/mandos/trunk : revision 50

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to plugins.d/password-request.c

Committer: Teddy Hogeborn
Date: 2008-08-08 23:28:55 UTC
mfrom: (24.1.25 mandos)
Revision ID: teddy@fukt.bsnet.se-20080808232855-2hcaxr9jwwmvetx4

* Makefile: Do DocBook manual conversion in a better way.

* mandos (main): Write a PID file.

files added:
mandos-client.xml

mandos-clients.conf.xml

mandos.conf

mandos.conf.xml

mandos.xml

network-protocol.txt

plugins.d/password-prompt.xml

plugins.d/password-request.xml

files removed:
ca.pem

cert.pem

client-cert.pem

client-key.pem

crl.pem

key.pem

files renamed:
mandos-clients.conf => clients.conf

server.py => mandos

plugbasedclient.c => mandos-client.c

plugins.d/passprompt.c => plugins.d/password-prompt.c

plugins.d/mandosclient.c => plugins.d/password-request.c

files modified:
Makefile

TODO

Show diffs side-by-side

added added

removed removed

plugins.d/password-request.c

/***

This file is part of avahi.

avahi is free software; you can redistribute it and/or modify it

under the terms of the GNU Lesser General Public License as

published by the Free Software Foundation; either version 2.1 of the

License, or (at your option) any later version.

avahi is distributed in the hope that it will be useful, but WITHOUT

ANY WARRANTY; without even the implied warranty of MERCHANTABILITY

or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General

Public License for more details.

You should have received a copy of the GNU Lesser General Public

License along with avahi; if not, write to the Free Software

Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307

USA.

***/

/* -*- coding: utf-8 -*- */

* Mandos client - get and decrypt data from a Mandos server

* This program is partly derived from an example program for an Avahi

* service browser, downloaded from

* <http://avahi.org/browser/examples/core-browse-services.c>. This

* includes the following functions: "resolve_callback",

* "browse_callback", and parts of "main".

* Everything else is

* This program is free software: you can redistribute it and/or

* modify it under the terms of the GNU General Public License as

* published by the Free Software Foundation, either version 3 of the

* License, or (at your option) any later version.

* This program is distributed in the hope that it will be useful, but

* WITHOUT ANY WARRANTY; without even the implied warranty of

* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU

* General Public License for more details.

* You should have received a copy of the GNU General Public License

* along with this program. If not, see

* <http://www.gnu.org/licenses/>.

* Contact the authors at <mandos@fukt.bsnet.se>.

/* Needed by GPGME, specifically gpgme_data_seek() */

#define _LARGEFILE_SOURCE

#define _FILE_OFFSET_BITS 64

#define _GNU_SOURCE /* TEMP_FAILURE_RETRY() */

#include <stdio.h>

#include <assert.h>

#include <stdlib.h>

#include <time.h>

#include <net/if.h> /* if_nametoindex */

#include <sys/ioctl.h> /* ioctl, ifreq, SIOCGIFFLAGS, IFF_UP,

SIOCSIFFLAGS */

#include <net/if.h> /* ioctl, ifreq, SIOCGIFFLAGS, IFF_UP,

SIOCSIFFLAGS */

#include <avahi-core/core.h>

#include <avahi-core/lookup.h>

#include <avahi-common/malloc.h>

#include <avahi-common/error.h>

//mandos client part

#include <sys/types.h> /* socket(), setsockopt(), inet_pton() */

#include <sys/socket.h> /* socket(), setsockopt(), struct sockaddr_in6, struct in6_addr, inet_pton() */

#include <gnutls/gnutls.h> /* ALL GNUTLS STUFF */

#include <gnutls/openpgp.h> /* gnutls with openpgp stuff */

/* Mandos client part */

#include <sys/types.h> /* socket(), inet_pton() */

#include <sys/socket.h> /* socket(), struct sockaddr_in6,

struct in6_addr, inet_pton() */

#include <gnutls/gnutls.h> /* All GnuTLS stuff */

#include <gnutls/openpgp.h> /* GnuTLS with openpgp stuff */

#include <unistd.h> /* close() */

#include <netinet/in.h>

#include <string.h> /* memset */

#include <arpa/inet.h> /* inet_pton() */

#include <iso646.h> /* not */

// gpgme

#include <net/if.h> /* IF_NAMESIZE */

#include <argp.h> /* struct argp_option,

struct argp_state, struct argp,

argp_parse() */

/* GPGME */

#include <errno.h> /* perror() */

#include <gpgme.h>

#ifndef CERT_ROOT

#define CERT_ROOT "/conf/conf.d/cryptkeyreq/"

#endif

#define CERTFILE CERT_ROOT "openpgp-client.txt"

#define KEYFILE CERT_ROOT "openpgp-client-key.txt"

#define BUFFER_SIZE 256

#define DH_BITS 1024

bool debug = false;

static const char *keydir = "/conf/conf.d/mandos";

static const char mandos_protocol_version[] = "1";

const char *argp_program_version = "mandosclient 0.9";

const char *argp_program_bug_address = "<mandos@fukt.bsnet.se>";

/* Used for passing in values through the Avahi callback functions */

typedef struct {

gnutls_session_t session;

AvahiSimplePoll *simple_poll;

AvahiServer *server;

gnutls_certificate_credentials_t cred;

unsigned int dh_bits;

gnutls_dh_params_t dh_params;

} encrypted_session;

ssize_t gpg_packet_decrypt (char *packet, size_t packet_size, char **new_packet, char *homedir){

const char *priority;

} mandos_context;

* Make room in "buffer" for at least BUFFER_SIZE additional bytes.

* "buffer_capacity" is how much is currently allocated,

* "buffer_length" is how much is already used.

size_t adjustbuffer(char **buffer, size_t buffer_length,

size_t buffer_capacity){

100

if (buffer_length + BUFFER_SIZE > buffer_capacity){

101

*buffer = realloc(*buffer, buffer_capacity + BUFFER_SIZE);

102

if (buffer == NULL){

103

return 0;

104

}

105

buffer_capacity += BUFFER_SIZE;

106

}

107

return buffer_capacity;

108

}

109

110

111

* Decrypt OpenPGP data using keyrings in HOMEDIR.

