/mandos/trunk : revision 257

9

* "browse_callback", and parts of "main".

10

*

11

* Everything else is

12

13

14

*

14

15

* This program is free software: you can redistribute it and/or

15

16

* modify it under the terms of the GNU General Public License as

32

33

#define _LARGEFILE_SOURCE

33

34

#define _FILE_OFFSET_BITS 64

34

35

#include <stdio.h>

36

#include <assert.h>

37

#include <stdlib.h>

38

#include <time.h>

39

#include <net/if.h> /* if_nametoindex */

40

#include <sys/ioctl.h> /* ioctl, ifreq, SIOCGIFFLAGS, IFF_UP,

41

SIOCSIFFLAGS */

36

#define _GNU_SOURCE /* TEMP_FAILURE_RETRY(), asprintf() */

37

38

#include <stdio.h> /* fprintf(), stderr, fwrite(),

39

stdout, ferror() */

40

#include <stdint.h> /* uint16_t, uint32_t */

41

#include <stddef.h> /* NULL, size_t, ssize_t */

42

#include <stdlib.h> /* free(), EXIT_SUCCESS, EXIT_FAILURE,

43

srand() */

44

#include <stdbool.h> /* bool, true */

45

#include <string.h> /* memset(), strcmp(), strlen(),

46

strerror(), asprintf(), strcpy() */

47

#include <sys/ioctl.h> /* ioctl */

48

#include <sys/types.h> /* socket(), inet_pton(), sockaddr,

49

sockaddr_in6, PF_INET6,

50

SOCK_STREAM, INET6_ADDRSTRLEN,

51

uid_t, gid_t, open(), opendir(), DIR */

52

#include <sys/stat.h> /* open() */

53

#include <sys/socket.h> /* socket(), struct sockaddr_in6,

54

struct in6_addr, inet_pton(),

55

connect() */

56

#include <fcntl.h> /* open() */

57

#include <dirent.h> /* opendir(), struct dirent, readdir() */

58

#include <inttypes.h> /* PRIu16 */

59

#include <assert.h> /* assert() */

60

#include <errno.h> /* perror(), errno */

61

#include <time.h> /* time() */

42

62

#include <net/if.h> /* ioctl, ifreq, SIOCGIFFLAGS, IFF_UP,

43

SIOCSIFFLAGS */

63

SIOCSIFFLAGS, if_indextoname(),

64

if_nametoindex(), IF_NAMESIZE */

65

#include <netinet/in.h>

66

#include <unistd.h> /* close(), SEEK_SET, off_t, write(),

67

getuid(), getgid(), setuid(),

68

setgid() */

69

#include <arpa/inet.h> /* inet_pton(), htons */

70

#include <iso646.h> /* not, and */

71

#include <argp.h> /* struct argp_option, error_t, struct

72

argp_state, struct argp,

73

argp_parse(), ARGP_KEY_ARG,

74

ARGP_KEY_END, ARGP_ERR_UNKNOWN */

44

75

76

/* Avahi */

77

/* All Avahi types, constants and functions

78

Avahi*, avahi_*,

79

AVAHI_* */

45

80

#include <avahi-core/core.h>

46

81

#include <avahi-core/lookup.h>

47

82

#include <avahi-core/log.h>

49

84

#include <avahi-common/malloc.h>

50

85

#include <avahi-common/error.h>

51

86

52

//mandos client part

53

#include <sys/types.h> /* socket(), inet_pton() */

54

#include <sys/socket.h> /* socket(), struct sockaddr_in6,

55

struct in6_addr, inet_pton() */

56

#include <gnutls/gnutls.h> /* All GnuTLS stuff */

57

#include <gnutls/openpgp.h> /* GnuTLS with openpgp stuff */

58

59

#include <unistd.h> /* close() */

60

#include <netinet/in.h>

61

#include <stdbool.h> /* true */

62

#include <string.h> /* memset */

63

#include <arpa/inet.h> /* inet_pton() */

64

#include <iso646.h> /* not */

65

66

// gpgme

67

#include <errno.h> /* perror() */

68

#include <gpgme.h>

69

70

// getopt_long

71

#include <getopt.h>

87

/* GnuTLS */

88

#include <gnutls/gnutls.h> /* All GnuTLS types, constants and

89

functions:

90

gnutls_*

91

init_gnutls_session(),

92

GNUTLS_* */

93

#include <gnutls/openpgp.h> /* gnutls_certificate_set_openpgp_key_file(),

94

GNUTLS_OPENPGP_FMT_BASE64 */

95

96

/* GPGME */

97

#include <gpgme.h> /* All GPGME types, constants and

98

functions:

99

gpgme_*

100

GPGME_PROTOCOL_OpenPGP,

101

GPG_ERR_NO_* */

72

102

73

103

#define BUFFER_SIZE 256

74

104

75

static const char *keydir = "/conf/conf.d/mandos";

76

static const char *pubkeyfile = "pubkey.txt";

77

static const char *seckeyfile = "seckey.txt";

105

#define PATHDIR "/conf/conf.d/mandos"

106

#define SECKEY "seckey.txt"

107

#define PUBKEY "pubkey.txt"

78

108

79

109

bool debug = false;

110

static const char mandos_protocol_version[] = "1";

111

const char *argp_program_version = "mandos-client " VERSION;

112

const char *argp_program_bug_address = "<mandos@fukt.bsnet.se>";

80

113

81

/* Used for passing in values through all the callback functions */

114

/* Used for passing in values through the Avahi callback functions */

82

115

typedef struct {

83

116

AvahiSimplePoll *simple_poll;

84

117

AvahiServer *server;

85

118

gnutls_certificate_credentials_t cred;

86

119

unsigned int dh_bits;

120

gnutls_dh_params_t dh_params;

87

121

const char *priority;

122

gpgme_ctx_t ctx;

88

123

} mandos_context;

89

124

125

/*

126

* Make room in "buffer" for at least BUFFER_SIZE additional bytes.

127

* "buffer_capacity" is how much is currently allocated,

128

* "buffer_length" is how much is already used.

129

*/

130

size_t adjustbuffer(char **buffer, size_t buffer_length,

131

size_t buffer_capacity){

132

if (buffer_length + BUFFER_SIZE > buffer_capacity){

133

*buffer = realloc(*buffer, buffer_capacity + BUFFER_SIZE);

134

if (buffer == NULL){

135

return 0;

136

}

137

buffer_capacity += BUFFER_SIZE;

138

}

139

return buffer_capacity;

140

}

141

90

142

/*

91

* Decrypt OpenPGP data using keyrings in HOMEDIR.

