To get this branch, use:
bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk
« back to all changes in this revision
Viewing changes to plugins.d/mandosclient.c
- browse files at revision 24.1.4
- compare with another revision
- download diff
- download tarball
- view history from revision 24.1.4
- Committer: Björn Påhlsson
- Date: 2008-07-30 02:11:33 UTC
- mto: (24.1.154 mandos) (237.4.3 mandos-release)
- mto: This revision was merged to the branch mainline in revision 30.
- Revision ID: belorn@braxen-20080730021133-q341llq93r328q5b
Added optional parameters certdir, certkey and certfile that can be iven at start in the command line.
- files modified:
- Makefile
added
removed
plugins.d/mandosclient.c
48
48
#include <avahi-common/error.h>
49
49
50
50
//mandos client part
51
#include <sys/types.h> /* socket(), setsockopt(),
52
inet_pton() */
53
#include <sys/socket.h> /* socket(), setsockopt(),
54
struct sockaddr_in6,
51
#include <sys/types.h> /* socket(), inet_pton() */
52
#include <sys/socket.h> /* socket(), struct sockaddr_in6,
55
53
struct in6_addr, inet_pton() */
56
54
#include <gnutls/gnutls.h> /* All GnuTLS stuff */
57
55
#include <gnutls/openpgp.h> /* GnuTLS with openpgp stuff */
70
68
// getopt long
71
69
#include <getopt.h>
72
70
73
#ifndef CERT_ROOT
74
#define CERT_ROOT "/conf/conf.d/cryptkeyreq/"
75
#endif
76
#define CERTFILE CERT_ROOT "openpgp-client.txt"
77
#define KEYFILE CERT_ROOT "openpgp-client-key.txt"
78
71
#define BUFFER_SIZE 256
79
72
#define DH_BITS 1024
80
73
74
const char *certdir = "/conf/conf.d/cryptkeyreq/";
75
const char *certfile = "openpgp-client.txt";
76
const char *certkey = "openpgp-client-key.txt";
77
81
78
bool debug = false;
82
79
83
80
typedef struct {
103
100
104
101
/* Init GPGME */
105
102
gpgme_check_version(NULL);
106
gpgme_engine_check_version(GPGME_PROTOCOL_OpenPGP);
103
rc = gpgme_engine_check_version(GPGME_PROTOCOL_OpenPGP);
104
if (rc != GPG_ERR_NO_ERROR){
105
fprintf(stderr, "bad gpgme_engine_check_version: %s: %s\n",
106
gpgme_strsource(rc), gpgme_strerror(rc));
107
return -1;
108
}
107
109
108
110
/* Set GPGME home directory */
109
111
rc = gpgme_get_engine_info (&engine_info);
195
197
gpgme_data_release(dh_crypto);
196
198
197
199
/* Seek back to the beginning of the GPGME plaintext data buffer */
198
gpgme_data_seek(dh_plain, 0, SEEK_SET);
200
gpgme_data_seek(dh_plain, (off_t) 0, SEEK_SET);
199
201
200
202
*new_packet = 0;
201
203
while(true){
255
257
if(debug){
256
258
fprintf(stderr, "Initializing GnuTLS\n");
257
259
}
258
260
259
261
if ((ret = gnutls_global_init ())
260
262
!= GNUTLS_E_SUCCESS) {
261
263
fprintf (stderr, "global_init: %s\n", safer_gnutls_strerror(ret));
277
279
278
280
if(debug){
279
281
fprintf(stderr, "Attempting to use OpenPGP certificate %s"
280
" and keyfile %s as GnuTLS credentials\n", CERTFILE,
281
KEYFILE);
282
" and keyfile %s as GnuTLS credentials\n", certfile,
283
certkey);
282
284
}
283
285
284
286
ret = gnutls_certificate_set_openpgp_key_file
285
(es->cred, CERTFILE, KEYFILE, GNUTLS_OPENPGP_FMT_BASE64);
287
