To get this branch, use:
bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk
« back to all changes in this revision
Viewing changes to plugins.d/mandosclient.c
- browse files at revision 24.1.9
- compare with another revision
- download diff
- download tarball
- view history from revision 24.1.9
- Committer: Björn Påhlsson
- Date: 2008-08-02 21:06:29 UTC
- mto: (24.1.154 mandos) (237.4.3 mandos-release)
- mto: This revision was merged to the branch mainline in revision 38.
- Revision ID: belorn@braxen-20080802210629-p9jc5515yufcg4ge
not working midwork...
- files added:
- ca.pem
- files removed:
- .bzr-builddeb
- debian
- debian/po
- files renamed:
- plugin-runner.c => plugbasedclient.c
- plugins.d/mandos-client.c => plugins.d/mandosclient.c
- plugins.d/password-prompt.c => plugins.d/passprompt.c
- mandos.conf => server.conf
- mandos => server.py
- files modified:
- Makefile
added
removed
plugins.d/mandosclient.c
9
9
* "browse_callback", and parts of "main".
10
10
*
11
11
* Everything else is
12
* Copyright © 2008,2009 Teddy Hogeborn
13
* Copyright © 2008,2009 Björn Påhlsson
12
* Copyright © 2007-2008 Teddy Hogeborn & Björn Påhlsson
14
13
*
15
14
* This program is free software: you can redistribute it and/or
16
15
* modify it under the terms of the GNU General Public License as
33
32
#define _LARGEFILE_SOURCE
34
33
#define _FILE_OFFSET_BITS 64
35
34
36
#define _GNU_SOURCE /* TEMP_FAILURE_RETRY(), asprintf() */
37
38
#include <stdio.h> /* fprintf(), stderr, fwrite(),
39
stdout, ferror() */
40
#include <stdint.h> /* uint16_t, uint32_t */
41
#include <stddef.h> /* NULL, size_t, ssize_t */
42
#include <stdlib.h> /* free(), EXIT_SUCCESS, EXIT_FAILURE,
43
srand() */
44
#include <stdbool.h> /* bool, true */
45
#include <string.h> /* memset(), strcmp(), strlen(),
46
strerror(), asprintf(), strcpy() */
47
#include <sys/ioctl.h> /* ioctl */
48
#include <sys/types.h> /* socket(), inet_pton(), sockaddr,
49
sockaddr_in6, PF_INET6,
50
SOCK_STREAM, INET6_ADDRSTRLEN,
51
uid_t, gid_t, open(), opendir(), DIR */
52
#include <sys/stat.h> /* open() */
53
#include <sys/socket.h> /* socket(), struct sockaddr_in6,
54
struct in6_addr, inet_pton(),
55
connect() */
56
#include <fcntl.h> /* open() */
57
#include <dirent.h> /* opendir(), struct dirent, readdir() */
58
#include <inttypes.h> /* PRIu16 */
59
#include <assert.h> /* assert() */
60
#include <errno.h> /* perror(), errno */
61
#include <time.h> /* time() */
62
#include <net/if.h> /* ioctl, ifreq, SIOCGIFFLAGS, IFF_UP,
63
SIOCSIFFLAGS, if_indextoname(),
64
if_nametoindex(), IF_NAMESIZE */
65
#include <netinet/in.h>
66
#include <unistd.h> /* close(), SEEK_SET, off_t, write(),
67
getuid(), getgid(), setuid(),
68
setgid() */
69
#include <arpa/inet.h> /* inet_pton(), htons */
70
#include <iso646.h> /* not, and */
71
#include <argp.h> /* struct argp_option, error_t, struct
72
argp_state, struct argp,
73
argp_parse(), ARGP_KEY_ARG,
74
ARGP_KEY_END, ARGP_ERR_UNKNOWN */
75
76
/* Avahi */
77
/* All Avahi types, constants and functions
78
Avahi*, avahi_*,
79
AVAHI_* */
35
#include <stdio.h>
36
#include <assert.h>
37
#include <stdlib.h>
38
#include <time.h>
39
#include <net/if.h> /* if_nametoindex */
40
#include <sys/ioctl.h> // ioctl, ifreq, SIOCGIFFLAGS, IFF_UP, SIOCSIFFLAGS
41
#include <net/if.h> // ioctl, ifreq, SIOCGIFFLAGS, IFF_UP, SIOCSIFFLAGS
42
80
43
#include <avahi-core/core.h>
81
44
#include <avahi-core/lookup.h>
82
45
#include <avahi-core/log.h>
84
47
#include <avahi-common/malloc.h>
85
48
#include <avahi-common/error.h>
86
49
87
/* GnuTLS */
88
#include <gnutls/gnutls.h> /* All GnuTLS types, constants and
89
functions:
90
gnutls_*
91
init_gnutls_session(),
92
GNUTLS_* */
93
#include <gnutls/openpgp.h> /* gnutls_certificate_set_openpgp_key_file(),
94
GNUTLS_OPENPGP_FMT_BASE64 */
95
96
/* GPGME */
97
#include <gpgme.h> /* All GPGME types, constants and
98
functions:
99
gpgme_*
100
GPGME_PROTOCOL_OpenPGP,
101
GPG_ERR_NO_* */
50
//mandos client part
51
#include <sys/types.h> /* socket(), inet_pton() */
52
#include <sys/socket.h> /* socket(), struct sockaddr_in6,
53
struct in6_addr, inet_pton() */
54
#include <gnutls/gnutls.h> /* All GnuTLS stuff */
55
#include <gnutls/openpgp.h> /* GnuTLS with openpgp stuff */
56
57
#include <unistd.h> /* close() */
58
#include <netinet/in.h>
59
#include <stdbool.h> /* true */
60
#include <string.h> /* memset */
61
#include <arpa/inet.h> /* inet_pton() */
62
#include <iso646.h> /* not */
63
64
// gpgme
65
#include <errno.h> /* perror() */
66
#include <gpgme.h>
67
68
// getopt long
69
#include <getopt.h>
102
70
103
71
#define BUFFER_SIZE 256
72
#define DH_BITS 1024
104
73
105
#define PATHDIR "/conf/conf.d/mandos"
106
#define SECKEY "seckey.txt"
107
#define PUBKEY "pubkey.txt"
74
static const char *certdir = "/conf/conf.d/mandos";
75
static const char *certfile = "openpgp-client.txt";
76
static const char *certkey = "openpgp-client-key.txt";
108
77
109
78
bool debug = false;
110
static const char mandos_protocol_version[] = "1";
111
const char *argp_program_version = "mandos-client " VERSION;
112
const char *argp_program_bug_address = "<mandos@fukt.bsnet.se>";
113
79
114
/* Used for passing in values through the Avahi callback functions */
115
80
typedef struct {
116
81
AvahiSimplePoll *simple_poll;
117
82
AvahiServer *server;
118
83
gnutls_certificate_credentials_t cred;
119
84
unsigned int dh_bits;
120
gnutls_dh_params_t dh_params;
121
85
const char *priority;
86
} mandos_context;
87
88
static ssize_t pgp_packet_decrypt (char *packet, size_t packet_size,
89
char **new_packet,
90
const char *homedir){
91
gpgme_data_t dh_crypto, dh_plain;
122
92
gpgme_ctx_t ctx;
123
} mandos_context;
124
125
/*
126
* Make room in "buffer" for at least BUFFER_SIZE additional bytes.