92

* Returns -1 on error

143

* Initialize GPGME.

93

144

*/

94

static ssize_t pgp_packet_decrypt (const char *cryptotext,

95

size_t crypto_size,

96

char **plaintext,

97

const char *homedir){

98

gpgme_data_t dh_crypto, dh_plain;

99

gpgme_ctx_t ctx;

145

static bool init_gpgme(mandos_context *mc, const char *seckey,

146

const char *pubkey, const char *tempdir){

147

int ret;

100

148

gpgme_error_t rc;

101

ssize_t ret;

102

ssize_t plaintext_capacity = 0;

103

ssize_t plaintext_length = 0;

104

149

gpgme_engine_info_t engine_info;

105

150

151

152

/*

153

* Helper function to insert pub and seckey to the enigne keyring.

154

*/

155

bool import_key(const char *filename){

156

int fd;

157

gpgme_data_t pgp_data;

158

159

fd = TEMP_FAILURE_RETRY(open(filename, O_RDONLY));

160

if(fd == -1){

161

perror("open");

162

return false;

163

}

164

165

rc = gpgme_data_new_from_fd(&pgp_data, fd);

166

if (rc != GPG_ERR_NO_ERROR){

167

fprintf(stderr, "bad gpgme_data_new_from_fd: %s: %s\n",

168

gpgme_strsource(rc), gpgme_strerror(rc));

169

return false;

170

}

171

172

rc = gpgme_op_import(mc->ctx, pgp_data);

173

if (rc != GPG_ERR_NO_ERROR){

174

fprintf(stderr, "bad gpgme_op_import: %s: %s\n",

175

gpgme_strsource(rc), gpgme_strerror(rc));

176

return false;

177

}

178

179

ret = TEMP_FAILURE_RETRY(close(fd));

180

if(ret == -1){

181

perror("close");

182

}

183

gpgme_data_release(pgp_data);

184

return true;

185

}

186

106

187

if (debug){

107

fprintf(stderr, "Trying to decrypt OpenPGP data\n");

188

fprintf(stderr, "Initialize gpgme\n");

108

189

}

109

190

110

191

/* Init GPGME */

113

194

if (rc != GPG_ERR_NO_ERROR){

114

195

fprintf(stderr, "bad gpgme_engine_check_version: %s: %s\n",

115

196

gpgme_strsource(rc), gpgme_strerror(rc));

116

return -1;

197

return false;

117

198

}

118

199

119

/* Set GPGME home directory for the OpenPGP engine only */

200

/* Set GPGME home directory for the OpenPGP engine only */

120

201

rc = gpgme_get_engine_info (&engine_info);

121

202

if (rc != GPG_ERR_NO_ERROR){

122

203

fprintf(stderr, "bad gpgme_get_engine_info: %s: %s\n",

123

204

gpgme_strsource(rc), gpgme_strerror(rc));

124

return -1;

205

return false;

125

206

}

126

207

while(engine_info != NULL){

127

208

if(engine_info->protocol == GPGME_PROTOCOL_OpenPGP){

128

209

gpgme_set_engine_info(GPGME_PROTOCOL_OpenPGP,

129

engine_info->file_name, homedir);

210

engine_info->file_name, tempdir);

130

211

break;

131

212

}

132

213

engine_info = engine_info->next;

133

214

}

134

215

if(engine_info == NULL){

135

fprintf(stderr, "Could not set GPGME home dir to %s\n", homedir);

136

return -1;

216

fprintf(stderr, "Could not set GPGME home dir to %s\n", tempdir);

217

return false;

218

}

219

220

/* Create new GPGME "context" */

221

rc = gpgme_new(&(mc->ctx));

222

if (rc != GPG_ERR_NO_ERROR){

223

fprintf(stderr, "bad gpgme_new: %s: %s\n",

224

gpgme_strsource(rc), gpgme_strerror(rc));

225

return false;

226

}

227

228

if (not import_key(pubkey) or not import_key(seckey)){

229

return false;

230

}

231

232

return true;

233

}

234

235

/*

236

* Decrypt OpenPGP data.

237

* Returns -1 on error

238

*/

239

static ssize_t pgp_packet_decrypt (const mandos_context *mc,

240

const char *cryptotext,

241

size_t crypto_size,

242

char **plaintext){

243

gpgme_data_t dh_crypto, dh_plain;

244

gpgme_error_t rc;

245

ssize_t ret;

246

size_t plaintext_capacity = 0;

247

ssize_t plaintext_length = 0;

248

249

if (debug){

250

fprintf(stderr, "Trying to decrypt OpenPGP data\n");

137

251

}

138

252

139

253

/* Create new GPGME data buffer from memory cryptotext */

154

268

return -1;

155

269

}

156

270

157

/* Create new GPGME "context" */

158

rc = gpgme_new(&ctx);

159

if (rc != GPG_ERR_NO_ERROR){

160

fprintf(stderr, "bad gpgme_new: %s: %s\n",

161

gpgme_strsource(rc), gpgme_strerror(rc));

162

plaintext_length = -1;

163

goto decrypt_end;

164

}

165

166

271

/* Decrypt data from the cryptotext data buffer to the plaintext

167

272

data buffer */

168

rc = gpgme_op_decrypt(ctx, dh_crypto, dh_plain);

273

rc = gpgme_op_decrypt(mc->ctx, dh_crypto, dh_plain);

169

274

if (rc != GPG_ERR_NO_ERROR){

170

275

fprintf(stderr, "bad gpgme_op_decrypt: %s: %s\n",

171

276

gpgme_strsource(rc), gpgme_strerror(rc));

172

277

plaintext_length = -1;

278

if (debug){

279

gpgme_decrypt_result_t result;

280

result = gpgme_op_decrypt_result(mc->ctx);

281

if (result == NULL){

282

fprintf(stderr, "gpgme_op_decrypt_result failed\n");

283

} else {

284

fprintf(stderr, "Unsupported algorithm: %s\n",

285

result->unsupported_algorithm);

286

fprintf(stderr, "Wrong key usage: %u\n",

287

result->wrong_key_usage);

288

if(result->file_name != NULL){

289

fprintf(stderr, "File name: %s\n", result->file_name);

290

}

291

gpgme_recipient_t recipient;

292

recipient = result->recipients;

293

if(recipient){

294

while(recipient != NULL){

295

fprintf(stderr, "Public key algorithm: %s\n",

296

gpgme_pubkey_algo_name(recipient->pubkey_algo));

297

fprintf(stderr, "Key ID: %s\n", recipient->keyid);

