/mandos/trunk

/*  -*- coding: utf-8 -*- */

/*

 * Mandos-client - get and decrypt data from a Mandos server

 *

 * This program is partly derived from an example program for an Avahi

 * service browser, downloaded from

 * <http://avahi.org/browser/examples/core-browse-services.c>.  This

 * includes the following functions: "resolve_callback",

 * "browse_callback", and parts of "main".

 * 

 * Everything else is

 * Copyright © 2008,2009 Teddy Hogeborn

 * Copyright © 2008,2009 Björn Påhlsson

 * 

 * This program is free software: you can redistribute it and/or

 * modify it under the terms of the GNU General Public License as

 * published by the Free Software Foundation, either version 3 of the

 * License, or (at your option) any later version.

 * 

 * This program is distributed in the hope that it will be useful, but

 * WITHOUT ANY WARRANTY; without even the implied warranty of

 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU

 * General Public License for more details.

 * 

 * You should have received a copy of the GNU General Public License

 * along with this program.  If not, see

 * <http://www.gnu.org/licenses/>.

 * 

 * Contact the authors at <mandos@fukt.bsnet.se>.

 */

/* Needed by GPGME, specifically gpgme_data_seek() */

#define _LARGEFILE_SOURCE

#define _FILE_OFFSET_BITS 64

#define _GNU_SOURCE		/* TEMP_FAILURE_RETRY(), asprintf() */

#include <stdio.h>		/* fprintf(), stderr, fwrite(),

				   stdout, ferror(), sscanf(),

				   remove() */

#include <stdint.h> 		/* uint16_t, uint32_t */

#include <stddef.h>		/* NULL, size_t, ssize_t */

#include <stdlib.h> 		/* free(), EXIT_SUCCESS, EXIT_FAILURE,

				   srand() */

#include <stdbool.h>		/* bool, true */

#include <string.h>		/* memset(), strcmp(), strlen(),

				   strerror(), asprintf(), strcpy() */

#include <sys/ioctl.h>          /* ioctl */

#include <sys/types.h>		/* socket(), inet_pton(), sockaddr,

				   sockaddr_in6, PF_INET6,

				   SOCK_STREAM, INET6_ADDRSTRLEN,

				   uid_t, gid_t, open(), opendir(),

				   DIR */

#include <sys/stat.h>		/* open() */

#include <sys/socket.h>		/* socket(), struct sockaddr_in6,

				   struct in6_addr, inet_pton(),

				   connect() */

#include <fcntl.h>		/* open() */

#include <dirent.h>		/* opendir(), struct dirent, readdir()

				 */

#include <inttypes.h>		/* PRIu16, intmax_t, SCNdMAX */

#include <assert.h>		/* assert() */

#include <errno.h>		/* perror(), errno */

#include <time.h>		/* time() */

#include <net/if.h>		/* ioctl, ifreq, SIOCGIFFLAGS, IFF_UP,

				   SIOCSIFFLAGS, if_indextoname(),

				   if_nametoindex(), IF_NAMESIZE */

#include <netinet/in.h>

#include <unistd.h>		/* close(), SEEK_SET, off_t, write(),

				   getuid(), getgid(), setuid(),

				   setgid() */

#include <arpa/inet.h>		/* inet_pton(), htons */

#include <iso646.h>		/* not, and, or */

#include <argp.h>		/* struct argp_option, error_t, struct

				   argp_state, struct argp,

				   argp_parse(), ARGP_KEY_ARG,

				   ARGP_KEY_END, ARGP_ERR_UNKNOWN */

/* Avahi */

/* All Avahi types, constants and functions

 Avahi*, avahi_*,

 AVAHI_* */

#include <avahi-core/core.h>

#include <avahi-core/lookup.h>

#include <avahi-core/log.h>

#include <avahi-common/simple-watch.h>

#include <avahi-common/malloc.h>

#include <avahi-common/error.h>

/* GnuTLS */

#include <gnutls/gnutls.h>	/* All GnuTLS types, constants and

				   functions:

				   gnutls_*

				   init_gnutls_session(),

				   GNUTLS_* */

#include <gnutls/openpgp.h>

			  /* gnutls_certificate_set_openpgp_key_file(),

				   GNUTLS_OPENPGP_FMT_BASE64 */

/* GPGME */

#include <gpgme.h> 		/* All GPGME types, constants and

				   functions:

				   gpgme_*

				   GPGME_PROTOCOL_OpenPGP,

				   GPG_ERR_NO_* */

#define BUFFER_SIZE 256

#define PATHDIR "/conf/conf.d/mandos"

