To get this branch, use:
bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk
« back to all changes in this revision
Viewing changes to plugins.d/mandosclient.c
- browse files at revision 32
- compare with another revision
- download diff
- download tarball
- view history from revision 32
- Committer: Teddy Hogeborn
- Date: 2008-08-01 06:56:27 UTC
- Revision ID: teddy@fukt.bsnet.se-20080801065627-2c7k4ydefjgacgnq
* plugins.d/plugbasedclient.c (set_cloexec_flag): New function.
(main): Use the set_cloexec_flag function. Move inserting of global
arguments to before the fork.
(main): Use the set_cloexec_flag function. Move inserting of global
arguments to before the fork.
- files added:
- server.conf
- files removed:
- plugins.d/Makefile
- files renamed:
- mandos-clients.conf => clients.conf
- files modified:
- Makefile
added
removed
plugins.d/mandosclient.c
1
/***
2
This file is part of avahi.
3
4
avahi is free software; you can redistribute it and/or modify it
5
under the terms of the GNU Lesser General Public License as
6
published by the Free Software Foundation; either version 2.1 of the
7
License, or (at your option) any later version.
8
9
avahi is distributed in the hope that it will be useful, but WITHOUT
10
ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
11
or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General
12
Public License for more details.
13
14
You should have received a copy of the GNU Lesser General Public
15
License along with avahi; if not, write to the Free Software
16
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
17
USA.
18
***/
1
/* -*- coding: utf-8 -*- */
2
/*
3
* Mandos client - get and decrypt data from a Mandos server
4
*
5
* This program is partly derived from an example program for an Avahi
6
* service browser, downloaded from
7
* <http://avahi.org/browser/examples/core-browse-services.c>. This
8
* includes the following functions: "resolve_callback",
9
* "browse_callback", and parts of "main".
10
*
11
* Everything else is
12
* Copyright © 2007-2008 Teddy Hogeborn & Björn Påhlsson
13
*
14
* This program is free software: you can redistribute it and/or
15
* modify it under the terms of the GNU General Public License as
16
* published by the Free Software Foundation, either version 3 of the
17
* License, or (at your option) any later version.
18
*
19
* This program is distributed in the hope that it will be useful, but
20
* WITHOUT ANY WARRANTY; without even the implied warranty of
21
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
22
* General Public License for more details.
23
*
24
* You should have received a copy of the GNU General Public License
25
* along with this program. If not, see
26
* <http://www.gnu.org/licenses/>.
27
*
28
* Contact the authors at <mandos@fukt.bsnet.se>.
29
*/
19
30
31
/* Needed by GPGME, specifically gpgme_data_seek() */
20
32
#define _LARGEFILE_SOURCE
21
33
#define _FILE_OFFSET_BITS 64
22
34
34
46
#include <avahi-common/error.h>
35
47
36
48
//mandos client part
37
#include <sys/types.h> /* socket(), setsockopt(), inet_pton() */
38
#include <sys/socket.h> /* socket(), setsockopt(), struct sockaddr_in6, struct in6_addr, inet_pton() */
39
