To get this branch, use:
bzr branch
http://bzr.recompile.se/loggerhead/mandos/release
« back to all changes in this revision
Viewing changes to plugins.d/password-request.c
- browse files at revision 97
- compare with another revision
- download diff
- download tarball
- view history from revision 97
- Committer: Teddy Hogeborn
- Date: 2008-08-24 07:42:14 UTC
- Revision ID: teddy@fukt.bsnet.se-20080824074214-odju7g3115le171c
* mandos-keygen: Bug fix: Recognize new options --subtype and
--sublength. New option "--password" which prompts
for and encrypts a password with an already existing
key.
* mandos-keygen.xml (SYNOPSIS): Added separate synopsis for
"--password" option.
(DESCRIPTION): Added text about password creation.
(OPTIONS): Document default value for "--dir" option. Document new
"--password" option.
--sublength. New option "--password" which prompts
for and encrypts a password with an already existing
key.
* mandos-keygen.xml (SYNOPSIS): Added separate synopsis for
"--password" option.
(DESCRIPTION): Added text about password creation.
(OPTIONS): Document default value for "--dir" option. Document new
"--password" option.
- files added:
- COPYING
- files removed:
- ca.pem
- files renamed:
- server.py => mandos
- server.conf => mandos.conf
- plugbasedclient.c => plugin-runner.c
- plugins.d/passprompt.c => plugins.d/password-prompt.c
- plugins.d/mandosclient.c => plugins.d/password-request.c
- files modified:
- Makefile
added
removed
plugins.d/password-request.c
32
32
#define _LARGEFILE_SOURCE
33
33
#define _FILE_OFFSET_BITS 64
34
34
35
#define _GNU_SOURCE /* TEMP_FAILURE_RETRY() */
36
37
#include <stdio.h>
38
#include <assert.h>
39
#include <stdlib.h>
40
#include <time.h>
41
#include <net/if.h> /* if_nametoindex */
42
#include <sys/ioctl.h> // ioctl, ifreq, SIOCGIFFLAGS, IFF_UP, SIOCSIFFLAGS
43
#include <net/if.h> // ioctl, ifreq, SIOCGIFFLAGS, IFF_UP, SIOCSIFFLAGS
44
35
#define _GNU_SOURCE /* TEMP_FAILURE_RETRY(), asprintf() */
36
37
#include <stdio.h> /* fprintf(), stderr, fwrite(),
38
stdout, ferror() */
39
#include <stdint.h> /* uint16_t, uint32_t */
40
#include <stddef.h> /* NULL, size_t, ssize_t */
41
#include <stdlib.h> /* free(), EXIT_SUCCESS, EXIT_FAILURE,
42
srand() */
43
#include <stdbool.h> /* bool, true */
44
#include <string.h> /* memset(), strcmp(), strlen(),
45
strerror(), asprintf(), strcpy() */
46
#include <sys/ioctl.h> /* ioctl */
47
#include <sys/types.h> /* socket(), inet_pton(), sockaddr,
48
sockaddr_in6, PF_INET6,
49
SOCK_STREAM, INET6_ADDRSTRLEN,
50
uid_t, gid_t */
51
#include <inttypes.h> /* PRIu16 */
52
#include <sys/socket.h> /* socket(), struct sockaddr_in6,
53
struct in6_addr, inet_pton(),
54
connect() */
55
#include <assert.h> /* assert() */
56
#include <errno.h> /* perror(), errno */
57
#include <time.h> /* time() */
58
#include <net/if.h> /* ioctl, ifreq, SIOCGIFFLAGS, IFF_UP,
59
SIOCSIFFLAGS, if_indextoname(),
60
if_nametoindex(), IF_NAMESIZE */
61
#include <unistd.h> /* close(), SEEK_SET, off_t, write(),
62
getuid(), getgid(), setuid(),
63
setgid() */
64
#include <netinet/in.h>
65
#include <arpa/inet.h> /* inet_pton(), htons */
66
#include <iso646.h> /* not, and */
67
#include <argp.h> /* struct argp_option, error_t, struct
68
argp_state, struct argp,
69
argp_parse(), ARGP_KEY_ARG,
70
ARGP_KEY_END, ARGP_ERR_UNKNOWN */
71
72
/* Avahi */
73
/* All Avahi types, constants and functions
74
Avahi*, avahi_*,
75
AVAHI_* */
45
76
#include <avahi-core/core.h>
46
77
#include <avahi-core/lookup.h>
47
78
#include <avahi-core/log.h>
49
80
#include <avahi-common/malloc.h>
50
81
#include <avahi-common/error.h>
51
82
52
//mandos client part
53
#include <sys/types.h> /* socket(), inet_pton() */
54
#include <sys/socket.h> /* socket(), struct sockaddr_in6,
55
struct in6_addr, inet_pton() */
56
#include <gnutls/gnutls.h> /* All GnuTLS stuff */
57
#include <gnutls/openpgp.h> /* GnuTLS with openpgp stuff */
58
59
#include <unistd.h> /* close() */
60
#include <netinet/in.h>
61
#include <stdbool.h> /* true */
62
#include <string.h> /* memset */
63
#include <arpa/inet.h> /* inet_pton() */
64
#include <iso646.h> /* not */
65
66
// gpgme
67
#include <errno.h> /* perror() */
68
#include <gpgme.h>
69
70
// getopt long
71
#include <getopt.h>
83
/* GnuTLS */
84
#include <gnutls/gnutls.h> /* All GnuTLS types, constants and
85
functions:
86
gnutls_*
87
init_gnutls_session(),
88
GNUTLS_* */
89
#include <gnutls/openpgp.h> /* gnutls_certificate_set_openpgp_key_file(),
90
GNUTLS_OPENPGP_FMT_BASE64 */
91
92
/* GPGME */
93
#include <gpgme.h> /* All GPGME types, constants and
94
functions:
95
gpgme_*
96
GPGME_PROTOCOL_OpenPGP,
97
GPG_ERR_NO_* */
72
98
73
99
#define BUFFER_SIZE 256
74
#define DH_BITS 1024
75
76
static const char *certdir = "/conf/conf.d/mandos";
77
static const char *certfile = "openpgp-client.txt";
78
static const char *certkey = "openpgp-client-key.txt";
79
100
80
101
bool debug = false;
81
82
const char mandos_protocol_version[] = "1";
83
102
static const char *keydir = "/conf/conf.d/mandos";
103
static const char mandos_protocol_version[] = "1";
104
const char *argp_program_version = "password-request 1.0";
105
const char *argp_program_bug_address = "<mandos@fukt.bsnet.se>";
106
107
/* Used for passing in values through the Avahi callback functions */
84
108
typedef struct {
85
109
AvahiSimplePoll *simple_poll;
86
110
AvahiServer *server;
87
111
gnutls_certificate_credentials_t cred;
88
112
unsigned int dh_bits;
113
gnutls_dh_params_t dh_params;
89
114
const char *priority;
90
115
} mandos_context;
91
116
92
size_t adjustbuffer(char *buffer, size_t buffer_length,
117
/*
118
* Make room in "buffer" for at least BUFFER_SIZE additional bytes.
