To get this branch, use:
bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk
« back to all changes in this revision
Viewing changes to plugins.d/mandosclient.c
- browse files at revision 27
- compare with another revision
- download diff
- download tarball
- view history from revision 27
- Committer: Teddy Hogeborn
- Date: 2008-07-22 06:25:35 UTC
- mfrom: (24.1.2 mandos)
- Revision ID: teddy@fukt.bsnet.se-20080722062535-whz5do0b3dzw6m08
Merge.
- files added:
- ca.pem
- files removed:
- mandos-client.xml
- files renamed:
- clients.conf => mandos-clients.conf
- mandos-client.c => plugbasedclient.c
- plugins.d/password-request.c => plugins.d/mandosclient.c
- plugins.d/password-prompt.c => plugins.d/passprompt.c
- mandos => server.py
- files modified:
- Makefile
added
removed
plugins.d/mandosclient.c
8
8
* includes the following functions: "resolve_callback",
9
9
* "browse_callback", and parts of "main".
10
10
*
11
* Everything else is
12
* Copyright © 2007-2008 Teddy Hogeborn & Björn Påhlsson
11
* Everything else is Copyright © 2007-2008 Teddy Hogeborn and Björn
12
* Påhlsson.
13
13
*
14
14
* This program is free software: you can redistribute it and/or
15
15
* modify it under the terms of the GNU General Public License as
25
25
* along with this program. If not, see
26
26
* <http://www.gnu.org/licenses/>.
27
27
*
28
* Contact the authors at <mandos@fukt.bsnet.se>.
28
* Contact the authors at <https://www.fukt.bsnet.se/~belorn/> and
29
* <https://www.fukt.bsnet.se/~teddy/>.
29
30
*/
30
31
31
/* Needed by GPGME, specifically gpgme_data_seek() */
32
#define _FORTIFY_SOURCE 2
33
32
34
#define _LARGEFILE_SOURCE
33
35
#define _FILE_OFFSET_BITS 64
34
36
35
#define _GNU_SOURCE /* TEMP_FAILURE_RETRY() */
36
37
#include <stdio.h> /* fprintf(), stderr, fwrite(), stdout, ferror() */
38
#include <stdint.h> /* uint16_t, uint32_t */
39
#include <stddef.h> /* NULL, size_t, ssize_t */
40
#include <stdlib.h> /* free() */
41
#include <stdbool.h> /* bool, true */
42
#include <string.h> /* memset(), strcmp(), strlen, strerror() */
43
#include <sys/ioctl.h> /* ioctl, ifreq, SIOCGIFFLAGS, IFF_UP,
44
SIOCSIFFLAGS */
45
#include <sys/types.h> /* socket(), inet_pton(), sockaddr,
46
sockaddr_in6, PF_INET6, SOCK_STREAM, INET6_ADDRSTRLEN */
47
#include <sys/socket.h> /* socket(), struct sockaddr_in6,
48
struct in6_addr, inet_pton(),
49
connect() */
37
#include <stdio.h>
50
38
#include <assert.h>
51
#include <errno.h> /* perror() */
39
#include <stdlib.h>
52
40
#include <time.h>
53
#include <net/if.h> /* ioctl, ifreq, SIOCGIFFLAGS, IFF_UP,
54
SIOCSIFFLAGS, if_indextoname(),
55
if_nametoindex(), IF_NAMESIZE */
56
#include <unistd.h> /* close(), SEEK_SET, off_t, write()*/
57
#include <netinet/in.h>
58
#include <arpa/inet.h> /* inet_pton(), htons */
59
#include <iso646.h> /* not */
60
#include <argp.h> /* struct argp_option,
61
struct argp_state, struct argp,
62
argp_parse() */
41
#include <net/if.h> /* if_nametoindex */
63
42
64
/* Avahi */
65
#include <avahi-core/core.h> /* AvahiSimplePoll, AvahiServer,
66
AvahiIfIndex */
43
#include <avahi-core/core.h>
67
44
#include <avahi-core/lookup.h>
68
#include <avahi-core/log.h> /* AvahiLogLevel */
45
#include <avahi-core/log.h>
69
46
#include <avahi-common/simple-watch.h>
70
47
#include <avahi-common/malloc.h>
71
48
#include <avahi-common/error.h>
72
49
73
/* GnuTLS */
74
#include <gnutls/gnutls.h> /* gnutls_certificate_credentials_t,
75
gnutls_dh_params_t,
76
gnutls_strerror(),
77
gnutls_global_init(),
78
gnutls_global_set_log_level(),
79
gnutls_global_set_log_function(),
80
gnutls_certificate_allocate_credentials(),
81
gnutls_global_deinit(),
82
gnutls_dh_params_init(),
83
gnutls_dh_params_generate(),
84
gnutls_certificate_set_dh_params(),
85
gnutls_certificate_free_credentials(),
86
gnutls_session_t, gnutls_init(),
87
gnutls_priority_set_direct(),
88
gnutls_deinit(),
89
gnutls_credentials_set(),
90
gnutls_certificate_server_set_request(),
91
gnutls_dh_set_prime_bits(),
92
gnutls_transport_set_ptr(),
93
gnutls_transport_ptr_t,
94
gnutls_handshake(),
95
gnutls_record_recv()
96
gnutls_perror(), gnutls_bye(),
97
init_gnutls_session(),
98
GNUTLS_E_SUCCESS,
99
GNUTLS_CRD_CERTIFICATE,
100
GNUTLS_CERT_IGNORE,
101
GNUTLS_E_INTERRUPTED,
102
GNUTLS_E_AGAIN,
103
GNUTLS_E_REHANDSHAKE,
104
GNUTLS_SHUT_RDWR, */
105
#include <gnutls/openpgp.h> /* gnutls_certificate_set_openpgp_key_file(),
106
GNUTLS_OPENPGP_FMT_BASE64 */
107
108
/* GPGME */
109
#include <gpgme.h> /* gpgme_data_t, gpgme_ctx_t,
110
gpgme_error_t, gpgme_engine_info_t,
111
