To get this branch, use:
bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk
« back to all changes in this revision
Viewing changes to plugins.d/password-request.c
- browse files at revision 53
- compare with another revision
- download diff
- download tarball
- view history from revision 53
- Committer: Teddy Hogeborn
- Date: 2008-08-09 04:56:00 UTC
- mfrom: (24.1.27 mandos)
- Revision ID: teddy@fukt.bsnet.se-20080809045600-m7jx3tj4wwunaffa
Merge.
- files added:
- mandos-client.xml
- files removed:
- ca.pem
- files renamed:
- mandos-clients.conf => clients.conf
- server.py => mandos
- plugbasedclient.c => mandos-client.c
- plugins.d/passprompt.c => plugins.d/password-prompt.c
- plugins.d/mandosclient.c => plugins.d/password-request.c
- files modified:
- Makefile
added
removed
plugins.d/password-request.c
8
8
* includes the following functions: "resolve_callback",
9
9
* "browse_callback", and parts of "main".
10
10
*
11
* Everything else is Copyright © 2007-2008 Teddy Hogeborn and Björn
12
* Påhlsson.
11
* Everything else is
12
* Copyright © 2007-2008 Teddy Hogeborn & Björn Påhlsson
13
13
*
14
14
* This program is free software: you can redistribute it and/or
15
15
* modify it under the terms of the GNU General Public License as
25
25
* along with this program. If not, see
26
26
* <http://www.gnu.org/licenses/>.
27
27
*
28
* Contact the authors at <https://www.fukt.bsnet.se/~belorn/> and
29
* <https://www.fukt.bsnet.se/~teddy/>.
28
* Contact the authors at <mandos@fukt.bsnet.se>.
30
29
*/
31
30
32
#define _FORTIFY_SOURCE 2
33
31
/* Needed by GPGME, specifically gpgme_data_seek() */
34
32
#define _LARGEFILE_SOURCE
35
33
#define _FILE_OFFSET_BITS 64
36
34
37
#include <stdio.h>
35
#define _GNU_SOURCE /* TEMP_FAILURE_RETRY() */
36
37
#include <stdio.h> /* fprintf(), stderr, fwrite(), stdout, ferror() */
38
#include <stdint.h> /* uint16_t, uint32_t */
39
#include <stddef.h> /* NULL, size_t, ssize_t */
40
#include <stdlib.h> /* free() */
41
#include <stdbool.h> /* bool, true */
42
#include <string.h> /* memset(), strcmp(), strlen, strerror() */
43
#include <sys/ioctl.h> /* ioctl, ifreq, SIOCGIFFLAGS, IFF_UP,
44
SIOCSIFFLAGS */
45
#include <sys/types.h> /* socket(), inet_pton(), sockaddr,
46
sockaddr_in6, PF_INET6, SOCK_STREAM, INET6_ADDRSTRLEN */
47
#include <sys/socket.h> /* socket(), struct sockaddr_in6,
48
struct in6_addr, inet_pton(),
49
connect() */
38
50
#include <assert.h>
39
#include <stdlib.h>
51
#include <errno.h> /* perror() */
40
52
#include <time.h>
41
#include <net/if.h> /* if_nametoindex */
53
#include <net/if.h> /* ioctl, ifreq, SIOCGIFFLAGS, IFF_UP,
54
SIOCSIFFLAGS, if_indextoname(),
55
if_nametoindex(), IF_NAMESIZE */
56
#include <unistd.h> /* close(), SEEK_SET, off_t, write()*/
57
#include <netinet/in.h>
58
#include <arpa/inet.h> /* inet_pton(), htons */
59
#include <iso646.h> /* not */
60
#include <argp.h> /* struct argp_option,
61
struct argp_state, struct argp,
62
argp_parse() */
42
63
43
#include <avahi-core/core.h>
64
/* Avahi */
65
#include <avahi-core/core.h> /* AvahiSimplePoll, AvahiServer,
66
AvahiIfIndex */
44
67
#include <avahi-core/lookup.h>
45
#include <avahi-core/log.h>
68
#include <avahi-core/log.h> /* AvahiLogLevel */
46
69
#include <avahi-common/simple-watch.h>
47
70
#include <avahi-common/malloc.h>
48
71
#include <avahi-common/error.h>
49
72
50
//mandos client part
51
#include <sys/types.h> /* socket(), inet_pton() */
52
#include <sys/socket.h> /* socket(), struct sockaddr_in6,
53
struct in6_addr, inet_pton() */
54
#include <gnutls/gnutls.h> /* All GnuTLS stuff */
55
#include <gnutls/openpgp.h> /* GnuTLS with openpgp stuff */
56
57
#include <unistd.h> /* close() */
58
#include <netinet/in.h>
59
#include <stdbool.h> /* true */
60
#include <string.h> /* memset */
61
#include <arpa/inet.h> /* inet_pton() */
62
#include <iso646.h> /* not */
63
64
// gpgme
65
#include <errno.h> /* perror() */
66
#include <gpgme.h>
67
68
// getopt long
69
#include <getopt.h>
70
71
#ifndef CERT_ROOT
72
#define CERT_ROOT "/conf/conf.d/cryptkeyreq/"
73
#endif
74
#define CERTFILE CERT_ROOT "openpgp-client.txt"
75
#define KEYFILE CERT_ROOT "openpgp-client-key.txt"
73
/* GnuTLS */
74
#include <gnutls/gnutls.h> /* gnutls_certificate_credentials_t,
75
gnutls_dh_params_t,
76
gnutls_strerror(),
77
gnutls_global_init(),
78
gnutls_global_set_log_level(),
79
gnutls_global_set_log_function(),
80
gnutls_certificate_allocate_credentials(),
81
gnutls_global_deinit(),
82
gnutls_dh_params_init(),
83
gnutls_dh_params_generate(),
84
gnutls_certificate_set_dh_params(),
