/mandos/release : revision 89

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to plugins.d/password-request.c

Committer: Teddy Hogeborn
Date: 2008-08-18 23:55:28 UTC
Revision ID: teddy@fukt.bsnet.se-20080818235528-dn628nlbrtzl7z4f

* Makefile: Bug fix: fixed creation of man pages for section 5 pages.

* mandos (main): Changed from requiring "[server]" in mandos.conf(5)
                 to requiring "[DEFAULT]".

* mandos.conf ([server]): Renamed to "[DEFAULT]".

* mandos.conf.xml: Removed <?xml-stylesheet>.  New entity "&OVERVIEW;"
                   referring to "overview.xml".
  (DESCRIPTION): Updated to specify the syntax more precisely.  Use
                 <varname> around the option names.

files added:
COPYING

initramfs-tools-hook

initramfs-tools-hook-conf

initramfs-tools-script

mandos-clients.conf.xml

mandos-keygen

mandos-keygen.xml

mandos.conf.xml

mandos.xml

overview.xml

plugin-runner.xml

plugins.d/password-prompt.xml

plugins.d/password-request.xml

plugins.d/usplash

files removed:
ca.pem

cert.pem

client-cert.pem

client-key.pem

crl.pem

key.pem

files renamed:
server.py => mandos

server.conf => mandos.conf

plugbasedclient.c => plugin-runner.c

plugins.d/passprompt.c => plugins.d/password-prompt.c

plugins.d/mandosclient.c => plugins.d/password-request.c

files modified:
Makefile

TODO

clients.conf

Show diffs side-by-side

added added

removed removed

plugins.d/password-request.c

* along with this program. If not, see

* <http://www.gnu.org/licenses/>.

* Contact the authors at <https://www.fukt.bsnet.se/~belorn/> and

* <https://www.fukt.bsnet.se/~teddy/>.

* Contact the authors at <mandos@fukt.bsnet.se>.

/* Needed by GPGME, specifically gpgme_data_seek() */

#define _LARGEFILE_SOURCE

#define _FILE_OFFSET_BITS 64

#include <stdio.h>

#include <assert.h>

#include <stdlib.h>

#include <time.h>

#include <net/if.h> /* if_nametoindex */

#define _GNU_SOURCE /* TEMP_FAILURE_RETRY(), asprintf() */

#include <stdio.h> /* fprintf(), stderr, fwrite(),

stdout, ferror() */

#include <stdint.h> /* uint16_t, uint32_t */

#include <stddef.h> /* NULL, size_t, ssize_t */

#include <stdlib.h> /* free(), EXIT_SUCCESS, EXIT_FAILURE,

srand() */

#include <stdbool.h> /* bool, true */

#include <string.h> /* memset(), strcmp(), strlen(),

strerror(), asprintf(), strcpy() */

#include <sys/ioctl.h> /* ioctl */

#include <sys/types.h> /* socket(), inet_pton(), sockaddr,

sockaddr_in6, PF_INET6,

SOCK_STREAM, INET6_ADDRSTRLEN,

uid_t, gid_t */

#include <inttypes.h> /* PRIu16 */

#include <sys/socket.h> /* socket(), struct sockaddr_in6,

struct in6_addr, inet_pton(),

connect() */

#include <assert.h> /* assert() */

#include <errno.h> /* perror(), errno */

#include <time.h> /* time() */

#include <net/if.h> /* ioctl, ifreq, SIOCGIFFLAGS, IFF_UP,

SIOCSIFFLAGS, if_indextoname(),

if_nametoindex(), IF_NAMESIZE */

#include <unistd.h> /* close(), SEEK_SET, off_t, write(),

getuid(), getgid(), setuid(),

setgid() */

#include <netinet/in.h>

#include <arpa/inet.h> /* inet_pton(), htons */

#include <iso646.h> /* not, and */

#include <argp.h> /* struct argp_option, error_t, struct

argp_state, struct argp,

argp_parse(), ARGP_KEY_ARG,

ARGP_KEY_END, ARGP_ERR_UNKNOWN */

/* Avahi */

/* All Avahi types, constants and functions

Avahi*, avahi_*,

AVAHI_* */

#include <avahi-core/core.h>

#include <avahi-core/lookup.h>

#include <avahi-core/log.h>

#include <avahi-common/malloc.h>

#include <avahi-common/error.h>

//mandos client part

#include <sys/types.h> /* socket(), inet_pton() */

#include <sys/socket.h> /* socket(), struct sockaddr_in6,

struct in6_addr, inet_pton() */

#include <gnutls/gnutls.h> /* All GnuTLS stuff */

#include <gnutls/openpgp.h> /* GnuTLS with openpgp stuff */

#include <unistd.h> /* close() */

#include <netinet/in.h>

#include <stdbool.h> /* true */

#include <string.h> /* memset */

#include <arpa/inet.h> /* inet_pton() */

#include <iso646.h> /* not */

// gpgme

#include <errno.h> /* perror() */

#include <gpgme.h>

// getopt long

#include <getopt.h>

#ifndef CERT_ROOT

#define CERT_ROOT "/conf/conf.d/cryptkeyreq/"

#endif

#define CERTFILE CERT_ROOT "openpgp-client.txt"

#define KEYFILE CERT_ROOT "openpgp-client-key.txt"

/* GnuTLS */

#include <gnutls/gnutls.h> /* All GnuTLS types, constants and

functions:

gnutls_*

init_gnutls_session(),

GNUTLS_* */

#include <gnutls/openpgp.h> /* gnutls_certificate_set_openpgp_key_file(),

GNUTLS_OPENPGP_FMT_BASE64 */

/* GPGME */

#include <gpgme.h> /* All GPGME types, constants and

functions:

gpgme_*

GPGME_PROTOCOL_OpenPGP,

GPG_ERR_NO_* */

#define BUFFER_SIZE 256

#define DH_BITS 1024

100

101

bool debug = false;

102

static const char *keydir = "/conf/conf.d/mandos";

103

static const char mandos_protocol_version[] = "1";

104

const char *argp_program_version = "password-request 1.0";

105

const char *argp_program_bug_address = "<mandos@fukt.bsnet.se>";

106

107

/* Used for passing in values through the Avahi callback functions */

108

typedef struct {

gnutls_session_t session;

109

AvahiSimplePoll *simple_poll;

110

AvahiServer *server;

111

gnutls_certificate_credentials_t cred;

112

unsigned int dh_bits;

113

gnutls_dh_params_t dh_params;

} encrypted_session;

ssize_t pgp_packet_decrypt (char *packet, size_t packet_size,

char **new_packet, const char *homedir){

114

const char *priority;

115

} mandos_context;

116

117

118

* Make room in "buffer" for at least BUFFER_SIZE additional bytes.