gpgme_check_version(),
112
gpgme_engine_check_version(),
113
gpgme_strsource(),
114
gpgme_strerror(),
115
gpgme_get_engine_info(),
116
gpgme_set_engine_info(),
117
gpgme_data_new_from_mem(),
118
gpgme_data_new(), gpgme_new(),
119
gpgme_op_decrypt(),
120
gpgme_decrypt_result_t,
121
gpgme_op_decrypt_result(),
122
gpgme_recipient_t,
123
gpgme_pubkey_algo_name(),
124
gpgme_data_seek(),
125
gpgme_data_read(),
126
gpgme_data_release()
127
GPGME_PROTOCOL_OpenPGP,
128
GPG_ERR_NO_ERROR,
129
GPG_ERR_NO_SECKEY, */
130
50
//mandos client part
51
#include <sys/types.h> /* socket(), inet_pton() */
52
#include <sys/socket.h> /* socket(), struct sockaddr_in6,
53
struct in6_addr, inet_pton() */
54
#include <gnutls/gnutls.h> /* All GnuTLS stuff */
55
#include <gnutls/openpgp.h> /* GnuTLS with openpgp stuff */
56
57
#include <unistd.h> /* close() */
58
#include <netinet/in.h>
59
#include <stdbool.h> /* true */
60
#include <string.h> /* memset */
61
#include <arpa/inet.h> /* inet_pton() */
62
#include <iso646.h> /* not */
63
64
// gpgme
65
#include <errno.h> /* perror() */
66
#include <gpgme.h>
67
68
// getopt long
69
#include <getopt.h>
70
71
#ifndef CERT_ROOT
72
#define CERT_ROOT "/conf/conf.d/cryptkeyreq/"
73
#endif
74
#define CERTFILE CERT_ROOT "openpgp-client.txt"
75
#define KEYFILE CERT_ROOT "openpgp-client-key.txt"
131
76
#define BUFFER_SIZE 256
77
#define DH_BITS 1024
132
78
133
79
bool debug = false;
134
static const char *keydir = "/conf/conf.d/mandos";
135
static const char mandos_protocol_version[] = "1";
136
const char *argp_program_version = "mandosclient 0.9";
137
const char *argp_program_bug_address = "<mandos@fukt.bsnet.se>";
138
80
139
/* Used for passing in values through the Avahi callback functions */
140
81
typedef struct {
141
AvahiSimplePoll *simple_poll;
142
AvahiServer *server;
82
gnutls_session_t session;
143
83
gnutls_certificate_credentials_t cred;
144
unsigned int dh_bits;
145
84
gnutls_dh_params_t dh_params;
146
const char *priority;
147
} mandos_context;
148
149
/*
150
* Make room in "buffer" for at least BUFFER_SIZE additional bytes.
151
* "buffer_capacity" is how much is currently allocated,
152
* "buffer_length" is how much is already used.
153
*/
154
size_t adjustbuffer(char **buffer, size_t buffer_length,
155
size_t buffer_capacity){
156
if (buffer_length + BUFFER_SIZE > buffer_capacity){
157
*buffer = realloc(*buffer, buffer_capacity + BUFFER_SIZE);
158
if (buffer == NULL){
159
return 0;
160
}
161
buffer_capacity += BUFFER_SIZE;
162
}
163
return buffer_capacity;
164
}
165
166
/*
167
* Decrypt OpenPGP data using keyrings in HOMEDIR.
168
* Returns -1 on error
169
*/
170
static ssize_t pgp_packet_decrypt (const char *cryptotext,
171
size_t crypto_size,
172
char **plaintext,
173
const char *homedir){
85
} encrypted_session;
86
87
88
ssize_t pgp_packet_decrypt (char *packet, size_t packet_size,
89
char **new_packet, const char *homedir){
174
90
gpgme_data_t dh_crypto, dh_plain;
175
91
gpgme_ctx_t ctx;
176
92
gpgme_error_t rc;
177
93
ssize_t ret;
178
size_t plaintext_capacity = 0;
179
ssize_t plaintext_length = 0;
94
ssize_t new_packet_capacity = 0;
95
ssize_t new_packet_length = 0;
180
96
gpgme_engine_info_t engine_info;
181
97
182
98
if (debug){
183
fprintf(stderr, "Trying to decrypt OpenPGP data\n");
99
fprintf(stderr, "Trying to decrypt OpenPGP packet\n");
184
100
}
185
101
186
102
/* Init GPGME */
187
103
gpgme_check_version(NULL);
188
rc = gpgme_engine_check_version(GPGME_PROTOCOL_OpenPGP);
189
if (rc != GPG_ERR_NO_ERROR){
190
fprintf(stderr, "bad gpgme_engine_check_version: %s: %s\n",
191
gpgme_strsource(rc), gpgme_strerror(rc));
192
return -1;
193
}
104
gpgme_engine_check_version(GPGME_PROTOCOL_OpenPGP);
194
105
195
/* Set GPGME home directory for the OpenPGP engine only */
106
/* Set GPGME home directory */
196
107
rc = gpgme_get_engine_info (&engine_info);
197
108
if (rc != GPG_ERR_NO_ERROR){
198
109
fprintf(stderr, "bad gpgme_get_engine_info: %s: %s\n",
208
119
engine_info = engine_info->next;
209
120
}
210
121
if(engine_info == NULL){
211
fprintf(stderr, "Could not set GPGME home dir to %s\n", homedir);
122
fprintf(stderr, "Could not set home dir to %s\n", homedir);
212
123
return -1;
213
124
}
214
125
215
/* Create new GPGME data buffer from memory cryptotext */
216
rc = gpgme_data_new_from_mem(&dh_crypto, cryptotext, crypto_size,
217
0);
126
/* Create new GPGME data buffer from packet buffer */
127
rc = gpgme_data_new_from_mem(&dh_crypto, packet, packet_size, 0);
218
128
if (rc != GPG_ERR_NO_ERROR){
219
129
