/mandos/trunk : revision 39

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to plugins.d/mandosclient.c

Committer: Teddy Hogeborn
Date: 2008-08-03 03:33:56 UTC
Revision ID: teddy@fukt.bsnet.se-20080803033356-6aemgj0g0hoz91ow

* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
                                                 On debug, show
                                                 decrypted plaintext
                                                 in hexadecimal.  Free
                                                 the GPGME data
                                                 buffers even on
                                                 errors.

files added:
plugbasedclient.c

plugins.d

plugins.d/mandosclient.c

plugins.d/passprompt.c

server.conf

files removed:
client.cpp

files renamed:
mandos-clients.conf => clients.conf

files modified:
Makefile

TODO

server.py

Show diffs side-by-side

added added

removed removed

plugins.d/mandosclient.c

/* -*- coding: utf-8 -*- */

* Mandos client - get and decrypt data from a Mandos server

* This program is partly derived from an example program for an Avahi

* service browser, downloaded from

* <http://avahi.org/browser/examples/core-browse-services.c>. This

* includes the following functions: "resolve_callback",

* "browse_callback", and parts of "main".

* Everything else is

* This program is free software: you can redistribute it and/or

* modify it under the terms of the GNU General Public License as

* published by the Free Software Foundation, either version 3 of the

* License, or (at your option) any later version.

* This program is distributed in the hope that it will be useful, but

* WITHOUT ANY WARRANTY; without even the implied warranty of

* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU

* General Public License for more details.

* You should have received a copy of the GNU General Public License

* along with this program. If not, see

* <http://www.gnu.org/licenses/>.

* Contact the authors at <mandos@fukt.bsnet.se>.

/* Needed by GPGME, specifically gpgme_data_seek() */

#define _LARGEFILE_SOURCE

#define _FILE_OFFSET_BITS 64

#include <stdio.h>

#include <assert.h>

#include <stdlib.h>

#include <time.h>

#include <net/if.h> /* if_nametoindex */

#include <sys/ioctl.h> /* ioctl, ifreq, SIOCGIFFLAGS, IFF_UP,

SIOCSIFFLAGS */

#include <net/if.h> /* ioctl, ifreq, SIOCGIFFLAGS, IFF_UP,

SIOCSIFFLAGS */

#include <avahi-core/core.h>

#include <avahi-core/lookup.h>

#include <avahi-core/log.h>

#include <avahi-common/simple-watch.h>

#include <avahi-common/malloc.h>

#include <avahi-common/error.h>

//mandos client part

#include <sys/types.h> /* socket(), inet_pton() */

#include <sys/socket.h> /* socket(), struct sockaddr_in6,

struct in6_addr, inet_pton() */

#include <gnutls/gnutls.h> /* All GnuTLS stuff */

#include <gnutls/openpgp.h> /* GnuTLS with openpgp stuff */

#include <unistd.h> /* close() */

#include <netinet/in.h>

#include <stdbool.h> /* true */

#include <string.h> /* memset */

#include <arpa/inet.h> /* inet_pton() */

#include <iso646.h> /* not */

// gpgme

#include <errno.h> /* perror() */

#include <gpgme.h>

// getopt_long

#include <getopt.h>

#define BUFFER_SIZE 256

static const char *keydir = "/conf/conf.d/mandos";

static const char *pubkeyfile = "pubkey.txt";

static const char *seckeyfile = "seckey.txt";

bool debug = false;

/* Used for passing in values through all the callback functions */

typedef struct {

AvahiSimplePoll *simple_poll;

AvahiServer *server;

gnutls_certificate_credentials_t cred;

unsigned int dh_bits;

const char *priority;

} mandos_context;

* Decrypt OpenPGP data using keyrings in HOMEDIR.

