To get this branch, use:
bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk
« back to all changes in this revision
Viewing changes to plugins.d/mandosclient.c
- browse files at revision 24.1.9
- compare with another revision
- download diff
- download tarball
- view history from revision 24.1.9
- Committer: Björn Påhlsson
- Date: 2008-08-02 21:06:29 UTC
- mto: (24.1.154 mandos) (237.4.3 mandos-release)
- mto: This revision was merged to the branch mainline in revision 38.
- Revision ID: belorn@braxen-20080802210629-p9jc5515yufcg4ge
not working midwork...
- files added:
- ca.pem
- files removed:
- .bzrignore
- debian
- files renamed:
- plugin-runner.c => plugbasedclient.c
- plugins.d/mandos-client.c => plugins.d/mandosclient.c
- plugins.d/password-prompt.c => plugins.d/passprompt.c
- mandos.conf => server.conf
- mandos => server.py
- files modified:
- Makefile
added
removed
plugins.d/mandosclient.c
32
32
#define _LARGEFILE_SOURCE
33
33
#define _FILE_OFFSET_BITS 64
34
34
35
#define _GNU_SOURCE /* TEMP_FAILURE_RETRY(), asprintf() */
36
37
#include <stdio.h> /* fprintf(), stderr, fwrite(),
38
stdout, ferror() */
39
#include <stdint.h> /* uint16_t, uint32_t */
40
#include <stddef.h> /* NULL, size_t, ssize_t */
41
#include <stdlib.h> /* free(), EXIT_SUCCESS, EXIT_FAILURE,
42
srand() */
43
#include <stdbool.h> /* bool, true */
44
#include <string.h> /* memset(), strcmp(), strlen(),
45
strerror(), asprintf(), strcpy() */
46
#include <sys/ioctl.h> /* ioctl */
47
#include <sys/types.h> /* socket(), inet_pton(), sockaddr,
48
sockaddr_in6, PF_INET6,
49
SOCK_STREAM, INET6_ADDRSTRLEN,
50
uid_t, gid_t, open(), opendir(), DIR */
51
#include <sys/stat.h> /* open() */
52
#include <sys/socket.h> /* socket(), struct sockaddr_in6,
53
struct in6_addr, inet_pton(),
54
connect() */
55
#include <fcntl.h> /* open() */
56
#include <dirent.h> /* opendir(), struct dirent, readdir() */
57
#include <inttypes.h> /* PRIu16 */
58
#include <assert.h> /* assert() */
59
#include <errno.h> /* perror(), errno */
60
#include <time.h> /* time() */
61
#include <net/if.h> /* ioctl, ifreq, SIOCGIFFLAGS, IFF_UP,
62
SIOCSIFFLAGS, if_indextoname(),
63
if_nametoindex(), IF_NAMESIZE */
64
#include <netinet/in.h>
65
#include <unistd.h> /* close(), SEEK_SET, off_t, write(),
66
getuid(), getgid(), setuid(),
67
setgid() */
68
#include <arpa/inet.h> /* inet_pton(), htons */
69
#include <iso646.h> /* not, and */
70
#include <argp.h> /* struct argp_option, error_t, struct
71
argp_state, struct argp,
72
argp_parse(), ARGP_KEY_ARG,
73
ARGP_KEY_END, ARGP_ERR_UNKNOWN */
74
75
/* Avahi */
76
/* All Avahi types, constants and functions
77
Avahi*, avahi_*,
78
AVAHI_* */
35
#include <stdio.h>
36
#include <assert.h>
37
#include <stdlib.h>
38
#include <time.h>
39
#include <net/if.h> /* if_nametoindex */
40
#include <sys/ioctl.h> // ioctl, ifreq, SIOCGIFFLAGS, IFF_UP, SIOCSIFFLAGS
41
#include <net/if.h> // ioctl, ifreq, SIOCGIFFLAGS, IFF_UP, SIOCSIFFLAGS
42
79
43
#include <avahi-core/core.h>
80
44
#include <avahi-core/lookup.h>
81
45
#include <avahi-core/log.h>
83
47
#include <avahi-common/malloc.h>
84
48
#include <avahi-common/error.h>
85
49
86
/* GnuTLS */
87
#include <gnutls/gnutls.h> /* All GnuTLS types, constants and
88
functions:
89
gnutls_*
90
init_gnutls_session(),
91
GNUTLS_* */
92
#include <gnutls/openpgp.h> /* gnutls_certificate_set_openpgp_key_file(),
93
GNUTLS_OPENPGP_FMT_BASE64 */
94
95
/* GPGME */
96
#include <gpgme.h> /* All GPGME types, constants and
97
functions:
98
gpgme_*
99
GPGME_PROTOCOL_OpenPGP,
100
GPG_ERR_NO_* */
50
//mandos client part
51
#include <sys/types.h> /* socket(), inet_pton() */
52
#include <sys/socket.h> /* socket(), struct sockaddr_in6,
53
struct in6_addr, inet_pton() */
54
#include <gnutls/gnutls.h> /* All GnuTLS stuff */
55
#include <gnutls/openpgp.h> /* GnuTLS with openpgp stuff */
56
57
#include <unistd.h> /* close() */
58
#include <netinet/in.h>
59
#include <stdbool.h> /* true */
60
#include <string.h> /* memset */
61
#include <arpa/inet.h> /* inet_pton() */
62
#include <iso646.h> /* not */
63
64
// gpgme
65
#include <errno.h> /* perror() */
66
#include <gpgme.h>
67
68
// getopt long
69
#include <getopt.h>
101
70
102
71
#define BUFFER_SIZE 256
103
104
/*
105
#define PATHDIR "/conf/conf.d/mandos"
106
*/
107
108
#define PATHDIR "/conf/conf.d/mandos"
109
#define SECKEY "seckey.txt"
110
#define PUBKEY "pubkey.txt"
72
#define DH_BITS 1024
73
74
static const char *certdir = "/conf/conf.d/mandos";
75
static const char *certfile = "openpgp-client.txt";
76
static const char *certkey = "openpgp-client-key.txt";
111
77
112
78
bool debug = false;
113
static const char mandos_protocol_version[] = "1";
114
const char *argp_program_version = "mandos-client 1.0";
115
const char *argp_program_bug_address = "<mandos@fukt.bsnet.se>";
116
79
117
/* Used for passing in values through the Avahi callback functions */
118
80
typedef struct {
119
81
AvahiSimplePoll *simple_poll;
120
82
AvahiServer *server;
121
83
gnutls_certificate_credentials_t cred;
122
84
unsigned int dh_bits;
123
gnutls_dh_params_t dh_params;
124
85
const char *priority;
86
} mandos_context;
87
88
static ssize_t pgp_packet_decrypt (char *packet, size_t packet_size,
89
char **new_packet,
90
const char *homedir){
91
gpgme_data_t dh_crypto, dh_plain;
125
92
gpgme_ctx_t ctx;
126
} mandos_context;
127
128
/*
129
* Make room in "buffer" for at least BUFFER_SIZE additional bytes.
130
* "buffer_capacity" is how much is currently allocated,
131
* "buffer_length" is how much is already used.