#include <gnutls/gnutls.h> /* ALL GNUTLS STUFF */
40
#include <gnutls/openpgp.h> /* gnutls with openpgp stuff */
49
#include <sys/types.h> /* socket(), inet_pton() */
50
#include <sys/socket.h> /* socket(), struct sockaddr_in6,
51
struct in6_addr, inet_pton() */
52
#include <gnutls/gnutls.h> /* All GnuTLS stuff */
53
#include <gnutls/openpgp.h> /* GnuTLS with openpgp stuff */
41
54
42
55
#include <unistd.h> /* close() */
43
56
#include <netinet/in.h>
53
66
// getopt long
54
67
#include <getopt.h>
55
68
56
#ifndef CERT_ROOT
57
#define CERT_ROOT "/conf/conf.d/cryptkeyreq/"
58
#endif
59
#define CERTFILE CERT_ROOT "openpgp-client.txt"
60
#define KEYFILE CERT_ROOT "openpgp-client-key.txt"
61
69
#define BUFFER_SIZE 256
62
70
#define DH_BITS 1024
63
71
72
const char *certdir = "/conf/conf.d/cryptkeyreq/";
73
const char *certfile = "openpgp-client.txt";
74
const char *certkey = "openpgp-client-key.txt";
75
64
76
bool debug = false;
65
char *interface = "eth0";
66
77
67
78
typedef struct {
68
79
gnutls_session_t session;
71
82
} encrypted_session;
72
83
73
84
74
ssize_t gpg_packet_decrypt (char *packet, size_t packet_size, char **new_packet, char *homedir){
85
ssize_t pgp_packet_decrypt (char *packet, size_t packet_size,
86
char **new_packet, const char *homedir){
75
87
gpgme_data_t dh_crypto, dh_plain;
76
88
gpgme_ctx_t ctx;
77
89
gpgme_error_t rc;
78
90
ssize_t ret;
79
size_t new_packet_capacity = 0;
80
size_t new_packet_length = 0;
91
ssize_t new_packet_capacity = 0;
92
ssize_t new_packet_length = 0;
81
93
gpgme_engine_info_t engine_info;
82
94
83
95
if (debug){
84
fprintf(stderr, "Attempting to decrypt password from gpg packet\n");
96
fprintf(stderr, "Trying to decrypt OpenPGP packet\n");
85
97
}
86
98
87
99
/* Init GPGME */
88
100
gpgme_check_version(NULL);
89
gpgme_engine_check_version(GPGME_PROTOCOL_OpenPGP);
101
rc = gpgme_engine_check_version(GPGME_PROTOCOL_OpenPGP);
102
if (rc != GPG_ERR_NO_ERROR){
103
fprintf(stderr, "bad gpgme_engine_check_version: %s: %s\n",
104
gpgme_strsource(rc), gpgme_strerror(rc));
105
return -1;
106
}
90
107
91
108
/* Set GPGME home directory */
92
109
rc = gpgme_get_engine_info (&engine_info);
132
149
return -1;
133
150
}
134
151
135
/* Decrypt data from the FILE pointer to the plaintext data buffer */
152
/* Decrypt data from the FILE pointer to the plaintext data
153
buffer */
136
154
rc = gpgme_op_decrypt(ctx, dh_crypto, dh_plain);
137
155
if (rc != GPG_ERR_NO_ERROR){
138
156
fprintf(stderr, "bad gpgme_op_decrypt: %s: %s\n",
141
159
}
142
160
143
161
if(debug){
144
fprintf(stderr, "decryption of gpg packet succeeded\n");
162
fprintf(stderr, "Decryption of OpenPGP packet succeeded\n");
145
163
}
146
164
147
165
if (debug){
150
168
if (result == NULL){
151
169
fprintf(stderr, "gpgme_op_decrypt_result failed\n");
152
170
} else {
153
fprintf(stderr, "Unsupported algorithm: %s\n", result->unsupported_algorithm);
154
fprintf(stderr, "Wrong key usage: %d\n", result->wrong_key_usage);
171
fprintf(stderr, "Unsupported algorithm: %s\n",
172
result->unsupported_algorithm);
173
fprintf(stderr, "Wrong key usage: %d\n",
174
result->wrong_key_usage);
155
175
if(result->file_name != NULL){
156
176