127
* "buffer_capacity" is how much is currently allocated,
128
* "buffer_length" is how much is already used.
129
*/
130
size_t adjustbuffer(char **buffer, size_t buffer_length,
131
size_t buffer_capacity){
132
if (buffer_length + BUFFER_SIZE > buffer_capacity){
133
*buffer = realloc(*buffer, buffer_capacity + BUFFER_SIZE);
134
if (buffer == NULL){
135
return 0;
136
}
137
buffer_capacity += BUFFER_SIZE;
138
}
139
return buffer_capacity;
140
}
141
142
/*
143
* Initialize GPGME.
144
*/
145
static bool init_gpgme(mandos_context *mc, const char *seckey,
146
const char *pubkey, const char *tempdir){
147
int ret;
148
93
gpgme_error_t rc;
94
ssize_t ret;
95
ssize_t new_packet_capacity = 0;
96
ssize_t new_packet_length = 0;
149
97
gpgme_engine_info_t engine_info;
150
151
152
/*
153
* Helper function to insert pub and seckey to the enigne keyring.
154
*/
155
bool import_key(const char *filename){
156
int fd;
157
gpgme_data_t pgp_data;
158
159
fd = TEMP_FAILURE_RETRY(open(filename, O_RDONLY));
160
if(fd == -1){
161
perror("open");
162
return false;
163
}
164
165
rc = gpgme_data_new_from_fd(&pgp_data, fd);
166
if (rc != GPG_ERR_NO_ERROR){
167
fprintf(stderr, "bad gpgme_data_new_from_fd: %s: %s\n",
168
gpgme_strsource(rc), gpgme_strerror(rc));
169
return false;
170
}
171
172
rc = gpgme_op_import(mc->ctx, pgp_data);
173
if (rc != GPG_ERR_NO_ERROR){
174
fprintf(stderr, "bad gpgme_op_import: %s: %s\n",
175
gpgme_strsource(rc), gpgme_strerror(rc));
176
return false;
177
}
178
179
ret = TEMP_FAILURE_RETRY(close(fd));
180
if(ret == -1){
181
perror("close");
182
}
183
gpgme_data_release(pgp_data);
184
return true;
185
}
186
98
187
99
if (debug){
188
fprintf(stderr, "Initialize gpgme\n");
100
fprintf(stderr, "Trying to decrypt OpenPGP packet\n");
189
101
}
190
102
191
103
/* Init GPGME */
194
106
if (rc != GPG_ERR_NO_ERROR){
195
107
fprintf(stderr, "bad gpgme_engine_check_version: %s: %s\n",
196
108
gpgme_strsource(rc), gpgme_strerror(rc));
197
return false;
109
return -1;
198
110
}
199
111
200
/* Set GPGME home directory for the OpenPGP engine only */
112
/* Set GPGME home directory */
201
113
rc = gpgme_get_engine_info (&engine_info);
202
114
if (rc != GPG_ERR_NO_ERROR){
203
115
fprintf(stderr, "bad gpgme_get_engine_info: %s: %s\n",
204
116
gpgme_strsource(rc), gpgme_strerror(rc));
205
return false;
117
return -1;
206
118
}
207
119
while(engine_info != NULL){
208
120
if(engine_info->protocol == GPGME_PROTOCOL_OpenPGP){
209
121
gpgme_set_engine_info(GPGME_PROTOCOL_OpenPGP,
210
engine_info->file_name, tempdir);
122
engine_info->file_name, homedir);
211
123
break;
212
124
}
213
125
engine_info = engine_info->next;
214
126
}
215
127
if(engine_info == NULL){
216
fprintf(stderr, "Could not set GPGME home dir to %s\n", tempdir);
217
return false;
218
}
219
220
/* Create new GPGME "context" */
221
rc = gpgme_new(&(mc->ctx));
222
if (rc != GPG_ERR_NO_ERROR){
223
fprintf(stderr, "bad gpgme_new: %s: %s\n",
224
gpgme_strsource(rc), gpgme_strerror(rc));
225
return false;
226
}
227
228
if (not import_key(pubkey) or not import_key(seckey)){
229
return false;
230
}
231
232
return true;
233
}
234
235
/*
236
* Decrypt OpenPGP data.
237
* Returns -1 on error
238
*/
239
static ssize_t pgp_packet_decrypt (const mandos_context *mc,
240
const char *cryptotext,
241
size_t crypto_size,
242
char **plaintext){
243
gpgme_data_t dh_crypto, dh_plain;
244
gpgme_error_t rc;
245
ssize_t ret;
246
size_t plaintext_capacity = 0;
247
ssize_t plaintext_length = 0;
248
249
if (debug){
250
fprintf(stderr, "Trying to decrypt OpenPGP data\n");
251
}
252
253
/* Create new GPGME data buffer from memory cryptotext */
254
rc = gpgme_data_new_from_mem(&dh_crypto, cryptotext, crypto_size,
255
0);
128
fprintf(stderr, "Could not set home dir to %s\n", homedir);
129
return -1;
130
}
131
132
/* Create new GPGME data buffer from packet buffer */
133
rc = gpgme_data_new_from_mem(&dh_crypto, packet, packet_size, 0);
256
134
if (rc != GPG_ERR_NO_ERROR){
257
135
fprintf(stderr, "bad gpgme_data_new_from_mem: %s: %s\n",
258
136
gpgme_strsource(rc), gpgme_strerror(rc));
264
142
if (rc != GPG_ERR_NO_ERROR){
265
143
fprintf(stderr, "bad gpgme_data_new: %s: %s\n",
266
144
gpgme_strsource(rc), gpgme_strerror(rc));
267
gpgme_data_release(dh_crypto);
268
return -1;
269
}
270
271
/* Decrypt data from the cryptotext data buffer to the plaintext
272
data buffer */
273
rc = gpgme_op_decrypt(mc->ctx, dh_crypto, dh_plain);
145
return -1;
146
}
147
148
/* Create new GPGME "context" */
149
rc = gpgme_new(&ctx);
150
if (rc != GPG_ERR_NO_ERROR){
151
fprintf(stderr, "bad gpgme_new: %s: %s\n",
152
gpgme_strsource(rc), gpgme_strerror(rc));
153
return -1;
154
}
155
156
/* Decrypt data from the FILE pointer to the plaintext data
157
buffer */
158
rc = gpgme_op_decrypt(ctx, dh_crypto, dh_plain);
274
159
if (rc != GPG_ERR_NO_ERROR){
275
160
fprintf(stderr, "bad gpgme_op_decrypt: %s: %s\n",
276
161
gpgme_strsource(rc), gpgme_strerror(rc));
277
plaintext_length = -1;
278
if (debug){
279
gpgme_decrypt_result_t result;
280
result = gpgme_op_decrypt_result(mc->ctx);
281
if (result == NULL){
282
fprintf(stderr, "gpgme_op_decrypt_result failed\n");
283
} else {
284
fprintf(stderr, "Unsupported algorithm: %s\n",
