To get this branch, use:
bzr branch
http://bzr.recompile.se/loggerhead/mandos/release
« back to all changes in this revision
Viewing changes to plugins.d/mandosclient.c
- browse files at revision 24.1.7
- compare with another revision
- download diff
- download tarball
- view history from revision 24.1.7
- Committer: Björn Påhlsson
- Date: 2008-08-02 15:47:42 UTC
- mfrom: (36 mandos)
- mto: (237.7.1 mandos) (24.1.154 mandos)
- mto: This revision was merged to the branch mainline in revision 38.
- Revision ID: belorn@braxen-20080802154742-pixsom1utki8x3yo
merge
- files added:
- ca.pem
- files removed:
- mandos-client.xml
- files renamed:
- mandos-client.c => plugbasedclient.c
- plugins.d/password-request.c => plugins.d/mandosclient.c
- plugins.d/password-prompt.c => plugins.d/passprompt.c
- mandos.conf => server.conf
- mandos => server.py
- files modified:
- Makefile
added
removed
plugins.d/mandosclient.c
32
32
#define _LARGEFILE_SOURCE
33
33
#define _FILE_OFFSET_BITS 64
34
34
35
#define _GNU_SOURCE /* TEMP_FAILURE_RETRY() */
36
37
#include <stdio.h> /* fprintf(), stderr, fwrite(), stdout,
38
ferror() */
39
#include <stdint.h> /* uint16_t, uint32_t */
40
#include <stddef.h> /* NULL, size_t, ssize_t */
41
#include <stdlib.h> /* free(), EXIT_SUCCESS, EXIT_FAILURE,
42
srand() */
43
#include <stdbool.h> /* bool, true */
44
#include <string.h> /* memset(), strcmp(), strlen(),
45
strerror(), memcpy(), strcpy() */
46
#include <sys/ioctl.h> /* ioctl */
47
#include <net/if.h> /* ifreq, SIOCGIFFLAGS, SIOCSIFFLAGS,
48
IFF_UP */
49
#include <sys/types.h> /* socket(), inet_pton(), sockaddr,
50
sockaddr_in6, PF_INET6,
51
SOCK_STREAM, INET6_ADDRSTRLEN,
52
uid_t, gid_t */
53
#include <inttypes.h> /* PRIu16 */
54
#include <sys/socket.h> /* socket(), struct sockaddr_in6,
55
struct in6_addr, inet_pton(),
56
connect() */
57
#include <assert.h> /* assert() */
58
#include <errno.h> /* perror(), errno */
59
#include <time.h> /* time() */
60
#include <net/if.h> /* ioctl, ifreq, SIOCGIFFLAGS, IFF_UP,
61
SIOCSIFFLAGS, if_indextoname(),
62
if_nametoindex(), IF_NAMESIZE */
63
#include <unistd.h> /* close(), SEEK_SET, off_t, write(),
64
getuid(), getgid(), setuid(),
65
setgid() */
66
#include <netinet/in.h>
67
#include <arpa/inet.h> /* inet_pton(), htons */
68
#include <iso646.h> /* not, and */
69
#include <argp.h> /* struct argp_option, error_t, struct
70
argp_state, struct argp,
71
argp_parse(), ARGP_KEY_ARG,
72
ARGP_KEY_END, ARGP_ERR_UNKNOWN */
73
74
/* Avahi */
75
/* All Avahi types, constants and functions
76
Avahi*, avahi_*,
77
AVAHI_* */
35
#include <stdio.h>
36
#include <assert.h>
37
#include <stdlib.h>
38
#include <time.h>
39
#include <net/if.h> /* if_nametoindex */
40
#include <sys/ioctl.h> // ioctl, ifreq, SIOCGIFFLAGS, IFF_UP, SIOCSIFFLAGS
41
#include <net/if.h> // ioctl, ifreq, SIOCGIFFLAGS, IFF_UP, SIOCSIFFLAGS
42
78
43
#include <avahi-core/core.h>
79
44
#include <avahi-core/lookup.h>
80
45
#include <avahi-core/log.h>
82
47
#include <avahi-common/malloc.h>
83
48
#include <avahi-common/error.h>
84
49
85
/* GnuTLS */
86
#include <gnutls/gnutls.h> /* All GnuTLS types, constants and functions
87
gnutls_*
88
init_gnutls_session(),
89
GNUTLS_* */
90
#include <gnutls/openpgp.h> /* gnutls_certificate_set_openpgp_key_file(),
91
GNUTLS_OPENPGP_FMT_BASE64 */
92
93
/* GPGME */
94
#include <gpgme.h> /* All GPGME types, constants and functions
95
gpgme_*
96
GPGME_PROTOCOL_OpenPGP,
97
GPG_ERR_NO_* */
50
//mandos client part
51
#include <sys/types.h> /* socket(), inet_pton() */
52
#include <sys/socket.h> /* socket(), struct sockaddr_in6,
53
struct in6_addr, inet_pton() */
54
#include <gnutls/gnutls.h> /* All GnuTLS stuff */
55
#include <gnutls/openpgp.h> /* GnuTLS with openpgp stuff */
56
57
#include <unistd.h> /* close() */
58
#include <netinet/in.h>
59
#include <stdbool.h> /* true */
60
#include <string.h> /* memset */
61
#include <arpa/inet.h> /* inet_pton() */
62
#include <iso646.h> /* not */
63
64
// gpgme
65
#include <errno.h> /* perror() */
66
#include <gpgme.h>
67
68
// getopt long
69
#include <getopt.h>
98
70
99
71
#define BUFFER_SIZE 256
72
#define DH_BITS 1024
73
74
static const char *certdir = "/conf/conf.d/mandos";
75
static const char *certfile = "openpgp-client.txt";
76
static const char *certkey = "openpgp-client-key.txt";
100
77
101
78
bool debug = false;
102
static const char *keydir = "/conf/conf.d/mandos";
103
static const char mandos_protocol_version[] = "1";
104
const char *argp_program_version = "password-request 1.0";
105
const char *argp_program_bug_address = "<mandos@fukt.bsnet.se>";
106
79
107
/* Used for passing in values through the Avahi callback functions */
108
80
typedef struct {
109
AvahiSimplePoll *simple_poll;
110
AvahiServer *server;
81
gnutls_session_t session;
111
82
gnutls_certificate_credentials_t cred;
112
unsigned int dh_bits;
113
83
gnutls_dh_params_t dh_params;
114
const char *priority;
115
} mandos_context;
116
117
/*
118
* Make room in "buffer" for at least BUFFER_SIZE additional bytes.