298

fprintf(stderr, "Secret key available: %s\n",

299

recipient->status == GPG_ERR_NO_SECKEY

300

? "No" : "Yes");

301

recipient = recipient->next;

302

}

303

}

304

}

305

}

173

306

goto decrypt_end;

174

307

}

175

308

177

310

fprintf(stderr, "Decryption of OpenPGP data succeeded\n");

178

311

}

179

312

180

if (debug){

181

gpgme_decrypt_result_t result;

182

result = gpgme_op_decrypt_result(ctx);

183

if (result == NULL){

184

fprintf(stderr, "gpgme_op_decrypt_result failed\n");

185

} else {

186

fprintf(stderr, "Unsupported algorithm: %s\n",

187

result->unsupported_algorithm);

188

fprintf(stderr, "Wrong key usage: %d\n",

189

result->wrong_key_usage);

190

if(result->file_name != NULL){

191

fprintf(stderr, "File name: %s\n", result->file_name);

192

}

193

gpgme_recipient_t recipient;

194

recipient = result->recipients;

195

if(recipient){

196

while(recipient != NULL){

197

fprintf(stderr, "Public key algorithm: %s\n",

198

gpgme_pubkey_algo_name(recipient->pubkey_algo));

199

fprintf(stderr, "Key ID: %s\n", recipient->keyid);

200

fprintf(stderr, "Secret key available: %s\n",

201

recipient->status == GPG_ERR_NO_SECKEY

202

? "No" : "Yes");

203

recipient = recipient->next;

204

}

205

}

206

}

207

}

208

209

313

/* Seek back to the beginning of the GPGME plaintext data buffer */

210

314

if (gpgme_data_seek(dh_plain, (off_t) 0, SEEK_SET) == -1){

211

perror("pgpme_data_seek");

315

perror("gpgme_data_seek");

212

316

plaintext_length = -1;

213

317

goto decrypt_end;

214

318

}

215

319

216

320

*plaintext = NULL;

217

321

while(true){

218

if (plaintext_length + BUFFER_SIZE > plaintext_capacity){

219

*plaintext = realloc(*plaintext,

220

(unsigned int)plaintext_capacity

221

+ BUFFER_SIZE);

222

if (*plaintext == NULL){

223

perror("realloc");

322

plaintext_capacity = adjustbuffer(plaintext,

323

(size_t)plaintext_length,

324

plaintext_capacity);

325

if (plaintext_capacity == 0){

326

perror("adjustbuffer");

224

327

plaintext_length = -1;

225

328

goto decrypt_end;

226

}

227

plaintext_capacity += BUFFER_SIZE;

228

329

}

229

330

230

331

ret = gpgme_data_read(dh_plain, *plaintext + plaintext_length,

241

342

}

242

343

plaintext_length += ret;

243

344

}

244

345

245

346

if(debug){

246

347

fprintf(stderr, "Decrypted password is: ");

247

for(size_t i = 0; i < plaintext_length; i++){

348

for(ssize_t i = 0; i < plaintext_length; i++){

248

349

fprintf(stderr, "%02hhX ", (*plaintext)[i]);

249

350

}

250

351

fprintf(stderr, "\n");

261

362

}

262

363

263

364

static const char * safer_gnutls_strerror (int value) {

264

const char *ret = gnutls_strerror (value);

365

const char *ret = gnutls_strerror (value); /* Spurious warning */

265

366

if (ret == NULL)

266

367

ret = "(unknown)";

267

368

return ret;

268

369

}

269

370

371

/* GnuTLS log function callback */

270

372

static void debuggnutls(__attribute__((unused)) int level,

271

373

const char* string){

272

fprintf(stderr, "%s", string);

374

fprintf(stderr, "GnuTLS: %s", string);

273

375

}

274

376

275

static int initgnutls(mandos_context *mc, gnutls_session_t *session,

276

gnutls_dh_params_t *dh_params){

277

const char *err;

377

static int init_gnutls_global(mandos_context *mc,

378

const char *pubkeyfilename,

379

const char *seckeyfilename){

278

380

int ret;

279

381

280

382

if(debug){

281

383

fprintf(stderr, "Initializing GnuTLS\n");

282

384

}

283

284

if ((ret = gnutls_global_init ())

285

!= GNUTLS_E_SUCCESS) {

286

fprintf (stderr, "global_init: %s\n", safer_gnutls_strerror(ret));

385

386

ret = gnutls_global_init();

387

if (ret != GNUTLS_E_SUCCESS) {

388

fprintf (stderr, "GnuTLS global_init: %s\n",

389

safer_gnutls_strerror(ret));

287

390

return -1;

288

391

}

289

392

290

393

if (debug){

394

/* "Use a log level over 10 to enable all debugging options."

395

* - GnuTLS manual

396

*/

291

397

gnutls_global_set_log_level(11);

292

398

gnutls_global_set_log_function(debuggnutls);

293

399

}

294

400

295

/* openpgp credentials */

296

if ((ret = gnutls_certificate_allocate_credentials (&mc->cred))

297

!= GNUTLS_E_SUCCESS) {

298

fprintf (stderr, "memory error: %s\n",

401

/* OpenPGP credentials */

402

gnutls_certificate_allocate_credentials(&mc->cred);

403

if (ret != GNUTLS_E_SUCCESS){

404

fprintf (stderr, "GnuTLS memory error: %s\n", /* Spurious

405

warning */

299

406

safer_gnutls_strerror(ret));

407

gnutls_global_deinit ();

300

408

return -1;

301

409

}

302

410

303

411

if(debug){

304

fprintf(stderr, "Attempting to use OpenPGP certificate %s"

305

" and keyfile %s as GnuTLS credentials\n", pubkeyfile,

306

seckeyfile);

412

fprintf(stderr, "Attempting to use OpenPGP public key %s and"

413

" secret key %s as GnuTLS credentials\n", pubkeyfilename,

414

seckeyfilename);

307

415

}

308

416

309

417

ret = gnutls_certificate_set_openpgp_key_file

310

(mc->cred, pubkeyfile, seckeyfile, GNUTLS_OPENPGP_FMT_BASE64);

418

(mc->cred, pubkeyfilename, seckeyfilename,

419

GNUTLS_OPENPGP_FMT_BASE64);

311

420

if (ret != GNUTLS_E_SUCCESS) {

312

fprintf

313

(stderr, "Error[%d] while reading the OpenPGP key pair ('%s',"

314

" '%s')\n",

315

ret, pubkeyfile, seckeyfile);

316

fprintf(stdout, "The Error is: %s\n",

421

fprintf(stderr,

422

"Error[%d] while reading the OpenPGP key pair ('%s',"

