/mandos/trunk : revision 36

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to plugins.d/mandosclient.c

Committer: Teddy Hogeborn
Date: 2008-08-02 14:33:47 UTC
Revision ID: teddy@fukt.bsnet.se-20080802143347-u1m4zs1q0feu72ei

* TODO: Converted to org-mode style

* plugins.d/mandosclient.c (certdir): Changed to "/conf/conf.d/mandos/".
  (certdir, certfile, certkey, pgp_packet_decrypt, debuggnutls,
  initgnutls, empty_log, combinepath): Made static.
  (combinepath): Rewritten to only get the argument string lengths
                 once.  Do not print error message; leave that to
                 caller.  All callers changed.

files added:
ca.pem

cert.pem

client-cert.pem

client-key.pem

crl.pem

key.pem

files removed:
.bzrignore

COPYING

initramfs-tools-hook

initramfs-tools-hook-conf

initramfs-tools-script

legalnotice.xml

mandos-clients.conf.xml

mandos-keygen

mandos-keygen.xml

mandos-options.xml

mandos.conf.xml

mandos.xml

overview.xml

plugin-runner.xml

plugins.d/password-prompt.xml

plugins.d/password-request.xml

plugins.d/usplash

files renamed:
plugin-runner.c => plugbasedclient.c

plugins.d/password-request.c => plugins.d/mandosclient.c

plugins.d/password-prompt.c => plugins.d/passprompt.c

mandos.conf => server.conf

mandos => server.py

files modified:
Makefile

TODO

clients.conf

Show diffs side-by-side

added added

removed removed

plugins.d/mandosclient.c

#define _LARGEFILE_SOURCE

#define _FILE_OFFSET_BITS 64

#define _GNU_SOURCE /* TEMP_FAILURE_RETRY(), asprintf() */

#include <stdio.h> /* fprintf(), stderr, fwrite(),

stdout, ferror() */

#include <stdint.h> /* uint16_t, uint32_t */

#include <stddef.h> /* NULL, size_t, ssize_t */

#include <stdlib.h> /* free(), EXIT_SUCCESS, EXIT_FAILURE,

srand() */

#include <stdbool.h> /* bool, true */

#include <string.h> /* memset(), strcmp(), strlen(),

strerror(), asprintf(), strcpy() */

#include <sys/ioctl.h> /* ioctl */

#include <sys/types.h> /* socket(), inet_pton(), sockaddr,

sockaddr_in6, PF_INET6,

SOCK_STREAM, INET6_ADDRSTRLEN,

uid_t, gid_t */

#include <inttypes.h> /* PRIu16 */

#include <sys/socket.h> /* socket(), struct sockaddr_in6,

struct in6_addr, inet_pton(),

connect() */

#include <assert.h> /* assert() */

#include <errno.h> /* perror(), errno */

#include <time.h> /* time() */

#include <net/if.h> /* ioctl, ifreq, SIOCGIFFLAGS, IFF_UP,

SIOCSIFFLAGS, if_indextoname(),

if_nametoindex(), IF_NAMESIZE */

#include <unistd.h> /* close(), SEEK_SET, off_t, write(),

getuid(), getgid(), setuid(),

setgid() */

#include <netinet/in.h>

#include <arpa/inet.h> /* inet_pton(), htons */

#include <iso646.h> /* not, and */

#include <argp.h> /* struct argp_option, error_t, struct

argp_state, struct argp,

argp_parse(), ARGP_KEY_ARG,

ARGP_KEY_END, ARGP_ERR_UNKNOWN */

/* Avahi */

/* All Avahi types, constants and functions

Avahi*, avahi_*,

AVAHI_* */

#include <stdio.h>

#include <assert.h>

#include <stdlib.h>

#include <time.h>

#include <net/if.h> /* if_nametoindex */

#include <avahi-core/core.h>

#include <avahi-core/lookup.h>

#include <avahi-core/log.h>

#include <avahi-common/malloc.h>

#include <avahi-common/error.h>

/* GnuTLS */

#include <gnutls/gnutls.h> /* All GnuTLS types, constants and

functions:

gnutls_*

init_gnutls_session(),

GNUTLS_* */

#include <gnutls/openpgp.h> /* gnutls_certificate_set_openpgp_key_file(),

GNUTLS_OPENPGP_FMT_BASE64 */

/* GPGME */

#include <gpgme.h> /* All GPGME types, constants and

functions:

gpgme_*

GPGME_PROTOCOL_OpenPGP,

GPG_ERR_NO_* */

//mandos client part

#include <sys/types.h> /* socket(), inet_pton() */

#include <sys/socket.h> /* socket(), struct sockaddr_in6,

struct in6_addr, inet_pton() */

#include <gnutls/gnutls.h> /* All GnuTLS stuff */

#include <gnutls/openpgp.h> /* GnuTLS with openpgp stuff */

#include <unistd.h> /* close() */

#include <netinet/in.h>

#include <stdbool.h> /* true */

#include <string.h> /* memset */

#include <arpa/inet.h> /* inet_pton() */

#include <iso646.h> /* not */

// gpgme

#include <errno.h> /* perror() */

#include <gpgme.h>

// getopt long

#include <getopt.h>

#define BUFFER_SIZE 256

#define DH_BITS 1024

static const char *certdir = "/conf/conf.d/mandos";

static const char *certfile = "openpgp-client.txt";

static const char *certkey = "openpgp-client-key.txt";

100

101

bool debug = false;

102

static const char *keydir = "/conf/conf.d/mandos";

103

static const char mandos_protocol_version[] = "1";

104

const char *argp_program_version = "password-request 1.0";

105

const char *argp_program_bug_address = "<mandos@fukt.bsnet.se>";

106

107

/* Used for passing in values through the Avahi callback functions */

108

typedef struct {

109

AvahiSimplePoll *simple_poll;

110

AvahiServer *server;

gnutls_session_t session;

111

gnutls_certificate_credentials_t cred;

112

unsigned int dh_bits;

113

gnutls_dh_params_t dh_params;

114

const char *priority;

115

} mandos_context;

116

117

118

* Make room in "buffer" for at least BUFFER_SIZE additional bytes.

119

* "buffer_capacity" is how much is currently allocated,

120

* "buffer_length" is how much is already used.

121

122

size_t adjustbuffer(char **buffer, size_t buffer_length,

123

size_t buffer_capacity){

124

if (buffer_length + BUFFER_SIZE > buffer_capacity){

125

*buffer = realloc(*buffer, buffer_capacity + BUFFER_SIZE);

126

if (buffer == NULL){

127

return 0;

128

}

129

buffer_capacity += BUFFER_SIZE;

130

}

131

return buffer_capacity;

132

}

133

134

135

* Decrypt OpenPGP data using keyrings in HOMEDIR.