285
result->unsupported_algorithm);
286
fprintf(stderr, "Wrong key usage: %u\n",
287
result->wrong_key_usage);
288
if(result->file_name != NULL){
289
fprintf(stderr, "File name: %s\n", result->file_name);
290
}
291
gpgme_recipient_t recipient;
292
recipient = result->recipients;
293
if(recipient){
294
while(recipient != NULL){
295
fprintf(stderr, "Public key algorithm: %s\n",
296
gpgme_pubkey_algo_name(recipient->pubkey_algo));
297
fprintf(stderr, "Key ID: %s\n", recipient->keyid);
298
fprintf(stderr, "Secret key available: %s\n",
299
recipient->status == GPG_ERR_NO_SECKEY
300
? "No" : "Yes");
301
recipient = recipient->next;
302
}
162
return -1;
163
}
164
165
if(debug){
166
fprintf(stderr, "Decryption of OpenPGP packet succeeded\n");
167
}
168
169
if (debug){
170
gpgme_decrypt_result_t result;
171
result = gpgme_op_decrypt_result(ctx);
172
if (result == NULL){
173
fprintf(stderr, "gpgme_op_decrypt_result failed\n");
174
} else {
175
fprintf(stderr, "Unsupported algorithm: %s\n",
176
result->unsupported_algorithm);
177
fprintf(stderr, "Wrong key usage: %d\n",
178
result->wrong_key_usage);
179
if(result->file_name != NULL){
180
fprintf(stderr, "File name: %s\n", result->file_name);
181
}
182
gpgme_recipient_t recipient;
183
recipient = result->recipients;
184
if(recipient){
185
while(recipient != NULL){
186
fprintf(stderr, "Public key algorithm: %s\n",
187
gpgme_pubkey_algo_name(recipient->pubkey_algo));
188
fprintf(stderr, "Key ID: %s\n", recipient->keyid);
189
fprintf(stderr, "Secret key available: %s\n",
190
recipient->status == GPG_ERR_NO_SECKEY
191
? "No" : "Yes");
192
recipient = recipient->next;
303
193
}
304
194
}
305
195
}
306
goto decrypt_end;
307
196
}
308
197
309
if(debug){
310
fprintf(stderr, "Decryption of OpenPGP data succeeded\n");
311
}
198
/* Delete the GPGME FILE pointer cryptotext data buffer */
199
gpgme_data_release(dh_crypto);
312
200
313
201
/* Seek back to the beginning of the GPGME plaintext data buffer */
314
202
if (gpgme_data_seek(dh_plain, (off_t) 0, SEEK_SET) == -1){
315
perror("gpgme_data_seek");
316
plaintext_length = -1;
317
goto decrypt_end;
203
perror("pgpme_data_seek");
318
204
}
319
205
320
*plaintext = NULL;
206
*new_packet = 0;
321
207
while(true){
322
plaintext_capacity = adjustbuffer(plaintext,
323
(size_t)plaintext_length,
324
plaintext_capacity);
325
if (plaintext_capacity == 0){
326
perror("adjustbuffer");
327
plaintext_length = -1;
328
goto decrypt_end;
208
if (new_packet_length + BUFFER_SIZE > new_packet_capacity){
209
*new_packet = realloc(*new_packet,
210
(unsigned int)new_packet_capacity
211
+ BUFFER_SIZE);
212
if (*new_packet == NULL){
213
perror("realloc");
214
return -1;
215
}
216
new_packet_capacity += BUFFER_SIZE;
329
217
}
330
218
331
ret = gpgme_data_read(dh_plain, *plaintext + plaintext_length,
219
ret = gpgme_data_read(dh_plain, *new_packet + new_packet_length,
332
220
BUFFER_SIZE);
333
221
/* Print the data, if any */
334
222
if (ret == 0){
335
/* EOF */
336
223
break;
337
224
}
338
225
if(ret < 0){
339
226
perror("gpgme_data_read");
340
plaintext_length = -1;
341
goto decrypt_end;
342
}
343
plaintext_length += ret;
344
}
345
346
if(debug){
347
fprintf(stderr, "Decrypted password is: ");
348
for(ssize_t i = 0; i < plaintext_length; i++){
349
fprintf(stderr, "%02hhX ", (*plaintext)[i]);
350
}
351
fprintf(stderr, "\n");
352
}
353
354
decrypt_end:
355
356
/* Delete the GPGME cryptotext data buffer */
357
gpgme_data_release(dh_crypto);
227
return -1;
228
}
229
new_packet_length += ret;
230
}
231
232
/* FIXME: check characters before printing to screen so to not print
233
terminal control characters */
234
/* if(debug){ */
235
/* fprintf(stderr, "decrypted password is: "); */
236
/* fwrite(*new_packet, 1, new_packet_length, stderr); */
237
/* fprintf(stderr, "\n"); */
238
/* } */
358
239
359
240
/* Delete the GPGME plaintext data buffer */
360
241
gpgme_data_release(dh_plain);
361
return plaintext_length;
242
return new_packet_length;
362
243
}
363
244
364
245
static const char * safer_gnutls_strerror (int value) {
365
const char *ret = gnutls_strerror (value); /* Spurious warning */
246
const char *ret = gnutls_strerror (value);
366
247
if (ret == NULL)
367
248
ret = "(unknown)";
368
249
return ret;
369
250
}
370
251
371
/* GnuTLS log function callback */
372
252
static void debuggnutls(__attribute__((unused)) int level,
373
253
const char* string){
374
fprintf(stderr, "GnuTLS: %s", string);
254
fprintf(stderr, "%s", string);
375
255
}
376
256
377
static int init_gnutls_global(mandos_context *mc,
378
const char *pubkeyfilename,
379
const char *seckeyfilename){
257
static int initgnutls(mandos_context *mc){
258
const char *err;
380
259
int ret;
381
260
382
261
if(debug){
383
262
fprintf(stderr, "Initializing GnuTLS\n");
384
263
}
385
386
ret = gnutls_global_init();
387
if (ret != GNUTLS_E_SUCCESS) {
388
fprintf (stderr, "GnuTLS global_init: %s\n",
389
safer_gnutls_strerror(ret));
264
265
if ((ret = gnutls_global_init ())
266
!= GNUTLS_E_SUCCESS) {
267
fprintf (stderr, "global_init: %s\n", safer_gnutls_strerror(ret));
390
268
return -1;
391
269
}
392
270
393
271
if (debug){
394
/* "Use a log level over 10 to enable all debugging options."
