To get this branch, use:
bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk
« back to all changes in this revision
Viewing changes to plugins.d/mandos-client.c
- browse files at revision 245
- compare with another revision
- download diff
- download tarball
- view history from revision 245
- Committer: Teddy Hogeborn
- Date: 2009-01-04 21:26:57 UTC
- Revision ID: teddy@fukt.bsnet.se-20090104212657-cl3kz35co2v3g3eo
* mandos (MandosServer.Quit): New.
- files added:
- .bzr-builddeb
- debian
- debian/po
- files removed:
- ca.pem
- files renamed:
- server.py => mandos
- server.conf => mandos.conf
- plugbasedclient.c => plugin-runner.c
- plugins.d/mandosclient.c => plugins.d/mandos-client.c
- plugins.d/passprompt.c => plugins.d/password-prompt.c
- files modified:
- Makefile
added
removed
plugins.d/mandos-client.c
9
9
* "browse_callback", and parts of "main".
10
10
*
11
11
* Everything else is
12
* Copyright © 2007-2008 Teddy Hogeborn & Björn Påhlsson
12
* Copyright © 2008 Teddy Hogeborn
13
* Copyright © 2008 Björn Påhlsson
13
14
*
14
15
* This program is free software: you can redistribute it and/or
15
16
* modify it under the terms of the GNU General Public License as
32
33
#define _LARGEFILE_SOURCE
33
34
#define _FILE_OFFSET_BITS 64
34
35
35
#define _GNU_SOURCE /* TEMP_FAILURE_RETRY() */
36
37
#include <stdio.h>
38
#include <assert.h>
39
#include <stdlib.h>
40
#include <time.h>
41
#include <net/if.h> /* if_nametoindex */
42
#include <sys/ioctl.h> // ioctl, ifreq, SIOCGIFFLAGS, IFF_UP, SIOCSIFFLAGS
43
#include <net/if.h> // ioctl, ifreq, SIOCGIFFLAGS, IFF_UP, SIOCSIFFLAGS
44
36
#define _GNU_SOURCE /* TEMP_FAILURE_RETRY(), asprintf() */
37
38
#include <stdio.h> /* fprintf(), stderr, fwrite(),
39
stdout, ferror() */
40
#include <stdint.h> /* uint16_t, uint32_t */
41
#include <stddef.h> /* NULL, size_t, ssize_t */
42
#include <stdlib.h> /* free(), EXIT_SUCCESS, EXIT_FAILURE,
43
srand() */
44
#include <stdbool.h> /* bool, true */
45
#include <string.h> /* memset(), strcmp(), strlen(),
46
strerror(), asprintf(), strcpy() */
47
#include <sys/ioctl.h> /* ioctl */
48
#include <sys/types.h> /* socket(), inet_pton(), sockaddr,
49
sockaddr_in6, PF_INET6,
50
SOCK_STREAM, INET6_ADDRSTRLEN,
51
uid_t, gid_t, open(), opendir(), DIR */
52
#include <sys/stat.h> /* open() */
53
#include <sys/socket.h> /* socket(), struct sockaddr_in6,
54
struct in6_addr, inet_pton(),
55
connect() */
56
#include <fcntl.h> /* open() */
57
#include <dirent.h> /* opendir(), struct dirent, readdir() */
58
#include <inttypes.h> /* PRIu16 */
59
#include <assert.h> /* assert() */
60
#include <errno.h> /* perror(), errno */
61
#include <time.h> /* time() */
62
#include <net/if.h> /* ioctl, ifreq, SIOCGIFFLAGS, IFF_UP,
63
SIOCSIFFLAGS, if_indextoname(),
64
if_nametoindex(), IF_NAMESIZE */
65
#include <netinet/in.h>
66
#include <unistd.h> /* close(), SEEK_SET, off_t, write(),
67
getuid(), getgid(), setuid(),
68
setgid() */
69
#include <arpa/inet.h> /* inet_pton(), htons */
70
#include <iso646.h> /* not, and */
71
#include <argp.h> /* struct argp_option, error_t, struct
72
argp_state, struct argp,
73
argp_parse(), ARGP_KEY_ARG,
74
ARGP_KEY_END, ARGP_ERR_UNKNOWN */
75
76
/* Avahi */
77
/* All Avahi types, constants and functions
78
Avahi*, avahi_*,
79
AVAHI_* */
45
80
#include <avahi-core/core.h>
46
81
#include <avahi-core/lookup.h>
47
82
#include <avahi-core/log.h>
49
84
#include <avahi-common/malloc.h>
50
85
#include <avahi-common/error.h>
51
86
52
//mandos client part
53
#include <sys/types.h> /* socket(), inet_pton() */
54
#include <sys/socket.h> /* socket(), struct sockaddr_in6,
55
struct in6_addr, inet_pton() */
56
#include <gnutls/gnutls.h> /* All GnuTLS stuff */
57
#include <gnutls/openpgp.h> /* GnuTLS with openpgp stuff */
58
59
#include <unistd.h> /* close() */
60
#include <netinet/in.h>
61
#include <stdbool.h> /* true */
62
#include <string.h> /* memset */
63
#include <arpa/inet.h> /* inet_pton() */
64
#include <iso646.h> /* not */
65
66
// gpgme
67
#include <errno.h> /* perror() */
68
#include <gpgme.h>
69
70
// getopt long
71
#include <getopt.h>
87
/* GnuTLS */
88
#include <gnutls/gnutls.h> /* All GnuTLS types, constants and
89
functions:
90
gnutls_*
91
init_gnutls_session(),
92
GNUTLS_* */
93
#include <gnutls/openpgp.h> /* gnutls_certificate_set_openpgp_key_file(),
94
GNUTLS_OPENPGP_FMT_BASE64 */
95
96
/* GPGME */
97
#include <gpgme.h> /* All GPGME types, constants and
98
functions:
99
gpgme_*
100
GPGME_PROTOCOL_OpenPGP,
101
GPG_ERR_NO_* */
72
102
73
103
#define BUFFER_SIZE 256
74
#define DH_BITS 1024
75
104
76
static const char *certdir = "/conf/conf.d/mandos";
77
static const char *certfile = "openpgp-client.txt";
78
static const char *certkey = "openpgp-client-key.txt";
105
#define PATHDIR "/conf/conf.d/mandos"
106
#define SECKEY "seckey.txt"
107
#define PUBKEY "pubkey.txt"
79
108
80
109
bool debug = false;
81
82
const char mandos_protocol_version[] = "1";
83
110
static const char mandos_protocol_version[] = "1";
111
const char *argp_program_version = "mandos-client " VERSION;
112
const char *argp_program_bug_address = "<mandos@fukt.bsnet.se>";
113
114
/* Used for passing in values through the Avahi callback functions */
84
115
typedef struct {
85
116
AvahiSimplePoll *simple_poll;
86
117
AvahiServer *server;
87
118
gnutls_certificate_credentials_t cred;
88
119
unsigned int dh_bits;
120
gnutls_dh_params_t dh_params;
89
121
const char *priority;
122
gpgme_ctx_t ctx;
90
123
} mandos_context;
91
124
92
size_t adjustbuffer(char *buffer, size_t buffer_length,
125
/*
126
* Make room in "buffer" for at least BUFFER_SIZE additional bytes.