136

* Returns -1 on error

137

138

static ssize_t pgp_packet_decrypt (const char *cryptotext,

139

size_t crypto_size,

140

char **plaintext,

} encrypted_session;

static ssize_t pgp_packet_decrypt (char *packet, size_t packet_size,

char **new_packet,

141

const char *homedir){

142

gpgme_data_t dh_crypto, dh_plain;

143

gpgme_ctx_t ctx;

144

gpgme_error_t rc;

145

ssize_t ret;

146

size_t plaintext_capacity = 0;

147

ssize_t plaintext_length = 0;

ssize_t new_packet_capacity = 0;

ssize_t new_packet_length = 0;

148

gpgme_engine_info_t engine_info;

149

150

if (debug){

151

fprintf(stderr, "Trying to decrypt OpenPGP data\n");

fprintf(stderr, "Trying to decrypt OpenPGP packet\n");

152

}

153

154

100

/* Init GPGME */

160

106

return -1;

161

107

}

162

108

163

/* Set GPGME home directory for the OpenPGP engine only */

109

/* Set GPGME home directory */

164

110

rc = gpgme_get_engine_info (&engine_info);

165

111

if (rc != GPG_ERR_NO_ERROR){

166

112

fprintf(stderr, "bad gpgme_get_engine_info: %s: %s\n",

176

122

engine_info = engine_info->next;

177

123

}

178

124

if(engine_info == NULL){

179

fprintf(stderr, "Could not set GPGME home dir to %s\n", homedir);

125

fprintf(stderr, "Could not set home dir to %s\n", homedir);

180

126

return -1;

181

127

}

182

128

183

/* Create new GPGME data buffer from memory cryptotext */

184

rc = gpgme_data_new_from_mem(&dh_crypto, cryptotext, crypto_size,

185

0);

129

/* Create new GPGME data buffer from packet buffer */

130

rc = gpgme_data_new_from_mem(&dh_crypto, packet, packet_size, 0);

186

131

if (rc != GPG_ERR_NO_ERROR){

187

132

fprintf(stderr, "bad gpgme_data_new_from_mem: %s: %s\n",

188

133

gpgme_strsource(rc), gpgme_strerror(rc));

194

139

if (rc != GPG_ERR_NO_ERROR){

195

140

fprintf(stderr, "bad gpgme_data_new: %s: %s\n",

196

141

gpgme_strsource(rc), gpgme_strerror(rc));

197

gpgme_data_release(dh_crypto);

198

142

return -1;

199

143

}

200

144

203

147

if (rc != GPG_ERR_NO_ERROR){

204

148

fprintf(stderr, "bad gpgme_new: %s: %s\n",

205

149

gpgme_strsource(rc), gpgme_strerror(rc));

206

plaintext_length = -1;

207

goto decrypt_end;

150

return -1;

208

151

}

209

152

210

/* Decrypt data from the cryptotext data buffer to the plaintext

211

data buffer */

153

/* Decrypt data from the FILE pointer to the plaintext data

154

buffer */

212

155

rc = gpgme_op_decrypt(ctx, dh_crypto, dh_plain);

213

156

if (rc != GPG_ERR_NO_ERROR){

214

157

fprintf(stderr, "bad gpgme_op_decrypt: %s: %s\n",

215

158

gpgme_strsource(rc), gpgme_strerror(rc));

216

plaintext_length = -1;

217

if (debug){

218

gpgme_decrypt_result_t result;

219

result = gpgme_op_decrypt_result(ctx);

220

if (result == NULL){

221

fprintf(stderr, "gpgme_op_decrypt_result failed\n");

222

} else {

223

fprintf(stderr, "Unsupported algorithm: %s\n",

224

result->unsupported_algorithm);

225

fprintf(stderr, "Wrong key usage: %u\n",

226

result->wrong_key_usage);

227

if(result->file_name != NULL){

228

fprintf(stderr, "File name: %s\n", result->file_name);

229

}

230

gpgme_recipient_t recipient;

231

recipient = result->recipients;

232

if(recipient){

233

while(recipient != NULL){

234

fprintf(stderr, "Public key algorithm: %s\n",

235

gpgme_pubkey_algo_name(recipient->pubkey_algo));

236

fprintf(stderr, "Key ID: %s\n", recipient->keyid);

237

fprintf(stderr, "Secret key available: %s\n",

238

recipient->status == GPG_ERR_NO_SECKEY

239

? "No" : "Yes");

240

recipient = recipient->next;

241

}

159

return -1;

160

}

161

162

if(debug){

163

fprintf(stderr, "Decryption of OpenPGP packet succeeded\n");

164

}

165

166

if (debug){

167

gpgme_decrypt_result_t result;

168

result = gpgme_op_decrypt_result(ctx);

169

if (result == NULL){

170

fprintf(stderr, "gpgme_op_decrypt_result failed\n");

171

} else {

172

fprintf(stderr, "Unsupported algorithm: %s\n",

173

result->unsupported_algorithm);

174

fprintf(stderr, "Wrong key usage: %d\n",

175

result->wrong_key_usage);

176

if(result->file_name != NULL){

177

fprintf(stderr, "File name: %s\n", result->file_name);

178

}

179

gpgme_recipient_t recipient;

180

recipient = result->recipients;

181

if(recipient){

182

while(recipient != NULL){

183

fprintf(stderr, "Public key algorithm: %s\n",

184

gpgme_pubkey_algo_name(recipient->pubkey_algo));

185

fprintf(stderr, "Key ID: %s\n", recipient->keyid);

186

fprintf(stderr, "Secret key available: %s\n",

187

recipient->status == GPG_ERR_NO_SECKEY

188

? "No" : "Yes");

189

recipient = recipient->next;

242

190

}

243

191

}

244

192

}

245

goto decrypt_end;

246

193

}

247

194

248

if(debug){

249

fprintf(stderr, "Decryption of OpenPGP data succeeded\n");

250

}

195

/* Delete the GPGME FILE pointer cryptotext data buffer */

196

gpgme_data_release(dh_crypto);

251

197

252

198

/* Seek back to the beginning of the GPGME plaintext data buffer */

253

199

if (gpgme_data_seek(dh_plain, (off_t) 0, SEEK_SET) == -1){

254

200

perror("pgpme_data_seek");

255

plaintext_length = -1;

256

goto decrypt_end;

257

201

}

258

202

259

*plaintext = NULL;

203

*new_packet = 0;

260

204

while(true){

261

plaintext_capacity = adjustbuffer(plaintext,

262

(size_t)plaintext_length,

263

plaintext_capacity);

264

if (plaintext_capacity == 0){

265

perror("adjustbuffer");