* Returns -1 on error

static ssize_t pgp_packet_decrypt (const char *cryptotext,

size_t crypto_size,

char **plaintext,

const char *homedir){

gpgme_data_t dh_crypto, dh_plain;

gpgme_ctx_t ctx;

100

gpgme_error_t rc;

101

ssize_t ret;

102

ssize_t plaintext_capacity = 0;

103

ssize_t plaintext_length = 0;

104

gpgme_engine_info_t engine_info;

105

106

if (debug){

107

fprintf(stderr, "Trying to decrypt OpenPGP data\n");

108

}

109

110

/* Init GPGME */

111

gpgme_check_version(NULL);

112

rc = gpgme_engine_check_version(GPGME_PROTOCOL_OpenPGP);

113

if (rc != GPG_ERR_NO_ERROR){

114

fprintf(stderr, "bad gpgme_engine_check_version: %s: %s\n",

115

gpgme_strsource(rc), gpgme_strerror(rc));

116

return -1;

117

}

118

119

/* Set GPGME home directory for the OpenPGP engine only */

120

rc = gpgme_get_engine_info (&engine_info);

121

if (rc != GPG_ERR_NO_ERROR){

122

fprintf(stderr, "bad gpgme_get_engine_info: %s: %s\n",

123

gpgme_strsource(rc), gpgme_strerror(rc));

124

return -1;

125

}

126

while(engine_info != NULL){

127

if(engine_info->protocol == GPGME_PROTOCOL_OpenPGP){

128

gpgme_set_engine_info(GPGME_PROTOCOL_OpenPGP,

129

engine_info->file_name, homedir);

130

break;

131

}

132

engine_info = engine_info->next;

133

}

134

if(engine_info == NULL){

135

fprintf(stderr, "Could not set GPGME home dir to %s\n", homedir);

136

return -1;

137

}

138

139

/* Create new GPGME data buffer from memory cryptotext */

140

rc = gpgme_data_new_from_mem(&dh_crypto, cryptotext, crypto_size,

141

0);

142

if (rc != GPG_ERR_NO_ERROR){

143

fprintf(stderr, "bad gpgme_data_new_from_mem: %s: %s\n",

144

gpgme_strsource(rc), gpgme_strerror(rc));

145

return -1;

146

}

147

148

/* Create new empty GPGME data buffer for the plaintext */

149

rc = gpgme_data_new(&dh_plain);

150

if (rc != GPG_ERR_NO_ERROR){

151

fprintf(stderr, "bad gpgme_data_new: %s: %s\n",

152

gpgme_strsource(rc), gpgme_strerror(rc));

153

gpgme_data_release(dh_crypto);

154

return -1;

155

}

156

157

/* Create new GPGME "context" */

158

rc = gpgme_new(&ctx);

159

if (rc != GPG_ERR_NO_ERROR){

160

fprintf(stderr, "bad gpgme_new: %s: %s\n",

161

gpgme_strsource(rc), gpgme_strerror(rc));

162

plaintext_length = -1;

163

goto decrypt_end;

164

}

165

166

/* Decrypt data from the cryptotext data buffer to the plaintext

167

data buffer */

168

rc = gpgme_op_decrypt(ctx, dh_crypto, dh_plain);

169

if (rc != GPG_ERR_NO_ERROR){

170

fprintf(stderr, "bad gpgme_op_decrypt: %s: %s\n",

171

gpgme_strsource(rc), gpgme_strerror(rc));

172

plaintext_length = -1;

173

goto decrypt_end;

174

}

175

176

if(debug){

177

fprintf(stderr, "Decryption of OpenPGP data succeeded\n");

178

}

179

180

if (debug){

181

gpgme_decrypt_result_t result;

182

result = gpgme_op_decrypt_result(ctx);

183

if (result == NULL){

184

fprintf(stderr, "gpgme_op_decrypt_result failed\n");

185

} else {

186

fprintf(stderr, "Unsupported algorithm: %s\n",

187

result->unsupported_algorithm);

188

fprintf(stderr, "Wrong key usage: %d\n",

189

result->wrong_key_usage);