112

* Returns -1 on error

113

114

static ssize_t pgp_packet_decrypt (const char *cryptotext,

115

size_t crypto_size,

116

char **plaintext,

117

const char *homedir){

118

gpgme_data_t dh_crypto, dh_plain;

119

gpgme_ctx_t ctx;

120

gpgme_error_t rc;

121

ssize_t ret;

size_t new_packet_capacity = 0;

size_t new_packet_length = 0;

122

size_t plaintext_capacity = 0;

123

ssize_t plaintext_length = 0;

124

gpgme_engine_info_t engine_info;

125

126

if (debug){

fprintf(stderr, "Attempting to decrypt password from gpg packet\n");

127

fprintf(stderr, "Trying to decrypt OpenPGP data\n");

128

}

129

130

/* Init GPGME */

131

gpgme_check_version(NULL);

gpgme_engine_check_version(GPGME_PROTOCOL_OpenPGP);

132

rc = gpgme_engine_check_version(GPGME_PROTOCOL_OpenPGP);

133

if (rc != GPG_ERR_NO_ERROR){

134

fprintf(stderr, "bad gpgme_engine_check_version: %s: %s\n",

135

gpgme_strsource(rc), gpgme_strerror(rc));

136

return -1;

137

}

138

/* Set GPGME home directory */

139

/* Set GPGME home directory for the OpenPGP engine only */

140

rc = gpgme_get_engine_info (&engine_info);

141

if (rc != GPG_ERR_NO_ERROR){

142

fprintf(stderr, "bad gpgme_get_engine_info: %s: %s\n",

101

152

engine_info = engine_info->next;

102

153

}

103

154

if(engine_info == NULL){

104

fprintf(stderr, "Could not set home dir to %s\n", homedir);

155

fprintf(stderr, "Could not set GPGME home dir to %s\n", homedir);

105

156

return -1;

106

157

}

107

158

108

/* Create new GPGME data buffer from packet buffer */

109

rc = gpgme_data_new_from_mem(&dh_crypto, packet, packet_size, 0);

159

/* Create new GPGME data buffer from memory cryptotext */

160

rc = gpgme_data_new_from_mem(&dh_crypto, cryptotext, crypto_size,

161

0);

110

162

if (rc != GPG_ERR_NO_ERROR){

111

163

fprintf(stderr, "bad gpgme_data_new_from_mem: %s: %s\n",

112

164

gpgme_strsource(rc), gpgme_strerror(rc));

118

170

if (rc != GPG_ERR_NO_ERROR){

119

171

fprintf(stderr, "bad gpgme_data_new: %s: %s\n",

120

172

gpgme_strsource(rc), gpgme_strerror(rc));

173

gpgme_data_release(dh_crypto);

121

174

return -1;

122

175

}

123

176

126

179

if (rc != GPG_ERR_NO_ERROR){

127

180

fprintf(stderr, "bad gpgme_new: %s: %s\n",

128

181

gpgme_strsource(rc), gpgme_strerror(rc));

129

return -1;

182

plaintext_length = -1;

183

goto decrypt_end;

130

184

}

131

185

132

/* Decrypt data from the FILE pointer to the plaintext data buffer */

186

/* Decrypt data from the cryptotext data buffer to the plaintext

187

data buffer */

133

188

rc = gpgme_op_decrypt(ctx, dh_crypto, dh_plain);

134

189

if (rc != GPG_ERR_NO_ERROR){

135

190

fprintf(stderr, "bad gpgme_op_decrypt: %s: %s\n",

136

191

gpgme_strsource(rc), gpgme_strerror(rc));

137

return -1;

192

plaintext_length = -1;

193

goto decrypt_end;

138

194

}

139

195

140

196

if(debug){

141

fprintf(stderr, "decryption of gpg packet succeeded\n");

197

fprintf(stderr, "Decryption of OpenPGP data succeeded\n");

142

198

}

143

199

144

200

if (debug){

145

201

gpgme_decrypt_result_t result;

146

202

result = gpgme_op_decrypt_result(ctx);

147

203

if (result == NULL){

148

204

fprintf(stderr, "gpgme_op_decrypt_result failed\n");

149

205

} else {

150

fprintf(stderr, "Unsupported algorithm: %s\n", result->unsupported_algorithm);

151

fprintf(stderr, "Wrong key usage: %d\n", result->wrong_key_usage);

206

fprintf(stderr, "Unsupported algorithm: %s\n",

207

result->unsupported_algorithm);

208

fprintf(stderr, "Wrong key usage: %d\n",

209

result->wrong_key_usage);

152

210

if(result->file_name != NULL){

153

211

fprintf(stderr, "File name: %s\n", result->file_name);

154

212

}

160

218

gpgme_pubkey_algo_name(recipient->pubkey_algo));

161

219

fprintf(stderr, "Key ID: %s\n", recipient->keyid);

162

220

fprintf(stderr, "Secret key available: %s\n",

163

recipient->status == GPG_ERR_NO_SECKEY ? "No" : "Yes");

221

recipient->status == GPG_ERR_NO_SECKEY

222

? "No" : "Yes");

164

223

recipient = recipient->next;

165

224

}

166

225

}

167

226

}

168

227

}

169

228

170

/* Delete the GPGME FILE pointer cryptotext data buffer */

171

gpgme_data_release(dh_crypto);

172

173

229

/* Seek back to the beginning of the GPGME plaintext data buffer */

174

gpgme_data_seek(dh_plain, 0, SEEK_SET);

175

176

*new_packet = 0;

230

if (gpgme_data_seek(dh_plain, (off_t) 0, SEEK_SET) == -1){

231

perror("pgpme_data_seek");

232

plaintext_length = -1;

233

goto decrypt_end;

234

}

235

236

*plaintext = NULL;

177

237

while(true){

178

if (new_packet_length + BUFFER_SIZE > new_packet_capacity){

179

*new_packet = realloc(*new_packet, new_packet_capacity + BUFFER_SIZE);

180

if (*new_packet == NULL){

181

perror("realloc");

182

return -1;

183

}

184

new_packet_capacity += BUFFER_SIZE;

238

plaintext_capacity = adjustbuffer(plaintext,

239

(size_t)plaintext_length,

240

plaintext_capacity);

241

if (plaintext_capacity == 0){

242

perror("adjustbuffer");

243

plaintext_length = -1;

244

goto decrypt_end;

185

245

}

186

246

187

ret = gpgme_data_read(dh_plain, *new_packet + new_packet_length, BUFFER_SIZE);

