To get this branch, use:
bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk
« back to all changes in this revision
Viewing changes to plugins.d/mandosclient.c
- browse files at revision 37
- compare with another revision
- download diff
- download tarball
- view history from revision 37
- Committer: Teddy Hogeborn
- Date: 2008-08-02 21:06:12 UTC
- Revision ID: teddy@fukt.bsnet.se-20080802210612-4c1waup4z0f66ya7
Non-tested commit for merge purposes.
* plugbasedclient.c (getplugin, addargument, set_cloexec): Made static.
* plugins.d/passprompt.c (termination_handler): Made static.
* plugbasedclient.c (getplugin, addargument, set_cloexec): Made static.
* plugins.d/passprompt.c (termination_handler): Made static.
- files modified:
- TODO
added
removed
plugins.d/mandosclient.c
32
32
#define _LARGEFILE_SOURCE
33
33
#define _FILE_OFFSET_BITS 64
34
34
35
#define _GNU_SOURCE /* TEMP_FAILURE_RETRY() */
36
37
35
#include <stdio.h>
38
36
#include <assert.h>
39
37
#include <stdlib.h>
40
38
#include <time.h>
41
39
#include <net/if.h> /* if_nametoindex */
42
#include <sys/ioctl.h> /* ioctl, ifreq, SIOCGIFFLAGS, IFF_UP,
43
SIOCSIFFLAGS */
44
#include <net/if.h> /* ioctl, ifreq, SIOCGIFFLAGS, IFF_UP,
45
SIOCSIFFLAGS */
46
40
47
41
#include <avahi-core/core.h>
48
42
#include <avahi-core/lookup.h>
51
45
#include <avahi-common/malloc.h>
52
46
#include <avahi-common/error.h>
53
47
54
/* Mandos client part */
48
//mandos client part
55
49
#include <sys/types.h> /* socket(), inet_pton() */
56
50
#include <sys/socket.h> /* socket(), struct sockaddr_in6,
57
51
struct in6_addr, inet_pton() */
64
58
#include <string.h> /* memset */
65
59
#include <arpa/inet.h> /* inet_pton() */
66
60
#include <iso646.h> /* not */
67
#include <net/if.h> /* IF_NAMESIZE */
68
61
69
/* GPGME */
62
// gpgme
70
63
#include <errno.h> /* perror() */
71
64
#include <gpgme.h>
72
65
73
/* getopt_long */
66
// getopt_long
74
67
#include <getopt.h>
75
68
76
69
#define BUFFER_SIZE 256
77
70
71
static int dh_bits = 1024;
72
78
73
static const char *keydir = "/conf/conf.d/mandos";
79
74
static const char *pubkeyfile = "pubkey.txt";
80
75
static const char *seckeyfile = "seckey.txt";
81
76
82
77
bool debug = false;
83
78
84
const char mandos_protocol_version[] = "1";
85
86
/* Used for passing in values through all the callback functions */
79
/* Used for */
87
80
typedef struct {
88
AvahiSimplePoll *simple_poll;
89
AvahiServer *server;
81
gnutls_session_t session;
90
82
gnutls_certificate_credentials_t cred;
91
unsigned int dh_bits;
92
83
gnutls_dh_params_t dh_params;
93
const char *priority;
94
} mandos_context;
95
96
size_t adjustbuffer(char **buffer, size_t buffer_length,
97
size_t buffer_capacity){
98
if (buffer_length + BUFFER_SIZE > buffer_capacity){
99
*buffer = realloc(*buffer, buffer_capacity + BUFFER_SIZE);
100
if (buffer == NULL){
101
return 0;
102
}
103
buffer_capacity += BUFFER_SIZE;
104
}
105
return buffer_capacity;
106
}
107
108
/*
109
* Decrypt OpenPGP data using keyrings in HOMEDIR.
110
* Returns -1 on error
111
*/
112
static ssize_t pgp_packet_decrypt (const char *cryptotext,
113
size_t crypto_size,
114
char **plaintext,
84
} encrypted_session;
85
86
87
static ssize_t pgp_packet_decrypt (char *packet, size_t packet_size,
88
char **new_packet,
115
89
const char *homedir){
116
90
gpgme_data_t dh_crypto, dh_plain;
117
91
gpgme_ctx_t ctx;
118
92
gpgme_error_t rc;
119
93
ssize_t ret;
120
size_t plaintext_capacity = 0;
121
ssize_t plaintext_length = 0;
94
ssize_t new_packet_capacity = 0;
95
ssize_t new_packet_length = 0;
122
96
gpgme_engine_info_t engine_info;
123
97
124
98
if (debug){
125
fprintf(stderr, "Trying to decrypt OpenPGP data\n");
99
fprintf(stderr, "Trying to decrypt OpenPGP packet\n");
126
100
}
127
101
128
102
/* Init GPGME */
134
108
return -1;
135
109
}
136
110
137
/* Set GPGME home directory for the OpenPGP engine only */
111
/* Set GPGME home directory */
138
112
rc = gpgme_get_engine_info (&engine_info);
139
113
if (rc != GPG_ERR_NO_ERROR){
140
114
fprintf(stderr, "bad gpgme_get_engine_info: %s: %s\n",
150
124
engine_info = engine_info->next;
151
125
}
152
126
if(engine_info == NULL){
153
fprintf(stderr, "Could not set GPGME home dir to %s\n", homedir);
127
fprintf(stderr, "Could not set home dir to %s\n", homedir);
154
128
return -1;
155
129
}
156
130
157
/* Create new GPGME data buffer from memory cryptotext */
158
rc = gpgme_data_new_from_mem(&dh_crypto, cryptotext, crypto_size,
159
0);
131