119

* "buffer_capacity" is how much is currently allocated,

120

* "buffer_length" is how much is already used.

121

122

size_t adjustbuffer(char **buffer, size_t buffer_length,

123

size_t buffer_capacity){

124

if (buffer_length + BUFFER_SIZE > buffer_capacity){

125

*buffer = realloc(*buffer, buffer_capacity + BUFFER_SIZE);

126

if (buffer == NULL){

127

return 0;

128

}

129

buffer_capacity += BUFFER_SIZE;

130

}

131

return buffer_capacity;

132

}

133

134

135

* Decrypt OpenPGP data using keyrings in HOMEDIR.

136

* Returns -1 on error

137

138

static ssize_t pgp_packet_decrypt (const char *cryptotext,

139

size_t crypto_size,

140

char **plaintext,

141

const char *homedir){

142

gpgme_data_t dh_crypto, dh_plain;

143

gpgme_ctx_t ctx;

144

gpgme_error_t rc;

145

ssize_t ret;

ssize_t new_packet_capacity = 0;

ssize_t new_packet_length = 0;

146

size_t plaintext_capacity = 0;

147

ssize_t plaintext_length = 0;

148

gpgme_engine_info_t engine_info;

149

150

if (debug){

fprintf(stderr, "Trying to decrypt OpenPGP packet\n");

151

fprintf(stderr, "Trying to decrypt OpenPGP data\n");

152

}

100

153

101

154

/* Init GPGME */

102

155

gpgme_check_version(NULL);

103

gpgme_engine_check_version(GPGME_PROTOCOL_OpenPGP);

156

rc = gpgme_engine_check_version(GPGME_PROTOCOL_OpenPGP);

157

if (rc != GPG_ERR_NO_ERROR){

158

fprintf(stderr, "bad gpgme_engine_check_version: %s: %s\n",

159

gpgme_strsource(rc), gpgme_strerror(rc));

160

return -1;

161

}

104

162

105

/* Set GPGME home directory */

163

/* Set GPGME home directory for the OpenPGP engine only */

106

164

rc = gpgme_get_engine_info (&engine_info);

107

165

if (rc != GPG_ERR_NO_ERROR){

108

166

fprintf(stderr, "bad gpgme_get_engine_info: %s: %s\n",

118

176

engine_info = engine_info->next;

119

177

}

120

178

if(engine_info == NULL){

121

fprintf(stderr, "Could not set home dir to %s\n", homedir);

179

fprintf(stderr, "Could not set GPGME home dir to %s\n", homedir);

122

180

return -1;

123

181

}

124

182

125

/* Create new GPGME data buffer from packet buffer */

126

rc = gpgme_data_new_from_mem(&dh_crypto, packet, packet_size, 0);

183

/* Create new GPGME data buffer from memory cryptotext */

184

rc = gpgme_data_new_from_mem(&dh_crypto, cryptotext, crypto_size,

185

0);

127

186

if (rc != GPG_ERR_NO_ERROR){

128

187

fprintf(stderr, "bad gpgme_data_new_from_mem: %s: %s\n",

129

188

gpgme_strsource(rc), gpgme_strerror(rc));

135

194

if (rc != GPG_ERR_NO_ERROR){

136

195

fprintf(stderr, "bad gpgme_data_new: %s: %s\n",

137

196

gpgme_strsource(rc), gpgme_strerror(rc));

197

gpgme_data_release(dh_crypto);

138

198

return -1;

139

199

}

140

200

143

203

if (rc != GPG_ERR_NO_ERROR){

144

204

fprintf(stderr, "bad gpgme_new: %s: %s\n",

145

205

gpgme_strsource(rc), gpgme_strerror(rc));

146

return -1;

206

plaintext_length = -1;

207

goto decrypt_end;

147

208

}

148

209

149

/* Decrypt data from the FILE pointer to the plaintext data

150

buffer */

210

/* Decrypt data from the cryptotext data buffer to the plaintext

211

data buffer */

151

212

rc = gpgme_op_decrypt(ctx, dh_crypto, dh_plain);

152

213

if (rc != GPG_ERR_NO_ERROR){

153

214

fprintf(stderr, "bad gpgme_op_decrypt: %s: %s\n",

154

215

gpgme_strsource(rc), gpgme_strerror(rc));

155

return -1;

216

plaintext_length = -1;

217

goto decrypt_end;

156

218

}

157

219

158

220

if(debug){

159

fprintf(stderr, "Decryption of OpenPGP packet succeeded\n");

221

fprintf(stderr, "Decryption of OpenPGP data succeeded\n");

160

222

}

161

223

162

224

if (debug){

163

225

gpgme_decrypt_result_t result;

164

226

result = gpgme_op_decrypt_result(ctx);

167

229

} else {

168

230

fprintf(stderr, "Unsupported algorithm: %s\n",

169

231

result->unsupported_algorithm);

170

fprintf(stderr, "Wrong key usage: %d\n",

232

fprintf(stderr, "Wrong key usage: %u\n",

171

233

result->wrong_key_usage);

172

234

if(result->file_name != NULL){

173

235

fprintf(stderr, "File name: %s\n", result->file_name);

188

250

}

189

251

}

190

252

191

/* Delete the GPGME FILE pointer cryptotext data buffer */

192

gpgme_data_release(dh_crypto);

193

194

253

/* Seek back to the beginning of the GPGME plaintext data buffer */

195

gpgme_data_seek(dh_plain, (off_t) 0, SEEK_SET);

196

197

*new_packet = 0;

254

if (gpgme_data_seek(dh_plain, (off_t) 0, SEEK_SET) == -1){

255

perror("pgpme_data_seek");

256

plaintext_length = -1;

257

goto decrypt_end;

258

}

259

260

*plaintext = NULL;

198

261

while(true){

199

if (new_packet_length + BUFFER_SIZE > new_packet_capacity){

200

*new_packet = realloc(*new_packet,

201

(unsigned int)new_packet_capacity

202

+ BUFFER_SIZE);

203

if (*new_packet == NULL){

204

perror("realloc");

205

return -1;

206

}

207

new_packet_capacity += BUFFER_SIZE;