127
* "buffer_capacity" is how much is currently allocated,
128
* "buffer_length" is how much is already used.
129
*/
130
size_t adjustbuffer(char **buffer, size_t buffer_length,
93
131
size_t buffer_capacity){
94
132
if (buffer_length + BUFFER_SIZE > buffer_capacity){
95
buffer = realloc(buffer, buffer_capacity + BUFFER_SIZE);
133
*buffer = realloc(*buffer, buffer_capacity + BUFFER_SIZE);
96
134
if (buffer == NULL){
97
135
return 0;
98
136
}
101
139
return buffer_capacity;
102
140
}
103
141
104
static ssize_t pgp_packet_decrypt (char *packet, size_t packet_size,
105
char **new_packet,
106
const char *homedir){
107
gpgme_data_t dh_crypto, dh_plain;
108
gpgme_ctx_t ctx;
142
/*
143
* Initialize GPGME.
144
*/
145
static bool init_gpgme(mandos_context *mc, const char *seckey,
146
const char *pubkey, const char *tempdir){
147
int ret;
109
148
gpgme_error_t rc;
110
ssize_t ret;
111
size_t new_packet_capacity = 0;
112
ssize_t new_packet_length = 0;
113
149
gpgme_engine_info_t engine_info;
114
150
151
152
/*
153
* Helper function to insert pub and seckey to the enigne keyring.
154
*/
155
bool import_key(const char *filename){
156
int fd;
157
gpgme_data_t pgp_data;
158
159
fd = TEMP_FAILURE_RETRY(open(filename, O_RDONLY));
160
if(fd == -1){
161
perror("open");
162
return false;
163
}
164
165
rc = gpgme_data_new_from_fd(&pgp_data, fd);
166
if (rc != GPG_ERR_NO_ERROR){
167
fprintf(stderr, "bad gpgme_data_new_from_fd: %s: %s\n",
168
gpgme_strsource(rc), gpgme_strerror(rc));
169
return false;
170
}
171
172
rc = gpgme_op_import(mc->ctx, pgp_data);
173
if (rc != GPG_ERR_NO_ERROR){
174
fprintf(stderr, "bad gpgme_op_import: %s: %s\n",
175
gpgme_strsource(rc), gpgme_strerror(rc));
176
return false;
177
}
178
179
ret = TEMP_FAILURE_RETRY(close(fd));
180
if(ret == -1){
181
perror("close");
182
}
183
gpgme_data_release(pgp_data);
184
return true;
185
}
186
115
187
if (debug){
116
fprintf(stderr, "Trying to decrypt OpenPGP packet\n");
188
fprintf(stderr, "Initialize gpgme\n");
117
189
}
118
190
119
191
/* Init GPGME */
122
194
if (rc != GPG_ERR_NO_ERROR){
123
195
fprintf(stderr, "bad gpgme_engine_check_version: %s: %s\n",
124
196
gpgme_strsource(rc), gpgme_strerror(rc));
125
return -1;
197
return false;
126
198
}
127
199
128
/* Set GPGME home directory */
200
/* Set GPGME home directory for the OpenPGP engine only */
129
201
rc = gpgme_get_engine_info (&engine_info);
130
202
if (rc != GPG_ERR_NO_ERROR){
131
203
fprintf(stderr, "bad gpgme_get_engine_info: %s: %s\n",
132
204
gpgme_strsource(rc), gpgme_strerror(rc));
133
return -1;
205
return false;
134
206
}
135
207
while(engine_info != NULL){
136
208
if(engine_info->protocol == GPGME_PROTOCOL_OpenPGP){
137
209
gpgme_set_engine_info(GPGME_PROTOCOL_OpenPGP,
138
engine_info->file_name, homedir);
210
engine_info->file_name, tempdir);
139
211
break;
140
212
}
141
213
engine_info = engine_info->next;
142
214
}
143
215
if(engine_info == NULL){
144
fprintf(stderr, "Could not set home dir to %s\n", homedir);
145
return -1;
146
}
147
148
/* Create new GPGME data buffer from packet buffer */
149
rc = gpgme_data_new_from_mem(&dh_crypto, packet, packet_size, 0);
216
fprintf(stderr, "Could not set GPGME home dir to %s\n", tempdir);
217
return false;
218
}
219
220
/* Create new GPGME "context" */
221
rc = gpgme_new(&(mc->ctx));
222
if (rc != GPG_ERR_NO_ERROR){
223
fprintf(stderr, "bad gpgme_new: %s: %s\n",
224
gpgme_strsource(rc), gpgme_strerror(rc));
225
return false;
226
}
227
228
if (not import_key(pubkey) or not import_key(seckey)){
229
return false;
230
}
231
232
return true;
233
}
234
235
/*
236
* Decrypt OpenPGP data.
237
* Returns -1 on error
238
*/
239
static ssize_t pgp_packet_decrypt (const mandos_context *mc,
240
const char *cryptotext,
241
size_t crypto_size,
242
char **plaintext){
243
gpgme_data_t dh_crypto, dh_plain;
244
gpgme_error_t rc;
245
ssize_t ret;
246
size_t plaintext_capacity = 0;
247
ssize_t plaintext_length = 0;
248
249
if (debug){
250
fprintf(stderr, "Trying to decrypt OpenPGP data\n");
251
}
252
253
/* Create new GPGME data buffer from memory cryptotext */
254
rc = gpgme_data_new_from_mem(&dh_crypto, cryptotext, crypto_size,
255
0);
150
256
if (rc != GPG_ERR_NO_ERROR){
151
257
fprintf(stderr, "bad gpgme_data_new_from_mem: %s: %s\n",
152
258
gpgme_strsource(rc), gpgme_strerror(rc));
158
264
if (rc != GPG_ERR_NO_ERROR){
159
265
fprintf(stderr, "bad gpgme_data_new: %s: %s\n",
160
266
gpgme_strsource(rc), gpgme_strerror(rc));
161
return -1;
162
}
163
164
/* Create new GPGME "context" */
165
rc = gpgme_new(&ctx);
166
if (rc != GPG_ERR_NO_ERROR){
167
fprintf(stderr, "bad gpgme_new: %s: %s\n",
168
gpgme_strsource(rc), gpgme_strerror(rc));
169
return -1;
170
}
171
172
/* Decrypt data from the FILE pointer to the plaintext data
173
buffer */
174
rc = gpgme_op_decrypt(ctx, dh_crypto, dh_plain);
267
gpgme_data_release(dh_crypto);
268
return -1;
269
}
270
271
/* Decrypt data from the cryptotext data buffer to the plaintext
272
data buffer */
273
rc = gpgme_op_decrypt(mc->ctx, dh_crypto, dh_plain);
175
274
if (rc != GPG_ERR_NO_ERROR){
176
275
fprintf(stderr, "bad gpgme_op_decrypt: %s: %s\n",
177
276
gpgme_strsource(rc), gpgme_strerror(rc));
178
return -1;
277
plaintext_length = -1;
278
if (debug){
279
gpgme_decrypt_result_t result;
280
