/mandos/release

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/release
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
1
/*  -*- coding: utf-8 -*- */
2
/*
237.2.24 by Teddy Hogeborn
* plugins.d/askpass-fifo.c: Fix name in header.
3
 * Mandos-client - get and decrypt data from a Mandos server
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
4
 *
5
 * This program is partly derived from an example program for an Avahi
6
 * service browser, downloaded from
7
 * <http://avahi.org/browser/examples/core-browse-services.c>.  This
8
 * includes the following functions: "resolve_callback",
9
 * "browse_callback", and parts of "main".
10
 * 
28 by Teddy Hogeborn
* server.conf: New file.
11
 * Everything else is
237.7.92 by Teddy Hogeborn
Updated year in copyright notices.
12
 * Copyright © 2008-2012 Teddy Hogeborn
13
 * Copyright © 2008-2012 Björn Påhlsson
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
14
 * 
15
 * This program is free software: you can redistribute it and/or
16
 * modify it under the terms of the GNU General Public License as
17
 * published by the Free Software Foundation, either version 3 of the
18
 * License, or (at your option) any later version.
19
 * 
20
 * This program is distributed in the hope that it will be useful, but
21
 * WITHOUT ANY WARRANTY; without even the implied warranty of
22
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
23
 * General Public License for more details.
24
 * 
25
 * You should have received a copy of the GNU General Public License
26
 * along with this program.  If not, see
27
 * <http://www.gnu.org/licenses/>.
28
 * 
237.11.2 by Teddy Hogeborn
Change "fukt.bsnet.se" to "recompile.se" throughout.
29
 * Contact the authors at <mandos@recompile.se>.
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
30
 */
31
28 by Teddy Hogeborn
* server.conf: New file.
32
/* Needed by GPGME, specifically gpgme_data_seek() */
237.2.80 by Teddy Hogeborn
Use "getconf" to get correct LFS compile and link flags.
33
#ifndef _LARGEFILE_SOURCE
13 by Björn Påhlsson
Added following support:
34
#define _LARGEFILE_SOURCE
237.2.80 by Teddy Hogeborn
Use "getconf" to get correct LFS compile and link flags.
35
#endif
36
#ifndef _FILE_OFFSET_BITS
13 by Björn Påhlsson
Added following support:
37
#define _FILE_OFFSET_BITS 64
237.2.80 by Teddy Hogeborn
Use "getconf" to get correct LFS compile and link flags.
38
#endif
13 by Björn Påhlsson
Added following support:
39
76 by Teddy Hogeborn
* plugins.d/password-request.c (init_gnutls_global): Renamed
40
#define _GNU_SOURCE		/* TEMP_FAILURE_RETRY(), asprintf() */
24.1.10 by Björn Påhlsson
merge commit
41
76 by Teddy Hogeborn
* plugins.d/password-request.c (init_gnutls_global): Renamed
42
#include <stdio.h>		/* fprintf(), stderr, fwrite(),
237.2.74 by Teddy Hogeborn
Overflows are not detected by sscanf(), so stop using it:
43
				   stdout, ferror(), remove() */
237.7.136 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Eliminate
44
#include <stdint.h> 		/* uint16_t, uint32_t, intptr_t */
24.1.26 by Björn Påhlsson
tally count of used symbols
45
#include <stddef.h>		/* NULL, size_t, ssize_t */
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
46
#include <stdlib.h> 		/* free(), EXIT_SUCCESS, srand(),
47
				   strtof(), abort() */
237.2.67 by Teddy Hogeborn
Four new interrelated features:
48
#include <stdbool.h>		/* bool, false, true */
24.1.29 by Björn Påhlsson
Added more header file comments
49
#include <string.h>		/* memset(), strcmp(), strlen(),
76 by Teddy Hogeborn
* plugins.d/password-request.c (init_gnutls_global): Renamed
50
				   strerror(), asprintf(), strcpy() */
237.2.67 by Teddy Hogeborn
Four new interrelated features:
51
#include <sys/ioctl.h>		/* ioctl */
24.1.26 by Björn Påhlsson
tally count of used symbols
52
#include <sys/types.h>		/* socket(), inet_pton(), sockaddr,
24.1.29 by Björn Påhlsson
Added more header file comments
53
				   sockaddr_in6, PF_INET6,
237.2.67 by Teddy Hogeborn
Four new interrelated features:
54
				   SOCK_STREAM, uid_t, gid_t, open(),
55
				   opendir(), DIR */
237.16.1 by teddy at bsnet
* plugins.d/mandos-client.c (good_interface): Add error message.
56
#include <sys/stat.h>		/* open(), S_ISREG */
24.1.26 by Björn Påhlsson
tally count of used symbols
57
#include <sys/socket.h>		/* socket(), struct sockaddr_in6,
237.2.67 by Teddy Hogeborn
Four new interrelated features:
58
				   inet_pton(), connect() */
24.1.81 by Björn Påhlsson
removed keyring pre-requirement for starting password-request.
59
#include <fcntl.h>		/* open() */
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
60
#include <dirent.h>		/* opendir(), struct dirent, readdir()
61
				 */
237.2.74 by Teddy Hogeborn
Overflows are not detected by sscanf(), so stop using it:
62
#include <inttypes.h>		/* PRIu16, PRIdMAX, intmax_t,
63
				   strtoimax() */
237.7.33 by Teddy Hogeborn
Merge from Björn.
64
#include <errno.h>		/* perror(), errno,
65
				   program_invocation_short_name */
24.1.163 by Björn Påhlsson
mandos-client: Added never ending loop for --connect
66
#include <time.h>		/* nanosleep(), time(), sleep() */
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
67
#include <net/if.h>		/* ioctl, ifreq, SIOCGIFFLAGS, IFF_UP,
24.1.26 by Björn Påhlsson
tally count of used symbols
68
				   SIOCSIFFLAGS, if_indextoname(),
69
				   if_nametoindex(), IF_NAMESIZE */
237.2.67 by Teddy Hogeborn
Four new interrelated features:
70
#include <netinet/in.h>		/* IN6_IS_ADDR_LINKLOCAL,
71
				   INET_ADDRSTRLEN, INET6_ADDRSTRLEN
72
				*/
24.1.29 by Björn Påhlsson
Added more header file comments
73
#include <unistd.h>		/* close(), SEEK_SET, off_t, write(),
237.2.128 by Teddy Hogeborn
* plugins.d/mandos-client.c (main): Bug fix: Check result of setgid().
74
				   getuid(), getgid(), seteuid(),
237.16.15 by teddy at bsnet
* plugins.d/mandos-client.c (run_network_hooks): Do _exit() on failure
75
				   setgid(), pause(), _exit() */
237.7.32 by Teddy Hogeborn
* Makefile (plugins.d/mandos-client): Bug fix: Put $^ before all
76
#include <arpa/inet.h>		/* inet_pton(), htons, inet_ntop() */
237.2.67 by Teddy Hogeborn
Four new interrelated features:
77
#include <iso646.h>		/* not, or, and */
24.1.29 by Björn Påhlsson
Added more header file comments
78
#include <argp.h>		/* struct argp_option, error_t, struct
79
				   argp_state, struct argp,
80
				   argp_parse(), ARGP_KEY_ARG,
81
				   ARGP_KEY_END, ARGP_ERR_UNKNOWN */
237.2.70 by Teddy Hogeborn
Merge from Björn:
82
#include <signal.h>		/* sigemptyset(), sigaddset(),
237.2.117 by Teddy Hogeborn
* plugins.d/mandos-client.c (signal_received): New.
83
				   sigaction(), SIGTERM, sig_atomic_t,
84
				   raise() */
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
85
#include <sysexits.h>		/* EX_OSERR, EX_USAGE, EX_UNAVAILABLE,
86
				   EX_NOHOST, EX_IOERR, EX_PROTOCOL */
237.16.3 by teddy at bsnet
* plugins.d/mandos-client.c: Prefix all printouts with "Mandos plugin
87
#include <sys/wait.h>		/* waitpid(), WIFEXITED(),
88
				   WEXITSTATUS(), WTERMSIG() */
237.16.16 by teddy at bsnet
* network-hooks.d/bridge: Use "/usr/sbin/brctl" explicitly.
89
#include <grp.h>		/* setgroups() */
237.22.4 by Teddy Hogeborn
* plugins.d/mandos-client.c (get_flags): Don't clobber errno.
90
#include <argz.h>		/* argz_add_sep(), argz_next(),
91
				   argz_delete(), argz_append(),
92
				   argz_stringify(), argz_add(),
93
				   argz_count() */
237.2.70 by Teddy Hogeborn
Merge from Björn:
94
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
95
#ifdef __linux__
24.1.124 by Björn Påhlsson
Added lower kernel loglevel to reduce clutter on system console.
96
#include <sys/klog.h> 		/* klogctl() */
237.2.71 by Teddy Hogeborn
* plugin-runner.c: Comment change.
97
#endif	/* __linux__ */
24.1.26 by Björn Påhlsson
tally count of used symbols
98
99
/* Avahi */
24.1.29 by Björn Påhlsson
Added more header file comments
100
/* All Avahi types, constants and functions
101
 Avahi*, avahi_*,
102
 AVAHI_* */
103
#include <avahi-core/core.h>
24.1.26 by Björn Påhlsson
tally count of used symbols
104
#include <avahi-core/lookup.h>
24.1.29 by Björn Påhlsson
Added more header file comments
105
#include <avahi-core/log.h>
24.1.26 by Björn Påhlsson
tally count of used symbols
106
#include <avahi-common/simple-watch.h>
107
#include <avahi-common/malloc.h>
108
#include <avahi-common/error.h>
109
110
/* GnuTLS */
76 by Teddy Hogeborn
* plugins.d/password-request.c (init_gnutls_global): Renamed
111
#include <gnutls/gnutls.h>	/* All GnuTLS types, constants and
112
				   functions:
24.1.29 by Björn Påhlsson
Added more header file comments
113
				   gnutls_*
24.1.26 by Björn Påhlsson
tally count of used symbols
114
				   init_gnutls_session(),
24.1.29 by Björn Påhlsson
Added more header file comments
115
				   GNUTLS_* */
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
116
#include <gnutls/openpgp.h>
237.16.6 by teddy at bsnet
* plugins.d/mandos-client.c: Some white space fixes.
117
			 /* gnutls_certificate_set_openpgp_key_file(),
118
			    GNUTLS_OPENPGP_FMT_BASE64 */
24.1.26 by Björn Påhlsson
tally count of used symbols
119
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
120
/* GPGME */
76 by Teddy Hogeborn
* plugins.d/password-request.c (init_gnutls_global): Renamed
121
#include <gpgme.h> 		/* All GPGME types, constants and
122
				   functions:
24.1.29 by Björn Påhlsson
Added more header file comments
123
				   gpgme_*
24.1.26 by Björn Påhlsson
tally count of used symbols
124
				   GPGME_PROTOCOL_OpenPGP,
24.1.29 by Björn Påhlsson
Added more header file comments
125
				   GPG_ERR_NO_* */
13 by Björn Påhlsson
Added following support:
126
127
#define BUFFER_SIZE 256
37 by Teddy Hogeborn
Non-tested commit for merge purposes.
128
24.1.81 by Björn Påhlsson
removed keyring pre-requirement for starting password-request.
129
#define PATHDIR "/conf/conf.d/mandos"
130
#define SECKEY "seckey.txt"
168 by Teddy Hogeborn
* initramfs-tools-hook: Use long options where available. Use only
131
#define PUBKEY "pubkey.txt"
237.15.3 by Teddy Hogeborn
Intermediate commit - this does *not* work yet.
132
#define HOOKDIR "/lib/mandos/network-hooks.d"
24.1.81 by Björn Påhlsson
removed keyring pre-requirement for starting password-request.
133
15.1.2 by Björn Påhlsson
Added debug options from passprompt as --debug and --debug=passprompt
134
bool debug = false;
43 by Teddy Hogeborn
* plugins.d/mandosclient.c: Cosmetic changes.
135
static const char mandos_protocol_version[] = "1";
217 by Teddy Hogeborn
* .bzrignore: Added "man" directory (created by "make install-html").
136
const char *argp_program_version = "mandos-client " VERSION;
237.11.2 by Teddy Hogeborn
Change "fukt.bsnet.se" to "recompile.se" throughout.
137
const char *argp_program_bug_address = "<mandos@recompile.se>";
269.1.1 by teddy at bsnet
* plugins.d/mandos-client.c: An empty interface name now means to
138
static const char sys_class_net[] = "/sys/class/net";
139
char *connect_to = NULL;
237.16.4 by teddy at bsnet
* plugins.d/mandos-client.c (runnable_hook): Bug fix: stat using the
140
const char *hookdir = HOOKDIR;
237.22.1 by Teddy Hogeborn
* plugins.d/mandos-client.c: Refactoring.
141
uid_t uid = 65534;
142
gid_t gid = 65534;
24.1.10 by Björn Påhlsson
merge commit
143
237.7.33 by Teddy Hogeborn
Merge from Björn.
144
/* Doubly linked list that need to be circularly linked when used */
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
145
typedef struct server{
146
  const char *ip;
237.7.145 by Teddy Hogeborn
* plugins.d/mandos-client.c: Don't use assert(). Use in_port_t for
147
  in_port_t port;
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
148
  AvahiIfIndex if_index;
149
  int af;
150
  struct timespec last_seen;
151
  struct server *next;
152
  struct server *prev;
153
} server;
154
42 by Teddy Hogeborn
* plugins.d/mandosclient.c (start_mandos_communication): Change "to"
155
/* Used for passing in values through the Avahi callback functions */
13 by Björn Påhlsson
Added following support:
156
typedef struct {
24.1.9 by Björn Påhlsson
not working midwork...
157
  AvahiServer *server;
13 by Björn Påhlsson
Added following support:
158
  gnutls_certificate_credentials_t cred;
24.1.9 by Björn Påhlsson
not working midwork...
159
  unsigned int dh_bits;
24.1.13 by Björn Påhlsson
mandosclient
160
  gnutls_dh_params_t dh_params;
24.1.9 by Björn Påhlsson
not working midwork...
161
  const char *priority;
24.1.81 by Björn Påhlsson
removed keyring pre-requirement for starting password-request.
162
  gpgme_ctx_t ctx;
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
163
  server *current_server;
237.7.151 by Teddy Hogeborn
* plugins.d/mandos-client (mandos_context): New "interfaces" and
164
  char *interfaces;
165
  size_t interfaces_size;
24.1.9 by Björn Påhlsson
not working midwork...
166
} mandos_context;
13 by Björn Påhlsson
Added following support:
167
237.7.149 by Teddy Hogeborn
* plugins.d/mandos-client (mandos_context): Removed "simple_poll"
168
/* global so signal handler can reach it*/
169
AvahiSimplePoll *simple_poll;
24.1.134 by Björn Påhlsson
plugin-runner: Added support for empty string arguments
170
237.2.134 by Teddy Hogeborn
* plugins.d/mandos-client.c (init_gnutls_session): Always fail and
171
sig_atomic_t quit_now = 0;
172
int signal_received = 0;
173
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
174
/* Function to use when printing errors */
175
void perror_plus(const char *print_text){
237.7.82 by teddy at bsnet
* plugin-runner.c (add_to_char_array): Added "nonnull" attribute.
176
  int e = errno;
237.7.33 by Teddy Hogeborn
Merge from Björn.
177
  fprintf(stderr, "Mandos plugin %s: ",
178
	  program_invocation_short_name);
237.7.82 by teddy at bsnet
* plugin-runner.c (add_to_char_array): Added "nonnull" attribute.
179
  errno = e;
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
180
  perror(print_text);
181
}
182
237.7.80 by teddy at bsnet
* plugins.d/mandos-client.c (fprintf_plus): Check format string.
183
__attribute__((format (gnu_printf, 2, 3)))
237.15.4 by Björn Påhlsson
New convinence error printer: fprintf_plus
184
int fprintf_plus(FILE *stream, const char *format, ...){
185
  va_list ap;
186
  va_start (ap, format);
187
  
237.16.9 by Teddy Hogeborn
* plugins.d/mandos-client.c: Merge unified printing system.
188
  TEMP_FAILURE_RETRY(fprintf(stream, "Mandos plugin %s: ",
189
			     program_invocation_short_name));
237.15.4 by Björn Påhlsson
New convinence error printer: fprintf_plus
190
  return TEMP_FAILURE_RETRY(vfprintf(stream, format, ap));
191
}
192
43 by Teddy Hogeborn
* plugins.d/mandosclient.c: Cosmetic changes.
193
/*
237.2.71 by Teddy Hogeborn
* plugin-runner.c: Comment change.
194
 * Make additional room in "buffer" for at least BUFFER_SIZE more
195
 * bytes. "buffer_capacity" is how much is currently allocated,
196
 * "buffer_length" is how much is already used.
43 by Teddy Hogeborn
* plugins.d/mandosclient.c: Cosmetic changes.
197
 */
24.1.132 by Björn Påhlsson
Fixed a bug in fallback handling
198
size_t incbuffer(char **buffer, size_t buffer_length,
237.16.6 by teddy at bsnet
* plugins.d/mandos-client.c: Some white space fixes.
199
		 size_t buffer_capacity){
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
200
  if(buffer_length + BUFFER_SIZE > buffer_capacity){
24.1.12 by Björn Påhlsson
merge +
201
    *buffer = realloc(*buffer, buffer_capacity + BUFFER_SIZE);
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
202
    if(buffer == NULL){
24.1.10 by Björn Påhlsson
merge commit
203
      return 0;
204
    }
205
    buffer_capacity += BUFFER_SIZE;
206
  }
207
  return buffer_capacity;
208
}
209
237.7.39 by teddy at bsnet
* plugins.d/mandos-client.c (avahi_loop_with_timeout): Fix warning.
210
/* Add server to set of servers to retry periodically */
237.7.145 by Teddy Hogeborn
* plugins.d/mandos-client.c: Don't use assert(). Use in_port_t for
211
bool add_server(const char *ip, in_port_t port, AvahiIfIndex if_index,
237.7.150 by Teddy Hogeborn
* plugins.d/mandos-client (mandos_context): Moved to inside "main()".
212
		int af, server **current_server){
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
213
  int ret;
214
  server *new_server = malloc(sizeof(server));
215
  if(new_server == NULL){
216
    perror_plus("malloc");
237.11.27 by teddy at bsnet
* plugins.d/mandos-client.c (add_server): Return bool; all callers
217
    return false;
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
218
  }
219
  *new_server = (server){ .ip = strdup(ip),
237.16.6 by teddy at bsnet
* plugins.d/mandos-client.c: Some white space fixes.
220
			  .port = port,
221
			  .if_index = if_index,
222
			  .af = af };
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
223
  if(new_server->ip == NULL){
224
    perror_plus("strdup");
237.11.27 by teddy at bsnet
* plugins.d/mandos-client.c (add_server): Return bool; all callers
225
    return false;
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
226
  }
237.7.39 by teddy at bsnet
* plugins.d/mandos-client.c (avahi_loop_with_timeout): Fix warning.
227
  /* Special case of first server */
237.7.150 by Teddy Hogeborn
* plugins.d/mandos-client (mandos_context): Moved to inside "main()".
228
  if(*current_server == NULL){
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
229
    new_server->next = new_server;
230
    new_server->prev = new_server;
237.7.150 by Teddy Hogeborn
* plugins.d/mandos-client (mandos_context): Moved to inside "main()".
231
    *current_server = new_server;
237.7.39 by teddy at bsnet
* plugins.d/mandos-client.c (avahi_loop_with_timeout): Fix warning.
232
  /* Place the new server last in the list */
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
233
  } else {
237.7.150 by Teddy Hogeborn
* plugins.d/mandos-client (mandos_context): Moved to inside "main()".
234
    new_server->next = *current_server;
235
    new_server->prev = (*current_server)->prev;
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
236
    new_server->prev->next = new_server;
237.7.150 by Teddy Hogeborn
* plugins.d/mandos-client (mandos_context): Moved to inside "main()".
237
    (*current_server)->prev = new_server;
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
238
  }
237.7.150 by Teddy Hogeborn
* plugins.d/mandos-client (mandos_context): Moved to inside "main()".
239
  ret = clock_gettime(CLOCK_MONOTONIC, &(*current_server)->last_seen);
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
240
  if(ret == -1){
241
    perror_plus("clock_gettime");
237.11.27 by teddy at bsnet
* plugins.d/mandos-client.c (add_server): Return bool; all callers
242
    return false;
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
243
  }
237.11.27 by teddy at bsnet
* plugins.d/mandos-client.c (add_server): Return bool; all callers
244
  return true;
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
245
}
246
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
247
/* 
24.1.81 by Björn Påhlsson
removed keyring pre-requirement for starting password-request.
248
 * Initialize GPGME.
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
249
 */
237.16.6 by teddy at bsnet
* plugins.d/mandos-client.c: Some white space fixes.
250
static bool init_gpgme(const char *seckey, const char *pubkey,
237.7.150 by Teddy Hogeborn
* plugins.d/mandos-client (mandos_context): Moved to inside "main()".
251
		       const char *tempdir, mandos_context *mc){
13 by Björn Påhlsson
Added following support:
252
  gpgme_error_t rc;
253
  gpgme_engine_info_t engine_info;
168 by Teddy Hogeborn
* initramfs-tools-hook: Use long options where available. Use only
254
  
24.1.81 by Björn Påhlsson
removed keyring pre-requirement for starting password-request.
255
  /*
237.2.51 by Teddy Hogeborn
* plugins.d/mandos-client.c (main): Use separate bool variable instead
256
   * Helper function to insert pub and seckey to the engine keyring.
24.1.81 by Björn Påhlsson
removed keyring pre-requirement for starting password-request.
257
   */
258
  bool import_key(const char *filename){
237.2.124 by Teddy Hogeborn
* plugins.d/mandos-client.c (init_gpgme): Move variable "ret" into the
259
    int ret;
24.1.81 by Björn Påhlsson
removed keyring pre-requirement for starting password-request.
260
    int fd;
261
    gpgme_data_t pgp_data;
262
    