85
gnutls_certificate_free_credentials(),
86
gnutls_session_t, gnutls_init(),
87
gnutls_priority_set_direct(),
88
gnutls_deinit(),
89
gnutls_credentials_set(),
90
gnutls_certificate_server_set_request(),
91
gnutls_dh_set_prime_bits(),
92
gnutls_transport_set_ptr(),
93
gnutls_transport_ptr_t,
94
gnutls_handshake(),
95
gnutls_record_recv()
96
gnutls_perror(), gnutls_bye(),
97
init_gnutls_session(),
98
GNUTLS_E_SUCCESS,
99
GNUTLS_CRD_CERTIFICATE,
100
GNUTLS_CERT_IGNORE,
101
GNUTLS_E_INTERRUPTED,
102
GNUTLS_E_AGAIN,
103
GNUTLS_E_REHANDSHAKE,
104
GNUTLS_SHUT_RDWR, */
105
#include <gnutls/openpgp.h> /* gnutls_certificate_set_openpgp_key_file(),
106
GNUTLS_OPENPGP_FMT_BASE64 */
107
108
/* GPGME */
109
#include <gpgme.h> /* gpgme_data_t, gpgme_ctx_t,
110
gpgme_error_t, gpgme_engine_info_t,
111
gpgme_check_version(),
112
gpgme_engine_check_version(),
113
gpgme_strsource(),
114
gpgme_strerror(),
115
gpgme_get_engine_info(),
116
gpgme_set_engine_info(),
117
gpgme_data_new_from_mem(),
118
gpgme_data_new(), gpgme_new(),
119
gpgme_op_decrypt(),
120
gpgme_decrypt_result_t,
121
gpgme_op_decrypt_result(),
122
gpgme_recipient_t,
123
gpgme_pubkey_algo_name(),
124
gpgme_data_seek(),
125
gpgme_data_read(),
126
gpgme_data_release()
127
GPGME_PROTOCOL_OpenPGP,
128
GPG_ERR_NO_ERROR,
129
GPG_ERR_NO_SECKEY, */
130
76
131
#define BUFFER_SIZE 256
77
#define DH_BITS 1024
78
132
79
133
bool debug = false;
134
static const char *keydir = "/conf/conf.d/mandos";
135
static const char mandos_protocol_version[] = "1";
136
const char *argp_program_version = "mandosclient 0.9";
137
const char *argp_program_bug_address = "<mandos@fukt.bsnet.se>";
80
138
139
/* Used for passing in values through the Avahi callback functions */
81
140
typedef struct {
82
gnutls_session_t session;
141
AvahiSimplePoll *simple_poll;
142
AvahiServer *server;
83
143
gnutls_certificate_credentials_t cred;
144
unsigned int dh_bits;
84
145
gnutls_dh_params_t dh_params;
85
} encrypted_session;
86
87
88
ssize_t pgp_packet_decrypt (char *packet, size_t packet_size,
89
char **new_packet, const char *homedir){
146
const char *priority;
147
} mandos_context;
148
149
/*
150
* Make room in "buffer" for at least BUFFER_SIZE additional bytes.
151
* "buffer_capacity" is how much is currently allocated,
152
* "buffer_length" is how much is already used.
153
*/
154
size_t adjustbuffer(char **buffer, size_t buffer_length,
155
size_t buffer_capacity){
156
if (buffer_length + BUFFER_SIZE > buffer_capacity){
157
*buffer = realloc(*buffer, buffer_capacity + BUFFER_SIZE);
158
if (buffer == NULL){
159
return 0;
160
}
161
buffer_capacity += BUFFER_SIZE;
162
}
163
return buffer_capacity;
164
}
165
166
/*
167
* Decrypt OpenPGP data using keyrings in HOMEDIR.
168
* Returns -1 on error
169
*/
170
static ssize_t pgp_packet_decrypt (const char *cryptotext,
171
size_t crypto_size,
172
char **plaintext,
173
const char *homedir){
90
174
gpgme_data_t dh_crypto, dh_plain;
91
175
gpgme_ctx_t ctx;
92
176
gpgme_error_t rc;
93
177
ssize_t ret;
94
ssize_t new_packet_capacity = 0;
95
ssize_t new_packet_length = 0;
178
size_t plaintext_capacity = 0;
179
ssize_t plaintext_length = 0;
96
180
gpgme_engine_info_t engine_info;
97
181
98
182
if (debug){
99
fprintf(stderr, "Trying to decrypt OpenPGP packet\n");
183
fprintf(stderr, "Trying to decrypt OpenPGP data\n");
100
184
}
101
185
102
186
/* Init GPGME */
103
187
gpgme_check_version(NULL);
104
gpgme_engine_check_version(GPGME_PROTOCOL_OpenPGP);
188
rc = gpgme_engine_check_version(GPGME_PROTOCOL_OpenPGP);
189
if (rc != GPG_ERR_NO_ERROR){
190
fprintf(stderr, "bad gpgme_engine_check_version: %s: %s\n",
191
gpgme_strsource(rc), gpgme_strerror(rc));
192
return -1;
193
}
105
194
106
/* Set GPGME home directory */
195
/* Set GPGME home directory for the OpenPGP engine only */
107
196
rc = gpgme_get_engine_info (&engine_info);
108
197
if (rc != GPG_ERR_NO_ERROR){
109
198
fprintf(stderr, "bad gpgme_get_engine_info: %s: %s\n",
119
208
engine_info = engine_info->next;
120
209
}
121
210
if(engine_info == NULL){
122
fprintf(stderr, "Could not set home dir to %s\n", homedir);
211
fprintf(stderr, "Could not set GPGME home dir to %s\n", homedir);
123
212
return -1;
124
213
}
125
214
126
/* Create new GPGME data buffer from packet buffer */
127
rc = gpgme_data_new_from_mem(&dh_crypto, packet, packet_size, 0);
215
/* Create new GPGME data buffer from memory cryptotext */
216
rc = gpgme_data_new_from_mem(&dh_crypto, cryptotext, crypto_size,
217
0);
128
218
if (rc != GPG_ERR_NO_ERROR){
129
219
