/mandos/trunk : revision 27

8

* includes the following functions: "resolve_callback",

9

* "browse_callback", and parts of "main".

10

*

11

* Everything else is

12

11

12

* Påhlsson.

13

*

14

* This program is free software: you can redistribute it and/or

15

* modify it under the terms of the GNU General Public License as

25

* along with this program. If not, see

26

* <http://www.gnu.org/licenses/>.

27

*

28

* Contact the authors at <mandos@fukt.bsnet.se>.

28

* Contact the authors at <https://www.fukt.bsnet.se/~belorn/> and

29

* <https://www.fukt.bsnet.se/~teddy/>.

29

30

*/

30

31

/* Needed by GPGME, specifically gpgme_data_seek() */

32

#define _FORTIFY_SOURCE 2

33

32

34

#define _LARGEFILE_SOURCE

33

35

#define _FILE_OFFSET_BITS 64

34

36

37

39

#include <stdlib.h>

38

40

#include <time.h>

39

41

#include <net/if.h> /* if_nametoindex */

40

#include <sys/ioctl.h> // ioctl, ifreq, SIOCGIFFLAGS, IFF_UP, SIOCSIFFLAGS

41

#include <net/if.h> // ioctl, ifreq, SIOCGIFFLAGS, IFF_UP, SIOCSIFFLAGS

42

43

#include <avahi-core/core.h>

44

#include <avahi-core/lookup.h>

65

#include <errno.h> /* perror() */

66

#include <gpgme.h>

67

68

// getopt_long

68

// getopt long

69

#include <getopt.h>

70

71

#ifndef CERT_ROOT

72

#define CERT_ROOT "/conf/conf.d/cryptkeyreq/"

73

#endif

74

#define CERTFILE CERT_ROOT "openpgp-client.txt"

75

#define KEYFILE CERT_ROOT "openpgp-client-key.txt"

71

76

#define BUFFER_SIZE 256

72

73

static const char *keydir = "/conf/conf.d/mandos";

74

static const char *pubkeyfile = "pubkey.txt";

75

static const char *seckeyfile = "seckey.txt";

77

#define DH_BITS 1024

76

78

77

79

bool debug = false;

78

80

79

/* Used for passing in values through all the callback functions */

80

81

typedef struct {

81

AvahiSimplePoll *simple_poll;

82

AvahiServer *server;

82

gnutls_session_t session;

83

gnutls_certificate_credentials_t cred;

84

unsigned int dh_bits;

85

const char *priority;

86

} mandos_context;

87

88

static ssize_t pgp_packet_decrypt (char *packet, size_t packet_size,

89

char **new_packet,

90

const char *homedir){

84

gnutls_dh_params_t dh_params;

85

} encrypted_session;

86

87

88

ssize_t pgp_packet_decrypt (char *packet, size_t packet_size,

89

char **new_packet, const char *homedir){

91

90

gpgme_data_t dh_crypto, dh_plain;

92

91

gpgme_ctx_t ctx;

93

92

gpgme_error_t rc;

102

101

103

102

/* Init GPGME */

104

103

gpgme_check_version(NULL);

105

rc = gpgme_engine_check_version(GPGME_PROTOCOL_OpenPGP);

106

if (rc != GPG_ERR_NO_ERROR){

107

fprintf(stderr, "bad gpgme_engine_check_version: %s: %s\n",

108

gpgme_strsource(rc), gpgme_strerror(rc));

109

return -1;

110

}

104

gpgme_engine_check_version(GPGME_PROTOCOL_OpenPGP);

111

105

112

106

/* Set GPGME home directory */

113

107

rc = gpgme_get_engine_info (&engine_info);

199

193

gpgme_data_release(dh_crypto);

200

194

201

195

/* Seek back to the beginning of the GPGME plaintext data buffer */

202

if (gpgme_data_seek(dh_plain, (off_t) 0, SEEK_SET) == -1){

203

perror("pgpme_data_seek");

204

}

205

196

gpgme_data_seek(dh_plain, (off_t) 0, SEEK_SET);

197

206

198

*new_packet = 0;

