/mandos/trunk : revision 36

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to plugins.d/mandosclient.c

Committer: Teddy Hogeborn
Date: 2008-08-02 14:33:47 UTC
Revision ID: teddy@fukt.bsnet.se-20080802143347-u1m4zs1q0feu72ei

* TODO: Converted to org-mode style

* plugins.d/mandosclient.c (certdir): Changed to "/conf/conf.d/mandos/".
  (certdir, certfile, certkey, pgp_packet_decrypt, debuggnutls,
  initgnutls, empty_log, combinepath): Made static.
  (combinepath): Rewritten to only get the argument string lengths
                 once.  Do not print error message; leave that to
                 caller.  All callers changed.

files added:
plugbasedclient.c

plugins.d

plugins.d/mandosclient.c

plugins.d/passprompt.c

server.conf

files removed:
bad-ca.pem

bad-cert.pem

bad-client-cert.pem

bad-client-key.pem

bad-crl.pem

bad-key.pem

client.cpp

clients.conf

server.cpp

files renamed:
mandos-clients.conf => clients.conf

files modified:
Makefile

TODO

server.py

Show diffs side-by-side

added added

removed removed

plugins.d/mandosclient.c

/* -*- coding: utf-8 -*- */

* Mandos client - get and decrypt data from a Mandos server

* This program is partly derived from an example program for an Avahi

* service browser, downloaded from

* <http://avahi.org/browser/examples/core-browse-services.c>. This

* includes the following functions: "resolve_callback",

* "browse_callback", and parts of "main".

* Everything else is

* This program is free software: you can redistribute it and/or

* modify it under the terms of the GNU General Public License as

* published by the Free Software Foundation, either version 3 of the

* License, or (at your option) any later version.

* This program is distributed in the hope that it will be useful, but

* WITHOUT ANY WARRANTY; without even the implied warranty of

* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU

* General Public License for more details.

* You should have received a copy of the GNU General Public License

* along with this program. If not, see

* <http://www.gnu.org/licenses/>.

* Contact the authors at <mandos@fukt.bsnet.se>.

/* Needed by GPGME, specifically gpgme_data_seek() */

#define _LARGEFILE_SOURCE

#define _FILE_OFFSET_BITS 64

#include <stdio.h>

#include <assert.h>

#include <stdlib.h>

#include <time.h>

#include <net/if.h> /* if_nametoindex */

#include <avahi-core/core.h>

#include <avahi-core/lookup.h>

#include <avahi-core/log.h>

#include <avahi-common/simple-watch.h>

#include <avahi-common/malloc.h>

#include <avahi-common/error.h>

//mandos client part

#include <sys/types.h> /* socket(), inet_pton() */

#include <sys/socket.h> /* socket(), struct sockaddr_in6,

struct in6_addr, inet_pton() */

#include <gnutls/gnutls.h> /* All GnuTLS stuff */

#include <gnutls/openpgp.h> /* GnuTLS with openpgp stuff */

#include <unistd.h> /* close() */

#include <netinet/in.h>

#include <stdbool.h> /* true */

#include <string.h> /* memset */

#include <arpa/inet.h> /* inet_pton() */

#include <iso646.h> /* not */

// gpgme

#include <errno.h> /* perror() */

#include <gpgme.h>

// getopt long

#include <getopt.h>

#define BUFFER_SIZE 256

#define DH_BITS 1024

static const char *certdir = "/conf/conf.d/mandos";

static const char *certfile = "openpgp-client.txt";

static const char *certkey = "openpgp-client-key.txt";

bool debug = false;

typedef struct {

gnutls_session_t session;

gnutls_certificate_credentials_t cred;

gnutls_dh_params_t dh_params;

} encrypted_session;

static ssize_t pgp_packet_decrypt (char *packet, size_t packet_size,

char **new_packet,

const char *homedir){

gpgme_data_t dh_crypto, dh_plain;

gpgme_ctx_t ctx;

gpgme_error_t rc;

ssize_t ret;

ssize_t new_packet_capacity = 0;

ssize_t new_packet_length = 0;

gpgme_engine_info_t engine_info;

if (debug){

fprintf(stderr, "Trying to decrypt OpenPGP packet\n");