result = gpgme_op_decrypt_result(mc->ctx);
281
if (result == NULL){
282
fprintf(stderr, "gpgme_op_decrypt_result failed\n");
283
} else {
284
fprintf(stderr, "Unsupported algorithm: %s\n",
285
result->unsupported_algorithm);
286
fprintf(stderr, "Wrong key usage: %u\n",
287
result->wrong_key_usage);
288
if(result->file_name != NULL){
289
fprintf(stderr, "File name: %s\n", result->file_name);
290
}
291
gpgme_recipient_t recipient;
292
recipient = result->recipients;
293
if(recipient){
294
while(recipient != NULL){
295
fprintf(stderr, "Public key algorithm: %s\n",
296
gpgme_pubkey_algo_name(recipient->pubkey_algo));
297
fprintf(stderr, "Key ID: %s\n", recipient->keyid);
298
fprintf(stderr, "Secret key available: %s\n",
299
recipient->status == GPG_ERR_NO_SECKEY
300
? "No" : "Yes");
301
recipient = recipient->next;
302
}
303
}
304
}
305
}
306
goto decrypt_end;
179
307
}
180
308
181
309
if(debug){
182
fprintf(stderr, "Decryption of OpenPGP packet succeeded\n");
183
}
184
185
if (debug){
186
gpgme_decrypt_result_t result;
187
result = gpgme_op_decrypt_result(ctx);
188
if (result == NULL){
189
fprintf(stderr, "gpgme_op_decrypt_result failed\n");
190
} else {
191
fprintf(stderr, "Unsupported algorithm: %s\n",
192
result->unsupported_algorithm);
193
fprintf(stderr, "Wrong key usage: %d\n",
194
result->wrong_key_usage);
195
if(result->file_name != NULL){
196
fprintf(stderr, "File name: %s\n", result->file_name);
197
}
198
gpgme_recipient_t recipient;
199
recipient = result->recipients;
200
if(recipient){
201
while(recipient != NULL){
202
fprintf(stderr, "Public key algorithm: %s\n",
203
gpgme_pubkey_algo_name(recipient->pubkey_algo));
204
fprintf(stderr, "Key ID: %s\n", recipient->keyid);
205
fprintf(stderr, "Secret key available: %s\n",
206
recipient->status == GPG_ERR_NO_SECKEY
207
? "No" : "Yes");
208
recipient = recipient->next;
209
}
210
}
211
}
212
}
213
214
/* Delete the GPGME FILE pointer cryptotext data buffer */
215
gpgme_data_release(dh_crypto);
310
fprintf(stderr, "Decryption of OpenPGP data succeeded\n");
311
}
216
312
217
313
/* Seek back to the beginning of the GPGME plaintext data buffer */
218
314
if (gpgme_data_seek(dh_plain, (off_t) 0, SEEK_SET) == -1){
219
perror("pgpme_data_seek");
315
perror("gpgme_data_seek");
316
plaintext_length = -1;
317
goto decrypt_end;
220
318
}
221
319
222
*new_packet = 0;
320
*plaintext = NULL;
223
321
while(true){
224
new_packet_capacity = adjustbuffer(*new_packet, new_packet_length,
225
new_packet_capacity);
226
if (new_packet_capacity == 0){
322
plaintext_capacity = adjustbuffer(plaintext,
323
(size_t)plaintext_length,
324
plaintext_capacity);
325
if (plaintext_capacity == 0){
227
326
perror("adjustbuffer");
228
return -1;
229
}
230
new_packet_capacity += BUFFER_SIZE;
327
plaintext_length = -1;
328
goto decrypt_end;
231
329
}
232
330
233
ret = gpgme_data_read(dh_plain, *new_packet + new_packet_length,
331
ret = gpgme_data_read(dh_plain, *plaintext + plaintext_length,
234
332
BUFFER_SIZE);
235
333
/* Print the data, if any */
236
334
if (ret == 0){
335
/* EOF */
237
336
break;
238
337
}
239
338
if(ret < 0){
240
339
perror("gpgme_data_read");
241
return -1;
242
}
243
new_packet_length += ret;
244
}
245
246
/* FIXME: check characters before printing to screen so to not print
247
terminal control characters */
248
/* if(debug){ */
249
/* fprintf(stderr, "decrypted password is: "); */
250
/* fwrite(*new_packet, 1, new_packet_length, stderr); */
251
/* fprintf(stderr, "\n"); */
252
/* } */
340
plaintext_length = -1;
341
goto decrypt_end;
342
}
343
plaintext_length += ret;
344
}
345
346
if(debug){
347
fprintf(stderr, "Decrypted password is: ");
348
for(ssize_t i = 0; i < plaintext_length; i++){
349
fprintf(stderr, "%02hhX ", (*plaintext)[i]);
350
}
351
fprintf(stderr, "\n");
352
}
353
354
decrypt_end:
355
356
/* Delete the GPGME cryptotext data buffer */
357
gpgme_data_release(dh_crypto);
253
358
254
359
/* Delete the GPGME plaintext data buffer */
255
360
gpgme_data_release(dh_plain);
256
return new_packet_length;
361
return plaintext_length;
257
362
}
258
363
259
364
static const char * safer_gnutls_strerror (int value) {
260
const char *ret = gnutls_strerror (value);
365
const char *ret = gnutls_strerror (value); /* Spurious warning */
261
366
if (ret == NULL)
262
367
ret = "(unknown)";
263
368
return ret;
264
369
}
265
370
371
/* GnuTLS log function callback */
266
372
static void debuggnutls(__attribute__((unused)) int level,
267
373
const char* string){
268
fprintf(stderr, "%s", string);
374
fprintf(stderr, "GnuTLS: %s", string);
269
375
}
270
376
271
static int initgnutls(mandos_context *mc){
272
const char *err;
377
static int init_gnutls_global(mandos_context *mc,
378
const char *pubkeyfilename,
379
const char *seckeyfilename){
273
380
int ret;
274
381
275
382
if(debug){
276
383
fprintf(stderr, "Initializing GnuTLS\n");
277
384
}
278
279
if ((ret = gnutls_global_init ())
280
!= GNUTLS_E_SUCCESS) {
281
fprintf (stderr, "global_init: %s\n", safer_gnutls_strerror(ret));
385
386
ret = gnutls_global_init();
387
if (ret != GNUTLS_E_SUCCESS) {
388
fprintf (stderr, "GnuTLS global_init: %s\n",
389
safer_gnutls_strerror(ret));
282
390
return -1;
283
391
}
284
392
285
393
if (debug){
394
/* "Use a log level over 10 to enable all debugging options."