247

ret = gpgme_data_read(dh_plain, *plaintext + plaintext_length,

248

BUFFER_SIZE);

188

249

/* Print the data, if any */

189

250

if (ret == 0){

190

/* If password is empty, then a incorrect error will be printed */

251

/* EOF */

191

252

break;

192

253

}

193

254

if(ret < 0){

194

255

perror("gpgme_data_read");

195

return -1;

256

plaintext_length = -1;

257

goto decrypt_end;

196

258

}

197

new_packet_length += ret;

259

plaintext_length += ret;

198

260

}

199

261

200

262

if(debug){

201

fprintf(stderr, "decrypted password is: %s\n", *new_packet);

263

fprintf(stderr, "Decrypted password is: ");

264

for(ssize_t i = 0; i < plaintext_length; i++){

265

fprintf(stderr, "%02hhX ", (*plaintext)[i]);

266

}

267

fprintf(stderr, "\n");

202

268

}

203

204

/* Delete the GPGME plaintext data buffer */

269

270

decrypt_end:

271

272

/* Delete the GPGME cryptotext data buffer */

273

gpgme_data_release(dh_crypto);

274

275

/* Delete the GPGME plaintext data buffer */

205

276

gpgme_data_release(dh_plain);

206

return new_packet_length;

277

return plaintext_length;

207

278

}

208

279

209

280

static const char * safer_gnutls_strerror (int value) {

213

284

return ret;

214

285

}

215

286

216

void debuggnutls(int level, const char* string){

217

fprintf(stderr, "%s", string);

287

/* GnuTLS log function callback */

288

static void debuggnutls(__attribute__((unused)) int level,

289

const char* string){

290

fprintf(stderr, "GnuTLS: %s", string);

218

291

}

219

292

220

int initgnutls(encrypted_session *es){

221

const char *err;

293

static int init_gnutls_global(mandos_context *mc,

294

const char *pubkeyfile,

295

const char *seckeyfile){

222

296

int ret;

223

297

224

298

if(debug){

225

fprintf(stderr, "Initializing gnutls\n");

299

fprintf(stderr, "Initializing GnuTLS\n");

226

300

}

227

301

228

229

302

if ((ret = gnutls_global_init ())

230

303

!= GNUTLS_E_SUCCESS) {

231

fprintf (stderr, "global_init: %s\n", safer_gnutls_strerror(ret));

304

fprintf (stderr, "GnuTLS global_init: %s\n",

305

safer_gnutls_strerror(ret));

232

306

return -1;

233

307

}

234

308

235

309

if (debug){

310

/* "Use a log level over 10 to enable all debugging options."

311

* - GnuTLS manual

312

236

313

gnutls_global_set_log_level(11);

237

314

gnutls_global_set_log_function(debuggnutls);

238

315

}

239

316

240

241

/* openpgp credentials */

242

if ((ret = gnutls_certificate_allocate_credentials (&es->cred))

317

/* OpenPGP credentials */

318

if ((ret = gnutls_certificate_allocate_credentials (&mc->cred))

243

319

!= GNUTLS_E_SUCCESS) {

244

fprintf (stderr, "memory error: %s\n", safer_gnutls_strerror(ret));

320

fprintf (stderr, "GnuTLS memory error: %s\n",

321

safer_gnutls_strerror(ret));

322

gnutls_global_deinit ();

245

323

return -1;

246

324

}

247

325

248

326

if(debug){

249

fprintf(stderr, "Attempting to use openpgp certificate %s"

250

" and keyfile %s as gnutls credentials\n", CERTFILE, KEYFILE);

327

fprintf(stderr, "Attempting to use OpenPGP certificate %s"

328

" and keyfile %s as GnuTLS credentials\n", pubkeyfile,

329

seckeyfile);

251

330

}

252

331

253

332

ret = gnutls_certificate_set_openpgp_key_file

254

(es->cred, CERTFILE, KEYFILE, GNUTLS_OPENPGP_FMT_BASE64);

255

if (ret != GNUTLS_E_SUCCESS) {

256

fprintf

257

(stderr, "Error[%d] while reading the OpenPGP key pair ('%s', '%s')\n",

258

ret, CERTFILE, KEYFILE);

259

fprintf(stdout, "The Error is: %s\n",

260

safer_gnutls_strerror(ret));

261

return -1;

262

}

263

264

//Gnutls server initialization

265

if ((ret = gnutls_dh_params_init (&es->dh_params))

266

!= GNUTLS_E_SUCCESS) {

267

fprintf (stderr, "Error in dh parameter initialization: %s\n",

268

safer_gnutls_strerror(ret));

269

return -1;

270

}

271

272

if ((ret = gnutls_dh_params_generate2 (es->dh_params, DH_BITS))

273

!= GNUTLS_E_SUCCESS) {

274

fprintf (stderr, "Error in prime generation: %s\n",

275

safer_gnutls_strerror(ret));

276

return -1;

277

}

278

279

gnutls_certificate_set_dh_params (es->cred, es->dh_params);

280

281

// Gnutls session creation

282

if ((ret = gnutls_init (&es->session, GNUTLS_SERVER))

283

!= GNUTLS_E_SUCCESS){

284

fprintf(stderr, "Error in gnutls session initialization: %s\n",

285

safer_gnutls_strerror(ret));

286

}

287

288

if ((ret = gnutls_priority_set_direct (es->session, "NORMAL", &err))

289

!= GNUTLS_E_SUCCESS) {

290

fprintf(stderr, "Syntax error at: %s\n", err);

291

fprintf(stderr, "Gnutls error: %s\n",

292

safer_gnutls_strerror(ret));

293

return -1;

294

}

295

296

if ((ret = gnutls_credentials_set

297

(es->session, GNUTLS_CRD_CERTIFICATE, es->cred))

298

!= GNUTLS_E_SUCCESS) {

299

fprintf(stderr, "Error setting a credentials set: %s\n",

300

safer_gnutls_strerror(ret));

301

return -1;

302

}

303

333

(mc->cred, pubkeyfile, seckeyfile, GNUTLS_OPENPGP_FMT_BASE64);

334

if (ret != GNUTLS_E_SUCCESS) {

335

fprintf(stderr,

336

"Error[%d] while reading the OpenPGP key pair ('%s',"

337

" '%s')\n", ret, pubkeyfile, seckeyfile);