fprintf(stderr, "bad gpgme_data_new_from_mem: %s: %s\n",
130
220
gpgme_strsource(rc), gpgme_strerror(rc));
136
226
if (rc != GPG_ERR_NO_ERROR){
137
227
fprintf(stderr, "bad gpgme_data_new: %s: %s\n",
138
228
gpgme_strsource(rc), gpgme_strerror(rc));
229
gpgme_data_release(dh_crypto);
139
230
return -1;
140
231
}
141
232
144
235
if (rc != GPG_ERR_NO_ERROR){
145
236
fprintf(stderr, "bad gpgme_new: %s: %s\n",
146
237
gpgme_strsource(rc), gpgme_strerror(rc));
147
return -1;
238
plaintext_length = -1;
239
goto decrypt_end;
148
240
}
149
241
150
/* Decrypt data from the FILE pointer to the plaintext data
151
buffer */
242
/* Decrypt data from the cryptotext data buffer to the plaintext
243
data buffer */
152
244
rc = gpgme_op_decrypt(ctx, dh_crypto, dh_plain);
153
245
if (rc != GPG_ERR_NO_ERROR){
154
246
fprintf(stderr, "bad gpgme_op_decrypt: %s: %s\n",
155
247
gpgme_strsource(rc), gpgme_strerror(rc));
156
return -1;
248
plaintext_length = -1;
249
goto decrypt_end;
157
250
}
158
251
159
252
if(debug){
160
fprintf(stderr, "Decryption of OpenPGP packet succeeded\n");
253
fprintf(stderr, "Decryption of OpenPGP data succeeded\n");
161
254
}
162
255
163
256
if (debug){
164
257
gpgme_decrypt_result_t result;
165
258
result = gpgme_op_decrypt_result(ctx);
189
282
}
190
283
}
191
284
192
/* Delete the GPGME FILE pointer cryptotext data buffer */
193
gpgme_data_release(dh_crypto);
194
195
285
/* Seek back to the beginning of the GPGME plaintext data buffer */
196
gpgme_data_seek(dh_plain, (off_t) 0, SEEK_SET);
197
198
*new_packet = 0;
286
if (gpgme_data_seek(dh_plain, (off_t) 0, SEEK_SET) == -1){
287
perror("pgpme_data_seek");
288
plaintext_length = -1;
289
goto decrypt_end;
290
}
291
292
*plaintext = NULL;
199
293
while(true){
200
if (new_packet_length + BUFFER_SIZE > new_packet_capacity){
201
*new_packet = realloc(*new_packet,
202
(unsigned int)new_packet_capacity
203
+ BUFFER_SIZE);
204
if (*new_packet == NULL){
205
perror("realloc");
206
return -1;
207
}
208
new_packet_capacity += BUFFER_SIZE;
294
plaintext_capacity = adjustbuffer(plaintext,
295
(size_t)plaintext_length,
296
plaintext_capacity);
297
if (plaintext_capacity == 0){
298
perror("adjustbuffer");
299
plaintext_length = -1;
300
goto decrypt_end;
209
301
}
210
302
211
ret = gpgme_data_read(dh_plain, *new_packet + new_packet_length,
303
ret = gpgme_data_read(dh_plain, *plaintext + plaintext_length,
212
304
BUFFER_SIZE);
213
305
/* Print the data, if any */
214
306
if (ret == 0){
307
/* EOF */
215
308
break;
216
309
}
217
310
if(ret < 0){
218
311
perror("gpgme_data_read");
219
return -1;
312
plaintext_length = -1;
313
goto decrypt_end;
220
314
}
221
new_packet_length += ret;
315
plaintext_length += ret;
222
316
}
223
317
224
/* FIXME: check characters before printing to screen so to not print
225
terminal control characters */
226
/* if(debug){ */
227
/* fprintf(stderr, "decrypted password is: "); */
228
/* fwrite(*new_packet, 1, new_packet_length, stderr); */
229
/* fprintf(stderr, "\n"); */
230
/* } */
318
if(debug){
319
fprintf(stderr, "Decrypted password is: ");
320
for(ssize_t i = 0; i < plaintext_length; i++){
321
fprintf(stderr, "%02hhX ", (*plaintext)[i]);
322
}
323
fprintf(stderr, "\n");
324
}
325
326
decrypt_end:
327
328
/* Delete the GPGME cryptotext data buffer */
329
gpgme_data_release(dh_crypto);
231
330
232
331
/* Delete the GPGME plaintext data buffer */
233
332
gpgme_data_release(dh_plain);
234
return new_packet_length;
333
return plaintext_length;
235
334
}
236
335
237
336
static const char * safer_gnutls_strerror (int value) {
241
340
return ret;
242
341
}
243
342
244
void debuggnutls(__attribute__((unused)) int level,
245
const char* string){
246
fprintf(stderr, "%s", string);
343
/* GnuTLS log function callback */
344
static void debuggnutls(__attribute__((unused)) int level,
345
const char* string){
346
fprintf(stderr, "GnuTLS: %s", string);
247
347
}
248
348
249
int initgnutls(encrypted_session *es){
250
const char *err;
349
static int init_gnutls_global(mandos_context *mc,
350
const char *pubkeyfile,
351
const char *seckeyfile){
251
352
int ret;
252
353
253
354
if(debug){
254
355
fprintf(stderr, "Initializing GnuTLS\n");
255
356
}
256
357
257
358
if ((ret = gnutls_global_init ())
258
359
!= GNUTLS_E_SUCCESS) {
259
fprintf (stderr, "global_init: %s\n", safer_gnutls_strerror(ret));
360
fprintf (stderr, "GnuTLS global_init: %s\n",
361
safer_gnutls_strerror(ret));
260
362
return -1;
261
363
}
262
364
263
365
if (debug){
366
/* "Use a log level over 10 to enable all debugging options."