237.3.2 by Mooie
Fixed warnings in the 64 bit build. Added explicit cast to int for
263
    fd = (int)TEMP_FAILURE_RETRY(open(filename, O_RDONLY));
24.1.81 by Björn Påhlsson
removed keyring pre-requirement for starting password-request.
264
    if(fd == -1){
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
265
      perror_plus("open");
24.1.81 by Björn Påhlsson
removed keyring pre-requirement for starting password-request.
266
      return false;
267
    }
268
    
269
    rc = gpgme_data_new_from_fd(&pgp_data, fd);
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
270
    if(rc != GPG_ERR_NO_ERROR){
237.15.6 by Björn Påhlsson
replace calls to fprintf with fprintf_plus.
271
      fprintf_plus(stderr, "bad gpgme_data_new_from_fd: %s: %s\n",
237.16.9 by Teddy Hogeborn
* plugins.d/mandos-client.c: Merge unified printing system.
272
		   gpgme_strsource(rc), gpgme_strerror(rc));
24.1.81 by Björn Påhlsson
removed keyring pre-requirement for starting password-request.
273
      return false;
274
    }
168 by Teddy Hogeborn
* initramfs-tools-hook: Use long options where available. Use only
275
    
237.7.150 by Teddy Hogeborn
* plugins.d/mandos-client (mandos_context): Moved to inside "main()".
276
    rc = gpgme_op_import(mc->ctx, pgp_data);
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
277
    if(rc != GPG_ERR_NO_ERROR){
237.15.6 by Björn Påhlsson
replace calls to fprintf with fprintf_plus.
278
      fprintf_plus(stderr, "bad gpgme_op_import: %s: %s\n",
237.16.9 by Teddy Hogeborn
* plugins.d/mandos-client.c: Merge unified printing system.
279
		   gpgme_strsource(rc), gpgme_strerror(rc));
24.1.81 by Björn Påhlsson
removed keyring pre-requirement for starting password-request.
280
      return false;
281
    }
168 by Teddy Hogeborn
* initramfs-tools-hook: Use long options where available. Use only
282
    
237.3.2 by Mooie
Fixed warnings in the 64 bit build. Added explicit cast to int for
283
    ret = (int)TEMP_FAILURE_RETRY(close(fd));
24.1.81 by Björn Påhlsson
removed keyring pre-requirement for starting password-request.
284
    if(ret == -1){
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
285
      perror_plus("close");
24.1.81 by Björn Påhlsson
removed keyring pre-requirement for starting password-request.
286
    }
287
    gpgme_data_release(pgp_data);
288
    return true;
289
  }
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
290
  
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
291
  if(debug){
237.15.6 by Björn Påhlsson
replace calls to fprintf with fprintf_plus.
292
    fprintf_plus(stderr, "Initializing GPGME\n");
15.1.1 by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient
293
  }
168 by Teddy Hogeborn
* initramfs-tools-hook: Use long options where available. Use only
294
  
13 by Björn Påhlsson
Added following support:
295
  /* Init GPGME */
296
  gpgme_check_version(NULL);
24.1.4 by Björn Påhlsson
Added optional parameters certdir, certkey and certfile that can be iven at start in the command line.
297
  rc = gpgme_engine_check_version(GPGME_PROTOCOL_OpenPGP);
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
298
  if(rc != GPG_ERR_NO_ERROR){
237.15.6 by Björn Påhlsson
replace calls to fprintf with fprintf_plus.
299
    fprintf_plus(stderr, "bad gpgme_engine_check_version: %s: %s\n",
237.16.9 by Teddy Hogeborn
* plugins.d/mandos-client.c: Merge unified printing system.
300
		 gpgme_strsource(rc), gpgme_strerror(rc));
24.1.81 by Björn Påhlsson
removed keyring pre-requirement for starting password-request.
301
    return false;
24.1.4 by Björn Påhlsson
Added optional parameters certdir, certkey and certfile that can be iven at start in the command line.
302
  }
168 by Teddy Hogeborn
* initramfs-tools-hook: Use long options where available. Use only
303
  
237.7.40 by Teddy Hogeborn
* plugins.d/mandos-client.c (main): Do not even try to work around
304
  /* Set GPGME home directory for the OpenPGP engine only */
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
305
  rc = gpgme_get_engine_info(&engine_info);
306
  if(rc != GPG_ERR_NO_ERROR){
237.15.6 by Björn Påhlsson
replace calls to fprintf with fprintf_plus.
307
    fprintf_plus(stderr, "bad gpgme_get_engine_info: %s: %s\n",
237.16.9 by Teddy Hogeborn
* plugins.d/mandos-client.c: Merge unified printing system.
308
		 gpgme_strsource(rc), gpgme_strerror(rc));
24.1.81 by Björn Påhlsson
removed keyring pre-requirement for starting password-request.
309
    return false;
13 by Björn Påhlsson
Added following support:
310
  }
311
  while(engine_info != NULL){
312
    if(engine_info->protocol == GPGME_PROTOCOL_OpenPGP){
313
      gpgme_set_engine_info(GPGME_PROTOCOL_OpenPGP,
24.1.81 by Björn Påhlsson
removed keyring pre-requirement for starting password-request.
314
			    engine_info->file_name, tempdir);
13 by Björn Påhlsson
Added following support:
315
      break;
316
    }
317
    engine_info = engine_info->next;
318
  }
319
  if(engine_info == NULL){
237.16.9 by Teddy Hogeborn
* plugins.d/mandos-client.c: Merge unified printing system.
320
    fprintf_plus(stderr, "Could not set GPGME home dir to %s\n",
321
		 tempdir);
24.1.81 by Björn Påhlsson
removed keyring pre-requirement for starting password-request.
322
    return false;
323
  }
168 by Teddy Hogeborn
* initramfs-tools-hook: Use long options where available. Use only
324
  
24.1.81 by Björn Påhlsson
removed keyring pre-requirement for starting password-request.
325
  /* Create new GPGME "context" */
237.7.150 by Teddy Hogeborn
* plugins.d/mandos-client (mandos_context): Moved to inside "main()".
326
  rc = gpgme_new(&(mc->ctx));
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
327
  if(rc != GPG_ERR_NO_ERROR){
237.15.6 by Björn Påhlsson
replace calls to fprintf with fprintf_plus.
328
    fprintf_plus(stderr, "Mandos plugin mandos-client: "
237.16.9 by Teddy Hogeborn
* plugins.d/mandos-client.c: Merge unified printing system.
329
		 "bad gpgme_new: %s: %s\n", gpgme_strsource(rc),
330
		 gpgme_strerror(rc));
24.1.81 by Björn Påhlsson
removed keyring pre-requirement for starting password-request.
331
    return false;
332
  }
333
  
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
334
  if(not import_key(pubkey) or not import_key(seckey)){
24.1.81 by Björn Påhlsson
removed keyring pre-requirement for starting password-request.
335
    return false;
336
  }
337
  
237.2.118 by Teddy Hogeborn
* mandos: White-space fixes only.
338
  return true;
24.1.81 by Björn Påhlsson
removed keyring pre-requirement for starting password-request.
339
}
340
341
/* 
342
 * Decrypt OpenPGP data.
343
 * Returns -1 on error
344
 */
24.1.134 by Björn Påhlsson
plugin-runner: Added support for empty string arguments
345
static ssize_t pgp_packet_decrypt(const char *cryptotext,
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
346
				  size_t crypto_size,
237.7.150 by Teddy Hogeborn
* plugins.d/mandos-client (mandos_context): Moved to inside "main()".
347
				  char **plaintext,
348
				  mandos_context *mc){
24.1.81 by Björn Påhlsson
removed keyring pre-requirement for starting password-request.
349
  gpgme_data_t dh_crypto, dh_plain;
350
  gpgme_error_t rc;
351
  ssize_t ret;
352
  size_t plaintext_capacity = 0;
353
  ssize_t plaintext_length = 0;
354
  
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
355
  if(debug){
237.15.6 by Björn Påhlsson
replace calls to fprintf with fprintf_plus.
356
    fprintf_plus(stderr, "Trying to decrypt OpenPGP data\n");
13 by Björn Påhlsson
Added following support:
357
  }
358
  
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
359
  /* Create new GPGME data buffer from memory cryptotext */
360
  rc = gpgme_data_new_from_mem(&dh_crypto, cryptotext, crypto_size,
361
			       0);
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
362
  if(rc != GPG_ERR_NO_ERROR){
237.15.6 by Björn Påhlsson
replace calls to fprintf with fprintf_plus.
363
    fprintf_plus(stderr, "bad gpgme_data_new_from_mem: %s: %s\n",
237.16.9 by Teddy Hogeborn
* plugins.d/mandos-client.c: Merge unified printing system.
364
		 gpgme_strsource(rc), gpgme_strerror(rc));
13 by Björn Påhlsson
Added following support:
365
    return -1;
366
  }
367
  
368
  /* Create new empty GPGME data buffer for the plaintext */
369
  rc = gpgme_data_new(&dh_plain);
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
370
  if(rc != GPG_ERR_NO_ERROR){
237.15.6 by Björn Påhlsson
replace calls to fprintf with fprintf_plus.
371
    fprintf_plus(stderr, "Mandos plugin mandos-client: "
237.16.9 by Teddy Hogeborn
* plugins.d/mandos-client.c: Merge unified printing system.
372
		 "bad gpgme_data_new: %s: %s\n",
373
		 gpgme_strsource(rc), gpgme_strerror(rc));
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
374
    gpgme_data_release(dh_crypto);
13 by Björn Påhlsson
Added following support:
375
    return -1;
376
  }
377
  
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
378
  /* Decrypt data from the cryptotext data buffer to the plaintext
379
     data buffer */
237.7.150 by Teddy Hogeborn
* plugins.d/mandos-client (mandos_context): Moved to inside "main()".
380
  rc = gpgme_op_decrypt(mc->ctx, dh_crypto, dh_plain);
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
381
  if(rc != GPG_ERR_NO_ERROR){
237.15.6 by Björn Påhlsson
replace calls to fprintf with fprintf_plus.
382
    fprintf_plus(stderr, "bad gpgme_op_decrypt: %s: %s\n",
237.16.9 by Teddy Hogeborn
* plugins.d/mandos-client.c: Merge unified printing system.
383
		 gpgme_strsource(rc), gpgme_strerror(rc));
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
384
    plaintext_length = -1;
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
385
    if(debug){
99 by Teddy Hogeborn
* mandos (fingerprint): Bug fix: Check crtverify.value, not crtverify.
386
      gpgme_decrypt_result_t result;
237.7.150 by Teddy Hogeborn
* plugins.d/mandos-client (mandos_context): Moved to inside "main()".
387
      result = gpgme_op_decrypt_result(mc->ctx);
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
388
      if(result == NULL){
237.15.6 by Björn Påhlsson
replace calls to fprintf with fprintf_plus.
389
	fprintf_plus(stderr, "gpgme_op_decrypt_result failed\n");
99 by Teddy Hogeborn
* mandos (fingerprint): Bug fix: Check crtverify.value, not crtverify.
390
      } else {
237.15.6 by Björn Påhlsson
replace calls to fprintf with fprintf_plus.
391
	fprintf_plus(stderr, "Unsupported algorithm: %s\n",
237.16.9 by Teddy Hogeborn
* plugins.d/mandos-client.c: Merge unified printing system.
392
		     result->unsupported_algorithm);
237.15.6 by Björn Påhlsson
replace calls to fprintf with fprintf_plus.
393
	fprintf_plus(stderr, "Wrong key usage: %u\n",
237.16.9 by Teddy Hogeborn
* plugins.d/mandos-client.c: Merge unified printing system.
394
		     result->wrong_key_usage);
99 by Teddy Hogeborn
* mandos (fingerprint): Bug fix: Check crtverify.value, not crtverify.
395
	if(result->file_name != NULL){
237.15.6 by Björn Påhlsson
replace calls to fprintf with fprintf_plus.
396
	  fprintf_plus(stderr, "File name: %s\n", result->file_name);
99 by Teddy Hogeborn
* mandos (fingerprint): Bug fix: Check crtverify.value, not crtverify.
397
	}
398
	gpgme_recipient_t recipient;
399
	recipient = result->recipients;
237.2.112 by Teddy Hogeborn
* plugins.d/mandos-client.c (pgp_packet_decrypt): Remove redundant
400
	while(recipient != NULL){
237.15.6 by Björn Påhlsson
replace calls to fprintf with fprintf_plus.
401
	  fprintf_plus(stderr, "Public key algorithm: %s\n",
237.16.9 by Teddy Hogeborn
* plugins.d/mandos-client.c: Merge unified printing system.
402
		       gpgme_pubkey_algo_name
403
		       (recipient->pubkey_algo));
237.15.6 by Björn Påhlsson
replace calls to fprintf with fprintf_plus.
404
	  fprintf_plus(stderr, "Key ID: %s\n", recipient->keyid);
405
	  fprintf_plus(stderr, "Secret key available: %s\n",
237.16.9 by Teddy Hogeborn
* plugins.d/mandos-client.c: Merge unified printing system.
406
		       recipient->status == GPG_ERR_NO_SECKEY
407
		       ? "No" : "Yes");
237.2.112 by Teddy Hogeborn
* plugins.d/mandos-client.c (pgp_packet_decrypt): Remove redundant
408
	  recipient = recipient->next;
99 by Teddy Hogeborn
* mandos (fingerprint): Bug fix: Check crtverify.value, not crtverify.
409
	}
410
      }
411
    }
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
412
    goto decrypt_end;
13 by Björn Påhlsson
Added following support:
413
  }
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
414
  
15.1.1 by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient
415
  if(debug){
237.15.6 by Björn Påhlsson
replace calls to fprintf with fprintf_plus.
416
    fprintf_plus(stderr, "Decryption of OpenPGP data succeeded\n");
15.1.1 by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient
417
  }
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
418
  
13 by Björn Påhlsson
Added following support:
419
  /* Seek back to the beginning of the GPGME plaintext data buffer */
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
420
  if(gpgme_data_seek(dh_plain, (off_t)0, SEEK_SET) == -1){
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
421
    perror_plus("gpgme_data_seek");
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
422
    plaintext_length = -1;
423
    goto decrypt_end;
24.1.5 by Björn Påhlsson
plugbasedclient:
424
  }
425
  
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
426
  *plaintext = NULL;
13 by Björn Påhlsson
Added following support:
427
  while(true){
24.1.132 by Björn Påhlsson
Fixed a bug in fallback handling
428
    plaintext_capacity = incbuffer(plaintext,
237.16.6 by teddy at bsnet
* plugins.d/mandos-client.c: Some white space fixes.
429
				   (size_t)plaintext_length,
430
				   plaintext_capacity);
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
431
    if(plaintext_capacity == 0){
237.16.6 by teddy at bsnet
* plugins.d/mandos-client.c: Some white space fixes.
432
      perror_plus("incbuffer");
433
      plaintext_length = -1;
434
      goto decrypt_end;
13 by Björn Påhlsson
Added following support:
435
    }
436
    
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
437
    ret = gpgme_data_read(dh_plain, *plaintext + plaintext_length,
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
438
			  BUFFER_SIZE);
13 by Björn Påhlsson
Added following support:
439
    /* Print the data, if any */
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
440
    if(ret == 0){
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
441
      /* EOF */
13 by Björn Påhlsson
Added following support:
442
      break;
443
    }
444
    if(ret < 0){
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
445
      perror_plus("gpgme_data_read");
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
446
      plaintext_length = -1;
447
      goto decrypt_end;
13 by Björn Påhlsson
Added following support:
448
    }
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
449
    plaintext_length += ret;
13 by Björn Påhlsson
Added following support:
450
  }
143 by Teddy Hogeborn
* Makefile (mandos.8): Add dependency on "overview.xml" and
451
  
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
452
  if(debug){
237.15.6 by Björn Påhlsson
replace calls to fprintf with fprintf_plus.
453
    fprintf_plus(stderr, "Decrypted password is: ");
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
454
    for(ssize_t i = 0; i < plaintext_length; i++){
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
455
      fprintf(stderr, "%02hhX ", (*plaintext)[i]);
456
    }
457
    fprintf(stderr, "\n");
458
  }
459
  
460
 decrypt_end:
461
  
462
  /* Delete the GPGME cryptotext data buffer */
463
  gpgme_data_release(dh_crypto);
15.1.3 by Björn Påhlsson
Added getopt_long support for mandosclient and passprompt
464
  
465
  /* Delete the GPGME plaintext data buffer */
13 by Björn Påhlsson
Added following support:
466
  gpgme_data_release(dh_plain);
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
467
  return plaintext_length;
13 by Björn Påhlsson
Added following support:
468
}
469
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
470
static const char * safer_gnutls_strerror(int value){
237.7.145 by Teddy Hogeborn
* plugins.d/mandos-client.c: Don't use assert(). Use in_port_t for
471
  const char *ret = gnutls_strerror(value);
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
472
  if(ret == NULL)
13 by Björn Påhlsson
Added following support:
473
    ret = "(unknown)";
474
  return ret;
475
}
476
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
477
/* GnuTLS log function callback */
36 by Teddy Hogeborn
* TODO: Converted to org-mode style
478
static void debuggnutls(__attribute__((unused)) int level,
479
			const char* string){
237.15.6 by Björn Påhlsson
replace calls to fprintf with fprintf_plus.
480
  fprintf_plus(stderr, "GnuTLS: %s", string);
13 by Björn Påhlsson
Added following support:
481
}
482
24.1.134 by Björn Påhlsson
plugin-runner: Added support for empty string arguments
483
static int init_gnutls_global(const char *pubkeyfilename,
237.7.150 by Teddy Hogeborn
* plugins.d/mandos-client (mandos_context): Moved to inside "main()".
484
			      const char *seckeyfilename,
485
			      mandos_context *mc){
13 by Björn Påhlsson
Added following support:
486
  int ret;
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
487
  
15.1.1 by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient
488
  if(debug){
237.15.6 by Björn Påhlsson
replace calls to fprintf with fprintf_plus.
489
    fprintf_plus(stderr, "Initializing GnuTLS\n");
15.1.1 by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient
490
  }
24.1.29 by Björn Påhlsson
Added more header file comments
491
  
492
  ret = gnutls_global_init();
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
493
  if(ret != GNUTLS_E_SUCCESS){
237.16.9 by Teddy Hogeborn
* plugins.d/mandos-client.c: Merge unified printing system.
494
    fprintf_plus(stderr, "GnuTLS global_init: %s\n",
495
		 safer_gnutls_strerror(ret));
13 by Björn Påhlsson
Added following support:
496
    return -1;
497
  }
38 by Teddy Hogeborn
* plugbasedclient.c (main): New "--userid" and "--groupid" options.
498
  
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
499
  if(debug){
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
500
    /* "Use a log level over 10 to enable all debugging options."
501
     * - GnuTLS manual
502
     */
15.1.1 by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient
503
    gnutls_global_set_log_level(11);
504
    gnutls_global_set_log_function(debuggnutls);
505
  }
506
  
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
507
  /* OpenPGP credentials */
237.7.150 by Teddy Hogeborn
* plugins.d/mandos-client (mandos_context): Moved to inside "main()".
508
  ret = gnutls_certificate_allocate_credentials(&mc->cred);
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
509
  if(ret != GNUTLS_E_SUCCESS){
237.16.9 by Teddy Hogeborn
* plugins.d/mandos-client.c: Merge unified printing system.
510
    fprintf_plus(stderr, "GnuTLS memory error: %s\n",
511
		 safer_gnutls_strerror(ret));
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
512
    gnutls_global_deinit();
13 by Björn Påhlsson
Added following support:
513
    return -1;
514
  }
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
515
  
15.1.1 by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient
516
  if(debug){
237.15.6 by Björn Påhlsson
replace calls to fprintf with fprintf_plus.
517
    fprintf_plus(stderr, "Attempting to use OpenPGP public key %s and"
237.16.9 by Teddy Hogeborn
* plugins.d/mandos-client.c: Merge unified printing system.
518
		 " secret key %s as GnuTLS credentials\n",
519
		 pubkeyfilename,
520
		 seckeyfilename);
15.1.1 by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient
521
  }
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
522
  
13 by Björn Påhlsson
Added following support:
523
  ret = gnutls_certificate_set_openpgp_key_file
237.7.150 by Teddy Hogeborn
* plugins.d/mandos-client (mandos_context): Moved to inside "main()".
524
    (mc->cred, pubkeyfilename, seckeyfilename,
76 by Teddy Hogeborn
* plugins.d/password-request.c (init_gnutls_global): Renamed
525
     GNUTLS_OPENPGP_FMT_BASE64);
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
526
  if(ret != GNUTLS_E_SUCCESS){
237.15.6 by Björn Påhlsson
replace calls to fprintf with fprintf_plus.
527
    fprintf_plus(stderr,
528
		 "Error[%d] while reading the OpenPGP key pair ('%s',"
529
		 " '%s')\n", ret, pubkeyfilename, seckeyfilename);
237.16.9 by Teddy Hogeborn
* plugins.d/mandos-client.c: Merge unified printing system.
530
    fprintf_plus(stderr, "The GnuTLS error is: %s\n",
531
		 safer_gnutls_strerror(ret));
24.1.20 by Björn Påhlsson
mandosclient
532
    goto globalfail;
13 by Björn Påhlsson
Added following support:
533
  }
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
534
  
