/mandos/trunk : revision 24.1.51

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to plugins.d/password-request.c

Committer: Björn Påhlsson
Date: 2008-08-15 20:17:32 UTC
mto: (24.1.154 mandos) (237.4.3 mandos-release)
mto: This revision was merged to the branch mainline in revision 77.
Revision ID: belorn@braxen-20080815201732-b7uux3yqs05b3fy9

Added configuration files support for mandos-client
Removed plus argument support for mandos-client

files added:
COPYING

initramfs-tools-hook

initramfs-tools-hook-conf

mandos-client.xml

mandos-clients.conf.xml

mandos-keygen

mandos.conf.xml

mandos.xml

network-protocol.txt

plugins.d/password-prompt.xml

plugins.d/password-request.xml

files removed:
ca.pem

cert.pem

client-cert.pem

client-key.pem

crl.pem

key.pem

files renamed:
server.py => mandos

plugbasedclient.c => mandos-client.c

server.conf => mandos.conf

plugins.d/passprompt.c => plugins.d/password-prompt.c

plugins.d/mandosclient.c => plugins.d/password-request.c

files modified:
Makefile

TODO

clients.conf

Show diffs side-by-side

added added

removed removed

plugins.d/password-request.c

#define _LARGEFILE_SOURCE

#define _FILE_OFFSET_BITS 64

#include <stdio.h>

#include <assert.h>

#include <stdlib.h>

#include <time.h>

#include <net/if.h> /* if_nametoindex */

#include <sys/ioctl.h> // ioctl, ifreq, SIOCGIFFLAGS, IFF_UP, SIOCSIFFLAGS

#include <net/if.h> // ioctl, ifreq, SIOCGIFFLAGS, IFF_UP, SIOCSIFFLAGS

#define _GNU_SOURCE /* TEMP_FAILURE_RETRY() */

#include <stdio.h> /* fprintf(), stderr, fwrite(), stdout,

ferror() */

#include <stdint.h> /* uint16_t, uint32_t */

#include <stddef.h> /* NULL, size_t, ssize_t */

#include <stdlib.h> /* free(), EXIT_SUCCESS, EXIT_FAILURE,

srand() */

#include <stdbool.h> /* bool, true */

#include <string.h> /* memset(), strcmp(), strlen(),

strerror(), memcpy(), strcpy() */

#include <sys/ioctl.h> /* ioctl */

#include <sys/types.h> /* socket(), inet_pton(), sockaddr,

sockaddr_in6, PF_INET6,

SOCK_STREAM, INET6_ADDRSTRLEN,

uid_t, gid_t */

#include <inttypes.h> /* PRIu16 */

#include <sys/socket.h> /* socket(), struct sockaddr_in6,

struct in6_addr, inet_pton(),

connect() */

#include <assert.h> /* assert() */

#include <errno.h> /* perror(), errno */

#include <time.h> /* time() */

#include <net/if.h> /* ioctl, ifreq, SIOCGIFFLAGS, IFF_UP,

SIOCSIFFLAGS, if_indextoname(),

if_nametoindex(), IF_NAMESIZE */

#include <unistd.h> /* close(), SEEK_SET, off_t, write(),

getuid(), getgid(), setuid(),

setgid() */

#include <netinet/in.h>

#include <arpa/inet.h> /* inet_pton(), htons */

#include <iso646.h> /* not, and */

#include <argp.h> /* struct argp_option, error_t, struct

argp_state, struct argp,

argp_parse(), ARGP_KEY_ARG,

ARGP_KEY_END, ARGP_ERR_UNKNOWN */

/* Avahi */

/* All Avahi types, constants and functions

Avahi*, avahi_*,

AVAHI_* */

#include <avahi-core/core.h>

#include <avahi-core/lookup.h>

#include <avahi-core/log.h>

#include <avahi-common/malloc.h>

#include <avahi-common/error.h>

//mandos client part

#include <sys/types.h> /* socket(), inet_pton() */

#include <sys/socket.h> /* socket(), struct sockaddr_in6,

struct in6_addr, inet_pton() */

#include <gnutls/gnutls.h> /* All GnuTLS stuff */

#include <gnutls/openpgp.h> /* GnuTLS with openpgp stuff */

#include <unistd.h> /* close() */

#include <netinet/in.h>

#include <stdbool.h> /* true */

#include <string.h> /* memset */

#include <arpa/inet.h> /* inet_pton() */

#include <iso646.h> /* not */

// gpgme

#include <errno.h> /* perror() */

#include <gpgme.h>

// getopt long

#include <getopt.h>

/* GnuTLS */

#include <gnutls/gnutls.h> /* All GnuTLS types, constants and functions

gnutls_*

init_gnutls_session(),

GNUTLS_* */

#include <gnutls/openpgp.h> /* gnutls_certificate_set_openpgp_key_file(),

GNUTLS_OPENPGP_FMT_BASE64 */

/* GPGME */

#include <gpgme.h> /* All GPGME types, constants and functions

gpgme_*

GPGME_PROTOCOL_OpenPGP,

GPG_ERR_NO_* */

#define BUFFER_SIZE 256

#define DH_BITS 1024

static const char *certdir = "/conf/conf.d/mandos";

static const char *certfile = "openpgp-client.txt";

static const char *certkey = "openpgp-client-key.txt";

bool debug = false;

100

static const char *keydir = "/conf/conf.d/mandos";

101

static const char mandos_protocol_version[] = "1";

102

const char *argp_program_version = "password-request 1.0";

103

const char *argp_program_bug_address = "<mandos@fukt.bsnet.se>";

104

105

/* Used for passing in values through the Avahi callback functions */

106

typedef struct {

gnutls_session_t session;

107

AvahiSimplePoll *simple_poll;

108

AvahiServer *server;

109

gnutls_certificate_credentials_t cred;

110

unsigned int dh_bits;

111

gnutls_dh_params_t dh_params;

} encrypted_session;

static ssize_t pgp_packet_decrypt (char *packet, size_t packet_size,

char **new_packet,

112

const char *priority;

113

} mandos_context;

114

115

116

* Make room in "buffer" for at least BUFFER_SIZE additional bytes.

117

* "buffer_capacity" is how much is currently allocated,

118

* "buffer_length" is how much is already used.