fprintf(stderr, "File name: %s\n", result->file_name);
157
177
}
163
183
gpgme_pubkey_algo_name(recipient->pubkey_algo));
164
184
fprintf(stderr, "Key ID: %s\n", recipient->keyid);
165
185
fprintf(stderr, "Secret key available: %s\n",
166
recipient->status == GPG_ERR_NO_SECKEY ? "No" : "Yes");
186
recipient->status == GPG_ERR_NO_SECKEY
187
? "No" : "Yes");
167
188
recipient = recipient->next;
168
189
}
169
190
}
174
195
gpgme_data_release(dh_crypto);
175
196
176
197
/* Seek back to the beginning of the GPGME plaintext data buffer */
177
gpgme_data_seek(dh_plain, 0, SEEK_SET);
178
198
if (gpgme_data_seek(dh_plain, (off_t) 0, SEEK_SET) == -1){
199
perror("pgpme_data_seek");
200
}
201
179
202
*new_packet = 0;
180
203
while(true){
181
204
if (new_packet_length + BUFFER_SIZE > new_packet_capacity){
182
*new_packet = realloc(*new_packet, new_packet_capacity + BUFFER_SIZE);
205
*new_packet = realloc(*new_packet,
206
(unsigned int)new_packet_capacity
207
+ BUFFER_SIZE);
183
208
if (*new_packet == NULL){
184
209
perror("realloc");
185
210
return -1;
187
212
new_packet_capacity += BUFFER_SIZE;
188
213
}
189
214
190
ret = gpgme_data_read(dh_plain, *new_packet + new_packet_length, BUFFER_SIZE);
215
ret = gpgme_data_read(dh_plain, *new_packet + new_packet_length,
216
BUFFER_SIZE);
191
217
/* Print the data, if any */
192
218
if (ret == 0){
193
/* If password is empty, then a incorrect error will be printed */
194
219
break;
195
220
}
196
221
if(ret < 0){
220
245
return ret;
221
246
}
222
247
223
void debuggnutls(int level, const char* string){
248
void debuggnutls(__attribute__((unused)) int level,
249
const char* string){
224
250
fprintf(stderr, "%s", string);
225
251
}
226
252
227
253
int initgnutls(encrypted_session *es){
228
254
const char *err;
229
255
int ret;
230
256
231
257
if(debug){
232
fprintf(stderr, "Initializing gnutls\n");
258
fprintf(stderr, "Initializing GnuTLS\n");
233
259
}
234
260
235
236
261
if ((ret = gnutls_global_init ())
237
262
!= GNUTLS_E_SUCCESS) {
238
263
fprintf (stderr, "global_init: %s\n", safer_gnutls_strerror(ret));
244
269
gnutls_global_set_log_function(debuggnutls);
245
270
}
246
271
247
248
272
/* openpgp credentials */
249
273
if ((ret = gnutls_certificate_allocate_credentials (&es->cred))
250
274
!= GNUTLS_E_SUCCESS) {
251
fprintf (stderr, "memory error: %s\n", safer_gnutls_strerror(ret));
275
fprintf (stderr, "memory error: %s\n",
276
safer_gnutls_strerror(ret));
252
277
return -1;
253
278
}
254
279
255
280
if(debug){
256
fprintf(stderr, "Attempting to use openpgp certificate %s"
257
" and keyfile %s as gnutls credentials\n", CERTFILE, KEYFILE);
281
fprintf(stderr, "Attempting to use OpenPGP certificate %s"
282
" and keyfile %s as GnuTLS credentials\n", certfile,
283
certkey);
258
284
}
259
285
260
286
ret = gnutls_certificate_set_openpgp_key_file
261
(es->cred, CERTFILE, KEYFILE, GNUTLS_OPENPGP_FMT_BASE64);
287
(es->cred, certfile, certkey, GNUTLS_OPENPGP_FMT_BASE64);
262
288
if (ret != GNUTLS_E_SUCCESS) {
263
289
fprintf
264
(stderr, "Error[%d] while reading the OpenPGP key pair ('%s', '%s')\n",
265
ret, CERTFILE, KEYFILE);
290
(stderr, "Error[%d] while reading the OpenPGP key pair ('%s',"
291
" '%s')\n",