190

if(result->file_name != NULL){

191

fprintf(stderr, "File name: %s\n", result->file_name);

192

}

193

gpgme_recipient_t recipient;

194

recipient = result->recipients;

195

if(recipient){

196

while(recipient != NULL){

197

fprintf(stderr, "Public key algorithm: %s\n",

198

gpgme_pubkey_algo_name(recipient->pubkey_algo));

199

fprintf(stderr, "Key ID: %s\n", recipient->keyid);

200

fprintf(stderr, "Secret key available: %s\n",

201

recipient->status == GPG_ERR_NO_SECKEY

202

? "No" : "Yes");

203

recipient = recipient->next;

204

}

205

}

206

}

207

}

208

209

/* Seek back to the beginning of the GPGME plaintext data buffer */

210

if (gpgme_data_seek(dh_plain, (off_t) 0, SEEK_SET) == -1){

211

perror("pgpme_data_seek");

212

plaintext_length = -1;

213

goto decrypt_end;

214

}

215

216

*plaintext = NULL;

217

while(true){

218

if (plaintext_length + BUFFER_SIZE > plaintext_capacity){

219

*plaintext = realloc(*plaintext,

220

(unsigned int)plaintext_capacity

221

+ BUFFER_SIZE);

222

if (*plaintext == NULL){

223

perror("realloc");

224

plaintext_length = -1;

225

goto decrypt_end;

226

}

227

plaintext_capacity += BUFFER_SIZE;

228

}

229

230

ret = gpgme_data_read(dh_plain, *plaintext + plaintext_length,

231

BUFFER_SIZE);

232

/* Print the data, if any */

233

if (ret == 0){

234

/* EOF */

235

break;

236

}

237

if(ret < 0){

238

perror("gpgme_data_read");

239

plaintext_length = -1;

240

goto decrypt_end;

241

}

242

plaintext_length += ret;

243

}

244

245

if(debug){

246

fprintf(stderr, "Decrypted password is: ");

247

for(size_t i = 0; i < plaintext_length; i++){

248

fprintf(stderr, "%02hhX ", (*plaintext)[i]);

249

}

250

fprintf(stderr, "\n");

251

}

252

253

decrypt_end:

254

255

/* Delete the GPGME cryptotext data buffer */

256

gpgme_data_release(dh_crypto);

257

258

/* Delete the GPGME plaintext data buffer */

259

gpgme_data_release(dh_plain);

260

return plaintext_length;

261

}

262

263

static const char * safer_gnutls_strerror (int value) {

264

const char *ret = gnutls_strerror (value);

265

if (ret == NULL)

266

ret = "(unknown)";

267

return ret;

268

}

269

270

static void debuggnutls(__attribute__((unused)) int level,

271

const char* string){

272

fprintf(stderr, "%s", string);

273

}

274

275

static int initgnutls(mandos_context *mc, gnutls_session_t *session,

276

gnutls_dh_params_t *dh_params){

277

const char *err;

278

int ret;

279

280

if(debug){

281

fprintf(stderr, "Initializing GnuTLS\n");

282

}

283

284

if ((ret = gnutls_global_init ())

285

!= GNUTLS_E_SUCCESS) {

286

fprintf (stderr, "global_init: %s\n", safer_gnutls_strerror(ret));

287

return -1;

288

}

289

290

if (debug){

291

gnutls_global_set_log_level(11);

292

gnutls_global_set_log_function(debuggnutls);

293

}

294

295

/* openpgp credentials */

296

if ((ret = gnutls_certificate_allocate_credentials (&mc->cred))

297

!= GNUTLS_E_SUCCESS) {

298

fprintf (stderr, "memory error: %s\n",

299

safer_gnutls_strerror(ret));

300

return -1;

301

}

302

303

if(debug){

304

fprintf(stderr, "Attempting to use OpenPGP certificate %s"