#define SECKEY "seckey.txt"

#define PUBKEY "pubkey.txt"

bool debug = false;

static const char mandos_protocol_version[] = "1";

const char *argp_program_version = "mandos-client " VERSION;

const char *argp_program_bug_address = "<mandos@fukt.bsnet.se>";

/* Used for passing in values through the Avahi callback functions */

typedef struct {

  AvahiSimplePoll *simple_poll;

  AvahiServer *server;

  gnutls_certificate_credentials_t cred;

  unsigned int dh_bits;

  gnutls_dh_params_t dh_params;

  const char *priority;

  gpgme_ctx_t ctx;

} mandos_context;

/*

 * Make room in "buffer" for at least BUFFER_SIZE additional bytes.

 * "buffer_capacity" is how much is currently allocated,

 * "buffer_length" is how much is already used.

 */

size_t adjustbuffer(char **buffer, size_t buffer_length,

		  size_t buffer_capacity){

  if(buffer_length + BUFFER_SIZE > buffer_capacity){

    *buffer = realloc(*buffer, buffer_capacity + BUFFER_SIZE);

    if(buffer == NULL){

      return 0;

    }

    buffer_capacity += BUFFER_SIZE;

  }

  return buffer_capacity;

}

/* 

 * Initialize GPGME.

 */

static bool init_gpgme(mandos_context *mc, const char *seckey,

		       const char *pubkey, const char *tempdir){

  int ret;

  gpgme_error_t rc;

  gpgme_engine_info_t engine_info;

  /*

   * Helper function to insert pub and seckey to the enigne keyring.

   */

  bool import_key(const char *filename){

    int fd;

    gpgme_data_t pgp_data;

    fd = (int)TEMP_FAILURE_RETRY(open(filename, O_RDONLY));

    if(fd == -1){

      perror("open");

      return false;

    }

    rc = gpgme_data_new_from_fd(&pgp_data, fd);

    if(rc != GPG_ERR_NO_ERROR){

      fprintf(stderr, "bad gpgme_data_new_from_fd: %s: %s\n",

	      gpgme_strsource(rc), gpgme_strerror(rc));

      return false;

    }

    rc = gpgme_op_import(mc->ctx, pgp_data);

    if(rc != GPG_ERR_NO_ERROR){

      fprintf(stderr, "bad gpgme_op_import: %s: %s\n",

	      gpgme_strsource(rc), gpgme_strerror(rc));

      return false;

    }

    ret = (int)TEMP_FAILURE_RETRY(close(fd));

    if(ret == -1){

      perror("close");

    }

    gpgme_data_release(pgp_data);

    return true;

  }

  if(debug){

    fprintf(stderr, "Initialize gpgme\n");

  }

  /* Init GPGME */

  gpgme_check_version(NULL);

  rc = gpgme_engine_check_version(GPGME_PROTOCOL_OpenPGP);

  if(rc != GPG_ERR_NO_ERROR){

    fprintf(stderr, "bad gpgme_engine_check_version: %s: %s\n",

	    gpgme_strsource(rc), gpgme_strerror(rc));

    return false;

  }

    /* Set GPGME home directory for the OpenPGP engine only */

  rc = gpgme_get_engine_info(&engine_info);

  if(rc != GPG_ERR_NO_ERROR){

    fprintf(stderr, "bad gpgme_get_engine_info: %s: %s\n",

	    gpgme_strsource(rc), gpgme_strerror(rc));

    return false;