266

plaintext_length = -1;

267

goto decrypt_end;

205

if (new_packet_length + BUFFER_SIZE > new_packet_capacity){

206

*new_packet = realloc(*new_packet,

207

(unsigned int)new_packet_capacity

208

+ BUFFER_SIZE);

209

if (*new_packet == NULL){

210

perror("realloc");

211

return -1;

212

}

213

new_packet_capacity += BUFFER_SIZE;

268

214

}

269

215

270

ret = gpgme_data_read(dh_plain, *plaintext + plaintext_length,

216

ret = gpgme_data_read(dh_plain, *new_packet + new_packet_length,

271

217

BUFFER_SIZE);

272

218

/* Print the data, if any */

273

219

if (ret == 0){

274

/* EOF */

275

220

break;

276

221

}

277

222

if(ret < 0){

278

223

perror("gpgme_data_read");

279

plaintext_length = -1;

280

goto decrypt_end;

281

}

282

plaintext_length += ret;

283

}

284

285

if(debug){

286

fprintf(stderr, "Decrypted password is: ");

287

for(ssize_t i = 0; i < plaintext_length; i++){

288

fprintf(stderr, "%02hhX ", (*plaintext)[i]);

289

}

290

fprintf(stderr, "\n");

291

}

292

293

decrypt_end:

294

295

/* Delete the GPGME cryptotext data buffer */

296

gpgme_data_release(dh_crypto);

224

return -1;

225

}

226

new_packet_length += ret;

227

}

228

229

/* FIXME: check characters before printing to screen so to not print

230

terminal control characters */

231

/* if(debug){ */

232

/* fprintf(stderr, "decrypted password is: "); */

233

/* fwrite(*new_packet, 1, new_packet_length, stderr); */

234

/* fprintf(stderr, "\n"); */

235

/* } */

297

236

298

237

/* Delete the GPGME plaintext data buffer */

299

238

gpgme_data_release(dh_plain);

300

return plaintext_length;

239

return new_packet_length;

301

240

}

302

241

303

242

static const char * safer_gnutls_strerror (int value) {

304

const char *ret = gnutls_strerror (value); /* Spurious warning */

243

const char *ret = gnutls_strerror (value);

305

244

if (ret == NULL)

306

245

ret = "(unknown)";

307

246

return ret;

308

247

}

309

248

310

/* GnuTLS log function callback */

311

249

static void debuggnutls(__attribute__((unused)) int level,

312

250

const char* string){

313

fprintf(stderr, "GnuTLS: %s", string);

251

fprintf(stderr, "%s", string);

314

252

}

315

253

316

static int init_gnutls_global(mandos_context *mc,

317

const char *pubkeyfilename,

318

const char *seckeyfilename){

254

static int initgnutls(encrypted_session *es){

255

const char *err;

319

256

int ret;

320

257

321

258

if(debug){

322

259

fprintf(stderr, "Initializing GnuTLS\n");

323

260

}

324

325

ret = gnutls_global_init();

326

if (ret != GNUTLS_E_SUCCESS) {

327

fprintf (stderr, "GnuTLS global_init: %s\n",

328

safer_gnutls_strerror(ret));

261

262

if ((ret = gnutls_global_init ())

263

!= GNUTLS_E_SUCCESS) {

264

fprintf (stderr, "global_init: %s\n", safer_gnutls_strerror(ret));

329

265

return -1;

330

266

}

331

267

332

268

if (debug){

333

/* "Use a log level over 10 to enable all debugging options."

334

* - GnuTLS manual

335

336

269

gnutls_global_set_log_level(11);

337

270

gnutls_global_set_log_function(debuggnutls);

338

271

}

339

272

340

/* OpenPGP credentials */

341

gnutls_certificate_allocate_credentials(&mc->cred);

342

if (ret != GNUTLS_E_SUCCESS){

343

fprintf (stderr, "GnuTLS memory error: %s\n", /* Spurious

344

warning */

273

/* openpgp credentials */

274

if ((ret = gnutls_certificate_allocate_credentials (&es->cred))

275

!= GNUTLS_E_SUCCESS) {

276

fprintf (stderr, "memory error: %s\n",

345

277

safer_gnutls_strerror(ret));

346

gnutls_global_deinit ();

347

278

return -1;

348

279

}

349

280

350

281

if(debug){

351

282

fprintf(stderr, "Attempting to use OpenPGP certificate %s"

352

" and keyfile %s as GnuTLS credentials\n", pubkeyfilename,

353

seckeyfilename);

283

" and keyfile %s as GnuTLS credentials\n", certfile,

284

certkey);

354

285

}

355

286

356

287

ret = gnutls_certificate_set_openpgp_key_file

357

(mc->cred, pubkeyfilename, seckeyfilename,

358

GNUTLS_OPENPGP_FMT_BASE64);

288

(es->cred, certfile, certkey, GNUTLS_OPENPGP_FMT_BASE64);

359

289

if (ret != GNUTLS_E_SUCCESS) {

360

fprintf(stderr,

361

"Error[%d] while reading the OpenPGP key pair ('%s',"

362

" '%s')\n", ret, pubkeyfilename, seckeyfilename);

363

fprintf(stdout, "The GnuTLS error is: %s\n",

290

fprintf

291

(stderr, "Error[%d] while reading the OpenPGP key pair ('%s',"

292

" '%s')\n",

293

ret, certfile, certkey);

294

fprintf(stdout, "The Error is: %s\n",

364

295

safer_gnutls_strerror(ret));

365

goto globalfail;

366

}

367

368

/* GnuTLS server initialization */

369

ret = gnutls_dh_params_init(&mc->dh_params);

370

if (ret != GNUTLS_E_SUCCESS) {

371

fprintf (stderr, "Error in GnuTLS DH parameter initialization:"

372

" %s\n", safer_gnutls_strerror(ret));

373

goto globalfail;

374

}

375

ret = gnutls_dh_params_generate2(mc->dh_params, mc->dh_bits);

376

if (ret != GNUTLS_E_SUCCESS) {

377

fprintf (stderr, "Error in GnuTLS prime generation: %s\n",

378

safer_gnutls_strerror(ret));

379

goto globalfail;

380

}

381

382

gnutls_certificate_set_dh_params(mc->cred, mc->dh_params);

383

384

return 0;

385

386

globalfail:

387

388

gnutls_certificate_free_credentials(mc->cred);

389

gnutls_global_deinit();

390

return -1;

391

}

392

393

static int init_gnutls_session(mandos_context *mc,

394

gnutls_session_t *session){

395

int ret;

396

/* GnuTLS session creation */

397

ret = gnutls_init(session, GNUTLS_SERVER);

398

if (ret != GNUTLS_E_SUCCESS){

296

return -1;