fprintf(stderr, "bad gpgme_data_new_from_mem: %s: %s\n",
220
130
gpgme_strsource(rc), gpgme_strerror(rc));
226
136
if (rc != GPG_ERR_NO_ERROR){
227
137
fprintf(stderr, "bad gpgme_data_new: %s: %s\n",
228
138
gpgme_strsource(rc), gpgme_strerror(rc));
229
gpgme_data_release(dh_crypto);
230
139
return -1;
231
140
}
232
141
235
144
if (rc != GPG_ERR_NO_ERROR){
236
145
fprintf(stderr, "bad gpgme_new: %s: %s\n",
237
146
gpgme_strsource(rc), gpgme_strerror(rc));
238
plaintext_length = -1;
239
goto decrypt_end;
147
return -1;
240
148
}
241
149
242
/* Decrypt data from the cryptotext data buffer to the plaintext
243
data buffer */
150
/* Decrypt data from the FILE pointer to the plaintext data
151
buffer */
244
152
rc = gpgme_op_decrypt(ctx, dh_crypto, dh_plain);
245
153
if (rc != GPG_ERR_NO_ERROR){
246
154
fprintf(stderr, "bad gpgme_op_decrypt: %s: %s\n",
247
155
gpgme_strsource(rc), gpgme_strerror(rc));
248
plaintext_length = -1;
249
goto decrypt_end;
156
return -1;
250
157
}
251
158
252
159
if(debug){
253
fprintf(stderr, "Decryption of OpenPGP data succeeded\n");
160
fprintf(stderr, "Decryption of OpenPGP packet succeeded\n");
254
161
}
255
162
256
163
if (debug){
257
164
gpgme_decrypt_result_t result;
258
165
result = gpgme_op_decrypt_result(ctx);
282
189
}
283
190
}
284
191
192
/* Delete the GPGME FILE pointer cryptotext data buffer */
193
gpgme_data_release(dh_crypto);
194
285
195
/* Seek back to the beginning of the GPGME plaintext data buffer */
286
if (gpgme_data_seek(dh_plain, (off_t) 0, SEEK_SET) == -1){
287
perror("pgpme_data_seek");
288
plaintext_length = -1;
289
goto decrypt_end;
290
}
291
292
*plaintext = NULL;
196
gpgme_data_seek(dh_plain, (off_t) 0, SEEK_SET);
197
198
*new_packet = 0;
293
199
while(true){
294
plaintext_capacity = adjustbuffer(plaintext,
295
(size_t)plaintext_length,
296
plaintext_capacity);
297
if (plaintext_capacity == 0){
298
perror("adjustbuffer");
299
plaintext_length = -1;
300
goto decrypt_end;
200
if (new_packet_length + BUFFER_SIZE > new_packet_capacity){
201
*new_packet = realloc(*new_packet,
202
(unsigned int)new_packet_capacity
203
+ BUFFER_SIZE);
204
if (*new_packet == NULL){
205
perror("realloc");
206
return -1;
207
}
208
new_packet_capacity += BUFFER_SIZE;
301
209
}
302
210
303
ret = gpgme_data_read(dh_plain, *plaintext + plaintext_length,
211
ret = gpgme_data_read(dh_plain, *new_packet + new_packet_length,
304
212
BUFFER_SIZE);
305
213
/* Print the data, if any */
306
214
if (ret == 0){
307
/* EOF */
308
215
break;
309
216
}
310
217
if(ret < 0){
311
218
perror("gpgme_data_read");
312
plaintext_length = -1;
313
goto decrypt_end;
219
return -1;
314
220
}
315
plaintext_length += ret;
221
new_packet_length += ret;
316
222
}
317
223
318
if(debug){
319
fprintf(stderr, "Decrypted password is: ");
320
for(ssize_t i = 0; i < plaintext_length; i++){
321
fprintf(stderr, "%02hhX ", (*plaintext)[i]);
322
}
323
fprintf(stderr, "\n");
324
}
325
326
decrypt_end:
327
328
/* Delete the GPGME cryptotext data buffer */
329
gpgme_data_release(dh_crypto);
224
/* FIXME: check characters before printing to screen so to not print
225
terminal control characters */
226
/* if(debug){ */
227
/* fprintf(stderr, "decrypted password is: "); */
228
/* fwrite(*new_packet, 1, new_packet_length, stderr); */
229
/* fprintf(stderr, "\n"); */
230
/* } */
330
231
331
232
/* Delete the GPGME plaintext data buffer */
332
233
gpgme_data_release(dh_plain);
333
return plaintext_length;
234
return new_packet_length;
334
235
}
335
236
336
237
static const char * safer_gnutls_strerror (int value) {
340
241
return ret;
341
242
}
342
243
343
/* GnuTLS log function callback */
344
static void debuggnutls(__attribute__((unused)) int level,
345
const char* string){
346
fprintf(stderr, "GnuTLS: %s", string);
244
void debuggnutls(__attribute__((unused)) int level,
245
const char* string){
246
fprintf(stderr, "%s", string);
347
247
}
348
248
349
static int init_gnutls_global(mandos_context *mc,
350
const char *pubkeyfile,
351
const char *seckeyfile){
249
int initgnutls(encrypted_session *es){
250
const char *err;
352
251
int ret;
353
252
354
253
if(debug){
355
254
fprintf(stderr, "Initializing GnuTLS\n");
356
255
}
357
256
358
257
if ((ret = gnutls_global_init ())
359
258
!= GNUTLS_E_SUCCESS) {
360
fprintf (stderr, "GnuTLS global_init: %s\n",
361
safer_gnutls_strerror(ret));
259
fprintf (stderr, "global_init: %s\n", safer_gnutls_strerror(ret));
362
260
return -1;
363
261
}
364
262
365
263
if (debug){
366
/* "Use a log level over 10 to enable all debugging options."
