To get this branch, use:
bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk
« back to all changes in this revision
Viewing changes to plugins.d/mandosclient.c
- browse files at revision 17
- compare with another revision
- download diff
- download tarball
- view history from revision 17
- Committer: Teddy Hogeborn
- Date: 2008-07-21 01:52:54 UTC
- mfrom: (15.1.2 mandos)
- Revision ID: teddy@fukt.bsnet.se-20080721015254-5ut0m7j1r4t5x7hj
Merge.
- files added:
- ca.pem
- files removed:
- mandos.conf
- files renamed:
- clients.conf => mandos-clients.conf
- mandos-client.c => plugbasedclient.c
- plugins.d/password-request.c => plugins.d/mandosclient.c
- plugins.d/password-prompt.c => plugins.d/passprompt.c
- mandos => server.py
- files modified:
- Makefile
added
removed
plugins.d/mandosclient.c
1
/* -*- coding: utf-8 -*- */
2
/*
3
* Mandos client - get and decrypt data from a Mandos server
4
*
5
* This program is partly derived from an example program for an Avahi
6
* service browser, downloaded from
7
* <http://avahi.org/browser/examples/core-browse-services.c>. This
8
* includes the following functions: "resolve_callback",
9
* "browse_callback", and parts of "main".
10
*
11
* Everything else is
12
* Copyright © 2007-2008 Teddy Hogeborn & Björn Påhlsson
13
*
14
* This program is free software: you can redistribute it and/or
15
* modify it under the terms of the GNU General Public License as
16
* published by the Free Software Foundation, either version 3 of the
17
* License, or (at your option) any later version.
18
*
19
* This program is distributed in the hope that it will be useful, but
20
* WITHOUT ANY WARRANTY; without even the implied warranty of
21
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
22
* General Public License for more details.
23
*
24
* You should have received a copy of the GNU General Public License
25
* along with this program. If not, see
26
* <http://www.gnu.org/licenses/>.
27
*
28
* Contact the authors at <mandos@fukt.bsnet.se>.
29
*/
1
/***
2
This file is part of avahi.
3
4
avahi is free software; you can redistribute it and/or modify it
5
under the terms of the GNU Lesser General Public License as
6
published by the Free Software Foundation; either version 2.1 of the
7
License, or (at your option) any later version.
8
9
avahi is distributed in the hope that it will be useful, but WITHOUT
10
ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
11
or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General
12
Public License for more details.
13
14
You should have received a copy of the GNU Lesser General Public
15
License along with avahi; if not, write to the Free Software
16
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
17
USA.
18
***/
30
19
31
/* Needed by GPGME, specifically gpgme_data_seek() */
32
20
#define _LARGEFILE_SOURCE
33
21
#define _FILE_OFFSET_BITS 64
34
22
35
#define _GNU_SOURCE /* TEMP_FAILURE_RETRY() */
36
37
23
#include <stdio.h>
38
24
#include <assert.h>
39
25
#include <stdlib.h>
40
26
#include <time.h>
41
27
#include <net/if.h> /* if_nametoindex */
42
#include <sys/ioctl.h> /* ioctl, ifreq, SIOCGIFFLAGS, IFF_UP,
43
SIOCSIFFLAGS */
44
#include <net/if.h> /* ioctl, ifreq, SIOCGIFFLAGS, IFF_UP,
45
SIOCSIFFLAGS */
46
28
47
29
#include <avahi-core/core.h>
48
30
#include <avahi-core/lookup.h>
51
33
#include <avahi-common/malloc.h>
52
34
#include <avahi-common/error.h>
53
35
54
/* Mandos client part */
55
#include <sys/types.h> /* socket(), inet_pton() */
56
#include <sys/socket.h> /* socket(), struct sockaddr_in6,
57
struct in6_addr, inet_pton() */
58
#include <gnutls/gnutls.h> /* All GnuTLS stuff */
59
#include <gnutls/openpgp.h> /* GnuTLS with openpgp stuff */
36
//mandos client part
37
#include <sys/types.h> /* socket(), setsockopt(), inet_pton() */
38
#include <sys/socket.h> /* socket(), setsockopt(), struct sockaddr_in6, struct in6_addr, inet_pton() */
39
#include <gnutls/gnutls.h> /* ALL GNUTLS STUFF */
40
#include <gnutls/openpgp.h> /* gnutls with openpgp stuff */
60
41
61
42
#include <unistd.h> /* close() */
62
43
#include <netinet/in.h>
64
45
#include <string.h> /* memset */
65
46
#include <arpa/inet.h> /* inet_pton() */
66
47
#include <iso646.h> /* not */
67
#include <net/if.h> /* IF_NAMESIZE */
68
#include <argp.h> /* struct argp_option,
69
struct argp_state, struct argp,
70
argp_parse() */
71
/* GPGME */
48
49
// gpgme
72
50
#include <errno.h> /* perror() */
73
51
#include <gpgme.h>
74
52
53
54
#ifndef CERT_ROOT
55
#define CERT_ROOT "/conf/conf.d/cryptkeyreq/"
56
#endif
57
#define CERTFILE CERT_ROOT "openpgp-client.txt"
58
#define KEYFILE CERT_ROOT "openpgp-client-key.txt"
75
59
#define BUFFER_SIZE 256
60
#define DH_BITS 1024
76
61
77
62
bool debug = false;
78
static const char *keydir = "/conf/conf.d/mandos";
79
static const char mandos_protocol_version[] = "1";
80
const char *argp_program_version = "mandosclient 0.9";
81
const char *argp_program_bug_address = "<mandos@fukt.bsnet.se>";
82
63
83
/* Used for passing in values through the Avahi callback functions */
84
64
typedef struct {
85
AvahiSimplePoll *simple_poll;
86
AvahiServer *server;
65
gnutls_session_t session;
87
66
gnutls_certificate_credentials_t cred;
88
unsigned int dh_bits;
89
67
gnutls_dh_params_t dh_params;
90
const char *priority;
91
} mandos_context;
92
93
/*
94
* Make room in "buffer" for at least BUFFER_SIZE additional bytes.
95
* "buffer_capacity" is how much is currently allocated,
96
* "buffer_length" is how much is already used.
97
*/
98
size_t adjustbuffer(char **buffer, size_t buffer_length,
99
size_t buffer_capacity){
100
if (buffer_length + BUFFER_SIZE > buffer_capacity){
101
*buffer = realloc(*buffer, buffer_capacity + BUFFER_SIZE);
102
if (buffer == NULL){
103
return 0;
104
}
105
buffer_capacity += BUFFER_SIZE;
106
}
107
return buffer_capacity;
108
}
109
110
/*
111
* Decrypt OpenPGP data using keyrings in HOMEDIR.