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
535
  /* GnuTLS server initialization */
237.7.150 by Teddy Hogeborn
* plugins.d/mandos-client (mandos_context): Moved to inside "main()".
536
  ret = gnutls_dh_params_init(&mc->dh_params);
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
537
  if(ret != GNUTLS_E_SUCCESS){
237.16.9 by Teddy Hogeborn
* plugins.d/mandos-client.c: Merge unified printing system.
538
    fprintf_plus(stderr, "Error in GnuTLS DH parameter"
539
		 " initialization: %s\n",
540
		 safer_gnutls_strerror(ret));
24.1.20 by Björn Påhlsson
mandosclient
541
    goto globalfail;
13 by Björn Påhlsson
Added following support:
542
  }
237.7.150 by Teddy Hogeborn
* plugins.d/mandos-client (mandos_context): Moved to inside "main()".
543
  ret = gnutls_dh_params_generate2(mc->dh_params, mc->dh_bits);
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
544
  if(ret != GNUTLS_E_SUCCESS){
237.15.6 by Björn Påhlsson
replace calls to fprintf with fprintf_plus.
545
    fprintf_plus(stderr, "Error in GnuTLS prime generation: %s\n",
237.16.9 by Teddy Hogeborn
* plugins.d/mandos-client.c: Merge unified printing system.
546
		 safer_gnutls_strerror(ret));
24.1.20 by Björn Påhlsson
mandosclient
547
    goto globalfail;
13 by Björn Påhlsson
Added following support:
548
  }
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
549
  
237.7.150 by Teddy Hogeborn
* plugins.d/mandos-client (mandos_context): Moved to inside "main()".
550
  gnutls_certificate_set_dh_params(mc->cred, mc->dh_params);
143 by Teddy Hogeborn
* Makefile (mandos.8): Add dependency on "overview.xml" and
551
  
24.1.13 by Björn Påhlsson
mandosclient
552
  return 0;
143 by Teddy Hogeborn
* Makefile (mandos.8): Add dependency on "overview.xml" and
553
  
24.1.20 by Björn Påhlsson
mandosclient
554
 globalfail:
143 by Teddy Hogeborn
* Makefile (mandos.8): Add dependency on "overview.xml" and
555
  
237.7.150 by Teddy Hogeborn
* plugins.d/mandos-client (mandos_context): Moved to inside "main()".
556
  gnutls_certificate_free_credentials(mc->cred);
24.1.26 by Björn Påhlsson
tally count of used symbols
557
  gnutls_global_deinit();
237.7.150 by Teddy Hogeborn
* plugins.d/mandos-client (mandos_context): Moved to inside "main()".
558
  gnutls_dh_params_deinit(mc->dh_params);
24.1.20 by Björn Påhlsson
mandosclient
559
  return -1;
24.1.13 by Björn Påhlsson
mandosclient
560
}
561
237.7.150 by Teddy Hogeborn
* plugins.d/mandos-client (mandos_context): Moved to inside "main()".
562
static int init_gnutls_session(gnutls_session_t *session,
563
			       mandos_context *mc){
24.1.13 by Björn Påhlsson
mandosclient
564
  int ret;
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
565
  /* GnuTLS session creation */
237.2.131 by Teddy Hogeborn
* plugins.d/mandos-client.c (init_gnutls_session): Retry interrupted
566
  do {
567
    ret = gnutls_init(session, GNUTLS_SERVER);
237.2.134 by Teddy Hogeborn
* plugins.d/mandos-client.c (init_gnutls_session): Always fail and
568
    if(quit_now){
569
      return -1;
570
    }
237.2.131 by Teddy Hogeborn
* plugins.d/mandos-client.c (init_gnutls_session): Retry interrupted
571
  } while(ret == GNUTLS_E_INTERRUPTED or ret == GNUTLS_E_AGAIN);
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
572
  if(ret != GNUTLS_E_SUCCESS){
237.16.9 by Teddy Hogeborn
* plugins.d/mandos-client.c: Merge unified printing system.
573
    fprintf_plus(stderr,
574
		 "Error in GnuTLS session initialization: %s\n",
575
		 safer_gnutls_strerror(ret));
13 by Björn Påhlsson
Added following support:
576
  }
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
577
  
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
578
  {
579
    const char *err;
237.2.131 by Teddy Hogeborn
* plugins.d/mandos-client.c (init_gnutls_session): Retry interrupted
580
    do {
237.7.150 by Teddy Hogeborn
* plugins.d/mandos-client (mandos_context): Moved to inside "main()".
581
      ret = gnutls_priority_set_direct(*session, mc->priority, &err);
237.2.134 by Teddy Hogeborn
* plugins.d/mandos-client.c (init_gnutls_session): Always fail and
582
      if(quit_now){
583
	gnutls_deinit(*session);
584
	return -1;
585
      }
237.2.131 by Teddy Hogeborn
* plugins.d/mandos-client.c (init_gnutls_session): Retry interrupted
586
    } while(ret == GNUTLS_E_INTERRUPTED or ret == GNUTLS_E_AGAIN);
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
587
    if(ret != GNUTLS_E_SUCCESS){
237.15.6 by Björn Påhlsson
replace calls to fprintf with fprintf_plus.
588
      fprintf_plus(stderr, "Syntax error at: %s\n", err);
237.16.9 by Teddy Hogeborn
* plugins.d/mandos-client.c: Merge unified printing system.
589
      fprintf_plus(stderr, "GnuTLS error: %s\n",
590
		   safer_gnutls_strerror(ret));
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
591
      gnutls_deinit(*session);
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
592
      return -1;
593
    }
13 by Björn Påhlsson
Added following support:
594
  }
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
595
  
237.2.131 by Teddy Hogeborn
* plugins.d/mandos-client.c (init_gnutls_session): Retry interrupted
596
  do {
597
    ret = gnutls_credentials_set(*session, GNUTLS_CRD_CERTIFICATE,
237.7.150 by Teddy Hogeborn
* plugins.d/mandos-client (mandos_context): Moved to inside "main()".
598
				 mc->cred);
237.2.134 by Teddy Hogeborn
* plugins.d/mandos-client.c (init_gnutls_session): Always fail and
599
    if(quit_now){
600
      gnutls_deinit(*session);
601
      return -1;
602
    }
237.2.131 by Teddy Hogeborn
* plugins.d/mandos-client.c (init_gnutls_session): Retry interrupted
603
  } while(ret == GNUTLS_E_INTERRUPTED or ret == GNUTLS_E_AGAIN);
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
604
  if(ret != GNUTLS_E_SUCCESS){
237.15.6 by Björn Påhlsson
replace calls to fprintf with fprintf_plus.
605
    fprintf_plus(stderr, "Error setting GnuTLS credentials: %s\n",
237.16.9 by Teddy Hogeborn
* plugins.d/mandos-client.c: Merge unified printing system.
606
		 safer_gnutls_strerror(ret));
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
607
    gnutls_deinit(*session);
13 by Björn Påhlsson
Added following support:
608
    return -1;
609
  }
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
610
  
13 by Björn Påhlsson
Added following support:
611
  /* ignore client certificate if any. */
237.2.131 by Teddy Hogeborn
* plugins.d/mandos-client.c (init_gnutls_session): Retry interrupted
612
  gnutls_certificate_server_set_request(*session, GNUTLS_CERT_IGNORE);
13 by Björn Påhlsson
Added following support:
613
  
237.7.150 by Teddy Hogeborn
* plugins.d/mandos-client (mandos_context): Moved to inside "main()".
614
  gnutls_dh_set_prime_bits(*session, mc->dh_bits);
13 by Björn Påhlsson
Added following support:
615
  
616
  return 0;
617
}
618
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
619
/* Avahi log function callback */
36 by Teddy Hogeborn
* TODO: Converted to org-mode style
620
static void empty_log(__attribute__((unused)) AvahiLogLevel level,
621
		      __attribute__((unused)) const char *txt){}
13 by Björn Påhlsson
Added following support:
622
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
623
/* Called when a Mandos server is found */
237.7.145 by Teddy Hogeborn
* plugins.d/mandos-client.c: Don't use assert(). Use in_port_t for
624
static int start_mandos_communication(const char *ip, in_port_t port,
24.1.9 by Björn Påhlsson
not working midwork...
625
				      AvahiIfIndex if_index,
237.7.150 by Teddy Hogeborn
* plugins.d/mandos-client (mandos_context): Moved to inside "main()".
626
				      int af, mandos_context *mc){
237.2.121 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
627
  int ret, tcp_sd = -1;
237.3.2 by Mooie
Fixed warnings in the 64 bit build. Added explicit cast to int for
628
  ssize_t sret;
237.2.67 by Teddy Hogeborn
Four new interrelated features:
629
  union {
630
    struct sockaddr_in in;
631
    struct sockaddr_in6 in6;
632
  } to;
13 by Björn Påhlsson
Added following support:
633
  char *buffer = NULL;
237.2.135 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Bug fix:
634
  char *decrypted_buffer = NULL;
13 by Björn Påhlsson
Added following support:
635
  size_t buffer_length = 0;
636
  size_t buffer_capacity = 0;
24.1.10 by Björn Påhlsson
merge commit
637
  size_t written;
237.2.135 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Bug fix:
638
  int retval = -1;
38 by Teddy Hogeborn
* plugbasedclient.c (main): New "--userid" and "--groupid" options.
639
  gnutls_session_t session;
237.2.67 by Teddy Hogeborn
Four new interrelated features:
640
  int pf;			/* Protocol family */
641
  
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
642
  errno = 0;
643
  
237.2.121 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
644
  if(quit_now){
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
645
    errno = EINTR;
237.2.121 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
646
    return -1;
647
  }
648
  
237.2.67 by Teddy Hogeborn
Four new interrelated features:
649
  switch(af){
650
  case AF_INET6:
651
    pf = PF_INET6;
652
    break;
653
  case AF_INET:
654
    pf = PF_INET;
655
    break;
656
  default:
237.15.6 by Björn Påhlsson
replace calls to fprintf with fprintf_plus.
657
    fprintf_plus(stderr, "Bad address family: %d\n", af);
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
658
    errno = EINVAL;
237.2.67 by Teddy Hogeborn
Four new interrelated features:
659
    return -1;
660
  }
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
661
  
237.7.152 by Teddy Hogeborn
* plugins.d/mandos-client (start_mandos_communication): Bug fix; skip
662
  if(if_index != AVAHI_IF_UNSPEC and mc->interfaces != NULL){
663
    /* Check if the interface is one of the interfaces we are using */
664
    bool match = false;
665
    {
666
      char *interface = NULL;
667
      while((interface=argz_next(mc->interfaces, mc->interfaces_size,
668
				 interface))){
669
	if(if_nametoindex(interface) == (unsigned int)if_index){
670
	  match = true;
671
	  break;
672
	}
673
      }
674
    }
675
    if(not match){
676
      if(debug){
677
	char interface[IF_NAMESIZE];
678
	if(if_indextoname((unsigned int)if_index, interface) == NULL){
679
	  perror_plus("if_indextoname");
680
	} else {
681
	  fprintf_plus(stderr, "Skipping server on non-used interface"
682
		       " \"%s\"\n",
683
		       if_indextoname((unsigned int)if_index,
684
				      interface));
685
	}
686
      }
687
      return -1;
688
    }
689
  }
690
  
237.7.150 by Teddy Hogeborn
* plugins.d/mandos-client (mandos_context): Moved to inside "main()".
691
  ret = init_gnutls_session(&session, mc);
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
692
  if(ret != 0){
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
693
    return -1;
694
  }
695
  
15.1.1 by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient
696
  if(debug){
237.16.9 by Teddy Hogeborn
* plugins.d/mandos-client.c: Merge unified printing system.
697
    fprintf_plus(stderr, "Setting up a TCP connection to %s, port %"
237.7.145 by Teddy Hogeborn
* plugins.d/mandos-client.c: Don't use assert(). Use in_port_t for
698
		 PRIuMAX "\n", ip, (uintmax_t)port);
15.1.1 by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient
699
  }
13 by Björn Påhlsson
Added following support:
700
  
237.2.67 by Teddy Hogeborn
Four new interrelated features:
701
  tcp_sd = socket(pf, SOCK_STREAM, 0);
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
702
  if(tcp_sd < 0){
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
703
    int e = errno;
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
704
    perror_plus("socket");
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
705
    errno = e;
237.2.121 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
706
    goto mandos_end;
707
  }
708
  
709
  if(quit_now){
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
710
    errno = EINTR;
237.2.121 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
711
    goto mandos_end;
13 by Björn Påhlsson
Added following support:
712
  }
143 by Teddy Hogeborn
* Makefile (mandos.8): Add dependency on "overview.xml" and
713
  
84 by Teddy Hogeborn
* Makefile (DOCBOOKTOMAN): Use the local manpages/docbook.xsl file, do
714
  memset(&to, 0, sizeof(to));
237.2.67 by Teddy Hogeborn
Four new interrelated features:
715
  if(af == AF_INET6){
237.2.88 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): "sin6_family"
716
    to.in6.sin6_family = (sa_family_t)af;
237.2.67 by Teddy Hogeborn
Four new interrelated features:
717
    ret = inet_pton(af, ip, &to.in6.sin6_addr);
718
  } else {			/* IPv4 */
719
    to.in.sin_family = (sa_family_t)af;
720
    ret = inet_pton(af, ip, &to.in.sin_addr);
721
  }
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
722
  if(ret < 0 ){
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
723
    int e = errno;
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
724
    perror_plus("inet_pton");
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
725
    errno = e;
237.2.121 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
726
    goto mandos_end;
38 by Teddy Hogeborn
* plugbasedclient.c (main): New "--userid" and "--groupid" options.
727
  }
13 by Björn Påhlsson
Added following support:
728
  if(ret == 0){
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
729
    int e = errno;
237.15.6 by Björn Påhlsson
replace calls to fprintf with fprintf_plus.
730
    fprintf_plus(stderr, "Bad address: %s\n", ip);
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
731
    errno = e;
237.2.121 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
732
    goto mandos_end;
13 by Björn Påhlsson
Added following support:
733
  }
237.2.67 by Teddy Hogeborn
Four new interrelated features:
734
  if(af == AF_INET6){
237.7.145 by Teddy Hogeborn
* plugins.d/mandos-client.c: Don't use assert(). Use in_port_t for
735
    to.in6.sin6_port = htons(port);    
237.2.67 by Teddy Hogeborn
Four new interrelated features:
736
    if(IN6_IS_ADDR_LINKLOCAL /* Spurious warnings from */
737
       (&to.in6.sin6_addr)){ /* -Wstrict-aliasing=2 or lower and
237.16.6 by teddy at bsnet
* plugins.d/mandos-client.c: Some white space fixes.
738
				-Wunreachable-code*/
237.2.67 by Teddy Hogeborn
Four new interrelated features:
739
      if(if_index == AVAHI_IF_UNSPEC){
237.16.9 by Teddy Hogeborn
* plugins.d/mandos-client.c: Merge unified printing system.
740
	fprintf_plus(stderr, "An IPv6 link-local address is"
741
		     " incomplete without a network interface\n");
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
742
	errno = EINVAL;
237.2.121 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
743
	goto mandos_end;
237.2.67 by Teddy Hogeborn
Four new interrelated features:
744
      }
745
      /* Set the network interface number as scope */
746
      to.in6.sin6_scope_id = (uint32_t)if_index;
747
    }
748
  } else {
749
    to.in.sin_port = htons(port); /* Spurious warnings from
237.2.30 by Teddy Hogeborn
* plugins.d/mandos-client.c: Only comment changes.
750
				     -Wconversion and
751
				     -Wunreachable-code */
237.2.67 by Teddy Hogeborn
Four new interrelated features:
752
  }
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
753
  
237.2.121 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
754
  if(quit_now){
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
755
    errno = EINTR;
237.2.121 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
756
    goto mandos_end;
757
  }
758
  
15.1.1 by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient
759
  if(debug){
237.2.67 by Teddy Hogeborn
Four new interrelated features:
760
    if(af == AF_INET6 and if_index != AVAHI_IF_UNSPEC){
761
      char interface[IF_NAMESIZE];
762
      if(if_indextoname((unsigned int)if_index, interface) == NULL){
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
763
	perror_plus("if_indextoname");
237.2.67 by Teddy Hogeborn
Four new interrelated features:
764
      } else {
237.7.145 by Teddy Hogeborn
* plugins.d/mandos-client.c: Don't use assert(). Use in_port_t for
765
	fprintf_plus(stderr, "Connection to: %s%%%s, port %" PRIuMAX
766
		     "\n", ip, interface, (uintmax_t)port);
237.2.67 by Teddy Hogeborn
Four new interrelated features:
767
      }
768
    } else {
237.7.145 by Teddy Hogeborn
* plugins.d/mandos-client.c: Don't use assert(). Use in_port_t for
769
      fprintf_plus(stderr, "Connection to: %s, port %" PRIuMAX "\n",
770
		   ip, (uintmax_t)port);
237.2.67 by Teddy Hogeborn
Four new interrelated features:
771
    }
772
    char addrstr[(INET_ADDRSTRLEN > INET6_ADDRSTRLEN) ?
773
		 INET_ADDRSTRLEN : INET6_ADDRSTRLEN] = "";
774
    const char *pcret;
775
    if(af == AF_INET6){
776
      pcret = inet_ntop(af, &(to.in6.sin6_addr), addrstr,
777
			sizeof(addrstr));
778
    } else {
779
      pcret = inet_ntop(af, &(to.in.sin_addr), addrstr,
780
			sizeof(addrstr));
781
    }
782
    if(pcret == NULL){
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
783
      perror_plus("inet_ntop");
37 by Teddy Hogeborn
Non-tested commit for merge purposes.
784
    } else {
785
      if(strcmp(addrstr, ip) != 0){
237.15.6 by Björn Påhlsson
replace calls to fprintf with fprintf_plus.
786
	fprintf_plus(stderr, "Canonical address form: %s\n", addrstr);
37 by Teddy Hogeborn
Non-tested commit for merge purposes.
787
      }
788
    }
15.1.1 by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient
789
  }
13 by Björn Påhlsson
Added following support:
790
  
237.2.121 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
791
  if(quit_now){
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
792
    errno = EINTR;
237.2.121 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
793
    goto mandos_end;
794
  }
795
  
237.2.67 by Teddy Hogeborn
Four new interrelated features:
796
  if(af == AF_INET6){
797
    ret = connect(tcp_sd, &to.in6, sizeof(to));
798
  } else {
799
    ret = connect(tcp_sd, &to.in, sizeof(to)); /* IPv4 */
800
  }
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
801
  if(ret < 0){
24.1.163 by Björn Påhlsson
mandos-client: Added never ending loop for --connect
802
    if ((errno != ECONNREFUSED and errno != ENETUNREACH) or debug){
803
      int e = errno;
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
804
      perror_plus("connect");
24.1.163 by Björn Påhlsson
mandos-client: Added never ending loop for --connect
805
      errno = e;
806
    }
237.2.121 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
807
    goto mandos_end;
808
  }
809
  
810
  if(quit_now){
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
811
    errno = EINTR;
237.2.121 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
812
    goto mandos_end;
13 by Björn Påhlsson
Added following support:
813
  }
143 by Teddy Hogeborn
* Makefile (mandos.8): Add dependency on "overview.xml" and
814
  
24.1.12 by Björn Påhlsson
merge +
815
  const char *out = mandos_protocol_version;
24.1.10 by Björn Påhlsson
merge commit
816
  written = 0;
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
817
  while(true){
24.1.10 by Björn Påhlsson
merge commit
818
    size_t out_size = strlen(out);
237.3.2 by Mooie
Fixed warnings in the 64 bit build. Added explicit cast to int for
819
    ret = (int)TEMP_FAILURE_RETRY(write(tcp_sd, out + written,
237.16.6 by teddy at bsnet
* plugins.d/mandos-client.c: Some white space fixes.
820
					out_size - written));
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
821
    if(ret == -1){
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
822
      int e = errno;
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
823
      perror_plus("write");
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
824
      errno = e;
24.1.12 by Björn Påhlsson
merge +
825
      goto mandos_end;
24.1.10 by Björn Påhlsson
merge commit
826
    }
24.1.12 by Björn Påhlsson
merge +
827
    written += (size_t)ret;
24.1.10 by Björn Påhlsson
merge commit
828
    if(written < out_size){
829
      continue;
830
    } else {
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
831
      if(out == mandos_protocol_version){
24.1.10 by Björn Påhlsson
merge commit
832
	written = 0;
833
	out = "\r\n";
834
      } else {
835
	break;
836
      }
837
    }
237.2.121 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
838
  
839
    if(quit_now){
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
840
      errno = EINTR;
237.2.121 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
841
      goto mandos_end;
842
    }
24.1.10 by Björn Påhlsson
merge commit
843
  }
143 by Teddy Hogeborn
* Makefile (mandos.8): Add dependency on "overview.xml" and
844
  
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
845
  if(debug){
237.15.6 by Björn Påhlsson
replace calls to fprintf with fprintf_plus.
846
    fprintf_plus(stderr, "Establishing TLS session with %s\n", ip);
15.1.1 by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient
847
  }
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
848
  
237.2.121 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
849
  if(quit_now){
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
850
    errno = EINTR;
237.2.121 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
851
    goto mandos_end;
852
  }
853
  
237.7.136 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Eliminate
854
  /* This casting via intptr_t is to eliminate warning about casting
855
     an int to a pointer type.  This is exactly how the GnuTLS Guile
856
     function "set-session-transport-fd!" does it. */
857
  gnutls_transport_set_ptr(session,
858
			   (gnutls_transport_ptr_t)(intptr_t)tcp_sd);
143 by Teddy Hogeborn
* Makefile (mandos.8): Add dependency on "overview.xml" and
859
  
237.2.121 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
860
  if(quit_now){
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
861
    errno = EINTR;
237.2.121 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
862
    goto mandos_end;
863
  }
864
  