132
*/
133
size_t adjustbuffer(char **buffer, size_t buffer_length,
134
size_t buffer_capacity){
135
if (buffer_length + BUFFER_SIZE > buffer_capacity){
136
*buffer = realloc(*buffer, buffer_capacity + BUFFER_SIZE);
137
if (buffer == NULL){
138
return 0;
139
}
140
buffer_capacity += BUFFER_SIZE;
141
}
142
return buffer_capacity;
143
}
144
145
/*
146
* Initialize GPGME.
147
*/
148
static bool init_gpgme(mandos_context *mc, const char *seckey,
149
const char *pubkey, const char *tempdir){
150
int ret;
151
93
gpgme_error_t rc;
94
ssize_t ret;
95
ssize_t new_packet_capacity = 0;
96
ssize_t new_packet_length = 0;
152
97
gpgme_engine_info_t engine_info;
153
154
155
/*
156
* Helper function to insert pub and seckey to the enigne keyring.
157
*/
158
bool import_key(const char *filename){
159
int fd;
160
gpgme_data_t pgp_data;
161
162
fd = TEMP_FAILURE_RETRY(open(filename, O_RDONLY));
163
if(fd == -1){
164
perror("open");
165
return false;
166
}
167
168
rc = gpgme_data_new_from_fd(&pgp_data, fd);
169
if (rc != GPG_ERR_NO_ERROR){
170
fprintf(stderr, "bad gpgme_data_new_from_fd: %s: %s\n",
171
gpgme_strsource(rc), gpgme_strerror(rc));
172
return false;
173
}
174
175
rc = gpgme_op_import(mc->ctx, pgp_data);
176
if (rc != GPG_ERR_NO_ERROR){
177
fprintf(stderr, "bad gpgme_op_import: %s: %s\n",
178
gpgme_strsource(rc), gpgme_strerror(rc));
179
return false;
180
}
181
182
ret = TEMP_FAILURE_RETRY(close(fd));
183
if(ret == -1){
184
perror("close");
185
}
186
gpgme_data_release(pgp_data);
187
return true;
188
}
189
98
190
99
if (debug){
191
fprintf(stderr, "Initialize gpgme\n");
100
fprintf(stderr, "Trying to decrypt OpenPGP packet\n");
192
101
}
193
102
194
103
/* Init GPGME */
197
106
if (rc != GPG_ERR_NO_ERROR){
198
107
fprintf(stderr, "bad gpgme_engine_check_version: %s: %s\n",
199
108
gpgme_strsource(rc), gpgme_strerror(rc));
200
return false;
109
return -1;
201
110
}
202
111
203
/* Set GPGME home directory for the OpenPGP engine only */
112
/* Set GPGME home directory */
204
113
rc = gpgme_get_engine_info (&engine_info);
205
114
if (rc != GPG_ERR_NO_ERROR){
206
115
fprintf(stderr, "bad gpgme_get_engine_info: %s: %s\n",
207
116
gpgme_strsource(rc), gpgme_strerror(rc));
208
return false;
117
return -1;
209
118
}
210
119
while(engine_info != NULL){
211
120
if(engine_info->protocol == GPGME_PROTOCOL_OpenPGP){
212
121
gpgme_set_engine_info(GPGME_PROTOCOL_OpenPGP,
213
engine_info->file_name, tempdir);
122
engine_info->file_name, homedir);
214
123
break;
215
124
}
216
125
engine_info = engine_info->next;
217
126
}
218
127
if(engine_info == NULL){
219
fprintf(stderr, "Could not set GPGME home dir to %s\n", tempdir);
220
return false;
221
}
222
223
/* Create new GPGME "context" */
224
rc = gpgme_new(&(mc->ctx));
225
if (rc != GPG_ERR_NO_ERROR){
226
fprintf(stderr, "bad gpgme_new: %s: %s\n",
227
gpgme_strsource(rc), gpgme_strerror(rc));
228
return false;
229
}
230
231
if (not import_key(pubkey) or not import_key(seckey)){
232
return false;
233
}
234
235
return true;
236
}
237
238
/*
239
* Decrypt OpenPGP data.
240
* Returns -1 on error
241
*/
242
static ssize_t pgp_packet_decrypt (const mandos_context *mc,
243
const char *cryptotext,
244
size_t crypto_size,
245
char **plaintext){
246
gpgme_data_t dh_crypto, dh_plain;
247
gpgme_error_t rc;
248
ssize_t ret;
249
size_t plaintext_capacity = 0;
250
ssize_t plaintext_length = 0;
251
252
if (debug){
253
fprintf(stderr, "Trying to decrypt OpenPGP data\n");
254
}
255
256
/* Create new GPGME data buffer from memory cryptotext */
257
rc = gpgme_data_new_from_mem(&dh_crypto, cryptotext, crypto_size,
258
0);
128
fprintf(stderr, "Could not set home dir to %s\n", homedir);
129
return -1;
130
}
131
132
/* Create new GPGME data buffer from packet buffer */
133
rc = gpgme_data_new_from_mem(&dh_crypto, packet, packet_size, 0);
259
134
if (rc != GPG_ERR_NO_ERROR){
260
135
fprintf(stderr, "bad gpgme_data_new_from_mem: %s: %s\n",
261
136
gpgme_strsource(rc), gpgme_strerror(rc));
267
142
if (rc != GPG_ERR_NO_ERROR){
268
143
fprintf(stderr, "bad gpgme_data_new: %s: %s\n",
269
144
gpgme_strsource(rc), gpgme_strerror(rc));
270
gpgme_data_release(dh_crypto);
271
return -1;
272
}
273
274
/* Decrypt data from the cryptotext data buffer to the plaintext
275
data buffer */
276
rc = gpgme_op_decrypt(mc->ctx, dh_crypto, dh_plain);
145
return -1;
146
}
147
148
/* Create new GPGME "context" */
149
rc = gpgme_new(&ctx);
150
if (rc != GPG_ERR_NO_ERROR){
151
fprintf(stderr, "bad gpgme_new: %s: %s\n",
152
gpgme_strsource(rc), gpgme_strerror(rc));
153
return -1;
154
}
155
156
/* Decrypt data from the FILE pointer to the plaintext data
157
buffer */
158
rc = gpgme_op_decrypt(ctx, dh_crypto, dh_plain);
277
159
if (rc != GPG_ERR_NO_ERROR){
278
160
fprintf(stderr, "bad gpgme_op_decrypt: %s: %s\n",
279
161
gpgme_strsource(rc), gpgme_strerror(rc));
280
plaintext_length = -1;
281
if (debug){
282
gpgme_decrypt_result_t result;
283
result = gpgme_op_decrypt_result(mc->ctx);
284
if (result == NULL){
285
fprintf(stderr, "gpgme_op_decrypt_result failed\n");
286
} else {
287
fprintf(stderr, "Unsupported algorithm: %s\n",
288
result->unsupported_algorithm);
289
