/mandos/trunk : revision 24.1.51

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to plugins.d/password-request.c

Committer: Björn Påhlsson
Date: 2008-08-15 20:17:32 UTC
mto: (24.1.154 mandos) (237.4.3 mandos-release)
mto: This revision was merged to the branch mainline in revision 77.
Revision ID: belorn@braxen-20080815201732-b7uux3yqs05b3fy9

Added configuration files support for mandos-client
Removed plus argument support for mandos-client

files added:
COPYING

initramfs-tools-hook

initramfs-tools-hook-conf

mandos-client.xml

mandos-clients.conf.xml

mandos-keygen

mandos.conf

mandos.conf.xml

mandos.xml

network-protocol.txt

plugins.d/password-prompt.xml

plugins.d/password-request.xml

files removed:
ca.pem

cert.pem

client-cert.pem

client-key.pem

crl.pem

key.pem

plugins.d/Makefile

files renamed:
mandos-clients.conf => clients.conf

server.py => mandos

plugbasedclient.c => mandos-client.c

plugins.d/passprompt.c => plugins.d/password-prompt.c

plugins.d/mandosclient.c => plugins.d/password-request.c

files modified:
Makefile

TODO

Show diffs side-by-side

added added

removed removed

plugins.d/password-request.c

/* $Id$ */

/* PLEASE NOTE *

* This file demonstrates how to use Avahi's core API, this is

* the embeddable mDNS stack for embedded applications.

/* -*- coding: utf-8 -*- */

* Mandos client - get and decrypt data from a Mandos server

* End user applications should *not* use this API and should use

* the D-Bus or C APIs, please see

* client-browse-services.c and glib-integration.c

* I repeat, you probably do *not* want to use this example.

* This program is partly derived from an example program for an Avahi

* service browser, downloaded from

* <http://avahi.org/browser/examples/core-browse-services.c>. This

* includes the following functions: "resolve_callback",

* "browse_callback", and parts of "main".

* Everything else is

* This program is free software: you can redistribute it and/or

* modify it under the terms of the GNU General Public License as

* published by the Free Software Foundation, either version 3 of the

* License, or (at your option) any later version.

* This program is distributed in the hope that it will be useful, but

* WITHOUT ANY WARRANTY; without even the implied warranty of

* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU

* General Public License for more details.

* You should have received a copy of the GNU General Public License

* along with this program. If not, see

* <http://www.gnu.org/licenses/>.

* Contact the authors at <mandos@fukt.bsnet.se>.

/***

This file is part of avahi.

avahi is free software; you can redistribute it and/or modify it

under the terms of the GNU Lesser General Public License as

published by the Free Software Foundation; either version 2.1 of the

License, or (at your option) any later version.

avahi is distributed in the hope that it will be useful, but WITHOUT

ANY WARRANTY; without even the implied warranty of MERCHANTABILITY

or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General

Public License for more details.

You should have received a copy of the GNU Lesser General Public

License along with avahi; if not, write to the Free Software

Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307

USA.

***/

/* Needed by GPGME, specifically gpgme_data_seek() */

#define _LARGEFILE_SOURCE

#define _FILE_OFFSET_BITS 64

#include <stdio.h>

#include <assert.h>

#include <stdlib.h>

#include <time.h>

#include <net/if.h> /* if_nametoindex */

#define _GNU_SOURCE /* TEMP_FAILURE_RETRY() */

#include <stdio.h> /* fprintf(), stderr, fwrite(), stdout,

ferror() */

#include <stdint.h> /* uint16_t, uint32_t */

#include <stddef.h> /* NULL, size_t, ssize_t */

#include <stdlib.h> /* free(), EXIT_SUCCESS, EXIT_FAILURE,

srand() */

#include <stdbool.h> /* bool, true */

#include <string.h> /* memset(), strcmp(), strlen(),

strerror(), memcpy(), strcpy() */

#include <sys/ioctl.h> /* ioctl */

#include <sys/types.h> /* socket(), inet_pton(), sockaddr,

sockaddr_in6, PF_INET6,

SOCK_STREAM, INET6_ADDRSTRLEN,

uid_t, gid_t */

#include <inttypes.h> /* PRIu16 */

#include <sys/socket.h> /* socket(), struct sockaddr_in6,

struct in6_addr, inet_pton(),

connect() */

#include <assert.h> /* assert() */

#include <errno.h> /* perror(), errno */

#include <time.h> /* time() */

#include <net/if.h> /* ioctl, ifreq, SIOCGIFFLAGS, IFF_UP,

SIOCSIFFLAGS, if_indextoname(),

if_nametoindex(), IF_NAMESIZE */

#include <unistd.h> /* close(), SEEK_SET, off_t, write(),

getuid(), getgid(), setuid(),

setgid() */

#include <netinet/in.h>

#include <arpa/inet.h> /* inet_pton(), htons */

#include <iso646.h> /* not, and */

#include <argp.h> /* struct argp_option, error_t, struct

argp_state, struct argp,

argp_parse(), ARGP_KEY_ARG,

ARGP_KEY_END, ARGP_ERR_UNKNOWN */

/* Avahi */

/* All Avahi types, constants and functions

Avahi*, avahi_*,

AVAHI_* */

#include <avahi-core/core.h>

#include <avahi-core/lookup.h>

#include <avahi-core/log.h>

#include <avahi-common/malloc.h>

#include <avahi-common/error.h>

//mandos client part

#include <sys/types.h> /* socket(), setsockopt(), inet_pton() */

#include <sys/socket.h> /* socket(), setsockopt(), struct sockaddr_in6, struct in6_addr, inet_pton() */

#include <gnutls/gnutls.h> /* ALL GNUTLS STUFF */

#include <gnutls/openpgp.h> /* gnutls with openpgp stuff */

#include <unistd.h> /* close() */

#include <netinet/in.h>

#include <stdbool.h> /* true */

#include <string.h> /* memset */

#include <arpa/inet.h> /* inet_pton() */

#include <iso646.h> /* not */

// gpgme

#include <errno.h> /* perror() */

#include <gpgme.h>

#ifndef CERT_ROOT

#define CERT_ROOT "/conf/conf.d/cryptkeyreq/"

#endif

#define CERTFILE CERT_ROOT "openpgp-client.txt"

#define KEYFILE CERT_ROOT "openpgp-client-key.txt"

/* GnuTLS */

#include <gnutls/gnutls.h> /* All GnuTLS types, constants and functions

gnutls_*

init_gnutls_session(),

GNUTLS_* */

#include <gnutls/openpgp.h> /* gnutls_certificate_set_openpgp_key_file(),

GNUTLS_OPENPGP_FMT_BASE64 */

/* GPGME */

#include <gpgme.h> /* All GPGME types, constants and functions

gpgme_*

GPGME_PROTOCOL_OpenPGP,

GPG_ERR_NO_* */

#define BUFFER_SIZE 256

#define DH_BITS 1024

bool debug = false;