237.2.126 by Teddy Hogeborn
* plugin-runner.c: Minor stylistic changes.
865
  do {
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
866
    ret = gnutls_handshake(session);
237.2.121 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
867
    if(quit_now){
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
868
      errno = EINTR;
237.2.121 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
869
      goto mandos_end;
870
    }
24.1.29 by Björn Påhlsson
Added more header file comments
871
  } while(ret == GNUTLS_E_AGAIN or ret == GNUTLS_E_INTERRUPTED);
13 by Björn Påhlsson
Added following support:
872
  
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
873
  if(ret != GNUTLS_E_SUCCESS){
25 by Teddy Hogeborn
* mandos-clients.conf ([DEFAULT]): New section.
874
    if(debug){
237.15.6 by Björn Påhlsson
replace calls to fprintf with fprintf_plus.
875
      fprintf_plus(stderr, "*** GnuTLS Handshake failed ***\n");
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
876
      gnutls_perror(ret);
25 by Teddy Hogeborn
* mandos-clients.conf ([DEFAULT]): New section.
877
    }
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
878
    errno = EPROTO;
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
879
    goto mandos_end;
13 by Björn Påhlsson
Added following support:
880
  }
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
881
  
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
882
  /* Read OpenPGP packet that contains the wanted password */
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
883
  
15.1.1 by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient
884
  if(debug){
237.16.9 by Teddy Hogeborn
* plugins.d/mandos-client.c: Merge unified printing system.
885
    fprintf_plus(stderr, "Retrieving OpenPGP encrypted password from"
886
		 " %s\n", ip);
15.1.1 by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient
887
  }
143 by Teddy Hogeborn
* Makefile (mandos.8): Add dependency on "overview.xml" and
888
  
13 by Björn Påhlsson
Added following support:
889
  while(true){
237.2.121 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
890
    
891
    if(quit_now){
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
892
      errno = EINTR;
237.2.121 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
893
      goto mandos_end;
894
    }
895
    
24.1.132 by Björn Påhlsson
Fixed a bug in fallback handling
896
    buffer_capacity = incbuffer(&buffer, buffer_length,
237.16.6 by teddy at bsnet
* plugins.d/mandos-client.c: Some white space fixes.
897
				buffer_capacity);
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
898
    if(buffer_capacity == 0){
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
899
      int e = errno;
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
900
      perror_plus("incbuffer");
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
901
      errno = e;
24.1.12 by Björn Påhlsson
merge +
902
      goto mandos_end;
13 by Björn Påhlsson
Added following support:
903
    }
904
    
237.2.121 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
905
    if(quit_now){
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
906
      errno = EINTR;
237.2.121 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
907
      goto mandos_end;
908
    }
909
    
237.3.2 by Mooie
Fixed warnings in the 64 bit build. Added explicit cast to int for
910
    sret = gnutls_record_recv(session, buffer+buffer_length,
911
			      BUFFER_SIZE);
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
912
    if(sret == 0){
13 by Björn Påhlsson
Added following support:
913
      break;
914
    }
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
915
    if(sret < 0){
237.3.2 by Mooie
Fixed warnings in the 64 bit build. Added explicit cast to int for
916
      switch(sret){
13 by Björn Påhlsson
Added following support:
917
      case GNUTLS_E_INTERRUPTED:
918
      case GNUTLS_E_AGAIN:
919
	break;
920
      case GNUTLS_E_REHANDSHAKE:
237.2.126 by Teddy Hogeborn
* plugin-runner.c: Minor stylistic changes.
921
	do {
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
922
	  ret = gnutls_handshake(session);
237.2.121 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
923
	  
924
	  if(quit_now){
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
925
	    errno = EINTR;
237.2.121 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
926
	    goto mandos_end;
927
	  }
24.1.29 by Björn Påhlsson
Added more header file comments
928
	} while(ret == GNUTLS_E_AGAIN or ret == GNUTLS_E_INTERRUPTED);
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
929
	if(ret < 0){
237.16.9 by Teddy Hogeborn
* plugins.d/mandos-client.c: Merge unified printing system.
930
	  fprintf_plus(stderr, "*** GnuTLS Re-handshake failed "
931
		       "***\n");
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
932
	  gnutls_perror(ret);
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
933
	  errno = EPROTO;
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
934
	  goto mandos_end;
13 by Björn Påhlsson
Added following support:
935
	}
936
	break;
937
      default:
237.15.6 by Björn Påhlsson
replace calls to fprintf with fprintf_plus.
938
	fprintf_plus(stderr, "Unknown error while reading data from"
237.16.9 by Teddy Hogeborn
* plugins.d/mandos-client.c: Merge unified printing system.
939
		     " encrypted session with Mandos server\n");
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
940
	gnutls_bye(session, GNUTLS_SHUT_RDWR);
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
941
	errno = EIO;
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
942
	goto mandos_end;
13 by Björn Påhlsson
Added following support:
943
      }
944
    } else {
237.3.2 by Mooie
Fixed warnings in the 64 bit build. Added explicit cast to int for
945
      buffer_length += (size_t) sret;
13 by Björn Påhlsson
Added following support:
946
    }
947
  }
15.1.1 by Björn Påhlsson
Added debugg support in form off --debug and --debug=mandosclient
948
  
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
949
  if(debug){
237.15.6 by Björn Påhlsson
replace calls to fprintf with fprintf_plus.
950
    fprintf_plus(stderr, "Closing TLS session\n");
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
951
  }
952
  
237.2.121 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
953
  if(quit_now){
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
954
    errno = EINTR;
237.2.134 by Teddy Hogeborn
* plugins.d/mandos-client.c (init_gnutls_session): Always fail and
955
    goto mandos_end;
956
  }
957
  
958
  do {
959
    ret = gnutls_bye(session, GNUTLS_SHUT_RDWR);
960
    if(quit_now){
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
961
      errno = EINTR;
237.2.134 by Teddy Hogeborn
* plugins.d/mandos-client.c (init_gnutls_session): Always fail and
962
      goto mandos_end;
963
    }
964
  } while(ret == GNUTLS_E_AGAIN or ret == GNUTLS_E_INTERRUPTED);
237.2.121 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
965
  
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
966
  if(buffer_length > 0){
237.2.125 by Teddy Hogeborn
* plugin-runner.c (getplugin, add_environment, main): Handle EINTR
967
    ssize_t decrypted_buffer_size;
237.16.6 by teddy at bsnet
* plugins.d/mandos-client.c: Some white space fixes.
968
    decrypted_buffer_size = pgp_packet_decrypt(buffer, buffer_length,
237.7.150 by Teddy Hogeborn
* plugins.d/mandos-client (mandos_context): Moved to inside "main()".
969
					       &decrypted_buffer, mc);
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
970
    if(decrypted_buffer_size >= 0){
237.2.124 by Teddy Hogeborn
* plugins.d/mandos-client.c (init_gpgme): Move variable "ret" into the
971
      
24.1.10 by Björn Påhlsson
merge commit
972
      written = 0;
28 by Teddy Hogeborn
* server.conf: New file.
973
      while(written < (size_t) decrypted_buffer_size){
237.2.121 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
974
	if(quit_now){
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
975
	  errno = EINTR;
237.2.121 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
976
	  goto mandos_end;
977
	}
978
	
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
979
	ret = (int)fwrite(decrypted_buffer + written, 1,
980
			  (size_t)decrypted_buffer_size - written,
981
			  stdout);
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
982
	if(ret == 0 and ferror(stdout)){
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
983
	  int e = errno;
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
984
	  if(debug){
237.15.6 by Björn Påhlsson
replace calls to fprintf with fprintf_plus.
985
	    fprintf_plus(stderr, "Error writing encrypted data: %s\n",
237.16.9 by Teddy Hogeborn
* plugins.d/mandos-client.c: Merge unified printing system.
986
			 strerror(errno));
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
987
	  }
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
988
	  errno = e;
237.2.135 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Bug fix:
989
	  goto mandos_end;
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
990
	}
22 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Cast "0" argument to
991
	written += (size_t)ret;
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
992
      }
237.2.135 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Bug fix:
993
      retval = 0;
13 by Björn Påhlsson
Added following support:
994
    }
995
  }
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
996
  
997
  /* Shutdown procedure */
998
  
999
 mandos_end:
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
1000
  {
1001
    int e = errno;
1002
    free(decrypted_buffer);
1003
    free(buffer);
1004
    if(tcp_sd >= 0){
1005
      ret = (int)TEMP_FAILURE_RETRY(close(tcp_sd));
1006
    }
1007
    if(ret == -1){
1008
      if(e == 0){
1009
	e = errno;
1010
      }
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
1011
      perror_plus("close");
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
1012
    }
1013
    gnutls_deinit(session);
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
1014
    errno = e;
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
1015
    if(quit_now){
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
1016
      errno = EINTR;
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
1017
      retval = -1;
1018
    }
237.2.121 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
1019
  }
13 by Björn Påhlsson
Added following support:
1020
  return retval;
1021
}
1022
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
1023
static void resolve_callback(AvahiSServiceResolver *r,
1024
			     AvahiIfIndex interface,
237.2.67 by Teddy Hogeborn
Four new interrelated features:
1025
			     AvahiProtocol proto,
39 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Renamed variables.
1026
			     AvahiResolverEvent event,
1027
			     const char *name,
1028
			     const char *type,
1029
			     const char *domain,
1030
			     const char *host_name,
1031
			     const AvahiAddress *address,
1032
			     uint16_t port,
1033
			     AVAHI_GCC_UNUSED AvahiStringList *txt,
1034
			     AVAHI_GCC_UNUSED AvahiLookupResultFlags
1035
			     flags,
237.7.150 by Teddy Hogeborn
* plugins.d/mandos-client (mandos_context): Moved to inside "main()".
1036
			     void* mc){
237.7.145 by Teddy Hogeborn
* plugins.d/mandos-client.c: Don't use assert(). Use in_port_t for
1037
  if(r == NULL){
1038
    return;
1039
  }
22 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Cast "0" argument to
1040
  
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
1041
  /* Called whenever a service has been resolved successfully or
1042
     timed out */
22 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Cast "0" argument to
1043
  
237.2.116 by Teddy Hogeborn
* plugins.d/mandos-client.c (quit_now): Move up declaration before
1044
  if(quit_now){
1045
    return;
1046
  }
1047
  
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1048
  switch(event){
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
1049
  default:
1050
  case AVAHI_RESOLVER_FAILURE:
237.16.9 by Teddy Hogeborn
* plugins.d/mandos-client.c: Merge unified printing system.
1051
    fprintf_plus(stderr, "(Avahi Resolver) Failed to resolve service "
1052
		 "'%s' of type '%s' in domain '%s': %s\n", name, type,
1053
		 domain,
237.7.150 by Teddy Hogeborn
* plugins.d/mandos-client (mandos_context): Moved to inside "main()".
1054
		 avahi_strerror(avahi_server_errno
1055
				(((mandos_context*)mc)->server)));
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
1056
    break;
22 by Teddy Hogeborn
* plugins.d/mandosclient.c (pgp_packet_decrypt): Cast "0" argument to
1057
    
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
1058
  case AVAHI_RESOLVER_FOUND:
1059
    {
1060
      char ip[AVAHI_ADDRESS_STR_MAX];
1061
      avahi_address_snprint(ip, sizeof(ip), address);
1062
      if(debug){
237.15.6 by Björn Påhlsson
replace calls to fprintf with fprintf_plus.
1063
	fprintf_plus(stderr, "Mandos server \"%s\" found on %s (%s, %"
237.16.9 by Teddy Hogeborn
* plugins.d/mandos-client.c: Merge unified printing system.
1064
		     PRIdMAX ") on port %" PRIu16 "\n", name,
1065
		     host_name, ip, (intmax_t)interface, port);
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
1066
      }
237.7.145 by Teddy Hogeborn
* plugins.d/mandos-client.c: Don't use assert(). Use in_port_t for
1067
      int ret = start_mandos_communication(ip, (in_port_t)port,
1068
					   interface,
237.7.150 by Teddy Hogeborn
* plugins.d/mandos-client (mandos_context): Moved to inside "main()".
1069
					   avahi_proto_to_af(proto),
1070
					   mc);
237.2.29 by Teddy Hogeborn
* plugin-runner.c: Only space changes.
1071
      if(ret == 0){
237.7.149 by Teddy Hogeborn
* plugins.d/mandos-client (mandos_context): Removed "simple_poll"
1072
	avahi_simple_poll_quit(simple_poll);
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
1073
      } else {
237.7.145 by Teddy Hogeborn
* plugins.d/mandos-client.c: Don't use assert(). Use in_port_t for
1074
	if(not add_server(ip, (in_port_t)port, interface,
237.7.150 by Teddy Hogeborn
* plugins.d/mandos-client (mandos_context): Moved to inside "main()".
1075
			  avahi_proto_to_af(proto),
1076
			  &((mandos_context*)mc)->current_server)){
237.11.27 by teddy at bsnet
* plugins.d/mandos-client.c (add_server): Return bool; all callers
1077
	  fprintf_plus(stderr, "Failed to add server \"%s\" to server"
1078
		       " list\n", name);
1079
	}
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
1080
      }
13 by Björn Påhlsson
Added following support:
1081
    }
21 by Teddy Hogeborn
* Makefile (CFLAGS): Changed to use $(WARN), $(DEBUG), $(COVERAGE) and
1082
  }
1083
  avahi_s_service_resolver_free(r);
13 by Björn Påhlsson
Added following support:
1084
}
1085
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1086
static void browse_callback(AvahiSServiceBrowser *b,
1087
			    AvahiIfIndex interface,
1088
			    AvahiProtocol protocol,
1089
			    AvahiBrowserEvent event,
1090
			    const char *name,
1091
			    const char *type,
1092
			    const char *domain,
1093
			    AVAHI_GCC_UNUSED AvahiLookupResultFlags
1094
			    flags,
237.7.150 by Teddy Hogeborn
* plugins.d/mandos-client (mandos_context): Moved to inside "main()".
1095
			    void* mc){
237.7.145 by Teddy Hogeborn
* plugins.d/mandos-client.c: Don't use assert(). Use in_port_t for
1096
  if(b == NULL){
1097
    return;
1098
  }
24.1.9 by Björn Påhlsson
not working midwork...
1099
  
1100
  /* Called whenever a new services becomes available on the LAN or
1101
     is removed from the LAN */
1102
  
237.2.121 by Teddy Hogeborn
* plugins.d/mandos-client.c (start_mandos_communication): Check
1103
  if(quit_now){
1104
    return;
1105
  }
1106
  
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1107
  switch(event){
24.1.9 by Björn Påhlsson
not working midwork...
1108
  default:
1109
  case AVAHI_BROWSER_FAILURE:
38 by Teddy Hogeborn
* plugbasedclient.c (main): New "--userid" and "--groupid" options.
1110
    
237.15.6 by Björn Påhlsson
replace calls to fprintf with fprintf_plus.
1111
    fprintf_plus(stderr, "(Avahi browser) %s\n",
237.7.150 by Teddy Hogeborn
* plugins.d/mandos-client (mandos_context): Moved to inside "main()".
1112
		 avahi_strerror(avahi_server_errno
1113
				(((mandos_context*)mc)->server)));
237.7.149 by Teddy Hogeborn
* plugins.d/mandos-client (mandos_context): Removed "simple_poll"
1114
    avahi_simple_poll_quit(simple_poll);
24.1.9 by Björn Påhlsson
not working midwork...
1115
    return;
38 by Teddy Hogeborn
* plugbasedclient.c (main): New "--userid" and "--groupid" options.
1116
    
24.1.9 by Björn Påhlsson
not working midwork...
1117
  case AVAHI_BROWSER_NEW:
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
1118
    /* We ignore the returned Avahi resolver object. In the callback
1119
       function we free it. If the Avahi server is terminated before
1120
       the callback function is called the Avahi server will free the
1121
       resolver for us. */
38 by Teddy Hogeborn
* plugbasedclient.c (main): New "--userid" and "--groupid" options.
1122
    
237.7.150 by Teddy Hogeborn
* plugins.d/mandos-client (mandos_context): Moved to inside "main()".
1123
    if(avahi_s_service_resolver_new(((mandos_context*)mc)->server,
1124
				    interface, protocol, name, type,
1125
				    domain, protocol, 0,
1126
				    resolve_callback, mc) == NULL)
237.16.9 by Teddy Hogeborn
* plugins.d/mandos-client.c: Merge unified printing system.
1127
      fprintf_plus(stderr, "Avahi: Failed to resolve service '%s':"
1128
		   " %s\n", name,
237.7.150 by Teddy Hogeborn
* plugins.d/mandos-client (mandos_context): Moved to inside "main()".
1129
		   avahi_strerror(avahi_server_errno
1130
				  (((mandos_context*)mc)->server)));
24.1.9 by Björn Påhlsson
not working midwork...
1131
    break;
38 by Teddy Hogeborn
* plugbasedclient.c (main): New "--userid" and "--groupid" options.
1132
    
24.1.9 by Björn Påhlsson
not working midwork...
1133
  case AVAHI_BROWSER_REMOVE:
1134
    break;
38 by Teddy Hogeborn
* plugbasedclient.c (main): New "--userid" and "--groupid" options.
1135
    
24.1.9 by Björn Påhlsson
not working midwork...
1136
  case AVAHI_BROWSER_ALL_FOR_NOW:
1137
  case AVAHI_BROWSER_CACHE_EXHAUSTED:
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
1138
    if(debug){
237.16.9 by Teddy Hogeborn
* plugins.d/mandos-client.c: Merge unified printing system.
1139
      fprintf_plus(stderr, "No Mandos server found, still"
1140
		   " searching...\n");
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
1141
    }
24.1.9 by Björn Påhlsson
not working midwork...
1142
    break;
1143
  }
13 by Björn Påhlsson
Added following support:
1144
}
1145
237.7.33 by Teddy Hogeborn
Merge from Björn.
1146
/* Signal handler that stops main loop after SIGTERM */
237.2.117 by Teddy Hogeborn
* plugins.d/mandos-client.c (signal_received): New.
1147
static void handle_sigterm(int sig){
237.2.71 by Teddy Hogeborn
* plugin-runner.c: Comment change.
1148
  if(quit_now){
1149
    return;
1150
  }
1151
  quit_now = 1;
237.2.117 by Teddy Hogeborn
* plugins.d/mandos-client.c (signal_received): New.
1152
  signal_received = sig;
24.1.134 by Björn Påhlsson
plugin-runner: Added support for empty string arguments
1153
  int old_errno = errno;
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
1154
  /* set main loop to exit */
237.7.149 by Teddy Hogeborn
* plugins.d/mandos-client (mandos_context): Removed "simple_poll"
1155
  if(simple_poll != NULL){
1156
    avahi_simple_poll_quit(simple_poll);
237.2.71 by Teddy Hogeborn
* plugin-runner.c: Comment change.
1157
  }
24.1.134 by Björn Påhlsson
plugin-runner: Added support for empty string arguments
1158
  errno = old_errno;
1159
}
1160
237.15.2 by teddy at bsnet
* plugins.d/mandos-client.c (good_interface): Use SIOCGIFFLAGS instead
1161
bool get_flags(const char *ifname, struct ifreq *ifr){
237.15.1 by teddy at bsnet
* plugins.d/mandos-client.c (good_interface): Use SIOCGIFFLAGS instead
1162
  int ret;
237.22.4 by Teddy Hogeborn
* plugins.d/mandos-client.c (get_flags): Don't clobber errno.
1163
  error_t ret_errno;
237.15.2 by teddy at bsnet
* plugins.d/mandos-client.c (good_interface): Use SIOCGIFFLAGS instead
1164
  
237.15.1 by teddy at bsnet
* plugins.d/mandos-client.c (good_interface): Use SIOCGIFFLAGS instead
1165
  int s = socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP);
1166
  if(s < 0){
237.22.4 by Teddy Hogeborn
* plugins.d/mandos-client.c (get_flags): Don't clobber errno.
1167
    ret_errno = errno;
237.15.1 by teddy at bsnet
* plugins.d/mandos-client.c (good_interface): Use SIOCGIFFLAGS instead
1168
    perror_plus("socket");
237.22.4 by Teddy Hogeborn
* plugins.d/mandos-client.c (get_flags): Don't clobber errno.
1169
    errno = ret_errno;
237.15.2 by teddy at bsnet
* plugins.d/mandos-client.c (good_interface): Use SIOCGIFFLAGS instead
1170
    return false;
237.15.1 by teddy at bsnet
* plugins.d/mandos-client.c (good_interface): Use SIOCGIFFLAGS instead
1171
  }
237.15.2 by teddy at bsnet
* plugins.d/mandos-client.c (good_interface): Use SIOCGIFFLAGS instead
1172
  strcpy(ifr->ifr_name, ifname);
1173
  ret = ioctl(s, SIOCGIFFLAGS, ifr);
237.15.1 by teddy at bsnet
* plugins.d/mandos-client.c (good_interface): Use SIOCGIFFLAGS instead
1174
  if(ret == -1){
269.1.2 by teddy at bsnet
* plugins.d/mandos-client.c: Added debug output.
1175
    if(debug){
237.22.4 by Teddy Hogeborn
* plugins.d/mandos-client.c (get_flags): Don't clobber errno.
1176
      ret_errno = errno;
237.15.1 by teddy at bsnet
* plugins.d/mandos-client.c (good_interface): Use SIOCGIFFLAGS instead
1177
      perror_plus("ioctl SIOCGIFFLAGS");
237.22.4 by Teddy Hogeborn
* plugins.d/mandos-client.c (get_flags): Don't clobber errno.
1178
      errno = ret_errno;
269.1.2 by teddy at bsnet
* plugins.d/mandos-client.c: Added debug output.
1179
    }
237.15.2 by teddy at bsnet
* plugins.d/mandos-client.c (good_interface): Use SIOCGIFFLAGS instead
1180
    return false;
269.1.1 by teddy at bsnet
* plugins.d/mandos-client.c: An empty interface name now means to
1181
  }
237.15.2 by teddy at bsnet
* plugins.d/mandos-client.c (good_interface): Use SIOCGIFFLAGS instead
1182
  return true;
1183
}
1184
1185
bool good_flags(const char *ifname, const struct ifreq *ifr){
1186
  