292
ret, certfile, certkey);
266
293
fprintf(stdout, "The Error is: %s\n",
267
294
safer_gnutls_strerror(ret));
268
295
return -1;
269
296
}
270
271
//Gnutls server initialization
297
298
//GnuTLS server initialization
272
299
if ((ret = gnutls_dh_params_init (&es->dh_params))
273
300
!= GNUTLS_E_SUCCESS) {
274
301
fprintf (stderr, "Error in dh parameter initialization: %s\n",
275
302
safer_gnutls_strerror(ret));
276
303
return -1;
277
304
}
278
305
279
306
if ((ret = gnutls_dh_params_generate2 (es->dh_params, DH_BITS))
280
307
!= GNUTLS_E_SUCCESS) {
281
308
fprintf (stderr, "Error in prime generation: %s\n",
282
309
safer_gnutls_strerror(ret));
283
310
return -1;
284
311
}
285
312
286
313
gnutls_certificate_set_dh_params (es->cred, es->dh_params);
287
288
// Gnutls session creation
314
315
// GnuTLS session creation
289
316
if ((ret = gnutls_init (&es->session, GNUTLS_SERVER))
290
317
!= GNUTLS_E_SUCCESS){
291
fprintf(stderr, "Error in gnutls session initialization: %s\n",
318
fprintf(stderr, "Error in GnuTLS session initialization: %s\n",
292
319
safer_gnutls_strerror(ret));
293
320
}
294
321
295
322
if ((ret = gnutls_priority_set_direct (es->session, "NORMAL", &err))
296
323
!= GNUTLS_E_SUCCESS) {
297
324
fprintf(stderr, "Syntax error at: %s\n", err);
298
fprintf(stderr, "Gnutls error: %s\n",
325
fprintf(stderr, "GnuTLS error: %s\n",
299
326
safer_gnutls_strerror(ret));
300
327
return -1;
301
328
}
302
329
303
330
if ((ret = gnutls_credentials_set
304
331
(es->session, GNUTLS_CRD_CERTIFICATE, es->cred))
305
332
!= GNUTLS_E_SUCCESS) {
307
334
safer_gnutls_strerror(ret));
308
335
return -1;
309
336
}
310
337
311
338
/* ignore client certificate if any. */
312
gnutls_certificate_server_set_request (es->session, GNUTLS_CERT_IGNORE);
339
gnutls_certificate_server_set_request (es->session,
340
GNUTLS_CERT_IGNORE);
313
341
314
342
gnutls_dh_set_prime_bits (es->session, DH_BITS);
315
343
316
344
return 0;
317
345
}
318
346
319
void empty_log(AvahiLogLevel level, const char *txt){}
347
void empty_log(__attribute__((unused)) AvahiLogLevel level,
348
__attribute__((unused)) const char *txt){}
320
349
321
int start_mandos_communcation(char *ip, uint16_t port){
350
int start_mandos_communication(const char *ip, uint16_t port,
351
AvahiIfIndex if_index){
322
352
int ret, tcp_sd;
323
353
struct sockaddr_in6 to;
324
struct in6_addr ip_addr;
325
354
encrypted_session es;
326
355
char *buffer = NULL;
327
356
char *decrypted_buffer;
328
357
size_t buffer_length = 0;
329
358
size_t buffer_capacity = 0;
330
359
ssize_t decrypted_buffer_size;
360
size_t written = 0;
331
361
int retval = 0;
332
362
char interface[IF_NAMESIZE];
363
333
364
if(debug){
334
fprintf(stderr, "Setting up a tcp connection to %s\n", ip);
365
fprintf(stderr, "Setting up a tcp connection to %s, port %d\n",
366
ip, port);
335
367
}
336
368
337
369
tcp_sd = socket(PF_INET6, SOCK_STREAM, 0);
339
371
perror("socket");
340
372
return -1;
341
373
}
342
374
375
if(if_indextoname((unsigned int)if_index, interface) == NULL){
376
if(debug){
377
perror("if_indextoname");
378
}
379
return -1;
380
}
381
343
382
if(debug){
344
383
fprintf(stderr, "Binding to interface %s\n", interface);