395
* - GnuTLS manual
396
*/
397
272
gnutls_global_set_log_level(11);
398
273
gnutls_global_set_log_function(debuggnutls);
399
274
}
400
275
401
/* OpenPGP credentials */
402
gnutls_certificate_allocate_credentials(&mc->cred);
403
if (ret != GNUTLS_E_SUCCESS){
404
fprintf (stderr, "GnuTLS memory error: %s\n", /* Spurious
405
warning */
276
/* openpgp credentials */
277
if ((ret = gnutls_certificate_allocate_credentials (&es->cred))
278
!= GNUTLS_E_SUCCESS) {
279
fprintf (stderr, "memory error: %s\n",
406
280
safer_gnutls_strerror(ret));
407
gnutls_global_deinit ();
408
281
return -1;
409
282
}
410
283
411
284
if(debug){
412
fprintf(stderr, "Attempting to use OpenPGP public key %s and"
413
" secret key %s as GnuTLS credentials\n", pubkeyfilename,
414
seckeyfilename);
285
fprintf(stderr, "Attempting to use OpenPGP certificate %s"
286
" and keyfile %s as GnuTLS credentials\n", certfile,
287
certkey);
415
288
}
416
289
417
290
ret = gnutls_certificate_set_openpgp_key_file
418
(mc->cred, pubkeyfilename, seckeyfilename,
419
GNUTLS_OPENPGP_FMT_BASE64);
291
(es->cred, certfile, certkey, GNUTLS_OPENPGP_FMT_BASE64);
420
292
if (ret != GNUTLS_E_SUCCESS) {
421
fprintf(stderr,
422
"Error[%d] while reading the OpenPGP key pair ('%s',"
423
" '%s')\n", ret, pubkeyfilename, seckeyfilename);
424
fprintf(stderr, "The GnuTLS error is: %s\n",
293
fprintf
294
(stderr, "Error[%d] while reading the OpenPGP key pair ('%s',"
295
" '%s')\n",
296
ret, certfile, certkey);
297
fprintf(stdout, "The Error is: %s\n",
425
298
safer_gnutls_strerror(ret));
426
goto globalfail;
427
}
428
429
/* GnuTLS server initialization */
430
ret = gnutls_dh_params_init(&mc->dh_params);
431
if (ret != GNUTLS_E_SUCCESS) {
432
fprintf (stderr, "Error in GnuTLS DH parameter initialization:"
433
" %s\n", safer_gnutls_strerror(ret));
434
goto globalfail;
435
}
436
ret = gnutls_dh_params_generate2(mc->dh_params, mc->dh_bits);
437
if (ret != GNUTLS_E_SUCCESS) {
438
fprintf (stderr, "Error in GnuTLS prime generation: %s\n",
439
safer_gnutls_strerror(ret));
440
goto globalfail;
441
}
442
443
gnutls_certificate_set_dh_params(mc->cred, mc->dh_params);
444
445
return 0;
446
447
globalfail:
448
449
gnutls_certificate_free_credentials(mc->cred);
450
gnutls_global_deinit();
451
gnutls_dh_params_deinit(mc->dh_params);
452
return -1;
453
}
454
455
static int init_gnutls_session(mandos_context *mc,
456
gnutls_session_t *session){
457
int ret;
458
/* GnuTLS session creation */
459
ret = gnutls_init(session, GNUTLS_SERVER);
460
if (ret != GNUTLS_E_SUCCESS){
299
return -1;
300
}
301
302
//GnuTLS server initialization
303
if ((ret = gnutls_dh_params_init (&es->dh_params))
304
!= GNUTLS_E_SUCCESS) {
305
fprintf (stderr, "Error in dh parameter initialization: %s\n",
306
safer_gnutls_strerror(ret));
307
return -1;
308
}
309
310
if ((ret = gnutls_dh_params_generate2 (es->dh_params, DH_BITS))
311
!= GNUTLS_E_SUCCESS) {
312
fprintf (stderr, "Error in prime generation: %s\n",
313
safer_gnutls_strerror(ret));
314
return -1;
315
}
316
317
gnutls_certificate_set_dh_params (es->cred, es->dh_params);
318
319
// GnuTLS session creation
320
if ((ret = gnutls_init (&es->session, GNUTLS_SERVER))
321
!= GNUTLS_E_SUCCESS){
461
322
fprintf(stderr, "Error in GnuTLS session initialization: %s\n",
462
323
safer_gnutls_strerror(ret));
463
324
}
464
325
465
{
466
const char *err;
467
ret = gnutls_priority_set_direct(*session, mc->priority, &err);
468
if (ret != GNUTLS_E_SUCCESS) {
469
fprintf(stderr, "Syntax error at: %s\n", err);
470
fprintf(stderr, "GnuTLS error: %s\n",
471
safer_gnutls_strerror(ret));
472
gnutls_deinit (*session);
473
return -1;
474
}
326
if ((ret = gnutls_priority_set_direct (es->session, mc->priority, &err))
327
!= GNUTLS_E_SUCCESS) {
328
fprintf(stderr, "Syntax error at: %s\n", err);
329
fprintf(stderr, "GnuTLS error: %s\n",
330
safer_gnutls_strerror(ret));
331
return -1;
475
332
}
476
333
477
ret = gnutls_credentials_set(*session, GNUTLS_CRD_CERTIFICATE,
478
mc->cred);
479
if (ret != GNUTLS_E_SUCCESS) {
480
fprintf(stderr, "Error setting GnuTLS credentials: %s\n",
334
if ((ret = gnutls_credentials_set
335
(es->session, GNUTLS_CRD_CERTIFICATE, es->cred))
336
!= GNUTLS_E_SUCCESS) {
337
fprintf(stderr, "Error setting a credentials set: %s\n",
481
338
safer_gnutls_strerror(ret));
482
gnutls_deinit (*session);
483
339
return -1;
484
340
}
485
341
486
342
/* ignore client certificate if any. */
487
gnutls_certificate_server_set_request (*session,
343
gnutls_certificate_server_set_request (es->session,
488
344
GNUTLS_CERT_IGNORE);
489
345
490
gnutls_dh_set_prime_bits (*session, mc->dh_bits);
346
gnutls_dh_set_prime_bits (es->session, DH_BITS);
491
347
492
348
return 0;
493
349
}
494
350
495
/* Avahi log function callback */
496
351
static void empty_log(__attribute__((unused)) AvahiLogLevel level,
497
352
__attribute__((unused)) const char *txt){}
498
353
499
/* Called when a Mandos server is found */
500
354
static int start_mandos_communication(const char *ip, uint16_t port,
501
355
AvahiIfIndex if_index,
502
356
mandos_context *mc){
503
357
int ret, tcp_sd;
504
union { struct sockaddr in; struct sockaddr_in6 in6; } to;
358
struct sockaddr_in6 to;
359
encrypted_session es;
505
360
char *buffer = NULL;
506
361
char *decrypted_buffer;
507
362
size_t buffer_length = 0;
508
363
size_t buffer_capacity = 0;
509
364
ssize_t decrypted_buffer_size;
510
size_t written;
365
size_t written = 0;
511
366
int retval = 0;
512
367
char interface[IF_NAMESIZE];
513
gnutls_session_t session;
514
515
ret = init_gnutls_session (mc, &session);
516
if (ret != 0){
517
return -1;
518
}
519
368
520
369
if(debug){
521
fprintf(stderr, "Setting up a tcp connection to %s, port %" PRIu16
522
"\n", ip, port);
370
fprintf(stderr, "Setting up a tcp connection to %s, port %d\n",