269.1.1 by teddy at bsnet
* plugins.d/mandos-client.c: An empty interface name now means to
1187
  /* Reject the loopback device */
237.15.2 by teddy at bsnet
* plugins.d/mandos-client.c (good_interface): Use SIOCGIFFLAGS instead
1188
  if(ifr->ifr_flags & IFF_LOOPBACK){
269.1.2 by teddy at bsnet
* plugins.d/mandos-client.c: Added debug output.
1189
    if(debug){
237.16.9 by Teddy Hogeborn
* plugins.d/mandos-client.c: Merge unified printing system.
1190
      fprintf_plus(stderr, "Rejecting loopback interface \"%s\"\n",
1191
		   ifname);
269.1.2 by teddy at bsnet
* plugins.d/mandos-client.c: Added debug output.
1192
    }
237.15.2 by teddy at bsnet
* plugins.d/mandos-client.c (good_interface): Use SIOCGIFFLAGS instead
1193
    return false;
269.1.1 by teddy at bsnet
* plugins.d/mandos-client.c: An empty interface name now means to
1194
  }
1195
  /* Accept point-to-point devices only if connect_to is specified */
237.15.2 by teddy at bsnet
* plugins.d/mandos-client.c (good_interface): Use SIOCGIFFLAGS instead
1196
  if(connect_to != NULL and (ifr->ifr_flags & IFF_POINTOPOINT)){
269.1.2 by teddy at bsnet
* plugins.d/mandos-client.c: Added debug output.
1197
    if(debug){
237.16.9 by Teddy Hogeborn
* plugins.d/mandos-client.c: Merge unified printing system.
1198
      fprintf_plus(stderr, "Accepting point-to-point interface"
1199
		   " \"%s\"\n", ifname);
269.1.2 by teddy at bsnet
* plugins.d/mandos-client.c: Added debug output.
1200
    }
237.15.2 by teddy at bsnet
* plugins.d/mandos-client.c (good_interface): Use SIOCGIFFLAGS instead
1201
    return true;
269.1.1 by teddy at bsnet
* plugins.d/mandos-client.c: An empty interface name now means to
1202
  }
1203
  /* Otherwise, reject non-broadcast-capable devices */
237.15.2 by teddy at bsnet
* plugins.d/mandos-client.c (good_interface): Use SIOCGIFFLAGS instead
1204
  if(not (ifr->ifr_flags & IFF_BROADCAST)){
269.1.2 by teddy at bsnet
* plugins.d/mandos-client.c: Added debug output.
1205
    if(debug){
237.16.9 by Teddy Hogeborn
* plugins.d/mandos-client.c: Merge unified printing system.
1206
      fprintf_plus(stderr, "Rejecting non-broadcast interface"
1207
		   " \"%s\"\n", ifname);
269.1.2 by teddy at bsnet
* plugins.d/mandos-client.c: Added debug output.
1208
    }
237.15.2 by teddy at bsnet
* plugins.d/mandos-client.c (good_interface): Use SIOCGIFFLAGS instead
1209
    return false;
269.1.1 by teddy at bsnet
* plugins.d/mandos-client.c: An empty interface name now means to
1210
  }
237.7.29 by teddy at bsnet
* plugins.d/mandos-client.c (good_interface): Reject non-ARP
1211
  /* Reject non-ARP interfaces (including dummy interfaces) */
237.15.2 by teddy at bsnet
* plugins.d/mandos-client.c (good_interface): Use SIOCGIFFLAGS instead
1212
  if(ifr->ifr_flags & IFF_NOARP){
237.7.29 by teddy at bsnet
* plugins.d/mandos-client.c (good_interface): Reject non-ARP
1213
    if(debug){
237.16.9 by Teddy Hogeborn
* plugins.d/mandos-client.c: Merge unified printing system.
1214
      fprintf_plus(stderr, "Rejecting non-ARP interface \"%s\"\n",
1215
		   ifname);
237.7.29 by teddy at bsnet
* plugins.d/mandos-client.c (good_interface): Reject non-ARP
1216
    }
237.15.2 by teddy at bsnet
* plugins.d/mandos-client.c (good_interface): Use SIOCGIFFLAGS instead
1217
    return false;
237.7.29 by teddy at bsnet
* plugins.d/mandos-client.c (good_interface): Reject non-ARP
1218
  }
237.15.2 by teddy at bsnet
* plugins.d/mandos-client.c (good_interface): Use SIOCGIFFLAGS instead
1219
  
269.1.1 by teddy at bsnet
* plugins.d/mandos-client.c: An empty interface name now means to
1220
  /* Accept this device */
269.1.2 by teddy at bsnet
* plugins.d/mandos-client.c: Added debug output.
1221
  if(debug){
237.15.6 by Björn Påhlsson
replace calls to fprintf with fprintf_plus.
1222
    fprintf_plus(stderr, "Interface \"%s\" is good\n", ifname);
237.15.2 by teddy at bsnet
* plugins.d/mandos-client.c (good_interface): Use SIOCGIFFLAGS instead
1223
  }
1224
  return true;
1225
}
1226
1227
/* 
1228
 * This function determines if a directory entry in /sys/class/net
1229
 * corresponds to an acceptable network device.
1230
 * (This function is passed to scandir(3) as a filter function.)
1231
 */
1232
int good_interface(const struct dirent *if_entry){
1233
  if(if_entry->d_name[0] == '.'){
1234
    return 0;
1235
  }
237.16.1 by teddy at bsnet
* plugins.d/mandos-client.c (good_interface): Add error message.
1236
  
237.15.2 by teddy at bsnet
* plugins.d/mandos-client.c (good_interface): Use SIOCGIFFLAGS instead
1237
  struct ifreq ifr;
1238
  if(not get_flags(if_entry->d_name, &ifr)){
237.16.1 by teddy at bsnet
* plugins.d/mandos-client.c (good_interface): Add error message.
1239
    if(debug){
237.16.9 by Teddy Hogeborn
* plugins.d/mandos-client.c: Merge unified printing system.
1240
      fprintf_plus(stderr, "Failed to get flags for interface "
1241
		   "\"%s\"\n", if_entry->d_name);
237.16.1 by teddy at bsnet
* plugins.d/mandos-client.c (good_interface): Add error message.
1242
    }
237.15.2 by teddy at bsnet
* plugins.d/mandos-client.c (good_interface): Use SIOCGIFFLAGS instead
1243
    return 0;
1244
  }
1245
  
1246
  if(not good_flags(if_entry->d_name, &ifr)){
1247
    return 0;
269.1.2 by teddy at bsnet
* plugins.d/mandos-client.c: Added debug output.
1248
  }
269.1.1 by teddy at bsnet
* plugins.d/mandos-client.c: An empty interface name now means to
1249
  return 1;
1250
}
1251
237.15.3 by Teddy Hogeborn
Intermediate commit - this does *not* work yet.
1252
/* 
237.22.4 by Teddy Hogeborn
* plugins.d/mandos-client.c (get_flags): Don't clobber errno.
1253
 * This function determines if a network interface is up.
1254
 */
1255
bool interface_is_up(const char *interface){
1256
  struct ifreq ifr;
1257
  if(not get_flags(interface, &ifr)){
1258
    if(debug){
1259
      fprintf_plus(stderr, "Failed to get flags for interface "
1260
		   "\"%s\"\n", interface);
1261
    }
1262
    return false;
1263
  }
1264
  
1265
  return (bool)(ifr.ifr_flags & IFF_UP);
1266
}
1267
1268
/* 
1269
 * This function determines if a network interface is running
1270
 */
1271
bool interface_is_running(const char *interface){
1272
  struct ifreq ifr;
1273
  if(not get_flags(interface, &ifr)){
1274
    if(debug){
1275
      fprintf_plus(stderr, "Failed to get flags for interface "
1276
		   "\"%s\"\n", interface);
1277
    }
1278
    return false;
1279
  }
1280
  
1281
  return (bool)(ifr.ifr_flags & IFF_RUNNING);
237.15.3 by Teddy Hogeborn
Intermediate commit - this does *not* work yet.
1282
}
1283
24.1.172 by Björn Påhlsson
using scandir instead of readdir
1284
int notdotentries(const struct dirent *direntry){
1285
  /* Skip "." and ".." */
1286
  if(direntry->d_name[0] == '.'
1287
     and (direntry->d_name[1] == '\0'
1288
	  or (direntry->d_name[1] == '.'
1289
	      and direntry->d_name[2] == '\0'))){
1290
    return 0;
1291
  }
1292
  return 1;
1293
}
1294
237.15.3 by Teddy Hogeborn
Intermediate commit - this does *not* work yet.
1295
/* Is this directory entry a runnable program? */
1296
int runnable_hook(const struct dirent *direntry){
1297
  int ret;
237.16.6 by teddy at bsnet
* plugins.d/mandos-client.c: Some white space fixes.
1298
  size_t sret;
237.15.3 by Teddy Hogeborn
Intermediate commit - this does *not* work yet.
1299
  struct stat st;
1300
  
1301
  if((direntry->d_name)[0] == '\0'){
1302
    /* Empty name? */
1303
    return 0;
1304
  }
1305
  
237.16.6 by teddy at bsnet
* plugins.d/mandos-client.c: Some white space fixes.
1306
  sret = strspn(direntry->d_name, "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
1307
		"abcdefghijklmnopqrstuvwxyz"
1308
		"0123456789"
1309
		"_-");
1310
  if((direntry->d_name)[sret] != '\0'){
1311
    /* Contains non-allowed characters */
1312
    if(debug){
237.15.6 by Björn Påhlsson
replace calls to fprintf with fprintf_plus.
1313
      fprintf_plus(stderr, "Ignoring hook \"%s\" with bad name\n",
237.16.9 by Teddy Hogeborn
* plugins.d/mandos-client.c: Merge unified printing system.
1314
		   direntry->d_name);
237.16.6 by teddy at bsnet
* plugins.d/mandos-client.c: Some white space fixes.
1315
    }
1316
    return 0;
1317
  }
237.15.3 by Teddy Hogeborn
Intermediate commit - this does *not* work yet.
1318
  
237.16.4 by teddy at bsnet
* plugins.d/mandos-client.c (runnable_hook): Bug fix: stat using the
1319
  char *fullname = NULL;
237.16.6 by teddy at bsnet
* plugins.d/mandos-client.c: Some white space fixes.
1320
  ret = asprintf(&fullname, "%s/%s", hookdir, direntry->d_name);
237.16.4 by teddy at bsnet
* plugins.d/mandos-client.c (runnable_hook): Bug fix: stat using the
1321
  if(ret < 0){
1322
    perror_plus("asprintf");
1323
    return 0;
1324
  }
1325
  
1326
  ret = stat(fullname, &st);
237.15.3 by Teddy Hogeborn
Intermediate commit - this does *not* work yet.
1327
  if(ret == -1){
1328
    if(debug){
237.16.6 by teddy at bsnet
* plugins.d/mandos-client.c: Some white space fixes.
1329
      perror_plus("Could not stat hook");
237.15.3 by Teddy Hogeborn
Intermediate commit - this does *not* work yet.
1330
    }
1331
    return 0;
1332
  }
237.16.1 by teddy at bsnet
* plugins.d/mandos-client.c (good_interface): Add error message.
1333
  if(not (S_ISREG(st.st_mode))){
237.15.3 by Teddy Hogeborn
Intermediate commit - this does *not* work yet.
1334
    /* Not a regular file */
237.16.6 by teddy at bsnet
* plugins.d/mandos-client.c: Some white space fixes.
1335
    if(debug){
237.15.6 by Björn Påhlsson
replace calls to fprintf with fprintf_plus.
1336
      fprintf_plus(stderr, "Ignoring hook \"%s\" - not a file\n",
237.16.9 by Teddy Hogeborn
* plugins.d/mandos-client.c: Merge unified printing system.
1337
		   direntry->d_name);
237.16.6 by teddy at bsnet
* plugins.d/mandos-client.c: Some white space fixes.
1338
    }
237.15.3 by Teddy Hogeborn
Intermediate commit - this does *not* work yet.
1339
    return 0;
1340
  }
1341
  if(not (st.st_mode & (S_IXUSR | S_IXGRP | S_IXOTH))){
1342
    /* Not executable */
237.16.6 by teddy at bsnet
* plugins.d/mandos-client.c: Some white space fixes.
1343
    if(debug){
237.15.6 by Björn Påhlsson
replace calls to fprintf with fprintf_plus.
1344
      fprintf_plus(stderr, "Ignoring hook \"%s\" - not executable\n",
237.16.9 by Teddy Hogeborn
* plugins.d/mandos-client.c: Merge unified printing system.
1345
		   direntry->d_name);
237.16.6 by teddy at bsnet
* plugins.d/mandos-client.c: Some white space fixes.
1346
    }
237.15.3 by Teddy Hogeborn
Intermediate commit - this does *not* work yet.
1347
    return 0;
1348
  }
237.16.12 by Teddy Hogeborn
* plugins.d/mandos-client.c (runnable_hook): Add debug output.
1349
  if(debug){
1350
    fprintf_plus(stderr, "Hook \"%s\" is acceptable\n",
1351
		 direntry->d_name);
1352
  }
237.15.3 by Teddy Hogeborn
Intermediate commit - this does *not* work yet.
1353
  return 1;
1354
}
1355
237.7.150 by Teddy Hogeborn
* plugins.d/mandos-client (mandos_context): Moved to inside "main()".
1356
int avahi_loop_with_timeout(AvahiSimplePoll *s, int retry_interval,
1357
			    mandos_context *mc){
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
1358
  int ret;
1359
  struct timespec now;
1360
  struct timespec waited_time;
1361
  intmax_t block_time;
237.7.39 by teddy at bsnet
* plugins.d/mandos-client.c (avahi_loop_with_timeout): Fix warning.
1362
  
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
1363
  while(true){
237.7.150 by Teddy Hogeborn
* plugins.d/mandos-client (mandos_context): Moved to inside "main()".
1364
    if(mc->current_server == NULL){
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
1365
      if (debug){
237.16.9 by Teddy Hogeborn
* plugins.d/mandos-client.c: Merge unified printing system.
1366
	fprintf_plus(stderr, "Wait until first server is found."
1367
		     " No timeout!\n");
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
1368
      }
1369
      ret = avahi_simple_poll_iterate(s, -1);
1370
    } else {
1371
      if (debug){
237.16.9 by Teddy Hogeborn
* plugins.d/mandos-client.c: Merge unified printing system.
1372
	fprintf_plus(stderr, "Check current_server if we should run"
1373
		     " it, or wait\n");
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
1374
      }
1375
      /* the current time */
1376
      ret = clock_gettime(CLOCK_MONOTONIC, &now);
1377
      if(ret == -1){
1378
	perror_plus("clock_gettime");
1379
	return -1;
1380
      }
1381
      /* Calculating in ms how long time between now and server
1382
	 who we visted longest time ago. Now - last seen.  */
237.7.33 by Teddy Hogeborn
Merge from Björn.
1383
      waited_time.tv_sec = (now.tv_sec
237.7.150 by Teddy Hogeborn
* plugins.d/mandos-client (mandos_context): Moved to inside "main()".
1384
			    - mc->current_server->last_seen.tv_sec);
237.7.33 by Teddy Hogeborn
Merge from Björn.
1385
      waited_time.tv_nsec = (now.tv_nsec
237.7.150 by Teddy Hogeborn
* plugins.d/mandos-client (mandos_context): Moved to inside "main()".
1386
			     - mc->current_server->last_seen.tv_nsec);
237.7.33 by Teddy Hogeborn
Merge from Björn.
1387
      /* total time is 10s/10,000ms.
1388
	 Converting to s from ms by dividing by 1,000,
1389
	 and ns to ms by dividing by 1,000,000. */
1390
      block_time = ((retry_interval
1391
		     - ((intmax_t)waited_time.tv_sec * 1000))
1392
		    - ((intmax_t)waited_time.tv_nsec / 1000000));
237.7.39 by teddy at bsnet
* plugins.d/mandos-client.c (avahi_loop_with_timeout): Fix warning.
1393
      
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
1394
      if (debug){
237.16.9 by Teddy Hogeborn
* plugins.d/mandos-client.c: Merge unified printing system.
1395
	fprintf_plus(stderr, "Blocking for %" PRIdMAX " ms\n",
1396
		     block_time);
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
1397
      }
237.7.39 by teddy at bsnet
* plugins.d/mandos-client.c (avahi_loop_with_timeout): Fix warning.
1398
      
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
1399
      if(block_time <= 0){
237.7.150 by Teddy Hogeborn
* plugins.d/mandos-client (mandos_context): Moved to inside "main()".
1400
	ret = start_mandos_communication(mc->current_server->ip,
1401
					 mc->current_server->port,
1402
					 mc->current_server->if_index,
1403
					 mc->current_server->af, mc);
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
1404
	if(ret == 0){
237.7.150 by Teddy Hogeborn
* plugins.d/mandos-client (mandos_context): Moved to inside "main()".
1405
	  avahi_simple_poll_quit(s);
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
1406
	  return 0;
1407
	}
237.7.33 by Teddy Hogeborn
Merge from Björn.
1408
	ret = clock_gettime(CLOCK_MONOTONIC,
237.7.150 by Teddy Hogeborn
* plugins.d/mandos-client (mandos_context): Moved to inside "main()".
1409
			    &mc->current_server->last_seen);
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
1410
	if(ret == -1){
1411
	  perror_plus("clock_gettime");
1412
	  return -1;
1413
	}
237.7.150 by Teddy Hogeborn
* plugins.d/mandos-client (mandos_context): Moved to inside "main()".
1414
	mc->current_server = mc->current_server->next;
237.7.33 by Teddy Hogeborn
Merge from Björn.
1415
	block_time = 0; 	/* Call avahi to find new Mandos
1416
				   servers, but don't block */
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
1417
      }
1418
      