345
384
}
346
347
ret = setsockopt(tcp_sd, SOL_SOCKET, SO_BINDTODEVICE, interface, 5);
348
if(tcp_sd < 0) {
349
perror("setsockopt bindtodevice");
350
return -1;
351
}
352
385
353
memset(&to,0,sizeof(to));
386
memset(&to,0,sizeof(to)); /* Spurious warning */
354
387
to.sin6_family = AF_INET6;
355
ret = inet_pton(AF_INET6, ip, &ip_addr);
388
ret = inet_pton(AF_INET6, ip, &to.sin6_addr);
356
389
if (ret < 0 ){
357
390
perror("inet_pton");
358
391
return -1;
361
394
fprintf(stderr, "Bad address: %s\n", ip);
362
395
return -1;
363
396
}
364
to.sin6_port = htons(port);
365
to.sin6_scope_id = if_nametoindex(interface);
366
397
to.sin6_port = htons(port); /* Spurious warning */
398
399
to.sin6_scope_id = (uint32_t)if_index;
400
367
401
if(debug){
368
fprintf(stderr, "Connection to: %s\n", ip);
402
fprintf(stderr, "Connection to: %s, port %d\n", ip, port);
403
/* char addrstr[INET6_ADDRSTRLEN]; */
404
/* if(inet_ntop(to.sin6_family, &(to.sin6_addr), addrstr, */
405
/* sizeof(addrstr)) == NULL){ */
406
/* perror("inet_ntop"); */
407
/* } else { */
408
/* fprintf(stderr, "Really connecting to: %s, port %d\n", */
409
/* addrstr, ntohs(to.sin6_port)); */
410
/* } */
369
411
}
370
412
371
413
ret = connect(tcp_sd, (struct sockaddr *) &to, sizeof(to));
379
421
retval = -1;
380
422
return -1;
381
423
}
382
383
384
gnutls_transport_set_ptr (es.session, (gnutls_transport_ptr_t) tcp_sd);
385
424
425
gnutls_transport_set_ptr (es.session,
426
(gnutls_transport_ptr_t) tcp_sd);
427
386
428
if(debug){
387
fprintf(stderr, "Establishing tls session with %s\n", ip);
429
fprintf(stderr, "Establishing TLS session with %s\n", ip);
388
430
}
389
390
431
391
432
ret = gnutls_handshake (es.session);
392
433
393
434
if (ret != GNUTLS_E_SUCCESS){
394
fprintf(stderr, "\n*** Handshake failed ***\n");
395
gnutls_perror (ret);
435
if(debug){
436
fprintf(stderr, "\n*** Handshake failed ***\n");
437
gnutls_perror (ret);
438
}
396
439
retval = -1;
397
440
goto exit;
398
441
}
399
400
//Retrieve gpg packet that contains the wanted password
401
442
443
//Retrieve OpenPGP packet that contains the wanted password
444
402
445
if(debug){
403
fprintf(stderr, "Retrieving pgp encrypted password from %s\n", ip);
446
fprintf(stderr, "Retrieving pgp encrypted password from %s\n",
447
ip);
404
448
}
405
449
406
450
while(true){
433
477
}
434
478
break;
435
479
default:
436
fprintf(stderr, "Unknown error while reading data from encrypted session with mandos server\n");
480
fprintf(stderr, "Unknown error while reading data from"
481
" encrypted session with mandos server\n");
437
482
retval = -1;
438
483
gnutls_bye (es.session, GNUTLS_SHUT_RDWR);
439
484
goto exit;
440
485
}
441
486
} else {
442
buffer_length += ret;
487
buffer_length += (size_t) ret;
443
488
}
444
489
}
445
490
446
491
if (buffer_length > 0){
447
if ((decrypted_buffer_size = gpg_packet_decrypt(buffer, buffer_length, &decrypted_buffer, CERT_ROOT)) >= 0){
448
fwrite (decrypted_buffer, 1, decrypted_buffer_size, stdout);
492
decrypted_buffer_size = pgp_packet_decrypt(buffer,
493
buffer_length,
494
&decrypted_buffer,
495
certdir);
496
if (decrypted_buffer_size >= 0){
497
while(written < (size_t) decrypted_buffer_size){