112
* Returns -1 on error
113
*/
114
static ssize_t pgp_packet_decrypt (const char *cryptotext,
115
size_t crypto_size,
116
char **plaintext,
117
const char *homedir){
68
} encrypted_session;
69
70
71
ssize_t gpg_packet_decrypt (char *packet, size_t packet_size, char **new_packet, char *homedir){
118
72
gpgme_data_t dh_crypto, dh_plain;
119
73
gpgme_ctx_t ctx;
120
74
gpgme_error_t rc;
121
75
ssize_t ret;
122
size_t plaintext_capacity = 0;
123
ssize_t plaintext_length = 0;
76
size_t new_packet_capacity = 0;
77
size_t new_packet_length = 0;
124
78
gpgme_engine_info_t engine_info;
125
79
126
80
if (debug){
127
fprintf(stderr, "Trying to decrypt OpenPGP data\n");
81
fprintf(stderr, "Attempting to decrypt password from gpg packet\n");
128
82
}
129
83
130
84
/* Init GPGME */
131
85
gpgme_check_version(NULL);
132
rc = gpgme_engine_check_version(GPGME_PROTOCOL_OpenPGP);
133
if (rc != GPG_ERR_NO_ERROR){
134
fprintf(stderr, "bad gpgme_engine_check_version: %s: %s\n",
135
gpgme_strsource(rc), gpgme_strerror(rc));
136
return -1;
137
}
86
gpgme_engine_check_version(GPGME_PROTOCOL_OpenPGP);
138
87
139
/* Set GPGME home directory for the OpenPGP engine only */
88
/* Set GPGME home directory */
140
89
rc = gpgme_get_engine_info (&engine_info);
141
90
if (rc != GPG_ERR_NO_ERROR){
142
91
fprintf(stderr, "bad gpgme_get_engine_info: %s: %s\n",
152
101
engine_info = engine_info->next;
153
102
}
154
103
if(engine_info == NULL){
155
fprintf(stderr, "Could not set GPGME home dir to %s\n", homedir);
104
fprintf(stderr, "Could not set home dir to %s\n", homedir);
156
105
return -1;
157
106
}
158
107
159
/* Create new GPGME data buffer from memory cryptotext */
160
rc = gpgme_data_new_from_mem(&dh_crypto, cryptotext, crypto_size,
161
0);
108
/* Create new GPGME data buffer from packet buffer */
109
rc = gpgme_data_new_from_mem(&dh_crypto, packet, packet_size, 0);
162
110
if (rc != GPG_ERR_NO_ERROR){
163
111
fprintf(stderr, "bad gpgme_data_new_from_mem: %s: %s\n",
164
112
gpgme_strsource(rc), gpgme_strerror(rc));
170
118
if (rc != GPG_ERR_NO_ERROR){
171
119
fprintf(stderr, "bad gpgme_data_new: %s: %s\n",
172
120
gpgme_strsource(rc), gpgme_strerror(rc));
173
gpgme_data_release(dh_crypto);
174
121
return -1;
175
122
}
176
123
179
126
if (rc != GPG_ERR_NO_ERROR){
180
127
fprintf(stderr, "bad gpgme_new: %s: %s\n",
181
128
gpgme_strsource(rc), gpgme_strerror(rc));
182
plaintext_length = -1;
183
goto decrypt_end;
129
return -1;
184
130
}
185
131
186
/* Decrypt data from the cryptotext data buffer to the plaintext
187
data buffer */
132
/* Decrypt data from the FILE pointer to the plaintext data buffer */
188
133
rc = gpgme_op_decrypt(ctx, dh_crypto, dh_plain);
189
134
if (rc != GPG_ERR_NO_ERROR){
190
135
fprintf(stderr, "bad gpgme_op_decrypt: %s: %s\n",
191
136
gpgme_strsource(rc), gpgme_strerror(rc));
192
plaintext_length = -1;
193
goto decrypt_end;
137
return -1;
194
138
}
195
139
196
140
if(debug){
197
fprintf(stderr, "Decryption of OpenPGP data succeeded\n");
141
fprintf(stderr, "decryption of gpg packet succeeded\n");
198
142
}
199
143
200
144
if (debug){
201
145
gpgme_decrypt_result_t result;
202
146
result = gpgme_op_decrypt_result(ctx);
203
147
if (result == NULL){
204
148
fprintf(stderr, "gpgme_op_decrypt_result failed\n");
205
149
} else {
206
fprintf(stderr, "Unsupported algorithm: %s\n",
207
result->unsupported_algorithm);
208
fprintf(stderr, "Wrong key usage: %d\n",
209
result->wrong_key_usage);
150
fprintf(stderr, "Unsupported algorithm: %s\n", result->unsupported_algorithm);
151
fprintf(stderr, "Wrong key usage: %d\n", result->wrong_key_usage);
210
152
if(result->file_name != NULL){
211
153
fprintf(stderr, "File name: %s\n", result->file_name);
212
154
}
218
160
gpgme_pubkey_algo_name(recipient->pubkey_algo));
219
161
fprintf(stderr, "Key ID: %s\n", recipient->keyid);
220
162
fprintf(stderr, "Secret key available: %s\n",
221
recipient->status == GPG_ERR_NO_SECKEY
222
? "No" : "Yes");
163
recipient->status == GPG_ERR_NO_SECKEY ? "No" : "Yes");
223
164
recipient = recipient->next;
224
165
}
225
166
}
226
167
}
227
168
}
228
169
170
/* Delete the GPGME FILE pointer cryptotext data buffer */
171
gpgme_data_release(dh_crypto);
172
229
173
/* Seek back to the beginning of the GPGME plaintext data buffer */
230
if (gpgme_data_seek(dh_plain, (off_t) 0, SEEK_SET) == -1){
231
perror("pgpme_data_seek");
232
plaintext_length = -1;
233
goto decrypt_end;
234
}
235
236
*plaintext = NULL;
174
gpgme_data_seek(dh_plain, 0, SEEK_SET);
175
176
*new_packet = 0;
237
177
while(true){
238
plaintext_capacity = adjustbuffer(plaintext,
239
(size_t)plaintext_length,
240
plaintext_capacity);
241
if (plaintext_capacity == 0){
242
perror("adjustbuffer");
243
plaintext_length = -1;
244
goto decrypt_end;
178
if (new_packet_length + BUFFER_SIZE > new_packet_capacity){
179
*new_packet = realloc(*new_packet, new_packet_capacity + BUFFER_SIZE);
180
if (*new_packet == NULL){
181
perror("realloc");
182
return -1;
183
}
184
new_packet_capacity += BUFFER_SIZE;
245
185
}
246
186