100

static const char *keydir = "/conf/conf.d/mandos";

101

static const char mandos_protocol_version[] = "1";

102

const char *argp_program_version = "password-request 1.0";

103

const char *argp_program_bug_address = "<mandos@fukt.bsnet.se>";

104

105

/* Used for passing in values through the Avahi callback functions */

106

typedef struct {

gnutls_session_t session;

107

AvahiSimplePoll *simple_poll;

108

AvahiServer *server;

109

gnutls_certificate_credentials_t cred;

110

unsigned int dh_bits;

111

gnutls_dh_params_t dh_params;

} encrypted_session;

ssize_t gpg_packet_decrypt (char *packet, size_t packet_size, char **new_packet, char *homedir){

112

const char *priority;

113

} mandos_context;

114

115

116

* Make room in "buffer" for at least BUFFER_SIZE additional bytes.

117

* "buffer_capacity" is how much is currently allocated,

118

* "buffer_length" is how much is already used.

119

120

size_t adjustbuffer(char **buffer, size_t buffer_length,

121

size_t buffer_capacity){

122

if (buffer_length + BUFFER_SIZE > buffer_capacity){

123

*buffer = realloc(*buffer, buffer_capacity + BUFFER_SIZE);

124

if (buffer == NULL){

125

return 0;

126

}

127

buffer_capacity += BUFFER_SIZE;

128

}

129

return buffer_capacity;

130

}

131

132

133

* Decrypt OpenPGP data using keyrings in HOMEDIR.

134

* Returns -1 on error

135

136

static ssize_t pgp_packet_decrypt (const char *cryptotext,

137

size_t crypto_size,

138

char **plaintext,

139

const char *homedir){

140

gpgme_data_t dh_crypto, dh_plain;

141

gpgme_ctx_t ctx;

142

gpgme_error_t rc;

143

ssize_t ret;

size_t new_packet_capacity = 0;

size_t new_packet_length = 0;

144

size_t plaintext_capacity = 0;

145

ssize_t plaintext_length = 0;

146

gpgme_engine_info_t engine_info;

147

148

if (debug){

149

fprintf(stderr, "Trying to decrypt OpenPGP data\n");

150

}

151

152

/* Init GPGME */

153

gpgme_check_version(NULL);

gpgme_engine_check_version(GPGME_PROTOCOL_OpenPGP);

154

rc = gpgme_engine_check_version(GPGME_PROTOCOL_OpenPGP);

155

if (rc != GPG_ERR_NO_ERROR){

156

fprintf(stderr, "bad gpgme_engine_check_version: %s: %s\n",

157

gpgme_strsource(rc), gpgme_strerror(rc));

158

return -1;

159

}

160

/* Set GPGME home directory */

161

/* Set GPGME home directory for the OpenPGP engine only */

162

rc = gpgme_get_engine_info (&engine_info);

163

if (rc != GPG_ERR_NO_ERROR){

164

fprintf(stderr, "bad gpgme_get_engine_info: %s: %s\n",

108

174

engine_info = engine_info->next;

109

175

}

110

176

if(engine_info == NULL){

111

fprintf(stderr, "Could not set home dir to %s\n", homedir);

177

fprintf(stderr, "Could not set GPGME home dir to %s\n", homedir);

112

178

return -1;

113

179

}

114

180

115

/* Create new GPGME data buffer from packet buffer */

116

rc = gpgme_data_new_from_mem(&dh_crypto, packet, packet_size, 0);

181

/* Create new GPGME data buffer from memory cryptotext */

182

rc = gpgme_data_new_from_mem(&dh_crypto, cryptotext, crypto_size,

183

0);

117

184

if (rc != GPG_ERR_NO_ERROR){

118

185

fprintf(stderr, "bad gpgme_data_new_from_mem: %s: %s\n",

119

186

gpgme_strsource(rc), gpgme_strerror(rc));

125

192

if (rc != GPG_ERR_NO_ERROR){

126

193

fprintf(stderr, "bad gpgme_data_new: %s: %s\n",

127

194

gpgme_strsource(rc), gpgme_strerror(rc));

195

gpgme_data_release(dh_crypto);

128

196

return -1;

129

197

}

130

198

133

201

if (rc != GPG_ERR_NO_ERROR){

134

202

fprintf(stderr, "bad gpgme_new: %s: %s\n",

135

203

gpgme_strsource(rc), gpgme_strerror(rc));

136

return -1;

204

plaintext_length = -1;

205

goto decrypt_end;

137

206

}

138

207

139

/* Decrypt data from the FILE pointer to the plaintext data buffer */

208

/* Decrypt data from the cryptotext data buffer to the plaintext

209

data buffer */

140

210

rc = gpgme_op_decrypt(ctx, dh_crypto, dh_plain);

141

211

if (rc != GPG_ERR_NO_ERROR){

142

212

fprintf(stderr, "bad gpgme_op_decrypt: %s: %s\n",

143

213

gpgme_strsource(rc), gpgme_strerror(rc));

144

return -1;

145

}

146

147

/* gpgme_decrypt_result_t result; */

148

/* result = gpgme_op_decrypt_result(ctx); */

149

/* fprintf(stderr, "Unsupported algorithm: %s\n", result->unsupported_algorithm); */

150

/* fprintf(stderr, "Wrong key usage: %d\n", result->wrong_key_usage); */

151

/* if(result->file_name != NULL){ */

152

/* fprintf(stderr, "File name: %s\n", result->file_name); */

153

/* } */

154

/* gpgme_recipient_t recipient; */

155

/* recipient = result->recipients; */

156

/* if(recipient){ */

157

/* while(recipient != NULL){ */

158

/* fprintf(stderr, "Public key algorithm: %s\n", */

159

/* gpgme_pubkey_algo_name(recipient->pubkey_algo)); */

160

/* fprintf(stderr, "Key ID: %s\n", recipient->keyid); */

161

/* fprintf(stderr, "Secret key available: %s\n", */

162

/* recipient->status == GPG_ERR_NO_SECKEY ? "No" : "Yes"); */

163

/* recipient = recipient->next; */

164

/* } */

165

/* } */

166

167

/* Delete the GPGME FILE pointer cryptotext data buffer */

168

gpgme_data_release(dh_crypto);

214

plaintext_length = -1;

215

goto decrypt_end;

216

}

217

218

if(debug){

219

fprintf(stderr, "Decryption of OpenPGP data succeeded\n");

