25
25
* along with this program. If not, see
26
26
* <http://www.gnu.org/licenses/>.
28
* Contact the authors at <mandos@fukt.bsnet.se>.
28
* Contact the authors at <https://www.fukt.bsnet.se/~belorn/> and
29
* <https://www.fukt.bsnet.se/~teddy/>.
31
/* Needed by GPGME, specifically gpgme_data_seek() */
32
#define _FORTIFY_SOURCE 2
32
34
#define _LARGEFILE_SOURCE
33
35
#define _FILE_OFFSET_BITS 64
35
#define _GNU_SOURCE /* TEMP_FAILURE_RETRY() */
37
#include <stdio.h> /* fprintf(), stderr, fwrite(), stdout,
39
#include <stdint.h> /* uint16_t, uint32_t */
40
#include <stddef.h> /* NULL, size_t, ssize_t */
41
#include <stdlib.h> /* free(), EXIT_SUCCESS, EXIT_FAILURE,
43
#include <stdbool.h> /* bool, true */
44
#include <string.h> /* memset(), strcmp(), strlen(),
45
strerror(), memcpy(), strcpy() */
46
#include <sys/ioctl.h> /* ioctl */
47
#include <net/if.h> /* ifreq, SIOCGIFFLAGS, SIOCSIFFLAGS,
49
#include <sys/types.h> /* socket(), inet_pton(), sockaddr,
50
sockaddr_in6, PF_INET6,
51
SOCK_STREAM, INET6_ADDRSTRLEN,
53
#include <inttypes.h> /* PRIu16 */
54
#include <sys/socket.h> /* socket(), struct sockaddr_in6,
55
struct in6_addr, inet_pton(),
57
#include <assert.h> /* assert() */
58
#include <errno.h> /* perror(), errno */
59
#include <time.h> /* time() */
60
#include <net/if.h> /* ioctl, ifreq, SIOCGIFFLAGS, IFF_UP,
61
SIOCSIFFLAGS, if_indextoname(),
62
if_nametoindex(), IF_NAMESIZE */
63
#include <unistd.h> /* close(), SEEK_SET, off_t, write(),
64
getuid(), getgid(), setuid(),
66
#include <netinet/in.h>
67
#include <arpa/inet.h> /* inet_pton(), htons */
68
#include <iso646.h> /* not, and */
69
#include <argp.h> /* struct argp_option, error_t, struct
70
argp_state, struct argp,
71
argp_parse(), ARGP_KEY_ARG,
72
ARGP_KEY_END, ARGP_ERR_UNKNOWN */
75
/* All Avahi types, constants and functions
41
#include <net/if.h> /* if_nametoindex */
78
43
#include <avahi-core/core.h>
79
44
#include <avahi-core/lookup.h>
80
45
#include <avahi-core/log.h>
82
47
#include <avahi-common/malloc.h>
83
48
#include <avahi-common/error.h>
86
#include <gnutls/gnutls.h> /* All GnuTLS types, constants and functions
88
init_gnutls_session(),
90
#include <gnutls/openpgp.h> /* gnutls_certificate_set_openpgp_key_file(),
91
GNUTLS_OPENPGP_FMT_BASE64 */
94
#include <gpgme.h> /* All GPGME types, constants and functions
96
GPGME_PROTOCOL_OpenPGP,
51
#include <sys/types.h> /* socket(), inet_pton() */
52
#include <sys/socket.h> /* socket(), struct sockaddr_in6,
53
struct in6_addr, inet_pton() */
54
#include <gnutls/gnutls.h> /* All GnuTLS stuff */
55
#include <gnutls/openpgp.h> /* GnuTLS with openpgp stuff */
57
#include <unistd.h> /* close() */
58
#include <netinet/in.h>
59
#include <stdbool.h> /* true */
60
#include <string.h> /* memset */
61
#include <arpa/inet.h> /* inet_pton() */
62
#include <iso646.h> /* not */
65
#include <errno.h> /* perror() */
99
71
#define BUFFER_SIZE 256
74
const char *certdir = "/conf/conf.d/cryptkeyreq/";
75
const char *certfile = "openpgp-client.txt";
76
const char *certkey = "openpgp-client-key.txt";
101
78
bool debug = false;
102
static const char *keydir = "/conf/conf.d/mandos";
103
static const char mandos_protocol_version[] = "1";
104
const char *argp_program_version = "password-request 1.0";
105
const char *argp_program_bug_address = "<mandos@fukt.bsnet.se>";
107
/* Used for passing in values through the Avahi callback functions */
109
AvahiSimplePoll *simple_poll;
81
gnutls_session_t session;
111
82
gnutls_certificate_credentials_t cred;
112
unsigned int dh_bits;
113
83
gnutls_dh_params_t dh_params;
114
const char *priority;
118
* Make room in "buffer" for at least BUFFER_SIZE additional bytes.
