/mandos/trunk : revision 30

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to plugins.d/mandosclient.c

Committer: Teddy Hogeborn
Date: 2008-07-31 19:51:44 UTC
mfrom: (24.1.5 mandos)
Revision ID: teddy@fukt.bsnet.se-20080731195144-yb37wz2sr1e6b3m4

Merge.

files added:
ca.pem

cert.pem

client-cert.pem

client-key.pem

crl.pem

key.pem

files removed:
COPYING

initramfs-tools-hook

initramfs-tools-hook-conf

initramfs-tools-script

mandos-clients.conf.xml

mandos-keygen

mandos-keygen.xml

mandos.conf.xml

mandos.xml

overview.xml

plugin-runner.xml

plugins.d/password-prompt.xml

plugins.d/password-request.xml

plugins.d/usplash

files renamed:
plugin-runner.c => plugbasedclient.c

plugins.d/password-request.c => plugins.d/mandosclient.c

plugins.d/password-prompt.c => plugins.d/passprompt.c

mandos.conf => server.conf

mandos => server.py

files modified:
Makefile

TODO

clients.conf

Show diffs side-by-side

added added

removed removed

plugins.d/mandosclient.c

* along with this program. If not, see

* <http://www.gnu.org/licenses/>.

* Contact the authors at <mandos@fukt.bsnet.se>.

* Contact the authors at <https://www.fukt.bsnet.se/~belorn/> and

* <https://www.fukt.bsnet.se/~teddy/>.

/* Needed by GPGME, specifically gpgme_data_seek() */

#define _LARGEFILE_SOURCE

#define _FILE_OFFSET_BITS 64

#define _GNU_SOURCE /* TEMP_FAILURE_RETRY(), asprintf() */

#include <stdio.h> /* fprintf(), stderr, fwrite(),

stdout, ferror() */

#include <stdint.h> /* uint16_t, uint32_t */

#include <stddef.h> /* NULL, size_t, ssize_t */

#include <stdlib.h> /* free(), EXIT_SUCCESS, EXIT_FAILURE,

srand() */

#include <stdbool.h> /* bool, true */

#include <string.h> /* memset(), strcmp(), strlen(),

strerror(), asprintf(), strcpy() */

#include <sys/ioctl.h> /* ioctl */

#include <sys/types.h> /* socket(), inet_pton(), sockaddr,

sockaddr_in6, PF_INET6,

SOCK_STREAM, INET6_ADDRSTRLEN,

uid_t, gid_t */

#include <inttypes.h> /* PRIu16 */

#include <sys/socket.h> /* socket(), struct sockaddr_in6,

struct in6_addr, inet_pton(),

connect() */

#include <assert.h> /* assert() */

#include <errno.h> /* perror(), errno */

#include <time.h> /* time() */

#include <net/if.h> /* ioctl, ifreq, SIOCGIFFLAGS, IFF_UP,

SIOCSIFFLAGS, if_indextoname(),

if_nametoindex(), IF_NAMESIZE */

#include <unistd.h> /* close(), SEEK_SET, off_t, write(),

getuid(), getgid(), setuid(),

setgid() */

#include <netinet/in.h>

#include <arpa/inet.h> /* inet_pton(), htons */

#include <iso646.h> /* not, and */

#include <argp.h> /* struct argp_option, error_t, struct

argp_state, struct argp,

argp_parse(), ARGP_KEY_ARG,

ARGP_KEY_END, ARGP_ERR_UNKNOWN */

/* Avahi */

/* All Avahi types, constants and functions

Avahi*, avahi_*,

AVAHI_* */

#include <stdio.h>

#include <assert.h>

#include <stdlib.h>

#include <time.h>

#include <net/if.h> /* if_nametoindex */

#include <avahi-core/core.h>

#include <avahi-core/lookup.h>

#include <avahi-core/log.h>

#include <avahi-common/malloc.h>

#include <avahi-common/error.h>

/* GnuTLS */

#include <gnutls/gnutls.h> /* All GnuTLS types, constants and

functions:

gnutls_*

init_gnutls_session(),

GNUTLS_* */

#include <gnutls/openpgp.h> /* gnutls_certificate_set_openpgp_key_file(),

GNUTLS_OPENPGP_FMT_BASE64 */

/* GPGME */

#include <gpgme.h> /* All GPGME types, constants and

functions:

gpgme_*

GPGME_PROTOCOL_OpenPGP,

GPG_ERR_NO_* */

//mandos client part

#include <sys/types.h> /* socket(), inet_pton() */

#include <sys/socket.h> /* socket(), struct sockaddr_in6,

struct in6_addr, inet_pton() */

#include <gnutls/gnutls.h> /* All GnuTLS stuff */

#include <gnutls/openpgp.h> /* GnuTLS with openpgp stuff */

#include <unistd.h> /* close() */

#include <netinet/in.h>

#include <stdbool.h> /* true */

#include <string.h> /* memset */

#include <arpa/inet.h> /* inet_pton() */

#include <iso646.h> /* not */

// gpgme

#include <errno.h> /* perror() */

#include <gpgme.h>

// getopt long

#include <getopt.h>

#define BUFFER_SIZE 256

#define DH_BITS 1024

const char *certdir = "/conf/conf.d/cryptkeyreq/";

const char *certfile = "openpgp-client.txt";

const char *certkey = "openpgp-client-key.txt";

100

101

bool debug = false;

102

static const char *keydir = "/conf/conf.d/mandos";

103

static const char mandos_protocol_version[] = "1";

104

const char *argp_program_version = "password-request 1.0";

105

const char *argp_program_bug_address = "<mandos@fukt.bsnet.se>";

106

107

/* Used for passing in values through the Avahi callback functions */

108

typedef struct {

109

AvahiSimplePoll *simple_poll;

110

AvahiServer *server;

gnutls_session_t session;

111

gnutls_certificate_credentials_t cred;

112

unsigned int dh_bits;

113

gnutls_dh_params_t dh_params;

114

const char *priority;

115

} mandos_context;

116

117

118

* Make room in "buffer" for at least BUFFER_SIZE additional bytes.

119

* "buffer_capacity" is how much is currently allocated,

120

* "buffer_length" is how much is already used.

121

122

size_t adjustbuffer(char **buffer, size_t buffer_length,

123

size_t buffer_capacity){

124

if (buffer_length + BUFFER_SIZE > buffer_capacity){

125

*buffer = realloc(*buffer, buffer_capacity + BUFFER_SIZE);

126

if (buffer == NULL){

127

return 0;

128

}

129

buffer_capacity += BUFFER_SIZE;

130

}

131

return buffer_capacity;

132

}

133

134

135

* Decrypt OpenPGP data using keyrings in HOMEDIR.