}

100

/* Init GPGME */

101

gpgme_check_version(NULL);

102

rc = gpgme_engine_check_version(GPGME_PROTOCOL_OpenPGP);

103

if (rc != GPG_ERR_NO_ERROR){

104

fprintf(stderr, "bad gpgme_engine_check_version: %s: %s\n",

105

gpgme_strsource(rc), gpgme_strerror(rc));

106

return -1;

107

}

108

109

/* Set GPGME home directory */

110

rc = gpgme_get_engine_info (&engine_info);

111

if (rc != GPG_ERR_NO_ERROR){

112

fprintf(stderr, "bad gpgme_get_engine_info: %s: %s\n",

113

gpgme_strsource(rc), gpgme_strerror(rc));

114

return -1;

115

}

116

while(engine_info != NULL){

117

if(engine_info->protocol == GPGME_PROTOCOL_OpenPGP){

118

gpgme_set_engine_info(GPGME_PROTOCOL_OpenPGP,

119

engine_info->file_name, homedir);

120

break;

121

}

122

engine_info = engine_info->next;

123

}

124

if(engine_info == NULL){

125

fprintf(stderr, "Could not set home dir to %s\n", homedir);

126

return -1;

127

}

128

129

/* Create new GPGME data buffer from packet buffer */

130

rc = gpgme_data_new_from_mem(&dh_crypto, packet, packet_size, 0);

131

if (rc != GPG_ERR_NO_ERROR){

132

fprintf(stderr, "bad gpgme_data_new_from_mem: %s: %s\n",

133

gpgme_strsource(rc), gpgme_strerror(rc));

134

return -1;

135

}

136

137

/* Create new empty GPGME data buffer for the plaintext */

138

rc = gpgme_data_new(&dh_plain);

139

if (rc != GPG_ERR_NO_ERROR){

140

fprintf(stderr, "bad gpgme_data_new: %s: %s\n",

141

gpgme_strsource(rc), gpgme_strerror(rc));

142

return -1;

143

}

144

145

/* Create new GPGME "context" */

146

rc = gpgme_new(&ctx);

147

if (rc != GPG_ERR_NO_ERROR){

148

fprintf(stderr, "bad gpgme_new: %s: %s\n",

149

gpgme_strsource(rc), gpgme_strerror(rc));

150

return -1;

151

}

152

153

/* Decrypt data from the FILE pointer to the plaintext data

154

buffer */

155

rc = gpgme_op_decrypt(ctx, dh_crypto, dh_plain);

156

if (rc != GPG_ERR_NO_ERROR){

157

fprintf(stderr, "bad gpgme_op_decrypt: %s: %s\n",

158

gpgme_strsource(rc), gpgme_strerror(rc));

159

return -1;

160

}

161

162

if(debug){

163

fprintf(stderr, "Decryption of OpenPGP packet succeeded\n");

164

}

165

166

if (debug){

167

gpgme_decrypt_result_t result;

168

result = gpgme_op_decrypt_result(ctx);

169

if (result == NULL){

170

fprintf(stderr, "gpgme_op_decrypt_result failed\n");

171

} else {

172

fprintf(stderr, "Unsupported algorithm: %s\n",

173

result->unsupported_algorithm);

174

fprintf(stderr, "Wrong key usage: %d\n",

175

result->wrong_key_usage);

176

if(result->file_name != NULL){

177

fprintf(stderr, "File name: %s\n", result->file_name);

178

}

179

gpgme_recipient_t recipient;

180

recipient = result->recipients;

181

if(recipient){

182

while(recipient != NULL){

183

fprintf(stderr, "Public key algorithm: %s\n",

184

gpgme_pubkey_algo_name(recipient->pubkey_algo));

185

fprintf(stderr, "Key ID: %s\n", recipient->keyid);

186

fprintf(stderr, "Secret key available: %s\n",

187

recipient->status == GPG_ERR_NO_SECKEY

188

? "No" : "Yes");

189

recipient = recipient->next;