207

199

while(true){

208

200

if (new_packet_length + BUFFER_SIZE > new_packet_capacity){

249

241

return ret;

250

242

}

251

243

252

static void debuggnutls(__attribute__((unused)) int level,

253

const char* string){

244

void debuggnutls(__attribute__((unused)) int level,

245

const char* string){

254

246

fprintf(stderr, "%s", string);

255

247

}

256

248

257

static int initgnutls(mandos_context *mc, gnutls_session_t *session,

258

gnutls_dh_params_t *dh_params){

249

int initgnutls(encrypted_session *es){

259

250

const char *err;

260

251

int ret;

261

252

262

253

if(debug){

263

254

fprintf(stderr, "Initializing GnuTLS\n");

264

255

}

265

256

266

257

if ((ret = gnutls_global_init ())

267

258

!= GNUTLS_E_SUCCESS) {

268

259

fprintf (stderr, "global_init: %s\n", safer_gnutls_strerror(ret));

269

260

return -1;

270

261

}

271

262

272

263

if (debug){

273

264

gnutls_global_set_log_level(11);

274

265

gnutls_global_set_log_function(debuggnutls);

275

266

}

276

267

277

268

/* openpgp credentials */

278

if ((ret = gnutls_certificate_allocate_credentials (&mc->cred))

269

if ((ret = gnutls_certificate_allocate_credentials (&es->cred))

279

270

!= GNUTLS_E_SUCCESS) {

280

271

fprintf (stderr, "memory error: %s\n",

281

272

safer_gnutls_strerror(ret));

284

275

285

276

if(debug){

286

277

fprintf(stderr, "Attempting to use OpenPGP certificate %s"

287

" and keyfile %s as GnuTLS credentials\n", pubkeyfile,

288

seckeyfile);

278

" and keyfile %s as GnuTLS credentials\n", CERTFILE,

279

KEYFILE);

289

280

}

290

281

291

282

ret = gnutls_certificate_set_openpgp_key_file

292

(mc->cred, pubkeyfile, seckeyfile, GNUTLS_OPENPGP_FMT_BASE64);

283

(es->cred, CERTFILE, KEYFILE, GNUTLS_OPENPGP_FMT_BASE64);

293

284

if (ret != GNUTLS_E_SUCCESS) {

294

285

fprintf

295

286

(stderr, "Error[%d] while reading the OpenPGP key pair ('%s',"

296

287

" '%s')\n",

297

ret, pubkeyfile, seckeyfile);

288

ret, CERTFILE, KEYFILE);

298

289

fprintf(stdout, "The Error is: %s\n",

299

290

safer_gnutls_strerror(ret));

300

291

return -1;

301

292

}

302

293

303

294

//GnuTLS server initialization

304

if ((ret = gnutls_dh_params_init(dh_params))

295

if ((ret = gnutls_dh_params_init (&es->dh_params))

305

296

!= GNUTLS_E_SUCCESS) {

306

297

fprintf (stderr, "Error in dh parameter initialization: %s\n",

307

298

safer_gnutls_strerror(ret));

308

299

return -1;

309

300

}

310

301

311

if ((ret = gnutls_dh_params_generate2(*dh_params, mc->dh_bits))

302

if ((ret = gnutls_dh_params_generate2 (es->dh_params, DH_BITS))

312

303

!= GNUTLS_E_SUCCESS) {

313

304

fprintf (stderr, "Error in prime generation: %s\n",

314

305

safer_gnutls_strerror(ret));

315

306

return -1;

316

307

}

317

308

318

gnutls_certificate_set_dh_params(mc->cred, *dh_params);

309

gnutls_certificate_set_dh_params (es->cred, es->dh_params);

319

310

320

311

// GnuTLS session creation

321

if ((ret = gnutls_init(session, GNUTLS_SERVER))

312

if ((ret = gnutls_init (&es->session, GNUTLS_SERVER))

322

313

!= GNUTLS_E_SUCCESS){

323

314

fprintf(stderr, "Error in GnuTLS session initialization: %s\n",

324

315

safer_gnutls_strerror(ret));

325

316

}

326

317

327

if ((ret = gnutls_priority_set_direct(*session, mc->priority, &err))

