/mandos/trunk : revision 74

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to plugins.d/password-request.c

Committer: Teddy Hogeborn
Date: 2008-08-14 02:24:59 UTC
Revision ID: teddy@fukt.bsnet.se-20080814022459-rq3jt4q409l3qbj3

* Makefile (PREFIX, CONFDIR): New.

* initramfs-tools-hook: Search for Mandos in /usr/local as well as in
                        /usr.  Also copy plugin-runner.  Also chmod
                        the config dir.
  (DESTCONFDIR): Removed.
  (MANDOSDIR): New.
  (PLUGINDIR): Changed to "${MANDOSDIR}/plugins.d".

* initramfs-tools-script: New.

* mandos-client.c: Renamed to "plugin-runner.c".  All references
                   changed.
  (plugindir): Changed to "/lib/mandos/plugins.d".

* plugins.d/usplash: New.

files added:
initramfs-tools-hook

initramfs-tools-hook-conf

initramfs-tools-script

mandos-clients.conf.xml

mandos-keygen

mandos.conf

mandos.conf.xml

mandos.xml

network-protocol.txt

plugin-runner.xml

plugins.d/password-prompt.xml

plugins.d/password-request.xml

plugins.d/usplash

files removed:
ca.pem

cert.pem

client-cert.pem

client-key.pem

crl.pem

key.pem

files renamed:
mandos-clients.conf => clients.conf

server.py => mandos

plugbasedclient.c => plugin-runner.c

plugins.d/passprompt.c => plugins.d/password-prompt.c

plugins.d/mandosclient.c => plugins.d/password-request.c

files modified:
Makefile

TODO

Show diffs side-by-side

added added

removed removed

plugins.d/password-request.c

* includes the following functions: "resolve_callback",

* "browse_callback", and parts of "main".

* Påhlsson.

* Everything else is

* This program is free software: you can redistribute it and/or

* modify it under the terms of the GNU General Public License as

* along with this program. If not, see

* <http://www.gnu.org/licenses/>.

* Contact the authors at <https://www.fukt.bsnet.se/~belorn/> and

* <https://www.fukt.bsnet.se/~teddy/>.

* Contact the authors at <mandos@fukt.bsnet.se>.

#define _FORTIFY_SOURCE 2

/* Needed by GPGME, specifically gpgme_data_seek() */

#define _LARGEFILE_SOURCE

#define _FILE_OFFSET_BITS 64

#include <stdio.h>

#include <assert.h>

#include <stdlib.h>

#include <time.h>

#include <net/if.h> /* if_nametoindex */

#include <sys/ioctl.h> // ioctl, ifreq, SIOCGIFFLAGS, IFF_UP, SIOCSIFFLAGS

#include <net/if.h> // ioctl, ifreq, SIOCGIFFLAGS, IFF_UP, SIOCSIFFLAGS

#define _GNU_SOURCE /* TEMP_FAILURE_RETRY() */

#include <stdio.h> /* fprintf(), stderr, fwrite(), stdout,

ferror() */

#include <stdint.h> /* uint16_t, uint32_t */

#include <stddef.h> /* NULL, size_t, ssize_t */

#include <stdlib.h> /* free(), EXIT_SUCCESS, EXIT_FAILURE,

srand() */

#include <stdbool.h> /* bool, true */

#include <string.h> /* memset(), strcmp(), strlen(),

strerror(), memcpy(), strcpy() */

#include <sys/ioctl.h> /* ioctl */

#include <sys/types.h> /* socket(), inet_pton(), sockaddr,

sockaddr_in6, PF_INET6,

SOCK_STREAM, INET6_ADDRSTRLEN,

uid_t, gid_t */

#include <inttypes.h> /* PRIu16 */

#include <sys/socket.h> /* socket(), struct sockaddr_in6,

struct in6_addr, inet_pton(),

connect() */

#include <assert.h> /* assert() */

#include <errno.h> /* perror(), errno */

#include <time.h> /* time() */

#include <net/if.h> /* ioctl, ifreq, SIOCGIFFLAGS, IFF_UP,

SIOCSIFFLAGS, if_indextoname(),

if_nametoindex(), IF_NAMESIZE */

#include <unistd.h> /* close(), SEEK_SET, off_t, write(),

getuid(), getgid(), setuid(),

setgid() */

#include <netinet/in.h>

#include <arpa/inet.h> /* inet_pton(), htons */

#include <iso646.h> /* not, and */

#include <argp.h> /* struct argp_option, error_t, struct

argp_state, struct argp,

argp_parse(), ARGP_KEY_ARG,

ARGP_KEY_END, ARGP_ERR_UNKNOWN */

/* Avahi */

/* All Avahi types, constants and functions

Avahi*, avahi_*,

AVAHI_* */

#include <avahi-core/core.h>

#include <avahi-core/lookup.h>

#include <avahi-core/log.h>

#include <avahi-common/malloc.h>

#include <avahi-common/error.h>

//mandos client part

#include <sys/types.h> /* socket(), inet_pton() */

#include <sys/socket.h> /* socket(), struct sockaddr_in6,

struct in6_addr, inet_pton() */

#include <gnutls/gnutls.h> /* All GnuTLS stuff */

#include <gnutls/openpgp.h> /* GnuTLS with openpgp stuff */

#include <unistd.h> /* close() */

#include <netinet/in.h>

#include <stdbool.h> /* true */

#include <string.h> /* memset */

#include <arpa/inet.h> /* inet_pton() */

#include <iso646.h> /* not */

// gpgme

#include <errno.h> /* perror() */

#include <gpgme.h>

// getopt long

#include <getopt.h>

/* GnuTLS */

#include <gnutls/gnutls.h> /* All GnuTLS types, constants and functions

gnutls_*

init_gnutls_session(),

GNUTLS_* */

#include <gnutls/openpgp.h> /* gnutls_certificate_set_openpgp_key_file(),

GNUTLS_OPENPGP_FMT_BASE64 */

/* GPGME */

#include <gpgme.h> /* All GPGME types, constants and functions

gpgme_*

GPGME_PROTOCOL_OpenPGP,

GPG_ERR_NO_* */

#define BUFFER_SIZE 256

#define DH_BITS 1024

const char *certdir = "/conf/conf.d/cryptkeyreq/";

const char *certfile = "openpgp-client.txt";

const char *certkey = "openpgp-client-key.txt";

bool debug = false;

100

static const char *keydir = "/conf/conf.d/mandos";

101

static const char mandos_protocol_version[] = "1";

102

const char *argp_program_version = "password-request 1.0";

103

const char *argp_program_bug_address = "<mandos@fukt.bsnet.se>";

104

105

/* Used for passing in values through the Avahi callback functions */

106

typedef struct {

gnutls_session_t session;

107

AvahiSimplePoll *simple_poll;

108

AvahiServer *server;

109

gnutls_certificate_credentials_t cred;

110

unsigned int dh_bits;

111

gnutls_dh_params_t dh_params;

} encrypted_session;

ssize_t pgp_packet_decrypt (char *packet, size_t packet_size,

char **new_packet, const char *homedir){

112

const char *priority;

113

} mandos_context;

114

115

116

* Make room in "buffer" for at least BUFFER_SIZE additional bytes.