367
* - GnuTLS manual
368
*/
369
264
gnutls_global_set_log_level(11);
370
265
gnutls_global_set_log_function(debuggnutls);
371
266
}
372
267
373
/* OpenPGP credentials */
374
if ((ret = gnutls_certificate_allocate_credentials (&mc->cred))
268
/* openpgp credentials */
269
if ((ret = gnutls_certificate_allocate_credentials (&es->cred))
375
270
!= GNUTLS_E_SUCCESS) {
376
fprintf (stderr, "GnuTLS memory error: %s\n",
271
fprintf (stderr, "memory error: %s\n",
377
272
safer_gnutls_strerror(ret));
378
gnutls_global_deinit ();
379
273
return -1;
380
274
}
381
275
382
276
if(debug){
383
277
fprintf(stderr, "Attempting to use OpenPGP certificate %s"
384
" and keyfile %s as GnuTLS credentials\n", pubkeyfile,
385
seckeyfile);
278
" and keyfile %s as GnuTLS credentials\n", CERTFILE,
279
KEYFILE);
386
280
}
387
281
388
282
ret = gnutls_certificate_set_openpgp_key_file
389
(mc->cred, pubkeyfile, seckeyfile, GNUTLS_OPENPGP_FMT_BASE64);
283
(es->cred, CERTFILE, KEYFILE, GNUTLS_OPENPGP_FMT_BASE64);
390
284
if (ret != GNUTLS_E_SUCCESS) {
391
fprintf(stderr,
392
"Error[%d] while reading the OpenPGP key pair ('%s',"
393
" '%s')\n", ret, pubkeyfile, seckeyfile);
394
fprintf(stdout, "The GnuTLS error is: %s\n",
285
fprintf
286
(stderr, "Error[%d] while reading the OpenPGP key pair ('%s',"
287
" '%s')\n",
288
ret, CERTFILE, KEYFILE);
289
fprintf(stdout, "The Error is: %s\n",
395
290
safer_gnutls_strerror(ret));
396
goto globalfail;
397
}
398
399
/* GnuTLS server initialization */
400
ret = gnutls_dh_params_init(&mc->dh_params);
401
if (ret != GNUTLS_E_SUCCESS) {
402
fprintf (stderr, "Error in GnuTLS DH parameter initialization:"
403
" %s\n", safer_gnutls_strerror(ret));
404
goto globalfail;
405
}
406
ret = gnutls_dh_params_generate2(mc->dh_params, mc->dh_bits);
407
if (ret != GNUTLS_E_SUCCESS) {
408
fprintf (stderr, "Error in GnuTLS prime generation: %s\n",
409
safer_gnutls_strerror(ret));
410
goto globalfail;
411
}
412
413
gnutls_certificate_set_dh_params(mc->cred, mc->dh_params);
414
415
return 0;
416
417
globalfail:
418
419
gnutls_certificate_free_credentials(mc->cred);
420
gnutls_global_deinit();
421
return -1;
422
423
}
424
425
static int init_gnutls_session(mandos_context *mc,
426
gnutls_session_t *session){
427
int ret;
428
/* GnuTLS session creation */
429
ret = gnutls_init(session, GNUTLS_SERVER);
430
if (ret != GNUTLS_E_SUCCESS){
291
return -1;
292
}
293
294
//GnuTLS server initialization
295
if ((ret = gnutls_dh_params_init (&es->dh_params))
296
!= GNUTLS_E_SUCCESS) {
297
fprintf (stderr, "Error in dh parameter initialization: %s\n",
298
safer_gnutls_strerror(ret));
299
return -1;
300
}
301
302
if ((ret = gnutls_dh_params_generate2 (es->dh_params, DH_BITS))
303
!= GNUTLS_E_SUCCESS) {
304
fprintf (stderr, "Error in prime generation: %s\n",
305
safer_gnutls_strerror(ret));
306
return -1;
307
}
308
309
gnutls_certificate_set_dh_params (es->cred, es->dh_params);
310
311
// GnuTLS session creation
312
if ((ret = gnutls_init (&es->session, GNUTLS_SERVER))
313
!= GNUTLS_E_SUCCESS){
431
314
fprintf(stderr, "Error in GnuTLS session initialization: %s\n",
432
315
safer_gnutls_strerror(ret));
433
316
}
434
317
435
{
436
const char *err;
437
ret = gnutls_priority_set_direct(*session, mc->priority, &err);
438
if (ret != GNUTLS_E_SUCCESS) {
439
fprintf(stderr, "Syntax error at: %s\n", err);
440
fprintf(stderr, "GnuTLS error: %s\n",
441
safer_gnutls_strerror(ret));
442
gnutls_deinit (*session);
443
return -1;
444
}
318
if ((ret = gnutls_priority_set_direct (es->session, "NORMAL", &err))
319
!= GNUTLS_E_SUCCESS) {
320
fprintf(stderr, "Syntax error at: %s\n", err);
321
fprintf(stderr, "GnuTLS error: %s\n",
322
safer_gnutls_strerror(ret));
323
return -1;
445
324
}
446
325
447
ret = gnutls_credentials_set(*session, GNUTLS_CRD_CERTIFICATE,
448
mc->cred);
449
if (ret != GNUTLS_E_SUCCESS) {
450
fprintf(stderr, "Error setting GnuTLS credentials: %s\n",
326
if ((ret = gnutls_credentials_set
327
(es->session, GNUTLS_CRD_CERTIFICATE, es->cred))
328
!= GNUTLS_E_SUCCESS) {
329
fprintf(stderr, "Error setting a credentials set: %s\n",
451
330
safer_gnutls_strerror(ret));
452
gnutls_deinit (*session);
453
331
return -1;
454
332
}
455
333
456
334
/* ignore client certificate if any. */
457
gnutls_certificate_server_set_request (*session,
335
gnutls_certificate_server_set_request (es->session,
458
336
GNUTLS_CERT_IGNORE);
459
337
460
gnutls_dh_set_prime_bits (*session, mc->dh_bits);
338
gnutls_dh_set_prime_bits (es->session, DH_BITS);
461
339
462
340
return 0;
463
341
}
464
342
465
/* Avahi log function callback */
466
static void empty_log(__attribute__((unused)) AvahiLogLevel level,
467
__attribute__((unused)) const char *txt){}
343
void empty_log(__attribute__((unused)) AvahiLogLevel level,
344
__attribute__((unused)) const char *txt){}
468
345
469
/* Called when a Mandos server is found */
470
static int start_mandos_communication(const char *ip, uint16_t port,
471
AvahiIfIndex if_index,
472
mandos_context *mc){
346
int start_mandos_communication(const char *ip, uint16_t port,
347
unsigned int if_index){
473
348
int ret, tcp_sd;
474
union { struct sockaddr in; struct sockaddr_in6 in6; } to;
349
struct sockaddr_in6 to;
350
encrypted_session es;
475
351
char *buffer = NULL;
476
352
char *decrypted_buffer;
477
353
size_t buffer_length = 0;
478
354