498
ret = (int)fwrite (decrypted_buffer + written, 1,
499
(size_t)decrypted_buffer_size - written,
500
stdout);
501
if(ret == 0 and ferror(stdout)){
502
if(debug){
503
fprintf(stderr, "Error writing encrypted data: %s\n",
504
strerror(errno));
505
}
506
retval = -1;
507
break;
508
}
509
written += (size_t)ret;
510
}
449
511
free(decrypted_buffer);
450
512
} else {
451
513
retval = -1;
455
517
//shutdown procedure
456
518
457
519
if(debug){
458
fprintf(stderr, "Closing tls session\n");
520
fprintf(stderr, "Closing TLS session\n");
459
521
}
460
522
461
523
free(buffer);
473
535
474
536
static void resolve_callback(
475
537
AvahiSServiceResolver *r,
476
AVAHI_GCC_UNUSED AvahiIfIndex interface,
538
AvahiIfIndex interface,
477
539
AVAHI_GCC_UNUSED AvahiProtocol protocol,
478
540
AvahiResolverEvent event,
479
541
const char *name,
482
544
const char *host_name,
483
545
const AvahiAddress *address,
484
546
uint16_t port,
485
AvahiStringList *txt,
486
AvahiLookupResultFlags flags,
547
AVAHI_GCC_UNUSED AvahiStringList *txt,
548
AVAHI_GCC_UNUSED AvahiLookupResultFlags flags,
487
549
AVAHI_GCC_UNUSED void* userdata) {
488
550
489
assert(r);
490
491
/* Called whenever a service has been resolved successfully or timed out */
492
493
switch (event) {
494
case AVAHI_RESOLVER_FAILURE:
495
fprintf(stderr, "(Resolver) Failed to resolve service '%s' of type '%s' in domain '%s': %s\n", name, type, domain, avahi_strerror(avahi_server_errno(server)));
496
break;
497
498
case AVAHI_RESOLVER_FOUND: {
499
char ip[AVAHI_ADDRESS_STR_MAX];
500
avahi_address_snprint(ip, sizeof(ip), address);
501
if(debug){
502
fprintf(stderr, "Mandos server found at %s on port %d\n", ip, port);
503
}
504
int ret = start_mandos_communcation(ip, port);
505
if (ret == 0){
506
exit(EXIT_SUCCESS);
507
} else {
508
exit(EXIT_FAILURE);
509
}
510
}
551
assert(r); /* Spurious warning */
552
553
/* Called whenever a service has been resolved successfully or
554
timed out */
555
556
switch (event) {
557
default:
558
case AVAHI_RESOLVER_FAILURE:
559
fprintf(stderr, "(Resolver) Failed to resolve service '%s' of"
560
" type '%s' in domain '%s': %s\n", name, type, domain,
561
avahi_strerror(avahi_server_errno(server)));
562
break;
563
564
case AVAHI_RESOLVER_FOUND:
565
{
566
char ip[AVAHI_ADDRESS_STR_MAX];
567
avahi_address_snprint(ip, sizeof(ip), address);
568
if(debug){
569
fprintf(stderr, "Mandos server \"%s\" found on %s (%s) on"
570
" port %d\n", name, host_name, ip, port);
571
}
572
int ret = start_mandos_communication(ip, port, interface);
573
if (ret == 0){
574
exit(EXIT_SUCCESS);
575
}
511
576
}
512
avahi_s_service_resolver_free(r);
577
}
578
avahi_s_service_resolver_free(r);
513
579
}
514
580
515
581
static void browse_callback(
524
590
void* userdata) {
525
591
526
592
AvahiServer *s = userdata;
527
assert(b);
528
529
/* Called whenever a new services becomes available on the LAN or is removed from the LAN */
530
593
assert(b); /* Spurious warning */
594
595
/* Called whenever a new services becomes available on the LAN or
596
is removed from the LAN */
597
531
598
switch (event) {
532
533
case AVAHI_BROWSER_FAILURE:
534
535