/* Create new GPGME data buffer from packet buffer */
132
rc = gpgme_data_new_from_mem(&dh_crypto, packet, packet_size, 0);
160
133
if (rc != GPG_ERR_NO_ERROR){
161
134
fprintf(stderr, "bad gpgme_data_new_from_mem: %s: %s\n",
162
135
gpgme_strsource(rc), gpgme_strerror(rc));
168
141
if (rc != GPG_ERR_NO_ERROR){
169
142
fprintf(stderr, "bad gpgme_data_new: %s: %s\n",
170
143
gpgme_strsource(rc), gpgme_strerror(rc));
171
gpgme_data_release(dh_crypto);
172
144
return -1;
173
145
}
174
146
177
149
if (rc != GPG_ERR_NO_ERROR){
178
150
fprintf(stderr, "bad gpgme_new: %s: %s\n",
179
151
gpgme_strsource(rc), gpgme_strerror(rc));
180
plaintext_length = -1;
181
goto decrypt_end;
152
return -1;
182
153
}
183
154
184
/* Decrypt data from the cryptotext data buffer to the plaintext
185
data buffer */
155
/* Decrypt data from the FILE pointer to the plaintext data
156
buffer */
186
157
rc = gpgme_op_decrypt(ctx, dh_crypto, dh_plain);
187
158
if (rc != GPG_ERR_NO_ERROR){
188
159
fprintf(stderr, "bad gpgme_op_decrypt: %s: %s\n",
189
160
gpgme_strsource(rc), gpgme_strerror(rc));
190
plaintext_length = -1;
191
goto decrypt_end;
161
return -1;
192
162
}
193
163
194
164
if(debug){
195
fprintf(stderr, "Decryption of OpenPGP data succeeded\n");
165
fprintf(stderr, "Decryption of OpenPGP packet succeeded\n");
196
166
}
197
167
198
168
if (debug){
199
169
gpgme_decrypt_result_t result;
200
170
result = gpgme_op_decrypt_result(ctx);
224
194
}
225
195
}
226
196
197
/* Delete the GPGME FILE pointer cryptotext data buffer */
198
gpgme_data_release(dh_crypto);
199
227
200
/* Seek back to the beginning of the GPGME plaintext data buffer */
228
201
if (gpgme_data_seek(dh_plain, (off_t) 0, SEEK_SET) == -1){
229
202
perror("pgpme_data_seek");
230
plaintext_length = -1;
231
goto decrypt_end;
232
203
}
233
204
234
*plaintext = NULL;
205
*new_packet = 0;
235
206
while(true){
236
plaintext_capacity = adjustbuffer(plaintext, (size_t)plaintext_length,
237
plaintext_capacity);
238
if (plaintext_capacity == 0){
239
perror("adjustbuffer");
240
plaintext_length = -1;
241
goto decrypt_end;
207
if (new_packet_length + BUFFER_SIZE > new_packet_capacity){
208
*new_packet = realloc(*new_packet,
209
(unsigned int)new_packet_capacity
210
+ BUFFER_SIZE);
211
if (*new_packet == NULL){
212
perror("realloc");
213
return -1;
214
}
215
new_packet_capacity += BUFFER_SIZE;
242
216
}
243
217
244
ret = gpgme_data_read(dh_plain, *plaintext + plaintext_length,
218
ret = gpgme_data_read(dh_plain, *new_packet + new_packet_length,
245
219
BUFFER_SIZE);
246
220
/* Print the data, if any */
247
221
if (ret == 0){
248
/* EOF */
249
222
break;
250
223
}
251
224
if(ret < 0){
252
225
perror("gpgme_data_read");
253
plaintext_length = -1;
254
goto decrypt_end;
226
return -1;
255
227
}
256
plaintext_length += ret;
228
new_packet_length += ret;
257
229
}
258
230
259
if(debug){
260
fprintf(stderr, "Decrypted password is: ");
261
for(ssize_t i = 0; i < plaintext_length; i++){
262
fprintf(stderr, "%02hhX ", (*plaintext)[i]);
263
}
264
fprintf(stderr, "\n");
265
}
266
267
decrypt_end:
268
269
/* Delete the GPGME cryptotext data buffer */
270
gpgme_data_release(dh_crypto);
231
/* FIXME: check characters before printing to screen so to not print
232
terminal control characters */
233
/* if(debug){ */
234
/* fprintf(stderr, "decrypted password is: "); */
235
/* fwrite(*new_packet, 1, new_packet_length, stderr); */
236
/* fprintf(stderr, "\n"); */
237
/* } */
271
238
272
239
/* Delete the GPGME plaintext data buffer */
273
240
gpgme_data_release(dh_plain);
274
return plaintext_length;
241
return new_packet_length;
275
242
}
276
243
277
244
static const char * safer_gnutls_strerror (int value) {
281
248
return ret;
282
249
}
283
250
284
/* GnuTLS log function callback */
285
251
static void debuggnutls(__attribute__((unused)) int level,
286
252
const char* string){
287
fprintf(stderr, "GnuTLS: %s", string);
253
fprintf(stderr, "%s", string);
288
254
}
289
255
290
static int init_gnutls_global(mandos_context *mc){
256
static int initgnutls(encrypted_session *es){
257
const char *err;
291
258
int ret;
292
259
293
260
if(debug){
296
263
297
264
if ((ret = gnutls_global_init ())
298
265
!= GNUTLS_E_SUCCESS) {
299
fprintf (stderr, "GnuTLS global_init: %s\n",
300
safer_gnutls_strerror(ret));
266
fprintf (stderr, "global_init: %s\n", safer_gnutls_strerror(ret));
301
267
return -1;
302
268
}
303
269
304
270
if (debug){
305
/* "Use a log level over 10 to enable all debugging options."