297

}

298

299

//GnuTLS server initialization

300

if ((ret = gnutls_dh_params_init (&es->dh_params))

301

!= GNUTLS_E_SUCCESS) {

302

fprintf (stderr, "Error in dh parameter initialization: %s\n",

303

safer_gnutls_strerror(ret));

304

return -1;

305

}

306

307

if ((ret = gnutls_dh_params_generate2 (es->dh_params, DH_BITS))

308

!= GNUTLS_E_SUCCESS) {

309

fprintf (stderr, "Error in prime generation: %s\n",

310

safer_gnutls_strerror(ret));

311

return -1;

312

}

313

314

gnutls_certificate_set_dh_params (es->cred, es->dh_params);

315

316

// GnuTLS session creation

317

if ((ret = gnutls_init (&es->session, GNUTLS_SERVER))

318

!= GNUTLS_E_SUCCESS){

399

319

fprintf(stderr, "Error in GnuTLS session initialization: %s\n",

400

320

safer_gnutls_strerror(ret));

401

321

}

402

322

403

{

404

const char *err;

405

ret = gnutls_priority_set_direct(*session, mc->priority, &err);

406

if (ret != GNUTLS_E_SUCCESS) {

407

fprintf(stderr, "Syntax error at: %s\n", err);

408

fprintf(stderr, "GnuTLS error: %s\n",

409

safer_gnutls_strerror(ret));

410

gnutls_deinit (*session);

411

return -1;

412

}

323

if ((ret = gnutls_priority_set_direct (es->session, "NORMAL", &err))

324

!= GNUTLS_E_SUCCESS) {

325

fprintf(stderr, "Syntax error at: %s\n", err);

326

fprintf(stderr, "GnuTLS error: %s\n",

327

safer_gnutls_strerror(ret));

328

return -1;

413

329

}

414

330

415

ret = gnutls_credentials_set(*session, GNUTLS_CRD_CERTIFICATE,

416

mc->cred);

417

if (ret != GNUTLS_E_SUCCESS) {

418

fprintf(stderr, "Error setting GnuTLS credentials: %s\n",

331

if ((ret = gnutls_credentials_set

332

(es->session, GNUTLS_CRD_CERTIFICATE, es->cred))

333

!= GNUTLS_E_SUCCESS) {

334

fprintf(stderr, "Error setting a credentials set: %s\n",

419

335

safer_gnutls_strerror(ret));

420

gnutls_deinit (*session);

421

336

return -1;

422

337

}

423

338

424

339

/* ignore client certificate if any. */

425

gnutls_certificate_server_set_request (*session,

340

gnutls_certificate_server_set_request (es->session,

426

341

GNUTLS_CERT_IGNORE);

427

342

428

gnutls_dh_set_prime_bits (*session, mc->dh_bits);

343

gnutls_dh_set_prime_bits (es->session, DH_BITS);

429

344

430

345

return 0;

431

346

}

432

347

433

/* Avahi log function callback */

434

348

static void empty_log(__attribute__((unused)) AvahiLogLevel level,

435

349

__attribute__((unused)) const char *txt){}

436

350

437

/* Called when a Mandos server is found */

438

351

static int start_mandos_communication(const char *ip, uint16_t port,

439

AvahiIfIndex if_index,

440

mandos_context *mc){

352

AvahiIfIndex if_index){

441

353

int ret, tcp_sd;

442

union { struct sockaddr in; struct sockaddr_in6 in6; } to;

354

struct sockaddr_in6 to;

355

encrypted_session es;

443

356

char *buffer = NULL;

444

357

char *decrypted_buffer;

445

358

size_t buffer_length = 0;

446

359

size_t buffer_capacity = 0;

447

360

ssize_t decrypted_buffer_size;

448

size_t written;

361

size_t written = 0;

449

362

int retval = 0;

450

363

char interface[IF_NAMESIZE];

451

gnutls_session_t session;

452

453

ret = init_gnutls_session (mc, &session);

454

if (ret != 0){

455

return -1;

456

}

457

364

458

365

if(debug){

459

fprintf(stderr, "Setting up a tcp connection to %s, port %" PRIu16

460

"\n", ip, port);

366

fprintf(stderr, "Setting up a tcp connection to %s, port %d\n",

367

ip, port);

461

368

}

462

369

463

370

tcp_sd = socket(PF_INET6, SOCK_STREAM, 0);

466

373

return -1;

467

374

}

468

375

469

if(debug){

470

if(if_indextoname((unsigned int)if_index, interface) == NULL){

376

if(if_indextoname((unsigned int)if_index, interface) == NULL){

377

if(debug){

471

378

perror("if_indextoname");

472

return -1;

473

379

}

380

return -1;

381

}

382

383

if(debug){

474

384

fprintf(stderr, "Binding to interface %s\n", interface);

475

385

}

476

386

477

memset(&to, 0, sizeof(to));

478

to.in6.sin6_family = AF_INET6;

479

/* It would be nice to have a way to detect if we were passed an

480

IPv4 address here. Now we assume an IPv6 address. */

481

ret = inet_pton(AF_INET6, ip, &to.in6.sin6_addr);

387

memset(&to,0,sizeof(to)); /* Spurious warning */

388

to.sin6_family = AF_INET6;

389

ret = inet_pton(AF_INET6, ip, &to.sin6_addr);

482

390

if (ret < 0 ){

483

391

perror("inet_pton");

484

392

return -1;

485

}

393

}

486

394

if(ret == 0){

487

395

fprintf(stderr, "Bad address: %s\n", ip);

488

396

return -1;

489

397

}

490

to.in6.sin6_port = htons(port); /* Spurious warning */

398

to.sin6_port = htons(port); /* Spurious warning */

491

399

492

to.in6.sin6_scope_id = (uint32_t)if_index;

400

to.sin6_scope_id = (uint32_t)if_index;

493

401

494

402

if(debug){

495

fprintf(stderr, "Connection to: %s, port %" PRIu16 "\n", ip,

496

port);

497

char addrstr[INET6_ADDRSTRLEN] = "";

498

if(inet_ntop(to.in6.sin6_family, &(to.in6.sin6_addr), addrstr,

499

sizeof(addrstr)) == NULL){

500

perror("inet_ntop");

501

} else {

502

if(strcmp(addrstr, ip) != 0){

503

fprintf(stderr, "Canonical address form: %s\n", addrstr);

504

}

505

}

403

fprintf(stderr, "Connection to: %s, port %d\n", ip, port);