220

}

221

222

if (debug){

223

gpgme_decrypt_result_t result;

224

result = gpgme_op_decrypt_result(ctx);

225

if (result == NULL){

226

fprintf(stderr, "gpgme_op_decrypt_result failed\n");

227

} else {

228

fprintf(stderr, "Unsupported algorithm: %s\n",

229

result->unsupported_algorithm);

230

fprintf(stderr, "Wrong key usage: %u\n",

231

result->wrong_key_usage);

232

if(result->file_name != NULL){

233

fprintf(stderr, "File name: %s\n", result->file_name);

234

}

235

gpgme_recipient_t recipient;

236

recipient = result->recipients;

237

if(recipient){

238

while(recipient != NULL){

239

fprintf(stderr, "Public key algorithm: %s\n",

240

gpgme_pubkey_algo_name(recipient->pubkey_algo));

241

fprintf(stderr, "Key ID: %s\n", recipient->keyid);

242

fprintf(stderr, "Secret key available: %s\n",

243

recipient->status == GPG_ERR_NO_SECKEY

244

? "No" : "Yes");

245

recipient = recipient->next;

246

}

247

}

248

}

249

}

169

250

170

251

/* Seek back to the beginning of the GPGME plaintext data buffer */

171

gpgme_data_seek(dh_plain, 0, SEEK_SET);

172

173

*new_packet = 0;

252

if (gpgme_data_seek(dh_plain, (off_t) 0, SEEK_SET) == -1){

253

perror("pgpme_data_seek");

254

plaintext_length = -1;

255

goto decrypt_end;

256

}

257

258

*plaintext = NULL;

174

259

while(true){

175

if (new_packet_length + BUFFER_SIZE > new_packet_capacity){

176

*new_packet = realloc(*new_packet, new_packet_capacity + BUFFER_SIZE);

177

if (*new_packet == NULL){

178

perror("realloc");

179

return -1;

180

}

181

new_packet_capacity += BUFFER_SIZE;

260

plaintext_capacity = adjustbuffer(plaintext,

261

(size_t)plaintext_length,

262

plaintext_capacity);

263

if (plaintext_capacity == 0){

264

perror("adjustbuffer");

265

plaintext_length = -1;

266

goto decrypt_end;

182

267

}

183

268

184

ret = gpgme_data_read(dh_plain, *new_packet + new_packet_length, BUFFER_SIZE);

269

ret = gpgme_data_read(dh_plain, *plaintext + plaintext_length,

270

BUFFER_SIZE);

185

271

/* Print the data, if any */

186

272

if (ret == 0){

187

/* If password is empty, then a incorrect error will be printed */

273

/* EOF */

188

274

break;

189

275

}

190

276

if(ret < 0){

191

277

perror("gpgme_data_read");

192

return -1;

278

plaintext_length = -1;

279

goto decrypt_end;

193

280

}

194

new_packet_length += ret;

281

plaintext_length += ret;

195

282

}

196

283

197

/* Delete the GPGME plaintext data buffer */

284

if(debug){

285

fprintf(stderr, "Decrypted password is: ");

286

for(ssize_t i = 0; i < plaintext_length; i++){

287

fprintf(stderr, "%02hhX ", (*plaintext)[i]);

288

}

289

fprintf(stderr, "\n");

290

}

291

292

decrypt_end:

293

294

/* Delete the GPGME cryptotext data buffer */

295

gpgme_data_release(dh_crypto);

296

297

/* Delete the GPGME plaintext data buffer */

198

298

gpgme_data_release(dh_plain);

199

return new_packet_length;

299

return plaintext_length;

200

300

}

201

301

202

302

static const char * safer_gnutls_strerror (int value) {

206

306

return ret;

207

307

}

208

308

209

void debuggnutls(int level, const char* string){

210

fprintf(stderr, "%s", string);

309

/* GnuTLS log function callback */

310

static void debuggnutls(__attribute__((unused)) int level,

311

const char* string){

312

fprintf(stderr, "GnuTLS: %s", string);

211

313

}

212

314

213

int initgnutls(encrypted_session *es){

214

const char *err;

315

static int init_gnutls_global(mandos_context *mc,

316

const char *pubkeyfile,

317

const char *seckeyfile){

215

318

int ret;

216

319

217

if ((ret = gnutls_global_init ())

218

!= GNUTLS_E_SUCCESS) {

219

fprintf (stderr, "global_init: %s\n", safer_gnutls_strerror(ret));

220

return -1;

221

}

222

223

/* Uncomment to enable full debuggin on the gnutls library */

224

/* gnutls_global_set_log_level(11); */

225

/* gnutls_global_set_log_function(debuggnutls); */

226

227

228

/* openpgp credentials */

229

if ((ret = gnutls_certificate_allocate_credentials (&es->cred))

230

!= GNUTLS_E_SUCCESS) {

231

fprintf (stderr, "memory error: %s\n", safer_gnutls_strerror(ret));

232

return -1;

233

}

234

320

if(debug){

321

fprintf(stderr, "Initializing GnuTLS\n");

322

}

323

324

ret = gnutls_global_init();

325

if (ret != GNUTLS_E_SUCCESS) {

326

fprintf (stderr, "GnuTLS global_init: %s\n",

327

safer_gnutls_strerror(ret));

328

return -1;

329

}

330

331

if (debug){

332

/* "Use a log level over 10 to enable all debugging options."

333

* - GnuTLS manual

334

335

gnutls_global_set_log_level(11);

336

gnutls_global_set_log_function(debuggnutls);

337

}

338

339

/* OpenPGP credentials */

340

gnutls_certificate_allocate_credentials(&mc->cred);

341

if (ret != GNUTLS_E_SUCCESS){

342

fprintf (stderr, "GnuTLS memory error: %s\n",

343

safer_gnutls_strerror(ret));

344

gnutls_global_deinit ();

345

return -1;

346

}

347

348

if(debug){

349

fprintf(stderr, "Attempting to use OpenPGP certificate %s"

350

" and keyfile %s as GnuTLS credentials\n", pubkeyfile,

351

seckeyfile);

352

}

353

235

354

ret = gnutls_certificate_set_openpgp_key_file

236

(es->cred, CERTFILE, KEYFILE, GNUTLS_OPENPGP_FMT_BASE64);

237

if (ret != GNUTLS_E_SUCCESS) {

238

fprintf

239

(stderr, "Error[%d] while reading the OpenPGP key pair ('%s', '%s')\n",

240

ret, CERTFILE, KEYFILE);

241

fprintf(stdout, "The Error is: %s\n",

242

safer_gnutls_strerror(ret));

243

return -1;