119

120

size_t adjustbuffer(char **buffer, size_t buffer_length,

121

size_t buffer_capacity){

122

if (buffer_length + BUFFER_SIZE > buffer_capacity){

123

*buffer = realloc(*buffer, buffer_capacity + BUFFER_SIZE);

124

if (buffer == NULL){

125

return 0;

126

}

127

buffer_capacity += BUFFER_SIZE;

128

}

129

return buffer_capacity;

130

}

131

132

133

* Decrypt OpenPGP data using keyrings in HOMEDIR.

134

* Returns -1 on error

135

136

static ssize_t pgp_packet_decrypt (const char *cryptotext,

137

size_t crypto_size,

138

char **plaintext,

139

const char *homedir){

140

gpgme_data_t dh_crypto, dh_plain;

141

gpgme_ctx_t ctx;

142

gpgme_error_t rc;

143

ssize_t ret;

ssize_t new_packet_capacity = 0;

ssize_t new_packet_length = 0;

144

size_t plaintext_capacity = 0;

145

ssize_t plaintext_length = 0;

146

gpgme_engine_info_t engine_info;

147

148

if (debug){

fprintf(stderr, "Trying to decrypt OpenPGP packet\n");

149

fprintf(stderr, "Trying to decrypt OpenPGP data\n");

100

150

}

101

151

102

152

/* Init GPGME */

108

158

return -1;

109

159

}

110

160

111

/* Set GPGME home directory */

161

/* Set GPGME home directory for the OpenPGP engine only */

112

162

rc = gpgme_get_engine_info (&engine_info);

113

163

if (rc != GPG_ERR_NO_ERROR){

114

164

fprintf(stderr, "bad gpgme_get_engine_info: %s: %s\n",

124

174

engine_info = engine_info->next;

125

175

}

126

176

if(engine_info == NULL){

127

fprintf(stderr, "Could not set home dir to %s\n", homedir);

177

fprintf(stderr, "Could not set GPGME home dir to %s\n", homedir);

128

178

return -1;

129

179

}

130

180

131

/* Create new GPGME data buffer from packet buffer */

132

rc = gpgme_data_new_from_mem(&dh_crypto, packet, packet_size, 0);

181

/* Create new GPGME data buffer from memory cryptotext */

182

rc = gpgme_data_new_from_mem(&dh_crypto, cryptotext, crypto_size,

183

0);

133

184

if (rc != GPG_ERR_NO_ERROR){

134

185

fprintf(stderr, "bad gpgme_data_new_from_mem: %s: %s\n",

135

186

gpgme_strsource(rc), gpgme_strerror(rc));

141

192

if (rc != GPG_ERR_NO_ERROR){

142

193

fprintf(stderr, "bad gpgme_data_new: %s: %s\n",

143

194

gpgme_strsource(rc), gpgme_strerror(rc));

195

gpgme_data_release(dh_crypto);

144

196

return -1;

145

197

}

146

198

149

201

if (rc != GPG_ERR_NO_ERROR){

150

202

fprintf(stderr, "bad gpgme_new: %s: %s\n",

151

203

gpgme_strsource(rc), gpgme_strerror(rc));

152

return -1;

204

plaintext_length = -1;

205

goto decrypt_end;

153

206

}

154

207

155

/* Decrypt data from the FILE pointer to the plaintext data

156

buffer */

208

/* Decrypt data from the cryptotext data buffer to the plaintext

209

data buffer */

157

210

rc = gpgme_op_decrypt(ctx, dh_crypto, dh_plain);

158

211

if (rc != GPG_ERR_NO_ERROR){

159

212

fprintf(stderr, "bad gpgme_op_decrypt: %s: %s\n",

160

213

gpgme_strsource(rc), gpgme_strerror(rc));

161

return -1;

214

plaintext_length = -1;

215

goto decrypt_end;

162

216

}

163

217

164

218

if(debug){

165

fprintf(stderr, "Decryption of OpenPGP packet succeeded\n");

219

fprintf(stderr, "Decryption of OpenPGP data succeeded\n");

166

220

}

167

221

168

222

if (debug){

169

223

gpgme_decrypt_result_t result;

170

224

result = gpgme_op_decrypt_result(ctx);

173

227

} else {

174

228

fprintf(stderr, "Unsupported algorithm: %s\n",

175

229

result->unsupported_algorithm);

176

fprintf(stderr, "Wrong key usage: %d\n",

230

fprintf(stderr, "Wrong key usage: %u\n",

177

231

result->wrong_key_usage);

178

232

if(result->file_name != NULL){

179

233

fprintf(stderr, "File name: %s\n", result->file_name);

194

248

}

195

249

}

196

250

197

/* Delete the GPGME FILE pointer cryptotext data buffer */

198

gpgme_data_release(dh_crypto);

199

200

251

/* Seek back to the beginning of the GPGME plaintext data buffer */

201

252

if (gpgme_data_seek(dh_plain, (off_t) 0, SEEK_SET) == -1){

202

253

perror("pgpme_data_seek");

254

plaintext_length = -1;

255

goto decrypt_end;

203

256

}

204

257

205

*new_packet = 0;

258

*plaintext = NULL;

206

259

while(true){

207

if (new_packet_length + BUFFER_SIZE > new_packet_capacity){

208

*new_packet = realloc(*new_packet,

209

(unsigned int)new_packet_capacity

210

+ BUFFER_SIZE);

211

if (*new_packet == NULL){

212

perror("realloc");

213

return -1;

214

}

215

new_packet_capacity += BUFFER_SIZE;

260

plaintext_capacity = adjustbuffer(plaintext,

261

(size_t)plaintext_length,

262

plaintext_capacity);

263

if (plaintext_capacity == 0){

264

perror("adjustbuffer");

265

plaintext_length = -1;

266

goto decrypt_end;

216

267

}

217

268

218

ret = gpgme_data_read(dh_plain, *new_packet + new_packet_length,

269

ret = gpgme_data_read(dh_plain, *plaintext + plaintext_length,

219

270

BUFFER_SIZE);

220

271

/* Print the data, if any */

221

272

if (ret == 0){

273

/* EOF */

222

274

break;

223

275

}

224

276

if(ret < 0){

225

277

perror("gpgme_data_read");

226

return -1;

278

plaintext_length = -1;

279

goto decrypt_end;

227

280

}

228

new_packet_length += ret;

281

plaintext_length += ret;