fprintf(stderr, "(Browser) %s\n", avahi_strerror(avahi_server_errno(server)));
536
avahi_simple_poll_quit(simple_poll);
537
return;
538
539
case AVAHI_BROWSER_NEW:
540
/* We ignore the returned resolver object. In the callback
541
function we free it. If the server is terminated before
542
the callback function is called the server will free
543
the resolver for us. */
544
545
if (!(avahi_s_service_resolver_new(s, interface, protocol, name, type, domain, AVAHI_PROTO_INET6, 0, resolve_callback, s)))
546
fprintf(stderr, "Failed to resolve service '%s': %s\n", name, avahi_strerror(avahi_server_errno(s)));
547
548
break;
549
550
case AVAHI_BROWSER_REMOVE:
551
break;
552
553
case AVAHI_BROWSER_ALL_FOR_NOW:
554
case AVAHI_BROWSER_CACHE_EXHAUSTED:
555
break;
599
default:
600
case AVAHI_BROWSER_FAILURE:
601
602
fprintf(stderr, "(Browser) %s\n",
603
avahi_strerror(avahi_server_errno(server)));
604
avahi_simple_poll_quit(simple_poll);
605
return;
606
607
case AVAHI_BROWSER_NEW:
608
/* We ignore the returned resolver object. In the callback
609
function we free it. If the server is terminated before
610
the callback function is called the server will free
611
the resolver for us. */
612
613
if (!(avahi_s_service_resolver_new(s, interface, protocol, name,
614
type, domain,
615
AVAHI_PROTO_INET6, 0,
616
resolve_callback, s)))
617
fprintf(stderr, "Failed to resolve service '%s': %s\n", name,
618
avahi_strerror(avahi_server_errno(s)));
619
break;
620
621
case AVAHI_BROWSER_REMOVE:
622
break;
623
624
case AVAHI_BROWSER_ALL_FOR_NOW:
625
case AVAHI_BROWSER_CACHE_EXHAUSTED:
626
break;
556
627
}
557
628
}
558
629
630
/* combinds file name and path and returns the malloced new string. som sane checks could/should be added */
631
const char *combinepath(const char *first, const char *second){
632
char *tmp;
633
tmp = malloc(strlen(first) + strlen(second) + 2);
634
if (tmp == NULL){
635
perror("malloc");
636
return NULL;
637
}
638
strcpy(tmp, first);
639
if (first[0] != '\0' and first[strlen(first) - 1] != '/'){
640
strcat(tmp, "/");
641
}
642
strcat(tmp, second);
643
return tmp;
644
}
645
646
559
647
int main(AVAHI_GCC_UNUSED int argc, AVAHI_GCC_UNUSED char*argv[]) {
560
648
AvahiServerConfig config;
561
649
AvahiSServiceBrowser *sb = NULL;
562
650
int error;
563
651
int ret;
564
652
int returncode = EXIT_SUCCESS;
565
653
const char *interface = NULL;
654
AvahiIfIndex if_index = AVAHI_IF_UNSPEC;
655
char *connect_to = NULL;
656
566
657
while (true){
567
658
static struct option long_options[] = {
568
659
{"debug", no_argument, (int *)&debug, 1},
660
{"connect", required_argument, 0, 'C'},
569
661
{"interface", required_argument, 0, 'i'},
662
{"certdir", required_argument, 0, 'd'},
663
{"certkey", required_argument, 0, 'c'},
664
{"certfile", required_argument, 0, 'k'},
570
665
{0, 0, 0, 0} };
571
666
572
667
int option_index = 0;
573
ret = getopt_long (argc, argv, "i:", long_options, &option_index);
574
668
ret = getopt_long (argc, argv, "i:", long_options,
669
&option_index);
670
575
671
if (ret == -1){
576
672
break;
577
673
}
582
678
case 'i':
583
679
interface = optarg;
584
680
break;
681
case 'C':
682
connect_to = optarg;
683
break;
684
case 'd':
685
certdir = optarg;
686
break;
