/mandos/trunk : revision 28

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to plugins.d/mandosclient.c

Committer: Teddy Hogeborn
Date: 2008-07-29 03:35:39 UTC
Revision ID: teddy@fukt.bsnet.se-20080729033539-08zecoj3jwlkpjhw

* server.conf: New file.

* mandos-clients.conf: Renamed to clients.conf.

* Makefile (FORTIFY): New.
  (CFLAGS): Include $(FORTIFY).

* plugins.d/mandosclient.c (main): New "if_index" variable.  Bug fix:
                                   check if interface exists.  New
                                   "--connect" option.

* server.py (serviceInterface): Removed; replaced by
                                "AvahiService.interface".  All users
                                changed.
  (AvahiError, AvahiServiceError, AvahiGroupError): New exception
                                                    classes.
  (AvahiService): New class.
  (serviceName): Removed; replaced by "AvahiService.name".  All users
                 changed.
  (serviceType): Removed; replaced by "AvahiService.type".  All users
                 changed.
  (servicePort): Removed; replaced by "AvahiService.port".  All users
                 changed.
  (serviceTXT): Removed; replaced by "AvahiService.TXT".  All users
                changed.
  (domain): Removed; replaced by "AvahiService.domain".  All users
            changed.
  (host): Removed; replaced by "AvahiService.host".  All users
          changed.
  (rename_count): Removed; replaced by "AvahiService.rename_count" and
                 "AvahiService.max_renames".  All users changed.
  (Client.__init__): If no secret or secfile, raise TypeError instead
                     of RuntimeError.
  (Client.last_seen): Renamed to "Client.last_checked_ok".  All users
                      changed.
  (Client.stop, Client.stop_checker): Use "getattr" with default value
                                      instead of "hasattr".
  (Client.still_valid): Removed "now" argument.
  (Client.handle): Separate the "no client found" and "client invalid"
                   cases for clearer code.
  (IPv6_TCPServer.__init__): "options" argument replaced by
                             "settings".  All callers changed.
  (IPv6_TCPServer.options): Replaced by "IPv6_TCPServer.settings".
                            All users changed.
  (IPv6_TCPServer.server_bind): Use getattr instead of hasattr.
  (add_service): Removed; replaced by "AvahiService.add".  All callers
                 changed.
  (remove_service): Removed; replaced by "AvahiService.remove".  All
                    callers changed.
  (entry_group_state_changed): On entry group collision, call the new
                               AvahiService.rename method.  Raise
                               AvahiGroupError on group error.
  (if_nametoindex): Use ctypes.utils.find_library to locate the C
                    library.  Cache the result.  Loop on EINTR.
  (daemon): Use os.path.devnull to locate "/dev/null".
  (killme): Removed.  All callers changed to do "sys.exit()" instead,
            except where stated otherwise.
  (main): Removed "exitstatus".  Removed all default values from all
          non-bool options.  New option "--configdir".  New variables
          "server_defaults" and "server_settings", read from
          "%(configdir)s/server.conf".  Let any supplied command line
          options override server settings.   Variable "defaults"
          renamed to "client_defaults", which is read from
          "clients.conf" instead of "mandos-clients.conf".  New global
          AvahiService object "service" replaces old global variables.
          Catch AvahiError and exit with error if caught.

files added:
ca.pem

cert.pem

client-cert.pem

client-key.pem

crl.pem

key.pem

files removed:
COPYING

initramfs-tools-hook

initramfs-tools-hook-conf

initramfs-tools-script

mandos-clients.conf.xml

mandos-keygen

mandos-keygen.xml

mandos.conf.xml

mandos.xml

plugin-runner.xml

plugins.d/password-prompt.xml

plugins.d/password-request.xml

plugins.d/usplash

files renamed:
plugin-runner.c => plugbasedclient.c

plugins.d/password-request.c => plugins.d/mandosclient.c

plugins.d/password-prompt.c => plugins.d/passprompt.c

mandos.conf => server.conf

mandos => server.py

files modified:
Makefile

TODO

clients.conf

Show diffs side-by-side

added added

removed removed

plugins.d/mandosclient.c

* along with this program. If not, see

* <http://www.gnu.org/licenses/>.

* Contact the authors at <mandos@fukt.bsnet.se>.

* Contact the authors at <https://www.fukt.bsnet.se/~belorn/> and

* <https://www.fukt.bsnet.se/~teddy/>.

/* Needed by GPGME, specifically gpgme_data_seek() */

#define _LARGEFILE_SOURCE

#define _FILE_OFFSET_BITS 64

#define _GNU_SOURCE /* TEMP_FAILURE_RETRY(), asprintf() */

#include <stdio.h> /* fprintf(), stderr, fwrite(),

stdout, ferror() */

#include <stdint.h> /* uint16_t, uint32_t */

#include <stddef.h> /* NULL, size_t, ssize_t */

#include <stdlib.h> /* free(), EXIT_SUCCESS, EXIT_FAILURE,

srand() */

#include <stdbool.h> /* bool, true */

#include <string.h> /* memset(), strcmp(), strlen(),

strerror(), asprintf(), strcpy() */

#include <sys/ioctl.h> /* ioctl */

#include <sys/types.h> /* socket(), inet_pton(), sockaddr,

sockaddr_in6, PF_INET6,

SOCK_STREAM, INET6_ADDRSTRLEN,

uid_t, gid_t */

#include <inttypes.h> /* PRIu16 */

#include <sys/socket.h> /* socket(), struct sockaddr_in6,

struct in6_addr, inet_pton(),

connect() */

#include <assert.h> /* assert() */

#include <errno.h> /* perror(), errno */

#include <time.h> /* time() */

#include <net/if.h> /* ioctl, ifreq, SIOCGIFFLAGS, IFF_UP,

SIOCSIFFLAGS, if_indextoname(),

if_nametoindex(), IF_NAMESIZE */

#include <unistd.h> /* close(), SEEK_SET, off_t, write(),

getuid(), getgid(), setuid(),

setgid() */

#include <netinet/in.h>

#include <arpa/inet.h> /* inet_pton(), htons */

#include <iso646.h> /* not, and */

#include <argp.h> /* struct argp_option, error_t, struct

argp_state, struct argp,

argp_parse(), ARGP_KEY_ARG,

ARGP_KEY_END, ARGP_ERR_UNKNOWN */

/* Avahi */

/* All Avahi types, constants and functions

Avahi*, avahi_*,

AVAHI_* */

#include <stdio.h>

#include <assert.h>

#include <stdlib.h>

#include <time.h>

#include <net/if.h> /* if_nametoindex */

#include <avahi-core/core.h>

#include <avahi-core/lookup.h>

#include <avahi-core/log.h>

#include <avahi-common/malloc.h>

#include <avahi-common/error.h>

/* GnuTLS */

#include <gnutls/gnutls.h> /* All GnuTLS types, constants and

functions:

gnutls_*

init_gnutls_session(),

GNUTLS_* */

#include <gnutls/openpgp.h> /* gnutls_certificate_set_openpgp_key_file(),

GNUTLS_OPENPGP_FMT_BASE64 */

/* GPGME */

#include <gpgme.h> /* All GPGME types, constants and

functions:

gpgme_*

GPGME_PROTOCOL_OpenPGP,

GPG_ERR_NO_* */

//mandos client part

#include <sys/types.h> /* socket(), inet_pton() */

#include <sys/socket.h> /* socket(), struct sockaddr_in6,

struct in6_addr, inet_pton() */

#include <gnutls/gnutls.h> /* All GnuTLS stuff */

#include <gnutls/openpgp.h> /* GnuTLS with openpgp stuff */

#include <unistd.h> /* close() */

#include <netinet/in.h>

#include <stdbool.h> /* true */

#include <string.h> /* memset */

#include <arpa/inet.h> /* inet_pton() */

#include <iso646.h> /* not */

// gpgme

#include <errno.h> /* perror() */

#include <gpgme.h>

// getopt long

#include <getopt.h>

#ifndef CERT_ROOT

#define CERT_ROOT "/conf/conf.d/cryptkeyreq/"

#endif

#define CERTFILE CERT_ROOT "openpgp-client.txt"

#define KEYFILE CERT_ROOT "openpgp-client-key.txt"

#define BUFFER_SIZE 256

#define DH_BITS 1024

100

101

bool debug = false;

102

static const char *keydir = "/conf/conf.d/mandos";

103

static const char mandos_protocol_version[] = "1";

104

const char *argp_program_version = "password-request 1.0";

105

const char *argp_program_bug_address = "<mandos@fukt.bsnet.se>";

106

107

/* Used for passing in values through the Avahi callback functions */

108

typedef struct {

109

AvahiSimplePoll *simple_poll;

110

AvahiServer *server;

gnutls_session_t session;

111

gnutls_certificate_credentials_t cred;

112

unsigned int dh_bits;

113

gnutls_dh_params_t dh_params;

114

const char *priority;

115

} mandos_context;

116

117

118

* Make room in "buffer" for at least BUFFER_SIZE additional bytes.

119

* "buffer_capacity" is how much is currently allocated,

120

* "buffer_length" is how much is already used.

121

122

size_t adjustbuffer(char **buffer, size_t buffer_length,

123

size_t buffer_capacity){

124

if (buffer_length + BUFFER_SIZE > buffer_capacity){

125

*buffer = realloc(*buffer, buffer_capacity + BUFFER_SIZE);

126

if (buffer == NULL){

127

return 0;

128

}

129

buffer_capacity += BUFFER_SIZE;

130

}

131

return buffer_capacity;

132

}

133

134

135

* Decrypt OpenPGP data using keyrings in HOMEDIR.

136

* Returns -1 on error

137

138

static ssize_t pgp_packet_decrypt (const char *cryptotext,

139

size_t crypto_size,

140

char **plaintext,

141

const char *homedir){

} encrypted_session;

ssize_t pgp_packet_decrypt (char *packet, size_t packet_size,

char **new_packet, const char *homedir){

142

gpgme_data_t dh_crypto, dh_plain;

143

gpgme_ctx_t ctx;

144

gpgme_error_t rc;

145

ssize_t ret;

146

size_t plaintext_capacity = 0;

147

ssize_t plaintext_length = 0;

ssize_t new_packet_capacity = 0;

ssize_t new_packet_length = 0;

148

gpgme_engine_info_t engine_info;

149

150

if (debug){

151

fprintf(stderr, "Trying to decrypt OpenPGP data\n");

fprintf(stderr, "Trying to decrypt OpenPGP packet\n");

152

}

153

100

154

101

/* Init GPGME */

155

102

gpgme_check_version(NULL);

156

rc = gpgme_engine_check_version(GPGME_PROTOCOL_OpenPGP);

157

if (rc != GPG_ERR_NO_ERROR){

158

fprintf(stderr, "bad gpgme_engine_check_version: %s: %s\n",

159

gpgme_strsource(rc), gpgme_strerror(rc));

160

return -1;

161

}

103

gpgme_engine_check_version(GPGME_PROTOCOL_OpenPGP);

162

104

163

/* Set GPGME home directory for the OpenPGP engine only */

105

/* Set GPGME home directory */

164

106

rc = gpgme_get_engine_info (&engine_info);

165

107

if (rc != GPG_ERR_NO_ERROR){

166

108

fprintf(stderr, "bad gpgme_get_engine_info: %s: %s\n",

176

118

engine_info = engine_info->next;

177

119

}

178

120

if(engine_info == NULL){

179

fprintf(stderr, "Could not set GPGME home dir to %s\n", homedir);

121

fprintf(stderr, "Could not set home dir to %s\n", homedir);

180

122

return -1;

181

123

}

182

124

183

/* Create new GPGME data buffer from memory cryptotext */

184

rc = gpgme_data_new_from_mem(&dh_crypto, cryptotext, crypto_size,

185

0);

125

/* Create new GPGME data buffer from packet buffer */

126

rc = gpgme_data_new_from_mem(&dh_crypto, packet, packet_size, 0);

186

127

if (rc != GPG_ERR_NO_ERROR){

187

128

fprintf(stderr, "bad gpgme_data_new_from_mem: %s: %s\n",

188

129

gpgme_strsource(rc), gpgme_strerror(rc));

194

135

if (rc != GPG_ERR_NO_ERROR){

195

136

fprintf(stderr, "bad gpgme_data_new: %s: %s\n",

196

137

gpgme_strsource(rc), gpgme_strerror(rc));

197

gpgme_data_release(dh_crypto);

198

138

return -1;

199

139

}

200

140

203

143

if (rc != GPG_ERR_NO_ERROR){

204

144

fprintf(stderr, "bad gpgme_new: %s: %s\n",

205

145

gpgme_strsource(rc), gpgme_strerror(rc));

206

plaintext_length = -1;

207

goto decrypt_end;

146

return -1;

208

147

}

209

148

210

/* Decrypt data from the cryptotext data buffer to the plaintext

211

data buffer */

149

/* Decrypt data from the FILE pointer to the plaintext data

150

buffer */

212

151

rc = gpgme_op_decrypt(ctx, dh_crypto, dh_plain);

213

152

if (rc != GPG_ERR_NO_ERROR){

214

153

fprintf(stderr, "bad gpgme_op_decrypt: %s: %s\n",

215

154

gpgme_strsource(rc), gpgme_strerror(rc));