244

}

245

246

//Gnutls server initialization

247

if ((ret = gnutls_dh_params_init (&es->dh_params))

248

!= GNUTLS_E_SUCCESS) {

249

fprintf (stderr, "Error in dh parameter initialization: %s\n",

250

safer_gnutls_strerror(ret));

251

return -1;

252

}

253

254

if ((ret = gnutls_dh_params_generate2 (es->dh_params, DH_BITS))

255

!= GNUTLS_E_SUCCESS) {

256

fprintf (stderr, "Error in prime generation: %s\n",

257

safer_gnutls_strerror(ret));

258

return -1;

259

}

260

261

gnutls_certificate_set_dh_params (es->cred, es->dh_params);

262

263

// Gnutls session creation

264

if ((ret = gnutls_init (&es->session, GNUTLS_SERVER))

265

!= GNUTLS_E_SUCCESS){

266

fprintf(stderr, "Error in gnutls session initialization: %s\n",

267

safer_gnutls_strerror(ret));

268

}

269

270

if ((ret = gnutls_priority_set_direct (es->session, "NORMAL", &err))

271

!= GNUTLS_E_SUCCESS) {

272

fprintf(stderr, "Syntax error at: %s\n", err);

273

fprintf(stderr, "Gnutls error: %s\n",

274

safer_gnutls_strerror(ret));

275

return -1;

276

}

277

278

if ((ret = gnutls_credentials_set

279

(es->session, GNUTLS_CRD_CERTIFICATE, es->cred))

280

!= GNUTLS_E_SUCCESS) {

281

fprintf(stderr, "Error setting a credentials set: %s\n",

282

safer_gnutls_strerror(ret));

283

return -1;

284

}

285

355

(mc->cred, pubkeyfile, seckeyfile, GNUTLS_OPENPGP_FMT_BASE64);

356

if (ret != GNUTLS_E_SUCCESS) {

357

fprintf(stderr,

358

"Error[%d] while reading the OpenPGP key pair ('%s',"

359

" '%s')\n", ret, pubkeyfile, seckeyfile);

360

fprintf(stdout, "The GnuTLS error is: %s\n",

361

safer_gnutls_strerror(ret));

362

goto globalfail;

363

}

364

365

/* GnuTLS server initialization */

366

ret = gnutls_dh_params_init(&mc->dh_params);

367

if (ret != GNUTLS_E_SUCCESS) {

368

fprintf (stderr, "Error in GnuTLS DH parameter initialization:"

369

" %s\n", safer_gnutls_strerror(ret));

370

goto globalfail;

371

}

372

ret = gnutls_dh_params_generate2(mc->dh_params, mc->dh_bits);

373

if (ret != GNUTLS_E_SUCCESS) {

374

fprintf (stderr, "Error in GnuTLS prime generation: %s\n",

375

safer_gnutls_strerror(ret));

376

goto globalfail;

377

}

378

379

gnutls_certificate_set_dh_params(mc->cred, mc->dh_params);

380

381

return 0;

382

383

globalfail:

384

385

gnutls_certificate_free_credentials(mc->cred);

386

gnutls_global_deinit();

387

return -1;

388

389

}

390

391

static int init_gnutls_session(mandos_context *mc,

392

gnutls_session_t *session){

393

int ret;

394

/* GnuTLS session creation */

395

ret = gnutls_init(session, GNUTLS_SERVER);

396

if (ret != GNUTLS_E_SUCCESS){

397

fprintf(stderr, "Error in GnuTLS session initialization: %s\n",

398

safer_gnutls_strerror(ret));

399

}

400

401

{

402

const char *err;

403

ret = gnutls_priority_set_direct(*session, mc->priority, &err);

404

if (ret != GNUTLS_E_SUCCESS) {

405

fprintf(stderr, "Syntax error at: %s\n", err);

406

fprintf(stderr, "GnuTLS error: %s\n",

407

safer_gnutls_strerror(ret));

408

gnutls_deinit (*session);

409

return -1;

410

}

411

}

412

413

ret = gnutls_credentials_set(*session, GNUTLS_CRD_CERTIFICATE,

414

mc->cred);

415

if (ret != GNUTLS_E_SUCCESS) {

416

fprintf(stderr, "Error setting GnuTLS credentials: %s\n",

417

safer_gnutls_strerror(ret));

418

gnutls_deinit (*session);

419

return -1;

420

}

421

286

422

/* ignore client certificate if any. */

287

gnutls_certificate_server_set_request (es->session, GNUTLS_CERT_IGNORE);

423

gnutls_certificate_server_set_request (*session,

424

GNUTLS_CERT_IGNORE);

288

425

289

gnutls_dh_set_prime_bits (es->session, DH_BITS);

426

gnutls_dh_set_prime_bits (*session, mc->dh_bits);

290

427

291

428

return 0;

292

429

}

293

430

294

void empty_log(AvahiLogLevel level, const char *txt){}

431

/* Avahi log function callback */

432

static void empty_log(__attribute__((unused)) AvahiLogLevel level,

433

__attribute__((unused)) const char *txt){}

295

434

296

int start_mandos_communcation(char *ip, uint16_t port){

435

/* Called when a Mandos server is found */

436

static int start_mandos_communication(const char *ip, uint16_t port,

437

AvahiIfIndex if_index,

438

mandos_context *mc){

297

439

int ret, tcp_sd;

298

struct sockaddr_in6 to;

299

struct in6_addr ip_addr;

300

encrypted_session es;

440

union { struct sockaddr in; struct sockaddr_in6 in6; } to;

301

441

char *buffer = NULL;

302

442

char *decrypted_buffer;

303

443

size_t buffer_length = 0;

304

444

size_t buffer_capacity = 0;

305

445

ssize_t decrypted_buffer_size;

446

size_t written;

306

447

int retval = 0;

307

448

char interface[IF_NAMESIZE];

449

gnutls_session_t session;

450

451

ret = init_gnutls_session (mc, &session);

452

if (ret != 0){

453

return -1;

454

}

455

456

if(debug){

457

fprintf(stderr, "Setting up a tcp connection to %s, port %" PRIu16

458

"\n", ip, port);

459

}

308

460

309

461

tcp_sd = socket(PF_INET6, SOCK_STREAM, 0);

310

462

if(tcp_sd < 0) {

311

463

perror("socket");

312

464

return -1;

313

465

}

314

315

ret = setsockopt(tcp_sd, SOL_SOCKET, SO_BINDTODEVICE, "eth0", 5);

316

if(tcp_sd < 0) {

317

perror("setsockopt bindtodevice");

318

return -1;

466

467

if(debug){

468

if(if_indextoname((unsigned int)if_index, interface) == NULL){

469

perror("if_indextoname");

470

return -1;