367
* - GnuTLS manual
368
*/
264
369
gnutls_global_set_log_level(11);
265
370
gnutls_global_set_log_function(debuggnutls);
266
371
}
267
372
268
/* openpgp credentials */
269
if ((ret = gnutls_certificate_allocate_credentials (&es->cred))
373
/* OpenPGP credentials */
374
if ((ret = gnutls_certificate_allocate_credentials (&mc->cred))
270
375
!= GNUTLS_E_SUCCESS) {
271
fprintf (stderr, "memory error: %s\n",
376
fprintf (stderr, "GnuTLS memory error: %s\n",
272
377
safer_gnutls_strerror(ret));
378
gnutls_global_deinit ();
273
379
return -1;
274
380
}
275
381
276
382
if(debug){
277
383
fprintf(stderr, "Attempting to use OpenPGP certificate %s"
278
" and keyfile %s as GnuTLS credentials\n", CERTFILE,
279
KEYFILE);
384
" and keyfile %s as GnuTLS credentials\n", pubkeyfile,
385
seckeyfile);
280
386
}
281
387
282
388
ret = gnutls_certificate_set_openpgp_key_file
283
(es->cred, CERTFILE, KEYFILE, GNUTLS_OPENPGP_FMT_BASE64);
389
(mc->cred, pubkeyfile, seckeyfile, GNUTLS_OPENPGP_FMT_BASE64);
284
390
if (ret != GNUTLS_E_SUCCESS) {
285
fprintf
286
(stderr, "Error[%d] while reading the OpenPGP key pair ('%s',"
287
" '%s')\n",
288
ret, CERTFILE, KEYFILE);
289
fprintf(stdout, "The Error is: %s\n",
391
fprintf(stderr,
392
"Error[%d] while reading the OpenPGP key pair ('%s',"
393
" '%s')\n", ret, pubkeyfile, seckeyfile);
394
fprintf(stdout, "The GnuTLS error is: %s\n",
290
395
safer_gnutls_strerror(ret));
291
return -1;
292
}
293
294
//GnuTLS server initialization
295
if ((ret = gnutls_dh_params_init (&es->dh_params))
296
!= GNUTLS_E_SUCCESS) {
297
fprintf (stderr, "Error in dh parameter initialization: %s\n",
298
safer_gnutls_strerror(ret));
299
return -1;
300
}
301
302
if ((ret = gnutls_dh_params_generate2 (es->dh_params, DH_BITS))
303
!= GNUTLS_E_SUCCESS) {
304
fprintf (stderr, "Error in prime generation: %s\n",
305
safer_gnutls_strerror(ret));
306
return -1;
307
}
308
309
gnutls_certificate_set_dh_params (es->cred, es->dh_params);
310
311
// GnuTLS session creation
312
if ((ret = gnutls_init (&es->session, GNUTLS_SERVER))
313
!= GNUTLS_E_SUCCESS){
396
goto globalfail;
397
}
398
399
/* GnuTLS server initialization */
400
ret = gnutls_dh_params_init(&mc->dh_params);
401
if (ret != GNUTLS_E_SUCCESS) {
402
fprintf (stderr, "Error in GnuTLS DH parameter initialization:"
403
" %s\n", safer_gnutls_strerror(ret));
404
goto globalfail;
405
}
406
ret = gnutls_dh_params_generate2(mc->dh_params, mc->dh_bits);
407
if (ret != GNUTLS_E_SUCCESS) {
408
fprintf (stderr, "Error in GnuTLS prime generation: %s\n",
409
safer_gnutls_strerror(ret));
410
goto globalfail;
411
}
412
413
gnutls_certificate_set_dh_params(mc->cred, mc->dh_params);
414
415
return 0;
416
417
globalfail:
418
419
gnutls_certificate_free_credentials(mc->cred);
420
gnutls_global_deinit();
421
return -1;
422
423
}
424
425
static int init_gnutls_session(mandos_context *mc,
426
gnutls_session_t *session){
427
int ret;
428
/* GnuTLS session creation */
429
ret = gnutls_init(session, GNUTLS_SERVER);
430
if (ret != GNUTLS_E_SUCCESS){
314
431
fprintf(stderr, "Error in GnuTLS session initialization: %s\n",
315
432
safer_gnutls_strerror(ret));
316
433
}
317
434
318
if ((ret = gnutls_priority_set_direct (es->session, "NORMAL", &err))
319
!= GNUTLS_E_SUCCESS) {
320
fprintf(stderr, "Syntax error at: %s\n", err);
321
fprintf(stderr, "GnuTLS error: %s\n",
322
safer_gnutls_strerror(ret));
323
return -1;
435
{
436
const char *err;
437
ret = gnutls_priority_set_direct(*session, mc->priority, &err);
438
if (ret != GNUTLS_E_SUCCESS) {
439
fprintf(stderr, "Syntax error at: %s\n", err);
440
fprintf(stderr, "GnuTLS error: %s\n",
441
safer_gnutls_strerror(ret));
442
gnutls_deinit (*session);
443
return -1;
444
}
324
445
}
325
446
326
if ((ret = gnutls_credentials_set
327
(es->session, GNUTLS_CRD_CERTIFICATE, es->cred))
328
!= GNUTLS_E_SUCCESS) {
329
fprintf(stderr, "Error setting a credentials set: %s\n",
447
ret = gnutls_credentials_set(*session, GNUTLS_CRD_CERTIFICATE,
448
mc->cred);
449
if (ret != GNUTLS_E_SUCCESS) {
450
fprintf(stderr, "Error setting GnuTLS credentials: %s\n",
330
451
safer_gnutls_strerror(ret));
452
gnutls_deinit (*session);
331
453
return -1;
332
454
}
333
455
334
456
/* ignore client certificate if any. */
335
gnutls_certificate_server_set_request (es->session,
457
gnutls_certificate_server_set_request (*session,
336
458
GNUTLS_CERT_IGNORE);
337
459
338
gnutls_dh_set_prime_bits (es->session, DH_BITS);
460
gnutls_dh_set_prime_bits (*session, mc->dh_bits);
339
461
340
462
return 0;
341
463
}
342
464
343
void empty_log(__attribute__((unused)) AvahiLogLevel level,
344
__attribute__((unused)) const char *txt){}
465
/* Avahi log function callback */
466
static void empty_log(__attribute__((unused)) AvahiLogLevel level,
467
__attribute__((unused)) const char *txt){}
345
468
346
int start_mandos_communication(const char *ip, uint16_t port,
347
unsigned int if_index){
469
/* Called when a Mandos server is found */
470
static int start_mandos_communication(const char *ip, uint16_t port,
471
AvahiIfIndex if_index,
472
mandos_context *mc){
348
473
int ret, tcp_sd;
349
struct sockaddr_in6 to;
350
encrypted_session es;
474
union { struct sockaddr in; struct sockaddr_in6 in6; } to;
351
475
char *buffer = NULL;
352
476
char *decrypted_buffer;
353
477
size_t buffer_length = 0;
354
478
size_t buffer_capacity = 0;