306
* - GnuTLS manual
307
*/
308
271
gnutls_global_set_log_level(11);
309
272
gnutls_global_set_log_function(debuggnutls);
310
273
}
311
274
312
/* OpenPGP credentials */
313
if ((ret = gnutls_certificate_allocate_credentials (&mc->cred))
275
/* openpgp credentials */
276
if ((ret = gnutls_certificate_allocate_credentials (&es->cred))
314
277
!= GNUTLS_E_SUCCESS) {
315
fprintf (stderr, "GnuTLS memory error: %s\n",
278
fprintf (stderr, "memory error: %s\n",
316
279
safer_gnutls_strerror(ret));
317
280
return -1;
318
281
}
324
287
}
325
288
326
289
ret = gnutls_certificate_set_openpgp_key_file
327
(mc->cred, pubkeyfile, seckeyfile, GNUTLS_OPENPGP_FMT_BASE64);
290
(es->cred, pubkeyfile, seckeyfile, GNUTLS_OPENPGP_FMT_BASE64);
328
291
if (ret != GNUTLS_E_SUCCESS) {
329
fprintf(stderr,
330
"Error[%d] while reading the OpenPGP key pair ('%s',"
331
" '%s')\n", ret, pubkeyfile, seckeyfile);
332
fprintf(stdout, "The GnuTLS error is: %s\n",
292
fprintf
293
(stderr, "Error[%d] while reading the OpenPGP key pair ('%s',"
294
" '%s')\n",
295
ret, pubkeyfile, seckeyfile);
296
fprintf(stdout, "The Error is: %s\n",
333
297
safer_gnutls_strerror(ret));
334
298
return -1;
335
299
}
336
300
337
/* GnuTLS server initialization */
338
ret = gnutls_dh_params_init(&mc->dh_params);
339
if (ret != GNUTLS_E_SUCCESS) {
340
fprintf (stderr, "Error in GnuTLS DH parameter initialization:"
341
" %s\n", safer_gnutls_strerror(ret));
342
return -1;
343
}
344
ret = gnutls_dh_params_generate2(mc->dh_params, mc->dh_bits);
345
if (ret != GNUTLS_E_SUCCESS) {
346
fprintf (stderr, "Error in GnuTLS prime generation: %s\n",
347
safer_gnutls_strerror(ret));
348
return -1;
349
}
350
351
gnutls_certificate_set_dh_params(mc->cred, mc->dh_params);
352
353
return 0;
354
}
355
356
static int init_gnutls_session(mandos_context *mc, gnutls_session_t *session){
357
int ret;
358
/* GnuTLS session creation */
359
ret = gnutls_init(session, GNUTLS_SERVER);
360
if (ret != GNUTLS_E_SUCCESS){
301
//GnuTLS server initialization
302
if ((ret = gnutls_dh_params_init (&es->dh_params))
303
!= GNUTLS_E_SUCCESS) {
304
fprintf (stderr, "Error in dh parameter initialization: %s\n",
305
safer_gnutls_strerror(ret));
306
return -1;
307
}
308
309
if ((ret = gnutls_dh_params_generate2 (es->dh_params, dh_bits))
310
!= GNUTLS_E_SUCCESS) {
311
fprintf (stderr, "Error in prime generation: %s\n",
312
safer_gnutls_strerror(ret));
313
return -1;
314
}
315
316
gnutls_certificate_set_dh_params (es->cred, es->dh_params);
317
318
// GnuTLS session creation
319
if ((ret = gnutls_init (&es->session, GNUTLS_SERVER))
320
!= GNUTLS_E_SUCCESS){
361
321
fprintf(stderr, "Error in GnuTLS session initialization: %s\n",
362
322
safer_gnutls_strerror(ret));
363
323
}
364
324
365
{
366
const char *err;
367
ret = gnutls_priority_set_direct(*session, mc->priority, &err);
368
if (ret != GNUTLS_E_SUCCESS) {
369
fprintf(stderr, "Syntax error at: %s\n", err);
370
fprintf(stderr, "GnuTLS error: %s\n",
371
safer_gnutls_strerror(ret));
372
return -1;
373
}
325
if ((ret = gnutls_priority_set_direct (es->session, "NORMAL", &err))
326
!= GNUTLS_E_SUCCESS) {
327
fprintf(stderr, "Syntax error at: %s\n", err);
328
fprintf(stderr, "GnuTLS error: %s\n",
329
safer_gnutls_strerror(ret));
330
return -1;
374
331
}
375
332
376
ret = gnutls_credentials_set(*session, GNUTLS_CRD_CERTIFICATE,
377
mc->cred);
378
if (ret != GNUTLS_E_SUCCESS) {
379
fprintf(stderr, "Error setting GnuTLS credentials: %s\n",
333
if ((ret = gnutls_credentials_set
334
(es->session, GNUTLS_CRD_CERTIFICATE, es->cred))
335
!= GNUTLS_E_SUCCESS) {
336
fprintf(stderr, "Error setting a credentials set: %s\n",
380
337
safer_gnutls_strerror(ret));
381
338
return -1;
382
339
}
383
340
384
341
/* ignore client certificate if any. */
385
gnutls_certificate_server_set_request (*session,
342
gnutls_certificate_server_set_request (es->session,
386
343
GNUTLS_CERT_IGNORE);
387
344
388
gnutls_dh_set_prime_bits (*session, mc->dh_bits);
345
gnutls_dh_set_prime_bits (es->session, dh_bits);
389
346
390
347
return 0;
391
348
}
392
349
393
/* Avahi log function callback */
394
350
static void empty_log(__attribute__((unused)) AvahiLogLevel level,
395
351