262

plaintext_capacity = adjustbuffer(plaintext,

263

(size_t)plaintext_length,

264

plaintext_capacity);

265

if (plaintext_capacity == 0){

266

perror("adjustbuffer");

267

plaintext_length = -1;

268

goto decrypt_end;

208

269

}

209

270

210

ret = gpgme_data_read(dh_plain, *new_packet + new_packet_length,

271

ret = gpgme_data_read(dh_plain, *plaintext + plaintext_length,

211

272

BUFFER_SIZE);

212

273

/* Print the data, if any */

213

274

if (ret == 0){

275

/* EOF */

214

276

break;

215

277

}

216

278

if(ret < 0){

217

279

perror("gpgme_data_read");

218

return -1;

280

plaintext_length = -1;

281

goto decrypt_end;

219

282

}

220

new_packet_length += ret;

283

plaintext_length += ret;

221

284

}

222

285

223

/* FIXME: check characters before printing to screen so to not print

224

terminal control characters */

225

/* if(debug){ */

226

/* fprintf(stderr, "decrypted password is: "); */

227

/* fwrite(*new_packet, 1, new_packet_length, stderr); */

228

/* fprintf(stderr, "\n"); */

229

/* } */

286

if(debug){

287

fprintf(stderr, "Decrypted password is: ");

288

for(ssize_t i = 0; i < plaintext_length; i++){

289

fprintf(stderr, "%02hhX ", (*plaintext)[i]);

290

}

291

fprintf(stderr, "\n");

292

}

293

294

decrypt_end:

295

296

/* Delete the GPGME cryptotext data buffer */

297

gpgme_data_release(dh_crypto);

230

298

231

299

/* Delete the GPGME plaintext data buffer */

232

300

gpgme_data_release(dh_plain);

233

return new_packet_length;

301

return plaintext_length;

234

302

}

235

303

236

304

static const char * safer_gnutls_strerror (int value) {

237

const char *ret = gnutls_strerror (value);

305

const char *ret = gnutls_strerror (value); /* Spurious warning */

238

306

if (ret == NULL)

239

307

ret = "(unknown)";

240

308

return ret;

241

309

}

242

310

243

void debuggnutls(__attribute__((unused)) int level,

244

const char* string){

245

fprintf(stderr, "%s", string);

311

/* GnuTLS log function callback */

312

static void debuggnutls(__attribute__((unused)) int level,

313

const char* string){

314

fprintf(stderr, "GnuTLS: %s", string);

246

315

}

247

316

248

int initgnutls(encrypted_session *es){

249

const char *err;

317

static int init_gnutls_global(mandos_context *mc,

318

const char *pubkeyfilename,

319

const char *seckeyfilename){

250

320

int ret;

251

321

252

322

if(debug){

253

323

fprintf(stderr, "Initializing GnuTLS\n");

254

324

}

255

325

256

if ((ret = gnutls_global_init ())

257

!= GNUTLS_E_SUCCESS) {

258

fprintf (stderr, "global_init: %s\n", safer_gnutls_strerror(ret));

326

ret = gnutls_global_init();

327

if (ret != GNUTLS_E_SUCCESS) {

328

fprintf (stderr, "GnuTLS global_init: %s\n",

329

safer_gnutls_strerror(ret));

259

330

return -1;

260

331

}

261

332

262

333

if (debug){

334

/* "Use a log level over 10 to enable all debugging options."

335

* - GnuTLS manual

336

263

337

gnutls_global_set_log_level(11);

264

338

gnutls_global_set_log_function(debuggnutls);

265

339

}

266

340

267

/* openpgp credentials */

268

if ((ret = gnutls_certificate_allocate_credentials (&es->cred))

269

!= GNUTLS_E_SUCCESS) {

270

fprintf (stderr, "memory error: %s\n",

341

/* OpenPGP credentials */

342

gnutls_certificate_allocate_credentials(&mc->cred);

343

if (ret != GNUTLS_E_SUCCESS){

344

fprintf (stderr, "GnuTLS memory error: %s\n", /* Spurious

345

warning */

271

346

safer_gnutls_strerror(ret));

347

gnutls_global_deinit ();

272

348

return -1;

273

349

}

274

350

275

351

if(debug){

276

352

fprintf(stderr, "Attempting to use OpenPGP certificate %s"

277

" and keyfile %s as GnuTLS credentials\n", CERTFILE,

278

KEYFILE);

353

" and keyfile %s as GnuTLS credentials\n", pubkeyfilename,

354

seckeyfilename);

279

355

}

280

356

281

357

ret = gnutls_certificate_set_openpgp_key_file

282

(es->cred, CERTFILE, KEYFILE, GNUTLS_OPENPGP_FMT_BASE64);

358

(mc->cred, pubkeyfilename, seckeyfilename,

359

GNUTLS_OPENPGP_FMT_BASE64);

283

360

if (ret != GNUTLS_E_SUCCESS) {

284

fprintf

285

(stderr, "Error[%d] while reading the OpenPGP key pair ('%s',"

286

" '%s')\n",

287

ret, CERTFILE, KEYFILE);

288

fprintf(stdout, "The Error is: %s\n",

361

fprintf(stderr,

362

"Error[%d] while reading the OpenPGP key pair ('%s',"

363

" '%s')\n", ret, pubkeyfilename, seckeyfilename);

364

fprintf(stdout, "The GnuTLS error is: %s\n",

289

365

safer_gnutls_strerror(ret));

290

return -1;

291

}

292

293

//GnuTLS server initialization

294

if ((ret = gnutls_dh_params_init (&es->dh_params))

295

!= GNUTLS_E_SUCCESS) {

296

fprintf (stderr, "Error in dh parameter initialization: %s\n",

297

safer_gnutls_strerror(ret));

298

return -1;

299

}

300

301

if ((ret = gnutls_dh_params_generate2 (es->dh_params, DH_BITS))

302

!= GNUTLS_E_SUCCESS) {

303

fprintf (stderr, "Error in prime generation: %s\n",

304

safer_gnutls_strerror(ret));

305

return -1;

306

}

307

308

gnutls_certificate_set_dh_params (es->cred, es->dh_params);

309

310

// GnuTLS session creation

311

if ((ret = gnutls_init (&es->session, GNUTLS_SERVER))

312

!= GNUTLS_E_SUCCESS){

366

goto globalfail;

367

}

368

369

/* GnuTLS server initialization */

370

ret = gnutls_dh_params_init(&mc->dh_params);