338

fprintf(stdout, "The GnuTLS error is: %s\n",

339

safer_gnutls_strerror(ret));

340

goto globalfail;

341

}

342

343

/* GnuTLS server initialization */

344

ret = gnutls_dh_params_init(&mc->dh_params);

345

if (ret != GNUTLS_E_SUCCESS) {

346

fprintf (stderr, "Error in GnuTLS DH parameter initialization:"

347

" %s\n", safer_gnutls_strerror(ret));

348

goto globalfail;

349

}

350

ret = gnutls_dh_params_generate2(mc->dh_params, mc->dh_bits);

351

if (ret != GNUTLS_E_SUCCESS) {

352

fprintf (stderr, "Error in GnuTLS prime generation: %s\n",

353

safer_gnutls_strerror(ret));

354

goto globalfail;

355

}

356

357

gnutls_certificate_set_dh_params(mc->cred, mc->dh_params);

358

359

return 0;

360

361

globalfail:

362

363

gnutls_certificate_free_credentials (mc->cred);

364

gnutls_global_deinit ();

365

return -1;

366

367

}

368

369

static int init_gnutls_session(mandos_context *mc,

370

gnutls_session_t *session){

371

int ret;

372

/* GnuTLS session creation */

373

ret = gnutls_init(session, GNUTLS_SERVER);

374

if (ret != GNUTLS_E_SUCCESS){

375

fprintf(stderr, "Error in GnuTLS session initialization: %s\n",

376

safer_gnutls_strerror(ret));

377

}

378

379

{

380

const char *err;

381

ret = gnutls_priority_set_direct(*session, mc->priority, &err);

382

if (ret != GNUTLS_E_SUCCESS) {

383

fprintf(stderr, "Syntax error at: %s\n", err);

384

fprintf(stderr, "GnuTLS error: %s\n",

385

safer_gnutls_strerror(ret));

386

gnutls_deinit (*session);

387

return -1;

388

}

389

}

390

391

ret = gnutls_credentials_set(*session, GNUTLS_CRD_CERTIFICATE,

392

mc->cred);

393

if (ret != GNUTLS_E_SUCCESS) {

394

fprintf(stderr, "Error setting GnuTLS credentials: %s\n",

395

safer_gnutls_strerror(ret));

396

gnutls_deinit (*session);

397

return -1;

398

}

399

304

400

/* ignore client certificate if any. */

305

gnutls_certificate_server_set_request (es->session, GNUTLS_CERT_IGNORE);

401

gnutls_certificate_server_set_request (*session,

402

GNUTLS_CERT_IGNORE);

306

403

307

gnutls_dh_set_prime_bits (es->session, DH_BITS);

404

gnutls_dh_set_prime_bits (*session, mc->dh_bits);

308

405

309

406

return 0;

310

407

}

311

408

312

void empty_log(AvahiLogLevel level, const char *txt){}

409

/* Avahi log function callback */

410

static void empty_log(__attribute__((unused)) AvahiLogLevel level,

411

__attribute__((unused)) const char *txt){}

313

412

314

int start_mandos_communication(char *ip, uint16_t port){

413

/* Called when a Mandos server is found */

414

static int start_mandos_communication(const char *ip, uint16_t port,

415

AvahiIfIndex if_index,

416

mandos_context *mc){

315

417

int ret, tcp_sd;

316

struct sockaddr_in6 to;

317

encrypted_session es;

418

union { struct sockaddr in; struct sockaddr_in6 in6; } to;

318

419

char *buffer = NULL;

319

420

char *decrypted_buffer;

320

421

size_t buffer_length = 0;

321

422

size_t buffer_capacity = 0;

322

423

ssize_t decrypted_buffer_size;

424

size_t written;

323

425

int retval = 0;

324

const char interface[] = "eth0";

325

426

char interface[IF_NAMESIZE];

427

gnutls_session_t session;

428

429

ret = init_gnutls_session (mc, &session);

430

if (ret != 0){

431

return -1;

432

}

433

326

434

if(debug){

327

fprintf(stderr, "Setting up a tcp connection to %s\n", ip);

435

fprintf(stderr, "Setting up a tcp connection to %s, port %d\n",

436

ip, port);

328

437

}

329

438

330

439

tcp_sd = socket(PF_INET6, SOCK_STREAM, 0);

334

443

}

335

444

336

445

if(debug){

446

if(if_indextoname((unsigned int)if_index, interface) == NULL){

447

perror("if_indextoname");

448

return -1;

449

}

337

450

fprintf(stderr, "Binding to interface %s\n", interface);

338

451

}

339

340

ret = setsockopt(tcp_sd, SOL_SOCKET, SO_BINDTODEVICE, interface, 5);

341

if(tcp_sd < 0) {

342

perror("setsockopt bindtodevice");

343

return -1;

344

}

345

452

346

memset(&to,0,sizeof(to));

347

to.sin6_family = AF_INET6;

348

ret = inet_pton(AF_INET6, ip, &to.sin6_addr);

453

memset(&to,0,sizeof(to)); /* Spurious warning */

454

to.in6.sin6_family = AF_INET6;

455

/* It would be nice to have a way to detect if we were passed an

456

IPv4 address here. Now we assume an IPv6 address. */

457

ret = inet_pton(AF_INET6, ip, &to.in6.sin6_addr);

349

458

if (ret < 0 ){

350

459

perror("inet_pton");

351

460

return -1;

352

}

461

}

353

462

if(ret == 0){

354

463

fprintf(stderr, "Bad address: %s\n", ip);

355

464

return -1;

356

465

}

357

to.sin6_port = htons(port);

358

to.sin6_scope_id = if_nametoindex(interface);

359

466

to.in6.sin6_port = htons(port); /* Spurious warning */

467

468

to.in6.sin6_scope_id = (uint32_t)if_index;

469

360

470

if(debug){

361

fprintf(stderr, "Connection to: %s\n", ip);

471

fprintf(stderr, "Connection to: %s, port %d\n", ip, port);

472

char addrstr[INET6_ADDRSTRLEN] = "";

473

if(inet_ntop(to.in6.sin6_family, &(to.in6.sin6_addr), addrstr,

474

sizeof(addrstr)) == NULL){

475

perror("inet_ntop");

476

} else {

477

if(strcmp(addrstr, ip) != 0){

478

fprintf(stderr, "Canonical address form: %s\n", addrstr);