305

" and keyfile %s as GnuTLS credentials\n", pubkeyfile,

306

seckeyfile);

307

}

308

309

ret = gnutls_certificate_set_openpgp_key_file

310

(mc->cred, pubkeyfile, seckeyfile, GNUTLS_OPENPGP_FMT_BASE64);

311

if (ret != GNUTLS_E_SUCCESS) {

312

fprintf

313

(stderr, "Error[%d] while reading the OpenPGP key pair ('%s',"

314

" '%s')\n",

315

ret, pubkeyfile, seckeyfile);

316

fprintf(stdout, "The Error is: %s\n",

317

safer_gnutls_strerror(ret));

318

return -1;

319

}

320

321

//GnuTLS server initialization

322

if ((ret = gnutls_dh_params_init(dh_params))

323

!= GNUTLS_E_SUCCESS) {

324

fprintf (stderr, "Error in dh parameter initialization: %s\n",

325

safer_gnutls_strerror(ret));

326

return -1;

327

}

328

329

if ((ret = gnutls_dh_params_generate2(*dh_params, mc->dh_bits))

330

!= GNUTLS_E_SUCCESS) {

331

fprintf (stderr, "Error in prime generation: %s\n",

332

safer_gnutls_strerror(ret));

333

return -1;

334

}

335

336

gnutls_certificate_set_dh_params(mc->cred, *dh_params);

337

338

// GnuTLS session creation

339

if ((ret = gnutls_init(session, GNUTLS_SERVER))

340

!= GNUTLS_E_SUCCESS){

341

fprintf(stderr, "Error in GnuTLS session initialization: %s\n",

342

safer_gnutls_strerror(ret));

343

}

344

345

if ((ret = gnutls_priority_set_direct(*session, mc->priority, &err))

346

!= GNUTLS_E_SUCCESS) {

347

fprintf(stderr, "Syntax error at: %s\n", err);

348

fprintf(stderr, "GnuTLS error: %s\n",

349

safer_gnutls_strerror(ret));

350

return -1;

351

}

352

353

if ((ret = gnutls_credentials_set(*session, GNUTLS_CRD_CERTIFICATE,

354

mc->cred))

355

!= GNUTLS_E_SUCCESS) {

356

fprintf(stderr, "Error setting a credentials set: %s\n",

357

safer_gnutls_strerror(ret));

358

return -1;

359

}

360

361

/* ignore client certificate if any. */

362

gnutls_certificate_server_set_request (*session,

363

GNUTLS_CERT_IGNORE);

364

365

gnutls_dh_set_prime_bits (*session, mc->dh_bits);

366

367

return 0;

368

}

369

370

static void empty_log(__attribute__((unused)) AvahiLogLevel level,

371

__attribute__((unused)) const char *txt){}

372

373

static int start_mandos_communication(const char *ip, uint16_t port,

374

AvahiIfIndex if_index,

375

mandos_context *mc){

376

int ret, tcp_sd;

377

struct sockaddr_in6 to;

378

char *buffer = NULL;

379

char *decrypted_buffer;

380

size_t buffer_length = 0;

381

size_t buffer_capacity = 0;

382

ssize_t decrypted_buffer_size;

383

size_t written = 0;

384

int retval = 0;

385

char interface[IF_NAMESIZE];

386

gnutls_session_t session;

387

gnutls_dh_params_t dh_params;

388

389

if(debug){

390

fprintf(stderr, "Setting up a tcp connection to %s, port %d\n",

391

ip, port);

392

}

393

394

tcp_sd = socket(PF_INET6, SOCK_STREAM, 0);

395

if(tcp_sd < 0) {

396

perror("socket");

397

return -1;

398

}

399

400

if(debug){

401

if(if_indextoname((unsigned int)if_index, interface) == NULL){

402

perror("if_indextoname");

403

return -1;

404

}

405

fprintf(stderr, "Binding to interface %s\n", interface);

