To get this branch, use:
bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk
« back to all changes in this revision
Viewing changes to plugins.d/mandosclient.c
- browse files at revision 26
- compare with another revision
- download diff
- download tarball
- view history from revision 26
- Committer: Teddy Hogeborn
- Date: 2008-07-22 06:23:59 UTC
- mfrom: (24.1.1 mandos)
- Revision ID: teddy@fukt.bsnet.se-20080722062359-qti3ecst69bq3ltk
Merge.
- files removed:
- server.conf
- files renamed:
- clients.conf => mandos-clients.conf
- files modified:
- Makefile
added
removed
plugins.d/mandosclient.c
8
8
* includes the following functions: "resolve_callback",
9
9
* "browse_callback", and parts of "main".
10
10
*
11
* Everything else is
12
* Copyright © 2007-2008 Teddy Hogeborn & Björn Påhlsson
11
* Everything else is Copyright © 2007-2008 Teddy Hogeborn and Björn
12
* Påhlsson.
13
13
*
14
14
* This program is free software: you can redistribute it and/or
15
15
* modify it under the terms of the GNU General Public License as
25
25
* along with this program. If not, see
26
26
* <http://www.gnu.org/licenses/>.
27
27
*
28
* Contact the authors at <mandos@fukt.bsnet.se>.
28
* Contact the authors at <https://www.fukt.bsnet.se/~belorn/> and
29
* <https://www.fukt.bsnet.se/~teddy/>.
29
30
*/
30
31
31
/* Needed by GPGME, specifically gpgme_data_seek() */
32
#define _FORTIFY_SOURCE 2
33
32
34
#define _LARGEFILE_SOURCE
33
35
#define _FILE_OFFSET_BITS 64
34
36
66
68
// getopt long
67
69
#include <getopt.h>
68
70
71
#ifndef CERT_ROOT
72
#define CERT_ROOT "/conf/conf.d/cryptkeyreq/"
73
#endif
74
#define CERTFILE CERT_ROOT "openpgp-client.txt"
75
#define KEYFILE CERT_ROOT "openpgp-client-key.txt"
69
76
#define BUFFER_SIZE 256
70
77
#define DH_BITS 1024
71
78
72
const char *certdir = "/conf/conf.d/cryptkeyreq/";
73
const char *certfile = "openpgp-client.txt";
74
const char *certkey = "openpgp-client-key.txt";
75
76
79
bool debug = false;
77
80
78
81
typedef struct {
98
101
99
102
/* Init GPGME */
100
103
gpgme_check_version(NULL);
101
rc = gpgme_engine_check_version(GPGME_PROTOCOL_OpenPGP);
102
if (rc != GPG_ERR_NO_ERROR){
103
fprintf(stderr, "bad gpgme_engine_check_version: %s: %s\n",
104
gpgme_strsource(rc), gpgme_strerror(rc));
105
return -1;
106
}
104
gpgme_engine_check_version(GPGME_PROTOCOL_OpenPGP);
107
105
108
106
/* Set GPGME home directory */
109
107
rc = gpgme_get_engine_info (&engine_info);
195
193
gpgme_data_release(dh_crypto);
196
194
197
195
/* Seek back to the beginning of the GPGME plaintext data buffer */
198
if (gpgme_data_seek(dh_plain, (off_t) 0, SEEK_SET) == -1){
199
perror("pgpme_data_seek");
200
}
201
196
gpgme_data_seek(dh_plain, (off_t) 0, SEEK_SET);
197
202
198
*new_packet = 0;
203
199
while(true){
204
200
if (new_packet_length + BUFFER_SIZE > new_packet_capacity){
257
253
if(debug){
258
254
fprintf(stderr, "Initializing GnuTLS\n");
259
255
}
260
256
261
257
if ((ret = gnutls_global_init ())
262
258
!= GNUTLS_E_SUCCESS) {
263
259
fprintf (stderr, "global_init: %s\n", safer_gnutls_strerror(ret));