190

}

191

}

192

}

193

}

194

195

/* Delete the GPGME FILE pointer cryptotext data buffer */

196

gpgme_data_release(dh_crypto);

197

198

/* Seek back to the beginning of the GPGME plaintext data buffer */

199

if (gpgme_data_seek(dh_plain, (off_t) 0, SEEK_SET) == -1){

200

perror("pgpme_data_seek");

201

}

202

203

*new_packet = 0;

204

while(true){

205

if (new_packet_length + BUFFER_SIZE > new_packet_capacity){

206

*new_packet = realloc(*new_packet,

207

(unsigned int)new_packet_capacity

208

+ BUFFER_SIZE);

209

if (*new_packet == NULL){

210

perror("realloc");

211

return -1;

212

}

213

new_packet_capacity += BUFFER_SIZE;

214

}

215

216

ret = gpgme_data_read(dh_plain, *new_packet + new_packet_length,

217

BUFFER_SIZE);

218

/* Print the data, if any */

219

if (ret == 0){

220

break;

221

}

222

if(ret < 0){

223

perror("gpgme_data_read");

224

return -1;

225

}

226

new_packet_length += ret;

227

}

228

229

/* FIXME: check characters before printing to screen so to not print

230

terminal control characters */

231

/* if(debug){ */

232

/* fprintf(stderr, "decrypted password is: "); */

233

/* fwrite(*new_packet, 1, new_packet_length, stderr); */

234

/* fprintf(stderr, "\n"); */

235

/* } */

236

237

/* Delete the GPGME plaintext data buffer */

238

gpgme_data_release(dh_plain);

239

return new_packet_length;

240

}

241

242

static const char * safer_gnutls_strerror (int value) {

243

const char *ret = gnutls_strerror (value);

244

if (ret == NULL)

245

ret = "(unknown)";

246

return ret;

247

}

248

249

static void debuggnutls(__attribute__((unused)) int level,

250

const char* string){

251

fprintf(stderr, "%s", string);

252

}

253

254

static int initgnutls(encrypted_session *es){

255

const char *err;

256

int ret;

257

258

if(debug){

259

fprintf(stderr, "Initializing GnuTLS\n");

260

}

261

262

if ((ret = gnutls_global_init ())

263

!= GNUTLS_E_SUCCESS) {

264

fprintf (stderr, "global_init: %s\n", safer_gnutls_strerror(ret));

265

return -1;

266

}

267

268

if (debug){

269

gnutls_global_set_log_level(11);

270

gnutls_global_set_log_function(debuggnutls);

271

}

272

273

/* openpgp credentials */

274

if ((ret = gnutls_certificate_allocate_credentials (&es->cred))

275

!= GNUTLS_E_SUCCESS) {

276

fprintf (stderr, "memory error: %s\n",

277

safer_gnutls_strerror(ret));

278

return -1;

279

}

280

281

if(debug){

282

fprintf(stderr, "Attempting to use OpenPGP certificate %s"

283

" and keyfile %s as GnuTLS credentials\n", certfile,

284

certkey);

285

}

286

287

ret = gnutls_certificate_set_openpgp_key_file

288

(es->cred, certfile, certkey, GNUTLS_OPENPGP_FMT_BASE64);

289

if (ret != GNUTLS_E_SUCCESS) {

290

fprintf

291

(stderr, "Error[%d] while reading the OpenPGP key pair ('%s',"

292

" '%s')\n",

293

ret, certfile, certkey);

294

fprintf(stdout, "The Error is: %s\n",

295

safer_gnutls_strerror(ret));

296

return -1;

297

}

298

299

//GnuTLS server initialization

300

if ((ret = gnutls_dh_params_init (&es->dh_params))

301

!= GNUTLS_E_SUCCESS) {

302

fprintf (stderr, "Error in dh parameter initialization: %s\n",

303

safer_gnutls_strerror(ret));

304

return -1;

305

}

306

307

if ((ret = gnutls_dh_params_generate2 (es->dh_params, DH_BITS))

308

!= GNUTLS_E_SUCCESS) {

309

fprintf (stderr, "Error in prime generation: %s\n",

310

safer_gnutls_strerror(ret));