404

/* char addrstr[INET6_ADDRSTRLEN]; */

405

/* if(inet_ntop(to.sin6_family, &(to.sin6_addr), addrstr, */

406

/* sizeof(addrstr)) == NULL){ */

407

/* perror("inet_ntop"); */

408

/* } else { */

409

/* fprintf(stderr, "Really connecting to: %s, port %d\n", */

410

/* addrstr, ntohs(to.sin6_port)); */

411

/* } */

506

412

}

507

413

508

ret = connect(tcp_sd, &to.in, sizeof(to));

414

ret = connect(tcp_sd, (struct sockaddr *) &to, sizeof(to));

509

415

if (ret < 0){

510

416

perror("connect");

511

417

return -1;

512

418

}

513

419

514

const char *out = mandos_protocol_version;

515

written = 0;

516

while (true){

517

size_t out_size = strlen(out);

518

ret = TEMP_FAILURE_RETRY(write(tcp_sd, out + written,

519

out_size - written));

520

if (ret == -1){

521

perror("write");

522

retval = -1;

523

goto mandos_end;

524

}

525

written += (size_t)ret;

526

if(written < out_size){

527

continue;

528

} else {

529

if (out == mandos_protocol_version){

530

written = 0;

531

out = "\r\n";

532

} else {

533

break;

534

}

535

}

420

ret = initgnutls (&es);

421

if (ret != 0){

422

retval = -1;

423

return -1;

536

424

}

537

425

426

gnutls_transport_set_ptr (es.session,

427

(gnutls_transport_ptr_t) tcp_sd);

428

538

429

if(debug){

539

430

fprintf(stderr, "Establishing TLS session with %s\n", ip);

540

431

}

541

432

542

gnutls_transport_set_ptr (session, (gnutls_transport_ptr_t) tcp_sd);

543

544

do{

545

ret = gnutls_handshake (session);

546

} while(ret == GNUTLS_E_AGAIN or ret == GNUTLS_E_INTERRUPTED);

433

ret = gnutls_handshake (es.session);

547

434

548

435

if (ret != GNUTLS_E_SUCCESS){

549

436

if(debug){

550

fprintf(stderr, "*** GnuTLS Handshake failed ***\n");

437

fprintf(stderr, "\n*** Handshake failed ***\n");

551

438

gnutls_perror (ret);

552

439

}

553

440

retval = -1;

554

goto mandos_end;

441

goto exit;

555

442

}

556

443

557

/* Read OpenPGP packet that contains the wanted password */

444

//Retrieve OpenPGP packet that contains the wanted password

558

445

559

446

if(debug){

560

447

fprintf(stderr, "Retrieving pgp encrypted password from %s\n",

561

448

ip);

562

449

}

563

450

564

451

while(true){

565

buffer_capacity = adjustbuffer(&buffer, buffer_length,

566

buffer_capacity);

567

if (buffer_capacity == 0){

568

perror("adjustbuffer");

569

retval = -1;

570

goto mandos_end;

452

if (buffer_length + BUFFER_SIZE > buffer_capacity){

453

buffer = realloc(buffer, buffer_capacity + BUFFER_SIZE);

454

if (buffer == NULL){

455

perror("realloc");

456

goto exit;

457

}

458

buffer_capacity += BUFFER_SIZE;

571

459

}

572

460

573

ret = gnutls_record_recv(session, buffer+buffer_length,

574

BUFFER_SIZE);

461

ret = gnutls_record_recv

462

(es.session, buffer+buffer_length, BUFFER_SIZE);

575

463

if (ret == 0){

576

464

break;

577

465

}

581

469

case GNUTLS_E_AGAIN:

582

470

break;

583

471

case GNUTLS_E_REHANDSHAKE:

584

do{

585

ret = gnutls_handshake (session);

586

} while(ret == GNUTLS_E_AGAIN or ret == GNUTLS_E_INTERRUPTED);

472

ret = gnutls_handshake (es.session);

587

473

if (ret < 0){

588

fprintf(stderr, "*** GnuTLS Re-handshake failed ***\n");

474

fprintf(stderr, "\n*** Handshake failed ***\n");

589

475

gnutls_perror (ret);

590

476

retval = -1;

591

goto mandos_end;

477

goto exit;

592

478

}

593

479

break;

594

480

default:

595

481

fprintf(stderr, "Unknown error while reading data from"

596

" encrypted session with Mandos server\n");

482

" encrypted session with mandos server\n");

597

483

retval = -1;

598

gnutls_bye (session, GNUTLS_SHUT_RDWR);

599

goto mandos_end;

484

gnutls_bye (es.session, GNUTLS_SHUT_RDWR);

485

goto exit;

600

486

}

601

487

} else {

602

488

buffer_length += (size_t) ret;

603

489

}

604

490

}

605

491

606

if(debug){

607

fprintf(stderr, "Closing TLS session\n");

608

}

609

610

gnutls_bye (session, GNUTLS_SHUT_RDWR);

611

612

492

if (buffer_length > 0){

613

493

decrypted_buffer_size = pgp_packet_decrypt(buffer,

614

494

buffer_length,

615

495

&decrypted_buffer,

616

keydir);

496

certdir);

617

497

if (decrypted_buffer_size >= 0){

618

written = 0;

619

498

while(written < (size_t) decrypted_buffer_size){

620

499

ret = (int)fwrite (decrypted_buffer + written, 1,

621

500

(size_t)decrypted_buffer_size - written,

634

513

} else {

635

514

retval = -1;

636

515

}

637

} else {

638

retval = -1;

639

}

640

641

/* Shutdown procedure */

642

643

mandos_end:

516

}

517

518

//shutdown procedure

519

520

if(debug){

521

fprintf(stderr, "Closing TLS session\n");

522

}

523

644

524

free(buffer);

525

gnutls_bye (es.session, GNUTLS_SHUT_RDWR);

526

exit:

645

527

close(tcp_sd);

646

gnutls_deinit (session);

528

gnutls_deinit (es.session);

529

gnutls_certificate_free_credentials (es.cred);

530

gnutls_global_deinit ();

647

531

return retval;

648

532

}

649

533

650

static void resolve_callback(AvahiSServiceResolver *r,

651

AvahiIfIndex interface,

652

AVAHI_GCC_UNUSED AvahiProtocol protocol,

653

AvahiResolverEvent event,

654

const char *name,

655

const char *type,

656

const char *domain,

657

const char *host_name,

658

const AvahiAddress *address,

659

uint16_t port,

660

AVAHI_GCC_UNUSED AvahiStringList *txt,

661

AVAHI_GCC_UNUSED AvahiLookupResultFlags

662

flags,

663

void* userdata) {

664

mandos_context *mc = userdata;

665

assert(r);

534

static AvahiSimplePoll *simple_poll = NULL;

535

static AvahiServer *server = NULL;