229

282

}

230

283

231

/* FIXME: check characters before printing to screen so to not print

232

terminal control characters */

233

/* if(debug){ */

234

/* fprintf(stderr, "decrypted password is: "); */

235

/* fwrite(*new_packet, 1, new_packet_length, stderr); */

236

/* fprintf(stderr, "\n"); */

237

/* } */

284

if(debug){

285

fprintf(stderr, "Decrypted password is: ");

286

for(ssize_t i = 0; i < plaintext_length; i++){

287

fprintf(stderr, "%02hhX ", (*plaintext)[i]);

288

}

289

fprintf(stderr, "\n");

290

}

291

292

decrypt_end:

293

294

/* Delete the GPGME cryptotext data buffer */

295

gpgme_data_release(dh_crypto);

238

296

239

297

/* Delete the GPGME plaintext data buffer */

240

298

gpgme_data_release(dh_plain);

241

return new_packet_length;

299

return plaintext_length;

242

300

}

243

301

244

302

static const char * safer_gnutls_strerror (int value) {

248

306

return ret;

249

307

}

250

308

309

/* GnuTLS log function callback */

251

310

static void debuggnutls(__attribute__((unused)) int level,

252

311

const char* string){

253

fprintf(stderr, "%s", string);

312

fprintf(stderr, "GnuTLS: %s", string);

254

313

}

255

314

256

static int initgnutls(encrypted_session *es){

257

const char *err;

315

static int init_gnutls_global(mandos_context *mc,

316

const char *pubkeyfile,

317

const char *seckeyfile){

258

318

int ret;

259

319

260

320

if(debug){

261

321

fprintf(stderr, "Initializing GnuTLS\n");

262

322

}

263

264

if ((ret = gnutls_global_init ())

265

!= GNUTLS_E_SUCCESS) {

266

fprintf (stderr, "global_init: %s\n", safer_gnutls_strerror(ret));

323

324

ret = gnutls_global_init();

325

if (ret != GNUTLS_E_SUCCESS) {

326

fprintf (stderr, "GnuTLS global_init: %s\n",

327

safer_gnutls_strerror(ret));

267

328

return -1;

268

329

}

269

330

270

331

if (debug){

332

/* "Use a log level over 10 to enable all debugging options."

333

* - GnuTLS manual

334

271

335

gnutls_global_set_log_level(11);

272

336

gnutls_global_set_log_function(debuggnutls);

273

337

}

274

338

275

/* openpgp credentials */

276

if ((ret = gnutls_certificate_allocate_credentials (&es->cred))

277

!= GNUTLS_E_SUCCESS) {

278

fprintf (stderr, "memory error: %s\n",

339

/* OpenPGP credentials */

340

gnutls_certificate_allocate_credentials(&mc->cred);

341

if (ret != GNUTLS_E_SUCCESS){

342

fprintf (stderr, "GnuTLS memory error: %s\n",

279

343

safer_gnutls_strerror(ret));

344

gnutls_global_deinit ();

280

345

return -1;

281

346

}

282

347

283

348

if(debug){

284

349

fprintf(stderr, "Attempting to use OpenPGP certificate %s"

285

" and keyfile %s as GnuTLS credentials\n", certfile,

286

certkey);

350

" and keyfile %s as GnuTLS credentials\n", pubkeyfile,

351

seckeyfile);

287

352

}

288

353

289

354

ret = gnutls_certificate_set_openpgp_key_file

290

(es->cred, certfile, certkey, GNUTLS_OPENPGP_FMT_BASE64);

355

(mc->cred, pubkeyfile, seckeyfile, GNUTLS_OPENPGP_FMT_BASE64);

291

356

if (ret != GNUTLS_E_SUCCESS) {

292

fprintf

293

(stderr, "Error[%d] while reading the OpenPGP key pair ('%s',"

294

" '%s')\n",

295

ret, certfile, certkey);

296

fprintf(stdout, "The Error is: %s\n",

357

fprintf(stderr,

358

"Error[%d] while reading the OpenPGP key pair ('%s',"

359

" '%s')\n", ret, pubkeyfile, seckeyfile);

360

fprintf(stdout, "The GnuTLS error is: %s\n",

297

361

safer_gnutls_strerror(ret));

298

return -1;

299

}

300

301

//GnuTLS server initialization

302

if ((ret = gnutls_dh_params_init (&es->dh_params))

303

!= GNUTLS_E_SUCCESS) {

304

fprintf (stderr, "Error in dh parameter initialization: %s\n",

305

safer_gnutls_strerror(ret));

306

return -1;

307

}

308

309

if ((ret = gnutls_dh_params_generate2 (es->dh_params, DH_BITS))

310

!= GNUTLS_E_SUCCESS) {

311

fprintf (stderr, "Error in prime generation: %s\n",

312

safer_gnutls_strerror(ret));

313

return -1;

314

}

315

316

gnutls_certificate_set_dh_params (es->cred, es->dh_params);

317

318

// GnuTLS session creation

319

if ((ret = gnutls_init (&es->session, GNUTLS_SERVER))

320

!= GNUTLS_E_SUCCESS){

362

goto globalfail;

363

}

364

365

/* GnuTLS server initialization */

366

ret = gnutls_dh_params_init(&mc->dh_params);

367

if (ret != GNUTLS_E_SUCCESS) {

368

fprintf (stderr, "Error in GnuTLS DH parameter initialization:"

369

" %s\n", safer_gnutls_strerror(ret));

370

goto globalfail;

371

}

372

ret = gnutls_dh_params_generate2(mc->dh_params, mc->dh_bits);

373

if (ret != GNUTLS_E_SUCCESS) {

374

fprintf (stderr, "Error in GnuTLS prime generation: %s\n",

375

safer_gnutls_strerror(ret));

376

goto globalfail;

377

}

378

379

gnutls_certificate_set_dh_params(mc->cred, mc->dh_params);

380

381

return 0;

382

383

globalfail:

384

385

gnutls_certificate_free_credentials(mc->cred);

386

gnutls_global_deinit();

387

return -1;

388

389

}

390

391

static int init_gnutls_session(mandos_context *mc,

392

gnutls_session_t *session){

393

int ret;

394

/* GnuTLS session creation */

395

ret = gnutls_init(session, GNUTLS_SERVER);

396

if (ret != GNUTLS_E_SUCCESS){

321

397

fprintf(stderr, "Error in GnuTLS session initialization: %s\n",

322

398

safer_gnutls_strerror(ret));

323

399

}

324

400

325

if ((ret = gnutls_priority_set_direct (es->session, "NORMAL", &err))

