/mandos/trunk : revision 28

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to plugins.d/mandosclient.c

Committer: Teddy Hogeborn
Date: 2008-07-29 03:35:39 UTC
Revision ID: teddy@fukt.bsnet.se-20080729033539-08zecoj3jwlkpjhw

* server.conf: New file.

* mandos-clients.conf: Renamed to clients.conf.

* Makefile (FORTIFY): New.
  (CFLAGS): Include $(FORTIFY).

* plugins.d/mandosclient.c (main): New "if_index" variable.  Bug fix:
                                   check if interface exists.  New
                                   "--connect" option.

* server.py (serviceInterface): Removed; replaced by
                                "AvahiService.interface".  All users
                                changed.
  (AvahiError, AvahiServiceError, AvahiGroupError): New exception
                                                    classes.
  (AvahiService): New class.
  (serviceName): Removed; replaced by "AvahiService.name".  All users
                 changed.
  (serviceType): Removed; replaced by "AvahiService.type".  All users
                 changed.
  (servicePort): Removed; replaced by "AvahiService.port".  All users
                 changed.
  (serviceTXT): Removed; replaced by "AvahiService.TXT".  All users
                changed.
  (domain): Removed; replaced by "AvahiService.domain".  All users
            changed.
  (host): Removed; replaced by "AvahiService.host".  All users
          changed.
  (rename_count): Removed; replaced by "AvahiService.rename_count" and
                 "AvahiService.max_renames".  All users changed.
  (Client.__init__): If no secret or secfile, raise TypeError instead
                     of RuntimeError.
  (Client.last_seen): Renamed to "Client.last_checked_ok".  All users
                      changed.
  (Client.stop, Client.stop_checker): Use "getattr" with default value
                                      instead of "hasattr".
  (Client.still_valid): Removed "now" argument.
  (Client.handle): Separate the "no client found" and "client invalid"
                   cases for clearer code.
  (IPv6_TCPServer.__init__): "options" argument replaced by
                             "settings".  All callers changed.
  (IPv6_TCPServer.options): Replaced by "IPv6_TCPServer.settings".
                            All users changed.
  (IPv6_TCPServer.server_bind): Use getattr instead of hasattr.
  (add_service): Removed; replaced by "AvahiService.add".  All callers
                 changed.
  (remove_service): Removed; replaced by "AvahiService.remove".  All
                    callers changed.
  (entry_group_state_changed): On entry group collision, call the new
                               AvahiService.rename method.  Raise
                               AvahiGroupError on group error.
  (if_nametoindex): Use ctypes.utils.find_library to locate the C
                    library.  Cache the result.  Loop on EINTR.
  (daemon): Use os.path.devnull to locate "/dev/null".
  (killme): Removed.  All callers changed to do "sys.exit()" instead,
            except where stated otherwise.
  (main): Removed "exitstatus".  Removed all default values from all
          non-bool options.  New option "--configdir".  New variables
          "server_defaults" and "server_settings", read from
          "%(configdir)s/server.conf".  Let any supplied command line
          options override server settings.   Variable "defaults"
          renamed to "client_defaults", which is read from
          "clients.conf" instead of "mandos-clients.conf".  New global
          AvahiService object "service" replaces old global variables.
          Catch AvahiError and exit with error if caught.

files added:
plugbasedclient.c

plugins.d

plugins.d/mandosclient.c

plugins.d/passprompt.c

server.conf

files removed:
client.cpp

files renamed:
mandos-clients.conf => clients.conf

files modified:
Makefile

TODO

server.py

Show diffs side-by-side

added added

removed removed

plugins.d/mandosclient.c

/* -*- coding: utf-8 -*- */

* Mandos client - get and decrypt data from a Mandos server

* This program is partly derived from an example program for an Avahi

* service browser, downloaded from

* <http://avahi.org/browser/examples/core-browse-services.c>. This

* includes the following functions: "resolve_callback",

* "browse_callback", and parts of "main".

* Everything else is

* This program is free software: you can redistribute it and/or

* modify it under the terms of the GNU General Public License as

* published by the Free Software Foundation, either version 3 of the

* License, or (at your option) any later version.

* This program is distributed in the hope that it will be useful, but

* WITHOUT ANY WARRANTY; without even the implied warranty of

* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU

* General Public License for more details.