247
ret = gpgme_data_read(dh_plain, *plaintext + plaintext_length,
248
BUFFER_SIZE);
187
ret = gpgme_data_read(dh_plain, *new_packet + new_packet_length, BUFFER_SIZE);
249
188
/* Print the data, if any */
250
189
if (ret == 0){
251
/* EOF */
190
/* If password is empty, then a incorrect error will be printed */
252
191
break;
253
192
}
254
193
if(ret < 0){
255
194
perror("gpgme_data_read");
256
plaintext_length = -1;
257
goto decrypt_end;
195
return -1;
258
196
}
259
plaintext_length += ret;
197
new_packet_length += ret;
260
198
}
261
199
262
200
if(debug){
263
fprintf(stderr, "Decrypted password is: ");
264
for(ssize_t i = 0; i < plaintext_length; i++){
265
fprintf(stderr, "%02hhX ", (*plaintext)[i]);
266
}
267
fprintf(stderr, "\n");
201
fprintf(stderr, "decrypted password is: %s\n", *new_packet);
268
202
}
269
270
decrypt_end:
271
272
/* Delete the GPGME cryptotext data buffer */
273
gpgme_data_release(dh_crypto);
274
275
/* Delete the GPGME plaintext data buffer */
203
204
/* Delete the GPGME plaintext data buffer */
276
205
gpgme_data_release(dh_plain);
277
return plaintext_length;
206
return new_packet_length;
278
207
}
279
208
280
209
static const char * safer_gnutls_strerror (int value) {
284
213
return ret;
285
214
}
286
215
287
/* GnuTLS log function callback */
288
static void debuggnutls(__attribute__((unused)) int level,
289
const char* string){
290
fprintf(stderr, "GnuTLS: %s", string);
216
void debuggnutls(int level, const char* string){
217
fprintf(stderr, "%s", string);
291
218
}
292
219
293
static int init_gnutls_global(mandos_context *mc,
294
const char *pubkeyfile,
295
const char *seckeyfile){
220
int initgnutls(encrypted_session *es){
221
const char *err;
296
222
int ret;
297
223
298
224
if(debug){
299
fprintf(stderr, "Initializing GnuTLS\n");
225
fprintf(stderr, "Initializing gnutls\n");
300
226
}
301
227
228
302
229
if ((ret = gnutls_global_init ())
303
230
!= GNUTLS_E_SUCCESS) {
304
fprintf (stderr, "GnuTLS global_init: %s\n",
305
safer_gnutls_strerror(ret));
231
fprintf (stderr, "global_init: %s\n", safer_gnutls_strerror(ret));
306
232
return -1;
307
233
}
308
234
309
235
if (debug){
310
/* "Use a log level over 10 to enable all debugging options."
311
* - GnuTLS manual
312
*/
313
236
gnutls_global_set_log_level(11);
314
237
gnutls_global_set_log_function(debuggnutls);
315
238
}
316
239
317
/* OpenPGP credentials */
318
if ((ret = gnutls_certificate_allocate_credentials (&mc->cred))
240
241
/* openpgp credentials */
242
if ((ret = gnutls_certificate_allocate_credentials (&es->cred))
319
243
!= GNUTLS_E_SUCCESS) {
320
fprintf (stderr, "GnuTLS memory error: %s\n",
321
safer_gnutls_strerror(ret));
322
gnutls_global_deinit ();
244
fprintf (stderr, "memory error: %s\n", safer_gnutls_strerror(ret));
323
245
return -1;
324
246
}
325
247
326
248
if(debug){
327
fprintf(stderr, "Attempting to use OpenPGP certificate %s"
328
" and keyfile %s as GnuTLS credentials\n", pubkeyfile,
329
seckeyfile);
249
fprintf(stderr, "Attempting to use openpgp certificate %s"
250
" and keyfile %s as gnutls credentials\n", CERTFILE, KEYFILE);
330
251
}
331
252
332
253
ret = gnutls_certificate_set_openpgp_key_file
333
(mc->cred, pubkeyfile, seckeyfile, GNUTLS_OPENPGP_FMT_BASE64);
334
if (ret != GNUTLS_E_SUCCESS) {
335
fprintf(stderr,
336
"Error[%d] while reading the OpenPGP key pair ('%s',"
337
" '%s')\n", ret, pubkeyfile, seckeyfile);
338
fprintf(stdout, "The GnuTLS error is: %s\n",
339
safer_gnutls_strerror(ret));
340
goto globalfail;
341
}
342
343
/* GnuTLS server initialization */
344
ret = gnutls_dh_params_init(&mc->dh_params);
345
if (ret != GNUTLS_E_SUCCESS) {
346
fprintf (stderr, "Error in GnuTLS DH parameter initialization:"
347
" %s\n", safer_gnutls_strerror(ret));
348
goto globalfail;
349
}
350
ret = gnutls_dh_params_generate2(mc->dh_params, mc->dh_bits);
351
if (ret != GNUTLS_E_SUCCESS) {
352
fprintf (stderr, "Error in GnuTLS prime generation: %s\n",
353
safer_gnutls_strerror(ret));
354
goto globalfail;
355
}
356
357
gnutls_certificate_set_dh_params(mc->cred, mc->dh_params);
358
359
return 0;
360
361
globalfail:
362
363
gnutls_certificate_free_credentials (mc->cred);
364
gnutls_global_deinit ();
365
return -1;
366
367
}
368
369
static int init_gnutls_session(mandos_context *mc,
370
gnutls_session_t *session){
371
int ret;
372
/* GnuTLS session creation */
373
ret = gnutls_init(session, GNUTLS_SERVER);
374
if (ret != GNUTLS_E_SUCCESS){
375
fprintf(stderr, "Error in GnuTLS session initialization: %s\n",
376
safer_gnutls_strerror(ret));
377
}
378
379
{
380
const char *err;
381
ret = gnutls_priority_set_direct(*session, mc->priority, &err);
382
if (ret != GNUTLS_E_SUCCESS) {
383
fprintf(stderr, "Syntax error at: %s\n", err);
384
fprintf(stderr, "GnuTLS error: %s\n",
385
safer_gnutls_strerror(ret));
386
gnutls_deinit (*session);
387
return -1;
388
}
389
}
390
391
ret = gnutls_credentials_set(*session, GNUTLS_CRD_CERTIFICATE,
392
mc->cred);
393
if (ret != GNUTLS_E_SUCCESS) {
394
fprintf(stderr, "Error setting GnuTLS credentials: %s\n",