__attribute__((unused)) const char *txt){}
396
352
397
/* Called when a Mandos server is found */
398
353
static int start_mandos_communication(const char *ip, uint16_t port,
399
AvahiIfIndex if_index,
400
mandos_context *mc){
354
AvahiIfIndex if_index){
401
355
int ret, tcp_sd;
402
356
struct sockaddr_in6 to;
357
encrypted_session es;
403
358
char *buffer = NULL;
404
359
char *decrypted_buffer;
405
360
size_t buffer_length = 0;
406
361
size_t buffer_capacity = 0;
407
362
ssize_t decrypted_buffer_size;
408
size_t written;
363
size_t written = 0;
409
364
int retval = 0;
410
365
char interface[IF_NAMESIZE];
411
gnutls_session_t session;
412
gnutls_dh_params_t dh_params;
413
414
ret = init_gnutls_session (mc, &session);
415
if (ret != 0){
416
return -1;
417
}
418
366
419
367
if(debug){
420
368
fprintf(stderr, "Setting up a tcp connection to %s, port %d\n",
426
374
perror("socket");
427
375
return -1;
428
376
}
429
430
if(debug){
431
if(if_indextoname((unsigned int)if_index, interface) == NULL){
377
378
if(if_indextoname((unsigned int)if_index, interface) == NULL){
379
if(debug){
432
380
perror("if_indextoname");
433
return -1;
434
381
}
382
return -1;
383
}
384
385
if(debug){
435
386
fprintf(stderr, "Binding to interface %s\n", interface);
436
387
}
437
388
438
389
memset(&to,0,sizeof(to)); /* Spurious warning */
439
390
to.sin6_family = AF_INET6;
440
/* It would be nice to have a way to detect if we were passed an
441
IPv4 address here. Now we assume an IPv6 address. */
442
391
ret = inet_pton(AF_INET6, ip, &to.sin6_addr);
443
392
if (ret < 0 ){
444
393
perror("inet_pton");
445
394
return -1;
446
}
395
}
447
396
if(ret == 0){
448
397
fprintf(stderr, "Bad address: %s\n", ip);
449
398
return -1;
460
409
perror("inet_ntop");
461
410
} else {
462
411
if(strcmp(addrstr, ip) != 0){
463
fprintf(stderr, "Canonical address form: %s\n", addrstr);
412
fprintf(stderr, "Canonical address form: %s\n",
413
addrstr, ntohs(to.sin6_port));
464
414
}
465
415
}
466
416
}
470
420
perror("connect");
471
421
return -1;
472
422
}
473
474
const char *out = mandos_protocol_version;
475
written = 0;
476
while (true){
477
size_t out_size = strlen(out);
478
ret = TEMP_FAILURE_RETRY(write(tcp_sd, out + written,
479
out_size - written));
480
if (ret == -1){
481
perror("write");
482
retval = -1;
483
goto mandos_end;
484
}
485
written += (size_t)ret;
486
if(written < out_size){
487
continue;
488
} else {
489
if (out == mandos_protocol_version){
490
written = 0;
491
out = "\r\n";
492
} else {
493
break;
494
}
495
}
423
424
ret = initgnutls (&es);
425
if (ret != 0){
426
retval = -1;
427
return -1;
496
428
}
497
429
430
gnutls_transport_set_ptr (es.session,
431
(gnutls_transport_ptr_t) tcp_sd);
432
498
433
if(debug){
499
434
fprintf(stderr, "Establishing TLS session with %s\n", ip);
500
435
}
501
436
502
gnutls_transport_set_ptr (session, (gnutls_transport_ptr_t) tcp_sd);
503
504
ret = gnutls_handshake (session);
437
ret = gnutls_handshake (es.session);
505
438
506
439
if (ret != GNUTLS_E_SUCCESS){
507
440
if(debug){
508
fprintf(stderr, "*** GnuTLS Handshake failed ***\n");
441
fprintf(stderr, "\n*** Handshake failed ***\n");
509
442
gnutls_perror (ret);
510
443
}
511
444
retval = -1;
512
goto mandos_end;
445
goto exit;
513
446
}
514
447
515
/* Read OpenPGP packet that contains the wanted password */
448
//Retrieve OpenPGP packet that contains the wanted password
516
449
517
450
if(debug){
518
451
fprintf(stderr, "Retrieving pgp encrypted password from %s\n",
520
453
}
521
454
522
455
while(true){
523
buffer_capacity = adjustbuffer(&buffer, buffer_length, buffer_capacity);
524
if (buffer_capacity == 0){
525
perror("adjustbuffer");
526
retval = -1;
527
goto mandos_end;
456
if (buffer_length + BUFFER_SIZE > buffer_capacity){
457
buffer = realloc(buffer, buffer_capacity + BUFFER_SIZE);
458
if (buffer == NULL){
459
perror("realloc");
460
goto exit;
461
}
462
buffer_capacity += BUFFER_SIZE;
528
463
}
529
464
530
ret = gnutls_record_recv(session, buffer+buffer_length,
531
BUFFER_SIZE);
465
ret = gnutls_record_recv
466
(es.session, buffer+buffer_length, BUFFER_SIZE);
532
467
if (ret == 0){
533
468
break;
534
469
}
538
473
case GNUTLS_E_AGAIN:
539
474
break;
540
475