536

537

static void resolve_callback(

538

AvahiSServiceResolver *r,

539

AvahiIfIndex interface,

540

AVAHI_GCC_UNUSED AvahiProtocol protocol,

541

AvahiResolverEvent event,

542

const char *name,

543

const char *type,

544

const char *domain,

545

const char *host_name,

546

const AvahiAddress *address,

547

uint16_t port,

548

AVAHI_GCC_UNUSED AvahiStringList *txt,

549

AVAHI_GCC_UNUSED AvahiLookupResultFlags flags,

550

AVAHI_GCC_UNUSED void* userdata) {

551

552

assert(r); /* Spurious warning */

666

553

667

554

/* Called whenever a service has been resolved successfully or

668

555

timed out */

670

557

switch (event) {

671

558

default:

672

559

case AVAHI_RESOLVER_FAILURE:

673

fprintf(stderr, "(Avahi Resolver) Failed to resolve service '%s'"

674

" of type '%s' in domain '%s': %s\n", name, type, domain,

675

avahi_strerror(avahi_server_errno(mc->server)));

560

fprintf(stderr, "(Resolver) Failed to resolve service '%s' of"

561

" type '%s' in domain '%s': %s\n", name, type, domain,

562

avahi_strerror(avahi_server_errno(server)));

676

563

break;

677

564

678

565

case AVAHI_RESOLVER_FOUND:

680

567

char ip[AVAHI_ADDRESS_STR_MAX];

681

568

avahi_address_snprint(ip, sizeof(ip), address);

682

569

if(debug){

683

fprintf(stderr, "Mandos server \"%s\" found on %s (%s, %"

684

PRIu16 ") on port %d\n", name, host_name, ip,

685

interface, port);

570

fprintf(stderr, "Mandos server \"%s\" found on %s (%s) on"

571

" port %d\n", name, host_name, ip, port);

686

572

}

687

int ret = start_mandos_communication(ip, port, interface, mc);

573

int ret = start_mandos_communication(ip, port, interface);

688

574

if (ret == 0){

689

avahi_simple_poll_quit(mc->simple_poll);

575

exit(EXIT_SUCCESS);

690

576

}

691

577

}

692

578

}

693

579

avahi_s_service_resolver_free(r);

694

580

}

695

581

696

static void browse_callback( AvahiSServiceBrowser *b,

697

AvahiIfIndex interface,

698

AvahiProtocol protocol,

699

AvahiBrowserEvent event,

700

const char *name,

701

const char *type,

702

const char *domain,

703

AVAHI_GCC_UNUSED AvahiLookupResultFlags

704

flags,

705

void* userdata) {

706

mandos_context *mc = userdata;

707

assert(b);

708

709

/* Called whenever a new services becomes available on the LAN or

710

is removed from the LAN */

711

712

switch (event) {

713

default:

714

case AVAHI_BROWSER_FAILURE:

715

716

fprintf(stderr, "(Avahi browser) %s\n",

717

avahi_strerror(avahi_server_errno(mc->server)));

718

avahi_simple_poll_quit(mc->simple_poll);

719

return;

720

721

case AVAHI_BROWSER_NEW:

722

/* We ignore the returned Avahi resolver object. In the callback

723

function we free it. If the Avahi server is terminated before

724

the callback function is called the Avahi server will free the

725

resolver for us. */

726

727

if (!(avahi_s_service_resolver_new(mc->server, interface,

728

protocol, name, type, domain,

729

AVAHI_PROTO_INET6, 0,

730

resolve_callback, mc)))

731

fprintf(stderr, "Avahi: Failed to resolve service '%s': %s\n",

732

name, avahi_strerror(avahi_server_errno(mc->server)));

733

break;

734

735

case AVAHI_BROWSER_REMOVE:

736

break;

737

738

case AVAHI_BROWSER_ALL_FOR_NOW:

739

case AVAHI_BROWSER_CACHE_EXHAUSTED:

740

if(debug){

741

fprintf(stderr, "No Mandos server found, still searching...\n");

582

static void browse_callback(

583

AvahiSServiceBrowser *b,

584

AvahiIfIndex interface,

585

AvahiProtocol protocol,

586

AvahiBrowserEvent event,

587

const char *name,

588

const char *type,

589

const char *domain,

590

AVAHI_GCC_UNUSED AvahiLookupResultFlags flags,

591

void* userdata) {

592

593

AvahiServer *s = userdata;

594

assert(b); /* Spurious warning */

595

596

/* Called whenever a new services becomes available on the LAN or

597

is removed from the LAN */

598

599

switch (event) {

600

default:

601

case AVAHI_BROWSER_FAILURE:

602

603

fprintf(stderr, "(Browser) %s\n",

604

avahi_strerror(avahi_server_errno(server)));

605

avahi_simple_poll_quit(simple_poll);

606

return;

607

608

case AVAHI_BROWSER_NEW:

609

/* We ignore the returned resolver object. In the callback

610

function we free it. If the server is terminated before

611

the callback function is called the server will free

612

the resolver for us. */

613

614

if (!(avahi_s_service_resolver_new(s, interface, protocol, name,

615

type, domain,

616

AVAHI_PROTO_INET6, 0,

617

resolve_callback, s)))

618

fprintf(stderr, "Failed to resolve service '%s': %s\n", name,

619

avahi_strerror(avahi_server_errno(s)));

620

break;

621

622

case AVAHI_BROWSER_REMOVE:

623

break;

624

625

case AVAHI_BROWSER_ALL_FOR_NOW:

626

case AVAHI_BROWSER_CACHE_EXHAUSTED:

627

break;

742

628

}

743

break;

744

}

745

629

}

746

630

747

631

/* Combines file name and path and returns the malloced new

748

632

string. some sane checks could/should be added */

749

static char *combinepath(const char *first, const char *second){

750

char *tmp;

751

int ret = asprintf(&tmp, "%s/%s", first, second);

752

if(ret < 0){

633

static const char *combinepath(const char *first, const char *second){

634

size_t f_len = strlen(first);

635

size_t s_len = strlen(second);

636

char *tmp = malloc(f_len + s_len + 2);

637

if (tmp == NULL){

753

638

return NULL;

754

639

}

640

if(f_len > 0){

641

memcpy(tmp, first, f_len);

642

}

643

tmp[f_len] = '/';

644

if(s_len > 0){

645

memcpy(tmp + f_len + 1, second, s_len);

646

}

647

tmp[f_len + 1 + s_len] = '\0';

755

648

return tmp;

756

649

}

757

650

758

651

759

int main(int argc, char *argv[]){

652

int main(AVAHI_GCC_UNUSED int argc, AVAHI_GCC_UNUSED char*argv[]) {

653

AvahiServerConfig config;

760

654

AvahiSServiceBrowser *sb = NULL;