216

plaintext_length = -1;

217

goto decrypt_end;

155

return -1;

218

156

}

219

157

220

158

if(debug){

221

fprintf(stderr, "Decryption of OpenPGP data succeeded\n");

159

fprintf(stderr, "Decryption of OpenPGP packet succeeded\n");

222

160

}

223

161

224

162

if (debug){

225

163

gpgme_decrypt_result_t result;

226

164

result = gpgme_op_decrypt_result(ctx);

229

167

} else {

230

168

fprintf(stderr, "Unsupported algorithm: %s\n",

231

169

result->unsupported_algorithm);

232

fprintf(stderr, "Wrong key usage: %u\n",

170

fprintf(stderr, "Wrong key usage: %d\n",

233

171

result->wrong_key_usage);

234

172

if(result->file_name != NULL){

235

173

fprintf(stderr, "File name: %s\n", result->file_name);

250

188

}

251

189

}

252

190

191

/* Delete the GPGME FILE pointer cryptotext data buffer */

192

gpgme_data_release(dh_crypto);

193

253

194

/* Seek back to the beginning of the GPGME plaintext data buffer */

254

if (gpgme_data_seek(dh_plain, (off_t) 0, SEEK_SET) == -1){

255

perror("pgpme_data_seek");

256

plaintext_length = -1;

257

goto decrypt_end;

258

}

259

260

*plaintext = NULL;

195

gpgme_data_seek(dh_plain, (off_t) 0, SEEK_SET);

196

197

*new_packet = 0;

261

198

while(true){

262

plaintext_capacity = adjustbuffer(plaintext,

263

(size_t)plaintext_length,

264

plaintext_capacity);

265

if (plaintext_capacity == 0){

266

perror("adjustbuffer");

267

plaintext_length = -1;

268

goto decrypt_end;

199

if (new_packet_length + BUFFER_SIZE > new_packet_capacity){

200

*new_packet = realloc(*new_packet,

201

(unsigned int)new_packet_capacity

202

+ BUFFER_SIZE);

203

if (*new_packet == NULL){

204

perror("realloc");

205

return -1;

206

}

207

new_packet_capacity += BUFFER_SIZE;

269

208

}

270

209

271

ret = gpgme_data_read(dh_plain, *plaintext + plaintext_length,

210

ret = gpgme_data_read(dh_plain, *new_packet + new_packet_length,

272

211

BUFFER_SIZE);

273

212

/* Print the data, if any */

274

213

if (ret == 0){

275

/* EOF */

276

214

break;

277

215

}

278

216

if(ret < 0){

279

217

perror("gpgme_data_read");

280

plaintext_length = -1;

281

goto decrypt_end;

218

return -1;

282

219

}

283

plaintext_length += ret;

220

new_packet_length += ret;

284

221

}

285

222

286

if(debug){

287

fprintf(stderr, "Decrypted password is: ");

288

for(ssize_t i = 0; i < plaintext_length; i++){

289

fprintf(stderr, "%02hhX ", (*plaintext)[i]);

290

}

291

fprintf(stderr, "\n");

292

}

293

294

decrypt_end:

295

296

/* Delete the GPGME cryptotext data buffer */

297

gpgme_data_release(dh_crypto);

223

/* FIXME: check characters before printing to screen so to not print

224

terminal control characters */

225

/* if(debug){ */

226

/* fprintf(stderr, "decrypted password is: "); */

227

/* fwrite(*new_packet, 1, new_packet_length, stderr); */

228

/* fprintf(stderr, "\n"); */

229

/* } */

298

230

299

231

/* Delete the GPGME plaintext data buffer */

300

232

gpgme_data_release(dh_plain);

301

return plaintext_length;

233

return new_packet_length;

302

234

}

303

235

304

236

static const char * safer_gnutls_strerror (int value) {

308

240

return ret;

309

241

}

310

242

311

/* GnuTLS log function callback */

312

static void debuggnutls(__attribute__((unused)) int level,

313

const char* string){

314

fprintf(stderr, "GnuTLS: %s", string);

243

void debuggnutls(__attribute__((unused)) int level,

244

const char* string){

245

fprintf(stderr, "%s", string);

315

246

}

316

247

317

static int init_gnutls_global(mandos_context *mc,

318

const char *pubkeyfilename,

319

const char *seckeyfilename){

248

int initgnutls(encrypted_session *es){

249

const char *err;

320

250

int ret;

321

251

322

252

if(debug){

323

253

fprintf(stderr, "Initializing GnuTLS\n");

324

254

}

325

255

326

ret = gnutls_global_init();

327

if (ret != GNUTLS_E_SUCCESS) {

328

fprintf (stderr, "GnuTLS global_init: %s\n",

329

safer_gnutls_strerror(ret));

256

if ((ret = gnutls_global_init ())

257

!= GNUTLS_E_SUCCESS) {

258

fprintf (stderr, "global_init: %s\n", safer_gnutls_strerror(ret));

330

259

return -1;

331

260

}

332

261

333

262

if (debug){

334

/* "Use a log level over 10 to enable all debugging options."

335

* - GnuTLS manual

336

337

263

gnutls_global_set_log_level(11);

338

264

gnutls_global_set_log_function(debuggnutls);

339

265

}

340

266

341

/* OpenPGP credentials */

342

gnutls_certificate_allocate_credentials(&mc->cred);

343

if (ret != GNUTLS_E_SUCCESS){

344

fprintf (stderr, "GnuTLS memory error: %s\n",

267

/* openpgp credentials */

268

if ((ret = gnutls_certificate_allocate_credentials (&es->cred))

269

!= GNUTLS_E_SUCCESS) {

270

fprintf (stderr, "memory error: %s\n",

345

271

safer_gnutls_strerror(ret));

346

gnutls_global_deinit ();

347

272

return -1;

348

273

}

349

274

350

275

if(debug){

351

276

fprintf(stderr, "Attempting to use OpenPGP certificate %s"

352

" and keyfile %s as GnuTLS credentials\n", pubkeyfilename,

353

seckeyfilename);

277

" and keyfile %s as GnuTLS credentials\n", CERTFILE,

278

KEYFILE);

354

279

}

355

280

356

281

ret = gnutls_certificate_set_openpgp_key_file

357

(mc->cred, pubkeyfilename, seckeyfilename,

358

GNUTLS_OPENPGP_FMT_BASE64);

282

(es->cred, CERTFILE, KEYFILE, GNUTLS_OPENPGP_FMT_BASE64);

359

283

if (ret != GNUTLS_E_SUCCESS) {

360

fprintf(stderr,

361

"Error[%d] while reading the OpenPGP key pair ('%s',"