case GNUTLS_E_REHANDSHAKE:
541
ret = gnutls_handshake (session);
476
ret = gnutls_handshake (es.session);
542
477
if (ret < 0){
543
fprintf(stderr, "*** GnuTLS Re-handshake failed ***\n");
478
fprintf(stderr, "\n*** Handshake failed ***\n");
544
479
gnutls_perror (ret);
545
480
retval = -1;
546
goto mandos_end;
481
goto exit;
547
482
}
548
483
break;
549
484
default:
550
485
fprintf(stderr, "Unknown error while reading data from"
551
" encrypted session with Mandos server\n");
486
" encrypted session with mandos server\n");
552
487
retval = -1;
553
gnutls_bye (session, GNUTLS_SHUT_RDWR);
554
goto mandos_end;
488
gnutls_bye (es.session, GNUTLS_SHUT_RDWR);
489
goto exit;
555
490
}
556
491
} else {
557
492
buffer_length += (size_t) ret;
558
493
}
559
494
}
560
495
561
if(debug){
562
fprintf(stderr, "Closing TLS session\n");
563
}
564
565
gnutls_bye (session, GNUTLS_SHUT_RDWR);
566
567
496
if (buffer_length > 0){
568
497
decrypted_buffer_size = pgp_packet_decrypt(buffer,
569
498
buffer_length,
570
499
&decrypted_buffer,
571
500
keydir);
572
501
if (decrypted_buffer_size >= 0){
573
written = 0;
574
502
while(written < (size_t) decrypted_buffer_size){
575
503
ret = (int)fwrite (decrypted_buffer + written, 1,
576
504
(size_t)decrypted_buffer_size - written,
590
518
retval = -1;
591
519
}
592
520
}
593
594
/* Shutdown procedure */
595
596
mandos_end:
521
522
//shutdown procedure
523
524
if(debug){
525
fprintf(stderr, "Closing TLS session\n");
526
}
527
597
528
free(buffer);
529
gnutls_bye (es.session, GNUTLS_SHUT_RDWR);
530
exit:
598
531
close(tcp_sd);
599
gnutls_deinit (session);
600
gnutls_certificate_free_credentials (mc->cred);
532
gnutls_deinit (es.session);
533
gnutls_certificate_free_credentials (es.cred);
601
534
gnutls_global_deinit ();
602
535
return retval;
603
536
}
604
537
605
static void resolve_callback(AvahiSServiceResolver *r,
606
AvahiIfIndex interface,
607
AVAHI_GCC_UNUSED AvahiProtocol protocol,
608
AvahiResolverEvent event,
609
const char *name,
610
const char *type,
611
const char *domain,
612
const char *host_name,
613
const AvahiAddress *address,
614
uint16_t port,
615
AVAHI_GCC_UNUSED AvahiStringList *txt,
616
AVAHI_GCC_UNUSED AvahiLookupResultFlags
617
flags,
618
void* userdata) {
619
mandos_context *mc = userdata;
538
static AvahiSimplePoll *simple_poll = NULL;
539
static AvahiServer *server = NULL;
540
541
static void resolve_callback(
542
AvahiSServiceResolver *r,
543
AvahiIfIndex interface,
544
AVAHI_GCC_UNUSED AvahiProtocol protocol,
545
AvahiResolverEvent event,
546
const char *name,
547
const char *type,
548
const char *domain,
549
const char *host_name,
550
const AvahiAddress *address,
551
uint16_t port,
552
AVAHI_GCC_UNUSED AvahiStringList *txt,
553
AVAHI_GCC_UNUSED AvahiLookupResultFlags flags,
554
AVAHI_GCC_UNUSED void* userdata) {
555
620
556
assert(r); /* Spurious warning */
621
557
622
558
/* Called whenever a service has been resolved successfully or
625
561
switch (event) {
626
562
default:
627
563
case AVAHI_RESOLVER_FAILURE:
628
fprintf(stderr, "(Avahi Resolver) Failed to resolve service '%s'"
629
" of type '%s' in domain '%s': %s\n", name, type, domain,
630
avahi_strerror(avahi_server_errno(mc->server)));
564
fprintf(stderr, "(Resolver) Failed to resolve service '%s' of"
565
" type '%s' in domain '%s': %s\n", name, type, domain,
566
avahi_strerror(avahi_server_errno(server)));
631
567
break;
632
568
633
569
case AVAHI_RESOLVER_FOUND:
635
571
char ip[AVAHI_ADDRESS_STR_MAX];
636
572
avahi_address_snprint(ip, sizeof(ip), address);
637
573
if(debug){
638
fprintf(stderr, "Mandos server \"%s\" found on %s (%s, %d) on"
639
" port %d\n", name, host_name, ip, interface, port);
574
fprintf(stderr, "Mandos server \"%s\" found on %s (%s) on"
575
" port %d\n", name, host_name, ip, port);
640
576
}
641
int ret = start_mandos_communication(ip, port, interface, mc);
577
int ret = start_mandos_communication(ip, port, interface);
642
578
if (ret == 0){
643
579
exit(EXIT_SUCCESS);
644
580
}
647
583
avahi_s_service_resolver_free(r);
648
584
}
649
585
650
static void browse_callback( AvahiSServiceBrowser *b,
651
AvahiIfIndex interface,
652
AvahiProtocol protocol,
653
AvahiBrowserEvent event,
654