406

}

407

408

memset(&to,0,sizeof(to)); /* Spurious warning */

409

to.sin6_family = AF_INET6;

410

ret = inet_pton(AF_INET6, ip, &to.sin6_addr);

411

if (ret < 0 ){

412

perror("inet_pton");

413

return -1;

414

}

415

if(ret == 0){

416

fprintf(stderr, "Bad address: %s\n", ip);

417

return -1;

418

}

419

to.sin6_port = htons(port); /* Spurious warning */

420

421

to.sin6_scope_id = (uint32_t)if_index;

422

423

if(debug){

424

fprintf(stderr, "Connection to: %s, port %d\n", ip, port);

425

char addrstr[INET6_ADDRSTRLEN] = "";

426

if(inet_ntop(to.sin6_family, &(to.sin6_addr), addrstr,

427

sizeof(addrstr)) == NULL){

428

perror("inet_ntop");

429

} else {

430

if(strcmp(addrstr, ip) != 0){

431

fprintf(stderr, "Canonical address form: %s\n", addrstr);

432

}

433

}

434

}

435

436

ret = connect(tcp_sd, (struct sockaddr *) &to, sizeof(to));

437

if (ret < 0){

438

perror("connect");

439

return -1;

440

}

441

442

ret = initgnutls (mc, &session, &dh_params);

443

if (ret != 0){

444

retval = -1;

445

return -1;

446

}

447

448

gnutls_transport_set_ptr (session, (gnutls_transport_ptr_t) tcp_sd);

449

450

if(debug){

451

fprintf(stderr, "Establishing TLS session with %s\n", ip);

452

}

453

454

ret = gnutls_handshake (session);

455

456

if (ret != GNUTLS_E_SUCCESS){

457

if(debug){

458

fprintf(stderr, "\n*** Handshake failed ***\n");

459

gnutls_perror (ret);

460

}

461

retval = -1;

462

goto exit;

463

}

464

465

//Retrieve OpenPGP packet that contains the wanted password

466

467

if(debug){

468

fprintf(stderr, "Retrieving pgp encrypted password from %s\n",

469

ip);

470

}

471

472

while(true){

473

if (buffer_length + BUFFER_SIZE > buffer_capacity){

474

buffer = realloc(buffer, buffer_capacity + BUFFER_SIZE);

475

if (buffer == NULL){

476

perror("realloc");

477

goto exit;

478

}

479

buffer_capacity += BUFFER_SIZE;

480

}

481

482

ret = gnutls_record_recv(session, buffer+buffer_length,

483

BUFFER_SIZE);

484

if (ret == 0){

485

break;

486

}

487

if (ret < 0){

488

switch(ret){

489

case GNUTLS_E_INTERRUPTED:

490

case GNUTLS_E_AGAIN:

491

break;

492

case GNUTLS_E_REHANDSHAKE:

493

ret = gnutls_handshake (session);

494

if (ret < 0){

495

fprintf(stderr, "\n*** Handshake failed ***\n");

496

gnutls_perror (ret);

497

retval = -1;

498

goto exit;

499

}

500

break;

501

default:

502

fprintf(stderr, "Unknown error while reading data from"

503

" encrypted session with mandos server\n");

504

retval = -1;

505

gnutls_bye (session, GNUTLS_SHUT_RDWR);

506

goto exit;

507

}

508

} else {

509

buffer_length += (size_t) ret;

510

}

511

}

512

513

if (buffer_length > 0){

514

decrypted_buffer_size = pgp_packet_decrypt(buffer,

515

buffer_length,

516

&decrypted_buffer,

517

keydir);

518

if (decrypted_buffer_size >= 0){

519

while(written < (size_t) decrypted_buffer_size){

520

ret = (int)fwrite (decrypted_buffer + written, 1,

521

(size_t)decrypted_buffer_size - written,

522

stdout);