119
* "buffer_capacity" is how much is currently allocated,
120
* "buffer_length" is how much is already used.
121
*/
122
size_t adjustbuffer(char **buffer, size_t buffer_length,
123
size_t buffer_capacity){
124
if (buffer_length + BUFFER_SIZE > buffer_capacity){
125
*buffer = realloc(*buffer, buffer_capacity + BUFFER_SIZE);
126
if (buffer == NULL){
127
return 0;
128
}
129
buffer_capacity += BUFFER_SIZE;
130
}
131
return buffer_capacity;
132
}
133
134
/*
135
* Decrypt OpenPGP data using keyrings in HOMEDIR.
136
* Returns -1 on error
137
*/
138
static ssize_t pgp_packet_decrypt (const char *cryptotext,
139
size_t crypto_size,
140
char **plaintext,
84
} encrypted_session;
85
86
87
static ssize_t pgp_packet_decrypt (char *packet, size_t packet_size,
88
char **new_packet,
141
89
const char *homedir){
142
90
gpgme_data_t dh_crypto, dh_plain;
143
91
gpgme_ctx_t ctx;
144
92
gpgme_error_t rc;
145
93
ssize_t ret;
146
size_t plaintext_capacity = 0;
147
ssize_t plaintext_length = 0;
94
ssize_t new_packet_capacity = 0;
95
ssize_t new_packet_length = 0;
148
96
gpgme_engine_info_t engine_info;
149
97
150
98
if (debug){
151
fprintf(stderr, "Trying to decrypt OpenPGP data\n");
99
fprintf(stderr, "Trying to decrypt OpenPGP packet\n");
152
100
}
153
101
154
102
/* Init GPGME */
160
108
return -1;
161
109
}
162
110
163
/* Set GPGME home directory for the OpenPGP engine only */
111
/* Set GPGME home directory */
164
112
rc = gpgme_get_engine_info (&engine_info);
165
113
if (rc != GPG_ERR_NO_ERROR){
166
114
fprintf(stderr, "bad gpgme_get_engine_info: %s: %s\n",
176
124
engine_info = engine_info->next;
177
125
}
178
126
if(engine_info == NULL){
179
fprintf(stderr, "Could not set GPGME home dir to %s\n", homedir);
127
fprintf(stderr, "Could not set home dir to %s\n", homedir);
180
128
return -1;
181
129
}
182
130
183
/* Create new GPGME data buffer from memory cryptotext */
184
rc = gpgme_data_new_from_mem(&dh_crypto, cryptotext, crypto_size,
185
0);
131
/* Create new GPGME data buffer from packet buffer */
132
rc = gpgme_data_new_from_mem(&dh_crypto, packet, packet_size, 0);
186
133
if (rc != GPG_ERR_NO_ERROR){
187
134
fprintf(stderr, "bad gpgme_data_new_from_mem: %s: %s\n",
188
135
gpgme_strsource(rc), gpgme_strerror(rc));
194
141
if (rc != GPG_ERR_NO_ERROR){
195
142
fprintf(stderr, "bad gpgme_data_new: %s: %s\n",
196
143
gpgme_strsource(rc), gpgme_strerror(rc));
197
gpgme_data_release(dh_crypto);
198
144
return -1;
199
145
}
200
146
203
149
if (rc != GPG_ERR_NO_ERROR){
204
150
fprintf(stderr, "bad gpgme_new: %s: %s\n",
205
151
gpgme_strsource(rc), gpgme_strerror(rc));
206
plaintext_length = -1;
207
goto decrypt_end;
152
return -1;
208
153
}
209
154
210
/* Decrypt data from the cryptotext data buffer to the plaintext
211
data buffer */
155
/* Decrypt data from the FILE pointer to the plaintext data
156
buffer */
212
157
rc = gpgme_op_decrypt(ctx, dh_crypto, dh_plain);
213
158
if (rc != GPG_ERR_NO_ERROR){
214
159
fprintf(stderr, "bad gpgme_op_decrypt: %s: %s\n",
215
160
gpgme_strsource(rc), gpgme_strerror(rc));
216
plaintext_length = -1;
217
goto decrypt_end;
161
return -1;
218
162
}
219
163
220
164
if(debug){
221
fprintf(stderr, "Decryption of OpenPGP data succeeded\n");
165
fprintf(stderr, "Decryption of OpenPGP packet succeeded\n");
222
166
}
223
167
224
168
if (debug){
225
169
gpgme_decrypt_result_t result;
226
170
result = gpgme_op_decrypt_result(ctx);
229
173
} else {
230
174
fprintf(stderr, "Unsupported algorithm: %s\n",
231
175
result->unsupported_algorithm);
232
fprintf(stderr, "Wrong key usage: %u\n",
176
fprintf(stderr, "Wrong key usage: %d\n",
233
177
result->wrong_key_usage);
234
178
if(result->file_name != NULL){
235
179
fprintf(stderr, "File name: %s\n", result->file_name);
250
194
}
251
195
}
252
196
197
/* Delete the GPGME FILE pointer cryptotext data buffer */
198
gpgme_data_release(dh_crypto);
199
253
200
/* Seek back to the beginning of the GPGME plaintext data buffer */
254
201
if (gpgme_data_seek(dh_plain, (off_t) 0, SEEK_SET) == -1){
255
202
perror("pgpme_data_seek");
256
plaintext_length = -1;
257
goto decrypt_end;
258
203
}
259
204
260
*plaintext = NULL;
205
*new_packet = 0;
261
206
while(true){
262
plaintext_capacity = adjustbuffer(plaintext,
263
(size_t)plaintext_length,
264
plaintext_capacity);
265
if (plaintext_capacity == 0){
266
perror("adjustbuffer");
267
plaintext_length = -1;
268
goto decrypt_end;
207
if (new_packet_length + BUFFER_SIZE > new_packet_capacity){
208
*new_packet = realloc(*new_packet,
209
(unsigned int)new_packet_capacity
210
+ BUFFER_SIZE);
211
if (*new_packet == NULL){
212
perror("realloc");
213
return -1;
214
}
215
new_packet_capacity += BUFFER_SIZE;
269
216
}
270
217
271
ret = gpgme_data_read(dh_plain, *plaintext + plaintext_length,
218
ret = gpgme_data_read(dh_plain, *new_packet + new_packet_length,
272
219
BUFFER_SIZE);
273
220
/* Print the data, if any */
274
221
if (ret == 0){
275
/* EOF */
276
222
break;
277
223
}
278
224
if(ret < 0){
279
225
perror("gpgme_data_read");
280