318

if ((ret = gnutls_priority_set_direct (es->session, "NORMAL", &err))

328

319

!= GNUTLS_E_SUCCESS) {

329

320

fprintf(stderr, "Syntax error at: %s\n", err);

330

321

fprintf(stderr, "GnuTLS error: %s\n",

332

323

return -1;

333

324

}

334

325

335

if ((ret = gnutls_credentials_set(*session, GNUTLS_CRD_CERTIFICATE,

336

mc->cred))

326

if ((ret = gnutls_credentials_set

327

(es->session, GNUTLS_CRD_CERTIFICATE, es->cred))

337

328

!= GNUTLS_E_SUCCESS) {

338

329

fprintf(stderr, "Error setting a credentials set: %s\n",

339

330

safer_gnutls_strerror(ret));

341

332

}

342

333

343

334

/* ignore client certificate if any. */

344

gnutls_certificate_server_set_request (*session,

335

gnutls_certificate_server_set_request (es->session,

345

336

GNUTLS_CERT_IGNORE);

346

337

347

gnutls_dh_set_prime_bits (*session, mc->dh_bits);

338

gnutls_dh_set_prime_bits (es->session, DH_BITS);

348

339

349

340

return 0;

350

341

}

351

342

352

static void empty_log(__attribute__((unused)) AvahiLogLevel level,

353

__attribute__((unused)) const char *txt){}

343

void empty_log(__attribute__((unused)) AvahiLogLevel level,

344

__attribute__((unused)) const char *txt){}

354

345

355

static int start_mandos_communication(const char *ip, uint16_t port,

356

AvahiIfIndex if_index,

357

mandos_context *mc){

346

int start_mandos_communication(const char *ip, uint16_t port,

347

unsigned int if_index){

358

348

int ret, tcp_sd;

359

349

struct sockaddr_in6 to;

350

encrypted_session es;

360

351

char *buffer = NULL;

361

352

char *decrypted_buffer;

362

353

size_t buffer_length = 0;

365

356

size_t written = 0;

366

357

int retval = 0;

367

358

char interface[IF_NAMESIZE];

368

gnutls_session_t session;

369

gnutls_dh_params_t dh_params;

370

359

371

360

if(debug){

372

fprintf(stderr, "Setting up a tcp connection to %s, port %d\n",

373

ip, port);

361

fprintf(stderr, "Setting up a tcp connection to %s\n", ip);

374

362

}

375

363

376

364

tcp_sd = socket(PF_INET6, SOCK_STREAM, 0);

378

366

perror("socket");

379

367

return -1;

380

368

}

381

382

if(debug){

383

if(if_indextoname((unsigned int)if_index, interface) == NULL){

369

370

if(if_indextoname(if_index, interface) == NULL){

371

if(debug){

384

372

perror("if_indextoname");

385

return -1;

386

373

}

374

return -1;

375

}

376

377

if(debug){

387

378

fprintf(stderr, "Binding to interface %s\n", interface);

388

379

}

389

380

393

384

if (ret < 0 ){

394

385

perror("inet_pton");

395

386

return -1;

396

}

387

}

397

388

if(ret == 0){

398

389

fprintf(stderr, "Bad address: %s\n", ip);

399

390

return -1;

403

394

to.sin6_scope_id = (uint32_t)if_index;

404

395

405

396

if(debug){

406

fprintf(stderr, "Connection to: %s, port %d\n", ip, port);

407

char addrstr[INET6_ADDRSTRLEN] = "";

408

if(inet_ntop(to.sin6_family, &(to.sin6_addr), addrstr,

409

sizeof(addrstr)) == NULL){

410

perror("inet_ntop");

411

} else {

412

if(strcmp(addrstr, ip) != 0){

413

fprintf(stderr, "Canonical address form: %s\n", addrstr);

414

}

415

}

397

fprintf(stderr, "Connection to: %s\n", ip);

416

398

}

417

399

418

400

ret = connect(tcp_sd, (struct sockaddr *) &to, sizeof(to));

421

403

return -1;

422

404

}

423

405

424

ret = initgnutls (mc, &session, &dh_params);