* You should have received a copy of the GNU General Public License

* along with this program. If not, see

* <http://www.gnu.org/licenses/>.

* Contact the authors at <https://www.fukt.bsnet.se/~belorn/> and

* <https://www.fukt.bsnet.se/~teddy/>.

/* Needed by GPGME, specifically gpgme_data_seek() */

#define _LARGEFILE_SOURCE

#define _FILE_OFFSET_BITS 64

#include <stdio.h>

#include <assert.h>

#include <stdlib.h>

#include <time.h>

#include <net/if.h> /* if_nametoindex */

#include <avahi-core/core.h>

#include <avahi-core/lookup.h>

#include <avahi-core/log.h>

#include <avahi-common/simple-watch.h>

#include <avahi-common/malloc.h>

#include <avahi-common/error.h>

//mandos client part

#include <sys/types.h> /* socket(), inet_pton() */

#include <sys/socket.h> /* socket(), struct sockaddr_in6,

struct in6_addr, inet_pton() */

#include <gnutls/gnutls.h> /* All GnuTLS stuff */

#include <gnutls/openpgp.h> /* GnuTLS with openpgp stuff */

#include <unistd.h> /* close() */

#include <netinet/in.h>

#include <stdbool.h> /* true */

#include <string.h> /* memset */

#include <arpa/inet.h> /* inet_pton() */

#include <iso646.h> /* not */

// gpgme

#include <errno.h> /* perror() */

#include <gpgme.h>

// getopt long

#include <getopt.h>

#ifndef CERT_ROOT

#define CERT_ROOT "/conf/conf.d/cryptkeyreq/"

#endif

#define CERTFILE CERT_ROOT "openpgp-client.txt"

#define KEYFILE CERT_ROOT "openpgp-client-key.txt"

#define BUFFER_SIZE 256

#define DH_BITS 1024

bool debug = false;

typedef struct {

gnutls_session_t session;

gnutls_certificate_credentials_t cred;

gnutls_dh_params_t dh_params;

} encrypted_session;

ssize_t pgp_packet_decrypt (char *packet, size_t packet_size,

char **new_packet, const char *homedir){

gpgme_data_t dh_crypto, dh_plain;

gpgme_ctx_t ctx;

gpgme_error_t rc;

ssize_t ret;

ssize_t new_packet_capacity = 0;

ssize_t new_packet_length = 0;

gpgme_engine_info_t engine_info;

if (debug){

fprintf(stderr, "Trying to decrypt OpenPGP packet\n");

}

100

101

/* Init GPGME */

102

gpgme_check_version(NULL);

103

gpgme_engine_check_version(GPGME_PROTOCOL_OpenPGP);

104

105

/* Set GPGME home directory */

106

rc = gpgme_get_engine_info (&engine_info);

107

if (rc != GPG_ERR_NO_ERROR){

108

fprintf(stderr, "bad gpgme_get_engine_info: %s: %s\n",

109

gpgme_strsource(rc), gpgme_strerror(rc));

110

return -1;

111

}

112

while(engine_info != NULL){

113

if(engine_info->protocol == GPGME_PROTOCOL_OpenPGP){

114

gpgme_set_engine_info(GPGME_PROTOCOL_OpenPGP,

115

engine_info->file_name, homedir);

116

break;

117

}

118

engine_info = engine_info->next;

119

}

120

if(engine_info == NULL){

121

fprintf(stderr, "Could not set home dir to %s\n", homedir);

122

return -1;

123

}

124

125

/* Create new GPGME data buffer from packet buffer */

126

rc = gpgme_data_new_from_mem(&dh_crypto, packet, packet_size, 0);

127

if (rc != GPG_ERR_NO_ERROR){

128

fprintf(stderr, "bad gpgme_data_new_from_mem: %s: %s\n",

129

gpgme_strsource(rc), gpgme_strerror(rc));

130

return -1;

131

}

132

133

/* Create new empty GPGME data buffer for the plaintext */

134

rc = gpgme_data_new(&dh_plain);

135

if (rc != GPG_ERR_NO_ERROR){

136

fprintf(stderr, "bad gpgme_data_new: %s: %s\n",

137

gpgme_strsource(rc), gpgme_strerror(rc));