371

if (ret != GNUTLS_E_SUCCESS) {

372

fprintf (stderr, "Error in GnuTLS DH parameter initialization:"

373

" %s\n", safer_gnutls_strerror(ret));

374

goto globalfail;

375

}

376

ret = gnutls_dh_params_generate2(mc->dh_params, mc->dh_bits);

377

if (ret != GNUTLS_E_SUCCESS) {

378

fprintf (stderr, "Error in GnuTLS prime generation: %s\n",

379

safer_gnutls_strerror(ret));

380

goto globalfail;

381

}

382

383

gnutls_certificate_set_dh_params(mc->cred, mc->dh_params);

384

385

return 0;

386

387

globalfail:

388

389

gnutls_certificate_free_credentials(mc->cred);

390

gnutls_global_deinit();

391

return -1;

392

393

}

394

395

static int init_gnutls_session(mandos_context *mc,

396

gnutls_session_t *session){

397

int ret;

398

/* GnuTLS session creation */

399

ret = gnutls_init(session, GNUTLS_SERVER);

400

if (ret != GNUTLS_E_SUCCESS){

313

401

fprintf(stderr, "Error in GnuTLS session initialization: %s\n",

314

402

safer_gnutls_strerror(ret));

315

403

}

316

404

317

if ((ret = gnutls_priority_set_direct (es->session, "NORMAL", &err))

318

!= GNUTLS_E_SUCCESS) {

319

fprintf(stderr, "Syntax error at: %s\n", err);

320

fprintf(stderr, "GnuTLS error: %s\n",

321

safer_gnutls_strerror(ret));

322

return -1;

405

{

406

const char *err;

407

ret = gnutls_priority_set_direct(*session, mc->priority, &err);

408

if (ret != GNUTLS_E_SUCCESS) {

409

fprintf(stderr, "Syntax error at: %s\n", err);

410

fprintf(stderr, "GnuTLS error: %s\n",

411

safer_gnutls_strerror(ret));

412

gnutls_deinit (*session);

413

return -1;

414

}

323

415

}

324

416

325

if ((ret = gnutls_credentials_set

326

(es->session, GNUTLS_CRD_CERTIFICATE, es->cred))

327

!= GNUTLS_E_SUCCESS) {

328

fprintf(stderr, "Error setting a credentials set: %s\n",

417

ret = gnutls_credentials_set(*session, GNUTLS_CRD_CERTIFICATE,

418

mc->cred);

419

if (ret != GNUTLS_E_SUCCESS) {

420

fprintf(stderr, "Error setting GnuTLS credentials: %s\n",

329

421

safer_gnutls_strerror(ret));

422

gnutls_deinit (*session);

330

423

return -1;

331

424

}

332

425

333

426

/* ignore client certificate if any. */

334

gnutls_certificate_server_set_request (es->session,

427

gnutls_certificate_server_set_request (*session,

335

428

GNUTLS_CERT_IGNORE);

336

429

337

gnutls_dh_set_prime_bits (es->session, DH_BITS);

430

gnutls_dh_set_prime_bits (*session, mc->dh_bits);

338

431

339

432

return 0;

340

433

}

341

434

342

void empty_log(__attribute__((unused)) AvahiLogLevel level,

343

__attribute__((unused)) const char *txt){}

435

/* Avahi log function callback */

436

static void empty_log(__attribute__((unused)) AvahiLogLevel level,

437

__attribute__((unused)) const char *txt){}

344

438

345

int start_mandos_communication(const char *ip, uint16_t port,

346

AvahiIfIndex if_index){

439

/* Called when a Mandos server is found */

440

static int start_mandos_communication(const char *ip, uint16_t port,

441

AvahiIfIndex if_index,

442

mandos_context *mc){

347

443

int ret, tcp_sd;

348

struct sockaddr_in6 to;

349

encrypted_session es;

444

union { struct sockaddr in; struct sockaddr_in6 in6; } to;

350

445

char *buffer = NULL;

351

446

char *decrypted_buffer;

352

447

size_t buffer_length = 0;

353

448

size_t buffer_capacity = 0;

354

449

ssize_t decrypted_buffer_size;

355

size_t written = 0;

450

size_t written;

356

451

int retval = 0;

357

452

char interface[IF_NAMESIZE];

453

gnutls_session_t session;

454

455

ret = init_gnutls_session (mc, &session);

456

if (ret != 0){

457

return -1;

458

}

358

459

359

460

if(debug){

360

fprintf(stderr, "Setting up a tcp connection to %s, port %d\n",

361

ip, port);

461

fprintf(stderr, "Setting up a tcp connection to %s, port %" PRIu16

462

"\n", ip, port);

362

463

}

363

464

364

465

tcp_sd = socket(PF_INET6, SOCK_STREAM, 0);

366

467

perror("socket");

367

468

return -1;

368

469

}

369

370

if(if_indextoname((unsigned int)if_index, interface) == NULL){

371

if(debug){

470

471

if(debug){

472

if(if_indextoname((unsigned int)if_index, interface) == NULL){

372

473

perror("if_indextoname");

474

return -1;

373

475

}

374

return -1;

375

}

376

377

if(debug){

378

476

fprintf(stderr, "Binding to interface %s\n", interface);

379

477

}

380

478

381

memset(&to,0,sizeof(to)); /* Spurious warning */

382

to.sin6_family = AF_INET6;

383

ret = inet_pton(AF_INET6, ip, &to.sin6_addr);

479

memset(&to, 0, sizeof(to));

480

to.in6.sin6_family = AF_INET6;

481

/* It would be nice to have a way to detect if we were passed an

482

IPv4 address here. Now we assume an IPv6 address. */

483

ret = inet_pton(AF_INET6, ip, &to.in6.sin6_addr);

384

484

if (ret < 0 ){

385

485

perror("inet_pton");

386

486

return -1;

387

}

487

}

388

488

if(ret == 0){

389

489

fprintf(stderr, "Bad address: %s\n", ip);

390

490

return -1;

391

491

}

392

to.sin6_port = htons(port); /* Spurious warning */

492

to.in6.sin6_port = htons(port); /* Spurious warning */

393

493

394

to.sin6_scope_id = (uint32_t)if_index;

494

to.in6.sin6_scope_id = (uint32_t)if_index;

395

495

396

496

if(debug){

397

fprintf(stderr, "Connection to: %s, port %d\n", ip, port);