395
* - GnuTLS manual
396
*/
286
397
gnutls_global_set_log_level(11);
287
398
gnutls_global_set_log_function(debuggnutls);
288
399
}
289
400
290
/* openpgp credentials */
291
if ((ret = gnutls_certificate_allocate_credentials (&es->cred))
292
!= GNUTLS_E_SUCCESS) {
293
fprintf (stderr, "memory error: %s\n",
401
/* OpenPGP credentials */
402
gnutls_certificate_allocate_credentials(&mc->cred);
403
if (ret != GNUTLS_E_SUCCESS){
404
fprintf (stderr, "GnuTLS memory error: %s\n", /* Spurious
405
warning */
294
406
safer_gnutls_strerror(ret));
407
gnutls_global_deinit ();
295
408
return -1;
296
409
}
297
410
298
411
if(debug){
299
fprintf(stderr, "Attempting to use OpenPGP certificate %s"
300
" and keyfile %s as GnuTLS credentials\n", certfile,
301
certkey);
412
fprintf(stderr, "Attempting to use OpenPGP public key %s and"
413
" secret key %s as GnuTLS credentials\n", pubkeyfilename,
414
seckeyfilename);
302
415
}
303
416
304
417
ret = gnutls_certificate_set_openpgp_key_file
305
(es->cred, certfile, certkey, GNUTLS_OPENPGP_FMT_BASE64);
418
(mc->cred, pubkeyfilename, seckeyfilename,
419
GNUTLS_OPENPGP_FMT_BASE64);
306
420
if (ret != GNUTLS_E_SUCCESS) {
307
fprintf
308
(stderr, "Error[%d] while reading the OpenPGP key pair ('%s',"
309
" '%s')\n",
310
ret, certfile, certkey);
311
fprintf(stdout, "The Error is: %s\n",
421
fprintf(stderr,
422
"Error[%d] while reading the OpenPGP key pair ('%s',"
423
" '%s')\n", ret, pubkeyfilename, seckeyfilename);
424
fprintf(stderr, "The GnuTLS error is: %s\n",
312
425
safer_gnutls_strerror(ret));
313
return -1;
314
}
315
316
//GnuTLS server initialization
317
if ((ret = gnutls_dh_params_init (&es->dh_params))
318
!= GNUTLS_E_SUCCESS) {
319
fprintf (stderr, "Error in dh parameter initialization: %s\n",
320
safer_gnutls_strerror(ret));
321
return -1;
322
}
323
324
if ((ret = gnutls_dh_params_generate2 (es->dh_params, DH_BITS))
325
!= GNUTLS_E_SUCCESS) {
326
fprintf (stderr, "Error in prime generation: %s\n",
327
safer_gnutls_strerror(ret));
328
return -1;
329
}
330
331
gnutls_certificate_set_dh_params (es->cred, es->dh_params);
332
333
// GnuTLS session creation
334
if ((ret = gnutls_init (&es->session, GNUTLS_SERVER))
335
!= GNUTLS_E_SUCCESS){
426
goto globalfail;
427
}
428
429
/* GnuTLS server initialization */
430
ret = gnutls_dh_params_init(&mc->dh_params);
431
if (ret != GNUTLS_E_SUCCESS) {
432
fprintf (stderr, "Error in GnuTLS DH parameter initialization:"
433
" %s\n", safer_gnutls_strerror(ret));
434
goto globalfail;
435
}
436
ret = gnutls_dh_params_generate2(mc->dh_params, mc->dh_bits);
437
if (ret != GNUTLS_E_SUCCESS) {
438
fprintf (stderr, "Error in GnuTLS prime generation: %s\n",
439
safer_gnutls_strerror(ret));
440
goto globalfail;
441
}
442
443
gnutls_certificate_set_dh_params(mc->cred, mc->dh_params);
444
445
return 0;
446
447
globalfail:
448
449
gnutls_certificate_free_credentials(mc->cred);
450
gnutls_global_deinit();
451
gnutls_dh_params_deinit(mc->dh_params);
452
return -1;
453
}
454
455
static int init_gnutls_session(mandos_context *mc,
456
gnutls_session_t *session){
457
int ret;
458
/* GnuTLS session creation */
459
ret = gnutls_init(session, GNUTLS_SERVER);
460
if (ret != GNUTLS_E_SUCCESS){
336
461
fprintf(stderr, "Error in GnuTLS session initialization: %s\n",
337
462
safer_gnutls_strerror(ret));
338
463
}
339
464
340
if ((ret = gnutls_priority_set_direct (es->session, mc->priority, &err))
341
!= GNUTLS_E_SUCCESS) {
342
fprintf(stderr, "Syntax error at: %s\n", err);
343
fprintf(stderr, "GnuTLS error: %s\n",
344
safer_gnutls_strerror(ret));
345
return -1;
465
{
466
const char *err;
467
ret = gnutls_priority_set_direct(*session, mc->priority, &err);
468
if (ret != GNUTLS_E_SUCCESS) {
469
fprintf(stderr, "Syntax error at: %s\n", err);
470
fprintf(stderr, "GnuTLS error: %s\n",
471
safer_gnutls_strerror(ret));
472
gnutls_deinit (*session);
473
return -1;
474
}
346
475
}
347
476
348
if ((ret = gnutls_credentials_set
349
(es->session, GNUTLS_CRD_CERTIFICATE, es->cred))
350
!= GNUTLS_E_SUCCESS) {
351
fprintf(stderr, "Error setting a credentials set: %s\n",
477
ret = gnutls_credentials_set(*session, GNUTLS_CRD_CERTIFICATE,
478
mc->cred);
479
if (ret != GNUTLS_E_SUCCESS) {
480
fprintf(stderr, "Error setting GnuTLS credentials: %s\n",
352
481
safer_gnutls_strerror(ret));
482
gnutls_deinit (*session);
353
483
return -1;
354
484
}
355
485
356
486
/* ignore client certificate if any. */
357
gnutls_certificate_server_set_request (es->session,
487
gnutls_certificate_server_set_request (*session,
358
488
GNUTLS_CERT_IGNORE);
359
489
360
gnutls_dh_set_prime_bits (es->session, DH_BITS);
490
gnutls_dh_set_prime_bits (*session, mc->dh_bits);
361
491
362
492
return 0;
363
493
}
364
494
495
/* Avahi log function callback */
365
496
static void empty_log(__attribute__((unused)) AvahiLogLevel level,
366
497
__attribute__((unused)) const char *txt){}
367
498
499
/* Called when a Mandos server is found */
368
500
static int start_mandos_communication(const char *ip, uint16_t port,
369
501
AvahiIfIndex if_index,
370
502
mandos_context *mc){
371
503
int ret, tcp_sd;
372
struct sockaddr_in6 to;
373
encrypted_session es;
504
union { struct sockaddr in; struct sockaddr_in6 in6; } to;
374
505
char *buffer = NULL;
375
506
char *decrypted_buffer;
376
507
size_t buffer_length = 0;
379
510
size_t written;
380
511
int retval = 0;
381
512
char interface[IF_NAMESIZE];
513
gnutls_session_t session;
514
515
ret = init_gnutls_session (mc, &session);
516
if (ret != 0){
517
return -1;
518
}
382
519
383
520
if(debug){
384
fprintf(stderr, "Setting up a tcp connection to %s, port %d\n",
385
ip, port);
521
fprintf(stderr, "Setting up a tcp connection to %s, port %" PRIu16
522
"\n", ip, port);
386
523