523

if(ret == 0 and ferror(stdout)){

524

if(debug){

525

fprintf(stderr, "Error writing encrypted data: %s\n",

526

strerror(errno));

527

}

528

retval = -1;

529

break;

530

}

531

written += (size_t)ret;

532

}

533

free(decrypted_buffer);

534

} else {

535

retval = -1;

536

}

537

}

538

539

//shutdown procedure

540

541

if(debug){

542

fprintf(stderr, "Closing TLS session\n");

543

}

544

545

free(buffer);

546

gnutls_bye (session, GNUTLS_SHUT_RDWR);

547

exit:

548

close(tcp_sd);

549

gnutls_deinit (session);

550

gnutls_certificate_free_credentials (mc->cred);

551

gnutls_global_deinit ();

552

return retval;

553

}

554

555

static void resolve_callback(AvahiSServiceResolver *r,

556

AvahiIfIndex interface,

557

AVAHI_GCC_UNUSED AvahiProtocol protocol,

558

AvahiResolverEvent event,

559

const char *name,

560

const char *type,

561

const char *domain,

562

const char *host_name,

563

const AvahiAddress *address,

564

uint16_t port,

565

AVAHI_GCC_UNUSED AvahiStringList *txt,

566

AVAHI_GCC_UNUSED AvahiLookupResultFlags

567

flags,

568

void* userdata) {

569

mandos_context *mc = userdata;

570

assert(r); /* Spurious warning */

571

572

/* Called whenever a service has been resolved successfully or

573

timed out */

574

575

switch (event) {

576

default:

577

case AVAHI_RESOLVER_FAILURE:

578

fprintf(stderr, "(Resolver) Failed to resolve service '%s' of"

579

" type '%s' in domain '%s': %s\n", name, type, domain,

580

avahi_strerror(avahi_server_errno(mc->server)));

581

break;

582

583

case AVAHI_RESOLVER_FOUND:

584

{

585

char ip[AVAHI_ADDRESS_STR_MAX];

586

avahi_address_snprint(ip, sizeof(ip), address);

587

if(debug){

588

fprintf(stderr, "Mandos server \"%s\" found on %s (%s) on"

589

" port %d\n", name, host_name, ip, port);

590

}

591

int ret = start_mandos_communication(ip, port, interface, mc);

592

if (ret == 0){

593

exit(EXIT_SUCCESS);

594

}

595

}

596

}

597

avahi_s_service_resolver_free(r);

598

}

599

600

static void browse_callback( AvahiSServiceBrowser *b,

601

AvahiIfIndex interface,

602

AvahiProtocol protocol,

603

AvahiBrowserEvent event,

604

const char *name,

605

const char *type,

606

const char *domain,

607

AVAHI_GCC_UNUSED AvahiLookupResultFlags

608

flags,

609

void* userdata) {

610

mandos_context *mc = userdata;

611

assert(b); /* Spurious warning */

612

613

/* Called whenever a new services becomes available on the LAN or

614

is removed from the LAN */

615

616

switch (event) {

617

default:

618

case AVAHI_BROWSER_FAILURE:

619

620

fprintf(stderr, "(Browser) %s\n",

621

avahi_strerror(avahi_server_errno(mc->server)));

622

avahi_simple_poll_quit(mc->simple_poll);

623

return;

624

625

case AVAHI_BROWSER_NEW:

626

/* We ignore the returned resolver object. In the callback

627

function we free it. If the server is terminated before

628

the callback function is called the server will free

629

the resolver for us. */

630

631

if (!(avahi_s_service_resolver_new(mc->server, interface,

632

protocol, name, type, domain,

633

AVAHI_PROTO_INET6, 0,

634

resolve_callback, mc)))

635

fprintf(stderr, "Failed to resolve service '%s': %s\n", name,

636

avahi_strerror(avahi_server_errno(mc->server)));

637

break;

638

639

case AVAHI_BROWSER_REMOVE:

640

break;