355
479
ssize_t decrypted_buffer_size;
356
size_t written = 0;
480
size_t written;
357
481
int retval = 0;
358
482
char interface[IF_NAMESIZE];
483
gnutls_session_t session;
484
485
ret = init_gnutls_session (mc, &session);
486
if (ret != 0){
487
return -1;
488
}
359
489
360
490
if(debug){
361
fprintf(stderr, "Setting up a tcp connection to %s\n", ip);
491
fprintf(stderr, "Setting up a tcp connection to %s, port %d\n",
492
ip, port);
362
493
}
363
494
364
495
tcp_sd = socket(PF_INET6, SOCK_STREAM, 0);
366
497
perror("socket");
367
498
return -1;
368
499
}
369
370
if(if_indextoname(if_index, interface) == NULL){
371
if(debug){
500
501
if(debug){
502
if(if_indextoname((unsigned int)if_index, interface) == NULL){
372
503
perror("if_indextoname");
504
return -1;
373
505
}
374
return -1;
375
}
376
377
if(debug){
378
506
fprintf(stderr, "Binding to interface %s\n", interface);
379
507
}
380
508
381
509
memset(&to,0,sizeof(to)); /* Spurious warning */
382
to.sin6_family = AF_INET6;
383
ret = inet_pton(AF_INET6, ip, &to.sin6_addr);
510
to.in6.sin6_family = AF_INET6;
511
/* It would be nice to have a way to detect if we were passed an
512
IPv4 address here. Now we assume an IPv6 address. */
513
ret = inet_pton(AF_INET6, ip, &to.in6.sin6_addr);
384
514
if (ret < 0 ){
385
515
perror("inet_pton");
386
516
return -1;
387
}
517
}
388
518
if(ret == 0){
389
519
fprintf(stderr, "Bad address: %s\n", ip);
390
520
return -1;
391
521
}
392
to.sin6_port = htons(port); /* Spurious warning */
522
to.in6.sin6_port = htons(port); /* Spurious warning */
393
523
394
to.sin6_scope_id = (uint32_t)if_index;
524
to.in6.sin6_scope_id = (uint32_t)if_index;
395
525
396
526
if(debug){
397
fprintf(stderr, "Connection to: %s\n", ip);
527
fprintf(stderr, "Connection to: %s, port %d\n", ip, port);
528
char addrstr[INET6_ADDRSTRLEN] = "";
529
if(inet_ntop(to.in6.sin6_family, &(to.in6.sin6_addr), addrstr,
530
sizeof(addrstr)) == NULL){
531
perror("inet_ntop");
532
} else {
533
if(strcmp(addrstr, ip) != 0){
534
fprintf(stderr, "Canonical address form: %s\n", addrstr);
535
}
536
}
398
537
}
399
538
400
ret = connect(tcp_sd, (struct sockaddr *) &to, sizeof(to));
539
ret = connect(tcp_sd, &to.in, sizeof(to));
401
540
if (ret < 0){
402
541
perror("connect");
403
542
return -1;
404
543
}
405
406
ret = initgnutls (&es);
407
if (ret != 0){
408
retval = -1;
409
return -1;
544
545
const char *out = mandos_protocol_version;
546
written = 0;
547
while (true){
548
size_t out_size = strlen(out);
549
ret = TEMP_FAILURE_RETRY(write(tcp_sd, out + written,
550
out_size - written));
551
if (ret == -1){
552
perror("write");
553
retval = -1;
554
goto mandos_end;
555
}
556
written += (size_t)ret;
557
if(written < out_size){
558
continue;
559
} else {
560
if (out == mandos_protocol_version){
561
written = 0;
562
out = "\r\n";
563
} else {
564
break;
565
}
566
}
410
567
}
411
412
gnutls_transport_set_ptr (es.session,
413
(gnutls_transport_ptr_t) tcp_sd);
414
568
415
569
if(debug){
416
570
fprintf(stderr, "Establishing TLS session with %s\n", ip);
417
571
}
418
572
419
ret = gnutls_handshake (es.session);
573
gnutls_transport_set_ptr (session, (gnutls_transport_ptr_t) tcp_sd);
574
575
ret = gnutls_handshake (session);
420
576
421
577
if (ret != GNUTLS_E_SUCCESS){
422
fprintf(stderr, "\n*** Handshake failed ***\n");
423
gnutls_perror (ret);
578
if(debug){
579
fprintf(stderr, "*** GnuTLS Handshake failed ***\n");
580
gnutls_perror (ret);
581
}
424
582
retval = -1;
425
goto exit;
583
goto mandos_end;
426
584
}
427
585
428
//Retrieve OpenPGP packet that contains the wanted password
586
/* Read OpenPGP packet that contains the wanted password */
429
587
430
588
if(debug){
431
589
fprintf(stderr, "Retrieving pgp encrypted password from %s\n",
433
591
}
434
592
435
593
while(true){
436
if (buffer_length + BUFFER_SIZE > buffer_capacity){
437
buffer = realloc(buffer, buffer_capacity + BUFFER_SIZE);
438
if (buffer == NULL){
439
perror("realloc");
440
goto exit;
441
}
442
buffer_capacity += BUFFER_SIZE;
594
buffer_capacity = adjustbuffer(&buffer, buffer_length,
595
buffer_capacity);
596
if (buffer_capacity == 0){
597
perror("adjustbuffer");
598
retval = -1;
599
goto mandos_end;
443
600
}
444
601
445
ret = gnutls_record_recv
446
(es.session, buffer+buffer_length, BUFFER_SIZE);
602
ret = gnutls_record_recv(session, buffer+buffer_length,
603
BUFFER_SIZE);
447
604
if (ret == 0){
448
605
break;
449
606
}
453
610
case GNUTLS_E_AGAIN:
454
611
break;
455
612
case GNUTLS_E_REHANDSHAKE:
456
ret = gnutls_handshake (es.session);
613
ret = gnutls_handshake (session);
457
614
if (ret < 0){
458
fprintf(stderr, "\n*** Handshake failed ***\n");
615
fprintf(stderr, "*** GnuTLS Re-handshake failed ***\n");
459
616
gnutls_perror (ret);
460
617
retval = -1;
461
goto exit;
618
goto mandos_end;
462
619
}
463
620
break;
464
621
default:
465
622
fprintf(stderr, "Unknown error while reading data from"
466
" encrypted session with mandos server\n");
623
" encrypted session with Mandos server\n");
467
624
retval = -1;
468
gnutls_bye (es.session, GNUTLS_SHUT_RDWR);
469
goto exit;
625
gnutls_bye (session, GNUTLS_SHUT_RDWR);
626
goto mandos_end;
470
627
}
471
628
} else {
472
629
buffer_length += (size_t) ret;
473
630
}
474
631
}
475
632
633
if(debug){
634
fprintf(stderr, "Closing TLS session\n");
635
}
636
637