138

return -1;

139

}

140

141

/* Create new GPGME "context" */

142

rc = gpgme_new(&ctx);

143

if (rc != GPG_ERR_NO_ERROR){

144

fprintf(stderr, "bad gpgme_new: %s: %s\n",

145

gpgme_strsource(rc), gpgme_strerror(rc));

146

return -1;

147

}

148

149

/* Decrypt data from the FILE pointer to the plaintext data

150

buffer */

151

rc = gpgme_op_decrypt(ctx, dh_crypto, dh_plain);

152

if (rc != GPG_ERR_NO_ERROR){

153

fprintf(stderr, "bad gpgme_op_decrypt: %s: %s\n",

154

gpgme_strsource(rc), gpgme_strerror(rc));

155

return -1;

156

}

157

158

if(debug){

159

fprintf(stderr, "Decryption of OpenPGP packet succeeded\n");

160

}

161

162

if (debug){

163

gpgme_decrypt_result_t result;

164

result = gpgme_op_decrypt_result(ctx);

165

if (result == NULL){

166

fprintf(stderr, "gpgme_op_decrypt_result failed\n");

167

} else {

168

fprintf(stderr, "Unsupported algorithm: %s\n",

169

result->unsupported_algorithm);

170

fprintf(stderr, "Wrong key usage: %d\n",

171

result->wrong_key_usage);

172

if(result->file_name != NULL){

173

fprintf(stderr, "File name: %s\n", result->file_name);

174

}

175

gpgme_recipient_t recipient;

176

recipient = result->recipients;

177

if(recipient){

178

while(recipient != NULL){

179

fprintf(stderr, "Public key algorithm: %s\n",

180

gpgme_pubkey_algo_name(recipient->pubkey_algo));

181

fprintf(stderr, "Key ID: %s\n", recipient->keyid);

182

fprintf(stderr, "Secret key available: %s\n",

183

recipient->status == GPG_ERR_NO_SECKEY

184

? "No" : "Yes");

185

recipient = recipient->next;

186

}

187

}

188

}

189

}

190

191

/* Delete the GPGME FILE pointer cryptotext data buffer */

192

gpgme_data_release(dh_crypto);

193

194

/* Seek back to the beginning of the GPGME plaintext data buffer */

195

gpgme_data_seek(dh_plain, (off_t) 0, SEEK_SET);

196

197

*new_packet = 0;

198

while(true){

199

if (new_packet_length + BUFFER_SIZE > new_packet_capacity){

200

*new_packet = realloc(*new_packet,

201

(unsigned int)new_packet_capacity

202

+ BUFFER_SIZE);

203

if (*new_packet == NULL){

204

perror("realloc");

205

return -1;

206

}

207

new_packet_capacity += BUFFER_SIZE;

208

}

209

210

ret = gpgme_data_read(dh_plain, *new_packet + new_packet_length,

211

BUFFER_SIZE);

212

/* Print the data, if any */

213

if (ret == 0){

214

break;

215

}

216

if(ret < 0){

217

perror("gpgme_data_read");

218

return -1;

219

}

220

new_packet_length += ret;

221

}

222

223

/* FIXME: check characters before printing to screen so to not print

224

terminal control characters */

225

/* if(debug){ */

226

/* fprintf(stderr, "decrypted password is: "); */

227

/* fwrite(*new_packet, 1, new_packet_length, stderr); */

228

/* fprintf(stderr, "\n"); */

229

/* } */

230

231

/* Delete the GPGME plaintext data buffer */

232

gpgme_data_release(dh_plain);

233

return new_packet_length;

234

}

235

236

static const char * safer_gnutls_strerror (int value) {

237

const char *ret = gnutls_strerror (value);

238

if (ret == NULL)

239

ret = "(unknown)";

240

return ret;

241

}

242

243

void debuggnutls(__attribute__((unused)) int level,

244

const char* string){

245

fprintf(stderr, "%s", string);

246

}

247

248

int initgnutls(encrypted_session *es){

249

const char *err;

250

int ret;

251

252

if(debug){

253

fprintf(stderr, "Initializing GnuTLS\n");

254

}

255

256

if ((ret = gnutls_global_init ())