117

* "buffer_capacity" is how much is currently allocated,

118

* "buffer_length" is how much is already used.

119

120

size_t adjustbuffer(char **buffer, size_t buffer_length,

121

size_t buffer_capacity){

122

if (buffer_length + BUFFER_SIZE > buffer_capacity){

123

*buffer = realloc(*buffer, buffer_capacity + BUFFER_SIZE);

124

if (buffer == NULL){

125

return 0;

126

}

127

buffer_capacity += BUFFER_SIZE;

128

}

129

return buffer_capacity;

130

}

131

132

133

* Decrypt OpenPGP data using keyrings in HOMEDIR.

134

* Returns -1 on error

135

136

static ssize_t pgp_packet_decrypt (const char *cryptotext,

137

size_t crypto_size,

138

char **plaintext,

139

const char *homedir){

140

gpgme_data_t dh_crypto, dh_plain;

141

gpgme_ctx_t ctx;

142

gpgme_error_t rc;

143

ssize_t ret;

ssize_t new_packet_capacity = 0;

ssize_t new_packet_length = 0;

144

size_t plaintext_capacity = 0;

145

ssize_t plaintext_length = 0;

146

gpgme_engine_info_t engine_info;

147

148

if (debug){

100

fprintf(stderr, "Trying to decrypt OpenPGP packet\n");

149

fprintf(stderr, "Trying to decrypt OpenPGP data\n");

101

150

}

102

151

103

152

/* Init GPGME */

109

158

return -1;

110

159

}

111

160

112

/* Set GPGME home directory */

161

/* Set GPGME home directory for the OpenPGP engine only */

113

162

rc = gpgme_get_engine_info (&engine_info);

114

163

if (rc != GPG_ERR_NO_ERROR){

115

164

fprintf(stderr, "bad gpgme_get_engine_info: %s: %s\n",

125

174

engine_info = engine_info->next;

126

175

}

127

176

if(engine_info == NULL){

128

fprintf(stderr, "Could not set home dir to %s\n", homedir);

177

fprintf(stderr, "Could not set GPGME home dir to %s\n", homedir);

129

178

return -1;

130

179

}

131

180

132

/* Create new GPGME data buffer from packet buffer */

133

rc = gpgme_data_new_from_mem(&dh_crypto, packet, packet_size, 0);

181

/* Create new GPGME data buffer from memory cryptotext */

182

rc = gpgme_data_new_from_mem(&dh_crypto, cryptotext, crypto_size,

183

0);

134

184

if (rc != GPG_ERR_NO_ERROR){

135

185

fprintf(stderr, "bad gpgme_data_new_from_mem: %s: %s\n",

136

186

gpgme_strsource(rc), gpgme_strerror(rc));

142

192

if (rc != GPG_ERR_NO_ERROR){

143

193

fprintf(stderr, "bad gpgme_data_new: %s: %s\n",

144

194

gpgme_strsource(rc), gpgme_strerror(rc));

195

gpgme_data_release(dh_crypto);

145

196

return -1;

146

197

}

147

198

150

201

if (rc != GPG_ERR_NO_ERROR){

151

202

fprintf(stderr, "bad gpgme_new: %s: %s\n",

152

203

gpgme_strsource(rc), gpgme_strerror(rc));

153

return -1;

204

plaintext_length = -1;

205

goto decrypt_end;

154

206

}

155

207

156

/* Decrypt data from the FILE pointer to the plaintext data

157

buffer */

208

/* Decrypt data from the cryptotext data buffer to the plaintext

209

data buffer */

158

210

rc = gpgme_op_decrypt(ctx, dh_crypto, dh_plain);

159

211

if (rc != GPG_ERR_NO_ERROR){

160

212

fprintf(stderr, "bad gpgme_op_decrypt: %s: %s\n",

161

213

gpgme_strsource(rc), gpgme_strerror(rc));

162

return -1;

214

plaintext_length = -1;

215

goto decrypt_end;

163

216

}

164

217

165

218

if(debug){

166

fprintf(stderr, "Decryption of OpenPGP packet succeeded\n");

219

fprintf(stderr, "Decryption of OpenPGP data succeeded\n");

167

220

}

168

221

169

222

if (debug){

170

223

gpgme_decrypt_result_t result;

171

224

result = gpgme_op_decrypt_result(ctx);

174

227

} else {

175

228

fprintf(stderr, "Unsupported algorithm: %s\n",

176

229

result->unsupported_algorithm);

177

fprintf(stderr, "Wrong key usage: %d\n",

230

fprintf(stderr, "Wrong key usage: %u\n",

178

231

result->wrong_key_usage);

179

232

if(result->file_name != NULL){

180

233

fprintf(stderr, "File name: %s\n", result->file_name);

195

248

}

196

249

}

197

250

198

/* Delete the GPGME FILE pointer cryptotext data buffer */

199

gpgme_data_release(dh_crypto);

200

201

251

/* Seek back to the beginning of the GPGME plaintext data buffer */

202

252

if (gpgme_data_seek(dh_plain, (off_t) 0, SEEK_SET) == -1){

203

253

perror("pgpme_data_seek");

254

plaintext_length = -1;

255

goto decrypt_end;

204

256

}

205

257

206

*new_packet = 0;

258

*plaintext = NULL;

207

259

while(true){

208

if (new_packet_length + BUFFER_SIZE > new_packet_capacity){

209

*new_packet = realloc(*new_packet,

210

(unsigned int)new_packet_capacity

211

+ BUFFER_SIZE);

212

if (*new_packet == NULL){

213

perror("realloc");

214

return -1;

215

}

216

new_packet_capacity += BUFFER_SIZE;

260

plaintext_capacity = adjustbuffer(plaintext,

261

(size_t)plaintext_length,

262

plaintext_capacity);

263

if (plaintext_capacity == 0){

264

perror("adjustbuffer");

265

plaintext_length = -1;

266

goto decrypt_end;