395
safer_gnutls_strerror(ret));
396
gnutls_deinit (*session);
397
return -1;
398
}
399
254
(es->cred, CERTFILE, KEYFILE, GNUTLS_OPENPGP_FMT_BASE64);
255
if (ret != GNUTLS_E_SUCCESS) {
256
fprintf
257
(stderr, "Error[%d] while reading the OpenPGP key pair ('%s', '%s')\n",
258
ret, CERTFILE, KEYFILE);
259
fprintf(stdout, "The Error is: %s\n",
260
safer_gnutls_strerror(ret));
261
return -1;
262
}
263
264
//Gnutls server initialization
265
if ((ret = gnutls_dh_params_init (&es->dh_params))
266
!= GNUTLS_E_SUCCESS) {
267
fprintf (stderr, "Error in dh parameter initialization: %s\n",
268
safer_gnutls_strerror(ret));
269
return -1;
270
}
271
272
if ((ret = gnutls_dh_params_generate2 (es->dh_params, DH_BITS))
273
!= GNUTLS_E_SUCCESS) {
274
fprintf (stderr, "Error in prime generation: %s\n",
275
safer_gnutls_strerror(ret));
276
return -1;
277
}
278
279
gnutls_certificate_set_dh_params (es->cred, es->dh_params);
280
281
// Gnutls session creation
282
if ((ret = gnutls_init (&es->session, GNUTLS_SERVER))
283
!= GNUTLS_E_SUCCESS){
284
fprintf(stderr, "Error in gnutls session initialization: %s\n",
285
safer_gnutls_strerror(ret));
286
}
287
288
if ((ret = gnutls_priority_set_direct (es->session, "NORMAL", &err))
289
!= GNUTLS_E_SUCCESS) {
290
fprintf(stderr, "Syntax error at: %s\n", err);
291
fprintf(stderr, "Gnutls error: %s\n",
292
safer_gnutls_strerror(ret));
293
return -1;
294
}
295
296
if ((ret = gnutls_credentials_set
297
(es->session, GNUTLS_CRD_CERTIFICATE, es->cred))
298
!= GNUTLS_E_SUCCESS) {
299
fprintf(stderr, "Error setting a credentials set: %s\n",
300
safer_gnutls_strerror(ret));
301
return -1;
302
}
303
400
304
/* ignore client certificate if any. */
401
gnutls_certificate_server_set_request (*session,
402
GNUTLS_CERT_IGNORE);
305
gnutls_certificate_server_set_request (es->session, GNUTLS_CERT_IGNORE);
403
306
404
gnutls_dh_set_prime_bits (*session, mc->dh_bits);
307
gnutls_dh_set_prime_bits (es->session, DH_BITS);
405
308
406
309
return 0;
407
310
}
408
311
409
/* Avahi log function callback */
410
static void empty_log(__attribute__((unused)) AvahiLogLevel level,
411
__attribute__((unused)) const char *txt){}
312
void empty_log(AvahiLogLevel level, const char *txt){}
412
313
413
/* Called when a Mandos server is found */
414
static int start_mandos_communication(const char *ip, uint16_t port,
415
AvahiIfIndex if_index,
416
mandos_context *mc){
314
int start_mandos_communcation(char *ip, uint16_t port){
417
315
int ret, tcp_sd;
418
union { struct sockaddr in; struct sockaddr_in6 in6; } to;
316
struct sockaddr_in6 to;
317
struct in6_addr ip_addr;
318
encrypted_session es;
419
319
char *buffer = NULL;
420
320
char *decrypted_buffer;
421
321
size_t buffer_length = 0;
422
322
size_t buffer_capacity = 0;
423
323
ssize_t decrypted_buffer_size;
424
size_t written;
425
324
int retval = 0;
426
char interface[IF_NAMESIZE];
427
gnutls_session_t session;
428
429
ret = init_gnutls_session (mc, &session);
430
if (ret != 0){
431
return -1;
432
}
433
325
const char interface[] = "eth0";
326
434
327
if(debug){
435
fprintf(stderr, "Setting up a tcp connection to %s, port %d\n",
436
ip, port);
328
fprintf(stderr, "Setting up a tcp connection to %s\n", ip);
437
329
}
438
330
439
331
tcp_sd = socket(PF_INET6, SOCK_STREAM, 0);
443
335
}
444
336
445
337
if(debug){
446
if(if_indextoname((unsigned int)if_index, interface) == NULL){
447
perror("if_indextoname");
448
return -1;
449
}
450
338
fprintf(stderr, "Binding to interface %s\n", interface);
451
339
}
340
341
ret = setsockopt(tcp_sd, SOL_SOCKET, SO_BINDTODEVICE, interface, 5);
342
if(tcp_sd < 0) {
343
perror("setsockopt bindtodevice");
344
return -1;
345
}
452
346
453
memset(&to,0,sizeof(to)); /* Spurious warning */
454
to.in6.sin6_family = AF_INET6;
455
/* It would be nice to have a way to detect if we were passed an
456
IPv4 address here. Now we assume an IPv6 address. */
457
ret = inet_pton(AF_INET6, ip, &to.in6.sin6_addr);
347
memset(&to,0,sizeof(to));
348
to.sin6_family = AF_INET6;
349
ret = inet_pton(AF_INET6, ip, &ip_addr);
458
350
if (ret < 0 ){
459
351
perror("inet_pton");
460
352
return -1;
461
}
353
}
462
354
if(ret == 0){
463
355
fprintf(stderr, "Bad address: %s\n", ip);
464
356
return -1;
465
357
}
466
to.in6.sin6_port = htons(port); /* Spurious warning */
467
468
to.in6.sin6_scope_id = (uint32_t)if_index;
469
358
to.sin6_port = htons(port);
359
to.sin6_scope_id = if_nametoindex(interface);
360
470
361
if(debug){
471
fprintf(stderr, "Connection to: %s, port %d\n", ip, port);
472
char addrstr[INET6_ADDRSTRLEN] = "";
473
if(inet_ntop(to.in6.sin6_family, &(to.in6.sin6_addr), addrstr,
474
sizeof(addrstr)) == NULL){
475
perror("inet_ntop");
476
} else {
477
if(strcmp(addrstr, ip) != 0){
478
fprintf(stderr, "Canonical address form: %s\n", addrstr);
479
}
480
}
362
fprintf(stderr, "Connection to: %s\n", ip);
481
363
}
482
364
483
ret = connect(tcp_sd, &to.in, sizeof(to));
365
ret = connect(tcp_sd, (struct sockaddr *) &to, sizeof(to));
484
366
if (ret < 0){
485
367