const char *name,
655
const char *type,
656
const char *domain,
657
AVAHI_GCC_UNUSED AvahiLookupResultFlags
658
flags,
659
void* userdata) {
660
mandos_context *mc = userdata;
661
assert(b); /* Spurious warning */
662
663
/* Called whenever a new services becomes available on the LAN or
664
is removed from the LAN */
665
666
switch (event) {
667
default:
668
case AVAHI_BROWSER_FAILURE:
669
670
fprintf(stderr, "(Avahi browser) %s\n",
671
avahi_strerror(avahi_server_errno(mc->server)));
672
avahi_simple_poll_quit(mc->simple_poll);
673
return;
674
675
case AVAHI_BROWSER_NEW:
676
/* We ignore the returned Avahi resolver object. In the callback
677
function we free it. If the Avahi server is terminated before
678
the callback function is called the Avahi server will free the
679
resolver for us. */
680
681
if (!(avahi_s_service_resolver_new(mc->server, interface,
682
protocol, name, type, domain,
683
AVAHI_PROTO_INET6, 0,
684
resolve_callback, mc)))
685
fprintf(stderr, "Avahi: Failed to resolve service '%s': %s\n",
686
name, avahi_strerror(avahi_server_errno(mc->server)));
687
break;
688
689
case AVAHI_BROWSER_REMOVE:
690
break;
691
692
case AVAHI_BROWSER_ALL_FOR_NOW:
693
case AVAHI_BROWSER_CACHE_EXHAUSTED:
694
if(debug){
695
fprintf(stderr, "No Mandos server found, still searching...\n");
586
static void browse_callback(
587
AvahiSServiceBrowser *b,
588
AvahiIfIndex interface,
589
AvahiProtocol protocol,
590
AvahiBrowserEvent event,
591
const char *name,
592
const char *type,
593
const char *domain,
594
AVAHI_GCC_UNUSED AvahiLookupResultFlags flags,
595
void* userdata) {
596
597
AvahiServer *s = userdata;
598
assert(b); /* Spurious warning */
599
600
/* Called whenever a new services becomes available on the LAN or
601
is removed from the LAN */
602
603
switch (event) {
604
default:
605
case AVAHI_BROWSER_FAILURE:
606
607
fprintf(stderr, "(Browser) %s\n",
608
avahi_strerror(avahi_server_errno(server)));
609
avahi_simple_poll_quit(simple_poll);
610
return;
611
612
case AVAHI_BROWSER_NEW:
613
/* We ignore the returned resolver object. In the callback
614
function we free it. If the server is terminated before
615
the callback function is called the server will free
616
the resolver for us. */
617
618
if (!(avahi_s_service_resolver_new(s, interface, protocol, name,
619
type, domain,
620
AVAHI_PROTO_INET6, 0,
621
resolve_callback, s)))
622
fprintf(stderr, "Failed to resolve service '%s': %s\n", name,
623
avahi_strerror(avahi_server_errno(s)));
624
break;
625
626
case AVAHI_BROWSER_REMOVE:
627
break;
628
629
case AVAHI_BROWSER_ALL_FOR_NOW:
630
case AVAHI_BROWSER_CACHE_EXHAUSTED:
631
break;
696
632
}
697
break;
698
}
699
633
}
700
634
701
635
/* Combines file name and path and returns the malloced new
708
642
return NULL;
709
643
}
710
644
if(f_len > 0){
711
memcpy(tmp, first, f_len); /* Spurious warning */
645
memcpy(tmp, first, f_len);
712
646
}
713
647
tmp[f_len] = '/';
714
648
if(s_len > 0){
715
memcpy(tmp + f_len + 1, second, s_len); /* Spurious warning */
649
memcpy(tmp + f_len + 1, second, s_len);
716
650
}
717
651
tmp[f_len + 1 + s_len] = '\0';
718
652
return tmp;
719
653
}
720
654
721
655
722
int main(int argc, char *argv[]){
656
int main(AVAHI_GCC_UNUSED int argc, AVAHI_GCC_UNUSED char*argv[]) {
657
AvahiServerConfig config;
723
658
AvahiSServiceBrowser *sb = NULL;
724
659
int error;
725
660
int ret;
726
int exitcode = EXIT_SUCCESS;
727
const char *interface = "eth0";
728
struct ifreq network;
729
int sd;
730
uid_t uid;
731
gid_t gid;
661
int debug_int = 0;
662
int returncode = EXIT_SUCCESS;
663
const char *interface = NULL;
664
AvahiIfIndex if_index = AVAHI_IF_UNSPEC;
732
665
char *connect_to = NULL;
733
AvahiIfIndex if_index = AVAHI_IF_UNSPEC;
734
mandos_context mc = { .simple_poll = NULL, .server = NULL,
735
.dh_bits = 1024, .priority = "SECURE256"};
736
666
737
{
738
/* Temporary int to get the address of for getopt_long */
739
int debug_int = debug ? 1 : 0;
740
while (true){
741
struct option long_options[] = {
742
{"debug", no_argument, &debug_int, 1},
743
{"connect", required_argument, NULL, 'c'},
744
{"interface", required_argument, NULL, 'i'},
745
{"keydir", required_argument, NULL, 'd'},
746