136

* Returns -1 on error

137

138

static ssize_t pgp_packet_decrypt (const char *cryptotext,

139

size_t crypto_size,

140

char **plaintext,

141

const char *homedir){

} encrypted_session;

ssize_t pgp_packet_decrypt (char *packet, size_t packet_size,

char **new_packet, const char *homedir){

142

gpgme_data_t dh_crypto, dh_plain;

143

gpgme_ctx_t ctx;

144

gpgme_error_t rc;

145

ssize_t ret;

146

size_t plaintext_capacity = 0;

147

ssize_t plaintext_length = 0;

ssize_t new_packet_capacity = 0;

ssize_t new_packet_length = 0;

148

gpgme_engine_info_t engine_info;

149

150

if (debug){

151

fprintf(stderr, "Trying to decrypt OpenPGP data\n");

fprintf(stderr, "Trying to decrypt OpenPGP packet\n");

152

}

153

154

100

/* Init GPGME */

160

106

return -1;

161

107

}

162

108

163

/* Set GPGME home directory for the OpenPGP engine only */

109

/* Set GPGME home directory */

164

110

rc = gpgme_get_engine_info (&engine_info);

165

111

if (rc != GPG_ERR_NO_ERROR){

166

112

fprintf(stderr, "bad gpgme_get_engine_info: %s: %s\n",

176

122

engine_info = engine_info->next;

177

123

}

178

124

if(engine_info == NULL){

179

fprintf(stderr, "Could not set GPGME home dir to %s\n", homedir);

125

fprintf(stderr, "Could not set home dir to %s\n", homedir);

180

126

return -1;

181

127

}

182

128

183

/* Create new GPGME data buffer from memory cryptotext */

184

rc = gpgme_data_new_from_mem(&dh_crypto, cryptotext, crypto_size,

185

0);

129

/* Create new GPGME data buffer from packet buffer */

130

rc = gpgme_data_new_from_mem(&dh_crypto, packet, packet_size, 0);

186

131

if (rc != GPG_ERR_NO_ERROR){

187

132

fprintf(stderr, "bad gpgme_data_new_from_mem: %s: %s\n",

188

133

gpgme_strsource(rc), gpgme_strerror(rc));

194

139

if (rc != GPG_ERR_NO_ERROR){

195

140

fprintf(stderr, "bad gpgme_data_new: %s: %s\n",

196

141

gpgme_strsource(rc), gpgme_strerror(rc));

197

gpgme_data_release(dh_crypto);

198

142

return -1;

199

143

}

200

144

203

147

if (rc != GPG_ERR_NO_ERROR){

204

148

fprintf(stderr, "bad gpgme_new: %s: %s\n",

205

149

gpgme_strsource(rc), gpgme_strerror(rc));

206

plaintext_length = -1;

207

goto decrypt_end;

150

return -1;

208

151

}

209

152

210

/* Decrypt data from the cryptotext data buffer to the plaintext

211

data buffer */

153

/* Decrypt data from the FILE pointer to the plaintext data

154

buffer */

212

155

rc = gpgme_op_decrypt(ctx, dh_crypto, dh_plain);

213

156

if (rc != GPG_ERR_NO_ERROR){

214

157

fprintf(stderr, "bad gpgme_op_decrypt: %s: %s\n",

215

158

gpgme_strsource(rc), gpgme_strerror(rc));

216

plaintext_length = -1;

217

goto decrypt_end;

159

return -1;

218

160

}

219

161

220

162

if(debug){

221

fprintf(stderr, "Decryption of OpenPGP data succeeded\n");

163

fprintf(stderr, "Decryption of OpenPGP packet succeeded\n");

222

164

}

223

165

224

166

if (debug){

225

167

gpgme_decrypt_result_t result;

226

168

result = gpgme_op_decrypt_result(ctx);

229

171

} else {

230

172

fprintf(stderr, "Unsupported algorithm: %s\n",

231

173

result->unsupported_algorithm);

232

fprintf(stderr, "Wrong key usage: %u\n",

174

fprintf(stderr, "Wrong key usage: %d\n",

233

175

result->wrong_key_usage);

234

176

if(result->file_name != NULL){

235

177

fprintf(stderr, "File name: %s\n", result->file_name);

250

192

}

251

193

}

252

194

195

/* Delete the GPGME FILE pointer cryptotext data buffer */

196

gpgme_data_release(dh_crypto);

197

253

198

/* Seek back to the beginning of the GPGME plaintext data buffer */

254

199

if (gpgme_data_seek(dh_plain, (off_t) 0, SEEK_SET) == -1){

255

200

perror("pgpme_data_seek");

256

plaintext_length = -1;

257

goto decrypt_end;

258

201

}

259

202

260

*plaintext = NULL;

203

*new_packet = 0;

261

204

while(true){

262

plaintext_capacity = adjustbuffer(plaintext,

263

(size_t)plaintext_length,

264

plaintext_capacity);

265

if (plaintext_capacity == 0){

266

perror("adjustbuffer");

267

plaintext_length = -1;

268

goto decrypt_end;

205

if (new_packet_length + BUFFER_SIZE > new_packet_capacity){

206

*new_packet = realloc(*new_packet,

207

(unsigned int)new_packet_capacity

208

+ BUFFER_SIZE);

209

if (*new_packet == NULL){

210

perror("realloc");

211

return -1;

212

}

213

new_packet_capacity += BUFFER_SIZE;

269

214

}

270

215

271

ret = gpgme_data_read(dh_plain, *plaintext + plaintext_length,

216

ret = gpgme_data_read(dh_plain, *new_packet + new_packet_length,

272

217

BUFFER_SIZE);

273

218

/* Print the data, if any */

274

219

if (ret == 0){

275

/* EOF */

276

220

break;

277

221

}

278

222

if(ret < 0){

279

223

perror("gpgme_data_read");

280

plaintext_length = -1;

281

goto decrypt_end;

224

return -1;

282

225

}

283

plaintext_length += ret;

226

new_packet_length += ret;

284

227

}

285

228

286

if(debug){

287

fprintf(stderr, "Decrypted password is: ");

288

for(ssize_t i = 0; i < plaintext_length; i++){

289

fprintf(stderr, "%02hhX ", (*plaintext)[i]);