}
387
524
388
525
tcp_sd = socket(PF_INET6, SOCK_STREAM, 0);
390
527
perror("socket");
391
528
return -1;
392
529
}
393
530
394
531
if(debug){
395
532
if(if_indextoname((unsigned int)if_index, interface) == NULL){
396
if(debug){
397
perror("if_indextoname");
398
}
533
perror("if_indextoname");
399
534
return -1;
400
535
}
401
402
536
fprintf(stderr, "Binding to interface %s\n", interface);
403
537
}
404
538
405
memset(&to,0,sizeof(to)); /* Spurious warning */
406
to.sin6_family = AF_INET6;
407
ret = inet_pton(AF_INET6, ip, &to.sin6_addr);
539
memset(&to, 0, sizeof(to));
540
to.in6.sin6_family = AF_INET6;
541
/* It would be nice to have a way to detect if we were passed an
542
IPv4 address here. Now we assume an IPv6 address. */
543
ret = inet_pton(AF_INET6, ip, &to.in6.sin6_addr);
408
544
if (ret < 0 ){
409
545
perror("inet_pton");
410
546
return -1;
411
}
547
}
412
548
if(ret == 0){
413
549
fprintf(stderr, "Bad address: %s\n", ip);
414
550
return -1;
415
551
}
416
to.sin6_port = htons(port); /* Spurious warning */
552
to.in6.sin6_port = htons(port); /* Spurious warning */
417
553
418
to.sin6_scope_id = (uint32_t)if_index;
554
to.in6.sin6_scope_id = (uint32_t)if_index;
419
555
420
556
if(debug){
421
fprintf(stderr, "Connection to: %s, port %d\n", ip, port);
422
/* char addrstr[INET6_ADDRSTRLEN]; */
423
/* if(inet_ntop(to.sin6_family, &(to.sin6_addr), addrstr, */
424
/* sizeof(addrstr)) == NULL){ */
425
/* perror("inet_ntop"); */
426
/* } else { */
427
/* fprintf(stderr, "Really connecting to: %s, port %d\n", */
428
/* addrstr, ntohs(to.sin6_port)); */
429
/* } */
557
fprintf(stderr, "Connection to: %s, port %" PRIu16 "\n", ip,
558
port);
559
char addrstr[INET6_ADDRSTRLEN] = "";
560
if(inet_ntop(to.in6.sin6_family, &(to.in6.sin6_addr), addrstr,
561
sizeof(addrstr)) == NULL){
562
perror("inet_ntop");
563
} else {
564
if(strcmp(addrstr, ip) != 0){
565
fprintf(stderr, "Canonical address form: %s\n", addrstr);
566
}
567
}
430
568
}
431
569
432
ret = connect(tcp_sd, (struct sockaddr *) &to, sizeof(to));
570
ret = connect(tcp_sd, &to.in, sizeof(to));
433
571
if (ret < 0){
434
572
perror("connect");
435
573
return -1;
436
574
}
437
438
char *out = mandos_protocol_version;
575
576
const char *out = mandos_protocol_version;
439
577
written = 0;
440
578
while (true){
441
579
size_t out_size = strlen(out);
444
582
if (ret == -1){
445
583
perror("write");
446
584
retval = -1;
447
goto end;
585
goto mandos_end;
448
586
}
449
written += ret;
587
written += (size_t)ret;
450
588
if(written < out_size){
451
589
continue;
452
590
} else {
458
596
}
459
597
}
460
598
}
461
462
ret = initgnutls (&es);
463
if (ret != 0){
464
retval = -1;
465
return -1;
466
}
467
468
gnutls_transport_set_ptr (es.session,
469
(gnutls_transport_ptr_t) tcp_sd);
470
599
471
600
if(debug){
472
601
fprintf(stderr, "Establishing TLS session with %s\n", ip);
473
602
}
474
603
475
ret = gnutls_handshake (es.session);
604
gnutls_transport_set_ptr (session, (gnutls_transport_ptr_t) tcp_sd);
605
606
do{
607
ret = gnutls_handshake (session);
608
} while(ret == GNUTLS_E_AGAIN or ret == GNUTLS_E_INTERRUPTED);
476
609
477
610
if (ret != GNUTLS_E_SUCCESS){
478
611
if(debug){
479
fprintf(stderr, "\n*** Handshake failed ***\n");
612
fprintf(stderr, "*** GnuTLS Handshake failed ***\n");
480
613
gnutls_perror (ret);
481
614
}
482
615
retval = -1;
483
goto exit;
616
goto mandos_end;
484
617
}
485
618
486
//Retrieve OpenPGP packet that contains the wanted password
619
/* Read OpenPGP packet that contains the wanted password */
487
620
488
621
if(debug){
489
622
fprintf(stderr, "Retrieving pgp encrypted password from %s\n",
490
623
ip);
491
624
}
492
625
493
626
while(true){
494
buffer_capacity = adjustbuffer(buffer, buffer_length, buffer_capacity);
627
buffer_capacity = adjustbuffer(&buffer, buffer_length,
628
buffer_capacity);
495
629
if (buffer_capacity == 0){
496
630
perror("adjustbuffer");
497
631
retval = -1;
498
goto exit;
632
goto mandos_end;
499
633
}
500
634
501
ret = gnutls_record_recv
502
(es.session, buffer+buffer_length, BUFFER_SIZE);
635
ret = gnutls_record_recv(session, buffer+buffer_length,
636
BUFFER_SIZE);
503
637
if (ret == 0){
504
638
break;
505
639
}
509
643
case GNUTLS_E_AGAIN:
510
644
break;
511
645
case GNUTLS_E_REHANDSHAKE:
512
ret = gnutls_handshake (es.session);
646
do{
647
ret = gnutls_handshake (session);
648
} while(ret == GNUTLS_E_AGAIN or ret == GNUTLS_E_INTERRUPTED);
513
649
if (ret < 0){
514
fprintf(stderr, "\n*** Handshake failed ***\n");
650
fprintf(stderr, "*** GnuTLS Re-handshake failed ***\n");
515
651
gnutls_perror (ret);
516
652
retval = -1;
517
goto exit;
653
goto mandos_end;
518
654
}
519
655
break;
520
656
default:
521
657
fprintf(stderr, "Unknown error while reading data from"
522
" encrypted session with mandos server\n");
658
" encrypted session with Mandos server\n");
523
659
retval = -1;
524
gnutls_bye (es.session, GNUTLS_SHUT_RDWR);
525
goto exit;
660
gnutls_bye (session, GNUTLS_SHUT_RDWR);
661
goto mandos_end;
526
662
}
527
663
} else {
528
664
buffer_length += (size_t) ret;
529
665
}
530
666
}
531
667
668
if(debug){
669
fprintf(stderr, "Closing TLS session\n");
670
}
671
672
gnutls_bye (session, GNUTLS_SHUT_RDWR);
673
532
674
if (buffer_length > 0){
533
decrypted_buffer_size = pgp_packet_decrypt(buffer,
675
decrypted_buffer_size = pgp_packet_decrypt(mc, buffer,
534
676
buffer_length,
535
&decrypted_buffer,
536
certdir);
677
&decrypted_buffer);
537
678
if (decrypted_buffer_size >= 0){
538
679
written = 0;
539
680
while(written < (size_t) decrypted_buffer_size){
554
695
} else {
555
696
retval = -1;
556
697
}
557
}
558
559
//shutdown procedure
560
561
if(debug){
562
fprintf(stderr, "Closing TLS session\n");