217

267

}

218

268

219

ret = gpgme_data_read(dh_plain, *new_packet + new_packet_length,

269

ret = gpgme_data_read(dh_plain, *plaintext + plaintext_length,

220

270

BUFFER_SIZE);

221

271

/* Print the data, if any */

222

272

if (ret == 0){

273

/* EOF */

223

274

break;

224

275

}

225

276

if(ret < 0){

226

277

perror("gpgme_data_read");

227

return -1;

278

plaintext_length = -1;

279

goto decrypt_end;

228

280

}

229

new_packet_length += ret;

281

plaintext_length += ret;

230

282

}

231

283

232

/* FIXME: check characters before printing to screen so to not print

233

terminal control characters */

234

/* if(debug){ */

235

/* fprintf(stderr, "decrypted password is: "); */

236

/* fwrite(*new_packet, 1, new_packet_length, stderr); */

237

/* fprintf(stderr, "\n"); */

238

/* } */

284

if(debug){

285

fprintf(stderr, "Decrypted password is: ");

286

for(ssize_t i = 0; i < plaintext_length; i++){

287

fprintf(stderr, "%02hhX ", (*plaintext)[i]);

288

}

289

fprintf(stderr, "\n");

290

}

291

292

decrypt_end:

293

294

/* Delete the GPGME cryptotext data buffer */

295

gpgme_data_release(dh_crypto);

239

296

240

297

/* Delete the GPGME plaintext data buffer */

241

298

gpgme_data_release(dh_plain);

242

return new_packet_length;

299

return plaintext_length;

243

300

}

244

301

245

302

static const char * safer_gnutls_strerror (int value) {

249

306

return ret;

250

307

}

251

308

252

void debuggnutls(__attribute__((unused)) int level,

253

const char* string){

254

fprintf(stderr, "%s", string);

309

/* GnuTLS log function callback */

310

static void debuggnutls(__attribute__((unused)) int level,

311

const char* string){

312

fprintf(stderr, "GnuTLS: %s", string);

255

313

}

256

314

257

int initgnutls(encrypted_session *es){

258

const char *err;

315

static int init_gnutls_global(mandos_context *mc,

316

const char *pubkeyfile,

317

const char *seckeyfile){

259

318

int ret;

260

319

261

320

if(debug){

262

321

fprintf(stderr, "Initializing GnuTLS\n");

263

322

}

264

265

if ((ret = gnutls_global_init ())

266

!= GNUTLS_E_SUCCESS) {

267

fprintf (stderr, "global_init: %s\n", safer_gnutls_strerror(ret));

323

324

ret = gnutls_global_init();

325

if (ret != GNUTLS_E_SUCCESS) {

326

fprintf (stderr, "GnuTLS global_init: %s\n",

327

safer_gnutls_strerror(ret));

268

328

return -1;

269

329

}

270

330

271

331

if (debug){

332

/* "Use a log level over 10 to enable all debugging options."

333

* - GnuTLS manual

334

272

335

gnutls_global_set_log_level(11);

273

336

gnutls_global_set_log_function(debuggnutls);

274

337

}

275

338

276

/* openpgp credentials */

277

if ((ret = gnutls_certificate_allocate_credentials (&es->cred))

278

!= GNUTLS_E_SUCCESS) {

279

fprintf (stderr, "memory error: %s\n",

339

/* OpenPGP credentials */

340

gnutls_certificate_allocate_credentials(&mc->cred);

341

if (ret != GNUTLS_E_SUCCESS){

342

fprintf (stderr, "GnuTLS memory error: %s\n",

280

343

safer_gnutls_strerror(ret));

344

gnutls_global_deinit ();

281

345

return -1;

282

346

}

283

347

284

348

if(debug){

285

349

fprintf(stderr, "Attempting to use OpenPGP certificate %s"

286

" and keyfile %s as GnuTLS credentials\n", certfile,

287

certkey);

350

" and keyfile %s as GnuTLS credentials\n", pubkeyfile,

351

seckeyfile);

288

352

}

289

353

290

354

ret = gnutls_certificate_set_openpgp_key_file

291

(es->cred, certfile, certkey, GNUTLS_OPENPGP_FMT_BASE64);

355

(mc->cred, pubkeyfile, seckeyfile, GNUTLS_OPENPGP_FMT_BASE64);

292

356

if (ret != GNUTLS_E_SUCCESS) {

293

fprintf

294

(stderr, "Error[%d] while reading the OpenPGP key pair ('%s',"

295

" '%s')\n",

296

ret, certfile, certkey);

297

fprintf(stdout, "The Error is: %s\n",

357

fprintf(stderr,

358

"Error[%d] while reading the OpenPGP key pair ('%s',"

359

" '%s')\n", ret, pubkeyfile, seckeyfile);

360

fprintf(stdout, "The GnuTLS error is: %s\n",

298

361

safer_gnutls_strerror(ret));

299

return -1;

300

}

301

302

//GnuTLS server initialization

303

if ((ret = gnutls_dh_params_init (&es->dh_params))

304

!= GNUTLS_E_SUCCESS) {

305

fprintf (stderr, "Error in dh parameter initialization: %s\n",

306

safer_gnutls_strerror(ret));

307

return -1;

308

}

309

310

if ((ret = gnutls_dh_params_generate2 (es->dh_params, DH_BITS))

311

!= GNUTLS_E_SUCCESS) {

312

fprintf (stderr, "Error in prime generation: %s\n",

313

safer_gnutls_strerror(ret));

314

return -1;

315

}

316

317

gnutls_certificate_set_dh_params (es->cred, es->dh_params);

318

319

// GnuTLS session creation

320

if ((ret = gnutls_init (&es->session, GNUTLS_SERVER))

321

!= GNUTLS_E_SUCCESS){

362

goto globalfail;

363

}

364

365

/* GnuTLS server initialization */

366

ret = gnutls_dh_params_init(&mc->dh_params);

367

if (ret != GNUTLS_E_SUCCESS) {

368

fprintf (stderr, "Error in GnuTLS DH parameter initialization:"

369

" %s\n", safer_gnutls_strerror(ret));

370

goto globalfail;

371

}

372

ret = gnutls_dh_params_generate2(mc->dh_params, mc->dh_bits);

373

if (ret != GNUTLS_E_SUCCESS) {

374

fprintf (stderr, "Error in GnuTLS prime generation: %s\n",

375

safer_gnutls_strerror(ret));

376

goto globalfail;

377

}

378

379

gnutls_certificate_set_dh_params(mc->cred, mc->dh_params);

380

381

return 0;

382

383

globalfail:

384

385

gnutls_certificate_free_credentials(mc->cred);

386

gnutls_global_deinit();

387

return -1;

388

389

}

390

391

static int init_gnutls_session(mandos_context *mc,

392

gnutls_session_t *session){

393

int ret;

394

/* GnuTLS session creation */

395

ret = gnutls_init(session, GNUTLS_SERVER);

396

if (ret != GNUTLS_E_SUCCESS){

322

397

fprintf(stderr, "Error in GnuTLS session initialization: %s\n",

323

398

safer_gnutls_strerror(ret));

324

399

}

325

400

326

if ((ret = gnutls_priority_set_direct (es->session, "NORMAL", &err))

327

!= GNUTLS_E_SUCCESS) {

328

fprintf(stderr, "Syntax error at: %s\n", err);

329

fprintf(stderr, "GnuTLS error: %s\n",

330

safer_gnutls_strerror(ret));

331

return -1;

401

{

402

const char *err;

403

ret = gnutls_priority_set_direct(*session, mc->priority, &err);

404

if (ret != GNUTLS_E_SUCCESS) {

405

fprintf(stderr, "Syntax error at: %s\n", err);

406

fprintf(stderr, "GnuTLS error: %s\n",

407

safer_gnutls_strerror(ret));

408

gnutls_deinit (*session);

409

return -1;

410

}

332

411

}

333

412

334

if ((ret = gnutls_credentials_set

335

(es->session, GNUTLS_CRD_CERTIFICATE, es->cred))

336

!= GNUTLS_E_SUCCESS) {

337

fprintf(stderr, "Error setting a credentials set: %s\n",

413

ret = gnutls_credentials_set(*session, GNUTLS_CRD_CERTIFICATE,

414

mc->cred);

415

if (ret != GNUTLS_E_SUCCESS) {

416

fprintf(stderr, "Error setting GnuTLS credentials: %s\n",

338

417

safer_gnutls_strerror(ret));

418

gnutls_deinit (*session);

339

419

return -1;

340

420

}

341

421

342

422

/* ignore client certificate if any. */

343

gnutls_certificate_server_set_request (es->session,

423

gnutls_certificate_server_set_request (*session,

344

424

GNUTLS_CERT_IGNORE);

345

425

346

gnutls_dh_set_prime_bits (es->session, DH_BITS);

426

gnutls_dh_set_prime_bits (*session, mc->dh_bits);

347

427

348

428

return 0;

349

429

}

350

430

351

void empty_log(__attribute__((unused)) AvahiLogLevel level,

352

__attribute__((unused)) const char *txt){}

431

/* Avahi log function callback */

432

static void empty_log(__attribute__((unused)) AvahiLogLevel level,

433

__attribute__((unused)) const char *txt){}

353

434

354

int start_mandos_communication(const char *ip, uint16_t port,

355

unsigned int if_index){

435

/* Called when a Mandos server is found */

436

static int start_mandos_communication(const char *ip, uint16_t port,

437

AvahiIfIndex if_index,

438

mandos_context *mc){

356

439

int ret, tcp_sd;

357

struct sockaddr_in6 to;

358

encrypted_session es;

440

union { struct sockaddr in; struct sockaddr_in6 in6; } to;

359

441

char *buffer = NULL;

360

442

char *decrypted_buffer;

361

443

size_t buffer_length = 0;

362

444

size_t buffer_capacity = 0;

363

445

ssize_t decrypted_buffer_size;

364

size_t written = 0;

446

size_t written;

365

447

int retval = 0;

366

448

char interface[IF_NAMESIZE];

449

gnutls_session_t session;

450

451

ret = init_gnutls_session (mc, &session);

452

if (ret != 0){

453

return -1;

454

}

367

455

368

456

if(debug){

369

fprintf(stderr, "Setting up a tcp connection to %s\n", ip);

457

fprintf(stderr, "Setting up a tcp connection to %s, port %" PRIu16

458

"\n", ip, port);

370

459

}

371

460

372

461

tcp_sd = socket(PF_INET6, SOCK_STREAM, 0);

376

465

}

377

466

378

467

if(debug){

379

if(if_indextoname(if_index, interface) == NULL){

380

if(debug){

381

perror("if_indextoname");

382

}

468

if(if_indextoname((unsigned int)if_index, interface) == NULL){

469

perror("if_indextoname");

383

470

return -1;

384

471

}

385

386

472

fprintf(stderr, "Binding to interface %s\n", interface);

387

473

}

388

474

389

475

memset(&to,0,sizeof(to)); /* Spurious warning */

390

to.sin6_family = AF_INET6;

391

ret = inet_pton(AF_INET6, ip, &to.sin6_addr);

476

to.in6.sin6_family = AF_INET6;

477

/* It would be nice to have a way to detect if we were passed an

478

IPv4 address here. Now we assume an IPv6 address. */

479

ret = inet_pton(AF_INET6, ip, &to.in6.sin6_addr);

392

480

if (ret < 0 ){

393

481

perror("inet_pton");

394

482

return -1;

395

}

483

}

396

484

if(ret == 0){

397

485

fprintf(stderr, "Bad address: %s\n", ip);

398

486

return -1;

399

487

}

400

to.sin6_port = htons(port); /* Spurious warning */

488

to.in6.sin6_port = htons(port); /* Spurious warning */

401

489

402

to.sin6_scope_id = (uint32_t)if_index;

490

to.in6.sin6_scope_id = (uint32_t)if_index;

403

491

404

492

if(debug){

405

fprintf(stderr, "Connection to: %s\n", ip);

493

fprintf(stderr, "Connection to: %s, port %" PRIu16 "\n", ip,

494

port);

495

char addrstr[INET6_ADDRSTRLEN] = "";

496

if(inet_ntop(to.in6.sin6_family, &(to.in6.sin6_addr), addrstr,

497

sizeof(addrstr)) == NULL){

498

perror("inet_ntop");

499

} else {

500

if(strcmp(addrstr, ip) != 0){

501

fprintf(stderr, "Canonical address form: %s\n", addrstr);

502

}

503

}

406

504

}

407

505

408

ret = connect(tcp_sd, (struct sockaddr *) &to, sizeof(to));

506

ret = connect(tcp_sd, &to.in, sizeof(to));

409

507

if (ret < 0){

410

508

perror("connect");

411

509

return -1;

412

510

}

413

414

ret = initgnutls (&es);

415

if (ret != 0){

416

retval = -1;

417

return -1;

511

512

const char *out = mandos_protocol_version;

513

written = 0;

514

while (true){

515

size_t out_size = strlen(out);