1419
      ret = avahi_simple_poll_iterate(s, (int)block_time);
1420
    }
1421
    if(ret != 0){
237.16.3 by teddy at bsnet
* plugins.d/mandos-client.c: Prefix all printouts with "Mandos plugin
1422
      if (ret > 0 or errno != EINTR){
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
1423
	return (ret != 1) ? ret : 0;
1424
      }
1425
    }
1426
  }
1427
}
1428
237.22.1 by Teddy Hogeborn
* plugins.d/mandos-client.c: Refactoring.
1429
/* Set effective uid to 0, return errno */
237.22.3 by Teddy Hogeborn
* plugins.d/mandos-client.c (raise_privileges,
1430
error_t raise_privileges(void){
1431
  error_t old_errno = errno;
1432
  error_t ret_errno = 0;
237.22.1 by Teddy Hogeborn
* plugins.d/mandos-client.c: Refactoring.
1433
  if(seteuid(0) == -1){
237.22.3 by Teddy Hogeborn
* plugins.d/mandos-client.c (raise_privileges,
1434
    ret_errno = errno;
237.22.1 by Teddy Hogeborn
* plugins.d/mandos-client.c: Refactoring.
1435
    perror_plus("seteuid");
1436
  }
1437
  errno = old_errno;
1438
  return ret_errno;
1439
}
1440
1441
/* Set effective and real user ID to 0.  Return errno. */
237.22.3 by Teddy Hogeborn
* plugins.d/mandos-client.c (raise_privileges,
1442
error_t raise_privileges_permanently(void){
1443
  error_t old_errno = errno;
1444
  error_t ret_errno = raise_privileges();
237.22.1 by Teddy Hogeborn
* plugins.d/mandos-client.c: Refactoring.
1445
  if(ret_errno != 0){
1446
    errno = old_errno;
1447
    return ret_errno;
1448
  }
1449
  if(setuid(0) == -1){
237.22.3 by Teddy Hogeborn
* plugins.d/mandos-client.c (raise_privileges,
1450
    ret_errno = errno;
237.22.1 by Teddy Hogeborn
* plugins.d/mandos-client.c: Refactoring.
1451
    perror_plus("seteuid");
1452
  }
1453
  errno = old_errno;
1454
  return ret_errno;
1455
}
1456
1457
/* Set effective user ID to unprivileged saved user ID */
237.22.3 by Teddy Hogeborn
* plugins.d/mandos-client.c (raise_privileges,
1458
error_t lower_privileges(void){
1459
  error_t old_errno = errno;
1460
  error_t ret_errno = 0;
237.22.1 by Teddy Hogeborn
* plugins.d/mandos-client.c: Refactoring.
1461
  if(seteuid(uid) == -1){
237.22.3 by Teddy Hogeborn
* plugins.d/mandos-client.c (raise_privileges,
1462
    ret_errno = errno;
237.22.1 by Teddy Hogeborn
* plugins.d/mandos-client.c: Refactoring.
1463
    perror_plus("seteuid");
1464
  }
1465
  errno = old_errno;
1466
  return ret_errno;
1467
}
1468
237.22.4 by Teddy Hogeborn
* plugins.d/mandos-client.c (get_flags): Don't clobber errno.
1469
/* Lower privileges permanently */
1470
error_t lower_privileges_permanently(void){
1471
  error_t old_errno = errno;
1472
  error_t ret_errno = 0;
1473
  if(setuid(uid) == -1){
1474
    ret_errno = errno;
1475
    perror_plus("setuid");
1476
  }
1477
  errno = old_errno;
1478
  return ret_errno;
1479
}
1480
237.16.8 by Teddy Hogeborn
* plugins.d/mandos-client.c (run_network_hooks): New.
1481
bool run_network_hooks(const char *mode, const char *interface,
1482
		       const float delay){
1483
  struct dirent **direntries;
1484
  struct dirent *direntry;
1485
  int ret;
1486
  int numhooks = scandir(hookdir, &direntries, runnable_hook,
1487
			 alphasort);
1488
  if(numhooks == -1){
237.7.146 by Teddy Hogeborn
* plugins.d/mandos-client.c: Only print message about nonexisting
1489
    if(errno == ENOENT){
1490
      if(debug){
1491
	fprintf_plus(stderr, "Network hook directory \"%s\" not"
1492
		     " found\n", hookdir);
1493
      }
1494
    } else {
1495
      perror_plus("scandir");
1496
    }
237.16.8 by Teddy Hogeborn
* plugins.d/mandos-client.c (run_network_hooks): New.
1497
  } else {
1498
    int devnull = open("/dev/null", O_RDONLY);
1499
    for(int i = 0; i < numhooks; i++){
237.16.11 by Teddy Hogeborn
* Makefile (run-client): Add "--network-hook-dir" option.
1500
      direntry = direntries[i];
237.16.8 by Teddy Hogeborn
* plugins.d/mandos-client.c (run_network_hooks): New.
1501
      char *fullname = NULL;
1502
      ret = asprintf(&fullname, "%s/%s", hookdir, direntry->d_name);
1503
      if(ret < 0){
1504
	perror_plus("asprintf");
1505
	continue;
1506
      }
237.16.11 by Teddy Hogeborn
* Makefile (run-client): Add "--network-hook-dir" option.
1507
      if(debug){
1508
	fprintf_plus(stderr, "Running network hook \"%s\"\n",
1509
		     direntry->d_name);
1510
      }
237.16.8 by Teddy Hogeborn
* plugins.d/mandos-client.c (run_network_hooks): New.
1511
      pid_t hook_pid = fork();
1512
      if(hook_pid == 0){
1513
	/* Child */
237.16.16 by teddy at bsnet
* network-hooks.d/bridge: Use "/usr/sbin/brctl" explicitly.
1514
	/* Raise privileges */
237.22.1 by Teddy Hogeborn
* plugins.d/mandos-client.c: Refactoring.
1515
	raise_privileges_permanently();
237.16.16 by teddy at bsnet
* network-hooks.d/bridge: Use "/usr/sbin/brctl" explicitly.
1516
	/* Set group */
1517
	errno = 0;
1518
	ret = setgid(0);
1519
	if(ret == -1){
1520
	  perror_plus("setgid");
1521
	}
1522
	/* Reset supplementary groups */
1523
	errno = 0;
1524
	ret = setgroups(0, NULL);
1525
	if(ret == -1){
1526
	  perror_plus("setgroups");
1527
	}
237.16.8 by Teddy Hogeborn
* plugins.d/mandos-client.c (run_network_hooks): New.
1528
	dup2(devnull, STDIN_FILENO);
1529
	close(devnull);
1530
	dup2(STDERR_FILENO, STDOUT_FILENO);
1531
	ret = setenv("MANDOSNETHOOKDIR", hookdir, 1);
1532
	if(ret == -1){
1533
	  perror_plus("setenv");
237.16.15 by teddy at bsnet
* plugins.d/mandos-client.c (run_network_hooks): Do _exit() on failure
1534
	  _exit(EX_OSERR);
237.16.8 by Teddy Hogeborn
* plugins.d/mandos-client.c (run_network_hooks): New.
1535
	}
1536
	ret = setenv("DEVICE", interface, 1);
1537
	if(ret == -1){
1538
	  perror_plus("setenv");
237.16.15 by teddy at bsnet
* plugins.d/mandos-client.c (run_network_hooks): Do _exit() on failure
1539
	  _exit(EX_OSERR);
237.16.8 by Teddy Hogeborn
* plugins.d/mandos-client.c (run_network_hooks): New.
1540
	}
237.17.2 by Teddy Hogeborn
* network-hooks.d/wireless: Bug fix: Make executable.
1541
	ret = setenv("VERBOSITY", debug ? "1" : "0", 1);
237.16.8 by Teddy Hogeborn
* plugins.d/mandos-client.c (run_network_hooks): New.
1542
	if(ret == -1){
1543
	  perror_plus("setenv");
237.16.15 by teddy at bsnet
* plugins.d/mandos-client.c (run_network_hooks): Do _exit() on failure
1544
	  _exit(EX_OSERR);
237.16.8 by Teddy Hogeborn
* plugins.d/mandos-client.c (run_network_hooks): New.
1545
	}
1546
	ret = setenv("MODE", mode, 1);
1547
	if(ret == -1){
1548
	  perror_plus("setenv");
237.16.15 by teddy at bsnet
* plugins.d/mandos-client.c (run_network_hooks): Do _exit() on failure
1549
	  _exit(EX_OSERR);
237.16.8 by Teddy Hogeborn
* plugins.d/mandos-client.c (run_network_hooks): New.
1550
	}
1551
	char *delaystring;
1552
	ret = asprintf(&delaystring, "%f", delay);
1553
	if(ret == -1){
1554
	  perror_plus("asprintf");
237.16.15 by teddy at bsnet
* plugins.d/mandos-client.c (run_network_hooks): Do _exit() on failure
1555
	  _exit(EX_OSERR);
237.16.8 by Teddy Hogeborn
* plugins.d/mandos-client.c (run_network_hooks): New.
1556
	}
1557
	ret = setenv("DELAY", delaystring, 1);
1558
	if(ret == -1){
1559
	  free(delaystring);
1560
	  perror_plus("setenv");
237.16.15 by teddy at bsnet
* plugins.d/mandos-client.c (run_network_hooks): Do _exit() on failure
1561
	  _exit(EX_OSERR);
237.16.8 by Teddy Hogeborn
* plugins.d/mandos-client.c (run_network_hooks): New.
1562
	}
1563
	free(delaystring);
237.17.1 by teddy at recompile
Add wireless network hook
1564
	if(connect_to != NULL){
237.17.6 by Teddy Hogeborn
* plugins.d/mandos-client.c (run_network_hooks): Bug fix: setenv()
1565
	  ret = setenv("CONNECT", connect_to, 1);
237.17.1 by teddy at recompile
Add wireless network hook
1566
	  if(ret == -1){
1567
	    perror_plus("setenv");
1568
	    _exit(EX_OSERR);
1569
	  }
1570
	}
237.7.80 by teddy at bsnet
* plugins.d/mandos-client.c (fprintf_plus): Check format string.
1571
	if(execl(fullname, direntry->d_name, mode, NULL) == -1){
1572
	  perror_plus("execl");
1573
	  _exit(EXIT_FAILURE);
1574
	}
237.16.8 by Teddy Hogeborn
* plugins.d/mandos-client.c (run_network_hooks): New.
1575
      } else {
1576
	int status;
1577
	if(TEMP_FAILURE_RETRY(waitpid(hook_pid, &status, 0)) == -1){
1578
	  perror_plus("waitpid");
1579
	  free(fullname);
1580
	  continue;
1581
	}
1582
	if(WIFEXITED(status)){
1583
	  if(WEXITSTATUS(status) != 0){
237.16.9 by Teddy Hogeborn
* plugins.d/mandos-client.c: Merge unified printing system.
1584
	    fprintf_plus(stderr, "Warning: network hook \"%s\" exited"
1585
			 " with status %d\n", direntry->d_name,
1586
			 WEXITSTATUS(status));
237.16.8 by Teddy Hogeborn
* plugins.d/mandos-client.c (run_network_hooks): New.
1587
	    free(fullname);
1588
	    continue;
1589
	  }
1590
	} else if(WIFSIGNALED(status)){
237.16.9 by Teddy Hogeborn
* plugins.d/mandos-client.c: Merge unified printing system.
1591
	  fprintf_plus(stderr, "Warning: network hook \"%s\" died by"
1592
		       " signal %d\n", direntry->d_name,
1593
		       WTERMSIG(status));
237.16.8 by Teddy Hogeborn
* plugins.d/mandos-client.c (run_network_hooks): New.
1594
	  free(fullname);
1595
	  continue;
1596
	} else {
237.16.9 by Teddy Hogeborn
* plugins.d/mandos-client.c: Merge unified printing system.
1597
	  fprintf_plus(stderr, "Warning: network hook \"%s\""
1598
		       " crashed\n", direntry->d_name);
237.16.8 by Teddy Hogeborn
* plugins.d/mandos-client.c (run_network_hooks): New.
1599
	  free(fullname);
1600
	  continue;
1601
	}
1602
      }
1603
      free(fullname);
237.16.12 by Teddy Hogeborn
* plugins.d/mandos-client.c (runnable_hook): Add debug output.
1604
      if(debug){
1605
	fprintf_plus(stderr, "Network hook \"%s\" ran successfully\n",
1606
		     direntry->d_name);
237.16.8 by Teddy Hogeborn
* plugins.d/mandos-client.c (run_network_hooks): New.
1607
      }
1608
    }
1609
    close(devnull);
1610
  }
1611
  return true;
1612
}
1613
237.22.4 by Teddy Hogeborn
* plugins.d/mandos-client.c (get_flags): Don't clobber errno.
1614
error_t bring_up_interface(const char *const interface,
1615
			   const float delay){
237.22.1 by Teddy Hogeborn
* plugins.d/mandos-client.c: Refactoring.
1616
  int sd = -1;
237.22.4 by Teddy Hogeborn
* plugins.d/mandos-client.c (get_flags): Don't clobber errno.
1617
  error_t old_errno = errno;
1618
  error_t ret_errno = 0;
1619
  int ret, ret_setflags;
237.22.1 by Teddy Hogeborn
* plugins.d/mandos-client.c: Refactoring.
1620
  struct ifreq network;
237.22.4 by Teddy Hogeborn
* plugins.d/mandos-client.c (get_flags): Don't clobber errno.
1621
  unsigned int if_index = if_nametoindex(interface);
237.22.1 by Teddy Hogeborn
* plugins.d/mandos-client.c: Refactoring.
1622
  if(if_index == 0){
1623
    fprintf_plus(stderr, "No such interface: \"%s\"\n", interface);
237.22.2 by Teddy Hogeborn
* plugins.d/mandos-client.c (bring_up_interface): Bug fix: Return
1624
    errno = old_errno;
1625
    return ENXIO;
237.22.1 by Teddy Hogeborn
* plugins.d/mandos-client.c: Refactoring.
1626
  }
1627
  
1628
  if(quit_now){
237.22.2 by Teddy Hogeborn
* plugins.d/mandos-client.c (bring_up_interface): Bug fix: Return
1629
    errno = old_errno;
237.22.1 by Teddy Hogeborn
* plugins.d/mandos-client.c: Refactoring.
1630
    return EINTR;
1631
  }
1632
  
237.22.4 by Teddy Hogeborn
* plugins.d/mandos-client.c (get_flags): Don't clobber errno.
1633
  if(not interface_is_up(interface)){
1634
    if(not get_flags(interface, &network) and debug){
1635
      ret_errno = errno;
1636
      fprintf_plus(stderr, "Failed to get flags for interface "
1637
		   "\"%s\"\n", interface);
1638
      return ret_errno;
1639
    }
237.22.1 by Teddy Hogeborn
* plugins.d/mandos-client.c: Refactoring.
1640
    network.ifr_flags |= IFF_UP;
237.22.4 by Teddy Hogeborn
* plugins.d/mandos-client.c (get_flags): Don't clobber errno.
1641
    
1642
    sd = socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP);
1643
    if(sd < 0){
1644
      ret_errno = errno;
1645
      perror_plus("socket");
1646
      errno = old_errno;
1647
      return ret_errno;
1648
    }
1649
  
1650
    if(quit_now){
1651
      close(sd);
1652
      errno = old_errno;
1653
      return EINTR;
1654
    }
1655
    
1656
    if(debug){
1657
      fprintf_plus(stderr, "Bringing up interface \"%s\"\n",
1658
		   interface);
1659
    }
1660
    
1661
    /* Raise priviliges */
1662
    raise_privileges();
1663
    
1664
#ifdef __linux__
1665
    /* Lower kernel loglevel to KERN_NOTICE to avoid KERN_INFO
1666
       messages about the network interface to mess up the prompt */
1667
    int ret_linux = klogctl(8, NULL, 5);
1668
    bool restore_loglevel = true;
1669
    if(ret_linux == -1){
1670
      restore_loglevel = false;
1671
      perror_plus("klogctl");
1672
    }
1673
#endif	/* __linux__ */
1674
    ret_setflags = ioctl(sd, SIOCSIFFLAGS, &network);
1675
    ret_errno = errno;
1676
#ifdef __linux__
1677
    if(restore_loglevel){
1678
      ret_linux = klogctl(7, NULL, 0);
1679
      if(ret_linux == -1){
1680
	perror_plus("klogctl");
1681
      }
1682
    }
1683
#endif	/* __linux__ */
1684
    
1685
    /* Lower privileges */
1686
    lower_privileges();
1687
    
1688
    /* Close the socket */
1689
    ret = (int)TEMP_FAILURE_RETRY(close(sd));
237.22.1 by Teddy Hogeborn
* plugins.d/mandos-client.c: Refactoring.
1690
    if(ret == -1){
237.22.4 by Teddy Hogeborn
* plugins.d/mandos-client.c (get_flags): Don't clobber errno.
1691
      perror_plus("close");
1692
    }
1693
    
1694
    if(ret_setflags == -1){
1695
      errno = ret_errno;
237.22.1 by Teddy Hogeborn
* plugins.d/mandos-client.c: Refactoring.
1696
      perror_plus("ioctl SIOCSIFFLAGS +IFF_UP");
237.22.2 by Teddy Hogeborn
* plugins.d/mandos-client.c (bring_up_interface): Bug fix: Return
1697
      errno = old_errno;
1698
      return ret_errno;
237.22.1 by Teddy Hogeborn
* plugins.d/mandos-client.c: Refactoring.
1699
    }
237.22.4 by Teddy Hogeborn
* plugins.d/mandos-client.c (get_flags): Don't clobber errno.
1700
  } else if(debug){
1701
    fprintf_plus(stderr, "Interface \"%s\" is already up; good\n",
1702
		 interface);
237.22.1 by Teddy Hogeborn
* plugins.d/mandos-client.c: Refactoring.
1703
  }
237.22.4 by Teddy Hogeborn
* plugins.d/mandos-client.c (get_flags): Don't clobber errno.
1704
  
237.22.1 by Teddy Hogeborn
* plugins.d/mandos-client.c: Refactoring.
1705
  /* Sleep checking until interface is running.
1706
     Check every 0.25s, up to total time of delay */
1707
  for(int i=0; i < delay * 4; i++){
237.22.4 by Teddy Hogeborn
* plugins.d/mandos-client.c (get_flags): Don't clobber errno.
1708
    if(interface_is_running(interface)){
237.22.1 by Teddy Hogeborn
* plugins.d/mandos-client.c: Refactoring.
1709
      break;
1710
    }
1711
    struct timespec sleeptime = { .tv_nsec = 250000000 };
1712
    ret = nanosleep(&sleeptime, NULL);
1713
    if(ret == -1 and errno != EINTR){
1714
      perror_plus("nanosleep");
1715
    }
1716
  }
237.22.4 by Teddy Hogeborn
* plugins.d/mandos-client.c (get_flags): Don't clobber errno.
1717
  
1718
  errno = old_errno;
1719
  return 0;
1720
}
1721
1722
error_t take_down_interface(const char *const interface){
1723
  int sd = -1;
1724
  error_t old_errno = errno;
1725
  error_t ret_errno = 0;
1726
  int ret, ret_setflags;
1727
  struct ifreq network;
1728
  unsigned int if_index = if_nametoindex(interface);
1729
  if(if_index == 0){
1730
    fprintf_plus(stderr, "No such interface: \"%s\"\n", interface);
1731
    errno = old_errno;
1732
    return ENXIO;
237.22.1 by Teddy Hogeborn
* plugins.d/mandos-client.c: Refactoring.
1733
  }
237.22.4 by Teddy Hogeborn
* plugins.d/mandos-client.c (get_flags): Don't clobber errno.
1734
  if(interface_is_up(interface)){
1735
    if(not get_flags(interface, &network) and debug){
1736
      ret_errno = errno;
1737
      fprintf_plus(stderr, "Failed to get flags for interface "
1738
		   "\"%s\"\n", interface);
1739
      return ret_errno;
1740
    }
1741
    network.ifr_flags &= ~(short)IFF_UP; /* clear flag */
1742
    
1743
    sd = socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP);
1744
    if(sd < 0){
1745
      ret_errno = errno;
1746
      perror_plus("socket");
1747
      errno = old_errno;
1748
      return ret_errno;
1749
    }
1750
    
1751
    if(debug){
1752
      fprintf_plus(stderr, "Taking down interface \"%s\"\n",
1753
		   interface);
1754
    }
1755
    
1756
    /* Raise priviliges */
1757
    raise_privileges();
1758
    
1759
    ret_setflags = ioctl(sd, SIOCSIFFLAGS, &network);
1760
    ret_errno = errno;
1761
    
1762
    /* Lower privileges */
1763
    lower_privileges();
1764
    
1765
    /* Close the socket */
1766
    ret = (int)TEMP_FAILURE_RETRY(close(sd));
237.22.1 by Teddy Hogeborn
* plugins.d/mandos-client.c: Refactoring.
1767
    if(ret == -1){
237.22.4 by Teddy Hogeborn
* plugins.d/mandos-client.c (get_flags): Don't clobber errno.
1768
      perror_plus("close");
1769
    }
1770
    
1771
    if(ret_setflags == -1){
1772
      errno = ret_errno;
1773
      perror_plus("ioctl SIOCSIFFLAGS -IFF_UP");
1774
      errno = old_errno;
1775
      return ret_errno;
1776
    }
1777
  } else if(debug){
1778
    fprintf_plus(stderr, "Interface \"%s\" is already down; odd\n",
1779
		 interface);
237.22.1 by Teddy Hogeborn
* plugins.d/mandos-client.c: Refactoring.
1780
  }
237.22.4 by Teddy Hogeborn
* plugins.d/mandos-client.c (get_flags): Don't clobber errno.
1781
  
237.22.2 by Teddy Hogeborn
* plugins.d/mandos-client.c (bring_up_interface): Bug fix: Return
1782
  errno = old_errno;
1783
  return 0;
237.22.1 by Teddy Hogeborn
* plugins.d/mandos-client.c: Refactoring.
1784
}
1785
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
1786
int main(int argc, char *argv[]){
237.7.150 by Teddy Hogeborn
* plugins.d/mandos-client (mandos_context): Moved to inside "main()".
1787
  mandos_context mc = { .server = NULL, .dh_bits = 1024,
1788
			.priority = "SECURE256:!CTYPE-X.509:"
237.7.151 by Teddy Hogeborn
* plugins.d/mandos-client (mandos_context): New "interfaces" and
1789
			"+CTYPE-OPENPGP", .current_server = NULL, 
1790
			.interfaces = NULL, .interfaces_size = 0 };
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1791
  AvahiSServiceBrowser *sb = NULL;
237.22.4 by Teddy Hogeborn
* plugins.d/mandos-client.c (get_flags): Don't clobber errno.
1792
  error_t ret_errno;
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1793
  int ret;
1794
  intmax_t tmpmax;
237.2.74 by Teddy Hogeborn
Overflows are not detected by sscanf(), so stop using it:
1795
  char *tmp;
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1796
  int exitcode = EXIT_SUCCESS;
237.22.4 by Teddy Hogeborn
* plugins.d/mandos-client.c (get_flags): Don't clobber errno.
1797
  char *interfaces_to_take_down = NULL;
1798
  size_t interfaces_to_take_down_size = 0;
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1799
  char tempdir[] = "/tmp/mandosXXXXXX";
1800
  bool tempdir_created = false;
1801
  AvahiIfIndex if_index = AVAHI_IF_UNSPEC;
1802
  const char *seckey = PATHDIR "/" SECKEY;
1803
  const char *pubkey = PATHDIR "/" PUBKEY;
237.22.4 by Teddy Hogeborn
* plugins.d/mandos-client.c (get_flags): Don't clobber errno.
1804
  char *interfaces_hooks = NULL;
1805
  size_t interfaces_hooks_size = 0;
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1806
  
1807
  bool gnutls_initialized = false;
1808
  bool gpgme_initialized = false;
237.2.74 by Teddy Hogeborn
Overflows are not detected by sscanf(), so stop using it:
1809
  float delay = 2.5f;
237.7.33 by Teddy Hogeborn
Merge from Björn.
1810
  double retry_interval = 10; /* 10s between trying a server and
1811
				 retrying the same server again */
237.2.74 by Teddy Hogeborn
Overflows are not detected by sscanf(), so stop using it:
1812
  
237.2.132 by Teddy Hogeborn
* init.d-mandos (Required-Start, Required-Stop): Bug fix: Added
1813
  struct sigaction old_sigterm_action = { .sa_handler = SIG_DFL };
24.1.134 by Björn Påhlsson
plugin-runner: Added support for empty string arguments
1814
  struct sigaction sigterm_action = { .sa_handler = handle_sigterm };
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1815
  
237.2.131 by Teddy Hogeborn
* plugins.d/mandos-client.c (init_gnutls_session): Retry interrupted
1816
  uid = getuid();
1817
  gid = getgid();
1818
  
1819
  /* Lower any group privileges we might have, just to be safe */
1820
  errno = 0;
1821
  ret = setgid(gid);
1822
  if(ret == -1){
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
1823
    perror_plus("setgid");
237.2.131 by Teddy Hogeborn
* plugins.d/mandos-client.c (init_gnutls_session): Retry interrupted
1824
  }
1825
  
1826
  /* Lower user privileges (temporarily) */
1827
  errno = 0;
1828
  ret = seteuid(uid);
1829
  if(ret == -1){
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
1830
    perror_plus("seteuid");
237.2.131 by Teddy Hogeborn
* plugins.d/mandos-client.c (init_gnutls_session): Retry interrupted
1831
  }
1832
  