563
}
564
698
} else {
699
retval = -1;
700
}
701
702
/* Shutdown procedure */
703
704
mandos_end:
565
705
free(buffer);
566
gnutls_bye (es.session, GNUTLS_SHUT_RDWR);
567
exit:
568
close(tcp_sd);
569
gnutls_deinit (es.session);
570
gnutls_certificate_free_credentials (es.cred);
571
gnutls_global_deinit ();
706
ret = TEMP_FAILURE_RETRY(close(tcp_sd));
707
if(ret == -1){
708
perror("close");
709
}
710
gnutls_deinit (session);
572
711
return retval;
573
712
}
574
713
575
static void resolve_callback( AvahiSServiceResolver *r,
576
AvahiIfIndex interface,
577
AVAHI_GCC_UNUSED AvahiProtocol protocol,
578
AvahiResolverEvent event,
579
const char *name,
580
const char *type,
581
const char *domain,
582
const char *host_name,
583
const AvahiAddress *address,
584
uint16_t port,
585
AVAHI_GCC_UNUSED AvahiStringList *txt,
586
AVAHI_GCC_UNUSED AvahiLookupResultFlags flags,
587
AVAHI_GCC_UNUSED void* userdata) {
714
static void resolve_callback(AvahiSServiceResolver *r,
715
AvahiIfIndex interface,
716
AVAHI_GCC_UNUSED AvahiProtocol protocol,
717
AvahiResolverEvent event,
718
const char *name,
719
const char *type,
720
const char *domain,
721
const char *host_name,
722
const AvahiAddress *address,
723
uint16_t port,
724
AVAHI_GCC_UNUSED AvahiStringList *txt,
725
AVAHI_GCC_UNUSED AvahiLookupResultFlags
726
flags,
727
void* userdata) {
588
728
mandos_context *mc = userdata;
589
assert(r); /* Spurious warning */
729
assert(r);
590
730
591
731
/* Called whenever a service has been resolved successfully or
592
732
timed out */
594
734
switch (event) {
595
735
default:
596
736
case AVAHI_RESOLVER_FAILURE:
597
fprintf(stderr, "(Resolver) Failed to resolve service '%s' of"
598
" type '%s' in domain '%s': %s\n", name, type, domain,
737
fprintf(stderr, "(Avahi Resolver) Failed to resolve service '%s'"
738
" of type '%s' in domain '%s': %s\n", name, type, domain,
599
739
avahi_strerror(avahi_server_errno(mc->server)));
600
740
break;
601
741
604
744
char ip[AVAHI_ADDRESS_STR_MAX];
605
745
avahi_address_snprint(ip, sizeof(ip), address);
606
746
if(debug){
607
fprintf(stderr, "Mandos server \"%s\" found on %s (%s) on"
608
" port %d\n", name, host_name, ip, port);
747
fprintf(stderr, "Mandos server \"%s\" found on %s (%s, %"
748
PRIu16 ") on port %d\n", name, host_name, ip,
749
interface, port);
609
750
}
610
751
int ret = start_mandos_communication(ip, port, interface, mc);
611
752
if (ret == 0){
612
exit(EXIT_SUCCESS);
753
avahi_simple_poll_quit(mc->simple_poll);
613
754
}
614
755
}
615
756
}
623
764
const char *name,
624
765
const char *type,
625
766
const char *domain,
626
AVAHI_GCC_UNUSED AvahiLookupResultFlags flags,
767
AVAHI_GCC_UNUSED AvahiLookupResultFlags
768
flags,
627
769
void* userdata) {
628
770
mandos_context *mc = userdata;
629
assert(b); /* Spurious warning */
771
assert(b);
630
772
631
773
/* Called whenever a new services becomes available on the LAN or
632
774
is removed from the LAN */
634
776
switch (event) {
635
777
default:
636
778
case AVAHI_BROWSER_FAILURE:
637
638
fprintf(stderr, "(Browser) %s\n",
779
780
fprintf(stderr, "(Avahi browser) %s\n",
639
781
avahi_strerror(avahi_server_errno(mc->server)));
640
782
avahi_simple_poll_quit(mc->simple_poll);
641
783
return;
642
784
643
785
case AVAHI_BROWSER_NEW:
644
/* We ignore the returned resolver object. In the callback
645
function we free it. If the server is terminated before
646
the callback function is called the server will free
647
the resolver for us. */
648
649
if (!(avahi_s_service_resolver_new(mc->server, interface, protocol, name,
650
type, domain,
786
/* We ignore the returned Avahi resolver object. In the callback
787
function we free it. If the Avahi server is terminated before
788
the callback function is called the Avahi server will free the
789
resolver for us. */
790
791
if (!(avahi_s_service_resolver_new(mc->server, interface,
792
protocol, name, type, domain,
651
793
AVAHI_PROTO_INET6, 0,
652
794
resolve_callback, mc)))
653
fprintf(stderr, "Failed to resolve service '%s': %s\n", name,
654
avahi_strerror(avahi_server_errno(s)));
795
fprintf(stderr, "Avahi: Failed to resolve service '%s': %s\n",
796
name, avahi_strerror(avahi_server_errno(mc->server)));
655
797
break;
656
798
657
799
case AVAHI_BROWSER_REMOVE:
658
800
break;
659
801
660
802
case AVAHI_BROWSER_ALL_FOR_NOW:
661
803
case AVAHI_BROWSER_CACHE_EXHAUSTED:
804
if(debug){
805
fprintf(stderr, "No Mandos server found, still searching...\n");
806
}
662
807
break;
663
808
}
664
809
}
665
810
666
/* Combines file name and path and returns the malloced new
667
string. some sane checks could/should be added */
668
static const char *combinepath(const char *first, const char *second){
669
size_t f_len = strlen(first);
670
size_t s_len = strlen(second);
671
char *tmp = malloc(f_len + s_len + 2);
672
if (tmp == NULL){
673
return NULL;
674
}
675
if(f_len > 0){
676
memcpy(tmp, first, f_len);
677
}
678
tmp[f_len] = '/';
679
if(s_len > 0){
680
memcpy(tmp + f_len + 1, second, s_len);
681
}
682
tmp[f_len + 1 + s_len] = '\0';
683
return tmp;
684
}
685
686
687
int main(AVAHI_GCC_UNUSED int argc, AVAHI_GCC_UNUSED char*argv[]) {
688
AvahiServerConfig config;
811
int main(int argc, char *argv[]){
689
812
AvahiSServiceBrowser *sb = NULL;
690
813
int error;
691
814
int ret;
692
int returncode = EXIT_SUCCESS;
815
int exitcode = EXIT_SUCCESS;
693
816
const char *interface = "eth0";
694
817
struct ifreq network;
695
818
int sd;
819
uid_t uid;
820
gid_t gid;
696
821
char *connect_to = NULL;
822
char tempdir[] = "/tmp/mandosXXXXXX";
697
823
AvahiIfIndex if_index = AVAHI_IF_UNSPEC;
824
const char *seckey = PATHDIR "/" SECKEY;
825
const char *pubkey = PATHDIR "/" PUBKEY;
826
698
827