471

}

472

fprintf(stderr, "Binding to interface %s\n", interface);

319

473

}

320

474

321

memset(&to,0,sizeof(to));

322

to.sin6_family = AF_INET6;

323

ret = inet_pton(AF_INET6, ip, &ip_addr);

475

memset(&to,0,sizeof(to)); /* Spurious warning */

476

to.in6.sin6_family = AF_INET6;

477

/* It would be nice to have a way to detect if we were passed an

478

IPv4 address here. Now we assume an IPv6 address. */

479

ret = inet_pton(AF_INET6, ip, &to.in6.sin6_addr);

324

480

if (ret < 0 ){

325

481

perror("inet_pton");

326

482

return -1;

327

}

483

}

328

484

if(ret == 0){

329

485

fprintf(stderr, "Bad address: %s\n", ip);

330

486

return -1;

331

487

}

332

to.sin6_port = htons(port);

333

to.sin6_scope_id = if_nametoindex("eth0");

334

335

ret = connect(tcp_sd, (struct sockaddr *) &to, sizeof(to));

488

to.in6.sin6_port = htons(port); /* Spurious warning */

489

490

to.in6.sin6_scope_id = (uint32_t)if_index;

491

492

if(debug){

493

fprintf(stderr, "Connection to: %s, port %" PRIu16 "\n", ip,

494

port);

495

char addrstr[INET6_ADDRSTRLEN] = "";

496

if(inet_ntop(to.in6.sin6_family, &(to.in6.sin6_addr), addrstr,

497

sizeof(addrstr)) == NULL){

498

perror("inet_ntop");

499

} else {

500

if(strcmp(addrstr, ip) != 0){

501

fprintf(stderr, "Canonical address form: %s\n", addrstr);

502

}

503

}

504

}

505

506

ret = connect(tcp_sd, &to.in, sizeof(to));

336

507

if (ret < 0){

337

508

perror("connect");

338

509

return -1;

339

510

}

340

341

ret = initgnutls (&es);

342

if (ret != 0){

343

retval = -1;

344

return -1;

345

}

346

347

348

gnutls_transport_set_ptr (es.session, (gnutls_transport_ptr_t) tcp_sd);

349

350

ret = gnutls_handshake (es.session);

511

512

const char *out = mandos_protocol_version;

513

written = 0;

514

while (true){

515

size_t out_size = strlen(out);

516

ret = TEMP_FAILURE_RETRY(write(tcp_sd, out + written,

517

out_size - written));

518

if (ret == -1){

519

perror("write");

520

retval = -1;

521

goto mandos_end;

522

}

523

written += (size_t)ret;

524

if(written < out_size){

525

continue;

526

} else {

527

if (out == mandos_protocol_version){

528

written = 0;

529

out = "\r\n";

530

} else {

531

break;

532

}

533

}

534

}

535

536

if(debug){

537

fprintf(stderr, "Establishing TLS session with %s\n", ip);

538

}

539

540

gnutls_transport_set_ptr (session, (gnutls_transport_ptr_t) tcp_sd);

541

542

do{

543

ret = gnutls_handshake (session);

544

} while(ret == GNUTLS_E_AGAIN or ret == GNUTLS_E_INTERRUPTED);

351

545

352

546

if (ret != GNUTLS_E_SUCCESS){

353

fprintf(stderr, "\n*** Handshake failed ***\n");

354

gnutls_perror (ret);

547

if(debug){

548

fprintf(stderr, "*** GnuTLS Handshake failed ***\n");

549

gnutls_perror (ret);

550

}

355

551

retval = -1;

356

goto exit;

552

goto mandos_end;

553

}

554

555

/* Read OpenPGP packet that contains the wanted password */

556

557

if(debug){

558

fprintf(stderr, "Retrieving pgp encrypted password from %s\n",

559

ip);

357

560

}

358

561

359

//retrive password

360

562

while(true){

361

if (buffer_length + BUFFER_SIZE > buffer_capacity){

362

buffer = realloc(buffer, buffer_capacity + BUFFER_SIZE);

363

if (buffer == NULL){

364

perror("realloc");

365

goto exit;

366

}

367

buffer_capacity += BUFFER_SIZE;

563

buffer_capacity = adjustbuffer(&buffer, buffer_length,

564

buffer_capacity);

565

if (buffer_capacity == 0){

566

perror("adjustbuffer");

567

retval = -1;

568

goto mandos_end;

368

569

}

369

570

370

ret = gnutls_record_recv

371

(es.session, buffer+buffer_length, BUFFER_SIZE);

571

ret = gnutls_record_recv(session, buffer+buffer_length,

572

BUFFER_SIZE);

372

573

if (ret == 0){

373

574

break;

374

575

}

378

579

case GNUTLS_E_AGAIN:

379

580

break;

380

581

case GNUTLS_E_REHANDSHAKE:

381

ret = gnutls_handshake (es.session);

582

do{

583

ret = gnutls_handshake (session);

584

} while(ret == GNUTLS_E_AGAIN or ret == GNUTLS_E_INTERRUPTED);

382

585

if (ret < 0){

383

fprintf(stderr, "\n*** Handshake failed ***\n");

586

fprintf(stderr, "*** GnuTLS Re-handshake failed ***\n");

384

587

gnutls_perror (ret);

385

588

retval = -1;

386

goto exit;

589

goto mandos_end;

387

590

}

388

591

break;

389

592

default:

390

fprintf(stderr, "Unknown error while reading data from encrypted session with mandos server\n");

593

fprintf(stderr, "Unknown error while reading data from"

594

" encrypted session with Mandos server\n");

391

595

retval = -1;

392

gnutls_bye (es.session, GNUTLS_SHUT_RDWR);

393

goto exit;

596

gnutls_bye (session, GNUTLS_SHUT_RDWR);

597

goto mandos_end;

394

598

}

395

599

} else {

396

buffer_length += ret;

600

buffer_length += (size_t) ret;

397

601

}

398

602

}

399

603

604

if(debug){

605

fprintf(stderr, "Closing TLS session\n");

606

}

607

608

gnutls_bye (session, GNUTLS_SHUT_RDWR);

609

400

610

if (buffer_length > 0){

401

if ((decrypted_buffer_size = gpg_packet_decrypt(buffer, buffer_length, &decrypted_buffer, CERT_ROOT)) == 0){

402

retval = -1;

403

} else {

404

fwrite (decrypted_buffer, 1, decrypted_buffer_size, stdout);

611

decrypted_buffer_size = pgp_packet_decrypt(buffer,

612

buffer_length,

613

&decrypted_buffer,

614

keydir);

615

if (decrypted_buffer_size >= 0){

616

written = 0;