size_t buffer_capacity = 0;
479
355
ssize_t decrypted_buffer_size;
480
size_t written;
356
size_t written = 0;
481
357
int retval = 0;
482
358
char interface[IF_NAMESIZE];
483
gnutls_session_t session;
484
485
ret = init_gnutls_session (mc, &session);
486
if (ret != 0){
487
return -1;
488
}
489
359
490
360
if(debug){
491
fprintf(stderr, "Setting up a tcp connection to %s, port %d\n",
492
ip, port);
361
fprintf(stderr, "Setting up a tcp connection to %s\n", ip);
493
362
}
494
363
495
364
tcp_sd = socket(PF_INET6, SOCK_STREAM, 0);
497
366
perror("socket");
498
367
return -1;
499
368
}
500
501
if(debug){
502
if(if_indextoname((unsigned int)if_index, interface) == NULL){
369
370
if(if_indextoname(if_index, interface) == NULL){
371
if(debug){
503
372
perror("if_indextoname");
504
return -1;
505
373
}
374
return -1;
375
}
376
377
if(debug){
506
378
fprintf(stderr, "Binding to interface %s\n", interface);
507
379
}
508
380
509
381
memset(&to,0,sizeof(to)); /* Spurious warning */
510
to.in6.sin6_family = AF_INET6;
511
/* It would be nice to have a way to detect if we were passed an
512
IPv4 address here. Now we assume an IPv6 address. */
513
ret = inet_pton(AF_INET6, ip, &to.in6.sin6_addr);
382
to.sin6_family = AF_INET6;
383
ret = inet_pton(AF_INET6, ip, &to.sin6_addr);
514
384
if (ret < 0 ){
515
385
perror("inet_pton");
516
386
return -1;
517
}
387
}
518
388
if(ret == 0){
519
389
fprintf(stderr, "Bad address: %s\n", ip);
520
390
return -1;
521
391
}
522
to.in6.sin6_port = htons(port); /* Spurious warning */
392
to.sin6_port = htons(port); /* Spurious warning */
523
393
524
to.in6.sin6_scope_id = (uint32_t)if_index;
394
to.sin6_scope_id = (uint32_t)if_index;
525
395
526
396
if(debug){
527
fprintf(stderr, "Connection to: %s, port %d\n", ip, port);
528
char addrstr[INET6_ADDRSTRLEN] = "";
529
if(inet_ntop(to.in6.sin6_family, &(to.in6.sin6_addr), addrstr,
530
sizeof(addrstr)) == NULL){
531
perror("inet_ntop");
532
} else {
533
if(strcmp(addrstr, ip) != 0){
534
fprintf(stderr, "Canonical address form: %s\n", addrstr);
535
}
536
}
397
fprintf(stderr, "Connection to: %s\n", ip);
537
398
}
538
399
539
ret = connect(tcp_sd, &to.in, sizeof(to));
400
ret = connect(tcp_sd, (struct sockaddr *) &to, sizeof(to));
540
401
if (ret < 0){
541
402
perror("connect");
542
403
return -1;
543
404
}
544
545
const char *out = mandos_protocol_version;
546
written = 0;
547
while (true){
548
size_t out_size = strlen(out);
549
ret = TEMP_FAILURE_RETRY(write(tcp_sd, out + written,
550
out_size - written));
551
if (ret == -1){
552
perror("write");
553
retval = -1;
554
goto mandos_end;
555
}
556
written += (size_t)ret;
557
if(written < out_size){
558
continue;
559
} else {
560
if (out == mandos_protocol_version){
561
written = 0;
562
out = "\r\n";
563
} else {
564
break;
565
}
566
}
405
406
ret = initgnutls (&es);
407
if (ret != 0){
408
retval = -1;
409
return -1;
567
410
}
568
411
412
gnutls_transport_set_ptr (es.session,
413
(gnutls_transport_ptr_t) tcp_sd);
414
569
415
if(debug){
570
416
fprintf(stderr, "Establishing TLS session with %s\n", ip);
571
417
}
572
418
573
gnutls_transport_set_ptr (session, (gnutls_transport_ptr_t) tcp_sd);
574
575
ret = gnutls_handshake (session);
419
ret = gnutls_handshake (es.session);
576
420
577
421
if (ret != GNUTLS_E_SUCCESS){
578
422
if(debug){
579
fprintf(stderr, "*** GnuTLS Handshake failed ***\n");
423
fprintf(stderr, "\n*** Handshake failed ***\n");
580
424
gnutls_perror (ret);
581
425
}
582
426
retval = -1;
583
goto mandos_end;
427
goto exit;
584
428
}
585
429
586
/* Read OpenPGP packet that contains the wanted password */
430
//Retrieve OpenPGP packet that contains the wanted password
587
431
588
432
if(debug){
589
433
fprintf(stderr, "Retrieving pgp encrypted password from %s\n",
591
435
}
592
436
593
437
while(true){
594
buffer_capacity = adjustbuffer(&buffer, buffer_length,
595
buffer_capacity);
596
if (buffer_capacity == 0){
597
perror("adjustbuffer");
598
retval = -1;
599
goto mandos_end;
438
if (buffer_length + BUFFER_SIZE > buffer_capacity){
439
buffer = realloc(buffer, buffer_capacity + BUFFER_SIZE);
440
if (buffer == NULL){
441
perror("realloc");
442
goto exit;
443
}
444
buffer_capacity += BUFFER_SIZE;
600
445
}
601
446
602
ret = gnutls_record_recv(session, buffer+buffer_length,
603
BUFFER_SIZE);
447
ret = gnutls_record_recv
448
(es.session, buffer+buffer_length, BUFFER_SIZE);
604
449
if (ret == 0){
605
450
break;
606
451
}
610
455
case GNUTLS_E_AGAIN:
611
456
break;
612
457
case GNUTLS_E_REHANDSHAKE:
613
ret = gnutls_handshake (session);
458
ret = gnutls_handshake (es.session);
614
459
if (ret < 0){
615
fprintf(stderr, "*** GnuTLS Re-handshake failed ***\n");
460
fprintf(stderr, "\n*** Handshake failed ***\n");
616
461
gnutls_perror (ret);
617
462
retval = -1;
618
goto mandos_end;
463
goto exit;
619
464
}
620
465
break;
621
466
default:
622
467
fprintf(stderr, "Unknown error while reading data from"
623
" encrypted session with Mandos server\n");
468
" encrypted session with mandos server\n");
624
469
retval = -1;
625
gnutls_bye (session, GNUTLS_SHUT_RDWR);
626
goto mandos_end;
470
gnutls_bye (es.session, GNUTLS_SHUT_RDWR);
471
goto exit;
627
472
}
628
473
} else {
629
474
buffer_length += (size_t) ret;
630
475
}
631
476
}
632
477
633
if(debug){
634
fprintf(stderr, "Closing TLS session\n");
635
}
636
637