290

}

291

fprintf(stderr, "\n");

292

}

293

294

decrypt_end:

295

296

/* Delete the GPGME cryptotext data buffer */

297

gpgme_data_release(dh_crypto);

229

/* FIXME: check characters before printing to screen so to not print

230

terminal control characters */

231

/* if(debug){ */

232

/* fprintf(stderr, "decrypted password is: "); */

233

/* fwrite(*new_packet, 1, new_packet_length, stderr); */

234

/* fprintf(stderr, "\n"); */

235

/* } */

298

236

299

237

/* Delete the GPGME plaintext data buffer */

300

238

gpgme_data_release(dh_plain);

301

return plaintext_length;

239

return new_packet_length;

302

240

}

303

241

304

242

static const char * safer_gnutls_strerror (int value) {

305

const char *ret = gnutls_strerror (value); /* Spurious warning */

243

const char *ret = gnutls_strerror (value);

306

244

if (ret == NULL)

307

245

ret = "(unknown)";

308

246

return ret;

309

247

}

310

248

311

/* GnuTLS log function callback */

312

static void debuggnutls(__attribute__((unused)) int level,

313

const char* string){

314

fprintf(stderr, "GnuTLS: %s", string);

249

void debuggnutls(__attribute__((unused)) int level,

250

const char* string){

251

fprintf(stderr, "%s", string);

315

252

}

316

253

317

static int init_gnutls_global(mandos_context *mc,

318

const char *pubkeyfilename,

319

const char *seckeyfilename){

254

int initgnutls(encrypted_session *es){

255

const char *err;

320

256

int ret;

321

257

322

258

if(debug){

323

259

fprintf(stderr, "Initializing GnuTLS\n");

324

260

}

325

326

ret = gnutls_global_init();

327

if (ret != GNUTLS_E_SUCCESS) {

328

fprintf (stderr, "GnuTLS global_init: %s\n",

329

safer_gnutls_strerror(ret));

261

262

if ((ret = gnutls_global_init ())

263

!= GNUTLS_E_SUCCESS) {

264

fprintf (stderr, "global_init: %s\n", safer_gnutls_strerror(ret));

330

265

return -1;

331

266

}

332

267

333

268

if (debug){

334

/* "Use a log level over 10 to enable all debugging options."

335

* - GnuTLS manual

336

337

269

gnutls_global_set_log_level(11);

338

270

gnutls_global_set_log_function(debuggnutls);

339

271

}

340

272

341

/* OpenPGP credentials */

342

gnutls_certificate_allocate_credentials(&mc->cred);

343

if (ret != GNUTLS_E_SUCCESS){

344

fprintf (stderr, "GnuTLS memory error: %s\n", /* Spurious

345

warning */

273

/* openpgp credentials */

274

if ((ret = gnutls_certificate_allocate_credentials (&es->cred))

275

!= GNUTLS_E_SUCCESS) {

276

fprintf (stderr, "memory error: %s\n",

346

277

safer_gnutls_strerror(ret));

347

gnutls_global_deinit ();

348

278

return -1;

349

279

}

350

280

351

281

if(debug){

352

282

fprintf(stderr, "Attempting to use OpenPGP certificate %s"

353

" and keyfile %s as GnuTLS credentials\n", pubkeyfilename,

354

seckeyfilename);

283

" and keyfile %s as GnuTLS credentials\n", certfile,

284

certkey);

355

285

}

356

286

357

287

ret = gnutls_certificate_set_openpgp_key_file

358

(mc->cred, pubkeyfilename, seckeyfilename,

359

GNUTLS_OPENPGP_FMT_BASE64);

288

(es->cred, certfile, certkey, GNUTLS_OPENPGP_FMT_BASE64);

360

289

if (ret != GNUTLS_E_SUCCESS) {

361

fprintf(stderr,

362

"Error[%d] while reading the OpenPGP key pair ('%s',"

363

" '%s')\n", ret, pubkeyfilename, seckeyfilename);

364

fprintf(stdout, "The GnuTLS error is: %s\n",

290

fprintf

291

(stderr, "Error[%d] while reading the OpenPGP key pair ('%s',"

292

" '%s')\n",

293

ret, certfile, certkey);

294

fprintf(stdout, "The Error is: %s\n",

365

295

safer_gnutls_strerror(ret));

366

goto globalfail;

367

}

368

369

/* GnuTLS server initialization */

370

ret = gnutls_dh_params_init(&mc->dh_params);

371

if (ret != GNUTLS_E_SUCCESS) {

372

fprintf (stderr, "Error in GnuTLS DH parameter initialization:"

373

" %s\n", safer_gnutls_strerror(ret));

374

goto globalfail;

375

}

376

ret = gnutls_dh_params_generate2(mc->dh_params, mc->dh_bits);

377

if (ret != GNUTLS_E_SUCCESS) {

378

fprintf (stderr, "Error in GnuTLS prime generation: %s\n",

379

safer_gnutls_strerror(ret));

380

goto globalfail;

381

}

382

383

gnutls_certificate_set_dh_params(mc->cred, mc->dh_params);

384

385

return 0;

386

387

globalfail:

388

389

gnutls_certificate_free_credentials(mc->cred);

390

gnutls_global_deinit();

391

return -1;

392

393

}

394

395

static int init_gnutls_session(mandos_context *mc,

396

gnutls_session_t *session){

397

int ret;

398

/* GnuTLS session creation */

399

ret = gnutls_init(session, GNUTLS_SERVER);

400

if (ret != GNUTLS_E_SUCCESS){

296

return -1;

297

}

298

299

//GnuTLS server initialization

300

if ((ret = gnutls_dh_params_init (&es->dh_params))

301

!= GNUTLS_E_SUCCESS) {

302

fprintf (stderr, "Error in dh parameter initialization: %s\n",

303

safer_gnutls_strerror(ret));

304

return -1;

305

}

306

307

if ((ret = gnutls_dh_params_generate2 (es->dh_params, DH_BITS))

308

!= GNUTLS_E_SUCCESS) {

309

fprintf (stderr, "Error in prime generation: %s\n",

310

safer_gnutls_strerror(ret));

311

return -1;

312

}

313

314

gnutls_certificate_set_dh_params (es->cred, es->dh_params);

315

316

// GnuTLS session creation

317

if ((ret = gnutls_init (&es->session, GNUTLS_SERVER))