617

while(written < (size_t) decrypted_buffer_size){

618

ret = (int)fwrite (decrypted_buffer + written, 1,

619

(size_t)decrypted_buffer_size - written,

620

stdout);

621

if(ret == 0 and ferror(stdout)){

622

if(debug){

623

fprintf(stderr, "Error writing encrypted data: %s\n",

624

strerror(errno));

625

}

626

retval = -1;

627

break;

628

}

629

written += (size_t)ret;

630

}

405

631

free(decrypted_buffer);

632

} else {

633

retval = -1;

406

634

}

407

635

}

408

636

637

/* Shutdown procedure */

638

639

mandos_end:

409

640

free(buffer);

410

411

//shutdown procedure

412

gnutls_bye (es.session, GNUTLS_SHUT_RDWR);

413

exit:

414

641

close(tcp_sd);

415

gnutls_deinit (es.session);

416

gnutls_certificate_free_credentials (es.cred);

417

gnutls_global_deinit ();

642

gnutls_deinit (session);

418

643

return retval;

419

644

}

420

645

421

static AvahiSimplePoll *simple_poll = NULL;

422

static AvahiServer *server = NULL;

423

424

static void resolve_callback(

425

AvahiSServiceResolver *r,

426

AVAHI_GCC_UNUSED AvahiIfIndex interface,

427

AVAHI_GCC_UNUSED AvahiProtocol protocol,

428

AvahiResolverEvent event,

429

const char *name,

430

const char *type,

431

const char *domain,

432

const char *host_name,

433

const AvahiAddress *address,

434

uint16_t port,

435

AvahiStringList *txt,

436

AvahiLookupResultFlags flags,

437

AVAHI_GCC_UNUSED void* userdata) {

438

439

assert(r);

440

441

/* Called whenever a service has been resolved successfully or timed out */

442

443

switch (event) {

444

case AVAHI_RESOLVER_FAILURE:

445

fprintf(stderr, "(Resolver) Failed to resolve service '%s' of type '%s' in domain '%s': %s\n", name, type, domain, avahi_strerror(avahi_server_errno(server)));

446

break;

447

448

case AVAHI_RESOLVER_FOUND: {

449

char ip[AVAHI_ADDRESS_STR_MAX];

450

avahi_address_snprint(ip, sizeof(ip), address);

451

int ret = start_mandos_communcation(ip, port);

452

if (ret == 0){

453

exit(EXIT_SUCCESS);

454

} else {

455

exit(EXIT_FAILURE);

456

}

457

}

458

}

459

avahi_s_service_resolver_free(r);

460

}

461

462

static void browse_callback(

463

AvahiSServiceBrowser *b,

464

AvahiIfIndex interface,

465

AvahiProtocol protocol,

466

AvahiBrowserEvent event,

467

const char *name,

468

const char *type,

469

const char *domain,

470

AVAHI_GCC_UNUSED AvahiLookupResultFlags flags,

471

void* userdata) {

472

473

AvahiServer *s = userdata;

474

assert(b);

475

476

/* Called whenever a new services becomes available on the LAN or is removed from the LAN */

477

478

switch (event) {

479

480

case AVAHI_BROWSER_FAILURE:

481

482

fprintf(stderr, "(Browser) %s\n", avahi_strerror(avahi_server_errno(server)));

483

avahi_simple_poll_quit(simple_poll);

484

return;

485

486

case AVAHI_BROWSER_NEW:

487

/* We ignore the returned resolver object. In the callback

488

function we free it. If the server is terminated before

489

the callback function is called the server will free

490

the resolver for us. */

491

492

if (!(avahi_s_service_resolver_new(s, interface, protocol, name, type, domain, AVAHI_PROTO_INET6, 0, resolve_callback, s)))

493

fprintf(stderr, "Failed to resolve service '%s': %s\n", name, avahi_strerror(avahi_server_errno(s)));

494

495

break;

496

497

case AVAHI_BROWSER_REMOVE:

498

break;

499

500

case AVAHI_BROWSER_ALL_FOR_NOW:

501

case AVAHI_BROWSER_CACHE_EXHAUSTED:

502

break;

503

}

504

}

505

506

int main(AVAHI_GCC_UNUSED int argc, AVAHI_GCC_UNUSED char*argv[]) {

507

AvahiServerConfig config;

646

static void resolve_callback(AvahiSServiceResolver *r,

647

AvahiIfIndex interface,

648

AVAHI_GCC_UNUSED AvahiProtocol protocol,

649

AvahiResolverEvent event,

650

const char *name,

651

const char *type,

652

const char *domain,

653

const char *host_name,

654

const AvahiAddress *address,

655

uint16_t port,

656

AVAHI_GCC_UNUSED AvahiStringList *txt,

657

AVAHI_GCC_UNUSED AvahiLookupResultFlags

658

flags,

659

void* userdata) {

660

mandos_context *mc = userdata;

661

assert(r); /* Spurious warning */

662

663

/* Called whenever a service has been resolved successfully or

664

timed out */

665

666

switch (event) {

667

default:

668

case AVAHI_RESOLVER_FAILURE:

669

fprintf(stderr, "(Avahi Resolver) Failed to resolve service '%s'"

670

" of type '%s' in domain '%s': %s\n", name, type, domain,

671

avahi_strerror(avahi_server_errno(mc->server)));

672

break;

673

674

case AVAHI_RESOLVER_FOUND:

675

{

676

char ip[AVAHI_ADDRESS_STR_MAX];

677

avahi_address_snprint(ip, sizeof(ip), address);

678

if(debug){

679

fprintf(stderr, "Mandos server \"%s\" found on %s (%s, %"

680

PRIu16 ") on port %d\n", name, host_name, ip,

681

interface, port);

682

}

683

int ret = start_mandos_communication(ip, port, interface, mc);

684

if (ret == 0){

685

avahi_simple_poll_quit(mc->simple_poll);

686

}

687

}

688

}

689

avahi_s_service_resolver_free(r);

690

}

691

692

static void browse_callback( AvahiSServiceBrowser *b,

693

AvahiIfIndex interface,

694

AvahiProtocol protocol,

695

AvahiBrowserEvent event,

696

const char *name,

697

const char *type,

698

const char *domain,

699

AVAHI_GCC_UNUSED AvahiLookupResultFlags

700

flags,

701

void* userdata) {

702

mandos_context *mc = userdata;

703

assert(b); /* Spurious warning */

704

705

/* Called whenever a new services becomes available on the LAN or

706

is removed from the LAN */

707

708

switch (event) {

709

default:

710

case AVAHI_BROWSER_FAILURE:

711

712

fprintf(stderr, "(Avahi browser) %s\n",

713

avahi_strerror(avahi_server_errno(mc->server)));