gnutls_bye (session, GNUTLS_SHUT_RDWR);
638
476
639
if (buffer_length > 0){
477
640
decrypted_buffer_size = pgp_packet_decrypt(buffer,
478
641
buffer_length,
479
642
&decrypted_buffer,
480
CERT_ROOT);
643
keydir);
481
644
if (decrypted_buffer_size >= 0){
482
while(written < decrypted_buffer_size){
645
written = 0;
646
while(written < (size_t) decrypted_buffer_size){
483
647
ret = (int)fwrite (decrypted_buffer + written, 1,
484
648
(size_t)decrypted_buffer_size - written,
485
649
stdout);
498
662
retval = -1;
499
663
}
500
664
}
501
502
//shutdown procedure
503
504
if(debug){
505
fprintf(stderr, "Closing TLS session\n");
506
}
507
665
666
/* Shutdown procedure */
667
668
mandos_end:
508
669
free(buffer);
509
gnutls_bye (es.session, GNUTLS_SHUT_RDWR);
510
exit:
511
670
close(tcp_sd);
512
gnutls_deinit (es.session);
513
gnutls_certificate_free_credentials (es.cred);
514
gnutls_global_deinit ();
671
gnutls_deinit (session);
515
672
return retval;
516
673
}
517
674
518
static AvahiSimplePoll *simple_poll = NULL;
519
static AvahiServer *server = NULL;
520
521
static void resolve_callback(
522
AvahiSServiceResolver *r,
523
AvahiIfIndex interface,
524
AVAHI_GCC_UNUSED AvahiProtocol protocol,
525
AvahiResolverEvent event,
526
const char *name,
527
const char *type,
528
const char *domain,
529
const char *host_name,
530
const AvahiAddress *address,
531
uint16_t port,
532
AVAHI_GCC_UNUSED AvahiStringList *txt,
533
AVAHI_GCC_UNUSED AvahiLookupResultFlags flags,
534
AVAHI_GCC_UNUSED void* userdata) {
535
675
static void resolve_callback(AvahiSServiceResolver *r,
676
AvahiIfIndex interface,
677
AVAHI_GCC_UNUSED AvahiProtocol protocol,
678
AvahiResolverEvent event,
679
const char *name,
680
const char *type,
681
const char *domain,
682
const char *host_name,
683
const AvahiAddress *address,
684
uint16_t port,
685
AVAHI_GCC_UNUSED AvahiStringList *txt,
686
AVAHI_GCC_UNUSED AvahiLookupResultFlags
687
flags,
688
void* userdata) {
689
mandos_context *mc = userdata;
536
690
assert(r); /* Spurious warning */
537
691
538
692
/* Called whenever a service has been resolved successfully or
541
695
switch (event) {
542
696
default:
543
697
case AVAHI_RESOLVER_FAILURE:
544
fprintf(stderr, "(Resolver) Failed to resolve service '%s' of"
545
" type '%s' in domain '%s': %s\n", name, type, domain,
546
avahi_strerror(avahi_server_errno(server)));
698
fprintf(stderr, "(Avahi Resolver) Failed to resolve service '%s'"
699
" of type '%s' in domain '%s': %s\n", name, type, domain,
700
avahi_strerror(avahi_server_errno(mc->server)));
547
701
break;
548
702
549
703
case AVAHI_RESOLVER_FOUND:
551
705
char ip[AVAHI_ADDRESS_STR_MAX];
552
706
avahi_address_snprint(ip, sizeof(ip), address);
553
707
if(debug){
554
fprintf(stderr, "Mandos server found on %s (%s) on port %d\n",
555
host_name, ip, port);
708
fprintf(stderr, "Mandos server \"%s\" found on %s (%s, %d) on"
709
" port %d\n", name, host_name, ip, interface, port);
556
710
}
557
int ret = start_mandos_communication(ip, port,
558
(unsigned int) interface);
711
int ret = start_mandos_communication(ip, port, interface, mc);
559
712
if (ret == 0){
560
713
exit(EXIT_SUCCESS);
561
} else {
562
exit(EXIT_FAILURE);
563
714
}
564
715
}
565
716
}
566
717
avahi_s_service_resolver_free(r);
567
718
}
568
719
569
static void browse_callback(
570
AvahiSServiceBrowser *b,
571
AvahiIfIndex interface,
572
AvahiProtocol protocol,
573
AvahiBrowserEvent event,
574
const char *name,
575
const char *type,
576
const char *domain,
577
AVAHI_GCC_UNUSED AvahiLookupResultFlags flags,
578
void* userdata) {
579
580
AvahiServer *s = userdata;
581
assert(b); /* Spurious warning */
582
583
/* Called whenever a new services becomes available on the LAN or
584
is removed from the LAN */
585
586
switch (event) {
587
default:
588
case AVAHI_BROWSER_FAILURE:
589
590
fprintf(stderr, "(Browser) %s\n",
591
avahi_strerror(avahi_server_errno(server)));
592
avahi_simple_poll_quit(simple_poll);
593
return;
594
595
case AVAHI_BROWSER_NEW:
596
/* We ignore the returned resolver object. In the callback
597
function we free it. If the server is terminated before
598
the callback function is called the server will free
599
the resolver for us. */
600
601
if (!(avahi_s_service_resolver_new(s, interface, protocol, name,
602
type, domain,
603
AVAHI_PROTO_INET6, 0,
604
resolve_callback, s)))
605
fprintf(stderr, "Failed to resolve service '%s': %s\n", name,
606
avahi_strerror(avahi_server_errno(s)));
607
break;
608
609
case AVAHI_BROWSER_REMOVE:
610
break;
611
612
case AVAHI_BROWSER_ALL_FOR_NOW:
613
case AVAHI_BROWSER_CACHE_EXHAUSTED:
614
break;
720
static void browse_callback( AvahiSServiceBrowser *b,
721
AvahiIfIndex interface,
722
AvahiProtocol protocol,
723
AvahiBrowserEvent event,
724
const char *name,
725
const char *type,
726
const char *domain,
727
AVAHI_GCC_UNUSED AvahiLookupResultFlags
728
flags,
729
void* userdata) {
730
mandos_context *mc = userdata;
731
assert(b); /* Spurious warning */
732
733
/* Called whenever a new services becomes available on the LAN or
734
is removed from the LAN */
735
736
switch (event) {
737
default:
738
case AVAHI_BROWSER_FAILURE:
739
740
fprintf(stderr, "(Avahi browser) %s\n",
741
avahi_strerror(avahi_server_errno(mc->server)));
742
avahi_simple_poll_quit(mc->simple_poll);
743
return;
744
745
case AVAHI_BROWSER_NEW:
746