362

" '%s')\n", ret, pubkeyfilename, seckeyfilename);

363

fprintf(stdout, "The GnuTLS error is: %s\n",

284

fprintf

285

(stderr, "Error[%d] while reading the OpenPGP key pair ('%s',"

286

" '%s')\n",

287

ret, CERTFILE, KEYFILE);

288

fprintf(stdout, "The Error is: %s\n",

364

289

safer_gnutls_strerror(ret));

365

goto globalfail;

366

}

367

368

/* GnuTLS server initialization */

369

ret = gnutls_dh_params_init(&mc->dh_params);

370

if (ret != GNUTLS_E_SUCCESS) {

371

fprintf (stderr, "Error in GnuTLS DH parameter initialization:"

372

" %s\n", safer_gnutls_strerror(ret));

373

goto globalfail;

374

}

375

ret = gnutls_dh_params_generate2(mc->dh_params, mc->dh_bits);

376

if (ret != GNUTLS_E_SUCCESS) {

377

fprintf (stderr, "Error in GnuTLS prime generation: %s\n",

378

safer_gnutls_strerror(ret));

379

goto globalfail;

380

}

381

382

gnutls_certificate_set_dh_params(mc->cred, mc->dh_params);

383

384

return 0;

385

386

globalfail:

387

388

gnutls_certificate_free_credentials(mc->cred);

389

gnutls_global_deinit();

390

return -1;

391

392

}

393

394

static int init_gnutls_session(mandos_context *mc,

395

gnutls_session_t *session){

396

int ret;

397

/* GnuTLS session creation */

398

ret = gnutls_init(session, GNUTLS_SERVER);

399

if (ret != GNUTLS_E_SUCCESS){

290

return -1;

291

}

292

293

//GnuTLS server initialization

294

if ((ret = gnutls_dh_params_init (&es->dh_params))

295

!= GNUTLS_E_SUCCESS) {

296

fprintf (stderr, "Error in dh parameter initialization: %s\n",

297

safer_gnutls_strerror(ret));

298

return -1;

299

}

300

301

if ((ret = gnutls_dh_params_generate2 (es->dh_params, DH_BITS))

302

!= GNUTLS_E_SUCCESS) {

303

fprintf (stderr, "Error in prime generation: %s\n",

304

safer_gnutls_strerror(ret));

305

return -1;

306

}

307

308

gnutls_certificate_set_dh_params (es->cred, es->dh_params);

309

310

// GnuTLS session creation

311

if ((ret = gnutls_init (&es->session, GNUTLS_SERVER))

312

!= GNUTLS_E_SUCCESS){

400

313

fprintf(stderr, "Error in GnuTLS session initialization: %s\n",

401

314

safer_gnutls_strerror(ret));

402

315

}

403

316

404

{

405

const char *err;

406

ret = gnutls_priority_set_direct(*session, mc->priority, &err);

407

if (ret != GNUTLS_E_SUCCESS) {

408

fprintf(stderr, "Syntax error at: %s\n", err);

409

fprintf(stderr, "GnuTLS error: %s\n",

410

safer_gnutls_strerror(ret));

411

gnutls_deinit (*session);

412

return -1;

413

}

317

if ((ret = gnutls_priority_set_direct (es->session, "NORMAL", &err))

318

!= GNUTLS_E_SUCCESS) {

319

fprintf(stderr, "Syntax error at: %s\n", err);

320

fprintf(stderr, "GnuTLS error: %s\n",

321

safer_gnutls_strerror(ret));

322

return -1;

414

323

}

415

324

416

ret = gnutls_credentials_set(*session, GNUTLS_CRD_CERTIFICATE,

417

mc->cred);

418

if (ret != GNUTLS_E_SUCCESS) {

419

fprintf(stderr, "Error setting GnuTLS credentials: %s\n",

325

if ((ret = gnutls_credentials_set

326

(es->session, GNUTLS_CRD_CERTIFICATE, es->cred))

327

!= GNUTLS_E_SUCCESS) {

328

fprintf(stderr, "Error setting a credentials set: %s\n",

420

329

safer_gnutls_strerror(ret));

421

gnutls_deinit (*session);

422

330

return -1;

423

331

}

424

332

425

333

/* ignore client certificate if any. */

426

gnutls_certificate_server_set_request (*session,

334

gnutls_certificate_server_set_request (es->session,

427

335

GNUTLS_CERT_IGNORE);

428

336

429

gnutls_dh_set_prime_bits (*session, mc->dh_bits);

337

gnutls_dh_set_prime_bits (es->session, DH_BITS);

430

338

431

339

return 0;

432

340

}

433

341

434

/* Avahi log function callback */

435

static void empty_log(__attribute__((unused)) AvahiLogLevel level,

436

__attribute__((unused)) const char *txt){}

342

void empty_log(__attribute__((unused)) AvahiLogLevel level,

343

__attribute__((unused)) const char *txt){}

437

344

438

/* Called when a Mandos server is found */

439

static int start_mandos_communication(const char *ip, uint16_t port,

440

AvahiIfIndex if_index,

441

mandos_context *mc){

345

int start_mandos_communication(const char *ip, uint16_t port,

346

unsigned int if_index){

442

347

int ret, tcp_sd;

443

union { struct sockaddr in; struct sockaddr_in6 in6; } to;

348

struct sockaddr_in6 to;

349

encrypted_session es;

444

350

char *buffer = NULL;

445

351

char *decrypted_buffer;

446

352

size_t buffer_length = 0;

447

353

size_t buffer_capacity = 0;

448

354

ssize_t decrypted_buffer_size;

449

size_t written;

355

size_t written = 0;

450

356

int retval = 0;

451

357

char interface[IF_NAMESIZE];

452

gnutls_session_t session;

453

454

ret = init_gnutls_session (mc, &session);

455

if (ret != 0){

456

return -1;

457

}

458

358

459

359

if(debug){

460

fprintf(stderr, "Setting up a tcp connection to %s, port %" PRIu16

461

"\n", ip, port);

360

fprintf(stderr, "Setting up a tcp connection to %s, port %d\n",

361

ip, port);

462

362

}

463

363

464

364

tcp_sd = socket(PF_INET6, SOCK_STREAM, 0);

466

366

perror("socket");

467

367

return -1;

468

368

}

469

470

if(debug){

471

if(if_indextoname((unsigned int)if_index, interface) == NULL){

369

370

if(if_indextoname(if_index, interface) == NULL){

371

if(debug){

472

372

perror("if_indextoname");

473

return -1;

474

373

}

374

return -1;

375

}

376

377

if(debug){

475

378

fprintf(stderr, "Binding to interface %s\n", interface);