119
* "buffer_capacity" is how much is currently allocated,
120
* "buffer_length" is how much is already used.
121
*/
122
size_t adjustbuffer(char **buffer, size_t buffer_length,
93
123
size_t buffer_capacity){
94
124
if (buffer_length + BUFFER_SIZE > buffer_capacity){
95
buffer = realloc(buffer, buffer_capacity + BUFFER_SIZE);
125
*buffer = realloc(*buffer, buffer_capacity + BUFFER_SIZE);
96
126
if (buffer == NULL){
97
127
return 0;
98
128
}
101
131
return buffer_capacity;
102
132
}
103
133
104
static ssize_t pgp_packet_decrypt (char *packet, size_t packet_size,
105
char **new_packet,
134
/*
135
* Decrypt OpenPGP data using keyrings in HOMEDIR.
136
* Returns -1 on error
137
*/
138
static ssize_t pgp_packet_decrypt (const char *cryptotext,
139
size_t crypto_size,
140
char **plaintext,
106
141
const char *homedir){
107
142
gpgme_data_t dh_crypto, dh_plain;
108
143
gpgme_ctx_t ctx;
109
144
gpgme_error_t rc;
110
145
ssize_t ret;
111
size_t new_packet_capacity = 0;
112
ssize_t new_packet_length = 0;
146
size_t plaintext_capacity = 0;
147
ssize_t plaintext_length = 0;
113
148
gpgme_engine_info_t engine_info;
114
149
115
150
if (debug){
116
fprintf(stderr, "Trying to decrypt OpenPGP packet\n");
151
fprintf(stderr, "Trying to decrypt OpenPGP data\n");
117
152
}
118
153
119
154
/* Init GPGME */
125
160
return -1;
126
161
}
127
162
128
/* Set GPGME home directory */
163
/* Set GPGME home directory for the OpenPGP engine only */
129
164
rc = gpgme_get_engine_info (&engine_info);
130
165
if (rc != GPG_ERR_NO_ERROR){
131
166
fprintf(stderr, "bad gpgme_get_engine_info: %s: %s\n",
141
176
engine_info = engine_info->next;
142
177
}
143
178
if(engine_info == NULL){
144
fprintf(stderr, "Could not set home dir to %s\n", homedir);
179
fprintf(stderr, "Could not set GPGME home dir to %s\n", homedir);
145
180
return -1;
146
181
}
147
182
148
/* Create new GPGME data buffer from packet buffer */
149
rc = gpgme_data_new_from_mem(&dh_crypto, packet, packet_size, 0);
183
/* Create new GPGME data buffer from memory cryptotext */
184
rc = gpgme_data_new_from_mem(&dh_crypto, cryptotext, crypto_size,
185
0);
150
186
if (rc != GPG_ERR_NO_ERROR){
151
187
fprintf(stderr, "bad gpgme_data_new_from_mem: %s: %s\n",
152
188
gpgme_strsource(rc), gpgme_strerror(rc));
158
194
if (rc != GPG_ERR_NO_ERROR){
159
195
fprintf(stderr, "bad gpgme_data_new: %s: %s\n",
160
196
gpgme_strsource(rc), gpgme_strerror(rc));
197
gpgme_data_release(dh_crypto);
161
198
return -1;
162
199
}
163
200
166
203
if (rc != GPG_ERR_NO_ERROR){
167
204
fprintf(stderr, "bad gpgme_new: %s: %s\n",
168
205
gpgme_strsource(rc), gpgme_strerror(rc));
169
return -1;
206
plaintext_length = -1;
207
goto decrypt_end;
170
208
}
171
209
172
/* Decrypt data from the FILE pointer to the plaintext data
173
buffer */
210
/* Decrypt data from the cryptotext data buffer to the plaintext
211
data buffer */
174
212
rc = gpgme_op_decrypt(ctx, dh_crypto, dh_plain);
175
213
if (rc != GPG_ERR_NO_ERROR){
176
214
fprintf(stderr, "bad gpgme_op_decrypt: %s: %s\n",
177
215
gpgme_strsource(rc), gpgme_strerror(rc));
178
return -1;
216
plaintext_length = -1;
217
goto decrypt_end;
179
218
}
180
219
181
220
if(debug){
182
fprintf(stderr, "Decryption of OpenPGP packet succeeded\n");
221
fprintf(stderr, "Decryption of OpenPGP data succeeded\n");
183
222
}
184
223
185
224
if (debug){
186
225
gpgme_decrypt_result_t result;
187
226
result = gpgme_op_decrypt_result(ctx);
190
229
} else {
191
230
fprintf(stderr, "Unsupported algorithm: %s\n",
192
231
result->unsupported_algorithm);
193
fprintf(stderr, "Wrong key usage: %d\n",
232
fprintf(stderr, "Wrong key usage: %u\n",
194
233
result->wrong_key_usage);
195
234
if(result->file_name != NULL){
196
235
fprintf(stderr, "File name: %s\n", result->file_name);
211
250
}
212
251
}
213
252
214
/* Delete the GPGME FILE pointer cryptotext data buffer */
215
gpgme_data_release(dh_crypto);
216
217
253
/* Seek back to the beginning of the GPGME plaintext data buffer */
218
254
if (gpgme_data_seek(dh_plain, (off_t) 0, SEEK_SET) == -1){
219
255
perror("pgpme_data_seek");
256
plaintext_length = -1;
257
goto decrypt_end;
220
258
}
221
259
222
*new_packet = 0;
260
*plaintext = NULL;
223
261
while(true){
224
new_packet_capacity = adjustbuffer(*new_packet, new_packet_length,
225
new_packet_capacity);
226
if (new_packet_capacity == 0){
262
plaintext_capacity = adjustbuffer(plaintext,
263
(size_t)plaintext_length,
264
plaintext_capacity);
265
if (plaintext_capacity == 0){
227
266
perror("adjustbuffer");
228
return -1;
229
}
230
new_packet_capacity += BUFFER_SIZE;
267
plaintext_length = -1;
268
goto decrypt_end;
231
269
}
232
270
233
ret = gpgme_data_read(dh_plain, *new_packet + new_packet_length,
271
ret = gpgme_data_read(dh_plain, *plaintext + plaintext_length,
234
272
BUFFER_SIZE);
235
273
/* Print the data, if any */
236
274
if (ret == 0){
275
/* EOF */
237
276
break;
238
277
}
239
278
if(ret < 0){
240
279
