = socket(PF_INET6, SOCK_STREAM, 0);
502
if(if_indextoname((unsigned int)if_index, interface) == NULL){
503
perror("if_indextoname");
506
fprintf(stderr, "Binding to interface %s\n", interface);
509
memset(&to,0,sizeof(to)); /* Spurious warning */
510
to.in6.sin6_family = AF_INET6;
511
/* It would be nice to have a way to detect if we were passed an
512
IPv4 address here. Now we assume an IPv6 address. */
513
ret = inet_pton(AF_INET6, ip, &to.in6.sin6_addr);
519
fprintf(stderr, "Bad address: %s\n", ip);
522
to.in6.sin6_port = htons(port); /* Spurious warning */
524
to.in6.sin6_scope_id = (uint32_t)if_index;
527
fprintf(stderr, "Connection to: %s, port %d\n", ip, port);
528
char addrstr[INET6_ADDRSTRLEN] = "";
529
if(inet_ntop(to.in6.sin6_family, &(to.in6.sin6_addr), addrstr,
530
sizeof(addrstr)) == NULL){
533
if(strcmp(addrstr, ip) != 0){
534
fprintf(stderr, "Canonical address form: %s\n", addrstr);
539
ret = connect(tcp_sd, &to.in, sizeof(to));
545
const char *out = mandos_protocol_version;
548
size_t out_size = strlen(out);
549
ret = TEMP_FAILURE_RETRY(write(tcp_sd, out + written,
550
out_size - written));
556
written += (size_t)ret;
557
if(written < out_size){
560
if (out == mandos_protocol_version){
570
fprintf(stderr, "Establishing TLS session with %s\n", ip);
573
gnutls_transport_set_ptr (session, (gnutls_transport_ptr_t) tcp_sd);
575
ret = gnutls_handshake (session);
577
if (ret != GNUTLS_E_SUCCESS){
579
fprintf(stderr, "*** GnuTLS Handshake failed ***\n");
586
/* Read OpenPGP packet that contains the wanted password */
589
fprintf(stderr, "Retrieving pgp encrypted password from %s\n",
594
buffer_capacity = adjustbuffer(&buffer, buffer_length,
596
if (buffer_capacity == 0){
597
perror("adjustbuffer");
602
ret = gnutls_record_recv(session, buffer+buffer_length,
609
case GNUTLS_E_INTERRUPTED:
612
case GNUTLS_E_REHANDSHAKE:
613
ret = gnutls_handshake (session);
615
fprintf(stderr, "*** GnuTLS Re-handshake failed ***\n");
622
fprintf(stderr, "Unknown error while reading data from"
623
" encrypted session with Mandos server\n");
625
gnutls_bye (session, GNUTLS_SHUT_RDWR);
629
buffer_length += (size_t) ret;
634
fprintf(stderr, "Closing TLS session\n");
637
gnutls_bye (session, GNUTLS_SHUT_RDWR);
639
if (buffer_length > 0){
640
decrypted_buffer_size = pgp_packet_decrypt(buffer,
644
if (decrypted_buffer_size >= 0){
646
while(written < (size_t) decrypted_buffer_size){
647
ret = (int)fwrite (decrypted_buffer + written, 1,
648
(size_t)decrypted_buffer_size - written,
650
if(ret == 0 and ferror(stdout)){
652
fprintf(stderr, "Error writing encrypted data: %s\n",
658
written += (size_t)ret;
660
free(decrypted_buffer);
666
/* Shutdown procedure */
671
gnutls_deinit (session);
675
static void resolve_callback(AvahiSServiceResolver *r,
676
AvahiIfIndex interface,
677
AVAHI_GCC_UNUSED AvahiProtocol protocol,
678
AvahiResolverEvent event,
682
const char *host_name,
683
const AvahiAddress *address,
685
AVAHI_GCC_UNUSED AvahiStringList *txt,
686
AVAHI_GCC_UNUSED AvahiLookupResultFlags
689
mandos_context *mc = userdata;
690
assert(r); /* Spurious warning */
692
/* Called whenever a service has been resolved successfully or
697
case AVAHI_RESOLVER_FAILURE:
698
fprintf(stderr, "(Avahi Resolver) Failed to resolve service '%s'"
699
" of type '%s' in domain '%s': %s\n", name, type, domain,
700
avahi_strerror(avahi_server_errno(mc->server)));
703
case AVAHI_RESOLVER_FOUND:
705
char ip[AVAHI_ADDRESS_STR_MAX];
706