326

!= GNUTLS_E_SUCCESS) {

327

fprintf(stderr, "Syntax error at: %s\n", err);

328

fprintf(stderr, "GnuTLS error: %s\n",

329

safer_gnutls_strerror(ret));

330

return -1;

401

{

402

const char *err;

403

ret = gnutls_priority_set_direct(*session, mc->priority, &err);

404

if (ret != GNUTLS_E_SUCCESS) {

405

fprintf(stderr, "Syntax error at: %s\n", err);

406

fprintf(stderr, "GnuTLS error: %s\n",

407

safer_gnutls_strerror(ret));

408

gnutls_deinit (*session);

409

return -1;

410

}

331

411

}

332

412

333

if ((ret = gnutls_credentials_set

334

(es->session, GNUTLS_CRD_CERTIFICATE, es->cred))

335

!= GNUTLS_E_SUCCESS) {

336

fprintf(stderr, "Error setting a credentials set: %s\n",

413

ret = gnutls_credentials_set(*session, GNUTLS_CRD_CERTIFICATE,

414

mc->cred);

415

if (ret != GNUTLS_E_SUCCESS) {

416

fprintf(stderr, "Error setting GnuTLS credentials: %s\n",

337

417

safer_gnutls_strerror(ret));

418

gnutls_deinit (*session);

338

419

return -1;

339

420

}

340

421

341

422

/* ignore client certificate if any. */

342

gnutls_certificate_server_set_request (es->session,

423

gnutls_certificate_server_set_request (*session,

343

424

GNUTLS_CERT_IGNORE);

344

425

345

gnutls_dh_set_prime_bits (es->session, DH_BITS);

426

gnutls_dh_set_prime_bits (*session, mc->dh_bits);

346

427

347

428

return 0;

348

429

}

349

430

431

/* Avahi log function callback */

350

432

static void empty_log(__attribute__((unused)) AvahiLogLevel level,

351

433

__attribute__((unused)) const char *txt){}

352

434

435

/* Called when a Mandos server is found */

353

436

static int start_mandos_communication(const char *ip, uint16_t port,

354

AvahiIfIndex if_index){

437

AvahiIfIndex if_index,

438

mandos_context *mc){

355

439

int ret, tcp_sd;

356

struct sockaddr_in6 to;

357

encrypted_session es;

440

union { struct sockaddr in; struct sockaddr_in6 in6; } to;

358

441

char *buffer = NULL;

359

442

char *decrypted_buffer;

360

443

size_t buffer_length = 0;

361

444

size_t buffer_capacity = 0;

362

445

ssize_t decrypted_buffer_size;

363

size_t written = 0;

446

size_t written;

364

447

int retval = 0;

365

448

char interface[IF_NAMESIZE];

449

gnutls_session_t session;

450

451

ret = init_gnutls_session (mc, &session);

452

if (ret != 0){

453

return -1;

454

}

366

455

367

456

if(debug){

368

fprintf(stderr, "Setting up a tcp connection to %s, port %d\n",

369

ip, port);

457

fprintf(stderr, "Setting up a tcp connection to %s, port %" PRIu16

458

"\n", ip, port);

370

459

}

371

460

372

461

tcp_sd = socket(PF_INET6, SOCK_STREAM, 0);

377

466

378

467

if(debug){

379

468

if(if_indextoname((unsigned int)if_index, interface) == NULL){

380

if(debug){

381

perror("if_indextoname");

382

}

469

perror("if_indextoname");

383

470

return -1;

384

471

}

385

386

472

fprintf(stderr, "Binding to interface %s\n", interface);

387

473

}

388

474

389

475

memset(&to,0,sizeof(to)); /* Spurious warning */

390

to.sin6_family = AF_INET6;

391

ret = inet_pton(AF_INET6, ip, &to.sin6_addr);

476

to.in6.sin6_family = AF_INET6;

477

/* It would be nice to have a way to detect if we were passed an

478

IPv4 address here. Now we assume an IPv6 address. */

479

ret = inet_pton(AF_INET6, ip, &to.in6.sin6_addr);

392

480

if (ret < 0 ){

393

481

perror("inet_pton");

394

482

return -1;

395

}

483

}

396

484

if(ret == 0){

397

485

fprintf(stderr, "Bad address: %s\n", ip);

398

486

return -1;

399

487

}

400

to.sin6_port = htons(port); /* Spurious warning */

488

to.in6.sin6_port = htons(port); /* Spurious warning */

401

489

402

to.sin6_scope_id = (uint32_t)if_index;

490

to.in6.sin6_scope_id = (uint32_t)if_index;

403

491

404

492

if(debug){

405

fprintf(stderr, "Connection to: %s, port %d\n", ip, port);

406

/* char addrstr[INET6_ADDRSTRLEN]; */

407

/* if(inet_ntop(to.sin6_family, &(to.sin6_addr), addrstr, */

408

/* sizeof(addrstr)) == NULL){ */

409

/* perror("inet_ntop"); */

410

/* } else { */

411

/* fprintf(stderr, "Really connecting to: %s, port %d\n", */

412

/* addrstr, ntohs(to.sin6_port)); */

413

/* } */

493

fprintf(stderr, "Connection to: %s, port %" PRIu16 "\n", ip,

494

port);

495

char addrstr[INET6_ADDRSTRLEN] = "";

496

if(inet_ntop(to.in6.sin6_family, &(to.in6.sin6_addr), addrstr,

497

sizeof(addrstr)) == NULL){

498

perror("inet_ntop");

499

} else {

500

if(strcmp(addrstr, ip) != 0){

501

fprintf(stderr, "Canonical address form: %s\n", addrstr);

502

}

503

}

414

504

}

415

505

416

ret = connect(tcp_sd, (struct sockaddr *) &to, sizeof(to));

506

ret = connect(tcp_sd, &to.in, sizeof(to));

417

507

if (ret < 0){

418

508

perror("connect");

419

509

return -1;

420

510

}

421

422

ret = initgnutls (&es);

423

if (ret != 0){

424

retval = -1;

425

return -1;

511

512

const char *out = mandos_protocol_version;

513

written = 0;

514

while (true){

515

size_t out_size = strlen(out);

516

ret = TEMP_FAILURE_RETRY(write(tcp_sd, out + written,

517

out_size - written));

518

if (ret == -1){

519

perror("write");

520

retval = -1;