476

379

}

477

380

478

memset(&to, 0, sizeof(to)); /* Spurious warning */

479

to.in6.sin6_family = AF_INET6;

480

/* It would be nice to have a way to detect if we were passed an

481

IPv4 address here. Now we assume an IPv6 address. */

482

ret = inet_pton(AF_INET6, ip, &to.in6.sin6_addr);

381

memset(&to,0,sizeof(to)); /* Spurious warning */

382

to.sin6_family = AF_INET6;

383

ret = inet_pton(AF_INET6, ip, &to.sin6_addr);

483

384

if (ret < 0 ){

484

385

perror("inet_pton");

485

386

return -1;

486

}

387

}

487

388

if(ret == 0){

488

389

fprintf(stderr, "Bad address: %s\n", ip);

489

390

return -1;

490

391

}

491

to.in6.sin6_port = htons(port); /* Spurious warning */

392

to.sin6_port = htons(port); /* Spurious warning */

492

393

493

to.in6.sin6_scope_id = (uint32_t)if_index;

394

to.sin6_scope_id = (uint32_t)if_index;

494

395

495

396

if(debug){

496

fprintf(stderr, "Connection to: %s, port %" PRIu16 "\n", ip,

497

port);

498

char addrstr[INET6_ADDRSTRLEN] = "";

499

if(inet_ntop(to.in6.sin6_family, &(to.in6.sin6_addr), addrstr,

500

sizeof(addrstr)) == NULL){

501

perror("inet_ntop");

502

} else {

503

if(strcmp(addrstr, ip) != 0){

504

fprintf(stderr, "Canonical address form: %s\n", addrstr);

505

}

506

}

397

fprintf(stderr, "Connection to: %s, port %d\n", ip, port);

398

/* char addrstr[INET6_ADDRSTRLEN]; */

399

/* if(inet_ntop(to.sin6_family, &(to.sin6_addr), addrstr, */

400

/* sizeof(addrstr)) == NULL){ */

401

/* perror("inet_ntop"); */

402

/* } else { */

403

/* fprintf(stderr, "Really connecting to: %s, port %d\n", */

404

/* addrstr, ntohs(to.sin6_port)); */

405

/* } */

507

406

}

508

407

509

ret = connect(tcp_sd, &to.in, sizeof(to));

408

ret = connect(tcp_sd, (struct sockaddr *) &to, sizeof(to));

510

409

if (ret < 0){

511

410

perror("connect");

512

411

return -1;

513

412

}

514

515

const char *out = mandos_protocol_version;

516

written = 0;

517

while (true){

518

size_t out_size = strlen(out);

519

ret = TEMP_FAILURE_RETRY(write(tcp_sd, out + written,

520

out_size - written));

521

if (ret == -1){

522

perror("write");

523

retval = -1;

524

goto mandos_end;

525

}

526

written += (size_t)ret;

527

if(written < out_size){

528

continue;

529

} else {

530

if (out == mandos_protocol_version){

531

written = 0;

532

out = "\r\n";

533

} else {

534

break;

535

}

536

}

413

414

ret = initgnutls (&es);

415

if (ret != 0){

416

retval = -1;

417

return -1;

537

418

}

538

419

420

gnutls_transport_set_ptr (es.session,

421

(gnutls_transport_ptr_t) tcp_sd);

422

539

423

if(debug){

540

424

fprintf(stderr, "Establishing TLS session with %s\n", ip);

541

425

}

542

426

543

gnutls_transport_set_ptr (session, (gnutls_transport_ptr_t) tcp_sd);

544

545

do{

546

ret = gnutls_handshake (session);

547

} while(ret == GNUTLS_E_AGAIN or ret == GNUTLS_E_INTERRUPTED);

427

ret = gnutls_handshake (es.session);

548

428

549

429

if (ret != GNUTLS_E_SUCCESS){

550

430

if(debug){

551

fprintf(stderr, "*** GnuTLS Handshake failed ***\n");

431

fprintf(stderr, "\n*** Handshake failed ***\n");

552

432

gnutls_perror (ret);

553

433

}

554

434

retval = -1;

555

goto mandos_end;

435

goto exit;

556

436

}

557

437

558

/* Read OpenPGP packet that contains the wanted password */

438

//Retrieve OpenPGP packet that contains the wanted password

559

439

560

440

if(debug){

561

441

fprintf(stderr, "Retrieving pgp encrypted password from %s\n",

563

443

}

564

444

565

445

while(true){

566

buffer_capacity = adjustbuffer(&buffer, buffer_length,

567

buffer_capacity);

568

if (buffer_capacity == 0){

569

perror("adjustbuffer");

570

retval = -1;

571

goto mandos_end;

446

if (buffer_length + BUFFER_SIZE > buffer_capacity){

447

buffer = realloc(buffer, buffer_capacity + BUFFER_SIZE);

448

if (buffer == NULL){

449

perror("realloc");

450

goto exit;

451

}

452

buffer_capacity += BUFFER_SIZE;

572

453

}

573

454

574

ret = gnutls_record_recv(session, buffer+buffer_length,

575

BUFFER_SIZE);

455

ret = gnutls_record_recv

456

(es.session, buffer+buffer_length, BUFFER_SIZE);

576

457

if (ret == 0){

577

458

break;

578

459

}

582

463

case GNUTLS_E_AGAIN:

583

464

break;

584

465

case GNUTLS_E_REHANDSHAKE:

585

do{

586

ret = gnutls_handshake (session);

587

} while(ret == GNUTLS_E_AGAIN or ret == GNUTLS_E_INTERRUPTED);

466

ret = gnutls_handshake (es.session);

588

467

if (ret < 0){

589

fprintf(stderr, "*** GnuTLS Re-handshake failed ***\n");

468

fprintf(stderr, "\n*** Handshake failed ***\n");

590

469

gnutls_perror (ret);

591

470

retval = -1;

592

goto mandos_end;

471

goto exit;

593

472

}

594

473

break;

595

474

default:

596

475

fprintf(stderr, "Unknown error while reading data from"

597

" encrypted session with Mandos server\n");

476

" encrypted session with mandos server\n");

598

477

retval = -1;

599

gnutls_bye (session, GNUTLS_SHUT_RDWR);

600

goto mandos_end;

478

gnutls_bye (es.session, GNUTLS_SHUT_RDWR);

479

goto exit;

601

480

}

602

481

} else {

603

482

buffer_length += (size_t) ret;

604

483

}

605

484

}

606

485

607

if(debug){

608

fprintf(stderr, "Closing TLS session\n");

609

}

610

611

gnutls_bye (session, GNUTLS_SHUT_RDWR);

612

613

486

if (buffer_length > 0){

614

487

decrypted_buffer_size = pgp_packet_decrypt(buffer,

615

488

buffer_length,

616

489

&decrypted_buffer,

617

keydir);