318

!= GNUTLS_E_SUCCESS){

401

319

fprintf(stderr, "Error in GnuTLS session initialization: %s\n",

402

320

safer_gnutls_strerror(ret));

403

321

}

404

322

405

{

406

const char *err;

407

ret = gnutls_priority_set_direct(*session, mc->priority, &err);

408

if (ret != GNUTLS_E_SUCCESS) {

409

fprintf(stderr, "Syntax error at: %s\n", err);

410

fprintf(stderr, "GnuTLS error: %s\n",

411

safer_gnutls_strerror(ret));

412

gnutls_deinit (*session);

413

return -1;

414

}

323

if ((ret = gnutls_priority_set_direct (es->session, "NORMAL", &err))

324

!= GNUTLS_E_SUCCESS) {

325

fprintf(stderr, "Syntax error at: %s\n", err);

326

fprintf(stderr, "GnuTLS error: %s\n",

327

safer_gnutls_strerror(ret));

328

return -1;

415

329

}

416

330

417

ret = gnutls_credentials_set(*session, GNUTLS_CRD_CERTIFICATE,

418

mc->cred);

419

if (ret != GNUTLS_E_SUCCESS) {

420

fprintf(stderr, "Error setting GnuTLS credentials: %s\n",

331

if ((ret = gnutls_credentials_set

332

(es->session, GNUTLS_CRD_CERTIFICATE, es->cred))

333

!= GNUTLS_E_SUCCESS) {

334

fprintf(stderr, "Error setting a credentials set: %s\n",

421

335

safer_gnutls_strerror(ret));

422

gnutls_deinit (*session);

423

336

return -1;

424

337

}

425

338

426

339

/* ignore client certificate if any. */

427

gnutls_certificate_server_set_request (*session,

340

gnutls_certificate_server_set_request (es->session,

428

341

GNUTLS_CERT_IGNORE);

429

342

430

gnutls_dh_set_prime_bits (*session, mc->dh_bits);

343

gnutls_dh_set_prime_bits (es->session, DH_BITS);

431

344

432

345

return 0;

433

346

}

434

347

435

/* Avahi log function callback */

436

static void empty_log(__attribute__((unused)) AvahiLogLevel level,

437

__attribute__((unused)) const char *txt){}

348

void empty_log(__attribute__((unused)) AvahiLogLevel level,

349

__attribute__((unused)) const char *txt){}

438

350

439

/* Called when a Mandos server is found */

440

static int start_mandos_communication(const char *ip, uint16_t port,

441

AvahiIfIndex if_index,

442

mandos_context *mc){

351

int start_mandos_communication(const char *ip, uint16_t port,

352

AvahiIfIndex if_index){

443

353

int ret, tcp_sd;

444

union { struct sockaddr in; struct sockaddr_in6 in6; } to;

354

struct sockaddr_in6 to;

355

encrypted_session es;

445

356

char *buffer = NULL;

446

357

char *decrypted_buffer;

447

358

size_t buffer_length = 0;

448

359

size_t buffer_capacity = 0;

449

360

ssize_t decrypted_buffer_size;

450

size_t written;

361

size_t written = 0;

451

362

int retval = 0;

452

363

char interface[IF_NAMESIZE];

453

gnutls_session_t session;

454

455

ret = init_gnutls_session (mc, &session);

456

if (ret != 0){

457

return -1;

458

}

459

364

460

365

if(debug){

461

fprintf(stderr, "Setting up a tcp connection to %s, port %" PRIu16

462

"\n", ip, port);

366

fprintf(stderr, "Setting up a tcp connection to %s, port %d\n",

367

ip, port);

463

368

}

464

369

465

370

tcp_sd = socket(PF_INET6, SOCK_STREAM, 0);

467

372

perror("socket");

468

373

return -1;

469

374

}

470

471

if(debug){

472

if(if_indextoname((unsigned int)if_index, interface) == NULL){

375

376

if(if_indextoname((unsigned int)if_index, interface) == NULL){

377

if(debug){

473

378

perror("if_indextoname");

474

return -1;

475

379

}

380

return -1;

381

}

382

383

if(debug){

476

384

fprintf(stderr, "Binding to interface %s\n", interface);

477

385

}

478

386

479

memset(&to, 0, sizeof(to));

480

to.in6.sin6_family = AF_INET6;

481

/* It would be nice to have a way to detect if we were passed an

482

IPv4 address here. Now we assume an IPv6 address. */

483

ret = inet_pton(AF_INET6, ip, &to.in6.sin6_addr);

387

memset(&to,0,sizeof(to)); /* Spurious warning */

388

to.sin6_family = AF_INET6;

389

ret = inet_pton(AF_INET6, ip, &to.sin6_addr);

484

390

if (ret < 0 ){

485

391

perror("inet_pton");

486

392

return -1;

487

}

393

}

488

394

if(ret == 0){

489

395

fprintf(stderr, "Bad address: %s\n", ip);

490

396

return -1;

491

397

}

492

to.in6.sin6_port = htons(port); /* Spurious warning */

398

to.sin6_port = htons(port); /* Spurious warning */

493

399

494

to.in6.sin6_scope_id = (uint32_t)if_index;

400

to.sin6_scope_id = (uint32_t)if_index;

495

401

496

402

if(debug){

497

fprintf(stderr, "Connection to: %s, port %" PRIu16 "\n", ip,

498

port);

499

char addrstr[INET6_ADDRSTRLEN] = "";

500

if(inet_ntop(to.in6.sin6_family, &(to.in6.sin6_addr), addrstr,

501

sizeof(addrstr)) == NULL){

502

perror("inet_ntop");

503

} else {

504

if(strcmp(addrstr, ip) != 0){

505

fprintf(stderr, "Canonical address form: %s\n", addrstr);

506

}

507

}

403

fprintf(stderr, "Connection to: %s, port %d\n", ip, port);

404

/* char addrstr[INET6_ADDRSTRLEN]; */

405

/* if(inet_ntop(to.sin6_family, &(to.sin6_addr), addrstr, */

406

/* sizeof(addrstr)) == NULL){ */

407

/* perror("inet_ntop"); */

408

/* } else { */

409

/* fprintf(stderr, "Really connecting to: %s, port %d\n", */

410

/* addrstr, ntohs(to.sin6_port)); */

411

/* } */

508

412

}

509

413

510

ret = connect(tcp_sd, &to.in, sizeof(to));

414

ret = connect(tcp_sd, (struct sockaddr *) &to, sizeof(to));

511

415

if (ret < 0){

512

416

perror("connect");