521

goto mandos_end;

522

}

523

written += (size_t)ret;

524

if(written < out_size){

525

continue;

526

} else {

527

if (out == mandos_protocol_version){

528

written = 0;

529

out = "\r\n";

530

} else {

531

break;

532

}

533

}

426

534

}

427

428

gnutls_transport_set_ptr (es.session,

429

(gnutls_transport_ptr_t) tcp_sd);

430

535

431

536

if(debug){

432

537

fprintf(stderr, "Establishing TLS session with %s\n", ip);

433

538

}

434

539

435

ret = gnutls_handshake (es.session);

540

gnutls_transport_set_ptr (session, (gnutls_transport_ptr_t) tcp_sd);

541

542

do{

543

ret = gnutls_handshake (session);

544

} while(ret == GNUTLS_E_AGAIN or ret == GNUTLS_E_INTERRUPTED);

436

545

437

546

if (ret != GNUTLS_E_SUCCESS){

438

547

if(debug){

439

fprintf(stderr, "\n*** Handshake failed ***\n");

548

fprintf(stderr, "*** GnuTLS Handshake failed ***\n");

440

549

gnutls_perror (ret);

441

550

}

442

551

retval = -1;

443

goto exit;

552

goto mandos_end;

444

553

}

445

554

446

//Retrieve OpenPGP packet that contains the wanted password

555

/* Read OpenPGP packet that contains the wanted password */

447

556

448

557

if(debug){

449

558

fprintf(stderr, "Retrieving pgp encrypted password from %s\n",

451

560

}

452

561

453

562

while(true){

454

if (buffer_length + BUFFER_SIZE > buffer_capacity){

455

buffer = realloc(buffer, buffer_capacity + BUFFER_SIZE);

456

if (buffer == NULL){

457

perror("realloc");

458

goto exit;

459

}

460

buffer_capacity += BUFFER_SIZE;

563

buffer_capacity = adjustbuffer(&buffer, buffer_length,

564

buffer_capacity);

565

if (buffer_capacity == 0){

566

perror("adjustbuffer");

567

retval = -1;

568

goto mandos_end;

461

569

}

462

570

463

ret = gnutls_record_recv

464

(es.session, buffer+buffer_length, BUFFER_SIZE);

571

ret = gnutls_record_recv(session, buffer+buffer_length,

572

BUFFER_SIZE);

465

573

if (ret == 0){

466

574

break;

467

575

}

471

579

case GNUTLS_E_AGAIN:

472

580

break;

473

581

case GNUTLS_E_REHANDSHAKE:

474

ret = gnutls_handshake (es.session);

582

do{

583

ret = gnutls_handshake (session);

584

} while(ret == GNUTLS_E_AGAIN or ret == GNUTLS_E_INTERRUPTED);

475

585

if (ret < 0){

476

fprintf(stderr, "\n*** Handshake failed ***\n");

586

fprintf(stderr, "*** GnuTLS Re-handshake failed ***\n");

477

587

gnutls_perror (ret);

478

588

retval = -1;

479

goto exit;

589

goto mandos_end;

480

590

}

481

591

break;

482

592

default:

483

593

fprintf(stderr, "Unknown error while reading data from"

484

" encrypted session with mandos server\n");

594

" encrypted session with Mandos server\n");

485

595

retval = -1;

486

gnutls_bye (es.session, GNUTLS_SHUT_RDWR);

487

goto exit;

596

gnutls_bye (session, GNUTLS_SHUT_RDWR);

597

goto mandos_end;

488

598

}

489

599

} else {

490

600

buffer_length += (size_t) ret;

491

601

}

492

602

}

493

603

604

if(debug){

605

fprintf(stderr, "Closing TLS session\n");

606

}

607

608

gnutls_bye (session, GNUTLS_SHUT_RDWR);

609

494

610

if (buffer_length > 0){

495

611

decrypted_buffer_size = pgp_packet_decrypt(buffer,

496

612

buffer_length,

497

613

&decrypted_buffer,

498

certdir);

614

keydir);

499

615

if (decrypted_buffer_size >= 0){

616

written = 0;

500

617

while(written < (size_t) decrypted_buffer_size){

501

618

ret = (int)fwrite (decrypted_buffer + written, 1,

502

619

(size_t)decrypted_buffer_size - written,

516

633

retval = -1;

517

634

}

518

635

}

519

520

//shutdown procedure

521

522

if(debug){

523

fprintf(stderr, "Closing TLS session\n");

524

}

525

636

637

/* Shutdown procedure */

638

639

mandos_end:

526

640

free(buffer);

527

gnutls_bye (es.session, GNUTLS_SHUT_RDWR);

528

exit:

529

641

close(tcp_sd);

530

gnutls_deinit (es.session);

531

gnutls_certificate_free_credentials (es.cred);

532

gnutls_global_deinit ();

642

gnutls_deinit (session);

533

643

return retval;

534

644

}

535

645

536

static AvahiSimplePoll *simple_poll = NULL;

537

static AvahiServer *server = NULL;

538

539

static void resolve_callback(

540

AvahiSServiceResolver *r,

541

AvahiIfIndex interface,

542

AVAHI_GCC_UNUSED AvahiProtocol protocol,

543

AvahiResolverEvent event,

544

const char *name,

545

const char *type,

546

const char *domain,

547

const char *host_name,

548

const AvahiAddress *address,

549

uint16_t port,

550

AVAHI_GCC_UNUSED AvahiStringList *txt,

551

AVAHI_GCC_UNUSED AvahiLookupResultFlags flags,

552

AVAHI_GCC_UNUSED void* userdata) {

553

646

static void resolve_callback(AvahiSServiceResolver *r,

647

AvahiIfIndex interface,

648

AVAHI_GCC_UNUSED AvahiProtocol protocol,

649

AvahiResolverEvent event,

650

const char *name,

651

const char *type,

652

const char *domain,

653

const char *host_name,

654

const AvahiAddress *address,

655

uint16_t port,

656

AVAHI_GCC_UNUSED AvahiStringList *txt,

657

AVAHI_GCC_UNUSED AvahiLookupResultFlags

658

flags,

659

void* userdata) {

660

mandos_context *mc = userdata;

554

661

assert(r); /* Spurious warning */

555

662

556

663

/* Called whenever a service has been resolved successfully or

559

666

switch (event) {

560

667

default:

561

668

case AVAHI_RESOLVER_FAILURE:

562

fprintf(stderr, "(Resolver) Failed to resolve service '%s' of"

563

" type '%s' in domain '%s': %s\n", name, type, domain,

564

avahi_strerror(avahi_server_errno(server)));

669

fprintf(stderr, "(Avahi Resolver) Failed to resolve service '%s'"

670

" of type '%s' in domain '%s': %s\n", name, type, domain,

671

avahi_strerror(avahi_server_errno(mc->server)));

565

672

break;

566

673

567

674

case AVAHI_RESOLVER_FOUND:

569

676

char ip[AVAHI_ADDRESS_STR_MAX];

570

677

avahi_address_snprint(ip, sizeof(ip), address);

571

678

if(debug){

572

fprintf(stderr, "Mandos server \"%s\" found on %s (%s) on"

573

" port %d\n", name, host_name, ip, port);

679

fprintf(stderr, "Mandos server \"%s\" found on %s (%s, %"

680

PRIu16 ") on port %d\n", name, host_name, ip,

681

interface, port);

574

682

}

575

int ret = start_mandos_communication(ip, port, interface);

683

int ret = start_mandos_communication(ip, port, interface, mc);

576

684

if (ret == 0){

577

exit(EXIT_SUCCESS);

685

avahi_simple_poll_quit(mc->simple_poll);

578

686

}

579

687

}

580

688

}

581

689

avahi_s_service_resolver_free(r);

582

690

}

583

691

584

static void browse_callback(

585

AvahiSServiceBrowser *b,

586

AvahiIfIndex interface,

587

AvahiProtocol protocol,

588

AvahiBrowserEvent event,

589

const char *name,

590

const char *type,

591

const char *domain,

592

AVAHI_GCC_UNUSED AvahiLookupResultFlags flags,

593

void* userdata) {

594

595

AvahiServer *s = userdata;

596

assert(b); /* Spurious warning */

597

598

/* Called whenever a new services becomes available on the LAN or

599

is removed from the LAN */

600

601

switch (event) {

602

default:

603

case AVAHI_BROWSER_FAILURE:

604

605

fprintf(stderr, "(Browser) %s\n",

606

avahi_strerror(avahi_server_errno(server)));

607

avahi_simple_poll_quit(simple_poll);

608

return;

609

610

case AVAHI_BROWSER_NEW:

611

/* We ignore the returned resolver object. In the callback

612

function we free it. If the server is terminated before

613

the callback function is called the server will free

614

the resolver for us. */

615

616

if (!(avahi_s_service_resolver_new(s, interface, protocol, name,

617

type, domain,

618

AVAHI_PROTO_INET6, 0,

619

resolve_callback, s)))

620

fprintf(stderr, "Failed to resolve service '%s': %s\n", name,

621

avahi_strerror(avahi_server_errno(s)));

622

break;

623

624

case AVAHI_BROWSER_REMOVE:

625

break;

626

627

case AVAHI_BROWSER_ALL_FOR_NOW:

628

case AVAHI_BROWSER_CACHE_EXHAUSTED:

629

break;

692

static void browse_callback( AvahiSServiceBrowser *b,

693

AvahiIfIndex interface,

694

AvahiProtocol protocol,

695

AvahiBrowserEvent event,

696

const char *name,

697

const char *type,

698

const char *domain,

699

AVAHI_GCC_UNUSED AvahiLookupResultFlags

700

flags,

701

void* userdata) {

702

mandos_context *mc = userdata;

703

assert(b); /* Spurious warning */

704

705

/* Called whenever a new services becomes available on the LAN or

706

is removed from the LAN */

707

708

switch (event) {

709

default:

710

case AVAHI_BROWSER_FAILURE:

711

712

fprintf(stderr, "(Avahi browser) %s\n",

713

avahi_strerror(avahi_server_errno(mc->server)));

714

avahi_simple_poll_quit(mc->simple_poll);

715

return;

716

717

case AVAHI_BROWSER_NEW:

718

/* We ignore the returned Avahi resolver object. In the callback

719

function we free it. If the Avahi server is terminated before

720

the callback function is called the Avahi server will free the

721

resolver for us. */

722

723

if (!(avahi_s_service_resolver_new(mc->server, interface,

724

protocol, name, type, domain,

725

AVAHI_PROTO_INET6, 0,

726

resolve_callback, mc)))

727

fprintf(stderr, "Avahi: Failed to resolve service '%s': %s\n",

728

name, avahi_strerror(avahi_server_errno(mc->server)));

729

break;

730

731

case AVAHI_BROWSER_REMOVE:

732

break;

733

734

case AVAHI_BROWSER_ALL_FOR_NOW:

735

case AVAHI_BROWSER_CACHE_EXHAUSTED:

736

if(debug){

737

fprintf(stderr, "No Mandos server found, still searching...\n");

630

738

}

739

break;

740

}

631

741

}

632

742

633

743

/* Combines file name and path and returns the malloced new

640

750

return NULL;

641

751

}

642

752

if(f_len > 0){

643

memcpy(tmp, first, f_len);

753

memcpy(tmp, first, f_len); /* Spurious warning */

644

754

}

645

755

tmp[f_len] = '/';

646

756

if(s_len > 0){

647

memcpy(tmp + f_len + 1, second, s_len);

757

memcpy(tmp + f_len + 1, second, s_len); /* Spurious warning */

648

758

}

649

759

tmp[f_len + 1 + s_len] = '\0';

650

760

return tmp;

651

761

}

652

762

653

763

654

int main(AVAHI_GCC_UNUSED int argc, AVAHI_GCC_UNUSED char*argv[]) {

655

AvahiServerConfig config;

764

int main(int argc, char *argv[]){

656

765

AvahiSServiceBrowser *sb = NULL;

657

766

int error;

658

767

int ret;

659

int returncode = EXIT_SUCCESS;

768

int exitcode = EXIT_SUCCESS;

660

769

const char *interface = "eth0";

661

770

struct ifreq network;

662

771

int sd;

772

uid_t uid;

773

gid_t gid;

663

774

char *connect_to = NULL;

664

775

AvahiIfIndex if_index = AVAHI_IF_UNSPEC;

665

666

while (true){

667

static struct option long_options[] = {

668

{"debug", no_argument, (int *)&debug, 1},

669

{"connect", required_argument, 0, 'C'},

670

{"interface", required_argument, 0, 'i'},

671

{"certdir", required_argument, 0, 'd'},

672

{"certkey", required_argument, 0, 'c'},

673

{"certfile", required_argument, 0, 'k'},

674

{0, 0, 0, 0} };