perror("connect");
486
368
return -1;
487
369
}
370
371
ret = initgnutls (&es);
372
if (ret != 0){
373
retval = -1;
374
return -1;
375
}
376
377
378
gnutls_transport_set_ptr (es.session, (gnutls_transport_ptr_t) tcp_sd);
488
379
489
const char *out = mandos_protocol_version;
490
written = 0;
491
while (true){
492
size_t out_size = strlen(out);
493
ret = TEMP_FAILURE_RETRY(write(tcp_sd, out + written,
494
out_size - written));
495
if (ret == -1){
496
perror("write");
497
retval = -1;
498
goto mandos_end;
499
}
500
written += (size_t)ret;
501
if(written < out_size){
502
continue;
503
} else {
504
if (out == mandos_protocol_version){
505
written = 0;
506
out = "\r\n";
507
} else {
508
break;
509
}
510
}
511
}
512
513
380
if(debug){
514
fprintf(stderr, "Establishing TLS session with %s\n", ip);
381
fprintf(stderr, "Establishing tls session with %s\n", ip);
515
382
}
516
517
gnutls_transport_set_ptr (session, (gnutls_transport_ptr_t) tcp_sd);
518
519
ret = gnutls_handshake (session);
383
384
385
ret = gnutls_handshake (es.session);
520
386
521
387
if (ret != GNUTLS_E_SUCCESS){
522
if(debug){
523
fprintf(stderr, "*** GnuTLS Handshake failed ***\n");
524
gnutls_perror (ret);
525
}
388
fprintf(stderr, "\n*** Handshake failed ***\n");
389
gnutls_perror (ret);
526
390
retval = -1;
527
goto mandos_end;
391
goto exit;
528
392
}
529
530
/* Read OpenPGP packet that contains the wanted password */
531
393
394
//Retrieve gpg packet that contains the wanted password
395
532
396
if(debug){
533
fprintf(stderr, "Retrieving pgp encrypted password from %s\n",
534
ip);
397
fprintf(stderr, "Retrieving pgp encrypted password from %s\n", ip);
535
398
}
536
399
537
400
while(true){
538
buffer_capacity = adjustbuffer(&buffer, buffer_length,
539
buffer_capacity);
540
if (buffer_capacity == 0){
541
perror("adjustbuffer");
542
retval = -1;
543
goto mandos_end;
401
if (buffer_length + BUFFER_SIZE > buffer_capacity){
402
buffer = realloc(buffer, buffer_capacity + BUFFER_SIZE);
403
if (buffer == NULL){
404
perror("realloc");
405
goto exit;
406
}
407
buffer_capacity += BUFFER_SIZE;
544
408
}
545
409
546
ret = gnutls_record_recv(session, buffer+buffer_length,
547
BUFFER_SIZE);
410
ret = gnutls_record_recv
411
(es.session, buffer+buffer_length, BUFFER_SIZE);
548
412
if (ret == 0){
549
413
break;
550
414
}
554
418
case GNUTLS_E_AGAIN:
555
419
break;
556
420
case GNUTLS_E_REHANDSHAKE:
557
ret = gnutls_handshake (session);
421
ret = gnutls_handshake (es.session);
558
422
if (ret < 0){
559
fprintf(stderr, "*** GnuTLS Re-handshake failed ***\n");
423
fprintf(stderr, "\n*** Handshake failed ***\n");
560
424
gnutls_perror (ret);
561
425
retval = -1;
562
goto mandos_end;
426
goto exit;
563
427
}
564
428
break;
565
429
default:
566
fprintf(stderr, "Unknown error while reading data from"
567
" encrypted session with Mandos server\n");
430
fprintf(stderr, "Unknown error while reading data from encrypted session with mandos server\n");
568
431
retval = -1;
569
gnutls_bye (session, GNUTLS_SHUT_RDWR);
570
goto mandos_end;
432
gnutls_bye (es.session, GNUTLS_SHUT_RDWR);
433
goto exit;
571
434
}
572
435
} else {
573
buffer_length += (size_t) ret;
436
buffer_length += ret;
574
437
}
575
438
}
576
439
577
if(debug){
578
fprintf(stderr, "Closing TLS session\n");
579
}
580
581
gnutls_bye (session, GNUTLS_SHUT_RDWR);
582
583
440
if (buffer_length > 0){
584
decrypted_buffer_size = pgp_packet_decrypt(buffer,
585
buffer_length,
586
&decrypted_buffer,
587
keydir);
588
if (decrypted_buffer_size >= 0){
589
written = 0;
590
while(written < (size_t) decrypted_buffer_size){
591
ret = (int)fwrite (decrypted_buffer + written, 1,
592
(size_t)decrypted_buffer_size - written,
593
stdout);
594
if(ret == 0 and ferror(stdout)){
595
if(debug){
596
fprintf(stderr, "Error writing encrypted data: %s\n",
597
strerror(errno));
598
}
599
retval = -1;
600
break;
601
}
602
written += (size_t)ret;
603
}
441
if ((decrypted_buffer_size = gpg_packet_decrypt(buffer, buffer_length, &decrypted_buffer, CERT_ROOT)) >= 0){
442
fwrite (decrypted_buffer, 1, decrypted_buffer_size, stdout);
604
443
free(decrypted_buffer);
605
444
} else {
606
445
retval = -1;
607
446
}
608
447
}
609
610
/* Shutdown procedure */
611
612
mandos_end:
448
449
//shutdown procedure
450
451
if(debug){
452
fprintf(stderr, "Closing tls session\n");
453
}
454
613
455
free(buffer);
456
gnutls_bye (es.session, GNUTLS_SHUT_RDWR);
457
exit:
614
458
close(tcp_sd);
615
gnutls_deinit (session);
459
gnutls_deinit (es.session);
460
gnutls_certificate_free_credentials (es.cred);
461
gnutls_global_deinit ();
616
462
return retval;
617
463
}
618
464
619
static void resolve_callback(AvahiSServiceResolver *r,
620
AvahiIfIndex interface,
621
AVAHI_GCC_UNUSED AvahiProtocol protocol,
622
AvahiResolverEvent event,
623
const char *name,
624
const char *type,
625
const char *domain,
626
const char *host_name,
627
const AvahiAddress *address,
628
uint16_t port,
629
AVAHI_GCC_UNUSED AvahiStringList *txt,
630
AVAHI_GCC_UNUSED AvahiLookupResultFlags
631
flags,
632