plaintext_length = -1;
281
goto decrypt_end;
226
return -1;
282
227
}
283
plaintext_length += ret;
228
new_packet_length += ret;
284
229
}
285
230
286
if(debug){
287
fprintf(stderr, "Decrypted password is: ");
288
for(ssize_t i = 0; i < plaintext_length; i++){
289
fprintf(stderr, "%02hhX ", (*plaintext)[i]);
290
}
291
fprintf(stderr, "\n");
292
}
293
294
decrypt_end:
295
296
/* Delete the GPGME cryptotext data buffer */
297
gpgme_data_release(dh_crypto);
231
/* FIXME: check characters before printing to screen so to not print
232
terminal control characters */
233
/* if(debug){ */
234
/* fprintf(stderr, "decrypted password is: "); */
235
/* fwrite(*new_packet, 1, new_packet_length, stderr); */
236
/* fprintf(stderr, "\n"); */
237
/* } */
298
238
299
239
/* Delete the GPGME plaintext data buffer */
300
240
gpgme_data_release(dh_plain);
301
return plaintext_length;
241
return new_packet_length;
302
242
}
303
243
304
244
static const char * safer_gnutls_strerror (int value) {
308
248
return ret;
309
249
}
310
250
311
/* GnuTLS log function callback */
312
251
static void debuggnutls(__attribute__((unused)) int level,
313
252
const char* string){
314
fprintf(stderr, "GnuTLS: %s", string);
253
fprintf(stderr, "%s", string);
315
254
}
316
255
317
static int init_gnutls_global(mandos_context *mc,
318
const char *pubkeyfile,
319
const char *seckeyfile){
256
static int initgnutls(encrypted_session *es){
257
const char *err;
320
258
int ret;
321
259
322
260
if(debug){
323
261
fprintf(stderr, "Initializing GnuTLS\n");
324
262
}
325
326
ret = gnutls_global_init();
327
if (ret != GNUTLS_E_SUCCESS) {
328
fprintf (stderr, "GnuTLS global_init: %s\n",
329
safer_gnutls_strerror(ret));
263
264
if ((ret = gnutls_global_init ())
265
!= GNUTLS_E_SUCCESS) {
266
fprintf (stderr, "global_init: %s\n", safer_gnutls_strerror(ret));
330
267
return -1;
331
268
}
332
269
333
270
if (debug){
334
/* "Use a log level over 10 to enable all debugging options."
335
* - GnuTLS manual
336
*/
337
271
gnutls_global_set_log_level(11);
338
272
gnutls_global_set_log_function(debuggnutls);
339
273
}
340
274
341
/* OpenPGP credentials */
342
gnutls_certificate_allocate_credentials(&mc->cred);
343
if (ret != GNUTLS_E_SUCCESS){
344
fprintf (stderr, "GnuTLS memory error: %s\n",
275
/* openpgp credentials */
276
if ((ret = gnutls_certificate_allocate_credentials (&es->cred))
277
!= GNUTLS_E_SUCCESS) {
278
fprintf (stderr, "memory error: %s\n",
345
279
safer_gnutls_strerror(ret));
346
gnutls_global_deinit ();
347
280
return -1;
348
281
}
349
282
350
283
if(debug){
351
284
fprintf(stderr, "Attempting to use OpenPGP certificate %s"
352
" and keyfile %s as GnuTLS credentials\n", pubkeyfile,
353
seckeyfile);
285
" and keyfile %s as GnuTLS credentials\n", certfile,
286
certkey);
354
287
}
355
288
356
289
ret = gnutls_certificate_set_openpgp_key_file
357
(mc->cred, pubkeyfile, seckeyfile, GNUTLS_OPENPGP_FMT_BASE64);
290
(es->cred, certfile, certkey, GNUTLS_OPENPGP_FMT_BASE64);
358
291
if (ret != GNUTLS_E_SUCCESS) {
359
fprintf(stderr,
360
"Error[%d] while reading the OpenPGP key pair ('%s',"
361
" '%s')\n", ret, pubkeyfile, seckeyfile);
362
fprintf(stdout, "The GnuTLS error is: %s\n",
292
fprintf
293
(stderr, "Error[%d] while reading the OpenPGP key pair ('%s',"
294
" '%s')\n",
295
ret, certfile, certkey);
296
fprintf(stdout, "The Error is: %s\n",
363
297
safer_gnutls_strerror(ret));
364
goto globalfail;
365
}
366
367
/* GnuTLS server initialization */
368
ret = gnutls_dh_params_init(&mc->dh_params);
369
if (ret != GNUTLS_E_SUCCESS) {
370
fprintf (stderr, "Error in GnuTLS DH parameter initialization:"
371
" %s\n", safer_gnutls_strerror(ret));
372
goto globalfail;
373
}
374
ret = gnutls_dh_params_generate2(mc->dh_params, mc->dh_bits);
375
if (ret != GNUTLS_E_SUCCESS) {
376
fprintf (stderr, "Error in GnuTLS prime generation: %s\n",
377
safer_gnutls_strerror(ret));
378
goto globalfail;
379
}
380
381
gnutls_certificate_set_dh_params(mc->cred, mc->dh_params);
382
383
return 0;
384
385
globalfail:
386
387
gnutls_certificate_free_credentials(mc->cred);
388
gnutls_global_deinit();
389
return -1;
390
391
}
392
393
static int init_gnutls_session(mandos_context *mc,
394
gnutls_session_t *session){
395
int ret;
396
/* GnuTLS session creation */
397
ret = gnutls_init(session, GNUTLS_SERVER);
398
if (ret != GNUTLS_E_SUCCESS){
298
return -1;
299
}
300
301
//GnuTLS server initialization
302
if ((ret = gnutls_dh_params_init (&es->dh_params))
303
!= GNUTLS_E_SUCCESS) {
304
fprintf (stderr, "Error in dh parameter initialization: %s\n",
305
safer_gnutls_strerror(ret));
306
return -1;
307
}
308
309
if ((ret = gnutls_dh_params_generate2 (es->dh_params, DH_BITS))
310
!= GNUTLS_E_SUCCESS) {
311
fprintf (stderr, "Error in prime generation: %s\n",
312
safer_gnutls_strerror(ret));
313
return -1;
314
}
315
316
gnutls_certificate_set_dh_params (es->cred, es->dh_params);
317
318
// GnuTLS session creation
319
if ((ret = gnutls_init (&es->session, GNUTLS_SERVER))
320
!= GNUTLS_E_SUCCESS){
399
321