  }

  while(engine_info != NULL){

    if(engine_info->protocol == GPGME_PROTOCOL_OpenPGP){

      gpgme_set_engine_info(GPGME_PROTOCOL_OpenPGP,

			    engine_info->file_name, tempdir);

      break;

    }

    engine_info = engine_info->next;

  }

  if(engine_info == NULL){

    fprintf(stderr, "Could not set GPGME home dir to %s\n", tempdir);

    return false;

  }

  /* Create new GPGME "context" */

  rc = gpgme_new(&(mc->ctx));

  if(rc != GPG_ERR_NO_ERROR){

    fprintf(stderr, "bad gpgme_new: %s: %s\n",

	    gpgme_strsource(rc), gpgme_strerror(rc));

    return false;

  }

  if(not import_key(pubkey) or not import_key(seckey)){

    return false;

  }

  return true; 

}

/* 

 * Decrypt OpenPGP data.

 * Returns -1 on error

 */

static ssize_t pgp_packet_decrypt(const mandos_context *mc,

				  const char *cryptotext,

				  size_t crypto_size,

				  char **plaintext){

  gpgme_data_t dh_crypto, dh_plain;

  gpgme_error_t rc;

  ssize_t ret;

  size_t plaintext_capacity = 0;

  ssize_t plaintext_length = 0;

  if(debug){

    fprintf(stderr, "Trying to decrypt OpenPGP data\n");

  }

  /* Create new GPGME data buffer from memory cryptotext */

  rc = gpgme_data_new_from_mem(&dh_crypto, cryptotext, crypto_size,

			       0);

  if(rc != GPG_ERR_NO_ERROR){

    fprintf(stderr, "bad gpgme_data_new_from_mem: %s: %s\n",

	    gpgme_strsource(rc), gpgme_strerror(rc));

    return -1;

  }

  /* Create new empty GPGME data buffer for the plaintext */

  rc = gpgme_data_new(&dh_plain);

  if(rc != GPG_ERR_NO_ERROR){

    fprintf(stderr, "bad gpgme_data_new: %s: %s\n",

	    gpgme_strsource(rc), gpgme_strerror(rc));

    gpgme_data_release(dh_crypto);

    return -1;

  }

  /* Decrypt data from the cryptotext data buffer to the plaintext

     data buffer */

  rc = gpgme_op_decrypt(mc->ctx, dh_crypto, dh_plain);

  if(rc != GPG_ERR_NO_ERROR){

    fprintf(stderr, "bad gpgme_op_decrypt: %s: %s\n",

	    gpgme_strsource(rc), gpgme_strerror(rc));

    plaintext_length = -1;

    if(debug){

      gpgme_decrypt_result_t result;

      result = gpgme_op_decrypt_result(mc->ctx);

      if(result == NULL){

	fprintf(stderr, "gpgme_op_decrypt_result failed\n");

      } else {

	fprintf(stderr, "Unsupported algorithm: %s\n",

		result->unsupported_algorithm);

	fprintf(stderr, "Wrong key usage: %u\n",

		result->wrong_key_usage);

	if(result->file_name != NULL){

	  fprintf(stderr, "File name: %s\n", result->file_name);

	}

	gpgme_recipient_t recipient;

	recipient = result->recipients;

	if(recipient){

	  while(recipient != NULL){

	    fprintf(stderr, "Public key algorithm: %s\n",

		    gpgme_pubkey_algo_name(recipient->pubkey_algo));

	    fprintf(stderr, "Key ID: %s\n", recipient->keyid);

	    fprintf(stderr, "Secret key available: %s\n",

		    recipient->status == GPG_ERR_NO_SECKEY

		    ? "No" : "Yes");

	    recipient = recipient->next;

	  }

	}

      }

    }

    goto decrypt_end;

  }

  if(debug){

    fprintf(stderr, "Decryption of OpenPGP data succeeded\n");