fprintf(stderr, "Wrong key usage: %u\n",
290
result->wrong_key_usage);
291
if(result->file_name != NULL){
292
fprintf(stderr, "File name: %s\n", result->file_name);
293
}
294
gpgme_recipient_t recipient;
295
recipient = result->recipients;
296
if(recipient){
297
while(recipient != NULL){
298
fprintf(stderr, "Public key algorithm: %s\n",
299
gpgme_pubkey_algo_name(recipient->pubkey_algo));
300
fprintf(stderr, "Key ID: %s\n", recipient->keyid);
301
fprintf(stderr, "Secret key available: %s\n",
302
recipient->status == GPG_ERR_NO_SECKEY
303
? "No" : "Yes");
304
recipient = recipient->next;
305
}
162
return -1;
163
}
164
165
if(debug){
166
fprintf(stderr, "Decryption of OpenPGP packet succeeded\n");
167
}
168
169
if (debug){
170
gpgme_decrypt_result_t result;
171
result = gpgme_op_decrypt_result(ctx);
172
if (result == NULL){
173
fprintf(stderr, "gpgme_op_decrypt_result failed\n");
174
} else {
175
fprintf(stderr, "Unsupported algorithm: %s\n",
176
result->unsupported_algorithm);
177
fprintf(stderr, "Wrong key usage: %d\n",
178
result->wrong_key_usage);
179
if(result->file_name != NULL){
180
fprintf(stderr, "File name: %s\n", result->file_name);
181
}
182
gpgme_recipient_t recipient;
183
recipient = result->recipients;
184
if(recipient){
185
while(recipient != NULL){
186
fprintf(stderr, "Public key algorithm: %s\n",
187
gpgme_pubkey_algo_name(recipient->pubkey_algo));
188
fprintf(stderr, "Key ID: %s\n", recipient->keyid);
189
fprintf(stderr, "Secret key available: %s\n",
190
recipient->status == GPG_ERR_NO_SECKEY
191
? "No" : "Yes");
192
recipient = recipient->next;
306
193
}
307
194
}
308
195
}
309
goto decrypt_end;
310
196
}
311
197
312
if(debug){
313
fprintf(stderr, "Decryption of OpenPGP data succeeded\n");
314
}
198
/* Delete the GPGME FILE pointer cryptotext data buffer */
199
gpgme_data_release(dh_crypto);
315
200
316
201
/* Seek back to the beginning of the GPGME plaintext data buffer */
317
202
if (gpgme_data_seek(dh_plain, (off_t) 0, SEEK_SET) == -1){
318
perror("gpgme_data_seek");
319
plaintext_length = -1;
320
goto decrypt_end;
203
perror("pgpme_data_seek");
321
204
}
322
205
323
*plaintext = NULL;
206
*new_packet = 0;
324
207
while(true){
325
plaintext_capacity = adjustbuffer(plaintext,
326
(size_t)plaintext_length,
327
plaintext_capacity);
328
if (plaintext_capacity == 0){
329
perror("adjustbuffer");
330
plaintext_length = -1;
331
goto decrypt_end;
208
if (new_packet_length + BUFFER_SIZE > new_packet_capacity){
209
*new_packet = realloc(*new_packet,
210
(unsigned int)new_packet_capacity
211
+ BUFFER_SIZE);
212
if (*new_packet == NULL){
213
perror("realloc");
214
return -1;
215
}
216
new_packet_capacity += BUFFER_SIZE;
332
217
}
333
218
334
ret = gpgme_data_read(dh_plain, *plaintext + plaintext_length,
219
ret = gpgme_data_read(dh_plain, *new_packet + new_packet_length,
335
220
BUFFER_SIZE);
336
221
/* Print the data, if any */
337
222
if (ret == 0){
338
/* EOF */
339
223
break;
340
224
}
341
225
if(ret < 0){
342
226
perror("gpgme_data_read");
343
plaintext_length = -1;
344
goto decrypt_end;
345
}
346
plaintext_length += ret;
347
}
348
349
if(debug){
350
fprintf(stderr, "Decrypted password is: ");
351
for(ssize_t i = 0; i < plaintext_length; i++){
352
fprintf(stderr, "%02hhX ", (*plaintext)[i]);
353
}
354
fprintf(stderr, "\n");
355
}
356
357
decrypt_end:
358
359
/* Delete the GPGME cryptotext data buffer */
360
gpgme_data_release(dh_crypto);
227
return -1;
228
}
229
new_packet_length += ret;
230
}
231
232
/* FIXME: check characters before printing to screen so to not print
233
terminal control characters */
234
/* if(debug){ */
235
/* fprintf(stderr, "decrypted password is: "); */
236
/* fwrite(*new_packet, 1, new_packet_length, stderr); */
237
/* fprintf(stderr, "\n"); */
238
/* } */
361
239
362
240
/* Delete the GPGME plaintext data buffer */
363
241
gpgme_data_release(dh_plain);
364
return plaintext_length;
242
return new_packet_length;
365
243
}
366
244
367
245
static const char * safer_gnutls_strerror (int value) {
368
const char *ret = gnutls_strerror (value); /* Spurious warning */
246
const char *ret = gnutls_strerror (value);
369
247
if (ret == NULL)
370
248
ret = "(unknown)";
371
249
return ret;
372
250
}
373
251
374
/* GnuTLS log function callback */
375
252
static void debuggnutls(__attribute__((unused)) int level,
376
253
const char* string){
377
fprintf(stderr, "GnuTLS: %s", string);
254
fprintf(stderr, "%s", string);
378
255
}
379
256
380
static int init_gnutls_global(mandos_context *mc,
381
const char *pubkeyfilename,
382
const char *seckeyfilename){
257
static int initgnutls(mandos_context *mc){
258
const char *err;
383
259
int ret;
384
260
385
261
if(debug){
386
262
fprintf(stderr, "Initializing GnuTLS\n");
387
263
}
388
389
ret = gnutls_global_init();
390
if (ret != GNUTLS_E_SUCCESS) {
391
fprintf (stderr, "GnuTLS global_init: %s\n",
392
safer_gnutls_strerror(ret));
264
265
if ((ret = gnutls_global_init ())
266
!= GNUTLS_E_SUCCESS) {
267
fprintf (stderr, "global_init: %s\n", safer_gnutls_strerror(ret));
393
268
return -1;
394
269
}
395
270
396
271
if (debug){
397
/* "Use a log level over 10 to enable all debugging options."