479

}

480

}

362

481

}

363

482

364

ret = connect(tcp_sd, (struct sockaddr *) &to, sizeof(to));

483

ret = connect(tcp_sd, &to.in, sizeof(to));

365

484

if (ret < 0){

366

485

perror("connect");

367

486

return -1;

368

487

}

369

370

ret = initgnutls (&es);

371

if (ret != 0){

372

retval = -1;

373

return -1;

374

}

375

376

377

gnutls_transport_set_ptr (es.session, (gnutls_transport_ptr_t) tcp_sd);

378

488

489

const char *out = mandos_protocol_version;

490

written = 0;

491

while (true){

492

size_t out_size = strlen(out);

493

ret = TEMP_FAILURE_RETRY(write(tcp_sd, out + written,

494

out_size - written));

495

if (ret == -1){

496

perror("write");

497

retval = -1;

498

goto mandos_end;

499

}

500

written += (size_t)ret;

501

if(written < out_size){

502

continue;

503

} else {

504

if (out == mandos_protocol_version){

505

written = 0;

506

out = "\r\n";

507

} else {

508

break;

509

}

510

}

511

}

512

379

513

if(debug){

380

fprintf(stderr, "Establishing tls session with %s\n", ip);

514

fprintf(stderr, "Establishing TLS session with %s\n", ip);

381

515

}

382

383

384

ret = gnutls_handshake (es.session);

516

517

gnutls_transport_set_ptr (session, (gnutls_transport_ptr_t) tcp_sd);

518

519

ret = gnutls_handshake (session);

385

520

386

521

if (ret != GNUTLS_E_SUCCESS){

387

fprintf(stderr, "\n*** Handshake failed ***\n");

388

gnutls_perror (ret);

522

if(debug){

523

fprintf(stderr, "*** GnuTLS Handshake failed ***\n");

524

gnutls_perror (ret);

525

}

389

526

retval = -1;

390

goto exit;

527

goto mandos_end;

391

528

}

392

393

//Retrieve gpg packet that contains the wanted password

394

529

530

/* Read OpenPGP packet that contains the wanted password */

531

395

532

if(debug){

396

fprintf(stderr, "Retrieving pgp encrypted password from %s\n", ip);

533

fprintf(stderr, "Retrieving pgp encrypted password from %s\n",

534

ip);

397

535

}

398

536

399

537

while(true){

400

if (buffer_length + BUFFER_SIZE > buffer_capacity){

401

buffer = realloc(buffer, buffer_capacity + BUFFER_SIZE);

402

if (buffer == NULL){

403

perror("realloc");

404

goto exit;

405

}

406

buffer_capacity += BUFFER_SIZE;

538

buffer_capacity = adjustbuffer(&buffer, buffer_length,

539

buffer_capacity);

540

if (buffer_capacity == 0){

541

perror("adjustbuffer");

542

retval = -1;

543

goto mandos_end;

407

544

}

408

545

409

ret = gnutls_record_recv

410

(es.session, buffer+buffer_length, BUFFER_SIZE);

546

ret = gnutls_record_recv(session, buffer+buffer_length,

547

BUFFER_SIZE);

411

548

if (ret == 0){

412

549

break;

413

550

}

417

554

case GNUTLS_E_AGAIN:

418

555

break;

419

556

case GNUTLS_E_REHANDSHAKE:

420

ret = gnutls_handshake (es.session);

557

ret = gnutls_handshake (session);

421

558

if (ret < 0){

422

fprintf(stderr, "\n*** Handshake failed ***\n");

559

fprintf(stderr, "*** GnuTLS Re-handshake failed ***\n");

423

560

gnutls_perror (ret);

424

561

retval = -1;

425

goto exit;

562

goto mandos_end;

426

563

}

427

564

break;

428

565

default:

429

fprintf(stderr, "Unknown error while reading data from encrypted session with mandos server\n");

566

fprintf(stderr, "Unknown error while reading data from"

567

" encrypted session with Mandos server\n");

430

568

retval = -1;

431

gnutls_bye (es.session, GNUTLS_SHUT_RDWR);

432

goto exit;

569

gnutls_bye (session, GNUTLS_SHUT_RDWR);

570

goto mandos_end;

433

571

}

434

572

} else {

435

buffer_length += ret;

573

buffer_length += (size_t) ret;

436

574

}

437

575

}

438

576

577

if(debug){

578

fprintf(stderr, "Closing TLS session\n");

579

}

580

581

gnutls_bye (session, GNUTLS_SHUT_RDWR);

582

439

583

if (buffer_length > 0){

440

if ((decrypted_buffer_size = gpg_packet_decrypt(buffer, buffer_length, &decrypted_buffer, CERT_ROOT)) >= 0){

441

fwrite (decrypted_buffer, 1, decrypted_buffer_size, stdout);

584

decrypted_buffer_size = pgp_packet_decrypt(buffer,

585

buffer_length,

586

&decrypted_buffer,

587

keydir);

588

if (decrypted_buffer_size >= 0){

589

written = 0;

590

while(written < (size_t) decrypted_buffer_size){

591

ret = (int)fwrite (decrypted_buffer + written, 1,

592

(size_t)decrypted_buffer_size - written,

593

stdout);

594

if(ret == 0 and ferror(stdout)){

595

if(debug){

596

fprintf(stderr, "Error writing encrypted data: %s\n",

597

strerror(errno));

598

}

599

retval = -1;

600

break;

601

}

602

written += (size_t)ret;

603

}

442

604

free(decrypted_buffer);

443

605

} else {

444

606

retval = -1;

445

607

}

446

608

}

447

448

//shutdown procedure

449

450

if(debug){

451

fprintf(stderr, "Closing tls session\n");

452

}

453

609

610

/* Shutdown procedure */

611

612

mandos_end:

454

613

free(buffer);

455

gnutls_bye (es.session, GNUTLS_SHUT_RDWR);

456

exit:

457

614

close(tcp_sd);

458

gnutls_deinit (es.session);

459

gnutls_certificate_free_credentials (es.cred);

460

gnutls_global_deinit ();

615

gnutls_deinit (session);

461

616

return retval;

462

617

}

463

618

464

static AvahiSimplePoll *simple_poll = NULL;

465

static AvahiServer *server = NULL;