490

CERT_ROOT);

618

491

if (decrypted_buffer_size >= 0){

619

written = 0;

620

492

while(written < (size_t) decrypted_buffer_size){

621

493

ret = (int)fwrite (decrypted_buffer + written, 1,

622

494

(size_t)decrypted_buffer_size - written,

636

508

retval = -1;

637

509

}

638

510

}

639

640

/* Shutdown procedure */

641

642

mandos_end:

511

512

//shutdown procedure

513

514

if(debug){

515

fprintf(stderr, "Closing TLS session\n");

516

}

517

643

518

free(buffer);

519

gnutls_bye (es.session, GNUTLS_SHUT_RDWR);

520

exit:

644

521

close(tcp_sd);

645

gnutls_deinit (session);

522

gnutls_deinit (es.session);

523

gnutls_certificate_free_credentials (es.cred);

524

gnutls_global_deinit ();

646

525

return retval;

647

526

}

648

527

649

static void resolve_callback(AvahiSServiceResolver *r,

650

AvahiIfIndex interface,

651

AVAHI_GCC_UNUSED AvahiProtocol protocol,

652

AvahiResolverEvent event,

653

const char *name,

654

const char *type,

655

const char *domain,

656

const char *host_name,

657

const AvahiAddress *address,

658

uint16_t port,

659

AVAHI_GCC_UNUSED AvahiStringList *txt,

660

AVAHI_GCC_UNUSED AvahiLookupResultFlags

661

flags,

662

void* userdata) {

663

mandos_context *mc = userdata;

528

static AvahiSimplePoll *simple_poll = NULL;

529

static AvahiServer *server = NULL;

530

531

static void resolve_callback(

532

AvahiSServiceResolver *r,

533

AvahiIfIndex interface,

534

AVAHI_GCC_UNUSED AvahiProtocol protocol,

535

AvahiResolverEvent event,

536

const char *name,

537

const char *type,

538

const char *domain,

539

const char *host_name,

540

const AvahiAddress *address,

541

uint16_t port,

542

AVAHI_GCC_UNUSED AvahiStringList *txt,

543

AVAHI_GCC_UNUSED AvahiLookupResultFlags flags,

544

AVAHI_GCC_UNUSED void* userdata) {

545

664

546

assert(r); /* Spurious warning */

665

547

666

548

/* Called whenever a service has been resolved successfully or

669

551

switch (event) {

670

552

default:

671

553

case AVAHI_RESOLVER_FAILURE:

672

fprintf(stderr, "(Avahi Resolver) Failed to resolve service '%s'"

673

" of type '%s' in domain '%s': %s\n", name, type, domain,

674

avahi_strerror(avahi_server_errno(mc->server)));

554

fprintf(stderr, "(Resolver) Failed to resolve service '%s' of"

555

" type '%s' in domain '%s': %s\n", name, type, domain,

556

avahi_strerror(avahi_server_errno(server)));

675

557

break;

676

558

677

559

case AVAHI_RESOLVER_FOUND:

679

561

char ip[AVAHI_ADDRESS_STR_MAX];

680

562

avahi_address_snprint(ip, sizeof(ip), address);

681

563

if(debug){

682

fprintf(stderr, "Mandos server \"%s\" found on %s (%s, %"

683

PRIu16 ") on port %d\n", name, host_name, ip,

684

interface, port);

564

fprintf(stderr, "Mandos server \"%s\" found on %s (%s) on"

565

" port %d\n", name, host_name, ip, port);

685

566

}

686

int ret = start_mandos_communication(ip, port, interface, mc);

567

int ret = start_mandos_communication(ip, port,

568

(unsigned int) interface);

687

569

if (ret == 0){

688

avahi_simple_poll_quit(mc->simple_poll);

570

exit(EXIT_SUCCESS);

689

571

}

690

572

}

691

573

}

692

574

avahi_s_service_resolver_free(r);

693

575

}

694

576

695

static void browse_callback( AvahiSServiceBrowser *b,

696

AvahiIfIndex interface,

697

AvahiProtocol protocol,

698

AvahiBrowserEvent event,

699

const char *name,

700

const char *type,

701

const char *domain,

702

AVAHI_GCC_UNUSED AvahiLookupResultFlags

703

flags,

704

void* userdata) {

705

mandos_context *mc = userdata;

706

assert(b); /* Spurious warning */

707

708

/* Called whenever a new services becomes available on the LAN or

709

is removed from the LAN */

710

711

switch (event) {

712

default:

713

case AVAHI_BROWSER_FAILURE:

714

715

fprintf(stderr, "(Avahi browser) %s\n",

716

avahi_strerror(avahi_server_errno(mc->server)));

717

avahi_simple_poll_quit(mc->simple_poll);

718

return;

719

720

case AVAHI_BROWSER_NEW:

721

/* We ignore the returned Avahi resolver object. In the callback

722

function we free it. If the Avahi server is terminated before

723

the callback function is called the Avahi server will free the

724

resolver for us. */

725

726

if (!(avahi_s_service_resolver_new(mc->server, interface,

727

protocol, name, type, domain,

728

AVAHI_PROTO_INET6, 0,

729

resolve_callback, mc)))

730

fprintf(stderr, "Avahi: Failed to resolve service '%s': %s\n",

731

name, avahi_strerror(avahi_server_errno(mc->server)));

732

break;

733

734

case AVAHI_BROWSER_REMOVE:

735

break;

736

737

case AVAHI_BROWSER_ALL_FOR_NOW:

738

case AVAHI_BROWSER_CACHE_EXHAUSTED:

739

if(debug){

740

fprintf(stderr, "No Mandos server found, still searching...\n");

577

static void browse_callback(

578

AvahiSServiceBrowser *b,

579

AvahiIfIndex interface,

580

AvahiProtocol protocol,

581

AvahiBrowserEvent event,

582

const char *name,

583

const char *type,

584

const char *domain,

585

AVAHI_GCC_UNUSED AvahiLookupResultFlags flags,

586

void* userdata) {

587

588

AvahiServer *s = userdata;

589

assert(b); /* Spurious warning */

590

591

/* Called whenever a new services becomes available on the LAN or

592

is removed from the LAN */

593

594

switch (event) {

595

default:

596

case AVAHI_BROWSER_FAILURE:

597

598

fprintf(stderr, "(Browser) %s\n",

599

avahi_strerror(avahi_server_errno(server)));

600

avahi_simple_poll_quit(simple_poll);

601

return;

602

603

case AVAHI_BROWSER_NEW:

604

/* We ignore the returned resolver object. In the callback

605

function we free it. If the server is terminated before

606

the callback function is called the server will free

607

the resolver for us. */

608

609

if (!(avahi_s_service_resolver_new(s, interface, protocol, name,

610

type, domain,

611

AVAHI_PROTO_INET6, 0,

612

resolve_callback, s)))

613

fprintf(stderr, "Failed to resolve service '%s': %s\n", name,

614

avahi_strerror(avahi_server_errno(s)));

615

break;

616

617

case AVAHI_BROWSER_REMOVE:

618

break;

619

620

case AVAHI_BROWSER_ALL_FOR_NOW:

621

case AVAHI_BROWSER_CACHE_EXHAUSTED:

622

break;

741

623

}

742

break;

743

}

744

}

745

746

/* Combines file name and path and returns the malloced new

747

string. some sane checks could/should be added */

748

static char *combinepath(const char *first, const char *second){

749

char *tmp;

750

int ret = asprintf(&tmp, "%s/%s", first, second);

751

if(ret < 0){

752

return NULL;

753

}

754

return tmp;

755

}

756

757

758

int main(int argc, char *argv[]){

624

}

625

626

int main(AVAHI_GCC_UNUSED int argc, AVAHI_GCC_UNUSED char*argv[]) {

627

AvahiServerConfig config;

759

628

AvahiSServiceBrowser *sb = NULL;

760

629

int error;

761

630

int ret;

762

int exitcode = EXIT_SUCCESS;

631

int returncode = EXIT_SUCCESS;

763

632

const char *interface = "eth0";

764

struct ifreq network;

765

int sd;

766

uid_t uid;

767

gid_t gid;

633

unsigned int if_index;

768

634

char *connect_to = NULL;

769

AvahiIfIndex if_index = AVAHI_IF_UNSPEC;

770

char *pubkeyfilename = NULL;

771

char *seckeyfilename = NULL;

772

const char *pubkeyname = "pubkey.txt";

773

const char *seckeyname = "seckey.txt";

774

mandos_context mc = { .simple_poll = NULL, .server = NULL,

775

.dh_bits = 1024, .priority = "SECURE256"};

776

bool gnutls_initalized = false;

777

778

{

779

struct argp_option options[] = {

780

{ .name = "debug", .key = 128,

781

.doc = "Debug mode", .group = 3 },

782

{ .name = "connect", .key = 'c',

783

.arg = "IP",

784

.doc = "Connect directly to a sepcified mandos server",

785

.group = 1 },

786

{ .name = "interface", .key = 'i',

787

.arg = "INTERFACE",

788

.doc = "Interface that Avahi will conntect through",

789

.group = 1 },

790

{ .name = "keydir", .key = 'd',

791

.arg = "KEYDIR",

792

.doc = "Directory where the openpgp keyring is",

793

.group = 1 },

794

{ .name = "seckey", .key = 's',

795

.arg = "SECKEY",

796

.doc = "Secret openpgp key for gnutls authentication",

797

.group = 1 },

798

{ .name = "pubkey", .key = 'p',

799

.arg = "PUBKEY",

800

.doc = "Public openpgp key for gnutls authentication",

801

.group = 2 },

802

{ .name = "dh-bits", .key = 129,

803

.arg = "BITS",

804

.doc = "dh-bits to use in gnutls communication",

805

.group = 2 },

806

{ .name = "priority", .key = 130,

807

.arg = "PRIORITY",

808

.doc = "GNUTLS priority", .group = 1 },

809

{ .name = NULL }

810

};

811

812

813

error_t parse_opt (int key, char *arg,

814

struct argp_state *state) {

815

/* Get the INPUT argument from `argp_parse', which we know is

816

a pointer to our plugin list pointer. */

817

switch (key) {

818

case 128:

819

debug = true;

820

break;

821

case 'c':

822

connect_to = arg;

823

break;

824

case 'i':

825

interface = arg;

826

break;

827

case 'd':

828

keydir = arg;

829

break;

830

case 's':

831

seckeyname = arg;

832

break;

833

case 'p':

834

pubkeyname = arg;

835

break;

836

case 129:

837

errno = 0;

838

mc.dh_bits = (unsigned int) strtol(arg, NULL, 10);

839

if (errno){

840

perror("strtol");

841

exit(EXIT_FAILURE);

842

}

843

break;

844

case 130:

845

mc.priority = arg;

846

break;

847

case ARGP_KEY_ARG:

848

argp_usage (state);

849

case ARGP_KEY_END:

850

break;

851

default:

852

return ARGP_ERR_UNKNOWN;

853

}

854

return 0;

855

}

856

857

struct argp argp = { .options = options, .parser = parse_opt,

858

.args_doc = "",

859

.doc = "Mandos client -- Get and decrypt"

860

" passwords from mandos server" };

861

ret = argp_parse (&argp, argc, argv, 0, 0, NULL);

862

if (ret == ARGP_ERR_UNKNOWN){

863

fprintf(stderr, "Unknown error while parsing arguments\n");

864

exitcode = EXIT_FAILURE;

865

goto end;

866

}

867

}

868

869

pubkeyfilename = combinepath(keydir, pubkeyname);

870

if (pubkeyfilename == NULL){

871

perror("combinepath");

872

exitcode = EXIT_FAILURE;

873

goto end;

874

}

875

876

seckeyfilename = combinepath(keydir, seckeyname);

877

if (seckeyfilename == NULL){

878

perror("combinepath");

879

exitcode = EXIT_FAILURE;

880

goto end;

881

}

882

883

ret = init_gnutls_global(&mc, pubkeyfilename, seckeyfilename);

884

if (ret == -1){

885

fprintf(stderr, "init_gnutls_global failed\n");

886

exitcode = EXIT_FAILURE;

887

goto end;

888

} else {

889

gnutls_initalized = true;

890

}

891

892

/* If the interface is down, bring it up */

893

{

894

sd = socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP);

895

if(sd < 0) {

896

perror("socket");

897

exitcode = EXIT_FAILURE;

898

goto end;

899

}

900

strcpy(network.ifr_name, interface); /* Spurious warning */

901

ret = ioctl(sd, SIOCGIFFLAGS, &network);

902

if(ret == -1){

903

perror("ioctl SIOCGIFFLAGS");

904

exitcode = EXIT_FAILURE;

905

goto end;

906

}

907

if((network.ifr_flags & IFF_UP) == 0){

908

network.ifr_flags |= IFF_UP;

909

ret = ioctl(sd, SIOCSIFFLAGS, &network);

910

if(ret == -1){

911

perror("ioctl SIOCSIFFLAGS");

912

exitcode = EXIT_FAILURE;

913

goto end;

914

}

915

}

916

close(sd);

917

}

918

919

uid = getuid();

920

gid = getgid();

921

922

ret = setuid(uid);