311

return -1;

312

}

313

314

gnutls_certificate_set_dh_params (es->cred, es->dh_params);

315

316

// GnuTLS session creation

317

if ((ret = gnutls_init (&es->session, GNUTLS_SERVER))

318

!= GNUTLS_E_SUCCESS){

319

fprintf(stderr, "Error in GnuTLS session initialization: %s\n",

320

safer_gnutls_strerror(ret));

321

}

322

323

if ((ret = gnutls_priority_set_direct (es->session, "NORMAL", &err))

324

!= GNUTLS_E_SUCCESS) {

325

fprintf(stderr, "Syntax error at: %s\n", err);

326

fprintf(stderr, "GnuTLS error: %s\n",

327

safer_gnutls_strerror(ret));

328

return -1;

329

}

330

331

if ((ret = gnutls_credentials_set

332

(es->session, GNUTLS_CRD_CERTIFICATE, es->cred))

333

!= GNUTLS_E_SUCCESS) {

334

fprintf(stderr, "Error setting a credentials set: %s\n",

335

safer_gnutls_strerror(ret));

336

return -1;

337

}

338

339

/* ignore client certificate if any. */

340

gnutls_certificate_server_set_request (es->session,

341

GNUTLS_CERT_IGNORE);

342

343

gnutls_dh_set_prime_bits (es->session, DH_BITS);

344

345

return 0;

346

}

347

348

static void empty_log(__attribute__((unused)) AvahiLogLevel level,

349

__attribute__((unused)) const char *txt){}

350

351

static int start_mandos_communication(const char *ip, uint16_t port,

352

AvahiIfIndex if_index){

353

int ret, tcp_sd;

354

struct sockaddr_in6 to;

355

encrypted_session es;

356

char *buffer = NULL;

357

char *decrypted_buffer;

358

size_t buffer_length = 0;

359

size_t buffer_capacity = 0;

360

ssize_t decrypted_buffer_size;

361

size_t written = 0;

362

int retval = 0;

363

char interface[IF_NAMESIZE];

364

365

if(debug){

366

fprintf(stderr, "Setting up a tcp connection to %s, port %d\n",

367

ip, port);

368

}

369

370

tcp_sd = socket(PF_INET6, SOCK_STREAM, 0);

371

if(tcp_sd < 0) {

372

perror("socket");

373

return -1;

374

}

375

376

if(if_indextoname((unsigned int)if_index, interface) == NULL){

377

if(debug){

378

perror("if_indextoname");

379

}

380

return -1;

381

}

382

383

if(debug){

384

fprintf(stderr, "Binding to interface %s\n", interface);

385

}

386

387

memset(&to,0,sizeof(to)); /* Spurious warning */

388

to.sin6_family = AF_INET6;

389

ret = inet_pton(AF_INET6, ip, &to.sin6_addr);

390

if (ret < 0 ){

391

perror("inet_pton");

392

return -1;

393

}

394

if(ret == 0){

395

fprintf(stderr, "Bad address: %s\n", ip);

396

return -1;

397

}

398

to.sin6_port = htons(port); /* Spurious warning */

399

400

to.sin6_scope_id = (uint32_t)if_index;

401

402

if(debug){

403

fprintf(stderr, "Connection to: %s, port %d\n", ip, port);

404

/* char addrstr[INET6_ADDRSTRLEN]; */

405

/* if(inet_ntop(to.sin6_family, &(to.sin6_addr), addrstr, */

406

/* sizeof(addrstr)) == NULL){ */

407

/* perror("inet_ntop"); */

408

/* } else { */

409

/* fprintf(stderr, "Really connecting to: %s, port %d\n", */

410

/* addrstr, ntohs(to.sin6_port)); */

411

/* } */

412

}

413

414

ret = connect(tcp_sd, (struct sockaddr *) &to, sizeof(to));

415

if (ret < 0){

416

perror("connect");

417

return -1;

418

}

419

420

ret = initgnutls (&es);

421

if (ret != 0){

422

retval = -1;

423

return -1;

424

}

425

426

gnutls_transport_set_ptr (es.session,

427

(gnutls_transport_ptr_t) tcp_sd);