perror("gpgme_data_read");
241
return -1;
280
plaintext_length = -1;
281
goto decrypt_end;
242
282
}
243
new_packet_length += ret;
283
plaintext_length += ret;
244
284
}
245
285
246
/* FIXME: check characters before printing to screen so to not print
247
terminal control characters */
248
/* if(debug){ */
249
/* fprintf(stderr, "decrypted password is: "); */
250
/* fwrite(*new_packet, 1, new_packet_length, stderr); */
251
/* fprintf(stderr, "\n"); */
252
/* } */
286
if(debug){
287
fprintf(stderr, "Decrypted password is: ");
288
for(ssize_t i = 0; i < plaintext_length; i++){
289
fprintf(stderr, "%02hhX ", (*plaintext)[i]);
290
}
291
fprintf(stderr, "\n");
292
}
293
294
decrypt_end:
295
296
/* Delete the GPGME cryptotext data buffer */
297
gpgme_data_release(dh_crypto);
253
298
254
299
/* Delete the GPGME plaintext data buffer */
255
300
gpgme_data_release(dh_plain);
256
return new_packet_length;
301
return plaintext_length;
257
302
}
258
303
259
304
static const char * safer_gnutls_strerror (int value) {
260
const char *ret = gnutls_strerror (value);
305
const char *ret = gnutls_strerror (value); /* Spurious warning */
261
306
if (ret == NULL)
262
307
ret = "(unknown)";
263
308
return ret;
264
309
}
265
310
311
/* GnuTLS log function callback */
266
312
static void debuggnutls(__attribute__((unused)) int level,
267
313
const char* string){
268
fprintf(stderr, "%s", string);
314
fprintf(stderr, "GnuTLS: %s", string);
269
315
}
270
316
271
static int initgnutls(mandos_context *mc){
272
const char *err;
317
static int init_gnutls_global(mandos_context *mc,
318
const char *pubkeyfilename,
319
const char *seckeyfilename){
273
320
int ret;
274
321
275
322
if(debug){
276
323
fprintf(stderr, "Initializing GnuTLS\n");
277
324
}
278
279
if ((ret = gnutls_global_init ())
280
!= GNUTLS_E_SUCCESS) {
281
fprintf (stderr, "global_init: %s\n", safer_gnutls_strerror(ret));
325
326
ret = gnutls_global_init();
327
if (ret != GNUTLS_E_SUCCESS) {
328
fprintf (stderr, "GnuTLS global_init: %s\n",
329
safer_gnutls_strerror(ret));
282
330
return -1;
283
331
}
284
332
285
333
if (debug){
334
/* "Use a log level over 10 to enable all debugging options."
335
* - GnuTLS manual
336
*/
286
337
gnutls_global_set_log_level(11);
287
338
gnutls_global_set_log_function(debuggnutls);
288
339
}
289
340
290
/* openpgp credentials */
291
if ((ret = gnutls_certificate_allocate_credentials (&es->cred))
292
!= GNUTLS_E_SUCCESS) {
293
fprintf (stderr, "memory error: %s\n",
341
/* OpenPGP credentials */
342
gnutls_certificate_allocate_credentials(&mc->cred);
343
if (ret != GNUTLS_E_SUCCESS){
344
fprintf (stderr, "GnuTLS memory error: %s\n", /* Spurious
345
warning */
294
346
safer_gnutls_strerror(ret));
347
gnutls_global_deinit ();
295
348
return -1;
296
349
}
297
350
298
351
if(debug){
299
352
fprintf(stderr, "Attempting to use OpenPGP certificate %s"
300
" and keyfile %s as GnuTLS credentials\n", certfile,
301
certkey);
353
" and keyfile %s as GnuTLS credentials\n", pubkeyfilename,
354
seckeyfilename);
302
355
}
303
356
304
357
ret = gnutls_certificate_set_openpgp_key_file
305
(es->cred, certfile, certkey, GNUTLS_OPENPGP_FMT_BASE64);
358
(mc->cred, pubkeyfilename, seckeyfilename,
359
GNUTLS_OPENPGP_FMT_BASE64);
306
360
if (ret != GNUTLS_E_SUCCESS) {
307
fprintf
308
(stderr, "Error[%d] while reading the OpenPGP key pair ('%s',"
309
" '%s')\n",
310
ret, certfile, certkey);
311
fprintf(stdout, "The Error is: %s\n",
361
fprintf(stderr,
362
"Error[%d] while reading the OpenPGP key pair ('%s',"
363
" '%s')\n", ret, pubkeyfilename, seckeyfilename);
364
fprintf(stdout, "The GnuTLS error is: %s\n",
312
365
safer_gnutls_strerror(ret));
313
return -1;
314
}
315
316
//GnuTLS server initialization
317
if ((ret = gnutls_dh_params_init (&es->dh_params))
318
!= GNUTLS_E_SUCCESS) {
319
fprintf (stderr, "Error in dh parameter initialization: %s\n",
320
safer_gnutls_strerror(ret));
321
return -1;
322
}
323
324
if ((ret = gnutls_dh_params_generate2 (es->dh_params, DH_BITS))
325
!= GNUTLS_E_SUCCESS) {
326
fprintf (stderr, "Error in prime generation: %s\n",
327
safer_gnutls_strerror(ret));
328
return -1;
329
}
330
331
gnutls_certificate_set_dh_params (es->cred, es->dh_params);
332
333
// GnuTLS session creation
334
if ((ret = gnutls_init (&es->session, GNUTLS_SERVER))
335
!= GNUTLS_E_SUCCESS){
366
goto globalfail;
367
}
368
369
/* GnuTLS server initialization */
370
ret = gnutls_dh_params_init(&mc->dh_params);
371
if (ret != GNUTLS_E_SUCCESS) {
372
fprintf (stderr, "Error in GnuTLS DH parameter initialization:"
373
" %s\n", safer_gnutls_strerror(ret));
374
goto globalfail;
375
}
376
ret = gnutls_dh_params_generate2(mc->dh_params, mc->dh_bits);
377
if (ret != GNUTLS_E_SUCCESS) {
378
fprintf (stderr, "Error in GnuTLS prime generation: %s\n",
379
safer_gnutls_strerror(ret));
380
goto globalfail;
381
}
382
383
gnutls_certificate_set_dh_params(mc->cred, mc->dh_params);
384
385
return 0;
386
387