406

ret = initgnutls (&es);

425

407

if (ret != 0){

426

408

retval = -1;

427

409

return -1;

428

410

}

429

411

430

gnutls_transport_set_ptr (session, (gnutls_transport_ptr_t) tcp_sd);

412

gnutls_transport_set_ptr (es.session,

413

(gnutls_transport_ptr_t) tcp_sd);

431

414

432

415

if(debug){

433

416

fprintf(stderr, "Establishing TLS session with %s\n", ip);

434

417

}

435

418

436

ret = gnutls_handshake (session);

419

ret = gnutls_handshake (es.session);

437

420

438

421

if (ret != GNUTLS_E_SUCCESS){

439

422

if(debug){

461

444

buffer_capacity += BUFFER_SIZE;

462

445

}

463

446

464

ret = gnutls_record_recv(session, buffer+buffer_length,

465

BUFFER_SIZE);

447

ret = gnutls_record_recv

448

(es.session, buffer+buffer_length, BUFFER_SIZE);

466

449

if (ret == 0){

467

450

break;

468

451

}

472

455

case GNUTLS_E_AGAIN:

473

456

break;

474

457

case GNUTLS_E_REHANDSHAKE:

475

ret = gnutls_handshake (session);

458

ret = gnutls_handshake (es.session);

476

459

if (ret < 0){

477

460

fprintf(stderr, "\n*** Handshake failed ***\n");

478

461

gnutls_perror (ret);

484

467

fprintf(stderr, "Unknown error while reading data from"

485

468

" encrypted session with mandos server\n");

486

469

retval = -1;

487

gnutls_bye (session, GNUTLS_SHUT_RDWR);

470

gnutls_bye (es.session, GNUTLS_SHUT_RDWR);

488

471

goto exit;

489

472

}

490

473

} else {

496

479

decrypted_buffer_size = pgp_packet_decrypt(buffer,

497

480

buffer_length,

498

481

&decrypted_buffer,

499

keydir);

482

CERT_ROOT);

500

483

if (decrypted_buffer_size >= 0){

501

while(written < (size_t) decrypted_buffer_size){

484

while(written < decrypted_buffer_size){

502

485

ret = (int)fwrite (decrypted_buffer + written, 1,

503

486

(size_t)decrypted_buffer_size - written,

504

487

stdout);

525

508

}

526

509

527

510

free(buffer);

528

gnutls_bye (session, GNUTLS_SHUT_RDWR);

511

gnutls_bye (es.session, GNUTLS_SHUT_RDWR);

529

512

exit:

530

513

close(tcp_sd);

531

gnutls_deinit (session);

532

gnutls_certificate_free_credentials (mc->cred);

514

gnutls_deinit (es.session);

515

gnutls_certificate_free_credentials (es.cred);

533

516

gnutls_global_deinit ();

534

517

return retval;

535

518

}

536

519

537

static void resolve_callback( AvahiSServiceResolver *r,

538

AvahiIfIndex interface,

539

AVAHI_GCC_UNUSED AvahiProtocol protocol,

540

AvahiResolverEvent event,

541

const char *name,

542

const char *type,

543

const char *domain,

544

const char *host_name,

545

const AvahiAddress *address,

546

uint16_t port,

547

AVAHI_GCC_UNUSED AvahiStringList *txt,

548

AVAHI_GCC_UNUSED AvahiLookupResultFlags flags,

549

void* userdata) {

550

mandos_context *mc = userdata;

520

static AvahiSimplePoll *simple_poll = NULL;

521

static AvahiServer *server = NULL;

522

523

static void resolve_callback(

524

AvahiSServiceResolver *r,

525

AvahiIfIndex interface,

526

AVAHI_GCC_UNUSED AvahiProtocol protocol,

527

AvahiResolverEvent event,

528

const char *name,

529

const char *type,

530

const char *domain,

531

const char *host_name,

532

const AvahiAddress *address,

533

uint16_t port,

534

AVAHI_GCC_UNUSED AvahiStringList *txt,

535

AVAHI_GCC_UNUSED AvahiLookupResultFlags flags,

536

AVAHI_GCC_UNUSED void* userdata) {

537

551

538

assert(r); /* Spurious warning */

552

539

553

540

/* Called whenever a service has been resolved successfully or

558

545

case AVAHI_RESOLVER_FAILURE:

559

546

fprintf(stderr, "(Resolver) Failed to resolve service '%s' of"

560

547

" type '%s' in domain '%s': %s\n", name, type, domain,

561

avahi_strerror(avahi_server_errno(mc->server)));

548

avahi_strerror(avahi_server_errno(server)));

562

549

break;

563

550

564

551

case AVAHI_RESOLVER_FOUND:

569

556

fprintf(stderr, "Mandos server \"%s\" found on %s (%s) on"

570

557

" port %d\n", name, host_name, ip, port);

571

558

}

572

int ret = start_mandos_communication(ip, port, interface, mc);

559

int ret = start_mandos_communication(ip, port,

560

(unsigned int) interface);

573

561

if (ret == 0){

574

562

exit(EXIT_SUCCESS);

575

563

}

578

566

avahi_s_service_resolver_free(r);

579

567

}

580

568

581

static void browse_callback( AvahiSServiceBrowser *b,

582

AvahiIfIndex interface,

583

AvahiProtocol protocol,

584

AvahiBrowserEvent event,

585

const char *name,

586

const char *type,

587

const char *domain,

588

AVAHI_GCC_UNUSED AvahiLookupResultFlags flags,

589

void* userdata) {

590

mandos_context *mc = userdata;

591

assert(b); /* Spurious warning */

592

593

/* Called whenever a new services becomes available on the LAN or

594

is removed from the LAN */

595

596

switch (event) {

597

default:

598

case AVAHI_BROWSER_FAILURE:

599

600

fprintf(stderr, "(Browser) %s\n",

601

avahi_strerror(avahi_server_errno(mc->server)));

602

avahi_simple_poll_quit(mc->simple_poll);

603

return;

604

605

case AVAHI_BROWSER_NEW:

606

/* We ignore the returned resolver object. In the callback

607

function we free it. If the server is terminated before

608

the callback function is called the server will free

609

the resolver for us. */

610

611

if (!(avahi_s_service_resolver_new(mc->server, interface, protocol, name,

612

type, domain,

613

AVAHI_PROTO_INET6, 0,

614

resolve_callback, mc)))

615

fprintf(stderr, "Failed to resolve service '%s': %s\n", name,

616

avahi_strerror(avahi_server_errno(mc->server)));

617

break;

618

619

case AVAHI_BROWSER_REMOVE:

620

break;

621

622

case AVAHI_BROWSER_ALL_FOR_NOW:

623

case AVAHI_BROWSER_CACHE_EXHAUSTED:

624

break;

625

}

626

}

627

628

/* Combines file name and path and returns the malloced new

629

string. some sane checks could/should be added */

630

static const char *combinepath(const char *first, const char *second){

631

size_t f_len = strlen(first);

632

size_t s_len = strlen(second);

633

char *tmp = malloc(f_len + s_len + 2);

634

if (tmp == NULL){

635

return NULL;

636

}

637

if(f_len > 0){

638

memcpy(tmp, first, f_len); /* Spurious warning */

639

}

640

tmp[f_len] = '/';

641

if(s_len > 0){

642

memcpy(tmp + f_len + 1, second, s_len); /* Spurious warning */

643

}

644

tmp[f_len + 1 + s_len] = '\0';

645

return tmp;

646

}

647

569

static void browse_callback(

570

AvahiSServiceBrowser *b,

571

AvahiIfIndex interface,

572

AvahiProtocol protocol,

573

AvahiBrowserEvent event,

574

const char *name,

575

const char *type,

576

const char *domain,

577

AVAHI_GCC_UNUSED AvahiLookupResultFlags flags,

578

void* userdata) {

579

580

AvahiServer *s = userdata;

581

assert(b); /* Spurious warning */

582

583

/* Called whenever a new services becomes available on the LAN or

584

is removed from the LAN */

585

586

switch (event) {

587

default:

588

case AVAHI_BROWSER_FAILURE:

589

590

fprintf(stderr, "(Browser) %s\n",

591

avahi_strerror(avahi_server_errno(server)));

592

avahi_simple_poll_quit(simple_poll);

593

return;

594

595

case AVAHI_BROWSER_NEW:

596

/* We ignore the returned resolver object. In the callback

597

function we free it. If the server is terminated before

598

the callback function is called the server will free

599

the resolver for us. */

600

601

if (!(avahi_s_service_resolver_new(s, interface, protocol, name,

602

type, domain,

603

AVAHI_PROTO_INET6, 0,

604

resolve_callback, s)))

605

fprintf(stderr, "Failed to resolve service '%s': %s\n", name,

606

avahi_strerror(avahi_server_errno(s)));

607

break;

608

609

case AVAHI_BROWSER_REMOVE:

610

break;

611

612

case AVAHI_BROWSER_ALL_FOR_NOW:

613

case AVAHI_BROWSER_CACHE_EXHAUSTED:

614

break;

615

}

616

}

648

617

649

618

int main(AVAHI_GCC_UNUSED int argc, AVAHI_GCC_UNUSED char*argv[]) {

650

619

AvahiServerConfig config;

651

620

AvahiSServiceBrowser *sb = NULL;

652

621

int error;

653

622

int ret;

654

int debug_int;

655

623

int returncode = EXIT_SUCCESS;

656

624

const char *interface = "eth0";

657

struct ifreq network;

658

int sd;

659

char *connect_to = NULL;

660

AvahiIfIndex if_index = AVAHI_IF_UNSPEC;

661

mandos_context mc = { .simple_poll = NULL, .server = NULL,

662

.dh_bits = 1024, .priority = "SECURE256"};

663

625

664

debug_int = debug ? 1 : 0;

665

626

while (true){

666

struct option long_options[] = {

667

{"debug", no_argument, &debug_int, 1},

668

{"connect", required_argument, NULL, 'c'},

669

{"interface", required_argument, NULL, 'i'},

670

{"keydir", required_argument, NULL, 'd'},

671

{"seckey", required_argument, NULL, 's'},

672

{"pubkey", required_argument, NULL, 'p'},

673

{"dh-bits", required_argument, NULL, 'D'},

674

{"priority", required_argument, NULL, 'P'},

627

static struct option long_options[] = {

628

{"debug", no_argument, (int *)&debug, 1},

629

{"interface", required_argument, 0, 'i'},

675

630

{0, 0, 0, 0} };

676

631

677

632

int option_index = 0;

688

643

case 'i':

689

644

interface = optarg;

690

645

break;

691

case 'c':

692

connect_to = optarg;

693

break;

694

case 'd':

695

keydir = optarg;

696

break;

697

case 'p':

698

pubkeyfile = optarg;

699

break;

700

case 's':

701

seckeyfile = optarg;

702

break;

703

case 'D':

704

errno = 0;

705

mc.dh_bits = (unsigned int) strtol(optarg, NULL, 10);

706

if (errno){

707

perror("strtol");

708

exit(EXIT_FAILURE);

709

}

710

break;

711

case 'P':

712

mc.priority = optarg;

713

break;

714

case '?':

715

646

default:

716

647

exit(EXIT_FAILURE);

717

648

}

718

649

}

719

debug = debug_int ? true : false;

720

721

pubkeyfile = combinepath(keydir, pubkeyfile);

722

if (pubkeyfile == NULL){

723

perror("combinepath");

724

returncode = EXIT_FAILURE;

725

goto exit;

726

}

727

728

seckeyfile = combinepath(keydir, seckeyfile);

729

if (seckeyfile == NULL){

730

perror("combinepath");

731

goto exit;

732

}

733

734

if_index = (AvahiIfIndex) if_nametoindex(interface);

735

if(if_index == 0){

736

fprintf(stderr, "No such interface: \"%s\"\n", interface);

737

exit(EXIT_FAILURE);

738

}

739

740

if(connect_to != NULL){

741

/* Connect directly, do not use Zeroconf */

742

/* (Mainly meant for debugging) */

743

char *address = strrchr(connect_to, ':');

744

if(address == NULL){

745

fprintf(stderr, "No colon in address\n");