516

ret = TEMP_FAILURE_RETRY(write(tcp_sd, out + written,

517

out_size - written));

518

if (ret == -1){

519

perror("write");

520

retval = -1;

521

goto mandos_end;

522

}

523

written += (size_t)ret;

524

if(written < out_size){

525

continue;

526

} else {

527

if (out == mandos_protocol_version){

528

written = 0;

529

out = "\r\n";

530

} else {

531

break;

532

}

533

}

418

534

}

419

420

gnutls_transport_set_ptr (es.session,

421

(gnutls_transport_ptr_t) tcp_sd);

422

535

423

536

if(debug){

424

537

fprintf(stderr, "Establishing TLS session with %s\n", ip);

425

538

}

426

539

427

ret = gnutls_handshake (es.session);

540

gnutls_transport_set_ptr (session, (gnutls_transport_ptr_t) tcp_sd);

541

542

do{

543

ret = gnutls_handshake (session);

544

} while(ret == GNUTLS_E_AGAIN or ret == GNUTLS_E_INTERRUPTED);

428

545

429

546

if (ret != GNUTLS_E_SUCCESS){

430

547

if(debug){

431

fprintf(stderr, "\n*** Handshake failed ***\n");

548

fprintf(stderr, "*** GnuTLS Handshake failed ***\n");

432

549

gnutls_perror (ret);

433

550

}

434

551

retval = -1;

435

goto exit;

552

goto mandos_end;

436

553

}

437

554

438

//Retrieve OpenPGP packet that contains the wanted password

555

/* Read OpenPGP packet that contains the wanted password */

439

556

440

557

if(debug){

441

558

fprintf(stderr, "Retrieving pgp encrypted password from %s\n",

443

560

}

444

561

445

562

while(true){

446

if (buffer_length + BUFFER_SIZE > buffer_capacity){

447

buffer = realloc(buffer, buffer_capacity + BUFFER_SIZE);

448

if (buffer == NULL){

449

perror("realloc");

450

goto exit;

451

}

452

buffer_capacity += BUFFER_SIZE;

563

buffer_capacity = adjustbuffer(&buffer, buffer_length,

564

buffer_capacity);

565

if (buffer_capacity == 0){

566

perror("adjustbuffer");

567

retval = -1;

568

goto mandos_end;

453

569

}

454

570

455

ret = gnutls_record_recv

456

(es.session, buffer+buffer_length, BUFFER_SIZE);

571

ret = gnutls_record_recv(session, buffer+buffer_length,

572

BUFFER_SIZE);

457

573

if (ret == 0){

458

574

break;

459

575

}

463

579

case GNUTLS_E_AGAIN:

464

580

break;

465

581

case GNUTLS_E_REHANDSHAKE:

466

ret = gnutls_handshake (es.session);

582

do{

583

ret = gnutls_handshake (session);

584

} while(ret == GNUTLS_E_AGAIN or ret == GNUTLS_E_INTERRUPTED);

467

585

if (ret < 0){

468

fprintf(stderr, "\n*** Handshake failed ***\n");

586

fprintf(stderr, "*** GnuTLS Re-handshake failed ***\n");

469

587

gnutls_perror (ret);

470

588

retval = -1;

471

goto exit;

589

goto mandos_end;

472

590

}

473

591

break;

474

592

default:

475

593

fprintf(stderr, "Unknown error while reading data from"

476

" encrypted session with mandos server\n");

594

" encrypted session with Mandos server\n");

477

595

retval = -1;

478

gnutls_bye (es.session, GNUTLS_SHUT_RDWR);

479

goto exit;

596

gnutls_bye (session, GNUTLS_SHUT_RDWR);

597

goto mandos_end;

480

598

}

481

599

} else {

482

600

buffer_length += (size_t) ret;

483

601

}

484

602

}

485

603

604

if(debug){

605

fprintf(stderr, "Closing TLS session\n");

606

}

607

608

gnutls_bye (session, GNUTLS_SHUT_RDWR);

609

486

610

if (buffer_length > 0){

487

611

decrypted_buffer_size = pgp_packet_decrypt(buffer,

488

612

buffer_length,

489

613

&decrypted_buffer,

490

certdir);

614

keydir);

491

615

if (decrypted_buffer_size >= 0){

492

while(written < (size_t)decrypted_buffer_size){

616

written = 0;

617

while(written < (size_t) decrypted_buffer_size){

493

618

ret = (int)fwrite (decrypted_buffer + written, 1,

494

619

(size_t)decrypted_buffer_size - written,

495

620

stdout);

508

633

retval = -1;

509

634

}

510

635

}

511

512

//shutdown procedure

513

514

if(debug){

515

fprintf(stderr, "Closing TLS session\n");

516

}

517

636

637

/* Shutdown procedure */

638

639

mandos_end:

518

640

free(buffer);

519

gnutls_bye (es.session, GNUTLS_SHUT_RDWR);

520

exit:

521

641

close(tcp_sd);

522

gnutls_deinit (es.session);

523

gnutls_certificate_free_credentials (es.cred);

524

gnutls_global_deinit ();

642

gnutls_deinit (session);

525

643

return retval;

526

644

}

527

645

528

static AvahiSimplePoll *simple_poll = NULL;

529

static AvahiServer *server = NULL;

530

531

static void resolve_callback(

532

AvahiSServiceResolver *r,

533

AvahiIfIndex interface,

534

AVAHI_GCC_UNUSED AvahiProtocol protocol,

535

AvahiResolverEvent event,

536

const char *name,

537

const char *type,

538

const char *domain,

539

const char *host_name,

540

const AvahiAddress *address,

541

uint16_t port,

542

AVAHI_GCC_UNUSED AvahiStringList *txt,

543

AVAHI_GCC_UNUSED AvahiLookupResultFlags flags,

544

AVAHI_GCC_UNUSED void* userdata) {

545

646

static void resolve_callback(AvahiSServiceResolver *r,

647

AvahiIfIndex interface,

648

AVAHI_GCC_UNUSED AvahiProtocol protocol,

649

AvahiResolverEvent event,

650

const char *name,

651

const char *type,

652

const char *domain,

653

const char *host_name,

654

const AvahiAddress *address,

655

uint16_t port,

656

AVAHI_GCC_UNUSED AvahiStringList *txt,

657

AVAHI_GCC_UNUSED AvahiLookupResultFlags

658

flags,

659

void* userdata) {

660

mandos_context *mc = userdata;

546

661

assert(r); /* Spurious warning */

547

662

548

663

/* Called whenever a service has been resolved successfully or

551

666

switch (event) {

552

667

default:

553

668

case AVAHI_RESOLVER_FAILURE:

554

fprintf(stderr, "(Resolver) Failed to resolve service '%s' of"

555

" type '%s' in domain '%s': %s\n", name, type, domain,

556

avahi_strerror(avahi_server_errno(server)));

669

fprintf(stderr, "(Avahi Resolver) Failed to resolve service '%s'"

670

" of type '%s' in domain '%s': %s\n", name, type, domain,

671

avahi_strerror(avahi_server_errno(mc->server)));

557

672

break;

558

673

559

674

case AVAHI_RESOLVER_FOUND:

561

676

char ip[AVAHI_ADDRESS_STR_MAX];

562

677

avahi_address_snprint(ip, sizeof(ip), address);

563

678

if(debug){

564

fprintf(stderr, "Mandos server \"%s\" found on %s (%s) on"

565

" port %d\n", name, host_name, ip, port);

679

fprintf(stderr, "Mandos server \"%s\" found on %s (%s, %"

680

PRIu16 ") on port %d\n", name, host_name, ip,

681

interface, port);

566

682

}

567

int ret = start_mandos_communication(ip, port,

568

(unsigned int) interface);

683

int ret = start_mandos_communication(ip, port, interface, mc);

569

684

if (ret == 0){

570

exit(EXIT_SUCCESS);

685

avahi_simple_poll_quit(mc->simple_poll);

571

686

}

572

687

}

573

688

}

574

689

avahi_s_service_resolver_free(r);

575

690

}

576

691

577

static void browse_callback(

578

AvahiSServiceBrowser *b,

579

AvahiIfIndex interface,

580

AvahiProtocol protocol,

581

AvahiBrowserEvent event,

582

const char *name,

583

const char *type,

584

const char *domain,

585

AVAHI_GCC_UNUSED AvahiLookupResultFlags flags,

586

void* userdata) {

587

588

AvahiServer *s = userdata;

589

assert(b); /* Spurious warning */

590

591

/* Called whenever a new services becomes available on the LAN or

592

is removed from the LAN */

593

594

switch (event) {

595

default:

596

case AVAHI_BROWSER_FAILURE:

597

598

fprintf(stderr, "(Browser) %s\n",

599

avahi_strerror(avahi_server_errno(server)));

600

avahi_simple_poll_quit(simple_poll);

601

return;

602

603

case AVAHI_BROWSER_NEW:

604

/* We ignore the returned resolver object. In the callback

605

function we free it. If the server is terminated before

606

the callback function is called the server will free

607

the resolver for us. */

608

609

if (!(avahi_s_service_resolver_new(s, interface, protocol, name,

610

type, domain,

611

AVAHI_PROTO_INET6, 0,

612

resolve_callback, s)))

613

fprintf(stderr, "Failed to resolve service '%s': %s\n", name,

614

avahi_strerror(avahi_server_errno(s)));

615

break;

616

617

case AVAHI_BROWSER_REMOVE:

618

break;

619

620

case AVAHI_BROWSER_ALL_FOR_NOW:

621

case AVAHI_BROWSER_CACHE_EXHAUSTED:

622

break;

692

static void browse_callback( AvahiSServiceBrowser *b,

693

AvahiIfIndex interface,

694

AvahiProtocol protocol,

695

AvahiBrowserEvent event,

696

const char *name,

697

const char *type,

698

const char *domain,

699

AVAHI_GCC_UNUSED AvahiLookupResultFlags

700

flags,

701

void* userdata) {

702

mandos_context *mc = userdata;

703

assert(b); /* Spurious warning */

704

705

/* Called whenever a new services becomes available on the LAN or

706

is removed from the LAN */

707

708

switch (event) {

709

default:

710

case AVAHI_BROWSER_FAILURE:

711

712

fprintf(stderr, "(Avahi browser) %s\n",

713

avahi_strerror(avahi_server_errno(mc->server)));

714

avahi_simple_poll_quit(mc->simple_poll);

715

return;

716

717

case AVAHI_BROWSER_NEW:

718

/* We ignore the returned Avahi resolver object. In the callback

719

function we free it. If the Avahi server is terminated before

720

the callback function is called the Avahi server will free the

721

resolver for us. */

722

723

if (!(avahi_s_service_resolver_new(mc->server, interface,

724

protocol, name, type, domain,

725

AVAHI_PROTO_INET6, 0,

726

resolve_callback, mc)))

727

fprintf(stderr, "Avahi: Failed to resolve service '%s': %s\n",

728

name, avahi_strerror(avahi_server_errno(mc->server)));

729

break;

730

731

case AVAHI_BROWSER_REMOVE:

732

break;

733

734

case AVAHI_BROWSER_ALL_FOR_NOW:

735

case AVAHI_BROWSER_CACHE_EXHAUSTED:

736

if(debug){

737

fprintf(stderr, "No Mandos server found, still searching...\n");

623

738

}

739

break;

740

}

624

741

}

625

742

626

/* combinds file name and path and returns the malloced new string. som sane checks could/should be added */

627

const char *combinepath(const char *first, const char *second){

628

char *tmp;

629

tmp = malloc(strlen(first) + strlen(second) + 2);

743

/* Combines file name and path and returns the malloced new

744

string. some sane checks could/should be added */

745

static const char *combinepath(const char *first, const char *second){

746

size_t f_len = strlen(first);

747

size_t s_len = strlen(second);

748

char *tmp = malloc(f_len + s_len + 2);

630

749

if (tmp == NULL){

631

perror("malloc");

632

750

return NULL;

633

751

}

634

strcpy(tmp, first);

635

if (first[0] != '\0' and first[strlen(first) - 1] != '/'){

636

strcat(tmp, "/");

637

}

638

strcat(tmp, second);

752

if(f_len > 0){

753

memcpy(tmp, first, f_len); /* Spurious warning */

754

}

755

tmp[f_len] = '/';

756

if(s_len > 0){

757

memcpy(tmp + f_len + 1, second, s_len); /* Spurious warning */

758

}

759

tmp[f_len + 1 + s_len] = '\0';

639

760

return tmp;

640

761

}

641

762

642

763

643

int main(AVAHI_GCC_UNUSED int argc, AVAHI_GCC_UNUSED char*argv[]) {

644

AvahiServerConfig config;

764

int main(int argc, char *argv[]){

645

765

AvahiSServiceBrowser *sb = NULL;

646

766

int error;

647

767

int ret;

648

int returncode = EXIT_SUCCESS;

768

int exitcode = EXIT_SUCCESS;