fprintf(stderr, "Error in GnuTLS session initialization: %s\n",
400
322
safer_gnutls_strerror(ret));
401
323
}
402
324
403
{
404
const char *err;
405
ret = gnutls_priority_set_direct(*session, mc->priority, &err);
406
if (ret != GNUTLS_E_SUCCESS) {
407
fprintf(stderr, "Syntax error at: %s\n", err);
408
fprintf(stderr, "GnuTLS error: %s\n",
409
safer_gnutls_strerror(ret));
410
gnutls_deinit (*session);
411
return -1;
412
}
325
if ((ret = gnutls_priority_set_direct (es->session, "NORMAL", &err))
326
!= GNUTLS_E_SUCCESS) {
327
fprintf(stderr, "Syntax error at: %s\n", err);
328
fprintf(stderr, "GnuTLS error: %s\n",
329
safer_gnutls_strerror(ret));
330
return -1;
413
331
}
414
332
415
ret = gnutls_credentials_set(*session, GNUTLS_CRD_CERTIFICATE,
416
mc->cred);
417
if (ret != GNUTLS_E_SUCCESS) {
418
fprintf(stderr, "Error setting GnuTLS credentials: %s\n",
333
if ((ret = gnutls_credentials_set
334
(es->session, GNUTLS_CRD_CERTIFICATE, es->cred))
335
!= GNUTLS_E_SUCCESS) {
336
fprintf(stderr, "Error setting a credentials set: %s\n",
419
337
safer_gnutls_strerror(ret));
420
gnutls_deinit (*session);
421
338
return -1;
422
339
}
423
340
424
341
/* ignore client certificate if any. */
425
gnutls_certificate_server_set_request (*session,
342
gnutls_certificate_server_set_request (es->session,
426
343
GNUTLS_CERT_IGNORE);
427
344
428
gnutls_dh_set_prime_bits (*session, mc->dh_bits);
345
gnutls_dh_set_prime_bits (es->session, DH_BITS);
429
346
430
347
return 0;
431
348
}
432
349
433
/* Avahi log function callback */
434
350
static void empty_log(__attribute__((unused)) AvahiLogLevel level,
435
351
__attribute__((unused)) const char *txt){}
436
352
437
/* Called when a Mandos server is found */
438
353
static int start_mandos_communication(const char *ip, uint16_t port,
439
AvahiIfIndex if_index,
440
mandos_context *mc){
354
AvahiIfIndex if_index){
441
355
int ret, tcp_sd;
442
union { struct sockaddr in; struct sockaddr_in6 in6; } to;
356
struct sockaddr_in6 to;
357
encrypted_session es;
443
358
char *buffer = NULL;
444
359
char *decrypted_buffer;
445
360
size_t buffer_length = 0;
446
361
size_t buffer_capacity = 0;
447
362
ssize_t decrypted_buffer_size;
448
size_t written;
363
size_t written = 0;
449
364
int retval = 0;
450
365
char interface[IF_NAMESIZE];
451
gnutls_session_t session;
452
453
ret = init_gnutls_session (mc, &session);
454
if (ret != 0){
455
return -1;
456
}
457
366
458
367
if(debug){
459
fprintf(stderr, "Setting up a tcp connection to %s, port %" PRIu16
460
"\n", ip, port);
368
fprintf(stderr, "Setting up a tcp connection to %s, port %d\n",
369
ip, port);
461
370
}
462
371
463
372
tcp_sd = socket(PF_INET6, SOCK_STREAM, 0);
468
377
469
378
if(debug){
470
379
if(if_indextoname((unsigned int)if_index, interface) == NULL){
471
perror("if_indextoname");
380
if(debug){
381
perror("if_indextoname");
382
}
472
383
return -1;
473
384
}
385
474
386
fprintf(stderr, "Binding to interface %s\n", interface);
475
387
}
476
388
477
389
memset(&to,0,sizeof(to)); /* Spurious warning */
478
to.in6.sin6_family = AF_INET6;
479
/* It would be nice to have a way to detect if we were passed an
480
IPv4 address here. Now we assume an IPv6 address. */
481
ret = inet_pton(AF_INET6, ip, &to.in6.sin6_addr);
390
to.sin6_family = AF_INET6;
391
ret = inet_pton(AF_INET6, ip, &to.sin6_addr);
482
392
if (ret < 0 ){
483
393
perror("inet_pton");
484
394
return -1;
485
}
395
}
486
396
if(ret == 0){
487
397
fprintf(stderr, "Bad address: %s\n", ip);
488
398
return -1;
489
399
}
490
to.in6.sin6_port = htons(port); /* Spurious warning */
400
to.sin6_port = htons(port); /* Spurious warning */
491
401
492
to.in6.sin6_scope_id = (uint32_t)if_index;
402
to.sin6_scope_id = (uint32_t)if_index;
493
403
494
404
if(debug){
495
fprintf(stderr, "Connection to: %s, port %" PRIu16 "\n", ip,
496
port);
497
char addrstr[INET6_ADDRSTRLEN] = "";
498
if(inet_ntop(to.in6.sin6_family, &(to.in6.sin6_addr), addrstr,
499
sizeof(addrstr)) == NULL){
500
perror("inet_ntop");
501
} else {
502
if(strcmp(addrstr, ip) != 0){
503
fprintf(stderr, "Canonical address form: %s\n", addrstr);
504
}
505
}
405
fprintf(stderr, "Connection to: %s, port %d\n", ip, port);
406
/* char addrstr[INET6_ADDRSTRLEN]; */
407
/* if(inet_ntop(to.sin6_family, &(to.sin6_addr), addrstr, */
408
/* sizeof(addrstr)) == NULL){ */
409
/* perror("inet_ntop"); */
410
/* } else { */
411
/* fprintf(stderr, "Really connecting to: %s, port %d\n", */
412
/* addrstr, ntohs(to.sin6_port)); */
413
/* } */
506
414
}
507
415
508
ret = connect(tcp_sd, &to.in, sizeof(to));
416
ret = connect(tcp_sd, (struct sockaddr *) &to, sizeof(to));
509
417
if (ret < 0){
510
418
perror("connect");
511
419
return -1;
512
420
}
513
514
const char *out = mandos_protocol_version;
515
written = 0;
516
while (true){
517
size_t out_size = strlen(out);
518
ret = TEMP_FAILURE_RETRY(write(tcp_sd, out + written,
519
out_size - written));
520
if (ret == -1){
521
perror("write");
522
retval = -1;
523
goto mandos_end;
524
}
525
written += (size_t)ret;
526