398

/* char addrstr[INET6_ADDRSTRLEN]; */

399

/* if(inet_ntop(to.sin6_family, &(to.sin6_addr), addrstr, */

400

/* sizeof(addrstr)) == NULL){ */

401

/* perror("inet_ntop"); */

402

/* } else { */

403

/* fprintf(stderr, "Really connecting to: %s, port %d\n", */

404

/* addrstr, ntohs(to.sin6_port)); */

405

/* } */

497

fprintf(stderr, "Connection to: %s, port %" PRIu16 "\n", ip,

498

port);

499

char addrstr[INET6_ADDRSTRLEN] = "";

500

if(inet_ntop(to.in6.sin6_family, &(to.in6.sin6_addr), addrstr,

501

sizeof(addrstr)) == NULL){

502

perror("inet_ntop");

503

} else {

504

if(strcmp(addrstr, ip) != 0){

505

fprintf(stderr, "Canonical address form: %s\n", addrstr);

506

}

507

}

406

508

}

407

509

408

ret = connect(tcp_sd, (struct sockaddr *) &to, sizeof(to));

510

ret = connect(tcp_sd, &to.in, sizeof(to));

409

511

if (ret < 0){

410

512

perror("connect");

411

513

return -1;

412

514

}

413

414

ret = initgnutls (&es);

415

if (ret != 0){

416

retval = -1;

417

return -1;

515

516

const char *out = mandos_protocol_version;

517

written = 0;

518

while (true){

519

size_t out_size = strlen(out);

520

ret = TEMP_FAILURE_RETRY(write(tcp_sd, out + written,

521

out_size - written));

522

if (ret == -1){

523

perror("write");

524

retval = -1;

525

goto mandos_end;

526

}

527

written += (size_t)ret;

528

if(written < out_size){

529

continue;

530

} else {

531

if (out == mandos_protocol_version){

532

written = 0;

533

out = "\r\n";

534

} else {

535

break;

536

}

537

}

418

538

}

419

420

gnutls_transport_set_ptr (es.session,

421

(gnutls_transport_ptr_t) tcp_sd);

422

539

423

540

if(debug){

424

541

fprintf(stderr, "Establishing TLS session with %s\n", ip);

425

542

}

426

543

427

ret = gnutls_handshake (es.session);

544

gnutls_transport_set_ptr (session, (gnutls_transport_ptr_t) tcp_sd);

545

546

do{

547

ret = gnutls_handshake (session);

548

} while(ret == GNUTLS_E_AGAIN or ret == GNUTLS_E_INTERRUPTED);

428

549

429

550

if (ret != GNUTLS_E_SUCCESS){

430

551

if(debug){

431

fprintf(stderr, "\n*** Handshake failed ***\n");

552

fprintf(stderr, "*** GnuTLS Handshake failed ***\n");

432

553

gnutls_perror (ret);

433

554

}

434

555

retval = -1;

435

goto exit;

556

goto mandos_end;

436

557

}

437

558

438

//Retrieve OpenPGP packet that contains the wanted password

559

/* Read OpenPGP packet that contains the wanted password */

439

560

440

561

if(debug){

441

562

fprintf(stderr, "Retrieving pgp encrypted password from %s\n",

443

564

}

444

565

445

566

while(true){

446

if (buffer_length + BUFFER_SIZE > buffer_capacity){

447

buffer = realloc(buffer, buffer_capacity + BUFFER_SIZE);

448

if (buffer == NULL){

449

perror("realloc");

450

goto exit;

451

}

452

buffer_capacity += BUFFER_SIZE;

567

buffer_capacity = adjustbuffer(&buffer, buffer_length,

568

buffer_capacity);

569

if (buffer_capacity == 0){

570

perror("adjustbuffer");

571

retval = -1;

572

goto mandos_end;

453

573

}

454

574

455

ret = gnutls_record_recv

456

(es.session, buffer+buffer_length, BUFFER_SIZE);

575

ret = gnutls_record_recv(session, buffer+buffer_length,

576

BUFFER_SIZE);

457

577

if (ret == 0){

458

578

break;

459

579

}

463

583

case GNUTLS_E_AGAIN:

464

584

break;

465

585

case GNUTLS_E_REHANDSHAKE:

466

ret = gnutls_handshake (es.session);

586

do{

587

ret = gnutls_handshake (session);

588

} while(ret == GNUTLS_E_AGAIN or ret == GNUTLS_E_INTERRUPTED);

467

589

if (ret < 0){

468

fprintf(stderr, "\n*** Handshake failed ***\n");

590

fprintf(stderr, "*** GnuTLS Re-handshake failed ***\n");

469

591

gnutls_perror (ret);

470

592

retval = -1;

471

goto exit;

593

goto mandos_end;

472

594

}

473

595

break;

474

596

default:

475

597

fprintf(stderr, "Unknown error while reading data from"

476

" encrypted session with mandos server\n");

598

" encrypted session with Mandos server\n");

477

599

retval = -1;

478

gnutls_bye (es.session, GNUTLS_SHUT_RDWR);

479

goto exit;

600

gnutls_bye (session, GNUTLS_SHUT_RDWR);

601

goto mandos_end;

480

602

}

481

603

} else {

482

604

buffer_length += (size_t) ret;

483

605

}

484

606

}

485

607

608

if(debug){

609

fprintf(stderr, "Closing TLS session\n");

610

}

611

612

gnutls_bye (session, GNUTLS_SHUT_RDWR);

613

486

614

if (buffer_length > 0){

487

615

decrypted_buffer_size = pgp_packet_decrypt(buffer,

488

616

buffer_length,

489

617

&decrypted_buffer,

490

CERT_ROOT);

618

keydir);

491

619

if (decrypted_buffer_size >= 0){

620

written = 0;

492

621

while(written < (size_t) decrypted_buffer_size){

493

622

ret = (int)fwrite (decrypted_buffer + written, 1,

494

623

(size_t)decrypted_buffer_size - written,

508

637

retval = -1;

509

638

}

510

639

}

511

512

//shutdown procedure

513

514

if(debug){

515

fprintf(stderr, "Closing TLS session\n");

516

}

517

640

641

/* Shutdown procedure */

642

643

mandos_end:

518

644

free(buffer);

519

gnutls_bye (es.session, GNUTLS_SHUT_RDWR);

520

exit:

521

645

close(tcp_sd);

522

gnutls_deinit (es.session);

523

gnutls_certificate_free_credentials (es.cred);

524

gnutls_global_deinit ();

646

gnutls_deinit (session);

525

647

return retval;