  }

  /* Seek back to the beginning of the GPGME plaintext data buffer */

  if(gpgme_data_seek(dh_plain, (off_t)0, SEEK_SET) == -1){

    perror("gpgme_data_seek");

    plaintext_length = -1;

    goto decrypt_end;

  }

  *plaintext = NULL;

  while(true){

    plaintext_capacity = adjustbuffer(plaintext,

				      (size_t)plaintext_length,

				      plaintext_capacity);

    if(plaintext_capacity == 0){

	perror("adjustbuffer");

	plaintext_length = -1;

	goto decrypt_end;

    }

    ret = gpgme_data_read(dh_plain, *plaintext + plaintext_length,

			  BUFFER_SIZE);

    /* Print the data, if any */

    if(ret == 0){

      /* EOF */

      break;

    }

    if(ret < 0){

      perror("gpgme_data_read");

      plaintext_length = -1;

      goto decrypt_end;

    }

    plaintext_length += ret;

  }

  if(debug){

    fprintf(stderr, "Decrypted password is: ");

    for(ssize_t i = 0; i < plaintext_length; i++){

      fprintf(stderr, "%02hhX ", (*plaintext)[i]);

    }

    fprintf(stderr, "\n");

  }

 decrypt_end:

  /* Delete the GPGME cryptotext data buffer */

  gpgme_data_release(dh_crypto);

  /* Delete the GPGME plaintext data buffer */

  gpgme_data_release(dh_plain);

  return plaintext_length;

}

static const char * safer_gnutls_strerror(int value) {

  const char *ret = gnutls_strerror(value); /* Spurious warning from

					       -Wunreachable-code */

  if(ret == NULL)

    ret = "(unknown)";

  return ret;

}

/* GnuTLS log function callback */

static void debuggnutls(__attribute__((unused)) int level,

			const char* string){

  fprintf(stderr, "GnuTLS: %s", string);

}

static int init_gnutls_global(mandos_context *mc,

			      const char *pubkeyfilename,

			      const char *seckeyfilename){

  int ret;

  if(debug){

    fprintf(stderr, "Initializing GnuTLS\n");

  }

  ret = gnutls_global_init();

  if(ret != GNUTLS_E_SUCCESS) {

    fprintf(stderr, "GnuTLS global_init: %s\n",

	    safer_gnutls_strerror(ret));

    return -1;

  }

  if(debug){

    /* "Use a log level over 10 to enable all debugging options."

     * - GnuTLS manual

     */

    gnutls_global_set_log_level(11);

    gnutls_global_set_log_function(debuggnutls);

  }

  /* OpenPGP credentials */

  gnutls_certificate_allocate_credentials(&mc->cred);

  if(ret != GNUTLS_E_SUCCESS){

    fprintf(stderr, "GnuTLS memory error: %s\n", /* Spurious warning

						  * from

						  * -Wunreachable-code

						  */

	    safer_gnutls_strerror(ret));

    gnutls_global_deinit();

    return -1;

  }

  if(debug){

    fprintf(stderr, "Attempting to use OpenPGP public key %s and"

	    " secret key %s as GnuTLS credentials\n", pubkeyfilename,

	    seckeyfilename);

  }

  ret = gnutls_certificate_set_openpgp_key_file

    (mc->cred, pubkeyfilename, seckeyfilename,

     GNUTLS_OPENPGP_FMT_BASE64);

  if(ret != GNUTLS_E_SUCCESS) {

    fprintf(stderr,

	    "Error[%d] while reading the OpenPGP key pair ('%s',"

	    " '%s')\n", ret, pubkeyfilename, seckeyfilename);

    fprintf(stderr, "The GnuTLS error is: %s\n",

	    safer_gnutls_strerror(ret));

    goto globalfail;

  }

  /* GnuTLS server initialization */

  ret = gnutls_dh_params_init(&mc->dh_params);

  if(ret != GNUTLS_E_SUCCESS) {

    fprintf(stderr, "Error in GnuTLS DH parameter initialization:"

	    " %s\n", safer_gnutls_strerror(ret));

    goto globalfail;