641

642

case AVAHI_BROWSER_ALL_FOR_NOW:

643

case AVAHI_BROWSER_CACHE_EXHAUSTED:

644

break;

645

}

646

}

647

648

/* Combines file name and path and returns the malloced new

649

string. some sane checks could/should be added */

650

static const char *combinepath(const char *first, const char *second){

651

size_t f_len = strlen(first);

652

size_t s_len = strlen(second);

653

char *tmp = malloc(f_len + s_len + 2);

654

if (tmp == NULL){

655

return NULL;

656

}

657

if(f_len > 0){

658

memcpy(tmp, first, f_len); /* Spurious warning */

659

}

660

tmp[f_len] = '/';

661

if(s_len > 0){

662

memcpy(tmp + f_len + 1, second, s_len); /* Spurious warning */

663

}

664

tmp[f_len + 1 + s_len] = '\0';

665

return tmp;

666

}

667

668

669

int main(AVAHI_GCC_UNUSED int argc, AVAHI_GCC_UNUSED char*argv[]) {

670

AvahiServerConfig config;

671

AvahiSServiceBrowser *sb = NULL;

672

int error;

673

int ret;

674

int debug_int;

675

int returncode = EXIT_SUCCESS;

676

const char *interface = "eth0";

677

struct ifreq network;

678

int sd;

679

char *connect_to = NULL;

680

AvahiIfIndex if_index = AVAHI_IF_UNSPEC;

681

mandos_context mc = { .simple_poll = NULL, .server = NULL,

682

.dh_bits = 1024, .priority = "SECURE256"};

683

684

debug_int = debug ? 1 : 0;

685

while (true){

686

struct option long_options[] = {

687

{"debug", no_argument, &debug_int, 1},

688

{"connect", required_argument, NULL, 'c'},

689

{"interface", required_argument, NULL, 'i'},

690

{"keydir", required_argument, NULL, 'd'},

691

{"seckey", required_argument, NULL, 's'},

692

{"pubkey", required_argument, NULL, 'p'},

693

{"dh-bits", required_argument, NULL, 'D'},

694

{"priority", required_argument, NULL, 'P'},

695

{0, 0, 0, 0} };

696

697

int option_index = 0;

698

ret = getopt_long (argc, argv, "i:", long_options,

699

&option_index);

700

701

if (ret == -1){

702

break;

703

}

704

705

switch(ret){

706

case 0:

707

break;

708

case 'i':

709

interface = optarg;

710

break;

711

case 'c':

712

connect_to = optarg;

713

break;

714

case 'd':

715

keydir = optarg;

716

break;

717

case 'p':

718

pubkeyfile = optarg;

719

break;

720

case 's':

721

seckeyfile = optarg;

722

break;

723

case 'D':

724

errno = 0;

725

mc.dh_bits = (unsigned int) strtol(optarg, NULL, 10);

726

if (errno){

727

perror("strtol");

728

exit(EXIT_FAILURE);

729

}

730

break;

731

case 'P':

732

mc.priority = optarg;

733

break;

734

case '?':

735

default:

736

exit(EXIT_FAILURE);

737

}

738

}

739

debug = debug_int ? true : false;

740

741

pubkeyfile = combinepath(keydir, pubkeyfile);

742

if (pubkeyfile == NULL){

743

perror("combinepath");

744

returncode = EXIT_FAILURE;

745

goto exit;

746

}

747

748

seckeyfile = combinepath(keydir, seckeyfile);

749

if (seckeyfile == NULL){

750

perror("combinepath");

751

goto exit;

752

}

753

754

if_index = (AvahiIfIndex) if_nametoindex(interface);

755

if(if_index == 0){

756

fprintf(stderr, "No such interface: \"%s\"\n", interface);

757

exit(EXIT_FAILURE);

758

}

759

760

if(connect_to != NULL){

761

/* Connect directly, do not use Zeroconf */

762

/* (Mainly meant for debugging) */

763

char *address = strrchr(connect_to, ':');