119
* "buffer_capacity" is how much is currently allocated,
120
* "buffer_length" is how much is already used.
122
size_t adjustbuffer(char **buffer, size_t buffer_length,
123
size_t buffer_capacity){
124
if (buffer_length + BUFFER_SIZE > buffer_capacity){
125
*buffer = realloc(*buffer, buffer_capacity + BUFFER_SIZE);
129
buffer_capacity += BUFFER_SIZE;
131
return buffer_capacity;
135
* Decrypt OpenPGP data using keyrings in HOMEDIR.
136
* Returns -1 on error
138
static ssize_t pgp_packet_decrypt (const char *cryptotext,
141
const char *homedir){
87
ssize_t pgp_packet_decrypt (char *packet, size_t packet_size,
88
char **new_packet, const char *homedir){
142
89
gpgme_data_t dh_crypto, dh_plain;
146
size_t plaintext_capacity = 0;
147
ssize_t plaintext_length = 0;
93
ssize_t new_packet_capacity = 0;
94
ssize_t new_packet_length = 0;
148
95
gpgme_engine_info_t engine_info;
151
fprintf(stderr, "Trying to decrypt OpenPGP data\n");
98
fprintf(stderr, "Trying to decrypt OpenPGP packet\n");
311
/* GnuTLS log function callback */
312
static void debuggnutls(__attribute__((unused)) int level,
314
fprintf(stderr, "GnuTLS: %s", string);
248
void debuggnutls(__attribute__((unused)) int level,
250
fprintf(stderr, "%s", string);
317
static int init_gnutls_global(mandos_context *mc,
318
const char *pubkeyfile,
319
const char *seckeyfile){
253
int initgnutls(encrypted_session *es){
323
258
fprintf(stderr, "Initializing GnuTLS\n");
326
ret = gnutls_global_init();
327
if (ret != GNUTLS_E_SUCCESS) {
328
fprintf (stderr, "GnuTLS global_init: %s\n",
329
safer_gnutls_strerror(ret));
261
if ((ret = gnutls_global_init ())
262
!= GNUTLS_E_SUCCESS) {
263
fprintf (stderr, "global_init: %s\n", safer_gnutls_strerror(ret));
334
/* "Use a log level over 10 to enable all debugging options."