371
ip, port);
523
372
}
524
373
525
374
tcp_sd = socket(PF_INET6, SOCK_STREAM, 0);
527
376
perror("socket");
528
377
return -1;
529
378
}
530
379
531
380
if(debug){
532
381
if(if_indextoname((unsigned int)if_index, interface) == NULL){
533
perror("if_indextoname");
382
if(debug){
383
perror("if_indextoname");
384
}
534
385
return -1;
535
386
}
387
536
388
fprintf(stderr, "Binding to interface %s\n", interface);
537
389
}
538
390
539
memset(&to, 0, sizeof(to));
540
to.in6.sin6_family = AF_INET6;
541
/* It would be nice to have a way to detect if we were passed an
542
IPv4 address here. Now we assume an IPv6 address. */
543
ret = inet_pton(AF_INET6, ip, &to.in6.sin6_addr);
391
memset(&to,0,sizeof(to)); /* Spurious warning */
392
to.sin6_family = AF_INET6;
393
ret = inet_pton(AF_INET6, ip, &to.sin6_addr);
544
394
if (ret < 0 ){
545
395
perror("inet_pton");
546
396
return -1;
547
}
397
}
548
398
if(ret == 0){
549
399
fprintf(stderr, "Bad address: %s\n", ip);
550
400
return -1;
551
401
}
552
to.in6.sin6_port = htons(port); /* Spurious warning */
402
to.sin6_port = htons(port); /* Spurious warning */
553
403
554
to.in6.sin6_scope_id = (uint32_t)if_index;
404
to.sin6_scope_id = (uint32_t)if_index;
555
405
556
406
if(debug){
557
fprintf(stderr, "Connection to: %s, port %" PRIu16 "\n", ip,
558
port);
559
char addrstr[INET6_ADDRSTRLEN] = "";
560
if(inet_ntop(to.in6.sin6_family, &(to.in6.sin6_addr), addrstr,
561
sizeof(addrstr)) == NULL){
562
perror("inet_ntop");
563
} else {
564
if(strcmp(addrstr, ip) != 0){
565
fprintf(stderr, "Canonical address form: %s\n", addrstr);
566
}
567
}
407
fprintf(stderr, "Connection to: %s, port %d\n", ip, port);
408
/* char addrstr[INET6_ADDRSTRLEN]; */
409
/* if(inet_ntop(to.sin6_family, &(to.sin6_addr), addrstr, */
410
/* sizeof(addrstr)) == NULL){ */
411
/* perror("inet_ntop"); */
412
/* } else { */
413
/* fprintf(stderr, "Really connecting to: %s, port %d\n", */
414
/* addrstr, ntohs(to.sin6_port)); */
415
/* } */
568
416
}
569
417
570
ret = connect(tcp_sd, &to.in, sizeof(to));
418
ret = connect(tcp_sd, (struct sockaddr *) &to, sizeof(to));
571
419
if (ret < 0){
572
420
perror("connect");
573
421
return -1;
574
422
}
575
423
576
const char *out = mandos_protocol_version;
577
written = 0;
578
while (true){
579
size_t out_size = strlen(out);
580
ret = TEMP_FAILURE_RETRY(write(tcp_sd, out + written,
581
out_size - written));
582
if (ret == -1){
583
perror("write");
584
retval = -1;
585
goto mandos_end;
586
}
587
written += (size_t)ret;
588
if(written < out_size){
589
continue;
590
} else {
591
if (out == mandos_protocol_version){
592
written = 0;
593
out = "\r\n";
594
} else {
595
break;
596
}
597
}
424
ret = initgnutls (&es);
425
if (ret != 0){
426
retval = -1;
427
return -1;
598
428
}
599
429
430
gnutls_transport_set_ptr (es.session,
431
(gnutls_transport_ptr_t) tcp_sd);
432
600
433
if(debug){
601
434
fprintf(stderr, "Establishing TLS session with %s\n", ip);
602
435
}
603
436
604
gnutls_transport_set_ptr (session, (gnutls_transport_ptr_t) tcp_sd);
605
606
do{
607
ret = gnutls_handshake (session);
608
} while(ret == GNUTLS_E_AGAIN or ret == GNUTLS_E_INTERRUPTED);
437
ret = gnutls_handshake (es.session);
609
438
610
439
if (ret != GNUTLS_E_SUCCESS){
611
440
if(debug){
612
fprintf(stderr, "*** GnuTLS Handshake failed ***\n");
441
fprintf(stderr, "\n*** Handshake failed ***\n");
613
442
gnutls_perror (ret);
614
443
}
615
444
retval = -1;
616
goto mandos_end;
445
goto exit;
617
446
}
618
447
619
/* Read OpenPGP packet that contains the wanted password */
448
//Retrieve OpenPGP packet that contains the wanted password
620
449
621
450
if(debug){
622
451
fprintf(stderr, "Retrieving pgp encrypted password from %s\n",
623
452
ip);
624
453
}
625
454
626
455
while(true){
627
buffer_capacity = adjustbuffer(&buffer, buffer_length,
628
buffer_capacity);
629
if (buffer_capacity == 0){
630
perror("adjustbuffer");
631
retval = -1;
632
goto mandos_end;
456
if (buffer_length + BUFFER_SIZE > buffer_capacity){
457
buffer = realloc(buffer, buffer_capacity + BUFFER_SIZE);
458
if (buffer == NULL){
459
perror("realloc");
460
goto exit;
461
}
462
buffer_capacity += BUFFER_SIZE;
633
463
}
634
464
635
ret = gnutls_record_recv(session, buffer+buffer_length,
636
BUFFER_SIZE);
465
ret = gnutls_record_recv
466
(es.session, buffer+buffer_length, BUFFER_SIZE);
637
467
if (ret == 0){
638
468
break;
639
469
}
643
473
case GNUTLS_E_AGAIN:
644
474
break;
645
475
case GNUTLS_E_REHANDSHAKE:
646
do{
647
ret = gnutls_handshake (session);
648
} while(ret == GNUTLS_E_AGAIN or ret == GNUTLS_E_INTERRUPTED);
476
ret = gnutls_handshake (es.session);
649
477
if (ret < 0){
650
fprintf(stderr, "*** GnuTLS Re-handshake failed ***\n");
478
fprintf(stderr, "\n*** Handshake failed ***\n");
651
479
gnutls_perror (ret);
652
480
retval = -1;
653
goto mandos_end;
481
goto exit;
654
482
}
655
483
break;
656
484
default:
657
485
fprintf(stderr, "Unknown error while reading data from"
658
" encrypted session with Mandos server\n");
486
" encrypted session with mandos server\n");
659
487
retval = -1;
660
gnutls_bye (session, GNUTLS_SHUT_RDWR);
661
goto mandos_end;
488
gnutls_bye (es.session, GNUTLS_SHUT_RDWR);
489
goto exit;
662
490
}
663
491
} else {
664
492
buffer_length += (size_t) ret;
665
493
}
666
494
}
667
495
668
if(debug){
669
fprintf(stderr, "Closing TLS session\n");
670
}
671
672
gnutls_bye (session, GNUTLS_SHUT_RDWR);
673
674
496
if (buffer_length > 0){
675
decrypted_buffer_size = pgp_packet_decrypt(mc, buffer,
497
decrypted_buffer_size = pgp_packet_decrypt(buffer,
676
498
buffer_length,
677
&decrypted_buffer);
499
&decrypted_buffer,
500
certdir);
678
501
if (decrypted_buffer_size >= 0){
679
written = 0;
680
502
while(written < (size_t) decrypted_buffer_size){
681
503
ret = (int)fwrite (decrypted_buffer + written, 1,