746

exit(EXIT_FAILURE);

747

}

748

errno = 0;

749

uint16_t port = (uint16_t) strtol(address+1, NULL, 10);

750

if(errno){

751

perror("Bad port number");

752

exit(EXIT_FAILURE);

753

}

754

*address = '\0';

755

address = connect_to;

756

ret = start_mandos_communication(address, port, if_index, &mc);

757

if(ret < 0){

758

exit(EXIT_FAILURE);

759

} else {

760

exit(EXIT_SUCCESS);

761

}

762

}

763

764

sd = socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP);

765

if(sd < 0) {

766

perror("socket");

767

returncode = EXIT_FAILURE;

768

goto exit;

769

}

770

strcpy(network.ifr_name, interface); /* Spurious warning */

771

ret = ioctl(sd, SIOCGIFFLAGS, &network);

772

if(ret == -1){

773

774

perror("ioctl SIOCGIFFLAGS");

775

returncode = EXIT_FAILURE;

776

goto exit;

777

}

778

if((network.ifr_flags & IFF_UP) == 0){

779

network.ifr_flags |= IFF_UP;

780

ret = ioctl(sd, SIOCSIFFLAGS, &network);

781

if(ret == -1){

782

perror("ioctl SIOCSIFFLAGS");

783

returncode = EXIT_FAILURE;

784

goto exit;

785

}

786

}

787

close(sd);

788

650

789

651

if (not debug){

790

652

avahi_set_log_function(empty_log);

794

656

srand((unsigned int) time(NULL));

795

657

796

658

/* Allocate main loop object */

797

if (!(mc.simple_poll = avahi_simple_poll_new())) {

659

if (!(simple_poll = avahi_simple_poll_new())) {

798

660

fprintf(stderr, "Failed to create simple poll object.\n");

799

returncode = EXIT_FAILURE;

661

800

662

goto exit;

801

663

}

802

664

808

670

config.publish_domain = 0;

809

671

810

672

/* Allocate a new server */

811

mc.server=avahi_server_new(avahi_simple_poll_get(mc.simple_poll),

812

&config, NULL, NULL, &error);

813

673

server = avahi_server_new(avahi_simple_poll_get(simple_poll),

674

&config, NULL, NULL, &error);

675

814

676

/* Free the configuration data */

815

677

avahi_server_config_free(&config);

816

678

817

679

/* Check if creating the server object succeeded */

818

if (!mc.server) {

680

if (!server) {

819

681

fprintf(stderr, "Failed to create server: %s\n",

820

682

avahi_strerror(error));

821

683

returncode = EXIT_FAILURE;

823

685

}

824

686

825

687

/* Create the service browser */

826

sb = avahi_s_service_browser_new(mc.server, if_index,

688

sb = avahi_s_service_browser_new(server,

689

(AvahiIfIndex)

690

if_nametoindex(interface),

827

691

AVAHI_PROTO_INET6,

828

692

"_mandos._tcp", NULL, 0,

829

browse_callback, &mc);

693

browse_callback, server);

830

694

if (!sb) {

831

695

fprintf(stderr, "Failed to create service browser: %s\n",

832

avahi_strerror(avahi_server_errno(mc.server)));

696

avahi_strerror(avahi_server_errno(server)));

833

697

returncode = EXIT_FAILURE;

834

698

goto exit;

835

699

}

840

704

fprintf(stderr, "Starting avahi loop search\n");

841

705

}

842

706

843

avahi_simple_poll_loop(mc.simple_poll);

707

avahi_simple_poll_loop(simple_poll);

844

708

845

709

exit:

846

710

852

716

if (sb)

853

717

avahi_s_service_browser_free(sb);

854

718

855

if (mc.server)

856

avahi_server_free(mc.server);

857

858

if (mc.simple_poll)

859

avahi_simple_poll_free(mc.simple_poll);

860

free(pubkeyfile);

861

free(seckeyfile);

862

719

if (server)

720

avahi_server_free(server);

721

722

if (simple_poll)

723

avahi_simple_poll_free(simple_poll);

724

863

725

return returncode;

864

726

}