337
268
gnutls_global_set_log_level(11);
338
269
gnutls_global_set_log_function(debuggnutls);
341
/* OpenPGP credentials */
342
gnutls_certificate_allocate_credentials(&mc->cred);
343
if (ret != GNUTLS_E_SUCCESS){
344
fprintf (stderr, "GnuTLS memory error: %s\n",
272
/* openpgp credentials */
273
if ((ret = gnutls_certificate_allocate_credentials (&es->cred))
274
!= GNUTLS_E_SUCCESS) {
275
fprintf (stderr, "memory error: %s\n",
345
276
safer_gnutls_strerror(ret));
346
gnutls_global_deinit ();
351
281
fprintf(stderr, "Attempting to use OpenPGP certificate %s"
352
" and keyfile %s as GnuTLS credentials\n", pubkeyfile,
282
" and keyfile %s as GnuTLS credentials\n", certfile,
356
286
ret = gnutls_certificate_set_openpgp_key_file
357
(mc->cred, pubkeyfile, seckeyfile, GNUTLS_OPENPGP_FMT_BASE64);
287
(es->cred, certfile, certkey, GNUTLS_OPENPGP_FMT_BASE64);
358
288
if (ret != GNUTLS_E_SUCCESS) {
360
"Error[%d] while reading the OpenPGP key pair ('%s',"
361
" '%s')\n", ret, pubkeyfile, seckeyfile);
362
fprintf(stdout, "The GnuTLS error is: %s\n",
290
(stderr, "Error[%d] while reading the OpenPGP key pair ('%s',"
292
ret, certfile, certkey);
293
fprintf(stdout, "The Error is: %s\n",
363
294
safer_gnutls_strerror(ret));
367
/* GnuTLS server initialization */
368
ret = gnutls_dh_params_init(&mc->dh_params);
369
if (ret != GNUTLS_E_SUCCESS) {
370
fprintf (stderr, "Error in GnuTLS DH parameter initialization:"
371
" %s\n", safer_gnutls_strerror(ret));
374
ret = gnutls_dh_params_generate2(mc->dh_params, mc->dh_bits);
375
if (ret != GNUTLS_E_SUCCESS) {
376
fprintf (stderr, "Error in GnuTLS prime generation: %s\n",
377
safer_gnutls_strerror(ret));
381
gnutls_certificate_set_dh_params(mc->cred, mc->dh_params);
387
gnutls_certificate_free_credentials(mc->cred);
388
gnutls_global_deinit();
393
static int init_gnutls_session(mandos_context *mc,
394
gnutls_session_t *session){
396
/* GnuTLS session creation */
397
ret = gnutls_init(session, GNUTLS_SERVER);
398
if (ret != GNUTLS_E_SUCCESS){
298
//GnuTLS server initialization
299
if ((ret = gnutls_dh_params_init (&es->dh_params))
300
!= GNUTLS_E_SUCCESS) {
301
fprintf (stderr, "Error in dh parameter initialization: %s\n",
302
safer_gnutls_strerror(ret));
306
if ((ret = gnutls_dh_params_generate2 (es->dh_params, DH_BITS))
307
!= GNUTLS_E_SUCCESS) {
308
fprintf (stderr, "Error in prime generation: %s\n",
309
safer_gnutls_strerror(ret));
313
gnutls_certificate_set_dh_params (es->cred, es->dh_params);
315
// GnuTLS session creation
316
if ((ret = gnutls_init (&es->session, GNUTLS_SERVER))
317
!= GNUTLS_E_SUCCESS){
399
318
fprintf(stderr, "Error in GnuTLS session initialization: %s\n",
400
319
safer_gnutls_strerror(ret));
405
ret = gnutls_priority_set_direct(*session, mc->priority, &err);
406
if (ret != GNUTLS_E_SUCCESS) {
407
fprintf(stderr, "Syntax error at: %s\n", err);
408
fprintf(stderr, "GnuTLS error: %s\n",
409
safer_gnutls_strerror(ret));
410
gnutls_deinit (*session);
322
if ((ret = gnutls_priority_set_direct (es->session, "NORMAL", &err))
323
!= GNUTLS_E_SUCCESS) {
324
fprintf(stderr, "Syntax error at: %s\n", err);
325
fprintf(stderr, "GnuTLS error: %s\n",
326
safer_gnutls_strerror(ret));
415
ret = gnutls_credentials_set(*session, GNUTLS_CRD_CERTIFICATE,
417
if (ret != GNUTLS_E_SUCCESS) {
418
fprintf(stderr, "Error setting GnuTLS credentials: %s\n",
330
if ((ret = gnutls_credentials_set
331
(es->session, GNUTLS_CRD_CERTIFICATE, es->cred))
332
!= GNUTLS_E_SUCCESS) {
333