761

655

int error;

762

656

int ret;

763

int exitcode = EXIT_SUCCESS;

764

const char *interface = "eth0";

765

struct ifreq network;

766

int sd;

767

uid_t uid;

768

gid_t gid;

657

int returncode = EXIT_SUCCESS;

658

const char *interface = NULL;

659

AvahiIfIndex if_index = AVAHI_IF_UNSPEC;

769

660

char *connect_to = NULL;

770

AvahiIfIndex if_index = AVAHI_IF_UNSPEC;

771

char *pubkeyfilename = NULL;

772

char *seckeyfilename = NULL;

773

const char *pubkeyname = "pubkey.txt";

774

const char *seckeyname = "seckey.txt";

775

mandos_context mc = { .simple_poll = NULL, .server = NULL,

776

.dh_bits = 1024, .priority = "SECURE256"

777

":!CTYPE-X.509:+CTYPE-OPENPGP" };

778

bool gnutls_initalized = false;

779

780

{

781

struct argp_option options[] = {

782

{ .name = "debug", .key = 128,

783

.doc = "Debug mode", .group = 3 },

784

{ .name = "connect", .key = 'c',

785

.arg = "ADDRESS:PORT",

786

.doc = "Connect directly to a specific Mandos server",

787

.group = 1 },

788

{ .name = "interface", .key = 'i',

789

.arg = "NAME",

790

.doc = "Interface that will be used to search for Mandos"

791

" servers",

792

.group = 1 },

793

{ .name = "keydir", .key = 'd',

794

.arg = "DIRECTORY",

795

.doc = "Directory to read the OpenPGP key files from",

796

.group = 1 },

797

{ .name = "seckey", .key = 's',

798

.arg = "FILE",

799

.doc = "OpenPGP secret key file base name",

800

.group = 1 },

801

{ .name = "pubkey", .key = 'p',

802

.arg = "FILE",

803

.doc = "OpenPGP public key file base name",

804

.group = 2 },

805

{ .name = "dh-bits", .key = 129,

806

.arg = "BITS",

807

.doc = "Bit length of the prime number used in the"

808

" Diffie-Hellman key exchange",

809

.group = 2 },

810

{ .name = "priority", .key = 130,

811

.arg = "STRING",

812

.doc = "GnuTLS priority string for the TLS handshake",

813

.group = 1 },

814

{ .name = NULL }

815

};

816

817

error_t parse_opt (int key, char *arg,

818

struct argp_state *state) {

819

/* Get the INPUT argument from `argp_parse', which we know is

820

a pointer to our plugin list pointer. */

821

switch (key) {

822

case 128: /* --debug */

823

debug = true;

824

break;

825

case 'c': /* --connect */

826

connect_to = arg;

827

break;

828

case 'i': /* --interface */

829

interface = arg;

830

break;

831

case 'd': /* --keydir */

832

keydir = arg;

833

break;

834

case 's': /* --seckey */

835

seckeyname = arg;

836

break;

837

case 'p': /* --pubkey */

838

pubkeyname = arg;

839

break;

840

case 129: /* --dh-bits */

841

errno = 0;

842

mc.dh_bits = (unsigned int) strtol(arg, NULL, 10);

843

if (errno){

844

perror("strtol");

845

exit(EXIT_FAILURE);

846

}

847

break;

848

case 130: /* --priority */

849

mc.priority = arg;

850

break;

851

case ARGP_KEY_ARG:

852

argp_usage (state);

853

case ARGP_KEY_END:

854

break;

855

default:

856

return ARGP_ERR_UNKNOWN;

857

}

858

return 0;

859

}

860

861

struct argp argp = { .options = options, .parser = parse_opt,

862

.args_doc = "",

863

.doc = "Mandos client -- Get and decrypt"

864

" passwords from a Mandos server" };

865

ret = argp_parse (&argp, argc, argv, 0, 0, NULL);

866

if (ret == ARGP_ERR_UNKNOWN){

867

fprintf(stderr, "Unknown error while parsing arguments\n");

868

exitcode = EXIT_FAILURE;

869

goto end;

870

}

871

}

872

873

pubkeyfilename = combinepath(keydir, pubkeyname);

874

if (pubkeyfilename == NULL){

875

perror("combinepath");

876

exitcode = EXIT_FAILURE;

877

goto end;

878

}

879

880

seckeyfilename = combinepath(keydir, seckeyname);

881

if (seckeyfilename == NULL){

882

perror("combinepath");

883

exitcode = EXIT_FAILURE;

884

goto end;

885

}

886

887

ret = init_gnutls_global(&mc, pubkeyfilename, seckeyfilename);

888

if (ret == -1){

889

fprintf(stderr, "init_gnutls_global failed\n");

890

exitcode = EXIT_FAILURE;

891

goto end;

892

} else {

893

gnutls_initalized = true;

894

}

895

896

/* If the interface is down, bring it up */

897

{

898

sd = socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP);

899

if(sd < 0) {

900

perror("socket");

901

exitcode = EXIT_FAILURE;

902

goto end;

903

}

904

strcpy(network.ifr_name, interface);

905

ret = ioctl(sd, SIOCGIFFLAGS, &network);

906

if(ret == -1){

907

perror("ioctl SIOCGIFFLAGS");

908

exitcode = EXIT_FAILURE;

909

goto end;

910

}

911

if((network.ifr_flags & IFF_UP) == 0){

912

network.ifr_flags |= IFF_UP;

913

ret = ioctl(sd, SIOCSIFFLAGS, &network);

914

if(ret == -1){

915

perror("ioctl SIOCSIFFLAGS");

916

exitcode = EXIT_FAILURE;

917

goto end;

918

}

919

}

920

close(sd);

921

}

922

923

uid = getuid();

924

gid = getgid();

925

926

ret = setuid(uid);

927

if (ret == -1){

928

perror("setuid");

929

}

930

931

setgid(gid);

932

if (ret == -1){

933

perror("setgid");

934

}

935

936

if_index = (AvahiIfIndex) if_nametoindex(interface);

937

if(if_index == 0){

938

fprintf(stderr, "No such interface: \"%s\"\n", interface);

939

exit(EXIT_FAILURE);

661

662

while (true){

663

static struct option long_options[] = {

664

{"debug", no_argument, (int *)&debug, 1},

665

{"connect", required_argument, 0, 'C'},

666

{"interface", required_argument, 0, 'i'},

667

{"certdir", required_argument, 0, 'd'},

668

{"certkey", required_argument, 0, 'c'},

669

{"certfile", required_argument, 0, 'k'},

670

{0, 0, 0, 0} };

671

672

int option_index = 0;

673

ret = getopt_long (argc, argv, "i:", long_options,

674

&option_index);