257

!= GNUTLS_E_SUCCESS) {

258

fprintf (stderr, "global_init: %s\n", safer_gnutls_strerror(ret));

259

return -1;

260

}

261

262

if (debug){

263

gnutls_global_set_log_level(11);

264

gnutls_global_set_log_function(debuggnutls);

265

}

266

267

/* openpgp credentials */

268

if ((ret = gnutls_certificate_allocate_credentials (&es->cred))

269

!= GNUTLS_E_SUCCESS) {

270

fprintf (stderr, "memory error: %s\n",

271

safer_gnutls_strerror(ret));

272

return -1;

273

}

274

275

if(debug){

276

fprintf(stderr, "Attempting to use OpenPGP certificate %s"

277

" and keyfile %s as GnuTLS credentials\n", CERTFILE,

278

KEYFILE);

279

}

280

281

ret = gnutls_certificate_set_openpgp_key_file

282

(es->cred, CERTFILE, KEYFILE, GNUTLS_OPENPGP_FMT_BASE64);

283

if (ret != GNUTLS_E_SUCCESS) {

284

fprintf

285

(stderr, "Error[%d] while reading the OpenPGP key pair ('%s',"

286

" '%s')\n",

287

ret, CERTFILE, KEYFILE);

288

fprintf(stdout, "The Error is: %s\n",

289

safer_gnutls_strerror(ret));

290

return -1;

291

}

292

293

//GnuTLS server initialization

294

if ((ret = gnutls_dh_params_init (&es->dh_params))

295

!= GNUTLS_E_SUCCESS) {

296

fprintf (stderr, "Error in dh parameter initialization: %s\n",

297

safer_gnutls_strerror(ret));

298

return -1;

299

}

300

301

if ((ret = gnutls_dh_params_generate2 (es->dh_params, DH_BITS))

302

!= GNUTLS_E_SUCCESS) {

303

fprintf (stderr, "Error in prime generation: %s\n",

304

safer_gnutls_strerror(ret));

305

return -1;

306

}

307

308

gnutls_certificate_set_dh_params (es->cred, es->dh_params);

309

310

// GnuTLS session creation

311

if ((ret = gnutls_init (&es->session, GNUTLS_SERVER))

312

!= GNUTLS_E_SUCCESS){

313

fprintf(stderr, "Error in GnuTLS session initialization: %s\n",

314

safer_gnutls_strerror(ret));

315

}

316

317

if ((ret = gnutls_priority_set_direct (es->session, "NORMAL", &err))

318

!= GNUTLS_E_SUCCESS) {

319

fprintf(stderr, "Syntax error at: %s\n", err);

320

fprintf(stderr, "GnuTLS error: %s\n",

321

safer_gnutls_strerror(ret));

322

return -1;

323

}

324

325

if ((ret = gnutls_credentials_set

326

(es->session, GNUTLS_CRD_CERTIFICATE, es->cred))

327

!= GNUTLS_E_SUCCESS) {

328

fprintf(stderr, "Error setting a credentials set: %s\n",

329

safer_gnutls_strerror(ret));

330

return -1;

331

}

332

333

/* ignore client certificate if any. */

334

gnutls_certificate_server_set_request (es->session,

335

GNUTLS_CERT_IGNORE);

336

337

gnutls_dh_set_prime_bits (es->session, DH_BITS);

338

339

return 0;

340

}

341

342

void empty_log(__attribute__((unused)) AvahiLogLevel level,

343

__attribute__((unused)) const char *txt){}

344

345

int start_mandos_communication(const char *ip, uint16_t port,

346

unsigned int if_index){

347

int ret, tcp_sd;

348

struct sockaddr_in6 to;

349

encrypted_session es;

350

char *buffer = NULL;

351

char *decrypted_buffer;

352

size_t buffer_length = 0;

353

size_t buffer_capacity = 0;

354

ssize_t decrypted_buffer_size;

355

size_t written = 0;

356

int retval = 0;

357

char interface[IF_NAMESIZE];

358

359

if(debug){

360

fprintf(stderr, "Setting up a tcp connection to %s, port %d\n",

361

ip, port);

362

}

363

364

tcp_sd = socket(PF_INET6, SOCK_STREAM, 0);

365

if(tcp_sd < 0) {

366

perror("socket");