1833
  if(quit_now){
1834
    goto end;
1835
  }
1836
  
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1837
  {
1838
    struct argp_option options[] = {
1839
      { .name = "debug", .key = 128,
1840
	.doc = "Debug mode", .group = 3 },
1841
      { .name = "connect", .key = 'c',
1842
	.arg = "ADDRESS:PORT",
1843
	.doc = "Connect directly to a specific Mandos server",
1844
	.group = 1 },
1845
      { .name = "interface", .key = 'i',
1846
	.arg = "NAME",
237.2.67 by Teddy Hogeborn
Four new interrelated features:
1847
	.doc = "Network interface that will be used to search for"
1848
	" Mandos servers",
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1849
	.group = 1 },
1850
      { .name = "seckey", .key = 's',
1851
	.arg = "FILE",
1852
	.doc = "OpenPGP secret key file base name",
1853
	.group = 1 },
1854
      { .name = "pubkey", .key = 'p',
1855
	.arg = "FILE",
1856
	.doc = "OpenPGP public key file base name",
1857
	.group = 2 },
1858
      { .name = "dh-bits", .key = 129,
1859
	.arg = "BITS",
1860
	.doc = "Bit length of the prime number used in the"
1861
	" Diffie-Hellman key exchange",
1862
	.group = 2 },
1863
      { .name = "priority", .key = 130,
1864
	.arg = "STRING",
1865
	.doc = "GnuTLS priority string for the TLS handshake",
1866
	.group = 1 },
1867
      { .name = "delay", .key = 131,
1868
	.arg = "SECONDS",
1869
	.doc = "Maximum delay to wait for interface startup",
1870
	.group = 2 },
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
1871
      { .name = "retry", .key = 132,
1872
	.arg = "SECONDS",
237.17.1 by teddy at recompile
Add wireless network hook
1873
	.doc = "Retry interval used when denied by the Mandos server",
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
1874
	.group = 2 },
237.16.4 by teddy at bsnet
* plugins.d/mandos-client.c (runnable_hook): Bug fix: stat using the
1875
      { .name = "network-hook-dir", .key = 133,
1876
	.arg = "DIR",
1877
	.doc = "Directory where network hooks are located",
1878
	.group = 2 },
237.2.157 by Teddy Hogeborn
Convert some programs to use the exit codes from <sysexits.h>. Change
1879
      /*
1880
       * These reproduce what we would get without ARGP_NO_HELP
1881
       */
1882
      { .name = "help", .key = '?',
1883
	.doc = "Give this help list", .group = -1 },
1884
      { .name = "usage", .key = -3,
1885
	.doc = "Give a short usage message", .group = -1 },
1886
      { .name = "version", .key = 'V',
1887
	.doc = "Print program version", .group = -1 },
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1888
      { .name = NULL }
1889
    };
1890
    
1891
    error_t parse_opt(int key, char *arg,
1892
		      struct argp_state *state){
237.2.157 by Teddy Hogeborn
Convert some programs to use the exit codes from <sysexits.h>. Change
1893
      errno = 0;
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1894
      switch(key){
1895
      case 128:			/* --debug */
1896
	debug = true;
1897
	break;
1898
      case 'c':			/* --connect */
1899
	connect_to = arg;
1900
	break;
1901
      case 'i':			/* --interface */
237.7.151 by Teddy Hogeborn
* plugins.d/mandos-client (mandos_context): New "interfaces" and
1902
	ret_errno = argz_add_sep(&mc.interfaces, &mc.interfaces_size,
1903
				 arg, (int)',');
237.22.4 by Teddy Hogeborn
* plugins.d/mandos-client.c (get_flags): Don't clobber errno.
1904
	if(ret_errno != 0){
1905
	  argp_error(state, "%s", strerror(ret_errno));
1906
	}
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1907
	break;
1908
      case 's':			/* --seckey */
1909
	seckey = arg;
1910
	break;
1911
      case 'p':			/* --pubkey */
1912
	pubkey = arg;
1913
	break;
1914
      case 129:			/* --dh-bits */
237.2.74 by Teddy Hogeborn
Overflows are not detected by sscanf(), so stop using it:
1915
	errno = 0;
1916
	tmpmax = strtoimax(arg, &tmp, 10);
1917
	if(errno != 0 or tmp == arg or *tmp != '\0'
1918
	   or tmpmax != (typeof(mc.dh_bits))tmpmax){
237.2.157 by Teddy Hogeborn
Convert some programs to use the exit codes from <sysexits.h>. Change
1919
	  argp_error(state, "Bad number of DH bits");
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1920
	}
1921
	mc.dh_bits = (typeof(mc.dh_bits))tmpmax;
1922
	break;
1923
      case 130:			/* --priority */
1924
	mc.priority = arg;
1925
	break;
1926
      case 131:			/* --delay */
237.2.74 by Teddy Hogeborn
Overflows are not detected by sscanf(), so stop using it:
1927
	errno = 0;
1928
	delay = strtof(arg, &tmp);
1929
	if(errno != 0 or tmp == arg or *tmp != '\0'){
237.2.157 by Teddy Hogeborn
Convert some programs to use the exit codes from <sysexits.h>. Change
1930
	  argp_error(state, "Bad delay");
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1931
	}
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
1932
      case 132:			/* --retry */
1933
	errno = 0;
1934
	retry_interval = strtod(arg, &tmp);
1935
	if(errno != 0 or tmp == arg or *tmp != '\0'
237.7.39 by teddy at bsnet
* plugins.d/mandos-client.c (avahi_loop_with_timeout): Fix warning.
1936
	   or (retry_interval * 1000) > INT_MAX
1937
	   or retry_interval < 0){
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
1938
	  argp_error(state, "Bad retry interval");
1939
	}
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1940
	break;
237.16.4 by teddy at bsnet
* plugins.d/mandos-client.c (runnable_hook): Bug fix: stat using the
1941
      case 133:			/* --network-hook-dir */
1942
	hookdir = arg;
1943
	break;
237.2.157 by Teddy Hogeborn
Convert some programs to use the exit codes from <sysexits.h>. Change
1944
	/*
1945
	 * These reproduce what we would get without ARGP_NO_HELP
1946
	 */
1947
      case '?':			/* --help */
1948
	argp_state_help(state, state->out_stream,
1949
			(ARGP_HELP_STD_HELP | ARGP_HELP_EXIT_ERR)
1950
			& ~(unsigned int)ARGP_HELP_EXIT_OK);
1951
      case -3:			/* --usage */
1952
	argp_state_help(state, state->out_stream,
1953
			ARGP_HELP_USAGE | ARGP_HELP_EXIT_ERR);
1954
      case 'V':			/* --version */
237.15.6 by Björn Påhlsson
replace calls to fprintf with fprintf_plus.
1955
	fprintf_plus(state->out_stream, "%s\n", argp_program_version);
237.2.157 by Teddy Hogeborn
Convert some programs to use the exit codes from <sysexits.h>. Change
1956
	exit(argp_err_exit_status);
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1957
	break;
1958
      default:
1959
	return ARGP_ERR_UNKNOWN;
1960
      }
237.2.157 by Teddy Hogeborn
Convert some programs to use the exit codes from <sysexits.h>. Change
1961
      return errno;
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1962
    }
1963
    
1964
    struct argp argp = { .options = options, .parser = parse_opt,
1965
			 .args_doc = "",
1966
			 .doc = "Mandos client -- Get and decrypt"
1967
			 " passwords from a Mandos server" };
237.2.157 by Teddy Hogeborn
Convert some programs to use the exit codes from <sysexits.h>. Change
1968
    ret = argp_parse(&argp, argc, argv,
1969
		     ARGP_IN_ORDER | ARGP_NO_HELP, 0, NULL);
1970
    switch(ret){
1971
    case 0:
1972
      break;
1973
    case ENOMEM:
1974
    default:
1975
      errno = ret;
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
1976
      perror_plus("argp_parse");
237.2.157 by Teddy Hogeborn
Convert some programs to use the exit codes from <sysexits.h>. Change
1977
      exitcode = EX_OSERR;
1978
      goto end;
1979
    case EINVAL:
1980
      exitcode = EX_USAGE;
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
1981
      goto end;
1982
    }
1983
  }
237.7.35 by Teddy Hogeborn
* initramfs-tools-script: Abort if plugin-runner is missing. Removed
1984
    
237.16.16 by teddy at bsnet
* network-hooks.d/bridge: Use "/usr/sbin/brctl" explicitly.
1985
  {
237.7.35 by Teddy Hogeborn
* initramfs-tools-script: Abort if plugin-runner is missing. Removed
1986
    /* Work around Debian bug #633582:
1987
       <http://bugs.debian.org/633582> */
1988
    
1989
    /* Re-raise priviliges */
237.22.1 by Teddy Hogeborn
* plugins.d/mandos-client.c: Refactoring.
1990
    if(raise_privileges() == 0){
237.16.16 by teddy at bsnet
* network-hooks.d/bridge: Use "/usr/sbin/brctl" explicitly.
1991
      struct stat st;
1992
      
1993
      if(strcmp(seckey, PATHDIR "/" SECKEY) == 0){
1994
	int seckey_fd = open(seckey, O_RDONLY);
1995
	if(seckey_fd == -1){
1996
	  perror_plus("open");
1997
	} else {
1998
	  ret = (int)TEMP_FAILURE_RETRY(fstat(seckey_fd, &st));
1999
	  if(ret == -1){
2000
	    perror_plus("fstat");
2001
	  } else {
2002
	    if(S_ISREG(st.st_mode)
2003
	       and st.st_uid == 0 and st.st_gid == 0){
2004
	      ret = fchown(seckey_fd, uid, gid);
2005
	      if(ret == -1){
2006
		perror_plus("fchown");
2007
	      }
2008
	    }
2009
	  }
2010
	  TEMP_FAILURE_RETRY(close(seckey_fd));
2011
	}
2012
      }
2013
    
2014
      if(strcmp(pubkey, PATHDIR "/" PUBKEY) == 0){
2015
	int pubkey_fd = open(pubkey, O_RDONLY);
2016
	if(pubkey_fd == -1){
2017
	  perror_plus("open");
2018
	} else {
2019
	  ret = (int)TEMP_FAILURE_RETRY(fstat(pubkey_fd, &st));
2020
	  if(ret == -1){
2021
	    perror_plus("fstat");
2022
	  } else {
2023
	    if(S_ISREG(st.st_mode)
2024
	       and st.st_uid == 0 and st.st_gid == 0){
2025
	      ret = fchown(pubkey_fd, uid, gid);
2026
	      if(ret == -1){
2027
		perror_plus("fchown");
2028
	      }
2029
	    }
2030
	  }
2031
	  TEMP_FAILURE_RETRY(close(pubkey_fd));
2032
	}
2033
      }
2034
    
237.16.11 by Teddy Hogeborn
* Makefile (run-client): Add "--network-hook-dir" option.
2035
      /* Lower privileges */
237.7.152 by Teddy Hogeborn
* plugins.d/mandos-client (start_mandos_communication): Bug fix; skip
2036
      lower_privileges();
237.15.3 by Teddy Hogeborn
Intermediate commit - this does *not* work yet.
2037
    }
2038
  }
2039
  
237.7.152 by Teddy Hogeborn
* plugins.d/mandos-client (start_mandos_communication): Bug fix; skip
2040
  /* Remove invalid interface names (except "none") */
237.22.4 by Teddy Hogeborn
* plugins.d/mandos-client.c (get_flags): Don't clobber errno.
2041
  {
2042
    char *interface = NULL;
237.7.151 by Teddy Hogeborn
* plugins.d/mandos-client (mandos_context): New "interfaces" and
2043
    while((interface = argz_next(mc.interfaces, mc.interfaces_size,
237.22.4 by Teddy Hogeborn
* plugins.d/mandos-client.c (get_flags): Don't clobber errno.
2044
				 interface))){
237.7.152 by Teddy Hogeborn
* plugins.d/mandos-client (start_mandos_communication): Bug fix; skip
2045
      if(strcmp(interface, "none") != 0
2046
	 and if_nametoindex(interface) == 0){
2047
	if(interface[0] != '\0'){
237.22.4 by Teddy Hogeborn
* plugins.d/mandos-client.c (get_flags): Don't clobber errno.
2048
	  fprintf_plus(stderr, "Not using nonexisting interface"
2049
		       " \"%s\"\n", interface);
2050
	}
237.7.151 by Teddy Hogeborn
* plugins.d/mandos-client (mandos_context): New "interfaces" and
2051
	argz_delete(&mc.interfaces, &mc.interfaces_size, interface);
237.22.4 by Teddy Hogeborn
* plugins.d/mandos-client.c (get_flags): Don't clobber errno.
2052
	interface = NULL;
2053
      }
2054
    }
2055
  }
2056
  
237.16.16 by teddy at bsnet
* network-hooks.d/bridge: Use "/usr/sbin/brctl" explicitly.
2057
  /* Run network hooks */
237.22.4 by Teddy Hogeborn
* plugins.d/mandos-client.c (get_flags): Don't clobber errno.
2058
  {
237.7.151 by Teddy Hogeborn
* plugins.d/mandos-client (mandos_context): New "interfaces" and
2059
    if(mc.interfaces != NULL){
2060
      interfaces_hooks = malloc(mc.interfaces_size);
237.7.147 by Teddy Hogeborn
* plugins.d/mandos-client.c (main): Bug fix: Set DEVICE environment
2061
      if(interfaces_hooks == NULL){
2062
	perror_plus("malloc");
2063
	goto end;
2064
      }
237.7.151 by Teddy Hogeborn
* plugins.d/mandos-client (mandos_context): New "interfaces" and
2065
      memcpy(interfaces_hooks, mc.interfaces, mc.interfaces_size);
2066
      interfaces_hooks_size = mc.interfaces_size;
237.7.147 by Teddy Hogeborn
* plugins.d/mandos-client.c (main): Bug fix: Set DEVICE environment
2067
      argz_stringify(interfaces_hooks, interfaces_hooks_size,
2068
		     (int)',');
237.22.4 by Teddy Hogeborn
* plugins.d/mandos-client.c (get_flags): Don't clobber errno.
2069
    }
237.7.147 by Teddy Hogeborn
* plugins.d/mandos-client.c (main): Bug fix: Set DEVICE environment
2070
    if(not run_network_hooks("start", interfaces_hooks != NULL ?
2071
			     interfaces_hooks : "", delay)){
237.22.4 by Teddy Hogeborn
* plugins.d/mandos-client.c (get_flags): Don't clobber errno.
2072
      goto end;
2073
    }
237.16.16 by teddy at bsnet
* network-hooks.d/bridge: Use "/usr/sbin/brctl" explicitly.
2074
  }
2075
  
24.1.135 by Björn Påhlsson
Earlier signal handling
2076
  if(not debug){
2077
    avahi_set_log_function(empty_log);
2078
  }
237.15.3 by Teddy Hogeborn
Intermediate commit - this does *not* work yet.
2079
  
24.1.135 by Björn Påhlsson
Earlier signal handling
2080
  /* Initialize Avahi early so avahi_simple_poll_quit() can be called
2081
     from the signal handler */
2082
  /* Initialize the pseudo-RNG for Avahi */
2083
  srand((unsigned int) time(NULL));
237.7.149 by Teddy Hogeborn
* plugins.d/mandos-client (mandos_context): Removed "simple_poll"
2084
  simple_poll = avahi_simple_poll_new();
2085
  if(simple_poll == NULL){
237.16.9 by Teddy Hogeborn
* plugins.d/mandos-client.c: Merge unified printing system.
2086
    fprintf_plus(stderr,
2087
		 "Avahi: Failed to create simple poll object.\n");
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
2088
    exitcode = EX_UNAVAILABLE;
24.1.135 by Björn Påhlsson
Earlier signal handling
2089
    goto end;
2090
  }
237.2.72 by Teddy Hogeborn
Merge from Björn:
2091
  
24.1.135 by Björn Påhlsson
Earlier signal handling
2092
  sigemptyset(&sigterm_action.sa_mask);
237.2.72 by Teddy Hogeborn
Merge from Björn:
2093
  ret = sigaddset(&sigterm_action.sa_mask, SIGINT);
2094
  if(ret == -1){
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
2095
    perror_plus("sigaddset");
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
2096
    exitcode = EX_OSERR;
237.2.72 by Teddy Hogeborn
Merge from Björn:
2097
    goto end;
2098
  }
2099
  ret = sigaddset(&sigterm_action.sa_mask, SIGHUP);
2100
  if(ret == -1){
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
2101
    perror_plus("sigaddset");
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
2102
    exitcode = EX_OSERR;
237.2.72 by Teddy Hogeborn
Merge from Björn:
2103
    goto end;
2104
  }
24.1.135 by Björn Påhlsson
Earlier signal handling
2105
  ret = sigaddset(&sigterm_action.sa_mask, SIGTERM);
2106
  if(ret == -1){
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
2107
    perror_plus("sigaddset");
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
2108
    exitcode = EX_OSERR;
24.1.135 by Björn Påhlsson
Earlier signal handling
2109
    goto end;
2110
  }
237.2.120 by Teddy Hogeborn
* plugins.d/mandos-client.c (main): Do not handle ignored signals.
2111
  /* Need to check if the handler is SIG_IGN before handling:
2112
     | [[info:libc:Initial Signal Actions]] |
2113
     | [[info:libc:Basic Signal Handling]]  |
2114
  */
2115
  ret = sigaction(SIGINT, NULL, &old_sigterm_action);
2116
  if(ret == -1){
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
2117
    perror_plus("sigaction");
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
2118
    return EX_OSERR;
237.2.120 by Teddy Hogeborn
* plugins.d/mandos-client.c (main): Do not handle ignored signals.
2119
  }
2120
  if(old_sigterm_action.sa_handler != SIG_IGN){
2121
    ret = sigaction(SIGINT, &sigterm_action, NULL);
2122
    if(ret == -1){
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
2123
      perror_plus("sigaction");
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
2124
      exitcode = EX_OSERR;
237.2.120 by Teddy Hogeborn
* plugins.d/mandos-client.c (main): Do not handle ignored signals.
2125
      goto end;
2126
    }
2127
  }
2128
  ret = sigaction(SIGHUP, NULL, &old_sigterm_action);
2129
  if(ret == -1){
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
2130
    perror_plus("sigaction");
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
2131
    return EX_OSERR;
237.2.120 by Teddy Hogeborn
* plugins.d/mandos-client.c (main): Do not handle ignored signals.
2132
  }
2133
  if(old_sigterm_action.sa_handler != SIG_IGN){
2134
    ret = sigaction(SIGHUP, &sigterm_action, NULL);
2135
    if(ret == -1){
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
2136
      perror_plus("sigaction");
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
2137
      exitcode = EX_OSERR;
237.2.120 by Teddy Hogeborn
* plugins.d/mandos-client.c (main): Do not handle ignored signals.
2138
      goto end;
2139
    }
2140
  }
2141
  ret = sigaction(SIGTERM, NULL, &old_sigterm_action);
2142
  if(ret == -1){
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
2143
    perror_plus("sigaction");
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
2144
    return EX_OSERR;
237.2.120 by Teddy Hogeborn
* plugins.d/mandos-client.c (main): Do not handle ignored signals.
2145
  }
2146
  if(old_sigterm_action.sa_handler != SIG_IGN){
2147
    ret = sigaction(SIGTERM, &sigterm_action, NULL);
2148
    if(ret == -1){
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
2149
      perror_plus("sigaction");
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
2150
      exitcode = EX_OSERR;
237.2.120 by Teddy Hogeborn
* plugins.d/mandos-client.c (main): Do not handle ignored signals.
2151
      goto end;
2152
    }
237.2.117 by Teddy Hogeborn
* plugins.d/mandos-client.c (signal_received): New.
2153
  }
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
2154
  
237.22.4 by Teddy Hogeborn
* plugins.d/mandos-client.c (get_flags): Don't clobber errno.
2155
  /* If no interfaces were specified, make a list */
237.7.151 by Teddy Hogeborn
* plugins.d/mandos-client (mandos_context): New "interfaces" and
2156
  if(mc.interfaces == NULL){
237.22.4 by Teddy Hogeborn
* plugins.d/mandos-client.c (get_flags): Don't clobber errno.
2157
    struct dirent **direntries;
2158
    /* Look for any good interfaces */
2159
    ret = scandir(sys_class_net, &direntries, good_interface,
2160
		  alphasort);
2161
    if(ret >= 1){
2162
      /* Add all found interfaces to interfaces list */
2163
      for(int i = 0; i < ret; ++i){
237.7.151 by Teddy Hogeborn
* plugins.d/mandos-client (mandos_context): New "interfaces" and
2164
	ret_errno = argz_add(&mc.interfaces, &mc.interfaces_size,
237.22.4 by Teddy Hogeborn
* plugins.d/mandos-client.c (get_flags): Don't clobber errno.
2165
			     direntries[i]->d_name);
2166
	if(ret_errno != 0){
2167
	  perror_plus("argz_add");
2168
	  continue;
2169
	}
2170
	if(debug){
2171
	  fprintf_plus(stderr, "Will use interface \"%s\"\n",
2172
		       direntries[i]->d_name);
2173
	}
2174
      }
2175
      free(direntries);
2176
    } else {
2177
      free(direntries);
2178
      fprintf_plus(stderr, "Could not find a network interface\n");
2179
      exitcode = EXIT_FAILURE;
2180
      goto end;
2181
    }
2182
  }
2183
  