globalfail:
388
389
gnutls_certificate_free_credentials(mc->cred);
390
gnutls_global_deinit();
391
return -1;
392
393
}
394
395
static int init_gnutls_session(mandos_context *mc,
396
gnutls_session_t *session){
397
int ret;
398
/* GnuTLS session creation */
399
ret = gnutls_init(session, GNUTLS_SERVER);
400
if (ret != GNUTLS_E_SUCCESS){
336
401
fprintf(stderr, "Error in GnuTLS session initialization: %s\n",
337
402
safer_gnutls_strerror(ret));
338
403
}
339
404
340
if ((ret = gnutls_priority_set_direct (es->session, mc->priority, &err))
341
!= GNUTLS_E_SUCCESS) {
342
fprintf(stderr, "Syntax error at: %s\n", err);
343
fprintf(stderr, "GnuTLS error: %s\n",
344
safer_gnutls_strerror(ret));
345
return -1;
405
{
406
const char *err;
407
ret = gnutls_priority_set_direct(*session, mc->priority, &err);
408
if (ret != GNUTLS_E_SUCCESS) {
409
fprintf(stderr, "Syntax error at: %s\n", err);
410
fprintf(stderr, "GnuTLS error: %s\n",
411
safer_gnutls_strerror(ret));
412
gnutls_deinit (*session);
413
return -1;
414
}
346
415
}
347
416
348
if ((ret = gnutls_credentials_set
349
(es->session, GNUTLS_CRD_CERTIFICATE, es->cred))
350
!= GNUTLS_E_SUCCESS) {
351
fprintf(stderr, "Error setting a credentials set: %s\n",
417
ret = gnutls_credentials_set(*session, GNUTLS_CRD_CERTIFICATE,
418
mc->cred);
419
if (ret != GNUTLS_E_SUCCESS) {
420
fprintf(stderr, "Error setting GnuTLS credentials: %s\n",
352
421
safer_gnutls_strerror(ret));
422
gnutls_deinit (*session);
353
423
return -1;
354
424
}
355
425
356
426
/* ignore client certificate if any. */
357
gnutls_certificate_server_set_request (es->session,
427
gnutls_certificate_server_set_request (*session,
358
428
GNUTLS_CERT_IGNORE);
359
429
360
gnutls_dh_set_prime_bits (es->session, DH_BITS);
430
gnutls_dh_set_prime_bits (*session, mc->dh_bits);
361
431
362
432
return 0;
363
433
}
364
434
435
/* Avahi log function callback */
365
436
static void empty_log(__attribute__((unused)) AvahiLogLevel level,
366
437
__attribute__((unused)) const char *txt){}
367
438
439
/* Called when a Mandos server is found */
368
440
static int start_mandos_communication(const char *ip, uint16_t port,
369
441
AvahiIfIndex if_index,
370
442
mandos_context *mc){
371
443
int ret, tcp_sd;
372
struct sockaddr_in6 to;
373
encrypted_session es;
444
union { struct sockaddr in; struct sockaddr_in6 in6; } to;
374
445
char *buffer = NULL;
375
446
char *decrypted_buffer;
376
447
size_t buffer_length = 0;
379
450
size_t written;
380
451
int retval = 0;
381
452
char interface[IF_NAMESIZE];
453
gnutls_session_t session;
454
455
ret = init_gnutls_session (mc, &session);
456
if (ret != 0){
457
return -1;
458
}
382
459
383
460
if(debug){
384
fprintf(stderr, "Setting up a tcp connection to %s, port %d\n",
385
ip, port);
461
fprintf(stderr, "Setting up a tcp connection to %s, port %" PRIu16
462
"\n", ip, port);
386
463
}
387
464
388
465
tcp_sd = socket(PF_INET6, SOCK_STREAM, 0);
393
470
394
471
if(debug){
395
472
if(if_indextoname((unsigned int)if_index, interface) == NULL){
396
if(debug){
397
perror("if_indextoname");
398
}
473
perror("if_indextoname");
399
474
return -1;
400
475
}
401
402
476
fprintf(stderr, "Binding to interface %s\n", interface);
403
477
}
404
478
405
memset(&to,0,sizeof(to)); /* Spurious warning */
406
to.sin6_family = AF_INET6;
407
ret = inet_pton(AF_INET6, ip, &to.sin6_addr);
479
memset(&to, 0, sizeof(to));
480
to.in6.sin6_family = AF_INET6;
481
/* It would be nice to have a way to detect if we were passed an
482
IPv4 address here. Now we assume an IPv6 address. */
483
ret = inet_pton(AF_INET6, ip, &to.in6.sin6_addr);
408
484
if (ret < 0 ){
409
485
perror("inet_pton");
410
486
return -1;
411
}
487
}
412
488
if(ret == 0){
413
489
fprintf(stderr, "Bad address: %s\n", ip);
414
490
return -1;
415
491
}
416
to.sin6_port = htons(port); /* Spurious warning */
492
to.in6.sin6_port = htons(port); /* Spurious warning */
417
493
418
to.sin6_scope_id = (uint32_t)if_index;
494
to.in6.sin6_scope_id = (uint32_t)if_index;
419
495
420
496
if(debug){
421
fprintf(stderr, "Connection to: %s, port %d\n", ip, port);
422
/* char addrstr[INET6_ADDRSTRLEN]; */
423
/* if(inet_ntop(to.sin6_family, &(to.sin6_addr), addrstr, */
424
/* sizeof(addrstr)) == NULL){ */
425
/* perror("inet_ntop"); */
426
/* } else { */
427
/* fprintf(stderr, "Really connecting to: %s, port %d\n", */
428
/* addrstr, ntohs(to.sin6_port)); */
429
/* } */
497
fprintf(stderr, "Connection to: %s, port %" PRIu16 "\n", ip,
498
port);
499
char addrstr[INET6_ADDRSTRLEN] = "";
500
if(inet_ntop(to.in6.sin6_family, &(to.in6.sin6_addr), addrstr,
501
sizeof(addrstr)) == NULL){
502
perror("inet_ntop");
503
} else {
504
if(strcmp(addrstr, ip) != 0){
505
fprintf(stderr, "Canonical address form: %s\n", addrstr);
506
}
507
}
430
508
}
431
509
432
ret = connect(tcp_sd, (struct sockaddr *) &to, sizeof(to));
510
ret = connect(tcp_sd, &to.in, sizeof(to));
433
511
if (ret < 0){
434
512
perror("connect");