423

" '%s')\n", ret, pubkeyfilename, seckeyfilename);

424

fprintf(stderr, "The GnuTLS error is: %s\n",

317

425

safer_gnutls_strerror(ret));

318

return -1;

319

}

320

321

//GnuTLS server initialization

322

if ((ret = gnutls_dh_params_init(dh_params))

323

!= GNUTLS_E_SUCCESS) {

324

fprintf (stderr, "Error in dh parameter initialization: %s\n",

325

safer_gnutls_strerror(ret));

326

return -1;

327

}

328

329

if ((ret = gnutls_dh_params_generate2(*dh_params, mc->dh_bits))

330

!= GNUTLS_E_SUCCESS) {

331

fprintf (stderr, "Error in prime generation: %s\n",

332

safer_gnutls_strerror(ret));

333

return -1;

334

}

335

336

gnutls_certificate_set_dh_params(mc->cred, *dh_params);

337

338

// GnuTLS session creation

339

if ((ret = gnutls_init(session, GNUTLS_SERVER))

340

!= GNUTLS_E_SUCCESS){

426

goto globalfail;

427

}

428

429

/* GnuTLS server initialization */

430

ret = gnutls_dh_params_init(&mc->dh_params);

431

if (ret != GNUTLS_E_SUCCESS) {

432

fprintf (stderr, "Error in GnuTLS DH parameter initialization:"

433

" %s\n", safer_gnutls_strerror(ret));

434

goto globalfail;

435

}

436

ret = gnutls_dh_params_generate2(mc->dh_params, mc->dh_bits);

437

if (ret != GNUTLS_E_SUCCESS) {

438

fprintf (stderr, "Error in GnuTLS prime generation: %s\n",

439

safer_gnutls_strerror(ret));

440

goto globalfail;

441

}

442

443

gnutls_certificate_set_dh_params(mc->cred, mc->dh_params);

444

445

return 0;

446

447

globalfail:

448

449

gnutls_certificate_free_credentials(mc->cred);

450

gnutls_global_deinit();

451

gnutls_dh_params_deinit(mc->dh_params);

452

return -1;

453

}

454

455

static int init_gnutls_session(mandos_context *mc,

456

gnutls_session_t *session){

457

int ret;

458

/* GnuTLS session creation */

459

ret = gnutls_init(session, GNUTLS_SERVER);

460

if (ret != GNUTLS_E_SUCCESS){

341

461

fprintf(stderr, "Error in GnuTLS session initialization: %s\n",

342

462

safer_gnutls_strerror(ret));

343

463

}

344

464

345

if ((ret = gnutls_priority_set_direct(*session, mc->priority, &err))

346

!= GNUTLS_E_SUCCESS) {

347

fprintf(stderr, "Syntax error at: %s\n", err);

348

fprintf(stderr, "GnuTLS error: %s\n",

349

safer_gnutls_strerror(ret));

350

return -1;

465

{

466

const char *err;

467

ret = gnutls_priority_set_direct(*session, mc->priority, &err);

468

if (ret != GNUTLS_E_SUCCESS) {

469

fprintf(stderr, "Syntax error at: %s\n", err);

470

fprintf(stderr, "GnuTLS error: %s\n",

471

safer_gnutls_strerror(ret));

472

gnutls_deinit (*session);

473

return -1;

474

}

351

475

}

352

476

353

if ((ret = gnutls_credentials_set(*session, GNUTLS_CRD_CERTIFICATE,

354

mc->cred))

355

!= GNUTLS_E_SUCCESS) {

356

fprintf(stderr, "Error setting a credentials set: %s\n",

477

ret = gnutls_credentials_set(*session, GNUTLS_CRD_CERTIFICATE,

478

mc->cred);

479

if (ret != GNUTLS_E_SUCCESS) {

480

fprintf(stderr, "Error setting GnuTLS credentials: %s\n",

357

481

safer_gnutls_strerror(ret));

482

gnutls_deinit (*session);

358

483

return -1;

359

484

}

360

485

367

492

return 0;

368

493

}

369

494

495

/* Avahi log function callback */

370

496

static void empty_log(__attribute__((unused)) AvahiLogLevel level,

371

497

__attribute__((unused)) const char *txt){}

372

498

499

/* Called when a Mandos server is found */

373

500

static int start_mandos_communication(const char *ip, uint16_t port,

374

501

AvahiIfIndex if_index,

375

502

mandos_context *mc){

376

503

int ret, tcp_sd;

377

struct sockaddr_in6 to;

504

union { struct sockaddr in; struct sockaddr_in6 in6; } to;

378

505

char *buffer = NULL;

379

506

char *decrypted_buffer;

380

507

size_t buffer_length = 0;

381

508

size_t buffer_capacity = 0;

382

509

ssize_t decrypted_buffer_size;

383

size_t written = 0;

510

size_t written;

384

511

int retval = 0;

385

512

char interface[IF_NAMESIZE];

386

513

gnutls_session_t session;

387

gnutls_dh_params_t dh_params;

514

515

ret = init_gnutls_session (mc, &session);

516

if (ret != 0){

517

return -1;

518

}

388

519

389

520

if(debug){

390

fprintf(stderr, "Setting up a tcp connection to %s, port %d\n",

391

ip, port);

521

fprintf(stderr, "Setting up a tcp connection to %s, port %" PRIu16

522

"\n", ip, port);

392

523

}

393

524

394

525

tcp_sd = socket(PF_INET6, SOCK_STREAM, 0);

396

527

perror("socket");

397

528

return -1;

398

529

}

399

530

400

531

if(debug){

401

532

if(if_indextoname((unsigned int)if_index, interface) == NULL){

402

533

perror("if_indextoname");

405

536

fprintf(stderr, "Binding to interface %s\n", interface);

406

537

}

407

538

408

memset(&to,0,sizeof(to)); /* Spurious warning */

409

to.sin6_family = AF_INET6;

410

ret = inet_pton(AF_INET6, ip, &to.sin6_addr);

539

memset(&to, 0, sizeof(to));

540

to.in6.sin6_family = AF_INET6;

541

/* It would be nice to have a way to detect if we were passed an

542

IPv4 address here. Now we assume an IPv6 address. */

543

ret = inet_pton(AF_INET6, ip, &to.in6.sin6_addr);

411

544

if (ret < 0 ){

412

545

perror("inet_pton");

413

546

return -1;

416

549

fprintf(stderr, "Bad address: %s\n", ip);

417

550

return -1;