gnutls_bye (session, GNUTLS_SHUT_RDWR);
638
639
478
if (buffer_length > 0){
640
479
decrypted_buffer_size = pgp_packet_decrypt(buffer,
641
480
buffer_length,
642
481
&decrypted_buffer,
643
keydir);
482
CERT_ROOT);
644
483
if (decrypted_buffer_size >= 0){
645
written = 0;
646
while(written < (size_t) decrypted_buffer_size){
484
while(written < decrypted_buffer_size){
647
485
ret = (int)fwrite (decrypted_buffer + written, 1,
648
486
(size_t)decrypted_buffer_size - written,
649
487
stdout);
662
500
retval = -1;
663
501
}
664
502
}
665
666
/* Shutdown procedure */
667
668
mandos_end:
503
504
//shutdown procedure
505
506
if(debug){
507
fprintf(stderr, "Closing TLS session\n");
508
}
509
669
510
free(buffer);
511
gnutls_bye (es.session, GNUTLS_SHUT_RDWR);
512
exit:
670
513
close(tcp_sd);
671
gnutls_deinit (session);
514
gnutls_deinit (es.session);
515
gnutls_certificate_free_credentials (es.cred);
516
gnutls_global_deinit ();
672
517
return retval;
673
518
}
674
519
675
static void resolve_callback(AvahiSServiceResolver *r,
676
AvahiIfIndex interface,
677
AVAHI_GCC_UNUSED AvahiProtocol protocol,
678
AvahiResolverEvent event,
679
const char *name,
680
const char *type,
681
const char *domain,
682
const char *host_name,
683
const AvahiAddress *address,
684
uint16_t port,
685
AVAHI_GCC_UNUSED AvahiStringList *txt,
686
AVAHI_GCC_UNUSED AvahiLookupResultFlags
687
flags,
688
void* userdata) {
689
mandos_context *mc = userdata;
520
static AvahiSimplePoll *simple_poll = NULL;
521
static AvahiServer *server = NULL;
522
523
static void resolve_callback(
524
AvahiSServiceResolver *r,
525
AvahiIfIndex interface,
526
AVAHI_GCC_UNUSED AvahiProtocol protocol,
527
AvahiResolverEvent event,
528
const char *name,
529
const char *type,
530
const char *domain,
531
const char *host_name,
532
const AvahiAddress *address,
533
uint16_t port,
534
AVAHI_GCC_UNUSED AvahiStringList *txt,
535
AVAHI_GCC_UNUSED AvahiLookupResultFlags flags,
536
AVAHI_GCC_UNUSED void* userdata) {
537
690
538
assert(r); /* Spurious warning */
691
539
692
540
/* Called whenever a service has been resolved successfully or
695
543
switch (event) {
696
544
default:
697
545
case AVAHI_RESOLVER_FAILURE:
698
fprintf(stderr, "(Avahi Resolver) Failed to resolve service '%s'"
699
" of type '%s' in domain '%s': %s\n", name, type, domain,
700
avahi_strerror(avahi_server_errno(mc->server)));
546
fprintf(stderr, "(Resolver) Failed to resolve service '%s' of"
547
" type '%s' in domain '%s': %s\n", name, type, domain,
548
avahi_strerror(avahi_server_errno(server)));
701
549
break;
702
550
703
551
case AVAHI_RESOLVER_FOUND:
705
553
char ip[AVAHI_ADDRESS_STR_MAX];
706
554
avahi_address_snprint(ip, sizeof(ip), address);
707
555
if(debug){
708
fprintf(stderr, "Mandos server \"%s\" found on %s (%s, %d) on"
709
" port %d\n", name, host_name, ip, interface, port);
556
fprintf(stderr, "Mandos server \"%s\" found on %s (%s) on"
557
" port %d\n", name, host_name, ip, port);
710
558
}
711
int ret = start_mandos_communication(ip, port, interface, mc);
559
int ret = start_mandos_communication(ip, port,
560
(unsigned int) interface);
712
561
if (ret == 0){
713
562
exit(EXIT_SUCCESS);
714
563
}
717
566
avahi_s_service_resolver_free(r);
718
567
}
719
568
720
static void browse_callback( AvahiSServiceBrowser *b,
721
AvahiIfIndex interface,
722
AvahiProtocol protocol,
723
AvahiBrowserEvent event,
724
const char *name,
725
const char *type,
726
const char *domain,
727
AVAHI_GCC_UNUSED AvahiLookupResultFlags
728
flags,
729
void* userdata) {
730
mandos_context *mc = userdata;
731
assert(b); /* Spurious warning */
732
733
/* Called whenever a new services becomes available on the LAN or
734
is removed from the LAN */
735
736
switch (event) {
737
default:
738
case AVAHI_BROWSER_FAILURE:
739
740
fprintf(stderr, "(Avahi browser) %s\n",
741
avahi_strerror(avahi_server_errno(mc->server)));
742
avahi_simple_poll_quit(mc->simple_poll);
743
return;
744
745
case AVAHI_BROWSER_NEW:
746
/* We ignore the returned Avahi resolver object. In the callback
747
function we free it. If the Avahi server is terminated before
748
the callback function is called the Avahi server will free the
749
resolver for us. */
750
751
if (!(avahi_s_service_resolver_new(mc->server, interface,
752
protocol, name, type, domain,
753
AVAHI_PROTO_INET6, 0,
754
resolve_callback, mc)))
755
fprintf(stderr, "Avahi: Failed to resolve service '%s': %s\n",
756
name, avahi_strerror(avahi_server_errno(mc->server)));
757
break;
758
759
case AVAHI_BROWSER_REMOVE:
760
break;
761
762
case AVAHI_BROWSER_ALL_FOR_NOW:
763
case AVAHI_BROWSER_CACHE_EXHAUSTED:
764
if(debug){
765
fprintf(stderr, "No Mandos server found, still searching...\n");
569
static void browse_callback(
570
AvahiSServiceBrowser *b,
571
AvahiIfIndex interface,
572
AvahiProtocol protocol,
573
AvahiBrowserEvent event,
574
const char *name,
575
const char *type,
576
const char *domain,
577
AVAHI_GCC_UNUSED AvahiLookupResultFlags flags,
578
void* userdata) {
579
580
AvahiServer *s = userdata;
581
assert(b); /* Spurious warning */
582
583
/* Called whenever a new services becomes available on the LAN or
584
is removed from the LAN */
585
586
switch (event) {
587
default:
588
case AVAHI_BROWSER_FAILURE:
589
590
fprintf(stderr, "(Browser) %s\n",
591
avahi_strerror(avahi_server_errno(server)));
592