fprintf(stderr, "Error setting a credentials set: %s\n",
419
334
safer_gnutls_strerror(ret));
420
gnutls_deinit (*session);
424
338
/* ignore client certificate if any. */
425
gnutls_certificate_server_set_request (*session,
339
gnutls_certificate_server_set_request (es->session,
426
340
GNUTLS_CERT_IGNORE);
428
gnutls_dh_set_prime_bits (*session, mc->dh_bits);
342
gnutls_dh_set_prime_bits (es->session, DH_BITS);
433
/* Avahi log function callback */
434
static void empty_log(__attribute__((unused)) AvahiLogLevel level,
435
__attribute__((unused)) const char *txt){}
347
void empty_log(__attribute__((unused)) AvahiLogLevel level,
348
__attribute__((unused)) const char *txt){}
437
/* Called when a Mandos server is found */
438
static int start_mandos_communication(const char *ip, uint16_t port,
439
AvahiIfIndex if_index,
350
int start_mandos_communication(const char *ip, uint16_t port,
351
unsigned int if_index){
442
union { struct sockaddr in; struct sockaddr_in6 in6; } to;
353
struct sockaddr_in6 to;
354
encrypted_session es;
443
355
char *buffer = NULL;
444
356
char *decrypted_buffer;
445
357
size_t buffer_length = 0;
446
358
size_t buffer_capacity = 0;
447
359
ssize_t decrypted_buffer_size;
450
362
char interface[IF_NAMESIZE];
451
gnutls_session_t session;
453
ret = init_gnutls_session (mc, &session);
459
fprintf(stderr, "Setting up a tcp connection to %s, port %" PRIu16
365
fprintf(stderr, "Setting up a tcp connection to %s\n", ip);
463
368
tcp_sd = socket(PF_INET6, SOCK_STREAM, 0);
465
370
perror("socket");
470
if(if_indextoname((unsigned int)if_index, interface) == NULL){
374
if(if_indextoname(if_index, interface) == NULL){
471
376
perror("if_indextoname");
474
382
fprintf(stderr, "Binding to interface %s\n", interface);
477
385
memset(&to,0,sizeof(to)); /* Spurious warning */
478
to.in6.sin6_family = AF_INET6;
479
/* It would be nice to have a way to detect if we were passed an
480
IPv4 address here. Now we assume an IPv6 address. */
481
ret = inet_pton(AF_INET6, ip, &to.in6.sin6_addr);
386
to.sin6_family = AF_INET6;
387
ret = inet_pton(AF_INET6, ip, &to.sin6_addr);
483
389
perror("inet_pton");
487
393
fprintf(stderr, "Bad address: %s\n", ip);
490
to.in6.sin6_port = htons(port); /* Spurious warning */
396
to.sin6_port = htons(port); /* Spurious warning */
492
to.in6.sin6_scope_id = (uint32_t)if_index;
398
to.sin6_scope_id = (uint32_t)if_index;
495
fprintf(stderr, "Connection to: %s, port %" PRIu16 "\n", ip,
497
char addrstr[INET6_ADDRSTRLEN] = "";
498
if(inet_ntop(to.in6.sin6_family, &(to.in6.sin6_addr), addrstr,
499
sizeof(addrstr)) == NULL){
502
if(strcmp(addrstr, ip) != 0){
503
fprintf(stderr, "Canonical address form: %s\n", addrstr);
401
fprintf(stderr, "Connection to: %s\n", ip);
508
ret = connect(tcp_sd, &to.in, sizeof(to));
404
ret = connect(tcp_sd, (struct sockaddr *) &to, sizeof(to));
510
406
perror("connect");
514
const char *out = mandos_protocol_version;
517
size_t out_size = strlen(out);
518
ret = TEMP_FAILURE_RETRY(write(tcp_sd, out + written,
519
out_size - written));
525
written += (size_t)ret;
526
if(written < out_size){
529
if (out == mandos_protocol_version){
410
ret = initgnutls (&es);
416
gnutls_transport_set_ptr (es.session,
417
(gnutls_transport_ptr_t) tcp_sd);
539
420
fprintf(stderr, "Establishing TLS session with %s\n", ip);
542
gnutls_transport_set_ptr (session, (gnutls_transport_ptr_t) tcp_sd);
545
ret = gnutls_handshake (session);
546
} while(ret == GNUTLS_E_AGAIN or ret == GNUTLS_E_INTERRUPTED);
423