367

return -1;

368

}

369

370

if(if_indextoname(if_index, interface) == NULL){

371

if(debug){

372

perror("if_indextoname");

373

}

374

return -1;

375

}

376

377

if(debug){

378

fprintf(stderr, "Binding to interface %s\n", interface);

379

}

380

381

memset(&to,0,sizeof(to)); /* Spurious warning */

382

to.sin6_family = AF_INET6;

383

ret = inet_pton(AF_INET6, ip, &to.sin6_addr);

384

if (ret < 0 ){

385

perror("inet_pton");

386

return -1;

387

}

388

if(ret == 0){

389

fprintf(stderr, "Bad address: %s\n", ip);

390

return -1;

391

}

392

to.sin6_port = htons(port); /* Spurious warning */

393

394

to.sin6_scope_id = (uint32_t)if_index;

395

396

if(debug){

397

fprintf(stderr, "Connection to: %s, port %d\n", ip, port);

398

/* char addrstr[INET6_ADDRSTRLEN]; */

399

/* if(inet_ntop(to.sin6_family, &(to.sin6_addr), addrstr, */

400

/* sizeof(addrstr)) == NULL){ */

401

/* perror("inet_ntop"); */

402

/* } else { */

403

/* fprintf(stderr, "Really connecting to: %s, port %d\n", */

404

/* addrstr, ntohs(to.sin6_port)); */

405

/* } */

406

}

407

408

ret = connect(tcp_sd, (struct sockaddr *) &to, sizeof(to));

409

if (ret < 0){

410

perror("connect");

411

return -1;

412

}

413

414

ret = initgnutls (&es);

415

if (ret != 0){

416

retval = -1;

417

return -1;

418

}

419

420

gnutls_transport_set_ptr (es.session,

421

(gnutls_transport_ptr_t) tcp_sd);

422

423

if(debug){

424

fprintf(stderr, "Establishing TLS session with %s\n", ip);

425

}

426

427

ret = gnutls_handshake (es.session);

428

429

if (ret != GNUTLS_E_SUCCESS){

430

if(debug){

431

fprintf(stderr, "\n*** Handshake failed ***\n");

432

gnutls_perror (ret);

433

}

434

retval = -1;

435

goto exit;

436

}

437

438

//Retrieve OpenPGP packet that contains the wanted password

439

440

if(debug){

441

fprintf(stderr, "Retrieving pgp encrypted password from %s\n",

442

ip);

443

}

444

445

while(true){

446

if (buffer_length + BUFFER_SIZE > buffer_capacity){

447

buffer = realloc(buffer, buffer_capacity + BUFFER_SIZE);

448

if (buffer == NULL){

449

perror("realloc");

450

goto exit;

451

}

452

buffer_capacity += BUFFER_SIZE;

453

}

454

455

ret = gnutls_record_recv

456

(es.session, buffer+buffer_length, BUFFER_SIZE);

457

if (ret == 0){

458

break;

459

}

460

if (ret < 0){

461

switch(ret){

462

case GNUTLS_E_INTERRUPTED:

463

case GNUTLS_E_AGAIN:

464

break;

465

case GNUTLS_E_REHANDSHAKE:

466

ret = gnutls_handshake (es.session);

467

if (ret < 0){

468

fprintf(stderr, "\n*** Handshake failed ***\n");

469

gnutls_perror (ret);

470

retval = -1;

471

goto exit;

472

}

473

break;

474

default:

475

fprintf(stderr, "Unknown error while reading data from"

476

" encrypted session with mandos server\n");

477

retval = -1;

478

gnutls_bye (es.session, GNUTLS_SHUT_RDWR);

479

goto exit;

480

}

481

} else {

482

buffer_length += (size_t) ret;

483

}

484

}

485

486

if (buffer_length > 0){

487

decrypted_buffer_size = pgp_packet_decrypt(buffer,

488

buffer_length,

489

&decrypted_buffer,

490

CERT_ROOT);

491

if (decrypted_buffer_size >= 0){

492

while(written < (size_t) decrypted_buffer_size){

493

ret = (int)fwrite (decrypted_buffer + written, 1,

494

(size_t)decrypted_buffer_size - written,

495

stdout);