513

417

return -1;

514

418

}

515

516

const char *out = mandos_protocol_version;

517

written = 0;

518

while (true){

519

size_t out_size = strlen(out);

520

ret = TEMP_FAILURE_RETRY(write(tcp_sd, out + written,

521

out_size - written));

522

if (ret == -1){

523

perror("write");

524

retval = -1;

525

goto mandos_end;

526

}

527

written += (size_t)ret;

528

if(written < out_size){

529

continue;

530

} else {

531

if (out == mandos_protocol_version){

532

written = 0;

533

out = "\r\n";

534

} else {

535

break;

536

}

537

}

419

420

ret = initgnutls (&es);

421

if (ret != 0){

422

retval = -1;

423

return -1;

538

424

}

539

425

426

gnutls_transport_set_ptr (es.session,

427

(gnutls_transport_ptr_t) tcp_sd);

428

540

429

if(debug){

541

430

fprintf(stderr, "Establishing TLS session with %s\n", ip);

542

431

}

543

432

544

gnutls_transport_set_ptr (session, (gnutls_transport_ptr_t) tcp_sd);

545

546

do{

547

ret = gnutls_handshake (session);

548

} while(ret == GNUTLS_E_AGAIN or ret == GNUTLS_E_INTERRUPTED);

433

ret = gnutls_handshake (es.session);

549

434

550

435

if (ret != GNUTLS_E_SUCCESS){

551

436

if(debug){

552

fprintf(stderr, "*** GnuTLS Handshake failed ***\n");

437

fprintf(stderr, "\n*** Handshake failed ***\n");

553

438

gnutls_perror (ret);

554

439

}

555

440

retval = -1;

556

goto mandos_end;

441

goto exit;

557

442

}

558

443

559

/* Read OpenPGP packet that contains the wanted password */

444

//Retrieve OpenPGP packet that contains the wanted password

560

445

561

446

if(debug){

562

447

fprintf(stderr, "Retrieving pgp encrypted password from %s\n",

564

449

}

565

450

566

451

while(true){

567

buffer_capacity = adjustbuffer(&buffer, buffer_length,

568

buffer_capacity);

569

if (buffer_capacity == 0){

570

perror("adjustbuffer");

571

retval = -1;

572

goto mandos_end;

452

if (buffer_length + BUFFER_SIZE > buffer_capacity){

453

buffer = realloc(buffer, buffer_capacity + BUFFER_SIZE);

454

if (buffer == NULL){

455

perror("realloc");

456

goto exit;

457

}

458

buffer_capacity += BUFFER_SIZE;

573

459

}

574

460

575

ret = gnutls_record_recv(session, buffer+buffer_length,

576

BUFFER_SIZE);

461

ret = gnutls_record_recv

462

(es.session, buffer+buffer_length, BUFFER_SIZE);

577

463

if (ret == 0){

578

464

break;

579

465

}

583

469

case GNUTLS_E_AGAIN:

584

470

break;

585

471

case GNUTLS_E_REHANDSHAKE:

586

do{

587

ret = gnutls_handshake (session);

588

} while(ret == GNUTLS_E_AGAIN or ret == GNUTLS_E_INTERRUPTED);

472

ret = gnutls_handshake (es.session);

589

473

if (ret < 0){

590

fprintf(stderr, "*** GnuTLS Re-handshake failed ***\n");

474

fprintf(stderr, "\n*** Handshake failed ***\n");

591

475

gnutls_perror (ret);

592

476

retval = -1;

593

goto mandos_end;

477

goto exit;

594

478

}

595

479

break;

596

480

default:

597

481

fprintf(stderr, "Unknown error while reading data from"

598

" encrypted session with Mandos server\n");

482

" encrypted session with mandos server\n");

599

483

retval = -1;

600

gnutls_bye (session, GNUTLS_SHUT_RDWR);

601

goto mandos_end;

484

gnutls_bye (es.session, GNUTLS_SHUT_RDWR);

485

goto exit;

602

486

}

603

487

} else {

604

488

buffer_length += (size_t) ret;

605

489

}

606

490

}

607

491

608

if(debug){

609

fprintf(stderr, "Closing TLS session\n");

610

}

611

612

gnutls_bye (session, GNUTLS_SHUT_RDWR);

613

614

492

if (buffer_length > 0){

615

493

decrypted_buffer_size = pgp_packet_decrypt(buffer,

616

494

buffer_length,

617

495

&decrypted_buffer,

618

keydir);

496

certdir);

619

497

if (decrypted_buffer_size >= 0){

620

written = 0;

621

498

while(written < (size_t) decrypted_buffer_size){

622

499

ret = (int)fwrite (decrypted_buffer + written, 1,

623

500

(size_t)decrypted_buffer_size - written,

637

514

retval = -1;

638

515

}

639

516

}

640

641

/* Shutdown procedure */

642

643

mandos_end:

517

518

//shutdown procedure

519

520

if(debug){

521

fprintf(stderr, "Closing TLS session\n");

522

}

523

644

524

free(buffer);

525

gnutls_bye (es.session, GNUTLS_SHUT_RDWR);

526

exit:

645

527

close(tcp_sd);

646

gnutls_deinit (session);

528

gnutls_deinit (es.session);

529

gnutls_certificate_free_credentials (es.cred);

530

gnutls_global_deinit ();

647

531

return retval;

648

532

}

649

533

650

static void resolve_callback(AvahiSServiceResolver *r,

651

AvahiIfIndex interface,

652

AVAHI_GCC_UNUSED AvahiProtocol protocol,

653

AvahiResolverEvent event,

654

const char *name,

655

const char *type,

656

const char *domain,

657

const char *host_name,

658

const AvahiAddress *address,

659

uint16_t port,

660

AVAHI_GCC_UNUSED AvahiStringList *txt,

661

AVAHI_GCC_UNUSED AvahiLookupResultFlags

662

flags,

663

void* userdata) {

664

mandos_context *mc = userdata;

665

assert(r);

534

static AvahiSimplePoll *simple_poll = NULL;

535

static AvahiServer *server = NULL;

536

537

static void resolve_callback(

538

AvahiSServiceResolver *r,

539

AvahiIfIndex interface,

540

AVAHI_GCC_UNUSED AvahiProtocol protocol,

541

AvahiResolverEvent event,

542

const char *name,

543

const char *type,

544

const char *domain,

545

const char *host_name,

546

const AvahiAddress *address,

547

uint16_t port,

548

AVAHI_GCC_UNUSED AvahiStringList *txt,

549

AVAHI_GCC_UNUSED AvahiLookupResultFlags flags,

550

AVAHI_GCC_UNUSED void* userdata) {

551

552

assert(r); /* Spurious warning */

666

553

667

554

/* Called whenever a service has been resolved successfully or

668

555

timed out */

670

557

switch (event) {

671

558

default:

672

559

case AVAHI_RESOLVER_FAILURE:

673

fprintf(stderr, "(Avahi Resolver) Failed to resolve service '%s'"

674

" of type '%s' in domain '%s': %s\n", name, type, domain,

675

avahi_strerror(avahi_server_errno(mc->server)));

560

fprintf(stderr, "(Resolver) Failed to resolve service '%s' of"

561

" type '%s' in domain '%s': %s\n", name, type, domain,

562

avahi_strerror(avahi_server_errno(server)));

676

563

break;

677

564

678

565

case AVAHI_RESOLVER_FOUND:

680

567

char ip[AVAHI_ADDRESS_STR_MAX];

681

568

avahi_address_snprint(ip, sizeof(ip), address);

682

569

if(debug){

683

fprintf(stderr, "Mandos server \"%s\" found on %s (%s, %"

684

PRIu16 ") on port %d\n", name, host_name, ip,

685

interface, port);

570

fprintf(stderr, "Mandos server \"%s\" found on %s (%s) on"

571

" port %d\n", name, host_name, ip, port);

686

572

}

687

int ret = start_mandos_communication(ip, port, interface, mc);

573

int ret = start_mandos_communication(ip, port, interface);

688

574

if (ret == 0){

689

avahi_simple_poll_quit(mc->simple_poll);

575

exit(EXIT_SUCCESS);

690

576

}

691

577

}

692

578

}

693

579

avahi_s_service_resolver_free(r);

694

580

}

695

581

696

static void browse_callback( AvahiSServiceBrowser *b,

697

AvahiIfIndex interface,

698

AvahiProtocol protocol,

699

AvahiBrowserEvent event,

700

const char *name,

701

const char *type,

702

const char *domain,

703

AVAHI_GCC_UNUSED AvahiLookupResultFlags

704

flags,

705

void* userdata) {

706

mandos_context *mc = userdata;

707

assert(b);

708

709

/* Called whenever a new services becomes available on the LAN or

710

is removed from the LAN */

711

712

switch (event) {

713

default:

714

case AVAHI_BROWSER_FAILURE:

715

716

fprintf(stderr, "(Avahi browser) %s\n",

717

avahi_strerror(avahi_server_errno(mc->server)));

718

avahi_simple_poll_quit(mc->simple_poll);

719

return;

720

721

case AVAHI_BROWSER_NEW:

722

/* We ignore the returned Avahi resolver object. In the callback

723

function we free it. If the Avahi server is terminated before

724

the callback function is called the Avahi server will free the

725

resolver for us. */

726

727

if (!(avahi_s_service_resolver_new(mc->server, interface,

728

protocol, name, type, domain,

729

AVAHI_PROTO_INET6, 0,

730

resolve_callback, mc)))

731

fprintf(stderr, "Avahi: Failed to resolve service '%s': %s\n",

732

name, avahi_strerror(avahi_server_errno(mc->server)));

733

break;

734

735

case AVAHI_BROWSER_REMOVE:

736

break;

737

738

case AVAHI_BROWSER_ALL_FOR_NOW:

739

case AVAHI_BROWSER_CACHE_EXHAUSTED:

740

if(debug){

741

fprintf(stderr, "No Mandos server found, still searching...\n");

582

static void browse_callback(

583

AvahiSServiceBrowser *b,

584

AvahiIfIndex interface,

585

AvahiProtocol protocol,

586

AvahiBrowserEvent event,

587

const char *name,

588

const char *type,

589

const char *domain,

590

AVAHI_GCC_UNUSED AvahiLookupResultFlags flags,

591

void* userdata) {

592

593

AvahiServer *s = userdata;

594

assert(b); /* Spurious warning */

595

596

/* Called whenever a new services becomes available on the LAN or

597

is removed from the LAN */

598

599

switch (event) {

600

default:

601

case AVAHI_BROWSER_FAILURE:

602

603

fprintf(stderr, "(Browser) %s\n",

604

avahi_strerror(avahi_server_errno(server)));

605

avahi_simple_poll_quit(simple_poll);

606

return;

607

608

case AVAHI_BROWSER_NEW:

609

/* We ignore the returned resolver object. In the callback

610

function we free it. If the server is terminated before

611

the callback function is called the server will free

612

the resolver for us. */

613

614

if (!(avahi_s_service_resolver_new(s, interface, protocol, name,

615

type, domain,

616

AVAHI_PROTO_INET6, 0,

617

resolve_callback, s)))

618

fprintf(stderr, "Failed to resolve service '%s': %s\n", name,

619

avahi_strerror(avahi_server_errno(s)));

620

break;

621

622

case AVAHI_BROWSER_REMOVE:

623

break;

624

625

case AVAHI_BROWSER_ALL_FOR_NOW:

626

case AVAHI_BROWSER_CACHE_EXHAUSTED:

627

break;

742

628

}

743

break;

744

}

745

629

}

746

630

747

/* Combines file name and path and returns the malloced new

748

string. some sane checks could/should be added */

749

static char *combinepath(const char *first, const char *second){

631

/* combinds file name and path and returns the malloced new string. som sane checks could/should be added */

632

const char *combinepath(const char *first, const char *second){

750

633

char *tmp;

751

int ret = asprintf(&tmp, "%s/%s", first, second);

752

if(ret < 0){

634

tmp = malloc(strlen(first) + strlen(second) + 2);

635

if (tmp == NULL){

636

perror("malloc");

753

637

return NULL;

754

638

}

639

strcpy(tmp, first);

640

if (first[0] != '\0' and first[strlen(first) - 1] != '/'){

641

strcat(tmp, "/");

642

}

643

strcat(tmp, second);

755

644

return tmp;

756

645

}

757

646

758

647

759

int main(int argc, char *argv[]){

648

int main(AVAHI_GCC_UNUSED int argc, AVAHI_GCC_UNUSED char*argv[]) {

649

AvahiServerConfig config;

760

650

AvahiSServiceBrowser *sb = NULL;

761

651

int error;

762

652

int ret;

763

int exitcode = EXIT_SUCCESS;

764

const char *interface = "eth0";

765

struct ifreq network;