ret = gnutls_handshake (es.session);
548
425
if (ret != GNUTLS_E_SUCCESS){
550
fprintf(stderr, "*** GnuTLS Handshake failed ***\n");
427
fprintf(stderr, "\n*** Handshake failed ***\n");
551
428
gnutls_perror (ret);
557
/* Read OpenPGP packet that contains the wanted password */
434
//Retrieve OpenPGP packet that contains the wanted password
560
437
fprintf(stderr, "Retrieving pgp encrypted password from %s\n",
691
570
avahi_s_service_resolver_free(r);
694
static void browse_callback( AvahiSServiceBrowser *b,
695
AvahiIfIndex interface,
696
AvahiProtocol protocol,
697
AvahiBrowserEvent event,
701
AVAHI_GCC_UNUSED AvahiLookupResultFlags
704
mandos_context *mc = userdata;
705
assert(b); /* Spurious warning */
707
/* Called whenever a new services becomes available on the LAN or
708
is removed from the LAN */
712
case AVAHI_BROWSER_FAILURE:
714
fprintf(stderr, "(Avahi browser) %s\n",
715
avahi_strerror(avahi_server_errno(mc->server)));
716
avahi_simple_poll_quit(mc->simple_poll);
719
case AVAHI_BROWSER_NEW:
720
/* We ignore the returned Avahi resolver object. In the callback
721
function we free it. If the Avahi server is terminated before
722
the callback function is called the Avahi server will free the
725
if (!(avahi_s_service_resolver_new(mc->server, interface,
726
protocol, name, type, domain,
727
AVAHI_PROTO_INET6, 0,
728
resolve_callback, mc)))
729
fprintf(stderr, "Avahi: Failed to resolve service '%s': %s\n",
730
name, avahi_strerror(avahi_server_errno(mc->server)));
733
case AVAHI_BROWSER_REMOVE:
736
case AVAHI_BROWSER_ALL_FOR_NOW:
737
case AVAHI_BROWSER_CACHE_EXHAUSTED:
739
fprintf(stderr, "No Mandos server found, still searching...\n");
573
static void browse_callback(
574
AvahiSServiceBrowser *b,
575
AvahiIfIndex interface,
576
AvahiProtocol protocol,
577
AvahiBrowserEvent event,
581
AVAHI_GCC_UNUSED AvahiLookupResultFlags flags,
584
AvahiServer *s = userdata;
585
assert(b); /* Spurious warning */
587
/* Called whenever a new services becomes available on the LAN or
588
is removed from the LAN */
592
case AVAHI_BROWSER_FAILURE:
594
fprintf(stderr, "(Browser) %s\n",
595
avahi_strerror(avahi_server_errno(server)));
596
avahi_simple_poll_quit(simple_poll);
599
case AVAHI_BROWSER_NEW:
600
/* We ignore the returned resolver object. In the callback
601
function we free it. If the server is terminated before
602
the callback function is called the server will free
603
the resolver for us. */
605
if (!(avahi_s_service_resolver_new(s, interface, protocol, name,
607
AVAHI_PROTO_INET6, 0,
608
resolve_callback, s)))
609
fprintf(stderr, "Failed to resolve service '%s': %s\n", name,
610
avahi_strerror(avahi_server_errno(s)));
613
case AVAHI_BROWSER_REMOVE:
616
case AVAHI_BROWSER_ALL_FOR_NOW:
617
case AVAHI_BROWSER_CACHE_EXHAUSTED:
745
/* Combines file name and path and returns the malloced new
746
string. some sane checks could/should be added */
747
static const char *combinepath(const char *first, const char *second){
748
size_t f_len = strlen(first);
749
size_t s_len = strlen(second);
750
char *tmp = malloc(f_len + s_len + 2);
622
/* combinds two strings and returns the malloced new string. som sane checks could/should be added */
623
const char *combinestrings(const char *first, const char *second){
625
tmp = malloc(strlen(first) + strlen(second));
751
626
if (tmp == NULL){
755
memcpy(tmp, first, f_len); /* Spurious warning */
759
memcpy(tmp + f_len + 1, second, s_len); /* Spurious warning */
761
tmp[f_len + 1 + s_len] = '\0';
766