/* We ignore the returned Avahi resolver object. In the callback
747
function we free it. If the Avahi server is terminated before
748
the callback function is called the Avahi server will free the
749
resolver for us. */
750
751
if (!(avahi_s_service_resolver_new(mc->server, interface,
752
protocol, name, type, domain,
753
AVAHI_PROTO_INET6, 0,
754
resolve_callback, mc)))
755
fprintf(stderr, "Avahi: Failed to resolve service '%s': %s\n",
756
name, avahi_strerror(avahi_server_errno(mc->server)));
757
break;
758
759
case AVAHI_BROWSER_REMOVE:
760
break;
761
762
case AVAHI_BROWSER_ALL_FOR_NOW:
763
case AVAHI_BROWSER_CACHE_EXHAUSTED:
764
if(debug){
765
fprintf(stderr, "No Mandos server found, still searching...\n");
615
766
}
616
}
617
618
int main(AVAHI_GCC_UNUSED int argc, AVAHI_GCC_UNUSED char*argv[]) {
619
AvahiServerConfig config;
767
break;
768
}
769
}
770
771
/* Combines file name and path and returns the malloced new
772
string. some sane checks could/should be added */
773
static const char *combinepath(const char *first, const char *second){
774
size_t f_len = strlen(first);
775
size_t s_len = strlen(second);
776
char *tmp = malloc(f_len + s_len + 2);
777
if (tmp == NULL){
778
return NULL;
779
}
780
if(f_len > 0){
781
memcpy(tmp, first, f_len); /* Spurious warning */
782
}
783
tmp[f_len] = '/';
784
if(s_len > 0){
785
memcpy(tmp + f_len + 1, second, s_len); /* Spurious warning */
786
}
787
tmp[f_len + 1 + s_len] = '\0';
788
return tmp;
789
}
790
791
792
int main(int argc, char *argv[]){
620
793
AvahiSServiceBrowser *sb = NULL;
621
794
int error;
622
795
int ret;
623
int returncode = EXIT_SUCCESS;
796
int exitcode = EXIT_SUCCESS;
624
797
const char *interface = "eth0";
625
626
while (true){
627
static struct option long_options[] = {
628
{"debug", no_argument, (int *)&debug, 1},
629
{"interface", required_argument, 0, 'i'},
630
{0, 0, 0, 0} };
631
632
int option_index = 0;
633
ret = getopt_long (argc, argv, "i:", long_options,
634
&option_index);
635
636
if (ret == -1){
637
break;
638
}
639
640
switch(ret){
641
case 0:
642
break;
643
case 'i':
644
interface = optarg;
645
break;
646
default:
647
exit(EXIT_FAILURE);
648
}
798
struct ifreq network;
799
int sd;
800
uid_t uid;
801
gid_t gid;
802
char *connect_to = NULL;
803
AvahiIfIndex if_index = AVAHI_IF_UNSPEC;
804
const char *pubkeyfile = "pubkey.txt";
805
const char *seckeyfile = "seckey.txt";
806
mandos_context mc = { .simple_poll = NULL, .server = NULL,
807
.dh_bits = 1024, .priority = "SECURE256"};
808
bool gnutls_initalized = false;
809
810
{
811
struct argp_option options[] = {
812
{ .name = "debug", .key = 128,
813
.doc = "Debug mode", .group = 3 },
814
{ .name = "connect", .key = 'c',
815
.arg = "IP",
816
.doc = "Connect directly to a sepcified mandos server",
817
.group = 1 },
818
{ .name = "interface", .key = 'i',
819
.arg = "INTERFACE",
820
.doc = "Interface that Avahi will conntect through",
821
.group = 1 },
822
{ .name = "keydir", .key = 'd',
823
.arg = "KEYDIR",
824
.doc = "Directory where the openpgp keyring is",
825
.group = 1 },
826
{ .name = "seckey", .key = 's',
827
.arg = "SECKEY",
828
.doc = "Secret openpgp key for gnutls authentication",
829
.group = 1 },
830
{ .name = "pubkey", .key = 'p',
831
.arg = "PUBKEY",
832
.doc = "Public openpgp key for gnutls authentication",
833
.group = 2 },
834
{ .name = "dh-bits", .key = 129,
835
.arg = "BITS",
836
.doc = "dh-bits to use in gnutls communication",
837
.group = 2 },
838
{ .name = "priority", .key = 130,
839
.arg = "PRIORITY",
840
.doc = "GNUTLS priority", .group = 1 },
841
{ .name = NULL }
842
};
843
844
845
error_t parse_opt (int key, char *arg,
846
struct argp_state *state) {
847
/* Get the INPUT argument from `argp_parse', which we know is
848
a pointer to our plugin list pointer. */
849
switch (key) {
850
case 128:
851
debug = true;
852
break;
853
case 'c':
854
connect_to = arg;
855
break;
856
case 'i':
857
interface = arg;
858
break;
859
case 'd':
860
keydir = arg;
861
break;
862
case 's':
863
seckeyfile = arg;
864
break;
865
case 'p':
866
pubkeyfile = arg;
867
break;
868
case 129:
869
errno = 0;
870
mc.dh_bits = (unsigned int) strtol(arg, NULL, 10);
871
if (errno){
872
perror("strtol");
873
exit(EXIT_FAILURE);
874
}
875
break;
876
case 130:
877
mc.priority = arg;
878
break;
879
case ARGP_KEY_ARG:
880
argp_usage (state);
881
break;
882
case ARGP_KEY_END:
883
break;
884
default:
885
return ARGP_ERR_UNKNOWN;
886
}
887
return 0;
888
}
889
890
struct argp argp = { .options = options, .parser = parse_opt,
891
.args_doc = "",
892
.doc = "Mandos client -- Get and decrypt"
893
" passwords from mandos server" };
894
argp_parse (&argp, argc, argv, 0, 0, NULL);
895
}
896
897
pubkeyfile = combinepath(keydir, pubkeyfile);
898
if (pubkeyfile == NULL){
899
perror("combinepath");
900
exitcode = EXIT_FAILURE;
901
goto end;
902
}
903
904
seckeyfile = combinepath(keydir, seckeyfile);
905
if (seckeyfile == NULL){
906
perror("combinepath");
907
goto end;
908
}
909
910
ret = init_gnutls_global(&mc, pubkeyfile, seckeyfile);
911
if (ret == -1){
912
fprintf(stderr, "init_gnutls_global\n");
913
goto end;
914
} else {
915
gnutls_initalized = true;
916
}
917
918
uid = getuid();
919
gid = getgid();
920
921
ret = setuid(uid);
922
if (ret == -1){
923
perror("setuid");
924
}
925
926
setgid(gid);
927
if (ret == -1){
928
perror("setgid");
929
}
930
931