(es->cred, certfile, certkey, GNUTLS_OPENPGP_FMT_BASE64);
286
288
if (ret != GNUTLS_E_SUCCESS) {
287
289
fprintf
288
290
(stderr, "Error[%d] while reading the OpenPGP key pair ('%s',"
289
291
" '%s')\n",
290
ret, CERTFILE, KEYFILE);
292
ret, certfile, certkey);
291
293
fprintf(stdout, "The Error is: %s\n",
292
294
safer_gnutls_strerror(ret));
293
295
return -1;
345
347
void empty_log(__attribute__((unused)) AvahiLogLevel level,
346
348
__attribute__((unused)) const char *txt){}
347
349
348
int start_mandos_communication(char *ip, uint16_t port,
350
int start_mandos_communication(const char *ip, uint16_t port,
349
351
unsigned int if_index){
350
352
int ret, tcp_sd;
351
353
struct sockaddr_in6 to;
355
357
size_t buffer_length = 0;
356
358
size_t buffer_capacity = 0;
357
359
ssize_t decrypted_buffer_size;
360
size_t written = 0;
358
361
int retval = 0;
359
362
char interface[IF_NAMESIZE];
360
363
379
382
fprintf(stderr, "Binding to interface %s\n", interface);
380
383
}
381
384
382
ret = setsockopt(tcp_sd, SOL_SOCKET, SO_BINDTODEVICE, interface, 5);
383
if(ret < 0) {
384
perror("setsockopt bindtodevice");
385
return -1;
386
}
387
388
memset(&to,0,sizeof(to));
385
memset(&to,0,sizeof(to)); /* Spurious warning */
389
386
to.sin6_family = AF_INET6;
390
387
ret = inet_pton(AF_INET6, ip, &to.sin6_addr);
391
388
if (ret < 0 ){
396
393
fprintf(stderr, "Bad address: %s\n", ip);
397
394
return -1;
398
395
}
399
/* Spurious warnings for the next line, see for instance
400
<http://bugs.debian.org/488884> */
401
to.sin6_port = htons(port);
396
to.sin6_port = htons(port); /* Spurious warning */
402
397
403
398
to.sin6_scope_id = (uint32_t)if_index;
404
399
428
423
ret = gnutls_handshake (es.session);
429
424
430
425
if (ret != GNUTLS_E_SUCCESS){
431
fprintf(stderr, "\n*** Handshake failed ***\n");
432
gnutls_perror (ret);
426
if(debug){
427
fprintf(stderr, "\n*** Handshake failed ***\n");
428
gnutls_perror (ret);
429
}
433
430
retval = -1;
434
431
goto exit;
435
432
}
486
483
decrypted_buffer_size = pgp_packet_decrypt(buffer,
487
484
buffer_length,
488
485
&decrypted_buffer,
489
CERT_ROOT);
486
certdir);
490
487
if (decrypted_buffer_size >= 0){
491
while(decrypted_buffer_size > 0){
492
ret = fwrite (decrypted_buffer, 1, (size_t)decrypted_buffer_size,
493
stdout);
488
while(written < decrypted_buffer_size){
489
ret = (int)fwrite (decrypted_buffer + written, 1,
490
(size_t)decrypted_buffer_size - written,
491
stdout);
494
492
if(ret == 0 and ferror(stdout)){
495
493
if(debug){
496
494
fprintf(stderr, "Error writing encrypted data: %s\n",
499
497
retval = -1;
500
498
break;
501
499
}
502
decrypted_buffer += ret;
503
decrypted_buffer_size -= ret;
500
written += (size_t)ret;
504
501
}
505
502
free(decrypted_buffer);
506
503
} else {
529
526
530
527
static void resolve_callback(
531
528
AvahiSServiceResolver *r,
532
AVAHI_GCC_UNUSED AvahiIfIndex interface,
529
AvahiIfIndex interface,
533
530
AVAHI_GCC_UNUSED AvahiProtocol protocol,
534
531
AvahiResolverEvent event,
535
532
const char *name,
542
539
AVAHI_GCC_UNUSED AvahiLookupResultFlags flags,