649

769

const char *interface = "eth0";

650

770

struct ifreq network;

651

771

int sd;

652

653

while (true){

654

static struct option long_options[] = {

655

{"debug", no_argument, (int *)&debug, 1},

656

{"interface", required_argument, 0, 'i'},

657

{"certdir", required_argument, 0, 'd'},

658

{"certkey", required_argument, 0, 'c'},

659

{"certfile", required_argument, 0, 'k'},

660

{0, 0, 0, 0} };

661

662

int option_index = 0;

663

ret = getopt_long (argc, argv, "i:", long_options,

664

&option_index);

665

666

if (ret == -1){

667

break;

668

}

669

670

switch(ret){

671

case 0:

672

break;

673

case 'i':

674

interface = optarg;

675

break;

676

case 'd':

677

certdir = optarg;

678

break;

679

case 'c':

680

certfile = optarg;

681

break;

682

case 'k':

683

certkey = optarg;

684

break;

685

default:

686

exit(EXIT_FAILURE);

687

}

688

}

689

690

certfile = combinepath(certdir, certfile);

691

if (certfile == NULL){

692

returncode = EXIT_FAILURE;

693

goto exit;

694

}

695

696

certkey = combinepath(certdir, certkey);

697

if (certkey == NULL){

698

returncode = EXIT_FAILURE;

699

goto exit;

700

}

701

702

sd = socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP);

703

if(sd < 0) {

704

perror("socket");

705

returncode = EXIT_FAILURE;

706

goto exit;

707

}

708

strcpy(network.ifr_name, interface);

709

ret = ioctl(sd, SIOCGIFFLAGS, &network);

710

if(ret == -1){

711

712

perror("ioctl SIOCGIFFLAGS");

713

returncode = EXIT_FAILURE;

714

goto exit;

715

}

716

if((network.ifr_flags & IFF_UP) == 0){

717

network.ifr_flags |= IFF_UP;

718

ret = ioctl(sd, SIOCSIFFLAGS, &network);

772

uid_t uid;

773

gid_t gid;

774

char *connect_to = NULL;

775

AvahiIfIndex if_index = AVAHI_IF_UNSPEC;

776

const char *pubkeyfile = "pubkey.txt";

777

const char *seckeyfile = "seckey.txt";

778

mandos_context mc = { .simple_poll = NULL, .server = NULL,

779

.dh_bits = 1024, .priority = "SECURE256"};

780

bool gnutls_initalized = false;

781

782

{

783

struct argp_option options[] = {

784

{ .name = "debug", .key = 128,

785

.doc = "Debug mode", .group = 3 },

786

{ .name = "connect", .key = 'c',

787

.arg = "IP",

788

.doc = "Connect directly to a sepcified mandos server",

789

.group = 1 },

790

{ .name = "interface", .key = 'i',

791

.arg = "INTERFACE",

792

.doc = "Interface that Avahi will conntect through",

793

.group = 1 },

794

{ .name = "keydir", .key = 'd',

795

.arg = "KEYDIR",

796

.doc = "Directory where the openpgp keyring is",

797

.group = 1 },

798

{ .name = "seckey", .key = 's',

799

.arg = "SECKEY",

800

.doc = "Secret openpgp key for gnutls authentication",

801

.group = 1 },

802

{ .name = "pubkey", .key = 'p',

803

.arg = "PUBKEY",

804

.doc = "Public openpgp key for gnutls authentication",

805

.group = 2 },

806

{ .name = "dh-bits", .key = 129,

807

.arg = "BITS",

808

.doc = "dh-bits to use in gnutls communication",

809

.group = 2 },

810

{ .name = "priority", .key = 130,

811

.arg = "PRIORITY",

812

.doc = "GNUTLS priority", .group = 1 },

813

{ .name = NULL }

814

};

815

816

817

error_t parse_opt (int key, char *arg,

818

struct argp_state *state) {

819

/* Get the INPUT argument from `argp_parse', which we know is

820

a pointer to our plugin list pointer. */

821

switch (key) {

822

case 128:

823

debug = true;

824

break;

825

case 'c':

826

connect_to = arg;

827

break;

828

case 'i':

829

interface = arg;

830

break;

831

case 'd':

832

keydir = arg;

833

break;

834

case 's':

835

seckeyfile = arg;

836

break;

837

case 'p':

838

pubkeyfile = arg;

839

break;

840

case 129:

841

errno = 0;

842

mc.dh_bits = (unsigned int) strtol(arg, NULL, 10);

843

if (errno){

844

perror("strtol");

845

exit(EXIT_FAILURE);

846

}

847

break;

848

case 130:

849

mc.priority = arg;

850

break;

851

case ARGP_KEY_ARG:

852

argp_usage (state);

853

case ARGP_KEY_END:

854

break;

855

default:

856

return ARGP_ERR_UNKNOWN;

857

}

858

return 0;

859

}

860

861

struct argp argp = { .options = options, .parser = parse_opt,

862

.args_doc = "",

863

.doc = "Mandos client -- Get and decrypt"

864

" passwords from mandos server" };

865

ret = argp_parse (&argp, argc, argv, 0, 0, NULL);

866

if (ret == ARGP_ERR_UNKNOWN){

867

fprintf(stderr, "Unknown error while parsing arguments\n");

868

exitcode = EXIT_FAILURE;

869

goto end;

870

}

871

}

872

873

pubkeyfile = combinepath(keydir, pubkeyfile);

874

if (pubkeyfile == NULL){

875

perror("combinepath");

876

exitcode = EXIT_FAILURE;

877

goto end;

878

}

879

880

seckeyfile = combinepath(keydir, seckeyfile);

881

if (seckeyfile == NULL){

882

perror("combinepath");

883

exitcode = EXIT_FAILURE;

884

goto end;

885

}

886

887

ret = init_gnutls_global(&mc, pubkeyfile, seckeyfile);

888

if (ret == -1){

889

fprintf(stderr, "init_gnutls_global failed\n");

890

exitcode = EXIT_FAILURE;

891

goto end;

892

} else {

893

gnutls_initalized = true;

894

}

895

896

/* If the interface is down, bring it up */

897

{

898

sd = socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP);

899

if(sd < 0) {

900

perror("socket");

901

exitcode = EXIT_FAILURE;

902

goto end;

903

}

904

strcpy(network.ifr_name, interface); /* Spurious warning */

905

ret = ioctl(sd, SIOCGIFFLAGS, &network);

719

906

if(ret == -1){

720

perror("ioctl SIOCSIFFLAGS");

721

returncode = EXIT_FAILURE;

722

goto exit;