526

648

}

527

649

528

static AvahiSimplePoll *simple_poll = NULL;

529

static AvahiServer *server = NULL;

530

531

static void resolve_callback(

532

AvahiSServiceResolver *r,

533

AvahiIfIndex interface,

534

AVAHI_GCC_UNUSED AvahiProtocol protocol,

535

AvahiResolverEvent event,

536

const char *name,

537

const char *type,

538

const char *domain,

539

const char *host_name,

540

const AvahiAddress *address,

541

uint16_t port,

542

AVAHI_GCC_UNUSED AvahiStringList *txt,

543

AVAHI_GCC_UNUSED AvahiLookupResultFlags flags,

544

AVAHI_GCC_UNUSED void* userdata) {

545

546

assert(r); /* Spurious warning */

650

static void resolve_callback(AvahiSServiceResolver *r,

651

AvahiIfIndex interface,

652

AVAHI_GCC_UNUSED AvahiProtocol protocol,

653

AvahiResolverEvent event,

654

const char *name,

655

const char *type,

656

const char *domain,

657

const char *host_name,

658

const AvahiAddress *address,

659

uint16_t port,

660

AVAHI_GCC_UNUSED AvahiStringList *txt,

661

AVAHI_GCC_UNUSED AvahiLookupResultFlags

662

flags,

663

void* userdata) {

664

mandos_context *mc = userdata;

665

assert(r);

547

666

548

667

/* Called whenever a service has been resolved successfully or

549

668

timed out */

551

670

switch (event) {

552

671

default:

553

672

case AVAHI_RESOLVER_FAILURE:

554

fprintf(stderr, "(Resolver) Failed to resolve service '%s' of"

555

" type '%s' in domain '%s': %s\n", name, type, domain,

556

avahi_strerror(avahi_server_errno(server)));

673

fprintf(stderr, "(Avahi Resolver) Failed to resolve service '%s'"

674

" of type '%s' in domain '%s': %s\n", name, type, domain,

675

avahi_strerror(avahi_server_errno(mc->server)));

557

676

break;

558

677

559

678

case AVAHI_RESOLVER_FOUND:

561

680

char ip[AVAHI_ADDRESS_STR_MAX];

562

681

avahi_address_snprint(ip, sizeof(ip), address);

563

682

if(debug){

564

fprintf(stderr, "Mandos server \"%s\" found on %s (%s) on"

565

" port %d\n", name, host_name, ip, port);

683

fprintf(stderr, "Mandos server \"%s\" found on %s (%s, %"

684

PRIu16 ") on port %d\n", name, host_name, ip,

685

interface, port);

566

686

}

567

int ret = start_mandos_communication(ip, port, interface);

687

int ret = start_mandos_communication(ip, port, interface, mc);

568

688

if (ret == 0){

569

exit(EXIT_SUCCESS);

689

avahi_simple_poll_quit(mc->simple_poll);

570

690

}

571

691

}

572

692

}

573

693

avahi_s_service_resolver_free(r);

574

694

}

575

695

576

static void browse_callback(

577

AvahiSServiceBrowser *b,

578

AvahiIfIndex interface,

579

AvahiProtocol protocol,

580

AvahiBrowserEvent event,

581

const char *name,

582

const char *type,

583

const char *domain,

584

AVAHI_GCC_UNUSED AvahiLookupResultFlags flags,

585

void* userdata) {

586

587

AvahiServer *s = userdata;

588

assert(b); /* Spurious warning */

589

590

/* Called whenever a new services becomes available on the LAN or

591

is removed from the LAN */

592

593

switch (event) {

594

default:

595

case AVAHI_BROWSER_FAILURE:

596

597

fprintf(stderr, "(Browser) %s\n",

598

avahi_strerror(avahi_server_errno(server)));

599

avahi_simple_poll_quit(simple_poll);

600

return;

601

602

case AVAHI_BROWSER_NEW:

603

/* We ignore the returned resolver object. In the callback

604

function we free it. If the server is terminated before

605

the callback function is called the server will free

606

the resolver for us. */

607

608

if (!(avahi_s_service_resolver_new(s, interface, protocol, name,

609

type, domain,

610

AVAHI_PROTO_INET6, 0,

611

resolve_callback, s)))

612

fprintf(stderr, "Failed to resolve service '%s': %s\n", name,

613

avahi_strerror(avahi_server_errno(s)));

614

break;

615

616

case AVAHI_BROWSER_REMOVE:

617

break;

618

619

case AVAHI_BROWSER_ALL_FOR_NOW:

620

case AVAHI_BROWSER_CACHE_EXHAUSTED:

621

break;

696

static void browse_callback( AvahiSServiceBrowser *b,

697

AvahiIfIndex interface,

698

AvahiProtocol protocol,

699

AvahiBrowserEvent event,

700

const char *name,

701

const char *type,

702

const char *domain,

703

AVAHI_GCC_UNUSED AvahiLookupResultFlags

704

flags,

705

void* userdata) {

706

mandos_context *mc = userdata;

707

assert(b);

708

709

/* Called whenever a new services becomes available on the LAN or

710

is removed from the LAN */

711

712

switch (event) {

713

default:

714

case AVAHI_BROWSER_FAILURE:

715

716

fprintf(stderr, "(Avahi browser) %s\n",

717

avahi_strerror(avahi_server_errno(mc->server)));

718

avahi_simple_poll_quit(mc->simple_poll);

719

return;

720

721

case AVAHI_BROWSER_NEW:

722

/* We ignore the returned Avahi resolver object. In the callback

723

function we free it. If the Avahi server is terminated before

724

the callback function is called the Avahi server will free the

725

resolver for us. */

726

727

if (!(avahi_s_service_resolver_new(mc->server, interface,

728

protocol, name, type, domain,

729

AVAHI_PROTO_INET6, 0,

730

resolve_callback, mc)))

731

fprintf(stderr, "Avahi: Failed to resolve service '%s': %s\n",

732

name, avahi_strerror(avahi_server_errno(mc->server)));

733

break;

734

735

case AVAHI_BROWSER_REMOVE:

736

break;

737

738

case AVAHI_BROWSER_ALL_FOR_NOW:

739

case AVAHI_BROWSER_CACHE_EXHAUSTED:

740

if(debug){

741

fprintf(stderr, "No Mandos server found, still searching...\n");

622

742

}

623

}

624

625

int main(AVAHI_GCC_UNUSED int argc, AVAHI_GCC_UNUSED char*argv[]) {

626

AvahiServerConfig config;