279
275
280
276
if(debug){
281
277
fprintf(stderr, "Attempting to use OpenPGP certificate %s"
282
" and keyfile %s as GnuTLS credentials\n", certfile,
283
certkey);
278
" and keyfile %s as GnuTLS credentials\n", CERTFILE,
279
KEYFILE);
284
280
}
285
281
286
282
ret = gnutls_certificate_set_openpgp_key_file
287
(es->cred, certfile, certkey, GNUTLS_OPENPGP_FMT_BASE64);
283
(es->cred, CERTFILE, KEYFILE, GNUTLS_OPENPGP_FMT_BASE64);
288
284
if (ret != GNUTLS_E_SUCCESS) {
289
285
fprintf
290
286
(stderr, "Error[%d] while reading the OpenPGP key pair ('%s',"
291
287
" '%s')\n",
292
ret, certfile, certkey);
288
ret, CERTFILE, KEYFILE);
293
289
fprintf(stdout, "The Error is: %s\n",
294
290
safer_gnutls_strerror(ret));
295
291
return -1;
348
344
__attribute__((unused)) const char *txt){}
349
345
350
346
int start_mandos_communication(const char *ip, uint16_t port,
351
AvahiIfIndex if_index){
347
unsigned int if_index){
352
348
int ret, tcp_sd;
353
349
struct sockaddr_in6 to;
354
350
encrypted_session es;
362
358
char interface[IF_NAMESIZE];
363
359
364
360
if(debug){
365
fprintf(stderr, "Setting up a tcp connection to %s, port %d\n",
366
ip, port);
361
fprintf(stderr, "Setting up a tcp connection to %s\n", ip);
367
362
}
368
363
369
364
tcp_sd = socket(PF_INET6, SOCK_STREAM, 0);
372
367
return -1;
373
368
}
374
369
375
if(if_indextoname((unsigned int)if_index, interface) == NULL){
370
if(if_indextoname(if_index, interface) == NULL){
376
371
if(debug){
377
372
perror("if_indextoname");
378
373
}
399
394
to.sin6_scope_id = (uint32_t)if_index;
400
395
401
396
if(debug){
402
fprintf(stderr, "Connection to: %s, port %d\n", ip, port);
403
/* char addrstr[INET6_ADDRSTRLEN]; */
404
/* if(inet_ntop(to.sin6_family, &(to.sin6_addr), addrstr, */
405
/* sizeof(addrstr)) == NULL){ */
406
/* perror("inet_ntop"); */
407
/* } else { */
408
/* fprintf(stderr, "Really connecting to: %s, port %d\n", */
409
/* addrstr, ntohs(to.sin6_port)); */
410
/* } */
397
fprintf(stderr, "Connection to: %s\n", ip);
411
398
}
412
399
413
400
ret = connect(tcp_sd, (struct sockaddr *) &to, sizeof(to));
492
479
decrypted_buffer_size = pgp_packet_decrypt(buffer,
493
480
buffer_length,
494
481
&decrypted_buffer,
495
certdir);
482
CERT_ROOT);
496
483
if (decrypted_buffer_size >= 0){
497
while(written < (size_t) decrypted_buffer_size){
484
while(written < decrypted_buffer_size){
498
485
ret = (int)fwrite (decrypted_buffer + written, 1,
499
486
(size_t)decrypted_buffer_size - written,
500
487
stdout);
569
556
fprintf(stderr, "Mandos server \"%s\" found on %s (%s) on"
570
557
" port %d\n", name, host_name, ip, port);
571
558
}
572
int ret = start_mandos_communication(ip, port, interface);
559
int ret = start_mandos_communication(ip, port,
560
(unsigned int) interface);
573
561
if (ret == 0){
574
562
exit(EXIT_SUCCESS);
575
563
}
627
615
}
628
616
}
629
617
630
/* combinds file name and path and returns the malloced new string. som sane checks could/should be added */
631
const char *combinepath(const char *first, const char *second){
