214
214
fprintf(stderr, "bad gpgme_op_decrypt: %s: %s\n",
215
215
gpgme_strsource(rc), gpgme_strerror(rc));
216
216
plaintext_length = -1;
218
gpgme_decrypt_result_t result;
219
result = gpgme_op_decrypt_result(ctx);
221
fprintf(stderr, "gpgme_op_decrypt_result failed\n");
223
fprintf(stderr, "Unsupported algorithm: %s\n",
224
result->unsupported_algorithm);
225
fprintf(stderr, "Wrong key usage: %u\n",
226
result->wrong_key_usage);
227
if(result->file_name != NULL){
228
fprintf(stderr, "File name: %s\n", result->file_name);
230
gpgme_recipient_t recipient;
231
recipient = result->recipients;
233
while(recipient != NULL){
234
fprintf(stderr, "Public key algorithm: %s\n",
235
gpgme_pubkey_algo_name(recipient->pubkey_algo));
236
fprintf(stderr, "Key ID: %s\n", recipient->keyid);
237
fprintf(stderr, "Secret key available: %s\n",
238
recipient->status == GPG_ERR_NO_SECKEY
240
recipient = recipient->next;
245
217
goto decrypt_end;
249
221
fprintf(stderr, "Decryption of OpenPGP data succeeded\n");
225
gpgme_decrypt_result_t result;
226
result = gpgme_op_decrypt_result(ctx);
228
fprintf(stderr, "gpgme_op_decrypt_result failed\n");
230
fprintf(stderr, "Unsupported algorithm: %s\n",
231
result->unsupported_algorithm);
232
fprintf(stderr, "Wrong key usage: %u\n",
233
result->wrong_key_usage);
234
if(result->file_name != NULL){
235
fprintf(stderr, "File name: %s\n", result->file_name);
237
gpgme_recipient_t recipient;
238
recipient = result->recipients;
240
while(recipient != NULL){
241
fprintf(stderr, "Public key algorithm: %s\n",
242
gpgme_pubkey_algo_name(recipient->pubkey_algo));
243
fprintf(stderr, "Key ID: %s\n", recipient->keyid);
244
fprintf(stderr, "Secret key available: %s\n",
245
recipient->status == GPG_ERR_NO_SECKEY
247
recipient = recipient->next;
252
253
/* Seek back to the beginning of the GPGME plaintext data buffer */
253
254
if (gpgme_data_seek(dh_plain, (off_t) 0, SEEK_SET) == -1){
254
255
perror("pgpme_data_seek");
340
341
/* OpenPGP credentials */
341
342
gnutls_certificate_allocate_credentials(&mc->cred);
342
343
if (ret != GNUTLS_E_SUCCESS){
343
fprintf (stderr, "GnuTLS memory error: %s\n", /* Spurious
344
fprintf (stderr, "GnuTLS memory error: %s\n",
345
345
safer_gnutls_strerror(ret));
346
346
gnutls_global_deinit ();
474
475
fprintf(stderr, "Binding to interface %s\n", interface);
477
memset(&to, 0, sizeof(to));
478
memset(&to, 0, sizeof(to)); /* Spurious warning */
478
479
to.in6.sin6_family = AF_INET6;
479
480
/* It would be nice to have a way to detect if we were passed an
480
481
IPv4 address here. Now we assume an IPv6 address. */
773
772
const char *pubkeyname = "pubkey.txt";
774
773
const char *seckeyname = "seckey.txt";
775
774
mandos_context mc = { .simple_poll = NULL, .server = NULL,
776
.dh_bits = 1024, .priority = "SECURE256"
777
":!CTYPE-X.509:+CTYPE-OPENPGP" };
775
.dh_bits = 1024, .priority = "SECURE256"};
778
776
bool gnutls_initalized = false;
782
780
{ .name = "debug", .key = 128,
783
781
.doc = "Debug mode", .group = 3 },
784
782
{ .name = "connect", .key = 'c',
785
.arg = "ADDRESS:PORT",
786
.doc = "Connect directly to a specific Mandos server",
784
.doc = "Connect directly to a sepcified mandos server",
788
786
{ .name = "interface", .key = 'i',
790
.doc = "Interface that will be used to search for Mandos"
788
.doc = "Interface that Avahi will conntect through",
793
790
{ .name = "keydir", .key = 'd',
795
.doc = "Directory to read the OpenPGP key files from",
792
.doc = "Directory where the openpgp keyring is",
797
794
{ .name = "seckey", .key = 's',
799
.doc = "OpenPGP secret key file base name",
796
.doc = "Secret openpgp key for gnutls authentication",
801
798
{ .name = "pubkey", .key = 'p',
803
.doc = "OpenPGP public key file base name",
800
.doc = "Public openpgp key for gnutls authentication",
805
802
{ .name = "dh-bits", .key = 129,
807
.doc = "Bit length of the prime number used in the"
808
" Diffie-Hellman key exchange",
804
.doc = "dh-bits to use in gnutls communication",
810
806
{ .name = "priority", .key = 130,
812
.doc = "GnuTLS priority string for the TLS handshake",
808
.doc = "GNUTLS priority", .group = 1 },
817
813
error_t parse_opt (int key, char *arg,
818
814
struct argp_state *state) {
819
815
/* Get the INPUT argument from `argp_parse', which we know is
820
816
a pointer to our plugin list pointer. */
822
case 128: /* --debug */
825
case 'c': /* --connect */
826
822
connect_to = arg;
828
case 'i': /* --interface */
831
case 'd': /* --keydir */
834
case 's': /* --seckey */
835
831
seckeyname = arg;
837
case 'p': /* --pubkey */
838
834
pubkeyname = arg;
840
case 129: /* --dh-bits */
842
838
mc.dh_bits = (unsigned int) strtol(arg, NULL, 10);
861
857
struct argp argp = { .options = options, .parser = parse_opt,
863
859
.doc = "Mandos client -- Get and decrypt"
864
" passwords from a Mandos server" };
860
" passwords from mandos server" };
865
861
ret = argp_parse (&argp, argc, argv, 0, 0, NULL);
866
862
if (ret == ARGP_ERR_UNKNOWN){
867
863
fprintf(stderr, "Unknown error while parsing arguments\n");
990
986
config.publish_addresses = 0;
991
987
config.publish_workstation = 0;
992
988
config.publish_domain = 0;
994
990
/* Allocate a new server */
995
991
mc.server = avahi_server_new(avahi_simple_poll_get
996
992
(mc.simple_poll), &config, NULL,
999
995
/* Free the Avahi configuration data */
1000
996
avahi_server_config_free(&config);