764

if(address == NULL){

765

fprintf(stderr, "No colon in address\n");

766

exit(EXIT_FAILURE);

767

}

768

errno = 0;

769

uint16_t port = (uint16_t) strtol(address+1, NULL, 10);

770

if(errno){

771

perror("Bad port number");

772

exit(EXIT_FAILURE);

773

}

774

*address = '\0';

775

address = connect_to;

776

ret = start_mandos_communication(address, port, if_index, &mc);

777

if(ret < 0){

778

exit(EXIT_FAILURE);

779

} else {

780

exit(EXIT_SUCCESS);

781

}

782

}

783

784

sd = socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP);

785

if(sd < 0) {

786

perror("socket");

787

returncode = EXIT_FAILURE;

788

goto exit;

789

}

790

strcpy(network.ifr_name, interface); /* Spurious warning */

791

ret = ioctl(sd, SIOCGIFFLAGS, &network);

792

if(ret == -1){

793

794

perror("ioctl SIOCGIFFLAGS");

795

returncode = EXIT_FAILURE;

796

goto exit;

797

}

798

if((network.ifr_flags & IFF_UP) == 0){

799

network.ifr_flags |= IFF_UP;

800

ret = ioctl(sd, SIOCSIFFLAGS, &network);

801

if(ret == -1){

802

perror("ioctl SIOCSIFFLAGS");

803

returncode = EXIT_FAILURE;

804

goto exit;

805

}

806

}

807

close(sd);

808

809

if (not debug){

810

avahi_set_log_function(empty_log);

811

}

812

813

/* Initialize the psuedo-RNG */

814

srand((unsigned int) time(NULL));

815

816

/* Allocate main loop object */

817

if (!(mc.simple_poll = avahi_simple_poll_new())) {

818

fprintf(stderr, "Failed to create simple poll object.\n");

819

returncode = EXIT_FAILURE;

820

goto exit;

821

}

822

823

/* Do not publish any local records */

824

avahi_server_config_init(&config);

825

config.publish_hinfo = 0;

826

config.publish_addresses = 0;

827

config.publish_workstation = 0;

828

config.publish_domain = 0;

829

830

/* Allocate a new server */

831

mc.server=avahi_server_new(avahi_simple_poll_get(mc.simple_poll),

832

&config, NULL, NULL, &error);

833

834

/* Free the configuration data */

835

avahi_server_config_free(&config);

836

837

/* Check if creating the server object succeeded */

838

if (!mc.server) {

839

fprintf(stderr, "Failed to create server: %s\n",

840

avahi_strerror(error));

841

returncode = EXIT_FAILURE;

842

goto exit;

843

}

844

845

/* Create the service browser */

846

sb = avahi_s_service_browser_new(mc.server, if_index,

847

AVAHI_PROTO_INET6,

848

"_mandos._tcp", NULL, 0,

849

browse_callback, &mc);

850

if (!sb) {

851

fprintf(stderr, "Failed to create service browser: %s\n",

852

avahi_strerror(avahi_server_errno(mc.server)));

853

returncode = EXIT_FAILURE;

854

goto exit;

855

}

856

857

/* Run the main loop */

858

859

if (debug){

860

fprintf(stderr, "Starting avahi loop search\n");

861

}

862

863

avahi_simple_poll_loop(mc.simple_poll);

864

865

exit:

866

867

if (debug){

868

fprintf(stderr, "%s exiting\n", argv[0]);

869

}

870

871

/* Cleanup things */

872

if (sb)

873

avahi_s_service_browser_free(sb);

874

875

if (mc.server)

876

avahi_server_free(mc.server);

877

878

if (mc.simple_poll)

879

avahi_simple_poll_free(mc.simple_poll);

880

free(pubkeyfile);

881

free(seckeyfile);

882

883

return returncode;

884

}

Older »