723

}

724

}

725

close(sd);

907

perror("ioctl SIOCGIFFLAGS");

908

exitcode = EXIT_FAILURE;

909

goto end;

910

}

911

if((network.ifr_flags & IFF_UP) == 0){

912

network.ifr_flags |= IFF_UP;

913

ret = ioctl(sd, SIOCSIFFLAGS, &network);

914

if(ret == -1){

915

perror("ioctl SIOCSIFFLAGS");

916

exitcode = EXIT_FAILURE;

917

goto end;

918

}

919

}

920

close(sd);

921

}

922

923

uid = getuid();

924

gid = getgid();

925

926

ret = setuid(uid);

927

if (ret == -1){

928

perror("setuid");

929

}

930

931

setgid(gid);

932

if (ret == -1){

933

perror("setgid");

934

}

935

936

if_index = (AvahiIfIndex) if_nametoindex(interface);

937

if(if_index == 0){

938

fprintf(stderr, "No such interface: \"%s\"\n", interface);

939

exit(EXIT_FAILURE);

940

}

941

942

if(connect_to != NULL){

943

/* Connect directly, do not use Zeroconf */

944

/* (Mainly meant for debugging) */

945

char *address = strrchr(connect_to, ':');

946

if(address == NULL){

947

fprintf(stderr, "No colon in address\n");

948

exitcode = EXIT_FAILURE;

949

goto end;

950

}

951

errno = 0;

952

uint16_t port = (uint16_t) strtol(address+1, NULL, 10);

953

if(errno){

954

perror("Bad port number");

955

exitcode = EXIT_FAILURE;

956

goto end;

957

}

958

*address = '\0';

959

address = connect_to;

960

ret = start_mandos_communication(address, port, if_index, &mc);

961

if(ret < 0){

962

exitcode = EXIT_FAILURE;

963

} else {

964

exitcode = EXIT_SUCCESS;

965

}

966

goto end;

967

}

726

968

727

969

if (not debug){

728

970

avahi_set_log_function(empty_log);

729

971

}

730

972

731

/* Initialize the psuedo-RNG */

973

/* Initialize the pseudo-RNG for Avahi */

732

974

srand((unsigned int) time(NULL));

733

734

/* Allocate main loop object */

735

if (!(simple_poll = avahi_simple_poll_new())) {

736

fprintf(stderr, "Failed to create simple poll object.\n");

737

returncode = EXIT_FAILURE;

738

goto exit;

739

}

740

741

/* Do not publish any local records */

742

avahi_server_config_init(&config);

743

config.publish_hinfo = 0;

744

config.publish_addresses = 0;

745

config.publish_workstation = 0;

746

config.publish_domain = 0;

747

748

/* Allocate a new server */

749

server = avahi_server_new(avahi_simple_poll_get(simple_poll),

750

&config, NULL, NULL, &error);

751

752

/* Free the configuration data */

753

avahi_server_config_free(&config);

754

755

/* Check if creating the server object succeeded */

756

if (!server) {

757

fprintf(stderr, "Failed to create server: %s\n",

975

976

/* Allocate main Avahi loop object */

977

mc.simple_poll = avahi_simple_poll_new();

978

if (mc.simple_poll == NULL) {

979

fprintf(stderr, "Avahi: Failed to create simple poll"

980

" object.\n");

981

exitcode = EXIT_FAILURE;

982

goto end;

983

}

984

985

{

986

AvahiServerConfig config;

987

/* Do not publish any local Zeroconf records */

988

avahi_server_config_init(&config);

989

config.publish_hinfo = 0;

990

config.publish_addresses = 0;

991

config.publish_workstation = 0;

992

config.publish_domain = 0;

993

994

/* Allocate a new server */

995

mc.server = avahi_server_new(avahi_simple_poll_get

996

(mc.simple_poll), &config, NULL,

997

NULL, &error);

998

999

/* Free the Avahi configuration data */

1000

avahi_server_config_free(&config);

1001

}

1002

1003

/* Check if creating the Avahi server object succeeded */

1004

if (mc.server == NULL) {

1005

fprintf(stderr, "Failed to create Avahi server: %s\n",

758

1006

avahi_strerror(error));

759

returncode = EXIT_FAILURE;

760

goto exit;

1007

exitcode = EXIT_FAILURE;

1008

goto end;

761

1009

}

762

1010

763

/* Create the service browser */

764

sb = avahi_s_service_browser_new(server,

765

(AvahiIfIndex)

766

if_nametoindex(interface),

1011

/* Create the Avahi service browser */

1012

sb = avahi_s_service_browser_new(mc.server, if_index,

767

1013

AVAHI_PROTO_INET6,

768

1014

"_mandos._tcp", NULL, 0,

769

browse_callback, server);

770

if (!sb) {

1015

browse_callback, &mc);

1016

if (sb == NULL) {

771

1017

fprintf(stderr, "Failed to create service browser: %s\n",

772

avahi_strerror(avahi_server_errno(server)));

773

returncode = EXIT_FAILURE;

774

goto exit;

1018

avahi_strerror(avahi_server_errno(mc.server)));

1019

exitcode = EXIT_FAILURE;

1020

goto end;

775

1021

}

776

1022

777

1023

/* Run the main loop */

778

1024

779

1025

if (debug){

780

fprintf(stderr, "Starting avahi loop search\n");

1026

fprintf(stderr, "Starting Avahi loop search\n");

781

1027

}

782

1028

783

avahi_simple_poll_loop(simple_poll);

1029

avahi_simple_poll_loop(mc.simple_poll);

784

1030

785

exit:

1031

end:

786

1032

787

1033

if (debug){

788

1034

fprintf(stderr, "%s exiting\n", argv[0]);

789

1035

}

790

1036

791

1037

/* Cleanup things */

792

if (sb)

1038

if (sb != NULL)

793

1039

avahi_s_service_browser_free(sb);

794

1040

795

if (server)

796

avahi_server_free(server);

797

798

if (simple_poll)

799

avahi_simple_poll_free(simple_poll);

800

free(certfile);

801

free(certkey);

1041

if (mc.server != NULL)

1042

avahi_server_free(mc.server);

1043

1044

if (mc.simple_poll != NULL)

1045

avahi_simple_poll_free(mc.simple_poll);

1046

free(pubkeyfile);

1047

free(seckeyfile);

1048

1049

if (gnutls_initalized){

1050

gnutls_certificate_free_credentials(mc.cred);

1051

gnutls_global_deinit ();

1052

}

802

1053

803

return returncode;

1054

return exitcode;

804

1055

}

Older »