398
* - GnuTLS manual
399
*/
400
272
gnutls_global_set_log_level(11);
401
273
gnutls_global_set_log_function(debuggnutls);
402
274
}
403
275
404
/* OpenPGP credentials */
405
gnutls_certificate_allocate_credentials(&mc->cred);
406
if (ret != GNUTLS_E_SUCCESS){
407
fprintf (stderr, "GnuTLS memory error: %s\n", /* Spurious
408
warning */
276
/* openpgp credentials */
277
if ((ret = gnutls_certificate_allocate_credentials (&es->cred))
278
!= GNUTLS_E_SUCCESS) {
279
fprintf (stderr, "memory error: %s\n",
409
280
safer_gnutls_strerror(ret));
410
gnutls_global_deinit ();
411
281
return -1;
412
282
}
413
283
414
284
if(debug){
415
fprintf(stderr, "Attempting to use OpenPGP public key %s and"
416
" secret key %s as GnuTLS credentials\n", pubkeyfilename,
417
seckeyfilename);
285
fprintf(stderr, "Attempting to use OpenPGP certificate %s"
286
" and keyfile %s as GnuTLS credentials\n", certfile,
287
certkey);
418
288
}
419
289
420
290
ret = gnutls_certificate_set_openpgp_key_file
421
(mc->cred, pubkeyfilename, seckeyfilename,
422
GNUTLS_OPENPGP_FMT_BASE64);
291
(es->cred, certfile, certkey, GNUTLS_OPENPGP_FMT_BASE64);
423
292
if (ret != GNUTLS_E_SUCCESS) {
424
fprintf(stderr,
425
"Error[%d] while reading the OpenPGP key pair ('%s',"
426
" '%s')\n", ret, pubkeyfilename, seckeyfilename);
427
fprintf(stderr, "The GnuTLS error is: %s\n",
293
fprintf
294
(stderr, "Error[%d] while reading the OpenPGP key pair ('%s',"
295
" '%s')\n",
296
ret, certfile, certkey);
297
fprintf(stdout, "The Error is: %s\n",
428
298
safer_gnutls_strerror(ret));
429
goto globalfail;
430
}
431
432
/* GnuTLS server initialization */
433
ret = gnutls_dh_params_init(&mc->dh_params);
434
if (ret != GNUTLS_E_SUCCESS) {
435
fprintf (stderr, "Error in GnuTLS DH parameter initialization:"
436
" %s\n", safer_gnutls_strerror(ret));
437
goto globalfail;
438
}
439
ret = gnutls_dh_params_generate2(mc->dh_params, mc->dh_bits);
440
if (ret != GNUTLS_E_SUCCESS) {
441
fprintf (stderr, "Error in GnuTLS prime generation: %s\n",
442
safer_gnutls_strerror(ret));
443
goto globalfail;
444
}
445
446
gnutls_certificate_set_dh_params(mc->cred, mc->dh_params);
447
448
return 0;
449
450
globalfail:
451
452
gnutls_certificate_free_credentials(mc->cred);
453
gnutls_global_deinit();
454
gnutls_dh_params_deinit(mc->dh_params);
455
return -1;
456
}
457
458
static int init_gnutls_session(mandos_context *mc,
459
gnutls_session_t *session){
460
int ret;
461
/* GnuTLS session creation */
462
ret = gnutls_init(session, GNUTLS_SERVER);
463
if (ret != GNUTLS_E_SUCCESS){
299
return -1;
300
}
301
302
//GnuTLS server initialization
303
if ((ret = gnutls_dh_params_init (&es->dh_params))
304
!= GNUTLS_E_SUCCESS) {
305
fprintf (stderr, "Error in dh parameter initialization: %s\n",
306
safer_gnutls_strerror(ret));
307
return -1;
308
}
309
310
if ((ret = gnutls_dh_params_generate2 (es->dh_params, DH_BITS))
311
!= GNUTLS_E_SUCCESS) {
312
fprintf (stderr, "Error in prime generation: %s\n",
313
safer_gnutls_strerror(ret));
314
return -1;
315
}
316
317
gnutls_certificate_set_dh_params (es->cred, es->dh_params);
318
319
// GnuTLS session creation
320
if ((ret = gnutls_init (&es->session, GNUTLS_SERVER))
321
!= GNUTLS_E_SUCCESS){
464
322
fprintf(stderr, "Error in GnuTLS session initialization: %s\n",
465
323
safer_gnutls_strerror(ret));
466
324
}
467
325
468
{
469
const char *err;
470
ret = gnutls_priority_set_direct(*session, mc->priority, &err);
471
if (ret != GNUTLS_E_SUCCESS) {
472
fprintf(stderr, "Syntax error at: %s\n", err);
473
fprintf(stderr, "GnuTLS error: %s\n",
474
safer_gnutls_strerror(ret));
475
gnutls_deinit (*session);
476
return -1;
477
}
326
if ((ret = gnutls_priority_set_direct (es->session, mc->priority, &err))
327
!= GNUTLS_E_SUCCESS) {
328
fprintf(stderr, "Syntax error at: %s\n", err);
329
fprintf(stderr, "GnuTLS error: %s\n",
330
safer_gnutls_strerror(ret));
331
return -1;
478
332
}
479
333
480
ret = gnutls_credentials_set(*session, GNUTLS_CRD_CERTIFICATE,
481
mc->cred);
482
if (ret != GNUTLS_E_SUCCESS) {
483
fprintf(stderr, "Error setting GnuTLS credentials: %s\n",
334
if ((ret = gnutls_credentials_set
335
(es->session, GNUTLS_CRD_CERTIFICATE, es->cred))
336
!= GNUTLS_E_SUCCESS) {
337
fprintf(stderr, "Error setting a credentials set: %s\n",
484
338
safer_gnutls_strerror(ret));
485
gnutls_deinit (*session);
486
339
return -1;
487
340
}
488
341
489
342
/* ignore client certificate if any. */
490
gnutls_certificate_server_set_request (*session,
343
gnutls_certificate_server_set_request (es->session,
491
344
GNUTLS_CERT_IGNORE);
492
345
493
gnutls_dh_set_prime_bits (*session, mc->dh_bits);
346
gnutls_dh_set_prime_bits (es->session, DH_BITS);
494
347
495
348
return 0;
496
349
}
497
350
498
/* Avahi log function callback */
499
351
static void empty_log(__attribute__((unused)) AvahiLogLevel level,
500
352
__attribute__((unused)) const char *txt){}
501
353
502
/* Called when a Mandos server is found */
503
354
static int start_mandos_communication(const char *ip, uint16_t port,
504
355
AvahiIfIndex if_index,
505
356
mandos_context *mc){
506
357
int ret, tcp_sd;
507
union { struct sockaddr in; struct sockaddr_in6 in6; } to;
358
struct sockaddr_in6 to;
359
encrypted_session es;
508
360
char *buffer = NULL;
509
361
char *decrypted_buffer;
510
362
size_t buffer_length = 0;
511
363
size_t buffer_capacity = 0;
512
364
ssize_t decrypted_buffer_size;
513
size_t written;
365
size_t written = 0;
514
366
int retval = 0;
515
367
char interface[IF_NAMESIZE];
516
gnutls_session_t session;
517
518
ret = init_gnutls_session (mc, &session);
519
if (ret != 0){
520
return -1;
521
}
522
368
523
369
if(debug){
524
fprintf(stderr, "Setting up a tcp connection to %s, port %" PRIu16
525
"\n", ip, port);
370
fprintf(stderr, "Setting up a tcp connection to %s, port %d\n",