435
513
return -1;
436
514
}
437
515
438
char *out = mandos_protocol_version;
516
const char *out = mandos_protocol_version;
439
517
written = 0;
440
518
while (true){
441
519
size_t out_size = strlen(out);
444
522
if (ret == -1){
445
523
perror("write");
446
524
retval = -1;
447
goto end;
525
goto mandos_end;
448
526
}
449
written += ret;
527
written += (size_t)ret;
450
528
if(written < out_size){
451
529
continue;
452
530
} else {
459
537
}
460
538
}
461
539
462
ret = initgnutls (&es);
463
if (ret != 0){
464
retval = -1;
465
return -1;
466
}
467
468
gnutls_transport_set_ptr (es.session,
469
(gnutls_transport_ptr_t) tcp_sd);
470
471
540
if(debug){
472
541
fprintf(stderr, "Establishing TLS session with %s\n", ip);
473
542
}
474
543
475
ret = gnutls_handshake (es.session);
544
gnutls_transport_set_ptr (session, (gnutls_transport_ptr_t) tcp_sd);
545
546
do{
547
ret = gnutls_handshake (session);
548
} while(ret == GNUTLS_E_AGAIN or ret == GNUTLS_E_INTERRUPTED);
476
549
477
550
if (ret != GNUTLS_E_SUCCESS){
478
551
if(debug){
479
fprintf(stderr, "\n*** Handshake failed ***\n");
552
fprintf(stderr, "*** GnuTLS Handshake failed ***\n");
480
553
gnutls_perror (ret);
481
554
}
482
555
retval = -1;
483
goto exit;
556
goto mandos_end;
484
557
}
485
558
486
//Retrieve OpenPGP packet that contains the wanted password
559
/* Read OpenPGP packet that contains the wanted password */
487
560
488
561
if(debug){
489
562
fprintf(stderr, "Retrieving pgp encrypted password from %s\n",
491
564
}
492
565
493
566
while(true){
494
buffer_capacity = adjustbuffer(buffer, buffer_length, buffer_capacity);
567
buffer_capacity = adjustbuffer(&buffer, buffer_length,
568
buffer_capacity);
495
569
if (buffer_capacity == 0){
496
570
perror("adjustbuffer");
497
571
retval = -1;
498
goto exit;
572
goto mandos_end;
499
573
}
500
574
501
ret = gnutls_record_recv
502
(es.session, buffer+buffer_length, BUFFER_SIZE);
575
ret = gnutls_record_recv(session, buffer+buffer_length,
576
BUFFER_SIZE);
503
577
if (ret == 0){
504
578
break;
505
579
}
509
583
case GNUTLS_E_AGAIN:
510
584
break;
511
585
case GNUTLS_E_REHANDSHAKE:
512
ret = gnutls_handshake (es.session);
586
do{
587
ret = gnutls_handshake (session);
588
} while(ret == GNUTLS_E_AGAIN or ret == GNUTLS_E_INTERRUPTED);
513
589
if (ret < 0){
514
fprintf(stderr, "\n*** Handshake failed ***\n");
590
fprintf(stderr, "*** GnuTLS Re-handshake failed ***\n");
515
591
gnutls_perror (ret);
516
592
retval = -1;
517
goto exit;
593
goto mandos_end;
518
594
}
519
595
break;
520
596
default:
521
597
fprintf(stderr, "Unknown error while reading data from"
522
" encrypted session with mandos server\n");
598
" encrypted session with Mandos server\n");
523
599
retval = -1;
524
gnutls_bye (es.session, GNUTLS_SHUT_RDWR);
525
goto exit;
600
gnutls_bye (session, GNUTLS_SHUT_RDWR);
601
goto mandos_end;
526
602
}
527
603
} else {
528
604
buffer_length += (size_t) ret;
529
605
}
530
606
}
531
607
608
if(debug){
609
fprintf(stderr, "Closing TLS session\n");
610
}
611
612
gnutls_bye (session, GNUTLS_SHUT_RDWR);
613
532
614
if (buffer_length > 0){
533
615
decrypted_buffer_size = pgp_packet_decrypt(buffer,
534
616
buffer_length,
535
617
&decrypted_buffer,
536
certdir);
618
keydir);
537
619
if (decrypted_buffer_size >= 0){
538
620
written = 0;
539
621
while(written < (size_t) decrypted_buffer_size){
555
637
retval = -1;
556
638
}
557
639
}
558
559
//shutdown procedure
560
561
if(debug){
562
fprintf(stderr, "Closing TLS session\n");
563
}
564
640
641
/* Shutdown procedure */
642
643
mandos_end:
565
644
free(buffer);
566
gnutls_bye (es.session, GNUTLS_SHUT_RDWR);
567
exit:
568
645
close(tcp_sd);
569
gnutls_deinit (es.session);
570
gnutls_certificate_free_credentials (es.cred);
571
gnutls_global_deinit ();
646
gnutls_deinit (session);
572
647
return retval;
573
648
}
574
649
575
static void resolve_callback( AvahiSServiceResolver *r,
576
AvahiIfIndex interface,
577
AVAHI_GCC_UNUSED AvahiProtocol protocol,
578
AvahiResolverEvent event,
579
const char *name,
580
const char *type,
581
const char *domain,
582
const char *host_name,
583
const AvahiAddress *address,
584
uint16_t port,
585
AVAHI_GCC_UNUSED AvahiStringList *txt,
586
AVAHI_GCC_UNUSED AvahiLookupResultFlags flags,
587
AVAHI_GCC_UNUSED void* userdata) {
650
static void resolve_callback(AvahiSServiceResolver *r,
651
AvahiIfIndex interface,
652
AVAHI_GCC_UNUSED AvahiProtocol protocol,
653
AvahiResolverEvent event,
654
const char *name,
655
const char *type,
656
const char *domain,
657
const char *host_name,
658
const AvahiAddress *address,
659
uint16_t port,
660
AVAHI_GCC_UNUSED AvahiStringList *txt,
661
AVAHI_GCC_UNUSED AvahiLookupResultFlags
662
flags,
663
void* userdata) {
588
664
mandos_context *mc = userdata;
589
assert(r); /* Spurious warning */
665
assert(r);
590
666
591
667
/* Called whenever a service has been resolved successfully or
592
668
timed out */
594
670
switch (event) {
595
671