418

551

}

419

to.sin6_port = htons(port); /* Spurious warning */

552

to.in6.sin6_port = htons(port); /* Spurious warning */

420

553

421

to.sin6_scope_id = (uint32_t)if_index;

554

to.in6.sin6_scope_id = (uint32_t)if_index;

422

555

423

556

if(debug){

424

fprintf(stderr, "Connection to: %s, port %d\n", ip, port);

557

fprintf(stderr, "Connection to: %s, port %" PRIu16 "\n", ip,

558

port);

425

559

char addrstr[INET6_ADDRSTRLEN] = "";

426

if(inet_ntop(to.sin6_family, &(to.sin6_addr), addrstr,

560

if(inet_ntop(to.in6.sin6_family, &(to.in6.sin6_addr), addrstr,

427

561

sizeof(addrstr)) == NULL){

428

562

perror("inet_ntop");

429

563

} else {

433

567

}

434

568

}

435

569

436

ret = connect(tcp_sd, (struct sockaddr *) &to, sizeof(to));

570

ret = connect(tcp_sd, &to.in, sizeof(to));

437

571

if (ret < 0){

438

572

perror("connect");

439

573

return -1;

440

574

}

441

575

442

ret = initgnutls (mc, &session, &dh_params);

443

if (ret != 0){

444

retval = -1;

445

return -1;

576

const char *out = mandos_protocol_version;

577

written = 0;

578

while (true){

579

size_t out_size = strlen(out);

580

ret = TEMP_FAILURE_RETRY(write(tcp_sd, out + written,

581

out_size - written));

582

if (ret == -1){

583

perror("write");

584

retval = -1;

585

goto mandos_end;

586

}

587

written += (size_t)ret;

588

if(written < out_size){

589

continue;

590

} else {

591

if (out == mandos_protocol_version){

592

written = 0;

593

out = "\r\n";

594

} else {

595

break;

596

}

597

}

598

}

599

600

if(debug){

601

fprintf(stderr, "Establishing TLS session with %s\n", ip);

446

602

}

447

603

448

604

gnutls_transport_set_ptr (session, (gnutls_transport_ptr_t) tcp_sd);

449

605

450

if(debug){

451

fprintf(stderr, "Establishing TLS session with %s\n", ip);

452

}

453

454

ret = gnutls_handshake (session);

606

do{

607

ret = gnutls_handshake (session);

608

} while(ret == GNUTLS_E_AGAIN or ret == GNUTLS_E_INTERRUPTED);

455

609

456

610

if (ret != GNUTLS_E_SUCCESS){

457

611

if(debug){

458

fprintf(stderr, "\n*** Handshake failed ***\n");

612

fprintf(stderr, "*** GnuTLS Handshake failed ***\n");

459

613

gnutls_perror (ret);

460

614

}

461

615

retval = -1;

462

goto exit;

616

goto mandos_end;

463

617

}

464

618

465

//Retrieve OpenPGP packet that contains the wanted password

619

/* Read OpenPGP packet that contains the wanted password */

466

620

467

621

if(debug){

468

622

fprintf(stderr, "Retrieving pgp encrypted password from %s\n",

469

623

ip);

470

624

}

471

625

472

626

while(true){

473

if (buffer_length + BUFFER_SIZE > buffer_capacity){

474

buffer = realloc(buffer, buffer_capacity + BUFFER_SIZE);

475

if (buffer == NULL){

476

perror("realloc");

477

goto exit;

478

}

479

buffer_capacity += BUFFER_SIZE;

627

buffer_capacity = adjustbuffer(&buffer, buffer_length,

628

buffer_capacity);

629

if (buffer_capacity == 0){

630

perror("adjustbuffer");

631

retval = -1;

632

goto mandos_end;

480

633

}

481

634

482

635

ret = gnutls_record_recv(session, buffer+buffer_length,

490

643

case GNUTLS_E_AGAIN:

491

644

break;

492

645

case GNUTLS_E_REHANDSHAKE:

493

ret = gnutls_handshake (session);

646

do{

647

ret = gnutls_handshake (session);

648

} while(ret == GNUTLS_E_AGAIN or ret == GNUTLS_E_INTERRUPTED);

494

649

if (ret < 0){

495

fprintf(stderr, "\n*** Handshake failed ***\n");

650

fprintf(stderr, "*** GnuTLS Re-handshake failed ***\n");

496

651

gnutls_perror (ret);

497

652

retval = -1;

498

goto exit;

653

goto mandos_end;

499

654

}

500

655

break;

501

656

default:

502

657

fprintf(stderr, "Unknown error while reading data from"

503

" encrypted session with mandos server\n");

658

" encrypted session with Mandos server\n");

504

659

retval = -1;

505

660

gnutls_bye (session, GNUTLS_SHUT_RDWR);

506

goto exit;

661

goto mandos_end;

507

662

}

508

663

} else {

509

664

buffer_length += (size_t) ret;

510

665

}

511

666

}

512

667

668

if(debug){

669

fprintf(stderr, "Closing TLS session\n");

670

}

671

672

gnutls_bye (session, GNUTLS_SHUT_RDWR);

673

513

674

if (buffer_length > 0){

514

decrypted_buffer_size = pgp_packet_decrypt(buffer,

675

decrypted_buffer_size = pgp_packet_decrypt(mc, buffer,

515

676

buffer_length,

516

&decrypted_buffer,

517

keydir);

677

&decrypted_buffer);

518

678

if (decrypted_buffer_size >= 0){

679

written = 0;

519

680

while(written < (size_t) decrypted_buffer_size){

520

681

ret = (int)fwrite (decrypted_buffer + written, 1,

521

682

(size_t)decrypted_buffer_size - written,

534

695

} else {

535

696

retval = -1;

536

697

}

537

}

538

539

//shutdown procedure

540

541

if(debug){

542

fprintf(stderr, "Closing TLS session\n");

543

}

544

698

} else {

699

retval = -1;

700

}

701

702

/* Shutdown procedure */

703

704

mandos_end:

545

705

free(buffer);

546

gnutls_bye (session, GNUTLS_SHUT_RDWR);

547

exit:

548

close(tcp_sd);

706

ret = TEMP_FAILURE_RETRY(close(tcp_sd));

707

if(ret == -1){

708

perror("close");

709

}

549

710

gnutls_deinit (session);

550

gnutls_certificate_free_credentials (mc->cred);

551

gnutls_global_deinit ();

552

711

return retval;

553

712

}

554

713

567

726

flags,

568

727

void* userdata) {

569

728

mandos_context *mc = userdata;

570

assert(r); /* Spurious warning */

729

assert(r);