632
char *tmp;
633
tmp = malloc(strlen(first) + strlen(second) + 2);
634
if (tmp == NULL){
635
perror("malloc");
636
return NULL;
637
}
638
strcpy(tmp, first);
639
if (first[0] != '\0' and first[strlen(first) - 1] != '/'){
640
strcat(tmp, "/");
641
}
642
strcat(tmp, second);
643
return tmp;
644
}
645
646
647
618
int main(AVAHI_GCC_UNUSED int argc, AVAHI_GCC_UNUSED char*argv[]) {
648
619
AvahiServerConfig config;
649
620
AvahiSServiceBrowser *sb = NULL;
650
621
int error;
651
622
int ret;
652
623
int returncode = EXIT_SUCCESS;
653
const char *interface = NULL;
654
AvahiIfIndex if_index = AVAHI_IF_UNSPEC;
655
char *connect_to = NULL;
624
const char *interface = "eth0";
656
625
657
626
while (true){
658
627
static struct option long_options[] = {
659
628
{"debug", no_argument, (int *)&debug, 1},
660
{"connect", required_argument, 0, 'C'},
661
629
{"interface", required_argument, 0, 'i'},
662
{"certdir", required_argument, 0, 'd'},
663
{"certkey", required_argument, 0, 'c'},
664
{"certfile", required_argument, 0, 'k'},
665
630
{0, 0, 0, 0} };
666
631
667
632
int option_index = 0;
678
643
case 'i':
679
644
interface = optarg;
680
645
break;
681
case 'C':
682
connect_to = optarg;
683
break;
684
case 'd':
685
certdir = optarg;
686
break;
687
case 'c':
688
certfile = optarg;
689
break;
690
case 'k':
691
certkey = optarg;
692
break;
693
646
default:
694
647
exit(EXIT_FAILURE);
695
648
}
696
649
}
697
698
certfile = combinepath(certdir, certfile);
699
if (certfile == NULL){
700
goto exit;
701
}
702
703
if(interface != NULL){
704
if_index = (AvahiIfIndex) if_nametoindex(interface);
705
if(if_index == 0){
706
fprintf(stderr, "No such interface: \"%s\"\n", interface);
707
exit(EXIT_FAILURE);
708
}
709
}
710
711
if(connect_to != NULL){
712
/* Connect directly, do not use Zeroconf */
713
/* (Mainly meant for debugging) */
714
char *address = strrchr(connect_to, ':');
715
if(address == NULL){
716
fprintf(stderr, "No colon in address\n");
717
exit(EXIT_FAILURE);
718
}
719
errno = 0;
720
uint16_t port = (uint16_t) strtol(address+1, NULL, 10);
721
if(errno){
722
perror("Bad port number");
723
exit(EXIT_FAILURE);
724
}
725
*address = '\0';
726
address = connect_to;
727
ret = start_mandos_communication(address, port, if_index);
728
if(ret < 0){
729
exit(EXIT_FAILURE);
730
} else {
731
exit(EXIT_SUCCESS);
732
}
733
}
734
735
certkey = combinepath(certdir, certkey);
736
if (certkey == NULL){
737
goto exit;
738
}
739
650
740
651
if (not debug){
741
652
avahi_set_log_function(empty_log);
774
685
}
775
686
776
687
/* Create the service browser */
777
sb = avahi_s_service_browser_new(server, if_index,
688
sb = avahi_s_service_browser_new(server,
689
(AvahiIfIndex)
690
if_nametoindex(interface),
778
691
AVAHI_PROTO_INET6,
779
692
"_mandos._tcp", NULL, 0,
780
693
browse_callback, server);
808
721
809
722
if (simple_poll)
810
723
avahi_simple_poll_free(simple_poll);
811
free(certfile);
812
free(certkey);
813
724
814
725
return returncode;
815
726
}
Loggerhead is a web-based interface for Breezy
Version: 2.0.2.dev0