default:
596
672
case AVAHI_RESOLVER_FAILURE:
597
fprintf(stderr, "(Resolver) Failed to resolve service '%s' of"
598
" type '%s' in domain '%s': %s\n", name, type, domain,
673
fprintf(stderr, "(Avahi Resolver) Failed to resolve service '%s'"
674
" of type '%s' in domain '%s': %s\n", name, type, domain,
599
675
avahi_strerror(avahi_server_errno(mc->server)));
600
676
break;
601
677
604
680
char ip[AVAHI_ADDRESS_STR_MAX];
605
681
avahi_address_snprint(ip, sizeof(ip), address);
606
682
if(debug){
607
fprintf(stderr, "Mandos server \"%s\" found on %s (%s) on"
608
" port %d\n", name, host_name, ip, port);
683
fprintf(stderr, "Mandos server \"%s\" found on %s (%s, %"
684
PRIu16 ") on port %d\n", name, host_name, ip,
685
interface, port);
609
686
}
610
687
int ret = start_mandos_communication(ip, port, interface, mc);
611
688
if (ret == 0){
612
exit(EXIT_SUCCESS);
689
avahi_simple_poll_quit(mc->simple_poll);
613
690
}
614
691
}
615
692
}
623
700
const char *name,
624
701
const char *type,
625
702
const char *domain,
626
AVAHI_GCC_UNUSED AvahiLookupResultFlags flags,
703
AVAHI_GCC_UNUSED AvahiLookupResultFlags
704
flags,
627
705
void* userdata) {
628
706
mandos_context *mc = userdata;
629
assert(b); /* Spurious warning */
707
assert(b);
630
708
631
709
/* Called whenever a new services becomes available on the LAN or
632
710
is removed from the LAN */
634
712
switch (event) {
635
713
default:
636
714
case AVAHI_BROWSER_FAILURE:
637
638
fprintf(stderr, "(Browser) %s\n",
715
716
fprintf(stderr, "(Avahi browser) %s\n",
639
717
avahi_strerror(avahi_server_errno(mc->server)));
640
718
avahi_simple_poll_quit(mc->simple_poll);
641
719
return;
642
720
643
721
case AVAHI_BROWSER_NEW:
644
/* We ignore the returned resolver object. In the callback
645
function we free it. If the server is terminated before
646
the callback function is called the server will free
647
the resolver for us. */
648
649
if (!(avahi_s_service_resolver_new(mc->server, interface, protocol, name,
650
type, domain,
722
/* We ignore the returned Avahi resolver object. In the callback
723
function we free it. If the Avahi server is terminated before
724
the callback function is called the Avahi server will free the
725
resolver for us. */
726
727
if (!(avahi_s_service_resolver_new(mc->server, interface,
728
protocol, name, type, domain,
651
729
AVAHI_PROTO_INET6, 0,
652
730
resolve_callback, mc)))
653
fprintf(stderr, "Failed to resolve service '%s': %s\n", name,
654
avahi_strerror(avahi_server_errno(s)));
731
fprintf(stderr, "Avahi: Failed to resolve service '%s': %s\n",
732
name, avahi_strerror(avahi_server_errno(mc->server)));
655
733
break;
656
734
657
735
case AVAHI_BROWSER_REMOVE:
658
736
break;
659
737
660
738
case AVAHI_BROWSER_ALL_FOR_NOW:
661
739
case AVAHI_BROWSER_CACHE_EXHAUSTED:
740
if(debug){
741
fprintf(stderr, "No Mandos server found, still searching...\n");
742
}
662
743
break;
663
744
}
664
745
}
665
746
666
747
/* Combines file name and path and returns the malloced new
667
748
string. some sane checks could/should be added */
668
static const char *combinepath(const char *first, const char *second){
669
size_t f_len = strlen(first);
670
size_t s_len = strlen(second);
671
char *tmp = malloc(f_len + s_len + 2);
672
if (tmp == NULL){
749
static char *combinepath(const char *first, const char *second){
750
char *tmp;
751
int ret = asprintf(&tmp, "%s/%s", first, second);
752
if(ret < 0){
673
753
return NULL;
674
754
}
675
if(f_len > 0){
676
memcpy(tmp, first, f_len);
677
}
678
tmp[f_len] = '/';
679
if(s_len > 0){
680
memcpy(tmp + f_len + 1, second, s_len);
681
}
682
tmp[f_len + 1 + s_len] = '\0';
683
755
return tmp;
684
756
}
685
757
686
758
687
int main(AVAHI_GCC_UNUSED int argc, AVAHI_GCC_UNUSED char*argv[]) {
688
AvahiServerConfig config;
759
int main(int argc, char *argv[]){
689
760
AvahiSServiceBrowser *sb = NULL;
690
761
int error;
691
762
int ret;
692
int returncode = EXIT_SUCCESS;
763
int exitcode = EXIT_SUCCESS;
693
764
const char *interface = "eth0";
694
765
struct ifreq network;
695
766
int sd;
767
uid_t uid;
768
gid_t gid;
696
769
char *connect_to = NULL;
697
770
AvahiIfIndex if_index = AVAHI_IF_UNSPEC;
771
char *pubkeyfilename = NULL;
772
char *seckeyfilename = NULL;
773
const char *pubkeyname = "pubkey.txt";
774
const char *seckeyname = "seckey.txt";
698
775
mandos_context mc = { .simple_poll = NULL, .server = NULL,
699
.dh_bits = 2048, .priority = "SECURE256"};
776
.dh_bits = 1024, .priority = "SECURE256"};
777
bool gnutls_initalized = false;
700
778
701
while (true){
702
static struct option long_options[] = {
703
{"debug", no_argument, (int *)&debug, 1},
704
{"connect", required_argument, 0, 'C'},
705
{"interface", required_argument, 0, 'i'},
706
{"certdir", required_argument, 0, 'd'},
707
{"certkey", required_argument, 0, 'c'},
708
{"certfile", required_argument, 0, 'k'},
709
{"dh_bits", required_argument, 0, 'D'},
710
{"priority", required_argument, 0, 'p'},