714

avahi_simple_poll_quit(mc->simple_poll);

715

return;

716

717

case AVAHI_BROWSER_NEW:

718

/* We ignore the returned Avahi resolver object. In the callback

719

function we free it. If the Avahi server is terminated before

720

the callback function is called the Avahi server will free the

721

resolver for us. */

722

723

if (!(avahi_s_service_resolver_new(mc->server, interface,

724

protocol, name, type, domain,

725

AVAHI_PROTO_INET6, 0,

726

resolve_callback, mc)))

727

fprintf(stderr, "Avahi: Failed to resolve service '%s': %s\n",

728

name, avahi_strerror(avahi_server_errno(mc->server)));

729

break;

730

731

case AVAHI_BROWSER_REMOVE:

732

break;

733

734

case AVAHI_BROWSER_ALL_FOR_NOW:

735

case AVAHI_BROWSER_CACHE_EXHAUSTED:

736

if(debug){

737

fprintf(stderr, "No Mandos server found, still searching...\n");

738

}

739

break;

740

}

741

}

742

743

/* Combines file name and path and returns the malloced new

744

string. some sane checks could/should be added */

745

static const char *combinepath(const char *first, const char *second){

746

size_t f_len = strlen(first);

747

size_t s_len = strlen(second);

748

char *tmp = malloc(f_len + s_len + 2);

749

if (tmp == NULL){

750

return NULL;

751

}

752

if(f_len > 0){

753

memcpy(tmp, first, f_len); /* Spurious warning */

754

}

755

tmp[f_len] = '/';

756

if(s_len > 0){

757

memcpy(tmp + f_len + 1, second, s_len); /* Spurious warning */

758

}

759

tmp[f_len + 1 + s_len] = '\0';

760

return tmp;

761

}

762

763

764

int main(int argc, char *argv[]){

508

765

AvahiSServiceBrowser *sb = NULL;

509

766

int error;

510

int ret = 1;

511

512

avahi_set_log_function(empty_log);

513

514

/* Initialize the psuedo-RNG */

515

srand(time(NULL));

516

517

/* Allocate main loop object */

518

if (!(simple_poll = avahi_simple_poll_new())) {

519

fprintf(stderr, "Failed to create simple poll object.\n");

520

goto fail;

521

}

522

523

/* Do not publish any local records */

524

avahi_server_config_init(&config);

525

config.publish_hinfo = 0;

526

config.publish_addresses = 0;

527

config.publish_workstation = 0;

528

config.publish_domain = 0;

529

530

/* /\* Set a unicast DNS server for wide area DNS-SD *\/ */

531

/* avahi_address_parse("193.11.177.11", AVAHI_PROTO_UNSPEC, &config.wide_area_servers[0]); */

532

/* config.n_wide_area_servers = 1; */

533

/* config.enable_wide_area = 1; */

534

535

/* Allocate a new server */

536

server = avahi_server_new(avahi_simple_poll_get(simple_poll), &config, NULL, NULL, &error);

537

538

/* Free the configuration data */

539

avahi_server_config_free(&config);

540

541

/* Check wether creating the server object succeeded */

542

if (!server) {

543

fprintf(stderr, "Failed to create server: %s\n", avahi_strerror(error));

544

goto fail;

545

}

546

547

/* Create the service browser */

548

if (!(sb = avahi_s_service_browser_new(server, if_nametoindex("eth0"), AVAHI_PROTO_INET6, "_mandos._tcp", NULL, 0, browse_callback, server))) {

549

fprintf(stderr, "Failed to create service browser: %s\n", avahi_strerror(avahi_server_errno(server)));

550

goto fail;

767

int ret;

768

int exitcode = EXIT_SUCCESS;

769

const char *interface = "eth0";

770

struct ifreq network;

771

int sd;

772

uid_t uid;

773

gid_t gid;

774

char *connect_to = NULL;

775

AvahiIfIndex if_index = AVAHI_IF_UNSPEC;

776

const char *pubkeyfile = "pubkey.txt";

777

const char *seckeyfile = "seckey.txt";

778

mandos_context mc = { .simple_poll = NULL, .server = NULL,

779

.dh_bits = 1024, .priority = "SECURE256"};

780

bool gnutls_initalized = false;

781

782

{

783

struct argp_option options[] = {

784

{ .name = "debug", .key = 128,

785

.doc = "Debug mode", .group = 3 },

786

{ .name = "connect", .key = 'c',

787

.arg = "IP",

788

.doc = "Connect directly to a sepcified mandos server",

789

.group = 1 },

790

{ .name = "interface", .key = 'i',

791

.arg = "INTERFACE",

792

.doc = "Interface that Avahi will conntect through",

793

.group = 1 },

794

{ .name = "keydir", .key = 'd',

795

.arg = "KEYDIR",

796

.doc = "Directory where the openpgp keyring is",

797

.group = 1 },

798

{ .name = "seckey", .key = 's',

799

.arg = "SECKEY",

800

.doc = "Secret openpgp key for gnutls authentication",

801

.group = 1 },

802

{ .name = "pubkey", .key = 'p',

803

.arg = "PUBKEY",

804

.doc = "Public openpgp key for gnutls authentication",

805

.group = 2 },

806

{ .name = "dh-bits", .key = 129,

807

.arg = "BITS",

808

.doc = "dh-bits to use in gnutls communication",

809

.group = 2 },

810

{ .name = "priority", .key = 130,

811

.arg = "PRIORITY",

812

.doc = "GNUTLS priority", .group = 1 },

813

{ .name = NULL }

814

};

815

816

817

error_t parse_opt (int key, char *arg,

818

struct argp_state *state) {

819

/* Get the INPUT argument from `argp_parse', which we know is

820

a pointer to our plugin list pointer. */

821

switch (key) {

822

case 128:

823

debug = true;

824

break;

825

case 'c':

826

connect_to = arg;

827

break;

828

case 'i':

829

interface = arg;

830

break;

831

case 'd':

832

keydir = arg;

833

break;

834

case 's':

835

seckeyfile = arg;

836

break;

837

case 'p':

838

pubkeyfile = arg;

839

break;

840

case 129:

841

errno = 0;

842

mc.dh_bits = (unsigned int) strtol(arg, NULL, 10);

843

if (errno){

844

perror("strtol");

845

exit(EXIT_FAILURE);

846

}

847

break;

848

case 130:

849

mc.priority = arg;

850

break;

851

case ARGP_KEY_ARG:

852

argp_usage (state);

853

case ARGP_KEY_END:

854

break;

855

default:

856

return ARGP_ERR_UNKNOWN;

857

}

858

return 0;