avahi_address_snprint(ip, sizeof(ip), address);
708
fprintf(stderr, "Mandos server \"%s\" found on %s (%s, %d) on"
709
" port %d\n", name, host_name, ip, interface, port);
711
int ret = start_mandos_communication(ip, port, interface, mc);
717
avahi_s_service_resolver_free(r);
720
static void browse_callback( AvahiSServiceBrowser *b,
721
AvahiIfIndex interface,
722
AvahiProtocol protocol,
723
AvahiBrowserEvent event,
727
AVAHI_GCC_UNUSED AvahiLookupResultFlags
730
mandos_context *mc = userdata;
731
assert(b); /* Spurious warning */
733
/* Called whenever a new services becomes available on the LAN or
734
is removed from the LAN */
738
case AVAHI_BROWSER_FAILURE:
740
fprintf(stderr, "(Avahi browser) %s\n",
741
avahi_strerror(avahi_server_errno(mc->server)));
742
avahi_simple_poll_quit(mc->simple_poll);
745
case AVAHI_BROWSER_NEW:
746
/* We ignore the returned Avahi resolver object. In the callback
747
function we free it. If the Avahi server is terminated before
748
the callback function is called the Avahi server will free the
751
if (!(avahi_s_service_resolver_new(mc->server, interface,
752
protocol, name, type, domain,
753
AVAHI_PROTO_INET6, 0,
754
resolve_callback, mc)))
755
fprintf(stderr, "Avahi: Failed to resolve service '%s': %s\n",
756
name, avahi_strerror(avahi_server_errno(mc->server)));
759
case AVAHI_BROWSER_REMOVE:
762
case AVAHI_BROWSER_ALL_FOR_NOW:
763
case AVAHI_BROWSER_CACHE_EXHAUSTED:
765
fprintf(stderr, "No Mandos server found, still searching...\n");
771
/* Combines file name and path and returns the malloced new
772
string. some sane checks could/should be added */
773
static const char *combinepath(const char *first, const char *second){
774
size_t f_len = strlen(first);
775
size_t s_len = strlen(second);
776
char *tmp = malloc(f_len + s_len + 2);
781
memcpy(tmp, first, f_len); /* Spurious warning */
785
memcpy(tmp + f_len + 1, second, s_len); /* Spurious warning */
787
tmp[f_len + 1 + s_len] = '\0';
792
int main(int argc, char *argv[]){
793
AvahiSServiceBrowser *sb = NULL;
796
int exitcode = EXIT_SUCCESS;
797
const char *interface = "eth0";
798
struct ifreq network;
802
char *connect_to = NULL;
803
AvahiIfIndex if_index = AVAHI_IF_UNSPEC;
804
const char *pubkeyfile = "pubkey.txt";
805
const char *seckeyfile = "seckey.txt";
806
mandos_context mc = { .simple_poll = NULL, .server = NULL,
807
.dh_bits = 1024, .priority = "SECURE256"};
808
bool gnutls_initalized = false;
811
struct argp_option options[] = {
812
{ .name = "debug", .key = 128,
813
.doc = "Debug mode", .group = 3 },
814
{ .name = "connect", .key = 'c',
816
.doc = "Connect directly to a sepcified mandos server",
818
{ .name = "interface", .key = 'i',
820
.doc = "Interface that Avahi will conntect through",
822
{ .name = "keydir", .key = 'd',
824
.doc = "Directory where the openpgp keyring is",
826
{ .name = "seckey", .key = 's',
828
.doc = "Secret openpgp key for gnutls authentication",
830
{ .name = "pubkey", .key = 'p',
832
.doc = "Public openpgp key for gnutls authentication",
834
{ .name = "dh-bits", .key = 129,
836
.doc = "dh-bits to use in gnutls communication",
838
{ .name = "priority", .key = 130,
840
.doc = "GNUTLS priority", .group = 1 },
845
error_t parse_opt (int key, char *arg,
846
struct argp_state *state) {
847
/* Get the INPUT argument from `argp_parse', which we know is
848
a pointer to our plugin list pointer. */
870
mc.dh_bits = (unsigned int) strtol(arg, NULL, 10);
885
return ARGP_ERR_UNKNOWN;
890
struct argp argp = { .options = options, .parser = parse_opt,