if(written < out_size){
527
continue;
528
} else {
529
if (out == mandos_protocol_version){
530
written = 0;
531
out = "\r\n";
532
} else {
533
break;
534
}
535
}
421
422
ret = initgnutls (&es);
423
if (ret != 0){
424
retval = -1;
425
return -1;
536
426
}
537
427
428
gnutls_transport_set_ptr (es.session,
429
(gnutls_transport_ptr_t) tcp_sd);
430
538
431
if(debug){
539
432
fprintf(stderr, "Establishing TLS session with %s\n", ip);
540
433
}
541
434
542
gnutls_transport_set_ptr (session, (gnutls_transport_ptr_t) tcp_sd);
543
544
do{
545
ret = gnutls_handshake (session);
546
} while(ret == GNUTLS_E_AGAIN or ret == GNUTLS_E_INTERRUPTED);
435
ret = gnutls_handshake (es.session);
547
436
548
437
if (ret != GNUTLS_E_SUCCESS){
549
438
if(debug){
550
fprintf(stderr, "*** GnuTLS Handshake failed ***\n");
439
fprintf(stderr, "\n*** Handshake failed ***\n");
551
440
gnutls_perror (ret);
552
441
}
553
442
retval = -1;
554
goto mandos_end;
443
goto exit;
555
444
}
556
445
557
/* Read OpenPGP packet that contains the wanted password */
446
//Retrieve OpenPGP packet that contains the wanted password
558
447
559
448
if(debug){
560
449
fprintf(stderr, "Retrieving pgp encrypted password from %s\n",
562
451
}
563
452
564
453
while(true){
565
buffer_capacity = adjustbuffer(&buffer, buffer_length,
566
buffer_capacity);
567
if (buffer_capacity == 0){
568
perror("adjustbuffer");
569
retval = -1;
570
goto mandos_end;
454
if (buffer_length + BUFFER_SIZE > buffer_capacity){
455
buffer = realloc(buffer, buffer_capacity + BUFFER_SIZE);
456
if (buffer == NULL){
457
perror("realloc");
458
goto exit;
459
}
460
buffer_capacity += BUFFER_SIZE;
571
461
}
572
462
573
ret = gnutls_record_recv(session, buffer+buffer_length,
574
BUFFER_SIZE);
463
ret = gnutls_record_recv
464
(es.session, buffer+buffer_length, BUFFER_SIZE);
575
465
if (ret == 0){
576
466
break;
577
467
}
581
471
case GNUTLS_E_AGAIN:
582
472
break;
583
473
case GNUTLS_E_REHANDSHAKE:
584
do{
585
ret = gnutls_handshake (session);
586
} while(ret == GNUTLS_E_AGAIN or ret == GNUTLS_E_INTERRUPTED);
474
ret = gnutls_handshake (es.session);
587
475
if (ret < 0){
588
fprintf(stderr, "*** GnuTLS Re-handshake failed ***\n");
476
fprintf(stderr, "\n*** Handshake failed ***\n");
589
477
gnutls_perror (ret);
590
478
retval = -1;
591
goto mandos_end;
479
goto exit;
592
480
}
593
481
break;
594
482
default:
595
483
fprintf(stderr, "Unknown error while reading data from"
596
" encrypted session with Mandos server\n");
484
" encrypted session with mandos server\n");
597
485
retval = -1;
598
gnutls_bye (session, GNUTLS_SHUT_RDWR);
599
goto mandos_end;
486
gnutls_bye (es.session, GNUTLS_SHUT_RDWR);
487
goto exit;
600
488
}
601
489
} else {
602
490
buffer_length += (size_t) ret;
603
491
}
604
492
}
605
493
606
if(debug){
607
fprintf(stderr, "Closing TLS session\n");
608
}
609
610
gnutls_bye (session, GNUTLS_SHUT_RDWR);
611
612
494
if (buffer_length > 0){
613
495
decrypted_buffer_size = pgp_packet_decrypt(buffer,
614
496
buffer_length,
615
497
&decrypted_buffer,
616
keydir);
498
certdir);
617
499
if (decrypted_buffer_size >= 0){
618
written = 0;
619
500
while(written < (size_t) decrypted_buffer_size){
620
501
ret = (int)fwrite (decrypted_buffer + written, 1,
621
502
(size_t)decrypted_buffer_size - written,
635
516
retval = -1;
636
517
}
637
518
}
638
639
/* Shutdown procedure */
640
641
mandos_end:
519
520
//shutdown procedure
521
522
if(debug){
523
fprintf(stderr, "Closing TLS session\n");
524
}
525
642
526
free(buffer);
527
gnutls_bye (es.session, GNUTLS_SHUT_RDWR);
528
exit:
643
529
close(tcp_sd);
644
gnutls_deinit (session);
530
gnutls_deinit (es.session);
531
gnutls_certificate_free_credentials (es.cred);
532
gnutls_global_deinit ();
645
533
return retval;
646
534
}
647
535
648
static void resolve_callback(AvahiSServiceResolver *r,
649
AvahiIfIndex interface,
650
AVAHI_GCC_UNUSED AvahiProtocol protocol,
651
AvahiResolverEvent event,
652
const char *name,
653
const char *type,
654
const char *domain,
655
const char *host_name,
656
const AvahiAddress *address,
657
uint16_t port,
658
AVAHI_GCC_UNUSED AvahiStringList *txt,
659
AVAHI_GCC_UNUSED AvahiLookupResultFlags
660
flags,
661
void* userdata) {
662
mandos_context *mc = userdata;
536
static AvahiSimplePoll *simple_poll = NULL;
537
static AvahiServer *server = NULL;
538
539
static void resolve_callback(
540
AvahiSServiceResolver *r,
541
AvahiIfIndex interface,
542
AVAHI_GCC_UNUSED AvahiProtocol protocol,
543
AvahiResolverEvent event,
544
const char *name,
545
const char *type,
546
const char *domain,
547
const char *host_name,
548
const AvahiAddress *address,
549
uint16_t port,
550
AVAHI_GCC_UNUSED AvahiStringList *txt,
551
AVAHI_GCC_UNUSED AvahiLookupResultFlags flags,
552
AVAHI_GCC_UNUSED void* userdata) {
553
663
554
assert(r); /* Spurious warning */
664
555
665
556
/* Called whenever a service has been resolved successfully or
668
559
switch (event) {
669
560
default:
670
561
case AVAHI_RESOLVER_FAILURE:
671
fprintf(stderr, "(Avahi Resolver) Failed to resolve service '%s'"