int main(int argc, char *argv[]){
636
int main(AVAHI_GCC_UNUSED int argc, AVAHI_GCC_UNUSED char*argv[]) {
637
AvahiServerConfig config;
767
638
AvahiSServiceBrowser *sb = NULL;
770
int exitcode = EXIT_SUCCESS;
641
int returncode = EXIT_SUCCESS;
771
642
const char *interface = "eth0";
772
struct ifreq network;
776
char *connect_to = NULL;
777
AvahiIfIndex if_index = AVAHI_IF_UNSPEC;
778
const char *pubkeyfile = "pubkey.txt";
779
const char *seckeyfile = "seckey.txt";
780
mandos_context mc = { .simple_poll = NULL, .server = NULL,
781
.dh_bits = 1024, .priority = "SECURE256"};
782
bool gnutls_initalized = false;
785
struct argp_option options[] = {
786
{ .name = "debug", .key = 128,
787
.doc = "Debug mode", .group = 3 },
788
{ .name = "connect", .key = 'c',
790
.doc = "Connect directly to a sepcified mandos server",
792
{ .name = "interface", .key = 'i',
794
.doc = "Interface that Avahi will conntect through",
796
{ .name = "keydir", .key = 'd',
798
.doc = "Directory where the openpgp keyring is",
800
{ .name = "seckey", .key = 's',
802
.doc = "Secret openpgp key for gnutls authentication",
804
{ .name = "pubkey", .key = 'p',
806
.doc = "Public openpgp key for gnutls authentication",
808
{ .name = "dh-bits", .key = 129,
810
.doc = "dh-bits to use in gnutls communication",
812
{ .name = "priority", .key = 130,
814
.doc = "GNUTLS priority", .group = 1 },
819
error_t parse_opt (int key, char *arg,
820
struct argp_state *state) {
821
/* Get the INPUT argument from `argp_parse', which we know is
822
a pointer to our plugin list pointer. */
844
mc.dh_bits = (unsigned int) strtol(arg, NULL, 10);
859
return ARGP_ERR_UNKNOWN;
864
struct argp argp = { .options = options, .parser = parse_opt,
866
.doc = "Mandos client -- Get and decrypt"
867
" passwords from mandos server" };
868
ret = argp_parse (&argp, argc, argv, 0, 0, NULL);
869
if (ret == ARGP_ERR_UNKNOWN){
870
fprintf(stderr, "Unkown error while parsing arguments\n");
871
exitcode = EXIT_FAILURE;
876
pubkeyfile = combinepath(keydir, pubkeyfile);
877
if (pubkeyfile == NULL){
878
perror("combinepath");
879
exitcode = EXIT_FAILURE;
883
seckeyfile = combinepath(keydir, seckeyfile);
884
if (seckeyfile == NULL){
885
perror("combinepath");
889
ret = init_gnutls_global(&mc, pubkeyfile, seckeyfile);
891
fprintf(stderr, "init_gnutls_global\n");
894
gnutls_initalized = true;
910
if_index = (AvahiIfIndex) if_nametoindex(interface);
912
fprintf(stderr, "No such interface: \"%s\"\n", interface);
916
if(connect_to != NULL){
917
/* Connect directly, do not use Zeroconf */
918
/* (Mainly meant for debugging) */
919
char *address = strrchr(connect_to, ':');
921
fprintf(stderr, "No colon in address\n");
922
exitcode = EXIT_FAILURE;
926
uint16_t port = (uint16_t) strtol(address+1, NULL, 10);
928
perror("Bad port number");
929
exitcode = EXIT_FAILURE;
933
address = connect_to;
934
ret = start_mandos_communication(address, port, if_index, &mc);
936
exitcode = EXIT_FAILURE;
938
exitcode = EXIT_SUCCESS;
943
/* If the interface is down, bring it up */
945
sd = socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP);
948
exitcode = EXIT_FAILURE;
951
strcpy(network.ifr_name, interface); /* Spurious warning */
952
ret = ioctl(sd, SIOCGIFFLAGS, &network);
954
perror("ioctl SIOCGIFFLAGS");
955
exitcode = EXIT_FAILURE;
958
if((network.ifr_flags & IFF_UP) == 0){
959
network.ifr_flags |= IFF_UP;
960
ret = ioctl(sd, SIOCSIFFLAGS, &network);
962
perror("ioctl SIOCSIFFLAGS");
963
exitcode = EXIT_FAILURE;
645