766

int sd;

767

uid_t uid;

768

gid_t gid;

653

int returncode = EXIT_SUCCESS;

654

const char *interface = NULL;

655

AvahiIfIndex if_index = AVAHI_IF_UNSPEC;

769

656

char *connect_to = NULL;

770

AvahiIfIndex if_index = AVAHI_IF_UNSPEC;

771

char *pubkeyfilename = NULL;

772

char *seckeyfilename = NULL;

773

const char *pubkeyname = "pubkey.txt";

774

const char *seckeyname = "seckey.txt";

775

mandos_context mc = { .simple_poll = NULL, .server = NULL,

776

.dh_bits = 1024, .priority = "SECURE256"};

777

bool gnutls_initalized = false;

778

779

{

780

struct argp_option options[] = {

781

{ .name = "debug", .key = 128,

782

.doc = "Debug mode", .group = 3 },

783

{ .name = "connect", .key = 'c',

784

.arg = "IP",

785

.doc = "Connect directly to a sepcified mandos server",

786

.group = 1 },

787

{ .name = "interface", .key = 'i',

788

.arg = "INTERFACE",

789

.doc = "Interface that Avahi will conntect through",

790

.group = 1 },

791

{ .name = "keydir", .key = 'd',

792

.arg = "KEYDIR",

793

.doc = "Directory where the openpgp keyring is",

794

.group = 1 },

795

{ .name = "seckey", .key = 's',

796

.arg = "SECKEY",

797

.doc = "Secret openpgp key for gnutls authentication",

798

.group = 1 },

799

{ .name = "pubkey", .key = 'p',

800

.arg = "PUBKEY",

801

.doc = "Public openpgp key for gnutls authentication",

802

.group = 2 },

803

{ .name = "dh-bits", .key = 129,

804

.arg = "BITS",

805

.doc = "dh-bits to use in gnutls communication",

806

.group = 2 },

807

{ .name = "priority", .key = 130,

808

.arg = "PRIORITY",

809

.doc = "GNUTLS priority", .group = 1 },

810

{ .name = NULL }

811

};

812

813

814

error_t parse_opt (int key, char *arg,

815

struct argp_state *state) {

816

/* Get the INPUT argument from `argp_parse', which we know is

817

a pointer to our plugin list pointer. */

818

switch (key) {

819

case 128:

820

debug = true;

821

break;

822

case 'c':

823

connect_to = arg;

824

break;

825

case 'i':

826

interface = arg;

827

break;

828

case 'd':

829

keydir = arg;

830

break;

831

case 's':

832

seckeyname = arg;

833

break;

834

case 'p':

835

pubkeyname = arg;

836

break;

837

case 129:

838

errno = 0;

839

mc.dh_bits = (unsigned int) strtol(arg, NULL, 10);

840

if (errno){

841

perror("strtol");

842

exit(EXIT_FAILURE);

843

}

844

break;

845

case 130:

846

mc.priority = arg;

847

break;

848

case ARGP_KEY_ARG:

849

argp_usage (state);

850

case ARGP_KEY_END:

851

break;

852

default:

853

return ARGP_ERR_UNKNOWN;

854

}

855

return 0;

856

}

857

858

struct argp argp = { .options = options, .parser = parse_opt,

859

.args_doc = "",

860

.doc = "Mandos client -- Get and decrypt"

861

" passwords from mandos server" };

862

ret = argp_parse (&argp, argc, argv, 0, 0, NULL);

863

if (ret == ARGP_ERR_UNKNOWN){

864

fprintf(stderr, "Unknown error while parsing arguments\n");

865

exitcode = EXIT_FAILURE;

866

goto end;

867

}

868

}

869

870

pubkeyfilename = combinepath(keydir, pubkeyname);

871

if (pubkeyfilename == NULL){

872

perror("combinepath");

873

exitcode = EXIT_FAILURE;

874

goto end;

875

}

876

877

seckeyfilename = combinepath(keydir, seckeyname);

878

if (seckeyfilename == NULL){

879

perror("combinepath");

880

exitcode = EXIT_FAILURE;

881

goto end;

882

}

883

884

ret = init_gnutls_global(&mc, pubkeyfilename, seckeyfilename);

885

if (ret == -1){

886

fprintf(stderr, "init_gnutls_global failed\n");

887

exitcode = EXIT_FAILURE;

888

goto end;

889

} else {

890

gnutls_initalized = true;

891

}

892

893

/* If the interface is down, bring it up */

894

{

895

sd = socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP);

896

if(sd < 0) {

897

perror("socket");

898

exitcode = EXIT_FAILURE;

899

goto end;

900

}

901

strcpy(network.ifr_name, interface);

902

ret = ioctl(sd, SIOCGIFFLAGS, &network);

903

if(ret == -1){

904

perror("ioctl SIOCGIFFLAGS");

905

exitcode = EXIT_FAILURE;

906

goto end;

907

}

908

if((network.ifr_flags & IFF_UP) == 0){

909

network.ifr_flags |= IFF_UP;

910

ret = ioctl(sd, SIOCSIFFLAGS, &network);

911

if(ret == -1){

912

perror("ioctl SIOCSIFFLAGS");

913

exitcode = EXIT_FAILURE;

914

goto end;

915

}

916

}

917

close(sd);

918

}

919

920

uid = getuid();

921

gid = getgid();

922

923

ret = setuid(uid);

924

if (ret == -1){

925

perror("setuid");

926

}

927

928

setgid(gid);

929

if (ret == -1){

930

perror("setgid");

931

}

932

933

if_index = (AvahiIfIndex) if_nametoindex(interface);

934

if(if_index == 0){

935

fprintf(stderr, "No such interface: \"%s\"\n", interface);

936

exit(EXIT_FAILURE);

657

658

while (true){

659

static struct option long_options[] = {

660

{"debug", no_argument, (int *)&debug, 1},

661

{"connect", required_argument, 0, 'C'},

662

{"interface", required_argument, 0, 'i'},

663

{"certdir", required_argument, 0, 'd'},

664

{"certkey", required_argument, 0, 'c'},

665

{"certfile", required_argument, 0, 'k'},

666

{0, 0, 0, 0} };

667

668

int option_index = 0;

669

ret = getopt_long (argc, argv, "i:", long_options,

670

&option_index);

671

672

if (ret == -1){

673

break;

674

}

675

676

switch(ret){

677

case 0:

678

break;

679

case 'i':

680

interface = optarg;

681

break;