mandos_context mc = { .simple_poll = NULL, .server = NULL,
699
.dh_bits = 2048, .priority = "SECURE256"};
828
.dh_bits = 1024, .priority = "SECURE256"
829
":!CTYPE-X.509:+CTYPE-OPENPGP" };
830
bool gnutls_initalized = false;
831
bool gpgme_initalized = false;
700
832
701
while (true){
702
static struct option long_options[] = {
703
{"debug", no_argument, (int *)&debug, 1},
704
{"connect", required_argument, 0, 'C'},
705
{"interface", required_argument, 0, 'i'},
706
{"certdir", required_argument, 0, 'd'},
707
{"certkey", required_argument, 0, 'c'},
708
{"certfile", required_argument, 0, 'k'},
709
{"dh_bits", required_argument, 0, 'D'},
710
{"priority", required_argument, 0, 'p'},
711
{0, 0, 0, 0} };
712
713
int option_index = 0;
714
ret = getopt_long (argc, argv, "i:", long_options,
715
&option_index);
716
717
if (ret == -1){
718
break;
719
}
720
721
switch(ret){
722
case 0:
723
break;
724
case 'i':
725
interface = optarg;
726
break;
727
case 'C':
728
connect_to = optarg;
729
break;
730
case 'd':
731
certdir = optarg;
732
break;
733
case 'c':
734
certfile = optarg;
735
break;
736
case 'k':
737
certkey = optarg;
738
break;
739
case 'D':
740
{
741
long int tmp;
833
{
834
struct argp_option options[] = {
835
{ .name = "debug", .key = 128,
836
.doc = "Debug mode", .group = 3 },
837
{ .name = "connect", .key = 'c',
838
.arg = "ADDRESS:PORT",
839
.doc = "Connect directly to a specific Mandos server",
840
.group = 1 },
841
{ .name = "interface", .key = 'i',
842
.arg = "NAME",
843
.doc = "Interface that will be used to search for Mandos"
844
" servers",
845
.group = 1 },
846
{ .name = "seckey", .key = 's',
847
.arg = "FILE",
848
.doc = "OpenPGP secret key file base name",
849
.group = 1 },
850
{ .name = "pubkey", .key = 'p',
851
.arg = "FILE",
852
.doc = "OpenPGP public key file base name",
853
.group = 2 },
854
{ .name = "dh-bits", .key = 129,
855
.arg = "BITS",
856
.doc = "Bit length of the prime number used in the"
857
" Diffie-Hellman key exchange",
858
.group = 2 },
859
{ .name = "priority", .key = 130,
860
.arg = "STRING",
861
.doc = "GnuTLS priority string for the TLS handshake",
862
.group = 1 },
863
{ .name = NULL }
864
};
865
866
error_t parse_opt (int key, char *arg,
867
struct argp_state *state) {
868
/* Get the INPUT argument from `argp_parse', which we know is
869
a pointer to our plugin list pointer. */
870
switch (key) {
871
case 128: /* --debug */
872
debug = true;
873
break;
874
case 'c': /* --connect */
875
connect_to = arg;
876
break;
877
case 'i': /* --interface */
878
interface = arg;
879
break;
880
case 's': /* --seckey */
881
seckey = arg;
882
break;
883
case 'p': /* --pubkey */
884
pubkey = arg;
885
break;
886
case 129: /* --dh-bits */
742
887
errno = 0;
743
tmp = strtol(optarg, NULL, 10);
744
if (errno == ERANGE){
888
mc.dh_bits = (unsigned int) strtol(arg, NULL, 10);
889
if (errno){
745
890
perror("strtol");
746
891
exit(EXIT_FAILURE);
747
892
}
748
mc.dh_bits = tmp;
749
}
750
break;
751
case 'p':
752
mc.priority = optarg;
753
break;
754
default:
755
exit(EXIT_FAILURE);
756
}
757
}
758
759
certfile = combinepath(certdir, certfile);
760
if (certfile == NULL){
761
perror("combinepath");
762
returncode = EXIT_FAILURE;
763
goto exit;
764
}
765
766
certkey = combinepath(certdir, certkey);
767
if (certkey == NULL){
768
perror("combinepath");
769
returncode = EXIT_FAILURE;
770
goto exit;
893
break;
894
case 130: /* --priority */
895
mc.priority = arg;
896
break;
897
case ARGP_KEY_ARG:
898
argp_usage (state);
899
case ARGP_KEY_END:
900
break;
901
default:
902
return ARGP_ERR_UNKNOWN;
903
}
904
return 0;
905
}
906
907
struct argp argp = { .options = options, .parser = parse_opt,
908
.args_doc = "",
909
.doc = "Mandos client -- Get and decrypt"
910
" passwords from a Mandos server" };
911
ret = argp_parse (&argp, argc, argv, 0, 0, NULL);
912
if (ret == ARGP_ERR_UNKNOWN){
913
fprintf(stderr, "Unknown error while parsing arguments\n");
914
exitcode = EXIT_FAILURE;
915
goto end;
916
}
917
}
918
919
/* If the interface is down, bring it up */
920
{
921
sd = socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP);
922
if(sd < 0) {
923
perror("socket");
924
exitcode = EXIT_FAILURE;
925
goto end;
926
}
927
strcpy(network.ifr_name, interface);
928
ret = ioctl(sd, SIOCGIFFLAGS, &network);
929
if(ret == -1){
930
perror("ioctl SIOCGIFFLAGS");
931
exitcode = EXIT_FAILURE;
932
goto end;
933
}
934
if((network.ifr_flags & IFF_UP) == 0){
935
network.ifr_flags |= IFF_UP;
936
ret = ioctl(sd, SIOCSIFFLAGS, &network);
937
if(ret == -1){
938
perror("ioctl SIOCSIFFLAGS");
939
exitcode = EXIT_FAILURE;
940
goto end;
941
}
942
}
943
ret = TEMP_FAILURE_RETRY(close(sd));
944
if(ret == -1){
945
perror("close");
946
}
947
}
948
949
uid = getuid();
950
gid = getgid();
951
952
ret = setuid(uid);
953
if (ret == -1){
954
perror("setuid");
955
}
956
957
setgid(gid);
958
if (ret == -1){
959
perror("setgid");
960
}
961
962
ret = init_gnutls_global(&mc, pubkey, seckey);
963
if (ret == -1){
964
fprintf(stderr, "init_gnutls_global failed\n");
965
exitcode = EXIT_FAILURE;
966
goto end;
967
} else {
968
gnutls_initalized = true;
969
}
970
971
if(mkdtemp(tempdir) == NULL){
972
perror("mkdtemp");
973
tempdir[0] = '\0';
974
goto end;
975
}
976
977
if(not init_gpgme(&mc, pubkey, seckey, tempdir)){
978
fprintf(stderr, "gpgme_initalized failed\n");
979
exitcode = EXIT_FAILURE;
980
goto end;
981
} else {
982
gpgme_initalized = true;
771
983
}
772
984
773
985
if_index = (AvahiIfIndex) if_nametoindex(interface);
782
994
char *address = strrchr(connect_to, ':');
783
995
if(address == NULL){
784
996
fprintf(stderr, "No colon in address\n");
785
exit(EXIT_FAILURE);
997
exitcode = EXIT_FAILURE;
998
goto end;
786
999
}
787
1000
errno = 0;
788
1001