711
{0, 0, 0, 0} };
712
713
int option_index = 0;
714
ret = getopt_long (argc, argv, "i:", long_options,
715
&option_index);
716
717
if (ret == -1){
718
break;
719
}
720
721
switch(ret){
722
case 0:
723
break;
724
case 'i':
725
interface = optarg;
726
break;
727
case 'C':
728
connect_to = optarg;
729
break;
730
case 'd':
731
certdir = optarg;
732
break;
733
case 'c':
734
certfile = optarg;
735
break;
736
case 'k':
737
certkey = optarg;
738
break;
739
case 'D':
740
{
741
long int tmp;
779
{
780
struct argp_option options[] = {
781
{ .name = "debug", .key = 128,
782
.doc = "Debug mode", .group = 3 },
783
{ .name = "connect", .key = 'c',
784
.arg = "IP",
785
.doc = "Connect directly to a sepcified mandos server",
786
.group = 1 },
787
{ .name = "interface", .key = 'i',
788
.arg = "INTERFACE",
789
.doc = "Interface that Avahi will conntect through",
790
.group = 1 },
791
{ .name = "keydir", .key = 'd',
792
.arg = "KEYDIR",
793
.doc = "Directory where the openpgp keyring is",
794
.group = 1 },
795
{ .name = "seckey", .key = 's',
796
.arg = "SECKEY",
797
.doc = "Secret openpgp key for gnutls authentication",
798
.group = 1 },
799
{ .name = "pubkey", .key = 'p',
800
.arg = "PUBKEY",
801
.doc = "Public openpgp key for gnutls authentication",
802
.group = 2 },
803
{ .name = "dh-bits", .key = 129,
804
.arg = "BITS",
805
.doc = "dh-bits to use in gnutls communication",
806
.group = 2 },
807
{ .name = "priority", .key = 130,
808
.arg = "PRIORITY",
809
.doc = "GNUTLS priority", .group = 1 },
810
{ .name = NULL }
811
};
812
813
814
error_t parse_opt (int key, char *arg,
815
struct argp_state *state) {
816
/* Get the INPUT argument from `argp_parse', which we know is
817
a pointer to our plugin list pointer. */
818
switch (key) {
819
case 128:
820
debug = true;
821
break;
822
case 'c':
823
connect_to = arg;
824
break;
825
case 'i':
826
interface = arg;
827
break;
828
case 'd':
829
keydir = arg;
830
break;
831
case 's':
832
seckeyname = arg;
833
break;
834
case 'p':
835
pubkeyname = arg;
836
break;
837
case 129:
742
838
errno = 0;
743
tmp = strtol(optarg, NULL, 10);
744
if (errno == ERANGE){
839
mc.dh_bits = (unsigned int) strtol(arg, NULL, 10);
840
if (errno){
745
841
perror("strtol");
746
842
exit(EXIT_FAILURE);
747
843
}
748
mc.dh_bits = tmp;
749
}
750
break;
751
case 'p':
752
mc.priority = optarg;
753
break;
754
default:
755
exit(EXIT_FAILURE);
756
}
757
}
758
759
certfile = combinepath(certdir, certfile);
760
if (certfile == NULL){
761
perror("combinepath");
762
returncode = EXIT_FAILURE;
763
goto exit;
764
}
765
766
certkey = combinepath(certdir, certkey);
767
if (certkey == NULL){
768
perror("combinepath");
769
returncode = EXIT_FAILURE;
770
goto exit;
844
break;
845
case 130:
846
mc.priority = arg;
847
break;
848
case ARGP_KEY_ARG:
849
argp_usage (state);
850
case ARGP_KEY_END:
851
break;
852
default:
853
return ARGP_ERR_UNKNOWN;
854
}
855
return 0;
856
}
857
858
struct argp argp = { .options = options, .parser = parse_opt,
859
.args_doc = "",
860
.doc = "Mandos client -- Get and decrypt"
861
" passwords from mandos server" };
862
ret = argp_parse (&argp, argc, argv, 0, 0, NULL);
863
if (ret == ARGP_ERR_UNKNOWN){
864
fprintf(stderr, "Unknown error while parsing arguments\n");
865
exitcode = EXIT_FAILURE;
866
goto end;
867
}
868
}
869
870
pubkeyfilename = combinepath(keydir, pubkeyname);
871
if (pubkeyfilename == NULL){
872
perror("combinepath");
873
exitcode = EXIT_FAILURE;
874
goto end;
875
}
876
877
seckeyfilename = combinepath(keydir, seckeyname);
878
if (seckeyfilename == NULL){
879
perror("combinepath");
880
exitcode = EXIT_FAILURE;
881
goto end;
882
}
883
884
ret = init_gnutls_global(&mc, pubkeyfilename, seckeyfilename);
885
if (ret == -1){
886
fprintf(stderr, "init_gnutls_global failed\n");
887
exitcode = EXIT_FAILURE;
888
goto end;
889
} else {
890
gnutls_initalized = true;
891
}
892
893
/* If the interface is down, bring it up */
894
{
895
sd = socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP);
896
if(sd < 0) {
897
perror("socket");
898
exitcode = EXIT_FAILURE;
899
goto end;
900
}
901
strcpy(network.ifr_name, interface);
902
ret = ioctl(sd, SIOCGIFFLAGS, &network);
903
if(ret == -1){
904
perror("ioctl SIOCGIFFLAGS");
905
exitcode = EXIT_FAILURE;
906
goto end;
907
}
908
if((network.ifr_flags & IFF_UP) == 0){
909
network.ifr_flags |= IFF_UP;
910
ret = ioctl(sd, SIOCSIFFLAGS, &network);
911
if(ret == -1){
912
perror("ioctl SIOCSIFFLAGS");
913
exitcode = EXIT_FAILURE;
914
goto end;
915
}
916
}
917
close(sd);
918
}
919
920
uid = getuid();
921
gid = getgid();
922
923
ret = setuid(uid);
924
if (ret == -1){
925
perror("setuid");
926
}
927
928
setgid(gid);
929
if (ret == -1){
930
perror("setgid");
771
931
}
772
932
773
933
if_index = (AvahiIfIndex) if_nametoindex(interface);
782
942
char *address = strrchr(connect_to, ':');
783
943
if(address == NULL){
784
944
fprintf(stderr, "No colon in address\n");
785