371
ip, port);
526
372
}
527
373
528
374
tcp_sd = socket(PF_INET6, SOCK_STREAM, 0);
530
376
perror("socket");
531
377
return -1;
532
378
}
533
379
534
380
if(debug){
535
381
if(if_indextoname((unsigned int)if_index, interface) == NULL){
536
perror("if_indextoname");
382
if(debug){
383
perror("if_indextoname");
384
}
537
385
return -1;
538
386
}
387
539
388
fprintf(stderr, "Binding to interface %s\n", interface);
540
389
}
541
390
542
memset(&to, 0, sizeof(to));
543
to.in6.sin6_family = AF_INET6;
544
/* It would be nice to have a way to detect if we were passed an
545
IPv4 address here. Now we assume an IPv6 address. */
546
ret = inet_pton(AF_INET6, ip, &to.in6.sin6_addr);
391
memset(&to,0,sizeof(to)); /* Spurious warning */
392
to.sin6_family = AF_INET6;
393
ret = inet_pton(AF_INET6, ip, &to.sin6_addr);
547
394
if (ret < 0 ){
548
395
perror("inet_pton");
549
396
return -1;
550
}
397
}
551
398
if(ret == 0){
552
399
fprintf(stderr, "Bad address: %s\n", ip);
553
400
return -1;
554
401
}
555
to.in6.sin6_port = htons(port); /* Spurious warning */
402
to.sin6_port = htons(port); /* Spurious warning */
556
403
557
to.in6.sin6_scope_id = (uint32_t)if_index;
404
to.sin6_scope_id = (uint32_t)if_index;
558
405
559
406
if(debug){
560
fprintf(stderr, "Connection to: %s, port %" PRIu16 "\n", ip,
561
port);
562
char addrstr[INET6_ADDRSTRLEN] = "";
563
if(inet_ntop(to.in6.sin6_family, &(to.in6.sin6_addr), addrstr,
564
sizeof(addrstr)) == NULL){
565
perror("inet_ntop");
566
} else {
567
if(strcmp(addrstr, ip) != 0){
568
fprintf(stderr, "Canonical address form: %s\n", addrstr);
569
}
570
}
407
fprintf(stderr, "Connection to: %s, port %d\n", ip, port);
408
/* char addrstr[INET6_ADDRSTRLEN]; */
409
/* if(inet_ntop(to.sin6_family, &(to.sin6_addr), addrstr, */
410
/* sizeof(addrstr)) == NULL){ */
411
/* perror("inet_ntop"); */
412
/* } else { */
413
/* fprintf(stderr, "Really connecting to: %s, port %d\n", */
414
/* addrstr, ntohs(to.sin6_port)); */
415
/* } */
571
416
}
572
417
573
ret = connect(tcp_sd, &to.in, sizeof(to));
418
ret = connect(tcp_sd, (struct sockaddr *) &to, sizeof(to));
574
419
if (ret < 0){
575
420
perror("connect");
576
421
return -1;
577
422
}
578
423
579
const char *out = mandos_protocol_version;
580
written = 0;
581
while (true){
582
size_t out_size = strlen(out);
583
ret = TEMP_FAILURE_RETRY(write(tcp_sd, out + written,
584
out_size - written));
585
if (ret == -1){
586
perror("write");
587
retval = -1;
588
goto mandos_end;
589
}
590
written += (size_t)ret;
591
if(written < out_size){
592
continue;
593
} else {
594
if (out == mandos_protocol_version){
595
written = 0;
596
out = "\r\n";
597
} else {
598
break;
599
}
600
}
424
ret = initgnutls (&es);
425
if (ret != 0){
426
retval = -1;
427
return -1;
601
428
}
602
429
430
gnutls_transport_set_ptr (es.session,
431
(gnutls_transport_ptr_t) tcp_sd);
432
603
433
if(debug){
604
434
fprintf(stderr, "Establishing TLS session with %s\n", ip);
605
435
}
606
436
607
gnutls_transport_set_ptr (session, (gnutls_transport_ptr_t) tcp_sd);
608
609
do{
610
ret = gnutls_handshake (session);
611
} while(ret == GNUTLS_E_AGAIN or ret == GNUTLS_E_INTERRUPTED);
437
ret = gnutls_handshake (es.session);
612
438
613
439
if (ret != GNUTLS_E_SUCCESS){
614
440
if(debug){
615
fprintf(stderr, "*** GnuTLS Handshake failed ***\n");
441
fprintf(stderr, "\n*** Handshake failed ***\n");
616
442
gnutls_perror (ret);
617
443
}
618
444
retval = -1;
619
goto mandos_end;
445
goto exit;
620
446
}
621
447
622
/* Read OpenPGP packet that contains the wanted password */
448
//Retrieve OpenPGP packet that contains the wanted password
623
449
624
450
if(debug){
625
451
fprintf(stderr, "Retrieving pgp encrypted password from %s\n",
626
452
ip);
627
453
}
628
454
629
455
while(true){
630
buffer_capacity = adjustbuffer(&buffer, buffer_length,
631
buffer_capacity);
632
if (buffer_capacity == 0){
633
perror("adjustbuffer");
634
retval = -1;
635
goto mandos_end;
456
if (buffer_length + BUFFER_SIZE > buffer_capacity){
457
buffer = realloc(buffer, buffer_capacity + BUFFER_SIZE);
458
if (buffer == NULL){
459
perror("realloc");
460
goto exit;
461
}
462
buffer_capacity += BUFFER_SIZE;
636
463
}
637
464
638
ret = gnutls_record_recv(session, buffer+buffer_length,
639
BUFFER_SIZE);
465
ret = gnutls_record_recv
466
(es.session, buffer+buffer_length, BUFFER_SIZE);
640
467
if (ret == 0){
641
468
break;
642
469
}
646
473
case GNUTLS_E_AGAIN:
647
474
break;
648
475
case GNUTLS_E_REHANDSHAKE:
649
do{
650
ret = gnutls_handshake (session);
651
} while(ret == GNUTLS_E_AGAIN or ret == GNUTLS_E_INTERRUPTED);
476
ret = gnutls_handshake (es.session);
652
477
if (ret < 0){
653
fprintf(stderr, "*** GnuTLS Re-handshake failed ***\n");
478
fprintf(stderr, "\n*** Handshake failed ***\n");
654
479
gnutls_perror (ret);
655
480
retval = -1;
656
goto mandos_end;
481
goto exit;
657
482
}
658
483
break;
659
484
default:
660
485
fprintf(stderr, "Unknown error while reading data from"
661
" encrypted session with Mandos server\n");
486
" encrypted session with mandos server\n");
662
487
retval = -1;
663
gnutls_bye (session, GNUTLS_SHUT_RDWR);
664
goto mandos_end;
488
gnutls_bye (es.session, GNUTLS_SHUT_RDWR);
489
goto exit;
665
490
}
666
491
} else {
667
492
buffer_length += (size_t) ret;
668
493
}
669
494
}
670
495
671
if(debug){
672
fprintf(stderr, "Closing TLS session\n");
673
}
674
675
gnutls_bye (session, GNUTLS_SHUT_RDWR);
676
677
496
if (buffer_length > 0){
678
decrypted_buffer_size = pgp_packet_decrypt(mc, buffer,
497
decrypted_buffer_size = pgp_packet_decrypt(buffer,
679
498
buffer_length,
680
&decrypted_buffer);
499
&decrypted_buffer,
500
certdir);
681
501
if (decrypted_buffer_size >= 0){
682
written = 0;
683
502
while(written < (size_t) decrypted_buffer_size){
684
503
ret = (int)fwrite (decrypted_buffer + written, 1,