672
" of type '%s' in domain '%s': %s\n", name, type, domain,
673
avahi_strerror(avahi_server_errno(mc->server)));
562
fprintf(stderr, "(Resolver) Failed to resolve service '%s' of"
563
" type '%s' in domain '%s': %s\n", name, type, domain,
564
avahi_strerror(avahi_server_errno(server)));
674
565
break;
675
566
676
567
case AVAHI_RESOLVER_FOUND:
678
569
char ip[AVAHI_ADDRESS_STR_MAX];
679
570
avahi_address_snprint(ip, sizeof(ip), address);
680
571
if(debug){
681
fprintf(stderr, "Mandos server \"%s\" found on %s (%s, %"
682
PRIu16 ") on port %d\n", name, host_name, ip,
683
interface, port);
572
fprintf(stderr, "Mandos server \"%s\" found on %s (%s) on"
573
" port %d\n", name, host_name, ip, port);
684
574
}
685
int ret = start_mandos_communication(ip, port, interface, mc);
575
int ret = start_mandos_communication(ip, port, interface);
686
576
if (ret == 0){
687
577
exit(EXIT_SUCCESS);
688
578
}
691
581
avahi_s_service_resolver_free(r);
692
582
}
693
583
694
static void browse_callback( AvahiSServiceBrowser *b,
695
AvahiIfIndex interface,
696
AvahiProtocol protocol,
697
AvahiBrowserEvent event,
698
const char *name,
699
const char *type,
700
const char *domain,
701
AVAHI_GCC_UNUSED AvahiLookupResultFlags
702
flags,
703
void* userdata) {
704
mandos_context *mc = userdata;
705
assert(b); /* Spurious warning */
706
707
/* Called whenever a new services becomes available on the LAN or
708
is removed from the LAN */
709
710
switch (event) {
711
default:
712
case AVAHI_BROWSER_FAILURE:
713
714
fprintf(stderr, "(Avahi browser) %s\n",
715
avahi_strerror(avahi_server_errno(mc->server)));
716
avahi_simple_poll_quit(mc->simple_poll);
717
return;
718
719
case AVAHI_BROWSER_NEW:
720
/* We ignore the returned Avahi resolver object. In the callback
721
function we free it. If the Avahi server is terminated before
722
the callback function is called the Avahi server will free the
723
resolver for us. */
724
725
if (!(avahi_s_service_resolver_new(mc->server, interface,
726
protocol, name, type, domain,
727
AVAHI_PROTO_INET6, 0,
728
resolve_callback, mc)))
729
fprintf(stderr, "Avahi: Failed to resolve service '%s': %s\n",
730
name, avahi_strerror(avahi_server_errno(mc->server)));
731
break;
732
733
case AVAHI_BROWSER_REMOVE:
734
break;
735
736
case AVAHI_BROWSER_ALL_FOR_NOW:
737
case AVAHI_BROWSER_CACHE_EXHAUSTED:
738
if(debug){
739
fprintf(stderr, "No Mandos server found, still searching...\n");
584
static void browse_callback(
585
AvahiSServiceBrowser *b,
586
AvahiIfIndex interface,
587
AvahiProtocol protocol,
588
AvahiBrowserEvent event,
589
const char *name,
590
const char *type,
591
const char *domain,
592
AVAHI_GCC_UNUSED AvahiLookupResultFlags flags,
593
void* userdata) {
594
595
AvahiServer *s = userdata;
596
assert(b); /* Spurious warning */
597
598
/* Called whenever a new services becomes available on the LAN or
599
is removed from the LAN */
600
601
switch (event) {
602
default:
603
case AVAHI_BROWSER_FAILURE:
604
605
fprintf(stderr, "(Browser) %s\n",
606
avahi_strerror(avahi_server_errno(server)));
607
avahi_simple_poll_quit(simple_poll);
608
return;
609
610
case AVAHI_BROWSER_NEW:
611
/* We ignore the returned resolver object. In the callback
612
function we free it. If the server is terminated before
613
the callback function is called the server will free
614
the resolver for us. */
615
616
if (!(avahi_s_service_resolver_new(s, interface, protocol, name,
617
type, domain,
618
AVAHI_PROTO_INET6, 0,
619
resolve_callback, s)))
620
fprintf(stderr, "Failed to resolve service '%s': %s\n", name,
621
avahi_strerror(avahi_server_errno(s)));
622
break;
623
624
case AVAHI_BROWSER_REMOVE:
625
break;
626
627
case AVAHI_BROWSER_ALL_FOR_NOW:
628
case AVAHI_BROWSER_CACHE_EXHAUSTED:
629
break;
740
630
}
741
break;
742
}
743
631
}
744
632
745
633
/* Combines file name and path and returns the malloced new
752
640
return NULL;
753
641
}
754
642
if(f_len > 0){
755
memcpy(tmp, first, f_len); /* Spurious warning */
643
memcpy(tmp, first, f_len);
756
644
}
757
645
tmp[f_len] = '/';
758
646
if(s_len > 0){
759
memcpy(tmp + f_len + 1, second, s_len); /* Spurious warning */
647
memcpy(tmp + f_len + 1, second, s_len);
760
648
}
761
649
tmp[f_len + 1 + s_len] = '\0';
762
650
return tmp;
763
651
}
764
652
765
653
766
int main(int argc, char *argv[]){
654
int main(AVAHI_GCC_UNUSED int argc, AVAHI_GCC_UNUSED char*argv[]) {
655
AvahiServerConfig config;
767
656
AvahiSServiceBrowser *sb = NULL;
768
657
int error;
769
658
int ret;
770
int exitcode = EXIT_SUCCESS;
659
int returncode = EXIT_SUCCESS;
771
660
const char *interface = "eth0";
772
661
struct ifreq network;
773
662
int sd;
774
uid_t uid;
775
gid_t gid;
776
663
char *connect_to = NULL;
777
664
AvahiIfIndex if_index = AVAHI_IF_UNSPEC;
778
const char *pubkeyfile = "pubkey.txt";
779
const char *seckeyfile = "seckey.txt";
780
mandos_context mc = { .simple_poll = NULL, .server = NULL,
781
.dh_bits = 1024, .priority = "SECURE256"};
782
bool gnutls_initalized = false;
783