428

429

if(debug){

430

fprintf(stderr, "Establishing TLS session with %s\n", ip);

431

}

432

433

ret = gnutls_handshake (es.session);

434

435

if (ret != GNUTLS_E_SUCCESS){

436

if(debug){

437

fprintf(stderr, "\n*** Handshake failed ***\n");

438

gnutls_perror (ret);

439

}

440

retval = -1;

441

goto exit;

442

}

443

444

//Retrieve OpenPGP packet that contains the wanted password

445

446

if(debug){

447

fprintf(stderr, "Retrieving pgp encrypted password from %s\n",

448

ip);

449

}

450

451

while(true){

452

if (buffer_length + BUFFER_SIZE > buffer_capacity){

453

buffer = realloc(buffer, buffer_capacity + BUFFER_SIZE);

454

if (buffer == NULL){

455

perror("realloc");

456

goto exit;

457

}

458

buffer_capacity += BUFFER_SIZE;

459

}

460

461

ret = gnutls_record_recv

462

(es.session, buffer+buffer_length, BUFFER_SIZE);

463

if (ret == 0){

464

break;

465

}

466

if (ret < 0){

467

switch(ret){

468

case GNUTLS_E_INTERRUPTED:

469

case GNUTLS_E_AGAIN:

470

break;

471

case GNUTLS_E_REHANDSHAKE:

472

ret = gnutls_handshake (es.session);

473

if (ret < 0){

474

fprintf(stderr, "\n*** Handshake failed ***\n");

475

gnutls_perror (ret);

476

retval = -1;

477

goto exit;

478

}

479

break;

480

default:

481

fprintf(stderr, "Unknown error while reading data from"

482

" encrypted session with mandos server\n");

483

retval = -1;

484

gnutls_bye (es.session, GNUTLS_SHUT_RDWR);

485

goto exit;

486

}

487

} else {

488

buffer_length += (size_t) ret;

489

}

490

}

491

492

if (buffer_length > 0){

493

decrypted_buffer_size = pgp_packet_decrypt(buffer,

494

buffer_length,

495

&decrypted_buffer,

496

certdir);

497

if (decrypted_buffer_size >= 0){

498

while(written < (size_t) decrypted_buffer_size){

499

ret = (int)fwrite (decrypted_buffer + written, 1,

500

(size_t)decrypted_buffer_size - written,

501

stdout);

502

if(ret == 0 and ferror(stdout)){

503

if(debug){

504

fprintf(stderr, "Error writing encrypted data: %s\n",

505

strerror(errno));

506

}

507

retval = -1;

508

break;

509

}

510

written += (size_t)ret;

511

}

512

free(decrypted_buffer);

513

} else {

514

retval = -1;

515

}

516

}

517

518

//shutdown procedure

519

520

if(debug){

521

fprintf(stderr, "Closing TLS session\n");

522

}

523

524

free(buffer);

525

gnutls_bye (es.session, GNUTLS_SHUT_RDWR);

526

exit:

527

close(tcp_sd);

528

gnutls_deinit (es.session);

529

gnutls_certificate_free_credentials (es.cred);

530

gnutls_global_deinit ();

531

return retval;

532

}

533

534

static AvahiSimplePoll *simple_poll = NULL;

535

static AvahiServer *server = NULL;

536

537

static void resolve_callback(

538

AvahiSServiceResolver *r,

539

AvahiIfIndex interface,

540

AVAHI_GCC_UNUSED AvahiProtocol protocol,

541

AvahiResolverEvent event,

542

const char *name,

543

const char *type,

544

const char *domain,

545

const char *host_name,

546

const AvahiAddress *address,

547

uint16_t port,

548

AVAHI_GCC_UNUSED AvahiStringList *txt,

549

AVAHI_GCC_UNUSED AvahiLookupResultFlags flags,

550

AVAHI_GCC_UNUSED void* userdata) {

551

552

assert(r); /* Spurious warning */

553

554

/* Called whenever a service has been resolved successfully or

555

timed out */

556

557

switch (event) {

558

default:

559

case AVAHI_RESOLVER_FAILURE:

560

fprintf(stderr, "(Resolver) Failed to resolve service '%s' of"

561

" type '%s' in domain '%s': %s\n", name, type, domain,

562

avahi_strerror(avahi_server_errno(server)));

563

break;

564

565

case AVAHI_RESOLVER_FOUND:

566

{

567

char ip[AVAHI_ADDRESS_STR_MAX];

568

avahi_address_snprint(ip, sizeof(ip), address);

569

if(debug){

570

fprintf(stderr, "Mandos server \"%s\" found on %s (%s) on"

571

" port %d\n", name, host_name, ip, port);

572

}

573

int ret = start_mandos_communication(ip, port, interface);

574

if (ret == 0){

575

exit(EXIT_SUCCESS);

576

}

577

}

578

}

579

avahi_s_service_resolver_free(r);

580

}

581

582

static void browse_callback(

583

AvahiSServiceBrowser *b,

584

AvahiIfIndex interface,

585

AvahiProtocol protocol,

586

AvahiBrowserEvent event,

587

const char *name,

588

const char *type,

589

const char *domain,

590

AVAHI_GCC_UNUSED AvahiLookupResultFlags flags,

591

void* userdata) {

592

593

AvahiServer *s = userdata;

594

assert(b); /* Spurious warning */

595

596

/* Called whenever a new services becomes available on the LAN or

597

is removed from the LAN */

598

599

switch (event) {

600

default:

601

case AVAHI_BROWSER_FAILURE:

602

603

fprintf(stderr, "(Browser) %s\n",

604

avahi_strerror(avahi_server_errno(server)));

605

avahi_simple_poll_quit(simple_poll);

606

return;

607

608

case AVAHI_BROWSER_NEW:

609

/* We ignore the returned resolver object. In the callback

610

function we free it. If the server is terminated before

611

the callback function is called the server will free

612

the resolver for us. */

613

614

if (!(avahi_s_service_resolver_new(s, interface, protocol, name,

615

type, domain,

616

AVAHI_PROTO_INET6, 0,

617

resolve_callback, s)))

618

fprintf(stderr, "Failed to resolve service '%s': %s\n", name,

619

avahi_strerror(avahi_server_errno(s)));

620

break;

621

622

case AVAHI_BROWSER_REMOVE:

623

break;

624

625

case AVAHI_BROWSER_ALL_FOR_NOW:

626

case AVAHI_BROWSER_CACHE_EXHAUSTED:

627

break;

628

}

629

}

630

631

/* Combines file name and path and returns the malloced new

632

string. some sane checks could/should be added */

633

static const char *combinepath(const char *first, const char *second){

634

size_t f_len = strlen(first);

635

size_t s_len = strlen(second);

636

char *tmp = malloc(f_len + s_len + 2);

637

if (tmp == NULL){

638

return NULL;

639

}

640

if(f_len > 0){

641

memcpy(tmp, first, f_len);

642

}

643

tmp[f_len] = '/';

644

if(s_len > 0){

645

memcpy(tmp + f_len + 1, second, s_len);

646

}

647

tmp[f_len + 1 + s_len] = '\0';

648

return tmp;

649

}

650

651

652

int main(AVAHI_GCC_UNUSED int argc, AVAHI_GCC_UNUSED char*argv[]) {

653

AvahiServerConfig config;

654

AvahiSServiceBrowser *sb = NULL;

655

int error;

656

int ret;

657

int returncode = EXIT_SUCCESS;

658

const char *interface = NULL;

659

AvahiIfIndex if_index = AVAHI_IF_UNSPEC;

660

char *connect_to = NULL;

661

662

while (true){

663

static struct option long_options[] = {

664

{"debug", no_argument, (int *)&debug, 1},

665

{"connect", required_argument, 0, 'C'},

666

{"interface", required_argument, 0, 'i'},

667

{"certdir", required_argument, 0, 'd'},

668

{"certkey", required_argument, 0, 'c'},

669

{"certfile", required_argument, 0, 'k'},

670

{0, 0, 0, 0} };

671

672

int option_index = 0;