{"seckey", required_argument, NULL, 's'},
747
{"pubkey", required_argument, NULL, 'p'},
748
{"dh-bits", required_argument, NULL, 'D'},
749
{"priority", required_argument, NULL, 'P'},
750
{0, 0, 0, 0} };
751
752
int option_index = 0;
753
ret = getopt_long (argc, argv, "i:", long_options,
754
&option_index);
755
756
if (ret == -1){
757
break;
758
}
759
760
switch(ret){
761
case 0:
762
break;
763
case 'i':
764
interface = optarg;
765
break;
766
case 'c':
767
connect_to = optarg;
768
break;
769
case 'd':
770
keydir = optarg;
771
break;
772
case 'p':
773
pubkeyfile = optarg;
774
break;
775
case 's':
776
seckeyfile = optarg;
777
break;
778
case 'D':
779
errno = 0;
780
mc.dh_bits = (unsigned int) strtol(optarg, NULL, 10);
781
if (errno){
782
perror("strtol");
783
exit(EXIT_FAILURE);
784
}
785
break;
786
case 'P':
787
mc.priority = optarg;
788
break;
789
case '?':
790
default:
791
/* getopt_long() has already printed a message about the
792
unrcognized option, so just exit. */
793
exit(EXIT_FAILURE);
794
}
795
}
796
/* Set the global debug flag from the temporary int */
797
debug = debug_int ? true : false;
667
debug_int = debug ? 1 : 0;
668
while (true){
669
static struct option long_options[] = {
670
{"debug", no_argument, &debug_int, 1},
671
{"connect", required_argument, NULL, 'C'},
672
{"interface", required_argument, NULL, 'i'},
673
{"keydir", required_argument, NULL, 'd'},
674
{"seckey", required_argument, NULL, 'c'},
675
{"pubkey", required_argument, NULL, 'k'},
676
{"dh-bits", required_argument, NULL, 'D'},
677
{0, 0, 0, 0} };
678
679
int option_index = 0;
680
ret = getopt_long (argc, argv, "i:", long_options,
681
&option_index);
682
683
if (ret == -1){
684
break;
685
}
686
687
switch(ret){
688
case 0:
689
break;
690
case 'i':
691
interface = optarg;
692
break;
693
case 'C':
694
connect_to = optarg;
695
break;
696
case 'd':
697
keydir = optarg;
698
break;
699
case 'c':
700
pubkeyfile = optarg;
701
break;
702
case 'k':
703
seckeyfile = optarg;
704
break;
705
case 'D':
706
dh_bits = atoi(optarg);
707
break;
708
case '?':
709
break
710
default:
711
exit(EXIT_FAILURE);
712
}
798
713
}
714
debug = debug_int ? true : false;
799
715
800
716
pubkeyfile = combinepath(keydir, pubkeyfile);
801
717
if (pubkeyfile == NULL){
802
718
perror("combinepath");
803
exitcode = EXIT_FAILURE;
804
goto end;
805
}
806
807
seckeyfile = combinepath(keydir, seckeyfile);
808
if (seckeyfile == NULL){
809
perror("combinepath");
810
goto end;
811
}
812
813
ret = init_gnutls_global(&mc);
814
if (ret == -1){
815
fprintf(stderr, "init_gnutls_global\n");
816
goto end;
817
}
818
819
uid = getuid();
820
gid = getgid();
821
822
ret = setuid(uid);
823
if (ret == -1){
824
perror("setuid");
825
}
826
827
setgid(gid);
828
if (ret == -1){
829
perror("setgid");
830
}
831
832
if_index = (AvahiIfIndex) if_nametoindex(interface);
833
if(if_index == 0){
834
fprintf(stderr, "No such interface: \"%s\"\n", interface);
835
exit(EXIT_FAILURE);
719
goto exit;
720
}
721
722
if(interface != NULL){
723
if_index = (AvahiIfIndex) if_nametoindex(interface);
724
if(if_index == 0){
725
fprintf(stderr, "No such interface: \"%s\"\n", interface);
726
exit(EXIT_FAILURE);
727
}
836
728
}
837
729
838
730
if(connect_to != NULL){
841
733
char *address = strrchr(connect_to, ':');
842
734
if(address == NULL){
843
735
fprintf(stderr, "No colon in address\n");
844
exitcode = EXIT_FAILURE;
845
goto end;
736
exit(EXIT_FAILURE);
846
737
}
847
738
errno = 0;
848
739
uint16_t port = (uint16_t) strtol(address+1, NULL, 10);
849
740
if(errno){
850
741
perror("Bad port number");
851
exitcode = EXIT_FAILURE;
852
goto end;
742
exit(EXIT_FAILURE);
853
743
}
854
744
*address = '\0';
855
745
address = connect_to;
856
ret = start_mandos_communication(address, port, if_index, &mc);
746
ret = start_mandos_communication(address, port, if_index);
857
747
if(ret < 0){
858
exitcode = EXIT_FAILURE;
748
exit(EXIT_FAILURE);
859
749
} else {
860
exitcode = EXIT_SUCCESS;
750
exit(EXIT_SUCCESS);
861
751
}
862
goto end;
863
752
}
864
753
865
/* If the interface is down, bring it up */
866
{
867
sd = socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP);
868
if(sd < 0) {
869
perror("socket");
870
exitcode = EXIT_FAILURE;