743

break;

744

}

745

}

746

747

/* Combines file name and path and returns the malloced new

748

string. some sane checks could/should be added */

749

static char *combinepath(const char *first, const char *second){

750

char *tmp;

751

int ret = asprintf(&tmp, "%s/%s", first, second);

752

if(ret < 0){

753

return NULL;

754

}

755

return tmp;

756

}

757

758

759

int main(int argc, char *argv[]){

627

760

AvahiSServiceBrowser *sb = NULL;

628

761

int error;

629

762

int ret;

630

int returncode = EXIT_SUCCESS;

631

const char *interface = NULL;

763

int exitcode = EXIT_SUCCESS;

764

const char *interface = "eth0";

765

struct ifreq network;

766

int sd;

767

uid_t uid;

768

gid_t gid;

769

char *connect_to = NULL;

632

770

AvahiIfIndex if_index = AVAHI_IF_UNSPEC;

633

char *connect_to = NULL;

634

635

while (true){

636

static struct option long_options[] = {

637

{"debug", no_argument, (int *)&debug, 1},

638

{"connect", required_argument, 0, 'c'},

639

{"interface", required_argument, 0, 'i'},

640

{0, 0, 0, 0} };

641

642

int option_index = 0;

643

ret = getopt_long (argc, argv, "i:", long_options,

644

&option_index);

645

646

if (ret == -1){

647

break;

648

}

649

650

switch(ret){

651

case 0:

652

break;

653

case 'i':

654

interface = optarg;

655

break;

656

case 'c':

657

connect_to = optarg;

658

break;

659

default:

660

exit(EXIT_FAILURE);

661

}

662

}

663

664

if(interface != NULL){

665

if_index = (AvahiIfIndex) if_nametoindex(interface);

666

if(if_index == 0){

667

fprintf(stderr, "No such interface: \"%s\"\n", interface);

668

exit(EXIT_FAILURE);

669

}

771

char *pubkeyfilename = NULL;

772

char *seckeyfilename = NULL;

773

const char *pubkeyname = "pubkey.txt";

774

const char *seckeyname = "seckey.txt";

775

mandos_context mc = { .simple_poll = NULL, .server = NULL,

776

.dh_bits = 1024, .priority = "SECURE256"};

777

bool gnutls_initalized = false;

778

779

{

780

struct argp_option options[] = {

781

{ .name = "debug", .key = 128,

782

.doc = "Debug mode", .group = 3 },

783

{ .name = "connect", .key = 'c',

784

.arg = "IP",

785

.doc = "Connect directly to a sepcified mandos server",

786

.group = 1 },

787

{ .name = "interface", .key = 'i',

788

.arg = "INTERFACE",

789

.doc = "Interface that Avahi will conntect through",

790

.group = 1 },

791

{ .name = "keydir", .key = 'd',

792

.arg = "KEYDIR",

793

.doc = "Directory where the openpgp keyring is",

794

.group = 1 },

795

{ .name = "seckey", .key = 's',

796

.arg = "SECKEY",

797

.doc = "Secret openpgp key for gnutls authentication",

798

.group = 1 },

799

{ .name = "pubkey", .key = 'p',

800

.arg = "PUBKEY",

801

.doc = "Public openpgp key for gnutls authentication",

802

.group = 2 },

803

{ .name = "dh-bits", .key = 129,

804

.arg = "BITS",

805

.doc = "dh-bits to use in gnutls communication",

806

.group = 2 },

807

{ .name = "priority", .key = 130,

808

.arg = "PRIORITY",

809

.doc = "GNUTLS priority", .group = 1 },

810

{ .name = NULL }

811

};

812

813

814

error_t parse_opt (int key, char *arg,

815

struct argp_state *state) {

816

/* Get the INPUT argument from `argp_parse', which we know is

817

a pointer to our plugin list pointer. */

818

switch (key) {

819

case 128:

820

debug = true;

821

break;

822

case 'c':

823

connect_to = arg;

824

break;

825

case 'i':

826

interface = arg;

827

break;

828

case 'd':

829

keydir = arg;

830

break;

831

case 's':

832

seckeyname = arg;

833

break;

834

case 'p':

835

pubkeyname = arg;

836

break;

837

case 129:

838

errno = 0;

839

mc.dh_bits = (unsigned int) strtol(arg, NULL, 10);

840

if (errno){

841

perror("strtol");

842

exit(EXIT_FAILURE);

843

}

844

break;

845

case 130:

846

mc.priority = arg;

847

break;

848

case ARGP_KEY_ARG:

849

argp_usage (state);

850

case ARGP_KEY_END:

851

break;

852

default:

853

return ARGP_ERR_UNKNOWN;

854

}

855

return 0;

856

}

857

858

struct argp argp = { .options = options, .parser = parse_opt,

859

.args_doc = "",

860

.doc = "Mandos client -- Get and decrypt"

861

" passwords from mandos server" };

862

ret = argp_parse (&argp, argc, argv, 0, 0, NULL);

863

if (ret == ARGP_ERR_UNKNOWN){

864

fprintf(stderr, "Unknown error while parsing arguments\n");

865

exitcode = EXIT_FAILURE;

866

goto end;

867

}

868

}

869

870

pubkeyfilename = combinepath(keydir, pubkeyname);

871

if (pubkeyfilename == NULL){

872

perror("combinepath");

873

exitcode = EXIT_FAILURE;

874

goto end;

875

}

876

877

seckeyfilename = combinepath(keydir, seckeyname);

878

if (seckeyfilename == NULL){

879

perror("combinepath");

880

exitcode = EXIT_FAILURE;

881

goto end;

882

}

883

884

ret = init_gnutls_global(&mc, pubkeyfilename, seckeyfilename);

885

if (ret == -1){

886

fprintf(stderr, "init_gnutls_global failed\n");

887

exitcode = EXIT_FAILURE;

888

goto end;

889

} else {

890

gnutls_initalized = true;

891

}

892

893

/* If the interface is down, bring it up */

894

{

895

sd = socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP);

896

if(sd < 0) {

897

perror("socket");

898

exitcode = EXIT_FAILURE;

899

goto end;

900

}

901

strcpy(network.ifr_name, interface);

902

ret = ioctl(sd, SIOCGIFFLAGS, &network);

903

if(ret == -1){

904

perror("ioctl SIOCGIFFLAGS");

905

exitcode = EXIT_FAILURE;

906

goto end;