784
{
785
struct argp_option options[] = {
786
{ .name = "debug", .key = 128,
787
.doc = "Debug mode", .group = 3 },
788
{ .name = "connect", .key = 'c',
789
.arg = "IP",
790
.doc = "Connect directly to a sepcified mandos server",
791
.group = 1 },
792
{ .name = "interface", .key = 'i',
793
.arg = "INTERFACE",
794
.doc = "Interface that Avahi will conntect through",
795
.group = 1 },
796
{ .name = "keydir", .key = 'd',
797
.arg = "KEYDIR",
798
.doc = "Directory where the openpgp keyring is",
799
.group = 1 },
800
{ .name = "seckey", .key = 's',
801
.arg = "SECKEY",
802
.doc = "Secret openpgp key for gnutls authentication",
803
.group = 1 },
804
{ .name = "pubkey", .key = 'p',
805
.arg = "PUBKEY",
806
.doc = "Public openpgp key for gnutls authentication",
807
.group = 2 },
808
{ .name = "dh-bits", .key = 129,
809
.arg = "BITS",
810
.doc = "dh-bits to use in gnutls communication",
811
.group = 2 },
812
{ .name = "priority", .key = 130,
813
.arg = "PRIORITY",
814
.doc = "GNUTLS priority", .group = 1 },
815
{ .name = NULL }
816
};
817
818
819
error_t parse_opt (int key, char *arg,
820
struct argp_state *state) {
821
/* Get the INPUT argument from `argp_parse', which we know is
822
a pointer to our plugin list pointer. */
823
switch (key) {
824
case 128:
825
debug = true;
826
break;
827
case 'c':
828
connect_to = arg;
829
break;
830
case 'i':
831
interface = arg;
832
break;
833
case 'd':
834
keydir = arg;
835
break;
836
case 's':
837
seckeyfile = arg;
838
break;
839
case 'p':
840
pubkeyfile = arg;
841
break;
842
case 129:
843
errno = 0;
844
mc.dh_bits = (unsigned int) strtol(arg, NULL, 10);
845
if (errno){
846
perror("strtol");
847
exit(EXIT_FAILURE);
848
}
849
break;
850
case 130:
851
mc.priority = arg;
852
break;
853
case ARGP_KEY_ARG:
854
argp_usage (state);
855
break;
856
case ARGP_KEY_END:
857
break;
858
default:
859
return ARGP_ERR_UNKNOWN;
860
}
861
return 0;
862
}
863
864
struct argp argp = { .options = options, .parser = parse_opt,
865
.args_doc = "",
866
.doc = "Mandos client -- Get and decrypt"
867
" passwords from mandos server" };
868
ret = argp_parse (&argp, argc, argv, 0, 0, NULL);
869
if (ret == ARGP_ERR_UNKNOWN){
870
fprintf(stderr, "Unkown error while parsing arguments\n");
871
exitcode = EXIT_FAILURE;
872
goto end;
873
}
874
}
875
876
pubkeyfile = combinepath(keydir, pubkeyfile);
877
if (pubkeyfile == NULL){
878
perror("combinepath");
879
exitcode = EXIT_FAILURE;
880
goto end;
881
}
882
883
seckeyfile = combinepath(keydir, seckeyfile);
884
if (seckeyfile == NULL){
885
perror("combinepath");
886
goto end;
887
}
888
889
ret = init_gnutls_global(&mc, pubkeyfile, seckeyfile);
890
if (ret == -1){
891
fprintf(stderr, "init_gnutls_global\n");
892
goto end;
893
} else {
894
gnutls_initalized = true;
895
}
896
897
uid = getuid();
898
gid = getgid();
899
900
ret = setuid(uid);
901
if (ret == -1){
902
perror("setuid");
903
}
904
905
setgid(gid);
906
if (ret == -1){
907
perror("setgid");
665
666
while (true){
667
static struct option long_options[] = {
668
{"debug", no_argument, (int *)&debug, 1},
669
{"connect", required_argument, 0, 'C'},
670
{"interface", required_argument, 0, 'i'},
671
{"certdir", required_argument, 0, 'd'},
672
{"certkey", required_argument, 0, 'c'},
673
{"certfile", required_argument, 0, 'k'},
674
{0, 0, 0, 0} };
675
676
int option_index = 0;
677
ret = getopt_long (argc, argv, "i:", long_options,
678
&option_index);
679
680
if (ret == -1){
681
break;
682
}
683
684
switch(ret){
685
case 0:
686
break;
687
case 'i':
688
interface = optarg;
689
break;
690
case 'C':
691
connect_to = optarg;
692
break;
693
case 'd':
694
certdir = optarg;
695
break;
696
case 'c':
697
certfile = optarg;
698
break;
699
case 'k':
700
certkey = optarg;
701
break;
702
default:
703
exit(EXIT_FAILURE);
704
}
705
}
706
707
certfile = combinepath(certdir, certfile);
708
if (certfile == NULL){
709
perror("combinepath");
710
returncode = EXIT_FAILURE;
711
goto exit;
712
}
713
714
certkey = combinepath(certdir, certkey);
715
if (certkey == NULL){
716
perror("combinepath");
717
returncode = EXIT_FAILURE;
718
goto exit;
908
719
}
909
720
910
721
if_index = (AvahiIfIndex) if_nametoindex(interface);
919
730
char *address = strrchr(connect_to, ':');
920
731
if(address == NULL){
921
732
fprintf(stderr, "No colon in address\n");
922
exitcode = EXIT_FAILURE;
923
goto end;
733
exit(EXIT_FAILURE);
924
734
}
925
735
errno = 0;
926
736
uint16_t port = (uint16_t) strtol(address+1, NULL, 10);
927
737
if(errno){
928
738
perror("Bad port number");
929
exitcode = EXIT_FAILURE;
930
goto end;
739
exit(EXIT_FAILURE);
931
740
}
932
741
*address = '\0';
933
742
address = connect_to;
934
ret = start_mandos_communication(address, port, if_index, &mc);
743
ret = start_mandos_communication(address, port, if_index);
935
744
if(ret < 0){
936
exitcode = EXIT_FAILURE;
745
exit(EXIT_FAILURE);
937
746
} else {
938
exitcode = EXIT_SUCCESS;
747
exit(EXIT_SUCCESS);
939
748
}
940
goto end;
941
749
}
942
750
943
/* If the interface is down, bring it up */
944