static struct option long_options[] = {
646
{"debug", no_argument, (int *)&debug, 1},
647
{"interface", required_argument, 0, 'i'},
648
{"certdir", required_argument, 0, 'd'},
649
{"certkey", required_argument, 0, 'c'},
650
{"certfile", required_argument, 0, 'k'},
653
int option_index = 0;
654
ret = getopt_long (argc, argv, "i:", long_options,
681
certfile = combinestrings(certdir, certfile);
682
if (certfile == NULL){
686
certkey = combinestrings(certdir, certkey);
687
if (certkey == NULL){
971
692
avahi_set_log_function(empty_log);
974
/* Initialize the pseudo-RNG for Avahi */
695
/* Initialize the psuedo-RNG */
975
696
srand((unsigned int) time(NULL));
977
/* Allocate main Avahi loop object */
978
mc.simple_poll = avahi_simple_poll_new();
979
if (mc.simple_poll == NULL) {
980
fprintf(stderr, "Avahi: Failed to create simple poll"
982
exitcode = EXIT_FAILURE;
987
AvahiServerConfig config;
988
/* Do not publish any local Zeroconf records */
989
avahi_server_config_init(&config);
990
config.publish_hinfo = 0;
991
config.publish_addresses = 0;
992
config.publish_workstation = 0;
993
config.publish_domain = 0;
995
/* Allocate a new server */
996
mc.server = avahi_server_new(avahi_simple_poll_get
997
(mc.simple_poll), &config, NULL,
1000
/* Free the Avahi configuration data */
1001
avahi_server_config_free(&config);
1004
/* Check if creating the Avahi server object succeeded */
1005
if (mc.server == NULL) {
1006
fprintf(stderr, "Failed to create Avahi server: %s\n",
698
/* Allocate main loop object */
699
if (!(simple_poll = avahi_simple_poll_new())) {
700
fprintf(stderr, "Failed to create simple poll object.\n");
705
/* Do not publish any local records */
706
avahi_server_config_init(&config);
707
config.publish_hinfo = 0;
708
config.publish_addresses = 0;
709
config.publish_workstation = 0;
710
config.publish_domain = 0;
712
/* Allocate a new server */
713
server = avahi_server_new(avahi_simple_poll_get(simple_poll),
714
&config, NULL, NULL, &error);
716
/* Free the configuration data */
717
avahi_server_config_free(&config);
719
/* Check if creating the server object succeeded */
721
fprintf(stderr, "Failed to create server: %s\n",
1007
722
avahi_strerror(error));
1008
exitcode = EXIT_FAILURE;
723
returncode = EXIT_FAILURE;
1012
/* Create the Avahi service browser */
1013
sb = avahi_s_service_browser_new(mc.server, if_index,
727
/* Create the service browser */
728
sb = avahi_s_service_browser_new(server,
730
if_nametoindex(interface),
1014
731
AVAHI_PROTO_INET6,
1015
732
"_mandos._tcp", NULL, 0,
1016
browse_callback, &mc);
733
browse_callback, server);
1018
735
fprintf(stderr, "Failed to create service browser: %s\n",
1019
avahi_strerror(avahi_server_errno(mc.server)));
1020
exitcode = EXIT_FAILURE;
736
avahi_strerror(avahi_server_errno(server)));
737
returncode = EXIT_FAILURE;
1024
741
/* Run the main loop */
1027
fprintf(stderr, "Starting Avahi loop search\n");
744
fprintf(stderr, "Starting avahi loop search\n");
1030
avahi_simple_poll_loop(mc.simple_poll);
747
avahi_simple_poll_loop(simple_poll);
1035
752
fprintf(stderr, "%s exiting\n", argv[0]);
1038
755
/* Cleanup things */
1040
757
avahi_s_service_browser_free(sb);
1042
if (mc.server != NULL)
1043
avahi_server_free(mc.server);
1045
if (mc.simple_poll != NULL)
1046
avahi_simple_poll_free(mc.simple_poll);
1050
if (gnutls_initalized){
1051
gnutls_certificate_free_credentials(mc.cred);
1052
gnutls_global_deinit ();
760
avahi_server_free(server);
763
avahi_simple_poll_free(simple_poll);