exit(EXIT_FAILURE);
945
exitcode = EXIT_FAILURE;
946
goto end;
786
947
}
787
948
errno = 0;
788
949
uint16_t port = (uint16_t) strtol(address+1, NULL, 10);
789
950
if(errno){
790
951
perror("Bad port number");
791
exit(EXIT_FAILURE);
952
exitcode = EXIT_FAILURE;
953
goto end;
792
954
}
793
955
*address = '\0';
794
956
address = connect_to;
795
ret = start_mandos_communication(address, port, if_index);
957
ret = start_mandos_communication(address, port, if_index, &mc);
796
958
if(ret < 0){
797
exit(EXIT_FAILURE);
959
exitcode = EXIT_FAILURE;
798
960
} else {
799
exit(EXIT_SUCCESS);
800
}
801
}
802
803
sd = socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP);
804
if(sd < 0) {
805
perror("socket");
806
returncode = EXIT_FAILURE;
807
goto exit;
808
}
809
strcpy(network.ifr_name, interface);
810
ret = ioctl(sd, SIOCGIFFLAGS, &network);
811
if(ret == -1){
812
813
perror("ioctl SIOCGIFFLAGS");
814
returncode = EXIT_FAILURE;
815
goto exit;
816
}
817
if((network.ifr_flags & IFF_UP) == 0){
818
network.ifr_flags |= IFF_UP;
819
ret = ioctl(sd, SIOCSIFFLAGS, &network);
820
if(ret == -1){
821
perror("ioctl SIOCSIFFLAGS");
822
returncode = EXIT_FAILURE;
823
goto exit;
824
}
825
}
826
close(sd);
961
exitcode = EXIT_SUCCESS;
962
}
963
goto end;
964
}
827
965
828
966
if (not debug){
829
967
avahi_set_log_function(empty_log);
830
968
}
831
969
832
/* Initialize the psuedo-RNG */
970
/* Initialize the pseudo-RNG for Avahi */
833
971
srand((unsigned int) time(NULL));
834
835
/* Allocate main loop object */
836
if (!(mc.simple_poll = avahi_simple_poll_new())) {
837
fprintf(stderr, "Failed to create simple poll object.\n");
838
returncode = EXIT_FAILURE;
839
goto exit;
840
}
841
842
/* Do not publish any local records */
843
avahi_server_config_init(&config);
844
config.publish_hinfo = 0;
845
config.publish_addresses = 0;
846
config.publish_workstation = 0;
847
config.publish_domain = 0;
848
849
/* Allocate a new server */
850
mc.server = avahi_server_new(avahi_simple_poll_get(simple_poll),
851
&config, NULL, NULL, &error);
852
853
/* Free the configuration data */
854
avahi_server_config_free(&config);
855
856
/* Check if creating the server object succeeded */
857
if (!mc.server) {
858
fprintf(stderr, "Failed to create server: %s\n",
972
973
/* Allocate main Avahi loop object */
974
mc.simple_poll = avahi_simple_poll_new();
975
if (mc.simple_poll == NULL) {
976
fprintf(stderr, "Avahi: Failed to create simple poll"
977
" object.\n");
978
exitcode = EXIT_FAILURE;
979
goto end;
980
}
981
982
{
983
AvahiServerConfig config;
984
/* Do not publish any local Zeroconf records */
985
avahi_server_config_init(&config);
986
config.publish_hinfo = 0;
987
config.publish_addresses = 0;
988
config.publish_workstation = 0;
989
config.publish_domain = 0;
990
991
/* Allocate a new server */
992
mc.server = avahi_server_new(avahi_simple_poll_get
993
(mc.simple_poll), &config, NULL,
994
NULL, &error);
995
996
/* Free the Avahi configuration data */
997
avahi_server_config_free(&config);
998
}
999
1000
/* Check if creating the Avahi server object succeeded */
1001
if (mc.server == NULL) {
1002
fprintf(stderr, "Failed to create Avahi server: %s\n",
859
1003
avahi_strerror(error));
860
returncode = EXIT_FAILURE;
861
goto exit;
1004
exitcode = EXIT_FAILURE;
1005
goto end;
862
1006
}
863
1007
864
/* Create the service browser */
1008
/* Create the Avahi service browser */
865
1009
sb = avahi_s_service_browser_new(mc.server, if_index,
866
1010
AVAHI_PROTO_INET6,
867
1011
"_mandos._tcp", NULL, 0,
868
1012
browse_callback, &mc);
869
if (!sb) {
1013
if (sb == NULL) {
870
1014
fprintf(stderr, "Failed to create service browser: %s\n",
871
1015
avahi_strerror(avahi_server_errno(mc.server)));
872
returncode = EXIT_FAILURE;
873
goto exit;
1016
exitcode = EXIT_FAILURE;
1017
goto end;
874
1018
}
875
1019
876
1020
/* Run the main loop */
877
1021
878
1022
if (debug){
879
fprintf(stderr, "Starting avahi loop search\n");
1023
fprintf(stderr, "Starting Avahi loop search\n");
880
1024
}
881
1025
882
avahi_simple_poll_loop(simple_poll);
1026
avahi_simple_poll_loop(mc.simple_poll);
883
1027
884
exit:
1028
end:
885
1029
886
1030
if (debug){
887
1031
fprintf(stderr, "%s exiting\n", argv[0]);
888
1032
}
889
1033
890
1034
/* Cleanup things */
891
if (sb)
1035
if (sb != NULL)
892
1036
avahi_s_service_browser_free(sb);
893
1037
894
if (mc.server)
1038
if (mc.server != NULL)
895
1039
avahi_server_free(mc.server);
896
1040
897
if (simple_poll)
898
avahi_simple_poll_free(simple_poll);
899
free(certfile);
900
free(certkey);
1041
if (mc.simple_poll != NULL)
1042
avahi_simple_poll_free(mc.simple_poll);
1043
free(pubkeyfilename);
1044
free(seckeyfilename);
1045
1046
if (gnutls_initalized){
1047
gnutls_certificate_free_credentials(mc.cred);
1048
gnutls_global_deinit ();
1049
}
901
1050
902
return returncode;
1051
return exitcode;
903
1052
}
Loggerhead is a web-based interface for Breezy
Version: 2.0.2.dev0