466

467

static void resolve_callback(

468

AvahiSServiceResolver *r,

469

AVAHI_GCC_UNUSED AvahiIfIndex interface,

470

AVAHI_GCC_UNUSED AvahiProtocol protocol,

471

AvahiResolverEvent event,

472

const char *name,

473

const char *type,

474

const char *domain,

475

const char *host_name,

476

const AvahiAddress *address,

477

uint16_t port,

478

AvahiStringList *txt,

479

AvahiLookupResultFlags flags,

480

AVAHI_GCC_UNUSED void* userdata) {

481

482

assert(r);

483

484

/* Called whenever a service has been resolved successfully or timed out */

485

486

switch (event) {

487

case AVAHI_RESOLVER_FAILURE:

488

fprintf(stderr, "(Resolver) Failed to resolve service '%s' of type '%s' in domain '%s': %s\n", name, type, domain, avahi_strerror(avahi_server_errno(server)));

489

break;

490

491

case AVAHI_RESOLVER_FOUND: {

492

char ip[AVAHI_ADDRESS_STR_MAX];

493

avahi_address_snprint(ip, sizeof(ip), address);

494

if(debug){

495

fprintf(stderr, "Mandos server found at %s on port %d\n", ip, port);

496

}

497

int ret = start_mandos_communication(ip, port);

498

if (ret == 0){

499

exit(EXIT_SUCCESS);

500

} else {

501

exit(EXIT_FAILURE);

502

}

503

}

504

}

505

avahi_s_service_resolver_free(r);

506

}

507

508

static void browse_callback(

509

AvahiSServiceBrowser *b,

510

AvahiIfIndex interface,

511

AvahiProtocol protocol,

512

AvahiBrowserEvent event,

513

const char *name,

514

const char *type,

515

const char *domain,

516

AVAHI_GCC_UNUSED AvahiLookupResultFlags flags,

517

void* userdata) {

518

519

AvahiServer *s = userdata;

520

assert(b);

521

522

/* Called whenever a new services becomes available on the LAN or is removed from the LAN */

523

524

switch (event) {

525

526

case AVAHI_BROWSER_FAILURE:

527

528

fprintf(stderr, "(Browser) %s\n", avahi_strerror(avahi_server_errno(server)));

529

avahi_simple_poll_quit(simple_poll);

530

return;

531

532

case AVAHI_BROWSER_NEW:

533

/* We ignore the returned resolver object. In the callback

534

function we free it. If the server is terminated before

535

the callback function is called the server will free

536

the resolver for us. */

537

538

if (!(avahi_s_service_resolver_new(s, interface, protocol, name, type, domain, AVAHI_PROTO_INET6, 0, resolve_callback, s)))

539

fprintf(stderr, "Failed to resolve service '%s': %s\n", name, avahi_strerror(avahi_server_errno(s)));

540

541

break;

542

543

case AVAHI_BROWSER_REMOVE:

544

break;

545

546

case AVAHI_BROWSER_ALL_FOR_NOW:

547

case AVAHI_BROWSER_CACHE_EXHAUSTED:

548

break;

549

}

550

}

551

552

int main(AVAHI_GCC_UNUSED int argc, AVAHI_GCC_UNUSED char*argv[]) {

553

AvahiServerConfig config;

619

static void resolve_callback(AvahiSServiceResolver *r,

620

AvahiIfIndex interface,

621

AVAHI_GCC_UNUSED AvahiProtocol protocol,

622

AvahiResolverEvent event,

623

const char *name,

624

const char *type,

625

const char *domain,

626

const char *host_name,

627

const AvahiAddress *address,

628

uint16_t port,

629

AVAHI_GCC_UNUSED AvahiStringList *txt,

630

AVAHI_GCC_UNUSED AvahiLookupResultFlags

631

flags,

632

void* userdata) {

633

mandos_context *mc = userdata;

634

assert(r); /* Spurious warning */

635

636

/* Called whenever a service has been resolved successfully or

637

timed out */

638

639

switch (event) {

640

default:

641

case AVAHI_RESOLVER_FAILURE:

642

fprintf(stderr, "(Avahi Resolver) Failed to resolve service '%s'"

643

" of type '%s' in domain '%s': %s\n", name, type, domain,

644

avahi_strerror(avahi_server_errno(mc->server)));

645

break;

646

647

case AVAHI_RESOLVER_FOUND:

648

{

649

char ip[AVAHI_ADDRESS_STR_MAX];

650

avahi_address_snprint(ip, sizeof(ip), address);

651

if(debug){

652

fprintf(stderr, "Mandos server \"%s\" found on %s (%s, %d) on"

653

" port %d\n", name, host_name, ip, interface, port);

654

}

655

int ret = start_mandos_communication(ip, port, interface, mc);

656

if (ret == 0){

657

exit(EXIT_SUCCESS);

658

}

659

}

660

}

661

avahi_s_service_resolver_free(r);

662

}

663

664

static void browse_callback( AvahiSServiceBrowser *b,

665

AvahiIfIndex interface,

666

AvahiProtocol protocol,

667

AvahiBrowserEvent event,

668

const char *name,

669

const char *type,

670

const char *domain,

671

AVAHI_GCC_UNUSED AvahiLookupResultFlags

672

flags,

673

void* userdata) {

674

mandos_context *mc = userdata;

675

assert(b); /* Spurious warning */

676

677

/* Called whenever a new services becomes available on the LAN or

678

is removed from the LAN */

679

680

switch (event) {

681

default:

682

case AVAHI_BROWSER_FAILURE:

683

684

fprintf(stderr, "(Avahi browser) %s\n",

685

avahi_strerror(avahi_server_errno(mc->server)));

686

avahi_simple_poll_quit(mc->simple_poll);

687

return;

688

689

case AVAHI_BROWSER_NEW:

690

/* We ignore the returned Avahi resolver object. In the callback

691

function we free it. If the Avahi server is terminated before

692

the callback function is called the Avahi server will free the

693

resolver for us. */

694

695

if (!(avahi_s_service_resolver_new(mc->server, interface,

696

protocol, name, type, domain,

697

AVAHI_PROTO_INET6, 0,

698

resolve_callback, mc)))

699

fprintf(stderr, "Avahi: Failed to resolve service '%s': %s\n",

700

name, avahi_strerror(avahi_server_errno(mc->server)));

701

break;

702

703

case AVAHI_BROWSER_REMOVE:

704

break;

705

706

case AVAHI_BROWSER_ALL_FOR_NOW:

707

case AVAHI_BROWSER_CACHE_EXHAUSTED:

708

if(debug){

709

fprintf(stderr, "No Mandos server found, still searching...\n");

710

}

711

break;

712

}

713

}

714

715

/* Combines file name and path and returns the malloced new

716

string. some sane checks could/should be added */

717

static const char *combinepath(const char *first, const char *second){

718

size_t f_len = strlen(first);

719

size_t s_len = strlen(second);

720

char *tmp = malloc(f_len + s_len + 2);

721

if (tmp == NULL){

722

return NULL;

723

}

724

if(f_len > 0){

725

memcpy(tmp, first, f_len); /* Spurious warning */

726

}

727

tmp[f_len] = '/';

728

if(s_len > 0){

729

memcpy(tmp + f_len + 1, second, s_len); /* Spurious warning */

730

}

731

tmp[f_len + 1 + s_len] = '\0';

732

return tmp;

733

}

734

735

736

int main(int argc, char *argv[]){

554

737

AvahiSServiceBrowser *sb = NULL;

555

const char db[] = "--debug";

556

738

int error;

557

int ret = 1;

558

int returncode = EXIT_SUCCESS;

559

char *basename = rindex(argv[0], '/');

560

if(basename == NULL){

561

basename = argv[0];

739

int ret;

740

int exitcode = EXIT_SUCCESS;

741

const char *interface = "eth0";

742

struct ifreq network;

743

int sd;

744

uid_t uid;

745

gid_t gid;

746

char *connect_to = NULL;

747

AvahiIfIndex if_index = AVAHI_IF_UNSPEC;

748

const char *pubkeyfile = "pubkey.txt";

749

const char *seckeyfile = "seckey.txt";

750

mandos_context mc = { .simple_poll = NULL, .server = NULL,

751

.dh_bits = 1024, .priority = "SECURE256"};

752

bool gnutls_initalized = false;

753

754

{

755

struct argp_option options[] = {

756

{ .name = "debug", .key = 128,

757

.doc = "Debug mode", .group = 3 },

758

{ .name = "connect", .key = 'c',

759

.arg = "IP",

760

.doc = "Connect directly to a sepcified mandos server",

761

.group = 1 },

762

{ .name = "interface", .key = 'i',

763

.arg = "INTERFACE",

764

.doc = "Interface that Avahi will conntect through",

765

.group = 1 },

766

{ .name = "keydir", .key = 'd',

767

.arg = "KEYDIR",

768

.doc = "Directory where the openpgp keyring is",

769

.group = 1 },

770

{ .name = "seckey", .key = 's',

771

.arg = "SECKEY",

772

.doc = "Secret openpgp key for gnutls authentication",

773

.group = 1 },

774

{ .name = "pubkey", .key = 'p',

775

.arg = "PUBKEY",

776

.doc = "Public openpgp key for gnutls authentication",

777

.group = 2 },

778

{ .name = "dh-bits", .key = 129,

779

.arg = "BITS",

780

.doc = "dh-bits to use in gnutls communication",

781

.group = 2 },

782

{ .name = "priority", .key = 130,

783

.arg = "PRIORITY",

784

.doc = "GNUTLS priority", .group = 1 },

785

{ .name = NULL }

786

};

787

788

789

error_t parse_opt (int key, char *arg,

790

struct argp_state *state) {

791

/* Get the INPUT argument from `argp_parse', which we know is

792

a pointer to our plugin list pointer. */

793

switch (key) {

794

case 128:

795

debug = true;

796

break;

797

case 'c':

798

connect_to = arg;

799

break;

800

case 'i':

801

interface = arg;

802

break;

803

case 'd':

804

keydir = arg;

805

break;

806

case 's':

807

seckeyfile = arg;

808

break;

809

case 'p':

810

pubkeyfile = arg;

811

break;

812

case 129:

813

errno = 0;

814

mc.dh_bits = (unsigned int) strtol(arg, NULL, 10);

815

if (errno){

816

perror("strtol");

817

exit(EXIT_FAILURE);

818

}

819

break;

820

case 130:

821

mc.priority = arg;

822

break;

823

case ARGP_KEY_ARG:

824

argp_usage (state);

825

break;

826

case ARGP_KEY_END:

827

break;

828

default:

829

return ARGP_ERR_UNKNOWN;

830

}

831

return 0;

832

}

833

834

struct argp argp = { .options = options, .parser = parse_opt,

835

.args_doc = "",

836

.doc = "Mandos client -- Get and decrypt"

837

" passwords from mandos server" };

838

argp_parse (&argp, argc, argv, 0, 0, NULL);

839

}

840

841

pubkeyfile = combinepath(keydir, pubkeyfile);

842

if (pubkeyfile == NULL){

843

perror("combinepath");

844

exitcode = EXIT_FAILURE;

845

goto end;

846

}

847

848

seckeyfile = combinepath(keydir, seckeyfile);

849

if (seckeyfile == NULL){

850

perror("combinepath");

851

goto end;

852

}

853

854

ret = init_gnutls_global(&mc, pubkeyfile, seckeyfile);

855

if (ret == -1){

856

fprintf(stderr, "init_gnutls_global\n");

857

goto end;

562

858

} else {

563

basename++;

564

}

565

566

char *program_name = malloc(strlen(basename) + sizeof(db));

567

568

if (program_name == NULL){

569

perror("argv[0]");

570

return EXIT_FAILURE;

571

}

572

573

program_name[0] = '\0';

574

575

for (int i = 1; i < argc; i++){

576

if (not strncmp(argv[i], db, 5)){

577

strcat(strcat(strcat(program_name, db ), "="), basename);

578

if(not strcmp(argv[i], db) or not strcmp(argv[i], program_name)){

579

debug = true;

580

}

859

gnutls_initalized = true;

860

}

861

862

uid = getuid();

863

gid = getgid();

864

865

ret = setuid(uid);

866

if (ret == -1){

867

perror("setuid");

868

}

869

870

setgid(gid);

871

if (ret == -1){

872

perror("setgid");

873

}

874

875

if_index = (AvahiIfIndex) if_nametoindex(interface);

876

if(if_index == 0){

877

fprintf(stderr, "No such interface: \"%s\"\n", interface);

878

exit(EXIT_FAILURE);