685
504
(size_t)decrypted_buffer_size - written,
698
517
} else {
699
518
retval = -1;
700
519
}
701
} else {
702
retval = -1;
703
}
704
705
/* Shutdown procedure */
706
707
mandos_end:
520
}
521
522
//shutdown procedure
523
524
if(debug){
525
fprintf(stderr, "Closing TLS session\n");
526
}
527
708
528
free(buffer);
709
ret = TEMP_FAILURE_RETRY(close(tcp_sd));
710
if(ret == -1){
711
perror("close");
712
}
713
gnutls_deinit (session);
529
gnutls_bye (es.session, GNUTLS_SHUT_RDWR);
530
exit:
531
close(tcp_sd);
532
gnutls_deinit (es.session);
533
gnutls_certificate_free_credentials (es.cred);
534
gnutls_global_deinit ();
714
535
return retval;
715
536
}
716
537
717
static void resolve_callback(AvahiSServiceResolver *r,
718
AvahiIfIndex interface,
719
AVAHI_GCC_UNUSED AvahiProtocol protocol,
720
AvahiResolverEvent event,
721
const char *name,
722
const char *type,
723
const char *domain,
724
const char *host_name,
725
const AvahiAddress *address,
726
uint16_t port,
727
AVAHI_GCC_UNUSED AvahiStringList *txt,
728
AVAHI_GCC_UNUSED AvahiLookupResultFlags
729
flags,
730
void* userdata) {
538
static void resolve_callback( AvahiSServiceResolver *r,
539
AvahiIfIndex interface,
540
AVAHI_GCC_UNUSED AvahiProtocol protocol,
541
AvahiResolverEvent event,
542
const char *name,
543
const char *type,
544
const char *domain,
545
const char *host_name,
546
const AvahiAddress *address,
547
uint16_t port,
548
AVAHI_GCC_UNUSED AvahiStringList *txt,
549
AVAHI_GCC_UNUSED AvahiLookupResultFlags flags,
550
AVAHI_GCC_UNUSED void* userdata) {
731
551
mandos_context *mc = userdata;
732
assert(r);
552
assert(r); /* Spurious warning */
733
553
734
554
/* Called whenever a service has been resolved successfully or
735
555
timed out */
737
557
switch (event) {
738
558
default:
739
559
case AVAHI_RESOLVER_FAILURE:
740
fprintf(stderr, "(Avahi Resolver) Failed to resolve service '%s'"
741
" of type '%s' in domain '%s': %s\n", name, type, domain,
560
fprintf(stderr, "(Resolver) Failed to resolve service '%s' of"
561
" type '%s' in domain '%s': %s\n", name, type, domain,
742
562
avahi_strerror(avahi_server_errno(mc->server)));
743
563
break;
744
564
747
567
char ip[AVAHI_ADDRESS_STR_MAX];
748
568
avahi_address_snprint(ip, sizeof(ip), address);
749
569
if(debug){
750
fprintf(stderr, "Mandos server \"%s\" found on %s (%s, %"
751
PRIu16 ") on port %d\n", name, host_name, ip,
752
interface, port);
570
fprintf(stderr, "Mandos server \"%s\" found on %s (%s) on"
571
" port %d\n", name, host_name, ip, port);
753
572
}
754
573
int ret = start_mandos_communication(ip, port, interface, mc);
755
574
if (ret == 0){
756
avahi_simple_poll_quit(mc->simple_poll);
575
exit(EXIT_SUCCESS);
757
576
}
758
577
}
759
578
}
767
586
const char *name,
768
587
const char *type,
769
588
const char *domain,
770
AVAHI_GCC_UNUSED AvahiLookupResultFlags
771
flags,
589
AVAHI_GCC_UNUSED AvahiLookupResultFlags flags,
772
590
void* userdata) {
773
591
mandos_context *mc = userdata;
774
assert(b);
592
assert(b); /* Spurious warning */
775
593
776
594
/* Called whenever a new services becomes available on the LAN or
777
595
is removed from the LAN */
779
597
switch (event) {
780
598
default:
781
599
case AVAHI_BROWSER_FAILURE:
782
783
fprintf(stderr, "(Avahi browser) %s\n",
600
601
fprintf(stderr, "(Browser) %s\n",
784
602
avahi_strerror(avahi_server_errno(mc->server)));
785
603
avahi_simple_poll_quit(mc->simple_poll);
786
604
return;
787
605
788
606
case AVAHI_BROWSER_NEW:
789
/* We ignore the returned Avahi resolver object. In the callback
790
function we free it. If the Avahi server is terminated before
791
the callback function is called the Avahi server will free the
792
resolver for us. */
793
794
if (!(avahi_s_service_resolver_new(mc->server, interface,
795
protocol, name, type, domain,
607
/* We ignore the returned resolver object. In the callback
608
function we free it. If the server is terminated before
609
the callback function is called the server will free
610
the resolver for us. */
611
612
if (!(avahi_s_service_resolver_new(mc->server, interface, protocol, name,
613
type, domain,
796
614
AVAHI_PROTO_INET6, 0,
797
615
resolve_callback, mc)))
798
fprintf(stderr, "Avahi: Failed to resolve service '%s': %s\n",
799
name, avahi_strerror(avahi_server_errno(mc->server)));
616
fprintf(stderr, "Failed to resolve service '%s': %s\n", name,
617
avahi_strerror(avahi_server_errno(s)));
800
618
break;
801
619
802
620
case AVAHI_BROWSER_REMOVE:
803
621
break;
804
622
805
623
case AVAHI_BROWSER_ALL_FOR_NOW:
806
624
case AVAHI_BROWSER_CACHE_EXHAUSTED:
807
if(debug){
808
fprintf(stderr, "No Mandos server found, still searching...\n");
809
}
810
625
break;
811
626
}
812
627
}
813
628
814
int main(int argc, char *argv[]){
629
/* Combines file name and path and returns the malloced new
630
string. some sane checks could/should be added */
631
static const char *combinepath(const char *first, const char *second){
632
size_t f_len = strlen(first);
633
size_t s_len = strlen(second);
634
char *tmp = malloc(f_len + s_len + 2);
635
if (tmp == NULL){
636
return NULL;
637
}
638
if(f_len > 0){
639
memcpy(tmp, first, f_len);
640
}
641
tmp[f_len] = '/';
642
if(s_len > 0){
643
memcpy(tmp + f_len + 1, second, s_len);
644
}
645
tmp[f_len + 1 + s_len] = '\0';
646
return tmp;
647
}
648
649
650
int main(AVAHI_GCC_UNUSED int argc, AVAHI_GCC_UNUSED char*argv[]) {
651
AvahiServerConfig config;
815
652
AvahiSServiceBrowser *sb = NULL;
816
653
int error;
817
654
int ret;
818
int exitcode = EXIT_SUCCESS;
655
int returncode = EXIT_SUCCESS;
819
656
const char *interface = "eth0";
820
657
struct ifreq network;
821
658
int sd;
822
uid_t uid;
823
gid_t gid;
824
659
char *connect_to = NULL;
825
char tempdir[] = "/tmp/mandosXXXXXX";
826
660
AvahiIfIndex if_index = AVAHI_IF_UNSPEC;