859

}

860

861

struct argp argp = { .options = options, .parser = parse_opt,

862

.args_doc = "",

863

.doc = "Mandos client -- Get and decrypt"

864

" passwords from mandos server" };

865

ret = argp_parse (&argp, argc, argv, 0, 0, NULL);

866

if (ret == ARGP_ERR_UNKNOWN){

867

fprintf(stderr, "Unknown error while parsing arguments\n");

868

exitcode = EXIT_FAILURE;

869

goto end;

870

}

871

}

872

873

pubkeyfile = combinepath(keydir, pubkeyfile);

874

if (pubkeyfile == NULL){

875

perror("combinepath");

876

exitcode = EXIT_FAILURE;

877

goto end;

878

}

879

880

seckeyfile = combinepath(keydir, seckeyfile);

881

if (seckeyfile == NULL){

882

perror("combinepath");

883

exitcode = EXIT_FAILURE;

884

goto end;

885

}

886

887

ret = init_gnutls_global(&mc, pubkeyfile, seckeyfile);

888

if (ret == -1){

889

fprintf(stderr, "init_gnutls_global failed\n");

890

exitcode = EXIT_FAILURE;

891

goto end;

892

} else {

893

gnutls_initalized = true;

894

}

895

896

/* If the interface is down, bring it up */

897

{

898

sd = socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP);

899

if(sd < 0) {

900

perror("socket");

901

exitcode = EXIT_FAILURE;

902

goto end;

903

}

904

strcpy(network.ifr_name, interface); /* Spurious warning */

905

ret = ioctl(sd, SIOCGIFFLAGS, &network);

906

if(ret == -1){

907

perror("ioctl SIOCGIFFLAGS");

908

exitcode = EXIT_FAILURE;

909

goto end;

910

}

911

if((network.ifr_flags & IFF_UP) == 0){

912

network.ifr_flags |= IFF_UP;

913

ret = ioctl(sd, SIOCSIFFLAGS, &network);

914

if(ret == -1){

915

perror("ioctl SIOCSIFFLAGS");

916

exitcode = EXIT_FAILURE;

917

goto end;

918

}

919

}

920

close(sd);

921

}

922

923

uid = getuid();

924

gid = getgid();

925

926

ret = setuid(uid);

927

if (ret == -1){

928

perror("setuid");

929

}

930

931

setgid(gid);

932

if (ret == -1){

933

perror("setgid");

934

}

935

936

if_index = (AvahiIfIndex) if_nametoindex(interface);

937

if(if_index == 0){

938

fprintf(stderr, "No such interface: \"%s\"\n", interface);

939

exit(EXIT_FAILURE);

940

}

941

942

if(connect_to != NULL){

943

/* Connect directly, do not use Zeroconf */

944

/* (Mainly meant for debugging) */

945

char *address = strrchr(connect_to, ':');

946

if(address == NULL){

947

fprintf(stderr, "No colon in address\n");

948

exitcode = EXIT_FAILURE;

949

goto end;

950

}

951

errno = 0;

952

uint16_t port = (uint16_t) strtol(address+1, NULL, 10);

953

if(errno){

954

perror("Bad port number");

955

exitcode = EXIT_FAILURE;

956

goto end;

957

}

958

*address = '\0';

959

address = connect_to;

960

ret = start_mandos_communication(address, port, if_index, &mc);

961

if(ret < 0){

962

exitcode = EXIT_FAILURE;

963

} else {

964

exitcode = EXIT_SUCCESS;

965

}

966

goto end;

967

}

968

969

if (not debug){

970

avahi_set_log_function(empty_log);

971

}

972

973

/* Initialize the pseudo-RNG for Avahi */

974

srand((unsigned int) time(NULL));

975

976

/* Allocate main Avahi loop object */

977

mc.simple_poll = avahi_simple_poll_new();

978

if (mc.simple_poll == NULL) {

979

fprintf(stderr, "Avahi: Failed to create simple poll"

980

" object.\n");

981

exitcode = EXIT_FAILURE;

982

goto end;

983

}

984

985

{

986

AvahiServerConfig config;

987

/* Do not publish any local Zeroconf records */

988

avahi_server_config_init(&config);

989

config.publish_hinfo = 0;

990

config.publish_addresses = 0;

991

config.publish_workstation = 0;

992

config.publish_domain = 0;

993

994

/* Allocate a new server */

995

mc.server = avahi_server_new(avahi_simple_poll_get

996

(mc.simple_poll), &config, NULL,

997

NULL, &error);

998

999

/* Free the Avahi configuration data */

1000

avahi_server_config_free(&config);

1001

}

1002

1003

/* Check if creating the Avahi server object succeeded */

1004

if (mc.server == NULL) {

1005

fprintf(stderr, "Failed to create Avahi server: %s\n",

1006

avahi_strerror(error));

1007

exitcode = EXIT_FAILURE;

1008

goto end;

1009

}

1010

1011

/* Create the Avahi service browser */

1012

sb = avahi_s_service_browser_new(mc.server, if_index,

1013

AVAHI_PROTO_INET6,

1014

"_mandos._tcp", NULL, 0,

1015

browse_callback, &mc);

1016

if (sb == NULL) {

1017

fprintf(stderr, "Failed to create service browser: %s\n",

1018

avahi_strerror(avahi_server_errno(mc.server)));

1019

exitcode = EXIT_FAILURE;

1020

goto end;

551

1021

}

552

1022

553

1023

/* Run the main loop */

554

avahi_simple_poll_loop(simple_poll);

555

556

ret = 0;

557

558

fail:

1024

1025

if (debug){

1026

fprintf(stderr, "Starting Avahi loop search\n");

1027

}

1028

1029

avahi_simple_poll_loop(mc.simple_poll);

1030

1031

end:

1032

1033

if (debug){

1034

fprintf(stderr, "%s exiting\n", argv[0]);

1035

}

559

1036

560

1037

/* Cleanup things */

561

if (sb)

1038

if (sb != NULL)

562

1039

avahi_s_service_browser_free(sb);

563

1040

564

if (server)

565

avahi_server_free(server);

566

567

if (simple_poll)

568

avahi_simple_poll_free(simple_poll);

569

570

return ret;

1041

if (mc.server != NULL)

1042

avahi_server_free(mc.server);

1043

1044

if (mc.simple_poll != NULL)

1045

avahi_simple_poll_free(mc.simple_poll);

1046

free(pubkeyfile);

1047

free(seckeyfile);

1048

1049

if (gnutls_initalized){

1050

gnutls_certificate_free_credentials(mc.cred);

1051

gnutls_global_deinit ();

1052

}

1053

1054

return exitcode;

571

1055

}

Older »