675

676

int option_index = 0;

677

ret = getopt_long (argc, argv, "i:", long_options,

678

&option_index);

679

680

if (ret == -1){

681

break;

682

}

683

684

switch(ret){

685

case 0:

686

break;

687

case 'i':

688

interface = optarg;

689

break;

690

case 'C':

691

connect_to = optarg;

692

break;

693

case 'd':

694

certdir = optarg;

695

break;

696

case 'c':

697

certfile = optarg;

698

break;

699

case 'k':

700

certkey = optarg;

701

break;

702

default:

703

exit(EXIT_FAILURE);

704

}

705

}

706

707

certfile = combinepath(certdir, certfile);

708

if (certfile == NULL){

709

perror("combinepath");

710

returncode = EXIT_FAILURE;

711

goto exit;

712

}

713

714

certkey = combinepath(certdir, certkey);

715

if (certkey == NULL){

716

perror("combinepath");

717

returncode = EXIT_FAILURE;

718

goto exit;

776

const char *pubkeyfile = "pubkey.txt";

777

const char *seckeyfile = "seckey.txt";

778

mandos_context mc = { .simple_poll = NULL, .server = NULL,

779

.dh_bits = 1024, .priority = "SECURE256"};

780

bool gnutls_initalized = false;

781

782

{

783

struct argp_option options[] = {

784

{ .name = "debug", .key = 128,

785

.doc = "Debug mode", .group = 3 },

786

{ .name = "connect", .key = 'c',

787

.arg = "IP",

788

.doc = "Connect directly to a sepcified mandos server",

789

.group = 1 },

790

{ .name = "interface", .key = 'i',

791

.arg = "INTERFACE",

792

.doc = "Interface that Avahi will conntect through",

793

.group = 1 },

794

{ .name = "keydir", .key = 'd',

795

.arg = "KEYDIR",

796

.doc = "Directory where the openpgp keyring is",

797

.group = 1 },

798

{ .name = "seckey", .key = 's',

799

.arg = "SECKEY",

800

.doc = "Secret openpgp key for gnutls authentication",

801

.group = 1 },

802

{ .name = "pubkey", .key = 'p',

803

.arg = "PUBKEY",

804

.doc = "Public openpgp key for gnutls authentication",

805

.group = 2 },

806

{ .name = "dh-bits", .key = 129,

807

.arg = "BITS",

808

.doc = "dh-bits to use in gnutls communication",

809

.group = 2 },

810

{ .name = "priority", .key = 130,

811

.arg = "PRIORITY",

812

.doc = "GNUTLS priority", .group = 1 },

813

{ .name = NULL }

814

};

815

816

817

error_t parse_opt (int key, char *arg,

818

struct argp_state *state) {

819

/* Get the INPUT argument from `argp_parse', which we know is

820

a pointer to our plugin list pointer. */

821

switch (key) {

822

case 128:

823

debug = true;

824

break;

825

case 'c':

826

connect_to = arg;

827

break;

828

case 'i':

829

interface = arg;

830

break;

831

case 'd':

832

keydir = arg;

833

break;

834

case 's':

835

seckeyfile = arg;

836

break;

837

case 'p':

838

pubkeyfile = arg;

839

break;

840

case 129:

841

errno = 0;

842

mc.dh_bits = (unsigned int) strtol(arg, NULL, 10);

843

if (errno){

844

perror("strtol");

845

exit(EXIT_FAILURE);

846

}

847

break;

848

case 130:

849

mc.priority = arg;

850

break;

851

case ARGP_KEY_ARG:

852

argp_usage (state);

853

case ARGP_KEY_END:

854

break;

855

default:

856

return ARGP_ERR_UNKNOWN;

857

}

858

return 0;

859

}

860

861

struct argp argp = { .options = options, .parser = parse_opt,

862

.args_doc = "",

863

.doc = "Mandos client -- Get and decrypt"

864

" passwords from mandos server" };

865

ret = argp_parse (&argp, argc, argv, 0, 0, NULL);

866

if (ret == ARGP_ERR_UNKNOWN){

867

fprintf(stderr, "Unknown error while parsing arguments\n");

868

exitcode = EXIT_FAILURE;

869

goto end;

870

}

871

}

872

873

pubkeyfile = combinepath(keydir, pubkeyfile);

874

if (pubkeyfile == NULL){

875

perror("combinepath");

876

exitcode = EXIT_FAILURE;

877

goto end;

878

}

879

880

seckeyfile = combinepath(keydir, seckeyfile);

881

if (seckeyfile == NULL){

882

perror("combinepath");

883

exitcode = EXIT_FAILURE;

884

goto end;

885

}

886

887

ret = init_gnutls_global(&mc, pubkeyfile, seckeyfile);

888

if (ret == -1){

889

fprintf(stderr, "init_gnutls_global failed\n");

890

exitcode = EXIT_FAILURE;

891

goto end;

892

} else {

893

gnutls_initalized = true;

894

}

895

896

/* If the interface is down, bring it up */

897

{

898

sd = socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP);

899

if(sd < 0) {

900

perror("socket");

901

exitcode = EXIT_FAILURE;

902

goto end;

903

}

904

strcpy(network.ifr_name, interface); /* Spurious warning */

905

ret = ioctl(sd, SIOCGIFFLAGS, &network);

906

if(ret == -1){

907

perror("ioctl SIOCGIFFLAGS");

908

exitcode = EXIT_FAILURE;

909

goto end;

910

}

911

if((network.ifr_flags & IFF_UP) == 0){

912

network.ifr_flags |= IFF_UP;

913

ret = ioctl(sd, SIOCSIFFLAGS, &network);

914

if(ret == -1){

915

perror("ioctl SIOCSIFFLAGS");

916

exitcode = EXIT_FAILURE;

917

goto end;

918

}

919

}

920

close(sd);

921

}

922

923

uid = getuid();

924

gid = getgid();

925

926

ret = setuid(uid);

927

if (ret == -1){

928

perror("setuid");

929

}

930

931

setgid(gid);

932

if (ret == -1){

933

perror("setgid");

719

934

}

720

935

721

936

if_index = (AvahiIfIndex) if_nametoindex(interface);

730

945

char *address = strrchr(connect_to, ':');