  }

  ret = gnutls_dh_params_generate2(mc->dh_params, mc->dh_bits);

  if(ret != GNUTLS_E_SUCCESS) {

    fprintf(stderr, "Error in GnuTLS prime generation: %s\n",

	    safer_gnutls_strerror(ret));

    goto globalfail;

  }

  gnutls_certificate_set_dh_params(mc->cred, mc->dh_params);

  return 0;

 globalfail:

  gnutls_certificate_free_credentials(mc->cred);

  gnutls_global_deinit();

  gnutls_dh_params_deinit(mc->dh_params);

  return -1;

}

static int init_gnutls_session(mandos_context *mc,

			       gnutls_session_t *session){

  int ret;

  /* GnuTLS session creation */

  ret = gnutls_init(session, GNUTLS_SERVER);

  if(ret != GNUTLS_E_SUCCESS){

    fprintf(stderr, "Error in GnuTLS session initialization: %s\n",

	    safer_gnutls_strerror(ret));

  }

  {

    const char *err;

    ret = gnutls_priority_set_direct(*session, mc->priority, &err);

    if(ret != GNUTLS_E_SUCCESS) {

      fprintf(stderr, "Syntax error at: %s\n", err);

      fprintf(stderr, "GnuTLS error: %s\n",

	      safer_gnutls_strerror(ret));

      gnutls_deinit(*session);

      return -1;

    }

  }

  ret = gnutls_credentials_set(*session, GNUTLS_CRD_CERTIFICATE,

			       mc->cred);

  if(ret != GNUTLS_E_SUCCESS) {

    fprintf(stderr, "Error setting GnuTLS credentials: %s\n",

	    safer_gnutls_strerror(ret));

    gnutls_deinit(*session);

    return -1;

  }

  /* ignore client certificate if any. */

  gnutls_certificate_server_set_request(*session,

					GNUTLS_CERT_IGNORE);

  gnutls_dh_set_prime_bits(*session, mc->dh_bits);

  return 0;

}

/* Avahi log function callback */

static void empty_log(__attribute__((unused)) AvahiLogLevel level,

		      __attribute__((unused)) const char *txt){}

/* Called when a Mandos server is found */

static int start_mandos_communication(const char *ip, uint16_t port,

				      AvahiIfIndex if_index,

				      mandos_context *mc){

  int ret, tcp_sd;

  ssize_t sret;

  union { struct sockaddr in; struct sockaddr_in6 in6; } to;

  char *buffer = NULL;

  char *decrypted_buffer;

  size_t buffer_length = 0;

  size_t buffer_capacity = 0;

  ssize_t decrypted_buffer_size;

  size_t written;

  int retval = 0;

  char interface[IF_NAMESIZE];

  gnutls_session_t session;

  ret = init_gnutls_session(mc, &session);

  if(ret != 0){

    return -1;

  }

  if(debug){

    fprintf(stderr, "Setting up a tcp connection to %s, port %" PRIu16

	    "\n", ip, port);

  }

  tcp_sd = socket(PF_INET6, SOCK_STREAM, 0);

  if(tcp_sd < 0) {

    perror("socket");

    return -1;

  }

  if(debug){

    if(if_indextoname((unsigned int)if_index, interface) == NULL){

      perror("if_indextoname");

      return -1;

    }

    fprintf(stderr, "Binding to interface %s\n", interface);

  }

  memset(&to, 0, sizeof(to));

  to.in6.sin6_family = AF_INET6;

  /* It would be nice to have a way to detect if we were passed an

     IPv4 address here.   Now we assume an IPv6 address. */

  ret = inet_pton(AF_INET6, ip, &to.in6.sin6_addr);

  if(ret < 0 ){

    perror("inet_pton");

    return -1;

  }

  if(ret == 0){

    fprintf(stderr, "Bad address: %s\n", ip);

    return -1;

  }

  to.in6.sin6_port = htons(port); /* Spurious warnings from

				     -Wconversion and

				     -Wunreachable-code */

  to.in6.sin6_scope_id = (uint32_t)if_index;