673

ret = getopt_long (argc, argv, "i:", long_options,

674

&option_index);

675

676

if (ret == -1){

677

break;

678

}

679

680

switch(ret){

681

case 0:

682

break;

683

case 'i':

684

interface = optarg;

685

break;

686

case 'C':

687

connect_to = optarg;

688

break;

689

case 'd':

690

certdir = optarg;

691

break;

692

case 'c':

693

certfile = optarg;

694

break;

695

case 'k':

696

certkey = optarg;

697

break;

698

default:

699

exit(EXIT_FAILURE);

700

}

701

}

702

703

certfile = combinepath(certdir, certfile);

704

if (certfile == NULL){

705

perror("combinepath");

706

goto exit;

707

}

708

709

if(interface != NULL){

710

if_index = (AvahiIfIndex) if_nametoindex(interface);

711

if(if_index == 0){

712

fprintf(stderr, "No such interface: \"%s\"\n", interface);

713

exit(EXIT_FAILURE);

714

}

715

}

716

717

if(connect_to != NULL){

718

/* Connect directly, do not use Zeroconf */

719

/* (Mainly meant for debugging) */

720

char *address = strrchr(connect_to, ':');

721

if(address == NULL){

722

fprintf(stderr, "No colon in address\n");

723

exit(EXIT_FAILURE);

724

}

725

errno = 0;

726

uint16_t port = (uint16_t) strtol(address+1, NULL, 10);

727

if(errno){

728

perror("Bad port number");

729

exit(EXIT_FAILURE);

730

}

731

*address = '\0';

732

address = connect_to;

733

ret = start_mandos_communication(address, port, if_index);

734

if(ret < 0){

735

exit(EXIT_FAILURE);

736

} else {

737

exit(EXIT_SUCCESS);

738

}

739

}

740

741

certkey = combinepath(certdir, certkey);

742

if (certkey == NULL){

743

perror("combinepath");

744

goto exit;

745

}

746

747

if (not debug){

748

avahi_set_log_function(empty_log);

749

}

750

751

/* Initialize the psuedo-RNG */

752

srand((unsigned int) time(NULL));

753

754

/* Allocate main loop object */

755

if (!(simple_poll = avahi_simple_poll_new())) {

756

fprintf(stderr, "Failed to create simple poll object.\n");

757

758

goto exit;

759

}

760

761

/* Do not publish any local records */

762

avahi_server_config_init(&config);

763

config.publish_hinfo = 0;

764

config.publish_addresses = 0;

765

config.publish_workstation = 0;

766

config.publish_domain = 0;

767

768

/* Allocate a new server */

769

server = avahi_server_new(avahi_simple_poll_get(simple_poll),

770

&config, NULL, NULL, &error);

771

772

/* Free the configuration data */

773

avahi_server_config_free(&config);

774

775

/* Check if creating the server object succeeded */

776

if (!server) {

777

fprintf(stderr, "Failed to create server: %s\n",

778

avahi_strerror(error));

779

returncode = EXIT_FAILURE;

780

goto exit;

781

}

782

783

/* Create the service browser */

784

sb = avahi_s_service_browser_new(server, if_index,

785

AVAHI_PROTO_INET6,

786

"_mandos._tcp", NULL, 0,

787

browse_callback, server);

788

if (!sb) {

789

fprintf(stderr, "Failed to create service browser: %s\n",

790

avahi_strerror(avahi_server_errno(server)));

791

returncode = EXIT_FAILURE;

792

goto exit;

793

}

794

795

/* Run the main loop */

796

797

if (debug){

798

fprintf(stderr, "Starting avahi loop search\n");

799

}

800

801

avahi_simple_poll_loop(simple_poll);

802

803

exit:

804

805

if (debug){

806

fprintf(stderr, "%s exiting\n", argv[0]);

807

}

808

809

/* Cleanup things */

810

if (sb)

811

avahi_s_service_browser_free(sb);

812

813

if (server)

814

avahi_server_free(server);

815

816

if (simple_poll)

817

avahi_simple_poll_free(simple_poll);

818

free(certfile);

819

free(certkey);

820

821

return returncode;

822

}

Older »