2184
  /* Bring up interfaces which are down */
237.7.152 by Teddy Hogeborn
* plugins.d/mandos-client (start_mandos_communication): Bug fix; skip
2185
  {
237.22.4 by Teddy Hogeborn
* plugins.d/mandos-client.c (get_flags): Don't clobber errno.
2186
    char *interface = NULL;
237.7.151 by Teddy Hogeborn
* plugins.d/mandos-client (mandos_context): New "interfaces" and
2187
    while((interface = argz_next(mc.interfaces, mc.interfaces_size,
237.22.4 by Teddy Hogeborn
* plugins.d/mandos-client.c (get_flags): Don't clobber errno.
2188
				 interface))){
237.7.152 by Teddy Hogeborn
* plugins.d/mandos-client (start_mandos_communication): Bug fix; skip
2189
      /* If interface name is "none", stop bringing up interfaces.
2190
	 Also remove all instances of "none" from the list */
2191
      if(strcmp(interface, "none") == 0){
2192
	argz_delete(&mc.interfaces, &mc.interfaces_size,
2193
		    interface);
2194
	interface = NULL;
2195
	while((interface = argz_next(mc.interfaces,
2196
				     mc.interfaces_size, interface))){
2197
	  if(strcmp(interface, "none") == 0){
2198
	    argz_delete(&mc.interfaces, &mc.interfaces_size,
2199
			interface);
2200
	    interface = NULL;
2201
	  }
2202
	}
2203
	break;
2204
      }
237.22.4 by Teddy Hogeborn
* plugins.d/mandos-client.c (get_flags): Don't clobber errno.
2205
      bool interface_was_up = interface_is_up(interface);
2206
      ret = bring_up_interface(interface, delay);
2207
      if(not interface_was_up){
2208
	if(ret != 0){
2209
	  errno = ret;
2210
	  perror_plus("Failed to bring up interface");
2211
	} else {
2212
	  ret_errno = argz_add(&interfaces_to_take_down,
2213
			       &interfaces_to_take_down_size,
2214
			       interface);
2215
	}
2216
      }
2217
    }
2218
    if(debug and (interfaces_to_take_down == NULL)){
2219
      fprintf_plus(stderr, "No interfaces were brought up\n");
237.2.128 by Teddy Hogeborn
* plugins.d/mandos-client.c (main): Bug fix: Check result of setgid().
2220
    }
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
2221
  }
2222
  
237.7.152 by Teddy Hogeborn
* plugins.d/mandos-client (start_mandos_communication): Bug fix; skip
2223
  /* If we only got one interface, explicitly use only that one */
2224
  if(argz_count(mc.interfaces, mc.interfaces_size) == 1){
2225
    if(debug){
2226
      fprintf_plus(stderr, "Using only interface \"%s\"\n",
2227
		   mc.interfaces);
2228
    }
2229
    if_index = (AvahiIfIndex)if_nametoindex(mc.interfaces);
2230
  }
2231
  
237.2.116 by Teddy Hogeborn
* plugins.d/mandos-client.c (quit_now): Move up declaration before
2232
  if(quit_now){
2233
    goto end;
2234
  }
2235
  
237.7.150 by Teddy Hogeborn
* plugins.d/mandos-client (mandos_context): Moved to inside "main()".
2236
  ret = init_gnutls_global(pubkey, seckey, &mc);
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
2237
  if(ret == -1){
237.15.6 by Björn Påhlsson
replace calls to fprintf with fprintf_plus.
2238
    fprintf_plus(stderr, "init_gnutls_global failed\n");
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
2239
    exitcode = EX_UNAVAILABLE;
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
2240
    goto end;
2241
  } else {
2242
    gnutls_initialized = true;
2243
  }
2244
  
237.2.116 by Teddy Hogeborn
* plugins.d/mandos-client.c (quit_now): Move up declaration before
2245
  if(quit_now){
2246
    goto end;
2247
  }
2248
  
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
2249
  if(mkdtemp(tempdir) == NULL){
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
2250
    perror_plus("mkdtemp");
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
2251
    goto end;
2252
  }
24.1.172 by Björn Påhlsson
using scandir instead of readdir
2253
  tempdir_created = true;
237.2.116 by Teddy Hogeborn
* plugins.d/mandos-client.c (quit_now): Move up declaration before
2254
  
2255
  if(quit_now){
2256
    goto end;
2257
  }
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
2258
  
237.7.150 by Teddy Hogeborn
* plugins.d/mandos-client (mandos_context): Moved to inside "main()".
2259
  if(not init_gpgme(pubkey, seckey, tempdir, &mc)){
237.15.6 by Björn Påhlsson
replace calls to fprintf with fprintf_plus.
2260
    fprintf_plus(stderr, "init_gpgme failed\n");
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
2261
    exitcode = EX_UNAVAILABLE;
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
2262
    goto end;
2263
  } else {
2264
    gpgme_initialized = true;
2265
  }
2266
  
237.2.116 by Teddy Hogeborn
* plugins.d/mandos-client.c (quit_now): Move up declaration before
2267
  if(quit_now){
2268
    goto end;
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
2269
  }
2270
  
2271
  if(connect_to != NULL){
2272
    /* Connect directly, do not use Zeroconf */
2273
    /* (Mainly meant for debugging) */
2274
    char *address = strrchr(connect_to, ':');
237.22.1 by Teddy Hogeborn
* plugins.d/mandos-client.c: Refactoring.
2275
    
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
2276
    if(address == NULL){
237.15.6 by Björn Påhlsson
replace calls to fprintf with fprintf_plus.
2277
      fprintf_plus(stderr, "No colon in address\n");
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
2278
      exitcode = EX_USAGE;
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
2279
      goto end;
2280
    }
237.2.116 by Teddy Hogeborn
* plugins.d/mandos-client.c (quit_now): Move up declaration before
2281
    
2282
    if(quit_now){
2283
      goto end;
2284
    }
2285
    
237.7.145 by Teddy Hogeborn
* plugins.d/mandos-client.c: Don't use assert(). Use in_port_t for
2286
    in_port_t port;
237.2.74 by Teddy Hogeborn
Overflows are not detected by sscanf(), so stop using it:
2287
    errno = 0;
2288
    tmpmax = strtoimax(address+1, &tmp, 10);
2289
    if(errno != 0 or tmp == address+1 or *tmp != '\0'
237.7.145 by Teddy Hogeborn
* plugins.d/mandos-client.c: Don't use assert(). Use in_port_t for
2290
       or tmpmax != (in_port_t)tmpmax){
237.15.6 by Björn Påhlsson
replace calls to fprintf with fprintf_plus.
2291
      fprintf_plus(stderr, "Bad port number\n");
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
2292
      exitcode = EX_USAGE;
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
2293
      goto end;
2294
    }
237.7.152 by Teddy Hogeborn
* plugins.d/mandos-client (start_mandos_communication): Bug fix; skip
2295
    
237.2.116 by Teddy Hogeborn
* plugins.d/mandos-client.c (quit_now): Move up declaration before
2296
    if(quit_now){
2297
      goto end;
2298
    }
2299
    
237.7.145 by Teddy Hogeborn
* plugins.d/mandos-client.c: Don't use assert(). Use in_port_t for
2300
    port = (in_port_t)tmpmax;
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
2301
    *address = '\0';
237.2.67 by Teddy Hogeborn
Four new interrelated features:
2302
    /* Colon in address indicates IPv6 */
2303
    int af;
237.7.39 by teddy at bsnet
* plugins.d/mandos-client.c (avahi_loop_with_timeout): Fix warning.
2304
    if(strchr(connect_to, ':') != NULL){
237.2.67 by Teddy Hogeborn
Four new interrelated features:
2305
      af = AF_INET6;
237.7.39 by teddy at bsnet
* plugins.d/mandos-client.c (avahi_loop_with_timeout): Fix warning.
2306
      /* Accept [] around IPv6 address - see RFC 5952 */
2307
      if(connect_to[0] == '[' and address[-1] == ']')
2308
	{
2309
	  connect_to++;
2310
	  address[-1] = '\0';
2311
	}
237.2.67 by Teddy Hogeborn
Four new interrelated features:
2312
    } else {
2313
      af = AF_INET;
2314
    }
237.7.39 by teddy at bsnet
* plugins.d/mandos-client.c (avahi_loop_with_timeout): Fix warning.
2315
    address = connect_to;
237.2.116 by Teddy Hogeborn
* plugins.d/mandos-client.c (quit_now): Move up declaration before
2316
    
2317
    if(quit_now){
2318
      goto end;
2319
    }
237.7.39 by teddy at bsnet
* plugins.d/mandos-client.c (avahi_loop_with_timeout): Fix warning.
2320
    
24.1.163 by Björn Påhlsson
mandos-client: Added never ending loop for --connect
2321
    while(not quit_now){
237.7.150 by Teddy Hogeborn
* plugins.d/mandos-client (mandos_context): Moved to inside "main()".
2322
      ret = start_mandos_communication(address, port, if_index, af,
2323
				       &mc);
24.1.163 by Björn Påhlsson
mandos-client: Added never ending loop for --connect
2324
      if(quit_now or ret == 0){
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
2325
	break;
2326
      }
237.7.39 by teddy at bsnet
* plugins.d/mandos-client.c (avahi_loop_with_timeout): Fix warning.
2327
      if(debug){
237.16.9 by Teddy Hogeborn
* plugins.d/mandos-client.c: Merge unified printing system.
2328
	fprintf_plus(stderr, "Retrying in %d seconds\n",
2329
		     (int)retry_interval);
237.7.39 by teddy at bsnet
* plugins.d/mandos-client.c (avahi_loop_with_timeout): Fix warning.
2330
      }
2331
      sleep((int)retry_interval);
237.7.40 by Teddy Hogeborn
* plugins.d/mandos-client.c (main): Do not even try to work around
2332
    }
2333
    
24.1.163 by Björn Påhlsson
mandos-client: Added never ending loop for --connect
2334
    if (not quit_now){
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
2335
      exitcode = EXIT_SUCCESS;
2336
    }
237.15.3 by Teddy Hogeborn
Intermediate commit - this does *not* work yet.
2337
    
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
2338
    goto end;
2339
  }
237.2.116 by Teddy Hogeborn
* plugins.d/mandos-client.c (quit_now): Move up declaration before
2340
  
2341
  if(quit_now){
2342
    goto end;
2343
  }
2344
  
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
2345
  {
2346
    AvahiServerConfig config;
2347
    /* Do not publish any local Zeroconf records */
2348
    avahi_server_config_init(&config);
2349
    config.publish_hinfo = 0;
2350
    config.publish_addresses = 0;
2351
    config.publish_workstation = 0;
2352
    config.publish_domain = 0;
2353
    
2354
    /* Allocate a new server */
237.7.149 by Teddy Hogeborn
* plugins.d/mandos-client (mandos_context): Removed "simple_poll"
2355
    mc.server = avahi_server_new(avahi_simple_poll_get(simple_poll),
2356
				 &config, NULL, NULL, &ret_errno);
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
2357
    
2358
    /* Free the Avahi configuration data */
2359
    avahi_server_config_free(&config);
2360
  }
2361
  
2362
  /* Check if creating the Avahi server object succeeded */
2363
  if(mc.server == NULL){
237.15.6 by Björn Påhlsson
replace calls to fprintf with fprintf_plus.
2364
    fprintf_plus(stderr, "Failed to create Avahi server: %s\n",
237.22.4 by Teddy Hogeborn
* plugins.d/mandos-client.c (get_flags): Don't clobber errno.
2365
		 avahi_strerror(ret_errno));
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
2366
    exitcode = EX_UNAVAILABLE;
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
2367
    goto end;
2368
  }
2369
  
237.2.116 by Teddy Hogeborn
* plugins.d/mandos-client.c (quit_now): Move up declaration before
2370
  if(quit_now){
2371
    goto end;
2372
  }
2373
  
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
2374
  /* Create the Avahi service browser */
2375
  sb = avahi_s_service_browser_new(mc.server, if_index,
237.2.76 by Teddy Hogeborn
* plugins.d/mandos-client.c (browse_callback, main): Do not require
2376
				   AVAHI_PROTO_UNSPEC, "_mandos._tcp",
237.7.150 by Teddy Hogeborn
* plugins.d/mandos-client (mandos_context): Moved to inside "main()".
2377
				   NULL, 0, browse_callback,
2378
				   (void *)&mc);
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
2379
  if(sb == NULL){
237.15.6 by Björn Påhlsson
replace calls to fprintf with fprintf_plus.
2380
    fprintf_plus(stderr, "Failed to create service browser: %s\n",
237.16.9 by Teddy Hogeborn
* plugins.d/mandos-client.c: Merge unified printing system.
2381
		 avahi_strerror(avahi_server_errno(mc.server)));
237.2.162 by Teddy Hogeborn
* Makefile (BROKEN_PIE): Add comment.
2382
    exitcode = EX_UNAVAILABLE;
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
2383
    goto end;
2384
  }
237.2.70 by Teddy Hogeborn
Merge from Björn:
2385
  
237.2.116 by Teddy Hogeborn
* plugins.d/mandos-client.c (quit_now): Move up declaration before
2386
  if(quit_now){
2387
    goto end;
2388
  }
2389
  
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
2390
  /* Run the main loop */
2391
  
2392
  if(debug){
237.15.6 by Björn Påhlsson
replace calls to fprintf with fprintf_plus.
2393
    fprintf_plus(stderr, "Starting Avahi loop search\n");
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
2394
  }
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
2395
237.7.149 by Teddy Hogeborn
* plugins.d/mandos-client (mandos_context): Removed "simple_poll"
2396
  ret = avahi_loop_with_timeout(simple_poll,
237.7.150 by Teddy Hogeborn
* plugins.d/mandos-client (mandos_context): Moved to inside "main()".
2397
				(int)(retry_interval * 1000), &mc);
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
2398
  if(debug){
237.15.6 by Björn Påhlsson
replace calls to fprintf with fprintf_plus.
2399
    fprintf_plus(stderr, "avahi_loop_with_timeout exited %s\n",
237.16.9 by Teddy Hogeborn
* plugins.d/mandos-client.c: Merge unified printing system.
2400
		 (ret == 0) ? "successfully" : "with error");
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
2401
  }
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
2402
  
40 by Teddy Hogeborn
* plugins.d/mandosclient.c (initgnutls): Moved "err" variable into its
2403
 end:
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
2404
  
2405
  if(debug){
237.15.6 by Björn Påhlsson
replace calls to fprintf with fprintf_plus.
2406
    fprintf_plus(stderr, "%s exiting\n", argv[0]);
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
2407
  }
2408
  
2409
  /* Cleanup things */
237.7.152 by Teddy Hogeborn
* plugins.d/mandos-client (start_mandos_communication): Bug fix; skip
2410
  free(mc.interfaces);
2411
  
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
2412
  if(sb != NULL)
2413
    avahi_s_service_browser_free(sb);
2414
  
2415
  if(mc.server != NULL)
2416
    avahi_server_free(mc.server);
2417
  
237.7.149 by Teddy Hogeborn
* plugins.d/mandos-client (mandos_context): Removed "simple_poll"
2418
  if(simple_poll != NULL)
2419
    avahi_simple_poll_free(simple_poll);
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
2420
  
2421
  if(gnutls_initialized){
2422
    gnutls_certificate_free_credentials(mc.cred);
2423
    gnutls_global_deinit();
2424
    gnutls_dh_params_deinit(mc.dh_params);
2425
  }
2426
  
2427
  if(gpgme_initialized){
2428
    gpgme_release(mc.ctx);
2429
  }
237.16.12 by Teddy Hogeborn
* plugins.d/mandos-client.c (runnable_hook): Add debug output.
2430
  
237.7.33 by Teddy Hogeborn
Merge from Björn.
2431
  /* Cleans up the circular linked list of Mandos servers the client
2432
     has seen */
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
2433
  if(mc.current_server != NULL){
2434
    mc.current_server->prev->next = NULL;
2435
    while(mc.current_server != NULL){
2436
      server *next = mc.current_server->next;
2437
      free(mc.current_server);
2438
      mc.current_server = next;
2439
    }
2440
  }
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
2441
  
237.16.8 by Teddy Hogeborn
* plugins.d/mandos-client.c (run_network_hooks): New.
2442
  /* Re-raise priviliges */
2443
  {
237.22.1 by Teddy Hogeborn
* plugins.d/mandos-client.c: Refactoring.
2444
    raise_privileges();
237.16.12 by Teddy Hogeborn
* plugins.d/mandos-client.c (runnable_hook): Add debug output.
2445
    
237.22.4 by Teddy Hogeborn
* plugins.d/mandos-client.c (get_flags): Don't clobber errno.
2446
    /* Run network hooks */
237.7.147 by Teddy Hogeborn
* plugins.d/mandos-client.c (main): Bug fix: Set DEVICE environment
2447
    run_network_hooks("stop", interfaces_hooks != NULL ?
2448
		      interfaces_hooks : "", delay);
237.22.4 by Teddy Hogeborn
* plugins.d/mandos-client.c (get_flags): Don't clobber errno.
2449
    
2450
    /* Take down the network interfaces which were brought up */
2451
    {
2452
      char *interface = NULL;
2453
      while((interface=argz_next(interfaces_to_take_down,
2454
				 interfaces_to_take_down_size,
2455
				 interface))){
2456
	ret_errno = take_down_interface(interface);
2457
	if(ret_errno != 0){
2458
	  errno = ret_errno;
2459
	  perror_plus("Failed to take down interface");
237.2.128 by Teddy Hogeborn
* plugins.d/mandos-client.c (main): Bug fix: Check result of setgid().
2460
	}
2461
      }
237.22.4 by Teddy Hogeborn
* plugins.d/mandos-client.c (get_flags): Don't clobber errno.
2462
      if(debug and (interfaces_to_take_down == NULL)){
2463
	fprintf_plus(stderr, "No interfaces needed to be taken"
2464
		     " down\n");
237.2.128 by Teddy Hogeborn
* plugins.d/mandos-client.c (main): Bug fix: Check result of setgid().
2465
      }
237.2.113 by Teddy Hogeborn
* plugins.d/mandos-client.c (main): Take down network interface on
2466
    }
237.22.4 by Teddy Hogeborn
* plugins.d/mandos-client.c (get_flags): Don't clobber errno.
2467
    
2468
    lower_privileges_permanently();
2469
  }
2470
  
2471
  free(interfaces_to_take_down);
2472
  free(interfaces_hooks);
237.2.113 by Teddy Hogeborn
* plugins.d/mandos-client.c (main): Take down network interface on
2473
  
24.1.172 by Björn Påhlsson
using scandir instead of readdir
2474
  /* Removes the GPGME temp directory and all files inside */
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
2475
  if(tempdir_created){
24.1.172 by Björn Påhlsson
using scandir instead of readdir
2476
    struct dirent **direntries = NULL;
2477
    struct dirent *direntry = NULL;
237.7.40 by Teddy Hogeborn
* plugins.d/mandos-client.c (main): Do not even try to work around
2478
    int numentries = scandir(tempdir, &direntries, notdotentries,
2479
			     alphasort);
2480
    if (numentries > 0){
2481
      for(int i = 0; i < numentries; i++){
24.1.172 by Björn Påhlsson
using scandir instead of readdir
2482
	direntry = direntries[i];
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
2483
	char *fullname = NULL;
2484
	ret = asprintf(&fullname, "%s/%s", tempdir,
2485
		       direntry->d_name);
2486
	if(ret < 0){
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
2487
	  perror_plus("asprintf");
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
2488
	  continue;
2489
	}
2490
	ret = remove(fullname);
2491
	if(ret == -1){
237.16.9 by Teddy Hogeborn
* plugins.d/mandos-client.c: Merge unified printing system.
2492
	  fprintf_plus(stderr, "remove(\"%s\"): %s\n", fullname,
2493
		       strerror(errno));
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
2494
	}
2495
	free(fullname);
2496
      }
24.1.172 by Björn Påhlsson
using scandir instead of readdir
2497
    }
2498
237.7.40 by Teddy Hogeborn
* plugins.d/mandos-client.c (main): Do not even try to work around
2499
    /* need to clean even if 0 because man page doesn't specify */
24.1.172 by Björn Påhlsson
using scandir instead of readdir
2500
    free(direntries);
237.7.40 by Teddy Hogeborn
* plugins.d/mandos-client.c (main): Do not even try to work around
2501
    if (numentries == -1){
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
2502
      perror_plus("scandir");
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
2503
    }
2504
    ret = rmdir(tempdir);
2505
    if(ret == -1 and errno != ENOENT){
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
2506
      perror_plus("rmdir");
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
2507
    }
2508
  }
2509
  
237.2.117 by Teddy Hogeborn
* plugins.d/mandos-client.c (signal_received): New.
2510
  if(quit_now){
237.2.120 by Teddy Hogeborn
* plugins.d/mandos-client.c (main): Do not handle ignored signals.
2511
    sigemptyset(&old_sigterm_action.sa_mask);
2512
    old_sigterm_action.sa_handler = SIG_DFL;
237.2.137 by Teddy Hogeborn
* plugins.d/mandos-client.c (main): Try harder to raise signal on
2513
    ret = (int)TEMP_FAILURE_RETRY(sigaction(signal_received,
2514
					    &old_sigterm_action,
2515
					    NULL));
237.2.117 by Teddy Hogeborn
* plugins.d/mandos-client.c (signal_received): New.
2516
    if(ret == -1){
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
2517
      perror_plus("sigaction");
237.2.117 by Teddy Hogeborn
* plugins.d/mandos-client.c (signal_received): New.
2518
    }
237.2.137 by Teddy Hogeborn
* plugins.d/mandos-client.c (main): Try harder to raise signal on
2519
    do {
2520
      ret = raise(signal_received);
2521
    } while(ret != 0 and errno == EINTR);
2522
    if(ret != 0){
24.1.174 by Björn Påhlsson
* Makefile (CFLAGS): Added "-lrt" to include real time library.
2523
      perror_plus("raise");
237.2.137 by Teddy Hogeborn
* plugins.d/mandos-client.c (main): Try harder to raise signal on
2524
      abort();
2525
    }
2526
    TEMP_FAILURE_RETRY(pause());
237.2.117 by Teddy Hogeborn
* plugins.d/mandos-client.c (signal_received): New.
2527
  }
2528
  
237.2.56 by Teddy Hogeborn
* plugin-runner.c: Whitespace changes only.
2529
  return exitcode;
13 by Björn Påhlsson
Added following support:
2530
}