923

if (ret == -1){

924

perror("setuid");

925

}

926

927

setgid(gid);

928

if (ret == -1){

929

perror("setgid");

930

}

931

932

if_index = (AvahiIfIndex) if_nametoindex(interface);

635

636

while (true){

637

static struct option long_options[] = {

638

{"debug", no_argument, (int *)&debug, 1},

639

{"connect", required_argument, 0, 'c'},

640

{"interface", required_argument, 0, 'i'},

641

{0, 0, 0, 0} };

642

643

int option_index = 0;

644

ret = getopt_long (argc, argv, "i:", long_options,

645

&option_index);

646

647

if (ret == -1){

648

break;

649

}

650

651

switch(ret){

652

case 0:

653

break;

654

case 'i':

655

interface = optarg;

656

break;

657

case 'c':

658

connect_to = optarg;

659

break;

660

default:

661

exit(EXIT_FAILURE);

662

}

663

}

664

665

if_index = if_nametoindex(interface);

933

666

if(if_index == 0){

934

667

fprintf(stderr, "No such interface: \"%s\"\n", interface);

935

668

exit(EXIT_FAILURE);

941

674

char *address = strrchr(connect_to, ':');

942

675

if(address == NULL){

943

676

fprintf(stderr, "No colon in address\n");

944

exitcode = EXIT_FAILURE;

945

goto end;

677

exit(EXIT_FAILURE);

946

678

}

947

679

errno = 0;

948

680

uint16_t port = (uint16_t) strtol(address+1, NULL, 10);

949

681

if(errno){

950

682

perror("Bad port number");

951

exitcode = EXIT_FAILURE;

952

goto end;

683

exit(EXIT_FAILURE);

953

684

}

954

685

*address = '\0';

955

686

address = connect_to;

956

ret = start_mandos_communication(address, port, if_index, &mc);

687

ret = start_mandos_communication(address, port, if_index);

957

688

if(ret < 0){

958

exitcode = EXIT_FAILURE;

689

exit(EXIT_FAILURE);

959

690

} else {

960

exitcode = EXIT_SUCCESS;

691

exit(EXIT_SUCCESS);

961

692

}

962

goto end;

963

693

}

964

694

965

695

if (not debug){

966

696

avahi_set_log_function(empty_log);

967

697

}

968

698

969

/* Initialize the pseudo-RNG for Avahi */

699

/* Initialize the psuedo-RNG */

970

700

srand((unsigned int) time(NULL));

971

972

/* Allocate main Avahi loop object */

973

mc.simple_poll = avahi_simple_poll_new();

974

if (mc.simple_poll == NULL) {

975

fprintf(stderr, "Avahi: Failed to create simple poll"

976

" object.\n");

977

exitcode = EXIT_FAILURE;

978

goto end;

979

}

980

981

{

982

AvahiServerConfig config;

983

/* Do not publish any local Zeroconf records */

984

avahi_server_config_init(&config);

985

config.publish_hinfo = 0;

986

config.publish_addresses = 0;

987

config.publish_workstation = 0;

988

config.publish_domain = 0;

989

990

/* Allocate a new server */

991

mc.server = avahi_server_new(avahi_simple_poll_get

992

(mc.simple_poll), &config, NULL,

993

NULL, &error);

994

995

/* Free the Avahi configuration data */

996

avahi_server_config_free(&config);

997

}

998

999

/* Check if creating the Avahi server object succeeded */

1000

if (mc.server == NULL) {

1001

fprintf(stderr, "Failed to create Avahi server: %s\n",

701

702

/* Allocate main loop object */

703

if (!(simple_poll = avahi_simple_poll_new())) {

704

fprintf(stderr, "Failed to create simple poll object.\n");

705

706

goto exit;

707

}

708

709

/* Do not publish any local records */

710

avahi_server_config_init(&config);

711

config.publish_hinfo = 0;

712

config.publish_addresses = 0;

713

config.publish_workstation = 0;

714

config.publish_domain = 0;

715

716

/* Allocate a new server */

717

server = avahi_server_new(avahi_simple_poll_get(simple_poll),

718

&config, NULL, NULL, &error);

719

720

/* Free the configuration data */

721

avahi_server_config_free(&config);

722

723

/* Check if creating the server object succeeded */

724

if (!server) {

725

fprintf(stderr, "Failed to create server: %s\n",

1002

726

avahi_strerror(error));

1003

exitcode = EXIT_FAILURE;

1004

goto end;

727

returncode = EXIT_FAILURE;

728

goto exit;

1005

729

}

1006

730

1007

/* Create the Avahi service browser */

1008

sb = avahi_s_service_browser_new(mc.server, if_index,

731

/* Create the service browser */

732

sb = avahi_s_service_browser_new(server, (AvahiIfIndex)if_index,

1009

733

AVAHI_PROTO_INET6,

1010

734

"_mandos._tcp", NULL, 0,

1011

browse_callback, &mc);

1012

if (sb == NULL) {

735

browse_callback, server);

736

if (!sb) {

1013

737

fprintf(stderr, "Failed to create service browser: %s\n",

1014

avahi_strerror(avahi_server_errno(mc.server)));

1015

exitcode = EXIT_FAILURE;

1016

goto end;

738

avahi_strerror(avahi_server_errno(server)));

739

returncode = EXIT_FAILURE;

740

goto exit;

1017

741

}

1018

742

1019

743

/* Run the main loop */

1020

744

1021

745

if (debug){

1022

fprintf(stderr, "Starting Avahi loop search\n");

746

fprintf(stderr, "Starting avahi loop search\n");

1023

747

}

1024

748

1025

avahi_simple_poll_loop(mc.simple_poll);

749

avahi_simple_poll_loop(simple_poll);

1026

750

1027

end:

751

exit:

1028

752

1029

753

if (debug){

1030

754

fprintf(stderr, "%s exiting\n", argv[0]);

1031

755

}

1032

756

1033

757

/* Cleanup things */

1034

if (sb != NULL)

758

if (sb)

1035

759

avahi_s_service_browser_free(sb);

1036

760

1037

if (mc.server != NULL)

1038

avahi_server_free(mc.server);

1039

1040

if (mc.simple_poll != NULL)

1041

avahi_simple_poll_free(mc.simple_poll);

1042

free(pubkeyfilename);

1043

free(seckeyfilename);

1044

1045

if (gnutls_initalized){

1046

gnutls_certificate_free_credentials(mc.cred);

1047

gnutls_global_deinit ();

1048

}

1049

1050

return exitcode;

761

if (server)

762

avahi_server_free(server);

763

764

if (simple_poll)

765

avahi_simple_poll_free(simple_poll);

766

767

return returncode;

1051

768

}

Older »