571

730

572

731

/* Called whenever a service has been resolved successfully or

573

732

timed out */

575

734

switch (event) {

576

735

default:

577

736

case AVAHI_RESOLVER_FAILURE:

578

fprintf(stderr, "(Resolver) Failed to resolve service '%s' of"

579

" type '%s' in domain '%s': %s\n", name, type, domain,

737

fprintf(stderr, "(Avahi Resolver) Failed to resolve service '%s'"

738

" of type '%s' in domain '%s': %s\n", name, type, domain,

580

739

avahi_strerror(avahi_server_errno(mc->server)));

581

740

break;

582

741

585

744

char ip[AVAHI_ADDRESS_STR_MAX];

586

745

avahi_address_snprint(ip, sizeof(ip), address);

587

746

if(debug){

588

fprintf(stderr, "Mandos server \"%s\" found on %s (%s) on"

589

" port %d\n", name, host_name, ip, port);

747

fprintf(stderr, "Mandos server \"%s\" found on %s (%s, %"

748

PRIu16 ") on port %d\n", name, host_name, ip,

749

interface, port);

590

750

}

591

751

int ret = start_mandos_communication(ip, port, interface, mc);

592

752

if (ret == 0){

593

exit(EXIT_SUCCESS);

753

avahi_simple_poll_quit(mc->simple_poll);

594

754

}

595

755

}

596

756

}

608

768

flags,

609

769

void* userdata) {

610

770

mandos_context *mc = userdata;

611

assert(b); /* Spurious warning */

771

assert(b);

612

772

613

773

/* Called whenever a new services becomes available on the LAN or

614

774

is removed from the LAN */

617

777

default:

618

778

case AVAHI_BROWSER_FAILURE:

619

779

620

fprintf(stderr, "(Browser) %s\n",

780

fprintf(stderr, "(Avahi browser) %s\n",

621

781

avahi_strerror(avahi_server_errno(mc->server)));

622

782

avahi_simple_poll_quit(mc->simple_poll);

623

783

return;

624

784

625

785

case AVAHI_BROWSER_NEW:

626

/* We ignore the returned resolver object. In the callback

627

function we free it. If the server is terminated before

628

the callback function is called the server will free

629

the resolver for us. */

786

/* We ignore the returned Avahi resolver object. In the callback

787

function we free it. If the Avahi server is terminated before

788

the callback function is called the Avahi server will free the

789

resolver for us. */

630

790

631

791

if (!(avahi_s_service_resolver_new(mc->server, interface,

632

792

protocol, name, type, domain,

633

793

AVAHI_PROTO_INET6, 0,

634

794

resolve_callback, mc)))

635

fprintf(stderr, "Failed to resolve service '%s': %s\n", name,

636

avahi_strerror(avahi_server_errno(mc->server)));

795

fprintf(stderr, "Avahi: Failed to resolve service '%s': %s\n",

796

name, avahi_strerror(avahi_server_errno(mc->server)));

637

797

break;

638

798

639

799

case AVAHI_BROWSER_REMOVE:

641

801

642

802

case AVAHI_BROWSER_ALL_FOR_NOW:

643

803

case AVAHI_BROWSER_CACHE_EXHAUSTED:

804

if(debug){

805

fprintf(stderr, "No Mandos server found, still searching...\n");

806

}

644

807

break;

645

808

}

646

809

}

647

810

648

/* Combines file name and path and returns the malloced new

649

string. some sane checks could/should be added */

650

static const char *combinepath(const char *first, const char *second){

651

size_t f_len = strlen(first);

652

size_t s_len = strlen(second);

653

char *tmp = malloc(f_len + s_len + 2);

654

if (tmp == NULL){

655

return NULL;

656

}

657

if(f_len > 0){

658

memcpy(tmp, first, f_len); /* Spurious warning */

659

}

660

tmp[f_len] = '/';

661

if(s_len > 0){

662

memcpy(tmp + f_len + 1, second, s_len); /* Spurious warning */

663

}

664

tmp[f_len + 1 + s_len] = '\0';

665

return tmp;

666

}

667

668

669

int main(AVAHI_GCC_UNUSED int argc, AVAHI_GCC_UNUSED char*argv[]) {

670

AvahiServerConfig config;

811

int main(int argc, char *argv[]){

671

812

AvahiSServiceBrowser *sb = NULL;

672

813

int error;

673

814

int ret;

674

int debug_int;

675

int returncode = EXIT_SUCCESS;

815

int exitcode = EXIT_SUCCESS;

676

816

const char *interface = "eth0";

677

817

struct ifreq network;

678

818

int sd;

819

uid_t uid;

820

gid_t gid;

679

821

char *connect_to = NULL;

822

char tempdir[] = "/tmp/mandosXXXXXX";

680

823

AvahiIfIndex if_index = AVAHI_IF_UNSPEC;

824

const char *seckey = PATHDIR "/" SECKEY;

825

const char *pubkey = PATHDIR "/" PUBKEY;

826

681

827

mandos_context mc = { .simple_poll = NULL, .server = NULL,

682

.dh_bits = 1024, .priority = "SECURE256"};

683

684

debug_int = debug ? 1 : 0;

685

while (true){

686

struct option long_options[] = {

687

{"debug", no_argument, &debug_int, 1},

688

{"connect", required_argument, NULL, 'c'},

689

{"interface", required_argument, NULL, 'i'},

690

{"keydir", required_argument, NULL, 'd'},

691

{"seckey", required_argument, NULL, 's'},

692

{"pubkey", required_argument, NULL, 'p'},

693

{"dh-bits", required_argument, NULL, 'D'},

694

{"priority", required_argument, NULL, 'P'},

695

{0, 0, 0, 0} };

696

697

int option_index = 0;

698

ret = getopt_long (argc, argv, "i:", long_options,

699

&option_index);

700

701

if (ret == -1){

702

break;

703

}

704

705

switch(ret){

706

case 0:

707

break;

708

case 'i':

709

interface = optarg;

710

break;

711

case 'c':

712

connect_to = optarg;

713

break;

714

case 'd':

715

keydir = optarg;

716

break;

717

case 'p':

718

pubkeyfile = optarg;

719

break;

720

case 's':

721

seckeyfile = optarg;

722

break;

723

case 'D':

724

errno = 0;

725

mc.dh_bits = (unsigned int) strtol(optarg, NULL, 10);

726

if (errno){

727

perror("strtol");

728

exit(EXIT_FAILURE);

729

}

730

break;

731

case 'P':

732

mc.priority = optarg;

733

break;

734

case '?':