{
945
sd = socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP);
946
if(sd < 0) {
947
perror("socket");
948
exitcode = EXIT_FAILURE;
949
goto end;
950
}
951
strcpy(network.ifr_name, interface); /* Spurious warning */
952
ret = ioctl(sd, SIOCGIFFLAGS, &network);
751
sd = socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP);
752
if(sd < 0) {
753
perror("socket");
754
returncode = EXIT_FAILURE;
755
goto exit;
756
}
757
strcpy(network.ifr_name, interface);
758
ret = ioctl(sd, SIOCGIFFLAGS, &network);
759
if(ret == -1){
760
761
perror("ioctl SIOCGIFFLAGS");
762
returncode = EXIT_FAILURE;
763
goto exit;
764
}
765
if((network.ifr_flags & IFF_UP) == 0){
766
network.ifr_flags |= IFF_UP;
767
ret = ioctl(sd, SIOCSIFFLAGS, &network);
953
768
if(ret == -1){
954
perror("ioctl SIOCGIFFLAGS");
955
exitcode = EXIT_FAILURE;
956
goto end;
957
}
958
if((network.ifr_flags & IFF_UP) == 0){
959
network.ifr_flags |= IFF_UP;
960
ret = ioctl(sd, SIOCSIFFLAGS, &network);
961
if(ret == -1){
962
perror("ioctl SIOCSIFFLAGS");
963
exitcode = EXIT_FAILURE;
964
goto end;
965
}
966
}
967
close(sd);
769
perror("ioctl SIOCSIFFLAGS");
770
returncode = EXIT_FAILURE;
771
goto exit;
772
}
968
773
}
774
close(sd);
969
775
970
776
if (not debug){
971
777
avahi_set_log_function(empty_log);
972
778
}
973
779
974
/* Initialize the pseudo-RNG for Avahi */
780
/* Initialize the psuedo-RNG */
975
781
srand((unsigned int) time(NULL));
976
977
/* Allocate main Avahi loop object */
978
mc.simple_poll = avahi_simple_poll_new();
979
if (mc.simple_poll == NULL) {
980
fprintf(stderr, "Avahi: Failed to create simple poll"
981
" object.\n");
982
exitcode = EXIT_FAILURE;
983
goto end;
984
}
985
986
{
987
AvahiServerConfig config;
988
/* Do not publish any local Zeroconf records */
989
avahi_server_config_init(&config);
990
config.publish_hinfo = 0;
991
config.publish_addresses = 0;
992
config.publish_workstation = 0;
993
config.publish_domain = 0;
994
995
/* Allocate a new server */
996
mc.server = avahi_server_new(avahi_simple_poll_get
997
(mc.simple_poll), &config, NULL,
998
NULL, &error);
999
1000
/* Free the Avahi configuration data */
1001
avahi_server_config_free(&config);
1002
}
1003
1004
/* Check if creating the Avahi server object succeeded */
1005
if (mc.server == NULL) {
1006
fprintf(stderr, "Failed to create Avahi server: %s\n",
782
783
/* Allocate main loop object */
784
if (!(simple_poll = avahi_simple_poll_new())) {
785
fprintf(stderr, "Failed to create simple poll object.\n");
786
returncode = EXIT_FAILURE;
787
goto exit;
788
}
789
790
/* Do not publish any local records */
791
avahi_server_config_init(&config);
792
config.publish_hinfo = 0;
793
config.publish_addresses = 0;
794
config.publish_workstation = 0;
795
config.publish_domain = 0;
796
797
/* Allocate a new server */
798
server = avahi_server_new(avahi_simple_poll_get(simple_poll),
799
&config, NULL, NULL, &error);
800
801
/* Free the configuration data */
802
avahi_server_config_free(&config);
803
804
/* Check if creating the server object succeeded */
805
if (!server) {
806
fprintf(stderr, "Failed to create server: %s\n",
1007
807
avahi_strerror(error));
1008
exitcode = EXIT_FAILURE;
1009
goto end;
808
returncode = EXIT_FAILURE;
809
goto exit;
1010
810
}
1011
811
1012
/* Create the Avahi service browser */
1013
sb = avahi_s_service_browser_new(mc.server, if_index,
812
/* Create the service browser */
813
sb = avahi_s_service_browser_new(server, if_index,
1014
814
AVAHI_PROTO_INET6,
1015
815
"_mandos._tcp", NULL, 0,
1016
browse_callback, &mc);
1017
if (sb == NULL) {
816
browse_callback, server);
817
if (!sb) {
1018
818
fprintf(stderr, "Failed to create service browser: %s\n",
1019
avahi_strerror(avahi_server_errno(mc.server)));
1020
exitcode = EXIT_FAILURE;
1021
goto end;
819
avahi_strerror(avahi_server_errno(server)));
820
returncode = EXIT_FAILURE;
821
goto exit;
1022
822
}
1023
823
1024
824
/* Run the main loop */
1025
825
1026
826
if (debug){
1027
fprintf(stderr, "Starting Avahi loop search\n");
827
fprintf(stderr, "Starting avahi loop search\n");
1028
828
}
1029
829
1030
avahi_simple_poll_loop(mc.simple_poll);
830
avahi_simple_poll_loop(simple_poll);
1031
831
1032
end:
832
exit:
1033
833
1034
834
if (debug){
1035
835
fprintf(stderr, "%s exiting\n", argv[0]);
1036
836
}
1037
837
1038
838
/* Cleanup things */
1039
if (sb != NULL)
839
if (sb)
1040
840
avahi_s_service_browser_free(sb);
1041
841
1042
if (mc.server != NULL)
1043
avahi_server_free(mc.server);
1044
1045
if (mc.simple_poll != NULL)
1046
avahi_simple_poll_free(mc.simple_poll);
1047
free(pubkeyfile);
1048
free(seckeyfile);
1049
1050
if (gnutls_initalized){
1051
gnutls_certificate_free_credentials(mc.cred);
1052
gnutls_global_deinit ();
1053
}
842
if (server)
843
avahi_server_free(server);
844
845
if (simple_poll)
846
avahi_simple_poll_free(simple_poll);
847
free(certfile);
848
free(certkey);
1054
849
1055
return exitcode;
850
return returncode;
1056
851
}
Loggerhead is a web-based interface for Breezy
Version: 2.0.2.dev0