682
504
(size_t)decrypted_buffer_size - written,
695
517
} else {
696
518
retval = -1;
697
519
}
698
} else {
699
retval = -1;
700
}
701
702
/* Shutdown procedure */
703
704
mandos_end:
520
}
521
522
//shutdown procedure
523
524
if(debug){
525
fprintf(stderr, "Closing TLS session\n");
526
}
527
705
528
free(buffer);
706
ret = TEMP_FAILURE_RETRY(close(tcp_sd));
707
if(ret == -1){
708
perror("close");
709
}
710
gnutls_deinit (session);
529
gnutls_bye (es.session, GNUTLS_SHUT_RDWR);
530
exit:
531
close(tcp_sd);
532
gnutls_deinit (es.session);
533
gnutls_certificate_free_credentials (es.cred);
534
gnutls_global_deinit ();
711
535
return retval;
712
536
}
713
537
714
static void resolve_callback(AvahiSServiceResolver *r,
715
AvahiIfIndex interface,
716
AVAHI_GCC_UNUSED AvahiProtocol protocol,
717
AvahiResolverEvent event,
718
const char *name,
719
const char *type,
720
const char *domain,
721
const char *host_name,
722
const AvahiAddress *address,
723
uint16_t port,
724
AVAHI_GCC_UNUSED AvahiStringList *txt,
725
AVAHI_GCC_UNUSED AvahiLookupResultFlags
726
flags,
727
void* userdata) {
538
static void resolve_callback( AvahiSServiceResolver *r,
539
AvahiIfIndex interface,
540
AVAHI_GCC_UNUSED AvahiProtocol protocol,
541
AvahiResolverEvent event,
542
const char *name,
543
const char *type,
544
const char *domain,
545
const char *host_name,
546
const AvahiAddress *address,
547
uint16_t port,
548
AVAHI_GCC_UNUSED AvahiStringList *txt,
549
AVAHI_GCC_UNUSED AvahiLookupResultFlags flags,
550
AVAHI_GCC_UNUSED void* userdata) {
728
551
mandos_context *mc = userdata;
729
assert(r);
552
assert(r); /* Spurious warning */
730
553
731
554
/* Called whenever a service has been resolved successfully or
732
555
timed out */
734
557
switch (event) {
735
558
default:
736
559
case AVAHI_RESOLVER_FAILURE:
737
fprintf(stderr, "(Avahi Resolver) Failed to resolve service '%s'"
738
" of type '%s' in domain '%s': %s\n", name, type, domain,
560
fprintf(stderr, "(Resolver) Failed to resolve service '%s' of"
561
" type '%s' in domain '%s': %s\n", name, type, domain,
739
562
avahi_strerror(avahi_server_errno(mc->server)));
740
563
break;
741
564
744
567
char ip[AVAHI_ADDRESS_STR_MAX];
745
568
avahi_address_snprint(ip, sizeof(ip), address);
746
569
if(debug){
747
fprintf(stderr, "Mandos server \"%s\" found on %s (%s, %"
748
PRIu16 ") on port %d\n", name, host_name, ip,
749
interface, port);
570
fprintf(stderr, "Mandos server \"%s\" found on %s (%s) on"
571
" port %d\n", name, host_name, ip, port);
750
572
}
751
573
int ret = start_mandos_communication(ip, port, interface, mc);
752
574
if (ret == 0){
753
avahi_simple_poll_quit(mc->simple_poll);
575
exit(EXIT_SUCCESS);
754
576
}
755
577
}
756
578
}
764
586
const char *name,
765
587
const char *type,
766
588
const char *domain,
767
AVAHI_GCC_UNUSED AvahiLookupResultFlags
768
flags,
589
AVAHI_GCC_UNUSED AvahiLookupResultFlags flags,
769
590
void* userdata) {
770
591
mandos_context *mc = userdata;
771
assert(b);
592
assert(b); /* Spurious warning */
772
593
773
594
/* Called whenever a new services becomes available on the LAN or
774
595
is removed from the LAN */
776
597
switch (event) {
777
598
default:
778
599
case AVAHI_BROWSER_FAILURE:
779
780
fprintf(stderr, "(Avahi browser) %s\n",
600
601
fprintf(stderr, "(Browser) %s\n",
781
602
avahi_strerror(avahi_server_errno(mc->server)));
782
603
avahi_simple_poll_quit(mc->simple_poll);
783
604
return;
784
605
785
606
case AVAHI_BROWSER_NEW:
786
/* We ignore the returned Avahi resolver object. In the callback
787
function we free it. If the Avahi server is terminated before
788
the callback function is called the Avahi server will free the
789
resolver for us. */
790
791
if (!(avahi_s_service_resolver_new(mc->server, interface,
792
protocol, name, type, domain,
607
/* We ignore the returned resolver object. In the callback
608
function we free it. If the server is terminated before
609
the callback function is called the server will free
610
the resolver for us. */
611
612
if (!(avahi_s_service_resolver_new(mc->server, interface, protocol, name,
613
type, domain,
793
614
AVAHI_PROTO_INET6, 0,
794
615
resolve_callback, mc)))
795
fprintf(stderr, "Avahi: Failed to resolve service '%s': %s\n",
796
name, avahi_strerror(avahi_server_errno(mc->server)));
616
fprintf(stderr, "Failed to resolve service '%s': %s\n", name,
617
avahi_strerror(avahi_server_errno(s)));
797
618
break;
798
619
799
620
case AVAHI_BROWSER_REMOVE:
800
621
break;
801
622
802
623
case AVAHI_BROWSER_ALL_FOR_NOW:
803
624
case AVAHI_BROWSER_CACHE_EXHAUSTED:
804
if(debug){
805
fprintf(stderr, "No Mandos server found, still searching...\n");
806
}
807
625
break;
808
626
}
809
627
}
810
628
811
int main(int argc, char *argv[]){
629
/* Combines file name and path and returns the malloced new
630
string. some sane checks could/should be added */
631
static const char *combinepath(const char *first, const char *second){
632
size_t f_len = strlen(first);
633
size_t s_len = strlen(second);
634
char *tmp = malloc(f_len + s_len + 2);
635
if (tmp == NULL){
636
return NULL;
637
}
638
if(f_len > 0){
639
memcpy(tmp, first, f_len);
640
}
641
tmp[f_len] = '/';
642
if(s_len > 0){
643
memcpy(tmp + f_len + 1, second, s_len);
644
}
645
tmp[f_len + 1 + s_len] = '\0';
646
return tmp;
647
}
648
649
650
int main(AVAHI_GCC_UNUSED int argc, AVAHI_GCC_UNUSED char*argv[]) {
651
AvahiServerConfig config;
812
652
AvahiSServiceBrowser *sb = NULL;
813
653
int error;
814
654
int ret;
815
int exitcode = EXIT_SUCCESS;
655
int returncode = EXIT_SUCCESS;
816
656
const char *interface = "eth0";
817
657
struct ifreq network;
818
658
int sd;
819
uid_t uid;
820
gid_t gid;
821
659
char *connect_to = NULL;
822
char tempdir[] = "/tmp/mandosXXXXXX";
823
660