682

case 'C':

683

connect_to = optarg;

684

break;

685

case 'd':

686

certdir = optarg;

687

break;

688

case 'c':

689

certfile = optarg;

690

break;

691

case 'k':

692

certkey = optarg;

693

break;

694

default:

695

exit(EXIT_FAILURE);

696

}

697

}

698

699

certfile = combinepath(certdir, certfile);

700

if (certfile == NULL){

701

goto exit;

702

}

703

704

if(interface != NULL){

705

if_index = (AvahiIfIndex) if_nametoindex(interface);

706

if(if_index == 0){

707

fprintf(stderr, "No such interface: \"%s\"\n", interface);

708

exit(EXIT_FAILURE);

709

}

937

710

}

938

711

939

712

if(connect_to != NULL){

942

715

char *address = strrchr(connect_to, ':');

943

716

if(address == NULL){

944

717

fprintf(stderr, "No colon in address\n");

945

exitcode = EXIT_FAILURE;

946

goto end;

718

exit(EXIT_FAILURE);

947

719

}

948

720

errno = 0;

949

721

uint16_t port = (uint16_t) strtol(address+1, NULL, 10);

950

722

if(errno){

951

723

perror("Bad port number");

952

exitcode = EXIT_FAILURE;

953

goto end;

724

exit(EXIT_FAILURE);

954

725

}

955

726

*address = '\0';

956

727

address = connect_to;

957

ret = start_mandos_communication(address, port, if_index, &mc);

728

ret = start_mandos_communication(address, port, if_index);

958

729

if(ret < 0){

959

exitcode = EXIT_FAILURE;

730

exit(EXIT_FAILURE);

960

731

} else {

961

exitcode = EXIT_SUCCESS;

732

exit(EXIT_SUCCESS);

962

733

}

963

goto end;

734

}

735

736

certkey = combinepath(certdir, certkey);

737

if (certkey == NULL){

738

goto exit;

964

739

}

965

740

966

741

if (not debug){

967

742

avahi_set_log_function(empty_log);

968

743

}

969

744

970

/* Initialize the pseudo-RNG for Avahi */

745

/* Initialize the psuedo-RNG */

971

746

srand((unsigned int) time(NULL));

972

973

/* Allocate main Avahi loop object */

974

mc.simple_poll = avahi_simple_poll_new();

975

if (mc.simple_poll == NULL) {

976

fprintf(stderr, "Avahi: Failed to create simple poll"

977

" object.\n");

978

exitcode = EXIT_FAILURE;

979

goto end;

980

}

981

982

{

983

AvahiServerConfig config;

984

/* Do not publish any local Zeroconf records */

985

avahi_server_config_init(&config);

986

config.publish_hinfo = 0;

987

config.publish_addresses = 0;

988

config.publish_workstation = 0;

989

config.publish_domain = 0;

990

991

/* Allocate a new server */

992

mc.server = avahi_server_new(avahi_simple_poll_get

993

(mc.simple_poll), &config, NULL,

994

NULL, &error);

995

996

/* Free the Avahi configuration data */

997

avahi_server_config_free(&config);

998

}

999

1000

/* Check if creating the Avahi server object succeeded */

1001

if (mc.server == NULL) {

1002

fprintf(stderr, "Failed to create Avahi server: %s\n",

747

748

/* Allocate main loop object */

749

if (!(simple_poll = avahi_simple_poll_new())) {

750

fprintf(stderr, "Failed to create simple poll object.\n");

751

752

goto exit;

753

}

754

755

/* Do not publish any local records */

756

avahi_server_config_init(&config);

757

config.publish_hinfo = 0;

758

config.publish_addresses = 0;

759

config.publish_workstation = 0;

760

config.publish_domain = 0;

761

762

/* Allocate a new server */

763

server = avahi_server_new(avahi_simple_poll_get(simple_poll),

764

&config, NULL, NULL, &error);

765

766

/* Free the configuration data */

767

avahi_server_config_free(&config);

768

769

/* Check if creating the server object succeeded */

770

if (!server) {

771

fprintf(stderr, "Failed to create server: %s\n",

1003

772

avahi_strerror(error));

1004

exitcode = EXIT_FAILURE;

1005

goto end;

773

returncode = EXIT_FAILURE;

774

goto exit;

1006

775

}

1007

776

1008

/* Create the Avahi service browser */

1009

sb = avahi_s_service_browser_new(mc.server, if_index,

777

/* Create the service browser */

778

sb = avahi_s_service_browser_new(server, if_index,

1010

779

AVAHI_PROTO_INET6,

1011

780

"_mandos._tcp", NULL, 0,

1012

browse_callback, &mc);

1013

if (sb == NULL) {

781

browse_callback, server);

782

if (!sb) {

1014

783

fprintf(stderr, "Failed to create service browser: %s\n",

1015

avahi_strerror(avahi_server_errno(mc.server)));

1016

exitcode = EXIT_FAILURE;

1017

goto end;

784

avahi_strerror(avahi_server_errno(server)));

785

returncode = EXIT_FAILURE;

786

goto exit;

1018

787

}

1019

788

1020

789

/* Run the main loop */

1021

790

1022

791

if (debug){

1023

fprintf(stderr, "Starting Avahi loop search\n");

792

fprintf(stderr, "Starting avahi loop search\n");

1024

793

}

1025

794

1026

avahi_simple_poll_loop(mc.simple_poll);

795

avahi_simple_poll_loop(simple_poll);

1027

796

1028

end:

797

exit:

1029

798

1030

799

if (debug){

1031

800

fprintf(stderr, "%s exiting\n", argv[0]);

1032

801

}

1033

802

1034

803

/* Cleanup things */

1035

if (sb != NULL)

804

if (sb)

1036

805

avahi_s_service_browser_free(sb);

1037

806

1038

if (mc.server != NULL)

1039

avahi_server_free(mc.server);

1040

1041

if (mc.simple_poll != NULL)

1042

avahi_simple_poll_free(mc.simple_poll);

1043

free(pubkeyfilename);

1044

free(seckeyfilename);

1045

1046

if (gnutls_initalized){

1047

gnutls_certificate_free_credentials(mc.cred);

1048

gnutls_global_deinit ();

1049

}

807

if (server)

808

avahi_server_free(server);

809

810

if (simple_poll)

811

avahi_simple_poll_free(simple_poll);

812

free(certfile);

813

free(certkey);

1050

814

1051

return exitcode;

815

return returncode;

1052

816

}

Older »