735

default:

736

exit(EXIT_FAILURE);

737

}

738

}

739

debug = debug_int ? true : false;

740

741

pubkeyfile = combinepath(keydir, pubkeyfile);

742

if (pubkeyfile == NULL){

743

perror("combinepath");

744

returncode = EXIT_FAILURE;

745

goto exit;

746

}

747

748

seckeyfile = combinepath(keydir, seckeyfile);

749

if (seckeyfile == NULL){

750

perror("combinepath");

751

goto exit;

828

.dh_bits = 1024, .priority = "SECURE256"

829

":!CTYPE-X.509:+CTYPE-OPENPGP" };

830

bool gnutls_initalized = false;

831

bool gpgme_initalized = false;

832

833

{

834

struct argp_option options[] = {

835

{ .name = "debug", .key = 128,

836

.doc = "Debug mode", .group = 3 },

837

{ .name = "connect", .key = 'c',

838

.arg = "ADDRESS:PORT",

839

.doc = "Connect directly to a specific Mandos server",

840

.group = 1 },

841

{ .name = "interface", .key = 'i',

842

.arg = "NAME",

843

.doc = "Interface that will be used to search for Mandos"

844

" servers",

845

.group = 1 },

846

{ .name = "seckey", .key = 's',

847

.arg = "FILE",

848

.doc = "OpenPGP secret key file base name",

849

.group = 1 },

850

{ .name = "pubkey", .key = 'p',

851

.arg = "FILE",

852

.doc = "OpenPGP public key file base name",

853

.group = 2 },

854

{ .name = "dh-bits", .key = 129,

855

.arg = "BITS",

856

.doc = "Bit length of the prime number used in the"

857

" Diffie-Hellman key exchange",

858

.group = 2 },

859

{ .name = "priority", .key = 130,

860

.arg = "STRING",

861

.doc = "GnuTLS priority string for the TLS handshake",

862

.group = 1 },

863

{ .name = NULL }

864

};

865

866

error_t parse_opt (int key, char *arg,

867

struct argp_state *state) {

868

/* Get the INPUT argument from `argp_parse', which we know is

869

a pointer to our plugin list pointer. */

870

switch (key) {

871

case 128: /* --debug */

872

debug = true;

873

break;

874

case 'c': /* --connect */

875

connect_to = arg;

876

break;

877

case 'i': /* --interface */

878

interface = arg;

879

break;

880

case 's': /* --seckey */

881

seckey = arg;

882

break;

883

case 'p': /* --pubkey */

884

pubkey = arg;

885

break;

886

case 129: /* --dh-bits */

887

errno = 0;

888

mc.dh_bits = (unsigned int) strtol(arg, NULL, 10);

889

if (errno){

890

perror("strtol");

891

exit(EXIT_FAILURE);

892

}

893

break;

894

case 130: /* --priority */

895

mc.priority = arg;

896

break;

897

case ARGP_KEY_ARG:

898

argp_usage (state);

899

case ARGP_KEY_END:

900

break;

901

default:

902

return ARGP_ERR_UNKNOWN;

903

}

904

return 0;

905

}

906

907

struct argp argp = { .options = options, .parser = parse_opt,

908

.args_doc = "",

909

.doc = "Mandos client -- Get and decrypt"

910

" passwords from a Mandos server" };

911

ret = argp_parse (&argp, argc, argv, 0, 0, NULL);

912

if (ret == ARGP_ERR_UNKNOWN){

913

fprintf(stderr, "Unknown error while parsing arguments\n");

914

exitcode = EXIT_FAILURE;

915

goto end;

916

}

917

}

918

919

/* If the interface is down, bring it up */

920

{

921

sd = socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP);

922

if(sd < 0) {

923

perror("socket");

924

exitcode = EXIT_FAILURE;

925

goto end;

926

}

927

strcpy(network.ifr_name, interface);

928

ret = ioctl(sd, SIOCGIFFLAGS, &network);

929

if(ret == -1){

930

perror("ioctl SIOCGIFFLAGS");

931

exitcode = EXIT_FAILURE;

932

goto end;

933

}

934

if((network.ifr_flags & IFF_UP) == 0){

935

network.ifr_flags |= IFF_UP;

936

ret = ioctl(sd, SIOCSIFFLAGS, &network);

937

if(ret == -1){

938

perror("ioctl SIOCSIFFLAGS");

939

exitcode = EXIT_FAILURE;

940

goto end;

941

}

942

}

943

ret = TEMP_FAILURE_RETRY(close(sd));

944

if(ret == -1){

945

perror("close");

946

}

947

}

948

949

uid = getuid();

950

gid = getgid();

951

952

ret = setuid(uid);

953

if (ret == -1){

954

perror("setuid");

955

}

956

957

setgid(gid);

958

if (ret == -1){

959

perror("setgid");

960

}

961

962

ret = init_gnutls_global(&mc, pubkey, seckey);

963

if (ret == -1){

964

fprintf(stderr, "init_gnutls_global failed\n");

965

exitcode = EXIT_FAILURE;

966

goto end;

967

} else {

968

gnutls_initalized = true;

969

}

970

971

if(mkdtemp(tempdir) == NULL){

972

perror("mkdtemp");

973

tempdir[0] = '\0';

974

goto end;

975

}

976

977

if(not init_gpgme(&mc, pubkey, seckey, tempdir)){

978

fprintf(stderr, "gpgme_initalized failed\n");

979

exitcode = EXIT_FAILURE;

980

goto end;

981

} else {

982

gpgme_initalized = true;

752

983

}

753

984

754

985

if_index = (AvahiIfIndex) if_nametoindex(interface);

763

994

char *address = strrchr(connect_to, ':');

764

995

if(address == NULL){

765

996

fprintf(stderr, "No colon in address\n");

766

exit(EXIT_FAILURE);

997

exitcode = EXIT_FAILURE;

998

goto end;

767

999

}

768

1000

errno = 0;

769

1001

uint16_t port = (uint16_t) strtol(address+1, NULL, 10);

770

1002

if(errno){

771

1003

perror("Bad port number");

772

exit(EXIT_FAILURE);

1004

exitcode = EXIT_FAILURE;

1005

goto end;

773

1006

}

774

1007

*address = '\0';

775

1008

address = connect_to;

776

1009

ret = start_mandos_communication(address, port, if_index, &mc);

777

1010

if(ret < 0){

778

exit(EXIT_FAILURE);

1011

exitcode = EXIT_FAILURE;

779

1012

} else {

780

exit(EXIT_SUCCESS);

781

}

782

}

783

784

sd = socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP);