496

if(ret == 0 and ferror(stdout)){

497

if(debug){

498

fprintf(stderr, "Error writing encrypted data: %s\n",

499

strerror(errno));

500

}

501

retval = -1;

502

break;

503

}

504

written += (size_t)ret;

505

}

506

free(decrypted_buffer);

507

} else {

508

retval = -1;

509

}

510

}

511

512

//shutdown procedure

513

514

if(debug){

515

fprintf(stderr, "Closing TLS session\n");

516

}

517

518

free(buffer);

519

gnutls_bye (es.session, GNUTLS_SHUT_RDWR);

520

exit:

521

close(tcp_sd);

522

gnutls_deinit (es.session);

523

gnutls_certificate_free_credentials (es.cred);

524

gnutls_global_deinit ();

525

return retval;

526

}

527

528

static AvahiSimplePoll *simple_poll = NULL;

529

static AvahiServer *server = NULL;

530

531

static void resolve_callback(

532

AvahiSServiceResolver *r,

533

AvahiIfIndex interface,

534

AVAHI_GCC_UNUSED AvahiProtocol protocol,

535

AvahiResolverEvent event,

536

const char *name,

537

const char *type,

538

const char *domain,

539

const char *host_name,

540

const AvahiAddress *address,

541

uint16_t port,

542

AVAHI_GCC_UNUSED AvahiStringList *txt,

543

AVAHI_GCC_UNUSED AvahiLookupResultFlags flags,

544

AVAHI_GCC_UNUSED void* userdata) {

545

546

assert(r); /* Spurious warning */

547

548

/* Called whenever a service has been resolved successfully or

549

timed out */

550

551

switch (event) {

552

default:

553

case AVAHI_RESOLVER_FAILURE:

554

fprintf(stderr, "(Resolver) Failed to resolve service '%s' of"

555

" type '%s' in domain '%s': %s\n", name, type, domain,

556

avahi_strerror(avahi_server_errno(server)));

557

break;

558

559

case AVAHI_RESOLVER_FOUND:

560

{

561

char ip[AVAHI_ADDRESS_STR_MAX];

562

avahi_address_snprint(ip, sizeof(ip), address);

563

if(debug){

564

fprintf(stderr, "Mandos server \"%s\" found on %s (%s) on"

565

" port %d\n", name, host_name, ip, port);

566

}

567

int ret = start_mandos_communication(ip, port,

568

(unsigned int) interface);

569

if (ret == 0){

570

exit(EXIT_SUCCESS);

571

}

572

}

573

}

574

avahi_s_service_resolver_free(r);

575

}

576

577

static void browse_callback(

578

AvahiSServiceBrowser *b,

579

AvahiIfIndex interface,

580

AvahiProtocol protocol,

581

AvahiBrowserEvent event,

582

const char *name,

583

const char *type,

584

const char *domain,

585

AVAHI_GCC_UNUSED AvahiLookupResultFlags flags,

586

void* userdata) {

587

588

AvahiServer *s = userdata;

589

assert(b); /* Spurious warning */

590

591

/* Called whenever a new services becomes available on the LAN or

592

is removed from the LAN */

593

594

switch (event) {

595

default:

596

case AVAHI_BROWSER_FAILURE:

597

598

fprintf(stderr, "(Browser) %s\n",

599

avahi_strerror(avahi_server_errno(server)));

600

avahi_simple_poll_quit(simple_poll);

601

return;

602

603

case AVAHI_BROWSER_NEW:

604

/* We ignore the returned resolver object. In the callback

605

function we free it. If the server is terminated before

606

the callback function is called the server will free

607

the resolver for us. */

608

609

if (!(avahi_s_service_resolver_new(s, interface, protocol, name,

610

type, domain,

611

AVAHI_PROTO_INET6, 0,

612

resolve_callback, s)))

613

fprintf(stderr, "Failed to resolve service '%s': %s\n", name,

614

avahi_strerror(avahi_server_errno(s)));

615

break;

616

617

case AVAHI_BROWSER_REMOVE:

618

break;

619

620

case AVAHI_BROWSER_ALL_FOR_NOW:

621

case AVAHI_BROWSER_CACHE_EXHAUSTED:

622

break;