675

676

if (ret == -1){

677

break;

678

}

679

680

switch(ret){

681

case 0:

682

break;

683

case 'i':

684

interface = optarg;

685

break;

686

case 'C':

687

connect_to = optarg;

688

break;

689

case 'd':

690

certdir = optarg;

691

break;

692

case 'c':

693

certfile = optarg;

694

break;

695

case 'k':

696

certkey = optarg;

697

break;

698

default:

699

exit(EXIT_FAILURE);

700

}

701

}

702

703

certfile = combinepath(certdir, certfile);

704

if (certfile == NULL){

705

perror("combinepath");

706

goto exit;

707

}

708

709

if(interface != NULL){

710

if_index = (AvahiIfIndex) if_nametoindex(interface);

711

if(if_index == 0){

712

fprintf(stderr, "No such interface: \"%s\"\n", interface);

713

exit(EXIT_FAILURE);

714

}

940

715

}

941

716

942

717

if(connect_to != NULL){

945

720

char *address = strrchr(connect_to, ':');

946

721

if(address == NULL){

947

722

fprintf(stderr, "No colon in address\n");

948

exitcode = EXIT_FAILURE;

949

goto end;

723

exit(EXIT_FAILURE);

950

724

}

951

725

errno = 0;

952

726

uint16_t port = (uint16_t) strtol(address+1, NULL, 10);

953

727

if(errno){

954

728

perror("Bad port number");

955

exitcode = EXIT_FAILURE;

956

goto end;

729

exit(EXIT_FAILURE);

957

730

}

958

731

*address = '\0';

959

732

address = connect_to;

960

ret = start_mandos_communication(address, port, if_index, &mc);

733

ret = start_mandos_communication(address, port, if_index);

961

734

if(ret < 0){

962

exitcode = EXIT_FAILURE;

735

exit(EXIT_FAILURE);

963

736

} else {

964

exitcode = EXIT_SUCCESS;

737

exit(EXIT_SUCCESS);

965

738

}

966

goto end;

739

}

740

741

certkey = combinepath(certdir, certkey);

742

if (certkey == NULL){

743

perror("combinepath");

744

goto exit;

967

745

}

968

746

969

747

if (not debug){

970

748

avahi_set_log_function(empty_log);

971

749

}

972

750

973

/* Initialize the pseudo-RNG for Avahi */

751

/* Initialize the psuedo-RNG */

974

752

srand((unsigned int) time(NULL));

975

976

/* Allocate main Avahi loop object */

977

mc.simple_poll = avahi_simple_poll_new();

978

if (mc.simple_poll == NULL) {

979

fprintf(stderr, "Avahi: Failed to create simple poll"

980

" object.\n");

981

exitcode = EXIT_FAILURE;

982

goto end;

983

}

984

985

{

986

AvahiServerConfig config;

987

/* Do not publish any local Zeroconf records */

988

avahi_server_config_init(&config);

989

config.publish_hinfo = 0;

990

config.publish_addresses = 0;

991

config.publish_workstation = 0;

992

config.publish_domain = 0;

993

994

/* Allocate a new server */

995

mc.server = avahi_server_new(avahi_simple_poll_get

996

(mc.simple_poll), &config, NULL,

997

NULL, &error);

998

999

/* Free the Avahi configuration data */

1000

avahi_server_config_free(&config);

1001

}

1002

1003

/* Check if creating the Avahi server object succeeded */

1004

if (mc.server == NULL) {

1005

fprintf(stderr, "Failed to create Avahi server: %s\n",

753

754

/* Allocate main loop object */

755

if (!(simple_poll = avahi_simple_poll_new())) {

756

fprintf(stderr, "Failed to create simple poll object.\n");

757

758

goto exit;

759

}

760

761

/* Do not publish any local records */

762

avahi_server_config_init(&config);

763

config.publish_hinfo = 0;

764

config.publish_addresses = 0;

765

config.publish_workstation = 0;

766

config.publish_domain = 0;

767

768

/* Allocate a new server */

769

server = avahi_server_new(avahi_simple_poll_get(simple_poll),

770

&config, NULL, NULL, &error);

771

772

/* Free the configuration data */

773

avahi_server_config_free(&config);

774

775

/* Check if creating the server object succeeded */

776

if (!server) {

777

fprintf(stderr, "Failed to create server: %s\n",

1006

778

avahi_strerror(error));

1007

exitcode = EXIT_FAILURE;

1008

goto end;

779

returncode = EXIT_FAILURE;

780

goto exit;

1009

781

}

1010

782

1011

/* Create the Avahi service browser */

1012

sb = avahi_s_service_browser_new(mc.server, if_index,

783

/* Create the service browser */

784

sb = avahi_s_service_browser_new(server, if_index,

1013

785

AVAHI_PROTO_INET6,

1014

786

"_mandos._tcp", NULL, 0,

1015

browse_callback, &mc);

1016

if (sb == NULL) {

787

browse_callback, server);

788

if (!sb) {

1017

789

fprintf(stderr, "Failed to create service browser: %s\n",

1018

avahi_strerror(avahi_server_errno(mc.server)));

1019

exitcode = EXIT_FAILURE;

1020

goto end;

790

avahi_strerror(avahi_server_errno(server)));

791

returncode = EXIT_FAILURE;

792

goto exit;

1021

793

}

1022

794

1023

795

/* Run the main loop */

1024

796

1025

797

if (debug){

1026

fprintf(stderr, "Starting Avahi loop search\n");

798

fprintf(stderr, "Starting avahi loop search\n");

1027

799

}

1028

800

1029

avahi_simple_poll_loop(mc.simple_poll);

1030

1031

end:

1032

801

avahi_simple_poll_loop(simple_poll);

802

803

exit:

804

1033

805

if (debug){

1034

806

fprintf(stderr, "%s exiting\n", argv[0]);

1035

807

}

1036

808

1037

809

/* Cleanup things */

1038

if (sb != NULL)

810

if (sb)

1039

811

avahi_s_service_browser_free(sb);

1040

812

1041

if (mc.server != NULL)

1042

avahi_server_free(mc.server);

1043

1044

if (mc.simple_poll != NULL)

1045

avahi_simple_poll_free(mc.simple_poll);

1046

free(pubkeyfilename);

1047

free(seckeyfilename);

1048

1049

if (gnutls_initalized){

1050

gnutls_certificate_free_credentials(mc.cred);

1051

gnutls_global_deinit ();

1052

}

1053

1054

return exitcode;

813

if (server)

814

avahi_server_free(server);

815

816

if (simple_poll)

817

avahi_simple_poll_free(simple_poll);

818

free(certfile);

819

free(certkey);

820

821

return returncode;

1055

822

}

Older »