AvahiIfIndex if_index = AVAHI_IF_UNSPEC;
824
const char *seckey = PATHDIR "/" SECKEY;
825
const char *pubkey = PATHDIR "/" PUBKEY;
826
827
661
mandos_context mc = { .simple_poll = NULL, .server = NULL,
828
.dh_bits = 1024, .priority = "SECURE256"
829
":!CTYPE-X.509:+CTYPE-OPENPGP" };
830
bool gnutls_initalized = false;
831
bool gpgme_initalized = false;
662
.dh_bits = 2048, .priority = "SECURE256"};
832
663
833
{
834
struct argp_option options[] = {
835
{ .name = "debug", .key = 128,
836
.doc = "Debug mode", .group = 3 },
837
{ .name = "connect", .key = 'c',
838
.arg = "ADDRESS:PORT",
839
.doc = "Connect directly to a specific Mandos server",
840
.group = 1 },
841
{ .name = "interface", .key = 'i',
842
.arg = "NAME",
843
.doc = "Interface that will be used to search for Mandos"
844
" servers",
845
.group = 1 },
846
{ .name = "seckey", .key = 's',
847
.arg = "FILE",
848
.doc = "OpenPGP secret key file base name",
849
.group = 1 },
850
{ .name = "pubkey", .key = 'p',
851
.arg = "FILE",
852
.doc = "OpenPGP public key file base name",
853
.group = 2 },
854
{ .name = "dh-bits", .key = 129,
855
.arg = "BITS",
856
.doc = "Bit length of the prime number used in the"
857
" Diffie-Hellman key exchange",
858
.group = 2 },
859
{ .name = "priority", .key = 130,
860
.arg = "STRING",
861
.doc = "GnuTLS priority string for the TLS handshake",
862
.group = 1 },
863
{ .name = NULL }
864
};
865
866
error_t parse_opt (int key, char *arg,
867
struct argp_state *state) {
868
/* Get the INPUT argument from `argp_parse', which we know is
869
a pointer to our plugin list pointer. */
870
switch (key) {
871
case 128: /* --debug */
872
debug = true;
873
break;
874
case 'c': /* --connect */
875
connect_to = arg;
876
break;
877
case 'i': /* --interface */
878
interface = arg;
879
break;
880
case 's': /* --seckey */
881
seckey = arg;
882
break;
883
case 'p': /* --pubkey */
884
pubkey = arg;
885
break;
886
case 129: /* --dh-bits */
664
while (true){
665
static struct option long_options[] = {
666
{"debug", no_argument, (int *)&debug, 1},
667
{"connect", required_argument, 0, 'C'},
668
{"interface", required_argument, 0, 'i'},
669
{"certdir", required_argument, 0, 'd'},
670
{"certkey", required_argument, 0, 'c'},
671
{"certfile", required_argument, 0, 'k'},
672
{"dh_bits", required_argument, 0, 'D'},
673
{"priority", required_argument, 0, 'p'},
674
{0, 0, 0, 0} };
675
676
int option_index = 0;
677
ret = getopt_long (argc, argv, "i:", long_options,
678
&option_index);
679
680
if (ret == -1){
681
break;
682
}
683
684
switch(ret){
685
case 0:
686
break;
687
case 'i':
688
interface = optarg;
689
break;
690
case 'C':
691
connect_to = optarg;
692
break;
693
case 'd':
694
certdir = optarg;
695
break;
696
case 'c':
697
certfile = optarg;
698
break;
699
case 'k':
700
certkey = optarg;
701
break;
702
case 'D':
703
{
704
long int tmp;
887
705
errno = 0;
888
mc.dh_bits = (unsigned int) strtol(arg, NULL, 10);
889
if (errno){
706
tmp = strtol(optarg, NULL, 10);
707
if (errno == ERANGE){
890
708
perror("strtol");
891
709
exit(EXIT_FAILURE);
892
710
}
893
break;
894
case 130: /* --priority */
895
mc.priority = arg;
896
break;
897
case ARGP_KEY_ARG:
898
argp_usage (state);
899
case ARGP_KEY_END:
900
break;
901
default:
902
return ARGP_ERR_UNKNOWN;
903
}
904
return 0;
905
}
906
907
struct argp argp = { .options = options, .parser = parse_opt,
908
.args_doc = "",
909
.doc = "Mandos client -- Get and decrypt"
910
" passwords from a Mandos server" };
911
ret = argp_parse (&argp, argc, argv, 0, 0, NULL);
912
if (ret == ARGP_ERR_UNKNOWN){
913
fprintf(stderr, "Unknown error while parsing arguments\n");
914
exitcode = EXIT_FAILURE;
915
goto end;
916
}
917
}
918
919
/* If the interface is down, bring it up */
920
{
921
sd = socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP);
922
if(sd < 0) {
923
perror("socket");
924
exitcode = EXIT_FAILURE;
925
goto end;
926
}
927
strcpy(network.ifr_name, interface);
928
ret = ioctl(sd, SIOCGIFFLAGS, &network);
929
if(ret == -1){
930
perror("ioctl SIOCGIFFLAGS");
931
exitcode = EXIT_FAILURE;
932
goto end;
933
}
934
if((network.ifr_flags & IFF_UP) == 0){
935
network.ifr_flags |= IFF_UP;
936
ret = ioctl(sd, SIOCSIFFLAGS, &network);
937
if(ret == -1){
938
perror("ioctl SIOCSIFFLAGS");
939
exitcode = EXIT_FAILURE;
940
goto end;
941
}
942
}
943
ret = TEMP_FAILURE_RETRY(close(sd));
944
if(ret == -1){
945
perror("close");
946
}
947
}
948
949
uid = getuid();
950
gid = getgid();
951
952
ret = setuid(uid);
953
if (ret == -1){
954
perror("setuid");
955
}
956
957
setgid(gid);
958
if (ret == -1){
959
perror("setgid");
960
}
961
962
ret = init_gnutls_global(&mc, pubkey, seckey);
963
if (ret == -1){
964
fprintf(stderr, "init_gnutls_global failed\n");
965
exitcode = EXIT_FAILURE;
966
goto end;
967
} else {
968
gnutls_initalized = true;
969
}
970
971
if(mkdtemp(tempdir) == NULL){
972
perror("mkdtemp");
973
tempdir[0] = '\0';
974
goto end;
975
}
976
977
if(not init_gpgme(&mc, pubkey, seckey, tempdir)){
978
fprintf(stderr, "gpgme_initalized failed\n");
979
exitcode = EXIT_FAILURE;
980
goto end;
981
} else {
982
gpgme_initalized = true;
711
mc.dh_bits = tmp;
712
}
713
break;
714
case 'p':
715
mc.priority = optarg;
716
break;
717
default:
718
exit(EXIT_FAILURE);
719
}
720
}
721
722
certfile = combinepath(certdir, certfile);
723
if (certfile == NULL){
724
perror("combinepath");
725
returncode = EXIT_FAILURE;
726
goto exit;
727
}
728
729
certkey = combinepath(certdir, certkey);
730
if (certkey == NULL){
731
perror("combinepath");
732
returncode = EXIT_FAILURE;
733
goto exit;
983
734
}
984
735
985
736
if_index = (AvahiIfIndex) if_nametoindex(interface);
994
745
char *address = strrchr(connect_to, ':');
995
746
if(address == NULL){
996
747
fprintf(stderr, "No colon in address\n");
997
exitcode = EXIT_FAILURE;
998
goto end;
748