892
.doc = "Mandos client -- Get and decrypt"
893
" passwords from mandos server" };
894
argp_parse (&argp, argc, argv, 0, 0, NULL);
897
pubkeyfile = combinepath(keydir, pubkeyfile);
898
if (pubkeyfile == NULL){
899
perror("combinepath");
900
exitcode = EXIT_FAILURE;
904
seckeyfile = combinepath(keydir, seckeyfile);
905
if (seckeyfile == NULL){
906
perror("combinepath");
910
ret = init_gnutls_global(&mc, pubkeyfile, seckeyfile);
912
fprintf(stderr, "init_gnutls_global\n");
915
gnutls_initalized = true;
931
if_index = (AvahiIfIndex) if_nametoindex(interface);
933
fprintf(stderr, "No such interface: \"%s\"\n", interface);
937
if(connect_to != NULL){
938
/* Connect directly, do not use Zeroconf */
939
/* (Mainly meant for debugging) */
940
char *address = strrchr(connect_to, ':');
942
fprintf(stderr, "No colon in address\n");
943
exitcode = EXIT_FAILURE;
947
uint16_t port = (uint16_t) strtol(address+1, NULL, 10);
949
perror("Bad port number");
950
exitcode = EXIT_FAILURE;
954
address = connect_to;
955
ret = start_mandos_communication(address, port, if_index, &mc);
957
exitcode = EXIT_FAILURE;
959
exitcode = EXIT_SUCCESS;
964
/* If the interface is down, bring it up */
966
sd = socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP);
969
exitcode = EXIT_FAILURE;
972
strcpy(network.ifr_name, interface); /* Spurious warning */
973
ret = ioctl(sd, SIOCGIFFLAGS, &network);
975
perror("ioctl SIOCGIFFLAGS");
976
exitcode = EXIT_FAILURE;
979
if((network.ifr_flags & IFF_UP) == 0){
980
network.ifr_flags |= IFF_UP;
981
ret = ioctl(sd, SIOCSIFFLAGS, &network);
983
perror("ioctl SIOCSIFFLAGS");
984
exitcode = EXIT_FAILURE;
992
avahi_set_log_function(empty_log);
995
/* Initialize the pseudo-RNG for Avahi */
996
srand((unsigned int) time(NULL));
998
/* Allocate main Avahi loop object */
999
mc.simple_poll = avahi_simple_poll_new();
1000
if (mc.simple_poll == NULL) {
1001
fprintf(stderr, "Avahi: Failed to create simple poll"
1003
exitcode = EXIT_FAILURE;
1008
AvahiServerConfig config;
1009
/* Do not publish any local Zeroconf records */
1010
avahi_server_config_init(&config);
1011
config.publish_hinfo = 0;
1012
config.publish_addresses = 0;
1013
config.publish_workstation = 0;
1014
config.publish_domain = 0;
1016
/* Allocate a new server */
1017
mc.server = avahi_server_new(avahi_simple_poll_get
1018
(mc.simple_poll), &config, NULL,
1021
/* Free the Avahi configuration data */
1022
avahi_server_config_free(&config);
1025
/* Check if creating the Avahi server object succeeded */
1026
if (mc.server == NULL) {
1027
fprintf(stderr, "Failed to create Avahi server: %s\n",
1028
avahi_strerror(error));
1029
exitcode = EXIT_FAILURE;
1033
/* Create the Avahi service browser */
1034
sb = avahi_s_service_browser_new(mc.server, if_index,
1036
"_mandos._tcp", NULL, 0,
1037
browse_callback, &mc);
1039
fprintf(stderr, "Failed to create service browser: %s\n",
1040
avahi_strerror(avahi_server_errno(mc.server)));
1041
exitcode = EXIT_FAILURE;
1045
/* Run the main loop */
1048
fprintf(stderr, "Starting Avahi loop search\n");
1051
avahi_simple_poll_loop(mc.simple_poll);
1056
fprintf(stderr, "%s exiting\n", argv[0]);
1059
/* Cleanup things */
1061
avahi_s_service_browser_free(sb);
1063
if (mc.server != NULL)
1064
avahi_server_free(mc.server);
1066
if (mc.simple_poll != NULL)
1067
avahi_simple_poll_free(mc.simple_poll);
1071
if (gnutls_initalized){
1072
gnutls_certificate_free_credentials (mc.cred);
1073
gnutls_global_deinit ();