827
const char *seckey = PATHDIR "/" SECKEY;
828
const char *pubkey = PATHDIR "/" PUBKEY;
829
830
661
mandos_context mc = { .simple_poll = NULL, .server = NULL,
831
.dh_bits = 1024, .priority = "SECURE256"
832
":!CTYPE-X.509:+CTYPE-OPENPGP" };
833
bool gnutls_initalized = false;
834
bool gpgme_initalized = false;
662
.dh_bits = 2048, .priority = "SECURE256"};
835
663
836
{
837
struct argp_option options[] = {
838
{ .name = "debug", .key = 128,
839
.doc = "Debug mode", .group = 3 },
840
{ .name = "connect", .key = 'c',
841
.arg = "ADDRESS:PORT",
842
.doc = "Connect directly to a specific Mandos server",
843
.group = 1 },
844
{ .name = "interface", .key = 'i',
845
.arg = "NAME",
846
.doc = "Interface that will be used to search for Mandos"
847
" servers",
848
.group = 1 },
849
{ .name = "seckey", .key = 's',
850
.arg = "FILE",
851
.doc = "OpenPGP secret key file base name",
852
.group = 1 },
853
{ .name = "pubkey", .key = 'p',
854
.arg = "FILE",
855
.doc = "OpenPGP public key file base name",
856
.group = 2 },
857
{ .name = "dh-bits", .key = 129,
858
.arg = "BITS",
859
.doc = "Bit length of the prime number used in the"
860
" Diffie-Hellman key exchange",
861
.group = 2 },
862
{ .name = "priority", .key = 130,
863
.arg = "STRING",
864
.doc = "GnuTLS priority string for the TLS handshake",
865
.group = 1 },
866
{ .name = NULL }
867
};
868
869
error_t parse_opt (int key, char *arg,
870
struct argp_state *state) {
871
/* Get the INPUT argument from `argp_parse', which we know is
872
a pointer to our plugin list pointer. */
873
switch (key) {
874
case 128: /* --debug */
875
debug = true;
876
break;
877
case 'c': /* --connect */
878
connect_to = arg;
879
break;
880
case 'i': /* --interface */
881
interface = arg;
882
break;
883
case 's': /* --seckey */
884
seckey = arg;
885
break;
886
case 'p': /* --pubkey */
887
pubkey = arg;
888
break;
889
case 129: /* --dh-bits */
664
while (true){
665
static struct option long_options[] = {
666
{"debug", no_argument, (int *)&debug, 1},
667
{"connect", required_argument, 0, 'C'},
668
{"interface", required_argument, 0, 'i'},
669
{"certdir", required_argument, 0, 'd'},
670
{"certkey", required_argument, 0, 'c'},
671
{"certfile", required_argument, 0, 'k'},
672
{"dh_bits", required_argument, 0, 'D'},
673
{"priority", required_argument, 0, 'p'},
674
{0, 0, 0, 0} };
675
676
int option_index = 0;
677
ret = getopt_long (argc, argv, "i:", long_options,
678
&option_index);
679
680
if (ret == -1){
681
break;
682
}
683
684
switch(ret){
685
case 0:
686
break;
687
case 'i':
688
interface = optarg;
689
break;
690
case 'C':
691
connect_to = optarg;
692
break;
693
case 'd':
694
certdir = optarg;
695
break;
696
case 'c':
697
certfile = optarg;
698
break;
699
case 'k':
700
certkey = optarg;
701
break;
702
case 'D':
703
{
704
long int tmp;
890
705
errno = 0;
891
mc.dh_bits = (unsigned int) strtol(arg, NULL, 10);
892
if (errno){
706
tmp = strtol(optarg, NULL, 10);
707
if (errno == ERANGE){
893
708
perror("strtol");
894
709
exit(EXIT_FAILURE);
895
710
}
896
break;
897
case 130: /* --priority */
898
mc.priority = arg;
899
break;
900
case ARGP_KEY_ARG:
901
argp_usage (state);
902
case ARGP_KEY_END:
903
break;
904
default:
905
return ARGP_ERR_UNKNOWN;
906
}
907
return 0;
908
}
909
910
struct argp argp = { .options = options, .parser = parse_opt,
911
.args_doc = "",
912
.doc = "Mandos client -- Get and decrypt"
913
" passwords from a Mandos server" };
914
ret = argp_parse (&argp, argc, argv, 0, 0, NULL);
915
if (ret == ARGP_ERR_UNKNOWN){
916
fprintf(stderr, "Unknown error while parsing arguments\n");
917
exitcode = EXIT_FAILURE;
918
goto end;
919
}
920
}
921
922
/* If the interface is down, bring it up */
923
{
924
sd = socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP);
925
if(sd < 0) {
926
perror("socket");
927
exitcode = EXIT_FAILURE;
928
goto end;
929
}
930
strcpy(network.ifr_name, interface);
931
ret = ioctl(sd, SIOCGIFFLAGS, &network);
932
if(ret == -1){
933
perror("ioctl SIOCGIFFLAGS");
934
exitcode = EXIT_FAILURE;
935
goto end;
936
}
937
if((network.ifr_flags & IFF_UP) == 0){
938
network.ifr_flags |= IFF_UP;
939
ret = ioctl(sd, SIOCSIFFLAGS, &network);
940
if(ret == -1){
941
perror("ioctl SIOCSIFFLAGS");
942
exitcode = EXIT_FAILURE;
943
goto end;
944
}
945
}
946
ret = TEMP_FAILURE_RETRY(close(sd));
947
if(ret == -1){
948
perror("close");
949
}
950
}
951
952
uid = getuid();
953
gid = getgid();
954
955
ret = setuid(uid);
956
if (ret == -1){
957
perror("setuid");
958
}
959
960
setgid(gid);
961
if (ret == -1){
962
perror("setgid");
963
}
964
965
ret = init_gnutls_global(&mc, pubkey, seckey);
966
if (ret == -1){
967
fprintf(stderr, "init_gnutls_global failed\n");
968
exitcode = EXIT_FAILURE;
969
goto end;
970
} else {
971
gnutls_initalized = true;
972
}
973
974
if(mkdtemp(tempdir) == NULL){
975
perror("mkdtemp");
976
tempdir[0] = '\0';
977
goto end;
978
}
979
980
if(not init_gpgme(&mc, pubkey, seckey, tempdir)){
981
fprintf(stderr, "gpgme_initalized failed\n");
982
exitcode = EXIT_FAILURE;
983
goto end;
984
} else {
985
gpgme_initalized = true;
711
mc.dh_bits = tmp;
712
}
713
break;
714
case 'p':
715
mc.priority = optarg;
716
break;
717
default:
718
exit(EXIT_FAILURE);
719
}
720
}
721
722
certfile = combinepath(certdir, certfile);
723
if (certfile == NULL){
724
perror("combinepath");
725
returncode = EXIT_FAILURE;
726
goto exit;
727
}
728
729
certkey = combinepath(certdir, certkey);
730
if (certkey == NULL){
731
perror("combinepath");
732
returncode = EXIT_FAILURE;
733
goto exit;
986
734
}
987
735
988
736
if_index = (AvahiIfIndex) if_nametoindex(interface);
997
745
char *address = strrchr(connect_to, ':');
998
746
if(address == NULL){
999
747
fprintf(stderr, "No colon in address\n");
1000
exitcode = EXIT_FAILURE;
1001
goto end;
748