exit(EXIT_FAILURE);
999
749
}
1000
750
errno = 0;
1001
751
uint16_t port = (uint16_t) strtol(address+1, NULL, 10);
1002
752
if(errno){
1003
753
perror("Bad port number");
1004
exitcode = EXIT_FAILURE;
1005
goto end;
754
exit(EXIT_FAILURE);
1006
755
}
1007
756
*address = '\0';
1008
757
address = connect_to;
1009
ret = start_mandos_communication(address, port, if_index, &mc);
758
ret = start_mandos_communication(address, port, if_index);
1010
759
if(ret < 0){
1011
exitcode = EXIT_FAILURE;
760
exit(EXIT_FAILURE);
1012
761
} else {
1013
exitcode = EXIT_SUCCESS;
1014
}
1015
goto end;
1016
}
762
exit(EXIT_SUCCESS);
763
}
764
}
765
766
sd = socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP);
767
if(sd < 0) {
768
perror("socket");
769
returncode = EXIT_FAILURE;
770
goto exit;
771
}
772
strcpy(network.ifr_name, interface);
773
ret = ioctl(sd, SIOCGIFFLAGS, &network);
774
if(ret == -1){
775
776
perror("ioctl SIOCGIFFLAGS");
777
returncode = EXIT_FAILURE;
778
goto exit;
779
}
780
if((network.ifr_flags & IFF_UP) == 0){
781
network.ifr_flags |= IFF_UP;
782
ret = ioctl(sd, SIOCSIFFLAGS, &network);
783
if(ret == -1){
784
perror("ioctl SIOCSIFFLAGS");
785
returncode = EXIT_FAILURE;
786
goto exit;
787
}
788
}
789
close(sd);
1017
790
1018
791
if (not debug){
1019
792
avahi_set_log_function(empty_log);
1020
793
}
1021
794
1022
/* Initialize the pseudo-RNG for Avahi */
795
/* Initialize the psuedo-RNG */
1023
796
srand((unsigned int) time(NULL));
1024
1025
/* Allocate main Avahi loop object */
1026
mc.simple_poll = avahi_simple_poll_new();
1027
if (mc.simple_poll == NULL) {
1028
fprintf(stderr, "Avahi: Failed to create simple poll"
1029
" object.\n");
1030
exitcode = EXIT_FAILURE;
1031
goto end;
1032
}
1033
1034
{
1035
AvahiServerConfig config;
1036
/* Do not publish any local Zeroconf records */
1037
avahi_server_config_init(&config);
1038
config.publish_hinfo = 0;
1039
config.publish_addresses = 0;
1040
config.publish_workstation = 0;
1041
config.publish_domain = 0;
1042
1043
/* Allocate a new server */
1044
mc.server = avahi_server_new(avahi_simple_poll_get
1045
(mc.simple_poll), &config, NULL,
1046
NULL, &error);
1047
1048
/* Free the Avahi configuration data */
1049
avahi_server_config_free(&config);
1050
}
1051
1052
/* Check if creating the Avahi server object succeeded */
1053
if (mc.server == NULL) {
1054
fprintf(stderr, "Failed to create Avahi server: %s\n",
797
798
/* Allocate main loop object */
799
if (!(mc.simple_poll = avahi_simple_poll_new())) {
800
fprintf(stderr, "Failed to create simple poll object.\n");
801
returncode = EXIT_FAILURE;
802
goto exit;
803
}
804
805
/* Do not publish any local records */
806
avahi_server_config_init(&config);
807
config.publish_hinfo = 0;
808
config.publish_addresses = 0;
809
config.publish_workstation = 0;
810
config.publish_domain = 0;
811
812
/* Allocate a new server */
813
mc.server = avahi_server_new(avahi_simple_poll_get(simple_poll),
814
&config, NULL, NULL, &error);
815
816
/* Free the configuration data */
817
avahi_server_config_free(&config);
818
819
/* Check if creating the server object succeeded */
820
if (!mc.server) {
821
fprintf(stderr, "Failed to create server: %s\n",
1055
822
avahi_strerror(error));
1056
exitcode = EXIT_FAILURE;
1057
goto end;
823
returncode = EXIT_FAILURE;
824
goto exit;
1058
825
}
1059
826
1060
/* Create the Avahi service browser */
827
/* Create the service browser */
1061
828
sb = avahi_s_service_browser_new(mc.server, if_index,
1062
829
AVAHI_PROTO_INET6,
1063
830
"_mandos._tcp", NULL, 0,
1064
831
browse_callback, &mc);
1065
if (sb == NULL) {
832
if (!sb) {
1066
833
fprintf(stderr, "Failed to create service browser: %s\n",
1067
834
avahi_strerror(avahi_server_errno(mc.server)));
1068
exitcode = EXIT_FAILURE;
1069
goto end;
835
returncode = EXIT_FAILURE;
836
goto exit;
1070
837
}
1071
838
1072
839
/* Run the main loop */
1073
840
1074
841
if (debug){
1075
fprintf(stderr, "Starting Avahi loop search\n");
842
fprintf(stderr, "Starting avahi loop search\n");
1076
843
}
1077
844
1078
avahi_simple_poll_loop(mc.simple_poll);
1079
1080
end:
1081
845
avahi_simple_poll_loop(simple_poll);
846
847
exit:
848
1082
849
if (debug){
1083
850
fprintf(stderr, "%s exiting\n", argv[0]);
1084
851
}
1085
852
1086
853
/* Cleanup things */
1087
if (sb != NULL)
854
if (sb)
1088
855
avahi_s_service_browser_free(sb);
1089
856
1090
if (mc.server != NULL)
857
if (mc.server)
1091
858
avahi_server_free(mc.server);
1092
1093
if (mc.simple_poll != NULL)
1094
avahi_simple_poll_free(mc.simple_poll);
1095
1096
if (gnutls_initalized){
1097
gnutls_certificate_free_credentials(mc.cred);
1098
gnutls_global_deinit ();
1099
gnutls_dh_params_deinit(mc.dh_params);
1100
}
1101
1102
if(gpgme_initalized){
1103
gpgme_release(mc.ctx);
1104
}
1105
1106
/* Removes the temp directory used by GPGME */
1107
if(tempdir[0] != '\0'){
1108
DIR *d;
1109
struct dirent *direntry;
1110
d = opendir(tempdir);
1111
if(d == NULL){
1112
perror("opendir");
1113
} else {
1114
while(true){
1115
direntry = readdir(d);
1116
if(direntry == NULL){
1117
break;
1118
}
1119
if (direntry->d_type == DT_REG){
1120
char *fullname = NULL;
1121
ret = asprintf(&fullname, "%s/%s", tempdir,
1122
direntry->d_name);
1123
if(ret < 0){
1124
perror("asprintf");
1125
continue;
1126
}
1127
ret = unlink(fullname);
1128
if(ret == -1){
1129
fprintf(stderr, "unlink(\"%s\"): %s",
1130
fullname, strerror(errno));
1131
}
1132
free(fullname);
1133
}
1134
}
1135
closedir(d);
1136
}
1137
ret = rmdir(tempdir);
1138
if(ret == -1){
1139
perror("rmdir");
1140
}
1141
}
1142
1143
return exitcode;
859
860
if (simple_poll)
861
avahi_simple_poll_free(simple_poll);
862
free(certfile);
863
free(certkey);
864
865
return returncode;
1144
866
}
Loggerhead is a web-based interface for Breezy
Version: 2.0.2.dev0