void* userdata) {
633
mandos_context *mc = userdata;
634
assert(r); /* Spurious warning */
635
636
/* Called whenever a service has been resolved successfully or
637
timed out */
638
639
switch (event) {
640
default:
641
case AVAHI_RESOLVER_FAILURE:
642
fprintf(stderr, "(Avahi Resolver) Failed to resolve service '%s'"
643
" of type '%s' in domain '%s': %s\n", name, type, domain,
644
avahi_strerror(avahi_server_errno(mc->server)));
645
break;
646
647
case AVAHI_RESOLVER_FOUND:
648
{
649
char ip[AVAHI_ADDRESS_STR_MAX];
650
avahi_address_snprint(ip, sizeof(ip), address);
651
if(debug){
652
fprintf(stderr, "Mandos server \"%s\" found on %s (%s, %d) on"
653
" port %d\n", name, host_name, ip, interface, port);
654
}
655
int ret = start_mandos_communication(ip, port, interface, mc);
656
if (ret == 0){
657
exit(EXIT_SUCCESS);
658
}
659
}
660
}
661
avahi_s_service_resolver_free(r);
662
}
663
664
static void browse_callback( AvahiSServiceBrowser *b,
665
AvahiIfIndex interface,
666
AvahiProtocol protocol,
667
AvahiBrowserEvent event,
668
const char *name,
669
const char *type,
670
const char *domain,
671
AVAHI_GCC_UNUSED AvahiLookupResultFlags
672
flags,
673
void* userdata) {
674
mandos_context *mc = userdata;
675
assert(b); /* Spurious warning */
676
677
/* Called whenever a new services becomes available on the LAN or
678
is removed from the LAN */
679
680
switch (event) {
681
default:
682
case AVAHI_BROWSER_FAILURE:
683
684
fprintf(stderr, "(Avahi browser) %s\n",
685
avahi_strerror(avahi_server_errno(mc->server)));
686
avahi_simple_poll_quit(mc->simple_poll);
687
return;
688
689
case AVAHI_BROWSER_NEW:
690
/* We ignore the returned Avahi resolver object. In the callback
691
function we free it. If the Avahi server is terminated before
692
the callback function is called the Avahi server will free the
693
resolver for us. */
694
695
if (!(avahi_s_service_resolver_new(mc->server, interface,
696
protocol, name, type, domain,
697
AVAHI_PROTO_INET6, 0,
698
resolve_callback, mc)))
699
fprintf(stderr, "Avahi: Failed to resolve service '%s': %s\n",
700
name, avahi_strerror(avahi_server_errno(mc->server)));
701
break;
702
703
case AVAHI_BROWSER_REMOVE:
704
break;
705
706
case AVAHI_BROWSER_ALL_FOR_NOW:
707
case AVAHI_BROWSER_CACHE_EXHAUSTED:
708
if(debug){
709
fprintf(stderr, "No Mandos server found, still searching...\n");
710
}
711
break;
712
}
713
}
714
715
/* Combines file name and path and returns the malloced new
716
string. some sane checks could/should be added */
717
static const char *combinepath(const char *first, const char *second){
718
size_t f_len = strlen(first);
719
size_t s_len = strlen(second);
720
char *tmp = malloc(f_len + s_len + 2);
721
if (tmp == NULL){
722
return NULL;
723
}
724
if(f_len > 0){
725
memcpy(tmp, first, f_len); /* Spurious warning */
726
}
727
tmp[f_len] = '/';
728
if(s_len > 0){
729
memcpy(tmp + f_len + 1, second, s_len); /* Spurious warning */
730
}
731
tmp[f_len + 1 + s_len] = '\0';
732
return tmp;
733
}
734
735
736
int main(int argc, char *argv[]){
465
static AvahiSimplePoll *simple_poll = NULL;
466
static AvahiServer *server = NULL;
467
468
static void resolve_callback(
469
AvahiSServiceResolver *r,
470
AVAHI_GCC_UNUSED AvahiIfIndex interface,
471
AVAHI_GCC_UNUSED AvahiProtocol protocol,
472
AvahiResolverEvent event,
473
const char *name,
474
const char *type,
475
const char *domain,
476
const char *host_name,
477
const AvahiAddress *address,
478
uint16_t port,
479
AvahiStringList *txt,
480
AvahiLookupResultFlags flags,
481
AVAHI_GCC_UNUSED void* userdata) {
482
483
assert(r);
484
485
/* Called whenever a service has been resolved successfully or timed out */
486
487
switch (event) {
488
case AVAHI_RESOLVER_FAILURE:
489
fprintf(stderr, "(Resolver) Failed to resolve service '%s' of type '%s' in domain '%s': %s\n", name, type, domain, avahi_strerror(avahi_server_errno(server)));
490
break;
491
492
case AVAHI_RESOLVER_FOUND: {
493
char ip[AVAHI_ADDRESS_STR_MAX];
494
avahi_address_snprint(ip, sizeof(ip), address);
495
if(debug){
496
fprintf(stderr, "Mandos server found at %s on port %d\n", ip, port);
497
}
498
int ret = start_mandos_communcation(ip, port);
499
if (ret == 0){
500
exit(EXIT_SUCCESS);
501
} else {
502
exit(EXIT_FAILURE);
503
}
504
}
505
}
506
avahi_s_service_resolver_free(r);
507
}
508
509
static void browse_callback(
510
AvahiSServiceBrowser *b,
511
AvahiIfIndex interface,
512
AvahiProtocol protocol,
513
AvahiBrowserEvent event,
514
const char *name,
515
const char *type,
516
const char *domain,
517
AVAHI_GCC_UNUSED AvahiLookupResultFlags flags,
518
void* userdata) {
519
520
AvahiServer *s = userdata;
521
assert(b);
522
523
/* Called whenever a new services becomes available on the LAN or is removed from the LAN */
524
525
switch (event) {
526
527
case AVAHI_BROWSER_FAILURE:
528
529
fprintf(stderr, "(Browser) %s\n", avahi_strerror(avahi_server_errno(server)));
530
avahi_simple_poll_quit(simple_poll);
531
return;
532
533
case AVAHI_BROWSER_NEW:
534
/* We ignore the returned resolver object. In the callback