907

}

908

if((network.ifr_flags & IFF_UP) == 0){

909

network.ifr_flags |= IFF_UP;

910

ret = ioctl(sd, SIOCSIFFLAGS, &network);

911

if(ret == -1){

912

perror("ioctl SIOCSIFFLAGS");

913

exitcode = EXIT_FAILURE;

914

goto end;

915

}

916

}

917

close(sd);

918

}

919

920

uid = getuid();

921

gid = getgid();

922

923

ret = setuid(uid);

924

if (ret == -1){

925

perror("setuid");

926

}

927

928

setgid(gid);

929

if (ret == -1){

930

perror("setgid");

931

}

932

933

if_index = (AvahiIfIndex) if_nametoindex(interface);

934

if(if_index == 0){

935

fprintf(stderr, "No such interface: \"%s\"\n", interface);

936

exit(EXIT_FAILURE);

670

937

}

671

938

672

939

if(connect_to != NULL){

675

942

char *address = strrchr(connect_to, ':');

676

943

if(address == NULL){

677

944

fprintf(stderr, "No colon in address\n");

678

exit(EXIT_FAILURE);

945

exitcode = EXIT_FAILURE;

946

goto end;

679

947

}

680

948

errno = 0;

681

949

uint16_t port = (uint16_t) strtol(address+1, NULL, 10);

682

950

if(errno){

683

951

perror("Bad port number");

684

exit(EXIT_FAILURE);

952

exitcode = EXIT_FAILURE;

953

goto end;

685

954

}

686

955

*address = '\0';

687

956

address = connect_to;

688

ret = start_mandos_communication(address, port, if_index);

957

ret = start_mandos_communication(address, port, if_index, &mc);

689

958

if(ret < 0){

690

exit(EXIT_FAILURE);

959

exitcode = EXIT_FAILURE;

691

960

} else {

692

exit(EXIT_SUCCESS);

961

exitcode = EXIT_SUCCESS;

693

962

}

963

goto end;

694

964

}

695

965

696

966

if (not debug){

697

967

avahi_set_log_function(empty_log);

698

968

}

699

969

700

/* Initialize the psuedo-RNG */

970

/* Initialize the pseudo-RNG for Avahi */

701

971

srand((unsigned int) time(NULL));

702

703

/* Allocate main loop object */

704

if (!(simple_poll = avahi_simple_poll_new())) {

705

fprintf(stderr, "Failed to create simple poll object.\n");

706

707

goto exit;

708

}

709

710

/* Do not publish any local records */

711

avahi_server_config_init(&config);

712

config.publish_hinfo = 0;

713

config.publish_addresses = 0;

714

config.publish_workstation = 0;

715

config.publish_domain = 0;

716

717

/* Allocate a new server */

718

server = avahi_server_new(avahi_simple_poll_get(simple_poll),

719

&config, NULL, NULL, &error);

720

721

/* Free the configuration data */

722

avahi_server_config_free(&config);

723

724

/* Check if creating the server object succeeded */

725

if (!server) {

726

fprintf(stderr, "Failed to create server: %s\n",

972

973

/* Allocate main Avahi loop object */

974

mc.simple_poll = avahi_simple_poll_new();

975

if (mc.simple_poll == NULL) {

976

fprintf(stderr, "Avahi: Failed to create simple poll"

977

" object.\n");

978

exitcode = EXIT_FAILURE;

979

goto end;

980

}

981

982

{

983

AvahiServerConfig config;

984

/* Do not publish any local Zeroconf records */

985

avahi_server_config_init(&config);

986

config.publish_hinfo = 0;

987

config.publish_addresses = 0;

988

config.publish_workstation = 0;

989

config.publish_domain = 0;

990

991

/* Allocate a new server */

992

mc.server = avahi_server_new(avahi_simple_poll_get

993

(mc.simple_poll), &config, NULL,

994

NULL, &error);

995

996

/* Free the Avahi configuration data */

997

avahi_server_config_free(&config);

998

}

999

1000

/* Check if creating the Avahi server object succeeded */

1001

if (mc.server == NULL) {

1002

fprintf(stderr, "Failed to create Avahi server: %s\n",

727

1003

avahi_strerror(error));

728

returncode = EXIT_FAILURE;

729

goto exit;

1004

exitcode = EXIT_FAILURE;

1005

goto end;

730

1006

}

731

1007

732

/* Create the service browser */

733

sb = avahi_s_service_browser_new(server, if_index,

1008

/* Create the Avahi service browser */

1009

sb = avahi_s_service_browser_new(mc.server, if_index,

734

1010

AVAHI_PROTO_INET6,

735

1011

"_mandos._tcp", NULL, 0,

736

browse_callback, server);

737

if (!sb) {

1012

browse_callback, &mc);

1013

if (sb == NULL) {

738

1014

fprintf(stderr, "Failed to create service browser: %s\n",

739

avahi_strerror(avahi_server_errno(server)));

740

returncode = EXIT_FAILURE;

741

goto exit;

1015

avahi_strerror(avahi_server_errno(mc.server)));

1016

exitcode = EXIT_FAILURE;

1017

goto end;

742

1018

}

743

1019

744

1020

/* Run the main loop */

745

1021

746

1022

if (debug){

747

fprintf(stderr, "Starting avahi loop search\n");

1023

fprintf(stderr, "Starting Avahi loop search\n");

748

1024

}

749

1025

750

avahi_simple_poll_loop(simple_poll);

1026

avahi_simple_poll_loop(mc.simple_poll);

751

1027

752

exit:

1028

end:

753

1029

754

1030

if (debug){

755

1031

fprintf(stderr, "%s exiting\n", argv[0]);

756

1032

}

757

1033

758

1034

/* Cleanup things */

759

if (sb)

1035

if (sb != NULL)

760

1036

avahi_s_service_browser_free(sb);

761

1037

762

if (server)

763

avahi_server_free(server);

764

765

if (simple_poll)

766

avahi_simple_poll_free(simple_poll);

767

768

return returncode;

1038

if (mc.server != NULL)

1039

avahi_server_free(mc.server);

1040

1041

if (mc.simple_poll != NULL)

1042

avahi_simple_poll_free(mc.simple_poll);

1043

free(pubkeyfilename);

1044

free(seckeyfilename);

1045

1046

if (gnutls_initalized){

1047

gnutls_certificate_free_credentials(mc.cred);

1048

gnutls_global_deinit ();

1049

}

1050

1051

return exitcode;

769

1052

}

Older »