avahi_simple_poll_quit(simple_poll);
593
return;
594
595
case AVAHI_BROWSER_NEW:
596
/* We ignore the returned resolver object. In the callback
597
function we free it. If the server is terminated before
598
the callback function is called the server will free
599
the resolver for us. */
600
601
if (!(avahi_s_service_resolver_new(s, interface, protocol, name,
602
type, domain,
603
AVAHI_PROTO_INET6, 0,
604
resolve_callback, s)))
605
fprintf(stderr, "Failed to resolve service '%s': %s\n", name,
606
avahi_strerror(avahi_server_errno(s)));
607
break;
608
609
case AVAHI_BROWSER_REMOVE:
610
break;
611
612
case AVAHI_BROWSER_ALL_FOR_NOW:
613
case AVAHI_BROWSER_CACHE_EXHAUSTED:
614
break;
766
615
}
767
break;
768
}
769
}
770
771
/* Combines file name and path and returns the malloced new
772
string. some sane checks could/should be added */
773
static const char *combinepath(const char *first, const char *second){
774
size_t f_len = strlen(first);
775
size_t s_len = strlen(second);
776
char *tmp = malloc(f_len + s_len + 2);
777
if (tmp == NULL){
778
return NULL;
779
}
780
if(f_len > 0){
781
memcpy(tmp, first, f_len); /* Spurious warning */
782
}
783
tmp[f_len] = '/';
784
if(s_len > 0){
785
memcpy(tmp + f_len + 1, second, s_len); /* Spurious warning */
786
}
787
tmp[f_len + 1 + s_len] = '\0';
788
return tmp;
789
}
790
791
792
int main(int argc, char *argv[]){
616
}
617
618
int main(AVAHI_GCC_UNUSED int argc, AVAHI_GCC_UNUSED char*argv[]) {
619
AvahiServerConfig config;
793
620
AvahiSServiceBrowser *sb = NULL;
794
621
int error;
795
622
int ret;
796
int exitcode = EXIT_SUCCESS;
623
int returncode = EXIT_SUCCESS;
797
624
const char *interface = "eth0";
798
struct ifreq network;
799
int sd;
800
uid_t uid;
801
gid_t gid;
802
char *connect_to = NULL;
803
AvahiIfIndex if_index = AVAHI_IF_UNSPEC;
804
const char *pubkeyfile = "pubkey.txt";
805
const char *seckeyfile = "seckey.txt";
806
mandos_context mc = { .simple_poll = NULL, .server = NULL,
807
.dh_bits = 1024, .priority = "SECURE256"};
808
bool gnutls_initalized = false;
809
810
{
811
struct argp_option options[] = {
812
{ .name = "debug", .key = 128,
813
.doc = "Debug mode", .group = 3 },
814
{ .name = "connect", .key = 'c',
815
.arg = "IP",
816
.doc = "Connect directly to a sepcified mandos server",
817
.group = 1 },
818
{ .name = "interface", .key = 'i',
819
.arg = "INTERFACE",
820
.doc = "Interface that Avahi will conntect through",
821
.group = 1 },
822
{ .name = "keydir", .key = 'd',
823
.arg = "KEYDIR",
824
.doc = "Directory where the openpgp keyring is",
825
.group = 1 },
826
{ .name = "seckey", .key = 's',
827
.arg = "SECKEY",
828
.doc = "Secret openpgp key for gnutls authentication",
829
.group = 1 },
830
{ .name = "pubkey", .key = 'p',
831
.arg = "PUBKEY",
832
.doc = "Public openpgp key for gnutls authentication",
833
.group = 2 },
834
{ .name = "dh-bits", .key = 129,
835
.arg = "BITS",
836
.doc = "dh-bits to use in gnutls communication",
837
.group = 2 },
838
{ .name = "priority", .key = 130,
839
.arg = "PRIORITY",
840
.doc = "GNUTLS priority", .group = 1 },
841
{ .name = NULL }
842
};
843
844
845
error_t parse_opt (int key, char *arg,
846
struct argp_state *state) {
847
/* Get the INPUT argument from `argp_parse', which we know is
848
a pointer to our plugin list pointer. */
849
switch (key) {
850
case 128:
851
debug = true;
852
break;
853
case 'c':
854
connect_to = arg;
855
break;
856
case 'i':
857
interface = arg;
858
break;
859
case 'd':
860
keydir = arg;
861
break;
862
case 's':
863
seckeyfile = arg;
864
break;
865
case 'p':
866
pubkeyfile = arg;
867
break;
868
case 129:
869
errno = 0;
870
mc.dh_bits = (unsigned int) strtol(arg, NULL, 10);
871
if (errno){
872
perror("strtol");
873
exit(EXIT_FAILURE);
874
}
875
break;
876
case 130:
877
mc.priority = arg;
878
break;
879
case ARGP_KEY_ARG:
880
argp_usage (state);
881
break;
882
case ARGP_KEY_END:
883
break;
884
default:
885
return ARGP_ERR_UNKNOWN;
886
}
887
return 0;
888
}
889
890
struct argp argp = { .options = options, .parser = parse_opt,
891
.args_doc = "",
892
.doc = "Mandos client -- Get and decrypt"
893
" passwords from mandos server" };
894
argp_parse (&argp, argc, argv, 0, 0, NULL);
895
}
896
897
pubkeyfile = combinepath(keydir, pubkeyfile);
898
if (pubkeyfile == NULL){
899
perror("combinepath");
900
exitcode = EXIT_FAILURE;
901
goto end;
902
}
903
904
seckeyfile = combinepath(keydir, seckeyfile);
905
if (seckeyfile == NULL){
906
perror("combinepath");
907
goto end;
908
}
909
910
ret = init_gnutls_global(&mc, pubkeyfile, seckeyfile);
911
if (ret == -1){
912
fprintf(stderr, "init_gnutls_global\n");
913
goto end;
914
} else {
915
gnutls_initalized = true;
916
}
917
918
uid = getuid();
919
gid = getgid();
920
921
ret = setuid(uid);
922
if (ret == -1){
923
perror("setuid");
924
}
925
926
setgid(gid);
927
if (ret == -1){
928
perror("setgid");
929
}
930
931
if_index = (AvahiIfIndex) if_nametoindex(interface);
932
if(if_index == 0){
933
fprintf(stderr, "No such interface: \"%s\"\n", interface);
934
exit(EXIT_FAILURE);
935
}
936
937
if(connect_to != NULL){
938
/* Connect directly, do not use Zeroconf */
939
/* (Mainly meant for debugging) */
940
char *address = strrchr(connect_to, ':');
941
if(address == NULL){
942
fprintf(stderr, "No colon in address\n");
943
exitcode = EXIT_FAILURE;
944
goto end;
945
}
946
errno = 0;
947