543
540
AVAHI_GCC_UNUSED void* userdata) {
544
541
545
assert(r);
546
542
assert(r); /* Spurious warning */
543
547
544
/* Called whenever a service has been resolved successfully or
548
545
timed out */
549
546
550
547
switch (event) {
551
548
default:
552
549
case AVAHI_RESOLVER_FAILURE:
554
551
" type '%s' in domain '%s': %s\n", name, type, domain,
555
552
avahi_strerror(avahi_server_errno(server)));
556
553
break;
557
554
558
555
case AVAHI_RESOLVER_FOUND:
559
556
{
560
557
char ip[AVAHI_ADDRESS_STR_MAX];
561
558
avahi_address_snprint(ip, sizeof(ip), address);
562
559
if(debug){
563
fprintf(stderr, "Mandos server found on %s (%s) on port %d\n",
564
host_name, ip, port);
560
fprintf(stderr, "Mandos server \"%s\" found on %s (%s) on"
561
" port %d\n", name, host_name, ip, port);
565
562
}
566
563
int ret = start_mandos_communication(ip, port,
567
(unsigned int)
568
interface);
564
(unsigned int) interface);
569
565
if (ret == 0){
570
566
exit(EXIT_SUCCESS);
571
} else {
572
exit(EXIT_FAILURE);
573
567
}
574
568
}
575
569
}
588
582
void* userdata) {
589
583
590
584
AvahiServer *s = userdata;
591
assert(b);
592
585
assert(b); /* Spurious warning */
586
593
587
/* Called whenever a new services becomes available on the LAN or
594
588
is removed from the LAN */
595
589
596
590
switch (event) {
597
591
default:
598
592
case AVAHI_BROWSER_FAILURE:
625
619
}
626
620
}
627
621
622
/* combinds two strings and returns the malloced new string. som sane checks could/should be added */
623
const char *combinestrings(const char *first, const char *second){
624
char *tmp;
625
tmp = malloc(strlen(first) + strlen(second));
626
if (tmp == NULL){
627
perror("malloc");
628
return NULL;
629
}
630
strcpy(tmp, first);
631
strcat(tmp, second);
632
return tmp;
633
}
634
635
628
636
int main(AVAHI_GCC_UNUSED int argc, AVAHI_GCC_UNUSED char*argv[]) {
629
637
AvahiServerConfig config;
630
638
AvahiSServiceBrowser *sb = NULL;
637
645
static struct option long_options[] = {
638
646
{"debug", no_argument, (int *)&debug, 1},
639
647
{"interface", required_argument, 0, 'i'},
648
{"certdir", required_argument, 0, 'd'},
649
{"certkey", required_argument, 0, 'c'},
650
{"certfile", required_argument, 0, 'k'},
640
651
{0, 0, 0, 0} };
641
652
642
653
int option_index = 0;
643
654
ret = getopt_long (argc, argv, "i:", long_options,
644
655
&option_index);
645
656
646
657
if (ret == -1){
647
658
break;
648
659
}
653
664
case 'i':
654
665
interface = optarg;
655
666
break;
667
case 'd':
668
certdir = optarg;
669
break;
670
case 'c':
671
certfile = optarg;
672
break;
673
case 'k':
674
certkey = optarg;
675
break;
656
676
default:
657
677
exit(EXIT_FAILURE);
658
678
}
659
679
}
680
681
certfile = combinestrings(certdir, certfile);
682
if (certfile == NULL){
683
goto exit;
684
}
660
685
686
certkey = combinestrings(certdir, certkey);
687
if (certkey == NULL){
688
goto exit;
689
}
690
661
691
if (not debug){
662
692
avahi_set_log_function(empty_log);
663
693
}
Loggerhead is a web-based interface for Breezy
Version: 2.0.2.dev0