535
function we free it. If the server is terminated before
536
the callback function is called the server will free
537
the resolver for us. */
538
539
if (!(avahi_s_service_resolver_new(s, interface, protocol, name, type, domain, AVAHI_PROTO_INET6, 0, resolve_callback, s)))
540
fprintf(stderr, "Failed to resolve service '%s': %s\n", name, avahi_strerror(avahi_server_errno(s)));
541
542
break;
543
544
case AVAHI_BROWSER_REMOVE:
545
break;
546
547
case AVAHI_BROWSER_ALL_FOR_NOW:
548
case AVAHI_BROWSER_CACHE_EXHAUSTED:
549
break;
550
}
551
}
552
553
int main(AVAHI_GCC_UNUSED int argc, AVAHI_GCC_UNUSED char*argv[]) {
554
AvahiServerConfig config;
737
555
AvahiSServiceBrowser *sb = NULL;
556
const char db[] = "--debug";
738
557
int error;
739
int ret;
740
int exitcode = EXIT_SUCCESS;
741
const char *interface = "eth0";
742
struct ifreq network;
743
int sd;
744
uid_t uid;
745
gid_t gid;
746
char *connect_to = NULL;
747
AvahiIfIndex if_index = AVAHI_IF_UNSPEC;
748
const char *pubkeyfile = "pubkey.txt";
749
const char *seckeyfile = "seckey.txt";
750
mandos_context mc = { .simple_poll = NULL, .server = NULL,
751
.dh_bits = 1024, .priority = "SECURE256"};
752
bool gnutls_initalized = false;
558
int ret = 1;
559
int returncode = EXIT_SUCCESS;
560
char *basename = rindex(argv[0], '/');
561
if(basename == NULL){
562
basename = argv[0];
563
} else {
564
basename++;
565
}
753
566
754
{
755
struct argp_option options[] = {
756
{ .name = "debug", .key = 128,
757
.doc = "Debug mode", .group = 3 },
758
{ .name = "connect", .key = 'c',
759
.arg = "IP",
760
.doc = "Connect directly to a sepcified mandos server",
761
.group = 1 },
762
{ .name = "interface", .key = 'i',
763
.arg = "INTERFACE",
764
.doc = "Interface that Avahi will conntect through",
765
.group = 1 },
766
{ .name = "keydir", .key = 'd',
767
.arg = "KEYDIR",
768
.doc = "Directory where the openpgp keyring is",
769
.group = 1 },
770
{ .name = "seckey", .key = 's',
771
.arg = "SECKEY",
772
.doc = "Secret openpgp key for gnutls authentication",
773
.group = 1 },
774
{ .name = "pubkey", .key = 'p',
775
.arg = "PUBKEY",
776
.doc = "Public openpgp key for gnutls authentication",
777
.group = 2 },
778
{ .name = "dh-bits", .key = 129,
779
.arg = "BITS",
780
.doc = "dh-bits to use in gnutls communication",
781
.group = 2 },
782
{ .name = "priority", .key = 130,
783
.arg = "PRIORITY",
784
.doc = "GNUTLS priority", .group = 1 },
785
{ .name = NULL }
786
};
567
char *program_name = malloc(strlen(basename) + sizeof(db));
787
568
788
789
error_t parse_opt (int key, char *arg,
790
struct argp_state *state) {
791
/* Get the INPUT argument from `argp_parse', which we know is
792
a pointer to our plugin list pointer. */
793
switch (key) {
794
case 128:
795
debug = true;
796
break;
797
case 'c':
798
connect_to = arg;
799
break;
800
case 'i':
801
interface = arg;
802
break;
803
case 'd':
804
keydir = arg;
805
break;
806
case 's':
807
seckeyfile = arg;
808
break;
809
case 'p':
810
pubkeyfile = arg;
811
break;
812
case 129:
813
errno = 0;
814
mc.dh_bits = (unsigned int) strtol(arg, NULL, 10);
815
if (errno){
816
perror("strtol");
817
exit(EXIT_FAILURE);
569
if (program_name == NULL){
570
perror("argv[0]");
571
return EXIT_FAILURE;
572
}
573
574
program_name[0] = '\0';
575
576
for (int i = 1; i < argc; i++){
577
if (not strncmp(argv[i], db, 5)){
578
strcat(strcat(strcat(program_name, db ), "="), basename);
579
if(not strcmp(argv[i], db) or not strcmp(argv[i], program_name)){
580
debug = true;
818
581
}
819
break;
820
case 130:
821
mc.priority = arg;
822
break;
823
case ARGP_KEY_ARG:
824
argp_usage (state);
825
break;
826
case ARGP_KEY_END:
827
break;
828
default:
829
return ARGP_ERR_UNKNOWN;
830
}
831
return 0;
832
}
833
834
struct argp argp = { .options = options, .parser = parse_opt,
835
.args_doc = "",
836
.doc = "Mandos client -- Get and decrypt"
837
" passwords from mandos server" };
838
argp_parse (&argp, argc, argv, 0, 0, NULL);
839
}
840
841
pubkeyfile = combinepath(keydir, pubkeyfile);
842
if (pubkeyfile == NULL){
843
perror("combinepath");
844
exitcode = EXIT_FAILURE;
845
goto end;
846
}
847
848
seckeyfile = combinepath(keydir, seckeyfile);
849
if (seckeyfile == NULL){
850
perror("combinepath");
851
goto end;
852
}
853
854
ret = init_gnutls_global(&mc, pubkeyfile, seckeyfile);
855
if (ret == -1){
856
fprintf(stderr, "init_gnutls_global\n");
857
goto end;
858
} else {
859
gnutls_initalized = true;
860
}
861
862
uid = getuid();
863
gid = getgid();
864
865
ret = setuid(uid);
866
if (ret == -1){
867
perror("setuid");
868
}
869
870
setgid(gid);
871
if (ret == -1){
872
perror("setgid");
873
}
874
875
if_index = (AvahiIfIndex) if_nametoindex(interface);
876
if(if_index == 0){
877
fprintf(stderr, "No such interface: \"%s\"\n", interface);
878
exit(EXIT_FAILURE);
879
}
880
881
if(connect_to != NULL){
882
/* Connect directly, do not use Zeroconf */
883
/* (Mainly meant for debugging) */
884
char *address = strrchr(connect_to, ':');
885
if(address == NULL){
886