879

}

880

881

if(connect_to != NULL){

882

/* Connect directly, do not use Zeroconf */

883

/* (Mainly meant for debugging) */

884

char *address = strrchr(connect_to, ':');

885

if(address == NULL){

886

fprintf(stderr, "No colon in address\n");

887

exitcode = EXIT_FAILURE;

888

goto end;

889

}

890

errno = 0;

891

uint16_t port = (uint16_t) strtol(address+1, NULL, 10);

892

if(errno){

893

perror("Bad port number");

894

exitcode = EXIT_FAILURE;

895

goto end;

896

}

897

*address = '\0';

898

address = connect_to;

899

ret = start_mandos_communication(address, port, if_index, &mc);

900

if(ret < 0){

901

exitcode = EXIT_FAILURE;

902

} else {

903

exitcode = EXIT_SUCCESS;

904

}

905

goto end;

906

}

907

908

/* If the interface is down, bring it up */

909

{

910

sd = socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP);

911

if(sd < 0) {

912

perror("socket");

913

exitcode = EXIT_FAILURE;

914

goto end;

915

}

916

strcpy(network.ifr_name, interface); /* Spurious warning */

917

ret = ioctl(sd, SIOCGIFFLAGS, &network);

918

if(ret == -1){

919

perror("ioctl SIOCGIFFLAGS");

920

exitcode = EXIT_FAILURE;

921

goto end;

922

}

923

if((network.ifr_flags & IFF_UP) == 0){

924

network.ifr_flags |= IFF_UP;

925

ret = ioctl(sd, SIOCSIFFLAGS, &network);

926

if(ret == -1){

927

perror("ioctl SIOCSIFFLAGS");

928

exitcode = EXIT_FAILURE;

929

goto end;

581

930

}

931

}

932

close(sd);

582

933

}

583

free(program_name);

584

934

585

935

if (not debug){

586

936

avahi_set_log_function(empty_log);

587

937

}

588

938

589

/* Initialize the psuedo-RNG */

590

srand(time(NULL));

591

592

/* Allocate main loop object */

593

if (!(simple_poll = avahi_simple_poll_new())) {

594

fprintf(stderr, "Failed to create simple poll object.\n");

595

596

goto exit;

597

}

598

599

/* Do not publish any local records */

600

avahi_server_config_init(&config);

601

config.publish_hinfo = 0;

602

config.publish_addresses = 0;

603

config.publish_workstation = 0;

604

config.publish_domain = 0;

605

606

/* Allocate a new server */

607

server = avahi_server_new(avahi_simple_poll_get(simple_poll), &config, NULL, NULL, &error);

608

609

/* Free the configuration data */

610

avahi_server_config_free(&config);

611

612

/* Check if creating the server object succeeded */

613

if (!server) {

614

fprintf(stderr, "Failed to create server: %s\n", avahi_strerror(error));

615

returncode = EXIT_FAILURE;

616

goto exit;

617

}

618

619

/* Create the service browser */

620

if (!(sb = avahi_s_service_browser_new(server, if_nametoindex("eth0"), AVAHI_PROTO_INET6, "_mandos._tcp", NULL, 0, browse_callback, server))) {

621

fprintf(stderr, "Failed to create service browser: %s\n", avahi_strerror(avahi_server_errno(server)));

622

returncode = EXIT_FAILURE;

623

goto exit;

939

/* Initialize the pseudo-RNG for Avahi */

940

srand((unsigned int) time(NULL));

941

942

/* Allocate main Avahi loop object */

943

mc.simple_poll = avahi_simple_poll_new();

944

if (mc.simple_poll == NULL) {

945

fprintf(stderr, "Avahi: Failed to create simple poll"

946

" object.\n");

947

exitcode = EXIT_FAILURE;

948

goto end;

949

}

950

951

{

952

AvahiServerConfig config;

953

/* Do not publish any local Zeroconf records */

954

avahi_server_config_init(&config);

955

config.publish_hinfo = 0;

956

config.publish_addresses = 0;

957

config.publish_workstation = 0;

958

config.publish_domain = 0;

959

960

/* Allocate a new server */

961

mc.server = avahi_server_new(avahi_simple_poll_get

962

(mc.simple_poll), &config, NULL,

963

NULL, &error);

964

965

/* Free the Avahi configuration data */

966

avahi_server_config_free(&config);

967

}

968

969

/* Check if creating the Avahi server object succeeded */

970

if (mc.server == NULL) {

971

fprintf(stderr, "Failed to create Avahi server: %s\n",

972

avahi_strerror(error));

973

exitcode = EXIT_FAILURE;

974

goto end;

975

}

976

977

/* Create the Avahi service browser */

978

sb = avahi_s_service_browser_new(mc.server, if_index,

979

AVAHI_PROTO_INET6,

980

"_mandos._tcp", NULL, 0,

981

browse_callback, &mc);

982

if (sb == NULL) {

983

fprintf(stderr, "Failed to create service browser: %s\n",

984

avahi_strerror(avahi_server_errno(mc.server)));

985

exitcode = EXIT_FAILURE;

986

goto end;

624

987

}

625

988

626

989

/* Run the main loop */

627

990

628

991

if (debug){

629

fprintf(stderr, "Starting avahi loop search\n");

992

fprintf(stderr, "Starting Avahi loop search\n");

630

993

}

631

994

632

avahi_simple_poll_loop(simple_poll);

995

avahi_simple_poll_loop(mc.simple_poll);

633

996

634

exit:

997

end:

635

998

636

999

if (debug){

637

1000

fprintf(stderr, "%s exiting\n", argv[0]);

638

1001

}

639

1002

640

1003

/* Cleanup things */

641

if (sb)

1004

if (sb != NULL)

642

1005

avahi_s_service_browser_free(sb);

643

1006

644

if (server)

645

avahi_server_free(server);

646

647

if (simple_poll)

648

avahi_simple_poll_free(simple_poll);

649

650

return ret;

1007

if (mc.server != NULL)

1008

avahi_server_free(mc.server);

1009

1010

if (mc.simple_poll != NULL)

1011

avahi_simple_poll_free(mc.simple_poll);

1012

free(pubkeyfile);

1013

free(seckeyfile);

1014

1015

if (gnutls_initalized){

1016

gnutls_certificate_free_credentials (mc.cred);

1017

gnutls_global_deinit ();

1018

}

1019

1020

return exitcode;

651

1021

}

Older »