uint16_t port = (uint16_t) strtol(address+1, NULL, 10);
789
1002
if(errno){
790
1003
perror("Bad port number");
791
exit(EXIT_FAILURE);
1004
exitcode = EXIT_FAILURE;
1005
goto end;
792
1006
}
793
1007
*address = '\0';
794
1008
address = connect_to;
795
ret = start_mandos_communication(address, port, if_index);
1009
ret = start_mandos_communication(address, port, if_index, &mc);
796
1010
if(ret < 0){
797
exit(EXIT_FAILURE);
1011
exitcode = EXIT_FAILURE;
798
1012
} else {
799
exit(EXIT_SUCCESS);
800
}
801
}
802
803
sd = socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP);
804
if(sd < 0) {
805
perror("socket");
806
returncode = EXIT_FAILURE;
807
goto exit;
808
}
809
strcpy(network.ifr_name, interface);
810
ret = ioctl(sd, SIOCGIFFLAGS, &network);
811
if(ret == -1){
812
813
perror("ioctl SIOCGIFFLAGS");
814
returncode = EXIT_FAILURE;
815
goto exit;
816
}
817
if((network.ifr_flags & IFF_UP) == 0){
818
network.ifr_flags |= IFF_UP;
819
ret = ioctl(sd, SIOCSIFFLAGS, &network);
820
if(ret == -1){
821
perror("ioctl SIOCSIFFLAGS");
822
returncode = EXIT_FAILURE;
823
goto exit;
824
}
825
}
826
close(sd);
1013
exitcode = EXIT_SUCCESS;
1014
}
1015
goto end;
1016
}
827
1017
828
1018
if (not debug){
829
1019
avahi_set_log_function(empty_log);
830
1020
}
831
1021
832
/* Initialize the psuedo-RNG */
1022
/* Initialize the pseudo-RNG for Avahi */
833
1023
srand((unsigned int) time(NULL));
834
835
/* Allocate main loop object */
836
if (!(mc.simple_poll = avahi_simple_poll_new())) {
837
fprintf(stderr, "Failed to create simple poll object.\n");
838
returncode = EXIT_FAILURE;
839
goto exit;
840
}
841
842
/* Do not publish any local records */
843
avahi_server_config_init(&config);
844
config.publish_hinfo = 0;
845
config.publish_addresses = 0;
846
config.publish_workstation = 0;
847
config.publish_domain = 0;
848
849
/* Allocate a new server */
850
mc.server = avahi_server_new(avahi_simple_poll_get(simple_poll),
851
&config, NULL, NULL, &error);
852
853
/* Free the configuration data */
854
avahi_server_config_free(&config);
855
856
/* Check if creating the server object succeeded */
857
if (!mc.server) {
858
fprintf(stderr, "Failed to create server: %s\n",
1024
1025
/* Allocate main Avahi loop object */
1026
mc.simple_poll = avahi_simple_poll_new();
1027
if (mc.simple_poll == NULL) {
1028
fprintf(stderr, "Avahi: Failed to create simple poll"
1029
" object.\n");
1030
exitcode = EXIT_FAILURE;
1031
goto end;
1032
}
1033
1034
{
1035
AvahiServerConfig config;
1036
/* Do not publish any local Zeroconf records */
1037
avahi_server_config_init(&config);
1038
config.publish_hinfo = 0;
1039
config.publish_addresses = 0;
1040
config.publish_workstation = 0;
1041
config.publish_domain = 0;
1042
1043
/* Allocate a new server */
1044
mc.server = avahi_server_new(avahi_simple_poll_get
1045
(mc.simple_poll), &config, NULL,
1046
NULL, &error);
1047
1048
/* Free the Avahi configuration data */
1049
avahi_server_config_free(&config);
1050
}
1051
1052
/* Check if creating the Avahi server object succeeded */
1053
if (mc.server == NULL) {
1054
fprintf(stderr, "Failed to create Avahi server: %s\n",
859
1055
avahi_strerror(error));
860
returncode = EXIT_FAILURE;
861
goto exit;
1056
exitcode = EXIT_FAILURE;
1057
goto end;
862
1058
}
863
1059
864
/* Create the service browser */
1060
/* Create the Avahi service browser */
865
1061
sb = avahi_s_service_browser_new(mc.server, if_index,
866
1062
AVAHI_PROTO_INET6,
867
1063
"_mandos._tcp", NULL, 0,
868
1064
browse_callback, &mc);
869
if (!sb) {
1065
if (sb == NULL) {
870
1066
fprintf(stderr, "Failed to create service browser: %s\n",
871
1067
avahi_strerror(avahi_server_errno(mc.server)));
872
returncode = EXIT_FAILURE;
873
goto exit;
1068
exitcode = EXIT_FAILURE;
1069
goto end;
874
1070
}
875
1071
876
1072
/* Run the main loop */
877
1073
878
1074
if (debug){
879
fprintf(stderr, "Starting avahi loop search\n");
1075
fprintf(stderr, "Starting Avahi loop search\n");
880
1076
}
881
1077
882
avahi_simple_poll_loop(simple_poll);
883
884
exit:
885
1078
avahi_simple_poll_loop(mc.simple_poll);
1079
1080
end:
1081
886
1082
if (debug){
887
1083
fprintf(stderr, "%s exiting\n", argv[0]);
888
1084
}
889
1085
890
1086
/* Cleanup things */
891
if (sb)
1087
if (sb != NULL)
892
1088
avahi_s_service_browser_free(sb);
893
1089
894
if (mc.server)
1090
if (mc.server != NULL)
895
1091
avahi_server_free(mc.server);
896
897
if (simple_poll)
898
avahi_simple_poll_free(simple_poll);
899
free(certfile);
900
free(certkey);
901
902
return returncode;
1092
1093
if (mc.simple_poll != NULL)
1094
avahi_simple_poll_free(mc.simple_poll);
1095
1096
if (gnutls_initalized){
1097
gnutls_certificate_free_credentials(mc.cred);
1098
gnutls_global_deinit ();
1099
gnutls_dh_params_deinit(mc.dh_params);
1100
}
1101
1102
if(gpgme_initalized){
1103
gpgme_release(mc.ctx);
1104
}
1105
1106
/* Removes the temp directory used by GPGME */
1107
if(tempdir[0] != '\0'){
1108
DIR *d;
1109
struct dirent *direntry;
1110
d = opendir(tempdir);
1111
if(d == NULL){
1112
perror("opendir");
1113
} else {
1114
while(true){
1115
direntry = readdir(d);
1116
if(direntry == NULL){
1117
break;
1118
}
1119
if (direntry->d_type == DT_REG){
1120
char *fullname = NULL;
1121
ret = asprintf(&fullname, "%s/%s", tempdir,
1122
direntry->d_name);
1123
if(ret < 0){
1124
perror("asprintf");
1125
continue;
1126
}
1127
ret = unlink(fullname);
1128
if(ret == -1){
1129
fprintf(stderr, "unlink(\"%s\"): %s",
1130
fullname, strerror(errno));
1131
}
1132
free(fullname);
1133
}
1134
}
1135
closedir(d);
1136
}
1137
ret = rmdir(tempdir);
1138
if(ret == -1){
1139
perror("rmdir");
1140
}
1141
}
1142
1143
return exitcode;
903
1144
}
Loggerhead is a web-based interface for Breezy
Version: 2.0.2.dev0