fprintf(stderr, "No colon in address\n");
887
exitcode = EXIT_FAILURE;
888
goto end;
889
}
890
errno = 0;
891
uint16_t port = (uint16_t) strtol(address+1, NULL, 10);
892
if(errno){
893
perror("Bad port number");
894
exitcode = EXIT_FAILURE;
895
goto end;
896
}
897
*address = '\0';
898
address = connect_to;
899
ret = start_mandos_communication(address, port, if_index, &mc);
900
if(ret < 0){
901
exitcode = EXIT_FAILURE;
902
} else {
903
exitcode = EXIT_SUCCESS;
904
}
905
goto end;
906
}
907
908
/* If the interface is down, bring it up */
909
{
910
sd = socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP);
911
if(sd < 0) {
912
perror("socket");
913
exitcode = EXIT_FAILURE;
914
goto end;
915
}
916
strcpy(network.ifr_name, interface); /* Spurious warning */
917
ret = ioctl(sd, SIOCGIFFLAGS, &network);
918
if(ret == -1){
919
perror("ioctl SIOCGIFFLAGS");
920
exitcode = EXIT_FAILURE;
921
goto end;
922
}
923
if((network.ifr_flags & IFF_UP) == 0){
924
network.ifr_flags |= IFF_UP;
925
ret = ioctl(sd, SIOCSIFFLAGS, &network);
926
if(ret == -1){
927
perror("ioctl SIOCSIFFLAGS");
928
exitcode = EXIT_FAILURE;
929
goto end;
930
}
931
}
932
close(sd);
933
}
934
582
}
583
}
584
free(program_name);
585
935
586
if (not debug){
936
587
avahi_set_log_function(empty_log);
937
588
}
938
589
939
/* Initialize the pseudo-RNG for Avahi */
940
srand((unsigned int) time(NULL));
941
942
/* Allocate main Avahi loop object */
943
mc.simple_poll = avahi_simple_poll_new();
944
if (mc.simple_poll == NULL) {
945
fprintf(stderr, "Avahi: Failed to create simple poll"
946
" object.\n");
947
exitcode = EXIT_FAILURE;
948
goto end;
949
}
950
951
{
952
AvahiServerConfig config;
953
/* Do not publish any local Zeroconf records */
954
avahi_server_config_init(&config);
955
config.publish_hinfo = 0;
956
config.publish_addresses = 0;
957
config.publish_workstation = 0;
958
config.publish_domain = 0;
959
960
/* Allocate a new server */
961
mc.server = avahi_server_new(avahi_simple_poll_get
962
(mc.simple_poll), &config, NULL,
963
NULL, &error);
964
965
/* Free the Avahi configuration data */
966
avahi_server_config_free(&config);
967
}
968
969
/* Check if creating the Avahi server object succeeded */
970
if (mc.server == NULL) {
971
fprintf(stderr, "Failed to create Avahi server: %s\n",
972
avahi_strerror(error));
973
exitcode = EXIT_FAILURE;
974
goto end;
975
}
976
977
/* Create the Avahi service browser */
978
sb = avahi_s_service_browser_new(mc.server, if_index,
979
AVAHI_PROTO_INET6,
980
"_mandos._tcp", NULL, 0,
981
browse_callback, &mc);
982
if (sb == NULL) {
983
fprintf(stderr, "Failed to create service browser: %s\n",
984
avahi_strerror(avahi_server_errno(mc.server)));
985
exitcode = EXIT_FAILURE;
986
goto end;
590
/* Initialize the psuedo-RNG */
591
srand(time(NULL));
592
593
/* Allocate main loop object */
594
if (!(simple_poll = avahi_simple_poll_new())) {
595
fprintf(stderr, "Failed to create simple poll object.\n");
596
597
goto exit;
598
}
599
600
/* Do not publish any local records */
601
avahi_server_config_init(&config);
602
config.publish_hinfo = 0;
603
config.publish_addresses = 0;
604
config.publish_workstation = 0;
605
config.publish_domain = 0;
606
607
/* Allocate a new server */
608
server = avahi_server_new(avahi_simple_poll_get(simple_poll), &config, NULL, NULL, &error);
609
610
/* Free the configuration data */
611
avahi_server_config_free(&config);
612
613
/* Check if creating the server object succeeded */
614
if (!server) {
615
fprintf(stderr, "Failed to create server: %s\n", avahi_strerror(error));
616
returncode = EXIT_FAILURE;
617
goto exit;
618
}
619
620
/* Create the service browser */
621
if (!(sb = avahi_s_service_browser_new(server, if_nametoindex("eth0"), AVAHI_PROTO_INET6, "_mandos._tcp", NULL, 0, browse_callback, server))) {
622
fprintf(stderr, "Failed to create service browser: %s\n", avahi_strerror(avahi_server_errno(server)));
623
returncode = EXIT_FAILURE;
624
goto exit;
987
625
}
988
626
989
627
/* Run the main loop */
990
628
991
629
if (debug){
992
fprintf(stderr, "Starting Avahi loop search\n");
630
fprintf(stderr, "Starting avahi loop search\n");
993
631
}
994
632
995
avahi_simple_poll_loop(mc.simple_poll);
633
avahi_simple_poll_loop(simple_poll);
996
634
997
end:
635
exit:
998
636
999
637
if (debug){
1000
638
fprintf(stderr, "%s exiting\n", argv[0]);
1001
639
}
1002
640
1003
641
/* Cleanup things */
1004
if (sb != NULL)
642
if (sb)
1005
643
avahi_s_service_browser_free(sb);
1006
644
1007
if (mc.server != NULL)
1008
avahi_server_free(mc.server);
1009
1010
if (mc.simple_poll != NULL)
1011
avahi_simple_poll_free(mc.simple_poll);
1012
free(pubkeyfile);
1013
free(seckeyfile);
1014
1015
if (gnutls_initalized){
1016
gnutls_certificate_free_credentials (mc.cred);
1017
gnutls_global_deinit ();
1018
}
1019
1020
return exitcode;
645
if (server)
646
avahi_server_free(server);
647
648
if (simple_poll)
649
avahi_simple_poll_free(simple_poll);
650
651
return ret;
1021
652
}
Loggerhead is a web-based interface for Breezy
Version: 2.0.2.dev0