exit(EXIT_FAILURE);
1002
749
}
1003
750
errno = 0;
1004
751
uint16_t port = (uint16_t) strtol(address+1, NULL, 10);
1005
752
if(errno){
1006
753
perror("Bad port number");
1007
exitcode = EXIT_FAILURE;
1008
goto end;
754
exit(EXIT_FAILURE);
1009
755
}
1010
756
*address = '\0';
1011
757
address = connect_to;
1012
ret = start_mandos_communication(address, port, if_index, &mc);
758
ret = start_mandos_communication(address, port, if_index);
1013
759
if(ret < 0){
1014
exitcode = EXIT_FAILURE;
760
exit(EXIT_FAILURE);
1015
761
} else {
1016
exitcode = EXIT_SUCCESS;
1017
}
1018
goto end;
1019
}
762
exit(EXIT_SUCCESS);
763
}
764
}
765
766
sd = socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP);
767
if(sd < 0) {
768
perror("socket");
769
returncode = EXIT_FAILURE;
770
goto exit;
771
}
772
strcpy(network.ifr_name, interface);
773
ret = ioctl(sd, SIOCGIFFLAGS, &network);
774
if(ret == -1){
775
776
perror("ioctl SIOCGIFFLAGS");
777
returncode = EXIT_FAILURE;
778
goto exit;
779
}
780
if((network.ifr_flags & IFF_UP) == 0){
781
network.ifr_flags |= IFF_UP;
782
ret = ioctl(sd, SIOCSIFFLAGS, &network);
783
if(ret == -1){
784
perror("ioctl SIOCSIFFLAGS");
785
returncode = EXIT_FAILURE;
786
goto exit;
787
}
788
}
789
close(sd);
1020
790
1021
791
if (not debug){
1022
792
avahi_set_log_function(empty_log);
1023
793
}
1024
794
1025
/* Initialize the pseudo-RNG for Avahi */
795
/* Initialize the psuedo-RNG */
1026
796
srand((unsigned int) time(NULL));
1027
1028
/* Allocate main Avahi loop object */
1029
mc.simple_poll = avahi_simple_poll_new();
1030
if (mc.simple_poll == NULL) {
1031
fprintf(stderr, "Avahi: Failed to create simple poll"
1032
" object.\n");
1033
exitcode = EXIT_FAILURE;
1034
goto end;
1035
}
1036
1037
{
1038
AvahiServerConfig config;
1039
/* Do not publish any local Zeroconf records */
1040
avahi_server_config_init(&config);
1041
config.publish_hinfo = 0;
1042
config.publish_addresses = 0;
1043
config.publish_workstation = 0;
1044
config.publish_domain = 0;
1045
1046
/* Allocate a new server */
1047
mc.server = avahi_server_new(avahi_simple_poll_get
1048
(mc.simple_poll), &config, NULL,
1049
NULL, &error);
1050
1051
/* Free the Avahi configuration data */
1052
avahi_server_config_free(&config);
1053
}
1054
1055
/* Check if creating the Avahi server object succeeded */
1056
if (mc.server == NULL) {
1057
fprintf(stderr, "Failed to create Avahi server: %s\n",
797
798
/* Allocate main loop object */
799
if (!(mc.simple_poll = avahi_simple_poll_new())) {
800
fprintf(stderr, "Failed to create simple poll object.\n");
801
returncode = EXIT_FAILURE;
802
goto exit;
803
}
804
805
/* Do not publish any local records */
806
avahi_server_config_init(&config);
807
config.publish_hinfo = 0;
808
config.publish_addresses = 0;
809
config.publish_workstation = 0;
810
config.publish_domain = 0;
811
812
/* Allocate a new server */
813
mc.server = avahi_server_new(avahi_simple_poll_get(simple_poll),
814
&config, NULL, NULL, &error);
815
816
/* Free the configuration data */
817
avahi_server_config_free(&config);
818
819
/* Check if creating the server object succeeded */
820
if (!mc.server) {
821
fprintf(stderr, "Failed to create server: %s\n",
1058
822
avahi_strerror(error));
1059
exitcode = EXIT_FAILURE;
1060
goto end;
823
returncode = EXIT_FAILURE;
824
goto exit;
1061
825
}
1062
826
1063
/* Create the Avahi service browser */
827
/* Create the service browser */
1064
828
sb = avahi_s_service_browser_new(mc.server, if_index,
1065
829
AVAHI_PROTO_INET6,
1066
830
"_mandos._tcp", NULL, 0,
1067
831
browse_callback, &mc);
1068
if (sb == NULL) {
832
if (!sb) {
1069
833
fprintf(stderr, "Failed to create service browser: %s\n",
1070
834
avahi_strerror(avahi_server_errno(mc.server)));
1071
exitcode = EXIT_FAILURE;
1072
goto end;
835
returncode = EXIT_FAILURE;
836
goto exit;
1073
837
}
1074
838
1075
839
/* Run the main loop */
1076
840
1077
841
if (debug){
1078
fprintf(stderr, "Starting Avahi loop search\n");
842
fprintf(stderr, "Starting avahi loop search\n");
1079
843
}
1080
844
1081
avahi_simple_poll_loop(mc.simple_poll);
1082
1083
end:
1084
845
avahi_simple_poll_loop(simple_poll);
846
847
exit:
848
1085
849
if (debug){
1086
850
fprintf(stderr, "%s exiting\n", argv[0]);
1087
851
}
1088
852
1089
853
/* Cleanup things */
1090
if (sb != NULL)
854
if (sb)
1091
855
avahi_s_service_browser_free(sb);
1092
856
1093
if (mc.server != NULL)
857
if (mc.server)
1094
858
avahi_server_free(mc.server);
1095
1096
if (mc.simple_poll != NULL)
1097
avahi_simple_poll_free(mc.simple_poll);
1098
1099
if (gnutls_initalized){
1100
gnutls_certificate_free_credentials(mc.cred);
1101
gnutls_global_deinit ();
1102
gnutls_dh_params_deinit(mc.dh_params);
1103
}
1104
1105
if(gpgme_initalized){
1106
gpgme_release(mc.ctx);
1107
}
1108
1109
/* Removes the temp directory used by GPGME */
1110
if(tempdir[0] != '\0'){
1111
DIR *d;
1112
struct dirent *direntry;
1113
d = opendir(tempdir);
1114
if(d == NULL){
1115
perror("opendir");
1116
} else {
1117
while(true){
1118
direntry = readdir(d);
1119
if(direntry == NULL){
1120
break;
1121
}
1122
if (direntry->d_type == DT_REG){
1123
char *fullname = NULL;
1124
ret = asprintf(&fullname, "%s/%s", tempdir,
1125
direntry->d_name);
1126
if(ret < 0){
1127
perror("asprintf");
1128
continue;
1129
}
1130
ret = unlink(fullname);
1131
if(ret == -1){
1132
fprintf(stderr, "unlink(\"%s\"): %s",
1133
fullname, strerror(errno));
1134
}
1135
free(fullname);
1136
}
1137
}
1138
closedir(d);
1139
}
1140
ret = rmdir(tempdir);
1141
if(ret == -1){
1142
perror("rmdir");
1143
}
1144
}
1145
1146
return exitcode;
859
860
if (simple_poll)
861
avahi_simple_poll_free(simple_poll);
862
free(certfile);
863
free(certkey);
864
865
return returncode;
1147
866
}
Loggerhead is a web-based interface for Breezy
Version: 2.0.2.dev0