871
goto end;
872
}
873
strcpy(network.ifr_name, interface); /* Spurious warning */
874
ret = ioctl(sd, SIOCGIFFLAGS, &network);
875
if(ret == -1){
876
perror("ioctl SIOCGIFFLAGS");
877
exitcode = EXIT_FAILURE;
878
goto end;
879
}
880
if((network.ifr_flags & IFF_UP) == 0){
881
network.ifr_flags |= IFF_UP;
882
ret = ioctl(sd, SIOCSIFFLAGS, &network);
883
if(ret == -1){
884
perror("ioctl SIOCSIFFLAGS");
885
exitcode = EXIT_FAILURE;
886
goto end;
887
}
888
}
889
close(sd);
754
seckeyfile = combinepath(keydir, seckeyfile);
755
if (seckeyfile == NULL){
756
perror("combinepath");
757
goto exit;
890
758
}
891
759
892
760
if (not debug){
893
761
avahi_set_log_function(empty_log);
894
762
}
895
763
896
/* Initialize the pseudo-RNG for Avahi */
764
/* Initialize the psuedo-RNG */
897
765
srand((unsigned int) time(NULL));
898
899
/* Allocate main Avahi loop object */
900
mc.simple_poll = avahi_simple_poll_new();
901
if (mc.simple_poll == NULL) {
902
fprintf(stderr, "Avahi: Failed to create simple poll"
903
" object.\n");
904
exitcode = EXIT_FAILURE;
905
goto end;
906
}
907
908
{
909
AvahiServerConfig config;
910
/* Do not publish any local Zeroconf records */
911
avahi_server_config_init(&config);
912
config.publish_hinfo = 0;
913
config.publish_addresses = 0;
914
config.publish_workstation = 0;
915
config.publish_domain = 0;
916
917
/* Allocate a new server */
918
mc.server = avahi_server_new(avahi_simple_poll_get
919
(mc.simple_poll), &config, NULL,
920
NULL, &error);
921
922
/* Free the Avahi configuration data */
923
avahi_server_config_free(&config);
924
}
925
926
/* Check if creating the Avahi server object succeeded */
927
if (mc.server == NULL) {
928
fprintf(stderr, "Failed to create Avahi server: %s\n",
766
767
/* Allocate main loop object */
768
if (!(simple_poll = avahi_simple_poll_new())) {
769
fprintf(stderr, "Failed to create simple poll object.\n");
770
771
goto exit;
772
}
773
774
/* Do not publish any local records */
775
avahi_server_config_init(&config);
776
config.publish_hinfo = 0;
777
config.publish_addresses = 0;
778
config.publish_workstation = 0;
779
config.publish_domain = 0;
780
781
/* Allocate a new server */
782
server = avahi_server_new(avahi_simple_poll_get(simple_poll),
783
&config, NULL, NULL, &error);
784
785
/* Free the configuration data */
786
avahi_server_config_free(&config);
787
788
/* Check if creating the server object succeeded */
789
if (!server) {
790
fprintf(stderr, "Failed to create server: %s\n",
929
791
avahi_strerror(error));
930
exitcode = EXIT_FAILURE;
931
goto end;
792
returncode = EXIT_FAILURE;
793
goto exit;
932
794
}
933
795
934
/* Create the Avahi service browser */
935
sb = avahi_s_service_browser_new(mc.server, if_index,
796
/* Create the service browser */
797
sb = avahi_s_service_browser_new(server, if_index,
936
798
AVAHI_PROTO_INET6,
937
799
"_mandos._tcp", NULL, 0,
938
browse_callback, &mc);
939
if (sb == NULL) {
800
browse_callback, server);
801
if (!sb) {
940
802
fprintf(stderr, "Failed to create service browser: %s\n",
941
avahi_strerror(avahi_server_errno(mc.server)));
942
exitcode = EXIT_FAILURE;
943
goto end;
803
avahi_strerror(avahi_server_errno(server)));
804
returncode = EXIT_FAILURE;
805
goto exit;
944
806
}
945
807
946
808
/* Run the main loop */
947
809
948
810
if (debug){
949
fprintf(stderr, "Starting Avahi loop search\n");
811
fprintf(stderr, "Starting avahi loop search\n");
950
812
}
951
813
952
avahi_simple_poll_loop(mc.simple_poll);
814
avahi_simple_poll_loop(simple_poll);
953
815
954
end:
816
exit:
955
817
956
818
if (debug){
957
819
fprintf(stderr, "%s exiting\n", argv[0]);
958
820
}
959
821
960
822
/* Cleanup things */
961
if (sb != NULL)
823
if (sb)
962
824
avahi_s_service_browser_free(sb);
963
825
964
if (mc.server != NULL)
965
avahi_server_free(mc.server);
826
if (server)
827
avahi_server_free(server);
966
828
967
if (mc.simple_poll != NULL)
968
avahi_simple_poll_free(mc.simple_poll);
829
if (simple_poll)
830
avahi_simple_poll_free(simple_poll);
969
831
free(pubkeyfile);
970
832
free(seckeyfile);
971
833
972
return exitcode;
834
return returncode;
973
835
}
Loggerhead is a web-based interface for Breezy
Version: 2.0.2.dev0