731

946

if(address == NULL){

732

947

fprintf(stderr, "No colon in address\n");

733

exit(EXIT_FAILURE);

948

exitcode = EXIT_FAILURE;

949

goto end;

734

950

}

735

951

errno = 0;

736

952

uint16_t port = (uint16_t) strtol(address+1, NULL, 10);

737

953

if(errno){

738

954

perror("Bad port number");

739

exit(EXIT_FAILURE);

955

exitcode = EXIT_FAILURE;

956

goto end;

740

957

}

741

958

*address = '\0';

742

959

address = connect_to;

743

ret = start_mandos_communication(address, port, if_index);

960

ret = start_mandos_communication(address, port, if_index, &mc);

744

961

if(ret < 0){

745

exit(EXIT_FAILURE);

962

exitcode = EXIT_FAILURE;

746

963

} else {

747

exit(EXIT_SUCCESS);

748

}

749

}

750

751

sd = socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP);

752

if(sd < 0) {

753

perror("socket");

754

returncode = EXIT_FAILURE;

755

goto exit;

756

}

757

strcpy(network.ifr_name, interface);

758

ret = ioctl(sd, SIOCGIFFLAGS, &network);

759

if(ret == -1){

760

761

perror("ioctl SIOCGIFFLAGS");

762

returncode = EXIT_FAILURE;

763

goto exit;

764

}

765

if((network.ifr_flags & IFF_UP) == 0){

766

network.ifr_flags |= IFF_UP;

767

ret = ioctl(sd, SIOCSIFFLAGS, &network);

768

if(ret == -1){

769

perror("ioctl SIOCSIFFLAGS");

770

returncode = EXIT_FAILURE;

771

goto exit;

772

}

773

}

774

close(sd);

964

exitcode = EXIT_SUCCESS;

965

}

966

goto end;

967

}

775

968

776

969

if (not debug){

777

970

avahi_set_log_function(empty_log);

778

971

}

779

972

780

/* Initialize the psuedo-RNG */

973

/* Initialize the pseudo-RNG for Avahi */

781

974

srand((unsigned int) time(NULL));

782

783

/* Allocate main loop object */

784

if (!(simple_poll = avahi_simple_poll_new())) {

785

fprintf(stderr, "Failed to create simple poll object.\n");

786

returncode = EXIT_FAILURE;

787

goto exit;

788

}

789

790

/* Do not publish any local records */

791

avahi_server_config_init(&config);

792

config.publish_hinfo = 0;

793

config.publish_addresses = 0;

794

config.publish_workstation = 0;

795

config.publish_domain = 0;

796

797

/* Allocate a new server */

798

server = avahi_server_new(avahi_simple_poll_get(simple_poll),

799

&config, NULL, NULL, &error);

800

801

/* Free the configuration data */

802

avahi_server_config_free(&config);

803

804

/* Check if creating the server object succeeded */

805

if (!server) {

806

fprintf(stderr, "Failed to create server: %s\n",

975

976

/* Allocate main Avahi loop object */

977

mc.simple_poll = avahi_simple_poll_new();

978

if (mc.simple_poll == NULL) {

979

fprintf(stderr, "Avahi: Failed to create simple poll"

980

" object.\n");

981

exitcode = EXIT_FAILURE;

982

goto end;

983

}

984

985

{

986

AvahiServerConfig config;

987

/* Do not publish any local Zeroconf records */

988

avahi_server_config_init(&config);

989

config.publish_hinfo = 0;

990

config.publish_addresses = 0;

991

config.publish_workstation = 0;

992

config.publish_domain = 0;

993

994

/* Allocate a new server */

995

mc.server = avahi_server_new(avahi_simple_poll_get

996

(mc.simple_poll), &config, NULL,

997

NULL, &error);

998

999

/* Free the Avahi configuration data */

1000

avahi_server_config_free(&config);

1001

}

1002

1003

/* Check if creating the Avahi server object succeeded */

1004

if (mc.server == NULL) {

1005

fprintf(stderr, "Failed to create Avahi server: %s\n",

807

1006

avahi_strerror(error));

808

returncode = EXIT_FAILURE;

809

goto exit;

1007

exitcode = EXIT_FAILURE;

1008

goto end;

810

1009

}

811

1010

812

/* Create the service browser */

813

sb = avahi_s_service_browser_new(server, if_index,

1011

/* Create the Avahi service browser */

1012

sb = avahi_s_service_browser_new(mc.server, if_index,

814

1013

AVAHI_PROTO_INET6,

815

1014

"_mandos._tcp", NULL, 0,

816

browse_callback, server);

817

if (!sb) {

1015

browse_callback, &mc);

1016

if (sb == NULL) {

818

1017

fprintf(stderr, "Failed to create service browser: %s\n",

819

avahi_strerror(avahi_server_errno(server)));

820

returncode = EXIT_FAILURE;

821

goto exit;

1018

avahi_strerror(avahi_server_errno(mc.server)));

1019

exitcode = EXIT_FAILURE;

1020

goto end;

822

1021

}

823

1022

824

1023

/* Run the main loop */

825

1024

826

1025

if (debug){

827

fprintf(stderr, "Starting avahi loop search\n");

1026

fprintf(stderr, "Starting Avahi loop search\n");

828

1027

}

829

1028

830

avahi_simple_poll_loop(simple_poll);

1029

avahi_simple_poll_loop(mc.simple_poll);

831

1030

832

exit:

1031

end:

833

1032

834

1033

if (debug){

835

1034

fprintf(stderr, "%s exiting\n", argv[0]);

836

1035

}

837

1036

838

1037

/* Cleanup things */

839

if (sb)

1038

if (sb != NULL)

840

1039

avahi_s_service_browser_free(sb);

841

1040

842

if (server)

843

avahi_server_free(server);

844

845

if (simple_poll)

846

avahi_simple_poll_free(simple_poll);

847

free(certfile);

848

free(certkey);

1041

if (mc.server != NULL)

1042

avahi_server_free(mc.server);

1043

1044

if (mc.simple_poll != NULL)

1045

avahi_simple_poll_free(mc.simple_poll);

1046

free(pubkeyfile);

1047

free(seckeyfile);

1048

1049

if (gnutls_initalized){

1050

gnutls_certificate_free_credentials(mc.cred);

1051

gnutls_global_deinit ();

1052

}

849

1053

850

return returncode;

1054

return exitcode;

851

1055

}

Older »