uint16_t port = (uint16_t) strtol(address+1, NULL, 10);
948
if(errno){
949
perror("Bad port number");
950
exitcode = EXIT_FAILURE;
951
goto end;
952
}
953
*address = '\0';
954
address = connect_to;
955
ret = start_mandos_communication(address, port, if_index, &mc);
956
if(ret < 0){
957
exitcode = EXIT_FAILURE;
958
} else {
959
exitcode = EXIT_SUCCESS;
960
}
961
goto end;
962
}
963
964
/* If the interface is down, bring it up */
965
{
966
sd = socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP);
967
if(sd < 0) {
968
perror("socket");
969
exitcode = EXIT_FAILURE;
970
goto end;
971
}
972
strcpy(network.ifr_name, interface); /* Spurious warning */
973
ret = ioctl(sd, SIOCGIFFLAGS, &network);
974
if(ret == -1){
975
perror("ioctl SIOCGIFFLAGS");
976
exitcode = EXIT_FAILURE;
977
goto end;
978
}
979
if((network.ifr_flags & IFF_UP) == 0){
980
network.ifr_flags |= IFF_UP;
981
ret = ioctl(sd, SIOCSIFFLAGS, &network);
982
if(ret == -1){
983
perror("ioctl SIOCSIFFLAGS");
984
exitcode = EXIT_FAILURE;
985
goto end;
986
}
987
}
988
close(sd);
625
626
while (true){
627
static struct option long_options[] = {
628
{"debug", no_argument, (int *)&debug, 1},
629
{"interface", required_argument, 0, 'i'},
630
{0, 0, 0, 0} };
631
632
int option_index = 0;
633
ret = getopt_long (argc, argv, "i:", long_options,
634
&option_index);
635
636
if (ret == -1){
637
break;
638
}
639
640
switch(ret){
641
case 0:
642
break;
643
case 'i':
644
interface = optarg;
645
break;
646
default:
647
exit(EXIT_FAILURE);
648
}
989
649
}
990
650
991
651
if (not debug){
992
652
avahi_set_log_function(empty_log);
993
653
}
994
654
995
/* Initialize the pseudo-RNG for Avahi */
655
/* Initialize the psuedo-RNG */
996
656
srand((unsigned int) time(NULL));
997
998
/* Allocate main Avahi loop object */
999
mc.simple_poll = avahi_simple_poll_new();
1000
if (mc.simple_poll == NULL) {
1001
fprintf(stderr, "Avahi: Failed to create simple poll"
1002
" object.\n");
1003
exitcode = EXIT_FAILURE;
1004
goto end;
1005
}
1006
1007
{
1008
AvahiServerConfig config;
1009
/* Do not publish any local Zeroconf records */
1010
avahi_server_config_init(&config);
1011
config.publish_hinfo = 0;
1012
config.publish_addresses = 0;
1013
config.publish_workstation = 0;
1014
config.publish_domain = 0;
1015
1016
/* Allocate a new server */
1017
mc.server = avahi_server_new(avahi_simple_poll_get
1018
(mc.simple_poll), &config, NULL,
1019
NULL, &error);
1020
1021
/* Free the Avahi configuration data */
1022
avahi_server_config_free(&config);
1023
}
1024
1025
/* Check if creating the Avahi server object succeeded */
1026
if (mc.server == NULL) {
1027
fprintf(stderr, "Failed to create Avahi server: %s\n",
657
658
/* Allocate main loop object */
659
if (!(simple_poll = avahi_simple_poll_new())) {
660
fprintf(stderr, "Failed to create simple poll object.\n");
661
662
goto exit;
663
}
664
665
/* Do not publish any local records */
666
avahi_server_config_init(&config);
667
config.publish_hinfo = 0;
668
config.publish_addresses = 0;
669
config.publish_workstation = 0;
670
config.publish_domain = 0;
671
672
/* Allocate a new server */
673
server = avahi_server_new(avahi_simple_poll_get(simple_poll),
674
&config, NULL, NULL, &error);
675
676
/* Free the configuration data */
677
avahi_server_config_free(&config);
678
679
/* Check if creating the server object succeeded */
680
if (!server) {
681
fprintf(stderr, "Failed to create server: %s\n",
1028
682
avahi_strerror(error));
1029
exitcode = EXIT_FAILURE;
1030
goto end;
683
returncode = EXIT_FAILURE;
684
goto exit;
1031
685
}
1032
686
1033
/* Create the Avahi service browser */
1034
sb = avahi_s_service_browser_new(mc.server, if_index,
687
/* Create the service browser */
688
sb = avahi_s_service_browser_new(server,
689
(AvahiIfIndex)
690
if_nametoindex(interface),
1035
691
AVAHI_PROTO_INET6,
1036
692
"_mandos._tcp", NULL, 0,
1037
browse_callback, &mc);
1038
if (sb == NULL) {
693
browse_callback, server);
694
if (!sb) {
1039
695
fprintf(stderr, "Failed to create service browser: %s\n",
1040
avahi_strerror(avahi_server_errno(mc.server)));
1041
exitcode = EXIT_FAILURE;
1042
goto end;
696
avahi_strerror(avahi_server_errno(server)));
697
returncode = EXIT_FAILURE;
698
goto exit;
1043
699
}
1044
700
1045
701
/* Run the main loop */
1046
702
1047
703
if (debug){
1048
fprintf(stderr, "Starting Avahi loop search\n");
704
fprintf(stderr, "Starting avahi loop search\n");
1049
705
}
1050
706
1051
avahi_simple_poll_loop(mc.simple_poll);
707
avahi_simple_poll_loop(simple_poll);
1052
708
1053
end:
709
exit:
1054
710
1055
711
if (debug){
1056
712
fprintf(stderr, "%s exiting\n", argv[0]);
1057
713
}
1058
714
1059
715
/* Cleanup things */
1060
if (sb != NULL)
716
if (sb)
1061
717
avahi_s_service_browser_free(sb);
1062
718
1063
if (mc.server != NULL)
1064
avahi_server_free(mc.server);
1065
1066
if (mc.simple_poll != NULL)
1067
avahi_simple_poll_free(mc.simple_poll);
1068
free(pubkeyfile);
1069
free(seckeyfile);
1070
1071
if (gnutls_initalized){
1072
gnutls_certificate_free_credentials (mc.cred);
1073
gnutls_global_deinit ();
1074
}
1075
1076
return exitcode;
719
if (server)
720
avahi_server_free(server);
721
722
if (simple_poll)
723
avahi_simple_poll_free(simple_poll);
724
725
return returncode;
1077
726
}
Loggerhead is a web-based interface for Breezy
Version: 2.0.2.dev0