785

if(sd < 0) {

786

perror("socket");

787

returncode = EXIT_FAILURE;

788

goto exit;

789

}

790

strcpy(network.ifr_name, interface); /* Spurious warning */

791

ret = ioctl(sd, SIOCGIFFLAGS, &network);

792

if(ret == -1){

793

794

perror("ioctl SIOCGIFFLAGS");

795

returncode = EXIT_FAILURE;

796

goto exit;

797

}

798

if((network.ifr_flags & IFF_UP) == 0){

799

network.ifr_flags |= IFF_UP;

800

ret = ioctl(sd, SIOCSIFFLAGS, &network);

801

if(ret == -1){

802

perror("ioctl SIOCSIFFLAGS");

803

returncode = EXIT_FAILURE;

804

goto exit;

805

}

806

}

807

close(sd);

1013

exitcode = EXIT_SUCCESS;

1014

}

1015

goto end;

1016

}

808

1017

809

1018

if (not debug){

810

1019

avahi_set_log_function(empty_log);

811

1020

}

812

1021

813

/* Initialize the psuedo-RNG */

1022

/* Initialize the pseudo-RNG for Avahi */

814

1023

srand((unsigned int) time(NULL));

815

816

/* Allocate main loop object */

817

if (!(mc.simple_poll = avahi_simple_poll_new())) {

818

fprintf(stderr, "Failed to create simple poll object.\n");

819

returncode = EXIT_FAILURE;

820

goto exit;

821

}

822

823

/* Do not publish any local records */

824

avahi_server_config_init(&config);

825

config.publish_hinfo = 0;

826

config.publish_addresses = 0;

827

config.publish_workstation = 0;

828

config.publish_domain = 0;

829

830

/* Allocate a new server */

831

mc.server=avahi_server_new(avahi_simple_poll_get(mc.simple_poll),

832

&config, NULL, NULL, &error);

833

834

/* Free the configuration data */

835

avahi_server_config_free(&config);

836

837

/* Check if creating the server object succeeded */

838

if (!mc.server) {

839

fprintf(stderr, "Failed to create server: %s\n",

1024

1025

/* Allocate main Avahi loop object */

1026

mc.simple_poll = avahi_simple_poll_new();

1027

if (mc.simple_poll == NULL) {

1028

fprintf(stderr, "Avahi: Failed to create simple poll"

1029

" object.\n");

1030

exitcode = EXIT_FAILURE;

1031

goto end;

1032

}

1033

1034

{

1035

AvahiServerConfig config;

1036

/* Do not publish any local Zeroconf records */

1037

avahi_server_config_init(&config);

1038

config.publish_hinfo = 0;

1039

config.publish_addresses = 0;

1040

config.publish_workstation = 0;

1041

config.publish_domain = 0;

1042

1043

/* Allocate a new server */

1044

mc.server = avahi_server_new(avahi_simple_poll_get

1045

(mc.simple_poll), &config, NULL,

1046

NULL, &error);

1047

1048

/* Free the Avahi configuration data */

1049

avahi_server_config_free(&config);

1050

}

1051

1052

/* Check if creating the Avahi server object succeeded */

1053

if (mc.server == NULL) {

1054

fprintf(stderr, "Failed to create Avahi server: %s\n",

840

1055

avahi_strerror(error));

841

returncode = EXIT_FAILURE;

842

goto exit;

1056

exitcode = EXIT_FAILURE;

1057

goto end;

843

1058

}

844

1059

845

/* Create the service browser */

1060

/* Create the Avahi service browser */

846

1061

sb = avahi_s_service_browser_new(mc.server, if_index,

847

1062

AVAHI_PROTO_INET6,

848

1063

"_mandos._tcp", NULL, 0,

849

1064

browse_callback, &mc);

850

if (!sb) {

1065

if (sb == NULL) {

851

1066

fprintf(stderr, "Failed to create service browser: %s\n",

852

1067

avahi_strerror(avahi_server_errno(mc.server)));

853

returncode = EXIT_FAILURE;

854

goto exit;

1068

exitcode = EXIT_FAILURE;

1069

goto end;

855

1070

}

856

1071

857

1072

/* Run the main loop */

858

1073

859

1074

if (debug){

860

fprintf(stderr, "Starting avahi loop search\n");

1075

fprintf(stderr, "Starting Avahi loop search\n");

861

1076

}

862

1077

863

1078

avahi_simple_poll_loop(mc.simple_poll);

864

1079

865

exit:

866

1080

end:

1081

867

1082

if (debug){

868

1083

fprintf(stderr, "%s exiting\n", argv[0]);

869

1084

}

870

1085

871

1086

/* Cleanup things */

872

if (sb)

1087

if (sb != NULL)

873

1088

avahi_s_service_browser_free(sb);

874

1089

875

if (mc.server)

1090

if (mc.server != NULL)

876

1091

avahi_server_free(mc.server);

877

878

if (mc.simple_poll)

1092

1093

if (mc.simple_poll != NULL)

879

1094

avahi_simple_poll_free(mc.simple_poll);

880

free(pubkeyfile);

881

free(seckeyfile);

882

883

return returncode;

1095

1096

if (gnutls_initalized){

1097

gnutls_certificate_free_credentials(mc.cred);

1098

gnutls_global_deinit ();

1099

gnutls_dh_params_deinit(mc.dh_params);

1100

}

1101

1102

if(gpgme_initalized){

1103

gpgme_release(mc.ctx);

1104

}

1105

1106

/* Removes the temp directory used by GPGME */

1107

if(tempdir[0] != '\0'){

1108

DIR *d;

1109

struct dirent *direntry;

1110

d = opendir(tempdir);

1111

if(d == NULL){

1112

perror("opendir");

1113

} else {

1114

while(true){

1115

direntry = readdir(d);

1116

if(direntry == NULL){

1117

break;

1118

}

1119

if (direntry->d_type == DT_REG){

1120

char *fullname = NULL;

1121

ret = asprintf(&fullname, "%s/%s", tempdir,

1122

direntry->d_name);

1123

if(ret < 0){

1124

perror("asprintf");

1125

continue;

1126

}

1127

ret = unlink(fullname);

1128

if(ret == -1){

1129

fprintf(stderr, "unlink(\"%s\"): %s",

1130

fullname, strerror(errno));

1131

}

1132

free(fullname);

1133

}

1134

}

1135

closedir(d);

1136

}

1137

ret = rmdir(tempdir);

1138

if(ret == -1){

1139

perror("rmdir");

1140

}

1141

}

1142

1143

return exitcode;

884

1144

}