623

}

624

}

625

626

int main(AVAHI_GCC_UNUSED int argc, AVAHI_GCC_UNUSED char*argv[]) {

627

AvahiServerConfig config;

628

AvahiSServiceBrowser *sb = NULL;

629

int error;

630

int ret;

631

int returncode = EXIT_SUCCESS;

632

const char *interface = "eth0";

633

unsigned int if_index;

634

char *connect_to = NULL;

635

636

while (true){

637

static struct option long_options[] = {

638

{"debug", no_argument, (int *)&debug, 1},

639

{"connect", required_argument, 0, 'c'},

640

{"interface", required_argument, 0, 'i'},

641

{0, 0, 0, 0} };

642

643

int option_index = 0;

644

ret = getopt_long (argc, argv, "i:", long_options,

645

&option_index);

646

647

if (ret == -1){

648

break;

649

}

650

651

switch(ret){

652

case 0:

653

break;

654

case 'i':

655

interface = optarg;

656

break;

657

case 'c':

658

connect_to = optarg;

659

break;

660

default:

661

exit(EXIT_FAILURE);

662

}

663

}

664

665

if_index = if_nametoindex(interface);

666

if(if_index == 0){

667

fprintf(stderr, "No such interface: \"%s\"\n", interface);

668

exit(EXIT_FAILURE);

669

}

670

671

if(connect_to != NULL){

672

/* Connect directly, do not use Zeroconf */

673

/* (Mainly meant for debugging) */

674

char *address = strrchr(connect_to, ':');

675

if(address == NULL){

676

fprintf(stderr, "No colon in address\n");

677

exit(EXIT_FAILURE);

678

}

679

errno = 0;

680

uint16_t port = (uint16_t) strtol(address+1, NULL, 10);

681

if(errno){

682

perror("Bad port number");

683

exit(EXIT_FAILURE);

684

}

685

*address = '\0';

686

address = connect_to;

687

ret = start_mandos_communication(address, port, if_index);

688

if(ret < 0){

689

exit(EXIT_FAILURE);

690

} else {

691

exit(EXIT_SUCCESS);

692

}

693

}

694

695

if (not debug){

696

avahi_set_log_function(empty_log);

697

}

698

699

/* Initialize the psuedo-RNG */

700

srand((unsigned int) time(NULL));

701

702

/* Allocate main loop object */

703

if (!(simple_poll = avahi_simple_poll_new())) {

704

fprintf(stderr, "Failed to create simple poll object.\n");

705

706

goto exit;

707

}

708

709

/* Do not publish any local records */

710

avahi_server_config_init(&config);

711

config.publish_hinfo = 0;

712

config.publish_addresses = 0;

713

config.publish_workstation = 0;

714

config.publish_domain = 0;

715

716

/* Allocate a new server */

717

server = avahi_server_new(avahi_simple_poll_get(simple_poll),

718

&config, NULL, NULL, &error);

719

720

/* Free the configuration data */

721

avahi_server_config_free(&config);

722

723

/* Check if creating the server object succeeded */

724

if (!server) {

725

fprintf(stderr, "Failed to create server: %s\n",

726

avahi_strerror(error));

727

returncode = EXIT_FAILURE;

728

goto exit;

729

}

730

731

/* Create the service browser */

732

sb = avahi_s_service_browser_new(server, (AvahiIfIndex)if_index,

733

AVAHI_PROTO_INET6,

734

"_mandos._tcp", NULL, 0,

735

browse_callback, server);

736

if (!sb) {

737

fprintf(stderr, "Failed to create service browser: %s\n",

738

avahi_strerror(avahi_server_errno(server)));

739

returncode = EXIT_FAILURE;

740

goto exit;

741

}

742

743

/* Run the main loop */

744

745

if (debug){

746

fprintf(stderr, "Starting avahi loop search\n");

747

}

748

749

avahi_simple_poll_loop(simple_poll);

750

751

exit:

752

753

if (debug){

754

fprintf(stderr, "%s exiting\n", argv[0]);

755

}

756

757

/* Cleanup things */

758

if (sb)

759

avahi_s_service_browser_free(sb);

760

761

if (server)

762

avahi_server_free(server);

763

764

if (simple_poll)

765

avahi_simple_poll_free(simple_poll);

766

767

return returncode;

768

}

Older »