687
case 'c':
688
certfile = optarg;
689
break;
690
case 'k':
691
certkey = optarg;
692
break;
585
693
default:
586
694
exit(EXIT_FAILURE);
587
695
}
588
696
}
697
698
certfile = combinepath(certdir, certfile);
699
if (certfile == NULL){
700
goto exit;
701
}
702
703
if(interface != NULL){
704
if_index = (AvahiIfIndex) if_nametoindex(interface);
705
if(if_index == 0){
706
fprintf(stderr, "No such interface: \"%s\"\n", interface);
707
exit(EXIT_FAILURE);
708
}
709
}
710
711
if(connect_to != NULL){
712
/* Connect directly, do not use Zeroconf */
713
/* (Mainly meant for debugging) */
714
char *address = strrchr(connect_to, ':');
715
if(address == NULL){
716
fprintf(stderr, "No colon in address\n");
717
exit(EXIT_FAILURE);
718
}
719
errno = 0;
720
uint16_t port = (uint16_t) strtol(address+1, NULL, 10);
721
if(errno){
722
perror("Bad port number");
723
exit(EXIT_FAILURE);
724
}
725
*address = '\0';
726
address = connect_to;
727
ret = start_mandos_communication(address, port, if_index);
728
if(ret < 0){
729
exit(EXIT_FAILURE);
730
} else {
731
exit(EXIT_SUCCESS);
732
}
733
}
734
735
certkey = combinepath(certdir, certkey);
736
if (certkey == NULL){
737
goto exit;
738
}
589
739
590
740
if (not debug){
591
741
avahi_set_log_function(empty_log);
592
742
}
593
743
594
744
/* Initialize the psuedo-RNG */
595
srand(time(NULL));
745
srand((unsigned int) time(NULL));
596
746
597
747
/* Allocate main loop object */
598
748
if (!(simple_poll = avahi_simple_poll_new())) {
609
759
config.publish_domain = 0;
610
760
611
761
/* Allocate a new server */
612
server = avahi_server_new(avahi_simple_poll_get(simple_poll), &config, NULL, NULL, &error);
762
server = avahi_server_new(avahi_simple_poll_get(simple_poll),
763
&config, NULL, NULL, &error);
613
764
614
765
/* Free the configuration data */
615
766
avahi_server_config_free(&config);
616
767
617
768
/* Check if creating the server object succeeded */
618
769
if (!server) {
619
fprintf(stderr, "Failed to create server: %s\n", avahi_strerror(error));
770
fprintf(stderr, "Failed to create server: %s\n",
771
avahi_strerror(error));
620
772
returncode = EXIT_FAILURE;
621
773
goto exit;
622
774
}
623
775
624
776
/* Create the service browser */
625
if (!(sb = avahi_s_service_browser_new(server, if_nametoindex("eth0"), AVAHI_PROTO_INET6, "_mandos._tcp", NULL, 0, browse_callback, server))) {
626
fprintf(stderr, "Failed to create service browser: %s\n", avahi_strerror(avahi_server_errno(server)));
777
sb = avahi_s_service_browser_new(server, if_index,
778
AVAHI_PROTO_INET6,
779
"_mandos._tcp", NULL, 0,
780
browse_callback, server);
781
if (!sb) {
782
fprintf(stderr, "Failed to create service browser: %s\n",
783
avahi_strerror(avahi_server_errno(server)));
627
784
returncode = EXIT_FAILURE;
628
785
goto exit;
629
786
}
636
793
637
794
avahi_simple_poll_loop(simple_poll);
638
795
639
exit:
796
exit:
640
797
641
798
if (debug){
642
799
fprintf(stderr, "%s exiting\n", argv[0]);
651
808
652
809
if (simple_poll)
653
810
avahi_simple_poll_free(simple_poll);
654
811
free(certfile);
812
free(certkey);
813
655
814
return returncode;
656
815
}
Loggerhead is a web-based interface for Breezy
Version: 2.0.2.dev0