if_index = (AvahiIfIndex) if_nametoindex(interface);
932
if(if_index == 0){
933
fprintf(stderr, "No such interface: \"%s\"\n", interface);
934
exit(EXIT_FAILURE);
935
}
936
937
if(connect_to != NULL){
938
/* Connect directly, do not use Zeroconf */
939
/* (Mainly meant for debugging) */
940
char *address = strrchr(connect_to, ':');
941
if(address == NULL){
942
fprintf(stderr, "No colon in address\n");
943
exitcode = EXIT_FAILURE;
944
goto end;
945
}
946
errno = 0;
947
uint16_t port = (uint16_t) strtol(address+1, NULL, 10);
948
if(errno){
949
perror("Bad port number");
950
exitcode = EXIT_FAILURE;
951
goto end;
952
}
953
*address = '\0';
954
address = connect_to;
955
ret = start_mandos_communication(address, port, if_index, &mc);
956
if(ret < 0){
957
exitcode = EXIT_FAILURE;
958
} else {
959
exitcode = EXIT_SUCCESS;
960
}
961
goto end;
962
}
963
964
/* If the interface is down, bring it up */
965
{
966
sd = socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP);
967
if(sd < 0) {
968
perror("socket");
969
exitcode = EXIT_FAILURE;
970
goto end;
971
}
972
strcpy(network.ifr_name, interface); /* Spurious warning */
973
ret = ioctl(sd, SIOCGIFFLAGS, &network);
974
if(ret == -1){
975
perror("ioctl SIOCGIFFLAGS");
976
exitcode = EXIT_FAILURE;
977
goto end;
978
}
979
if((network.ifr_flags & IFF_UP) == 0){
980
network.ifr_flags |= IFF_UP;
981
ret = ioctl(sd, SIOCSIFFLAGS, &network);
982
if(ret == -1){
983
perror("ioctl SIOCSIFFLAGS");
984
exitcode = EXIT_FAILURE;
985
goto end;
986
}
987
}
988
close(sd);
649
989
}
650
990
651
991
if (not debug){
652
992
avahi_set_log_function(empty_log);
653
993
}
654
994
655
/* Initialize the psuedo-RNG */
995
/* Initialize the pseudo-RNG for Avahi */
656
996
srand((unsigned int) time(NULL));
657
658
/* Allocate main loop object */
659
if (!(simple_poll = avahi_simple_poll_new())) {
660
fprintf(stderr, "Failed to create simple poll object.\n");
661
662
goto exit;
663
}
664
665
/* Do not publish any local records */
666
avahi_server_config_init(&config);
667
config.publish_hinfo = 0;
668
config.publish_addresses = 0;
669
config.publish_workstation = 0;
670
config.publish_domain = 0;
671
672
/* Allocate a new server */
673
server = avahi_server_new(avahi_simple_poll_get(simple_poll),
674
&config, NULL, NULL, &error);
675
676
/* Free the configuration data */
677
avahi_server_config_free(&config);
678
679
/* Check if creating the server object succeeded */
680
if (!server) {
681
fprintf(stderr, "Failed to create server: %s\n",
997
998
/* Allocate main Avahi loop object */
999
mc.simple_poll = avahi_simple_poll_new();
1000
if (mc.simple_poll == NULL) {
1001
fprintf(stderr, "Avahi: Failed to create simple poll"
1002
" object.\n");
1003
exitcode = EXIT_FAILURE;
1004
goto end;
1005
}
1006
1007
{
1008
AvahiServerConfig config;
1009
/* Do not publish any local Zeroconf records */
1010
avahi_server_config_init(&config);
1011
config.publish_hinfo = 0;
1012
config.publish_addresses = 0;
1013
config.publish_workstation = 0;
1014
config.publish_domain = 0;
1015
1016
/* Allocate a new server */
1017
mc.server = avahi_server_new(avahi_simple_poll_get
1018
(mc.simple_poll), &config, NULL,
1019
NULL, &error);
1020
1021
/* Free the Avahi configuration data */
1022
avahi_server_config_free(&config);
1023
}
1024
1025
/* Check if creating the Avahi server object succeeded */
1026
if (mc.server == NULL) {
1027
fprintf(stderr, "Failed to create Avahi server: %s\n",
682
1028
avahi_strerror(error));
683
returncode = EXIT_FAILURE;
684
goto exit;
1029
exitcode = EXIT_FAILURE;
1030
goto end;
685
1031
}
686
1032
687
/* Create the service browser */
688
sb = avahi_s_service_browser_new(server,
689
(AvahiIfIndex)
690
if_nametoindex(interface),
1033
/* Create the Avahi service browser */
1034
sb = avahi_s_service_browser_new(mc.server, if_index,
691
1035
AVAHI_PROTO_INET6,
692
1036
"_mandos._tcp", NULL, 0,
693
browse_callback, server);
694
if (!sb) {
1037
browse_callback, &mc);
1038
if (sb == NULL) {
695
1039
fprintf(stderr, "Failed to create service browser: %s\n",
696
avahi_strerror(avahi_server_errno(server)));
697
returncode = EXIT_FAILURE;
698
goto exit;
1040
avahi_strerror(avahi_server_errno(mc.server)));
1041
exitcode = EXIT_FAILURE;
1042
goto end;
699
1043
}
700
1044
701
1045
/* Run the main loop */
702
1046
703
1047
if (debug){
704
fprintf(stderr, "Starting avahi loop search\n");
1048
fprintf(stderr, "Starting Avahi loop search\n");
705
1049
}
706
1050
707
avahi_simple_poll_loop(simple_poll);
1051
avahi_simple_poll_loop(mc.simple_poll);
708
1052
709
exit:
1053
end:
710
1054
711
1055
if (debug){
712
1056
fprintf(stderr, "%s exiting\n", argv[0]);
713
1057
}
714
1058
715
1059
/* Cleanup things */
716
if (sb)
1060
if (sb != NULL)
717
1061
avahi_s_service_browser_free(sb);
718
1062
719
if (server)
720
avahi_server_free(server);
721
722
if (simple_poll)
723
avahi_simple_poll_free(simple_poll);
724
725
return returncode;
1063
if (mc.server != NULL)
1064
avahi_server_free(mc.server);
1065
1066
if (mc.simple_poll != NULL)
1067
avahi_simple_poll_free(mc.simple_poll);
1068
free(pubkeyfile);
1069
free(seckeyfile);
1070
1071
if (gnutls_initalized){
1072
gnutls_certificate_free_credentials (mc.cred);
1073
gnutls_global_deinit ();
1074
}
1075
1076
return exitcode;
726
1077
}
Loggerhead is a web-based interface for Breezy
Version: 2.0.2.dev0